diff options
Diffstat (limited to 'target/linux/generic-2.6/patches-2.6.27')
64 files changed, 51910 insertions, 0 deletions
diff --git a/target/linux/generic-2.6/patches-2.6.27/001-squashfs.patch b/target/linux/generic-2.6/patches-2.6.27/001-squashfs.patch new file mode 100644 index 0000000000..97ba7635ca --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/001-squashfs.patch @@ -0,0 +1,4170 @@ +--- a/fs/Kconfig ++++ b/fs/Kconfig +@@ -1348,6 +1348,71 @@ + + If unsure, say N. + ++config SQUASHFS ++ tristate "SquashFS 3.0 - Squashed file system support" ++ select ZLIB_INFLATE ++ help ++ Saying Y here includes support for SquashFS 3.0 (a Compressed Read-Only File ++ System). Squashfs is a highly compressed read-only filesystem for Linux. ++ It uses zlib compression to compress both files, inodes and directories. ++ Inodes in the system are very small and all blocks are packed to minimise ++ data overhead. Block sizes greater than 4K are supported up to a maximum of 64K. ++ SquashFS 3.0 supports 64 bit filesystems and files (larger than 4GB), full ++ uid/gid information, hard links and timestamps. ++ ++ Squashfs is intended for general read-only filesystem use, for archival ++ use (i.e. in cases where a .tar.gz file may be used), and in embedded ++ systems where low overhead is needed. Further information and filesystem tools ++ are available from http://squashfs.sourceforge.net. ++ ++ If you want to compile this as a module ( = code which can be ++ inserted in and removed from the running kernel whenever you want), ++ say M here and read <file:Documentation/modules.txt>. The module ++ will be called squashfs. Note that the root file system (the one ++ containing the directory /) cannot be compiled as a module. ++ ++ If unsure, say N. ++ ++config SQUASHFS_EMBEDDED ++ ++ bool "Additional options for memory-constrained systems" ++ depends on SQUASHFS ++ default n ++ help ++ Saying Y here allows you to specify cache sizes and how Squashfs ++ allocates memory. This is only intended for memory constrained ++ systems. ++ ++ If unsure, say N. ++ ++config SQUASHFS_FRAGMENT_CACHE_SIZE ++ int "Number of fragments cached" if SQUASHFS_EMBEDDED ++ depends on SQUASHFS ++ default "3" ++ help ++ By default SquashFS caches the last 3 fragments read from ++ the filesystem. Increasing this amount may mean SquashFS ++ has to re-read fragments less often from disk, at the expense ++ of extra system memory. Decreasing this amount will mean ++ SquashFS uses less memory at the expense of extra reads from disk. ++ ++ Note there must be at least one cached fragment. Anything ++ much more than three will probably not make much difference. ++ ++config SQUASHFS_VMALLOC ++ bool "Use Vmalloc rather than Kmalloc" if SQUASHFS_EMBEDDED ++ depends on SQUASHFS ++ default n ++ help ++ By default SquashFS uses kmalloc to obtain fragment cache memory. ++ Kmalloc memory is the standard kernel allocator, but it can fail ++ on memory constrained systems. Because of the way Vmalloc works, ++ Vmalloc can succeed when kmalloc fails. Specifying this option ++ will make SquashFS always use Vmalloc to allocate the ++ fragment cache memory. ++ ++ If unsure, say N. ++ + config VXFS_FS + tristate "FreeVxFS file system support (VERITAS VxFS(TM) compatible)" + depends on BLOCK +--- a/fs/Makefile ++++ b/fs/Makefile +@@ -74,6 +74,7 @@ + obj-$(CONFIG_JBD2) += jbd2/ + obj-$(CONFIG_EXT2_FS) += ext2/ + obj-$(CONFIG_CRAMFS) += cramfs/ ++obj-$(CONFIG_SQUASHFS) += squashfs/ + obj-y += ramfs/ + obj-$(CONFIG_HUGETLBFS) += hugetlbfs/ + obj-$(CONFIG_CODA_FS) += coda/ +--- /dev/null ++++ b/fs/squashfs/inode.c +@@ -0,0 +1,2122 @@ ++/* ++ * Squashfs - a compressed read only filesystem for Linux ++ * ++ * Copyright (c) 2002, 2003, 2004, 2005, 2006 ++ * Phillip Lougher <phillip@lougher.org.uk> ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version 2, ++ * or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ * ++ * inode.c ++ */ ++ ++#include <linux/types.h> ++#include <linux/squashfs_fs.h> ++#include <linux/module.h> ++#include <linux/errno.h> ++#include <linux/slab.h> ++#include <linux/fs.h> ++#include <linux/smp_lock.h> ++#include <linux/slab.h> ++#include <linux/squashfs_fs_sb.h> ++#include <linux/squashfs_fs_i.h> ++#include <linux/buffer_head.h> ++#include <linux/vfs.h> ++#include <linux/init.h> ++#include <linux/dcache.h> ++#include <linux/wait.h> ++#include <linux/zlib.h> ++#include <linux/blkdev.h> ++#include <linux/vmalloc.h> ++#include <asm/uaccess.h> ++#include <asm/semaphore.h> ++ ++#include "squashfs.h" ++ ++static void squashfs_put_super(struct super_block *); ++static int squashfs_statfs(struct dentry *, struct kstatfs *); ++static int squashfs_symlink_readpage(struct file *file, struct page *page); ++static int squashfs_readpage(struct file *file, struct page *page); ++static int squashfs_readpage4K(struct file *file, struct page *page); ++static int squashfs_readdir(struct file *, void *, filldir_t); ++static struct inode *squashfs_alloc_inode(struct super_block *sb); ++static void squashfs_destroy_inode(struct inode *inode); ++static int init_inodecache(void); ++static void destroy_inodecache(void); ++static struct dentry *squashfs_lookup(struct inode *, struct dentry *, ++ struct nameidata *); ++static struct inode *squashfs_iget(struct super_block *s, squashfs_inode_t inode); ++static long long read_blocklist(struct inode *inode, int index, ++ int readahead_blks, char *block_list, ++ unsigned short **block_p, unsigned int *bsize); ++static int squashfs_get_sb(struct file_system_type *, int, ++ const char *, void *, struct vfsmount *); ++ ++ ++static z_stream stream; ++ ++static struct file_system_type squashfs_fs_type = { ++ .owner = THIS_MODULE, ++ .name = "squashfs", ++ .get_sb = squashfs_get_sb, ++ .kill_sb = kill_block_super, ++ .fs_flags = FS_REQUIRES_DEV ++}; ++ ++static unsigned char squashfs_filetype_table[] = { ++ DT_UNKNOWN, DT_DIR, DT_REG, DT_LNK, DT_BLK, DT_CHR, DT_FIFO, DT_SOCK ++}; ++ ++static struct super_operations squashfs_ops = { ++ .alloc_inode = squashfs_alloc_inode, ++ .destroy_inode = squashfs_destroy_inode, ++ .statfs = squashfs_statfs, ++ .put_super = squashfs_put_super, ++}; ++ ++SQSH_EXTERN struct address_space_operations squashfs_symlink_aops = { ++ .readpage = squashfs_symlink_readpage ++}; ++ ++SQSH_EXTERN struct address_space_operations squashfs_aops = { ++ .readpage = squashfs_readpage ++}; ++ ++SQSH_EXTERN struct address_space_operations squashfs_aops_4K = { ++ .readpage = squashfs_readpage4K ++}; ++ ++static struct file_operations squashfs_dir_ops = { ++ .read = generic_read_dir, ++ .readdir = squashfs_readdir ++}; ++ ++SQSH_EXTERN struct inode_operations squashfs_dir_inode_ops = { ++ .lookup = squashfs_lookup ++}; ++ ++ ++static struct buffer_head *get_block_length(struct super_block *s, ++ int *cur_index, int *offset, int *c_byte) ++{ ++ struct squashfs_sb_info *msblk = s->s_fs_info; ++ unsigned short temp; ++ struct buffer_head *bh; ++ ++ if (!(bh = sb_bread(s, *cur_index))) ++ goto out; ++ ++ if (msblk->devblksize - *offset == 1) { ++ if (msblk->swap) ++ ((unsigned char *) &temp)[1] = *((unsigned char *) ++ (bh->b_data + *offset)); ++ else ++ ((unsigned char *) &temp)[0] = *((unsigned char *) ++ (bh->b_data + *offset)); ++ brelse(bh); ++ if (!(bh = sb_bread(s, ++(*cur_index)))) ++ goto out; ++ if (msblk->swap) ++ ((unsigned char *) &temp)[0] = *((unsigned char *) ++ bh->b_data); ++ else ++ ((unsigned char *) &temp)[1] = *((unsigned char *) ++ bh->b_data); ++ *c_byte = temp; ++ *offset = 1; ++ } else { ++ if (msblk->swap) { ++ ((unsigned char *) &temp)[1] = *((unsigned char *) ++ (bh->b_data + *offset)); ++ ((unsigned char *) &temp)[0] = *((unsigned char *) ++ (bh->b_data + *offset + 1)); ++ } else { ++ ((unsigned char *) &temp)[0] = *((unsigned char *) ++ (bh->b_data + *offset)); ++ ((unsigned char *) &temp)[1] = *((unsigned char *) ++ (bh->b_data + *offset + 1)); ++ } ++ *c_byte = temp; ++ *offset += 2; ++ } ++ ++ if (SQUASHFS_CHECK_DATA(msblk->sblk.flags)) { ++ if (*offset == msblk->devblksize) { ++ brelse(bh); ++ if (!(bh = sb_bread(s, ++(*cur_index)))) ++ goto out; ++ *offset = 0; ++ } ++ if (*((unsigned char *) (bh->b_data + *offset)) != ++ SQUASHFS_MARKER_BYTE) { ++ ERROR("Metadata block marker corrupt @ %x\n", ++ *cur_index); ++ brelse(bh); ++ goto out; ++ } ++ (*offset)++; ++ } ++ return bh; ++ ++out: ++ return NULL; ++} ++ ++ ++SQSH_EXTERN unsigned int squashfs_read_data(struct super_block *s, char *buffer, ++ long long index, unsigned int length, ++ long long *next_index) ++{ ++ struct squashfs_sb_info *msblk = s->s_fs_info; ++ struct buffer_head *bh[((SQUASHFS_FILE_MAX_SIZE - 1) >> ++ msblk->devblksize_log2) + 2]; ++ unsigned int offset = index & ((1 << msblk->devblksize_log2) - 1); ++ unsigned int cur_index = index >> msblk->devblksize_log2; ++ int bytes, avail_bytes, b = 0, k; ++ char *c_buffer; ++ unsigned int compressed; ++ unsigned int c_byte = length; ++ ++ if (c_byte) { ++ bytes = msblk->devblksize - offset; ++ compressed = SQUASHFS_COMPRESSED_BLOCK(c_byte); ++ c_buffer = compressed ? msblk->read_data : buffer; ++ c_byte = SQUASHFS_COMPRESSED_SIZE_BLOCK(c_byte); ++ ++ TRACE("Block @ 0x%llx, %scompressed size %d\n", index, compressed ++ ? "" : "un", (unsigned int) c_byte); ++ ++ if (!(bh[0] = sb_getblk(s, cur_index))) ++ goto block_release; ++ ++ for (b = 1; bytes < c_byte; b++) { ++ if (!(bh[b] = sb_getblk(s, ++cur_index))) ++ goto block_release; ++ bytes += msblk->devblksize; ++ } ++ ll_rw_block(READ, b, bh); ++ } else { ++ if (!(bh[0] = get_block_length(s, &cur_index, &offset, ++ &c_byte))) ++ goto read_failure; ++ ++ bytes = msblk->devblksize - offset; ++ compressed = SQUASHFS_COMPRESSED(c_byte); ++ c_buffer = compressed ? msblk->read_data : buffer; ++ c_byte = SQUASHFS_COMPRESSED_SIZE(c_byte); ++ ++ TRACE("Block @ 0x%llx, %scompressed size %d\n", index, compressed ++ ? "" : "un", (unsigned int) c_byte); ++ ++ for (b = 1; bytes < c_byte; b++) { ++ if (!(bh[b] = sb_getblk(s, ++cur_index))) ++ goto block_release; ++ bytes += msblk->devblksize; ++ } ++ ll_rw_block(READ, b - 1, bh + 1); ++ } ++ ++ if (compressed) ++ down(&msblk->read_data_mutex); ++ ++ for (bytes = 0, k = 0; k < b; k++) { ++ avail_bytes = (c_byte - bytes) > (msblk->devblksize - offset) ? ++ msblk->devblksize - offset : ++ c_byte - bytes; ++ wait_on_buffer(bh[k]); ++ if (!buffer_uptodate(bh[k])) ++ goto block_release; ++ memcpy(c_buffer + bytes, bh[k]->b_data + offset, avail_bytes); ++ bytes += avail_bytes; ++ offset = 0; ++ brelse(bh[k]); ++ } ++ ++ /* ++ * uncompress block ++ */ ++ if (compressed) { ++ int zlib_err; ++ ++ stream.next_in = c_buffer; ++ stream.avail_in = c_byte; ++ stream.next_out = buffer; ++ stream.avail_out = msblk->read_size; ++ ++ if (((zlib_err = zlib_inflateInit(&stream)) != Z_OK) || ++ ((zlib_err = zlib_inflate(&stream, Z_FINISH)) ++ != Z_STREAM_END) || ((zlib_err = ++ zlib_inflateEnd(&stream)) != Z_OK)) { ++ ERROR("zlib_fs returned unexpected result 0x%x\n", ++ zlib_err); ++ bytes = 0; ++ } else ++ bytes = stream.total_out; ++ ++ up(&msblk->read_data_mutex); ++ } ++ ++ if (next_index) ++ *next_index = index + c_byte + (length ? 0 : ++ (SQUASHFS_CHECK_DATA(msblk->sblk.flags) ++ ? 3 : 2)); ++ return bytes; ++ ++block_release: ++ while (--b >= 0) ++ brelse(bh[b]); ++ ++read_failure: ++ ERROR("sb_bread failed reading block 0x%x\n", cur_index); ++ return 0; ++} ++ ++ ++SQSH_EXTERN int squashfs_get_cached_block(struct super_block *s, char *buffer, ++ long long block, unsigned int offset, ++ int length, long long *next_block, ++ unsigned int *next_offset) ++{ ++ struct squashfs_sb_info *msblk = s->s_fs_info; ++ int n, i, bytes, return_length = length; ++ long long next_index; ++ ++ TRACE("Entered squashfs_get_cached_block [%llx:%x]\n", block, offset); ++ ++ while ( 1 ) { ++ for (i = 0; i < SQUASHFS_CACHED_BLKS; i++) ++ if (msblk->block_cache[i].block == block) ++ break; ++ ++ down(&msblk->block_cache_mutex); ++ ++ if (i == SQUASHFS_CACHED_BLKS) { ++ /* read inode header block */ ++ for (i = msblk->next_cache, n = SQUASHFS_CACHED_BLKS; ++ n ; n --, i = (i + 1) % ++ SQUASHFS_CACHED_BLKS) ++ if (msblk->block_cache[i].block != ++ SQUASHFS_USED_BLK) ++ break; ++ ++ if (n == 0) { ++ wait_queue_t wait; ++ ++ init_waitqueue_entry(&wait, current); ++ add_wait_queue(&msblk->waitq, &wait); ++ set_current_state(TASK_UNINTERRUPTIBLE); ++ up(&msblk->block_cache_mutex); ++ schedule(); ++ set_current_state(TASK_RUNNING); ++ remove_wait_queue(&msblk->waitq, &wait); ++ continue; ++ } ++ msblk->next_cache = (i + 1) % SQUASHFS_CACHED_BLKS; ++ ++ if (msblk->block_cache[i].block == ++ SQUASHFS_INVALID_BLK) { ++ if (!(msblk->block_cache[i].data = ++ kmalloc(SQUASHFS_METADATA_SIZE, ++ GFP_KERNEL))) { ++ ERROR("Failed to allocate cache" ++ "block\n"); ++ up(&msblk->block_cache_mutex); ++ goto out; ++ } ++ } ++ ++ msblk->block_cache[i].block = SQUASHFS_USED_BLK; ++ up(&msblk->block_cache_mutex); ++ ++ if (!(msblk->block_cache[i].length = ++ squashfs_read_data(s, ++ msblk->block_cache[i].data, ++ block, 0, &next_index))) { ++ ERROR("Unable to read cache block [%llx:%x]\n", ++ block, offset); ++ goto out; ++ } ++ ++ down(&msblk->block_cache_mutex); ++ wake_up(&msblk->waitq); ++ msblk->block_cache[i].block = block; ++ msblk->block_cache[i].next_index = next_index; ++ TRACE("Read cache block [%llx:%x]\n", block, offset); ++ } ++ ++ if (msblk->block_cache[i].block != block) { ++ up(&msblk->block_cache_mutex); ++ continue; ++ } ++ ++ if ((bytes = msblk->block_cache[i].length - offset) >= length) { ++ if (buffer) ++ memcpy(buffer, msblk->block_cache[i].data + ++ offset, length); ++ if (msblk->block_cache[i].length - offset == length) { ++ *next_block = msblk->block_cache[i].next_index; ++ *next_offset = 0; ++ } else { ++ *next_block = block; ++ *next_offset = offset + length; ++ } ++ up(&msblk->block_cache_mutex); ++ goto finish; ++ } else { ++ if (buffer) { ++ memcpy(buffer, msblk->block_cache[i].data + ++ offset, bytes); ++ buffer += bytes; ++ } ++ block = msblk->block_cache[i].next_index; ++ up(&msblk->block_cache_mutex); ++ length -= bytes; ++ offset = 0; ++ } ++ } ++ ++finish: ++ return return_length; ++out: ++ return 0; ++} ++ ++ ++static int get_fragment_location(struct super_block *s, unsigned int fragment, ++ long long *fragment_start_block, ++ unsigned int *fragment_size) ++{ ++ struct squashfs_sb_info *msblk = s->s_fs_info; ++ long long start_block = ++ msblk->fragment_index[SQUASHFS_FRAGMENT_INDEX(fragment)]; ++ int offset = SQUASHFS_FRAGMENT_INDEX_OFFSET(fragment); ++ struct squashfs_fragment_entry fragment_entry; ++ ++ if (msblk->swap) { ++ struct squashfs_fragment_entry sfragment_entry; ++ ++ if (!squashfs_get_cached_block(s, (char *) &sfragment_entry, ++ start_block, offset, ++ sizeof(sfragment_entry), &start_block, ++ &offset)) ++ goto out; ++ SQUASHFS_SWAP_FRAGMENT_ENTRY(&fragment_entry, &sfragment_entry); ++ } else ++ if (!squashfs_get_cached_block(s, (char *) &fragment_entry, ++ start_block, offset, ++ sizeof(fragment_entry), &start_block, ++ &offset)) ++ goto out; ++ ++ *fragment_start_block = fragment_entry.start_block; ++ *fragment_size = fragment_entry.size; ++ ++ return 1; ++ ++out: ++ return 0; ++} ++ ++ ++SQSH_EXTERN void release_cached_fragment(struct squashfs_sb_info *msblk, struct ++ squashfs_fragment_cache *fragment) ++{ ++ down(&msblk->fragment_mutex); ++ fragment->locked --; ++ wake_up(&msblk->fragment_wait_queue); ++ up(&msblk->fragment_mutex); ++} ++ ++ ++SQSH_EXTERN struct squashfs_fragment_cache *get_cached_fragment(struct super_block ++ *s, long long start_block, ++ int length) ++{ ++ int i, n; ++ struct squashfs_sb_info *msblk = s->s_fs_info; ++ ++ while ( 1 ) { ++ down(&msblk->fragment_mutex); ++ ++ for (i = 0; i < SQUASHFS_CACHED_FRAGMENTS && ++ msblk->fragment[i].block != start_block; i++); ++ ++ if (i == SQUASHFS_CACHED_FRAGMENTS) { ++ for (i = msblk->next_fragment, n = ++ SQUASHFS_CACHED_FRAGMENTS; n && ++ msblk->fragment[i].locked; n--, i = (i + 1) % ++ SQUASHFS_CACHED_FRAGMENTS); ++ ++ if (n == 0) { ++ wait_queue_t wait; ++ ++ init_waitqueue_entry(&wait, current); ++ add_wait_queue(&msblk->fragment_wait_queue, ++ &wait); ++ set_current_state(TASK_UNINTERRUPTIBLE); ++ up(&msblk->fragment_mutex); ++ schedule(); ++ set_current_state(TASK_RUNNING); ++ remove_wait_queue(&msblk->fragment_wait_queue, ++ &wait); ++ continue; ++ } ++ msblk->next_fragment = (msblk->next_fragment + 1) % ++ SQUASHFS_CACHED_FRAGMENTS; ++ ++ if (msblk->fragment[i].data == NULL) ++ if (!(msblk->fragment[i].data = SQUASHFS_ALLOC ++ (SQUASHFS_FILE_MAX_SIZE))) { ++ ERROR("Failed to allocate fragment " ++ "cache block\n"); ++ up(&msblk->fragment_mutex); ++ goto out; ++ } ++ ++ msblk->fragment[i].block = SQUASHFS_INVALID_BLK; ++ msblk->fragment[i].locked = 1; ++ up(&msblk->fragment_mutex); ++ ++ if (!(msblk->fragment[i].length = squashfs_read_data(s, ++ msblk->fragment[i].data, ++ start_block, length, NULL))) { ++ ERROR("Unable to read fragment cache block " ++ "[%llx]\n", start_block); ++ msblk->fragment[i].locked = 0; ++ goto out; ++ } ++ ++ msblk->fragment[i].block = start_block; ++ TRACE("New fragment %d, start block %lld, locked %d\n", ++ i, msblk->fragment[i].block, ++ msblk->fragment[i].locked); ++ break; ++ } ++ ++ msblk->fragment[i].locked++; ++ up(&msblk->fragment_mutex); ++ TRACE("Got fragment %d, start block %lld, locked %d\n", i, ++ msblk->fragment[i].block, ++ msblk->fragment[i].locked); ++ break; ++ } ++ ++ return &msblk->fragment[i]; ++ ++out: ++ return NULL; ++} ++ ++ ++static struct inode *squashfs_new_inode(struct super_block *s, ++ struct squashfs_base_inode_header *inodeb) ++{ ++ struct squashfs_sb_info *msblk = s->s_fs_info; ++ struct inode *i = new_inode(s); ++ ++ if (i) { ++ i->i_ino = inodeb->inode_number; ++ i->i_mtime.tv_sec = inodeb->mtime; ++ i->i_atime.tv_sec = inodeb->mtime; ++ i->i_ctime.tv_sec = inodeb->mtime; ++ i->i_uid = msblk->uid[inodeb->uid]; ++ i->i_mode = inodeb->mode; ++ i->i_size = 0; ++ if (inodeb->guid == SQUASHFS_GUIDS) ++ i->i_gid = i->i_uid; ++ else ++ i->i_gid = msblk->guid[inodeb->guid]; ++ } ++ ++ return i; ++} ++ ++ ++static struct inode *squashfs_iget(struct super_block *s, squashfs_inode_t inode) ++{ ++ struct inode *i; ++ struct squashfs_sb_info *msblk = s->s_fs_info; ++ struct squashfs_super_block *sblk = &msblk->sblk; ++ long long block = SQUASHFS_INODE_BLK(inode) + ++ sblk->inode_table_start; ++ unsigned int offset = SQUASHFS_INODE_OFFSET(inode); ++ long long next_block; ++ unsigned int next_offset; ++ union squashfs_inode_header id, sid; ++ struct squashfs_base_inode_header *inodeb = &id.base, ++ *sinodeb = &sid.base; ++ ++ TRACE("Entered squashfs_iget\n"); ++ ++ if (msblk->swap) { ++ if (!squashfs_get_cached_block(s, (char *) sinodeb, block, ++ offset, sizeof(*sinodeb), &next_block, ++ &next_offset)) ++ goto failed_read; ++ SQUASHFS_SWAP_BASE_INODE_HEADER(inodeb, sinodeb, ++ sizeof(*sinodeb)); ++ } else ++ if (!squashfs_get_cached_block(s, (char *) inodeb, block, ++ offset, sizeof(*inodeb), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ switch(inodeb->inode_type) { ++ case SQUASHFS_FILE_TYPE: { ++ unsigned int frag_size; ++ long long frag_blk; ++ struct squashfs_reg_inode_header *inodep = &id.reg; ++ struct squashfs_reg_inode_header *sinodep = &sid.reg; ++ ++ if (msblk->swap) { ++ if (!squashfs_get_cached_block(s, (char *) ++ sinodep, block, offset, ++ sizeof(*sinodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ SQUASHFS_SWAP_REG_INODE_HEADER(inodep, sinodep); ++ } else ++ if (!squashfs_get_cached_block(s, (char *) ++ inodep, block, offset, ++ sizeof(*inodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ frag_blk = SQUASHFS_INVALID_BLK; ++ if (inodep->fragment != SQUASHFS_INVALID_FRAG && ++ !get_fragment_location(s, ++ inodep->fragment, &frag_blk, &frag_size)) ++ goto failed_read; ++ ++ if((i = squashfs_new_inode(s, inodeb)) == NULL) ++ goto failed_read1; ++ ++ i->i_nlink = 1; ++ i->i_size = inodep->file_size; ++ i->i_fop = &generic_ro_fops; ++ i->i_mode |= S_IFREG; ++ i->i_blocks = ((i->i_size - 1) >> 9) + 1; ++ SQUASHFS_I(i)->u.s1.fragment_start_block = frag_blk; ++ SQUASHFS_I(i)->u.s1.fragment_size = frag_size; ++ SQUASHFS_I(i)->u.s1.fragment_offset = inodep->offset; ++ SQUASHFS_I(i)->start_block = inodep->start_block; ++ SQUASHFS_I(i)->u.s1.block_list_start = next_block; ++ SQUASHFS_I(i)->offset = next_offset; ++ if (sblk->block_size > 4096) ++ i->i_data.a_ops = &squashfs_aops; ++ else ++ i->i_data.a_ops = &squashfs_aops_4K; ++ ++ TRACE("File inode %x:%x, start_block %llx, " ++ "block_list_start %llx, offset %x\n", ++ SQUASHFS_INODE_BLK(inode), offset, ++ inodep->start_block, next_block, ++ next_offset); ++ break; ++ } ++ case SQUASHFS_LREG_TYPE: { ++ unsigned int frag_size; ++ long long frag_blk; ++ struct squashfs_lreg_inode_header *inodep = &id.lreg; ++ struct squashfs_lreg_inode_header *sinodep = &sid.lreg; ++ ++ if (msblk->swap) { ++ if (!squashfs_get_cached_block(s, (char *) ++ sinodep, block, offset, ++ sizeof(*sinodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ SQUASHFS_SWAP_LREG_INODE_HEADER(inodep, sinodep); ++ } else ++ if (!squashfs_get_cached_block(s, (char *) ++ inodep, block, offset, ++ sizeof(*inodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ frag_blk = SQUASHFS_INVALID_BLK; ++ if (inodep->fragment != SQUASHFS_INVALID_FRAG && ++ !get_fragment_location(s, ++ inodep->fragment, &frag_blk, &frag_size)) ++ goto failed_read; ++ ++ if((i = squashfs_new_inode(s, inodeb)) == NULL) ++ goto failed_read1; ++ ++ i->i_nlink = inodep->nlink; ++ i->i_size = inodep->file_size; ++ i->i_fop = &generic_ro_fops; ++ i->i_mode |= S_IFREG; ++ i->i_blocks = ((i->i_size - 1) >> 9) + 1; ++ SQUASHFS_I(i)->u.s1.fragment_start_block = frag_blk; ++ SQUASHFS_I(i)->u.s1.fragment_size = frag_size; ++ SQUASHFS_I(i)->u.s1.fragment_offset = inodep->offset; ++ SQUASHFS_I(i)->start_block = inodep->start_block; ++ SQUASHFS_I(i)->u.s1.block_list_start = next_block; ++ SQUASHFS_I(i)->offset = next_offset; ++ if (sblk->block_size > 4096) ++ i->i_data.a_ops = &squashfs_aops; ++ else ++ i->i_data.a_ops = &squashfs_aops_4K; ++ ++ TRACE("File inode %x:%x, start_block %llx, " ++ "block_list_start %llx, offset %x\n", ++ SQUASHFS_INODE_BLK(inode), offset, ++ inodep->start_block, next_block, ++ next_offset); ++ break; ++ } ++ case SQUASHFS_DIR_TYPE: { ++ struct squashfs_dir_inode_header *inodep = &id.dir; ++ struct squashfs_dir_inode_header *sinodep = &sid.dir; ++ ++ if (msblk->swap) { ++ if (!squashfs_get_cached_block(s, (char *) ++ sinodep, block, offset, ++ sizeof(*sinodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ SQUASHFS_SWAP_DIR_INODE_HEADER(inodep, sinodep); ++ } else ++ if (!squashfs_get_cached_block(s, (char *) ++ inodep, block, offset, ++ sizeof(*inodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ if((i = squashfs_new_inode(s, inodeb)) == NULL) ++ goto failed_read1; ++ ++ i->i_nlink = inodep->nlink; ++ i->i_size = inodep->file_size; ++ i->i_op = &squashfs_dir_inode_ops; ++ i->i_fop = &squashfs_dir_ops; ++ i->i_mode |= S_IFDIR; ++ SQUASHFS_I(i)->start_block = inodep->start_block; ++ SQUASHFS_I(i)->offset = inodep->offset; ++ SQUASHFS_I(i)->u.s2.directory_index_count = 0; ++ SQUASHFS_I(i)->u.s2.parent_inode = inodep->parent_inode; ++ ++ TRACE("Directory inode %x:%x, start_block %x, offset " ++ "%x\n", SQUASHFS_INODE_BLK(inode), ++ offset, inodep->start_block, ++ inodep->offset); ++ break; ++ } ++ case SQUASHFS_LDIR_TYPE: { ++ struct squashfs_ldir_inode_header *inodep = &id.ldir; ++ struct squashfs_ldir_inode_header *sinodep = &sid.ldir; ++ ++ if (msblk->swap) { ++ if (!squashfs_get_cached_block(s, (char *) ++ sinodep, block, offset, ++ sizeof(*sinodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ SQUASHFS_SWAP_LDIR_INODE_HEADER(inodep, ++ sinodep); ++ } else ++ if (!squashfs_get_cached_block(s, (char *) ++ inodep, block, offset, ++ sizeof(*inodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ if((i = squashfs_new_inode(s, inodeb)) == NULL) ++ goto failed_read1; ++ ++ i->i_nlink = inodep->nlink; ++ i->i_size = inodep->file_size; ++ i->i_op = &squashfs_dir_inode_ops; ++ i->i_fop = &squashfs_dir_ops; ++ i->i_mode |= S_IFDIR; ++ SQUASHFS_I(i)->start_block = inodep->start_block; ++ SQUASHFS_I(i)->offset = inodep->offset; ++ SQUASHFS_I(i)->u.s2.directory_index_start = next_block; ++ SQUASHFS_I(i)->u.s2.directory_index_offset = ++ next_offset; ++ SQUASHFS_I(i)->u.s2.directory_index_count = ++ inodep->i_count; ++ SQUASHFS_I(i)->u.s2.parent_inode = inodep->parent_inode; ++ ++ TRACE("Long directory inode %x:%x, start_block %x, " ++ "offset %x\n", ++ SQUASHFS_INODE_BLK(inode), offset, ++ inodep->start_block, inodep->offset); ++ break; ++ } ++ case SQUASHFS_SYMLINK_TYPE: { ++ struct squashfs_symlink_inode_header *inodep = ++ &id.symlink; ++ struct squashfs_symlink_inode_header *sinodep = ++ &sid.symlink; ++ ++ if (msblk->swap) { ++ if (!squashfs_get_cached_block(s, (char *) ++ sinodep, block, offset, ++ sizeof(*sinodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ SQUASHFS_SWAP_SYMLINK_INODE_HEADER(inodep, ++ sinodep); ++ } else ++ if (!squashfs_get_cached_block(s, (char *) ++ inodep, block, offset, ++ sizeof(*inodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ if((i = squashfs_new_inode(s, inodeb)) == NULL) ++ goto failed_read1; ++ ++ i->i_nlink = inodep->nlink; ++ i->i_size = inodep->symlink_size; ++ i->i_op = &page_symlink_inode_operations; ++ i->i_data.a_ops = &squashfs_symlink_aops; ++ i->i_mode |= S_IFLNK; ++ SQUASHFS_I(i)->start_block = next_block; ++ SQUASHFS_I(i)->offset = next_offset; ++ ++ TRACE("Symbolic link inode %x:%x, start_block %llx, " ++ "offset %x\n", ++ SQUASHFS_INODE_BLK(inode), offset, ++ next_block, next_offset); ++ break; ++ } ++ case SQUASHFS_BLKDEV_TYPE: ++ case SQUASHFS_CHRDEV_TYPE: { ++ struct squashfs_dev_inode_header *inodep = &id.dev; ++ struct squashfs_dev_inode_header *sinodep = &sid.dev; ++ ++ if (msblk->swap) { ++ if (!squashfs_get_cached_block(s, (char *) ++ sinodep, block, offset, ++ sizeof(*sinodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ SQUASHFS_SWAP_DEV_INODE_HEADER(inodep, sinodep); ++ } else ++ if (!squashfs_get_cached_block(s, (char *) ++ inodep, block, offset, ++ sizeof(*inodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ if ((i = squashfs_new_inode(s, inodeb)) == NULL) ++ goto failed_read1; ++ ++ i->i_nlink = inodep->nlink; ++ i->i_mode |= (inodeb->inode_type == ++ SQUASHFS_CHRDEV_TYPE) ? S_IFCHR : ++ S_IFBLK; ++ init_special_inode(i, i->i_mode, ++ old_decode_dev(inodep->rdev)); ++ ++ TRACE("Device inode %x:%x, rdev %x\n", ++ SQUASHFS_INODE_BLK(inode), offset, ++ inodep->rdev); ++ break; ++ } ++ case SQUASHFS_FIFO_TYPE: ++ case SQUASHFS_SOCKET_TYPE: { ++ struct squashfs_ipc_inode_header *inodep = &id.ipc; ++ struct squashfs_ipc_inode_header *sinodep = &sid.ipc; ++ ++ if (msblk->swap) { ++ if (!squashfs_get_cached_block(s, (char *) ++ sinodep, block, offset, ++ sizeof(*sinodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ SQUASHFS_SWAP_IPC_INODE_HEADER(inodep, sinodep); ++ } else ++ if (!squashfs_get_cached_block(s, (char *) ++ inodep, block, offset, ++ sizeof(*inodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ if ((i = squashfs_new_inode(s, inodeb)) == NULL) ++ goto failed_read1; ++ ++ i->i_nlink = inodep->nlink; ++ i->i_mode |= (inodeb->inode_type == SQUASHFS_FIFO_TYPE) ++ ? S_IFIFO : S_IFSOCK; ++ init_special_inode(i, i->i_mode, 0); ++ break; ++ } ++ default: ++ ERROR("Unknown inode type %d in squashfs_iget!\n", ++ inodeb->inode_type); ++ goto failed_read1; ++ } ++ ++ insert_inode_hash(i); ++ return i; ++ ++failed_read: ++ ERROR("Unable to read inode [%llx:%x]\n", block, offset); ++ ++failed_read1: ++ return NULL; ++} ++ ++ ++static int read_fragment_index_table(struct super_block *s) ++{ ++ struct squashfs_sb_info *msblk = s->s_fs_info; ++ struct squashfs_super_block *sblk = &msblk->sblk; ++ ++ /* Allocate fragment index table */ ++ if (!(msblk->fragment_index = kmalloc(SQUASHFS_FRAGMENT_INDEX_BYTES ++ (sblk->fragments), GFP_KERNEL))) { ++ ERROR("Failed to allocate uid/gid table\n"); ++ return 0; ++ } ++ ++ if (SQUASHFS_FRAGMENT_INDEX_BYTES(sblk->fragments) && ++ !squashfs_read_data(s, (char *) ++ msblk->fragment_index, ++ sblk->fragment_table_start, ++ SQUASHFS_FRAGMENT_INDEX_BYTES ++ (sblk->fragments) | ++ SQUASHFS_COMPRESSED_BIT_BLOCK, NULL)) { ++ ERROR("unable to read fragment index table\n"); ++ return 0; ++ } ++ ++ if (msblk->swap) { ++ int i; ++ long long fragment; ++ ++ for (i = 0; i < SQUASHFS_FRAGMENT_INDEXES(sblk->fragments); ++ i++) { ++ SQUASHFS_SWAP_FRAGMENT_INDEXES((&fragment), ++ &msblk->fragment_index[i], 1); ++ msblk->fragment_index[i] = fragment; ++ } ++ } ++ ++ return 1; ++} ++ ++ ++static int supported_squashfs_filesystem(struct squashfs_sb_info *msblk, int silent) ++{ ++ struct squashfs_super_block *sblk = &msblk->sblk; ++ ++ msblk->iget = squashfs_iget; ++ msblk->read_blocklist = read_blocklist; ++ msblk->read_fragment_index_table = read_fragment_index_table; ++ ++ if (sblk->s_major == 1) { ++ if (!squashfs_1_0_supported(msblk)) { ++ SERROR("Major/Minor mismatch, Squashfs 1.0 filesystems " ++ "are unsupported\n"); ++ SERROR("Please recompile with " ++ "Squashfs 1.0 support enabled\n"); ++ return 0; ++ } ++ } else if (sblk->s_major == 2) { ++ if (!squashfs_2_0_supported(msblk)) { ++ SERROR("Major/Minor mismatch, Squashfs 2.0 filesystems " ++ "are unsupported\n"); ++ SERROR("Please recompile with " ++ "Squashfs 2.0 support enabled\n"); ++ return 0; ++ } ++ } else if(sblk->s_major != SQUASHFS_MAJOR || sblk->s_minor > ++ SQUASHFS_MINOR) { ++ SERROR("Major/Minor mismatch, trying to mount newer %d.%d " ++ "filesystem\n", sblk->s_major, sblk->s_minor); ++ SERROR("Please update your kernel\n"); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++ ++static int squashfs_fill_super(struct super_block *s, void *data, int silent) ++{ ++ struct squashfs_sb_info *msblk; ++ struct squashfs_super_block *sblk; ++ int i; ++ char b[BDEVNAME_SIZE]; ++ struct inode *root; ++ ++ TRACE("Entered squashfs_read_superblock\n"); ++ ++ if (!(s->s_fs_info = kmalloc(sizeof(struct squashfs_sb_info), ++ GFP_KERNEL))) { ++ ERROR("Failed to allocate superblock\n"); ++ goto failure; ++ } ++ memset(s->s_fs_info, 0, sizeof(struct squashfs_sb_info)); ++ msblk = s->s_fs_info; ++ sblk = &msblk->sblk; ++ ++ msblk->devblksize = sb_min_blocksize(s, BLOCK_SIZE); ++ msblk->devblksize_log2 = ffz(~msblk->devblksize); ++ ++ init_MUTEX(&msblk->read_data_mutex); ++ init_MUTEX(&msblk->read_page_mutex); ++ init_MUTEX(&msblk->block_cache_mutex); ++ init_MUTEX(&msblk->fragment_mutex); ++ init_MUTEX(&msblk->meta_index_mutex); ++ ++ init_waitqueue_head(&msblk->waitq); ++ init_waitqueue_head(&msblk->fragment_wait_queue); ++ ++ if (!squashfs_read_data(s, (char *) sblk, SQUASHFS_START, ++ sizeof(struct squashfs_super_block) | ++ SQUASHFS_COMPRESSED_BIT_BLOCK, NULL)) { ++ SERROR("unable to read superblock\n"); ++ goto failed_mount; ++ } ++ ++ /* Check it is a SQUASHFS superblock */ ++ msblk->swap = 0; ++ if ((s->s_magic = sblk->s_magic) != SQUASHFS_MAGIC) { ++ if (sblk->s_magic == SQUASHFS_MAGIC_SWAP) { ++ struct squashfs_super_block ssblk; ++ ++ WARNING("Mounting a different endian SQUASHFS " ++ "filesystem on %s\n", bdevname(s->s_bdev, b)); ++ ++ SQUASHFS_SWAP_SUPER_BLOCK(&ssblk, sblk); ++ memcpy(sblk, &ssblk, sizeof(struct squashfs_super_block)); ++ msblk->swap = 1; ++ } else { ++ SERROR("Can't find a SQUASHFS superblock on %s\n", ++ bdevname(s->s_bdev, b)); ++ goto failed_mount; ++ } ++ } ++ ++ /* Check the MAJOR & MINOR versions */ ++ if(!supported_squashfs_filesystem(msblk, silent)) ++ goto failed_mount; ++ ++ TRACE("Found valid superblock on %s\n", bdevname(s->s_bdev, b)); ++ TRACE("Inodes are %scompressed\n", ++ SQUASHFS_UNCOMPRESSED_INODES ++ (sblk->flags) ? "un" : ""); ++ TRACE("Data is %scompressed\n", ++ SQUASHFS_UNCOMPRESSED_DATA(sblk->flags) ++ ? "un" : ""); ++ TRACE("Check data is %s present in the filesystem\n", ++ SQUASHFS_CHECK_DATA(sblk->flags) ? ++ "" : "not"); ++ TRACE("Filesystem size %lld bytes\n", sblk->bytes_used); ++ TRACE("Block size %d\n", sblk->block_size); ++ TRACE("Number of inodes %d\n", sblk->inodes); ++ if (sblk->s_major > 1) ++ TRACE("Number of fragments %d\n", sblk->fragments); ++ TRACE("Number of uids %d\n", sblk->no_uids); ++ TRACE("Number of gids %d\n", sblk->no_guids); ++ TRACE("sblk->inode_table_start %llx\n", sblk->inode_table_start); ++ TRACE("sblk->directory_table_start %llx\n", sblk->directory_table_start); ++ if (sblk->s_major > 1) ++ TRACE("sblk->fragment_table_start %llx\n", ++ sblk->fragment_table_start); ++ TRACE("sblk->uid_start %llx\n", sblk->uid_start); ++ ++ s->s_flags |= MS_RDONLY; ++ s->s_op = &squashfs_ops; ++ ++ /* Init inode_table block pointer array */ ++ if (!(msblk->block_cache = kmalloc(sizeof(struct squashfs_cache) * ++ SQUASHFS_CACHED_BLKS, GFP_KERNEL))) { ++ ERROR("Failed to allocate block cache\n"); ++ goto failed_mount; ++ } ++ ++ for (i = 0; i < SQUASHFS_CACHED_BLKS; i++) ++ msblk->block_cache[i].block = SQUASHFS_INVALID_BLK; ++ ++ msblk->next_cache = 0; ++ ++ /* Allocate read_data block */ ++ msblk->read_size = (sblk->block_size < SQUASHFS_METADATA_SIZE) ? ++ SQUASHFS_METADATA_SIZE : ++ sblk->block_size; ++ ++ if (!(msblk->read_data = kmalloc(msblk->read_size, GFP_KERNEL))) { ++ ERROR("Failed to allocate read_data block\n"); ++ goto failed_mount; ++ } ++ ++ /* Allocate read_page block */ ++ if (!(msblk->read_page = kmalloc(sblk->block_size, GFP_KERNEL))) { ++ ERROR("Failed to allocate read_page block\n"); ++ goto failed_mount; ++ } ++ ++ /* Allocate uid and gid tables */ ++ if (!(msblk->uid = kmalloc((sblk->no_uids + sblk->no_guids) * ++ sizeof(unsigned int), GFP_KERNEL))) { ++ ERROR("Failed to allocate uid/gid table\n"); ++ goto failed_mount; ++ } ++ msblk->guid = msblk->uid + sblk->no_uids; ++ ++ if (msblk->swap) { ++ unsigned int suid[sblk->no_uids + sblk->no_guids]; ++ ++ if (!squashfs_read_data(s, (char *) &suid, sblk->uid_start, ++ ((sblk->no_uids + sblk->no_guids) * ++ sizeof(unsigned int)) | ++ SQUASHFS_COMPRESSED_BIT_BLOCK, NULL)) { ++ ERROR("unable to read uid/gid table\n"); ++ goto failed_mount; ++ } ++ ++ SQUASHFS_SWAP_DATA(msblk->uid, suid, (sblk->no_uids + ++ sblk->no_guids), (sizeof(unsigned int) * 8)); ++ } else ++ if (!squashfs_read_data(s, (char *) msblk->uid, sblk->uid_start, ++ ((sblk->no_uids + sblk->no_guids) * ++ sizeof(unsigned int)) | ++ SQUASHFS_COMPRESSED_BIT_BLOCK, NULL)) { ++ ERROR("unable to read uid/gid table\n"); ++ goto failed_mount; ++ } ++ ++ ++ if (sblk->s_major == 1 && squashfs_1_0_supported(msblk)) ++ goto allocate_root; ++ ++ if (!(msblk->fragment = kmalloc(sizeof(struct squashfs_fragment_cache) * ++ SQUASHFS_CACHED_FRAGMENTS, GFP_KERNEL))) { ++ ERROR("Failed to allocate fragment block cache\n"); ++ goto failed_mount; ++ } ++ ++ for (i = 0; i < SQUASHFS_CACHED_FRAGMENTS; i++) { ++ msblk->fragment[i].locked = 0; ++ msblk->fragment[i].block = SQUASHFS_INVALID_BLK; ++ msblk->fragment[i].data = NULL; ++ } ++ ++ msblk->next_fragment = 0; ++ ++ /* Allocate fragment index table */ ++ if (msblk->read_fragment_index_table(s) == 0) ++ goto failed_mount; ++ ++allocate_root: ++ if ((root = (msblk->iget)(s, sblk->root_inode)) == NULL) ++ goto failed_mount; ++ ++ if ((s->s_root = d_alloc_root(root)) == NULL) { ++ ERROR("Root inode create failed\n"); ++ iput(root); ++ goto failed_mount; ++ } ++ ++ TRACE("Leaving squashfs_read_super\n"); ++ return 0; ++ ++failed_mount: ++ kfree(msblk->fragment_index); ++ kfree(msblk->fragment); ++ kfree(msblk->uid); ++ kfree(msblk->read_page); ++ kfree(msblk->read_data); ++ kfree(msblk->block_cache); ++ kfree(msblk->fragment_index_2); ++ kfree(s->s_fs_info); ++ s->s_fs_info = NULL; ++ return -EINVAL; ++ ++failure: ++ return -ENOMEM; ++} ++ ++ ++static int squashfs_statfs(struct dentry *dentry, struct kstatfs *buf) ++{ ++ struct squashfs_sb_info *msblk = dentry->d_inode->i_sb->s_fs_info; ++ struct squashfs_super_block *sblk = &msblk->sblk; ++ ++ TRACE("Entered squashfs_statfs\n"); ++ ++ buf->f_type = SQUASHFS_MAGIC; ++ buf->f_bsize = sblk->block_size; ++ buf->f_blocks = ((sblk->bytes_used - 1) >> sblk->block_log) + 1; ++ buf->f_bfree = buf->f_bavail = 0; ++ buf->f_files = sblk->inodes; ++ buf->f_ffree = 0; ++ buf->f_namelen = SQUASHFS_NAME_LEN; ++ ++ return 0; ++} ++ ++ ++static int squashfs_symlink_readpage(struct file *file, struct page *page) ++{ ++ struct inode *inode = page->mapping->host; ++ int index = page->index << PAGE_CACHE_SHIFT, length, bytes; ++ long long block = SQUASHFS_I(inode)->start_block; ++ int offset = SQUASHFS_I(inode)->offset; ++ void *pageaddr = kmap(page); ++ ++ TRACE("Entered squashfs_symlink_readpage, page index %ld, start block " ++ "%llx, offset %x\n", page->index, ++ SQUASHFS_I(inode)->start_block, ++ SQUASHFS_I(inode)->offset); ++ ++ for (length = 0; length < index; length += bytes) { ++ if (!(bytes = squashfs_get_cached_block(inode->i_sb, NULL, ++ block, offset, PAGE_CACHE_SIZE, &block, ++ &offset))) { ++ ERROR("Unable to read symbolic link [%llx:%x]\n", block, ++ offset); ++ goto skip_read; ++ } ++ } ++ ++ if (length != index) { ++ ERROR("(squashfs_symlink_readpage) length != index\n"); ++ bytes = 0; ++ goto skip_read; ++ } ++ ++ bytes = (i_size_read(inode) - length) > PAGE_CACHE_SIZE ? PAGE_CACHE_SIZE : ++ i_size_read(inode) - length; ++ ++ if (!(bytes = squashfs_get_cached_block(inode->i_sb, pageaddr, block, ++ offset, bytes, &block, &offset))) ++ ERROR("Unable to read symbolic link [%llx:%x]\n", block, offset); ++ ++skip_read: ++ memset(pageaddr + bytes, 0, PAGE_CACHE_SIZE - bytes); ++ kunmap(page); ++ SetPageUptodate(page); ++ unlock_page(page); ++ ++ return 0; ++} ++ ++ ++struct meta_index *locate_meta_index(struct inode *inode, int index, int offset) ++{ ++ struct meta_index *meta = NULL; ++ struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info; ++ int i; ++ ++ down(&msblk->meta_index_mutex); ++ ++ TRACE("locate_meta_index: index %d, offset %d\n", index, offset); ++ ++ if(msblk->meta_index == NULL) ++ goto not_allocated; ++ ++ for (i = 0; i < SQUASHFS_META_NUMBER; i ++) ++ if (msblk->meta_index[i].inode_number == inode->i_ino && ++ msblk->meta_index[i].offset >= offset && ++ msblk->meta_index[i].offset <= index && ++ msblk->meta_index[i].locked == 0) { ++ TRACE("locate_meta_index: entry %d, offset %d\n", i, ++ msblk->meta_index[i].offset); ++ meta = &msblk->meta_index[i]; ++ offset = meta->offset; ++ } ++ ++ if (meta) ++ meta->locked = 1; ++ ++not_allocated: ++ up(&msblk->meta_index_mutex); ++ ++ return meta; ++} ++ ++ ++struct meta_index *empty_meta_index(struct inode *inode, int offset, int skip) ++{ ++ struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info; ++ struct meta_index *meta = NULL; ++ int i; ++ ++ down(&msblk->meta_index_mutex); ++ ++ TRACE("empty_meta_index: offset %d, skip %d\n", offset, skip); ++ ++ if(msblk->meta_index == NULL) { ++ if (!(msblk->meta_index = kmalloc(sizeof(struct meta_index) * ++ SQUASHFS_META_NUMBER, GFP_KERNEL))) { ++ ERROR("Failed to allocate meta_index\n"); ++ goto failed; ++ } ++ for(i = 0; i < SQUASHFS_META_NUMBER; i++) { ++ msblk->meta_index[i].inode_number = 0; ++ msblk->meta_index[i].locked = 0; ++ } ++ msblk->next_meta_index = 0; ++ } ++ ++ for(i = SQUASHFS_META_NUMBER; i && ++ msblk->meta_index[msblk->next_meta_index].locked; i --) ++ msblk->next_meta_index = (msblk->next_meta_index + 1) % ++ SQUASHFS_META_NUMBER; ++ ++ if(i == 0) { ++ TRACE("empty_meta_index: failed!\n"); ++ goto failed; ++ } ++ ++ TRACE("empty_meta_index: returned meta entry %d, %p\n", ++ msblk->next_meta_index, ++ &msblk->meta_index[msblk->next_meta_index]); ++ ++ meta = &msblk->meta_index[msblk->next_meta_index]; ++ msblk->next_meta_index = (msblk->next_meta_index + 1) % ++ SQUASHFS_META_NUMBER; ++ ++ meta->inode_number = inode->i_ino; ++ meta->offset = offset; ++ meta->skip = skip; ++ meta->entries = 0; ++ meta->locked = 1; ++ ++failed: ++ up(&msblk->meta_index_mutex); ++ return meta; ++} ++ ++ ++void release_meta_index(struct inode *inode, struct meta_index *meta) ++{ ++ meta->locked = 0; ++} ++ ++ ++static int read_block_index(struct super_block *s, int blocks, char *block_list, ++ long long *start_block, int *offset) ++{ ++ struct squashfs_sb_info *msblk = s->s_fs_info; ++ unsigned int *block_listp; ++ int block = 0; ++ ++ if (msblk->swap) { ++ char sblock_list[blocks << 2]; ++ ++ if (!squashfs_get_cached_block(s, sblock_list, *start_block, ++ *offset, blocks << 2, start_block, offset)) { ++ ERROR("Unable to read block list [%llx:%x]\n", ++ *start_block, *offset); ++ goto failure; ++ } ++ SQUASHFS_SWAP_INTS(((unsigned int *)block_list), ++ ((unsigned int *)sblock_list), blocks); ++ } else ++ if (!squashfs_get_cached_block(s, block_list, *start_block, ++ *offset, blocks << 2, start_block, offset)) { ++ ERROR("Unable to read block list [%llx:%x]\n", ++ *start_block, *offset); ++ goto failure; ++ } ++ ++ for (block_listp = (unsigned int *) block_list; blocks; ++ block_listp++, blocks --) ++ block += SQUASHFS_COMPRESSED_SIZE_BLOCK(*block_listp); ++ ++ return block; ++ ++failure: ++ return -1; ++} ++ ++ ++#define SIZE 256 ++ ++static inline int calculate_skip(int blocks) { ++ int skip = (blocks - 1) / ((SQUASHFS_SLOTS * SQUASHFS_META_ENTRIES + 1) * SQUASHFS_META_INDEXES); ++ return skip >= 7 ? 7 : skip + 1; ++} ++ ++ ++static int get_meta_index(struct inode *inode, int index, ++ long long *index_block, int *index_offset, ++ long long *data_block, char *block_list) ++{ ++ struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info; ++ struct squashfs_super_block *sblk = &msblk->sblk; ++ int skip = calculate_skip(i_size_read(inode) >> sblk->block_log); ++ int offset = 0; ++ struct meta_index *meta; ++ struct meta_entry *meta_entry; ++ long long cur_index_block = SQUASHFS_I(inode)->u.s1.block_list_start; ++ int cur_offset = SQUASHFS_I(inode)->offset; ++ long long cur_data_block = SQUASHFS_I(inode)->start_block; ++ int i; ++ ++ index /= SQUASHFS_META_INDEXES * skip; ++ ++ while ( offset < index ) { ++ meta = locate_meta_index(inode, index, offset + 1); ++ ++ if (meta == NULL) { ++ if ((meta = empty_meta_index(inode, offset + 1, ++ skip)) == NULL) ++ goto all_done; ++ } else { ++ offset = index < meta->offset + meta->entries ? index : ++ meta->offset + meta->entries - 1; ++ meta_entry = &meta->meta_entry[offset - meta->offset]; ++ cur_index_block = meta_entry->index_block + sblk->inode_table_start; ++ cur_offset = meta_entry->offset; ++ cur_data_block = meta_entry->data_block; ++ TRACE("get_meta_index: offset %d, meta->offset %d, " ++ "meta->entries %d\n", offset, meta->offset, ++ meta->entries); ++ TRACE("get_meta_index: index_block 0x%llx, offset 0x%x" ++ " data_block 0x%llx\n", cur_index_block, ++ cur_offset, cur_data_block); ++ } ++ ++ for (i = meta->offset + meta->entries; i <= index && ++ i < meta->offset + SQUASHFS_META_ENTRIES; i++) { ++ int blocks = skip * SQUASHFS_META_INDEXES; ++ ++ while (blocks) { ++ int block = blocks > (SIZE >> 2) ? (SIZE >> 2) : ++ blocks; ++ int res = read_block_index(inode->i_sb, block, ++ block_list, &cur_index_block, ++ &cur_offset); ++ ++ if (res == -1) ++ goto failed; ++ ++ cur_data_block += res; ++ blocks -= block; ++ } ++ ++ meta_entry = &meta->meta_entry[i - meta->offset]; ++ meta_entry->index_block = cur_index_block - sblk->inode_table_start; ++ meta_entry->offset = cur_offset; ++ meta_entry->data_block = cur_data_block; ++ meta->entries ++; ++ offset ++; ++ } ++ ++ TRACE("get_meta_index: meta->offset %d, meta->entries %d\n", ++ meta->offset, meta->entries); ++ ++ release_meta_index(inode, meta); ++ } ++ ++all_done: ++ *index_block = cur_index_block; ++ *index_offset = cur_offset; ++ *data_block = cur_data_block; ++ ++ return offset * SQUASHFS_META_INDEXES * skip; ++ ++failed: ++ release_meta_index(inode, meta); ++ return -1; ++} ++ ++ ++static long long read_blocklist(struct inode *inode, int index, ++ int readahead_blks, char *block_list, ++ unsigned short **block_p, unsigned int *bsize) ++{ ++ long long block_ptr; ++ int offset; ++ long long block; ++ int res = get_meta_index(inode, index, &block_ptr, &offset, &block, ++ block_list); ++ ++ TRACE("read_blocklist: res %d, index %d, block_ptr 0x%llx, offset" ++ " 0x%x, block 0x%llx\n", res, index, block_ptr, offset, ++ block); ++ ++ if(res == -1) ++ goto failure; ++ ++ index -= res; ++ ++ while ( index ) { ++ int blocks = index > (SIZE >> 2) ? (SIZE >> 2) : index; ++ int res = read_block_index(inode->i_sb, blocks, block_list, ++ &block_ptr, &offset); ++ if (res == -1) ++ goto failure; ++ block += res; ++ index -= blocks; ++ } ++ ++ if (read_block_index(inode->i_sb, 1, block_list, ++ &block_ptr, &offset) == -1) ++ goto failure; ++ *bsize = *((unsigned int *) block_list); ++ ++ return block; ++ ++failure: ++ return 0; ++} ++ ++ ++static int squashfs_readpage(struct file *file, struct page *page) ++{ ++ struct inode *inode = page->mapping->host; ++ struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info; ++ struct squashfs_super_block *sblk = &msblk->sblk; ++ unsigned char block_list[SIZE]; ++ long long block; ++ unsigned int bsize, i = 0, bytes = 0, byte_offset = 0; ++ int index = page->index >> (sblk->block_log - PAGE_CACHE_SHIFT); ++ void *pageaddr; ++ struct squashfs_fragment_cache *fragment = NULL; ++ char *data_ptr = msblk->read_page; ++ ++ int mask = (1 << (sblk->block_log - PAGE_CACHE_SHIFT)) - 1; ++ int start_index = page->index & ~mask; ++ int end_index = start_index | mask; ++ ++ TRACE("Entered squashfs_readpage, page index %lx, start block %llx\n", ++ page->index, ++ SQUASHFS_I(inode)->start_block); ++ ++ if (page->index >= ((i_size_read(inode) + PAGE_CACHE_SIZE - 1) >> ++ PAGE_CACHE_SHIFT)) ++ goto skip_read; ++ ++ if (SQUASHFS_I(inode)->u.s1.fragment_start_block == SQUASHFS_INVALID_BLK ++ || index < (i_size_read(inode) >> ++ sblk->block_log)) { ++ if ((block = (msblk->read_blocklist)(inode, index, 1, ++ block_list, NULL, &bsize)) == 0) ++ goto skip_read; ++ ++ down(&msblk->read_page_mutex); ++ ++ if (!(bytes = squashfs_read_data(inode->i_sb, msblk->read_page, ++ block, bsize, NULL))) { ++ ERROR("Unable to read page, block %llx, size %x\n", block, ++ bsize); ++ up(&msblk->read_page_mutex); ++ goto skip_read; ++ } ++ } else { ++ if ((fragment = get_cached_fragment(inode->i_sb, ++ SQUASHFS_I(inode)-> ++ u.s1.fragment_start_block, ++ SQUASHFS_I(inode)->u.s1.fragment_size)) ++ == NULL) { ++ ERROR("Unable to read page, block %llx, size %x\n", ++ SQUASHFS_I(inode)-> ++ u.s1.fragment_start_block, ++ (int) SQUASHFS_I(inode)-> ++ u.s1.fragment_size); ++ goto skip_read; ++ } ++ bytes = SQUASHFS_I(inode)->u.s1.fragment_offset + ++ (i_size_read(inode) & (sblk->block_size ++ - 1)); ++ byte_offset = SQUASHFS_I(inode)->u.s1.fragment_offset; ++ data_ptr = fragment->data; ++ } ++ ++ for (i = start_index; i <= end_index && byte_offset < bytes; ++ i++, byte_offset += PAGE_CACHE_SIZE) { ++ struct page *push_page; ++ int available_bytes = (bytes - byte_offset) > PAGE_CACHE_SIZE ? ++ PAGE_CACHE_SIZE : bytes - byte_offset; ++ ++ TRACE("bytes %d, i %d, byte_offset %d, available_bytes %d\n", ++ bytes, i, byte_offset, available_bytes); ++ ++ if (i == page->index) { ++ pageaddr = kmap_atomic(page, KM_USER0); ++ memcpy(pageaddr, data_ptr + byte_offset, ++ available_bytes); ++ memset(pageaddr + available_bytes, 0, ++ PAGE_CACHE_SIZE - available_bytes); ++ kunmap_atomic(pageaddr, KM_USER0); ++ flush_dcache_page(page); ++ SetPageUptodate(page); ++ unlock_page(page); ++ } else if ((push_page = ++ grab_cache_page_nowait(page->mapping, i))) { ++ pageaddr = kmap_atomic(push_page, KM_USER0); ++ ++ memcpy(pageaddr, data_ptr + byte_offset, ++ available_bytes); ++ memset(pageaddr + available_bytes, 0, ++ PAGE_CACHE_SIZE - available_bytes); ++ kunmap_atomic(pageaddr, KM_USER0); ++ flush_dcache_page(push_page); ++ SetPageUptodate(push_page); ++ unlock_page(push_page); ++ page_cache_release(push_page); ++ } ++ } ++ ++ if (SQUASHFS_I(inode)->u.s1.fragment_start_block == SQUASHFS_INVALID_BLK ++ || index < (i_size_read(inode) >> ++ sblk->block_log)) ++ up(&msblk->read_page_mutex); ++ else ++ release_cached_fragment(msblk, fragment); ++ ++ return 0; ++ ++skip_read: ++ pageaddr = kmap_atomic(page, KM_USER0); ++ memset(pageaddr + bytes, 0, PAGE_CACHE_SIZE - bytes); ++ kunmap_atomic(pageaddr, KM_USER0); ++ flush_dcache_page(page); ++ SetPageUptodate(page); ++ unlock_page(page); ++ ++ return 0; ++} ++ ++ ++static int squashfs_readpage4K(struct file *file, struct page *page) ++{ ++ struct inode *inode = page->mapping->host; ++ struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info; ++ struct squashfs_super_block *sblk = &msblk->sblk; ++ unsigned char block_list[SIZE]; ++ long long block; ++ unsigned int bsize, bytes = 0; ++ void *pageaddr; ++ ++ TRACE("Entered squashfs_readpage4K, page index %lx, start block %llx\n", ++ page->index, ++ SQUASHFS_I(inode)->start_block); ++ ++ if (page->index >= ((i_size_read(inode) + PAGE_CACHE_SIZE - 1) >> ++ PAGE_CACHE_SHIFT)) { ++ pageaddr = kmap_atomic(page, KM_USER0); ++ goto skip_read; ++ } ++ ++ if (SQUASHFS_I(inode)->u.s1.fragment_start_block == SQUASHFS_INVALID_BLK ++ || page->index < (i_size_read(inode) >> ++ sblk->block_log)) { ++ block = (msblk->read_blocklist)(inode, page->index, 1, ++ block_list, NULL, &bsize); ++ ++ down(&msblk->read_page_mutex); ++ bytes = squashfs_read_data(inode->i_sb, msblk->read_page, block, ++ bsize, NULL); ++ pageaddr = kmap_atomic(page, KM_USER0); ++ if (bytes) ++ memcpy(pageaddr, msblk->read_page, bytes); ++ else ++ ERROR("Unable to read page, block %llx, size %x\n", ++ block, bsize); ++ up(&msblk->read_page_mutex); ++ } else { ++ struct squashfs_fragment_cache *fragment = ++ get_cached_fragment(inode->i_sb, ++ SQUASHFS_I(inode)-> ++ u.s1.fragment_start_block, ++ SQUASHFS_I(inode)-> u.s1.fragment_size); ++ pageaddr = kmap_atomic(page, KM_USER0); ++ if (fragment) { ++ bytes = i_size_read(inode) & (sblk->block_size - 1); ++ memcpy(pageaddr, fragment->data + SQUASHFS_I(inode)-> ++ u.s1.fragment_offset, bytes); ++ release_cached_fragment(msblk, fragment); ++ } else ++ ERROR("Unable to read page, block %llx, size %x\n", ++ SQUASHFS_I(inode)-> ++ u.s1.fragment_start_block, (int) ++ SQUASHFS_I(inode)-> u.s1.fragment_size); ++ } ++ ++skip_read: ++ memset(pageaddr + bytes, 0, PAGE_CACHE_SIZE - bytes); ++ kunmap_atomic(pageaddr, KM_USER0); ++ flush_dcache_page(page); ++ SetPageUptodate(page); ++ unlock_page(page); ++ ++ return 0; ++} ++ ++ ++static int get_dir_index_using_offset(struct super_block *s, long long ++ *next_block, unsigned int *next_offset, ++ long long index_start, ++ unsigned int index_offset, int i_count, ++ long long f_pos) ++{ ++ struct squashfs_sb_info *msblk = s->s_fs_info; ++ struct squashfs_super_block *sblk = &msblk->sblk; ++ int i, length = 0; ++ struct squashfs_dir_index index; ++ ++ TRACE("Entered get_dir_index_using_offset, i_count %d, f_pos %d\n", ++ i_count, (unsigned int) f_pos); ++ ++ f_pos =- 3; ++ if (f_pos == 0) ++ goto finish; ++ ++ for (i = 0; i < i_count; i++) { ++ if (msblk->swap) { ++ struct squashfs_dir_index sindex; ++ squashfs_get_cached_block(s, (char *) &sindex, ++ index_start, index_offset, ++ sizeof(sindex), &index_start, ++ &index_offset); ++ SQUASHFS_SWAP_DIR_INDEX(&index, &sindex); ++ } else ++ squashfs_get_cached_block(s, (char *) &index, ++ index_start, index_offset, ++ sizeof(index), &index_start, ++ &index_offset); ++ ++ if (index.index > f_pos) ++ break; ++ ++ squashfs_get_cached_block(s, NULL, index_start, index_offset, ++ index.size + 1, &index_start, ++ &index_offset); ++ ++ length = index.index; ++ *next_block = index.start_block + sblk->directory_table_start; ++ } ++ ++ *next_offset = (length + *next_offset) % SQUASHFS_METADATA_SIZE; ++ ++finish: ++ return length + 3; ++} ++ ++ ++static int get_dir_index_using_name(struct super_block *s, long long ++ *next_block, unsigned int *next_offset, ++ long long index_start, ++ unsigned int index_offset, int i_count, ++ const char *name, int size) ++{ ++ struct squashfs_sb_info *msblk = s->s_fs_info; ++ struct squashfs_super_block *sblk = &msblk->sblk; ++ int i, length = 0; ++ char buffer[sizeof(struct squashfs_dir_index) + SQUASHFS_NAME_LEN + 1]; ++ struct squashfs_dir_index *index = (struct squashfs_dir_index *) buffer; ++ char str[SQUASHFS_NAME_LEN + 1]; ++ ++ TRACE("Entered get_dir_index_using_name, i_count %d\n", i_count); ++ ++ strncpy(str, name, size); ++ str[size] = '\0'; ++ ++ for (i = 0; i < i_count; i++) { ++ if (msblk->swap) { ++ struct squashfs_dir_index sindex; ++ squashfs_get_cached_block(s, (char *) &sindex, ++ index_start, index_offset, ++ sizeof(sindex), &index_start, ++ &index_offset); ++ SQUASHFS_SWAP_DIR_INDEX(index, &sindex); ++ } else ++ squashfs_get_cached_block(s, (char *) index, ++ index_start, index_offset, ++ sizeof(struct squashfs_dir_index), ++ &index_start, &index_offset); ++ ++ squashfs_get_cached_block(s, index->name, index_start, ++ index_offset, index->size + 1, ++ &index_start, &index_offset); ++ ++ index->name[index->size + 1] = '\0'; ++ ++ if (strcmp(index->name, str) > 0) ++ break; ++ ++ length = index->index; ++ *next_block = index->start_block + sblk->directory_table_start; ++ } ++ ++ *next_offset = (length + *next_offset) % SQUASHFS_METADATA_SIZE; ++ return length + 3; ++} ++ ++ ++static int squashfs_readdir(struct file *file, void *dirent, filldir_t filldir) ++{ ++ struct inode *i = file->f_dentry->d_inode; ++ struct squashfs_sb_info *msblk = i->i_sb->s_fs_info; ++ struct squashfs_super_block *sblk = &msblk->sblk; ++ long long next_block = SQUASHFS_I(i)->start_block + ++ sblk->directory_table_start; ++ int next_offset = SQUASHFS_I(i)->offset, length = 0, dirs_read = 0, ++ dir_count; ++ struct squashfs_dir_header dirh; ++ char buffer[sizeof(struct squashfs_dir_entry) + SQUASHFS_NAME_LEN + 1]; ++ struct squashfs_dir_entry *dire = (struct squashfs_dir_entry *) buffer; ++ ++ TRACE("Entered squashfs_readdir [%llx:%x]\n", next_block, next_offset); ++ ++ while(file->f_pos < 3) { ++ char *name; ++ int size, i_ino; ++ ++ if(file->f_pos == 0) { ++ name = "."; ++ size = 1; ++ i_ino = i->i_ino; ++ } else { ++ name = ".."; ++ size = 2; ++ i_ino = SQUASHFS_I(i)->u.s2.parent_inode; ++ } ++ TRACE("Calling filldir(%x, %s, %d, %d, %d, %d)\n", ++ (unsigned int) dirent, name, size, (int) ++ file->f_pos, i_ino, ++ squashfs_filetype_table[1]); ++ ++ if (filldir(dirent, name, size, ++ file->f_pos, i_ino, ++ squashfs_filetype_table[1]) < 0) { ++ TRACE("Filldir returned less than 0\n"); ++ goto finish; ++ } ++ file->f_pos += size; ++ dirs_read++; ++ } ++ ++ length = get_dir_index_using_offset(i->i_sb, &next_block, &next_offset, ++ SQUASHFS_I(i)->u.s2.directory_index_start, ++ SQUASHFS_I(i)->u.s2.directory_index_offset, ++ SQUASHFS_I(i)->u.s2.directory_index_count, ++ file->f_pos); ++ ++ while (length < i_size_read(i)) { ++ /* read directory header */ ++ if (msblk->swap) { ++ struct squashfs_dir_header sdirh; ++ ++ if (!squashfs_get_cached_block(i->i_sb, (char *) &sdirh, ++ next_block, next_offset, sizeof(sdirh), ++ &next_block, &next_offset)) ++ goto failed_read; ++ ++ length += sizeof(sdirh); ++ SQUASHFS_SWAP_DIR_HEADER(&dirh, &sdirh); ++ } else { ++ if (!squashfs_get_cached_block(i->i_sb, (char *) &dirh, ++ next_block, next_offset, sizeof(dirh), ++ &next_block, &next_offset)) ++ goto failed_read; ++ ++ length += sizeof(dirh); ++ } ++ ++ dir_count = dirh.count + 1; ++ while (dir_count--) { ++ if (msblk->swap) { ++ struct squashfs_dir_entry sdire; ++ if (!squashfs_get_cached_block(i->i_sb, (char *) ++ &sdire, next_block, next_offset, ++ sizeof(sdire), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ length += sizeof(sdire); ++ SQUASHFS_SWAP_DIR_ENTRY(dire, &sdire); ++ } else { ++ if (!squashfs_get_cached_block(i->i_sb, (char *) ++ dire, next_block, next_offset, ++ sizeof(*dire), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ length += sizeof(*dire); ++ } ++ ++ if (!squashfs_get_cached_block(i->i_sb, dire->name, ++ next_block, next_offset, ++ dire->size + 1, &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ length += dire->size + 1; ++ ++ if (file->f_pos >= length) ++ continue; ++ ++ dire->name[dire->size + 1] = '\0'; ++ ++ TRACE("Calling filldir(%x, %s, %d, %d, %x:%x, %d, %d)\n", ++ (unsigned int) dirent, dire->name, ++ dire->size + 1, (int) file->f_pos, ++ dirh.start_block, dire->offset, ++ dirh.inode_number + dire->inode_number, ++ squashfs_filetype_table[dire->type]); ++ ++ if (filldir(dirent, dire->name, dire->size + 1, ++ file->f_pos, ++ dirh.inode_number + dire->inode_number, ++ squashfs_filetype_table[dire->type]) ++ < 0) { ++ TRACE("Filldir returned less than 0\n"); ++ goto finish; ++ } ++ file->f_pos = length; ++ dirs_read++; ++ } ++ } ++ ++finish: ++ return dirs_read; ++ ++failed_read: ++ ERROR("Unable to read directory block [%llx:%x]\n", next_block, ++ next_offset); ++ return 0; ++} ++ ++ ++static struct dentry *squashfs_lookup(struct inode *i, struct dentry *dentry, ++ struct nameidata *nd) ++{ ++ const unsigned char *name = dentry->d_name.name; ++ int len = dentry->d_name.len; ++ struct inode *inode = NULL; ++ struct squashfs_sb_info *msblk = i->i_sb->s_fs_info; ++ struct squashfs_super_block *sblk = &msblk->sblk; ++ long long next_block = SQUASHFS_I(i)->start_block + ++ sblk->directory_table_start; ++ int next_offset = SQUASHFS_I(i)->offset, length = 0, ++ dir_count; ++ struct squashfs_dir_header dirh; ++ char buffer[sizeof(struct squashfs_dir_entry) + SQUASHFS_NAME_LEN]; ++ struct squashfs_dir_entry *dire = (struct squashfs_dir_entry *) buffer; ++ ++ TRACE("Entered squashfs_lookup [%llx:%x]\n", next_block, next_offset); ++ ++ if (len > SQUASHFS_NAME_LEN) ++ goto exit_loop; ++ ++ length = get_dir_index_using_name(i->i_sb, &next_block, &next_offset, ++ SQUASHFS_I(i)->u.s2.directory_index_start, ++ SQUASHFS_I(i)->u.s2.directory_index_offset, ++ SQUASHFS_I(i)->u.s2.directory_index_count, name, ++ len); ++ ++ while (length < i_size_read(i)) { ++ /* read directory header */ ++ if (msblk->swap) { ++ struct squashfs_dir_header sdirh; ++ if (!squashfs_get_cached_block(i->i_sb, (char *) &sdirh, ++ next_block, next_offset, sizeof(sdirh), ++ &next_block, &next_offset)) ++ goto failed_read; ++ ++ length += sizeof(sdirh); ++ SQUASHFS_SWAP_DIR_HEADER(&dirh, &sdirh); ++ } else { ++ if (!squashfs_get_cached_block(i->i_sb, (char *) &dirh, ++ next_block, next_offset, sizeof(dirh), ++ &next_block, &next_offset)) ++ goto failed_read; ++ ++ length += sizeof(dirh); ++ } ++ ++ dir_count = dirh.count + 1; ++ while (dir_count--) { ++ if (msblk->swap) { ++ struct squashfs_dir_entry sdire; ++ if (!squashfs_get_cached_block(i->i_sb, (char *) ++ &sdire, next_block,next_offset, ++ sizeof(sdire), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ length += sizeof(sdire); ++ SQUASHFS_SWAP_DIR_ENTRY(dire, &sdire); ++ } else { ++ if (!squashfs_get_cached_block(i->i_sb, (char *) ++ dire, next_block,next_offset, ++ sizeof(*dire), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ length += sizeof(*dire); ++ } ++ ++ if (!squashfs_get_cached_block(i->i_sb, dire->name, ++ next_block, next_offset, dire->size + 1, ++ &next_block, &next_offset)) ++ goto failed_read; ++ ++ length += dire->size + 1; ++ ++ if (name[0] < dire->name[0]) ++ goto exit_loop; ++ ++ if ((len == dire->size + 1) && !strncmp(name, ++ dire->name, len)) { ++ squashfs_inode_t ino = ++ SQUASHFS_MKINODE(dirh.start_block, ++ dire->offset); ++ ++ TRACE("calling squashfs_iget for directory " ++ "entry %s, inode %x:%x, %d\n", name, ++ dirh.start_block, dire->offset, ++ dirh.inode_number + dire->inode_number); ++ ++ inode = (msblk->iget)(i->i_sb, ino); ++ ++ goto exit_loop; ++ } ++ } ++ } ++ ++exit_loop: ++ d_add(dentry, inode); ++ return ERR_PTR(0); ++ ++failed_read: ++ ERROR("Unable to read directory block [%llx:%x]\n", next_block, ++ next_offset); ++ goto exit_loop; ++} ++ ++ ++static void squashfs_put_super(struct super_block *s) ++{ ++ int i; ++ ++ if (s->s_fs_info) { ++ struct squashfs_sb_info *sbi = s->s_fs_info; ++ if (sbi->block_cache) ++ for (i = 0; i < SQUASHFS_CACHED_BLKS; i++) ++ if (sbi->block_cache[i].block != ++ SQUASHFS_INVALID_BLK) ++ kfree(sbi->block_cache[i].data); ++ if (sbi->fragment) ++ for (i = 0; i < SQUASHFS_CACHED_FRAGMENTS; i++) ++ SQUASHFS_FREE(sbi->fragment[i].data); ++ kfree(sbi->fragment); ++ kfree(sbi->block_cache); ++ kfree(sbi->read_data); ++ kfree(sbi->read_page); ++ kfree(sbi->uid); ++ kfree(sbi->fragment_index); ++ kfree(sbi->fragment_index_2); ++ kfree(sbi->meta_index); ++ kfree(s->s_fs_info); ++ s->s_fs_info = NULL; ++ } ++} ++ ++ ++static int squashfs_get_sb(struct file_system_type *fs_type, ++ int flags, const char *dev_name, void *data, ++ struct vfsmount *mnt) ++{ ++ return get_sb_bdev(fs_type, flags, dev_name, data, squashfs_fill_super, mnt); ++} ++ ++ ++static int __init init_squashfs_fs(void) ++{ ++ int err = init_inodecache(); ++ if (err) ++ goto out; ++ ++ printk(KERN_INFO "squashfs: version 3.0 (2006/03/15) " ++ "Phillip Lougher\n"); ++ ++ if (!(stream.workspace = vmalloc(zlib_inflate_workspacesize()))) { ++ ERROR("Failed to allocate zlib workspace\n"); ++ destroy_inodecache(); ++ err = -ENOMEM; ++ goto out; ++ } ++ ++ if ((err = register_filesystem(&squashfs_fs_type))) { ++ vfree(stream.workspace); ++ destroy_inodecache(); ++ } ++ ++out: ++ return err; ++} ++ ++ ++static void __exit exit_squashfs_fs(void) ++{ ++ vfree(stream.workspace); ++ unregister_filesystem(&squashfs_fs_type); ++ destroy_inodecache(); ++} ++ ++ ++static struct kmem_cache * squashfs_inode_cachep; ++ ++ ++static struct inode *squashfs_alloc_inode(struct super_block *sb) ++{ ++ struct squashfs_inode_info *ei; ++ ei = kmem_cache_alloc(squashfs_inode_cachep, GFP_KERNEL); ++ if (!ei) ++ return NULL; ++ return &ei->vfs_inode; ++} ++ ++ ++static void squashfs_destroy_inode(struct inode *inode) ++{ ++ kmem_cache_free(squashfs_inode_cachep, SQUASHFS_I(inode)); ++} ++ ++ ++static void init_once(void * foo, struct kmem_cache * cachep, unsigned long flags) ++{ ++ struct squashfs_inode_info *ei = foo; ++ ++ inode_init_once(&ei->vfs_inode); ++} ++ ++ ++static int __init init_inodecache(void) ++{ ++ squashfs_inode_cachep = kmem_cache_create("squashfs_inode_cache", ++ sizeof(struct squashfs_inode_info), ++ 0, SLAB_HWCACHE_ALIGN|SLAB_RECLAIM_ACCOUNT, ++ init_once); ++ if (squashfs_inode_cachep == NULL) ++ return -ENOMEM; ++ return 0; ++} ++ ++ ++static void destroy_inodecache(void) ++{ ++ kmem_cache_destroy(squashfs_inode_cachep); ++} ++ ++ ++module_init(init_squashfs_fs); ++module_exit(exit_squashfs_fs); ++MODULE_DESCRIPTION("squashfs, a compressed read-only filesystem"); ++MODULE_AUTHOR("Phillip Lougher <phillip@lougher.org.uk>"); ++MODULE_LICENSE("GPL"); +--- /dev/null ++++ b/fs/squashfs/Makefile +@@ -0,0 +1,7 @@ ++# ++# Makefile for the linux squashfs routines. ++# ++ ++obj-$(CONFIG_SQUASHFS) += squashfs.o ++squashfs-y += inode.o ++squashfs-y += squashfs2_0.o +--- /dev/null ++++ b/fs/squashfs/squashfs2_0.c +@@ -0,0 +1,758 @@ ++/* ++ * Squashfs - a compressed read only filesystem for Linux ++ * ++ * Copyright (c) 2002, 2003, 2004, 2005, 2006 ++ * Phillip Lougher <phillip@lougher.org.uk> ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version 2, ++ * or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ * ++ * squashfs2_0.c ++ */ ++ ++#include <linux/types.h> ++#include <linux/squashfs_fs.h> ++#include <linux/module.h> ++#include <linux/errno.h> ++#include <linux/slab.h> ++#include <linux/fs.h> ++#include <linux/smp_lock.h> ++#include <linux/slab.h> ++#include <linux/squashfs_fs_sb.h> ++#include <linux/squashfs_fs_i.h> ++#include <linux/buffer_head.h> ++#include <linux/vfs.h> ++#include <linux/init.h> ++#include <linux/dcache.h> ++#include <linux/wait.h> ++#include <linux/zlib.h> ++#include <linux/blkdev.h> ++#include <linux/vmalloc.h> ++#include <asm/uaccess.h> ++#include <asm/semaphore.h> ++ ++#include "squashfs.h" ++static int squashfs_readdir_2(struct file *file, void *dirent, filldir_t filldir); ++static struct dentry *squashfs_lookup_2(struct inode *, struct dentry *, ++ struct nameidata *); ++ ++static struct file_operations squashfs_dir_ops_2 = { ++ .read = generic_read_dir, ++ .readdir = squashfs_readdir_2 ++}; ++ ++static struct inode_operations squashfs_dir_inode_ops_2 = { ++ .lookup = squashfs_lookup_2 ++}; ++ ++static unsigned char squashfs_filetype_table[] = { ++ DT_UNKNOWN, DT_DIR, DT_REG, DT_LNK, DT_BLK, DT_CHR, DT_FIFO, DT_SOCK ++}; ++ ++static int read_fragment_index_table_2(struct super_block *s) ++{ ++ struct squashfs_sb_info *msblk = s->s_fs_info; ++ struct squashfs_super_block *sblk = &msblk->sblk; ++ ++ if (!(msblk->fragment_index_2 = kmalloc(SQUASHFS_FRAGMENT_INDEX_BYTES_2 ++ (sblk->fragments), GFP_KERNEL))) { ++ ERROR("Failed to allocate uid/gid table\n"); ++ return 0; ++ } ++ ++ if (SQUASHFS_FRAGMENT_INDEX_BYTES_2(sblk->fragments) && ++ !squashfs_read_data(s, (char *) ++ msblk->fragment_index_2, ++ sblk->fragment_table_start, ++ SQUASHFS_FRAGMENT_INDEX_BYTES_2 ++ (sblk->fragments) | ++ SQUASHFS_COMPRESSED_BIT_BLOCK, NULL)) { ++ ERROR("unable to read fragment index table\n"); ++ return 0; ++ } ++ ++ if (msblk->swap) { ++ int i; ++ unsigned int fragment; ++ ++ for (i = 0; i < SQUASHFS_FRAGMENT_INDEXES_2(sblk->fragments); ++ i++) { ++ SQUASHFS_SWAP_FRAGMENT_INDEXES_2((&fragment), ++ &msblk->fragment_index_2[i], 1); ++ msblk->fragment_index_2[i] = fragment; ++ } ++ } ++ ++ return 1; ++} ++ ++ ++static int get_fragment_location_2(struct super_block *s, unsigned int fragment, ++ long long *fragment_start_block, ++ unsigned int *fragment_size) ++{ ++ struct squashfs_sb_info *msblk = s->s_fs_info; ++ long long start_block = ++ msblk->fragment_index_2[SQUASHFS_FRAGMENT_INDEX_2(fragment)]; ++ int offset = SQUASHFS_FRAGMENT_INDEX_OFFSET_2(fragment); ++ struct squashfs_fragment_entry_2 fragment_entry; ++ ++ if (msblk->swap) { ++ struct squashfs_fragment_entry_2 sfragment_entry; ++ ++ if (!squashfs_get_cached_block(s, (char *) &sfragment_entry, ++ start_block, offset, ++ sizeof(sfragment_entry), &start_block, ++ &offset)) ++ goto out; ++ SQUASHFS_SWAP_FRAGMENT_ENTRY_2(&fragment_entry, &sfragment_entry); ++ } else ++ if (!squashfs_get_cached_block(s, (char *) &fragment_entry, ++ start_block, offset, ++ sizeof(fragment_entry), &start_block, ++ &offset)) ++ goto out; ++ ++ *fragment_start_block = fragment_entry.start_block; ++ *fragment_size = fragment_entry.size; ++ ++ return 1; ++ ++out: ++ return 0; ++} ++ ++ ++static struct inode *squashfs_new_inode(struct super_block *s, ++ struct squashfs_base_inode_header_2 *inodeb, unsigned int ino) ++{ ++ struct squashfs_sb_info *msblk = s->s_fs_info; ++ struct squashfs_super_block *sblk = &msblk->sblk; ++ struct inode *i = new_inode(s); ++ ++ if (i) { ++ i->i_ino = ino; ++ i->i_mtime.tv_sec = sblk->mkfs_time; ++ i->i_atime.tv_sec = sblk->mkfs_time; ++ i->i_ctime.tv_sec = sblk->mkfs_time; ++ i->i_uid = msblk->uid[inodeb->uid]; ++ i->i_mode = inodeb->mode; ++ i->i_nlink = 1; ++ i->i_size = 0; ++ if (inodeb->guid == SQUASHFS_GUIDS) ++ i->i_gid = i->i_uid; ++ else ++ i->i_gid = msblk->guid[inodeb->guid]; ++ } ++ ++ return i; ++} ++ ++ ++static struct inode *squashfs_iget_2(struct super_block *s, squashfs_inode_t inode) ++{ ++ struct inode *i; ++ struct squashfs_sb_info *msblk = s->s_fs_info; ++ struct squashfs_super_block *sblk = &msblk->sblk; ++ unsigned int block = SQUASHFS_INODE_BLK(inode) + ++ sblk->inode_table_start; ++ unsigned int offset = SQUASHFS_INODE_OFFSET(inode); ++ unsigned int ino = SQUASHFS_MK_VFS_INODE(block ++ - sblk->inode_table_start, offset); ++ long long next_block; ++ unsigned int next_offset; ++ union squashfs_inode_header_2 id, sid; ++ struct squashfs_base_inode_header_2 *inodeb = &id.base, ++ *sinodeb = &sid.base; ++ ++ TRACE("Entered squashfs_iget\n"); ++ ++ if (msblk->swap) { ++ if (!squashfs_get_cached_block(s, (char *) sinodeb, block, ++ offset, sizeof(*sinodeb), &next_block, ++ &next_offset)) ++ goto failed_read; ++ SQUASHFS_SWAP_BASE_INODE_HEADER_2(inodeb, sinodeb, ++ sizeof(*sinodeb)); ++ } else ++ if (!squashfs_get_cached_block(s, (char *) inodeb, block, ++ offset, sizeof(*inodeb), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ switch(inodeb->inode_type) { ++ case SQUASHFS_FILE_TYPE: { ++ struct squashfs_reg_inode_header_2 *inodep = &id.reg; ++ struct squashfs_reg_inode_header_2 *sinodep = &sid.reg; ++ long long frag_blk; ++ unsigned int frag_size; ++ ++ if (msblk->swap) { ++ if (!squashfs_get_cached_block(s, (char *) ++ sinodep, block, offset, ++ sizeof(*sinodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ SQUASHFS_SWAP_REG_INODE_HEADER_2(inodep, sinodep); ++ } else ++ if (!squashfs_get_cached_block(s, (char *) ++ inodep, block, offset, ++ sizeof(*inodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ frag_blk = SQUASHFS_INVALID_BLK; ++ if (inodep->fragment != SQUASHFS_INVALID_FRAG && ++ !get_fragment_location_2(s, ++ inodep->fragment, &frag_blk, &frag_size)) ++ goto failed_read; ++ ++ if((i = squashfs_new_inode(s, inodeb, ino)) == NULL) ++ goto failed_read1; ++ ++ i->i_size = inodep->file_size; ++ i->i_fop = &generic_ro_fops; ++ i->i_mode |= S_IFREG; ++ i->i_mtime.tv_sec = inodep->mtime; ++ i->i_atime.tv_sec = inodep->mtime; ++ i->i_ctime.tv_sec = inodep->mtime; ++ i->i_blocks = ((i->i_size - 1) >> 9) + 1; ++ i->i_blksize = PAGE_CACHE_SIZE; ++ SQUASHFS_I(i)->u.s1.fragment_start_block = frag_blk; ++ SQUASHFS_I(i)->u.s1.fragment_size = frag_size; ++ SQUASHFS_I(i)->u.s1.fragment_offset = inodep->offset; ++ SQUASHFS_I(i)->start_block = inodep->start_block; ++ SQUASHFS_I(i)->u.s1.block_list_start = next_block; ++ SQUASHFS_I(i)->offset = next_offset; ++ if (sblk->block_size > 4096) ++ i->i_data.a_ops = &squashfs_aops; ++ else ++ i->i_data.a_ops = &squashfs_aops_4K; ++ ++ TRACE("File inode %x:%x, start_block %x, " ++ "block_list_start %llx, offset %x\n", ++ SQUASHFS_INODE_BLK(inode), offset, ++ inodep->start_block, next_block, ++ next_offset); ++ break; ++ } ++ case SQUASHFS_DIR_TYPE: { ++ struct squashfs_dir_inode_header_2 *inodep = &id.dir; ++ struct squashfs_dir_inode_header_2 *sinodep = &sid.dir; ++ ++ if (msblk->swap) { ++ if (!squashfs_get_cached_block(s, (char *) ++ sinodep, block, offset, ++ sizeof(*sinodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ SQUASHFS_SWAP_DIR_INODE_HEADER_2(inodep, sinodep); ++ } else ++ if (!squashfs_get_cached_block(s, (char *) ++ inodep, block, offset, ++ sizeof(*inodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ if((i = squashfs_new_inode(s, inodeb, ino)) == NULL) ++ goto failed_read1; ++ ++ i->i_size = inodep->file_size; ++ i->i_op = &squashfs_dir_inode_ops_2; ++ i->i_fop = &squashfs_dir_ops_2; ++ i->i_mode |= S_IFDIR; ++ i->i_mtime.tv_sec = inodep->mtime; ++ i->i_atime.tv_sec = inodep->mtime; ++ i->i_ctime.tv_sec = inodep->mtime; ++ SQUASHFS_I(i)->start_block = inodep->start_block; ++ SQUASHFS_I(i)->offset = inodep->offset; ++ SQUASHFS_I(i)->u.s2.directory_index_count = 0; ++ SQUASHFS_I(i)->u.s2.parent_inode = 0; ++ ++ TRACE("Directory inode %x:%x, start_block %x, offset " ++ "%x\n", SQUASHFS_INODE_BLK(inode), ++ offset, inodep->start_block, ++ inodep->offset); ++ break; ++ } ++ case SQUASHFS_LDIR_TYPE: { ++ struct squashfs_ldir_inode_header_2 *inodep = &id.ldir; ++ struct squashfs_ldir_inode_header_2 *sinodep = &sid.ldir; ++ ++ if (msblk->swap) { ++ if (!squashfs_get_cached_block(s, (char *) ++ sinodep, block, offset, ++ sizeof(*sinodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ SQUASHFS_SWAP_LDIR_INODE_HEADER_2(inodep, ++ sinodep); ++ } else ++ if (!squashfs_get_cached_block(s, (char *) ++ inodep, block, offset, ++ sizeof(*inodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ if((i = squashfs_new_inode(s, inodeb, ino)) == NULL) ++ goto failed_read1; ++ ++ i->i_size = inodep->file_size; ++ i->i_op = &squashfs_dir_inode_ops_2; ++ i->i_fop = &squashfs_dir_ops_2; ++ i->i_mode |= S_IFDIR; ++ i->i_mtime.tv_sec = inodep->mtime; ++ i->i_atime.tv_sec = inodep->mtime; ++ i->i_ctime.tv_sec = inodep->mtime; ++ SQUASHFS_I(i)->start_block = inodep->start_block; ++ SQUASHFS_I(i)->offset = inodep->offset; ++ SQUASHFS_I(i)->u.s2.directory_index_start = next_block; ++ SQUASHFS_I(i)->u.s2.directory_index_offset = ++ next_offset; ++ SQUASHFS_I(i)->u.s2.directory_index_count = ++ inodep->i_count; ++ SQUASHFS_I(i)->u.s2.parent_inode = 0; ++ ++ TRACE("Long directory inode %x:%x, start_block %x, " ++ "offset %x\n", ++ SQUASHFS_INODE_BLK(inode), offset, ++ inodep->start_block, inodep->offset); ++ break; ++ } ++ case SQUASHFS_SYMLINK_TYPE: { ++ struct squashfs_symlink_inode_header_2 *inodep = ++ &id.symlink; ++ struct squashfs_symlink_inode_header_2 *sinodep = ++ &sid.symlink; ++ ++ if (msblk->swap) { ++ if (!squashfs_get_cached_block(s, (char *) ++ sinodep, block, offset, ++ sizeof(*sinodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ SQUASHFS_SWAP_SYMLINK_INODE_HEADER_2(inodep, ++ sinodep); ++ } else ++ if (!squashfs_get_cached_block(s, (char *) ++ inodep, block, offset, ++ sizeof(*inodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ if((i = squashfs_new_inode(s, inodeb, ino)) == NULL) ++ goto failed_read1; ++ ++ i->i_size = inodep->symlink_size; ++ i->i_op = &page_symlink_inode_operations; ++ i->i_data.a_ops = &squashfs_symlink_aops; ++ i->i_mode |= S_IFLNK; ++ SQUASHFS_I(i)->start_block = next_block; ++ SQUASHFS_I(i)->offset = next_offset; ++ ++ TRACE("Symbolic link inode %x:%x, start_block %llx, " ++ "offset %x\n", ++ SQUASHFS_INODE_BLK(inode), offset, ++ next_block, next_offset); ++ break; ++ } ++ case SQUASHFS_BLKDEV_TYPE: ++ case SQUASHFS_CHRDEV_TYPE: { ++ struct squashfs_dev_inode_header_2 *inodep = &id.dev; ++ struct squashfs_dev_inode_header_2 *sinodep = &sid.dev; ++ ++ if (msblk->swap) { ++ if (!squashfs_get_cached_block(s, (char *) ++ sinodep, block, offset, ++ sizeof(*sinodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ SQUASHFS_SWAP_DEV_INODE_HEADER_2(inodep, sinodep); ++ } else ++ if (!squashfs_get_cached_block(s, (char *) ++ inodep, block, offset, ++ sizeof(*inodep), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ if ((i = squashfs_new_inode(s, inodeb, ino)) == NULL) ++ goto failed_read1; ++ ++ i->i_mode |= (inodeb->inode_type == ++ SQUASHFS_CHRDEV_TYPE) ? S_IFCHR : ++ S_IFBLK; ++ init_special_inode(i, i->i_mode, ++ old_decode_dev(inodep->rdev)); ++ ++ TRACE("Device inode %x:%x, rdev %x\n", ++ SQUASHFS_INODE_BLK(inode), offset, ++ inodep->rdev); ++ break; ++ } ++ case SQUASHFS_FIFO_TYPE: ++ case SQUASHFS_SOCKET_TYPE: { ++ if ((i = squashfs_new_inode(s, inodeb, ino)) == NULL) ++ goto failed_read1; ++ ++ i->i_mode |= (inodeb->inode_type == SQUASHFS_FIFO_TYPE) ++ ? S_IFIFO : S_IFSOCK; ++ init_special_inode(i, i->i_mode, 0); ++ break; ++ } ++ default: ++ ERROR("Unknown inode type %d in squashfs_iget!\n", ++ inodeb->inode_type); ++ goto failed_read1; ++ } ++ ++ insert_inode_hash(i); ++ return i; ++ ++failed_read: ++ ERROR("Unable to read inode [%x:%x]\n", block, offset); ++ ++failed_read1: ++ return NULL; ++} ++ ++ ++static int get_dir_index_using_offset(struct super_block *s, long long ++ *next_block, unsigned int *next_offset, ++ long long index_start, ++ unsigned int index_offset, int i_count, ++ long long f_pos) ++{ ++ struct squashfs_sb_info *msblk = s->s_fs_info; ++ struct squashfs_super_block *sblk = &msblk->sblk; ++ int i, length = 0; ++ struct squashfs_dir_index_2 index; ++ ++ TRACE("Entered get_dir_index_using_offset, i_count %d, f_pos %d\n", ++ i_count, (unsigned int) f_pos); ++ ++ if (f_pos == 0) ++ goto finish; ++ ++ for (i = 0; i < i_count; i++) { ++ if (msblk->swap) { ++ struct squashfs_dir_index_2 sindex; ++ squashfs_get_cached_block(s, (char *) &sindex, ++ index_start, index_offset, ++ sizeof(sindex), &index_start, ++ &index_offset); ++ SQUASHFS_SWAP_DIR_INDEX_2(&index, &sindex); ++ } else ++ squashfs_get_cached_block(s, (char *) &index, ++ index_start, index_offset, ++ sizeof(index), &index_start, ++ &index_offset); ++ ++ if (index.index > f_pos) ++ break; ++ ++ squashfs_get_cached_block(s, NULL, index_start, index_offset, ++ index.size + 1, &index_start, ++ &index_offset); ++ ++ length = index.index; ++ *next_block = index.start_block + sblk->directory_table_start; ++ } ++ ++ *next_offset = (length + *next_offset) % SQUASHFS_METADATA_SIZE; ++ ++finish: ++ return length; ++} ++ ++ ++static int get_dir_index_using_name(struct super_block *s, long long ++ *next_block, unsigned int *next_offset, ++ long long index_start, ++ unsigned int index_offset, int i_count, ++ const char *name, int size) ++{ ++ struct squashfs_sb_info *msblk = s->s_fs_info; ++ struct squashfs_super_block *sblk = &msblk->sblk; ++ int i, length = 0; ++ char buffer[sizeof(struct squashfs_dir_index_2) + SQUASHFS_NAME_LEN + 1]; ++ struct squashfs_dir_index_2 *index = (struct squashfs_dir_index_2 *) buffer; ++ char str[SQUASHFS_NAME_LEN + 1]; ++ ++ TRACE("Entered get_dir_index_using_name, i_count %d\n", i_count); ++ ++ strncpy(str, name, size); ++ str[size] = '\0'; ++ ++ for (i = 0; i < i_count; i++) { ++ if (msblk->swap) { ++ struct squashfs_dir_index_2 sindex; ++ squashfs_get_cached_block(s, (char *) &sindex, ++ index_start, index_offset, ++ sizeof(sindex), &index_start, ++ &index_offset); ++ SQUASHFS_SWAP_DIR_INDEX_2(index, &sindex); ++ } else ++ squashfs_get_cached_block(s, (char *) index, ++ index_start, index_offset, ++ sizeof(struct squashfs_dir_index_2), ++ &index_start, &index_offset); ++ ++ squashfs_get_cached_block(s, index->name, index_start, ++ index_offset, index->size + 1, ++ &index_start, &index_offset); ++ ++ index->name[index->size + 1] = '\0'; ++ ++ if (strcmp(index->name, str) > 0) ++ break; ++ ++ length = index->index; ++ *next_block = index->start_block + sblk->directory_table_start; ++ } ++ ++ *next_offset = (length + *next_offset) % SQUASHFS_METADATA_SIZE; ++ return length; ++} ++ ++ ++static int squashfs_readdir_2(struct file *file, void *dirent, filldir_t filldir) ++{ ++ struct inode *i = file->f_dentry->d_inode; ++ struct squashfs_sb_info *msblk = i->i_sb->s_fs_info; ++ struct squashfs_super_block *sblk = &msblk->sblk; ++ long long next_block = SQUASHFS_I(i)->start_block + ++ sblk->directory_table_start; ++ int next_offset = SQUASHFS_I(i)->offset, length = 0, dirs_read = 0, ++ dir_count; ++ struct squashfs_dir_header_2 dirh; ++ char buffer[sizeof(struct squashfs_dir_entry_2) + SQUASHFS_NAME_LEN + 1]; ++ struct squashfs_dir_entry_2 *dire = (struct squashfs_dir_entry_2 *) buffer; ++ ++ TRACE("Entered squashfs_readdir_2 [%llx:%x]\n", next_block, next_offset); ++ ++ length = get_dir_index_using_offset(i->i_sb, &next_block, &next_offset, ++ SQUASHFS_I(i)->u.s2.directory_index_start, ++ SQUASHFS_I(i)->u.s2.directory_index_offset, ++ SQUASHFS_I(i)->u.s2.directory_index_count, ++ file->f_pos); ++ ++ while (length < i_size_read(i)) { ++ /* read directory header */ ++ if (msblk->swap) { ++ struct squashfs_dir_header_2 sdirh; ++ ++ if (!squashfs_get_cached_block(i->i_sb, (char *) &sdirh, ++ next_block, next_offset, sizeof(sdirh), ++ &next_block, &next_offset)) ++ goto failed_read; ++ ++ length += sizeof(sdirh); ++ SQUASHFS_SWAP_DIR_HEADER_2(&dirh, &sdirh); ++ } else { ++ if (!squashfs_get_cached_block(i->i_sb, (char *) &dirh, ++ next_block, next_offset, sizeof(dirh), ++ &next_block, &next_offset)) ++ goto failed_read; ++ ++ length += sizeof(dirh); ++ } ++ ++ dir_count = dirh.count + 1; ++ while (dir_count--) { ++ if (msblk->swap) { ++ struct squashfs_dir_entry_2 sdire; ++ if (!squashfs_get_cached_block(i->i_sb, (char *) ++ &sdire, next_block, next_offset, ++ sizeof(sdire), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ length += sizeof(sdire); ++ SQUASHFS_SWAP_DIR_ENTRY_2(dire, &sdire); ++ } else { ++ if (!squashfs_get_cached_block(i->i_sb, (char *) ++ dire, next_block, next_offset, ++ sizeof(*dire), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ length += sizeof(*dire); ++ } ++ ++ if (!squashfs_get_cached_block(i->i_sb, dire->name, ++ next_block, next_offset, ++ dire->size + 1, &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ length += dire->size + 1; ++ ++ if (file->f_pos >= length) ++ continue; ++ ++ dire->name[dire->size + 1] = '\0'; ++ ++ TRACE("Calling filldir(%x, %s, %d, %d, %x:%x, %d)\n", ++ (unsigned int) dirent, dire->name, ++ dire->size + 1, (int) file->f_pos, ++ dirh.start_block, dire->offset, ++ squashfs_filetype_table[dire->type]); ++ ++ if (filldir(dirent, dire->name, dire->size + 1, ++ file->f_pos, SQUASHFS_MK_VFS_INODE( ++ dirh.start_block, dire->offset), ++ squashfs_filetype_table[dire->type]) ++ < 0) { ++ TRACE("Filldir returned less than 0\n"); ++ goto finish; ++ } ++ file->f_pos = length; ++ dirs_read++; ++ } ++ } ++ ++finish: ++ return dirs_read; ++ ++failed_read: ++ ERROR("Unable to read directory block [%llx:%x]\n", next_block, ++ next_offset); ++ return 0; ++} ++ ++ ++static struct dentry *squashfs_lookup_2(struct inode *i, struct dentry *dentry, ++ struct nameidata *nd) ++{ ++ const unsigned char *name = dentry->d_name.name; ++ int len = dentry->d_name.len; ++ struct inode *inode = NULL; ++ struct squashfs_sb_info *msblk = i->i_sb->s_fs_info; ++ struct squashfs_super_block *sblk = &msblk->sblk; ++ long long next_block = SQUASHFS_I(i)->start_block + ++ sblk->directory_table_start; ++ int next_offset = SQUASHFS_I(i)->offset, length = 0, ++ dir_count; ++ struct squashfs_dir_header_2 dirh; ++ char buffer[sizeof(struct squashfs_dir_entry_2) + SQUASHFS_NAME_LEN]; ++ struct squashfs_dir_entry_2 *dire = (struct squashfs_dir_entry_2 *) buffer; ++ int sorted = sblk->s_major == 2 && sblk->s_minor >= 1; ++ ++ TRACE("Entered squashfs_lookup [%llx:%x]\n", next_block, next_offset); ++ ++ if (len > SQUASHFS_NAME_LEN) ++ goto exit_loop; ++ ++ length = get_dir_index_using_name(i->i_sb, &next_block, &next_offset, ++ SQUASHFS_I(i)->u.s2.directory_index_start, ++ SQUASHFS_I(i)->u.s2.directory_index_offset, ++ SQUASHFS_I(i)->u.s2.directory_index_count, name, ++ len); ++ ++ while (length < i_size_read(i)) { ++ /* read directory header */ ++ if (msblk->swap) { ++ struct squashfs_dir_header_2 sdirh; ++ if (!squashfs_get_cached_block(i->i_sb, (char *) &sdirh, ++ next_block, next_offset, sizeof(sdirh), ++ &next_block, &next_offset)) ++ goto failed_read; ++ ++ length += sizeof(sdirh); ++ SQUASHFS_SWAP_DIR_HEADER_2(&dirh, &sdirh); ++ } else { ++ if (!squashfs_get_cached_block(i->i_sb, (char *) &dirh, ++ next_block, next_offset, sizeof(dirh), ++ &next_block, &next_offset)) ++ goto failed_read; ++ ++ length += sizeof(dirh); ++ } ++ ++ dir_count = dirh.count + 1; ++ while (dir_count--) { ++ if (msblk->swap) { ++ struct squashfs_dir_entry_2 sdire; ++ if (!squashfs_get_cached_block(i->i_sb, (char *) ++ &sdire, next_block,next_offset, ++ sizeof(sdire), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ length += sizeof(sdire); ++ SQUASHFS_SWAP_DIR_ENTRY_2(dire, &sdire); ++ } else { ++ if (!squashfs_get_cached_block(i->i_sb, (char *) ++ dire, next_block,next_offset, ++ sizeof(*dire), &next_block, ++ &next_offset)) ++ goto failed_read; ++ ++ length += sizeof(*dire); ++ } ++ ++ if (!squashfs_get_cached_block(i->i_sb, dire->name, ++ next_block, next_offset, dire->size + 1, ++ &next_block, &next_offset)) ++ goto failed_read; ++ ++ length += dire->size + 1; ++ ++ if (sorted && name[0] < dire->name[0]) ++ goto exit_loop; ++ ++ if ((len == dire->size + 1) && !strncmp(name, ++ dire->name, len)) { ++ squashfs_inode_t ino = ++ SQUASHFS_MKINODE(dirh.start_block, ++ dire->offset); ++ ++ TRACE("calling squashfs_iget for directory " ++ "entry %s, inode %x:%x, %lld\n", name, ++ dirh.start_block, dire->offset, ino); ++ ++ inode = (msblk->iget)(i->i_sb, ino); ++ ++ goto exit_loop; ++ } ++ } ++ } ++ ++exit_loop: ++ d_add(dentry, inode); ++ return ERR_PTR(0); ++ ++failed_read: ++ ERROR("Unable to read directory block [%llx:%x]\n", next_block, ++ next_offset); ++ goto exit_loop; ++} ++ ++ ++int squashfs_2_0_supported(struct squashfs_sb_info *msblk) ++{ ++ struct squashfs_super_block *sblk = &msblk->sblk; ++ ++ msblk->iget = squashfs_iget_2; ++ msblk->read_fragment_index_table = read_fragment_index_table_2; ++ ++ sblk->bytes_used = sblk->bytes_used_2; ++ sblk->uid_start = sblk->uid_start_2; ++ sblk->guid_start = sblk->guid_start_2; ++ sblk->inode_table_start = sblk->inode_table_start_2; ++ sblk->directory_table_start = sblk->directory_table_start_2; ++ sblk->fragment_table_start = sblk->fragment_table_start_2; ++ ++ return 1; ++} +--- /dev/null ++++ b/fs/squashfs/squashfs.h +@@ -0,0 +1,86 @@ ++/* ++ * Squashfs - a compressed read only filesystem for Linux ++ * ++ * Copyright (c) 2002, 2003, 2004, 2005, 2006 ++ * Phillip Lougher <phillip@lougher.org.uk> ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version 2, ++ * or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ * ++ * squashfs.h ++ */ ++ ++#ifdef CONFIG_SQUASHFS_1_0_COMPATIBILITY ++#undef CONFIG_SQUASHFS_1_0_COMPATIBILITY ++#endif ++ ++#ifdef SQUASHFS_TRACE ++#define TRACE(s, args...) printk(KERN_NOTICE "SQUASHFS: "s, ## args) ++#else ++#define TRACE(s, args...) {} ++#endif ++ ++#define ERROR(s, args...) printk(KERN_ERR "SQUASHFS error: "s, ## args) ++ ++#define SERROR(s, args...) do { \ ++ if (!silent) \ ++ printk(KERN_ERR "SQUASHFS error: "s, ## args);\ ++ } while(0) ++ ++#define WARNING(s, args...) printk(KERN_WARNING "SQUASHFS: "s, ## args) ++ ++static inline struct squashfs_inode_info *SQUASHFS_I(struct inode *inode) ++{ ++ return list_entry(inode, struct squashfs_inode_info, vfs_inode); ++} ++ ++#if defined(CONFIG_SQUASHFS_1_0_COMPATIBILITY ) || defined(CONFIG_SQUASHFS_2_0_COMPATIBILITY) ++#define SQSH_EXTERN ++extern unsigned int squashfs_read_data(struct super_block *s, char *buffer, ++ long long index, unsigned int length, ++ long long *next_index); ++extern int squashfs_get_cached_block(struct super_block *s, char *buffer, ++ long long block, unsigned int offset, ++ int length, long long *next_block, ++ unsigned int *next_offset); ++extern void release_cached_fragment(struct squashfs_sb_info *msblk, struct ++ squashfs_fragment_cache *fragment); ++extern struct squashfs_fragment_cache *get_cached_fragment(struct super_block ++ *s, long long start_block, ++ int length); ++extern struct address_space_operations squashfs_symlink_aops; ++extern struct address_space_operations squashfs_aops; ++extern struct address_space_operations squashfs_aops_4K; ++extern struct inode_operations squashfs_dir_inode_ops; ++#else ++#define SQSH_EXTERN static ++#endif ++ ++#ifdef CONFIG_SQUASHFS_1_0_COMPATIBILITY ++extern int squashfs_1_0_supported(struct squashfs_sb_info *msblk); ++#else ++static inline int squashfs_1_0_supported(struct squashfs_sb_info *msblk) ++{ ++ return 0; ++} ++#endif ++ ++#ifdef CONFIG_SQUASHFS_2_0_COMPATIBILITY ++extern int squashfs_2_0_supported(struct squashfs_sb_info *msblk); ++#else ++static inline int squashfs_2_0_supported(struct squashfs_sb_info *msblk) ++{ ++ return 0; ++} ++#endif +--- a/include/linux/magic.h ++++ b/include/linux/magic.h +@@ -35,6 +35,9 @@ + #define REISER2FS_SUPER_MAGIC_STRING "ReIsEr2Fs" + #define REISER2FS_JR_SUPER_MAGIC_STRING "ReIsEr3Fs" + ++#define SQUASHFS_MAGIC 0x73717368 ++#define SQUASHFS_MAGIC_SWAP 0x68737173 ++ + #define SMB_SUPER_MAGIC 0x517B + #define USBDEVICE_SUPER_MAGIC 0x9fa2 + #define CGROUP_SUPER_MAGIC 0x27e0eb +--- /dev/null ++++ b/include/linux/squashfs_fs.h +@@ -0,0 +1,911 @@ ++#ifndef SQUASHFS_FS ++#define SQUASHFS_FS ++ ++/* ++ * Squashfs ++ * ++ * Copyright (c) 2002, 2003, 2004, 2005, 2006 ++ * Phillip Lougher <phillip@lougher.org.uk> ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version 2, ++ * or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ * ++ * squashfs_fs.h ++ */ ++ ++#ifndef CONFIG_SQUASHFS_2_0_COMPATIBILITY ++#define CONFIG_SQUASHFS_2_0_COMPATIBILITY ++#endif ++ ++#ifdef CONFIG_SQUASHFS_VMALLOC ++#define SQUASHFS_ALLOC(a) vmalloc(a) ++#define SQUASHFS_FREE(a) vfree(a) ++#else ++#define SQUASHFS_ALLOC(a) kmalloc(a, GFP_KERNEL) ++#define SQUASHFS_FREE(a) kfree(a) ++#endif ++#define SQUASHFS_CACHED_FRAGMENTS CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE ++#define SQUASHFS_MAJOR 3 ++#define SQUASHFS_MINOR 0 ++#define SQUASHFS_START 0 ++ ++/* size of metadata (inode and directory) blocks */ ++#define SQUASHFS_METADATA_SIZE 8192 ++#define SQUASHFS_METADATA_LOG 13 ++ ++/* default size of data blocks */ ++#define SQUASHFS_FILE_SIZE 65536 ++#define SQUASHFS_FILE_LOG 16 ++ ++#define SQUASHFS_FILE_MAX_SIZE 65536 ++ ++/* Max number of uids and gids */ ++#define SQUASHFS_UIDS 256 ++#define SQUASHFS_GUIDS 255 ++ ++/* Max length of filename (not 255) */ ++#define SQUASHFS_NAME_LEN 256 ++ ++#define SQUASHFS_INVALID ((long long) 0xffffffffffff) ++#define SQUASHFS_INVALID_FRAG ((unsigned int) 0xffffffff) ++#define SQUASHFS_INVALID_BLK ((long long) -1) ++#define SQUASHFS_USED_BLK ((long long) -2) ++ ++/* Filesystem flags */ ++#define SQUASHFS_NOI 0 ++#define SQUASHFS_NOD 1 ++#define SQUASHFS_CHECK 2 ++#define SQUASHFS_NOF 3 ++#define SQUASHFS_NO_FRAG 4 ++#define SQUASHFS_ALWAYS_FRAG 5 ++#define SQUASHFS_DUPLICATE 6 ++ ++#define SQUASHFS_BIT(flag, bit) ((flag >> bit) & 1) ++ ++#define SQUASHFS_UNCOMPRESSED_INODES(flags) SQUASHFS_BIT(flags, \ ++ SQUASHFS_NOI) ++ ++#define SQUASHFS_UNCOMPRESSED_DATA(flags) SQUASHFS_BIT(flags, \ ++ SQUASHFS_NOD) ++ ++#define SQUASHFS_UNCOMPRESSED_FRAGMENTS(flags) SQUASHFS_BIT(flags, \ ++ SQUASHFS_NOF) ++ ++#define SQUASHFS_NO_FRAGMENTS(flags) SQUASHFS_BIT(flags, \ ++ SQUASHFS_NO_FRAG) ++ ++#define SQUASHFS_ALWAYS_FRAGMENTS(flags) SQUASHFS_BIT(flags, \ ++ SQUASHFS_ALWAYS_FRAG) ++ ++#define SQUASHFS_DUPLICATES(flags) SQUASHFS_BIT(flags, \ ++ SQUASHFS_DUPLICATE) ++ ++#define SQUASHFS_CHECK_DATA(flags) SQUASHFS_BIT(flags, \ ++ SQUASHFS_CHECK) ++ ++#define SQUASHFS_MKFLAGS(noi, nod, check_data, nof, no_frag, always_frag, \ ++ duplicate_checking) (noi | (nod << 1) | (check_data << 2) \ ++ | (nof << 3) | (no_frag << 4) | (always_frag << 5) | \ ++ (duplicate_checking << 6)) ++ ++/* Max number of types and file types */ ++#define SQUASHFS_DIR_TYPE 1 ++#define SQUASHFS_FILE_TYPE 2 ++#define SQUASHFS_SYMLINK_TYPE 3 ++#define SQUASHFS_BLKDEV_TYPE 4 ++#define SQUASHFS_CHRDEV_TYPE 5 ++#define SQUASHFS_FIFO_TYPE 6 ++#define SQUASHFS_SOCKET_TYPE 7 ++#define SQUASHFS_LDIR_TYPE 8 ++#define SQUASHFS_LREG_TYPE 9 ++ ++/* 1.0 filesystem type definitions */ ++#define SQUASHFS_TYPES 5 ++#define SQUASHFS_IPC_TYPE 0 ++ ++/* Flag whether block is compressed or uncompressed, bit is set if block is ++ * uncompressed */ ++#define SQUASHFS_COMPRESSED_BIT (1 << 15) ++ ++#define SQUASHFS_COMPRESSED_SIZE(B) (((B) & ~SQUASHFS_COMPRESSED_BIT) ? \ ++ (B) & ~SQUASHFS_COMPRESSED_BIT : SQUASHFS_COMPRESSED_BIT) ++ ++#define SQUASHFS_COMPRESSED(B) (!((B) & SQUASHFS_COMPRESSED_BIT)) ++ ++#define SQUASHFS_COMPRESSED_BIT_BLOCK (1 << 24) ++ ++#define SQUASHFS_COMPRESSED_SIZE_BLOCK(B) (((B) & \ ++ ~SQUASHFS_COMPRESSED_BIT_BLOCK) ? (B) & \ ++ ~SQUASHFS_COMPRESSED_BIT_BLOCK : SQUASHFS_COMPRESSED_BIT_BLOCK) ++ ++#define SQUASHFS_COMPRESSED_BLOCK(B) (!((B) & SQUASHFS_COMPRESSED_BIT_BLOCK)) ++ ++/* ++ * Inode number ops. Inodes consist of a compressed block number, and an ++ * uncompressed offset within that block ++ */ ++#define SQUASHFS_INODE_BLK(a) ((unsigned int) ((a) >> 16)) ++ ++#define SQUASHFS_INODE_OFFSET(a) ((unsigned int) ((a) & 0xffff)) ++ ++#define SQUASHFS_MKINODE(A, B) ((squashfs_inode_t)(((squashfs_inode_t) (A)\ ++ << 16) + (B))) ++ ++/* Compute 32 bit VFS inode number from squashfs inode number */ ++#define SQUASHFS_MK_VFS_INODE(a, b) ((unsigned int) (((a) << 8) + \ ++ ((b) >> 2) + 1)) ++/* XXX */ ++ ++/* Translate between VFS mode and squashfs mode */ ++#define SQUASHFS_MODE(a) ((a) & 0xfff) ++ ++/* fragment and fragment table defines */ ++#define SQUASHFS_FRAGMENT_BYTES(A) (A * sizeof(struct squashfs_fragment_entry)) ++ ++#define SQUASHFS_FRAGMENT_INDEX(A) (SQUASHFS_FRAGMENT_BYTES(A) / \ ++ SQUASHFS_METADATA_SIZE) ++ ++#define SQUASHFS_FRAGMENT_INDEX_OFFSET(A) (SQUASHFS_FRAGMENT_BYTES(A) % \ ++ SQUASHFS_METADATA_SIZE) ++ ++#define SQUASHFS_FRAGMENT_INDEXES(A) ((SQUASHFS_FRAGMENT_BYTES(A) + \ ++ SQUASHFS_METADATA_SIZE - 1) / \ ++ SQUASHFS_METADATA_SIZE) ++ ++#define SQUASHFS_FRAGMENT_INDEX_BYTES(A) (SQUASHFS_FRAGMENT_INDEXES(A) *\ ++ sizeof(long long)) ++ ++/* cached data constants for filesystem */ ++#define SQUASHFS_CACHED_BLKS 8 ++ ++#define SQUASHFS_MAX_FILE_SIZE_LOG 64 ++ ++#define SQUASHFS_MAX_FILE_SIZE ((long long) 1 << \ ++ (SQUASHFS_MAX_FILE_SIZE_LOG - 2)) ++ ++#define SQUASHFS_MARKER_BYTE 0xff ++ ++/* meta index cache */ ++#define SQUASHFS_META_INDEXES (SQUASHFS_METADATA_SIZE / sizeof(unsigned int)) ++#define SQUASHFS_META_ENTRIES 31 ++#define SQUASHFS_META_NUMBER 8 ++#define SQUASHFS_SLOTS 4 ++ ++#include <linux/magic.h> ++ ++struct meta_entry { ++ long long data_block; ++ unsigned int index_block; ++ unsigned short offset; ++ unsigned short pad; ++}; ++ ++struct meta_index { ++ unsigned int inode_number; ++ unsigned int offset; ++ unsigned short entries; ++ unsigned short skip; ++ unsigned short locked; ++ unsigned short pad; ++ struct meta_entry meta_entry[SQUASHFS_META_ENTRIES]; ++}; ++ ++ ++/* ++ * definitions for structures on disk ++ */ ++ ++typedef long long squashfs_block_t; ++typedef long long squashfs_inode_t; ++ ++struct squashfs_super_block { ++ unsigned int s_magic; ++ unsigned int inodes; ++ unsigned int bytes_used_2; ++ unsigned int uid_start_2; ++ unsigned int guid_start_2; ++ unsigned int inode_table_start_2; ++ unsigned int directory_table_start_2; ++ unsigned int s_major:16; ++ unsigned int s_minor:16; ++ unsigned int block_size_1:16; ++ unsigned int block_log:16; ++ unsigned int flags:8; ++ unsigned int no_uids:8; ++ unsigned int no_guids:8; ++ unsigned int mkfs_time /* time of filesystem creation */; ++ squashfs_inode_t root_inode; ++ unsigned int block_size; ++ unsigned int fragments; ++ unsigned int fragment_table_start_2; ++ long long bytes_used; ++ long long uid_start; ++ long long guid_start; ++ long long inode_table_start; ++ long long directory_table_start; ++ long long fragment_table_start; ++ long long unused; ++} __attribute__ ((packed)); ++ ++struct squashfs_dir_index { ++ unsigned int index; ++ unsigned int start_block; ++ unsigned char size; ++ unsigned char name[0]; ++} __attribute__ ((packed)); ++ ++#define SQUASHFS_BASE_INODE_HEADER \ ++ unsigned int inode_type:4; \ ++ unsigned int mode:12; \ ++ unsigned int uid:8; \ ++ unsigned int guid:8; \ ++ unsigned int mtime; \ ++ unsigned int inode_number; ++ ++struct squashfs_base_inode_header { ++ SQUASHFS_BASE_INODE_HEADER; ++} __attribute__ ((packed)); ++ ++struct squashfs_ipc_inode_header { ++ SQUASHFS_BASE_INODE_HEADER; ++ unsigned int nlink; ++} __attribute__ ((packed)); ++ ++struct squashfs_dev_inode_header { ++ SQUASHFS_BASE_INODE_HEADER; ++ unsigned int nlink; ++ unsigned short rdev; ++} __attribute__ ((packed)); ++ ++struct squashfs_symlink_inode_header { ++ SQUASHFS_BASE_INODE_HEADER; ++ unsigned int nlink; ++ unsigned short symlink_size; ++ char symlink[0]; ++} __attribute__ ((packed)); ++ ++struct squashfs_reg_inode_header { ++ SQUASHFS_BASE_INODE_HEADER; ++ squashfs_block_t start_block; ++ unsigned int fragment; ++ unsigned int offset; ++ unsigned int file_size; ++ unsigned short block_list[0]; ++} __attribute__ ((packed)); ++ ++struct squashfs_lreg_inode_header { ++ SQUASHFS_BASE_INODE_HEADER; ++ unsigned int nlink; ++ squashfs_block_t start_block; ++ unsigned int fragment; ++ unsigned int offset; ++ long long file_size; ++ unsigned short block_list[0]; ++} __attribute__ ((packed)); ++ ++struct squashfs_dir_inode_header { ++ SQUASHFS_BASE_INODE_HEADER; ++ unsigned int nlink; ++ unsigned int file_size:19; ++ unsigned int offset:13; ++ unsigned int start_block; ++ unsigned int parent_inode; ++} __attribute__ ((packed)); ++ ++struct squashfs_ldir_inode_header { ++ SQUASHFS_BASE_INODE_HEADER; ++ unsigned int nlink; ++ unsigned int file_size:27; ++ unsigned int offset:13; ++ unsigned int start_block; ++ unsigned int i_count:16; ++ unsigned int parent_inode; ++ struct squashfs_dir_index index[0]; ++} __attribute__ ((packed)); ++ ++union squashfs_inode_header { ++ struct squashfs_base_inode_header base; ++ struct squashfs_dev_inode_header dev; ++ struct squashfs_symlink_inode_header symlink; ++ struct squashfs_reg_inode_header reg; ++ struct squashfs_lreg_inode_header lreg; ++ struct squashfs_dir_inode_header dir; ++ struct squashfs_ldir_inode_header ldir; ++ struct squashfs_ipc_inode_header ipc; ++}; ++ ++struct squashfs_dir_entry { ++ unsigned int offset:13; ++ unsigned int type:3; ++ unsigned int size:8; ++ int inode_number:16; ++ char name[0]; ++} __attribute__ ((packed)); ++ ++struct squashfs_dir_header { ++ unsigned int count:8; ++ unsigned int start_block; ++ unsigned int inode_number; ++} __attribute__ ((packed)); ++ ++struct squashfs_fragment_entry { ++ long long start_block; ++ unsigned int size; ++ unsigned int unused; ++} __attribute__ ((packed)); ++ ++extern int squashfs_uncompress_block(void *d, int dstlen, void *s, int srclen); ++extern int squashfs_uncompress_init(void); ++extern int squashfs_uncompress_exit(void); ++ ++/* ++ * macros to convert each packed bitfield structure from little endian to big ++ * endian and vice versa. These are needed when creating or using a filesystem ++ * on a machine with different byte ordering to the target architecture. ++ * ++ */ ++ ++#define SQUASHFS_SWAP_START \ ++ int bits;\ ++ int b_pos;\ ++ unsigned long long val;\ ++ unsigned char *s;\ ++ unsigned char *d; ++ ++#define SQUASHFS_SWAP_SUPER_BLOCK(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_MEMSET(s, d, sizeof(struct squashfs_super_block));\ ++ SQUASHFS_SWAP((s)->s_magic, d, 0, 32);\ ++ SQUASHFS_SWAP((s)->inodes, d, 32, 32);\ ++ SQUASHFS_SWAP((s)->bytes_used_2, d, 64, 32);\ ++ SQUASHFS_SWAP((s)->uid_start_2, d, 96, 32);\ ++ SQUASHFS_SWAP((s)->guid_start_2, d, 128, 32);\ ++ SQUASHFS_SWAP((s)->inode_table_start_2, d, 160, 32);\ ++ SQUASHFS_SWAP((s)->directory_table_start_2, d, 192, 32);\ ++ SQUASHFS_SWAP((s)->s_major, d, 224, 16);\ ++ SQUASHFS_SWAP((s)->s_minor, d, 240, 16);\ ++ SQUASHFS_SWAP((s)->block_size_1, d, 256, 16);\ ++ SQUASHFS_SWAP((s)->block_log, d, 272, 16);\ ++ SQUASHFS_SWAP((s)->flags, d, 288, 8);\ ++ SQUASHFS_SWAP((s)->no_uids, d, 296, 8);\ ++ SQUASHFS_SWAP((s)->no_guids, d, 304, 8);\ ++ SQUASHFS_SWAP((s)->mkfs_time, d, 312, 32);\ ++ SQUASHFS_SWAP((s)->root_inode, d, 344, 64);\ ++ SQUASHFS_SWAP((s)->block_size, d, 408, 32);\ ++ SQUASHFS_SWAP((s)->fragments, d, 440, 32);\ ++ SQUASHFS_SWAP((s)->fragment_table_start_2, d, 472, 32);\ ++ SQUASHFS_SWAP((s)->bytes_used, d, 504, 64);\ ++ SQUASHFS_SWAP((s)->uid_start, d, 568, 64);\ ++ SQUASHFS_SWAP((s)->guid_start, d, 632, 64);\ ++ SQUASHFS_SWAP((s)->inode_table_start, d, 696, 64);\ ++ SQUASHFS_SWAP((s)->directory_table_start, d, 760, 64);\ ++ SQUASHFS_SWAP((s)->fragment_table_start, d, 824, 64);\ ++ SQUASHFS_SWAP((s)->unused, d, 888, 64);\ ++} ++ ++#define SQUASHFS_SWAP_BASE_INODE_CORE(s, d, n)\ ++ SQUASHFS_MEMSET(s, d, n);\ ++ SQUASHFS_SWAP((s)->inode_type, d, 0, 4);\ ++ SQUASHFS_SWAP((s)->mode, d, 4, 12);\ ++ SQUASHFS_SWAP((s)->uid, d, 16, 8);\ ++ SQUASHFS_SWAP((s)->guid, d, 24, 8);\ ++ SQUASHFS_SWAP((s)->mtime, d, 32, 32);\ ++ SQUASHFS_SWAP((s)->inode_number, d, 64, 32); ++ ++#define SQUASHFS_SWAP_BASE_INODE_HEADER(s, d, n) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE(s, d, n)\ ++} ++ ++#define SQUASHFS_SWAP_IPC_INODE_HEADER(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE(s, d, \ ++ sizeof(struct squashfs_ipc_inode_header))\ ++ SQUASHFS_SWAP((s)->nlink, d, 96, 32);\ ++} ++ ++#define SQUASHFS_SWAP_DEV_INODE_HEADER(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE(s, d, \ ++ sizeof(struct squashfs_dev_inode_header)); \ ++ SQUASHFS_SWAP((s)->nlink, d, 96, 32);\ ++ SQUASHFS_SWAP((s)->rdev, d, 128, 16);\ ++} ++ ++#define SQUASHFS_SWAP_SYMLINK_INODE_HEADER(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE(s, d, \ ++ sizeof(struct squashfs_symlink_inode_header));\ ++ SQUASHFS_SWAP((s)->nlink, d, 96, 32);\ ++ SQUASHFS_SWAP((s)->symlink_size, d, 128, 16);\ ++} ++ ++#define SQUASHFS_SWAP_REG_INODE_HEADER(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE(s, d, \ ++ sizeof(struct squashfs_reg_inode_header));\ ++ SQUASHFS_SWAP((s)->start_block, d, 96, 64);\ ++ SQUASHFS_SWAP((s)->fragment, d, 160, 32);\ ++ SQUASHFS_SWAP((s)->offset, d, 192, 32);\ ++ SQUASHFS_SWAP((s)->file_size, d, 224, 32);\ ++} ++ ++#define SQUASHFS_SWAP_LREG_INODE_HEADER(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE(s, d, \ ++ sizeof(struct squashfs_lreg_inode_header));\ ++ SQUASHFS_SWAP((s)->nlink, d, 96, 32);\ ++ SQUASHFS_SWAP((s)->start_block, d, 128, 64);\ ++ SQUASHFS_SWAP((s)->fragment, d, 192, 32);\ ++ SQUASHFS_SWAP((s)->offset, d, 224, 32);\ ++ SQUASHFS_SWAP((s)->file_size, d, 256, 64);\ ++} ++ ++#define SQUASHFS_SWAP_DIR_INODE_HEADER(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE(s, d, \ ++ sizeof(struct squashfs_dir_inode_header));\ ++ SQUASHFS_SWAP((s)->nlink, d, 96, 32);\ ++ SQUASHFS_SWAP((s)->file_size, d, 128, 19);\ ++ SQUASHFS_SWAP((s)->offset, d, 147, 13);\ ++ SQUASHFS_SWAP((s)->start_block, d, 160, 32);\ ++ SQUASHFS_SWAP((s)->parent_inode, d, 192, 32);\ ++} ++ ++#define SQUASHFS_SWAP_LDIR_INODE_HEADER(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE(s, d, \ ++ sizeof(struct squashfs_ldir_inode_header));\ ++ SQUASHFS_SWAP((s)->nlink, d, 96, 32);\ ++ SQUASHFS_SWAP((s)->file_size, d, 128, 27);\ ++ SQUASHFS_SWAP((s)->offset, d, 155, 13);\ ++ SQUASHFS_SWAP((s)->start_block, d, 168, 32);\ ++ SQUASHFS_SWAP((s)->i_count, d, 200, 16);\ ++ SQUASHFS_SWAP((s)->parent_inode, d, 216, 32);\ ++} ++ ++#define SQUASHFS_SWAP_DIR_INDEX(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_MEMSET(s, d, sizeof(struct squashfs_dir_index));\ ++ SQUASHFS_SWAP((s)->index, d, 0, 32);\ ++ SQUASHFS_SWAP((s)->start_block, d, 32, 32);\ ++ SQUASHFS_SWAP((s)->size, d, 64, 8);\ ++} ++ ++#define SQUASHFS_SWAP_DIR_HEADER(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_MEMSET(s, d, sizeof(struct squashfs_dir_header));\ ++ SQUASHFS_SWAP((s)->count, d, 0, 8);\ ++ SQUASHFS_SWAP((s)->start_block, d, 8, 32);\ ++ SQUASHFS_SWAP((s)->inode_number, d, 40, 32);\ ++} ++ ++#define SQUASHFS_SWAP_DIR_ENTRY(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_MEMSET(s, d, sizeof(struct squashfs_dir_entry));\ ++ SQUASHFS_SWAP((s)->offset, d, 0, 13);\ ++ SQUASHFS_SWAP((s)->type, d, 13, 3);\ ++ SQUASHFS_SWAP((s)->size, d, 16, 8);\ ++ SQUASHFS_SWAP((s)->inode_number, d, 24, 16);\ ++} ++ ++#define SQUASHFS_SWAP_FRAGMENT_ENTRY(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_MEMSET(s, d, sizeof(struct squashfs_fragment_entry));\ ++ SQUASHFS_SWAP((s)->start_block, d, 0, 64);\ ++ SQUASHFS_SWAP((s)->size, d, 64, 32);\ ++} ++ ++#define SQUASHFS_SWAP_SHORTS(s, d, n) {\ ++ int entry;\ ++ int bit_position;\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_MEMSET(s, d, n * 2);\ ++ for(entry = 0, bit_position = 0; entry < n; entry++, bit_position += \ ++ 16)\ ++ SQUASHFS_SWAP(s[entry], d, bit_position, 16);\ ++} ++ ++#define SQUASHFS_SWAP_INTS(s, d, n) {\ ++ int entry;\ ++ int bit_position;\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_MEMSET(s, d, n * 4);\ ++ for(entry = 0, bit_position = 0; entry < n; entry++, bit_position += \ ++ 32)\ ++ SQUASHFS_SWAP(s[entry], d, bit_position, 32);\ ++} ++ ++#define SQUASHFS_SWAP_LONG_LONGS(s, d, n) {\ ++ int entry;\ ++ int bit_position;\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_MEMSET(s, d, n * 8);\ ++ for(entry = 0, bit_position = 0; entry < n; entry++, bit_position += \ ++ 64)\ ++ SQUASHFS_SWAP(s[entry], d, bit_position, 64);\ ++} ++ ++#define SQUASHFS_SWAP_DATA(s, d, n, bits) {\ ++ int entry;\ ++ int bit_position;\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_MEMSET(s, d, n * bits / 8);\ ++ for(entry = 0, bit_position = 0; entry < n; entry++, bit_position += \ ++ bits)\ ++ SQUASHFS_SWAP(s[entry], d, bit_position, bits);\ ++} ++ ++#define SQUASHFS_SWAP_FRAGMENT_INDEXES(s, d, n) SQUASHFS_SWAP_LONG_LONGS(s, d, n) ++ ++#ifdef CONFIG_SQUASHFS_1_0_COMPATIBILITY ++ ++struct squashfs_base_inode_header_1 { ++ unsigned int inode_type:4; ++ unsigned int mode:12; /* protection */ ++ unsigned int uid:4; /* index into uid table */ ++ unsigned int guid:4; /* index into guid table */ ++} __attribute__ ((packed)); ++ ++struct squashfs_ipc_inode_header_1 { ++ unsigned int inode_type:4; ++ unsigned int mode:12; /* protection */ ++ unsigned int uid:4; /* index into uid table */ ++ unsigned int guid:4; /* index into guid table */ ++ unsigned int type:4; ++ unsigned int offset:4; ++} __attribute__ ((packed)); ++ ++struct squashfs_dev_inode_header_1 { ++ unsigned int inode_type:4; ++ unsigned int mode:12; /* protection */ ++ unsigned int uid:4; /* index into uid table */ ++ unsigned int guid:4; /* index into guid table */ ++ unsigned short rdev; ++} __attribute__ ((packed)); ++ ++struct squashfs_symlink_inode_header_1 { ++ unsigned int inode_type:4; ++ unsigned int mode:12; /* protection */ ++ unsigned int uid:4; /* index into uid table */ ++ unsigned int guid:4; /* index into guid table */ ++ unsigned short symlink_size; ++ char symlink[0]; ++} __attribute__ ((packed)); ++ ++struct squashfs_reg_inode_header_1 { ++ unsigned int inode_type:4; ++ unsigned int mode:12; /* protection */ ++ unsigned int uid:4; /* index into uid table */ ++ unsigned int guid:4; /* index into guid table */ ++ unsigned int mtime; ++ unsigned int start_block; ++ unsigned int file_size:32; ++ unsigned short block_list[0]; ++} __attribute__ ((packed)); ++ ++struct squashfs_dir_inode_header_1 { ++ unsigned int inode_type:4; ++ unsigned int mode:12; /* protection */ ++ unsigned int uid:4; /* index into uid table */ ++ unsigned int guid:4; /* index into guid table */ ++ unsigned int file_size:19; ++ unsigned int offset:13; ++ unsigned int mtime; ++ unsigned int start_block:24; ++} __attribute__ ((packed)); ++ ++#define SQUASHFS_SWAP_BASE_INODE_CORE_1(s, d, n) \ ++ SQUASHFS_MEMSET(s, d, n);\ ++ SQUASHFS_SWAP((s)->inode_type, d, 0, 4);\ ++ SQUASHFS_SWAP((s)->mode, d, 4, 12);\ ++ SQUASHFS_SWAP((s)->uid, d, 16, 4);\ ++ SQUASHFS_SWAP((s)->guid, d, 20, 4); ++ ++#define SQUASHFS_SWAP_BASE_INODE_HEADER_1(s, d, n) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE_1(s, d, n)\ ++} ++ ++#define SQUASHFS_SWAP_IPC_INODE_HEADER_1(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE_1(s, d, \ ++ sizeof(struct squashfs_ipc_inode_header_1));\ ++ SQUASHFS_SWAP((s)->type, d, 24, 4);\ ++ SQUASHFS_SWAP((s)->offset, d, 28, 4);\ ++} ++ ++#define SQUASHFS_SWAP_DEV_INODE_HEADER_1(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE_1(s, d, \ ++ sizeof(struct squashfs_dev_inode_header_1));\ ++ SQUASHFS_SWAP((s)->rdev, d, 24, 16);\ ++} ++ ++#define SQUASHFS_SWAP_SYMLINK_INODE_HEADER_1(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE_1(s, d, \ ++ sizeof(struct squashfs_symlink_inode_header_1));\ ++ SQUASHFS_SWAP((s)->symlink_size, d, 24, 16);\ ++} ++ ++#define SQUASHFS_SWAP_REG_INODE_HEADER_1(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE_1(s, d, \ ++ sizeof(struct squashfs_reg_inode_header_1));\ ++ SQUASHFS_SWAP((s)->mtime, d, 24, 32);\ ++ SQUASHFS_SWAP((s)->start_block, d, 56, 32);\ ++ SQUASHFS_SWAP((s)->file_size, d, 88, 32);\ ++} ++ ++#define SQUASHFS_SWAP_DIR_INODE_HEADER_1(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE_1(s, d, \ ++ sizeof(struct squashfs_dir_inode_header_1));\ ++ SQUASHFS_SWAP((s)->file_size, d, 24, 19);\ ++ SQUASHFS_SWAP((s)->offset, d, 43, 13);\ ++ SQUASHFS_SWAP((s)->mtime, d, 56, 32);\ ++ SQUASHFS_SWAP((s)->start_block, d, 88, 24);\ ++} ++ ++#endif ++ ++#ifdef CONFIG_SQUASHFS_2_0_COMPATIBILITY ++ ++struct squashfs_dir_index_2 { ++ unsigned int index:27; ++ unsigned int start_block:29; ++ unsigned char size; ++ unsigned char name[0]; ++} __attribute__ ((packed)); ++ ++struct squashfs_base_inode_header_2 { ++ unsigned int inode_type:4; ++ unsigned int mode:12; /* protection */ ++ unsigned int uid:8; /* index into uid table */ ++ unsigned int guid:8; /* index into guid table */ ++} __attribute__ ((packed)); ++ ++struct squashfs_ipc_inode_header_2 { ++ unsigned int inode_type:4; ++ unsigned int mode:12; /* protection */ ++ unsigned int uid:8; /* index into uid table */ ++ unsigned int guid:8; /* index into guid table */ ++} __attribute__ ((packed)); ++ ++struct squashfs_dev_inode_header_2 { ++ unsigned int inode_type:4; ++ unsigned int mode:12; /* protection */ ++ unsigned int uid:8; /* index into uid table */ ++ unsigned int guid:8; /* index into guid table */ ++ unsigned short rdev; ++} __attribute__ ((packed)); ++ ++struct squashfs_symlink_inode_header_2 { ++ unsigned int inode_type:4; ++ unsigned int mode:12; /* protection */ ++ unsigned int uid:8; /* index into uid table */ ++ unsigned int guid:8; /* index into guid table */ ++ unsigned short symlink_size; ++ char symlink[0]; ++} __attribute__ ((packed)); ++ ++struct squashfs_reg_inode_header_2 { ++ unsigned int inode_type:4; ++ unsigned int mode:12; /* protection */ ++ unsigned int uid:8; /* index into uid table */ ++ unsigned int guid:8; /* index into guid table */ ++ unsigned int mtime; ++ unsigned int start_block; ++ unsigned int fragment; ++ unsigned int offset; ++ unsigned int file_size:32; ++ unsigned short block_list[0]; ++} __attribute__ ((packed)); ++ ++struct squashfs_dir_inode_header_2 { ++ unsigned int inode_type:4; ++ unsigned int mode:12; /* protection */ ++ unsigned int uid:8; /* index into uid table */ ++ unsigned int guid:8; /* index into guid table */ ++ unsigned int file_size:19; ++ unsigned int offset:13; ++ unsigned int mtime; ++ unsigned int start_block:24; ++} __attribute__ ((packed)); ++ ++struct squashfs_ldir_inode_header_2 { ++ unsigned int inode_type:4; ++ unsigned int mode:12; /* protection */ ++ unsigned int uid:8; /* index into uid table */ ++ unsigned int guid:8; /* index into guid table */ ++ unsigned int file_size:27; ++ unsigned int offset:13; ++ unsigned int mtime; ++ unsigned int start_block:24; ++ unsigned int i_count:16; ++ struct squashfs_dir_index_2 index[0]; ++} __attribute__ ((packed)); ++ ++union squashfs_inode_header_2 { ++ struct squashfs_base_inode_header_2 base; ++ struct squashfs_dev_inode_header_2 dev; ++ struct squashfs_symlink_inode_header_2 symlink; ++ struct squashfs_reg_inode_header_2 reg; ++ struct squashfs_dir_inode_header_2 dir; ++ struct squashfs_ldir_inode_header_2 ldir; ++ struct squashfs_ipc_inode_header_2 ipc; ++}; ++ ++struct squashfs_dir_header_2 { ++ unsigned int count:8; ++ unsigned int start_block:24; ++} __attribute__ ((packed)); ++ ++struct squashfs_dir_entry_2 { ++ unsigned int offset:13; ++ unsigned int type:3; ++ unsigned int size:8; ++ char name[0]; ++} __attribute__ ((packed)); ++ ++struct squashfs_fragment_entry_2 { ++ unsigned int start_block; ++ unsigned int size; ++} __attribute__ ((packed)); ++ ++#define SQUASHFS_SWAP_BASE_INODE_CORE_2(s, d, n)\ ++ SQUASHFS_MEMSET(s, d, n);\ ++ SQUASHFS_SWAP((s)->inode_type, d, 0, 4);\ ++ SQUASHFS_SWAP((s)->mode, d, 4, 12);\ ++ SQUASHFS_SWAP((s)->uid, d, 16, 8);\ ++ SQUASHFS_SWAP((s)->guid, d, 24, 8);\ ++ ++#define SQUASHFS_SWAP_BASE_INODE_HEADER_2(s, d, n) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE_2(s, d, n)\ ++} ++ ++#define SQUASHFS_SWAP_IPC_INODE_HEADER_2(s, d) \ ++ SQUASHFS_SWAP_BASE_INODE_HEADER_2(s, d, sizeof(struct squashfs_ipc_inode_header_2)) ++ ++#define SQUASHFS_SWAP_DEV_INODE_HEADER_2(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE_2(s, d, \ ++ sizeof(struct squashfs_dev_inode_header_2)); \ ++ SQUASHFS_SWAP((s)->rdev, d, 32, 16);\ ++} ++ ++#define SQUASHFS_SWAP_SYMLINK_INODE_HEADER_2(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE_2(s, d, \ ++ sizeof(struct squashfs_symlink_inode_header_2));\ ++ SQUASHFS_SWAP((s)->symlink_size, d, 32, 16);\ ++} ++ ++#define SQUASHFS_SWAP_REG_INODE_HEADER_2(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE_2(s, d, \ ++ sizeof(struct squashfs_reg_inode_header_2));\ ++ SQUASHFS_SWAP((s)->mtime, d, 32, 32);\ ++ SQUASHFS_SWAP((s)->start_block, d, 64, 32);\ ++ SQUASHFS_SWAP((s)->fragment, d, 96, 32);\ ++ SQUASHFS_SWAP((s)->offset, d, 128, 32);\ ++ SQUASHFS_SWAP((s)->file_size, d, 160, 32);\ ++} ++ ++#define SQUASHFS_SWAP_DIR_INODE_HEADER_2(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE_2(s, d, \ ++ sizeof(struct squashfs_dir_inode_header_2));\ ++ SQUASHFS_SWAP((s)->file_size, d, 32, 19);\ ++ SQUASHFS_SWAP((s)->offset, d, 51, 13);\ ++ SQUASHFS_SWAP((s)->mtime, d, 64, 32);\ ++ SQUASHFS_SWAP((s)->start_block, d, 96, 24);\ ++} ++ ++#define SQUASHFS_SWAP_LDIR_INODE_HEADER_2(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_SWAP_BASE_INODE_CORE_2(s, d, \ ++ sizeof(struct squashfs_ldir_inode_header_2));\ ++ SQUASHFS_SWAP((s)->file_size, d, 32, 27);\ ++ SQUASHFS_SWAP((s)->offset, d, 59, 13);\ ++ SQUASHFS_SWAP((s)->mtime, d, 72, 32);\ ++ SQUASHFS_SWAP((s)->start_block, d, 104, 24);\ ++ SQUASHFS_SWAP((s)->i_count, d, 128, 16);\ ++} ++ ++#define SQUASHFS_SWAP_DIR_INDEX_2(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_MEMSET(s, d, sizeof(struct squashfs_dir_index_2));\ ++ SQUASHFS_SWAP((s)->index, d, 0, 27);\ ++ SQUASHFS_SWAP((s)->start_block, d, 27, 29);\ ++ SQUASHFS_SWAP((s)->size, d, 56, 8);\ ++} ++#define SQUASHFS_SWAP_DIR_HEADER_2(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_MEMSET(s, d, sizeof(struct squashfs_dir_header_2));\ ++ SQUASHFS_SWAP((s)->count, d, 0, 8);\ ++ SQUASHFS_SWAP((s)->start_block, d, 8, 24);\ ++} ++ ++#define SQUASHFS_SWAP_DIR_ENTRY_2(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_MEMSET(s, d, sizeof(struct squashfs_dir_entry_2));\ ++ SQUASHFS_SWAP((s)->offset, d, 0, 13);\ ++ SQUASHFS_SWAP((s)->type, d, 13, 3);\ ++ SQUASHFS_SWAP((s)->size, d, 16, 8);\ ++} ++ ++#define SQUASHFS_SWAP_FRAGMENT_ENTRY_2(s, d) {\ ++ SQUASHFS_SWAP_START\ ++ SQUASHFS_MEMSET(s, d, sizeof(struct squashfs_fragment_entry_2));\ ++ SQUASHFS_SWAP((s)->start_block, d, 0, 32);\ ++ SQUASHFS_SWAP((s)->size, d, 32, 32);\ ++} ++ ++#define SQUASHFS_SWAP_FRAGMENT_INDEXES_2(s, d, n) SQUASHFS_SWAP_INTS(s, d, n) ++ ++/* fragment and fragment table defines */ ++#define SQUASHFS_FRAGMENT_BYTES_2(A) (A * sizeof(struct squashfs_fragment_entry_2)) ++ ++#define SQUASHFS_FRAGMENT_INDEX_2(A) (SQUASHFS_FRAGMENT_BYTES_2(A) / \ ++ SQUASHFS_METADATA_SIZE) ++ ++#define SQUASHFS_FRAGMENT_INDEX_OFFSET_2(A) (SQUASHFS_FRAGMENT_BYTES_2(A) % \ ++ SQUASHFS_METADATA_SIZE) ++ ++#define SQUASHFS_FRAGMENT_INDEXES_2(A) ((SQUASHFS_FRAGMENT_BYTES_2(A) + \ ++ SQUASHFS_METADATA_SIZE - 1) / \ ++ SQUASHFS_METADATA_SIZE) ++ ++#define SQUASHFS_FRAGMENT_INDEX_BYTES_2(A) (SQUASHFS_FRAGMENT_INDEXES_2(A) *\ ++ sizeof(int)) ++ ++#endif ++ ++#ifdef __KERNEL__ ++ ++/* ++ * macros used to swap each structure entry, taking into account ++ * bitfields and different bitfield placing conventions on differing ++ * architectures ++ */ ++ ++#include <asm/byteorder.h> ++ ++#ifdef __BIG_ENDIAN ++ /* convert from little endian to big endian */ ++#define SQUASHFS_SWAP(value, p, pos, tbits) _SQUASHFS_SWAP(value, p, pos, \ ++ tbits, b_pos) ++#else ++ /* convert from big endian to little endian */ ++#define SQUASHFS_SWAP(value, p, pos, tbits) _SQUASHFS_SWAP(value, p, pos, \ ++ tbits, 64 - tbits - b_pos) ++#endif ++ ++#define _SQUASHFS_SWAP(value, p, pos, tbits, SHIFT) {\ ++ b_pos = pos % 8;\ ++ val = 0;\ ++ s = (unsigned char *)p + (pos / 8);\ ++ d = ((unsigned char *) &val) + 7;\ ++ for(bits = 0; bits < (tbits + b_pos); bits += 8) \ ++ *d-- = *s++;\ ++ value = (val >> (SHIFT))/* & ((1 << tbits) - 1)*/;\ ++} ++ ++#define SQUASHFS_MEMSET(s, d, n) memset(s, 0, n); ++ ++#endif ++#endif +--- /dev/null ++++ b/include/linux/squashfs_fs_i.h +@@ -0,0 +1,45 @@ ++#ifndef SQUASHFS_FS_I ++#define SQUASHFS_FS_I ++/* ++ * Squashfs ++ * ++ * Copyright (c) 2002, 2003, 2004, 2005, 2006 ++ * Phillip Lougher <phillip@lougher.org.uk> ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version 2, ++ * or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ * ++ * squashfs_fs_i.h ++ */ ++ ++struct squashfs_inode_info { ++ long long start_block; ++ unsigned int offset; ++ union { ++ struct { ++ long long fragment_start_block; ++ unsigned int fragment_size; ++ unsigned int fragment_offset; ++ long long block_list_start; ++ } s1; ++ struct { ++ long long directory_index_start; ++ unsigned int directory_index_offset; ++ unsigned int directory_index_count; ++ unsigned int parent_inode; ++ } s2; ++ } u; ++ struct inode vfs_inode; ++}; ++#endif +--- /dev/null ++++ b/include/linux/squashfs_fs_sb.h +@@ -0,0 +1,74 @@ ++#ifndef SQUASHFS_FS_SB ++#define SQUASHFS_FS_SB ++/* ++ * Squashfs ++ * ++ * Copyright (c) 2002, 2003, 2004, 2005, 2006 ++ * Phillip Lougher <phillip@lougher.org.uk> ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version 2, ++ * or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ * ++ * squashfs_fs_sb.h ++ */ ++ ++#include <linux/squashfs_fs.h> ++ ++struct squashfs_cache { ++ long long block; ++ int length; ++ long long next_index; ++ char *data; ++}; ++ ++struct squashfs_fragment_cache { ++ long long block; ++ int length; ++ unsigned int locked; ++ char *data; ++}; ++ ++struct squashfs_sb_info { ++ struct squashfs_super_block sblk; ++ int devblksize; ++ int devblksize_log2; ++ int swap; ++ struct squashfs_cache *block_cache; ++ struct squashfs_fragment_cache *fragment; ++ int next_cache; ++ int next_fragment; ++ int next_meta_index; ++ unsigned int *uid; ++ unsigned int *guid; ++ long long *fragment_index; ++ unsigned int *fragment_index_2; ++ unsigned int read_size; ++ char *read_data; ++ char *read_page; ++ struct semaphore read_data_mutex; ++ struct semaphore read_page_mutex; ++ struct semaphore block_cache_mutex; ++ struct semaphore fragment_mutex; ++ struct semaphore meta_index_mutex; ++ wait_queue_head_t waitq; ++ wait_queue_head_t fragment_wait_queue; ++ struct meta_index *meta_index; ++ struct inode *(*iget)(struct super_block *s, squashfs_inode_t \ ++ inode); ++ long long (*read_blocklist)(struct inode *inode, int \ ++ index, int readahead_blks, char *block_list, \ ++ unsigned short **block_p, unsigned int *bsize); ++ int (*read_fragment_index_table)(struct super_block *s); ++}; ++#endif +--- a/init/do_mounts_rd.c ++++ b/init/do_mounts_rd.c +@@ -5,6 +5,7 @@ + #include <linux/ext2_fs.h> + #include <linux/romfs_fs.h> + #include <linux/cramfs_fs.h> ++#include <linux/squashfs_fs.h> + #include <linux/initrd.h> + #include <linux/string.h> + +@@ -37,6 +38,7 @@ + * numbers could not be found. + * + * We currently check for the following magic numbers: ++ * squashfs + * minix + * ext2 + * romfs +@@ -51,6 +53,7 @@ + struct ext2_super_block *ext2sb; + struct romfs_super_block *romfsb; + struct cramfs_super *cramfsb; ++ struct squashfs_super_block *squashfsb; + int nblocks = -1; + unsigned char *buf; + +@@ -62,6 +65,7 @@ + ext2sb = (struct ext2_super_block *) buf; + romfsb = (struct romfs_super_block *) buf; + cramfsb = (struct cramfs_super *) buf; ++ squashfsb = (struct squashfs_super_block *) buf; + memset(buf, 0xe5, size); + + /* +@@ -99,6 +103,15 @@ + goto done; + } + ++ /* squashfs is at block zero too */ ++ if (squashfsb->s_magic == SQUASHFS_MAGIC) { ++ printk(KERN_NOTICE ++ "RAMDISK: squashfs filesystem found at block %d\n", ++ start_block); ++ nblocks = (squashfsb->bytes_used+BLOCK_SIZE-1)>>BLOCK_SIZE_BITS; ++ goto done; ++ } ++ + /* + * Read block 1 to test for minix and ext2 superblock + */ diff --git a/target/linux/generic-2.6/patches-2.6.27/002-lzma_decompress.patch b/target/linux/generic-2.6/patches-2.6.27/002-lzma_decompress.patch new file mode 100644 index 0000000000..5f23f66e16 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/002-lzma_decompress.patch @@ -0,0 +1,780 @@ +--- /dev/null ++++ b/include/linux/LzmaDecode.h +@@ -0,0 +1,100 @@ ++/* ++ LzmaDecode.h ++ LZMA Decoder interface ++ ++ LZMA SDK 4.05 Copyright (c) 1999-2004 Igor Pavlov (2004-08-25) ++ http://www.7-zip.org/ ++ ++ LZMA SDK is licensed under two licenses: ++ 1) GNU Lesser General Public License (GNU LGPL) ++ 2) Common Public License (CPL) ++ It means that you can select one of these two licenses and ++ follow rules of that license. ++ ++ SPECIAL EXCEPTION: ++ Igor Pavlov, as the author of this code, expressly permits you to ++ statically or dynamically link your code (or bind by name) to the ++ interfaces of this file without subjecting your linked code to the ++ terms of the CPL or GNU LGPL. Any modifications or additions ++ to this file, however, are subject to the LGPL or CPL terms. ++*/ ++ ++#ifndef __LZMADECODE_H ++#define __LZMADECODE_H ++ ++/* #define _LZMA_IN_CB */ ++/* Use callback for input data */ ++ ++/* #define _LZMA_OUT_READ */ ++/* Use read function for output data */ ++ ++/* #define _LZMA_PROB32 */ ++/* It can increase speed on some 32-bit CPUs, ++ but memory usage will be doubled in that case */ ++ ++/* #define _LZMA_LOC_OPT */ ++/* Enable local speed optimizations inside code */ ++ ++#ifndef UInt32 ++#ifdef _LZMA_UINT32_IS_ULONG ++#define UInt32 unsigned long ++#else ++#define UInt32 unsigned int ++#endif ++#endif ++ ++#ifdef _LZMA_PROB32 ++#define CProb UInt32 ++#else ++#define CProb unsigned short ++#endif ++ ++#define LZMA_RESULT_OK 0 ++#define LZMA_RESULT_DATA_ERROR 1 ++#define LZMA_RESULT_NOT_ENOUGH_MEM 2 ++ ++#ifdef _LZMA_IN_CB ++typedef struct _ILzmaInCallback ++{ ++ int (*Read)(void *object, unsigned char **buffer, UInt32 *bufferSize); ++} ILzmaInCallback; ++#endif ++ ++#define LZMA_BASE_SIZE 1846 ++#define LZMA_LIT_SIZE 768 ++ ++/* ++bufferSize = (LZMA_BASE_SIZE + (LZMA_LIT_SIZE << (lc + lp)))* sizeof(CProb) ++bufferSize += 100 in case of _LZMA_OUT_READ ++by default CProb is unsigned short, ++but if specify _LZMA_PROB_32, CProb will be UInt32(unsigned int) ++*/ ++ ++#ifdef _LZMA_OUT_READ ++int LzmaDecoderInit( ++ unsigned char *buffer, UInt32 bufferSize, ++ int lc, int lp, int pb, ++ unsigned char *dictionary, UInt32 dictionarySize, ++ #ifdef _LZMA_IN_CB ++ ILzmaInCallback *inCallback ++ #else ++ unsigned char *inStream, UInt32 inSize ++ #endif ++); ++#endif ++ ++int LzmaDecode( ++ unsigned char *buffer, ++ #ifndef _LZMA_OUT_READ ++ UInt32 bufferSize, ++ int lc, int lp, int pb, ++ #ifdef _LZMA_IN_CB ++ ILzmaInCallback *inCallback, ++ #else ++ unsigned char *inStream, UInt32 inSize, ++ #endif ++ #endif ++ unsigned char *outStream, UInt32 outSize, ++ UInt32 *outSizeProcessed); ++ ++#endif +--- /dev/null ++++ b/lib/LzmaDecode.c +@@ -0,0 +1,663 @@ ++/* ++ LzmaDecode.c ++ LZMA Decoder ++ ++ LZMA SDK 4.05 Copyright (c) 1999-2004 Igor Pavlov (2004-08-25) ++ http://www.7-zip.org/ ++ ++ LZMA SDK is licensed under two licenses: ++ 1) GNU Lesser General Public License (GNU LGPL) ++ 2) Common Public License (CPL) ++ It means that you can select one of these two licenses and ++ follow rules of that license. ++ ++ SPECIAL EXCEPTION: ++ Igor Pavlov, as the author of this code, expressly permits you to ++ statically or dynamically link your code (or bind by name) to the ++ interfaces of this file without subjecting your linked code to the ++ terms of the CPL or GNU LGPL. Any modifications or additions ++ to this file, however, are subject to the LGPL or CPL terms. ++*/ ++ ++#include <linux/LzmaDecode.h> ++ ++#ifndef Byte ++#define Byte unsigned char ++#endif ++ ++#define kNumTopBits 24 ++#define kTopValue ((UInt32)1 << kNumTopBits) ++ ++#define kNumBitModelTotalBits 11 ++#define kBitModelTotal (1 << kNumBitModelTotalBits) ++#define kNumMoveBits 5 ++ ++typedef struct _CRangeDecoder ++{ ++ Byte *Buffer; ++ Byte *BufferLim; ++ UInt32 Range; ++ UInt32 Code; ++ #ifdef _LZMA_IN_CB ++ ILzmaInCallback *InCallback; ++ int Result; ++ #endif ++ int ExtraBytes; ++} CRangeDecoder; ++ ++Byte RangeDecoderReadByte(CRangeDecoder *rd) ++{ ++ if (rd->Buffer == rd->BufferLim) ++ { ++ #ifdef _LZMA_IN_CB ++ UInt32 size; ++ rd->Result = rd->InCallback->Read(rd->InCallback, &rd->Buffer, &size); ++ rd->BufferLim = rd->Buffer + size; ++ if (size == 0) ++ #endif ++ { ++ rd->ExtraBytes = 1; ++ return 0xFF; ++ } ++ } ++ return (*rd->Buffer++); ++} ++ ++/* #define ReadByte (*rd->Buffer++) */ ++#define ReadByte (RangeDecoderReadByte(rd)) ++ ++void RangeDecoderInit(CRangeDecoder *rd, ++ #ifdef _LZMA_IN_CB ++ ILzmaInCallback *inCallback ++ #else ++ Byte *stream, UInt32 bufferSize ++ #endif ++ ) ++{ ++ int i; ++ #ifdef _LZMA_IN_CB ++ rd->InCallback = inCallback; ++ rd->Buffer = rd->BufferLim = 0; ++ #else ++ rd->Buffer = stream; ++ rd->BufferLim = stream + bufferSize; ++ #endif ++ rd->ExtraBytes = 0; ++ rd->Code = 0; ++ rd->Range = (0xFFFFFFFF); ++ for(i = 0; i < 5; i++) ++ rd->Code = (rd->Code << 8) | ReadByte; ++} ++ ++#define RC_INIT_VAR UInt32 range = rd->Range; UInt32 code = rd->Code; ++#define RC_FLUSH_VAR rd->Range = range; rd->Code = code; ++#define RC_NORMALIZE if (range < kTopValue) { range <<= 8; code = (code << 8) | ReadByte; } ++ ++UInt32 RangeDecoderDecodeDirectBits(CRangeDecoder *rd, int numTotalBits) ++{ ++ RC_INIT_VAR ++ UInt32 result = 0; ++ int i; ++ for (i = numTotalBits; i > 0; i--) ++ { ++ /* UInt32 t; */ ++ range >>= 1; ++ ++ result <<= 1; ++ if (code >= range) ++ { ++ code -= range; ++ result |= 1; ++ } ++ /* ++ t = (code - range) >> 31; ++ t &= 1; ++ code -= range & (t - 1); ++ result = (result + result) | (1 - t); ++ */ ++ RC_NORMALIZE ++ } ++ RC_FLUSH_VAR ++ return result; ++} ++ ++int RangeDecoderBitDecode(CProb *prob, CRangeDecoder *rd) ++{ ++ UInt32 bound = (rd->Range >> kNumBitModelTotalBits) * *prob; ++ if (rd->Code < bound) ++ { ++ rd->Range = bound; ++ *prob += (kBitModelTotal - *prob) >> kNumMoveBits; ++ if (rd->Range < kTopValue) ++ { ++ rd->Code = (rd->Code << 8) | ReadByte; ++ rd->Range <<= 8; ++ } ++ return 0; ++ } ++ else ++ { ++ rd->Range -= bound; ++ rd->Code -= bound; ++ *prob -= (*prob) >> kNumMoveBits; ++ if (rd->Range < kTopValue) ++ { ++ rd->Code = (rd->Code << 8) | ReadByte; ++ rd->Range <<= 8; ++ } ++ return 1; ++ } ++} ++ ++#define RC_GET_BIT2(prob, mi, A0, A1) \ ++ UInt32 bound = (range >> kNumBitModelTotalBits) * *prob; \ ++ if (code < bound) \ ++ { A0; range = bound; *prob += (kBitModelTotal - *prob) >> kNumMoveBits; mi <<= 1; } \ ++ else \ ++ { A1; range -= bound; code -= bound; *prob -= (*prob) >> kNumMoveBits; mi = (mi + mi) + 1; } \ ++ RC_NORMALIZE ++ ++#define RC_GET_BIT(prob, mi) RC_GET_BIT2(prob, mi, ; , ;) ++ ++int RangeDecoderBitTreeDecode(CProb *probs, int numLevels, CRangeDecoder *rd) ++{ ++ int mi = 1; ++ int i; ++ #ifdef _LZMA_LOC_OPT ++ RC_INIT_VAR ++ #endif ++ for(i = numLevels; i > 0; i--) ++ { ++ #ifdef _LZMA_LOC_OPT ++ CProb *prob = probs + mi; ++ RC_GET_BIT(prob, mi) ++ #else ++ mi = (mi + mi) + RangeDecoderBitDecode(probs + mi, rd); ++ #endif ++ } ++ #ifdef _LZMA_LOC_OPT ++ RC_FLUSH_VAR ++ #endif ++ return mi - (1 << numLevels); ++} ++ ++int RangeDecoderReverseBitTreeDecode(CProb *probs, int numLevels, CRangeDecoder *rd) ++{ ++ int mi = 1; ++ int i; ++ int symbol = 0; ++ #ifdef _LZMA_LOC_OPT ++ RC_INIT_VAR ++ #endif ++ for(i = 0; i < numLevels; i++) ++ { ++ #ifdef _LZMA_LOC_OPT ++ CProb *prob = probs + mi; ++ RC_GET_BIT2(prob, mi, ; , symbol |= (1 << i)) ++ #else ++ int bit = RangeDecoderBitDecode(probs + mi, rd); ++ mi = mi + mi + bit; ++ symbol |= (bit << i); ++ #endif ++ } ++ #ifdef _LZMA_LOC_OPT ++ RC_FLUSH_VAR ++ #endif ++ return symbol; ++} ++ ++Byte LzmaLiteralDecode(CProb *probs, CRangeDecoder *rd) ++{ ++ int symbol = 1; ++ #ifdef _LZMA_LOC_OPT ++ RC_INIT_VAR ++ #endif ++ do ++ { ++ #ifdef _LZMA_LOC_OPT ++ CProb *prob = probs + symbol; ++ RC_GET_BIT(prob, symbol) ++ #else ++ symbol = (symbol + symbol) | RangeDecoderBitDecode(probs + symbol, rd); ++ #endif ++ } ++ while (symbol < 0x100); ++ #ifdef _LZMA_LOC_OPT ++ RC_FLUSH_VAR ++ #endif ++ return symbol; ++} ++ ++Byte LzmaLiteralDecodeMatch(CProb *probs, CRangeDecoder *rd, Byte matchByte) ++{ ++ int symbol = 1; ++ #ifdef _LZMA_LOC_OPT ++ RC_INIT_VAR ++ #endif ++ do ++ { ++ int bit; ++ int matchBit = (matchByte >> 7) & 1; ++ matchByte <<= 1; ++ #ifdef _LZMA_LOC_OPT ++ { ++ CProb *prob = probs + ((1 + matchBit) << 8) + symbol; ++ RC_GET_BIT2(prob, symbol, bit = 0, bit = 1) ++ } ++ #else ++ bit = RangeDecoderBitDecode(probs + ((1 + matchBit) << 8) + symbol, rd); ++ symbol = (symbol << 1) | bit; ++ #endif ++ if (matchBit != bit) ++ { ++ while (symbol < 0x100) ++ { ++ #ifdef _LZMA_LOC_OPT ++ CProb *prob = probs + symbol; ++ RC_GET_BIT(prob, symbol) ++ #else ++ symbol = (symbol + symbol) | RangeDecoderBitDecode(probs + symbol, rd); ++ #endif ++ } ++ break; ++ } ++ } ++ while (symbol < 0x100); ++ #ifdef _LZMA_LOC_OPT ++ RC_FLUSH_VAR ++ #endif ++ return symbol; ++} ++ ++#define kNumPosBitsMax 4 ++#define kNumPosStatesMax (1 << kNumPosBitsMax) ++ ++#define kLenNumLowBits 3 ++#define kLenNumLowSymbols (1 << kLenNumLowBits) ++#define kLenNumMidBits 3 ++#define kLenNumMidSymbols (1 << kLenNumMidBits) ++#define kLenNumHighBits 8 ++#define kLenNumHighSymbols (1 << kLenNumHighBits) ++ ++#define LenChoice 0 ++#define LenChoice2 (LenChoice + 1) ++#define LenLow (LenChoice2 + 1) ++#define LenMid (LenLow + (kNumPosStatesMax << kLenNumLowBits)) ++#define LenHigh (LenMid + (kNumPosStatesMax << kLenNumMidBits)) ++#define kNumLenProbs (LenHigh + kLenNumHighSymbols) ++ ++int LzmaLenDecode(CProb *p, CRangeDecoder *rd, int posState) ++{ ++ if(RangeDecoderBitDecode(p + LenChoice, rd) == 0) ++ return RangeDecoderBitTreeDecode(p + LenLow + ++ (posState << kLenNumLowBits), kLenNumLowBits, rd); ++ if(RangeDecoderBitDecode(p + LenChoice2, rd) == 0) ++ return kLenNumLowSymbols + RangeDecoderBitTreeDecode(p + LenMid + ++ (posState << kLenNumMidBits), kLenNumMidBits, rd); ++ return kLenNumLowSymbols + kLenNumMidSymbols + ++ RangeDecoderBitTreeDecode(p + LenHigh, kLenNumHighBits, rd); ++} ++ ++#define kNumStates 12 ++ ++#define kStartPosModelIndex 4 ++#define kEndPosModelIndex 14 ++#define kNumFullDistances (1 << (kEndPosModelIndex >> 1)) ++ ++#define kNumPosSlotBits 6 ++#define kNumLenToPosStates 4 ++ ++#define kNumAlignBits 4 ++#define kAlignTableSize (1 << kNumAlignBits) ++ ++#define kMatchMinLen 2 ++ ++#define IsMatch 0 ++#define IsRep (IsMatch + (kNumStates << kNumPosBitsMax)) ++#define IsRepG0 (IsRep + kNumStates) ++#define IsRepG1 (IsRepG0 + kNumStates) ++#define IsRepG2 (IsRepG1 + kNumStates) ++#define IsRep0Long (IsRepG2 + kNumStates) ++#define PosSlot (IsRep0Long + (kNumStates << kNumPosBitsMax)) ++#define SpecPos (PosSlot + (kNumLenToPosStates << kNumPosSlotBits)) ++#define Align (SpecPos + kNumFullDistances - kEndPosModelIndex) ++#define LenCoder (Align + kAlignTableSize) ++#define RepLenCoder (LenCoder + kNumLenProbs) ++#define Literal (RepLenCoder + kNumLenProbs) ++ ++#if Literal != LZMA_BASE_SIZE ++StopCompilingDueBUG ++#endif ++ ++#ifdef _LZMA_OUT_READ ++ ++typedef struct _LzmaVarState ++{ ++ CRangeDecoder RangeDecoder; ++ Byte *Dictionary; ++ UInt32 DictionarySize; ++ UInt32 DictionaryPos; ++ UInt32 GlobalPos; ++ UInt32 Reps[4]; ++ int lc; ++ int lp; ++ int pb; ++ int State; ++ int PreviousIsMatch; ++ int RemainLen; ++} LzmaVarState; ++ ++int LzmaDecoderInit( ++ unsigned char *buffer, UInt32 bufferSize, ++ int lc, int lp, int pb, ++ unsigned char *dictionary, UInt32 dictionarySize, ++ #ifdef _LZMA_IN_CB ++ ILzmaInCallback *inCallback ++ #else ++ unsigned char *inStream, UInt32 inSize ++ #endif ++ ) ++{ ++ LzmaVarState *vs = (LzmaVarState *)buffer; ++ CProb *p = (CProb *)(buffer + sizeof(LzmaVarState)); ++ UInt32 numProbs = Literal + ((UInt32)LZMA_LIT_SIZE << (lc + lp)); ++ UInt32 i; ++ if (bufferSize < numProbs * sizeof(CProb) + sizeof(LzmaVarState)) ++ return LZMA_RESULT_NOT_ENOUGH_MEM; ++ vs->Dictionary = dictionary; ++ vs->DictionarySize = dictionarySize; ++ vs->DictionaryPos = 0; ++ vs->GlobalPos = 0; ++ vs->Reps[0] = vs->Reps[1] = vs->Reps[2] = vs->Reps[3] = 1; ++ vs->lc = lc; ++ vs->lp = lp; ++ vs->pb = pb; ++ vs->State = 0; ++ vs->PreviousIsMatch = 0; ++ vs->RemainLen = 0; ++ dictionary[dictionarySize - 1] = 0; ++ for (i = 0; i < numProbs; i++) ++ p[i] = kBitModelTotal >> 1; ++ RangeDecoderInit(&vs->RangeDecoder, ++ #ifdef _LZMA_IN_CB ++ inCallback ++ #else ++ inStream, inSize ++ #endif ++ ); ++ return LZMA_RESULT_OK; ++} ++ ++int LzmaDecode(unsigned char *buffer, ++ unsigned char *outStream, UInt32 outSize, ++ UInt32 *outSizeProcessed) ++{ ++ LzmaVarState *vs = (LzmaVarState *)buffer; ++ CProb *p = (CProb *)(buffer + sizeof(LzmaVarState)); ++ CRangeDecoder rd = vs->RangeDecoder; ++ int state = vs->State; ++ int previousIsMatch = vs->PreviousIsMatch; ++ Byte previousByte; ++ UInt32 rep0 = vs->Reps[0], rep1 = vs->Reps[1], rep2 = vs->Reps[2], rep3 = vs->Reps[3]; ++ UInt32 nowPos = 0; ++ UInt32 posStateMask = (1 << (vs->pb)) - 1; ++ UInt32 literalPosMask = (1 << (vs->lp)) - 1; ++ int lc = vs->lc; ++ int len = vs->RemainLen; ++ UInt32 globalPos = vs->GlobalPos; ++ ++ Byte *dictionary = vs->Dictionary; ++ UInt32 dictionarySize = vs->DictionarySize; ++ UInt32 dictionaryPos = vs->DictionaryPos; ++ ++ if (len == -1) ++ { ++ *outSizeProcessed = 0; ++ return LZMA_RESULT_OK; ++ } ++ ++ while(len > 0 && nowPos < outSize) ++ { ++ UInt32 pos = dictionaryPos - rep0; ++ if (pos >= dictionarySize) ++ pos += dictionarySize; ++ outStream[nowPos++] = dictionary[dictionaryPos] = dictionary[pos]; ++ if (++dictionaryPos == dictionarySize) ++ dictionaryPos = 0; ++ len--; ++ } ++ if (dictionaryPos == 0) ++ previousByte = dictionary[dictionarySize - 1]; ++ else ++ previousByte = dictionary[dictionaryPos - 1]; ++#else ++ ++int LzmaDecode( ++ Byte *buffer, UInt32 bufferSize, ++ int lc, int lp, int pb, ++ #ifdef _LZMA_IN_CB ++ ILzmaInCallback *inCallback, ++ #else ++ unsigned char *inStream, UInt32 inSize, ++ #endif ++ unsigned char *outStream, UInt32 outSize, ++ UInt32 *outSizeProcessed) ++{ ++ UInt32 numProbs = Literal + ((UInt32)LZMA_LIT_SIZE << (lc + lp)); ++ CProb *p = (CProb *)buffer; ++ CRangeDecoder rd; ++ UInt32 i; ++ int state = 0; ++ int previousIsMatch = 0; ++ Byte previousByte = 0; ++ UInt32 rep0 = 1, rep1 = 1, rep2 = 1, rep3 = 1; ++ UInt32 nowPos = 0; ++ UInt32 posStateMask = (1 << pb) - 1; ++ UInt32 literalPosMask = (1 << lp) - 1; ++ int len = 0; ++ if (bufferSize < numProbs * sizeof(CProb)) ++ return LZMA_RESULT_NOT_ENOUGH_MEM; ++ for (i = 0; i < numProbs; i++) ++ p[i] = kBitModelTotal >> 1; ++ RangeDecoderInit(&rd, ++ #ifdef _LZMA_IN_CB ++ inCallback ++ #else ++ inStream, inSize ++ #endif ++ ); ++#endif ++ ++ *outSizeProcessed = 0; ++ while(nowPos < outSize) ++ { ++ int posState = (int)( ++ (nowPos ++ #ifdef _LZMA_OUT_READ ++ + globalPos ++ #endif ++ ) ++ & posStateMask); ++ #ifdef _LZMA_IN_CB ++ if (rd.Result != LZMA_RESULT_OK) ++ return rd.Result; ++ #endif ++ if (rd.ExtraBytes != 0) ++ return LZMA_RESULT_DATA_ERROR; ++ if (RangeDecoderBitDecode(p + IsMatch + (state << kNumPosBitsMax) + posState, &rd) == 0) ++ { ++ CProb *probs = p + Literal + (LZMA_LIT_SIZE * ++ ((( ++ (nowPos ++ #ifdef _LZMA_OUT_READ ++ + globalPos ++ #endif ++ ) ++ & literalPosMask) << lc) + (previousByte >> (8 - lc)))); ++ ++ if (state < 4) state = 0; ++ else if (state < 10) state -= 3; ++ else state -= 6; ++ if (previousIsMatch) ++ { ++ Byte matchByte; ++ #ifdef _LZMA_OUT_READ ++ UInt32 pos = dictionaryPos - rep0; ++ if (pos >= dictionarySize) ++ pos += dictionarySize; ++ matchByte = dictionary[pos]; ++ #else ++ matchByte = outStream[nowPos - rep0]; ++ #endif ++ previousByte = LzmaLiteralDecodeMatch(probs, &rd, matchByte); ++ previousIsMatch = 0; ++ } ++ else ++ previousByte = LzmaLiteralDecode(probs, &rd); ++ outStream[nowPos++] = previousByte; ++ #ifdef _LZMA_OUT_READ ++ dictionary[dictionaryPos] = previousByte; ++ if (++dictionaryPos == dictionarySize) ++ dictionaryPos = 0; ++ #endif ++ } ++ else ++ { ++ previousIsMatch = 1; ++ if (RangeDecoderBitDecode(p + IsRep + state, &rd) == 1) ++ { ++ if (RangeDecoderBitDecode(p + IsRepG0 + state, &rd) == 0) ++ { ++ if (RangeDecoderBitDecode(p + IsRep0Long + (state << kNumPosBitsMax) + posState, &rd) == 0) ++ { ++ #ifdef _LZMA_OUT_READ ++ UInt32 pos; ++ #endif ++ if ( ++ (nowPos ++ #ifdef _LZMA_OUT_READ ++ + globalPos ++ #endif ++ ) ++ == 0) ++ return LZMA_RESULT_DATA_ERROR; ++ state = state < 7 ? 9 : 11; ++ #ifdef _LZMA_OUT_READ ++ pos = dictionaryPos - rep0; ++ if (pos >= dictionarySize) ++ pos += dictionarySize; ++ previousByte = dictionary[pos]; ++ dictionary[dictionaryPos] = previousByte; ++ if (++dictionaryPos == dictionarySize) ++ dictionaryPos = 0; ++ #else ++ previousByte = outStream[nowPos - rep0]; ++ #endif ++ outStream[nowPos++] = previousByte; ++ continue; ++ } ++ } ++ else ++ { ++ UInt32 distance; ++ if(RangeDecoderBitDecode(p + IsRepG1 + state, &rd) == 0) ++ distance = rep1; ++ else ++ { ++ if(RangeDecoderBitDecode(p + IsRepG2 + state, &rd) == 0) ++ distance = rep2; ++ else ++ { ++ distance = rep3; ++ rep3 = rep2; ++ } ++ rep2 = rep1; ++ } ++ rep1 = rep0; ++ rep0 = distance; ++ } ++ len = LzmaLenDecode(p + RepLenCoder, &rd, posState); ++ state = state < 7 ? 8 : 11; ++ } ++ else ++ { ++ int posSlot; ++ rep3 = rep2; ++ rep2 = rep1; ++ rep1 = rep0; ++ state = state < 7 ? 7 : 10; ++ len = LzmaLenDecode(p + LenCoder, &rd, posState); ++ posSlot = RangeDecoderBitTreeDecode(p + PosSlot + ++ ((len < kNumLenToPosStates ? len : kNumLenToPosStates - 1) << ++ kNumPosSlotBits), kNumPosSlotBits, &rd); ++ if (posSlot >= kStartPosModelIndex) ++ { ++ int numDirectBits = ((posSlot >> 1) - 1); ++ rep0 = ((2 | ((UInt32)posSlot & 1)) << numDirectBits); ++ if (posSlot < kEndPosModelIndex) ++ { ++ rep0 += RangeDecoderReverseBitTreeDecode( ++ p + SpecPos + rep0 - posSlot - 1, numDirectBits, &rd); ++ } ++ else ++ { ++ rep0 += RangeDecoderDecodeDirectBits(&rd, ++ numDirectBits - kNumAlignBits) << kNumAlignBits; ++ rep0 += RangeDecoderReverseBitTreeDecode(p + Align, kNumAlignBits, &rd); ++ } ++ } ++ else ++ rep0 = posSlot; ++ rep0++; ++ } ++ if (rep0 == (UInt32)(0)) ++ { ++ /* it's for stream version */ ++ len = -1; ++ break; ++ } ++ if (rep0 > nowPos ++ #ifdef _LZMA_OUT_READ ++ + globalPos ++ #endif ++ ) ++ { ++ return LZMA_RESULT_DATA_ERROR; ++ } ++ len += kMatchMinLen; ++ do ++ { ++ #ifdef _LZMA_OUT_READ ++ UInt32 pos = dictionaryPos - rep0; ++ if (pos >= dictionarySize) ++ pos += dictionarySize; ++ previousByte = dictionary[pos]; ++ dictionary[dictionaryPos] = previousByte; ++ if (++dictionaryPos == dictionarySize) ++ dictionaryPos = 0; ++ #else ++ previousByte = outStream[nowPos - rep0]; ++ #endif ++ outStream[nowPos++] = previousByte; ++ len--; ++ } ++ while(len > 0 && nowPos < outSize); ++ } ++ } ++ ++ #ifdef _LZMA_OUT_READ ++ vs->RangeDecoder = rd; ++ vs->DictionaryPos = dictionaryPos; ++ vs->GlobalPos = globalPos + nowPos; ++ vs->Reps[0] = rep0; ++ vs->Reps[1] = rep1; ++ vs->Reps[2] = rep2; ++ vs->Reps[3] = rep3; ++ vs->State = state; ++ vs->PreviousIsMatch = previousIsMatch; ++ vs->RemainLen = len; ++ #endif ++ ++ *outSizeProcessed = nowPos; ++ return LZMA_RESULT_OK; ++} +--- a/lib/Makefile ++++ b/lib/Makefile +@@ -19,7 +19,7 @@ + lib-y += kobject.o kref.o klist.o + + obj-y += bcd.o div64.o sort.o parser.o halfmd4.o debug_locks.o random32.o \ +- bust_spinlocks.o hexdump.o kasprintf.o bitmap.o scatterlist.o ++ bust_spinlocks.o hexdump.o kasprintf.o bitmap.o scatterlist.o LzmaDecode.o + + ifeq ($(CONFIG_DEBUG_KOBJECT),y) + CFLAGS_kobject.o += -DDEBUG diff --git a/target/linux/generic-2.6/patches-2.6.27/003-squashfs_lzma.patch b/target/linux/generic-2.6/patches-2.6.27/003-squashfs_lzma.patch new file mode 100644 index 0000000000..16cc873199 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/003-squashfs_lzma.patch @@ -0,0 +1,107 @@ +--- a/fs/squashfs/inode.c ++++ b/fs/squashfs/inode.c +@@ -4,6 +4,9 @@ + * Copyright (c) 2002, 2003, 2004, 2005, 2006 + * Phillip Lougher <phillip@lougher.org.uk> + * ++ * LZMA decompressor support added by Oleg I. Vdovikin ++ * Copyright (c) 2005 Oleg I.Vdovikin <oleg@cs.msu.su> ++ * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2, +@@ -21,6 +24,7 @@ + * inode.c + */ + ++#define SQUASHFS_LZMA + #include <linux/types.h> + #include <linux/squashfs_fs.h> + #include <linux/module.h> +@@ -44,6 +48,19 @@ + + #include "squashfs.h" + ++#ifdef SQUASHFS_LZMA ++#include <linux/LzmaDecode.h> ++ ++/* default LZMA settings, should be in sync with mksquashfs */ ++#define LZMA_LC 3 ++#define LZMA_LP 0 ++#define LZMA_PB 2 ++ ++#define LZMA_WORKSPACE_SIZE ((LZMA_BASE_SIZE + \ ++ (LZMA_LIT_SIZE << (LZMA_LC + LZMA_LP))) * sizeof(CProb)) ++ ++#endif ++ + static void squashfs_put_super(struct super_block *); + static int squashfs_statfs(struct dentry *, struct kstatfs *); + static int squashfs_symlink_readpage(struct file *file, struct page *page); +@@ -64,7 +81,11 @@ + const char *, void *, struct vfsmount *); + + ++#ifdef SQUASHFS_LZMA ++static unsigned char lzma_workspace[LZMA_WORKSPACE_SIZE]; ++#else + static z_stream stream; ++#endif + + static struct file_system_type squashfs_fs_type = { + .owner = THIS_MODULE, +@@ -249,6 +270,15 @@ + if (compressed) { + int zlib_err; + ++#ifdef SQUASHFS_LZMA ++ if ((zlib_err = LzmaDecode(lzma_workspace, ++ LZMA_WORKSPACE_SIZE, LZMA_LC, LZMA_LP, LZMA_PB, ++ c_buffer, c_byte, buffer, msblk->read_size, &bytes)) != LZMA_RESULT_OK) ++ { ++ ERROR("lzma returned unexpected result 0x%x\n", zlib_err); ++ bytes = 0; ++ } ++#else + stream.next_in = c_buffer; + stream.avail_in = c_byte; + stream.next_out = buffer; +@@ -263,7 +293,7 @@ + bytes = 0; + } else + bytes = stream.total_out; +- ++#endif + up(&msblk->read_data_mutex); + } + +@@ -2045,15 +2075,19 @@ + printk(KERN_INFO "squashfs: version 3.0 (2006/03/15) " + "Phillip Lougher\n"); + ++#ifndef SQUASHFS_LZMA + if (!(stream.workspace = vmalloc(zlib_inflate_workspacesize()))) { + ERROR("Failed to allocate zlib workspace\n"); + destroy_inodecache(); + err = -ENOMEM; + goto out; + } ++#endif + + if ((err = register_filesystem(&squashfs_fs_type))) { ++#ifndef SQUASHFS_LZMA + vfree(stream.workspace); ++#endif + destroy_inodecache(); + } + +@@ -2064,7 +2098,9 @@ + + static void __exit exit_squashfs_fs(void) + { ++#ifndef SQUASHFS_LZMA + vfree(stream.workspace); ++#endif + unregister_filesystem(&squashfs_fs_type); + destroy_inodecache(); + } diff --git a/target/linux/generic-2.6/patches-2.6.27/004-extra_optimization.patch b/target/linux/generic-2.6/patches-2.6.27/004-extra_optimization.patch new file mode 100644 index 0000000000..f9d43bce3a --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/004-extra_optimization.patch @@ -0,0 +1,12 @@ +--- a/Makefile ++++ b/Makefile +@@ -549,6 +549,9 @@ + NOSTDINC_FLAGS += -nostdinc -isystem $(shell $(CC) -print-file-name=include) + CHECKFLAGS += $(NOSTDINC_FLAGS) + ++# improve gcc optimization ++CFLAGS += $(call cc-option,-funit-at-a-time,) ++ + # warn about C99 declaration after statement + KBUILD_CFLAGS += $(call cc-option,-Wdeclaration-after-statement,) + diff --git a/target/linux/generic-2.6/patches-2.6.27/005-squashfs_fix.patch b/target/linux/generic-2.6/patches-2.6.27/005-squashfs_fix.patch new file mode 100644 index 0000000000..d4c2d8051d --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/005-squashfs_fix.patch @@ -0,0 +1,29 @@ +--- a/fs/squashfs/inode.c ++++ b/fs/squashfs/inode.c +@@ -33,6 +33,7 @@ + #include <linux/fs.h> + #include <linux/smp_lock.h> + #include <linux/slab.h> ++#include <linux/exportfs.h> + #include <linux/squashfs_fs_sb.h> + #include <linux/squashfs_fs_i.h> + #include <linux/buffer_head.h> +@@ -43,8 +44,8 @@ + #include <linux/zlib.h> + #include <linux/blkdev.h> + #include <linux/vmalloc.h> ++#include <linux/semaphore.h> + #include <asm/uaccess.h> +-#include <asm/semaphore.h> + + #include "squashfs.h" + +@@ -2125,7 +2126,7 @@ + } + + +-static void init_once(void * foo, struct kmem_cache * cachep, unsigned long flags) ++static void init_once(void *foo) + { + struct squashfs_inode_info *ei = foo; + diff --git a/target/linux/generic-2.6/patches-2.6.27/006-gcc4_inline_fix.patch b/target/linux/generic-2.6/patches-2.6.27/006-gcc4_inline_fix.patch new file mode 100644 index 0000000000..dbb7e7c87e --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/006-gcc4_inline_fix.patch @@ -0,0 +1,11 @@ +--- a/include/asm-mips/system.h ++++ b/include/asm-mips/system.h +@@ -185,7 +185,7 @@ + if something tries to do an invalid xchg(). */ + extern void __xchg_called_with_bad_pointer(void); + +-static inline unsigned long __xchg(unsigned long x, volatile void * ptr, int size) ++static __always_inline unsigned long __xchg(unsigned long x, volatile void * ptr, int size) + { + switch (size) { + case 4: diff --git a/target/linux/generic-2.6/patches-2.6.27/007-samsung_flash.patch b/target/linux/generic-2.6/patches-2.6.27/007-samsung_flash.patch new file mode 100644 index 0000000000..9cabf0e2da --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/007-samsung_flash.patch @@ -0,0 +1,36 @@ +--- a/drivers/mtd/chips/cfi_cmdset_0002.c ++++ b/drivers/mtd/chips/cfi_cmdset_0002.c +@@ -48,6 +48,7 @@ + #define SST49LF040B 0x0050 + #define SST49LF008A 0x005a + #define AT49BV6416 0x00d6 ++#define MANUFACTURER_SAMSUNG 0x00ec + + static int cfi_amdstd_read (struct mtd_info *, loff_t, size_t, size_t *, u_char *); + static int cfi_amdstd_write_words(struct mtd_info *, loff_t, size_t, size_t *, const u_char *); +@@ -321,12 +322,19 @@ + + if (extp->MajorVersion != '1' || + (extp->MinorVersion < '0' || extp->MinorVersion > '4')) { +- printk(KERN_ERR " Unknown Amd/Fujitsu Extended Query " +- "version %c.%c.\n", extp->MajorVersion, +- extp->MinorVersion); +- kfree(extp); +- kfree(mtd); +- return NULL; ++ if (cfi->mfr == MANUFACTURER_SAMSUNG && ++ (extp->MajorVersion == '3' && extp->MinorVersion == '3')) { ++ printk(KERN_NOTICE " Newer Samsung flash detected, " ++ "should be compatibile with Amd/Fujitsu.\n"); ++ } ++ else { ++ printk(KERN_ERR " Unknown Amd/Fujitsu Extended Query " ++ "version %c.%c.\n", extp->MajorVersion, ++ extp->MinorVersion); ++ kfree(extp); ++ kfree(mtd); ++ return NULL; ++ } + } + + /* Install our own private info structure */ diff --git a/target/linux/generic-2.6/patches-2.6.27/010-disable_old_squashfs_compatibility.patch b/target/linux/generic-2.6/patches-2.6.27/010-disable_old_squashfs_compatibility.patch new file mode 100644 index 0000000000..01e27573bc --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/010-disable_old_squashfs_compatibility.patch @@ -0,0 +1,19 @@ +--- a/fs/squashfs/Makefile ++++ b/fs/squashfs/Makefile +@@ -4,4 +4,3 @@ + + obj-$(CONFIG_SQUASHFS) += squashfs.o + squashfs-y += inode.o +-squashfs-y += squashfs2_0.o +--- a/fs/squashfs/squashfs.h ++++ b/fs/squashfs/squashfs.h +@@ -24,6 +24,9 @@ + #ifdef CONFIG_SQUASHFS_1_0_COMPATIBILITY + #undef CONFIG_SQUASHFS_1_0_COMPATIBILITY + #endif ++#ifdef CONFIG_SQUASHFS_2_0_COMPATIBILITY ++#undef CONFIG_SQUASHFS_2_0_COMPATIBILITY ++#endif + + #ifdef SQUASHFS_TRACE + #define TRACE(s, args...) printk(KERN_NOTICE "SQUASHFS: "s, ## args) diff --git a/target/linux/generic-2.6/patches-2.6.27/011-mips_boot.patch b/target/linux/generic-2.6/patches-2.6.27/011-mips_boot.patch new file mode 100644 index 0000000000..4eba9095cf --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/011-mips_boot.patch @@ -0,0 +1,11 @@ +--- a/arch/mips/kernel/head.S ++++ b/arch/mips/kernel/head.S +@@ -120,6 +120,8 @@ + #endif + .endm + ++ j kernel_entry ++ nop + #ifndef CONFIG_NO_EXCEPT_FILL + /* + * Reserved space for exception handlers. diff --git a/target/linux/generic-2.6/patches-2.6.27/060-block2mtd_init.patch b/target/linux/generic-2.6/patches-2.6.27/060-block2mtd_init.patch new file mode 100644 index 0000000000..4483e7788c --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/060-block2mtd_init.patch @@ -0,0 +1,110 @@ +--- a/drivers/mtd/devices/block2mtd.c ++++ b/drivers/mtd/devices/block2mtd.c +@@ -14,6 +14,7 @@ + #include <linux/list.h> + #include <linux/init.h> + #include <linux/mtd/mtd.h> ++#include <linux/mtd/partitions.h> + #include <linux/buffer_head.h> + #include <linux/mutex.h> + #include <linux/mount.h> +@@ -232,10 +233,11 @@ + + + /* FIXME: ensure that mtd->size % erase_size == 0 */ +-static struct block2mtd_dev *add_device(char *devname, int erase_size) ++static struct block2mtd_dev *add_device(char *devname, int erase_size, const char *mtdname) + { + struct block_device *bdev; + struct block2mtd_dev *dev; ++ struct mtd_partition *part; + char *name; + + if (!devname) +@@ -273,17 +275,17 @@ + + mutex_init(&dev->write_mutex); + +- /* Setup the MTD structure */ +- /* make the name contain the block device in */ +- name = kmalloc(sizeof("block2mtd: ") + strlen(devname) + 1, +- GFP_KERNEL); ++ if (!mtdname) ++ mtdname = devname; ++ ++ name = kmalloc(strlen(mtdname) + 1, GFP_KERNEL); + if (!name) + goto devinit_err; + +- sprintf(name, "block2mtd: %s", devname); ++ strcpy(name, mtdname); + dev->mtd.name = name; + +- dev->mtd.size = dev->blkdev->bd_inode->i_size & PAGE_MASK; ++ dev->mtd.size = dev->blkdev->bd_inode->i_size & PAGE_MASK & ~(erase_size - 1); + dev->mtd.erasesize = erase_size; + dev->mtd.writesize = 1; + dev->mtd.type = MTD_RAM; +@@ -296,14 +298,17 @@ + dev->mtd.priv = dev; + dev->mtd.owner = THIS_MODULE; + +- if (add_mtd_device(&dev->mtd)) { ++ part = kzalloc(sizeof(struct mtd_partition), GFP_KERNEL); ++ part->name = dev->mtd.name; ++ part->offset = 0; ++ part->size = dev->mtd.size; ++ if (add_mtd_partitions(&dev->mtd, part, 1)) { + /* Device didnt get added, so free the entry */ + goto devinit_err; + } + list_add(&dev->list, &blkmtd_device_list); + INFO("mtd%d: [%s] erase_size = %dKiB [%d]", dev->mtd.index, +- dev->mtd.name + strlen("block2mtd: "), +- dev->mtd.erasesize >> 10, dev->mtd.erasesize); ++ mtdname, dev->mtd.erasesize >> 10, dev->mtd.erasesize); + return dev; + + devinit_err: +@@ -376,9 +381,9 @@ + + static int block2mtd_setup2(const char *val) + { +- char buf[80 + 12]; /* 80 for device, 12 for erase size */ ++ char buf[80 + 12 + 80]; /* 80 for device, 12 for erase size, 80 for name */ + char *str = buf; +- char *token[2]; ++ char *token[3]; + char *name; + size_t erase_size = PAGE_SIZE; + int i, ret; +@@ -389,7 +394,7 @@ + strcpy(str, val); + kill_final_newline(str); + +- for (i = 0; i < 2; i++) ++ for (i = 0; i < 3; i++) + token[i] = strsep(&str, ","); + + if (str) +@@ -408,8 +413,10 @@ + parse_err("illegal erase size"); + } + } ++ if (token[2] && (strlen(token[2]) + 1 > 80)) ++ parse_err("mtd device name too long"); + +- add_device(name, erase_size); ++ add_device(name, erase_size, token[2]); + + return 0; + } +@@ -443,7 +450,7 @@ + + + module_param_call(block2mtd, block2mtd_setup, NULL, NULL, 0200); +-MODULE_PARM_DESC(block2mtd, "Device to use. \"block2mtd=<dev>[,<erasesize>]\""); ++MODULE_PARM_DESC(block2mtd, "Device to use. \"block2mtd=<dev>[,<erasesize>[,<name>]]\""); + + static int __init block2mtd_init(void) + { diff --git a/target/linux/generic-2.6/patches-2.6.27/065-rootfs_split.patch b/target/linux/generic-2.6/patches-2.6.27/065-rootfs_split.patch new file mode 100644 index 0000000000..039a679a0a --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/065-rootfs_split.patch @@ -0,0 +1,612 @@ +--- a/drivers/mtd/Kconfig ++++ b/drivers/mtd/Kconfig +@@ -45,6 +45,16 @@ + devices. Partitioning on NFTL 'devices' is a different - that's the + 'normal' form of partitioning used on a block device. + ++config MTD_ROOTFS_ROOT_DEV ++ bool "Automatically set 'rootfs' partition to be root filesystem" ++ depends on MTD_PARTITIONS ++ default y ++ ++config MTD_ROOTFS_SPLIT ++ bool "Automatically split 'rootfs' partition for squashfs" ++ depends on MTD_PARTITIONS ++ default y ++ + config MTD_REDBOOT_PARTS + tristate "RedBoot partition table parsing" + depends on MTD_PARTITIONS +--- a/drivers/mtd/mtdpart.c ++++ b/drivers/mtd/mtdpart.c +@@ -18,6 +18,8 @@ + #include <linux/mtd/mtd.h> + #include <linux/mtd/partitions.h> + #include <linux/mtd/compatmac.h> ++#include <linux/squashfs_fs.h> ++#include <linux/root_dev.h> + + /* Our partition linked list */ + static LIST_HEAD(mtd_partitions); +@@ -37,7 +39,7 @@ + * the pointer to that structure with this macro. + */ + #define PART(x) ((struct mtd_part *)(x)) +- ++#define IS_PART(mtd) (mtd->read == part_read) + + /* + * MTD methods which simply translate the effective address and pass through +@@ -489,6 +491,148 @@ + return slave; + } + ++#ifdef CONFIG_MTD_ROOTFS_SPLIT ++#define ROOTFS_SPLIT_NAME "rootfs_data" ++#define ROOTFS_REMOVED_NAME "<removed>" ++static int split_squashfs(struct mtd_info *master, int offset, int *split_offset) ++{ ++ char buf[512]; ++ struct squashfs_super_block *sb = (struct squashfs_super_block *) buf; ++ int len, ret; ++ ++ ret = master->read(master, offset, sizeof(*sb), &len, buf); ++ if (ret || (len != sizeof(*sb))) { ++ printk(KERN_ALERT "split_squashfs: error occured while reading " ++ "from \"%s\"\n", master->name); ++ return -EINVAL; ++ } ++ ++ if (*((u32 *) buf) != SQUASHFS_MAGIC) { ++ printk(KERN_ALERT "split_squashfs: no squashfs found in \"%s\"\n", ++ master->name); ++ *split_offset = 0; ++ return 0; ++ } ++ ++ if (sb->bytes_used <= 0) { ++ printk(KERN_ALERT "split_squashfs: squashfs is empty in \"%s\"\n", ++ master->name); ++ *split_offset = 0; ++ return 0; ++ } ++ ++ len = (u32) sb->bytes_used; ++ len += (offset & 0x000fffff); ++ len += (master->erasesize - 1); ++ len &= ~(master->erasesize - 1); ++ len -= (offset & 0x000fffff); ++ *split_offset = offset + len; ++ ++ return 0; ++} ++ ++static int split_rootfs_data(struct mtd_info *master, struct mtd_info *rpart, const struct mtd_partition *part, ++ int index) ++{ ++ struct mtd_partition *dpart; ++ struct mtd_part *slave = NULL; ++ int split_offset = 0; ++ int ret; ++ ++ ret = split_squashfs(master, part->offset, &split_offset); ++ if (ret) ++ return ret; ++ ++ if (split_offset <= 0) ++ return 0; ++ ++ dpart = kmalloc(sizeof(*part)+sizeof(ROOTFS_SPLIT_NAME)+1, GFP_KERNEL); ++ if (dpart == NULL) { ++ printk(KERN_INFO "split_squashfs: no memory for partition \"%s\"\n", ++ ROOTFS_SPLIT_NAME); ++ return -ENOMEM; ++ } ++ ++ memcpy(dpart, part, sizeof(*part)); ++ dpart->name = (unsigned char *)&dpart[1]; ++ strcpy(dpart->name, ROOTFS_SPLIT_NAME); ++ ++ dpart->size -= split_offset - dpart->offset; ++ dpart->offset = split_offset; ++ ++ if (dpart == NULL) ++ return 1; ++ ++ printk(KERN_INFO "mtd: partition \"%s\" created automatically, ofs=%X, len=%X \n", ++ ROOTFS_SPLIT_NAME, dpart->offset, dpart->size); ++ ++ slave = add_one_partition(master, dpart, index, split_offset); ++ if (!slave) { ++ kfree(dpart); ++ return -ENOMEM; ++ } ++ rpart->split = &slave->mtd; ++ ++ return 0; ++} ++ ++static int refresh_rootfs_split(struct mtd_info *mtd) ++{ ++ struct mtd_partition tpart; ++ struct mtd_part *part; ++ char *name; ++ int index = 0; ++ int offset, size; ++ int ret; ++ ++ part = PART(mtd); ++ ++ /* check for the new squashfs offset first */ ++ ret = split_squashfs(part->master, part->offset, &offset); ++ if (ret) ++ return ret; ++ ++ if ((offset > 0) && !mtd->split) { ++ printk(KERN_INFO "%s: creating new split partition for \"%s\"\n", __func__, mtd->name); ++ /* if we don't have a rootfs split partition, create a new one */ ++ tpart.name = (char *) mtd->name; ++ tpart.size = mtd->size; ++ tpart.offset = part->offset; ++ ++ /* find the index of the last partition */ ++ if (!list_empty(&mtd_partitions)) ++ index = list_first_entry(&mtd_partitions, struct mtd_part, list)->index + 1; ++ ++ return split_rootfs_data(part->master, &part->mtd, &tpart, index); ++ } else if ((offset > 0) && mtd->split) { ++ /* update the offsets of the existing partition */ ++ size = mtd->size + part->offset - offset; ++ ++ part = PART(mtd->split); ++ part->offset = offset; ++ part->mtd.size = size; ++ printk(KERN_INFO "%s: %s partition \"" ROOTFS_SPLIT_NAME "\", offset: 0x%06x (0x%06x)\n", ++ __func__, (!strcmp(part->mtd.name, ROOTFS_SPLIT_NAME) ? "updating" : "creating"), ++ part->offset, part->mtd.size); ++ name = kmalloc(sizeof(ROOTFS_SPLIT_NAME) + 1, GFP_KERNEL); ++ strcpy(name, ROOTFS_SPLIT_NAME); ++ part->mtd.name = name; ++ } else if ((offset <= 0) && mtd->split) { ++ printk(KERN_INFO "%s: removing partition \"%s\"\n", __func__, mtd->split->name); ++ ++ /* mark existing partition as removed */ ++ part = PART(mtd->split); ++ name = kmalloc(sizeof(ROOTFS_SPLIT_NAME) + 1, GFP_KERNEL); ++ strcpy(name, ROOTFS_REMOVED_NAME); ++ part->mtd.name = name; ++ part->offset = 0; ++ part->mtd.size = 0; ++ } ++ ++ return 0; ++} ++#endif /* CONFIG_MTD_ROOTFS_SPLIT */ ++ + /* + * This function, given a master MTD object and a partition table, creates + * and registers slave MTD objects which are bound to the master according to +@@ -502,14 +646,29 @@ + { + struct mtd_part *slave; + u_int32_t cur_offset = 0; +- int i; ++ int i, j, ret; + + printk(KERN_NOTICE "Creating %d MTD partitions on \"%s\":\n", nbparts, master->name); + +- for (i = 0; i < nbparts; i++) { +- slave = add_one_partition(master, parts + i, i, cur_offset); ++ for (i = 0, j = 0; i < nbparts; i++) { ++ slave = add_one_partition(master, parts + i, j++, cur_offset); + if (!slave) + return -ENOMEM; ++ ++ if (!strcmp(parts[i].name, "rootfs") && slave->registered) { ++#ifdef CONFIG_MTD_ROOTFS_ROOT_DEV ++ if (ROOT_DEV == 0) { ++ printk(KERN_NOTICE "mtd: partition \"rootfs\" " ++ "set to be root filesystem\n"); ++ ROOT_DEV = MKDEV(MTD_BLOCK_MAJOR, slave->mtd.index); ++ } ++#endif ++#ifdef CONFIG_MTD_ROOTFS_SPLIT ++ ret = split_rootfs_data(master, &slave->mtd, &parts[i], j); ++ if (ret == 0) ++ j++; ++#endif ++ } + cur_offset = slave->offset + slave->mtd.size; + } + +@@ -517,6 +676,32 @@ + } + EXPORT_SYMBOL(add_mtd_partitions); + ++int refresh_mtd_partitions(struct mtd_info *mtd) ++{ ++ int ret = 0; ++ ++ if (IS_PART(mtd)) { ++ struct mtd_part *part; ++ struct mtd_info *master; ++ ++ part = PART(mtd); ++ master = part->master; ++ if (master->refresh_device) ++ ret = master->refresh_device(master); ++ } ++ ++ if (!ret && mtd->refresh_device) ++ ret = mtd->refresh_device(mtd); ++ ++#ifdef CONFIG_MTD_ROOTFS_SPLIT ++ if (!ret && IS_PART(mtd) && !strcmp(mtd->name, "rootfs")) ++ refresh_rootfs_split(mtd); ++#endif ++ ++ return 0; ++} ++EXPORT_SYMBOL_GPL(refresh_mtd_partitions); ++ + static DEFINE_SPINLOCK(part_parser_lock); + static LIST_HEAD(part_parsers); + +--- a/drivers/mtd/devices/block2mtd.c ++++ b/drivers/mtd/devices/block2mtd.c +@@ -29,6 +29,8 @@ + struct block_device *blkdev; + struct mtd_info mtd; + struct mutex write_mutex; ++ rwlock_t bdev_mutex; ++ char devname[0]; + }; + + +@@ -81,6 +83,12 @@ + size_t len = instr->len; + int err; + ++ read_lock(&dev->bdev_mutex); ++ if (!dev->blkdev) { ++ err = -EINVAL; ++ goto done; ++ } ++ + instr->state = MTD_ERASING; + mutex_lock(&dev->write_mutex); + err = _block2mtd_erase(dev, from, len); +@@ -93,6 +101,10 @@ + + instr->state = MTD_ERASE_DONE; + mtd_erase_callback(instr); ++ ++done: ++ read_unlock(&dev->bdev_mutex); ++ + return err; + } + +@@ -104,10 +116,14 @@ + struct page *page; + int index = from >> PAGE_SHIFT; + int offset = from & (PAGE_SIZE-1); +- int cpylen; ++ int cpylen, err = 0; ++ ++ read_lock(&dev->bdev_mutex); ++ if (!dev->blkdev || (from > mtd->size)) { ++ err = -EINVAL; ++ goto done; ++ } + +- if (from > mtd->size) +- return -EINVAL; + if (from + len > mtd->size) + len = mtd->size - from; + +@@ -122,10 +138,14 @@ + len = len - cpylen; + + page = page_read(dev->blkdev->bd_inode->i_mapping, index); +- if (!page) +- return -ENOMEM; +- if (IS_ERR(page)) +- return PTR_ERR(page); ++ if (!page) { ++ err = -ENOMEM; ++ goto done; ++ } ++ if (IS_ERR(page)) { ++ err = PTR_ERR(page); ++ goto done; ++ } + + memcpy(buf, page_address(page) + offset, cpylen); + page_cache_release(page); +@@ -136,7 +156,10 @@ + offset = 0; + index++; + } +- return 0; ++ ++done: ++ read_unlock(&dev->bdev_mutex); ++ return err; + } + + +@@ -188,12 +211,22 @@ + size_t *retlen, const u_char *buf) + { + struct block2mtd_dev *dev = mtd->priv; +- int err; ++ int err = 0; ++ ++ read_lock(&dev->bdev_mutex); ++ if (!dev->blkdev) { ++ err = -EINVAL; ++ goto done; ++ } + + if (!len) +- return 0; +- if (to >= mtd->size) +- return -ENOSPC; ++ goto done; ++ ++ if (to >= mtd->size) { ++ err = -ENOSPC; ++ goto done; ++ } ++ + if (to + len > mtd->size) + len = mtd->size - to; + +@@ -202,6 +235,9 @@ + mutex_unlock(&dev->write_mutex); + if (err > 0) + err = 0; ++ ++done: ++ read_unlock(&dev->bdev_mutex); + return err; + } + +@@ -210,7 +246,12 @@ + static void block2mtd_sync(struct mtd_info *mtd) + { + struct block2mtd_dev *dev = mtd->priv; +- sync_blockdev(dev->blkdev); ++ ++ read_lock(&dev->bdev_mutex); ++ if (dev->blkdev) ++ sync_blockdev(dev->blkdev); ++ read_unlock(&dev->bdev_mutex); ++ + return; + } + +@@ -231,31 +272,22 @@ + kfree(dev); + } + +- +-/* FIXME: ensure that mtd->size % erase_size == 0 */ +-static struct block2mtd_dev *add_device(char *devname, int erase_size, const char *mtdname) ++static int _open_bdev(struct block2mtd_dev *dev) + { + struct block_device *bdev; + struct block2mtd_dev *dev; + struct mtd_partition *part; + char *name; + +- if (!devname) +- return NULL; +- +- dev = kzalloc(sizeof(struct block2mtd_dev), GFP_KERNEL); +- if (!dev) +- return NULL; +- + /* Get a handle on the device */ +- bdev = open_bdev_excl(devname, O_RDWR, NULL); ++ bdev = open_bdev_excl(dev->devname, O_RDWR, NULL); + #ifndef MODULE + if (IS_ERR(bdev)) { + + /* We might not have rootfs mounted at this point. Try + to resolve the device name by other means. */ + +- dev_t devt = name_to_dev_t(devname); ++ dev_t devt = name_to_dev_t(dev->devname); + if (devt) { + bdev = open_by_devnum(devt, FMODE_WRITE | FMODE_READ); + } +@@ -263,17 +295,96 @@ + #endif + + if (IS_ERR(bdev)) { +- ERROR("error: cannot open device %s", devname); +- goto devinit_err; ++ ERROR("error: cannot open device %s", dev->devname); ++ return 1; + } + dev->blkdev = bdev; + + if (MAJOR(bdev->bd_dev) == MTD_BLOCK_MAJOR) { + ERROR("attempting to use an MTD device as a block device"); +- goto devinit_err; ++ return 1; + } + ++ return 0; ++} ++ ++static void _close_bdev(struct block2mtd_dev *dev) ++{ ++ struct block_device *bdev; ++ ++ if (!dev->blkdev) ++ return; ++ ++ bdev = dev->blkdev; ++ invalidate_mapping_pages(dev->blkdev->bd_inode->i_mapping, 0, -1); ++ close_bdev_excl(dev->blkdev); ++ dev->blkdev = NULL; ++} ++ ++static void block2mtd_free_device(struct block2mtd_dev *dev) ++{ ++ if (!dev) ++ return; ++ ++ kfree(dev->mtd.name); ++ _close_bdev(dev); ++ kfree(dev); ++} ++ ++ ++static int block2mtd_refresh(struct mtd_info *mtd) ++{ ++ struct block2mtd_dev *dev = mtd->priv; ++ struct block_device *bdev; ++ dev_t devt; ++ int err = 0; ++ ++ /* no other mtd function can run at this point */ ++ write_lock(&dev->bdev_mutex); ++ ++ /* get the device number for the whole disk */ ++ devt = MKDEV(MAJOR(dev->blkdev->bd_dev), 0); ++ ++ /* close the old block device */ ++ _close_bdev(dev); ++ ++ /* open the whole disk, issue a partition rescan, then */ ++ bdev = open_by_devnum(devt, FMODE_WRITE | FMODE_READ); ++ if (!bdev || !bdev->bd_disk) ++ err = -EINVAL; ++ else { ++ err = rescan_partitions(bdev->bd_disk, bdev); ++ } ++ if (bdev) ++ close_bdev_excl(bdev); ++ ++ /* try to open the partition block device again */ ++ _open_bdev(dev); ++ write_unlock(&dev->bdev_mutex); ++ ++ return err; ++} ++ ++/* FIXME: ensure that mtd->size % erase_size == 0 */ ++static struct block2mtd_dev *add_device(char *devname, int erase_size, char *mtdname) ++{ ++ struct block2mtd_dev *dev; ++ struct mtd_partition *part; ++ ++ if (!devname) ++ return NULL; ++ ++ dev = kzalloc(sizeof(struct block2mtd_dev) + strlen(devname) + 1, GFP_KERNEL); ++ if (!dev) ++ return NULL; ++ ++ strcpy(dev->devname, devname); ++ ++ if (_open_bdev(dev)) ++ goto devinit_err; ++ + mutex_init(&dev->write_mutex); ++ rwlock_init(&dev->bdev_mutex); + + if (!mtdname) + mtdname = devname; +@@ -297,6 +408,7 @@ + dev->mtd.read = block2mtd_read; + dev->mtd.priv = dev; + dev->mtd.owner = THIS_MODULE; ++ dev->mtd.refresh_device = block2mtd_refresh; + + part = kzalloc(sizeof(struct mtd_partition), GFP_KERNEL); + part->name = dev->mtd.name; +--- a/drivers/mtd/mtdchar.c ++++ b/drivers/mtd/mtdchar.c +@@ -16,6 +16,7 @@ + + #include <linux/mtd/mtd.h> + #include <linux/mtd/compatmac.h> ++#include <linux/mtd/partitions.h> + + #include <asm/uaccess.h> + +@@ -771,6 +772,13 @@ + file->f_pos = 0; + break; + } ++#ifdef CONFIG_MTD_PARTITIONS ++ case MTDREFRESH: ++ { ++ ret = refresh_mtd_partitions(mtd); ++ break; ++ } ++#endif + + default: + ret = -ENOTTY; +--- a/include/linux/mtd/mtd.h ++++ b/include/linux/mtd/mtd.h +@@ -96,6 +96,7 @@ + uint8_t *oobbuf; + }; + ++struct mtd_info; + struct mtd_info { + u_char type; + u_int32_t flags; +@@ -211,6 +212,9 @@ + struct module *owner; + int usecount; + ++ int (*refresh_device)(struct mtd_info *mtd); ++ struct mtd_info *split; ++ + /* If the driver is something smart, like UBI, it may need to maintain + * its own reference counting. The below functions are only for driver. + * The driver may register its callbacks. These callbacks are not +--- a/include/linux/mtd/partitions.h ++++ b/include/linux/mtd/partitions.h +@@ -34,6 +34,7 @@ + * erasesize aligned (e.g. use MTDPART_OFS_NEXTBLK). + */ + ++struct mtd_partition; + struct mtd_partition { + char *name; /* identifier string */ + u_int32_t size; /* partition size */ +@@ -41,6 +42,7 @@ + u_int32_t mask_flags; /* master MTD flags to mask out for this partition */ + struct nand_ecclayout *ecclayout; /* out of band layout for this partition (NAND only)*/ + struct mtd_info **mtdp; /* pointer to store the MTD object */ ++ int (*refresh_partition)(struct mtd_info *); + }; + + #define MTDPART_OFS_NXTBLK (-2) +@@ -50,6 +52,7 @@ + + int add_mtd_partitions(struct mtd_info *, const struct mtd_partition *, int); + int del_mtd_partitions(struct mtd_info *); ++int refresh_mtd_partitions(struct mtd_info *); + + /* + * Functions dealing with the various ways of partitioning the space +--- a/include/mtd/mtd-abi.h ++++ b/include/mtd/mtd-abi.h +@@ -93,6 +93,7 @@ + #define ECCGETLAYOUT _IOR('M', 17, struct nand_ecclayout) + #define ECCGETSTATS _IOR('M', 18, struct mtd_ecc_stats) + #define MTDFILEMODE _IO('M', 19) ++#define MTDREFRESH _IO('M', 23) + + /* + * Obsolete legacy interface. Keep it in order not to break userspace diff --git a/target/linux/generic-2.6/patches-2.6.27/070-redboot_space.patch b/target/linux/generic-2.6/patches-2.6.27/070-redboot_space.patch new file mode 100644 index 0000000000..e7b3b60e22 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/070-redboot_space.patch @@ -0,0 +1,30 @@ +--- a/drivers/mtd/redboot.c ++++ b/drivers/mtd/redboot.c +@@ -249,14 +249,21 @@ + #endif + names += strlen(names)+1; + +-#ifdef CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED + if(fl->next && fl->img->flash_base + fl->img->size + master->erasesize <= fl->next->img->flash_base) { +- i++; +- parts[i].offset = parts[i-1].size + parts[i-1].offset; +- parts[i].size = fl->next->img->flash_base - parts[i].offset; +- parts[i].name = nullname; +- } ++ if (!strcmp(parts[i].name, "rootfs")) { ++ parts[i].size = fl->next->img->flash_base; ++ parts[i].size &= ~(master->erasesize - 1); ++ parts[i].size -= parts[i].offset; ++#ifdef CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED ++ nrparts--; ++ } else { ++ i++; ++ parts[i].offset = parts[i-1].size + parts[i-1].offset; ++ parts[i].size = fl->next->img->flash_base - parts[i].offset; ++ parts[i].name = nullname; + #endif ++ } ++ } + tmp_fl = fl; + fl = fl->next; + kfree(tmp_fl); diff --git a/target/linux/generic-2.6/patches-2.6.27/071-redboot_boardconfig.patch b/target/linux/generic-2.6/patches-2.6.27/071-redboot_boardconfig.patch new file mode 100644 index 0000000000..2fe1d959e6 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/071-redboot_boardconfig.patch @@ -0,0 +1,60 @@ +--- a/drivers/mtd/redboot.c ++++ b/drivers/mtd/redboot.c +@@ -11,6 +11,8 @@ + #include <linux/mtd/mtd.h> + #include <linux/mtd/partitions.h> + ++#define BOARD_CONFIG_PART "boardconfig" ++ + struct fis_image_desc { + unsigned char name[16]; // Null terminated name + uint32_t flash_base; // Address within FLASH of image +@@ -41,6 +43,7 @@ + struct mtd_partition **pparts, + unsigned long fis_origin) + { ++ unsigned long max_offset = 0; + int nrparts = 0; + struct fis_image_desc *buf; + struct mtd_partition *parts; +@@ -209,14 +212,14 @@ + } + } + #endif +- parts = kzalloc(sizeof(*parts)*nrparts + nulllen + namelen, GFP_KERNEL); ++ parts = kzalloc(sizeof(*parts) * (nrparts + 1) + nulllen + namelen + sizeof(BOARD_CONFIG_PART), GFP_KERNEL); + + if (!parts) { + ret = -ENOMEM; + goto out; + } + +- nullname = (char *)&parts[nrparts]; ++ nullname = (char *)&parts[nrparts + 1]; + #ifdef CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED + if (nulllen > 0) { + strcpy(nullname, nullstring); +@@ -235,6 +238,8 @@ + } + #endif + for ( ; i<nrparts; i++) { ++ if(max_offset < buf[i].flash_base + buf[i].size) ++ max_offset = buf[i].flash_base + buf[i].size; + parts[i].size = fl->img->size; + parts[i].offset = fl->img->flash_base; + parts[i].name = names; +@@ -268,6 +273,14 @@ + fl = fl->next; + kfree(tmp_fl); + } ++ if(master->size - max_offset >= master->erasesize) ++ { ++ parts[nrparts].size = master->size - max_offset; ++ parts[nrparts].offset = max_offset; ++ parts[nrparts].name = names; ++ strcpy(names, BOARD_CONFIG_PART); ++ nrparts++; ++ } + ret = nrparts; + *pparts = parts; + out: diff --git a/target/linux/generic-2.6/patches-2.6.27/080-mtd_plat_nand_chip_fixup.patch b/target/linux/generic-2.6/patches-2.6.27/080-mtd_plat_nand_chip_fixup.patch new file mode 100644 index 0000000000..2b8954c1fb --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/080-mtd_plat_nand_chip_fixup.patch @@ -0,0 +1,32 @@ +--- a/include/linux/mtd/nand.h ++++ b/include/linux/mtd/nand.h +@@ -578,6 +578,7 @@ + int chip_delay; + unsigned int options; + const char **part_probe_types; ++ int (*chip_fixup)(struct mtd_info *mtd); + void *priv; + }; + +--- a/drivers/mtd/nand/plat_nand.c ++++ b/drivers/mtd/nand/plat_nand.c +@@ -71,7 +71,18 @@ + platform_set_drvdata(pdev, data); + + /* Scan to find existance of the device */ +- if (nand_scan(&data->mtd, 1)) { ++ if (nand_scan_ident(&data->mtd, 1)) { ++ res = -ENXIO; ++ goto out; ++ } ++ ++ if (pdata->chip.chip_fixup) { ++ res = pdata->chip.chip_fixup(&data->mtd); ++ if (res) ++ goto out; ++ } ++ ++ if (nand_scan_tail(&data->mtd)) { + res = -ENXIO; + goto out; + } diff --git a/target/linux/generic-2.6/patches-2.6.27/100-netfilter_layer7_2.17.patch b/target/linux/generic-2.6/patches-2.6.27/100-netfilter_layer7_2.17.patch new file mode 100644 index 0000000000..c3a5becb54 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/100-netfilter_layer7_2.17.patch @@ -0,0 +1,2101 @@ +--- a/net/netfilter/Kconfig ++++ b/net/netfilter/Kconfig +@@ -757,6 +757,27 @@ + + To compile it as a module, choose M here. If unsure, say N. + ++config NETFILTER_XT_MATCH_LAYER7 ++ tristate '"layer7" match support' ++ depends on NETFILTER_XTABLES ++ depends on EXPERIMENTAL && (IP_NF_CONNTRACK || NF_CONNTRACK) ++ depends on NF_CT_ACCT ++ help ++ Say Y if you want to be able to classify connections (and their ++ packets) based on regular expression matching of their application ++ layer data. This is one way to classify applications such as ++ peer-to-peer filesharing systems that do not always use the same ++ port. ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ ++config NETFILTER_XT_MATCH_LAYER7_DEBUG ++ bool 'Layer 7 debugging output' ++ depends on NETFILTER_XT_MATCH_LAYER7 ++ help ++ Say Y to get lots of debugging output. ++ ++ + config NETFILTER_XT_MATCH_STATISTIC + tristate '"statistic" match support' + depends on NETFILTER_XTABLES +--- a/net/netfilter/Makefile ++++ b/net/netfilter/Makefile +@@ -78,6 +78,7 @@ + obj-$(CONFIG_NETFILTER_XT_MATCH_REALM) += xt_realm.o + obj-$(CONFIG_NETFILTER_XT_MATCH_SCTP) += xt_sctp.o + obj-$(CONFIG_NETFILTER_XT_MATCH_STATE) += xt_state.o ++obj-$(CONFIG_NETFILTER_XT_MATCH_LAYER7) += xt_layer7.o + obj-$(CONFIG_NETFILTER_XT_MATCH_STATISTIC) += xt_statistic.o + obj-$(CONFIG_NETFILTER_XT_MATCH_STRING) += xt_string.o + obj-$(CONFIG_NETFILTER_XT_MATCH_TCPMSS) += xt_tcpmss.o +--- /dev/null ++++ b/net/netfilter/xt_layer7.c +@@ -0,0 +1,634 @@ ++/* ++ Kernel module to match application layer (OSI layer 7) data in connections. ++ ++ http://l7-filter.sf.net ++ ++ (C) 2003, 2004, 2005, 2006, 2007 Matthew Strait and Ethan Sommer. ++ ++ This program is free software; you can redistribute it and/or ++ modify it under the terms of the GNU General Public License ++ as published by the Free Software Foundation; either version ++ 2 of the License, or (at your option) any later version. ++ http://www.gnu.org/licenses/gpl.txt ++ ++ Based on ipt_string.c (C) 2000 Emmanuel Roger <winfield@freegates.be>, ++ xt_helper.c (C) 2002 Harald Welte and cls_layer7.c (C) 2003 Matthew Strait, ++ Ethan Sommer, Justin Levandoski. ++*/ ++ ++#include <linux/spinlock.h> ++#include <linux/version.h> ++#include <net/ip.h> ++#include <net/tcp.h> ++#include <linux/module.h> ++#include <linux/skbuff.h> ++#include <linux/netfilter.h> ++#include <net/netfilter/nf_conntrack.h> ++#include <net/netfilter/nf_conntrack_core.h> ++#include <linux/netfilter/x_tables.h> ++#include <linux/netfilter/xt_layer7.h> ++#include <linux/ctype.h> ++#include <linux/proc_fs.h> ++ ++#include "regexp/regexp.c" ++ ++MODULE_LICENSE("GPL"); ++MODULE_AUTHOR("Matthew Strait <quadong@users.sf.net>, Ethan Sommer <sommere@users.sf.net>"); ++MODULE_DESCRIPTION("iptables application layer match module"); ++MODULE_ALIAS("ipt_layer7"); ++MODULE_VERSION("2.17"); ++ ++static int maxdatalen = 2048; // this is the default ++module_param(maxdatalen, int, 0444); ++MODULE_PARM_DESC(maxdatalen, "maximum bytes of data looked at by l7-filter"); ++#ifdef CONFIG_NETFILTER_XT_MATCH_LAYER7_DEBUG ++ #define DPRINTK(format,args...) printk(format,##args) ++#else ++ #define DPRINTK(format,args...) ++#endif ++ ++#define TOTAL_PACKETS master_conntrack->counters[IP_CT_DIR_ORIGINAL].packets + \ ++ master_conntrack->counters[IP_CT_DIR_REPLY].packets ++ ++/* Number of packets whose data we look at. ++This can be modified through /proc/net/layer7_numpackets */ ++static int num_packets = 10; ++ ++static struct pattern_cache { ++ char * regex_string; ++ regexp * pattern; ++ struct pattern_cache * next; ++} * first_pattern_cache = NULL; ++ ++DEFINE_SPINLOCK(l7_lock); ++ ++#ifdef CONFIG_IP_NF_MATCH_LAYER7_DEBUG ++/* Converts an unfriendly string into a friendly one by ++replacing unprintables with periods and all whitespace with " ". */ ++static char * friendly_print(unsigned char * s) ++{ ++ char * f = kmalloc(strlen(s) + 1, GFP_ATOMIC); ++ int i; ++ ++ if(!f) { ++ if (net_ratelimit()) ++ printk(KERN_ERR "layer7: out of memory in " ++ "friendly_print, bailing.\n"); ++ return NULL; ++ } ++ ++ for(i = 0; i < strlen(s); i++){ ++ if(isprint(s[i]) && s[i] < 128) f[i] = s[i]; ++ else if(isspace(s[i])) f[i] = ' '; ++ else f[i] = '.'; ++ } ++ f[i] = '\0'; ++ return f; ++} ++ ++static char dec2hex(int i) ++{ ++ switch (i) { ++ case 0 ... 9: ++ return (i + '0'); ++ break; ++ case 10 ... 15: ++ return (i - 10 + 'a'); ++ break; ++ default: ++ if (net_ratelimit()) ++ printk("layer7: Problem in dec2hex\n"); ++ return '\0'; ++ } ++} ++ ++static char * hex_print(unsigned char * s) ++{ ++ char * g = kmalloc(strlen(s)*3 + 1, GFP_ATOMIC); ++ int i; ++ ++ if(!g) { ++ if (net_ratelimit()) ++ printk(KERN_ERR "layer7: out of memory in hex_print, " ++ "bailing.\n"); ++ return NULL; ++ } ++ ++ for(i = 0; i < strlen(s); i++) { ++ g[i*3 ] = dec2hex(s[i]/16); ++ g[i*3 + 1] = dec2hex(s[i]%16); ++ g[i*3 + 2] = ' '; ++ } ++ g[i*3] = '\0'; ++ ++ return g; ++} ++#endif // DEBUG ++ ++/* Use instead of regcomp. As we expect to be seeing the same regexps over and ++over again, it make sense to cache the results. */ ++static regexp * compile_and_cache(const char * regex_string, ++ const char * protocol) ++{ ++ struct pattern_cache * node = first_pattern_cache; ++ struct pattern_cache * last_pattern_cache = first_pattern_cache; ++ struct pattern_cache * tmp; ++ unsigned int len; ++ ++ while (node != NULL) { ++ if (!strcmp(node->regex_string, regex_string)) ++ return node->pattern; ++ ++ last_pattern_cache = node;/* points at the last non-NULL node */ ++ node = node->next; ++ } ++ ++ /* If we reach the end of the list, then we have not yet cached ++ the pattern for this regex. Let's do that now. ++ Be paranoid about running out of memory to avoid list corruption. */ ++ tmp = kmalloc(sizeof(struct pattern_cache), GFP_ATOMIC); ++ ++ if(!tmp) { ++ if (net_ratelimit()) ++ printk(KERN_ERR "layer7: out of memory in " ++ "compile_and_cache, bailing.\n"); ++ return NULL; ++ } ++ ++ tmp->regex_string = kmalloc(strlen(regex_string) + 1, GFP_ATOMIC); ++ tmp->pattern = kmalloc(sizeof(struct regexp), GFP_ATOMIC); ++ tmp->next = NULL; ++ ++ if(!tmp->regex_string || !tmp->pattern) { ++ if (net_ratelimit()) ++ printk(KERN_ERR "layer7: out of memory in " ++ "compile_and_cache, bailing.\n"); ++ kfree(tmp->regex_string); ++ kfree(tmp->pattern); ++ kfree(tmp); ++ return NULL; ++ } ++ ++ /* Ok. The new node is all ready now. */ ++ node = tmp; ++ ++ if(first_pattern_cache == NULL) /* list is empty */ ++ first_pattern_cache = node; /* make node the beginning */ ++ else ++ last_pattern_cache->next = node; /* attach node to the end */ ++ ++ /* copy the string and compile the regex */ ++ len = strlen(regex_string); ++ DPRINTK("About to compile this: \"%s\"\n", regex_string); ++ node->pattern = regcomp((char *)regex_string, &len); ++ if ( !node->pattern ) { ++ if (net_ratelimit()) ++ printk(KERN_ERR "layer7: Error compiling regexp " ++ "\"%s\" (%s)\n", ++ regex_string, protocol); ++ /* pattern is now cached as NULL, so we won't try again. */ ++ } ++ ++ strcpy(node->regex_string, regex_string); ++ return node->pattern; ++} ++ ++static int can_handle(const struct sk_buff *skb) ++{ ++ if(!ip_hdr(skb)) /* not IP */ ++ return 0; ++ if(ip_hdr(skb)->protocol != IPPROTO_TCP && ++ ip_hdr(skb)->protocol != IPPROTO_UDP && ++ ip_hdr(skb)->protocol != IPPROTO_ICMP) ++ return 0; ++ return 1; ++} ++ ++/* Returns offset the into the skb->data that the application data starts */ ++static int app_data_offset(const struct sk_buff *skb) ++{ ++ /* In case we are ported somewhere (ebtables?) where ip_hdr(skb) ++ isn't set, this can be gotten from 4*(skb->data[0] & 0x0f) as well. */ ++ int ip_hl = 4*ip_hdr(skb)->ihl; ++ ++ if( ip_hdr(skb)->protocol == IPPROTO_TCP ) { ++ /* 12 == offset into TCP header for the header length field. ++ Can't get this with skb->h.th->doff because the tcphdr ++ struct doesn't get set when routing (this is confirmed to be ++ true in Netfilter as well as QoS.) */ ++ int tcp_hl = 4*(skb->data[ip_hl + 12] >> 4); ++ ++ return ip_hl + tcp_hl; ++ } else if( ip_hdr(skb)->protocol == IPPROTO_UDP ) { ++ return ip_hl + 8; /* UDP header is always 8 bytes */ ++ } else if( ip_hdr(skb)->protocol == IPPROTO_ICMP ) { ++ return ip_hl + 8; /* ICMP header is 8 bytes */ ++ } else { ++ if (net_ratelimit()) ++ printk(KERN_ERR "layer7: tried to handle unknown " ++ "protocol!\n"); ++ return ip_hl + 8; /* something reasonable */ ++ } ++} ++ ++/* handles whether there's a match when we aren't appending data anymore */ ++static int match_no_append(struct nf_conn * conntrack, ++ struct nf_conn * master_conntrack, ++ enum ip_conntrack_info ctinfo, ++ enum ip_conntrack_info master_ctinfo, ++ const struct xt_layer7_info * info) ++{ ++ /* If we're in here, throw the app data away */ ++ if(master_conntrack->layer7.app_data != NULL) { ++ ++ #ifdef CONFIG_IP_NF_MATCH_LAYER7_DEBUG ++ if(!master_conntrack->layer7.app_proto) { ++ char * f = ++ friendly_print(master_conntrack->layer7.app_data); ++ char * g = ++ hex_print(master_conntrack->layer7.app_data); ++ DPRINTK("\nl7-filter gave up after %d bytes " ++ "(%d packets):\n%s\n", ++ strlen(f), TOTAL_PACKETS, f); ++ kfree(f); ++ DPRINTK("In hex: %s\n", g); ++ kfree(g); ++ } ++ #endif ++ ++ kfree(master_conntrack->layer7.app_data); ++ master_conntrack->layer7.app_data = NULL; /* don't free again */ ++ } ++ ++ if(master_conntrack->layer7.app_proto){ ++ /* Here child connections set their .app_proto (for /proc) */ ++ if(!conntrack->layer7.app_proto) { ++ conntrack->layer7.app_proto = ++ kmalloc(strlen(master_conntrack->layer7.app_proto)+1, ++ GFP_ATOMIC); ++ if(!conntrack->layer7.app_proto){ ++ if (net_ratelimit()) ++ printk(KERN_ERR "layer7: out of memory " ++ "in match_no_append, " ++ "bailing.\n"); ++ return 1; ++ } ++ strcpy(conntrack->layer7.app_proto, ++ master_conntrack->layer7.app_proto); ++ } ++ ++ return (!strcmp(master_conntrack->layer7.app_proto, ++ info->protocol)); ++ } ++ else { ++ /* If not classified, set to "unknown" to distinguish from ++ connections that are still being tested. */ ++ master_conntrack->layer7.app_proto = ++ kmalloc(strlen("unknown")+1, GFP_ATOMIC); ++ if(!master_conntrack->layer7.app_proto){ ++ if (net_ratelimit()) ++ printk(KERN_ERR "layer7: out of memory in " ++ "match_no_append, bailing.\n"); ++ return 1; ++ } ++ strcpy(master_conntrack->layer7.app_proto, "unknown"); ++ return 0; ++ } ++} ++ ++/* add the new app data to the conntrack. Return number of bytes added. */ ++static int add_data(struct nf_conn * master_conntrack, ++ char * app_data, int appdatalen) ++{ ++ int length = 0, i; ++ int oldlength = master_conntrack->layer7.app_data_len; ++ ++ /* This is a fix for a race condition by Deti Fliegl. However, I'm not ++ clear on whether the race condition exists or whether this really ++ fixes it. I might just be being dense... Anyway, if it's not really ++ a fix, all it does is waste a very small amount of time. */ ++ if(!master_conntrack->layer7.app_data) return 0; ++ ++ /* Strip nulls. Make everything lower case (our regex lib doesn't ++ do case insensitivity). Add it to the end of the current data. */ ++ for(i = 0; i < maxdatalen-oldlength-1 && ++ i < appdatalen; i++) { ++ if(app_data[i] != '\0') { ++ /* the kernel version of tolower mungs 'upper ascii' */ ++ master_conntrack->layer7.app_data[length+oldlength] = ++ isascii(app_data[i])? ++ tolower(app_data[i]) : app_data[i]; ++ length++; ++ } ++ } ++ ++ master_conntrack->layer7.app_data[length+oldlength] = '\0'; ++ master_conntrack->layer7.app_data_len = length + oldlength; ++ ++ return length; ++} ++ ++/* taken from drivers/video/modedb.c */ ++static int my_atoi(const char *s) ++{ ++ int val = 0; ++ ++ for (;; s++) { ++ switch (*s) { ++ case '0'...'9': ++ val = 10*val+(*s-'0'); ++ break; ++ default: ++ return val; ++ } ++ } ++} ++ ++/* write out num_packets to userland. */ ++static int layer7_read_proc(char* page, char ** start, off_t off, int count, ++ int* eof, void * data) ++{ ++ if(num_packets > 99 && net_ratelimit()) ++ printk(KERN_ERR "layer7: NOT REACHED. num_packets too big\n"); ++ ++ page[0] = num_packets/10 + '0'; ++ page[1] = num_packets%10 + '0'; ++ page[2] = '\n'; ++ page[3] = '\0'; ++ ++ *eof=1; ++ ++ return 3; ++} ++ ++/* Read in num_packets from userland */ ++static int layer7_write_proc(struct file* file, const char* buffer, ++ unsigned long count, void *data) ++{ ++ char * foo = kmalloc(count, GFP_ATOMIC); ++ ++ if(!foo){ ++ if (net_ratelimit()) ++ printk(KERN_ERR "layer7: out of memory, bailing. " ++ "num_packets unchanged.\n"); ++ return count; ++ } ++ ++ if(copy_from_user(foo, buffer, count)) { ++ return -EFAULT; ++ } ++ ++ ++ num_packets = my_atoi(foo); ++ kfree (foo); ++ ++ /* This has an arbitrary limit to make the math easier. I'm lazy. ++ But anyway, 99 is a LOT! If you want more, you're doing it wrong! */ ++ if(num_packets > 99) { ++ printk(KERN_WARNING "layer7: num_packets can't be > 99.\n"); ++ num_packets = 99; ++ } else if(num_packets < 1) { ++ printk(KERN_WARNING "layer7: num_packets can't be < 1.\n"); ++ num_packets = 1; ++ } ++ ++ return count; ++} ++ ++static bool ++match(const struct sk_buff *skbin, ++ const struct net_device *in, ++ const struct net_device *out, ++ const struct xt_match *match, ++ const void *matchinfo, ++ int offset, ++ unsigned int protoff, ++ bool *hotdrop) ++{ ++ /* sidestep const without getting a compiler warning... */ ++ struct sk_buff * skb = (struct sk_buff *)skbin; ++ ++ const struct xt_layer7_info * info = matchinfo; ++ enum ip_conntrack_info master_ctinfo, ctinfo; ++ struct nf_conn *master_conntrack, *conntrack; ++ unsigned char * app_data; ++ unsigned int pattern_result, appdatalen; ++ regexp * comppattern; ++ ++ /* Be paranoid/incompetent - lock the entire match function. */ ++ spin_lock_bh(&l7_lock); ++ ++ if(!can_handle(skb)){ ++ DPRINTK("layer7: This is some protocol I can't handle.\n"); ++ spin_unlock_bh(&l7_lock); ++ return info->invert; ++ } ++ ++ /* Treat parent & all its children together as one connection, except ++ for the purpose of setting conntrack->layer7.app_proto in the actual ++ connection. This makes /proc/net/ip_conntrack more satisfying. */ ++ if(!(conntrack = nf_ct_get(skb, &ctinfo)) || ++ !(master_conntrack=nf_ct_get(skb,&master_ctinfo))){ ++ DPRINTK("layer7: couldn't get conntrack.\n"); ++ spin_unlock_bh(&l7_lock); ++ return info->invert; ++ } ++ ++ /* Try to get a master conntrack (and its master etc) for FTP, etc. */ ++ while (master_ct(master_conntrack) != NULL) ++ master_conntrack = master_ct(master_conntrack); ++ ++ /* if we've classified it or seen too many packets */ ++ if(TOTAL_PACKETS > num_packets || ++ master_conntrack->layer7.app_proto) { ++ ++ pattern_result = match_no_append(conntrack, master_conntrack, ++ ctinfo, master_ctinfo, info); ++ ++ /* skb->cb[0] == seen. Don't do things twice if there are ++ multiple l7 rules. I'm not sure that using cb for this purpose ++ is correct, even though it says "put your private variables ++ there". But it doesn't look like it is being used for anything ++ else in the skbs that make it here. */ ++ skb->cb[0] = 1; /* marking it seen here's probably irrelevant */ ++ ++ spin_unlock_bh(&l7_lock); ++ return (pattern_result ^ info->invert); ++ } ++ ++ if(skb_is_nonlinear(skb)){ ++ if(skb_linearize(skb) != 0){ ++ if (net_ratelimit()) ++ printk(KERN_ERR "layer7: failed to linearize " ++ "packet, bailing.\n"); ++ spin_unlock_bh(&l7_lock); ++ return info->invert; ++ } ++ } ++ ++ /* now that the skb is linearized, it's safe to set these. */ ++ app_data = skb->data + app_data_offset(skb); ++ appdatalen = skb_tail_pointer(skb) - app_data; ++ ++ /* the return value gets checked later, when we're ready to use it */ ++ comppattern = compile_and_cache(info->pattern, info->protocol); ++ ++ /* On the first packet of a connection, allocate space for app data */ ++ if(TOTAL_PACKETS == 1 && !skb->cb[0] && ++ !master_conntrack->layer7.app_data){ ++ master_conntrack->layer7.app_data = ++ kmalloc(maxdatalen, GFP_ATOMIC); ++ if(!master_conntrack->layer7.app_data){ ++ if (net_ratelimit()) ++ printk(KERN_ERR "layer7: out of memory in " ++ "match, bailing.\n"); ++ spin_unlock_bh(&l7_lock); ++ return info->invert; ++ } ++ ++ master_conntrack->layer7.app_data[0] = '\0'; ++ } ++ ++ /* Can be here, but unallocated, if numpackets is increased near ++ the beginning of a connection */ ++ if(master_conntrack->layer7.app_data == NULL){ ++ spin_unlock_bh(&l7_lock); ++ return (info->invert); /* unmatched */ ++ } ++ ++ if(!skb->cb[0]){ ++ int newbytes; ++ newbytes = add_data(master_conntrack, app_data, appdatalen); ++ ++ if(newbytes == 0) { /* didn't add any data */ ++ skb->cb[0] = 1; ++ /* Didn't match before, not going to match now */ ++ spin_unlock_bh(&l7_lock); ++ return info->invert; ++ } ++ } ++ ++ /* If looking for "unknown", then never match. "Unknown" means that ++ we've given up; we're still trying with these packets. */ ++ if(!strcmp(info->protocol, "unknown")) { ++ pattern_result = 0; ++ /* If looking for "unset", then always match. "Unset" means that we ++ haven't yet classified the connection. */ ++ } else if(!strcmp(info->protocol, "unset")) { ++ pattern_result = 2; ++ DPRINTK("layer7: matched unset: not yet classified " ++ "(%d/%d packets)\n", TOTAL_PACKETS, num_packets); ++ /* If the regexp failed to compile, don't bother running it */ ++ } else if(comppattern && ++ regexec(comppattern, master_conntrack->layer7.app_data)){ ++ DPRINTK("layer7: matched %s\n", info->protocol); ++ pattern_result = 1; ++ } else pattern_result = 0; ++ ++ if(pattern_result == 1) { ++ master_conntrack->layer7.app_proto = ++ kmalloc(strlen(info->protocol)+1, GFP_ATOMIC); ++ if(!master_conntrack->layer7.app_proto){ ++ if (net_ratelimit()) ++ printk(KERN_ERR "layer7: out of memory in " ++ "match, bailing.\n"); ++ spin_unlock_bh(&l7_lock); ++ return (pattern_result ^ info->invert); ++ } ++ strcpy(master_conntrack->layer7.app_proto, info->protocol); ++ } else if(pattern_result > 1) { /* cleanup from "unset" */ ++ pattern_result = 1; ++ } ++ ++ /* mark the packet seen */ ++ skb->cb[0] = 1; ++ ++ spin_unlock_bh(&l7_lock); ++ return (pattern_result ^ info->invert); ++} ++ ++static bool check(const char *tablename, ++ const void *inf, ++ const struct xt_match *match, ++ void *matchinfo, ++ unsigned int hook_mask) ++ ++{ ++ // load nf_conntrack_ipv4 ++ if (nf_ct_l3proto_try_module_get(match->family) < 0) { ++ printk(KERN_WARNING "can't load conntrack support for " ++ "proto=%d\n", match->family); ++ return false; ++ } ++ return true; ++} ++ ++static void ++destroy(const struct xt_match *match, void *matchinfo) ++{ ++ nf_ct_l3proto_module_put(match->family); ++} ++ ++static struct xt_match xt_layer7_match[] = { ++{ ++ .name = "layer7", ++ .family = AF_INET, ++ .checkentry = check, ++ .match = match, ++ .destroy = destroy, ++ .matchsize = sizeof(struct xt_layer7_info), ++ .me = THIS_MODULE ++} ++}; ++ ++static void layer7_cleanup_proc(void) ++{ ++#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,23) ++ remove_proc_entry("layer7_numpackets", proc_net); ++#else ++ remove_proc_entry("layer7_numpackets", init_net.proc_net); ++#endif ++} ++ ++/* register the proc file */ ++static void layer7_init_proc(void) ++{ ++ struct proc_dir_entry* entry; ++#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,23) ++ entry = create_proc_entry("layer7_numpackets", 0644, proc_net); ++#else ++ entry = create_proc_entry("layer7_numpackets", 0644, init_net.proc_net); ++#endif ++ entry->read_proc = layer7_read_proc; ++ entry->write_proc = layer7_write_proc; ++} ++ ++static int __init xt_layer7_init(void) ++{ ++ need_conntrack(); ++ ++ layer7_init_proc(); ++ if(maxdatalen < 1) { ++ printk(KERN_WARNING "layer7: maxdatalen can't be < 1, " ++ "using 1\n"); ++ maxdatalen = 1; ++ } ++ /* This is not a hard limit. It's just here to prevent people from ++ bringing their slow machines to a grinding halt. */ ++ else if(maxdatalen > 65536) { ++ printk(KERN_WARNING "layer7: maxdatalen can't be > 65536, " ++ "using 65536\n"); ++ maxdatalen = 65536; ++ } ++ return xt_register_matches(xt_layer7_match, ++ ARRAY_SIZE(xt_layer7_match)); ++} ++ ++static void __exit xt_layer7_fini(void) ++{ ++ layer7_cleanup_proc(); ++ xt_unregister_matches(xt_layer7_match, ARRAY_SIZE(xt_layer7_match)); ++} ++ ++module_init(xt_layer7_init); ++module_exit(xt_layer7_fini); +--- /dev/null ++++ b/net/netfilter/regexp/regexp.c +@@ -0,0 +1,1197 @@ ++/* ++ * regcomp and regexec -- regsub and regerror are elsewhere ++ * @(#)regexp.c 1.3 of 18 April 87 ++ * ++ * Copyright (c) 1986 by University of Toronto. ++ * Written by Henry Spencer. Not derived from licensed software. ++ * ++ * Permission is granted to anyone to use this software for any ++ * purpose on any computer system, and to redistribute it freely, ++ * subject to the following restrictions: ++ * ++ * 1. The author is not responsible for the consequences of use of ++ * this software, no matter how awful, even if they arise ++ * from defects in it. ++ * ++ * 2. The origin of this software must not be misrepresented, either ++ * by explicit claim or by omission. ++ * ++ * 3. Altered versions must be plainly marked as such, and must not ++ * be misrepresented as being the original software. ++ * ++ * Beware that some of this code is subtly aware of the way operator ++ * precedence is structured in regular expressions. Serious changes in ++ * regular-expression syntax might require a total rethink. ++ * ++ * This code was modified by Ethan Sommer to work within the kernel ++ * (it now uses kmalloc etc..) ++ * ++ * Modified slightly by Matthew Strait to use more modern C. ++ */ ++ ++#include "regexp.h" ++#include "regmagic.h" ++ ++/* added by ethan and matt. Lets it work in both kernel and user space. ++(So iptables can use it, for instance.) Yea, it goes both ways... */ ++#if __KERNEL__ ++ #define malloc(foo) kmalloc(foo,GFP_ATOMIC) ++#else ++ #define printk(format,args...) printf(format,##args) ++#endif ++ ++void regerror(char * s) ++{ ++ printk("<3>Regexp: %s\n", s); ++ /* NOTREACHED */ ++} ++ ++/* ++ * The "internal use only" fields in regexp.h are present to pass info from ++ * compile to execute that permits the execute phase to run lots faster on ++ * simple cases. They are: ++ * ++ * regstart char that must begin a match; '\0' if none obvious ++ * reganch is the match anchored (at beginning-of-line only)? ++ * regmust string (pointer into program) that match must include, or NULL ++ * regmlen length of regmust string ++ * ++ * Regstart and reganch permit very fast decisions on suitable starting points ++ * for a match, cutting down the work a lot. Regmust permits fast rejection ++ * of lines that cannot possibly match. The regmust tests are costly enough ++ * that regcomp() supplies a regmust only if the r.e. contains something ++ * potentially expensive (at present, the only such thing detected is * or + ++ * at the start of the r.e., which can involve a lot of backup). Regmlen is ++ * supplied because the test in regexec() needs it and regcomp() is computing ++ * it anyway. ++ */ ++ ++/* ++ * Structure for regexp "program". This is essentially a linear encoding ++ * of a nondeterministic finite-state machine (aka syntax charts or ++ * "railroad normal form" in parsing technology). Each node is an opcode ++ * plus a "next" pointer, possibly plus an operand. "Next" pointers of ++ * all nodes except BRANCH implement concatenation; a "next" pointer with ++ * a BRANCH on both ends of it is connecting two alternatives. (Here we ++ * have one of the subtle syntax dependencies: an individual BRANCH (as ++ * opposed to a collection of them) is never concatenated with anything ++ * because of operator precedence.) The operand of some types of node is ++ * a literal string; for others, it is a node leading into a sub-FSM. In ++ * particular, the operand of a BRANCH node is the first node of the branch. ++ * (NB this is *not* a tree structure: the tail of the branch connects ++ * to the thing following the set of BRANCHes.) The opcodes are: ++ */ ++ ++/* definition number opnd? meaning */ ++#define END 0 /* no End of program. */ ++#define BOL 1 /* no Match "" at beginning of line. */ ++#define EOL 2 /* no Match "" at end of line. */ ++#define ANY 3 /* no Match any one character. */ ++#define ANYOF 4 /* str Match any character in this string. */ ++#define ANYBUT 5 /* str Match any character not in this string. */ ++#define BRANCH 6 /* node Match this alternative, or the next... */ ++#define BACK 7 /* no Match "", "next" ptr points backward. */ ++#define EXACTLY 8 /* str Match this string. */ ++#define NOTHING 9 /* no Match empty string. */ ++#define STAR 10 /* node Match this (simple) thing 0 or more times. */ ++#define PLUS 11 /* node Match this (simple) thing 1 or more times. */ ++#define OPEN 20 /* no Mark this point in input as start of #n. */ ++ /* OPEN+1 is number 1, etc. */ ++#define CLOSE 30 /* no Analogous to OPEN. */ ++ ++/* ++ * Opcode notes: ++ * ++ * BRANCH The set of branches constituting a single choice are hooked ++ * together with their "next" pointers, since precedence prevents ++ * anything being concatenated to any individual branch. The ++ * "next" pointer of the last BRANCH in a choice points to the ++ * thing following the whole choice. This is also where the ++ * final "next" pointer of each individual branch points; each ++ * branch starts with the operand node of a BRANCH node. ++ * ++ * BACK Normal "next" pointers all implicitly point forward; BACK ++ * exists to make loop structures possible. ++ * ++ * STAR,PLUS '?', and complex '*' and '+', are implemented as circular ++ * BRANCH structures using BACK. Simple cases (one character ++ * per match) are implemented with STAR and PLUS for speed ++ * and to minimize recursive plunges. ++ * ++ * OPEN,CLOSE ...are numbered at compile time. ++ */ ++ ++/* ++ * A node is one char of opcode followed by two chars of "next" pointer. ++ * "Next" pointers are stored as two 8-bit pieces, high order first. The ++ * value is a positive offset from the opcode of the node containing it. ++ * An operand, if any, simply follows the node. (Note that much of the ++ * code generation knows about this implicit relationship.) ++ * ++ * Using two bytes for the "next" pointer is vast overkill for most things, ++ * but allows patterns to get big without disasters. ++ */ ++#define OP(p) (*(p)) ++#define NEXT(p) (((*((p)+1)&0377)<<8) + (*((p)+2)&0377)) ++#define OPERAND(p) ((p) + 3) ++ ++/* ++ * See regmagic.h for one further detail of program structure. ++ */ ++ ++ ++/* ++ * Utility definitions. ++ */ ++#ifndef CHARBITS ++#define UCHARAT(p) ((int)*(unsigned char *)(p)) ++#else ++#define UCHARAT(p) ((int)*(p)&CHARBITS) ++#endif ++ ++#define FAIL(m) { regerror(m); return(NULL); } ++#define ISMULT(c) ((c) == '*' || (c) == '+' || (c) == '?') ++#define META "^$.[()|?+*\\" ++ ++/* ++ * Flags to be passed up and down. ++ */ ++#define HASWIDTH 01 /* Known never to match null string. */ ++#define SIMPLE 02 /* Simple enough to be STAR/PLUS operand. */ ++#define SPSTART 04 /* Starts with * or +. */ ++#define WORST 0 /* Worst case. */ ++ ++/* ++ * Global work variables for regcomp(). ++ */ ++struct match_globals { ++char *reginput; /* String-input pointer. */ ++char *regbol; /* Beginning of input, for ^ check. */ ++char **regstartp; /* Pointer to startp array. */ ++char **regendp; /* Ditto for endp. */ ++char *regparse; /* Input-scan pointer. */ ++int regnpar; /* () count. */ ++char regdummy; ++char *regcode; /* Code-emit pointer; ®dummy = don't. */ ++long regsize; /* Code size. */ ++}; ++ ++/* ++ * Forward declarations for regcomp()'s friends. ++ */ ++#ifndef STATIC ++#define STATIC static ++#endif ++STATIC char *reg(struct match_globals *g, int paren,int *flagp); ++STATIC char *regbranch(struct match_globals *g, int *flagp); ++STATIC char *regpiece(struct match_globals *g, int *flagp); ++STATIC char *regatom(struct match_globals *g, int *flagp); ++STATIC char *regnode(struct match_globals *g, char op); ++STATIC char *regnext(struct match_globals *g, char *p); ++STATIC void regc(struct match_globals *g, char b); ++STATIC void reginsert(struct match_globals *g, char op, char *opnd); ++STATIC void regtail(struct match_globals *g, char *p, char *val); ++STATIC void regoptail(struct match_globals *g, char *p, char *val); ++ ++ ++__kernel_size_t my_strcspn(const char *s1,const char *s2) ++{ ++ char *scan1; ++ char *scan2; ++ int count; ++ ++ count = 0; ++ for (scan1 = (char *)s1; *scan1 != '\0'; scan1++) { ++ for (scan2 = (char *)s2; *scan2 != '\0';) /* ++ moved down. */ ++ if (*scan1 == *scan2++) ++ return(count); ++ count++; ++ } ++ return(count); ++} ++ ++/* ++ - regcomp - compile a regular expression into internal code ++ * ++ * We can't allocate space until we know how big the compiled form will be, ++ * but we can't compile it (and thus know how big it is) until we've got a ++ * place to put the code. So we cheat: we compile it twice, once with code ++ * generation turned off and size counting turned on, and once "for real". ++ * This also means that we don't allocate space until we are sure that the ++ * thing really will compile successfully, and we never have to move the ++ * code and thus invalidate pointers into it. (Note that it has to be in ++ * one piece because free() must be able to free it all.) ++ * ++ * Beware that the optimization-preparation code in here knows about some ++ * of the structure of the compiled regexp. ++ */ ++regexp * ++regcomp(char *exp,int *patternsize) ++{ ++ register regexp *r; ++ register char *scan; ++ register char *longest; ++ register int len; ++ int flags; ++ struct match_globals g; ++ ++ /* commented out by ethan ++ extern char *malloc(); ++ */ ++ ++ if (exp == NULL) ++ FAIL("NULL argument"); ++ ++ /* First pass: determine size, legality. */ ++ g.regparse = exp; ++ g.regnpar = 1; ++ g.regsize = 0L; ++ g.regcode = &g.regdummy; ++ regc(&g, MAGIC); ++ if (reg(&g, 0, &flags) == NULL) ++ return(NULL); ++ ++ /* Small enough for pointer-storage convention? */ ++ if (g.regsize >= 32767L) /* Probably could be 65535L. */ ++ FAIL("regexp too big"); ++ ++ /* Allocate space. */ ++ *patternsize=sizeof(regexp) + (unsigned)g.regsize; ++ r = (regexp *)malloc(sizeof(regexp) + (unsigned)g.regsize); ++ if (r == NULL) ++ FAIL("out of space"); ++ ++ /* Second pass: emit code. */ ++ g.regparse = exp; ++ g.regnpar = 1; ++ g.regcode = r->program; ++ regc(&g, MAGIC); ++ if (reg(&g, 0, &flags) == NULL) ++ return(NULL); ++ ++ /* Dig out information for optimizations. */ ++ r->regstart = '\0'; /* Worst-case defaults. */ ++ r->reganch = 0; ++ r->regmust = NULL; ++ r->regmlen = 0; ++ scan = r->program+1; /* First BRANCH. */ ++ if (OP(regnext(&g, scan)) == END) { /* Only one top-level choice. */ ++ scan = OPERAND(scan); ++ ++ /* Starting-point info. */ ++ if (OP(scan) == EXACTLY) ++ r->regstart = *OPERAND(scan); ++ else if (OP(scan) == BOL) ++ r->reganch++; ++ ++ /* ++ * If there's something expensive in the r.e., find the ++ * longest literal string that must appear and make it the ++ * regmust. Resolve ties in favor of later strings, since ++ * the regstart check works with the beginning of the r.e. ++ * and avoiding duplication strengthens checking. Not a ++ * strong reason, but sufficient in the absence of others. ++ */ ++ if (flags&SPSTART) { ++ longest = NULL; ++ len = 0; ++ for (; scan != NULL; scan = regnext(&g, scan)) ++ if (OP(scan) == EXACTLY && strlen(OPERAND(scan)) >= len) { ++ longest = OPERAND(scan); ++ len = strlen(OPERAND(scan)); ++ } ++ r->regmust = longest; ++ r->regmlen = len; ++ } ++ } ++ ++ return(r); ++} ++ ++/* ++ - reg - regular expression, i.e. main body or parenthesized thing ++ * ++ * Caller must absorb opening parenthesis. ++ * ++ * Combining parenthesis handling with the base level of regular expression ++ * is a trifle forced, but the need to tie the tails of the branches to what ++ * follows makes it hard to avoid. ++ */ ++static char * ++reg(struct match_globals *g, int paren, int *flagp /* Parenthesized? */ ) ++{ ++ register char *ret; ++ register char *br; ++ register char *ender; ++ register int parno = 0; /* 0 makes gcc happy */ ++ int flags; ++ ++ *flagp = HASWIDTH; /* Tentatively. */ ++ ++ /* Make an OPEN node, if parenthesized. */ ++ if (paren) { ++ if (g->regnpar >= NSUBEXP) ++ FAIL("too many ()"); ++ parno = g->regnpar; ++ g->regnpar++; ++ ret = regnode(g, OPEN+parno); ++ } else ++ ret = NULL; ++ ++ /* Pick up the branches, linking them together. */ ++ br = regbranch(g, &flags); ++ if (br == NULL) ++ return(NULL); ++ if (ret != NULL) ++ regtail(g, ret, br); /* OPEN -> first. */ ++ else ++ ret = br; ++ if (!(flags&HASWIDTH)) ++ *flagp &= ~HASWIDTH; ++ *flagp |= flags&SPSTART; ++ while (*g->regparse == '|') { ++ g->regparse++; ++ br = regbranch(g, &flags); ++ if (br == NULL) ++ return(NULL); ++ regtail(g, ret, br); /* BRANCH -> BRANCH. */ ++ if (!(flags&HASWIDTH)) ++ *flagp &= ~HASWIDTH; ++ *flagp |= flags&SPSTART; ++ } ++ ++ /* Make a closing node, and hook it on the end. */ ++ ender = regnode(g, (paren) ? CLOSE+parno : END); ++ regtail(g, ret, ender); ++ ++ /* Hook the tails of the branches to the closing node. */ ++ for (br = ret; br != NULL; br = regnext(g, br)) ++ regoptail(g, br, ender); ++ ++ /* Check for proper termination. */ ++ if (paren && *g->regparse++ != ')') { ++ FAIL("unmatched ()"); ++ } else if (!paren && *g->regparse != '\0') { ++ if (*g->regparse == ')') { ++ FAIL("unmatched ()"); ++ } else ++ FAIL("junk on end"); /* "Can't happen". */ ++ /* NOTREACHED */ ++ } ++ ++ return(ret); ++} ++ ++/* ++ - regbranch - one alternative of an | operator ++ * ++ * Implements the concatenation operator. ++ */ ++static char * ++regbranch(struct match_globals *g, int *flagp) ++{ ++ register char *ret; ++ register char *chain; ++ register char *latest; ++ int flags; ++ ++ *flagp = WORST; /* Tentatively. */ ++ ++ ret = regnode(g, BRANCH); ++ chain = NULL; ++ while (*g->regparse != '\0' && *g->regparse != '|' && *g->regparse != ')') { ++ latest = regpiece(g, &flags); ++ if (latest == NULL) ++ return(NULL); ++ *flagp |= flags&HASWIDTH; ++ if (chain == NULL) /* First piece. */ ++ *flagp |= flags&SPSTART; ++ else ++ regtail(g, chain, latest); ++ chain = latest; ++ } ++ if (chain == NULL) /* Loop ran zero times. */ ++ (void) regnode(g, NOTHING); ++ ++ return(ret); ++} ++ ++/* ++ - regpiece - something followed by possible [*+?] ++ * ++ * Note that the branching code sequences used for ? and the general cases ++ * of * and + are somewhat optimized: they use the same NOTHING node as ++ * both the endmarker for their branch list and the body of the last branch. ++ * It might seem that this node could be dispensed with entirely, but the ++ * endmarker role is not redundant. ++ */ ++static char * ++regpiece(struct match_globals *g, int *flagp) ++{ ++ register char *ret; ++ register char op; ++ register char *next; ++ int flags; ++ ++ ret = regatom(g, &flags); ++ if (ret == NULL) ++ return(NULL); ++ ++ op = *g->regparse; ++ if (!ISMULT(op)) { ++ *flagp = flags; ++ return(ret); ++ } ++ ++ if (!(flags&HASWIDTH) && op != '?') ++ FAIL("*+ operand could be empty"); ++ *flagp = (op != '+') ? (WORST|SPSTART) : (WORST|HASWIDTH); ++ ++ if (op == '*' && (flags&SIMPLE)) ++ reginsert(g, STAR, ret); ++ else if (op == '*') { ++ /* Emit x* as (x&|), where & means "self". */ ++ reginsert(g, BRANCH, ret); /* Either x */ ++ regoptail(g, ret, regnode(g, BACK)); /* and loop */ ++ regoptail(g, ret, ret); /* back */ ++ regtail(g, ret, regnode(g, BRANCH)); /* or */ ++ regtail(g, ret, regnode(g, NOTHING)); /* null. */ ++ } else if (op == '+' && (flags&SIMPLE)) ++ reginsert(g, PLUS, ret); ++ else if (op == '+') { ++ /* Emit x+ as x(&|), where & means "self". */ ++ next = regnode(g, BRANCH); /* Either */ ++ regtail(g, ret, next); ++ regtail(g, regnode(g, BACK), ret); /* loop back */ ++ regtail(g, next, regnode(g, BRANCH)); /* or */ ++ regtail(g, ret, regnode(g, NOTHING)); /* null. */ ++ } else if (op == '?') { ++ /* Emit x? as (x|) */ ++ reginsert(g, BRANCH, ret); /* Either x */ ++ regtail(g, ret, regnode(g, BRANCH)); /* or */ ++ next = regnode(g, NOTHING); /* null. */ ++ regtail(g, ret, next); ++ regoptail(g, ret, next); ++ } ++ g->regparse++; ++ if (ISMULT(*g->regparse)) ++ FAIL("nested *?+"); ++ ++ return(ret); ++} ++ ++/* ++ - regatom - the lowest level ++ * ++ * Optimization: gobbles an entire sequence of ordinary characters so that ++ * it can turn them into a single node, which is smaller to store and ++ * faster to run. Backslashed characters are exceptions, each becoming a ++ * separate node; the code is simpler that way and it's not worth fixing. ++ */ ++static char * ++regatom(struct match_globals *g, int *flagp) ++{ ++ register char *ret; ++ int flags; ++ ++ *flagp = WORST; /* Tentatively. */ ++ ++ switch (*g->regparse++) { ++ case '^': ++ ret = regnode(g, BOL); ++ break; ++ case '$': ++ ret = regnode(g, EOL); ++ break; ++ case '.': ++ ret = regnode(g, ANY); ++ *flagp |= HASWIDTH|SIMPLE; ++ break; ++ case '[': { ++ register int class; ++ register int classend; ++ ++ if (*g->regparse == '^') { /* Complement of range. */ ++ ret = regnode(g, ANYBUT); ++ g->regparse++; ++ } else ++ ret = regnode(g, ANYOF); ++ if (*g->regparse == ']' || *g->regparse == '-') ++ regc(g, *g->regparse++); ++ while (*g->regparse != '\0' && *g->regparse != ']') { ++ if (*g->regparse == '-') { ++ g->regparse++; ++ if (*g->regparse == ']' || *g->regparse == '\0') ++ regc(g, '-'); ++ else { ++ class = UCHARAT(g->regparse-2)+1; ++ classend = UCHARAT(g->regparse); ++ if (class > classend+1) ++ FAIL("invalid [] range"); ++ for (; class <= classend; class++) ++ regc(g, class); ++ g->regparse++; ++ } ++ } else ++ regc(g, *g->regparse++); ++ } ++ regc(g, '\0'); ++ if (*g->regparse != ']') ++ FAIL("unmatched []"); ++ g->regparse++; ++ *flagp |= HASWIDTH|SIMPLE; ++ } ++ break; ++ case '(': ++ ret = reg(g, 1, &flags); ++ if (ret == NULL) ++ return(NULL); ++ *flagp |= flags&(HASWIDTH|SPSTART); ++ break; ++ case '\0': ++ case '|': ++ case ')': ++ FAIL("internal urp"); /* Supposed to be caught earlier. */ ++ break; ++ case '?': ++ case '+': ++ case '*': ++ FAIL("?+* follows nothing"); ++ break; ++ case '\\': ++ if (*g->regparse == '\0') ++ FAIL("trailing \\"); ++ ret = regnode(g, EXACTLY); ++ regc(g, *g->regparse++); ++ regc(g, '\0'); ++ *flagp |= HASWIDTH|SIMPLE; ++ break; ++ default: { ++ register int len; ++ register char ender; ++ ++ g->regparse--; ++ len = my_strcspn((const char *)g->regparse, (const char *)META); ++ if (len <= 0) ++ FAIL("internal disaster"); ++ ender = *(g->regparse+len); ++ if (len > 1 && ISMULT(ender)) ++ len--; /* Back off clear of ?+* operand. */ ++ *flagp |= HASWIDTH; ++ if (len == 1) ++ *flagp |= SIMPLE; ++ ret = regnode(g, EXACTLY); ++ while (len > 0) { ++ regc(g, *g->regparse++); ++ len--; ++ } ++ regc(g, '\0'); ++ } ++ break; ++ } ++ ++ return(ret); ++} ++ ++/* ++ - regnode - emit a node ++ */ ++static char * /* Location. */ ++regnode(struct match_globals *g, char op) ++{ ++ register char *ret; ++ register char *ptr; ++ ++ ret = g->regcode; ++ if (ret == &g->regdummy) { ++ g->regsize += 3; ++ return(ret); ++ } ++ ++ ptr = ret; ++ *ptr++ = op; ++ *ptr++ = '\0'; /* Null "next" pointer. */ ++ *ptr++ = '\0'; ++ g->regcode = ptr; ++ ++ return(ret); ++} ++ ++/* ++ - regc - emit (if appropriate) a byte of code ++ */ ++static void ++regc(struct match_globals *g, char b) ++{ ++ if (g->regcode != &g->regdummy) ++ *g->regcode++ = b; ++ else ++ g->regsize++; ++} ++ ++/* ++ - reginsert - insert an operator in front of already-emitted operand ++ * ++ * Means relocating the operand. ++ */ ++static void ++reginsert(struct match_globals *g, char op, char* opnd) ++{ ++ register char *src; ++ register char *dst; ++ register char *place; ++ ++ if (g->regcode == &g->regdummy) { ++ g->regsize += 3; ++ return; ++ } ++ ++ src = g->regcode; ++ g->regcode += 3; ++ dst = g->regcode; ++ while (src > opnd) ++ *--dst = *--src; ++ ++ place = opnd; /* Op node, where operand used to be. */ ++ *place++ = op; ++ *place++ = '\0'; ++ *place++ = '\0'; ++} ++ ++/* ++ - regtail - set the next-pointer at the end of a node chain ++ */ ++static void ++regtail(struct match_globals *g, char *p, char *val) ++{ ++ register char *scan; ++ register char *temp; ++ register int offset; ++ ++ if (p == &g->regdummy) ++ return; ++ ++ /* Find last node. */ ++ scan = p; ++ for (;;) { ++ temp = regnext(g, scan); ++ if (temp == NULL) ++ break; ++ scan = temp; ++ } ++ ++ if (OP(scan) == BACK) ++ offset = scan - val; ++ else ++ offset = val - scan; ++ *(scan+1) = (offset>>8)&0377; ++ *(scan+2) = offset&0377; ++} ++ ++/* ++ - regoptail - regtail on operand of first argument; nop if operandless ++ */ ++static void ++regoptail(struct match_globals *g, char *p, char *val) ++{ ++ /* "Operandless" and "op != BRANCH" are synonymous in practice. */ ++ if (p == NULL || p == &g->regdummy || OP(p) != BRANCH) ++ return; ++ regtail(g, OPERAND(p), val); ++} ++ ++/* ++ * regexec and friends ++ */ ++ ++ ++/* ++ * Forwards. ++ */ ++STATIC int regtry(struct match_globals *g, regexp *prog, char *string); ++STATIC int regmatch(struct match_globals *g, char *prog); ++STATIC int regrepeat(struct match_globals *g, char *p); ++ ++#ifdef DEBUG ++int regnarrate = 0; ++void regdump(); ++STATIC char *regprop(char *op); ++#endif ++ ++/* ++ - regexec - match a regexp against a string ++ */ ++int ++regexec(regexp *prog, char *string) ++{ ++ register char *s; ++ struct match_globals g; ++ ++ /* Be paranoid... */ ++ if (prog == NULL || string == NULL) { ++ printk("<3>Regexp: NULL parameter\n"); ++ return(0); ++ } ++ ++ /* Check validity of program. */ ++ if (UCHARAT(prog->program) != MAGIC) { ++ printk("<3>Regexp: corrupted program\n"); ++ return(0); ++ } ++ ++ /* If there is a "must appear" string, look for it. */ ++ if (prog->regmust != NULL) { ++ s = string; ++ while ((s = strchr(s, prog->regmust[0])) != NULL) { ++ if (strncmp(s, prog->regmust, prog->regmlen) == 0) ++ break; /* Found it. */ ++ s++; ++ } ++ if (s == NULL) /* Not present. */ ++ return(0); ++ } ++ ++ /* Mark beginning of line for ^ . */ ++ g.regbol = string; ++ ++ /* Simplest case: anchored match need be tried only once. */ ++ if (prog->reganch) ++ return(regtry(&g, prog, string)); ++ ++ /* Messy cases: unanchored match. */ ++ s = string; ++ if (prog->regstart != '\0') ++ /* We know what char it must start with. */ ++ while ((s = strchr(s, prog->regstart)) != NULL) { ++ if (regtry(&g, prog, s)) ++ return(1); ++ s++; ++ } ++ else ++ /* We don't -- general case. */ ++ do { ++ if (regtry(&g, prog, s)) ++ return(1); ++ } while (*s++ != '\0'); ++ ++ /* Failure. */ ++ return(0); ++} ++ ++/* ++ - regtry - try match at specific point ++ */ ++static int /* 0 failure, 1 success */ ++regtry(struct match_globals *g, regexp *prog, char *string) ++{ ++ register int i; ++ register char **sp; ++ register char **ep; ++ ++ g->reginput = string; ++ g->regstartp = prog->startp; ++ g->regendp = prog->endp; ++ ++ sp = prog->startp; ++ ep = prog->endp; ++ for (i = NSUBEXP; i > 0; i--) { ++ *sp++ = NULL; ++ *ep++ = NULL; ++ } ++ if (regmatch(g, prog->program + 1)) { ++ prog->startp[0] = string; ++ prog->endp[0] = g->reginput; ++ return(1); ++ } else ++ return(0); ++} ++ ++/* ++ - regmatch - main matching routine ++ * ++ * Conceptually the strategy is simple: check to see whether the current ++ * node matches, call self recursively to see whether the rest matches, ++ * and then act accordingly. In practice we make some effort to avoid ++ * recursion, in particular by going through "ordinary" nodes (that don't ++ * need to know whether the rest of the match failed) by a loop instead of ++ * by recursion. ++ */ ++static int /* 0 failure, 1 success */ ++regmatch(struct match_globals *g, char *prog) ++{ ++ register char *scan = prog; /* Current node. */ ++ char *next; /* Next node. */ ++ ++#ifdef DEBUG ++ if (scan != NULL && regnarrate) ++ fprintf(stderr, "%s(\n", regprop(scan)); ++#endif ++ while (scan != NULL) { ++#ifdef DEBUG ++ if (regnarrate) ++ fprintf(stderr, "%s...\n", regprop(scan)); ++#endif ++ next = regnext(g, scan); ++ ++ switch (OP(scan)) { ++ case BOL: ++ if (g->reginput != g->regbol) ++ return(0); ++ break; ++ case EOL: ++ if (*g->reginput != '\0') ++ return(0); ++ break; ++ case ANY: ++ if (*g->reginput == '\0') ++ return(0); ++ g->reginput++; ++ break; ++ case EXACTLY: { ++ register int len; ++ register char *opnd; ++ ++ opnd = OPERAND(scan); ++ /* Inline the first character, for speed. */ ++ if (*opnd != *g->reginput) ++ return(0); ++ len = strlen(opnd); ++ if (len > 1 && strncmp(opnd, g->reginput, len) != 0) ++ return(0); ++ g->reginput += len; ++ } ++ break; ++ case ANYOF: ++ if (*g->reginput == '\0' || strchr(OPERAND(scan), *g->reginput) == NULL) ++ return(0); ++ g->reginput++; ++ break; ++ case ANYBUT: ++ if (*g->reginput == '\0' || strchr(OPERAND(scan), *g->reginput) != NULL) ++ return(0); ++ g->reginput++; ++ break; ++ case NOTHING: ++ case BACK: ++ break; ++ case OPEN+1: ++ case OPEN+2: ++ case OPEN+3: ++ case OPEN+4: ++ case OPEN+5: ++ case OPEN+6: ++ case OPEN+7: ++ case OPEN+8: ++ case OPEN+9: { ++ register int no; ++ register char *save; ++ ++ no = OP(scan) - OPEN; ++ save = g->reginput; ++ ++ if (regmatch(g, next)) { ++ /* ++ * Don't set startp if some later ++ * invocation of the same parentheses ++ * already has. ++ */ ++ if (g->regstartp[no] == NULL) ++ g->regstartp[no] = save; ++ return(1); ++ } else ++ return(0); ++ } ++ break; ++ case CLOSE+1: ++ case CLOSE+2: ++ case CLOSE+3: ++ case CLOSE+4: ++ case CLOSE+5: ++ case CLOSE+6: ++ case CLOSE+7: ++ case CLOSE+8: ++ case CLOSE+9: ++ { ++ register int no; ++ register char *save; ++ ++ no = OP(scan) - CLOSE; ++ save = g->reginput; ++ ++ if (regmatch(g, next)) { ++ /* ++ * Don't set endp if some later ++ * invocation of the same parentheses ++ * already has. ++ */ ++ if (g->regendp[no] == NULL) ++ g->regendp[no] = save; ++ return(1); ++ } else ++ return(0); ++ } ++ break; ++ case BRANCH: { ++ register char *save; ++ ++ if (OP(next) != BRANCH) /* No choice. */ ++ next = OPERAND(scan); /* Avoid recursion. */ ++ else { ++ do { ++ save = g->reginput; ++ if (regmatch(g, OPERAND(scan))) ++ return(1); ++ g->reginput = save; ++ scan = regnext(g, scan); ++ } while (scan != NULL && OP(scan) == BRANCH); ++ return(0); ++ /* NOTREACHED */ ++ } ++ } ++ break; ++ case STAR: ++ case PLUS: { ++ register char nextch; ++ register int no; ++ register char *save; ++ register int min; ++ ++ /* ++ * Lookahead to avoid useless match attempts ++ * when we know what character comes next. ++ */ ++ nextch = '\0'; ++ if (OP(next) == EXACTLY) ++ nextch = *OPERAND(next); ++ min = (OP(scan) == STAR) ? 0 : 1; ++ save = g->reginput; ++ no = regrepeat(g, OPERAND(scan)); ++ while (no >= min) { ++ /* If it could work, try it. */ ++ if (nextch == '\0' || *g->reginput == nextch) ++ if (regmatch(g, next)) ++ return(1); ++ /* Couldn't or didn't -- back up. */ ++ no--; ++ g->reginput = save + no; ++ } ++ return(0); ++ } ++ break; ++ case END: ++ return(1); /* Success! */ ++ break; ++ default: ++ printk("<3>Regexp: memory corruption\n"); ++ return(0); ++ break; ++ } ++ ++ scan = next; ++ } ++ ++ /* ++ * We get here only if there's trouble -- normally "case END" is ++ * the terminating point. ++ */ ++ printk("<3>Regexp: corrupted pointers\n"); ++ return(0); ++} ++ ++/* ++ - regrepeat - repeatedly match something simple, report how many ++ */ ++static int ++regrepeat(struct match_globals *g, char *p) ++{ ++ register int count = 0; ++ register char *scan; ++ register char *opnd; ++ ++ scan = g->reginput; ++ opnd = OPERAND(p); ++ switch (OP(p)) { ++ case ANY: ++ count = strlen(scan); ++ scan += count; ++ break; ++ case EXACTLY: ++ while (*opnd == *scan) { ++ count++; ++ scan++; ++ } ++ break; ++ case ANYOF: ++ while (*scan != '\0' && strchr(opnd, *scan) != NULL) { ++ count++; ++ scan++; ++ } ++ break; ++ case ANYBUT: ++ while (*scan != '\0' && strchr(opnd, *scan) == NULL) { ++ count++; ++ scan++; ++ } ++ break; ++ default: /* Oh dear. Called inappropriately. */ ++ printk("<3>Regexp: internal foulup\n"); ++ count = 0; /* Best compromise. */ ++ break; ++ } ++ g->reginput = scan; ++ ++ return(count); ++} ++ ++/* ++ - regnext - dig the "next" pointer out of a node ++ */ ++static char* ++regnext(struct match_globals *g, char *p) ++{ ++ register int offset; ++ ++ if (p == &g->regdummy) ++ return(NULL); ++ ++ offset = NEXT(p); ++ if (offset == 0) ++ return(NULL); ++ ++ if (OP(p) == BACK) ++ return(p-offset); ++ else ++ return(p+offset); ++} ++ ++#ifdef DEBUG ++ ++STATIC char *regprop(); ++ ++/* ++ - regdump - dump a regexp onto stdout in vaguely comprehensible form ++ */ ++void ++regdump(regexp *r) ++{ ++ register char *s; ++ register char op = EXACTLY; /* Arbitrary non-END op. */ ++ register char *next; ++ /* extern char *strchr(); */ ++ ++ ++ s = r->program + 1; ++ while (op != END) { /* While that wasn't END last time... */ ++ op = OP(s); ++ printf("%2d%s", s-r->program, regprop(s)); /* Where, what. */ ++ next = regnext(s); ++ if (next == NULL) /* Next ptr. */ ++ printf("(0)"); ++ else ++ printf("(%d)", (s-r->program)+(next-s)); ++ s += 3; ++ if (op == ANYOF || op == ANYBUT || op == EXACTLY) { ++ /* Literal string, where present. */ ++ while (*s != '\0') { ++ putchar(*s); ++ s++; ++ } ++ s++; ++ } ++ putchar('\n'); ++ } ++ ++ /* Header fields of interest. */ ++ if (r->regstart != '\0') ++ printf("start `%c' ", r->regstart); ++ if (r->reganch) ++ printf("anchored "); ++ if (r->regmust != NULL) ++ printf("must have \"%s\"", r->regmust); ++ printf("\n"); ++} ++ ++/* ++ - regprop - printable representation of opcode ++ */ ++static char * ++regprop(char *op) ++{ ++#define BUFLEN 50 ++ register char *p; ++ static char buf[BUFLEN]; ++ ++ strcpy(buf, ":"); ++ ++ switch (OP(op)) { ++ case BOL: ++ p = "BOL"; ++ break; ++ case EOL: ++ p = "EOL"; ++ break; ++ case ANY: ++ p = "ANY"; ++ break; ++ case ANYOF: ++ p = "ANYOF"; ++ break; ++ case ANYBUT: ++ p = "ANYBUT"; ++ break; ++ case BRANCH: ++ p = "BRANCH"; ++ break; ++ case EXACTLY: ++ p = "EXACTLY"; ++ break; ++ case NOTHING: ++ p = "NOTHING"; ++ break; ++ case BACK: ++ p = "BACK"; ++ break; ++ case END: ++ p = "END"; ++ break; ++ case OPEN+1: ++ case OPEN+2: ++ case OPEN+3: ++ case OPEN+4: ++ case OPEN+5: ++ case OPEN+6: ++ case OPEN+7: ++ case OPEN+8: ++ case OPEN+9: ++ snprintf(buf+strlen(buf),BUFLEN-strlen(buf), "OPEN%d", OP(op)-OPEN); ++ p = NULL; ++ break; ++ case CLOSE+1: ++ case CLOSE+2: ++ case CLOSE+3: ++ case CLOSE+4: ++ case CLOSE+5: ++ case CLOSE+6: ++ case CLOSE+7: ++ case CLOSE+8: ++ case CLOSE+9: ++ snprintf(buf+strlen(buf),BUFLEN-strlen(buf), "CLOSE%d", OP(op)-CLOSE); ++ p = NULL; ++ break; ++ case STAR: ++ p = "STAR"; ++ break; ++ case PLUS: ++ p = "PLUS"; ++ break; ++ default: ++ printk("<3>Regexp: corrupted opcode\n"); ++ break; ++ } ++ if (p != NULL) ++ strncat(buf, p, BUFLEN-strlen(buf)); ++ return(buf); ++} ++#endif ++ ++ +--- /dev/null ++++ b/net/netfilter/regexp/regexp.h +@@ -0,0 +1,41 @@ ++/* ++ * Definitions etc. for regexp(3) routines. ++ * ++ * Caveat: this is V8 regexp(3) [actually, a reimplementation thereof], ++ * not the System V one. ++ */ ++ ++#ifndef REGEXP_H ++#define REGEXP_H ++ ++ ++/* ++http://www.opensource.apple.com/darwinsource/10.3/expect-1/expect/expect.h , ++which contains a version of this library, says: ++ ++ * ++ * NSUBEXP must be at least 10, and no greater than 117 or the parser ++ * will not work properly. ++ * ++ ++However, it looks rather like this library is limited to 10. If you think ++otherwise, let us know. ++*/ ++ ++#define NSUBEXP 10 ++typedef struct regexp { ++ char *startp[NSUBEXP]; ++ char *endp[NSUBEXP]; ++ char regstart; /* Internal use only. */ ++ char reganch; /* Internal use only. */ ++ char *regmust; /* Internal use only. */ ++ int regmlen; /* Internal use only. */ ++ char program[1]; /* Unwarranted chumminess with compiler. */ ++} regexp; ++ ++regexp * regcomp(char *exp, int *patternsize); ++int regexec(regexp *prog, char *string); ++void regsub(regexp *prog, char *source, char *dest); ++void regerror(char *s); ++ ++#endif +--- /dev/null ++++ b/net/netfilter/regexp/regmagic.h +@@ -0,0 +1,5 @@ ++/* ++ * The first byte of the regexp internal "program" is actually this magic ++ * number; the start node begins in the second byte. ++ */ ++#define MAGIC 0234 +--- /dev/null ++++ b/net/netfilter/regexp/regsub.c +@@ -0,0 +1,95 @@ ++/* ++ * regsub ++ * @(#)regsub.c 1.3 of 2 April 86 ++ * ++ * Copyright (c) 1986 by University of Toronto. ++ * Written by Henry Spencer. Not derived from licensed software. ++ * ++ * Permission is granted to anyone to use this software for any ++ * purpose on any computer system, and to redistribute it freely, ++ * subject to the following restrictions: ++ * ++ * 1. The author is not responsible for the consequences of use of ++ * this software, no matter how awful, even if they arise ++ * from defects in it. ++ * ++ * 2. The origin of this software must not be misrepresented, either ++ * by explicit claim or by omission. ++ * ++ * 3. Altered versions must be plainly marked as such, and must not ++ * be misrepresented as being the original software. ++ * ++ * ++ * This code was modified by Ethan Sommer to work within the kernel ++ * (it now uses kmalloc etc..) ++ * ++ */ ++#include "regexp.h" ++#include "regmagic.h" ++#include <linux/string.h> ++ ++ ++#ifndef CHARBITS ++#define UCHARAT(p) ((int)*(unsigned char *)(p)) ++#else ++#define UCHARAT(p) ((int)*(p)&CHARBITS) ++#endif ++ ++#if 0 ++//void regerror(char * s) ++//{ ++// printk("regexp(3): %s", s); ++// /* NOTREACHED */ ++//} ++#endif ++ ++/* ++ - regsub - perform substitutions after a regexp match ++ */ ++void ++regsub(regexp * prog, char * source, char * dest) ++{ ++ register char *src; ++ register char *dst; ++ register char c; ++ register int no; ++ register int len; ++ ++ /* Not necessary and gcc doesn't like it -MLS */ ++ /*extern char *strncpy();*/ ++ ++ if (prog == NULL || source == NULL || dest == NULL) { ++ regerror("NULL parm to regsub"); ++ return; ++ } ++ if (UCHARAT(prog->program) != MAGIC) { ++ regerror("damaged regexp fed to regsub"); ++ return; ++ } ++ ++ src = source; ++ dst = dest; ++ while ((c = *src++) != '\0') { ++ if (c == '&') ++ no = 0; ++ else if (c == '\\' && '0' <= *src && *src <= '9') ++ no = *src++ - '0'; ++ else ++ no = -1; ++ ++ if (no < 0) { /* Ordinary character. */ ++ if (c == '\\' && (*src == '\\' || *src == '&')) ++ c = *src++; ++ *dst++ = c; ++ } else if (prog->startp[no] != NULL && prog->endp[no] != NULL) { ++ len = prog->endp[no] - prog->startp[no]; ++ (void) strncpy(dst, prog->startp[no], len); ++ dst += len; ++ if (len != 0 && *(dst-1) == '\0') { /* strncpy hit NUL. */ ++ regerror("damaged match string"); ++ return; ++ } ++ } ++ } ++ *dst++ = '\0'; ++} +--- a/net/netfilter/nf_conntrack_core.c ++++ b/net/netfilter/nf_conntrack_core.c +@@ -206,6 +206,14 @@ + * too. */ + nf_ct_remove_expectations(ct); + ++ #if defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE) ++ if(ct->layer7.app_proto) ++ kfree(ct->layer7.app_proto); ++ if(ct->layer7.app_data) ++ kfree(ct->layer7.app_data); ++ #endif ++ ++ + /* We overload first tuple to link into unconfirmed list. */ + if (!nf_ct_is_confirmed(ct)) { + BUG_ON(hlist_unhashed(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnode)); +--- a/net/netfilter/nf_conntrack_standalone.c ++++ b/net/netfilter/nf_conntrack_standalone.c +@@ -162,7 +162,12 @@ + return -ENOSPC; + #endif + +- if (seq_printf(s, "use=%u\n", atomic_read(&ct->ct_general.use))) ++#if defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE) ++ if(ct->layer7.app_proto) ++ if(seq_printf(s, "l7proto=%s ", ct->layer7.app_proto)) ++ return -ENOSPC; ++#endif ++ if (seq_printf(s, "asdfuse=%u\n", atomic_read(&ct->ct_general.use))) + return -ENOSPC; + + return 0; +--- a/include/net/netfilter/nf_conntrack.h ++++ b/include/net/netfilter/nf_conntrack.h +@@ -118,6 +118,22 @@ + u_int32_t secmark; + #endif + ++#if defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || \ ++ defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE) ++ struct { ++ /* ++ * e.g. "http". NULL before decision. "unknown" after decision ++ * if no match. ++ */ ++ char *app_proto; ++ /* ++ * application layer data so far. NULL after match decision. ++ */ ++ char *app_data; ++ unsigned int app_data_len; ++ } layer7; ++#endif ++ + /* Storage reserved for other modules: */ + union nf_conntrack_proto proto; + +--- /dev/null ++++ b/include/linux/netfilter/xt_layer7.h +@@ -0,0 +1,13 @@ ++#ifndef _XT_LAYER7_H ++#define _XT_LAYER7_H ++ ++#define MAX_PATTERN_LEN 8192 ++#define MAX_PROTOCOL_LEN 256 ++ ++struct xt_layer7_info { ++ char protocol[MAX_PROTOCOL_LEN]; ++ char pattern[MAX_PATTERN_LEN]; ++ u_int8_t invert; ++}; ++ ++#endif /* _XT_LAYER7_H */ diff --git a/target/linux/generic-2.6/patches-2.6.27/101-netfilter_layer7_pktmatch.patch b/target/linux/generic-2.6/patches-2.6.27/101-netfilter_layer7_pktmatch.patch new file mode 100644 index 0000000000..dff6d188aa --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/101-netfilter_layer7_pktmatch.patch @@ -0,0 +1,108 @@ +--- a/include/linux/netfilter/xt_layer7.h ++++ b/include/linux/netfilter/xt_layer7.h +@@ -8,6 +8,7 @@ + char protocol[MAX_PROTOCOL_LEN]; + char pattern[MAX_PATTERN_LEN]; + u_int8_t invert; ++ u_int8_t pkt; + }; + + #endif /* _XT_LAYER7_H */ +--- a/net/netfilter/xt_layer7.c ++++ b/net/netfilter/xt_layer7.c +@@ -297,34 +297,36 @@ + } + + /* add the new app data to the conntrack. Return number of bytes added. */ +-static int add_data(struct nf_conn * master_conntrack, +- char * app_data, int appdatalen) ++static int add_datastr(char *target, int offset, char *app_data, int len) + { + int length = 0, i; +- int oldlength = master_conntrack->layer7.app_data_len; + +- /* This is a fix for a race condition by Deti Fliegl. However, I'm not +- clear on whether the race condition exists or whether this really +- fixes it. I might just be being dense... Anyway, if it's not really +- a fix, all it does is waste a very small amount of time. */ +- if(!master_conntrack->layer7.app_data) return 0; ++ if (!target) return 0; + + /* Strip nulls. Make everything lower case (our regex lib doesn't + do case insensitivity). Add it to the end of the current data. */ +- for(i = 0; i < maxdatalen-oldlength-1 && +- i < appdatalen; i++) { ++ for(i = 0; i < maxdatalen-offset-1 && i < len; i++) { + if(app_data[i] != '\0') { + /* the kernel version of tolower mungs 'upper ascii' */ +- master_conntrack->layer7.app_data[length+oldlength] = ++ target[length+offset] = + isascii(app_data[i])? + tolower(app_data[i]) : app_data[i]; + length++; + } + } ++ target[length+offset] = '\0'; ++ ++ return length; ++} + +- master_conntrack->layer7.app_data[length+oldlength] = '\0'; +- master_conntrack->layer7.app_data_len = length + oldlength; ++/* add the new app data to the conntrack. Return number of bytes added. */ ++static int add_data(struct nf_conn * master_conntrack, ++ char * app_data, int appdatalen) ++{ ++ int length; + ++ length = add_datastr(master_conntrack->layer7.app_data, master_conntrack->layer7.app_data_len, app_data, appdatalen); ++ master_conntrack->layer7.app_data_len += length; + return length; + } + +@@ -411,7 +413,7 @@ + const struct xt_layer7_info * info = matchinfo; + enum ip_conntrack_info master_ctinfo, ctinfo; + struct nf_conn *master_conntrack, *conntrack; +- unsigned char * app_data; ++ unsigned char *app_data, *tmp_data; + unsigned int pattern_result, appdatalen; + regexp * comppattern; + +@@ -439,8 +441,8 @@ + master_conntrack = master_ct(master_conntrack); + + /* if we've classified it or seen too many packets */ +- if(TOTAL_PACKETS > num_packets || +- master_conntrack->layer7.app_proto) { ++ if(!info->pkt && (TOTAL_PACKETS > num_packets || ++ master_conntrack->layer7.app_proto)) { + + pattern_result = match_no_append(conntrack, master_conntrack, + ctinfo, master_ctinfo, info); +@@ -473,6 +475,25 @@ + /* the return value gets checked later, when we're ready to use it */ + comppattern = compile_and_cache(info->pattern, info->protocol); + ++ if (info->pkt) { ++ tmp_data = kmalloc(maxdatalen, GFP_ATOMIC); ++ if(!tmp_data){ ++ if (net_ratelimit()) ++ printk(KERN_ERR "layer7: out of memory in match, bailing.\n"); ++ return info->invert; ++ } ++ ++ tmp_data[0] = '\0'; ++ add_datastr(tmp_data, 0, app_data, appdatalen); ++ pattern_result = ((comppattern && regexec(comppattern, tmp_data)) ? 1 : 0); ++ ++ kfree(tmp_data); ++ tmp_data = NULL; ++ spin_unlock_bh(&l7_lock); ++ ++ return (pattern_result ^ info->invert); ++ } ++ + /* On the first packet of a connection, allocate space for app data */ + if(TOTAL_PACKETS == 1 && !skb->cb[0] && + !master_conntrack->layer7.app_data){ diff --git a/target/linux/generic-2.6/patches-2.6.27/110-ipp2p_0.8.1rc1.patch b/target/linux/generic-2.6/patches-2.6.27/110-ipp2p_0.8.1rc1.patch new file mode 100644 index 0000000000..e769247c39 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/110-ipp2p_0.8.1rc1.patch @@ -0,0 +1,919 @@ +--- /dev/null ++++ b/include/linux/netfilter_ipv4/ipt_ipp2p.h +@@ -0,0 +1,31 @@ ++#ifndef __IPT_IPP2P_H ++#define __IPT_IPP2P_H ++#define IPP2P_VERSION "0.8.1_rc1" ++ ++struct ipt_p2p_info { ++ int cmd; ++ int debug; ++}; ++ ++#endif //__IPT_IPP2P_H ++ ++#define SHORT_HAND_IPP2P 1 /* --ipp2p switch*/ ++//#define SHORT_HAND_DATA 4 /* --ipp2p-data switch*/ ++#define SHORT_HAND_NONE 5 /* no short hand*/ ++ ++#define IPP2P_EDK (1 << 1) ++#define IPP2P_DATA_KAZAA (1 << 2) ++#define IPP2P_DATA_EDK (1 << 3) ++#define IPP2P_DATA_DC (1 << 4) ++#define IPP2P_DC (1 << 5) ++#define IPP2P_DATA_GNU (1 << 6) ++#define IPP2P_GNU (1 << 7) ++#define IPP2P_KAZAA (1 << 8) ++#define IPP2P_BIT (1 << 9) ++#define IPP2P_APPLE (1 << 10) ++#define IPP2P_SOUL (1 << 11) ++#define IPP2P_WINMX (1 << 12) ++#define IPP2P_ARES (1 << 13) ++#define IPP2P_MUTE (1 << 14) ++#define IPP2P_WASTE (1 << 15) ++#define IPP2P_XDCC (1 << 16) +--- /dev/null ++++ b/net/ipv4/netfilter/ipt_ipp2p.c +@@ -0,0 +1,856 @@ ++#if defined(MODVERSIONS) ++#include <linux/modversions.h> ++#endif ++#include <linux/module.h> ++#include <linux/netfilter_ipv4/ip_tables.h> ++#include <linux/version.h> ++#include <linux/netfilter_ipv4/ipt_ipp2p.h> ++#include <net/tcp.h> ++#include <net/udp.h> ++ ++#define get_u8(X,O) (*(__u8 *)(X + O)) ++#define get_u16(X,O) (*(__u16 *)(X + O)) ++#define get_u32(X,O) (*(__u32 *)(X + O)) ++ ++MODULE_AUTHOR("Eicke Friedrich/Klaus Degner <ipp2p@ipp2p.org>"); ++MODULE_DESCRIPTION("An extension to iptables to identify P2P traffic."); ++MODULE_LICENSE("GPL"); ++ ++ ++/*Search for UDP eDonkey/eMule/Kad commands*/ ++int ++udp_search_edk (unsigned char *haystack, int packet_len) ++{ ++ unsigned char *t = haystack; ++ t += 8; ++ ++ switch (t[0]) { ++ case 0xe3: ++ { /*edonkey*/ ++ switch (t[1]) ++ { ++ /* client -> server status request */ ++ case 0x96: ++ if (packet_len == 14) return ((IPP2P_EDK * 100) + 50); ++ break; ++ /* server -> client status request */ ++ case 0x97: if (packet_len == 42) return ((IPP2P_EDK * 100) + 51); ++ break; ++ /* server description request */ ++ /* e3 2a ff f0 .. | size == 6 */ ++ case 0xa2: if ( (packet_len == 14) && ( get_u16(t,2) == __constant_htons(0xfff0) ) ) return ((IPP2P_EDK * 100) + 52); ++ break; ++ /* server description response */ ++ /* e3 a3 ff f0 .. | size > 40 && size < 200 */ ++ //case 0xa3: return ((IPP2P_EDK * 100) + 53); ++ // break; ++ case 0x9a: if (packet_len==26) return ((IPP2P_EDK * 100) + 54); ++ break; ++ ++ case 0x92: if (packet_len==18) return ((IPP2P_EDK * 100) + 55); ++ break; ++ } ++ break; ++ } ++ case 0xe4: ++ { ++ switch (t[1]) ++ { ++ /* e4 20 .. | size == 43 */ ++ case 0x20: if ((packet_len == 43) && (t[2] != 0x00) && (t[34] != 0x00)) return ((IPP2P_EDK * 100) + 60); ++ break; ++ /* e4 00 .. 00 | size == 35 ? */ ++ case 0x00: if ((packet_len == 35) && (t[26] == 0x00)) return ((IPP2P_EDK * 100) + 61); ++ break; ++ /* e4 10 .. 00 | size == 35 ? */ ++ case 0x10: if ((packet_len == 35) && (t[26] == 0x00)) return ((IPP2P_EDK * 100) + 62); ++ break; ++ /* e4 18 .. 00 | size == 35 ? */ ++ case 0x18: if ((packet_len == 35) && (t[26] == 0x00)) return ((IPP2P_EDK * 100) + 63); ++ break; ++ /* e4 52 .. | size = 44 */ ++ case 0x52: if (packet_len == 44 ) return ((IPP2P_EDK * 100) + 64); ++ break; ++ /* e4 58 .. | size == 6 */ ++ case 0x58: if (packet_len == 14 ) return ((IPP2P_EDK * 100) + 65); ++ break; ++ /* e4 59 .. | size == 2 */ ++ case 0x59: if (packet_len == 10 )return ((IPP2P_EDK * 100) + 66); ++ break; ++ /* e4 28 .. | packet_len == 52,77,102,127... */ ++ case 0x28: if (((packet_len-52) % 25) == 0) return ((IPP2P_EDK * 100) + 67); ++ break; ++ /* e4 50 xx xx | size == 4 */ ++ case 0x50: if (packet_len == 12) return ((IPP2P_EDK * 100) + 68); ++ break; ++ /* e4 40 xx xx | size == 48 */ ++ case 0x40: if (packet_len == 56) return ((IPP2P_EDK * 100) + 69); ++ break; ++ } ++ break; ++ } ++ } /* end of switch (t[0]) */ ++ return 0; ++}/*udp_search_edk*/ ++ ++ ++/*Search for UDP Gnutella commands*/ ++int ++udp_search_gnu (unsigned char *haystack, int packet_len) ++{ ++ unsigned char *t = haystack; ++ t += 8; ++ ++ if (memcmp(t, "GND", 3) == 0) return ((IPP2P_GNU * 100) + 51); ++ if (memcmp(t, "GNUTELLA ", 9) == 0) return ((IPP2P_GNU * 100) + 52); ++ return 0; ++}/*udp_search_gnu*/ ++ ++ ++/*Search for UDP KaZaA commands*/ ++int ++udp_search_kazaa (unsigned char *haystack, int packet_len) ++{ ++ unsigned char *t = haystack; ++ ++ if (t[packet_len-1] == 0x00){ ++ t += (packet_len - 6); ++ if (memcmp(t, "KaZaA", 5) == 0) return (IPP2P_KAZAA * 100 +50); ++ } ++ ++ return 0; ++}/*udp_search_kazaa*/ ++ ++/*Search for UDP DirectConnect commands*/ ++int ++udp_search_directconnect (unsigned char *haystack, int packet_len) ++{ ++ unsigned char *t = haystack; ++ if ((*(t + 8) == 0x24) && (*(t + packet_len - 1) == 0x7c)) { ++ t+=8; ++ if (memcmp(t, "SR ", 3) == 0) return ((IPP2P_DC * 100) + 60); ++ if (memcmp(t, "Ping ", 5) == 0) return ((IPP2P_DC * 100) + 61); ++ } ++ return 0; ++}/*udp_search_directconnect*/ ++ ++ ++ ++/*Search for UDP BitTorrent commands*/ ++int ++udp_search_bit (unsigned char *haystack, int packet_len) ++{ ++ switch(packet_len) ++ { ++ case 24: ++ /* ^ 00 00 04 17 27 10 19 80 */ ++ if ((ntohl(get_u32(haystack, 8)) == 0x00000417) && (ntohl(get_u32(haystack, 12)) == 0x27101980)) ++ return (IPP2P_BIT * 100 + 50); ++ break; ++ case 44: ++ if (get_u32(haystack, 16) == __constant_htonl(0x00000400) && get_u32(haystack, 36) == __constant_htonl(0x00000104)) ++ return (IPP2P_BIT * 100 + 51); ++ if (get_u32(haystack, 16) == __constant_htonl(0x00000400)) ++ return (IPP2P_BIT * 100 + 61); ++ break; ++ case 65: ++ if (get_u32(haystack, 16) == __constant_htonl(0x00000404) && get_u32(haystack, 36) == __constant_htonl(0x00000104)) ++ return (IPP2P_BIT * 100 + 52); ++ if (get_u32(haystack, 16) == __constant_htonl(0x00000404)) ++ return (IPP2P_BIT * 100 + 62); ++ break; ++ case 67: ++ if (get_u32(haystack, 16) == __constant_htonl(0x00000406) && get_u32(haystack, 36) == __constant_htonl(0x00000104)) ++ return (IPP2P_BIT * 100 + 53); ++ if (get_u32(haystack, 16) == __constant_htonl(0x00000406)) ++ return (IPP2P_BIT * 100 + 63); ++ break; ++ case 211: ++ if (get_u32(haystack, 8) == __constant_htonl(0x00000405)) ++ return (IPP2P_BIT * 100 + 54); ++ break; ++ case 29: ++ if ((get_u32(haystack, 8) == __constant_htonl(0x00000401))) ++ return (IPP2P_BIT * 100 + 55); ++ break; ++ case 52: ++ if (get_u32(haystack,8) == __constant_htonl(0x00000827) && ++ get_u32(haystack,12) == __constant_htonl(0x37502950)) ++ return (IPP2P_BIT * 100 + 80); ++ break; ++ default: ++ /* this packet does not have a constant size */ ++ if (packet_len >= 40 && get_u32(haystack, 16) == __constant_htonl(0x00000402) && get_u32(haystack, 36) == __constant_htonl(0x00000104)) ++ return (IPP2P_BIT * 100 + 56); ++ break; ++ } ++ ++ /* some extra-bitcomet rules: ++ * "d1:" [a|r] "d2:id20:" ++ */ ++ if (packet_len > 30 && get_u8(haystack, 8) == 'd' && get_u8(haystack, 9) == '1' && get_u8(haystack, 10) == ':' ) ++ { ++ if (get_u8(haystack, 11) == 'a' || get_u8(haystack, 11) == 'r') ++ { ++ if (memcmp(haystack+12,"d2:id20:",8)==0) ++ return (IPP2P_BIT * 100 + 57); ++ } ++ } ++ ++#if 0 ++ /* bitlord rules */ ++ /* packetlen must be bigger than 40 */ ++ /* first 4 bytes are zero */ ++ if (packet_len > 40 && get_u32(haystack, 8) == 0x00000000) ++ { ++ /* first rule: 00 00 00 00 01 00 00 xx xx xx xx 00 00 00 00*/ ++ if (get_u32(haystack, 12) == 0x00000000 && ++ get_u32(haystack, 16) == 0x00010000 && ++ get_u32(haystack, 24) == 0x00000000 ) ++ return (IPP2P_BIT * 100 + 71); ++ ++ /* 00 01 00 00 0d 00 00 xx xx xx xx 00 00 00 00*/ ++ if (get_u32(haystack, 12) == 0x00000001 && ++ get_u32(haystack, 16) == 0x000d0000 && ++ get_u32(haystack, 24) == 0x00000000 ) ++ return (IPP2P_BIT * 100 + 71); ++ ++ ++ } ++#endif ++ ++ return 0; ++}/*udp_search_bit*/ ++ ++ ++ ++/*Search for Ares commands*/ ++//#define IPP2P_DEBUG_ARES ++int ++search_ares (const unsigned char *payload, const u16 plen) ++//int search_ares (unsigned char *haystack, int packet_len, int head_len) ++{ ++// const unsigned char *t = haystack + head_len; ++ ++ /* all ares packets start with */ ++ if (payload[1] == 0 && (plen - payload[0]) == 3) ++ { ++ switch (payload[2]) ++ { ++ case 0x5a: ++ /* ares connect */ ++ if ( plen == 6 && payload[5] == 0x05 ) return ((IPP2P_ARES * 100) + 1); ++ break; ++ case 0x09: ++ /* ares search, min 3 chars --> 14 bytes ++ * lets define a search can be up to 30 chars --> max 34 bytes ++ */ ++ if ( plen >= 14 && plen <= 34 ) return ((IPP2P_ARES * 100) + 1); ++ break; ++#ifdef IPP2P_DEBUG_ARES ++ default: ++ printk(KERN_DEBUG "Unknown Ares command %x recognized, len: %u \n", (unsigned int) payload[2],plen); ++#endif /* IPP2P_DEBUG_ARES */ ++ } ++ } ++ ++#if 0 ++ /* found connect packet: 03 00 5a 04 03 05 */ ++ /* new version ares 1.8: 03 00 5a xx xx 05 */ ++ if ((plen) == 6){ /* possible connect command*/ ++ if ((payload[0] == 0x03) && (payload[1] == 0x00) && (payload[2] == 0x5a) && (payload[5] == 0x05)) ++ return ((IPP2P_ARES * 100) + 1); ++ } ++ if ((plen) == 60){ /* possible download command*/ ++ if ((payload[59] == 0x0a) && (payload[58] == 0x0a)){ ++ if (memcmp(t, "PUSH SHA1:", 10) == 0) /* found download command */ ++ return ((IPP2P_ARES * 100) + 2); ++ } ++ } ++#endif ++ ++ return 0; ++} /*search_ares*/ ++ ++/*Search for SoulSeek commands*/ ++int ++search_soul (const unsigned char *payload, const u16 plen) ++{ ++//#define IPP2P_DEBUG_SOUL ++ /* match: xx xx xx xx | xx = sizeof(payload) - 4 */ ++ if (get_u32(payload, 0) == (plen - 4)){ ++ const __u32 m=get_u32(payload, 4); ++ /* match 00 yy yy 00, yy can be everything */ ++ if ( get_u8(payload, 4) == 0x00 && get_u8(payload, 7) == 0x00 ) ++ { ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "0: Soulseek command 0x%x recognized\n",get_u32(payload, 4)); ++#endif /* IPP2P_DEBUG_SOUL */ ++ return ((IPP2P_SOUL * 100) + 1); ++ } ++ ++ /* next match: 01 yy 00 00 | yy can be everything */ ++ if ( get_u8(payload, 4) == 0x01 && get_u16(payload, 6) == 0x0000 ) ++ { ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "1: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); ++#endif /* IPP2P_DEBUG_SOUL */ ++ return ((IPP2P_SOUL * 100) + 2); ++ } ++ ++ /* other soulseek commandos are: 1-5,7,9,13-18,22,23,26,28,35-37,40-46,50,51,60,62-69,91,92,1001 */ ++ /* try to do this in an intelligent way */ ++ /* get all small commandos */ ++ switch(m) ++ { ++ case 7: ++ case 9: ++ case 22: ++ case 23: ++ case 26: ++ case 28: ++ case 50: ++ case 51: ++ case 60: ++ case 91: ++ case 92: ++ case 1001: ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "2: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); ++#endif /* IPP2P_DEBUG_SOUL */ ++ return ((IPP2P_SOUL * 100) + 3); ++ } ++ ++ if (m > 0 && m < 6 ) ++ { ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "3: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); ++#endif /* IPP2P_DEBUG_SOUL */ ++ return ((IPP2P_SOUL * 100) + 4); ++ } ++ if (m > 12 && m < 19 ) ++ { ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "4: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); ++#endif /* IPP2P_DEBUG_SOUL */ ++ return ((IPP2P_SOUL * 100) + 5); ++ } ++ ++ if (m > 34 && m < 38 ) ++ { ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "5: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); ++#endif /* IPP2P_DEBUG_SOUL */ ++ return ((IPP2P_SOUL * 100) + 6); ++ } ++ ++ if (m > 39 && m < 47 ) ++ { ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "6: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); ++#endif /* IPP2P_DEBUG_SOUL */ ++ return ((IPP2P_SOUL * 100) + 7); ++ } ++ ++ if (m > 61 && m < 70 ) ++ { ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "7: Soulseek command 0x%x recognized\n",get_u16(payload, 4)); ++#endif /* IPP2P_DEBUG_SOUL */ ++ return ((IPP2P_SOUL * 100) + 8); ++ } ++ ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "unknown SOULSEEK command: 0x%x, first 16 bit: 0x%x, first 8 bit: 0x%x ,soulseek ???\n",get_u32(payload, 4),get_u16(payload, 4) >> 16,get_u8(payload, 4) >> 24); ++#endif /* IPP2P_DEBUG_SOUL */ ++ } ++ ++ /* match 14 00 00 00 01 yy 00 00 00 STRING(YY) 01 00 00 00 00 46|50 00 00 00 00 */ ++ /* without size at the beginning !!! */ ++ if ( get_u32(payload, 0) == 0x14 && get_u8(payload, 4) == 0x01 ) ++ { ++ __u32 y=get_u32(payload, 5); ++ /* we need 19 chars + string */ ++ if ( (y + 19) <= (plen) ) ++ { ++ const unsigned char *w=payload+9+y; ++ if (get_u32(w, 0) == 0x01 && ( get_u16(w, 4) == 0x4600 || get_u16(w, 4) == 0x5000) && get_u32(w, 6) == 0x00); ++#ifdef IPP2P_DEBUG_SOUL ++ printk(KERN_DEBUG "Soulssek special client command recognized\n"); ++#endif /* IPP2P_DEBUG_SOUL */ ++ return ((IPP2P_SOUL * 100) + 9); ++ } ++ } ++ return 0; ++} ++ ++ ++/*Search for WinMX commands*/ ++int ++search_winmx (const unsigned char *payload, const u16 plen) ++{ ++//#define IPP2P_DEBUG_WINMX ++ if (((plen) == 4) && (memcmp(payload, "SEND", 4) == 0)) return ((IPP2P_WINMX * 100) + 1); ++ if (((plen) == 3) && (memcmp(payload, "GET", 3) == 0)) return ((IPP2P_WINMX * 100) + 2); ++ //if (packet_len < (head_len + 10)) return 0; ++ if (plen < 10) return 0; ++ ++ if ((memcmp(payload, "SEND", 4) == 0) || (memcmp(payload, "GET", 3) == 0)){ ++ u16 c=4; ++ const u16 end=plen-2; ++ u8 count=0; ++ while (c < end) ++ { ++ if (payload[c]== 0x20 && payload[c+1] == 0x22) ++ { ++ c++; ++ count++; ++ if (count>=2) return ((IPP2P_WINMX * 100) + 3); ++ } ++ c++; ++ } ++ } ++ ++ if ( plen == 149 && payload[0] == '8' ) ++ { ++#ifdef IPP2P_DEBUG_WINMX ++ printk(KERN_INFO "maybe WinMX\n"); ++#endif ++ if (get_u32(payload,17) == 0 && get_u32(payload,21) == 0 && get_u32(payload,25) == 0 && ++// get_u32(payload,33) == __constant_htonl(0x71182b1a) && get_u32(payload,37) == __constant_htonl(0x05050000) && ++// get_u32(payload,133) == __constant_htonl(0x31097edf) && get_u32(payload,145) == __constant_htonl(0xdcb8f792)) ++ get_u16(payload,39) == 0 && get_u16(payload,135) == __constant_htons(0x7edf) && get_u16(payload,147) == __constant_htons(0xf792)) ++ ++ { ++#ifdef IPP2P_DEBUG_WINMX ++ printk(KERN_INFO "got WinMX\n"); ++#endif ++ return ((IPP2P_WINMX * 100) + 4); ++ } ++ } ++ return 0; ++} /*search_winmx*/ ++ ++ ++/*Search for appleJuice commands*/ ++int ++search_apple (const unsigned char *payload, const u16 plen) ++{ ++ if ( (plen > 7) && (payload[6] == 0x0d) && (payload[7] == 0x0a) && (memcmp(payload, "ajprot", 6) == 0)) return (IPP2P_APPLE * 100); ++ ++ return 0; ++} ++ ++ ++/*Search for BitTorrent commands*/ ++int ++search_bittorrent (const unsigned char *payload, const u16 plen) ++{ ++ if (plen > 20) ++ { ++ /* test for match 0x13+"BitTorrent protocol" */ ++ if (payload[0] == 0x13) ++ { ++ if (memcmp(payload+1, "BitTorrent protocol", 19) == 0) return (IPP2P_BIT * 100); ++ } ++ ++ /* get tracker commandos, all starts with GET / ++ * then it can follow: scrape| announce ++ * and then ?hash_info= ++ */ ++ if (memcmp(payload,"GET /",5) == 0) ++ { ++ /* message scrape */ ++ if ( memcmp(payload+5,"scrape?info_hash=",17)==0 ) return (IPP2P_BIT * 100 + 1); ++ /* message announce */ ++ if ( memcmp(payload+5,"announce?info_hash=",19)==0 ) return (IPP2P_BIT * 100 + 2); ++ } ++ } ++ else ++ { ++ /* bitcomet encryptes the first packet, so we have to detect another ++ * one later in the flow */ ++ /* first try failed, too many missdetections */ ++ //if ( size == 5 && get_u32(t,0) == __constant_htonl(1) && t[4] < 3) return (IPP2P_BIT * 100 + 3); ++ ++ /* second try: block request packets */ ++ if ( plen == 17 && get_u32(payload,0) == __constant_htonl(0x0d) && payload[4] == 0x06 && get_u32(payload,13) == __constant_htonl(0x4000) ) return (IPP2P_BIT * 100 + 3); ++ } ++ ++ return 0; ++} ++ ++ ++ ++/*check for Kazaa get command*/ ++int ++search_kazaa (const unsigned char *payload, const u16 plen) ++ ++{ ++ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a) && memcmp(payload, "GET /.hash=", 11) == 0) ++ return (IPP2P_DATA_KAZAA * 100); ++ ++ return 0; ++} ++ ++ ++/*check for gnutella get command*/ ++int ++search_gnu (const unsigned char *payload, const u16 plen) ++{ ++ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a)) ++ { ++ if (memcmp(payload, "GET /get/", 9) == 0) return ((IPP2P_DATA_GNU * 100) + 1); ++ if (memcmp(payload, "GET /uri-res/", 13) == 0) return ((IPP2P_DATA_GNU * 100) + 2); ++ } ++ return 0; ++} ++ ++ ++/*check for gnutella get commands and other typical data*/ ++int ++search_all_gnu (const unsigned char *payload, const u16 plen) ++{ ++ ++ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a)) ++ { ++ ++ if (memcmp(payload, "GNUTELLA CONNECT/", 17) == 0) return ((IPP2P_GNU * 100) + 1); ++ if (memcmp(payload, "GNUTELLA/", 9) == 0) return ((IPP2P_GNU * 100) + 2); ++ ++ ++ if ((memcmp(payload, "GET /get/", 9) == 0) || (memcmp(payload, "GET /uri-res/", 13) == 0)) ++ { ++ u16 c=8; ++ const u16 end=plen-22; ++ while (c < end) { ++ if ( payload[c] == 0x0a && payload[c+1] == 0x0d && ((memcmp(&payload[c+2], "X-Gnutella-", 11) == 0) || (memcmp(&payload[c+2], "X-Queue:", 8) == 0))) ++ return ((IPP2P_GNU * 100) + 3); ++ c++; ++ } ++ } ++ } ++ return 0; ++} ++ ++ ++/*check for KaZaA download commands and other typical data*/ ++int ++search_all_kazaa (const unsigned char *payload, const u16 plen) ++{ ++ if ((payload[plen-2] == 0x0d) && (payload[plen-1] == 0x0a)) ++ { ++ ++ if (memcmp(payload, "GIVE ", 5) == 0) return ((IPP2P_KAZAA * 100) + 1); ++ ++ if (memcmp(payload, "GET /", 5) == 0) { ++ u16 c = 8; ++ const u16 end=plen-22; ++ while (c < end) { ++ if ( payload[c] == 0x0a && payload[c+1] == 0x0d && ((memcmp(&payload[c+2], "X-Kazaa-Username: ", 18) == 0) || (memcmp(&payload[c+2], "User-Agent: PeerEnabler/", 24) == 0))) ++ return ((IPP2P_KAZAA * 100) + 2); ++ c++; ++ } ++ } ++ } ++ return 0; ++} ++ ++/*fast check for edonkey file segment transfer command*/ ++int ++search_edk (const unsigned char *payload, const u16 plen) ++{ ++ if (payload[0] != 0xe3) ++ return 0; ++ else { ++ if (payload[5] == 0x47) ++ return (IPP2P_DATA_EDK * 100); ++ else ++ return 0; ++ } ++} ++ ++ ++ ++/*intensive but slower search for some edonkey packets including size-check*/ ++int ++search_all_edk (const unsigned char *payload, const u16 plen) ++{ ++ if (payload[0] != 0xe3) ++ return 0; ++ else { ++ //t += head_len; ++ const u16 cmd = get_u16(payload, 1); ++ if (cmd == (plen - 5)) { ++ switch (payload[5]) { ++ case 0x01: return ((IPP2P_EDK * 100) + 1); /*Client: hello or Server:hello*/ ++ case 0x4c: return ((IPP2P_EDK * 100) + 9); /*Client: Hello-Answer*/ ++ } ++ } ++ return 0; ++ } ++} ++ ++ ++/*fast check for Direct Connect send command*/ ++int ++search_dc (const unsigned char *payload, const u16 plen) ++{ ++ ++ if (payload[0] != 0x24 ) ++ return 0; ++ else { ++ if (memcmp(&payload[1], "Send|", 5) == 0) ++ return (IPP2P_DATA_DC * 100); ++ else ++ return 0; ++ } ++ ++} ++ ++ ++/*intensive but slower check for all direct connect packets*/ ++int ++search_all_dc (const unsigned char *payload, const u16 plen) ++{ ++// unsigned char *t = haystack; ++ ++ if (payload[0] == 0x24 && payload[plen-1] == 0x7c) ++ { ++ const unsigned char *t=&payload[1]; ++ /* Client-Hub-Protocol */ ++ if (memcmp(t, "Lock ", 5) == 0) return ((IPP2P_DC * 100) + 1); ++ /* Client-Client-Protocol, some are already recognized by client-hub (like lock) */ ++ if (memcmp(t, "MyNick ", 7) == 0) return ((IPP2P_DC * 100) + 38); ++ } ++ return 0; ++} ++ ++/*check for mute*/ ++int ++search_mute (const unsigned char *payload, const u16 plen) ++{ ++ if ( plen == 209 || plen == 345 || plen == 473 || plen == 609 || plen == 1121 ) ++ { ++ //printk(KERN_DEBUG "size hit: %u",size); ++ if (memcmp(payload,"PublicKey: ",11) == 0 ) ++ { ++ return ((IPP2P_MUTE * 100) + 0); ++ ++/* if (memcmp(t+size-14,"\x0aEndPublicKey\x0a",14) == 0) ++ { ++ printk(KERN_DEBUG "end pubic key hit: %u",size); ++ ++ }*/ ++ } ++ } ++ return 0; ++} ++ ++ ++/* check for xdcc */ ++int ++search_xdcc (const unsigned char *payload, const u16 plen) ++{ ++ /* search in small packets only */ ++ if (plen > 20 && plen < 200 && payload[plen-1] == 0x0a && payload[plen-2] == 0x0d && memcmp(payload,"PRIVMSG ",8) == 0) ++ { ++ ++ u16 x=10; ++ const u16 end=plen - 13; ++ ++ /* is seems to be a irc private massage, chedck for xdcc command */ ++ while (x < end) ++ { ++ if (payload[x] == ':') ++ { ++ if ( memcmp(&payload[x+1],"xdcc send #",11) == 0 ) ++ return ((IPP2P_XDCC * 100) + 0); ++ } ++ x++; ++ } ++ } ++ return 0; ++} ++ ++/* search for waste */ ++int search_waste(const unsigned char *payload, const u16 plen) ++{ ++ if ( plen >= 8 && memcmp(payload,"GET.sha1:",9) == 0) ++ return ((IPP2P_WASTE * 100) + 0); ++ ++ return 0; ++} ++ ++ ++static struct { ++ int command; ++ __u8 short_hand; /*for fucntions included in short hands*/ ++ int packet_len; ++ int (*function_name) (const unsigned char *, const u16); ++} matchlist[] = { ++ {IPP2P_EDK,SHORT_HAND_IPP2P,20, &search_all_edk}, ++// {IPP2P_DATA_KAZAA,SHORT_HAND_DATA,200, &search_kazaa}, ++// {IPP2P_DATA_EDK,SHORT_HAND_DATA,60, &search_edk}, ++// {IPP2P_DATA_DC,SHORT_HAND_DATA,26, &search_dc}, ++ {IPP2P_DC,SHORT_HAND_IPP2P,5, search_all_dc}, ++// {IPP2P_DATA_GNU,SHORT_HAND_DATA,40, &search_gnu}, ++ {IPP2P_GNU,SHORT_HAND_IPP2P,5, &search_all_gnu}, ++ {IPP2P_KAZAA,SHORT_HAND_IPP2P,5, &search_all_kazaa}, ++ {IPP2P_BIT,SHORT_HAND_IPP2P,20, &search_bittorrent}, ++ {IPP2P_APPLE,SHORT_HAND_IPP2P,5, &search_apple}, ++ {IPP2P_SOUL,SHORT_HAND_IPP2P,5, &search_soul}, ++ {IPP2P_WINMX,SHORT_HAND_IPP2P,2, &search_winmx}, ++ {IPP2P_ARES,SHORT_HAND_IPP2P,5, &search_ares}, ++ {IPP2P_MUTE,SHORT_HAND_NONE,200, &search_mute}, ++ {IPP2P_WASTE,SHORT_HAND_NONE,5, &search_waste}, ++ {IPP2P_XDCC,SHORT_HAND_NONE,5, &search_xdcc}, ++ {0,0,0,NULL} ++}; ++ ++ ++static struct { ++ int command; ++ __u8 short_hand; /*for fucntions included in short hands*/ ++ int packet_len; ++ int (*function_name) (unsigned char *, int); ++} udp_list[] = { ++ {IPP2P_KAZAA,SHORT_HAND_IPP2P,14, &udp_search_kazaa}, ++ {IPP2P_BIT,SHORT_HAND_IPP2P,23, &udp_search_bit}, ++ {IPP2P_GNU,SHORT_HAND_IPP2P,11, &udp_search_gnu}, ++ {IPP2P_EDK,SHORT_HAND_IPP2P,9, &udp_search_edk}, ++ {IPP2P_DC,SHORT_HAND_IPP2P,12, &udp_search_directconnect}, ++ {0,0,0,NULL} ++}; ++ ++ ++static bool ++match(const struct sk_buff *skb, ++ const struct net_device *in, ++ const struct net_device *out, ++ const struct xt_match *match, ++ const void *matchinfo, ++ int offset, ++ unsigned int protoff, ++ bool *hotdrop) ++{ ++ const struct ipt_p2p_info *info = matchinfo; ++ unsigned char *haystack; ++ struct iphdr *ip = ip_hdr(skb); ++ int p2p_result = 0, i = 0; ++// int head_len; ++ int hlen = ntohs(ip->tot_len)-(ip->ihl*4); /*hlen = packet-data length*/ ++ ++ /*must not be a fragment*/ ++ if (offset) { ++ if (info->debug) printk("IPP2P.match: offset found %i \n",offset); ++ return 0; ++ } ++ ++ /*make sure that skb is linear*/ ++ if(skb_is_nonlinear(skb)){ ++ if (info->debug) printk("IPP2P.match: nonlinear skb found\n"); ++ return 0; ++ } ++ ++ ++ haystack=(char *)ip+(ip->ihl*4); /*haystack = packet data*/ ++ ++ switch (ip->protocol){ ++ case IPPROTO_TCP: /*what to do with a TCP packet*/ ++ { ++ struct tcphdr *tcph = (void *) ip + ip->ihl * 4; ++ ++ if (tcph->fin) return 0; /*if FIN bit is set bail out*/ ++ if (tcph->syn) return 0; /*if SYN bit is set bail out*/ ++ if (tcph->rst) return 0; /*if RST bit is set bail out*/ ++ ++ haystack += tcph->doff * 4; /*get TCP-Header-Size*/ ++ hlen -= tcph->doff * 4; ++ while (matchlist[i].command) { ++ if ((((info->cmd & matchlist[i].command) == matchlist[i].command) || ++ ((info->cmd & matchlist[i].short_hand) == matchlist[i].short_hand)) && ++ (hlen > matchlist[i].packet_len)) { ++ p2p_result = matchlist[i].function_name(haystack, hlen); ++ if (p2p_result) ++ { ++ if (info->debug) printk("IPP2P.debug:TCP-match: %i from: %u.%u.%u.%u:%i to: %u.%u.%u.%u:%i Length: %i\n", ++ p2p_result, NIPQUAD(ip->saddr),ntohs(tcph->source), NIPQUAD(ip->daddr),ntohs(tcph->dest),hlen); ++ return p2p_result; ++ } ++ } ++ i++; ++ } ++ return p2p_result; ++ } ++ ++ case IPPROTO_UDP: /*what to do with an UDP packet*/ ++ { ++ struct udphdr *udph = (void *) ip + ip->ihl * 4; ++ ++ while (udp_list[i].command){ ++ if ((((info->cmd & udp_list[i].command) == udp_list[i].command) || ++ ((info->cmd & udp_list[i].short_hand) == udp_list[i].short_hand)) && ++ (hlen > udp_list[i].packet_len)) { ++ p2p_result = udp_list[i].function_name(haystack, hlen); ++ if (p2p_result){ ++ if (info->debug) printk("IPP2P.debug:UDP-match: %i from: %u.%u.%u.%u:%i to: %u.%u.%u.%u:%i Length: %i\n", ++ p2p_result, NIPQUAD(ip->saddr),ntohs(udph->source), NIPQUAD(ip->daddr),ntohs(udph->dest),hlen); ++ return p2p_result; ++ } ++ } ++ i++; ++ } ++ return p2p_result; ++ } ++ ++ default: return 0; ++ } ++} ++ ++ ++ ++static bool ++checkentry(const char *tablename, ++ const void *ip, ++ const struct xt_match *match, ++ void *matchinfo, ++ unsigned int hook_mask) ++{ ++ /* Must specify -p tcp */ ++/* if (ip->proto != IPPROTO_TCP || (ip->invflags & IPT_INV_PROTO)) { ++ * printk("ipp2p: Only works on TCP packets, use -p tcp\n"); ++ * return 0; ++ * }*/ ++ return 1; ++} ++ ++ ++ ++ ++static struct ipt_match ipp2p_match = { ++ .name = "ipp2p", ++ .match = &match, ++ .family = AF_INET, ++ .matchsize = sizeof(struct ipt_p2p_info), ++ .checkentry = &checkentry, ++ .me = THIS_MODULE, ++}; ++ ++ ++static int __init init(void) ++{ ++ printk(KERN_INFO "IPP2P v%s loading\n", IPP2P_VERSION); ++ return xt_register_match(&ipp2p_match); ++} ++ ++static void __exit fini(void) ++{ ++ xt_unregister_match(&ipp2p_match); ++ printk(KERN_INFO "IPP2P v%s unloaded\n", IPP2P_VERSION); ++} ++ ++module_init(init); ++module_exit(fini); ++ ++ +--- a/net/ipv4/netfilter/Kconfig ++++ b/net/ipv4/netfilter/Kconfig +@@ -57,6 +57,12 @@ + To compile it as a module, choose M here. If unsure, say N. + + # The matches. ++config IP_NF_MATCH_IPP2P ++ tristate "IPP2P" ++ depends on IP_NF_IPTABLES ++ help ++ Module for matching traffic of various Peer-to-Peer applications ++ + config IP_NF_MATCH_RECENT + tristate '"recent" match support' + depends on IP_NF_IPTABLES +--- a/net/ipv4/netfilter/Makefile ++++ b/net/ipv4/netfilter/Makefile +@@ -51,6 +51,8 @@ + obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o + obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o + ++obj-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p.o ++ + # targets + obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o + obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o diff --git a/target/linux/generic-2.6/patches-2.6.27/130-netfilter_ipset.patch b/target/linux/generic-2.6/patches-2.6.27/130-netfilter_ipset.patch new file mode 100644 index 0000000000..d5bc2b7196 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/130-netfilter_ipset.patch @@ -0,0 +1,7671 @@ +--- /dev/null ++++ b/include/linux/netfilter_ipv4/ip_set.h +@@ -0,0 +1,498 @@ ++#ifndef _IP_SET_H ++#define _IP_SET_H ++ ++/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> ++ * Patrick Schaaf <bof@bof.de> ++ * Martin Josefsson <gandalf@wlug.westbo.se> ++ * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++ ++#if 0 ++#define IP_SET_DEBUG ++#endif ++ ++/* ++ * A sockopt of such quality has hardly ever been seen before on the open ++ * market! This little beauty, hardly ever used: above 64, so it's ++ * traditionally used for firewalling, not touched (even once!) by the ++ * 2.0, 2.2 and 2.4 kernels! ++ * ++ * Comes with its own certificate of authenticity, valid anywhere in the ++ * Free world! ++ * ++ * Rusty, 19.4.2000 ++ */ ++#define SO_IP_SET 83 ++ ++/* ++ * Heavily modify by Joakim Axelsson 08.03.2002 ++ * - Made it more modulebased ++ * ++ * Additional heavy modifications by Jozsef Kadlecsik 22.02.2004 ++ * - bindings added ++ * - in order to "deal with" backward compatibility, renamed to ipset ++ */ ++ ++/* ++ * Used so that the kernel module and ipset-binary can match their versions ++ */ ++#define IP_SET_PROTOCOL_VERSION 2 ++ ++#define IP_SET_MAXNAMELEN 32 /* set names and set typenames */ ++ ++/* Lets work with our own typedef for representing an IP address. ++ * We hope to make the code more portable, possibly to IPv6... ++ * ++ * The representation works in HOST byte order, because most set types ++ * will perform arithmetic operations and compare operations. ++ * ++ * For now the type is an uint32_t. ++ * ++ * Make sure to ONLY use the functions when translating and parsing ++ * in order to keep the host byte order and make it more portable: ++ * parse_ip() ++ * parse_mask() ++ * parse_ipandmask() ++ * ip_tostring() ++ * (Joakim: where are they???) ++ */ ++ ++typedef uint32_t ip_set_ip_t; ++ ++/* Sets are identified by an id in kernel space. Tweak with ip_set_id_t ++ * and IP_SET_INVALID_ID if you want to increase the max number of sets. ++ */ ++typedef uint16_t ip_set_id_t; ++ ++#define IP_SET_INVALID_ID 65535 ++ ++/* How deep we follow bindings */ ++#define IP_SET_MAX_BINDINGS 6 ++ ++/* ++ * Option flags for kernel operations (ipt_set_info) ++ */ ++#define IPSET_SRC 0x01 /* Source match/add */ ++#define IPSET_DST 0x02 /* Destination match/add */ ++#define IPSET_MATCH_INV 0x04 /* Inverse matching */ ++ ++/* ++ * Set features ++ */ ++#define IPSET_TYPE_IP 0x01 /* IP address type of set */ ++#define IPSET_TYPE_PORT 0x02 /* Port type of set */ ++#define IPSET_DATA_SINGLE 0x04 /* Single data storage */ ++#define IPSET_DATA_DOUBLE 0x08 /* Double data storage */ ++ ++/* Reserved keywords */ ++#define IPSET_TOKEN_DEFAULT ":default:" ++#define IPSET_TOKEN_ALL ":all:" ++ ++/* SO_IP_SET operation constants, and their request struct types. ++ * ++ * Operation ids: ++ * 0-99: commands with version checking ++ * 100-199: add/del/test/bind/unbind ++ * 200-299: list, save, restore ++ */ ++ ++/* Single shot operations: ++ * version, create, destroy, flush, rename and swap ++ * ++ * Sets are identified by name. ++ */ ++ ++#define IP_SET_REQ_STD \ ++ unsigned op; \ ++ unsigned version; \ ++ char name[IP_SET_MAXNAMELEN] ++ ++#define IP_SET_OP_CREATE 0x00000001 /* Create a new (empty) set */ ++struct ip_set_req_create { ++ IP_SET_REQ_STD; ++ char typename[IP_SET_MAXNAMELEN]; ++}; ++ ++#define IP_SET_OP_DESTROY 0x00000002 /* Remove a (empty) set */ ++struct ip_set_req_std { ++ IP_SET_REQ_STD; ++}; ++ ++#define IP_SET_OP_FLUSH 0x00000003 /* Remove all IPs in a set */ ++/* Uses ip_set_req_std */ ++ ++#define IP_SET_OP_RENAME 0x00000004 /* Rename a set */ ++/* Uses ip_set_req_create */ ++ ++#define IP_SET_OP_SWAP 0x00000005 /* Swap two sets */ ++/* Uses ip_set_req_create */ ++ ++union ip_set_name_index { ++ char name[IP_SET_MAXNAMELEN]; ++ ip_set_id_t index; ++}; ++ ++#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */ ++struct ip_set_req_get_set { ++ unsigned op; ++ unsigned version; ++ union ip_set_name_index set; ++}; ++ ++#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */ ++/* Uses ip_set_req_get_set */ ++ ++#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */ ++struct ip_set_req_version { ++ unsigned op; ++ unsigned version; ++}; ++ ++/* Double shots operations: ++ * add, del, test, bind and unbind. ++ * ++ * First we query the kernel to get the index and type of the target set, ++ * then issue the command. Validity of IP is checked in kernel in order ++ * to minimalize sockopt operations. ++ */ ++ ++/* Get minimal set data for add/del/test/bind/unbind IP */ ++#define IP_SET_OP_ADT_GET 0x00000010 /* Get set and type */ ++struct ip_set_req_adt_get { ++ unsigned op; ++ unsigned version; ++ union ip_set_name_index set; ++ char typename[IP_SET_MAXNAMELEN]; ++}; ++ ++#define IP_SET_REQ_BYINDEX \ ++ unsigned op; \ ++ ip_set_id_t index; ++ ++struct ip_set_req_adt { ++ IP_SET_REQ_BYINDEX; ++}; ++ ++#define IP_SET_OP_ADD_IP 0x00000101 /* Add an IP to a set */ ++/* Uses ip_set_req_adt, with type specific addage */ ++ ++#define IP_SET_OP_DEL_IP 0x00000102 /* Remove an IP from a set */ ++/* Uses ip_set_req_adt, with type specific addage */ ++ ++#define IP_SET_OP_TEST_IP 0x00000103 /* Test an IP in a set */ ++/* Uses ip_set_req_adt, with type specific addage */ ++ ++#define IP_SET_OP_BIND_SET 0x00000104 /* Bind an IP to a set */ ++/* Uses ip_set_req_bind, with type specific addage */ ++struct ip_set_req_bind { ++ IP_SET_REQ_BYINDEX; ++ char binding[IP_SET_MAXNAMELEN]; ++}; ++ ++#define IP_SET_OP_UNBIND_SET 0x00000105 /* Unbind an IP from a set */ ++/* Uses ip_set_req_bind, with type speficic addage ++ * index = 0 means unbinding for all sets */ ++ ++#define IP_SET_OP_TEST_BIND_SET 0x00000106 /* Test binding an IP to a set */ ++/* Uses ip_set_req_bind, with type specific addage */ ++ ++/* Multiple shots operations: list, save, restore. ++ * ++ * - check kernel version and query the max number of sets ++ * - get the basic information on all sets ++ * and size required for the next step ++ * - get actual set data: header, data, bindings ++ */ ++ ++/* Get max_sets and the index of a queried set ++ */ ++#define IP_SET_OP_MAX_SETS 0x00000020 ++struct ip_set_req_max_sets { ++ unsigned op; ++ unsigned version; ++ ip_set_id_t max_sets; /* max_sets */ ++ ip_set_id_t sets; /* real number of sets */ ++ union ip_set_name_index set; /* index of set if name used */ ++}; ++ ++/* Get the id and name of the sets plus size for next step */ ++#define IP_SET_OP_LIST_SIZE 0x00000201 ++#define IP_SET_OP_SAVE_SIZE 0x00000202 ++struct ip_set_req_setnames { ++ unsigned op; ++ ip_set_id_t index; /* set to list/save */ ++ size_t size; /* size to get setdata/bindings */ ++ /* followed by sets number of struct ip_set_name_list */ ++}; ++ ++struct ip_set_name_list { ++ char name[IP_SET_MAXNAMELEN]; ++ char typename[IP_SET_MAXNAMELEN]; ++ ip_set_id_t index; ++ ip_set_id_t id; ++}; ++ ++/* The actual list operation */ ++#define IP_SET_OP_LIST 0x00000203 ++struct ip_set_req_list { ++ IP_SET_REQ_BYINDEX; ++ /* sets number of struct ip_set_list in reply */ ++}; ++ ++struct ip_set_list { ++ ip_set_id_t index; ++ ip_set_id_t binding; ++ u_int32_t ref; ++ size_t header_size; /* Set header data of header_size */ ++ size_t members_size; /* Set members data of members_size */ ++ size_t bindings_size; /* Set bindings data of bindings_size */ ++}; ++ ++struct ip_set_hash_list { ++ ip_set_ip_t ip; ++ ip_set_id_t binding; ++}; ++ ++/* The save operation */ ++#define IP_SET_OP_SAVE 0x00000204 ++/* Uses ip_set_req_list, in the reply replaced by ++ * sets number of struct ip_set_save plus a marker ++ * ip_set_save followed by ip_set_hash_save structures. ++ */ ++struct ip_set_save { ++ ip_set_id_t index; ++ ip_set_id_t binding; ++ size_t header_size; /* Set header data of header_size */ ++ size_t members_size; /* Set members data of members_size */ ++}; ++ ++/* At restoring, ip == 0 means default binding for the given set: */ ++struct ip_set_hash_save { ++ ip_set_ip_t ip; ++ ip_set_id_t id; ++ ip_set_id_t binding; ++}; ++ ++/* The restore operation */ ++#define IP_SET_OP_RESTORE 0x00000205 ++/* Uses ip_set_req_setnames followed by ip_set_restore structures ++ * plus a marker ip_set_restore, followed by ip_set_hash_save ++ * structures. ++ */ ++struct ip_set_restore { ++ char name[IP_SET_MAXNAMELEN]; ++ char typename[IP_SET_MAXNAMELEN]; ++ ip_set_id_t index; ++ size_t header_size; /* Create data of header_size */ ++ size_t members_size; /* Set members data of members_size */ ++}; ++ ++static inline int bitmap_bytes(ip_set_ip_t a, ip_set_ip_t b) ++{ ++ return 4 * ((((b - a + 8) / 8) + 3) / 4); ++} ++ ++#ifdef __KERNEL__ ++ ++#define ip_set_printk(format, args...) \ ++ do { \ ++ printk("%s: %s: ", __FILE__, __FUNCTION__); \ ++ printk(format "\n" , ## args); \ ++ } while (0) ++ ++#if defined(IP_SET_DEBUG) ++#define DP(format, args...) \ ++ do { \ ++ printk("%s: %s (DBG): ", __FILE__, __FUNCTION__);\ ++ printk(format "\n" , ## args); \ ++ } while (0) ++#define IP_SET_ASSERT(x) \ ++ do { \ ++ if (!(x)) \ ++ printk("IP_SET_ASSERT: %s:%i(%s)\n", \ ++ __FILE__, __LINE__, __FUNCTION__); \ ++ } while (0) ++#else ++#define DP(format, args...) ++#define IP_SET_ASSERT(x) ++#endif ++ ++struct ip_set; ++ ++/* ++ * The ip_set_type definition - one per set type, e.g. "ipmap". ++ * ++ * Each individual set has a pointer, set->type, going to one ++ * of these structures. Function pointers inside the structure implement ++ * the real behaviour of the sets. ++ * ++ * If not mentioned differently, the implementation behind the function ++ * pointers of a set_type, is expected to return 0 if ok, and a negative ++ * errno (e.g. -EINVAL) on error. ++ */ ++struct ip_set_type { ++ struct list_head list; /* next in list of set types */ ++ ++ /* test for IP in set (kernel: iptables -m set src|dst) ++ * return 0 if not in set, 1 if in set. ++ */ ++ int (*testip_kernel) (struct ip_set *set, ++ const struct sk_buff * skb, ++ ip_set_ip_t *ip, ++ const u_int32_t *flags, ++ unsigned char index); ++ ++ /* test for IP in set (userspace: ipset -T set IP) ++ * return 0 if not in set, 1 if in set. ++ */ ++ int (*testip) (struct ip_set *set, ++ const void *data, size_t size, ++ ip_set_ip_t *ip); ++ ++ /* ++ * Size of the data structure passed by when ++ * adding/deletin/testing an entry. ++ */ ++ size_t reqsize; ++ ++ /* Add IP into set (userspace: ipset -A set IP) ++ * Return -EEXIST if the address is already in the set, ++ * and -ERANGE if the address lies outside the set bounds. ++ * If the address was not already in the set, 0 is returned. ++ */ ++ int (*addip) (struct ip_set *set, ++ const void *data, size_t size, ++ ip_set_ip_t *ip); ++ ++ /* Add IP into set (kernel: iptables ... -j SET set src|dst) ++ * Return -EEXIST if the address is already in the set, ++ * and -ERANGE if the address lies outside the set bounds. ++ * If the address was not already in the set, 0 is returned. ++ */ ++ int (*addip_kernel) (struct ip_set *set, ++ const struct sk_buff * skb, ++ ip_set_ip_t *ip, ++ const u_int32_t *flags, ++ unsigned char index); ++ ++ /* remove IP from set (userspace: ipset -D set --entry x) ++ * Return -EEXIST if the address is NOT in the set, ++ * and -ERANGE if the address lies outside the set bounds. ++ * If the address really was in the set, 0 is returned. ++ */ ++ int (*delip) (struct ip_set *set, ++ const void *data, size_t size, ++ ip_set_ip_t *ip); ++ ++ /* remove IP from set (kernel: iptables ... -j SET --entry x) ++ * Return -EEXIST if the address is NOT in the set, ++ * and -ERANGE if the address lies outside the set bounds. ++ * If the address really was in the set, 0 is returned. ++ */ ++ int (*delip_kernel) (struct ip_set *set, ++ const struct sk_buff * skb, ++ ip_set_ip_t *ip, ++ const u_int32_t *flags, ++ unsigned char index); ++ ++ /* new set creation - allocated type specific items ++ */ ++ int (*create) (struct ip_set *set, ++ const void *data, size_t size); ++ ++ /* retry the operation after successfully tweaking the set ++ */ ++ int (*retry) (struct ip_set *set); ++ ++ /* set destruction - free type specific items ++ * There is no return value. ++ * Can be called only when child sets are destroyed. ++ */ ++ void (*destroy) (struct ip_set *set); ++ ++ /* set flushing - reset all bits in the set, or something similar. ++ * There is no return value. ++ */ ++ void (*flush) (struct ip_set *set); ++ ++ /* Listing: size needed for header ++ */ ++ size_t header_size; ++ ++ /* Listing: Get the header ++ * ++ * Fill in the information in "data". ++ * This function is always run after list_header_size() under a ++ * writelock on the set. Therefor is the length of "data" always ++ * correct. ++ */ ++ void (*list_header) (const struct ip_set *set, ++ void *data); ++ ++ /* Listing: Get the size for the set members ++ */ ++ int (*list_members_size) (const struct ip_set *set); ++ ++ /* Listing: Get the set members ++ * ++ * Fill in the information in "data". ++ * This function is always run after list_member_size() under a ++ * writelock on the set. Therefor is the length of "data" always ++ * correct. ++ */ ++ void (*list_members) (const struct ip_set *set, ++ void *data); ++ ++ char typename[IP_SET_MAXNAMELEN]; ++ unsigned char features; ++ int protocol_version; ++ ++ /* Set this to THIS_MODULE if you are a module, otherwise NULL */ ++ struct module *me; ++}; ++ ++extern int ip_set_register_set_type(struct ip_set_type *set_type); ++extern void ip_set_unregister_set_type(struct ip_set_type *set_type); ++ ++/* A generic ipset */ ++struct ip_set { ++ char name[IP_SET_MAXNAMELEN]; /* the name of the set */ ++ rwlock_t lock; /* lock for concurrency control */ ++ ip_set_id_t id; /* set id for swapping */ ++ ip_set_id_t binding; /* default binding for the set */ ++ atomic_t ref; /* in kernel and in hash references */ ++ struct ip_set_type *type; /* the set types */ ++ void *data; /* pooltype specific data */ ++}; ++ ++/* Structure to bind set elements to sets */ ++struct ip_set_hash { ++ struct list_head list; /* list of clashing entries in hash */ ++ ip_set_ip_t ip; /* ip from set */ ++ ip_set_id_t id; /* set id */ ++ ip_set_id_t binding; /* set we bind the element to */ ++}; ++ ++/* register and unregister set references */ ++extern ip_set_id_t ip_set_get_byname(const char name[IP_SET_MAXNAMELEN]); ++extern ip_set_id_t ip_set_get_byindex(ip_set_id_t id); ++extern void ip_set_put(ip_set_id_t id); ++ ++/* API for iptables set match, and SET target */ ++extern void ip_set_addip_kernel(ip_set_id_t id, ++ const struct sk_buff *skb, ++ const u_int32_t *flags); ++extern void ip_set_delip_kernel(ip_set_id_t id, ++ const struct sk_buff *skb, ++ const u_int32_t *flags); ++extern int ip_set_testip_kernel(ip_set_id_t id, ++ const struct sk_buff *skb, ++ const u_int32_t *flags); ++ ++#endif /* __KERNEL__ */ ++ ++#endif /*_IP_SET_H*/ +--- /dev/null ++++ b/include/linux/netfilter_ipv4/ip_set_iphash.h +@@ -0,0 +1,30 @@ ++#ifndef __IP_SET_IPHASH_H ++#define __IP_SET_IPHASH_H ++ ++#include <linux/netfilter_ipv4/ip_set.h> ++ ++#define SETTYPE_NAME "iphash" ++#define MAX_RANGE 0x0000FFFF ++ ++struct ip_set_iphash { ++ ip_set_ip_t *members; /* the iphash proper */ ++ uint32_t elements; /* number of elements */ ++ uint32_t hashsize; /* hash size */ ++ uint16_t probes; /* max number of probes */ ++ uint16_t resize; /* resize factor in percent */ ++ ip_set_ip_t netmask; /* netmask */ ++ void *initval[0]; /* initvals for jhash_1word */ ++}; ++ ++struct ip_set_req_iphash_create { ++ uint32_t hashsize; ++ uint16_t probes; ++ uint16_t resize; ++ ip_set_ip_t netmask; ++}; ++ ++struct ip_set_req_iphash { ++ ip_set_ip_t ip; ++}; ++ ++#endif /* __IP_SET_IPHASH_H */ +--- /dev/null ++++ b/include/linux/netfilter_ipv4/ip_set_ipmap.h +@@ -0,0 +1,56 @@ ++#ifndef __IP_SET_IPMAP_H ++#define __IP_SET_IPMAP_H ++ ++#include <linux/netfilter_ipv4/ip_set.h> ++ ++#define SETTYPE_NAME "ipmap" ++#define MAX_RANGE 0x0000FFFF ++ ++struct ip_set_ipmap { ++ void *members; /* the ipmap proper */ ++ ip_set_ip_t first_ip; /* host byte order, included in range */ ++ ip_set_ip_t last_ip; /* host byte order, included in range */ ++ ip_set_ip_t netmask; /* subnet netmask */ ++ ip_set_ip_t sizeid; /* size of set in IPs */ ++ ip_set_ip_t hosts; /* number of hosts in a subnet */ ++}; ++ ++struct ip_set_req_ipmap_create { ++ ip_set_ip_t from; ++ ip_set_ip_t to; ++ ip_set_ip_t netmask; ++}; ++ ++struct ip_set_req_ipmap { ++ ip_set_ip_t ip; ++}; ++ ++unsigned int ++mask_to_bits(ip_set_ip_t mask) ++{ ++ unsigned int bits = 32; ++ ip_set_ip_t maskaddr; ++ ++ if (mask == 0xFFFFFFFF) ++ return bits; ++ ++ maskaddr = 0xFFFFFFFE; ++ while (--bits >= 0 && maskaddr != mask) ++ maskaddr <<= 1; ++ ++ return bits; ++} ++ ++ip_set_ip_t ++range_to_mask(ip_set_ip_t from, ip_set_ip_t to, unsigned int *bits) ++{ ++ ip_set_ip_t mask = 0xFFFFFFFE; ++ ++ *bits = 32; ++ while (--(*bits) >= 0 && mask && (to & mask) != from) ++ mask <<= 1; ++ ++ return mask; ++} ++ ++#endif /* __IP_SET_IPMAP_H */ +--- /dev/null ++++ b/include/linux/netfilter_ipv4/ip_set_ipporthash.h +@@ -0,0 +1,34 @@ ++#ifndef __IP_SET_IPPORTHASH_H ++#define __IP_SET_IPPORTHASH_H ++ ++#include <linux/netfilter_ipv4/ip_set.h> ++ ++#define SETTYPE_NAME "ipporthash" ++#define MAX_RANGE 0x0000FFFF ++#define INVALID_PORT (MAX_RANGE + 1) ++ ++struct ip_set_ipporthash { ++ ip_set_ip_t *members; /* the ipporthash proper */ ++ uint32_t elements; /* number of elements */ ++ uint32_t hashsize; /* hash size */ ++ uint16_t probes; /* max number of probes */ ++ uint16_t resize; /* resize factor in percent */ ++ ip_set_ip_t first_ip; /* host byte order, included in range */ ++ ip_set_ip_t last_ip; /* host byte order, included in range */ ++ void *initval[0]; /* initvals for jhash_1word */ ++}; ++ ++struct ip_set_req_ipporthash_create { ++ uint32_t hashsize; ++ uint16_t probes; ++ uint16_t resize; ++ ip_set_ip_t from; ++ ip_set_ip_t to; ++}; ++ ++struct ip_set_req_ipporthash { ++ ip_set_ip_t ip; ++ ip_set_ip_t port; ++}; ++ ++#endif /* __IP_SET_IPPORTHASH_H */ +--- /dev/null ++++ b/include/linux/netfilter_ipv4/ip_set_iptree.h +@@ -0,0 +1,40 @@ ++#ifndef __IP_SET_IPTREE_H ++#define __IP_SET_IPTREE_H ++ ++#include <linux/netfilter_ipv4/ip_set.h> ++ ++#define SETTYPE_NAME "iptree" ++#define MAX_RANGE 0x0000FFFF ++ ++struct ip_set_iptreed { ++ unsigned long expires[256]; /* x.x.x.ADDR */ ++}; ++ ++struct ip_set_iptreec { ++ struct ip_set_iptreed *tree[256]; /* x.x.ADDR.* */ ++}; ++ ++struct ip_set_iptreeb { ++ struct ip_set_iptreec *tree[256]; /* x.ADDR.*.* */ ++}; ++ ++struct ip_set_iptree { ++ unsigned int timeout; ++ unsigned int gc_interval; ++#ifdef __KERNEL__ ++ uint32_t elements; /* number of elements */ ++ struct timer_list gc; ++ struct ip_set_iptreeb *tree[256]; /* ADDR.*.*.* */ ++#endif ++}; ++ ++struct ip_set_req_iptree_create { ++ unsigned int timeout; ++}; ++ ++struct ip_set_req_iptree { ++ ip_set_ip_t ip; ++ unsigned int timeout; ++}; ++ ++#endif /* __IP_SET_IPTREE_H */ +--- /dev/null ++++ b/include/linux/netfilter_ipv4/ip_set_iptreemap.h +@@ -0,0 +1,40 @@ ++#ifndef __IP_SET_IPTREEMAP_H ++#define __IP_SET_IPTREEMAP_H ++ ++#include <linux/netfilter_ipv4/ip_set.h> ++ ++#define SETTYPE_NAME "iptreemap" ++ ++#ifdef __KERNEL__ ++struct ip_set_iptreemap_d { ++ unsigned char bitmap[32]; /* x.x.x.y */ ++}; ++ ++struct ip_set_iptreemap_c { ++ struct ip_set_iptreemap_d *tree[256]; /* x.x.y.x */ ++}; ++ ++struct ip_set_iptreemap_b { ++ struct ip_set_iptreemap_c *tree[256]; /* x.y.x.x */ ++ unsigned char dirty[32]; ++}; ++#endif ++ ++struct ip_set_iptreemap { ++ unsigned int gc_interval; ++#ifdef __KERNEL__ ++ struct timer_list gc; ++ struct ip_set_iptreemap_b *tree[256]; /* y.x.x.x */ ++#endif ++}; ++ ++struct ip_set_req_iptreemap_create { ++ unsigned int gc_interval; ++}; ++ ++struct ip_set_req_iptreemap { ++ ip_set_ip_t start; ++ ip_set_ip_t end; ++}; ++ ++#endif /* __IP_SET_IPTREEMAP_H */ +--- /dev/null ++++ b/include/linux/netfilter_ipv4/ip_set_jhash.h +@@ -0,0 +1,148 @@ ++#ifndef _LINUX_IPSET_JHASH_H ++#define _LINUX_IPSET_JHASH_H ++ ++/* This is a copy of linux/jhash.h but the types u32/u8 are changed ++ * to __u32/__u8 so that the header file can be included into ++ * userspace code as well. Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) ++ */ ++ ++/* jhash.h: Jenkins hash support. ++ * ++ * Copyright (C) 1996 Bob Jenkins (bob_jenkins@burtleburtle.net) ++ * ++ * http://burtleburtle.net/bob/hash/ ++ * ++ * These are the credits from Bob's sources: ++ * ++ * lookup2.c, by Bob Jenkins, December 1996, Public Domain. ++ * hash(), hash2(), hash3, and mix() are externally useful functions. ++ * Routines to test the hash are included if SELF_TEST is defined. ++ * You can use this free for any purpose. It has no warranty. ++ * ++ * Copyright (C) 2003 David S. Miller (davem@redhat.com) ++ * ++ * I've modified Bob's hash to be useful in the Linux kernel, and ++ * any bugs present are surely my fault. -DaveM ++ */ ++ ++/* NOTE: Arguments are modified. */ ++#define __jhash_mix(a, b, c) \ ++{ \ ++ a -= b; a -= c; a ^= (c>>13); \ ++ b -= c; b -= a; b ^= (a<<8); \ ++ c -= a; c -= b; c ^= (b>>13); \ ++ a -= b; a -= c; a ^= (c>>12); \ ++ b -= c; b -= a; b ^= (a<<16); \ ++ c -= a; c -= b; c ^= (b>>5); \ ++ a -= b; a -= c; a ^= (c>>3); \ ++ b -= c; b -= a; b ^= (a<<10); \ ++ c -= a; c -= b; c ^= (b>>15); \ ++} ++ ++/* The golden ration: an arbitrary value */ ++#define JHASH_GOLDEN_RATIO 0x9e3779b9 ++ ++/* The most generic version, hashes an arbitrary sequence ++ * of bytes. No alignment or length assumptions are made about ++ * the input key. ++ */ ++static inline __u32 jhash(void *key, __u32 length, __u32 initval) ++{ ++ __u32 a, b, c, len; ++ __u8 *k = key; ++ ++ len = length; ++ a = b = JHASH_GOLDEN_RATIO; ++ c = initval; ++ ++ while (len >= 12) { ++ a += (k[0] +((__u32)k[1]<<8) +((__u32)k[2]<<16) +((__u32)k[3]<<24)); ++ b += (k[4] +((__u32)k[5]<<8) +((__u32)k[6]<<16) +((__u32)k[7]<<24)); ++ c += (k[8] +((__u32)k[9]<<8) +((__u32)k[10]<<16)+((__u32)k[11]<<24)); ++ ++ __jhash_mix(a,b,c); ++ ++ k += 12; ++ len -= 12; ++ } ++ ++ c += length; ++ switch (len) { ++ case 11: c += ((__u32)k[10]<<24); ++ case 10: c += ((__u32)k[9]<<16); ++ case 9 : c += ((__u32)k[8]<<8); ++ case 8 : b += ((__u32)k[7]<<24); ++ case 7 : b += ((__u32)k[6]<<16); ++ case 6 : b += ((__u32)k[5]<<8); ++ case 5 : b += k[4]; ++ case 4 : a += ((__u32)k[3]<<24); ++ case 3 : a += ((__u32)k[2]<<16); ++ case 2 : a += ((__u32)k[1]<<8); ++ case 1 : a += k[0]; ++ }; ++ ++ __jhash_mix(a,b,c); ++ ++ return c; ++} ++ ++/* A special optimized version that handles 1 or more of __u32s. ++ * The length parameter here is the number of __u32s in the key. ++ */ ++static inline __u32 jhash2(__u32 *k, __u32 length, __u32 initval) ++{ ++ __u32 a, b, c, len; ++ ++ a = b = JHASH_GOLDEN_RATIO; ++ c = initval; ++ len = length; ++ ++ while (len >= 3) { ++ a += k[0]; ++ b += k[1]; ++ c += k[2]; ++ __jhash_mix(a, b, c); ++ k += 3; len -= 3; ++ } ++ ++ c += length * 4; ++ ++ switch (len) { ++ case 2 : b += k[1]; ++ case 1 : a += k[0]; ++ }; ++ ++ __jhash_mix(a,b,c); ++ ++ return c; ++} ++ ++ ++/* A special ultra-optimized versions that knows they are hashing exactly ++ * 3, 2 or 1 word(s). ++ * ++ * NOTE: In partilar the "c += length; __jhash_mix(a,b,c);" normally ++ * done at the end is not done here. ++ */ ++static inline __u32 jhash_3words(__u32 a, __u32 b, __u32 c, __u32 initval) ++{ ++ a += JHASH_GOLDEN_RATIO; ++ b += JHASH_GOLDEN_RATIO; ++ c += initval; ++ ++ __jhash_mix(a, b, c); ++ ++ return c; ++} ++ ++static inline __u32 jhash_2words(__u32 a, __u32 b, __u32 initval) ++{ ++ return jhash_3words(a, b, 0, initval); ++} ++ ++static inline __u32 jhash_1word(__u32 a, __u32 initval) ++{ ++ return jhash_3words(a, 0, 0, initval); ++} ++ ++#endif /* _LINUX_IPSET_JHASH_H */ +--- /dev/null ++++ b/include/linux/netfilter_ipv4/ip_set_macipmap.h +@@ -0,0 +1,38 @@ ++#ifndef __IP_SET_MACIPMAP_H ++#define __IP_SET_MACIPMAP_H ++ ++#include <linux/netfilter_ipv4/ip_set.h> ++ ++#define SETTYPE_NAME "macipmap" ++#define MAX_RANGE 0x0000FFFF ++ ++/* general flags */ ++#define IPSET_MACIP_MATCHUNSET 1 ++ ++/* per ip flags */ ++#define IPSET_MACIP_ISSET 1 ++ ++struct ip_set_macipmap { ++ void *members; /* the macipmap proper */ ++ ip_set_ip_t first_ip; /* host byte order, included in range */ ++ ip_set_ip_t last_ip; /* host byte order, included in range */ ++ u_int32_t flags; ++}; ++ ++struct ip_set_req_macipmap_create { ++ ip_set_ip_t from; ++ ip_set_ip_t to; ++ u_int32_t flags; ++}; ++ ++struct ip_set_req_macipmap { ++ ip_set_ip_t ip; ++ unsigned char ethernet[ETH_ALEN]; ++}; ++ ++struct ip_set_macip { ++ unsigned short flags; ++ unsigned char ethernet[ETH_ALEN]; ++}; ++ ++#endif /* __IP_SET_MACIPMAP_H */ +--- /dev/null ++++ b/include/linux/netfilter_ipv4/ip_set_malloc.h +@@ -0,0 +1,116 @@ ++#ifndef _IP_SET_MALLOC_H ++#define _IP_SET_MALLOC_H ++ ++#ifdef __KERNEL__ ++ ++/* Memory allocation and deallocation */ ++static size_t max_malloc_size = 0; ++ ++static inline void init_max_malloc_size(void) ++{ ++#define CACHE(x) max_malloc_size = x; ++#include <linux/kmalloc_sizes.h> ++#undef CACHE ++} ++ ++static inline void * ip_set_malloc(size_t bytes) ++{ ++ if (bytes > max_malloc_size) ++ return vmalloc(bytes); ++ else ++ return kmalloc(bytes, GFP_KERNEL); ++} ++ ++static inline void ip_set_free(void * data, size_t bytes) ++{ ++ if (bytes > max_malloc_size) ++ vfree(data); ++ else ++ kfree(data); ++} ++ ++struct harray { ++ size_t max_elements; ++ void *arrays[0]; ++}; ++ ++static inline void * ++harray_malloc(size_t hashsize, size_t typesize, int flags) ++{ ++ struct harray *harray; ++ size_t max_elements, size, i, j; ++ ++ if (!max_malloc_size) ++ init_max_malloc_size(); ++ ++ if (typesize > max_malloc_size) ++ return NULL; ++ ++ max_elements = max_malloc_size/typesize; ++ size = hashsize/max_elements; ++ if (hashsize % max_elements) ++ size++; ++ ++ /* Last pointer signals end of arrays */ ++ harray = kmalloc(sizeof(struct harray) + (size + 1) * sizeof(void *), ++ flags); ++ ++ if (!harray) ++ return NULL; ++ ++ for (i = 0; i < size - 1; i++) { ++ harray->arrays[i] = kmalloc(max_elements * typesize, flags); ++ if (!harray->arrays[i]) ++ goto undo; ++ memset(harray->arrays[i], 0, max_elements * typesize); ++ } ++ harray->arrays[i] = kmalloc((hashsize - i * max_elements) * typesize, ++ flags); ++ if (!harray->arrays[i]) ++ goto undo; ++ memset(harray->arrays[i], 0, (hashsize - i * max_elements) * typesize); ++ ++ harray->max_elements = max_elements; ++ harray->arrays[size] = NULL; ++ ++ return (void *)harray; ++ ++ undo: ++ for (j = 0; j < i; j++) { ++ kfree(harray->arrays[j]); ++ } ++ kfree(harray); ++ return NULL; ++} ++ ++static inline void harray_free(void *h) ++{ ++ struct harray *harray = (struct harray *) h; ++ size_t i; ++ ++ for (i = 0; harray->arrays[i] != NULL; i++) ++ kfree(harray->arrays[i]); ++ kfree(harray); ++} ++ ++static inline void harray_flush(void *h, size_t hashsize, size_t typesize) ++{ ++ struct harray *harray = (struct harray *) h; ++ size_t i; ++ ++ for (i = 0; harray->arrays[i+1] != NULL; i++) ++ memset(harray->arrays[i], 0, harray->max_elements * typesize); ++ memset(harray->arrays[i], 0, ++ (hashsize - i * harray->max_elements) * typesize); ++} ++ ++#define HARRAY_ELEM(h, type, which) \ ++({ \ ++ struct harray *__h = (struct harray *)(h); \ ++ ((type)((__h)->arrays[(which)/(__h)->max_elements]) \ ++ + (which)%(__h)->max_elements); \ ++}) ++ ++#endif /* __KERNEL__ */ ++ ++#endif /*_IP_SET_MALLOC_H*/ +--- /dev/null ++++ b/include/linux/netfilter_ipv4/ip_set_nethash.h +@@ -0,0 +1,55 @@ ++#ifndef __IP_SET_NETHASH_H ++#define __IP_SET_NETHASH_H ++ ++#include <linux/netfilter_ipv4/ip_set.h> ++ ++#define SETTYPE_NAME "nethash" ++#define MAX_RANGE 0x0000FFFF ++ ++struct ip_set_nethash { ++ ip_set_ip_t *members; /* the nethash proper */ ++ uint32_t elements; /* number of elements */ ++ uint32_t hashsize; /* hash size */ ++ uint16_t probes; /* max number of probes */ ++ uint16_t resize; /* resize factor in percent */ ++ unsigned char cidr[30]; /* CIDR sizes */ ++ void *initval[0]; /* initvals for jhash_1word */ ++}; ++ ++struct ip_set_req_nethash_create { ++ uint32_t hashsize; ++ uint16_t probes; ++ uint16_t resize; ++}; ++ ++struct ip_set_req_nethash { ++ ip_set_ip_t ip; ++ unsigned char cidr; ++}; ++ ++static unsigned char shifts[] = {255, 253, 249, 241, 225, 193, 129, 1}; ++ ++static inline ip_set_ip_t ++pack(ip_set_ip_t ip, unsigned char cidr) ++{ ++ ip_set_ip_t addr, *paddr = &addr; ++ unsigned char n, t, *a; ++ ++ addr = htonl(ip & (0xFFFFFFFF << (32 - (cidr)))); ++#ifdef __KERNEL__ ++ DP("ip:%u.%u.%u.%u/%u", NIPQUAD(addr), cidr); ++#endif ++ n = cidr / 8; ++ t = cidr % 8; ++ a = &((unsigned char *)paddr)[n]; ++ *a = *a /(1 << (8 - t)) + shifts[t]; ++#ifdef __KERNEL__ ++ DP("n: %u, t: %u, a: %u", n, t, *a); ++ DP("ip:%u.%u.%u.%u/%u, %u.%u.%u.%u", ++ HIPQUAD(ip), cidr, NIPQUAD(addr)); ++#endif ++ ++ return ntohl(addr); ++} ++ ++#endif /* __IP_SET_NETHASH_H */ +--- /dev/null ++++ b/include/linux/netfilter_ipv4/ip_set_portmap.h +@@ -0,0 +1,25 @@ ++#ifndef __IP_SET_PORTMAP_H ++#define __IP_SET_PORTMAP_H ++ ++#include <linux/netfilter_ipv4/ip_set.h> ++ ++#define SETTYPE_NAME "portmap" ++#define MAX_RANGE 0x0000FFFF ++#define INVALID_PORT (MAX_RANGE + 1) ++ ++struct ip_set_portmap { ++ void *members; /* the portmap proper */ ++ ip_set_ip_t first_port; /* host byte order, included in range */ ++ ip_set_ip_t last_port; /* host byte order, included in range */ ++}; ++ ++struct ip_set_req_portmap_create { ++ ip_set_ip_t from; ++ ip_set_ip_t to; ++}; ++ ++struct ip_set_req_portmap { ++ ip_set_ip_t port; ++}; ++ ++#endif /* __IP_SET_PORTMAP_H */ +--- /dev/null ++++ b/include/linux/netfilter_ipv4/ipt_set.h +@@ -0,0 +1,21 @@ ++#ifndef _IPT_SET_H ++#define _IPT_SET_H ++ ++#include <linux/netfilter_ipv4/ip_set.h> ++ ++struct ipt_set_info { ++ ip_set_id_t index; ++ u_int32_t flags[IP_SET_MAX_BINDINGS + 1]; ++}; ++ ++/* match info */ ++struct ipt_set_info_match { ++ struct ipt_set_info match_set; ++}; ++ ++struct ipt_set_info_target { ++ struct ipt_set_info add_set; ++ struct ipt_set_info del_set; ++}; ++ ++#endif /*_IPT_SET_H*/ +--- /dev/null ++++ b/net/ipv4/netfilter/ip_set.c +@@ -0,0 +1,2003 @@ ++/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> ++ * Patrick Schaaf <bof@bof.de> ++ * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++ ++/* Kernel module for IP set management */ ++ ++#include <linux/version.h> ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) ++#include <linux/config.h> ++#endif ++#include <linux/module.h> ++#include <linux/moduleparam.h> ++#include <linux/kmod.h> ++#include <linux/ip.h> ++#include <linux/skbuff.h> ++#include <linux/random.h> ++#include <linux/jhash.h> ++#include <linux/netfilter_ipv4/ip_tables.h> ++#include <linux/errno.h> ++#include <asm/uaccess.h> ++#include <asm/bitops.h> ++#include <asm/semaphore.h> ++#include <linux/spinlock.h> ++#include <linux/vmalloc.h> ++ ++#define ASSERT_READ_LOCK(x) ++#define ASSERT_WRITE_LOCK(x) ++#include <linux/netfilter_ipv4/ip_set.h> ++ ++static struct list_head set_type_list; /* all registered sets */ ++static struct ip_set **ip_set_list; /* all individual sets */ ++static DEFINE_RWLOCK(ip_set_lock); /* protects the lists and the hash */ ++static DECLARE_MUTEX(ip_set_app_mutex); /* serializes user access */ ++static ip_set_id_t ip_set_max = CONFIG_IP_NF_SET_MAX; ++static ip_set_id_t ip_set_bindings_hash_size = CONFIG_IP_NF_SET_HASHSIZE; ++static struct list_head *ip_set_hash; /* hash of bindings */ ++static unsigned int ip_set_hash_random; /* random seed */ ++ ++/* ++ * Sets are identified either by the index in ip_set_list or by id. ++ * The id never changes and is used to find a key in the hash. ++ * The index may change by swapping and used at all other places ++ * (set/SET netfilter modules, binding value, etc.) ++ * ++ * Userspace requests are serialized by ip_set_mutex and sets can ++ * be deleted only from userspace. Therefore ip_set_list locking ++ * must obey the following rules: ++ * ++ * - kernel requests: read and write locking mandatory ++ * - user requests: read locking optional, write locking mandatory ++ */ ++ ++static inline void ++__ip_set_get(ip_set_id_t index) ++{ ++ atomic_inc(&ip_set_list[index]->ref); ++} ++ ++static inline void ++__ip_set_put(ip_set_id_t index) ++{ ++ atomic_dec(&ip_set_list[index]->ref); ++} ++ ++/* ++ * Binding routines ++ */ ++ ++static inline struct ip_set_hash * ++__ip_set_find(u_int32_t key, ip_set_id_t id, ip_set_ip_t ip) ++{ ++ struct ip_set_hash *set_hash; ++ ++ list_for_each_entry(set_hash, &ip_set_hash[key], list) ++ if (set_hash->id == id && set_hash->ip == ip) ++ return set_hash; ++ ++ return NULL; ++} ++ ++static ip_set_id_t ++ip_set_find_in_hash(ip_set_id_t id, ip_set_ip_t ip) ++{ ++ u_int32_t key = jhash_2words(id, ip, ip_set_hash_random) ++ % ip_set_bindings_hash_size; ++ struct ip_set_hash *set_hash; ++ ++ ASSERT_READ_LOCK(&ip_set_lock); ++ IP_SET_ASSERT(ip_set_list[id]); ++ DP("set: %s, ip: %u.%u.%u.%u", ip_set_list[id]->name, HIPQUAD(ip)); ++ ++ set_hash = __ip_set_find(key, id, ip); ++ ++ DP("set: %s, ip: %u.%u.%u.%u, binding: %s", ip_set_list[id]->name, ++ HIPQUAD(ip), ++ set_hash != NULL ? ip_set_list[set_hash->binding]->name : ""); ++ ++ return (set_hash != NULL ? set_hash->binding : IP_SET_INVALID_ID); ++} ++ ++static inline void ++__set_hash_del(struct ip_set_hash *set_hash) ++{ ++ ASSERT_WRITE_LOCK(&ip_set_lock); ++ IP_SET_ASSERT(ip_set_list[set_hash->binding]); ++ ++ __ip_set_put(set_hash->binding); ++ list_del(&set_hash->list); ++ kfree(set_hash); ++} ++ ++static int ++ip_set_hash_del(ip_set_id_t id, ip_set_ip_t ip) ++{ ++ u_int32_t key = jhash_2words(id, ip, ip_set_hash_random) ++ % ip_set_bindings_hash_size; ++ struct ip_set_hash *set_hash; ++ ++ IP_SET_ASSERT(ip_set_list[id]); ++ DP("set: %s, ip: %u.%u.%u.%u", ip_set_list[id]->name, HIPQUAD(ip)); ++ write_lock_bh(&ip_set_lock); ++ set_hash = __ip_set_find(key, id, ip); ++ DP("set: %s, ip: %u.%u.%u.%u, binding: %s", ip_set_list[id]->name, ++ HIPQUAD(ip), ++ set_hash != NULL ? ip_set_list[set_hash->binding]->name : ""); ++ ++ if (set_hash != NULL) ++ __set_hash_del(set_hash); ++ write_unlock_bh(&ip_set_lock); ++ return 0; ++} ++ ++static int ++ip_set_hash_add(ip_set_id_t id, ip_set_ip_t ip, ip_set_id_t binding) ++{ ++ u_int32_t key = jhash_2words(id, ip, ip_set_hash_random) ++ % ip_set_bindings_hash_size; ++ struct ip_set_hash *set_hash; ++ int ret = 0; ++ ++ IP_SET_ASSERT(ip_set_list[id]); ++ IP_SET_ASSERT(ip_set_list[binding]); ++ DP("set: %s, ip: %u.%u.%u.%u, binding: %s", ip_set_list[id]->name, ++ HIPQUAD(ip), ip_set_list[binding]->name); ++ write_lock_bh(&ip_set_lock); ++ set_hash = __ip_set_find(key, id, ip); ++ if (!set_hash) { ++ set_hash = kmalloc(sizeof(struct ip_set_hash), GFP_ATOMIC); ++ if (!set_hash) { ++ ret = -ENOMEM; ++ goto unlock; ++ } ++ INIT_LIST_HEAD(&set_hash->list); ++ set_hash->id = id; ++ set_hash->ip = ip; ++ list_add(&set_hash->list, &ip_set_hash[key]); ++ } else { ++ IP_SET_ASSERT(ip_set_list[set_hash->binding]); ++ DP("overwrite binding: %s", ++ ip_set_list[set_hash->binding]->name); ++ __ip_set_put(set_hash->binding); ++ } ++ set_hash->binding = binding; ++ __ip_set_get(set_hash->binding); ++ DP("stored: key %u, id %u (%s), ip %u.%u.%u.%u, binding %u (%s)", ++ key, id, ip_set_list[id]->name, ++ HIPQUAD(ip), binding, ip_set_list[binding]->name); ++ unlock: ++ write_unlock_bh(&ip_set_lock); ++ return ret; ++} ++ ++#define FOREACH_HASH_DO(fn, args...) \ ++({ \ ++ ip_set_id_t __key; \ ++ struct ip_set_hash *__set_hash; \ ++ \ ++ for (__key = 0; __key < ip_set_bindings_hash_size; __key++) { \ ++ list_for_each_entry(__set_hash, &ip_set_hash[__key], list) \ ++ fn(__set_hash , ## args); \ ++ } \ ++}) ++ ++#define FOREACH_HASH_RW_DO(fn, args...) \ ++({ \ ++ ip_set_id_t __key; \ ++ struct ip_set_hash *__set_hash, *__n; \ ++ \ ++ ASSERT_WRITE_LOCK(&ip_set_lock); \ ++ for (__key = 0; __key < ip_set_bindings_hash_size; __key++) { \ ++ list_for_each_entry_safe(__set_hash, __n, &ip_set_hash[__key], list)\ ++ fn(__set_hash , ## args); \ ++ } \ ++}) ++ ++/* Add, del and test set entries from kernel */ ++ ++#define follow_bindings(index, set, ip) \ ++((index = ip_set_find_in_hash((set)->id, ip)) != IP_SET_INVALID_ID \ ++ || (index = (set)->binding) != IP_SET_INVALID_ID) ++ ++int ++ip_set_testip_kernel(ip_set_id_t index, ++ const struct sk_buff *skb, ++ const u_int32_t *flags) ++{ ++ struct ip_set *set; ++ ip_set_ip_t ip; ++ int res; ++ unsigned char i = 0; ++ ++ IP_SET_ASSERT(flags[i]); ++ read_lock_bh(&ip_set_lock); ++ do { ++ set = ip_set_list[index]; ++ IP_SET_ASSERT(set); ++ DP("set %s, index %u", set->name, index); ++ read_lock_bh(&set->lock); ++ res = set->type->testip_kernel(set, skb, &ip, flags, i++); ++ read_unlock_bh(&set->lock); ++ i += !!(set->type->features & IPSET_DATA_DOUBLE); ++ } while (res > 0 ++ && flags[i] ++ && follow_bindings(index, set, ip)); ++ read_unlock_bh(&ip_set_lock); ++ ++ return res; ++} ++ ++void ++ip_set_addip_kernel(ip_set_id_t index, ++ const struct sk_buff *skb, ++ const u_int32_t *flags) ++{ ++ struct ip_set *set; ++ ip_set_ip_t ip; ++ int res; ++ unsigned char i = 0; ++ ++ IP_SET_ASSERT(flags[i]); ++ retry: ++ read_lock_bh(&ip_set_lock); ++ do { ++ set = ip_set_list[index]; ++ IP_SET_ASSERT(set); ++ DP("set %s, index %u", set->name, index); ++ write_lock_bh(&set->lock); ++ res = set->type->addip_kernel(set, skb, &ip, flags, i++); ++ write_unlock_bh(&set->lock); ++ i += !!(set->type->features & IPSET_DATA_DOUBLE); ++ } while ((res == 0 || res == -EEXIST) ++ && flags[i] ++ && follow_bindings(index, set, ip)); ++ read_unlock_bh(&ip_set_lock); ++ ++ if (res == -EAGAIN ++ && set->type->retry ++ && (res = set->type->retry(set)) == 0) ++ goto retry; ++} ++ ++void ++ip_set_delip_kernel(ip_set_id_t index, ++ const struct sk_buff *skb, ++ const u_int32_t *flags) ++{ ++ struct ip_set *set; ++ ip_set_ip_t ip; ++ int res; ++ unsigned char i = 0; ++ ++ IP_SET_ASSERT(flags[i]); ++ read_lock_bh(&ip_set_lock); ++ do { ++ set = ip_set_list[index]; ++ IP_SET_ASSERT(set); ++ DP("set %s, index %u", set->name, index); ++ write_lock_bh(&set->lock); ++ res = set->type->delip_kernel(set, skb, &ip, flags, i++); ++ write_unlock_bh(&set->lock); ++ i += !!(set->type->features & IPSET_DATA_DOUBLE); ++ } while ((res == 0 || res == -EEXIST) ++ && flags[i] ++ && follow_bindings(index, set, ip)); ++ read_unlock_bh(&ip_set_lock); ++} ++ ++/* Register and deregister settype */ ++ ++static inline struct ip_set_type * ++find_set_type(const char *name) ++{ ++ struct ip_set_type *set_type; ++ ++ list_for_each_entry(set_type, &set_type_list, list) ++ if (!strncmp(set_type->typename, name, IP_SET_MAXNAMELEN - 1)) ++ return set_type; ++ return NULL; ++} ++ ++int ++ip_set_register_set_type(struct ip_set_type *set_type) ++{ ++ int ret = 0; ++ ++ if (set_type->protocol_version != IP_SET_PROTOCOL_VERSION) { ++ ip_set_printk("'%s' uses wrong protocol version %u (want %u)", ++ set_type->typename, ++ set_type->protocol_version, ++ IP_SET_PROTOCOL_VERSION); ++ return -EINVAL; ++ } ++ ++ write_lock_bh(&ip_set_lock); ++ if (find_set_type(set_type->typename)) { ++ /* Duplicate! */ ++ ip_set_printk("'%s' already registered!", ++ set_type->typename); ++ ret = -EINVAL; ++ goto unlock; ++ } ++ if (!try_module_get(THIS_MODULE)) { ++ ret = -EFAULT; ++ goto unlock; ++ } ++ list_add(&set_type->list, &set_type_list); ++ DP("'%s' registered.", set_type->typename); ++ unlock: ++ write_unlock_bh(&ip_set_lock); ++ return ret; ++} ++ ++void ++ip_set_unregister_set_type(struct ip_set_type *set_type) ++{ ++ write_lock_bh(&ip_set_lock); ++ if (!find_set_type(set_type->typename)) { ++ ip_set_printk("'%s' not registered?", ++ set_type->typename); ++ goto unlock; ++ } ++ list_del(&set_type->list); ++ module_put(THIS_MODULE); ++ DP("'%s' unregistered.", set_type->typename); ++ unlock: ++ write_unlock_bh(&ip_set_lock); ++ ++} ++ ++/* ++ * Userspace routines ++ */ ++ ++/* ++ * Find set by name, reference it once. The reference makes sure the ++ * thing pointed to, does not go away under our feet. Drop the reference ++ * later, using ip_set_put(). ++ */ ++ip_set_id_t ++ip_set_get_byname(const char *name) ++{ ++ ip_set_id_t i, index = IP_SET_INVALID_ID; ++ ++ down(&ip_set_app_mutex); ++ for (i = 0; i < ip_set_max; i++) { ++ if (ip_set_list[i] != NULL ++ && strcmp(ip_set_list[i]->name, name) == 0) { ++ __ip_set_get(i); ++ index = i; ++ break; ++ } ++ } ++ up(&ip_set_app_mutex); ++ return index; ++} ++ ++/* ++ * Find set by index, reference it once. The reference makes sure the ++ * thing pointed to, does not go away under our feet. Drop the reference ++ * later, using ip_set_put(). ++ */ ++ip_set_id_t ++ip_set_get_byindex(ip_set_id_t index) ++{ ++ down(&ip_set_app_mutex); ++ ++ if (index >= ip_set_max) ++ return IP_SET_INVALID_ID; ++ ++ if (ip_set_list[index]) ++ __ip_set_get(index); ++ else ++ index = IP_SET_INVALID_ID; ++ ++ up(&ip_set_app_mutex); ++ return index; ++} ++ ++/* ++ * If the given set pointer points to a valid set, decrement ++ * reference count by 1. The caller shall not assume the index ++ * to be valid, after calling this function. ++ */ ++void ip_set_put(ip_set_id_t index) ++{ ++ down(&ip_set_app_mutex); ++ if (ip_set_list[index]) ++ __ip_set_put(index); ++ up(&ip_set_app_mutex); ++} ++ ++/* Find a set by name or index */ ++static ip_set_id_t ++ip_set_find_byname(const char *name) ++{ ++ ip_set_id_t i, index = IP_SET_INVALID_ID; ++ ++ for (i = 0; i < ip_set_max; i++) { ++ if (ip_set_list[i] != NULL ++ && strcmp(ip_set_list[i]->name, name) == 0) { ++ index = i; ++ break; ++ } ++ } ++ return index; ++} ++ ++static ip_set_id_t ++ip_set_find_byindex(ip_set_id_t index) ++{ ++ if (index >= ip_set_max || ip_set_list[index] == NULL) ++ index = IP_SET_INVALID_ID; ++ ++ return index; ++} ++ ++/* ++ * Add, del, test, bind and unbind ++ */ ++ ++static inline int ++__ip_set_testip(struct ip_set *set, ++ const void *data, ++ size_t size, ++ ip_set_ip_t *ip) ++{ ++ int res; ++ ++ read_lock_bh(&set->lock); ++ res = set->type->testip(set, data, size, ip); ++ read_unlock_bh(&set->lock); ++ ++ return res; ++} ++ ++static int ++__ip_set_addip(ip_set_id_t index, ++ const void *data, ++ size_t size) ++{ ++ struct ip_set *set = ip_set_list[index]; ++ ip_set_ip_t ip; ++ int res; ++ ++ IP_SET_ASSERT(set); ++ do { ++ write_lock_bh(&set->lock); ++ res = set->type->addip(set, data, size, &ip); ++ write_unlock_bh(&set->lock); ++ } while (res == -EAGAIN ++ && set->type->retry ++ && (res = set->type->retry(set)) == 0); ++ ++ return res; ++} ++ ++static int ++ip_set_addip(ip_set_id_t index, ++ const void *data, ++ size_t size) ++{ ++ ++ return __ip_set_addip(index, ++ data + sizeof(struct ip_set_req_adt), ++ size - sizeof(struct ip_set_req_adt)); ++} ++ ++static int ++ip_set_delip(ip_set_id_t index, ++ const void *data, ++ size_t size) ++{ ++ struct ip_set *set = ip_set_list[index]; ++ ip_set_ip_t ip; ++ int res; ++ ++ IP_SET_ASSERT(set); ++ write_lock_bh(&set->lock); ++ res = set->type->delip(set, ++ data + sizeof(struct ip_set_req_adt), ++ size - sizeof(struct ip_set_req_adt), ++ &ip); ++ write_unlock_bh(&set->lock); ++ ++ return res; ++} ++ ++static int ++ip_set_testip(ip_set_id_t index, ++ const void *data, ++ size_t size) ++{ ++ struct ip_set *set = ip_set_list[index]; ++ ip_set_ip_t ip; ++ int res; ++ ++ IP_SET_ASSERT(set); ++ res = __ip_set_testip(set, ++ data + sizeof(struct ip_set_req_adt), ++ size - sizeof(struct ip_set_req_adt), ++ &ip); ++ ++ return (res > 0 ? -EEXIST : res); ++} ++ ++static int ++ip_set_bindip(ip_set_id_t index, ++ const void *data, ++ size_t size) ++{ ++ struct ip_set *set = ip_set_list[index]; ++ struct ip_set_req_bind *req_bind; ++ ip_set_id_t binding; ++ ip_set_ip_t ip; ++ int res; ++ ++ IP_SET_ASSERT(set); ++ if (size < sizeof(struct ip_set_req_bind)) ++ return -EINVAL; ++ ++ req_bind = (struct ip_set_req_bind *) data; ++ req_bind->binding[IP_SET_MAXNAMELEN - 1] = '\0'; ++ ++ if (strcmp(req_bind->binding, IPSET_TOKEN_DEFAULT) == 0) { ++ /* Default binding of a set */ ++ char *binding_name; ++ ++ if (size != sizeof(struct ip_set_req_bind) + IP_SET_MAXNAMELEN) ++ return -EINVAL; ++ ++ binding_name = (char *)(data + sizeof(struct ip_set_req_bind)); ++ binding_name[IP_SET_MAXNAMELEN - 1] = '\0'; ++ ++ binding = ip_set_find_byname(binding_name); ++ if (binding == IP_SET_INVALID_ID) ++ return -ENOENT; ++ ++ write_lock_bh(&ip_set_lock); ++ /* Sets as binding values are referenced */ ++ if (set->binding != IP_SET_INVALID_ID) ++ __ip_set_put(set->binding); ++ set->binding = binding; ++ __ip_set_get(set->binding); ++ write_unlock_bh(&ip_set_lock); ++ ++ return 0; ++ } ++ binding = ip_set_find_byname(req_bind->binding); ++ if (binding == IP_SET_INVALID_ID) ++ return -ENOENT; ++ ++ res = __ip_set_testip(set, ++ data + sizeof(struct ip_set_req_bind), ++ size - sizeof(struct ip_set_req_bind), ++ &ip); ++ DP("set %s, ip: %u.%u.%u.%u, binding %s", ++ set->name, HIPQUAD(ip), ip_set_list[binding]->name); ++ ++ if (res >= 0) ++ res = ip_set_hash_add(set->id, ip, binding); ++ ++ return res; ++} ++ ++#define FOREACH_SET_DO(fn, args...) \ ++({ \ ++ ip_set_id_t __i; \ ++ struct ip_set *__set; \ ++ \ ++ for (__i = 0; __i < ip_set_max; __i++) { \ ++ __set = ip_set_list[__i]; \ ++ if (__set != NULL) \ ++ fn(__set , ##args); \ ++ } \ ++}) ++ ++static inline void ++__set_hash_del_byid(struct ip_set_hash *set_hash, ip_set_id_t id) ++{ ++ if (set_hash->id == id) ++ __set_hash_del(set_hash); ++} ++ ++static inline void ++__unbind_default(struct ip_set *set) ++{ ++ if (set->binding != IP_SET_INVALID_ID) { ++ /* Sets as binding values are referenced */ ++ __ip_set_put(set->binding); ++ set->binding = IP_SET_INVALID_ID; ++ } ++} ++ ++static int ++ip_set_unbindip(ip_set_id_t index, ++ const void *data, ++ size_t size) ++{ ++ struct ip_set *set; ++ struct ip_set_req_bind *req_bind; ++ ip_set_ip_t ip; ++ int res; ++ ++ DP(""); ++ if (size < sizeof(struct ip_set_req_bind)) ++ return -EINVAL; ++ ++ req_bind = (struct ip_set_req_bind *) data; ++ req_bind->binding[IP_SET_MAXNAMELEN - 1] = '\0'; ++ ++ DP("%u %s", index, req_bind->binding); ++ if (index == IP_SET_INVALID_ID) { ++ /* unbind :all: */ ++ if (strcmp(req_bind->binding, IPSET_TOKEN_DEFAULT) == 0) { ++ /* Default binding of sets */ ++ write_lock_bh(&ip_set_lock); ++ FOREACH_SET_DO(__unbind_default); ++ write_unlock_bh(&ip_set_lock); ++ return 0; ++ } else if (strcmp(req_bind->binding, IPSET_TOKEN_ALL) == 0) { ++ /* Flush all bindings of all sets*/ ++ write_lock_bh(&ip_set_lock); ++ FOREACH_HASH_RW_DO(__set_hash_del); ++ write_unlock_bh(&ip_set_lock); ++ return 0; ++ } ++ DP("unreachable reached!"); ++ return -EINVAL; ++ } ++ ++ set = ip_set_list[index]; ++ IP_SET_ASSERT(set); ++ if (strcmp(req_bind->binding, IPSET_TOKEN_DEFAULT) == 0) { ++ /* Default binding of set */ ++ ip_set_id_t binding = ip_set_find_byindex(set->binding); ++ ++ if (binding == IP_SET_INVALID_ID) ++ return -ENOENT; ++ ++ write_lock_bh(&ip_set_lock); ++ /* Sets in hash values are referenced */ ++ __ip_set_put(set->binding); ++ set->binding = IP_SET_INVALID_ID; ++ write_unlock_bh(&ip_set_lock); ++ ++ return 0; ++ } else if (strcmp(req_bind->binding, IPSET_TOKEN_ALL) == 0) { ++ /* Flush all bindings */ ++ ++ write_lock_bh(&ip_set_lock); ++ FOREACH_HASH_RW_DO(__set_hash_del_byid, set->id); ++ write_unlock_bh(&ip_set_lock); ++ return 0; ++ } ++ ++ res = __ip_set_testip(set, ++ data + sizeof(struct ip_set_req_bind), ++ size - sizeof(struct ip_set_req_bind), ++ &ip); ++ ++ DP("set %s, ip: %u.%u.%u.%u", set->name, HIPQUAD(ip)); ++ if (res >= 0) ++ res = ip_set_hash_del(set->id, ip); ++ ++ return res; ++} ++ ++static int ++ip_set_testbind(ip_set_id_t index, ++ const void *data, ++ size_t size) ++{ ++ struct ip_set *set = ip_set_list[index]; ++ struct ip_set_req_bind *req_bind; ++ ip_set_id_t binding; ++ ip_set_ip_t ip; ++ int res; ++ ++ IP_SET_ASSERT(set); ++ if (size < sizeof(struct ip_set_req_bind)) ++ return -EINVAL; ++ ++ req_bind = (struct ip_set_req_bind *) data; ++ req_bind->binding[IP_SET_MAXNAMELEN - 1] = '\0'; ++ ++ if (strcmp(req_bind->binding, IPSET_TOKEN_DEFAULT) == 0) { ++ /* Default binding of set */ ++ char *binding_name; ++ ++ if (size != sizeof(struct ip_set_req_bind) + IP_SET_MAXNAMELEN) ++ return -EINVAL; ++ ++ binding_name = (char *)(data + sizeof(struct ip_set_req_bind)); ++ binding_name[IP_SET_MAXNAMELEN - 1] = '\0'; ++ ++ binding = ip_set_find_byname(binding_name); ++ if (binding == IP_SET_INVALID_ID) ++ return -ENOENT; ++ ++ res = (set->binding == binding) ? -EEXIST : 0; ++ ++ return res; ++ } ++ binding = ip_set_find_byname(req_bind->binding); ++ if (binding == IP_SET_INVALID_ID) ++ return -ENOENT; ++ ++ ++ res = __ip_set_testip(set, ++ data + sizeof(struct ip_set_req_bind), ++ size - sizeof(struct ip_set_req_bind), ++ &ip); ++ DP("set %s, ip: %u.%u.%u.%u, binding %s", ++ set->name, HIPQUAD(ip), ip_set_list[binding]->name); ++ ++ if (res >= 0) ++ res = (ip_set_find_in_hash(set->id, ip) == binding) ++ ? -EEXIST : 0; ++ ++ return res; ++} ++ ++static struct ip_set_type * ++find_set_type_rlock(const char *typename) ++{ ++ struct ip_set_type *type; ++ ++ read_lock_bh(&ip_set_lock); ++ type = find_set_type(typename); ++ if (type == NULL) ++ read_unlock_bh(&ip_set_lock); ++ ++ return type; ++} ++ ++static int ++find_free_id(const char *name, ++ ip_set_id_t *index, ++ ip_set_id_t *id) ++{ ++ ip_set_id_t i; ++ ++ *id = IP_SET_INVALID_ID; ++ for (i = 0; i < ip_set_max; i++) { ++ if (ip_set_list[i] == NULL) { ++ if (*id == IP_SET_INVALID_ID) ++ *id = *index = i; ++ } else if (strcmp(name, ip_set_list[i]->name) == 0) ++ /* Name clash */ ++ return -EEXIST; ++ } ++ if (*id == IP_SET_INVALID_ID) ++ /* No free slot remained */ ++ return -ERANGE; ++ /* Check that index is usable as id (swapping) */ ++ check: ++ for (i = 0; i < ip_set_max; i++) { ++ if (ip_set_list[i] != NULL ++ && ip_set_list[i]->id == *id) { ++ *id = i; ++ goto check; ++ } ++ } ++ return 0; ++} ++ ++/* ++ * Create a set ++ */ ++static int ++ip_set_create(const char *name, ++ const char *typename, ++ ip_set_id_t restore, ++ const void *data, ++ size_t size) ++{ ++ struct ip_set *set; ++ ip_set_id_t index = 0, id; ++ int res = 0; ++ ++ DP("setname: %s, typename: %s, id: %u", name, typename, restore); ++ /* ++ * First, and without any locks, allocate and initialize ++ * a normal base set structure. ++ */ ++ set = kmalloc(sizeof(struct ip_set), GFP_KERNEL); ++ if (!set) ++ return -ENOMEM; ++ set->lock = RW_LOCK_UNLOCKED; ++ strncpy(set->name, name, IP_SET_MAXNAMELEN); ++ set->binding = IP_SET_INVALID_ID; ++ atomic_set(&set->ref, 0); ++ ++ /* ++ * Next, take the &ip_set_lock, check that we know the type, ++ * and take a reference on the type, to make sure it ++ * stays available while constructing our new set. ++ * ++ * After referencing the type, we drop the &ip_set_lock, ++ * and let the new set construction run without locks. ++ */ ++ set->type = find_set_type_rlock(typename); ++ if (set->type == NULL) { ++ /* Try loading the module */ ++ char modulename[IP_SET_MAXNAMELEN + strlen("ip_set_") + 1]; ++ strcpy(modulename, "ip_set_"); ++ strcat(modulename, typename); ++ DP("try to load %s", modulename); ++ request_module(modulename); ++ set->type = find_set_type_rlock(typename); ++ } ++ if (set->type == NULL) { ++ ip_set_printk("no set type '%s', set '%s' not created", ++ typename, name); ++ res = -ENOENT; ++ goto out; ++ } ++ if (!try_module_get(set->type->me)) { ++ read_unlock_bh(&ip_set_lock); ++ res = -EFAULT; ++ goto out; ++ } ++ read_unlock_bh(&ip_set_lock); ++ ++ /* ++ * Without holding any locks, create private part. ++ */ ++ res = set->type->create(set, data, size); ++ if (res != 0) ++ goto put_out; ++ ++ /* BTW, res==0 here. */ ++ ++ /* ++ * Here, we have a valid, constructed set. &ip_set_lock again, ++ * find free id/index and check that it is not already in ++ * ip_set_list. ++ */ ++ write_lock_bh(&ip_set_lock); ++ if ((res = find_free_id(set->name, &index, &id)) != 0) { ++ DP("no free id!"); ++ goto cleanup; ++ } ++ ++ /* Make sure restore gets the same index */ ++ if (restore != IP_SET_INVALID_ID && index != restore) { ++ DP("Can't restore, sets are screwed up"); ++ res = -ERANGE; ++ goto cleanup; ++ } ++ ++ /* ++ * Finally! Add our shiny new set to the list, and be done. ++ */ ++ DP("create: '%s' created with index %u, id %u!", set->name, index, id); ++ set->id = id; ++ ip_set_list[index] = set; ++ write_unlock_bh(&ip_set_lock); ++ return res; ++ ++ cleanup: ++ write_unlock_bh(&ip_set_lock); ++ set->type->destroy(set); ++ put_out: ++ module_put(set->type->me); ++ out: ++ kfree(set); ++ return res; ++} ++ ++/* ++ * Destroy a given existing set ++ */ ++static void ++ip_set_destroy_set(ip_set_id_t index) ++{ ++ struct ip_set *set = ip_set_list[index]; ++ ++ IP_SET_ASSERT(set); ++ DP("set: %s", set->name); ++ write_lock_bh(&ip_set_lock); ++ FOREACH_HASH_RW_DO(__set_hash_del_byid, set->id); ++ if (set->binding != IP_SET_INVALID_ID) ++ __ip_set_put(set->binding); ++ ip_set_list[index] = NULL; ++ write_unlock_bh(&ip_set_lock); ++ ++ /* Must call it without holding any lock */ ++ set->type->destroy(set); ++ module_put(set->type->me); ++ kfree(set); ++} ++ ++/* ++ * Destroy a set - or all sets ++ * Sets must not be referenced/used. ++ */ ++static int ++ip_set_destroy(ip_set_id_t index) ++{ ++ ip_set_id_t i; ++ ++ /* ref modification always protected by the mutex */ ++ if (index != IP_SET_INVALID_ID) { ++ if (atomic_read(&ip_set_list[index]->ref)) ++ return -EBUSY; ++ ip_set_destroy_set(index); ++ } else { ++ for (i = 0; i < ip_set_max; i++) { ++ if (ip_set_list[i] != NULL ++ && (atomic_read(&ip_set_list[i]->ref))) ++ return -EBUSY; ++ } ++ ++ for (i = 0; i < ip_set_max; i++) { ++ if (ip_set_list[i] != NULL) ++ ip_set_destroy_set(i); ++ } ++ } ++ return 0; ++} ++ ++static void ++ip_set_flush_set(struct ip_set *set) ++{ ++ DP("set: %s %u", set->name, set->id); ++ ++ write_lock_bh(&set->lock); ++ set->type->flush(set); ++ write_unlock_bh(&set->lock); ++} ++ ++/* ++ * Flush data in a set - or in all sets ++ */ ++static int ++ip_set_flush(ip_set_id_t index) ++{ ++ if (index != IP_SET_INVALID_ID) { ++ IP_SET_ASSERT(ip_set_list[index]); ++ ip_set_flush_set(ip_set_list[index]); ++ } else ++ FOREACH_SET_DO(ip_set_flush_set); ++ ++ return 0; ++} ++ ++/* Rename a set */ ++static int ++ip_set_rename(ip_set_id_t index, const char *name) ++{ ++ struct ip_set *set = ip_set_list[index]; ++ ip_set_id_t i; ++ int res = 0; ++ ++ DP("set: %s to %s", set->name, name); ++ write_lock_bh(&ip_set_lock); ++ for (i = 0; i < ip_set_max; i++) { ++ if (ip_set_list[i] != NULL ++ && strncmp(ip_set_list[i]->name, ++ name, ++ IP_SET_MAXNAMELEN - 1) == 0) { ++ res = -EEXIST; ++ goto unlock; ++ } ++ } ++ strncpy(set->name, name, IP_SET_MAXNAMELEN); ++ unlock: ++ write_unlock_bh(&ip_set_lock); ++ return res; ++} ++ ++/* ++ * Swap two sets so that name/index points to the other. ++ * References are also swapped. ++ */ ++static int ++ip_set_swap(ip_set_id_t from_index, ip_set_id_t to_index) ++{ ++ struct ip_set *from = ip_set_list[from_index]; ++ struct ip_set *to = ip_set_list[to_index]; ++ char from_name[IP_SET_MAXNAMELEN]; ++ u_int32_t from_ref; ++ ++ DP("set: %s to %s", from->name, to->name); ++ /* Features must not change. Artifical restriction. */ ++ if (from->type->features != to->type->features) ++ return -ENOEXEC; ++ ++ /* No magic here: ref munging protected by the mutex */ ++ write_lock_bh(&ip_set_lock); ++ strncpy(from_name, from->name, IP_SET_MAXNAMELEN); ++ from_ref = atomic_read(&from->ref); ++ ++ strncpy(from->name, to->name, IP_SET_MAXNAMELEN); ++ atomic_set(&from->ref, atomic_read(&to->ref)); ++ strncpy(to->name, from_name, IP_SET_MAXNAMELEN); ++ atomic_set(&to->ref, from_ref); ++ ++ ip_set_list[from_index] = to; ++ ip_set_list[to_index] = from; ++ ++ write_unlock_bh(&ip_set_lock); ++ return 0; ++} ++ ++/* ++ * List set data ++ */ ++ ++static inline void ++__set_hash_bindings_size_list(struct ip_set_hash *set_hash, ++ ip_set_id_t id, size_t *size) ++{ ++ if (set_hash->id == id) ++ *size += sizeof(struct ip_set_hash_list); ++} ++ ++static inline void ++__set_hash_bindings_size_save(struct ip_set_hash *set_hash, ++ ip_set_id_t id, size_t *size) ++{ ++ if (set_hash->id == id) ++ *size += sizeof(struct ip_set_hash_save); ++} ++ ++static inline void ++__set_hash_bindings(struct ip_set_hash *set_hash, ++ ip_set_id_t id, void *data, int *used) ++{ ++ if (set_hash->id == id) { ++ struct ip_set_hash_list *hash_list = ++ (struct ip_set_hash_list *)(data + *used); ++ ++ hash_list->ip = set_hash->ip; ++ hash_list->binding = set_hash->binding; ++ *used += sizeof(struct ip_set_hash_list); ++ } ++} ++ ++static int ip_set_list_set(ip_set_id_t index, ++ void *data, ++ int *used, ++ int len) ++{ ++ struct ip_set *set = ip_set_list[index]; ++ struct ip_set_list *set_list; ++ ++ /* Pointer to our header */ ++ set_list = (struct ip_set_list *) (data + *used); ++ ++ DP("set: %s, used: %d %p %p", set->name, *used, data, data + *used); ++ ++ /* Get and ensure header size */ ++ if (*used + sizeof(struct ip_set_list) > len) ++ goto not_enough_mem; ++ *used += sizeof(struct ip_set_list); ++ ++ read_lock_bh(&set->lock); ++ /* Get and ensure set specific header size */ ++ set_list->header_size = set->type->header_size; ++ if (*used + set_list->header_size > len) ++ goto unlock_set; ++ ++ /* Fill in the header */ ++ set_list->index = index; ++ set_list->binding = set->binding; ++ set_list->ref = atomic_read(&set->ref); ++ ++ /* Fill in set spefific header data */ ++ set->type->list_header(set, data + *used); ++ *used += set_list->header_size; ++ ++ /* Get and ensure set specific members size */ ++ set_list->members_size = set->type->list_members_size(set); ++ if (*used + set_list->members_size > len) ++ goto unlock_set; ++ ++ /* Fill in set spefific members data */ ++ set->type->list_members(set, data + *used); ++ *used += set_list->members_size; ++ read_unlock_bh(&set->lock); ++ ++ /* Bindings */ ++ ++ /* Get and ensure set specific bindings size */ ++ set_list->bindings_size = 0; ++ FOREACH_HASH_DO(__set_hash_bindings_size_list, ++ set->id, &set_list->bindings_size); ++ if (*used + set_list->bindings_size > len) ++ goto not_enough_mem; ++ ++ /* Fill in set spefific bindings data */ ++ FOREACH_HASH_DO(__set_hash_bindings, set->id, data, used); ++ ++ return 0; ++ ++ unlock_set: ++ read_unlock_bh(&set->lock); ++ not_enough_mem: ++ DP("not enough mem, try again"); ++ return -EAGAIN; ++} ++ ++/* ++ * Save sets ++ */ ++static int ip_set_save_set(ip_set_id_t index, ++ void *data, ++ int *used, ++ int len) ++{ ++ struct ip_set *set; ++ struct ip_set_save *set_save; ++ ++ /* Pointer to our header */ ++ set_save = (struct ip_set_save *) (data + *used); ++ ++ /* Get and ensure header size */ ++ if (*used + sizeof(struct ip_set_save) > len) ++ goto not_enough_mem; ++ *used += sizeof(struct ip_set_save); ++ ++ set = ip_set_list[index]; ++ DP("set: %s, used: %u(%u) %p %p", set->name, *used, len, ++ data, data + *used); ++ ++ read_lock_bh(&set->lock); ++ /* Get and ensure set specific header size */ ++ set_save->header_size = set->type->header_size; ++ if (*used + set_save->header_size > len) ++ goto unlock_set; ++ ++ /* Fill in the header */ ++ set_save->index = index; ++ set_save->binding = set->binding; ++ ++ /* Fill in set spefific header data */ ++ set->type->list_header(set, data + *used); ++ *used += set_save->header_size; ++ ++ DP("set header filled: %s, used: %u(%u) %p %p", set->name, *used, ++ set_save->header_size, data, data + *used); ++ /* Get and ensure set specific members size */ ++ set_save->members_size = set->type->list_members_size(set); ++ if (*used + set_save->members_size > len) ++ goto unlock_set; ++ ++ /* Fill in set spefific members data */ ++ set->type->list_members(set, data + *used); ++ *used += set_save->members_size; ++ read_unlock_bh(&set->lock); ++ DP("set members filled: %s, used: %u(%u) %p %p", set->name, *used, ++ set_save->members_size, data, data + *used); ++ return 0; ++ ++ unlock_set: ++ read_unlock_bh(&set->lock); ++ not_enough_mem: ++ DP("not enough mem, try again"); ++ return -EAGAIN; ++} ++ ++static inline void ++__set_hash_save_bindings(struct ip_set_hash *set_hash, ++ ip_set_id_t id, ++ void *data, ++ int *used, ++ int len, ++ int *res) ++{ ++ if (*res == 0 ++ && (id == IP_SET_INVALID_ID || set_hash->id == id)) { ++ struct ip_set_hash_save *hash_save = ++ (struct ip_set_hash_save *)(data + *used); ++ /* Ensure bindings size */ ++ if (*used + sizeof(struct ip_set_hash_save) > len) { ++ *res = -ENOMEM; ++ return; ++ } ++ hash_save->id = set_hash->id; ++ hash_save->ip = set_hash->ip; ++ hash_save->binding = set_hash->binding; ++ *used += sizeof(struct ip_set_hash_save); ++ } ++} ++ ++static int ip_set_save_bindings(ip_set_id_t index, ++ void *data, ++ int *used, ++ int len) ++{ ++ int res = 0; ++ struct ip_set_save *set_save; ++ ++ DP("used %u, len %u", *used, len); ++ /* Get and ensure header size */ ++ if (*used + sizeof(struct ip_set_save) > len) ++ return -ENOMEM; ++ ++ /* Marker */ ++ set_save = (struct ip_set_save *) (data + *used); ++ set_save->index = IP_SET_INVALID_ID; ++ set_save->header_size = 0; ++ set_save->members_size = 0; ++ *used += sizeof(struct ip_set_save); ++ ++ DP("marker added used %u, len %u", *used, len); ++ /* Fill in bindings data */ ++ if (index != IP_SET_INVALID_ID) ++ /* Sets are identified by id in hash */ ++ index = ip_set_list[index]->id; ++ FOREACH_HASH_DO(__set_hash_save_bindings, index, data, used, len, &res); ++ ++ return res; ++} ++ ++/* ++ * Restore sets ++ */ ++static int ip_set_restore(void *data, ++ int len) ++{ ++ int res = 0; ++ int line = 0, used = 0, members_size; ++ struct ip_set *set; ++ struct ip_set_hash_save *hash_save; ++ struct ip_set_restore *set_restore; ++ ip_set_id_t index; ++ ++ /* Loop to restore sets */ ++ while (1) { ++ line++; ++ ++ DP("%u %u %u", used, sizeof(struct ip_set_restore), len); ++ /* Get and ensure header size */ ++ if (used + sizeof(struct ip_set_restore) > len) ++ return line; ++ set_restore = (struct ip_set_restore *) (data + used); ++ used += sizeof(struct ip_set_restore); ++ ++ /* Ensure data size */ ++ if (used ++ + set_restore->header_size ++ + set_restore->members_size > len) ++ return line; ++ ++ /* Check marker */ ++ if (set_restore->index == IP_SET_INVALID_ID) { ++ line--; ++ goto bindings; ++ } ++ ++ /* Try to create the set */ ++ DP("restore %s %s", set_restore->name, set_restore->typename); ++ res = ip_set_create(set_restore->name, ++ set_restore->typename, ++ set_restore->index, ++ data + used, ++ set_restore->header_size); ++ ++ if (res != 0) ++ return line; ++ used += set_restore->header_size; ++ ++ index = ip_set_find_byindex(set_restore->index); ++ DP("index %u, restore_index %u", index, set_restore->index); ++ if (index != set_restore->index) ++ return line; ++ /* Try to restore members data */ ++ set = ip_set_list[index]; ++ members_size = 0; ++ DP("members_size %u reqsize %u", ++ set_restore->members_size, set->type->reqsize); ++ while (members_size + set->type->reqsize <= ++ set_restore->members_size) { ++ line++; ++ DP("members: %u, line %u", members_size, line); ++ res = __ip_set_addip(index, ++ data + used + members_size, ++ set->type->reqsize); ++ if (!(res == 0 || res == -EEXIST)) ++ return line; ++ members_size += set->type->reqsize; ++ } ++ ++ DP("members_size %u %u", ++ set_restore->members_size, members_size); ++ if (members_size != set_restore->members_size) ++ return line++; ++ used += set_restore->members_size; ++ } ++ ++ bindings: ++ /* Loop to restore bindings */ ++ while (used < len) { ++ line++; ++ ++ DP("restore binding, line %u", line); ++ /* Get and ensure size */ ++ if (used + sizeof(struct ip_set_hash_save) > len) ++ return line; ++ hash_save = (struct ip_set_hash_save *) (data + used); ++ used += sizeof(struct ip_set_hash_save); ++ ++ /* hash_save->id is used to store the index */ ++ index = ip_set_find_byindex(hash_save->id); ++ DP("restore binding index %u, id %u, %u -> %u", ++ index, hash_save->id, hash_save->ip, hash_save->binding); ++ if (index != hash_save->id) ++ return line; ++ if (ip_set_find_byindex(hash_save->binding) == IP_SET_INVALID_ID) { ++ DP("corrupt binding set index %u", hash_save->binding); ++ return line; ++ } ++ set = ip_set_list[hash_save->id]; ++ /* Null valued IP means default binding */ ++ if (hash_save->ip) ++ res = ip_set_hash_add(set->id, ++ hash_save->ip, ++ hash_save->binding); ++ else { ++ IP_SET_ASSERT(set->binding == IP_SET_INVALID_ID); ++ write_lock_bh(&ip_set_lock); ++ set->binding = hash_save->binding; ++ __ip_set_get(set->binding); ++ write_unlock_bh(&ip_set_lock); ++ DP("default binding: %u", set->binding); ++ } ++ if (res != 0) ++ return line; ++ } ++ if (used != len) ++ return line; ++ ++ return 0; ++} ++ ++static int ++ip_set_sockfn_set(struct sock *sk, int optval, void *user, unsigned int len) ++{ ++ void *data; ++ int res = 0; /* Assume OK */ ++ unsigned *op; ++ struct ip_set_req_adt *req_adt; ++ ip_set_id_t index = IP_SET_INVALID_ID; ++ int (*adtfn)(ip_set_id_t index, ++ const void *data, size_t size); ++ struct fn_table { ++ int (*fn)(ip_set_id_t index, ++ const void *data, size_t size); ++ } adtfn_table[] = ++ { { ip_set_addip }, { ip_set_delip }, { ip_set_testip}, ++ { ip_set_bindip}, { ip_set_unbindip }, { ip_set_testbind }, ++ }; ++ ++ DP("optval=%d, user=%p, len=%d", optval, user, len); ++ if (!capable(CAP_NET_ADMIN)) ++ return -EPERM; ++ if (optval != SO_IP_SET) ++ return -EBADF; ++ if (len <= sizeof(unsigned)) { ++ ip_set_printk("short userdata (want >%zu, got %u)", ++ sizeof(unsigned), len); ++ return -EINVAL; ++ } ++ data = vmalloc(len); ++ if (!data) { ++ DP("out of mem for %u bytes", len); ++ return -ENOMEM; ++ } ++ if (copy_from_user(data, user, len) != 0) { ++ res = -EFAULT; ++ goto done; ++ } ++ if (down_interruptible(&ip_set_app_mutex)) { ++ res = -EINTR; ++ goto done; ++ } ++ ++ op = (unsigned *)data; ++ DP("op=%x", *op); ++ ++ if (*op < IP_SET_OP_VERSION) { ++ /* Check the version at the beginning of operations */ ++ struct ip_set_req_version *req_version = ++ (struct ip_set_req_version *) data; ++ if (req_version->version != IP_SET_PROTOCOL_VERSION) { ++ res = -EPROTO; ++ goto done; ++ } ++ } ++ ++ switch (*op) { ++ case IP_SET_OP_CREATE:{ ++ struct ip_set_req_create *req_create ++ = (struct ip_set_req_create *) data; ++ ++ if (len < sizeof(struct ip_set_req_create)) { ++ ip_set_printk("short CREATE data (want >=%zu, got %u)", ++ sizeof(struct ip_set_req_create), len); ++ res = -EINVAL; ++ goto done; ++ } ++ req_create->name[IP_SET_MAXNAMELEN - 1] = '\0'; ++ req_create->typename[IP_SET_MAXNAMELEN - 1] = '\0'; ++ res = ip_set_create(req_create->name, ++ req_create->typename, ++ IP_SET_INVALID_ID, ++ data + sizeof(struct ip_set_req_create), ++ len - sizeof(struct ip_set_req_create)); ++ goto done; ++ } ++ case IP_SET_OP_DESTROY:{ ++ struct ip_set_req_std *req_destroy ++ = (struct ip_set_req_std *) data; ++ ++ if (len != sizeof(struct ip_set_req_std)) { ++ ip_set_printk("invalid DESTROY data (want %zu, got %u)", ++ sizeof(struct ip_set_req_std), len); ++ res = -EINVAL; ++ goto done; ++ } ++ if (strcmp(req_destroy->name, IPSET_TOKEN_ALL) == 0) { ++ /* Destroy all sets */ ++ index = IP_SET_INVALID_ID; ++ } else { ++ req_destroy->name[IP_SET_MAXNAMELEN - 1] = '\0'; ++ index = ip_set_find_byname(req_destroy->name); ++ ++ if (index == IP_SET_INVALID_ID) { ++ res = -ENOENT; ++ goto done; ++ } ++ } ++ ++ res = ip_set_destroy(index); ++ goto done; ++ } ++ case IP_SET_OP_FLUSH:{ ++ struct ip_set_req_std *req_flush = ++ (struct ip_set_req_std *) data; ++ ++ if (len != sizeof(struct ip_set_req_std)) { ++ ip_set_printk("invalid FLUSH data (want %zu, got %u)", ++ sizeof(struct ip_set_req_std), len); ++ res = -EINVAL; ++ goto done; ++ } ++ if (strcmp(req_flush->name, IPSET_TOKEN_ALL) == 0) { ++ /* Flush all sets */ ++ index = IP_SET_INVALID_ID; ++ } else { ++ req_flush->name[IP_SET_MAXNAMELEN - 1] = '\0'; ++ index = ip_set_find_byname(req_flush->name); ++ ++ if (index == IP_SET_INVALID_ID) { ++ res = -ENOENT; ++ goto done; ++ } ++ } ++ res = ip_set_flush(index); ++ goto done; ++ } ++ case IP_SET_OP_RENAME:{ ++ struct ip_set_req_create *req_rename ++ = (struct ip_set_req_create *) data; ++ ++ if (len != sizeof(struct ip_set_req_create)) { ++ ip_set_printk("invalid RENAME data (want %zu, got %u)", ++ sizeof(struct ip_set_req_create), len); ++ res = -EINVAL; ++ goto done; ++ } ++ ++ req_rename->name[IP_SET_MAXNAMELEN - 1] = '\0'; ++ req_rename->typename[IP_SET_MAXNAMELEN - 1] = '\0'; ++ ++ index = ip_set_find_byname(req_rename->name); ++ if (index == IP_SET_INVALID_ID) { ++ res = -ENOENT; ++ goto done; ++ } ++ res = ip_set_rename(index, req_rename->typename); ++ goto done; ++ } ++ case IP_SET_OP_SWAP:{ ++ struct ip_set_req_create *req_swap ++ = (struct ip_set_req_create *) data; ++ ip_set_id_t to_index; ++ ++ if (len != sizeof(struct ip_set_req_create)) { ++ ip_set_printk("invalid SWAP data (want %zu, got %u)", ++ sizeof(struct ip_set_req_create), len); ++ res = -EINVAL; ++ goto done; ++ } ++ ++ req_swap->name[IP_SET_MAXNAMELEN - 1] = '\0'; ++ req_swap->typename[IP_SET_MAXNAMELEN - 1] = '\0'; ++ ++ index = ip_set_find_byname(req_swap->name); ++ if (index == IP_SET_INVALID_ID) { ++ res = -ENOENT; ++ goto done; ++ } ++ to_index = ip_set_find_byname(req_swap->typename); ++ if (to_index == IP_SET_INVALID_ID) { ++ res = -ENOENT; ++ goto done; ++ } ++ res = ip_set_swap(index, to_index); ++ goto done; ++ } ++ default: ++ break; /* Set identified by id */ ++ } ++ ++ /* There we may have add/del/test/bind/unbind/test_bind operations */ ++ if (*op < IP_SET_OP_ADD_IP || *op > IP_SET_OP_TEST_BIND_SET) { ++ res = -EBADMSG; ++ goto done; ++ } ++ adtfn = adtfn_table[*op - IP_SET_OP_ADD_IP].fn; ++ ++ if (len < sizeof(struct ip_set_req_adt)) { ++ ip_set_printk("short data in adt request (want >=%zu, got %u)", ++ sizeof(struct ip_set_req_adt), len); ++ res = -EINVAL; ++ goto done; ++ } ++ req_adt = (struct ip_set_req_adt *) data; ++ ++ /* -U :all: :all:|:default: uses IP_SET_INVALID_ID */ ++ if (!(*op == IP_SET_OP_UNBIND_SET ++ && req_adt->index == IP_SET_INVALID_ID)) { ++ index = ip_set_find_byindex(req_adt->index); ++ if (index == IP_SET_INVALID_ID) { ++ res = -ENOENT; ++ goto done; ++ } ++ } ++ res = adtfn(index, data, len); ++ ++ done: ++ up(&ip_set_app_mutex); ++ vfree(data); ++ if (res > 0) ++ res = 0; ++ DP("final result %d", res); ++ return res; ++} ++ ++static int ++ip_set_sockfn_get(struct sock *sk, int optval, void *user, int *len) ++{ ++ int res = 0; ++ unsigned *op; ++ ip_set_id_t index = IP_SET_INVALID_ID; ++ void *data; ++ int copylen = *len; ++ ++ DP("optval=%d, user=%p, len=%d", optval, user, *len); ++ if (!capable(CAP_NET_ADMIN)) ++ return -EPERM; ++ if (optval != SO_IP_SET) ++ return -EBADF; ++ if (*len < sizeof(unsigned)) { ++ ip_set_printk("short userdata (want >=%zu, got %d)", ++ sizeof(unsigned), *len); ++ return -EINVAL; ++ } ++ data = vmalloc(*len); ++ if (!data) { ++ DP("out of mem for %d bytes", *len); ++ return -ENOMEM; ++ } ++ if (copy_from_user(data, user, *len) != 0) { ++ res = -EFAULT; ++ goto done; ++ } ++ if (down_interruptible(&ip_set_app_mutex)) { ++ res = -EINTR; ++ goto done; ++ } ++ ++ op = (unsigned *) data; ++ DP("op=%x", *op); ++ ++ if (*op < IP_SET_OP_VERSION) { ++ /* Check the version at the beginning of operations */ ++ struct ip_set_req_version *req_version = ++ (struct ip_set_req_version *) data; ++ if (req_version->version != IP_SET_PROTOCOL_VERSION) { ++ res = -EPROTO; ++ goto done; ++ } ++ } ++ ++ switch (*op) { ++ case IP_SET_OP_VERSION: { ++ struct ip_set_req_version *req_version = ++ (struct ip_set_req_version *) data; ++ ++ if (*len != sizeof(struct ip_set_req_version)) { ++ ip_set_printk("invalid VERSION (want %zu, got %d)", ++ sizeof(struct ip_set_req_version), ++ *len); ++ res = -EINVAL; ++ goto done; ++ } ++ ++ req_version->version = IP_SET_PROTOCOL_VERSION; ++ res = copy_to_user(user, req_version, ++ sizeof(struct ip_set_req_version)); ++ goto done; ++ } ++ case IP_SET_OP_GET_BYNAME: { ++ struct ip_set_req_get_set *req_get ++ = (struct ip_set_req_get_set *) data; ++ ++ if (*len != sizeof(struct ip_set_req_get_set)) { ++ ip_set_printk("invalid GET_BYNAME (want %zu, got %d)", ++ sizeof(struct ip_set_req_get_set), *len); ++ res = -EINVAL; ++ goto done; ++ } ++ req_get->set.name[IP_SET_MAXNAMELEN - 1] = '\0'; ++ index = ip_set_find_byname(req_get->set.name); ++ req_get->set.index = index; ++ goto copy; ++ } ++ case IP_SET_OP_GET_BYINDEX: { ++ struct ip_set_req_get_set *req_get ++ = (struct ip_set_req_get_set *) data; ++ ++ if (*len != sizeof(struct ip_set_req_get_set)) { ++ ip_set_printk("invalid GET_BYINDEX (want %zu, got %d)", ++ sizeof(struct ip_set_req_get_set), *len); ++ res = -EINVAL; ++ goto done; ++ } ++ req_get->set.name[IP_SET_MAXNAMELEN - 1] = '\0'; ++ index = ip_set_find_byindex(req_get->set.index); ++ strncpy(req_get->set.name, ++ index == IP_SET_INVALID_ID ? "" ++ : ip_set_list[index]->name, IP_SET_MAXNAMELEN); ++ goto copy; ++ } ++ case IP_SET_OP_ADT_GET: { ++ struct ip_set_req_adt_get *req_get ++ = (struct ip_set_req_adt_get *) data; ++ ++ if (*len != sizeof(struct ip_set_req_adt_get)) { ++ ip_set_printk("invalid ADT_GET (want %zu, got %d)", ++ sizeof(struct ip_set_req_adt_get), *len); ++ res = -EINVAL; ++ goto done; ++ } ++ req_get->set.name[IP_SET_MAXNAMELEN - 1] = '\0'; ++ index = ip_set_find_byname(req_get->set.name); ++ if (index != IP_SET_INVALID_ID) { ++ req_get->set.index = index; ++ strncpy(req_get->typename, ++ ip_set_list[index]->type->typename, ++ IP_SET_MAXNAMELEN - 1); ++ } else { ++ res = -ENOENT; ++ goto done; ++ } ++ goto copy; ++ } ++ case IP_SET_OP_MAX_SETS: { ++ struct ip_set_req_max_sets *req_max_sets ++ = (struct ip_set_req_max_sets *) data; ++ ip_set_id_t i; ++ ++ if (*len != sizeof(struct ip_set_req_max_sets)) { ++ ip_set_printk("invalid MAX_SETS (want %zu, got %d)", ++ sizeof(struct ip_set_req_max_sets), *len); ++ res = -EINVAL; ++ goto done; ++ } ++ ++ if (strcmp(req_max_sets->set.name, IPSET_TOKEN_ALL) == 0) { ++ req_max_sets->set.index = IP_SET_INVALID_ID; ++ } else { ++ req_max_sets->set.name[IP_SET_MAXNAMELEN - 1] = '\0'; ++ req_max_sets->set.index = ++ ip_set_find_byname(req_max_sets->set.name); ++ if (req_max_sets->set.index == IP_SET_INVALID_ID) { ++ res = -ENOENT; ++ goto done; ++ } ++ } ++ req_max_sets->max_sets = ip_set_max; ++ req_max_sets->sets = 0; ++ for (i = 0; i < ip_set_max; i++) { ++ if (ip_set_list[i] != NULL) ++ req_max_sets->sets++; ++ } ++ goto copy; ++ } ++ case IP_SET_OP_LIST_SIZE: ++ case IP_SET_OP_SAVE_SIZE: { ++ struct ip_set_req_setnames *req_setnames ++ = (struct ip_set_req_setnames *) data; ++ struct ip_set_name_list *name_list; ++ struct ip_set *set; ++ ip_set_id_t i; ++ int used; ++ ++ if (*len < sizeof(struct ip_set_req_setnames)) { ++ ip_set_printk("short LIST_SIZE (want >=%zu, got %d)", ++ sizeof(struct ip_set_req_setnames), *len); ++ res = -EINVAL; ++ goto done; ++ } ++ ++ req_setnames->size = 0; ++ used = sizeof(struct ip_set_req_setnames); ++ for (i = 0; i < ip_set_max; i++) { ++ if (ip_set_list[i] == NULL) ++ continue; ++ name_list = (struct ip_set_name_list *) ++ (data + used); ++ used += sizeof(struct ip_set_name_list); ++ if (used > copylen) { ++ res = -EAGAIN; ++ goto done; ++ } ++ set = ip_set_list[i]; ++ /* Fill in index, name, etc. */ ++ name_list->index = i; ++ name_list->id = set->id; ++ strncpy(name_list->name, ++ set->name, ++ IP_SET_MAXNAMELEN - 1); ++ strncpy(name_list->typename, ++ set->type->typename, ++ IP_SET_MAXNAMELEN - 1); ++ DP("filled %s of type %s, index %u\n", ++ name_list->name, name_list->typename, ++ name_list->index); ++ if (!(req_setnames->index == IP_SET_INVALID_ID ++ || req_setnames->index == i)) ++ continue; ++ /* Update size */ ++ switch (*op) { ++ case IP_SET_OP_LIST_SIZE: { ++ req_setnames->size += sizeof(struct ip_set_list) ++ + set->type->header_size ++ + set->type->list_members_size(set); ++ /* Sets are identified by id in the hash */ ++ FOREACH_HASH_DO(__set_hash_bindings_size_list, ++ set->id, &req_setnames->size); ++ break; ++ } ++ case IP_SET_OP_SAVE_SIZE: { ++ req_setnames->size += sizeof(struct ip_set_save) ++ + set->type->header_size ++ + set->type->list_members_size(set); ++ FOREACH_HASH_DO(__set_hash_bindings_size_save, ++ set->id, &req_setnames->size); ++ break; ++ } ++ default: ++ break; ++ } ++ } ++ if (copylen != used) { ++ res = -EAGAIN; ++ goto done; ++ } ++ goto copy; ++ } ++ case IP_SET_OP_LIST: { ++ struct ip_set_req_list *req_list ++ = (struct ip_set_req_list *) data; ++ ip_set_id_t i; ++ int used; ++ ++ if (*len < sizeof(struct ip_set_req_list)) { ++ ip_set_printk("short LIST (want >=%zu, got %d)", ++ sizeof(struct ip_set_req_list), *len); ++ res = -EINVAL; ++ goto done; ++ } ++ index = req_list->index; ++ if (index != IP_SET_INVALID_ID ++ && ip_set_find_byindex(index) != index) { ++ res = -ENOENT; ++ goto done; ++ } ++ used = 0; ++ if (index == IP_SET_INVALID_ID) { ++ /* List all sets */ ++ for (i = 0; i < ip_set_max && res == 0; i++) { ++ if (ip_set_list[i] != NULL) ++ res = ip_set_list_set(i, data, &used, *len); ++ } ++ } else { ++ /* List an individual set */ ++ res = ip_set_list_set(index, data, &used, *len); ++ } ++ if (res != 0) ++ goto done; ++ else if (copylen != used) { ++ res = -EAGAIN; ++ goto done; ++ } ++ goto copy; ++ } ++ case IP_SET_OP_SAVE: { ++ struct ip_set_req_list *req_save ++ = (struct ip_set_req_list *) data; ++ ip_set_id_t i; ++ int used; ++ ++ if (*len < sizeof(struct ip_set_req_list)) { ++ ip_set_printk("short SAVE (want >=%zu, got %d)", ++ sizeof(struct ip_set_req_list), *len); ++ res = -EINVAL; ++ goto done; ++ } ++ index = req_save->index; ++ if (index != IP_SET_INVALID_ID ++ && ip_set_find_byindex(index) != index) { ++ res = -ENOENT; ++ goto done; ++ } ++ used = 0; ++ if (index == IP_SET_INVALID_ID) { ++ /* Save all sets */ ++ for (i = 0; i < ip_set_max && res == 0; i++) { ++ if (ip_set_list[i] != NULL) ++ res = ip_set_save_set(i, data, &used, *len); ++ } ++ } else { ++ /* Save an individual set */ ++ res = ip_set_save_set(index, data, &used, *len); ++ } ++ if (res == 0) ++ res = ip_set_save_bindings(index, data, &used, *len); ++ ++ if (res != 0) ++ goto done; ++ else if (copylen != used) { ++ res = -EAGAIN; ++ goto done; ++ } ++ goto copy; ++ } ++ case IP_SET_OP_RESTORE: { ++ struct ip_set_req_setnames *req_restore ++ = (struct ip_set_req_setnames *) data; ++ int line; ++ ++ if (*len < sizeof(struct ip_set_req_setnames) ++ || *len != req_restore->size) { ++ ip_set_printk("invalid RESTORE (want =%zu, got %d)", ++ req_restore->size, *len); ++ res = -EINVAL; ++ goto done; ++ } ++ line = ip_set_restore(data + sizeof(struct ip_set_req_setnames), ++ req_restore->size - sizeof(struct ip_set_req_setnames)); ++ DP("ip_set_restore: %u", line); ++ if (line != 0) { ++ res = -EAGAIN; ++ req_restore->size = line; ++ copylen = sizeof(struct ip_set_req_setnames); ++ goto copy; ++ } ++ goto done; ++ } ++ default: ++ res = -EBADMSG; ++ goto done; ++ } /* end of switch(op) */ ++ ++ copy: ++ DP("set %s, copylen %u", index != IP_SET_INVALID_ID ++ && ip_set_list[index] ++ ? ip_set_list[index]->name ++ : ":all:", copylen); ++ res = copy_to_user(user, data, copylen); ++ ++ done: ++ up(&ip_set_app_mutex); ++ vfree(data); ++ if (res > 0) ++ res = 0; ++ DP("final result %d", res); ++ return res; ++} ++ ++static struct nf_sockopt_ops so_set = { ++ .pf = PF_INET, ++ .set_optmin = SO_IP_SET, ++ .set_optmax = SO_IP_SET + 1, ++ .set = &ip_set_sockfn_set, ++ .get_optmin = SO_IP_SET, ++ .get_optmax = SO_IP_SET + 1, ++ .get = &ip_set_sockfn_get, ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) ++ .owner = THIS_MODULE, ++#endif ++}; ++ ++static int max_sets, hash_size; ++module_param(max_sets, int, 0600); ++MODULE_PARM_DESC(max_sets, "maximal number of sets"); ++module_param(hash_size, int, 0600); ++MODULE_PARM_DESC(hash_size, "hash size for bindings"); ++MODULE_LICENSE("GPL"); ++MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); ++MODULE_DESCRIPTION("module implementing core IP set support"); ++ ++static int __init ip_set_init(void) ++{ ++ int res; ++ ip_set_id_t i; ++ ++ get_random_bytes(&ip_set_hash_random, 4); ++ if (max_sets) ++ ip_set_max = max_sets; ++ ip_set_list = vmalloc(sizeof(struct ip_set *) * ip_set_max); ++ if (!ip_set_list) { ++ printk(KERN_ERR "Unable to create ip_set_list\n"); ++ return -ENOMEM; ++ } ++ memset(ip_set_list, 0, sizeof(struct ip_set *) * ip_set_max); ++ if (hash_size) ++ ip_set_bindings_hash_size = hash_size; ++ ip_set_hash = vmalloc(sizeof(struct list_head) * ip_set_bindings_hash_size); ++ if (!ip_set_hash) { ++ printk(KERN_ERR "Unable to create ip_set_hash\n"); ++ vfree(ip_set_list); ++ return -ENOMEM; ++ } ++ for (i = 0; i < ip_set_bindings_hash_size; i++) ++ INIT_LIST_HEAD(&ip_set_hash[i]); ++ ++ INIT_LIST_HEAD(&set_type_list); ++ ++ res = nf_register_sockopt(&so_set); ++ if (res != 0) { ++ ip_set_printk("SO_SET registry failed: %d", res); ++ vfree(ip_set_list); ++ vfree(ip_set_hash); ++ return res; ++ } ++ return 0; ++} ++ ++static void __exit ip_set_fini(void) ++{ ++ /* There can't be any existing set or binding */ ++ nf_unregister_sockopt(&so_set); ++ vfree(ip_set_list); ++ vfree(ip_set_hash); ++ DP("these are the famous last words"); ++} ++ ++EXPORT_SYMBOL(ip_set_register_set_type); ++EXPORT_SYMBOL(ip_set_unregister_set_type); ++ ++EXPORT_SYMBOL(ip_set_get_byname); ++EXPORT_SYMBOL(ip_set_get_byindex); ++EXPORT_SYMBOL(ip_set_put); ++ ++EXPORT_SYMBOL(ip_set_addip_kernel); ++EXPORT_SYMBOL(ip_set_delip_kernel); ++EXPORT_SYMBOL(ip_set_testip_kernel); ++ ++module_init(ip_set_init); ++module_exit(ip_set_fini); +--- /dev/null ++++ b/net/ipv4/netfilter/ip_set_iphash.c +@@ -0,0 +1,429 @@ ++/* Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++ ++/* Kernel module implementing an ip hash set */ ++ ++#include <linux/module.h> ++#include <linux/ip.h> ++#include <linux/skbuff.h> ++#include <linux/version.h> ++#include <linux/jhash.h> ++#include <linux/netfilter_ipv4/ip_tables.h> ++#include <linux/netfilter_ipv4/ip_set.h> ++#include <linux/errno.h> ++#include <asm/uaccess.h> ++#include <asm/bitops.h> ++#include <linux/spinlock.h> ++#include <linux/vmalloc.h> ++#include <linux/random.h> ++ ++#include <net/ip.h> ++ ++#include <linux/netfilter_ipv4/ip_set_malloc.h> ++#include <linux/netfilter_ipv4/ip_set_iphash.h> ++ ++static int limit = MAX_RANGE; ++ ++static inline __u32 ++jhash_ip(const struct ip_set_iphash *map, uint16_t i, ip_set_ip_t ip) ++{ ++ return jhash_1word(ip, *(((uint32_t *) map->initval) + i)); ++} ++ ++static inline __u32 ++hash_id(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_iphash *map = (struct ip_set_iphash *) set->data; ++ __u32 id; ++ u_int16_t i; ++ ip_set_ip_t *elem; ++ ++ *hash_ip = ip & map->netmask; ++ DP("set: %s, ip:%u.%u.%u.%u, %u.%u.%u.%u, %u.%u.%u.%u", ++ set->name, HIPQUAD(ip), HIPQUAD(*hash_ip), HIPQUAD(map->netmask)); ++ ++ for (i = 0; i < map->probes; i++) { ++ id = jhash_ip(map, i, *hash_ip) % map->hashsize; ++ DP("hash key: %u", id); ++ elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id); ++ if (*elem == *hash_ip) ++ return id; ++ /* No shortcut at testing - there can be deleted ++ * entries. */ ++ } ++ return UINT_MAX; ++} ++ ++static inline int ++__testip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) ++{ ++ return (ip && hash_id(set, ip, hash_ip) != UINT_MAX); ++} ++ ++static int ++testip(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_req_iphash *req = ++ (struct ip_set_req_iphash *) data; ++ ++ if (size != sizeof(struct ip_set_req_iphash)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_iphash), ++ size); ++ return -EINVAL; ++ } ++ return __testip(set, req->ip, hash_ip); ++} ++ ++static int ++testip_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_ip, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ return __testip(set, ++ ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr), ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr), ++#endif ++ hash_ip); ++} ++ ++static inline int ++__addip(struct ip_set_iphash *map, ip_set_ip_t ip, ip_set_ip_t *hash_ip) ++{ ++ __u32 probe; ++ u_int16_t i; ++ ip_set_ip_t *elem; ++ ++ if (!ip || map->elements >= limit) ++ return -ERANGE; ++ ++ *hash_ip = ip & map->netmask; ++ ++ for (i = 0; i < map->probes; i++) { ++ probe = jhash_ip(map, i, *hash_ip) % map->hashsize; ++ elem = HARRAY_ELEM(map->members, ip_set_ip_t *, probe); ++ if (*elem == *hash_ip) ++ return -EEXIST; ++ if (!*elem) { ++ *elem = *hash_ip; ++ map->elements++; ++ return 0; ++ } ++ } ++ /* Trigger rehashing */ ++ return -EAGAIN; ++} ++ ++static int ++addip(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_req_iphash *req = ++ (struct ip_set_req_iphash *) data; ++ ++ if (size != sizeof(struct ip_set_req_iphash)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_iphash), ++ size); ++ return -EINVAL; ++ } ++ return __addip((struct ip_set_iphash *) set->data, req->ip, hash_ip); ++} ++ ++static int ++addip_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_ip, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ return __addip((struct ip_set_iphash *) set->data, ++ ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr), ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr), ++#endif ++ hash_ip); ++} ++ ++static int retry(struct ip_set *set) ++{ ++ struct ip_set_iphash *map = (struct ip_set_iphash *) set->data; ++ ip_set_ip_t hash_ip, *elem; ++ void *members; ++ u_int32_t i, hashsize = map->hashsize; ++ int res; ++ struct ip_set_iphash *tmp; ++ ++ if (map->resize == 0) ++ return -ERANGE; ++ ++ again: ++ res = 0; ++ ++ /* Calculate new hash size */ ++ hashsize += (hashsize * map->resize)/100; ++ if (hashsize == map->hashsize) ++ hashsize++; ++ ++ ip_set_printk("rehashing of set %s triggered: " ++ "hashsize grows from %u to %u", ++ set->name, map->hashsize, hashsize); ++ ++ tmp = kmalloc(sizeof(struct ip_set_iphash) ++ + map->probes * sizeof(uint32_t), GFP_ATOMIC); ++ if (!tmp) { ++ DP("out of memory for %d bytes", ++ sizeof(struct ip_set_iphash) ++ + map->probes * sizeof(uint32_t)); ++ return -ENOMEM; ++ } ++ tmp->members = harray_malloc(hashsize, sizeof(ip_set_ip_t), GFP_ATOMIC); ++ if (!tmp->members) { ++ DP("out of memory for %d bytes", hashsize * sizeof(ip_set_ip_t)); ++ kfree(tmp); ++ return -ENOMEM; ++ } ++ tmp->hashsize = hashsize; ++ tmp->elements = 0; ++ tmp->probes = map->probes; ++ tmp->resize = map->resize; ++ tmp->netmask = map->netmask; ++ memcpy(tmp->initval, map->initval, map->probes * sizeof(uint32_t)); ++ ++ write_lock_bh(&set->lock); ++ map = (struct ip_set_iphash *) set->data; /* Play safe */ ++ for (i = 0; i < map->hashsize && res == 0; i++) { ++ elem = HARRAY_ELEM(map->members, ip_set_ip_t *, i); ++ if (*elem) ++ res = __addip(tmp, *elem, &hash_ip); ++ } ++ if (res) { ++ /* Failure, try again */ ++ write_unlock_bh(&set->lock); ++ harray_free(tmp->members); ++ kfree(tmp); ++ goto again; ++ } ++ ++ /* Success at resizing! */ ++ members = map->members; ++ ++ map->hashsize = tmp->hashsize; ++ map->members = tmp->members; ++ write_unlock_bh(&set->lock); ++ ++ harray_free(members); ++ kfree(tmp); ++ ++ return 0; ++} ++ ++static inline int ++__delip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_iphash *map = (struct ip_set_iphash *) set->data; ++ ip_set_ip_t id, *elem; ++ ++ if (!ip) ++ return -ERANGE; ++ ++ id = hash_id(set, ip, hash_ip); ++ if (id == UINT_MAX) ++ return -EEXIST; ++ ++ elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id); ++ *elem = 0; ++ map->elements--; ++ ++ return 0; ++} ++ ++static int ++delip(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_req_iphash *req = ++ (struct ip_set_req_iphash *) data; ++ ++ if (size != sizeof(struct ip_set_req_iphash)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_iphash), ++ size); ++ return -EINVAL; ++ } ++ return __delip(set, req->ip, hash_ip); ++} ++ ++static int ++delip_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_ip, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ return __delip(set, ++ ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr), ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr), ++#endif ++ hash_ip); ++} ++ ++static int create(struct ip_set *set, const void *data, size_t size) ++{ ++ struct ip_set_req_iphash_create *req = ++ (struct ip_set_req_iphash_create *) data; ++ struct ip_set_iphash *map; ++ uint16_t i; ++ ++ if (size != sizeof(struct ip_set_req_iphash_create)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_iphash_create), ++ size); ++ return -EINVAL; ++ } ++ ++ if (req->hashsize < 1) { ++ ip_set_printk("hashsize too small"); ++ return -ENOEXEC; ++ } ++ ++ if (req->probes < 1) { ++ ip_set_printk("probes too small"); ++ return -ENOEXEC; ++ } ++ ++ map = kmalloc(sizeof(struct ip_set_iphash) ++ + req->probes * sizeof(uint32_t), GFP_KERNEL); ++ if (!map) { ++ DP("out of memory for %d bytes", ++ sizeof(struct ip_set_iphash) ++ + req->probes * sizeof(uint32_t)); ++ return -ENOMEM; ++ } ++ for (i = 0; i < req->probes; i++) ++ get_random_bytes(((uint32_t *) map->initval)+i, 4); ++ map->elements = 0; ++ map->hashsize = req->hashsize; ++ map->probes = req->probes; ++ map->resize = req->resize; ++ map->netmask = req->netmask; ++ map->members = harray_malloc(map->hashsize, sizeof(ip_set_ip_t), GFP_KERNEL); ++ if (!map->members) { ++ DP("out of memory for %d bytes", map->hashsize * sizeof(ip_set_ip_t)); ++ kfree(map); ++ return -ENOMEM; ++ } ++ ++ set->data = map; ++ return 0; ++} ++ ++static void destroy(struct ip_set *set) ++{ ++ struct ip_set_iphash *map = (struct ip_set_iphash *) set->data; ++ ++ harray_free(map->members); ++ kfree(map); ++ ++ set->data = NULL; ++} ++ ++static void flush(struct ip_set *set) ++{ ++ struct ip_set_iphash *map = (struct ip_set_iphash *) set->data; ++ harray_flush(map->members, map->hashsize, sizeof(ip_set_ip_t)); ++ map->elements = 0; ++} ++ ++static void list_header(const struct ip_set *set, void *data) ++{ ++ struct ip_set_iphash *map = (struct ip_set_iphash *) set->data; ++ struct ip_set_req_iphash_create *header = ++ (struct ip_set_req_iphash_create *) data; ++ ++ header->hashsize = map->hashsize; ++ header->probes = map->probes; ++ header->resize = map->resize; ++ header->netmask = map->netmask; ++} ++ ++static int list_members_size(const struct ip_set *set) ++{ ++ struct ip_set_iphash *map = (struct ip_set_iphash *) set->data; ++ ++ return (map->hashsize * sizeof(ip_set_ip_t)); ++} ++ ++static void list_members(const struct ip_set *set, void *data) ++{ ++ struct ip_set_iphash *map = (struct ip_set_iphash *) set->data; ++ ip_set_ip_t i, *elem; ++ ++ for (i = 0; i < map->hashsize; i++) { ++ elem = HARRAY_ELEM(map->members, ip_set_ip_t *, i); ++ ((ip_set_ip_t *)data)[i] = *elem; ++ } ++} ++ ++static struct ip_set_type ip_set_iphash = { ++ .typename = SETTYPE_NAME, ++ .features = IPSET_TYPE_IP | IPSET_DATA_SINGLE, ++ .protocol_version = IP_SET_PROTOCOL_VERSION, ++ .create = &create, ++ .destroy = &destroy, ++ .flush = &flush, ++ .reqsize = sizeof(struct ip_set_req_iphash), ++ .addip = &addip, ++ .addip_kernel = &addip_kernel, ++ .retry = &retry, ++ .delip = &delip, ++ .delip_kernel = &delip_kernel, ++ .testip = &testip, ++ .testip_kernel = &testip_kernel, ++ .header_size = sizeof(struct ip_set_req_iphash_create), ++ .list_header = &list_header, ++ .list_members_size = &list_members_size, ++ .list_members = &list_members, ++ .me = THIS_MODULE, ++}; ++ ++MODULE_LICENSE("GPL"); ++MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); ++MODULE_DESCRIPTION("iphash type of IP sets"); ++module_param(limit, int, 0600); ++MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets"); ++ ++static int __init ip_set_iphash_init(void) ++{ ++ return ip_set_register_set_type(&ip_set_iphash); ++} ++ ++static void __exit ip_set_iphash_fini(void) ++{ ++ /* FIXME: possible race with ip_set_create() */ ++ ip_set_unregister_set_type(&ip_set_iphash); ++} ++ ++module_init(ip_set_iphash_init); ++module_exit(ip_set_iphash_fini); +--- /dev/null ++++ b/net/ipv4/netfilter/ip_set_ipmap.c +@@ -0,0 +1,336 @@ ++/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> ++ * Patrick Schaaf <bof@bof.de> ++ * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++ ++/* Kernel module implementing an IP set type: the single bitmap type */ ++ ++#include <linux/module.h> ++#include <linux/ip.h> ++#include <linux/skbuff.h> ++#include <linux/version.h> ++#include <linux/netfilter_ipv4/ip_tables.h> ++#include <linux/netfilter_ipv4/ip_set.h> ++#include <linux/errno.h> ++#include <asm/uaccess.h> ++#include <asm/bitops.h> ++#include <linux/spinlock.h> ++ ++#include <linux/netfilter_ipv4/ip_set_ipmap.h> ++ ++static inline ip_set_ip_t ++ip_to_id(const struct ip_set_ipmap *map, ip_set_ip_t ip) ++{ ++ return (ip - map->first_ip)/map->hosts; ++} ++ ++static inline int ++__testip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_ipmap *map = (struct ip_set_ipmap *) set->data; ++ ++ if (ip < map->first_ip || ip > map->last_ip) ++ return -ERANGE; ++ ++ *hash_ip = ip & map->netmask; ++ DP("set: %s, ip:%u.%u.%u.%u, %u.%u.%u.%u", ++ set->name, HIPQUAD(ip), HIPQUAD(*hash_ip)); ++ return !!test_bit(ip_to_id(map, *hash_ip), map->members); ++} ++ ++static int ++testip(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_req_ipmap *req = ++ (struct ip_set_req_ipmap *) data; ++ ++ if (size != sizeof(struct ip_set_req_ipmap)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_ipmap), ++ size); ++ return -EINVAL; ++ } ++ return __testip(set, req->ip, hash_ip); ++} ++ ++static int ++testip_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_ip, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ int res = __testip(set, ++ ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr), ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr), ++#endif ++ hash_ip); ++ return (res < 0 ? 0 : res); ++} ++ ++static inline int ++__addip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_ipmap *map = (struct ip_set_ipmap *) set->data; ++ ++ if (ip < map->first_ip || ip > map->last_ip) ++ return -ERANGE; ++ ++ *hash_ip = ip & map->netmask; ++ DP("%u.%u.%u.%u, %u.%u.%u.%u", HIPQUAD(ip), HIPQUAD(*hash_ip)); ++ if (test_and_set_bit(ip_to_id(map, *hash_ip), map->members)) ++ return -EEXIST; ++ ++ return 0; ++} ++ ++static int ++addip(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_req_ipmap *req = ++ (struct ip_set_req_ipmap *) data; ++ ++ if (size != sizeof(struct ip_set_req_ipmap)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_ipmap), ++ size); ++ return -EINVAL; ++ } ++ DP("%u.%u.%u.%u", HIPQUAD(req->ip)); ++ return __addip(set, req->ip, hash_ip); ++} ++ ++static int ++addip_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_ip, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ return __addip(set, ++ ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr), ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr), ++#endif ++ hash_ip); ++} ++ ++static inline int ++__delip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_ipmap *map = (struct ip_set_ipmap *) set->data; ++ ++ if (ip < map->first_ip || ip > map->last_ip) ++ return -ERANGE; ++ ++ *hash_ip = ip & map->netmask; ++ DP("%u.%u.%u.%u, %u.%u.%u.%u", HIPQUAD(ip), HIPQUAD(*hash_ip)); ++ if (!test_and_clear_bit(ip_to_id(map, *hash_ip), map->members)) ++ return -EEXIST; ++ ++ return 0; ++} ++ ++static int ++delip(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_req_ipmap *req = ++ (struct ip_set_req_ipmap *) data; ++ ++ if (size != sizeof(struct ip_set_req_ipmap)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_ipmap), ++ size); ++ return -EINVAL; ++ } ++ return __delip(set, req->ip, hash_ip); ++} ++ ++static int ++delip_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_ip, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ return __delip(set, ++ ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr), ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr), ++#endif ++ hash_ip); ++} ++ ++static int create(struct ip_set *set, const void *data, size_t size) ++{ ++ int newbytes; ++ struct ip_set_req_ipmap_create *req = ++ (struct ip_set_req_ipmap_create *) data; ++ struct ip_set_ipmap *map; ++ ++ if (size != sizeof(struct ip_set_req_ipmap_create)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_ipmap_create), ++ size); ++ return -EINVAL; ++ } ++ ++ DP("from %u.%u.%u.%u to %u.%u.%u.%u", ++ HIPQUAD(req->from), HIPQUAD(req->to)); ++ ++ if (req->from > req->to) { ++ DP("bad ip range"); ++ return -ENOEXEC; ++ } ++ ++ map = kmalloc(sizeof(struct ip_set_ipmap), GFP_KERNEL); ++ if (!map) { ++ DP("out of memory for %d bytes", ++ sizeof(struct ip_set_ipmap)); ++ return -ENOMEM; ++ } ++ map->first_ip = req->from; ++ map->last_ip = req->to; ++ map->netmask = req->netmask; ++ ++ if (req->netmask == 0xFFFFFFFF) { ++ map->hosts = 1; ++ map->sizeid = map->last_ip - map->first_ip + 1; ++ } else { ++ unsigned int mask_bits, netmask_bits; ++ ip_set_ip_t mask; ++ ++ map->first_ip &= map->netmask; /* Should we better bark? */ ++ ++ mask = range_to_mask(map->first_ip, map->last_ip, &mask_bits); ++ netmask_bits = mask_to_bits(map->netmask); ++ ++ if ((!mask && (map->first_ip || map->last_ip != 0xFFFFFFFF)) ++ || netmask_bits <= mask_bits) ++ return -ENOEXEC; ++ ++ DP("mask_bits %u, netmask_bits %u", ++ mask_bits, netmask_bits); ++ map->hosts = 2 << (32 - netmask_bits - 1); ++ map->sizeid = 2 << (netmask_bits - mask_bits - 1); ++ } ++ if (map->sizeid > MAX_RANGE + 1) { ++ ip_set_printk("range too big (max %d addresses)", ++ MAX_RANGE+1); ++ kfree(map); ++ return -ENOEXEC; ++ } ++ DP("hosts %u, sizeid %u", map->hosts, map->sizeid); ++ newbytes = bitmap_bytes(0, map->sizeid - 1); ++ map->members = kmalloc(newbytes, GFP_KERNEL); ++ if (!map->members) { ++ DP("out of memory for %d bytes", newbytes); ++ kfree(map); ++ return -ENOMEM; ++ } ++ memset(map->members, 0, newbytes); ++ ++ set->data = map; ++ return 0; ++} ++ ++static void destroy(struct ip_set *set) ++{ ++ struct ip_set_ipmap *map = (struct ip_set_ipmap *) set->data; ++ ++ kfree(map->members); ++ kfree(map); ++ ++ set->data = NULL; ++} ++ ++static void flush(struct ip_set *set) ++{ ++ struct ip_set_ipmap *map = (struct ip_set_ipmap *) set->data; ++ memset(map->members, 0, bitmap_bytes(0, map->sizeid - 1)); ++} ++ ++static void list_header(const struct ip_set *set, void *data) ++{ ++ struct ip_set_ipmap *map = (struct ip_set_ipmap *) set->data; ++ struct ip_set_req_ipmap_create *header = ++ (struct ip_set_req_ipmap_create *) data; ++ ++ header->from = map->first_ip; ++ header->to = map->last_ip; ++ header->netmask = map->netmask; ++} ++ ++static int list_members_size(const struct ip_set *set) ++{ ++ struct ip_set_ipmap *map = (struct ip_set_ipmap *) set->data; ++ ++ return bitmap_bytes(0, map->sizeid - 1); ++} ++ ++static void list_members(const struct ip_set *set, void *data) ++{ ++ struct ip_set_ipmap *map = (struct ip_set_ipmap *) set->data; ++ int bytes = bitmap_bytes(0, map->sizeid - 1); ++ ++ memcpy(data, map->members, bytes); ++} ++ ++static struct ip_set_type ip_set_ipmap = { ++ .typename = SETTYPE_NAME, ++ .features = IPSET_TYPE_IP | IPSET_DATA_SINGLE, ++ .protocol_version = IP_SET_PROTOCOL_VERSION, ++ .create = &create, ++ .destroy = &destroy, ++ .flush = &flush, ++ .reqsize = sizeof(struct ip_set_req_ipmap), ++ .addip = &addip, ++ .addip_kernel = &addip_kernel, ++ .delip = &delip, ++ .delip_kernel = &delip_kernel, ++ .testip = &testip, ++ .testip_kernel = &testip_kernel, ++ .header_size = sizeof(struct ip_set_req_ipmap_create), ++ .list_header = &list_header, ++ .list_members_size = &list_members_size, ++ .list_members = &list_members, ++ .me = THIS_MODULE, ++}; ++ ++MODULE_LICENSE("GPL"); ++MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); ++MODULE_DESCRIPTION("ipmap type of IP sets"); ++ ++static int __init ip_set_ipmap_init(void) ++{ ++ return ip_set_register_set_type(&ip_set_ipmap); ++} ++ ++static void __exit ip_set_ipmap_fini(void) ++{ ++ /* FIXME: possible race with ip_set_create() */ ++ ip_set_unregister_set_type(&ip_set_ipmap); ++} ++ ++module_init(ip_set_ipmap_init); ++module_exit(ip_set_ipmap_fini); +--- /dev/null ++++ b/net/ipv4/netfilter/ip_set_ipporthash.c +@@ -0,0 +1,581 @@ ++/* Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++ ++/* Kernel module implementing an ip+port hash set */ ++ ++#include <linux/module.h> ++#include <linux/ip.h> ++#include <linux/tcp.h> ++#include <linux/udp.h> ++#include <linux/skbuff.h> ++#include <linux/version.h> ++#include <linux/jhash.h> ++#include <linux/netfilter_ipv4/ip_tables.h> ++#include <linux/netfilter_ipv4/ip_set.h> ++#include <linux/errno.h> ++#include <asm/uaccess.h> ++#include <asm/bitops.h> ++#include <linux/spinlock.h> ++#include <linux/vmalloc.h> ++#include <linux/random.h> ++ ++#include <net/ip.h> ++ ++#include <linux/netfilter_ipv4/ip_set_malloc.h> ++#include <linux/netfilter_ipv4/ip_set_ipporthash.h> ++ ++static int limit = MAX_RANGE; ++ ++/* We must handle non-linear skbs */ ++static inline ip_set_ip_t ++get_port(const struct sk_buff *skb, u_int32_t flags) ++{ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ struct iphdr *iph = ip_hdr(skb); ++#else ++ struct iphdr *iph = skb->nh.iph; ++#endif ++ u_int16_t offset = ntohs(iph->frag_off) & IP_OFFSET; ++ ++ switch (iph->protocol) { ++ case IPPROTO_TCP: { ++ struct tcphdr tcph; ++ ++ /* See comments at tcp_match in ip_tables.c */ ++ if (offset) ++ return INVALID_PORT; ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &tcph, sizeof(tcph)) < 0) ++#else ++ if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &tcph, sizeof(tcph)) < 0) ++#endif ++ /* No choice either */ ++ return INVALID_PORT; ++ ++ return ntohs(flags & IPSET_SRC ? ++ tcph.source : tcph.dest); ++ } ++ case IPPROTO_UDP: { ++ struct udphdr udph; ++ ++ if (offset) ++ return INVALID_PORT; ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &udph, sizeof(udph)) < 0) ++#else ++ if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &udph, sizeof(udph)) < 0) ++#endif ++ /* No choice either */ ++ return INVALID_PORT; ++ ++ return ntohs(flags & IPSET_SRC ? ++ udph.source : udph.dest); ++ } ++ default: ++ return INVALID_PORT; ++ } ++} ++ ++static inline __u32 ++jhash_ip(const struct ip_set_ipporthash *map, uint16_t i, ip_set_ip_t ip) ++{ ++ return jhash_1word(ip, *(((uint32_t *) map->initval) + i)); ++} ++ ++#define HASH_IP(map, ip, port) (port + ((ip - ((map)->first_ip)) << 16)) ++ ++static inline __u32 ++hash_id(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t port, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_ipporthash *map = ++ (struct ip_set_ipporthash *) set->data; ++ __u32 id; ++ u_int16_t i; ++ ip_set_ip_t *elem; ++ ++ *hash_ip = HASH_IP(map, ip, port); ++ DP("set: %s, ipport:%u.%u.%u.%u:%u, %u.%u.%u.%u", ++ set->name, HIPQUAD(ip), port, HIPQUAD(*hash_ip)); ++ ++ for (i = 0; i < map->probes; i++) { ++ id = jhash_ip(map, i, *hash_ip) % map->hashsize; ++ DP("hash key: %u", id); ++ elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id); ++ if (*elem == *hash_ip) ++ return id; ++ /* No shortcut at testing - there can be deleted ++ * entries. */ ++ } ++ return UINT_MAX; ++} ++ ++static inline int ++__testip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t port, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_ipporthash *map = (struct ip_set_ipporthash *) set->data; ++ ++ if (ip < map->first_ip || ip > map->last_ip) ++ return -ERANGE; ++ ++ return (hash_id(set, ip, port, hash_ip) != UINT_MAX); ++} ++ ++static int ++testip(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_req_ipporthash *req = ++ (struct ip_set_req_ipporthash *) data; ++ ++ if (size != sizeof(struct ip_set_req_ipporthash)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_ipporthash), ++ size); ++ return -EINVAL; ++ } ++ return __testip(set, req->ip, req->port, hash_ip); ++} ++ ++static int ++testip_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_ip, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ ip_set_ip_t port; ++ int res; ++ ++ if (flags[index+1] == 0) ++ return 0; ++ ++ port = get_port(skb, flags[index+1]); ++ ++ DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u", ++ flags[index] & IPSET_SRC ? "SRC" : "DST", ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ NIPQUAD(ip_hdr(skb)->saddr), ++ NIPQUAD(ip_hdr(skb)->daddr)); ++#else ++ NIPQUAD(skb->nh.iph->saddr), ++ NIPQUAD(skb->nh.iph->daddr)); ++#endif ++ DP("flag %s port %u", ++ flags[index+1] & IPSET_SRC ? "SRC" : "DST", ++ port); ++ if (port == INVALID_PORT) ++ return 0; ++ ++ res = __testip(set, ++ ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr), ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr), ++#endif ++ port, ++ hash_ip); ++ return (res < 0 ? 0 : res); ++ ++} ++ ++static inline int ++__add_haship(struct ip_set_ipporthash *map, ip_set_ip_t hash_ip) ++{ ++ __u32 probe; ++ u_int16_t i; ++ ip_set_ip_t *elem; ++ ++ for (i = 0; i < map->probes; i++) { ++ probe = jhash_ip(map, i, hash_ip) % map->hashsize; ++ elem = HARRAY_ELEM(map->members, ip_set_ip_t *, probe); ++ if (*elem == hash_ip) ++ return -EEXIST; ++ if (!*elem) { ++ *elem = hash_ip; ++ map->elements++; ++ return 0; ++ } ++ } ++ /* Trigger rehashing */ ++ return -EAGAIN; ++} ++ ++static inline int ++__addip(struct ip_set_ipporthash *map, ip_set_ip_t ip, ip_set_ip_t port, ++ ip_set_ip_t *hash_ip) ++{ ++ if (map->elements > limit) ++ return -ERANGE; ++ if (ip < map->first_ip || ip > map->last_ip) ++ return -ERANGE; ++ ++ *hash_ip = HASH_IP(map, ip, port); ++ ++ return __add_haship(map, *hash_ip); ++} ++ ++static int ++addip(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_req_ipporthash *req = ++ (struct ip_set_req_ipporthash *) data; ++ ++ if (size != sizeof(struct ip_set_req_ipporthash)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_ipporthash), ++ size); ++ return -EINVAL; ++ } ++ return __addip((struct ip_set_ipporthash *) set->data, ++ req->ip, req->port, hash_ip); ++} ++ ++static int ++addip_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_ip, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ ip_set_ip_t port; ++ ++ if (flags[index+1] == 0) ++ return -EINVAL; ++ ++ port = get_port(skb, flags[index+1]); ++ ++ DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u", ++ flags[index] & IPSET_SRC ? "SRC" : "DST", ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ NIPQUAD(ip_hdr(skb)->saddr), ++ NIPQUAD(ip_hdr(skb)->daddr)); ++#else ++ NIPQUAD(skb->nh.iph->saddr), ++ NIPQUAD(skb->nh.iph->daddr)); ++#endif ++ DP("flag %s port %u", ++ flags[index+1] & IPSET_SRC ? "SRC" : "DST", ++ port); ++ if (port == INVALID_PORT) ++ return -EINVAL; ++ ++ return __addip((struct ip_set_ipporthash *) set->data, ++ ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr), ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr), ++#endif ++ port, ++ hash_ip); ++} ++ ++static int retry(struct ip_set *set) ++{ ++ struct ip_set_ipporthash *map = (struct ip_set_ipporthash *) set->data; ++ ip_set_ip_t *elem; ++ void *members; ++ u_int32_t i, hashsize = map->hashsize; ++ int res; ++ struct ip_set_ipporthash *tmp; ++ ++ if (map->resize == 0) ++ return -ERANGE; ++ ++ again: ++ res = 0; ++ ++ /* Calculate new hash size */ ++ hashsize += (hashsize * map->resize)/100; ++ if (hashsize == map->hashsize) ++ hashsize++; ++ ++ ip_set_printk("rehashing of set %s triggered: " ++ "hashsize grows from %u to %u", ++ set->name, map->hashsize, hashsize); ++ ++ tmp = kmalloc(sizeof(struct ip_set_ipporthash) ++ + map->probes * sizeof(uint32_t), GFP_ATOMIC); ++ if (!tmp) { ++ DP("out of memory for %d bytes", ++ sizeof(struct ip_set_ipporthash) ++ + map->probes * sizeof(uint32_t)); ++ return -ENOMEM; ++ } ++ tmp->members = harray_malloc(hashsize, sizeof(ip_set_ip_t), GFP_ATOMIC); ++ if (!tmp->members) { ++ DP("out of memory for %d bytes", hashsize * sizeof(ip_set_ip_t)); ++ kfree(tmp); ++ return -ENOMEM; ++ } ++ tmp->hashsize = hashsize; ++ tmp->elements = 0; ++ tmp->probes = map->probes; ++ tmp->resize = map->resize; ++ tmp->first_ip = map->first_ip; ++ tmp->last_ip = map->last_ip; ++ memcpy(tmp->initval, map->initval, map->probes * sizeof(uint32_t)); ++ ++ write_lock_bh(&set->lock); ++ map = (struct ip_set_ipporthash *) set->data; /* Play safe */ ++ for (i = 0; i < map->hashsize && res == 0; i++) { ++ elem = HARRAY_ELEM(map->members, ip_set_ip_t *, i); ++ if (*elem) ++ res = __add_haship(tmp, *elem); ++ } ++ if (res) { ++ /* Failure, try again */ ++ write_unlock_bh(&set->lock); ++ harray_free(tmp->members); ++ kfree(tmp); ++ goto again; ++ } ++ ++ /* Success at resizing! */ ++ members = map->members; ++ ++ map->hashsize = tmp->hashsize; ++ map->members = tmp->members; ++ write_unlock_bh(&set->lock); ++ ++ harray_free(members); ++ kfree(tmp); ++ ++ return 0; ++} ++ ++static inline int ++__delip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t port, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_ipporthash *map = (struct ip_set_ipporthash *) set->data; ++ ip_set_ip_t id; ++ ip_set_ip_t *elem; ++ ++ if (ip < map->first_ip || ip > map->last_ip) ++ return -ERANGE; ++ ++ id = hash_id(set, ip, port, hash_ip); ++ ++ if (id == UINT_MAX) ++ return -EEXIST; ++ ++ elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id); ++ *elem = 0; ++ map->elements--; ++ ++ return 0; ++} ++ ++static int ++delip(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_req_ipporthash *req = ++ (struct ip_set_req_ipporthash *) data; ++ ++ if (size != sizeof(struct ip_set_req_ipporthash)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_ipporthash), ++ size); ++ return -EINVAL; ++ } ++ return __delip(set, req->ip, req->port, hash_ip); ++} ++ ++static int ++delip_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_ip, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ ip_set_ip_t port; ++ ++ if (flags[index+1] == 0) ++ return -EINVAL; ++ ++ port = get_port(skb, flags[index+1]); ++ ++ DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u", ++ flags[index] & IPSET_SRC ? "SRC" : "DST", ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ NIPQUAD(ip_hdr(skb)->saddr), ++ NIPQUAD(ip_hdr(skb)->daddr)); ++#else ++ NIPQUAD(skb->nh.iph->saddr), ++ NIPQUAD(skb->nh.iph->daddr)); ++#endif ++ DP("flag %s port %u", ++ flags[index+1] & IPSET_SRC ? "SRC" : "DST", ++ port); ++ if (port == INVALID_PORT) ++ return -EINVAL; ++ ++ return __delip(set, ++ ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr), ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr), ++#endif ++ port, ++ hash_ip); ++} ++ ++static int create(struct ip_set *set, const void *data, size_t size) ++{ ++ struct ip_set_req_ipporthash_create *req = ++ (struct ip_set_req_ipporthash_create *) data; ++ struct ip_set_ipporthash *map; ++ uint16_t i; ++ ++ if (size != sizeof(struct ip_set_req_ipporthash_create)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_ipporthash_create), ++ size); ++ return -EINVAL; ++ } ++ ++ if (req->hashsize < 1) { ++ ip_set_printk("hashsize too small"); ++ return -ENOEXEC; ++ } ++ ++ if (req->probes < 1) { ++ ip_set_printk("probes too small"); ++ return -ENOEXEC; ++ } ++ ++ map = kmalloc(sizeof(struct ip_set_ipporthash) ++ + req->probes * sizeof(uint32_t), GFP_KERNEL); ++ if (!map) { ++ DP("out of memory for %d bytes", ++ sizeof(struct ip_set_ipporthash) ++ + req->probes * sizeof(uint32_t)); ++ return -ENOMEM; ++ } ++ for (i = 0; i < req->probes; i++) ++ get_random_bytes(((uint32_t *) map->initval)+i, 4); ++ map->elements = 0; ++ map->hashsize = req->hashsize; ++ map->probes = req->probes; ++ map->resize = req->resize; ++ map->first_ip = req->from; ++ map->last_ip = req->to; ++ map->members = harray_malloc(map->hashsize, sizeof(ip_set_ip_t), GFP_KERNEL); ++ if (!map->members) { ++ DP("out of memory for %d bytes", map->hashsize * sizeof(ip_set_ip_t)); ++ kfree(map); ++ return -ENOMEM; ++ } ++ ++ set->data = map; ++ return 0; ++} ++ ++static void destroy(struct ip_set *set) ++{ ++ struct ip_set_ipporthash *map = (struct ip_set_ipporthash *) set->data; ++ ++ harray_free(map->members); ++ kfree(map); ++ ++ set->data = NULL; ++} ++ ++static void flush(struct ip_set *set) ++{ ++ struct ip_set_ipporthash *map = (struct ip_set_ipporthash *) set->data; ++ harray_flush(map->members, map->hashsize, sizeof(ip_set_ip_t)); ++ map->elements = 0; ++} ++ ++static void list_header(const struct ip_set *set, void *data) ++{ ++ struct ip_set_ipporthash *map = (struct ip_set_ipporthash *) set->data; ++ struct ip_set_req_ipporthash_create *header = ++ (struct ip_set_req_ipporthash_create *) data; ++ ++ header->hashsize = map->hashsize; ++ header->probes = map->probes; ++ header->resize = map->resize; ++ header->from = map->first_ip; ++ header->to = map->last_ip; ++} ++ ++static int list_members_size(const struct ip_set *set) ++{ ++ struct ip_set_ipporthash *map = (struct ip_set_ipporthash *) set->data; ++ ++ return (map->hashsize * sizeof(ip_set_ip_t)); ++} ++ ++static void list_members(const struct ip_set *set, void *data) ++{ ++ struct ip_set_ipporthash *map = (struct ip_set_ipporthash *) set->data; ++ ip_set_ip_t i, *elem; ++ ++ for (i = 0; i < map->hashsize; i++) { ++ elem = HARRAY_ELEM(map->members, ip_set_ip_t *, i); ++ ((ip_set_ip_t *)data)[i] = *elem; ++ } ++} ++ ++static struct ip_set_type ip_set_ipporthash = { ++ .typename = SETTYPE_NAME, ++ .features = IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_DATA_DOUBLE, ++ .protocol_version = IP_SET_PROTOCOL_VERSION, ++ .create = &create, ++ .destroy = &destroy, ++ .flush = &flush, ++ .reqsize = sizeof(struct ip_set_req_ipporthash), ++ .addip = &addip, ++ .addip_kernel = &addip_kernel, ++ .retry = &retry, ++ .delip = &delip, ++ .delip_kernel = &delip_kernel, ++ .testip = &testip, ++ .testip_kernel = &testip_kernel, ++ .header_size = sizeof(struct ip_set_req_ipporthash_create), ++ .list_header = &list_header, ++ .list_members_size = &list_members_size, ++ .list_members = &list_members, ++ .me = THIS_MODULE, ++}; ++ ++MODULE_LICENSE("GPL"); ++MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); ++MODULE_DESCRIPTION("ipporthash type of IP sets"); ++module_param(limit, int, 0600); ++MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets"); ++ ++static int __init ip_set_ipporthash_init(void) ++{ ++ return ip_set_register_set_type(&ip_set_ipporthash); ++} ++ ++static void __exit ip_set_ipporthash_fini(void) ++{ ++ /* FIXME: possible race with ip_set_create() */ ++ ip_set_unregister_set_type(&ip_set_ipporthash); ++} ++ ++module_init(ip_set_ipporthash_init); ++module_exit(ip_set_ipporthash_fini); +--- /dev/null ++++ b/net/ipv4/netfilter/ip_set_iptree.c +@@ -0,0 +1,612 @@ ++/* Copyright (C) 2005 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++ ++/* Kernel module implementing an IP set type: the iptree type */ ++ ++#include <linux/version.h> ++#include <linux/module.h> ++#include <linux/ip.h> ++#include <linux/skbuff.h> ++#include <linux/slab.h> ++#include <linux/delay.h> ++#include <linux/netfilter_ipv4/ip_tables.h> ++#include <linux/netfilter_ipv4/ip_set.h> ++#include <linux/errno.h> ++#include <asm/uaccess.h> ++#include <asm/bitops.h> ++#include <linux/spinlock.h> ++ ++/* Backward compatibility */ ++#ifndef __nocast ++#define __nocast ++#endif ++ ++#include <linux/netfilter_ipv4/ip_set_iptree.h> ++ ++static int limit = MAX_RANGE; ++ ++/* Garbage collection interval in seconds: */ ++#define IPTREE_GC_TIME 5*60 ++/* Sleep so many milliseconds before trying again ++ * to delete the gc timer at destroying/flushing a set */ ++#define IPTREE_DESTROY_SLEEP 100 ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) ++static struct kmem_cache *branch_cachep; ++static struct kmem_cache *leaf_cachep; ++#else ++static kmem_cache_t *branch_cachep; ++static kmem_cache_t *leaf_cachep; ++#endif ++ ++#if defined(__LITTLE_ENDIAN) ++#define ABCD(a,b,c,d,addrp) do { \ ++ a = ((unsigned char *)addrp)[3]; \ ++ b = ((unsigned char *)addrp)[2]; \ ++ c = ((unsigned char *)addrp)[1]; \ ++ d = ((unsigned char *)addrp)[0]; \ ++} while (0) ++#elif defined(__BIG_ENDIAN) ++#define ABCD(a,b,c,d,addrp) do { \ ++ a = ((unsigned char *)addrp)[0]; \ ++ b = ((unsigned char *)addrp)[1]; \ ++ c = ((unsigned char *)addrp)[2]; \ ++ d = ((unsigned char *)addrp)[3]; \ ++} while (0) ++#else ++#error "Please fix asm/byteorder.h" ++#endif /* __LITTLE_ENDIAN */ ++ ++#define TESTIP_WALK(map, elem, branch) do { \ ++ if ((map)->tree[elem]) { \ ++ branch = (map)->tree[elem]; \ ++ } else \ ++ return 0; \ ++} while (0) ++ ++static inline int ++__testip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_iptree *map = (struct ip_set_iptree *) set->data; ++ struct ip_set_iptreeb *btree; ++ struct ip_set_iptreec *ctree; ++ struct ip_set_iptreed *dtree; ++ unsigned char a,b,c,d; ++ ++ if (!ip) ++ return -ERANGE; ++ ++ *hash_ip = ip; ++ ABCD(a, b, c, d, hash_ip); ++ DP("%u %u %u %u timeout %u", a, b, c, d, map->timeout); ++ TESTIP_WALK(map, a, btree); ++ TESTIP_WALK(btree, b, ctree); ++ TESTIP_WALK(ctree, c, dtree); ++ DP("%lu %lu", dtree->expires[d], jiffies); ++ return dtree->expires[d] ++ && (!map->timeout ++ || time_after(dtree->expires[d], jiffies)); ++} ++ ++static int ++testip(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_req_iptree *req = ++ (struct ip_set_req_iptree *) data; ++ ++ if (size != sizeof(struct ip_set_req_iptree)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_iptree), ++ size); ++ return -EINVAL; ++ } ++ return __testip(set, req->ip, hash_ip); ++} ++ ++static int ++testip_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_ip, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ int res; ++ ++ DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u", ++ flags[index] & IPSET_SRC ? "SRC" : "DST", ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ NIPQUAD(ip_hdr(skb)->saddr), ++ NIPQUAD(ip_hdr(skb)->daddr)); ++#else ++ NIPQUAD(skb->nh.iph->saddr), ++ NIPQUAD(skb->nh.iph->daddr)); ++#endif ++ ++ res = __testip(set, ++ ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr), ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr), ++#endif ++ hash_ip); ++ return (res < 0 ? 0 : res); ++} ++ ++#define ADDIP_WALK(map, elem, branch, type, cachep) do { \ ++ if ((map)->tree[elem]) { \ ++ DP("found %u", elem); \ ++ branch = (map)->tree[elem]; \ ++ } else { \ ++ branch = (type *) \ ++ kmem_cache_alloc(cachep, GFP_ATOMIC); \ ++ if (branch == NULL) \ ++ return -ENOMEM; \ ++ memset(branch, 0, sizeof(*branch)); \ ++ (map)->tree[elem] = branch; \ ++ DP("alloc %u", elem); \ ++ } \ ++} while (0) ++ ++static inline int ++__addip(struct ip_set *set, ip_set_ip_t ip, unsigned int timeout, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_iptree *map = (struct ip_set_iptree *) set->data; ++ struct ip_set_iptreeb *btree; ++ struct ip_set_iptreec *ctree; ++ struct ip_set_iptreed *dtree; ++ unsigned char a,b,c,d; ++ int ret = 0; ++ ++ if (!ip || map->elements >= limit) ++ /* We could call the garbage collector ++ * but it's probably overkill */ ++ return -ERANGE; ++ ++ *hash_ip = ip; ++ ABCD(a, b, c, d, hash_ip); ++ DP("%u %u %u %u timeout %u", a, b, c, d, timeout); ++ ADDIP_WALK(map, a, btree, struct ip_set_iptreeb, branch_cachep); ++ ADDIP_WALK(btree, b, ctree, struct ip_set_iptreec, branch_cachep); ++ ADDIP_WALK(ctree, c, dtree, struct ip_set_iptreed, leaf_cachep); ++ if (dtree->expires[d] ++ && (!map->timeout || time_after(dtree->expires[d], jiffies))) ++ ret = -EEXIST; ++ dtree->expires[d] = map->timeout ? (timeout * HZ + jiffies) : 1; ++ /* Lottery: I won! */ ++ if (dtree->expires[d] == 0) ++ dtree->expires[d] = 1; ++ DP("%u %lu", d, dtree->expires[d]); ++ if (ret == 0) ++ map->elements++; ++ return ret; ++} ++ ++static int ++addip(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_iptree *map = (struct ip_set_iptree *) set->data; ++ struct ip_set_req_iptree *req = ++ (struct ip_set_req_iptree *) data; ++ ++ if (size != sizeof(struct ip_set_req_iptree)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_iptree), ++ size); ++ return -EINVAL; ++ } ++ DP("%u.%u.%u.%u %u", HIPQUAD(req->ip), req->timeout); ++ return __addip(set, req->ip, ++ req->timeout ? req->timeout : map->timeout, ++ hash_ip); ++} ++ ++static int ++addip_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_ip, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ struct ip_set_iptree *map = (struct ip_set_iptree *) set->data; ++ ++ return __addip(set, ++ ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr), ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr), ++#endif ++ map->timeout, ++ hash_ip); ++} ++ ++#define DELIP_WALK(map, elem, branch) do { \ ++ if ((map)->tree[elem]) { \ ++ branch = (map)->tree[elem]; \ ++ } else \ ++ return -EEXIST; \ ++} while (0) ++ ++static inline int ++__delip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_iptree *map = (struct ip_set_iptree *) set->data; ++ struct ip_set_iptreeb *btree; ++ struct ip_set_iptreec *ctree; ++ struct ip_set_iptreed *dtree; ++ unsigned char a,b,c,d; ++ ++ if (!ip) ++ return -ERANGE; ++ ++ *hash_ip = ip; ++ ABCD(a, b, c, d, hash_ip); ++ DELIP_WALK(map, a, btree); ++ DELIP_WALK(btree, b, ctree); ++ DELIP_WALK(ctree, c, dtree); ++ ++ if (dtree->expires[d]) { ++ dtree->expires[d] = 0; ++ map->elements--; ++ return 0; ++ } ++ return -EEXIST; ++} ++ ++static int ++delip(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_req_iptree *req = ++ (struct ip_set_req_iptree *) data; ++ ++ if (size != sizeof(struct ip_set_req_iptree)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_iptree), ++ size); ++ return -EINVAL; ++ } ++ return __delip(set, req->ip, hash_ip); ++} ++ ++static int ++delip_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_ip, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ return __delip(set, ++ ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr), ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr), ++#endif ++ hash_ip); ++} ++ ++#define LOOP_WALK_BEGIN(map, i, branch) \ ++ for (i = 0; i < 256; i++) { \ ++ if (!(map)->tree[i]) \ ++ continue; \ ++ branch = (map)->tree[i] ++ ++#define LOOP_WALK_END } ++ ++static void ip_tree_gc(unsigned long ul_set) ++{ ++ struct ip_set *set = (void *) ul_set; ++ struct ip_set_iptree *map = (struct ip_set_iptree *) set->data; ++ struct ip_set_iptreeb *btree; ++ struct ip_set_iptreec *ctree; ++ struct ip_set_iptreed *dtree; ++ unsigned int a,b,c,d; ++ unsigned char i,j,k; ++ ++ i = j = k = 0; ++ DP("gc: %s", set->name); ++ write_lock_bh(&set->lock); ++ LOOP_WALK_BEGIN(map, a, btree); ++ LOOP_WALK_BEGIN(btree, b, ctree); ++ LOOP_WALK_BEGIN(ctree, c, dtree); ++ for (d = 0; d < 256; d++) { ++ if (dtree->expires[d]) { ++ DP("gc: %u %u %u %u: expires %lu jiffies %lu", ++ a, b, c, d, ++ dtree->expires[d], jiffies); ++ if (map->timeout ++ && time_before(dtree->expires[d], jiffies)) { ++ dtree->expires[d] = 0; ++ map->elements--; ++ } else ++ k = 1; ++ } ++ } ++ if (k == 0) { ++ DP("gc: %s: leaf %u %u %u empty", ++ set->name, a, b, c); ++ kmem_cache_free(leaf_cachep, dtree); ++ ctree->tree[c] = NULL; ++ } else { ++ DP("gc: %s: leaf %u %u %u not empty", ++ set->name, a, b, c); ++ j = 1; ++ k = 0; ++ } ++ LOOP_WALK_END; ++ if (j == 0) { ++ DP("gc: %s: branch %u %u empty", ++ set->name, a, b); ++ kmem_cache_free(branch_cachep, ctree); ++ btree->tree[b] = NULL; ++ } else { ++ DP("gc: %s: branch %u %u not empty", ++ set->name, a, b); ++ i = 1; ++ j = k = 0; ++ } ++ LOOP_WALK_END; ++ if (i == 0) { ++ DP("gc: %s: branch %u empty", ++ set->name, a); ++ kmem_cache_free(branch_cachep, btree); ++ map->tree[a] = NULL; ++ } else { ++ DP("gc: %s: branch %u not empty", ++ set->name, a); ++ i = j = k = 0; ++ } ++ LOOP_WALK_END; ++ write_unlock_bh(&set->lock); ++ ++ map->gc.expires = jiffies + map->gc_interval * HZ; ++ add_timer(&map->gc); ++} ++ ++static inline void init_gc_timer(struct ip_set *set) ++{ ++ struct ip_set_iptree *map = (struct ip_set_iptree *) set->data; ++ ++ /* Even if there is no timeout for the entries, ++ * we still have to call gc because delete ++ * do not clean up empty branches */ ++ map->gc_interval = IPTREE_GC_TIME; ++ init_timer(&map->gc); ++ map->gc.data = (unsigned long) set; ++ map->gc.function = ip_tree_gc; ++ map->gc.expires = jiffies + map->gc_interval * HZ; ++ add_timer(&map->gc); ++} ++ ++static int create(struct ip_set *set, const void *data, size_t size) ++{ ++ struct ip_set_req_iptree_create *req = ++ (struct ip_set_req_iptree_create *) data; ++ struct ip_set_iptree *map; ++ ++ if (size != sizeof(struct ip_set_req_iptree_create)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_iptree_create), ++ size); ++ return -EINVAL; ++ } ++ ++ map = kmalloc(sizeof(struct ip_set_iptree), GFP_KERNEL); ++ if (!map) { ++ DP("out of memory for %d bytes", ++ sizeof(struct ip_set_iptree)); ++ return -ENOMEM; ++ } ++ memset(map, 0, sizeof(*map)); ++ map->timeout = req->timeout; ++ map->elements = 0; ++ set->data = map; ++ ++ init_gc_timer(set); ++ ++ return 0; ++} ++ ++static void __flush(struct ip_set_iptree *map) ++{ ++ struct ip_set_iptreeb *btree; ++ struct ip_set_iptreec *ctree; ++ struct ip_set_iptreed *dtree; ++ unsigned int a,b,c; ++ ++ LOOP_WALK_BEGIN(map, a, btree); ++ LOOP_WALK_BEGIN(btree, b, ctree); ++ LOOP_WALK_BEGIN(ctree, c, dtree); ++ kmem_cache_free(leaf_cachep, dtree); ++ LOOP_WALK_END; ++ kmem_cache_free(branch_cachep, ctree); ++ LOOP_WALK_END; ++ kmem_cache_free(branch_cachep, btree); ++ LOOP_WALK_END; ++ map->elements = 0; ++} ++ ++static void destroy(struct ip_set *set) ++{ ++ struct ip_set_iptree *map = (struct ip_set_iptree *) set->data; ++ ++ /* gc might be running */ ++ while (!del_timer(&map->gc)) ++ msleep(IPTREE_DESTROY_SLEEP); ++ __flush(map); ++ kfree(map); ++ set->data = NULL; ++} ++ ++static void flush(struct ip_set *set) ++{ ++ struct ip_set_iptree *map = (struct ip_set_iptree *) set->data; ++ unsigned int timeout = map->timeout; ++ ++ /* gc might be running */ ++ while (!del_timer(&map->gc)) ++ msleep(IPTREE_DESTROY_SLEEP); ++ __flush(map); ++ memset(map, 0, sizeof(*map)); ++ map->timeout = timeout; ++ ++ init_gc_timer(set); ++} ++ ++static void list_header(const struct ip_set *set, void *data) ++{ ++ struct ip_set_iptree *map = (struct ip_set_iptree *) set->data; ++ struct ip_set_req_iptree_create *header = ++ (struct ip_set_req_iptree_create *) data; ++ ++ header->timeout = map->timeout; ++} ++ ++static int list_members_size(const struct ip_set *set) ++{ ++ struct ip_set_iptree *map = (struct ip_set_iptree *) set->data; ++ struct ip_set_iptreeb *btree; ++ struct ip_set_iptreec *ctree; ++ struct ip_set_iptreed *dtree; ++ unsigned int a,b,c,d; ++ unsigned int count = 0; ++ ++ LOOP_WALK_BEGIN(map, a, btree); ++ LOOP_WALK_BEGIN(btree, b, ctree); ++ LOOP_WALK_BEGIN(ctree, c, dtree); ++ for (d = 0; d < 256; d++) { ++ if (dtree->expires[d] ++ && (!map->timeout || time_after(dtree->expires[d], jiffies))) ++ count++; ++ } ++ LOOP_WALK_END; ++ LOOP_WALK_END; ++ LOOP_WALK_END; ++ ++ DP("members %u", count); ++ return (count * sizeof(struct ip_set_req_iptree)); ++} ++ ++static void list_members(const struct ip_set *set, void *data) ++{ ++ struct ip_set_iptree *map = (struct ip_set_iptree *) set->data; ++ struct ip_set_iptreeb *btree; ++ struct ip_set_iptreec *ctree; ++ struct ip_set_iptreed *dtree; ++ unsigned int a,b,c,d; ++ size_t offset = 0; ++ struct ip_set_req_iptree *entry; ++ ++ LOOP_WALK_BEGIN(map, a, btree); ++ LOOP_WALK_BEGIN(btree, b, ctree); ++ LOOP_WALK_BEGIN(ctree, c, dtree); ++ for (d = 0; d < 256; d++) { ++ if (dtree->expires[d] ++ && (!map->timeout || time_after(dtree->expires[d], jiffies))) { ++ entry = (struct ip_set_req_iptree *)(data + offset); ++ entry->ip = ((a << 24) | (b << 16) | (c << 8) | d); ++ entry->timeout = !map->timeout ? 0 ++ : (dtree->expires[d] - jiffies)/HZ; ++ offset += sizeof(struct ip_set_req_iptree); ++ } ++ } ++ LOOP_WALK_END; ++ LOOP_WALK_END; ++ LOOP_WALK_END; ++} ++ ++static struct ip_set_type ip_set_iptree = { ++ .typename = SETTYPE_NAME, ++ .features = IPSET_TYPE_IP | IPSET_DATA_SINGLE, ++ .protocol_version = IP_SET_PROTOCOL_VERSION, ++ .create = &create, ++ .destroy = &destroy, ++ .flush = &flush, ++ .reqsize = sizeof(struct ip_set_req_iptree), ++ .addip = &addip, ++ .addip_kernel = &addip_kernel, ++ .delip = &delip, ++ .delip_kernel = &delip_kernel, ++ .testip = &testip, ++ .testip_kernel = &testip_kernel, ++ .header_size = sizeof(struct ip_set_req_iptree_create), ++ .list_header = &list_header, ++ .list_members_size = &list_members_size, ++ .list_members = &list_members, ++ .me = THIS_MODULE, ++}; ++ ++MODULE_LICENSE("GPL"); ++MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); ++MODULE_DESCRIPTION("iptree type of IP sets"); ++module_param(limit, int, 0600); ++MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets"); ++ ++static int __init ip_set_iptree_init(void) ++{ ++ int ret; ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) ++ branch_cachep = kmem_cache_create("ip_set_iptreeb", ++ sizeof(struct ip_set_iptreeb), ++ 0, 0, NULL); ++#else ++ branch_cachep = kmem_cache_create("ip_set_iptreeb", ++ sizeof(struct ip_set_iptreeb), ++ 0, 0, NULL, NULL); ++#endif ++ if (!branch_cachep) { ++ printk(KERN_ERR "Unable to create ip_set_iptreeb slab cache\n"); ++ ret = -ENOMEM; ++ goto out; ++ } ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) ++ leaf_cachep = kmem_cache_create("ip_set_iptreed", ++ sizeof(struct ip_set_iptreed), ++ 0, 0, NULL); ++#else ++ leaf_cachep = kmem_cache_create("ip_set_iptreed", ++ sizeof(struct ip_set_iptreed), ++ 0, 0, NULL, NULL); ++#endif ++ if (!leaf_cachep) { ++ printk(KERN_ERR "Unable to create ip_set_iptreed slab cache\n"); ++ ret = -ENOMEM; ++ goto free_branch; ++ } ++ ret = ip_set_register_set_type(&ip_set_iptree); ++ if (ret == 0) ++ goto out; ++ ++ kmem_cache_destroy(leaf_cachep); ++ free_branch: ++ kmem_cache_destroy(branch_cachep); ++ out: ++ return ret; ++} ++ ++static void __exit ip_set_iptree_fini(void) ++{ ++ /* FIXME: possible race with ip_set_create() */ ++ ip_set_unregister_set_type(&ip_set_iptree); ++ kmem_cache_destroy(leaf_cachep); ++ kmem_cache_destroy(branch_cachep); ++} ++ ++module_init(ip_set_iptree_init); ++module_exit(ip_set_iptree_fini); +--- /dev/null ++++ b/net/ipv4/netfilter/ip_set_iptreemap.c +@@ -0,0 +1,829 @@ ++/* Copyright (C) 2007 Sven Wegener <sven.wegener@stealer.net> ++ * ++ * This program is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 as published by ++ * the Free Software Foundation. ++ */ ++ ++/* This modules implements the iptreemap ipset type. It uses bitmaps to ++ * represent every single IPv4 address as a single bit. The bitmaps are managed ++ * in a tree structure, where the first three octets of an addresses are used ++ * as an index to find the bitmap and the last octet is used as the bit number. ++ */ ++ ++#include <linux/version.h> ++#include <linux/module.h> ++#include <linux/ip.h> ++#include <linux/skbuff.h> ++#include <linux/slab.h> ++#include <linux/delay.h> ++#include <linux/netfilter_ipv4/ip_tables.h> ++#include <linux/netfilter_ipv4/ip_set.h> ++#include <linux/errno.h> ++#include <asm/uaccess.h> ++#include <asm/bitops.h> ++#include <linux/spinlock.h> ++ ++#include <linux/netfilter_ipv4/ip_set_iptreemap.h> ++ ++#define IPTREEMAP_DEFAULT_GC_TIME (5 * 60) ++#define IPTREEMAP_DESTROY_SLEEP (100) ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) ++static struct kmem_cache *cachep_b; ++static struct kmem_cache *cachep_c; ++static struct kmem_cache *cachep_d; ++#else ++static kmem_cache_t *cachep_b; ++static kmem_cache_t *cachep_c; ++static kmem_cache_t *cachep_d; ++#endif ++ ++static struct ip_set_iptreemap_d *fullbitmap_d; ++static struct ip_set_iptreemap_c *fullbitmap_c; ++static struct ip_set_iptreemap_b *fullbitmap_b; ++ ++#if defined(__LITTLE_ENDIAN) ++#define ABCD(a, b, c, d, addr) \ ++ do { \ ++ a = ((unsigned char *)addr)[3]; \ ++ b = ((unsigned char *)addr)[2]; \ ++ c = ((unsigned char *)addr)[1]; \ ++ d = ((unsigned char *)addr)[0]; \ ++ } while (0) ++#elif defined(__BIG_ENDIAN) ++#define ABCD(a,b,c,d,addrp) do { \ ++ a = ((unsigned char *)addrp)[0]; \ ++ b = ((unsigned char *)addrp)[1]; \ ++ c = ((unsigned char *)addrp)[2]; \ ++ d = ((unsigned char *)addrp)[3]; \ ++} while (0) ++#else ++#error "Please fix asm/byteorder.h" ++#endif /* __LITTLE_ENDIAN */ ++ ++#define TESTIP_WALK(map, elem, branch, full) \ ++ do { \ ++ branch = (map)->tree[elem]; \ ++ if (!branch) \ ++ return 0; \ ++ else if (branch == full) \ ++ return 1; \ ++ } while (0) ++ ++#define ADDIP_WALK(map, elem, branch, type, cachep, full) \ ++ do { \ ++ branch = (map)->tree[elem]; \ ++ if (!branch) { \ ++ branch = (type *) kmem_cache_alloc(cachep, GFP_ATOMIC); \ ++ if (!branch) \ ++ return -ENOMEM; \ ++ memset(branch, 0, sizeof(*branch)); \ ++ (map)->tree[elem] = branch; \ ++ } else if (branch == full) { \ ++ return -EEXIST; \ ++ } \ ++ } while (0) ++ ++#define ADDIP_RANGE_LOOP(map, a, a1, a2, hint, branch, full, cachep, free) \ ++ for (a = a1; a <= a2; a++) { \ ++ branch = (map)->tree[a]; \ ++ if (branch != full) { \ ++ if ((a > a1 && a < a2) || (hint)) { \ ++ if (branch) \ ++ free(branch); \ ++ (map)->tree[a] = full; \ ++ continue; \ ++ } else if (!branch) { \ ++ branch = kmem_cache_alloc(cachep, GFP_ATOMIC); \ ++ if (!branch) \ ++ return -ENOMEM; \ ++ memset(branch, 0, sizeof(*branch)); \ ++ (map)->tree[a] = branch; \ ++ } ++ ++#define ADDIP_RANGE_LOOP_END() \ ++ } \ ++ } ++ ++#define DELIP_WALK(map, elem, branch, cachep, full, flags) \ ++ do { \ ++ branch = (map)->tree[elem]; \ ++ if (!branch) { \ ++ return -EEXIST; \ ++ } else if (branch == full) { \ ++ branch = kmem_cache_alloc(cachep, flags); \ ++ if (!branch) \ ++ return -ENOMEM; \ ++ memcpy(branch, full, sizeof(*full)); \ ++ (map)->tree[elem] = branch; \ ++ } \ ++ } while (0) ++ ++#define DELIP_RANGE_LOOP(map, a, a1, a2, hint, branch, full, cachep, free, flags) \ ++ for (a = a1; a <= a2; a++) { \ ++ branch = (map)->tree[a]; \ ++ if (branch) { \ ++ if ((a > a1 && a < a2) || (hint)) { \ ++ if (branch != full) \ ++ free(branch); \ ++ (map)->tree[a] = NULL; \ ++ continue; \ ++ } else if (branch == full) { \ ++ branch = kmem_cache_alloc(cachep, flags); \ ++ if (!branch) \ ++ return -ENOMEM; \ ++ memcpy(branch, full, sizeof(*branch)); \ ++ (map)->tree[a] = branch; \ ++ } ++ ++#define DELIP_RANGE_LOOP_END() \ ++ } \ ++ } ++ ++#define LOOP_WALK_BEGIN(map, i, branch) \ ++ for (i = 0; i < 256; i++) { \ ++ branch = (map)->tree[i]; \ ++ if (likely(!branch)) \ ++ continue; ++ ++#define LOOP_WALK_END() \ ++ } ++ ++#define LOOP_WALK_BEGIN_GC(map, i, branch, full, cachep, count) \ ++ count = -256; \ ++ for (i = 0; i < 256; i++) { \ ++ branch = (map)->tree[i]; \ ++ if (likely(!branch)) \ ++ continue; \ ++ count++; \ ++ if (branch == full) { \ ++ count++; \ ++ continue; \ ++ } ++ ++#define LOOP_WALK_END_GC(map, i, branch, full, cachep, count) \ ++ if (-256 == count) { \ ++ kmem_cache_free(cachep, branch); \ ++ (map)->tree[i] = NULL; \ ++ } else if (256 == count) { \ ++ kmem_cache_free(cachep, branch); \ ++ (map)->tree[i] = full; \ ++ } \ ++ } ++ ++#define LOOP_WALK_BEGIN_COUNT(map, i, branch, inrange, count) \ ++ for (i = 0; i < 256; i++) { \ ++ if (!(map)->tree[i]) { \ ++ if (inrange) { \ ++ count++; \ ++ inrange = 0; \ ++ } \ ++ continue; \ ++ } \ ++ branch = (map)->tree[i]; ++ ++#define LOOP_WALK_END_COUNT() \ ++ } ++ ++#define MIN(a, b) (a < b ? a : b) ++#define MAX(a, b) (a > b ? a : b) ++ ++#define GETVALUE1(a, a1, b1, r) \ ++ (a == a1 ? b1 : r) ++ ++#define GETVALUE2(a, b, a1, b1, c1, r) \ ++ (a == a1 && b == b1 ? c1 : r) ++ ++#define GETVALUE3(a, b, c, a1, b1, c1, d1, r) \ ++ (a == a1 && b == b1 && c == c1 ? d1 : r) ++ ++#define CHECK1(a, a1, a2, b1, b2, c1, c2, d1, d2) \ ++ ( \ ++ GETVALUE1(a, a1, b1, 0) == 0 \ ++ && GETVALUE1(a, a2, b2, 255) == 255 \ ++ && c1 == 0 \ ++ && c2 == 255 \ ++ && d1 == 0 \ ++ && d2 == 255 \ ++ ) ++ ++#define CHECK2(a, b, a1, a2, b1, b2, c1, c2, d1, d2) \ ++ ( \ ++ GETVALUE2(a, b, a1, b1, c1, 0) == 0 \ ++ && GETVALUE2(a, b, a2, b2, c2, 255) == 255 \ ++ && d1 == 0 \ ++ && d2 == 255 \ ++ ) ++ ++#define CHECK3(a, b, c, a1, a2, b1, b2, c1, c2, d1, d2) \ ++ ( \ ++ GETVALUE3(a, b, c, a1, b1, c1, d1, 0) == 0 \ ++ && GETVALUE3(a, b, c, a2, b2, c2, d2, 255) == 255 \ ++ ) ++ ++ ++static inline void ++free_d(struct ip_set_iptreemap_d *map) ++{ ++ kmem_cache_free(cachep_d, map); ++} ++ ++static inline void ++free_c(struct ip_set_iptreemap_c *map) ++{ ++ struct ip_set_iptreemap_d *dtree; ++ unsigned int i; ++ ++ LOOP_WALK_BEGIN(map, i, dtree) { ++ if (dtree != fullbitmap_d) ++ free_d(dtree); ++ } LOOP_WALK_END(); ++ ++ kmem_cache_free(cachep_c, map); ++} ++ ++static inline void ++free_b(struct ip_set_iptreemap_b *map) ++{ ++ struct ip_set_iptreemap_c *ctree; ++ unsigned int i; ++ ++ LOOP_WALK_BEGIN(map, i, ctree) { ++ if (ctree != fullbitmap_c) ++ free_c(ctree); ++ } LOOP_WALK_END(); ++ ++ kmem_cache_free(cachep_b, map); ++} ++ ++static inline int ++__testip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_iptreemap *map = (struct ip_set_iptreemap *) set->data; ++ struct ip_set_iptreemap_b *btree; ++ struct ip_set_iptreemap_c *ctree; ++ struct ip_set_iptreemap_d *dtree; ++ unsigned char a, b, c, d; ++ ++ *hash_ip = ip; ++ ++ ABCD(a, b, c, d, hash_ip); ++ ++ TESTIP_WALK(map, a, btree, fullbitmap_b); ++ TESTIP_WALK(btree, b, ctree, fullbitmap_c); ++ TESTIP_WALK(ctree, c, dtree, fullbitmap_d); ++ ++ return !!test_bit(d, (void *) dtree->bitmap); ++} ++ ++static int ++testip(struct ip_set *set, const void *data, size_t size, ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_req_iptreemap *req = (struct ip_set_req_iptreemap *) data; ++ ++ if (size != sizeof(struct ip_set_req_iptreemap)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", sizeof(struct ip_set_req_iptreemap), size); ++ return -EINVAL; ++ } ++ ++ return __testip(set, req->start, hash_ip); ++} ++ ++static int ++testip_kernel(struct ip_set *set, const struct sk_buff *skb, ip_set_ip_t *hash_ip, const u_int32_t *flags, unsigned char index) ++{ ++ int res; ++ ++ res = __testip(set, ++ ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr), ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr), ++#endif ++ hash_ip); ++ ++ return (res < 0 ? 0 : res); ++} ++ ++static inline int ++__addip_single(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_iptreemap *map = (struct ip_set_iptreemap *) set->data; ++ struct ip_set_iptreemap_b *btree; ++ struct ip_set_iptreemap_c *ctree; ++ struct ip_set_iptreemap_d *dtree; ++ unsigned char a, b, c, d; ++ ++ *hash_ip = ip; ++ ++ ABCD(a, b, c, d, hash_ip); ++ ++ ADDIP_WALK(map, a, btree, struct ip_set_iptreemap_b, cachep_b, fullbitmap_b); ++ ADDIP_WALK(btree, b, ctree, struct ip_set_iptreemap_c, cachep_c, fullbitmap_c); ++ ADDIP_WALK(ctree, c, dtree, struct ip_set_iptreemap_d, cachep_d, fullbitmap_d); ++ ++ if (test_and_set_bit(d, (void *) dtree->bitmap)) ++ return -EEXIST; ++ ++ set_bit(b, (void *) btree->dirty); ++ ++ return 0; ++} ++ ++static inline int ++__addip_range(struct ip_set *set, ip_set_ip_t start, ip_set_ip_t end, ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_iptreemap *map = (struct ip_set_iptreemap *) set->data; ++ struct ip_set_iptreemap_b *btree; ++ struct ip_set_iptreemap_c *ctree; ++ struct ip_set_iptreemap_d *dtree; ++ unsigned int a, b, c, d; ++ unsigned char a1, b1, c1, d1; ++ unsigned char a2, b2, c2, d2; ++ ++ if (start == end) ++ return __addip_single(set, start, hash_ip); ++ ++ *hash_ip = start; ++ ++ ABCD(a1, b1, c1, d1, &start); ++ ABCD(a2, b2, c2, d2, &end); ++ ++ /* This is sooo ugly... */ ++ ADDIP_RANGE_LOOP(map, a, a1, a2, CHECK1(a, a1, a2, b1, b2, c1, c2, d1, d2), btree, fullbitmap_b, cachep_b, free_b) { ++ ADDIP_RANGE_LOOP(btree, b, GETVALUE1(a, a1, b1, 0), GETVALUE1(a, a2, b2, 255), CHECK2(a, b, a1, a2, b1, b2, c1, c2, d1, d2), ctree, fullbitmap_c, cachep_c, free_c) { ++ ADDIP_RANGE_LOOP(ctree, c, GETVALUE2(a, b, a1, b1, c1, 0), GETVALUE2(a, b, a2, b2, c2, 255), CHECK3(a, b, c, a1, a2, b1, b2, c1, c2, d1, d2), dtree, fullbitmap_d, cachep_d, free_d) { ++ for (d = GETVALUE3(a, b, c, a1, b1, c1, d1, 0); d <= GETVALUE3(a, b, c, a2, b2, c2, d2, 255); d++) ++ set_bit(d, (void *) dtree->bitmap); ++ set_bit(b, (void *) btree->dirty); ++ } ADDIP_RANGE_LOOP_END(); ++ } ADDIP_RANGE_LOOP_END(); ++ } ADDIP_RANGE_LOOP_END(); ++ ++ return 0; ++} ++ ++static int ++addip(struct ip_set *set, const void *data, size_t size, ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_req_iptreemap *req = (struct ip_set_req_iptreemap *) data; ++ ++ if (size != sizeof(struct ip_set_req_iptreemap)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", sizeof(struct ip_set_req_iptreemap), size); ++ return -EINVAL; ++ } ++ ++ return __addip_range(set, MIN(req->start, req->end), MAX(req->start, req->end), hash_ip); ++} ++ ++static int ++addip_kernel(struct ip_set *set, const struct sk_buff *skb, ip_set_ip_t *hash_ip, const u_int32_t *flags, unsigned char index) ++{ ++ ++ return __addip_single(set, ++ ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr), ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr), ++#endif ++ hash_ip); ++} ++ ++static inline int ++__delip_single(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip, unsigned int __nocast flags) ++{ ++ struct ip_set_iptreemap *map = (struct ip_set_iptreemap *) set->data; ++ struct ip_set_iptreemap_b *btree; ++ struct ip_set_iptreemap_c *ctree; ++ struct ip_set_iptreemap_d *dtree; ++ unsigned char a,b,c,d; ++ ++ *hash_ip = ip; ++ ++ ABCD(a, b, c, d, hash_ip); ++ ++ DELIP_WALK(map, a, btree, cachep_b, fullbitmap_b, flags); ++ DELIP_WALK(btree, b, ctree, cachep_c, fullbitmap_c, flags); ++ DELIP_WALK(ctree, c, dtree, cachep_d, fullbitmap_d, flags); ++ ++ if (!test_and_clear_bit(d, (void *) dtree->bitmap)) ++ return -EEXIST; ++ ++ set_bit(b, (void *) btree->dirty); ++ ++ return 0; ++} ++ ++static inline int ++__delip_range(struct ip_set *set, ip_set_ip_t start, ip_set_ip_t end, ip_set_ip_t *hash_ip, unsigned int __nocast flags) ++{ ++ struct ip_set_iptreemap *map = (struct ip_set_iptreemap *) set->data; ++ struct ip_set_iptreemap_b *btree; ++ struct ip_set_iptreemap_c *ctree; ++ struct ip_set_iptreemap_d *dtree; ++ unsigned int a, b, c, d; ++ unsigned char a1, b1, c1, d1; ++ unsigned char a2, b2, c2, d2; ++ ++ if (start == end) ++ return __delip_single(set, start, hash_ip, flags); ++ ++ *hash_ip = start; ++ ++ ABCD(a1, b1, c1, d1, &start); ++ ABCD(a2, b2, c2, d2, &end); ++ ++ /* This is sooo ugly... */ ++ DELIP_RANGE_LOOP(map, a, a1, a2, CHECK1(a, a1, a2, b1, b2, c1, c2, d1, d2), btree, fullbitmap_b, cachep_b, free_b, flags) { ++ DELIP_RANGE_LOOP(btree, b, GETVALUE1(a, a1, b1, 0), GETVALUE1(a, a2, b2, 255), CHECK2(a, b, a1, a2, b1, b2, c1, c2, d1, d2), ctree, fullbitmap_c, cachep_c, free_c, flags) { ++ DELIP_RANGE_LOOP(ctree, c, GETVALUE2(a, b, a1, b1, c1, 0), GETVALUE2(a, b, a2, b2, c2, 255), CHECK3(a, b, c, a1, a2, b1, b2, c1, c2, d1, d2), dtree, fullbitmap_d, cachep_d, free_d, flags) { ++ for (d = GETVALUE3(a, b, c, a1, b1, c1, d1, 0); d <= GETVALUE3(a, b, c, a2, b2, c2, d2, 255); d++) ++ clear_bit(d, (void *) dtree->bitmap); ++ set_bit(b, (void *) btree->dirty); ++ } DELIP_RANGE_LOOP_END(); ++ } DELIP_RANGE_LOOP_END(); ++ } DELIP_RANGE_LOOP_END(); ++ ++ return 0; ++} ++ ++static int ++delip(struct ip_set *set, const void *data, size_t size, ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_req_iptreemap *req = (struct ip_set_req_iptreemap *) data; ++ ++ if (size != sizeof(struct ip_set_req_iptreemap)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", sizeof(struct ip_set_req_iptreemap), size); ++ return -EINVAL; ++ } ++ ++ return __delip_range(set, MIN(req->start, req->end), MAX(req->start, req->end), hash_ip, GFP_KERNEL); ++} ++ ++static int ++delip_kernel(struct ip_set *set, const struct sk_buff *skb, ip_set_ip_t *hash_ip, const u_int32_t *flags, unsigned char index) ++{ ++ return __delip_single(set, ++ ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr), ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr), ++#endif ++ hash_ip, ++ GFP_ATOMIC); ++} ++ ++/* Check the status of the bitmap ++ * -1 == all bits cleared ++ * 1 == all bits set ++ * 0 == anything else ++ */ ++static inline int ++bitmap_status(struct ip_set_iptreemap_d *dtree) ++{ ++ unsigned char first = dtree->bitmap[0]; ++ int a; ++ ++ for (a = 1; a < 32; a++) ++ if (dtree->bitmap[a] != first) ++ return 0; ++ ++ return (first == 0 ? -1 : (first == 255 ? 1 : 0)); ++} ++ ++static void ++gc(unsigned long addr) ++{ ++ struct ip_set *set = (struct ip_set *) addr; ++ struct ip_set_iptreemap *map = (struct ip_set_iptreemap *) set->data; ++ struct ip_set_iptreemap_b *btree; ++ struct ip_set_iptreemap_c *ctree; ++ struct ip_set_iptreemap_d *dtree; ++ unsigned int a, b, c; ++ int i, j, k; ++ ++ write_lock_bh(&set->lock); ++ ++ LOOP_WALK_BEGIN_GC(map, a, btree, fullbitmap_b, cachep_b, i) { ++ LOOP_WALK_BEGIN_GC(btree, b, ctree, fullbitmap_c, cachep_c, j) { ++ if (!test_and_clear_bit(b, (void *) btree->dirty)) ++ continue; ++ LOOP_WALK_BEGIN_GC(ctree, c, dtree, fullbitmap_d, cachep_d, k) { ++ switch (bitmap_status(dtree)) { ++ case -1: ++ kmem_cache_free(cachep_d, dtree); ++ ctree->tree[c] = NULL; ++ k--; ++ break; ++ case 1: ++ kmem_cache_free(cachep_d, dtree); ++ ctree->tree[c] = fullbitmap_d; ++ k++; ++ break; ++ } ++ } LOOP_WALK_END(); ++ } LOOP_WALK_END_GC(btree, b, ctree, fullbitmap_c, cachep_c, k); ++ } LOOP_WALK_END_GC(map, a, btree, fullbitmap_b, cachep_b, j); ++ ++ write_unlock_bh(&set->lock); ++ ++ map->gc.expires = jiffies + map->gc_interval * HZ; ++ add_timer(&map->gc); ++} ++ ++static inline void ++init_gc_timer(struct ip_set *set) ++{ ++ struct ip_set_iptreemap *map = (struct ip_set_iptreemap *) set->data; ++ ++ init_timer(&map->gc); ++ map->gc.data = (unsigned long) set; ++ map->gc.function = gc; ++ map->gc.expires = jiffies + map->gc_interval * HZ; ++ add_timer(&map->gc); ++} ++ ++static int create(struct ip_set *set, const void *data, size_t size) ++{ ++ struct ip_set_req_iptreemap_create *req = (struct ip_set_req_iptreemap_create *) data; ++ struct ip_set_iptreemap *map; ++ ++ if (size != sizeof(struct ip_set_req_iptreemap_create)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", sizeof(struct ip_set_req_iptreemap_create), size); ++ return -EINVAL; ++ } ++ ++ map = kzalloc(sizeof(*map), GFP_KERNEL); ++ if (!map) ++ return -ENOMEM; ++ ++ map->gc_interval = req->gc_interval ? req->gc_interval : IPTREEMAP_DEFAULT_GC_TIME; ++ set->data = map; ++ ++ init_gc_timer(set); ++ ++ return 0; ++} ++ ++static inline void __flush(struct ip_set_iptreemap *map) ++{ ++ struct ip_set_iptreemap_b *btree; ++ unsigned int a; ++ ++ LOOP_WALK_BEGIN(map, a, btree); ++ if (btree != fullbitmap_b) ++ free_b(btree); ++ LOOP_WALK_END(); ++} ++ ++static void destroy(struct ip_set *set) ++{ ++ struct ip_set_iptreemap *map = (struct ip_set_iptreemap *) set->data; ++ ++ while (!del_timer(&map->gc)) ++ msleep(IPTREEMAP_DESTROY_SLEEP); ++ ++ __flush(map); ++ kfree(map); ++ ++ set->data = NULL; ++} ++ ++static void flush(struct ip_set *set) ++{ ++ struct ip_set_iptreemap *map = (struct ip_set_iptreemap *) set->data; ++ ++ while (!del_timer(&map->gc)) ++ msleep(IPTREEMAP_DESTROY_SLEEP); ++ ++ __flush(map); ++ ++ memset(map, 0, sizeof(*map)); ++ ++ init_gc_timer(set); ++} ++ ++static void list_header(const struct ip_set *set, void *data) ++{ ++ struct ip_set_iptreemap *map = (struct ip_set_iptreemap *) set->data; ++ struct ip_set_req_iptreemap_create *header = (struct ip_set_req_iptreemap_create *) data; ++ ++ header->gc_interval = map->gc_interval; ++} ++ ++static int list_members_size(const struct ip_set *set) ++{ ++ struct ip_set_iptreemap *map = (struct ip_set_iptreemap *) set->data; ++ struct ip_set_iptreemap_b *btree; ++ struct ip_set_iptreemap_c *ctree; ++ struct ip_set_iptreemap_d *dtree; ++ unsigned int a, b, c, d, inrange = 0, count = 0; ++ ++ LOOP_WALK_BEGIN_COUNT(map, a, btree, inrange, count) { ++ LOOP_WALK_BEGIN_COUNT(btree, b, ctree, inrange, count) { ++ LOOP_WALK_BEGIN_COUNT(ctree, c, dtree, inrange, count) { ++ for (d = 0; d < 256; d++) { ++ if (test_bit(d, (void *) dtree->bitmap)) { ++ inrange = 1; ++ } else if (inrange) { ++ count++; ++ inrange = 0; ++ } ++ } ++ } LOOP_WALK_END_COUNT(); ++ } LOOP_WALK_END_COUNT(); ++ } LOOP_WALK_END_COUNT(); ++ ++ if (inrange) ++ count++; ++ ++ return (count * sizeof(struct ip_set_req_iptreemap)); ++} ++ ++static inline size_t add_member(void *data, size_t offset, ip_set_ip_t start, ip_set_ip_t end) ++{ ++ struct ip_set_req_iptreemap *entry = (struct ip_set_req_iptreemap *) (data + offset); ++ ++ entry->start = start; ++ entry->end = end; ++ ++ return sizeof(*entry); ++} ++ ++static void list_members(const struct ip_set *set, void *data) ++{ ++ struct ip_set_iptreemap *map = (struct ip_set_iptreemap *) set->data; ++ struct ip_set_iptreemap_b *btree; ++ struct ip_set_iptreemap_c *ctree; ++ struct ip_set_iptreemap_d *dtree; ++ unsigned int a, b, c, d, inrange = 0; ++ size_t offset = 0; ++ ip_set_ip_t start = 0, end = 0, ip; ++ ++ LOOP_WALK_BEGIN(map, a, btree) { ++ LOOP_WALK_BEGIN(btree, b, ctree) { ++ LOOP_WALK_BEGIN(ctree, c, dtree) { ++ for (d = 0; d < 256; d++) { ++ if (test_bit(d, (void *) dtree->bitmap)) { ++ ip = ((a << 24) | (b << 16) | (c << 8) | d); ++ if (!inrange) { ++ inrange = 1; ++ start = ip; ++ } else if (end < ip - 1) { ++ offset += add_member(data, offset, start, end); ++ start = ip; ++ } ++ end = ip; ++ } else if (inrange) { ++ offset += add_member(data, offset, start, end); ++ inrange = 0; ++ } ++ } ++ } LOOP_WALK_END(); ++ } LOOP_WALK_END(); ++ } LOOP_WALK_END(); ++ ++ if (inrange) ++ add_member(data, offset, start, end); ++} ++ ++static struct ip_set_type ip_set_iptreemap = { ++ .typename = SETTYPE_NAME, ++ .features = IPSET_TYPE_IP | IPSET_DATA_SINGLE, ++ .protocol_version = IP_SET_PROTOCOL_VERSION, ++ .create = create, ++ .destroy = destroy, ++ .flush = flush, ++ .reqsize = sizeof(struct ip_set_req_iptreemap), ++ .addip = addip, ++ .addip_kernel = addip_kernel, ++ .delip = delip, ++ .delip_kernel = delip_kernel, ++ .testip = testip, ++ .testip_kernel = testip_kernel, ++ .header_size = sizeof(struct ip_set_req_iptreemap_create), ++ .list_header = list_header, ++ .list_members_size = list_members_size, ++ .list_members = list_members, ++ .me = THIS_MODULE, ++}; ++ ++MODULE_LICENSE("GPL"); ++MODULE_AUTHOR("Sven Wegener <sven.wegener@stealer.net>"); ++MODULE_DESCRIPTION("iptreemap type of IP sets"); ++ ++static int __init ip_set_iptreemap_init(void) ++{ ++ int ret = -ENOMEM; ++ int a; ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) ++ cachep_b = kmem_cache_create("ip_set_iptreemap_b", ++ sizeof(struct ip_set_iptreemap_b), ++ 0, 0, NULL); ++#else ++ cachep_b = kmem_cache_create("ip_set_iptreemap_b", ++ sizeof(struct ip_set_iptreemap_b), ++ 0, 0, NULL, NULL); ++#endif ++ if (!cachep_b) { ++ ip_set_printk("Unable to create ip_set_iptreemap_b slab cache"); ++ goto out; ++ } ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) ++ cachep_c = kmem_cache_create("ip_set_iptreemap_c", ++ sizeof(struct ip_set_iptreemap_c), ++ 0, 0, NULL); ++#else ++ cachep_c = kmem_cache_create("ip_set_iptreemap_c", ++ sizeof(struct ip_set_iptreemap_c), ++ 0, 0, NULL, NULL); ++#endif ++ if (!cachep_c) { ++ ip_set_printk("Unable to create ip_set_iptreemap_c slab cache"); ++ goto outb; ++ } ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) ++ cachep_d = kmem_cache_create("ip_set_iptreemap_d", ++ sizeof(struct ip_set_iptreemap_d), ++ 0, 0, NULL); ++#else ++ cachep_d = kmem_cache_create("ip_set_iptreemap_d", ++ sizeof(struct ip_set_iptreemap_d), ++ 0, 0, NULL, NULL); ++#endif ++ if (!cachep_d) { ++ ip_set_printk("Unable to create ip_set_iptreemap_d slab cache"); ++ goto outc; ++ } ++ ++ fullbitmap_d = kmem_cache_alloc(cachep_d, GFP_KERNEL); ++ if (!fullbitmap_d) ++ goto outd; ++ ++ fullbitmap_c = kmem_cache_alloc(cachep_c, GFP_KERNEL); ++ if (!fullbitmap_c) ++ goto outbitmapd; ++ ++ fullbitmap_b = kmem_cache_alloc(cachep_b, GFP_KERNEL); ++ if (!fullbitmap_b) ++ goto outbitmapc; ++ ++ ret = ip_set_register_set_type(&ip_set_iptreemap); ++ if (0 > ret) ++ goto outbitmapb; ++ ++ /* Now init our global bitmaps */ ++ memset(fullbitmap_d->bitmap, 0xff, sizeof(fullbitmap_d->bitmap)); ++ ++ for (a = 0; a < 256; a++) ++ fullbitmap_c->tree[a] = fullbitmap_d; ++ ++ for (a = 0; a < 256; a++) ++ fullbitmap_b->tree[a] = fullbitmap_c; ++ memset(fullbitmap_b->dirty, 0, sizeof(fullbitmap_b->dirty)); ++ ++ return 0; ++ ++outbitmapb: ++ kmem_cache_free(cachep_b, fullbitmap_b); ++outbitmapc: ++ kmem_cache_free(cachep_c, fullbitmap_c); ++outbitmapd: ++ kmem_cache_free(cachep_d, fullbitmap_d); ++outd: ++ kmem_cache_destroy(cachep_d); ++outc: ++ kmem_cache_destroy(cachep_c); ++outb: ++ kmem_cache_destroy(cachep_b); ++out: ++ ++ return ret; ++} ++ ++static void __exit ip_set_iptreemap_fini(void) ++{ ++ ip_set_unregister_set_type(&ip_set_iptreemap); ++ kmem_cache_free(cachep_d, fullbitmap_d); ++ kmem_cache_free(cachep_c, fullbitmap_c); ++ kmem_cache_free(cachep_b, fullbitmap_b); ++ kmem_cache_destroy(cachep_d); ++ kmem_cache_destroy(cachep_c); ++ kmem_cache_destroy(cachep_b); ++} ++ ++module_init(ip_set_iptreemap_init); ++module_exit(ip_set_iptreemap_fini); +--- /dev/null ++++ b/net/ipv4/netfilter/ip_set_macipmap.c +@@ -0,0 +1,375 @@ ++/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> ++ * Patrick Schaaf <bof@bof.de> ++ * Martin Josefsson <gandalf@wlug.westbo.se> ++ * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++ ++/* Kernel module implementing an IP set type: the macipmap type */ ++ ++#include <linux/module.h> ++#include <linux/ip.h> ++#include <linux/skbuff.h> ++#include <linux/version.h> ++#include <linux/netfilter_ipv4/ip_tables.h> ++#include <linux/netfilter_ipv4/ip_set.h> ++#include <linux/errno.h> ++#include <asm/uaccess.h> ++#include <asm/bitops.h> ++#include <linux/spinlock.h> ++#include <linux/if_ether.h> ++#include <linux/vmalloc.h> ++ ++#include <linux/netfilter_ipv4/ip_set_malloc.h> ++#include <linux/netfilter_ipv4/ip_set_macipmap.h> ++ ++static int ++testip(struct ip_set *set, const void *data, size_t size, ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_macipmap *map = (struct ip_set_macipmap *) set->data; ++ struct ip_set_macip *table = (struct ip_set_macip *) map->members; ++ struct ip_set_req_macipmap *req = (struct ip_set_req_macipmap *) data; ++ ++ if (size != sizeof(struct ip_set_req_macipmap)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_macipmap), ++ size); ++ return -EINVAL; ++ } ++ ++ if (req->ip < map->first_ip || req->ip > map->last_ip) ++ return -ERANGE; ++ ++ *hash_ip = req->ip; ++ DP("set: %s, ip:%u.%u.%u.%u, %u.%u.%u.%u", ++ set->name, HIPQUAD(req->ip), HIPQUAD(*hash_ip)); ++ if (test_bit(IPSET_MACIP_ISSET, ++ (void *) &table[req->ip - map->first_ip].flags)) { ++ return (memcmp(req->ethernet, ++ &table[req->ip - map->first_ip].ethernet, ++ ETH_ALEN) == 0); ++ } else { ++ return (map->flags & IPSET_MACIP_MATCHUNSET ? 1 : 0); ++ } ++} ++ ++static int ++testip_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_ip, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ struct ip_set_macipmap *map = ++ (struct ip_set_macipmap *) set->data; ++ struct ip_set_macip *table = ++ (struct ip_set_macip *) map->members; ++ ip_set_ip_t ip; ++ ++ ip = ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr); ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr); ++#endif ++ ++ if (ip < map->first_ip || ip > map->last_ip) ++ return 0; ++ ++ *hash_ip = ip; ++ DP("set: %s, ip:%u.%u.%u.%u, %u.%u.%u.%u", ++ set->name, HIPQUAD(ip), HIPQUAD(*hash_ip)); ++ if (test_bit(IPSET_MACIP_ISSET, ++ (void *) &table[ip - map->first_ip].flags)) { ++ /* Is mac pointer valid? ++ * If so, compare... */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ return (skb_mac_header(skb) >= skb->head ++ && (skb_mac_header(skb) + ETH_HLEN) <= skb->data ++#else ++ return (skb->mac.raw >= skb->head ++ && (skb->mac.raw + ETH_HLEN) <= skb->data ++#endif ++ && (memcmp(eth_hdr(skb)->h_source, ++ &table[ip - map->first_ip].ethernet, ++ ETH_ALEN) == 0)); ++ } else { ++ return (map->flags & IPSET_MACIP_MATCHUNSET ? 1 : 0); ++ } ++} ++ ++/* returns 0 on success */ ++static inline int ++__addip(struct ip_set *set, ++ ip_set_ip_t ip, unsigned char *ethernet, ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_macipmap *map = ++ (struct ip_set_macipmap *) set->data; ++ struct ip_set_macip *table = ++ (struct ip_set_macip *) map->members; ++ ++ if (ip < map->first_ip || ip > map->last_ip) ++ return -ERANGE; ++ if (test_and_set_bit(IPSET_MACIP_ISSET, ++ (void *) &table[ip - map->first_ip].flags)) ++ return -EEXIST; ++ ++ *hash_ip = ip; ++ DP("%u.%u.%u.%u, %u.%u.%u.%u", HIPQUAD(ip), HIPQUAD(*hash_ip)); ++ memcpy(&table[ip - map->first_ip].ethernet, ethernet, ETH_ALEN); ++ return 0; ++} ++ ++static int ++addip(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_req_macipmap *req = ++ (struct ip_set_req_macipmap *) data; ++ ++ if (size != sizeof(struct ip_set_req_macipmap)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_macipmap), ++ size); ++ return -EINVAL; ++ } ++ return __addip(set, req->ip, req->ethernet, hash_ip); ++} ++ ++static int ++addip_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_ip, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ ip_set_ip_t ip; ++ ++ ip = ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr); ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr); ++#endif ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ if (!(skb_mac_header(skb) >= skb->head ++ && (skb_mac_header(skb) + ETH_HLEN) <= skb->data)) ++#else ++ if (!(skb->mac.raw >= skb->head ++ && (skb->mac.raw + ETH_HLEN) <= skb->data)) ++#endif ++ return -EINVAL; ++ ++ return __addip(set, ip, eth_hdr(skb)->h_source, hash_ip); ++} ++ ++static inline int ++__delip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_macipmap *map = ++ (struct ip_set_macipmap *) set->data; ++ struct ip_set_macip *table = ++ (struct ip_set_macip *) map->members; ++ ++ if (ip < map->first_ip || ip > map->last_ip) ++ return -ERANGE; ++ if (!test_and_clear_bit(IPSET_MACIP_ISSET, ++ (void *)&table[ip - map->first_ip].flags)) ++ return -EEXIST; ++ ++ *hash_ip = ip; ++ DP("%u.%u.%u.%u, %u.%u.%u.%u", HIPQUAD(ip), HIPQUAD(*hash_ip)); ++ return 0; ++} ++ ++static int ++delip(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_req_macipmap *req = ++ (struct ip_set_req_macipmap *) data; ++ ++ if (size != sizeof(struct ip_set_req_macipmap)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_macipmap), ++ size); ++ return -EINVAL; ++ } ++ return __delip(set, req->ip, hash_ip); ++} ++ ++static int ++delip_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_ip, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ return __delip(set, ++ ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr), ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr), ++#endif ++ hash_ip); ++} ++ ++static inline size_t members_size(ip_set_id_t from, ip_set_id_t to) ++{ ++ return (size_t)((to - from + 1) * sizeof(struct ip_set_macip)); ++} ++ ++static int create(struct ip_set *set, const void *data, size_t size) ++{ ++ int newbytes; ++ struct ip_set_req_macipmap_create *req = ++ (struct ip_set_req_macipmap_create *) data; ++ struct ip_set_macipmap *map; ++ ++ if (size != sizeof(struct ip_set_req_macipmap_create)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_macipmap_create), ++ size); ++ return -EINVAL; ++ } ++ ++ DP("from %u.%u.%u.%u to %u.%u.%u.%u", ++ HIPQUAD(req->from), HIPQUAD(req->to)); ++ ++ if (req->from > req->to) { ++ DP("bad ip range"); ++ return -ENOEXEC; ++ } ++ ++ if (req->to - req->from > MAX_RANGE) { ++ ip_set_printk("range too big (max %d addresses)", ++ MAX_RANGE+1); ++ return -ENOEXEC; ++ } ++ ++ map = kmalloc(sizeof(struct ip_set_macipmap), GFP_KERNEL); ++ if (!map) { ++ DP("out of memory for %d bytes", ++ sizeof(struct ip_set_macipmap)); ++ return -ENOMEM; ++ } ++ map->flags = req->flags; ++ map->first_ip = req->from; ++ map->last_ip = req->to; ++ newbytes = members_size(map->first_ip, map->last_ip); ++ map->members = ip_set_malloc(newbytes); ++ DP("members: %u %p", newbytes, map->members); ++ if (!map->members) { ++ DP("out of memory for %d bytes", newbytes); ++ kfree(map); ++ return -ENOMEM; ++ } ++ memset(map->members, 0, newbytes); ++ ++ set->data = map; ++ return 0; ++} ++ ++static void destroy(struct ip_set *set) ++{ ++ struct ip_set_macipmap *map = ++ (struct ip_set_macipmap *) set->data; ++ ++ ip_set_free(map->members, members_size(map->first_ip, map->last_ip)); ++ kfree(map); ++ ++ set->data = NULL; ++} ++ ++static void flush(struct ip_set *set) ++{ ++ struct ip_set_macipmap *map = ++ (struct ip_set_macipmap *) set->data; ++ memset(map->members, 0, members_size(map->first_ip, map->last_ip)); ++} ++ ++static void list_header(const struct ip_set *set, void *data) ++{ ++ struct ip_set_macipmap *map = ++ (struct ip_set_macipmap *) set->data; ++ struct ip_set_req_macipmap_create *header = ++ (struct ip_set_req_macipmap_create *) data; ++ ++ DP("list_header %x %x %u", map->first_ip, map->last_ip, ++ map->flags); ++ ++ header->from = map->first_ip; ++ header->to = map->last_ip; ++ header->flags = map->flags; ++} ++ ++static int list_members_size(const struct ip_set *set) ++{ ++ struct ip_set_macipmap *map = ++ (struct ip_set_macipmap *) set->data; ++ ++ DP("%u", members_size(map->first_ip, map->last_ip)); ++ return members_size(map->first_ip, map->last_ip); ++} ++ ++static void list_members(const struct ip_set *set, void *data) ++{ ++ struct ip_set_macipmap *map = ++ (struct ip_set_macipmap *) set->data; ++ ++ int bytes = members_size(map->first_ip, map->last_ip); ++ ++ DP("members: %u %p", bytes, map->members); ++ memcpy(data, map->members, bytes); ++} ++ ++static struct ip_set_type ip_set_macipmap = { ++ .typename = SETTYPE_NAME, ++ .features = IPSET_TYPE_IP | IPSET_DATA_SINGLE, ++ .protocol_version = IP_SET_PROTOCOL_VERSION, ++ .create = &create, ++ .destroy = &destroy, ++ .flush = &flush, ++ .reqsize = sizeof(struct ip_set_req_macipmap), ++ .addip = &addip, ++ .addip_kernel = &addip_kernel, ++ .delip = &delip, ++ .delip_kernel = &delip_kernel, ++ .testip = &testip, ++ .testip_kernel = &testip_kernel, ++ .header_size = sizeof(struct ip_set_req_macipmap_create), ++ .list_header = &list_header, ++ .list_members_size = &list_members_size, ++ .list_members = &list_members, ++ .me = THIS_MODULE, ++}; ++ ++MODULE_LICENSE("GPL"); ++MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); ++MODULE_DESCRIPTION("macipmap type of IP sets"); ++ ++static int __init ip_set_macipmap_init(void) ++{ ++ init_max_malloc_size(); ++ return ip_set_register_set_type(&ip_set_macipmap); ++} ++ ++static void __exit ip_set_macipmap_fini(void) ++{ ++ /* FIXME: possible race with ip_set_create() */ ++ ip_set_unregister_set_type(&ip_set_macipmap); ++} ++ ++module_init(ip_set_macipmap_init); ++module_exit(ip_set_macipmap_fini); +--- /dev/null ++++ b/net/ipv4/netfilter/ip_set_nethash.c +@@ -0,0 +1,497 @@ ++/* Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++ ++/* Kernel module implementing a cidr nethash set */ ++ ++#include <linux/module.h> ++#include <linux/ip.h> ++#include <linux/skbuff.h> ++#include <linux/version.h> ++#include <linux/jhash.h> ++#include <linux/netfilter_ipv4/ip_tables.h> ++#include <linux/netfilter_ipv4/ip_set.h> ++#include <linux/errno.h> ++#include <asm/uaccess.h> ++#include <asm/bitops.h> ++#include <linux/spinlock.h> ++#include <linux/vmalloc.h> ++#include <linux/random.h> ++ ++#include <net/ip.h> ++ ++#include <linux/netfilter_ipv4/ip_set_malloc.h> ++#include <linux/netfilter_ipv4/ip_set_nethash.h> ++ ++static int limit = MAX_RANGE; ++ ++static inline __u32 ++jhash_ip(const struct ip_set_nethash *map, uint16_t i, ip_set_ip_t ip) ++{ ++ return jhash_1word(ip, *(((uint32_t *) map->initval) + i)); ++} ++ ++static inline __u32 ++hash_id_cidr(struct ip_set_nethash *map, ++ ip_set_ip_t ip, ++ unsigned char cidr, ++ ip_set_ip_t *hash_ip) ++{ ++ __u32 id; ++ u_int16_t i; ++ ip_set_ip_t *elem; ++ ++ *hash_ip = pack(ip, cidr); ++ ++ for (i = 0; i < map->probes; i++) { ++ id = jhash_ip(map, i, *hash_ip) % map->hashsize; ++ DP("hash key: %u", id); ++ elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id); ++ if (*elem == *hash_ip) ++ return id; ++ } ++ return UINT_MAX; ++} ++ ++static inline __u32 ++hash_id(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_nethash *map = (struct ip_set_nethash *) set->data; ++ __u32 id = UINT_MAX; ++ int i; ++ ++ for (i = 0; i < 30 && map->cidr[i]; i++) { ++ id = hash_id_cidr(map, ip, map->cidr[i], hash_ip); ++ if (id != UINT_MAX) ++ break; ++ } ++ return id; ++} ++ ++static inline int ++__testip_cidr(struct ip_set *set, ip_set_ip_t ip, unsigned char cidr, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_nethash *map = (struct ip_set_nethash *) set->data; ++ ++ return (ip && hash_id_cidr(map, ip, cidr, hash_ip) != UINT_MAX); ++} ++ ++static inline int ++__testip(struct ip_set *set, ip_set_ip_t ip, ip_set_ip_t *hash_ip) ++{ ++ return (ip && hash_id(set, ip, hash_ip) != UINT_MAX); ++} ++ ++static int ++testip(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_req_nethash *req = ++ (struct ip_set_req_nethash *) data; ++ ++ if (size != sizeof(struct ip_set_req_nethash)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_nethash), ++ size); ++ return -EINVAL; ++ } ++ return (req->cidr == 32 ? __testip(set, req->ip, hash_ip) ++ : __testip_cidr(set, req->ip, req->cidr, hash_ip)); ++} ++ ++static int ++testip_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_ip, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ return __testip(set, ++ ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr), ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr), ++#endif ++ hash_ip); ++} ++ ++static inline int ++__addip_base(struct ip_set_nethash *map, ip_set_ip_t ip) ++{ ++ __u32 probe; ++ u_int16_t i; ++ ip_set_ip_t *elem; ++ ++ for (i = 0; i < map->probes; i++) { ++ probe = jhash_ip(map, i, ip) % map->hashsize; ++ elem = HARRAY_ELEM(map->members, ip_set_ip_t *, probe); ++ if (*elem == ip) ++ return -EEXIST; ++ if (!*elem) { ++ *elem = ip; ++ map->elements++; ++ return 0; ++ } ++ } ++ /* Trigger rehashing */ ++ return -EAGAIN; ++} ++ ++static inline int ++__addip(struct ip_set_nethash *map, ip_set_ip_t ip, unsigned char cidr, ++ ip_set_ip_t *hash_ip) ++{ ++ if (!ip || map->elements >= limit) ++ return -ERANGE; ++ ++ *hash_ip = pack(ip, cidr); ++ DP("%u.%u.%u.%u/%u, %u.%u.%u.%u", HIPQUAD(ip), cidr, HIPQUAD(*hash_ip)); ++ ++ return __addip_base(map, *hash_ip); ++} ++ ++static void ++update_cidr_sizes(struct ip_set_nethash *map, unsigned char cidr) ++{ ++ unsigned char next; ++ int i; ++ ++ for (i = 0; i < 30 && map->cidr[i]; i++) { ++ if (map->cidr[i] == cidr) { ++ return; ++ } else if (map->cidr[i] < cidr) { ++ next = map->cidr[i]; ++ map->cidr[i] = cidr; ++ cidr = next; ++ } ++ } ++ if (i < 30) ++ map->cidr[i] = cidr; ++} ++ ++static int ++addip(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_req_nethash *req = ++ (struct ip_set_req_nethash *) data; ++ int ret; ++ ++ if (size != sizeof(struct ip_set_req_nethash)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_nethash), ++ size); ++ return -EINVAL; ++ } ++ ret = __addip((struct ip_set_nethash *) set->data, ++ req->ip, req->cidr, hash_ip); ++ ++ if (ret == 0) ++ update_cidr_sizes((struct ip_set_nethash *) set->data, ++ req->cidr); ++ ++ return ret; ++} ++ ++static int ++addip_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_ip, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ struct ip_set_nethash *map = (struct ip_set_nethash *) set->data; ++ int ret = -ERANGE; ++ ip_set_ip_t ip = ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr); ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr); ++#endif ++ ++ if (map->cidr[0]) ++ ret = __addip(map, ip, map->cidr[0], hash_ip); ++ ++ return ret; ++} ++ ++static int retry(struct ip_set *set) ++{ ++ struct ip_set_nethash *map = (struct ip_set_nethash *) set->data; ++ ip_set_ip_t *elem; ++ void *members; ++ u_int32_t i, hashsize = map->hashsize; ++ int res; ++ struct ip_set_nethash *tmp; ++ ++ if (map->resize == 0) ++ return -ERANGE; ++ ++ again: ++ res = 0; ++ ++ /* Calculate new parameters */ ++ hashsize += (hashsize * map->resize)/100; ++ if (hashsize == map->hashsize) ++ hashsize++; ++ ++ ip_set_printk("rehashing of set %s triggered: " ++ "hashsize grows from %u to %u", ++ set->name, map->hashsize, hashsize); ++ ++ tmp = kmalloc(sizeof(struct ip_set_nethash) ++ + map->probes * sizeof(uint32_t), GFP_ATOMIC); ++ if (!tmp) { ++ DP("out of memory for %d bytes", ++ sizeof(struct ip_set_nethash) ++ + map->probes * sizeof(uint32_t)); ++ return -ENOMEM; ++ } ++ tmp->members = harray_malloc(hashsize, sizeof(ip_set_ip_t), GFP_ATOMIC); ++ if (!tmp->members) { ++ DP("out of memory for %d bytes", hashsize * sizeof(ip_set_ip_t)); ++ kfree(tmp); ++ return -ENOMEM; ++ } ++ tmp->hashsize = hashsize; ++ tmp->elements = 0; ++ tmp->probes = map->probes; ++ tmp->resize = map->resize; ++ memcpy(tmp->initval, map->initval, map->probes * sizeof(uint32_t)); ++ memcpy(tmp->cidr, map->cidr, 30 * sizeof(unsigned char)); ++ ++ write_lock_bh(&set->lock); ++ map = (struct ip_set_nethash *) set->data; /* Play safe */ ++ for (i = 0; i < map->hashsize && res == 0; i++) { ++ elem = HARRAY_ELEM(map->members, ip_set_ip_t *, i); ++ if (*elem) ++ res = __addip_base(tmp, *elem); ++ } ++ if (res) { ++ /* Failure, try again */ ++ write_unlock_bh(&set->lock); ++ harray_free(tmp->members); ++ kfree(tmp); ++ goto again; ++ } ++ ++ /* Success at resizing! */ ++ members = map->members; ++ ++ map->hashsize = tmp->hashsize; ++ map->members = tmp->members; ++ write_unlock_bh(&set->lock); ++ ++ harray_free(members); ++ kfree(tmp); ++ ++ return 0; ++} ++ ++static inline int ++__delip(struct ip_set_nethash *map, ip_set_ip_t ip, unsigned char cidr, ++ ip_set_ip_t *hash_ip) ++{ ++ ip_set_ip_t id, *elem; ++ ++ if (!ip) ++ return -ERANGE; ++ ++ id = hash_id_cidr(map, ip, cidr, hash_ip); ++ if (id == UINT_MAX) ++ return -EEXIST; ++ ++ elem = HARRAY_ELEM(map->members, ip_set_ip_t *, id); ++ *elem = 0; ++ map->elements--; ++ return 0; ++} ++ ++static int ++delip(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_ip) ++{ ++ struct ip_set_req_nethash *req = ++ (struct ip_set_req_nethash *) data; ++ ++ if (size != sizeof(struct ip_set_req_nethash)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_nethash), ++ size); ++ return -EINVAL; ++ } ++ /* TODO: no garbage collection in map->cidr */ ++ return __delip((struct ip_set_nethash *) set->data, ++ req->ip, req->cidr, hash_ip); ++} ++ ++static int ++delip_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_ip, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ struct ip_set_nethash *map = (struct ip_set_nethash *) set->data; ++ int ret = -ERANGE; ++ ip_set_ip_t ip = ntohl(flags[index] & IPSET_SRC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ ? ip_hdr(skb)->saddr ++ : ip_hdr(skb)->daddr); ++#else ++ ? skb->nh.iph->saddr ++ : skb->nh.iph->daddr); ++#endif ++ ++ if (map->cidr[0]) ++ ret = __delip(map, ip, map->cidr[0], hash_ip); ++ ++ return ret; ++} ++ ++static int create(struct ip_set *set, const void *data, size_t size) ++{ ++ struct ip_set_req_nethash_create *req = ++ (struct ip_set_req_nethash_create *) data; ++ struct ip_set_nethash *map; ++ uint16_t i; ++ ++ if (size != sizeof(struct ip_set_req_nethash_create)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_nethash_create), ++ size); ++ return -EINVAL; ++ } ++ ++ if (req->hashsize < 1) { ++ ip_set_printk("hashsize too small"); ++ return -ENOEXEC; ++ } ++ if (req->probes < 1) { ++ ip_set_printk("probes too small"); ++ return -ENOEXEC; ++ } ++ ++ map = kmalloc(sizeof(struct ip_set_nethash) ++ + req->probes * sizeof(uint32_t), GFP_KERNEL); ++ if (!map) { ++ DP("out of memory for %d bytes", ++ sizeof(struct ip_set_nethash) ++ + req->probes * sizeof(uint32_t)); ++ return -ENOMEM; ++ } ++ for (i = 0; i < req->probes; i++) ++ get_random_bytes(((uint32_t *) map->initval)+i, 4); ++ map->elements = 0; ++ map->hashsize = req->hashsize; ++ map->probes = req->probes; ++ map->resize = req->resize; ++ memset(map->cidr, 0, 30 * sizeof(unsigned char)); ++ map->members = harray_malloc(map->hashsize, sizeof(ip_set_ip_t), GFP_KERNEL); ++ if (!map->members) { ++ DP("out of memory for %d bytes", map->hashsize * sizeof(ip_set_ip_t)); ++ kfree(map); ++ return -ENOMEM; ++ } ++ ++ set->data = map; ++ return 0; ++} ++ ++static void destroy(struct ip_set *set) ++{ ++ struct ip_set_nethash *map = (struct ip_set_nethash *) set->data; ++ ++ harray_free(map->members); ++ kfree(map); ++ ++ set->data = NULL; ++} ++ ++static void flush(struct ip_set *set) ++{ ++ struct ip_set_nethash *map = (struct ip_set_nethash *) set->data; ++ harray_flush(map->members, map->hashsize, sizeof(ip_set_ip_t)); ++ memset(map->cidr, 0, 30 * sizeof(unsigned char)); ++ map->elements = 0; ++} ++ ++static void list_header(const struct ip_set *set, void *data) ++{ ++ struct ip_set_nethash *map = (struct ip_set_nethash *) set->data; ++ struct ip_set_req_nethash_create *header = ++ (struct ip_set_req_nethash_create *) data; ++ ++ header->hashsize = map->hashsize; ++ header->probes = map->probes; ++ header->resize = map->resize; ++} ++ ++static int list_members_size(const struct ip_set *set) ++{ ++ struct ip_set_nethash *map = (struct ip_set_nethash *) set->data; ++ ++ return (map->hashsize * sizeof(ip_set_ip_t)); ++} ++ ++static void list_members(const struct ip_set *set, void *data) ++{ ++ struct ip_set_nethash *map = (struct ip_set_nethash *) set->data; ++ ip_set_ip_t i, *elem; ++ ++ for (i = 0; i < map->hashsize; i++) { ++ elem = HARRAY_ELEM(map->members, ip_set_ip_t *, i); ++ ((ip_set_ip_t *)data)[i] = *elem; ++ } ++} ++ ++static struct ip_set_type ip_set_nethash = { ++ .typename = SETTYPE_NAME, ++ .features = IPSET_TYPE_IP | IPSET_DATA_SINGLE, ++ .protocol_version = IP_SET_PROTOCOL_VERSION, ++ .create = &create, ++ .destroy = &destroy, ++ .flush = &flush, ++ .reqsize = sizeof(struct ip_set_req_nethash), ++ .addip = &addip, ++ .addip_kernel = &addip_kernel, ++ .retry = &retry, ++ .delip = &delip, ++ .delip_kernel = &delip_kernel, ++ .testip = &testip, ++ .testip_kernel = &testip_kernel, ++ .header_size = sizeof(struct ip_set_req_nethash_create), ++ .list_header = &list_header, ++ .list_members_size = &list_members_size, ++ .list_members = &list_members, ++ .me = THIS_MODULE, ++}; ++ ++MODULE_LICENSE("GPL"); ++MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); ++MODULE_DESCRIPTION("nethash type of IP sets"); ++module_param(limit, int, 0600); ++MODULE_PARM_DESC(limit, "maximal number of elements stored in the sets"); ++ ++static int __init ip_set_nethash_init(void) ++{ ++ return ip_set_register_set_type(&ip_set_nethash); ++} ++ ++static void __exit ip_set_nethash_fini(void) ++{ ++ /* FIXME: possible race with ip_set_create() */ ++ ip_set_unregister_set_type(&ip_set_nethash); ++} ++ ++module_init(ip_set_nethash_init); ++module_exit(ip_set_nethash_fini); +--- /dev/null ++++ b/net/ipv4/netfilter/ip_set_portmap.c +@@ -0,0 +1,346 @@ ++/* Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++ ++/* Kernel module implementing a port set type as a bitmap */ ++ ++#include <linux/module.h> ++#include <linux/ip.h> ++#include <linux/tcp.h> ++#include <linux/udp.h> ++#include <linux/skbuff.h> ++#include <linux/version.h> ++#include <linux/netfilter_ipv4/ip_tables.h> ++#include <linux/netfilter_ipv4/ip_set.h> ++#include <linux/errno.h> ++#include <asm/uaccess.h> ++#include <asm/bitops.h> ++#include <linux/spinlock.h> ++ ++#include <net/ip.h> ++ ++#include <linux/netfilter_ipv4/ip_set_portmap.h> ++ ++/* We must handle non-linear skbs */ ++static inline ip_set_ip_t ++get_port(const struct sk_buff *skb, u_int32_t flags) ++{ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ struct iphdr *iph = ip_hdr(skb); ++#else ++ struct iphdr *iph = skb->nh.iph; ++#endif ++ u_int16_t offset = ntohs(iph->frag_off) & IP_OFFSET; ++ switch (iph->protocol) { ++ case IPPROTO_TCP: { ++ struct tcphdr tcph; ++ ++ /* See comments at tcp_match in ip_tables.c */ ++ if (offset) ++ return INVALID_PORT; ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &tcph, sizeof(tcph)) < 0) ++#else ++ if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &tcph, sizeof(tcph)) < 0) ++#endif ++ /* No choice either */ ++ return INVALID_PORT; ++ ++ return ntohs(flags & IPSET_SRC ? ++ tcph.source : tcph.dest); ++ } ++ case IPPROTO_UDP: { ++ struct udphdr udph; ++ ++ if (offset) ++ return INVALID_PORT; ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ++ if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &udph, sizeof(udph)) < 0) ++#else ++ if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &udph, sizeof(udph)) < 0) ++#endif ++ /* No choice either */ ++ return INVALID_PORT; ++ ++ return ntohs(flags & IPSET_SRC ? ++ udph.source : udph.dest); ++ } ++ default: ++ return INVALID_PORT; ++ } ++} ++ ++static inline int ++__testport(struct ip_set *set, ip_set_ip_t port, ip_set_ip_t *hash_port) ++{ ++ struct ip_set_portmap *map = (struct ip_set_portmap *) set->data; ++ ++ if (port < map->first_port || port > map->last_port) ++ return -ERANGE; ++ ++ *hash_port = port; ++ DP("set: %s, port:%u, %u", set->name, port, *hash_port); ++ return !!test_bit(port - map->first_port, map->members); ++} ++ ++static int ++testport(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_port) ++{ ++ struct ip_set_req_portmap *req = ++ (struct ip_set_req_portmap *) data; ++ ++ if (size != sizeof(struct ip_set_req_portmap)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_portmap), ++ size); ++ return -EINVAL; ++ } ++ return __testport(set, req->port, hash_port); ++} ++ ++static int ++testport_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_port, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ int res; ++ ip_set_ip_t port = get_port(skb, flags[index]); ++ ++ DP("flag %s port %u", flags[index] & IPSET_SRC ? "SRC" : "DST", port); ++ if (port == INVALID_PORT) ++ return 0; ++ ++ res = __testport(set, port, hash_port); ++ ++ return (res < 0 ? 0 : res); ++} ++ ++static inline int ++__addport(struct ip_set *set, ip_set_ip_t port, ip_set_ip_t *hash_port) ++{ ++ struct ip_set_portmap *map = (struct ip_set_portmap *) set->data; ++ ++ if (port < map->first_port || port > map->last_port) ++ return -ERANGE; ++ if (test_and_set_bit(port - map->first_port, map->members)) ++ return -EEXIST; ++ ++ *hash_port = port; ++ DP("port %u", port); ++ return 0; ++} ++ ++static int ++addport(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_port) ++{ ++ struct ip_set_req_portmap *req = ++ (struct ip_set_req_portmap *) data; ++ ++ if (size != sizeof(struct ip_set_req_portmap)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_portmap), ++ size); ++ return -EINVAL; ++ } ++ return __addport(set, req->port, hash_port); ++} ++ ++static int ++addport_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_port, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ ip_set_ip_t port = get_port(skb, flags[index]); ++ ++ if (port == INVALID_PORT) ++ return -EINVAL; ++ ++ return __addport(set, port, hash_port); ++} ++ ++static inline int ++__delport(struct ip_set *set, ip_set_ip_t port, ip_set_ip_t *hash_port) ++{ ++ struct ip_set_portmap *map = (struct ip_set_portmap *) set->data; ++ ++ if (port < map->first_port || port > map->last_port) ++ return -ERANGE; ++ if (!test_and_clear_bit(port - map->first_port, map->members)) ++ return -EEXIST; ++ ++ *hash_port = port; ++ DP("port %u", port); ++ return 0; ++} ++ ++static int ++delport(struct ip_set *set, const void *data, size_t size, ++ ip_set_ip_t *hash_port) ++{ ++ struct ip_set_req_portmap *req = ++ (struct ip_set_req_portmap *) data; ++ ++ if (size != sizeof(struct ip_set_req_portmap)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_portmap), ++ size); ++ return -EINVAL; ++ } ++ return __delport(set, req->port, hash_port); ++} ++ ++static int ++delport_kernel(struct ip_set *set, ++ const struct sk_buff *skb, ++ ip_set_ip_t *hash_port, ++ const u_int32_t *flags, ++ unsigned char index) ++{ ++ ip_set_ip_t port = get_port(skb, flags[index]); ++ ++ if (port == INVALID_PORT) ++ return -EINVAL; ++ ++ return __delport(set, port, hash_port); ++} ++ ++static int create(struct ip_set *set, const void *data, size_t size) ++{ ++ int newbytes; ++ struct ip_set_req_portmap_create *req = ++ (struct ip_set_req_portmap_create *) data; ++ struct ip_set_portmap *map; ++ ++ if (size != sizeof(struct ip_set_req_portmap_create)) { ++ ip_set_printk("data length wrong (want %zu, have %zu)", ++ sizeof(struct ip_set_req_portmap_create), ++ size); ++ return -EINVAL; ++ } ++ ++ DP("from %u to %u", req->from, req->to); ++ ++ if (req->from > req->to) { ++ DP("bad port range"); ++ return -ENOEXEC; ++ } ++ ++ if (req->to - req->from > MAX_RANGE) { ++ ip_set_printk("range too big (max %d ports)", ++ MAX_RANGE+1); ++ return -ENOEXEC; ++ } ++ ++ map = kmalloc(sizeof(struct ip_set_portmap), GFP_KERNEL); ++ if (!map) { ++ DP("out of memory for %d bytes", ++ sizeof(struct ip_set_portmap)); ++ return -ENOMEM; ++ } ++ map->first_port = req->from; ++ map->last_port = req->to; ++ newbytes = bitmap_bytes(req->from, req->to); ++ map->members = kmalloc(newbytes, GFP_KERNEL); ++ if (!map->members) { ++ DP("out of memory for %d bytes", newbytes); ++ kfree(map); ++ return -ENOMEM; ++ } ++ memset(map->members, 0, newbytes); ++ ++ set->data = map; ++ return 0; ++} ++ ++static void destroy(struct ip_set *set) ++{ ++ struct ip_set_portmap *map = (struct ip_set_portmap *) set->data; ++ ++ kfree(map->members); ++ kfree(map); ++ ++ set->data = NULL; ++} ++ ++static void flush(struct ip_set *set) ++{ ++ struct ip_set_portmap *map = (struct ip_set_portmap *) set->data; ++ memset(map->members, 0, bitmap_bytes(map->first_port, map->last_port)); ++} ++ ++static void list_header(const struct ip_set *set, void *data) ++{ ++ struct ip_set_portmap *map = (struct ip_set_portmap *) set->data; ++ struct ip_set_req_portmap_create *header = ++ (struct ip_set_req_portmap_create *) data; ++ ++ DP("list_header %u %u", map->first_port, map->last_port); ++ ++ header->from = map->first_port; ++ header->to = map->last_port; ++} ++ ++static int list_members_size(const struct ip_set *set) ++{ ++ struct ip_set_portmap *map = (struct ip_set_portmap *) set->data; ++ ++ return bitmap_bytes(map->first_port, map->last_port); ++} ++ ++static void list_members(const struct ip_set *set, void *data) ++{ ++ struct ip_set_portmap *map = (struct ip_set_portmap *) set->data; ++ int bytes = bitmap_bytes(map->first_port, map->last_port); ++ ++ memcpy(data, map->members, bytes); ++} ++ ++static struct ip_set_type ip_set_portmap = { ++ .typename = SETTYPE_NAME, ++ .features = IPSET_TYPE_PORT | IPSET_DATA_SINGLE, ++ .protocol_version = IP_SET_PROTOCOL_VERSION, ++ .create = &create, ++ .destroy = &destroy, ++ .flush = &flush, ++ .reqsize = sizeof(struct ip_set_req_portmap), ++ .addip = &addport, ++ .addip_kernel = &addport_kernel, ++ .delip = &delport, ++ .delip_kernel = &delport_kernel, ++ .testip = &testport, ++ .testip_kernel = &testport_kernel, ++ .header_size = sizeof(struct ip_set_req_portmap_create), ++ .list_header = &list_header, ++ .list_members_size = &list_members_size, ++ .list_members = &list_members, ++ .me = THIS_MODULE, ++}; ++ ++MODULE_LICENSE("GPL"); ++MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); ++MODULE_DESCRIPTION("portmap type of IP sets"); ++ ++static int __init ip_set_portmap_init(void) ++{ ++ return ip_set_register_set_type(&ip_set_portmap); ++} ++ ++static void __exit ip_set_portmap_fini(void) ++{ ++ /* FIXME: possible race with ip_set_create() */ ++ ip_set_unregister_set_type(&ip_set_portmap); ++} ++ ++module_init(ip_set_portmap_init); ++module_exit(ip_set_portmap_fini); +--- /dev/null ++++ b/net/ipv4/netfilter/ipt_set.c +@@ -0,0 +1,160 @@ ++/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> ++ * Patrick Schaaf <bof@bof.de> ++ * Martin Josefsson <gandalf@wlug.westbo.se> ++ * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++ ++/* Kernel module to match an IP set. */ ++ ++#include <linux/module.h> ++#include <linux/ip.h> ++#include <linux/skbuff.h> ++#include <linux/version.h> ++ ++#include <linux/netfilter_ipv4/ip_tables.h> ++#include <linux/netfilter_ipv4/ip_set.h> ++#include <linux/netfilter_ipv4/ipt_set.h> ++ ++static inline int ++match_set(const struct ipt_set_info *info, ++ const struct sk_buff *skb, ++ int inv) ++{ ++ if (ip_set_testip_kernel(info->index, skb, info->flags)) ++ inv = !inv; ++ return inv; ++} ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) ++static bool ++#else ++static int ++#endif ++match(const struct sk_buff *skb, ++ const struct net_device *in, ++ const struct net_device *out, ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) ++ const struct xt_match *match, ++#endif ++ const void *matchinfo, ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) ++ int offset, unsigned int protoff, bool *hotdrop) ++#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ int offset, unsigned int protoff, int *hotdrop) ++#else ++ int offset, int *hotdrop) ++#endif ++{ ++ const struct ipt_set_info_match *info = matchinfo; ++ ++ return match_set(&info->match_set, ++ skb, ++ info->match_set.flags[0] & IPSET_MATCH_INV); ++} ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) ++bool ++#else ++static int ++#endif ++checkentry(const char *tablename, ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ const void *inf, ++#else ++ const struct ipt_ip *ip, ++#endif ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) ++ const struct xt_match *match, ++#endif ++ void *matchinfo, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) ++ unsigned int matchsize, ++#endif ++ unsigned int hook_mask) ++{ ++ struct ipt_set_info_match *info = ++ (struct ipt_set_info_match *) matchinfo; ++ ip_set_id_t index; ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) ++ if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) { ++ ip_set_printk("invalid matchsize %d", matchsize); ++ return 0; ++ } ++#endif ++ ++ index = ip_set_get_byindex(info->match_set.index); ++ ++ if (index == IP_SET_INVALID_ID) { ++ ip_set_printk("Cannot find set indentified by id %u to match", ++ info->match_set.index); ++ return 0; /* error */ ++ } ++ if (info->match_set.flags[IP_SET_MAX_BINDINGS] != 0) { ++ ip_set_printk("That's nasty!"); ++ return 0; /* error */ ++ } ++ ++ return 1; ++} ++ ++static void destroy( ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) ++ const struct xt_match *match, ++#endif ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) ++ void *matchinfo, unsigned int matchsize) ++#else ++ void *matchinfo) ++#endif ++{ ++ struct ipt_set_info_match *info = matchinfo; ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) ++ if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) { ++ ip_set_printk("invalid matchsize %d", matchsize); ++ return; ++ } ++#endif ++ ip_set_put(info->match_set.index); ++} ++ ++static struct ipt_match set_match = { ++ .name = "set", ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) ++ .family = AF_INET, ++#endif ++ .match = &match, ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) ++ .matchsize = sizeof(struct ipt_set_info_match), ++#endif ++ .checkentry = &checkentry, ++ .destroy = &destroy, ++ .me = THIS_MODULE ++}; ++ ++MODULE_LICENSE("GPL"); ++MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); ++MODULE_DESCRIPTION("iptables IP set match module"); ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) ++#define ipt_register_match xt_register_match ++#define ipt_unregister_match xt_unregister_match ++#endif ++ ++static int __init ipt_ipset_init(void) ++{ ++ return ipt_register_match(&set_match); ++} ++ ++static void __exit ipt_ipset_fini(void) ++{ ++ ipt_unregister_match(&set_match); ++} ++ ++module_init(ipt_ipset_init); ++module_exit(ipt_ipset_fini); +--- /dev/null ++++ b/net/ipv4/netfilter/ipt_SET.c +@@ -0,0 +1,179 @@ ++/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> ++ * Patrick Schaaf <bof@bof.de> ++ * Martin Josefsson <gandalf@wlug.westbo.se> ++ * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++ ++/* ipt_SET.c - netfilter target to manipulate IP sets */ ++ ++#include <linux/types.h> ++#include <linux/ip.h> ++#include <linux/timer.h> ++#include <linux/module.h> ++#include <linux/netfilter.h> ++#include <linux/netdevice.h> ++#include <linux/if.h> ++#include <linux/inetdevice.h> ++#include <linux/version.h> ++#include <net/protocol.h> ++#include <net/checksum.h> ++#include <linux/netfilter_ipv4.h> ++#include <linux/netfilter_ipv4/ip_tables.h> ++#include <linux/netfilter_ipv4/ipt_set.h> ++ ++static unsigned int ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) ++target(struct sk_buff *skb, ++#else ++target(struct sk_buff **pskb, ++#endif ++ const struct net_device *in, ++ const struct net_device *out, ++ unsigned int hooknum, ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) ++ const struct xt_target *target, ++#endif ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) ++ const void *targinfo, ++ void *userinfo) ++#else ++ const void *targinfo) ++#endif ++{ ++ const struct ipt_set_info_target *info = targinfo; ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24) ++ struct sk_buff *skb = *pskb; ++#endif ++ ++ if (info->add_set.index != IP_SET_INVALID_ID) ++ ip_set_addip_kernel(info->add_set.index, ++ skb, ++ info->add_set.flags); ++ if (info->del_set.index != IP_SET_INVALID_ID) ++ ip_set_delip_kernel(info->del_set.index, ++ skb, ++ info->del_set.flags); ++ ++ return IPT_CONTINUE; ++} ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) ++static bool ++#else ++static int ++#endif ++checkentry(const char *tablename, ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ const void *e, ++#else ++ const struct ipt_entry *e, ++#endif ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) ++ const struct xt_target *target, ++#endif ++ void *targinfo, ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) ++ unsigned int targinfosize, ++#endif ++ unsigned int hook_mask) ++{ ++ struct ipt_set_info_target *info = ++ (struct ipt_set_info_target *) targinfo; ++ ip_set_id_t index; ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) ++ if (targinfosize != IPT_ALIGN(sizeof(*info))) { ++ DP("bad target info size %u", targinfosize); ++ return 0; ++ } ++#endif ++ ++ if (info->add_set.index != IP_SET_INVALID_ID) { ++ index = ip_set_get_byindex(info->add_set.index); ++ if (index == IP_SET_INVALID_ID) { ++ ip_set_printk("cannot find add_set index %u as target", ++ info->add_set.index); ++ return 0; /* error */ ++ } ++ } ++ ++ if (info->del_set.index != IP_SET_INVALID_ID) { ++ index = ip_set_get_byindex(info->del_set.index); ++ if (index == IP_SET_INVALID_ID) { ++ ip_set_printk("cannot find del_set index %u as target", ++ info->del_set.index); ++ return 0; /* error */ ++ } ++ } ++ if (info->add_set.flags[IP_SET_MAX_BINDINGS] != 0 ++ || info->del_set.flags[IP_SET_MAX_BINDINGS] != 0) { ++ ip_set_printk("That's nasty!"); ++ return 0; /* error */ ++ } ++ ++ return 1; ++} ++ ++static void destroy( ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) ++ const struct xt_target *target, ++#endif ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) ++ void *targetinfo, unsigned int targetsize) ++#else ++ void *targetinfo) ++#endif ++{ ++ struct ipt_set_info_target *info = targetinfo; ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) ++ if (targetsize != IPT_ALIGN(sizeof(struct ipt_set_info_target))) { ++ ip_set_printk("invalid targetsize %d", targetsize); ++ return; ++ } ++#endif ++ if (info->add_set.index != IP_SET_INVALID_ID) ++ ip_set_put(info->add_set.index); ++ if (info->del_set.index != IP_SET_INVALID_ID) ++ ip_set_put(info->del_set.index); ++} ++ ++static struct ipt_target SET_target = { ++ .name = "SET", ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) ++ .family = AF_INET, ++#endif ++ .target = target, ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) ++ .targetsize = sizeof(struct ipt_set_info_target), ++#endif ++ .checkentry = checkentry, ++ .destroy = destroy, ++ .me = THIS_MODULE ++}; ++ ++MODULE_LICENSE("GPL"); ++MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); ++MODULE_DESCRIPTION("iptables IP set target module"); ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) ++#define ipt_register_target xt_register_target ++#define ipt_unregister_target xt_unregister_target ++#endif ++ ++static int __init ipt_SET_init(void) ++{ ++ return ipt_register_target(&SET_target); ++} ++ ++static void __exit ipt_SET_fini(void) ++{ ++ ipt_unregister_target(&SET_target); ++} ++ ++module_init(ipt_SET_init); ++module_exit(ipt_SET_fini); +--- a/net/ipv4/netfilter/Kconfig ++++ b/net/ipv4/netfilter/Kconfig +@@ -412,5 +412,122 @@ + Allows altering the ARP packet payload: source and destination + hardware and network addresses. + ++config IP_NF_SET ++ tristate "IP set support" ++ depends on INET && NETFILTER ++ help ++ This option adds IP set support to the kernel. ++ In order to define and use sets, you need the userspace utility ++ ipset(8). ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ ++config IP_NF_SET_MAX ++ int "Maximum number of IP sets" ++ default 256 ++ range 2 65534 ++ depends on IP_NF_SET ++ help ++ You can define here default value of the maximum number ++ of IP sets for the kernel. ++ ++ The value can be overriden by the 'max_sets' module ++ parameter of the 'ip_set' module. ++ ++config IP_NF_SET_HASHSIZE ++ int "Hash size for bindings of IP sets" ++ default 1024 ++ depends on IP_NF_SET ++ help ++ You can define here default value of the hash size for ++ bindings of IP sets. ++ ++ The value can be overriden by the 'hash_size' module ++ parameter of the 'ip_set' module. ++ ++config IP_NF_SET_IPMAP ++ tristate "ipmap set support" ++ depends on IP_NF_SET ++ help ++ This option adds the ipmap set type support. ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ ++config IP_NF_SET_MACIPMAP ++ tristate "macipmap set support" ++ depends on IP_NF_SET ++ help ++ This option adds the macipmap set type support. ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ ++config IP_NF_SET_PORTMAP ++ tristate "portmap set support" ++ depends on IP_NF_SET ++ help ++ This option adds the portmap set type support. ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ ++config IP_NF_SET_IPHASH ++ tristate "iphash set support" ++ depends on IP_NF_SET ++ help ++ This option adds the iphash set type support. ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ ++config IP_NF_SET_NETHASH ++ tristate "nethash set support" ++ depends on IP_NF_SET ++ help ++ This option adds the nethash set type support. ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ ++config IP_NF_SET_IPPORTHASH ++ tristate "ipporthash set support" ++ depends on IP_NF_SET ++ help ++ This option adds the ipporthash set type support. ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ ++config IP_NF_SET_IPTREE ++ tristate "iptree set support" ++ depends on IP_NF_SET ++ help ++ This option adds the iptree set type support. ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ ++config IP_NF_SET_IPTREEMAP ++ tristate "iptreemap set support" ++ depends on IP_NF_SET ++ help ++ This option adds the iptreemap set type support. ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ ++config IP_NF_MATCH_SET ++ tristate "set match support" ++ depends on IP_NF_SET ++ help ++ Set matching matches against given IP sets. ++ You need the ipset utility to create and set up the sets. ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ ++config IP_NF_TARGET_SET ++ tristate "SET target support" ++ depends on IP_NF_SET ++ help ++ The SET target makes possible to add/delete entries ++ in IP sets. ++ You need the ipset utility to create and set up the sets. ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ ++ + endmenu + +--- a/net/ipv4/netfilter/Makefile ++++ b/net/ipv4/netfilter/Makefile +@@ -50,6 +50,7 @@ + obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o + obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o + obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o ++obj-$(CONFIG_IP_NF_MATCH_SET) += ipt_set.o + + obj-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p.o + +@@ -63,6 +64,18 @@ + obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o + obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o + obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o ++obj-$(CONFIG_IP_NF_TARGET_SET) += ipt_SET.o ++ ++# sets ++obj-$(CONFIG_IP_NF_SET) += ip_set.o ++obj-$(CONFIG_IP_NF_SET_IPMAP) += ip_set_ipmap.o ++obj-$(CONFIG_IP_NF_SET_PORTMAP) += ip_set_portmap.o ++obj-$(CONFIG_IP_NF_SET_MACIPMAP) += ip_set_macipmap.o ++obj-$(CONFIG_IP_NF_SET_IPHASH) += ip_set_iphash.o ++obj-$(CONFIG_IP_NF_SET_NETHASH) += ip_set_nethash.o ++obj-$(CONFIG_IP_NF_SET_IPPORTHASH) += ip_set_ipporthash.o ++obj-$(CONFIG_IP_NF_SET_IPTREE) += ip_set_iptree.o ++obj-$(CONFIG_IP_NF_SET_IPTREEMAP) += ip_set_iptreemap.o + + # generic ARP tables + obj-$(CONFIG_IP_NF_ARPTABLES) += arp_tables.o diff --git a/target/linux/generic-2.6/patches-2.6.27/140-netfilter_time.patch b/target/linux/generic-2.6/patches-2.6.27/140-netfilter_time.patch new file mode 100644 index 0000000000..aecc852ead --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/140-netfilter_time.patch @@ -0,0 +1,239 @@ +--- /dev/null ++++ b/include/linux/netfilter_ipv4/ipt_time.h +@@ -0,0 +1,18 @@ ++#ifndef __ipt_time_h_included__ ++#define __ipt_time_h_included__ ++ ++ ++struct ipt_time_info { ++ u_int8_t days_match; /* 1 bit per day. -SMTWTFS */ ++ u_int16_t time_start; /* 0 < time_start < 23*60+59 = 1439 */ ++ u_int16_t time_stop; /* 0:0 < time_stat < 23:59 */ ++ ++ /* FIXME: Keep this one for userspace iptables binary compability: */ ++ u_int8_t kerneltime; /* ignore skb time (and use kerneltime) or not. */ ++ ++ time_t date_start; ++ time_t date_stop; ++}; ++ ++ ++#endif /* __ipt_time_h_included__ */ +--- /dev/null ++++ b/net/ipv4/netfilter/ipt_time.c +@@ -0,0 +1,180 @@ ++/* ++ This is a module which is used for time matching ++ It is using some modified code from dietlibc (localtime() function) ++ that you can find at http://www.fefe.de/dietlibc/ ++ This file is distributed under the terms of the GNU General Public ++ License (GPL). Copies of the GPL can be obtained from: ftp://prep.ai.mit.edu/pub/gnu/GPL ++ 2001-05-04 Fabrice MARIE <fabrice@netfilter.org> : initial development. ++ 2001-21-05 Fabrice MARIE <fabrice@netfilter.org> : bug fix in the match code, ++ thanks to "Zeng Yu" <zengy@capitel.com.cn> for bug report. ++ 2001-26-09 Fabrice MARIE <fabrice@netfilter.org> : force the match to be in LOCAL_IN or PRE_ROUTING only. ++ 2001-30-11 Fabrice : added the possibility to use the match in FORWARD/OUTPUT with a little hack, ++ added Nguyen Dang Phuoc Dong <dongnd@tlnet.com.vn> patch to support timezones. ++ 2004-05-02 Fabrice : added support for date matching, from an idea of Fabien COELHO. ++*/ ++ ++#include <linux/module.h> ++#include <linux/skbuff.h> ++#include <linux/netfilter_ipv4/ip_tables.h> ++#include <linux/netfilter_ipv4/ipt_time.h> ++#include <linux/time.h> ++ ++MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>"); ++MODULE_DESCRIPTION("Match arrival timestamp/date"); ++MODULE_LICENSE("GPL"); ++ ++struct tm ++{ ++ int tm_sec; /* Seconds. [0-60] (1 leap second) */ ++ int tm_min; /* Minutes. [0-59] */ ++ int tm_hour; /* Hours. [0-23] */ ++ int tm_mday; /* Day. [1-31] */ ++ int tm_mon; /* Month. [0-11] */ ++ int tm_year; /* Year - 1900. */ ++ int tm_wday; /* Day of week. [0-6] */ ++ int tm_yday; /* Days in year.[0-365] */ ++ int tm_isdst; /* DST. [-1/0/1]*/ ++ ++ long int tm_gmtoff; /* we don't care, we count from GMT */ ++ const char *tm_zone; /* we don't care, we count from GMT */ ++}; ++ ++void ++localtime(const u32 time, struct tm *r); ++ ++static bool ++match(const struct sk_buff *skb, ++ const struct net_device *in, ++ const struct net_device *out, ++ const struct xt_match *match, ++ const void *matchinfo, ++ int offset, ++ unsigned int protoff, ++ bool *hotdrop) ++{ ++ const struct ipt_time_info *info = matchinfo; /* match info for rule */ ++ struct timeval tv; ++ struct tm currenttime; /* time human readable */ ++ u_int8_t days_of_week[7] = {64, 32, 16, 8, 4, 2, 1}; ++ u_int16_t packet_time; ++ ++ /* We might not have a timestamp, get one */ ++ if (skb->tstamp.tv64 == 0) ++ __net_timestamp((struct sk_buff *)skb); ++ ++ skb_get_timestamp(skb, &tv); ++ /* First we make sure we are in the date start-stop boundaries */ ++ if ((tv.tv_sec < info->date_start) || (tv.tv_sec > info->date_stop)) ++ return 0; /* We are outside the date boundaries */ ++ ++ /* Transform the timestamp of the packet, in a human readable form */ ++ localtime(tv.tv_sec, ¤ttime); ++ ++ /* check if we match this timestamp, we start by the days... */ ++ if ((days_of_week[currenttime.tm_wday] & info->days_match) != days_of_week[currenttime.tm_wday]) ++ return 0; /* the day doesn't match */ ++ ++ /* ... check the time now */ ++ packet_time = (currenttime.tm_hour * 60) + currenttime.tm_min; ++ if ((packet_time < info->time_start) || (packet_time > info->time_stop)) ++ return 0; ++ ++ /* here we match ! */ ++ return 1; ++} ++ ++static bool ++checkentry(const char *tablename, ++ const void *ip, ++ const struct xt_match *match, ++ void *matchinfo, ++ unsigned int hook_mask) ++{ ++ struct ipt_time_info *info = matchinfo; /* match info for rule */ ++ ++ /* First, check that we are in the correct hooks */ ++ if (hook_mask ++ & ~((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) | (1 << NF_INET_LOCAL_OUT))) ++ { ++ printk("ipt_time: error, only valid for PRE_ROUTING, LOCAL_IN, FORWARD and OUTPUT)\n"); ++ return 0; ++ } ++ ++ /* Now check the coherence of the data ... */ ++ if ((info->time_start > 1439) || /* 23*60+59 = 1439*/ ++ (info->time_stop > 1439)) ++ { ++ printk(KERN_WARNING "ipt_time: invalid argument\n"); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static struct ipt_match time_match = { ++ .name = "time", ++ .match = &match, ++ .matchsize = sizeof(struct ipt_time_info), ++ .checkentry = &checkentry, ++ .me = THIS_MODULE ++}; ++ ++static int __init init(void) ++{ ++ printk("ipt_time loading\n"); ++ return xt_register_match(&time_match); ++} ++ ++static void __exit fini(void) ++{ ++ xt_unregister_match(&time_match); ++ printk("ipt_time unloaded\n"); ++} ++ ++module_init(init); ++module_exit(fini); ++ ++ ++/* The part below is borowed and modified from dietlibc */ ++ ++/* seconds per day */ ++#define SPD 24*60*60 ++ ++void ++localtime(const u32 time, struct tm *r) { ++ u32 i, timep; ++ extern struct timezone sys_tz; ++ const unsigned int __spm[12] = ++ { 0, ++ (31), ++ (31+28), ++ (31+28+31), ++ (31+28+31+30), ++ (31+28+31+30+31), ++ (31+28+31+30+31+30), ++ (31+28+31+30+31+30+31), ++ (31+28+31+30+31+30+31+31), ++ (31+28+31+30+31+30+31+31+30), ++ (31+28+31+30+31+30+31+31+30+31), ++ (31+28+31+30+31+30+31+31+30+31+30), ++ }; ++ register u32 work; ++ ++ timep = time - (sys_tz.tz_minuteswest * 60); ++ work=timep%(SPD); ++ r->tm_sec=work%60; work/=60; ++ r->tm_min=work%60; r->tm_hour=work/60; ++ work=timep/(SPD); ++ r->tm_wday=(4+work)%7; ++ for (i=1970; ; ++i) { ++ register time_t k= (!(i%4) && ((i%100) || !(i%400)))?366:365; ++ if (work>k) ++ work-=k; ++ else ++ break; ++ } ++ r->tm_year=i-1900; ++ for (i=11; i && __spm[i]>work; --i) ; ++ r->tm_mon=i; ++ r->tm_mday=work-__spm[i]+1; ++} +--- a/net/ipv4/netfilter/Kconfig ++++ b/net/ipv4/netfilter/Kconfig +@@ -63,6 +63,22 @@ + help + Module for matching traffic of various Peer-to-Peer applications + ++ ++config IP_NF_MATCH_TIME ++ tristate 'TIME match support' ++ depends on IP_NF_IPTABLES ++ help ++ This option adds a `time' match, which allows you ++ to match based on the packet arrival time/date ++ (arrival time/date at the machine which netfilter is running on) or ++ departure time/date (for locally generated packets). ++ ++ If you say Y here, try iptables -m time --help for more information. ++ If you want to compile it as a module, say M here and read ++ ++ Documentation/modules.txt. If unsure, say `N'. ++ ++ + config IP_NF_MATCH_RECENT + tristate '"recent" match support' + depends on IP_NF_IPTABLES +--- a/net/ipv4/netfilter/Makefile ++++ b/net/ipv4/netfilter/Makefile +@@ -51,6 +51,7 @@ + obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o + obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o + obj-$(CONFIG_IP_NF_MATCH_SET) += ipt_set.o ++obj-$(CONFIG_IP_NF_MATCH_TIME) += ipt_time.o + + obj-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p.o + diff --git a/target/linux/generic-2.6/patches-2.6.27/150-netfilter_imq.patch b/target/linux/generic-2.6/patches-2.6.27/150-netfilter_imq.patch new file mode 100644 index 0000000000..142d3c0b2c --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/150-netfilter_imq.patch @@ -0,0 +1,914 @@ +--- /dev/null ++++ b/drivers/net/imq.c +@@ -0,0 +1,474 @@ ++/* ++ * Pseudo-driver for the intermediate queue device. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ * ++ * Authors: Patrick McHardy, <kaber@trash.net> ++ * ++ * The first version was written by Martin Devera, <devik@cdi.cz> ++ * ++ * Credits: Jan Rafaj <imq2t@cedric.vabo.cz> ++ * - Update patch to 2.4.21 ++ * Sebastian Strollo <sstrollo@nortelnetworks.com> ++ * - Fix "Dead-loop on netdevice imq"-issue ++ * Marcel Sebek <sebek64@post.cz> ++ * - Update to 2.6.2-rc1 ++ * ++ * After some time of inactivity there is a group taking care ++ * of IMQ again: http://www.linuximq.net ++ * ++ * ++ * 2004/06/30 - New version of IMQ patch to kernels <=2.6.7 ++ * including the following changes: ++ * ++ * - Correction of ipv6 support "+"s issue (Hasso Tepper) ++ * - Correction of imq_init_devs() issue that resulted in ++ * kernel OOPS unloading IMQ as module (Norbert Buchmuller) ++ * - Addition of functionality to choose number of IMQ devices ++ * during kernel config (Andre Correa) ++ * - Addition of functionality to choose how IMQ hooks on ++ * PRE and POSTROUTING (after or before NAT) (Andre Correa) ++ * - Cosmetic corrections (Norbert Buchmuller) (Andre Correa) ++ * ++ * ++ * 2005/12/16 - IMQ versions between 2.6.7 and 2.6.13 were ++ * released with almost no problems. 2.6.14-x was released ++ * with some important changes: nfcache was removed; After ++ * some weeks of trouble we figured out that some IMQ fields ++ * in skb were missing in skbuff.c - skb_clone and copy_skb_header. ++ * These functions are correctly patched by this new patch version. ++ * ++ * Thanks for all who helped to figure out all the problems with ++ * 2.6.14.x: Patrick McHardy, Rune Kock, VeNoMouS, Max CtRiX, ++ * Kevin Shanahan, Richard Lucassen, Valery Dachev (hopefully ++ * I didn't forget anybody). I apologize again for my lack of time. ++ * ++ * ++ * 2008/06/17 - 2.6.25 - Changed imq.c to use qdisc_run() instead ++ * of qdisc_restart() and moved qdisc_run() to tasklet to avoid ++ * recursive locking. New initialization routines to fix 'rmmod' not ++ * working anymore. Used code from ifb.c. (Jussi Kivilinna) ++ * ++ * Also, many thanks to pablo Sebastian Greco for making the initial ++ * patch and to those who helped the testing. ++ * ++ * More info at: http://www.linuximq.net/ (Andre Correa) ++ */ ++ ++#include <linux/module.h> ++#include <linux/kernel.h> ++#include <linux/moduleparam.h> ++#include <linux/skbuff.h> ++#include <linux/netdevice.h> ++#include <linux/rtnetlink.h> ++#include <linux/if_arp.h> ++#include <linux/netfilter.h> ++#include <linux/netfilter_ipv4.h> ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++ #include <linux/netfilter_ipv6.h> ++#endif ++#include <linux/imq.h> ++#include <net/pkt_sched.h> ++#include <net/netfilter/nf_queue.h> ++ ++struct imq_private { ++ struct tasklet_struct tasklet; ++ unsigned long tasklet_pending; ++}; ++ ++static nf_hookfn imq_nf_hook; ++ ++static struct nf_hook_ops imq_ingress_ipv4 = { ++ .hook = imq_nf_hook, ++ .owner = THIS_MODULE, ++ .pf = PF_INET, ++ .hooknum = NF_INET_PRE_ROUTING, ++#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) ++ .priority = NF_IP_PRI_MANGLE + 1 ++#else ++ .priority = NF_IP_PRI_NAT_DST + 1 ++#endif ++}; ++ ++static struct nf_hook_ops imq_egress_ipv4 = { ++ .hook = imq_nf_hook, ++ .owner = THIS_MODULE, ++ .pf = PF_INET, ++ .hooknum = NF_INET_POST_ROUTING, ++#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) ++ .priority = NF_IP_PRI_LAST ++#else ++ .priority = NF_IP_PRI_NAT_SRC - 1 ++#endif ++}; ++ ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++static struct nf_hook_ops imq_ingress_ipv6 = { ++ .hook = imq_nf_hook, ++ .owner = THIS_MODULE, ++ .pf = PF_INET6, ++ .hooknum = NF_INET_PRE_ROUTING, ++#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) ++ .priority = NF_IP6_PRI_MANGLE + 1 ++#else ++ .priority = NF_IP6_PRI_NAT_DST + 1 ++#endif ++}; ++ ++static struct nf_hook_ops imq_egress_ipv6 = { ++ .hook = imq_nf_hook, ++ .owner = THIS_MODULE, ++ .pf = PF_INET6, ++ .hooknum = NF_INET_POST_ROUTING, ++#if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) ++ .priority = NF_IP6_PRI_LAST ++#else ++ .priority = NF_IP6_PRI_NAT_SRC - 1 ++#endif ++}; ++#endif ++ ++#if defined(CONFIG_IMQ_NUM_DEVS) ++static unsigned int numdevs = CONFIG_IMQ_NUM_DEVS; ++#else ++static unsigned int numdevs = IMQ_MAX_DEVS; ++#endif ++ ++static struct net_device *imq_devs_cache[IMQ_MAX_DEVS]; ++ ++static struct net_device_stats *imq_get_stats(struct net_device *dev) ++{ ++ return &dev->stats; ++} ++ ++/* called for packets kfree'd in qdiscs at places other than enqueue */ ++static void imq_skb_destructor(struct sk_buff *skb) ++{ ++ struct nf_queue_entry *entry = skb->nf_queue_entry; ++ ++ if (entry) { ++ if (entry->indev) ++ dev_put(entry->indev); ++ if (entry->outdev) ++ dev_put(entry->outdev); ++ kfree(entry); ++ } ++} ++ ++static int imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) ++{ ++ dev->stats.tx_bytes += skb->len; ++ dev->stats.tx_packets++; ++ ++ skb->imq_flags = 0; ++ skb->destructor = NULL; ++ ++ dev->trans_start = jiffies; ++ nf_reinject(skb->nf_queue_entry, NF_ACCEPT); ++ return 0; ++} ++ ++static int imq_nf_queue(struct nf_queue_entry *entry, unsigned queue_num) ++{ ++ struct net_device *dev; ++ struct imq_private *priv; ++ struct sk_buff *skb2 = NULL; ++ struct Qdisc *q; ++ unsigned int index = entry->skb->imq_flags & IMQ_F_IFMASK; ++ int ret = -1; ++ ++ if (index > numdevs) ++ return -1; ++ ++ /* check for imq device by index from cache */ ++ dev = imq_devs_cache[index]; ++ if (!dev) { ++ char buf[8]; ++ ++ /* get device by name and cache result */ ++ snprintf(buf, sizeof(buf), "imq%d", index); ++ dev = dev_get_by_name(&init_net, buf); ++ if (!dev) { ++ /* not found ?!*/ ++ BUG(); ++ return -1; ++ } ++ ++ imq_devs_cache[index] = dev; ++ } ++ ++ priv = netdev_priv(dev); ++ if (!(dev->flags & IFF_UP)) { ++ entry->skb->imq_flags = 0; ++ nf_reinject(entry, NF_ACCEPT); ++ return 0; ++ } ++ dev->last_rx = jiffies; ++ ++ if (entry->skb->destructor) { ++ skb2 = entry->skb; ++ entry->skb = skb_clone(entry->skb, GFP_ATOMIC); ++ if (!entry->skb) ++ return -1; ++ } ++ entry->skb->nf_queue_entry = entry; ++ ++ dev->stats.rx_bytes += entry->skb->len; ++ dev->stats.rx_packets++; ++ ++ spin_lock_bh(&dev->queue_lock); ++ q = dev->qdisc; ++ if (q->enqueue) { ++ q->enqueue(skb_get(entry->skb), q); ++ if (skb_shared(entry->skb)) { ++ entry->skb->destructor = imq_skb_destructor; ++ kfree_skb(entry->skb); ++ ret = 0; ++ } ++ } ++ if (!test_and_set_bit(1, &priv->tasklet_pending)) ++ tasklet_schedule(&priv->tasklet); ++ spin_unlock_bh(&dev->queue_lock); ++ ++ if (skb2) ++ kfree_skb(ret ? entry->skb : skb2); ++ ++ return ret; ++} ++ ++static struct nf_queue_handler nfqh = { ++ .name = "imq", ++ .outfn = imq_nf_queue, ++}; ++ ++static void qdisc_run_tasklet(unsigned long arg) ++{ ++ struct net_device *dev = (struct net_device *)arg; ++ struct imq_private *priv = netdev_priv(dev); ++ ++ spin_lock(&dev->queue_lock); ++ qdisc_run(dev); ++ clear_bit(1, &priv->tasklet_pending); ++ spin_unlock(&dev->queue_lock); ++} ++ ++static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff *pskb, ++ const struct net_device *indev, ++ const struct net_device *outdev, ++ int (*okfn)(struct sk_buff *)) ++{ ++ if (pskb->imq_flags & IMQ_F_ENQUEUE) ++ return NF_QUEUE; ++ ++ return NF_ACCEPT; ++} ++ ++static int imq_close(struct net_device *dev) ++{ ++ struct imq_private *priv = netdev_priv(dev); ++ ++ tasklet_kill(&priv->tasklet); ++ netif_stop_queue(dev); ++ ++ return 0; ++} ++ ++static int imq_open(struct net_device *dev) ++{ ++ struct imq_private *priv = netdev_priv(dev); ++ ++ tasklet_init(&priv->tasklet, qdisc_run_tasklet, (unsigned long)dev); ++ netif_start_queue(dev); ++ ++ return 0; ++} ++ ++static void imq_setup(struct net_device *dev) ++{ ++ dev->hard_start_xmit = imq_dev_xmit; ++ dev->open = imq_open; ++ dev->get_stats = imq_get_stats; ++ dev->stop = imq_close; ++ dev->type = ARPHRD_VOID; ++ dev->mtu = 16000; ++ dev->tx_queue_len = 11000; ++ dev->flags = IFF_NOARP; ++} ++ ++static struct rtnl_link_ops imq_link_ops __read_mostly = { ++ .kind = "imq", ++ .priv_size = sizeof(struct imq_private), ++ .setup = imq_setup, ++}; ++ ++static int __init imq_init_hooks(void) ++{ ++ int err; ++ ++ err = nf_register_queue_handler(PF_INET, &nfqh); ++ if (err) ++ goto err1; ++ ++ err = nf_register_hook(&imq_ingress_ipv4); ++ if (err) ++ goto err2; ++ ++ err = nf_register_hook(&imq_egress_ipv4); ++ if (err) ++ goto err3; ++ ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++ err = nf_register_queue_handler(PF_INET6, &nfqh); ++ if (err) ++ goto err4; ++ ++ err = nf_register_hook(&imq_ingress_ipv6); ++ if (err) ++ goto err5; ++ ++ err = nf_register_hook(&imq_egress_ipv6); ++ if (err) ++ goto err6; ++#endif ++ ++ return 0; ++ ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++err6: ++ nf_unregister_hook(&imq_ingress_ipv6); ++err5: ++ nf_unregister_queue_handler(PF_INET6, &nfqh); ++err4: ++ nf_unregister_hook(&imq_egress_ipv4); ++#endif ++err3: ++ nf_unregister_hook(&imq_ingress_ipv4); ++err2: ++ nf_unregister_queue_handler(PF_INET, &nfqh); ++err1: ++ return err; ++} ++ ++static int __init imq_init_one(int index) ++{ ++ struct net_device *dev; ++ int ret; ++ ++ dev = alloc_netdev(sizeof(struct imq_private), "imq%d", imq_setup); ++ if (!dev) ++ return -ENOMEM; ++ ++ ret = dev_alloc_name(dev, dev->name); ++ if (ret < 0) ++ goto fail; ++ ++ dev->rtnl_link_ops = &imq_link_ops; ++ ret = register_netdevice(dev); ++ if (ret < 0) ++ goto fail; ++ ++ return 0; ++fail: ++ free_netdev(dev); ++ return ret; ++} ++ ++static int __init imq_init_devs(void) ++{ ++ int err, i; ++ ++ if (!numdevs || numdevs > IMQ_MAX_DEVS) { ++ printk(KERN_ERR "IMQ: numdevs has to be betweed 1 and %u\n", ++ IMQ_MAX_DEVS); ++ return -EINVAL; ++ } ++ ++ rtnl_lock(); ++ err = __rtnl_link_register(&imq_link_ops); ++ ++ for (i = 0; i < numdevs && !err; i++) ++ err = imq_init_one(i); ++ ++ if (err) { ++ __rtnl_link_unregister(&imq_link_ops); ++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); ++ } ++ rtnl_unlock(); ++ ++ return err; ++} ++ ++static int __init imq_init_module(void) ++{ ++ int err; ++ ++ err = imq_init_devs(); ++ if (err) { ++ printk(KERN_ERR "IMQ: Error trying imq_init_devs(net)\n"); ++ return err; ++ } ++ ++ err = imq_init_hooks(); ++ if (err) { ++ printk(KERN_ERR "IMQ: Error trying imq_init_hooks()\n"); ++ rtnl_link_unregister(&imq_link_ops); ++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); ++ return err; ++ } ++ ++ printk(KERN_INFO "IMQ driver loaded successfully.\n"); ++ ++#if defined(CONFIG_IMQ_BEHAVIOR_BA) || defined(CONFIG_IMQ_BEHAVIOR_BB) ++ printk(KERN_INFO "\tHooking IMQ before NAT on PREROUTING.\n"); ++#else ++ printk(KERN_INFO "\tHooking IMQ after NAT on PREROUTING.\n"); ++#endif ++#if defined(CONFIG_IMQ_BEHAVIOR_AB) || defined(CONFIG_IMQ_BEHAVIOR_BB) ++ printk(KERN_INFO "\tHooking IMQ before NAT on POSTROUTING.\n"); ++#else ++ printk(KERN_INFO "\tHooking IMQ after NAT on POSTROUTING.\n"); ++#endif ++ ++ return 0; ++} ++ ++static void __exit imq_unhook(void) ++{ ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++ nf_unregister_hook(&imq_ingress_ipv6); ++ nf_unregister_hook(&imq_egress_ipv6); ++ nf_unregister_queue_handler(PF_INET6, &nfqh); ++#endif ++ nf_unregister_hook(&imq_ingress_ipv4); ++ nf_unregister_hook(&imq_egress_ipv4); ++ nf_unregister_queue_handler(PF_INET, &nfqh); ++} ++ ++static void __exit imq_cleanup_devs(void) ++{ ++ rtnl_link_unregister(&imq_link_ops); ++ memset(imq_devs_cache, 0, sizeof(imq_devs_cache)); ++} ++ ++static void __exit imq_exit_module(void) ++{ ++ imq_unhook(); ++ imq_cleanup_devs(); ++ printk(KERN_INFO "IMQ driver unloaded successfully.\n"); ++} ++ ++module_init(imq_init_module); ++module_exit(imq_exit_module); ++ ++module_param(numdevs, int, 0); ++MODULE_PARM_DESC(numdevs, "number of IMQ devices (how many imq* devices will " ++ "be created)"); ++MODULE_AUTHOR("http://www.linuximq.net"); ++MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See " ++ "http://www.linuximq.net/ for more information."); ++MODULE_LICENSE("GPL"); ++MODULE_ALIAS_RTNL_LINK("imq"); ++ +--- a/drivers/net/Kconfig ++++ b/drivers/net/Kconfig +@@ -109,6 +109,129 @@ + To compile this driver as a module, choose M here: the module + will be called eql. If unsure, say N. + ++config IMQ ++ tristate "IMQ (intermediate queueing device) support" ++ depends on NETDEVICES && NETFILTER ++ ---help--- ++ The IMQ device(s) is used as placeholder for QoS queueing ++ disciplines. Every packet entering/leaving the IP stack can be ++ directed through the IMQ device where it's enqueued/dequeued to the ++ attached qdisc. This allows you to treat network devices as classes ++ and distribute bandwidth among them. Iptables is used to specify ++ through which IMQ device, if any, packets travel. ++ ++ More information at: http://www.linuximq.net/ ++ ++ To compile this driver as a module, choose M here: the module ++ will be called imq. If unsure, say N. ++ ++choice ++ prompt "IMQ behavior (PRE/POSTROUTING)" ++ depends on IMQ ++ default IMQ_BEHAVIOR_AB ++ help ++ ++ This settings defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ IMQ can work in any of the following ways: ++ ++ PREROUTING | POSTROUTING ++ -----------------|------------------- ++ #1 After NAT | After NAT ++ #2 After NAT | Before NAT ++ #3 Before NAT | After NAT ++ #4 Before NAT | Before NAT ++ ++ The default behavior is to hook before NAT on PREROUTING ++ and after NAT on POSTROUTING (#3). ++ ++ This settings are specially usefull when trying to use IMQ ++ to shape NATed clients. ++ ++ More information can be found at: www.linuximq.net ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_AA ++ bool "IMQ AA" ++ help ++ This settings defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: After NAT ++ POSTROUTING: After NAT ++ ++ More information can be found at: www.linuximq.net ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_AB ++ bool "IMQ AB" ++ help ++ This settings defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: After NAT ++ POSTROUTING: Before NAT ++ ++ More information can be found at: www.linuximq.net ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_BA ++ bool "IMQ BA" ++ help ++ This settings defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: Before NAT ++ POSTROUTING: After NAT ++ ++ More information can be found at: www.linuximq.net ++ ++ If not sure leave the default settings alone. ++ ++config IMQ_BEHAVIOR_BB ++ bool "IMQ BB" ++ help ++ This settings defines how IMQ behaves in respect to its ++ hooking in PREROUTING and POSTROUTING. ++ ++ Choosing this option will make IMQ hook like this: ++ ++ PREROUTING: Before NAT ++ POSTROUTING: Before NAT ++ ++ More information can be found at: www.linuximq.net ++ ++ If not sure leave the default settings alone. ++ ++endchoice ++ ++config IMQ_NUM_DEVS ++ ++ int "Number of IMQ devices" ++ range 2 16 ++ depends on IMQ ++ default "16" ++ help ++ ++ This settings defines how many IMQ devices will be ++ created. ++ ++ The default value is 16. ++ ++ More information can be found at: www.linuximq.net ++ ++ If not sure leave the default settings alone. ++ + config TUN + tristate "Universal TUN/TAP device driver support" + select CRC32 +--- a/drivers/net/Makefile ++++ b/drivers/net/Makefile +@@ -144,6 +144,7 @@ + obj-$(CONFIG_XEN_NETDEV_FRONTEND) += xen-netfront.o + + obj-$(CONFIG_DUMMY) += dummy.o ++obj-$(CONFIG_IMQ) += imq.o + obj-$(CONFIG_IFB) += ifb.o + obj-$(CONFIG_MACVLAN) += macvlan.o + obj-$(CONFIG_DE600) += de600.o +--- /dev/null ++++ b/include/linux/imq.h +@@ -0,0 +1,9 @@ ++#ifndef _IMQ_H ++#define _IMQ_H ++ ++#define IMQ_MAX_DEVS 16 ++ ++#define IMQ_F_IFMASK 0x7f ++#define IMQ_F_ENQUEUE 0x80 ++ ++#endif /* _IMQ_H */ +--- /dev/null ++++ b/include/linux/netfilter_ipv4/ipt_IMQ.h +@@ -0,0 +1,8 @@ ++#ifndef _IPT_IMQ_H ++#define _IPT_IMQ_H ++ ++struct ipt_imq_info { ++ unsigned int todev; /* target imq device */ ++}; ++ ++#endif /* _IPT_IMQ_H */ +--- /dev/null ++++ b/include/linux/netfilter_ipv6/ip6t_IMQ.h +@@ -0,0 +1,8 @@ ++#ifndef _IP6T_IMQ_H ++#define _IP6T_IMQ_H ++ ++struct ip6t_imq_info { ++ unsigned int todev; /* target imq device */ ++}; ++ ++#endif /* _IP6T_IMQ_H */ +--- a/include/linux/skbuff.h ++++ b/include/linux/skbuff.h +@@ -302,6 +302,10 @@ + struct nf_conntrack *nfct; + struct sk_buff *nfct_reasm; + #endif ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ unsigned char imq_flags; ++ struct nf_queue_entry *nf_queue_entry; ++#endif + #ifdef CONFIG_BRIDGE_NETFILTER + struct nf_bridge_info *nf_bridge; + #endif +@@ -1642,6 +1646,10 @@ + dst->nfct_reasm = src->nfct_reasm; + nf_conntrack_get_reasm(src->nfct_reasm); + #endif ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ dst->imq_flags = src->imq_flags; ++ dst->nf_queue_entry = src->nf_queue_entry; ++#endif + #ifdef CONFIG_BRIDGE_NETFILTER + dst->nf_bridge = src->nf_bridge; + nf_bridge_get(src->nf_bridge); +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -96,6 +96,9 @@ + #include <net/net_namespace.h> + #include <net/sock.h> + #include <linux/rtnetlink.h> ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++#include <linux/imq.h> ++#endif + #include <linux/proc_fs.h> + #include <linux/seq_file.h> + #include <linux/stat.h> +@@ -1623,7 +1626,11 @@ + struct netdev_queue *txq) + { + if (likely(!skb->next)) { +- if (!list_empty(&ptype_all)) ++ if (!list_empty(&ptype_all) ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ && !(skb->imq_flags & IMQ_F_ENQUEUE) ++#endif ++ ) + dev_queue_xmit_nit(skb, dev); + + if (netif_needs_gso(dev, skb)) { +--- /dev/null ++++ b/net/ipv4/netfilter/ipt_IMQ.c +@@ -0,0 +1,69 @@ ++/* ++ * This target marks packets to be enqueued to an imq device ++ */ ++#include <linux/module.h> ++#include <linux/skbuff.h> ++#include <linux/netfilter_ipv4/ip_tables.h> ++#include <linux/netfilter_ipv4/ipt_IMQ.h> ++#include <linux/imq.h> ++ ++static unsigned int imq_target(struct sk_buff *pskb, ++ const struct net_device *in, ++ const struct net_device *out, ++ unsigned int hooknum, ++ const struct xt_target *target, ++ const void *targinfo) ++{ ++ struct ipt_imq_info *mr = (struct ipt_imq_info *)targinfo; ++ ++ pskb->imq_flags = mr->todev | IMQ_F_ENQUEUE; ++ ++ return XT_CONTINUE; ++} ++ ++static bool imq_checkentry(const char *tablename, ++ const void *e, ++ const struct xt_target *target, ++ void *targinfo, ++ unsigned int hook_mask) ++{ ++ struct ipt_imq_info *mr; ++ ++ mr = (struct ipt_imq_info *)targinfo; ++ ++ if (mr->todev > IMQ_MAX_DEVS) { ++ printk(KERN_WARNING ++ "IMQ: invalid device specified, highest is %u\n", ++ IMQ_MAX_DEVS); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static struct xt_target ipt_imq_reg = { ++ .name = "IMQ", ++ .family = AF_INET, ++ .target = imq_target, ++ .targetsize = sizeof(struct ipt_imq_info), ++ .checkentry = imq_checkentry, ++ .me = THIS_MODULE, ++ .table = "mangle" ++}; ++ ++static int __init init(void) ++{ ++ return xt_register_target(&ipt_imq_reg); ++} ++ ++static void __exit fini(void) ++{ ++ xt_unregister_target(&ipt_imq_reg); ++} ++ ++module_init(init); ++module_exit(fini); ++ ++MODULE_AUTHOR("http://www.linuximq.net"); ++MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information."); ++MODULE_LICENSE("GPL"); +--- a/net/ipv4/netfilter/Kconfig ++++ b/net/ipv4/netfilter/Kconfig +@@ -145,6 +145,17 @@ + + To compile it as a module, choose M here. If unsure, say N. + ++config IP_NF_TARGET_IMQ ++ tristate "IMQ target support" ++ depends on IP_NF_MANGLE && IMQ ++ help ++ This option adds a `IMQ' target which is used to specify if and ++ to which IMQ device packets should get enqueued/dequeued. ++ ++ For more information visit: http://www.linuximq.net/ ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ + config IP_NF_TARGET_REJECT + tristate "REJECT target support" + depends on IP_NF_FILTER +--- a/net/ipv4/netfilter/Makefile ++++ b/net/ipv4/netfilter/Makefile +@@ -59,6 +59,7 @@ + obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o + obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o + obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o ++obj-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ.o + obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o + obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o + obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o +--- /dev/null ++++ b/net/ipv6/netfilter/ip6t_IMQ.c +@@ -0,0 +1,69 @@ ++/* ++ * This target marks packets to be enqueued to an imq device ++ */ ++#include <linux/module.h> ++#include <linux/skbuff.h> ++#include <linux/netfilter_ipv6/ip6_tables.h> ++#include <linux/netfilter_ipv6/ip6t_IMQ.h> ++#include <linux/imq.h> ++ ++static unsigned int imq_target(struct sk_buff *pskb, ++ const struct net_device *in, ++ const struct net_device *out, ++ unsigned int hooknum, ++ const struct xt_target *target, ++ const void *targinfo) ++{ ++ struct ip6t_imq_info *mr = (struct ip6t_imq_info *)targinfo; ++ ++ pskb->imq_flags = mr->todev | IMQ_F_ENQUEUE; ++ ++ return XT_CONTINUE; ++} ++ ++static bool imq_checkentry(const char *tablename, ++ const void *entry, ++ const struct xt_target *target, ++ void *targinfo, ++ unsigned int hook_mask) ++{ ++ struct ip6t_imq_info *mr; ++ ++ mr = (struct ip6t_imq_info *)targinfo; ++ ++ if (mr->todev > IMQ_MAX_DEVS) { ++ printk(KERN_WARNING ++ "IMQ: invalid device specified, highest is %u\n", ++ IMQ_MAX_DEVS); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static struct xt_target ip6t_imq_reg = { ++ .name = "IMQ", ++ .family = AF_INET6, ++ .target = imq_target, ++ .targetsize = sizeof(struct ip6t_imq_info), ++ .table = "mangle", ++ .checkentry = imq_checkentry, ++ .me = THIS_MODULE ++}; ++ ++static int __init init(void) ++{ ++ return xt_register_target(&ip6t_imq_reg); ++} ++ ++static void __exit fini(void) ++{ ++ xt_unregister_target(&ip6t_imq_reg); ++} ++ ++module_init(init); ++module_exit(fini); ++ ++MODULE_AUTHOR("http://www.linuximq.net"); ++MODULE_DESCRIPTION("Pseudo-driver for the intermediate queue device. See http://www.linuximq.net/ for more information."); ++MODULE_LICENSE("GPL"); +--- a/net/ipv6/netfilter/Kconfig ++++ b/net/ipv6/netfilter/Kconfig +@@ -179,6 +179,15 @@ + + To compile it as a module, choose M here. If unsure, say N. + ++config IP6_NF_TARGET_IMQ ++ tristate "IMQ target support" ++ depends on IP6_NF_MANGLE && IMQ ++ help ++ This option adds a `IMQ' target which is used to specify if and ++ to which imq device packets should get enqueued/dequeued. ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ + config IP6_NF_TARGET_HL + tristate 'HL (hoplimit) target support' + depends on IP6_NF_MANGLE +--- a/net/ipv6/netfilter/Makefile ++++ b/net/ipv6/netfilter/Makefile +@@ -6,6 +6,7 @@ + obj-$(CONFIG_IP6_NF_IPTABLES) += ip6_tables.o + obj-$(CONFIG_IP6_NF_FILTER) += ip6table_filter.o + obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o ++obj-$(CONFIG_IP6_NF_TARGET_IMQ) += ip6t_IMQ.o + obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o + obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o + obj-$(CONFIG_IP6_NF_SECURITY) += ip6table_security.o +--- a/net/sched/sch_generic.c ++++ b/net/sched/sch_generic.c +@@ -188,6 +188,7 @@ + + clear_bit(__QDISC_STATE_RUNNING, &q->state); + } ++EXPORT_SYMBOL(__qdisc_run); + + static void dev_watchdog(unsigned long arg) + { diff --git a/target/linux/generic-2.6/patches-2.6.27/170-netfilter_chaostables_0.8.patch b/target/linux/generic-2.6/patches-2.6.27/170-netfilter_chaostables_0.8.patch new file mode 100644 index 0000000000..b8bbeb8a31 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/170-netfilter_chaostables_0.8.patch @@ -0,0 +1,844 @@ +--- /dev/null ++++ b/include/linux/netfilter/oot_conntrack.h +@@ -0,0 +1,5 @@ ++#if defined(CONFIG_IP_NF_CONNTRACK) || defined(CONFIG_IP_NF_CONNTRACK_MODULE) ++# include <linux/netfilter_ipv4/ip_conntrack.h> ++#else /* linux-2.6.20+ */ ++# include <net/netfilter/nf_nat_rule.h> ++#endif +--- /dev/null ++++ b/include/linux/netfilter/oot_trans.h +@@ -0,0 +1,14 @@ ++/* Out of tree workarounds */ ++#include <linux/version.h> ++#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) ++# define HAVE_MATCHINFOSIZE 1 ++# define HAVE_TARGUSERINFO 1 ++# define HAVE_TARGINFOSIZE 1 ++#endif ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 20) ++# define nfmark mark ++#endif ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 21) ++# define tcp_v4_check(tcph, tcph_sz, s, d, csp) \ ++ tcp_v4_check((tcph_sz), (s), (d), (csp)) ++#endif +--- /dev/null ++++ b/include/linux/netfilter/xt_CHAOS.h +@@ -0,0 +1,14 @@ ++#ifndef _LINUX_NETFILTER_XT_CHAOS_H ++#define _LINUX_NETFILTER_XT_CHAOS_H 1 ++ ++enum xt_chaos_target_variant { ++ XTCHAOS_NORMAL, ++ XTCHAOS_TARPIT, ++ XTCHAOS_DELUDE, ++}; ++ ++struct xt_chaos_target_info { ++ uint8_t variant; ++}; ++ ++#endif /* _LINUX_NETFILTER_XT_CHAOS_H */ +--- /dev/null ++++ b/include/linux/netfilter/xt_portscan.h +@@ -0,0 +1,8 @@ ++#ifndef _LINUX_NETFILTER_XT_PORTSCAN_H ++#define _LINUX_NETFILTER_XT_PORTSCAN_H 1 ++ ++struct xt_portscan_match_info { ++ uint8_t match_stealth, match_syn, match_cn, match_gr; ++}; ++ ++#endif /* _LINUX_NETFILTER_XT_PORTSCAN_H */ +--- /dev/null ++++ b/net/netfilter/find_match.c +@@ -0,0 +1,39 @@ ++/* ++ xt_request_find_match ++ by Jan Engelhardt <jengelh [at] gmx de>, 2006 - 2007 ++ ++ Based upon linux-2.6.18.5/net/netfilter/x_tables.c: ++ Copyright (C) 2006-2006 Harald Welte <laforge@netfilter.org> ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License version 2 as ++ published by the Free Software Foundation. ++*/ ++#include <linux/err.h> ++#include <linux/netfilter_arp.h> ++#include <linux/socket.h> ++#include <linux/netfilter/x_tables.h> ++ ++/* ++ * Yeah this code is sub-optimal, but the function is missing in ++ * mainline so far. -jengelh ++ */ ++static struct xt_match *xt_request_find_match_lo(int af, const char *name, ++ u8 revision) ++{ ++ static const char *const xt_prefix[] = { ++ [AF_INET] = "ip", ++ [AF_INET6] = "ip6", ++ [NF_ARP] = "arp", ++ }; ++ struct xt_match *match; ++ ++ match = try_then_request_module(xt_find_match(af, name, revision), ++ "%st_%s", xt_prefix[af], name); ++ if (IS_ERR(match) || match == NULL) ++ return NULL; ++ ++ return match; ++} ++ ++/* In case it goes into mainline, let this out-of-tree package compile */ ++#define xt_request_find_match xt_request_find_match_lo +--- a/net/netfilter/Kconfig ++++ b/net/netfilter/Kconfig +@@ -296,6 +296,14 @@ + + # alphabetically ordered list of targets + ++config NETFILTER_XT_TARGET_CHAOS ++ tristate '"CHAOS" target support' ++ depends on NETFILTER_XTABLES ++ help ++ This option adds a `CHAOS' target. ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ + config NETFILTER_XT_TARGET_CLASSIFY + tristate '"CLASSIFY" target support' + depends on NETFILTER_XTABLES +@@ -325,6 +333,14 @@ + <file:Documentation/kbuild/modules.txt>. The module will be called + ipt_CONNMARK.ko. If unsure, say `N'. + ++config NETFILTER_XT_TARGET_DELUDE ++ tristate '"DELUDE" target support' ++ depends on NETFILTER_XTABLES ++ help ++ This option adds a `DELUDE' target. ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ + config NETFILTER_XT_TARGET_DSCP + tristate '"DSCP" and "TOS" target support' + depends on NETFILTER_XTABLES +@@ -661,6 +677,14 @@ + + To compile it as a module, choose M here. If unsure, say N. + ++config NETFILTER_XT_MATCH_PORTSCAN ++ tristate '"portscan" match support' ++ depends on NETFILTER_XTABLES ++ help ++ This option adds a 'portscan' match support. ++ ++ To compile it as a module, choose M here. If unsure, say N. ++ + config NETFILTER_XT_MATCH_MULTIPORT + tristate '"multiport" Multiple port match support' + depends on NETFILTER_XTABLES +--- a/net/netfilter/Makefile ++++ b/net/netfilter/Makefile +@@ -51,6 +51,8 @@ + obj-$(CONFIG_NETFILTER_XT_TARGET_TCPMSS) += xt_TCPMSS.o + obj-$(CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP) += xt_TCPOPTSTRIP.o + obj-$(CONFIG_NETFILTER_XT_TARGET_TRACE) += xt_TRACE.o ++obj-$(CONFIG_NETFILTER_XT_TARGET_CHAOS) += xt_CHAOS.o ++obj-$(CONFIG_NETFILTER_XT_TARGET_DELUDE) += xt_DELUDE.o + + # matches + obj-$(CONFIG_NETFILTER_XT_MATCH_COMMENT) += xt_comment.o +@@ -84,3 +86,4 @@ + obj-$(CONFIG_NETFILTER_XT_MATCH_TCPMSS) += xt_tcpmss.o + obj-$(CONFIG_NETFILTER_XT_MATCH_TIME) += xt_time.o + obj-$(CONFIG_NETFILTER_XT_MATCH_U32) += xt_u32.o ++obj-$(CONFIG_NETFILTER_XT_MATCH_PORTSCAN) += xt_portscan.o +--- /dev/null ++++ b/net/netfilter/xt_CHAOS.c +@@ -0,0 +1,200 @@ ++/* ++ * CHAOS target for netfilter ++ * Copyright © CC Computer Consultants GmbH, 2006 - 2007 ++ * Contact: Jan Engelhardt <jengelh@computergmbh.de> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License; either version ++ * 2 or 3 as published by the Free Software Foundation. ++ */ ++#include <linux/icmp.h> ++#include <linux/in.h> ++#include <linux/ip.h> ++#include <linux/module.h> ++#include <linux/skbuff.h> ++#include <linux/stat.h> ++#include <linux/netfilter/x_tables.h> ++#include <linux/netfilter/xt_tcpudp.h> ++#include <linux/netfilter_ipv4/ipt_REJECT.h> ++#include <net/ip.h> ++#if defined(_LOCAL) ++# include "xt_CHAOS.h" ++# include "find_match.c" ++#elif defined(CONFIG_NETFILTER_XT_TARGET_CHAOS) || \ ++ defined(CONFIG_NETFILTER_XT_TARGET_CHAOS_MODULE) ++# include <linux/netfilter/xt_CHAOS.h> ++# include "find_match.c" ++#else ++# include "xt_CHAOS.h" ++# include "find_match.c" ++#endif ++#define PFX KBUILD_MODNAME ": " ++ ++/* Module parameters */ ++static unsigned int reject_percentage = ~0U * .01; ++static unsigned int delude_percentage = ~0U * .0101; ++module_param(reject_percentage, uint, S_IRUGO | S_IWUSR); ++module_param(delude_percentage, uint, S_IRUGO | S_IWUSR); ++ ++/* References to other matches/targets */ ++static struct xt_match *xm_tcp; ++static struct xt_target *xt_delude, *xt_reject, *xt_tarpit; ++ ++static int have_delude, have_tarpit; ++ ++/* Static data for other matches/targets */ ++static const struct ipt_reject_info reject_params = { ++ .with = ICMP_HOST_UNREACH, ++}; ++ ++static const struct xt_tcp tcp_params = { ++ .spts = {0, ~0}, ++ .dpts = {0, ~0}, ++}; ++ ++/* CHAOS functions */ ++static void xt_chaos_total(const struct xt_chaos_target_info *info, ++ struct sk_buff *skb, const struct net_device *in, ++ const struct net_device *out, unsigned int hooknum) ++{ ++ const struct iphdr *iph = ip_hdr(skb); ++ const int protoff = 4 * iph->ihl; ++ const int offset = ntohs(iph->frag_off) & IP_OFFSET; ++ const struct xt_target *destiny; ++ bool hotdrop = false, ret; ++ ++ ret = xm_tcp->match(skb, in, out, xm_tcp, &tcp_params, ++ offset, protoff, &hotdrop); ++ if (!ret || hotdrop || (unsigned int)net_random() > delude_percentage) ++ return; ++ ++ destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude; ++ destiny->target(skb, in, out, hooknum, destiny, NULL); ++ return; ++} ++ ++static unsigned int chaos_tg(struct sk_buff *skb, ++ const struct net_device *in, const struct net_device *out, ++ unsigned int hooknum, const struct xt_target *target, const void *targinfo) ++{ ++ /* ++ * Equivalent to: ++ * -A chaos -m statistic --mode random --probability \ ++ * $reject_percentage -j REJECT --reject-with host-unreach; ++ * -A chaos -p tcp -m statistic --mode random --probability \ ++ * $delude_percentage -j DELUDE; ++ * -A chaos -j DROP; ++ */ ++ const struct xt_chaos_target_info *info = targinfo; ++ const struct iphdr *iph = ip_hdr(skb); ++ ++ if ((unsigned int)net_random() <= reject_percentage) ++ return xt_reject->target(skb, in, out, hooknum, target, ++ &reject_params); ++ ++ /* TARPIT/DELUDE may not be called from the OUTPUT chain */ ++ if (iph->protocol == IPPROTO_TCP && ++ info->variant != XTCHAOS_NORMAL && hooknum != NF_INET_LOCAL_OUT) ++ xt_chaos_total(info, skb, in, out, hooknum); ++ ++ return NF_DROP; ++} ++ ++static bool chaos_tg_check(const char *tablename, const void *entry, ++ const struct xt_target *target, void *targinfo, unsigned int hook_mask) ++{ ++ const struct xt_chaos_target_info *info = targinfo; ++ ++ if (info->variant == XTCHAOS_DELUDE && !have_delude) { ++ printk(KERN_WARNING PFX "Error: Cannot use --delude when " ++ "DELUDE module not available\n"); ++ return false; ++ } ++ if (info->variant == XTCHAOS_TARPIT && !have_tarpit) { ++ printk(KERN_WARNING PFX "Error: Cannot use --tarpit when " ++ "TARPIT module not available\n"); ++ return false; ++ } ++ ++ return true; ++} ++ ++static struct xt_target chaos_tg_reg = { ++ .name = "CHAOS", ++ .family = AF_INET, ++ .table = "filter", ++ .hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) | ++ (1 << NF_INET_LOCAL_OUT), ++ .checkentry = chaos_tg_check, ++ .target = chaos_tg, ++ .targetsize = sizeof(struct xt_chaos_target_info), ++ .me = THIS_MODULE, ++}; ++ ++static int __init chaos_tg_init(void) ++{ ++ int ret = -EINVAL; ++ ++ xm_tcp = xt_request_find_match(AF_INET, "tcp", 0); ++ if (xm_tcp == NULL) { ++ printk(KERN_WARNING PFX "Error: Could not find or load " ++ "\"tcp\" match\n"); ++ return -EINVAL; ++ } ++ ++ xt_reject = xt_request_find_target(AF_INET, "REJECT", 0); ++ if (xt_reject == NULL) { ++ printk(KERN_WARNING PFX "Error: Could not find or load " ++ "\"REJECT\" target\n"); ++ goto out2; ++ } ++ ++ xt_tarpit = xt_request_find_target(AF_INET, "TARPIT", 0); ++ have_tarpit = xt_tarpit != NULL; ++ if (!have_tarpit) ++ printk(KERN_WARNING PFX "Warning: Could not find or load " ++ "\"TARPIT\" target\n"); ++ ++ xt_delude = xt_request_find_target(AF_INET, "DELUDE", 0); ++ have_delude = xt_delude != NULL; ++ if (!have_delude) ++ printk(KERN_WARNING PFX "Warning: Could not find or load " ++ "\"DELUDE\" target\n"); ++ ++ if ((ret = xt_register_target(&chaos_tg_reg)) != 0) { ++ printk(KERN_WARNING PFX "xt_register_target returned " ++ "error %d\n", ret); ++ goto out3; ++ } ++ ++ return 0; ++ ++ out3: ++ if (have_delude) ++ module_put(xt_delude->me); ++ if (have_tarpit) ++ module_put(xt_tarpit->me); ++ module_put(xt_reject->me); ++ out2: ++ module_put(xm_tcp->me); ++ return ret; ++} ++ ++static void __exit chaos_tg_exit(void) ++{ ++ xt_unregister_target(&chaos_tg_reg); ++ module_put(xm_tcp->me); ++ module_put(xt_reject->me); ++ if (have_delude) ++ module_put(xt_delude->me); ++ if (have_tarpit) ++ module_put(xt_tarpit->me); ++ return; ++} ++ ++module_init(chaos_tg_init); ++module_exit(chaos_tg_exit); ++MODULE_AUTHOR("Jan Engelhardt <jengelh@computergmbh.de>"); ++MODULE_DESCRIPTION("netfilter \"CHAOS\" target"); ++MODULE_LICENSE("GPL"); ++MODULE_ALIAS("ipt_CHAOS"); +--- /dev/null ++++ b/net/netfilter/xt_DELUDE.c +@@ -0,0 +1,197 @@ ++/* ++ * DELUDE target ++ * Copyright © CC Computer Consultants GmbH, 2007 ++ * Contact: Jan Engelhardt <jengelh@computergmbh.de> ++ * ++ * Based upon linux-2.6.18.5/net/ipv4/netfilter/ipt_REJECT.c: ++ * (C) 1999-2001 Paul `Rusty' Russell ++ * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> ++ * ++ * xt_DELUDE acts like REJECT, but does reply with SYN-ACK on SYN. ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++#include <linux/module.h> ++#include <linux/skbuff.h> ++#include <linux/ip.h> ++#include <linux/tcp.h> ++#include <linux/netfilter/x_tables.h> ++#ifdef CONFIG_BRIDGE_NETFILTER ++# include <linux/netfilter_bridge.h> ++#endif ++#include <net/tcp.h> ++#define PFX KBUILD_MODNAME ": " ++ ++static void delude_send_reset(struct sk_buff *oldskb, unsigned int hook) ++{ ++ struct tcphdr _otcph, *oth, *tcph; ++ unsigned int addr_type; ++ struct sk_buff *nskb; ++ u_int16_t tmp_port; ++ u_int32_t tmp_addr; ++ struct iphdr *niph; ++ bool needs_ack; ++ ++ /* IP header checks: fragment. */ ++ if (ip_hdr(oldskb)->frag_off & htons(IP_OFFSET)) ++ return; ++ ++ oth = skb_header_pointer(oldskb, ip_hdrlen(oldskb), ++ sizeof(_otcph), &_otcph); ++ if (oth == NULL) ++ return; ++ ++ /* No RST for RST. */ ++ if (oth->rst) ++ return; ++ ++ /* Check checksum */ ++ if (nf_ip_checksum(oldskb, hook, ip_hdrlen(oldskb), IPPROTO_TCP)) ++ return; ++ ++ /* We need a linear, writeable skb. We also need to expand ++ headroom in case hh_len of incoming interface < hh_len of ++ outgoing interface */ ++ nskb = skb_copy_expand(oldskb, LL_MAX_HEADER, skb_tailroom(oldskb), ++ GFP_ATOMIC); ++ if (!nskb) ++ return; ++ ++ /* This packet will not be the same as the other: clear nf fields */ ++ nf_reset(nskb); ++ nskb->mark = 0; ++ skb_init_secmark(nskb); ++ ++ skb_shinfo(nskb)->gso_size = 0; ++ skb_shinfo(nskb)->gso_segs = 0; ++ skb_shinfo(nskb)->gso_type = 0; ++ ++ tcph = (struct tcphdr *)(skb_network_header(nskb) + ip_hdrlen(nskb)); ++ ++ /* Swap source and dest */ ++ niph = ip_hdr(nskb); ++ tmp_addr = niph->saddr; ++ niph->saddr = niph->daddr; ++ niph->daddr = tmp_addr; ++ tmp_port = tcph->source; ++ tcph->source = tcph->dest; ++ tcph->dest = tmp_port; ++ ++ /* Truncate to length (no data) */ ++ tcph->doff = sizeof(struct tcphdr) / 4; ++ skb_trim(nskb, ip_hdrlen(nskb) + sizeof(struct tcphdr)); ++ niph->tot_len = htons(nskb->len); ++ ++ if (oth->syn && !oth->ack && !oth->rst && !oth->fin) { ++ /* DELUDE essential part */ ++ tcph->ack_seq = htonl(ntohl(oth->seq) + oth->syn + oth->fin + ++ oldskb->len - ip_hdrlen(oldskb) - ++ (oth->doff << 2)); ++ tcph->seq = false; ++ tcph->ack = true; ++ } else { ++ if (!tcph->ack) { ++ needs_ack = true; ++ tcph->ack_seq = htonl(ntohl(oth->seq) + oth->syn + ++ oth->fin + oldskb->len - ++ ip_hdrlen(oldskb) - (oth->doff<<2)); ++ tcph->seq = false; ++ } else { ++ needs_ack = false; ++ tcph->seq = oth->ack_seq; ++ tcph->ack_seq = false; ++ } ++ ++ /* Reset flags */ ++ ((u_int8_t *)tcph)[13] = 0; ++ tcph->rst = true; ++ tcph->ack = needs_ack; ++ } ++ ++ tcph->window = 0; ++ tcph->urg_ptr = 0; ++ ++ /* Adjust TCP checksum */ ++ tcph->check = 0; ++ tcph->check = tcp_v4_check(sizeof(struct tcphdr), niph->saddr, ++ niph->daddr, csum_partial((char *)tcph, ++ sizeof(struct tcphdr), 0)); ++ ++ /* Set DF, id = 0 */ ++ niph->frag_off = htons(IP_DF); ++ niph->id = 0; ++ ++ addr_type = RTN_UNSPEC; ++#ifdef CONFIG_BRIDGE_NETFILTER ++ if (hook != NF_INET_FORWARD || (nskb->nf_bridge != NULL && ++ nskb->nf_bridge->mask & BRNF_BRIDGED)) ++#else ++ if (hook != NF_INET_FORWARD) ++#endif ++ addr_type = RTN_LOCAL; ++ ++ if (ip_route_me_harder(nskb, addr_type)) ++ goto free_nskb; ++ ++ nskb->ip_summed = CHECKSUM_NONE; ++ ++ /* Adjust IP TTL */ ++ niph->ttl = dst_metric(nskb->dst, RTAX_HOPLIMIT); ++ ++ /* Adjust IP checksum */ ++ niph->check = 0; ++ niph->check = ip_fast_csum(skb_network_header(nskb), niph->ihl); ++ ++ /* "Never happens" */ ++ if (nskb->len > dst_mtu(nskb->dst)) ++ goto free_nskb; ++ ++ nf_ct_attach(nskb, oldskb); ++ ++ NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, nskb, NULL, nskb->dst->dev, ++ dst_output); ++ return; ++ ++ free_nskb: ++ kfree_skb(nskb); ++} ++ ++static unsigned int delude_tg(struct sk_buff *skb, ++ const struct net_device *in, const struct net_device *out, ++ unsigned int hooknum, const struct xt_target *target, const void *targinfo) ++{ ++ /* WARNING: This code causes reentry within iptables. ++ This means that the iptables jump stack is now crap. We ++ must return an absolute verdict. --RR */ ++ delude_send_reset(skb, hooknum); ++ return NF_DROP; ++} ++ ++static struct xt_target delude_tg_reg = { ++ .name = "DELUDE", ++ .family = AF_INET, ++ .table = "filter", ++ .hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD), ++ .target = delude_tg, ++ .proto = IPPROTO_TCP, ++ .me = THIS_MODULE, ++}; ++ ++static int __init delude_tg_init(void) ++{ ++ return xt_register_target(&delude_tg_reg); ++} ++ ++static void __exit delude_tg_exit(void) ++{ ++ xt_unregister_target(&delude_tg_reg); ++} ++ ++module_init(delude_tg_init); ++module_exit(delude_tg_exit); ++MODULE_AUTHOR("Jan Engelhardt <jengelh@computergmbh.de>"); ++MODULE_DESCRIPTION("netfilter \"DELUDE\" target"); ++MODULE_LICENSE("GPL"); ++MODULE_ALIAS("ipt_DELUDE"); +--- /dev/null ++++ b/net/netfilter/xt_portscan.c +@@ -0,0 +1,269 @@ ++/* ++ * portscan match for netfilter ++ * Copyright © CC Computer Consultants GmbH, 2006 - 2007 ++ * Contact: Jan Engelhardt <jengelh@computergmbh.de> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License; either version ++ * 2 or 3 as published by the Free Software Foundation. ++ */ ++#include <linux/in.h> ++#include <linux/ip.h> ++#include <linux/module.h> ++#include <linux/moduleparam.h> ++#include <linux/skbuff.h> ++#include <linux/stat.h> ++#include <linux/tcp.h> ++#include <linux/types.h> ++#include <linux/version.h> ++#include <linux/netfilter/x_tables.h> ++#include <linux/netfilter/xt_tcpudp.h> ++#include <net/netfilter/nf_nat_rule.h> ++#if defined(_LOCAL) ++# include "xt_portscan.h" ++#elif defined(CONFIG_NETFILTER_XT_MATCH_PORTSCAN) || \ ++ defined(CONFIG_NETFILTER_XT_MATCH_PORTSCAN_MODULE) ++# include <linux/netfilter/xt_portscan.h> ++#else ++# include "xt_portscan.h" ++#endif ++#define PFX KBUILD_MODNAME ": " ++ ++enum { ++ TCP_FLAGS_ALL3 = TCP_FLAG_FIN | TCP_FLAG_RST | TCP_FLAG_SYN, ++ TCP_FLAGS_ALL4 = TCP_FLAGS_ALL3 | TCP_FLAG_ACK, ++ TCP_FLAGS_ALL6 = TCP_FLAGS_ALL4 | TCP_FLAG_PSH | TCP_FLAG_URG, ++}; ++ ++/* Module parameters */ ++static unsigned int ++ connmark_mask = ~0, ++ packet_mask = ~0, ++ mark_seen = 0x9, ++ mark_synrcv = 0x1, ++ mark_closed = 0x2, ++ mark_synscan = 0x3, ++ mark_estab1 = 0x4, ++ mark_estab2 = 0x5, ++ mark_cnscan = 0x6, ++ mark_grscan = 0x7, ++ mark_valid = 0x8; ++ ++module_param(connmark_mask, uint, S_IRUGO | S_IWUSR); ++module_param(packet_mask, uint, S_IRUGO | S_IWUSR); ++module_param(mark_seen, uint, S_IRUGO | S_IWUSR); ++module_param(mark_synrcv, uint, S_IRUGO | S_IWUSR); ++module_param(mark_closed, uint, S_IRUGO | S_IWUSR); ++module_param(mark_synscan, uint, S_IRUGO | S_IWUSR); ++module_param(mark_estab1, uint, S_IRUGO | S_IWUSR); ++module_param(mark_estab2, uint, S_IRUGO | S_IWUSR); ++module_param(mark_cnscan, uint, S_IRUGO | S_IWUSR); ++module_param(mark_grscan, uint, S_IRUGO | S_IWUSR); ++module_param(mark_valid, uint, S_IRUGO | S_IWUSR); ++MODULE_PARM_DESC(connmark_mask, "only set specified bits in connection mark"); ++MODULE_PARM_DESC(packet_mask, "only set specified bits in packet mark"); ++MODULE_PARM_DESC(mark_seen, "nfmark value for packet-seen state"); ++MODULE_PARM_DESC(mark_synrcv, "connmark value for SYN Received state"); ++MODULE_PARM_DESC(mark_closed, "connmark value for closed state"); ++MODULE_PARM_DESC(mark_synscan, "connmark value for SYN Scan state"); ++MODULE_PARM_DESC(mark_estab1, "connmark value for Established-1 state"); ++MODULE_PARM_DESC(mark_estab2, "connmark value for Established-2 state"); ++MODULE_PARM_DESC(mark_cnscan, "connmark value for Connect Scan state"); ++MODULE_PARM_DESC(mark_grscan, "connmark value for Grab Scan state"); ++MODULE_PARM_DESC(mark_valid, "connmark value for Valid state"); ++ ++/* TCP flag functions */ ++static inline bool tflg_ack4(const struct tcphdr *th) ++{ ++ return (tcp_flag_word(th) & TCP_FLAGS_ALL4) == TCP_FLAG_ACK; ++} ++ ++static inline bool tflg_ack6(const struct tcphdr *th) ++{ ++ return (tcp_flag_word(th) & TCP_FLAGS_ALL6) == TCP_FLAG_ACK; ++} ++ ++static inline bool tflg_fin(const struct tcphdr *th) ++{ ++ return (tcp_flag_word(th) & TCP_FLAGS_ALL3) == TCP_FLAG_FIN; ++} ++ ++static inline bool tflg_rst(const struct tcphdr *th) ++{ ++ return (tcp_flag_word(th) & TCP_FLAGS_ALL3) == TCP_FLAG_RST; ++} ++ ++static inline bool tflg_rstack(const struct tcphdr *th) ++{ ++ return (tcp_flag_word(th) & TCP_FLAGS_ALL4) == ++ (TCP_FLAG_ACK | TCP_FLAG_RST); ++} ++ ++static inline bool tflg_syn(const struct tcphdr *th) ++{ ++ return (tcp_flag_word(th) & TCP_FLAGS_ALL4) == TCP_FLAG_SYN; ++} ++ ++static inline bool tflg_synack(const struct tcphdr *th) ++{ ++ return (tcp_flag_word(th) & TCP_FLAGS_ALL4) == ++ (TCP_FLAG_SYN | TCP_FLAG_ACK); ++} ++ ++/* portscan functions */ ++static inline bool portscan_mt_stealth(const struct tcphdr *th) ++{ ++ /* ++ * "Connection refused" replies to our own probes must not be matched. ++ */ ++ if (tflg_rstack(th)) ++ return false; ++ ++ if (tflg_rst(th) && printk_ratelimit()) { ++ printk(KERN_WARNING PFX "Warning: Pure RST received\n"); ++ return false; ++ } ++ ++ /* ++ * -p tcp ! --syn -m conntrack --ctstate INVALID: Looking for non-start ++ * packets that are not associated with any connection -- this will ++ * match most scan types (NULL, XMAS, FIN) and ridiculous flag ++ * combinations (SYN-RST, SYN-FIN, SYN-FIN-RST, FIN-RST, etc.). ++ */ ++ return !tflg_syn(th); ++} ++ ++static inline unsigned int portscan_mt_full(int mark, ++ enum ip_conntrack_info ctstate, bool loopback, const struct tcphdr *tcph, ++ unsigned int payload_len) ++{ ++ if (mark == mark_estab2) { ++ /* ++ * -m connmark --mark $ESTAB2 ++ */ ++ if (tflg_ack4(tcph) && payload_len == 0) ++ return mark; /* keep mark */ ++ else if (tflg_rst(tcph) || tflg_fin(tcph)) ++ return mark_grscan; ++ else ++ return mark_valid; ++ } else if (mark == mark_estab1) { ++ /* ++ * -m connmark --mark $ESTAB1 ++ */ ++ if (tflg_rst(tcph) || tflg_fin(tcph)) ++ return mark_cnscan; ++ else if (!loopback && tflg_ack4(tcph) && payload_len == 0) ++ return mark_estab2; ++ else ++ return mark_valid; ++ } else if (mark == mark_synrcv) { ++ /* ++ * -m connmark --mark $SYN ++ */ ++ if (loopback && tflg_synack(tcph)) ++ return mark; /* keep mark */ ++ else if (loopback && tflg_rstack(tcph)) ++ return mark_closed; ++ else if (tflg_ack6(tcph)) ++ return mark_estab1; ++ else ++ return mark_synscan; ++ } else if (ctstate == IP_CT_NEW && tflg_syn(tcph)) { ++ /* ++ * -p tcp --syn --ctstate NEW ++ */ ++ return mark_synrcv; ++ } ++ return mark; ++} ++ ++static bool portscan_mt(const struct sk_buff *skb, ++ const struct net_device *in, const struct net_device *out, ++ const struct xt_match *match, const void *matchinfo, int offset, ++ unsigned int protoff, bool *hotdrop) ++{ ++ const struct xt_portscan_match_info *info = matchinfo; ++ enum ip_conntrack_info ctstate; ++ const struct tcphdr *tcph; ++ struct nf_conn *ctdata; ++ struct tcphdr tcph_buf; ++ ++ tcph = skb_header_pointer(skb, protoff, sizeof(tcph_buf), &tcph_buf); ++ if (tcph == NULL) ++ return false; ++ ++ /* Check for invalid packets: -m conntrack --ctstate INVALID */ ++ if ((ctdata = nf_ct_get(skb, &ctstate)) == NULL) { ++ if (info->match_stealth) ++ return portscan_mt_stealth(tcph); ++ /* ++ * If @ctdata is NULL, we cannot match the other scan ++ * types, return. ++ */ ++ return false; ++ } ++ ++ /* ++ * If -m portscan was previously applied to this packet, the rules we ++ * simulate must not be run through again. And for speedup, do not call ++ * it either when the connection is already VALID. ++ */ ++ if ((ctdata->mark & connmark_mask) == mark_valid || ++ (skb->mark & packet_mask) != mark_seen) { ++ unsigned int n; ++ ++ n = portscan_mt_full(ctdata->mark & connmark_mask, ctstate, ++ (in->flags & IFF_LOOPBACK) == IFF_LOOPBACK, tcph, ++ skb->len - protoff - 4 * tcph->doff); ++ ++ ctdata->mark = (ctdata->mark & ~connmark_mask) | n; ++ ((struct sk_buff *)skb)->mark = ++ (skb->mark & ~packet_mask) ^ mark_seen; ++ } ++ ++ return (info->match_syn && ctdata->mark == mark_synscan) || ++ (info->match_cn && ctdata->mark == mark_cnscan) || ++ (info->match_gr && ctdata->mark == mark_grscan); ++} ++ ++static bool portscan_mt_check(const char *tablename, const void *entry, ++ const struct xt_match *match, void *matchinfo, unsigned int hook_mask) ++{ ++ const struct xt_portscan_match_info *info = matchinfo; ++ ++ if ((info->match_stealth & ~1) || (info->match_syn & ~1) || ++ (info->match_cn & ~1) || (info->match_gr & ~1)) { ++ printk(KERN_WARNING PFX "Invalid flags\n"); ++ return false; ++ } ++ return true; ++} ++ ++static struct xt_match portscan_mt_reg __read_mostly = { ++ .name = "portscan", ++ .family = AF_INET, ++ .match = portscan_mt, ++ .checkentry = portscan_mt_check, ++ .matchsize = sizeof(struct xt_portscan_match_info), ++ .proto = IPPROTO_TCP, ++ .me = THIS_MODULE, ++}; ++ ++static int __init portscan_mt_init(void) ++{ ++ return xt_register_match(&portscan_mt_reg); ++} ++ ++static void __exit portscan_mt_exit(void) ++{ ++ xt_unregister_match(&portscan_mt_reg); ++ return; ++} ++ ++module_init(portscan_mt_init); ++module_exit(portscan_mt_exit); ++MODULE_AUTHOR("Jan Engelhardt <jengelh@computergmbh.de>"); ++MODULE_DESCRIPTION("netfilter \"portscan\" match"); ++MODULE_LICENSE("GPL"); ++MODULE_ALIAS("ipt_portscan"); +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -1555,6 +1555,8 @@ + return seq; + } + ++EXPORT_SYMBOL(secure_tcp_sequence_number); ++ + /* Generate secure starting point for ephemeral IPV4 transport port search */ + u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport) + { diff --git a/target/linux/generic-2.6/patches-2.6.27/171-netfilter_tarpit.patch b/target/linux/generic-2.6/patches-2.6.27/171-netfilter_tarpit.patch new file mode 100644 index 0000000000..9026f96a9b --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/171-netfilter_tarpit.patch @@ -0,0 +1,318 @@ +--- a/net/netfilter/Kconfig ++++ b/net/netfilter/Kconfig +@@ -457,6 +457,23 @@ + + To compile it as a module, choose M here. If unsure, say N. + ++config NETFILTER_XT_TARGET_TARPIT ++ tristate '"TARPIT" target support' ++ depends on NETFILTER_XTABLES ++ ---help--- ++ Adds a TARPIT target to iptables, which captures and holds ++ incoming TCP connections using no local per-connection resources. ++ Connections are accepted, but immediately switched to the persist ++ state (0 byte window), in which the remote side stops sending data ++ and asks to continue every 60-240 seconds. Attempts to close the ++ connection are ignored, forcing the remote side to time out the ++ connection in 12-24 minutes. ++ ++ This offers similar functionality to LaBrea ++ <http://www.hackbusters.net/LaBrea/>, but does not require dedicated ++ hardware or IPs. Any TCP port that you would normally DROP or REJECT ++ can instead become a tarpit. ++ + config NETFILTER_XT_TARGET_TCPMSS + tristate '"TCPMSS" target support' + depends on NETFILTER_XTABLES && (IPV6 || IPV6=n) +--- a/net/netfilter/Makefile ++++ b/net/netfilter/Makefile +@@ -48,6 +48,7 @@ + obj-$(CONFIG_NETFILTER_XT_TARGET_NOTRACK) += xt_NOTRACK.o + obj-$(CONFIG_NETFILTER_XT_TARGET_RATEEST) += xt_RATEEST.o + obj-$(CONFIG_NETFILTER_XT_TARGET_SECMARK) += xt_SECMARK.o ++obj-$(CONFIG_NETFILTER_XT_TARGET_TARPIT) += xt_TARPIT.o + obj-$(CONFIG_NETFILTER_XT_TARGET_TCPMSS) += xt_TCPMSS.o + obj-$(CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP) += xt_TCPOPTSTRIP.o + obj-$(CONFIG_NETFILTER_XT_TARGET_TRACE) += xt_TRACE.o +--- /dev/null ++++ b/net/netfilter/xt_TARPIT.c +@@ -0,0 +1,279 @@ ++/* ++ * Kernel module to capture and hold incoming TCP connections using ++ * no local per-connection resources. ++ * ++ * Based on ipt_REJECT.c and offering functionality similar to ++ * LaBrea <http://www.hackbusters.net/LaBrea/>. ++ * ++ * Copyright (c) 2002 Aaron Hopkins <tools@die.net> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++ * ++ * Goal: ++ * - Allow incoming TCP connections to be established. ++ * - Passing data should result in the connection being switched to the ++ * persist state (0 byte window), in which the remote side stops sending ++ * data and asks to continue every 60 seconds. ++ * - Attempts to shut down the connection should be ignored completely, so ++ * the remote side ends up having to time it out. ++ * ++ * This means: ++ * - Reply to TCP SYN,!ACK,!RST,!FIN with SYN-ACK, window 5 bytes ++ * - Reply to TCP SYN,ACK,!RST,!FIN with RST to prevent spoofing ++ * - Reply to TCP !SYN,!RST,!FIN with ACK, window 0 bytes, rate-limited ++ */ ++ ++#include <linux/version.h> ++#include <linux/module.h> ++#include <linux/skbuff.h> ++#include <linux/ip.h> ++#include <net/ip.h> ++#include <net/tcp.h> ++#include <net/icmp.h> ++struct in_device; ++#include <net/route.h> ++#include <linux/random.h> ++#include <linux/netfilter_ipv4/ip_tables.h> ++ ++#if 0 ++#define DEBUGP printk ++#else ++#define DEBUGP(format, args...) ++#endif ++ ++/* Stolen from ip_finish_output2 */ ++static int ip_direct_send(struct sk_buff *skb) ++{ ++ struct dst_entry *dst = skb->dst; ++ ++ if (dst->hh != NULL) ++ return neigh_hh_output(dst->hh, skb); ++ else if (dst->neighbour != NULL) ++ return dst->neighbour->output(skb); ++ ++ if (net_ratelimit()) ++ printk(KERN_DEBUG "TARPIT ip_direct_send: no header cache and no neighbor!\n"); ++ ++ kfree_skb(skb); ++ return -EINVAL; ++} ++ ++ ++/* Send reply */ ++static void tarpit_tcp(const struct sk_buff *oskb, struct rtable *ort, ++ unsigned int local) ++{ ++ struct sk_buff *nskb; ++ struct rtable *nrt; ++ struct tcphdr *otcph, *ntcph; ++ struct flowi fl = {}; ++ unsigned int otcplen; ++ u_int16_t tmp; ++ ++ const struct iphdr *oiph = ip_hdr(oskb); ++ struct iphdr *niph; ++ ++ /* A truncated TCP header is not going to be useful */ ++ if (oskb->len < ip_hdrlen(oskb) + sizeof(struct tcphdr)) ++ return; ++ ++ otcph = (void *)oiph + ip_hdrlen(oskb); ++ otcplen = oskb->len - ip_hdrlen(oskb); ++ ++ /* No replies for RST or FIN */ ++ if (otcph->rst || otcph->fin) ++ return; ++ ++ /* No reply to !SYN,!ACK. Rate-limit replies to !SYN,ACKs */ ++ if (!otcph->syn && (!otcph->ack || !xrlim_allow(&ort->u.dst, 1*HZ))) ++ return; ++ ++ /* Check checksum. */ ++ if (tcp_v4_check(otcplen, oiph->saddr, oiph->daddr, ++ csum_partial((char *)otcph, otcplen, 0)) != 0) ++ return; ++ ++ /* ++ * Copy skb (even if skb is about to be dropped, we cannot just ++ * clone it because there may be other things, such as tcpdump, ++ * interested in it) ++ */ ++ nskb = skb_copy(oskb, GFP_ATOMIC); ++ if (nskb == NULL) ++ return; ++ ++ niph = ip_hdr(nskb); ++ ++ /* This packet will not be the same as the other: clear nf fields */ ++ nf_conntrack_put(nskb->nfct); ++ nskb->nfct = NULL; ++#ifdef CONFIG_NETFILTER_DEBUG ++ nskb->nf_debug = 0; ++#endif ++ ++ ntcph = (void *)niph + ip_hdrlen(nskb); ++ ++ /* Truncate to length (no data) */ ++ ntcph->doff = sizeof(struct tcphdr)/4; ++ skb_trim(nskb, ip_hdrlen(nskb) + sizeof(struct tcphdr)); ++ niph->tot_len = htons(nskb->len); ++ ++ /* Swap source and dest */ ++ niph->daddr = xchg(&niph->saddr, niph->daddr); ++ tmp = ntcph->source; ++ ntcph->source = ntcph->dest; ++ ntcph->dest = tmp; ++ ++ /* Use supplied sequence number or make a new one */ ++ ntcph->seq = otcph->ack ? otcph->ack_seq ++ : htonl(secure_tcp_sequence_number(niph->saddr, ++ niph->daddr, ++ ntcph->source, ++ ntcph->dest)); ++ ++ /* Our SYN-ACKs must have a >0 window */ ++ ntcph->window = (otcph->syn && !otcph->ack) ? htons(5) : 0; ++ ++ ntcph->urg_ptr = 0; ++ ++ /* Reset flags */ ++ ((u_int8_t *)ntcph)[13] = 0; ++ ++ if (otcph->syn && otcph->ack) { ++ ntcph->rst = 1; ++ ntcph->ack_seq = 0; ++ } else { ++ ntcph->syn = otcph->syn; ++ ntcph->ack = 1; ++ ntcph->ack_seq = htonl(ntohl(otcph->seq) + otcph->syn); ++ } ++ ++ /* Adjust TCP checksum */ ++ ntcph->check = 0; ++ ntcph->check = tcp_v4_check(sizeof(struct tcphdr), ++ niph->saddr, ++ niph->daddr, ++ csum_partial((char *)ntcph, ++ sizeof(struct tcphdr), 0)); ++ ++ fl.nl_u.ip4_u.daddr = niph->daddr; ++ fl.nl_u.ip4_u.saddr = local ? niph->saddr : 0; ++ fl.nl_u.ip4_u.tos = RT_TOS(niph->tos) | RTO_CONN; ++ fl.oif = 0; ++ ++ if (ip_route_output_key(&init_net, &nrt, &fl)) ++ goto free_nskb; ++ ++ dst_release(nskb->dst); ++ nskb->dst = &nrt->u.dst; ++ ++ /* Adjust IP TTL */ ++ niph->ttl = dst_metric(nskb->dst, RTAX_HOPLIMIT); ++ ++ /* Set DF, id = 0 */ ++ niph->frag_off = htons(IP_DF); ++ niph->id = 0; ++ ++ /* Adjust IP checksum */ ++ niph->check = 0; ++ niph->check = ip_fast_csum((unsigned char *)niph, niph->ihl); ++ ++ /* "Never happens" */ ++ if (nskb->len > dst_mtu(nskb->dst)) ++ goto free_nskb; ++ ++ ip_direct_send(nskb); ++ return; ++ ++ free_nskb: ++ kfree_skb(nskb); ++} ++ ++static unsigned int xt_tarpit_target(struct sk_buff *skb, ++ const struct net_device *in, ++ const struct net_device *out, ++ unsigned int hooknum, ++ const struct xt_target *target, ++ const void *targinfo) ++{ ++ const struct iphdr *iph = ip_hdr(skb); ++ struct rtable *rt = (void *)skb->dst; ++ ++ /* Do we have an input route cache entry? */ ++ if (rt == NULL) ++ return NF_DROP; ++ ++ /* No replies to physical multicast/broadcast */ ++ if (skb->pkt_type != PACKET_HOST && skb->pkt_type != PACKET_OTHERHOST) ++ return NF_DROP; ++ ++ /* Now check at the protocol level */ ++ if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) ++ return NF_DROP; ++ ++ /* ++ * Our naive response construction does not deal with IP ++ * options, and probably should not try. ++ */ ++ if (iph->ihl * 4 != sizeof(struct iphdr)) ++ return NF_DROP; ++ ++ /* We are not interested in fragments */ ++ if (iph->frag_off & htons(IP_OFFSET)) ++ return NF_DROP; ++ ++ tarpit_tcp(skb, rt, hooknum == NF_INET_LOCAL_IN); ++ return NF_DROP; ++} ++ ++static bool xt_tarpit_check(const char *tablename, const void *entry, ++ const struct xt_target *target, void *targinfo, ++ unsigned int hook_mask) ++{ ++ bool invalid; ++ ++ if (strcmp(tablename, "raw") == 0 && hook_mask == NF_INET_PRE_ROUTING) ++ return true; ++ if (strcmp(tablename, "filter") != 0) ++ return false; ++ invalid = hook_mask & ~((1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD)); ++ return !invalid; ++} ++ ++static struct xt_target xt_tarpit_reg = { ++ .name = "TARPIT", ++ .family = AF_INET, ++ .proto = IPPROTO_TCP, ++ .target = xt_tarpit_target, ++ .checkentry = xt_tarpit_check, ++ .me = THIS_MODULE, ++}; ++ ++static int __init xt_tarpit_init(void) ++{ ++ return xt_register_target(&xt_tarpit_reg); ++} ++ ++static void __exit xt_tarpit_exit(void) ++{ ++ xt_unregister_target(&xt_tarpit_reg); ++} ++ ++module_init(xt_tarpit_init); ++module_exit(xt_tarpit_exit); ++MODULE_DESCRIPTION("netfilter xt_TARPIT target module"); ++MODULE_AUTHOR("Jan Engelhardt <jengelh@gmx.de>"); ++MODULE_LICENSE("GPL"); ++MODULE_ALIAS("ipt_TARPIT"); diff --git a/target/linux/generic-2.6/patches-2.6.27/180-netfilter_depends.patch b/target/linux/generic-2.6/patches-2.6.27/180-netfilter_depends.patch new file mode 100644 index 0000000000..f2e721acc5 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/180-netfilter_depends.patch @@ -0,0 +1,20 @@ +--- a/net/netfilter/Kconfig ++++ b/net/netfilter/Kconfig +@@ -165,7 +165,7 @@ + + config NF_CONNTRACK_H323 + tristate "H.323 protocol support" +- depends on NF_CONNTRACK && (IPV6 || IPV6=n) ++ depends on NF_CONNTRACK + depends on NETFILTER_ADVANCED + help + H.323 is a VoIP signalling protocol from ITU-T. As one of the most +@@ -476,7 +476,7 @@ + + config NETFILTER_XT_TARGET_TCPMSS + tristate '"TCPMSS" target support' +- depends on NETFILTER_XTABLES && (IPV6 || IPV6=n) ++ depends on NETFILTER_XTABLES + default m if NETFILTER_ADVANCED=n + ---help--- + This option adds a `TCPMSS' target, which allows you to alter the diff --git a/target/linux/generic-2.6/patches-2.6.27/190-netfilter_rtsp.patch b/target/linux/generic-2.6/patches-2.6.27/190-netfilter_rtsp.patch new file mode 100644 index 0000000000..7ee2d4beba --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/190-netfilter_rtsp.patch @@ -0,0 +1,1366 @@ +--- /dev/null ++++ b/include/linux/netfilter/nf_conntrack_rtsp.h +@@ -0,0 +1,63 @@ ++/* ++ * RTSP extension for IP connection tracking. ++ * (C) 2003 by Tom Marshall <tmarshall at real.com> ++ * based on ip_conntrack_irc.h ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ */ ++#ifndef _IP_CONNTRACK_RTSP_H ++#define _IP_CONNTRACK_RTSP_H ++ ++//#define IP_NF_RTSP_DEBUG 1 ++#define IP_NF_RTSP_VERSION "0.6.21" ++ ++#ifdef __KERNEL__ ++/* port block types */ ++typedef enum { ++ pb_single, /* client_port=x */ ++ pb_range, /* client_port=x-y */ ++ pb_discon /* client_port=x/y (rtspbis) */ ++} portblock_t; ++ ++/* We record seq number and length of rtsp headers here, all in host order. */ ++ ++/* ++ * This structure is per expected connection. It is a member of struct ++ * ip_conntrack_expect. The TCP SEQ for the conntrack expect is stored ++ * there and we are expected to only store the length of the data which ++ * needs replaced. If a packet contains multiple RTSP messages, we create ++ * one expected connection per message. ++ * ++ * We use these variables to mark the entire header block. This may seem ++ * like overkill, but the nature of RTSP requires it. A header may appear ++ * multiple times in a message. We must treat two Transport headers the ++ * same as one Transport header with two entries. ++ */ ++struct ip_ct_rtsp_expect ++{ ++ u_int32_t len; /* length of header block */ ++ portblock_t pbtype; /* Type of port block that was requested */ ++ u_int16_t loport; /* Port that was requested, low or first */ ++ u_int16_t hiport; /* Port that was requested, high or second */ ++#if 0 ++ uint method; /* RTSP method */ ++ uint cseq; /* CSeq from request */ ++#endif ++}; ++ ++extern unsigned int (*nf_nat_rtsp_hook)(struct sk_buff *skb, ++ enum ip_conntrack_info ctinfo, ++ unsigned int matchoff, unsigned int matchlen, ++ struct ip_ct_rtsp_expect *prtspexp, ++ struct nf_conntrack_expect *exp); ++ ++extern void (*nf_nat_rtsp_hook_expectfn)(struct nf_conn *ct, struct nf_conntrack_expect *exp); ++ ++#define RTSP_PORT 554 ++ ++#endif /* __KERNEL__ */ ++ ++#endif /* _IP_CONNTRACK_RTSP_H */ +--- /dev/null ++++ b/include/linux/netfilter_helpers.h +@@ -0,0 +1,133 @@ ++/* ++ * Helpers for netfiler modules. This file provides implementations for basic ++ * functions such as strncasecmp(), etc. ++ * ++ * gcc will warn for defined but unused functions, so we only include the ++ * functions requested. The following macros are used: ++ * NF_NEED_STRNCASECMP nf_strncasecmp() ++ * NF_NEED_STRTOU16 nf_strtou16() ++ * NF_NEED_STRTOU32 nf_strtou32() ++ */ ++#ifndef _NETFILTER_HELPERS_H ++#define _NETFILTER_HELPERS_H ++ ++/* Only include these functions for kernel code. */ ++#ifdef __KERNEL__ ++ ++#include <linux/ctype.h> ++#define iseol(c) ( (c) == '\r' || (c) == '\n' ) ++ ++/* ++ * The standard strncasecmp() ++ */ ++#ifdef NF_NEED_STRNCASECMP ++static int ++nf_strncasecmp(const char* s1, const char* s2, u_int32_t len) ++{ ++ if (s1 == NULL || s2 == NULL) ++ { ++ if (s1 == NULL && s2 == NULL) ++ { ++ return 0; ++ } ++ return (s1 == NULL) ? -1 : 1; ++ } ++ while (len > 0 && tolower(*s1) == tolower(*s2)) ++ { ++ len--; ++ s1++; ++ s2++; ++ } ++ return ( (len == 0) ? 0 : (tolower(*s1) - tolower(*s2)) ); ++} ++#endif /* NF_NEED_STRNCASECMP */ ++ ++/* ++ * Parse a string containing a 16-bit unsigned integer. ++ * Returns the number of chars used, or zero if no number is found. ++ */ ++#ifdef NF_NEED_STRTOU16 ++static int ++nf_strtou16(const char* pbuf, u_int16_t* pval) ++{ ++ int n = 0; ++ ++ *pval = 0; ++ while (isdigit(pbuf[n])) ++ { ++ *pval = (*pval * 10) + (pbuf[n] - '0'); ++ n++; ++ } ++ ++ return n; ++} ++#endif /* NF_NEED_STRTOU16 */ ++ ++/* ++ * Parse a string containing a 32-bit unsigned integer. ++ * Returns the number of chars used, or zero if no number is found. ++ */ ++#ifdef NF_NEED_STRTOU32 ++static int ++nf_strtou32(const char* pbuf, u_int32_t* pval) ++{ ++ int n = 0; ++ ++ *pval = 0; ++ while (pbuf[n] >= '0' && pbuf[n] <= '9') ++ { ++ *pval = (*pval * 10) + (pbuf[n] - '0'); ++ n++; ++ } ++ ++ return n; ++} ++#endif /* NF_NEED_STRTOU32 */ ++ ++/* ++ * Given a buffer and length, advance to the next line and mark the current ++ * line. ++ */ ++#ifdef NF_NEED_NEXTLINE ++static int ++nf_nextline(char* p, uint len, uint* poff, uint* plineoff, uint* plinelen) ++{ ++ uint off = *poff; ++ uint physlen = 0; ++ ++ if (off >= len) ++ { ++ return 0; ++ } ++ ++ while (p[off] != '\n') ++ { ++ if (len-off <= 1) ++ { ++ return 0; ++ } ++ ++ physlen++; ++ off++; ++ } ++ ++ /* if we saw a crlf, physlen needs adjusted */ ++ if (physlen > 0 && p[off] == '\n' && p[off-1] == '\r') ++ { ++ physlen--; ++ } ++ ++ /* advance past the newline */ ++ off++; ++ ++ *plineoff = *poff; ++ *plinelen = physlen; ++ *poff = off; ++ ++ return 1; ++} ++#endif /* NF_NEED_NEXTLINE */ ++ ++#endif /* __KERNEL__ */ ++ ++#endif /* _NETFILTER_HELPERS_H */ +--- /dev/null ++++ b/include/linux/netfilter_mime.h +@@ -0,0 +1,89 @@ ++/* ++ * MIME functions for netfilter modules. This file provides implementations ++ * for basic MIME parsing. MIME headers are used in many protocols, such as ++ * HTTP, RTSP, SIP, etc. ++ * ++ * gcc will warn for defined but unused functions, so we only include the ++ * functions requested. The following macros are used: ++ * NF_NEED_MIME_NEXTLINE nf_mime_nextline() ++ */ ++#ifndef _NETFILTER_MIME_H ++#define _NETFILTER_MIME_H ++ ++/* Only include these functions for kernel code. */ ++#ifdef __KERNEL__ ++ ++#include <linux/ctype.h> ++ ++/* ++ * Given a buffer and length, advance to the next line and mark the current ++ * line. If the current line is empty, *plinelen will be set to zero. If ++ * not, it will be set to the actual line length (including CRLF). ++ * ++ * 'line' in this context means logical line (includes LWS continuations). ++ * Returns 1 on success, 0 on failure. ++ */ ++#ifdef NF_NEED_MIME_NEXTLINE ++static int ++nf_mime_nextline(char* p, uint len, uint* poff, uint* plineoff, uint* plinelen) ++{ ++ uint off = *poff; ++ uint physlen = 0; ++ int is_first_line = 1; ++ ++ if (off >= len) ++ { ++ return 0; ++ } ++ ++ do ++ { ++ while (p[off] != '\n') ++ { ++ if (len-off <= 1) ++ { ++ return 0; ++ } ++ ++ physlen++; ++ off++; ++ } ++ ++ /* if we saw a crlf, physlen needs adjusted */ ++ if (physlen > 0 && p[off] == '\n' && p[off-1] == '\r') ++ { ++ physlen--; ++ } ++ ++ /* advance past the newline */ ++ off++; ++ ++ /* check for an empty line */ ++ if (physlen == 0) ++ { ++ break; ++ } ++ ++ /* check for colon on the first physical line */ ++ if (is_first_line) ++ { ++ is_first_line = 0; ++ if (memchr(p+(*poff), ':', physlen) == NULL) ++ { ++ return 0; ++ } ++ } ++ } ++ while (p[off] == ' ' || p[off] == '\t'); ++ ++ *plineoff = *poff; ++ *plinelen = (physlen == 0) ? 0 : (off - *poff); ++ *poff = off; ++ ++ return 1; ++} ++#endif /* NF_NEED_MIME_NEXTLINE */ ++ ++#endif /* __KERNEL__ */ ++ ++#endif /* _NETFILTER_MIME_H */ +--- a/net/ipv4/netfilter/Makefile ++++ b/net/ipv4/netfilter/Makefile +@@ -23,6 +23,7 @@ + obj-$(CONFIG_NF_NAT_FTP) += nf_nat_ftp.o + obj-$(CONFIG_NF_NAT_H323) += nf_nat_h323.o + obj-$(CONFIG_NF_NAT_IRC) += nf_nat_irc.o ++obj-$(CONFIG_NF_NAT_RTSP) += nf_nat_rtsp.o + obj-$(CONFIG_NF_NAT_PPTP) += nf_nat_pptp.o + obj-$(CONFIG_NF_NAT_SIP) += nf_nat_sip.o + obj-$(CONFIG_NF_NAT_SNMP_BASIC) += nf_nat_snmp_basic.o +--- a/net/netfilter/Kconfig ++++ b/net/netfilter/Kconfig +@@ -278,6 +278,16 @@ + + To compile it as a module, choose M here. If unsure, say N. + ++config NF_CONNTRACK_RTSP ++ tristate "RTSP protocol support" ++ depends on NF_CONNTRACK ++ help ++ Support the RTSP protocol. This allows UDP transports to be setup ++ properly, including RTP and RDT. ++ ++ If you want to compile it as a module, say 'M' here and read ++ Documentation/modules.txt. If unsure, say 'Y'. ++ + config NF_CT_NETLINK + tristate 'Connection tracking netlink interface' + depends on NF_CONNTRACK +--- a/net/netfilter/Makefile ++++ b/net/netfilter/Makefile +@@ -33,6 +33,7 @@ + obj-$(CONFIG_NF_CONNTRACK_SANE) += nf_conntrack_sane.o + obj-$(CONFIG_NF_CONNTRACK_SIP) += nf_conntrack_sip.o + obj-$(CONFIG_NF_CONNTRACK_TFTP) += nf_conntrack_tftp.o ++obj-$(CONFIG_NF_CONNTRACK_RTSP) += nf_conntrack_rtsp.o + + # generic X tables + obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o +--- a/net/ipv4/netfilter/Kconfig ++++ b/net/ipv4/netfilter/Kconfig +@@ -303,6 +303,11 @@ + depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT + default NF_NAT && NF_CONNTRACK_IRC + ++config NF_NAT_RTSP ++ tristate ++ depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT ++ default NF_NAT && NF_CONNTRACK_RTSP ++ + config NF_NAT_TFTP + tristate + depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT +--- /dev/null ++++ b/net/netfilter/nf_conntrack_rtsp.c +@@ -0,0 +1,517 @@ ++/* ++ * RTSP extension for IP connection tracking ++ * (C) 2003 by Tom Marshall <tmarshall at real.com> ++ * based on ip_conntrack_irc.c ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ * ++ * Module load syntax: ++ * insmod nf_conntrack_rtsp.o ports=port1,port2,...port<MAX_PORTS> ++ * max_outstanding=n setup_timeout=secs ++ * ++ * If no ports are specified, the default will be port 554. ++ * ++ * With max_outstanding you can define the maximum number of not yet ++ * answered SETUP requests per RTSP session (default 8). ++ * With setup_timeout you can specify how long the system waits for ++ * an expected data channel (default 300 seconds). ++ * ++ * 2005-02-13: Harald Welte <laforge at netfilter.org> ++ * - port to 2.6 ++ * - update to recent post-2.6.11 api changes ++ * 2006-09-14: Steven Van Acker <deepstar at singularity.be> ++ * - removed calls to NAT code from conntrack helper: NAT no longer needed to use rtsp-conntrack ++ * 2007-04-18: Michael Guntsche <mike at it-loops.com> ++ * - Port to new NF API ++ */ ++ ++#include <linux/module.h> ++#include <linux/netfilter.h> ++#include <linux/ip.h> ++#include <linux/inet.h> ++#include <net/tcp.h> ++ ++#include <net/netfilter/nf_conntrack.h> ++#include <net/netfilter/nf_conntrack_expect.h> ++#include <net/netfilter/nf_conntrack_helper.h> ++#include <linux/netfilter/nf_conntrack_rtsp.h> ++ ++#define NF_NEED_STRNCASECMP ++#define NF_NEED_STRTOU16 ++#define NF_NEED_STRTOU32 ++#define NF_NEED_NEXTLINE ++#include <linux/netfilter_helpers.h> ++#define NF_NEED_MIME_NEXTLINE ++#include <linux/netfilter_mime.h> ++ ++#include <linux/ctype.h> ++#define MAX_SIMUL_SETUP 8 /* XXX: use max_outstanding */ ++#define INFOP(fmt, args...) printk(KERN_INFO "%s: %s: " fmt, __FILE__, __FUNCTION__ , ## args) ++#if 0 ++#define DEBUGP(fmt, args...) printk(KERN_DEBUG "%s: %s: " fmt, __FILE__, __FUNCTION__ , ## args) ++#else ++#define DEBUGP(fmt, args...) ++#endif ++ ++#define MAX_PORTS 8 ++static int ports[MAX_PORTS]; ++static int num_ports = 0; ++static int max_outstanding = 8; ++static unsigned int setup_timeout = 300; ++ ++MODULE_AUTHOR("Tom Marshall <tmarshall at real.com>"); ++MODULE_DESCRIPTION("RTSP connection tracking module"); ++MODULE_LICENSE("GPL"); ++module_param_array(ports, int, &num_ports, 0400); ++MODULE_PARM_DESC(ports, "port numbers of RTSP servers"); ++module_param(max_outstanding, int, 0400); ++MODULE_PARM_DESC(max_outstanding, "max number of outstanding SETUP requests per RTSP session"); ++module_param(setup_timeout, int, 0400); ++MODULE_PARM_DESC(setup_timeout, "timeout on for unestablished data channels"); ++ ++static char *rtsp_buffer; ++static DEFINE_SPINLOCK(rtsp_buffer_lock); ++ ++unsigned int (*nf_nat_rtsp_hook)(struct sk_buff *skb, ++ enum ip_conntrack_info ctinfo, ++ unsigned int matchoff, unsigned int matchlen,struct ip_ct_rtsp_expect* prtspexp, ++ struct nf_conntrack_expect *exp); ++void (*nf_nat_rtsp_hook_expectfn)(struct nf_conn *ct, struct nf_conntrack_expect *exp); ++ ++EXPORT_SYMBOL_GPL(nf_nat_rtsp_hook); ++ ++/* ++ * Max mappings we will allow for one RTSP connection (for RTP, the number ++ * of allocated ports is twice this value). Note that SMIL burns a lot of ++ * ports so keep this reasonably high. If this is too low, you will see a ++ * lot of "no free client map entries" messages. ++ */ ++#define MAX_PORT_MAPS 16 ++ ++/*** default port list was here in the masq code: 554, 3030, 4040 ***/ ++ ++#define SKIP_WSPACE(ptr,len,off) while(off < len && isspace(*(ptr+off))) { off++; } ++ ++/* ++ * Parse an RTSP packet. ++ * ++ * Returns zero if parsing failed. ++ * ++ * Parameters: ++ * IN ptcp tcp data pointer ++ * IN tcplen tcp data len ++ * IN/OUT ptcpoff points to current tcp offset ++ * OUT phdrsoff set to offset of rtsp headers ++ * OUT phdrslen set to length of rtsp headers ++ * OUT pcseqoff set to offset of CSeq header ++ * OUT pcseqlen set to length of CSeq header ++ */ ++static int ++rtsp_parse_message(char* ptcp, uint tcplen, uint* ptcpoff, ++ uint* phdrsoff, uint* phdrslen, ++ uint* pcseqoff, uint* pcseqlen, ++ uint* transoff, uint* translen) ++{ ++ uint entitylen = 0; ++ uint lineoff; ++ uint linelen; ++ ++ if (!nf_nextline(ptcp, tcplen, ptcpoff, &lineoff, &linelen)) ++ return 0; ++ ++ *phdrsoff = *ptcpoff; ++ while (nf_mime_nextline(ptcp, tcplen, ptcpoff, &lineoff, &linelen)) { ++ if (linelen == 0) { ++ if (entitylen > 0) ++ *ptcpoff += min(entitylen, tcplen - *ptcpoff); ++ break; ++ } ++ if (lineoff+linelen > tcplen) { ++ INFOP("!! overrun !!\n"); ++ break; ++ } ++ ++ if (nf_strncasecmp(ptcp+lineoff, "CSeq:", 5) == 0) { ++ *pcseqoff = lineoff; ++ *pcseqlen = linelen; ++ } ++ ++ if (nf_strncasecmp(ptcp+lineoff, "Transport:", 10) == 0) { ++ *transoff = lineoff; ++ *translen = linelen; ++ } ++ ++ if (nf_strncasecmp(ptcp+lineoff, "Content-Length:", 15) == 0) { ++ uint off = lineoff+15; ++ SKIP_WSPACE(ptcp+lineoff, linelen, off); ++ nf_strtou32(ptcp+off, &entitylen); ++ } ++ } ++ *phdrslen = (*ptcpoff) - (*phdrsoff); ++ ++ return 1; ++} ++ ++/* ++ * Find lo/hi client ports (if any) in transport header ++ * In: ++ * ptcp, tcplen = packet ++ * tranoff, tranlen = buffer to search ++ * ++ * Out: ++ * pport_lo, pport_hi = lo/hi ports (host endian) ++ * ++ * Returns nonzero if any client ports found ++ * ++ * Note: it is valid (and expected) for the client to request multiple ++ * transports, so we need to parse the entire line. ++ */ ++static int ++rtsp_parse_transport(char* ptran, uint tranlen, ++ struct ip_ct_rtsp_expect* prtspexp) ++{ ++ int rc = 0; ++ uint off = 0; ++ ++ if (tranlen < 10 || !iseol(ptran[tranlen-1]) || ++ nf_strncasecmp(ptran, "Transport:", 10) != 0) { ++ INFOP("sanity check failed\n"); ++ return 0; ++ } ++ ++ DEBUGP("tran='%.*s'\n", (int)tranlen, ptran); ++ off += 10; ++ SKIP_WSPACE(ptran, tranlen, off); ++ ++ /* Transport: tran;field;field=val,tran;field;field=val,... */ ++ while (off < tranlen) { ++ const char* pparamend; ++ uint nextparamoff; ++ ++ pparamend = memchr(ptran+off, ',', tranlen-off); ++ pparamend = (pparamend == NULL) ? ptran+tranlen : pparamend+1; ++ nextparamoff = pparamend-ptran; ++ ++ while (off < nextparamoff) { ++ const char* pfieldend; ++ uint nextfieldoff; ++ ++ pfieldend = memchr(ptran+off, ';', nextparamoff-off); ++ nextfieldoff = (pfieldend == NULL) ? nextparamoff : pfieldend-ptran+1; ++ ++ if (strncmp(ptran+off, "client_port=", 12) == 0) { ++ u_int16_t port; ++ uint numlen; ++ ++ off += 12; ++ numlen = nf_strtou16(ptran+off, &port); ++ off += numlen; ++ if (prtspexp->loport != 0 && prtspexp->loport != port) ++ DEBUGP("multiple ports found, port %hu ignored\n", port); ++ else { ++ DEBUGP("lo port found : %hu\n", port); ++ prtspexp->loport = prtspexp->hiport = port; ++ if (ptran[off] == '-') { ++ off++; ++ numlen = nf_strtou16(ptran+off, &port); ++ off += numlen; ++ prtspexp->pbtype = pb_range; ++ prtspexp->hiport = port; ++ ++ // If we have a range, assume rtp: ++ // loport must be even, hiport must be loport+1 ++ if ((prtspexp->loport & 0x0001) != 0 || ++ prtspexp->hiport != prtspexp->loport+1) { ++ DEBUGP("incorrect range: %hu-%hu, correcting\n", ++ prtspexp->loport, prtspexp->hiport); ++ prtspexp->loport &= 0xfffe; ++ prtspexp->hiport = prtspexp->loport+1; ++ } ++ } else if (ptran[off] == '/') { ++ off++; ++ numlen = nf_strtou16(ptran+off, &port); ++ off += numlen; ++ prtspexp->pbtype = pb_discon; ++ prtspexp->hiport = port; ++ } ++ rc = 1; ++ } ++ } ++ ++ /* ++ * Note we don't look for the destination parameter here. ++ * If we are using NAT, the NAT module will handle it. If not, ++ * and the client is sending packets elsewhere, the expectation ++ * will quietly time out. ++ */ ++ ++ off = nextfieldoff; ++ } ++ ++ off = nextparamoff; ++ } ++ ++ return rc; ++} ++ ++void expected(struct nf_conn *ct, struct nf_conntrack_expect *exp) ++{ ++ if(nf_nat_rtsp_hook_expectfn) { ++ nf_nat_rtsp_hook_expectfn(ct,exp); ++ } ++} ++ ++/*** conntrack functions ***/ ++ ++/* outbound packet: client->server */ ++ ++static inline int ++help_out(struct sk_buff *skb, unsigned char *rb_ptr, unsigned int datalen, ++ struct nf_conn *ct, enum ip_conntrack_info ctinfo) ++{ ++ struct ip_ct_rtsp_expect expinfo; ++ ++ int dir = CTINFO2DIR(ctinfo); /* = IP_CT_DIR_ORIGINAL */ ++ //struct tcphdr* tcph = (void*)iph + iph->ihl * 4; ++ //uint tcplen = pktlen - iph->ihl * 4; ++ char* pdata = rb_ptr; ++ //uint datalen = tcplen - tcph->doff * 4; ++ uint dataoff = 0; ++ int ret = NF_ACCEPT; ++ ++ struct nf_conntrack_expect *exp; ++ ++ __be16 be_loport; ++ ++ memset(&expinfo, 0, sizeof(expinfo)); ++ ++ while (dataoff < datalen) { ++ uint cmdoff = dataoff; ++ uint hdrsoff = 0; ++ uint hdrslen = 0; ++ uint cseqoff = 0; ++ uint cseqlen = 0; ++ uint transoff = 0; ++ uint translen = 0; ++ uint off; ++ ++ if (!rtsp_parse_message(pdata, datalen, &dataoff, ++ &hdrsoff, &hdrslen, ++ &cseqoff, &cseqlen, ++ &transoff, &translen)) ++ break; /* not a valid message */ ++ ++ if (strncmp(pdata+cmdoff, "SETUP ", 6) != 0) ++ continue; /* not a SETUP message */ ++ DEBUGP("found a setup message\n"); ++ ++ off = 0; ++ if(translen) { ++ rtsp_parse_transport(pdata+transoff, translen, &expinfo); ++ } ++ ++ if (expinfo.loport == 0) { ++ DEBUGP("no udp transports found\n"); ++ continue; /* no udp transports found */ ++ } ++ ++ DEBUGP("udp transport found, ports=(%d,%hu,%hu)\n", ++ (int)expinfo.pbtype, expinfo.loport, expinfo.hiport); ++ ++ exp = nf_ct_expect_alloc(ct); ++ if (!exp) { ++ ret = NF_DROP; ++ goto out; ++ } ++ ++ be_loport = htons(expinfo.loport); ++ ++ nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, ++ ct->tuplehash[!dir].tuple.src.l3num, ++ &ct->tuplehash[!dir].tuple.src.u3, &ct->tuplehash[!dir].tuple.dst.u3, ++ IPPROTO_UDP, NULL, &be_loport); ++ ++ exp->master = ct; ++ ++ exp->expectfn = expected; ++ exp->flags = 0; ++ ++ if (expinfo.pbtype == pb_range) { ++ DEBUGP("Changing expectation mask to handle multiple ports\n"); ++ exp->mask.src.u.udp.port = 0xfffe; ++ } ++ ++ DEBUGP("expect_related %u.%u.%u.%u:%u-%u.%u.%u.%u:%u\n", ++ NIPQUAD(exp->tuple.src.u3.ip), ++ ntohs(exp->tuple.src.u.udp.port), ++ NIPQUAD(exp->tuple.dst.u3.ip), ++ ntohs(exp->tuple.dst.u.udp.port)); ++ ++ if (nf_nat_rtsp_hook) ++ /* pass the request off to the nat helper */ ++ ret = nf_nat_rtsp_hook(skb, ctinfo, hdrsoff, hdrslen, &expinfo, exp); ++ else if (nf_ct_expect_related(exp) != 0) { ++ INFOP("nf_ct_expect_related failed\n"); ++ ret = NF_DROP; ++ } ++ nf_ct_expect_put(exp); ++ goto out; ++ } ++out: ++ ++ return ret; ++} ++ ++ ++static inline int ++help_in(struct sk_buff *skb, size_t pktlen, ++ struct nf_conn* ct, enum ip_conntrack_info ctinfo) ++{ ++ return NF_ACCEPT; ++} ++ ++static int help(struct sk_buff *skb, unsigned int protoff, ++ struct nf_conn *ct, enum ip_conntrack_info ctinfo) ++{ ++ struct tcphdr _tcph, *th; ++ unsigned int dataoff, datalen; ++ char *rb_ptr; ++ int ret = NF_DROP; ++ ++ /* Until there's been traffic both ways, don't look in packets. */ ++ if (ctinfo != IP_CT_ESTABLISHED && ++ ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) { ++ DEBUGP("conntrackinfo = %u\n", ctinfo); ++ return NF_ACCEPT; ++ } ++ ++ /* Not whole TCP header? */ ++ th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); ++ ++ if (!th) ++ return NF_ACCEPT; ++ ++ /* No data ? */ ++ dataoff = protoff + th->doff*4; ++ datalen = skb->len - dataoff; ++ if (dataoff >= skb->len) ++ return NF_ACCEPT; ++ ++ spin_lock_bh(&rtsp_buffer_lock); ++ rb_ptr = skb_header_pointer(skb, dataoff, ++ skb->len - dataoff, rtsp_buffer); ++ BUG_ON(rb_ptr == NULL); ++ ++#if 0 ++ /* Checksum invalid? Ignore. */ ++ /* FIXME: Source route IP option packets --RR */ ++ if (tcp_v4_check(tcph, tcplen, iph->saddr, iph->daddr, ++ csum_partial((char*)tcph, tcplen, 0))) ++ { ++ DEBUGP("bad csum: %p %u %u.%u.%u.%u %u.%u.%u.%u\n", ++ tcph, tcplen, NIPQUAD(iph->saddr), NIPQUAD(iph->daddr)); ++ return NF_ACCEPT; ++ } ++#endif ++ ++ switch (CTINFO2DIR(ctinfo)) { ++ case IP_CT_DIR_ORIGINAL: ++ ret = help_out(skb, rb_ptr, datalen, ct, ctinfo); ++ break; ++ case IP_CT_DIR_REPLY: ++ DEBUGP("IP_CT_DIR_REPLY\n"); ++ /* inbound packet: server->client */ ++ ret = NF_ACCEPT; ++ break; ++ } ++ ++ spin_unlock_bh(&rtsp_buffer_lock); ++ ++ return ret; ++} ++ ++static struct nf_conntrack_helper rtsp_helpers[MAX_PORTS]; ++static char rtsp_names[MAX_PORTS][10]; ++static struct nf_conntrack_expect_policy rtsp_expect_policy; ++ ++/* This function is intentionally _NOT_ defined as __exit */ ++static void ++fini(void) ++{ ++ int i; ++ for (i = 0; i < num_ports; i++) { ++ DEBUGP("unregistering port %d\n", ports[i]); ++ nf_conntrack_helper_unregister(&rtsp_helpers[i]); ++ } ++ kfree(rtsp_buffer); ++} ++ ++static int __init ++init(void) ++{ ++ int i, ret; ++ struct nf_conntrack_helper *hlpr; ++ char *tmpname; ++ ++ printk("nf_conntrack_rtsp v" IP_NF_RTSP_VERSION " loading\n"); ++ ++ if (max_outstanding < 1) { ++ printk("nf_conntrack_rtsp: max_outstanding must be a positive integer\n"); ++ return -EBUSY; ++ } ++ if (setup_timeout < 0) { ++ printk("nf_conntrack_rtsp: setup_timeout must be a positive integer\n"); ++ return -EBUSY; ++ } ++ ++ rtsp_expect_policy.max_expected = max_outstanding; ++ rtsp_expect_policy.timeout = setup_timeout; ++ ++ rtsp_buffer = kmalloc(65536, GFP_KERNEL); ++ if (!rtsp_buffer) ++ return -ENOMEM; ++ ++ /* If no port given, default to standard rtsp port */ ++ if (ports[0] == 0) { ++ ports[0] = RTSP_PORT; ++ } ++ ++ for (i = 0; (i < MAX_PORTS) && ports[i]; i++) { ++ hlpr = &rtsp_helpers[i]; ++ memset(hlpr, 0, sizeof(struct nf_conntrack_helper)); ++ hlpr->tuple.src.u.tcp.port = htons(ports[i]); ++ hlpr->tuple.dst.protonum = IPPROTO_TCP; ++ hlpr->expect_policy = &rtsp_expect_policy; ++ hlpr->me = THIS_MODULE; ++ hlpr->help = help; ++ ++ tmpname = &rtsp_names[i][0]; ++ if (ports[i] == RTSP_PORT) { ++ sprintf(tmpname, "rtsp"); ++ } else { ++ sprintf(tmpname, "rtsp-%d", i); ++ } ++ hlpr->name = tmpname; ++ ++ DEBUGP("port #%d: %d\n", i, ports[i]); ++ ++ ret = nf_conntrack_helper_register(hlpr); ++ ++ if (ret) { ++ printk("nf_conntrack_rtsp: ERROR registering port %d\n", ports[i]); ++ fini(); ++ return -EBUSY; ++ } ++ num_ports++; ++ } ++ return 0; ++} ++ ++module_init(init); ++module_exit(fini); ++ ++EXPORT_SYMBOL(nf_nat_rtsp_hook_expectfn); ++ +--- /dev/null ++++ b/net/ipv4/netfilter/nf_nat_rtsp.c +@@ -0,0 +1,496 @@ ++/* ++ * RTSP extension for TCP NAT alteration ++ * (C) 2003 by Tom Marshall <tmarshall at real.com> ++ * based on ip_nat_irc.c ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ * ++ * Module load syntax: ++ * insmod nf_nat_rtsp.o ports=port1,port2,...port<MAX_PORTS> ++ * stunaddr=<address> ++ * destaction=[auto|strip|none] ++ * ++ * If no ports are specified, the default will be port 554 only. ++ * ++ * stunaddr specifies the address used to detect that a client is using STUN. ++ * If this address is seen in the destination parameter, it is assumed that ++ * the client has already punched a UDP hole in the firewall, so we don't ++ * mangle the client_port. If none is specified, it is autodetected. It ++ * only needs to be set if you have multiple levels of NAT. It should be ++ * set to the external address that the STUN clients detect. Note that in ++ * this case, it will not be possible for clients to use UDP with servers ++ * between the NATs. ++ * ++ * If no destaction is specified, auto is used. ++ * destaction=auto: strip destination parameter if it is not stunaddr. ++ * destaction=strip: always strip destination parameter (not recommended). ++ * destaction=none: do not touch destination parameter (not recommended). ++ */ ++ ++#include <linux/module.h> ++#include <net/tcp.h> ++#include <net/netfilter/nf_nat_helper.h> ++#include <net/netfilter/nf_nat_rule.h> ++#include <linux/netfilter/nf_conntrack_rtsp.h> ++#include <net/netfilter/nf_conntrack_expect.h> ++ ++#include <linux/inet.h> ++#include <linux/ctype.h> ++#define NF_NEED_STRNCASECMP ++#define NF_NEED_STRTOU16 ++#include <linux/netfilter_helpers.h> ++#define NF_NEED_MIME_NEXTLINE ++#include <linux/netfilter_mime.h> ++ ++#define INFOP(fmt, args...) printk(KERN_INFO "%s: %s: " fmt, __FILE__, __FUNCTION__ , ## args) ++#if 0 ++#define DEBUGP(fmt, args...) printk(KERN_DEBUG "%s: %s: " fmt, __FILE__, __FUNCTION__ , ## args) ++#else ++#define DEBUGP(fmt, args...) ++#endif ++ ++#define MAX_PORTS 8 ++#define DSTACT_AUTO 0 ++#define DSTACT_STRIP 1 ++#define DSTACT_NONE 2 ++ ++static char* stunaddr = NULL; ++static char* destaction = NULL; ++ ++static u_int32_t extip = 0; ++static int dstact = 0; ++ ++MODULE_AUTHOR("Tom Marshall <tmarshall at real.com>"); ++MODULE_DESCRIPTION("RTSP network address translation module"); ++MODULE_LICENSE("GPL"); ++module_param(stunaddr, charp, 0644); ++MODULE_PARM_DESC(stunaddr, "Address for detecting STUN"); ++module_param(destaction, charp, 0644); ++MODULE_PARM_DESC(destaction, "Action for destination parameter (auto/strip/none)"); ++ ++#define SKIP_WSPACE(ptr,len,off) while(off < len && isspace(*(ptr+off))) { off++; } ++ ++/*** helper functions ***/ ++ ++static void ++get_skb_tcpdata(struct sk_buff* skb, char** pptcpdata, uint* ptcpdatalen) ++{ ++ struct iphdr* iph = ip_hdr(skb); ++ struct tcphdr* tcph = (void *)iph + ip_hdrlen(skb); ++ ++ *pptcpdata = (char*)tcph + tcph->doff*4; ++ *ptcpdatalen = ((char*)skb_transport_header(skb) + skb->len) - *pptcpdata; ++} ++ ++/*** nat functions ***/ ++ ++/* ++ * Mangle the "Transport:" header: ++ * - Replace all occurences of "client_port=<spec>" ++ * - Handle destination parameter ++ * ++ * In: ++ * ct, ctinfo = conntrack context ++ * skb = packet ++ * tranoff = Transport header offset from TCP data ++ * tranlen = Transport header length (incl. CRLF) ++ * rport_lo = replacement low port (host endian) ++ * rport_hi = replacement high port (host endian) ++ * ++ * Returns packet size difference. ++ * ++ * Assumes that a complete transport header is present, ending with CR or LF ++ */ ++static int ++rtsp_mangle_tran(enum ip_conntrack_info ctinfo, ++ struct nf_conntrack_expect* exp, ++ struct ip_ct_rtsp_expect* prtspexp, ++ struct sk_buff* skb, uint tranoff, uint tranlen) ++{ ++ char* ptcp; ++ uint tcplen; ++ char* ptran; ++ char rbuf1[16]; /* Replacement buffer (one port) */ ++ uint rbuf1len; /* Replacement len (one port) */ ++ char rbufa[16]; /* Replacement buffer (all ports) */ ++ uint rbufalen; /* Replacement len (all ports) */ ++ u_int32_t newip; ++ u_int16_t loport, hiport; ++ uint off = 0; ++ uint diff; /* Number of bytes we removed */ ++ ++ struct nf_conn *ct = exp->master; ++ struct nf_conntrack_tuple *t; ++ ++ char szextaddr[15+1]; ++ uint extaddrlen; ++ int is_stun; ++ ++ get_skb_tcpdata(skb, &ptcp, &tcplen); ++ ptran = ptcp+tranoff; ++ ++ if (tranoff+tranlen > tcplen || tcplen-tranoff < tranlen || ++ tranlen < 10 || !iseol(ptran[tranlen-1]) || ++ nf_strncasecmp(ptran, "Transport:", 10) != 0) ++ { ++ INFOP("sanity check failed\n"); ++ return 0; ++ } ++ off += 10; ++ SKIP_WSPACE(ptcp+tranoff, tranlen, off); ++ ++ newip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip; ++ t = &exp->tuple; ++ t->dst.u3.ip = newip; ++ ++ extaddrlen = extip ? sprintf(szextaddr, "%u.%u.%u.%u", NIPQUAD(extip)) ++ : sprintf(szextaddr, "%u.%u.%u.%u", NIPQUAD(newip)); ++ DEBUGP("stunaddr=%s (%s)\n", szextaddr, (extip?"forced":"auto")); ++ ++ rbuf1len = rbufalen = 0; ++ switch (prtspexp->pbtype) ++ { ++ case pb_single: ++ for (loport = prtspexp->loport; loport != 0; loport++) /* XXX: improper wrap? */ ++ { ++ t->dst.u.udp.port = htons(loport); ++ if (nf_ct_expect_related(exp) == 0) ++ { ++ DEBUGP("using port %hu\n", loport); ++ break; ++ } ++ } ++ if (loport != 0) ++ { ++ rbuf1len = sprintf(rbuf1, "%hu", loport); ++ rbufalen = sprintf(rbufa, "%hu", loport); ++ } ++ break; ++ case pb_range: ++ for (loport = prtspexp->loport; loport != 0; loport += 2) /* XXX: improper wrap? */ ++ { ++ t->dst.u.udp.port = htons(loport); ++ if (nf_ct_expect_related(exp) == 0) ++ { ++ hiport = loport + ~exp->mask.src.u.udp.port; ++ DEBUGP("using ports %hu-%hu\n", loport, hiport); ++ break; ++ } ++ } ++ if (loport != 0) ++ { ++ rbuf1len = sprintf(rbuf1, "%hu", loport); ++ rbufalen = sprintf(rbufa, "%hu-%hu", loport, loport+1); ++ } ++ break; ++ case pb_discon: ++ for (loport = prtspexp->loport; loport != 0; loport++) /* XXX: improper wrap? */ ++ { ++ t->dst.u.udp.port = htons(loport); ++ if (nf_ct_expect_related(exp) == 0) ++ { ++ DEBUGP("using port %hu (1 of 2)\n", loport); ++ break; ++ } ++ } ++ for (hiport = prtspexp->hiport; hiport != 0; hiport++) /* XXX: improper wrap? */ ++ { ++ t->dst.u.udp.port = htons(hiport); ++ if (nf_ct_expect_related(exp) == 0) ++ { ++ DEBUGP("using port %hu (2 of 2)\n", hiport); ++ break; ++ } ++ } ++ if (loport != 0 && hiport != 0) ++ { ++ rbuf1len = sprintf(rbuf1, "%hu", loport); ++ if (hiport == loport+1) ++ { ++ rbufalen = sprintf(rbufa, "%hu-%hu", loport, hiport); ++ } ++ else ++ { ++ rbufalen = sprintf(rbufa, "%hu/%hu", loport, hiport); ++ } ++ } ++ break; ++ } ++ ++ if (rbuf1len == 0) ++ { ++ return 0; /* cannot get replacement port(s) */ ++ } ++ ++ /* Transport: tran;field;field=val,tran;field;field=val,... */ ++ while (off < tranlen) ++ { ++ uint saveoff; ++ const char* pparamend; ++ uint nextparamoff; ++ ++ pparamend = memchr(ptran+off, ',', tranlen-off); ++ pparamend = (pparamend == NULL) ? ptran+tranlen : pparamend+1; ++ nextparamoff = pparamend-ptcp; ++ ++ /* ++ * We pass over each param twice. On the first pass, we look for a ++ * destination= field. It is handled by the security policy. If it ++ * is present, allowed, and equal to our external address, we assume ++ * that STUN is being used and we leave the client_port= field alone. ++ */ ++ is_stun = 0; ++ saveoff = off; ++ while (off < nextparamoff) ++ { ++ const char* pfieldend; ++ uint nextfieldoff; ++ ++ pfieldend = memchr(ptran+off, ';', nextparamoff-off); ++ nextfieldoff = (pfieldend == NULL) ? nextparamoff : pfieldend-ptran+1; ++ ++ if (dstact != DSTACT_NONE && strncmp(ptran+off, "destination=", 12) == 0) ++ { ++ if (strncmp(ptran+off+12, szextaddr, extaddrlen) == 0) ++ { ++ is_stun = 1; ++ } ++ if (dstact == DSTACT_STRIP || (dstact == DSTACT_AUTO && !is_stun)) ++ { ++ diff = nextfieldoff-off; ++ if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, ++ off, diff, NULL, 0)) ++ { ++ /* mangle failed, all we can do is bail */ ++ nf_ct_unexpect_related(exp); ++ return 0; ++ } ++ get_skb_tcpdata(skb, &ptcp, &tcplen); ++ ptran = ptcp+tranoff; ++ tranlen -= diff; ++ nextparamoff -= diff; ++ nextfieldoff -= diff; ++ } ++ } ++ ++ off = nextfieldoff; ++ } ++ if (is_stun) ++ { ++ continue; ++ } ++ off = saveoff; ++ while (off < nextparamoff) ++ { ++ const char* pfieldend; ++ uint nextfieldoff; ++ ++ pfieldend = memchr(ptran+off, ';', nextparamoff-off); ++ nextfieldoff = (pfieldend == NULL) ? nextparamoff : pfieldend-ptran+1; ++ ++ if (strncmp(ptran+off, "client_port=", 12) == 0) ++ { ++ u_int16_t port; ++ uint numlen; ++ uint origoff; ++ uint origlen; ++ char* rbuf = rbuf1; ++ uint rbuflen = rbuf1len; ++ ++ off += 12; ++ origoff = (ptran-ptcp)+off; ++ origlen = 0; ++ numlen = nf_strtou16(ptran+off, &port); ++ off += numlen; ++ origlen += numlen; ++ if (port != prtspexp->loport) ++ { ++ DEBUGP("multiple ports found, port %hu ignored\n", port); ++ } ++ else ++ { ++ if (ptran[off] == '-' || ptran[off] == '/') ++ { ++ off++; ++ origlen++; ++ numlen = nf_strtou16(ptran+off, &port); ++ off += numlen; ++ origlen += numlen; ++ rbuf = rbufa; ++ rbuflen = rbufalen; ++ } ++ ++ /* ++ * note we cannot just memcpy() if the sizes are the same. ++ * the mangle function does skb resizing, checks for a ++ * cloned skb, and updates the checksums. ++ * ++ * parameter 4 below is offset from start of tcp data. ++ */ ++ diff = origlen-rbuflen; ++ if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, ++ origoff, origlen, rbuf, rbuflen)) ++ { ++ /* mangle failed, all we can do is bail */ ++ nf_ct_unexpect_related(exp); ++ return 0; ++ } ++ get_skb_tcpdata(skb, &ptcp, &tcplen); ++ ptran = ptcp+tranoff; ++ tranlen -= diff; ++ nextparamoff -= diff; ++ nextfieldoff -= diff; ++ } ++ } ++ ++ off = nextfieldoff; ++ } ++ ++ off = nextparamoff; ++ } ++ ++ return 1; ++} ++ ++static uint ++help_out(struct sk_buff *skb, enum ip_conntrack_info ctinfo, ++ unsigned int matchoff, unsigned int matchlen, struct ip_ct_rtsp_expect* prtspexp, ++ struct nf_conntrack_expect* exp) ++{ ++ char* ptcp; ++ uint tcplen; ++ uint hdrsoff; ++ uint hdrslen; ++ uint lineoff; ++ uint linelen; ++ uint off; ++ ++ //struct iphdr* iph = (struct iphdr*)skb->nh.iph; ++ //struct tcphdr* tcph = (struct tcphdr*)((void*)iph + iph->ihl*4); ++ ++ get_skb_tcpdata(skb, &ptcp, &tcplen); ++ hdrsoff = matchoff;//exp->seq - ntohl(tcph->seq); ++ hdrslen = matchlen; ++ off = hdrsoff; ++ DEBUGP("NAT rtsp help_out\n"); ++ ++ while (nf_mime_nextline(ptcp, hdrsoff+hdrslen, &off, &lineoff, &linelen)) ++ { ++ if (linelen == 0) ++ { ++ break; ++ } ++ if (off > hdrsoff+hdrslen) ++ { ++ INFOP("!! overrun !!"); ++ break; ++ } ++ DEBUGP("hdr: len=%u, %.*s", linelen, (int)linelen, ptcp+lineoff); ++ ++ if (nf_strncasecmp(ptcp+lineoff, "Transport:", 10) == 0) ++ { ++ uint oldtcplen = tcplen; ++ DEBUGP("hdr: Transport\n"); ++ if (!rtsp_mangle_tran(ctinfo, exp, prtspexp, skb, lineoff, linelen)) ++ { ++ DEBUGP("hdr: Transport mangle failed"); ++ break; ++ } ++ get_skb_tcpdata(skb, &ptcp, &tcplen); ++ hdrslen -= (oldtcplen-tcplen); ++ off -= (oldtcplen-tcplen); ++ lineoff -= (oldtcplen-tcplen); ++ linelen -= (oldtcplen-tcplen); ++ DEBUGP("rep: len=%u, %.*s", linelen, (int)linelen, ptcp+lineoff); ++ } ++ } ++ ++ return NF_ACCEPT; ++} ++ ++static unsigned int ++help(struct sk_buff *skb, enum ip_conntrack_info ctinfo, ++ unsigned int matchoff, unsigned int matchlen, struct ip_ct_rtsp_expect* prtspexp, ++ struct nf_conntrack_expect* exp) ++{ ++ int dir = CTINFO2DIR(ctinfo); ++ int rc = NF_ACCEPT; ++ ++ switch (dir) ++ { ++ case IP_CT_DIR_ORIGINAL: ++ rc = help_out(skb, ctinfo, matchoff, matchlen, prtspexp, exp); ++ break; ++ case IP_CT_DIR_REPLY: ++ DEBUGP("unmangle ! %u\n", ctinfo); ++ /* XXX: unmangle */ ++ rc = NF_ACCEPT; ++ break; ++ } ++ //UNLOCK_BH(&ip_rtsp_lock); ++ ++ return rc; ++} ++ ++static void expected(struct nf_conn* ct, struct nf_conntrack_expect *exp) ++{ ++ struct nf_nat_multi_range_compat mr; ++ u_int32_t newdstip, newsrcip, newip; ++ ++ struct nf_conn *master = ct->master; ++ ++ newdstip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip; ++ newsrcip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip; ++ //FIXME (how to port that ?) ++ //code from 2.4 : newip = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC) ? newsrcip : newdstip; ++ newip = newdstip; ++ ++ DEBUGP("newsrcip=%u.%u.%u.%u, newdstip=%u.%u.%u.%u, newip=%u.%u.%u.%u\n", ++ NIPQUAD(newsrcip), NIPQUAD(newdstip), NIPQUAD(newip)); ++ ++ mr.rangesize = 1; ++ // We don't want to manip the per-protocol, just the IPs. ++ mr.range[0].flags = IP_NAT_RANGE_MAP_IPS; ++ mr.range[0].min_ip = mr.range[0].max_ip = newip; ++ ++ nf_nat_setup_info(ct, &mr.range[0], IP_NAT_MANIP_DST); ++} ++ ++ ++static void __exit fini(void) ++{ ++ nf_nat_rtsp_hook = NULL; ++ nf_nat_rtsp_hook_expectfn = NULL; ++ synchronize_net(); ++} ++ ++static int __init init(void) ++{ ++ printk("nf_nat_rtsp v" IP_NF_RTSP_VERSION " loading\n"); ++ ++ BUG_ON(nf_nat_rtsp_hook); ++ nf_nat_rtsp_hook = help; ++ nf_nat_rtsp_hook_expectfn = &expected; ++ ++ if (stunaddr != NULL) ++ extip = in_aton(stunaddr); ++ ++ if (destaction != NULL) { ++ if (strcmp(destaction, "auto") == 0) ++ dstact = DSTACT_AUTO; ++ ++ if (strcmp(destaction, "strip") == 0) ++ dstact = DSTACT_STRIP; ++ ++ if (strcmp(destaction, "none") == 0) ++ dstact = DSTACT_NONE; ++ } ++ ++ return 0; ++} ++ ++module_init(init); ++module_exit(fini); diff --git a/target/linux/generic-2.6/patches-2.6.27/200-sched_esfq.patch b/target/linux/generic-2.6/patches-2.6.27/200-sched_esfq.patch new file mode 100644 index 0000000000..9402a5794d --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/200-sched_esfq.patch @@ -0,0 +1,795 @@ +--- a/include/linux/pkt_sched.h ++++ b/include/linux/pkt_sched.h +@@ -173,8 +173,37 @@ + * + * The only reason for this is efficiency, it is possible + * to change these parameters in compile time. ++ * ++ * If you need to play with these values, use esfq instead. + */ + ++/* ESFQ section */ ++ ++enum ++{ ++ /* traditional */ ++ TCA_SFQ_HASH_CLASSIC, ++ TCA_SFQ_HASH_DST, ++ TCA_SFQ_HASH_SRC, ++ TCA_SFQ_HASH_FWMARK, ++ /* conntrack */ ++ TCA_SFQ_HASH_CTORIGDST, ++ TCA_SFQ_HASH_CTORIGSRC, ++ TCA_SFQ_HASH_CTREPLDST, ++ TCA_SFQ_HASH_CTREPLSRC, ++ TCA_SFQ_HASH_CTNATCHG, ++}; ++ ++struct tc_esfq_qopt ++{ ++ unsigned quantum; /* Bytes per round allocated to flow */ ++ int perturb_period; /* Period of hash perturbation */ ++ __u32 limit; /* Maximal packets in queue */ ++ unsigned divisor; /* Hash divisor */ ++ unsigned flows; /* Maximal number of flows */ ++ unsigned hash_kind; /* Hash function to use for flow identification */ ++}; ++ + /* RED section */ + + enum +--- a/net/sched/Kconfig ++++ b/net/sched/Kconfig +@@ -128,6 +128,37 @@ + To compile this code as a module, choose M here: the + module will be called sch_sfq. + ++config NET_SCH_ESFQ ++ tristate "Enhanced Stochastic Fairness Queueing (ESFQ)" ++ ---help--- ++ Say Y here if you want to use the Enhanced Stochastic Fairness ++ Queueing (ESFQ) packet scheduling algorithm for some of your network ++ devices or as a leaf discipline for a classful qdisc such as HTB or ++ CBQ (see the top of <file:net/sched/sch_esfq.c> for details and ++ references to the SFQ algorithm). ++ ++ This is an enchanced SFQ version which allows you to control some ++ hardcoded values in the SFQ scheduler. ++ ++ ESFQ also adds control of the hash function used to identify packet ++ flows. The original SFQ discipline hashes by connection; ESFQ add ++ several other hashing methods, such as by src IP or by dst IP, which ++ can be more fair to users in some networking situations. ++ ++ To compile this code as a module, choose M here: the ++ module will be called sch_esfq. ++ ++config NET_SCH_ESFQ_NFCT ++ bool "Connection Tracking Hash Types" ++ depends on NET_SCH_ESFQ && NF_CONNTRACK ++ ---help--- ++ Say Y here to enable support for hashing based on netfilter connection ++ tracking information. This is useful for a router that is also using ++ NAT to connect privately-addressed hosts to the Internet. If you want ++ to provide fair distribution of upstream bandwidth, ESFQ must use ++ connection tracking information, since all outgoing packets will share ++ the same source address. ++ + config NET_SCH_TEQL + tristate "True Link Equalizer (TEQL)" + ---help--- +--- a/net/sched/Makefile ++++ b/net/sched/Makefile +@@ -23,6 +23,7 @@ + obj-$(CONFIG_NET_SCH_INGRESS) += sch_ingress.o + obj-$(CONFIG_NET_SCH_DSMARK) += sch_dsmark.o + obj-$(CONFIG_NET_SCH_SFQ) += sch_sfq.o ++obj-$(CONFIG_NET_SCH_ESFQ) += sch_esfq.o + obj-$(CONFIG_NET_SCH_TBF) += sch_tbf.o + obj-$(CONFIG_NET_SCH_TEQL) += sch_teql.o + obj-$(CONFIG_NET_SCH_PRIO) += sch_prio.o +--- /dev/null ++++ b/net/sched/sch_esfq.c +@@ -0,0 +1,702 @@ ++/* ++ * net/sched/sch_esfq.c Extended Stochastic Fairness Queueing discipline. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ * ++ * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> ++ * ++ * Changes: Alexander Atanasov, <alex@ssi.bg> ++ * Added dynamic depth,limit,divisor,hash_kind options. ++ * Added dst and src hashes. ++ * ++ * Alexander Clouter, <alex@digriz.org.uk> ++ * Ported ESFQ to Linux 2.6. ++ * ++ * Corey Hickey, <bugfood-c@fatooh.org> ++ * Maintenance of the Linux 2.6 port. ++ * Added fwmark hash (thanks to Robert Kurjata). ++ * Added usage of jhash. ++ * Added conntrack support. ++ * Added ctnatchg hash (thanks to Ben Pfountz). ++ */ ++ ++#include <linux/module.h> ++#include <asm/uaccess.h> ++#include <asm/system.h> ++#include <linux/bitops.h> ++#include <linux/types.h> ++#include <linux/kernel.h> ++#include <linux/jiffies.h> ++#include <linux/string.h> ++#include <linux/mm.h> ++#include <linux/socket.h> ++#include <linux/sockios.h> ++#include <linux/in.h> ++#include <linux/errno.h> ++#include <linux/interrupt.h> ++#include <linux/if_ether.h> ++#include <linux/inet.h> ++#include <linux/netdevice.h> ++#include <linux/etherdevice.h> ++#include <linux/notifier.h> ++#include <linux/init.h> ++#include <net/ip.h> ++#include <linux/ipv6.h> ++#include <net/route.h> ++#include <linux/skbuff.h> ++#include <net/sock.h> ++#include <net/pkt_sched.h> ++#include <linux/jhash.h> ++#include <net/netfilter/nf_conntrack.h> ++ ++/* Stochastic Fairness Queuing algorithm. ++ For more comments look at sch_sfq.c. ++ The difference is that you can change limit, depth, ++ hash table size and choose alternate hash types. ++ ++ classic: same as in sch_sfq.c ++ dst: destination IP address ++ src: source IP address ++ fwmark: netfilter mark value ++ ctorigdst: original destination IP address ++ ctorigsrc: original source IP address ++ ctrepldst: reply destination IP address ++ ctreplsrc: reply source IP ++ ++*/ ++ ++#define ESFQ_HEAD 0 ++#define ESFQ_TAIL 1 ++ ++/* This type should contain at least SFQ_DEPTH*2 values */ ++typedef unsigned int esfq_index; ++ ++struct esfq_head ++{ ++ esfq_index next; ++ esfq_index prev; ++}; ++ ++struct esfq_sched_data ++{ ++/* Parameters */ ++ int perturb_period; ++ unsigned quantum; /* Allotment per round: MUST BE >= MTU */ ++ int limit; ++ unsigned depth; ++ unsigned hash_divisor; ++ unsigned hash_kind; ++/* Variables */ ++ struct timer_list perturb_timer; ++ int perturbation; ++ esfq_index tail; /* Index of current slot in round */ ++ esfq_index max_depth; /* Maximal depth */ ++ ++ esfq_index *ht; /* Hash table */ ++ esfq_index *next; /* Active slots link */ ++ short *allot; /* Current allotment per slot */ ++ unsigned short *hash; /* Hash value indexed by slots */ ++ struct sk_buff_head *qs; /* Slot queue */ ++ struct esfq_head *dep; /* Linked list of slots, indexed by depth */ ++}; ++ ++/* This contains the info we will hash. */ ++struct esfq_packet_info ++{ ++ u32 proto; /* protocol or port */ ++ u32 src; /* source from packet header */ ++ u32 dst; /* destination from packet header */ ++ u32 ctorigsrc; /* original source from conntrack */ ++ u32 ctorigdst; /* original destination from conntrack */ ++ u32 ctreplsrc; /* reply source from conntrack */ ++ u32 ctrepldst; /* reply destination from conntrack */ ++ u32 mark; /* netfilter mark (fwmark) */ ++}; ++ ++static __inline__ unsigned esfq_jhash_1word(struct esfq_sched_data *q,u32 a) ++{ ++ return jhash_1word(a, q->perturbation) & (q->hash_divisor-1); ++} ++ ++static __inline__ unsigned esfq_jhash_2words(struct esfq_sched_data *q, u32 a, u32 b) ++{ ++ return jhash_2words(a, b, q->perturbation) & (q->hash_divisor-1); ++} ++ ++static __inline__ unsigned esfq_jhash_3words(struct esfq_sched_data *q, u32 a, u32 b, u32 c) ++{ ++ return jhash_3words(a, b, c, q->perturbation) & (q->hash_divisor-1); ++} ++ ++static unsigned esfq_hash(struct esfq_sched_data *q, struct sk_buff *skb) ++{ ++ struct esfq_packet_info info; ++#ifdef CONFIG_NET_SCH_ESFQ_NFCT ++ enum ip_conntrack_info ctinfo; ++ struct nf_conn *ct = nf_ct_get(skb, &ctinfo); ++#endif ++ ++ switch (skb->protocol) { ++ case __constant_htons(ETH_P_IP): ++ { ++ struct iphdr *iph = ip_hdr(skb); ++ info.dst = iph->daddr; ++ info.src = iph->saddr; ++ if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) && ++ (iph->protocol == IPPROTO_TCP || ++ iph->protocol == IPPROTO_UDP || ++ iph->protocol == IPPROTO_SCTP || ++ iph->protocol == IPPROTO_DCCP || ++ iph->protocol == IPPROTO_ESP)) ++ info.proto = *(((u32*)iph) + iph->ihl); ++ else ++ info.proto = iph->protocol; ++ break; ++ } ++ case __constant_htons(ETH_P_IPV6): ++ { ++ struct ipv6hdr *iph = ipv6_hdr(skb); ++ /* Hash ipv6 addresses into a u32. This isn't ideal, ++ * but the code is simple. */ ++ info.dst = jhash2(iph->daddr.s6_addr32, 4, q->perturbation); ++ info.src = jhash2(iph->saddr.s6_addr32, 4, q->perturbation); ++ if (iph->nexthdr == IPPROTO_TCP || ++ iph->nexthdr == IPPROTO_UDP || ++ iph->nexthdr == IPPROTO_SCTP || ++ iph->nexthdr == IPPROTO_DCCP || ++ iph->nexthdr == IPPROTO_ESP) ++ info.proto = *(u32*)&iph[1]; ++ else ++ info.proto = iph->nexthdr; ++ break; ++ } ++ default: ++ info.dst = (u32)(unsigned long)skb->dst; ++ info.src = (u32)(unsigned long)skb->sk; ++ info.proto = skb->protocol; ++ } ++ ++ info.mark = skb->mark; ++ ++#ifdef CONFIG_NET_SCH_ESFQ_NFCT ++ /* defaults if there is no conntrack info */ ++ info.ctorigsrc = info.src; ++ info.ctorigdst = info.dst; ++ info.ctreplsrc = info.dst; ++ info.ctrepldst = info.src; ++ /* collect conntrack info */ ++ if (ct && ct != &nf_conntrack_untracked) { ++ if (skb->protocol == __constant_htons(ETH_P_IP)) { ++ info.ctorigsrc = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip; ++ info.ctorigdst = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.ip; ++ info.ctreplsrc = ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip; ++ info.ctrepldst = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip; ++ } ++ else if (skb->protocol == __constant_htons(ETH_P_IPV6)) { ++ /* Again, hash ipv6 addresses into a single u32. */ ++ info.ctorigsrc = jhash2(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip6, 4, q->perturbation); ++ info.ctorigdst = jhash2(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.ip6, 4, q->perturbation); ++ info.ctreplsrc = jhash2(ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip6, 4, q->perturbation); ++ info.ctrepldst = jhash2(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip6, 4, q->perturbation); ++ } ++ ++ } ++#endif ++ ++ switch(q->hash_kind) { ++ case TCA_SFQ_HASH_CLASSIC: ++ return esfq_jhash_3words(q, info.dst, info.src, info.proto); ++ case TCA_SFQ_HASH_DST: ++ return esfq_jhash_1word(q, info.dst); ++ case TCA_SFQ_HASH_SRC: ++ return esfq_jhash_1word(q, info.src); ++ case TCA_SFQ_HASH_FWMARK: ++ return esfq_jhash_1word(q, info.mark); ++#ifdef CONFIG_NET_SCH_ESFQ_NFCT ++ case TCA_SFQ_HASH_CTORIGDST: ++ return esfq_jhash_1word(q, info.ctorigdst); ++ case TCA_SFQ_HASH_CTORIGSRC: ++ return esfq_jhash_1word(q, info.ctorigsrc); ++ case TCA_SFQ_HASH_CTREPLDST: ++ return esfq_jhash_1word(q, info.ctrepldst); ++ case TCA_SFQ_HASH_CTREPLSRC: ++ return esfq_jhash_1word(q, info.ctreplsrc); ++ case TCA_SFQ_HASH_CTNATCHG: ++ { ++ if (info.ctorigdst == info.ctreplsrc) ++ return esfq_jhash_1word(q, info.ctorigsrc); ++ return esfq_jhash_1word(q, info.ctreplsrc); ++ } ++#endif ++ default: ++ if (net_ratelimit()) ++ printk(KERN_WARNING "ESFQ: Unknown hash method. Falling back to classic.\n"); ++ } ++ return esfq_jhash_3words(q, info.dst, info.src, info.proto); ++} ++ ++static inline void esfq_link(struct esfq_sched_data *q, esfq_index x) ++{ ++ esfq_index p, n; ++ int d = q->qs[x].qlen + q->depth; ++ ++ p = d; ++ n = q->dep[d].next; ++ q->dep[x].next = n; ++ q->dep[x].prev = p; ++ q->dep[p].next = q->dep[n].prev = x; ++} ++ ++static inline void esfq_dec(struct esfq_sched_data *q, esfq_index x) ++{ ++ esfq_index p, n; ++ ++ n = q->dep[x].next; ++ p = q->dep[x].prev; ++ q->dep[p].next = n; ++ q->dep[n].prev = p; ++ ++ if (n == p && q->max_depth == q->qs[x].qlen + 1) ++ q->max_depth--; ++ ++ esfq_link(q, x); ++} ++ ++static inline void esfq_inc(struct esfq_sched_data *q, esfq_index x) ++{ ++ esfq_index p, n; ++ int d; ++ ++ n = q->dep[x].next; ++ p = q->dep[x].prev; ++ q->dep[p].next = n; ++ q->dep[n].prev = p; ++ d = q->qs[x].qlen; ++ if (q->max_depth < d) ++ q->max_depth = d; ++ ++ esfq_link(q, x); ++} ++ ++static unsigned int esfq_drop(struct Qdisc *sch) ++{ ++ struct esfq_sched_data *q = qdisc_priv(sch); ++ esfq_index d = q->max_depth; ++ struct sk_buff *skb; ++ unsigned int len; ++ ++ /* Queue is full! Find the longest slot and ++ drop a packet from it */ ++ ++ if (d > 1) { ++ esfq_index x = q->dep[d+q->depth].next; ++ skb = q->qs[x].prev; ++ len = skb->len; ++ __skb_unlink(skb, &q->qs[x]); ++ kfree_skb(skb); ++ esfq_dec(q, x); ++ sch->q.qlen--; ++ sch->qstats.drops++; ++ sch->qstats.backlog -= len; ++ return len; ++ } ++ ++ if (d == 1) { ++ /* It is difficult to believe, but ALL THE SLOTS HAVE LENGTH 1. */ ++ d = q->next[q->tail]; ++ q->next[q->tail] = q->next[d]; ++ q->allot[q->next[d]] += q->quantum; ++ skb = q->qs[d].prev; ++ len = skb->len; ++ __skb_unlink(skb, &q->qs[d]); ++ kfree_skb(skb); ++ esfq_dec(q, d); ++ sch->q.qlen--; ++ q->ht[q->hash[d]] = q->depth; ++ sch->qstats.drops++; ++ sch->qstats.backlog -= len; ++ return len; ++ } ++ ++ return 0; ++} ++ ++static void esfq_q_enqueue(struct sk_buff *skb, struct esfq_sched_data *q, unsigned int end) ++{ ++ unsigned hash = esfq_hash(q, skb); ++ unsigned depth = q->depth; ++ esfq_index x; ++ ++ x = q->ht[hash]; ++ if (x == depth) { ++ q->ht[hash] = x = q->dep[depth].next; ++ q->hash[x] = hash; ++ } ++ ++ if (end == ESFQ_TAIL) ++ __skb_queue_tail(&q->qs[x], skb); ++ else ++ __skb_queue_head(&q->qs[x], skb); ++ ++ esfq_inc(q, x); ++ if (q->qs[x].qlen == 1) { /* The flow is new */ ++ if (q->tail == depth) { /* It is the first flow */ ++ q->tail = x; ++ q->next[x] = x; ++ q->allot[x] = q->quantum; ++ } else { ++ q->next[x] = q->next[q->tail]; ++ q->next[q->tail] = x; ++ q->tail = x; ++ } ++ } ++} ++ ++static int esfq_enqueue(struct sk_buff *skb, struct Qdisc* sch) ++{ ++ struct esfq_sched_data *q = qdisc_priv(sch); ++ esfq_q_enqueue(skb, q, ESFQ_TAIL); ++ sch->qstats.backlog += skb->len; ++ if (++sch->q.qlen < q->limit-1) { ++ sch->bstats.bytes += skb->len; ++ sch->bstats.packets++; ++ return 0; ++ } ++ ++ sch->qstats.drops++; ++ esfq_drop(sch); ++ return NET_XMIT_CN; ++} ++ ++ ++static int esfq_requeue(struct sk_buff *skb, struct Qdisc* sch) ++{ ++ struct esfq_sched_data *q = qdisc_priv(sch); ++ esfq_q_enqueue(skb, q, ESFQ_HEAD); ++ sch->qstats.backlog += skb->len; ++ if (++sch->q.qlen < q->limit - 1) { ++ sch->qstats.requeues++; ++ return 0; ++ } ++ ++ sch->qstats.drops++; ++ esfq_drop(sch); ++ return NET_XMIT_CN; ++} ++ ++static struct sk_buff *esfq_q_dequeue(struct esfq_sched_data *q) ++{ ++ struct sk_buff *skb; ++ unsigned depth = q->depth; ++ esfq_index a, old_a; ++ ++ /* No active slots */ ++ if (q->tail == depth) ++ return NULL; ++ ++ a = old_a = q->next[q->tail]; ++ ++ /* Grab packet */ ++ skb = __skb_dequeue(&q->qs[a]); ++ esfq_dec(q, a); ++ ++ /* Is the slot empty? */ ++ if (q->qs[a].qlen == 0) { ++ q->ht[q->hash[a]] = depth; ++ a = q->next[a]; ++ if (a == old_a) { ++ q->tail = depth; ++ return skb; ++ } ++ q->next[q->tail] = a; ++ q->allot[a] += q->quantum; ++ } else if ((q->allot[a] -= skb->len) <= 0) { ++ q->tail = a; ++ a = q->next[a]; ++ q->allot[a] += q->quantum; ++ } ++ ++ return skb; ++} ++ ++static struct sk_buff *esfq_dequeue(struct Qdisc* sch) ++{ ++ struct esfq_sched_data *q = qdisc_priv(sch); ++ struct sk_buff *skb; ++ ++ skb = esfq_q_dequeue(q); ++ if (skb == NULL) ++ return NULL; ++ sch->q.qlen--; ++ sch->qstats.backlog -= skb->len; ++ return skb; ++} ++ ++static void esfq_q_destroy(struct esfq_sched_data *q) ++{ ++ del_timer(&q->perturb_timer); ++ if(q->ht) ++ kfree(q->ht); ++ if(q->dep) ++ kfree(q->dep); ++ if(q->next) ++ kfree(q->next); ++ if(q->allot) ++ kfree(q->allot); ++ if(q->hash) ++ kfree(q->hash); ++ if(q->qs) ++ kfree(q->qs); ++} ++ ++static void esfq_destroy(struct Qdisc *sch) ++{ ++ struct esfq_sched_data *q = qdisc_priv(sch); ++ esfq_q_destroy(q); ++} ++ ++ ++static void esfq_reset(struct Qdisc* sch) ++{ ++ struct sk_buff *skb; ++ ++ while ((skb = esfq_dequeue(sch)) != NULL) ++ kfree_skb(skb); ++} ++ ++static void esfq_perturbation(unsigned long arg) ++{ ++ struct Qdisc *sch = (struct Qdisc*)arg; ++ struct esfq_sched_data *q = qdisc_priv(sch); ++ ++ q->perturbation = net_random()&0x1F; ++ ++ if (q->perturb_period) { ++ q->perturb_timer.expires = jiffies + q->perturb_period; ++ add_timer(&q->perturb_timer); ++ } ++} ++ ++static unsigned int esfq_check_hash(unsigned int kind) ++{ ++ switch (kind) { ++ case TCA_SFQ_HASH_CTORIGDST: ++ case TCA_SFQ_HASH_CTORIGSRC: ++ case TCA_SFQ_HASH_CTREPLDST: ++ case TCA_SFQ_HASH_CTREPLSRC: ++ case TCA_SFQ_HASH_CTNATCHG: ++#ifndef CONFIG_NET_SCH_ESFQ_NFCT ++ { ++ if (net_ratelimit()) ++ printk(KERN_WARNING "ESFQ: Conntrack hash types disabled in kernel config. Falling back to classic.\n"); ++ return TCA_SFQ_HASH_CLASSIC; ++ } ++#endif ++ case TCA_SFQ_HASH_CLASSIC: ++ case TCA_SFQ_HASH_DST: ++ case TCA_SFQ_HASH_SRC: ++ case TCA_SFQ_HASH_FWMARK: ++ return kind; ++ default: ++ { ++ if (net_ratelimit()) ++ printk(KERN_WARNING "ESFQ: Unknown hash type. Falling back to classic.\n"); ++ return TCA_SFQ_HASH_CLASSIC; ++ } ++ } ++} ++ ++static int esfq_q_init(struct esfq_sched_data *q, struct rtattr *opt) ++{ ++ struct tc_esfq_qopt *ctl = RTA_DATA(opt); ++ esfq_index p = ~0U/2; ++ int i; ++ ++ if (opt && opt->rta_len < RTA_LENGTH(sizeof(*ctl))) ++ return -EINVAL; ++ ++ q->perturbation = 0; ++ q->hash_kind = TCA_SFQ_HASH_CLASSIC; ++ q->max_depth = 0; ++ if (opt == NULL) { ++ q->perturb_period = 0; ++ q->hash_divisor = 1024; ++ q->tail = q->limit = q->depth = 128; ++ ++ } else { ++ struct tc_esfq_qopt *ctl = RTA_DATA(opt); ++ if (ctl->quantum) ++ q->quantum = ctl->quantum; ++ q->perturb_period = ctl->perturb_period*HZ; ++ q->hash_divisor = ctl->divisor ? : 1024; ++ q->tail = q->limit = q->depth = ctl->flows ? : 128; ++ ++ if ( q->depth > p - 1 ) ++ return -EINVAL; ++ ++ if (ctl->limit) ++ q->limit = min_t(u32, ctl->limit, q->depth); ++ ++ if (ctl->hash_kind) { ++ q->hash_kind = esfq_check_hash(ctl->hash_kind); ++ } ++ } ++ ++ q->ht = kmalloc(q->hash_divisor*sizeof(esfq_index), GFP_KERNEL); ++ if (!q->ht) ++ goto err_case; ++ q->dep = kmalloc((1+q->depth*2)*sizeof(struct esfq_head), GFP_KERNEL); ++ if (!q->dep) ++ goto err_case; ++ q->next = kmalloc(q->depth*sizeof(esfq_index), GFP_KERNEL); ++ if (!q->next) ++ goto err_case; ++ q->allot = kmalloc(q->depth*sizeof(short), GFP_KERNEL); ++ if (!q->allot) ++ goto err_case; ++ q->hash = kmalloc(q->depth*sizeof(unsigned short), GFP_KERNEL); ++ if (!q->hash) ++ goto err_case; ++ q->qs = kmalloc(q->depth*sizeof(struct sk_buff_head), GFP_KERNEL); ++ if (!q->qs) ++ goto err_case; ++ ++ for (i=0; i< q->hash_divisor; i++) ++ q->ht[i] = q->depth; ++ for (i=0; i<q->depth; i++) { ++ skb_queue_head_init(&q->qs[i]); ++ q->dep[i+q->depth].next = i+q->depth; ++ q->dep[i+q->depth].prev = i+q->depth; ++ } ++ ++ for (i=0; i<q->depth; i++) ++ esfq_link(q, i); ++ return 0; ++err_case: ++ esfq_q_destroy(q); ++ return -ENOBUFS; ++} ++ ++static int esfq_init(struct Qdisc *sch, struct rtattr *opt) ++{ ++ struct esfq_sched_data *q = qdisc_priv(sch); ++ int err; ++ ++ q->quantum = psched_mtu(sch->dev); /* default */ ++ if ((err = esfq_q_init(q, opt))) ++ return err; ++ ++ init_timer(&q->perturb_timer); ++ q->perturb_timer.data = (unsigned long)sch; ++ q->perturb_timer.function = esfq_perturbation; ++ if (q->perturb_period) { ++ q->perturb_timer.expires = jiffies + q->perturb_period; ++ add_timer(&q->perturb_timer); ++ } ++ ++ return 0; ++} ++ ++static int esfq_change(struct Qdisc *sch, struct rtattr *opt) ++{ ++ struct esfq_sched_data *q = qdisc_priv(sch); ++ struct esfq_sched_data new; ++ struct sk_buff *skb; ++ int err; ++ ++ /* set up new queue */ ++ memset(&new, 0, sizeof(struct esfq_sched_data)); ++ new.quantum = psched_mtu(sch->dev); /* default */ ++ if ((err = esfq_q_init(&new, opt))) ++ return err; ++ ++ /* copy all packets from the old queue to the new queue */ ++ sch_tree_lock(sch); ++ while ((skb = esfq_q_dequeue(q)) != NULL) ++ esfq_q_enqueue(skb, &new, ESFQ_TAIL); ++ ++ /* clean up the old queue */ ++ esfq_q_destroy(q); ++ ++ /* copy elements of the new queue into the old queue */ ++ q->perturb_period = new.perturb_period; ++ q->quantum = new.quantum; ++ q->limit = new.limit; ++ q->depth = new.depth; ++ q->hash_divisor = new.hash_divisor; ++ q->hash_kind = new.hash_kind; ++ q->tail = new.tail; ++ q->max_depth = new.max_depth; ++ q->ht = new.ht; ++ q->dep = new.dep; ++ q->next = new.next; ++ q->allot = new.allot; ++ q->hash = new.hash; ++ q->qs = new.qs; ++ ++ /* finish up */ ++ if (q->perturb_period) { ++ q->perturb_timer.expires = jiffies + q->perturb_period; ++ add_timer(&q->perturb_timer); ++ } else { ++ q->perturbation = 0; ++ } ++ sch_tree_unlock(sch); ++ return 0; ++} ++ ++static int esfq_dump(struct Qdisc *sch, struct sk_buff *skb) ++{ ++ struct esfq_sched_data *q = qdisc_priv(sch); ++ unsigned char *b = skb->tail; ++ struct tc_esfq_qopt opt; ++ ++ opt.quantum = q->quantum; ++ opt.perturb_period = q->perturb_period/HZ; ++ ++ opt.limit = q->limit; ++ opt.divisor = q->hash_divisor; ++ opt.flows = q->depth; ++ opt.hash_kind = q->hash_kind; ++ ++ RTA_PUT(skb, TCA_OPTIONS, sizeof(opt), &opt); ++ ++ return skb->len; ++ ++rtattr_failure: ++ skb_trim(skb, b - skb->data); ++ return -1; ++} ++ ++static struct Qdisc_ops esfq_qdisc_ops = ++{ ++ .next = NULL, ++ .cl_ops = NULL, ++ .id = "esfq", ++ .priv_size = sizeof(struct esfq_sched_data), ++ .enqueue = esfq_enqueue, ++ .dequeue = esfq_dequeue, ++ .requeue = esfq_requeue, ++ .drop = esfq_drop, ++ .init = esfq_init, ++ .reset = esfq_reset, ++ .destroy = esfq_destroy, ++ .change = esfq_change, ++ .dump = esfq_dump, ++ .owner = THIS_MODULE, ++}; ++ ++static int __init esfq_module_init(void) ++{ ++ return register_qdisc(&esfq_qdisc_ops); ++} ++static void __exit esfq_module_exit(void) ++{ ++ unregister_qdisc(&esfq_qdisc_ops); ++} ++module_init(esfq_module_init) ++module_exit(esfq_module_exit) ++MODULE_LICENSE("GPL"); diff --git a/target/linux/generic-2.6/patches-2.6.27/202-mips-freestanding.patch b/target/linux/generic-2.6/patches-2.6.27/202-mips-freestanding.patch new file mode 100644 index 0000000000..52b6825dcb --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/202-mips-freestanding.patch @@ -0,0 +1,12 @@ +--- a/arch/mips/Makefile ++++ b/arch/mips/Makefile +@@ -577,6 +577,9 @@ + # + core-$(CONFIG_TOSHIBA_RBTX4938) += arch/mips/txx9/rbtx4938/ + ++# temporary until string.h is fixed ++cflags-y += -ffreestanding ++ + cflags-y += -Iinclude/asm-mips/mach-generic + drivers-$(CONFIG_PCI) += arch/mips/pci/ + diff --git a/target/linux/generic-2.6/patches-2.6.27/204-jffs2_eofdetect.patch b/target/linux/generic-2.6/patches-2.6.27/204-jffs2_eofdetect.patch new file mode 100644 index 0000000000..17a082d2c2 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/204-jffs2_eofdetect.patch @@ -0,0 +1,132 @@ +--- a/fs/jffs2/build.c ++++ b/fs/jffs2/build.c +@@ -111,6 +111,17 @@ + dbg_fsbuild("scanned flash completely\n"); + jffs2_dbg_dump_block_lists_nolock(c); + ++ if (c->flags & (1 << 7)) { ++ printk("%s(): unlocking the mtd device... ", __func__); ++ if (c->mtd->unlock) ++ c->mtd->unlock(c->mtd, 0, c->mtd->size); ++ printk("done.\n"); ++ ++ printk("%s(): erasing all blocks after the end marker... ", __func__); ++ jffs2_erase_pending_blocks(c, -1); ++ printk("done.\n"); ++ } ++ + dbg_fsbuild("pass 1 starting\n"); + c->flags |= JFFS2_SB_FLAG_BUILDING; + /* Now scan the directory tree, increasing nlink according to every dirent found. */ +--- a/fs/jffs2/scan.c ++++ b/fs/jffs2/scan.c +@@ -72,7 +72,7 @@ + return ret; + if ((ret = jffs2_scan_dirty_space(c, jeb, jeb->free_size))) + return ret; +- /* Turned wasted size into dirty, since we apparently ++ /* Turned wasted size into dirty, since we apparently + think it's recoverable now. */ + jeb->dirty_size += jeb->wasted_size; + c->dirty_size += jeb->wasted_size; +@@ -144,8 +144,11 @@ + /* reset summary info for next eraseblock scan */ + jffs2_sum_reset_collected(s); + +- ret = jffs2_scan_eraseblock(c, jeb, buf_size?flashbuf:(flashbuf+jeb->offset), +- buf_size, s); ++ if (c->flags & (1 << 7)) ++ ret = BLK_STATE_ALLFF; ++ else ++ ret = jffs2_scan_eraseblock(c, jeb, buf_size?flashbuf:(flashbuf+jeb->offset), ++ buf_size, s); + + if (ret < 0) + goto out; +@@ -400,7 +403,7 @@ + if (!ref) + return -ENOMEM; + +- /* BEFORE jffs2_build_xattr_subsystem() called, ++ /* BEFORE jffs2_build_xattr_subsystem() called, + * and AFTER xattr_ref is marked as a dead xref, + * ref->xid is used to store 32bit xid, xd is not used + * ref->ino is used to store 32bit inode-number, ic is not used +@@ -473,7 +476,7 @@ + struct jffs2_sum_marker *sm; + void *sumptr = NULL; + uint32_t sumlen; +- ++ + if (!buf_size) { + /* XIP case. Just look, point at the summary if it's there */ + sm = (void *)buf + c->sector_size - sizeof(*sm); +@@ -489,9 +492,9 @@ + buf_len = sizeof(*sm); + + /* Read as much as we want into the _end_ of the preallocated buffer */ +- err = jffs2_fill_scan_buf(c, buf + buf_size - buf_len, ++ err = jffs2_fill_scan_buf(c, buf + buf_size - buf_len, + jeb->offset + c->sector_size - buf_len, +- buf_len); ++ buf_len); + if (err) + return err; + +@@ -510,9 +513,9 @@ + } + if (buf_len < sumlen) { + /* Need to read more so that the entire summary node is present */ +- err = jffs2_fill_scan_buf(c, sumptr, ++ err = jffs2_fill_scan_buf(c, sumptr, + jeb->offset + c->sector_size - sumlen, +- sumlen - buf_len); ++ sumlen - buf_len); + if (err) + return err; + } +@@ -525,7 +528,7 @@ + + if (buf_size && sumlen > buf_size) + kfree(sumptr); +- /* If it returns with a real error, bail. ++ /* If it returns with a real error, bail. + If it returns positive, that's a block classification + (i.e. BLK_STATE_xxx) so return that too. + If it returns zero, fall through to full scan. */ +@@ -546,6 +549,17 @@ + return err; + } + ++ if ((buf[0] == 0xde) && ++ (buf[1] == 0xad) && ++ (buf[2] == 0xc0) && ++ (buf[3] == 0xde)) { ++ /* end of filesystem. erase everything after this point */ ++ printk("%s(): End of filesystem marker found at 0x%x\n", __func__, jeb->offset); ++ c->flags |= (1 << 7); ++ ++ return BLK_STATE_ALLFF; ++ } ++ + /* We temporarily use 'ofs' as a pointer into the buffer/jeb */ + ofs = 0; + +@@ -671,7 +685,7 @@ + scan_end = buf_len; + goto more_empty; + } +- ++ + /* See how much more there is to read in this eraseblock... */ + buf_len = min_t(uint32_t, buf_size, jeb->offset + c->sector_size - ofs); + if (!buf_len) { +@@ -907,7 +921,7 @@ + + D1(printk(KERN_DEBUG "Block at 0x%08x: free 0x%08x, dirty 0x%08x, unchecked 0x%08x, used 0x%08x, wasted 0x%08x\n", + jeb->offset,jeb->free_size, jeb->dirty_size, jeb->unchecked_size, jeb->used_size, jeb->wasted_size)); +- ++ + /* mark_node_obsolete can add to wasted !! */ + if (jeb->wasted_size) { + jeb->dirty_size += jeb->wasted_size; diff --git a/target/linux/generic-2.6/patches-2.6.27/207-powerpc_asm_segment_h.patch b/target/linux/generic-2.6/patches-2.6.27/207-powerpc_asm_segment_h.patch new file mode 100644 index 0000000000..1272e82c75 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/207-powerpc_asm_segment_h.patch @@ -0,0 +1,9 @@ +--- /dev/null ++++ b/include/asm-powerpc/segment.h +@@ -0,0 +1,6 @@ ++#ifndef _ASM_SEGMENT_H ++#define _ASM_SEGMENT_H ++ ++/* Only here because we have some old header files that expect it.. */ ++ ++#endif /* _ASM_SEGMENT_H */ diff --git a/target/linux/generic-2.6/patches-2.6.27/208-rtl8110sb_fix.patch b/target/linux/generic-2.6/patches-2.6.27/208-rtl8110sb_fix.patch new file mode 100644 index 0000000000..6289f527b4 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/208-rtl8110sb_fix.patch @@ -0,0 +1,42 @@ +--- a/drivers/net/r8169.c ++++ b/drivers/net/r8169.c +@@ -1519,7 +1519,7 @@ + .hw_start = rtl_hw_start_8169, + .region = 1, + .align = 0, +- .intr_event = SYSErr | LinkChg | RxOverflow | ++ .intr_event = LinkChg | RxOverflow | + RxFIFOOver | TxErr | TxOK | RxOK | RxErr, + .napi_event = RxFIFOOver | TxErr | TxOK | RxOK | RxOverflow, + .msi = 0 +@@ -1528,7 +1528,7 @@ + .hw_start = rtl_hw_start_8168, + .region = 2, + .align = 8, +- .intr_event = SYSErr | LinkChg | RxOverflow | ++ .intr_event = LinkChg | RxOverflow | + TxErr | TxOK | RxOK | RxErr, + .napi_event = TxErr | TxOK | RxOK | RxOverflow, + .msi = RTL_FEATURE_MSI +@@ -1537,7 +1537,7 @@ + .hw_start = rtl_hw_start_8101, + .region = 2, + .align = 8, +- .intr_event = SYSErr | LinkChg | RxOverflow | PCSTimeout | ++ .intr_event = LinkChg | RxOverflow | PCSTimeout | + RxFIFOOver | TxErr | TxOK | RxOK | RxErr, + .napi_event = RxFIFOOver | TxErr | TxOK | RxOK | RxOverflow, + .msi = RTL_FEATURE_MSI +@@ -2873,10 +2873,12 @@ + goto out; + } + ++#if 0 + if (unlikely(status & SYSErr)) { + rtl8169_pcierr_interrupt(dev); + goto out; + } ++#endif + + if (status & LinkChg) + rtl8169_check_link_status(dev, tp, ioaddr); diff --git a/target/linux/generic-2.6/patches-2.6.27/209-mini_fo.patch b/target/linux/generic-2.6/patches-2.6.27/209-mini_fo.patch new file mode 100644 index 0000000000..3e64c1f397 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/209-mini_fo.patch @@ -0,0 +1,7776 @@ +--- a/fs/Kconfig ++++ b/fs/Kconfig +@@ -1430,6 +1430,9 @@ + To compile this as a module, choose M here: the module will be + called freevxfs. If unsure, say N. + ++config MINI_FO ++ tristate "Mini fanout overlay filesystem" ++ + config MINIX_FS + tristate "Minix file system support" + depends on BLOCK +--- a/fs/Makefile ++++ b/fs/Makefile +@@ -78,6 +78,7 @@ + obj-y += ramfs/ + obj-$(CONFIG_HUGETLBFS) += hugetlbfs/ + obj-$(CONFIG_CODA_FS) += coda/ ++obj-$(CONFIG_MINI_FO) += mini_fo/ + obj-$(CONFIG_MINIX_FS) += minix/ + obj-$(CONFIG_FAT_FS) += fat/ + obj-$(CONFIG_MSDOS_FS) += msdos/ +--- /dev/null ++++ b/fs/mini_fo/aux.c +@@ -0,0 +1,577 @@ ++/* ++ * Copyright (c) 1997-2003 Erez Zadok ++ * Copyright (c) 2001-2003 Stony Brook University ++ * ++ * For specific licensing information, see the COPYING file distributed with ++ * this package, or get one from ftp://ftp.filesystems.org/pub/fist/COPYING. ++ * ++ * This Copyright notice must be kept intact and distributed with all ++ * fistgen sources INCLUDING sources generated by fistgen. ++ */ ++/* ++ * Copyright (C) 2004, 2005 Markus Klotzbuecher <mk@creamnet.de> ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ */ ++/* ++ * $Id$ ++ */ ++ ++#ifdef HAVE_CONFIG_H ++# include <config.h> ++#endif ++ ++#include "fist.h" ++#include "mini_fo.h" ++ ++/* check if file exists in storage */ ++int exists_in_storage(dentry_t *dentry) ++{ ++ check_mini_fo_dentry(dentry); ++ if(dtost(dentry) == MODIFIED || dtost(dentry) == CREATED || dtost(dentry) == DEL_REWRITTEN) ++ return 1; ++ return 0; ++} ++ ++/* check if dentry is in an existing state */ ++int is_mini_fo_existant(dentry_t *dentry) ++{ ++ check_mini_fo_dentry(dentry); ++ ++ if(dtost(dentry) == DELETED || dtost(dentry) == NON_EXISTANT) ++ return 0; ++ else ++ return 1; ++} ++ ++/* ++ * This function will create a negative storage dentry for ++ * dentry, what is required for many create like options. ++ * It will create the storage structure if necessary. ++ */ ++int get_neg_sto_dentry(dentry_t *dentry) ++{ ++ int err = 0; ++ unsigned int len; ++ const unsigned char *name; ++ ++ if(!dentry || ++ !dtopd(dentry) || ++ !(dtost(dentry) == UNMODIFIED || ++ dtost(dentry) == NON_EXISTANT || ++ dtost(dentry) == DELETED)) { ++ printk(KERN_CRIT "mini_fo: get_neg_sto_dentry: invalid dentry passed.\n"); ++ err = -1; ++ goto out; ++ } ++ /* Have we got a neg. dentry already? */ ++ if(dtohd2(dentry)) { ++ err = 0; ++ goto out; ++ } ++ if(dtost(dentry->d_parent) == UNMODIFIED) { ++ /* build sto struct */ ++ err = build_sto_structure(dentry->d_parent->d_parent, dentry->d_parent); ++ if(err || ++ dtost(dentry->d_parent) != MODIFIED) { ++ printk(KERN_CRIT "mini_fo: get_neg_sto_dentry: ERROR building sto structure.\n"); ++ err = -1; ++ goto out; ++ } ++ } ++ ++ len = dentry->d_name.len; ++ name = dentry->d_name.name; ++ ++ dtohd2(dentry) = ++ lookup_one_len(name, dtohd2(dentry->d_parent), len); ++ ++ out: ++ return err; ++} ++ ++int check_mini_fo_dentry(dentry_t *dentry) ++{ ++ ASSERT(dentry != NULL); ++ ASSERT(dtopd(dentry) != NULL); ++ ASSERT((dtohd(dentry) != NULL) || (dtohd2(dentry) != NULL)); ++ ++/* if(dtost(dentry) == MODIFIED) { */ ++/* ASSERT(dentry->d_inode != NULL); */ ++/* ASSERT(dtohd(dentry) != NULL); */ ++/* ASSERT(dtohd(dentry)->d_inode != NULL); */ ++/* ASSERT(dtohd2(dentry) != NULL); */ ++/* ASSERT(dtohd2(dentry)->d_inode != NULL); */ ++/* } */ ++/* else if(dtost(dentry) == UNMODIFIED) { */ ++/* ASSERT(dentry->d_inode != NULL); */ ++/* ASSERT( */ ++/* } */ ++ return 0; ++} ++ ++int check_mini_fo_file(file_t *file) ++{ ++ ASSERT(file != NULL); ++ ASSERT(ftopd(file) != NULL); ++ ASSERT(file->f_dentry != NULL); ++ ++ /* violent checking, check depending of state and type ++ * if(S_ISDIR(file->f_dentry->d_inode->i_mode)) {} ++ */ ++ ASSERT((ftohf(file) != NULL) || (ftohf2(file) != NULL)); ++ return 0; ++} ++ ++int check_mini_fo_inode(inode_t *inode) ++{ ++ ASSERT(inode != NULL); ++ ASSERT(itopd(inode) != NULL); ++ ASSERT((itohi(inode) != NULL) || (itohi2(inode) != NULL)); ++ return 0; ++} ++ ++/* ++ * will walk a base path as provided by get_mini_fo_bpath and return ++ * the (hopefully ;-) ) positive dentry of the renamed base dir. ++ * ++ * This does some work of path_init. ++ */ ++dentry_t *bpath_walk(super_block_t *sb, char *bpath) ++{ ++ int err; ++ struct vfsmount *mnt; ++ struct nameidata nd; ++ ++ /* be paranoid */ ++ if(!bpath || bpath[0] != '/') { ++ printk(KERN_CRIT "mini_fo: bpath_walk: Invalid string.\n"); ++ return NULL; ++ } ++ if(!sb || !stopd(sb)) { ++ printk(KERN_CRIT "mini_fo: bpath_walk: Invalid sb.\n"); ++ return NULL; ++ } ++ ++ /* fix this: how do I reach this lock? ++ * read_lock(¤t->fs->lock); */ ++ mnt = mntget(stopd(sb)->hidden_mnt); ++ /* read_unlock(¤t->fs->lock); */ ++ ++ err = vfs_path_lookup(mnt->mnt_root, mnt, bpath+1, 0, &nd); ++ ++ /* validate */ ++ if (err || !nd.dentry || !nd.dentry->d_inode) { ++ printk(KERN_CRIT "mini_fo: bpath_walk: path_walk failed.\n"); ++ return NULL; ++ } ++ return nd.dentry; ++} ++ ++ ++/* returns the full path of the basefile incl. its name */ ++int get_mini_fo_bpath(dentry_t *dentry, char **bpath, int *bpath_len) ++{ ++ char *buf_walker; ++ int len = 0; ++ dentry_t *sky_walker; ++ ++ if(!dentry || !dtohd(dentry)) { ++ printk(KERN_CRIT "mini_fo: get_mini_fo_bpath: invalid dentry passed.\n"); ++ return -1; ++ } ++ sky_walker = dtohd(dentry); ++ ++ do { ++ len += sky_walker->d_name.len + 1 ; /* 1 for '/' */ ++ sky_walker = sky_walker->d_parent; ++ } while(sky_walker != stopd(dentry->d_inode->i_sb)->base_dir_dentry); ++ ++ /* 1 to oil the loop */ ++ *bpath = (char*) kmalloc(len + 1, GFP_KERNEL); ++ if(!*bpath) { ++ printk(KERN_CRIT "mini_fo: get_mini_fo_bpath: out of mem.\n"); ++ return -1; ++ } ++ buf_walker = *bpath+len; /* put it on last char */ ++ *buf_walker = '\n'; ++ sky_walker = dtohd(dentry); ++ ++ do { ++ buf_walker -= sky_walker->d_name.len; ++ strncpy(buf_walker, ++ sky_walker->d_name.name, ++ sky_walker->d_name.len); ++ *(--buf_walker) = '/'; ++ sky_walker = sky_walker->d_parent; ++ } while(sky_walker != stopd(dentry->d_inode->i_sb)->base_dir_dentry); ++ ++ /* bpath_len doesn't count newline! */ ++ *bpath_len = len; ++ return 0; ++} ++ ++int mini_fo_cp_cont(dentry_t *tgt_dentry, struct vfsmount *tgt_mnt, ++ dentry_t *src_dentry, struct vfsmount *src_mnt) ++{ ++ void *buf; ++ mm_segment_t old_fs; ++ file_t *tgt_file; ++ file_t *src_file; ++ int bytes, len, tmp, err; ++ err = 0; ++ ++ if(!(tgt_dentry->d_inode && src_dentry->d_inode)) { ++ printk(KERN_CRIT "mini_fo_cp_cont: ERROR, neg. dentry passed.\n"); ++ err = -EINVAL; ++ goto out; ++ } ++ ++ dget(tgt_dentry); ++ dget(src_dentry); ++ mntget(tgt_mnt); ++ mntget(src_mnt); ++ ++ /* open file write only */ ++ tgt_file = dentry_open(tgt_dentry, tgt_mnt, 0x1); ++ if(!tgt_file || IS_ERR(tgt_file)) { ++ printk(KERN_CRIT "mini_fo_cp_cont: ERROR opening target file.\n"); ++ err = PTR_ERR(tgt_file); ++ goto out_err; ++ } ++ ++ /* open file read only */ ++ src_file = dentry_open(src_dentry, src_mnt, 0x0); ++ if(!src_file || IS_ERR(src_file)) { ++ printk(KERN_CRIT "mini_fo_cp_cont: ERROR opening source file.\n"); ++ err = PTR_ERR(src_file); ++ ++ /* close target file */ ++ fput(tgt_file); ++ goto out_err; ++ } ++ ++ /* check if the filesystem(s) support read respective write */ ++ if(!src_file->f_op->read || !tgt_file->f_op->write) { ++ printk(KERN_CRIT "mini_fo_cp_cont: ERROR, no fs read or write support.\n"); ++ err = -EPERM; ++ goto out_close; ++ } ++ ++ /* allocate a page for transfering the data */ ++ buf = (void *) __get_free_page(GFP_KERNEL); ++ if(!buf) { ++ printk(KERN_CRIT "mini_fo_cp_cont: ERROR, out of kernel mem.\n"); ++ goto out_err; ++ } ++ ++ tgt_file->f_pos = 0; ++ src_file->f_pos = 0; ++ ++ old_fs = get_fs(); ++ set_fs(KERNEL_DS); ++ ++ /* Doing this I assume that a read operation will return a full ++ * buffer while there is still data to read, and a less than ++ * full buffer when all data has been read. ++ */ ++ bytes = len = PAGE_SIZE; ++ while(bytes == len) { ++ bytes = src_file->f_op->read(src_file, buf, len, ++ &src_file->f_pos); ++ tmp = tgt_file->f_op->write(tgt_file, buf, bytes, ++ &tgt_file->f_pos); ++ if(tmp != bytes) { ++ printk(KERN_CRIT "mini_fo_cp_cont: ERROR writing.\n"); ++ goto out_close_unset; ++ } ++ } ++ ++ free_page((unsigned long) buf); ++ set_fs(old_fs); ++ fput(tgt_file); ++ fput(src_file); ++ goto out; ++ ++ out_close_unset: ++ free_page((unsigned long) buf); ++ set_fs(old_fs); ++ ++ out_close: ++ fput(tgt_file); ++ fput(src_file); ++ ++ out_err: ++ dput(tgt_dentry); ++ dput(src_dentry); ++ ++ /* mk: not sure if this need to be done */ ++ mntput(tgt_mnt); ++ mntput(src_mnt); ++ ++ out: ++ return err; ++} ++ ++/* mk: ++ * ndl (no-duplicate list) stuff ++ * This is used in mini_fo_readdir, to save the storage directory contents ++ * and later when reading base, match them against the list in order ++ * to avoid duplicates. ++ */ ++ ++/* add a file specified by name and len to the ndl ++ * Return values: 0 on success, <0 on failure. ++ */ ++int ndl_add_entry(struct readdir_data *rd, const char *name, int len) ++{ ++ struct ndl_entry *tmp_entry; ++ ++ tmp_entry = (struct ndl_entry *) ++ kmalloc(sizeof(struct ndl_entry), GFP_KERNEL); ++ if(!tmp_entry) { ++ printk(KERN_CRIT "mini_fo: ndl_add_entry: out of mem.\n"); ++ return -ENOMEM; ++ } ++ tmp_entry->name = (char*) kmalloc(len, GFP_KERNEL); ++ if(!tmp_entry->name) { ++ printk(KERN_CRIT "mini_fo: ndl_add_entry: out of mem.\n"); ++ return -ENOMEM; ++ } ++ strncpy(tmp_entry->name, name, len); ++ tmp_entry->len = len; ++ ++ list_add(&tmp_entry->list, &rd->ndl_list); ++ rd->ndl_size++; ++ return 0; ++} ++ ++/* delete all list entries and free memory */ ++void ndl_put_list(struct readdir_data *rd) ++{ ++ struct list_head *tmp; ++ struct ndl_entry *tmp_entry; ++ ++ if(rd->ndl_size <= 0) ++ return; ++ while(!list_empty(&rd->ndl_list)) { ++ tmp = rd->ndl_list.next; ++ list_del(tmp); ++ tmp_entry = list_entry(tmp, struct ndl_entry, list); ++ kfree(tmp_entry->name); ++ kfree(tmp_entry); ++ } ++ rd->ndl_size = 0; ++} ++ ++/* Check if a file specified by name and len is in the ndl ++ * Return value: 0 if not in list, 1 if file is found in ndl. ++ */ ++int ndl_check_entry(struct readdir_data *rd, const char *name, int len) ++{ ++ struct list_head *tmp; ++ struct ndl_entry *tmp_entry; ++ ++ if(rd->ndl_size <= 0) ++ return 0; ++ ++ list_for_each(tmp, &rd->ndl_list) { ++ tmp_entry = list_entry(tmp, struct ndl_entry, list); ++ if(tmp_entry->len != len) ++ continue; ++ if(!strncmp(tmp_entry->name, name, len)) ++ return 1; ++ } ++ return 0; ++} ++ ++/* mk: ++ * Recursive function to create corresponding directorys in the storage fs. ++ * The function will build the storage directorys up to dentry. ++ */ ++int build_sto_structure(dentry_t *dir, dentry_t *dentry) ++{ ++ int err; ++ dentry_t *hidden_sto_dentry; ++ dentry_t *hidden_sto_dir_dentry; ++ ++ if(dentry->d_parent != dir) { ++ printk(KERN_CRIT "mini_fo: build_sto_structure: invalid parameter or meta data corruption [1].\n"); ++ return 1; ++ } ++ ++ if(dtost(dir) != MODIFIED) { ++ err = build_sto_structure(dir->d_parent, dentry->d_parent); ++ if(err) ++ return err; ++ } ++ ++ /* ok, coming back again. */ ++ check_mini_fo_dentry(dentry); ++ hidden_sto_dentry = dtohd2(dentry); ++ ++ if(!hidden_sto_dentry) { ++ /* ++ * This is the case after creating the first ++ * hidden_sto_dentry. ++ * After one negative storage_dentry, all pointers to ++ * hidden_storage dentries are set to NULL. We need to ++ * create the negative dentry before we create the storage ++ * file. ++ */ ++ unsigned int len; ++ const unsigned char *name; ++ len = dtohd(dentry)->d_name.len; ++ name = dtohd(dentry)->d_name.name; ++ hidden_sto_dentry = lookup_one_len(name, dtohd2(dir), len); ++ dtohd2(dentry) = hidden_sto_dentry; ++ } ++ ++ /* was: hidden_sto_dir_dentry = lock_parent(hidden_sto_dentry); */ ++ hidden_sto_dir_dentry = dget(hidden_sto_dentry->d_parent); ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ down(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ /* lets be safe */ ++ if(dtohd2(dir) != hidden_sto_dir_dentry) { ++ printk(KERN_CRIT "mini_fo: build_sto_structure: invalid parameter or meta data corruption [2].\n"); ++ return 1; ++ } ++ ++ /* check for errors in lock_parent */ ++ err = PTR_ERR(hidden_sto_dir_dentry); ++ if(IS_ERR(hidden_sto_dir_dentry)) { ++ printk(KERN_CRIT "mini_fo: build_sto_structure: lock_parent failed.\n"); ++ return err; ++ } ++ ++ err = vfs_mkdir(hidden_sto_dir_dentry->d_inode, ++ hidden_sto_dentry, ++ dir->d_inode->i_mode); ++ ++ if(err) { ++ printk(KERN_CRIT "mini_fo: build_sto_structure: failed to create storage dir [1].\n"); ++ /* was: unlock_dir(dir); */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&dir->d_inode->i_mutex); ++#else ++ up(&dir->d_inode->i_sem); ++#endif ++ dput(dir); ++ return err; ++ } ++ ++ /* everything ok! */ ++ if(!dtohd2(dentry)->d_inode) { ++ printk(KERN_CRIT "mini_fo: build_sto_structure: failed to create storage dir [2].\n"); ++ /* was: unlock_dir(dir); */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&dir->d_inode->i_mutex); ++#else ++ up(&dir->d_inode->i_sem); ++#endif ++ dput(dir); ++ return 1; ++ } ++ ++ /* interpose the new inode and set new state */ ++ itohi2(dentry->d_inode) = igrab(dtohd2(dentry)->d_inode); ++ dtopd(dentry)->state = MODIFIED; ++ ++ /* initalize the wol list */ ++ itopd(dentry->d_inode)->deleted_list_size = -1; ++ itopd(dentry->d_inode)->renamed_list_size = -1; ++ meta_build_lists(dentry); ++ ++ fist_copy_attr_all(dentry->d_inode, itohi2(dentry->d_inode)); ++ fist_copy_attr_timesizes(dir->d_inode, ++ hidden_sto_dir_dentry->d_inode); ++ dir->d_inode->i_nlink++; ++ /* was: unlock_dir(hidden_sto_dir_dentry); */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ up(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ dput(hidden_sto_dir_dentry); ++ return 0; ++} ++ ++ ++#if 0 /* unused */ ++ ++/* ++ * Read "len" bytes from "filename" into "buf". ++ * "buf" is in kernel space. ++ */ ++int ++mini_fo_read_file(const char *filename, void *buf, int len) ++{ ++ file_t *filp; ++ mm_segment_t oldfs; ++ int bytes; ++ /* Chroot? Maybe NULL isn't right here */ ++ filp = filp_open(filename, O_RDONLY, 0); ++ if (!filp || IS_ERR(filp)) { ++ printk("mini_fo_read_file err %d\n", (int) PTR_ERR(filp)); ++ return -1; /* or do something else */ ++ } ++ ++ if (!filp->f_op->read) ++ return -2; /* file(system) doesn't allow reads */ ++ ++ /* now read len bytes from offset 0 */ ++ filp->f_pos = 0; /* start offset */ ++ oldfs = get_fs(); ++ set_fs(KERNEL_DS); ++ bytes = filp->f_op->read(filp, buf, len, &filp->f_pos); ++ set_fs(oldfs); ++ ++ /* close the file */ ++ fput(filp); ++ ++ return bytes; ++} ++ ++ ++ ++/* ++ * Write "len" bytes from "buf" to "filename" ++ * "buf" is in kernel space. ++ */ ++int ++mini_fo_write_file(const char *filename, void *buf, int len) ++{ ++ file_t *filp; ++ mm_segment_t oldfs; ++ int bytes; ++ /* Chroot? Maybe NULL isn't right here */ ++ filp = filp_open(filename, O_RDWR|O_CREAT, 0640); ++ if (!filp || IS_ERR(filp)) { ++ printk("mini_fo_write_file err %d\n", (int) PTR_ERR(filp)); ++ return -1; /* or do something else */ ++ } ++ ++ if (!filp->f_op->write) ++ return -2; /* file(system) doesn't allow writes */ ++ ++ /* now write len bytes from offset 0 */ ++ filp->f_pos = 0; /* start offset */ ++ oldfs = get_fs(); ++ set_fs(KERNEL_DS); ++ bytes = filp->f_op->write(filp, buf, len, &filp->f_pos); ++ set_fs(oldfs); ++ ++ /* close the file */ ++ fput(filp); ++ ++ return bytes; ++} ++ ++#endif /* unused */ ++ +--- /dev/null ++++ b/fs/mini_fo/ChangeLog +@@ -0,0 +1,281 @@ ++2006-01-24 Markus Klotzbuecher <mk@mary.denx.de> ++ ++ * Add tons of ugly ifdefs to Ed L. Cashin's mutex patch to ++ retain backwards compatibility. ++ ++2006-01-24 Ed L. Cashin <ecashin@coraid.com> ++ ++ * Support for the new mutex infrastructure ++ (7892f2f48d165a34b0b8130c8a195dfd807b8cb6) ++ ++2005-10-15 Markus Klotzbuecher <mk@localhost.localdomain> ++ ++ * Bugfix for a serious memory leak in mini_fo_follow_link. ++ ++2005-09-21 Markus Klotzbuecher <mk@mary> ++ ++ * new release 0.6.1 ++ ++ * fix of a compiler warning due to changes in 2.6.13 ++ ++2005-09-21 Klaus Wenninger <klaus.wenninger@siemens.com> ++ ++ * file.c: readdir: fix for a bug that caused directory entries ++ to show up twice when using storage filesystems such as ++ minixfs or pramfs. ++ ++2005-06-30 Eric Lammerts <eric@lammerts.org> ++ ++ * fix for an oops when overwriting a binary thats beeing ++ executed. ++ ++2005-06-09 <mk@mary> ++ ++ * Renamed overlay to mini_fo-overlay. ++ ++ * Added mini_fo-merge script to allow merging of storage and base ++ after making modifications. ++ ++2005-05-22 root <mk@mary> ++ ++ * Added overlay script that allows to easily mount mini_fo ontop ++ of a given base directory ++ ++2005-05-10 <mk@mary> ++ ++ * inode.c: xattr functions return -EOPNOSUPP instead of ++ -ENOSUPP, what confuses "ls -l" ++ ++ * Changed license from LGPL to GPL. ++ ++2005-05-08 root <mk@mary> ++ ++ * Makefile: clean it up and added make install and make ++ uninstall. ++ ++2005-05-06 <mk@mary> ++ ++ * merged devel branch back to main. [v0-6-0-pre3] ++ ++ * removed unused files print.c and fist_ioctl. [devel-0-0-18] ++ ++ * ioctl: removed fist_ioctl stuff, that is not needed for ++ now. ++ ++2005-05-03 <mk@mary> ++ ++ * file.c: simplified mini_fo_open and mini_fo_setattr using ++ new state changing functions. [devel-0-0-17] ++ ++ * inode.c: Fixed getattr state bug (see below) in 2.4 function ++ mini_fo_inode revalidate. ++ ++ * inode.c: found an other bug in mini_fo_getattr. States are not ++ reliable in this function, as a file can be opened, unlinked and ++ the getattr function called. This results in a deleted dentry ++ with an inode. Fix is to ignore states and simply use the inode ++ available. ++ ++2005-04-29 <mk@mary> ++ ++ * file.c: Bugfix and cleanup in fasync and fsync. [devel-0-0-16] ++ ++ * file.c: do not use mini_fo_lock so the generic version is ++ used (I guess). ++ ++ * inode.c: getattr, never call getattr on lower files, as this ++ will cause the inum to change. ++ ++ * inode.c: rename_reg_file renamed to rename_nondir, as it ++ doesn't matter as long it't not a dir. Removed all ++ rename_dev_file etc. ++ ++ * tagged as devel-0-0-15 ++ ++ * inode.c: added support for chosing support for extended ++ attrs at compile time by XATTR define in mini_fo.h . ++ ++ * inode.c: fixed mini_fo_getattr to use mini_fo inode and not ++ lower again, what avoids inode number changes that confused ++ rm again. This is the proper solution. ++ ++2005-04-24 <mk@mary> ++ ++ * all files: updated Copyright notive to 2005. [devel-0-0-14] ++ ++ * inode.c: fixed mini_fo_getattr to not change the inode ++ number, even if lower files change. ++ ++ * super.c: fixed a bug that caused deleted base file to show ++ up suddenly after some time, or after creating a special ++ file. The problem was that after some time or after special ++ file creating sync_sb_inodes is called by the vfs, that ++ called our mini_fo_put_inode. There was (wrongly) called ++ __meta_put_lists, that nuked the lists, although the inode ++ was going to continue its life. Moving __meta_put_lists to ++ mini_fo_clear_inode, where an inode is really destroyed, ++ solved the problem. ++ ++ ++2005-04-23 <mk@mary> ++ ++ * state.c, aux.c: more cleaning up and ++ simplifications. [devel-0-0-13] ++ ++ * inode.c: implemented mini_fo_getattr, that was required for ++ 2.6 because inode_revalidate has been remove there, and the ++ old "du" bug returned. ++ ++ ++2005-04-20 <mk@mary> ++ ++ * aux.c: get_neg_sto_dentry(): allow to be called for dentries ++ in state UNMODIFIED, NON_EXISTANT _and_ DELETED. ++ ++2005-04-19 <mk@mary> ++ ++ * Fixed a bug under 2.6 that caused files deleted via mini_fo ++ not to be deleted properly and therefore the fs filled up ++ untill no memory was left. [devel-0-0-12] ++ ++ * Added basic hard link support. This means that creating ++ hardlinks will work, but existing ones will be treated as ++ individual files. [devel-0-0-11] ++ ++2005-04-17 <mk@mary> ++ ++ * Bugfixes ++ ++2005-04-13 root <mk@mary> ++ ++ * Added file state.c for the state transition ++ functions. Doesn't work very well yet, though... ++ ++2005-04-12 <mk@mary> ++ ++ * Porting to 2.6 started, which is easier than expected, also ++ due to Olivier previous work. ++ ++2005-04-08 <mk@mary> ++ ++ * Fixed the bug that caused du to return invalid sizes of ++ directory trees. The problem was that ++ mini_fo_inode_revalidate didn't always copy the attributes ++ from the base inode properly. ++ ++2005-04-01 Markus Klotzbuecher <mk@chasey> ++ ++ * Merged devel branch back to main trunk and updated the ++ RELEASE notes. This will be 0-6-0-pre1. ++ ++2005-03-31 Markus Klotzbuecher <mk@chasey> ++ ++ * Fixed some bugs in rename_reg_file, that only showed up in ++ the kernel compile test. Kernel compiles cleanly ontop of ++ mini_fo, now also make mrproper etc. work. Seems pretty stable. ++ ++2005-03-28 Markus Klotzbuecher <mk@chasey> ++ ++ * Many, many directory renaming bugfixes and a lot of other ++ cleanup. Dir renaming seems to work relatively stable. ++ ++2005-03-22 Markus Klotzbuecher <mk@chasey> ++ ++ * Finished implementing lightweight directory renaming. Some ++ basic testing indicates it works fine. ++ Next is to implement testcases for the testsuite and confirm ++ everything is really working ok. ++ ++2005-03-18 Markus Klotzbuecher <mk@chasey> ++ ++ * Finished implementing meta.c stuff required for directory ++ renaming. ++ ++2005-03-17 Markus Klotzbuecher <mk@chasey> ++ ++ * Fixed all compile warnings + an extremly old bug that ++ somehow crept in while reworking the wol stuff to the META ++ system. Turning on -Werror again... :-) ++ ++ * Fixed some bugs in the new rename_reg_file function. ++ ++ * Rewrote mini_fo rename and split it into several ++ subfunctions, that handle the different types ++ seperately. Rewrote the regular file function aswell, as it ++ was implemented somewhat inefficient. ++ ++2005-03-16 Markus Klotzbuecher <mk@chasey> ++ ++ * Implemented new META subsystem, removed old WOL stuff in favor ++ if it. ++ ++ * After some basic testing everything seems ok... ++ ++2005-03-11 Markus Klotzbuecher <mk@chasey> ++ ++ * Renaming a non regular file caused trouble because I always ++ tried to copy the contents. Now I only do this for regular ++ files. mini_fo_rename still isn't implemented properly, renaming ++ of device files, symlinks etc. results in a empty regular file ++ instead of the proper type. ++ ++ * Directory renaming suddenly works! What a surprise! I guess ++ this is because renaming is implemented as making a copy and ++ removing the original. Still this might not work ++ everywhere... ++ ++2005-03-09 Markus Klotzbuecher <mk@chasey> ++ ++ * Bugfix, when a mini_fo directory that exists in storage ++ (state: MODIFIED, CREATED and DEL_REWRITTEN) is deleted, a ++ possibly existing WOL file contained in it needs to be ++ deleted too. ++ ++ * Starting cleanup: defined state names in order to get rid of ++ the state numbers. ++ ++2005-03-08 Markus Klotzbuecher <mk@chasey> ++ ++ * Makefile fix, fist_ioctl was built against wrong sources if ARCH=um ++ ++ * Fixed a bug in dentry.c, mini_fo_d_hash. In state 4 = ++ DEL_REWRITTEN the hash was calculated from the base dentry, ++ which was wrong and and caused assertions in ++ __mini_fo_hidden_dentry to fail. ++ ++2005-02-21 <mk@mary> ++ ++ * Implemented directory deleting (inode.c) ++ ++ * main.c: made mini_fo_parse_options a little more robust. ++ ++2004-12-22 <mk@mary> ++ ++ * Makefile cleanup and uml stuff, removed unneccessary files ++ ++ * Created a new and hopefully more informative README ++ ++ * CHANGELOG: created a new CHANGELOG and added old entries reversely ++ ++ ++2004-10-24 Gleb Natapov <gleb@nbase.co.il> ++ ++ * Fix: owner and group where not correctly copied from base to ++ storage. ++ ++ ++2004-10-05 Gleb Natapov <gleb@nbase.co.il> ++ ++ * Implementation of fsync, fasync and lock mini_fo functions. ++ ++ ++2004-09-29 Bob Lee <bob@pantasys.com> ++ ++ * Fix of a serious pointer bug ++ ++ ++2004-09-28 Gleb Natapov <gleb@nbase.co.il> ++ ++ * Implementation of mini_fo_mknod and mini_fo_rename, support ++ for device files. ++ +--- /dev/null ++++ b/fs/mini_fo/dentry.c +@@ -0,0 +1,244 @@ ++/* ++ * Copyright (c) 1997-2003 Erez Zadok ++ * Copyright (c) 2001-2003 Stony Brook University ++ * ++ * For specific licensing information, see the COPYING file distributed with ++ * this package, or get one from ftp://ftp.filesystems.org/pub/fist/COPYING. ++ * ++ * This Copyright notice must be kept intact and distributed with all ++ * fistgen sources INCLUDING sources generated by fistgen. ++ */ ++/* ++ * Copyright (C) 2004, 2005 Markus Klotzbuecher <mk@creamnet.de> ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ */ ++ ++/* ++ * $Id$ ++ */ ++ ++#ifdef HAVE_CONFIG_H ++# include <config.h> ++#endif ++ ++#include "fist.h" ++#include "mini_fo.h" ++ ++/* ++ * THIS IS A BOOLEAN FUNCTION: returns 1 if valid, 0 otherwise. ++ */ ++STATIC int ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++mini_fo_d_revalidate(dentry_t *dentry, struct nameidata *nd) ++#else ++mini_fo_d_revalidate(dentry_t *dentry, int flags) ++#endif ++{ ++ int err1 = 1; /* valid = 1, invalid = 0 */ ++ int err2 = 1; ++ dentry_t *hidden_dentry; ++ dentry_t *hidden_sto_dentry; ++ ++ ++ check_mini_fo_dentry(dentry); ++ ++ hidden_dentry = dtohd(dentry); ++ hidden_sto_dentry = dtohd2(dentry); ++ ++ if(hidden_dentry && ++ hidden_dentry->d_op && ++ hidden_dentry->d_op->d_revalidate) { ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ err1 = hidden_dentry->d_op->d_revalidate(hidden_dentry, nd); ++#else ++ err1 = hidden_dentry->d_op->d_revalidate(hidden_dentry, flags); ++#endif ++ } ++ if(hidden_sto_dentry && ++ hidden_sto_dentry->d_op && ++ hidden_sto_dentry->d_op->d_revalidate) { ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ err2 = hidden_sto_dentry->d_op->d_revalidate(hidden_sto_dentry, ++ nd); ++#else ++ err2 = hidden_sto_dentry->d_op->d_revalidate(hidden_sto_dentry, ++ flags); ++#endif ++ } ++ ++ /* mk: if one of the lower level dentries are valid, ++ * the mini_fo dentry is too. ++ */ ++ return (err1 || err2); ++} ++ ++ ++STATIC int ++mini_fo_d_hash(dentry_t *dentry, qstr_t *name) ++{ ++ int err = 0; ++ dentry_t *hidden_dentry; ++ dentry_t *hidden_sto_dentry; ++ ++ /* hidden_dentry = mini_fo_hidden_dentry(dentry); ++ * hidden_sto_dentry = mini_fo_hidden_sto_dentry(dentry); */ ++ ++ /* state 1, 3, 4, 5: build the hash for the storage dentry */ ++ if((dtopd(dentry)->state == MODIFIED) || ++ (dtopd(dentry)->state == CREATED) || ++ (dtopd(dentry)->state == DEL_REWRITTEN) || ++ (dtopd(dentry)->state == DELETED)) { ++ hidden_sto_dentry = dtohd2(dentry); ++ if(hidden_sto_dentry && ++ hidden_sto_dentry->d_op && ++ hidden_sto_dentry->d_op->d_hash) { ++ err = hidden_sto_dentry->d_op->d_hash(hidden_sto_dentry, name); ++ } ++ goto out; ++ } ++ /* state 2: build the hash for the base dentry */ ++ if(dtopd(dentry)->state == UNMODIFIED) { ++ hidden_dentry = dtohd(dentry); ++ if(hidden_dentry && ++ hidden_dentry->d_op && ++ hidden_dentry->d_op->d_hash) { ++ err = hidden_dentry->d_op->d_hash(hidden_dentry, name); ++ } ++ goto out; ++ } ++ /* state 6: build hash for the dentry that exists */ ++ if(dtopd(dentry)->state == NON_EXISTANT) { ++ hidden_sto_dentry = dtohd2(dentry); ++ if(hidden_sto_dentry && ++ hidden_sto_dentry->d_op && ++ hidden_sto_dentry->d_op->d_hash) { ++ err = hidden_sto_dentry->d_op->d_hash(hidden_sto_dentry, name); ++ goto out; ++ } ++ hidden_dentry = dtohd(dentry); ++ if(hidden_dentry && ++ hidden_dentry->d_op && ++ hidden_dentry->d_op->d_hash) { ++ err = hidden_dentry->d_op->d_hash(hidden_dentry, name); ++ goto out; ++ } ++ } ++ ++ printk(KERN_CRIT "mini_fo: d_hash: invalid state detected.\n"); ++ ++ out: ++ return err; ++} ++ ++ ++STATIC int ++mini_fo_d_compare(dentry_t *dentry, qstr_t *a, qstr_t *b) ++{ ++ int err; ++ dentry_t *hidden_dentry=NULL; ++ ++ /* hidden_dentry = mini_fo_hidden_dentry(dentry); */ ++ if(dtohd2(dentry)) ++ hidden_dentry = dtohd2(dentry); ++ else if(dtohd(dentry)) ++ hidden_dentry = dtohd(dentry); ++ ++ if (hidden_dentry && hidden_dentry->d_op && hidden_dentry->d_op->d_compare) { ++ err = hidden_dentry->d_op->d_compare(hidden_dentry, a, b); ++ } else { ++ err = ((a->len != b->len) || memcmp(a->name, b->name, b->len)); ++ } ++ ++ return err; ++} ++ ++ ++int ++mini_fo_d_delete(dentry_t *dentry) ++{ ++ dentry_t *hidden_dentry; ++ dentry_t *hidden_sto_dentry; ++ int err = 0; ++ ++ /* this could be a negative dentry, so check first */ ++ if (!dtopd(dentry)) { ++ printk(KERN_CRIT "mini_fo_d_delete: negative dentry passed.\n"); ++ goto out; ++ } ++ hidden_dentry = dtohd(dentry); ++ hidden_sto_dentry = dtohd2(dentry); ++ ++ if(hidden_dentry) { ++ if(hidden_dentry->d_op && ++ hidden_dentry->d_op->d_delete) { ++ err = hidden_dentry->d_op->d_delete(hidden_dentry); ++ } ++ } ++ if(hidden_sto_dentry) { ++ if(hidden_sto_dentry->d_op && ++ hidden_sto_dentry->d_op->d_delete) { ++ err = hidden_sto_dentry->d_op->d_delete(hidden_sto_dentry); ++ } ++ } ++ ++ out: ++ return err; ++} ++ ++ ++void ++mini_fo_d_release(dentry_t *dentry) ++{ ++ dentry_t *hidden_dentry; ++ dentry_t *hidden_sto_dentry; ++ ++ ++ /* this could be a negative dentry, so check first */ ++ if (!dtopd(dentry)) { ++ printk(KERN_CRIT "mini_fo_d_release: no private data.\n"); ++ goto out; ++ } ++ hidden_dentry = dtohd(dentry); ++ hidden_sto_dentry = dtohd2(dentry); ++ ++ if(hidden_dentry) { ++ /* decrement hidden dentry's counter and free its inode */ ++ dput(hidden_dentry); ++ } ++ if(hidden_sto_dentry) { ++ /* decrement hidden dentry's counter and free its inode */ ++ dput(hidden_sto_dentry); ++ } ++ ++ /* free private data (mini_fo_dentry_info) here */ ++ kfree(dtopd(dentry)); ++ __dtopd(dentry) = NULL; /* just to be safe */ ++ out: ++ return; ++} ++ ++ ++/* ++ * we don't really need mini_fo_d_iput, because dentry_iput will call iput() if ++ * mini_fo_d_iput is not defined. We left this implemented for ease of ++ * tracing/debugging. ++ */ ++void ++mini_fo_d_iput(dentry_t *dentry, inode_t *inode) ++{ ++ iput(inode); ++} ++ ++ ++struct dentry_operations mini_fo_dops = { ++ d_revalidate: mini_fo_d_revalidate, ++ d_hash: mini_fo_d_hash, ++ d_compare: mini_fo_d_compare, ++ d_release: mini_fo_d_release, ++ d_delete: mini_fo_d_delete, ++ d_iput: mini_fo_d_iput, ++}; +--- /dev/null ++++ b/fs/mini_fo/file.c +@@ -0,0 +1,713 @@ ++/* ++ * Copyright (c) 1997-2003 Erez Zadok ++ * Copyright (c) 2001-2003 Stony Brook University ++ * ++ * For specific licensing information, see the COPYING file distributed with ++ * this package, or get one from ftp://ftp.filesystems.org/pub/fist/COPYING. ++ * ++ * This Copyright notice must be kept intact and distributed with all ++ * fistgen sources INCLUDING sources generated by fistgen. ++ */ ++/* ++ * Copyright (C) 2004, 2005 Markus Klotzbuecher <mk@creamnet.de> ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ */ ++ ++/* ++ * $Id$ ++ */ ++ ++#ifdef HAVE_CONFIG_H ++# include <config.h> ++#endif ++ ++#include "fist.h" ++#include "mini_fo.h" ++#define ROUND_UP(x) (((x)+sizeof(long)-1) & ~(sizeof(long)-1)) ++ ++/******************* ++ * File Operations * ++ *******************/ ++ ++STATIC loff_t ++mini_fo_llseek(file_t *file, loff_t offset, int origin) ++{ ++ loff_t err; ++ file_t *hidden_file = NULL; ++ ++ if(S_ISDIR(file->f_dentry->d_inode->i_mode)) { ++ /* Check if trying to llseek from a directory */ ++ err = -EISDIR; ++ goto out; ++ } ++ if (ftopd(file) != NULL) { ++ if(ftohf2(file)) { ++ hidden_file = ftohf2(file); ++ } else { ++ hidden_file = ftohf(file); ++ } ++ } ++ ++ /* always set hidden position to this one */ ++ hidden_file->f_pos = file->f_pos; ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ memcpy(&(hidden_file->f_ra), ++ &(file->f_ra), ++ sizeof(struct file_ra_state)); ++#else ++ if (file->f_reada) { /* update readahead information if needed */ ++ hidden_file->f_reada = file->f_reada; ++ hidden_file->f_ramax = file->f_ramax; ++ hidden_file->f_raend = file->f_raend; ++ hidden_file->f_ralen = file->f_ralen; ++ hidden_file->f_rawin = file->f_rawin; ++ } ++#endif ++ if (hidden_file->f_op && hidden_file->f_op->llseek) ++ err = hidden_file->f_op->llseek(hidden_file, offset, origin); ++ else ++ err = generic_file_llseek(hidden_file, offset, origin); ++ ++ if (err < 0) ++ goto out; ++ ++ if (err != file->f_pos) { ++ file->f_pos = err; ++ // ION maybe this? ++ // file->f_pos = hidden_file->f_pos; ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ file->f_reada = 0; ++#endif ++ file->f_version++; ++ } ++ ++ out: ++ return err; ++} ++ ++ ++/* mk: fanout capable */ ++STATIC ssize_t ++mini_fo_read(file_t *file, char *buf, size_t count, loff_t *ppos) ++{ ++ int err = -EINVAL; ++ file_t *hidden_file = NULL; ++ loff_t pos = *ppos; ++ ++ if(S_ISDIR(file->f_dentry->d_inode->i_mode)) { ++ /* Check if trying to read from a directory */ ++ /* printk(KERN_CRIT "mini_fo_read: ERROR: trying to read data from a directory.\n"); */ ++ err = -EISDIR; ++ goto out; ++ } ++ ++ if (ftopd(file) != NULL) { ++ if(ftohf2(file)) { ++ hidden_file = ftohf2(file); ++ } else { ++ hidden_file = ftohf(file); ++ } ++ } ++ ++ if (!hidden_file->f_op || !hidden_file->f_op->read) ++ goto out; ++ ++ err = hidden_file->f_op->read(hidden_file, buf, count, &pos); ++ *ppos = pos; ++ ++ if (err >= 0) { ++ /* atime should also be updated for reads of size zero or more */ ++ fist_copy_attr_atime(file->f_dentry->d_inode, ++ hidden_file->f_dentry->d_inode); ++ } ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ /* ++ * MAJOR HACK ++ * because pread() does not have any way to tell us that it is ++ * our caller, then we don't know for sure if we have to update ++ * the file positions. This hack relies on read() having passed us ++ * the "real" pointer of its struct file's f_pos field. ++ */ ++ if (ppos == &file->f_pos) ++ hidden_file->f_pos = *ppos = pos; ++ if (hidden_file->f_reada) { /* update readahead information if needed */ ++ file->f_reada = hidden_file->f_reada; ++ file->f_ramax = hidden_file->f_ramax; ++ file->f_raend = hidden_file->f_raend; ++ file->f_ralen = hidden_file->f_ralen; ++ file->f_rawin = hidden_file->f_rawin; ++ } ++#else ++ memcpy(&(file->f_ra),&(hidden_file->f_ra),sizeof(struct file_ra_state)); ++#endif ++ ++ out: ++ return err; ++} ++ ++ ++/* this mini_fo_write() does not modify data pages! */ ++STATIC ssize_t ++mini_fo_write(file_t *file, const char *buf, size_t count, loff_t *ppos) ++{ ++ int err = -EINVAL; ++ file_t *hidden_file = NULL; ++ inode_t *inode; ++ inode_t *hidden_inode; ++ loff_t pos = *ppos; ++ ++ /* mk: fan out: */ ++ if (ftopd(file) != NULL) { ++ if(ftohf2(file)) { ++ hidden_file = ftohf2(file); ++ } else { ++ /* This is bad! We have no storage file to write to. This ++ * should never happen because if a file is opened for ++ * writing, a copy should have been made earlier. ++ */ ++ printk(KERN_CRIT "mini_fo: write : ERROR, no storage file to write.\n"); ++ err = -EINVAL; ++ goto out; ++ } ++ } ++ ++ inode = file->f_dentry->d_inode; ++ hidden_inode = itohi2(inode); ++ if(!hidden_inode) { ++ printk(KERN_CRIT "mini_fo: write: no sto inode found, not good.\n"); ++ goto out; ++ } ++ ++ if (!hidden_file->f_op || !hidden_file->f_op->write) ++ goto out; ++ ++ /* adjust for append -- seek to the end of the file */ ++ if (file->f_flags & O_APPEND) ++ pos = inode->i_size; ++ ++ err = hidden_file->f_op->write(hidden_file, buf, count, &pos); ++ ++ /* ++ * copy ctime and mtime from lower layer attributes ++ * atime is unchanged for both layers ++ */ ++ if (err >= 0) ++ fist_copy_attr_times(inode, hidden_inode); ++ ++ *ppos = pos; ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ /* ++ * XXX: MAJOR HACK ++ * ++ * because pwrite() does not have any way to tell us that it is ++ * our caller, then we don't know for sure if we have to update ++ * the file positions. This hack relies on write() having passed us ++ * the "real" pointer of its struct file's f_pos field. ++ */ ++ if (ppos == &file->f_pos) ++ hidden_file->f_pos = *ppos = pos; ++#endif ++ /* update this inode's size */ ++ if (pos > inode->i_size) ++ inode->i_size = pos; ++ ++ out: ++ return err; ++} ++ ++/* Global variable to hold a file_t pointer. ++ * This serves to allow mini_fo_filldir function to know which file is ++ * beeing read, which is required for two reasons: ++ * ++ * - be able to call wol functions in order to avoid listing deleted ++ * base files. ++ * - if we're reading a directory which is in state 1, we need to ++ * maintain a list (in mini_fo_filldir) of which files allready ++ * have been copied to userspace,to detect files existing in base ++ * and storage and not list them twice. ++ */ ++filldir_t mini_fo_filldir_orig; ++file_t *mini_fo_filldir_file; ++ ++/* mainly copied from fs/readdir.c */ ++STATIC int ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18) ++mini_fo_filldir(void * __buf, const char * name, int namlen, loff_t offset, ++ u64 ino, unsigned int d_type) ++#else ++mini_fo_filldir(void * __buf, const char * name, int namlen, loff_t offset, ++ ino_t ino, unsigned int d_type) ++#endif ++{ ++ struct getdents_callback * buf = (struct getdents_callback *) __buf; ++ file_t* file = mini_fo_filldir_file; ++ ++ /* In theses states we filter meta files in storage (WOL) */ ++ if(file && (dtopd(file->f_dentry)->state == MODIFIED || ++ dtopd(file->f_dentry)->state == CREATED || ++ dtopd(file->f_dentry)->state == DEL_REWRITTEN)) { ++ ++ int tmp = strlen(META_FILENAME); ++ if(tmp == namlen) { ++ if(!strncmp(name, META_FILENAME, namlen)) ++ return 0; ++ } ++ } ++ ++ /* check if we are merging the contents of storage and base */ ++ if(file && dtopd(file->f_dentry)->state == MODIFIED) { ++ /* check if we are still reading storage contents, if ++ * yes, we just save the name of the file for duplicate ++ * checking later. */ ++ ++ if(!ftopd(file)->rd.sto_done) { ++ /* put file into ndl list */ ++ if(ndl_add_entry(&ftopd(file)->rd, name, namlen)) ++ printk(KERN_CRIT "mini_fo_filldir: Error adding to ndl.\n"); ++ } else { ++ /* check if file has been deleted */ ++ if(meta_check_d_entry(file->f_dentry, name, namlen)) ++ return 0; ++ ++ /* do duplicate checking */ ++ if(ndl_check_entry(&ftopd(file)->rd, name, namlen)) ++ return 0; ++ } ++ } ++ ++ return mini_fo_filldir_orig(buf, name, namlen, offset, ino, d_type); ++} ++ ++ ++STATIC int ++mini_fo_readdir(file_t *file, void *dirent, filldir_t filldir) ++{ ++ int err = 0;/* mk: ??? -ENOTDIR; */ ++ file_t *hidden_file = NULL; ++ file_t *hidden_sto_file = NULL; ++ inode_t *inode; ++ struct getdents_callback *buf; ++ int oldcount; ++ ++#if defined(FIST_FILTER_NAME) || defined(FIST_FILTER_SCA) ++ struct mini_fo_getdents_callback buf; ++#endif /* FIST_FILTER_NAME || FIST_FILTER_SCA */ ++ ++ buf = (struct getdents_callback *) dirent; ++ oldcount = buf->count; ++ inode = file->f_dentry->d_inode; ++ mini_fo_filldir_file = file; ++ mini_fo_filldir_orig = filldir; ++ ++ ftopd(file)->rd.sto_done = 0; ++ do { ++ if (ftopd(file) != NULL) { ++ if(ftohf2(file)) { ++ hidden_sto_file = ftohf2(file); ++ err = vfs_readdir(hidden_sto_file, mini_fo_filldir, dirent); ++ file->f_pos = hidden_sto_file->f_pos; ++ if (err > 0) ++ fist_copy_attr_atime(inode, hidden_sto_file->f_dentry->d_inode); ++ /* not finshed yet, we'll be called again */ ++ if (buf->count != oldcount) ++ break; ++ } ++ ++ ftopd(file)->rd.sto_done = 1; ++ ++ if(ftohf(file)) { ++ hidden_file = ftohf(file); ++ err = vfs_readdir(hidden_file, mini_fo_filldir, dirent); ++ file->f_pos = hidden_file->f_pos; ++ if (err > 0) ++ fist_copy_attr_atime(inode, hidden_file->f_dentry->d_inode); ++ } ++ ++ } ++ } while (0); ++ ++ /* mk: ++ * we need to check if all the directory data has been copied to userspace, ++ * or if we will be called again by userspace to complete the operation. ++ */ ++ if(buf->count == oldcount) { ++ ndl_put_list(&ftopd(file)->rd); ++ } ++ ++ /* unset this, safe */ ++ mini_fo_filldir_file = NULL; ++ return err; ++} ++ ++ ++STATIC unsigned int ++mini_fo_poll(file_t *file, poll_table *wait) ++{ ++ unsigned int mask = DEFAULT_POLLMASK; ++ file_t *hidden_file = NULL; ++ ++ if (ftopd(file) != NULL) { ++ if(ftohf2(file)) { ++ hidden_file = ftohf2(file); ++ } else { ++ hidden_file = ftohf(file); ++ } ++ } ++ ++ if (!hidden_file->f_op || !hidden_file->f_op->poll) ++ goto out; ++ ++ mask = hidden_file->f_op->poll(hidden_file, wait); ++ ++ out: ++ return mask; ++} ++ ++/* FIST-LITE special version of mmap */ ++STATIC int ++mini_fo_mmap(file_t *file, vm_area_t *vma) ++{ ++ int err = 0; ++ file_t *hidden_file = NULL; ++ ++ /* fanout capability */ ++ if (ftopd(file) != NULL) { ++ if(ftohf2(file)) { ++ hidden_file = ftohf2(file); ++ } else { ++ hidden_file = ftohf(file); ++ } ++ } ++ ++ ASSERT(hidden_file != NULL); ++ ASSERT(hidden_file->f_op != NULL); ++ ASSERT(hidden_file->f_op->mmap != NULL); ++ ++ vma->vm_file = hidden_file; ++ err = hidden_file->f_op->mmap(hidden_file, vma); ++ get_file(hidden_file); /* make sure it doesn't get freed on us */ ++ fput(file); /* no need to keep extra ref on ours */ ++ ++ return err; ++} ++ ++ ++ ++STATIC int ++mini_fo_open(inode_t *inode, file_t *file) ++{ ++ int err = 0; ++ int hidden_flags; ++ file_t *hidden_file = NULL; ++ dentry_t *hidden_dentry = NULL; ++ ++ /* fanout stuff */ ++ file_t *hidden_sto_file = NULL; ++ dentry_t *hidden_sto_dentry = NULL; ++ ++ __ftopd(file) = ++ kmalloc(sizeof(struct mini_fo_file_info), GFP_KERNEL); ++ if (!ftopd(file)) { ++ err = -ENOMEM; ++ goto out; ++ } ++ ++ /* init the readdir_helper structure */ ++ INIT_LIST_HEAD(&ftopd(file)->rd.ndl_list); ++ ftopd(file)->rd.ndl_size = 0; ++ ++ /* In certain paths this could stay uninitalized and cause trouble */ ++ ftohf(file) = NULL; ++ ftohf2(file) = NULL; ++ hidden_flags = file->f_flags; ++ ++ /* create storage files? */ ++ if(dtost(file->f_dentry) == UNMODIFIED) { ++ if(!IS_WRITE_FLAG(file->f_flags)) { ++ hidden_dentry = dtohd(file->f_dentry); ++ dget(hidden_dentry); ++ /* dentry_open will decrement mnt refcnt if err. ++ * otherwise fput() will do an mntput() for us upon file close. */ ++ mntget(stopd(inode->i_sb)->hidden_mnt); ++ hidden_file = dentry_open(hidden_dentry, ++ stopd(inode->i_sb)->hidden_mnt, ++ hidden_flags); ++ if (IS_ERR(hidden_file)) { ++ err = PTR_ERR(hidden_file); ++ dput(hidden_dentry); ++ goto out; ++ } ++ ftohf(file) = hidden_file; /* link two files */ ++ goto out; ++ } ++ else { ++ if(S_ISDIR(file->f_dentry->d_inode->i_mode)) { ++ err = dir_unmod_to_mod(file->f_dentry); ++ } else ++ err = nondir_unmod_to_mod(file->f_dentry, 1); ++ ++ if (err) { ++ printk("mini_fo_open: ERROR creating storage file.\n"); ++ goto out; ++ } ++ } ++ } ++ hidden_sto_dentry = dtohd2(file->f_dentry); ++ dget(hidden_sto_dentry); ++ ++ if(dtopd(file->f_dentry)->state == MODIFIED) { ++ /* Directorys are special, interpose on both lower level files */ ++ if(S_ISDIR(itohi(inode)->i_mode)) { ++ /* check for invalid file types of lower level files */ ++ if(!(S_ISDIR(itohi(inode)->i_mode) && S_ISDIR(itohi2(inode)->i_mode))) { ++ printk(KERN_CRIT "mini_fo_open: meta data corruption detected.\n"); ++ dput(hidden_sto_dentry); ++ err = -EINVAL; ++ goto out; ++ } ++ ++ /* lower level directorys are ok, open the base file */ ++ hidden_dentry = dtohd(file->f_dentry); ++ dget(hidden_dentry); ++ ++ mntget(stopd(inode->i_sb)->hidden_mnt); ++ hidden_file = dentry_open(hidden_dentry, ++ stopd(inode->i_sb)->hidden_mnt, ++ hidden_flags); ++ if (IS_ERR(hidden_file)) { ++ err = PTR_ERR(hidden_file); ++ dput(hidden_dentry); ++ dput(hidden_sto_dentry); ++ goto out; ++ } ++ ftohf(file) = hidden_file; /* link the two files */ ++ } ++ } ++ ++ if(!exists_in_storage(file->f_dentry)) { ++ printk(KERN_CRIT "mini_fo_open: invalid file state detected.\n"); ++ err = -EINVAL; ++ dput(hidden_sto_dentry); ++ ++ /* If the base file has been opened, we need to close it here */ ++ if(ftohf(file)) { ++ if (hidden_file->f_op && hidden_file->f_op->flush) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18) ++ hidden_file->f_op->flush(hidden_file, NULL); ++#else ++ hidden_file->f_op->flush(hidden_file); ++#endif ++ dput(hidden_dentry); ++ } ++ goto out; ++ } ++ ++ /* ok, now we can safely open the storage file */ ++ mntget(stopd(inode->i_sb)->hidden_mnt2); ++ hidden_sto_file = dentry_open(hidden_sto_dentry, ++ stopd(inode->i_sb)->hidden_mnt2, ++ hidden_flags); ++ ++ /* dentry_open dputs the dentry if it fails */ ++ if (IS_ERR(hidden_sto_file)) { ++ err = PTR_ERR(hidden_sto_file); ++ /* close base file if open */ ++ if(ftohf(file)) { ++ if (hidden_file->f_op && hidden_file->f_op->flush) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18) ++ hidden_file->f_op->flush(hidden_file, NULL); ++#else ++ hidden_file->f_op->flush(hidden_file); ++#endif ++ dput(hidden_dentry); ++ } ++ goto out; ++ } ++ ftohf2(file) = hidden_sto_file; /* link storage file */ ++ ++ out: ++ if (err < 0 && ftopd(file)) { ++ kfree(ftopd(file)); ++ } ++ return err; ++} ++ ++STATIC int ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18) ++mini_fo_flush(file_t *file, fl_owner_t id) ++#else ++mini_fo_flush(file_t *file) ++#endif ++{ ++ int err1 = 0; /* assume ok (see open.c:close_fp) */ ++ int err2 = 0; ++ file_t *hidden_file = NULL; ++ ++ check_mini_fo_file(file); ++ ++ /* mk: we don't do any state checking here, as its not worth the time. ++ * Just flush the lower level files if they exist. ++ */ ++ if(ftopd(file) != NULL) { ++ if(ftohf(file) != NULL) { ++ hidden_file = ftohf(file); ++ if (hidden_file->f_op && hidden_file->f_op->flush) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18) ++ err1 = hidden_file->f_op->flush(hidden_file, id); ++#else ++ err1 = hidden_file->f_op->flush(hidden_file); ++#endif ++ } ++ if(ftohf2(file) != NULL) { ++ hidden_file = ftohf2(file); ++ if (hidden_file->f_op && hidden_file->f_op->flush) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18) ++ err2 = hidden_file->f_op->flush(hidden_file, id); ++#else ++ err2 = hidden_file->f_op->flush(hidden_file); ++#endif ++ } ++ } ++ return (err1 | err2); ++} ++ ++ ++STATIC int ++mini_fo_release(inode_t *inode, file_t *file) ++{ ++ int err = 0; ++ file_t *hidden_file = NULL; ++ ++ if (ftopd(file) != NULL) { ++ if(ftohf(file)) { ++ hidden_file = ftohf(file); ++ fput(hidden_file); ++ } ++ if(ftohf2(file)) { ++ hidden_file = ftohf2(file); ++ fput(hidden_file); ++ } ++ kfree(ftopd(file)); ++ } ++ return err; ++} ++ ++STATIC int ++mini_fo_fsync(file_t *file, dentry_t *dentry, int datasync) ++{ ++ int err1 = 0; ++ int err2 = 0; ++ file_t *hidden_file = NULL; ++ dentry_t *hidden_dentry; ++ ++ check_mini_fo_file(file); ++ ++ if ((hidden_file = ftohf(file)) != NULL) { ++ hidden_dentry = dtohd(dentry); ++ if (hidden_file->f_op && hidden_file->f_op->fsync) { ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_dentry->d_inode->i_mutex); ++#else ++ down(&hidden_dentry->d_inode->i_sem); ++#endif ++ err1 = hidden_file->f_op->fsync(hidden_file, hidden_dentry, datasync); ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&hidden_dentry->d_inode->i_mutex); ++#else ++ up(&hidden_dentry->d_inode->i_sem); ++#endif ++ } ++ } ++ ++ if ((hidden_file = ftohf2(file)) != NULL) { ++ hidden_dentry = dtohd2(dentry); ++ if (hidden_file->f_op && hidden_file->f_op->fsync) { ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_dentry->d_inode->i_mutex); ++#else ++ down(&hidden_dentry->d_inode->i_sem); ++#endif ++ err2 = hidden_file->f_op->fsync(hidden_file, hidden_dentry, datasync); ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&hidden_dentry->d_inode->i_mutex); ++#else ++ up(&hidden_dentry->d_inode->i_sem); ++#endif ++ } ++ } ++ else ++ goto err; ++ ++err: ++ return (err1 || err2); ++} ++ ++ ++STATIC int ++mini_fo_fasync(int fd, file_t *file, int flag) ++{ ++ int err1 = 0; ++ int err2 = 0; ++ ++ file_t *hidden_file = NULL; ++ ++ check_mini_fo_file(file); ++ ++ if((hidden_file = ftohf(file)) != NULL) { ++ err1 = hidden_file->f_op->fasync(fd, hidden_file, flag); ++ } ++ if((hidden_file = ftohf2(file)) != NULL) { ++ err2 = hidden_file->f_op->fasync(fd, hidden_file, flag); ++ } ++ ++ return (err1 || err2); ++} ++ ++ ++ ++struct file_operations mini_fo_dir_fops = ++ { ++ read: generic_read_dir, ++ write: mini_fo_write, ++ readdir: mini_fo_readdir, ++ poll: mini_fo_poll, ++ /* ioctl: mini_fo_ioctl, */ ++ mmap: mini_fo_mmap, ++ open: mini_fo_open, ++ flush: mini_fo_flush, ++ release: mini_fo_release, ++ fsync: mini_fo_fsync, ++ fasync: mini_fo_fasync, ++ /* not needed lock: mini_fo_lock, */ ++ /* not needed: readv */ ++ /* not needed: writev */ ++ /* not implemented: sendpage */ ++ /* not implemented: get_unmapped_area */ ++ }; ++ ++struct file_operations mini_fo_main_fops = ++ { ++ llseek: mini_fo_llseek, ++ read: mini_fo_read, ++ write: mini_fo_write, ++ readdir: mini_fo_readdir, ++ poll: mini_fo_poll, ++ /* ioctl: mini_fo_ioctl, */ ++ mmap: mini_fo_mmap, ++ open: mini_fo_open, ++ flush: mini_fo_flush, ++ release: mini_fo_release, ++ fsync: mini_fo_fsync, ++ fasync: mini_fo_fasync, ++ /* not needed: lock: mini_fo_lock, */ ++ /* not needed: readv */ ++ /* not needed: writev */ ++ /* not implemented: sendpage */ ++ /* not implemented: get_unmapped_area */ ++ }; +--- /dev/null ++++ b/fs/mini_fo/fist.h +@@ -0,0 +1,252 @@ ++/* ++ * Copyright (c) 1997-2003 Erez Zadok ++ * Copyright (c) 2001-2003 Stony Brook University ++ * ++ * For specific licensing information, see the COPYING file distributed with ++ * this package, or get one from ftp://ftp.filesystems.org/pub/fist/COPYING. ++ * ++ * This Copyright notice must be kept intact and distributed with all ++ * fistgen sources INCLUDING sources generated by fistgen. ++ */ ++/* ++ * Copyright (C) 2004, 2005 Markus Klotzbuecher <mk@creamnet.de> ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ */ ++ ++ ++/* ++ * $Id$ ++ */ ++ ++#ifndef __FIST_H_ ++#define __FIST_H_ ++ ++/* ++ * KERNEL ONLY CODE: ++ */ ++#ifdef __KERNEL__ ++#include <linux/version.h> ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) ++#include <linux/autoconf.h> ++#else ++#include <linux/config.h> ++#endif ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++#ifdef CONFIG_MODVERSIONS ++# define MODVERSIONS ++# include <linux/modversions.h> ++#endif /* CONFIG_MODVERSIONS */ ++#endif /* KERNEL_VERSION < 2.6.0 */ ++#include <linux/sched.h> ++#include <linux/kernel.h> ++#include <linux/mm.h> ++#include <linux/string.h> ++#include <linux/stat.h> ++#include <linux/errno.h> ++#include <linux/wait.h> ++#include <linux/limits.h> ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++#include <linux/locks.h> ++#else ++#include <linux/buffer_head.h> ++#include <linux/pagemap.h> ++#include <linux/namei.h> ++#include <linux/module.h> ++#include <linux/mount.h> ++#include <linux/page-flags.h> ++#include <linux/writeback.h> ++#include <linux/statfs.h> ++#endif ++#include <linux/smp.h> ++#include <linux/smp_lock.h> ++#include <linux/file.h> ++#include <linux/slab.h> ++#include <linux/vmalloc.h> ++#include <linux/poll.h> ++#include <linux/list.h> ++#include <linux/init.h> ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,20) ++#include <linux/xattr.h> ++#endif ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++#include <linux/security.h> ++#endif ++ ++#include <linux/swap.h> ++ ++#include <asm/system.h> ++/* #include <asm/segment.h> */ ++#include <asm/mman.h> ++#include <linux/seq_file.h> ++ ++/* ++ * MACROS: ++ */ ++ ++/* those mapped to ATTR_* were copied from linux/fs.h */ ++#define FA_MODE ATTR_MODE ++#define FA_UID ATTR_UID ++#define FA_GID ATTR_GID ++#define FA_SIZE ATTR_SIZE ++#define FA_ATIME ATTR_ATIME ++#define FA_MTIME ATTR_MTIME ++#define FA_CTIME ATTR_CTIME ++#define FA_ATIME_SET ATTR_ATIME_SET ++#define FA_MTIME_SET ATTR_MTIME_SET ++#define FA_FORCE ATTR_FORCE ++#define FA_ATTR_FLAGS ATTR_ATTR_FLAG ++ ++/* must be greater than all other ATTR_* flags! */ ++#define FA_NLINK 2048 ++#define FA_BLKSIZE 4096 ++#define FA_BLOCKS 8192 ++#define FA_TIMES (FA_ATIME|FA_MTIME|FA_CTIME) ++#define FA_ALL 0 ++ ++/* macros to manage changes between kernels */ ++#define INODE_DATA(i) (&(i)->i_data) ++ ++#define MIN(x,y) ((x < y) ? (x) : (y)) ++#define MAX(x,y) ((x > y) ? (x) : (y)) ++#define MAXPATHLEN PATH_MAX ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,4,5) ++# define lookup_one_len(a,b,c) lookup_one(a,b) ++#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(2,4,5) */ ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,4,8) ++# define generic_file_llseek default_llseek ++#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(2,4,8) */ ++ ++#ifndef SEEK_SET ++# define SEEK_SET 0 ++#endif /* not SEEK_SET */ ++ ++#ifndef SEEK_CUR ++# define SEEK_CUR 1 ++#endif /* not SEEK_CUR */ ++ ++#ifndef SEEK_END ++# define SEEK_END 2 ++#endif /* not SEEK_END */ ++ ++#ifndef DEFAULT_POLLMASK ++# define DEFAULT_POLLMASK (POLLIN | POLLOUT | POLLRDNORM | POLLWRNORM) ++#endif /* not DEFAULT_POLLMASK */ ++ ++/* XXX: fix this so fistgen generates kfree() code directly */ ++#define kfree_s(a,b) kfree(a) ++ ++/* ++ * TYPEDEFS: ++ */ ++typedef struct dentry dentry_t; ++typedef struct file file_t; ++typedef struct inode inode_t; ++typedef inode_t vnode_t; ++typedef struct page page_t; ++typedef struct qstr qstr_t; ++typedef struct super_block super_block_t; ++typedef super_block_t vfs_t; ++typedef struct vm_area_struct vm_area_t; ++ ++ ++/* ++ * EXTERNALS: ++ */ ++ ++#define FPPF(str,page) printk("PPF %s 0x%x/%d: Lck:%d Err:%d Ref:%d Upd:%d Other::%d:%d:%d:%d:\n", \ ++ str, \ ++ (int) page, \ ++ (int) page->index, \ ++ (PageLocked(page) ? 1 : 0), \ ++ (PageError(page) ? 1 : 0), \ ++ (PageReferenced(page) ? 1 : 0), \ ++ (Page_Uptodate(page) ? 1 : 0), \ ++ (PageDecrAfter(page) ? 1 : 0), \ ++ (PageSlab(page) ? 1 : 0), \ ++ (PageSwapCache(page) ? 1 : 0), \ ++ (PageReserved(page) ? 1 : 0) \ ++ ) ++#define EZKDBG printk("EZK %s:%d:%s\n",__FILE__,__LINE__,__FUNCTION__) ++#if 0 ++# define EZKDBG1 printk("EZK %s:%d\n",__FILE__,__LINE__) ++#else ++# define EZKDBG1 ++#endif ++ ++extern int fist_get_debug_value(void); ++extern int fist_set_debug_value(int val); ++#if 0 /* mini_fo doesn't need these */ ++extern void fist_dprint_internal(int level, char *str,...); ++extern void fist_print_dentry(char *str, const dentry_t *dentry); ++extern void fist_print_inode(char *str, const inode_t *inode); ++extern void fist_print_file(char *str, const file_t *file); ++extern void fist_print_buffer_flags(char *str, struct buffer_head *buffer); ++extern void fist_print_page_flags(char *str, page_t *page); ++extern void fist_print_page_bytes(char *str, page_t *page); ++extern void fist_print_pte_flags(char *str, const page_t *page); ++extern void fist_checkinode(inode_t *inode, char *msg); ++extern void fist_print_sb(char *str, const super_block_t *sb); ++ ++/* §$% by mk: special debug functions */ ++extern void fist_mk_print_dentry(char *str, const dentry_t *dentry); ++extern void fist_mk_print_inode(char *str, const inode_t *inode); ++ ++extern char *add_indent(void); ++extern char *del_indent(void); ++#endif/* mini_fo doesn't need these */ ++ ++ ++#define STATIC ++#define ASSERT(EX) \ ++do { \ ++ if (!(EX)) { \ ++ printk(KERN_CRIT "ASSERTION FAILED: %s at %s:%d (%s)\n", #EX, \ ++ __FILE__, __LINE__, __FUNCTION__); \ ++ (*((char *)0))=0; \ ++ } \ ++} while (0) ++/* same ASSERT, but tell me who was the caller of the function */ ++#define ASSERT2(EX) \ ++do { \ ++ if (!(EX)) { \ ++ printk(KERN_CRIT "ASSERTION FAILED (caller): %s at %s:%d (%s)\n", #EX, \ ++ file, line, func); \ ++ (*((char *)0))=0; \ ++ } \ ++} while (0) ++ ++#if 0 /* mini_fo doesn't need these */ ++#define dprintk(format, args...) printk(KERN_DEBUG format, ##args) ++#define fist_dprint(level, str, args...) fist_dprint_internal(level, KERN_DEBUG str, ## args) ++#define print_entry_location() fist_dprint(4, "%sIN: %s %s:%d\n", add_indent(), __FUNCTION__, __FILE__, __LINE__) ++#define print_exit_location() fist_dprint(4, "%s OUT: %s %s:%d\n", del_indent(), __FUNCTION__, __FILE__, __LINE__) ++#define print_exit_status(status) fist_dprint(4, "%s OUT: %s %s:%d, STATUS: %d\n", del_indent(), __FUNCTION__, __FILE__, __LINE__, status) ++#define print_exit_pointer(status) \ ++do { \ ++ if (IS_ERR(status)) \ ++ fist_dprint(4, "%s OUT: %s %s:%d, RESULT: %ld\n", del_indent(), __FUNCTION__, __FILE__, __LINE__, PTR_ERR(status)); \ ++ else \ ++ fist_dprint(4, "%s OUT: %s %s:%d, RESULT: 0x%x\n", del_indent(), __FUNCTION__, __FILE__, __LINE__, PTR_ERR(status)); \ ++} while (0) ++#endif/* mini_fo doesn't need these */ ++ ++#endif /* __KERNEL__ */ ++ ++ ++/* ++ * DEFINITIONS FOR USER AND KERNEL CODE: ++ * (Note: ioctl numbers 1--9 are reserved for fistgen, the rest ++ * are auto-generated automatically based on the user's .fist file.) ++ */ ++# define FIST_IOCTL_GET_DEBUG_VALUE _IOR(0x15, 1, int) ++# define FIST_IOCTL_SET_DEBUG_VALUE _IOW(0x15, 2, int) ++ ++#endif /* not __FIST_H_ */ +--- /dev/null ++++ b/fs/mini_fo/inode.c +@@ -0,0 +1,1564 @@ ++/* ++ * Copyright (c) 1997-2003 Erez Zadok ++ * Copyright (c) 2001-2003 Stony Brook University ++ * ++ * For specific licensing information, see the COPYING file distributed with ++ * this package, or get one from ftp://ftp.filesystems.org/pub/fist/COPYING. ++ * ++ * This Copyright notice must be kept intact and distributed with all ++ * fistgen sources INCLUDING sources generated by fistgen. ++ */ ++/* ++ * Copyright (C) 2004, 2005 Markus Klotzbuecher <mk@creamnet.de> ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ */ ++ ++/* ++ * $Id$ ++ */ ++ ++#ifdef HAVE_CONFIG_H ++# include <config.h> ++#endif ++ ++#include "fist.h" ++#include "mini_fo.h" ++ ++STATIC int ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++mini_fo_create(inode_t *dir, dentry_t *dentry, int mode, struct nameidata *nd) ++#else ++mini_fo_create(inode_t *dir, dentry_t *dentry, int mode) ++#endif ++{ ++ int err = 0; ++ ++ check_mini_fo_dentry(dentry); ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ err = create_sto_reg_file(dentry, mode, nd); ++#else ++ err = create_sto_reg_file(dentry, mode); ++#endif ++ check_mini_fo_dentry(dentry); ++ return err; ++} ++ ++ ++STATIC dentry_t * ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++mini_fo_lookup(inode_t *dir, dentry_t *dentry, struct nameidata* nd) ++#else ++mini_fo_lookup(inode_t *dir, dentry_t *dentry) ++#endif ++{ ++ int err = 0; ++ dentry_t *hidden_dir_dentry; ++ dentry_t *hidden_dentry = NULL; ++ ++ dentry_t *hidden_sto_dir_dentry; ++ dentry_t *hidden_sto_dentry = NULL; ++ ++ /* whiteout flag */ ++ int del_flag = 0; ++ char *bpath = NULL; ++ ++ const char *name; ++ unsigned int namelen; ++ ++ /* Don't allow lookups of META-files */ ++ namelen = strlen(META_FILENAME); ++ if(namelen == dentry->d_name.len) { ++ if(!strncmp(dentry->d_name.name, META_FILENAME, namelen)) { ++ err = -ENOENT; ++ goto out; ++ } ++ } ++ ++ hidden_dir_dentry = dtohd(dentry->d_parent); ++ hidden_sto_dir_dentry = dtohd2(dentry->d_parent); ++ ++ name = dentry->d_name.name; ++ namelen = dentry->d_name.len; ++ ++ /* must initialize dentry operations */ ++ dentry->d_op = &mini_fo_dops; ++ ++ /* setup the del_flag */ ++ del_flag = __meta_check_d_entry(dir, name, namelen); ++ bpath = __meta_check_r_entry(dir, name, namelen); ++ ++ /* perform the lookups of base and storage files: ++ * ++ * This caused some serious trouble, as a lookup_one_len passing ++ * a negative dentry oopses. Solution is to only do the lookup ++ * if the dentry is positive, else we set it to NULL ++ * More trouble, who said a *_dir_dentry can't be NULL? ++ */ ++ if(bpath) { ++ /* Cross-Interposing (C), yeah! */ ++ hidden_dentry = bpath_walk(dir->i_sb, bpath); ++ if(!hidden_dentry || !hidden_dentry->d_inode) { ++ printk(KERN_CRIT "mini_fo_lookup: bpath_walk failed.\n"); ++ err= -EINVAL; ++ goto out; ++ } ++ ++ /* this can be set up safely without fear of spaghetti ++ * interposing as it is only used for copying times */ ++ hidden_dir_dentry = hidden_dentry->d_parent; ++ kfree(bpath); ++ } ++ else if(hidden_dir_dentry && hidden_dir_dentry->d_inode) ++ hidden_dentry = ++ lookup_one_len(name, hidden_dir_dentry, namelen); ++ else ++ hidden_dentry = NULL; ++ ++ if(hidden_sto_dir_dentry && hidden_sto_dir_dentry->d_inode) ++ hidden_sto_dentry = ++ lookup_one_len(name, hidden_sto_dir_dentry, namelen); ++ else ++ hidden_sto_dentry = NULL; ++ ++ /* catch error in lookup */ ++ if (IS_ERR(hidden_dentry) || IS_ERR(hidden_sto_dentry)) { ++ /* mk: we need to call dput on the dentry, whose ++ * lookup_one_len operation failed, in order to avoid ++ * unmount trouble. ++ */ ++ if(IS_ERR(hidden_dentry)) { ++ printk(KERN_CRIT "mini_fo_lookup: ERR from base dentry, lookup failed.\n"); ++ err = PTR_ERR(hidden_dentry); ++ } else { ++ dput(hidden_dentry); ++ } ++ if(IS_ERR(hidden_sto_dentry)) { ++ printk(KERN_CRIT "mini_fo_lookup: ERR from storage dentry, lookup failed.\n"); ++ err = PTR_ERR(hidden_sto_dentry); ++ } else { ++ dput(hidden_sto_dentry); ++ } ++ goto out; ++ } ++ ++ /* allocate dentry private data */ ++ __dtopd(dentry) = (struct mini_fo_dentry_info *) ++ kmalloc(sizeof(struct mini_fo_dentry_info), GFP_KERNEL); ++ ++ if (!dtopd(dentry)) { ++ err = -ENOMEM; ++ goto out_dput; ++ } ++ ++ /* check for different states of the mini_fo file to be looked up. */ ++ ++ /* state 1, file has been modified */ ++ if(hidden_dentry && hidden_sto_dentry && ++ hidden_dentry->d_inode && hidden_sto_dentry->d_inode && !del_flag) { ++ ++ /* update parent directory's atime */ ++ fist_copy_attr_atime(dir, hidden_sto_dir_dentry->d_inode); ++ ++ dtopd(dentry)->state = MODIFIED; ++ dtohd(dentry) = hidden_dentry; ++ dtohd2(dentry) = hidden_sto_dentry; ++ ++ err = mini_fo_tri_interpose(hidden_dentry, ++ hidden_sto_dentry, ++ dentry, dir->i_sb, 1); ++ if (err) { ++ printk(KERN_CRIT "mini_fo_lookup: error interposing (state1).\n"); ++ goto out_free; ++ } ++ goto out; ++ } ++ /* state 2, file is unmodified */ ++ if(hidden_dentry && hidden_dentry->d_inode && !del_flag) { ++ ++ fist_copy_attr_atime(dir, hidden_dir_dentry->d_inode); ++ ++ dtopd(dentry)->state = UNMODIFIED; ++ dtohd(dentry) = hidden_dentry; ++ dtohd2(dentry) = hidden_sto_dentry; /* could be negative */ ++ ++ err = mini_fo_tri_interpose(hidden_dentry, ++ hidden_sto_dentry, ++ dentry, dir->i_sb, 1); ++ if (err) { ++ printk(KERN_CRIT "mini_fo_lookup: error interposing (state2).\n"); ++ goto out_free; ++ } ++ goto out; ++ } ++ /* state 3, file has been newly created */ ++ if(hidden_sto_dentry && hidden_sto_dentry->d_inode && !del_flag) { ++ ++ fist_copy_attr_atime(dir, hidden_sto_dir_dentry->d_inode); ++ dtopd(dentry)->state = CREATED; ++ dtohd(dentry) = hidden_dentry; /* could be negative */ ++ dtohd2(dentry) = hidden_sto_dentry; ++ ++ err = mini_fo_tri_interpose(hidden_dentry, ++ hidden_sto_dentry, ++ dentry, dir->i_sb, 1); ++ if (err) { ++ printk(KERN_CRIT "mini_fo_lookup: error interposing (state3).\n"); ++ goto out_free; ++ } ++ goto out; ++ } ++ ++ /* state 4, file has deleted and created again. */ ++ if(hidden_dentry && hidden_sto_dentry && ++ hidden_dentry->d_inode && ++ hidden_sto_dentry->d_inode && del_flag) { ++ ++ fist_copy_attr_atime(dir, hidden_sto_dir_dentry->d_inode); ++ dtopd(dentry)->state = DEL_REWRITTEN; ++ dtohd(dentry) = NULL; ++ dtohd2(dentry) = hidden_sto_dentry; ++ ++ err = mini_fo_tri_interpose(NULL, ++ hidden_sto_dentry, ++ dentry, dir->i_sb, 1); ++ if (err) { ++ printk(KERN_CRIT "mini_fo_lookup: error interposing (state4).\n"); ++ goto out_free; ++ } ++ /* We will never need this dentry again, as the file has been ++ * deleted from base */ ++ dput(hidden_dentry); ++ goto out; ++ } ++ /* state 5, file has been deleted in base */ ++ if(hidden_dentry && hidden_sto_dentry && ++ hidden_dentry->d_inode && ++ !hidden_sto_dentry->d_inode && del_flag) { ++ ++ /* check which parents atime we need for updating */ ++ if(hidden_sto_dir_dentry->d_inode) ++ fist_copy_attr_atime(dir, ++ hidden_sto_dir_dentry->d_inode); ++ else ++ fist_copy_attr_atime(dir, ++ hidden_dir_dentry->d_inode); ++ ++ dtopd(dentry)->state = DELETED; ++ dtohd(dentry) = NULL; ++ dtohd2(dentry) = hidden_sto_dentry; ++ ++ /* add negative dentry to dcache to speed up lookups */ ++ d_add(dentry, NULL); ++ dput(hidden_dentry); ++ goto out; ++ } ++ /* state 6, file does not exist */ ++ if(((hidden_dentry && !hidden_dentry->d_inode) || ++ (hidden_sto_dentry && !hidden_sto_dentry->d_inode)) && !del_flag) ++ { ++ /* check which parents atime we need for updating */ ++ if(hidden_sto_dir_dentry && hidden_sto_dir_dentry->d_inode) ++ fist_copy_attr_atime(dir, hidden_sto_dir_dentry->d_inode); ++ else ++ fist_copy_attr_atime(dir, hidden_dir_dentry->d_inode); ++ ++ dtopd(dentry)->state = NON_EXISTANT; ++ dtohd(dentry) = hidden_dentry; ++ dtohd2(dentry) = hidden_sto_dentry; ++ d_add(dentry, NULL); ++ goto out; ++ } ++ ++ /* if we get to here, were in an invalid state. bad. */ ++ printk(KERN_CRIT "mini_fo_lookup: ERROR, meta data corruption detected.\n"); ++ ++ /* end state checking */ ++ out_free: ++ d_drop(dentry); /* so that our bad dentry will get destroyed */ ++ kfree(dtopd(dentry)); ++ __dtopd(dentry) = NULL; /* be safe */ ++ ++ out_dput: ++ if(hidden_dentry) ++ dput(hidden_dentry); ++ if(hidden_sto_dentry) ++ dput(hidden_sto_dentry); /* drops usage count and marks for release */ ++ ++ out: ++ /* initalize wol if file exists and is directory */ ++ if(dentry->d_inode) { ++ if(S_ISDIR(dentry->d_inode->i_mode)) { ++ itopd(dentry->d_inode)->deleted_list_size = -1; ++ itopd(dentry->d_inode)->renamed_list_size = -1; ++ meta_build_lists(dentry); ++ } ++ } ++ return ERR_PTR(err); ++} ++ ++ ++STATIC int ++mini_fo_link(dentry_t *old_dentry, inode_t *dir, dentry_t *new_dentry) ++{ ++ int err; ++ dentry_t *hidden_old_dentry; ++ dentry_t *hidden_new_dentry; ++ dentry_t *hidden_dir_dentry; ++ ++ ++ check_mini_fo_dentry(old_dentry); ++ check_mini_fo_dentry(new_dentry); ++ check_mini_fo_inode(dir); ++ ++ /* no links to directorys and existing targets target allowed */ ++ if(S_ISDIR(old_dentry->d_inode->i_mode) || ++ is_mini_fo_existant(new_dentry)) { ++ err = -EPERM; ++ goto out; ++ } ++ ++ /* bring it directly from unmod to del_rew */ ++ if(dtost(old_dentry) == UNMODIFIED) { ++ err = nondir_unmod_to_mod(old_dentry, 1); ++ if(err) { ++ err = -EINVAL; ++ goto out; ++ } ++ err = meta_add_d_entry(old_dentry->d_parent, ++ old_dentry->d_name.name, ++ old_dentry->d_name.len); ++ if(err) { ++ err = -EINVAL; ++ goto out; ++ } ++ dput(dtohd(old_dentry)); ++ dtohd(old_dentry) = NULL; ++ dtost(old_dentry) = DEL_REWRITTEN; ++ } ++ ++ err = get_neg_sto_dentry(new_dentry); ++ if(err) { ++ err = -EINVAL; ++ goto out; ++ } ++ ++ hidden_old_dentry = dtohd2(old_dentry); ++ hidden_new_dentry = dtohd2(new_dentry); ++ ++ dget(hidden_old_dentry); ++ dget(hidden_new_dentry); ++ ++ /* was: hidden_dir_dentry = lock_parent(hidden_new_dentry); */ ++ hidden_dir_dentry = dget(hidden_new_dentry->d_parent); ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_dir_dentry->d_inode->i_mutex); ++#else ++ down(&hidden_dir_dentry->d_inode->i_sem); ++#endif ++ ++ err = vfs_link(hidden_old_dentry, ++ hidden_dir_dentry->d_inode, ++ hidden_new_dentry); ++ if (err || !hidden_new_dentry->d_inode) ++ goto out_lock; ++ ++ dtost(new_dentry) = CREATED; ++ err = mini_fo_tri_interpose(NULL, hidden_new_dentry, new_dentry, dir->i_sb, 0); ++ if (err) ++ goto out_lock; ++ ++ fist_copy_attr_timesizes(dir, hidden_new_dentry->d_inode); ++ /* propagate number of hard-links */ ++ old_dentry->d_inode->i_nlink = itohi2(old_dentry->d_inode)->i_nlink; ++ ++ out_lock: ++ /* was: unlock_dir(hidden_dir_dentry); */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&hidden_dir_dentry->d_inode->i_mutex); ++#else ++ up(&hidden_dir_dentry->d_inode->i_sem); ++#endif ++ dput(hidden_dir_dentry); ++ ++ dput(hidden_new_dentry); ++ dput(hidden_old_dentry); ++ if (!new_dentry->d_inode) ++ d_drop(new_dentry); ++ ++ out: ++ return err; ++} ++ ++ ++STATIC int ++mini_fo_unlink(inode_t *dir, dentry_t *dentry) ++{ ++ int err = 0; ++ ++ dget(dentry); ++ if(dtopd(dentry)->state == MODIFIED) { ++ err = nondir_mod_to_del(dentry); ++ goto out; ++ } ++ else if(dtopd(dentry)->state == UNMODIFIED) { ++ err = nondir_unmod_to_del(dentry); ++ goto out; ++ } ++ else if(dtopd(dentry)->state == CREATED) { ++ err = nondir_creat_to_del(dentry); ++ goto out; ++ } ++ else if(dtopd(dentry)->state == DEL_REWRITTEN) { ++ err = nondir_del_rew_to_del(dentry); ++ goto out; ++ } ++ ++ printk(KERN_CRIT "mini_fo_unlink: ERROR, invalid state detected.\n"); ++ ++ out: ++ fist_copy_attr_times(dir, itohi2(dentry->d_parent->d_inode)); ++ ++ if(!err) { ++ /* is this causing my pain? d_delete(dentry); */ ++ d_drop(dentry); ++ } ++ ++ dput(dentry); ++ return err; ++} ++ ++ ++STATIC int ++mini_fo_symlink(inode_t *dir, dentry_t *dentry, const char *symname) ++{ ++ int err=0; ++ dentry_t *hidden_sto_dentry; ++ dentry_t *hidden_sto_dir_dentry; ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ umode_t mode; ++#endif ++ ++ /* Fail if the symlink file exists */ ++ if(!(dtost(dentry) == DELETED || ++ dtost(dentry) == NON_EXISTANT)) { ++ err = -EEXIST; ++ goto out; ++ } ++ ++ err = get_neg_sto_dentry(dentry); ++ if(err) { ++ err = -EINVAL; ++ goto out; ++ } ++ hidden_sto_dentry = dtohd2(dentry); ++ ++ dget(hidden_sto_dentry); ++ /* was: hidden_sto_dir_dentry = lock_parent(hidden_sto_dentry); */ ++ hidden_sto_dir_dentry = dget(hidden_sto_dentry->d_parent); ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ down(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ mode = S_IALLUGO; ++ err = vfs_symlink(hidden_sto_dir_dentry->d_inode, ++ hidden_sto_dentry, symname, mode); ++#else ++ err = vfs_symlink(hidden_sto_dir_dentry->d_inode, ++ hidden_sto_dentry, ++ symname); ++#endif ++ if (err || !hidden_sto_dentry->d_inode) ++ goto out_lock; ++ ++ if(dtost(dentry) == DELETED) { ++ dtost(dentry) = DEL_REWRITTEN; ++ err = mini_fo_tri_interpose(NULL, hidden_sto_dentry, dentry, dir->i_sb, 0); ++ if(err) ++ goto out_lock; ++ } else if(dtost(dentry) == NON_EXISTANT) { ++ dtost(dentry) = CREATED; ++ err = mini_fo_tri_interpose(dtohd(dentry), hidden_sto_dentry, dentry, dir->i_sb, 0); ++ if(err) ++ goto out_lock; ++ } ++ fist_copy_attr_timesizes(dir, hidden_sto_dir_dentry->d_inode); ++ ++ out_lock: ++ /* was: unlock_dir(hidden_sto_dir_dentry); */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ up(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ dput(hidden_sto_dir_dentry); ++ ++ dput(hidden_sto_dentry); ++ if (!dentry->d_inode) ++ d_drop(dentry); ++ out: ++ return err; ++} ++ ++STATIC int ++mini_fo_mkdir(inode_t *dir, dentry_t *dentry, int mode) ++{ ++ int err; ++ ++ err = create_sto_dir(dentry, mode); ++ ++ check_mini_fo_dentry(dentry); ++ ++ return err; ++} ++ ++ ++STATIC int ++mini_fo_rmdir(inode_t *dir, dentry_t *dentry) ++{ ++ int err = 0; ++ ++ dentry_t *hidden_sto_dentry; ++ dentry_t *hidden_sto_dir_dentry; ++ dentry_t *meta_dentry; ++ inode_t *hidden_sto_dir = NULL; ++ ++ check_mini_fo_dentry(dentry); ++ check_mini_fo_inode(dir); ++ ++ dget(dentry); ++ if(dtopd(dentry)->state == MODIFIED) { ++ /* XXX: disabled, because it does not bother to check files on ++ * the original filesystem - just a hack, but better than simply ++ * removing it without testing */ ++ err = -EINVAL; ++ goto out; ++ ++ hidden_sto_dir = itohi2(dir); ++ hidden_sto_dentry = dtohd2(dentry); ++ ++ /* was:hidden_sto_dir_dentry = lock_parent(hidden_sto_dentry); */ ++ hidden_sto_dir_dentry = dget(hidden_sto_dentry->d_parent); ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ down(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ ++ /* Delete an old WOL file contained in the storage dir */ ++ meta_dentry = lookup_one_len(META_FILENAME, ++ hidden_sto_dentry, ++ strlen(META_FILENAME)); ++ if(meta_dentry->d_inode) { ++ err = vfs_unlink(hidden_sto_dentry->d_inode, meta_dentry); ++ dput(meta_dentry); ++ if(!err) ++ d_delete(meta_dentry); ++ } ++ ++ err = vfs_rmdir(hidden_sto_dir, hidden_sto_dentry); ++ dput(hidden_sto_dentry); ++ if(!err) ++ d_delete(hidden_sto_dentry); ++ ++ /* propagate number of hard-links */ ++ dentry->d_inode->i_nlink = itohi2(dentry->d_inode)->i_nlink; ++ ++ dput(dtohd(dentry)); ++ ++ dtohd(dentry) = NULL; ++ dtopd(dentry)->state = DELETED; ++ ++ /* carefull with R files */ ++ if( __meta_is_r_entry(dir, ++ dentry->d_name.name, ++ dentry->d_name.len) == 1) { ++ err = meta_remove_r_entry(dentry->d_parent, ++ dentry->d_name.name, ++ dentry->d_name.len); ++ if(err) { ++ printk(KERN_CRIT "mini_fo: rmdir: meta_remove_r_entry failed.\n"); ++ goto out; ++ } ++ } ++ else { ++ /* ok, add deleted file to META */ ++ meta_add_d_entry(dentry->d_parent, ++ dentry->d_name.name, ++ dentry->d_name.len); ++ } ++ /* was: unlock_dir(hidden_sto_dir_dentry); */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ up(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ dput(hidden_sto_dir_dentry); ++ goto out; ++ } ++ else if(dtopd(dentry)->state == UNMODIFIED) { ++ /* XXX: simply adding it to the delete list here is fscking dangerous! ++ * as a temporary hack, i will disable rmdir on unmodified directories ++ * for now. ++ */ ++ err = -EINVAL; ++ goto out; ++ ++ err = get_neg_sto_dentry(dentry); ++ if(err) { ++ err = -EINVAL; ++ goto out; ++ } ++ ++ /* dput base dentry, this will relase the inode and free the ++ * dentry, as we will never need it again. */ ++ dput(dtohd(dentry)); ++ dtohd(dentry) = NULL; ++ dtopd(dentry)->state = DELETED; ++ ++ /* add deleted file to META-file */ ++ meta_add_d_entry(dentry->d_parent, ++ dentry->d_name.name, ++ dentry->d_name.len); ++ goto out; ++ } ++ else if(dtopd(dentry)->state == CREATED) { ++ hidden_sto_dir = itohi2(dir); ++ hidden_sto_dentry = dtohd2(dentry); ++ ++ /* was: hidden_sto_dir_dentry = lock_parent(hidden_sto_dentry);*/ ++ hidden_sto_dir_dentry = dget(hidden_sto_dentry->d_parent); ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ down(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ ++ /* Delete an old WOL file contained in the storage dir */ ++ meta_dentry = lookup_one_len(META_FILENAME, ++ hidden_sto_dentry, ++ strlen(META_FILENAME)); ++ if(meta_dentry->d_inode) { ++ /* is this necessary? dget(meta_dentry); */ ++ err = vfs_unlink(hidden_sto_dentry->d_inode, ++ meta_dentry); ++ dput(meta_dentry); ++ if(!err) ++ d_delete(meta_dentry); ++ } ++ ++ err = vfs_rmdir(hidden_sto_dir, hidden_sto_dentry); ++ dput(hidden_sto_dentry); ++ if(!err) ++ d_delete(hidden_sto_dentry); ++ ++ /* propagate number of hard-links */ ++ dentry->d_inode->i_nlink = itohi2(dentry->d_inode)->i_nlink; ++ dtopd(dentry)->state = NON_EXISTANT; ++ ++ /* was: unlock_dir(hidden_sto_dir_dentry); */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ up(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ dput(hidden_sto_dir_dentry); ++ ++ goto out; ++ } ++ else if(dtopd(dentry)->state == DEL_REWRITTEN) { ++ hidden_sto_dir = itohi2(dir); ++ hidden_sto_dentry = dtohd2(dentry); ++ ++ /* was: hidden_sto_dir_dentry = lock_parent(hidden_sto_dentry);*/ ++ hidden_sto_dir_dentry = dget(hidden_sto_dentry->d_parent); ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ down(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ ++ /* Delete an old WOL file contained in the storage dir */ ++ meta_dentry = lookup_one_len(META_FILENAME, ++ hidden_sto_dentry, ++ strlen(META_FILENAME)); ++ if(meta_dentry->d_inode) { ++ /* is this necessary? dget(meta_dentry); */ ++ err = vfs_unlink(hidden_sto_dentry->d_inode, ++ meta_dentry); ++ dput(meta_dentry); ++ if(!err) ++ d_delete(meta_dentry); ++ } ++ ++ err = vfs_rmdir(hidden_sto_dir, hidden_sto_dentry); ++ dput(hidden_sto_dentry); ++ if(!err) ++ d_delete(hidden_sto_dentry); ++ ++ /* propagate number of hard-links */ ++ dentry->d_inode->i_nlink = itohi2(dentry->d_inode)->i_nlink; ++ dtopd(dentry)->state = DELETED; ++ /* was: unlock_dir(hidden_sto_dir_dentry); */ ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ up(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ dput(hidden_sto_dir_dentry); ++ goto out; ++ } ++ ++ printk(KERN_CRIT "mini_fo_rmdir: ERROR, invalid state detected.\n"); ++ ++ out: ++ if(!err) { ++ d_drop(dentry); ++ } ++ ++ fist_copy_attr_times(dir, itohi2(dentry->d_parent->d_inode)); ++ dput(dentry); ++ ++ return err; ++} ++ ++ ++STATIC int ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++mini_fo_mknod(inode_t *dir, dentry_t *dentry, int mode, dev_t dev) ++#else ++mini_fo_mknod(inode_t *dir, dentry_t *dentry, int mode, int dev) ++#endif ++{ ++ int err = 0; ++ ++ check_mini_fo_dentry(dentry); ++ ++ err = create_sto_nod(dentry, mode, dev); ++ if(err) { ++ printk(KERN_CRIT "mini_fo_mknod: creating sto nod failed.\n"); ++ err = -EINVAL; ++ } ++ ++ check_mini_fo_dentry(dentry); ++ return err; ++} ++ ++ ++STATIC int ++mini_fo_rename(inode_t *old_dir, dentry_t *old_dentry, ++ inode_t *new_dir, dentry_t *new_dentry) ++{ ++ /* dispatch */ ++ if(S_ISDIR(old_dentry->d_inode->i_mode)) ++ return rename_directory(old_dir, old_dentry, new_dir, new_dentry); ++ return rename_nondir(old_dir, old_dentry, new_dir, new_dentry); ++ ++} ++ ++int rename_directory(inode_t *old_dir, dentry_t *old_dentry, ++ inode_t *new_dir, dentry_t *new_dentry) ++{ ++ int err, bpath_len; ++ char *bpath; ++ ++ dentry_t *hidden_old_dentry; ++ dentry_t *hidden_new_dentry; ++ dentry_t *hidden_old_dir_dentry; ++ dentry_t *hidden_new_dir_dentry; ++ ++ err = 0; ++ bpath = NULL; ++ bpath_len = 0; ++ ++ /* this is a test, chuck out if it works */ ++ if(!(dtopd(new_dentry)->state == DELETED || ++ dtopd(new_dentry)->state == NON_EXISTANT)) { ++ printk(KERN_CRIT "mini_fo: rename_directory: \ ++ uh, ah, new_dentry not negative.\n"); ++ /* return -1; */ ++ } ++ ++ /* state = UNMODIFIED */ ++ if(dtopd(old_dentry)->state == UNMODIFIED) { ++ err = dir_unmod_to_mod(old_dentry); ++ if (err) ++ goto out; ++ } ++ ++ /* state = MODIFIED */ ++ if(dtopd(old_dentry)->state == MODIFIED) { ++ bpath = meta_check_r_entry(old_dentry->d_parent, ++ old_dentry->d_name.name, ++ old_dentry->d_name.len); ++ if(bpath) { ++ err = meta_remove_r_entry(old_dentry->d_parent, ++ old_dentry->d_name.name, ++ old_dentry->d_name.len); ++ if(err) { ++ printk(KERN_CRIT "mini_fo: rename_directory:\ ++ meta_remove_r_entry \ ++ failed.\n"); ++ goto out; ++ } ++ err = meta_add_r_entry(new_dentry->d_parent, ++ bpath, ++ strlen(bpath), ++ new_dentry->d_name.name, ++ new_dentry->d_name.len); ++ kfree(bpath); ++ } ++ else {/* wol it */ ++ err = meta_add_d_entry(old_dentry->d_parent, ++ old_dentry->d_name.name, ++ old_dentry->d_name.len); ++ if (err) ++ goto out; ++ /* put it on rename list */ ++ err = get_mini_fo_bpath(old_dentry, ++ &bpath, ++ &bpath_len); ++ if (err) ++ goto out; ++ err = meta_add_r_entry(new_dentry->d_parent, ++ bpath, bpath_len, ++ new_dentry->d_name.name, ++ new_dentry->d_name.len); ++ if (err) ++ goto out; ++ } ++ /* no state change, MODIFIED stays MODIFIED */ ++ } ++ /* state = CREATED */ ++ if(dtopd(old_dentry)->state == CREATED || ++ dtopd(old_dentry)->state == DEL_REWRITTEN) { ++ if(dtohd(old_dentry)) ++ dput(dtohd(old_dentry)); ++ ++ if(dtopd(new_dentry)->state == DELETED) { ++ dtopd(old_dentry)->state = DEL_REWRITTEN; ++ dtohd(old_dentry) = NULL; ++ } ++ else if(dtopd(new_dentry)->state == NON_EXISTANT) { ++ dtopd(old_dentry)->state = CREATED; ++ /* steal new dentry's neg. base dentry */ ++ dtohd(old_dentry) = dtohd(new_dentry); ++ dtohd(new_dentry) = NULL; ++ } ++ } ++ if(dtopd(new_dentry)->state == UNMODIFIED || ++ dtopd(new_dentry)->state == NON_EXISTANT) { ++ err = get_neg_sto_dentry(new_dentry); ++ if(err) ++ goto out; ++ } ++ ++ /* now move sto file */ ++ hidden_old_dentry = dtohd2(old_dentry); ++ hidden_new_dentry = dtohd2(new_dentry); ++ ++ dget(hidden_old_dentry); ++ dget(hidden_new_dentry); ++ ++ hidden_old_dir_dentry = dget(hidden_old_dentry->d_parent); ++ hidden_new_dir_dentry = dget(hidden_new_dentry->d_parent); ++ double_lock(hidden_old_dir_dentry, hidden_new_dir_dentry); ++ ++ err = vfs_rename(hidden_old_dir_dentry->d_inode, hidden_old_dentry, ++ hidden_new_dir_dentry->d_inode, hidden_new_dentry); ++ if(err) ++ goto out_lock; ++ ++ fist_copy_attr_all(new_dir, hidden_new_dir_dentry->d_inode); ++ if (new_dir != old_dir) ++ fist_copy_attr_all(old_dir, ++ hidden_old_dir_dentry->d_inode); ++ ++ out_lock: ++ /* double_unlock will dput the new/old parent dentries ++ * whose refcnts were incremented via get_parent above. */ ++ double_unlock(hidden_old_dir_dentry, hidden_new_dir_dentry); ++ dput(hidden_new_dentry); ++ dput(hidden_old_dentry); ++ ++ out: ++ return err; ++} ++ ++int rename_nondir(inode_t *old_dir, dentry_t *old_dentry, ++ inode_t *new_dir, dentry_t *new_dentry) ++{ ++ int err=0; ++ ++ check_mini_fo_dentry(old_dentry); ++ check_mini_fo_dentry(new_dentry); ++ check_mini_fo_inode(old_dir); ++ check_mini_fo_inode(new_dir); ++ ++ /* state: UNMODIFIED */ ++ if(dtost(old_dentry) == UNMODIFIED) { ++ err = nondir_unmod_to_mod(old_dentry, 1); ++ if(err) { ++ err = -EINVAL; ++ goto out; ++ } ++ } ++ ++ /* the easy states */ ++ if(exists_in_storage(old_dentry)) { ++ ++ dentry_t *hidden_old_dentry; ++ dentry_t *hidden_new_dentry; ++ dentry_t *hidden_old_dir_dentry; ++ dentry_t *hidden_new_dir_dentry; ++ ++ /* if old file is MODIFIED, add it to the deleted_list */ ++ if(dtopd(old_dentry)->state == MODIFIED) { ++ meta_add_d_entry(old_dentry->d_parent, ++ old_dentry->d_name.name, ++ old_dentry->d_name.len); ++ ++ dput(dtohd(old_dentry)); ++ } ++ /* if old file is CREATED, we only release the base dentry */ ++ if(dtopd(old_dentry)->state == CREATED) { ++ if(dtohd(old_dentry)) ++ dput(dtohd(old_dentry)); ++ } ++ ++ /* now setup the new states (depends on new_dentry state) */ ++ /* new dentry state = MODIFIED */ ++ if(dtopd(new_dentry)->state == MODIFIED) { ++ meta_add_d_entry(new_dentry->d_parent, ++ new_dentry->d_name.name, ++ new_dentry->d_name.len); ++ ++ /* new dentry will be d_put'ed later by the vfs ++ * so don't do it here ++ * dput(dtohd(new_dentry)); ++ */ ++ dtohd(old_dentry) = NULL; ++ dtopd(old_dentry)->state = DEL_REWRITTEN; ++ } ++ /* new dentry state = UNMODIFIED */ ++ else if(dtopd(new_dentry)->state == UNMODIFIED) { ++ if(get_neg_sto_dentry(new_dentry)) ++ return -EINVAL; ++ ++ meta_add_d_entry(new_dentry->d_parent, ++ new_dentry->d_name.name, ++ new_dentry->d_name.len); ++ ++ /* is this right??? */ ++ /*dput(dtohd(new_dentry));*/ ++ dtohd(old_dentry) = NULL; ++ dtopd(old_dentry)->state = DEL_REWRITTEN; ++ } ++ /* new dentry state = CREATED */ ++ else if(dtopd(new_dentry)->state == CREATED) { ++ /* we keep the neg. base dentry (if exists) */ ++ dtohd(old_dentry) = dtohd(new_dentry); ++ /* ...and set it to Null, or we'll get ++ * dcache.c:345 if it gets dput twice... */ ++ dtohd(new_dentry) = NULL; ++ dtopd(old_dentry)->state = CREATED; ++ } ++ /* new dentry state = NON_EXISTANT */ ++ else if(dtopd(new_dentry)->state == NON_EXISTANT) { ++ if(get_neg_sto_dentry(new_dentry)) ++ return -EINVAL; ++ ++ /* we keep the neg. base dentry (if exists) */ ++ dtohd(old_dentry) = dtohd(new_dentry); ++ /* ...and set it to Null, or we'll get ++ * Dr. dcache.c:345 if it gets dput twice... */ ++ dtohd(new_dentry) = NULL; ++ dtopd(old_dentry)->state = CREATED; ++ } ++ /* new dentry state = DEL_REWRITTEN or DELETED */ ++ else if(dtopd(new_dentry)->state == DEL_REWRITTEN || ++ dtopd(new_dentry)->state == DELETED) { ++ dtohd(old_dentry) = NULL; ++ dtopd(old_dentry)->state = DEL_REWRITTEN; ++ } ++ else { /* not possible, uhh, ahh */ ++ printk(KERN_CRIT ++ "mini_fo: rename_reg_file: invalid state detected [1].\n"); ++ return -1; ++ } ++ ++ /* now we definitely have a sto file */ ++ hidden_old_dentry = dtohd2(old_dentry); ++ hidden_new_dentry = dtohd2(new_dentry); ++ ++ dget(hidden_old_dentry); ++ dget(hidden_new_dentry); ++ ++ hidden_old_dir_dentry = dget(hidden_old_dentry->d_parent); ++ hidden_new_dir_dentry = dget(hidden_new_dentry->d_parent); ++ double_lock(hidden_old_dir_dentry, hidden_new_dir_dentry); ++ ++ err = vfs_rename(hidden_old_dir_dentry->d_inode, ++ hidden_old_dentry, ++ hidden_new_dir_dentry->d_inode, ++ hidden_new_dentry); ++ if(err) ++ goto out_lock; ++ ++ fist_copy_attr_all(new_dir, hidden_new_dir_dentry->d_inode); ++ if (new_dir != old_dir) ++ fist_copy_attr_all(old_dir, hidden_old_dir_dentry->d_inode); ++ ++ out_lock: ++ /* double_unlock will dput the new/old parent dentries ++ * whose refcnts were incremented via get_parent above. ++ */ ++ double_unlock(hidden_old_dir_dentry, hidden_new_dir_dentry); ++ dput(hidden_new_dentry); ++ dput(hidden_old_dentry); ++ out: ++ return err; ++ } ++ else { /* invalid state */ ++ printk(KERN_CRIT "mini_fo: rename_reg_file: ERROR: invalid state detected [2].\n"); ++ return -1; ++ } ++} ++ ++ ++STATIC int ++mini_fo_readlink(dentry_t *dentry, char *buf, int bufsiz) ++{ ++ int err=0; ++ dentry_t *hidden_dentry = NULL; ++ ++ if(dtohd2(dentry) && dtohd2(dentry)->d_inode) { ++ hidden_dentry = dtohd2(dentry); ++ } else if(dtohd(dentry) && dtohd(dentry)->d_inode) { ++ hidden_dentry = dtohd(dentry); ++ } else { ++ goto out; ++ } ++ ++ if (!hidden_dentry->d_inode->i_op || ++ !hidden_dentry->d_inode->i_op->readlink) { ++ err = -EINVAL; goto out; ++ } ++ ++ err = hidden_dentry->d_inode->i_op->readlink(hidden_dentry, ++ buf, ++ bufsiz); ++ if (err > 0) ++ fist_copy_attr_atime(dentry->d_inode, hidden_dentry->d_inode); ++ ++ out: ++ return err; ++} ++ ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,13) ++static int mini_fo_follow_link(dentry_t *dentry, struct nameidata *nd) ++#else ++static void* mini_fo_follow_link(dentry_t *dentry, struct nameidata *nd) ++#endif ++{ ++ char *buf; ++ int len = PAGE_SIZE, err; ++ mm_segment_t old_fs; ++ ++ /* in 2.6 this is freed by mini_fo_put_link called by __do_follow_link */ ++ buf = kmalloc(len, GFP_KERNEL); ++ if (!buf) { ++ err = -ENOMEM; ++ goto out; ++ } ++ ++ /* read the symlink, and then we will follow it */ ++ old_fs = get_fs(); ++ set_fs(KERNEL_DS); ++ err = dentry->d_inode->i_op->readlink(dentry, buf, len); ++ set_fs(old_fs); ++ if (err < 0) { ++ kfree(buf); ++ buf = NULL; ++ goto out; ++ } ++ buf[err] = 0; ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ nd_set_link(nd, buf); ++ err = 0; ++#else ++ err = vfs_follow_link(nd, buf); ++#endif ++ ++ out: ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ kfree(buf); ++#endif ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,13) ++ return err; ++#else ++ return ERR_PTR(err); ++#endif ++} ++ ++STATIC ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,13) ++void mini_fo_put_link(struct dentry *dentry, struct nameidata *nd) ++#else ++void mini_fo_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie) ++#endif ++{ ++ char *link; ++ link = nd_get_link(nd); ++ kfree(link); ++} ++#endif ++ ++STATIC int ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++mini_fo_permission(inode_t *inode, int mask, struct nameidata *nd) ++#else ++mini_fo_permission(inode_t *inode, int mask) ++#endif ++{ ++ inode_t *hidden_inode; ++ int mode; ++ int err; ++ ++ if(itohi2(inode)) { ++ hidden_inode = itohi2(inode); ++ } else { ++ hidden_inode = itohi(inode); ++ } ++ mode = inode->i_mode; ++ ++ /* not really needed, as permission handles everything: ++ * err = vfs_permission(inode, mask); ++ * if (err) ++ * goto out; ++ */ ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ err = permission(hidden_inode, mask, nd); ++#else ++ err = permission(hidden_inode, mask); ++#endif ++ ++ /* out: */ ++ return err; ++} ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++STATIC int ++mini_fo_inode_revalidate(dentry_t *dentry) ++{ ++ int err = 0; ++ dentry_t *hidden_dentry; ++ inode_t *hidden_inode; ++ ++ ASSERT(dentry->d_inode); ++ ASSERT(itopd(dentry->d_inode)); ++ ++ if(itohi2(dentry->d_inode)) { ++ hidden_dentry = dtohd2(dentry); ++ hidden_inode = hidden_dentry->d_inode; ++ } else if(itohi(dentry->d_inode)) { ++ hidden_dentry = dtohd(dentry); ++ hidden_inode = hidden_dentry->d_inode; ++ } else { ++ printk(KERN_CRIT "mini_fo_inode_revalidate: ERROR, invalid state detected.\n"); ++ err = -ENOENT; ++ goto out; ++ } ++ if (hidden_inode && hidden_inode->i_op && hidden_inode->i_op->revalidate){ ++ err = hidden_inode->i_op->revalidate(hidden_dentry); ++ if (err) ++ goto out; ++ } ++ fist_copy_attr_all(dentry->d_inode, hidden_inode); ++ out: ++ return err; ++} ++#endif ++ ++STATIC int ++mini_fo_setattr(dentry_t *dentry, struct iattr *ia) ++{ ++ int err = 0; ++ ++ check_mini_fo_dentry(dentry); ++ ++ if(!is_mini_fo_existant(dentry)) { ++ printk(KERN_CRIT "mini_fo_setattr: ERROR, invalid state detected [1].\n"); ++ goto out; ++ } ++ ++ if(dtost(dentry) == UNMODIFIED) { ++ if(!IS_COPY_FLAG(ia->ia_valid)) ++ goto out; /* we ignore these changes to base */ ++ ++ if(S_ISDIR(dentry->d_inode->i_mode)) { ++ err = dir_unmod_to_mod(dentry); ++ } else { ++ /* we copy contents if file is not beeing truncated */ ++ if(S_ISREG(dentry->d_inode->i_mode) && ++ !(ia->ia_size == 0 && (ia->ia_valid & ATTR_SIZE))) { ++ err = nondir_unmod_to_mod(dentry, 1); ++ } else ++ err = nondir_unmod_to_mod(dentry, 0); ++ } ++ if(err) { ++ err = -EINVAL; ++ printk(KERN_CRIT "mini_fo_setattr: ERROR changing states.\n"); ++ goto out; ++ } ++ } ++ if(!exists_in_storage(dentry)) { ++ printk(KERN_CRIT "mini_fo_setattr: ERROR, invalid state detected [2].\n"); ++ err = -EINVAL; ++ goto out; ++ } ++ ASSERT(dentry->d_inode); ++ ASSERT(dtohd2(dentry)); ++ ASSERT(itopd(dentry->d_inode)); ++ ASSERT(itohi2(dentry->d_inode)); ++ ++ err = notify_change(dtohd2(dentry), ia); ++ fist_copy_attr_all(dentry->d_inode, itohi2(dentry->d_inode)); ++ out: ++ return err; ++} ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++STATIC int ++mini_fo_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) ++{ ++ int err = 0; ++ dentry_t *hidden_dentry; ++ ++ ASSERT(dentry->d_inode); ++ ASSERT(itopd(dentry->d_inode)); ++ ++ if(itohi2(dentry->d_inode)) { ++ hidden_dentry = dtohd2(dentry); ++ } else if(itohi(dentry->d_inode)) { ++ hidden_dentry = dtohd(dentry); ++ } else { ++ printk(KERN_CRIT "mini_fo_getattr: ERROR, invalid state detected.\n"); ++ err = -ENOENT; ++ goto out; ++ } ++ fist_copy_attr_all(dentry->d_inode, hidden_dentry->d_inode); ++ ++ ASSERT(hidden_dentry); ++ ASSERT(hidden_dentry->d_inode); ++ ASSERT(hidden_dentry->d_inode->i_op); ++ ++ generic_fillattr(dentry->d_inode, stat); ++ if (!stat->blksize) { ++ struct super_block *s = hidden_dentry->d_inode->i_sb; ++ unsigned blocks; ++ blocks = (stat->size+s->s_blocksize-1) >> s->s_blocksize_bits; ++ stat->blocks = (s->s_blocksize / 512) * blocks; ++ stat->blksize = s->s_blocksize; ++ } ++ out: ++ return err; ++} ++#endif ++ ++#if defined(XATTR) && (LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,20)) ++#if 0 /* no xattr_alloc() and xattr_free() */ ++/* This is lifted from fs/xattr.c */ ++static void * ++xattr_alloc(size_t size, size_t limit) ++{ ++ void *ptr; ++ ++ if (size > limit) ++ return ERR_PTR(-E2BIG); ++ ++ if (!size) /* size request, no buffer is needed */ ++ return NULL; ++ else if (size <= PAGE_SIZE) ++ ptr = kmalloc((unsigned long) size, GFP_KERNEL); ++ else ++ ptr = vmalloc((unsigned long) size); ++ if (!ptr) ++ return ERR_PTR(-ENOMEM); ++ return ptr; ++} ++ ++static void ++xattr_free(void *ptr, size_t size) ++{ ++ if (!size) /* size request, no buffer was needed */ ++ return; ++ else if (size <= PAGE_SIZE) ++ kfree(ptr); ++ else ++ vfree(ptr); ++} ++#endif /* no xattr_alloc() and xattr_free() */ ++ ++/* BKL held by caller. ++ * dentry->d_inode->i_sem down ++ */ ++STATIC int ++mini_fo_getxattr(struct dentry *dentry, const char *name, void *value, size_t size) { ++ struct dentry *hidden_dentry = NULL; ++ int err = -EOPNOTSUPP; ++ /* Define these anyway so we don't need as much ifdef'ed code. */ ++ char *encoded_name = NULL; ++ char *encoded_value = NULL; ++ ++ check_mini_fo_dentry(dentry); ++ ++ if(exists_in_storage(dentry)) ++ hidden_dentry = dtohd2(dentry); ++ else ++ hidden_dentry = dtohd(dentry); ++ ++ ASSERT(hidden_dentry); ++ ASSERT(hidden_dentry->d_inode); ++ ASSERT(hidden_dentry->d_inode->i_op); ++ ++ if (hidden_dentry->d_inode->i_op->getxattr) { ++ encoded_name = (char *)name; ++ encoded_value = (char *)value; ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_dentry->d_inode->i_mutex); ++#else ++ down(&hidden_dentry->d_inode->i_sem); ++#endif ++ /* lock_kernel() already done by caller. */ ++ err = hidden_dentry->d_inode->i_op->getxattr(hidden_dentry, encoded_name, encoded_value, size); ++ /* unlock_kernel() will be done by caller. */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_dentry->d_inode->i_mutex); ++#else ++ up(&hidden_dentry->d_inode->i_sem); ++#endif ++ } ++ return err; ++} ++ ++/* BKL held by caller. ++ * dentry->d_inode->i_sem down ++ */ ++STATIC int ++#if ((LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,21) \ ++ && LINUX_VERSION_CODE <= KERNEL_VERSION(2,4,23)) \ ++ || LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)) ++mini_fo_setxattr(struct dentry *dentry, const char *name, ++ const void *value, size_t size, int flags) ++#else ++mini_fo_setxattr(struct dentry *dentry, const char *name, ++ void *value, size_t size, int flags) ++#endif ++ ++{ ++ struct dentry *hidden_dentry = NULL; ++ int err = -EOPNOTSUPP; ++ ++ /* Define these anyway, so we don't have as much ifdef'ed code. */ ++ char *encoded_value = NULL; ++ char *encoded_name = NULL; ++ ++ check_mini_fo_dentry(dentry); ++ ++ if(exists_in_storage(dentry)) ++ hidden_dentry = dtohd2(dentry); ++ else ++ hidden_dentry = dtohd(dentry); ++ ++ ASSERT(hidden_dentry); ++ ASSERT(hidden_dentry->d_inode); ++ ASSERT(hidden_dentry->d_inode->i_op); ++ ++ if (hidden_dentry->d_inode->i_op->setxattr) { ++ encoded_name = (char *)name; ++ encoded_value = (char *)value; ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_dentry->d_inode->i_mutex); ++#else ++ down(&hidden_dentry->d_inode->i_sem); ++#endif ++ /* lock_kernel() already done by caller. */ ++ err = hidden_dentry->d_inode->i_op->setxattr(hidden_dentry, encoded_name, encoded_value, size, flags); ++ /* unlock_kernel() will be done by caller. */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&hidden_dentry->d_inode->i_mutex); ++#else ++ up(&hidden_dentry->d_inode->i_sem); ++#endif ++ } ++ return err; ++} ++ ++/* BKL held by caller. ++ * dentry->d_inode->i_sem down ++ */ ++STATIC int ++mini_fo_removexattr(struct dentry *dentry, const char *name) { ++ struct dentry *hidden_dentry = NULL; ++ int err = -EOPNOTSUPP; ++ char *encoded_name; ++ ++ check_mini_fo_dentry(dentry); ++ ++ if(exists_in_storage(dentry)) ++ hidden_dentry = dtohd2(dentry); ++ else ++ hidden_dentry = dtohd(dentry); ++ ++ ASSERT(hidden_dentry); ++ ASSERT(hidden_dentry->d_inode); ++ ASSERT(hidden_dentry->d_inode->i_op); ++ ++ if (hidden_dentry->d_inode->i_op->removexattr) { ++ encoded_name = (char *)name; ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_dentry->d_inode->i_mutex); ++#else ++ down(&hidden_dentry->d_inode->i_sem); ++#endif ++ /* lock_kernel() already done by caller. */ ++ err = hidden_dentry->d_inode->i_op->removexattr(hidden_dentry, encoded_name); ++ /* unlock_kernel() will be done by caller. */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&hidden_dentry->d_inode->i_mutex); ++#else ++ up(&hidden_dentry->d_inode->i_sem); ++#endif ++ } ++ return err; ++} ++ ++/* BKL held by caller. ++ * dentry->d_inode->i_sem down ++ */ ++STATIC int ++mini_fo_listxattr(struct dentry *dentry, char *list, size_t size) { ++ struct dentry *hidden_dentry = NULL; ++ int err = -EOPNOTSUPP; ++ char *encoded_list = NULL; ++ ++ check_mini_fo_dentry(dentry); ++ ++ if(exists_in_storage(dentry)) ++ hidden_dentry = dtohd2(dentry); ++ else ++ hidden_dentry = dtohd(dentry); ++ ++ ASSERT(hidden_dentry); ++ ASSERT(hidden_dentry->d_inode); ++ ASSERT(hidden_dentry->d_inode->i_op); ++ ++ if (hidden_dentry->d_inode->i_op->listxattr) { ++ encoded_list = list; ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_dentry->d_inode->i_mutex); ++#else ++ down(&hidden_dentry->d_inode->i_sem); ++#endif ++ /* lock_kernel() already done by caller. */ ++ err = hidden_dentry->d_inode->i_op->listxattr(hidden_dentry, encoded_list, size); ++ /* unlock_kernel() will be done by caller. */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&hidden_dentry->d_inode->i_mutex); ++#else ++ up(&hidden_dentry->d_inode->i_sem); ++#endif ++ } ++ return err; ++} ++# endif /* defined(XATTR) && (LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,20)) */ ++ ++struct inode_operations mini_fo_symlink_iops = ++ { ++ readlink: mini_fo_readlink, ++ follow_link: mini_fo_follow_link, ++ /* mk: permission: mini_fo_permission, */ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ revalidate: mini_fo_inode_revalidate, ++#endif ++ setattr: mini_fo_setattr, ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ getattr: mini_fo_getattr, ++ put_link: mini_fo_put_link, ++#endif ++ ++#if defined(XATTR) && (LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,20)) ++ setxattr: mini_fo_setxattr, ++ getxattr: mini_fo_getxattr, ++ listxattr: mini_fo_listxattr, ++ removexattr: mini_fo_removexattr ++# endif /* defined(XATTR) && (LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,20)) */ ++ }; ++ ++struct inode_operations mini_fo_dir_iops = ++ { ++ create: mini_fo_create, ++ lookup: mini_fo_lookup, ++ link: mini_fo_link, ++ unlink: mini_fo_unlink, ++ symlink: mini_fo_symlink, ++ mkdir: mini_fo_mkdir, ++ rmdir: mini_fo_rmdir, ++ mknod: mini_fo_mknod, ++ rename: mini_fo_rename, ++ /* no readlink/follow_link for non-symlinks */ ++ // off because we have setattr ++ // truncate: mini_fo_truncate, ++ /* mk:permission: mini_fo_permission, */ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ revalidate: mini_fo_inode_revalidate, ++#endif ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ getattr: mini_fo_getattr, ++#endif ++ setattr: mini_fo_setattr, ++#if defined(XATTR) && (LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,20)) ++ setxattr: mini_fo_setxattr, ++ getxattr: mini_fo_getxattr, ++ listxattr: mini_fo_listxattr, ++ removexattr: mini_fo_removexattr ++# endif /* XATTR && LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,20) */ ++ }; ++ ++struct inode_operations mini_fo_main_iops = ++ { ++ /* permission: mini_fo_permission, */ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ revalidate: mini_fo_inode_revalidate, ++#endif ++ setattr: mini_fo_setattr, ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ getattr: mini_fo_getattr, ++#endif ++#if defined(XATTR) && (LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,20)) ++ setxattr: mini_fo_setxattr, ++ getxattr: mini_fo_getxattr, ++ listxattr: mini_fo_listxattr, ++ removexattr: mini_fo_removexattr ++# endif /* XATTR && LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,20) */ ++ }; +--- /dev/null ++++ b/fs/mini_fo/main.c +@@ -0,0 +1,423 @@ ++/* ++ * Copyright (c) 1997-2003 Erez Zadok ++ * Copyright (c) 2001-2003 Stony Brook University ++ * ++ * For specific licensing information, see the COPYING file distributed with ++ * this package, or get one from ftp://ftp.filesystems.org/pub/fist/COPYING. ++ * ++ * This Copyright notice must be kept intact and distributed with all ++ * fistgen sources INCLUDING sources generated by fistgen. ++ */ ++/* ++ * Copyright (C) 2004, 2005 Markus Klotzbuecher <mk@creamnet.de> ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ */ ++ ++/* ++ * $Id$ ++ */ ++ ++#ifdef HAVE_CONFIG_H ++# include <config.h> ++#endif ++ ++#include "fist.h" ++#include "mini_fo.h" ++#include <linux/module.h> ++ ++/* This definition must only appear after we include <linux/module.h> */ ++#ifndef MODULE_LICENSE ++# define MODULE_LICENSE(bison) ++#endif /* not MODULE_LICENSE */ ++ ++/* ++ * This is the mini_fo tri interpose function, which extends the ++ * functionality of the regular interpose by interposing a higher ++ * level inode on top of two lower level ones: the base filesystem ++ * inode and the storage filesystem inode. ++ * ++ * sb we pass is mini_fo's super_block ++ */ ++int ++mini_fo_tri_interpose(dentry_t *hidden_dentry, ++ dentry_t *hidden_sto_dentry, ++ dentry_t *dentry, super_block_t *sb, int flag) ++{ ++ inode_t *hidden_inode = NULL; ++ inode_t *hidden_sto_inode = NULL; /* store corresponding storage inode */ ++ int err = 0; ++ inode_t *inode; ++ ++ /* Pointer to hidden_sto_inode if exists, else to hidden_inode. ++ * This is used to copy the attributes of the correct inode. */ ++ inode_t *master_inode; ++ ++ if(hidden_dentry) ++ hidden_inode = hidden_dentry->d_inode; ++ if(hidden_sto_dentry) ++ hidden_sto_inode = hidden_sto_dentry->d_inode; ++ ++ ASSERT(dentry->d_inode == NULL); ++ ++ /* mk: One of the inodes associated with the dentrys is likely to ++ * be NULL, so carefull: ++ */ ++ ASSERT((hidden_inode != NULL) || (hidden_sto_inode != NULL)); ++ ++ if(hidden_sto_inode) ++ master_inode = hidden_sto_inode; ++ else ++ master_inode = hidden_inode; ++ ++ /* ++ * We allocate our new inode below, by calling iget. ++ * iget will call our read_inode which will initialize some ++ * of the new inode's fields ++ */ ++ ++ /* ++ * original: inode = iget(sb, hidden_inode->i_ino); ++ */ ++ inode = iget(sb, iunique(sb, 25)); ++ if (!inode) { ++ err = -EACCES; /* should be impossible??? */ ++ goto out; ++ } ++ ++ /* ++ * interpose the inode if not already interposed ++ * this is possible if the inode is being reused ++ * XXX: what happens if we get_empty_inode() but there's another already? ++ * for now, ASSERT() that this can't happen; fix later. ++ */ ++ if (itohi(inode) != NULL) { ++ printk(KERN_CRIT "mini_fo_tri_interpose: itohi(inode) != NULL.\n"); ++ } ++ if (itohi2(inode) != NULL) { ++ printk(KERN_CRIT "mini_fo_tri_interpose: itohi2(inode) != NULL.\n"); ++ } ++ ++ /* mk: Carefull, igrab can't handle NULL inodes (ok, why should it?), so ++ * we need to check here: ++ */ ++ if(hidden_inode) ++ itohi(inode) = igrab(hidden_inode); ++ else ++ itohi(inode) = NULL; ++ ++ if(hidden_sto_inode) ++ itohi2(inode) = igrab(hidden_sto_inode); ++ else ++ itohi2(inode) = NULL; ++ ++ ++ /* Use different set of inode ops for symlinks & directories*/ ++ if (S_ISLNK(master_inode->i_mode)) ++ inode->i_op = &mini_fo_symlink_iops; ++ else if (S_ISDIR(master_inode->i_mode)) ++ inode->i_op = &mini_fo_dir_iops; ++ ++ /* Use different set of file ops for directories */ ++ if (S_ISDIR(master_inode->i_mode)) ++ inode->i_fop = &mini_fo_dir_fops; ++ ++ /* properly initialize special inodes */ ++ if (S_ISBLK(master_inode->i_mode) || S_ISCHR(master_inode->i_mode) || ++ S_ISFIFO(master_inode->i_mode) || S_ISSOCK(master_inode->i_mode)) { ++ init_special_inode(inode, master_inode->i_mode, master_inode->i_rdev); ++ } ++ ++ /* Fix our inode's address operations to that of the lower inode */ ++ if (inode->i_mapping->a_ops != master_inode->i_mapping->a_ops) { ++ inode->i_mapping->a_ops = master_inode->i_mapping->a_ops; ++ } ++ ++ /* only (our) lookup wants to do a d_add */ ++ if (flag) ++ d_add(dentry, inode); ++ else ++ d_instantiate(dentry, inode); ++ ++ ASSERT(dtopd(dentry) != NULL); ++ ++ /* all well, copy inode attributes */ ++ fist_copy_attr_all(inode, master_inode); ++ ++ out: ++ return err; ++} ++ ++/* parse mount options "base=" and "sto=" */ ++dentry_t * ++mini_fo_parse_options(super_block_t *sb, char *options) ++{ ++ dentry_t *hidden_root = ERR_PTR(-EINVAL); ++ dentry_t *hidden_root2 = ERR_PTR(-EINVAL); ++ struct nameidata nd, nd2; ++ char *name, *tmp, *end; ++ int err = 0; ++ ++ /* We don't want to go off the end of our arguments later on. */ ++ for (end = options; *end; end++); ++ ++ while (options < end) { ++ tmp = options; ++ while (*tmp && *tmp != ',') ++ tmp++; ++ *tmp = '\0'; ++ if (!strncmp("base=", options, 5)) { ++ name = options + 5; ++ printk(KERN_INFO "mini_fo: using base directory: %s\n", name); ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ if (path_init(name, LOOKUP_FOLLOW, &nd)) ++ err = path_walk(name, &nd); ++#else ++ err = path_lookup(name, LOOKUP_FOLLOW, &nd); ++#endif ++ if (err) { ++ printk(KERN_CRIT "mini_fo: error accessing hidden directory '%s'\n", name); ++ hidden_root = ERR_PTR(err); ++ goto out; ++ } ++ hidden_root = nd.dentry; ++ stopd(sb)->base_dir_dentry = nd.dentry; ++ stopd(sb)->hidden_mnt = nd.mnt; ++ ++ } else if(!strncmp("sto=", options, 4)) { ++ /* parse the storage dir */ ++ name = options + 4; ++ printk(KERN_INFO "mini_fo: using storage directory: %s\n", name); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ if(path_init(name, LOOKUP_FOLLOW, &nd2)) ++ err = path_walk(name, &nd2); ++#else ++ err = path_lookup(name, LOOKUP_FOLLOW, &nd2); ++#endif ++ if(err) { ++ printk(KERN_CRIT "mini_fo: error accessing hidden storage directory '%s'\n", name); ++ ++ hidden_root2 = ERR_PTR(err); ++ goto out; ++ } ++ hidden_root2 = nd2.dentry; ++ stopd(sb)->storage_dir_dentry = nd2.dentry; ++ stopd(sb)->hidden_mnt2 = nd2.mnt; ++ stohs2(sb) = hidden_root2->d_sb; ++ ++ /* validate storage dir, this is done in ++ * mini_fo_read_super for the base directory. ++ */ ++ if (IS_ERR(hidden_root2)) { ++ printk(KERN_WARNING "mini_fo_parse_options: storage dentry lookup failed (err = %ld)\n", PTR_ERR(hidden_root2)); ++ goto out; ++ } ++ if (!hidden_root2->d_inode) { ++ printk(KERN_WARNING "mini_fo_parse_options: no storage dir to interpose on.\n"); ++ goto out; ++ } ++ stohs2(sb) = hidden_root2->d_sb; ++ } else { ++ printk(KERN_WARNING "mini_fo: unrecognized option '%s'\n", options); ++ hidden_root = ERR_PTR(-EINVAL); ++ goto out; ++ } ++ options = tmp + 1; ++ } ++ ++ out: ++ if(IS_ERR(hidden_root2)) ++ return hidden_root2; ++ return hidden_root; ++} ++ ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++static int ++#else ++super_block_t * ++#endif ++mini_fo_read_super(super_block_t *sb, void *raw_data, int silent) ++{ ++ dentry_t *hidden_root; ++ int err = 0; ++ ++ if (!raw_data) { ++ printk(KERN_WARNING "mini_fo_read_super: missing argument\n"); ++ err = -EINVAL; ++ goto out; ++ } ++ /* ++ * Allocate superblock private data ++ */ ++ __stopd(sb) = kmalloc(sizeof(struct mini_fo_sb_info), GFP_KERNEL); ++ if (!stopd(sb)) { ++ printk(KERN_WARNING "%s: out of memory\n", __FUNCTION__); ++ err = -ENOMEM; ++ goto out; ++ } ++ stohs(sb) = NULL; ++ ++ hidden_root = mini_fo_parse_options(sb, raw_data); ++ if (IS_ERR(hidden_root)) { ++ printk(KERN_WARNING "mini_fo_read_super: lookup_dentry failed (err = %ld)\n", PTR_ERR(hidden_root)); ++ err = PTR_ERR(hidden_root); ++ goto out_free; ++ } ++ if (!hidden_root->d_inode) { ++ printk(KERN_WARNING "mini_fo_read_super: no directory to interpose on\n"); ++ goto out_free; ++ } ++ stohs(sb) = hidden_root->d_sb; ++ ++ /* ++ * Linux 2.4.2-ac3 and beyond has code in ++ * mm/filemap.c:generic_file_write() that requires sb->s_maxbytes ++ * to be populated. If not set, all write()s under that sb will ++ * return 0. ++ * ++ * Linux 2.4.4+ automatically sets s_maxbytes to MAX_NON_LFS; ++ * the filesystem should override it only if it supports LFS. ++ */ ++ /* non-SCA code is good to go with LFS */ ++ sb->s_maxbytes = hidden_root->d_sb->s_maxbytes; ++ ++ sb->s_op = &mini_fo_sops; ++ /* ++ * we can't use d_alloc_root if we want to use ++ * our own interpose function unchanged, ++ * so we simply replicate *most* of the code in d_alloc_root here ++ */ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ sb->s_root = d_alloc(NULL, &(const struct qstr) { "/", 1, 0 }); ++#else ++ sb->s_root = d_alloc(NULL, &(const struct qstr){hash: 0, name: "/", len : 1}); ++#endif ++ if (IS_ERR(sb->s_root)) { ++ printk(KERN_WARNING "mini_fo_read_super: d_alloc failed\n"); ++ err = -ENOMEM; ++ goto out_dput; ++ } ++ ++ sb->s_root->d_op = &mini_fo_dops; ++ sb->s_root->d_sb = sb; ++ sb->s_root->d_parent = sb->s_root; ++ ++ /* link the upper and lower dentries */ ++ __dtopd(sb->s_root) = (struct mini_fo_dentry_info *) ++ kmalloc(sizeof(struct mini_fo_dentry_info), GFP_KERNEL); ++ if (!dtopd(sb->s_root)) { ++ err = -ENOMEM; ++ goto out_dput2; ++ } ++ dtopd(sb->s_root)->state = MODIFIED; ++ dtohd(sb->s_root) = hidden_root; ++ ++ /* fanout relevant, interpose on storage root dentry too */ ++ dtohd2(sb->s_root) = stopd(sb)->storage_dir_dentry; ++ ++ /* ...and call tri-interpose to interpose root dir inodes ++ * if (mini_fo_interpose(hidden_root, sb->s_root, sb, 0)) ++ */ ++ if(mini_fo_tri_interpose(hidden_root, dtohd2(sb->s_root), sb->s_root, sb, 0)) ++ goto out_dput2; ++ ++ /* initalize the wol list */ ++ itopd(sb->s_root->d_inode)->deleted_list_size = -1; ++ itopd(sb->s_root->d_inode)->renamed_list_size = -1; ++ meta_build_lists(sb->s_root); ++ ++ goto out; ++ ++ out_dput2: ++ dput(sb->s_root); ++ out_dput: ++ dput(hidden_root); ++ dput(dtohd2(sb->s_root)); /* release the hidden_sto_dentry too */ ++ out_free: ++ kfree(stopd(sb)); ++ __stopd(sb) = NULL; ++ out: ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ return err; ++#else ++ if (err) { ++ return ERR_PTR(err); ++ } else { ++ return sb; ++ } ++#endif ++} ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18) ++static int mini_fo_get_sb(struct file_system_type *fs_type, ++ int flags, const char *dev_name, ++ void *raw_data, struct vfsmount *mnt) ++{ ++ return get_sb_nodev(fs_type, flags, raw_data, mini_fo_read_super, mnt); ++} ++#else ++static struct super_block *mini_fo_get_sb(struct file_system_type *fs_type, ++ int flags, const char *dev_name, ++ void *raw_data) ++{ ++ return get_sb_nodev(fs_type, flags, raw_data, mini_fo_read_super); ++} ++#endif ++ ++void mini_fo_kill_block_super(struct super_block *sb) ++{ ++ generic_shutdown_super(sb); ++ /* ++ * XXX: BUG: Halcrow: Things get unstable sometime after this point: ++ * lib/rwsem-spinlock.c:127: spin_is_locked on uninitialized ++ * fs/fs-writeback.c:402: spin_lock(fs/super.c:a0381828) already ++ * locked by fs/fs-writeback.c/402 ++ * ++ * Apparently, someone's not releasing a lock on sb_lock... ++ */ ++} ++ ++static struct file_system_type mini_fo_fs_type = { ++ .owner = THIS_MODULE, ++ .name = "mini_fo", ++ .get_sb = mini_fo_get_sb, ++ .kill_sb = mini_fo_kill_block_super, ++ .fs_flags = 0, ++}; ++ ++ ++#else ++static DECLARE_FSTYPE(mini_fo_fs_type, "mini_fo", mini_fo_read_super, 0); ++#endif ++ ++static int __init init_mini_fo_fs(void) ++{ ++ printk("Registering mini_fo version $Id$\n"); ++ return register_filesystem(&mini_fo_fs_type); ++} ++static void __exit exit_mini_fo_fs(void) ++{ ++ printk("Unregistering mini_fo version $Id$\n"); ++ unregister_filesystem(&mini_fo_fs_type); ++} ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++EXPORT_NO_SYMBOLS; ++#endif ++ ++MODULE_AUTHOR("Erez Zadok <ezk@cs.sunysb.edu>"); ++MODULE_DESCRIPTION("FiST-generated mini_fo filesystem"); ++MODULE_LICENSE("GPL"); ++ ++/* MODULE_PARM(fist_debug_var, "i"); */ ++/* MODULE_PARM_DESC(fist_debug_var, "Debug level"); */ ++ ++module_init(init_mini_fo_fs) ++module_exit(exit_mini_fo_fs) +--- /dev/null ++++ b/fs/mini_fo/Makefile +@@ -0,0 +1,17 @@ ++# ++# Makefile for mini_fo 2.4 and 2.6 Linux kernels ++# ++# Copyright (C) 2004, 2005 Markus Klotzbuecher <mk@creamnet.de> ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License ++# as published by the Free Software Foundation; either version ++# 2 of the License, or (at your option) any later version. ++# ++ ++obj-$(CONFIG_MINI_FO) := mini_fo.o ++mini_fo-objs := meta.o dentry.o file.o inode.o main.o super.o state.o aux.o ++ ++# dependencies ++${mini_fo-objs}: mini_fo.h fist.h ++ +--- /dev/null ++++ b/fs/mini_fo/meta.c +@@ -0,0 +1,1000 @@ ++/* ++ * Copyright (C) 2004, 2005 Markus Klotzbuecher <mk@creamnet.de> ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ */ ++ ++#ifdef HAVE_CONFIG_H ++# include <config.h> ++#endif /* HAVE_CONFIG_H */ ++#include "fist.h" ++#include "mini_fo.h" ++ ++int meta_build_lists(dentry_t *dentry) ++{ ++ struct mini_fo_inode_info *inode_info; ++ ++ dentry_t *meta_dentry = 0; ++ file_t *meta_file = 0; ++ mm_segment_t old_fs; ++ void *buf; ++ ++ int bytes, len; ++ struct vfsmount *meta_mnt; ++ char *entry; ++ ++ inode_info = itopd(dentry->d_inode); ++ if(!(inode_info->deleted_list_size == -1 && ++ inode_info->renamed_list_size == -1)) { ++ printk(KERN_CRIT "mini_fo: meta_build_lists: \ ++ Error, list(s) not virgin.\n"); ++ return -1; ++ } ++ ++ /* init our meta lists */ ++ INIT_LIST_HEAD(&inode_info->deleted_list); ++ inode_info->deleted_list_size = 0; ++ ++ INIT_LIST_HEAD(&inode_info->renamed_list); ++ inode_info->renamed_list_size = 0; ++ ++ /* might there be a META-file? */ ++ if(dtohd2(dentry) && dtohd2(dentry)->d_inode) { ++ meta_dentry = lookup_one_len(META_FILENAME, ++ dtohd2(dentry), ++ strlen(META_FILENAME)); ++ if(!meta_dentry->d_inode) { ++ dput(meta_dentry); ++ goto out_ok; ++ } ++ /* $%& err, is this correct? */ ++ meta_mnt = stopd(dentry->d_inode->i_sb)->hidden_mnt2; ++ mntget(meta_mnt); ++ ++ ++ /* open META-file for reading */ ++ meta_file = dentry_open(meta_dentry, meta_mnt, 0x0); ++ if(!meta_file || IS_ERR(meta_file)) { ++ printk(KERN_CRIT "mini_fo: meta_build_lists: \ ++ ERROR opening META file.\n"); ++ goto out_err; ++ } ++ ++ /* check if fs supports reading */ ++ if(!meta_file->f_op->read) { ++ printk(KERN_CRIT "mini_fo: meta_build_lists: \ ++ ERROR, fs does not support reading.\n"); ++ goto out_err_close; ++ } ++ ++ /* allocate a page for transfering the data */ ++ buf = (void *) __get_free_page(GFP_KERNEL); ++ if(!buf) { ++ printk(KERN_CRIT "mini_fo: meta_build_lists: \ ++ ERROR, out of mem.\n"); ++ goto out_err_close; ++ } ++ meta_file->f_pos = 0; ++ old_fs = get_fs(); ++ set_fs(KERNEL_DS); ++ do { ++ char *c; ++ bytes = meta_file->f_op->read(meta_file, buf, PAGE_SIZE, &meta_file->f_pos); ++ if(bytes == PAGE_SIZE) { ++ /* trim a cut off filename and adjust f_pos to get it next time */ ++ for(c = (char*) buf+PAGE_SIZE; ++ *c != '\n'; ++ c--, bytes--, meta_file->f_pos--); ++ } ++ entry = (char *) buf; ++ while(entry < (char *) buf+bytes) { ++ ++ char *old_path; ++ char *dir_name; ++ int old_len, new_len; ++ ++ /* len without '\n'*/ ++ len = (int) (strchr(entry, '\n') - entry); ++ switch (*entry) { ++ case 'D': ++ /* format: "D filename" */ ++ meta_list_add_d_entry(dentry, ++ entry+2, ++ len-2); ++ break; ++ case 'R': ++ /* format: "R path/xy/dir newDir" */ ++ old_path = entry+2; ++ dir_name = strchr(old_path, ' ') + 1; ++ old_len = dir_name - old_path - 1; ++ new_len = ((int) entry) + len - ((int ) dir_name); ++ meta_list_add_r_entry(dentry, ++ old_path, ++ old_len, ++ dir_name, ++ new_len); ++ break; ++ default: ++ /* unknown entry type detected */ ++ break; ++ } ++ entry += len+1; ++ } ++ ++ } while(meta_file->f_pos < meta_dentry->d_inode->i_size); ++ ++ free_page((unsigned long) buf); ++ set_fs(old_fs); ++ fput(meta_file); ++ } ++ goto out_ok; ++ ++ out_err_close: ++ fput(meta_file); ++ out_err: ++ mntput(meta_mnt); ++ dput(meta_dentry); ++ return -1; ++ out_ok: ++ return 1; /* check this!!! inode_info->wol_size; */ ++} ++ ++/* cleanups up all lists and free's the mem by dentry */ ++int meta_put_lists(dentry_t *dentry) ++{ ++ if(!dentry || !dentry->d_inode) { ++ printk("mini_fo: meta_put_lists: invalid dentry passed.\n"); ++ return -1; ++ } ++ return __meta_put_lists(dentry->d_inode); ++} ++ ++/* cleanups up all lists and free's the mem by inode */ ++int __meta_put_lists(inode_t *inode) ++{ ++ int err = 0; ++ if(!inode || !itopd(inode)) { ++ printk("mini_fo: __meta_put_lists: invalid inode passed.\n"); ++ return -1; ++ } ++ err = __meta_put_d_list(inode); ++ err |= __meta_put_r_list(inode); ++ return err; ++} ++ ++int meta_sync_lists(dentry_t *dentry) ++{ ++ int err = 0; ++ if(!dentry || !dentry->d_inode) { ++ printk("mini_fo: meta_sync_lists: \ ++ invalid dentry passed.\n"); ++ return -1; ++ } ++ err = meta_sync_d_list(dentry, 0); ++ err |= meta_sync_r_list(dentry, 1); ++ return err; ++} ++ ++ ++/* remove all D entries from the renamed list and free the mem */ ++int __meta_put_d_list(inode_t *inode) ++{ ++ struct list_head *tmp; ++ struct deleted_entry *del_entry; ++ struct mini_fo_inode_info *inode_info; ++ ++ if(!inode || !itopd(inode)) { ++ printk(KERN_CRIT "mini_fo: __meta_put_d_list: \ ++ invalid inode passed.\n"); ++ return -1; ++ } ++ inode_info = itopd(inode); ++ ++ /* nuke the DELETED-list */ ++ if(inode_info->deleted_list_size <= 0) ++ return 0; ++ ++ while(!list_empty(&inode_info->deleted_list)) { ++ tmp = inode_info->deleted_list.next; ++ list_del(tmp); ++ del_entry = list_entry(tmp, struct deleted_entry, list); ++ kfree(del_entry->name); ++ kfree(del_entry); ++ } ++ inode_info->deleted_list_size = 0; ++ ++ return 0; ++} ++ ++/* remove all R entries from the renamed list and free the mem */ ++int __meta_put_r_list(inode_t *inode) ++{ ++ struct list_head *tmp; ++ struct renamed_entry *ren_entry; ++ struct mini_fo_inode_info *inode_info; ++ ++ if(!inode || !itopd(inode)) { ++ printk(KERN_CRIT "mini_fo: meta_put_r_list: invalid inode.\n"); ++ return -1; ++ } ++ inode_info = itopd(inode); ++ ++ /* nuke the RENAMED-list */ ++ if(inode_info->renamed_list_size <= 0) ++ return 0; ++ ++ while(!list_empty(&inode_info->renamed_list)) { ++ tmp = inode_info->renamed_list.next; ++ list_del(tmp); ++ ren_entry = list_entry(tmp, struct renamed_entry, list); ++ kfree(ren_entry->new_name); ++ kfree(ren_entry->old_name); ++ kfree(ren_entry); ++ } ++ inode_info->renamed_list_size = 0; ++ ++ return 0; ++} ++ ++int meta_add_d_entry(dentry_t *dentry, const char *name, int len) ++{ ++ int err = 0; ++ err = meta_list_add_d_entry(dentry, name, len); ++ err |= meta_write_d_entry(dentry,name,len); ++ return err; ++} ++ ++/* add a D entry to the deleted list */ ++int meta_list_add_d_entry(dentry_t *dentry, const char *name, int len) ++{ ++ struct deleted_entry *del_entry; ++ struct mini_fo_inode_info *inode_info; ++ ++ if(!dentry || !dentry->d_inode) { ++ printk(KERN_CRIT "mini_fo: meta_list_add_d_entry: \ ++ invalid dentry passed.\n"); ++ return -1; ++ } ++ inode_info = itopd(dentry->d_inode); ++ ++ if(inode_info->deleted_list_size < 0) ++ return -1; ++ ++ del_entry = (struct deleted_entry *) ++ kmalloc(sizeof(struct deleted_entry), GFP_KERNEL); ++ del_entry->name = (char*) kmalloc(len, GFP_KERNEL); ++ if(!del_entry || !del_entry->name) { ++ printk(KERN_CRIT "mini_fo: meta_list_add_d_entry: \ ++ out of mem.\n"); ++ kfree(del_entry->name); ++ kfree(del_entry); ++ return -ENOMEM; ++ } ++ ++ strncpy(del_entry->name, name, len); ++ del_entry->len = len; ++ ++ list_add(&del_entry->list, &inode_info->deleted_list); ++ inode_info->deleted_list_size++; ++ return 0; ++} ++ ++int meta_add_r_entry(dentry_t *dentry, ++ const char *old_name, int old_len, ++ const char *new_name, int new_len) ++{ ++ int err = 0; ++ err = meta_list_add_r_entry(dentry, ++ old_name, old_len, ++ new_name, new_len); ++ err |= meta_write_r_entry(dentry, ++ old_name, old_len, ++ new_name, new_len); ++ return err; ++} ++ ++/* add a R entry to the renamed list */ ++int meta_list_add_r_entry(dentry_t *dentry, ++ const char *old_name, int old_len, ++ const char *new_name, int new_len) ++{ ++ struct renamed_entry *ren_entry; ++ struct mini_fo_inode_info *inode_info; ++ ++ if(!dentry || !dentry->d_inode) { ++ printk(KERN_CRIT "mini_fo: meta_list_add_r_entry: \ ++ invalid dentry passed.\n"); ++ return -1; ++ } ++ inode_info = itopd(dentry->d_inode); ++ ++ if(inode_info->renamed_list_size < 0) ++ return -1; ++ ++ ren_entry = (struct renamed_entry *) ++ kmalloc(sizeof(struct renamed_entry), GFP_KERNEL); ++ ren_entry->old_name = (char*) kmalloc(old_len, GFP_KERNEL); ++ ren_entry->new_name = (char*) kmalloc(new_len, GFP_KERNEL); ++ ++ if(!ren_entry || !ren_entry->old_name || !ren_entry->new_name) { ++ printk(KERN_CRIT "mini_fo: meta_list_add_r_entry: \ ++ out of mem.\n"); ++ kfree(ren_entry->new_name); ++ kfree(ren_entry->old_name); ++ kfree(ren_entry); ++ return -ENOMEM; ++ } ++ ++ strncpy(ren_entry->old_name, old_name, old_len); ++ ren_entry->old_len = old_len; ++ strncpy(ren_entry->new_name, new_name, new_len); ++ ren_entry->new_len = new_len; ++ ++ list_add(&ren_entry->list, &inode_info->renamed_list); ++ inode_info->renamed_list_size++; ++ return 0; ++} ++ ++ ++int meta_remove_r_entry(dentry_t *dentry, const char *name, int len) ++{ ++ int err = 0; ++ if(!dentry || !dentry->d_inode) { ++ printk(KERN_CRIT ++ "mini_fo: meta_remove_r_entry: \ ++ invalid dentry passed.\n"); ++ return -1; ++ } ++ ++ err = meta_list_remove_r_entry(dentry, name, len); ++ err |= meta_sync_lists(dentry); ++ return err; ++} ++ ++int meta_list_remove_r_entry(dentry_t *dentry, const char *name, int len) ++{ ++ if(!dentry || !dentry->d_inode) { ++ printk(KERN_CRIT ++ "mini_fo: meta_list_remove_r_entry: \ ++ invalid dentry passed.\n"); ++ return -1; ++ } ++ return __meta_list_remove_r_entry(dentry->d_inode, name, len); ++} ++ ++int __meta_list_remove_r_entry(inode_t *inode, const char *name, int len) ++{ ++ struct list_head *tmp; ++ struct renamed_entry *ren_entry; ++ struct mini_fo_inode_info *inode_info; ++ ++ if(!inode || !itopd(inode)) ++ printk(KERN_CRIT ++ "mini_fo: __meta_list_remove_r_entry: \ ++ invalid inode passed.\n"); ++ inode_info = itopd(inode); ++ ++ if(inode_info->renamed_list_size < 0) ++ return -1; ++ if(inode_info->renamed_list_size == 0) ++ return 1; ++ ++ list_for_each(tmp, &inode_info->renamed_list) { ++ ren_entry = list_entry(tmp, struct renamed_entry, list); ++ if(ren_entry->new_len != len) ++ continue; ++ ++ if(!strncmp(ren_entry->new_name, name, len)) { ++ list_del(tmp); ++ kfree(ren_entry->new_name); ++ kfree(ren_entry->old_name); ++ kfree(ren_entry); ++ inode_info->renamed_list_size--; ++ return 0; ++ } ++ } ++ return 1; ++} ++ ++ ++/* append a single D entry to the meta file */ ++int meta_write_d_entry(dentry_t *dentry, const char *name, int len) ++{ ++ dentry_t *meta_dentry = 0; ++ file_t *meta_file = 0; ++ mm_segment_t old_fs; ++ ++ int bytes, err; ++ struct vfsmount *meta_mnt = 0; ++ char *buf; ++ ++ err = 0; ++ ++ if(itopd(dentry->d_inode)->deleted_list_size < 0) { ++ err = -1; ++ goto out; ++ } ++ ++ if(dtopd(dentry)->state == UNMODIFIED) { ++ err = build_sto_structure(dentry->d_parent, dentry); ++ if(err) { ++ printk(KERN_CRIT "mini_fo: meta_write_d_entry: \ ++ build_sto_structure failed.\n"); ++ goto out; ++ } ++ } ++ meta_dentry = lookup_one_len(META_FILENAME, ++ dtohd2(dentry), strlen (META_FILENAME)); ++ ++ /* We need to create a META-file */ ++ if(!meta_dentry->d_inode) { ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ vfs_create(dtohd2(dentry)->d_inode, ++ meta_dentry, ++ S_IRUSR | S_IWUSR, ++ NULL); ++#else ++ vfs_create(dtohd2(dentry)->d_inode, ++ meta_dentry, ++ S_IRUSR | S_IWUSR); ++#endif ++ } ++ /* open META-file for writing */ ++ meta_file = dentry_open(meta_dentry, meta_mnt, 0x1); ++ if(!meta_file || IS_ERR(meta_file)) { ++ printk(KERN_CRIT "mini_fo: meta_write_d_entry: \ ++ ERROR opening meta file.\n"); ++ mntput(meta_mnt); /* $%& is this necessary? */ ++ dput(meta_dentry); ++ err = -1; ++ goto out; ++ } ++ ++ /* check if fs supports writing */ ++ if(!meta_file->f_op->write) { ++ printk(KERN_CRIT "mini_fo: meta_write_d_entry: \ ++ ERROR, fs does not support writing.\n"); ++ goto out_err_close; ++ } ++ ++ meta_file->f_pos = meta_dentry->d_inode->i_size; /* append */ ++ old_fs = get_fs(); ++ set_fs(KERNEL_DS); ++ ++ /* size: len for name, 1 for \n and 2 for "D " */ ++ buf = (char *) kmalloc(len+3, GFP_KERNEL); ++ if (!buf) { ++ printk(KERN_CRIT "mini_fo: meta_write_d_entry: \ ++ out of mem.\n"); ++ return -ENOMEM; ++ } ++ ++ buf[0] = 'D'; ++ buf[1] = ' '; ++ strncpy(buf+2, name, len); ++ buf[len+2] = '\n'; ++ bytes = meta_file->f_op->write(meta_file, buf, len+3, ++ &meta_file->f_pos); ++ if(bytes != len+3) { ++ printk(KERN_CRIT "mini_fo: meta_write_d_entry: \ ++ ERROR writing.\n"); ++ err = -1; ++ } ++ kfree(buf); ++ set_fs(old_fs); ++ ++ out_err_close: ++ fput(meta_file); ++ out: ++ return err; ++} ++ ++/* append a single R entry to the meta file */ ++int meta_write_r_entry(dentry_t *dentry, ++ const char *old_name, int old_len, ++ const char *new_name, int new_len) ++{ ++ dentry_t *meta_dentry = 0; ++ file_t *meta_file = 0; ++ mm_segment_t old_fs; ++ ++ int bytes, err, buf_len; ++ struct vfsmount *meta_mnt = 0; ++ char *buf; ++ ++ ++ err = 0; ++ ++ if(itopd(dentry->d_inode)->renamed_list_size < 0) { ++ err = -1; ++ goto out; ++ } ++ ++ /* build the storage structure? */ ++ if(dtopd(dentry)->state == UNMODIFIED) { ++ err = build_sto_structure(dentry->d_parent, dentry); ++ if(err) { ++ printk(KERN_CRIT "mini_fo: meta_write_r_entry: \ ++ build_sto_structure failed.\n"); ++ goto out; ++ } ++ } ++ meta_dentry = lookup_one_len(META_FILENAME, ++ dtohd2(dentry), ++ strlen (META_FILENAME)); ++ if(!meta_dentry->d_inode) { ++ /* We need to create a META-file */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ vfs_create(dtohd2(dentry)->d_inode, ++ meta_dentry, S_IRUSR | S_IWUSR, NULL); ++#else ++ vfs_create(dtohd2(dentry)->d_inode, ++ meta_dentry, S_IRUSR | S_IWUSR); ++#endif ++ } ++ /* open META-file for writing */ ++ meta_file = dentry_open(meta_dentry, meta_mnt, 0x1); ++ if(!meta_file || IS_ERR(meta_file)) { ++ printk(KERN_CRIT "mini_fo: meta_write_r_entry: \ ++ ERROR opening meta file.\n"); ++ mntput(meta_mnt); ++ dput(meta_dentry); ++ err = -1; ++ goto out; ++ } ++ ++ /* check if fs supports writing */ ++ if(!meta_file->f_op->write) { ++ printk(KERN_CRIT "mini_fo: meta_write_r_entry: \ ++ ERROR, fs does not support writing.\n"); ++ goto out_err_close; ++ } ++ ++ meta_file->f_pos = meta_dentry->d_inode->i_size; /* append */ ++ old_fs = get_fs(); ++ set_fs(KERNEL_DS); ++ ++ /* size: 2 for "R ", old_len+new_len for names, 1 blank+1 \n */ ++ buf_len = old_len + new_len + 4; ++ buf = (char *) kmalloc(buf_len, GFP_KERNEL); ++ if (!buf) { ++ printk(KERN_CRIT "mini_fo: meta_write_r_entry: out of mem.\n"); ++ return -ENOMEM; ++ } ++ ++ buf[0] = 'R'; ++ buf[1] = ' '; ++ strncpy(buf + 2, old_name, old_len); ++ buf[old_len + 2] = ' '; ++ strncpy(buf + old_len + 3, new_name, new_len); ++ buf[buf_len -1] = '\n'; ++ bytes = meta_file->f_op->write(meta_file, buf, buf_len, &meta_file->f_pos); ++ if(bytes != buf_len) { ++ printk(KERN_CRIT "mini_fo: meta_write_r_entry: ERROR writing.\n"); ++ err = -1; ++ } ++ ++ kfree(buf); ++ set_fs(old_fs); ++ ++ out_err_close: ++ fput(meta_file); ++ out: ++ return err; ++} ++ ++/* sync D list to disk, append data if app_flag is 1 */ ++/* check the meta_mnt, which seems not to be used (properly) */ ++ ++int meta_sync_d_list(dentry_t *dentry, int app_flag) ++{ ++ dentry_t *meta_dentry; ++ file_t *meta_file; ++ mm_segment_t old_fs; ++ ++ int bytes, err; ++ struct vfsmount *meta_mnt; ++ char *buf; ++ ++ struct list_head *tmp; ++ struct deleted_entry *del_entry; ++ struct mini_fo_inode_info *inode_info; ++ ++ err = 0; ++ meta_file=0; ++ meta_mnt=0; ++ ++ if(!dentry || !dentry->d_inode) { ++ printk(KERN_CRIT "mini_fo: meta_sync_d_list: \ ++ invalid inode passed.\n"); ++ err = -1; ++ goto out; ++ } ++ inode_info = itopd(dentry->d_inode); ++ ++ if(inode_info->deleted_list_size < 0) { ++ err = -1; ++ goto out; ++ } ++ ++ /* ok, there is something to sync */ ++ ++ /* build the storage structure? */ ++ if(!dtohd2(dentry) && !itohi2(dentry->d_inode)) { ++ err = build_sto_structure(dentry->d_parent, dentry); ++ if(err) { ++ printk(KERN_CRIT "mini_fo: meta_sync_d_list: \ ++ build_sto_structure failed.\n"); ++ goto out; ++ } ++ } ++ meta_dentry = lookup_one_len(META_FILENAME, ++ dtohd2(dentry), ++ strlen(META_FILENAME)); ++ if(!meta_dentry->d_inode) { ++ /* We need to create a META-file */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ vfs_create(dtohd2(dentry)->d_inode, ++ meta_dentry, S_IRUSR | S_IWUSR, NULL); ++#else ++ vfs_create(dtohd2(dentry)->d_inode, ++ meta_dentry, S_IRUSR | S_IWUSR); ++#endif ++ app_flag = 0; ++ } ++ /* need we truncate the meta file? */ ++ if(!app_flag) { ++ struct iattr newattrs; ++ newattrs.ia_size = 0; ++ newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME; ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&meta_dentry->d_inode->i_mutex); ++#else ++ down(&meta_dentry->d_inode->i_sem); ++#endif ++ err = notify_change(meta_dentry, &newattrs); ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&meta_dentry->d_inode->i_mutex); ++#else ++ up(&meta_dentry->d_inode->i_sem); ++#endif ++ ++ if(err || meta_dentry->d_inode->i_size != 0) { ++ printk(KERN_CRIT "mini_fo: meta_sync_d_list: \ ++ ERROR truncating meta file.\n"); ++ goto out_err_close; ++ } ++ } ++ ++ /* open META-file for writing */ ++ meta_file = dentry_open(meta_dentry, meta_mnt, 0x1); ++ if(!meta_file || IS_ERR(meta_file)) { ++ printk(KERN_CRIT "mini_fo: meta_sync_d_list: \ ++ ERROR opening meta file.\n"); ++ /* we don't mntget so we dont't mntput (for now) ++ * mntput(meta_mnt); ++ */ ++ dput(meta_dentry); ++ err = -1; ++ goto out; ++ } ++ ++ /* check if fs supports writing */ ++ if(!meta_file->f_op->write) { ++ printk(KERN_CRIT "mini_fo: meta_sync_d_list: \ ++ ERROR, fs does not support writing.\n"); ++ goto out_err_close; ++ } ++ ++ meta_file->f_pos = meta_dentry->d_inode->i_size; /* append */ ++ old_fs = get_fs(); ++ set_fs(KERNEL_DS); ++ ++ /* here we go... */ ++ list_for_each(tmp, &inode_info->deleted_list) { ++ del_entry = list_entry(tmp, struct deleted_entry, list); ++ ++ /* size: len for name, 1 for \n and 2 for "D " */ ++ buf = (char *) kmalloc(del_entry->len+3, GFP_KERNEL); ++ if (!buf) { ++ printk(KERN_CRIT "mini_fo: meta_sync_d_list: \ ++ out of mem.\n"); ++ return -ENOMEM; ++ } ++ ++ buf[0] = 'D'; ++ buf[1] = ' '; ++ strncpy(buf+2, del_entry->name, del_entry->len); ++ buf[del_entry->len+2] = '\n'; ++ bytes = meta_file->f_op->write(meta_file, buf, ++ del_entry->len+3, ++ &meta_file->f_pos); ++ if(bytes != del_entry->len+3) { ++ printk(KERN_CRIT "mini_fo: meta_sync_d_list: \ ++ ERROR writing.\n"); ++ err |= -1; ++ } ++ kfree(buf); ++ } ++ set_fs(old_fs); ++ ++ out_err_close: ++ fput(meta_file); ++ out: ++ return err; ++ ++} ++ ++int meta_sync_r_list(dentry_t *dentry, int app_flag) ++{ ++ dentry_t *meta_dentry; ++ file_t *meta_file; ++ mm_segment_t old_fs; ++ ++ int bytes, err, buf_len; ++ struct vfsmount *meta_mnt; ++ char *buf; ++ ++ struct list_head *tmp; ++ struct renamed_entry *ren_entry; ++ struct mini_fo_inode_info *inode_info; ++ ++ err = 0; ++ meta_file=0; ++ meta_mnt=0; ++ ++ if(!dentry || !dentry->d_inode) { ++ printk(KERN_CRIT "mini_fo: meta_sync_r_list: \ ++ invalid dentry passed.\n"); ++ err = -1; ++ goto out; ++ } ++ inode_info = itopd(dentry->d_inode); ++ ++ if(inode_info->deleted_list_size < 0) { ++ err = -1; ++ goto out; ++ } ++ ++ /* ok, there is something to sync */ ++ ++ /* build the storage structure? */ ++ if(!dtohd2(dentry) && !itohi2(dentry->d_inode)) { ++ err = build_sto_structure(dentry->d_parent, dentry); ++ if(err) { ++ printk(KERN_CRIT "mini_fo: meta_sync_r_list: \ ++ build_sto_structure failed.\n"); ++ goto out; ++ } ++ } ++ meta_dentry = lookup_one_len(META_FILENAME, ++ dtohd2(dentry), ++ strlen(META_FILENAME)); ++ if(!meta_dentry->d_inode) { ++ /* We need to create a META-file */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ vfs_create(dtohd2(dentry)->d_inode, ++ meta_dentry, S_IRUSR | S_IWUSR, NULL); ++#else ++ vfs_create(dtohd2(dentry)->d_inode, ++ meta_dentry, S_IRUSR | S_IWUSR); ++#endif ++ app_flag = 0; ++ } ++ /* need we truncate the meta file? */ ++ if(!app_flag) { ++ struct iattr newattrs; ++ newattrs.ia_size = 0; ++ newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME; ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&meta_dentry->d_inode->i_mutex); ++#else ++ down(&meta_dentry->d_inode->i_sem); ++#endif ++ err = notify_change(meta_dentry, &newattrs); ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&meta_dentry->d_inode->i_mutex); ++#else ++ up(&meta_dentry->d_inode->i_sem); ++#endif ++ if(err || meta_dentry->d_inode->i_size != 0) { ++ printk(KERN_CRIT "mini_fo: meta_sync_r_list: \ ++ ERROR truncating meta file.\n"); ++ goto out_err_close; ++ } ++ } ++ ++ /* open META-file for writing */ ++ meta_file = dentry_open(meta_dentry, meta_mnt, 0x1); ++ if(!meta_file || IS_ERR(meta_file)) { ++ printk(KERN_CRIT "mini_fo: meta_sync_r_list: \ ++ ERROR opening meta file.\n"); ++ /* we don't mntget so we dont't mntput (for now) ++ * mntput(meta_mnt); ++ */ ++ dput(meta_dentry); ++ err = -1; ++ goto out; ++ } ++ ++ /* check if fs supports writing */ ++ if(!meta_file->f_op->write) { ++ printk(KERN_CRIT "mini_fo: meta_sync_r_list: \ ++ ERROR, fs does not support writing.\n"); ++ goto out_err_close; ++ } ++ ++ meta_file->f_pos = meta_dentry->d_inode->i_size; /* append */ ++ old_fs = get_fs(); ++ set_fs(KERNEL_DS); ++ ++ /* here we go... */ ++ list_for_each(tmp, &inode_info->renamed_list) { ++ ren_entry = list_entry(tmp, struct renamed_entry, list); ++ /* size: ++ * 2 for "R ", old_len+new_len for names, 1 blank+1 \n */ ++ buf_len = ren_entry->old_len + ren_entry->new_len + 4; ++ buf = (char *) kmalloc(buf_len, GFP_KERNEL); ++ if (!buf) { ++ printk(KERN_CRIT "mini_fo: meta_sync_r_list: \ ++ out of mem.\n"); ++ return -ENOMEM; ++ } ++ buf[0] = 'R'; ++ buf[1] = ' '; ++ strncpy(buf + 2, ren_entry->old_name, ren_entry->old_len); ++ buf[ren_entry->old_len + 2] = ' '; ++ strncpy(buf + ren_entry->old_len + 3, ++ ren_entry->new_name, ren_entry->new_len); ++ buf[buf_len - 1] = '\n'; ++ bytes = meta_file->f_op->write(meta_file, buf, ++ buf_len, &meta_file->f_pos); ++ if(bytes != buf_len) { ++ printk(KERN_CRIT "mini_fo: meta_sync_r_list: \ ++ ERROR writing.\n"); ++ err |= -1; ++ } ++ kfree(buf); ++ } ++ set_fs(old_fs); ++ ++ out_err_close: ++ fput(meta_file); ++ out: ++ return err; ++} ++ ++int meta_check_d_entry(dentry_t *dentry, const char *name, int len) ++{ ++ if(!dentry || !dentry->d_inode) ++ printk(KERN_CRIT "mini_fo: meta_check_d_dentry: \ ++ invalid dentry passed.\n"); ++ return __meta_check_d_entry(dentry->d_inode, name, len); ++} ++ ++int __meta_check_d_entry(inode_t *inode, const char *name, int len) ++{ ++ struct list_head *tmp; ++ struct deleted_entry *del_entry; ++ struct mini_fo_inode_info *inode_info; ++ ++ if(!inode || !itopd(inode)) ++ printk(KERN_CRIT "mini_fo: __meta_check_d_dentry: \ ++ invalid inode passed.\n"); ++ ++ inode_info = itopd(inode); ++ ++ if(inode_info->deleted_list_size <= 0) ++ return 0; ++ ++ list_for_each(tmp, &inode_info->deleted_list) { ++ del_entry = list_entry(tmp, struct deleted_entry, list); ++ if(del_entry->len != len) ++ continue; ++ ++ if(!strncmp(del_entry->name, name, len)) ++ return 1; ++ } ++ return 0; ++} ++ ++/* ++ * check if file has been renamed and return path to orig. base dir. ++ * Implements no error return values so far, what of course sucks. ++ * String is null terminated.' ++ */ ++char* meta_check_r_entry(dentry_t *dentry, const char *name, int len) ++{ ++ if(!dentry || !dentry->d_inode) { ++ printk(KERN_CRIT "mini_fo: meta_check_r_dentry: \ ++ invalid dentry passed.\n"); ++ return NULL; ++ } ++ return __meta_check_r_entry(dentry->d_inode, name, len); ++} ++ ++char* __meta_check_r_entry(inode_t *inode, const char *name, int len) ++{ ++ struct list_head *tmp; ++ struct renamed_entry *ren_entry; ++ struct mini_fo_inode_info *inode_info; ++ char *old_path; ++ ++ if(!inode || !itopd(inode)) { ++ printk(KERN_CRIT "mini_fo: meta_check_r_dentry: \ ++ invalid inode passed.\n"); ++ return NULL; ++ } ++ inode_info = itopd(inode); ++ ++ if(inode_info->renamed_list_size <= 0) ++ return NULL; ++ ++ list_for_each(tmp, &inode_info->renamed_list) { ++ ren_entry = list_entry(tmp, struct renamed_entry, list); ++ if(ren_entry->new_len != len) ++ continue; ++ ++ if(!strncmp(ren_entry->new_name, name, len)) { ++ old_path = (char *) ++ kmalloc(ren_entry->old_len+1, GFP_KERNEL); ++ strncpy(old_path, ++ ren_entry->old_name, ++ ren_entry->old_len); ++ old_path[ren_entry->old_len]='\0'; ++ return old_path; ++ } ++ } ++ return NULL; ++} ++ ++/* ++ * This version only checks if entry exists and return: ++ * 1 if exists, ++ * 0 if not, ++ * -1 if error. ++ */ ++int meta_is_r_entry(dentry_t *dentry, const char *name, int len) ++{ ++ if(!dentry || !dentry->d_inode) { ++ printk(KERN_CRIT "mini_fo: meta_check_r_dentry [2]: \ ++ invalid dentry passed.\n"); ++ return -1; ++ } ++ return __meta_is_r_entry(dentry->d_inode, name, len); ++} ++ ++int __meta_is_r_entry(inode_t *inode, const char *name, int len) ++{ ++ struct list_head *tmp; ++ struct renamed_entry *ren_entry; ++ struct mini_fo_inode_info *inode_info; ++ ++ if(!inode || !itopd(inode)) { ++ printk(KERN_CRIT "mini_fo: meta_check_r_dentry [2]: \ ++ invalid inode passed.\n"); ++ return -1; ++ } ++ inode_info = itopd(inode); ++ ++ if(inode_info->renamed_list_size <= 0) ++ return -1; ++ ++ list_for_each(tmp, &inode_info->renamed_list) { ++ ren_entry = list_entry(tmp, struct renamed_entry, list); ++ if(ren_entry->new_len != len) ++ continue; ++ ++ if(!strncmp(ren_entry->new_name, name, len)) ++ return 1; ++ } ++ return 0; ++} ++ +--- /dev/null ++++ b/fs/mini_fo/mini_fo.h +@@ -0,0 +1,510 @@ ++/* ++ * Copyright (c) 1997-2003 Erez Zadok ++ * Copyright (c) 2001-2003 Stony Brook University ++ * ++ * For specific licensing information, see the COPYING file distributed with ++ * this package, or get one from ftp://ftp.filesystems.org/pub/fist/COPYING. ++ * ++ * This Copyright notice must be kept intact and distributed with all ++ * fistgen sources INCLUDING sources generated by fistgen. ++ */ ++/* ++ * Copyright (C) 2004, 2005 Markus Klotzbuecher <mk@creamnet.de> ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ */ ++ ++/* ++ * $Id$ ++ */ ++ ++#ifndef __MINI_FO_H_ ++#define __MINI_FO_H_ ++ ++#ifdef __KERNEL__ ++ ++/* META stuff */ ++#define META_FILENAME "META_dAfFgHE39ktF3HD2sr" ++ ++/* use xattrs? */ ++#define XATTR ++ ++/* File attributes that when changed, result in a file beeing copied to storage */ ++#define COPY_FLAGS ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_SIZE ++ ++/* ++ * mini_fo filestates ++ */ ++#define MODIFIED 1 ++#define UNMODIFIED 2 ++#define CREATED 3 ++#define DEL_REWRITTEN 4 ++#define DELETED 5 ++#define NON_EXISTANT 6 ++ ++/* fist file systems superblock magic */ ++# define MINI_FO_SUPER_MAGIC 0xf15f ++ ++/* ++ * STRUCTURES: ++ */ ++ ++/* mini_fo inode data in memory */ ++struct mini_fo_inode_info { ++ inode_t *wii_inode; ++ inode_t *wii_inode2; /* pointer to storage inode */ ++ ++ /* META-data lists */ ++ /* deleted list, ex wol */ ++ struct list_head deleted_list; ++ int deleted_list_size; ++ ++ /* renamed list */ ++ struct list_head renamed_list; ++ int renamed_list_size; ++ ++ /* add other lists here ... */ ++}; ++ ++/* mini_fo dentry data in memory */ ++struct mini_fo_dentry_info { ++ dentry_t *wdi_dentry; ++ dentry_t *wdi_dentry2; /* pointer to storage dentry */ ++ unsigned int state; /* state of the mini_fo dentry */ ++}; ++ ++ ++/* mini_fo super-block data in memory */ ++struct mini_fo_sb_info { ++ super_block_t *wsi_sb, *wsi_sb2; /* mk: might point to the same sb */ ++ struct vfsmount *hidden_mnt, *hidden_mnt2; ++ dentry_t *base_dir_dentry; ++ dentry_t *storage_dir_dentry; ++ ; ++}; ++ ++/* readdir_data, readdir helper struct */ ++struct readdir_data { ++ struct list_head ndl_list; /* linked list head ptr */ ++ int ndl_size; /* list size */ ++ int sto_done; /* flag to show that the storage dir entries have ++ * all been read an now follow base entries */ ++}; ++ ++/* file private data. */ ++struct mini_fo_file_info { ++ struct file *wfi_file; ++ struct file *wfi_file2; /* pointer to storage file */ ++ struct readdir_data rd; ++}; ++ ++/* struct ndl_entry */ ++struct ndl_entry { ++ struct list_head list; ++ char *name; ++ int len; ++}; ++ ++/******************************** ++ * META-data structures ++ ********************************/ ++ ++/* deleted entry */ ++struct deleted_entry { ++ struct list_head list; ++ char *name; ++ int len; ++}; ++ ++/* renamed entry */ ++struct renamed_entry { ++ struct list_head list; ++ char *old_name; /* old directory with full path */ ++ int old_len; /* length of above string */ ++ char *new_name; /* new directory name */ ++ int new_len; /* length of above string */ ++}; ++ ++/* attr_change entry */ ++struct attr_change_entry { ++ struct list_head list; ++ char *name; ++ int len; ++}; ++ ++/* link entry */ ++struct link_entry { ++ struct list_head list; ++ int links_moved; ++ int inum_base; ++ int inum_sto; ++ char *weird_name; ++ int weird_name_len; ++}; ++ ++ ++/* Some other stuff required for mini_fo_filldir64, copied from ++ * fs/readdir.c ++ */ ++ ++#define ROUND_UP64(x) (((x)+sizeof(u64)-1) & ~(sizeof(u64)-1)) ++#define NAME_OFFSET(de) ((int) ((de)->d_name - (char *) (de))) ++ ++ ++struct linux_dirent64 { ++ u64 d_ino; ++ s64 d_off; ++ unsigned short d_reclen; ++ unsigned char d_type; ++ char d_name[0]; ++}; ++ ++ ++struct getdents_callback64 { ++ struct linux_dirent64 * current_dir; ++ struct linux_dirent64 * previous; ++ int count; ++ int error; ++}; ++ ++struct linux_dirent { ++ unsigned long d_ino; ++ unsigned long d_off; ++ unsigned short d_reclen; ++ char d_name[1]; ++}; ++ ++struct getdents_callback { ++ struct linux_dirent * current_dir; ++ struct linux_dirent * previous; ++ int count; ++ int error; ++}; ++ ++ ++/* ++ * MACROS: ++ */ ++ ++/* file TO private_data */ ++# define ftopd(file) ((struct mini_fo_file_info *)((file)->private_data)) ++# define __ftopd(file) ((file)->private_data) ++/* file TO hidden_file */ ++# define ftohf(file) ((ftopd(file))->wfi_file) ++# define ftohf2(file) ((ftopd(file))->wfi_file2) ++ ++/* inode TO private_data */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18) ++# define itopd(ino) ((struct mini_fo_inode_info *)(ino)->i_private) ++# define __itopd(ino) ((ino)->i_private) ++#else ++# define itopd(ino) ((struct mini_fo_inode_info *)(ino)->u.generic_ip) ++# define __itopd(ino) ((ino)->u.generic_ip) ++#endif ++/* inode TO hidden_inode */ ++# define itohi(ino) (itopd(ino)->wii_inode) ++# define itohi2(ino) (itopd(ino)->wii_inode2) ++ ++/* superblock TO private_data */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++# define stopd(super) ((struct mini_fo_sb_info *)(super)->s_fs_info) ++# define __stopd(super) ((super)->s_fs_info) ++#else ++# define stopd(super) ((struct mini_fo_sb_info *)(super)->u.generic_sbp) ++# define __stopd(super) ((super)->u.generic_sbp) ++#endif ++ ++/* unused? # define vfs2priv stopd */ ++/* superblock TO hidden_superblock */ ++ ++# define stohs(super) (stopd(super)->wsi_sb) ++# define stohs2(super) (stopd(super)->wsi_sb2) ++ ++/* dentry TO private_data */ ++# define dtopd(dentry) ((struct mini_fo_dentry_info *)(dentry)->d_fsdata) ++# define __dtopd(dentry) ((dentry)->d_fsdata) ++/* dentry TO hidden_dentry */ ++# define dtohd(dent) (dtopd(dent)->wdi_dentry) ++# define dtohd2(dent) (dtopd(dent)->wdi_dentry2) ++ ++/* dentry to state */ ++# define dtost(dent) (dtopd(dent)->state) ++# define sbt(sb) ((sb)->s_type->name) ++ ++#define IS_WRITE_FLAG(flag) (flag & (O_RDWR | O_WRONLY | O_APPEND)) ++#define IS_COPY_FLAG(flag) (flag & (COPY_FLAGS)) ++ ++/* macros to simplify non-SCA code */ ++# define MALLOC_PAGE_POINTERS(hidden_pages, num_hidden_pages) ++# define MALLOC_PAGEDATA_POINTERS(hidden_pages_data, num_hidden_pages) ++# define FREE_PAGE_POINTERS(hidden_pages, num) ++# define FREE_PAGEDATA_POINTERS(hidden_pages_data, num) ++# define FOR_EACH_PAGE ++# define CURRENT_HIDDEN_PAGE hidden_page ++# define CURRENT_HIDDEN_PAGEDATA hidden_page_data ++# define CURRENT_HIDDEN_PAGEINDEX page->index ++ ++/* ++ * EXTERNALS: ++ */ ++extern struct file_operations mini_fo_main_fops; ++extern struct file_operations mini_fo_dir_fops; ++extern struct inode_operations mini_fo_main_iops; ++extern struct inode_operations mini_fo_dir_iops; ++extern struct inode_operations mini_fo_symlink_iops; ++extern struct super_operations mini_fo_sops; ++extern struct dentry_operations mini_fo_dops; ++extern struct vm_operations_struct mini_fo_shared_vmops; ++extern struct vm_operations_struct mini_fo_private_vmops; ++extern struct address_space_operations mini_fo_aops; ++ ++#if 0 /* unused by mini_fo */ ++extern int mini_fo_interpose(dentry_t *hidden_dentry, dentry_t *this_dentry, super_block_t *sb, int flag); ++#if defined(FIST_FILTER_DATA) || defined(FIST_FILTER_SCA) ++extern page_t *mini_fo_get1page(file_t *file, int index); ++extern int mini_fo_fill_zeros(file_t *file, page_t *page, unsigned from); ++# endif /* FIST_FILTER_DATA || FIST_FILTER_SCA */ ++ ++ ++# define mini_fo_hidden_dentry(d) __mini_fo_hidden_dentry(__FILE__,__FUNCTION__,__LINE__,(d)) ++# define mini_fo_hidden_sto_dentry(d) __mini_fo_hidden_sto_dentry(__FILE__,__FUNCTION__,__LINE__,(d)) ++ ++extern dentry_t *__mini_fo_hidden_dentry(char *file, char *func, int line, dentry_t *this_dentry); ++extern dentry_t *__mini_fo_hidden_sto_dentry(char *file, char *func, int line, dentry_t *this_dentry); ++ ++extern int mini_fo_read_file(const char *filename, void *buf, int len); ++extern int mini_fo_write_file(const char *filename, void *buf, int len); ++extern dentry_t *fist_lookup(dentry_t *dir, const char *name, vnode_t **out, uid_t uid, gid_t gid); ++#endif /* unused by mini_fo */ ++ ++/* state transition functions */ ++extern int nondir_unmod_to_mod(dentry_t *dentry, int cp_flag); ++extern int nondir_del_rew_to_del(dentry_t *dentry); ++extern int nondir_creat_to_del(dentry_t *dentry); ++extern int nondir_mod_to_del(dentry_t *dentry); ++extern int nondir_unmod_to_del(dentry_t *dentry); ++ ++extern int dir_unmod_to_mod(dentry_t *dentry); ++ ++/* rename specials */ ++extern int rename_directory(inode_t *old_dir, dentry_t *old_dentry, inode_t *new_dir, dentry_t *new_dentry); ++extern int rename_nondir(inode_t *old_dir, dentry_t *old_dentry, inode_t *new_dir, dentry_t *new_dentry); ++ ++/* misc stuff */ ++extern int mini_fo_tri_interpose(dentry_t *hidden_dentry, ++ dentry_t *hidden_sto_dentry, ++ dentry_t *dentry, ++ super_block_t *sb, int flag); ++ ++extern int mini_fo_cp_cont(dentry_t *tgt_dentry, struct vfsmount *tgt_mnt, ++ dentry_t *src_dentry, struct vfsmount *src_mnt); ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++extern int mini_fo_create(inode_t *dir, dentry_t *dentry, int mode, struct nameidata *nd); ++ ++extern int create_sto_nod(dentry_t *dentry, int mode, dev_t dev); ++extern int create_sto_reg_file(dentry_t *dentry, int mode, struct nameidata *nd); ++#else ++extern int mini_fo_create(inode_t *dir, dentry_t *dentry, int mode); ++ ++extern int create_sto_nod(dentry_t *dentry, int mode, int dev); ++extern int create_sto_reg_file(dentry_t *dentry, int mode); ++#endif ++ ++extern int create_sto_dir(dentry_t *dentry, int mode); ++ ++extern int exists_in_storage(dentry_t *dentry); ++extern int is_mini_fo_existant(dentry_t *dentry); ++extern int get_neg_sto_dentry(dentry_t *dentry); ++extern int build_sto_structure(dentry_t *dir, dentry_t *dentry); ++extern int get_mini_fo_bpath(dentry_t *dentry, char **bpath, int *bpath_len); ++extern dentry_t *bpath_walk(super_block_t *sb, char *bpath); ++extern int bpath_put(dentry_t *dentry); ++ ++/* check_mini_fo types functions */ ++extern int check_mini_fo_dentry(dentry_t *dentry); ++extern int check_mini_fo_file(file_t *file); ++extern int check_mini_fo_inode(inode_t *inode); ++ ++/* General meta functions, can be called from outside of meta.c */ ++extern int meta_build_lists(dentry_t *dentry); ++extern int meta_put_lists(dentry_t *dentry); ++extern int __meta_put_lists(inode_t *inode); ++ ++extern int meta_add_d_entry(dentry_t *dentry, const char *name, int len); ++extern int meta_add_r_entry(dentry_t *dentry, ++ const char *old_name, int old_len, ++ const char *new_name, int new_len); ++ ++extern int meta_remove_r_entry(dentry_t *dentry, const char *name, int len); ++ ++extern int meta_check_d_entry(dentry_t *dentry, const char *name, int len); ++extern int __meta_check_d_entry(inode_t *inode, const char *name, int len); ++ ++extern char* meta_check_r_entry(dentry_t *dentry, const char *name, int len); ++extern char* __meta_check_r_entry(inode_t *inode, const char *name, int len); ++extern int meta_is_r_entry(dentry_t *dentry, const char *name, int len); ++extern int __meta_is_r_entry(inode_t *inode, const char *name, int len); ++ ++/* Specific meta functions, should be called only inside meta.c */ ++extern int __meta_put_d_list(inode_t *inode); ++extern int __meta_put_r_list(inode_t *inode); ++ ++extern int meta_list_add_d_entry(dentry_t *dentry, ++ const char *name, int len); ++extern int meta_list_add_r_entry(dentry_t *dentry, ++ const char *old_name, int old_len, ++ const char *new_name, int new_len); ++ ++extern int meta_list_remove_r_entry(dentry_t *dentry, ++ const char *name, int len); ++ ++extern int __meta_list_remove_r_entry(inode_t *inode, ++ const char *name, int len); ++ ++extern int meta_write_d_entry(dentry_t *dentry, const char *name, int len); ++extern int meta_write_r_entry(dentry_t *dentry, ++ const char *old_name, int old_len, ++ const char *new_name, int new_len); ++ ++extern int meta_sync_lists(dentry_t *dentry); ++extern int meta_sync_d_list(dentry_t *dentry, int app_flag); ++extern int meta_sync_r_list(dentry_t *dentry, int app_flag); ++ ++/* ndl stuff */ ++extern int ndl_add_entry(struct readdir_data *rd, const char *name, int len); ++extern void ndl_put_list(struct readdir_data *rd); ++extern int ndl_check_entry(struct readdir_data *rd, ++ const char *name, int len); ++ ++ ++# define copy_inode_size(dst, src) \ ++ dst->i_size = src->i_size; \ ++ dst->i_blocks = src->i_blocks; ++ ++static inline void ++fist_copy_attr_atime(inode_t *dest, const inode_t *src) ++{ ++ ASSERT(dest != NULL); ++ ASSERT(src != NULL); ++ dest->i_atime = src->i_atime; ++} ++static inline void ++fist_copy_attr_times(inode_t *dest, const inode_t *src) ++{ ++ ASSERT(dest != NULL); ++ ASSERT(src != NULL); ++ dest->i_atime = src->i_atime; ++ dest->i_mtime = src->i_mtime; ++ dest->i_ctime = src->i_ctime; ++} ++static inline void ++fist_copy_attr_timesizes(inode_t *dest, const inode_t *src) ++{ ++ ASSERT(dest != NULL); ++ ASSERT(src != NULL); ++ dest->i_atime = src->i_atime; ++ dest->i_mtime = src->i_mtime; ++ dest->i_ctime = src->i_ctime; ++ copy_inode_size(dest, src); ++} ++static inline void ++fist_copy_attr_all(inode_t *dest, const inode_t *src) ++{ ++ ASSERT(dest != NULL); ++ ASSERT(src != NULL); ++ dest->i_mode = src->i_mode; ++ dest->i_nlink = src->i_nlink; ++ dest->i_uid = src->i_uid; ++ dest->i_gid = src->i_gid; ++ dest->i_rdev = src->i_rdev; ++ dest->i_atime = src->i_atime; ++ dest->i_mtime = src->i_mtime; ++ dest->i_ctime = src->i_ctime; ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) ++ dest->i_blksize = src->i_blksize; ++#endif ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,12) ++ dest->i_blkbits = src->i_blkbits; ++# endif /* linux 2.4.12 and newer */ ++ copy_inode_size(dest, src); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ dest->i_attr_flags = src->i_attr_flags; ++#else ++ dest->i_flags = src->i_flags; ++#endif ++} ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++/* copied from linux/fs.h */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++static inline void double_lock(struct dentry *d1, struct dentry *d2) ++{ ++ struct mutex *m1 = &d1->d_inode->i_mutex; ++ struct mutex *m2 = &d2->d_inode->i_mutex; ++ if (m1 != m2) { ++ if ((unsigned long) m1 < (unsigned long) m2) { ++ struct mutex *tmp = m2; ++ m2 = m1; m1 = tmp; ++ } ++ mutex_lock(m1); ++ } ++ mutex_lock(m2); ++} ++ ++static inline void double_unlock(struct dentry *d1, struct dentry *d2) ++{ ++ struct mutex *m1 = &d1->d_inode->i_mutex; ++ struct mutex *m2 = &d2->d_inode->i_mutex; ++ mutex_unlock(m1); ++ if (m1 != m2) ++ mutex_unlock(m2); ++ dput(d1); ++ dput(d2); ++} ++ ++#else ++static inline void double_down(struct semaphore *s1, struct semaphore *s2) ++{ ++ if (s1 != s2) { ++ if ((unsigned long) s1 < (unsigned long) s2) { ++ struct semaphore *tmp = s2; ++ s2 = s1; s1 = tmp; ++ } ++ down(s1); ++ } ++ down(s2); ++} ++ ++static inline void double_up(struct semaphore *s1, struct semaphore *s2) ++{ ++ up(s1); ++ if (s1 != s2) ++ up(s2); ++} ++ ++static inline void double_lock(struct dentry *d1, struct dentry *d2) ++{ ++ double_down(&d1->d_inode->i_sem, &d2->d_inode->i_sem); ++} ++ ++static inline void double_unlock(struct dentry *d1, struct dentry *d2) ++{ ++ double_up(&d1->d_inode->i_sem,&d2->d_inode->i_sem); ++ dput(d1); ++ dput(d2); ++} ++#endif /* if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) */ ++#endif /* if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) */ ++#endif /* __KERNEL__ */ ++ ++/* ++ * Definitions for user and kernel code ++ */ ++ ++/* ioctls */ ++ ++#endif /* not __MINI_FO_H_ */ +--- /dev/null ++++ b/fs/mini_fo/mini_fo-merge +@@ -0,0 +1,180 @@ ++#!/bin/bash ++# ++# Copyright (C) 2005 Markus Klotzbuecher <mk@creamnet.de> ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License ++# as published by the Free Software Foundation; either version ++# 2 of the License, or (at your option) any later version. ++# ++ ++BASE= ++STO= ++HELP= ++DRYRUN= ++VERBOSE= ++TMP="/tmp/" ++META_NAME="META_dAfFgHE39ktF3HD2sr" ++SKIP_DEL_LIST="skip-delete-list.mini_fo-merge" ++ ++COMMAND= ++exec_command() ++{ ++ if [ x$DRYRUN == "xset" ]; then ++ echo " would run: $COMMAND" ++ elif ! [ x$DRYRUN == "xset" ]; then ++ if [ x$VERBOSE == "xset" ]; then ++ echo " running: $COMMAND" ++ fi ++ eval $COMMAND ++ fi ++} ++ ++usage() ++{ ++cat <<EOF ++ ++USAGE: $0 -b <base dir> -s <storage dir> ++Version 0.1 ++ ++This script merges the contents of a mini_fo storage file system back ++to the base file system. ++ ++!!! Warning: This will modify the base filesystem and can destroy data ++ if used wrongly. ++ ++Options: ++ -b <base dir> ++ the directory of the base file system. ++ ++ -s <storage dir> ++ the directory of the storage file system. ++ ++ -d dry run, will not change anything and print the commands that ++ would be executed. ++ ++ -t tmp dir for storing temporary file. default: $TMP ++ ++ -v show what operations are performed. ++ ++ -h displays this message. ++ ++EOF ++} ++ ++# parse parameters ++while getopts hdvt:b:s: OPTS ++ do ++ case $OPTS in ++ h) HELP="set";; ++ d) DRYRUN="set";; ++ v) VERBOSE="set";; ++ b) BASE="$OPTARG";; ++ s) STO="$OPTARG";; ++ t) TMP="$OPTARG";; ++ ?) usage ++ exit 1;; ++ esac ++done ++ ++if [ "x$HELP" == "xset" ]; then ++ usage ++ exit -1 ++fi ++ ++if ! [ -d "$BASE" ] || ! [ -d "$STO" ]; then ++ echo -e "$0:\n Error, -s and/or -b argument missing. type $0 -h for help." ++ exit -1; ++fi ++ ++# get full paths ++pushd $STO; STO=`pwd`; popd ++pushd $BASE; BASE=`pwd`; popd ++TMP=${TMP%/} ++ ++ ++cat<<EOF ++############################################################################### ++# mini_fo-merge ++# ++# base dir: $BASE ++# storage dir: $STO ++# meta filename: $META_NAME ++# dry run: $DRYRUN ++# verbose: $VERBOSE ++# tmp files: $TMP ++############################################################################### ++ ++EOF ++ ++rm $TMP/$SKIP_DEL_LIST ++ ++# first process all renamed dirs ++echo "Merging renamed directories..." ++pushd $STO &> /dev/null ++find . -name $META_NAME -type f -print0 | xargs -0 -e grep -e '^R ' | tr -s ':R' ' ' | while read ENTRY; do ++ echo "entry: $ENTRY" ++ META_FILE=`echo $ENTRY | cut -d ' ' -f 1` ++ OLD_B_DIR=`echo $ENTRY | cut -d ' ' -f 2 | sed -e 's/\///'` ++ NEW_NAME=`echo $ENTRY | cut -d ' ' -f 3` ++ NEW_B_DIR=`echo $META_FILE | sed -e "s/$META_NAME/$NEW_NAME/" | sed -e 's/^\.\///'` ++ echo "META_FILE: $META_FILE" ++ echo "OLD_B_DIR: $OLD_B_DIR" ++ echo "NEW_NAME: $NEW_NAME" ++ echo "NEW_B_DIR: $NEW_B_DIR" ++ ++ pushd $BASE &> /dev/null ++ # remove an existing dir in storage ++ COMMAND="rm -rf $NEW_B_DIR"; exec_command ++ COMMAND="cp -R $OLD_B_DIR $NEW_B_DIR"; exec_command ++ echo "" ++ popd &> /dev/null ++ ++ # remember this dir to exclude it from deleting later ++ echo $NEW_B_DIR >> $TMP/$SKIP_DEL_LIST ++done ++ ++# delete all whiteouted files from base ++echo -e "\nDeleting whiteout'ed files from base file system..." ++find . -name $META_NAME -type f -print0 | xargs -0 -e grep -e '^D ' | sed -e 's/:D//' | while read ENTRY; do ++ META_FILE=`echo $ENTRY | cut -d ' ' -f 1` ++ DEL_NAME=`echo $ENTRY | cut -d ' ' -f 2` ++ DEL_FILE=`echo $META_FILE | sed -e "s/$META_NAME/$DEL_NAME/" | sed -e 's/^\.\///'` ++ grep -x $DEL_FILE $TMP/$SKIP_DEL_LIST &> /dev/null ++ if [ $? -ne 0 ]; then ++ pushd $BASE &> /dev/null ++ COMMAND="rm -rf $DEL_FILE"; exec_command ++ popd &> /dev/null ++ else ++ echo " excluding: $DEL_FILE as in skip-del-list." ++ fi ++done ++ ++# create all dirs and update permissions ++echo -e "\nSetting up directory structures in base file system..." ++find . -type d | sed -e 's/^\.\///' | while read DIR; do ++ PERMS=`stat -c %a $DIR` ++ DIR_UID=`stat -c %u $DIR` ++ DIR_GID=`stat -c %g $DIR` ++ pushd $BASE &> /dev/null ++ if ! [ -d $DIR ]; then ++ COMMAND="mkdir -p $DIR"; exec_command ++ fi ++ COMMAND="chmod $PERMS $DIR"; exec_command ++ COMMAND="chown $DIR_UID:$DIR_GID $DIR"; exec_command ++ popd &> /dev/null ++done ++ ++# merge all non-directory files ++echo -e "\nMerging all non-directory files...." ++for i in b c p f l s; do ++ find . -type $i | sed -e 's/^\.\///' | grep -v "$META_NAME" | while read FILE; do ++ pushd $BASE #&> /dev/null ++ COMMAND="cp -df $STO/$FILE $BASE/$FILE"; exec_command ++ popd &> /dev/null ++ done ++done ++popd &> /dev/null ++ ++#rm $TMP/$SKIP_DEL_LIST ++ ++echo "Done!" +--- /dev/null ++++ b/fs/mini_fo/mini_fo-overlay +@@ -0,0 +1,130 @@ ++#!/bin/bash ++# ++# Copyright (C) 2005 Markus Klotzbuecher <mk@creamnet.de> ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License ++# as published by the Free Software Foundation; either version ++# 2 of the License, or (at your option) any later version. ++# ++ ++HELP= ++SUFF= ++MNTP= ++MNT_DIR="/mnt" ++STO= ++STO_DIR="/tmp" ++BASE= ++ ++usage() ++{ ++cat <<EOF ++ ++Usage: $0 [-s suffix] [-d sto_dir_dir] [-m mount point] base_dir ++Version 0.1 ++ ++This script overlays the given base directory using the mini_fo file ++system. If only the base directory base_dir is given, $0 ++will use a storage directory called "sto-<base_dir_name>" in $STO_DIR, ++and mount point "mini_fo-<base_dir_dir>" in $MNT_DIR. ++ ++Options: ++ -s <suffix> ++ add given suffix to storage directory and the mount ++ point. This is usefull for overlaying one base directory ++ several times and avoiding conflicts with storage directory ++ names and mount points. ++ ++ -d <sto_dir_dir> ++ change the directory in which the storage directory will be ++ created (default is currently "$STO_DIR". ++ ++ -m <mount point> ++ use an alternative directory to create the mini_fo ++ mountpoint (default is currently "$MNT_DIR". ++ ++ -h displays this message. ++ ++EOF ++exit 1; ++} ++ ++while getopts hm:s:d: OPTS ++ do ++ case $OPTS in ++ s) SUFF="$OPTARG";; ++ d) STO_DIR="$OPTARG";; ++ m) MNT_DIR="$OPTARG";; ++ h) HELP="set";; ++ ?) usage ++ exit 1;; ++ esac ++done ++shift $(($OPTIND - 1)) ++ ++BASE="$1" ++ ++if [ "x$HELP" == "xset" ]; then ++ usage ++ exit -1 ++fi ++ ++# fix suffix ++if [ "x$SUFF" != "x" ]; then ++ SUFF="-$SUFF" ++fi ++ ++# kill trailing slashes ++MNT_DIR=${MNT_DIR%/} ++STO_DIR=${STO_DIR%/} ++BASE=${BASE%/} ++ ++ ++if ! [ -d "$BASE" ]; then ++ echo "invalid base dir $BASE, run $0 -h for help." ++ exit -1 ++fi ++ ++# check opts ++if ! [ -d "$MNT_DIR" ]; then ++ echo "invalid mount dir $MNT_DIR, run $0 -h for help." ++ exit -1 ++fi ++ ++if ! [ -d "$STO_DIR" ]; then ++ echo "invalid sto_dir_dir $STO_DIR, run $0 -h for help." ++ exit -1 ++fi ++ ++MNTP="$MNT_DIR/mini_fo-`basename $BASE`$SUFF" ++STO="$STO_DIR/sto-`basename $BASE`$SUFF" ++ ++# create the mount point if it doesn't exist ++mkdir -p $MNTP ++if [ $? -ne 0 ]; then ++ echo "Error, failed to create mount point $MNTP" ++fi ++ ++mkdir -p $STO ++if [ $? -ne 0 ]; then ++ echo "Error, failed to create storage dir $STO" ++fi ++ ++# check if fs is already mounted ++mount | grep mini_fo | grep $MNTP &> /dev/null ++if [ $? -eq 0 ]; then ++ echo "Error, existing mini_fo mount at $MNTP." ++ exit -1 ++fi ++ ++mount | grep mini_fo | grep $STO &> /dev/null ++if [ $? -eq 0 ]; then ++ echo "Error, $STO seems to be used already." ++ exit -1 ++fi ++ ++# mount ++mount -t mini_fo -o base=$BASE,sto=$STO $BASE $MNTP ++ ++if [ $? -ne 0 ]; then ++ echo "Error, mounting failed, maybe no permisson to mount?" ++fi +--- /dev/null ++++ b/fs/mini_fo/mmap.c +@@ -0,0 +1,637 @@ ++/* ++ * Copyright (c) 1997-2003 Erez Zadok ++ * Copyright (c) 2001-2003 Stony Brook University ++ * ++ * For specific licensing information, see the COPYING file distributed with ++ * this package, or get one from ftp://ftp.filesystems.org/pub/fist/COPYING. ++ * ++ * This Copyright notice must be kept intact and distributed with all ++ * fistgen sources INCLUDING sources generated by fistgen. ++ */ ++/* ++ * Copyright (C) 2004, 2005 Markus Klotzbuecher <mk@creamnet.de> ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ */ ++ ++/* ++ * $Id$ ++ */ ++ ++#ifdef HAVE_CONFIG_H ++# include <config.h> ++#endif /* HAVE_CONFIG_H */ ++ ++#include "fist.h" ++#include "mini_fo.h" ++ ++ ++#ifdef FIST_COUNT_WRITES ++/* for counting writes in the middle vs. regular writes */ ++unsigned long count_writes = 0, count_writes_middle = 0; ++#endif /* FIST_COUNT_WRITES */ ++ ++/* forward declaration of commit write and prepare write */ ++STATIC int mini_fo_commit_write(file_t *file, page_t *page, unsigned from, unsigned to); ++STATIC int mini_fo_prepare_write(file_t *file, page_t *page, unsigned from, unsigned to); ++ ++ ++/* ++ * Function for handling creation of holes when lseek-ing past the ++ * end of the file and then writing some data. ++ */ ++int ++mini_fo_fill_zeros(file_t* file, page_t *page, unsigned from) ++{ ++ int err = 0; ++ dentry_t *dentry = file->f_dentry; ++ inode_t *inode = dentry->d_inode; ++ page_t *tmp_page; ++ int index; ++ ++ print_entry_location(); ++ ++ for (index = inode->i_size >> PAGE_CACHE_SHIFT; index < page->index; index++) { ++ tmp_page = mini_fo_get1page(file, index); ++ if (IS_ERR(tmp_page)) { ++ err = PTR_ERR(tmp_page); ++ goto out; ++ } ++ ++ /* ++ * zero out rest of the contents of the page between the appropriate ++ * offsets. ++ */ ++ memset((char*)page_address(tmp_page) + (inode->i_size & ~PAGE_CACHE_MASK), 0, PAGE_CACHE_SIZE - (inode->i_size & ~PAGE_CACHE_MASK)); ++ ++ if (! (err = mini_fo_prepare_write(file, tmp_page, 0, PAGE_CACHE_SIZE))) ++ err = mini_fo_commit_write(file, tmp_page, 0, PAGE_CACHE_SIZE); ++ ++ page_cache_release(tmp_page); ++ if (err < 0) ++ goto out; ++ if (current->need_resched) ++ schedule(); ++ } ++ ++ /* zero out appropriate parts of last page */ ++ ++ /* ++ * if the encoding type is block, then adjust the 'from' (where the ++ * zeroing will start) offset appropriately ++ */ ++ from = from & (~(FIST_ENCODING_BLOCKSIZE - 1)); ++ ++ if ((from - (inode->i_size & ~PAGE_CACHE_MASK)) > 0) { ++ ++ memset((char*)page_address(page) + (inode->i_size & ~PAGE_CACHE_MASK), 0, from - (inode->i_size & ~PAGE_CACHE_MASK)); ++ if (! (err = mini_fo_prepare_write(file, page, 0, PAGE_CACHE_SIZE))) ++ err = mini_fo_commit_write(file, page, 0, PAGE_CACHE_SIZE); ++ ++ if (err < 0) ++ goto out; ++ if (current->need_resched) ++ schedule(); ++ } ++ ++ out: ++ print_exit_status(err); ++ return err; ++} ++ ++ ++ ++STATIC int ++mini_fo_writepage(page_t *page) ++{ ++ int err = -EIO; ++ inode_t *inode; ++ inode_t *hidden_inode; ++ page_t *hidden_page; ++ char *kaddr, *hidden_kaddr; ++ ++ print_entry_location(); ++ ++ inode = page->mapping->host; ++ hidden_inode = itohi(inode); ++ ++ /* ++ * writepage is called when shared mmap'ed files need to write ++ * their pages, while prepare/commit_write are called from the ++ * non-paged write() interface. (However, in 2.3 the two interfaces ++ * share the same cache, while in 2.2 they didn't.) ++ * ++ * So we pretty much have to duplicate much of what commit_write does. ++ */ ++ ++ /* find lower page (returns a locked page) */ ++ hidden_page = grab_cache_page(hidden_inode->i_mapping, page->index); ++ if (!hidden_page) ++ goto out; ++ ++ /* get page address, and encode it */ ++ kaddr = (char *) kmap(page); ++ hidden_kaddr = (char*) kmap(hidden_page); ++ mini_fo_encode_block(kaddr, hidden_kaddr, PAGE_CACHE_SIZE, inode, inode->i_sb, page->index); ++ /* if encode_block could fail, then return error */ ++ kunmap(page); ++ kunmap(hidden_page); ++ ++ /* call lower writepage (expects locked page) */ ++ err = hidden_inode->i_mapping->a_ops->writepage(hidden_page); ++ ++ /* ++ * update mtime and ctime of lower level file system ++ * mini_fo' mtime and ctime are updated by generic_file_write ++ */ ++ hidden_inode->i_mtime = hidden_inode->i_ctime = CURRENT_TIME; ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,4,1) ++ UnlockPage(hidden_page); /* b/c grab_cache_page locked it */ ++# endif /* kernel older than 2.4.1 */ ++ page_cache_release(hidden_page); /* b/c grab_cache_page increased refcnt */ ++ ++ if (err) ++ ClearPageUptodate(page); ++ else ++ SetPageUptodate(page); ++ out: ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,1) ++ UnlockPage(page); ++# endif /* kernel 2.4.1 and newer */ ++ print_exit_status(err); ++ return err; ++} ++ ++ ++/* ++ * get one page from cache or lower f/s, return error otherwise. ++ * returns unlocked, up-to-date page (if ok), with increased refcnt. ++ */ ++page_t * ++mini_fo_get1page(file_t *file, int index) ++{ ++ page_t *page; ++ dentry_t *dentry; ++ inode_t *inode; ++ struct address_space *mapping; ++ int err; ++ ++ print_entry_location(); ++ ++ dentry = file->f_dentry; /* CPW: Moved below print_entry_location */ ++ inode = dentry->d_inode; ++ mapping = inode->i_mapping; ++ ++ fist_dprint(8, "%s: read page index %d pid %d\n", __FUNCTION__, index, current->pid); ++ if (index < 0) { ++ printk("%s BUG: index=%d\n", __FUNCTION__, index); ++ page = ERR_PTR(-EIO); ++ goto out; ++ } ++ page = read_cache_page(mapping, ++ index, ++ (filler_t *) mapping->a_ops->readpage, ++ (void *) file); ++ if (IS_ERR(page)) ++ goto out; ++ wait_on_page(page); ++ if (!Page_Uptodate(page)) { ++ lock_page(page); ++ err = mapping->a_ops->readpage(file, page); ++ if (err) { ++ page = ERR_PTR(err); ++ goto out; ++ } ++ wait_on_page(page); ++ if (!Page_Uptodate(page)) { ++ page = ERR_PTR(-EIO); ++ goto out; ++ } ++ } ++ ++ out: ++ print_exit_pointer(page); ++ return page; ++} ++ ++ ++/* ++ * get one page from cache or lower f/s, return error otherwise. ++ * similar to get1page, but doesn't guarantee that it will return ++ * an unlocked page. ++ */ ++page_t * ++mini_fo_get1page_cached(file_t *file, int index) ++{ ++ page_t *page; ++ dentry_t *dentry; ++ inode_t *inode; ++ struct address_space *mapping; ++ int err; ++ ++ print_entry_location(); ++ ++ dentry = file->f_dentry; /* CPW: Moved below print_entry_location */ ++ inode = dentry->d_inode; ++ mapping = inode->i_mapping; ++ ++ fist_dprint(8, "%s: read page index %d pid %d\n", __FUNCTION__, index, current->pid); ++ if (index < 0) { ++ printk("%s BUG: index=%d\n", __FUNCTION__, index); ++ page = ERR_PTR(-EIO); ++ goto out; ++ } ++ page = read_cache_page(mapping, ++ index, ++ (filler_t *) mapping->a_ops->readpage, ++ (void *) file); ++ if (IS_ERR(page)) ++ goto out; ++ ++ out: ++ print_exit_pointer(page); ++ return page; ++} ++ ++ ++/* ++ * readpage is called from generic_page_read and the fault handler. ++ * If your file system uses generic_page_read for the read op, it ++ * must implement readpage. ++ * ++ * Readpage expects a locked page, and must unlock it. ++ */ ++STATIC int ++mini_fo_do_readpage(file_t *file, page_t *page) ++{ ++ int err = -EIO; ++ dentry_t *dentry; ++ file_t *hidden_file = NULL; ++ dentry_t *hidden_dentry; ++ inode_t *inode; ++ inode_t *hidden_inode; ++ char *page_data; ++ page_t *hidden_page; ++ char *hidden_page_data; ++ int real_size; ++ ++ print_entry_location(); ++ ++ dentry = file->f_dentry; /* CPW: Moved below print_entry_location */ ++ if (ftopd(file) != NULL) ++ hidden_file = ftohf(file); ++ hidden_dentry = dtohd(dentry); ++ inode = dentry->d_inode; ++ hidden_inode = itohi(inode); ++ ++ fist_dprint(7, "%s: requesting page %d from file %s\n", __FUNCTION__, page->index, dentry->d_name.name); ++ ++ MALLOC_PAGE_POINTERS(hidden_pages, num_hidden_pages); ++ MALLOC_PAGEDATA_POINTERS(hidden_pages_data, num_hidden_pages); ++ FOR_EACH_PAGE ++ CURRENT_HIDDEN_PAGE = NULL; ++ ++ /* find lower page (returns a locked page) */ ++ FOR_EACH_PAGE { ++ fist_dprint(8, "%s: Current page index = %d\n", __FUNCTION__, CURRENT_HIDDEN_PAGEINDEX); ++ CURRENT_HIDDEN_PAGE = read_cache_page(hidden_inode->i_mapping, ++ CURRENT_HIDDEN_PAGEINDEX, ++ (filler_t *) hidden_inode->i_mapping->a_ops->readpage, ++ (void *) hidden_file); ++ if (IS_ERR(CURRENT_HIDDEN_PAGE)) { ++ err = PTR_ERR(CURRENT_HIDDEN_PAGE); ++ CURRENT_HIDDEN_PAGE = NULL; ++ goto out_release; ++ } ++ } ++ ++ /* ++ * wait for the page data to show up ++ * (signaled by readpage as unlocking the page) ++ */ ++ FOR_EACH_PAGE { ++ wait_on_page(CURRENT_HIDDEN_PAGE); ++ if (!Page_Uptodate(CURRENT_HIDDEN_PAGE)) { ++ /* ++ * call readpage() again if we returned from wait_on_page with a ++ * page that's not up-to-date; that can happen when a partial ++ * page has a few buffers which are ok, but not the whole ++ * page. ++ */ ++ lock_page(CURRENT_HIDDEN_PAGE); ++ err = hidden_inode->i_mapping->a_ops->readpage(hidden_file, ++ CURRENT_HIDDEN_PAGE); ++ if (err) { ++ CURRENT_HIDDEN_PAGE = NULL; ++ goto out_release; ++ } ++ wait_on_page(CURRENT_HIDDEN_PAGE); ++ if (!Page_Uptodate(CURRENT_HIDDEN_PAGE)) { ++ err = -EIO; ++ goto out_release; ++ } ++ } ++ } ++ ++ /* map pages, get their addresses */ ++ page_data = (char *) kmap(page); ++ FOR_EACH_PAGE ++ CURRENT_HIDDEN_PAGEDATA = (char *) kmap(CURRENT_HIDDEN_PAGE); ++ ++ /* if decode_block could fail, then return error */ ++ err = 0; ++ real_size = hidden_inode->i_size - (page->index << PAGE_CACHE_SHIFT); ++ if (real_size <= 0) ++ memset(page_data, 0, PAGE_CACHE_SIZE); ++ else if (real_size < PAGE_CACHE_SIZE) { ++ mini_fo_decode_block(hidden_page_data, page_data, real_size, inode, inode->i_sb, page->index); ++ memset(page_data + real_size, 0, PAGE_CACHE_SIZE - real_size); ++ } else ++ mini_fo_decode_block(hidden_page_data, page_data, PAGE_CACHE_SIZE, inode, inode->i_sb, page->index); ++ ++ FOR_EACH_PAGE ++ kunmap(CURRENT_HIDDEN_PAGE); ++ kunmap(page); ++ ++ out_release: ++ FOR_EACH_PAGE ++ if (CURRENT_HIDDEN_PAGE) ++ page_cache_release(CURRENT_HIDDEN_PAGE); /* undo read_cache_page */ ++ ++ FREE_PAGE_POINTERS(hidden_pages, num_hidden_pages); ++ FREE_PAGEDATA_POINTERS(hidden_pages_data, num_hidden_pages); ++ ++ out: ++ if (err == 0) ++ SetPageUptodate(page); ++ else ++ ClearPageUptodate(page); ++ ++ print_exit_status(err); ++ return err; ++} ++ ++ ++STATIC int ++mini_fo_readpage(file_t *file, page_t *page) ++{ ++ int err; ++ print_entry_location(); ++ ++ err = mini_fo_do_readpage(file, page); ++ ++ /* ++ * we have to unlock our page, b/c we _might_ have gotten a locked page. ++ * but we no longer have to wakeup on our page here, b/c UnlockPage does ++ * it ++ */ ++ UnlockPage(page); ++ ++ print_exit_status(err); ++ return err; ++} ++ ++ ++STATIC int ++mini_fo_prepare_write(file_t *file, page_t *page, unsigned from, unsigned to) ++{ ++ int err = 0; ++ ++ print_entry_location(); ++ ++ /* ++ * we call kmap(page) only here, and do the kunmap ++ * and the actual downcalls, including unlockpage and uncache ++ * in commit_write. ++ */ ++ kmap(page); ++ ++ /* fast path for whole page writes */ ++ if (from == 0 && to == PAGE_CACHE_SIZE) ++ goto out; ++ /* read the page to "revalidate" our data */ ++ /* call the helper function which doesn't unlock the page */ ++ if (!Page_Uptodate(page)) ++ err = mini_fo_do_readpage(file, page); ++ ++ out: ++ print_exit_status(err); ++ return err; ++} ++ ++ ++ ++STATIC int ++mini_fo_commit_write(file_t *file, page_t *page, unsigned from, unsigned to) ++{ ++ int err = -ENOMEM; ++ inode_t *inode; ++ inode_t *hidden_inode; ++ page_t *hidden_page; ++ file_t *hidden_file = NULL; ++ loff_t pos; ++ unsigned bytes = to - from; ++ unsigned hidden_from, hidden_to, hidden_bytes; ++ ++ print_entry_location(); ++ ++ inode = page->mapping->host; /* CPW: Moved below print_entry_location */ ++ hidden_inode = itohi(inode); ++ ++ ASSERT(file != NULL); ++ /* ++ * here we have a kmapped page, with data from the user copied ++ * into it. we need to encode_block it, and then call the lower ++ * commit_write. We also need to simulate same behavior of ++ * generic_file_write, and call prepare_write on the lower f/s first. ++ */ ++#ifdef FIST_COUNT_WRITES ++ count_writes++; ++# endif /* FIST_COUNT_WRITES */ ++ ++ /* this is append and/or extend -- we can't have holes so fill them in */ ++ if (page->index > (hidden_inode->i_size >> PAGE_CACHE_SHIFT)) { ++ page_t *tmp_page; ++ int index; ++ for (index = hidden_inode->i_size >> PAGE_CACHE_SHIFT; index < page->index; index++) { ++ tmp_page = mini_fo_get1page(file, index); ++ if (IS_ERR(tmp_page)) { ++ err = PTR_ERR(tmp_page); ++ goto out; ++ } ++ /* zero out the contents of the page at the appropriate offsets */ ++ memset((char*)page_address(tmp_page) + (inode->i_size & ~PAGE_CACHE_MASK), 0, PAGE_CACHE_SIZE - (inode->i_size & ~PAGE_CACHE_MASK)); ++ if (!(err = mini_fo_prepare_write(file, tmp_page, 0, PAGE_CACHE_SIZE))) ++ err = mini_fo_commit_write(file, tmp_page, 0, PAGE_CACHE_SIZE); ++ page_cache_release(tmp_page); ++ if (err < 0) ++ goto out; ++ if (current->need_resched) ++ schedule(); ++ } ++ } ++ ++ if (ftopd(file) != NULL) ++ hidden_file = ftohf(file); ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_inode->i_mutex); ++#else ++ down(&hidden_inode->i_sem); ++#endif ++ /* find lower page (returns a locked page) */ ++ hidden_page = grab_cache_page(hidden_inode->i_mapping, page->index); ++ if (!hidden_page) ++ goto out; ++ ++#if FIST_ENCODING_BLOCKSIZE > 1 ++# error encoding_blocksize greater than 1 is not yet supported ++# endif /* FIST_ENCODING_BLOCKSIZE > 1 */ ++ ++ hidden_from = from & (~(FIST_ENCODING_BLOCKSIZE - 1)); ++ hidden_to = ((to + FIST_ENCODING_BLOCKSIZE - 1) & (~(FIST_ENCODING_BLOCKSIZE - 1))); ++ if ((page->index << PAGE_CACHE_SHIFT) + to > hidden_inode->i_size) { ++ ++ /* ++ * if this call to commit_write had introduced holes and the code ++ * for handling holes was invoked, then the beginning of this page ++ * must be zeroed out ++ * zero out bytes from 'size_of_file%pagesize' to 'from'. ++ */ ++ if ((hidden_from - (inode->i_size & ~PAGE_CACHE_MASK)) > 0) ++ memset((char*)page_address(page) + (inode->i_size & ~PAGE_CACHE_MASK), 0, hidden_from - (inode->i_size & ~PAGE_CACHE_MASK)); ++ ++ } ++ hidden_bytes = hidden_to - hidden_from; ++ ++ /* call lower prepare_write */ ++ err = -EINVAL; ++ if (hidden_inode->i_mapping && ++ hidden_inode->i_mapping->a_ops && ++ hidden_inode->i_mapping->a_ops->prepare_write) ++ err = hidden_inode->i_mapping->a_ops->prepare_write(hidden_file, ++ hidden_page, ++ hidden_from, ++ hidden_to); ++ if (err) ++ /* don't leave locked pages behind, esp. on an ENOSPC */ ++ goto out_unlock; ++ ++ fist_dprint(8, "%s: encoding %d bytes\n", __FUNCTION__, hidden_bytes); ++ mini_fo_encode_block((char *) page_address(page) + hidden_from, (char*) page_address(hidden_page) + hidden_from, hidden_bytes, inode, inode->i_sb, page->index); ++ /* if encode_block could fail, then goto unlock and return error */ ++ ++ /* call lower commit_write */ ++ err = hidden_inode->i_mapping->a_ops->commit_write(hidden_file, ++ hidden_page, ++ hidden_from, ++ hidden_to); ++ ++ if (err < 0) ++ goto out_unlock; ++ ++ err = bytes; /* convert error to no. of bytes */ ++ ++ inode->i_blocks = hidden_inode->i_blocks; ++ /* we may have to update i_size */ ++ pos = (page->index << PAGE_CACHE_SHIFT) + to; ++ if (pos > inode->i_size) ++ inode->i_size = pos; ++ ++ /* ++ * update mtime and ctime of lower level file system ++ * mini_fo' mtime and ctime are updated by generic_file_write ++ */ ++ hidden_inode->i_mtime = hidden_inode->i_ctime = CURRENT_TIME; ++ ++ mark_inode_dirty_sync(inode); ++ ++ out_unlock: ++ UnlockPage(hidden_page); ++ page_cache_release(hidden_page); ++ kunmap(page); /* kmap was done in prepare_write */ ++ out: ++ /* we must set our page as up-to-date */ ++ if (err < 0) ++ ClearPageUptodate(page); ++ else ++ SetPageUptodate(page); ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&hidden_inode->i_mutex); ++#else ++ up(&hidden_inode->i_sem); ++#endif ++ print_exit_status(err); ++ return err; /* assume all is ok */ ++} ++ ++ ++STATIC int ++mini_fo_bmap(struct address_space *mapping, long block) ++{ ++ int err = 0; ++ inode_t *inode; ++ inode_t *hidden_inode; ++ ++ print_entry_location(); ++ ++ inode = (inode_t *) mapping->host; ++ hidden_inode = itohi(inode); ++ ++ if (hidden_inode->i_mapping->a_ops->bmap) ++ err = hidden_inode->i_mapping->a_ops->bmap(hidden_inode->i_mapping, block); ++ print_exit_location(); ++ return err; ++} ++ ++ ++/* ++ * This function is copied verbatim from mm/filemap.c. ++ * XXX: It should be simply moved to some header file instead -- bug Al about it! ++ */ ++static inline int sync_page(struct page *page) ++{ ++ struct address_space *mapping = page->mapping; ++ ++ if (mapping && mapping->a_ops && mapping->a_ops->sync_page) ++ return mapping->a_ops->sync_page(page); ++ return 0; ++} ++ ++ ++/* ++ * XXX: we may not need this function if not FIST_FILTER_DATA. ++ * FIXME: for FIST_FILTER_SCA, get all lower pages and sync them each. ++ */ ++STATIC int ++mini_fo_sync_page(page_t *page) ++{ ++ int err = 0; ++ inode_t *inode; ++ inode_t *hidden_inode; ++ page_t *hidden_page; ++ ++ print_entry_location(); ++ ++ inode = page->mapping->host; /* CPW: Moved below print_entry_location */ ++ hidden_inode = itohi(inode); ++ ++ /* find lower page (returns a locked page) */ ++ hidden_page = grab_cache_page(hidden_inode->i_mapping, page->index); ++ if (!hidden_page) ++ goto out; ++ ++ err = sync_page(hidden_page); ++ ++ UnlockPage(hidden_page); /* b/c grab_cache_page locked it */ ++ page_cache_release(hidden_page); /* b/c grab_cache_page increased refcnt */ ++ ++ out: ++ print_exit_status(err); ++ return err; ++} +--- /dev/null ++++ b/fs/mini_fo/README +@@ -0,0 +1,163 @@ ++README for the mini_fo overlay file system ++========================================= ++ ++ ++WHAT IS MINI_FO? ++---------------- ++ ++mini_fo is a virtual kernel file system that can make read-only ++file systems writable. This is done by redirecting modifying operations ++to a writeable location called "storage directory", and leaving the ++original data in the "base directory" untouched. When reading, the ++file system merges the modifed and original data so that only the ++newest versions will appear. This occurs transparently to the user, ++who can access the data like on any other read-write file system. ++ ++Base and storage directories may be located on the same or on ++different partitions and may be of different file system types. While ++the storage directory obviously needs to be writable, the base may or ++may not be writable, what doesn't matter as it will no be modified ++anyway. ++ ++ ++WHAT IS GOOD FOR? ++----------------- ++ ++The primary purpose of the mini_fo file system is to allow easy ++software updates to embedded systems, that often store their root ++file system in a read-only flash file system, but there are many ++more as for example sandboxing, or for allowing live-cds to ++permanently store information. ++ ++ ++BUILDING ++-------- ++This should be simple. Adjust the Makefile to point to the correct ++kernel headers you want to build the module for. Then: ++ ++ # make ++ ++should build "mini_fo.o" for a 2.4 kernel or "mini_fo.ko" for a 2.6 ++kernel. ++ ++If you are building the module for you current kernel, you can install ++the module (as root): ++ ++ # make install ++ ++or uninstall with ++ ++ # make uninstall ++ ++ ++USING THE FILE SYSTEM ++-------------------- ++ ++the general mount syntax is: ++ ++ mount -t mini_fo -o base=<base directory>,sto=<storage directory>\ ++ <base directory> <mount point> ++ ++Example: ++ ++You have mounted a cdrom to /mnt/cdrom and want to modifiy some files ++on it: ++ ++load the module (as root) ++ ++ # insmod mini_fo.o for a 2.4 kernel or ++ ++ # insmod mini_fo.ko for a 2.6 kernel ++ ++ ++create a storage dir in tmp and a mountpoint for mini_fo: ++ ++ # mkdir /tmp/sto ++ # mkdir /mnt/mini_fo ++ ++and mount the mini_fo file system: ++ ++ # mount -t mini_fo -o base=/mnt/cdrom,sto=/tmp/sto /mnt/cdrom /mnt/mini_fo ++ ++ ++Now the data stored on the cd can be accessed via the mini_fo ++mountpoint just like any read-write file system, files can be modified ++and deleted, new ones can be created and so on. When done unmount the ++file system: ++ ++ # unmount /mnt/mini_fo ++ ++Note that if the file system is mounted again using the same storage ++file system, of course it will appear in the modified state again. If ++you remount it using an new empty storage directory, it will be ++unmodified. Therefore by executing: ++ ++ # cd /tmp/sto ++ # rm -rf * ++ ++you can nuke all the changes you made to the original file system. But ++ remember NEVER do this while the mini_fo file system is mounted! ++ ++ ++Alternatively you can use the mini_fo-overlay bash script, that ++simplifies managing mini_fo mounts. See TOOLS Section. ++ ++ ++TOOLS ++----- ++ ++mini_fo-merge (experimental): ++ ++This is a bash script that will merge changes contained in the storage ++directory back to the base directory. This allows mini_fo to function ++as a cache file system by overlaying a slow (network, ...) file system ++and using a fast (ramdisk, ...) as storage. When done, changes can be ++merged back to the (slow) base with mini_fo-merge. See "mini_fo-merge ++-h" for details. ++ ++It can be usefull for merging changes back after a successfull test ++(patches, software updates...) ++ ++ ++mini_fo-overlay: ++ ++This bash script simplifies managing one or more mini_fo mounts. For ++overlaying a directory called "basedir1", you can just call: ++ ++ # mini_fo-overlay basedir1 ++ ++This will mount mini_fo with "basedir1" as base, "/tmp/sto-basedir1/" ++as storage to "/mnt/mini_fo-basedir1/". It has more options though, ++type "mini_fo-overlay -h" for details. ++ ++ ++DOCUMENTATION, REPORTING BUGS, GETTING HELP ++------------------------------------------- ++ ++Please visit the mini_fo project page at: ++ ++http://www.denx.de/twiki/bin/view/Know/MiniFOHome ++ ++ ++WARNINGS ++-------- ++ ++Never modify the base or the storage directorys while the mini_fo ++file system is mounted, or you might crash you system. Simply accessing ++and reading should not cause any trouble. ++ ++Exporting a mini_fo mount point via NFS has not been tested, and may ++or may not work. ++ ++Check the RELEASE_NOTES for details on bugs and features. ++ ++ ++ ++Copyright (C) 2004, 2005 Markus Klotzbuecher <mk@creamnet.de> ++ ++This program is free software; you can redistribute it and/or ++modify it under the terms of the GNU General Public License ++as published by the Free Software Foundation; either version ++2 of the License, or (at your option) any later version. ++ ++ +--- /dev/null ++++ b/fs/mini_fo/RELEASE_NOTES +@@ -0,0 +1,111 @@ ++Release: mini_fo-0.6.1 (v0-6-1) ++Date: 21.09.2005 ++ ++ ++Changes: ++-------- ++v0-6-1: ++ ++- bugfixes (see ChangeLog) ++ ++- two helper scripts "mini_fo_merge" and "mini_fo_overlay" (see ++ README for details). ++ ++v0-6-0: ++ ++- Support for 2.4 and 2.6 (see Makefile) ++ ++- Partial hard link support (creating works as expected, but already ++ existing links in the base file system will be treated as if they ++ were individual files). ++ ++- Various bugfixes and cleanups. ++ ++ ++v0-6-0-pre1: ++ ++- This is mini_fo-0-6-0-pre1! This release is a complete rewrite of ++ many vital mini_fo parts such as the old whiteout list code which ++ has been replaced by the new META subsystem. ++ ++- Light weight directory renaming implemented. This means if a ++ directory is renamed via the mini_fo filesystem this will no longer ++ result in a complete copy in storage, instead only one empty ++ directory will be created. All base filed contained in the original ++ directory stay there until modified. ++ ++- Special files (creating, renaming, deleting etc.) now working. ++ ++- Many bugfixes and cleanup, mini_fo is now a lot more stable. ++ ++ ++v0-5-10: ++ ++- Final release of the 0-5-* versions. Next will be a complete rewrite ++ of many features. This release contains several bugfixes related to ++ directory renaming. ++ ++ ++v0-5-10-pre6: ++ ++- Lots of cleanup and several bugfixes related to directory deleting ++ ++- Directory renaming suddenly works, what is most likely due to the ++ fact tha that "mv" is smart: if the classic rename doesn't work it ++ will assume that source and target file are on different fs and will ++ copy the directory and try to remove the source directory. Until ++ directory removing wasn't implemented, it would fail to do this and ++ rollback. ++ So, directory renaming works for now, but it doesn't yet do what you ++ would expect from a overlay fs, so use with care. ++ ++ ++v0-5-10-pre5: ++ ++- implemented directory deleting ++- made parsing of mount options more stable ++- New format of mount options! (See README) ++- I can't reproduce the unknown panic with 2.4.25 anymore, so I'll ++ happily assume it never existed! ++ ++ ++Implemented features: ++--------------------- ++ ++- creating hard links (see BUGS on already existing hard links) ++- lightweight directory renaming ++- renaming device files, pipes, sockets, etc. ++- creating, renaming, deleting of special files ++- deleting directorys ++- general directory reading (simple "ls" ) ++- creating files in existing directorys ++- creating directorys ++- renaming files. ++- reading and writing files (involves opening) ++- appending to files (creates copy in storage) ++- deleting files ++- llseek works too, what allows editors to work ++- persistency (a deleted file stay deleted over remounts) ++- use of symbolic links ++- creating of device files ++ ++ ++Not (yet) implemented features: ++------------------------------- ++ ++- full hard link support. ++ ++ ++ ++BUGS: ++----- ++ ++Hard links in the base file system will be treated as individual ++files, not as links to one inode. ++ ++The main problem with hard links isn't allowing to create them, but ++their pure existence. If you modify a base hard link, the changes made ++will only show up on this link, the other link will remain in the ++original state. I hope to fix this someday. Please note that this does ++not effect the special hard links '.' and '..', that are handled ++seperately by the lower fs. +--- /dev/null ++++ b/fs/mini_fo/state.c +@@ -0,0 +1,620 @@ ++/* ++ * Copyright (C) 2005 Markus Klotzbuecher <mk@creamnet.de> ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ */ ++ ++#ifdef HAVE_CONFIG_H ++# include <config.h> ++#endif /* HAVE_CONFIG_H */ ++ ++#include "fist.h" ++#include "mini_fo.h" ++ ++ ++/* create the storage file, setup new states */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++int create_sto_reg_file(dentry_t *dentry, int mode, struct nameidata *nd) ++#else ++int create_sto_reg_file(dentry_t *dentry, int mode) ++#endif ++{ ++ int err = 0; ++ inode_t *dir; ++ dentry_t *hidden_sto_dentry; ++ dentry_t *hidden_sto_dir_dentry; ++ ++ if(exists_in_storage(dentry)) { ++ printk(KERN_CRIT "mini_fo: create_sto_file: wrong type or state.\n"); ++ err = -EINVAL; ++ goto out; ++ } ++ err = get_neg_sto_dentry(dentry); ++ ++ if (err) { ++ printk(KERN_CRIT "mini_fo: create_sto_file: ERROR getting neg. sto dentry.\n"); ++ goto out; ++ } ++ ++ dir = dentry->d_parent->d_inode; ++ hidden_sto_dentry = dtohd2(dentry); ++ ++ /* lock parent */ ++ hidden_sto_dir_dentry = dget(hidden_sto_dentry->d_parent); ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ down(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ ++ err = PTR_ERR(hidden_sto_dir_dentry); ++ if (IS_ERR(hidden_sto_dir_dentry)) ++ goto out; ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ err = vfs_create(hidden_sto_dir_dentry->d_inode, ++ hidden_sto_dentry, ++ mode, nd); ++#else ++ err = vfs_create(hidden_sto_dir_dentry->d_inode, ++ hidden_sto_dentry, ++ mode); ++#endif ++ if(err) { ++ printk(KERN_CRIT "mini_fo: create_sto_file: ERROR creating sto file.\n"); ++ goto out_lock; ++ } ++ ++ if(!dtohd2(dentry)->d_inode) { ++ printk(KERN_CRIT "mini_fo: create_sto_file: ERROR creating sto file [2].\n"); ++ err = -EINVAL; ++ goto out_lock; ++ } ++ ++ /* interpose the new inode */ ++ if(dtost(dentry) == DELETED) { ++ dtost(dentry) = DEL_REWRITTEN; ++ err = mini_fo_tri_interpose(NULL, hidden_sto_dentry, dentry, dir->i_sb, 0); ++ if(err) ++ goto out_lock; ++ } ++ else if(dtost(dentry) == NON_EXISTANT) { ++ dtost(dentry) = CREATED; ++ err = mini_fo_tri_interpose(dtohd(dentry), hidden_sto_dentry, dentry, dir->i_sb, 0); ++ if(err) ++ goto out_lock; ++ } ++ else if(dtost(dentry) == UNMODIFIED) { ++ dtost(dentry) = MODIFIED; ++ /* interpose on new inode */ ++ if(itohi2(dentry->d_inode) != NULL) { ++ printk(KERN_CRIT "mini_fo: create_sto_file: invalid inode detected.\n"); ++ err = -EINVAL; ++ goto out_lock; ++ } ++ itohi2(dentry->d_inode) = igrab(dtohd2(dentry)->d_inode); ++ } ++ fist_copy_attr_timesizes(dentry->d_parent->d_inode, ++ hidden_sto_dir_dentry->d_inode); ++ ++ out_lock: ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ up(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ dput(hidden_sto_dir_dentry); ++ out: ++ return err; ++} ++ ++/* create the sto dir, setup states */ ++int create_sto_dir(dentry_t *dentry, int mode) ++{ ++ int err = 0; ++ inode_t *dir; ++ dentry_t *hidden_sto_dentry; ++ dentry_t *hidden_sto_dir_dentry; ++ ++ /* had to take the "!S_ISDIR(mode))" check out, because it failed */ ++ if(exists_in_storage(dentry)) { ++ printk(KERN_CRIT "mini_fo: create_sto_dir: wrong type or state.\\ ++n"); ++ err = -EINVAL; ++ goto out; ++ } ++ ++ err = get_neg_sto_dentry(dentry); ++ if(err) { ++ err = -EINVAL; ++ goto out; ++ } ++ ++ dir = dentry->d_parent->d_inode; ++ hidden_sto_dentry = dtohd2(dentry); ++ ++ /* was: hidden_sto_dir_dentry = lock_parent(hidden_sto_dentry); */ ++ hidden_sto_dir_dentry = dget(hidden_sto_dentry->d_parent); ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ down(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ ++ err = PTR_ERR(hidden_sto_dir_dentry); ++ if (IS_ERR(hidden_sto_dir_dentry)) ++ goto out; ++ ++ err = vfs_mkdir(hidden_sto_dir_dentry->d_inode, ++ hidden_sto_dentry, ++ mode); ++ if(err) { ++ printk(KERN_CRIT "mini_fo: create_sto_dir: ERROR creating sto dir.\n"); ++ goto out_lock; ++ } ++ ++ if(!dtohd2(dentry)->d_inode) { ++ printk(KERN_CRIT "mini_fo: create_sto_dir: ERROR creating sto dir [2].\n"); ++ err = -EINVAL; ++ goto out_lock; ++ } ++ ++ /* interpose the new inode */ ++ if(dtost(dentry) == DELETED) { ++ dtost(dentry) = DEL_REWRITTEN; ++ err = mini_fo_tri_interpose(NULL, hidden_sto_dentry, dentry, dir->i_sb, 0); ++ if(err) ++ goto out_lock; ++ } ++ else if(dtopd(dentry)->state == NON_EXISTANT) { ++ dtopd(dentry)->state = CREATED; ++ err = mini_fo_tri_interpose(dtohd(dentry), hidden_sto_dentry, dentry, dir->i_sb, 0); ++ if(err) ++ goto out_lock; ++ } ++ else if(dtopd(dentry)->state == UNMODIFIED) { ++ dtopd(dentry)->state = MODIFIED; ++ /* interpose on new inode */ ++ if(itohi2(dentry->d_inode) != NULL) { ++ printk(KERN_CRIT "mini_fo: create_sto_dir: ERROR, invalid inode detected.\n"); ++ err = -EINVAL; ++ goto out_lock; ++ } ++ itohi2(dentry->d_inode) = igrab(dtohd2(dentry)->d_inode); ++ } ++ ++ fist_copy_attr_timesizes(dir, hidden_sto_dir_dentry->d_inode); ++ ++ /* initalize the wol list */ ++ itopd(dentry->d_inode)->deleted_list_size = -1; ++ itopd(dentry->d_inode)->renamed_list_size = -1; ++ meta_build_lists(dentry); ++ ++ ++ out_lock: ++ /* was: unlock_dir(hidden_sto_dir_dentry); */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ up(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ dput(hidden_sto_dir_dentry); ++ out: ++ return err; ++} ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++int create_sto_nod(dentry_t *dentry, int mode, dev_t dev) ++#else ++int create_sto_nod(dentry_t *dentry, int mode, int dev) ++#endif ++{ ++ int err = 0; ++ inode_t *dir; ++ dentry_t *hidden_sto_dentry; ++ dentry_t *hidden_sto_dir_dentry; ++ ++ if(exists_in_storage(dentry)) { ++ err = -EEXIST; ++ goto out; ++ } ++ err = get_neg_sto_dentry(dentry); ++ ++ if (err) { ++ printk(KERN_CRIT "mini_fo: create_sto_nod: ERROR getting neg. sto dentry.\n"); ++ goto out; ++ } ++ ++ dir = dentry->d_parent->d_inode; ++ hidden_sto_dentry = dtohd2(dentry); ++ ++ /* lock parent */ ++ hidden_sto_dir_dentry = dget(hidden_sto_dentry->d_parent); ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ down(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ ++ err = PTR_ERR(hidden_sto_dir_dentry); ++ if (IS_ERR(hidden_sto_dir_dentry)) ++ goto out; ++ ++ err = vfs_mknod(hidden_sto_dir_dentry->d_inode, hidden_sto_dentry, mode, dev); ++ if(err) ++ goto out_lock; ++ ++ if(!dtohd2(dentry)->d_inode) { ++ printk(KERN_CRIT "mini_fo: create_sto_nod: creating storage inode failed [1].\n"); ++ err = -EINVAL; /* return something indicating failure */ ++ goto out_lock; ++ } ++ ++ /* interpose the new inode */ ++ if(dtost(dentry) == DELETED) { ++ dtost(dentry) = DEL_REWRITTEN; ++ err = mini_fo_tri_interpose(NULL, hidden_sto_dentry, dentry, dir->i_sb, 0); ++ if(err) ++ goto out_lock; ++ } ++ else if(dtost(dentry) == NON_EXISTANT) { ++ dtost(dentry) = CREATED; ++ err = mini_fo_tri_interpose(dtohd(dentry), hidden_sto_dentry, dentry, dir->i_sb, 0); ++ if(err) ++ goto out_lock; ++ } ++ else if(dtost(dentry) == UNMODIFIED) { ++ dtost(dentry) = MODIFIED; ++ /* interpose on new inode */ ++ if(itohi2(dentry->d_inode) != NULL) { ++ printk(KERN_CRIT "mini_fo: create_sto_nod: error, invalid inode detected.\n"); ++ err = -EINVAL; ++ goto out_lock; ++ } ++ itohi2(dentry->d_inode) = igrab(dtohd2(dentry)->d_inode); ++ } ++ ++ fist_copy_attr_timesizes(dir, hidden_sto_dir_dentry->d_inode); ++ ++ out_lock: ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ up(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ dput(hidden_sto_dir_dentry); ++ out: ++ return err; ++} ++ ++ ++/* unimplemented (and possibly not usefull): ++ ++ nondir-del_to_del_rew ++ nondir-non_exist_to_creat ++ ++ dir-unmod_to_del ++ dir-mod_to_del ++ dir-creat_to_del ++ dir-del_rew_to_del ++ dir-del_to_del_rew ++ dir-non_exist_to_creat ++*/ ++ ++ ++/* bring a file of any type from state UNMODIFIED to MODIFIED */ ++int nondir_unmod_to_mod(dentry_t *dentry, int cp_flag) ++{ ++ int err = 0; ++ struct vfsmount *tgt_mnt; ++ struct vfsmount *src_mnt; ++ dentry_t *tgt_dentry; ++ dentry_t *src_dentry; ++ dentry_t *hidden_sto_dentry; ++ dentry_t *hidden_sto_dir_dentry; ++ ++ check_mini_fo_dentry(dentry); ++ ++ if((dtost(dentry) != UNMODIFIED) || ++ S_ISDIR(dentry->d_inode->i_mode)) { ++ printk(KERN_CRIT "mini_fo: nondir_unmod_to_mod: \ ++ wrong type or state.\n"); ++ err = -1; ++ goto out; ++ } ++ err = get_neg_sto_dentry(dentry); ++ ++ if (err) { ++ printk(KERN_CRIT "mini_fo: nondir_unmod_to_mod: \ ++ ERROR getting neg. sto dentry.\n"); ++ goto out; ++ } ++ ++ /* create sto file */ ++ hidden_sto_dentry = dtohd2(dentry); ++ ++ /* lock parent */ ++ hidden_sto_dir_dentry = dget(hidden_sto_dentry->d_parent); ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ down(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ ++ err = PTR_ERR(hidden_sto_dir_dentry); ++ if (IS_ERR(hidden_sto_dir_dentry)) ++ goto out; ++ ++ /* handle different types of nondirs */ ++ if(S_ISCHR(dentry->d_inode->i_mode) || ++ S_ISBLK(dentry->d_inode->i_mode)) { ++ err = vfs_mknod(hidden_sto_dir_dentry->d_inode, ++ hidden_sto_dentry, ++ dtohd(dentry)->d_inode->i_mode, ++ dtohd(dentry)->d_inode->i_rdev); ++ } ++ ++ else if(S_ISREG(dentry->d_inode->i_mode)) { ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ err = vfs_create(hidden_sto_dir_dentry->d_inode, ++ hidden_sto_dentry, ++ dtohd(dentry)->d_inode->i_mode, NULL); ++#else ++ err = vfs_create(hidden_sto_dir_dentry->d_inode, ++ hidden_sto_dentry, ++ dtohd(dentry)->d_inode->i_mode); ++#endif ++ } ++ if(err) { ++ printk(KERN_CRIT "mini_fo: nondir_unmod_to_mod: \ ++ ERROR creating sto file.\n"); ++ goto out_lock; ++ } ++ ++ /* interpose on new inode */ ++ if(itohi2(dentry->d_inode) != NULL) { ++ printk(KERN_CRIT "mini_fo: nondir_unmod_to_mod: \ ++ ERROR, invalid inode detected.\n"); ++ err = -EINVAL; ++ goto out_lock; ++ } ++ ++ itohi2(dentry->d_inode) = igrab(dtohd2(dentry)->d_inode); ++ ++ fist_copy_attr_timesizes(dentry->d_parent->d_inode, ++ hidden_sto_dir_dentry->d_inode); ++ dtost(dentry) = MODIFIED; ++ ++ /* copy contents if regular file and cp_flag = 1 */ ++ if((cp_flag == 1) && S_ISREG(dentry->d_inode->i_mode)) { ++ ++ /* unlock first */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ up(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ ++ dput(hidden_sto_dir_dentry); ++ ++ tgt_dentry = dtohd2(dentry); ++ tgt_mnt = stopd(dentry->d_inode->i_sb)->hidden_mnt2; ++ src_dentry = dtohd(dentry); ++ src_mnt = stopd(dentry->d_inode->i_sb)->hidden_mnt; ++ ++ err = mini_fo_cp_cont(tgt_dentry, tgt_mnt, ++ src_dentry, src_mnt); ++ if(err) { ++ printk(KERN_CRIT "mini_fo: nondir_unmod_to_mod: \ ++ ERROR copying contents.\n"); ++ } ++ goto out; ++ } ++ ++ out_lock: ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ up(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ dput(hidden_sto_dir_dentry); ++ out: ++ return err; ++} ++ ++/* this function is currently identical to nondir_creat_to_del */ ++int nondir_del_rew_to_del(dentry_t *dentry) ++{ ++ return nondir_creat_to_del(dentry); ++} ++ ++int nondir_creat_to_del(dentry_t *dentry) ++{ ++ int err = 0; ++ ++ inode_t *hidden_sto_dir_inode; ++ dentry_t *hidden_sto_dir_dentry; ++ dentry_t *hidden_sto_dentry; ++ ++ check_mini_fo_dentry(dentry); ++ ++ /* for now this function serves for both state DEL_REWRITTEN and ++ * CREATED */ ++ if(!(dtost(dentry) == CREATED || (dtost(dentry) == DEL_REWRITTEN)) || ++ S_ISDIR(dentry->d_inode->i_mode)) { ++ printk(KERN_CRIT "mini_fo: nondir_mod_to_del/del_rew_to_del: \ ++ wrong type or state.\n"); ++ err = -1; ++ goto out; ++ } ++ ++ hidden_sto_dir_inode = itohi2(dentry->d_parent->d_inode); ++ hidden_sto_dentry = dtohd2(dentry); ++ ++ /* was: hidden_sto_dir_dentry = lock_parent(hidden_sto_dentry);*/ ++ hidden_sto_dir_dentry = dget(hidden_sto_dentry->d_parent); ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ down(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ ++ /* avoid destroying the hidden inode if the file is in use */ ++ dget(hidden_sto_dentry); ++ err = vfs_unlink(hidden_sto_dir_inode, hidden_sto_dentry); ++ dput(hidden_sto_dentry); ++ if(!err) ++ d_delete(hidden_sto_dentry); ++ ++ /* propagate number of hard-links */ ++ dentry->d_inode->i_nlink = itohi2(dentry->d_inode)->i_nlink; ++ ++ dtost(dentry) = NON_EXISTANT; ++ ++ /* was: unlock_dir(hidden_sto_dir_dentry); */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ up(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ dput(hidden_sto_dir_dentry); ++ ++ out: ++ return err; ++} ++ ++int nondir_mod_to_del(dentry_t *dentry) ++{ ++ int err; ++ dentry_t *hidden_sto_dentry; ++ inode_t *hidden_sto_dir_inode; ++ dentry_t *hidden_sto_dir_dentry; ++ ++ check_mini_fo_dentry(dentry); ++ ++ if(dtost(dentry) != MODIFIED || ++ S_ISDIR(dentry->d_inode->i_mode)) { ++ printk(KERN_CRIT "mini_fo: nondir_mod_to_del: \ ++ wrong type or state.\n"); ++ err = -1; ++ goto out; ++ } ++ ++ hidden_sto_dir_inode = itohi2(dentry->d_parent->d_inode); ++ hidden_sto_dentry = dtohd2(dentry); ++ ++ /* was hidden_sto_dir_dentry = lock_parent(hidden_sto_dentry); */ ++ hidden_sto_dir_dentry = dget(hidden_sto_dentry->d_parent); ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_lock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ down(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ ++ /* avoid destroying the hidden inode if the file is in use */ ++ dget(hidden_sto_dentry); ++ err = vfs_unlink(hidden_sto_dir_inode, hidden_sto_dentry); ++ dput(hidden_sto_dentry); ++ if(!err) ++ d_delete(hidden_sto_dentry); ++ ++ /* propagate number of hard-links */ ++ dentry->d_inode->i_nlink = itohi2(dentry->d_inode)->i_nlink; ++ ++ /* dput base dentry, this will relase the inode and free the ++ * dentry, as we will never need it again. */ ++ dput(dtohd(dentry)); ++ dtohd(dentry) = NULL; ++ dtost(dentry) = DELETED; ++ ++ /* add deleted file to META-file */ ++ meta_add_d_entry(dentry->d_parent, ++ dentry->d_name.name, ++ dentry->d_name.len); ++ ++ /* was: unlock_dir(hidden_sto_dir_dentry); */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) ++ mutex_unlock(&hidden_sto_dir_dentry->d_inode->i_mutex); ++#else ++ up(&hidden_sto_dir_dentry->d_inode->i_sem); ++#endif ++ dput(hidden_sto_dir_dentry); ++ ++ out: ++ return err; ++} ++ ++int nondir_unmod_to_del(dentry_t *dentry) ++{ ++ int err = 0; ++ ++ check_mini_fo_dentry(dentry); ++ ++ if(dtost(dentry) != UNMODIFIED || ++ S_ISDIR(dentry->d_inode->i_mode)) { ++ printk(KERN_CRIT "mini_fo: nondir_unmod_to_del: \ ++ wrong type or state.\n"); ++ err = -1; ++ goto out; ++ } ++ ++ /* next we have to get a negative dentry for the storage file */ ++ err = get_neg_sto_dentry(dentry); ++ ++ if(err) ++ goto out; ++ ++ /* add deleted file to META lists */ ++ err = meta_add_d_entry(dentry->d_parent, ++ dentry->d_name.name, ++ dentry->d_name.len); ++ ++ if(err) ++ goto out; ++ ++ /* dput base dentry, this will relase the inode and free the ++ * dentry, as we will never need it again. */ ++ dput(dtohd(dentry)); ++ dtohd(dentry) = NULL; ++ dtost(dentry) = DELETED; ++ ++ out: ++ return err; ++} ++ ++/* bring a dir from state UNMODIFIED to MODIFIED */ ++int dir_unmod_to_mod(dentry_t *dentry) ++{ ++ int err; ++ ++ check_mini_fo_dentry(dentry); ++ ++ if(dtost(dentry) != UNMODIFIED || ++ !S_ISDIR(dentry->d_inode->i_mode)) { ++ printk(KERN_CRIT "mini_fo: dir_unmod_to_mod: \ ++ wrong type or state.\n"); ++ err = -1; ++ goto out; ++ } ++ ++ /* this creates our dir incl. sto. structure */ ++ err = build_sto_structure(dentry->d_parent, dentry); ++ if(err) { ++ printk(KERN_CRIT "mini_fo: dir_unmod_to_mod: \ ++ build_sto_structure failed.\n"); ++ goto out; ++ } ++ out: ++ return err; ++} ++ +--- /dev/null ++++ b/fs/mini_fo/super.c +@@ -0,0 +1,281 @@ ++/* ++ * Copyright (c) 1997-2003 Erez Zadok ++ * Copyright (c) 2001-2003 Stony Brook University ++ * ++ * For specific licensing information, see the COPYING file distributed with ++ * this package, or get one from ftp://ftp.filesystems.org/pub/fist/COPYING. ++ * ++ * This Copyright notice must be kept intact and distributed with all ++ * fistgen sources INCLUDING sources generated by fistgen. ++ */ ++/* ++ * Copyright (C) 2004, 2005 Markus Klotzbuecher <mk@creamnet.de> ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ */ ++ ++/* ++ * $Id$ ++ */ ++ ++#ifdef HAVE_CONFIG_H ++# include <config.h> ++#endif ++ ++#include "fist.h" ++#include "mini_fo.h" ++ ++ ++STATIC void ++mini_fo_read_inode(inode_t *inode) ++{ ++ static struct address_space_operations mini_fo_empty_aops; ++ ++ __itopd(inode) = kmalloc(sizeof(struct mini_fo_inode_info), GFP_KERNEL); ++ if (!itopd(inode)) { ++ printk("<0>%s:%s:%d: No kernel memory!\n", __FILE__, __FUNCTION__, __LINE__); ++ ASSERT(NULL); ++ } ++ itohi(inode) = NULL; ++ itohi2(inode) = NULL; ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++ inode->i_version++; ++#else ++ inode->i_version = ++event; /* increment inode version */ ++#endif ++ inode->i_op = &mini_fo_main_iops; ++ inode->i_fop = &mini_fo_main_fops; ++#if 0 ++ /* ++ * XXX: To export a file system via NFS, it has to have the ++ * FS_REQUIRES_DEV flag, so turn it on. But should we inherit it from ++ * the lower file system, or can we allow our file system to be exported ++ * even if the lower one cannot be natively exported. ++ */ ++ inode->i_sb->s_type->fs_flags |= FS_REQUIRES_DEV; ++ /* ++ * OK, the above was a hack, which is now turned off because it may ++ * cause a panic/oops on some systems. The correct way to export a ++ * "nodev" filesystem is via using nfs-utils > 1.0 and the "fsid=" export ++ * parameter, which requires 2.4.20 or later. ++ */ ++#endif ++ /* I don't think ->a_ops is ever allowed to be NULL */ ++ inode->i_mapping->a_ops = &mini_fo_empty_aops; ++} ++ ++ ++#if defined(FIST_DEBUG) || defined(FIST_FILTER_SCA) ++/* ++ * No need to call write_inode() on the lower inode, as it ++ * will have been marked 'dirty' anyway. But we might need ++ * to write some of our own stuff to disk. ++ */ ++STATIC void ++mini_fo_write_inode(inode_t *inode, int sync) ++{ ++ print_entry_location(); ++ print_exit_location(); ++} ++#endif /* defined(FIST_DEBUG) || defined(FIST_FILTER_SCA) */ ++ ++ ++STATIC void ++mini_fo_put_inode(inode_t *inode) ++{ ++ /* ++ * This is really funky stuff: ++ * Basically, if i_count == 1, iput will then decrement it and this inode will be destroyed. ++ * It is currently holding a reference to the hidden inode. ++ * Therefore, it needs to release that reference by calling iput on the hidden inode. ++ * iput() _will_ do it for us (by calling our clear_inode), but _only_ if i_nlink == 0. ++ * The problem is, NFS keeps i_nlink == 1 for silly_rename'd files. ++ * So we must for our i_nlink to 0 here to trick iput() into calling our clear_inode. ++ */ ++ if (atomic_read(&inode->i_count) == 1) ++ inode->i_nlink = 0; ++} ++ ++ ++#if defined(FIST_DEBUG) || defined(FIST_FILTER_SCA) ++/* ++ * we now define delete_inode, because there are two VFS paths that may ++ * destroy an inode: one of them calls clear inode before doing everything ++ * else that's needed, and the other is fine. This way we truncate the inode ++ * size (and its pages) and then clear our own inode, which will do an iput ++ * on our and the lower inode. ++ */ ++STATIC void ++mini_fo_delete_inode(inode_t *inode) ++{ ++ print_entry_location(); ++ ++ fist_checkinode(inode, "mini_fo_delete_inode IN"); ++ inode->i_size = 0; /* every f/s seems to do that */ ++ clear_inode(inode); ++ ++ print_exit_location(); ++} ++#endif /* defined(FIST_DEBUG) || defined(FIST_FILTER_SCA) */ ++ ++ ++/* final actions when unmounting a file system */ ++STATIC void ++mini_fo_put_super(super_block_t *sb) ++{ ++ if (stopd(sb)) { ++ mntput(stopd(sb)->hidden_mnt); ++ mntput(stopd(sb)->hidden_mnt2); ++ ++ /* mk: no! dput(stopd(sb)->base_dir_dentry); ++ dput(stopd(sb)->storage_dir_dentry); */ ++ ++ kfree(stopd(sb)); ++ __stopd(sb) = NULL; ++ } ++} ++ ++ ++#ifdef NOT_NEEDED ++/* ++ * This is called in do_umount before put_super. ++ * The superblock lock is not held yet. ++ * We probably do not need to define this or call write_super ++ * on the hidden_sb, because sync_supers() will get to hidden_sb ++ * sooner or later. But it is also called from file_fsync()... ++ */ ++STATIC void ++mini_fo_write_super(super_block_t *sb) ++{ ++ return; ++} ++#endif /* NOT_NEEDED */ ++ ++ ++STATIC int ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18) ++mini_fo_statfs(struct dentry *d, struct kstatfs *buf) ++#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++mini_fo_statfs(super_block_t *sb, struct kstatfs *buf) ++#else ++mini_fo_statfs(super_block_t *sb, struct statfs *buf) ++#endif ++{ ++ int err = 0; ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18) ++ struct dentry *hidden_d; ++ ++ hidden_d = dtohd(d); ++ err = vfs_statfs(hidden_d, buf); ++#else ++ super_block_t *hidden_sb; ++ ++ hidden_sb = stohs(sb); ++ err = vfs_statfs(hidden_sb, buf); ++#endif ++ ++ return err; ++} ++ ++ ++/* ++ * XXX: not implemented. This is not allowed yet. ++ * Should we call this on the hidden_sb? Probably not. ++ */ ++STATIC int ++mini_fo_remount_fs(super_block_t *sb, int *flags, char *data) ++{ ++ //printk(KERN_CRIT "mini_fo_remount_fs: WARNING, this function is umimplemented.\n"); ++ return -ENOSYS; ++} ++ ++ ++/* ++ * Called by iput() when the inode reference count reached zero ++ * and the inode is not hashed anywhere. Used to clear anything ++ * that needs to be, before the inode is completely destroyed and put ++ * on the inode free list. ++ */ ++STATIC void ++mini_fo_clear_inode(inode_t *inode) ++{ ++ /* ++ * Decrement a reference to a hidden_inode, which was incremented ++ * by our read_inode when it was created initially. ++ */ ++ ++ /* release the wol_list */ ++ if(S_ISDIR(inode->i_mode)) { ++ __meta_put_lists(inode); ++ } ++ ++ /* mk: fan out fun */ ++ if(itohi(inode)) ++ iput(itohi(inode)); ++ if(itohi2(inode)) ++ iput(itohi2(inode)); ++ ++ // XXX: why this assertion fails? ++ // because it doesn't like us ++ // ASSERT((inode->i_state & I_DIRTY) == 0); ++ kfree(itopd(inode)); ++ __itopd(inode) = NULL; ++} ++ ++ ++/* ++ * Called in do_umount() if the MNT_FORCE flag was used and this ++ * function is defined. See comment in linux/fs/super.c:do_umount(). ++ * Used only in nfs, to kill any pending RPC tasks, so that subsequent ++ * code can actually succeed and won't leave tasks that need handling. ++ * ++ * PS. I wonder if this is somehow useful to undo damage that was ++ * left in the kernel after a user level file server (such as amd) ++ * dies. ++ */ ++STATIC void ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18) ++mini_fo_umount_begin(struct vfsmount *mnt, int flags) ++{ ++ struct vfsmount *hidden_mnt; ++ ++ hidden_mnt = stopd(mnt->mnt_sb)->hidden_mnt; ++ ++ if (hidden_mnt->mnt_sb->s_op->umount_begin) ++ hidden_mnt->mnt_sb->s_op->umount_begin(hidden_mnt, flags); ++ ++} ++#else ++mini_fo_umount_begin(super_block_t *sb) ++{ ++ super_block_t *hidden_sb; ++ ++ hidden_sb = stohs(sb); ++ ++ if (hidden_sb->s_op->umount_begin) ++ hidden_sb->s_op->umount_begin(hidden_sb); ++ ++} ++#endif ++ ++ ++struct super_operations mini_fo_sops = ++{ ++ read_inode: mini_fo_read_inode, ++#if defined(FIST_DEBUG) || defined(FIST_FILTER_SCA) ++ write_inode: mini_fo_write_inode, ++#endif /* defined(FIST_DEBUG) || defined(FIST_FILTER_SCA) */ ++ put_inode: mini_fo_put_inode, ++#if defined(FIST_DEBUG) || defined(FIST_FILTER_SCA) ++ delete_inode: mini_fo_delete_inode, ++#endif /* defined(FIST_DEBUG) || defined(FIST_FILTER_SCA) */ ++ put_super: mini_fo_put_super, ++ statfs: mini_fo_statfs, ++ remount_fs: mini_fo_remount_fs, ++ clear_inode: mini_fo_clear_inode, ++ umount_begin: mini_fo_umount_begin, ++}; diff --git a/target/linux/generic-2.6/patches-2.6.27/210-mini_fo_2.6.25_fixes.patch b/target/linux/generic-2.6/patches-2.6.27/210-mini_fo_2.6.25_fixes.patch new file mode 100644 index 0000000000..22ca3900e9 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/210-mini_fo_2.6.25_fixes.patch @@ -0,0 +1,143 @@ +--- a/fs/mini_fo/main.c ++++ b/fs/mini_fo/main.c +@@ -79,6 +79,7 @@ + * of the new inode's fields + */ + ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,25) + /* + * original: inode = iget(sb, hidden_inode->i_ino); + */ +@@ -87,6 +88,13 @@ + err = -EACCES; /* should be impossible??? */ + goto out; + } ++#else ++ inode = mini_fo_iget(sb, iunique(sb, 25)); ++ if (IS_ERR(inode)) { ++ err = PTR_ERR(inode); ++ goto out; ++ } ++#endif + + /* + * interpose the inode if not already interposed +@@ -184,9 +192,9 @@ + hidden_root = ERR_PTR(err); + goto out; + } +- hidden_root = nd.dentry; +- stopd(sb)->base_dir_dentry = nd.dentry; +- stopd(sb)->hidden_mnt = nd.mnt; ++ hidden_root = nd_get_dentry(&nd); ++ stopd(sb)->base_dir_dentry = nd_get_dentry(&nd); ++ stopd(sb)->hidden_mnt = nd_get_mnt(&nd); + + } else if(!strncmp("sto=", options, 4)) { + /* parse the storage dir */ +@@ -204,9 +212,9 @@ + hidden_root2 = ERR_PTR(err); + goto out; + } +- hidden_root2 = nd2.dentry; +- stopd(sb)->storage_dir_dentry = nd2.dentry; +- stopd(sb)->hidden_mnt2 = nd2.mnt; ++ hidden_root2 = nd_get_dentry(&nd2); ++ stopd(sb)->storage_dir_dentry = nd_get_dentry(&nd2); ++ stopd(sb)->hidden_mnt2 = nd_get_mnt(&nd2); + stohs2(sb) = hidden_root2->d_sb; + + /* validate storage dir, this is done in +--- a/fs/mini_fo/mini_fo.h ++++ b/fs/mini_fo/mini_fo.h +@@ -302,6 +302,10 @@ + extern int mini_fo_cp_cont(dentry_t *tgt_dentry, struct vfsmount *tgt_mnt, + dentry_t *src_dentry, struct vfsmount *src_mnt); + ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25) ++extern struct inode *mini_fo_iget(struct super_block *sb, unsigned long ino); ++#endif ++ + #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) + extern int mini_fo_create(inode_t *dir, dentry_t *dentry, int mode, struct nameidata *nd); + +@@ -501,6 +505,29 @@ + #endif /* if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) */ + #endif /* __KERNEL__ */ + ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25) ++static inline dentry_t *nd_get_dentry(struct nameidata *nd) ++{ ++ return (nd->path.dentry); ++} ++ ++static inline struct vfsmount *nd_get_mnt(struct nameidata *nd) ++{ ++ return (nd->path.mnt); ++} ++#else ++static inline dentry_t *nd_get_dentry(struct nameidata *nd) ++{ ++ return (nd->dentry); ++} ++ ++static inline struct vfsmount *nd_get_mnt(struct nameidata *nd) ++{ ++ return (nd->mnt); ++} ++#endif ++ + /* + * Definitions for user and kernel code + */ +--- a/fs/mini_fo/super.c ++++ b/fs/mini_fo/super.c +@@ -262,10 +262,31 @@ + } + #endif + ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25) ++struct inode * ++mini_fo_iget(struct super_block *sb, unsigned long ino) ++{ ++ struct inode *inode; ++ ++ inode = iget_locked(sb, ino); ++ if (!inode) ++ return ERR_PTR(-ENOMEM); ++ ++ if (!(inode->i_state & I_NEW)) ++ return inode; ++ ++ mini_fo_read_inode(inode); ++ ++ unlock_new_inode(inode); ++ return inode; ++} ++#endif /* if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25) */ + + struct super_operations mini_fo_sops = + { ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,25) + read_inode: mini_fo_read_inode, ++#endif + #if defined(FIST_DEBUG) || defined(FIST_FILTER_SCA) + write_inode: mini_fo_write_inode, + #endif /* defined(FIST_DEBUG) || defined(FIST_FILTER_SCA) */ +--- a/fs/mini_fo/aux.c ++++ b/fs/mini_fo/aux.c +@@ -164,11 +164,11 @@ + err = vfs_path_lookup(mnt->mnt_root, mnt, bpath+1, 0, &nd); + + /* validate */ +- if (err || !nd.dentry || !nd.dentry->d_inode) { ++ if (err || !nd_get_dentry(&nd) || !nd_get_dentry(&nd)->d_inode) { + printk(KERN_CRIT "mini_fo: bpath_walk: path_walk failed.\n"); + return NULL; + } +- return nd.dentry; ++ return nd_get_dentry(&nd); + } + + diff --git a/target/linux/generic-2.6/patches-2.6.27/211-mini_fo_2.6.25_dentry_open_war.patch b/target/linux/generic-2.6/patches-2.6.27/211-mini_fo_2.6.25_dentry_open_war.patch new file mode 100644 index 0000000000..14a9f37666 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/211-mini_fo_2.6.25_dentry_open_war.patch @@ -0,0 +1,66 @@ +--- a/fs/mini_fo/meta.c ++++ b/fs/mini_fo/meta.c +@@ -442,6 +442,11 @@ + S_IRUSR | S_IWUSR); + #endif + } ++ ++ /* $%& err, is this correct? */ ++ meta_mnt = stopd(dentry->d_inode->i_sb)->hidden_mnt2; ++ mntget(meta_mnt); ++ + /* open META-file for writing */ + meta_file = dentry_open(meta_dentry, meta_mnt, 0x1); + if(!meta_file || IS_ERR(meta_file)) { +@@ -535,6 +540,11 @@ + meta_dentry, S_IRUSR | S_IWUSR); + #endif + } ++ ++ /* $%& err, is this correct? */ ++ meta_mnt = stopd(dentry->d_inode->i_sb)->hidden_mnt2; ++ mntget(meta_mnt); ++ + /* open META-file for writing */ + meta_file = dentry_open(meta_dentry, meta_mnt, 0x1); + if(!meta_file || IS_ERR(meta_file)) { +@@ -671,14 +681,16 @@ + } + } + ++ /* $%& err, is this correct? */ ++ meta_mnt = stopd(dentry->d_inode->i_sb)->hidden_mnt2; ++ mntget(meta_mnt); ++ + /* open META-file for writing */ + meta_file = dentry_open(meta_dentry, meta_mnt, 0x1); + if(!meta_file || IS_ERR(meta_file)) { + printk(KERN_CRIT "mini_fo: meta_sync_d_list: \ + ERROR opening meta file.\n"); +- /* we don't mntget so we dont't mntput (for now) +- * mntput(meta_mnt); +- */ ++ mntput(meta_mnt); + dput(meta_dentry); + err = -1; + goto out; +@@ -811,14 +823,16 @@ + } + } + ++ /* $%& err, is this correct? */ ++ meta_mnt = stopd(dentry->d_inode->i_sb)->hidden_mnt2; ++ mntget(meta_mnt); ++ + /* open META-file for writing */ + meta_file = dentry_open(meta_dentry, meta_mnt, 0x1); + if(!meta_file || IS_ERR(meta_file)) { + printk(KERN_CRIT "mini_fo: meta_sync_r_list: \ + ERROR opening meta file.\n"); +- /* we don't mntget so we dont't mntput (for now) +- * mntput(meta_mnt); +- */ ++ mntput(meta_mnt); + dput(meta_dentry); + err = -1; + goto out; diff --git a/target/linux/generic-2.6/patches-2.6.27/212-mini_fo_2.6.26_fixes.patch b/target/linux/generic-2.6/patches-2.6.27/212-mini_fo_2.6.26_fixes.patch new file mode 100644 index 0000000000..f4a4572b45 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/212-mini_fo_2.6.26_fixes.patch @@ -0,0 +1,37 @@ +--- a/fs/mini_fo/super.c ++++ b/fs/mini_fo/super.c +@@ -84,6 +84,7 @@ + #endif /* defined(FIST_DEBUG) || defined(FIST_FILTER_SCA) */ + + ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,26) + STATIC void + mini_fo_put_inode(inode_t *inode) + { +@@ -99,6 +100,7 @@ + if (atomic_read(&inode->i_count) == 1) + inode->i_nlink = 0; + } ++#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(2,6,26) */ + + + #if defined(FIST_DEBUG) || defined(FIST_FILTER_SCA) +@@ -238,7 +240,7 @@ + * dies. + */ + STATIC void +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18) ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,18)) && (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,26)) + mini_fo_umount_begin(struct vfsmount *mnt, int flags) + { + struct vfsmount *hidden_mnt; +@@ -290,7 +292,9 @@ + #if defined(FIST_DEBUG) || defined(FIST_FILTER_SCA) + write_inode: mini_fo_write_inode, + #endif /* defined(FIST_DEBUG) || defined(FIST_FILTER_SCA) */ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,26) + put_inode: mini_fo_put_inode, ++#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(2,6,26) */ + #if defined(FIST_DEBUG) || defined(FIST_FILTER_SCA) + delete_inode: mini_fo_delete_inode, + #endif /* defined(FIST_DEBUG) || defined(FIST_FILTER_SCA) */ diff --git a/target/linux/generic-2.6/patches-2.6.27/213-mini_fo_2.6.27_fixes.patch b/target/linux/generic-2.6/patches-2.6.27/213-mini_fo_2.6.27_fixes.patch new file mode 100644 index 0000000000..a7b4e4ace4 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/213-mini_fo_2.6.27_fixes.patch @@ -0,0 +1,31 @@ +--- a/fs/mini_fo/inode.c ++++ b/fs/mini_fo/inode.c +@@ -439,7 +439,7 @@ + int err=0; + dentry_t *hidden_sto_dentry; + dentry_t *hidden_sto_dir_dentry; +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)) && (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,27)) + umode_t mode; + #endif + +@@ -466,7 +466,7 @@ + down(&hidden_sto_dir_dentry->d_inode->i_sem); + #endif + +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)) && (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,27)) + mode = S_IALLUGO; + err = vfs_symlink(hidden_sto_dir_dentry->d_inode, + hidden_sto_dentry, symname, mode); +@@ -1151,7 +1151,9 @@ + * goto out; + */ + +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27) ++ err = generic_permission(hidden_inode, mask, NULL); ++#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) + err = permission(hidden_inode, mask, nd); + #else + err = permission(hidden_inode, mask); diff --git a/target/linux/generic-2.6/patches-2.6.27/219-kobject_uevent.patch b/target/linux/generic-2.6/patches-2.6.27/219-kobject_uevent.patch new file mode 100644 index 0000000000..93ed1d035c --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/219-kobject_uevent.patch @@ -0,0 +1,42 @@ +--- a/lib/kobject_uevent.c ++++ b/lib/kobject_uevent.c +@@ -29,7 +29,8 @@ + char uevent_helper[UEVENT_HELPER_PATH_LEN] = CONFIG_UEVENT_HELPER_PATH; + static DEFINE_SPINLOCK(sequence_lock); + #if defined(CONFIG_NET) +-static struct sock *uevent_sock; ++struct sock *uevent_sock = NULL; ++EXPORT_SYMBOL_GPL(uevent_sock); + #endif + + /* the strings here must match the enum in include/linux/kobject.h */ +@@ -42,6 +43,18 @@ + [KOBJ_OFFLINE] = "offline", + }; + ++u64 uevent_next_seqnum(void) ++{ ++ u64 seq; ++ ++ spin_lock(&sequence_lock); ++ seq = ++uevent_seqnum; ++ spin_unlock(&sequence_lock); ++ ++ return seq; ++} ++EXPORT_SYMBOL_GPL(uevent_next_seqnum); ++ + /** + * kobject_action_type - translate action string to numeric type + * +@@ -194,9 +207,7 @@ + kobj->state_remove_uevent_sent = 1; + + /* we will send an event, so request a new sequence number */ +- spin_lock(&sequence_lock); +- seq = ++uevent_seqnum; +- spin_unlock(&sequence_lock); ++ seq = uevent_next_seqnum(); + retval = add_uevent_var(env, "SEQNUM=%llu", (unsigned long long)seq); + if (retval) + goto exit; diff --git a/target/linux/generic-2.6/patches-2.6.27/220-sound_kconfig.patch b/target/linux/generic-2.6/patches-2.6.27/220-sound_kconfig.patch new file mode 100644 index 0000000000..c514f890f0 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/220-sound_kconfig.patch @@ -0,0 +1,11 @@ +--- a/sound/core/Kconfig ++++ b/sound/core/Kconfig +@@ -7,7 +7,7 @@ + select SND_TIMER + + config SND_HWDEP +- tristate ++ tristate "Sound hardware support" + + config SND_RAWMIDI + tristate diff --git a/target/linux/generic-2.6/patches-2.6.27/400-ledtrig_morse.patch b/target/linux/generic-2.6/patches-2.6.27/400-ledtrig_morse.patch new file mode 100644 index 0000000000..b0a3b2a68f --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/400-ledtrig_morse.patch @@ -0,0 +1,18 @@ +--- a/drivers/leds/Kconfig ++++ b/drivers/leds/Kconfig +@@ -206,4 +206,8 @@ + This allows LEDs to be initialised in the ON state. + If unsure, say Y. + ++config LEDS_TRIGGER_MORSE ++ tristate "LED Morse Trigger" ++ depends on LEDS_TRIGGERS ++ + endif # NEW_LEDS +--- a/drivers/leds/Makefile ++++ b/drivers/leds/Makefile +@@ -29,3 +29,4 @@ + obj-$(CONFIG_LEDS_TRIGGER_IDE_DISK) += ledtrig-ide-disk.o + obj-$(CONFIG_LEDS_TRIGGER_HEARTBEAT) += ledtrig-heartbeat.o + obj-$(CONFIG_LEDS_TRIGGER_DEFAULT_ON) += ledtrig-default-on.o ++obj-$(CONFIG_LEDS_TRIGGER_MORSE) += ledtrig-morse.o diff --git a/target/linux/generic-2.6/patches-2.6.27/401-led_alix.patch b/target/linux/generic-2.6/patches-2.6.27/401-led_alix.patch new file mode 100644 index 0000000000..1bec37ecba --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/401-led_alix.patch @@ -0,0 +1,25 @@ +--- a/drivers/leds/Kconfig ++++ b/drivers/leds/Kconfig +@@ -77,6 +77,12 @@ + help + This option enables support for the PCEngines WRAP programmable LEDs. + ++config LEDS_ALIX ++ tristate "LED Support for the ALIX 2/3 boards" ++ depends on LEDS_CLASS ++ help ++ This option enables support for the three LEDs on the PCEngines ALIX 2/3 boards. ++ + config LEDS_H1940 + tristate "LED Support for iPAQ H1940 device" + depends on LEDS_CLASS && ARCH_H1940 +--- a/drivers/leds/Makefile ++++ b/drivers/leds/Makefile +@@ -13,6 +13,7 @@ + obj-$(CONFIG_LEDS_AMS_DELTA) += leds-ams-delta.o + obj-$(CONFIG_LEDS_NET48XX) += leds-net48xx.o + obj-$(CONFIG_LEDS_WRAP) += leds-wrap.o ++obj-$(CONFIG_LEDS_ALIX) += leds-alix.o + obj-$(CONFIG_LEDS_H1940) += leds-h1940.o + obj-$(CONFIG_LEDS_COBALT_QUBE) += leds-cobalt-qube.o + obj-$(CONFIG_LEDS_COBALT_RAQ) += leds-cobalt-raq.o diff --git a/target/linux/generic-2.6/patches-2.6.27/402-ledtrig_netdev.patch b/target/linux/generic-2.6/patches-2.6.27/402-ledtrig_netdev.patch new file mode 100644 index 0000000000..c6e518a37a --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/402-ledtrig_netdev.patch @@ -0,0 +1,21 @@ +--- a/drivers/leds/Kconfig ++++ b/drivers/leds/Kconfig +@@ -216,4 +216,11 @@ + tristate "LED Morse Trigger" + depends on LEDS_TRIGGERS + ++config LEDS_TRIGGER_NETDEV ++ tristate "LED Netdev Trigger" ++ depends on LEDS_TRIGGERS ++ help ++ This allows LEDs to be controlled by network device activity. ++ If unsure, say Y. ++ + endif # NEW_LEDS +--- a/drivers/leds/Makefile ++++ b/drivers/leds/Makefile +@@ -31,3 +31,4 @@ + obj-$(CONFIG_LEDS_TRIGGER_HEARTBEAT) += ledtrig-heartbeat.o + obj-$(CONFIG_LEDS_TRIGGER_DEFAULT_ON) += ledtrig-default-on.o + obj-$(CONFIG_LEDS_TRIGGER_MORSE) += ledtrig-morse.o ++obj-$(CONFIG_LEDS_TRIGGER_NETDEV) += ledtrig-netdev.o diff --git a/target/linux/generic-2.6/patches-2.6.27/403-ds1672_detect.patch b/target/linux/generic-2.6/patches-2.6.27/403-ds1672_detect.patch new file mode 100644 index 0000000000..86c26346a8 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/403-ds1672_detect.patch @@ -0,0 +1,16 @@ +--- a/drivers/rtc/rtc-ds1672.c ++++ b/drivers/rtc/rtc-ds1672.c +@@ -13,10 +13,10 @@ + #include <linux/i2c.h> + #include <linux/rtc.h> + +-#define DRV_VERSION "0.3" ++#define DRV_VERSION "0.4" + +-/* Addresses to scan: none. This chip cannot be detected. */ +-static const unsigned short normal_i2c[] = { I2C_CLIENT_END }; ++/* Addresses to scan: 0x68 */ ++static const unsigned short normal_i2c[] = { 0x68, I2C_CLIENT_END }; + + /* Insmod parameters */ + I2C_CLIENT_INSMOD; diff --git a/target/linux/generic-2.6/patches-2.6.27/410-gpio_buttons.patch b/target/linux/generic-2.6/patches-2.6.27/410-gpio_buttons.patch new file mode 100644 index 0000000000..61c3508e12 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/410-gpio_buttons.patch @@ -0,0 +1,30 @@ +--- a/drivers/input/misc/Kconfig ++++ b/drivers/input/misc/Kconfig +@@ -207,4 +207,20 @@ + Say Y here if you want to support the built-in real time clock + of the HP SDC controller. + ++config INPUT_GPIO_BUTTONS ++ tristate "Polled GPIO buttons interface" ++ depends on GENERIC_GPIO ++ select INPUT_POLLDEV ++ help ++ This driver implements support for buttons connected ++ to GPIO pins of various CPUs (and some other chips). ++ ++ Say Y here if your device has buttons connected ++ directly to such GPIO pins. Your board-specific ++ setup logic must also provide a platform device, ++ with configuration data saying which GPIOs are used. ++ ++ To compile this driver as a module, choose M here: the ++ module will be called gpio-buttons. ++ + endif +--- a/drivers/input/misc/Makefile ++++ b/drivers/input/misc/Makefile +@@ -20,3 +20,4 @@ + obj-$(CONFIG_INPUT_UINPUT) += uinput.o + obj-$(CONFIG_INPUT_APANEL) += apanel.o + obj-$(CONFIG_INPUT_SGI_BTNS) += sgi_btns.o ++obj-$(CONFIG_INPUT_GPIO_BUTTONS) += gpio_buttons.o diff --git a/target/linux/generic-2.6/patches-2.6.27/420-gpiodev.patch b/target/linux/generic-2.6/patches-2.6.27/420-gpiodev.patch new file mode 100644 index 0000000000..4daadc8638 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/420-gpiodev.patch @@ -0,0 +1,26 @@ +--- a/drivers/char/Kconfig ++++ b/drivers/char/Kconfig +@@ -1010,6 +1010,13 @@ + + If compiled as a module, it will be called cs5535_gpio. + ++config GPIO_DEVICE ++ tristate "GPIO device support" ++ depends on GENERIC_GPIO ++ help ++ Say Y to enable Linux GPIO device support. This allows control of ++ GPIO pins using a character device ++ + config GPIO_VR41XX + tristate "NEC VR4100 series General-purpose I/O Unit support" + depends on CPU_VR41XX +--- a/drivers/char/Makefile ++++ b/drivers/char/Makefile +@@ -94,6 +94,7 @@ + obj-$(CONFIG_PC8736x_GPIO) += pc8736x_gpio.o + obj-$(CONFIG_NSC_GPIO) += nsc_gpio.o + obj-$(CONFIG_CS5535_GPIO) += cs5535_gpio.o ++obj-$(CONFIG_GPIO_DEVICE) += gpio_dev.o + obj-$(CONFIG_GPIO_VR41XX) += vr41xx_giu.o + obj-$(CONFIG_GPIO_TB0219) += tb0219.o + obj-$(CONFIG_TELCLOCK) += tlclk.o diff --git a/target/linux/generic-2.6/patches-2.6.27/510-yaffs_support.patch b/target/linux/generic-2.6/patches-2.6.27/510-yaffs_support.patch new file mode 100644 index 0000000000..db10deb9c5 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/510-yaffs_support.patch @@ -0,0 +1,17 @@ +--- a/fs/Kconfig ++++ b/fs/Kconfig +@@ -421,6 +421,7 @@ + + source "fs/xfs/Kconfig" + source "fs/gfs2/Kconfig" ++source "fs/yaffs2/Kconfig" + + config OCFS2_FS + tristate "OCFS2 file system support" +--- a/fs/Makefile ++++ b/fs/Makefile +@@ -124,3 +124,4 @@ + obj-$(CONFIG_DEBUG_FS) += debugfs/ + obj-$(CONFIG_OCFS2_FS) += ocfs2/ + obj-$(CONFIG_GFS2_FS) += gfs2/ ++obj-$(CONFIG_YAFFS_FS) += yaffs2/ diff --git a/target/linux/generic-2.6/patches-2.6.27/512-yaffs_2.6.25_fix.patch b/target/linux/generic-2.6/patches-2.6.27/512-yaffs_2.6.25_fix.patch new file mode 100644 index 0000000000..ac895342f6 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/512-yaffs_2.6.25_fix.patch @@ -0,0 +1,92 @@ +--- a/fs/yaffs2/yaffs_fs.c ++++ b/fs/yaffs2/yaffs_fs.c +@@ -181,7 +181,13 @@ + #else + static int yaffs_statfs(struct super_block *sb, struct statfs *buf); + #endif ++ ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)) ++static struct inode *yaffs_iget(struct super_block *sb, unsigned long ino); ++#else + static void yaffs_read_inode(struct inode *inode); ++#endif ++ + + static void yaffs_put_inode(struct inode *inode); + static void yaffs_delete_inode(struct inode *); +@@ -284,7 +290,9 @@ + + static struct super_operations yaffs_super_ops = { + .statfs = yaffs_statfs, ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,25)) + .read_inode = yaffs_read_inode, ++#endif + .put_inode = yaffs_put_inode, + .put_super = yaffs_put_super, + .delete_inode = yaffs_delete_inode, +@@ -844,11 +852,17 @@ + T(YAFFS_TRACE_OS, + (KERN_DEBUG "yaffs_get_inode for object %d\n", obj->objectId)); + ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)) ++ inode = yaffs_iget(sb, obj->objectId); ++ if (IS_ERR(inode)) ++ return NULL; ++#else + inode = iget(sb, obj->objectId); + + /* NB Side effect: iget calls back to yaffs_read_inode(). */ + /* iget also increments the inode's i_count */ + /* NB You can't be holding grossLock or deadlock will happen! */ ++#endif + + return inode; + } +@@ -1427,6 +1441,39 @@ + } + + ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)) ++static struct inode *yaffs_iget(struct super_block *sb, unsigned long ino) ++{ ++ yaffs_Object *obj; ++ yaffs_Device *dev = yaffs_SuperToDevice(sb); ++ struct inode *inode; ++ ++ T(YAFFS_TRACE_OS, ++ (KERN_DEBUG "yaffs_iget for %lu\n", ino)); ++ ++ inode = iget_locked(sb, ino); ++ if (!inode) ++ return ERR_PTR(-ENOMEM); ++ if (!(inode->i_state & I_NEW)) ++ return inode; ++ ++ /* NB This is called as a side effect of other functions, but ++ * we had to release the lock to prevent deadlocks, so ++ * need to lock again. ++ */ ++ ++ yaffs_GrossLock(dev); ++ ++ obj = yaffs_FindObjectByNumber(dev, inode->i_ino); ++ ++ yaffs_FillInodeFromObject(inode, obj); ++ ++ yaffs_GrossUnlock(dev); ++ ++ unlock_new_inode(inode); ++ return inode; ++} ++#else + static void yaffs_read_inode(struct inode *inode) + { + /* NB This is called as a side effect of other functions, but +@@ -1448,6 +1495,7 @@ + + yaffs_GrossUnlock(dev); + } ++#endif /* (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)) */ + + static LIST_HEAD(yaffs_dev_list); + diff --git a/target/linux/generic-2.6/patches-2.6.27/513-yaffs_2.6.26_fix.patch b/target/linux/generic-2.6/patches-2.6.27/513-yaffs_2.6.26_fix.patch new file mode 100644 index 0000000000..32bd3a5d57 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/513-yaffs_2.6.26_fix.patch @@ -0,0 +1,69 @@ +--- a/fs/yaffs2/yaffs_fs.c ++++ b/fs/yaffs2/yaffs_fs.c +@@ -76,6 +76,12 @@ + + #endif + ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,26)) ++#define YPROC_ROOT &proc_root ++#else ++#define YPROC_ROOT NULL ++#endif ++ + #if (LINUX_VERSION_CODE > KERNEL_VERSION(2,6,17)) + #define WRITE_SIZE_STR "writesize" + #define WRITE_SIZE(mtd) (mtd)->writesize +@@ -189,7 +195,9 @@ + #endif + + ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,26)) + static void yaffs_put_inode(struct inode *inode); ++#endif + static void yaffs_delete_inode(struct inode *); + static void yaffs_clear_inode(struct inode *); + +@@ -293,7 +301,9 @@ + #if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,25)) + .read_inode = yaffs_read_inode, + #endif ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,26)) + .put_inode = yaffs_put_inode, ++#endif + .put_super = yaffs_put_super, + .delete_inode = yaffs_delete_inode, + .clear_inode = yaffs_clear_inode, +@@ -437,6 +447,7 @@ + + } + ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,26)) + /* For now put inode is just for debugging + * Put inode is called when the inode **structure** is put. + */ +@@ -447,6 +458,7 @@ + atomic_read(&inode->i_count))); + + } ++#endif + + /* clear is called to tell the fs to release any per-inode data it holds */ + static void yaffs_clear_inode(struct inode *inode) +@@ -2279,7 +2291,7 @@ + /* Install the proc_fs entry */ + my_proc_entry = create_proc_entry("yaffs", + S_IRUGO | S_IFREG, +- &proc_root); ++ YPROC_ROOT); + + if (my_proc_entry) { + my_proc_entry->write_proc = yaffs_proc_write; +@@ -2325,7 +2337,7 @@ + T(YAFFS_TRACE_ALWAYS, ("yaffs " __DATE__ " " __TIME__ + " removing. \n")); + +- remove_proc_entry("yaffs", &proc_root); ++ remove_proc_entry("yaffs", YPROC_ROOT); + + fsinst = fs_to_install; + diff --git a/target/linux/generic-2.6/patches-2.6.27/600-phy_extension.patch b/target/linux/generic-2.6/patches-2.6.27/600-phy_extension.patch new file mode 100644 index 0000000000..39f22bbdef --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/600-phy_extension.patch @@ -0,0 +1,83 @@ +--- a/drivers/net/phy/phy.c ++++ b/drivers/net/phy/phy.c +@@ -348,6 +348,50 @@ + } + EXPORT_SYMBOL(phy_ethtool_gset); + ++int phy_ethtool_ioctl(struct phy_device *phydev, void *useraddr) ++{ ++ u32 cmd; ++ int tmp; ++ struct ethtool_cmd ecmd = { ETHTOOL_GSET }; ++ struct ethtool_value edata = { ETHTOOL_GLINK }; ++ ++ if (get_user(cmd, (u32 *) useraddr)) ++ return -EFAULT; ++ ++ switch (cmd) { ++ case ETHTOOL_GSET: ++ phy_ethtool_gset(phydev, &ecmd); ++ if (copy_to_user(useraddr, &ecmd, sizeof(ecmd))) ++ return -EFAULT; ++ return 0; ++ ++ case ETHTOOL_SSET: ++ if (copy_from_user(&ecmd, useraddr, sizeof(ecmd))) ++ return -EFAULT; ++ return phy_ethtool_sset(phydev, &ecmd); ++ ++ case ETHTOOL_NWAY_RST: ++ /* if autoneg is off, it's an error */ ++ tmp = phy_read(phydev, MII_BMCR); ++ if (tmp & BMCR_ANENABLE) { ++ tmp |= (BMCR_ANRESTART); ++ phy_write(phydev, MII_BMCR, tmp); ++ return 0; ++ } ++ return -EINVAL; ++ ++ case ETHTOOL_GLINK: ++ edata.data = (phy_read(phydev, ++ MII_BMSR) & BMSR_LSTATUS) ? 1 : 0; ++ if (copy_to_user(useraddr, &edata, sizeof(edata))) ++ return -EFAULT; ++ return 0; ++ } ++ ++ return -EOPNOTSUPP; ++} ++EXPORT_SYMBOL(phy_ethtool_ioctl); ++ + /** + * phy_mii_ioctl - generic PHY MII ioctl interface + * @phydev: the phy_device struct +@@ -403,8 +447,8 @@ + } + + phy_write(phydev, mii_data->reg_num, val); +- +- if (mii_data->reg_num == MII_BMCR ++ ++ if (mii_data->reg_num == MII_BMCR + && val & BMCR_RESET + && phydev->drv->config_init) { + phy_scan_fixups(phydev); +@@ -524,7 +568,7 @@ + int idx; + + idx = phy_find_setting(phydev->speed, phydev->duplex); +- ++ + idx++; + + idx = phy_find_valid(idx, phydev->supported); +--- a/include/linux/phy.h ++++ b/include/linux/phy.h +@@ -434,6 +434,7 @@ + void phy_stop_machine(struct phy_device *phydev); + int phy_ethtool_sset(struct phy_device *phydev, struct ethtool_cmd *cmd); + int phy_ethtool_gset(struct phy_device *phydev, struct ethtool_cmd *cmd); ++int phy_ethtool_ioctl(struct phy_device *phydev, void *useraddr); + int phy_mii_ioctl(struct phy_device *phydev, + struct mii_ioctl_data *mii_data, int cmd); + int phy_start_interrupts(struct phy_device *phydev); diff --git a/target/linux/generic-2.6/patches-2.6.27/610-phy_detect.patch b/target/linux/generic-2.6/patches-2.6.27/610-phy_detect.patch new file mode 100644 index 0000000000..5cc9cd2895 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/610-phy_detect.patch @@ -0,0 +1,26 @@ +--- a/drivers/net/phy/mdio_bus.c ++++ b/drivers/net/phy/mdio_bus.c +@@ -135,6 +135,9 @@ + struct phy_device *phydev = to_phy_device(dev); + struct phy_driver *phydrv = to_phy_driver(drv); + ++ if (phydrv->detect) ++ return (phydrv->detect(phydev->bus, phydev->addr)); ++ + return ((phydrv->phy_id & phydrv->phy_id_mask) == + (phydev->phy_id & phydrv->phy_id_mask)); + } +--- a/include/linux/phy.h ++++ b/include/linux/phy.h +@@ -339,6 +339,11 @@ + u32 features; + u32 flags; + ++ /* Called during discovery to test if the ++ * device can attach to the bus, even if ++ * phy id and mask do not match */ ++ bool (*detect)(struct mii_bus *bus, int addr); ++ + /* + * Called to initialize the PHY, + * including after a reset diff --git a/target/linux/generic-2.6/patches-2.6.27/620-phy_adm6996.patch b/target/linux/generic-2.6/patches-2.6.27/620-phy_adm6996.patch new file mode 100644 index 0000000000..239384315e --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/620-phy_adm6996.patch @@ -0,0 +1,24 @@ +--- a/drivers/net/phy/Kconfig ++++ b/drivers/net/phy/Kconfig +@@ -66,6 +66,11 @@ + ---help--- + Supports the Realtek 821x PHY. + ++config ADM6996_PHY ++ tristate "Driver for ADM6996 switches" ++ ---help--- ++ Currently supports the ADM6996F switch ++ + config FIXED_PHY + bool "Driver for MDIO Bus/PHY emulation with fixed speed/link PHYs" + depends on PHYLIB=y +--- a/drivers/net/phy/Makefile ++++ b/drivers/net/phy/Makefile +@@ -12,6 +12,7 @@ + obj-$(CONFIG_VITESSE_PHY) += vitesse.o + obj-$(CONFIG_BROADCOM_PHY) += broadcom.o + obj-$(CONFIG_ICPLUS_PHY) += icplus.o ++obj-$(CONFIG_ADM6996_PHY) += adm6996.o + obj-$(CONFIG_REALTEK_PHY) += realtek.o + obj-$(CONFIG_FIXED_PHY) += fixed.o + obj-$(CONFIG_MDIO_BITBANG) += mdio-bitbang.o diff --git a/target/linux/generic-2.6/patches-2.6.27/630-phy_packets.patch b/target/linux/generic-2.6/patches-2.6.27/630-phy_packets.patch new file mode 100644 index 0000000000..f1c1580e0d --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/630-phy_packets.patch @@ -0,0 +1,60 @@ +--- a/drivers/net/phy/phy_device.c ++++ b/drivers/net/phy/phy_device.c +@@ -143,6 +143,18 @@ + } + EXPORT_SYMBOL(phy_scan_fixups); + ++static int generic_receive_skb(struct sk_buff *skb) ++{ ++ skb->protocol = eth_type_trans(skb, skb->dev); ++ return netif_receive_skb(skb); ++} ++ ++static int generic_rx(struct sk_buff *skb) ++{ ++ skb->protocol = eth_type_trans(skb, skb->dev); ++ return netif_rx(skb); ++} ++ + struct phy_device* phy_device_create(struct mii_bus *bus, int addr, int phy_id) + { + struct phy_device *dev; +@@ -168,6 +180,8 @@ + dev->bus = bus; + + dev->state = PHY_DOWN; ++ dev->netif_receive_skb = &generic_receive_skb; ++ dev->netif_rx = &generic_rx; + + mutex_init(&dev->lock); + +--- a/include/linux/phy.h ++++ b/include/linux/phy.h +@@ -309,6 +309,17 @@ + void (*adjust_link)(struct net_device *dev); + + void (*adjust_state)(struct net_device *dev); ++ ++ /* ++ * By default these point to the original functions ++ * with the same name. adding them to the phy_device ++ * allows the phy driver to override them for packet ++ * mangling if the ethernet driver supports it ++ * This is required to support some really horrible ++ * switches such as the Marvell 88E6060 ++ */ ++ int (*netif_receive_skb)(struct sk_buff *skb); ++ int (*netif_rx)(struct sk_buff *skb); + }; + #define to_phy_device(d) container_of(d, struct phy_device, dev) + +--- a/include/linux/netdevice.h ++++ b/include/linux/netdevice.h +@@ -613,6 +613,7 @@ + void *ax25_ptr; /* AX.25 specific data */ + struct wireless_dev *ieee80211_ptr; /* IEEE 802.11 specific data, + assign before registering */ ++ void *phy_ptr; /* PHY device specific data */ + + /* + * Cache line mostly used on receive path (including eth_type_trans()) diff --git a/target/linux/generic-2.6/patches-2.6.27/640-mvswitch.patch b/target/linux/generic-2.6/patches-2.6.27/640-mvswitch.patch new file mode 100644 index 0000000000..74ea255e39 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/640-mvswitch.patch @@ -0,0 +1,48 @@ +--- a/drivers/net/phy/Kconfig ++++ b/drivers/net/phy/Kconfig +@@ -71,6 +71,12 @@ + ---help--- + Currently supports the ADM6996F switch + ++config MVSWITCH_PHY ++ tristate "Driver for Marvell switches" ++ select VLAN_8021Q ++ ---help--- ++ Currently supports the Marvell 88E6060 switch. ++ + config FIXED_PHY + bool "Driver for MDIO Bus/PHY emulation with fixed speed/link PHYs" + depends on PHYLIB=y +--- a/drivers/net/phy/Makefile ++++ b/drivers/net/phy/Makefile +@@ -13,6 +13,7 @@ + obj-$(CONFIG_BROADCOM_PHY) += broadcom.o + obj-$(CONFIG_ICPLUS_PHY) += icplus.o + obj-$(CONFIG_ADM6996_PHY) += adm6996.o ++obj-$(CONFIG_MVSWITCH_PHY) += mvswitch.o + obj-$(CONFIG_REALTEK_PHY) += realtek.o + obj-$(CONFIG_FIXED_PHY) += fixed.o + obj-$(CONFIG_MDIO_BITBANG) += mdio-bitbang.o +--- a/drivers/net/phy/mdio_bus.c ++++ b/drivers/net/phy/mdio_bus.c +@@ -35,6 +35,12 @@ + #include <asm/irq.h> + #include <asm/uaccess.h> + ++static void mdio_dev_release(struct device *dev) ++{ ++ /* nothing to do */ ++} ++ ++ + /** + * mdiobus_register - bring up all the PHYs on a given bus and attach them to bus + * @bus: target mii_bus +@@ -85,6 +91,7 @@ + + phydev->dev.parent = bus->dev; + phydev->dev.bus = &mdio_bus_type; ++ phydev->dev.release = mdio_dev_release; + snprintf(phydev->dev.bus_id, BUS_ID_SIZE, PHY_ID_FMT, bus->id, i); + + phydev->bus = bus; diff --git a/target/linux/generic-2.6/patches-2.6.27/801-usb_serial_endpoint_size.patch b/target/linux/generic-2.6/patches-2.6.27/801-usb_serial_endpoint_size.patch new file mode 100644 index 0000000000..1640e07830 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/801-usb_serial_endpoint_size.patch @@ -0,0 +1,25 @@ +--- a/drivers/usb/serial/usb-serial.c ++++ b/drivers/usb/serial/usb-serial.c +@@ -59,6 +59,7 @@ + drivers depend on it. + */ + ++static ushort maxSize = 0; + static int debug; + /* initially all NULL */ + static struct usb_serial *serial_table[SERIAL_TTY_MINORS]; +@@ -833,7 +834,7 @@ + dev_err(&interface->dev, "No free urbs available\n"); + goto probe_error; + } +- buffer_size = le16_to_cpu(endpoint->wMaxPacketSize); ++ buffer_size = (endpoint->wMaxPacketSize > maxSize) ? endpoint->wMaxPacketSize : maxSize; + port->bulk_in_size = buffer_size; + port->bulk_in_endpointAddress = endpoint->bEndpointAddress; + port->bulk_in_buffer = kmalloc(buffer_size, GFP_KERNEL); +@@ -1253,3 +1254,5 @@ + + module_param(debug, bool, S_IRUGO | S_IWUSR); + MODULE_PARM_DESC(debug, "Debug enabled or not"); ++module_param(maxSize, ushort,0); ++MODULE_PARM_DESC(maxSize,"User specified USB endpoint size"); diff --git a/target/linux/generic-2.6/patches-2.6.27/840-unable_to_open_console.patch b/target/linux/generic-2.6/patches-2.6.27/840-unable_to_open_console.patch new file mode 100644 index 0000000000..13df82b964 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/840-unable_to_open_console.patch @@ -0,0 +1,11 @@ +--- a/init/main.c ++++ b/init/main.c +@@ -802,7 +802,7 @@ + numa_default_policy(); + + if (sys_open((const char __user *) "/dev/console", O_RDWR, 0) < 0) +- printk(KERN_WARNING "Warning: unable to open an initial console.\n"); ++ printk(KERN_WARNING "Please be patient, while OpenWrt loads ...\n"); + + (void) sys_dup(0); + (void) sys_dup(0); diff --git a/target/linux/generic-2.6/patches-2.6.27/900-headers_type_and_time.patch b/target/linux/generic-2.6/patches-2.6.27/900-headers_type_and_time.patch new file mode 100644 index 0000000000..b318c90606 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/900-headers_type_and_time.patch @@ -0,0 +1,46 @@ +--- a/include/linux/time.h ++++ b/include/linux/time.h +@@ -1,6 +1,10 @@ + #ifndef _LINUX_TIME_H + #define _LINUX_TIME_H + ++#ifndef __KERNEL__ ++#include <time.h> ++#else ++ + #include <linux/types.h> + + #ifdef __KERNEL__ +@@ -228,4 +232,6 @@ + */ + #define TIMER_ABSTIME 0x01 + ++#endif /* __KERNEL__ DEBIAN */ ++ + #endif +--- a/include/linux/types.h ++++ b/include/linux/types.h +@@ -1,6 +1,14 @@ + #ifndef _LINUX_TYPES_H + #define _LINUX_TYPES_H + ++/* Debian: Use userland types instead. */ ++#ifndef __KERNEL__ ++# include <sys/types.h> ++/* For other kernel headers. */ ++# include <linux/posix_types.h> ++# include <asm/types.h> ++#else ++ + #ifdef __KERNEL__ + + #define DECLARE_BITMAP(name,bits) \ +@@ -161,6 +169,8 @@ + + #endif /* __KERNEL_STRICT_NAMES */ + ++#endif /* __KERNEL__ DEBIAN */ ++ + /* + * Below are truly Linux-specific types that should never collide with + * any application/library that wants linux/types.h. diff --git a/target/linux/generic-2.6/patches-2.6.27/902-darwin_scripts_include.patch b/target/linux/generic-2.6/patches-2.6.27/902-darwin_scripts_include.patch new file mode 100644 index 0000000000..5d454b8e01 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/902-darwin_scripts_include.patch @@ -0,0 +1,102 @@ +--- a/scripts/genksyms/parse.c_shipped ++++ b/scripts/genksyms/parse.c_shipped +@@ -160,7 +160,9 @@ + + + #include <assert.h> ++#ifndef __APPLE__ + #include <malloc.h> ++#endif + #include "genksyms.h" + + static int is_typedef; +--- a/scripts/genksyms/parse.y ++++ b/scripts/genksyms/parse.y +@@ -24,7 +24,9 @@ + %{ + + #include <assert.h> ++#ifndef __APPLE__ + #include <malloc.h> ++#endif + #include "genksyms.h" + + static int is_typedef; +--- a/scripts/kallsyms.c ++++ b/scripts/kallsyms.c +@@ -22,6 +22,35 @@ + #include <stdlib.h> + #include <string.h> + #include <ctype.h> ++#ifdef __APPLE__ ++/* Darwin has no memmem implementation, this one is ripped of the uClibc-0.9.28 source */ ++void *memmem (const void *haystack, size_t haystack_len, ++ const void *needle, size_t needle_len) ++{ ++ const char *begin; ++ const char *const last_possible ++ = (const char *) haystack + haystack_len - needle_len; ++ ++ if (needle_len == 0) ++ /* The first occurrence of the empty string is deemed to occur at ++ the beginning of the string. */ ++ return (void *) haystack; ++ ++ /* Sanity check, otherwise the loop might search through the whole ++ memory. */ ++ if (__builtin_expect (haystack_len < needle_len, 0)) ++ return NULL; ++ ++ for (begin = (const char *) haystack; begin <= last_possible; ++begin) ++ if (begin[0] == ((const char *) needle)[0] && ++ !memcmp ((const void *) &begin[1], ++ (const void *) ((const char *) needle + 1), ++ needle_len - 1)) ++ return (void *) begin; ++ ++ return NULL; ++} ++#endif + + #define KSYM_NAME_LEN 128 + +--- a/scripts/kconfig/Makefile ++++ b/scripts/kconfig/Makefile +@@ -93,6 +93,9 @@ + # we really need to do so. (Do not call gcc as part of make mrproper) + HOST_EXTRACFLAGS = $(shell $(CONFIG_SHELL) $(check-lxdialog) -ccflags) + HOST_LOADLIBES = $(shell $(CONFIG_SHELL) $(check-lxdialog) -ldflags $(HOSTCC)) ++ifeq ($(shell uname -s),Darwin) ++HOST_LOADLIBES += -lncurses ++endif + + HOST_EXTRACFLAGS += -DLOCALE + +--- a/scripts/mod/mk_elfconfig.c ++++ b/scripts/mod/mk_elfconfig.c +@@ -1,7 +1,11 @@ + #include <stdio.h> + #include <stdlib.h> + #include <string.h> ++#ifndef __APPLE__ + #include <elf.h> ++#else ++#include "../../../../../tools/sstrip/include/elf.h" ++#endif + + int + main(int argc, char **argv) +--- a/scripts/mod/modpost.h ++++ b/scripts/mod/modpost.h +@@ -7,7 +7,11 @@ + #include <sys/mman.h> + #include <fcntl.h> + #include <unistd.h> ++#ifndef __APPLE__ + #include <elf.h> ++#else ++#include "../../../../../tools/sstrip/include/elf.h" ++#endif + + #include "elfconfig.h" + diff --git a/target/linux/generic-2.6/patches-2.6.27/903-hostap_txpower.patch b/target/linux/generic-2.6/patches-2.6.27/903-hostap_txpower.patch new file mode 100644 index 0000000000..581014fad6 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/903-hostap_txpower.patch @@ -0,0 +1,154 @@ +--- a/drivers/net/wireless/hostap/hostap_ap.c ++++ b/drivers/net/wireless/hostap/hostap_ap.c +@@ -2397,13 +2397,13 @@ + addr[count].sa_family = ARPHRD_ETHER; + memcpy(addr[count].sa_data, sta->addr, ETH_ALEN); + if (sta->last_rx_silence == 0) +- qual[count].qual = sta->last_rx_signal < 27 ? +- 0 : (sta->last_rx_signal - 27) * 92 / 127; ++ qual[count].qual = (sta->last_rx_signal - 156) == 0 ? ++ 0 : (sta->last_rx_signal - 156) * 92 / 64; + else +- qual[count].qual = sta->last_rx_signal - +- sta->last_rx_silence - 35; +- qual[count].level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal); +- qual[count].noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence); ++ qual[count].qual = (sta->last_rx_signal - ++ sta->last_rx_silence) * 92 / 64; ++ qual[count].level = sta->last_rx_signal; ++ qual[count].noise = sta->last_rx_silence; + qual[count].updated = sta->last_rx_updated; + + sta->last_rx_updated = IW_QUAL_DBM; +@@ -2469,13 +2469,13 @@ + memset(&iwe, 0, sizeof(iwe)); + iwe.cmd = IWEVQUAL; + if (sta->last_rx_silence == 0) +- iwe.u.qual.qual = sta->last_rx_signal < 27 ? +- 0 : (sta->last_rx_signal - 27) * 92 / 127; ++ iwe.u.qual.qual = (sta->last_rx_signal -156) == 0 ? ++ 0 : (sta->last_rx_signal - 156) * 92 / 64; + else +- iwe.u.qual.qual = sta->last_rx_signal - +- sta->last_rx_silence - 35; +- iwe.u.qual.level = HFA384X_LEVEL_TO_dBm(sta->last_rx_signal); +- iwe.u.qual.noise = HFA384X_LEVEL_TO_dBm(sta->last_rx_silence); ++ iwe.u.qual.qual = (sta->last_rx_signal - ++ sta->last_rx_silence) * 92 / 64; ++ iwe.u.qual.level = sta->last_rx_signal; ++ iwe.u.qual.noise = sta->last_rx_silence; + iwe.u.qual.updated = sta->last_rx_updated; + iwe.len = IW_EV_QUAL_LEN; + current_ev = iwe_stream_add_event(info, current_ev, end_buf, +--- a/drivers/net/wireless/hostap/hostap_config.h ++++ b/drivers/net/wireless/hostap/hostap_config.h +@@ -45,4 +45,9 @@ + */ + /* #define PRISM2_NO_STATION_MODES */ + ++/* Enable TX power Setting functions ++ * (min att = -128 , max att = 127) ++ */ ++#define RAW_TXPOWER_SETTING ++ + #endif /* HOSTAP_CONFIG_H */ +--- a/drivers/net/wireless/hostap/hostap.h ++++ b/drivers/net/wireless/hostap/hostap.h +@@ -90,6 +90,7 @@ + extern const struct ethtool_ops prism2_ethtool_ops; + + int hostap_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd); ++int hostap_restore_power(struct net_device *dev); + + + #endif /* HOSTAP_H */ +--- a/drivers/net/wireless/hostap/hostap_hw.c ++++ b/drivers/net/wireless/hostap/hostap_hw.c +@@ -933,6 +933,7 @@ + prism2_hw_reset(dev); + } + ++ hostap_restore_power(dev); + return res; + } + +--- a/drivers/net/wireless/hostap/hostap_info.c ++++ b/drivers/net/wireless/hostap/hostap_info.c +@@ -434,6 +434,11 @@ + } + + /* Get BSSID if we have a valid AP address */ ++ ++ if ( val == HFA384X_LINKSTATUS_CONNECTED || ++ val == HFA384X_LINKSTATUS_DISCONNECTED ) ++ hostap_restore_power(local->dev); ++ + if (connected) { + netif_carrier_on(local->dev); + netif_carrier_on(local->ddev); +--- a/drivers/net/wireless/hostap/hostap_ioctl.c ++++ b/drivers/net/wireless/hostap/hostap_ioctl.c +@@ -1502,23 +1502,20 @@ + val = 255; + + tmp = val; +- tmp >>= 2; + +- return -12 - tmp; ++ return tmp; + } + + static u16 prism2_txpower_dBm_to_hfa386x(int val) + { + signed char tmp; + +- if (val > 20) +- return 128; +- else if (val < -43) ++ if (val > 127) + return 127; ++ else if (val < -128) ++ return 128; + + tmp = val; +- tmp = -12 - tmp; +- tmp <<= 2; + + return (unsigned char) tmp; + } +@@ -4083,3 +4080,35 @@ + + return ret; + } ++ ++/* BUG FIX: Restore power setting value when lost due to F/W bug */ ++ ++int hostap_restore_power(struct net_device *dev) ++{ ++ struct hostap_interface *iface = dev->priv; ++ local_info_t *local = iface->local; ++ ++ u16 val; ++ int ret = 0; ++ ++ if (local->txpower_type == PRISM2_TXPOWER_OFF) { ++ val = 0xff; /* use all standby and sleep modes */ ++ ret = local->func->cmd(dev, HFA384X_CMDCODE_WRITEMIF, ++ HFA386X_CR_A_D_TEST_MODES2, ++ &val, NULL); ++ } ++ ++#ifdef RAW_TXPOWER_SETTING ++ if (local->txpower_type == PRISM2_TXPOWER_FIXED) { ++ val = HFA384X_TEST_CFG_BIT_ALC; ++ local->func->cmd(dev, HFA384X_CMDCODE_TEST | ++ (HFA384X_TEST_CFG_BITS << 8), 0, &val, NULL); ++ val = prism2_txpower_dBm_to_hfa386x(local->txpower); ++ ret = (local->func->cmd(dev, HFA384X_CMDCODE_WRITEMIF, ++ HFA386X_CR_MANUAL_TX_POWER, &val, NULL)); ++ } ++#endif /* RAW_TXPOWER_SETTING */ ++ return (ret ? -EOPNOTSUPP : 0); ++} ++ ++EXPORT_SYMBOL(hostap_restore_power); diff --git a/target/linux/generic-2.6/patches-2.6.27/903-stddef_include.patch b/target/linux/generic-2.6/patches-2.6.27/903-stddef_include.patch new file mode 100644 index 0000000000..c0c01c0101 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/903-stddef_include.patch @@ -0,0 +1,17 @@ +--- a/include/linux/stddef.h ++++ b/include/linux/stddef.h +@@ -16,6 +16,7 @@ + false = 0, + true = 1 + }; ++#endif /* __KERNEL__ */ + + #undef offsetof + #ifdef __compiler_offsetof +@@ -23,6 +24,5 @@ + #else + #define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) + #endif +-#endif /* __KERNEL__ */ + + #endif diff --git a/target/linux/generic-2.6/patches-2.6.27/905-i386_build.patch b/target/linux/generic-2.6/patches-2.6.27/905-i386_build.patch new file mode 100644 index 0000000000..c701fdaa95 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/905-i386_build.patch @@ -0,0 +1,10 @@ +--- a/arch/x86/boot/tools/build.c ++++ b/arch/x86/boot/tools/build.c +@@ -29,7 +29,6 @@ + #include <stdarg.h> + #include <sys/types.h> + #include <sys/stat.h> +-#include <sys/sysmacros.h> + #include <unistd.h> + #include <fcntl.h> + #include <sys/mman.h> diff --git a/target/linux/generic-2.6/patches-2.6.27/921-gpio_spi_driver.patch b/target/linux/generic-2.6/patches-2.6.27/921-gpio_spi_driver.patch new file mode 100644 index 0000000000..6be8e26d7d --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/921-gpio_spi_driver.patch @@ -0,0 +1,376 @@ +--- /dev/null ++++ b/include/linux/spi/spi_gpio.h +@@ -0,0 +1,73 @@ ++/* ++ * spi_gpio interface to platform code ++ * ++ * Copyright (c) 2008 Piotr Skamruk ++ * Copyright (c) 2008 Michael Buesch ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++#ifndef _LINUX_SPI_SPI_GPIO ++#define _LINUX_SPI_SPI_GPIO ++ ++#include <linux/types.h> ++#include <linux/spi/spi.h> ++ ++ ++/** ++ * struct spi_gpio_platform_data - Data definitions for a SPI-GPIO device. ++ * ++ * This structure holds information about a GPIO-based SPI device. ++ * ++ * @pin_clk: The GPIO pin number of the CLOCK pin. ++ * ++ * @pin_miso: The GPIO pin number of the MISO pin. ++ * ++ * @pin_mosi: The GPIO pin number of the MOSI pin. ++ * ++ * @pin_cs: The GPIO pin number of the CHIPSELECT pin. ++ * ++ * @cs_activelow: If true, the chip is selected when the CS line is low. ++ * ++ * @no_spi_delay: If true, no delay is done in the lowlevel bitbanging. ++ * Note that doing no delay is not standards compliant, ++ * but it might be needed to speed up transfers on some ++ * slow embedded machines. ++ * ++ * @boardinfo_setup: This callback is called after the ++ * SPI master device was registered, but before the ++ * device is registered. ++ * @boardinfo_setup_data: Data argument passed to boardinfo_setup(). ++ */ ++struct spi_gpio_platform_data { ++ unsigned int pin_clk; ++ unsigned int pin_miso; ++ unsigned int pin_mosi; ++ unsigned int pin_cs; ++ bool cs_activelow; ++ bool no_spi_delay; ++ int (*boardinfo_setup)(struct spi_board_info *bi, ++ struct spi_master *master, ++ void *data); ++ void *boardinfo_setup_data; ++}; ++ ++/** ++ * SPI_GPIO_PLATDEV_NAME - The platform device name string. ++ * ++ * The name string that has to be used for platform_device_alloc ++ * when allocating a spi-gpio device. ++ */ ++#define SPI_GPIO_PLATDEV_NAME "spi-gpio" ++ ++/** ++ * spi_gpio_next_id - Get another platform device ID number. ++ * ++ * This returns the next platform device ID number that has to be used ++ * for platform_device_alloc. The ID is opaque and should not be used for ++ * anything else. ++ */ ++int spi_gpio_next_id(void); ++ ++#endif /* _LINUX_SPI_SPI_GPIO */ +--- /dev/null ++++ b/drivers/spi/spi_gpio.c +@@ -0,0 +1,251 @@ ++/* ++ * Bitbanging SPI bus driver using GPIO API ++ * ++ * Copyright (c) 2008 Piotr Skamruk ++ * Copyright (c) 2008 Michael Buesch ++ * ++ * based on spi_s3c2410_gpio.c ++ * Copyright (c) 2006 Ben Dooks ++ * Copyright (c) 2006 Simtec Electronics ++ * and on i2c-gpio.c ++ * Copyright (C) 2007 Atmel Corporation ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++ ++#include <linux/kernel.h> ++#include <linux/init.h> ++#include <linux/delay.h> ++#include <linux/spinlock.h> ++#include <linux/workqueue.h> ++#include <linux/module.h> ++#include <linux/platform_device.h> ++#include <linux/spi/spi.h> ++#include <linux/spi/spi_bitbang.h> ++#include <linux/spi/spi_gpio.h> ++#include <linux/gpio.h> ++#include <asm/atomic.h> ++ ++ ++struct spi_gpio { ++ struct spi_bitbang bitbang; ++ struct spi_gpio_platform_data *info; ++ struct platform_device *pdev; ++ struct spi_board_info bi; ++}; ++ ++ ++static inline struct spi_gpio *spidev_to_sg(struct spi_device *dev) ++{ ++ return dev->controller_data; ++} ++ ++static inline void setsck(struct spi_device *dev, int val) ++{ ++ struct spi_gpio *sp = spidev_to_sg(dev); ++ gpio_set_value(sp->info->pin_clk, val ? 1 : 0); ++} ++ ++static inline void setmosi(struct spi_device *dev, int val) ++{ ++ struct spi_gpio *sp = spidev_to_sg(dev); ++ gpio_set_value(sp->info->pin_mosi, val ? 1 : 0); ++} ++ ++static inline u32 getmiso(struct spi_device *dev) ++{ ++ struct spi_gpio *sp = spidev_to_sg(dev); ++ return gpio_get_value(sp->info->pin_miso) ? 1 : 0; ++} ++ ++static inline void do_spidelay(struct spi_device *dev, unsigned nsecs) ++{ ++ struct spi_gpio *sp = spidev_to_sg(dev); ++ ++ if (!sp->info->no_spi_delay) ++ ndelay(nsecs); ++} ++ ++#define spidelay(nsecs) do { \ ++ /* Steal the spi_device pointer from our caller. \ ++ * The bitbang-API should probably get fixed here... */ \ ++ do_spidelay(spi, nsecs); \ ++ } while (0) ++ ++#define EXPAND_BITBANG_TXRX ++#include <linux/spi/spi_bitbang.h> ++ ++static u32 spi_gpio_txrx_mode0(struct spi_device *spi, ++ unsigned nsecs, u32 word, u8 bits) ++{ ++ return bitbang_txrx_be_cpha0(spi, nsecs, 0, word, bits); ++} ++ ++static u32 spi_gpio_txrx_mode1(struct spi_device *spi, ++ unsigned nsecs, u32 word, u8 bits) ++{ ++ return bitbang_txrx_be_cpha1(spi, nsecs, 0, word, bits); ++} ++ ++static u32 spi_gpio_txrx_mode2(struct spi_device *spi, ++ unsigned nsecs, u32 word, u8 bits) ++{ ++ return bitbang_txrx_be_cpha0(spi, nsecs, 1, word, bits); ++} ++ ++static u32 spi_gpio_txrx_mode3(struct spi_device *spi, ++ unsigned nsecs, u32 word, u8 bits) ++{ ++ return bitbang_txrx_be_cpha1(spi, nsecs, 1, word, bits); ++} ++ ++static void spi_gpio_chipselect(struct spi_device *dev, int on) ++{ ++ struct spi_gpio *sp = spidev_to_sg(dev); ++ ++ if (sp->info->cs_activelow) ++ on = !on; ++ gpio_set_value(sp->info->pin_cs, on ? 1 : 0); ++} ++ ++static int spi_gpio_probe(struct platform_device *pdev) ++{ ++ struct spi_master *master; ++ struct spi_gpio_platform_data *pdata; ++ struct spi_gpio *sp; ++ struct spi_device *spidev; ++ int err; ++ ++ pdata = pdev->dev.platform_data; ++ if (!pdata) ++ return -ENXIO; ++ ++ err = -ENOMEM; ++ master = spi_alloc_master(&pdev->dev, sizeof(struct spi_gpio)); ++ if (!master) ++ goto err_alloc_master; ++ ++ sp = spi_master_get_devdata(master); ++ platform_set_drvdata(pdev, sp); ++ sp->info = pdata; ++ ++ err = gpio_request(pdata->pin_clk, "spi_clock"); ++ if (err) ++ goto err_request_clk; ++ err = gpio_request(pdata->pin_mosi, "spi_mosi"); ++ if (err) ++ goto err_request_mosi; ++ err = gpio_request(pdata->pin_miso, "spi_miso"); ++ if (err) ++ goto err_request_miso; ++ err = gpio_request(pdata->pin_cs, "spi_cs"); ++ if (err) ++ goto err_request_cs; ++ ++ sp->bitbang.master = spi_master_get(master); ++ sp->bitbang.master->bus_num = -1; ++ sp->bitbang.master->num_chipselect = 1; ++ sp->bitbang.chipselect = spi_gpio_chipselect; ++ sp->bitbang.txrx_word[SPI_MODE_0] = spi_gpio_txrx_mode0; ++ sp->bitbang.txrx_word[SPI_MODE_1] = spi_gpio_txrx_mode1; ++ sp->bitbang.txrx_word[SPI_MODE_2] = spi_gpio_txrx_mode2; ++ sp->bitbang.txrx_word[SPI_MODE_3] = spi_gpio_txrx_mode3; ++ ++ gpio_direction_output(pdata->pin_clk, 0); ++ gpio_direction_output(pdata->pin_mosi, 0); ++ gpio_direction_output(pdata->pin_cs, ++ pdata->cs_activelow ? 1 : 0); ++ gpio_direction_input(pdata->pin_miso); ++ ++ err = spi_bitbang_start(&sp->bitbang); ++ if (err) ++ goto err_no_bitbang; ++ err = pdata->boardinfo_setup(&sp->bi, master, ++ pdata->boardinfo_setup_data); ++ if (err) ++ goto err_bi_setup; ++ sp->bi.controller_data = sp; ++ spidev = spi_new_device(master, &sp->bi); ++ if (!spidev) ++ goto err_new_dev; ++ ++ return 0; ++ ++err_new_dev: ++err_bi_setup: ++ spi_bitbang_stop(&sp->bitbang); ++err_no_bitbang: ++ spi_master_put(sp->bitbang.master); ++ gpio_free(pdata->pin_cs); ++err_request_cs: ++ gpio_free(pdata->pin_miso); ++err_request_miso: ++ gpio_free(pdata->pin_mosi); ++err_request_mosi: ++ gpio_free(pdata->pin_clk); ++err_request_clk: ++ kfree(master); ++ ++err_alloc_master: ++ return err; ++} ++ ++static int __devexit spi_gpio_remove(struct platform_device *pdev) ++{ ++ struct spi_gpio *sp; ++ struct spi_gpio_platform_data *pdata; ++ ++ pdata = pdev->dev.platform_data; ++ sp = platform_get_drvdata(pdev); ++ ++ gpio_free(pdata->pin_clk); ++ gpio_free(pdata->pin_mosi); ++ gpio_free(pdata->pin_miso); ++ gpio_free(pdata->pin_cs); ++ spi_bitbang_stop(&sp->bitbang); ++ spi_master_put(sp->bitbang.master); ++ ++ return 0; ++} ++ ++static struct platform_driver spi_gpio_driver = { ++ .driver = { ++ .name = SPI_GPIO_PLATDEV_NAME, ++ .owner = THIS_MODULE, ++ }, ++ .probe = spi_gpio_probe, ++ .remove = __devexit_p(spi_gpio_remove), ++}; ++ ++int spi_gpio_next_id(void) ++{ ++ static atomic_t counter = ATOMIC_INIT(-1); ++ ++ return atomic_inc_return(&counter); ++} ++EXPORT_SYMBOL(spi_gpio_next_id); ++ ++static int __init spi_gpio_init(void) ++{ ++ int err; ++ ++ err = platform_driver_register(&spi_gpio_driver); ++ if (err) ++ printk(KERN_ERR "spi-gpio: register failed: %d\n", err); ++ ++ return err; ++} ++module_init(spi_gpio_init); ++ ++static void __exit spi_gpio_exit(void) ++{ ++ platform_driver_unregister(&spi_gpio_driver); ++} ++module_exit(spi_gpio_exit); ++ ++MODULE_AUTHOR("Piot Skamruk <piotr.skamruk at gmail.com>"); ++MODULE_AUTHOR("Michael Buesch"); ++MODULE_DESCRIPTION("Platform independent GPIO bitbanging SPI driver"); ++MODULE_LICENSE("GPL v2"); +--- a/drivers/spi/Kconfig ++++ b/drivers/spi/Kconfig +@@ -100,6 +100,19 @@ + inexpensive battery powered microcontroller evaluation board. + This same cable can be used to flash new firmware. + ++config SPI_GPIO ++ tristate "GPIO API based bitbanging SPI controller" ++ depends on SPI_MASTER && GENERIC_GPIO ++ select SPI_BITBANG ++ help ++ This is a platform driver that can be used for bitbanging ++ an SPI bus over GPIO pins. ++ Select this if you have any SPI device that is connected via ++ GPIO pins. ++ The module will be called spi_gpio. ++ ++ If unsure, say N. ++ + config SPI_IMX + tristate "Freescale iMX SPI controller" + depends on ARCH_IMX && EXPERIMENTAL +--- a/drivers/spi/Makefile ++++ b/drivers/spi/Makefile +@@ -16,6 +16,7 @@ + obj-$(CONFIG_SPI_BITBANG) += spi_bitbang.o + obj-$(CONFIG_SPI_AU1550) += au1550_spi.o + obj-$(CONFIG_SPI_BUTTERFLY) += spi_butterfly.o ++obj-$(CONFIG_SPI_GPIO) += spi_gpio.o + obj-$(CONFIG_SPI_IMX) += spi_imx.o + obj-$(CONFIG_SPI_LM70_LLP) += spi_lm70llp.o + obj-$(CONFIG_SPI_PXA2XX) += pxa2xx_spi.o +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -3854,6 +3854,11 @@ + W: http://www.ibm.com/developerworks/power/cell/ + S: Supported + ++SPI GPIO MASTER DRIVER ++P: Michael Buesch ++M: mb@bu3sch.de ++S: Maintained ++ + STABLE BRANCH: + P: Greg Kroah-Hartman + M: greg@kroah.com diff --git a/target/linux/generic-2.6/patches-2.6.27/922-gpiommc.patch b/target/linux/generic-2.6/patches-2.6.27/922-gpiommc.patch new file mode 100644 index 0000000000..33834b564b --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/922-gpiommc.patch @@ -0,0 +1,838 @@ +--- /dev/null ++++ b/drivers/mmc/host/gpiommc.c +@@ -0,0 +1,608 @@ ++/* ++ * Driver an MMC/SD card on a bitbanging GPIO SPI bus. ++ * This module hooks up the mmc_spi and spi_gpio modules and also ++ * provides a configfs interface. ++ * ++ * Copyright 2008 Michael Buesch <mb@bu3sch.de> ++ * ++ * Licensed under the GNU/GPL. See COPYING for details. ++ */ ++ ++#include <linux/mmc/gpiommc.h> ++#include <linux/platform_device.h> ++#include <linux/list.h> ++#include <linux/mutex.h> ++#include <linux/spi/spi_gpio.h> ++#include <linux/configfs.h> ++#include <linux/gpio.h> ++#include <asm/atomic.h> ++ ++ ++#define PFX "gpio-mmc: " ++ ++ ++struct gpiommc_device { ++ struct platform_device *pdev; ++ struct platform_device *spi_pdev; ++ struct spi_board_info boardinfo; ++}; ++ ++ ++MODULE_DESCRIPTION("GPIO based MMC driver"); ++MODULE_AUTHOR("Michael Buesch"); ++MODULE_LICENSE("GPL"); ++ ++ ++static int gpiommc_boardinfo_setup(struct spi_board_info *bi, ++ struct spi_master *master, ++ void *data) ++{ ++ struct gpiommc_device *d = data; ++ struct gpiommc_platform_data *pdata = d->pdev->dev.platform_data; ++ ++ /* Bind the SPI master to the MMC-SPI host driver. */ ++ strlcpy(bi->modalias, "mmc_spi", sizeof(bi->modalias)); ++ ++ bi->max_speed_hz = pdata->max_bus_speed; ++ bi->bus_num = master->bus_num; ++ bi->mode = pdata->mode; ++ ++ return 0; ++} ++ ++static int gpiommc_probe(struct platform_device *pdev) ++{ ++ struct gpiommc_platform_data *mmc_pdata = pdev->dev.platform_data; ++ struct spi_gpio_platform_data spi_pdata; ++ struct gpiommc_device *d; ++ int err; ++ ++ err = -ENXIO; ++ if (!mmc_pdata) ++ goto error; ++ ++#ifdef CONFIG_MMC_SPI_MODULE ++ err = request_module("mmc_spi"); ++ if (err) { ++ printk(KERN_WARNING PFX ++ "Failed to request mmc_spi module.\n"); ++ } ++#endif /* CONFIG_MMC_SPI_MODULE */ ++ ++ /* Allocate the GPIO-MMC device */ ++ err = -ENOMEM; ++ d = kzalloc(sizeof(*d), GFP_KERNEL); ++ if (!d) ++ goto error; ++ d->pdev = pdev; ++ ++ /* Create the SPI-GPIO device */ ++ d->spi_pdev = platform_device_alloc(SPI_GPIO_PLATDEV_NAME, ++ spi_gpio_next_id()); ++ if (!d->spi_pdev) ++ goto err_free_d; ++ ++ memset(&spi_pdata, 0, sizeof(spi_pdata)); ++ spi_pdata.pin_clk = mmc_pdata->pins.gpio_clk; ++ spi_pdata.pin_miso = mmc_pdata->pins.gpio_do; ++ spi_pdata.pin_mosi = mmc_pdata->pins.gpio_di; ++ spi_pdata.pin_cs = mmc_pdata->pins.gpio_cs; ++ spi_pdata.cs_activelow = mmc_pdata->pins.cs_activelow; ++ spi_pdata.no_spi_delay = mmc_pdata->no_spi_delay; ++ spi_pdata.boardinfo_setup = gpiommc_boardinfo_setup; ++ spi_pdata.boardinfo_setup_data = d; ++ ++ err = platform_device_add_data(d->spi_pdev, &spi_pdata, ++ sizeof(spi_pdata)); ++ if (err) ++ goto err_free_pdev; ++ err = platform_device_add(d->spi_pdev); ++ if (err) ++ goto err_free_pdata; ++ platform_set_drvdata(pdev, d); ++ ++ printk(KERN_INFO PFX "MMC-Card \"%s\" " ++ "attached to GPIO pins di=%u, do=%u, clk=%u, cs=%u\n", ++ mmc_pdata->name, mmc_pdata->pins.gpio_di, ++ mmc_pdata->pins.gpio_do, ++ mmc_pdata->pins.gpio_clk, ++ mmc_pdata->pins.gpio_cs); ++ ++ return 0; ++ ++err_free_pdata: ++ kfree(d->spi_pdev->dev.platform_data); ++ d->spi_pdev->dev.platform_data = NULL; ++err_free_pdev: ++ platform_device_put(d->spi_pdev); ++err_free_d: ++ kfree(d); ++error: ++ return err; ++} ++ ++static int gpiommc_remove(struct platform_device *pdev) ++{ ++ struct gpiommc_device *d = platform_get_drvdata(pdev); ++ struct gpiommc_platform_data *pdata = d->pdev->dev.platform_data; ++ ++ platform_device_unregister(d->spi_pdev); ++ printk(KERN_INFO PFX "GPIO based MMC-Card \"%s\" removed\n", ++ pdata->name); ++ platform_device_put(d->spi_pdev); ++ ++ return 0; ++} ++ ++#ifdef CONFIG_GPIOMMC_CONFIGFS ++ ++/* A device that was created through configfs */ ++struct gpiommc_configfs_device { ++ struct config_item item; ++ /* The platform device, after registration. */ ++ struct platform_device *pdev; ++ /* The configuration */ ++ struct gpiommc_platform_data pdata; ++}; ++ ++#define GPIO_INVALID -1 ++ ++static inline bool gpiommc_is_registered(struct gpiommc_configfs_device *dev) ++{ ++ return (dev->pdev != NULL); ++} ++ ++static inline struct gpiommc_configfs_device *ci_to_gpiommc(struct config_item *item) ++{ ++ return item ? container_of(item, struct gpiommc_configfs_device, item) : NULL; ++} ++ ++static struct configfs_attribute gpiommc_attr_DI = { ++ .ca_owner = THIS_MODULE, ++ .ca_name = "gpio_data_in", ++ .ca_mode = S_IRUGO | S_IWUSR, ++}; ++ ++static struct configfs_attribute gpiommc_attr_DO = { ++ .ca_owner = THIS_MODULE, ++ .ca_name = "gpio_data_out", ++ .ca_mode = S_IRUGO | S_IWUSR, ++}; ++ ++static struct configfs_attribute gpiommc_attr_CLK = { ++ .ca_owner = THIS_MODULE, ++ .ca_name = "gpio_clock", ++ .ca_mode = S_IRUGO | S_IWUSR, ++}; ++ ++static struct configfs_attribute gpiommc_attr_CS = { ++ .ca_owner = THIS_MODULE, ++ .ca_name = "gpio_chipselect", ++ .ca_mode = S_IRUGO | S_IWUSR, ++}; ++ ++static struct configfs_attribute gpiommc_attr_CS_activelow = { ++ .ca_owner = THIS_MODULE, ++ .ca_name = "gpio_chipselect_activelow", ++ .ca_mode = S_IRUGO | S_IWUSR, ++}; ++ ++static struct configfs_attribute gpiommc_attr_spimode = { ++ .ca_owner = THIS_MODULE, ++ .ca_name = "spi_mode", ++ .ca_mode = S_IRUGO | S_IWUSR, ++}; ++ ++static struct configfs_attribute gpiommc_attr_spidelay = { ++ .ca_owner = THIS_MODULE, ++ .ca_name = "spi_delay", ++ .ca_mode = S_IRUGO | S_IWUSR, ++}; ++ ++static struct configfs_attribute gpiommc_attr_max_bus_speed = { ++ .ca_owner = THIS_MODULE, ++ .ca_name = "max_bus_speed", ++ .ca_mode = S_IRUGO | S_IWUSR, ++}; ++ ++static struct configfs_attribute gpiommc_attr_register = { ++ .ca_owner = THIS_MODULE, ++ .ca_name = "register", ++ .ca_mode = S_IRUGO | S_IWUSR, ++}; ++ ++static struct configfs_attribute *gpiommc_config_attrs[] = { ++ &gpiommc_attr_DI, ++ &gpiommc_attr_DO, ++ &gpiommc_attr_CLK, ++ &gpiommc_attr_CS, ++ &gpiommc_attr_CS_activelow, ++ &gpiommc_attr_spimode, ++ &gpiommc_attr_spidelay, ++ &gpiommc_attr_max_bus_speed, ++ &gpiommc_attr_register, ++ NULL, ++}; ++ ++static ssize_t gpiommc_config_attr_show(struct config_item *item, ++ struct configfs_attribute *attr, ++ char *page) ++{ ++ struct gpiommc_configfs_device *dev = ci_to_gpiommc(item); ++ ssize_t count = 0; ++ unsigned int gpio; ++ int err = 0; ++ ++ if (attr == &gpiommc_attr_DI) { ++ gpio = dev->pdata.pins.gpio_di; ++ if (gpio == GPIO_INVALID) ++ count = snprintf(page, PAGE_SIZE, "not configured\n"); ++ else ++ count = snprintf(page, PAGE_SIZE, "%u\n", gpio); ++ goto out; ++ } ++ if (attr == &gpiommc_attr_DO) { ++ gpio = dev->pdata.pins.gpio_do; ++ if (gpio == GPIO_INVALID) ++ count = snprintf(page, PAGE_SIZE, "not configured\n"); ++ else ++ count = snprintf(page, PAGE_SIZE, "%u\n", gpio); ++ goto out; ++ } ++ if (attr == &gpiommc_attr_CLK) { ++ gpio = dev->pdata.pins.gpio_clk; ++ if (gpio == GPIO_INVALID) ++ count = snprintf(page, PAGE_SIZE, "not configured\n"); ++ else ++ count = snprintf(page, PAGE_SIZE, "%u\n", gpio); ++ goto out; ++ } ++ if (attr == &gpiommc_attr_CS) { ++ gpio = dev->pdata.pins.gpio_cs; ++ if (gpio == GPIO_INVALID) ++ count = snprintf(page, PAGE_SIZE, "not configured\n"); ++ else ++ count = snprintf(page, PAGE_SIZE, "%u\n", gpio); ++ goto out; ++ } ++ if (attr == &gpiommc_attr_CS_activelow) { ++ count = snprintf(page, PAGE_SIZE, "%u\n", ++ dev->pdata.pins.cs_activelow); ++ goto out; ++ } ++ if (attr == &gpiommc_attr_spimode) { ++ count = snprintf(page, PAGE_SIZE, "%u\n", ++ dev->pdata.mode); ++ goto out; ++ } ++ if (attr == &gpiommc_attr_spidelay) { ++ count = snprintf(page, PAGE_SIZE, "%u\n", ++ !dev->pdata.no_spi_delay); ++ goto out; ++ } ++ if (attr == &gpiommc_attr_max_bus_speed) { ++ count = snprintf(page, PAGE_SIZE, "%u\n", ++ dev->pdata.max_bus_speed); ++ goto out; ++ } ++ if (attr == &gpiommc_attr_register) { ++ count = snprintf(page, PAGE_SIZE, "%u\n", ++ gpiommc_is_registered(dev)); ++ goto out; ++ } ++ WARN_ON(1); ++ err = -ENOSYS; ++out: ++ return err ? err : count; ++} ++ ++static int gpiommc_do_register(struct gpiommc_configfs_device *dev, ++ const char *name) ++{ ++ int err; ++ ++ if (gpiommc_is_registered(dev)) ++ return 0; ++ ++ if (!gpio_is_valid(dev->pdata.pins.gpio_di) || ++ !gpio_is_valid(dev->pdata.pins.gpio_do) || ++ !gpio_is_valid(dev->pdata.pins.gpio_clk) || ++ !gpio_is_valid(dev->pdata.pins.gpio_cs)) { ++ printk(KERN_ERR PFX ++ "configfs: Invalid GPIO pin number(s)\n"); ++ return -EINVAL; ++ } ++ ++ strlcpy(dev->pdata.name, name, ++ sizeof(dev->pdata.name)); ++ ++ dev->pdev = platform_device_alloc(GPIOMMC_PLATDEV_NAME, ++ gpiommc_next_id()); ++ if (!dev->pdev) ++ return -ENOMEM; ++ err = platform_device_add_data(dev->pdev, &dev->pdata, ++ sizeof(dev->pdata)); ++ if (err) { ++ platform_device_put(dev->pdev); ++ return err; ++ } ++ err = platform_device_add(dev->pdev); ++ if (err) { ++ platform_device_put(dev->pdev); ++ return err; ++ } ++ ++ return 0; ++} ++ ++static void gpiommc_do_unregister(struct gpiommc_configfs_device *dev) ++{ ++ if (!gpiommc_is_registered(dev)) ++ return; ++ ++ platform_device_unregister(dev->pdev); ++ dev->pdev = NULL; ++} ++ ++static ssize_t gpiommc_config_attr_store(struct config_item *item, ++ struct configfs_attribute *attr, ++ const char *page, size_t count) ++{ ++ struct gpiommc_configfs_device *dev = ci_to_gpiommc(item); ++ int err = -EINVAL; ++ unsigned long data; ++ ++ if (attr == &gpiommc_attr_register) { ++ err = strict_strtoul(page, 10, &data); ++ if (err) ++ goto out; ++ err = -EINVAL; ++ if (data == 1) ++ err = gpiommc_do_register(dev, item->ci_name); ++ if (data == 0) { ++ gpiommc_do_unregister(dev); ++ err = 0; ++ } ++ goto out; ++ } ++ ++ if (gpiommc_is_registered(dev)) { ++ /* The rest of the config parameters can only be set ++ * as long as the device is not registered, yet. */ ++ err = -EBUSY; ++ goto out; ++ } ++ ++ if (attr == &gpiommc_attr_DI) { ++ err = strict_strtoul(page, 10, &data); ++ if (err) ++ goto out; ++ err = -EINVAL; ++ if (!gpio_is_valid(data)) ++ goto out; ++ dev->pdata.pins.gpio_di = data; ++ err = 0; ++ goto out; ++ } ++ if (attr == &gpiommc_attr_DO) { ++ err = strict_strtoul(page, 10, &data); ++ if (err) ++ goto out; ++ err = -EINVAL; ++ if (!gpio_is_valid(data)) ++ goto out; ++ dev->pdata.pins.gpio_do = data; ++ err = 0; ++ goto out; ++ } ++ if (attr == &gpiommc_attr_CLK) { ++ err = strict_strtoul(page, 10, &data); ++ if (err) ++ goto out; ++ err = -EINVAL; ++ if (!gpio_is_valid(data)) ++ goto out; ++ dev->pdata.pins.gpio_clk = data; ++ err = 0; ++ goto out; ++ } ++ if (attr == &gpiommc_attr_CS) { ++ err = strict_strtoul(page, 10, &data); ++ if (err) ++ goto out; ++ err = -EINVAL; ++ if (!gpio_is_valid(data)) ++ goto out; ++ dev->pdata.pins.gpio_cs = data; ++ err = 0; ++ goto out; ++ } ++ if (attr == &gpiommc_attr_CS_activelow) { ++ err = strict_strtoul(page, 10, &data); ++ if (err) ++ goto out; ++ err = -EINVAL; ++ if (data != 0 && data != 1) ++ goto out; ++ dev->pdata.pins.cs_activelow = data; ++ err = 0; ++ goto out; ++ } ++ if (attr == &gpiommc_attr_spimode) { ++ err = strict_strtoul(page, 10, &data); ++ if (err) ++ goto out; ++ err = -EINVAL; ++ switch (data) { ++ case 0: ++ dev->pdata.mode = SPI_MODE_0; ++ break; ++ case 1: ++ dev->pdata.mode = SPI_MODE_1; ++ break; ++ case 2: ++ dev->pdata.mode = SPI_MODE_2; ++ break; ++ case 3: ++ dev->pdata.mode = SPI_MODE_3; ++ break; ++ default: ++ goto out; ++ } ++ err = 0; ++ goto out; ++ } ++ if (attr == &gpiommc_attr_spidelay) { ++ err = strict_strtoul(page, 10, &data); ++ if (err) ++ goto out; ++ err = -EINVAL; ++ if (data != 0 && data != 1) ++ goto out; ++ dev->pdata.no_spi_delay = !data; ++ err = 0; ++ goto out; ++ } ++ if (attr == &gpiommc_attr_max_bus_speed) { ++ err = strict_strtoul(page, 10, &data); ++ if (err) ++ goto out; ++ err = -EINVAL; ++ if (data > UINT_MAX) ++ goto out; ++ dev->pdata.max_bus_speed = data; ++ err = 0; ++ goto out; ++ } ++ WARN_ON(1); ++ err = -ENOSYS; ++out: ++ return err ? err : count; ++} ++ ++static void gpiommc_config_item_release(struct config_item *item) ++{ ++ struct gpiommc_configfs_device *dev = ci_to_gpiommc(item); ++ ++ kfree(dev); ++} ++ ++static struct configfs_item_operations gpiommc_config_item_ops = { ++ .release = gpiommc_config_item_release, ++ .show_attribute = gpiommc_config_attr_show, ++ .store_attribute = gpiommc_config_attr_store, ++}; ++ ++static struct config_item_type gpiommc_dev_ci_type = { ++ .ct_item_ops = &gpiommc_config_item_ops, ++ .ct_attrs = gpiommc_config_attrs, ++ .ct_owner = THIS_MODULE, ++}; ++ ++static struct config_item *gpiommc_make_item(struct config_group *group, ++ const char *name) ++{ ++ struct gpiommc_configfs_device *dev; ++ ++ if (strlen(name) > GPIOMMC_MAX_NAMELEN) { ++ printk(KERN_ERR PFX "configfs: device name too long\n"); ++ return NULL; ++ } ++ ++ dev = kzalloc(sizeof(*dev), GFP_KERNEL); ++ if (!dev) ++ return NULL; ++ ++ config_item_init_type_name(&dev->item, name, ++ &gpiommc_dev_ci_type); ++ ++ /* Assign default configuration */ ++ dev->pdata.pins.gpio_di = GPIO_INVALID; ++ dev->pdata.pins.gpio_do = GPIO_INVALID; ++ dev->pdata.pins.gpio_clk = GPIO_INVALID; ++ dev->pdata.pins.gpio_cs = GPIO_INVALID; ++ dev->pdata.pins.cs_activelow = 1; ++ dev->pdata.mode = SPI_MODE_0; ++ dev->pdata.no_spi_delay = 0; ++ dev->pdata.max_bus_speed = 5000000; /* 5 MHz */ ++ ++ return &(dev->item); ++} ++ ++static void gpiommc_drop_item(struct config_group *group, ++ struct config_item *item) ++{ ++ struct gpiommc_configfs_device *dev = ci_to_gpiommc(item); ++ ++ gpiommc_do_unregister(dev); ++ kfree(dev); ++} ++ ++static struct configfs_group_operations gpiommc_ct_group_ops = { ++ .make_item = gpiommc_make_item, ++ .drop_item = gpiommc_drop_item, ++}; ++ ++static struct config_item_type gpiommc_ci_type = { ++ .ct_group_ops = &gpiommc_ct_group_ops, ++ .ct_owner = THIS_MODULE, ++}; ++ ++static struct configfs_subsystem gpiommc_subsys = { ++ .su_group = { ++ .cg_item = { ++ .ci_namebuf = GPIOMMC_PLATDEV_NAME, ++ .ci_type = &gpiommc_ci_type, ++ }, ++ }, ++ .su_mutex = __MUTEX_INITIALIZER(gpiommc_subsys.su_mutex), ++}; ++ ++#endif /* CONFIG_GPIOMMC_CONFIGFS */ ++ ++static struct platform_driver gpiommc_plat_driver = { ++ .probe = gpiommc_probe, ++ .remove = gpiommc_remove, ++ .driver = { ++ .name = GPIOMMC_PLATDEV_NAME, ++ .owner = THIS_MODULE, ++ }, ++}; ++ ++int gpiommc_next_id(void) ++{ ++ static atomic_t counter = ATOMIC_INIT(-1); ++ ++ return atomic_inc_return(&counter); ++} ++EXPORT_SYMBOL(gpiommc_next_id); ++ ++static int __init gpiommc_modinit(void) ++{ ++ int err; ++ ++ err = platform_driver_register(&gpiommc_plat_driver); ++ if (err) ++ return err; ++ ++#ifdef CONFIG_GPIOMMC_CONFIGFS ++ config_group_init(&gpiommc_subsys.su_group); ++ err = configfs_register_subsystem(&gpiommc_subsys); ++ if (err) { ++ platform_driver_unregister(&gpiommc_plat_driver); ++ return err; ++ } ++#endif /* CONFIG_GPIOMMC_CONFIGFS */ ++ ++ return 0; ++} ++module_init(gpiommc_modinit); ++ ++static void __exit gpiommc_modexit(void) ++{ ++#ifdef CONFIG_GPIOMMC_CONFIGFS ++ configfs_unregister_subsystem(&gpiommc_subsys); ++#endif ++ platform_driver_unregister(&gpiommc_plat_driver); ++} ++module_exit(gpiommc_modexit); +--- a/drivers/mmc/host/Kconfig ++++ b/drivers/mmc/host/Kconfig +@@ -180,3 +180,28 @@ + help + This provides support for the SD/MMC cell found in TC6393XB, + T7L66XB and also ipaq ASIC3 ++ ++config GPIOMMC ++ tristate "MMC/SD over GPIO-based SPI" ++ depends on MMC && MMC_SPI && SPI_GPIO ++ help ++ This driver hooks up the mmc_spi and spi_gpio modules so that ++ MMC/SD cards can be used on a GPIO based bus by bitbanging ++ the SPI protocol in software. ++ ++ This driver provides a configfs interface to dynamically create ++ and destroy GPIO-based MMC/SD card devices. It also provides ++ a platform device interface API. ++ See Documentation/gpiommc.txt for details. ++ ++ The module will be called gpiommc. ++ ++ If unsure, say N. ++ ++config GPIOMMC_CONFIGFS ++ bool ++ depends on GPIOMMC && CONFIGFS_FS ++ default y ++ help ++ This option automatically enables configfs support for gpiommc ++ if configfs is available. +--- a/drivers/mmc/host/Makefile ++++ b/drivers/mmc/host/Makefile +@@ -22,4 +22,5 @@ + obj-$(CONFIG_MMC_S3C) += s3cmci.o + obj-$(CONFIG_MMC_SDRICOH_CS) += sdricoh_cs.o + obj-$(CONFIG_MMC_TMIO) += tmio_mmc.o ++obj-$(CONFIG_GPIOMMC) += gpiommc.o + +--- /dev/null ++++ b/include/linux/mmc/gpiommc.h +@@ -0,0 +1,71 @@ ++/* ++ * Device driver for MMC/SD cards driven over a GPIO bus. ++ * ++ * Copyright (c) 2008 Michael Buesch ++ * ++ * Licensed under the GNU/GPL version 2. ++ */ ++#ifndef LINUX_GPIOMMC_H_ ++#define LINUX_GPIOMMC_H_ ++ ++#include <linux/types.h> ++ ++ ++#define GPIOMMC_MAX_NAMELEN 15 ++#define GPIOMMC_MAX_NAMELEN_STR __stringify(GPIOMMC_MAX_NAMELEN) ++ ++/** ++ * struct gpiommc_pins - Hardware pin assignments ++ * ++ * @gpio_di: The GPIO number of the DATA IN pin ++ * @gpio_do: The GPIO number of the DATA OUT pin ++ * @gpio_clk: The GPIO number of the CLOCK pin ++ * @gpio_cs: The GPIO number of the CHIPSELECT pin ++ * @cs_activelow: If true, the chip is considered selected if @gpio_cs is low. ++ */ ++struct gpiommc_pins { ++ unsigned int gpio_di; ++ unsigned int gpio_do; ++ unsigned int gpio_clk; ++ unsigned int gpio_cs; ++ bool cs_activelow; ++}; ++ ++/** ++ * struct gpiommc_platform_data - Platform data for a MMC-over-SPI-GPIO device. ++ * ++ * @name: The unique name string of the device. ++ * @pins: The hardware pin assignments. ++ * @mode: The hardware mode. This is either SPI_MODE_0, ++ * SPI_MODE_1, SPI_MODE_2 or SPI_MODE_3. See the SPI documentation. ++ * @no_spi_delay: Do not use delays in the lowlevel SPI bitbanging code. ++ * This is not standards compliant, but may be required for some ++ * embedded machines to gain reasonable speed. ++ * @max_bus_speed: The maximum speed of the SPI bus, in Hertz. ++ */ ++struct gpiommc_platform_data { ++ char name[GPIOMMC_MAX_NAMELEN + 1]; ++ struct gpiommc_pins pins; ++ u8 mode; ++ bool no_spi_delay; ++ unsigned int max_bus_speed; ++}; ++ ++/** ++ * GPIOMMC_PLATDEV_NAME - The platform device name string. ++ * ++ * The name string that has to be used for platform_device_alloc ++ * when allocating a gpiommc device. ++ */ ++#define GPIOMMC_PLATDEV_NAME "gpiommc" ++ ++/** ++ * gpiommc_next_id - Get another platform device ID number. ++ * ++ * This returns the next platform device ID number that has to be used ++ * for platform_device_alloc. The ID is opaque and should not be used for ++ * anything else. ++ */ ++int gpiommc_next_id(void); ++ ++#endif /* LINUX_GPIOMMC_H_ */ +--- /dev/null ++++ b/Documentation/gpiommc.txt +@@ -0,0 +1,97 @@ ++GPIOMMC - Driver for an MMC/SD card on a bitbanging GPIO SPI bus ++================================================================ ++ ++The gpiommc module hooks up the mmc_spi and spi_gpio modules for running an ++MMC or SD card on GPIO pins. ++ ++Two interfaces for registering a new MMC/SD card device are provided: ++A static platform-device based mechanism and a dynamic configfs based interface. ++ ++ ++Registering devices via platform-device ++======================================= ++ ++The platform-device interface is used for registering MMC/SD devices that are ++part of the hardware platform. This is most useful only for embedded machines ++with MMC/SD devices statically connected to the platform GPIO bus. ++ ++The data structures are declared in <linux/mmc/gpiommc.h>. ++ ++To register a new device, define an instance of struct gpiommc_platform_data. ++This structure holds any information about how the device is hooked up to the ++GPIO pins and what hardware modes the device supports. See the docbook-style ++documentation in the header file for more information on the struct fields. ++ ++Then allocate a new instance of a platform device by doing: ++ ++ pdev = platform_device_alloc(GPIOMMC_PLATDEV_NAME, gpiommc_next_id()); ++ ++This will allocate the platform device data structures and hook it up to the ++gpiommc driver. ++Then add the gpiommc_platform_data to the platform device. ++ ++ err = platform_device_add_data(pdev, pdata, sizeof(struct gpiommc_platform_data)); ++ ++You may free the local instance of struct gpiommc_platform_data now. (So the ++struct may be allocated on the stack, too). ++Now simply register the platform device. ++ ++ err = platform_device_add(pdev); ++ ++Done. The gpiommc probe routine will be invoked now and you should see a kernel ++log message for the added device. ++ ++ ++Registering devices via configfs ++================================ ++ ++MMC/SD cards connected via GPIO often are a pretty dynamic thing, as for example ++selfmade hacks for soldering an MMC/SD card to standard GPIO pins on embedded ++hardware are a common situation. ++So we provide a dynamic interface to conveniently handle adding and removing ++devices from userspace, without the need to recompile the kernel. ++ ++The "gpiommc" subdirectory at the configfs mountpoint is used for handling ++the dynamic configuration. ++ ++To create a new device, it must first be allocated with mkdir. ++The following command will allocate a device named "my_mmc": ++ mkdir /config/gpiommc/my_mmc ++ ++There are several configuration files available in the new ++/config/gpiommc/my_mmc/ directory: ++ ++gpio_data_in = The SPI data-IN GPIO pin number. ++gpio_data_out = The SPI data-OUT GPIO pin number. ++gpio_clock = The SPI Clock GPIO pin number. ++gpio_chipselect = The SPI Chipselect GPIO pin number. ++gpio_chipselect_activelow = Boolean. If 0, Chipselect is active-HIGH. ++ If 1, Chipselect is active-LOW. ++spi_mode = The SPI data mode. Can be 0-3. ++spi_delay = Enable all delays in the lowlevel bitbanging. ++max_bus_speed = The maximum SPI bus speed. In Hertz. ++ ++register = Not a configuration parameter. ++ Used to register the configured card ++ with the kernel. ++ ++The device must first get configured and then registered by writing "1" to ++the "register" file. ++The configuration parameters "gpio_data_in", "gpio_data_out", "gpio_clock" ++and "gpio_chipselect" are essential and _must_ be configured before writing ++"1" to the "register" file. The registration will fail, otherwise. ++ ++The default values for the other parameters are: ++gpio_chipselect_activelow = 1 (CS active-LOW) ++spi_mode = 0 (SPI_MODE_0) ++spi_delay = 1 (enabled) ++max_bus_speed = 5000000 (5 Mhz) ++ ++Configuration values can not be changed after registration. To unregister ++the device, write a "0" to the "register" file. The configuration can be ++changed again after unregistering. ++ ++To completely remove the device, simply rmdir the directory ++(/config/gpiommc/my_mmc in this example). ++There's no need to first unregister the device before removing it. That will ++be done automatically. +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -1835,6 +1835,11 @@ + W: http://gigaset307x.sourceforge.net/ + S: Maintained + ++GPIOMMC DRIVER ++P: Michael Buesch ++M: mb@bu3sch.de ++S: Maintained ++ + HARDWARE MONITORING + L: lm-sensors@lm-sensors.org + W: http://www.lm-sensors.org/ diff --git a/target/linux/generic-2.6/patches-2.6.27/923-gpiommc-configfs-locking.patch b/target/linux/generic-2.6/patches-2.6.27/923-gpiommc-configfs-locking.patch new file mode 100644 index 0000000000..1d0f5ba651 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/923-gpiommc-configfs-locking.patch @@ -0,0 +1,58 @@ +The gpiommc configfs context structure needs locking, as configfs +does not lock access between files. + +--- a/drivers/mmc/host/gpiommc.c ++++ b/drivers/mmc/host/gpiommc.c +@@ -143,6 +143,8 @@ + struct platform_device *pdev; + /* The configuration */ + struct gpiommc_platform_data pdata; ++ /* Mutex to protect this structure */ ++ struct mutex mutex; + }; + + #define GPIO_INVALID -1 +@@ -233,6 +235,8 @@ + unsigned int gpio; + int err = 0; + ++ mutex_lock(&dev->mutex); ++ + if (attr == &gpiommc_attr_DI) { + gpio = dev->pdata.pins.gpio_di; + if (gpio == GPIO_INVALID) +@@ -293,6 +297,8 @@ + WARN_ON(1); + err = -ENOSYS; + out: ++ mutex_unlock(&dev->mutex); ++ + return err ? err : count; + } + +@@ -352,6 +358,8 @@ + int err = -EINVAL; + unsigned long data; + ++ mutex_lock(&dev->mutex); ++ + if (attr == &gpiommc_attr_register) { + err = strict_strtoul(page, 10, &data); + if (err) +@@ -477,6 +485,8 @@ + WARN_ON(1); + err = -ENOSYS; + out: ++ mutex_unlock(&dev->mutex); ++ + return err ? err : count; + } + +@@ -513,6 +523,7 @@ + if (!dev) + return NULL; + ++ mutex_init(&dev->mutex); + config_item_init_type_name(&dev->item, name, + &gpiommc_dev_ci_type); + diff --git a/target/linux/generic-2.6/patches-2.6.27/950-revert_xt_sctp_simplify.patch b/target/linux/generic-2.6/patches-2.6.27/950-revert_xt_sctp_simplify.patch new file mode 100644 index 0000000000..a4d9381b59 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/950-revert_xt_sctp_simplify.patch @@ -0,0 +1,103 @@ +--- a/include/linux/netfilter/xt_sctp.h ++++ b/include/linux/netfilter/xt_sctp.h +@@ -37,54 +37,68 @@ + + #define SCTP_CHUNKMAP_SET(chunkmap, type) \ + do { \ +- (chunkmap)[type / bytes(u_int32_t)] |= \ ++ chunkmap[type / bytes(u_int32_t)] |= \ + 1 << (type % bytes(u_int32_t)); \ + } while (0) + + #define SCTP_CHUNKMAP_CLEAR(chunkmap, type) \ + do { \ +- (chunkmap)[type / bytes(u_int32_t)] &= \ ++ chunkmap[type / bytes(u_int32_t)] &= \ + ~(1 << (type % bytes(u_int32_t))); \ + } while (0) + + #define SCTP_CHUNKMAP_IS_SET(chunkmap, type) \ + ({ \ +- ((chunkmap)[type / bytes (u_int32_t)] & \ ++ (chunkmap[type / bytes (u_int32_t)] & \ + (1 << (type % bytes (u_int32_t)))) ? 1: 0; \ + }) + +-#define SCTP_CHUNKMAP_RESET(chunkmap) \ +- memset((chunkmap), 0, sizeof(chunkmap)) ++#define SCTP_CHUNKMAP_RESET(chunkmap) \ ++ do { \ ++ int i; \ ++ for (i = 0; i < ARRAY_SIZE(chunkmap); i++) \ ++ chunkmap[i] = 0; \ ++ } while (0) + +-#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \ +- memset((chunkmap), ~0U, sizeof(chunkmap)) ++#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \ ++ do { \ ++ int i; \ ++ for (i = 0; i < ARRAY_SIZE(chunkmap); i++) \ ++ chunkmap[i] = ~0; \ ++ } while (0) + +-#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \ +- memcpy((destmap), (srcmap), sizeof(srcmap)) ++#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \ ++ do { \ ++ int i; \ ++ for (i = 0; i < ARRAY_SIZE(srcmap); i++) \ ++ destmap[i] = srcmap[i]; \ ++ } while (0) ++ ++#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \ ++({ \ ++ int i; \ ++ int flag = 1; \ ++ for (i = 0; i < ARRAY_SIZE(chunkmap); i++) { \ ++ if (chunkmap[i]) { \ ++ flag = 0; \ ++ break; \ ++ } \ ++ } \ ++ flag; \ ++}) + +-#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \ +- __sctp_chunkmap_is_clear((chunkmap), ARRAY_SIZE(chunkmap)) +-static inline bool +-__sctp_chunkmap_is_clear(const u_int32_t *chunkmap, unsigned int n) +-{ +- unsigned int i; +- for (i = 0; i < n; ++i) +- if (chunkmap[i]) +- return false; +- return true; +-} +- +-#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \ +- __sctp_chunkmap_is_all_set((chunkmap), ARRAY_SIZE(chunkmap)) +-static inline bool +-__sctp_chunkmap_is_all_set(const u_int32_t *chunkmap, unsigned int n) +-{ +- unsigned int i; +- for (i = 0; i < n; ++i) +- if (chunkmap[i] != ~0U) +- return false; +- return true; +-} ++#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \ ++({ \ ++ int i; \ ++ int flag = 1; \ ++ for (i = 0; i < ARRAY_SIZE(chunkmap); i++) { \ ++ if (chunkmap[i] != ~0) { \ ++ flag = 0; \ ++ break; \ ++ } \ ++ } \ ++ flag; \ ++}) + + #endif /* _XT_SCTP_H_ */ + diff --git a/target/linux/generic-2.6/patches-2.6.27/951-revert_gcc4_4_fixes.patch b/target/linux/generic-2.6/patches-2.6.27/951-revert_gcc4_4_fixes.patch new file mode 100644 index 0000000000..271f01de12 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/951-revert_gcc4_4_fixes.patch @@ -0,0 +1,524 @@ +--- a/arch/powerpc/boot/crtsavres.S ++++ /dev/null +@@ -1,233 +0,0 @@ +-/* +- * Special support for eabi and SVR4 +- * +- * Copyright (C) 1995, 1996, 1998, 2000, 2001 Free Software Foundation, Inc. +- * Copyright 2008 Freescale Semiconductor, Inc. +- * Written By Michael Meissner +- * +- * Based on gcc/config/rs6000/crtsavres.asm from gcc +- * +- * This file is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License as published by the +- * Free Software Foundation; either version 2, or (at your option) any +- * later version. +- * +- * In addition to the permissions in the GNU General Public License, the +- * Free Software Foundation gives you unlimited permission to link the +- * compiled version of this file with other programs, and to distribute +- * those programs without any restriction coming from the use of this +- * file. (The General Public License restrictions do apply in other +- * respects; for example, they cover modification of the file, and +- * distribution when not linked into another program.) +- * +- * This file is distributed in the hope that it will be useful, but +- * WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +- * General Public License for more details. +- * +- * You should have received a copy of the GNU General Public License +- * along with this program; see the file COPYING. If not, write to +- * the Free Software Foundation, 51 Franklin Street, Fifth Floor, +- * Boston, MA 02110-1301, USA. +- * +- * As a special exception, if you link this library with files +- * compiled with GCC to produce an executable, this does not cause +- * the resulting executable to be covered by the GNU General Public License. +- * This exception does not however invalidate any other reasons why +- * the executable file might be covered by the GNU General Public License. +- */ +- +- .file "crtsavres.S" +- .section ".text" +- +-/* On PowerPC64 Linux, these functions are provided by the linker. */ +-#ifndef __powerpc64__ +- +-#define _GLOBAL(name) \ +- .type name,@function; \ +- .globl name; \ +-name: +- +-/* Routines for saving integer registers, called by the compiler. */ +-/* Called with r11 pointing to the stack header word of the caller of the */ +-/* function, just beyond the end of the integer save area. */ +- +-_GLOBAL(_savegpr_14) +-_GLOBAL(_save32gpr_14) +- stw 14,-72(11) /* save gp registers */ +-_GLOBAL(_savegpr_15) +-_GLOBAL(_save32gpr_15) +- stw 15,-68(11) +-_GLOBAL(_savegpr_16) +-_GLOBAL(_save32gpr_16) +- stw 16,-64(11) +-_GLOBAL(_savegpr_17) +-_GLOBAL(_save32gpr_17) +- stw 17,-60(11) +-_GLOBAL(_savegpr_18) +-_GLOBAL(_save32gpr_18) +- stw 18,-56(11) +-_GLOBAL(_savegpr_19) +-_GLOBAL(_save32gpr_19) +- stw 19,-52(11) +-_GLOBAL(_savegpr_20) +-_GLOBAL(_save32gpr_20) +- stw 20,-48(11) +-_GLOBAL(_savegpr_21) +-_GLOBAL(_save32gpr_21) +- stw 21,-44(11) +-_GLOBAL(_savegpr_22) +-_GLOBAL(_save32gpr_22) +- stw 22,-40(11) +-_GLOBAL(_savegpr_23) +-_GLOBAL(_save32gpr_23) +- stw 23,-36(11) +-_GLOBAL(_savegpr_24) +-_GLOBAL(_save32gpr_24) +- stw 24,-32(11) +-_GLOBAL(_savegpr_25) +-_GLOBAL(_save32gpr_25) +- stw 25,-28(11) +-_GLOBAL(_savegpr_26) +-_GLOBAL(_save32gpr_26) +- stw 26,-24(11) +-_GLOBAL(_savegpr_27) +-_GLOBAL(_save32gpr_27) +- stw 27,-20(11) +-_GLOBAL(_savegpr_28) +-_GLOBAL(_save32gpr_28) +- stw 28,-16(11) +-_GLOBAL(_savegpr_29) +-_GLOBAL(_save32gpr_29) +- stw 29,-12(11) +-_GLOBAL(_savegpr_30) +-_GLOBAL(_save32gpr_30) +- stw 30,-8(11) +-_GLOBAL(_savegpr_31) +-_GLOBAL(_save32gpr_31) +- stw 31,-4(11) +- blr +- +-/* Routines for restoring integer registers, called by the compiler. */ +-/* Called with r11 pointing to the stack header word of the caller of the */ +-/* function, just beyond the end of the integer restore area. */ +- +-_GLOBAL(_restgpr_14) +-_GLOBAL(_rest32gpr_14) +- lwz 14,-72(11) /* restore gp registers */ +-_GLOBAL(_restgpr_15) +-_GLOBAL(_rest32gpr_15) +- lwz 15,-68(11) +-_GLOBAL(_restgpr_16) +-_GLOBAL(_rest32gpr_16) +- lwz 16,-64(11) +-_GLOBAL(_restgpr_17) +-_GLOBAL(_rest32gpr_17) +- lwz 17,-60(11) +-_GLOBAL(_restgpr_18) +-_GLOBAL(_rest32gpr_18) +- lwz 18,-56(11) +-_GLOBAL(_restgpr_19) +-_GLOBAL(_rest32gpr_19) +- lwz 19,-52(11) +-_GLOBAL(_restgpr_20) +-_GLOBAL(_rest32gpr_20) +- lwz 20,-48(11) +-_GLOBAL(_restgpr_21) +-_GLOBAL(_rest32gpr_21) +- lwz 21,-44(11) +-_GLOBAL(_restgpr_22) +-_GLOBAL(_rest32gpr_22) +- lwz 22,-40(11) +-_GLOBAL(_restgpr_23) +-_GLOBAL(_rest32gpr_23) +- lwz 23,-36(11) +-_GLOBAL(_restgpr_24) +-_GLOBAL(_rest32gpr_24) +- lwz 24,-32(11) +-_GLOBAL(_restgpr_25) +-_GLOBAL(_rest32gpr_25) +- lwz 25,-28(11) +-_GLOBAL(_restgpr_26) +-_GLOBAL(_rest32gpr_26) +- lwz 26,-24(11) +-_GLOBAL(_restgpr_27) +-_GLOBAL(_rest32gpr_27) +- lwz 27,-20(11) +-_GLOBAL(_restgpr_28) +-_GLOBAL(_rest32gpr_28) +- lwz 28,-16(11) +-_GLOBAL(_restgpr_29) +-_GLOBAL(_rest32gpr_29) +- lwz 29,-12(11) +-_GLOBAL(_restgpr_30) +-_GLOBAL(_rest32gpr_30) +- lwz 30,-8(11) +-_GLOBAL(_restgpr_31) +-_GLOBAL(_rest32gpr_31) +- lwz 31,-4(11) +- blr +- +-/* Routines for restoring integer registers, called by the compiler. */ +-/* Called with r11 pointing to the stack header word of the caller of the */ +-/* function, just beyond the end of the integer restore area. */ +- +-_GLOBAL(_restgpr_14_x) +-_GLOBAL(_rest32gpr_14_x) +- lwz 14,-72(11) /* restore gp registers */ +-_GLOBAL(_restgpr_15_x) +-_GLOBAL(_rest32gpr_15_x) +- lwz 15,-68(11) +-_GLOBAL(_restgpr_16_x) +-_GLOBAL(_rest32gpr_16_x) +- lwz 16,-64(11) +-_GLOBAL(_restgpr_17_x) +-_GLOBAL(_rest32gpr_17_x) +- lwz 17,-60(11) +-_GLOBAL(_restgpr_18_x) +-_GLOBAL(_rest32gpr_18_x) +- lwz 18,-56(11) +-_GLOBAL(_restgpr_19_x) +-_GLOBAL(_rest32gpr_19_x) +- lwz 19,-52(11) +-_GLOBAL(_restgpr_20_x) +-_GLOBAL(_rest32gpr_20_x) +- lwz 20,-48(11) +-_GLOBAL(_restgpr_21_x) +-_GLOBAL(_rest32gpr_21_x) +- lwz 21,-44(11) +-_GLOBAL(_restgpr_22_x) +-_GLOBAL(_rest32gpr_22_x) +- lwz 22,-40(11) +-_GLOBAL(_restgpr_23_x) +-_GLOBAL(_rest32gpr_23_x) +- lwz 23,-36(11) +-_GLOBAL(_restgpr_24_x) +-_GLOBAL(_rest32gpr_24_x) +- lwz 24,-32(11) +-_GLOBAL(_restgpr_25_x) +-_GLOBAL(_rest32gpr_25_x) +- lwz 25,-28(11) +-_GLOBAL(_restgpr_26_x) +-_GLOBAL(_rest32gpr_26_x) +- lwz 26,-24(11) +-_GLOBAL(_restgpr_27_x) +-_GLOBAL(_rest32gpr_27_x) +- lwz 27,-20(11) +-_GLOBAL(_restgpr_28_x) +-_GLOBAL(_rest32gpr_28_x) +- lwz 28,-16(11) +-_GLOBAL(_restgpr_29_x) +-_GLOBAL(_rest32gpr_29_x) +- lwz 29,-12(11) +-_GLOBAL(_restgpr_30_x) +-_GLOBAL(_rest32gpr_30_x) +- lwz 30,-8(11) +-_GLOBAL(_restgpr_31_x) +-_GLOBAL(_rest32gpr_31_x) +- lwz 0,4(11) +- lwz 31,-4(11) +- mtlr 0 +- mr 1,11 +- blr +-#endif +--- a/arch/powerpc/boot/Makefile ++++ b/arch/powerpc/boot/Makefile +@@ -53,7 +53,7 @@ + $(addprefix $(obj)/,$(zliblinuxheader)) $(addprefix $(obj)/,$(zlibheader)) + + src-libfdt := fdt.c fdt_ro.c fdt_wip.c fdt_sw.c fdt_rw.c fdt_strerror.c +-src-wlib := string.S crt0.S crtsavres.S stdio.c main.c \ ++src-wlib := string.S crt0.S stdio.c main.c \ + $(addprefix libfdt/,$(src-libfdt)) libfdt-wrapper.c \ + ns16550.c serial.c simple_alloc.c div64.S util.S \ + gunzip_util.c elf_util.c $(zlib) devtree.c oflib.c ofconsole.c \ +--- a/arch/powerpc/kernel/prom_init_check.sh ++++ b/arch/powerpc/kernel/prom_init_check.sh +@@ -48,20 +48,6 @@ + fi + done + +- # ignore register save/restore funcitons +- if [ "${UNDEF:0:9}" = "_restgpr_" ]; then +- OK=1 +- fi +- if [ "${UNDEF:0:11}" = "_rest32gpr_" ]; then +- OK=1 +- fi +- if [ "${UNDEF:0:9}" = "_savegpr_" ]; then +- OK=1 +- fi +- if [ "${UNDEF:0:11}" = "_save32gpr_" ]; then +- OK=1 +- fi +- + if [ $OK -eq 0 ]; then + ERROR=1 + echo "Error: External symbol '$UNDEF' referenced" \ +--- a/arch/powerpc/lib/crtsavres.S ++++ /dev/null +@@ -1,229 +0,0 @@ +-/* +- * Special support for eabi and SVR4 +- * +- * Copyright (C) 1995, 1996, 1998, 2000, 2001 Free Software Foundation, Inc. +- * Copyright 2008 Freescale Semiconductor, Inc. +- * Written By Michael Meissner +- * +- * Based on gcc/config/rs6000/crtsavres.asm from gcc +- * +- * This file is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License as published by the +- * Free Software Foundation; either version 2, or (at your option) any +- * later version. +- * +- * In addition to the permissions in the GNU General Public License, the +- * Free Software Foundation gives you unlimited permission to link the +- * compiled version of this file with other programs, and to distribute +- * those programs without any restriction coming from the use of this +- * file. (The General Public License restrictions do apply in other +- * respects; for example, they cover modification of the file, and +- * distribution when not linked into another program.) +- * +- * This file is distributed in the hope that it will be useful, but +- * WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +- * General Public License for more details. +- * +- * You should have received a copy of the GNU General Public License +- * along with this program; see the file COPYING. If not, write to +- * the Free Software Foundation, 51 Franklin Street, Fifth Floor, +- * Boston, MA 02110-1301, USA. +- * +- * As a special exception, if you link this library with files +- * compiled with GCC to produce an executable, this does not cause +- * the resulting executable to be covered by the GNU General Public License. +- * This exception does not however invalidate any other reasons why +- * the executable file might be covered by the GNU General Public License. +- */ +- +-#include <asm/ppc_asm.h> +- +- .file "crtsavres.S" +- .section ".text" +- +-#ifdef CONFIG_CC_OPTIMIZE_FOR_SIZE +- +-/* Routines for saving integer registers, called by the compiler. */ +-/* Called with r11 pointing to the stack header word of the caller of the */ +-/* function, just beyond the end of the integer save area. */ +- +-_GLOBAL(_savegpr_14) +-_GLOBAL(_save32gpr_14) +- stw 14,-72(11) /* save gp registers */ +-_GLOBAL(_savegpr_15) +-_GLOBAL(_save32gpr_15) +- stw 15,-68(11) +-_GLOBAL(_savegpr_16) +-_GLOBAL(_save32gpr_16) +- stw 16,-64(11) +-_GLOBAL(_savegpr_17) +-_GLOBAL(_save32gpr_17) +- stw 17,-60(11) +-_GLOBAL(_savegpr_18) +-_GLOBAL(_save32gpr_18) +- stw 18,-56(11) +-_GLOBAL(_savegpr_19) +-_GLOBAL(_save32gpr_19) +- stw 19,-52(11) +-_GLOBAL(_savegpr_20) +-_GLOBAL(_save32gpr_20) +- stw 20,-48(11) +-_GLOBAL(_savegpr_21) +-_GLOBAL(_save32gpr_21) +- stw 21,-44(11) +-_GLOBAL(_savegpr_22) +-_GLOBAL(_save32gpr_22) +- stw 22,-40(11) +-_GLOBAL(_savegpr_23) +-_GLOBAL(_save32gpr_23) +- stw 23,-36(11) +-_GLOBAL(_savegpr_24) +-_GLOBAL(_save32gpr_24) +- stw 24,-32(11) +-_GLOBAL(_savegpr_25) +-_GLOBAL(_save32gpr_25) +- stw 25,-28(11) +-_GLOBAL(_savegpr_26) +-_GLOBAL(_save32gpr_26) +- stw 26,-24(11) +-_GLOBAL(_savegpr_27) +-_GLOBAL(_save32gpr_27) +- stw 27,-20(11) +-_GLOBAL(_savegpr_28) +-_GLOBAL(_save32gpr_28) +- stw 28,-16(11) +-_GLOBAL(_savegpr_29) +-_GLOBAL(_save32gpr_29) +- stw 29,-12(11) +-_GLOBAL(_savegpr_30) +-_GLOBAL(_save32gpr_30) +- stw 30,-8(11) +-_GLOBAL(_savegpr_31) +-_GLOBAL(_save32gpr_31) +- stw 31,-4(11) +- blr +- +-/* Routines for restoring integer registers, called by the compiler. */ +-/* Called with r11 pointing to the stack header word of the caller of the */ +-/* function, just beyond the end of the integer restore area. */ +- +-_GLOBAL(_restgpr_14) +-_GLOBAL(_rest32gpr_14) +- lwz 14,-72(11) /* restore gp registers */ +-_GLOBAL(_restgpr_15) +-_GLOBAL(_rest32gpr_15) +- lwz 15,-68(11) +-_GLOBAL(_restgpr_16) +-_GLOBAL(_rest32gpr_16) +- lwz 16,-64(11) +-_GLOBAL(_restgpr_17) +-_GLOBAL(_rest32gpr_17) +- lwz 17,-60(11) +-_GLOBAL(_restgpr_18) +-_GLOBAL(_rest32gpr_18) +- lwz 18,-56(11) +-_GLOBAL(_restgpr_19) +-_GLOBAL(_rest32gpr_19) +- lwz 19,-52(11) +-_GLOBAL(_restgpr_20) +-_GLOBAL(_rest32gpr_20) +- lwz 20,-48(11) +-_GLOBAL(_restgpr_21) +-_GLOBAL(_rest32gpr_21) +- lwz 21,-44(11) +-_GLOBAL(_restgpr_22) +-_GLOBAL(_rest32gpr_22) +- lwz 22,-40(11) +-_GLOBAL(_restgpr_23) +-_GLOBAL(_rest32gpr_23) +- lwz 23,-36(11) +-_GLOBAL(_restgpr_24) +-_GLOBAL(_rest32gpr_24) +- lwz 24,-32(11) +-_GLOBAL(_restgpr_25) +-_GLOBAL(_rest32gpr_25) +- lwz 25,-28(11) +-_GLOBAL(_restgpr_26) +-_GLOBAL(_rest32gpr_26) +- lwz 26,-24(11) +-_GLOBAL(_restgpr_27) +-_GLOBAL(_rest32gpr_27) +- lwz 27,-20(11) +-_GLOBAL(_restgpr_28) +-_GLOBAL(_rest32gpr_28) +- lwz 28,-16(11) +-_GLOBAL(_restgpr_29) +-_GLOBAL(_rest32gpr_29) +- lwz 29,-12(11) +-_GLOBAL(_restgpr_30) +-_GLOBAL(_rest32gpr_30) +- lwz 30,-8(11) +-_GLOBAL(_restgpr_31) +-_GLOBAL(_rest32gpr_31) +- lwz 31,-4(11) +- blr +- +-/* Routines for restoring integer registers, called by the compiler. */ +-/* Called with r11 pointing to the stack header word of the caller of the */ +-/* function, just beyond the end of the integer restore area. */ +- +-_GLOBAL(_restgpr_14_x) +-_GLOBAL(_rest32gpr_14_x) +- lwz 14,-72(11) /* restore gp registers */ +-_GLOBAL(_restgpr_15_x) +-_GLOBAL(_rest32gpr_15_x) +- lwz 15,-68(11) +-_GLOBAL(_restgpr_16_x) +-_GLOBAL(_rest32gpr_16_x) +- lwz 16,-64(11) +-_GLOBAL(_restgpr_17_x) +-_GLOBAL(_rest32gpr_17_x) +- lwz 17,-60(11) +-_GLOBAL(_restgpr_18_x) +-_GLOBAL(_rest32gpr_18_x) +- lwz 18,-56(11) +-_GLOBAL(_restgpr_19_x) +-_GLOBAL(_rest32gpr_19_x) +- lwz 19,-52(11) +-_GLOBAL(_restgpr_20_x) +-_GLOBAL(_rest32gpr_20_x) +- lwz 20,-48(11) +-_GLOBAL(_restgpr_21_x) +-_GLOBAL(_rest32gpr_21_x) +- lwz 21,-44(11) +-_GLOBAL(_restgpr_22_x) +-_GLOBAL(_rest32gpr_22_x) +- lwz 22,-40(11) +-_GLOBAL(_restgpr_23_x) +-_GLOBAL(_rest32gpr_23_x) +- lwz 23,-36(11) +-_GLOBAL(_restgpr_24_x) +-_GLOBAL(_rest32gpr_24_x) +- lwz 24,-32(11) +-_GLOBAL(_restgpr_25_x) +-_GLOBAL(_rest32gpr_25_x) +- lwz 25,-28(11) +-_GLOBAL(_restgpr_26_x) +-_GLOBAL(_rest32gpr_26_x) +- lwz 26,-24(11) +-_GLOBAL(_restgpr_27_x) +-_GLOBAL(_rest32gpr_27_x) +- lwz 27,-20(11) +-_GLOBAL(_restgpr_28_x) +-_GLOBAL(_rest32gpr_28_x) +- lwz 28,-16(11) +-_GLOBAL(_restgpr_29_x) +-_GLOBAL(_rest32gpr_29_x) +- lwz 29,-12(11) +-_GLOBAL(_restgpr_30_x) +-_GLOBAL(_rest32gpr_30_x) +- lwz 30,-8(11) +-_GLOBAL(_restgpr_31_x) +-_GLOBAL(_rest32gpr_31_x) +- lwz 0,4(11) +- lwz 31,-4(11) +- mtlr 0 +- mr 1,11 +- blr +-#endif +--- a/arch/powerpc/lib/Makefile ++++ b/arch/powerpc/lib/Makefile +@@ -8,7 +8,7 @@ + + obj-y := string.o alloc.o \ + checksum_$(CONFIG_WORD_SIZE).o +-obj-$(CONFIG_PPC32) += div64.o copy_32.o crtsavres.o ++obj-$(CONFIG_PPC32) += div64.o copy_32.o + obj-$(CONFIG_HAS_IOMEM) += devres.o + + obj-$(CONFIG_PPC64) += copypage_64.o copyuser_64.o \ +--- a/arch/powerpc/Makefile ++++ b/arch/powerpc/Makefile +@@ -90,8 +90,6 @@ + else + KBUILD_CFLAGS += $(call cc-option,-mtune=power4) + endif +-else +-LDFLAGS_MODULE += arch/powerpc/lib/crtsavres.o + endif + + ifeq ($(CONFIG_TUNE_CELL),y) diff --git a/target/linux/generic-2.6/patches-2.6.27/970-ocf_20080704.patch b/target/linux/generic-2.6/patches-2.6.27/970-ocf_20080704.patch new file mode 100644 index 0000000000..f8b0b49a35 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/970-ocf_20080704.patch @@ -0,0 +1,19465 @@ +--- a/crypto/Kconfig ++++ b/crypto/Kconfig +@@ -669,3 +669,6 @@ + source "drivers/crypto/Kconfig" + + endif # if CRYPTO ++ ++source "crypto/ocf/Kconfig" ++ +--- a/crypto/Makefile ++++ b/crypto/Makefile +@@ -72,6 +72,8 @@ + + obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o + ++obj-$(CONFIG_OCF_OCF) += ocf/ ++ + # + # generic algorithms and the async_tx api + # +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -129,6 +129,9 @@ + * unsigned int value); + * void add_interrupt_randomness(int irq); + * ++ * void random_input_words(__u32 *buf, size_t wordcount, int ent_count) ++ * int random_input_wait(void); ++ * + * add_input_randomness() uses the input layer interrupt timing, as well as + * the event type information from the hardware. + * +@@ -140,6 +143,13 @@ + * a better measure, since the timing of the disk interrupts are more + * unpredictable. + * ++ * random_input_words() just provides a raw block of entropy to the input ++ * pool, such as from a hardware entropy generator. ++ * ++ * random_input_wait() suspends the caller until such time as the ++ * entropy pool falls below the write threshold, and returns a count of how ++ * much entropy (in bits) is needed to sustain the pool. ++ * + * All of these routines try to estimate how many bits of randomness a + * particular randomness source. They do this by keeping track of the + * first and second order deltas of the event timings. +@@ -668,6 +678,61 @@ + } + #endif + ++/* ++ * random_input_words - add bulk entropy to pool ++ * ++ * @buf: buffer to add ++ * @wordcount: number of __u32 words to add ++ * @ent_count: total amount of entropy (in bits) to credit ++ * ++ * this provides bulk input of entropy to the input pool ++ * ++ */ ++void random_input_words(__u32 *buf, size_t wordcount, int ent_count) ++{ ++ mix_pool_bytes(&input_pool, buf, wordcount); ++ ++ credit_entropy_bits(&input_pool, ent_count); ++ ++ DEBUG_ENT("crediting %d bits => %d\n", ++ ent_count, input_pool.entropy_count); ++ /* ++ * Wake up waiting processes if we have enough ++ * entropy. ++ */ ++ if (input_pool.entropy_count >= random_read_wakeup_thresh) ++ wake_up_interruptible(&random_read_wait); ++} ++EXPORT_SYMBOL(random_input_words); ++ ++/* ++ * random_input_wait - wait until random needs entropy ++ * ++ * this function sleeps until the /dev/random subsystem actually ++ * needs more entropy, and then return the amount of entropy ++ * that it would be nice to have added to the system. ++ */ ++int random_input_wait(void) ++{ ++ int count; ++ ++ wait_event_interruptible(random_write_wait, ++ input_pool.entropy_count < random_write_wakeup_thresh); ++ ++ count = random_write_wakeup_thresh - input_pool.entropy_count; ++ ++ /* likely we got woken up due to a signal */ ++ if (count <= 0) count = random_read_wakeup_thresh; ++ ++ DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n", ++ count, ++ input_pool.entropy_count, random_write_wakeup_thresh); ++ ++ return count; ++} ++EXPORT_SYMBOL(random_input_wait); ++ ++ + #define EXTRACT_SIZE 10 + + /********************************************************************* +--- a/fs/fcntl.c ++++ b/fs/fcntl.c +@@ -139,6 +139,7 @@ + } + return ret; + } ++EXPORT_SYMBOL(sys_dup); + + #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | FASYNC | O_DIRECT | O_NOATIME) + +--- a/include/linux/miscdevice.h ++++ b/include/linux/miscdevice.h +@@ -12,6 +12,7 @@ + #define APOLLO_MOUSE_MINOR 7 + #define PC110PAD_MINOR 9 + /*#define ADB_MOUSE_MINOR 10 FIXME OBSOLETE */ ++#define CRYPTODEV_MINOR 70 /* /dev/crypto */ + #define WATCHDOG_MINOR 130 /* Watchdog timer */ + #define TEMP_MINOR 131 /* Temperature Sensor */ + #define RTC_MINOR 135 +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -8,6 +8,7 @@ + #define _LINUX_RANDOM_H + + #include <linux/ioctl.h> ++#include <linux/types.h> /* for __u32 in user space */ + + /* ioctl()'s for the random number generator */ + +@@ -32,6 +33,30 @@ + /* Clear the entropy pool and associated counters. (Superuser only.) */ + #define RNDCLEARPOOL _IO( 'R', 0x06 ) + ++#ifdef CONFIG_FIPS_RNG ++ ++/* Size of seed value - equal to AES blocksize */ ++#define AES_BLOCK_SIZE_BYTES 16 ++#define SEED_SIZE_BYTES AES_BLOCK_SIZE_BYTES ++/* Size of AES key */ ++#define KEY_SIZE_BYTES 16 ++ ++/* ioctl() structure used by FIPS 140-2 Tests */ ++struct rand_fips_test { ++ unsigned char key[KEY_SIZE_BYTES]; /* Input */ ++ unsigned char datetime[SEED_SIZE_BYTES]; /* Input */ ++ unsigned char seed[SEED_SIZE_BYTES]; /* Input */ ++ unsigned char result[SEED_SIZE_BYTES]; /* Output */ ++}; ++ ++/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */ ++#define RNDFIPSVST _IOWR('R', 0x10, struct rand_fips_test) ++ ++/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */ ++#define RNDFIPSMCT _IOWR('R', 0x11, struct rand_fips_test) ++ ++#endif /* #ifdef CONFIG_FIPS_RNG */ ++ + struct rand_pool_info { + int entropy_count; + int buf_size; +@@ -48,6 +73,10 @@ + unsigned int value); + extern void add_interrupt_randomness(int irq); + ++extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count); ++extern int random_input_wait(void); ++#define HAS_RANDOM_INPUT_WAIT 1 ++ + extern void get_random_bytes(void *buf, int nbytes); + void generate_random_uuid(unsigned char uuid_out[16]); + +--- /dev/null ++++ b/crypto/ocf/hifn/Makefile +@@ -0,0 +1,13 @@ ++# for SGlinux builds ++-include $(ROOTDIR)/modules/.config ++ ++obj-$(CONFIG_OCF_HIFN) += hifn7751.o ++obj-$(CONFIG_OCF_HIFNHIPP) += hifnHIPP.o ++ ++obj ?= . ++EXTRA_CFLAGS += -I$(obj)/.. -I$(obj)/ ++ ++ifdef TOPDIR ++-include $(TOPDIR)/Rules.make ++endif ++ +--- /dev/null ++++ b/crypto/ocf/safe/Makefile +@@ -0,0 +1,12 @@ ++# for SGlinux builds ++-include $(ROOTDIR)/modules/.config ++ ++obj-$(CONFIG_OCF_SAFE) += safe.o ++ ++obj ?= . ++EXTRA_CFLAGS += -I$(obj)/.. -I$(obj)/ ++ ++ifdef TOPDIR ++-include $(TOPDIR)/Rules.make ++endif ++ +--- /dev/null ++++ b/crypto/ocf/Makefile +@@ -0,0 +1,120 @@ ++# for SGlinux builds ++-include $(ROOTDIR)/modules/.config ++ ++OCF_OBJS = crypto.o criov.o ++ ++ifdef CONFIG_OCF_RANDOMHARVEST ++ OCF_OBJS += random.o ++endif ++ ++ifdef CONFIG_OCF_FIPS ++ OCF_OBJS += rndtest.o ++endif ++ ++# Add in autoconf.h to get #defines for CONFIG_xxx ++AUTOCONF_H=$(ROOTDIR)/modules/autoconf.h ++ifeq ($(AUTOCONF_H), $(wildcard $(AUTOCONF_H))) ++ EXTRA_CFLAGS += -include $(AUTOCONF_H) ++ export EXTRA_CFLAGS ++endif ++ ++ifndef obj ++ obj ?= . ++ _obj = subdir ++ mod-subdirs := safe hifn ixp4xx talitos ocfnull ++ export-objs += crypto.o criov.o random.o ++ list-multi += ocf.o ++ _slash := ++else ++ _obj = obj ++ _slash := / ++endif ++ ++EXTRA_CFLAGS += -I$(obj)/. ++ ++obj-$(CONFIG_OCF_OCF) += ocf.o ++obj-$(CONFIG_OCF_CRYPTODEV) += cryptodev.o ++obj-$(CONFIG_OCF_CRYPTOSOFT) += cryptosoft.o ++obj-$(CONFIG_OCF_BENCH) += ocf-bench.o ++ ++$(_obj)-$(CONFIG_OCF_SAFE) += safe$(_slash) ++$(_obj)-$(CONFIG_OCF_HIFN) += hifn$(_slash) ++$(_obj)-$(CONFIG_OCF_IXP4XX) += ixp4xx$(_slash) ++$(_obj)-$(CONFIG_OCF_TALITOS) += talitos$(_slash) ++$(_obj)-$(CONFIG_OCF_PASEMI) += pasemi$(_slash) ++$(_obj)-$(CONFIG_OCF_OCFNULL) += ocfnull$(_slash) ++ ++ocf-objs := $(OCF_OBJS) ++ ++$(list-multi) dummy1: $(ocf-objs) ++ $(LD) -r -o $@ $(ocf-objs) ++ ++.PHONY: ++clean: ++ rm -f *.o *.ko .*.o.flags .*.ko.cmd .*.o.cmd .*.mod.o.cmd *.mod.c ++ rm -f */*.o */*.ko */.*.o.cmd */.*.ko.cmd */.*.mod.o.cmd */*.mod.c */.*.o.flags ++ ++ifdef TOPDIR ++-include $(TOPDIR)/Rules.make ++endif ++ ++# ++# release gen targets ++# ++ ++.PHONY: patch ++patch: ++ REL=`date +%Y%m%d`; \ ++ patch=ocf-linux-$$REL.patch; \ ++ patch24=ocf-linux-24-$$REL.patch; \ ++ patch26=ocf-linux-26-$$REL.patch; \ ++ ( \ ++ find . -name Makefile; \ ++ find . -name Config.in; \ ++ find . -name Kconfig; \ ++ find . -name README; \ ++ find . -name '*.[ch]' | grep -v '.mod.c'; \ ++ ) | while read t; do \ ++ diff -Nau /dev/null $$t | sed 's?^+++ \./?+++ linux/crypto/ocf/?'; \ ++ done > $$patch; \ ++ cat patches/linux-2.4.35-ocf.patch $$patch > $$patch24; \ ++ cat patches/linux-2.6.25-ocf.patch $$patch > $$patch26 ++ ++.PHONY: tarball ++tarball: ++ REL=`date +%Y%m%d`; RELDIR=/tmp/ocf-linux-$$REL; \ ++ CURDIR=`pwd`; \ ++ rm -rf /tmp/ocf-linux-$$REL*; \ ++ mkdir -p $$RELDIR/tools; \ ++ cp README* $$RELDIR; \ ++ cp patches/openss*.patch $$RELDIR; \ ++ cp patches/crypto-tools.patch $$RELDIR; \ ++ cp tools/[!C]* $$RELDIR/tools; \ ++ cd ..; \ ++ tar cvf $$RELDIR/ocf-linux.tar \ ++ --exclude=CVS \ ++ --exclude=.* \ ++ --exclude=*.o \ ++ --exclude=*.ko \ ++ --exclude=*.mod.* \ ++ --exclude=README* \ ++ --exclude=ocf-*.patch \ ++ --exclude=ocf/patches/openss*.patch \ ++ --exclude=ocf/patches/crypto-tools.patch \ ++ --exclude=ocf/tools \ ++ ocf; \ ++ gzip -9 $$RELDIR/ocf-linux.tar; \ ++ cd /tmp; \ ++ tar cvf ocf-linux-$$REL.tar ocf-linux-$$REL; \ ++ gzip -9 ocf-linux-$$REL.tar; \ ++ cd $$CURDIR/../../user; \ ++ rm -rf /tmp/crypto-tools-$$REL*; \ ++ tar cvf /tmp/crypto-tools-$$REL.tar \ ++ --exclude=CVS \ ++ --exclude=.* \ ++ --exclude=*.o \ ++ --exclude=cryptotest \ ++ --exclude=cryptokeytest \ ++ crypto-tools; \ ++ gzip -9 /tmp/crypto-tools-$$REL.tar ++ +--- /dev/null ++++ b/crypto/ocf/talitos/Makefile +@@ -0,0 +1,12 @@ ++# for SGlinux builds ++-include $(ROOTDIR)/modules/.config ++ ++obj-$(CONFIG_OCF_TALITOS) += talitos.o ++ ++obj ?= . ++EXTRA_CFLAGS += -I$(obj)/.. -I$(obj)/ ++ ++ifdef TOPDIR ++-include $(TOPDIR)/Rules.make ++endif ++ +--- /dev/null ++++ b/crypto/ocf/ixp4xx/Makefile +@@ -0,0 +1,104 @@ ++# for SGlinux builds ++-include $(ROOTDIR)/modules/.config ++ ++# ++# You will need to point this at your Intel ixp425 includes, this portion ++# of the Makefile only really works under SGLinux with the appropriate libs ++# installed. They can be downloaded from http://www.snapgear.org/ ++# ++ifeq ($(CONFIG_CPU_IXP46X),y) ++IXPLATFORM = ixp46X ++else ++ifeq ($(CONFIG_CPU_IXP43X),y) ++IXPLATFORM = ixp43X ++else ++IXPLATFORM = ixp42X ++endif ++endif ++ ++ifdef CONFIG_IXP400_LIB_2_4 ++IX_XSCALE_SW = $(ROOTDIR)/modules/ixp425/ixp400-2.4/ixp400_xscale_sw ++OSAL_DIR = $(ROOTDIR)/modules/ixp425/ixp400-2.4/ixp_osal ++endif ++ifdef CONFIG_IXP400_LIB_2_1 ++IX_XSCALE_SW = $(ROOTDIR)/modules/ixp425/ixp400-2.1/ixp400_xscale_sw ++OSAL_DIR = $(ROOTDIR)/modules/ixp425/ixp400-2.1/ixp_osal ++endif ++ifdef CONFIG_IXP400_LIB_2_0 ++IX_XSCALE_SW = $(ROOTDIR)/modules/ixp425/ixp400-2.0/ixp400_xscale_sw ++OSAL_DIR = $(ROOTDIR)/modules/ixp425/ixp400-2.0/ixp_osal ++endif ++ifdef IX_XSCALE_SW ++ifdef CONFIG_IXP400_LIB_2_4 ++IXP_CFLAGS = \ ++ -I$(ROOTDIR)/. \ ++ -I$(IX_XSCALE_SW)/src/include \ ++ -I$(OSAL_DIR)/common/include/ \ ++ -I$(OSAL_DIR)/common/include/modules/ \ ++ -I$(OSAL_DIR)/common/include/modules/ddk/ \ ++ -I$(OSAL_DIR)/common/include/modules/bufferMgt/ \ ++ -I$(OSAL_DIR)/common/include/modules/ioMem/ \ ++ -I$(OSAL_DIR)/common/os/linux/include/ \ ++ -I$(OSAL_DIR)/common/os/linux/include/core/ \ ++ -I$(OSAL_DIR)/common/os/linux/include/modules/ \ ++ -I$(OSAL_DIR)/common/os/linux/include/modules/ddk/ \ ++ -I$(OSAL_DIR)/common/os/linux/include/modules/bufferMgt/ \ ++ -I$(OSAL_DIR)/common/os/linux/include/modules/ioMem/ \ ++ -I$(OSAL_DIR)/platforms/$(IXPLATFORM)/include/ \ ++ -I$(OSAL_DIR)/platforms/$(IXPLATFORM)/os/linux/include/ \ ++ -DENABLE_IOMEM -DENABLE_BUFFERMGT -DENABLE_DDK \ ++ -DUSE_IXP4XX_CRYPTO ++else ++IXP_CFLAGS = \ ++ -I$(ROOTDIR)/. \ ++ -I$(IX_XSCALE_SW)/src/include \ ++ -I$(OSAL_DIR)/ \ ++ -I$(OSAL_DIR)/os/linux/include/ \ ++ -I$(OSAL_DIR)/os/linux/include/modules/ \ ++ -I$(OSAL_DIR)/os/linux/include/modules/ioMem/ \ ++ -I$(OSAL_DIR)/os/linux/include/modules/bufferMgt/ \ ++ -I$(OSAL_DIR)/os/linux/include/core/ \ ++ -I$(OSAL_DIR)/os/linux/include/platforms/ \ ++ -I$(OSAL_DIR)/os/linux/include/platforms/ixp400/ \ ++ -I$(OSAL_DIR)/os/linux/include/platforms/ixp400/ixp425 \ ++ -I$(OSAL_DIR)/os/linux/include/platforms/ixp400/ixp465 \ ++ -I$(OSAL_DIR)/os/linux/include/core/ \ ++ -I$(OSAL_DIR)/include/ \ ++ -I$(OSAL_DIR)/include/modules/ \ ++ -I$(OSAL_DIR)/include/modules/bufferMgt/ \ ++ -I$(OSAL_DIR)/include/modules/ioMem/ \ ++ -I$(OSAL_DIR)/include/platforms/ \ ++ -I$(OSAL_DIR)/include/platforms/ixp400/ \ ++ -DUSE_IXP4XX_CRYPTO ++endif ++endif ++ifdef CONFIG_IXP400_LIB_1_4 ++IXP_CFLAGS = \ ++ -I$(ROOTDIR)/. \ ++ -I$(ROOTDIR)/modules/ixp425/ixp400-1.4/ixp400_xscale_sw/src/include \ ++ -I$(ROOTDIR)/modules/ixp425/ixp400-1.4/ixp400_xscale_sw/src/linux \ ++ -DUSE_IXP4XX_CRYPTO ++endif ++ifndef IXPDIR ++IXPDIR = ixp-version-is-not-supported ++endif ++ ++ifeq ($(CONFIG_CPU_IXP46X),y) ++IXP_CFLAGS += -D__ixp46X ++else ++ifeq ($(CONFIG_CPU_IXP43X),y) ++IXP_CFLAGS += -D__ixp43X ++else ++IXP_CFLAGS += -D__ixp42X ++endif ++endif ++ ++obj-$(CONFIG_OCF_IXP4XX) += ixp4xx.o ++ ++obj ?= . ++EXTRA_CFLAGS += $(IXP_CFLAGS) -I$(obj)/.. -I$(obj)/. ++ ++ifdef TOPDIR ++-include $(TOPDIR)/Rules.make ++endif ++ +--- /dev/null ++++ b/crypto/ocf/ocfnull/Makefile +@@ -0,0 +1,12 @@ ++# for SGlinux builds ++-include $(ROOTDIR)/modules/.config ++ ++obj-$(CONFIG_OCF_OCFNULL) += ocfnull.o ++ ++obj ?= . ++EXTRA_CFLAGS += -I$(obj)/.. ++ ++ifdef TOPDIR ++-include $(TOPDIR)/Rules.make ++endif ++ +--- /dev/null ++++ b/crypto/ocf/pasemi/Makefile +@@ -0,0 +1,12 @@ ++# for SGlinux builds ++-include $(ROOTDIR)/modules/.config ++ ++obj-$(CONFIG_OCF_PASEMI) += pasemi.o ++ ++obj ?= . ++EXTRA_CFLAGS += -I$(obj)/.. -I$(obj)/ ++ ++ifdef TOPDIR ++-include $(TOPDIR)/Rules.make ++endif ++ +--- /dev/null ++++ b/crypto/ocf/Config.in +@@ -0,0 +1,32 @@ ++############################################################################# ++ ++mainmenu_option next_comment ++comment 'OCF Configuration' ++tristate 'OCF (Open Cryptograhic Framework)' CONFIG_OCF_OCF ++dep_mbool ' enable fips RNG checks (fips check on RNG data before use)' \ ++ CONFIG_OCF_FIPS $CONFIG_OCF_OCF ++dep_mbool ' enable harvesting entropy for /dev/random' \ ++ CONFIG_OCF_RANDOMHARVEST $CONFIG_OCF_OCF ++dep_tristate ' cryptodev (user space support)' \ ++ CONFIG_OCF_CRYPTODEV $CONFIG_OCF_OCF ++dep_tristate ' cryptosoft (software crypto engine)' \ ++ CONFIG_OCF_CRYPTOSOFT $CONFIG_OCF_OCF ++dep_tristate ' safenet (HW crypto engine)' \ ++ CONFIG_OCF_SAFE $CONFIG_OCF_OCF ++dep_tristate ' IXP4xx (HW crypto engine)' \ ++ CONFIG_OCF_IXP4XX $CONFIG_OCF_OCF ++dep_mbool ' Enable IXP4xx HW to perform SHA1 and MD5 hashing (very slow)' \ ++ CONFIG_OCF_IXP4XX_SHA1_MD5 $CONFIG_OCF_IXP4XX ++dep_tristate ' hifn (HW crypto engine)' \ ++ CONFIG_OCF_HIFN $CONFIG_OCF_OCF ++dep_tristate ' talitos (HW crypto engine)' \ ++ CONFIG_OCF_TALITOS $CONFIG_OCF_OCF ++dep_tristate ' pasemi (HW crypto engine)' \ ++ CONFIG_OCF_PASEMI $CONFIG_OCF_OCF ++dep_tristate ' ocfnull (does no crypto)' \ ++ CONFIG_OCF_OCFNULL $CONFIG_OCF_OCF ++dep_tristate ' ocf-bench (HW crypto in-kernel benchmark)' \ ++ CONFIG_OCF_BENCH $CONFIG_OCF_OCF ++endmenu ++ ++############################################################################# +--- /dev/null ++++ b/crypto/ocf/Kconfig +@@ -0,0 +1,95 @@ ++menu "OCF Configuration" ++ ++config OCF_OCF ++ tristate "OCF (Open Cryptograhic Framework)" ++ help ++ A linux port of the OpenBSD/FreeBSD crypto framework. ++ ++config OCF_RANDOMHARVEST ++ bool "crypto random --- harvest entropy for /dev/random" ++ depends on OCF_OCF ++ help ++ Includes code to harvest random numbers from devices that support it. ++ ++config OCF_FIPS ++ bool "enable fips RNG checks" ++ depends on OCF_OCF && OCF_RANDOMHARVEST ++ help ++ Run all RNG provided data through a fips check before ++ adding it /dev/random's entropy pool. ++ ++config OCF_CRYPTODEV ++ tristate "cryptodev (user space support)" ++ depends on OCF_OCF ++ help ++ The user space API to access crypto hardware. ++ ++config OCF_CRYPTOSOFT ++ tristate "cryptosoft (software crypto engine)" ++ depends on OCF_OCF ++ help ++ A software driver for the OCF framework that uses ++ the kernel CryptoAPI. ++ ++config OCF_SAFE ++ tristate "safenet (HW crypto engine)" ++ depends on OCF_OCF ++ help ++ A driver for a number of the safenet Excel crypto accelerators. ++ Currently tested and working on the 1141 and 1741. ++ ++config OCF_IXP4XX ++ tristate "IXP4xx (HW crypto engine)" ++ depends on OCF_OCF ++ help ++ XScale IXP4xx crypto accelerator driver. Requires the ++ Intel Access library. ++ ++config OCF_IXP4XX_SHA1_MD5 ++ bool "IXP4xx SHA1 and MD5 Hashing" ++ depends on OCF_IXP4XX ++ help ++ Allows the IXP4xx crypto accelerator to perform SHA1 and MD5 hashing. ++ Note: this is MUCH slower than using cryptosoft (software crypto engine). ++ ++config OCF_HIFN ++ tristate "hifn (HW crypto engine)" ++ depends on OCF_OCF ++ help ++ OCF driver for various HIFN based crypto accelerators. ++ (7951, 7955, 7956, 7751, 7811) ++ ++config OCF_HIFNHIPP ++ tristate "Hifn HIPP (HW packet crypto engine)" ++ depends on OCF_OCF ++ help ++ OCF driver for various HIFN (HIPP) based crypto accelerators ++ (7855) ++ ++config OCF_TALITOS ++ tristate "talitos (HW crypto engine)" ++ depends on OCF_OCF ++ help ++ OCF driver for Freescale's security engine (SEC/talitos). ++ ++config OCF_PASEMI ++ tristate "pasemi (HW crypto engine)" ++ depends on OCF_OCF && PPC_PASEMI ++ help ++ OCF driver for for PA Semi PWRficient DMA Engine ++ ++config OCF_OCFNULL ++ tristate "ocfnull (fake crypto engine)" ++ depends on OCF_OCF ++ help ++ OCF driver for measuring ipsec overheads (does no crypto) ++ ++config OCF_BENCH ++ tristate "ocf-bench (HW crypto in-kernel benchmark)" ++ depends on OCF_OCF ++ help ++ A very simple encryption test for the in-kernel interface ++ of OCF. Also includes code to benchmark the IXP Access library ++ for comparison. ++ ++endmenu +--- /dev/null ++++ b/crypto/ocf/README +@@ -0,0 +1,166 @@ ++README - ocf-linux-20071215 ++--------------------------- ++ ++This README provides instructions for getting ocf-linux compiled and ++operating in a generic linux environment. For other information you ++might like to visit the home page for this project: ++ ++ http://ocf-linux.sourceforge.net/ ++ ++Adding OCF to linux ++------------------- ++ ++ Not much in this file for now, just some notes. I usually build ++ the ocf support as modules but it can be built into the kernel as ++ well. To use it: ++ ++ * mknod /dev/crypto c 10 70 ++ ++ * to add OCF to your kernel source, you have two options. Apply ++ the kernel specific patch: ++ ++ cd linux-2.4*; gunzip < ocf-linux-24-XXXXXXXX.patch.gz | patch -p1 ++ cd linux-2.6*; gunzip < ocf-linux-26-XXXXXXXX.patch.gz | patch -p1 ++ ++ if you do one of the above, then you can proceed to the next step, ++ or you can do the above process by hand with using the patches against ++ linux-2.4.35 and 2.6.23 to include the ocf code under crypto/ocf. ++ Here's how to add it: ++ ++ for 2.4.35 (and later) ++ ++ cd linux-2.4.35/crypto ++ tar xvzf ocf-linux.tar.gz ++ cd .. ++ patch -p1 < crypto/ocf/patches/linux-2.4.35-ocf.patch ++ ++ for 2.6.23 (and later) ++ ++ cd linux-2.6.23/crypto ++ tar xvzf ocf-linux.tar.gz ++ cd .. ++ patch -p1 < crypto/ocf/patches/linux-2.6.23-ocf.patch ++ ++ It should be easy to take this patch and apply it to other more ++ recent versions of the kernels. The same patches should also work ++ relatively easily on kernels as old as 2.6.11 and 2.4.18. ++ ++ * under 2.4 if you are on a non-x86 platform, you may need to: ++ ++ cp linux-2.X.x/include/asm-i386/kmap_types.h linux-2.X.x/include/asm-YYY ++ ++ so that you can build the kernel crypto support needed for the cryptosoft ++ driver. ++ ++ * For simplicity you should enable all the crypto support in your kernel ++ except for the test driver. Likewise for the OCF options. Do not ++ enable OCF crypto drivers for HW that you do not have (for example ++ ixp4xx will not compile on non-Xscale systems). ++ ++ * make sure that cryptodev.h (from ocf-linux.tar.gz) is installed as ++ crypto/cryptodev.h in an include directory that is used for building ++ applications for your platform. For example on a host system that ++ might be: ++ ++ /usr/include/crypto/cryptodev.h ++ ++ * patch your openssl-0.9.8g code with the openssl-0.9.8g.patch. ++ (NOTE: there is no longer a need to patch ssh). The patch is against: ++ openssl-0_9_8e ++ ++ If you need a patch for an older version of openssl, you should look ++ to older OCF releases. This patch is unlikely to work on older ++ openssl versions. ++ ++ openssl-0.9.8g.patch ++ - enables --with-cryptodev for non BSD systems ++ - adds -cpu option to openssl speed for calculating CPU load ++ under linux ++ - fixes null pointer in openssl speed multi thread output. ++ - fixes test keys to work with linux crypto's more stringent ++ key checking. ++ - adds MD5/SHA acceleration (Ronen Shitrit), only enabled ++ with the --with-cryptodev-digests option ++ - fixes bug in engine code caching. ++ ++ * build crypto-tools-XXXXXXXX.tar.gz if you want to try some of the BSD ++ tools for testing OCF (ie., cryptotest). ++ ++How to load the OCF drivers ++--------------------------- ++ ++ First insert the base modules: ++ ++ insmod ocf ++ insmod cryptodev ++ ++ You can then install the software OCF driver with: ++ ++ insmod cryptosoft ++ ++ and one or more of the OCF HW drivers with: ++ ++ insmod safe ++ insmod hifn7751 ++ insmod ixp4xx ++ ... ++ ++ all the drivers take a debug option to enable verbose debug so that ++ you can see what is going on. For debug you load them as: ++ ++ insmod ocf crypto_debug=1 ++ insmod cryptodev cryptodev_debug=1 ++ insmod cryptosoft swcr_debug=1 ++ ++ You may load more than one OCF crypto driver but then there is no guarantee ++ as to which will be used. ++ ++ You can also enable debug at run time on 2.6 systems with the following: ++ ++ echo 1 > /sys/module/ocf/parameters/crypto_debug ++ echo 1 > /sys/module/cryptodev/parameters/cryptodev_debug ++ echo 1 > /sys/module/cryptosoft/parameters/swcr_debug ++ echo 1 > /sys/module/hifn7751/parameters/hifn_debug ++ echo 1 > /sys/module/safe/parameters/safe_debug ++ echo 1 > /sys/module/ixp4xx/parameters/ixp_debug ++ ... ++ ++Testing the OCF support ++----------------------- ++ ++ run "cryptotest", it should do a short test for a couple of ++ des packets. If it does everything is working. ++ ++ If this works, then ssh will use the driver when invoked as: ++ ++ ssh -c 3des username@host ++ ++ to see for sure that it is operating, enable debug as defined above. ++ ++ To get a better idea of performance run: ++ ++ cryptotest 100 4096 ++ ++ There are more options to cryptotest, see the help. ++ ++ It is also possible to use openssl to test the speed of the crypto ++ drivers. ++ ++ openssl speed -evp des -engine cryptodev -elapsed ++ openssl speed -evp des3 -engine cryptodev -elapsed ++ openssl speed -evp aes128 -engine cryptodev -elapsed ++ ++ and multiple threads (10) with: ++ ++ openssl speed -evp des -engine cryptodev -elapsed -multi 10 ++ openssl speed -evp des3 -engine cryptodev -elapsed -multi 10 ++ openssl speed -evp aes128 -engine cryptodev -elapsed -multi 10 ++ ++ for public key testing you can try: ++ ++ cryptokeytest ++ openssl speed -engine cryptodev rsa -elapsed ++ openssl speed -engine cryptodev dsa -elapsed ++ ++David McCullough ++david_mccullough@securecomputing.com +--- /dev/null ++++ b/crypto/ocf/hifn/hifn7751reg.h +@@ -0,0 +1,540 @@ ++/* $FreeBSD: src/sys/dev/hifn/hifn7751reg.h,v 1.7 2007/03/21 03:42:49 sam Exp $ */ ++/* $OpenBSD: hifn7751reg.h,v 1.35 2002/04/08 17:49:42 jason Exp $ */ ++ ++/*- ++ * Invertex AEON / Hifn 7751 driver ++ * Copyright (c) 1999 Invertex Inc. All rights reserved. ++ * Copyright (c) 1999 Theo de Raadt ++ * Copyright (c) 2000-2001 Network Security Technologies, Inc. ++ * http://www.netsec.net ++ * ++ * Please send any comments, feedback, bug-fixes, or feature requests to ++ * software@invertex.com. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote products ++ * derived from this software without specific prior written permission. ++ * ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ * Effort sponsored in part by the Defense Advanced Research Projects ++ * Agency (DARPA) and Air Force Research Laboratory, Air Force ++ * Materiel Command, USAF, under agreement number F30602-01-2-0537. ++ * ++ */ ++#ifndef __HIFN_H__ ++#define __HIFN_H__ ++ ++/* ++ * Some PCI configuration space offset defines. The names were made ++ * identical to the names used by the Linux kernel. ++ */ ++#define HIFN_BAR0 PCIR_BAR(0) /* PUC register map */ ++#define HIFN_BAR1 PCIR_BAR(1) /* DMA register map */ ++#define HIFN_TRDY_TIMEOUT 0x40 ++#define HIFN_RETRY_TIMEOUT 0x41 ++ ++/* ++ * PCI vendor and device identifiers ++ * (the names are preserved from their OpenBSD source). ++ */ ++#define PCI_VENDOR_HIFN 0x13a3 /* Hifn */ ++#define PCI_PRODUCT_HIFN_7751 0x0005 /* 7751 */ ++#define PCI_PRODUCT_HIFN_6500 0x0006 /* 6500 */ ++#define PCI_PRODUCT_HIFN_7811 0x0007 /* 7811 */ ++#define PCI_PRODUCT_HIFN_7855 0x001f /* 7855 */ ++#define PCI_PRODUCT_HIFN_7951 0x0012 /* 7951 */ ++#define PCI_PRODUCT_HIFN_7955 0x0020 /* 7954/7955 */ ++#define PCI_PRODUCT_HIFN_7956 0x001d /* 7956 */ ++ ++#define PCI_VENDOR_INVERTEX 0x14e1 /* Invertex */ ++#define PCI_PRODUCT_INVERTEX_AEON 0x0005 /* AEON */ ++ ++#define PCI_VENDOR_NETSEC 0x1660 /* NetSec */ ++#define PCI_PRODUCT_NETSEC_7751 0x7751 /* 7751 */ ++ ++/* ++ * The values below should multiple of 4 -- and be large enough to handle ++ * any command the driver implements. ++ * ++ * MAX_COMMAND = base command + mac command + encrypt command + ++ * mac-key + rc4-key ++ * MAX_RESULT = base result + mac result + mac + encrypt result ++ * ++ * ++ */ ++#define HIFN_MAX_COMMAND (8 + 8 + 8 + 64 + 260) ++#define HIFN_MAX_RESULT (8 + 4 + 20 + 4) ++ ++/* ++ * hifn_desc_t ++ * ++ * Holds an individual descriptor for any of the rings. ++ */ ++typedef struct hifn_desc { ++ volatile u_int32_t l; /* length and status bits */ ++ volatile u_int32_t p; ++} hifn_desc_t; ++ ++/* ++ * Masks for the "length" field of struct hifn_desc. ++ */ ++#define HIFN_D_LENGTH 0x0000ffff /* length bit mask */ ++#define HIFN_D_MASKDONEIRQ 0x02000000 /* mask the done interrupt */ ++#define HIFN_D_DESTOVER 0x04000000 /* destination overflow */ ++#define HIFN_D_OVER 0x08000000 /* overflow */ ++#define HIFN_D_LAST 0x20000000 /* last descriptor in chain */ ++#define HIFN_D_JUMP 0x40000000 /* jump descriptor */ ++#define HIFN_D_VALID 0x80000000 /* valid bit */ ++ ++ ++/* ++ * Processing Unit Registers (offset from BASEREG0) ++ */ ++#define HIFN_0_PUDATA 0x00 /* Processing Unit Data */ ++#define HIFN_0_PUCTRL 0x04 /* Processing Unit Control */ ++#define HIFN_0_PUISR 0x08 /* Processing Unit Interrupt Status */ ++#define HIFN_0_PUCNFG 0x0c /* Processing Unit Configuration */ ++#define HIFN_0_PUIER 0x10 /* Processing Unit Interrupt Enable */ ++#define HIFN_0_PUSTAT 0x14 /* Processing Unit Status/Chip ID */ ++#define HIFN_0_FIFOSTAT 0x18 /* FIFO Status */ ++#define HIFN_0_FIFOCNFG 0x1c /* FIFO Configuration */ ++#define HIFN_0_PUCTRL2 0x28 /* Processing Unit Control (2nd map) */ ++#define HIFN_0_MUTE1 0x80 ++#define HIFN_0_MUTE2 0x90 ++#define HIFN_0_SPACESIZE 0x100 /* Register space size */ ++ ++/* Processing Unit Control Register (HIFN_0_PUCTRL) */ ++#define HIFN_PUCTRL_CLRSRCFIFO 0x0010 /* clear source fifo */ ++#define HIFN_PUCTRL_STOP 0x0008 /* stop pu */ ++#define HIFN_PUCTRL_LOCKRAM 0x0004 /* lock ram */ ++#define HIFN_PUCTRL_DMAENA 0x0002 /* enable dma */ ++#define HIFN_PUCTRL_RESET 0x0001 /* Reset processing unit */ ++ ++/* Processing Unit Interrupt Status Register (HIFN_0_PUISR) */ ++#define HIFN_PUISR_CMDINVAL 0x8000 /* Invalid command interrupt */ ++#define HIFN_PUISR_DATAERR 0x4000 /* Data error interrupt */ ++#define HIFN_PUISR_SRCFIFO 0x2000 /* Source FIFO ready interrupt */ ++#define HIFN_PUISR_DSTFIFO 0x1000 /* Destination FIFO ready interrupt */ ++#define HIFN_PUISR_DSTOVER 0x0200 /* Destination overrun interrupt */ ++#define HIFN_PUISR_SRCCMD 0x0080 /* Source command interrupt */ ++#define HIFN_PUISR_SRCCTX 0x0040 /* Source context interrupt */ ++#define HIFN_PUISR_SRCDATA 0x0020 /* Source data interrupt */ ++#define HIFN_PUISR_DSTDATA 0x0010 /* Destination data interrupt */ ++#define HIFN_PUISR_DSTRESULT 0x0004 /* Destination result interrupt */ ++ ++/* Processing Unit Configuration Register (HIFN_0_PUCNFG) */ ++#define HIFN_PUCNFG_DRAMMASK 0xe000 /* DRAM size mask */ ++#define HIFN_PUCNFG_DSZ_256K 0x0000 /* 256k dram */ ++#define HIFN_PUCNFG_DSZ_512K 0x2000 /* 512k dram */ ++#define HIFN_PUCNFG_DSZ_1M 0x4000 /* 1m dram */ ++#define HIFN_PUCNFG_DSZ_2M 0x6000 /* 2m dram */ ++#define HIFN_PUCNFG_DSZ_4M 0x8000 /* 4m dram */ ++#define HIFN_PUCNFG_DSZ_8M 0xa000 /* 8m dram */ ++#define HIFN_PUNCFG_DSZ_16M 0xc000 /* 16m dram */ ++#define HIFN_PUCNFG_DSZ_32M 0xe000 /* 32m dram */ ++#define HIFN_PUCNFG_DRAMREFRESH 0x1800 /* DRAM refresh rate mask */ ++#define HIFN_PUCNFG_DRFR_512 0x0000 /* 512 divisor of ECLK */ ++#define HIFN_PUCNFG_DRFR_256 0x0800 /* 256 divisor of ECLK */ ++#define HIFN_PUCNFG_DRFR_128 0x1000 /* 128 divisor of ECLK */ ++#define HIFN_PUCNFG_TCALLPHASES 0x0200 /* your guess is as good as mine... */ ++#define HIFN_PUCNFG_TCDRVTOTEM 0x0100 /* your guess is as good as mine... */ ++#define HIFN_PUCNFG_BIGENDIAN 0x0080 /* DMA big endian mode */ ++#define HIFN_PUCNFG_BUS32 0x0040 /* Bus width 32bits */ ++#define HIFN_PUCNFG_BUS16 0x0000 /* Bus width 16 bits */ ++#define HIFN_PUCNFG_CHIPID 0x0020 /* Allow chipid from PUSTAT */ ++#define HIFN_PUCNFG_DRAM 0x0010 /* Context RAM is DRAM */ ++#define HIFN_PUCNFG_SRAM 0x0000 /* Context RAM is SRAM */ ++#define HIFN_PUCNFG_COMPSING 0x0004 /* Enable single compression context */ ++#define HIFN_PUCNFG_ENCCNFG 0x0002 /* Encryption configuration */ ++ ++/* Processing Unit Interrupt Enable Register (HIFN_0_PUIER) */ ++#define HIFN_PUIER_CMDINVAL 0x8000 /* Invalid command interrupt */ ++#define HIFN_PUIER_DATAERR 0x4000 /* Data error interrupt */ ++#define HIFN_PUIER_SRCFIFO 0x2000 /* Source FIFO ready interrupt */ ++#define HIFN_PUIER_DSTFIFO 0x1000 /* Destination FIFO ready interrupt */ ++#define HIFN_PUIER_DSTOVER 0x0200 /* Destination overrun interrupt */ ++#define HIFN_PUIER_SRCCMD 0x0080 /* Source command interrupt */ ++#define HIFN_PUIER_SRCCTX 0x0040 /* Source context interrupt */ ++#define HIFN_PUIER_SRCDATA 0x0020 /* Source data interrupt */ ++#define HIFN_PUIER_DSTDATA 0x0010 /* Destination data interrupt */ ++#define HIFN_PUIER_DSTRESULT 0x0004 /* Destination result interrupt */ ++ ++/* Processing Unit Status Register/Chip ID (HIFN_0_PUSTAT) */ ++#define HIFN_PUSTAT_CMDINVAL 0x8000 /* Invalid command interrupt */ ++#define HIFN_PUSTAT_DATAERR 0x4000 /* Data error interrupt */ ++#define HIFN_PUSTAT_SRCFIFO 0x2000 /* Source FIFO ready interrupt */ ++#define HIFN_PUSTAT_DSTFIFO 0x1000 /* Destination FIFO ready interrupt */ ++#define HIFN_PUSTAT_DSTOVER 0x0200 /* Destination overrun interrupt */ ++#define HIFN_PUSTAT_SRCCMD 0x0080 /* Source command interrupt */ ++#define HIFN_PUSTAT_SRCCTX 0x0040 /* Source context interrupt */ ++#define HIFN_PUSTAT_SRCDATA 0x0020 /* Source data interrupt */ ++#define HIFN_PUSTAT_DSTDATA 0x0010 /* Destination data interrupt */ ++#define HIFN_PUSTAT_DSTRESULT 0x0004 /* Destination result interrupt */ ++#define HIFN_PUSTAT_CHIPREV 0x00ff /* Chip revision mask */ ++#define HIFN_PUSTAT_CHIPENA 0xff00 /* Chip enabled mask */ ++#define HIFN_PUSTAT_ENA_2 0x1100 /* Level 2 enabled */ ++#define HIFN_PUSTAT_ENA_1 0x1000 /* Level 1 enabled */ ++#define HIFN_PUSTAT_ENA_0 0x3000 /* Level 0 enabled */ ++#define HIFN_PUSTAT_REV_2 0x0020 /* 7751 PT6/2 */ ++#define HIFN_PUSTAT_REV_3 0x0030 /* 7751 PT6/3 */ ++ ++/* FIFO Status Register (HIFN_0_FIFOSTAT) */ ++#define HIFN_FIFOSTAT_SRC 0x7f00 /* Source FIFO available */ ++#define HIFN_FIFOSTAT_DST 0x007f /* Destination FIFO available */ ++ ++/* FIFO Configuration Register (HIFN_0_FIFOCNFG) */ ++#define HIFN_FIFOCNFG_THRESHOLD 0x0400 /* must be written as this value */ ++ ++/* ++ * DMA Interface Registers (offset from BASEREG1) ++ */ ++#define HIFN_1_DMA_CRAR 0x0c /* DMA Command Ring Address */ ++#define HIFN_1_DMA_SRAR 0x1c /* DMA Source Ring Address */ ++#define HIFN_1_DMA_RRAR 0x2c /* DMA Result Ring Address */ ++#define HIFN_1_DMA_DRAR 0x3c /* DMA Destination Ring Address */ ++#define HIFN_1_DMA_CSR 0x40 /* DMA Status and Control */ ++#define HIFN_1_DMA_IER 0x44 /* DMA Interrupt Enable */ ++#define HIFN_1_DMA_CNFG 0x48 /* DMA Configuration */ ++#define HIFN_1_PLL 0x4c /* 7955/7956: PLL config */ ++#define HIFN_1_7811_RNGENA 0x60 /* 7811: rng enable */ ++#define HIFN_1_7811_RNGCFG 0x64 /* 7811: rng config */ ++#define HIFN_1_7811_RNGDAT 0x68 /* 7811: rng data */ ++#define HIFN_1_7811_RNGSTS 0x6c /* 7811: rng status */ ++#define HIFN_1_DMA_CNFG2 0x6c /* 7955/7956: dma config #2 */ ++#define HIFN_1_7811_MIPSRST 0x94 /* 7811: MIPS reset */ ++#define HIFN_1_REVID 0x98 /* Revision ID */ ++ ++#define HIFN_1_PUB_RESET 0x204 /* Public/RNG Reset */ ++#define HIFN_1_PUB_BASE 0x300 /* Public Base Address */ ++#define HIFN_1_PUB_OPLEN 0x304 /* 7951-compat Public Operand Length */ ++#define HIFN_1_PUB_OP 0x308 /* 7951-compat Public Operand */ ++#define HIFN_1_PUB_STATUS 0x30c /* 7951-compat Public Status */ ++#define HIFN_1_PUB_IEN 0x310 /* Public Interrupt enable */ ++#define HIFN_1_RNG_CONFIG 0x314 /* RNG config */ ++#define HIFN_1_RNG_DATA 0x318 /* RNG data */ ++#define HIFN_1_PUB_MODE 0x320 /* PK mode */ ++#define HIFN_1_PUB_FIFO_OPLEN 0x380 /* first element of oplen fifo */ ++#define HIFN_1_PUB_FIFO_OP 0x384 /* first element of op fifo */ ++#define HIFN_1_PUB_MEM 0x400 /* start of Public key memory */ ++#define HIFN_1_PUB_MEMEND 0xbff /* end of Public key memory */ ++ ++/* DMA Status and Control Register (HIFN_1_DMA_CSR) */ ++#define HIFN_DMACSR_D_CTRLMASK 0xc0000000 /* Destinition Ring Control */ ++#define HIFN_DMACSR_D_CTRL_NOP 0x00000000 /* Dest. Control: no-op */ ++#define HIFN_DMACSR_D_CTRL_DIS 0x40000000 /* Dest. Control: disable */ ++#define HIFN_DMACSR_D_CTRL_ENA 0x80000000 /* Dest. Control: enable */ ++#define HIFN_DMACSR_D_ABORT 0x20000000 /* Destinition Ring PCIAbort */ ++#define HIFN_DMACSR_D_DONE 0x10000000 /* Destinition Ring Done */ ++#define HIFN_DMACSR_D_LAST 0x08000000 /* Destinition Ring Last */ ++#define HIFN_DMACSR_D_WAIT 0x04000000 /* Destinition Ring Waiting */ ++#define HIFN_DMACSR_D_OVER 0x02000000 /* Destinition Ring Overflow */ ++#define HIFN_DMACSR_R_CTRL 0x00c00000 /* Result Ring Control */ ++#define HIFN_DMACSR_R_CTRL_NOP 0x00000000 /* Result Control: no-op */ ++#define HIFN_DMACSR_R_CTRL_DIS 0x00400000 /* Result Control: disable */ ++#define HIFN_DMACSR_R_CTRL_ENA 0x00800000 /* Result Control: enable */ ++#define HIFN_DMACSR_R_ABORT 0x00200000 /* Result Ring PCI Abort */ ++#define HIFN_DMACSR_R_DONE 0x00100000 /* Result Ring Done */ ++#define HIFN_DMACSR_R_LAST 0x00080000 /* Result Ring Last */ ++#define HIFN_DMACSR_R_WAIT 0x00040000 /* Result Ring Waiting */ ++#define HIFN_DMACSR_R_OVER 0x00020000 /* Result Ring Overflow */ ++#define HIFN_DMACSR_S_CTRL 0x0000c000 /* Source Ring Control */ ++#define HIFN_DMACSR_S_CTRL_NOP 0x00000000 /* Source Control: no-op */ ++#define HIFN_DMACSR_S_CTRL_DIS 0x00004000 /* Source Control: disable */ ++#define HIFN_DMACSR_S_CTRL_ENA 0x00008000 /* Source Control: enable */ ++#define HIFN_DMACSR_S_ABORT 0x00002000 /* Source Ring PCI Abort */ ++#define HIFN_DMACSR_S_DONE 0x00001000 /* Source Ring Done */ ++#define HIFN_DMACSR_S_LAST 0x00000800 /* Source Ring Last */ ++#define HIFN_DMACSR_S_WAIT 0x00000400 /* Source Ring Waiting */ ++#define HIFN_DMACSR_ILLW 0x00000200 /* Illegal write (7811 only) */ ++#define HIFN_DMACSR_ILLR 0x00000100 /* Illegal read (7811 only) */ ++#define HIFN_DMACSR_C_CTRL 0x000000c0 /* Command Ring Control */ ++#define HIFN_DMACSR_C_CTRL_NOP 0x00000000 /* Command Control: no-op */ ++#define HIFN_DMACSR_C_CTRL_DIS 0x00000040 /* Command Control: disable */ ++#define HIFN_DMACSR_C_CTRL_ENA 0x00000080 /* Command Control: enable */ ++#define HIFN_DMACSR_C_ABORT 0x00000020 /* Command Ring PCI Abort */ ++#define HIFN_DMACSR_C_DONE 0x00000010 /* Command Ring Done */ ++#define HIFN_DMACSR_C_LAST 0x00000008 /* Command Ring Last */ ++#define HIFN_DMACSR_C_WAIT 0x00000004 /* Command Ring Waiting */ ++#define HIFN_DMACSR_PUBDONE 0x00000002 /* Public op done (7951 only) */ ++#define HIFN_DMACSR_ENGINE 0x00000001 /* Command Ring Engine IRQ */ ++ ++/* DMA Interrupt Enable Register (HIFN_1_DMA_IER) */ ++#define HIFN_DMAIER_D_ABORT 0x20000000 /* Destination Ring PCIAbort */ ++#define HIFN_DMAIER_D_DONE 0x10000000 /* Destination Ring Done */ ++#define HIFN_DMAIER_D_LAST 0x08000000 /* Destination Ring Last */ ++#define HIFN_DMAIER_D_WAIT 0x04000000 /* Destination Ring Waiting */ ++#define HIFN_DMAIER_D_OVER 0x02000000 /* Destination Ring Overflow */ ++#define HIFN_DMAIER_R_ABORT 0x00200000 /* Result Ring PCI Abort */ ++#define HIFN_DMAIER_R_DONE 0x00100000 /* Result Ring Done */ ++#define HIFN_DMAIER_R_LAST 0x00080000 /* Result Ring Last */ ++#define HIFN_DMAIER_R_WAIT 0x00040000 /* Result Ring Waiting */ ++#define HIFN_DMAIER_R_OVER 0x00020000 /* Result Ring Overflow */ ++#define HIFN_DMAIER_S_ABORT 0x00002000 /* Source Ring PCI Abort */ ++#define HIFN_DMAIER_S_DONE 0x00001000 /* Source Ring Done */ ++#define HIFN_DMAIER_S_LAST 0x00000800 /* Source Ring Last */ ++#define HIFN_DMAIER_S_WAIT 0x00000400 /* Source Ring Waiting */ ++#define HIFN_DMAIER_ILLW 0x00000200 /* Illegal write (7811 only) */ ++#define HIFN_DMAIER_ILLR 0x00000100 /* Illegal read (7811 only) */ ++#define HIFN_DMAIER_C_ABORT 0x00000020 /* Command Ring PCI Abort */ ++#define HIFN_DMAIER_C_DONE 0x00000010 /* Command Ring Done */ ++#define HIFN_DMAIER_C_LAST 0x00000008 /* Command Ring Last */ ++#define HIFN_DMAIER_C_WAIT 0x00000004 /* Command Ring Waiting */ ++#define HIFN_DMAIER_PUBDONE 0x00000002 /* public op done (7951 only) */ ++#define HIFN_DMAIER_ENGINE 0x00000001 /* Engine IRQ */ ++ ++/* DMA Configuration Register (HIFN_1_DMA_CNFG) */ ++#define HIFN_DMACNFG_BIGENDIAN 0x10000000 /* big endian mode */ ++#define HIFN_DMACNFG_POLLFREQ 0x00ff0000 /* Poll frequency mask */ ++#define HIFN_DMACNFG_UNLOCK 0x00000800 ++#define HIFN_DMACNFG_POLLINVAL 0x00000700 /* Invalid Poll Scalar */ ++#define HIFN_DMACNFG_LAST 0x00000010 /* Host control LAST bit */ ++#define HIFN_DMACNFG_MODE 0x00000004 /* DMA mode */ ++#define HIFN_DMACNFG_DMARESET 0x00000002 /* DMA Reset # */ ++#define HIFN_DMACNFG_MSTRESET 0x00000001 /* Master Reset # */ ++ ++/* DMA Configuration Register (HIFN_1_DMA_CNFG2) */ ++#define HIFN_DMACNFG2_PKSWAP32 (1 << 19) /* swap the OPLEN/OP reg */ ++#define HIFN_DMACNFG2_PKSWAP8 (1 << 18) /* swap the bits of OPLEN/OP */ ++#define HIFN_DMACNFG2_BAR0_SWAP32 (1<<17) /* swap the bytes of BAR0 */ ++#define HIFN_DMACNFG2_BAR1_SWAP8 (1<<16) /* swap the bits of BAR0 */ ++#define HIFN_DMACNFG2_INIT_WRITE_BURST_SHIFT 12 ++#define HIFN_DMACNFG2_INIT_READ_BURST_SHIFT 8 ++#define HIFN_DMACNFG2_TGT_WRITE_BURST_SHIFT 4 ++#define HIFN_DMACNFG2_TGT_READ_BURST_SHIFT 0 ++ ++/* 7811 RNG Enable Register (HIFN_1_7811_RNGENA) */ ++#define HIFN_7811_RNGENA_ENA 0x00000001 /* enable RNG */ ++ ++/* 7811 RNG Config Register (HIFN_1_7811_RNGCFG) */ ++#define HIFN_7811_RNGCFG_PRE1 0x00000f00 /* first prescalar */ ++#define HIFN_7811_RNGCFG_OPRE 0x00000080 /* output prescalar */ ++#define HIFN_7811_RNGCFG_DEFL 0x00000f80 /* 2 words/ 1/100 sec */ ++ ++/* 7811 RNG Status Register (HIFN_1_7811_RNGSTS) */ ++#define HIFN_7811_RNGSTS_RDY 0x00004000 /* two numbers in FIFO */ ++#define HIFN_7811_RNGSTS_UFL 0x00001000 /* rng underflow */ ++ ++/* 7811 MIPS Reset Register (HIFN_1_7811_MIPSRST) */ ++#define HIFN_MIPSRST_BAR2SIZE 0xffff0000 /* sdram size */ ++#define HIFN_MIPSRST_GPRAMINIT 0x00008000 /* gpram can be accessed */ ++#define HIFN_MIPSRST_CRAMINIT 0x00004000 /* ctxram can be accessed */ ++#define HIFN_MIPSRST_LED2 0x00000400 /* external LED2 */ ++#define HIFN_MIPSRST_LED1 0x00000200 /* external LED1 */ ++#define HIFN_MIPSRST_LED0 0x00000100 /* external LED0 */ ++#define HIFN_MIPSRST_MIPSDIS 0x00000004 /* disable MIPS */ ++#define HIFN_MIPSRST_MIPSRST 0x00000002 /* warm reset MIPS */ ++#define HIFN_MIPSRST_MIPSCOLD 0x00000001 /* cold reset MIPS */ ++ ++/* Public key reset register (HIFN_1_PUB_RESET) */ ++#define HIFN_PUBRST_RESET 0x00000001 /* reset public/rng unit */ ++ ++/* Public operation register (HIFN_1_PUB_OP) */ ++#define HIFN_PUBOP_AOFFSET 0x0000003e /* A offset */ ++#define HIFN_PUBOP_BOFFSET 0x00000fc0 /* B offset */ ++#define HIFN_PUBOP_MOFFSET 0x0003f000 /* M offset */ ++#define HIFN_PUBOP_OP_MASK 0x003c0000 /* Opcode: */ ++#define HIFN_PUBOP_OP_NOP 0x00000000 /* NOP */ ++#define HIFN_PUBOP_OP_ADD 0x00040000 /* ADD */ ++#define HIFN_PUBOP_OP_ADDC 0x00080000 /* ADD w/carry */ ++#define HIFN_PUBOP_OP_SUB 0x000c0000 /* SUB */ ++#define HIFN_PUBOP_OP_SUBC 0x00100000 /* SUB w/carry */ ++#define HIFN_PUBOP_OP_MODADD 0x00140000 /* Modular ADD */ ++#define HIFN_PUBOP_OP_MODSUB 0x00180000 /* Modular SUB */ ++#define HIFN_PUBOP_OP_INCA 0x001c0000 /* INC A */ ++#define HIFN_PUBOP_OP_DECA 0x00200000 /* DEC A */ ++#define HIFN_PUBOP_OP_MULT 0x00240000 /* MULT */ ++#define HIFN_PUBOP_OP_MODMULT 0x00280000 /* Modular MULT */ ++#define HIFN_PUBOP_OP_MODRED 0x002c0000 /* Modular Red */ ++#define HIFN_PUBOP_OP_MODEXP 0x00300000 /* Modular Exp */ ++ ++/* Public operand length register (HIFN_1_PUB_OPLEN) */ ++#define HIFN_PUBOPLEN_MODLEN 0x0000007f ++#define HIFN_PUBOPLEN_EXPLEN 0x0003ff80 ++#define HIFN_PUBOPLEN_REDLEN 0x003c0000 ++ ++/* Public status register (HIFN_1_PUB_STATUS) */ ++#define HIFN_PUBSTS_DONE 0x00000001 /* operation done */ ++#define HIFN_PUBSTS_CARRY 0x00000002 /* carry */ ++#define HIFN_PUBSTS_FIFO_EMPTY 0x00000100 /* fifo empty */ ++#define HIFN_PUBSTS_FIFO_FULL 0x00000200 /* fifo full */ ++#define HIFN_PUBSTS_FIFO_OVFL 0x00000400 /* fifo overflow */ ++#define HIFN_PUBSTS_FIFO_WRITE 0x000f0000 /* fifo write */ ++#define HIFN_PUBSTS_FIFO_READ 0x0f000000 /* fifo read */ ++ ++/* Public interrupt enable register (HIFN_1_PUB_IEN) */ ++#define HIFN_PUBIEN_DONE 0x00000001 /* operation done interrupt */ ++ ++/* Random number generator config register (HIFN_1_RNG_CONFIG) */ ++#define HIFN_RNGCFG_ENA 0x00000001 /* enable rng */ ++ ++/* ++ * Register offsets in register set 1 ++ */ ++ ++#define HIFN_UNLOCK_SECRET1 0xf4 ++#define HIFN_UNLOCK_SECRET2 0xfc ++ ++/* ++ * PLL config register ++ * ++ * This register is present only on 7954/7955/7956 parts. It must be ++ * programmed according to the bus interface method used by the h/w. ++ * Note that the parts require a stable clock. Since the PCI clock ++ * may vary the reference clock must usually be used. To avoid ++ * overclocking the core logic, setup must be done carefully, refer ++ * to the driver for details. The exact multiplier required varies ++ * by part and system configuration; refer to the Hifn documentation. ++ */ ++#define HIFN_PLL_REF_SEL 0x00000001 /* REF/HBI clk selection */ ++#define HIFN_PLL_BP 0x00000002 /* bypass (used during setup) */ ++/* bit 2 reserved */ ++#define HIFN_PLL_PK_CLK_SEL 0x00000008 /* public key clk select */ ++#define HIFN_PLL_PE_CLK_SEL 0x00000010 /* packet engine clk select */ ++/* bits 5-9 reserved */ ++#define HIFN_PLL_MBSET 0x00000400 /* must be set to 1 */ ++#define HIFN_PLL_ND 0x00003800 /* Fpll_ref multiplier select */ ++#define HIFN_PLL_ND_SHIFT 11 ++#define HIFN_PLL_ND_2 0x00000000 /* 2x */ ++#define HIFN_PLL_ND_4 0x00000800 /* 4x */ ++#define HIFN_PLL_ND_6 0x00001000 /* 6x */ ++#define HIFN_PLL_ND_8 0x00001800 /* 8x */ ++#define HIFN_PLL_ND_10 0x00002000 /* 10x */ ++#define HIFN_PLL_ND_12 0x00002800 /* 12x */ ++/* bits 14-15 reserved */ ++#define HIFN_PLL_IS 0x00010000 /* charge pump current select */ ++/* bits 17-31 reserved */ ++ ++/* ++ * Board configuration specifies only these bits. ++ */ ++#define HIFN_PLL_CONFIG (HIFN_PLL_IS|HIFN_PLL_ND|HIFN_PLL_REF_SEL) ++ ++/* ++ * Public Key Engine Mode Register ++ */ ++#define HIFN_PKMODE_HOSTINVERT (1 << 0) /* HOST INVERT */ ++#define HIFN_PKMODE_ENHANCED (1 << 1) /* Enable enhanced mode */ ++ ++ ++/********************************************************************* ++ * Structs for board commands ++ * ++ *********************************************************************/ ++ ++/* ++ * Structure to help build up the command data structure. ++ */ ++typedef struct hifn_base_command { ++ volatile u_int16_t masks; ++ volatile u_int16_t session_num; ++ volatile u_int16_t total_source_count; ++ volatile u_int16_t total_dest_count; ++} hifn_base_command_t; ++ ++#define HIFN_BASE_CMD_MAC 0x0400 ++#define HIFN_BASE_CMD_CRYPT 0x0800 ++#define HIFN_BASE_CMD_DECODE 0x2000 ++#define HIFN_BASE_CMD_SRCLEN_M 0xc000 ++#define HIFN_BASE_CMD_SRCLEN_S 14 ++#define HIFN_BASE_CMD_DSTLEN_M 0x3000 ++#define HIFN_BASE_CMD_DSTLEN_S 12 ++#define HIFN_BASE_CMD_LENMASK_HI 0x30000 ++#define HIFN_BASE_CMD_LENMASK_LO 0x0ffff ++ ++/* ++ * Structure to help build up the command data structure. ++ */ ++typedef struct hifn_crypt_command { ++ volatile u_int16_t masks; ++ volatile u_int16_t header_skip; ++ volatile u_int16_t source_count; ++ volatile u_int16_t reserved; ++} hifn_crypt_command_t; ++ ++#define HIFN_CRYPT_CMD_ALG_MASK 0x0003 /* algorithm: */ ++#define HIFN_CRYPT_CMD_ALG_DES 0x0000 /* DES */ ++#define HIFN_CRYPT_CMD_ALG_3DES 0x0001 /* 3DES */ ++#define HIFN_CRYPT_CMD_ALG_RC4 0x0002 /* RC4 */ ++#define HIFN_CRYPT_CMD_ALG_AES 0x0003 /* AES */ ++#define HIFN_CRYPT_CMD_MODE_MASK 0x0018 /* Encrypt mode: */ ++#define HIFN_CRYPT_CMD_MODE_ECB 0x0000 /* ECB */ ++#define HIFN_CRYPT_CMD_MODE_CBC 0x0008 /* CBC */ ++#define HIFN_CRYPT_CMD_MODE_CFB 0x0010 /* CFB */ ++#define HIFN_CRYPT_CMD_MODE_OFB 0x0018 /* OFB */ ++#define HIFN_CRYPT_CMD_CLR_CTX 0x0040 /* clear context */ ++#define HIFN_CRYPT_CMD_NEW_KEY 0x0800 /* expect new key */ ++#define HIFN_CRYPT_CMD_NEW_IV 0x1000 /* expect new iv */ ++ ++#define HIFN_CRYPT_CMD_SRCLEN_M 0xc000 ++#define HIFN_CRYPT_CMD_SRCLEN_S 14 ++ ++#define HIFN_CRYPT_CMD_KSZ_MASK 0x0600 /* AES key size: */ ++#define HIFN_CRYPT_CMD_KSZ_128 0x0000 /* 128 bit */ ++#define HIFN_CRYPT_CMD_KSZ_192 0x0200 /* 192 bit */ ++#define HIFN_CRYPT_CMD_KSZ_256 0x0400 /* 256 bit */ ++ ++/* ++ * Structure to help build up the command data structure. ++ */ ++typedef struct hifn_mac_command { ++ volatile u_int16_t masks; ++ volatile u_int16_t header_skip; ++ volatile u_int16_t source_count; ++ volatile u_int16_t reserved; ++} hifn_mac_command_t; ++ ++#define HIFN_MAC_CMD_ALG_MASK 0x0001 ++#define HIFN_MAC_CMD_ALG_SHA1 0x0000 ++#define HIFN_MAC_CMD_ALG_MD5 0x0001 ++#define HIFN_MAC_CMD_MODE_MASK 0x000c ++#define HIFN_MAC_CMD_MODE_HMAC 0x0000 ++#define HIFN_MAC_CMD_MODE_SSL_MAC 0x0004 ++#define HIFN_MAC_CMD_MODE_HASH 0x0008 ++#define HIFN_MAC_CMD_MODE_FULL 0x0004 ++#define HIFN_MAC_CMD_TRUNC 0x0010 ++#define HIFN_MAC_CMD_RESULT 0x0020 ++#define HIFN_MAC_CMD_APPEND 0x0040 ++#define HIFN_MAC_CMD_SRCLEN_M 0xc000 ++#define HIFN_MAC_CMD_SRCLEN_S 14 ++ ++/* ++ * MAC POS IPsec initiates authentication after encryption on encodes ++ * and before decryption on decodes. ++ */ ++#define HIFN_MAC_CMD_POS_IPSEC 0x0200 ++#define HIFN_MAC_CMD_NEW_KEY 0x0800 ++ ++/* ++ * The poll frequency and poll scalar defines are unshifted values used ++ * to set fields in the DMA Configuration Register. ++ */ ++#ifndef HIFN_POLL_FREQUENCY ++#define HIFN_POLL_FREQUENCY 0x1 ++#endif ++ ++#ifndef HIFN_POLL_SCALAR ++#define HIFN_POLL_SCALAR 0x0 ++#endif ++ ++#define HIFN_MAX_SEGLEN 0xffff /* maximum dma segment len */ ++#define HIFN_MAX_DMALEN 0x3ffff /* maximum dma length */ ++#endif /* __HIFN_H__ */ +--- /dev/null ++++ b/crypto/ocf/hifn/hifn7751var.h +@@ -0,0 +1,369 @@ ++/* $FreeBSD: src/sys/dev/hifn/hifn7751var.h,v 1.9 2007/03/21 03:42:49 sam Exp $ */ ++/* $OpenBSD: hifn7751var.h,v 1.42 2002/04/08 17:49:42 jason Exp $ */ ++ ++/*- ++ * Invertex AEON / Hifn 7751 driver ++ * Copyright (c) 1999 Invertex Inc. All rights reserved. ++ * Copyright (c) 1999 Theo de Raadt ++ * Copyright (c) 2000-2001 Network Security Technologies, Inc. ++ * http://www.netsec.net ++ * ++ * Please send any comments, feedback, bug-fixes, or feature requests to ++ * software@invertex.com. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote products ++ * derived from this software without specific prior written permission. ++ * ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ * Effort sponsored in part by the Defense Advanced Research Projects ++ * Agency (DARPA) and Air Force Research Laboratory, Air Force ++ * Materiel Command, USAF, under agreement number F30602-01-2-0537. ++ * ++ */ ++ ++#ifndef __HIFN7751VAR_H__ ++#define __HIFN7751VAR_H__ ++ ++#ifdef __KERNEL__ ++ ++/* ++ * Some configurable values for the driver. By default command+result ++ * descriptor rings are the same size. The src+dst descriptor rings ++ * are sized at 3.5x the number of potential commands. Slower parts ++ * (e.g. 7951) tend to run out of src descriptors; faster parts (7811) ++ * src+cmd/result descriptors. It's not clear that increasing the size ++ * of the descriptor rings helps performance significantly as other ++ * factors tend to come into play (e.g. copying misaligned packets). ++ */ ++#define HIFN_D_CMD_RSIZE 24 /* command descriptors */ ++#define HIFN_D_SRC_RSIZE ((HIFN_D_CMD_RSIZE * 7) / 2) /* source descriptors */ ++#define HIFN_D_RES_RSIZE HIFN_D_CMD_RSIZE /* result descriptors */ ++#define HIFN_D_DST_RSIZE HIFN_D_SRC_RSIZE /* destination descriptors */ ++ ++/* ++ * Length values for cryptography ++ */ ++#define HIFN_DES_KEY_LENGTH 8 ++#define HIFN_3DES_KEY_LENGTH 24 ++#define HIFN_MAX_CRYPT_KEY_LENGTH HIFN_3DES_KEY_LENGTH ++#define HIFN_IV_LENGTH 8 ++#define HIFN_AES_IV_LENGTH 16 ++#define HIFN_MAX_IV_LENGTH HIFN_AES_IV_LENGTH ++ ++/* ++ * Length values for authentication ++ */ ++#define HIFN_MAC_KEY_LENGTH 64 ++#define HIFN_MD5_LENGTH 16 ++#define HIFN_SHA1_LENGTH 20 ++#define HIFN_MAC_TRUNC_LENGTH 12 ++ ++#define MAX_SCATTER 64 ++ ++/* ++ * Data structure to hold all 4 rings and any other ring related data. ++ */ ++struct hifn_dma { ++ /* ++ * Descriptor rings. We add +1 to the size to accomidate the ++ * jump descriptor. ++ */ ++ struct hifn_desc cmdr[HIFN_D_CMD_RSIZE+1]; ++ struct hifn_desc srcr[HIFN_D_SRC_RSIZE+1]; ++ struct hifn_desc dstr[HIFN_D_DST_RSIZE+1]; ++ struct hifn_desc resr[HIFN_D_RES_RSIZE+1]; ++ ++ struct hifn_command *hifn_commands[HIFN_D_RES_RSIZE]; ++ ++ u_char command_bufs[HIFN_D_CMD_RSIZE][HIFN_MAX_COMMAND]; ++ u_char result_bufs[HIFN_D_CMD_RSIZE][HIFN_MAX_RESULT]; ++ u_int32_t slop[HIFN_D_CMD_RSIZE]; ++ ++ u_int64_t test_src, test_dst; ++ ++ /* ++ * Our current positions for insertion and removal from the desriptor ++ * rings. ++ */ ++ int cmdi, srci, dsti, resi; ++ volatile int cmdu, srcu, dstu, resu; ++ int cmdk, srck, dstk, resk; ++}; ++ ++struct hifn_session { ++ int hs_used; ++ int hs_mlen; ++ u_int8_t hs_iv[HIFN_MAX_IV_LENGTH]; ++}; ++ ++#define HIFN_RING_SYNC(sc, r, i, f) \ ++ /* DAVIDM bus_dmamap_sync((sc)->sc_dmat, (sc)->sc_dmamap, (f)) */ ++ ++#define HIFN_CMDR_SYNC(sc, i, f) HIFN_RING_SYNC((sc), cmdr, (i), (f)) ++#define HIFN_RESR_SYNC(sc, i, f) HIFN_RING_SYNC((sc), resr, (i), (f)) ++#define HIFN_SRCR_SYNC(sc, i, f) HIFN_RING_SYNC((sc), srcr, (i), (f)) ++#define HIFN_DSTR_SYNC(sc, i, f) HIFN_RING_SYNC((sc), dstr, (i), (f)) ++ ++#define HIFN_CMD_SYNC(sc, i, f) \ ++ /* DAVIDM bus_dmamap_sync((sc)->sc_dmat, (sc)->sc_dmamap, (f)) */ ++ ++#define HIFN_RES_SYNC(sc, i, f) \ ++ /* DAVIDM bus_dmamap_sync((sc)->sc_dmat, (sc)->sc_dmamap, (f)) */ ++ ++typedef int bus_size_t; ++ ++/* ++ * Holds data specific to a single HIFN board. ++ */ ++struct hifn_softc { ++ softc_device_decl sc_dev; ++ ++ struct pci_dev *sc_pcidev; /* PCI device pointer */ ++ spinlock_t sc_mtx; /* per-instance lock */ ++ ++ int sc_num; /* for multiple devs */ ++ ++ ocf_iomem_t sc_bar0; ++ bus_size_t sc_bar0_lastreg;/* bar0 last reg written */ ++ ocf_iomem_t sc_bar1; ++ bus_size_t sc_bar1_lastreg;/* bar1 last reg written */ ++ ++ int sc_irq; ++ ++ u_int32_t sc_dmaier; ++ u_int32_t sc_drammodel; /* 1=dram, 0=sram */ ++ u_int32_t sc_pllconfig; /* 7954/7955/7956 PLL config */ ++ ++ struct hifn_dma *sc_dma; ++ dma_addr_t sc_dma_physaddr;/* physical address of sc_dma */ ++ ++ int sc_dmansegs; ++ int32_t sc_cid; ++ int sc_maxses; ++ int sc_nsessions; ++ struct hifn_session *sc_sessions; ++ int sc_ramsize; ++ int sc_flags; ++#define HIFN_HAS_RNG 0x1 /* includes random number generator */ ++#define HIFN_HAS_PUBLIC 0x2 /* includes public key support */ ++#define HIFN_HAS_AES 0x4 /* includes AES support */ ++#define HIFN_IS_7811 0x8 /* Hifn 7811 part */ ++#define HIFN_IS_7956 0x10 /* Hifn 7956/7955 don't have SDRAM */ ++ ++ struct timer_list sc_tickto; /* for managing DMA */ ++ ++ int sc_rngfirst; ++ int sc_rnghz; /* RNG polling frequency */ ++ ++ int sc_c_busy; /* command ring busy */ ++ int sc_s_busy; /* source data ring busy */ ++ int sc_d_busy; /* destination data ring busy */ ++ int sc_r_busy; /* result ring busy */ ++ int sc_active; /* for initial countdown */ ++ int sc_needwakeup; /* ops q'd wating on resources */ ++ int sc_curbatch; /* # ops submitted w/o int */ ++ int sc_suspended; ++#ifdef HIFN_VULCANDEV ++ struct cdev *sc_pkdev; ++#endif ++}; ++ ++#define HIFN_LOCK(_sc) spin_lock_irqsave(&(_sc)->sc_mtx, l_flags) ++#define HIFN_UNLOCK(_sc) spin_unlock_irqrestore(&(_sc)->sc_mtx, l_flags) ++ ++/* ++ * hifn_command_t ++ * ++ * This is the control structure used to pass commands to hifn_encrypt(). ++ * ++ * flags ++ * ----- ++ * Flags is the bitwise "or" values for command configuration. A single ++ * encrypt direction needs to be set: ++ * ++ * HIFN_ENCODE or HIFN_DECODE ++ * ++ * To use cryptography, a single crypto algorithm must be included: ++ * ++ * HIFN_CRYPT_3DES or HIFN_CRYPT_DES ++ * ++ * To use authentication is used, a single MAC algorithm must be included: ++ * ++ * HIFN_MAC_MD5 or HIFN_MAC_SHA1 ++ * ++ * By default MD5 uses a 16 byte hash and SHA-1 uses a 20 byte hash. ++ * If the value below is set, hash values are truncated or assumed ++ * truncated to 12 bytes: ++ * ++ * HIFN_MAC_TRUNC ++ * ++ * Keys for encryption and authentication can be sent as part of a command, ++ * or the last key value used with a particular session can be retrieved ++ * and used again if either of these flags are not specified. ++ * ++ * HIFN_CRYPT_NEW_KEY, HIFN_MAC_NEW_KEY ++ * ++ * session_num ++ * ----------- ++ * A number between 0 and 2048 (for DRAM models) or a number between ++ * 0 and 768 (for SRAM models). Those who don't want to use session ++ * numbers should leave value at zero and send a new crypt key and/or ++ * new MAC key on every command. If you use session numbers and ++ * don't send a key with a command, the last key sent for that same ++ * session number will be used. ++ * ++ * Warning: Using session numbers and multiboard at the same time ++ * is currently broken. ++ * ++ * mbuf ++ * ---- ++ * Either fill in the mbuf pointer and npa=0 or ++ * fill packp[] and packl[] and set npa to > 0 ++ * ++ * mac_header_skip ++ * --------------- ++ * The number of bytes of the source_buf that are skipped over before ++ * authentication begins. This must be a number between 0 and 2^16-1 ++ * and can be used by IPsec implementers to skip over IP headers. ++ * *** Value ignored if authentication not used *** ++ * ++ * crypt_header_skip ++ * ----------------- ++ * The number of bytes of the source_buf that are skipped over before ++ * the cryptographic operation begins. This must be a number between 0 ++ * and 2^16-1. For IPsec, this number will always be 8 bytes larger ++ * than the auth_header_skip (to skip over the ESP header). ++ * *** Value ignored if cryptography not used *** ++ * ++ */ ++struct hifn_operand { ++ union { ++ struct sk_buff *skb; ++ struct uio *io; ++ unsigned char *buf; ++ } u; ++ void *map; ++ bus_size_t mapsize; ++ int nsegs; ++ struct { ++ dma_addr_t ds_addr; ++ int ds_len; ++ } segs[MAX_SCATTER]; ++}; ++ ++struct hifn_command { ++ u_int16_t session_num; ++ u_int16_t base_masks, cry_masks, mac_masks; ++ u_int8_t iv[HIFN_MAX_IV_LENGTH], *ck, mac[HIFN_MAC_KEY_LENGTH]; ++ int cklen; ++ int sloplen, slopidx; ++ ++ struct hifn_operand src; ++ struct hifn_operand dst; ++ ++ struct hifn_softc *softc; ++ struct cryptop *crp; ++ struct cryptodesc *enccrd, *maccrd; ++}; ++ ++#define src_skb src.u.skb ++#define src_io src.u.io ++#define src_map src.map ++#define src_mapsize src.mapsize ++#define src_segs src.segs ++#define src_nsegs src.nsegs ++#define src_buf src.u.buf ++ ++#define dst_skb dst.u.skb ++#define dst_io dst.u.io ++#define dst_map dst.map ++#define dst_mapsize dst.mapsize ++#define dst_segs dst.segs ++#define dst_nsegs dst.nsegs ++#define dst_buf dst.u.buf ++ ++/* ++ * Return values for hifn_crypto() ++ */ ++#define HIFN_CRYPTO_SUCCESS 0 ++#define HIFN_CRYPTO_BAD_INPUT (-1) ++#define HIFN_CRYPTO_RINGS_FULL (-2) ++ ++/************************************************************************** ++ * ++ * Function: hifn_crypto ++ * ++ * Purpose: Called by external drivers to begin an encryption on the ++ * HIFN board. ++ * ++ * Blocking/Non-blocking Issues ++ * ============================ ++ * The driver cannot block in hifn_crypto (no calls to tsleep) currently. ++ * hifn_crypto() returns HIFN_CRYPTO_RINGS_FULL if there is not enough ++ * room in any of the rings for the request to proceed. ++ * ++ * Return Values ++ * ============= ++ * 0 for success, negative values on error ++ * ++ * Defines for negative error codes are: ++ * ++ * HIFN_CRYPTO_BAD_INPUT : The passed in command had invalid settings. ++ * HIFN_CRYPTO_RINGS_FULL : All DMA rings were full and non-blocking ++ * behaviour was requested. ++ * ++ *************************************************************************/ ++ ++/* ++ * Convert back and forth from 'sid' to 'card' and 'session' ++ */ ++#define HIFN_CARD(sid) (((sid) & 0xf0000000) >> 28) ++#define HIFN_SESSION(sid) ((sid) & 0x000007ff) ++#define HIFN_SID(crd,ses) (((crd) << 28) | ((ses) & 0x7ff)) ++ ++#endif /* _KERNEL */ ++ ++struct hifn_stats { ++ u_int64_t hst_ibytes; ++ u_int64_t hst_obytes; ++ u_int32_t hst_ipackets; ++ u_int32_t hst_opackets; ++ u_int32_t hst_invalid; ++ u_int32_t hst_nomem; /* malloc or one of hst_nomem_* */ ++ u_int32_t hst_abort; ++ u_int32_t hst_noirq; /* IRQ for no reason */ ++ u_int32_t hst_totbatch; /* ops submitted w/o interrupt */ ++ u_int32_t hst_maxbatch; /* max ops submitted together */ ++ u_int32_t hst_unaligned; /* unaligned src caused copy */ ++ /* ++ * The following divides hst_nomem into more specific buckets. ++ */ ++ u_int32_t hst_nomem_map; /* bus_dmamap_create failed */ ++ u_int32_t hst_nomem_load; /* bus_dmamap_load_* failed */ ++ u_int32_t hst_nomem_mbuf; /* MGET* failed */ ++ u_int32_t hst_nomem_mcl; /* MCLGET* failed */ ++ u_int32_t hst_nomem_cr; /* out of command/result descriptor */ ++ u_int32_t hst_nomem_sd; /* out of src/dst descriptors */ ++}; ++ ++#endif /* __HIFN7751VAR_H__ */ +--- /dev/null ++++ b/crypto/ocf/hifn/hifn7751.c +@@ -0,0 +1,2970 @@ ++/* $OpenBSD: hifn7751.c,v 1.120 2002/05/17 00:33:34 deraadt Exp $ */ ++ ++/*- ++ * Invertex AEON / Hifn 7751 driver ++ * Copyright (c) 1999 Invertex Inc. All rights reserved. ++ * Copyright (c) 1999 Theo de Raadt ++ * Copyright (c) 2000-2001 Network Security Technologies, Inc. ++ * http://www.netsec.net ++ * Copyright (c) 2003 Hifn Inc. ++ * ++ * This driver is based on a previous driver by Invertex, for which they ++ * requested: Please send any comments, feedback, bug-fixes, or feature ++ * requests to software@invertex.com. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote products ++ * derived from this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ * Effort sponsored in part by the Defense Advanced Research Projects ++ * Agency (DARPA) and Air Force Research Laboratory, Air Force ++ * Materiel Command, USAF, under agreement number F30602-01-2-0537. ++ * ++ * ++__FBSDID("$FreeBSD: src/sys/dev/hifn/hifn7751.c,v 1.40 2007/03/21 03:42:49 sam Exp $"); ++ */ ++ ++/* ++ * Driver for various Hifn encryption processors. ++ */ ++#ifndef AUTOCONF_INCLUDED ++#include <linux/config.h> ++#endif ++#include <linux/module.h> ++#include <linux/init.h> ++#include <linux/list.h> ++#include <linux/slab.h> ++#include <linux/wait.h> ++#include <linux/sched.h> ++#include <linux/pci.h> ++#include <linux/delay.h> ++#include <linux/interrupt.h> ++#include <linux/spinlock.h> ++#include <linux/random.h> ++#include <linux/version.h> ++#include <linux/skbuff.h> ++#include <asm/io.h> ++ ++#include <cryptodev.h> ++#include <uio.h> ++#include <hifn/hifn7751reg.h> ++#include <hifn/hifn7751var.h> ++ ++#if 1 ++#define DPRINTF(a...) if (hifn_debug) { \ ++ printk("%s: ", sc ? \ ++ device_get_nameunit(sc->sc_dev) : "hifn"); \ ++ printk(a); \ ++ } else ++#else ++#define DPRINTF(a...) ++#endif ++ ++static inline int ++pci_get_revid(struct pci_dev *dev) ++{ ++ u8 rid = 0; ++ pci_read_config_byte(dev, PCI_REVISION_ID, &rid); ++ return rid; ++} ++ ++static struct hifn_stats hifnstats; ++ ++#define debug hifn_debug ++int hifn_debug = 0; ++module_param(hifn_debug, int, 0644); ++MODULE_PARM_DESC(hifn_debug, "Enable debug"); ++ ++int hifn_maxbatch = 1; ++module_param(hifn_maxbatch, int, 0644); ++MODULE_PARM_DESC(hifn_maxbatch, "max ops to batch w/o interrupt"); ++ ++#ifdef MODULE_PARM ++char *hifn_pllconfig = NULL; ++MODULE_PARM(hifn_pllconfig, "s"); ++#else ++char hifn_pllconfig[32]; /* This setting is RO after loading */ ++module_param_string(hifn_pllconfig, hifn_pllconfig, 32, 0444); ++#endif ++MODULE_PARM_DESC(hifn_pllconfig, "PLL config, ie., pci66, ext33, ..."); ++ ++#ifdef HIFN_VULCANDEV ++#include <sys/conf.h> ++#include <sys/uio.h> ++ ++static struct cdevsw vulcanpk_cdevsw; /* forward declaration */ ++#endif ++ ++/* ++ * Prototypes and count for the pci_device structure ++ */ ++static int hifn_probe(struct pci_dev *dev, const struct pci_device_id *ent); ++static void hifn_remove(struct pci_dev *dev); ++ ++static int hifn_newsession(device_t, u_int32_t *, struct cryptoini *); ++static int hifn_freesession(device_t, u_int64_t); ++static int hifn_process(device_t, struct cryptop *, int); ++ ++static device_method_t hifn_methods = { ++ /* crypto device methods */ ++ DEVMETHOD(cryptodev_newsession, hifn_newsession), ++ DEVMETHOD(cryptodev_freesession,hifn_freesession), ++ DEVMETHOD(cryptodev_process, hifn_process), ++}; ++ ++static void hifn_reset_board(struct hifn_softc *, int); ++static void hifn_reset_puc(struct hifn_softc *); ++static void hifn_puc_wait(struct hifn_softc *); ++static int hifn_enable_crypto(struct hifn_softc *); ++static void hifn_set_retry(struct hifn_softc *sc); ++static void hifn_init_dma(struct hifn_softc *); ++static void hifn_init_pci_registers(struct hifn_softc *); ++static int hifn_sramsize(struct hifn_softc *); ++static int hifn_dramsize(struct hifn_softc *); ++static int hifn_ramtype(struct hifn_softc *); ++static void hifn_sessions(struct hifn_softc *); ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) ++static irqreturn_t hifn_intr(int irq, void *arg); ++#else ++static irqreturn_t hifn_intr(int irq, void *arg, struct pt_regs *regs); ++#endif ++static u_int hifn_write_command(struct hifn_command *, u_int8_t *); ++static u_int32_t hifn_next_signature(u_int32_t a, u_int cnt); ++static void hifn_callback(struct hifn_softc *, struct hifn_command *, u_int8_t *); ++static int hifn_crypto(struct hifn_softc *, struct hifn_command *, struct cryptop *, int); ++static int hifn_readramaddr(struct hifn_softc *, int, u_int8_t *); ++static int hifn_writeramaddr(struct hifn_softc *, int, u_int8_t *); ++static int hifn_dmamap_load_src(struct hifn_softc *, struct hifn_command *); ++static int hifn_dmamap_load_dst(struct hifn_softc *, struct hifn_command *); ++static int hifn_init_pubrng(struct hifn_softc *); ++static void hifn_tick(unsigned long arg); ++static void hifn_abort(struct hifn_softc *); ++static void hifn_alloc_slot(struct hifn_softc *, int *, int *, int *, int *); ++ ++static void hifn_write_reg_0(struct hifn_softc *, bus_size_t, u_int32_t); ++static void hifn_write_reg_1(struct hifn_softc *, bus_size_t, u_int32_t); ++ ++#ifdef CONFIG_OCF_RANDOMHARVEST ++static int hifn_read_random(void *arg, u_int32_t *buf, int len); ++#endif ++ ++#define HIFN_MAX_CHIPS 8 ++static struct hifn_softc *hifn_chip_idx[HIFN_MAX_CHIPS]; ++ ++static __inline u_int32_t ++READ_REG_0(struct hifn_softc *sc, bus_size_t reg) ++{ ++ u_int32_t v = readl(sc->sc_bar0 + reg); ++ sc->sc_bar0_lastreg = (bus_size_t) -1; ++ return (v); ++} ++#define WRITE_REG_0(sc, reg, val) hifn_write_reg_0(sc, reg, val) ++ ++static __inline u_int32_t ++READ_REG_1(struct hifn_softc *sc, bus_size_t reg) ++{ ++ u_int32_t v = readl(sc->sc_bar1 + reg); ++ sc->sc_bar1_lastreg = (bus_size_t) -1; ++ return (v); ++} ++#define WRITE_REG_1(sc, reg, val) hifn_write_reg_1(sc, reg, val) ++ ++/* ++ * map in a given buffer (great on some arches :-) ++ */ ++ ++static int ++pci_map_uio(struct hifn_softc *sc, struct hifn_operand *buf, struct uio *uio) ++{ ++ struct iovec *iov = uio->uio_iov; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ buf->mapsize = 0; ++ for (buf->nsegs = 0; buf->nsegs < uio->uio_iovcnt; ) { ++ buf->segs[buf->nsegs].ds_addr = pci_map_single(sc->sc_pcidev, ++ iov->iov_base, iov->iov_len, ++ PCI_DMA_BIDIRECTIONAL); ++ buf->segs[buf->nsegs].ds_len = iov->iov_len; ++ buf->mapsize += iov->iov_len; ++ iov++; ++ buf->nsegs++; ++ } ++ /* identify this buffer by the first segment */ ++ buf->map = (void *) buf->segs[0].ds_addr; ++ return(0); ++} ++ ++/* ++ * map in a given sk_buff ++ */ ++ ++static int ++pci_map_skb(struct hifn_softc *sc,struct hifn_operand *buf,struct sk_buff *skb) ++{ ++ int i; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ buf->mapsize = 0; ++ ++ buf->segs[0].ds_addr = pci_map_single(sc->sc_pcidev, ++ skb->data, skb_headlen(skb), PCI_DMA_BIDIRECTIONAL); ++ buf->segs[0].ds_len = skb_headlen(skb); ++ buf->mapsize += buf->segs[0].ds_len; ++ ++ buf->nsegs = 1; ++ ++ for (i = 0; i < skb_shinfo(skb)->nr_frags; ) { ++ buf->segs[buf->nsegs].ds_len = skb_shinfo(skb)->frags[i].size; ++ buf->segs[buf->nsegs].ds_addr = pci_map_single(sc->sc_pcidev, ++ page_address(skb_shinfo(skb)->frags[i].page) + ++ skb_shinfo(skb)->frags[i].page_offset, ++ buf->segs[buf->nsegs].ds_len, PCI_DMA_BIDIRECTIONAL); ++ buf->mapsize += buf->segs[buf->nsegs].ds_len; ++ buf->nsegs++; ++ } ++ ++ /* identify this buffer by the first segment */ ++ buf->map = (void *) buf->segs[0].ds_addr; ++ return(0); ++} ++ ++/* ++ * map in a given contiguous buffer ++ */ ++ ++static int ++pci_map_buf(struct hifn_softc *sc,struct hifn_operand *buf, void *b, int len) ++{ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ buf->mapsize = 0; ++ buf->segs[0].ds_addr = pci_map_single(sc->sc_pcidev, ++ b, len, PCI_DMA_BIDIRECTIONAL); ++ buf->segs[0].ds_len = len; ++ buf->mapsize += buf->segs[0].ds_len; ++ buf->nsegs = 1; ++ ++ /* identify this buffer by the first segment */ ++ buf->map = (void *) buf->segs[0].ds_addr; ++ return(0); ++} ++ ++#if 0 /* not needed at this time */ ++static void ++pci_sync_iov(struct hifn_softc *sc, struct hifn_operand *buf) ++{ ++ int i; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ for (i = 0; i < buf->nsegs; i++) ++ pci_dma_sync_single_for_cpu(sc->sc_pcidev, buf->segs[i].ds_addr, ++ buf->segs[i].ds_len, PCI_DMA_BIDIRECTIONAL); ++} ++#endif ++ ++static void ++pci_unmap_buf(struct hifn_softc *sc, struct hifn_operand *buf) ++{ ++ int i; ++ DPRINTF("%s()\n", __FUNCTION__); ++ for (i = 0; i < buf->nsegs; i++) { ++ pci_unmap_single(sc->sc_pcidev, buf->segs[i].ds_addr, ++ buf->segs[i].ds_len, PCI_DMA_BIDIRECTIONAL); ++ buf->segs[i].ds_addr = 0; ++ buf->segs[i].ds_len = 0; ++ } ++ buf->nsegs = 0; ++ buf->mapsize = 0; ++ buf->map = 0; ++} ++ ++static const char* ++hifn_partname(struct hifn_softc *sc) ++{ ++ /* XXX sprintf numbers when not decoded */ ++ switch (pci_get_vendor(sc->sc_pcidev)) { ++ case PCI_VENDOR_HIFN: ++ switch (pci_get_device(sc->sc_pcidev)) { ++ case PCI_PRODUCT_HIFN_6500: return "Hifn 6500"; ++ case PCI_PRODUCT_HIFN_7751: return "Hifn 7751"; ++ case PCI_PRODUCT_HIFN_7811: return "Hifn 7811"; ++ case PCI_PRODUCT_HIFN_7951: return "Hifn 7951"; ++ case PCI_PRODUCT_HIFN_7955: return "Hifn 7955"; ++ case PCI_PRODUCT_HIFN_7956: return "Hifn 7956"; ++ } ++ return "Hifn unknown-part"; ++ case PCI_VENDOR_INVERTEX: ++ switch (pci_get_device(sc->sc_pcidev)) { ++ case PCI_PRODUCT_INVERTEX_AEON: return "Invertex AEON"; ++ } ++ return "Invertex unknown-part"; ++ case PCI_VENDOR_NETSEC: ++ switch (pci_get_device(sc->sc_pcidev)) { ++ case PCI_PRODUCT_NETSEC_7751: return "NetSec 7751"; ++ } ++ return "NetSec unknown-part"; ++ } ++ return "Unknown-vendor unknown-part"; ++} ++ ++static u_int ++checkmaxmin(struct pci_dev *dev, const char *what, u_int v, u_int min, u_int max) ++{ ++ struct hifn_softc *sc = pci_get_drvdata(dev); ++ if (v > max) { ++ device_printf(sc->sc_dev, "Warning, %s %u out of range, " ++ "using max %u\n", what, v, max); ++ v = max; ++ } else if (v < min) { ++ device_printf(sc->sc_dev, "Warning, %s %u out of range, " ++ "using min %u\n", what, v, min); ++ v = min; ++ } ++ return v; ++} ++ ++/* ++ * Select PLL configuration for 795x parts. This is complicated in ++ * that we cannot determine the optimal parameters without user input. ++ * The reference clock is derived from an external clock through a ++ * multiplier. The external clock is either the host bus (i.e. PCI) ++ * or an external clock generator. When using the PCI bus we assume ++ * the clock is either 33 or 66 MHz; for an external source we cannot ++ * tell the speed. ++ * ++ * PLL configuration is done with a string: "pci" for PCI bus, or "ext" ++ * for an external source, followed by the frequency. We calculate ++ * the appropriate multiplier and PLL register contents accordingly. ++ * When no configuration is given we default to "pci66" since that ++ * always will allow the card to work. If a card is using the PCI ++ * bus clock and in a 33MHz slot then it will be operating at half ++ * speed until the correct information is provided. ++ * ++ * We use a default setting of "ext66" because according to Mike Ham ++ * of HiFn, almost every board in existence has an external crystal ++ * populated at 66Mhz. Using PCI can be a problem on modern motherboards, ++ * because PCI33 can have clocks from 0 to 33Mhz, and some have ++ * non-PCI-compliant spread-spectrum clocks, which can confuse the pll. ++ */ ++static void ++hifn_getpllconfig(struct pci_dev *dev, u_int *pll) ++{ ++ const char *pllspec = hifn_pllconfig; ++ u_int freq, mul, fl, fh; ++ u_int32_t pllconfig; ++ char *nxt; ++ ++ if (pllspec == NULL) ++ pllspec = "ext66"; ++ fl = 33, fh = 66; ++ pllconfig = 0; ++ if (strncmp(pllspec, "ext", 3) == 0) { ++ pllspec += 3; ++ pllconfig |= HIFN_PLL_REF_SEL; ++ switch (pci_get_device(dev)) { ++ case PCI_PRODUCT_HIFN_7955: ++ case PCI_PRODUCT_HIFN_7956: ++ fl = 20, fh = 100; ++ break; ++#ifdef notyet ++ case PCI_PRODUCT_HIFN_7954: ++ fl = 20, fh = 66; ++ break; ++#endif ++ } ++ } else if (strncmp(pllspec, "pci", 3) == 0) ++ pllspec += 3; ++ freq = strtoul(pllspec, &nxt, 10); ++ if (nxt == pllspec) ++ freq = 66; ++ else ++ freq = checkmaxmin(dev, "frequency", freq, fl, fh); ++ /* ++ * Calculate multiplier. We target a Fck of 266 MHz, ++ * allowing only even values, possibly rounded down. ++ * Multipliers > 8 must set the charge pump current. ++ */ ++ mul = checkmaxmin(dev, "PLL divisor", (266 / freq) &~ 1, 2, 12); ++ pllconfig |= (mul / 2 - 1) << HIFN_PLL_ND_SHIFT; ++ if (mul > 8) ++ pllconfig |= HIFN_PLL_IS; ++ *pll = pllconfig; ++} ++ ++/* ++ * Attach an interface that successfully probed. ++ */ ++static int ++hifn_probe(struct pci_dev *dev, const struct pci_device_id *ent) ++{ ++ struct hifn_softc *sc = NULL; ++ char rbase; ++ u_int16_t ena, rev; ++ int rseg, rc; ++ unsigned long mem_start, mem_len; ++ static int num_chips = 0; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ if (pci_enable_device(dev) < 0) ++ return(-ENODEV); ++ ++ if (pci_set_mwi(dev)) ++ return(-ENODEV); ++ ++ if (!dev->irq) { ++ printk("hifn: found device with no IRQ assigned. check BIOS settings!"); ++ pci_disable_device(dev); ++ return(-ENODEV); ++ } ++ ++ sc = (struct hifn_softc *) kmalloc(sizeof(*sc), GFP_KERNEL); ++ if (!sc) ++ return(-ENOMEM); ++ memset(sc, 0, sizeof(*sc)); ++ ++ softc_device_init(sc, "hifn", num_chips, hifn_methods); ++ ++ sc->sc_pcidev = dev; ++ sc->sc_irq = -1; ++ sc->sc_cid = -1; ++ sc->sc_num = num_chips++; ++ if (sc->sc_num < HIFN_MAX_CHIPS) ++ hifn_chip_idx[sc->sc_num] = sc; ++ ++ pci_set_drvdata(sc->sc_pcidev, sc); ++ ++ spin_lock_init(&sc->sc_mtx); ++ ++ /* XXX handle power management */ ++ ++ /* ++ * The 7951 and 795x have a random number generator and ++ * public key support; note this. ++ */ ++ if (pci_get_vendor(dev) == PCI_VENDOR_HIFN && ++ (pci_get_device(dev) == PCI_PRODUCT_HIFN_7951 || ++ pci_get_device(dev) == PCI_PRODUCT_HIFN_7955 || ++ pci_get_device(dev) == PCI_PRODUCT_HIFN_7956)) ++ sc->sc_flags = HIFN_HAS_RNG | HIFN_HAS_PUBLIC; ++ /* ++ * The 7811 has a random number generator and ++ * we also note it's identity 'cuz of some quirks. ++ */ ++ if (pci_get_vendor(dev) == PCI_VENDOR_HIFN && ++ pci_get_device(dev) == PCI_PRODUCT_HIFN_7811) ++ sc->sc_flags |= HIFN_IS_7811 | HIFN_HAS_RNG; ++ ++ /* ++ * The 795x parts support AES. ++ */ ++ if (pci_get_vendor(dev) == PCI_VENDOR_HIFN && ++ (pci_get_device(dev) == PCI_PRODUCT_HIFN_7955 || ++ pci_get_device(dev) == PCI_PRODUCT_HIFN_7956)) { ++ sc->sc_flags |= HIFN_IS_7956 | HIFN_HAS_AES; ++ /* ++ * Select PLL configuration. This depends on the ++ * bus and board design and must be manually configured ++ * if the default setting is unacceptable. ++ */ ++ hifn_getpllconfig(dev, &sc->sc_pllconfig); ++ } ++ ++ /* ++ * Setup PCI resources. Note that we record the bus ++ * tag and handle for each register mapping, this is ++ * used by the READ_REG_0, WRITE_REG_0, READ_REG_1, ++ * and WRITE_REG_1 macros throughout the driver. ++ */ ++ mem_start = pci_resource_start(sc->sc_pcidev, 0); ++ mem_len = pci_resource_len(sc->sc_pcidev, 0); ++ sc->sc_bar0 = (ocf_iomem_t) ioremap(mem_start, mem_len); ++ if (!sc->sc_bar0) { ++ device_printf(sc->sc_dev, "cannot map bar%d register space\n", 0); ++ goto fail; ++ } ++ sc->sc_bar0_lastreg = (bus_size_t) -1; ++ ++ mem_start = pci_resource_start(sc->sc_pcidev, 1); ++ mem_len = pci_resource_len(sc->sc_pcidev, 1); ++ sc->sc_bar1 = (ocf_iomem_t) ioremap(mem_start, mem_len); ++ if (!sc->sc_bar1) { ++ device_printf(sc->sc_dev, "cannot map bar%d register space\n", 1); ++ goto fail; ++ } ++ sc->sc_bar1_lastreg = (bus_size_t) -1; ++ ++ /* fix up the bus size */ ++ if (pci_set_dma_mask(dev, DMA_32BIT_MASK)) { ++ device_printf(sc->sc_dev, "No usable DMA configuration, aborting.\n"); ++ goto fail; ++ } ++ if (pci_set_consistent_dma_mask(dev, DMA_32BIT_MASK)) { ++ device_printf(sc->sc_dev, ++ "No usable consistent DMA configuration, aborting.\n"); ++ goto fail; ++ } ++ ++ hifn_set_retry(sc); ++ ++ /* ++ * Setup the area where the Hifn DMA's descriptors ++ * and associated data structures. ++ */ ++ sc->sc_dma = (struct hifn_dma *) pci_alloc_consistent(dev, ++ sizeof(*sc->sc_dma), ++ &sc->sc_dma_physaddr); ++ if (!sc->sc_dma) { ++ device_printf(sc->sc_dev, "cannot alloc sc_dma\n"); ++ goto fail; ++ } ++ bzero(sc->sc_dma, sizeof(*sc->sc_dma)); ++ ++ /* ++ * Reset the board and do the ``secret handshake'' ++ * to enable the crypto support. Then complete the ++ * initialization procedure by setting up the interrupt ++ * and hooking in to the system crypto support so we'll ++ * get used for system services like the crypto device, ++ * IPsec, RNG device, etc. ++ */ ++ hifn_reset_board(sc, 0); ++ ++ if (hifn_enable_crypto(sc) != 0) { ++ device_printf(sc->sc_dev, "crypto enabling failed\n"); ++ goto fail; ++ } ++ hifn_reset_puc(sc); ++ ++ hifn_init_dma(sc); ++ hifn_init_pci_registers(sc); ++ ++ pci_set_master(sc->sc_pcidev); ++ ++ /* XXX can't dynamically determine ram type for 795x; force dram */ ++ if (sc->sc_flags & HIFN_IS_7956) ++ sc->sc_drammodel = 1; ++ else if (hifn_ramtype(sc)) ++ goto fail; ++ ++ if (sc->sc_drammodel == 0) ++ hifn_sramsize(sc); ++ else ++ hifn_dramsize(sc); ++ ++ /* ++ * Workaround for NetSec 7751 rev A: half ram size because two ++ * of the address lines were left floating ++ */ ++ if (pci_get_vendor(dev) == PCI_VENDOR_NETSEC && ++ pci_get_device(dev) == PCI_PRODUCT_NETSEC_7751 && ++ pci_get_revid(dev) == 0x61) /*XXX???*/ ++ sc->sc_ramsize >>= 1; ++ ++ /* ++ * Arrange the interrupt line. ++ */ ++ rc = request_irq(dev->irq, hifn_intr, IRQF_SHARED, "hifn", sc); ++ if (rc) { ++ device_printf(sc->sc_dev, "could not map interrupt: %d\n", rc); ++ goto fail; ++ } ++ sc->sc_irq = dev->irq; ++ ++ hifn_sessions(sc); ++ ++ /* ++ * NB: Keep only the low 16 bits; this masks the chip id ++ * from the 7951. ++ */ ++ rev = READ_REG_1(sc, HIFN_1_REVID) & 0xffff; ++ ++ rseg = sc->sc_ramsize / 1024; ++ rbase = 'K'; ++ if (sc->sc_ramsize >= (1024 * 1024)) { ++ rbase = 'M'; ++ rseg /= 1024; ++ } ++ device_printf(sc->sc_dev, "%s, rev %u, %d%cB %cram", ++ hifn_partname(sc), rev, ++ rseg, rbase, sc->sc_drammodel ? 'd' : 's'); ++ if (sc->sc_flags & HIFN_IS_7956) ++ printf(", pll=0x%x<%s clk, %ux mult>", ++ sc->sc_pllconfig, ++ sc->sc_pllconfig & HIFN_PLL_REF_SEL ? "ext" : "pci", ++ 2 + 2*((sc->sc_pllconfig & HIFN_PLL_ND) >> 11)); ++ printf("\n"); ++ ++ sc->sc_cid = crypto_get_driverid(softc_get_device(sc),CRYPTOCAP_F_HARDWARE); ++ if (sc->sc_cid < 0) { ++ device_printf(sc->sc_dev, "could not get crypto driver id\n"); ++ goto fail; ++ } ++ ++ WRITE_REG_0(sc, HIFN_0_PUCNFG, ++ READ_REG_0(sc, HIFN_0_PUCNFG) | HIFN_PUCNFG_CHIPID); ++ ena = READ_REG_0(sc, HIFN_0_PUSTAT) & HIFN_PUSTAT_CHIPENA; ++ ++ switch (ena) { ++ case HIFN_PUSTAT_ENA_2: ++ crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0); ++ crypto_register(sc->sc_cid, CRYPTO_ARC4, 0, 0); ++ if (sc->sc_flags & HIFN_HAS_AES) ++ crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0); ++ /*FALLTHROUGH*/ ++ case HIFN_PUSTAT_ENA_1: ++ crypto_register(sc->sc_cid, CRYPTO_MD5, 0, 0); ++ crypto_register(sc->sc_cid, CRYPTO_SHA1, 0, 0); ++ crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0); ++ crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0); ++ crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0); ++ break; ++ } ++ ++ if (sc->sc_flags & (HIFN_HAS_PUBLIC | HIFN_HAS_RNG)) ++ hifn_init_pubrng(sc); ++ ++ init_timer(&sc->sc_tickto); ++ sc->sc_tickto.function = hifn_tick; ++ sc->sc_tickto.data = (unsigned long) sc->sc_num; ++ mod_timer(&sc->sc_tickto, jiffies + HZ); ++ ++ return (0); ++ ++fail: ++ if (sc->sc_cid >= 0) ++ crypto_unregister_all(sc->sc_cid); ++ if (sc->sc_irq != -1) ++ free_irq(sc->sc_irq, sc); ++ if (sc->sc_dma) { ++ /* Turn off DMA polling */ ++ WRITE_REG_1(sc, HIFN_1_DMA_CNFG, HIFN_DMACNFG_MSTRESET | ++ HIFN_DMACNFG_DMARESET | HIFN_DMACNFG_MODE); ++ ++ pci_free_consistent(sc->sc_pcidev, ++ sizeof(*sc->sc_dma), ++ sc->sc_dma, sc->sc_dma_physaddr); ++ } ++ kfree(sc); ++ return (-ENXIO); ++} ++ ++/* ++ * Detach an interface that successfully probed. ++ */ ++static void ++hifn_remove(struct pci_dev *dev) ++{ ++ struct hifn_softc *sc = pci_get_drvdata(dev); ++ unsigned long l_flags; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ KASSERT(sc != NULL, ("hifn_detach: null software carrier!")); ++ ++ /* disable interrupts */ ++ HIFN_LOCK(sc); ++ WRITE_REG_1(sc, HIFN_1_DMA_IER, 0); ++ HIFN_UNLOCK(sc); ++ ++ /*XXX other resources */ ++ del_timer_sync(&sc->sc_tickto); ++ ++ /* Turn off DMA polling */ ++ WRITE_REG_1(sc, HIFN_1_DMA_CNFG, HIFN_DMACNFG_MSTRESET | ++ HIFN_DMACNFG_DMARESET | HIFN_DMACNFG_MODE); ++ ++ crypto_unregister_all(sc->sc_cid); ++ ++ free_irq(sc->sc_irq, sc); ++ ++ pci_free_consistent(sc->sc_pcidev, sizeof(*sc->sc_dma), ++ sc->sc_dma, sc->sc_dma_physaddr); ++} ++ ++ ++static int ++hifn_init_pubrng(struct hifn_softc *sc) ++{ ++ int i; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ if ((sc->sc_flags & HIFN_IS_7811) == 0) { ++ /* Reset 7951 public key/rng engine */ ++ WRITE_REG_1(sc, HIFN_1_PUB_RESET, ++ READ_REG_1(sc, HIFN_1_PUB_RESET) | HIFN_PUBRST_RESET); ++ ++ for (i = 0; i < 100; i++) { ++ DELAY(1000); ++ if ((READ_REG_1(sc, HIFN_1_PUB_RESET) & ++ HIFN_PUBRST_RESET) == 0) ++ break; ++ } ++ ++ if (i == 100) { ++ device_printf(sc->sc_dev, "public key init failed\n"); ++ return (1); ++ } ++ } ++ ++ /* Enable the rng, if available */ ++#ifdef CONFIG_OCF_RANDOMHARVEST ++ if (sc->sc_flags & HIFN_HAS_RNG) { ++ if (sc->sc_flags & HIFN_IS_7811) { ++ u_int32_t r; ++ r = READ_REG_1(sc, HIFN_1_7811_RNGENA); ++ if (r & HIFN_7811_RNGENA_ENA) { ++ r &= ~HIFN_7811_RNGENA_ENA; ++ WRITE_REG_1(sc, HIFN_1_7811_RNGENA, r); ++ } ++ WRITE_REG_1(sc, HIFN_1_7811_RNGCFG, ++ HIFN_7811_RNGCFG_DEFL); ++ r |= HIFN_7811_RNGENA_ENA; ++ WRITE_REG_1(sc, HIFN_1_7811_RNGENA, r); ++ } else ++ WRITE_REG_1(sc, HIFN_1_RNG_CONFIG, ++ READ_REG_1(sc, HIFN_1_RNG_CONFIG) | ++ HIFN_RNGCFG_ENA); ++ ++ sc->sc_rngfirst = 1; ++ crypto_rregister(sc->sc_cid, hifn_read_random, sc); ++ } ++#endif ++ ++ /* Enable public key engine, if available */ ++ if (sc->sc_flags & HIFN_HAS_PUBLIC) { ++ WRITE_REG_1(sc, HIFN_1_PUB_IEN, HIFN_PUBIEN_DONE); ++ sc->sc_dmaier |= HIFN_DMAIER_PUBDONE; ++ WRITE_REG_1(sc, HIFN_1_DMA_IER, sc->sc_dmaier); ++#ifdef HIFN_VULCANDEV ++ sc->sc_pkdev = make_dev(&vulcanpk_cdevsw, 0, ++ UID_ROOT, GID_WHEEL, 0666, ++ "vulcanpk"); ++ sc->sc_pkdev->si_drv1 = sc; ++#endif ++ } ++ ++ return (0); ++} ++ ++#ifdef CONFIG_OCF_RANDOMHARVEST ++static int ++hifn_read_random(void *arg, u_int32_t *buf, int len) ++{ ++ struct hifn_softc *sc = (struct hifn_softc *) arg; ++ u_int32_t sts; ++ int i, rc = 0; ++ ++ if (len <= 0) ++ return rc; ++ ++ if (sc->sc_flags & HIFN_IS_7811) { ++ /* ONLY VALID ON 7811!!!! */ ++ for (i = 0; i < 5; i++) { ++ sts = READ_REG_1(sc, HIFN_1_7811_RNGSTS); ++ if (sts & HIFN_7811_RNGSTS_UFL) { ++ device_printf(sc->sc_dev, ++ "RNG underflow: disabling\n"); ++ /* DAVIDM perhaps return -1 */ ++ break; ++ } ++ if ((sts & HIFN_7811_RNGSTS_RDY) == 0) ++ break; ++ ++ /* ++ * There are at least two words in the RNG FIFO ++ * at this point. ++ */ ++ if (rc < len) ++ buf[rc++] = READ_REG_1(sc, HIFN_1_7811_RNGDAT); ++ if (rc < len) ++ buf[rc++] = READ_REG_1(sc, HIFN_1_7811_RNGDAT); ++ } ++ } else ++ buf[rc++] = READ_REG_1(sc, HIFN_1_RNG_DATA); ++ ++ /* NB: discard first data read */ ++ if (sc->sc_rngfirst) { ++ sc->sc_rngfirst = 0; ++ rc = 0; ++ } ++ ++ return(rc); ++} ++#endif /* CONFIG_OCF_RANDOMHARVEST */ ++ ++static void ++hifn_puc_wait(struct hifn_softc *sc) ++{ ++ int i; ++ int reg = HIFN_0_PUCTRL; ++ ++ if (sc->sc_flags & HIFN_IS_7956) { ++ reg = HIFN_0_PUCTRL2; ++ } ++ ++ for (i = 5000; i > 0; i--) { ++ DELAY(1); ++ if (!(READ_REG_0(sc, reg) & HIFN_PUCTRL_RESET)) ++ break; ++ } ++ if (!i) ++ device_printf(sc->sc_dev, "proc unit did not reset(0x%x)\n", ++ READ_REG_0(sc, HIFN_0_PUCTRL)); ++} ++ ++/* ++ * Reset the processing unit. ++ */ ++static void ++hifn_reset_puc(struct hifn_softc *sc) ++{ ++ /* Reset processing unit */ ++ int reg = HIFN_0_PUCTRL; ++ ++ if (sc->sc_flags & HIFN_IS_7956) { ++ reg = HIFN_0_PUCTRL2; ++ } ++ WRITE_REG_0(sc, reg, HIFN_PUCTRL_DMAENA); ++ ++ hifn_puc_wait(sc); ++} ++ ++/* ++ * Set the Retry and TRDY registers; note that we set them to ++ * zero because the 7811 locks up when forced to retry (section ++ * 3.6 of "Specification Update SU-0014-04". Not clear if we ++ * should do this for all Hifn parts, but it doesn't seem to hurt. ++ */ ++static void ++hifn_set_retry(struct hifn_softc *sc) ++{ ++ DPRINTF("%s()\n", __FUNCTION__); ++ /* NB: RETRY only responds to 8-bit reads/writes */ ++ pci_write_config_byte(sc->sc_pcidev, HIFN_RETRY_TIMEOUT, 0); ++ pci_write_config_dword(sc->sc_pcidev, HIFN_TRDY_TIMEOUT, 0); ++} ++ ++/* ++ * Resets the board. Values in the regesters are left as is ++ * from the reset (i.e. initial values are assigned elsewhere). ++ */ ++static void ++hifn_reset_board(struct hifn_softc *sc, int full) ++{ ++ u_int32_t reg; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ /* ++ * Set polling in the DMA configuration register to zero. 0x7 avoids ++ * resetting the board and zeros out the other fields. ++ */ ++ WRITE_REG_1(sc, HIFN_1_DMA_CNFG, HIFN_DMACNFG_MSTRESET | ++ HIFN_DMACNFG_DMARESET | HIFN_DMACNFG_MODE); ++ ++ /* ++ * Now that polling has been disabled, we have to wait 1 ms ++ * before resetting the board. ++ */ ++ DELAY(1000); ++ ++ /* Reset the DMA unit */ ++ if (full) { ++ WRITE_REG_1(sc, HIFN_1_DMA_CNFG, HIFN_DMACNFG_MODE); ++ DELAY(1000); ++ } else { ++ WRITE_REG_1(sc, HIFN_1_DMA_CNFG, ++ HIFN_DMACNFG_MODE | HIFN_DMACNFG_MSTRESET); ++ hifn_reset_puc(sc); ++ } ++ ++ KASSERT(sc->sc_dma != NULL, ("hifn_reset_board: null DMA tag!")); ++ bzero(sc->sc_dma, sizeof(*sc->sc_dma)); ++ ++ /* Bring dma unit out of reset */ ++ WRITE_REG_1(sc, HIFN_1_DMA_CNFG, HIFN_DMACNFG_MSTRESET | ++ HIFN_DMACNFG_DMARESET | HIFN_DMACNFG_MODE); ++ ++ hifn_puc_wait(sc); ++ hifn_set_retry(sc); ++ ++ if (sc->sc_flags & HIFN_IS_7811) { ++ for (reg = 0; reg < 1000; reg++) { ++ if (READ_REG_1(sc, HIFN_1_7811_MIPSRST) & ++ HIFN_MIPSRST_CRAMINIT) ++ break; ++ DELAY(1000); ++ } ++ if (reg == 1000) ++ device_printf(sc->sc_dev, ": cram init timeout\n"); ++ } else { ++ /* set up DMA configuration register #2 */ ++ /* turn off all PK and BAR0 swaps */ ++ WRITE_REG_1(sc, HIFN_1_DMA_CNFG2, ++ (3 << HIFN_DMACNFG2_INIT_WRITE_BURST_SHIFT)| ++ (3 << HIFN_DMACNFG2_INIT_READ_BURST_SHIFT)| ++ (2 << HIFN_DMACNFG2_TGT_WRITE_BURST_SHIFT)| ++ (2 << HIFN_DMACNFG2_TGT_READ_BURST_SHIFT)); ++ } ++} ++ ++static u_int32_t ++hifn_next_signature(u_int32_t a, u_int cnt) ++{ ++ int i; ++ u_int32_t v; ++ ++ for (i = 0; i < cnt; i++) { ++ ++ /* get the parity */ ++ v = a & 0x80080125; ++ v ^= v >> 16; ++ v ^= v >> 8; ++ v ^= v >> 4; ++ v ^= v >> 2; ++ v ^= v >> 1; ++ ++ a = (v & 1) ^ (a << 1); ++ } ++ ++ return a; ++} ++ ++ ++/* ++ * Checks to see if crypto is already enabled. If crypto isn't enable, ++ * "hifn_enable_crypto" is called to enable it. The check is important, ++ * as enabling crypto twice will lock the board. ++ */ ++static int ++hifn_enable_crypto(struct hifn_softc *sc) ++{ ++ u_int32_t dmacfg, ramcfg, encl, addr, i; ++ char offtbl[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00 }; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ ramcfg = READ_REG_0(sc, HIFN_0_PUCNFG); ++ dmacfg = READ_REG_1(sc, HIFN_1_DMA_CNFG); ++ ++ /* ++ * The RAM config register's encrypt level bit needs to be set before ++ * every read performed on the encryption level register. ++ */ ++ WRITE_REG_0(sc, HIFN_0_PUCNFG, ramcfg | HIFN_PUCNFG_CHIPID); ++ ++ encl = READ_REG_0(sc, HIFN_0_PUSTAT) & HIFN_PUSTAT_CHIPENA; ++ ++ /* ++ * Make sure we don't re-unlock. Two unlocks kills chip until the ++ * next reboot. ++ */ ++ if (encl == HIFN_PUSTAT_ENA_1 || encl == HIFN_PUSTAT_ENA_2) { ++#ifdef HIFN_DEBUG ++ if (hifn_debug) ++ device_printf(sc->sc_dev, ++ "Strong crypto already enabled!\n"); ++#endif ++ goto report; ++ } ++ ++ if (encl != 0 && encl != HIFN_PUSTAT_ENA_0) { ++#ifdef HIFN_DEBUG ++ if (hifn_debug) ++ device_printf(sc->sc_dev, ++ "Unknown encryption level 0x%x\n", encl); ++#endif ++ return 1; ++ } ++ ++ WRITE_REG_1(sc, HIFN_1_DMA_CNFG, HIFN_DMACNFG_UNLOCK | ++ HIFN_DMACNFG_MSTRESET | HIFN_DMACNFG_DMARESET | HIFN_DMACNFG_MODE); ++ DELAY(1000); ++ addr = READ_REG_1(sc, HIFN_UNLOCK_SECRET1); ++ DELAY(1000); ++ WRITE_REG_1(sc, HIFN_UNLOCK_SECRET2, 0); ++ DELAY(1000); ++ ++ for (i = 0; i <= 12; i++) { ++ addr = hifn_next_signature(addr, offtbl[i] + 0x101); ++ WRITE_REG_1(sc, HIFN_UNLOCK_SECRET2, addr); ++ ++ DELAY(1000); ++ } ++ ++ WRITE_REG_0(sc, HIFN_0_PUCNFG, ramcfg | HIFN_PUCNFG_CHIPID); ++ encl = READ_REG_0(sc, HIFN_0_PUSTAT) & HIFN_PUSTAT_CHIPENA; ++ ++#ifdef HIFN_DEBUG ++ if (hifn_debug) { ++ if (encl != HIFN_PUSTAT_ENA_1 && encl != HIFN_PUSTAT_ENA_2) ++ device_printf(sc->sc_dev, "Engine is permanently " ++ "locked until next system reset!\n"); ++ else ++ device_printf(sc->sc_dev, "Engine enabled " ++ "successfully!\n"); ++ } ++#endif ++ ++report: ++ WRITE_REG_0(sc, HIFN_0_PUCNFG, ramcfg); ++ WRITE_REG_1(sc, HIFN_1_DMA_CNFG, dmacfg); ++ ++ switch (encl) { ++ case HIFN_PUSTAT_ENA_1: ++ case HIFN_PUSTAT_ENA_2: ++ break; ++ case HIFN_PUSTAT_ENA_0: ++ default: ++ device_printf(sc->sc_dev, "disabled\n"); ++ break; ++ } ++ ++ return 0; ++} ++ ++/* ++ * Give initial values to the registers listed in the "Register Space" ++ * section of the HIFN Software Development reference manual. ++ */ ++static void ++hifn_init_pci_registers(struct hifn_softc *sc) ++{ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ /* write fixed values needed by the Initialization registers */ ++ WRITE_REG_0(sc, HIFN_0_PUCTRL, HIFN_PUCTRL_DMAENA); ++ WRITE_REG_0(sc, HIFN_0_FIFOCNFG, HIFN_FIFOCNFG_THRESHOLD); ++ WRITE_REG_0(sc, HIFN_0_PUIER, HIFN_PUIER_DSTOVER); ++ ++ /* write all 4 ring address registers */ ++ WRITE_REG_1(sc, HIFN_1_DMA_CRAR, sc->sc_dma_physaddr + ++ offsetof(struct hifn_dma, cmdr[0])); ++ WRITE_REG_1(sc, HIFN_1_DMA_SRAR, sc->sc_dma_physaddr + ++ offsetof(struct hifn_dma, srcr[0])); ++ WRITE_REG_1(sc, HIFN_1_DMA_DRAR, sc->sc_dma_physaddr + ++ offsetof(struct hifn_dma, dstr[0])); ++ WRITE_REG_1(sc, HIFN_1_DMA_RRAR, sc->sc_dma_physaddr + ++ offsetof(struct hifn_dma, resr[0])); ++ ++ DELAY(2000); ++ ++ /* write status register */ ++ WRITE_REG_1(sc, HIFN_1_DMA_CSR, ++ HIFN_DMACSR_D_CTRL_DIS | HIFN_DMACSR_R_CTRL_DIS | ++ HIFN_DMACSR_S_CTRL_DIS | HIFN_DMACSR_C_CTRL_DIS | ++ HIFN_DMACSR_D_ABORT | HIFN_DMACSR_D_DONE | HIFN_DMACSR_D_LAST | ++ HIFN_DMACSR_D_WAIT | HIFN_DMACSR_D_OVER | ++ HIFN_DMACSR_R_ABORT | HIFN_DMACSR_R_DONE | HIFN_DMACSR_R_LAST | ++ HIFN_DMACSR_R_WAIT | HIFN_DMACSR_R_OVER | ++ HIFN_DMACSR_S_ABORT | HIFN_DMACSR_S_DONE | HIFN_DMACSR_S_LAST | ++ HIFN_DMACSR_S_WAIT | ++ HIFN_DMACSR_C_ABORT | HIFN_DMACSR_C_DONE | HIFN_DMACSR_C_LAST | ++ HIFN_DMACSR_C_WAIT | ++ HIFN_DMACSR_ENGINE | ++ ((sc->sc_flags & HIFN_HAS_PUBLIC) ? ++ HIFN_DMACSR_PUBDONE : 0) | ++ ((sc->sc_flags & HIFN_IS_7811) ? ++ HIFN_DMACSR_ILLW | HIFN_DMACSR_ILLR : 0)); ++ ++ sc->sc_d_busy = sc->sc_r_busy = sc->sc_s_busy = sc->sc_c_busy = 0; ++ sc->sc_dmaier |= HIFN_DMAIER_R_DONE | HIFN_DMAIER_C_ABORT | ++ HIFN_DMAIER_D_OVER | HIFN_DMAIER_R_OVER | ++ HIFN_DMAIER_S_ABORT | HIFN_DMAIER_D_ABORT | HIFN_DMAIER_R_ABORT | ++ ((sc->sc_flags & HIFN_IS_7811) ? ++ HIFN_DMAIER_ILLW | HIFN_DMAIER_ILLR : 0); ++ sc->sc_dmaier &= ~HIFN_DMAIER_C_WAIT; ++ WRITE_REG_1(sc, HIFN_1_DMA_IER, sc->sc_dmaier); ++ ++ ++ if (sc->sc_flags & HIFN_IS_7956) { ++ u_int32_t pll; ++ ++ WRITE_REG_0(sc, HIFN_0_PUCNFG, HIFN_PUCNFG_COMPSING | ++ HIFN_PUCNFG_TCALLPHASES | ++ HIFN_PUCNFG_TCDRVTOTEM | HIFN_PUCNFG_BUS32); ++ ++ /* turn off the clocks and insure bypass is set */ ++ pll = READ_REG_1(sc, HIFN_1_PLL); ++ pll = (pll &~ (HIFN_PLL_PK_CLK_SEL | HIFN_PLL_PE_CLK_SEL)) ++ | HIFN_PLL_BP | HIFN_PLL_MBSET; ++ WRITE_REG_1(sc, HIFN_1_PLL, pll); ++ DELAY(10*1000); /* 10ms */ ++ ++ /* change configuration */ ++ pll = (pll &~ HIFN_PLL_CONFIG) | sc->sc_pllconfig; ++ WRITE_REG_1(sc, HIFN_1_PLL, pll); ++ DELAY(10*1000); /* 10ms */ ++ ++ /* disable bypass */ ++ pll &= ~HIFN_PLL_BP; ++ WRITE_REG_1(sc, HIFN_1_PLL, pll); ++ /* enable clocks with new configuration */ ++ pll |= HIFN_PLL_PK_CLK_SEL | HIFN_PLL_PE_CLK_SEL; ++ WRITE_REG_1(sc, HIFN_1_PLL, pll); ++ } else { ++ WRITE_REG_0(sc, HIFN_0_PUCNFG, HIFN_PUCNFG_COMPSING | ++ HIFN_PUCNFG_DRFR_128 | HIFN_PUCNFG_TCALLPHASES | ++ HIFN_PUCNFG_TCDRVTOTEM | HIFN_PUCNFG_BUS32 | ++ (sc->sc_drammodel ? HIFN_PUCNFG_DRAM : HIFN_PUCNFG_SRAM)); ++ } ++ ++ WRITE_REG_0(sc, HIFN_0_PUISR, HIFN_PUISR_DSTOVER); ++ WRITE_REG_1(sc, HIFN_1_DMA_CNFG, HIFN_DMACNFG_MSTRESET | ++ HIFN_DMACNFG_DMARESET | HIFN_DMACNFG_MODE | HIFN_DMACNFG_LAST | ++ ((HIFN_POLL_FREQUENCY << 16 ) & HIFN_DMACNFG_POLLFREQ) | ++ ((HIFN_POLL_SCALAR << 8) & HIFN_DMACNFG_POLLINVAL)); ++} ++ ++/* ++ * The maximum number of sessions supported by the card ++ * is dependent on the amount of context ram, which ++ * encryption algorithms are enabled, and how compression ++ * is configured. This should be configured before this ++ * routine is called. ++ */ ++static void ++hifn_sessions(struct hifn_softc *sc) ++{ ++ u_int32_t pucnfg; ++ int ctxsize; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ pucnfg = READ_REG_0(sc, HIFN_0_PUCNFG); ++ ++ if (pucnfg & HIFN_PUCNFG_COMPSING) { ++ if (pucnfg & HIFN_PUCNFG_ENCCNFG) ++ ctxsize = 128; ++ else ++ ctxsize = 512; ++ /* ++ * 7955/7956 has internal context memory of 32K ++ */ ++ if (sc->sc_flags & HIFN_IS_7956) ++ sc->sc_maxses = 32768 / ctxsize; ++ else ++ sc->sc_maxses = 1 + ++ ((sc->sc_ramsize - 32768) / ctxsize); ++ } else ++ sc->sc_maxses = sc->sc_ramsize / 16384; ++ ++ if (sc->sc_maxses > 2048) ++ sc->sc_maxses = 2048; ++} ++ ++/* ++ * Determine ram type (sram or dram). Board should be just out of a reset ++ * state when this is called. ++ */ ++static int ++hifn_ramtype(struct hifn_softc *sc) ++{ ++ u_int8_t data[8], dataexpect[8]; ++ int i; ++ ++ for (i = 0; i < sizeof(data); i++) ++ data[i] = dataexpect[i] = 0x55; ++ if (hifn_writeramaddr(sc, 0, data)) ++ return (-1); ++ if (hifn_readramaddr(sc, 0, data)) ++ return (-1); ++ if (bcmp(data, dataexpect, sizeof(data)) != 0) { ++ sc->sc_drammodel = 1; ++ return (0); ++ } ++ ++ for (i = 0; i < sizeof(data); i++) ++ data[i] = dataexpect[i] = 0xaa; ++ if (hifn_writeramaddr(sc, 0, data)) ++ return (-1); ++ if (hifn_readramaddr(sc, 0, data)) ++ return (-1); ++ if (bcmp(data, dataexpect, sizeof(data)) != 0) { ++ sc->sc_drammodel = 1; ++ return (0); ++ } ++ ++ return (0); ++} ++ ++#define HIFN_SRAM_MAX (32 << 20) ++#define HIFN_SRAM_STEP_SIZE 16384 ++#define HIFN_SRAM_GRANULARITY (HIFN_SRAM_MAX / HIFN_SRAM_STEP_SIZE) ++ ++static int ++hifn_sramsize(struct hifn_softc *sc) ++{ ++ u_int32_t a; ++ u_int8_t data[8]; ++ u_int8_t dataexpect[sizeof(data)]; ++ int32_t i; ++ ++ for (i = 0; i < sizeof(data); i++) ++ data[i] = dataexpect[i] = i ^ 0x5a; ++ ++ for (i = HIFN_SRAM_GRANULARITY - 1; i >= 0; i--) { ++ a = i * HIFN_SRAM_STEP_SIZE; ++ bcopy(&i, data, sizeof(i)); ++ hifn_writeramaddr(sc, a, data); ++ } ++ ++ for (i = 0; i < HIFN_SRAM_GRANULARITY; i++) { ++ a = i * HIFN_SRAM_STEP_SIZE; ++ bcopy(&i, dataexpect, sizeof(i)); ++ if (hifn_readramaddr(sc, a, data) < 0) ++ return (0); ++ if (bcmp(data, dataexpect, sizeof(data)) != 0) ++ return (0); ++ sc->sc_ramsize = a + HIFN_SRAM_STEP_SIZE; ++ } ++ ++ return (0); ++} ++ ++/* ++ * XXX For dram boards, one should really try all of the ++ * HIFN_PUCNFG_DSZ_*'s. This just assumes that PUCNFG ++ * is already set up correctly. ++ */ ++static int ++hifn_dramsize(struct hifn_softc *sc) ++{ ++ u_int32_t cnfg; ++ ++ if (sc->sc_flags & HIFN_IS_7956) { ++ /* ++ * 7955/7956 have a fixed internal ram of only 32K. ++ */ ++ sc->sc_ramsize = 32768; ++ } else { ++ cnfg = READ_REG_0(sc, HIFN_0_PUCNFG) & ++ HIFN_PUCNFG_DRAMMASK; ++ sc->sc_ramsize = 1 << ((cnfg >> 13) + 18); ++ } ++ return (0); ++} ++ ++static void ++hifn_alloc_slot(struct hifn_softc *sc, int *cmdp, int *srcp, int *dstp, int *resp) ++{ ++ struct hifn_dma *dma = sc->sc_dma; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ if (dma->cmdi == HIFN_D_CMD_RSIZE) { ++ dma->cmdi = 0; ++ dma->cmdr[HIFN_D_CMD_RSIZE].l = htole32(HIFN_D_JUMP|HIFN_D_MASKDONEIRQ); ++ wmb(); ++ dma->cmdr[HIFN_D_CMD_RSIZE].l |= htole32(HIFN_D_VALID); ++ HIFN_CMDR_SYNC(sc, HIFN_D_CMD_RSIZE, ++ BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); ++ } ++ *cmdp = dma->cmdi++; ++ dma->cmdk = dma->cmdi; ++ ++ if (dma->srci == HIFN_D_SRC_RSIZE) { ++ dma->srci = 0; ++ dma->srcr[HIFN_D_SRC_RSIZE].l = htole32(HIFN_D_JUMP|HIFN_D_MASKDONEIRQ); ++ wmb(); ++ dma->srcr[HIFN_D_SRC_RSIZE].l |= htole32(HIFN_D_VALID); ++ HIFN_SRCR_SYNC(sc, HIFN_D_SRC_RSIZE, ++ BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); ++ } ++ *srcp = dma->srci++; ++ dma->srck = dma->srci; ++ ++ if (dma->dsti == HIFN_D_DST_RSIZE) { ++ dma->dsti = 0; ++ dma->dstr[HIFN_D_DST_RSIZE].l = htole32(HIFN_D_JUMP|HIFN_D_MASKDONEIRQ); ++ wmb(); ++ dma->dstr[HIFN_D_DST_RSIZE].l |= htole32(HIFN_D_VALID); ++ HIFN_DSTR_SYNC(sc, HIFN_D_DST_RSIZE, ++ BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); ++ } ++ *dstp = dma->dsti++; ++ dma->dstk = dma->dsti; ++ ++ if (dma->resi == HIFN_D_RES_RSIZE) { ++ dma->resi = 0; ++ dma->resr[HIFN_D_RES_RSIZE].l = htole32(HIFN_D_JUMP|HIFN_D_MASKDONEIRQ); ++ wmb(); ++ dma->resr[HIFN_D_RES_RSIZE].l |= htole32(HIFN_D_VALID); ++ HIFN_RESR_SYNC(sc, HIFN_D_RES_RSIZE, ++ BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); ++ } ++ *resp = dma->resi++; ++ dma->resk = dma->resi; ++} ++ ++static int ++hifn_writeramaddr(struct hifn_softc *sc, int addr, u_int8_t *data) ++{ ++ struct hifn_dma *dma = sc->sc_dma; ++ hifn_base_command_t wc; ++ const u_int32_t masks = HIFN_D_VALID | HIFN_D_LAST | HIFN_D_MASKDONEIRQ; ++ int r, cmdi, resi, srci, dsti; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ wc.masks = htole16(3 << 13); ++ wc.session_num = htole16(addr >> 14); ++ wc.total_source_count = htole16(8); ++ wc.total_dest_count = htole16(addr & 0x3fff); ++ ++ hifn_alloc_slot(sc, &cmdi, &srci, &dsti, &resi); ++ ++ WRITE_REG_1(sc, HIFN_1_DMA_CSR, ++ HIFN_DMACSR_C_CTRL_ENA | HIFN_DMACSR_S_CTRL_ENA | ++ HIFN_DMACSR_D_CTRL_ENA | HIFN_DMACSR_R_CTRL_ENA); ++ ++ /* build write command */ ++ bzero(dma->command_bufs[cmdi], HIFN_MAX_COMMAND); ++ *(hifn_base_command_t *)dma->command_bufs[cmdi] = wc; ++ bcopy(data, &dma->test_src, sizeof(dma->test_src)); ++ ++ dma->srcr[srci].p = htole32(sc->sc_dma_physaddr ++ + offsetof(struct hifn_dma, test_src)); ++ dma->dstr[dsti].p = htole32(sc->sc_dma_physaddr ++ + offsetof(struct hifn_dma, test_dst)); ++ ++ dma->cmdr[cmdi].l = htole32(16 | masks); ++ dma->srcr[srci].l = htole32(8 | masks); ++ dma->dstr[dsti].l = htole32(4 | masks); ++ dma->resr[resi].l = htole32(4 | masks); ++ ++ for (r = 10000; r >= 0; r--) { ++ DELAY(10); ++ if ((dma->resr[resi].l & htole32(HIFN_D_VALID)) == 0) ++ break; ++ } ++ if (r == 0) { ++ device_printf(sc->sc_dev, "writeramaddr -- " ++ "result[%d](addr %d) still valid\n", resi, addr); ++ r = -1; ++ return (-1); ++ } else ++ r = 0; ++ ++ WRITE_REG_1(sc, HIFN_1_DMA_CSR, ++ HIFN_DMACSR_C_CTRL_DIS | HIFN_DMACSR_S_CTRL_DIS | ++ HIFN_DMACSR_D_CTRL_DIS | HIFN_DMACSR_R_CTRL_DIS); ++ ++ return (r); ++} ++ ++static int ++hifn_readramaddr(struct hifn_softc *sc, int addr, u_int8_t *data) ++{ ++ struct hifn_dma *dma = sc->sc_dma; ++ hifn_base_command_t rc; ++ const u_int32_t masks = HIFN_D_VALID | HIFN_D_LAST | HIFN_D_MASKDONEIRQ; ++ int r, cmdi, srci, dsti, resi; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ rc.masks = htole16(2 << 13); ++ rc.session_num = htole16(addr >> 14); ++ rc.total_source_count = htole16(addr & 0x3fff); ++ rc.total_dest_count = htole16(8); ++ ++ hifn_alloc_slot(sc, &cmdi, &srci, &dsti, &resi); ++ ++ WRITE_REG_1(sc, HIFN_1_DMA_CSR, ++ HIFN_DMACSR_C_CTRL_ENA | HIFN_DMACSR_S_CTRL_ENA | ++ HIFN_DMACSR_D_CTRL_ENA | HIFN_DMACSR_R_CTRL_ENA); ++ ++ bzero(dma->command_bufs[cmdi], HIFN_MAX_COMMAND); ++ *(hifn_base_command_t *)dma->command_bufs[cmdi] = rc; ++ ++ dma->srcr[srci].p = htole32(sc->sc_dma_physaddr + ++ offsetof(struct hifn_dma, test_src)); ++ dma->test_src = 0; ++ dma->dstr[dsti].p = htole32(sc->sc_dma_physaddr + ++ offsetof(struct hifn_dma, test_dst)); ++ dma->test_dst = 0; ++ dma->cmdr[cmdi].l = htole32(8 | masks); ++ dma->srcr[srci].l = htole32(8 | masks); ++ dma->dstr[dsti].l = htole32(8 | masks); ++ dma->resr[resi].l = htole32(HIFN_MAX_RESULT | masks); ++ ++ for (r = 10000; r >= 0; r--) { ++ DELAY(10); ++ if ((dma->resr[resi].l & htole32(HIFN_D_VALID)) == 0) ++ break; ++ } ++ if (r == 0) { ++ device_printf(sc->sc_dev, "readramaddr -- " ++ "result[%d](addr %d) still valid\n", resi, addr); ++ r = -1; ++ } else { ++ r = 0; ++ bcopy(&dma->test_dst, data, sizeof(dma->test_dst)); ++ } ++ ++ WRITE_REG_1(sc, HIFN_1_DMA_CSR, ++ HIFN_DMACSR_C_CTRL_DIS | HIFN_DMACSR_S_CTRL_DIS | ++ HIFN_DMACSR_D_CTRL_DIS | HIFN_DMACSR_R_CTRL_DIS); ++ ++ return (r); ++} ++ ++/* ++ * Initialize the descriptor rings. ++ */ ++static void ++hifn_init_dma(struct hifn_softc *sc) ++{ ++ struct hifn_dma *dma = sc->sc_dma; ++ int i; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ hifn_set_retry(sc); ++ ++ /* initialize static pointer values */ ++ for (i = 0; i < HIFN_D_CMD_RSIZE; i++) ++ dma->cmdr[i].p = htole32(sc->sc_dma_physaddr + ++ offsetof(struct hifn_dma, command_bufs[i][0])); ++ for (i = 0; i < HIFN_D_RES_RSIZE; i++) ++ dma->resr[i].p = htole32(sc->sc_dma_physaddr + ++ offsetof(struct hifn_dma, result_bufs[i][0])); ++ ++ dma->cmdr[HIFN_D_CMD_RSIZE].p = ++ htole32(sc->sc_dma_physaddr + offsetof(struct hifn_dma, cmdr[0])); ++ dma->srcr[HIFN_D_SRC_RSIZE].p = ++ htole32(sc->sc_dma_physaddr + offsetof(struct hifn_dma, srcr[0])); ++ dma->dstr[HIFN_D_DST_RSIZE].p = ++ htole32(sc->sc_dma_physaddr + offsetof(struct hifn_dma, dstr[0])); ++ dma->resr[HIFN_D_RES_RSIZE].p = ++ htole32(sc->sc_dma_physaddr + offsetof(struct hifn_dma, resr[0])); ++ ++ dma->cmdu = dma->srcu = dma->dstu = dma->resu = 0; ++ dma->cmdi = dma->srci = dma->dsti = dma->resi = 0; ++ dma->cmdk = dma->srck = dma->dstk = dma->resk = 0; ++} ++ ++/* ++ * Writes out the raw command buffer space. Returns the ++ * command buffer size. ++ */ ++static u_int ++hifn_write_command(struct hifn_command *cmd, u_int8_t *buf) ++{ ++ struct hifn_softc *sc = NULL; ++ u_int8_t *buf_pos; ++ hifn_base_command_t *base_cmd; ++ hifn_mac_command_t *mac_cmd; ++ hifn_crypt_command_t *cry_cmd; ++ int using_mac, using_crypt, len, ivlen; ++ u_int32_t dlen, slen; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ buf_pos = buf; ++ using_mac = cmd->base_masks & HIFN_BASE_CMD_MAC; ++ using_crypt = cmd->base_masks & HIFN_BASE_CMD_CRYPT; ++ ++ base_cmd = (hifn_base_command_t *)buf_pos; ++ base_cmd->masks = htole16(cmd->base_masks); ++ slen = cmd->src_mapsize; ++ if (cmd->sloplen) ++ dlen = cmd->dst_mapsize - cmd->sloplen + sizeof(u_int32_t); ++ else ++ dlen = cmd->dst_mapsize; ++ base_cmd->total_source_count = htole16(slen & HIFN_BASE_CMD_LENMASK_LO); ++ base_cmd->total_dest_count = htole16(dlen & HIFN_BASE_CMD_LENMASK_LO); ++ dlen >>= 16; ++ slen >>= 16; ++ base_cmd->session_num = htole16( ++ ((slen << HIFN_BASE_CMD_SRCLEN_S) & HIFN_BASE_CMD_SRCLEN_M) | ++ ((dlen << HIFN_BASE_CMD_DSTLEN_S) & HIFN_BASE_CMD_DSTLEN_M)); ++ buf_pos += sizeof(hifn_base_command_t); ++ ++ if (using_mac) { ++ mac_cmd = (hifn_mac_command_t *)buf_pos; ++ dlen = cmd->maccrd->crd_len; ++ mac_cmd->source_count = htole16(dlen & 0xffff); ++ dlen >>= 16; ++ mac_cmd->masks = htole16(cmd->mac_masks | ++ ((dlen << HIFN_MAC_CMD_SRCLEN_S) & HIFN_MAC_CMD_SRCLEN_M)); ++ mac_cmd->header_skip = htole16(cmd->maccrd->crd_skip); ++ mac_cmd->reserved = 0; ++ buf_pos += sizeof(hifn_mac_command_t); ++ } ++ ++ if (using_crypt) { ++ cry_cmd = (hifn_crypt_command_t *)buf_pos; ++ dlen = cmd->enccrd->crd_len; ++ cry_cmd->source_count = htole16(dlen & 0xffff); ++ dlen >>= 16; ++ cry_cmd->masks = htole16(cmd->cry_masks | ++ ((dlen << HIFN_CRYPT_CMD_SRCLEN_S) & HIFN_CRYPT_CMD_SRCLEN_M)); ++ cry_cmd->header_skip = htole16(cmd->enccrd->crd_skip); ++ cry_cmd->reserved = 0; ++ buf_pos += sizeof(hifn_crypt_command_t); ++ } ++ ++ if (using_mac && cmd->mac_masks & HIFN_MAC_CMD_NEW_KEY) { ++ bcopy(cmd->mac, buf_pos, HIFN_MAC_KEY_LENGTH); ++ buf_pos += HIFN_MAC_KEY_LENGTH; ++ } ++ ++ if (using_crypt && cmd->cry_masks & HIFN_CRYPT_CMD_NEW_KEY) { ++ switch (cmd->cry_masks & HIFN_CRYPT_CMD_ALG_MASK) { ++ case HIFN_CRYPT_CMD_ALG_3DES: ++ bcopy(cmd->ck, buf_pos, HIFN_3DES_KEY_LENGTH); ++ buf_pos += HIFN_3DES_KEY_LENGTH; ++ break; ++ case HIFN_CRYPT_CMD_ALG_DES: ++ bcopy(cmd->ck, buf_pos, HIFN_DES_KEY_LENGTH); ++ buf_pos += HIFN_DES_KEY_LENGTH; ++ break; ++ case HIFN_CRYPT_CMD_ALG_RC4: ++ len = 256; ++ do { ++ int clen; ++ ++ clen = MIN(cmd->cklen, len); ++ bcopy(cmd->ck, buf_pos, clen); ++ len -= clen; ++ buf_pos += clen; ++ } while (len > 0); ++ bzero(buf_pos, 4); ++ buf_pos += 4; ++ break; ++ case HIFN_CRYPT_CMD_ALG_AES: ++ /* ++ * AES keys are variable 128, 192 and ++ * 256 bits (16, 24 and 32 bytes). ++ */ ++ bcopy(cmd->ck, buf_pos, cmd->cklen); ++ buf_pos += cmd->cklen; ++ break; ++ } ++ } ++ ++ if (using_crypt && cmd->cry_masks & HIFN_CRYPT_CMD_NEW_IV) { ++ switch (cmd->cry_masks & HIFN_CRYPT_CMD_ALG_MASK) { ++ case HIFN_CRYPT_CMD_ALG_AES: ++ ivlen = HIFN_AES_IV_LENGTH; ++ break; ++ default: ++ ivlen = HIFN_IV_LENGTH; ++ break; ++ } ++ bcopy(cmd->iv, buf_pos, ivlen); ++ buf_pos += ivlen; ++ } ++ ++ if ((cmd->base_masks & (HIFN_BASE_CMD_MAC|HIFN_BASE_CMD_CRYPT)) == 0) { ++ bzero(buf_pos, 8); ++ buf_pos += 8; ++ } ++ ++ return (buf_pos - buf); ++} ++ ++static int ++hifn_dmamap_aligned(struct hifn_operand *op) ++{ ++ struct hifn_softc *sc = NULL; ++ int i; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ for (i = 0; i < op->nsegs; i++) { ++ if (op->segs[i].ds_addr & 3) ++ return (0); ++ if ((i != (op->nsegs - 1)) && (op->segs[i].ds_len & 3)) ++ return (0); ++ } ++ return (1); ++} ++ ++static __inline int ++hifn_dmamap_dstwrap(struct hifn_softc *sc, int idx) ++{ ++ struct hifn_dma *dma = sc->sc_dma; ++ ++ if (++idx == HIFN_D_DST_RSIZE) { ++ dma->dstr[idx].l = htole32(HIFN_D_VALID | HIFN_D_JUMP | ++ HIFN_D_MASKDONEIRQ); ++ HIFN_DSTR_SYNC(sc, idx, ++ BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); ++ idx = 0; ++ } ++ return (idx); ++} ++ ++static int ++hifn_dmamap_load_dst(struct hifn_softc *sc, struct hifn_command *cmd) ++{ ++ struct hifn_dma *dma = sc->sc_dma; ++ struct hifn_operand *dst = &cmd->dst; ++ u_int32_t p, l; ++ int idx, used = 0, i; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ idx = dma->dsti; ++ for (i = 0; i < dst->nsegs - 1; i++) { ++ dma->dstr[idx].p = htole32(dst->segs[i].ds_addr); ++ dma->dstr[idx].l = htole32(HIFN_D_MASKDONEIRQ | dst->segs[i].ds_len); ++ wmb(); ++ dma->dstr[idx].l |= htole32(HIFN_D_VALID); ++ HIFN_DSTR_SYNC(sc, idx, ++ BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); ++ used++; ++ ++ idx = hifn_dmamap_dstwrap(sc, idx); ++ } ++ ++ if (cmd->sloplen == 0) { ++ p = dst->segs[i].ds_addr; ++ l = HIFN_D_MASKDONEIRQ | HIFN_D_LAST | ++ dst->segs[i].ds_len; ++ } else { ++ p = sc->sc_dma_physaddr + ++ offsetof(struct hifn_dma, slop[cmd->slopidx]); ++ l = HIFN_D_MASKDONEIRQ | HIFN_D_LAST | ++ sizeof(u_int32_t); ++ ++ if ((dst->segs[i].ds_len - cmd->sloplen) != 0) { ++ dma->dstr[idx].p = htole32(dst->segs[i].ds_addr); ++ dma->dstr[idx].l = htole32(HIFN_D_MASKDONEIRQ | ++ (dst->segs[i].ds_len - cmd->sloplen)); ++ wmb(); ++ dma->dstr[idx].l |= htole32(HIFN_D_VALID); ++ HIFN_DSTR_SYNC(sc, idx, ++ BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); ++ used++; ++ ++ idx = hifn_dmamap_dstwrap(sc, idx); ++ } ++ } ++ dma->dstr[idx].p = htole32(p); ++ dma->dstr[idx].l = htole32(l); ++ wmb(); ++ dma->dstr[idx].l |= htole32(HIFN_D_VALID); ++ HIFN_DSTR_SYNC(sc, idx, BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); ++ used++; ++ ++ idx = hifn_dmamap_dstwrap(sc, idx); ++ ++ dma->dsti = idx; ++ dma->dstu += used; ++ return (idx); ++} ++ ++static __inline int ++hifn_dmamap_srcwrap(struct hifn_softc *sc, int idx) ++{ ++ struct hifn_dma *dma = sc->sc_dma; ++ ++ if (++idx == HIFN_D_SRC_RSIZE) { ++ dma->srcr[idx].l = htole32(HIFN_D_VALID | ++ HIFN_D_JUMP | HIFN_D_MASKDONEIRQ); ++ HIFN_SRCR_SYNC(sc, HIFN_D_SRC_RSIZE, ++ BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); ++ idx = 0; ++ } ++ return (idx); ++} ++ ++static int ++hifn_dmamap_load_src(struct hifn_softc *sc, struct hifn_command *cmd) ++{ ++ struct hifn_dma *dma = sc->sc_dma; ++ struct hifn_operand *src = &cmd->src; ++ int idx, i; ++ u_int32_t last = 0; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ idx = dma->srci; ++ for (i = 0; i < src->nsegs; i++) { ++ if (i == src->nsegs - 1) ++ last = HIFN_D_LAST; ++ ++ dma->srcr[idx].p = htole32(src->segs[i].ds_addr); ++ dma->srcr[idx].l = htole32(src->segs[i].ds_len | ++ HIFN_D_MASKDONEIRQ | last); ++ wmb(); ++ dma->srcr[idx].l |= htole32(HIFN_D_VALID); ++ HIFN_SRCR_SYNC(sc, idx, ++ BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); ++ ++ idx = hifn_dmamap_srcwrap(sc, idx); ++ } ++ dma->srci = idx; ++ dma->srcu += src->nsegs; ++ return (idx); ++} ++ ++ ++static int ++hifn_crypto( ++ struct hifn_softc *sc, ++ struct hifn_command *cmd, ++ struct cryptop *crp, ++ int hint) ++{ ++ struct hifn_dma *dma = sc->sc_dma; ++ u_int32_t cmdlen, csr; ++ int cmdi, resi, err = 0; ++ unsigned long l_flags; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ /* ++ * need 1 cmd, and 1 res ++ * ++ * NB: check this first since it's easy. ++ */ ++ HIFN_LOCK(sc); ++ if ((dma->cmdu + 1) > HIFN_D_CMD_RSIZE || ++ (dma->resu + 1) > HIFN_D_RES_RSIZE) { ++#ifdef HIFN_DEBUG ++ if (hifn_debug) { ++ device_printf(sc->sc_dev, ++ "cmd/result exhaustion, cmdu %u resu %u\n", ++ dma->cmdu, dma->resu); ++ } ++#endif ++ hifnstats.hst_nomem_cr++; ++ sc->sc_needwakeup |= CRYPTO_SYMQ; ++ HIFN_UNLOCK(sc); ++ return (ERESTART); ++ } ++ ++ if (crp->crp_flags & CRYPTO_F_SKBUF) { ++ if (pci_map_skb(sc, &cmd->src, cmd->src_skb)) { ++ hifnstats.hst_nomem_load++; ++ err = ENOMEM; ++ goto err_srcmap1; ++ } ++ } else if (crp->crp_flags & CRYPTO_F_IOV) { ++ if (pci_map_uio(sc, &cmd->src, cmd->src_io)) { ++ hifnstats.hst_nomem_load++; ++ err = ENOMEM; ++ goto err_srcmap1; ++ } ++ } else { ++ if (pci_map_buf(sc, &cmd->src, cmd->src_buf, crp->crp_ilen)) { ++ hifnstats.hst_nomem_load++; ++ err = ENOMEM; ++ goto err_srcmap1; ++ } ++ } ++ ++ if (hifn_dmamap_aligned(&cmd->src)) { ++ cmd->sloplen = cmd->src_mapsize & 3; ++ cmd->dst = cmd->src; ++ } else { ++ if (crp->crp_flags & CRYPTO_F_IOV) { ++ DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); ++ err = EINVAL; ++ goto err_srcmap; ++ } else if (crp->crp_flags & CRYPTO_F_SKBUF) { ++#ifdef NOTYET ++ int totlen, len; ++ struct mbuf *m, *m0, *mlast; ++ ++ KASSERT(cmd->dst_m == cmd->src_m, ++ ("hifn_crypto: dst_m initialized improperly")); ++ hifnstats.hst_unaligned++; ++ /* ++ * Source is not aligned on a longword boundary. ++ * Copy the data to insure alignment. If we fail ++ * to allocate mbufs or clusters while doing this ++ * we return ERESTART so the operation is requeued ++ * at the crypto later, but only if there are ++ * ops already posted to the hardware; otherwise we ++ * have no guarantee that we'll be re-entered. ++ */ ++ totlen = cmd->src_mapsize; ++ if (cmd->src_m->m_flags & M_PKTHDR) { ++ len = MHLEN; ++ MGETHDR(m0, M_DONTWAIT, MT_DATA); ++ if (m0 && !m_dup_pkthdr(m0, cmd->src_m, M_DONTWAIT)) { ++ m_free(m0); ++ m0 = NULL; ++ } ++ } else { ++ len = MLEN; ++ MGET(m0, M_DONTWAIT, MT_DATA); ++ } ++ if (m0 == NULL) { ++ hifnstats.hst_nomem_mbuf++; ++ err = dma->cmdu ? ERESTART : ENOMEM; ++ goto err_srcmap; ++ } ++ if (totlen >= MINCLSIZE) { ++ MCLGET(m0, M_DONTWAIT); ++ if ((m0->m_flags & M_EXT) == 0) { ++ hifnstats.hst_nomem_mcl++; ++ err = dma->cmdu ? ERESTART : ENOMEM; ++ m_freem(m0); ++ goto err_srcmap; ++ } ++ len = MCLBYTES; ++ } ++ totlen -= len; ++ m0->m_pkthdr.len = m0->m_len = len; ++ mlast = m0; ++ ++ while (totlen > 0) { ++ MGET(m, M_DONTWAIT, MT_DATA); ++ if (m == NULL) { ++ hifnstats.hst_nomem_mbuf++; ++ err = dma->cmdu ? ERESTART : ENOMEM; ++ m_freem(m0); ++ goto err_srcmap; ++ } ++ len = MLEN; ++ if (totlen >= MINCLSIZE) { ++ MCLGET(m, M_DONTWAIT); ++ if ((m->m_flags & M_EXT) == 0) { ++ hifnstats.hst_nomem_mcl++; ++ err = dma->cmdu ? ERESTART : ENOMEM; ++ mlast->m_next = m; ++ m_freem(m0); ++ goto err_srcmap; ++ } ++ len = MCLBYTES; ++ } ++ ++ m->m_len = len; ++ m0->m_pkthdr.len += len; ++ totlen -= len; ++ ++ mlast->m_next = m; ++ mlast = m; ++ } ++ cmd->dst_m = m0; ++#else ++ device_printf(sc->sc_dev, ++ "%s,%d: CRYPTO_F_SKBUF unaligned not implemented\n", ++ __FILE__, __LINE__); ++ err = EINVAL; ++ goto err_srcmap; ++#endif ++ } else { ++ device_printf(sc->sc_dev, ++ "%s,%d: unaligned contig buffers not implemented\n", ++ __FILE__, __LINE__); ++ err = EINVAL; ++ goto err_srcmap; ++ } ++ } ++ ++ if (cmd->dst_map == NULL) { ++ if (crp->crp_flags & CRYPTO_F_SKBUF) { ++ if (pci_map_skb(sc, &cmd->dst, cmd->dst_skb)) { ++ hifnstats.hst_nomem_map++; ++ err = ENOMEM; ++ goto err_dstmap1; ++ } ++ } else if (crp->crp_flags & CRYPTO_F_IOV) { ++ if (pci_map_uio(sc, &cmd->dst, cmd->dst_io)) { ++ hifnstats.hst_nomem_load++; ++ err = ENOMEM; ++ goto err_dstmap1; ++ } ++ } else { ++ if (pci_map_buf(sc, &cmd->dst, cmd->dst_buf, crp->crp_ilen)) { ++ hifnstats.hst_nomem_load++; ++ err = ENOMEM; ++ goto err_dstmap1; ++ } ++ } ++ } ++ ++#ifdef HIFN_DEBUG ++ if (hifn_debug) { ++ device_printf(sc->sc_dev, ++ "Entering cmd: stat %8x ien %8x u %d/%d/%d/%d n %d/%d\n", ++ READ_REG_1(sc, HIFN_1_DMA_CSR), ++ READ_REG_1(sc, HIFN_1_DMA_IER), ++ dma->cmdu, dma->srcu, dma->dstu, dma->resu, ++ cmd->src_nsegs, cmd->dst_nsegs); ++ } ++#endif ++ ++#if 0 ++ if (cmd->src_map == cmd->dst_map) { ++ bus_dmamap_sync(sc->sc_dmat, cmd->src_map, ++ BUS_DMASYNC_PREWRITE|BUS_DMASYNC_PREREAD); ++ } else { ++ bus_dmamap_sync(sc->sc_dmat, cmd->src_map, ++ BUS_DMASYNC_PREWRITE); ++ bus_dmamap_sync(sc->sc_dmat, cmd->dst_map, ++ BUS_DMASYNC_PREREAD); ++ } ++#endif ++ ++ /* ++ * need N src, and N dst ++ */ ++ if ((dma->srcu + cmd->src_nsegs) > HIFN_D_SRC_RSIZE || ++ (dma->dstu + cmd->dst_nsegs + 1) > HIFN_D_DST_RSIZE) { ++#ifdef HIFN_DEBUG ++ if (hifn_debug) { ++ device_printf(sc->sc_dev, ++ "src/dst exhaustion, srcu %u+%u dstu %u+%u\n", ++ dma->srcu, cmd->src_nsegs, ++ dma->dstu, cmd->dst_nsegs); ++ } ++#endif ++ hifnstats.hst_nomem_sd++; ++ err = ERESTART; ++ goto err_dstmap; ++ } ++ ++ if (dma->cmdi == HIFN_D_CMD_RSIZE) { ++ dma->cmdi = 0; ++ dma->cmdr[HIFN_D_CMD_RSIZE].l = htole32(HIFN_D_JUMP|HIFN_D_MASKDONEIRQ); ++ wmb(); ++ dma->cmdr[HIFN_D_CMD_RSIZE].l |= htole32(HIFN_D_VALID); ++ HIFN_CMDR_SYNC(sc, HIFN_D_CMD_RSIZE, ++ BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); ++ } ++ cmdi = dma->cmdi++; ++ cmdlen = hifn_write_command(cmd, dma->command_bufs[cmdi]); ++ HIFN_CMD_SYNC(sc, cmdi, BUS_DMASYNC_PREWRITE); ++ ++ /* .p for command/result already set */ ++ dma->cmdr[cmdi].l = htole32(cmdlen | HIFN_D_LAST | ++ HIFN_D_MASKDONEIRQ); ++ wmb(); ++ dma->cmdr[cmdi].l |= htole32(HIFN_D_VALID); ++ HIFN_CMDR_SYNC(sc, cmdi, ++ BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD); ++ dma->cmdu++; ++ ++ /* ++ * We don't worry about missing an interrupt (which a "command wait" ++ * interrupt salvages us from), unless there is more than one command ++ * in the queue. ++ */ ++ if (dma->cmdu > 1) { ++ sc->sc_dmaier |= HIFN_DMAIER_C_WAIT; ++ WRITE_REG_1(sc, HIFN_1_DMA_IER, sc->sc_dmaier); ++ } ++ ++ hifnstats.hst_ipackets++; ++ hifnstats.hst_ibytes += cmd->src_mapsize; ++ ++ hifn_dmamap_load_src(sc, cmd); ++ ++ /* ++ * Unlike other descriptors, we don't mask done interrupt from ++ * result descriptor. ++ */ ++#ifdef HIFN_DEBUG ++ if (hifn_debug) ++ device_printf(sc->sc_dev, "load res\n"); ++#endif ++ if (dma->resi == HIFN_D_RES_RSIZE) { ++ dma->resi = 0; ++ dma->resr[HIFN_D_RES_RSIZE].l = htole32(HIFN_D_JUMP|HIFN_D_MASKDONEIRQ); ++ wmb(); ++ dma->resr[HIFN_D_RES_RSIZE].l |= htole32(HIFN_D_VALID); ++ HIFN_RESR_SYNC(sc, HIFN_D_RES_RSIZE, ++ BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); ++ } ++ resi = dma->resi++; ++ KASSERT(dma->hifn_commands[resi] == NULL, ++ ("hifn_crypto: command slot %u busy", resi)); ++ dma->hifn_commands[resi] = cmd; ++ HIFN_RES_SYNC(sc, resi, BUS_DMASYNC_PREREAD); ++ if ((hint & CRYPTO_HINT_MORE) && sc->sc_curbatch < hifn_maxbatch) { ++ dma->resr[resi].l = htole32(HIFN_MAX_RESULT | ++ HIFN_D_LAST | HIFN_D_MASKDONEIRQ); ++ wmb(); ++ dma->resr[resi].l |= htole32(HIFN_D_VALID); ++ sc->sc_curbatch++; ++ if (sc->sc_curbatch > hifnstats.hst_maxbatch) ++ hifnstats.hst_maxbatch = sc->sc_curbatch; ++ hifnstats.hst_totbatch++; ++ } else { ++ dma->resr[resi].l = htole32(HIFN_MAX_RESULT | HIFN_D_LAST); ++ wmb(); ++ dma->resr[resi].l |= htole32(HIFN_D_VALID); ++ sc->sc_curbatch = 0; ++ } ++ HIFN_RESR_SYNC(sc, resi, ++ BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); ++ dma->resu++; ++ ++ if (cmd->sloplen) ++ cmd->slopidx = resi; ++ ++ hifn_dmamap_load_dst(sc, cmd); ++ ++ csr = 0; ++ if (sc->sc_c_busy == 0) { ++ csr |= HIFN_DMACSR_C_CTRL_ENA; ++ sc->sc_c_busy = 1; ++ } ++ if (sc->sc_s_busy == 0) { ++ csr |= HIFN_DMACSR_S_CTRL_ENA; ++ sc->sc_s_busy = 1; ++ } ++ if (sc->sc_r_busy == 0) { ++ csr |= HIFN_DMACSR_R_CTRL_ENA; ++ sc->sc_r_busy = 1; ++ } ++ if (sc->sc_d_busy == 0) { ++ csr |= HIFN_DMACSR_D_CTRL_ENA; ++ sc->sc_d_busy = 1; ++ } ++ if (csr) ++ WRITE_REG_1(sc, HIFN_1_DMA_CSR, csr); ++ ++#ifdef HIFN_DEBUG ++ if (hifn_debug) { ++ device_printf(sc->sc_dev, "command: stat %8x ier %8x\n", ++ READ_REG_1(sc, HIFN_1_DMA_CSR), ++ READ_REG_1(sc, HIFN_1_DMA_IER)); ++ } ++#endif ++ ++ sc->sc_active = 5; ++ HIFN_UNLOCK(sc); ++ KASSERT(err == 0, ("hifn_crypto: success with error %u", err)); ++ return (err); /* success */ ++ ++err_dstmap: ++ if (cmd->src_map != cmd->dst_map) ++ pci_unmap_buf(sc, &cmd->dst); ++err_dstmap1: ++err_srcmap: ++ if (crp->crp_flags & CRYPTO_F_SKBUF) { ++ if (cmd->src_skb != cmd->dst_skb) ++#ifdef NOTYET ++ m_freem(cmd->dst_m); ++#else ++ device_printf(sc->sc_dev, ++ "%s,%d: CRYPTO_F_SKBUF src != dst not implemented\n", ++ __FILE__, __LINE__); ++#endif ++ } ++ pci_unmap_buf(sc, &cmd->src); ++err_srcmap1: ++ HIFN_UNLOCK(sc); ++ return (err); ++} ++ ++static void ++hifn_tick(unsigned long arg) ++{ ++ struct hifn_softc *sc; ++ unsigned long l_flags; ++ ++ if (arg >= HIFN_MAX_CHIPS) ++ return; ++ sc = hifn_chip_idx[arg]; ++ if (!sc) ++ return; ++ ++ HIFN_LOCK(sc); ++ if (sc->sc_active == 0) { ++ struct hifn_dma *dma = sc->sc_dma; ++ u_int32_t r = 0; ++ ++ if (dma->cmdu == 0 && sc->sc_c_busy) { ++ sc->sc_c_busy = 0; ++ r |= HIFN_DMACSR_C_CTRL_DIS; ++ } ++ if (dma->srcu == 0 && sc->sc_s_busy) { ++ sc->sc_s_busy = 0; ++ r |= HIFN_DMACSR_S_CTRL_DIS; ++ } ++ if (dma->dstu == 0 && sc->sc_d_busy) { ++ sc->sc_d_busy = 0; ++ r |= HIFN_DMACSR_D_CTRL_DIS; ++ } ++ if (dma->resu == 0 && sc->sc_r_busy) { ++ sc->sc_r_busy = 0; ++ r |= HIFN_DMACSR_R_CTRL_DIS; ++ } ++ if (r) ++ WRITE_REG_1(sc, HIFN_1_DMA_CSR, r); ++ } else ++ sc->sc_active--; ++ HIFN_UNLOCK(sc); ++ mod_timer(&sc->sc_tickto, jiffies + HZ); ++} ++ ++static irqreturn_t ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) ++hifn_intr(int irq, void *arg) ++#else ++hifn_intr(int irq, void *arg, struct pt_regs *regs) ++#endif ++{ ++ struct hifn_softc *sc = arg; ++ struct hifn_dma *dma; ++ u_int32_t dmacsr, restart; ++ int i, u; ++ unsigned long l_flags; ++ ++ dmacsr = READ_REG_1(sc, HIFN_1_DMA_CSR); ++ ++ /* Nothing in the DMA unit interrupted */ ++ if ((dmacsr & sc->sc_dmaier) == 0) ++ return IRQ_NONE; ++ ++ HIFN_LOCK(sc); ++ ++ dma = sc->sc_dma; ++ ++#ifdef HIFN_DEBUG ++ if (hifn_debug) { ++ device_printf(sc->sc_dev, ++ "irq: stat %08x ien %08x damier %08x i %d/%d/%d/%d k %d/%d/%d/%d u %d/%d/%d/%d\n", ++ dmacsr, READ_REG_1(sc, HIFN_1_DMA_IER), sc->sc_dmaier, ++ dma->cmdi, dma->srci, dma->dsti, dma->resi, ++ dma->cmdk, dma->srck, dma->dstk, dma->resk, ++ dma->cmdu, dma->srcu, dma->dstu, dma->resu); ++ } ++#endif ++ ++ WRITE_REG_1(sc, HIFN_1_DMA_CSR, dmacsr & sc->sc_dmaier); ++ ++ if ((sc->sc_flags & HIFN_HAS_PUBLIC) && ++ (dmacsr & HIFN_DMACSR_PUBDONE)) ++ WRITE_REG_1(sc, HIFN_1_PUB_STATUS, ++ READ_REG_1(sc, HIFN_1_PUB_STATUS) | HIFN_PUBSTS_DONE); ++ ++ restart = dmacsr & (HIFN_DMACSR_D_OVER | HIFN_DMACSR_R_OVER); ++ if (restart) ++ device_printf(sc->sc_dev, "overrun %x\n", dmacsr); ++ ++ if (sc->sc_flags & HIFN_IS_7811) { ++ if (dmacsr & HIFN_DMACSR_ILLR) ++ device_printf(sc->sc_dev, "illegal read\n"); ++ if (dmacsr & HIFN_DMACSR_ILLW) ++ device_printf(sc->sc_dev, "illegal write\n"); ++ } ++ ++ restart = dmacsr & (HIFN_DMACSR_C_ABORT | HIFN_DMACSR_S_ABORT | ++ HIFN_DMACSR_D_ABORT | HIFN_DMACSR_R_ABORT); ++ if (restart) { ++ device_printf(sc->sc_dev, "abort, resetting.\n"); ++ hifnstats.hst_abort++; ++ hifn_abort(sc); ++ HIFN_UNLOCK(sc); ++ return IRQ_HANDLED; ++ } ++ ++ if ((dmacsr & HIFN_DMACSR_C_WAIT) && (dma->cmdu == 0)) { ++ /* ++ * If no slots to process and we receive a "waiting on ++ * command" interrupt, we disable the "waiting on command" ++ * (by clearing it). ++ */ ++ sc->sc_dmaier &= ~HIFN_DMAIER_C_WAIT; ++ WRITE_REG_1(sc, HIFN_1_DMA_IER, sc->sc_dmaier); ++ } ++ ++ /* clear the rings */ ++ i = dma->resk; u = dma->resu; ++ while (u != 0) { ++ HIFN_RESR_SYNC(sc, i, ++ BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); ++ if (dma->resr[i].l & htole32(HIFN_D_VALID)) { ++ HIFN_RESR_SYNC(sc, i, ++ BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); ++ break; ++ } ++ ++ if (i != HIFN_D_RES_RSIZE) { ++ struct hifn_command *cmd; ++ u_int8_t *macbuf = NULL; ++ ++ HIFN_RES_SYNC(sc, i, BUS_DMASYNC_POSTREAD); ++ cmd = dma->hifn_commands[i]; ++ KASSERT(cmd != NULL, ++ ("hifn_intr: null command slot %u", i)); ++ dma->hifn_commands[i] = NULL; ++ ++ if (cmd->base_masks & HIFN_BASE_CMD_MAC) { ++ macbuf = dma->result_bufs[i]; ++ macbuf += 12; ++ } ++ ++ hifn_callback(sc, cmd, macbuf); ++ hifnstats.hst_opackets++; ++ u--; ++ } ++ ++ if (++i == (HIFN_D_RES_RSIZE + 1)) ++ i = 0; ++ } ++ dma->resk = i; dma->resu = u; ++ ++ i = dma->srck; u = dma->srcu; ++ while (u != 0) { ++ if (i == HIFN_D_SRC_RSIZE) ++ i = 0; ++ HIFN_SRCR_SYNC(sc, i, ++ BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); ++ if (dma->srcr[i].l & htole32(HIFN_D_VALID)) { ++ HIFN_SRCR_SYNC(sc, i, ++ BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); ++ break; ++ } ++ i++, u--; ++ } ++ dma->srck = i; dma->srcu = u; ++ ++ i = dma->cmdk; u = dma->cmdu; ++ while (u != 0) { ++ HIFN_CMDR_SYNC(sc, i, ++ BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); ++ if (dma->cmdr[i].l & htole32(HIFN_D_VALID)) { ++ HIFN_CMDR_SYNC(sc, i, ++ BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); ++ break; ++ } ++ if (i != HIFN_D_CMD_RSIZE) { ++ u--; ++ HIFN_CMD_SYNC(sc, i, BUS_DMASYNC_POSTWRITE); ++ } ++ if (++i == (HIFN_D_CMD_RSIZE + 1)) ++ i = 0; ++ } ++ dma->cmdk = i; dma->cmdu = u; ++ ++ HIFN_UNLOCK(sc); ++ ++ if (sc->sc_needwakeup) { /* XXX check high watermark */ ++ int wakeup = sc->sc_needwakeup & (CRYPTO_SYMQ|CRYPTO_ASYMQ); ++#ifdef HIFN_DEBUG ++ if (hifn_debug) ++ device_printf(sc->sc_dev, ++ "wakeup crypto (%x) u %d/%d/%d/%d\n", ++ sc->sc_needwakeup, ++ dma->cmdu, dma->srcu, dma->dstu, dma->resu); ++#endif ++ sc->sc_needwakeup &= ~wakeup; ++ crypto_unblock(sc->sc_cid, wakeup); ++ } ++ ++ return IRQ_HANDLED; ++} ++ ++/* ++ * Allocate a new 'session' and return an encoded session id. 'sidp' ++ * contains our registration id, and should contain an encoded session ++ * id on successful allocation. ++ */ ++static int ++hifn_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri) ++{ ++ struct hifn_softc *sc = device_get_softc(dev); ++ struct cryptoini *c; ++ int mac = 0, cry = 0, sesn; ++ struct hifn_session *ses = NULL; ++ unsigned long l_flags; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ KASSERT(sc != NULL, ("hifn_newsession: null softc")); ++ if (sidp == NULL || cri == NULL || sc == NULL) { ++ DPRINTF("%s,%d: %s - EINVAL\n", __FILE__, __LINE__, __FUNCTION__); ++ return (EINVAL); ++ } ++ ++ HIFN_LOCK(sc); ++ if (sc->sc_sessions == NULL) { ++ ses = sc->sc_sessions = (struct hifn_session *)kmalloc(sizeof(*ses), ++ SLAB_ATOMIC); ++ if (ses == NULL) { ++ HIFN_UNLOCK(sc); ++ return (ENOMEM); ++ } ++ sesn = 0; ++ sc->sc_nsessions = 1; ++ } else { ++ for (sesn = 0; sesn < sc->sc_nsessions; sesn++) { ++ if (!sc->sc_sessions[sesn].hs_used) { ++ ses = &sc->sc_sessions[sesn]; ++ break; ++ } ++ } ++ ++ if (ses == NULL) { ++ sesn = sc->sc_nsessions; ++ ses = (struct hifn_session *)kmalloc((sesn + 1) * sizeof(*ses), ++ SLAB_ATOMIC); ++ if (ses == NULL) { ++ HIFN_UNLOCK(sc); ++ return (ENOMEM); ++ } ++ bcopy(sc->sc_sessions, ses, sesn * sizeof(*ses)); ++ bzero(sc->sc_sessions, sesn * sizeof(*ses)); ++ kfree(sc->sc_sessions); ++ sc->sc_sessions = ses; ++ ses = &sc->sc_sessions[sesn]; ++ sc->sc_nsessions++; ++ } ++ } ++ HIFN_UNLOCK(sc); ++ ++ bzero(ses, sizeof(*ses)); ++ ses->hs_used = 1; ++ ++ for (c = cri; c != NULL; c = c->cri_next) { ++ switch (c->cri_alg) { ++ case CRYPTO_MD5: ++ case CRYPTO_SHA1: ++ case CRYPTO_MD5_HMAC: ++ case CRYPTO_SHA1_HMAC: ++ if (mac) { ++ DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); ++ return (EINVAL); ++ } ++ mac = 1; ++ ses->hs_mlen = c->cri_mlen; ++ if (ses->hs_mlen == 0) { ++ switch (c->cri_alg) { ++ case CRYPTO_MD5: ++ case CRYPTO_MD5_HMAC: ++ ses->hs_mlen = 16; ++ break; ++ case CRYPTO_SHA1: ++ case CRYPTO_SHA1_HMAC: ++ ses->hs_mlen = 20; ++ break; ++ } ++ } ++ break; ++ case CRYPTO_DES_CBC: ++ case CRYPTO_3DES_CBC: ++ case CRYPTO_AES_CBC: ++ /* XXX this may read fewer, does it matter? */ ++ read_random(ses->hs_iv, ++ c->cri_alg == CRYPTO_AES_CBC ? ++ HIFN_AES_IV_LENGTH : HIFN_IV_LENGTH); ++ /*FALLTHROUGH*/ ++ case CRYPTO_ARC4: ++ if (cry) { ++ DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); ++ return (EINVAL); ++ } ++ cry = 1; ++ break; ++ default: ++ DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); ++ return (EINVAL); ++ } ++ } ++ if (mac == 0 && cry == 0) { ++ DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); ++ return (EINVAL); ++ } ++ ++ *sidp = HIFN_SID(device_get_unit(sc->sc_dev), sesn); ++ ++ return (0); ++} ++ ++/* ++ * Deallocate a session. ++ * XXX this routine should run a zero'd mac/encrypt key into context ram. ++ * XXX to blow away any keys already stored there. ++ */ ++static int ++hifn_freesession(device_t dev, u_int64_t tid) ++{ ++ struct hifn_softc *sc = device_get_softc(dev); ++ int session, error; ++ u_int32_t sid = CRYPTO_SESID2LID(tid); ++ unsigned long l_flags; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ KASSERT(sc != NULL, ("hifn_freesession: null softc")); ++ if (sc == NULL) { ++ DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); ++ return (EINVAL); ++ } ++ ++ HIFN_LOCK(sc); ++ session = HIFN_SESSION(sid); ++ if (session < sc->sc_nsessions) { ++ bzero(&sc->sc_sessions[session], sizeof(struct hifn_session)); ++ error = 0; ++ } else { ++ DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); ++ error = EINVAL; ++ } ++ HIFN_UNLOCK(sc); ++ ++ return (error); ++} ++ ++static int ++hifn_process(device_t dev, struct cryptop *crp, int hint) ++{ ++ struct hifn_softc *sc = device_get_softc(dev); ++ struct hifn_command *cmd = NULL; ++ int session, err, ivlen; ++ struct cryptodesc *crd1, *crd2, *maccrd, *enccrd; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ if (crp == NULL || crp->crp_callback == NULL) { ++ hifnstats.hst_invalid++; ++ DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); ++ return (EINVAL); ++ } ++ session = HIFN_SESSION(crp->crp_sid); ++ ++ if (sc == NULL || session >= sc->sc_nsessions) { ++ DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); ++ err = EINVAL; ++ goto errout; ++ } ++ ++ cmd = kmalloc(sizeof(struct hifn_command), SLAB_ATOMIC); ++ if (cmd == NULL) { ++ hifnstats.hst_nomem++; ++ err = ENOMEM; ++ goto errout; ++ } ++ memset(cmd, 0, sizeof(*cmd)); ++ ++ if (crp->crp_flags & CRYPTO_F_SKBUF) { ++ cmd->src_skb = (struct sk_buff *)crp->crp_buf; ++ cmd->dst_skb = (struct sk_buff *)crp->crp_buf; ++ } else if (crp->crp_flags & CRYPTO_F_IOV) { ++ cmd->src_io = (struct uio *)crp->crp_buf; ++ cmd->dst_io = (struct uio *)crp->crp_buf; ++ } else { ++ cmd->src_buf = crp->crp_buf; ++ cmd->dst_buf = crp->crp_buf; ++ } ++ ++ crd1 = crp->crp_desc; ++ if (crd1 == NULL) { ++ DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); ++ err = EINVAL; ++ goto errout; ++ } ++ crd2 = crd1->crd_next; ++ ++ if (crd2 == NULL) { ++ if (crd1->crd_alg == CRYPTO_MD5_HMAC || ++ crd1->crd_alg == CRYPTO_SHA1_HMAC || ++ crd1->crd_alg == CRYPTO_SHA1 || ++ crd1->crd_alg == CRYPTO_MD5) { ++ maccrd = crd1; ++ enccrd = NULL; ++ } else if (crd1->crd_alg == CRYPTO_DES_CBC || ++ crd1->crd_alg == CRYPTO_3DES_CBC || ++ crd1->crd_alg == CRYPTO_AES_CBC || ++ crd1->crd_alg == CRYPTO_ARC4) { ++ if ((crd1->crd_flags & CRD_F_ENCRYPT) == 0) ++ cmd->base_masks |= HIFN_BASE_CMD_DECODE; ++ maccrd = NULL; ++ enccrd = crd1; ++ } else { ++ DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); ++ err = EINVAL; ++ goto errout; ++ } ++ } else { ++ if ((crd1->crd_alg == CRYPTO_MD5_HMAC || ++ crd1->crd_alg == CRYPTO_SHA1_HMAC || ++ crd1->crd_alg == CRYPTO_MD5 || ++ crd1->crd_alg == CRYPTO_SHA1) && ++ (crd2->crd_alg == CRYPTO_DES_CBC || ++ crd2->crd_alg == CRYPTO_3DES_CBC || ++ crd2->crd_alg == CRYPTO_AES_CBC || ++ crd2->crd_alg == CRYPTO_ARC4) && ++ ((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) { ++ cmd->base_masks = HIFN_BASE_CMD_DECODE; ++ maccrd = crd1; ++ enccrd = crd2; ++ } else if ((crd1->crd_alg == CRYPTO_DES_CBC || ++ crd1->crd_alg == CRYPTO_ARC4 || ++ crd1->crd_alg == CRYPTO_3DES_CBC || ++ crd1->crd_alg == CRYPTO_AES_CBC) && ++ (crd2->crd_alg == CRYPTO_MD5_HMAC || ++ crd2->crd_alg == CRYPTO_SHA1_HMAC || ++ crd2->crd_alg == CRYPTO_MD5 || ++ crd2->crd_alg == CRYPTO_SHA1) && ++ (crd1->crd_flags & CRD_F_ENCRYPT)) { ++ enccrd = crd1; ++ maccrd = crd2; ++ } else { ++ /* ++ * We cannot order the 7751 as requested ++ */ ++ DPRINTF("%s,%d: %s %d,%d,%d - EINVAL\n",__FILE__,__LINE__,__FUNCTION__, crd1->crd_alg, crd2->crd_alg, crd1->crd_flags & CRD_F_ENCRYPT); ++ err = EINVAL; ++ goto errout; ++ } ++ } ++ ++ if (enccrd) { ++ cmd->enccrd = enccrd; ++ cmd->base_masks |= HIFN_BASE_CMD_CRYPT; ++ switch (enccrd->crd_alg) { ++ case CRYPTO_ARC4: ++ cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_RC4; ++ break; ++ case CRYPTO_DES_CBC: ++ cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_DES | ++ HIFN_CRYPT_CMD_MODE_CBC | ++ HIFN_CRYPT_CMD_NEW_IV; ++ break; ++ case CRYPTO_3DES_CBC: ++ cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_3DES | ++ HIFN_CRYPT_CMD_MODE_CBC | ++ HIFN_CRYPT_CMD_NEW_IV; ++ break; ++ case CRYPTO_AES_CBC: ++ cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_AES | ++ HIFN_CRYPT_CMD_MODE_CBC | ++ HIFN_CRYPT_CMD_NEW_IV; ++ break; ++ default: ++ DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); ++ err = EINVAL; ++ goto errout; ++ } ++ if (enccrd->crd_alg != CRYPTO_ARC4) { ++ ivlen = ((enccrd->crd_alg == CRYPTO_AES_CBC) ? ++ HIFN_AES_IV_LENGTH : HIFN_IV_LENGTH); ++ if (enccrd->crd_flags & CRD_F_ENCRYPT) { ++ if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) ++ bcopy(enccrd->crd_iv, cmd->iv, ivlen); ++ else ++ bcopy(sc->sc_sessions[session].hs_iv, ++ cmd->iv, ivlen); ++ ++ if ((enccrd->crd_flags & CRD_F_IV_PRESENT) ++ == 0) { ++ crypto_copyback(crp->crp_flags, ++ crp->crp_buf, enccrd->crd_inject, ++ ivlen, cmd->iv); ++ } ++ } else { ++ if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) ++ bcopy(enccrd->crd_iv, cmd->iv, ivlen); ++ else { ++ crypto_copydata(crp->crp_flags, ++ crp->crp_buf, enccrd->crd_inject, ++ ivlen, cmd->iv); ++ } ++ } ++ } ++ ++ if (enccrd->crd_flags & CRD_F_KEY_EXPLICIT) ++ cmd->cry_masks |= HIFN_CRYPT_CMD_NEW_KEY; ++ cmd->ck = enccrd->crd_key; ++ cmd->cklen = enccrd->crd_klen >> 3; ++ cmd->cry_masks |= HIFN_CRYPT_CMD_NEW_KEY; ++ ++ /* ++ * Need to specify the size for the AES key in the masks. ++ */ ++ if ((cmd->cry_masks & HIFN_CRYPT_CMD_ALG_MASK) == ++ HIFN_CRYPT_CMD_ALG_AES) { ++ switch (cmd->cklen) { ++ case 16: ++ cmd->cry_masks |= HIFN_CRYPT_CMD_KSZ_128; ++ break; ++ case 24: ++ cmd->cry_masks |= HIFN_CRYPT_CMD_KSZ_192; ++ break; ++ case 32: ++ cmd->cry_masks |= HIFN_CRYPT_CMD_KSZ_256; ++ break; ++ default: ++ DPRINTF("%s,%d: %s - EINVAL\n",__FILE__,__LINE__,__FUNCTION__); ++ err = EINVAL; ++ goto errout; ++ } ++ } ++ } ++ ++ if (maccrd) { ++ cmd->maccrd = maccrd; ++ cmd->base_masks |= HIFN_BASE_CMD_MAC; ++ ++ switch (maccrd->crd_alg) { ++ case CRYPTO_MD5: ++ cmd->mac_masks |= HIFN_MAC_CMD_ALG_MD5 | ++ HIFN_MAC_CMD_RESULT | HIFN_MAC_CMD_MODE_HASH | ++ HIFN_MAC_CMD_POS_IPSEC; ++ break; ++ case CRYPTO_MD5_HMAC: ++ cmd->mac_masks |= HIFN_MAC_CMD_ALG_MD5 | ++ HIFN_MAC_CMD_RESULT | HIFN_MAC_CMD_MODE_HMAC | ++ HIFN_MAC_CMD_POS_IPSEC | HIFN_MAC_CMD_TRUNC; ++ break; ++ case CRYPTO_SHA1: ++ cmd->mac_masks |= HIFN_MAC_CMD_ALG_SHA1 | ++ HIFN_MAC_CMD_RESULT | HIFN_MAC_CMD_MODE_HASH | ++ HIFN_MAC_CMD_POS_IPSEC; ++ break; ++ case CRYPTO_SHA1_HMAC: ++ cmd->mac_masks |= HIFN_MAC_CMD_ALG_SHA1 | ++ HIFN_MAC_CMD_RESULT | HIFN_MAC_CMD_MODE_HMAC | ++ HIFN_MAC_CMD_POS_IPSEC | HIFN_MAC_CMD_TRUNC; ++ break; ++ } ++ ++ if (maccrd->crd_alg == CRYPTO_SHA1_HMAC || ++ maccrd->crd_alg == CRYPTO_MD5_HMAC) { ++ cmd->mac_masks |= HIFN_MAC_CMD_NEW_KEY; ++ bcopy(maccrd->crd_key, cmd->mac, maccrd->crd_klen >> 3); ++ bzero(cmd->mac + (maccrd->crd_klen >> 3), ++ HIFN_MAC_KEY_LENGTH - (maccrd->crd_klen >> 3)); ++ } ++ } ++ ++ cmd->crp = crp; ++ cmd->session_num = session; ++ cmd->softc = sc; ++ ++ err = hifn_crypto(sc, cmd, crp, hint); ++ if (!err) { ++ return 0; ++ } else if (err == ERESTART) { ++ /* ++ * There weren't enough resources to dispatch the request ++ * to the part. Notify the caller so they'll requeue this ++ * request and resubmit it again soon. ++ */ ++#ifdef HIFN_DEBUG ++ if (hifn_debug) ++ device_printf(sc->sc_dev, "requeue request\n"); ++#endif ++ kfree(cmd); ++ sc->sc_needwakeup |= CRYPTO_SYMQ; ++ return (err); ++ } ++ ++errout: ++ if (cmd != NULL) ++ kfree(cmd); ++ if (err == EINVAL) ++ hifnstats.hst_invalid++; ++ else ++ hifnstats.hst_nomem++; ++ crp->crp_etype = err; ++ crypto_done(crp); ++ return (err); ++} ++ ++static void ++hifn_abort(struct hifn_softc *sc) ++{ ++ struct hifn_dma *dma = sc->sc_dma; ++ struct hifn_command *cmd; ++ struct cryptop *crp; ++ int i, u; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ i = dma->resk; u = dma->resu; ++ while (u != 0) { ++ cmd = dma->hifn_commands[i]; ++ KASSERT(cmd != NULL, ("hifn_abort: null command slot %u", i)); ++ dma->hifn_commands[i] = NULL; ++ crp = cmd->crp; ++ ++ if ((dma->resr[i].l & htole32(HIFN_D_VALID)) == 0) { ++ /* Salvage what we can. */ ++ u_int8_t *macbuf; ++ ++ if (cmd->base_masks & HIFN_BASE_CMD_MAC) { ++ macbuf = dma->result_bufs[i]; ++ macbuf += 12; ++ } else ++ macbuf = NULL; ++ hifnstats.hst_opackets++; ++ hifn_callback(sc, cmd, macbuf); ++ } else { ++#if 0 ++ if (cmd->src_map == cmd->dst_map) { ++ bus_dmamap_sync(sc->sc_dmat, cmd->src_map, ++ BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE); ++ } else { ++ bus_dmamap_sync(sc->sc_dmat, cmd->src_map, ++ BUS_DMASYNC_POSTWRITE); ++ bus_dmamap_sync(sc->sc_dmat, cmd->dst_map, ++ BUS_DMASYNC_POSTREAD); ++ } ++#endif ++ ++ if (cmd->src_skb != cmd->dst_skb) { ++#ifdef NOTYET ++ m_freem(cmd->src_m); ++ crp->crp_buf = (caddr_t)cmd->dst_m; ++#else ++ device_printf(sc->sc_dev, ++ "%s,%d: CRYPTO_F_SKBUF src != dst not implemented\n", ++ __FILE__, __LINE__); ++#endif ++ } ++ ++ /* non-shared buffers cannot be restarted */ ++ if (cmd->src_map != cmd->dst_map) { ++ /* ++ * XXX should be EAGAIN, delayed until ++ * after the reset. ++ */ ++ crp->crp_etype = ENOMEM; ++ pci_unmap_buf(sc, &cmd->dst); ++ } else ++ crp->crp_etype = ENOMEM; ++ ++ pci_unmap_buf(sc, &cmd->src); ++ ++ kfree(cmd); ++ if (crp->crp_etype != EAGAIN) ++ crypto_done(crp); ++ } ++ ++ if (++i == HIFN_D_RES_RSIZE) ++ i = 0; ++ u--; ++ } ++ dma->resk = i; dma->resu = u; ++ ++ hifn_reset_board(sc, 1); ++ hifn_init_dma(sc); ++ hifn_init_pci_registers(sc); ++} ++ ++static void ++hifn_callback(struct hifn_softc *sc, struct hifn_command *cmd, u_int8_t *macbuf) ++{ ++ struct hifn_dma *dma = sc->sc_dma; ++ struct cryptop *crp = cmd->crp; ++ struct cryptodesc *crd; ++ int i, u, ivlen; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++#if 0 ++ if (cmd->src_map == cmd->dst_map) { ++ bus_dmamap_sync(sc->sc_dmat, cmd->src_map, ++ BUS_DMASYNC_POSTWRITE | BUS_DMASYNC_POSTREAD); ++ } else { ++ bus_dmamap_sync(sc->sc_dmat, cmd->src_map, ++ BUS_DMASYNC_POSTWRITE); ++ bus_dmamap_sync(sc->sc_dmat, cmd->dst_map, ++ BUS_DMASYNC_POSTREAD); ++ } ++#endif ++ ++ if (crp->crp_flags & CRYPTO_F_SKBUF) { ++ if (cmd->src_skb != cmd->dst_skb) { ++#ifdef NOTYET ++ crp->crp_buf = (caddr_t)cmd->dst_m; ++ totlen = cmd->src_mapsize; ++ for (m = cmd->dst_m; m != NULL; m = m->m_next) { ++ if (totlen < m->m_len) { ++ m->m_len = totlen; ++ totlen = 0; ++ } else ++ totlen -= m->m_len; ++ } ++ cmd->dst_m->m_pkthdr.len = cmd->src_m->m_pkthdr.len; ++ m_freem(cmd->src_m); ++#else ++ device_printf(sc->sc_dev, ++ "%s,%d: CRYPTO_F_SKBUF src != dst not implemented\n", ++ __FILE__, __LINE__); ++#endif ++ } ++ } ++ ++ if (cmd->sloplen != 0) { ++ crypto_copyback(crp->crp_flags, crp->crp_buf, ++ cmd->src_mapsize - cmd->sloplen, cmd->sloplen, ++ (caddr_t)&dma->slop[cmd->slopidx]); ++ } ++ ++ i = dma->dstk; u = dma->dstu; ++ while (u != 0) { ++ if (i == HIFN_D_DST_RSIZE) ++ i = 0; ++#if 0 ++ bus_dmamap_sync(sc->sc_dmat, sc->sc_dmamap, ++ BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); ++#endif ++ if (dma->dstr[i].l & htole32(HIFN_D_VALID)) { ++#if 0 ++ bus_dmamap_sync(sc->sc_dmat, sc->sc_dmamap, ++ BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE); ++#endif ++ break; ++ } ++ i++, u--; ++ } ++ dma->dstk = i; dma->dstu = u; ++ ++ hifnstats.hst_obytes += cmd->dst_mapsize; ++ ++ if ((cmd->base_masks & (HIFN_BASE_CMD_CRYPT | HIFN_BASE_CMD_DECODE)) == ++ HIFN_BASE_CMD_CRYPT) { ++ for (crd = crp->crp_desc; crd; crd = crd->crd_next) { ++ if (crd->crd_alg != CRYPTO_DES_CBC && ++ crd->crd_alg != CRYPTO_3DES_CBC && ++ crd->crd_alg != CRYPTO_AES_CBC) ++ continue; ++ ivlen = ((crd->crd_alg == CRYPTO_AES_CBC) ? ++ HIFN_AES_IV_LENGTH : HIFN_IV_LENGTH); ++ crypto_copydata(crp->crp_flags, crp->crp_buf, ++ crd->crd_skip + crd->crd_len - ivlen, ivlen, ++ cmd->softc->sc_sessions[cmd->session_num].hs_iv); ++ break; ++ } ++ } ++ ++ if (macbuf != NULL) { ++ for (crd = crp->crp_desc; crd; crd = crd->crd_next) { ++ int len; ++ ++ if (crd->crd_alg != CRYPTO_MD5 && ++ crd->crd_alg != CRYPTO_SHA1 && ++ crd->crd_alg != CRYPTO_MD5_HMAC && ++ crd->crd_alg != CRYPTO_SHA1_HMAC) { ++ continue; ++ } ++ len = cmd->softc->sc_sessions[cmd->session_num].hs_mlen; ++ crypto_copyback(crp->crp_flags, crp->crp_buf, ++ crd->crd_inject, len, macbuf); ++ break; ++ } ++ } ++ ++ if (cmd->src_map != cmd->dst_map) ++ pci_unmap_buf(sc, &cmd->dst); ++ pci_unmap_buf(sc, &cmd->src); ++ kfree(cmd); ++ crypto_done(crp); ++} ++ ++/* ++ * 7811 PB3 rev/2 parts lock-up on burst writes to Group 0 ++ * and Group 1 registers; avoid conditions that could create ++ * burst writes by doing a read in between the writes. ++ * ++ * NB: The read we interpose is always to the same register; ++ * we do this because reading from an arbitrary (e.g. last) ++ * register may not always work. ++ */ ++static void ++hifn_write_reg_0(struct hifn_softc *sc, bus_size_t reg, u_int32_t val) ++{ ++ if (sc->sc_flags & HIFN_IS_7811) { ++ if (sc->sc_bar0_lastreg == reg - 4) ++ readl(sc->sc_bar0 + HIFN_0_PUCNFG); ++ sc->sc_bar0_lastreg = reg; ++ } ++ writel(val, sc->sc_bar0 + reg); ++} ++ ++static void ++hifn_write_reg_1(struct hifn_softc *sc, bus_size_t reg, u_int32_t val) ++{ ++ if (sc->sc_flags & HIFN_IS_7811) { ++ if (sc->sc_bar1_lastreg == reg - 4) ++ readl(sc->sc_bar1 + HIFN_1_REVID); ++ sc->sc_bar1_lastreg = reg; ++ } ++ writel(val, sc->sc_bar1 + reg); ++} ++ ++ ++static struct pci_device_id hifn_pci_tbl[] = { ++ { PCI_VENDOR_HIFN, PCI_PRODUCT_HIFN_7951, ++ PCI_ANY_ID, PCI_ANY_ID, 0, 0, }, ++ { PCI_VENDOR_HIFN, PCI_PRODUCT_HIFN_7955, ++ PCI_ANY_ID, PCI_ANY_ID, 0, 0, }, ++ { PCI_VENDOR_HIFN, PCI_PRODUCT_HIFN_7956, ++ PCI_ANY_ID, PCI_ANY_ID, 0, 0, }, ++ { PCI_VENDOR_NETSEC, PCI_PRODUCT_NETSEC_7751, ++ PCI_ANY_ID, PCI_ANY_ID, 0, 0, }, ++ { PCI_VENDOR_INVERTEX, PCI_PRODUCT_INVERTEX_AEON, ++ PCI_ANY_ID, PCI_ANY_ID, 0, 0, }, ++ { PCI_VENDOR_HIFN, PCI_PRODUCT_HIFN_7811, ++ PCI_ANY_ID, PCI_ANY_ID, 0, 0, }, ++ /* ++ * Other vendors share this PCI ID as well, such as ++ * http://www.powercrypt.com, and obviously they also ++ * use the same key. ++ */ ++ { PCI_VENDOR_HIFN, PCI_PRODUCT_HIFN_7751, ++ PCI_ANY_ID, PCI_ANY_ID, 0, 0, }, ++ { 0, 0, 0, 0, 0, 0, } ++}; ++MODULE_DEVICE_TABLE(pci, hifn_pci_tbl); ++ ++static struct pci_driver hifn_driver = { ++ .name = "hifn", ++ .id_table = hifn_pci_tbl, ++ .probe = hifn_probe, ++ .remove = hifn_remove, ++ /* add PM stuff here one day */ ++}; ++ ++static int __init hifn_init (void) ++{ ++ struct hifn_softc *sc = NULL; ++ int rc; ++ ++ DPRINTF("%s(%p)\n", __FUNCTION__, hifn_init); ++ ++ rc = pci_register_driver(&hifn_driver); ++ pci_register_driver_compat(&hifn_driver, rc); ++ ++ return rc; ++} ++ ++static void __exit hifn_exit (void) ++{ ++ pci_unregister_driver(&hifn_driver); ++} ++ ++module_init(hifn_init); ++module_exit(hifn_exit); ++ ++MODULE_LICENSE("BSD"); ++MODULE_AUTHOR("David McCullough <david_mccullough@securecomputing.com>"); ++MODULE_DESCRIPTION("OCF driver for hifn PCI crypto devices"); +--- /dev/null ++++ b/crypto/ocf/hifn/hifnHIPP.c +@@ -0,0 +1,420 @@ ++/*- ++ * Driver for Hifn HIPP-I/II chipset ++ * Copyright (c) 2006 Michael Richardson <mcr@xelerance.com> ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote products ++ * derived from this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ * Effort sponsored by Hifn Inc. ++ * ++ */ ++ ++/* ++ * Driver for various Hifn encryption processors. ++ */ ++#ifndef AUTOCONF_INCLUDED ++#include <linux/config.h> ++#endif ++#include <linux/module.h> ++#include <linux/init.h> ++#include <linux/list.h> ++#include <linux/slab.h> ++#include <linux/wait.h> ++#include <linux/sched.h> ++#include <linux/pci.h> ++#include <linux/delay.h> ++#include <linux/interrupt.h> ++#include <linux/spinlock.h> ++#include <linux/random.h> ++#include <linux/version.h> ++#include <linux/skbuff.h> ++#include <linux/uio.h> ++#include <linux/sysfs.h> ++#include <linux/miscdevice.h> ++#include <asm/io.h> ++ ++#include <cryptodev.h> ++ ++#include "hifnHIPPreg.h" ++#include "hifnHIPPvar.h" ++ ++#if 1 ++#define DPRINTF(a...) if (hipp_debug) { \ ++ printk("%s: ", sc ? \ ++ device_get_nameunit(sc->sc_dev) : "hifn"); \ ++ printk(a); \ ++ } else ++#else ++#define DPRINTF(a...) ++#endif ++ ++typedef int bus_size_t; ++ ++static inline int ++pci_get_revid(struct pci_dev *dev) ++{ ++ u8 rid = 0; ++ pci_read_config_byte(dev, PCI_REVISION_ID, &rid); ++ return rid; ++} ++ ++#define debug hipp_debug ++int hipp_debug = 0; ++module_param(hipp_debug, int, 0644); ++MODULE_PARM_DESC(hipp_debug, "Enable debug"); ++ ++int hipp_maxbatch = 1; ++module_param(hipp_maxbatch, int, 0644); ++MODULE_PARM_DESC(hipp_maxbatch, "max ops to batch w/o interrupt"); ++ ++static int hipp_probe(struct pci_dev *dev, const struct pci_device_id *ent); ++static void hipp_remove(struct pci_dev *dev); ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) ++static irqreturn_t hipp_intr(int irq, void *arg); ++#else ++static irqreturn_t hipp_intr(int irq, void *arg, struct pt_regs *regs); ++#endif ++ ++static int hipp_num_chips = 0; ++static struct hipp_softc *hipp_chip_idx[HIPP_MAX_CHIPS]; ++ ++static int hipp_newsession(device_t, u_int32_t *, struct cryptoini *); ++static int hipp_freesession(device_t, u_int64_t); ++static int hipp_process(device_t, struct cryptop *, int); ++ ++static device_method_t hipp_methods = { ++ /* crypto device methods */ ++ DEVMETHOD(cryptodev_newsession, hipp_newsession), ++ DEVMETHOD(cryptodev_freesession,hipp_freesession), ++ DEVMETHOD(cryptodev_process, hipp_process), ++}; ++ ++static __inline u_int32_t ++READ_REG(struct hipp_softc *sc, unsigned int barno, bus_size_t reg) ++{ ++ u_int32_t v = readl(sc->sc_bar[barno] + reg); ++ //sc->sc_bar0_lastreg = (bus_size_t) -1; ++ return (v); ++} ++static __inline void ++WRITE_REG(struct hipp_softc *sc, unsigned int barno, bus_size_t reg, u_int32_t val) ++{ ++ writel(val, sc->sc_bar[barno] + reg); ++} ++ ++#define READ_REG_0(sc, reg) READ_REG(sc, 0, reg) ++#define WRITE_REG_0(sc, reg, val) WRITE_REG(sc,0, reg, val) ++#define READ_REG_1(sc, reg) READ_REG(sc, 1, reg) ++#define WRITE_REG_1(sc, reg, val) WRITE_REG(sc,1, reg, val) ++ ++static int ++hipp_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri) ++{ ++ return EINVAL; ++} ++ ++static int ++hipp_freesession(device_t dev, u_int64_t tid) ++{ ++ return EINVAL; ++} ++ ++static int ++hipp_process(device_t dev, struct cryptop *crp, int hint) ++{ ++ return EINVAL; ++} ++ ++static const char* ++hipp_partname(struct hipp_softc *sc, char buf[128], size_t blen) ++{ ++ char *n = NULL; ++ ++ switch (pci_get_vendor(sc->sc_pcidev)) { ++ case PCI_VENDOR_HIFN: ++ switch (pci_get_device(sc->sc_pcidev)) { ++ case PCI_PRODUCT_HIFN_7855: n = "Hifn 7855"; ++ case PCI_PRODUCT_HIFN_8155: n = "Hifn 8155"; ++ case PCI_PRODUCT_HIFN_6500: n = "Hifn 6500"; ++ } ++ } ++ ++ if(n==NULL) { ++ snprintf(buf, blen, "VID=%02x,PID=%02x", ++ pci_get_vendor(sc->sc_pcidev), ++ pci_get_device(sc->sc_pcidev)); ++ } else { ++ buf[0]='\0'; ++ strncat(buf, n, blen); ++ } ++ return buf; ++} ++ ++struct hipp_fs_entry { ++ struct attribute attr; ++ /* other stuff */ ++}; ++ ++ ++static ssize_t ++cryptoid_show(struct device *dev, ++ struct device_attribute *attr, ++ char *buf) ++{ ++ struct hipp_softc *sc; ++ ++ sc = pci_get_drvdata(to_pci_dev (dev)); ++ return sprintf (buf, "%d\n", sc->sc_cid); ++} ++ ++struct device_attribute hipp_dev_cryptoid = __ATTR_RO(cryptoid); ++ ++/* ++ * Attach an interface that successfully probed. ++ */ ++static int ++hipp_probe(struct pci_dev *dev, const struct pci_device_id *ent) ++{ ++ struct hipp_softc *sc = NULL; ++ int i; ++ //char rbase; ++ //u_int16_t ena; ++ int rev; ++ //int rseg; ++ int rc; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ if (pci_enable_device(dev) < 0) ++ return(-ENODEV); ++ ++ if (pci_set_mwi(dev)) ++ return(-ENODEV); ++ ++ if (!dev->irq) { ++ printk("hifn: found device with no IRQ assigned. check BIOS settings!"); ++ pci_disable_device(dev); ++ return(-ENODEV); ++ } ++ ++ sc = (struct hipp_softc *) kmalloc(sizeof(*sc), GFP_KERNEL); ++ if (!sc) ++ return(-ENOMEM); ++ memset(sc, 0, sizeof(*sc)); ++ ++ softc_device_init(sc, "hifn-hipp", hipp_num_chips, hipp_methods); ++ ++ sc->sc_pcidev = dev; ++ sc->sc_irq = -1; ++ sc->sc_cid = -1; ++ sc->sc_num = hipp_num_chips++; ++ ++ if (sc->sc_num < HIPP_MAX_CHIPS) ++ hipp_chip_idx[sc->sc_num] = sc; ++ ++ pci_set_drvdata(sc->sc_pcidev, sc); ++ ++ spin_lock_init(&sc->sc_mtx); ++ ++ /* ++ * Setup PCI resources. ++ * The READ_REG_0, WRITE_REG_0, READ_REG_1, ++ * and WRITE_REG_1 macros throughout the driver are used ++ * to permit better debugging. ++ */ ++ for(i=0; i<4; i++) { ++ unsigned long mem_start, mem_len; ++ mem_start = pci_resource_start(sc->sc_pcidev, i); ++ mem_len = pci_resource_len(sc->sc_pcidev, i); ++ sc->sc_barphy[i] = (caddr_t)mem_start; ++ sc->sc_bar[i] = (ocf_iomem_t) ioremap(mem_start, mem_len); ++ if (!sc->sc_bar[i]) { ++ device_printf(sc->sc_dev, "cannot map bar%d register space\n", i); ++ goto fail; ++ } ++ } ++ ++ //hipp_reset_board(sc, 0); ++ pci_set_master(sc->sc_pcidev); ++ ++ /* ++ * Arrange the interrupt line. ++ */ ++ rc = request_irq(dev->irq, hipp_intr, IRQF_SHARED, "hifn", sc); ++ if (rc) { ++ device_printf(sc->sc_dev, "could not map interrupt: %d\n", rc); ++ goto fail; ++ } ++ sc->sc_irq = dev->irq; ++ ++ rev = READ_REG_1(sc, HIPP_1_REVID) & 0xffff; ++ ++ { ++ char b[32]; ++ device_printf(sc->sc_dev, "%s, rev %u", ++ hipp_partname(sc, b, sizeof(b)), rev); ++ } ++ ++#if 0 ++ if (sc->sc_flags & HIFN_IS_7956) ++ printf(", pll=0x%x<%s clk, %ux mult>", ++ sc->sc_pllconfig, ++ sc->sc_pllconfig & HIFN_PLL_REF_SEL ? "ext" : "pci", ++ 2 + 2*((sc->sc_pllconfig & HIFN_PLL_ND) >> 11)); ++#endif ++ printf("\n"); ++ ++ sc->sc_cid = crypto_get_driverid(softc_get_device(sc),CRYPTOCAP_F_HARDWARE); ++ if (sc->sc_cid < 0) { ++ device_printf(sc->sc_dev, "could not get crypto driver id\n"); ++ goto fail; ++ } ++ ++#if 0 /* cannot work with a non-GPL module */ ++ /* make a sysfs entry to let the world know what entry we got */ ++ sysfs_create_file(&sc->sc_pcidev->dev.kobj, &hipp_dev_cryptoid.attr); ++#endif ++ ++#if 0 ++ init_timer(&sc->sc_tickto); ++ sc->sc_tickto.function = hifn_tick; ++ sc->sc_tickto.data = (unsigned long) sc->sc_num; ++ mod_timer(&sc->sc_tickto, jiffies + HZ); ++#endif ++ ++#if 0 /* no code here yet ?? */ ++ crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0); ++#endif ++ ++ return (0); ++ ++fail: ++ if (sc->sc_cid >= 0) ++ crypto_unregister_all(sc->sc_cid); ++ if (sc->sc_irq != -1) ++ free_irq(sc->sc_irq, sc); ++ ++#if 0 ++ if (sc->sc_dma) { ++ /* Turn off DMA polling */ ++ WRITE_REG_1(sc, HIFN_1_DMA_CNFG, HIFN_DMACNFG_MSTRESET | ++ HIFN_DMACNFG_DMARESET | HIFN_DMACNFG_MODE); ++ ++ pci_free_consistent(sc->sc_pcidev, ++ sizeof(*sc->sc_dma), ++ sc->sc_dma, sc->sc_dma_physaddr); ++ } ++#endif ++ kfree(sc); ++ return (-ENXIO); ++} ++ ++/* ++ * Detach an interface that successfully probed. ++ */ ++static void ++hipp_remove(struct pci_dev *dev) ++{ ++ struct hipp_softc *sc = pci_get_drvdata(dev); ++ unsigned long l_flags; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ /* disable interrupts */ ++ HIPP_LOCK(sc); ++ ++#if 0 ++ WRITE_REG_1(sc, HIFN_1_DMA_IER, 0); ++ HIFN_UNLOCK(sc); ++ ++ /*XXX other resources */ ++ del_timer_sync(&sc->sc_tickto); ++ ++ /* Turn off DMA polling */ ++ WRITE_REG_1(sc, HIFN_1_DMA_CNFG, HIFN_DMACNFG_MSTRESET | ++ HIFN_DMACNFG_DMARESET | HIFN_DMACNFG_MODE); ++#endif ++ ++ crypto_unregister_all(sc->sc_cid); ++ ++ free_irq(sc->sc_irq, sc); ++ ++#if 0 ++ pci_free_consistent(sc->sc_pcidev, sizeof(*sc->sc_dma), ++ sc->sc_dma, sc->sc_dma_physaddr); ++#endif ++} ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) ++static irqreturn_t hipp_intr(int irq, void *arg) ++#else ++static irqreturn_t hipp_intr(int irq, void *arg, struct pt_regs *regs) ++#endif ++{ ++ struct hipp_softc *sc = arg; ++ ++ sc = sc; /* shut up compiler */ ++ ++ return IRQ_HANDLED; ++} ++ ++static struct pci_device_id hipp_pci_tbl[] = { ++ { PCI_VENDOR_HIFN, PCI_PRODUCT_HIFN_7855, ++ PCI_ANY_ID, PCI_ANY_ID, 0, 0, }, ++ { PCI_VENDOR_HIFN, PCI_PRODUCT_HIFN_8155, ++ PCI_ANY_ID, PCI_ANY_ID, 0, 0, }, ++}; ++MODULE_DEVICE_TABLE(pci, hipp_pci_tbl); ++ ++static struct pci_driver hipp_driver = { ++ .name = "hipp", ++ .id_table = hipp_pci_tbl, ++ .probe = hipp_probe, ++ .remove = hipp_remove, ++ /* add PM stuff here one day */ ++}; ++ ++static int __init hipp_init (void) ++{ ++ struct hipp_softc *sc = NULL; ++ int rc; ++ ++ DPRINTF("%s(%p)\n", __FUNCTION__, hipp_init); ++ ++ rc = pci_register_driver(&hipp_driver); ++ pci_register_driver_compat(&hipp_driver, rc); ++ ++ return rc; ++} ++ ++static void __exit hipp_exit (void) ++{ ++ pci_unregister_driver(&hipp_driver); ++} ++ ++module_init(hipp_init); ++module_exit(hipp_exit); ++ ++MODULE_LICENSE("BSD"); ++MODULE_AUTHOR("Michael Richardson <mcr@xelerance.com>"); ++MODULE_DESCRIPTION("OCF driver for hifn HIPP-I/II PCI crypto devices"); +--- /dev/null ++++ b/crypto/ocf/hifn/hifnHIPPreg.h +@@ -0,0 +1,46 @@ ++/*- ++ * Hifn HIPP-I/HIPP-II (7855/8155) driver. ++ * Copyright (c) 2006 Michael Richardson <mcr@xelerance.com> ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote products ++ * derived from this software without specific prior written permission. ++ * ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ * Effort sponsored by Hifn inc. ++ * ++ */ ++ ++#ifndef __HIFNHIPP_H__ ++#define __HIFNHIPP_H__ ++ ++/* ++ * PCI vendor and device identifiers ++ */ ++#define PCI_VENDOR_HIFN 0x13a3 /* Hifn */ ++#define PCI_PRODUCT_HIFN_6500 0x0006 /* 6500 */ ++#define PCI_PRODUCT_HIFN_7855 0x001f /* 7855 */ ++#define PCI_PRODUCT_HIFN_8155 0x999 /* XXX 8155 */ ++ ++#define HIPP_1_REVID 0x01 /* BOGUS */ ++ ++#endif /* __HIPP_H__ */ +--- /dev/null ++++ b/crypto/ocf/hifn/hifnHIPPvar.h +@@ -0,0 +1,93 @@ ++/* ++ * Hifn HIPP-I/HIPP-II (7855/8155) driver. ++ * Copyright (c) 2006 Michael Richardson <mcr@xelerance.com> * ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote products ++ * derived from this software without specific prior written permission. ++ * ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ * Effort sponsored by Hifn inc. ++ * ++ */ ++ ++#ifndef __HIFNHIPPVAR_H__ ++#define __HIFNHIPPVAR_H__ ++ ++#define HIPP_MAX_CHIPS 8 ++ ++/* ++ * Holds data specific to a single Hifn HIPP-I board. ++ */ ++struct hipp_softc { ++ softc_device_decl sc_dev; ++ ++ struct pci_dev *sc_pcidev; /* device backpointer */ ++ ocf_iomem_t sc_bar[5]; ++ caddr_t sc_barphy[5]; /* physical address */ ++ int sc_num; /* for multiple devs */ ++ spinlock_t sc_mtx; /* per-instance lock */ ++ int32_t sc_cid; ++ int sc_irq; ++ ++#if 0 ++ ++ u_int32_t sc_dmaier; ++ u_int32_t sc_drammodel; /* 1=dram, 0=sram */ ++ u_int32_t sc_pllconfig; /* 7954/7955/7956 PLL config */ ++ ++ struct hifn_dma *sc_dma; ++ dma_addr_t sc_dma_physaddr;/* physical address of sc_dma */ ++ ++ int sc_dmansegs; ++ int sc_maxses; ++ int sc_nsessions; ++ struct hifn_session *sc_sessions; ++ int sc_ramsize; ++ int sc_flags; ++#define HIFN_HAS_RNG 0x1 /* includes random number generator */ ++#define HIFN_HAS_PUBLIC 0x2 /* includes public key support */ ++#define HIFN_HAS_AES 0x4 /* includes AES support */ ++#define HIFN_IS_7811 0x8 /* Hifn 7811 part */ ++#define HIFN_IS_7956 0x10 /* Hifn 7956/7955 don't have SDRAM */ ++ ++ struct timer_list sc_tickto; /* for managing DMA */ ++ ++ int sc_rngfirst; ++ int sc_rnghz; /* RNG polling frequency */ ++ ++ int sc_c_busy; /* command ring busy */ ++ int sc_s_busy; /* source data ring busy */ ++ int sc_d_busy; /* destination data ring busy */ ++ int sc_r_busy; /* result ring busy */ ++ int sc_active; /* for initial countdown */ ++ int sc_needwakeup; /* ops q'd wating on resources */ ++ int sc_curbatch; /* # ops submitted w/o int */ ++ int sc_suspended; ++ struct miscdevice sc_miscdev; ++#endif ++}; ++ ++#define HIPP_LOCK(_sc) spin_lock_irqsave(&(_sc)->sc_mtx, l_flags) ++#define HIPP_UNLOCK(_sc) spin_unlock_irqrestore(&(_sc)->sc_mtx, l_flags) ++ ++#endif /* __HIFNHIPPVAR_H__ */ +--- /dev/null ++++ b/crypto/ocf/safe/md5.c +@@ -0,0 +1,308 @@ ++/* $KAME: md5.c,v 1.5 2000/11/08 06:13:08 itojun Exp $ */ ++/* ++ * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. Neither the name of the project nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++ ++#if 0 ++#include <sys/cdefs.h> ++__FBSDID("$FreeBSD: src/sys/crypto/md5.c,v 1.9 2004/01/27 19:49:19 des Exp $"); ++ ++#include <sys/types.h> ++#include <sys/cdefs.h> ++#include <sys/time.h> ++#include <sys/systm.h> ++#include <crypto/md5.h> ++#endif ++ ++#define SHIFT(X, s) (((X) << (s)) | ((X) >> (32 - (s)))) ++ ++#define F(X, Y, Z) (((X) & (Y)) | ((~X) & (Z))) ++#define G(X, Y, Z) (((X) & (Z)) | ((Y) & (~Z))) ++#define H(X, Y, Z) ((X) ^ (Y) ^ (Z)) ++#define I(X, Y, Z) ((Y) ^ ((X) | (~Z))) ++ ++#define ROUND1(a, b, c, d, k, s, i) { \ ++ (a) = (a) + F((b), (c), (d)) + X[(k)] + T[(i)]; \ ++ (a) = SHIFT((a), (s)); \ ++ (a) = (b) + (a); \ ++} ++ ++#define ROUND2(a, b, c, d, k, s, i) { \ ++ (a) = (a) + G((b), (c), (d)) + X[(k)] + T[(i)]; \ ++ (a) = SHIFT((a), (s)); \ ++ (a) = (b) + (a); \ ++} ++ ++#define ROUND3(a, b, c, d, k, s, i) { \ ++ (a) = (a) + H((b), (c), (d)) + X[(k)] + T[(i)]; \ ++ (a) = SHIFT((a), (s)); \ ++ (a) = (b) + (a); \ ++} ++ ++#define ROUND4(a, b, c, d, k, s, i) { \ ++ (a) = (a) + I((b), (c), (d)) + X[(k)] + T[(i)]; \ ++ (a) = SHIFT((a), (s)); \ ++ (a) = (b) + (a); \ ++} ++ ++#define Sa 7 ++#define Sb 12 ++#define Sc 17 ++#define Sd 22 ++ ++#define Se 5 ++#define Sf 9 ++#define Sg 14 ++#define Sh 20 ++ ++#define Si 4 ++#define Sj 11 ++#define Sk 16 ++#define Sl 23 ++ ++#define Sm 6 ++#define Sn 10 ++#define So 15 ++#define Sp 21 ++ ++#define MD5_A0 0x67452301 ++#define MD5_B0 0xefcdab89 ++#define MD5_C0 0x98badcfe ++#define MD5_D0 0x10325476 ++ ++/* Integer part of 4294967296 times abs(sin(i)), where i is in radians. */ ++static const u_int32_t T[65] = { ++ 0, ++ 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, ++ 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501, ++ 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be, ++ 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821, ++ ++ 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa, ++ 0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8, ++ 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed, ++ 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a, ++ ++ 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c, ++ 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70, ++ 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05, ++ 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665, ++ ++ 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039, ++ 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1, ++ 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1, ++ 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391, ++}; ++ ++static const u_int8_t md5_paddat[MD5_BUFLEN] = { ++ 0x80, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, ++}; ++ ++static void md5_calc(u_int8_t *, md5_ctxt *); ++ ++void md5_init(ctxt) ++ md5_ctxt *ctxt; ++{ ++ ctxt->md5_n = 0; ++ ctxt->md5_i = 0; ++ ctxt->md5_sta = MD5_A0; ++ ctxt->md5_stb = MD5_B0; ++ ctxt->md5_stc = MD5_C0; ++ ctxt->md5_std = MD5_D0; ++ bzero(ctxt->md5_buf, sizeof(ctxt->md5_buf)); ++} ++ ++void md5_loop(ctxt, input, len) ++ md5_ctxt *ctxt; ++ u_int8_t *input; ++ u_int len; /* number of bytes */ ++{ ++ u_int gap, i; ++ ++ ctxt->md5_n += len * 8; /* byte to bit */ ++ gap = MD5_BUFLEN - ctxt->md5_i; ++ ++ if (len >= gap) { ++ bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i), ++ gap); ++ md5_calc(ctxt->md5_buf, ctxt); ++ ++ for (i = gap; i + MD5_BUFLEN <= len; i += MD5_BUFLEN) { ++ md5_calc((u_int8_t *)(input + i), ctxt); ++ } ++ ++ ctxt->md5_i = len - i; ++ bcopy((void *)(input + i), (void *)ctxt->md5_buf, ctxt->md5_i); ++ } else { ++ bcopy((void *)input, (void *)(ctxt->md5_buf + ctxt->md5_i), ++ len); ++ ctxt->md5_i += len; ++ } ++} ++ ++void md5_pad(ctxt) ++ md5_ctxt *ctxt; ++{ ++ u_int gap; ++ ++ /* Don't count up padding. Keep md5_n. */ ++ gap = MD5_BUFLEN - ctxt->md5_i; ++ if (gap > 8) { ++ bcopy(md5_paddat, ++ (void *)(ctxt->md5_buf + ctxt->md5_i), ++ gap - sizeof(ctxt->md5_n)); ++ } else { ++ /* including gap == 8 */ ++ bcopy(md5_paddat, (void *)(ctxt->md5_buf + ctxt->md5_i), ++ gap); ++ md5_calc(ctxt->md5_buf, ctxt); ++ bcopy((md5_paddat + gap), ++ (void *)ctxt->md5_buf, ++ MD5_BUFLEN - sizeof(ctxt->md5_n)); ++ } ++ ++ /* 8 byte word */ ++#if BYTE_ORDER == LITTLE_ENDIAN ++ bcopy(&ctxt->md5_n8[0], &ctxt->md5_buf[56], 8); ++#endif ++#if BYTE_ORDER == BIG_ENDIAN ++ ctxt->md5_buf[56] = ctxt->md5_n8[7]; ++ ctxt->md5_buf[57] = ctxt->md5_n8[6]; ++ ctxt->md5_buf[58] = ctxt->md5_n8[5]; ++ ctxt->md5_buf[59] = ctxt->md5_n8[4]; ++ ctxt->md5_buf[60] = ctxt->md5_n8[3]; ++ ctxt->md5_buf[61] = ctxt->md5_n8[2]; ++ ctxt->md5_buf[62] = ctxt->md5_n8[1]; ++ ctxt->md5_buf[63] = ctxt->md5_n8[0]; ++#endif ++ ++ md5_calc(ctxt->md5_buf, ctxt); ++} ++ ++void md5_result(digest, ctxt) ++ u_int8_t *digest; ++ md5_ctxt *ctxt; ++{ ++ /* 4 byte words */ ++#if BYTE_ORDER == LITTLE_ENDIAN ++ bcopy(&ctxt->md5_st8[0], digest, 16); ++#endif ++#if BYTE_ORDER == BIG_ENDIAN ++ digest[ 0] = ctxt->md5_st8[ 3]; digest[ 1] = ctxt->md5_st8[ 2]; ++ digest[ 2] = ctxt->md5_st8[ 1]; digest[ 3] = ctxt->md5_st8[ 0]; ++ digest[ 4] = ctxt->md5_st8[ 7]; digest[ 5] = ctxt->md5_st8[ 6]; ++ digest[ 6] = ctxt->md5_st8[ 5]; digest[ 7] = ctxt->md5_st8[ 4]; ++ digest[ 8] = ctxt->md5_st8[11]; digest[ 9] = ctxt->md5_st8[10]; ++ digest[10] = ctxt->md5_st8[ 9]; digest[11] = ctxt->md5_st8[ 8]; ++ digest[12] = ctxt->md5_st8[15]; digest[13] = ctxt->md5_st8[14]; ++ digest[14] = ctxt->md5_st8[13]; digest[15] = ctxt->md5_st8[12]; ++#endif ++} ++ ++static void md5_calc(b64, ctxt) ++ u_int8_t *b64; ++ md5_ctxt *ctxt; ++{ ++ u_int32_t A = ctxt->md5_sta; ++ u_int32_t B = ctxt->md5_stb; ++ u_int32_t C = ctxt->md5_stc; ++ u_int32_t D = ctxt->md5_std; ++#if BYTE_ORDER == LITTLE_ENDIAN ++ u_int32_t *X = (u_int32_t *)b64; ++#endif ++#if BYTE_ORDER == BIG_ENDIAN ++ /* 4 byte words */ ++ /* what a brute force but fast! */ ++ u_int32_t X[16]; ++ u_int8_t *y = (u_int8_t *)X; ++ y[ 0] = b64[ 3]; y[ 1] = b64[ 2]; y[ 2] = b64[ 1]; y[ 3] = b64[ 0]; ++ y[ 4] = b64[ 7]; y[ 5] = b64[ 6]; y[ 6] = b64[ 5]; y[ 7] = b64[ 4]; ++ y[ 8] = b64[11]; y[ 9] = b64[10]; y[10] = b64[ 9]; y[11] = b64[ 8]; ++ y[12] = b64[15]; y[13] = b64[14]; y[14] = b64[13]; y[15] = b64[12]; ++ y[16] = b64[19]; y[17] = b64[18]; y[18] = b64[17]; y[19] = b64[16]; ++ y[20] = b64[23]; y[21] = b64[22]; y[22] = b64[21]; y[23] = b64[20]; ++ y[24] = b64[27]; y[25] = b64[26]; y[26] = b64[25]; y[27] = b64[24]; ++ y[28] = b64[31]; y[29] = b64[30]; y[30] = b64[29]; y[31] = b64[28]; ++ y[32] = b64[35]; y[33] = b64[34]; y[34] = b64[33]; y[35] = b64[32]; ++ y[36] = b64[39]; y[37] = b64[38]; y[38] = b64[37]; y[39] = b64[36]; ++ y[40] = b64[43]; y[41] = b64[42]; y[42] = b64[41]; y[43] = b64[40]; ++ y[44] = b64[47]; y[45] = b64[46]; y[46] = b64[45]; y[47] = b64[44]; ++ y[48] = b64[51]; y[49] = b64[50]; y[50] = b64[49]; y[51] = b64[48]; ++ y[52] = b64[55]; y[53] = b64[54]; y[54] = b64[53]; y[55] = b64[52]; ++ y[56] = b64[59]; y[57] = b64[58]; y[58] = b64[57]; y[59] = b64[56]; ++ y[60] = b64[63]; y[61] = b64[62]; y[62] = b64[61]; y[63] = b64[60]; ++#endif ++ ++ ROUND1(A, B, C, D, 0, Sa, 1); ROUND1(D, A, B, C, 1, Sb, 2); ++ ROUND1(C, D, A, B, 2, Sc, 3); ROUND1(B, C, D, A, 3, Sd, 4); ++ ROUND1(A, B, C, D, 4, Sa, 5); ROUND1(D, A, B, C, 5, Sb, 6); ++ ROUND1(C, D, A, B, 6, Sc, 7); ROUND1(B, C, D, A, 7, Sd, 8); ++ ROUND1(A, B, C, D, 8, Sa, 9); ROUND1(D, A, B, C, 9, Sb, 10); ++ ROUND1(C, D, A, B, 10, Sc, 11); ROUND1(B, C, D, A, 11, Sd, 12); ++ ROUND1(A, B, C, D, 12, Sa, 13); ROUND1(D, A, B, C, 13, Sb, 14); ++ ROUND1(C, D, A, B, 14, Sc, 15); ROUND1(B, C, D, A, 15, Sd, 16); ++ ++ ROUND2(A, B, C, D, 1, Se, 17); ROUND2(D, A, B, C, 6, Sf, 18); ++ ROUND2(C, D, A, B, 11, Sg, 19); ROUND2(B, C, D, A, 0, Sh, 20); ++ ROUND2(A, B, C, D, 5, Se, 21); ROUND2(D, A, B, C, 10, Sf, 22); ++ ROUND2(C, D, A, B, 15, Sg, 23); ROUND2(B, C, D, A, 4, Sh, 24); ++ ROUND2(A, B, C, D, 9, Se, 25); ROUND2(D, A, B, C, 14, Sf, 26); ++ ROUND2(C, D, A, B, 3, Sg, 27); ROUND2(B, C, D, A, 8, Sh, 28); ++ ROUND2(A, B, C, D, 13, Se, 29); ROUND2(D, A, B, C, 2, Sf, 30); ++ ROUND2(C, D, A, B, 7, Sg, 31); ROUND2(B, C, D, A, 12, Sh, 32); ++ ++ ROUND3(A, B, C, D, 5, Si, 33); ROUND3(D, A, B, C, 8, Sj, 34); ++ ROUND3(C, D, A, B, 11, Sk, 35); ROUND3(B, C, D, A, 14, Sl, 36); ++ ROUND3(A, B, C, D, 1, Si, 37); ROUND3(D, A, B, C, 4, Sj, 38); ++ ROUND3(C, D, A, B, 7, Sk, 39); ROUND3(B, C, D, A, 10, Sl, 40); ++ ROUND3(A, B, C, D, 13, Si, 41); ROUND3(D, A, B, C, 0, Sj, 42); ++ ROUND3(C, D, A, B, 3, Sk, 43); ROUND3(B, C, D, A, 6, Sl, 44); ++ ROUND3(A, B, C, D, 9, Si, 45); ROUND3(D, A, B, C, 12, Sj, 46); ++ ROUND3(C, D, A, B, 15, Sk, 47); ROUND3(B, C, D, A, 2, Sl, 48); ++ ++ ROUND4(A, B, C, D, 0, Sm, 49); ROUND4(D, A, B, C, 7, Sn, 50); ++ ROUND4(C, D, A, B, 14, So, 51); ROUND4(B, C, D, A, 5, Sp, 52); ++ ROUND4(A, B, C, D, 12, Sm, 53); ROUND4(D, A, B, C, 3, Sn, 54); ++ ROUND4(C, D, A, B, 10, So, 55); ROUND4(B, C, D, A, 1, Sp, 56); ++ ROUND4(A, B, C, D, 8, Sm, 57); ROUND4(D, A, B, C, 15, Sn, 58); ++ ROUND4(C, D, A, B, 6, So, 59); ROUND4(B, C, D, A, 13, Sp, 60); ++ ROUND4(A, B, C, D, 4, Sm, 61); ROUND4(D, A, B, C, 11, Sn, 62); ++ ROUND4(C, D, A, B, 2, So, 63); ROUND4(B, C, D, A, 9, Sp, 64); ++ ++ ctxt->md5_sta += A; ++ ctxt->md5_stb += B; ++ ctxt->md5_stc += C; ++ ctxt->md5_std += D; ++} +--- /dev/null ++++ b/crypto/ocf/safe/md5.h +@@ -0,0 +1,76 @@ ++/* $FreeBSD: src/sys/crypto/md5.h,v 1.4 2002/03/20 05:13:50 alfred Exp $ */ ++/* $KAME: md5.h,v 1.4 2000/03/27 04:36:22 sumikawa Exp $ */ ++ ++/* ++ * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. Neither the name of the project nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++ ++#ifndef _NETINET6_MD5_H_ ++#define _NETINET6_MD5_H_ ++ ++#define MD5_BUFLEN 64 ++ ++typedef struct { ++ union { ++ u_int32_t md5_state32[4]; ++ u_int8_t md5_state8[16]; ++ } md5_st; ++ ++#define md5_sta md5_st.md5_state32[0] ++#define md5_stb md5_st.md5_state32[1] ++#define md5_stc md5_st.md5_state32[2] ++#define md5_std md5_st.md5_state32[3] ++#define md5_st8 md5_st.md5_state8 ++ ++ union { ++ u_int64_t md5_count64; ++ u_int8_t md5_count8[8]; ++ } md5_count; ++#define md5_n md5_count.md5_count64 ++#define md5_n8 md5_count.md5_count8 ++ ++ u_int md5_i; ++ u_int8_t md5_buf[MD5_BUFLEN]; ++} md5_ctxt; ++ ++extern void md5_init(md5_ctxt *); ++extern void md5_loop(md5_ctxt *, u_int8_t *, u_int); ++extern void md5_pad(md5_ctxt *); ++extern void md5_result(u_int8_t *, md5_ctxt *); ++ ++/* compatibility */ ++#define MD5_CTX md5_ctxt ++#define MD5Init(x) md5_init((x)) ++#define MD5Update(x, y, z) md5_loop((x), (y), (z)) ++#define MD5Final(x, y) \ ++do { \ ++ md5_pad((y)); \ ++ md5_result((x), (y)); \ ++} while (0) ++ ++#endif /* ! _NETINET6_MD5_H_*/ +--- /dev/null ++++ b/crypto/ocf/safe/safe.c +@@ -0,0 +1,2288 @@ ++/*- ++ * Linux port done by David McCullough <david_mccullough@securecomputing.com> ++ * Copyright (C) 2004-2007 David McCullough ++ * The license and original author are listed below. ++ * ++ * Copyright (c) 2003 Sam Leffler, Errno Consulting ++ * Copyright (c) 2003 Global Technology Associates, Inc. ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++__FBSDID("$FreeBSD: src/sys/dev/safe/safe.c,v 1.18 2007/03/21 03:42:50 sam Exp $"); ++ */ ++ ++#ifndef AUTOCONF_INCLUDED ++#include <linux/config.h> ++#endif ++#include <linux/module.h> ++#include <linux/kernel.h> ++#include <linux/init.h> ++#include <linux/list.h> ++#include <linux/slab.h> ++#include <linux/wait.h> ++#include <linux/sched.h> ++#include <linux/pci.h> ++#include <linux/delay.h> ++#include <linux/interrupt.h> ++#include <linux/spinlock.h> ++#include <linux/random.h> ++#include <linux/version.h> ++#include <linux/skbuff.h> ++#include <asm/io.h> ++ ++/* ++ * SafeNet SafeXcel-1141 hardware crypto accelerator ++ */ ++ ++#include <cryptodev.h> ++#include <uio.h> ++#include <safe/safereg.h> ++#include <safe/safevar.h> ++ ++#if 1 ++#define DPRINTF(a) do { \ ++ if (debug) { \ ++ printk("%s: ", sc ? \ ++ device_get_nameunit(sc->sc_dev) : "safe"); \ ++ printk a; \ ++ } \ ++ } while (0) ++#else ++#define DPRINTF(a) ++#endif ++ ++/* ++ * until we find a cleaner way, include the BSD md5/sha1 code ++ * here ++ */ ++#define HMAC_HACK 1 ++#ifdef HMAC_HACK ++#define LITTLE_ENDIAN 1234 ++#define BIG_ENDIAN 4321 ++#ifdef __LITTLE_ENDIAN ++#define BYTE_ORDER LITTLE_ENDIAN ++#endif ++#ifdef __BIG_ENDIAN ++#define BYTE_ORDER BIG_ENDIAN ++#endif ++#include <safe/md5.h> ++#include <safe/md5.c> ++#include <safe/sha1.h> ++#include <safe/sha1.c> ++ ++u_int8_t hmac_ipad_buffer[64] = { ++ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, ++ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, ++ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, ++ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, ++ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, ++ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, ++ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, ++ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 ++}; ++ ++u_int8_t hmac_opad_buffer[64] = { ++ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, ++ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, ++ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, ++ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, ++ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, ++ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, ++ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, ++ 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C ++}; ++#endif /* HMAC_HACK */ ++ ++/* add proc entry for this */ ++struct safe_stats safestats; ++ ++#define debug safe_debug ++int safe_debug = 0; ++module_param(safe_debug, int, 0644); ++MODULE_PARM_DESC(safe_debug, "Enable debug"); ++ ++static void safe_callback(struct safe_softc *, struct safe_ringentry *); ++static void safe_feed(struct safe_softc *, struct safe_ringentry *); ++#if defined(CONFIG_OCF_RANDOMHARVEST) && !defined(SAFE_NO_RNG) ++static void safe_rng_init(struct safe_softc *); ++int safe_rngbufsize = 8; /* 32 bytes each read */ ++module_param(safe_rngbufsize, int, 0644); ++MODULE_PARM_DESC(safe_rngbufsize, "RNG polling buffer size (32-bit words)"); ++int safe_rngmaxalarm = 8; /* max alarms before reset */ ++module_param(safe_rngmaxalarm, int, 0644); ++MODULE_PARM_DESC(safe_rngmaxalarm, "RNG max alarms before reset"); ++#endif /* SAFE_NO_RNG */ ++ ++static void safe_totalreset(struct safe_softc *sc); ++static int safe_dmamap_aligned(struct safe_softc *sc, const struct safe_operand *op); ++static int safe_dmamap_uniform(struct safe_softc *sc, const struct safe_operand *op); ++static int safe_free_entry(struct safe_softc *sc, struct safe_ringentry *re); ++static int safe_kprocess(device_t dev, struct cryptkop *krp, int hint); ++static int safe_kstart(struct safe_softc *sc); ++static int safe_ksigbits(struct safe_softc *sc, struct crparam *cr); ++static void safe_kfeed(struct safe_softc *sc); ++static void safe_kpoll(unsigned long arg); ++static void safe_kload_reg(struct safe_softc *sc, u_int32_t off, ++ u_int32_t len, struct crparam *n); ++ ++static int safe_newsession(device_t, u_int32_t *, struct cryptoini *); ++static int safe_freesession(device_t, u_int64_t); ++static int safe_process(device_t, struct cryptop *, int); ++ ++static device_method_t safe_methods = { ++ /* crypto device methods */ ++ DEVMETHOD(cryptodev_newsession, safe_newsession), ++ DEVMETHOD(cryptodev_freesession,safe_freesession), ++ DEVMETHOD(cryptodev_process, safe_process), ++ DEVMETHOD(cryptodev_kprocess, safe_kprocess), ++}; ++ ++#define READ_REG(sc,r) readl((sc)->sc_base_addr + (r)) ++#define WRITE_REG(sc,r,val) writel((val), (sc)->sc_base_addr + (r)) ++ ++#define SAFE_MAX_CHIPS 8 ++static struct safe_softc *safe_chip_idx[SAFE_MAX_CHIPS]; ++ ++/* ++ * split our buffers up into safe DMAable byte fragments to avoid lockup ++ * bug in 1141 HW on rev 1.0. ++ */ ++ ++static int ++pci_map_linear( ++ struct safe_softc *sc, ++ struct safe_operand *buf, ++ void *addr, ++ int len) ++{ ++ dma_addr_t tmp; ++ int chunk, tlen = len; ++ ++ tmp = pci_map_single(sc->sc_pcidev, addr, len, PCI_DMA_BIDIRECTIONAL); ++ ++ buf->mapsize += len; ++ while (len > 0) { ++ chunk = (len > sc->sc_max_dsize) ? sc->sc_max_dsize : len; ++ buf->segs[buf->nsegs].ds_addr = tmp; ++ buf->segs[buf->nsegs].ds_len = chunk; ++ buf->segs[buf->nsegs].ds_tlen = tlen; ++ buf->nsegs++; ++ tmp += chunk; ++ len -= chunk; ++ tlen = 0; ++ } ++ return 0; ++} ++ ++/* ++ * map in a given uio buffer (great on some arches :-) ++ */ ++ ++static int ++pci_map_uio(struct safe_softc *sc, struct safe_operand *buf, struct uio *uio) ++{ ++ struct iovec *iov = uio->uio_iov; ++ int n; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ buf->mapsize = 0; ++ buf->nsegs = 0; ++ ++ for (n = 0; n < uio->uio_iovcnt; n++) { ++ pci_map_linear(sc, buf, iov->iov_base, iov->iov_len); ++ iov++; ++ } ++ ++ /* identify this buffer by the first segment */ ++ buf->map = (void *) buf->segs[0].ds_addr; ++ return(0); ++} ++ ++/* ++ * map in a given sk_buff ++ */ ++ ++static int ++pci_map_skb(struct safe_softc *sc,struct safe_operand *buf,struct sk_buff *skb) ++{ ++ int i; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ buf->mapsize = 0; ++ buf->nsegs = 0; ++ ++ pci_map_linear(sc, buf, skb->data, skb_headlen(skb)); ++ ++ for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { ++ pci_map_linear(sc, buf, ++ page_address(skb_shinfo(skb)->frags[i].page) + ++ skb_shinfo(skb)->frags[i].page_offset, ++ skb_shinfo(skb)->frags[i].size); ++ } ++ ++ /* identify this buffer by the first segment */ ++ buf->map = (void *) buf->segs[0].ds_addr; ++ return(0); ++} ++ ++ ++#if 0 /* not needed at this time */ ++static void ++pci_sync_operand(struct safe_softc *sc, struct safe_operand *buf) ++{ ++ int i; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ for (i = 0; i < buf->nsegs; i++) ++ pci_dma_sync_single_for_cpu(sc->sc_pcidev, buf->segs[i].ds_addr, ++ buf->segs[i].ds_len, PCI_DMA_BIDIRECTIONAL); ++} ++#endif ++ ++static void ++pci_unmap_operand(struct safe_softc *sc, struct safe_operand *buf) ++{ ++ int i; ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ for (i = 0; i < buf->nsegs; i++) { ++ if (buf->segs[i].ds_tlen) { ++ DPRINTF(("%s - unmap %d 0x%x %d\n", __FUNCTION__, i, buf->segs[i].ds_addr, buf->segs[i].ds_tlen)); ++ pci_unmap_single(sc->sc_pcidev, buf->segs[i].ds_addr, ++ buf->segs[i].ds_tlen, PCI_DMA_BIDIRECTIONAL); ++ DPRINTF(("%s - unmap %d 0x%x %d done\n", __FUNCTION__, i, buf->segs[i].ds_addr, buf->segs[i].ds_tlen)); ++ } ++ buf->segs[i].ds_addr = 0; ++ buf->segs[i].ds_len = 0; ++ buf->segs[i].ds_tlen = 0; ++ } ++ buf->nsegs = 0; ++ buf->mapsize = 0; ++ buf->map = 0; ++} ++ ++ ++/* ++ * SafeXcel Interrupt routine ++ */ ++static irqreturn_t ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) ++safe_intr(int irq, void *arg) ++#else ++safe_intr(int irq, void *arg, struct pt_regs *regs) ++#endif ++{ ++ struct safe_softc *sc = arg; ++ int stat; ++ unsigned long flags; ++ ++ stat = READ_REG(sc, SAFE_HM_STAT); ++ ++ DPRINTF(("%s(stat=0x%x)\n", __FUNCTION__, stat)); ++ ++ if (stat == 0) /* shared irq, not for us */ ++ return IRQ_NONE; ++ ++ WRITE_REG(sc, SAFE_HI_CLR, stat); /* IACK */ ++ ++ if ((stat & SAFE_INT_PE_DDONE)) { ++ /* ++ * Descriptor(s) done; scan the ring and ++ * process completed operations. ++ */ ++ spin_lock_irqsave(&sc->sc_ringmtx, flags); ++ while (sc->sc_back != sc->sc_front) { ++ struct safe_ringentry *re = sc->sc_back; ++ ++#ifdef SAFE_DEBUG ++ if (debug) { ++ safe_dump_ringstate(sc, __func__); ++ safe_dump_request(sc, __func__, re); ++ } ++#endif ++ /* ++ * safe_process marks ring entries that were allocated ++ * but not used with a csr of zero. This insures the ++ * ring front pointer never needs to be set backwards ++ * in the event that an entry is allocated but not used ++ * because of a setup error. ++ */ ++ DPRINTF(("%s re->re_desc.d_csr=0x%x\n", __FUNCTION__, re->re_desc.d_csr)); ++ if (re->re_desc.d_csr != 0) { ++ if (!SAFE_PE_CSR_IS_DONE(re->re_desc.d_csr)) { ++ DPRINTF(("%s !CSR_IS_DONE\n", __FUNCTION__)); ++ break; ++ } ++ if (!SAFE_PE_LEN_IS_DONE(re->re_desc.d_len)) { ++ DPRINTF(("%s !LEN_IS_DONE\n", __FUNCTION__)); ++ break; ++ } ++ sc->sc_nqchip--; ++ safe_callback(sc, re); ++ } ++ if (++(sc->sc_back) == sc->sc_ringtop) ++ sc->sc_back = sc->sc_ring; ++ } ++ spin_unlock_irqrestore(&sc->sc_ringmtx, flags); ++ } ++ ++ /* ++ * Check to see if we got any DMA Error ++ */ ++ if (stat & SAFE_INT_PE_ERROR) { ++ printk("%s: dmaerr dmastat %08x\n", device_get_nameunit(sc->sc_dev), ++ (int)READ_REG(sc, SAFE_PE_DMASTAT)); ++ safestats.st_dmaerr++; ++ safe_totalreset(sc); ++#if 0 ++ safe_feed(sc); ++#endif ++ } ++ ++ if (sc->sc_needwakeup) { /* XXX check high watermark */ ++ int wakeup = sc->sc_needwakeup & (CRYPTO_SYMQ|CRYPTO_ASYMQ); ++ DPRINTF(("%s: wakeup crypto %x\n", __func__, ++ sc->sc_needwakeup)); ++ sc->sc_needwakeup &= ~wakeup; ++ crypto_unblock(sc->sc_cid, wakeup); ++ } ++ ++ return IRQ_HANDLED; ++} ++ ++/* ++ * safe_feed() - post a request to chip ++ */ ++static void ++safe_feed(struct safe_softc *sc, struct safe_ringentry *re) ++{ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++#ifdef SAFE_DEBUG ++ if (debug) { ++ safe_dump_ringstate(sc, __func__); ++ safe_dump_request(sc, __func__, re); ++ } ++#endif ++ sc->sc_nqchip++; ++ if (sc->sc_nqchip > safestats.st_maxqchip) ++ safestats.st_maxqchip = sc->sc_nqchip; ++ /* poke h/w to check descriptor ring, any value can be written */ ++ WRITE_REG(sc, SAFE_HI_RD_DESCR, 0); ++} ++ ++#define N(a) (sizeof(a) / sizeof (a[0])) ++static void ++safe_setup_enckey(struct safe_session *ses, caddr_t key) ++{ ++ int i; ++ ++ bcopy(key, ses->ses_key, ses->ses_klen / 8); ++ ++ /* PE is little-endian, insure proper byte order */ ++ for (i = 0; i < N(ses->ses_key); i++) ++ ses->ses_key[i] = htole32(ses->ses_key[i]); ++} ++ ++static void ++safe_setup_mackey(struct safe_session *ses, int algo, caddr_t key, int klen) ++{ ++#ifdef HMAC_HACK ++ MD5_CTX md5ctx; ++ SHA1_CTX sha1ctx; ++ int i; ++ ++ ++ for (i = 0; i < klen; i++) ++ key[i] ^= HMAC_IPAD_VAL; ++ ++ if (algo == CRYPTO_MD5_HMAC) { ++ MD5Init(&md5ctx); ++ MD5Update(&md5ctx, key, klen); ++ MD5Update(&md5ctx, hmac_ipad_buffer, MD5_HMAC_BLOCK_LEN - klen); ++ bcopy(md5ctx.md5_st8, ses->ses_hminner, sizeof(md5ctx.md5_st8)); ++ } else { ++ SHA1Init(&sha1ctx); ++ SHA1Update(&sha1ctx, key, klen); ++ SHA1Update(&sha1ctx, hmac_ipad_buffer, ++ SHA1_HMAC_BLOCK_LEN - klen); ++ bcopy(sha1ctx.h.b32, ses->ses_hminner, sizeof(sha1ctx.h.b32)); ++ } ++ ++ for (i = 0; i < klen; i++) ++ key[i] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); ++ ++ if (algo == CRYPTO_MD5_HMAC) { ++ MD5Init(&md5ctx); ++ MD5Update(&md5ctx, key, klen); ++ MD5Update(&md5ctx, hmac_opad_buffer, MD5_HMAC_BLOCK_LEN - klen); ++ bcopy(md5ctx.md5_st8, ses->ses_hmouter, sizeof(md5ctx.md5_st8)); ++ } else { ++ SHA1Init(&sha1ctx); ++ SHA1Update(&sha1ctx, key, klen); ++ SHA1Update(&sha1ctx, hmac_opad_buffer, ++ SHA1_HMAC_BLOCK_LEN - klen); ++ bcopy(sha1ctx.h.b32, ses->ses_hmouter, sizeof(sha1ctx.h.b32)); ++ } ++ ++ for (i = 0; i < klen; i++) ++ key[i] ^= HMAC_OPAD_VAL; ++ ++#if 0 ++ /* ++ * this code prevents SHA working on a BE host, ++ * so it is obviously wrong. I think the byte ++ * swap setup we do with the chip fixes this for us ++ */ ++ ++ /* PE is little-endian, insure proper byte order */ ++ for (i = 0; i < N(ses->ses_hminner); i++) { ++ ses->ses_hminner[i] = htole32(ses->ses_hminner[i]); ++ ses->ses_hmouter[i] = htole32(ses->ses_hmouter[i]); ++ } ++#endif ++#else /* HMAC_HACK */ ++ printk("safe: md5/sha not implemented\n"); ++#endif /* HMAC_HACK */ ++} ++#undef N ++ ++/* ++ * Allocate a new 'session' and return an encoded session id. 'sidp' ++ * contains our registration id, and should contain an encoded session ++ * id on successful allocation. ++ */ ++static int ++safe_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri) ++{ ++ struct safe_softc *sc = device_get_softc(dev); ++ struct cryptoini *c, *encini = NULL, *macini = NULL; ++ struct safe_session *ses = NULL; ++ int sesn; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ if (sidp == NULL || cri == NULL || sc == NULL) ++ return (EINVAL); ++ ++ for (c = cri; c != NULL; c = c->cri_next) { ++ if (c->cri_alg == CRYPTO_MD5_HMAC || ++ c->cri_alg == CRYPTO_SHA1_HMAC || ++ c->cri_alg == CRYPTO_NULL_HMAC) { ++ if (macini) ++ return (EINVAL); ++ macini = c; ++ } else if (c->cri_alg == CRYPTO_DES_CBC || ++ c->cri_alg == CRYPTO_3DES_CBC || ++ c->cri_alg == CRYPTO_AES_CBC || ++ c->cri_alg == CRYPTO_NULL_CBC) { ++ if (encini) ++ return (EINVAL); ++ encini = c; ++ } else ++ return (EINVAL); ++ } ++ if (encini == NULL && macini == NULL) ++ return (EINVAL); ++ if (encini) { /* validate key length */ ++ switch (encini->cri_alg) { ++ case CRYPTO_DES_CBC: ++ if (encini->cri_klen != 64) ++ return (EINVAL); ++ break; ++ case CRYPTO_3DES_CBC: ++ if (encini->cri_klen != 192) ++ return (EINVAL); ++ break; ++ case CRYPTO_AES_CBC: ++ if (encini->cri_klen != 128 && ++ encini->cri_klen != 192 && ++ encini->cri_klen != 256) ++ return (EINVAL); ++ break; ++ } ++ } ++ ++ if (sc->sc_sessions == NULL) { ++ ses = sc->sc_sessions = (struct safe_session *) ++ kmalloc(sizeof(struct safe_session), SLAB_ATOMIC); ++ if (ses == NULL) ++ return (ENOMEM); ++ memset(ses, 0, sizeof(struct safe_session)); ++ sesn = 0; ++ sc->sc_nsessions = 1; ++ } else { ++ for (sesn = 0; sesn < sc->sc_nsessions; sesn++) { ++ if (sc->sc_sessions[sesn].ses_used == 0) { ++ ses = &sc->sc_sessions[sesn]; ++ break; ++ } ++ } ++ ++ if (ses == NULL) { ++ sesn = sc->sc_nsessions; ++ ses = (struct safe_session *) ++ kmalloc((sesn + 1) * sizeof(struct safe_session), SLAB_ATOMIC); ++ if (ses == NULL) ++ return (ENOMEM); ++ memset(ses, 0, (sesn + 1) * sizeof(struct safe_session)); ++ bcopy(sc->sc_sessions, ses, sesn * ++ sizeof(struct safe_session)); ++ bzero(sc->sc_sessions, sesn * ++ sizeof(struct safe_session)); ++ kfree(sc->sc_sessions); ++ sc->sc_sessions = ses; ++ ses = &sc->sc_sessions[sesn]; ++ sc->sc_nsessions++; ++ } ++ } ++ ++ bzero(ses, sizeof(struct safe_session)); ++ ses->ses_used = 1; ++ ++ if (encini) { ++ /* get an IV */ ++ /* XXX may read fewer than requested */ ++ read_random(ses->ses_iv, sizeof(ses->ses_iv)); ++ ++ ses->ses_klen = encini->cri_klen; ++ if (encini->cri_key != NULL) ++ safe_setup_enckey(ses, encini->cri_key); ++ } ++ ++ if (macini) { ++ ses->ses_mlen = macini->cri_mlen; ++ if (ses->ses_mlen == 0) { ++ if (macini->cri_alg == CRYPTO_MD5_HMAC) ++ ses->ses_mlen = MD5_HASH_LEN; ++ else ++ ses->ses_mlen = SHA1_HASH_LEN; ++ } ++ ++ if (macini->cri_key != NULL) { ++ safe_setup_mackey(ses, macini->cri_alg, macini->cri_key, ++ macini->cri_klen / 8); ++ } ++ } ++ ++ *sidp = SAFE_SID(device_get_unit(sc->sc_dev), sesn); ++ return (0); ++} ++ ++/* ++ * Deallocate a session. ++ */ ++static int ++safe_freesession(device_t dev, u_int64_t tid) ++{ ++ struct safe_softc *sc = device_get_softc(dev); ++ int session, ret; ++ u_int32_t sid = ((u_int32_t) tid) & 0xffffffff; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ if (sc == NULL) ++ return (EINVAL); ++ ++ session = SAFE_SESSION(sid); ++ if (session < sc->sc_nsessions) { ++ bzero(&sc->sc_sessions[session], sizeof(sc->sc_sessions[session])); ++ ret = 0; ++ } else ++ ret = EINVAL; ++ return (ret); ++} ++ ++ ++static int ++safe_process(device_t dev, struct cryptop *crp, int hint) ++{ ++ struct safe_softc *sc = device_get_softc(dev); ++ int err = 0, i, nicealign, uniform; ++ struct cryptodesc *crd1, *crd2, *maccrd, *enccrd; ++ int bypass, oplen, ivsize; ++ caddr_t iv; ++ int16_t coffset; ++ struct safe_session *ses; ++ struct safe_ringentry *re; ++ struct safe_sarec *sa; ++ struct safe_pdesc *pd; ++ u_int32_t cmd0, cmd1, staterec; ++ unsigned long flags; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ if (crp == NULL || crp->crp_callback == NULL || sc == NULL) { ++ safestats.st_invalid++; ++ return (EINVAL); ++ } ++ if (SAFE_SESSION(crp->crp_sid) >= sc->sc_nsessions) { ++ safestats.st_badsession++; ++ return (EINVAL); ++ } ++ ++ spin_lock_irqsave(&sc->sc_ringmtx, flags); ++ if (sc->sc_front == sc->sc_back && sc->sc_nqchip != 0) { ++ safestats.st_ringfull++; ++ sc->sc_needwakeup |= CRYPTO_SYMQ; ++ spin_unlock_irqrestore(&sc->sc_ringmtx, flags); ++ return (ERESTART); ++ } ++ re = sc->sc_front; ++ ++ staterec = re->re_sa.sa_staterec; /* save */ ++ /* NB: zero everything but the PE descriptor */ ++ bzero(&re->re_sa, sizeof(struct safe_ringentry) - sizeof(re->re_desc)); ++ re->re_sa.sa_staterec = staterec; /* restore */ ++ ++ re->re_crp = crp; ++ re->re_sesn = SAFE_SESSION(crp->crp_sid); ++ ++ re->re_src.nsegs = 0; ++ re->re_dst.nsegs = 0; ++ ++ if (crp->crp_flags & CRYPTO_F_SKBUF) { ++ re->re_src_skb = (struct sk_buff *)crp->crp_buf; ++ re->re_dst_skb = (struct sk_buff *)crp->crp_buf; ++ } else if (crp->crp_flags & CRYPTO_F_IOV) { ++ re->re_src_io = (struct uio *)crp->crp_buf; ++ re->re_dst_io = (struct uio *)crp->crp_buf; ++ } else { ++ safestats.st_badflags++; ++ err = EINVAL; ++ goto errout; /* XXX we don't handle contiguous blocks! */ ++ } ++ ++ sa = &re->re_sa; ++ ses = &sc->sc_sessions[re->re_sesn]; ++ ++ crd1 = crp->crp_desc; ++ if (crd1 == NULL) { ++ safestats.st_nodesc++; ++ err = EINVAL; ++ goto errout; ++ } ++ crd2 = crd1->crd_next; ++ ++ cmd0 = SAFE_SA_CMD0_BASIC; /* basic group operation */ ++ cmd1 = 0; ++ if (crd2 == NULL) { ++ if (crd1->crd_alg == CRYPTO_MD5_HMAC || ++ crd1->crd_alg == CRYPTO_SHA1_HMAC || ++ crd1->crd_alg == CRYPTO_NULL_HMAC) { ++ maccrd = crd1; ++ enccrd = NULL; ++ cmd0 |= SAFE_SA_CMD0_OP_HASH; ++ } else if (crd1->crd_alg == CRYPTO_DES_CBC || ++ crd1->crd_alg == CRYPTO_3DES_CBC || ++ crd1->crd_alg == CRYPTO_AES_CBC || ++ crd1->crd_alg == CRYPTO_NULL_CBC) { ++ maccrd = NULL; ++ enccrd = crd1; ++ cmd0 |= SAFE_SA_CMD0_OP_CRYPT; ++ } else { ++ safestats.st_badalg++; ++ err = EINVAL; ++ goto errout; ++ } ++ } else { ++ if ((crd1->crd_alg == CRYPTO_MD5_HMAC || ++ crd1->crd_alg == CRYPTO_SHA1_HMAC || ++ crd1->crd_alg == CRYPTO_NULL_HMAC) && ++ (crd2->crd_alg == CRYPTO_DES_CBC || ++ crd2->crd_alg == CRYPTO_3DES_CBC || ++ crd2->crd_alg == CRYPTO_AES_CBC || ++ crd2->crd_alg == CRYPTO_NULL_CBC) && ++ ((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) { ++ maccrd = crd1; ++ enccrd = crd2; ++ } else if ((crd1->crd_alg == CRYPTO_DES_CBC || ++ crd1->crd_alg == CRYPTO_3DES_CBC || ++ crd1->crd_alg == CRYPTO_AES_CBC || ++ crd1->crd_alg == CRYPTO_NULL_CBC) && ++ (crd2->crd_alg == CRYPTO_MD5_HMAC || ++ crd2->crd_alg == CRYPTO_SHA1_HMAC || ++ crd2->crd_alg == CRYPTO_NULL_HMAC) && ++ (crd1->crd_flags & CRD_F_ENCRYPT)) { ++ enccrd = crd1; ++ maccrd = crd2; ++ } else { ++ safestats.st_badalg++; ++ err = EINVAL; ++ goto errout; ++ } ++ cmd0 |= SAFE_SA_CMD0_OP_BOTH; ++ } ++ ++ if (enccrd) { ++ if (enccrd->crd_flags & CRD_F_KEY_EXPLICIT) ++ safe_setup_enckey(ses, enccrd->crd_key); ++ ++ if (enccrd->crd_alg == CRYPTO_DES_CBC) { ++ cmd0 |= SAFE_SA_CMD0_DES; ++ cmd1 |= SAFE_SA_CMD1_CBC; ++ ivsize = 2*sizeof(u_int32_t); ++ } else if (enccrd->crd_alg == CRYPTO_3DES_CBC) { ++ cmd0 |= SAFE_SA_CMD0_3DES; ++ cmd1 |= SAFE_SA_CMD1_CBC; ++ ivsize = 2*sizeof(u_int32_t); ++ } else if (enccrd->crd_alg == CRYPTO_AES_CBC) { ++ cmd0 |= SAFE_SA_CMD0_AES; ++ cmd1 |= SAFE_SA_CMD1_CBC; ++ if (ses->ses_klen == 128) ++ cmd1 |= SAFE_SA_CMD1_AES128; ++ else if (ses->ses_klen == 192) ++ cmd1 |= SAFE_SA_CMD1_AES192; ++ else ++ cmd1 |= SAFE_SA_CMD1_AES256; ++ ivsize = 4*sizeof(u_int32_t); ++ } else { ++ cmd0 |= SAFE_SA_CMD0_CRYPT_NULL; ++ ivsize = 0; ++ } ++ ++ /* ++ * Setup encrypt/decrypt state. When using basic ops ++ * we can't use an inline IV because hash/crypt offset ++ * must be from the end of the IV to the start of the ++ * crypt data and this leaves out the preceding header ++ * from the hash calculation. Instead we place the IV ++ * in the state record and set the hash/crypt offset to ++ * copy both the header+IV. ++ */ ++ if (enccrd->crd_flags & CRD_F_ENCRYPT) { ++ cmd0 |= SAFE_SA_CMD0_OUTBOUND; ++ ++ if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) ++ iv = enccrd->crd_iv; ++ else ++ iv = (caddr_t) ses->ses_iv; ++ if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) { ++ crypto_copyback(crp->crp_flags, crp->crp_buf, ++ enccrd->crd_inject, ivsize, iv); ++ } ++ bcopy(iv, re->re_sastate.sa_saved_iv, ivsize); ++ /* make iv LE */ ++ for (i = 0; i < ivsize/sizeof(re->re_sastate.sa_saved_iv[0]); i++) ++ re->re_sastate.sa_saved_iv[i] = ++ cpu_to_le32(re->re_sastate.sa_saved_iv[i]); ++ cmd0 |= SAFE_SA_CMD0_IVLD_STATE | SAFE_SA_CMD0_SAVEIV; ++ re->re_flags |= SAFE_QFLAGS_COPYOUTIV; ++ } else { ++ cmd0 |= SAFE_SA_CMD0_INBOUND; ++ ++ if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) { ++ bcopy(enccrd->crd_iv, ++ re->re_sastate.sa_saved_iv, ivsize); ++ } else { ++ crypto_copydata(crp->crp_flags, crp->crp_buf, ++ enccrd->crd_inject, ivsize, ++ (caddr_t)re->re_sastate.sa_saved_iv); ++ } ++ /* make iv LE */ ++ for (i = 0; i < ivsize/sizeof(re->re_sastate.sa_saved_iv[0]); i++) ++ re->re_sastate.sa_saved_iv[i] = ++ cpu_to_le32(re->re_sastate.sa_saved_iv[i]); ++ cmd0 |= SAFE_SA_CMD0_IVLD_STATE; ++ } ++ /* ++ * For basic encryption use the zero pad algorithm. ++ * This pads results to an 8-byte boundary and ++ * suppresses padding verification for inbound (i.e. ++ * decrypt) operations. ++ * ++ * NB: Not sure if the 8-byte pad boundary is a problem. ++ */ ++ cmd0 |= SAFE_SA_CMD0_PAD_ZERO; ++ ++ /* XXX assert key bufs have the same size */ ++ bcopy(ses->ses_key, sa->sa_key, sizeof(sa->sa_key)); ++ } ++ ++ if (maccrd) { ++ if (maccrd->crd_flags & CRD_F_KEY_EXPLICIT) { ++ safe_setup_mackey(ses, maccrd->crd_alg, ++ maccrd->crd_key, maccrd->crd_klen / 8); ++ } ++ ++ if (maccrd->crd_alg == CRYPTO_MD5_HMAC) { ++ cmd0 |= SAFE_SA_CMD0_MD5; ++ cmd1 |= SAFE_SA_CMD1_HMAC; /* NB: enable HMAC */ ++ } else if (maccrd->crd_alg == CRYPTO_SHA1_HMAC) { ++ cmd0 |= SAFE_SA_CMD0_SHA1; ++ cmd1 |= SAFE_SA_CMD1_HMAC; /* NB: enable HMAC */ ++ } else { ++ cmd0 |= SAFE_SA_CMD0_HASH_NULL; ++ } ++ /* ++ * Digest data is loaded from the SA and the hash ++ * result is saved to the state block where we ++ * retrieve it for return to the caller. ++ */ ++ /* XXX assert digest bufs have the same size */ ++ bcopy(ses->ses_hminner, sa->sa_indigest, ++ sizeof(sa->sa_indigest)); ++ bcopy(ses->ses_hmouter, sa->sa_outdigest, ++ sizeof(sa->sa_outdigest)); ++ ++ cmd0 |= SAFE_SA_CMD0_HSLD_SA | SAFE_SA_CMD0_SAVEHASH; ++ re->re_flags |= SAFE_QFLAGS_COPYOUTICV; ++ } ++ ++ if (enccrd && maccrd) { ++ /* ++ * The offset from hash data to the start of ++ * crypt data is the difference in the skips. ++ */ ++ bypass = maccrd->crd_skip; ++ coffset = enccrd->crd_skip - maccrd->crd_skip; ++ if (coffset < 0) { ++ DPRINTF(("%s: hash does not precede crypt; " ++ "mac skip %u enc skip %u\n", ++ __func__, maccrd->crd_skip, enccrd->crd_skip)); ++ safestats.st_skipmismatch++; ++ err = EINVAL; ++ goto errout; ++ } ++ oplen = enccrd->crd_skip + enccrd->crd_len; ++ if (maccrd->crd_skip + maccrd->crd_len != oplen) { ++ DPRINTF(("%s: hash amount %u != crypt amount %u\n", ++ __func__, maccrd->crd_skip + maccrd->crd_len, ++ oplen)); ++ safestats.st_lenmismatch++; ++ err = EINVAL; ++ goto errout; ++ } ++#ifdef SAFE_DEBUG ++ if (debug) { ++ printf("mac: skip %d, len %d, inject %d\n", ++ maccrd->crd_skip, maccrd->crd_len, ++ maccrd->crd_inject); ++ printf("enc: skip %d, len %d, inject %d\n", ++ enccrd->crd_skip, enccrd->crd_len, ++ enccrd->crd_inject); ++ printf("bypass %d coffset %d oplen %d\n", ++ bypass, coffset, oplen); ++ } ++#endif ++ if (coffset & 3) { /* offset must be 32-bit aligned */ ++ DPRINTF(("%s: coffset %u misaligned\n", ++ __func__, coffset)); ++ safestats.st_coffmisaligned++; ++ err = EINVAL; ++ goto errout; ++ } ++ coffset >>= 2; ++ if (coffset > 255) { /* offset must be <256 dwords */ ++ DPRINTF(("%s: coffset %u too big\n", ++ __func__, coffset)); ++ safestats.st_cofftoobig++; ++ err = EINVAL; ++ goto errout; ++ } ++ /* ++ * Tell the hardware to copy the header to the output. ++ * The header is defined as the data from the end of ++ * the bypass to the start of data to be encrypted. ++ * Typically this is the inline IV. Note that you need ++ * to do this even if src+dst are the same; it appears ++ * that w/o this bit the crypted data is written ++ * immediately after the bypass data. ++ */ ++ cmd1 |= SAFE_SA_CMD1_HDRCOPY; ++ /* ++ * Disable IP header mutable bit handling. This is ++ * needed to get correct HMAC calculations. ++ */ ++ cmd1 |= SAFE_SA_CMD1_MUTABLE; ++ } else { ++ if (enccrd) { ++ bypass = enccrd->crd_skip; ++ oplen = bypass + enccrd->crd_len; ++ } else { ++ bypass = maccrd->crd_skip; ++ oplen = bypass + maccrd->crd_len; ++ } ++ coffset = 0; ++ } ++ /* XXX verify multiple of 4 when using s/g */ ++ if (bypass > 96) { /* bypass offset must be <= 96 bytes */ ++ DPRINTF(("%s: bypass %u too big\n", __func__, bypass)); ++ safestats.st_bypasstoobig++; ++ err = EINVAL; ++ goto errout; ++ } ++ ++ if (crp->crp_flags & CRYPTO_F_SKBUF) { ++ if (pci_map_skb(sc, &re->re_src, re->re_src_skb)) { ++ safestats.st_noload++; ++ err = ENOMEM; ++ goto errout; ++ } ++ } else if (crp->crp_flags & CRYPTO_F_IOV) { ++ if (pci_map_uio(sc, &re->re_src, re->re_src_io)) { ++ safestats.st_noload++; ++ err = ENOMEM; ++ goto errout; ++ } ++ } ++ nicealign = safe_dmamap_aligned(sc, &re->re_src); ++ uniform = safe_dmamap_uniform(sc, &re->re_src); ++ ++ DPRINTF(("src nicealign %u uniform %u nsegs %u\n", ++ nicealign, uniform, re->re_src.nsegs)); ++ if (re->re_src.nsegs > 1) { ++ re->re_desc.d_src = sc->sc_spalloc.dma_paddr + ++ ((caddr_t) sc->sc_spfree - (caddr_t) sc->sc_spring); ++ for (i = 0; i < re->re_src_nsegs; i++) { ++ /* NB: no need to check if there's space */ ++ pd = sc->sc_spfree; ++ if (++(sc->sc_spfree) == sc->sc_springtop) ++ sc->sc_spfree = sc->sc_spring; ++ ++ KASSERT((pd->pd_flags&3) == 0 || ++ (pd->pd_flags&3) == SAFE_PD_DONE, ++ ("bogus source particle descriptor; flags %x", ++ pd->pd_flags)); ++ pd->pd_addr = re->re_src_segs[i].ds_addr; ++ pd->pd_size = re->re_src_segs[i].ds_len; ++ pd->pd_flags = SAFE_PD_READY; ++ } ++ cmd0 |= SAFE_SA_CMD0_IGATHER; ++ } else { ++ /* ++ * No need for gather, reference the operand directly. ++ */ ++ re->re_desc.d_src = re->re_src_segs[0].ds_addr; ++ } ++ ++ if (enccrd == NULL && maccrd != NULL) { ++ /* ++ * Hash op; no destination needed. ++ */ ++ } else { ++ if (crp->crp_flags & (CRYPTO_F_IOV|CRYPTO_F_SKBUF)) { ++ if (!nicealign) { ++ safestats.st_iovmisaligned++; ++ err = EINVAL; ++ goto errout; ++ } ++ if (uniform != 1) { ++ device_printf(sc->sc_dev, "!uniform source\n"); ++ if (!uniform) { ++ /* ++ * There's no way to handle the DMA ++ * requirements with this uio. We ++ * could create a separate DMA area for ++ * the result and then copy it back, ++ * but for now we just bail and return ++ * an error. Note that uio requests ++ * > SAFE_MAX_DSIZE are handled because ++ * the DMA map and segment list for the ++ * destination wil result in a ++ * destination particle list that does ++ * the necessary scatter DMA. ++ */ ++ safestats.st_iovnotuniform++; ++ err = EINVAL; ++ goto errout; ++ } ++ } else ++ re->re_dst = re->re_src; ++ } else { ++ safestats.st_badflags++; ++ err = EINVAL; ++ goto errout; ++ } ++ ++ if (re->re_dst.nsegs > 1) { ++ re->re_desc.d_dst = sc->sc_dpalloc.dma_paddr + ++ ((caddr_t) sc->sc_dpfree - (caddr_t) sc->sc_dpring); ++ for (i = 0; i < re->re_dst_nsegs; i++) { ++ pd = sc->sc_dpfree; ++ KASSERT((pd->pd_flags&3) == 0 || ++ (pd->pd_flags&3) == SAFE_PD_DONE, ++ ("bogus dest particle descriptor; flags %x", ++ pd->pd_flags)); ++ if (++(sc->sc_dpfree) == sc->sc_dpringtop) ++ sc->sc_dpfree = sc->sc_dpring; ++ pd->pd_addr = re->re_dst_segs[i].ds_addr; ++ pd->pd_flags = SAFE_PD_READY; ++ } ++ cmd0 |= SAFE_SA_CMD0_OSCATTER; ++ } else { ++ /* ++ * No need for scatter, reference the operand directly. ++ */ ++ re->re_desc.d_dst = re->re_dst_segs[0].ds_addr; ++ } ++ } ++ ++ /* ++ * All done with setup; fillin the SA command words ++ * and the packet engine descriptor. The operation ++ * is now ready for submission to the hardware. ++ */ ++ sa->sa_cmd0 = cmd0 | SAFE_SA_CMD0_IPCI | SAFE_SA_CMD0_OPCI; ++ sa->sa_cmd1 = cmd1 ++ | (coffset << SAFE_SA_CMD1_OFFSET_S) ++ | SAFE_SA_CMD1_SAREV1 /* Rev 1 SA data structure */ ++ | SAFE_SA_CMD1_SRPCI ++ ; ++ /* ++ * NB: the order of writes is important here. In case the ++ * chip is scanning the ring because of an outstanding request ++ * it might nab this one too. In that case we need to make ++ * sure the setup is complete before we write the length ++ * field of the descriptor as it signals the descriptor is ++ * ready for processing. ++ */ ++ re->re_desc.d_csr = SAFE_PE_CSR_READY | SAFE_PE_CSR_SAPCI; ++ if (maccrd) ++ re->re_desc.d_csr |= SAFE_PE_CSR_LOADSA | SAFE_PE_CSR_HASHFINAL; ++ wmb(); ++ re->re_desc.d_len = oplen ++ | SAFE_PE_LEN_READY ++ | (bypass << SAFE_PE_LEN_BYPASS_S) ++ ; ++ ++ safestats.st_ipackets++; ++ safestats.st_ibytes += oplen; ++ ++ if (++(sc->sc_front) == sc->sc_ringtop) ++ sc->sc_front = sc->sc_ring; ++ ++ /* XXX honor batching */ ++ safe_feed(sc, re); ++ spin_unlock_irqrestore(&sc->sc_ringmtx, flags); ++ return (0); ++ ++errout: ++ if (re->re_src.map != re->re_dst.map) ++ pci_unmap_operand(sc, &re->re_dst); ++ if (re->re_src.map) ++ pci_unmap_operand(sc, &re->re_src); ++ spin_unlock_irqrestore(&sc->sc_ringmtx, flags); ++ if (err != ERESTART) { ++ crp->crp_etype = err; ++ crypto_done(crp); ++ } else { ++ sc->sc_needwakeup |= CRYPTO_SYMQ; ++ } ++ return (err); ++} ++ ++static void ++safe_callback(struct safe_softc *sc, struct safe_ringentry *re) ++{ ++ struct cryptop *crp = (struct cryptop *)re->re_crp; ++ struct cryptodesc *crd; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ safestats.st_opackets++; ++ safestats.st_obytes += re->re_dst.mapsize; ++ ++ if (re->re_desc.d_csr & SAFE_PE_CSR_STATUS) { ++ device_printf(sc->sc_dev, "csr 0x%x cmd0 0x%x cmd1 0x%x\n", ++ re->re_desc.d_csr, ++ re->re_sa.sa_cmd0, re->re_sa.sa_cmd1); ++ safestats.st_peoperr++; ++ crp->crp_etype = EIO; /* something more meaningful? */ ++ } ++ ++ if (re->re_dst.map != NULL && re->re_dst.map != re->re_src.map) ++ pci_unmap_operand(sc, &re->re_dst); ++ pci_unmap_operand(sc, &re->re_src); ++ ++ /* ++ * If result was written to a differet mbuf chain, swap ++ * it in as the return value and reclaim the original. ++ */ ++ if ((crp->crp_flags & CRYPTO_F_SKBUF) && re->re_src_skb != re->re_dst_skb) { ++ device_printf(sc->sc_dev, "no CRYPTO_F_SKBUF swapping support\n"); ++ /* kfree_skb(skb) */ ++ /* crp->crp_buf = (caddr_t)re->re_dst_skb */ ++ return; ++ } ++ ++ if (re->re_flags & SAFE_QFLAGS_COPYOUTIV) { ++ /* copy out IV for future use */ ++ for (crd = crp->crp_desc; crd; crd = crd->crd_next) { ++ int i; ++ int ivsize; ++ ++ if (crd->crd_alg == CRYPTO_DES_CBC || ++ crd->crd_alg == CRYPTO_3DES_CBC) { ++ ivsize = 2*sizeof(u_int32_t); ++ } else if (crd->crd_alg == CRYPTO_AES_CBC) { ++ ivsize = 4*sizeof(u_int32_t); ++ } else ++ continue; ++ crypto_copydata(crp->crp_flags, crp->crp_buf, ++ crd->crd_skip + crd->crd_len - ivsize, ivsize, ++ (caddr_t)sc->sc_sessions[re->re_sesn].ses_iv); ++ for (i = 0; ++ i < ivsize/sizeof(sc->sc_sessions[re->re_sesn].ses_iv[0]); ++ i++) ++ sc->sc_sessions[re->re_sesn].ses_iv[i] = ++ cpu_to_le32(sc->sc_sessions[re->re_sesn].ses_iv[i]); ++ break; ++ } ++ } ++ ++ if (re->re_flags & SAFE_QFLAGS_COPYOUTICV) { ++ /* copy out ICV result */ ++ for (crd = crp->crp_desc; crd; crd = crd->crd_next) { ++ if (!(crd->crd_alg == CRYPTO_MD5_HMAC || ++ crd->crd_alg == CRYPTO_SHA1_HMAC || ++ crd->crd_alg == CRYPTO_NULL_HMAC)) ++ continue; ++ if (crd->crd_alg == CRYPTO_SHA1_HMAC) { ++ /* ++ * SHA-1 ICV's are byte-swapped; fix 'em up ++ * before copy them to their destination. ++ */ ++ re->re_sastate.sa_saved_indigest[0] = ++ cpu_to_be32(re->re_sastate.sa_saved_indigest[0]); ++ re->re_sastate.sa_saved_indigest[1] = ++ cpu_to_be32(re->re_sastate.sa_saved_indigest[1]); ++ re->re_sastate.sa_saved_indigest[2] = ++ cpu_to_be32(re->re_sastate.sa_saved_indigest[2]); ++ } else { ++ re->re_sastate.sa_saved_indigest[0] = ++ cpu_to_le32(re->re_sastate.sa_saved_indigest[0]); ++ re->re_sastate.sa_saved_indigest[1] = ++ cpu_to_le32(re->re_sastate.sa_saved_indigest[1]); ++ re->re_sastate.sa_saved_indigest[2] = ++ cpu_to_le32(re->re_sastate.sa_saved_indigest[2]); ++ } ++ crypto_copyback(crp->crp_flags, crp->crp_buf, ++ crd->crd_inject, ++ sc->sc_sessions[re->re_sesn].ses_mlen, ++ (caddr_t)re->re_sastate.sa_saved_indigest); ++ break; ++ } ++ } ++ crypto_done(crp); ++} ++ ++ ++#if defined(CONFIG_OCF_RANDOMHARVEST) && !defined(SAFE_NO_RNG) ++#define SAFE_RNG_MAXWAIT 1000 ++ ++static void ++safe_rng_init(struct safe_softc *sc) ++{ ++ u_int32_t w, v; ++ int i; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ WRITE_REG(sc, SAFE_RNG_CTRL, 0); ++ /* use default value according to the manual */ ++ WRITE_REG(sc, SAFE_RNG_CNFG, 0x834); /* magic from SafeNet */ ++ WRITE_REG(sc, SAFE_RNG_ALM_CNT, 0); ++ ++ /* ++ * There is a bug in rev 1.0 of the 1140 that when the RNG ++ * is brought out of reset the ready status flag does not ++ * work until the RNG has finished its internal initialization. ++ * ++ * So in order to determine the device is through its ++ * initialization we must read the data register, using the ++ * status reg in the read in case it is initialized. Then read ++ * the data register until it changes from the first read. ++ * Once it changes read the data register until it changes ++ * again. At this time the RNG is considered initialized. ++ * This could take between 750ms - 1000ms in time. ++ */ ++ i = 0; ++ w = READ_REG(sc, SAFE_RNG_OUT); ++ do { ++ v = READ_REG(sc, SAFE_RNG_OUT); ++ if (v != w) { ++ w = v; ++ break; ++ } ++ DELAY(10); ++ } while (++i < SAFE_RNG_MAXWAIT); ++ ++ /* Wait Until data changes again */ ++ i = 0; ++ do { ++ v = READ_REG(sc, SAFE_RNG_OUT); ++ if (v != w) ++ break; ++ DELAY(10); ++ } while (++i < SAFE_RNG_MAXWAIT); ++} ++ ++static __inline void ++safe_rng_disable_short_cycle(struct safe_softc *sc) ++{ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ WRITE_REG(sc, SAFE_RNG_CTRL, ++ READ_REG(sc, SAFE_RNG_CTRL) &~ SAFE_RNG_CTRL_SHORTEN); ++} ++ ++static __inline void ++safe_rng_enable_short_cycle(struct safe_softc *sc) ++{ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ WRITE_REG(sc, SAFE_RNG_CTRL, ++ READ_REG(sc, SAFE_RNG_CTRL) | SAFE_RNG_CTRL_SHORTEN); ++} ++ ++static __inline u_int32_t ++safe_rng_read(struct safe_softc *sc) ++{ ++ int i; ++ ++ i = 0; ++ while (READ_REG(sc, SAFE_RNG_STAT) != 0 && ++i < SAFE_RNG_MAXWAIT) ++ ; ++ return READ_REG(sc, SAFE_RNG_OUT); ++} ++ ++static int ++safe_read_random(void *arg, u_int32_t *buf, int maxwords) ++{ ++ struct safe_softc *sc = (struct safe_softc *) arg; ++ int i, rc; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ safestats.st_rng++; ++ /* ++ * Fetch the next block of data. ++ */ ++ if (maxwords > safe_rngbufsize) ++ maxwords = safe_rngbufsize; ++ if (maxwords > SAFE_RNG_MAXBUFSIZ) ++ maxwords = SAFE_RNG_MAXBUFSIZ; ++retry: ++ /* read as much as we can */ ++ for (rc = 0; rc < maxwords; rc++) { ++ if (READ_REG(sc, SAFE_RNG_STAT) != 0) ++ break; ++ buf[rc] = READ_REG(sc, SAFE_RNG_OUT); ++ } ++ if (rc == 0) ++ return 0; ++ /* ++ * Check the comparator alarm count and reset the h/w if ++ * it exceeds our threshold. This guards against the ++ * hardware oscillators resonating with external signals. ++ */ ++ if (READ_REG(sc, SAFE_RNG_ALM_CNT) > safe_rngmaxalarm) { ++ u_int32_t freq_inc, w; ++ ++ DPRINTF(("%s: alarm count %u exceeds threshold %u\n", __func__, ++ (unsigned)READ_REG(sc, SAFE_RNG_ALM_CNT), safe_rngmaxalarm)); ++ safestats.st_rngalarm++; ++ safe_rng_enable_short_cycle(sc); ++ freq_inc = 18; ++ for (i = 0; i < 64; i++) { ++ w = READ_REG(sc, SAFE_RNG_CNFG); ++ freq_inc = ((w + freq_inc) & 0x3fL); ++ w = ((w & ~0x3fL) | freq_inc); ++ WRITE_REG(sc, SAFE_RNG_CNFG, w); ++ ++ WRITE_REG(sc, SAFE_RNG_ALM_CNT, 0); ++ ++ (void) safe_rng_read(sc); ++ DELAY(25); ++ ++ if (READ_REG(sc, SAFE_RNG_ALM_CNT) == 0) { ++ safe_rng_disable_short_cycle(sc); ++ goto retry; ++ } ++ freq_inc = 1; ++ } ++ safe_rng_disable_short_cycle(sc); ++ } else ++ WRITE_REG(sc, SAFE_RNG_ALM_CNT, 0); ++ ++ return(rc); ++} ++#endif /* defined(CONFIG_OCF_RANDOMHARVEST) && !defined(SAFE_NO_RNG) */ ++ ++ ++/* ++ * Resets the board. Values in the regesters are left as is ++ * from the reset (i.e. initial values are assigned elsewhere). ++ */ ++static void ++safe_reset_board(struct safe_softc *sc) ++{ ++ u_int32_t v; ++ /* ++ * Reset the device. The manual says no delay ++ * is needed between marking and clearing reset. ++ */ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ v = READ_REG(sc, SAFE_PE_DMACFG) &~ ++ (SAFE_PE_DMACFG_PERESET | SAFE_PE_DMACFG_PDRRESET | ++ SAFE_PE_DMACFG_SGRESET); ++ WRITE_REG(sc, SAFE_PE_DMACFG, v ++ | SAFE_PE_DMACFG_PERESET ++ | SAFE_PE_DMACFG_PDRRESET ++ | SAFE_PE_DMACFG_SGRESET); ++ WRITE_REG(sc, SAFE_PE_DMACFG, v); ++} ++ ++/* ++ * Initialize registers we need to touch only once. ++ */ ++static void ++safe_init_board(struct safe_softc *sc) ++{ ++ u_int32_t v, dwords; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ v = READ_REG(sc, SAFE_PE_DMACFG); ++ v &=~ ( SAFE_PE_DMACFG_PEMODE ++ | SAFE_PE_DMACFG_FSENA /* failsafe enable */ ++ | SAFE_PE_DMACFG_GPRPCI /* gather ring on PCI */ ++ | SAFE_PE_DMACFG_SPRPCI /* scatter ring on PCI */ ++ | SAFE_PE_DMACFG_ESDESC /* endian-swap descriptors */ ++ | SAFE_PE_DMACFG_ESPDESC /* endian-swap part. desc's */ ++ | SAFE_PE_DMACFG_ESSA /* endian-swap SA's */ ++ | SAFE_PE_DMACFG_ESPACKET /* swap the packet data */ ++ ); ++ v |= SAFE_PE_DMACFG_FSENA /* failsafe enable */ ++ | SAFE_PE_DMACFG_GPRPCI /* gather ring on PCI */ ++ | SAFE_PE_DMACFG_SPRPCI /* scatter ring on PCI */ ++ | SAFE_PE_DMACFG_ESDESC /* endian-swap descriptors */ ++ | SAFE_PE_DMACFG_ESPDESC /* endian-swap part. desc's */ ++ | SAFE_PE_DMACFG_ESSA /* endian-swap SA's */ ++#if 0 ++ | SAFE_PE_DMACFG_ESPACKET /* swap the packet data */ ++#endif ++ ; ++ WRITE_REG(sc, SAFE_PE_DMACFG, v); ++ ++#ifdef __BIG_ENDIAN ++ /* tell the safenet that we are 4321 and not 1234 */ ++ WRITE_REG(sc, SAFE_ENDIAN, 0xe4e41b1b); ++#endif ++ ++ if (sc->sc_chiprev == SAFE_REV(1,0)) { ++ /* ++ * Avoid large PCI DMA transfers. Rev 1.0 has a bug where ++ * "target mode transfers" done while the chip is DMA'ing ++ * >1020 bytes cause the hardware to lockup. To avoid this ++ * we reduce the max PCI transfer size and use small source ++ * particle descriptors (<= 256 bytes). ++ */ ++ WRITE_REG(sc, SAFE_DMA_CFG, 256); ++ device_printf(sc->sc_dev, ++ "Reduce max DMA size to %u words for rev %u.%u WAR\n", ++ (unsigned) ((READ_REG(sc, SAFE_DMA_CFG)>>2) & 0xff), ++ (unsigned) SAFE_REV_MAJ(sc->sc_chiprev), ++ (unsigned) SAFE_REV_MIN(sc->sc_chiprev)); ++ sc->sc_max_dsize = 256; ++ } else { ++ sc->sc_max_dsize = SAFE_MAX_DSIZE; ++ } ++ ++ /* NB: operands+results are overlaid */ ++ WRITE_REG(sc, SAFE_PE_PDRBASE, sc->sc_ringalloc.dma_paddr); ++ WRITE_REG(sc, SAFE_PE_RDRBASE, sc->sc_ringalloc.dma_paddr); ++ /* ++ * Configure ring entry size and number of items in the ring. ++ */ ++ KASSERT((sizeof(struct safe_ringentry) % sizeof(u_int32_t)) == 0, ++ ("PE ring entry not 32-bit aligned!")); ++ dwords = sizeof(struct safe_ringentry) / sizeof(u_int32_t); ++ WRITE_REG(sc, SAFE_PE_RINGCFG, ++ (dwords << SAFE_PE_RINGCFG_OFFSET_S) | SAFE_MAX_NQUEUE); ++ WRITE_REG(sc, SAFE_PE_RINGPOLL, 0); /* disable polling */ ++ ++ WRITE_REG(sc, SAFE_PE_GRNGBASE, sc->sc_spalloc.dma_paddr); ++ WRITE_REG(sc, SAFE_PE_SRNGBASE, sc->sc_dpalloc.dma_paddr); ++ WRITE_REG(sc, SAFE_PE_PARTSIZE, ++ (SAFE_TOTAL_DPART<<16) | SAFE_TOTAL_SPART); ++ /* ++ * NB: destination particles are fixed size. We use ++ * an mbuf cluster and require all results go to ++ * clusters or smaller. ++ */ ++ WRITE_REG(sc, SAFE_PE_PARTCFG, sc->sc_max_dsize); ++ ++ /* it's now safe to enable PE mode, do it */ ++ WRITE_REG(sc, SAFE_PE_DMACFG, v | SAFE_PE_DMACFG_PEMODE); ++ ++ /* ++ * Configure hardware to use level-triggered interrupts and ++ * to interrupt after each descriptor is processed. ++ */ ++ WRITE_REG(sc, SAFE_HI_CFG, SAFE_HI_CFG_LEVEL); ++ WRITE_REG(sc, SAFE_HI_CLR, 0xffffffff); ++ WRITE_REG(sc, SAFE_HI_DESC_CNT, 1); ++ WRITE_REG(sc, SAFE_HI_MASK, SAFE_INT_PE_DDONE | SAFE_INT_PE_ERROR); ++} ++ ++ ++/* ++ * Clean up after a chip crash. ++ * It is assumed that the caller in splimp() ++ */ ++static void ++safe_cleanchip(struct safe_softc *sc) ++{ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ if (sc->sc_nqchip != 0) { ++ struct safe_ringentry *re = sc->sc_back; ++ ++ while (re != sc->sc_front) { ++ if (re->re_desc.d_csr != 0) ++ safe_free_entry(sc, re); ++ if (++re == sc->sc_ringtop) ++ re = sc->sc_ring; ++ } ++ sc->sc_back = re; ++ sc->sc_nqchip = 0; ++ } ++} ++ ++/* ++ * free a safe_q ++ * It is assumed that the caller is within splimp(). ++ */ ++static int ++safe_free_entry(struct safe_softc *sc, struct safe_ringentry *re) ++{ ++ struct cryptop *crp; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ /* ++ * Free header MCR ++ */ ++ if ((re->re_dst_skb != NULL) && (re->re_src_skb != re->re_dst_skb)) ++#ifdef NOTYET ++ m_freem(re->re_dst_m); ++#else ++ printk("%s,%d: SKB not supported\n", __FILE__, __LINE__); ++#endif ++ ++ crp = (struct cryptop *)re->re_crp; ++ ++ re->re_desc.d_csr = 0; ++ ++ crp->crp_etype = EFAULT; ++ crypto_done(crp); ++ return(0); ++} ++ ++/* ++ * Routine to reset the chip and clean up. ++ * It is assumed that the caller is in splimp() ++ */ ++static void ++safe_totalreset(struct safe_softc *sc) ++{ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ safe_reset_board(sc); ++ safe_init_board(sc); ++ safe_cleanchip(sc); ++} ++ ++/* ++ * Is the operand suitable aligned for direct DMA. Each ++ * segment must be aligned on a 32-bit boundary and all ++ * but the last segment must be a multiple of 4 bytes. ++ */ ++static int ++safe_dmamap_aligned(struct safe_softc *sc, const struct safe_operand *op) ++{ ++ int i; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ for (i = 0; i < op->nsegs; i++) { ++ if (op->segs[i].ds_addr & 3) ++ return (0); ++ if (i != (op->nsegs - 1) && (op->segs[i].ds_len & 3)) ++ return (0); ++ } ++ return (1); ++} ++ ++/* ++ * Is the operand suitable for direct DMA as the destination ++ * of an operation. The hardware requires that each ``particle'' ++ * but the last in an operation result have the same size. We ++ * fix that size at SAFE_MAX_DSIZE bytes. This routine returns ++ * 0 if some segment is not a multiple of of this size, 1 if all ++ * segments are exactly this size, or 2 if segments are at worst ++ * a multple of this size. ++ */ ++static int ++safe_dmamap_uniform(struct safe_softc *sc, const struct safe_operand *op) ++{ ++ int result = 1; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ if (op->nsegs > 0) { ++ int i; ++ ++ for (i = 0; i < op->nsegs-1; i++) { ++ if (op->segs[i].ds_len % sc->sc_max_dsize) ++ return (0); ++ if (op->segs[i].ds_len != sc->sc_max_dsize) ++ result = 2; ++ } ++ } ++ return (result); ++} ++ ++static int ++safe_kprocess(device_t dev, struct cryptkop *krp, int hint) ++{ ++ struct safe_softc *sc = device_get_softc(dev); ++ struct safe_pkq *q; ++ unsigned long flags; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ if (sc == NULL) { ++ krp->krp_status = EINVAL; ++ goto err; ++ } ++ ++ if (krp->krp_op != CRK_MOD_EXP) { ++ krp->krp_status = EOPNOTSUPP; ++ goto err; ++ } ++ ++ q = (struct safe_pkq *) kmalloc(sizeof(*q), GFP_KERNEL); ++ if (q == NULL) { ++ krp->krp_status = ENOMEM; ++ goto err; ++ } ++ memset(q, 0, sizeof(*q)); ++ q->pkq_krp = krp; ++ INIT_LIST_HEAD(&q->pkq_list); ++ ++ spin_lock_irqsave(&sc->sc_pkmtx, flags); ++ list_add_tail(&q->pkq_list, &sc->sc_pkq); ++ safe_kfeed(sc); ++ spin_unlock_irqrestore(&sc->sc_pkmtx, flags); ++ return (0); ++ ++err: ++ crypto_kdone(krp); ++ return (0); ++} ++ ++#define SAFE_CRK_PARAM_BASE 0 ++#define SAFE_CRK_PARAM_EXP 1 ++#define SAFE_CRK_PARAM_MOD 2 ++ ++static int ++safe_kstart(struct safe_softc *sc) ++{ ++ struct cryptkop *krp = sc->sc_pkq_cur->pkq_krp; ++ int exp_bits, mod_bits, base_bits; ++ u_int32_t op, a_off, b_off, c_off, d_off; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ if (krp->krp_iparams < 3 || krp->krp_oparams != 1) { ++ krp->krp_status = EINVAL; ++ return (1); ++ } ++ ++ base_bits = safe_ksigbits(sc, &krp->krp_param[SAFE_CRK_PARAM_BASE]); ++ if (base_bits > 2048) ++ goto too_big; ++ if (base_bits <= 0) /* 5. base not zero */ ++ goto too_small; ++ ++ exp_bits = safe_ksigbits(sc, &krp->krp_param[SAFE_CRK_PARAM_EXP]); ++ if (exp_bits > 2048) ++ goto too_big; ++ if (exp_bits <= 0) /* 1. exponent word length > 0 */ ++ goto too_small; /* 4. exponent not zero */ ++ ++ mod_bits = safe_ksigbits(sc, &krp->krp_param[SAFE_CRK_PARAM_MOD]); ++ if (mod_bits > 2048) ++ goto too_big; ++ if (mod_bits <= 32) /* 2. modulus word length > 1 */ ++ goto too_small; /* 8. MSW of modulus != zero */ ++ if (mod_bits < exp_bits) /* 3 modulus len >= exponent len */ ++ goto too_small; ++ if ((krp->krp_param[SAFE_CRK_PARAM_MOD].crp_p[0] & 1) == 0) ++ goto bad_domain; /* 6. modulus is odd */ ++ if (mod_bits > krp->krp_param[krp->krp_iparams].crp_nbits) ++ goto too_small; /* make sure result will fit */ ++ ++ /* 7. modulus > base */ ++ if (mod_bits < base_bits) ++ goto too_small; ++ if (mod_bits == base_bits) { ++ u_int8_t *basep, *modp; ++ int i; ++ ++ basep = krp->krp_param[SAFE_CRK_PARAM_BASE].crp_p + ++ ((base_bits + 7) / 8) - 1; ++ modp = krp->krp_param[SAFE_CRK_PARAM_MOD].crp_p + ++ ((mod_bits + 7) / 8) - 1; ++ ++ for (i = 0; i < (mod_bits + 7) / 8; i++, basep--, modp--) { ++ if (*modp < *basep) ++ goto too_small; ++ if (*modp > *basep) ++ break; ++ } ++ } ++ ++ /* And on the 9th step, he rested. */ ++ ++ WRITE_REG(sc, SAFE_PK_A_LEN, (exp_bits + 31) / 32); ++ WRITE_REG(sc, SAFE_PK_B_LEN, (mod_bits + 31) / 32); ++ if (mod_bits > 1024) { ++ op = SAFE_PK_FUNC_EXP4; ++ a_off = 0x000; ++ b_off = 0x100; ++ c_off = 0x200; ++ d_off = 0x300; ++ } else { ++ op = SAFE_PK_FUNC_EXP16; ++ a_off = 0x000; ++ b_off = 0x080; ++ c_off = 0x100; ++ d_off = 0x180; ++ } ++ sc->sc_pk_reslen = b_off - a_off; ++ sc->sc_pk_resoff = d_off; ++ ++ /* A is exponent, B is modulus, C is base, D is result */ ++ safe_kload_reg(sc, a_off, b_off - a_off, ++ &krp->krp_param[SAFE_CRK_PARAM_EXP]); ++ WRITE_REG(sc, SAFE_PK_A_ADDR, a_off >> 2); ++ safe_kload_reg(sc, b_off, b_off - a_off, ++ &krp->krp_param[SAFE_CRK_PARAM_MOD]); ++ WRITE_REG(sc, SAFE_PK_B_ADDR, b_off >> 2); ++ safe_kload_reg(sc, c_off, b_off - a_off, ++ &krp->krp_param[SAFE_CRK_PARAM_BASE]); ++ WRITE_REG(sc, SAFE_PK_C_ADDR, c_off >> 2); ++ WRITE_REG(sc, SAFE_PK_D_ADDR, d_off >> 2); ++ ++ WRITE_REG(sc, SAFE_PK_FUNC, op | SAFE_PK_FUNC_RUN); ++ ++ return (0); ++ ++too_big: ++ krp->krp_status = E2BIG; ++ return (1); ++too_small: ++ krp->krp_status = ERANGE; ++ return (1); ++bad_domain: ++ krp->krp_status = EDOM; ++ return (1); ++} ++ ++static int ++safe_ksigbits(struct safe_softc *sc, struct crparam *cr) ++{ ++ u_int plen = (cr->crp_nbits + 7) / 8; ++ int i, sig = plen * 8; ++ u_int8_t c, *p = cr->crp_p; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ for (i = plen - 1; i >= 0; i--) { ++ c = p[i]; ++ if (c != 0) { ++ while ((c & 0x80) == 0) { ++ sig--; ++ c <<= 1; ++ } ++ break; ++ } ++ sig -= 8; ++ } ++ return (sig); ++} ++ ++static void ++safe_kfeed(struct safe_softc *sc) ++{ ++ struct safe_pkq *q, *tmp; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ if (list_empty(&sc->sc_pkq) && sc->sc_pkq_cur == NULL) ++ return; ++ if (sc->sc_pkq_cur != NULL) ++ return; ++ list_for_each_entry_safe(q, tmp, &sc->sc_pkq, pkq_list) { ++ sc->sc_pkq_cur = q; ++ list_del(&q->pkq_list); ++ if (safe_kstart(sc) != 0) { ++ crypto_kdone(q->pkq_krp); ++ kfree(q); ++ sc->sc_pkq_cur = NULL; ++ } else { ++ /* op started, start polling */ ++ mod_timer(&sc->sc_pkto, jiffies + 1); ++ break; ++ } ++ } ++} ++ ++static void ++safe_kpoll(unsigned long arg) ++{ ++ struct safe_softc *sc = NULL; ++ struct safe_pkq *q; ++ struct crparam *res; ++ int i; ++ u_int32_t buf[64]; ++ unsigned long flags; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ if (arg >= SAFE_MAX_CHIPS) ++ return; ++ sc = safe_chip_idx[arg]; ++ if (!sc) { ++ DPRINTF(("%s() - bad callback\n", __FUNCTION__)); ++ return; ++ } ++ ++ spin_lock_irqsave(&sc->sc_pkmtx, flags); ++ if (sc->sc_pkq_cur == NULL) ++ goto out; ++ if (READ_REG(sc, SAFE_PK_FUNC) & SAFE_PK_FUNC_RUN) { ++ /* still running, check back later */ ++ mod_timer(&sc->sc_pkto, jiffies + 1); ++ goto out; ++ } ++ ++ q = sc->sc_pkq_cur; ++ res = &q->pkq_krp->krp_param[q->pkq_krp->krp_iparams]; ++ bzero(buf, sizeof(buf)); ++ bzero(res->crp_p, (res->crp_nbits + 7) / 8); ++ for (i = 0; i < sc->sc_pk_reslen >> 2; i++) ++ buf[i] = le32_to_cpu(READ_REG(sc, SAFE_PK_RAM_START + ++ sc->sc_pk_resoff + (i << 2))); ++ bcopy(buf, res->crp_p, (res->crp_nbits + 7) / 8); ++ /* ++ * reduce the bits that need copying if possible ++ */ ++ res->crp_nbits = min(res->crp_nbits,sc->sc_pk_reslen * 8); ++ res->crp_nbits = safe_ksigbits(sc, res); ++ ++ for (i = SAFE_PK_RAM_START; i < SAFE_PK_RAM_END; i += 4) ++ WRITE_REG(sc, i, 0); ++ ++ crypto_kdone(q->pkq_krp); ++ kfree(q); ++ sc->sc_pkq_cur = NULL; ++ ++ safe_kfeed(sc); ++out: ++ spin_unlock_irqrestore(&sc->sc_pkmtx, flags); ++} ++ ++static void ++safe_kload_reg(struct safe_softc *sc, u_int32_t off, u_int32_t len, ++ struct crparam *n) ++{ ++ u_int32_t buf[64], i; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ bzero(buf, sizeof(buf)); ++ bcopy(n->crp_p, buf, (n->crp_nbits + 7) / 8); ++ ++ for (i = 0; i < len >> 2; i++) ++ WRITE_REG(sc, SAFE_PK_RAM_START + off + (i << 2), ++ cpu_to_le32(buf[i])); ++} ++ ++#ifdef SAFE_DEBUG ++static void ++safe_dump_dmastatus(struct safe_softc *sc, const char *tag) ++{ ++ printf("%s: ENDIAN 0x%x SRC 0x%x DST 0x%x STAT 0x%x\n" ++ , tag ++ , READ_REG(sc, SAFE_DMA_ENDIAN) ++ , READ_REG(sc, SAFE_DMA_SRCADDR) ++ , READ_REG(sc, SAFE_DMA_DSTADDR) ++ , READ_REG(sc, SAFE_DMA_STAT) ++ ); ++} ++ ++static void ++safe_dump_intrstate(struct safe_softc *sc, const char *tag) ++{ ++ printf("%s: HI_CFG 0x%x HI_MASK 0x%x HI_DESC_CNT 0x%x HU_STAT 0x%x HM_STAT 0x%x\n" ++ , tag ++ , READ_REG(sc, SAFE_HI_CFG) ++ , READ_REG(sc, SAFE_HI_MASK) ++ , READ_REG(sc, SAFE_HI_DESC_CNT) ++ , READ_REG(sc, SAFE_HU_STAT) ++ , READ_REG(sc, SAFE_HM_STAT) ++ ); ++} ++ ++static void ++safe_dump_ringstate(struct safe_softc *sc, const char *tag) ++{ ++ u_int32_t estat = READ_REG(sc, SAFE_PE_ERNGSTAT); ++ ++ /* NB: assume caller has lock on ring */ ++ printf("%s: ERNGSTAT %x (next %u) back %lu front %lu\n", ++ tag, ++ estat, (estat >> SAFE_PE_ERNGSTAT_NEXT_S), ++ (unsigned long)(sc->sc_back - sc->sc_ring), ++ (unsigned long)(sc->sc_front - sc->sc_ring)); ++} ++ ++static void ++safe_dump_request(struct safe_softc *sc, const char* tag, struct safe_ringentry *re) ++{ ++ int ix, nsegs; ++ ++ ix = re - sc->sc_ring; ++ printf("%s: %p (%u): csr %x src %x dst %x sa %x len %x\n" ++ , tag ++ , re, ix ++ , re->re_desc.d_csr ++ , re->re_desc.d_src ++ , re->re_desc.d_dst ++ , re->re_desc.d_sa ++ , re->re_desc.d_len ++ ); ++ if (re->re_src.nsegs > 1) { ++ ix = (re->re_desc.d_src - sc->sc_spalloc.dma_paddr) / ++ sizeof(struct safe_pdesc); ++ for (nsegs = re->re_src.nsegs; nsegs; nsegs--) { ++ printf(" spd[%u] %p: %p size %u flags %x" ++ , ix, &sc->sc_spring[ix] ++ , (caddr_t)(uintptr_t) sc->sc_spring[ix].pd_addr ++ , sc->sc_spring[ix].pd_size ++ , sc->sc_spring[ix].pd_flags ++ ); ++ if (sc->sc_spring[ix].pd_size == 0) ++ printf(" (zero!)"); ++ printf("\n"); ++ if (++ix == SAFE_TOTAL_SPART) ++ ix = 0; ++ } ++ } ++ if (re->re_dst.nsegs > 1) { ++ ix = (re->re_desc.d_dst - sc->sc_dpalloc.dma_paddr) / ++ sizeof(struct safe_pdesc); ++ for (nsegs = re->re_dst.nsegs; nsegs; nsegs--) { ++ printf(" dpd[%u] %p: %p flags %x\n" ++ , ix, &sc->sc_dpring[ix] ++ , (caddr_t)(uintptr_t) sc->sc_dpring[ix].pd_addr ++ , sc->sc_dpring[ix].pd_flags ++ ); ++ if (++ix == SAFE_TOTAL_DPART) ++ ix = 0; ++ } ++ } ++ printf("sa: cmd0 %08x cmd1 %08x staterec %x\n", ++ re->re_sa.sa_cmd0, re->re_sa.sa_cmd1, re->re_sa.sa_staterec); ++ printf("sa: key %x %x %x %x %x %x %x %x\n" ++ , re->re_sa.sa_key[0] ++ , re->re_sa.sa_key[1] ++ , re->re_sa.sa_key[2] ++ , re->re_sa.sa_key[3] ++ , re->re_sa.sa_key[4] ++ , re->re_sa.sa_key[5] ++ , re->re_sa.sa_key[6] ++ , re->re_sa.sa_key[7] ++ ); ++ printf("sa: indigest %x %x %x %x %x\n" ++ , re->re_sa.sa_indigest[0] ++ , re->re_sa.sa_indigest[1] ++ , re->re_sa.sa_indigest[2] ++ , re->re_sa.sa_indigest[3] ++ , re->re_sa.sa_indigest[4] ++ ); ++ printf("sa: outdigest %x %x %x %x %x\n" ++ , re->re_sa.sa_outdigest[0] ++ , re->re_sa.sa_outdigest[1] ++ , re->re_sa.sa_outdigest[2] ++ , re->re_sa.sa_outdigest[3] ++ , re->re_sa.sa_outdigest[4] ++ ); ++ printf("sr: iv %x %x %x %x\n" ++ , re->re_sastate.sa_saved_iv[0] ++ , re->re_sastate.sa_saved_iv[1] ++ , re->re_sastate.sa_saved_iv[2] ++ , re->re_sastate.sa_saved_iv[3] ++ ); ++ printf("sr: hashbc %u indigest %x %x %x %x %x\n" ++ , re->re_sastate.sa_saved_hashbc ++ , re->re_sastate.sa_saved_indigest[0] ++ , re->re_sastate.sa_saved_indigest[1] ++ , re->re_sastate.sa_saved_indigest[2] ++ , re->re_sastate.sa_saved_indigest[3] ++ , re->re_sastate.sa_saved_indigest[4] ++ ); ++} ++ ++static void ++safe_dump_ring(struct safe_softc *sc, const char *tag) ++{ ++ unsigned long flags; ++ ++ spin_lock_irqsave(&sc->sc_ringmtx, flags); ++ printf("\nSafeNet Ring State:\n"); ++ safe_dump_intrstate(sc, tag); ++ safe_dump_dmastatus(sc, tag); ++ safe_dump_ringstate(sc, tag); ++ if (sc->sc_nqchip) { ++ struct safe_ringentry *re = sc->sc_back; ++ do { ++ safe_dump_request(sc, tag, re); ++ if (++re == sc->sc_ringtop) ++ re = sc->sc_ring; ++ } while (re != sc->sc_front); ++ } ++ spin_unlock_irqrestore(&sc->sc_ringmtx, flags); ++} ++#endif /* SAFE_DEBUG */ ++ ++ ++static int safe_probe(struct pci_dev *dev, const struct pci_device_id *ent) ++{ ++ struct safe_softc *sc = NULL; ++ u32 mem_start, mem_len, cmd; ++ int i, rc, devinfo; ++ dma_addr_t raddr; ++ static int num_chips = 0; ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ if (pci_enable_device(dev) < 0) ++ return(-ENODEV); ++ ++ if (!dev->irq) { ++ printk("safe: found device with no IRQ assigned. check BIOS settings!"); ++ pci_disable_device(dev); ++ return(-ENODEV); ++ } ++ ++ if (pci_set_mwi(dev)) { ++ printk("safe: pci_set_mwi failed!"); ++ return(-ENODEV); ++ } ++ ++ sc = (struct safe_softc *) kmalloc(sizeof(*sc), GFP_KERNEL); ++ if (!sc) ++ return(-ENOMEM); ++ memset(sc, 0, sizeof(*sc)); ++ ++ softc_device_init(sc, "safe", num_chips, safe_methods); ++ ++ sc->sc_irq = -1; ++ sc->sc_cid = -1; ++ sc->sc_pcidev = dev; ++ if (num_chips < SAFE_MAX_CHIPS) { ++ safe_chip_idx[device_get_unit(sc->sc_dev)] = sc; ++ num_chips++; ++ } ++ ++ INIT_LIST_HEAD(&sc->sc_pkq); ++ spin_lock_init(&sc->sc_pkmtx); ++ ++ pci_set_drvdata(sc->sc_pcidev, sc); ++ ++ /* we read its hardware registers as memory */ ++ mem_start = pci_resource_start(sc->sc_pcidev, 0); ++ mem_len = pci_resource_len(sc->sc_pcidev, 0); ++ ++ sc->sc_base_addr = (ocf_iomem_t) ioremap(mem_start, mem_len); ++ if (!sc->sc_base_addr) { ++ device_printf(sc->sc_dev, "failed to ioremap 0x%x-0x%x\n", ++ mem_start, mem_start + mem_len - 1); ++ goto out; ++ } ++ ++ /* fix up the bus size */ ++ if (pci_set_dma_mask(sc->sc_pcidev, DMA_32BIT_MASK)) { ++ device_printf(sc->sc_dev, "No usable DMA configuration, aborting.\n"); ++ goto out; ++ } ++ if (pci_set_consistent_dma_mask(sc->sc_pcidev, DMA_32BIT_MASK)) { ++ device_printf(sc->sc_dev, "No usable consistent DMA configuration, aborting.\n"); ++ goto out; ++ } ++ ++ pci_set_master(sc->sc_pcidev); ++ ++ pci_read_config_dword(sc->sc_pcidev, PCI_COMMAND, &cmd); ++ ++ if (!(cmd & PCI_COMMAND_MEMORY)) { ++ device_printf(sc->sc_dev, "failed to enable memory mapping\n"); ++ goto out; ++ } ++ ++ if (!(cmd & PCI_COMMAND_MASTER)) { ++ device_printf(sc->sc_dev, "failed to enable bus mastering\n"); ++ goto out; ++ } ++ ++ rc = request_irq(dev->irq, safe_intr, IRQF_SHARED, "safe", sc); ++ if (rc) { ++ device_printf(sc->sc_dev, "failed to hook irq %d\n", sc->sc_irq); ++ goto out; ++ } ++ sc->sc_irq = dev->irq; ++ ++ sc->sc_chiprev = READ_REG(sc, SAFE_DEVINFO) & ++ (SAFE_DEVINFO_REV_MAJ | SAFE_DEVINFO_REV_MIN); ++ ++ /* ++ * Allocate packet engine descriptors. ++ */ ++ sc->sc_ringalloc.dma_vaddr = pci_alloc_consistent(sc->sc_pcidev, ++ SAFE_MAX_NQUEUE * sizeof (struct safe_ringentry), ++ &sc->sc_ringalloc.dma_paddr); ++ if (!sc->sc_ringalloc.dma_vaddr) { ++ device_printf(sc->sc_dev, "cannot allocate PE descriptor ring\n"); ++ goto out; ++ } ++ ++ /* ++ * Hookup the static portion of all our data structures. ++ */ ++ sc->sc_ring = (struct safe_ringentry *) sc->sc_ringalloc.dma_vaddr; ++ sc->sc_ringtop = sc->sc_ring + SAFE_MAX_NQUEUE; ++ sc->sc_front = sc->sc_ring; ++ sc->sc_back = sc->sc_ring; ++ raddr = sc->sc_ringalloc.dma_paddr; ++ bzero(sc->sc_ring, SAFE_MAX_NQUEUE * sizeof(struct safe_ringentry)); ++ for (i = 0; i < SAFE_MAX_NQUEUE; i++) { ++ struct safe_ringentry *re = &sc->sc_ring[i]; ++ ++ re->re_desc.d_sa = raddr + ++ offsetof(struct safe_ringentry, re_sa); ++ re->re_sa.sa_staterec = raddr + ++ offsetof(struct safe_ringentry, re_sastate); ++ ++ raddr += sizeof (struct safe_ringentry); ++ } ++ spin_lock_init(&sc->sc_ringmtx); ++ ++ /* ++ * Allocate scatter and gather particle descriptors. ++ */ ++ sc->sc_spalloc.dma_vaddr = pci_alloc_consistent(sc->sc_pcidev, ++ SAFE_TOTAL_SPART * sizeof (struct safe_pdesc), ++ &sc->sc_spalloc.dma_paddr); ++ if (!sc->sc_spalloc.dma_vaddr) { ++ device_printf(sc->sc_dev, "cannot allocate source particle descriptor ring\n"); ++ goto out; ++ } ++ sc->sc_spring = (struct safe_pdesc *) sc->sc_spalloc.dma_vaddr; ++ sc->sc_springtop = sc->sc_spring + SAFE_TOTAL_SPART; ++ sc->sc_spfree = sc->sc_spring; ++ bzero(sc->sc_spring, SAFE_TOTAL_SPART * sizeof(struct safe_pdesc)); ++ ++ sc->sc_dpalloc.dma_vaddr = pci_alloc_consistent(sc->sc_pcidev, ++ SAFE_TOTAL_DPART * sizeof (struct safe_pdesc), ++ &sc->sc_dpalloc.dma_paddr); ++ if (!sc->sc_dpalloc.dma_vaddr) { ++ device_printf(sc->sc_dev, "cannot allocate destination particle descriptor ring\n"); ++ goto out; ++ } ++ sc->sc_dpring = (struct safe_pdesc *) sc->sc_dpalloc.dma_vaddr; ++ sc->sc_dpringtop = sc->sc_dpring + SAFE_TOTAL_DPART; ++ sc->sc_dpfree = sc->sc_dpring; ++ bzero(sc->sc_dpring, SAFE_TOTAL_DPART * sizeof(struct safe_pdesc)); ++ ++ sc->sc_cid = crypto_get_driverid(softc_get_device(sc), CRYPTOCAP_F_HARDWARE); ++ if (sc->sc_cid < 0) { ++ device_printf(sc->sc_dev, "could not get crypto driver id\n"); ++ goto out; ++ } ++ ++ printf("%s:", device_get_nameunit(sc->sc_dev)); ++ ++ devinfo = READ_REG(sc, SAFE_DEVINFO); ++ if (devinfo & SAFE_DEVINFO_RNG) { ++ sc->sc_flags |= SAFE_FLAGS_RNG; ++ printf(" rng"); ++ } ++ if (devinfo & SAFE_DEVINFO_PKEY) { ++ printf(" key"); ++ sc->sc_flags |= SAFE_FLAGS_KEY; ++ crypto_kregister(sc->sc_cid, CRK_MOD_EXP, 0); ++#if 0 ++ crypto_kregister(sc->sc_cid, CRK_MOD_EXP_CRT, 0); ++#endif ++ init_timer(&sc->sc_pkto); ++ sc->sc_pkto.function = safe_kpoll; ++ sc->sc_pkto.data = (unsigned long) device_get_unit(sc->sc_dev); ++ } ++ if (devinfo & SAFE_DEVINFO_DES) { ++ printf(" des/3des"); ++ crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0); ++ crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0); ++ } ++ if (devinfo & SAFE_DEVINFO_AES) { ++ printf(" aes"); ++ crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0); ++ } ++ if (devinfo & SAFE_DEVINFO_MD5) { ++ printf(" md5"); ++ crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0); ++ } ++ if (devinfo & SAFE_DEVINFO_SHA1) { ++ printf(" sha1"); ++ crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0); ++ } ++ printf(" null"); ++ crypto_register(sc->sc_cid, CRYPTO_NULL_CBC, 0, 0); ++ crypto_register(sc->sc_cid, CRYPTO_NULL_HMAC, 0, 0); ++ /* XXX other supported algorithms */ ++ printf("\n"); ++ ++ safe_reset_board(sc); /* reset h/w */ ++ safe_init_board(sc); /* init h/w */ ++ ++#if defined(CONFIG_OCF_RANDOMHARVEST) && !defined(SAFE_NO_RNG) ++ if (sc->sc_flags & SAFE_FLAGS_RNG) { ++ safe_rng_init(sc); ++ crypto_rregister(sc->sc_cid, safe_read_random, sc); ++ } ++#endif /* SAFE_NO_RNG */ ++ ++ return (0); ++ ++out: ++ if (sc->sc_cid >= 0) ++ crypto_unregister_all(sc->sc_cid); ++ if (sc->sc_irq != -1) ++ free_irq(sc->sc_irq, sc); ++ if (sc->sc_ringalloc.dma_vaddr) ++ pci_free_consistent(sc->sc_pcidev, ++ SAFE_MAX_NQUEUE * sizeof (struct safe_ringentry), ++ sc->sc_ringalloc.dma_vaddr, sc->sc_ringalloc.dma_paddr); ++ if (sc->sc_spalloc.dma_vaddr) ++ pci_free_consistent(sc->sc_pcidev, ++ SAFE_TOTAL_DPART * sizeof (struct safe_pdesc), ++ sc->sc_spalloc.dma_vaddr, sc->sc_spalloc.dma_paddr); ++ if (sc->sc_dpalloc.dma_vaddr) ++ pci_free_consistent(sc->sc_pcidev, ++ SAFE_TOTAL_DPART * sizeof (struct safe_pdesc), ++ sc->sc_dpalloc.dma_vaddr, sc->sc_dpalloc.dma_paddr); ++ kfree(sc); ++ return(-ENODEV); ++} ++ ++static void safe_remove(struct pci_dev *dev) ++{ ++ struct safe_softc *sc = pci_get_drvdata(dev); ++ ++ DPRINTF(("%s()\n", __FUNCTION__)); ++ ++ /* XXX wait/abort active ops */ ++ ++ WRITE_REG(sc, SAFE_HI_MASK, 0); /* disable interrupts */ ++ ++ del_timer_sync(&sc->sc_pkto); ++ ++ crypto_unregister_all(sc->sc_cid); ++ ++ safe_cleanchip(sc); ++ ++ if (sc->sc_irq != -1) ++ free_irq(sc->sc_irq, sc); ++ if (sc->sc_ringalloc.dma_vaddr) ++ pci_free_consistent(sc->sc_pcidev, ++ SAFE_MAX_NQUEUE * sizeof (struct safe_ringentry), ++ sc->sc_ringalloc.dma_vaddr, sc->sc_ringalloc.dma_paddr); ++ if (sc->sc_spalloc.dma_vaddr) ++ pci_free_consistent(sc->sc_pcidev, ++ SAFE_TOTAL_DPART * sizeof (struct safe_pdesc), ++ sc->sc_spalloc.dma_vaddr, sc->sc_spalloc.dma_paddr); ++ if (sc->sc_dpalloc.dma_vaddr) ++ pci_free_consistent(sc->sc_pcidev, ++ SAFE_TOTAL_DPART * sizeof (struct safe_pdesc), ++ sc->sc_dpalloc.dma_vaddr, sc->sc_dpalloc.dma_paddr); ++ sc->sc_irq = -1; ++ sc->sc_ringalloc.dma_vaddr = NULL; ++ sc->sc_spalloc.dma_vaddr = NULL; ++ sc->sc_dpalloc.dma_vaddr = NULL; ++} ++ ++static struct pci_device_id safe_pci_tbl[] = { ++ { PCI_VENDOR_SAFENET, PCI_PRODUCT_SAFEXCEL, ++ PCI_ANY_ID, PCI_ANY_ID, 0, 0, }, ++ { }, ++}; ++MODULE_DEVICE_TABLE(pci, safe_pci_tbl); ++ ++static struct pci_driver safe_driver = { ++ .name = "safe", ++ .id_table = safe_pci_tbl, ++ .probe = safe_probe, ++ .remove = safe_remove, ++ /* add PM stuff here one day */ ++}; ++ ++static int __init safe_init (void) ++{ ++ struct safe_softc *sc = NULL; ++ int rc; ++ ++ DPRINTF(("%s(%p)\n", __FUNCTION__, safe_init)); ++ ++ rc = pci_register_driver(&safe_driver); ++ pci_register_driver_compat(&safe_driver, rc); ++ ++ return rc; ++} ++ ++static void __exit safe_exit (void) ++{ ++ pci_unregister_driver(&safe_driver); ++} ++ ++module_init(safe_init); ++module_exit(safe_exit); ++ ++MODULE_LICENSE("BSD"); ++MODULE_AUTHOR("David McCullough <david_mccullough@securecomputing.com>"); ++MODULE_DESCRIPTION("OCF driver for safenet PCI crypto devices"); +--- /dev/null ++++ b/crypto/ocf/safe/sha1.c +@@ -0,0 +1,279 @@ ++/* $KAME: sha1.c,v 1.5 2000/11/08 06:13:08 itojun Exp $ */ ++/* ++ * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. Neither the name of the project nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++ ++/* ++ * FIPS pub 180-1: Secure Hash Algorithm (SHA-1) ++ * based on: http://csrc.nist.gov/fips/fip180-1.txt ++ * implemented by Jun-ichiro itojun Itoh <itojun@itojun.org> ++ */ ++ ++#if 0 ++#include <sys/cdefs.h> ++__FBSDID("$FreeBSD: src/sys/crypto/sha1.c,v 1.9 2003/06/10 21:36:57 obrien Exp $"); ++ ++#include <sys/types.h> ++#include <sys/cdefs.h> ++#include <sys/time.h> ++#include <sys/systm.h> ++ ++#include <crypto/sha1.h> ++#endif ++ ++/* sanity check */ ++#if BYTE_ORDER != BIG_ENDIAN ++# if BYTE_ORDER != LITTLE_ENDIAN ++# define unsupported 1 ++# endif ++#endif ++ ++#ifndef unsupported ++ ++/* constant table */ ++static u_int32_t _K[] = { 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6 }; ++#define K(t) _K[(t) / 20] ++ ++#define F0(b, c, d) (((b) & (c)) | ((~(b)) & (d))) ++#define F1(b, c, d) (((b) ^ (c)) ^ (d)) ++#define F2(b, c, d) (((b) & (c)) | ((b) & (d)) | ((c) & (d))) ++#define F3(b, c, d) (((b) ^ (c)) ^ (d)) ++ ++#define S(n, x) (((x) << (n)) | ((x) >> (32 - n))) ++ ++#undef H ++#define H(n) (ctxt->h.b32[(n)]) ++#define COUNT (ctxt->count) ++#define BCOUNT (ctxt->c.b64[0] / 8) ++#define W(n) (ctxt->m.b32[(n)]) ++ ++#define PUTBYTE(x) { \ ++ ctxt->m.b8[(COUNT % 64)] = (x); \ ++ COUNT++; \ ++ COUNT %= 64; \ ++ ctxt->c.b64[0] += 8; \ ++ if (COUNT % 64 == 0) \ ++ sha1_step(ctxt); \ ++ } ++ ++#define PUTPAD(x) { \ ++ ctxt->m.b8[(COUNT % 64)] = (x); \ ++ COUNT++; \ ++ COUNT %= 64; \ ++ if (COUNT % 64 == 0) \ ++ sha1_step(ctxt); \ ++ } ++ ++static void sha1_step(struct sha1_ctxt *); ++ ++static void ++sha1_step(ctxt) ++ struct sha1_ctxt *ctxt; ++{ ++ u_int32_t a, b, c, d, e; ++ size_t t, s; ++ u_int32_t tmp; ++ ++#if BYTE_ORDER == LITTLE_ENDIAN ++ struct sha1_ctxt tctxt; ++ bcopy(&ctxt->m.b8[0], &tctxt.m.b8[0], 64); ++ ctxt->m.b8[0] = tctxt.m.b8[3]; ctxt->m.b8[1] = tctxt.m.b8[2]; ++ ctxt->m.b8[2] = tctxt.m.b8[1]; ctxt->m.b8[3] = tctxt.m.b8[0]; ++ ctxt->m.b8[4] = tctxt.m.b8[7]; ctxt->m.b8[5] = tctxt.m.b8[6]; ++ ctxt->m.b8[6] = tctxt.m.b8[5]; ctxt->m.b8[7] = tctxt.m.b8[4]; ++ ctxt->m.b8[8] = tctxt.m.b8[11]; ctxt->m.b8[9] = tctxt.m.b8[10]; ++ ctxt->m.b8[10] = tctxt.m.b8[9]; ctxt->m.b8[11] = tctxt.m.b8[8]; ++ ctxt->m.b8[12] = tctxt.m.b8[15]; ctxt->m.b8[13] = tctxt.m.b8[14]; ++ ctxt->m.b8[14] = tctxt.m.b8[13]; ctxt->m.b8[15] = tctxt.m.b8[12]; ++ ctxt->m.b8[16] = tctxt.m.b8[19]; ctxt->m.b8[17] = tctxt.m.b8[18]; ++ ctxt->m.b8[18] = tctxt.m.b8[17]; ctxt->m.b8[19] = tctxt.m.b8[16]; ++ ctxt->m.b8[20] = tctxt.m.b8[23]; ctxt->m.b8[21] = tctxt.m.b8[22]; ++ ctxt->m.b8[22] = tctxt.m.b8[21]; ctxt->m.b8[23] = tctxt.m.b8[20]; ++ ctxt->m.b8[24] = tctxt.m.b8[27]; ctxt->m.b8[25] = tctxt.m.b8[26]; ++ ctxt->m.b8[26] = tctxt.m.b8[25]; ctxt->m.b8[27] = tctxt.m.b8[24]; ++ ctxt->m.b8[28] = tctxt.m.b8[31]; ctxt->m.b8[29] = tctxt.m.b8[30]; ++ ctxt->m.b8[30] = tctxt.m.b8[29]; ctxt->m.b8[31] = tctxt.m.b8[28]; ++ ctxt->m.b8[32] = tctxt.m.b8[35]; ctxt->m.b8[33] = tctxt.m.b8[34]; ++ ctxt->m.b8[34] = tctxt.m.b8[33]; ctxt->m.b8[35] = tctxt.m.b8[32]; ++ ctxt->m.b8[36] = tctxt.m.b8[39]; ctxt->m.b8[37] = tctxt.m.b8[38]; ++ ctxt->m.b8[38] = tctxt.m.b8[37]; ctxt->m.b8[39] = tctxt.m.b8[36]; ++ ctxt->m.b8[40] = tctxt.m.b8[43]; ctxt->m.b8[41] = tctxt.m.b8[42]; ++ ctxt->m.b8[42] = tctxt.m.b8[41]; ctxt->m.b8[43] = tctxt.m.b8[40]; ++ ctxt->m.b8[44] = tctxt.m.b8[47]; ctxt->m.b8[45] = tctxt.m.b8[46]; ++ ctxt->m.b8[46] = tctxt.m.b8[45]; ctxt->m.b8[47] = tctxt.m.b8[44]; ++ ctxt->m.b8[48] = tctxt.m.b8[51]; ctxt->m.b8[49] = tctxt.m.b8[50]; ++ ctxt->m.b8[50] = tctxt.m.b8[49]; ctxt->m.b8[51] = tctxt.m.b8[48]; ++ ctxt->m.b8[52] = tctxt.m.b8[55]; ctxt->m.b8[53] = tctxt.m.b8[54]; ++ ctxt->m.b8[54] = tctxt.m.b8[53]; ctxt->m.b8[55] = tctxt.m.b8[52]; ++ ctxt->m.b8[56] = tctxt.m.b8[59]; ctxt->m.b8[57] = tctxt.m.b8[58]; ++ ctxt->m.b8[58] = tctxt.m.b8[57]; ctxt->m.b8[59] = tctxt.m.b8[56]; ++ ctxt->m.b8[60] = tctxt.m.b8[63]; ctxt->m.b8[61] = tctxt.m.b8[62]; ++ ctxt->m.b8[62] = tctxt.m.b8[61]; ctxt->m.b8[63] = tctxt.m.b8[60]; ++#endif ++ ++ a = H(0); b = H(1); c = H(2); d = H(3); e = H(4); ++ ++ for (t = 0; t < 20; t++) { ++ s = t & 0x0f; ++ if (t >= 16) { ++ W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s)); ++ } ++ tmp = S(5, a) + F0(b, c, d) + e + W(s) + K(t); ++ e = d; d = c; c = S(30, b); b = a; a = tmp; ++ } ++ for (t = 20; t < 40; t++) { ++ s = t & 0x0f; ++ W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s)); ++ tmp = S(5, a) + F1(b, c, d) + e + W(s) + K(t); ++ e = d; d = c; c = S(30, b); b = a; a = tmp; ++ } ++ for (t = 40; t < 60; t++) { ++ s = t & 0x0f; ++ W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s)); ++ tmp = S(5, a) + F2(b, c, d) + e + W(s) + K(t); ++ e = d; d = c; c = S(30, b); b = a; a = tmp; ++ } ++ for (t = 60; t < 80; t++) { ++ s = t & 0x0f; ++ W(s) = S(1, W((s+13) & 0x0f) ^ W((s+8) & 0x0f) ^ W((s+2) & 0x0f) ^ W(s)); ++ tmp = S(5, a) + F3(b, c, d) + e + W(s) + K(t); ++ e = d; d = c; c = S(30, b); b = a; a = tmp; ++ } ++ ++ H(0) = H(0) + a; ++ H(1) = H(1) + b; ++ H(2) = H(2) + c; ++ H(3) = H(3) + d; ++ H(4) = H(4) + e; ++ ++ bzero(&ctxt->m.b8[0], 64); ++} ++ ++/*------------------------------------------------------------*/ ++ ++void ++sha1_init(ctxt) ++ struct sha1_ctxt *ctxt; ++{ ++ bzero(ctxt, sizeof(struct sha1_ctxt)); ++ H(0) = 0x67452301; ++ H(1) = 0xefcdab89; ++ H(2) = 0x98badcfe; ++ H(3) = 0x10325476; ++ H(4) = 0xc3d2e1f0; ++} ++ ++void ++sha1_pad(ctxt) ++ struct sha1_ctxt *ctxt; ++{ ++ size_t padlen; /*pad length in bytes*/ ++ size_t padstart; ++ ++ PUTPAD(0x80); ++ ++ padstart = COUNT % 64; ++ padlen = 64 - padstart; ++ if (padlen < 8) { ++ bzero(&ctxt->m.b8[padstart], padlen); ++ COUNT += padlen; ++ COUNT %= 64; ++ sha1_step(ctxt); ++ padstart = COUNT % 64; /* should be 0 */ ++ padlen = 64 - padstart; /* should be 64 */ ++ } ++ bzero(&ctxt->m.b8[padstart], padlen - 8); ++ COUNT += (padlen - 8); ++ COUNT %= 64; ++#if BYTE_ORDER == BIG_ENDIAN ++ PUTPAD(ctxt->c.b8[0]); PUTPAD(ctxt->c.b8[1]); ++ PUTPAD(ctxt->c.b8[2]); PUTPAD(ctxt->c.b8[3]); ++ PUTPAD(ctxt->c.b8[4]); PUTPAD(ctxt->c.b8[5]); ++ PUTPAD(ctxt->c.b8[6]); PUTPAD(ctxt->c.b8[7]); ++#else ++ PUTPAD(ctxt->c.b8[7]); PUTPAD(ctxt->c.b8[6]); ++ PUTPAD(ctxt->c.b8[5]); PUTPAD(ctxt->c.b8[4]); ++ PUTPAD(ctxt->c.b8[3]); PUTPAD(ctxt->c.b8[2]); ++ PUTPAD(ctxt->c.b8[1]); PUTPAD(ctxt->c.b8[0]); ++#endif ++} ++ ++void ++sha1_loop(ctxt, input, len) ++ struct sha1_ctxt *ctxt; ++ const u_int8_t *input; ++ size_t len; ++{ ++ size_t gaplen; ++ size_t gapstart; ++ size_t off; ++ size_t copysiz; ++ ++ off = 0; ++ ++ while (off < len) { ++ gapstart = COUNT % 64; ++ gaplen = 64 - gapstart; ++ ++ copysiz = (gaplen < len - off) ? gaplen : len - off; ++ bcopy(&input[off], &ctxt->m.b8[gapstart], copysiz); ++ COUNT += copysiz; ++ COUNT %= 64; ++ ctxt->c.b64[0] += copysiz * 8; ++ if (COUNT % 64 == 0) ++ sha1_step(ctxt); ++ off += copysiz; ++ } ++} ++ ++void ++sha1_result(ctxt, digest0) ++ struct sha1_ctxt *ctxt; ++ caddr_t digest0; ++{ ++ u_int8_t *digest; ++ ++ digest = (u_int8_t *)digest0; ++ sha1_pad(ctxt); ++#if BYTE_ORDER == BIG_ENDIAN ++ bcopy(&ctxt->h.b8[0], digest, 20); ++#else ++ digest[0] = ctxt->h.b8[3]; digest[1] = ctxt->h.b8[2]; ++ digest[2] = ctxt->h.b8[1]; digest[3] = ctxt->h.b8[0]; ++ digest[4] = ctxt->h.b8[7]; digest[5] = ctxt->h.b8[6]; ++ digest[6] = ctxt->h.b8[5]; digest[7] = ctxt->h.b8[4]; ++ digest[8] = ctxt->h.b8[11]; digest[9] = ctxt->h.b8[10]; ++ digest[10] = ctxt->h.b8[9]; digest[11] = ctxt->h.b8[8]; ++ digest[12] = ctxt->h.b8[15]; digest[13] = ctxt->h.b8[14]; ++ digest[14] = ctxt->h.b8[13]; digest[15] = ctxt->h.b8[12]; ++ digest[16] = ctxt->h.b8[19]; digest[17] = ctxt->h.b8[18]; ++ digest[18] = ctxt->h.b8[17]; digest[19] = ctxt->h.b8[16]; ++#endif ++} ++ ++#endif /*unsupported*/ +--- /dev/null ++++ b/crypto/ocf/safe/sha1.h +@@ -0,0 +1,72 @@ ++/* $FreeBSD: src/sys/crypto/sha1.h,v 1.8 2002/03/20 05:13:50 alfred Exp $ */ ++/* $KAME: sha1.h,v 1.5 2000/03/27 04:36:23 sumikawa Exp $ */ ++ ++/* ++ * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. Neither the name of the project nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++/* ++ * FIPS pub 180-1: Secure Hash Algorithm (SHA-1) ++ * based on: http://csrc.nist.gov/fips/fip180-1.txt ++ * implemented by Jun-ichiro itojun Itoh <itojun@itojun.org> ++ */ ++ ++#ifndef _NETINET6_SHA1_H_ ++#define _NETINET6_SHA1_H_ ++ ++struct sha1_ctxt { ++ union { ++ u_int8_t b8[20]; ++ u_int32_t b32[5]; ++ } h; ++ union { ++ u_int8_t b8[8]; ++ u_int64_t b64[1]; ++ } c; ++ union { ++ u_int8_t b8[64]; ++ u_int32_t b32[16]; ++ } m; ++ u_int8_t count; ++}; ++ ++#ifdef __KERNEL__ ++extern void sha1_init(struct sha1_ctxt *); ++extern void sha1_pad(struct sha1_ctxt *); ++extern void sha1_loop(struct sha1_ctxt *, const u_int8_t *, size_t); ++extern void sha1_result(struct sha1_ctxt *, caddr_t); ++ ++/* compatibilty with other SHA1 source codes */ ++typedef struct sha1_ctxt SHA1_CTX; ++#define SHA1Init(x) sha1_init((x)) ++#define SHA1Update(x, y, z) sha1_loop((x), (y), (z)) ++#define SHA1Final(x, y) sha1_result((y), (x)) ++#endif /* __KERNEL__ */ ++ ++#define SHA1_RESULTLEN (160/8) ++ ++#endif /*_NETINET6_SHA1_H_*/ +--- /dev/null ++++ b/crypto/ocf/safe/safereg.h +@@ -0,0 +1,421 @@ ++/*- ++ * Copyright (c) 2003 Sam Leffler, Errno Consulting ++ * Copyright (c) 2003 Global Technology Associates, Inc. ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * $FreeBSD: src/sys/dev/safe/safereg.h,v 1.1 2003/07/21 21:46:07 sam Exp $ ++ */ ++#ifndef _SAFE_SAFEREG_H_ ++#define _SAFE_SAFEREG_H_ ++ ++/* ++ * Register definitions for SafeNet SafeXcel-1141 crypto device. ++ * Definitions from revision 1.3 (Nov 6 2002) of the User's Manual. ++ */ ++ ++#define BS_BAR 0x10 /* DMA base address register */ ++#define BS_TRDY_TIMEOUT 0x40 /* TRDY timeout */ ++#define BS_RETRY_TIMEOUT 0x41 /* DMA retry timeout */ ++ ++#define PCI_VENDOR_SAFENET 0x16ae /* SafeNet, Inc. */ ++ ++/* SafeNet */ ++#define PCI_PRODUCT_SAFEXCEL 0x1141 /* 1141 */ ++ ++#define SAFE_PE_CSR 0x0000 /* Packet Enginge Ctrl/Status */ ++#define SAFE_PE_SRC 0x0004 /* Packet Engine Source */ ++#define SAFE_PE_DST 0x0008 /* Packet Engine Destination */ ++#define SAFE_PE_SA 0x000c /* Packet Engine SA */ ++#define SAFE_PE_LEN 0x0010 /* Packet Engine Length */ ++#define SAFE_PE_DMACFG 0x0040 /* Packet Engine DMA Configuration */ ++#define SAFE_PE_DMASTAT 0x0044 /* Packet Engine DMA Status */ ++#define SAFE_PE_PDRBASE 0x0048 /* Packet Engine Descriptor Ring Base */ ++#define SAFE_PE_RDRBASE 0x004c /* Packet Engine Result Ring Base */ ++#define SAFE_PE_RINGCFG 0x0050 /* Packet Engine Ring Configuration */ ++#define SAFE_PE_RINGPOLL 0x0054 /* Packet Engine Ring Poll */ ++#define SAFE_PE_IRNGSTAT 0x0058 /* Packet Engine Internal Ring Status */ ++#define SAFE_PE_ERNGSTAT 0x005c /* Packet Engine External Ring Status */ ++#define SAFE_PE_IOTHRESH 0x0060 /* Packet Engine I/O Threshold */ ++#define SAFE_PE_GRNGBASE 0x0064 /* Packet Engine Gather Ring Base */ ++#define SAFE_PE_SRNGBASE 0x0068 /* Packet Engine Scatter Ring Base */ ++#define SAFE_PE_PARTSIZE 0x006c /* Packet Engine Particlar Ring Size */ ++#define SAFE_PE_PARTCFG 0x0070 /* Packet Engine Particle Ring Config */ ++#define SAFE_CRYPTO_CTRL 0x0080 /* Crypto Control */ ++#define SAFE_DEVID 0x0084 /* Device ID */ ++#define SAFE_DEVINFO 0x0088 /* Device Info */ ++#define SAFE_HU_STAT 0x00a0 /* Host Unmasked Status */ ++#define SAFE_HM_STAT 0x00a4 /* Host Masked Status (read-only) */ ++#define SAFE_HI_CLR 0x00a4 /* Host Clear Interrupt (write-only) */ ++#define SAFE_HI_MASK 0x00a8 /* Host Mask Control */ ++#define SAFE_HI_CFG 0x00ac /* Interrupt Configuration */ ++#define SAFE_HI_RD_DESCR 0x00b4 /* Force Descriptor Read */ ++#define SAFE_HI_DESC_CNT 0x00b8 /* Host Descriptor Done Count */ ++#define SAFE_DMA_ENDIAN 0x00c0 /* Master Endian Status */ ++#define SAFE_DMA_SRCADDR 0x00c4 /* DMA Source Address Status */ ++#define SAFE_DMA_DSTADDR 0x00c8 /* DMA Destination Address Status */ ++#define SAFE_DMA_STAT 0x00cc /* DMA Current Status */ ++#define SAFE_DMA_CFG 0x00d4 /* DMA Configuration/Status */ ++#define SAFE_ENDIAN 0x00e0 /* Endian Configuration */ ++#define SAFE_PK_A_ADDR 0x0800 /* Public Key A Address */ ++#define SAFE_PK_B_ADDR 0x0804 /* Public Key B Address */ ++#define SAFE_PK_C_ADDR 0x0808 /* Public Key C Address */ ++#define SAFE_PK_D_ADDR 0x080c /* Public Key D Address */ ++#define SAFE_PK_A_LEN 0x0810 /* Public Key A Length */ ++#define SAFE_PK_B_LEN 0x0814 /* Public Key B Length */ ++#define SAFE_PK_SHIFT 0x0818 /* Public Key Shift */ ++#define SAFE_PK_FUNC 0x081c /* Public Key Function */ ++#define SAFE_PK_RAM_START 0x1000 /* Public Key RAM start address */ ++#define SAFE_PK_RAM_END 0x1fff /* Public Key RAM end address */ ++ ++#define SAFE_RNG_OUT 0x0100 /* RNG Output */ ++#define SAFE_RNG_STAT 0x0104 /* RNG Status */ ++#define SAFE_RNG_CTRL 0x0108 /* RNG Control */ ++#define SAFE_RNG_A 0x010c /* RNG A */ ++#define SAFE_RNG_B 0x0110 /* RNG B */ ++#define SAFE_RNG_X_LO 0x0114 /* RNG X [31:0] */ ++#define SAFE_RNG_X_MID 0x0118 /* RNG X [63:32] */ ++#define SAFE_RNG_X_HI 0x011c /* RNG X [80:64] */ ++#define SAFE_RNG_X_CNTR 0x0120 /* RNG Counter */ ++#define SAFE_RNG_ALM_CNT 0x0124 /* RNG Alarm Count */ ++#define SAFE_RNG_CNFG 0x0128 /* RNG Configuration */ ++#define SAFE_RNG_LFSR1_LO 0x012c /* RNG LFSR1 [31:0] */ ++#define SAFE_RNG_LFSR1_HI 0x0130 /* RNG LFSR1 [47:32] */ ++#define SAFE_RNG_LFSR2_LO 0x0134 /* RNG LFSR1 [31:0] */ ++#define SAFE_RNG_LFSR2_HI 0x0138 /* RNG LFSR1 [47:32] */ ++ ++#define SAFE_PE_CSR_READY 0x00000001 /* ready for processing */ ++#define SAFE_PE_CSR_DONE 0x00000002 /* h/w completed processing */ ++#define SAFE_PE_CSR_LOADSA 0x00000004 /* load SA digests */ ++#define SAFE_PE_CSR_HASHFINAL 0x00000010 /* do hash pad & write result */ ++#define SAFE_PE_CSR_SABUSID 0x000000c0 /* bus id for SA */ ++#define SAFE_PE_CSR_SAPCI 0x00000040 /* PCI bus id for SA */ ++#define SAFE_PE_CSR_NXTHDR 0x0000ff00 /* next hdr value for IPsec */ ++#define SAFE_PE_CSR_FPAD 0x0000ff00 /* fixed pad for basic ops */ ++#define SAFE_PE_CSR_STATUS 0x00ff0000 /* operation result status */ ++#define SAFE_PE_CSR_AUTH_FAIL 0x00010000 /* ICV mismatch (inbound) */ ++#define SAFE_PE_CSR_PAD_FAIL 0x00020000 /* pad verify fail (inbound) */ ++#define SAFE_PE_CSR_SEQ_FAIL 0x00040000 /* sequence number (inbound) */ ++#define SAFE_PE_CSR_XERROR 0x00080000 /* extended error follows */ ++#define SAFE_PE_CSR_XECODE 0x00f00000 /* extended error code */ ++#define SAFE_PE_CSR_XECODE_S 20 ++#define SAFE_PE_CSR_XECODE_BADCMD 0 /* invalid command */ ++#define SAFE_PE_CSR_XECODE_BADALG 1 /* invalid algorithm */ ++#define SAFE_PE_CSR_XECODE_ALGDIS 2 /* algorithm disabled */ ++#define SAFE_PE_CSR_XECODE_ZEROLEN 3 /* zero packet length */ ++#define SAFE_PE_CSR_XECODE_DMAERR 4 /* bus DMA error */ ++#define SAFE_PE_CSR_XECODE_PIPEABORT 5 /* secondary bus DMA error */ ++#define SAFE_PE_CSR_XECODE_BADSPI 6 /* IPsec SPI mismatch */ ++#define SAFE_PE_CSR_XECODE_TIMEOUT 10 /* failsafe timeout */ ++#define SAFE_PE_CSR_PAD 0xff000000 /* ESP padding control/status */ ++#define SAFE_PE_CSR_PAD_MIN 0x00000000 /* minimum IPsec padding */ ++#define SAFE_PE_CSR_PAD_16 0x08000000 /* pad to 16-byte boundary */ ++#define SAFE_PE_CSR_PAD_32 0x10000000 /* pad to 32-byte boundary */ ++#define SAFE_PE_CSR_PAD_64 0x20000000 /* pad to 64-byte boundary */ ++#define SAFE_PE_CSR_PAD_128 0x40000000 /* pad to 128-byte boundary */ ++#define SAFE_PE_CSR_PAD_256 0x80000000 /* pad to 256-byte boundary */ ++ ++/* ++ * Check the CSR to see if the PE has returned ownership to ++ * the host. Note that before processing a descriptor this ++ * must be done followed by a check of the SAFE_PE_LEN register ++ * status bits to avoid premature processing of a descriptor ++ * on its way back to the host. ++ */ ++#define SAFE_PE_CSR_IS_DONE(_csr) \ ++ (((_csr) & (SAFE_PE_CSR_READY | SAFE_PE_CSR_DONE)) == SAFE_PE_CSR_DONE) ++ ++#define SAFE_PE_LEN_LENGTH 0x000fffff /* total length (bytes) */ ++#define SAFE_PE_LEN_READY 0x00400000 /* ready for processing */ ++#define SAFE_PE_LEN_DONE 0x00800000 /* h/w completed processing */ ++#define SAFE_PE_LEN_BYPASS 0xff000000 /* bypass offset (bytes) */ ++#define SAFE_PE_LEN_BYPASS_S 24 ++ ++#define SAFE_PE_LEN_IS_DONE(_len) \ ++ (((_len) & (SAFE_PE_LEN_READY | SAFE_PE_LEN_DONE)) == SAFE_PE_LEN_DONE) ++ ++/* NB: these apply to HU_STAT, HM_STAT, HI_CLR, and HI_MASK */ ++#define SAFE_INT_PE_CDONE 0x00000002 /* PE context done */ ++#define SAFE_INT_PE_DDONE 0x00000008 /* PE descriptor done */ ++#define SAFE_INT_PE_ERROR 0x00000010 /* PE error */ ++#define SAFE_INT_PE_ODONE 0x00000020 /* PE operation done */ ++ ++#define SAFE_HI_CFG_PULSE 0x00000001 /* use pulse interrupt */ ++#define SAFE_HI_CFG_LEVEL 0x00000000 /* use level interrupt */ ++#define SAFE_HI_CFG_AUTOCLR 0x00000002 /* auto-clear pulse interrupt */ ++ ++#define SAFE_ENDIAN_PASS 0x000000e4 /* straight pass-thru */ ++#define SAFE_ENDIAN_SWAB 0x0000001b /* swap bytes in 32-bit word */ ++ ++#define SAFE_PE_DMACFG_PERESET 0x00000001 /* reset packet engine */ ++#define SAFE_PE_DMACFG_PDRRESET 0x00000002 /* reset PDR counters/ptrs */ ++#define SAFE_PE_DMACFG_SGRESET 0x00000004 /* reset scatter/gather cache */ ++#define SAFE_PE_DMACFG_FSENA 0x00000008 /* enable failsafe reset */ ++#define SAFE_PE_DMACFG_PEMODE 0x00000100 /* packet engine mode */ ++#define SAFE_PE_DMACFG_SAPREC 0x00000200 /* SA precedes packet */ ++#define SAFE_PE_DMACFG_PKFOLL 0x00000400 /* packet follows descriptor */ ++#define SAFE_PE_DMACFG_GPRBID 0x00003000 /* gather particle ring busid */ ++#define SAFE_PE_DMACFG_GPRPCI 0x00001000 /* PCI gather particle ring */ ++#define SAFE_PE_DMACFG_SPRBID 0x0000c000 /* scatter part. ring busid */ ++#define SAFE_PE_DMACFG_SPRPCI 0x00004000 /* PCI scatter part. ring */ ++#define SAFE_PE_DMACFG_ESDESC 0x00010000 /* endian swap descriptors */ ++#define SAFE_PE_DMACFG_ESSA 0x00020000 /* endian swap SA data */ ++#define SAFE_PE_DMACFG_ESPACKET 0x00040000 /* endian swap packet data */ ++#define SAFE_PE_DMACFG_ESPDESC 0x00080000 /* endian swap particle desc. */ ++#define SAFE_PE_DMACFG_NOPDRUP 0x00100000 /* supp. PDR ownership update */ ++#define SAFE_PD_EDMACFG_PCIMODE 0x01000000 /* PCI target mode */ ++ ++#define SAFE_PE_DMASTAT_PEIDONE 0x00000001 /* PE core input done */ ++#define SAFE_PE_DMASTAT_PEODONE 0x00000002 /* PE core output done */ ++#define SAFE_PE_DMASTAT_ENCDONE 0x00000004 /* encryption done */ ++#define SAFE_PE_DMASTAT_IHDONE 0x00000008 /* inner hash done */ ++#define SAFE_PE_DMASTAT_OHDONE 0x00000010 /* outer hash (HMAC) done */ ++#define SAFE_PE_DMASTAT_PADFLT 0x00000020 /* crypto pad fault */ ++#define SAFE_PE_DMASTAT_ICVFLT 0x00000040 /* ICV fault */ ++#define SAFE_PE_DMASTAT_SPIMIS 0x00000080 /* SPI mismatch */ ++#define SAFE_PE_DMASTAT_CRYPTO 0x00000100 /* crypto engine timeout */ ++#define SAFE_PE_DMASTAT_CQACT 0x00000200 /* command queue active */ ++#define SAFE_PE_DMASTAT_IRACT 0x00000400 /* input request active */ ++#define SAFE_PE_DMASTAT_ORACT 0x00000800 /* output request active */ ++#define SAFE_PE_DMASTAT_PEISIZE 0x003ff000 /* PE input size:32-bit words */ ++#define SAFE_PE_DMASTAT_PEOSIZE 0xffc00000 /* PE out. size:32-bit words */ ++ ++#define SAFE_PE_RINGCFG_SIZE 0x000003ff /* ring size (descriptors) */ ++#define SAFE_PE_RINGCFG_OFFSET 0xffff0000 /* offset btw desc's (dwords) */ ++#define SAFE_PE_RINGCFG_OFFSET_S 16 ++ ++#define SAFE_PE_RINGPOLL_POLL 0x00000fff /* polling frequency/divisor */ ++#define SAFE_PE_RINGPOLL_RETRY 0x03ff0000 /* polling frequency/divisor */ ++#define SAFE_PE_RINGPOLL_CONT 0x80000000 /* continuously poll */ ++ ++#define SAFE_PE_IRNGSTAT_CQAVAIL 0x00000001 /* command queue available */ ++ ++#define SAFE_PE_ERNGSTAT_NEXT 0x03ff0000 /* index of next packet desc. */ ++#define SAFE_PE_ERNGSTAT_NEXT_S 16 ++ ++#define SAFE_PE_IOTHRESH_INPUT 0x000003ff /* input threshold (dwords) */ ++#define SAFE_PE_IOTHRESH_OUTPUT 0x03ff0000 /* output threshold (dwords) */ ++ ++#define SAFE_PE_PARTCFG_SIZE 0x0000ffff /* scatter particle size */ ++#define SAFE_PE_PARTCFG_GBURST 0x00030000 /* gather particle burst */ ++#define SAFE_PE_PARTCFG_GBURST_2 0x00000000 ++#define SAFE_PE_PARTCFG_GBURST_4 0x00010000 ++#define SAFE_PE_PARTCFG_GBURST_8 0x00020000 ++#define SAFE_PE_PARTCFG_GBURST_16 0x00030000 ++#define SAFE_PE_PARTCFG_SBURST 0x000c0000 /* scatter particle burst */ ++#define SAFE_PE_PARTCFG_SBURST_2 0x00000000 ++#define SAFE_PE_PARTCFG_SBURST_4 0x00040000 ++#define SAFE_PE_PARTCFG_SBURST_8 0x00080000 ++#define SAFE_PE_PARTCFG_SBURST_16 0x000c0000 ++ ++#define SAFE_PE_PARTSIZE_SCAT 0xffff0000 /* scatter particle ring size */ ++#define SAFE_PE_PARTSIZE_GATH 0x0000ffff /* gather particle ring size */ ++ ++#define SAFE_CRYPTO_CTRL_3DES 0x00000001 /* enable 3DES support */ ++#define SAFE_CRYPTO_CTRL_PKEY 0x00010000 /* enable public key support */ ++#define SAFE_CRYPTO_CTRL_RNG 0x00020000 /* enable RNG support */ ++ ++#define SAFE_DEVINFO_REV_MIN 0x0000000f /* minor rev for chip */ ++#define SAFE_DEVINFO_REV_MAJ 0x000000f0 /* major rev for chip */ ++#define SAFE_DEVINFO_REV_MAJ_S 4 ++#define SAFE_DEVINFO_DES 0x00000100 /* DES/3DES support present */ ++#define SAFE_DEVINFO_ARC4 0x00000200 /* ARC4 support present */ ++#define SAFE_DEVINFO_AES 0x00000400 /* AES support present */ ++#define SAFE_DEVINFO_MD5 0x00001000 /* MD5 support present */ ++#define SAFE_DEVINFO_SHA1 0x00002000 /* SHA-1 support present */ ++#define SAFE_DEVINFO_RIPEMD 0x00004000 /* RIPEMD support present */ ++#define SAFE_DEVINFO_DEFLATE 0x00010000 /* Deflate support present */ ++#define SAFE_DEVINFO_SARAM 0x00100000 /* on-chip SA RAM present */ ++#define SAFE_DEVINFO_EMIBUS 0x00200000 /* EMI bus present */ ++#define SAFE_DEVINFO_PKEY 0x00400000 /* public key support present */ ++#define SAFE_DEVINFO_RNG 0x00800000 /* RNG present */ ++ ++#define SAFE_REV(_maj, _min) (((_maj) << SAFE_DEVINFO_REV_MAJ_S) | (_min)) ++#define SAFE_REV_MAJ(_chiprev) \ ++ (((_chiprev) & SAFE_DEVINFO_REV_MAJ) >> SAFE_DEVINFO_REV_MAJ_S) ++#define SAFE_REV_MIN(_chiprev) ((_chiprev) & SAFE_DEVINFO_REV_MIN) ++ ++#define SAFE_PK_FUNC_MULT 0x00000001 /* Multiply function */ ++#define SAFE_PK_FUNC_SQUARE 0x00000004 /* Square function */ ++#define SAFE_PK_FUNC_ADD 0x00000010 /* Add function */ ++#define SAFE_PK_FUNC_SUB 0x00000020 /* Subtract function */ ++#define SAFE_PK_FUNC_LSHIFT 0x00000040 /* Left-shift function */ ++#define SAFE_PK_FUNC_RSHIFT 0x00000080 /* Right-shift function */ ++#define SAFE_PK_FUNC_DIV 0x00000100 /* Divide function */ ++#define SAFE_PK_FUNC_CMP 0x00000400 /* Compare function */ ++#define SAFE_PK_FUNC_COPY 0x00000800 /* Copy function */ ++#define SAFE_PK_FUNC_EXP16 0x00002000 /* Exponentiate (4-bit ACT) */ ++#define SAFE_PK_FUNC_EXP4 0x00004000 /* Exponentiate (2-bit ACT) */ ++#define SAFE_PK_FUNC_RUN 0x00008000 /* start/status */ ++ ++#define SAFE_RNG_STAT_BUSY 0x00000001 /* busy, data not valid */ ++ ++#define SAFE_RNG_CTRL_PRE_LFSR 0x00000001 /* enable output pre-LFSR */ ++#define SAFE_RNG_CTRL_TST_MODE 0x00000002 /* enable test mode */ ++#define SAFE_RNG_CTRL_TST_RUN 0x00000004 /* start test state machine */ ++#define SAFE_RNG_CTRL_ENA_RING1 0x00000008 /* test entropy oscillator #1 */ ++#define SAFE_RNG_CTRL_ENA_RING2 0x00000010 /* test entropy oscillator #2 */ ++#define SAFE_RNG_CTRL_DIS_ALARM 0x00000020 /* disable RNG alarm reports */ ++#define SAFE_RNG_CTRL_TST_CLOCK 0x00000040 /* enable test clock */ ++#define SAFE_RNG_CTRL_SHORTEN 0x00000080 /* shorten state timers */ ++#define SAFE_RNG_CTRL_TST_ALARM 0x00000100 /* simulate alarm state */ ++#define SAFE_RNG_CTRL_RST_LFSR 0x00000200 /* reset LFSR */ ++ ++/* ++ * Packet engine descriptor. Note that d_csr is a copy of the ++ * SAFE_PE_CSR register and all definitions apply, and d_len ++ * is a copy of the SAFE_PE_LEN register and all definitions apply. ++ * d_src and d_len may point directly to contiguous data or to a ++ * list of ``particle descriptors'' when using scatter/gather i/o. ++ */ ++struct safe_desc { ++ u_int32_t d_csr; /* per-packet control/status */ ++ u_int32_t d_src; /* source address */ ++ u_int32_t d_dst; /* destination address */ ++ u_int32_t d_sa; /* SA address */ ++ u_int32_t d_len; /* length, bypass, status */ ++}; ++ ++/* ++ * Scatter/Gather particle descriptor. ++ * ++ * NB: scatter descriptors do not specify a size; this is fixed ++ * by the setting of the SAFE_PE_PARTCFG register. ++ */ ++struct safe_pdesc { ++ u_int32_t pd_addr; /* particle address */ ++#ifdef __BIG_ENDIAN ++ u_int16_t pd_flags; /* control word */ ++ u_int16_t pd_size; /* particle size (bytes) */ ++#else ++ u_int16_t pd_flags; /* control word */ ++ u_int16_t pd_size; /* particle size (bytes) */ ++#endif ++}; ++ ++#define SAFE_PD_READY 0x0001 /* ready for processing */ ++#define SAFE_PD_DONE 0x0002 /* h/w completed processing */ ++ ++/* ++ * Security Association (SA) Record (Rev 1). One of these is ++ * required for each operation processed by the packet engine. ++ */ ++struct safe_sarec { ++ u_int32_t sa_cmd0; ++ u_int32_t sa_cmd1; ++ u_int32_t sa_resv0; ++ u_int32_t sa_resv1; ++ u_int32_t sa_key[8]; /* DES/3DES/AES key */ ++ u_int32_t sa_indigest[5]; /* inner digest */ ++ u_int32_t sa_outdigest[5]; /* outer digest */ ++ u_int32_t sa_spi; /* SPI */ ++ u_int32_t sa_seqnum; /* sequence number */ ++ u_int32_t sa_seqmask[2]; /* sequence number mask */ ++ u_int32_t sa_resv2; ++ u_int32_t sa_staterec; /* address of state record */ ++ u_int32_t sa_resv3[2]; ++ u_int32_t sa_samgmt0; /* SA management field 0 */ ++ u_int32_t sa_samgmt1; /* SA management field 0 */ ++}; ++ ++#define SAFE_SA_CMD0_OP 0x00000007 /* operation code */ ++#define SAFE_SA_CMD0_OP_CRYPT 0x00000000 /* encrypt/decrypt (basic) */ ++#define SAFE_SA_CMD0_OP_BOTH 0x00000001 /* encrypt-hash/hash-decrypto */ ++#define SAFE_SA_CMD0_OP_HASH 0x00000003 /* hash (outbound-only) */ ++#define SAFE_SA_CMD0_OP_ESP 0x00000000 /* ESP in/out (proto) */ ++#define SAFE_SA_CMD0_OP_AH 0x00000001 /* AH in/out (proto) */ ++#define SAFE_SA_CMD0_INBOUND 0x00000008 /* inbound operation */ ++#define SAFE_SA_CMD0_OUTBOUND 0x00000000 /* outbound operation */ ++#define SAFE_SA_CMD0_GROUP 0x00000030 /* operation group */ ++#define SAFE_SA_CMD0_BASIC 0x00000000 /* basic operation */ ++#define SAFE_SA_CMD0_PROTO 0x00000010 /* protocol/packet operation */ ++#define SAFE_SA_CMD0_BUNDLE 0x00000020 /* bundled operation (resvd) */ ++#define SAFE_SA_CMD0_PAD 0x000000c0 /* crypto pad method */ ++#define SAFE_SA_CMD0_PAD_IPSEC 0x00000000 /* IPsec padding */ ++#define SAFE_SA_CMD0_PAD_PKCS7 0x00000040 /* PKCS#7 padding */ ++#define SAFE_SA_CMD0_PAD_CONS 0x00000080 /* constant padding */ ++#define SAFE_SA_CMD0_PAD_ZERO 0x000000c0 /* zero padding */ ++#define SAFE_SA_CMD0_CRYPT_ALG 0x00000f00 /* symmetric crypto algorithm */ ++#define SAFE_SA_CMD0_DES 0x00000000 /* DES crypto algorithm */ ++#define SAFE_SA_CMD0_3DES 0x00000100 /* 3DES crypto algorithm */ ++#define SAFE_SA_CMD0_AES 0x00000300 /* AES crypto algorithm */ ++#define SAFE_SA_CMD0_CRYPT_NULL 0x00000f00 /* null crypto algorithm */ ++#define SAFE_SA_CMD0_HASH_ALG 0x0000f000 /* hash algorithm */ ++#define SAFE_SA_CMD0_MD5 0x00000000 /* MD5 hash algorithm */ ++#define SAFE_SA_CMD0_SHA1 0x00001000 /* SHA-1 hash algorithm */ ++#define SAFE_SA_CMD0_HASH_NULL 0x0000f000 /* null hash algorithm */ ++#define SAFE_SA_CMD0_HDR_PROC 0x00080000 /* header processing */ ++#define SAFE_SA_CMD0_IBUSID 0x00300000 /* input bus id */ ++#define SAFE_SA_CMD0_IPCI 0x00100000 /* PCI input bus id */ ++#define SAFE_SA_CMD0_OBUSID 0x00c00000 /* output bus id */ ++#define SAFE_SA_CMD0_OPCI 0x00400000 /* PCI output bus id */ ++#define SAFE_SA_CMD0_IVLD 0x03000000 /* IV loading */ ++#define SAFE_SA_CMD0_IVLD_NONE 0x00000000 /* IV no load (reuse) */ ++#define SAFE_SA_CMD0_IVLD_IBUF 0x01000000 /* IV load from input buffer */ ++#define SAFE_SA_CMD0_IVLD_STATE 0x02000000 /* IV load from state */ ++#define SAFE_SA_CMD0_HSLD 0x0c000000 /* hash state loading */ ++#define SAFE_SA_CMD0_HSLD_SA 0x00000000 /* hash state load from SA */ ++#define SAFE_SA_CMD0_HSLD_STATE 0x08000000 /* hash state load from state */ ++#define SAFE_SA_CMD0_HSLD_NONE 0x0c000000 /* hash state no load */ ++#define SAFE_SA_CMD0_SAVEIV 0x10000000 /* save IV */ ++#define SAFE_SA_CMD0_SAVEHASH 0x20000000 /* save hash state */ ++#define SAFE_SA_CMD0_IGATHER 0x40000000 /* input gather */ ++#define SAFE_SA_CMD0_OSCATTER 0x80000000 /* output scatter */ ++ ++#define SAFE_SA_CMD1_HDRCOPY 0x00000002 /* copy header to output */ ++#define SAFE_SA_CMD1_PAYCOPY 0x00000004 /* copy payload to output */ ++#define SAFE_SA_CMD1_PADCOPY 0x00000008 /* copy pad to output */ ++#define SAFE_SA_CMD1_IPV4 0x00000000 /* IPv4 protocol */ ++#define SAFE_SA_CMD1_IPV6 0x00000010 /* IPv6 protocol */ ++#define SAFE_SA_CMD1_MUTABLE 0x00000020 /* mutable bit processing */ ++#define SAFE_SA_CMD1_SRBUSID 0x000000c0 /* state record bus id */ ++#define SAFE_SA_CMD1_SRPCI 0x00000040 /* state record from PCI */ ++#define SAFE_SA_CMD1_CRMODE 0x00000300 /* crypto mode */ ++#define SAFE_SA_CMD1_ECB 0x00000000 /* ECB crypto mode */ ++#define SAFE_SA_CMD1_CBC 0x00000100 /* CBC crypto mode */ ++#define SAFE_SA_CMD1_OFB 0x00000200 /* OFB crypto mode */ ++#define SAFE_SA_CMD1_CFB 0x00000300 /* CFB crypto mode */ ++#define SAFE_SA_CMD1_CRFEEDBACK 0x00000c00 /* crypto feedback mode */ ++#define SAFE_SA_CMD1_64BIT 0x00000000 /* 64-bit crypto feedback */ ++#define SAFE_SA_CMD1_8BIT 0x00000400 /* 8-bit crypto feedback */ ++#define SAFE_SA_CMD1_1BIT 0x00000800 /* 1-bit crypto feedback */ ++#define SAFE_SA_CMD1_128BIT 0x00000c00 /* 128-bit crypto feedback */ ++#define SAFE_SA_CMD1_OPTIONS 0x00001000 /* HMAC/options mutable bit */ ++#define SAFE_SA_CMD1_HMAC SAFE_SA_CMD1_OPTIONS ++#define SAFE_SA_CMD1_SAREV1 0x00008000 /* SA Revision 1 */ ++#define SAFE_SA_CMD1_OFFSET 0x00ff0000 /* hash/crypto offset(dwords) */ ++#define SAFE_SA_CMD1_OFFSET_S 16 ++#define SAFE_SA_CMD1_AESKEYLEN 0x0f000000 /* AES key length */ ++#define SAFE_SA_CMD1_AES128 0x02000000 /* 128-bit AES key */ ++#define SAFE_SA_CMD1_AES192 0x03000000 /* 192-bit AES key */ ++#define SAFE_SA_CMD1_AES256 0x04000000 /* 256-bit AES key */ ++ ++/* ++ * Security Associate State Record (Rev 1). ++ */ ++struct safe_sastate { ++ u_int32_t sa_saved_iv[4]; /* saved IV (DES/3DES/AES) */ ++ u_int32_t sa_saved_hashbc; /* saved hash byte count */ ++ u_int32_t sa_saved_indigest[5]; /* saved inner digest */ ++}; ++#endif /* _SAFE_SAFEREG_H_ */ +--- /dev/null ++++ b/crypto/ocf/safe/safevar.h +@@ -0,0 +1,230 @@ ++/*- ++ * The linux port of this code done by David McCullough ++ * Copyright (C) 2004-2007 David McCullough <david_mccullough@securecomputing.com> ++ * The license and original author are listed below. ++ * ++ * Copyright (c) 2003 Sam Leffler, Errno Consulting ++ * Copyright (c) 2003 Global Technology Associates, Inc. ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * $FreeBSD: src/sys/dev/safe/safevar.h,v 1.2 2006/05/17 18:34:26 pjd Exp $ ++ */ ++#ifndef _SAFE_SAFEVAR_H_ ++#define _SAFE_SAFEVAR_H_ ++ ++/* Maximum queue length */ ++#ifndef SAFE_MAX_NQUEUE ++#define SAFE_MAX_NQUEUE 60 ++#endif ++ ++#define SAFE_MAX_PART 64 /* Maximum scatter/gather depth */ ++#define SAFE_DMA_BOUNDARY 0 /* No boundary for source DMA ops */ ++#define SAFE_MAX_DSIZE 2048 /* MCLBYTES Fixed scatter particle size */ ++#define SAFE_MAX_SSIZE 0x0ffff /* Maximum gather particle size */ ++#define SAFE_MAX_DMA 0xfffff /* Maximum PE operand size (20 bits) */ ++/* total src+dst particle descriptors */ ++#define SAFE_TOTAL_DPART (SAFE_MAX_NQUEUE * SAFE_MAX_PART) ++#define SAFE_TOTAL_SPART (SAFE_MAX_NQUEUE * SAFE_MAX_PART) ++ ++#define SAFE_RNG_MAXBUFSIZ 128 /* 32-bit words */ ++ ++#define SAFE_CARD(sid) (((sid) & 0xf0000000) >> 28) ++#define SAFE_SESSION(sid) ( (sid) & 0x0fffffff) ++#define SAFE_SID(crd, sesn) (((crd) << 28) | ((sesn) & 0x0fffffff)) ++ ++#define SAFE_DEF_RTY 0xff /* PCI Retry Timeout */ ++#define SAFE_DEF_TOUT 0xff /* PCI TRDY Timeout */ ++#define SAFE_DEF_CACHELINE 0x01 /* Cache Line setting */ ++ ++#ifdef __KERNEL__ ++/* ++ * State associated with the allocation of each chunk ++ * of memory setup for DMA. ++ */ ++struct safe_dma_alloc { ++ dma_addr_t dma_paddr; ++ void *dma_vaddr; ++}; ++ ++/* ++ * Cryptographic operand state. One of these exists for each ++ * source and destination operand passed in from the crypto ++ * subsystem. When possible source and destination operands ++ * refer to the same memory. More often they are distinct. ++ * We track the virtual address of each operand as well as ++ * where each is mapped for DMA. ++ */ ++struct safe_operand { ++ union { ++ struct sk_buff *skb; ++ struct uio *io; ++ } u; ++ void *map; ++ int mapsize; /* total number of bytes in segs */ ++ struct { ++ dma_addr_t ds_addr; ++ int ds_len; ++ int ds_tlen; ++ } segs[SAFE_MAX_PART]; ++ int nsegs; ++}; ++ ++/* ++ * Packet engine ring entry and cryptographic operation state. ++ * The packet engine requires a ring of descriptors that contain ++ * pointers to various cryptographic state. However the ring ++ * configuration register allows you to specify an arbitrary size ++ * for ring entries. We use this feature to collect most of the ++ * state for each cryptographic request into one spot. Other than ++ * ring entries only the ``particle descriptors'' (scatter/gather ++ * lists) and the actual operand data are kept separate. The ++ * particle descriptors must also be organized in rings. The ++ * operand data can be located aribtrarily (modulo alignment constraints). ++ * ++ * Note that the descriptor ring is mapped onto the PCI bus so ++ * the hardware can DMA data. This means the entire ring must be ++ * contiguous. ++ */ ++struct safe_ringentry { ++ struct safe_desc re_desc; /* command descriptor */ ++ struct safe_sarec re_sa; /* SA record */ ++ struct safe_sastate re_sastate; /* SA state record */ ++ ++ struct cryptop *re_crp; /* crypto operation */ ++ ++ struct safe_operand re_src; /* source operand */ ++ struct safe_operand re_dst; /* destination operand */ ++ ++ int re_sesn; /* crypto session ID */ ++ int re_flags; ++#define SAFE_QFLAGS_COPYOUTIV 0x1 /* copy back on completion */ ++#define SAFE_QFLAGS_COPYOUTICV 0x2 /* copy back on completion */ ++}; ++ ++#define re_src_skb re_src.u.skb ++#define re_src_io re_src.u.io ++#define re_src_map re_src.map ++#define re_src_nsegs re_src.nsegs ++#define re_src_segs re_src.segs ++#define re_src_mapsize re_src.mapsize ++ ++#define re_dst_skb re_dst.u.skb ++#define re_dst_io re_dst.u.io ++#define re_dst_map re_dst.map ++#define re_dst_nsegs re_dst.nsegs ++#define re_dst_segs re_dst.segs ++#define re_dst_mapsize re_dst.mapsize ++ ++struct rndstate_test; ++ ++struct safe_session { ++ u_int32_t ses_used; ++ u_int32_t ses_klen; /* key length in bits */ ++ u_int32_t ses_key[8]; /* DES/3DES/AES key */ ++ u_int32_t ses_mlen; /* hmac length in bytes */ ++ u_int32_t ses_hminner[5]; /* hmac inner state */ ++ u_int32_t ses_hmouter[5]; /* hmac outer state */ ++ u_int32_t ses_iv[4]; /* DES/3DES/AES iv */ ++}; ++ ++struct safe_pkq { ++ struct list_head pkq_list; ++ struct cryptkop *pkq_krp; ++}; ++ ++struct safe_softc { ++ softc_device_decl sc_dev; ++ u32 sc_irq; ++ ++ struct pci_dev *sc_pcidev; ++ ocf_iomem_t sc_base_addr; ++ ++ u_int sc_chiprev; /* major/minor chip revision */ ++ int sc_flags; /* device specific flags */ ++#define SAFE_FLAGS_KEY 0x01 /* has key accelerator */ ++#define SAFE_FLAGS_RNG 0x02 /* hardware rng */ ++ int sc_suspended; ++ int sc_needwakeup; /* notify crypto layer */ ++ int32_t sc_cid; /* crypto tag */ ++ ++ struct safe_dma_alloc sc_ringalloc; /* PE ring allocation state */ ++ struct safe_ringentry *sc_ring; /* PE ring */ ++ struct safe_ringentry *sc_ringtop; /* PE ring top */ ++ struct safe_ringentry *sc_front; /* next free entry */ ++ struct safe_ringentry *sc_back; /* next pending entry */ ++ int sc_nqchip; /* # passed to chip */ ++ spinlock_t sc_ringmtx; /* PE ring lock */ ++ struct safe_pdesc *sc_spring; /* src particle ring */ ++ struct safe_pdesc *sc_springtop; /* src particle ring top */ ++ struct safe_pdesc *sc_spfree; /* next free src particle */ ++ struct safe_dma_alloc sc_spalloc; /* src particle ring state */ ++ struct safe_pdesc *sc_dpring; /* dest particle ring */ ++ struct safe_pdesc *sc_dpringtop; /* dest particle ring top */ ++ struct safe_pdesc *sc_dpfree; /* next free dest particle */ ++ struct safe_dma_alloc sc_dpalloc; /* dst particle ring state */ ++ int sc_nsessions; /* # of sessions */ ++ struct safe_session *sc_sessions; /* sessions */ ++ ++ struct timer_list sc_pkto; /* PK polling */ ++ spinlock_t sc_pkmtx; /* PK lock */ ++ struct list_head sc_pkq; /* queue of PK requests */ ++ struct safe_pkq *sc_pkq_cur; /* current processing request */ ++ u_int32_t sc_pk_reslen, sc_pk_resoff; ++ ++ int sc_max_dsize; /* maximum safe DMA size */ ++}; ++#endif /* __KERNEL__ */ ++ ++struct safe_stats { ++ u_int64_t st_ibytes; ++ u_int64_t st_obytes; ++ u_int32_t st_ipackets; ++ u_int32_t st_opackets; ++ u_int32_t st_invalid; /* invalid argument */ ++ u_int32_t st_badsession; /* invalid session id */ ++ u_int32_t st_badflags; /* flags indicate !(mbuf | uio) */ ++ u_int32_t st_nodesc; /* op submitted w/o descriptors */ ++ u_int32_t st_badalg; /* unsupported algorithm */ ++ u_int32_t st_ringfull; /* PE descriptor ring full */ ++ u_int32_t st_peoperr; /* PE marked error */ ++ u_int32_t st_dmaerr; /* PE DMA error */ ++ u_int32_t st_bypasstoobig; /* bypass > 96 bytes */ ++ u_int32_t st_skipmismatch; /* enc part begins before auth part */ ++ u_int32_t st_lenmismatch; /* enc length different auth length */ ++ u_int32_t st_coffmisaligned; /* crypto offset not 32-bit aligned */ ++ u_int32_t st_cofftoobig; /* crypto offset > 255 words */ ++ u_int32_t st_iovmisaligned; /* iov op not aligned */ ++ u_int32_t st_iovnotuniform; /* iov op not suitable */ ++ u_int32_t st_unaligned; /* unaligned src caused copy */ ++ u_int32_t st_notuniform; /* non-uniform src caused copy */ ++ u_int32_t st_nomap; /* bus_dmamap_create failed */ ++ u_int32_t st_noload; /* bus_dmamap_load_* failed */ ++ u_int32_t st_nombuf; /* MGET* failed */ ++ u_int32_t st_nomcl; /* MCLGET* failed */ ++ u_int32_t st_maxqchip; /* max mcr1 ops out for processing */ ++ u_int32_t st_rng; /* RNG requests */ ++ u_int32_t st_rngalarm; /* RNG alarm requests */ ++ u_int32_t st_noicvcopy; /* ICV data copies suppressed */ ++}; ++#endif /* _SAFE_SAFEVAR_H_ */ +--- /dev/null ++++ b/crypto/ocf/crypto.c +@@ -0,0 +1,1741 @@ ++/*- ++ * Linux port done by David McCullough <david_mccullough@securecomputing.com> ++ * Copyright (C) 2006-2007 David McCullough ++ * Copyright (C) 2004-2005 Intel Corporation. ++ * The license and original author are listed below. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * Copyright (c) 2002-2006 Sam Leffler. All rights reserved. ++ * ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#if 0 ++#include <sys/cdefs.h> ++__FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.27 2007/03/21 03:42:51 sam Exp $"); ++#endif ++ ++/* ++ * Cryptographic Subsystem. ++ * ++ * This code is derived from the Openbsd Cryptographic Framework (OCF) ++ * that has the copyright shown below. Very little of the original ++ * code remains. ++ */ ++/*- ++ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) ++ * ++ * This code was written by Angelos D. Keromytis in Athens, Greece, in ++ * February 2000. Network Security Technologies Inc. (NSTI) kindly ++ * supported the development of this code. ++ * ++ * Copyright (c) 2000, 2001 Angelos D. Keromytis ++ * ++ * Permission to use, copy, and modify this software with or without fee ++ * is hereby granted, provided that this entire notice is included in ++ * all source code copies of any software which is or includes a copy or ++ * modification of this software. ++ * ++ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR ++ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY ++ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE ++ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR ++ * PURPOSE. ++ * ++__FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.16 2005/01/07 02:29:16 imp Exp $"); ++ */ ++ ++ ++#ifndef AUTOCONF_INCLUDED ++#include <linux/config.h> ++#endif ++#include <linux/module.h> ++#include <linux/init.h> ++#include <linux/list.h> ++#include <linux/slab.h> ++#include <linux/wait.h> ++#include <linux/sched.h> ++#include <linux/spinlock.h> ++#include <linux/version.h> ++#include <cryptodev.h> ++ ++/* ++ * keep track of whether or not we have been initialised, a big ++ * issue if we are linked into the kernel and a driver gets started before ++ * us ++ */ ++static int crypto_initted = 0; ++ ++/* ++ * Crypto drivers register themselves by allocating a slot in the ++ * crypto_drivers table with crypto_get_driverid() and then registering ++ * each algorithm they support with crypto_register() and crypto_kregister(). ++ */ ++ ++/* ++ * lock on driver table ++ * we track its state as spin_is_locked does not do anything on non-SMP boxes ++ */ ++static spinlock_t crypto_drivers_lock; ++static int crypto_drivers_locked; /* for non-SMP boxes */ ++ ++#define CRYPTO_DRIVER_LOCK() \ ++ ({ \ ++ spin_lock_irqsave(&crypto_drivers_lock, d_flags); \ ++ crypto_drivers_locked = 1; \ ++ dprintk("%s,%d: DRIVER_LOCK()\n", __FILE__, __LINE__); \ ++ }) ++#define CRYPTO_DRIVER_UNLOCK() \ ++ ({ \ ++ dprintk("%s,%d: DRIVER_UNLOCK()\n", __FILE__, __LINE__); \ ++ crypto_drivers_locked = 0; \ ++ spin_unlock_irqrestore(&crypto_drivers_lock, d_flags); \ ++ }) ++#define CRYPTO_DRIVER_ASSERT() \ ++ ({ \ ++ if (!crypto_drivers_locked) { \ ++ dprintk("%s,%d: DRIVER_ASSERT!\n", __FILE__, __LINE__); \ ++ } \ ++ }) ++ ++/* ++ * Crypto device/driver capabilities structure. ++ * ++ * Synchronization: ++ * (d) - protected by CRYPTO_DRIVER_LOCK() ++ * (q) - protected by CRYPTO_Q_LOCK() ++ * Not tagged fields are read-only. ++ */ ++struct cryptocap { ++ device_t cc_dev; /* (d) device/driver */ ++ u_int32_t cc_sessions; /* (d) # of sessions */ ++ u_int32_t cc_koperations; /* (d) # os asym operations */ ++ /* ++ * Largest possible operator length (in bits) for each type of ++ * encryption algorithm. XXX not used ++ */ ++ u_int16_t cc_max_op_len[CRYPTO_ALGORITHM_MAX + 1]; ++ u_int8_t cc_alg[CRYPTO_ALGORITHM_MAX + 1]; ++ u_int8_t cc_kalg[CRK_ALGORITHM_MAX + 1]; ++ ++ int cc_flags; /* (d) flags */ ++#define CRYPTOCAP_F_CLEANUP 0x80000000 /* needs resource cleanup */ ++ int cc_qblocked; /* (q) symmetric q blocked */ ++ int cc_kqblocked; /* (q) asymmetric q blocked */ ++}; ++static struct cryptocap *crypto_drivers = NULL; ++static int crypto_drivers_num = 0; ++ ++/* ++ * There are two queues for crypto requests; one for symmetric (e.g. ++ * cipher) operations and one for asymmetric (e.g. MOD)operations. ++ * A single mutex is used to lock access to both queues. We could ++ * have one per-queue but having one simplifies handling of block/unblock ++ * operations. ++ */ ++static int crp_sleep = 0; ++static LIST_HEAD(crp_q); /* request queues */ ++static LIST_HEAD(crp_kq); ++ ++static spinlock_t crypto_q_lock; ++ ++int crypto_all_qblocked = 0; /* protect with Q_LOCK */ ++module_param(crypto_all_qblocked, int, 0444); ++MODULE_PARM_DESC(crypto_all_qblocked, "Are all crypto queues blocked"); ++ ++int crypto_all_kqblocked = 0; /* protect with Q_LOCK */ ++module_param(crypto_all_kqblocked, int, 0444); ++MODULE_PARM_DESC(crypto_all_kqblocked, "Are all asym crypto queues blocked"); ++ ++#define CRYPTO_Q_LOCK() \ ++ ({ \ ++ spin_lock_irqsave(&crypto_q_lock, q_flags); \ ++ dprintk("%s,%d: Q_LOCK()\n", __FILE__, __LINE__); \ ++ }) ++#define CRYPTO_Q_UNLOCK() \ ++ ({ \ ++ dprintk("%s,%d: Q_UNLOCK()\n", __FILE__, __LINE__); \ ++ spin_unlock_irqrestore(&crypto_q_lock, q_flags); \ ++ }) ++ ++/* ++ * There are two queues for processing completed crypto requests; one ++ * for the symmetric and one for the asymmetric ops. We only need one ++ * but have two to avoid type futzing (cryptop vs. cryptkop). A single ++ * mutex is used to lock access to both queues. Note that this lock ++ * must be separate from the lock on request queues to insure driver ++ * callbacks don't generate lock order reversals. ++ */ ++static LIST_HEAD(crp_ret_q); /* callback queues */ ++static LIST_HEAD(crp_ret_kq); ++ ++static spinlock_t crypto_ret_q_lock; ++#define CRYPTO_RETQ_LOCK() \ ++ ({ \ ++ spin_lock_irqsave(&crypto_ret_q_lock, r_flags); \ ++ dprintk("%s,%d: RETQ_LOCK\n", __FILE__, __LINE__); \ ++ }) ++#define CRYPTO_RETQ_UNLOCK() \ ++ ({ \ ++ dprintk("%s,%d: RETQ_UNLOCK\n", __FILE__, __LINE__); \ ++ spin_unlock_irqrestore(&crypto_ret_q_lock, r_flags); \ ++ }) ++#define CRYPTO_RETQ_EMPTY() (list_empty(&crp_ret_q) && list_empty(&crp_ret_kq)) ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20) ++static kmem_cache_t *cryptop_zone; ++static kmem_cache_t *cryptodesc_zone; ++#else ++static struct kmem_cache *cryptop_zone; ++static struct kmem_cache *cryptodesc_zone; ++#endif ++ ++#define debug crypto_debug ++int crypto_debug = 0; ++module_param(crypto_debug, int, 0644); ++MODULE_PARM_DESC(crypto_debug, "Enable debug"); ++EXPORT_SYMBOL(crypto_debug); ++ ++/* ++ * Maximum number of outstanding crypto requests before we start ++ * failing requests. We need this to prevent DOS when too many ++ * requests are arriving for us to keep up. Otherwise we will ++ * run the system out of memory. Since crypto is slow, we are ++ * usually the bottleneck that needs to say, enough is enough. ++ * ++ * We cannot print errors when this condition occurs, we are already too ++ * slow, printing anything will just kill us ++ */ ++ ++static int crypto_q_cnt = 0; ++module_param(crypto_q_cnt, int, 0444); ++MODULE_PARM_DESC(crypto_q_cnt, ++ "Current number of outstanding crypto requests"); ++ ++static int crypto_q_max = 1000; ++module_param(crypto_q_max, int, 0644); ++MODULE_PARM_DESC(crypto_q_max, ++ "Maximum number of outstanding crypto requests"); ++ ++#define bootverbose crypto_verbose ++static int crypto_verbose = 0; ++module_param(crypto_verbose, int, 0644); ++MODULE_PARM_DESC(crypto_verbose, ++ "Enable verbose crypto startup"); ++ ++int crypto_usercrypto = 1; /* userland may do crypto reqs */ ++module_param(crypto_usercrypto, int, 0644); ++MODULE_PARM_DESC(crypto_usercrypto, ++ "Enable/disable user-mode access to crypto support"); ++ ++int crypto_userasymcrypto = 1; /* userland may do asym crypto reqs */ ++module_param(crypto_userasymcrypto, int, 0644); ++MODULE_PARM_DESC(crypto_userasymcrypto, ++ "Enable/disable user-mode access to asymmetric crypto support"); ++ ++int crypto_devallowsoft = 0; /* only use hardware crypto */ ++module_param(crypto_devallowsoft, int, 0644); ++MODULE_PARM_DESC(crypto_devallowsoft, ++ "Enable/disable use of software crypto support"); ++ ++static pid_t cryptoproc = (pid_t) -1; ++static struct completion cryptoproc_exited; ++static DECLARE_WAIT_QUEUE_HEAD(cryptoproc_wait); ++static pid_t cryptoretproc = (pid_t) -1; ++static struct completion cryptoretproc_exited; ++static DECLARE_WAIT_QUEUE_HEAD(cryptoretproc_wait); ++ ++static int crypto_proc(void *arg); ++static int crypto_ret_proc(void *arg); ++static int crypto_invoke(struct cryptocap *cap, struct cryptop *crp, int hint); ++static int crypto_kinvoke(struct cryptkop *krp, int flags); ++static void crypto_exit(void); ++static int crypto_init(void); ++ ++static struct cryptostats cryptostats; ++ ++static struct cryptocap * ++crypto_checkdriver(u_int32_t hid) ++{ ++ if (crypto_drivers == NULL) ++ return NULL; ++ return (hid >= crypto_drivers_num ? NULL : &crypto_drivers[hid]); ++} ++ ++/* ++ * Compare a driver's list of supported algorithms against another ++ * list; return non-zero if all algorithms are supported. ++ */ ++static int ++driver_suitable(const struct cryptocap *cap, const struct cryptoini *cri) ++{ ++ const struct cryptoini *cr; ++ ++ /* See if all the algorithms are supported. */ ++ for (cr = cri; cr; cr = cr->cri_next) ++ if (cap->cc_alg[cr->cri_alg] == 0) ++ return 0; ++ return 1; ++} ++ ++/* ++ * Select a driver for a new session that supports the specified ++ * algorithms and, optionally, is constrained according to the flags. ++ * The algorithm we use here is pretty stupid; just use the ++ * first driver that supports all the algorithms we need. If there ++ * are multiple drivers we choose the driver with the fewest active ++ * sessions. We prefer hardware-backed drivers to software ones. ++ * ++ * XXX We need more smarts here (in real life too, but that's ++ * XXX another story altogether). ++ */ ++static struct cryptocap * ++crypto_select_driver(const struct cryptoini *cri, int flags) ++{ ++ struct cryptocap *cap, *best; ++ int match, hid; ++ ++ CRYPTO_DRIVER_ASSERT(); ++ ++ /* ++ * Look first for hardware crypto devices if permitted. ++ */ ++ if (flags & CRYPTOCAP_F_HARDWARE) ++ match = CRYPTOCAP_F_HARDWARE; ++ else ++ match = CRYPTOCAP_F_SOFTWARE; ++ best = NULL; ++again: ++ for (hid = 0; hid < crypto_drivers_num; hid++) { ++ cap = &crypto_drivers[hid]; ++ /* ++ * If it's not initialized, is in the process of ++ * going away, or is not appropriate (hardware ++ * or software based on match), then skip. ++ */ ++ if (cap->cc_dev == NULL || ++ (cap->cc_flags & CRYPTOCAP_F_CLEANUP) || ++ (cap->cc_flags & match) == 0) ++ continue; ++ ++ /* verify all the algorithms are supported. */ ++ if (driver_suitable(cap, cri)) { ++ if (best == NULL || ++ cap->cc_sessions < best->cc_sessions) ++ best = cap; ++ } ++ } ++ if (best != NULL) ++ return best; ++ if (match == CRYPTOCAP_F_HARDWARE && (flags & CRYPTOCAP_F_SOFTWARE)) { ++ /* sort of an Algol 68-style for loop */ ++ match = CRYPTOCAP_F_SOFTWARE; ++ goto again; ++ } ++ return best; ++} ++ ++/* ++ * Create a new session. The crid argument specifies a crypto ++ * driver to use or constraints on a driver to select (hardware ++ * only, software only, either). Whatever driver is selected ++ * must be capable of the requested crypto algorithms. ++ */ ++int ++crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int crid) ++{ ++ struct cryptocap *cap; ++ u_int32_t hid, lid; ++ int err; ++ unsigned long d_flags; ++ ++ CRYPTO_DRIVER_LOCK(); ++ if ((crid & (CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE)) == 0) { ++ /* ++ * Use specified driver; verify it is capable. ++ */ ++ cap = crypto_checkdriver(crid); ++ if (cap != NULL && !driver_suitable(cap, cri)) ++ cap = NULL; ++ } else { ++ /* ++ * No requested driver; select based on crid flags. ++ */ ++ cap = crypto_select_driver(cri, crid); ++ /* ++ * if NULL then can't do everything in one session. ++ * XXX Fix this. We need to inject a "virtual" session ++ * XXX layer right about here. ++ */ ++ } ++ if (cap != NULL) { ++ /* Call the driver initialization routine. */ ++ hid = cap - crypto_drivers; ++ lid = hid; /* Pass the driver ID. */ ++ cap->cc_sessions++; ++ CRYPTO_DRIVER_UNLOCK(); ++ err = CRYPTODEV_NEWSESSION(cap->cc_dev, &lid, cri); ++ CRYPTO_DRIVER_LOCK(); ++ if (err == 0) { ++ (*sid) = (cap->cc_flags & 0xff000000) ++ | (hid & 0x00ffffff); ++ (*sid) <<= 32; ++ (*sid) |= (lid & 0xffffffff); ++ } else ++ cap->cc_sessions--; ++ } else ++ err = EINVAL; ++ CRYPTO_DRIVER_UNLOCK(); ++ return err; ++} ++ ++static void ++crypto_remove(struct cryptocap *cap) ++{ ++ CRYPTO_DRIVER_ASSERT(); ++ if (cap->cc_sessions == 0 && cap->cc_koperations == 0) ++ bzero(cap, sizeof(*cap)); ++} ++ ++/* ++ * Delete an existing session (or a reserved session on an unregistered ++ * driver). ++ */ ++int ++crypto_freesession(u_int64_t sid) ++{ ++ struct cryptocap *cap; ++ u_int32_t hid; ++ int err = 0; ++ unsigned long d_flags; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ CRYPTO_DRIVER_LOCK(); ++ ++ if (crypto_drivers == NULL) { ++ err = EINVAL; ++ goto done; ++ } ++ ++ /* Determine two IDs. */ ++ hid = CRYPTO_SESID2HID(sid); ++ ++ if (hid >= crypto_drivers_num) { ++ dprintk("%s - INVALID DRIVER NUM %d\n", __FUNCTION__, hid); ++ err = ENOENT; ++ goto done; ++ } ++ cap = &crypto_drivers[hid]; ++ ++ if (cap->cc_dev) { ++ CRYPTO_DRIVER_UNLOCK(); ++ /* Call the driver cleanup routine, if available, unlocked. */ ++ err = CRYPTODEV_FREESESSION(cap->cc_dev, sid); ++ CRYPTO_DRIVER_LOCK(); ++ } ++ ++ if (cap->cc_sessions) ++ cap->cc_sessions--; ++ ++ if (cap->cc_flags & CRYPTOCAP_F_CLEANUP) ++ crypto_remove(cap); ++ ++done: ++ CRYPTO_DRIVER_UNLOCK(); ++ return err; ++} ++ ++/* ++ * Return an unused driver id. Used by drivers prior to registering ++ * support for the algorithms they handle. ++ */ ++int32_t ++crypto_get_driverid(device_t dev, int flags) ++{ ++ struct cryptocap *newdrv; ++ int i; ++ unsigned long d_flags; ++ ++ if ((flags & (CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE)) == 0) { ++ printf("%s: no flags specified when registering driver\n", ++ device_get_nameunit(dev)); ++ return -1; ++ } ++ ++ CRYPTO_DRIVER_LOCK(); ++ ++ for (i = 0; i < crypto_drivers_num; i++) { ++ if (crypto_drivers[i].cc_dev == NULL && ++ (crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP) == 0) { ++ break; ++ } ++ } ++ ++ /* Out of entries, allocate some more. */ ++ if (i == crypto_drivers_num) { ++ /* Be careful about wrap-around. */ ++ if (2 * crypto_drivers_num <= crypto_drivers_num) { ++ CRYPTO_DRIVER_UNLOCK(); ++ printk("crypto: driver count wraparound!\n"); ++ return -1; ++ } ++ ++ newdrv = kmalloc(2 * crypto_drivers_num * sizeof(struct cryptocap), ++ GFP_KERNEL); ++ if (newdrv == NULL) { ++ CRYPTO_DRIVER_UNLOCK(); ++ printk("crypto: no space to expand driver table!\n"); ++ return -1; ++ } ++ ++ memcpy(newdrv, crypto_drivers, ++ crypto_drivers_num * sizeof(struct cryptocap)); ++ memset(&newdrv[crypto_drivers_num], 0, ++ crypto_drivers_num * sizeof(struct cryptocap)); ++ ++ crypto_drivers_num *= 2; ++ ++ kfree(crypto_drivers); ++ crypto_drivers = newdrv; ++ } ++ ++ /* NB: state is zero'd on free */ ++ crypto_drivers[i].cc_sessions = 1; /* Mark */ ++ crypto_drivers[i].cc_dev = dev; ++ crypto_drivers[i].cc_flags = flags; ++ if (bootverbose) ++ printf("crypto: assign %s driver id %u, flags %u\n", ++ device_get_nameunit(dev), i, flags); ++ ++ CRYPTO_DRIVER_UNLOCK(); ++ ++ return i; ++} ++ ++/* ++ * Lookup a driver by name. We match against the full device ++ * name and unit, and against just the name. The latter gives ++ * us a simple widlcarding by device name. On success return the ++ * driver/hardware identifier; otherwise return -1. ++ */ ++int ++crypto_find_driver(const char *match) ++{ ++ int i, len = strlen(match); ++ unsigned long d_flags; ++ ++ CRYPTO_DRIVER_LOCK(); ++ for (i = 0; i < crypto_drivers_num; i++) { ++ device_t dev = crypto_drivers[i].cc_dev; ++ if (dev == NULL || ++ (crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP)) ++ continue; ++ if (strncmp(match, device_get_nameunit(dev), len) == 0 || ++ strncmp(match, device_get_name(dev), len) == 0) ++ break; ++ } ++ CRYPTO_DRIVER_UNLOCK(); ++ return i < crypto_drivers_num ? i : -1; ++} ++ ++/* ++ * Return the device_t for the specified driver or NULL ++ * if the driver identifier is invalid. ++ */ ++device_t ++crypto_find_device_byhid(int hid) ++{ ++ struct cryptocap *cap = crypto_checkdriver(hid); ++ return cap != NULL ? cap->cc_dev : NULL; ++} ++ ++/* ++ * Return the device/driver capabilities. ++ */ ++int ++crypto_getcaps(int hid) ++{ ++ struct cryptocap *cap = crypto_checkdriver(hid); ++ return cap != NULL ? cap->cc_flags : 0; ++} ++ ++/* ++ * Register support for a key-related algorithm. This routine ++ * is called once for each algorithm supported a driver. ++ */ ++int ++crypto_kregister(u_int32_t driverid, int kalg, u_int32_t flags) ++{ ++ struct cryptocap *cap; ++ int err; ++ unsigned long d_flags; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ CRYPTO_DRIVER_LOCK(); ++ ++ cap = crypto_checkdriver(driverid); ++ if (cap != NULL && ++ (CRK_ALGORITM_MIN <= kalg && kalg <= CRK_ALGORITHM_MAX)) { ++ /* ++ * XXX Do some performance testing to determine placing. ++ * XXX We probably need an auxiliary data structure that ++ * XXX describes relative performances. ++ */ ++ ++ cap->cc_kalg[kalg] = flags | CRYPTO_ALG_FLAG_SUPPORTED; ++ if (bootverbose) ++ printf("crypto: %s registers key alg %u flags %u\n" ++ , device_get_nameunit(cap->cc_dev) ++ , kalg ++ , flags ++ ); ++ err = 0; ++ } else ++ err = EINVAL; ++ ++ CRYPTO_DRIVER_UNLOCK(); ++ return err; ++} ++ ++/* ++ * Register support for a non-key-related algorithm. This routine ++ * is called once for each such algorithm supported by a driver. ++ */ ++int ++crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen, ++ u_int32_t flags) ++{ ++ struct cryptocap *cap; ++ int err; ++ unsigned long d_flags; ++ ++ dprintk("%s(id=0x%x, alg=%d, maxoplen=%d, flags=0x%x)\n", __FUNCTION__, ++ driverid, alg, maxoplen, flags); ++ ++ CRYPTO_DRIVER_LOCK(); ++ ++ cap = crypto_checkdriver(driverid); ++ /* NB: algorithms are in the range [1..max] */ ++ if (cap != NULL && ++ (CRYPTO_ALGORITHM_MIN <= alg && alg <= CRYPTO_ALGORITHM_MAX)) { ++ /* ++ * XXX Do some performance testing to determine placing. ++ * XXX We probably need an auxiliary data structure that ++ * XXX describes relative performances. ++ */ ++ ++ cap->cc_alg[alg] = flags | CRYPTO_ALG_FLAG_SUPPORTED; ++ cap->cc_max_op_len[alg] = maxoplen; ++ if (bootverbose) ++ printf("crypto: %s registers alg %u flags %u maxoplen %u\n" ++ , device_get_nameunit(cap->cc_dev) ++ , alg ++ , flags ++ , maxoplen ++ ); ++ cap->cc_sessions = 0; /* Unmark */ ++ err = 0; ++ } else ++ err = EINVAL; ++ ++ CRYPTO_DRIVER_UNLOCK(); ++ return err; ++} ++ ++static void ++driver_finis(struct cryptocap *cap) ++{ ++ u_int32_t ses, kops; ++ ++ CRYPTO_DRIVER_ASSERT(); ++ ++ ses = cap->cc_sessions; ++ kops = cap->cc_koperations; ++ bzero(cap, sizeof(*cap)); ++ if (ses != 0 || kops != 0) { ++ /* ++ * If there are pending sessions, ++ * just mark as invalid. ++ */ ++ cap->cc_flags |= CRYPTOCAP_F_CLEANUP; ++ cap->cc_sessions = ses; ++ cap->cc_koperations = kops; ++ } ++} ++ ++/* ++ * Unregister a crypto driver. If there are pending sessions using it, ++ * leave enough information around so that subsequent calls using those ++ * sessions will correctly detect the driver has been unregistered and ++ * reroute requests. ++ */ ++int ++crypto_unregister(u_int32_t driverid, int alg) ++{ ++ struct cryptocap *cap; ++ int i, err; ++ unsigned long d_flags; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ CRYPTO_DRIVER_LOCK(); ++ ++ cap = crypto_checkdriver(driverid); ++ if (cap != NULL && ++ (CRYPTO_ALGORITHM_MIN <= alg && alg <= CRYPTO_ALGORITHM_MAX) && ++ cap->cc_alg[alg] != 0) { ++ cap->cc_alg[alg] = 0; ++ cap->cc_max_op_len[alg] = 0; ++ ++ /* Was this the last algorithm ? */ ++ for (i = 1; i <= CRYPTO_ALGORITHM_MAX; i++) ++ if (cap->cc_alg[i] != 0) ++ break; ++ ++ if (i == CRYPTO_ALGORITHM_MAX + 1) ++ driver_finis(cap); ++ err = 0; ++ } else ++ err = EINVAL; ++ CRYPTO_DRIVER_UNLOCK(); ++ return err; ++} ++ ++/* ++ * Unregister all algorithms associated with a crypto driver. ++ * If there are pending sessions using it, leave enough information ++ * around so that subsequent calls using those sessions will ++ * correctly detect the driver has been unregistered and reroute ++ * requests. ++ */ ++int ++crypto_unregister_all(u_int32_t driverid) ++{ ++ struct cryptocap *cap; ++ int err; ++ unsigned long d_flags; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ CRYPTO_DRIVER_LOCK(); ++ cap = crypto_checkdriver(driverid); ++ if (cap != NULL) { ++ driver_finis(cap); ++ err = 0; ++ } else ++ err = EINVAL; ++ CRYPTO_DRIVER_UNLOCK(); ++ ++ return err; ++} ++ ++/* ++ * Clear blockage on a driver. The what parameter indicates whether ++ * the driver is now ready for cryptop's and/or cryptokop's. ++ */ ++int ++crypto_unblock(u_int32_t driverid, int what) ++{ ++ struct cryptocap *cap; ++ int err; ++ unsigned long q_flags; ++ ++ CRYPTO_Q_LOCK(); ++ cap = crypto_checkdriver(driverid); ++ if (cap != NULL) { ++ if (what & CRYPTO_SYMQ) { ++ cap->cc_qblocked = 0; ++ crypto_all_qblocked = 0; ++ } ++ if (what & CRYPTO_ASYMQ) { ++ cap->cc_kqblocked = 0; ++ crypto_all_kqblocked = 0; ++ } ++ if (crp_sleep) ++ wake_up_interruptible(&cryptoproc_wait); ++ err = 0; ++ } else ++ err = EINVAL; ++ CRYPTO_Q_UNLOCK(); //DAVIDM should this be a driver lock ++ ++ return err; ++} ++ ++/* ++ * Add a crypto request to a queue, to be processed by the kernel thread. ++ */ ++int ++crypto_dispatch(struct cryptop *crp) ++{ ++ struct cryptocap *cap; ++ int result = -1; ++ unsigned long q_flags; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ ++ cryptostats.cs_ops++; ++ ++ CRYPTO_Q_LOCK(); ++ if (crypto_q_cnt >= crypto_q_max) { ++ CRYPTO_Q_UNLOCK(); ++ cryptostats.cs_drops++; ++ return ENOMEM; ++ } ++ crypto_q_cnt++; ++ ++ /* ++ * Caller marked the request to be processed immediately; dispatch ++ * it directly to the driver unless the driver is currently blocked. ++ */ ++ if ((crp->crp_flags & CRYPTO_F_BATCH) == 0) { ++ int hid = CRYPTO_SESID2HID(crp->crp_sid); ++ cap = crypto_checkdriver(hid); ++ /* Driver cannot disappear when there is an active session. */ ++ KASSERT(cap != NULL, ("%s: Driver disappeared.", __func__)); ++ if (!cap->cc_qblocked) { ++ crypto_all_qblocked = 0; ++ crypto_drivers[hid].cc_qblocked = 1; ++ CRYPTO_Q_UNLOCK(); ++ result = crypto_invoke(cap, crp, 0); ++ CRYPTO_Q_LOCK(); ++ if (result != ERESTART) ++ crypto_drivers[hid].cc_qblocked = 0; ++ } ++ } ++ if (result == ERESTART) { ++ /* ++ * The driver ran out of resources, mark the ++ * driver ``blocked'' for cryptop's and put ++ * the request back in the queue. It would ++ * best to put the request back where we got ++ * it but that's hard so for now we put it ++ * at the front. This should be ok; putting ++ * it at the end does not work. ++ */ ++ list_add(&crp->crp_next, &crp_q); ++ cryptostats.cs_blocks++; ++ } else if (result == -1) { ++ TAILQ_INSERT_TAIL(&crp_q, crp, crp_next); ++ } ++ if (crp_sleep) ++ wake_up_interruptible(&cryptoproc_wait); ++ CRYPTO_Q_UNLOCK(); ++ return 0; ++} ++ ++/* ++ * Add an asymetric crypto request to a queue, ++ * to be processed by the kernel thread. ++ */ ++int ++crypto_kdispatch(struct cryptkop *krp) ++{ ++ int error; ++ unsigned long q_flags; ++ ++ cryptostats.cs_kops++; ++ ++ error = crypto_kinvoke(krp, krp->krp_crid); ++ if (error == ERESTART) { ++ CRYPTO_Q_LOCK(); ++ TAILQ_INSERT_TAIL(&crp_kq, krp, krp_next); ++ if (crp_sleep) ++ wake_up_interruptible(&cryptoproc_wait); ++ CRYPTO_Q_UNLOCK(); ++ error = 0; ++ } ++ return error; ++} ++ ++/* ++ * Verify a driver is suitable for the specified operation. ++ */ ++static __inline int ++kdriver_suitable(const struct cryptocap *cap, const struct cryptkop *krp) ++{ ++ return (cap->cc_kalg[krp->krp_op] & CRYPTO_ALG_FLAG_SUPPORTED) != 0; ++} ++ ++/* ++ * Select a driver for an asym operation. The driver must ++ * support the necessary algorithm. The caller can constrain ++ * which device is selected with the flags parameter. The ++ * algorithm we use here is pretty stupid; just use the first ++ * driver that supports the algorithms we need. If there are ++ * multiple suitable drivers we choose the driver with the ++ * fewest active operations. We prefer hardware-backed ++ * drivers to software ones when either may be used. ++ */ ++static struct cryptocap * ++crypto_select_kdriver(const struct cryptkop *krp, int flags) ++{ ++ struct cryptocap *cap, *best, *blocked; ++ int match, hid; ++ ++ CRYPTO_DRIVER_ASSERT(); ++ ++ /* ++ * Look first for hardware crypto devices if permitted. ++ */ ++ if (flags & CRYPTOCAP_F_HARDWARE) ++ match = CRYPTOCAP_F_HARDWARE; ++ else ++ match = CRYPTOCAP_F_SOFTWARE; ++ best = NULL; ++ blocked = NULL; ++again: ++ for (hid = 0; hid < crypto_drivers_num; hid++) { ++ cap = &crypto_drivers[hid]; ++ /* ++ * If it's not initialized, is in the process of ++ * going away, or is not appropriate (hardware ++ * or software based on match), then skip. ++ */ ++ if (cap->cc_dev == NULL || ++ (cap->cc_flags & CRYPTOCAP_F_CLEANUP) || ++ (cap->cc_flags & match) == 0) ++ continue; ++ ++ /* verify all the algorithms are supported. */ ++ if (kdriver_suitable(cap, krp)) { ++ if (best == NULL || ++ cap->cc_koperations < best->cc_koperations) ++ best = cap; ++ } ++ } ++ if (best != NULL) ++ return best; ++ if (match == CRYPTOCAP_F_HARDWARE && (flags & CRYPTOCAP_F_SOFTWARE)) { ++ /* sort of an Algol 68-style for loop */ ++ match = CRYPTOCAP_F_SOFTWARE; ++ goto again; ++ } ++ return best; ++} ++ ++/* ++ * Dispatch an assymetric crypto request. ++ */ ++static int ++crypto_kinvoke(struct cryptkop *krp, int crid) ++{ ++ struct cryptocap *cap = NULL; ++ int error; ++ unsigned long d_flags; ++ ++ KASSERT(krp != NULL, ("%s: krp == NULL", __func__)); ++ KASSERT(krp->krp_callback != NULL, ++ ("%s: krp->crp_callback == NULL", __func__)); ++ ++ CRYPTO_DRIVER_LOCK(); ++ if ((crid & (CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE)) == 0) { ++ cap = crypto_checkdriver(crid); ++ if (cap != NULL) { ++ /* ++ * Driver present, it must support the necessary ++ * algorithm and, if s/w drivers are excluded, ++ * it must be registered as hardware-backed. ++ */ ++ if (!kdriver_suitable(cap, krp) || ++ (!crypto_devallowsoft && ++ (cap->cc_flags & CRYPTOCAP_F_HARDWARE) == 0)) ++ cap = NULL; ++ } ++ } else { ++ /* ++ * No requested driver; select based on crid flags. ++ */ ++ if (!crypto_devallowsoft) /* NB: disallow s/w drivers */ ++ crid &= ~CRYPTOCAP_F_SOFTWARE; ++ cap = crypto_select_kdriver(krp, crid); ++ } ++ if (cap != NULL && !cap->cc_kqblocked) { ++ krp->krp_hid = cap - crypto_drivers; ++ cap->cc_koperations++; ++ CRYPTO_DRIVER_UNLOCK(); ++ error = CRYPTODEV_KPROCESS(cap->cc_dev, krp, 0); ++ CRYPTO_DRIVER_LOCK(); ++ if (error == ERESTART) { ++ cap->cc_koperations--; ++ CRYPTO_DRIVER_UNLOCK(); ++ return (error); ++ } ++ /* return the actual device used */ ++ krp->krp_crid = krp->krp_hid; ++ } else { ++ /* ++ * NB: cap is !NULL if device is blocked; in ++ * that case return ERESTART so the operation ++ * is resubmitted if possible. ++ */ ++ error = (cap == NULL) ? ENODEV : ERESTART; ++ } ++ CRYPTO_DRIVER_UNLOCK(); ++ ++ if (error) { ++ krp->krp_status = error; ++ crypto_kdone(krp); ++ } ++ return 0; ++} ++ ++ ++/* ++ * Dispatch a crypto request to the appropriate crypto devices. ++ */ ++static int ++crypto_invoke(struct cryptocap *cap, struct cryptop *crp, int hint) ++{ ++ KASSERT(crp != NULL, ("%s: crp == NULL", __func__)); ++ KASSERT(crp->crp_callback != NULL, ++ ("%s: crp->crp_callback == NULL", __func__)); ++ KASSERT(crp->crp_desc != NULL, ("%s: crp->crp_desc == NULL", __func__)); ++ ++ dprintk("%s()\n", __FUNCTION__); ++ ++#ifdef CRYPTO_TIMING ++ if (crypto_timing) ++ crypto_tstat(&cryptostats.cs_invoke, &crp->crp_tstamp); ++#endif ++ if (cap->cc_flags & CRYPTOCAP_F_CLEANUP) { ++ struct cryptodesc *crd; ++ u_int64_t nid; ++ ++ /* ++ * Driver has unregistered; migrate the session and return ++ * an error to the caller so they'll resubmit the op. ++ * ++ * XXX: What if there are more already queued requests for this ++ * session? ++ */ ++ crypto_freesession(crp->crp_sid); ++ ++ for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next) ++ crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI); ++ ++ /* XXX propagate flags from initial session? */ ++ if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI), ++ CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE) == 0) ++ crp->crp_sid = nid; ++ ++ crp->crp_etype = EAGAIN; ++ crypto_done(crp); ++ return 0; ++ } else { ++ /* ++ * Invoke the driver to process the request. ++ */ ++ return CRYPTODEV_PROCESS(cap->cc_dev, crp, hint); ++ } ++} ++ ++/* ++ * Release a set of crypto descriptors. ++ */ ++void ++crypto_freereq(struct cryptop *crp) ++{ ++ struct cryptodesc *crd; ++ ++ if (crp == NULL) ++ return; ++ ++#ifdef DIAGNOSTIC ++ { ++ struct cryptop *crp2; ++ unsigned long q_flags; ++ ++ CRYPTO_Q_LOCK(); ++ TAILQ_FOREACH(crp2, &crp_q, crp_next) { ++ KASSERT(crp2 != crp, ++ ("Freeing cryptop from the crypto queue (%p).", ++ crp)); ++ } ++ CRYPTO_Q_UNLOCK(); ++ CRYPTO_RETQ_LOCK(); ++ TAILQ_FOREACH(crp2, &crp_ret_q, crp_next) { ++ KASSERT(crp2 != crp, ++ ("Freeing cryptop from the return queue (%p).", ++ crp)); ++ } ++ CRYPTO_RETQ_UNLOCK(); ++ } ++#endif ++ ++ while ((crd = crp->crp_desc) != NULL) { ++ crp->crp_desc = crd->crd_next; ++ kmem_cache_free(cryptodesc_zone, crd); ++ } ++ kmem_cache_free(cryptop_zone, crp); ++} ++ ++/* ++ * Acquire a set of crypto descriptors. ++ */ ++struct cryptop * ++crypto_getreq(int num) ++{ ++ struct cryptodesc *crd; ++ struct cryptop *crp; ++ ++ crp = kmem_cache_alloc(cryptop_zone, SLAB_ATOMIC); ++ if (crp != NULL) { ++ memset(crp, 0, sizeof(*crp)); ++ INIT_LIST_HEAD(&crp->crp_next); ++ init_waitqueue_head(&crp->crp_waitq); ++ while (num--) { ++ crd = kmem_cache_alloc(cryptodesc_zone, SLAB_ATOMIC); ++ if (crd == NULL) { ++ crypto_freereq(crp); ++ return NULL; ++ } ++ memset(crd, 0, sizeof(*crd)); ++ crd->crd_next = crp->crp_desc; ++ crp->crp_desc = crd; ++ } ++ } ++ return crp; ++} ++ ++/* ++ * Invoke the callback on behalf of the driver. ++ */ ++void ++crypto_done(struct cryptop *crp) ++{ ++ unsigned long q_flags; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ if ((crp->crp_flags & CRYPTO_F_DONE) == 0) { ++ crp->crp_flags |= CRYPTO_F_DONE; ++ CRYPTO_Q_LOCK(); ++ crypto_q_cnt--; ++ CRYPTO_Q_UNLOCK(); ++ } else ++ printk("crypto: crypto_done op already done, flags 0x%x", ++ crp->crp_flags); ++ if (crp->crp_etype != 0) ++ cryptostats.cs_errs++; ++ /* ++ * CBIMM means unconditionally do the callback immediately; ++ * CBIFSYNC means do the callback immediately only if the ++ * operation was done synchronously. Both are used to avoid ++ * doing extraneous context switches; the latter is mostly ++ * used with the software crypto driver. ++ */ ++ if ((crp->crp_flags & CRYPTO_F_CBIMM) || ++ ((crp->crp_flags & CRYPTO_F_CBIFSYNC) && ++ (CRYPTO_SESID2CAPS(crp->crp_sid) & CRYPTOCAP_F_SYNC))) { ++ /* ++ * Do the callback directly. This is ok when the ++ * callback routine does very little (e.g. the ++ * /dev/crypto callback method just does a wakeup). ++ */ ++ crp->crp_callback(crp); ++ } else { ++ unsigned long r_flags; ++ /* ++ * Normal case; queue the callback for the thread. ++ */ ++ CRYPTO_RETQ_LOCK(); ++ if (CRYPTO_RETQ_EMPTY()) ++ wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */ ++ TAILQ_INSERT_TAIL(&crp_ret_q, crp, crp_next); ++ CRYPTO_RETQ_UNLOCK(); ++ } ++} ++ ++/* ++ * Invoke the callback on behalf of the driver. ++ */ ++void ++crypto_kdone(struct cryptkop *krp) ++{ ++ struct cryptocap *cap; ++ unsigned long d_flags; ++ ++ if ((krp->krp_flags & CRYPTO_KF_DONE) != 0) ++ printk("crypto: crypto_kdone op already done, flags 0x%x", ++ krp->krp_flags); ++ krp->krp_flags |= CRYPTO_KF_DONE; ++ if (krp->krp_status != 0) ++ cryptostats.cs_kerrs++; ++ ++ CRYPTO_DRIVER_LOCK(); ++ /* XXX: What if driver is loaded in the meantime? */ ++ if (krp->krp_hid < crypto_drivers_num) { ++ cap = &crypto_drivers[krp->krp_hid]; ++ cap->cc_koperations--; ++ KASSERT(cap->cc_koperations >= 0, ("cc_koperations < 0")); ++ if (cap->cc_flags & CRYPTOCAP_F_CLEANUP) ++ crypto_remove(cap); ++ } ++ CRYPTO_DRIVER_UNLOCK(); ++ ++ /* ++ * CBIMM means unconditionally do the callback immediately; ++ * This is used to avoid doing extraneous context switches ++ */ ++ if ((krp->krp_flags & CRYPTO_KF_CBIMM)) { ++ /* ++ * Do the callback directly. This is ok when the ++ * callback routine does very little (e.g. the ++ * /dev/crypto callback method just does a wakeup). ++ */ ++ krp->krp_callback(krp); ++ } else { ++ unsigned long r_flags; ++ /* ++ * Normal case; queue the callback for the thread. ++ */ ++ CRYPTO_RETQ_LOCK(); ++ if (CRYPTO_RETQ_EMPTY()) ++ wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */ ++ TAILQ_INSERT_TAIL(&crp_ret_kq, krp, krp_next); ++ CRYPTO_RETQ_UNLOCK(); ++ } ++} ++ ++int ++crypto_getfeat(int *featp) ++{ ++ int hid, kalg, feat = 0; ++ unsigned long d_flags; ++ ++ CRYPTO_DRIVER_LOCK(); ++ for (hid = 0; hid < crypto_drivers_num; hid++) { ++ const struct cryptocap *cap = &crypto_drivers[hid]; ++ ++ if ((cap->cc_flags & CRYPTOCAP_F_SOFTWARE) && ++ !crypto_devallowsoft) { ++ continue; ++ } ++ for (kalg = 0; kalg < CRK_ALGORITHM_MAX; kalg++) ++ if (cap->cc_kalg[kalg] & CRYPTO_ALG_FLAG_SUPPORTED) ++ feat |= 1 << kalg; ++ } ++ CRYPTO_DRIVER_UNLOCK(); ++ *featp = feat; ++ return (0); ++} ++ ++/* ++ * Crypto thread, dispatches crypto requests. ++ */ ++static int ++crypto_proc(void *arg) ++{ ++ struct cryptop *crp, *submit; ++ struct cryptkop *krp, *krpp; ++ struct cryptocap *cap; ++ u_int32_t hid; ++ int result, hint; ++ unsigned long q_flags; ++ ++ ocf_daemonize("crypto"); ++ ++ CRYPTO_Q_LOCK(); ++ for (;;) { ++ /* ++ * we need to make sure we don't get into a busy loop with nothing ++ * to do, the two crypto_all_*blocked vars help us find out when ++ * we are all full and can do nothing on any driver or Q. If so we ++ * wait for an unblock. ++ */ ++ crypto_all_qblocked = !list_empty(&crp_q); ++ ++ /* ++ * Find the first element in the queue that can be ++ * processed and look-ahead to see if multiple ops ++ * are ready for the same driver. ++ */ ++ submit = NULL; ++ hint = 0; ++ list_for_each_entry(crp, &crp_q, crp_next) { ++ hid = CRYPTO_SESID2HID(crp->crp_sid); ++ cap = crypto_checkdriver(hid); ++ /* ++ * Driver cannot disappear when there is an active ++ * session. ++ */ ++ KASSERT(cap != NULL, ("%s:%u Driver disappeared.", ++ __func__, __LINE__)); ++ if (cap == NULL || cap->cc_dev == NULL) { ++ /* Op needs to be migrated, process it. */ ++ if (submit == NULL) ++ submit = crp; ++ break; ++ } ++ if (!cap->cc_qblocked) { ++ if (submit != NULL) { ++ /* ++ * We stop on finding another op, ++ * regardless whether its for the same ++ * driver or not. We could keep ++ * searching the queue but it might be ++ * better to just use a per-driver ++ * queue instead. ++ */ ++ if (CRYPTO_SESID2HID(submit->crp_sid) == hid) ++ hint = CRYPTO_HINT_MORE; ++ break; ++ } else { ++ submit = crp; ++ if ((submit->crp_flags & CRYPTO_F_BATCH) == 0) ++ break; ++ /* keep scanning for more are q'd */ ++ } ++ } ++ } ++ if (submit != NULL) { ++ hid = CRYPTO_SESID2HID(submit->crp_sid); ++ crypto_all_qblocked = 0; ++ list_del(&submit->crp_next); ++ crypto_drivers[hid].cc_qblocked = 1; ++ cap = crypto_checkdriver(hid); ++ CRYPTO_Q_UNLOCK(); ++ KASSERT(cap != NULL, ("%s:%u Driver disappeared.", ++ __func__, __LINE__)); ++ result = crypto_invoke(cap, submit, hint); ++ CRYPTO_Q_LOCK(); ++ if (result == ERESTART) { ++ /* ++ * The driver ran out of resources, mark the ++ * driver ``blocked'' for cryptop's and put ++ * the request back in the queue. It would ++ * best to put the request back where we got ++ * it but that's hard so for now we put it ++ * at the front. This should be ok; putting ++ * it at the end does not work. ++ */ ++ /* XXX validate sid again? */ ++ list_add(&submit->crp_next, &crp_q); ++ cryptostats.cs_blocks++; ++ } else ++ crypto_drivers[hid].cc_qblocked=0; ++ } ++ ++ crypto_all_kqblocked = !list_empty(&crp_kq); ++ ++ /* As above, but for key ops */ ++ krp = NULL; ++ list_for_each_entry(krpp, &crp_kq, krp_next) { ++ cap = crypto_checkdriver(krpp->krp_hid); ++ if (cap == NULL || cap->cc_dev == NULL) { ++ /* ++ * Operation needs to be migrated, invalidate ++ * the assigned device so it will reselect a ++ * new one below. Propagate the original ++ * crid selection flags if supplied. ++ */ ++ krp->krp_hid = krp->krp_crid & ++ (CRYPTOCAP_F_SOFTWARE|CRYPTOCAP_F_HARDWARE); ++ if (krp->krp_hid == 0) ++ krp->krp_hid = ++ CRYPTOCAP_F_SOFTWARE|CRYPTOCAP_F_HARDWARE; ++ break; ++ } ++ if (!cap->cc_kqblocked) { ++ krp = krpp; ++ break; ++ } ++ } ++ if (krp != NULL) { ++ crypto_all_kqblocked = 0; ++ list_del(&krp->krp_next); ++ crypto_drivers[krp->krp_hid].cc_kqblocked = 1; ++ CRYPTO_Q_UNLOCK(); ++ result = crypto_kinvoke(krp, krp->krp_hid); ++ CRYPTO_Q_LOCK(); ++ if (result == ERESTART) { ++ /* ++ * The driver ran out of resources, mark the ++ * driver ``blocked'' for cryptkop's and put ++ * the request back in the queue. It would ++ * best to put the request back where we got ++ * it but that's hard so for now we put it ++ * at the front. This should be ok; putting ++ * it at the end does not work. ++ */ ++ /* XXX validate sid again? */ ++ list_add(&krp->krp_next, &crp_kq); ++ cryptostats.cs_kblocks++; ++ } else ++ crypto_drivers[krp->krp_hid].cc_kqblocked = 0; ++ } ++ ++ if (submit == NULL && krp == NULL) { ++ /* ++ * Nothing more to be processed. Sleep until we're ++ * woken because there are more ops to process. ++ * This happens either by submission or by a driver ++ * becoming unblocked and notifying us through ++ * crypto_unblock. Note that when we wakeup we ++ * start processing each queue again from the ++ * front. It's not clear that it's important to ++ * preserve this ordering since ops may finish ++ * out of order if dispatched to different devices ++ * and some become blocked while others do not. ++ */ ++ dprintk("%s - sleeping (qe=%d qb=%d kqe=%d kqb=%d)\n", ++ __FUNCTION__, ++ list_empty(&crp_q), crypto_all_qblocked, ++ list_empty(&crp_kq), crypto_all_kqblocked); ++ CRYPTO_Q_UNLOCK(); ++ crp_sleep = 1; ++ wait_event_interruptible(cryptoproc_wait, ++ !(list_empty(&crp_q) || crypto_all_qblocked) || ++ !(list_empty(&crp_kq) || crypto_all_kqblocked) || ++ cryptoproc == (pid_t) -1); ++ crp_sleep = 0; ++ if (signal_pending (current)) { ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ spin_lock_irq(¤t->sigmask_lock); ++#endif ++ flush_signals(current); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ spin_unlock_irq(¤t->sigmask_lock); ++#endif ++ } ++ CRYPTO_Q_LOCK(); ++ dprintk("%s - awake\n", __FUNCTION__); ++ if (cryptoproc == (pid_t) -1) ++ break; ++ cryptostats.cs_intrs++; ++ } ++ } ++ CRYPTO_Q_UNLOCK(); ++ complete_and_exit(&cryptoproc_exited, 0); ++} ++ ++/* ++ * Crypto returns thread, does callbacks for processed crypto requests. ++ * Callbacks are done here, rather than in the crypto drivers, because ++ * callbacks typically are expensive and would slow interrupt handling. ++ */ ++static int ++crypto_ret_proc(void *arg) ++{ ++ struct cryptop *crpt; ++ struct cryptkop *krpt; ++ unsigned long r_flags; ++ ++ ocf_daemonize("crypto_ret"); ++ ++ CRYPTO_RETQ_LOCK(); ++ for (;;) { ++ /* Harvest return q's for completed ops */ ++ crpt = NULL; ++ if (!list_empty(&crp_ret_q)) ++ crpt = list_entry(crp_ret_q.next, typeof(*crpt), crp_next); ++ if (crpt != NULL) ++ list_del(&crpt->crp_next); ++ ++ krpt = NULL; ++ if (!list_empty(&crp_ret_kq)) ++ krpt = list_entry(crp_ret_kq.next, typeof(*krpt), krp_next); ++ if (krpt != NULL) ++ list_del(&krpt->krp_next); ++ ++ if (crpt != NULL || krpt != NULL) { ++ CRYPTO_RETQ_UNLOCK(); ++ /* ++ * Run callbacks unlocked. ++ */ ++ if (crpt != NULL) ++ crpt->crp_callback(crpt); ++ if (krpt != NULL) ++ krpt->krp_callback(krpt); ++ CRYPTO_RETQ_LOCK(); ++ } else { ++ /* ++ * Nothing more to be processed. Sleep until we're ++ * woken because there are more returns to process. ++ */ ++ dprintk("%s - sleeping\n", __FUNCTION__); ++ CRYPTO_RETQ_UNLOCK(); ++ wait_event_interruptible(cryptoretproc_wait, ++ cryptoretproc == (pid_t) -1 || ++ !list_empty(&crp_ret_q) || ++ !list_empty(&crp_ret_kq)); ++ if (signal_pending (current)) { ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ spin_lock_irq(¤t->sigmask_lock); ++#endif ++ flush_signals(current); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ spin_unlock_irq(¤t->sigmask_lock); ++#endif ++ } ++ CRYPTO_RETQ_LOCK(); ++ dprintk("%s - awake\n", __FUNCTION__); ++ if (cryptoretproc == (pid_t) -1) { ++ dprintk("%s - EXITING!\n", __FUNCTION__); ++ break; ++ } ++ cryptostats.cs_rets++; ++ } ++ } ++ CRYPTO_RETQ_UNLOCK(); ++ complete_and_exit(&cryptoretproc_exited, 0); ++} ++ ++ ++#if 0 /* should put this into /proc or something */ ++static void ++db_show_drivers(void) ++{ ++ int hid; ++ ++ db_printf("%12s %4s %4s %8s %2s %2s\n" ++ , "Device" ++ , "Ses" ++ , "Kops" ++ , "Flags" ++ , "QB" ++ , "KB" ++ ); ++ for (hid = 0; hid < crypto_drivers_num; hid++) { ++ const struct cryptocap *cap = &crypto_drivers[hid]; ++ if (cap->cc_dev == NULL) ++ continue; ++ db_printf("%-12s %4u %4u %08x %2u %2u\n" ++ , device_get_nameunit(cap->cc_dev) ++ , cap->cc_sessions ++ , cap->cc_koperations ++ , cap->cc_flags ++ , cap->cc_qblocked ++ , cap->cc_kqblocked ++ ); ++ } ++} ++ ++DB_SHOW_COMMAND(crypto, db_show_crypto) ++{ ++ struct cryptop *crp; ++ ++ db_show_drivers(); ++ db_printf("\n"); ++ ++ db_printf("%4s %8s %4s %4s %4s %4s %8s %8s\n", ++ "HID", "Caps", "Ilen", "Olen", "Etype", "Flags", ++ "Desc", "Callback"); ++ TAILQ_FOREACH(crp, &crp_q, crp_next) { ++ db_printf("%4u %08x %4u %4u %4u %04x %8p %8p\n" ++ , (int) CRYPTO_SESID2HID(crp->crp_sid) ++ , (int) CRYPTO_SESID2CAPS(crp->crp_sid) ++ , crp->crp_ilen, crp->crp_olen ++ , crp->crp_etype ++ , crp->crp_flags ++ , crp->crp_desc ++ , crp->crp_callback ++ ); ++ } ++ if (!TAILQ_EMPTY(&crp_ret_q)) { ++ db_printf("\n%4s %4s %4s %8s\n", ++ "HID", "Etype", "Flags", "Callback"); ++ TAILQ_FOREACH(crp, &crp_ret_q, crp_next) { ++ db_printf("%4u %4u %04x %8p\n" ++ , (int) CRYPTO_SESID2HID(crp->crp_sid) ++ , crp->crp_etype ++ , crp->crp_flags ++ , crp->crp_callback ++ ); ++ } ++ } ++} ++ ++DB_SHOW_COMMAND(kcrypto, db_show_kcrypto) ++{ ++ struct cryptkop *krp; ++ ++ db_show_drivers(); ++ db_printf("\n"); ++ ++ db_printf("%4s %5s %4s %4s %8s %4s %8s\n", ++ "Op", "Status", "#IP", "#OP", "CRID", "HID", "Callback"); ++ TAILQ_FOREACH(krp, &crp_kq, krp_next) { ++ db_printf("%4u %5u %4u %4u %08x %4u %8p\n" ++ , krp->krp_op ++ , krp->krp_status ++ , krp->krp_iparams, krp->krp_oparams ++ , krp->krp_crid, krp->krp_hid ++ , krp->krp_callback ++ ); ++ } ++ if (!TAILQ_EMPTY(&crp_ret_q)) { ++ db_printf("%4s %5s %8s %4s %8s\n", ++ "Op", "Status", "CRID", "HID", "Callback"); ++ TAILQ_FOREACH(krp, &crp_ret_kq, krp_next) { ++ db_printf("%4u %5u %08x %4u %8p\n" ++ , krp->krp_op ++ , krp->krp_status ++ , krp->krp_crid, krp->krp_hid ++ , krp->krp_callback ++ ); ++ } ++ } ++} ++#endif ++ ++ ++static int ++crypto_init(void) ++{ ++ int error; ++ ++ dprintk("%s(0x%x)\n", __FUNCTION__, (int) crypto_init); ++ ++ if (crypto_initted) ++ return 0; ++ crypto_initted = 1; ++ ++ spin_lock_init(&crypto_drivers_lock); ++ spin_lock_init(&crypto_q_lock); ++ spin_lock_init(&crypto_ret_q_lock); ++ ++ cryptop_zone = kmem_cache_create("cryptop", sizeof(struct cryptop), ++ 0, SLAB_HWCACHE_ALIGN, NULL ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) ++ , NULL ++#endif ++ ); ++ ++ cryptodesc_zone = kmem_cache_create("cryptodesc", sizeof(struct cryptodesc), ++ 0, SLAB_HWCACHE_ALIGN, NULL ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) ++ , NULL ++#endif ++ ); ++ ++ if (cryptodesc_zone == NULL || cryptop_zone == NULL) { ++ printk("crypto: crypto_init cannot setup crypto zones\n"); ++ error = ENOMEM; ++ goto bad; ++ } ++ ++ crypto_drivers_num = CRYPTO_DRIVERS_INITIAL; ++ crypto_drivers = kmalloc(crypto_drivers_num * sizeof(struct cryptocap), ++ GFP_KERNEL); ++ if (crypto_drivers == NULL) { ++ printk("crypto: crypto_init cannot setup crypto drivers\n"); ++ error = ENOMEM; ++ goto bad; ++ } ++ ++ memset(crypto_drivers, 0, crypto_drivers_num * sizeof(struct cryptocap)); ++ ++ init_completion(&cryptoproc_exited); ++ init_completion(&cryptoretproc_exited); ++ ++ cryptoproc = 0; /* to avoid race condition where proc runs first */ ++ cryptoproc = kernel_thread(crypto_proc, NULL, CLONE_FS|CLONE_FILES); ++ if (cryptoproc < 0) { ++ error = cryptoproc; ++ printk("crypto: crypto_init cannot start crypto thread; error %d", ++ error); ++ goto bad; ++ } ++ ++ cryptoretproc = 0; /* to avoid race condition where proc runs first */ ++ cryptoretproc = kernel_thread(crypto_ret_proc, NULL, CLONE_FS|CLONE_FILES); ++ if (cryptoretproc < 0) { ++ error = cryptoretproc; ++ printk("crypto: crypto_init cannot start cryptoret thread; error %d", ++ error); ++ goto bad; ++ } ++ ++ return 0; ++bad: ++ crypto_exit(); ++ return error; ++} ++ ++ ++static void ++crypto_exit(void) ++{ ++ pid_t p; ++ unsigned long d_flags; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ ++ /* ++ * Terminate any crypto threads. ++ */ ++ ++ CRYPTO_DRIVER_LOCK(); ++ p = cryptoproc; ++ cryptoproc = (pid_t) -1; ++ kill_proc(p, SIGTERM, 1); ++ wake_up_interruptible(&cryptoproc_wait); ++ CRYPTO_DRIVER_UNLOCK(); ++ ++ wait_for_completion(&cryptoproc_exited); ++ ++ CRYPTO_DRIVER_LOCK(); ++ p = cryptoretproc; ++ cryptoretproc = (pid_t) -1; ++ kill_proc(p, SIGTERM, 1); ++ wake_up_interruptible(&cryptoretproc_wait); ++ CRYPTO_DRIVER_UNLOCK(); ++ ++ wait_for_completion(&cryptoretproc_exited); ++ ++ /* XXX flush queues??? */ ++ ++ /* ++ * Reclaim dynamically allocated resources. ++ */ ++ if (crypto_drivers != NULL) ++ kfree(crypto_drivers); ++ ++ if (cryptodesc_zone != NULL) ++ kmem_cache_destroy(cryptodesc_zone); ++ if (cryptop_zone != NULL) ++ kmem_cache_destroy(cryptop_zone); ++} ++ ++ ++EXPORT_SYMBOL(crypto_newsession); ++EXPORT_SYMBOL(crypto_freesession); ++EXPORT_SYMBOL(crypto_get_driverid); ++EXPORT_SYMBOL(crypto_kregister); ++EXPORT_SYMBOL(crypto_register); ++EXPORT_SYMBOL(crypto_unregister); ++EXPORT_SYMBOL(crypto_unregister_all); ++EXPORT_SYMBOL(crypto_unblock); ++EXPORT_SYMBOL(crypto_dispatch); ++EXPORT_SYMBOL(crypto_kdispatch); ++EXPORT_SYMBOL(crypto_freereq); ++EXPORT_SYMBOL(crypto_getreq); ++EXPORT_SYMBOL(crypto_done); ++EXPORT_SYMBOL(crypto_kdone); ++EXPORT_SYMBOL(crypto_getfeat); ++EXPORT_SYMBOL(crypto_userasymcrypto); ++EXPORT_SYMBOL(crypto_getcaps); ++EXPORT_SYMBOL(crypto_find_driver); ++EXPORT_SYMBOL(crypto_find_device_byhid); ++ ++module_init(crypto_init); ++module_exit(crypto_exit); ++ ++MODULE_LICENSE("BSD"); ++MODULE_AUTHOR("David McCullough <david_mccullough@securecomputing.com>"); ++MODULE_DESCRIPTION("OCF (OpenBSD Cryptographic Framework)"); +--- /dev/null ++++ b/crypto/ocf/criov.c +@@ -0,0 +1,215 @@ ++/* $OpenBSD: criov.c,v 1.9 2002/01/29 15:48:29 jason Exp $ */ ++ ++/* ++ * Linux port done by David McCullough <david_mccullough@securecomputing.com> ++ * Copyright (C) 2006-2007 David McCullough ++ * Copyright (C) 2004-2005 Intel Corporation. ++ * The license and original author are listed below. ++ * ++ * Copyright (c) 1999 Theo de Raadt ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote products ++ * derived from this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++__FBSDID("$FreeBSD: src/sys/opencrypto/criov.c,v 1.5 2006/06/04 22:15:13 pjd Exp $"); ++ */ ++ ++#ifndef AUTOCONF_INCLUDED ++#include <linux/config.h> ++#endif ++#include <linux/module.h> ++#include <linux/init.h> ++#include <linux/slab.h> ++#include <linux/uio.h> ++#include <linux/skbuff.h> ++#include <linux/kernel.h> ++#include <linux/mm.h> ++#include <asm/io.h> ++ ++#include <uio.h> ++#include <cryptodev.h> ++ ++/* ++ * This macro is only for avoiding code duplication, as we need to skip ++ * given number of bytes in the same way in three functions below. ++ */ ++#define CUIO_SKIP() do { \ ++ KASSERT(off >= 0, ("%s: off %d < 0", __func__, off)); \ ++ KASSERT(len >= 0, ("%s: len %d < 0", __func__, len)); \ ++ while (off > 0) { \ ++ KASSERT(iol >= 0, ("%s: empty in skip", __func__)); \ ++ if (off < iov->iov_len) \ ++ break; \ ++ off -= iov->iov_len; \ ++ iol--; \ ++ iov++; \ ++ } \ ++} while (0) ++ ++void ++cuio_copydata(struct uio* uio, int off, int len, caddr_t cp) ++{ ++ struct iovec *iov = uio->uio_iov; ++ int iol = uio->uio_iovcnt; ++ unsigned count; ++ ++ CUIO_SKIP(); ++ while (len > 0) { ++ KASSERT(iol >= 0, ("%s: empty", __func__)); ++ count = min((int)(iov->iov_len - off), len); ++ memcpy(cp, ((caddr_t)iov->iov_base) + off, count); ++ len -= count; ++ cp += count; ++ off = 0; ++ iol--; ++ iov++; ++ } ++} ++ ++void ++cuio_copyback(struct uio* uio, int off, int len, caddr_t cp) ++{ ++ struct iovec *iov = uio->uio_iov; ++ int iol = uio->uio_iovcnt; ++ unsigned count; ++ ++ CUIO_SKIP(); ++ while (len > 0) { ++ KASSERT(iol >= 0, ("%s: empty", __func__)); ++ count = min((int)(iov->iov_len - off), len); ++ memcpy(((caddr_t)iov->iov_base) + off, cp, count); ++ len -= count; ++ cp += count; ++ off = 0; ++ iol--; ++ iov++; ++ } ++} ++ ++/* ++ * Return a pointer to iov/offset of location in iovec list. ++ */ ++struct iovec * ++cuio_getptr(struct uio *uio, int loc, int *off) ++{ ++ struct iovec *iov = uio->uio_iov; ++ int iol = uio->uio_iovcnt; ++ ++ while (loc >= 0) { ++ /* Normal end of search */ ++ if (loc < iov->iov_len) { ++ *off = loc; ++ return (iov); ++ } ++ ++ loc -= iov->iov_len; ++ if (iol == 0) { ++ if (loc == 0) { ++ /* Point at the end of valid data */ ++ *off = iov->iov_len; ++ return (iov); ++ } else ++ return (NULL); ++ } else { ++ iov++, iol--; ++ } ++ } ++ ++ return (NULL); ++} ++ ++EXPORT_SYMBOL(cuio_copyback); ++EXPORT_SYMBOL(cuio_copydata); ++EXPORT_SYMBOL(cuio_getptr); ++ ++ ++static void ++skb_copy_bits_back(struct sk_buff *skb, int offset, caddr_t cp, int len) ++{ ++ int i; ++ if (offset < skb_headlen(skb)) { ++ memcpy(skb->data + offset, cp, min_t(int, skb_headlen(skb), len)); ++ len -= skb_headlen(skb); ++ cp += skb_headlen(skb); ++ } ++ offset -= skb_headlen(skb); ++ for (i = 0; len > 0 && i < skb_shinfo(skb)->nr_frags; i++) { ++ if (offset < skb_shinfo(skb)->frags[i].size) { ++ memcpy(page_address(skb_shinfo(skb)->frags[i].page) + ++ skb_shinfo(skb)->frags[i].page_offset, ++ cp, min_t(int, skb_shinfo(skb)->frags[i].size, len)); ++ len -= skb_shinfo(skb)->frags[i].size; ++ cp += skb_shinfo(skb)->frags[i].size; ++ } ++ offset -= skb_shinfo(skb)->frags[i].size; ++ } ++} ++ ++void ++crypto_copyback(int flags, caddr_t buf, int off, int size, caddr_t in) ++{ ++ ++ if ((flags & CRYPTO_F_SKBUF) != 0) ++ skb_copy_bits_back((struct sk_buff *)buf, off, in, size); ++ else if ((flags & CRYPTO_F_IOV) != 0) ++ cuio_copyback((struct uio *)buf, off, size, in); ++ else ++ bcopy(in, buf + off, size); ++} ++ ++void ++crypto_copydata(int flags, caddr_t buf, int off, int size, caddr_t out) ++{ ++ ++ if ((flags & CRYPTO_F_SKBUF) != 0) ++ skb_copy_bits((struct sk_buff *)buf, off, out, size); ++ else if ((flags & CRYPTO_F_IOV) != 0) ++ cuio_copydata((struct uio *)buf, off, size, out); ++ else ++ bcopy(buf + off, out, size); ++} ++ ++int ++crypto_apply(int flags, caddr_t buf, int off, int len, ++ int (*f)(void *, void *, u_int), void *arg) ++{ ++#if 0 ++ int error; ++ ++ if ((flags & CRYPTO_F_SKBUF) != 0) ++ error = XXXXXX((struct mbuf *)buf, off, len, f, arg); ++ else if ((flags & CRYPTO_F_IOV) != 0) ++ error = cuio_apply((struct uio *)buf, off, len, f, arg); ++ else ++ error = (*f)(arg, buf + off, len); ++ return (error); ++#else ++ KASSERT(0, ("crypto_apply not implemented!\n")); ++#endif ++ return 0; ++} ++ ++EXPORT_SYMBOL(crypto_copyback); ++EXPORT_SYMBOL(crypto_copydata); ++EXPORT_SYMBOL(crypto_apply); ++ +--- /dev/null ++++ b/crypto/ocf/uio.h +@@ -0,0 +1,54 @@ ++#ifndef _OCF_UIO_H_ ++#define _OCF_UIO_H_ ++ ++#include <linux/uio.h> ++ ++/* ++ * The linux uio.h doesn't have all we need. To be fully api compatible ++ * with the BSD cryptodev, we need to keep this around. Perhaps this can ++ * be moved back into the linux/uio.h ++ * ++ * Linux port done by David McCullough <david_mccullough@securecomputing.com> ++ * Copyright (C) 2006-2007 David McCullough ++ * Copyright (C) 2004-2005 Intel Corporation. ++ * ++ * LICENSE TERMS ++ * ++ * The free distribution and use of this software in both source and binary ++ * form is allowed (with or without changes) provided that: ++ * ++ * 1. distributions of this source code include the above copyright ++ * notice, this list of conditions and the following disclaimer; ++ * ++ * 2. distributions in binary form include the above copyright ++ * notice, this list of conditions and the following disclaimer ++ * in the documentation and/or other associated materials; ++ * ++ * 3. the copyright holder's name is not used to endorse products ++ * built using this software without specific written permission. ++ * ++ * ALTERNATIVELY, provided that this notice is retained in full, this product ++ * may be distributed under the terms of the GNU General Public License (GPL), ++ * in which case the provisions of the GPL apply INSTEAD OF those given above. ++ * ++ * DISCLAIMER ++ * ++ * This software is provided 'as is' with no explicit or implied warranties ++ * in respect of its properties, including, but not limited to, correctness ++ * and/or fitness for purpose. ++ * --------------------------------------------------------------------------- ++ */ ++ ++struct uio { ++ struct iovec *uio_iov; ++ int uio_iovcnt; ++ off_t uio_offset; ++ int uio_resid; ++#if 0 ++ enum uio_seg uio_segflg; ++ enum uio_rw uio_rw; ++ struct thread *uio_td; ++#endif ++}; ++ ++#endif +--- /dev/null ++++ b/crypto/ocf/talitos/talitos.c +@@ -0,0 +1,1359 @@ ++/* ++ * crypto/ocf/talitos/talitos.c ++ * ++ * An OCF-Linux module that uses Freescale's SEC to do the crypto. ++ * Based on crypto/ocf/hifn and crypto/ocf/safe OCF drivers ++ * ++ * Copyright (c) 2006 Freescale Semiconductor, Inc. ++ * ++ * This code written by Kim A. B. Phillips <kim.phillips@freescale.com> ++ * some code copied from files with the following: ++ * Copyright (C) 2004-2007 David McCullough <david_mccullough@securecomputing.com ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote products ++ * derived from this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ * --------------------------------------------------------------------------- ++ * ++ * NOTES: ++ * ++ * The Freescale SEC (also known as 'talitos') resides on the ++ * internal bus, and runs asynchronous to the processor core. It has ++ * a wide gamut of cryptographic acceleration features, including single- ++ * pass IPsec (also known as algorithm chaining). To properly utilize ++ * all of the SEC's performance enhancing features, further reworking ++ * of higher level code (framework, applications) will be necessary. ++ * ++ * The following table shows which SEC version is present in which devices: ++ * ++ * Devices SEC version ++ * ++ * 8272, 8248 SEC 1.0 ++ * 885, 875 SEC 1.2 ++ * 8555E, 8541E SEC 2.0 ++ * 8349E SEC 2.01 ++ * 8548E SEC 2.1 ++ * ++ * The following table shows the features offered by each SEC version: ++ * ++ * Max. chan- ++ * version Bus I/F Clock nels DEU AESU AFEU MDEU PKEU RNG KEU ++ * ++ * SEC 1.0 internal 64b 100MHz 4 1 1 1 1 1 1 0 ++ * SEC 1.2 internal 32b 66MHz 1 1 1 0 1 0 0 0 ++ * SEC 2.0 internal 64b 166MHz 4 1 1 1 1 1 1 0 ++ * SEC 2.01 internal 64b 166MHz 4 1 1 1 1 1 1 0 ++ * SEC 2.1 internal 64b 333MHz 4 1 1 1 1 1 1 1 ++ * ++ * Each execution unit in the SEC has two modes of execution; channel and ++ * slave/debug. This driver employs the channel infrastructure in the ++ * device for convenience. Only the RNG is directly accessed due to the ++ * convenience of its random fifo pool. The relationship between the ++ * channels and execution units is depicted in the following diagram: ++ * ++ * ------- ------------ ++ * ---| ch0 |---| | ++ * ------- | | ++ * | |------+-------+-------+-------+------------ ++ * ------- | | | | | | | ++ * ---| ch1 |---| | | | | | | ++ * ------- | | ------ ------ ------ ------ ------ ++ * |controller| |DEU | |AESU| |MDEU| |PKEU| ... |RNG | ++ * ------- | | ------ ------ ------ ------ ------ ++ * ---| ch2 |---| | | | | | | ++ * ------- | | | | | | | ++ * | |------+-------+-------+-------+------------ ++ * ------- | | ++ * ---| ch3 |---| | ++ * ------- ------------ ++ * ++ * Channel ch0 may drive an aes operation to the aes unit (AESU), ++ * and, at the same time, ch1 may drive a message digest operation ++ * to the mdeu. Each channel has an input descriptor FIFO, and the ++ * FIFO can contain, e.g. on the 8541E, up to 24 entries, before a ++ * a buffer overrun error is triggered. The controller is responsible ++ * for fetching the data from descriptor pointers, and passing the ++ * data to the appropriate EUs. The controller also writes the ++ * cryptographic operation's result to memory. The SEC notifies ++ * completion by triggering an interrupt and/or setting the 1st byte ++ * of the hdr field to 0xff. ++ * ++ * TODO: ++ * o support more algorithms ++ * o support more versions of the SEC ++ * o add support for linux 2.4 ++ * o scatter-gather (sg) support ++ * o add support for public key ops (PKEU) ++ * o add statistics ++ */ ++ ++#ifndef AUTOCONF_INCLUDED ++#include <linux/config.h> ++#endif ++#include <linux/module.h> ++#include <linux/init.h> ++#include <linux/interrupt.h> ++#include <linux/spinlock.h> ++#include <linux/random.h> ++#include <linux/skbuff.h> ++#include <asm/scatterlist.h> ++#include <linux/dma-mapping.h> /* dma_map_single() */ ++#include <linux/moduleparam.h> ++ ++#include <linux/version.h> ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,15) ++#include <linux/platform_device.h> ++#endif ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) ++#include <linux/of_platform.h> ++#endif ++ ++#include <cryptodev.h> ++#include <uio.h> ++ ++#define DRV_NAME "talitos" ++ ++#include "talitos_dev.h" ++#include "talitos_soft.h" ++ ++#define read_random(p,l) get_random_bytes(p,l) ++ ++const char talitos_driver_name[] = "Talitos OCF"; ++const char talitos_driver_version[] = "0.2"; ++ ++static int talitos_newsession(device_t dev, u_int32_t *sidp, ++ struct cryptoini *cri); ++static int talitos_freesession(device_t dev, u_int64_t tid); ++static int talitos_process(device_t dev, struct cryptop *crp, int hint); ++static void dump_talitos_status(struct talitos_softc *sc); ++static int talitos_submit(struct talitos_softc *sc, struct talitos_desc *td, ++ int chsel); ++static void talitos_doneprocessing(struct talitos_softc *sc); ++static void talitos_init_device(struct talitos_softc *sc); ++static void talitos_reset_device_master(struct talitos_softc *sc); ++static void talitos_reset_device(struct talitos_softc *sc); ++static void talitos_errorprocessing(struct talitos_softc *sc); ++#ifdef CONFIG_PPC_MERGE ++static int talitos_probe(struct of_device *ofdev, const struct of_device_id *match); ++static int talitos_remove(struct of_device *ofdev); ++#else ++static int talitos_probe(struct platform_device *pdev); ++static int talitos_remove(struct platform_device *pdev); ++#endif ++#ifdef CONFIG_OCF_RANDOMHARVEST ++static int talitos_read_random(void *arg, u_int32_t *buf, int maxwords); ++static void talitos_rng_init(struct talitos_softc *sc); ++#endif ++ ++static device_method_t talitos_methods = { ++ /* crypto device methods */ ++ DEVMETHOD(cryptodev_newsession, talitos_newsession), ++ DEVMETHOD(cryptodev_freesession,talitos_freesession), ++ DEVMETHOD(cryptodev_process, talitos_process), ++}; ++ ++#define debug talitos_debug ++int talitos_debug = 0; ++module_param(talitos_debug, int, 0644); ++MODULE_PARM_DESC(talitos_debug, "Enable debug"); ++ ++static inline void talitos_write(volatile unsigned *addr, u32 val) ++{ ++ out_be32(addr, val); ++} ++ ++static inline u32 talitos_read(volatile unsigned *addr) ++{ ++ u32 val; ++ val = in_be32(addr); ++ return val; ++} ++ ++static void dump_talitos_status(struct talitos_softc *sc) ++{ ++ unsigned int v, v_hi, i, *ptr; ++ v = talitos_read(sc->sc_base_addr + TALITOS_MCR); ++ v_hi = talitos_read(sc->sc_base_addr + TALITOS_MCR_HI); ++ printk(KERN_INFO "%s: MCR 0x%08x_%08x\n", ++ device_get_nameunit(sc->sc_cdev), v, v_hi); ++ v = talitos_read(sc->sc_base_addr + TALITOS_IMR); ++ v_hi = talitos_read(sc->sc_base_addr + TALITOS_IMR_HI); ++ printk(KERN_INFO "%s: IMR 0x%08x_%08x\n", ++ device_get_nameunit(sc->sc_cdev), v, v_hi); ++ v = talitos_read(sc->sc_base_addr + TALITOS_ISR); ++ v_hi = talitos_read(sc->sc_base_addr + TALITOS_ISR_HI); ++ printk(KERN_INFO "%s: ISR 0x%08x_%08x\n", ++ device_get_nameunit(sc->sc_cdev), v, v_hi); ++ for (i = 0; i < sc->sc_num_channels; i++) { ++ v = talitos_read(sc->sc_base_addr + i*TALITOS_CH_OFFSET + ++ TALITOS_CH_CDPR); ++ v_hi = talitos_read(sc->sc_base_addr + i*TALITOS_CH_OFFSET + ++ TALITOS_CH_CDPR_HI); ++ printk(KERN_INFO "%s: CDPR ch%d 0x%08x_%08x\n", ++ device_get_nameunit(sc->sc_cdev), i, v, v_hi); ++ } ++ for (i = 0; i < sc->sc_num_channels; i++) { ++ v = talitos_read(sc->sc_base_addr + i*TALITOS_CH_OFFSET + ++ TALITOS_CH_CCPSR); ++ v_hi = talitos_read(sc->sc_base_addr + i*TALITOS_CH_OFFSET + ++ TALITOS_CH_CCPSR_HI); ++ printk(KERN_INFO "%s: CCPSR ch%d 0x%08x_%08x\n", ++ device_get_nameunit(sc->sc_cdev), i, v, v_hi); ++ } ++ ptr = sc->sc_base_addr + TALITOS_CH_DESCBUF; ++ for (i = 0; i < 16; i++) { ++ v = talitos_read(ptr++); v_hi = talitos_read(ptr++); ++ printk(KERN_INFO "%s: DESCBUF ch0 0x%08x_%08x (tdp%02d)\n", ++ device_get_nameunit(sc->sc_cdev), v, v_hi, i); ++ } ++ return; ++} ++ ++ ++#ifdef CONFIG_OCF_RANDOMHARVEST ++/* ++ * pull random numbers off the RNG FIFO, not exceeding amount available ++ */ ++static int ++talitos_read_random(void *arg, u_int32_t *buf, int maxwords) ++{ ++ struct talitos_softc *sc = (struct talitos_softc *) arg; ++ int rc; ++ u_int32_t v; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ /* check for things like FIFO underflow */ ++ v = talitos_read(sc->sc_base_addr + TALITOS_RNGISR_HI); ++ if (unlikely(v)) { ++ printk(KERN_ERR "%s: RNGISR_HI error %08x\n", ++ device_get_nameunit(sc->sc_cdev), v); ++ return 0; ++ } ++ /* ++ * OFL is number of available 64-bit words, ++ * shift and convert to a 32-bit word count ++ */ ++ v = talitos_read(sc->sc_base_addr + TALITOS_RNGSR_HI); ++ v = (v & TALITOS_RNGSR_HI_OFL) >> (16 - 1); ++ if (maxwords > v) ++ maxwords = v; ++ for (rc = 0; rc < maxwords; rc++) { ++ buf[rc] = talitos_read(sc->sc_base_addr + ++ TALITOS_RNG_FIFO + rc*sizeof(u_int32_t)); ++ } ++ if (maxwords & 1) { ++ /* ++ * RNG will complain with an AE in the RNGISR ++ * if we don't complete the pairs of 32-bit reads ++ * to its 64-bit register based FIFO ++ */ ++ v = talitos_read(sc->sc_base_addr + ++ TALITOS_RNG_FIFO + rc*sizeof(u_int32_t)); ++ } ++ ++ return rc; ++} ++ ++static void ++talitos_rng_init(struct talitos_softc *sc) ++{ ++ u_int32_t v; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ /* reset RNG EU */ ++ v = talitos_read(sc->sc_base_addr + TALITOS_RNGRCR_HI); ++ v |= TALITOS_RNGRCR_HI_SR; ++ talitos_write(sc->sc_base_addr + TALITOS_RNGRCR_HI, v); ++ while ((talitos_read(sc->sc_base_addr + TALITOS_RNGSR_HI) ++ & TALITOS_RNGSR_HI_RD) == 0) ++ cpu_relax(); ++ /* ++ * we tell the RNG to start filling the RNG FIFO ++ * by writing the RNGDSR ++ */ ++ v = talitos_read(sc->sc_base_addr + TALITOS_RNGDSR_HI); ++ talitos_write(sc->sc_base_addr + TALITOS_RNGDSR_HI, v); ++ /* ++ * 64 bits of data will be pushed onto the FIFO every ++ * 256 SEC cycles until the FIFO is full. The RNG then ++ * attempts to keep the FIFO full. ++ */ ++ v = talitos_read(sc->sc_base_addr + TALITOS_RNGISR_HI); ++ if (v) { ++ printk(KERN_ERR "%s: RNGISR_HI error %08x\n", ++ device_get_nameunit(sc->sc_cdev), v); ++ return; ++ } ++ /* ++ * n.b. we need to add a FIPS test here - if the RNG is going ++ * to fail, it's going to fail at reset time ++ */ ++ return; ++} ++#endif /* CONFIG_OCF_RANDOMHARVEST */ ++ ++/* ++ * Generate a new software session. ++ */ ++static int ++talitos_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri) ++{ ++ struct cryptoini *c, *encini = NULL, *macini = NULL; ++ struct talitos_softc *sc = device_get_softc(dev); ++ struct talitos_session *ses = NULL; ++ int sesn; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ if (sidp == NULL || cri == NULL || sc == NULL) { ++ DPRINTF("%s,%d - EINVAL\n", __FILE__, __LINE__); ++ return EINVAL; ++ } ++ for (c = cri; c != NULL; c = c->cri_next) { ++ if (c->cri_alg == CRYPTO_MD5 || ++ c->cri_alg == CRYPTO_MD5_HMAC || ++ c->cri_alg == CRYPTO_SHA1 || ++ c->cri_alg == CRYPTO_SHA1_HMAC || ++ c->cri_alg == CRYPTO_NULL_HMAC) { ++ if (macini) ++ return EINVAL; ++ macini = c; ++ } else if (c->cri_alg == CRYPTO_DES_CBC || ++ c->cri_alg == CRYPTO_3DES_CBC || ++ c->cri_alg == CRYPTO_AES_CBC || ++ c->cri_alg == CRYPTO_NULL_CBC) { ++ if (encini) ++ return EINVAL; ++ encini = c; ++ } else { ++ DPRINTF("UNKNOWN c->cri_alg %d\n", encini->cri_alg); ++ return EINVAL; ++ } ++ } ++ if (encini == NULL && macini == NULL) ++ return EINVAL; ++ if (encini) { ++ /* validate key length */ ++ switch (encini->cri_alg) { ++ case CRYPTO_DES_CBC: ++ if (encini->cri_klen != 64) ++ return EINVAL; ++ break; ++ case CRYPTO_3DES_CBC: ++ if (encini->cri_klen != 192) { ++ return EINVAL; ++ } ++ break; ++ case CRYPTO_AES_CBC: ++ if (encini->cri_klen != 128 && ++ encini->cri_klen != 192 && ++ encini->cri_klen != 256) ++ return EINVAL; ++ break; ++ default: ++ DPRINTF("UNKNOWN encini->cri_alg %d\n", ++ encini->cri_alg); ++ return EINVAL; ++ } ++ } ++ ++ if (sc->sc_sessions == NULL) { ++ ses = sc->sc_sessions = (struct talitos_session *) ++ kmalloc(sizeof(struct talitos_session), SLAB_ATOMIC); ++ if (ses == NULL) ++ return ENOMEM; ++ memset(ses, 0, sizeof(struct talitos_session)); ++ sesn = 0; ++ sc->sc_nsessions = 1; ++ } else { ++ for (sesn = 0; sesn < sc->sc_nsessions; sesn++) { ++ if (sc->sc_sessions[sesn].ses_used == 0) { ++ ses = &sc->sc_sessions[sesn]; ++ break; ++ } ++ } ++ ++ if (ses == NULL) { ++ /* allocating session */ ++ sesn = sc->sc_nsessions; ++ ses = (struct talitos_session *) kmalloc( ++ (sesn + 1) * sizeof(struct talitos_session), ++ SLAB_ATOMIC); ++ if (ses == NULL) ++ return ENOMEM; ++ memset(ses, 0, ++ (sesn + 1) * sizeof(struct talitos_session)); ++ memcpy(ses, sc->sc_sessions, ++ sesn * sizeof(struct talitos_session)); ++ memset(sc->sc_sessions, 0, ++ sesn * sizeof(struct talitos_session)); ++ kfree(sc->sc_sessions); ++ sc->sc_sessions = ses; ++ ses = &sc->sc_sessions[sesn]; ++ sc->sc_nsessions++; ++ } ++ } ++ ++ ses->ses_used = 1; ++ ++ if (encini) { ++ /* get an IV */ ++ /* XXX may read fewer than requested */ ++ read_random(ses->ses_iv, sizeof(ses->ses_iv)); ++ ++ ses->ses_klen = (encini->cri_klen + 7) / 8; ++ memcpy(ses->ses_key, encini->cri_key, ses->ses_klen); ++ if (macini) { ++ /* doing hash on top of cipher */ ++ ses->ses_hmac_len = (macini->cri_klen + 7) / 8; ++ memcpy(ses->ses_hmac, macini->cri_key, ++ ses->ses_hmac_len); ++ } ++ } else if (macini) { ++ /* doing hash */ ++ ses->ses_klen = (macini->cri_klen + 7) / 8; ++ memcpy(ses->ses_key, macini->cri_key, ses->ses_klen); ++ } ++ ++ /* back compat way of determining MSC result len */ ++ if (macini) { ++ ses->ses_mlen = macini->cri_mlen; ++ if (ses->ses_mlen == 0) { ++ if (macini->cri_alg == CRYPTO_MD5_HMAC) ++ ses->ses_mlen = MD5_HASH_LEN; ++ else ++ ses->ses_mlen = SHA1_HASH_LEN; ++ } ++ } ++ ++ /* really should make up a template td here, ++ * and only fill things like i/o and direction in process() */ ++ ++ /* assign session ID */ ++ *sidp = TALITOS_SID(sc->sc_num, sesn); ++ return 0; ++} ++ ++/* ++ * Deallocate a session. ++ */ ++static int ++talitos_freesession(device_t dev, u_int64_t tid) ++{ ++ struct talitos_softc *sc = device_get_softc(dev); ++ int session, ret; ++ u_int32_t sid = ((u_int32_t) tid) & 0xffffffff; ++ ++ if (sc == NULL) ++ return EINVAL; ++ session = TALITOS_SESSION(sid); ++ if (session < sc->sc_nsessions) { ++ memset(&sc->sc_sessions[session], 0, ++ sizeof(sc->sc_sessions[session])); ++ ret = 0; ++ } else ++ ret = EINVAL; ++ return ret; ++} ++ ++/* ++ * launch device processing - it will come back with done notification ++ * in the form of an interrupt and/or HDR_DONE_BITS in header ++ */ ++static int ++talitos_submit( ++ struct talitos_softc *sc, ++ struct talitos_desc *td, ++ int chsel) ++{ ++ u_int32_t v; ++ ++ v = dma_map_single(NULL, td, sizeof(*td), DMA_TO_DEVICE); ++ talitos_write(sc->sc_base_addr + ++ chsel*TALITOS_CH_OFFSET + TALITOS_CH_FF, 0); ++ talitos_write(sc->sc_base_addr + ++ chsel*TALITOS_CH_OFFSET + TALITOS_CH_FF_HI, v); ++ return 0; ++} ++ ++static int ++talitos_process(device_t dev, struct cryptop *crp, int hint) ++{ ++ int i, err = 0, ivsize; ++ struct talitos_softc *sc = device_get_softc(dev); ++ struct cryptodesc *crd1, *crd2, *maccrd, *enccrd; ++ caddr_t iv; ++ struct talitos_session *ses; ++ struct talitos_desc *td; ++ unsigned long flags; ++ /* descriptor mappings */ ++ int hmac_key, hmac_data, cipher_iv, cipher_key, ++ in_fifo, out_fifo, cipher_iv_out; ++ static int chsel = -1; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ if (crp == NULL || crp->crp_callback == NULL || sc == NULL) { ++ return EINVAL; ++ } ++ crp->crp_etype = 0; ++ if (TALITOS_SESSION(crp->crp_sid) >= sc->sc_nsessions) { ++ return EINVAL; ++ } ++ ++ ses = &sc->sc_sessions[TALITOS_SESSION(crp->crp_sid)]; ++ ++ /* enter the channel scheduler */ ++ spin_lock_irqsave(&sc->sc_chnfifolock[sc->sc_num_channels], flags); ++ ++ /* reuse channel that already had/has requests for the required EU */ ++ for (i = 0; i < sc->sc_num_channels; i++) { ++ if (sc->sc_chnlastalg[i] == crp->crp_desc->crd_alg) ++ break; ++ } ++ if (i == sc->sc_num_channels) { ++ /* ++ * haven't seen this algo the last sc_num_channels or more ++ * use round robin in this case ++ * nb: sc->sc_num_channels must be power of 2 ++ */ ++ chsel = (chsel + 1) & (sc->sc_num_channels - 1); ++ } else { ++ /* ++ * matches channel with same target execution unit; ++ * use same channel in this case ++ */ ++ chsel = i; ++ } ++ sc->sc_chnlastalg[chsel] = crp->crp_desc->crd_alg; ++ ++ /* release the channel scheduler lock */ ++ spin_unlock_irqrestore(&sc->sc_chnfifolock[sc->sc_num_channels], flags); ++ ++ /* acquire the selected channel fifo lock */ ++ spin_lock_irqsave(&sc->sc_chnfifolock[chsel], flags); ++ ++ /* find and reserve next available descriptor-cryptop pair */ ++ for (i = 0; i < sc->sc_chfifo_len; i++) { ++ if (sc->sc_chnfifo[chsel][i].cf_desc.hdr == 0) { ++ /* ++ * ensure correct descriptor formation by ++ * avoiding inadvertently setting "optional" entries ++ * e.g. not using "optional" dptr2 for MD/HMAC descs ++ */ ++ memset(&sc->sc_chnfifo[chsel][i].cf_desc, ++ 0, sizeof(*td)); ++ /* reserve it with done notification request bit */ ++ sc->sc_chnfifo[chsel][i].cf_desc.hdr |= ++ TALITOS_DONE_NOTIFY; ++ break; ++ } ++ } ++ spin_unlock_irqrestore(&sc->sc_chnfifolock[chsel], flags); ++ ++ if (i == sc->sc_chfifo_len) { ++ /* fifo full */ ++ err = ERESTART; ++ goto errout; ++ } ++ ++ td = &sc->sc_chnfifo[chsel][i].cf_desc; ++ sc->sc_chnfifo[chsel][i].cf_crp = crp; ++ ++ crd1 = crp->crp_desc; ++ if (crd1 == NULL) { ++ err = EINVAL; ++ goto errout; ++ } ++ crd2 = crd1->crd_next; ++ /* prevent compiler warning */ ++ hmac_key = 0; ++ hmac_data = 0; ++ if (crd2 == NULL) { ++ td->hdr |= TD_TYPE_COMMON_NONSNOOP_NO_AFEU; ++ /* assign descriptor dword ptr mappings for this desc. type */ ++ cipher_iv = 1; ++ cipher_key = 2; ++ in_fifo = 3; ++ cipher_iv_out = 5; ++ if (crd1->crd_alg == CRYPTO_MD5_HMAC || ++ crd1->crd_alg == CRYPTO_SHA1_HMAC || ++ crd1->crd_alg == CRYPTO_SHA1 || ++ crd1->crd_alg == CRYPTO_MD5) { ++ out_fifo = 5; ++ maccrd = crd1; ++ enccrd = NULL; ++ } else if (crd1->crd_alg == CRYPTO_DES_CBC || ++ crd1->crd_alg == CRYPTO_3DES_CBC || ++ crd1->crd_alg == CRYPTO_AES_CBC || ++ crd1->crd_alg == CRYPTO_ARC4) { ++ out_fifo = 4; ++ maccrd = NULL; ++ enccrd = crd1; ++ } else { ++ DPRINTF("UNKNOWN crd1->crd_alg %d\n", crd1->crd_alg); ++ err = EINVAL; ++ goto errout; ++ } ++ } else { ++ if (sc->sc_desc_types & TALITOS_HAS_DT_IPSEC_ESP) { ++ td->hdr |= TD_TYPE_IPSEC_ESP; ++ } else { ++ DPRINTF("unimplemented: multiple descriptor ipsec\n"); ++ err = EINVAL; ++ goto errout; ++ } ++ /* assign descriptor dword ptr mappings for this desc. type */ ++ hmac_key = 0; ++ hmac_data = 1; ++ cipher_iv = 2; ++ cipher_key = 3; ++ in_fifo = 4; ++ out_fifo = 5; ++ cipher_iv_out = 6; ++ if ((crd1->crd_alg == CRYPTO_MD5_HMAC || ++ crd1->crd_alg == CRYPTO_SHA1_HMAC || ++ crd1->crd_alg == CRYPTO_MD5 || ++ crd1->crd_alg == CRYPTO_SHA1) && ++ (crd2->crd_alg == CRYPTO_DES_CBC || ++ crd2->crd_alg == CRYPTO_3DES_CBC || ++ crd2->crd_alg == CRYPTO_AES_CBC || ++ crd2->crd_alg == CRYPTO_ARC4) && ++ ((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) { ++ maccrd = crd1; ++ enccrd = crd2; ++ } else if ((crd1->crd_alg == CRYPTO_DES_CBC || ++ crd1->crd_alg == CRYPTO_ARC4 || ++ crd1->crd_alg == CRYPTO_3DES_CBC || ++ crd1->crd_alg == CRYPTO_AES_CBC) && ++ (crd2->crd_alg == CRYPTO_MD5_HMAC || ++ crd2->crd_alg == CRYPTO_SHA1_HMAC || ++ crd2->crd_alg == CRYPTO_MD5 || ++ crd2->crd_alg == CRYPTO_SHA1) && ++ (crd1->crd_flags & CRD_F_ENCRYPT)) { ++ enccrd = crd1; ++ maccrd = crd2; ++ } else { ++ /* We cannot order the SEC as requested */ ++ printk("%s: cannot do the order\n", ++ device_get_nameunit(sc->sc_cdev)); ++ err = EINVAL; ++ goto errout; ++ } ++ } ++ /* assign in_fifo and out_fifo based on input/output struct type */ ++ if (crp->crp_flags & CRYPTO_F_SKBUF) { ++ /* using SKB buffers */ ++ struct sk_buff *skb = (struct sk_buff *)crp->crp_buf; ++ if (skb_shinfo(skb)->nr_frags) { ++ printk("%s: skb frags unimplemented\n", ++ device_get_nameunit(sc->sc_cdev)); ++ err = EINVAL; ++ goto errout; ++ } ++ td->ptr[in_fifo].ptr = dma_map_single(NULL, skb->data, ++ skb->len, DMA_TO_DEVICE); ++ td->ptr[in_fifo].len = skb->len; ++ td->ptr[out_fifo].ptr = dma_map_single(NULL, skb->data, ++ skb->len, DMA_TO_DEVICE); ++ td->ptr[out_fifo].len = skb->len; ++ td->ptr[hmac_data].ptr = dma_map_single(NULL, skb->data, ++ skb->len, DMA_TO_DEVICE); ++ } else if (crp->crp_flags & CRYPTO_F_IOV) { ++ /* using IOV buffers */ ++ struct uio *uiop = (struct uio *)crp->crp_buf; ++ if (uiop->uio_iovcnt > 1) { ++ printk("%s: iov frags unimplemented\n", ++ device_get_nameunit(sc->sc_cdev)); ++ err = EINVAL; ++ goto errout; ++ } ++ td->ptr[in_fifo].ptr = dma_map_single(NULL, ++ uiop->uio_iov->iov_base, crp->crp_ilen, DMA_TO_DEVICE); ++ td->ptr[in_fifo].len = crp->crp_ilen; ++ /* crp_olen is never set; always use crp_ilen */ ++ td->ptr[out_fifo].ptr = dma_map_single(NULL, ++ uiop->uio_iov->iov_base, ++ crp->crp_ilen, DMA_TO_DEVICE); ++ td->ptr[out_fifo].len = crp->crp_ilen; ++ } else { ++ /* using contig buffers */ ++ td->ptr[in_fifo].ptr = dma_map_single(NULL, ++ crp->crp_buf, crp->crp_ilen, DMA_TO_DEVICE); ++ td->ptr[in_fifo].len = crp->crp_ilen; ++ td->ptr[out_fifo].ptr = dma_map_single(NULL, ++ crp->crp_buf, crp->crp_ilen, DMA_TO_DEVICE); ++ td->ptr[out_fifo].len = crp->crp_ilen; ++ } ++ if (enccrd) { ++ switch (enccrd->crd_alg) { ++ case CRYPTO_3DES_CBC: ++ td->hdr |= TALITOS_MODE0_DEU_3DES; ++ /* FALLTHROUGH */ ++ case CRYPTO_DES_CBC: ++ td->hdr |= TALITOS_SEL0_DEU ++ | TALITOS_MODE0_DEU_CBC; ++ if (enccrd->crd_flags & CRD_F_ENCRYPT) ++ td->hdr |= TALITOS_MODE0_DEU_ENC; ++ ivsize = 2*sizeof(u_int32_t); ++ DPRINTF("%cDES ses %d ch %d len %d\n", ++ (td->hdr & TALITOS_MODE0_DEU_3DES)?'3':'1', ++ (u32)TALITOS_SESSION(crp->crp_sid), ++ chsel, td->ptr[in_fifo].len); ++ break; ++ case CRYPTO_AES_CBC: ++ td->hdr |= TALITOS_SEL0_AESU ++ | TALITOS_MODE0_AESU_CBC; ++ if (enccrd->crd_flags & CRD_F_ENCRYPT) ++ td->hdr |= TALITOS_MODE0_AESU_ENC; ++ ivsize = 4*sizeof(u_int32_t); ++ DPRINTF("AES ses %d ch %d len %d\n", ++ (u32)TALITOS_SESSION(crp->crp_sid), ++ chsel, td->ptr[in_fifo].len); ++ break; ++ default: ++ printk("%s: unimplemented enccrd->crd_alg %d\n", ++ device_get_nameunit(sc->sc_cdev), enccrd->crd_alg); ++ err = EINVAL; ++ goto errout; ++ } ++ /* ++ * Setup encrypt/decrypt state. When using basic ops ++ * we can't use an inline IV because hash/crypt offset ++ * must be from the end of the IV to the start of the ++ * crypt data and this leaves out the preceding header ++ * from the hash calculation. Instead we place the IV ++ * in the state record and set the hash/crypt offset to ++ * copy both the header+IV. ++ */ ++ if (enccrd->crd_flags & CRD_F_ENCRYPT) { ++ td->hdr |= TALITOS_DIR_OUTBOUND; ++ if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) ++ iv = enccrd->crd_iv; ++ else ++ iv = (caddr_t) ses->ses_iv; ++ if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) { ++ crypto_copyback(crp->crp_flags, crp->crp_buf, ++ enccrd->crd_inject, ivsize, iv); ++ } ++ } else { ++ td->hdr |= TALITOS_DIR_INBOUND; ++ if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) { ++ iv = enccrd->crd_iv; ++ bcopy(enccrd->crd_iv, iv, ivsize); ++ } else { ++ iv = (caddr_t) ses->ses_iv; ++ crypto_copydata(crp->crp_flags, crp->crp_buf, ++ enccrd->crd_inject, ivsize, iv); ++ } ++ } ++ td->ptr[cipher_iv].ptr = dma_map_single(NULL, iv, ivsize, ++ DMA_TO_DEVICE); ++ td->ptr[cipher_iv].len = ivsize; ++ /* ++ * we don't need the cipher iv out length/pointer ++ * field to do ESP IPsec. Therefore we set the len field as 0, ++ * which tells the SEC not to do anything with this len/ptr ++ * field. Previously, when length/pointer as pointing to iv, ++ * it gave us corruption of packets. ++ */ ++ td->ptr[cipher_iv_out].len = 0; ++ } ++ if (enccrd && maccrd) { ++ /* this is ipsec only for now */ ++ td->hdr |= TALITOS_SEL1_MDEU ++ | TALITOS_MODE1_MDEU_INIT ++ | TALITOS_MODE1_MDEU_PAD; ++ switch (maccrd->crd_alg) { ++ case CRYPTO_MD5: ++ td->hdr |= TALITOS_MODE1_MDEU_MD5; ++ break; ++ case CRYPTO_MD5_HMAC: ++ td->hdr |= TALITOS_MODE1_MDEU_MD5_HMAC; ++ break; ++ case CRYPTO_SHA1: ++ td->hdr |= TALITOS_MODE1_MDEU_SHA1; ++ break; ++ case CRYPTO_SHA1_HMAC: ++ td->hdr |= TALITOS_MODE1_MDEU_SHA1_HMAC; ++ break; ++ default: ++ /* We cannot order the SEC as requested */ ++ printk("%s: cannot do the order\n", ++ device_get_nameunit(sc->sc_cdev)); ++ err = EINVAL; ++ goto errout; ++ } ++ if ((maccrd->crd_alg == CRYPTO_MD5_HMAC) || ++ (maccrd->crd_alg == CRYPTO_SHA1_HMAC)) { ++ /* ++ * The offset from hash data to the start of ++ * crypt data is the difference in the skips. ++ */ ++ /* ipsec only for now */ ++ td->ptr[hmac_key].ptr = dma_map_single(NULL, ++ ses->ses_hmac, ses->ses_hmac_len, DMA_TO_DEVICE); ++ td->ptr[hmac_key].len = ses->ses_hmac_len; ++ td->ptr[in_fifo].ptr += enccrd->crd_skip; ++ td->ptr[in_fifo].len = enccrd->crd_len; ++ td->ptr[out_fifo].ptr += enccrd->crd_skip; ++ td->ptr[out_fifo].len = enccrd->crd_len; ++ /* bytes of HMAC to postpend to ciphertext */ ++ td->ptr[out_fifo].extent = ses->ses_mlen; ++ td->ptr[hmac_data].ptr += maccrd->crd_skip; ++ td->ptr[hmac_data].len = enccrd->crd_skip - maccrd->crd_skip; ++ } ++ if (enccrd->crd_flags & CRD_F_KEY_EXPLICIT) { ++ printk("%s: CRD_F_KEY_EXPLICIT unimplemented\n", ++ device_get_nameunit(sc->sc_cdev)); ++ } ++ } ++ if (!enccrd && maccrd) { ++ /* single MD5 or SHA */ ++ td->hdr |= TALITOS_SEL0_MDEU ++ | TALITOS_MODE0_MDEU_INIT ++ | TALITOS_MODE0_MDEU_PAD; ++ switch (maccrd->crd_alg) { ++ case CRYPTO_MD5: ++ td->hdr |= TALITOS_MODE0_MDEU_MD5; ++ DPRINTF("MD5 ses %d ch %d len %d\n", ++ (u32)TALITOS_SESSION(crp->crp_sid), ++ chsel, td->ptr[in_fifo].len); ++ break; ++ case CRYPTO_MD5_HMAC: ++ td->hdr |= TALITOS_MODE0_MDEU_MD5_HMAC; ++ break; ++ case CRYPTO_SHA1: ++ td->hdr |= TALITOS_MODE0_MDEU_SHA1; ++ DPRINTF("SHA1 ses %d ch %d len %d\n", ++ (u32)TALITOS_SESSION(crp->crp_sid), ++ chsel, td->ptr[in_fifo].len); ++ break; ++ case CRYPTO_SHA1_HMAC: ++ td->hdr |= TALITOS_MODE0_MDEU_SHA1_HMAC; ++ break; ++ default: ++ /* We cannot order the SEC as requested */ ++ DPRINTF("cannot do the order\n"); ++ err = EINVAL; ++ goto errout; ++ } ++ ++ if (crp->crp_flags & CRYPTO_F_IOV) ++ td->ptr[out_fifo].ptr += maccrd->crd_inject; ++ ++ if ((maccrd->crd_alg == CRYPTO_MD5_HMAC) || ++ (maccrd->crd_alg == CRYPTO_SHA1_HMAC)) { ++ td->ptr[hmac_key].ptr = dma_map_single(NULL, ++ ses->ses_hmac, ses->ses_hmac_len, ++ DMA_TO_DEVICE); ++ td->ptr[hmac_key].len = ses->ses_hmac_len; ++ } ++ } ++ else { ++ /* using process key (session data has duplicate) */ ++ td->ptr[cipher_key].ptr = dma_map_single(NULL, ++ enccrd->crd_key, (enccrd->crd_klen + 7) / 8, ++ DMA_TO_DEVICE); ++ td->ptr[cipher_key].len = (enccrd->crd_klen + 7) / 8; ++ } ++ /* descriptor complete - GO! */ ++ return talitos_submit(sc, td, chsel); ++ ++errout: ++ if (err != ERESTART) { ++ crp->crp_etype = err; ++ crypto_done(crp); ++ } ++ return err; ++} ++ ++/* go through all channels descriptors, notifying OCF what has ++ * _and_hasn't_ successfully completed and reset the device ++ * (otherwise it's up to decoding desc hdrs!) ++ */ ++static void talitos_errorprocessing(struct talitos_softc *sc) ++{ ++ unsigned long flags; ++ int i, j; ++ ++ /* disable further scheduling until under control */ ++ spin_lock_irqsave(&sc->sc_chnfifolock[sc->sc_num_channels], flags); ++ ++ if (debug) dump_talitos_status(sc); ++ /* go through descriptors, try and salvage those successfully done, ++ * and EIO those that weren't ++ */ ++ for (i = 0; i < sc->sc_num_channels; i++) { ++ spin_lock_irqsave(&sc->sc_chnfifolock[i], flags); ++ for (j = 0; j < sc->sc_chfifo_len; j++) { ++ if (sc->sc_chnfifo[i][j].cf_desc.hdr) { ++ if ((sc->sc_chnfifo[i][j].cf_desc.hdr ++ & TALITOS_HDR_DONE_BITS) ++ != TALITOS_HDR_DONE_BITS) { ++ /* this one didn't finish */ ++ /* signify in crp->etype */ ++ sc->sc_chnfifo[i][j].cf_crp->crp_etype ++ = EIO; ++ } ++ } else ++ continue; /* free entry */ ++ /* either way, notify ocf */ ++ crypto_done(sc->sc_chnfifo[i][j].cf_crp); ++ /* and tag it available again ++ * ++ * memset to ensure correct descriptor formation by ++ * avoiding inadvertently setting "optional" entries ++ * e.g. not using "optional" dptr2 MD/HMAC processing ++ */ ++ memset(&sc->sc_chnfifo[i][j].cf_desc, ++ 0, sizeof(struct talitos_desc)); ++ } ++ spin_unlock_irqrestore(&sc->sc_chnfifolock[i], flags); ++ } ++ /* reset and initialize the SEC h/w device */ ++ talitos_reset_device(sc); ++ talitos_init_device(sc); ++#ifdef CONFIG_OCF_RANDOMHARVEST ++ if (sc->sc_exec_units & TALITOS_HAS_EU_RNG) ++ talitos_rng_init(sc); ++#endif ++ ++ /* Okay. Stand by. */ ++ spin_unlock_irqrestore(&sc->sc_chnfifolock[sc->sc_num_channels], flags); ++ ++ return; ++} ++ ++/* go through all channels descriptors, notifying OCF what's been done */ ++static void talitos_doneprocessing(struct talitos_softc *sc) ++{ ++ unsigned long flags; ++ int i, j; ++ ++ /* go through descriptors looking for done bits */ ++ for (i = 0; i < sc->sc_num_channels; i++) { ++ spin_lock_irqsave(&sc->sc_chnfifolock[i], flags); ++ for (j = 0; j < sc->sc_chfifo_len; j++) { ++ /* descriptor has done bits set? */ ++ if ((sc->sc_chnfifo[i][j].cf_desc.hdr ++ & TALITOS_HDR_DONE_BITS) ++ == TALITOS_HDR_DONE_BITS) { ++ /* notify ocf */ ++ crypto_done(sc->sc_chnfifo[i][j].cf_crp); ++ /* and tag it available again ++ * ++ * memset to ensure correct descriptor formation by ++ * avoiding inadvertently setting "optional" entries ++ * e.g. not using "optional" dptr2 MD/HMAC processing ++ */ ++ memset(&sc->sc_chnfifo[i][j].cf_desc, ++ 0, sizeof(struct talitos_desc)); ++ } ++ } ++ spin_unlock_irqrestore(&sc->sc_chnfifolock[i], flags); ++ } ++ return; ++} ++ ++static irqreturn_t ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) ++talitos_intr(int irq, void *arg) ++#else ++talitos_intr(int irq, void *arg, struct pt_regs *regs) ++#endif ++{ ++ struct talitos_softc *sc = arg; ++ u_int32_t v, v_hi; ++ ++ /* ack */ ++ v = talitos_read(sc->sc_base_addr + TALITOS_ISR); ++ v_hi = talitos_read(sc->sc_base_addr + TALITOS_ISR_HI); ++ talitos_write(sc->sc_base_addr + TALITOS_ICR, v); ++ talitos_write(sc->sc_base_addr + TALITOS_ICR_HI, v_hi); ++ ++ if (unlikely(v & TALITOS_ISR_ERROR)) { ++ /* Okay, Houston, we've had a problem here. */ ++ printk(KERN_DEBUG "%s: got error interrupt - ISR 0x%08x_%08x\n", ++ device_get_nameunit(sc->sc_cdev), v, v_hi); ++ talitos_errorprocessing(sc); ++ } else ++ if (likely(v & TALITOS_ISR_DONE)) { ++ talitos_doneprocessing(sc); ++ } ++ return IRQ_HANDLED; ++} ++ ++/* ++ * Initialize registers we need to touch only once. ++ */ ++static void ++talitos_init_device(struct talitos_softc *sc) ++{ ++ u_int32_t v; ++ int i; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ /* init all channels */ ++ for (i = 0; i < sc->sc_num_channels; i++) { ++ v = talitos_read(sc->sc_base_addr + ++ i*TALITOS_CH_OFFSET + TALITOS_CH_CCCR_HI); ++ v |= TALITOS_CH_CCCR_HI_CDWE ++ | TALITOS_CH_CCCR_HI_CDIE; /* invoke interrupt if done */ ++ talitos_write(sc->sc_base_addr + ++ i*TALITOS_CH_OFFSET + TALITOS_CH_CCCR_HI, v); ++ } ++ /* enable all interrupts */ ++ v = talitos_read(sc->sc_base_addr + TALITOS_IMR); ++ v |= TALITOS_IMR_ALL; ++ talitos_write(sc->sc_base_addr + TALITOS_IMR, v); ++ v = talitos_read(sc->sc_base_addr + TALITOS_IMR_HI); ++ v |= TALITOS_IMR_HI_ERRONLY; ++ talitos_write(sc->sc_base_addr + TALITOS_IMR_HI, v); ++ return; ++} ++ ++/* ++ * set the master reset bit on the device. ++ */ ++static void ++talitos_reset_device_master(struct talitos_softc *sc) ++{ ++ u_int32_t v; ++ ++ /* Reset the device by writing 1 to MCR:SWR and waiting 'til cleared */ ++ v = talitos_read(sc->sc_base_addr + TALITOS_MCR); ++ talitos_write(sc->sc_base_addr + TALITOS_MCR, v | TALITOS_MCR_SWR); ++ ++ while (talitos_read(sc->sc_base_addr + TALITOS_MCR) & TALITOS_MCR_SWR) ++ cpu_relax(); ++ ++ return; ++} ++ ++/* ++ * Resets the device. Values in the registers are left as is ++ * from the reset (i.e. initial values are assigned elsewhere). ++ */ ++static void ++talitos_reset_device(struct talitos_softc *sc) ++{ ++ u_int32_t v; ++ int i; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ /* ++ * Master reset ++ * errata documentation: warning: certain SEC interrupts ++ * are not fully cleared by writing the MCR:SWR bit, ++ * set bit twice to completely reset ++ */ ++ talitos_reset_device_master(sc); /* once */ ++ talitos_reset_device_master(sc); /* and once again */ ++ ++ /* reset all channels */ ++ for (i = 0; i < sc->sc_num_channels; i++) { ++ v = talitos_read(sc->sc_base_addr + i*TALITOS_CH_OFFSET + ++ TALITOS_CH_CCCR); ++ talitos_write(sc->sc_base_addr + i*TALITOS_CH_OFFSET + ++ TALITOS_CH_CCCR, v | TALITOS_CH_CCCR_RESET); ++ } ++} ++ ++/* Set up the crypto device structure, private data, ++ * and anything else we need before we start */ ++#ifdef CONFIG_PPC_MERGE ++static int talitos_probe(struct of_device *ofdev, const struct of_device_id *match) ++#else ++static int talitos_probe(struct platform_device *pdev) ++#endif ++{ ++ struct talitos_softc *sc = NULL; ++ struct resource *r; ++#ifdef CONFIG_PPC_MERGE ++ struct device *device = &ofdev->dev; ++ struct device_node *np = ofdev->node; ++ const unsigned int *prop; ++ int err; ++ struct resource res; ++#endif ++ static int num_chips = 0; ++ int rc; ++ int i; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ sc = (struct talitos_softc *) kmalloc(sizeof(*sc), GFP_KERNEL); ++ if (!sc) ++ return -ENOMEM; ++ memset(sc, 0, sizeof(*sc)); ++ ++ softc_device_init(sc, DRV_NAME, num_chips, talitos_methods); ++ ++ sc->sc_irq = -1; ++ sc->sc_cid = -1; ++#ifndef CONFIG_PPC_MERGE ++ sc->sc_dev = pdev; ++#endif ++ sc->sc_num = num_chips++; ++ ++#ifdef CONFIG_PPC_MERGE ++ dev_set_drvdata(device, sc); ++#else ++ platform_set_drvdata(sc->sc_dev, sc); ++#endif ++ ++ /* get the irq line */ ++#ifdef CONFIG_PPC_MERGE ++ err = of_address_to_resource(np, 0, &res); ++ if (err) ++ return -EINVAL; ++ r = &res; ++ ++ sc->sc_irq = irq_of_parse_and_map(np, 0); ++#else ++ /* get a pointer to the register memory */ ++ r = platform_get_resource(pdev, IORESOURCE_MEM, 0); ++ ++ sc->sc_irq = platform_get_irq(pdev, 0); ++#endif ++ rc = request_irq(sc->sc_irq, talitos_intr, 0, ++ device_get_nameunit(sc->sc_cdev), sc); ++ if (rc) { ++ printk(KERN_ERR "%s: failed to hook irq %d\n", ++ device_get_nameunit(sc->sc_cdev), sc->sc_irq); ++ sc->sc_irq = -1; ++ goto out; ++ } ++ ++ sc->sc_base_addr = (ocf_iomem_t) ioremap(r->start, (r->end - r->start)); ++ if (!sc->sc_base_addr) { ++ printk(KERN_ERR "%s: failed to ioremap\n", ++ device_get_nameunit(sc->sc_cdev)); ++ goto out; ++ } ++ ++ /* figure out our SEC's properties and capabilities */ ++ sc->sc_chiprev = (u64)talitos_read(sc->sc_base_addr + TALITOS_ID) << 32 ++ | talitos_read(sc->sc_base_addr + TALITOS_ID_HI); ++ DPRINTF("sec id 0x%llx\n", sc->sc_chiprev); ++ ++#ifdef CONFIG_PPC_MERGE ++ /* get SEC properties from device tree, defaulting to SEC 2.0 */ ++ ++ prop = of_get_property(np, "num-channels", NULL); ++ sc->sc_num_channels = prop ? *prop : TALITOS_NCHANNELS_SEC_2_0; ++ ++ prop = of_get_property(np, "channel-fifo-len", NULL); ++ sc->sc_chfifo_len = prop ? *prop : TALITOS_CHFIFOLEN_SEC_2_0; ++ ++ prop = of_get_property(np, "exec-units-mask", NULL); ++ sc->sc_exec_units = prop ? *prop : TALITOS_HAS_EUS_SEC_2_0; ++ ++ prop = of_get_property(np, "descriptor-types-mask", NULL); ++ sc->sc_desc_types = prop ? *prop : TALITOS_HAS_DESCTYPES_SEC_2_0; ++#else ++ /* bulk should go away with openfirmware flat device tree support */ ++ if (sc->sc_chiprev & TALITOS_ID_SEC_2_0) { ++ sc->sc_num_channels = TALITOS_NCHANNELS_SEC_2_0; ++ sc->sc_chfifo_len = TALITOS_CHFIFOLEN_SEC_2_0; ++ sc->sc_exec_units = TALITOS_HAS_EUS_SEC_2_0; ++ sc->sc_desc_types = TALITOS_HAS_DESCTYPES_SEC_2_0; ++ } else { ++ printk(KERN_ERR "%s: failed to id device\n", ++ device_get_nameunit(sc->sc_cdev)); ++ goto out; ++ } ++#endif ++ ++ /* + 1 is for the meta-channel lock used by the channel scheduler */ ++ sc->sc_chnfifolock = (spinlock_t *) kmalloc( ++ (sc->sc_num_channels + 1) * sizeof(spinlock_t), GFP_KERNEL); ++ if (!sc->sc_chnfifolock) ++ goto out; ++ for (i = 0; i < sc->sc_num_channels + 1; i++) { ++ spin_lock_init(&sc->sc_chnfifolock[i]); ++ } ++ ++ sc->sc_chnlastalg = (int *) kmalloc( ++ sc->sc_num_channels * sizeof(int), GFP_KERNEL); ++ if (!sc->sc_chnlastalg) ++ goto out; ++ memset(sc->sc_chnlastalg, 0, sc->sc_num_channels * sizeof(int)); ++ ++ sc->sc_chnfifo = (struct desc_cryptop_pair **) kmalloc( ++ sc->sc_num_channels * sizeof(struct desc_cryptop_pair *), ++ GFP_KERNEL); ++ if (!sc->sc_chnfifo) ++ goto out; ++ for (i = 0; i < sc->sc_num_channels; i++) { ++ sc->sc_chnfifo[i] = (struct desc_cryptop_pair *) kmalloc( ++ sc->sc_chfifo_len * sizeof(struct desc_cryptop_pair), ++ GFP_KERNEL); ++ if (!sc->sc_chnfifo[i]) ++ goto out; ++ memset(sc->sc_chnfifo[i], 0, ++ sc->sc_chfifo_len * sizeof(struct desc_cryptop_pair)); ++ } ++ ++ /* reset and initialize the SEC h/w device */ ++ talitos_reset_device(sc); ++ talitos_init_device(sc); ++ ++ sc->sc_cid = crypto_get_driverid(softc_get_device(sc),CRYPTOCAP_F_HARDWARE); ++ if (sc->sc_cid < 0) { ++ printk(KERN_ERR "%s: could not get crypto driver id\n", ++ device_get_nameunit(sc->sc_cdev)); ++ goto out; ++ } ++ ++ /* register algorithms with the framework */ ++ printk("%s:", device_get_nameunit(sc->sc_cdev)); ++ ++ if (sc->sc_exec_units & TALITOS_HAS_EU_RNG) { ++ printk(" rng"); ++#ifdef CONFIG_OCF_RANDOMHARVEST ++ talitos_rng_init(sc); ++ crypto_rregister(sc->sc_cid, talitos_read_random, sc); ++#endif ++ } ++ if (sc->sc_exec_units & TALITOS_HAS_EU_DEU) { ++ printk(" des/3des"); ++ crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0); ++ crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0); ++ } ++ if (sc->sc_exec_units & TALITOS_HAS_EU_AESU) { ++ printk(" aes"); ++ crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0); ++ } ++ if (sc->sc_exec_units & TALITOS_HAS_EU_MDEU) { ++ printk(" md5"); ++ crypto_register(sc->sc_cid, CRYPTO_MD5, 0, 0); ++ /* HMAC support only with IPsec for now */ ++ crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0); ++ printk(" sha1"); ++ crypto_register(sc->sc_cid, CRYPTO_SHA1, 0, 0); ++ /* HMAC support only with IPsec for now */ ++ crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0); ++ } ++ printk("\n"); ++ return 0; ++ ++out: ++#ifndef CONFIG_PPC_MERGE ++ talitos_remove(pdev); ++#endif ++ return -ENOMEM; ++} ++ ++#ifdef CONFIG_PPC_MERGE ++static int talitos_remove(struct of_device *ofdev) ++#else ++static int talitos_remove(struct platform_device *pdev) ++#endif ++{ ++#ifdef CONFIG_PPC_MERGE ++ struct talitos_softc *sc = dev_get_drvdata(&ofdev->dev); ++#else ++ struct talitos_softc *sc = platform_get_drvdata(pdev); ++#endif ++ int i; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ if (sc->sc_cid >= 0) ++ crypto_unregister_all(sc->sc_cid); ++ if (sc->sc_chnfifo) { ++ for (i = 0; i < sc->sc_num_channels; i++) ++ if (sc->sc_chnfifo[i]) ++ kfree(sc->sc_chnfifo[i]); ++ kfree(sc->sc_chnfifo); ++ } ++ if (sc->sc_chnlastalg) ++ kfree(sc->sc_chnlastalg); ++ if (sc->sc_chnfifolock) ++ kfree(sc->sc_chnfifolock); ++ if (sc->sc_irq != -1) ++ free_irq(sc->sc_irq, sc); ++ if (sc->sc_base_addr) ++ iounmap((void *) sc->sc_base_addr); ++ kfree(sc); ++ return 0; ++} ++ ++#ifdef CONFIG_PPC_MERGE ++static struct of_device_id talitos_match[] = { ++ { ++ .type = "crypto", ++ .compatible = "talitos", ++ }, ++ {}, ++}; ++ ++MODULE_DEVICE_TABLE(of, talitos_match); ++ ++static struct of_platform_driver talitos_driver = { ++ .name = DRV_NAME, ++ .match_table = talitos_match, ++ .probe = talitos_probe, ++ .remove = talitos_remove, ++}; ++ ++static int __init talitos_init(void) ++{ ++ return of_register_platform_driver(&talitos_driver); ++} ++ ++static void __exit talitos_exit(void) ++{ ++ of_unregister_platform_driver(&talitos_driver); ++} ++#else ++/* Structure for a platform device driver */ ++static struct platform_driver talitos_driver = { ++ .probe = talitos_probe, ++ .remove = talitos_remove, ++ .driver = { ++ .name = "fsl-sec2", ++ } ++}; ++ ++static int __init talitos_init(void) ++{ ++ return platform_driver_register(&talitos_driver); ++} ++ ++static void __exit talitos_exit(void) ++{ ++ platform_driver_unregister(&talitos_driver); ++} ++#endif ++ ++module_init(talitos_init); ++module_exit(talitos_exit); ++ ++MODULE_LICENSE("Dual BSD/GPL"); ++MODULE_AUTHOR("kim.phillips@freescale.com"); ++MODULE_DESCRIPTION("OCF driver for Freescale SEC (talitos)"); +--- /dev/null ++++ b/crypto/ocf/talitos/talitos_soft.h +@@ -0,0 +1,77 @@ ++/* ++ * Freescale SEC data structures for integration with ocf-linux ++ * ++ * Copyright (c) 2006 Freescale Semiconductor, Inc. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote products ++ * derived from this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++/* ++ * paired descriptor and associated crypto operation ++ */ ++struct desc_cryptop_pair { ++ struct talitos_desc cf_desc; /* descriptor ptr */ ++ struct cryptop *cf_crp; /* cryptop ptr */ ++}; ++ ++/* ++ * Holds data specific to a single talitos device. ++ */ ++struct talitos_softc { ++ softc_device_decl sc_cdev; ++ struct platform_device *sc_dev; /* device backpointer */ ++ ocf_iomem_t sc_base_addr; ++ int sc_irq; ++ int sc_num; /* if we have multiple chips */ ++ int32_t sc_cid; /* crypto tag */ ++ u64 sc_chiprev; /* major/minor chip revision */ ++ int sc_nsessions; ++ struct talitos_session *sc_sessions; ++ int sc_num_channels;/* number of crypto channels */ ++ int sc_chfifo_len; /* channel fetch fifo len */ ++ int sc_exec_units; /* execution units mask */ ++ int sc_desc_types; /* descriptor types mask */ ++ /* ++ * mutual exclusion for intra-channel resources, e.g. fetch fifos ++ * the last entry is a meta-channel lock used by the channel scheduler ++ */ ++ spinlock_t *sc_chnfifolock; ++ /* sc_chnlastalgo contains last algorithm for that channel */ ++ int *sc_chnlastalg; ++ /* sc_chnfifo holds pending descriptor--crypto operation pairs */ ++ struct desc_cryptop_pair **sc_chnfifo; ++}; ++ ++struct talitos_session { ++ u_int32_t ses_used; ++ u_int32_t ses_klen; /* key length in bits */ ++ u_int32_t ses_key[8]; /* DES/3DES/AES key */ ++ u_int32_t ses_hmac[5]; /* hmac inner state */ ++ u_int32_t ses_hmac_len; /* hmac length */ ++ u_int32_t ses_iv[4]; /* DES/3DES/AES iv */ ++ u_int32_t ses_mlen; /* desired hash result len (12=ipsec or 16) */ ++}; ++ ++#define TALITOS_SESSION(sid) ((sid) & 0x0fffffff) ++#define TALITOS_SID(crd, sesn) (((crd) << 28) | ((sesn) & 0x0fffffff)) +--- /dev/null ++++ b/crypto/ocf/talitos/talitos_dev.h +@@ -0,0 +1,277 @@ ++/* ++ * Freescale SEC (talitos) device dependent data structures ++ * ++ * Copyright (c) 2006 Freescale Semiconductor, Inc. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote products ++ * derived from this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++/* device ID register values */ ++#define TALITOS_ID_SEC_2_0 0x40 ++#define TALITOS_ID_SEC_2_1 0x40 /* cross ref with IP block revision reg */ ++ ++/* ++ * following num_channels, channel-fifo-depth, exec-unit-mask, and ++ * descriptor-types-mask are for forward-compatibility with openfirmware ++ * flat device trees ++ */ ++ ++/* ++ * num_channels : the number of channels available in each SEC version. ++ */ ++ ++/* n.b. this driver requires these values be a power of 2 */ ++#define TALITOS_NCHANNELS_SEC_1_0 4 ++#define TALITOS_NCHANNELS_SEC_1_2 1 ++#define TALITOS_NCHANNELS_SEC_2_0 4 ++#define TALITOS_NCHANNELS_SEC_2_01 4 ++#define TALITOS_NCHANNELS_SEC_2_1 4 ++#define TALITOS_NCHANNELS_SEC_2_4 4 ++ ++/* ++ * channel-fifo-depth : The number of descriptor ++ * pointers a channel fetch fifo can hold. ++ */ ++#define TALITOS_CHFIFOLEN_SEC_1_0 1 ++#define TALITOS_CHFIFOLEN_SEC_1_2 1 ++#define TALITOS_CHFIFOLEN_SEC_2_0 24 ++#define TALITOS_CHFIFOLEN_SEC_2_01 24 ++#define TALITOS_CHFIFOLEN_SEC_2_1 24 ++#define TALITOS_CHFIFOLEN_SEC_2_4 24 ++ ++/* ++ * exec-unit-mask : The bitmask representing what Execution Units (EUs) ++ * are available. EU information should be encoded following the SEC's ++ * EU_SEL0 bitfield documentation, i.e. as follows: ++ * ++ * bit 31 = set if SEC permits no-EU selection (should be always set) ++ * bit 30 = set if SEC has the ARC4 EU (AFEU) ++ * bit 29 = set if SEC has the des/3des EU (DEU) ++ * bit 28 = set if SEC has the message digest EU (MDEU) ++ * bit 27 = set if SEC has the random number generator EU (RNG) ++ * bit 26 = set if SEC has the public key EU (PKEU) ++ * bit 25 = set if SEC has the aes EU (AESU) ++ * bit 24 = set if SEC has the Kasumi EU (KEU) ++ * ++ */ ++#define TALITOS_HAS_EU_NONE (1<<0) ++#define TALITOS_HAS_EU_AFEU (1<<1) ++#define TALITOS_HAS_EU_DEU (1<<2) ++#define TALITOS_HAS_EU_MDEU (1<<3) ++#define TALITOS_HAS_EU_RNG (1<<4) ++#define TALITOS_HAS_EU_PKEU (1<<5) ++#define TALITOS_HAS_EU_AESU (1<<6) ++#define TALITOS_HAS_EU_KEU (1<<7) ++ ++/* the corresponding masks for each SEC version */ ++#define TALITOS_HAS_EUS_SEC_1_0 0x7f ++#define TALITOS_HAS_EUS_SEC_1_2 0x4d ++#define TALITOS_HAS_EUS_SEC_2_0 0x7f ++#define TALITOS_HAS_EUS_SEC_2_01 0x7f ++#define TALITOS_HAS_EUS_SEC_2_1 0xff ++#define TALITOS_HAS_EUS_SEC_2_4 0x7f ++ ++/* ++ * descriptor-types-mask : The bitmask representing what descriptors ++ * are available. Descriptor type information should be encoded ++ * following the SEC's Descriptor Header Dword DESC_TYPE field ++ * documentation, i.e. as follows: ++ * ++ * bit 0 = set if SEC supports the aesu_ctr_nonsnoop desc. type ++ * bit 1 = set if SEC supports the ipsec_esp descriptor type ++ * bit 2 = set if SEC supports the common_nonsnoop desc. type ++ * bit 3 = set if SEC supports the 802.11i AES ccmp desc. type ++ * bit 4 = set if SEC supports the hmac_snoop_no_afeu desc. type ++ * bit 5 = set if SEC supports the srtp descriptor type ++ * bit 6 = set if SEC supports the non_hmac_snoop_no_afeu desc.type ++ * bit 7 = set if SEC supports the pkeu_assemble descriptor type ++ * bit 8 = set if SEC supports the aesu_key_expand_output desc.type ++ * bit 9 = set if SEC supports the pkeu_ptmul descriptor type ++ * bit 10 = set if SEC supports the common_nonsnoop_afeu desc. type ++ * bit 11 = set if SEC supports the pkeu_ptadd_dbl descriptor type ++ * ++ * ..and so on and so forth. ++ */ ++#define TALITOS_HAS_DT_AESU_CTR_NONSNOOP (1<<0) ++#define TALITOS_HAS_DT_IPSEC_ESP (1<<1) ++#define TALITOS_HAS_DT_COMMON_NONSNOOP (1<<2) ++ ++/* the corresponding masks for each SEC version */ ++#define TALITOS_HAS_DESCTYPES_SEC_2_0 0x01010ebf ++#define TALITOS_HAS_DESCTYPES_SEC_2_1 0x012b0ebf ++ ++/* ++ * a TALITOS_xxx_HI address points to the low data bits (32-63) of the register ++ */ ++ ++/* global register offset addresses */ ++#define TALITOS_ID 0x1020 ++#define TALITOS_ID_HI 0x1024 ++#define TALITOS_MCR 0x1030 /* master control register */ ++#define TALITOS_MCR_HI 0x1038 /* master control register */ ++#define TALITOS_MCR_SWR 0x1 ++#define TALITOS_IMR 0x1008 /* interrupt mask register */ ++#define TALITOS_IMR_ALL 0x00010fff /* enable all interrupts mask */ ++#define TALITOS_IMR_ERRONLY 0x00010aaa /* enable error interrupts */ ++#define TALITOS_IMR_HI 0x100C /* interrupt mask register */ ++#define TALITOS_IMR_HI_ALL 0x00323333 /* enable all interrupts mask */ ++#define TALITOS_IMR_HI_ERRONLY 0x00222222 /* enable error interrupts */ ++#define TALITOS_ISR 0x1010 /* interrupt status register */ ++#define TALITOS_ISR_ERROR 0x00010faa /* errors mask */ ++#define TALITOS_ISR_DONE 0x00000055 /* channel(s) done mask */ ++#define TALITOS_ISR_HI 0x1014 /* interrupt status register */ ++#define TALITOS_ICR 0x1018 /* interrupt clear register */ ++#define TALITOS_ICR_HI 0x101C /* interrupt clear register */ ++ ++/* channel register address stride */ ++#define TALITOS_CH_OFFSET 0x100 ++ ++/* channel register offset addresses and bits */ ++#define TALITOS_CH_CCCR 0x1108 /* Crypto-Channel Config Register */ ++#define TALITOS_CH_CCCR_RESET 0x1 /* Channel Reset bit */ ++#define TALITOS_CH_CCCR_HI 0x110c /* Crypto-Channel Config Register */ ++#define TALITOS_CH_CCCR_HI_CDWE 0x10 /* Channel done writeback enable bit */ ++#define TALITOS_CH_CCCR_HI_NT 0x4 /* Notification type bit */ ++#define TALITOS_CH_CCCR_HI_CDIE 0x2 /* Channel Done Interrupt Enable bit */ ++#define TALITOS_CH_CCPSR 0x1110 /* Crypto-Channel Pointer Status Reg */ ++#define TALITOS_CH_CCPSR_HI 0x1114 /* Crypto-Channel Pointer Status Reg */ ++#define TALITOS_CH_FF 0x1148 /* Fetch FIFO */ ++#define TALITOS_CH_FF_HI 0x114c /* Fetch FIFO's FETCH_ADRS */ ++#define TALITOS_CH_CDPR 0x1140 /* Crypto-Channel Pointer Status Reg */ ++#define TALITOS_CH_CDPR_HI 0x1144 /* Crypto-Channel Pointer Status Reg */ ++#define TALITOS_CH_DESCBUF 0x1180 /* (thru 11bf) Crypto-Channel ++ * Descriptor Buffer (debug) */ ++ ++/* execution unit register offset addresses and bits */ ++#define TALITOS_DEUSR 0x2028 /* DEU status register */ ++#define TALITOS_DEUSR_HI 0x202c /* DEU status register */ ++#define TALITOS_DEUISR 0x2030 /* DEU interrupt status register */ ++#define TALITOS_DEUISR_HI 0x2034 /* DEU interrupt status register */ ++#define TALITOS_DEUICR 0x2038 /* DEU interrupt control register */ ++#define TALITOS_DEUICR_HI 0x203c /* DEU interrupt control register */ ++#define TALITOS_AESUISR 0x4030 /* AESU interrupt status register */ ++#define TALITOS_AESUISR_HI 0x4034 /* AESU interrupt status register */ ++#define TALITOS_AESUICR 0x4038 /* AESU interrupt control register */ ++#define TALITOS_AESUICR_HI 0x403c /* AESU interrupt control register */ ++#define TALITOS_MDEUISR 0x6030 /* MDEU interrupt status register */ ++#define TALITOS_MDEUISR_HI 0x6034 /* MDEU interrupt status register */ ++#define TALITOS_RNGSR 0xa028 /* RNG status register */ ++#define TALITOS_RNGSR_HI 0xa02c /* RNG status register */ ++#define TALITOS_RNGSR_HI_RD 0x1 /* RNG Reset done */ ++#define TALITOS_RNGSR_HI_OFL 0xff0000/* number of dwords in RNG output FIFO*/ ++#define TALITOS_RNGDSR 0xa010 /* RNG data size register */ ++#define TALITOS_RNGDSR_HI 0xa014 /* RNG data size register */ ++#define TALITOS_RNG_FIFO 0xa800 /* RNG FIFO - pool of random numbers */ ++#define TALITOS_RNGISR 0xa030 /* RNG Interrupt status register */ ++#define TALITOS_RNGISR_HI 0xa034 /* RNG Interrupt status register */ ++#define TALITOS_RNGRCR 0xa018 /* RNG Reset control register */ ++#define TALITOS_RNGRCR_HI 0xa01c /* RNG Reset control register */ ++#define TALITOS_RNGRCR_HI_SR 0x1 /* RNG RNGRCR:Software Reset */ ++ ++/* descriptor pointer entry */ ++struct talitos_desc_ptr { ++ u16 len; /* length */ ++ u8 extent; /* jump (to s/g link table) and extent */ ++ u8 res; /* reserved */ ++ u32 ptr; /* pointer */ ++}; ++ ++/* descriptor */ ++struct talitos_desc { ++ u32 hdr; /* header */ ++ u32 res; /* reserved */ ++ struct talitos_desc_ptr ptr[7]; /* ptr/len pair array */ ++}; ++ ++/* talitos descriptor header (hdr) bits */ ++ ++/* primary execution unit select */ ++#define TALITOS_SEL0_AFEU 0x10000000 ++#define TALITOS_SEL0_DEU 0x20000000 ++#define TALITOS_SEL0_MDEU 0x30000000 ++#define TALITOS_SEL0_RNG 0x40000000 ++#define TALITOS_SEL0_PKEU 0x50000000 ++#define TALITOS_SEL0_AESU 0x60000000 ++ ++/* primary execution unit mode (MODE0) and derivatives */ ++#define TALITOS_MODE0_AESU_CBC 0x00200000 ++#define TALITOS_MODE0_AESU_ENC 0x00100000 ++#define TALITOS_MODE0_DEU_CBC 0x00400000 ++#define TALITOS_MODE0_DEU_3DES 0x00200000 ++#define TALITOS_MODE0_DEU_ENC 0x00100000 ++#define TALITOS_MODE0_MDEU_INIT 0x01000000 /* init starting regs */ ++#define TALITOS_MODE0_MDEU_HMAC 0x00800000 ++#define TALITOS_MODE0_MDEU_PAD 0x00400000 /* PD */ ++#define TALITOS_MODE0_MDEU_MD5 0x00200000 ++#define TALITOS_MODE0_MDEU_SHA256 0x00100000 ++#define TALITOS_MODE0_MDEU_SHA1 0x00000000 /* SHA-160 */ ++#define TALITOS_MODE0_MDEU_MD5_HMAC \ ++ (TALITOS_MODE0_MDEU_MD5 | TALITOS_MODE0_MDEU_HMAC) ++#define TALITOS_MODE0_MDEU_SHA256_HMAC \ ++ (TALITOS_MODE0_MDEU_SHA256 | TALITOS_MODE0_MDEU_HMAC) ++#define TALITOS_MODE0_MDEU_SHA1_HMAC \ ++ (TALITOS_MODE0_MDEU_SHA1 | TALITOS_MODE0_MDEU_HMAC) ++ ++/* secondary execution unit select (SEL1) */ ++/* it's MDEU or nothing */ ++#define TALITOS_SEL1_MDEU 0x00030000 ++ ++/* secondary execution unit mode (MODE1) and derivatives */ ++#define TALITOS_MODE1_MDEU_INIT 0x00001000 /* init starting regs */ ++#define TALITOS_MODE1_MDEU_HMAC 0x00000800 ++#define TALITOS_MODE1_MDEU_PAD 0x00000400 /* PD */ ++#define TALITOS_MODE1_MDEU_MD5 0x00000200 ++#define TALITOS_MODE1_MDEU_SHA256 0x00000100 ++#define TALITOS_MODE1_MDEU_SHA1 0x00000000 /* SHA-160 */ ++#define TALITOS_MODE1_MDEU_MD5_HMAC \ ++ (TALITOS_MODE1_MDEU_MD5 | TALITOS_MODE1_MDEU_HMAC) ++#define TALITOS_MODE1_MDEU_SHA256_HMAC \ ++ (TALITOS_MODE1_MDEU_SHA256 | TALITOS_MODE1_MDEU_HMAC) ++#define TALITOS_MODE1_MDEU_SHA1_HMAC \ ++ (TALITOS_MODE1_MDEU_SHA1 | TALITOS_MODE1_MDEU_HMAC) ++ ++/* direction of overall data flow (DIR) */ ++#define TALITOS_DIR_OUTBOUND 0x00000000 ++#define TALITOS_DIR_INBOUND 0x00000002 ++ ++/* done notification (DN) */ ++#define TALITOS_DONE_NOTIFY 0x00000001 ++ ++/* descriptor types */ ++/* odd numbers here are valid on SEC2 and greater only (e.g. ipsec_esp) */ ++#define TD_TYPE_AESU_CTR_NONSNOOP (0 << 3) ++#define TD_TYPE_IPSEC_ESP (1 << 3) ++#define TD_TYPE_COMMON_NONSNOOP_NO_AFEU (2 << 3) ++#define TD_TYPE_HMAC_SNOOP_NO_AFEU (4 << 3) ++ ++#define TALITOS_HDR_DONE_BITS 0xff000000 ++ ++#define DPRINTF(a...) do { \ ++ if (debug) { \ ++ printk("%s: ", sc ? \ ++ device_get_nameunit(sc->sc_cdev) : "talitos"); \ ++ printk(a); \ ++ } \ ++ } while (0) +--- /dev/null ++++ b/crypto/ocf/random.c +@@ -0,0 +1,317 @@ ++/* ++ * A system independant way of adding entropy to the kernels pool ++ * this way the drivers can focus on the real work and we can take ++ * care of pushing it to the appropriate place in the kernel. ++ * ++ * This should be fast and callable from timers/interrupts ++ * ++ * Written by David McCullough <david_mccullough@securecomputing.com> ++ * Copyright (C) 2006-2007 David McCullough ++ * Copyright (C) 2004-2005 Intel Corporation. ++ * ++ * LICENSE TERMS ++ * ++ * The free distribution and use of this software in both source and binary ++ * form is allowed (with or without changes) provided that: ++ * ++ * 1. distributions of this source code include the above copyright ++ * notice, this list of conditions and the following disclaimer; ++ * ++ * 2. distributions in binary form include the above copyright ++ * notice, this list of conditions and the following disclaimer ++ * in the documentation and/or other associated materials; ++ * ++ * 3. the copyright holder's name is not used to endorse products ++ * built using this software without specific written permission. ++ * ++ * ALTERNATIVELY, provided that this notice is retained in full, this product ++ * may be distributed under the terms of the GNU General Public License (GPL), ++ * in which case the provisions of the GPL apply INSTEAD OF those given above. ++ * ++ * DISCLAIMER ++ * ++ * This software is provided 'as is' with no explicit or implied warranties ++ * in respect of its properties, including, but not limited to, correctness ++ * and/or fitness for purpose. ++ */ ++ ++#ifndef AUTOCONF_INCLUDED ++#include <linux/config.h> ++#endif ++#include <linux/module.h> ++#include <linux/init.h> ++#include <linux/list.h> ++#include <linux/slab.h> ++#include <linux/wait.h> ++#include <linux/sched.h> ++#include <linux/spinlock.h> ++#include <linux/version.h> ++#include <linux/unistd.h> ++#include <linux/poll.h> ++#include <linux/random.h> ++#include <cryptodev.h> ++ ++#ifdef CONFIG_OCF_FIPS ++#include "rndtest.h" ++#endif ++ ++#ifndef HAS_RANDOM_INPUT_WAIT ++#error "Please do not enable OCF_RANDOMHARVEST unless you have applied patches" ++#endif ++ ++/* ++ * a hack to access the debug levels from the crypto driver ++ */ ++extern int crypto_debug; ++#define debug crypto_debug ++ ++/* ++ * a list of all registered random providers ++ */ ++static LIST_HEAD(random_ops); ++static int started = 0; ++static int initted = 0; ++ ++struct random_op { ++ struct list_head random_list; ++ u_int32_t driverid; ++ int (*read_random)(void *arg, u_int32_t *buf, int len); ++ void *arg; ++}; ++ ++static int random_proc(void *arg); ++ ++static pid_t randomproc = (pid_t) -1; ++static spinlock_t random_lock; ++ ++/* ++ * just init the spin locks ++ */ ++static int ++crypto_random_init(void) ++{ ++ spin_lock_init(&random_lock); ++ initted = 1; ++ return(0); ++} ++ ++/* ++ * Add the given random reader to our list (if not present) ++ * and start the thread (if not already started) ++ * ++ * we have to assume that driver id is ok for now ++ */ ++int ++crypto_rregister( ++ u_int32_t driverid, ++ int (*read_random)(void *arg, u_int32_t *buf, int len), ++ void *arg) ++{ ++ unsigned long flags; ++ int ret = 0; ++ struct random_op *rops, *tmp; ++ ++ dprintk("%s,%d: %s(0x%x, %p, %p)\n", __FILE__, __LINE__, ++ __FUNCTION__, driverid, read_random, arg); ++ ++ if (!initted) ++ crypto_random_init(); ++ ++#if 0 ++ struct cryptocap *cap; ++ ++ cap = crypto_checkdriver(driverid); ++ if (!cap) ++ return EINVAL; ++#endif ++ ++ list_for_each_entry_safe(rops, tmp, &random_ops, random_list) { ++ if (rops->driverid == driverid && rops->read_random == read_random) ++ return EEXIST; ++ } ++ ++ rops = (struct random_op *) kmalloc(sizeof(*rops), GFP_KERNEL); ++ if (!rops) ++ return ENOMEM; ++ ++ rops->driverid = driverid; ++ rops->read_random = read_random; ++ rops->arg = arg; ++ ++ spin_lock_irqsave(&random_lock, flags); ++ list_add_tail(&rops->random_list, &random_ops); ++ if (!started) { ++ randomproc = kernel_thread(random_proc, NULL, CLONE_FS|CLONE_FILES); ++ if (randomproc < 0) { ++ ret = randomproc; ++ printk("crypto: crypto_rregister cannot start random thread; " ++ "error %d", ret); ++ } else ++ started = 1; ++ } ++ spin_unlock_irqrestore(&random_lock, flags); ++ ++ return ret; ++} ++EXPORT_SYMBOL(crypto_rregister); ++ ++int ++crypto_runregister_all(u_int32_t driverid) ++{ ++ struct random_op *rops, *tmp; ++ unsigned long flags; ++ ++ dprintk("%s,%d: %s(0x%x)\n", __FILE__, __LINE__, __FUNCTION__, driverid); ++ ++ list_for_each_entry_safe(rops, tmp, &random_ops, random_list) { ++ if (rops->driverid == driverid) { ++ list_del(&rops->random_list); ++ kfree(rops); ++ } ++ } ++ ++ spin_lock_irqsave(&random_lock, flags); ++ if (list_empty(&random_ops) && started) ++ kill_proc(randomproc, SIGKILL, 1); ++ spin_unlock_irqrestore(&random_lock, flags); ++ return(0); ++} ++EXPORT_SYMBOL(crypto_runregister_all); ++ ++/* ++ * while we can add entropy to random.c continue to read random data from ++ * the drivers and push it to random. ++ */ ++static int ++random_proc(void *arg) ++{ ++ int n; ++ int wantcnt; ++ int bufcnt = 0; ++ int retval = 0; ++ int *buf = NULL; ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ daemonize(); ++ spin_lock_irq(¤t->sigmask_lock); ++ sigemptyset(¤t->blocked); ++ recalc_sigpending(current); ++ spin_unlock_irq(¤t->sigmask_lock); ++ sprintf(current->comm, "ocf-random"); ++#else ++ daemonize("ocf-random"); ++ allow_signal(SIGKILL); ++#endif ++ ++ (void) get_fs(); ++ set_fs(get_ds()); ++ ++#ifdef CONFIG_OCF_FIPS ++#define NUM_INT (RNDTEST_NBYTES/sizeof(int)) ++#else ++#define NUM_INT 32 ++#endif ++ ++ /* ++ * some devices can transferr their RNG data direct into memory, ++ * so make sure it is device friendly ++ */ ++ buf = kmalloc(NUM_INT * sizeof(int), GFP_DMA); ++ if (NULL == buf) { ++ printk("crypto: RNG could not allocate memory\n"); ++ retval = -ENOMEM; ++ goto bad_alloc; ++ } ++ ++ wantcnt = NUM_INT; /* start by adding some entropy */ ++ ++ /* ++ * its possible due to errors or driver removal that we no longer ++ * have anything to do, if so exit or we will consume all the CPU ++ * doing nothing ++ */ ++ while (!list_empty(&random_ops)) { ++ struct random_op *rops, *tmp; ++ ++#ifdef CONFIG_OCF_FIPS ++ if (wantcnt) ++ wantcnt = NUM_INT; /* FIPs mode can do 20000 bits or none */ ++#endif ++ ++ /* see if we can get enough entropy to make the world ++ * a better place. ++ */ ++ while (bufcnt < wantcnt && bufcnt < NUM_INT) { ++ list_for_each_entry_safe(rops, tmp, &random_ops, random_list) { ++ ++ n = (*rops->read_random)(rops->arg, &buf[bufcnt], ++ NUM_INT - bufcnt); ++ ++ /* on failure remove the random number generator */ ++ if (n == -1) { ++ list_del(&rops->random_list); ++ printk("crypto: RNG (driverid=0x%x) failed, disabling\n", ++ rops->driverid); ++ kfree(rops); ++ } else if (n > 0) ++ bufcnt += n; ++ } ++ /* give up CPU for a bit, just in case as this is a loop */ ++ schedule(); ++ } ++ ++ ++#ifdef CONFIG_OCF_FIPS ++ if (bufcnt > 0 && rndtest_buf((unsigned char *) &buf[0])) { ++ dprintk("crypto: buffer had fips errors, discarding\n"); ++ bufcnt = 0; ++ } ++#endif ++ ++ /* ++ * if we have a certified buffer, we can send some data ++ * to /dev/random and move along ++ */ ++ if (bufcnt > 0) { ++ /* add what we have */ ++ random_input_words(buf, bufcnt, bufcnt*sizeof(int)*8); ++ bufcnt = 0; ++ } ++ ++ /* give up CPU for a bit so we don't hog while filling */ ++ schedule(); ++ ++ /* wait for needing more */ ++ wantcnt = random_input_wait(); ++ ++ if (wantcnt <= 0) ++ wantcnt = 0; /* try to get some info again */ ++ else ++ /* round up to one word or we can loop forever */ ++ wantcnt = (wantcnt + (sizeof(int)*8)) / (sizeof(int)*8); ++ if (wantcnt > NUM_INT) { ++ wantcnt = NUM_INT; ++ } ++ ++ if (signal_pending(current)) { ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ spin_lock_irq(¤t->sigmask_lock); ++#endif ++ flush_signals(current); ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++ spin_unlock_irq(¤t->sigmask_lock); ++#endif ++ } ++ } ++ ++ kfree(buf); ++ ++bad_alloc: ++ spin_lock_irq(&random_lock); ++ randomproc = (pid_t) -1; ++ started = 0; ++ spin_unlock_irq(&random_lock); ++ ++ return retval; ++} ++ +--- /dev/null ++++ b/crypto/ocf/ocf-bench.c +@@ -0,0 +1,436 @@ ++/* ++ * A loadable module that benchmarks the OCF crypto speed from kernel space. ++ * ++ * Copyright (C) 2004-2007 David McCullough <david_mccullough@securecomputing.com> ++ * ++ * LICENSE TERMS ++ * ++ * The free distribution and use of this software in both source and binary ++ * form is allowed (with or without changes) provided that: ++ * ++ * 1. distributions of this source code include the above copyright ++ * notice, this list of conditions and the following disclaimer; ++ * ++ * 2. distributions in binary form include the above copyright ++ * notice, this list of conditions and the following disclaimer ++ * in the documentation and/or other associated materials; ++ * ++ * 3. the copyright holder's name is not used to endorse products ++ * built using this software without specific written permission. ++ * ++ * ALTERNATIVELY, provided that this notice is retained in full, this product ++ * may be distributed under the terms of the GNU General Public License (GPL), ++ * in which case the provisions of the GPL apply INSTEAD OF those given above. ++ * ++ * DISCLAIMER ++ * ++ * This software is provided 'as is' with no explicit or implied warranties ++ * in respect of its properties, including, but not limited to, correctness ++ * and/or fitness for purpose. ++ */ ++ ++ ++#ifndef AUTOCONF_INCLUDED ++#include <linux/config.h> ++#endif ++#include <linux/module.h> ++#include <linux/init.h> ++#include <linux/list.h> ++#include <linux/slab.h> ++#include <linux/wait.h> ++#include <linux/sched.h> ++#include <linux/spinlock.h> ++#include <linux/version.h> ++#include <linux/interrupt.h> ++#include <cryptodev.h> ++ ++#ifdef I_HAVE_AN_XSCALE_WITH_INTEL_SDK ++#define BENCH_IXP_ACCESS_LIB 1 ++#endif ++#ifdef BENCH_IXP_ACCESS_LIB ++#include <IxTypes.h> ++#include <IxOsBuffMgt.h> ++#include <IxNpeDl.h> ++#include <IxCryptoAcc.h> ++#include <IxQMgr.h> ++#include <IxOsServices.h> ++#include <IxOsCacheMMU.h> ++#endif ++ ++/* ++ * support for access lib version 1.4 ++ */ ++#ifndef IX_MBUF_PRIV ++#define IX_MBUF_PRIV(x) ((x)->priv) ++#endif ++ ++/* ++ * the number of simultaneously active requests ++ */ ++static int request_q_len = 20; ++module_param(request_q_len, int, 0); ++MODULE_PARM_DESC(request_q_len, "Number of outstanding requests"); ++/* ++ * how many requests we want to have processed ++ */ ++static int request_num = 1024; ++module_param(request_num, int, 0); ++MODULE_PARM_DESC(request_num, "run for at least this many requests"); ++/* ++ * the size of each request ++ */ ++static int request_size = 1500; ++module_param(request_size, int, 0); ++MODULE_PARM_DESC(request_size, "size of each request"); ++ ++/* ++ * a structure for each request ++ */ ++typedef struct { ++ struct work_struct work; ++#ifdef BENCH_IXP_ACCESS_LIB ++ IX_MBUF mbuf; ++#endif ++ unsigned char *buffer; ++} request_t; ++ ++static request_t *requests; ++ ++static int outstanding; ++static int total; ++ ++/*************************************************************************/ ++/* ++ * OCF benchmark routines ++ */ ++ ++static uint64_t ocf_cryptoid; ++static int ocf_init(void); ++static int ocf_cb(struct cryptop *crp); ++static void ocf_request(void *arg); ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) ++static void ocf_request_wq(struct work_struct *work); ++#endif ++ ++static int ++ocf_init(void) ++{ ++ int error; ++ struct cryptoini crie, cria; ++ struct cryptodesc crda, crde; ++ ++ memset(&crie, 0, sizeof(crie)); ++ memset(&cria, 0, sizeof(cria)); ++ memset(&crde, 0, sizeof(crde)); ++ memset(&crda, 0, sizeof(crda)); ++ ++ cria.cri_alg = CRYPTO_SHA1_HMAC; ++ cria.cri_klen = 20 * 8; ++ cria.cri_key = "0123456789abcdefghij"; ++ ++ crie.cri_alg = CRYPTO_3DES_CBC; ++ crie.cri_klen = 24 * 8; ++ crie.cri_key = "0123456789abcdefghijklmn"; ++ ++ crie.cri_next = &cria; ++ ++ error = crypto_newsession(&ocf_cryptoid, &crie, 0); ++ if (error) { ++ printk("crypto_newsession failed %d\n", error); ++ return -1; ++ } ++ return 0; ++} ++ ++static int ++ocf_cb(struct cryptop *crp) ++{ ++ request_t *r = (request_t *) crp->crp_opaque; ++ ++ if (crp->crp_etype) ++ printk("Error in OCF processing: %d\n", crp->crp_etype); ++ total++; ++ crypto_freereq(crp); ++ crp = NULL; ++ ++ if (total > request_num) { ++ outstanding--; ++ return 0; ++ } ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) ++ INIT_WORK(&r->work, ocf_request_wq); ++#else ++ INIT_WORK(&r->work, ocf_request, r); ++#endif ++ schedule_work(&r->work); ++ return 0; ++} ++ ++ ++static void ++ocf_request(void *arg) ++{ ++ request_t *r = arg; ++ struct cryptop *crp = crypto_getreq(2); ++ struct cryptodesc *crde, *crda; ++ ++ if (!crp) { ++ outstanding--; ++ return; ++ } ++ ++ crde = crp->crp_desc; ++ crda = crde->crd_next; ++ ++ crda->crd_skip = 0; ++ crda->crd_flags = 0; ++ crda->crd_len = request_size; ++ crda->crd_inject = request_size; ++ crda->crd_alg = CRYPTO_SHA1_HMAC; ++ crda->crd_key = "0123456789abcdefghij"; ++ crda->crd_klen = 20 * 8; ++ ++ crde->crd_skip = 0; ++ crde->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_ENCRYPT; ++ crde->crd_len = request_size; ++ crde->crd_inject = request_size; ++ crde->crd_alg = CRYPTO_3DES_CBC; ++ crde->crd_key = "0123456789abcdefghijklmn"; ++ crde->crd_klen = 24 * 8; ++ ++ crp->crp_ilen = request_size + 64; ++ crp->crp_flags = CRYPTO_F_CBIMM; ++ crp->crp_buf = (caddr_t) r->buffer; ++ crp->crp_callback = ocf_cb; ++ crp->crp_sid = ocf_cryptoid; ++ crp->crp_opaque = (caddr_t) r; ++ crypto_dispatch(crp); ++} ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) ++static void ++ocf_request_wq(struct work_struct *work) ++{ ++ request_t *r = container_of(work, request_t, work); ++ ocf_request(r); ++} ++#endif ++ ++/*************************************************************************/ ++#ifdef BENCH_IXP_ACCESS_LIB ++/*************************************************************************/ ++/* ++ * CryptoAcc benchmark routines ++ */ ++ ++static IxCryptoAccCtx ixp_ctx; ++static UINT32 ixp_ctx_id; ++static IX_MBUF ixp_pri; ++static IX_MBUF ixp_sec; ++static int ixp_registered = 0; ++ ++static void ixp_register_cb(UINT32 ctx_id, IX_MBUF *bufp, ++ IxCryptoAccStatus status); ++static void ixp_perform_cb(UINT32 ctx_id, IX_MBUF *sbufp, IX_MBUF *dbufp, ++ IxCryptoAccStatus status); ++static void ixp_request(void *arg); ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) ++static void ixp_request_wq(struct work_struct *work); ++#endif ++ ++static int ++ixp_init(void) ++{ ++ IxCryptoAccStatus status; ++ ++ ixp_ctx.cipherCtx.cipherAlgo = IX_CRYPTO_ACC_CIPHER_3DES; ++ ixp_ctx.cipherCtx.cipherMode = IX_CRYPTO_ACC_MODE_CBC; ++ ixp_ctx.cipherCtx.cipherKeyLen = 24; ++ ixp_ctx.cipherCtx.cipherBlockLen = IX_CRYPTO_ACC_DES_BLOCK_64; ++ ixp_ctx.cipherCtx.cipherInitialVectorLen = IX_CRYPTO_ACC_DES_IV_64; ++ memcpy(ixp_ctx.cipherCtx.key.cipherKey, "0123456789abcdefghijklmn", 24); ++ ++ ixp_ctx.authCtx.authAlgo = IX_CRYPTO_ACC_AUTH_SHA1; ++ ixp_ctx.authCtx.authDigestLen = 12; ++ ixp_ctx.authCtx.aadLen = 0; ++ ixp_ctx.authCtx.authKeyLen = 20; ++ memcpy(ixp_ctx.authCtx.key.authKey, "0123456789abcdefghij", 20); ++ ++ ixp_ctx.useDifferentSrcAndDestMbufs = 0; ++ ixp_ctx.operation = IX_CRYPTO_ACC_OP_ENCRYPT_AUTH ; ++ ++ IX_MBUF_MLEN(&ixp_pri) = IX_MBUF_PKT_LEN(&ixp_pri) = 128; ++ IX_MBUF_MDATA(&ixp_pri) = (unsigned char *) kmalloc(128, SLAB_ATOMIC); ++ IX_MBUF_MLEN(&ixp_sec) = IX_MBUF_PKT_LEN(&ixp_sec) = 128; ++ IX_MBUF_MDATA(&ixp_sec) = (unsigned char *) kmalloc(128, SLAB_ATOMIC); ++ ++ status = ixCryptoAccCtxRegister(&ixp_ctx, &ixp_pri, &ixp_sec, ++ ixp_register_cb, ixp_perform_cb, &ixp_ctx_id); ++ ++ if (IX_CRYPTO_ACC_STATUS_SUCCESS == status) { ++ while (!ixp_registered) ++ schedule(); ++ return ixp_registered < 0 ? -1 : 0; ++ } ++ ++ printk("ixp: ixCryptoAccCtxRegister failed %d\n", status); ++ return -1; ++} ++ ++static void ++ixp_register_cb(UINT32 ctx_id, IX_MBUF *bufp, IxCryptoAccStatus status) ++{ ++ if (bufp) { ++ IX_MBUF_MLEN(bufp) = IX_MBUF_PKT_LEN(bufp) = 0; ++ kfree(IX_MBUF_MDATA(bufp)); ++ IX_MBUF_MDATA(bufp) = NULL; ++ } ++ ++ if (IX_CRYPTO_ACC_STATUS_WAIT == status) ++ return; ++ if (IX_CRYPTO_ACC_STATUS_SUCCESS == status) ++ ixp_registered = 1; ++ else ++ ixp_registered = -1; ++} ++ ++static void ++ixp_perform_cb( ++ UINT32 ctx_id, ++ IX_MBUF *sbufp, ++ IX_MBUF *dbufp, ++ IxCryptoAccStatus status) ++{ ++ request_t *r = NULL; ++ ++ total++; ++ if (total > request_num) { ++ outstanding--; ++ return; ++ } ++ ++ if (!sbufp || !(r = IX_MBUF_PRIV(sbufp))) { ++ printk("crappo %p %p\n", sbufp, r); ++ outstanding--; ++ return; ++ } ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) ++ INIT_WORK(&r->work, ixp_request_wq); ++#else ++ INIT_WORK(&r->work, ixp_request, r); ++#endif ++ schedule_work(&r->work); ++} ++ ++static void ++ixp_request(void *arg) ++{ ++ request_t *r = arg; ++ IxCryptoAccStatus status; ++ ++ memset(&r->mbuf, 0, sizeof(r->mbuf)); ++ IX_MBUF_MLEN(&r->mbuf) = IX_MBUF_PKT_LEN(&r->mbuf) = request_size + 64; ++ IX_MBUF_MDATA(&r->mbuf) = r->buffer; ++ IX_MBUF_PRIV(&r->mbuf) = r; ++ status = ixCryptoAccAuthCryptPerform(ixp_ctx_id, &r->mbuf, NULL, ++ 0, request_size, 0, request_size, request_size, r->buffer); ++ if (IX_CRYPTO_ACC_STATUS_SUCCESS != status) { ++ printk("status1 = %d\n", status); ++ outstanding--; ++ return; ++ } ++ return; ++} ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) ++static void ++ixp_request_wq(struct work_struct *work) ++{ ++ request_t *r = container_of(work, request_t, work); ++ ixp_request(r); ++} ++#endif ++ ++/*************************************************************************/ ++#endif /* BENCH_IXP_ACCESS_LIB */ ++/*************************************************************************/ ++ ++int ++ocfbench_init(void) ++{ ++ int i, jstart, jstop; ++ ++ printk("Crypto Speed tests\n"); ++ ++ requests = kmalloc(sizeof(request_t) * request_q_len, GFP_KERNEL); ++ if (!requests) { ++ printk("malloc failed\n"); ++ return -EINVAL; ++ } ++ ++ for (i = 0; i < request_q_len; i++) { ++ /* +64 for return data */ ++ requests[i].buffer = kmalloc(request_size + 128, GFP_DMA); ++ if (!requests[i].buffer) { ++ printk("malloc failed\n"); ++ return -EINVAL; ++ } ++ memset(requests[i].buffer, '0' + i, request_size + 128); ++ } ++ ++ /* ++ * OCF benchmark ++ */ ++ printk("OCF: testing ...\n"); ++ ocf_init(); ++ total = outstanding = 0; ++ jstart = jiffies; ++ for (i = 0; i < request_q_len; i++) { ++ outstanding++; ++ ocf_request(&requests[i]); ++ } ++ while (outstanding > 0) ++ schedule(); ++ jstop = jiffies; ++ ++ printk("OCF: %d requests of %d bytes in %d jiffies\n", total, request_size, ++ jstop - jstart); ++ ++#ifdef BENCH_IXP_ACCESS_LIB ++ /* ++ * IXP benchmark ++ */ ++ printk("IXP: testing ...\n"); ++ ixp_init(); ++ total = outstanding = 0; ++ jstart = jiffies; ++ for (i = 0; i < request_q_len; i++) { ++ outstanding++; ++ ixp_request(&requests[i]); ++ } ++ while (outstanding > 0) ++ schedule(); ++ jstop = jiffies; ++ ++ printk("IXP: %d requests of %d bytes in %d jiffies\n", total, request_size, ++ jstop - jstart); ++#endif /* BENCH_IXP_ACCESS_LIB */ ++ ++ for (i = 0; i < request_q_len; i++) ++ kfree(requests[i].buffer); ++ kfree(requests); ++ return -EINVAL; /* always fail to load so it can be re-run quickly ;-) */ ++} ++ ++static void __exit ocfbench_exit(void) ++{ ++} ++ ++module_init(ocfbench_init); ++module_exit(ocfbench_exit); ++ ++MODULE_LICENSE("BSD"); ++MODULE_AUTHOR("David McCullough <david_mccullough@securecomputing.com>"); ++MODULE_DESCRIPTION("Benchmark various in-kernel crypto speeds"); +--- /dev/null ++++ b/crypto/ocf/ixp4xx/ixp4xx.c +@@ -0,0 +1,1328 @@ ++/* ++ * An OCF module that uses Intels IXP CryptACC API to do the crypto. ++ * This driver requires the IXP400 Access Library that is available ++ * from Intel in order to operate (or compile). ++ * ++ * Written by David McCullough <david_mccullough@securecomputing.com> ++ * Copyright (C) 2006-2007 David McCullough ++ * Copyright (C) 2004-2005 Intel Corporation. ++ * ++ * LICENSE TERMS ++ * ++ * The free distribution and use of this software in both source and binary ++ * form is allowed (with or without changes) provided that: ++ * ++ * 1. distributions of this source code include the above copyright ++ * notice, this list of conditions and the following disclaimer; ++ * ++ * 2. distributions in binary form include the above copyright ++ * notice, this list of conditions and the following disclaimer ++ * in the documentation and/or other associated materials; ++ * ++ * 3. the copyright holder's name is not used to endorse products ++ * built using this software without specific written permission. ++ * ++ * ALTERNATIVELY, provided that this notice is retained in full, this product ++ * may be distributed under the terms of the GNU General Public License (GPL), ++ * in which case the provisions of the GPL apply INSTEAD OF those given above. ++ * ++ * DISCLAIMER ++ * ++ * This software is provided 'as is' with no explicit or implied warranties ++ * in respect of its properties, including, but not limited to, correctness ++ * and/or fitness for purpose. ++ */ ++ ++#ifndef AUTOCONF_INCLUDED ++#include <linux/config.h> ++#endif ++#include <linux/module.h> ++#include <linux/init.h> ++#include <linux/list.h> ++#include <linux/slab.h> ++#include <linux/sched.h> ++#include <linux/wait.h> ++#include <linux/crypto.h> ++#include <linux/interrupt.h> ++#include <asm/scatterlist.h> ++ ++#include <IxTypes.h> ++#include <IxOsBuffMgt.h> ++#include <IxNpeDl.h> ++#include <IxCryptoAcc.h> ++#include <IxQMgr.h> ++#include <IxOsServices.h> ++#include <IxOsCacheMMU.h> ++ ++#include <cryptodev.h> ++#include <uio.h> ++ ++#ifndef IX_MBUF_PRIV ++#define IX_MBUF_PRIV(x) ((x)->priv) ++#endif ++ ++struct ixp_data; ++ ++struct ixp_q { ++ struct list_head ixp_q_list; ++ struct ixp_data *ixp_q_data; ++ struct cryptop *ixp_q_crp; ++ struct cryptodesc *ixp_q_ccrd; ++ struct cryptodesc *ixp_q_acrd; ++ IX_MBUF ixp_q_mbuf; ++ UINT8 *ixp_hash_dest; /* Location for hash in client buffer */ ++ UINT8 *ixp_hash_src; /* Location of hash in internal buffer */ ++ unsigned char ixp_q_iv_data[IX_CRYPTO_ACC_MAX_CIPHER_IV_LENGTH]; ++ unsigned char *ixp_q_iv; ++}; ++ ++struct ixp_data { ++ int ixp_registered; /* is the context registered */ ++ int ixp_crd_flags; /* detect direction changes */ ++ ++ int ixp_cipher_alg; ++ int ixp_auth_alg; ++ ++ UINT32 ixp_ctx_id; ++ UINT32 ixp_hash_key_id; /* used when hashing */ ++ IxCryptoAccCtx ixp_ctx; ++ IX_MBUF ixp_pri_mbuf; ++ IX_MBUF ixp_sec_mbuf; ++ ++ struct work_struct ixp_pending_work; ++ struct work_struct ixp_registration_work; ++ struct list_head ixp_q; /* unprocessed requests */ ++}; ++ ++#ifdef __ixp46X ++ ++#define MAX_IOP_SIZE 64 /* words */ ++#define MAX_OOP_SIZE 128 ++ ++#define MAX_PARAMS 3 ++ ++struct ixp_pkq { ++ struct list_head pkq_list; ++ struct cryptkop *pkq_krp; ++ ++ IxCryptoAccPkeEauInOperands pkq_op; ++ IxCryptoAccPkeEauOpResult pkq_result; ++ ++ UINT32 pkq_ibuf0[MAX_IOP_SIZE]; ++ UINT32 pkq_ibuf1[MAX_IOP_SIZE]; ++ UINT32 pkq_ibuf2[MAX_IOP_SIZE]; ++ UINT32 pkq_obuf[MAX_OOP_SIZE]; ++}; ++ ++static LIST_HEAD(ixp_pkq); /* current PK wait list */ ++static struct ixp_pkq *ixp_pk_cur; ++static spinlock_t ixp_pkq_lock; ++ ++#endif /* __ixp46X */ ++ ++static int ixp_blocked = 0; ++ ++static int32_t ixp_id = -1; ++static struct ixp_data **ixp_sessions = NULL; ++static u_int32_t ixp_sesnum = 0; ++ ++static int ixp_process(device_t, struct cryptop *, int); ++static int ixp_newsession(device_t, u_int32_t *, struct cryptoini *); ++static int ixp_freesession(device_t, u_int64_t); ++#ifdef __ixp46X ++static int ixp_kprocess(device_t, struct cryptkop *krp, int hint); ++#endif ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20) ++static kmem_cache_t *qcache; ++#else ++static struct kmem_cache *qcache; ++#endif ++ ++#define debug ixp_debug ++static int ixp_debug = 0; ++module_param(ixp_debug, int, 0644); ++MODULE_PARM_DESC(ixp_debug, "Enable debug"); ++ ++static int ixp_init_crypto = 1; ++module_param(ixp_init_crypto, int, 0444); /* RO after load/boot */ ++MODULE_PARM_DESC(ixp_init_crypto, "Call ixCryptoAccInit (default is 1)"); ++ ++static void ixp_process_pending(void *arg); ++static void ixp_registration(void *arg); ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) ++static void ixp_process_pending_wq(struct work_struct *work); ++static void ixp_registration_wq(struct work_struct *work); ++#endif ++ ++/* ++ * dummy device structure ++ */ ++ ++static struct { ++ softc_device_decl sc_dev; ++} ixpdev; ++ ++static device_method_t ixp_methods = { ++ /* crypto device methods */ ++ DEVMETHOD(cryptodev_newsession, ixp_newsession), ++ DEVMETHOD(cryptodev_freesession,ixp_freesession), ++ DEVMETHOD(cryptodev_process, ixp_process), ++#ifdef __ixp46X ++ DEVMETHOD(cryptodev_kprocess, ixp_kprocess), ++#endif ++}; ++ ++/* ++ * Generate a new software session. ++ */ ++static int ++ixp_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri) ++{ ++ struct ixp_data *ixp; ++ u_int32_t i; ++#define AUTH_LEN(cri, def) \ ++ (cri->cri_mlen ? cri->cri_mlen : (def)) ++ ++ dprintk("%s():alg %d\n", __FUNCTION__,cri->cri_alg); ++ if (sid == NULL || cri == NULL) { ++ dprintk("%s,%d - EINVAL\n", __FILE__, __LINE__); ++ return EINVAL; ++ } ++ ++ if (ixp_sessions) { ++ for (i = 1; i < ixp_sesnum; i++) ++ if (ixp_sessions[i] == NULL) ++ break; ++ } else ++ i = 1; /* NB: to silence compiler warning */ ++ ++ if (ixp_sessions == NULL || i == ixp_sesnum) { ++ struct ixp_data **ixpd; ++ ++ if (ixp_sessions == NULL) { ++ i = 1; /* We leave ixp_sessions[0] empty */ ++ ixp_sesnum = CRYPTO_SW_SESSIONS; ++ } else ++ ixp_sesnum *= 2; ++ ++ ixpd = kmalloc(ixp_sesnum * sizeof(struct ixp_data *), SLAB_ATOMIC); ++ if (ixpd == NULL) { ++ /* Reset session number */ ++ if (ixp_sesnum == CRYPTO_SW_SESSIONS) ++ ixp_sesnum = 0; ++ else ++ ixp_sesnum /= 2; ++ dprintk("%s,%d: ENOBUFS\n", __FILE__, __LINE__); ++ return ENOBUFS; ++ } ++ memset(ixpd, 0, ixp_sesnum * sizeof(struct ixp_data *)); ++ ++ /* Copy existing sessions */ ++ if (ixp_sessions) { ++ memcpy(ixpd, ixp_sessions, ++ (ixp_sesnum / 2) * sizeof(struct ixp_data *)); ++ kfree(ixp_sessions); ++ } ++ ++ ixp_sessions = ixpd; ++ } ++ ++ ixp_sessions[i] = (struct ixp_data *) kmalloc(sizeof(struct ixp_data), ++ SLAB_ATOMIC); ++ if (ixp_sessions[i] == NULL) { ++ ixp_freesession(NULL, i); ++ dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); ++ return ENOBUFS; ++ } ++ ++ *sid = i; ++ ++ ixp = ixp_sessions[i]; ++ memset(ixp, 0, sizeof(*ixp)); ++ ++ ixp->ixp_cipher_alg = -1; ++ ixp->ixp_auth_alg = -1; ++ ixp->ixp_ctx_id = -1; ++ INIT_LIST_HEAD(&ixp->ixp_q); ++ ++ ixp->ixp_ctx.useDifferentSrcAndDestMbufs = 0; ++ ++ while (cri) { ++ switch (cri->cri_alg) { ++ case CRYPTO_DES_CBC: ++ ixp->ixp_cipher_alg = cri->cri_alg; ++ ixp->ixp_ctx.cipherCtx.cipherAlgo = IX_CRYPTO_ACC_CIPHER_DES; ++ ixp->ixp_ctx.cipherCtx.cipherMode = IX_CRYPTO_ACC_MODE_CBC; ++ ixp->ixp_ctx.cipherCtx.cipherKeyLen = (cri->cri_klen + 7) / 8; ++ ixp->ixp_ctx.cipherCtx.cipherBlockLen = IX_CRYPTO_ACC_DES_BLOCK_64; ++ ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen = ++ IX_CRYPTO_ACC_DES_IV_64; ++ memcpy(ixp->ixp_ctx.cipherCtx.key.cipherKey, ++ cri->cri_key, (cri->cri_klen + 7) / 8); ++ break; ++ ++ case CRYPTO_3DES_CBC: ++ ixp->ixp_cipher_alg = cri->cri_alg; ++ ixp->ixp_ctx.cipherCtx.cipherAlgo = IX_CRYPTO_ACC_CIPHER_3DES; ++ ixp->ixp_ctx.cipherCtx.cipherMode = IX_CRYPTO_ACC_MODE_CBC; ++ ixp->ixp_ctx.cipherCtx.cipherKeyLen = (cri->cri_klen + 7) / 8; ++ ixp->ixp_ctx.cipherCtx.cipherBlockLen = IX_CRYPTO_ACC_DES_BLOCK_64; ++ ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen = ++ IX_CRYPTO_ACC_DES_IV_64; ++ memcpy(ixp->ixp_ctx.cipherCtx.key.cipherKey, ++ cri->cri_key, (cri->cri_klen + 7) / 8); ++ break; ++ ++ case CRYPTO_RIJNDAEL128_CBC: ++ ixp->ixp_cipher_alg = cri->cri_alg; ++ ixp->ixp_ctx.cipherCtx.cipherAlgo = IX_CRYPTO_ACC_CIPHER_AES; ++ ixp->ixp_ctx.cipherCtx.cipherMode = IX_CRYPTO_ACC_MODE_CBC; ++ ixp->ixp_ctx.cipherCtx.cipherKeyLen = (cri->cri_klen + 7) / 8; ++ ixp->ixp_ctx.cipherCtx.cipherBlockLen = 16; ++ ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen = 16; ++ memcpy(ixp->ixp_ctx.cipherCtx.key.cipherKey, ++ cri->cri_key, (cri->cri_klen + 7) / 8); ++ break; ++ ++ case CRYPTO_MD5: ++ case CRYPTO_MD5_HMAC: ++ ixp->ixp_auth_alg = cri->cri_alg; ++ ixp->ixp_ctx.authCtx.authAlgo = IX_CRYPTO_ACC_AUTH_MD5; ++ ixp->ixp_ctx.authCtx.authDigestLen = AUTH_LEN(cri, MD5_HASH_LEN); ++ ixp->ixp_ctx.authCtx.aadLen = 0; ++ /* Only MD5_HMAC needs a key */ ++ if (cri->cri_alg == CRYPTO_MD5_HMAC) { ++ ixp->ixp_ctx.authCtx.authKeyLen = (cri->cri_klen + 7) / 8; ++ if (ixp->ixp_ctx.authCtx.authKeyLen > ++ sizeof(ixp->ixp_ctx.authCtx.key.authKey)) { ++ printk( ++ "ixp4xx: Invalid key length for MD5_HMAC - %d bits\n", ++ cri->cri_klen); ++ ixp_freesession(NULL, i); ++ return EINVAL; ++ } ++ memcpy(ixp->ixp_ctx.authCtx.key.authKey, ++ cri->cri_key, (cri->cri_klen + 7) / 8); ++ } ++ break; ++ ++ case CRYPTO_SHA1: ++ case CRYPTO_SHA1_HMAC: ++ ixp->ixp_auth_alg = cri->cri_alg; ++ ixp->ixp_ctx.authCtx.authAlgo = IX_CRYPTO_ACC_AUTH_SHA1; ++ ixp->ixp_ctx.authCtx.authDigestLen = AUTH_LEN(cri, SHA1_HASH_LEN); ++ ixp->ixp_ctx.authCtx.aadLen = 0; ++ /* Only SHA1_HMAC needs a key */ ++ if (cri->cri_alg == CRYPTO_SHA1_HMAC) { ++ ixp->ixp_ctx.authCtx.authKeyLen = (cri->cri_klen + 7) / 8; ++ if (ixp->ixp_ctx.authCtx.authKeyLen > ++ sizeof(ixp->ixp_ctx.authCtx.key.authKey)) { ++ printk( ++ "ixp4xx: Invalid key length for SHA1_HMAC - %d bits\n", ++ cri->cri_klen); ++ ixp_freesession(NULL, i); ++ return EINVAL; ++ } ++ memcpy(ixp->ixp_ctx.authCtx.key.authKey, ++ cri->cri_key, (cri->cri_klen + 7) / 8); ++ } ++ break; ++ ++ default: ++ printk("ixp: unknown algo 0x%x\n", cri->cri_alg); ++ ixp_freesession(NULL, i); ++ return EINVAL; ++ } ++ cri = cri->cri_next; ++ } ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) ++ INIT_WORK(&ixp->ixp_pending_work, ixp_process_pending_wq); ++ INIT_WORK(&ixp->ixp_registration_work, ixp_registration_wq); ++#else ++ INIT_WORK(&ixp->ixp_pending_work, ixp_process_pending, ixp); ++ INIT_WORK(&ixp->ixp_registration_work, ixp_registration, ixp); ++#endif ++ ++ return 0; ++} ++ ++ ++/* ++ * Free a session. ++ */ ++static int ++ixp_freesession(device_t dev, u_int64_t tid) ++{ ++ u_int32_t sid = CRYPTO_SESID2LID(tid); ++ ++ dprintk("%s()\n", __FUNCTION__); ++ if (sid > ixp_sesnum || ixp_sessions == NULL || ++ ixp_sessions[sid] == NULL) { ++ dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); ++ return EINVAL; ++ } ++ ++ /* Silently accept and return */ ++ if (sid == 0) ++ return 0; ++ ++ if (ixp_sessions[sid]) { ++ if (ixp_sessions[sid]->ixp_ctx_id != -1) { ++ ixCryptoAccCtxUnregister(ixp_sessions[sid]->ixp_ctx_id); ++ ixp_sessions[sid]->ixp_ctx_id = -1; ++ } ++ ++ flush_scheduled_work(); ++ ++ kfree(ixp_sessions[sid]); ++ } ++ ixp_sessions[sid] = NULL; ++ if (ixp_blocked) { ++ ixp_blocked = 0; ++ crypto_unblock(ixp_id, CRYPTO_SYMQ); ++ } ++ return 0; ++} ++ ++ ++/* ++ * callback for when hash processing is complete ++ */ ++ ++static void ++ixp_hash_perform_cb( ++ UINT32 hash_key_id, ++ IX_MBUF *bufp, ++ IxCryptoAccStatus status) ++{ ++ struct ixp_q *q; ++ ++ dprintk("%s(%u, %p, 0x%x)\n", __FUNCTION__, hash_key_id, bufp, status); ++ ++ if (bufp == NULL) { ++ printk("ixp: NULL buf in %s\n", __FUNCTION__); ++ return; ++ } ++ ++ q = IX_MBUF_PRIV(bufp); ++ if (q == NULL) { ++ printk("ixp: NULL priv in %s\n", __FUNCTION__); ++ return; ++ } ++ ++ if (status == IX_CRYPTO_ACC_STATUS_SUCCESS) { ++ /* On success, need to copy hash back into original client buffer */ ++ memcpy(q->ixp_hash_dest, q->ixp_hash_src, ++ (q->ixp_q_data->ixp_auth_alg == CRYPTO_SHA1) ? ++ SHA1_HASH_LEN : MD5_HASH_LEN); ++ } ++ else { ++ printk("ixp: hash perform failed status=%d\n", status); ++ q->ixp_q_crp->crp_etype = EINVAL; ++ } ++ ++ /* Free internal buffer used for hashing */ ++ kfree(IX_MBUF_MDATA(&q->ixp_q_mbuf)); ++ ++ crypto_done(q->ixp_q_crp); ++ kmem_cache_free(qcache, q); ++} ++ ++/* ++ * setup a request and perform it ++ */ ++static void ++ixp_q_process(struct ixp_q *q) ++{ ++ IxCryptoAccStatus status; ++ struct ixp_data *ixp = q->ixp_q_data; ++ int auth_off = 0; ++ int auth_len = 0; ++ int crypt_off = 0; ++ int crypt_len = 0; ++ int icv_off = 0; ++ char *crypt_func; ++ ++ dprintk("%s(%p)\n", __FUNCTION__, q); ++ ++ if (q->ixp_q_ccrd) { ++ if (q->ixp_q_ccrd->crd_flags & CRD_F_IV_EXPLICIT) { ++ q->ixp_q_iv = q->ixp_q_ccrd->crd_iv; ++ } else { ++ q->ixp_q_iv = q->ixp_q_iv_data; ++ crypto_copydata(q->ixp_q_crp->crp_flags, q->ixp_q_crp->crp_buf, ++ q->ixp_q_ccrd->crd_inject, ++ ixp->ixp_ctx.cipherCtx.cipherInitialVectorLen, ++ (caddr_t) q->ixp_q_iv); ++ } ++ ++ if (q->ixp_q_acrd) { ++ auth_off = q->ixp_q_acrd->crd_skip; ++ auth_len = q->ixp_q_acrd->crd_len; ++ icv_off = q->ixp_q_acrd->crd_inject; ++ } ++ ++ crypt_off = q->ixp_q_ccrd->crd_skip; ++ crypt_len = q->ixp_q_ccrd->crd_len; ++ } else { /* if (q->ixp_q_acrd) */ ++ auth_off = q->ixp_q_acrd->crd_skip; ++ auth_len = q->ixp_q_acrd->crd_len; ++ icv_off = q->ixp_q_acrd->crd_inject; ++ } ++ ++ if (q->ixp_q_crp->crp_flags & CRYPTO_F_SKBUF) { ++ struct sk_buff *skb = (struct sk_buff *) q->ixp_q_crp->crp_buf; ++ if (skb_shinfo(skb)->nr_frags) { ++ /* ++ * DAVIDM fix this limitation one day by using ++ * a buffer pool and chaining, it is not currently ++ * needed for current user/kernel space acceleration ++ */ ++ printk("ixp: Cannot handle fragmented skb's yet !\n"); ++ q->ixp_q_crp->crp_etype = ENOENT; ++ goto done; ++ } ++ IX_MBUF_MLEN(&q->ixp_q_mbuf) = ++ IX_MBUF_PKT_LEN(&q->ixp_q_mbuf) = skb->len; ++ IX_MBUF_MDATA(&q->ixp_q_mbuf) = skb->data; ++ } else if (q->ixp_q_crp->crp_flags & CRYPTO_F_IOV) { ++ struct uio *uiop = (struct uio *) q->ixp_q_crp->crp_buf; ++ if (uiop->uio_iovcnt != 1) { ++ /* ++ * DAVIDM fix this limitation one day by using ++ * a buffer pool and chaining, it is not currently ++ * needed for current user/kernel space acceleration ++ */ ++ printk("ixp: Cannot handle more than 1 iovec yet !\n"); ++ q->ixp_q_crp->crp_etype = ENOENT; ++ goto done; ++ } ++ IX_MBUF_MLEN(&q->ixp_q_mbuf) = ++ IX_MBUF_PKT_LEN(&q->ixp_q_mbuf) = uiop->uio_iov[0].iov_len; ++ IX_MBUF_MDATA(&q->ixp_q_mbuf) = uiop->uio_iov[0].iov_base; ++ } else /* contig buffer */ { ++ IX_MBUF_MLEN(&q->ixp_q_mbuf) = ++ IX_MBUF_PKT_LEN(&q->ixp_q_mbuf) = q->ixp_q_crp->crp_ilen; ++ IX_MBUF_MDATA(&q->ixp_q_mbuf) = q->ixp_q_crp->crp_buf; ++ } ++ ++ IX_MBUF_PRIV(&q->ixp_q_mbuf) = q; ++ ++ if (ixp->ixp_auth_alg == CRYPTO_SHA1 || ixp->ixp_auth_alg == CRYPTO_MD5) { ++ /* ++ * For SHA1 and MD5 hash, need to create an internal buffer that is big ++ * enough to hold the original data + the appropriate padding for the ++ * hash algorithm. ++ */ ++ UINT8 *tbuf = NULL; ++ ++ IX_MBUF_MLEN(&q->ixp_q_mbuf) = IX_MBUF_PKT_LEN(&q->ixp_q_mbuf) = ++ ((IX_MBUF_MLEN(&q->ixp_q_mbuf) * 8) + 72 + 511) / 8; ++ tbuf = kmalloc(IX_MBUF_MLEN(&q->ixp_q_mbuf), SLAB_ATOMIC); ++ ++ if (IX_MBUF_MDATA(&q->ixp_q_mbuf) == NULL) { ++ printk("ixp: kmalloc(%u, SLAB_ATOMIC) failed\n", ++ IX_MBUF_MLEN(&q->ixp_q_mbuf)); ++ q->ixp_q_crp->crp_etype = ENOMEM; ++ goto done; ++ } ++ memcpy(tbuf, &(IX_MBUF_MDATA(&q->ixp_q_mbuf))[auth_off], auth_len); ++ ++ /* Set location in client buffer to copy hash into */ ++ q->ixp_hash_dest = ++ &(IX_MBUF_MDATA(&q->ixp_q_mbuf))[auth_off + auth_len]; ++ ++ IX_MBUF_MDATA(&q->ixp_q_mbuf) = tbuf; ++ ++ /* Set location in internal buffer for where hash starts */ ++ q->ixp_hash_src = &(IX_MBUF_MDATA(&q->ixp_q_mbuf))[auth_len]; ++ ++ crypt_func = "ixCryptoAccHashPerform"; ++ status = ixCryptoAccHashPerform(ixp->ixp_ctx.authCtx.authAlgo, ++ &q->ixp_q_mbuf, ixp_hash_perform_cb, 0, auth_len, auth_len, ++ &ixp->ixp_hash_key_id); ++ } ++ else { ++ crypt_func = "ixCryptoAccAuthCryptPerform"; ++ status = ixCryptoAccAuthCryptPerform(ixp->ixp_ctx_id, &q->ixp_q_mbuf, ++ NULL, auth_off, auth_len, crypt_off, crypt_len, icv_off, ++ q->ixp_q_iv); ++ } ++ ++ if (IX_CRYPTO_ACC_STATUS_SUCCESS == status) ++ return; ++ ++ if (IX_CRYPTO_ACC_STATUS_QUEUE_FULL == status) { ++ q->ixp_q_crp->crp_etype = ENOMEM; ++ goto done; ++ } ++ ++ printk("ixp: %s failed %u\n", crypt_func, status); ++ q->ixp_q_crp->crp_etype = EINVAL; ++ ++done: ++ crypto_done(q->ixp_q_crp); ++ kmem_cache_free(qcache, q); ++} ++ ++ ++/* ++ * because we cannot process the Q from the Register callback ++ * we do it here on a task Q. ++ */ ++ ++static void ++ixp_process_pending(void *arg) ++{ ++ struct ixp_data *ixp = arg; ++ struct ixp_q *q = NULL; ++ ++ dprintk("%s(%p)\n", __FUNCTION__, arg); ++ ++ if (!ixp) ++ return; ++ ++ while (!list_empty(&ixp->ixp_q)) { ++ q = list_entry(ixp->ixp_q.next, struct ixp_q, ixp_q_list); ++ list_del(&q->ixp_q_list); ++ ixp_q_process(q); ++ } ++} ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) ++static void ++ixp_process_pending_wq(struct work_struct *work) ++{ ++ struct ixp_data *ixp = container_of(work, struct ixp_data, ++ ixp_pending_work); ++ ixp_process_pending(ixp); ++} ++#endif ++ ++/* ++ * callback for when context registration is complete ++ */ ++ ++static void ++ixp_register_cb(UINT32 ctx_id, IX_MBUF *bufp, IxCryptoAccStatus status) ++{ ++ int i; ++ struct ixp_data *ixp; ++ struct ixp_q *q; ++ ++ dprintk("%s(%d, %p, %d)\n", __FUNCTION__, ctx_id, bufp, status); ++ ++ /* ++ * free any buffer passed in to this routine ++ */ ++ if (bufp) { ++ IX_MBUF_MLEN(bufp) = IX_MBUF_PKT_LEN(bufp) = 0; ++ kfree(IX_MBUF_MDATA(bufp)); ++ IX_MBUF_MDATA(bufp) = NULL; ++ } ++ ++ for (i = 0; i < ixp_sesnum; i++) { ++ ixp = ixp_sessions[i]; ++ if (ixp && ixp->ixp_ctx_id == ctx_id) ++ break; ++ } ++ if (i >= ixp_sesnum) { ++ printk("ixp: invalid context id %d\n", ctx_id); ++ return; ++ } ++ ++ if (IX_CRYPTO_ACC_STATUS_WAIT == status) { ++ /* this is normal to free the first of two buffers */ ++ dprintk("ixp: register not finished yet.\n"); ++ return; ++ } ++ ++ if (IX_CRYPTO_ACC_STATUS_SUCCESS != status) { ++ printk("ixp: register failed 0x%x\n", status); ++ while (!list_empty(&ixp->ixp_q)) { ++ q = list_entry(ixp->ixp_q.next, struct ixp_q, ixp_q_list); ++ list_del(&q->ixp_q_list); ++ q->ixp_q_crp->crp_etype = EINVAL; ++ crypto_done(q->ixp_q_crp); ++ kmem_cache_free(qcache, q); ++ } ++ return; ++ } ++ ++ /* ++ * we are now registered, we cannot start processing the Q here ++ * or we get strange errors with AES (DES/3DES seem to be ok). ++ */ ++ ixp->ixp_registered = 1; ++ schedule_work(&ixp->ixp_pending_work); ++} ++ ++ ++/* ++ * callback for when data processing is complete ++ */ ++ ++static void ++ixp_perform_cb( ++ UINT32 ctx_id, ++ IX_MBUF *sbufp, ++ IX_MBUF *dbufp, ++ IxCryptoAccStatus status) ++{ ++ struct ixp_q *q; ++ ++ dprintk("%s(%d, %p, %p, 0x%x)\n", __FUNCTION__, ctx_id, sbufp, ++ dbufp, status); ++ ++ if (sbufp == NULL) { ++ printk("ixp: NULL sbuf in ixp_perform_cb\n"); ++ return; ++ } ++ ++ q = IX_MBUF_PRIV(sbufp); ++ if (q == NULL) { ++ printk("ixp: NULL priv in ixp_perform_cb\n"); ++ return; ++ } ++ ++ if (status != IX_CRYPTO_ACC_STATUS_SUCCESS) { ++ printk("ixp: perform failed status=%d\n", status); ++ q->ixp_q_crp->crp_etype = EINVAL; ++ } ++ ++ crypto_done(q->ixp_q_crp); ++ kmem_cache_free(qcache, q); ++} ++ ++ ++/* ++ * registration is not callable at IRQ time, so we defer ++ * to a task queue, this routines completes the registration for us ++ * when the task queue runs ++ * ++ * Unfortunately this means we cannot tell OCF that the driver is blocked, ++ * we do that on the next request. ++ */ ++ ++static void ++ixp_registration(void *arg) ++{ ++ struct ixp_data *ixp = arg; ++ struct ixp_q *q = NULL; ++ IX_MBUF *pri = NULL, *sec = NULL; ++ int status = IX_CRYPTO_ACC_STATUS_SUCCESS; ++ ++ if (!ixp) { ++ printk("ixp: ixp_registration with no arg\n"); ++ return; ++ } ++ ++ if (ixp->ixp_ctx_id != -1) { ++ ixCryptoAccCtxUnregister(ixp->ixp_ctx_id); ++ ixp->ixp_ctx_id = -1; ++ } ++ ++ if (list_empty(&ixp->ixp_q)) { ++ printk("ixp: ixp_registration with no Q\n"); ++ return; ++ } ++ ++ /* ++ * setup the primary and secondary buffers ++ */ ++ q = list_entry(ixp->ixp_q.next, struct ixp_q, ixp_q_list); ++ if (q->ixp_q_acrd) { ++ pri = &ixp->ixp_pri_mbuf; ++ sec = &ixp->ixp_sec_mbuf; ++ IX_MBUF_MLEN(pri) = IX_MBUF_PKT_LEN(pri) = 128; ++ IX_MBUF_MDATA(pri) = (unsigned char *) kmalloc(128, SLAB_ATOMIC); ++ IX_MBUF_MLEN(sec) = IX_MBUF_PKT_LEN(sec) = 128; ++ IX_MBUF_MDATA(sec) = (unsigned char *) kmalloc(128, SLAB_ATOMIC); ++ } ++ ++ /* Only need to register if a crypt op or HMAC op */ ++ if (!(ixp->ixp_auth_alg == CRYPTO_SHA1 || ++ ixp->ixp_auth_alg == CRYPTO_MD5)) { ++ status = ixCryptoAccCtxRegister( ++ &ixp->ixp_ctx, ++ pri, sec, ++ ixp_register_cb, ++ ixp_perform_cb, ++ &ixp->ixp_ctx_id); ++ } ++ else { ++ /* Otherwise we start processing pending q */ ++ schedule_work(&ixp->ixp_pending_work); ++ } ++ ++ if (IX_CRYPTO_ACC_STATUS_SUCCESS == status) ++ return; ++ ++ if (IX_CRYPTO_ACC_STATUS_EXCEED_MAX_TUNNELS == status) { ++ printk("ixp: ixCryptoAccCtxRegister failed (out of tunnels)\n"); ++ ixp_blocked = 1; ++ /* perhaps we should return EGAIN on queued ops ? */ ++ return; ++ } ++ ++ printk("ixp: ixCryptoAccCtxRegister failed %d\n", status); ++ ixp->ixp_ctx_id = -1; ++ ++ /* ++ * everything waiting is toasted ++ */ ++ while (!list_empty(&ixp->ixp_q)) { ++ q = list_entry(ixp->ixp_q.next, struct ixp_q, ixp_q_list); ++ list_del(&q->ixp_q_list); ++ q->ixp_q_crp->crp_etype = ENOENT; ++ crypto_done(q->ixp_q_crp); ++ kmem_cache_free(qcache, q); ++ } ++} ++ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20) ++static void ++ixp_registration_wq(struct work_struct *work) ++{ ++ struct ixp_data *ixp = container_of(work, struct ixp_data, ++ ixp_registration_work); ++ ixp_registration(ixp); ++} ++#endif ++ ++/* ++ * Process a request. ++ */ ++static int ++ixp_process(device_t dev, struct cryptop *crp, int hint) ++{ ++ struct ixp_data *ixp; ++ unsigned int lid; ++ struct ixp_q *q = NULL; ++ int status; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ ++ /* Sanity check */ ++ if (crp == NULL) { ++ dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); ++ return EINVAL; ++ } ++ ++ crp->crp_etype = 0; ++ ++ if (ixp_blocked) ++ return ERESTART; ++ ++ if (crp->crp_desc == NULL || crp->crp_buf == NULL) { ++ dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); ++ crp->crp_etype = EINVAL; ++ goto done; ++ } ++ ++ /* ++ * find the session we are using ++ */ ++ ++ lid = crp->crp_sid & 0xffffffff; ++ if (lid >= ixp_sesnum || lid == 0 || ixp_sessions == NULL || ++ ixp_sessions[lid] == NULL) { ++ crp->crp_etype = ENOENT; ++ dprintk("%s,%d: ENOENT\n", __FILE__, __LINE__); ++ goto done; ++ } ++ ixp = ixp_sessions[lid]; ++ ++ /* ++ * setup a new request ready for queuing ++ */ ++ q = kmem_cache_alloc(qcache, SLAB_ATOMIC); ++ if (q == NULL) { ++ dprintk("%s,%d: ENOMEM\n", __FILE__, __LINE__); ++ crp->crp_etype = ENOMEM; ++ goto done; ++ } ++ /* ++ * save some cycles by only zeroing the important bits ++ */ ++ memset(&q->ixp_q_mbuf, 0, sizeof(q->ixp_q_mbuf)); ++ q->ixp_q_ccrd = NULL; ++ q->ixp_q_acrd = NULL; ++ q->ixp_q_crp = crp; ++ q->ixp_q_data = ixp; ++ ++ /* ++ * point the cipher and auth descriptors appropriately ++ * check that we have something to do ++ */ ++ if (crp->crp_desc->crd_alg == ixp->ixp_cipher_alg) ++ q->ixp_q_ccrd = crp->crp_desc; ++ else if (crp->crp_desc->crd_alg == ixp->ixp_auth_alg) ++ q->ixp_q_acrd = crp->crp_desc; ++ else { ++ crp->crp_etype = ENOENT; ++ dprintk("%s,%d: bad desc match: ENOENT\n", __FILE__, __LINE__); ++ goto done; ++ } ++ if (crp->crp_desc->crd_next) { ++ if (crp->crp_desc->crd_next->crd_alg == ixp->ixp_cipher_alg) ++ q->ixp_q_ccrd = crp->crp_desc->crd_next; ++ else if (crp->crp_desc->crd_next->crd_alg == ixp->ixp_auth_alg) ++ q->ixp_q_acrd = crp->crp_desc->crd_next; ++ else { ++ crp->crp_etype = ENOENT; ++ dprintk("%s,%d: bad desc match: ENOENT\n", __FILE__, __LINE__); ++ goto done; ++ } ++ } ++ ++ /* ++ * If there is a direction change for this context then we mark it as ++ * unregistered and re-register is for the new direction. This is not ++ * a very expensive operation and currently only tends to happen when ++ * user-space application are doing benchmarks ++ * ++ * DM - we should be checking for pending requests before unregistering. ++ */ ++ if (q->ixp_q_ccrd && ixp->ixp_registered && ++ ixp->ixp_crd_flags != (q->ixp_q_ccrd->crd_flags & CRD_F_ENCRYPT)) { ++ dprintk("%s - detected direction change on session\n", __FUNCTION__); ++ ixp->ixp_registered = 0; ++ } ++ ++ /* ++ * if we are registered, call straight into the perform code ++ */ ++ if (ixp->ixp_registered) { ++ ixp_q_process(q); ++ return 0; ++ } ++ ++ /* ++ * the only part of the context not set in newsession is the direction ++ * dependent parts ++ */ ++ if (q->ixp_q_ccrd) { ++ ixp->ixp_crd_flags = (q->ixp_q_ccrd->crd_flags & CRD_F_ENCRYPT); ++ if (q->ixp_q_ccrd->crd_flags & CRD_F_ENCRYPT) { ++ ixp->ixp_ctx.operation = q->ixp_q_acrd ? ++ IX_CRYPTO_ACC_OP_ENCRYPT_AUTH : IX_CRYPTO_ACC_OP_ENCRYPT; ++ } else { ++ ixp->ixp_ctx.operation = q->ixp_q_acrd ? ++ IX_CRYPTO_ACC_OP_AUTH_DECRYPT : IX_CRYPTO_ACC_OP_DECRYPT; ++ } ++ } else { ++ /* q->ixp_q_acrd must be set if we are here */ ++ ixp->ixp_ctx.operation = IX_CRYPTO_ACC_OP_AUTH_CALC; ++ } ++ ++ status = list_empty(&ixp->ixp_q); ++ list_add_tail(&q->ixp_q_list, &ixp->ixp_q); ++ if (status) ++ schedule_work(&ixp->ixp_registration_work); ++ return 0; ++ ++done: ++ if (q) ++ kmem_cache_free(qcache, q); ++ crypto_done(crp); ++ return 0; ++} ++ ++ ++#ifdef __ixp46X ++/* ++ * key processing support for the ixp465 ++ */ ++ ++ ++/* ++ * copy a BN (LE) into a buffer (BE) an fill out the op appropriately ++ * assume zeroed and only copy bits that are significant ++ */ ++ ++static int ++ixp_copy_ibuf(struct crparam *p, IxCryptoAccPkeEauOperand *op, UINT32 *buf) ++{ ++ unsigned char *src = (unsigned char *) p->crp_p; ++ unsigned char *dst; ++ int len, bits = p->crp_nbits; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ ++ if (bits > MAX_IOP_SIZE * sizeof(UINT32) * 8) { ++ dprintk("%s - ibuf too big (%d > %d)\n", __FUNCTION__, ++ bits, MAX_IOP_SIZE * sizeof(UINT32) * 8); ++ return -1; ++ } ++ ++ len = (bits + 31) / 32; /* the number UINT32's needed */ ++ ++ dst = (unsigned char *) &buf[len]; ++ dst--; ++ ++ while (bits > 0) { ++ *dst-- = *src++; ++ bits -= 8; ++ } ++ ++#if 0 /* no need to zero remaining bits as it is done during request alloc */ ++ while (dst > (unsigned char *) buf) ++ *dst-- = '\0'; ++#endif ++ ++ op->pData = buf; ++ op->dataLen = len; ++ return 0; ++} ++ ++/* ++ * copy out the result, be as forgiving as we can about small output buffers ++ */ ++ ++static int ++ixp_copy_obuf(struct crparam *p, IxCryptoAccPkeEauOpResult *op, UINT32 *buf) ++{ ++ unsigned char *dst = (unsigned char *) p->crp_p; ++ unsigned char *src = (unsigned char *) buf; ++ int len, z, bits = p->crp_nbits; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ ++ len = op->dataLen * sizeof(UINT32); ++ ++ /* skip leading zeroes to be small buffer friendly */ ++ z = 0; ++ while (z < len && src[z] == '\0') ++ z++; ++ ++ src += len; ++ src--; ++ len -= z; ++ ++ while (len > 0 && bits > 0) { ++ *dst++ = *src--; ++ len--; ++ bits -= 8; ++ } ++ ++ while (bits > 0) { ++ *dst++ = '\0'; ++ bits -= 8; ++ } ++ ++ if (len > 0) { ++ dprintk("%s - obuf is %d (z=%d, ob=%d) bytes too small\n", ++ __FUNCTION__, len, z, p->crp_nbits / 8); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++ ++/* ++ * the parameter offsets for exp_mod ++ */ ++ ++#define IXP_PARAM_BASE 0 ++#define IXP_PARAM_EXP 1 ++#define IXP_PARAM_MOD 2 ++#define IXP_PARAM_RES 3 ++ ++/* ++ * key processing complete callback, is also used to start processing ++ * by passing a NULL for pResult ++ */ ++ ++static void ++ixp_kperform_cb( ++ IxCryptoAccPkeEauOperation operation, ++ IxCryptoAccPkeEauOpResult *pResult, ++ BOOL carryOrBorrow, ++ IxCryptoAccStatus status) ++{ ++ struct ixp_pkq *q, *tmp; ++ unsigned long flags; ++ ++ dprintk("%s(0x%x, %p, %d, 0x%x)\n", __FUNCTION__, operation, pResult, ++ carryOrBorrow, status); ++ ++ /* handle a completed request */ ++ if (pResult) { ++ if (ixp_pk_cur && &ixp_pk_cur->pkq_result == pResult) { ++ q = ixp_pk_cur; ++ if (status != IX_CRYPTO_ACC_STATUS_SUCCESS) { ++ dprintk("%s() - op failed 0x%x\n", __FUNCTION__, status); ++ q->pkq_krp->krp_status = ERANGE; /* could do better */ ++ } else { ++ /* copy out the result */ ++ if (ixp_copy_obuf(&q->pkq_krp->krp_param[IXP_PARAM_RES], ++ &q->pkq_result, q->pkq_obuf)) ++ q->pkq_krp->krp_status = ERANGE; ++ } ++ crypto_kdone(q->pkq_krp); ++ kfree(q); ++ ixp_pk_cur = NULL; ++ } else ++ printk("%s - callback with invalid result pointer\n", __FUNCTION__); ++ } ++ ++ spin_lock_irqsave(&ixp_pkq_lock, flags); ++ if (ixp_pk_cur || list_empty(&ixp_pkq)) { ++ spin_unlock_irqrestore(&ixp_pkq_lock, flags); ++ return; ++ } ++ ++ list_for_each_entry_safe(q, tmp, &ixp_pkq, pkq_list) { ++ ++ list_del(&q->pkq_list); ++ ixp_pk_cur = q; ++ ++ spin_unlock_irqrestore(&ixp_pkq_lock, flags); ++ ++ status = ixCryptoAccPkeEauPerform( ++ IX_CRYPTO_ACC_OP_EAU_MOD_EXP, ++ &q->pkq_op, ++ ixp_kperform_cb, ++ &q->pkq_result); ++ ++ if (status == IX_CRYPTO_ACC_STATUS_SUCCESS) { ++ dprintk("%s() - ixCryptoAccPkeEauPerform SUCCESS\n", __FUNCTION__); ++ return; /* callback will return here for callback */ ++ } else if (status == IX_CRYPTO_ACC_STATUS_RETRY) { ++ printk("%s() - ixCryptoAccPkeEauPerform RETRY\n", __FUNCTION__); ++ } else { ++ printk("%s() - ixCryptoAccPkeEauPerform failed %d\n", ++ __FUNCTION__, status); ++ } ++ q->pkq_krp->krp_status = ERANGE; /* could do better */ ++ crypto_kdone(q->pkq_krp); ++ kfree(q); ++ spin_lock_irqsave(&ixp_pkq_lock, flags); ++ } ++ spin_unlock_irqrestore(&ixp_pkq_lock, flags); ++} ++ ++ ++static int ++ixp_kprocess(device_t dev, struct cryptkop *krp, int hint) ++{ ++ struct ixp_pkq *q; ++ int rc = 0; ++ unsigned long flags; ++ ++ dprintk("%s l1=%d l2=%d l3=%d l4=%d\n", __FUNCTION__, ++ krp->krp_param[IXP_PARAM_BASE].crp_nbits, ++ krp->krp_param[IXP_PARAM_EXP].crp_nbits, ++ krp->krp_param[IXP_PARAM_MOD].crp_nbits, ++ krp->krp_param[IXP_PARAM_RES].crp_nbits); ++ ++ ++ if (krp->krp_op != CRK_MOD_EXP) { ++ krp->krp_status = EOPNOTSUPP; ++ goto err; ++ } ++ ++ q = (struct ixp_pkq *) kmalloc(sizeof(*q), GFP_KERNEL); ++ if (q == NULL) { ++ krp->krp_status = ENOMEM; ++ goto err; ++ } ++ ++ /* ++ * The PKE engine does not appear to zero the output buffer ++ * appropriately, so we need to do it all here. ++ */ ++ memset(q, 0, sizeof(*q)); ++ ++ q->pkq_krp = krp; ++ INIT_LIST_HEAD(&q->pkq_list); ++ ++ if (ixp_copy_ibuf(&krp->krp_param[IXP_PARAM_BASE], &q->pkq_op.modExpOpr.M, ++ q->pkq_ibuf0)) ++ rc = 1; ++ if (!rc && ixp_copy_ibuf(&krp->krp_param[IXP_PARAM_EXP], ++ &q->pkq_op.modExpOpr.e, q->pkq_ibuf1)) ++ rc = 2; ++ if (!rc && ixp_copy_ibuf(&krp->krp_param[IXP_PARAM_MOD], ++ &q->pkq_op.modExpOpr.N, q->pkq_ibuf2)) ++ rc = 3; ++ ++ if (rc) { ++ kfree(q); ++ krp->krp_status = ERANGE; ++ goto err; ++ } ++ ++ q->pkq_result.pData = q->pkq_obuf; ++ q->pkq_result.dataLen = ++ (krp->krp_param[IXP_PARAM_RES].crp_nbits + 31) / 32; ++ ++ spin_lock_irqsave(&ixp_pkq_lock, flags); ++ list_add_tail(&q->pkq_list, &ixp_pkq); ++ spin_unlock_irqrestore(&ixp_pkq_lock, flags); ++ ++ if (!ixp_pk_cur) ++ ixp_kperform_cb(0, NULL, 0, 0); ++ return (0); ++ ++err: ++ crypto_kdone(krp); ++ return (0); ++} ++ ++ ++ ++#ifdef CONFIG_OCF_RANDOMHARVEST ++/* ++ * We run the random number generator output through SHA so that it ++ * is FIPS compliant. ++ */ ++ ++static volatile int sha_done = 0; ++static unsigned char sha_digest[20]; ++ ++static void ++ixp_hash_cb(UINT8 *digest, IxCryptoAccStatus status) ++{ ++ dprintk("%s(%p, %d)\n", __FUNCTION__, digest, status); ++ if (sha_digest != digest) ++ printk("digest error\n"); ++ if (IX_CRYPTO_ACC_STATUS_SUCCESS == status) ++ sha_done = 1; ++ else ++ sha_done = -status; ++} ++ ++static int ++ixp_read_random(void *arg, u_int32_t *buf, int maxwords) ++{ ++ IxCryptoAccStatus status; ++ int i, n, rc; ++ ++ dprintk("%s(%p, %d)\n", __FUNCTION__, buf, maxwords); ++ memset(buf, 0, maxwords * sizeof(*buf)); ++ status = ixCryptoAccPkePseudoRandomNumberGet(maxwords, buf); ++ if (status != IX_CRYPTO_ACC_STATUS_SUCCESS) { ++ dprintk("%s: ixCryptoAccPkePseudoRandomNumberGet failed %d\n", ++ __FUNCTION__, status); ++ return 0; ++ } ++ ++ /* ++ * run the random data through SHA to make it look more random ++ */ ++ ++ n = sizeof(sha_digest); /* process digest bytes at a time */ ++ ++ rc = 0; ++ for (i = 0; i < maxwords; i += n / sizeof(*buf)) { ++ if ((maxwords - i) * sizeof(*buf) < n) ++ n = (maxwords - i) * sizeof(*buf); ++ sha_done = 0; ++ status = ixCryptoAccPkeHashPerform(IX_CRYPTO_ACC_AUTH_SHA1, ++ (UINT8 *) &buf[i], n, ixp_hash_cb, sha_digest); ++ if (status != IX_CRYPTO_ACC_STATUS_SUCCESS) { ++ dprintk("ixCryptoAccPkeHashPerform failed %d\n", status); ++ return -EIO; ++ } ++ while (!sha_done) ++ schedule(); ++ if (sha_done < 0) { ++ dprintk("ixCryptoAccPkeHashPerform failed CB %d\n", -sha_done); ++ return 0; ++ } ++ memcpy(&buf[i], sha_digest, n); ++ rc += n / sizeof(*buf);; ++ } ++ ++ return rc; ++} ++#endif /* CONFIG_OCF_RANDOMHARVEST */ ++ ++#endif /* __ixp46X */ ++ ++ ++ ++/* ++ * our driver startup and shutdown routines ++ */ ++ ++static int ++ixp_init(void) ++{ ++ dprintk("%s(%p)\n", __FUNCTION__, ixp_init); ++ ++ if (ixp_init_crypto && ixCryptoAccInit() != IX_CRYPTO_ACC_STATUS_SUCCESS) ++ printk("ixCryptoAccInit failed, assuming already initialised!\n"); ++ ++ qcache = kmem_cache_create("ixp4xx_q", sizeof(struct ixp_q), 0, ++ SLAB_HWCACHE_ALIGN, NULL ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) ++ , NULL ++#endif ++ ); ++ if (!qcache) { ++ printk("failed to create Qcache\n"); ++ return -ENOENT; ++ } ++ ++ memset(&ixpdev, 0, sizeof(ixpdev)); ++ softc_device_init(&ixpdev, "ixp4xx", 0, ixp_methods); ++ ++ ixp_id = crypto_get_driverid(softc_get_device(&ixpdev), ++ CRYPTOCAP_F_HARDWARE); ++ if (ixp_id < 0) ++ panic("IXP/OCF crypto device cannot initialize!"); ++ ++#define REGISTER(alg) \ ++ crypto_register(ixp_id,alg,0,0) ++ ++ REGISTER(CRYPTO_DES_CBC); ++ REGISTER(CRYPTO_3DES_CBC); ++ REGISTER(CRYPTO_RIJNDAEL128_CBC); ++#ifdef CONFIG_OCF_IXP4XX_SHA1_MD5 ++ REGISTER(CRYPTO_MD5); ++ REGISTER(CRYPTO_SHA1); ++#endif ++ REGISTER(CRYPTO_MD5_HMAC); ++ REGISTER(CRYPTO_SHA1_HMAC); ++#undef REGISTER ++ ++#ifdef __ixp46X ++ spin_lock_init(&ixp_pkq_lock); ++ /* ++ * we do not enable the go fast options here as they can potentially ++ * allow timing based attacks ++ * ++ * http://www.openssl.org/news/secadv_20030219.txt ++ */ ++ ixCryptoAccPkeEauExpConfig(0, 0); ++ crypto_kregister(ixp_id, CRK_MOD_EXP, 0); ++#ifdef CONFIG_OCF_RANDOMHARVEST ++ crypto_rregister(ixp_id, ixp_read_random, NULL); ++#endif ++#endif ++ ++ return 0; ++} ++ ++static void ++ixp_exit(void) ++{ ++ dprintk("%s()\n", __FUNCTION__); ++ crypto_unregister_all(ixp_id); ++ ixp_id = -1; ++ kmem_cache_destroy(qcache); ++ qcache = NULL; ++} ++ ++module_init(ixp_init); ++module_exit(ixp_exit); ++ ++MODULE_LICENSE("Dual BSD/GPL"); ++MODULE_AUTHOR("David McCullough <dmccullough@cyberguard.com>"); ++MODULE_DESCRIPTION("ixp (OCF module for IXP4xx crypto)"); +--- /dev/null ++++ b/crypto/ocf/cryptodev.c +@@ -0,0 +1,1048 @@ ++/* $OpenBSD: cryptodev.c,v 1.52 2002/06/19 07:22:46 deraadt Exp $ */ ++ ++/*- ++ * Linux port done by David McCullough <david_mccullough@securecomputing.com> ++ * Copyright (C) 2006-2007 David McCullough ++ * Copyright (C) 2004-2005 Intel Corporation. ++ * The license and original author are listed below. ++ * ++ * Copyright (c) 2001 Theo de Raadt ++ * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote products ++ * derived from this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ * Effort sponsored in part by the Defense Advanced Research Projects ++ * Agency (DARPA) and Air Force Research Laboratory, Air Force ++ * Materiel Command, USAF, under agreement number F30602-01-2-0537. ++ * ++__FBSDID("$FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.34 2007/05/09 19:37:02 gnn Exp $"); ++ */ ++ ++#ifndef AUTOCONF_INCLUDED ++#include <linux/config.h> ++#endif ++#include <linux/types.h> ++#include <linux/time.h> ++#include <linux/delay.h> ++#include <linux/list.h> ++#include <linux/init.h> ++#include <linux/sched.h> ++#include <linux/unistd.h> ++#include <linux/module.h> ++#include <linux/wait.h> ++#include <linux/slab.h> ++#include <linux/fs.h> ++#include <linux/dcache.h> ++#include <linux/fdtable.h> ++#include <linux/mount.h> ++#include <linux/miscdevice.h> ++#include <linux/version.h> ++#include <asm/uaccess.h> ++ ++#include <cryptodev.h> ++#include <uio.h> ++ ++extern asmlinkage long sys_dup(unsigned int fildes); ++ ++#define debug cryptodev_debug ++int cryptodev_debug = 0; ++module_param(cryptodev_debug, int, 0644); ++MODULE_PARM_DESC(cryptodev_debug, "Enable cryptodev debug"); ++ ++struct csession_info { ++ u_int16_t blocksize; ++ u_int16_t minkey, maxkey; ++ ++ u_int16_t keysize; ++ /* u_int16_t hashsize; */ ++ u_int16_t authsize; ++ /* u_int16_t ctxsize; */ ++}; ++ ++struct csession { ++ struct list_head list; ++ u_int64_t sid; ++ u_int32_t ses; ++ ++ wait_queue_head_t waitq; ++ ++ u_int32_t cipher; ++ ++ u_int32_t mac; ++ ++ caddr_t key; ++ int keylen; ++ u_char tmp_iv[EALG_MAX_BLOCK_LEN]; ++ ++ caddr_t mackey; ++ int mackeylen; ++ ++ struct csession_info info; ++ ++ struct iovec iovec; ++ struct uio uio; ++ int error; ++}; ++ ++struct fcrypt { ++ struct list_head csessions; ++ int sesn; ++}; ++ ++static struct csession *csefind(struct fcrypt *, u_int); ++static int csedelete(struct fcrypt *, struct csession *); ++static struct csession *cseadd(struct fcrypt *, struct csession *); ++static struct csession *csecreate(struct fcrypt *, u_int64_t, ++ struct cryptoini *crie, struct cryptoini *cria, struct csession_info *); ++static int csefree(struct csession *); ++ ++static int cryptodev_op(struct csession *, struct crypt_op *); ++static int cryptodev_key(struct crypt_kop *); ++static int cryptodev_find(struct crypt_find_op *); ++ ++static int cryptodev_cb(void *); ++static int cryptodev_open(struct inode *inode, struct file *filp); ++ ++/* ++ * Check a crypto identifier to see if it requested ++ * a valid crid and it's capabilities match. ++ */ ++static int ++checkcrid(int crid) ++{ ++ int hid = crid & ~(CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE); ++ int typ = crid & (CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE); ++ int caps = 0; ++ ++ /* if the user hasn't selected a driver, then just call newsession */ ++ if (hid == 0 && typ != 0) ++ return 0; ++ ++ caps = crypto_getcaps(hid); ++ ++ /* didn't find anything with capabilities */ ++ if (caps == 0) { ++ dprintk("%s: hid=%x typ=%x not matched\n", __FUNCTION__, hid, typ); ++ return EINVAL; ++ } ++ ++ /* the user didn't specify SW or HW, so the driver is ok */ ++ if (typ == 0) ++ return 0; ++ ++ /* if the type specified didn't match */ ++ if (typ != (caps & (CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE))) { ++ dprintk("%s: hid=%x typ=%x caps=%x not matched\n", __FUNCTION__, ++ hid, typ, caps); ++ return EINVAL; ++ } ++ ++ return 0; ++} ++ ++static int ++cryptodev_op(struct csession *cse, struct crypt_op *cop) ++{ ++ struct cryptop *crp = NULL; ++ struct cryptodesc *crde = NULL, *crda = NULL; ++ int error = 0; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ if (cop->len > CRYPTO_MAX_DATA_LEN) { ++ dprintk("%s: %d > %d\n", __FUNCTION__, cop->len, CRYPTO_MAX_DATA_LEN); ++ return (E2BIG); ++ } ++ ++ if (cse->info.blocksize && (cop->len % cse->info.blocksize) != 0) { ++ dprintk("%s: blocksize=%d len=%d\n", __FUNCTION__, cse->info.blocksize, ++ cop->len); ++ return (EINVAL); ++ } ++ ++ cse->uio.uio_iov = &cse->iovec; ++ cse->uio.uio_iovcnt = 1; ++ cse->uio.uio_offset = 0; ++#if 0 ++ cse->uio.uio_resid = cop->len; ++ cse->uio.uio_segflg = UIO_SYSSPACE; ++ cse->uio.uio_rw = UIO_WRITE; ++ cse->uio.uio_td = td; ++#endif ++ cse->uio.uio_iov[0].iov_len = cop->len; ++ if (cse->info.authsize) ++ cse->uio.uio_iov[0].iov_len += cse->info.authsize; ++ cse->uio.uio_iov[0].iov_base = kmalloc(cse->uio.uio_iov[0].iov_len, ++ GFP_KERNEL); ++ ++ if (cse->uio.uio_iov[0].iov_base == NULL) { ++ dprintk("%s: iov_base kmalloc(%d) failed\n", __FUNCTION__, ++ cse->uio.uio_iov[0].iov_len); ++ return (ENOMEM); ++ } ++ ++ crp = crypto_getreq((cse->info.blocksize != 0) + (cse->info.authsize != 0)); ++ if (crp == NULL) { ++ dprintk("%s: ENOMEM\n", __FUNCTION__); ++ error = ENOMEM; ++ goto bail; ++ } ++ ++ if (cse->info.authsize) { ++ crda = crp->crp_desc; ++ if (cse->info.blocksize) ++ crde = crda->crd_next; ++ } else { ++ if (cse->info.blocksize) ++ crde = crp->crp_desc; ++ else { ++ dprintk("%s: bad request\n", __FUNCTION__); ++ error = EINVAL; ++ goto bail; ++ } ++ } ++ ++ if ((error = copy_from_user(cse->uio.uio_iov[0].iov_base, cop->src, ++ cop->len))) { ++ dprintk("%s: bad copy\n", __FUNCTION__); ++ goto bail; ++ } ++ ++ if (crda) { ++ crda->crd_skip = 0; ++ crda->crd_len = cop->len; ++ crda->crd_inject = cop->len; ++ ++ crda->crd_alg = cse->mac; ++ crda->crd_key = cse->mackey; ++ crda->crd_klen = cse->mackeylen * 8; ++ } ++ ++ if (crde) { ++ if (cop->op == COP_ENCRYPT) ++ crde->crd_flags |= CRD_F_ENCRYPT; ++ else ++ crde->crd_flags &= ~CRD_F_ENCRYPT; ++ crde->crd_len = cop->len; ++ crde->crd_inject = 0; ++ ++ crde->crd_alg = cse->cipher; ++ crde->crd_key = cse->key; ++ crde->crd_klen = cse->keylen * 8; ++ } ++ ++ crp->crp_ilen = cse->uio.uio_iov[0].iov_len; ++ crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_CBIMM ++ | (cop->flags & COP_F_BATCH); ++ crp->crp_buf = (caddr_t)&cse->uio; ++ crp->crp_callback = (int (*) (struct cryptop *)) cryptodev_cb; ++ crp->crp_sid = cse->sid; ++ crp->crp_opaque = (void *)cse; ++ ++ if (cop->iv) { ++ if (crde == NULL) { ++ error = EINVAL; ++ dprintk("%s no crde\n", __FUNCTION__); ++ goto bail; ++ } ++ if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ ++ error = EINVAL; ++ dprintk("%s arc4 with IV\n", __FUNCTION__); ++ goto bail; ++ } ++ if ((error = copy_from_user(cse->tmp_iv, cop->iv, ++ cse->info.blocksize))) { ++ dprintk("%s bad iv copy\n", __FUNCTION__); ++ goto bail; ++ } ++ memcpy(crde->crd_iv, cse->tmp_iv, cse->info.blocksize); ++ crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT; ++ crde->crd_skip = 0; ++ } else if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */ ++ crde->crd_skip = 0; ++ } else if (crde) { ++ crde->crd_flags |= CRD_F_IV_PRESENT; ++ crde->crd_skip = cse->info.blocksize; ++ crde->crd_len -= cse->info.blocksize; ++ } ++ ++ if (cop->mac && crda == NULL) { ++ error = EINVAL; ++ dprintk("%s no crda\n", __FUNCTION__); ++ goto bail; ++ } ++ ++ /* ++ * Let the dispatch run unlocked, then, interlock against the ++ * callback before checking if the operation completed and going ++ * to sleep. This insures drivers don't inherit our lock which ++ * results in a lock order reversal between crypto_dispatch forced ++ * entry and the crypto_done callback into us. ++ */ ++ error = crypto_dispatch(crp); ++ if (error == 0) { ++ dprintk("%s about to WAIT\n", __FUNCTION__); ++ /* ++ * we really need to wait for driver to complete to maintain ++ * state, luckily interrupts will be remembered ++ */ ++ do { ++ error = wait_event_interruptible(crp->crp_waitq, ++ ((crp->crp_flags & CRYPTO_F_DONE) != 0)); ++ /* ++ * we can't break out of this loop or we will leave behind ++ * a huge mess, however, staying here means if your driver ++ * is broken user applications can hang and not be killed. ++ * The solution, fix your driver :-) ++ */ ++ if (error) { ++ schedule(); ++ error = 0; ++ } ++ } while ((crp->crp_flags & CRYPTO_F_DONE) == 0); ++ dprintk("%s finished WAITING error=%d\n", __FUNCTION__, error); ++ } ++ ++ if (crp->crp_etype != 0) { ++ error = crp->crp_etype; ++ dprintk("%s error in crp processing\n", __FUNCTION__); ++ goto bail; ++ } ++ ++ if (cse->error) { ++ error = cse->error; ++ dprintk("%s error in cse processing\n", __FUNCTION__); ++ goto bail; ++ } ++ ++ if (cop->dst && (error = copy_to_user(cop->dst, ++ cse->uio.uio_iov[0].iov_base, cop->len))) { ++ dprintk("%s bad dst copy\n", __FUNCTION__); ++ goto bail; ++ } ++ ++ if (cop->mac && ++ (error=copy_to_user(cop->mac, ++ (caddr_t)cse->uio.uio_iov[0].iov_base + cop->len, ++ cse->info.authsize))) { ++ dprintk("%s bad mac copy\n", __FUNCTION__); ++ goto bail; ++ } ++ ++bail: ++ if (crp) ++ crypto_freereq(crp); ++ if (cse->uio.uio_iov[0].iov_base) ++ kfree(cse->uio.uio_iov[0].iov_base); ++ ++ return (error); ++} ++ ++static int ++cryptodev_cb(void *op) ++{ ++ struct cryptop *crp = (struct cryptop *) op; ++ struct csession *cse = (struct csession *)crp->crp_opaque; ++ int error; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ error = crp->crp_etype; ++ if (error == EAGAIN) { ++ crp->crp_flags &= ~CRYPTO_F_DONE; ++#ifdef NOTYET ++ /* ++ * DAVIDM I am fairly sure that we should turn this into a batch ++ * request to stop bad karma/lockup, revisit ++ */ ++ crp->crp_flags |= CRYPTO_F_BATCH; ++#endif ++ return crypto_dispatch(crp); ++ } ++ if (error != 0 || (crp->crp_flags & CRYPTO_F_DONE)) { ++ cse->error = error; ++ wake_up_interruptible(&crp->crp_waitq); ++ } ++ return (0); ++} ++ ++static int ++cryptodevkey_cb(void *op) ++{ ++ struct cryptkop *krp = (struct cryptkop *) op; ++ dprintk("%s()\n", __FUNCTION__); ++ wake_up_interruptible(&krp->krp_waitq); ++ return (0); ++} ++ ++static int ++cryptodev_key(struct crypt_kop *kop) ++{ ++ struct cryptkop *krp = NULL; ++ int error = EINVAL; ++ int in, out, size, i; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) { ++ dprintk("%s params too big\n", __FUNCTION__); ++ return (EFBIG); ++ } ++ ++ in = kop->crk_iparams; ++ out = kop->crk_oparams; ++ switch (kop->crk_op) { ++ case CRK_MOD_EXP: ++ if (in == 3 && out == 1) ++ break; ++ return (EINVAL); ++ case CRK_MOD_EXP_CRT: ++ if (in == 6 && out == 1) ++ break; ++ return (EINVAL); ++ case CRK_DSA_SIGN: ++ if (in == 5 && out == 2) ++ break; ++ return (EINVAL); ++ case CRK_DSA_VERIFY: ++ if (in == 7 && out == 0) ++ break; ++ return (EINVAL); ++ case CRK_DH_COMPUTE_KEY: ++ if (in == 3 && out == 1) ++ break; ++ return (EINVAL); ++ default: ++ return (EINVAL); ++ } ++ ++ krp = (struct cryptkop *)kmalloc(sizeof *krp, GFP_KERNEL); ++ if (!krp) ++ return (ENOMEM); ++ bzero(krp, sizeof *krp); ++ krp->krp_op = kop->crk_op; ++ krp->krp_status = kop->crk_status; ++ krp->krp_iparams = kop->crk_iparams; ++ krp->krp_oparams = kop->crk_oparams; ++ krp->krp_crid = kop->crk_crid; ++ krp->krp_status = 0; ++ krp->krp_flags = CRYPTO_KF_CBIMM; ++ krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb; ++ init_waitqueue_head(&krp->krp_waitq); ++ ++ for (i = 0; i < CRK_MAXPARAM; i++) ++ krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits; ++ for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) { ++ size = (krp->krp_param[i].crp_nbits + 7) / 8; ++ if (size == 0) ++ continue; ++ krp->krp_param[i].crp_p = (caddr_t) kmalloc(size, GFP_KERNEL); ++ if (i >= krp->krp_iparams) ++ continue; ++ error = copy_from_user(krp->krp_param[i].crp_p, ++ kop->crk_param[i].crp_p, size); ++ if (error) ++ goto fail; ++ } ++ ++ error = crypto_kdispatch(krp); ++ if (error) ++ goto fail; ++ ++ do { ++ error = wait_event_interruptible(krp->krp_waitq, ++ ((krp->krp_flags & CRYPTO_KF_DONE) != 0)); ++ /* ++ * we can't break out of this loop or we will leave behind ++ * a huge mess, however, staying here means if your driver ++ * is broken user applications can hang and not be killed. ++ * The solution, fix your driver :-) ++ */ ++ if (error) { ++ schedule(); ++ error = 0; ++ } ++ } while ((krp->krp_flags & CRYPTO_KF_DONE) == 0); ++ ++ dprintk("%s finished WAITING error=%d\n", __FUNCTION__, error); ++ ++ kop->crk_crid = krp->krp_crid; /* device that did the work */ ++ if (krp->krp_status != 0) { ++ error = krp->krp_status; ++ goto fail; ++ } ++ ++ for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) { ++ size = (krp->krp_param[i].crp_nbits + 7) / 8; ++ if (size == 0) ++ continue; ++ error = copy_to_user(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, ++ size); ++ if (error) ++ goto fail; ++ } ++ ++fail: ++ if (krp) { ++ kop->crk_status = krp->krp_status; ++ for (i = 0; i < CRK_MAXPARAM; i++) { ++ if (krp->krp_param[i].crp_p) ++ kfree(krp->krp_param[i].crp_p); ++ } ++ kfree(krp); ++ } ++ return (error); ++} ++ ++static int ++cryptodev_find(struct crypt_find_op *find) ++{ ++ device_t dev; ++ ++ if (find->crid != -1) { ++ dev = crypto_find_device_byhid(find->crid); ++ if (dev == NULL) ++ return (ENOENT); ++ strlcpy(find->name, device_get_nameunit(dev), ++ sizeof(find->name)); ++ } else { ++ find->crid = crypto_find_driver(find->name); ++ if (find->crid == -1) ++ return (ENOENT); ++ } ++ return (0); ++} ++ ++static struct csession * ++csefind(struct fcrypt *fcr, u_int ses) ++{ ++ struct csession *cse; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ list_for_each_entry(cse, &fcr->csessions, list) ++ if (cse->ses == ses) ++ return (cse); ++ return (NULL); ++} ++ ++static int ++csedelete(struct fcrypt *fcr, struct csession *cse_del) ++{ ++ struct csession *cse; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ list_for_each_entry(cse, &fcr->csessions, list) { ++ if (cse == cse_del) { ++ list_del(&cse->list); ++ return (1); ++ } ++ } ++ return (0); ++} ++ ++static struct csession * ++cseadd(struct fcrypt *fcr, struct csession *cse) ++{ ++ dprintk("%s()\n", __FUNCTION__); ++ list_add_tail(&cse->list, &fcr->csessions); ++ cse->ses = fcr->sesn++; ++ return (cse); ++} ++ ++static struct csession * ++csecreate(struct fcrypt *fcr, u_int64_t sid, struct cryptoini *crie, ++ struct cryptoini *cria, struct csession_info *info) ++{ ++ struct csession *cse; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ cse = (struct csession *) kmalloc(sizeof(struct csession), GFP_KERNEL); ++ if (cse == NULL) ++ return NULL; ++ memset(cse, 0, sizeof(struct csession)); ++ ++ INIT_LIST_HEAD(&cse->list); ++ init_waitqueue_head(&cse->waitq); ++ ++ cse->key = crie->cri_key; ++ cse->keylen = crie->cri_klen/8; ++ cse->mackey = cria->cri_key; ++ cse->mackeylen = cria->cri_klen/8; ++ cse->sid = sid; ++ cse->cipher = crie->cri_alg; ++ cse->mac = cria->cri_alg; ++ cse->info = *info; ++ cseadd(fcr, cse); ++ return (cse); ++} ++ ++static int ++csefree(struct csession *cse) ++{ ++ int error; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ error = crypto_freesession(cse->sid); ++ if (cse->key) ++ kfree(cse->key); ++ if (cse->mackey) ++ kfree(cse->mackey); ++ kfree(cse); ++ return(error); ++} ++ ++static int ++cryptodev_ioctl( ++ struct inode *inode, ++ struct file *filp, ++ unsigned int cmd, ++ unsigned long arg) ++{ ++ struct cryptoini cria, crie; ++ struct fcrypt *fcr = filp->private_data; ++ struct csession *cse; ++ struct csession_info info; ++ struct session2_op sop; ++ struct crypt_op cop; ++ struct crypt_kop kop; ++ struct crypt_find_op fop; ++ u_int64_t sid; ++ u_int32_t ses; ++ int feat, fd, error = 0, crid; ++ mm_segment_t fs; ++ ++ dprintk("%s(cmd=%x arg=%lx)\n", __FUNCTION__, cmd, arg); ++ ++ switch (cmd) { ++ ++ case CRIOGET: { ++ dprintk("%s(CRIOGET)\n", __FUNCTION__); ++ fs = get_fs(); ++ set_fs(get_ds()); ++ for (fd = 0; fd < files_fdtable(current->files)->max_fds; fd++) ++ if (files_fdtable(current->files)->fd[fd] == filp) ++ break; ++ fd = sys_dup(fd); ++ set_fs(fs); ++ put_user(fd, (int *) arg); ++ return IS_ERR_VALUE(fd) ? fd : 0; ++ } ++ ++#define CIOCGSESSSTR (cmd == CIOCGSESSION ? "CIOCGSESSION" : "CIOCGSESSION2") ++ case CIOCGSESSION: ++ case CIOCGSESSION2: ++ dprintk("%s(%s)\n", __FUNCTION__, CIOCGSESSSTR); ++ memset(&crie, 0, sizeof(crie)); ++ memset(&cria, 0, sizeof(cria)); ++ memset(&info, 0, sizeof(info)); ++ memset(&sop, 0, sizeof(sop)); ++ ++ if (copy_from_user(&sop, (void*)arg, (cmd == CIOCGSESSION) ? ++ sizeof(struct session_op) : sizeof(sop))) { ++ dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR); ++ error = EFAULT; ++ goto bail; ++ } ++ ++ switch (sop.cipher) { ++ case 0: ++ dprintk("%s(%s) - no cipher\n", __FUNCTION__, CIOCGSESSSTR); ++ break; ++ case CRYPTO_NULL_CBC: ++ info.blocksize = NULL_BLOCK_LEN; ++ info.minkey = NULL_MIN_KEY_LEN; ++ info.maxkey = NULL_MAX_KEY_LEN; ++ break; ++ case CRYPTO_DES_CBC: ++ info.blocksize = DES_BLOCK_LEN; ++ info.minkey = DES_MIN_KEY_LEN; ++ info.maxkey = DES_MAX_KEY_LEN; ++ break; ++ case CRYPTO_3DES_CBC: ++ info.blocksize = DES3_BLOCK_LEN; ++ info.minkey = DES3_MIN_KEY_LEN; ++ info.maxkey = DES3_MAX_KEY_LEN; ++ break; ++ case CRYPTO_BLF_CBC: ++ info.blocksize = BLOWFISH_BLOCK_LEN; ++ info.minkey = BLOWFISH_MIN_KEY_LEN; ++ info.maxkey = BLOWFISH_MAX_KEY_LEN; ++ break; ++ case CRYPTO_CAST_CBC: ++ info.blocksize = CAST128_BLOCK_LEN; ++ info.minkey = CAST128_MIN_KEY_LEN; ++ info.maxkey = CAST128_MAX_KEY_LEN; ++ break; ++ case CRYPTO_SKIPJACK_CBC: ++ info.blocksize = SKIPJACK_BLOCK_LEN; ++ info.minkey = SKIPJACK_MIN_KEY_LEN; ++ info.maxkey = SKIPJACK_MAX_KEY_LEN; ++ break; ++ case CRYPTO_AES_CBC: ++ info.blocksize = AES_BLOCK_LEN; ++ info.minkey = AES_MIN_KEY_LEN; ++ info.maxkey = AES_MAX_KEY_LEN; ++ break; ++ case CRYPTO_ARC4: ++ info.blocksize = ARC4_BLOCK_LEN; ++ info.minkey = ARC4_MIN_KEY_LEN; ++ info.maxkey = ARC4_MAX_KEY_LEN; ++ break; ++ case CRYPTO_CAMELLIA_CBC: ++ info.blocksize = CAMELLIA_BLOCK_LEN; ++ info.minkey = CAMELLIA_MIN_KEY_LEN; ++ info.maxkey = CAMELLIA_MAX_KEY_LEN; ++ break; ++ default: ++ dprintk("%s(%s) - bad cipher\n", __FUNCTION__, CIOCGSESSSTR); ++ error = EINVAL; ++ goto bail; ++ } ++ ++ switch (sop.mac) { ++ case 0: ++ dprintk("%s(%s) - no mac\n", __FUNCTION__, CIOCGSESSSTR); ++ break; ++ case CRYPTO_NULL_HMAC: ++ info.authsize = NULL_HASH_LEN; ++ break; ++ case CRYPTO_MD5: ++ info.authsize = MD5_HASH_LEN; ++ break; ++ case CRYPTO_SHA1: ++ info.authsize = SHA1_HASH_LEN; ++ break; ++ case CRYPTO_SHA2_256: ++ info.authsize = SHA2_256_HASH_LEN; ++ break; ++ case CRYPTO_SHA2_384: ++ info.authsize = SHA2_384_HASH_LEN; ++ break; ++ case CRYPTO_SHA2_512: ++ info.authsize = SHA2_512_HASH_LEN; ++ break; ++ case CRYPTO_RIPEMD160: ++ info.authsize = RIPEMD160_HASH_LEN; ++ break; ++ case CRYPTO_MD5_HMAC: ++ info.authsize = MD5_HASH_LEN; ++ break; ++ case CRYPTO_SHA1_HMAC: ++ info.authsize = SHA1_HASH_LEN; ++ break; ++ case CRYPTO_SHA2_256_HMAC: ++ info.authsize = SHA2_256_HASH_LEN; ++ break; ++ case CRYPTO_SHA2_384_HMAC: ++ info.authsize = SHA2_384_HASH_LEN; ++ break; ++ case CRYPTO_SHA2_512_HMAC: ++ info.authsize = SHA2_512_HASH_LEN; ++ break; ++ case CRYPTO_RIPEMD160_HMAC: ++ info.authsize = RIPEMD160_HASH_LEN; ++ break; ++ default: ++ dprintk("%s(%s) - bad mac\n", __FUNCTION__, CIOCGSESSSTR); ++ error = EINVAL; ++ goto bail; ++ } ++ ++ if (info.blocksize) { ++ crie.cri_alg = sop.cipher; ++ crie.cri_klen = sop.keylen * 8; ++ if ((info.maxkey && sop.keylen > info.maxkey) || ++ sop.keylen < info.minkey) { ++ dprintk("%s(%s) - bad key\n", __FUNCTION__, CIOCGSESSSTR); ++ error = EINVAL; ++ goto bail; ++ } ++ ++ crie.cri_key = (u_int8_t *) kmalloc(crie.cri_klen/8+1, GFP_KERNEL); ++ if (copy_from_user(crie.cri_key, sop.key, ++ crie.cri_klen/8)) { ++ dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR); ++ error = EFAULT; ++ goto bail; ++ } ++ if (info.authsize) ++ crie.cri_next = &cria; ++ } ++ ++ if (info.authsize) { ++ cria.cri_alg = sop.mac; ++ cria.cri_klen = sop.mackeylen * 8; ++ if ((info.maxkey && sop.mackeylen > info.maxkey) || ++ sop.keylen < info.minkey) { ++ dprintk("%s(%s) - mackeylen %d\n", __FUNCTION__, CIOCGSESSSTR, ++ sop.mackeylen); ++ error = EINVAL; ++ goto bail; ++ } ++ ++ if (cria.cri_klen) { ++ cria.cri_key = (u_int8_t *) kmalloc(cria.cri_klen/8,GFP_KERNEL); ++ if (copy_from_user(cria.cri_key, sop.mackey, ++ cria.cri_klen / 8)) { ++ dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR); ++ error = EFAULT; ++ goto bail; ++ } ++ } ++ } ++ ++ /* NB: CIOGSESSION2 has the crid */ ++ if (cmd == CIOCGSESSION2) { ++ crid = sop.crid; ++ error = checkcrid(crid); ++ if (error) { ++ dprintk("%s(%s) - checkcrid %x\n", __FUNCTION__, ++ CIOCGSESSSTR, error); ++ goto bail; ++ } ++ } else { ++ /* allow either HW or SW to be used */ ++ crid = CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE; ++ } ++ error = crypto_newsession(&sid, (info.blocksize ? &crie : &cria), crid); ++ if (error) { ++ dprintk("%s(%s) - newsession %d\n",__FUNCTION__,CIOCGSESSSTR,error); ++ goto bail; ++ } ++ ++ cse = csecreate(fcr, sid, &crie, &cria, &info); ++ if (cse == NULL) { ++ crypto_freesession(sid); ++ error = EINVAL; ++ dprintk("%s(%s) - csecreate failed\n", __FUNCTION__, CIOCGSESSSTR); ++ goto bail; ++ } ++ sop.ses = cse->ses; ++ ++ if (cmd == CIOCGSESSION2) { ++ /* return hardware/driver id */ ++ sop.crid = CRYPTO_SESID2HID(cse->sid); ++ } ++ ++ if (copy_to_user((void*)arg, &sop, (cmd == CIOCGSESSION) ? ++ sizeof(struct session_op) : sizeof(sop))) { ++ dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR); ++ error = EFAULT; ++ } ++bail: ++ if (error) { ++ dprintk("%s(%s) - bail %d\n", __FUNCTION__, CIOCGSESSSTR, error); ++ if (crie.cri_key) ++ kfree(crie.cri_key); ++ if (cria.cri_key) ++ kfree(cria.cri_key); ++ } ++ break; ++ case CIOCFSESSION: ++ dprintk("%s(CIOCFSESSION)\n", __FUNCTION__); ++ get_user(ses, (uint32_t*)arg); ++ cse = csefind(fcr, ses); ++ if (cse == NULL) { ++ error = EINVAL; ++ dprintk("%s(CIOCFSESSION) - Fail %d\n", __FUNCTION__, error); ++ break; ++ } ++ csedelete(fcr, cse); ++ error = csefree(cse); ++ break; ++ case CIOCCRYPT: ++ dprintk("%s(CIOCCRYPT)\n", __FUNCTION__); ++ if(copy_from_user(&cop, (void*)arg, sizeof(cop))) { ++ dprintk("%s(CIOCCRYPT) - bad copy\n", __FUNCTION__); ++ error = EFAULT; ++ goto bail; ++ } ++ cse = csefind(fcr, cop.ses); ++ if (cse == NULL) { ++ error = EINVAL; ++ dprintk("%s(CIOCCRYPT) - Fail %d\n", __FUNCTION__, error); ++ break; ++ } ++ error = cryptodev_op(cse, &cop); ++ if(copy_to_user((void*)arg, &cop, sizeof(cop))) { ++ dprintk("%s(CIOCCRYPT) - bad return copy\n", __FUNCTION__); ++ error = EFAULT; ++ goto bail; ++ } ++ break; ++ case CIOCKEY: ++ case CIOCKEY2: ++ dprintk("%s(CIOCKEY)\n", __FUNCTION__); ++ if (!crypto_userasymcrypto) ++ return (EPERM); /* XXX compat? */ ++ if(copy_from_user(&kop, (void*)arg, sizeof(kop))) { ++ dprintk("%s(CIOCKEY) - bad copy\n", __FUNCTION__); ++ error = EFAULT; ++ goto bail; ++ } ++ if (cmd == CIOCKEY) { ++ /* NB: crypto core enforces s/w driver use */ ++ kop.crk_crid = ++ CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE; ++ } ++ error = cryptodev_key(&kop); ++ if(copy_to_user((void*)arg, &kop, sizeof(kop))) { ++ dprintk("%s(CIOCGKEY) - bad return copy\n", __FUNCTION__); ++ error = EFAULT; ++ goto bail; ++ } ++ break; ++ case CIOCASYMFEAT: ++ dprintk("%s(CIOCASYMFEAT)\n", __FUNCTION__); ++ if (!crypto_userasymcrypto) { ++ /* ++ * NB: if user asym crypto operations are ++ * not permitted return "no algorithms" ++ * so well-behaved applications will just ++ * fallback to doing them in software. ++ */ ++ feat = 0; ++ } else ++ error = crypto_getfeat(&feat); ++ if (!error) { ++ error = copy_to_user((void*)arg, &feat, sizeof(feat)); ++ } ++ break; ++ case CIOCFINDDEV: ++ if (copy_from_user(&fop, (void*)arg, sizeof(fop))) { ++ dprintk("%s(CIOCFINDDEV) - bad copy\n", __FUNCTION__); ++ error = EFAULT; ++ goto bail; ++ } ++ error = cryptodev_find(&fop); ++ if (copy_to_user((void*)arg, &fop, sizeof(fop))) { ++ dprintk("%s(CIOCFINDDEV) - bad return copy\n", __FUNCTION__); ++ error = EFAULT; ++ goto bail; ++ } ++ break; ++ default: ++ dprintk("%s(unknown ioctl 0x%x)\n", __FUNCTION__, cmd); ++ error = EINVAL; ++ break; ++ } ++ return(-error); ++} ++ ++#ifdef HAVE_UNLOCKED_IOCTL ++static long ++cryptodev_unlocked_ioctl( ++ struct file *filp, ++ unsigned int cmd, ++ unsigned long arg) ++{ ++ return cryptodev_ioctl(NULL, filp, cmd, arg); ++} ++#endif ++ ++static int ++cryptodev_open(struct inode *inode, struct file *filp) ++{ ++ struct fcrypt *fcr; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ if (filp->private_data) { ++ printk("cryptodev: Private data already exists !\n"); ++ return(0); ++ } ++ ++ fcr = kmalloc(sizeof(*fcr), GFP_KERNEL); ++ if (!fcr) { ++ dprintk("%s() - malloc failed\n", __FUNCTION__); ++ return(-ENOMEM); ++ } ++ memset(fcr, 0, sizeof(*fcr)); ++ ++ INIT_LIST_HEAD(&fcr->csessions); ++ filp->private_data = fcr; ++ return(0); ++} ++ ++static int ++cryptodev_release(struct inode *inode, struct file *filp) ++{ ++ struct fcrypt *fcr = filp->private_data; ++ struct csession *cse, *tmp; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ if (!filp) { ++ printk("cryptodev: No private data on release\n"); ++ return(0); ++ } ++ ++ list_for_each_entry_safe(cse, tmp, &fcr->csessions, list) { ++ list_del(&cse->list); ++ (void)csefree(cse); ++ } ++ filp->private_data = NULL; ++ kfree(fcr); ++ return(0); ++} ++ ++static struct file_operations cryptodev_fops = { ++ .owner = THIS_MODULE, ++ .open = cryptodev_open, ++ .release = cryptodev_release, ++ .ioctl = cryptodev_ioctl, ++#ifdef HAVE_UNLOCKED_IOCTL ++ .unlocked_ioctl = cryptodev_unlocked_ioctl, ++#endif ++}; ++ ++static struct miscdevice cryptodev = { ++ .minor = CRYPTODEV_MINOR, ++ .name = "crypto", ++ .fops = &cryptodev_fops, ++}; ++ ++static int __init ++cryptodev_init(void) ++{ ++ int rc; ++ ++ dprintk("%s(%p)\n", __FUNCTION__, cryptodev_init); ++ rc = misc_register(&cryptodev); ++ if (rc) { ++ printk(KERN_ERR "cryptodev: registration of /dev/crypto failed\n"); ++ return(rc); ++ } ++ ++ return(0); ++} ++ ++static void __exit ++cryptodev_exit(void) ++{ ++ dprintk("%s()\n", __FUNCTION__); ++ misc_deregister(&cryptodev); ++} ++ ++module_init(cryptodev_init); ++module_exit(cryptodev_exit); ++ ++MODULE_LICENSE("BSD"); ++MODULE_AUTHOR("David McCullough <david_mccullough@securecomputing.com>"); ++MODULE_DESCRIPTION("Cryptodev (user interface to OCF)"); +--- /dev/null ++++ b/crypto/ocf/cryptodev.h +@@ -0,0 +1,478 @@ ++/* $FreeBSD: src/sys/opencrypto/cryptodev.h,v 1.25 2007/05/09 19:37:02 gnn Exp $ */ ++/* $OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $ */ ++ ++/*- ++ * Linux port done by David McCullough <david_mccullough@securecomputing.com> ++ * Copyright (C) 2006-2007 David McCullough ++ * Copyright (C) 2004-2005 Intel Corporation. ++ * The license and original author are listed below. ++ * ++ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) ++ * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting ++ * ++ * This code was written by Angelos D. Keromytis in Athens, Greece, in ++ * February 2000. Network Security Technologies Inc. (NSTI) kindly ++ * supported the development of this code. ++ * ++ * Copyright (c) 2000 Angelos D. Keromytis ++ * ++ * Permission to use, copy, and modify this software with or without fee ++ * is hereby granted, provided that this entire notice is included in ++ * all source code copies of any software which is or includes a copy or ++ * modification of this software. ++ * ++ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR ++ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY ++ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE ++ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR ++ * PURPOSE. ++ * ++ * Copyright (c) 2001 Theo de Raadt ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote products ++ * derived from this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ * Effort sponsored in part by the Defense Advanced Research Projects ++ * Agency (DARPA) and Air Force Research Laboratory, Air Force ++ * Materiel Command, USAF, under agreement number F30602-01-2-0537. ++ * ++ */ ++ ++#ifndef _CRYPTO_CRYPTO_H_ ++#define _CRYPTO_CRYPTO_H_ ++ ++/* Some initial values */ ++#define CRYPTO_DRIVERS_INITIAL 4 ++#define CRYPTO_SW_SESSIONS 32 ++ ++/* Hash values */ ++#define NULL_HASH_LEN 0 ++#define MD5_HASH_LEN 16 ++#define SHA1_HASH_LEN 20 ++#define RIPEMD160_HASH_LEN 20 ++#define SHA2_256_HASH_LEN 32 ++#define SHA2_384_HASH_LEN 48 ++#define SHA2_512_HASH_LEN 64 ++#define MD5_KPDK_HASH_LEN 16 ++#define SHA1_KPDK_HASH_LEN 20 ++/* Maximum hash algorithm result length */ ++#define HASH_MAX_LEN SHA2_512_HASH_LEN /* Keep this updated */ ++ ++/* HMAC values */ ++#define NULL_HMAC_BLOCK_LEN 1 ++#define MD5_HMAC_BLOCK_LEN 64 ++#define SHA1_HMAC_BLOCK_LEN 64 ++#define RIPEMD160_HMAC_BLOCK_LEN 64 ++#define SHA2_256_HMAC_BLOCK_LEN 64 ++#define SHA2_384_HMAC_BLOCK_LEN 128 ++#define SHA2_512_HMAC_BLOCK_LEN 128 ++/* Maximum HMAC block length */ ++#define HMAC_MAX_BLOCK_LEN SHA2_512_HMAC_BLOCK_LEN /* Keep this updated */ ++#define HMAC_IPAD_VAL 0x36 ++#define HMAC_OPAD_VAL 0x5C ++ ++/* Encryption algorithm block sizes */ ++#define NULL_BLOCK_LEN 1 ++#define DES_BLOCK_LEN 8 ++#define DES3_BLOCK_LEN 8 ++#define BLOWFISH_BLOCK_LEN 8 ++#define SKIPJACK_BLOCK_LEN 8 ++#define CAST128_BLOCK_LEN 8 ++#define RIJNDAEL128_BLOCK_LEN 16 ++#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN ++#define CAMELLIA_BLOCK_LEN 16 ++#define ARC4_BLOCK_LEN 1 ++#define EALG_MAX_BLOCK_LEN AES_BLOCK_LEN /* Keep this updated */ ++ ++/* Encryption algorithm min and max key sizes */ ++#define NULL_MIN_KEY_LEN 0 ++#define NULL_MAX_KEY_LEN 0 ++#define DES_MIN_KEY_LEN 8 ++#define DES_MAX_KEY_LEN 8 ++#define DES3_MIN_KEY_LEN 24 ++#define DES3_MAX_KEY_LEN 24 ++#define BLOWFISH_MIN_KEY_LEN 4 ++#define BLOWFISH_MAX_KEY_LEN 56 ++#define SKIPJACK_MIN_KEY_LEN 10 ++#define SKIPJACK_MAX_KEY_LEN 10 ++#define CAST128_MIN_KEY_LEN 5 ++#define CAST128_MAX_KEY_LEN 16 ++#define RIJNDAEL128_MIN_KEY_LEN 16 ++#define RIJNDAEL128_MAX_KEY_LEN 32 ++#define AES_MIN_KEY_LEN RIJNDAEL128_MIN_KEY_LEN ++#define AES_MAX_KEY_LEN RIJNDAEL128_MAX_KEY_LEN ++#define CAMELLIA_MIN_KEY_LEN 16 ++#define CAMELLIA_MAX_KEY_LEN 32 ++#define ARC4_MIN_KEY_LEN 1 ++#define ARC4_MAX_KEY_LEN 256 ++ ++/* Max size of data that can be processed */ ++#define CRYPTO_MAX_DATA_LEN 64*1024 - 1 ++ ++#define CRYPTO_ALGORITHM_MIN 1 ++#define CRYPTO_DES_CBC 1 ++#define CRYPTO_3DES_CBC 2 ++#define CRYPTO_BLF_CBC 3 ++#define CRYPTO_CAST_CBC 4 ++#define CRYPTO_SKIPJACK_CBC 5 ++#define CRYPTO_MD5_HMAC 6 ++#define CRYPTO_SHA1_HMAC 7 ++#define CRYPTO_RIPEMD160_HMAC 8 ++#define CRYPTO_MD5_KPDK 9 ++#define CRYPTO_SHA1_KPDK 10 ++#define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */ ++#define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */ ++#define CRYPTO_ARC4 12 ++#define CRYPTO_MD5 13 ++#define CRYPTO_SHA1 14 ++#define CRYPTO_NULL_HMAC 15 ++#define CRYPTO_NULL_CBC 16 ++#define CRYPTO_DEFLATE_COMP 17 /* Deflate compression algorithm */ ++#define CRYPTO_SHA2_256_HMAC 18 ++#define CRYPTO_SHA2_384_HMAC 19 ++#define CRYPTO_SHA2_512_HMAC 20 ++#define CRYPTO_CAMELLIA_CBC 21 ++#define CRYPTO_SHA2_256 22 ++#define CRYPTO_SHA2_384 23 ++#define CRYPTO_SHA2_512 24 ++#define CRYPTO_RIPEMD160 25 ++#define CRYPTO_ALGORITHM_MAX 25 /* Keep updated - see below */ ++ ++/* Algorithm flags */ ++#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */ ++#define CRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */ ++#define CRYPTO_ALG_FLAG_DSA_SHA 0x04 /* Can do SHA on msg */ ++ ++/* ++ * Crypto driver/device flags. They can set in the crid ++ * parameter when creating a session or submitting a key ++ * op to affect the device/driver assigned. If neither ++ * of these are specified then the crid is assumed to hold ++ * the driver id of an existing (and suitable) device that ++ * must be used to satisfy the request. ++ */ ++#define CRYPTO_FLAG_HARDWARE 0x01000000 /* hardware accelerated */ ++#define CRYPTO_FLAG_SOFTWARE 0x02000000 /* software implementation */ ++ ++/* NB: deprecated */ ++struct session_op { ++ u_int32_t cipher; /* ie. CRYPTO_DES_CBC */ ++ u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */ ++ ++ u_int32_t keylen; /* cipher key */ ++ caddr_t key; ++ int mackeylen; /* mac key */ ++ caddr_t mackey; ++ ++ u_int32_t ses; /* returns: session # */ ++}; ++ ++struct session2_op { ++ u_int32_t cipher; /* ie. CRYPTO_DES_CBC */ ++ u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */ ++ ++ u_int32_t keylen; /* cipher key */ ++ caddr_t key; ++ int mackeylen; /* mac key */ ++ caddr_t mackey; ++ ++ u_int32_t ses; /* returns: session # */ ++ int crid; /* driver id + flags (rw) */ ++ int pad[4]; /* for future expansion */ ++}; ++ ++struct crypt_op { ++ u_int32_t ses; ++ u_int16_t op; /* i.e. COP_ENCRYPT */ ++#define COP_NONE 0 ++#define COP_ENCRYPT 1 ++#define COP_DECRYPT 2 ++ u_int16_t flags; ++#define COP_F_BATCH 0x0008 /* Batch op if possible */ ++ u_int len; ++ caddr_t src, dst; /* become iov[] inside kernel */ ++ caddr_t mac; /* must be big enough for chosen MAC */ ++ caddr_t iv; ++}; ++ ++/* ++ * Parameters for looking up a crypto driver/device by ++ * device name or by id. The latter are returned for ++ * created sessions (crid) and completed key operations. ++ */ ++struct crypt_find_op { ++ int crid; /* driver id + flags */ ++ char name[32]; /* device/driver name */ ++}; ++ ++/* bignum parameter, in packed bytes, ... */ ++struct crparam { ++ caddr_t crp_p; ++ u_int crp_nbits; ++}; ++ ++#define CRK_MAXPARAM 8 ++ ++struct crypt_kop { ++ u_int crk_op; /* ie. CRK_MOD_EXP or other */ ++ u_int crk_status; /* return status */ ++ u_short crk_iparams; /* # of input parameters */ ++ u_short crk_oparams; /* # of output parameters */ ++ u_int crk_crid; /* NB: only used by CIOCKEY2 (rw) */ ++ struct crparam crk_param[CRK_MAXPARAM]; ++}; ++#define CRK_ALGORITM_MIN 0 ++#define CRK_MOD_EXP 0 ++#define CRK_MOD_EXP_CRT 1 ++#define CRK_DSA_SIGN 2 ++#define CRK_DSA_VERIFY 3 ++#define CRK_DH_COMPUTE_KEY 4 ++#define CRK_ALGORITHM_MAX 4 /* Keep updated - see below */ ++ ++#define CRF_MOD_EXP (1 << CRK_MOD_EXP) ++#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) ++#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) ++#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) ++#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) ++ ++/* ++ * done against open of /dev/crypto, to get a cloned descriptor. ++ * Please use F_SETFD against the cloned descriptor. ++ */ ++#define CRIOGET _IOWR('c', 100, u_int32_t) ++#define CRIOASYMFEAT CIOCASYMFEAT ++#define CRIOFINDDEV CIOCFINDDEV ++ ++/* the following are done against the cloned descriptor */ ++#define CIOCGSESSION _IOWR('c', 101, struct session_op) ++#define CIOCFSESSION _IOW('c', 102, u_int32_t) ++#define CIOCCRYPT _IOWR('c', 103, struct crypt_op) ++#define CIOCKEY _IOWR('c', 104, struct crypt_kop) ++#define CIOCASYMFEAT _IOR('c', 105, u_int32_t) ++#define CIOCGSESSION2 _IOWR('c', 106, struct session2_op) ++#define CIOCKEY2 _IOWR('c', 107, struct crypt_kop) ++#define CIOCFINDDEV _IOWR('c', 108, struct crypt_find_op) ++ ++struct cryptotstat { ++ struct timespec acc; /* total accumulated time */ ++ struct timespec min; /* min time */ ++ struct timespec max; /* max time */ ++ u_int32_t count; /* number of observations */ ++}; ++ ++struct cryptostats { ++ u_int32_t cs_ops; /* symmetric crypto ops submitted */ ++ u_int32_t cs_errs; /* symmetric crypto ops that failed */ ++ u_int32_t cs_kops; /* asymetric/key ops submitted */ ++ u_int32_t cs_kerrs; /* asymetric/key ops that failed */ ++ u_int32_t cs_intrs; /* crypto swi thread activations */ ++ u_int32_t cs_rets; /* crypto return thread activations */ ++ u_int32_t cs_blocks; /* symmetric op driver block */ ++ u_int32_t cs_kblocks; /* symmetric op driver block */ ++ /* ++ * When CRYPTO_TIMING is defined at compile time and the ++ * sysctl debug.crypto is set to 1, the crypto system will ++ * accumulate statistics about how long it takes to process ++ * crypto requests at various points during processing. ++ */ ++ struct cryptotstat cs_invoke; /* crypto_dipsatch -> crypto_invoke */ ++ struct cryptotstat cs_done; /* crypto_invoke -> crypto_done */ ++ struct cryptotstat cs_cb; /* crypto_done -> callback */ ++ struct cryptotstat cs_finis; /* callback -> callback return */ ++ ++ u_int32_t cs_drops; /* crypto ops dropped due to congestion */ ++}; ++ ++#ifdef __KERNEL__ ++ ++/* Standard initialization structure beginning */ ++struct cryptoini { ++ int cri_alg; /* Algorithm to use */ ++ int cri_klen; /* Key length, in bits */ ++ int cri_mlen; /* Number of bytes we want from the ++ entire hash. 0 means all. */ ++ caddr_t cri_key; /* key to use */ ++ u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */ ++ struct cryptoini *cri_next; ++}; ++ ++/* Describe boundaries of a single crypto operation */ ++struct cryptodesc { ++ int crd_skip; /* How many bytes to ignore from start */ ++ int crd_len; /* How many bytes to process */ ++ int crd_inject; /* Where to inject results, if applicable */ ++ int crd_flags; ++ ++#define CRD_F_ENCRYPT 0x01 /* Set when doing encryption */ ++#define CRD_F_IV_PRESENT 0x02 /* When encrypting, IV is already in ++ place, so don't copy. */ ++#define CRD_F_IV_EXPLICIT 0x04 /* IV explicitly provided */ ++#define CRD_F_DSA_SHA_NEEDED 0x08 /* Compute SHA-1 of buffer for DSA */ ++#define CRD_F_KEY_EXPLICIT 0x10 /* Key explicitly provided */ ++#define CRD_F_COMP 0x0f /* Set when doing compression */ ++ ++ struct cryptoini CRD_INI; /* Initialization/context data */ ++#define crd_iv CRD_INI.cri_iv ++#define crd_key CRD_INI.cri_key ++#define crd_alg CRD_INI.cri_alg ++#define crd_klen CRD_INI.cri_klen ++ ++ struct cryptodesc *crd_next; ++}; ++ ++/* Structure describing complete operation */ ++struct cryptop { ++ struct list_head crp_next; ++ wait_queue_head_t crp_waitq; ++ ++ u_int64_t crp_sid; /* Session ID */ ++ int crp_ilen; /* Input data total length */ ++ int crp_olen; /* Result total length */ ++ ++ int crp_etype; /* ++ * Error type (zero means no error). ++ * All error codes except EAGAIN ++ * indicate possible data corruption (as in, ++ * the data have been touched). On all ++ * errors, the crp_sid may have changed ++ * (reset to a new one), so the caller ++ * should always check and use the new ++ * value on future requests. ++ */ ++ int crp_flags; ++ ++#define CRYPTO_F_SKBUF 0x0001 /* Input/output are skbuf chains */ ++#define CRYPTO_F_IOV 0x0002 /* Input/output are uio */ ++#define CRYPTO_F_REL 0x0004 /* Must return data in same place */ ++#define CRYPTO_F_BATCH 0x0008 /* Batch op if possible */ ++#define CRYPTO_F_CBIMM 0x0010 /* Do callback immediately */ ++#define CRYPTO_F_DONE 0x0020 /* Operation completed */ ++#define CRYPTO_F_CBIFSYNC 0x0040 /* Do CBIMM if op is synchronous */ ++ ++ caddr_t crp_buf; /* Data to be processed */ ++ caddr_t crp_opaque; /* Opaque pointer, passed along */ ++ struct cryptodesc *crp_desc; /* Linked list of processing descriptors */ ++ ++ int (*crp_callback)(struct cryptop *); /* Callback function */ ++}; ++ ++#define CRYPTO_BUF_CONTIG 0x0 ++#define CRYPTO_BUF_IOV 0x1 ++#define CRYPTO_BUF_SKBUF 0x2 ++ ++#define CRYPTO_OP_DECRYPT 0x0 ++#define CRYPTO_OP_ENCRYPT 0x1 ++ ++/* ++ * Hints passed to process methods. ++ */ ++#define CRYPTO_HINT_MORE 0x1 /* more ops coming shortly */ ++ ++struct cryptkop { ++ struct list_head krp_next; ++ wait_queue_head_t krp_waitq; ++ ++ int krp_flags; ++#define CRYPTO_KF_DONE 0x0001 /* Operation completed */ ++#define CRYPTO_KF_CBIMM 0x0002 /* Do callback immediately */ ++ ++ u_int krp_op; /* ie. CRK_MOD_EXP or other */ ++ u_int krp_status; /* return status */ ++ u_short krp_iparams; /* # of input parameters */ ++ u_short krp_oparams; /* # of output parameters */ ++ u_int krp_crid; /* desired device, etc. */ ++ u_int32_t krp_hid; ++ struct crparam krp_param[CRK_MAXPARAM]; /* kvm */ ++ int (*krp_callback)(struct cryptkop *); ++}; ++ ++#include <ocf-compat.h> ++ ++/* ++ * Session ids are 64 bits. The lower 32 bits contain a "local id" which ++ * is a driver-private session identifier. The upper 32 bits contain a ++ * "hardware id" used by the core crypto code to identify the driver and ++ * a copy of the driver's capabilities that can be used by client code to ++ * optimize operation. ++ */ ++#define CRYPTO_SESID2HID(_sid) (((_sid) >> 32) & 0x00ffffff) ++#define CRYPTO_SESID2CAPS(_sid) (((_sid) >> 32) & 0xff000000) ++#define CRYPTO_SESID2LID(_sid) (((u_int32_t) (_sid)) & 0xffffffff) ++ ++extern int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard); ++extern int crypto_freesession(u_int64_t sid); ++#define CRYPTOCAP_F_HARDWARE CRYPTO_FLAG_HARDWARE ++#define CRYPTOCAP_F_SOFTWARE CRYPTO_FLAG_SOFTWARE ++#define CRYPTOCAP_F_SYNC 0x04000000 /* operates synchronously */ ++extern int32_t crypto_get_driverid(device_t dev, int flags); ++extern int crypto_find_driver(const char *); ++extern device_t crypto_find_device_byhid(int hid); ++extern int crypto_getcaps(int hid); ++extern int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen, ++ u_int32_t flags); ++extern int crypto_kregister(u_int32_t, int, u_int32_t); ++extern int crypto_unregister(u_int32_t driverid, int alg); ++extern int crypto_unregister_all(u_int32_t driverid); ++extern int crypto_dispatch(struct cryptop *crp); ++extern int crypto_kdispatch(struct cryptkop *); ++#define CRYPTO_SYMQ 0x1 ++#define CRYPTO_ASYMQ 0x2 ++extern int crypto_unblock(u_int32_t, int); ++extern void crypto_done(struct cryptop *crp); ++extern void crypto_kdone(struct cryptkop *); ++extern int crypto_getfeat(int *); ++ ++extern void crypto_freereq(struct cryptop *crp); ++extern struct cryptop *crypto_getreq(int num); ++ ++extern int crypto_usercrypto; /* userland may do crypto requests */ ++extern int crypto_userasymcrypto; /* userland may do asym crypto reqs */ ++extern int crypto_devallowsoft; /* only use hardware crypto */ ++ ++/* ++ * random number support, crypto_unregister_all will unregister ++ */ ++extern int crypto_rregister(u_int32_t driverid, ++ int (*read_random)(void *arg, u_int32_t *buf, int len), void *arg); ++extern int crypto_runregister_all(u_int32_t driverid); ++ ++/* ++ * Crypto-related utility routines used mainly by drivers. ++ * ++ * XXX these don't really belong here; but for now they're ++ * kept apart from the rest of the system. ++ */ ++struct uio; ++extern void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp); ++extern void cuio_copyback(struct uio* uio, int off, int len, caddr_t cp); ++extern struct iovec *cuio_getptr(struct uio *uio, int loc, int *off); ++ ++extern void crypto_copyback(int flags, caddr_t buf, int off, int size, ++ caddr_t in); ++extern void crypto_copydata(int flags, caddr_t buf, int off, int size, ++ caddr_t out); ++extern int crypto_apply(int flags, caddr_t buf, int off, int len, ++ int (*f)(void *, void *, u_int), void *arg); ++ ++#endif /* __KERNEL__ */ ++#endif /* _CRYPTO_CRYPTO_H_ */ +--- /dev/null ++++ b/crypto/ocf/ocfnull/ocfnull.c +@@ -0,0 +1,203 @@ ++/* ++ * An OCF module for determining the cost of crypto versus the cost of ++ * IPSec processing outside of OCF. This modules gives us the effect of ++ * zero cost encryption, of course you will need to run it at both ends ++ * since it does no crypto at all. ++ * ++ * Written by David McCullough <david_mccullough@securecomputing.com> ++ * Copyright (C) 2006-2007 David McCullough ++ * ++ * LICENSE TERMS ++ * ++ * The free distribution and use of this software in both source and binary ++ * form is allowed (with or without changes) provided that: ++ * ++ * 1. distributions of this source code include the above copyright ++ * notice, this list of conditions and the following disclaimer; ++ * ++ * 2. distributions in binary form include the above copyright ++ * notice, this list of conditions and the following disclaimer ++ * in the documentation and/or other associated materials; ++ * ++ * 3. the copyright holder's name is not used to endorse products ++ * built using this software without specific written permission. ++ * ++ * ALTERNATIVELY, provided that this notice is retained in full, this product ++ * may be distributed under the terms of the GNU General Public License (GPL), ++ * in which case the provisions of the GPL apply INSTEAD OF those given above. ++ * ++ * DISCLAIMER ++ * ++ * This software is provided 'as is' with no explicit or implied warranties ++ * in respect of its properties, including, but not limited to, correctness ++ * and/or fitness for purpose. ++ */ ++ ++#ifndef AUTOCONF_INCLUDED ++#include <linux/config.h> ++#endif ++#include <linux/module.h> ++#include <linux/init.h> ++#include <linux/list.h> ++#include <linux/slab.h> ++#include <linux/sched.h> ++#include <linux/wait.h> ++#include <linux/crypto.h> ++#include <linux/interrupt.h> ++ ++#include <cryptodev.h> ++#include <uio.h> ++ ++static int32_t null_id = -1; ++static u_int32_t null_sesnum = 0; ++ ++static int null_process(device_t, struct cryptop *, int); ++static int null_newsession(device_t, u_int32_t *, struct cryptoini *); ++static int null_freesession(device_t, u_int64_t); ++ ++#define debug ocfnull_debug ++int ocfnull_debug = 0; ++module_param(ocfnull_debug, int, 0644); ++MODULE_PARM_DESC(ocfnull_debug, "Enable debug"); ++ ++/* ++ * dummy device structure ++ */ ++ ++static struct { ++ softc_device_decl sc_dev; ++} nulldev; ++ ++static device_method_t null_methods = { ++ /* crypto device methods */ ++ DEVMETHOD(cryptodev_newsession, null_newsession), ++ DEVMETHOD(cryptodev_freesession,null_freesession), ++ DEVMETHOD(cryptodev_process, null_process), ++}; ++ ++/* ++ * Generate a new software session. ++ */ ++static int ++null_newsession(device_t arg, u_int32_t *sid, struct cryptoini *cri) ++{ ++ dprintk("%s()\n", __FUNCTION__); ++ if (sid == NULL || cri == NULL) { ++ dprintk("%s,%d - EINVAL\n", __FILE__, __LINE__); ++ return EINVAL; ++ } ++ ++ if (null_sesnum == 0) ++ null_sesnum++; ++ *sid = null_sesnum++; ++ return 0; ++} ++ ++ ++/* ++ * Free a session. ++ */ ++static int ++null_freesession(device_t arg, u_int64_t tid) ++{ ++ u_int32_t sid = CRYPTO_SESID2LID(tid); ++ ++ dprintk("%s()\n", __FUNCTION__); ++ if (sid > null_sesnum) { ++ dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); ++ return EINVAL; ++ } ++ ++ /* Silently accept and return */ ++ if (sid == 0) ++ return 0; ++ return 0; ++} ++ ++ ++/* ++ * Process a request. ++ */ ++static int ++null_process(device_t arg, struct cryptop *crp, int hint) ++{ ++ unsigned int lid; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ ++ /* Sanity check */ ++ if (crp == NULL) { ++ dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); ++ return EINVAL; ++ } ++ ++ crp->crp_etype = 0; ++ ++ if (crp->crp_desc == NULL || crp->crp_buf == NULL) { ++ dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); ++ crp->crp_etype = EINVAL; ++ goto done; ++ } ++ ++ /* ++ * find the session we are using ++ */ ++ ++ lid = crp->crp_sid & 0xffffffff; ++ if (lid >= null_sesnum || lid == 0) { ++ crp->crp_etype = ENOENT; ++ dprintk("%s,%d: ENOENT\n", __FILE__, __LINE__); ++ goto done; ++ } ++ ++done: ++ crypto_done(crp); ++ return 0; ++} ++ ++ ++/* ++ * our driver startup and shutdown routines ++ */ ++ ++static int ++null_init(void) ++{ ++ dprintk("%s(%p)\n", __FUNCTION__, null_init); ++ ++ memset(&nulldev, 0, sizeof(nulldev)); ++ softc_device_init(&nulldev, "ocfnull", 0, null_methods); ++ ++ null_id = crypto_get_driverid(softc_get_device(&nulldev), ++ CRYPTOCAP_F_HARDWARE); ++ if (null_id < 0) ++ panic("ocfnull: crypto device cannot initialize!"); ++ ++#define REGISTER(alg) \ ++ crypto_register(null_id,alg,0,0) ++ REGISTER(CRYPTO_DES_CBC); ++ REGISTER(CRYPTO_3DES_CBC); ++ REGISTER(CRYPTO_RIJNDAEL128_CBC); ++ REGISTER(CRYPTO_MD5); ++ REGISTER(CRYPTO_SHA1); ++ REGISTER(CRYPTO_MD5_HMAC); ++ REGISTER(CRYPTO_SHA1_HMAC); ++#undef REGISTER ++ ++ return 0; ++} ++ ++static void ++null_exit(void) ++{ ++ dprintk("%s()\n", __FUNCTION__); ++ crypto_unregister_all(null_id); ++ null_id = -1; ++} ++ ++module_init(null_init); ++module_exit(null_exit); ++ ++MODULE_LICENSE("Dual BSD/GPL"); ++MODULE_AUTHOR("David McCullough <david_mccullough@securecomputing.com>"); ++MODULE_DESCRIPTION("ocfnull - claims a lot but does nothing"); +--- /dev/null ++++ b/crypto/ocf/cryptosoft.c +@@ -0,0 +1,898 @@ ++/* ++ * An OCF module that uses the linux kernel cryptoapi, based on the ++ * original cryptosoft for BSD by Angelos D. Keromytis (angelos@cis.upenn.edu) ++ * but is mostly unrecognisable, ++ * ++ * Written by David McCullough <david_mccullough@securecomputing.com> ++ * Copyright (C) 2004-2007 David McCullough ++ * Copyright (C) 2004-2005 Intel Corporation. ++ * ++ * LICENSE TERMS ++ * ++ * The free distribution and use of this software in both source and binary ++ * form is allowed (with or without changes) provided that: ++ * ++ * 1. distributions of this source code include the above copyright ++ * notice, this list of conditions and the following disclaimer; ++ * ++ * 2. distributions in binary form include the above copyright ++ * notice, this list of conditions and the following disclaimer ++ * in the documentation and/or other associated materials; ++ * ++ * 3. the copyright holder's name is not used to endorse products ++ * built using this software without specific written permission. ++ * ++ * ALTERNATIVELY, provided that this notice is retained in full, this product ++ * may be distributed under the terms of the GNU General Public License (GPL), ++ * in which case the provisions of the GPL apply INSTEAD OF those given above. ++ * ++ * DISCLAIMER ++ * ++ * This software is provided 'as is' with no explicit or implied warranties ++ * in respect of its properties, including, but not limited to, correctness ++ * and/or fitness for purpose. ++ * --------------------------------------------------------------------------- ++ */ ++ ++#ifndef AUTOCONF_INCLUDED ++#include <linux/config.h> ++#endif ++#include <linux/module.h> ++#include <linux/init.h> ++#include <linux/list.h> ++#include <linux/slab.h> ++#include <linux/sched.h> ++#include <linux/wait.h> ++#include <linux/crypto.h> ++#include <linux/mm.h> ++#include <linux/skbuff.h> ++#include <linux/random.h> ++#include <asm/scatterlist.h> ++ ++#include <cryptodev.h> ++#include <uio.h> ++ ++struct { ++ softc_device_decl sc_dev; ++} swcr_softc; ++ ++#define offset_in_page(p) ((unsigned long)(p) & ~PAGE_MASK) ++ ++/* Software session entry */ ++ ++#define SW_TYPE_CIPHER 0 ++#define SW_TYPE_HMAC 1 ++#define SW_TYPE_AUTH2 2 ++#define SW_TYPE_HASH 3 ++#define SW_TYPE_COMP 4 ++#define SW_TYPE_BLKCIPHER 5 ++ ++struct swcr_data { ++ int sw_type; ++ int sw_alg; ++ struct crypto_tfm *sw_tfm; ++ union { ++ struct { ++ char *sw_key; ++ int sw_klen; ++ int sw_mlen; ++ } hmac; ++ void *sw_comp_buf; ++ } u; ++ struct swcr_data *sw_next; ++}; ++ ++#ifndef CRYPTO_TFM_MODE_CBC ++/* ++ * As of linux-2.6.21 this is no longer defined, and presumably no longer ++ * needed to be passed into the crypto core code. ++ */ ++#define CRYPTO_TFM_MODE_CBC 0 ++#define CRYPTO_TFM_MODE_ECB 0 ++#endif ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) ++ /* ++ * Linux 2.6.19 introduced a new Crypto API, setup macro's to convert new ++ * API into old API. ++ */ ++ ++ /* Symmetric/Block Cipher */ ++ struct blkcipher_desc ++ { ++ struct crypto_tfm *tfm; ++ void *info; ++ }; ++ #define ecb(X) #X ++ #define cbc(X) #X ++ #define crypto_has_blkcipher(X, Y, Z) crypto_alg_available(X, 0) ++ #define crypto_blkcipher_cast(X) X ++ #define crypto_blkcipher_tfm(X) X ++ #define crypto_alloc_blkcipher(X, Y, Z) crypto_alloc_tfm(X, mode) ++ #define crypto_blkcipher_ivsize(X) crypto_tfm_alg_ivsize(X) ++ #define crypto_blkcipher_blocksize(X) crypto_tfm_alg_blocksize(X) ++ #define crypto_blkcipher_setkey(X, Y, Z) crypto_cipher_setkey(X, Y, Z) ++ #define crypto_blkcipher_encrypt_iv(W, X, Y, Z) \ ++ crypto_cipher_encrypt_iv((W)->tfm, X, Y, Z, (u8 *)((W)->info)) ++ #define crypto_blkcipher_decrypt_iv(W, X, Y, Z) \ ++ crypto_cipher_decrypt_iv((W)->tfm, X, Y, Z, (u8 *)((W)->info)) ++ ++ /* Hash/HMAC/Digest */ ++ struct hash_desc ++ { ++ struct crypto_tfm *tfm; ++ }; ++ #define hmac(X) #X ++ #define crypto_has_hash(X, Y, Z) crypto_alg_available(X, 0) ++ #define crypto_hash_cast(X) X ++ #define crypto_hash_tfm(X) X ++ #define crypto_alloc_hash(X, Y, Z) crypto_alloc_tfm(X, mode) ++ #define crypto_hash_digestsize(X) crypto_tfm_alg_digestsize(X) ++ #define crypto_hash_digest(W, X, Y, Z) \ ++ crypto_digest_digest((W)->tfm, X, sg_num, Z) ++ ++ /* Asymmetric Cipher */ ++ #define crypto_has_cipher(X, Y, Z) crypto_alg_available(X, 0) ++ ++ /* Compression */ ++ #define crypto_has_comp(X, Y, Z) crypto_alg_available(X, 0) ++ #define crypto_comp_tfm(X) X ++ #define crypto_comp_cast(X) X ++ #define crypto_alloc_comp(X, Y, Z) crypto_alloc_tfm(X, mode) ++#else ++ #define ecb(X) "ecb(" #X ")" ++ #define cbc(X) "cbc(" #X ")" ++ #define hmac(X) "hmac(" #X ")" ++#endif /* if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) */ ++ ++struct crypto_details ++{ ++ char *alg_name; ++ int mode; ++ int sw_type; ++}; ++ ++/* ++ * This needs to be kept updated with CRYPTO_xxx list (cryptodev.h). ++ * If the Algorithm is not supported, then insert a {NULL, 0, 0} entry. ++ * ++ * IMPORTANT: The index to the array IS CRYPTO_xxx. ++ */ ++static struct crypto_details crypto_details[CRYPTO_ALGORITHM_MAX + 1] = { ++ { NULL, 0, 0 }, ++ /* CRYPTO_xxx index starts at 1 */ ++ { cbc(des), CRYPTO_TFM_MODE_CBC, SW_TYPE_BLKCIPHER }, ++ { cbc(des3_ede), CRYPTO_TFM_MODE_CBC, SW_TYPE_BLKCIPHER }, ++ { cbc(blowfish), CRYPTO_TFM_MODE_CBC, SW_TYPE_BLKCIPHER }, ++ { cbc(cast5), CRYPTO_TFM_MODE_CBC, SW_TYPE_BLKCIPHER }, ++ { cbc(skipjack), CRYPTO_TFM_MODE_CBC, SW_TYPE_BLKCIPHER }, ++ { hmac(md5), 0, SW_TYPE_HMAC }, ++ { hmac(sha1), 0, SW_TYPE_HMAC }, ++ { hmac(ripemd160), 0, SW_TYPE_HMAC }, ++ { "md5-kpdk??", 0, SW_TYPE_HASH }, ++ { "sha1-kpdk??", 0, SW_TYPE_HASH }, ++ { cbc(aes), CRYPTO_TFM_MODE_CBC, SW_TYPE_BLKCIPHER }, ++ { ecb(arc4), CRYPTO_TFM_MODE_ECB, SW_TYPE_BLKCIPHER }, ++ { "md5", 0, SW_TYPE_HASH }, ++ { "sha1", 0, SW_TYPE_HASH }, ++ { hmac(digest_null), 0, SW_TYPE_HMAC }, ++ { cbc(cipher_null), CRYPTO_TFM_MODE_CBC, SW_TYPE_BLKCIPHER }, ++ { "deflate", 0, SW_TYPE_COMP }, ++ { hmac(sha256), 0, SW_TYPE_HMAC }, ++ { hmac(sha384), 0, SW_TYPE_HMAC }, ++ { hmac(sha512), 0, SW_TYPE_HMAC }, ++ { cbc(camellia), CRYPTO_TFM_MODE_CBC, SW_TYPE_BLKCIPHER }, ++ { "sha256", 0, SW_TYPE_HASH }, ++ { "sha384", 0, SW_TYPE_HASH }, ++ { "sha512", 0, SW_TYPE_HASH }, ++ { "ripemd160", 0, SW_TYPE_HASH }, ++}; ++ ++int32_t swcr_id = -1; ++module_param(swcr_id, int, 0444); ++MODULE_PARM_DESC(swcr_id, "Read-Only OCF ID for cryptosoft driver"); ++ ++int swcr_fail_if_compression_grows = 1; ++module_param(swcr_fail_if_compression_grows, int, 0644); ++MODULE_PARM_DESC(swcr_fail_if_compression_grows, ++ "Treat compression that results in more data as a failure"); ++ ++static struct swcr_data **swcr_sessions = NULL; ++static u_int32_t swcr_sesnum = 0; ++ ++static int swcr_process(device_t, struct cryptop *, int); ++static int swcr_newsession(device_t, u_int32_t *, struct cryptoini *); ++static int swcr_freesession(device_t, u_int64_t); ++ ++static device_method_t swcr_methods = { ++ /* crypto device methods */ ++ DEVMETHOD(cryptodev_newsession, swcr_newsession), ++ DEVMETHOD(cryptodev_freesession,swcr_freesession), ++ DEVMETHOD(cryptodev_process, swcr_process), ++}; ++ ++#define debug swcr_debug ++int swcr_debug = 0; ++module_param(swcr_debug, int, 0644); ++MODULE_PARM_DESC(swcr_debug, "Enable debug"); ++ ++/* ++ * Generate a new software session. ++ */ ++static int ++swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri) ++{ ++ struct swcr_data **swd; ++ u_int32_t i; ++ int error; ++ char *algo; ++ int mode, sw_type; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ if (sid == NULL || cri == NULL) { ++ dprintk("%s,%d - EINVAL\n", __FILE__, __LINE__); ++ return EINVAL; ++ } ++ ++ if (swcr_sessions) { ++ for (i = 1; i < swcr_sesnum; i++) ++ if (swcr_sessions[i] == NULL) ++ break; ++ } else ++ i = 1; /* NB: to silence compiler warning */ ++ ++ if (swcr_sessions == NULL || i == swcr_sesnum) { ++ if (swcr_sessions == NULL) { ++ i = 1; /* We leave swcr_sessions[0] empty */ ++ swcr_sesnum = CRYPTO_SW_SESSIONS; ++ } else ++ swcr_sesnum *= 2; ++ ++ swd = kmalloc(swcr_sesnum * sizeof(struct swcr_data *), SLAB_ATOMIC); ++ if (swd == NULL) { ++ /* Reset session number */ ++ if (swcr_sesnum == CRYPTO_SW_SESSIONS) ++ swcr_sesnum = 0; ++ else ++ swcr_sesnum /= 2; ++ dprintk("%s,%d: ENOBUFS\n", __FILE__, __LINE__); ++ return ENOBUFS; ++ } ++ memset(swd, 0, swcr_sesnum * sizeof(struct swcr_data *)); ++ ++ /* Copy existing sessions */ ++ if (swcr_sessions) { ++ memcpy(swd, swcr_sessions, ++ (swcr_sesnum / 2) * sizeof(struct swcr_data *)); ++ kfree(swcr_sessions); ++ } ++ ++ swcr_sessions = swd; ++ } ++ ++ swd = &swcr_sessions[i]; ++ *sid = i; ++ ++ while (cri) { ++ *swd = (struct swcr_data *) kmalloc(sizeof(struct swcr_data), ++ SLAB_ATOMIC); ++ if (*swd == NULL) { ++ swcr_freesession(NULL, i); ++ dprintk("%s,%d: ENOBUFS\n", __FILE__, __LINE__); ++ return ENOBUFS; ++ } ++ memset(*swd, 0, sizeof(struct swcr_data)); ++ ++ if (cri->cri_alg > CRYPTO_ALGORITHM_MAX) { ++ printk("cryptosoft: Unknown algorithm 0x%x\n", cri->cri_alg); ++ swcr_freesession(NULL, i); ++ return EINVAL; ++ } ++ ++ algo = crypto_details[cri->cri_alg].alg_name; ++ if (!algo || !*algo) { ++ printk("cryptosoft: Unsupported algorithm 0x%x\n", cri->cri_alg); ++ swcr_freesession(NULL, i); ++ return EINVAL; ++ } ++ ++ mode = crypto_details[cri->cri_alg].mode; ++ sw_type = crypto_details[cri->cri_alg].sw_type; ++ ++ /* Algorithm specific configuration */ ++ switch (cri->cri_alg) { ++ case CRYPTO_NULL_CBC: ++ cri->cri_klen = 0; /* make it work with crypto API */ ++ break; ++ default: ++ break; ++ } ++ ++ if (sw_type == SW_TYPE_BLKCIPHER) { ++ dprintk("%s crypto_alloc_blkcipher(%s, 0x%x)\n", __FUNCTION__, ++ algo, mode); ++ ++ (*swd)->sw_tfm = crypto_blkcipher_tfm( ++ crypto_alloc_blkcipher(algo, 0, ++ CRYPTO_ALG_ASYNC)); ++ if (!(*swd)->sw_tfm) { ++ dprintk("cryptosoft: crypto_alloc_blkcipher failed(%s,0x%x)\n", ++ algo,mode); ++ swcr_freesession(NULL, i); ++ return EINVAL; ++ } ++ ++ if (debug) { ++ dprintk("%s key:cri->cri_klen=%d,(cri->cri_klen + 7)/8=%d", ++ __FUNCTION__,cri->cri_klen,(cri->cri_klen + 7)/8); ++ for (i = 0; i < (cri->cri_klen + 7) / 8; i++) ++ { ++ dprintk("%s0x%x", (i % 8) ? " " : "\n ",cri->cri_key[i]); ++ } ++ dprintk("\n"); ++ } ++ error = crypto_blkcipher_setkey( ++ crypto_blkcipher_cast((*swd)->sw_tfm), cri->cri_key, ++ (cri->cri_klen + 7) / 8); ++ if (error) { ++ printk("cryptosoft: setkey failed %d (crt_flags=0x%x)\n", error, ++ (*swd)->sw_tfm->crt_flags); ++ swcr_freesession(NULL, i); ++ return error; ++ } ++ } else if (sw_type == SW_TYPE_HMAC || sw_type == SW_TYPE_HASH) { ++ dprintk("%s crypto_alloc_hash(%s, 0x%x)\n", __FUNCTION__, ++ algo, mode); ++ ++ (*swd)->sw_tfm = crypto_hash_tfm( ++ crypto_alloc_hash(algo, 0, CRYPTO_ALG_ASYNC)); ++ ++ if (!(*swd)->sw_tfm) { ++ dprintk("cryptosoft: crypto_alloc_hash failed(%s,0x%x)\n", ++ algo, mode); ++ swcr_freesession(NULL, i); ++ return EINVAL; ++ } ++ ++ (*swd)->u.hmac.sw_klen = (cri->cri_klen + 7) / 8; ++ (*swd)->u.hmac.sw_key = (char *)kmalloc((*swd)->u.hmac.sw_klen, ++ SLAB_ATOMIC); ++ if ((*swd)->u.hmac.sw_key == NULL) { ++ swcr_freesession(NULL, i); ++ dprintk("%s,%d: ENOBUFS\n", __FILE__, __LINE__); ++ return ENOBUFS; ++ } ++ memcpy((*swd)->u.hmac.sw_key, cri->cri_key, (*swd)->u.hmac.sw_klen); ++ if (cri->cri_mlen) { ++ (*swd)->u.hmac.sw_mlen = cri->cri_mlen; ++ } else { ++ (*swd)->u.hmac.sw_mlen = ++ crypto_hash_digestsize( ++ crypto_hash_cast((*swd)->sw_tfm)); ++ } ++ } else if (sw_type == SW_TYPE_COMP) { ++ (*swd)->sw_tfm = crypto_comp_tfm( ++ crypto_alloc_comp(algo, 0, CRYPTO_ALG_ASYNC)); ++ if (!(*swd)->sw_tfm) { ++ dprintk("cryptosoft: crypto_alloc_comp failed(%s,0x%x)\n", ++ algo, mode); ++ swcr_freesession(NULL, i); ++ return EINVAL; ++ } ++ (*swd)->u.sw_comp_buf = kmalloc(CRYPTO_MAX_DATA_LEN, SLAB_ATOMIC); ++ if ((*swd)->u.sw_comp_buf == NULL) { ++ swcr_freesession(NULL, i); ++ dprintk("%s,%d: ENOBUFS\n", __FILE__, __LINE__); ++ return ENOBUFS; ++ } ++ } else { ++ printk("cryptosoft: Unhandled sw_type %d\n", sw_type); ++ swcr_freesession(NULL, i); ++ return EINVAL; ++ } ++ ++ (*swd)->sw_alg = cri->cri_alg; ++ (*swd)->sw_type = sw_type; ++ ++ cri = cri->cri_next; ++ swd = &((*swd)->sw_next); ++ } ++ return 0; ++} ++ ++/* ++ * Free a session. ++ */ ++static int ++swcr_freesession(device_t dev, u_int64_t tid) ++{ ++ struct swcr_data *swd; ++ u_int32_t sid = CRYPTO_SESID2LID(tid); ++ ++ dprintk("%s()\n", __FUNCTION__); ++ if (sid > swcr_sesnum || swcr_sessions == NULL || ++ swcr_sessions[sid] == NULL) { ++ dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); ++ return(EINVAL); ++ } ++ ++ /* Silently accept and return */ ++ if (sid == 0) ++ return(0); ++ ++ while ((swd = swcr_sessions[sid]) != NULL) { ++ swcr_sessions[sid] = swd->sw_next; ++ if (swd->sw_tfm) ++ crypto_free_tfm(swd->sw_tfm); ++ if (swd->sw_type == SW_TYPE_COMP) { ++ if (swd->u.sw_comp_buf) ++ kfree(swd->u.sw_comp_buf); ++ } else { ++ if (swd->u.hmac.sw_key) ++ kfree(swd->u.hmac.sw_key); ++ } ++ kfree(swd); ++ } ++ return 0; ++} ++ ++/* ++ * Process a software request. ++ */ ++static int ++swcr_process(device_t dev, struct cryptop *crp, int hint) ++{ ++ struct cryptodesc *crd; ++ struct swcr_data *sw; ++ u_int32_t lid; ++#define SCATTERLIST_MAX 16 ++ struct scatterlist sg[SCATTERLIST_MAX]; ++ int sg_num, sg_len, skip; ++ struct sk_buff *skb = NULL; ++ struct uio *uiop = NULL; ++ ++ dprintk("%s()\n", __FUNCTION__); ++ /* Sanity check */ ++ if (crp == NULL) { ++ dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); ++ return EINVAL; ++ } ++ ++ crp->crp_etype = 0; ++ ++ if (crp->crp_desc == NULL || crp->crp_buf == NULL) { ++ dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); ++ crp->crp_etype = EINVAL; ++ goto done; ++ } ++ ++ lid = crp->crp_sid & 0xffffffff; ++ if (lid >= swcr_sesnum || lid == 0 || swcr_sessions == NULL || ++ swcr_sessions[lid] == NULL) { ++ crp->crp_etype = ENOENT; ++ dprintk("%s,%d: ENOENT\n", __FILE__, __LINE__); ++ goto done; ++ } ++ ++ /* ++ * do some error checking outside of the loop for SKB and IOV processing ++ * this leaves us with valid skb or uiop pointers for later ++ */ ++ if (crp->crp_flags & CRYPTO_F_SKBUF) { ++ skb = (struct sk_buff *) crp->crp_buf; ++ if (skb_shinfo(skb)->nr_frags >= SCATTERLIST_MAX) { ++ printk("%s,%d: %d nr_frags > SCATTERLIST_MAX", __FILE__, __LINE__, ++ skb_shinfo(skb)->nr_frags); ++ goto done; ++ } ++ } else if (crp->crp_flags & CRYPTO_F_IOV) { ++ uiop = (struct uio *) crp->crp_buf; ++ if (uiop->uio_iovcnt > SCATTERLIST_MAX) { ++ printk("%s,%d: %d uio_iovcnt > SCATTERLIST_MAX", __FILE__, __LINE__, ++ uiop->uio_iovcnt); ++ goto done; ++ } ++ } ++ ++ /* Go through crypto descriptors, processing as we go */ ++ for (crd = crp->crp_desc; crd; crd = crd->crd_next) { ++ /* ++ * Find the crypto context. ++ * ++ * XXX Note that the logic here prevents us from having ++ * XXX the same algorithm multiple times in a session ++ * XXX (or rather, we can but it won't give us the right ++ * XXX results). To do that, we'd need some way of differentiating ++ * XXX between the various instances of an algorithm (so we can ++ * XXX locate the correct crypto context). ++ */ ++ for (sw = swcr_sessions[lid]; sw && sw->sw_alg != crd->crd_alg; ++ sw = sw->sw_next) ++ ; ++ ++ /* No such context ? */ ++ if (sw == NULL) { ++ crp->crp_etype = EINVAL; ++ dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); ++ goto done; ++ } ++ ++ skip = crd->crd_skip; ++ ++ /* ++ * setup the SG list skip from the start of the buffer ++ */ ++ memset(sg, 0, sizeof(sg)); ++ if (crp->crp_flags & CRYPTO_F_SKBUF) { ++ int i, len; ++ ++ sg_num = 0; ++ sg_len = 0; ++ ++ if (skip < skb_headlen(skb)) { ++ len = skb_headlen(skb) - skip; ++ if (len + sg_len > crd->crd_len) ++ len = crd->crd_len - sg_len; ++ sg_set_page(&sg[sg_num], ++ virt_to_page(skb->data + skip), len, ++ offset_in_page(skb->data + skip)); ++ sg_len += len; ++ sg_num++; ++ skip = 0; ++ } else ++ skip -= skb_headlen(skb); ++ ++ for (i = 0; sg_len < crd->crd_len && ++ i < skb_shinfo(skb)->nr_frags && ++ sg_num < SCATTERLIST_MAX; i++) { ++ if (skip < skb_shinfo(skb)->frags[i].size) { ++ len = skb_shinfo(skb)->frags[i].size - skip; ++ if (len + sg_len > crd->crd_len) ++ len = crd->crd_len - sg_len; ++ sg_set_page(&sg[sg_num], ++ skb_shinfo(skb)->frags[i].page, ++ len, ++ skb_shinfo(skb)->frags[i].page_offset + skip); ++ sg_len += len; ++ sg_num++; ++ skip = 0; ++ } else ++ skip -= skb_shinfo(skb)->frags[i].size; ++ } ++ } else if (crp->crp_flags & CRYPTO_F_IOV) { ++ int len; ++ ++ sg_len = 0; ++ for (sg_num = 0; sg_len <= crd->crd_len && ++ sg_num < uiop->uio_iovcnt && ++ sg_num < SCATTERLIST_MAX; sg_num++) { ++ if (skip <= uiop->uio_iov[sg_num].iov_len) { ++ len = uiop->uio_iov[sg_num].iov_len - skip; ++ if (len + sg_len > crd->crd_len) ++ len = crd->crd_len - sg_len; ++ sg_set_page(&sg[sg_num], ++ virt_to_page(uiop->uio_iov[sg_num].iov_base+skip), ++ len, ++ offset_in_page(uiop->uio_iov[sg_num].iov_base+skip)); ++ sg_len += len; ++ skip = 0; ++ } else ++ skip -= uiop->uio_iov[sg_num].iov_len; ++ } ++ } else { ++ sg_len = (crp->crp_ilen - skip); ++ if (sg_len > crd->crd_len) ++ sg_len = crd->crd_len; ++ sg_set_page(&sg[0], virt_to_page(crp->crp_buf + skip), ++ sg_len, offset_in_page(crp->crp_buf + skip)); ++ sg_num = 1; ++ } ++ ++ ++ switch (sw->sw_type) { ++ case SW_TYPE_BLKCIPHER: { ++ unsigned char iv[EALG_MAX_BLOCK_LEN]; ++ unsigned char *ivp = iv; ++ int ivsize = ++ crypto_blkcipher_ivsize(crypto_blkcipher_cast(sw->sw_tfm)); ++ struct blkcipher_desc desc; ++ ++ if (sg_len < crypto_blkcipher_blocksize( ++ crypto_blkcipher_cast(sw->sw_tfm))) { ++ crp->crp_etype = EINVAL; ++ dprintk("%s,%d: EINVAL len %d < %d\n", __FILE__, __LINE__, ++ sg_len, crypto_blkcipher_blocksize( ++ crypto_blkcipher_cast(sw->sw_tfm))); ++ goto done; ++ } ++ ++ if (ivsize > sizeof(iv)) { ++ crp->crp_etype = EINVAL; ++ dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); ++ goto done; ++ } ++ ++ if (crd->crd_flags & CRD_F_KEY_EXPLICIT) { ++ int i, error; ++ ++ if (debug) { ++ dprintk("%s key:", __FUNCTION__); ++ for (i = 0; i < (crd->crd_klen + 7) / 8; i++) ++ dprintk("%s0x%x", (i % 8) ? " " : "\n ", ++ crd->crd_key[i]); ++ dprintk("\n"); ++ } ++ error = crypto_blkcipher_setkey( ++ crypto_blkcipher_cast(sw->sw_tfm), crd->crd_key, ++ (crd->crd_klen + 7) / 8); ++ if (error) { ++ dprintk("cryptosoft: setkey failed %d (crt_flags=0x%x)\n", ++ error, sw->sw_tfm->crt_flags); ++ crp->crp_etype = -error; ++ } ++ } ++ ++ memset(&desc, 0, sizeof(desc)); ++ desc.tfm = crypto_blkcipher_cast(sw->sw_tfm); ++ ++ if (crd->crd_flags & CRD_F_ENCRYPT) { /* encrypt */ ++ ++ if (crd->crd_flags & CRD_F_IV_EXPLICIT) { ++ ivp = crd->crd_iv; ++ } else { ++ get_random_bytes(ivp, ivsize); ++ } ++ /* ++ * do we have to copy the IV back to the buffer ? ++ */ ++ if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) { ++ crypto_copyback(crp->crp_flags, crp->crp_buf, ++ crd->crd_inject, ivsize, (caddr_t)ivp); ++ } ++ desc.info = ivp; ++ crypto_blkcipher_encrypt_iv(&desc, sg, sg, sg_len); ++ ++ } else { /*decrypt */ ++ ++ if (crd->crd_flags & CRD_F_IV_EXPLICIT) { ++ ivp = crd->crd_iv; ++ } else { ++ crypto_copydata(crp->crp_flags, crp->crp_buf, ++ crd->crd_inject, ivsize, (caddr_t)ivp); ++ } ++ desc.info = ivp; ++ crypto_blkcipher_decrypt_iv(&desc, sg, sg, sg_len); ++ } ++ } break; ++ case SW_TYPE_HMAC: ++ case SW_TYPE_HASH: ++ { ++ char result[HASH_MAX_LEN]; ++ struct hash_desc desc; ++ ++ /* check we have room for the result */ ++ if (crp->crp_ilen - crd->crd_inject < sw->u.hmac.sw_mlen) { ++ dprintk( ++ "cryptosoft: EINVAL crp_ilen=%d, len=%d, inject=%d digestsize=%d\n", ++ crp->crp_ilen, crd->crd_skip + sg_len, crd->crd_inject, ++ sw->u.hmac.sw_mlen); ++ crp->crp_etype = EINVAL; ++ goto done; ++ } ++ ++ memset(&desc, 0, sizeof(desc)); ++ desc.tfm = crypto_hash_cast(sw->sw_tfm); ++ ++ memset(result, 0, sizeof(result)); ++ ++ if (sw->sw_type == SW_TYPE_HMAC) { ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) ++ crypto_hmac(sw->sw_tfm, sw->u.hmac.sw_key, &sw->u.hmac.sw_klen, ++ sg, sg_num, result); ++#else ++ crypto_hash_setkey(desc.tfm, sw->u.hmac.sw_key, ++ sw->u.hmac.sw_klen); ++ crypto_hash_digest(&desc, sg, sg_len, result); ++#endif /* #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) */ ++ ++ } else { /* SW_TYPE_HASH */ ++ crypto_hash_digest(&desc, sg, sg_len, result); ++ } ++ ++ crypto_copyback(crp->crp_flags, crp->crp_buf, ++ crd->crd_inject, sw->u.hmac.sw_mlen, result); ++ } ++ break; ++ ++ case SW_TYPE_COMP: { ++ void *ibuf = NULL; ++ void *obuf = sw->u.sw_comp_buf; ++ int ilen = sg_len, olen = CRYPTO_MAX_DATA_LEN; ++ int ret = 0; ++ ++ /* ++ * we need to use an additional copy if there is more than one ++ * input chunk since the kernel comp routines do not handle ++ * SG yet. Otherwise we just use the input buffer as is. ++ * Rather than allocate another buffer we just split the tmp ++ * buffer we already have. ++ * Perhaps we should just use zlib directly ? ++ */ ++ if (sg_num > 1) { ++ int blk; ++ ++ ibuf = obuf; ++ for (blk = 0; blk < sg_num; blk++) { ++ memcpy(obuf, sg_virt(&sg[blk]), ++ sg[blk].length); ++ obuf += sg[blk].length; ++ } ++ olen -= sg_len; ++ } else ++ ibuf = sg_virt(&sg[0]); ++ ++ if (crd->crd_flags & CRD_F_ENCRYPT) { /* compress */ ++ ret = crypto_comp_compress(crypto_comp_cast(sw->sw_tfm), ++ ibuf, ilen, obuf, &olen); ++ if (!ret && olen > crd->crd_len) { ++ dprintk("cryptosoft: ERANGE compress %d into %d\n", ++ crd->crd_len, olen); ++ if (swcr_fail_if_compression_grows) ++ ret = ERANGE; ++ } ++ } else { /* decompress */ ++ ret = crypto_comp_decompress(crypto_comp_cast(sw->sw_tfm), ++ ibuf, ilen, obuf, &olen); ++ if (!ret && (olen + crd->crd_inject) > crp->crp_olen) { ++ dprintk("cryptosoft: ETOOSMALL decompress %d into %d, " ++ "space for %d,at offset %d\n", ++ crd->crd_len, olen, crp->crp_olen, crd->crd_inject); ++ ret = ETOOSMALL; ++ } ++ } ++ if (ret) ++ dprintk("%s,%d: ret = %d\n", __FILE__, __LINE__, ret); ++ ++ /* ++ * on success copy result back, ++ * linux crpyto API returns -errno, we need to fix that ++ */ ++ crp->crp_etype = ret < 0 ? -ret : ret; ++ if (ret == 0) { ++ /* copy back the result and return it's size */ ++ crypto_copyback(crp->crp_flags, crp->crp_buf, ++ crd->crd_inject, olen, obuf); ++ crp->crp_olen = olen; ++ } ++ ++ ++ } break; ++ ++ default: ++ /* Unknown/unsupported algorithm */ ++ dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__); ++ crp->crp_etype = EINVAL; ++ goto done; ++ } ++ } ++ ++done: ++ crypto_done(crp); ++ return 0; ++} ++ ++static int ++cryptosoft_init(void) ++{ ++ int i, sw_type, mode; ++ char *algo; ++ ++ dprintk("%s(%p)\n", __FUNCTION__, cryptosoft_init); ++ ++ softc_device_init(&swcr_softc, "cryptosoft", 0, swcr_methods); ++ ++ swcr_id = crypto_get_driverid(softc_get_device(&swcr_softc), ++ CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_SYNC); ++ if (swcr_id < 0) { ++ printk("Software crypto device cannot initialize!"); ++ return -ENODEV; ++ } ++ ++#define REGISTER(alg) \ ++ crypto_register(swcr_id, alg, 0,0); ++ ++ for (i = CRYPTO_ALGORITHM_MIN; i <= CRYPTO_ALGORITHM_MAX; ++i) ++ { ++ ++ algo = crypto_details[i].alg_name; ++ if (!algo || !*algo) ++ { ++ dprintk("%s:Algorithm %d not supported\n", __FUNCTION__, i); ++ continue; ++ } ++ ++ mode = crypto_details[i].mode; ++ sw_type = crypto_details[i].sw_type; ++ ++ switch (sw_type) ++ { ++ case SW_TYPE_CIPHER: ++ if (crypto_has_cipher(algo, 0, CRYPTO_ALG_ASYNC)) ++ { ++ REGISTER(i); ++ } ++ else ++ { ++ dprintk("%s:CIPHER algorithm %d:'%s' not supported\n", ++ __FUNCTION__, i, algo); ++ } ++ break; ++ case SW_TYPE_HMAC: ++ if (crypto_has_hash(algo, 0, CRYPTO_ALG_ASYNC)) ++ { ++ REGISTER(i); ++ } ++ else ++ { ++ dprintk("%s:HMAC algorithm %d:'%s' not supported\n", ++ __FUNCTION__, i, algo); ++ } ++ break; ++ case SW_TYPE_HASH: ++ if (crypto_has_hash(algo, 0, CRYPTO_ALG_ASYNC)) ++ { ++ REGISTER(i); ++ } ++ else ++ { ++ dprintk("%s:HASH algorithm %d:'%s' not supported\n", ++ __FUNCTION__, i, algo); ++ } ++ break; ++ case SW_TYPE_COMP: ++ if (crypto_has_comp(algo, 0, CRYPTO_ALG_ASYNC)) ++ { ++ REGISTER(i); ++ } ++ else ++ { ++ dprintk("%s:COMP algorithm %d:'%s' not supported\n", ++ __FUNCTION__, i, algo); ++ } ++ break; ++ case SW_TYPE_BLKCIPHER: ++ if (crypto_has_blkcipher(algo, 0, CRYPTO_ALG_ASYNC)) ++ { ++ REGISTER(i); ++ } ++ else ++ { ++ dprintk("%s:BLKCIPHER algorithm %d:'%s' not supported\n", ++ __FUNCTION__, i, algo); ++ } ++ break; ++ default: ++ dprintk( ++ "%s:Algorithm Type %d not supported (algorithm %d:'%s')\n", ++ __FUNCTION__, sw_type, i, algo); ++ break; ++ } ++ } ++ ++ return(0); ++} ++ ++static void ++cryptosoft_exit(void) ++{ ++ dprintk("%s()\n", __FUNCTION__); ++ crypto_unregister_all(swcr_id); ++ swcr_id = -1; ++} ++ ++module_init(cryptosoft_init); ++module_exit(cryptosoft_exit); ++ ++MODULE_LICENSE("Dual BSD/GPL"); ++MODULE_AUTHOR("David McCullough <david_mccullough@securecomputing.com>"); ++MODULE_DESCRIPTION("Cryptosoft (OCF module for kernel crypto)"); +--- /dev/null ++++ b/crypto/ocf/rndtest.c +@@ -0,0 +1,300 @@ ++/* $OpenBSD$ */ ++ ++/* ++ * OCF/Linux port done by David McCullough <david_mccullough@securecomputing.com> ++ * Copyright (C) 2006-2007 David McCullough ++ * Copyright (C) 2004-2005 Intel Corporation. ++ * The license and original author are listed below. ++ * ++ * Copyright (c) 2002 Jason L. Wright (jason@thought.net) ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * This product includes software developed by Jason L. Wright ++ * 4. The name of the author may not be used to endorse or promote products ++ * derived from this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED ++ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ++ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ++ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ++ * POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#ifndef AUTOCONF_INCLUDED ++#include <linux/config.h> ++#endif ++#include <linux/module.h> ++#include <linux/list.h> ++#include <linux/wait.h> ++#include <linux/time.h> ++#include <linux/version.h> ++#include <linux/unistd.h> ++#include <linux/kernel.h> ++#include <linux/string.h> ++#include <linux/time.h> ++#include <cryptodev.h> ++#include "rndtest.h" ++ ++static struct rndtest_stats rndstats; ++ ++static void rndtest_test(struct rndtest_state *); ++ ++/* The tests themselves */ ++static int rndtest_monobit(struct rndtest_state *); ++static int rndtest_runs(struct rndtest_state *); ++static int rndtest_longruns(struct rndtest_state *); ++static int rndtest_chi_4(struct rndtest_state *); ++ ++static int rndtest_runs_check(struct rndtest_state *, int, int *); ++static void rndtest_runs_record(struct rndtest_state *, int, int *); ++ ++static const struct rndtest_testfunc { ++ int (*test)(struct rndtest_state *); ++} rndtest_funcs[] = { ++ { rndtest_monobit }, ++ { rndtest_runs }, ++ { rndtest_chi_4 }, ++ { rndtest_longruns }, ++}; ++ ++#define RNDTEST_NTESTS (sizeof(rndtest_funcs)/sizeof(rndtest_funcs[0])) ++ ++static void ++rndtest_test(struct rndtest_state *rsp) ++{ ++ int i, rv = 0; ++ ++ rndstats.rst_tests++; ++ for (i = 0; i < RNDTEST_NTESTS; i++) ++ rv |= (*rndtest_funcs[i].test)(rsp); ++ rsp->rs_discard = (rv != 0); ++} ++ ++ ++extern int crypto_debug; ++#define rndtest_verbose 2 ++#define rndtest_report(rsp, failure, fmt, a...) \ ++ { if (failure || crypto_debug) { printk("rng_test: " fmt "\n", a); } else; } ++ ++#define RNDTEST_MONOBIT_MINONES 9725 ++#define RNDTEST_MONOBIT_MAXONES 10275 ++ ++static int ++rndtest_monobit(struct rndtest_state *rsp) ++{ ++ int i, ones = 0, j; ++ u_int8_t r; ++ ++ for (i = 0; i < RNDTEST_NBYTES; i++) { ++ r = rsp->rs_buf[i]; ++ for (j = 0; j < 8; j++, r <<= 1) ++ if (r & 0x80) ++ ones++; ++ } ++ if (ones > RNDTEST_MONOBIT_MINONES && ++ ones < RNDTEST_MONOBIT_MAXONES) { ++ if (rndtest_verbose > 1) ++ rndtest_report(rsp, 0, "monobit pass (%d < %d < %d)", ++ RNDTEST_MONOBIT_MINONES, ones, ++ RNDTEST_MONOBIT_MAXONES); ++ return (0); ++ } else { ++ if (rndtest_verbose) ++ rndtest_report(rsp, 1, ++ "monobit failed (%d ones)", ones); ++ rndstats.rst_monobit++; ++ return (-1); ++ } ++} ++ ++#define RNDTEST_RUNS_NINTERVAL 6 ++ ++static const struct rndtest_runs_tabs { ++ u_int16_t min, max; ++} rndtest_runs_tab[] = { ++ { 2343, 2657 }, ++ { 1135, 1365 }, ++ { 542, 708 }, ++ { 251, 373 }, ++ { 111, 201 }, ++ { 111, 201 }, ++}; ++ ++static int ++rndtest_runs(struct rndtest_state *rsp) ++{ ++ int i, j, ones, zeros, rv = 0; ++ int onei[RNDTEST_RUNS_NINTERVAL], zeroi[RNDTEST_RUNS_NINTERVAL]; ++ u_int8_t c; ++ ++ bzero(onei, sizeof(onei)); ++ bzero(zeroi, sizeof(zeroi)); ++ ones = zeros = 0; ++ for (i = 0; i < RNDTEST_NBYTES; i++) { ++ c = rsp->rs_buf[i]; ++ for (j = 0; j < 8; j++, c <<= 1) { ++ if (c & 0x80) { ++ ones++; ++ rndtest_runs_record(rsp, zeros, zeroi); ++ zeros = 0; ++ } else { ++ zeros++; ++ rndtest_runs_record(rsp, ones, onei); ++ ones = 0; ++ } ++ } ++ } ++ rndtest_runs_record(rsp, ones, onei); ++ rndtest_runs_record(rsp, zeros, zeroi); ++ ++ rv |= rndtest_runs_check(rsp, 0, zeroi); ++ rv |= rndtest_runs_check(rsp, 1, onei); ++ ++ if (rv) ++ rndstats.rst_runs++; ++ ++ return (rv); ++} ++ ++static void ++rndtest_runs_record(struct rndtest_state *rsp, int len, int *intrv) ++{ ++ if (len == 0) ++ return; ++ if (len > RNDTEST_RUNS_NINTERVAL) ++ len = RNDTEST_RUNS_NINTERVAL; ++ len -= 1; ++ intrv[len]++; ++} ++ ++static int ++rndtest_runs_check(struct rndtest_state *rsp, int val, int *src) ++{ ++ int i, rv = 0; ++ ++ for (i = 0; i < RNDTEST_RUNS_NINTERVAL; i++) { ++ if (src[i] < rndtest_runs_tab[i].min || ++ src[i] > rndtest_runs_tab[i].max) { ++ rndtest_report(rsp, 1, ++ "%s interval %d failed (%d, %d-%d)", ++ val ? "ones" : "zeros", ++ i + 1, src[i], rndtest_runs_tab[i].min, ++ rndtest_runs_tab[i].max); ++ rv = -1; ++ } else { ++ rndtest_report(rsp, 0, ++ "runs pass %s interval %d (%d < %d < %d)", ++ val ? "ones" : "zeros", ++ i + 1, rndtest_runs_tab[i].min, src[i], ++ rndtest_runs_tab[i].max); ++ } ++ } ++ return (rv); ++} ++ ++static int ++rndtest_longruns(struct rndtest_state *rsp) ++{ ++ int i, j, ones = 0, zeros = 0, maxones = 0, maxzeros = 0; ++ u_int8_t c; ++ ++ for (i = 0; i < RNDTEST_NBYTES; i++) { ++ c = rsp->rs_buf[i]; ++ for (j = 0; j < 8; j++, c <<= 1) { ++ if (c & 0x80) { ++ zeros = 0; ++ ones++; ++ if (ones > maxones) ++ maxones = ones; ++ } else { ++ ones = 0; ++ zeros++; ++ if (zeros > maxzeros) ++ maxzeros = zeros; ++ } ++ } ++ } ++ ++ if (maxones < 26 && maxzeros < 26) { ++ rndtest_report(rsp, 0, "longruns pass (%d ones, %d zeros)", ++ maxones, maxzeros); ++ return (0); ++ } else { ++ rndtest_report(rsp, 1, "longruns fail (%d ones, %d zeros)", ++ maxones, maxzeros); ++ rndstats.rst_longruns++; ++ return (-1); ++ } ++} ++ ++/* ++ * chi^2 test over 4 bits: (this is called the poker test in FIPS 140-2, ++ * but it is really the chi^2 test over 4 bits (the poker test as described ++ * by Knuth vol 2 is something different, and I take him as authoritative ++ * on nomenclature over NIST). ++ */ ++#define RNDTEST_CHI4_K 16 ++#define RNDTEST_CHI4_K_MASK (RNDTEST_CHI4_K - 1) ++ ++/* ++ * The unnormalized values are used so that we don't have to worry about ++ * fractional precision. The "real" value is found by: ++ * (V - 1562500) * (16 / 5000) = Vn (where V is the unnormalized value) ++ */ ++#define RNDTEST_CHI4_VMIN 1563181 /* 2.1792 */ ++#define RNDTEST_CHI4_VMAX 1576929 /* 46.1728 */ ++ ++static int ++rndtest_chi_4(struct rndtest_state *rsp) ++{ ++ unsigned int freq[RNDTEST_CHI4_K], i, sum; ++ ++ for (i = 0; i < RNDTEST_CHI4_K; i++) ++ freq[i] = 0; ++ ++ /* Get number of occurances of each 4 bit pattern */ ++ for (i = 0; i < RNDTEST_NBYTES; i++) { ++ freq[(rsp->rs_buf[i] >> 4) & RNDTEST_CHI4_K_MASK]++; ++ freq[(rsp->rs_buf[i] >> 0) & RNDTEST_CHI4_K_MASK]++; ++ } ++ ++ for (i = 0, sum = 0; i < RNDTEST_CHI4_K; i++) ++ sum += freq[i] * freq[i]; ++ ++ if (sum >= 1563181 && sum <= 1576929) { ++ rndtest_report(rsp, 0, "chi^2(4): pass (sum %u)", sum); ++ return (0); ++ } else { ++ rndtest_report(rsp, 1, "chi^2(4): failed (sum %u)", sum); ++ rndstats.rst_chi++; ++ return (-1); ++ } ++} ++ ++int ++rndtest_buf(unsigned char *buf) ++{ ++ struct rndtest_state rsp; ++ ++ memset(&rsp, 0, sizeof(rsp)); ++ rsp.rs_buf = buf; ++ rndtest_test(&rsp); ++ return(rsp.rs_discard); ++} ++ +--- /dev/null ++++ b/crypto/ocf/rndtest.h +@@ -0,0 +1,54 @@ ++/* $FreeBSD: src/sys/dev/rndtest/rndtest.h,v 1.1 2003/03/11 22:54:44 sam Exp $ */ ++/* $OpenBSD$ */ ++ ++/* ++ * Copyright (c) 2002 Jason L. Wright (jason@thought.net) ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * This product includes software developed by Jason L. Wright ++ * 4. The name of the author may not be used to endorse or promote products ++ * derived from this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED ++ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ++ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ++ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ++ * POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++ ++/* Some of the tests depend on these values */ ++#define RNDTEST_NBYTES 2500 ++#define RNDTEST_NBITS (8 * RNDTEST_NBYTES) ++ ++struct rndtest_state { ++ int rs_discard; /* discard/accept random data */ ++ u_int8_t *rs_buf; ++}; ++ ++struct rndtest_stats { ++ u_int32_t rst_discard; /* number of bytes discarded */ ++ u_int32_t rst_tests; /* number of test runs */ ++ u_int32_t rst_monobit; /* monobit test failures */ ++ u_int32_t rst_runs; /* 0/1 runs failures */ ++ u_int32_t rst_longruns; /* longruns failures */ ++ u_int32_t rst_chi; /* chi^2 failures */ ++}; ++ ++extern int rndtest_buf(unsigned char *buf); +--- /dev/null ++++ b/crypto/ocf/ocf-compat.h +@@ -0,0 +1,268 @@ ++#ifndef _BSD_COMPAT_H_ ++#define _BSD_COMPAT_H_ 1 ++/****************************************************************************/ ++/* ++ * Provide compat routines for older linux kernels and BSD kernels ++ * ++ * Written by David McCullough <david_mccullough@securecomputing.com> ++ * Copyright (C) 2007 David McCullough <david_mccullough@securecomputing.com> ++ * ++ * LICENSE TERMS ++ * ++ * The free distribution and use of this software in both source and binary ++ * form is allowed (with or without changes) provided that: ++ * ++ * 1. distributions of this source code include the above copyright ++ * notice, this list of conditions and the following disclaimer; ++ * ++ * 2. distributions in binary form include the above copyright ++ * notice, this list of conditions and the following disclaimer ++ * in the documentation and/or other associated materials; ++ * ++ * 3. the copyright holder's name is not used to endorse products ++ * built using this software without specific written permission. ++ * ++ * ALTERNATIVELY, provided that this notice is retained in full, this file ++ * may be distributed under the terms of the GNU General Public License (GPL), ++ * in which case the provisions of the GPL apply INSTEAD OF those given above. ++ * ++ * DISCLAIMER ++ * ++ * This software is provided 'as is' with no explicit or implied warranties ++ * in respect of its properties, including, but not limited to, correctness ++ * and/or fitness for purpose. ++ */ ++/****************************************************************************/ ++#ifdef __KERNEL__ ++/* ++ * fake some BSD driver interface stuff specifically for OCF use ++ */ ++ ++typedef struct ocf_device *device_t; ++ ++typedef struct { ++ int (*cryptodev_newsession)(device_t dev, u_int32_t *sidp, struct cryptoini *cri); ++ int (*cryptodev_freesession)(device_t dev, u_int64_t tid); ++ int (*cryptodev_process)(device_t dev, struct cryptop *crp, int hint); ++ int (*cryptodev_kprocess)(device_t dev, struct cryptkop *krp, int hint); ++} device_method_t; ++#define DEVMETHOD(id, func) id: func ++ ++struct ocf_device { ++ char name[32]; /* the driver name */ ++ char nameunit[32]; /* the driver name + HW instance */ ++ int unit; ++ device_method_t methods; ++ void *softc; ++}; ++ ++#define CRYPTODEV_NEWSESSION(dev, sid, cri) \ ++ ((*(dev)->methods.cryptodev_newsession)(dev,sid,cri)) ++#define CRYPTODEV_FREESESSION(dev, sid) \ ++ ((*(dev)->methods.cryptodev_freesession)(dev, sid)) ++#define CRYPTODEV_PROCESS(dev, crp, hint) \ ++ ((*(dev)->methods.cryptodev_process)(dev, crp, hint)) ++#define CRYPTODEV_KPROCESS(dev, krp, hint) \ ++ ((*(dev)->methods.cryptodev_kprocess)(dev, krp, hint)) ++ ++#define device_get_name(dev) ((dev)->name) ++#define device_get_nameunit(dev) ((dev)->nameunit) ++#define device_get_unit(dev) ((dev)->unit) ++#define device_get_softc(dev) ((dev)->softc) ++ ++#define softc_device_decl \ ++ struct ocf_device _device; \ ++ device_t ++ ++#define softc_device_init(_sc, _name, _unit, _methods) \ ++ if (1) {\ ++ strncpy((_sc)->_device.name, _name, sizeof((_sc)->_device.name) - 1); \ ++ snprintf((_sc)->_device.nameunit, sizeof((_sc)->_device.name), "%s%d", _name, _unit); \ ++ (_sc)->_device.unit = _unit; \ ++ (_sc)->_device.methods = _methods; \ ++ (_sc)->_device.softc = (void *) _sc; \ ++ *(device_t *)((softc_get_device(_sc))+1) = &(_sc)->_device; \ ++ } else ++ ++#define softc_get_device(_sc) (&(_sc)->_device) ++ ++/* ++ * iomem support for 2.4 and 2.6 kernels ++ */ ++#include <linux/version.h> ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++#define ocf_iomem_t unsigned long ++ ++/* ++ * implement simple workqueue like support for older kernels ++ */ ++ ++#include <linux/tqueue.h> ++ ++#define work_struct tq_struct ++ ++#define INIT_WORK(wp, fp, ap) \ ++ do { \ ++ (wp)->sync = 0; \ ++ (wp)->routine = (fp); \ ++ (wp)->data = (ap); \ ++ } while (0) ++ ++#define schedule_work(wp) \ ++ do { \ ++ queue_task((wp), &tq_immediate); \ ++ mark_bh(IMMEDIATE_BH); \ ++ } while (0) ++ ++#define flush_scheduled_work() run_task_queue(&tq_immediate) ++ ++#else ++#define ocf_iomem_t void __iomem * ++ ++#include <linux/workqueue.h> ++ ++#endif ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,11) ++#define files_fdtable(files) (files) ++#endif ++ ++#ifdef MODULE_PARM ++#undef module_param /* just in case */ ++#define module_param(a,b,c) MODULE_PARM(a,"i") ++#endif ++ ++#define bzero(s,l) memset(s,0,l) ++#define bcopy(s,d,l) memcpy(d,s,l) ++#define bcmp(x, y, l) memcmp(x,y,l) ++ ++#define MIN(x,y) ((x) < (y) ? (x) : (y)) ++ ++#define device_printf(dev, a...) ({ \ ++ printk("%s: ", device_get_nameunit(dev)); printk(a); \ ++ }) ++ ++#undef printf ++#define printf(fmt...) printk(fmt) ++ ++#define KASSERT(c,p) if (!(c)) { printk p ; } else ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++#define ocf_daemonize(str) \ ++ daemonize(); \ ++ spin_lock_irq(¤t->sigmask_lock); \ ++ sigemptyset(¤t->blocked); \ ++ recalc_sigpending(current); \ ++ spin_unlock_irq(¤t->sigmask_lock); \ ++ sprintf(current->comm, str); ++#else ++#define ocf_daemonize(str) daemonize(str); ++#endif ++ ++#define TAILQ_INSERT_TAIL(q,d,m) list_add_tail(&(d)->m, (q)) ++#define TAILQ_EMPTY(q) list_empty(q) ++#define TAILQ_FOREACH(v, q, m) list_for_each_entry(v, q, m) ++ ++#define read_random(p,l) get_random_bytes(p,l) ++ ++#define DELAY(x) ((x) > 2000 ? mdelay((x)/1000) : udelay(x)) ++#define strtoul simple_strtoul ++ ++#define pci_get_vendor(dev) ((dev)->vendor) ++#define pci_get_device(dev) ((dev)->device) ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) ++#define pci_set_consistent_dma_mask(dev, mask) (0) ++#endif ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,10) ++#define pci_dma_sync_single_for_cpu pci_dma_sync_single ++#endif ++ ++#ifndef DMA_32BIT_MASK ++#define DMA_32BIT_MASK 0x00000000ffffffffULL ++#endif ++ ++#define htole32(x) cpu_to_le32(x) ++#define htobe32(x) cpu_to_be32(x) ++#define htole16(x) cpu_to_le16(x) ++#define htobe16(x) cpu_to_be16(x) ++ ++/* older kernels don't have these */ ++ ++#ifndef IRQ_NONE ++#define IRQ_NONE ++#define IRQ_HANDLED ++#define irqreturn_t void ++#endif ++#ifndef IRQF_SHARED ++#define IRQF_SHARED SA_SHIRQ ++#endif ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0) ++# define strlcpy(dest,src,len) \ ++ ({strncpy(dest,src,(len)-1); ((char *)dest)[(len)-1] = '\0'; }) ++#endif ++ ++#ifndef MAX_ERRNO ++#define MAX_ERRNO 4095 ++#endif ++#ifndef IS_ERR_VALUE ++#define IS_ERR_VALUE(x) ((unsigned long)(x) >= (unsigned long)-MAX_ERRNO) ++#endif ++ ++/* ++ * common debug for all ++ */ ++#if 1 ++#define dprintk(a...) do { if (debug) printk(a); } while(0) ++#else ++#define dprintk(a...) ++#endif ++ ++#ifndef SLAB_ATOMIC ++/* Changed in 2.6.20, must use GFP_ATOMIC now */ ++#define SLAB_ATOMIC GFP_ATOMIC ++#endif ++ ++/* ++ * need some additional support for older kernels */ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,2) ++#define pci_register_driver_compat(driver, rc) \ ++ do { \ ++ if ((rc) > 0) { \ ++ (rc) = 0; \ ++ } else if (rc == 0) { \ ++ (rc) = -ENODEV; \ ++ } else { \ ++ pci_unregister_driver(driver); \ ++ } \ ++ } while (0) ++#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,10) ++#define pci_register_driver_compat(driver,rc) ((rc) = (rc) < 0 ? (rc) : 0) ++#else ++#define pci_register_driver_compat(driver,rc) ++#endif ++ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24) ++ ++#include <asm/scatterlist.h> ++ ++static inline void sg_set_page(struct scatterlist *sg, struct page *page, ++ unsigned int len, unsigned int offset) ++{ ++ sg->page = page; ++ sg->offset = offset; ++ sg->length = len; ++} ++ ++static inline void *sg_virt(struct scatterlist *sg) ++{ ++ return page_address(sg->page) + sg->offset; ++} ++ ++#endif ++ ++#endif /* __KERNEL__ */ ++ ++/****************************************************************************/ ++#endif /* _BSD_COMPAT_H_ */ +--- /dev/null ++++ b/crypto/ocf/pasemi/pasemi.c +@@ -0,0 +1,1009 @@ ++/* ++ * Copyright (C) 2007 PA Semi, Inc ++ * ++ * Driver for the PA Semi PWRficient DMA Crypto Engine ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ++ */ ++ ++#ifndef AUTOCONF_INCLUDED ++#include <linux/config.h> ++#endif ++#include <linux/module.h> ++#include <linux/init.h> ++#include <linux/interrupt.h> ++#include <linux/timer.h> ++#include <linux/random.h> ++#include <linux/skbuff.h> ++#include <asm/scatterlist.h> ++#include <linux/moduleparam.h> ++#include <linux/pci.h> ++#include <cryptodev.h> ++#include <uio.h> ++#include "pasemi_fnu.h" ++ ++#define DRV_NAME "pasemi" ++ ++#define TIMER_INTERVAL 1000 ++ ++static void __devexit pasemi_dma_remove(struct pci_dev *pdev); ++static struct pasdma_status volatile * dma_status; ++ ++static int debug; ++module_param(debug, int, 0644); ++MODULE_PARM_DESC(debug, "Enable debug"); ++ ++static void pasemi_desc_start(struct pasemi_desc *desc, u64 hdr) ++{ ++ desc->postop = 0; ++ desc->quad[0] = hdr; ++ desc->quad_cnt = 1; ++ desc->size = 1; ++} ++ ++static void pasemi_desc_build(struct pasemi_desc *desc, u64 val) ++{ ++ desc->quad[desc->quad_cnt++] = val; ++ desc->size = (desc->quad_cnt + 1) / 2; ++} ++ ++static void pasemi_desc_hdr(struct pasemi_desc *desc, u64 hdr) ++{ ++ desc->quad[0] |= hdr; ++} ++ ++static int pasemi_desc_size(struct pasemi_desc *desc) ++{ ++ return desc->size; ++} ++ ++static void pasemi_ring_add_desc( ++ struct pasemi_fnu_txring *ring, ++ struct pasemi_desc *desc, ++ struct cryptop *crp) { ++ int i; ++ int ring_index = 2 * (ring->next_to_fill & (TX_RING_SIZE-1)); ++ ++ TX_DESC_INFO(ring, ring->next_to_fill).desc_size = desc->size; ++ TX_DESC_INFO(ring, ring->next_to_fill).desc_postop = desc->postop; ++ TX_DESC_INFO(ring, ring->next_to_fill).cf_crp = crp; ++ ++ for (i = 0; i < desc->quad_cnt; i += 2) { ++ ring_index = 2 * (ring->next_to_fill & (TX_RING_SIZE-1)); ++ ring->desc[ring_index] = desc->quad[i]; ++ ring->desc[ring_index + 1] = desc->quad[i + 1]; ++ ring->next_to_fill++; ++ } ++ ++ if (desc->quad_cnt & 1) ++ ring->desc[ring_index + 1] = 0; ++} ++ ++static void pasemi_ring_incr(struct pasemi_softc *sc, int chan_index, int incr) ++{ ++ out_le32(sc->dma_regs + PAS_DMA_TXCHAN_INCR(sc->base_chan + chan_index), ++ incr); ++} ++ ++/* ++ * Generate a new software session. ++ */ ++static int ++pasemi_newsession(device_t dev, u_int32_t *sidp, struct cryptoini *cri) ++{ ++ struct cryptoini *c, *encini = NULL, *macini = NULL; ++ struct pasemi_softc *sc = device_get_softc(dev); ++ struct pasemi_session *ses = NULL, **sespp; ++ int sesn, blksz = 0; ++ u64 ccmd = 0; ++ unsigned long flags; ++ struct pasemi_desc init_desc; ++ struct pasemi_fnu_txring *txring; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ if (sidp == NULL || cri == NULL || sc == NULL) { ++ DPRINTF("%s,%d - EINVAL\n", __FILE__, __LINE__); ++ return -EINVAL; ++ } ++ for (c = cri; c != NULL; c = c->cri_next) { ++ if (ALG_IS_SIG(c->cri_alg)) { ++ if (macini) ++ return -EINVAL; ++ macini = c; ++ } else if (ALG_IS_CIPHER(c->cri_alg)) { ++ if (encini) ++ return -EINVAL; ++ encini = c; ++ } else { ++ DPRINTF("UNKNOWN c->cri_alg %d\n", c->cri_alg); ++ return -EINVAL; ++ } ++ } ++ if (encini == NULL && macini == NULL) ++ return -EINVAL; ++ if (encini) { ++ /* validate key length */ ++ switch (encini->cri_alg) { ++ case CRYPTO_DES_CBC: ++ if (encini->cri_klen != 64) ++ return -EINVAL; ++ ccmd = DMA_CALGO_DES; ++ break; ++ case CRYPTO_3DES_CBC: ++ if (encini->cri_klen != 192) ++ return -EINVAL; ++ ccmd = DMA_CALGO_3DES; ++ break; ++ case CRYPTO_AES_CBC: ++ if (encini->cri_klen != 128 && ++ encini->cri_klen != 192 && ++ encini->cri_klen != 256) ++ return -EINVAL; ++ ccmd = DMA_CALGO_AES; ++ break; ++ case CRYPTO_ARC4: ++ if (encini->cri_klen != 128) ++ return -EINVAL; ++ ccmd = DMA_CALGO_ARC; ++ break; ++ default: ++ DPRINTF("UNKNOWN encini->cri_alg %d\n", ++ encini->cri_alg); ++ return -EINVAL; ++ } ++ } ++ ++ if (macini) { ++ switch (macini->cri_alg) { ++ case CRYPTO_MD5: ++ case CRYPTO_MD5_HMAC: ++ blksz = 16; ++ break; ++ case CRYPTO_SHA1: ++ case CRYPTO_SHA1_HMAC: ++ blksz = 20; ++ break; ++ default: ++ DPRINTF("UNKNOWN macini->cri_alg %d\n", ++ macini->cri_alg); ++ return -EINVAL; ++ } ++ if (((macini->cri_klen + 7) / 8) > blksz) { ++ DPRINTF("key length %d bigger than blksize %d not supported\n", ++ ((macini->cri_klen + 7) / 8), blksz); ++ return -EINVAL; ++ } ++ } ++ ++ for (sesn = 0; sesn < sc->sc_nsessions; sesn++) { ++ if (sc->sc_sessions[sesn] == NULL) { ++ sc->sc_sessions[sesn] = (struct pasemi_session *) ++ kzalloc(sizeof(struct pasemi_session), GFP_ATOMIC); ++ ses = sc->sc_sessions[sesn]; ++ break; ++ } else if (sc->sc_sessions[sesn]->used == 0) { ++ ses = sc->sc_sessions[sesn]; ++ break; ++ } ++ } ++ ++ if (ses == NULL) { ++ sespp = (struct pasemi_session **) ++ kzalloc(sc->sc_nsessions * 2 * ++ sizeof(struct pasemi_session *), GFP_ATOMIC); ++ if (sespp == NULL) ++ return -ENOMEM; ++ memcpy(sespp, sc->sc_sessions, ++ sc->sc_nsessions * sizeof(struct pasemi_session *)); ++ kfree(sc->sc_sessions); ++ sc->sc_sessions = sespp; ++ sesn = sc->sc_nsessions; ++ ses = sc->sc_sessions[sesn] = (struct pasemi_session *) ++ kzalloc(sizeof(struct pasemi_session), GFP_ATOMIC); ++ if (ses == NULL) ++ return -ENOMEM; ++ sc->sc_nsessions *= 2; ++ } ++ ++ ses->used = 1; ++ ++ ses->dma_addr = pci_map_single(sc->dma_pdev, (void *) ses->civ, ++ sizeof(struct pasemi_session), DMA_TO_DEVICE); ++ ++ /* enter the channel scheduler */ ++ spin_lock_irqsave(&sc->sc_chnlock, flags); ++ ++ /* ARC4 has to be processed by the even channel */ ++ if (encini && (encini->cri_alg == CRYPTO_ARC4)) ++ ses->chan = sc->sc_lastchn & ~1; ++ else ++ ses->chan = sc->sc_lastchn; ++ sc->sc_lastchn = (sc->sc_lastchn + 1) % sc->sc_num_channels; ++ ++ spin_unlock_irqrestore(&sc->sc_chnlock, flags); ++ ++ txring = &sc->tx[ses->chan]; ++ ++ if (encini) { ++ ses->ccmd = ccmd; ++ ++ /* get an IV */ ++ /* XXX may read fewer than requested */ ++ get_random_bytes(ses->civ, sizeof(ses->civ)); ++ ++ ses->keysz = (encini->cri_klen - 63) / 64; ++ memcpy(ses->key, encini->cri_key, (ses->keysz + 1) * 8); ++ ++ pasemi_desc_start(&init_desc, ++ XCT_CTRL_HDR(ses->chan, (encini && macini) ? 0x68 : 0x40, DMA_FN_CIV0)); ++ pasemi_desc_build(&init_desc, ++ XCT_FUN_SRC_PTR((encini && macini) ? 0x68 : 0x40, ses->dma_addr)); ++ } ++ if (macini) { ++ if (macini->cri_alg == CRYPTO_MD5_HMAC || ++ macini->cri_alg == CRYPTO_SHA1_HMAC) ++ memcpy(ses->hkey, macini->cri_key, blksz); ++ else { ++ /* Load initialization constants(RFC 1321, 3174) */ ++ ses->hiv[0] = 0x67452301efcdab89ULL; ++ ses->hiv[1] = 0x98badcfe10325476ULL; ++ ses->hiv[2] = 0xc3d2e1f000000000ULL; ++ } ++ ses->hseq = 0ULL; ++ } ++ ++ spin_lock_irqsave(&txring->fill_lock, flags); ++ ++ if (((txring->next_to_fill + pasemi_desc_size(&init_desc)) - ++ txring->next_to_clean) > TX_RING_SIZE) { ++ spin_unlock_irqrestore(&txring->fill_lock, flags); ++ return ERESTART; ++ } ++ ++ if (encini) { ++ pasemi_ring_add_desc(txring, &init_desc, NULL); ++ pasemi_ring_incr(sc, ses->chan, ++ pasemi_desc_size(&init_desc)); ++ } ++ ++ txring->sesn = sesn; ++ spin_unlock_irqrestore(&txring->fill_lock, flags); ++ ++ *sidp = PASEMI_SID(sesn); ++ return 0; ++} ++ ++/* ++ * Deallocate a session. ++ */ ++static int ++pasemi_freesession(device_t dev, u_int64_t tid) ++{ ++ struct pasemi_softc *sc = device_get_softc(dev); ++ int session; ++ u_int32_t sid = ((u_int32_t) tid) & 0xffffffff; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ if (sc == NULL) ++ return -EINVAL; ++ session = PASEMI_SESSION(sid); ++ if (session >= sc->sc_nsessions || !sc->sc_sessions[session]) ++ return -EINVAL; ++ ++ pci_unmap_single(sc->dma_pdev, ++ sc->sc_sessions[session]->dma_addr, ++ sizeof(struct pasemi_session), DMA_TO_DEVICE); ++ memset(sc->sc_sessions[session], 0, ++ sizeof(struct pasemi_session)); ++ ++ return 0; ++} ++ ++static int ++pasemi_process(device_t dev, struct cryptop *crp, int hint) ++{ ++ ++ int err = 0, ivsize, srclen = 0, reinit = 0, reinit_size = 0, chsel; ++ struct pasemi_softc *sc = device_get_softc(dev); ++ struct cryptodesc *crd1, *crd2, *maccrd, *enccrd; ++ caddr_t ivp; ++ struct pasemi_desc init_desc, work_desc; ++ struct pasemi_session *ses; ++ struct sk_buff *skb; ++ struct uio *uiop; ++ unsigned long flags; ++ struct pasemi_fnu_txring *txring; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ if (crp == NULL || crp->crp_callback == NULL || sc == NULL) ++ return -EINVAL; ++ ++ crp->crp_etype = 0; ++ if (PASEMI_SESSION(crp->crp_sid) >= sc->sc_nsessions) ++ return -EINVAL; ++ ++ ses = sc->sc_sessions[PASEMI_SESSION(crp->crp_sid)]; ++ ++ crd1 = crp->crp_desc; ++ if (crd1 == NULL) { ++ err = -EINVAL; ++ goto errout; ++ } ++ crd2 = crd1->crd_next; ++ ++ if (ALG_IS_SIG(crd1->crd_alg)) { ++ maccrd = crd1; ++ if (crd2 == NULL) ++ enccrd = NULL; ++ else if (ALG_IS_CIPHER(crd2->crd_alg) && ++ (crd2->crd_flags & CRD_F_ENCRYPT) == 0) ++ enccrd = crd2; ++ else ++ goto erralg; ++ } else if (ALG_IS_CIPHER(crd1->crd_alg)) { ++ enccrd = crd1; ++ if (crd2 == NULL) ++ maccrd = NULL; ++ else if (ALG_IS_SIG(crd2->crd_alg) && ++ (crd1->crd_flags & CRD_F_ENCRYPT)) ++ maccrd = crd2; ++ else ++ goto erralg; ++ } else ++ goto erralg; ++ ++ chsel = ses->chan; ++ ++ txring = &sc->tx[chsel]; ++ ++ if (enccrd && !maccrd) { ++ if (enccrd->crd_alg == CRYPTO_ARC4) ++ reinit = 1; ++ reinit_size = 0x40; ++ srclen = crp->crp_ilen; ++ ++ pasemi_desc_start(&work_desc, XCT_FUN_O | XCT_FUN_I ++ | XCT_FUN_FUN(chsel)); ++ if (enccrd->crd_flags & CRD_F_ENCRYPT) ++ pasemi_desc_hdr(&work_desc, XCT_FUN_CRM_ENC); ++ else ++ pasemi_desc_hdr(&work_desc, XCT_FUN_CRM_DEC); ++ } else if (enccrd && maccrd) { ++ if (enccrd->crd_alg == CRYPTO_ARC4) ++ reinit = 1; ++ reinit_size = 0x68; ++ ++ if (enccrd->crd_flags & CRD_F_ENCRYPT) { ++ /* Encrypt -> Authenticate */ ++ pasemi_desc_start(&work_desc, XCT_FUN_O | XCT_FUN_I | XCT_FUN_CRM_ENC_SIG ++ | XCT_FUN_A | XCT_FUN_FUN(chsel)); ++ srclen = maccrd->crd_skip + maccrd->crd_len; ++ } else { ++ /* Authenticate -> Decrypt */ ++ pasemi_desc_start(&work_desc, XCT_FUN_O | XCT_FUN_I | XCT_FUN_CRM_SIG_DEC ++ | XCT_FUN_24BRES | XCT_FUN_FUN(chsel)); ++ pasemi_desc_build(&work_desc, 0); ++ pasemi_desc_build(&work_desc, 0); ++ pasemi_desc_build(&work_desc, 0); ++ work_desc.postop = PASEMI_CHECK_SIG; ++ srclen = crp->crp_ilen; ++ } ++ ++ pasemi_desc_hdr(&work_desc, XCT_FUN_SHL(maccrd->crd_skip / 4)); ++ pasemi_desc_hdr(&work_desc, XCT_FUN_CHL(enccrd->crd_skip - maccrd->crd_skip)); ++ } else if (!enccrd && maccrd) { ++ srclen = maccrd->crd_len; ++ ++ pasemi_desc_start(&init_desc, ++ XCT_CTRL_HDR(chsel, 0x58, DMA_FN_HKEY0)); ++ pasemi_desc_build(&init_desc, ++ XCT_FUN_SRC_PTR(0x58, ((struct pasemi_session *)ses->dma_addr)->hkey)); ++ ++ pasemi_desc_start(&work_desc, XCT_FUN_O | XCT_FUN_I | XCT_FUN_CRM_SIG ++ | XCT_FUN_A | XCT_FUN_FUN(chsel)); ++ } ++ ++ if (enccrd) { ++ switch (enccrd->crd_alg) { ++ case CRYPTO_3DES_CBC: ++ pasemi_desc_hdr(&work_desc, XCT_FUN_ALG_3DES | ++ XCT_FUN_BCM_CBC); ++ ivsize = sizeof(u64); ++ break; ++ case CRYPTO_DES_CBC: ++ pasemi_desc_hdr(&work_desc, XCT_FUN_ALG_DES | ++ XCT_FUN_BCM_CBC); ++ ivsize = sizeof(u64); ++ break; ++ case CRYPTO_AES_CBC: ++ pasemi_desc_hdr(&work_desc, XCT_FUN_ALG_AES | ++ XCT_FUN_BCM_CBC); ++ ivsize = 2 * sizeof(u64); ++ break; ++ case CRYPTO_ARC4: ++ pasemi_desc_hdr(&work_desc, XCT_FUN_ALG_ARC); ++ ivsize = 0; ++ break; ++ default: ++ printk(DRV_NAME ": unimplemented enccrd->crd_alg %d\n", ++ enccrd->crd_alg); ++ err = -EINVAL; ++ goto errout; ++ } ++ ++ ivp = (ivsize == sizeof(u64)) ? (caddr_t) &ses->civ[1] : (caddr_t) &ses->civ[0]; ++ if (enccrd->crd_flags & CRD_F_ENCRYPT) { ++ if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) ++ memcpy(ivp, enccrd->crd_iv, ivsize); ++ /* If IV is not present in the buffer already, it has to be copied there */ ++ if ((enccrd->crd_flags & CRD_F_IV_PRESENT) == 0) ++ crypto_copyback(crp->crp_flags, crp->crp_buf, ++ enccrd->crd_inject, ivsize, ivp); ++ } else { ++ if (enccrd->crd_flags & CRD_F_IV_EXPLICIT) ++ /* IV is provided expicitly in descriptor */ ++ memcpy(ivp, enccrd->crd_iv, ivsize); ++ else ++ /* IV is provided in the packet */ ++ crypto_copydata(crp->crp_flags, crp->crp_buf, ++ enccrd->crd_inject, ivsize, ++ ivp); ++ } ++ } ++ ++ if (maccrd) { ++ switch (maccrd->crd_alg) { ++ case CRYPTO_MD5: ++ pasemi_desc_hdr(&work_desc, XCT_FUN_SIG_MD5 | ++ XCT_FUN_HSZ((crp->crp_ilen - maccrd->crd_inject) / 4)); ++ break; ++ case CRYPTO_SHA1: ++ pasemi_desc_hdr(&work_desc, XCT_FUN_SIG_SHA1 | ++ XCT_FUN_HSZ((crp->crp_ilen - maccrd->crd_inject) / 4)); ++ break; ++ case CRYPTO_MD5_HMAC: ++ pasemi_desc_hdr(&work_desc, XCT_FUN_SIG_HMAC_MD5 | ++ XCT_FUN_HSZ((crp->crp_ilen - maccrd->crd_inject) / 4)); ++ break; ++ case CRYPTO_SHA1_HMAC: ++ pasemi_desc_hdr(&work_desc, XCT_FUN_SIG_HMAC_SHA1 | ++ XCT_FUN_HSZ((crp->crp_ilen - maccrd->crd_inject) / 4)); ++ break; ++ default: ++ printk(DRV_NAME ": unimplemented maccrd->crd_alg %d\n", ++ maccrd->crd_alg); ++ err = -EINVAL; ++ goto errout; ++ } ++ } ++ ++ if (crp->crp_flags & CRYPTO_F_SKBUF) { ++ /* using SKB buffers */ ++ skb = (struct sk_buff *)crp->crp_buf; ++ if (skb_shinfo(skb)->nr_frags) { ++ printk(DRV_NAME ": skb frags unimplemented\n"); ++ err = -EINVAL; ++ goto errout; ++ } ++ pasemi_desc_build( ++ &work_desc, ++ XCT_FUN_DST_PTR(skb->len, pci_map_single( ++ sc->dma_pdev, skb->data, ++ skb->len, DMA_TO_DEVICE))); ++ pasemi_desc_build( ++ &work_desc, ++ XCT_FUN_SRC_PTR( ++ srclen, pci_map_single( ++ sc->dma_pdev, skb->data, ++ srclen, DMA_TO_DEVICE))); ++ pasemi_desc_hdr(&work_desc, XCT_FUN_LLEN(srclen)); ++ } else if (crp->crp_flags & CRYPTO_F_IOV) { ++ /* using IOV buffers */ ++ uiop = (struct uio *)crp->crp_buf; ++ if (uiop->uio_iovcnt > 1) { ++ printk(DRV_NAME ": iov frags unimplemented\n"); ++ err = -EINVAL; ++ goto errout; ++ } ++ ++ /* crp_olen is never set; always use crp_ilen */ ++ pasemi_desc_build( ++ &work_desc, ++ XCT_FUN_DST_PTR(crp->crp_ilen, pci_map_single( ++ sc->dma_pdev, ++ uiop->uio_iov->iov_base, ++ crp->crp_ilen, DMA_TO_DEVICE))); ++ pasemi_desc_hdr(&work_desc, XCT_FUN_LLEN(srclen)); ++ ++ pasemi_desc_build( ++ &work_desc, ++ XCT_FUN_SRC_PTR(srclen, pci_map_single( ++ sc->dma_pdev, ++ uiop->uio_iov->iov_base, ++ srclen, DMA_TO_DEVICE))); ++ } else { ++ /* using contig buffers */ ++ pasemi_desc_build( ++ &work_desc, ++ XCT_FUN_DST_PTR(crp->crp_ilen, pci_map_single( ++ sc->dma_pdev, ++ crp->crp_buf, ++ crp->crp_ilen, DMA_TO_DEVICE))); ++ pasemi_desc_build( ++ &work_desc, ++ XCT_FUN_SRC_PTR(srclen, pci_map_single( ++ sc->dma_pdev, ++ crp->crp_buf, srclen, ++ DMA_TO_DEVICE))); ++ pasemi_desc_hdr(&work_desc, XCT_FUN_LLEN(srclen)); ++ } ++ ++ spin_lock_irqsave(&txring->fill_lock, flags); ++ ++ if (txring->sesn != PASEMI_SESSION(crp->crp_sid)) { ++ txring->sesn = PASEMI_SESSION(crp->crp_sid); ++ reinit = 1; ++ } ++ ++ if (enccrd) { ++ pasemi_desc_start(&init_desc, ++ XCT_CTRL_HDR(chsel, reinit ? reinit_size : 0x10, DMA_FN_CIV0)); ++ pasemi_desc_build(&init_desc, ++ XCT_FUN_SRC_PTR(reinit ? reinit_size : 0x10, ses->dma_addr)); ++ } ++ ++ if (((txring->next_to_fill + pasemi_desc_size(&init_desc) + ++ pasemi_desc_size(&work_desc)) - ++ txring->next_to_clean) > TX_RING_SIZE) { ++ spin_unlock_irqrestore(&txring->fill_lock, flags); ++ err = ERESTART; ++ goto errout; ++ } ++ ++ pasemi_ring_add_desc(txring, &init_desc, NULL); ++ pasemi_ring_add_desc(txring, &work_desc, crp); ++ ++ pasemi_ring_incr(sc, chsel, ++ pasemi_desc_size(&init_desc) + ++ pasemi_desc_size(&work_desc)); ++ ++ spin_unlock_irqrestore(&txring->fill_lock, flags); ++ ++ mod_timer(&txring->crypto_timer, jiffies + TIMER_INTERVAL); ++ ++ return 0; ++ ++erralg: ++ printk(DRV_NAME ": unsupported algorithm or algorithm order alg1 %d alg2 %d\n", ++ crd1->crd_alg, crd2->crd_alg); ++ err = -EINVAL; ++ ++errout: ++ if (err != ERESTART) { ++ crp->crp_etype = err; ++ crypto_done(crp); ++ } ++ return err; ++} ++ ++static int pasemi_clean_tx(struct pasemi_softc *sc, int chan) ++{ ++ int i, j, ring_idx; ++ struct pasemi_fnu_txring *ring = &sc->tx[chan]; ++ u16 delta_cnt; ++ int flags, loops = 10; ++ int desc_size; ++ struct cryptop *crp; ++ ++ spin_lock_irqsave(&ring->clean_lock, flags); ++ ++ while ((delta_cnt = (dma_status->tx_sta[sc->base_chan + chan] ++ & PAS_STATUS_PCNT_M) - ring->total_pktcnt) ++ && loops--) { ++ ++ for (i = 0; i < delta_cnt; i++) { ++ desc_size = TX_DESC_INFO(ring, ring->next_to_clean).desc_size; ++ crp = TX_DESC_INFO(ring, ring->next_to_clean).cf_crp; ++ if (crp) { ++ ring_idx = 2 * (ring->next_to_clean & (TX_RING_SIZE-1)); ++ if (TX_DESC_INFO(ring, ring->next_to_clean).desc_postop & PASEMI_CHECK_SIG) { ++ /* Need to make sure signature matched, ++ * if not - return error */ ++ if (!(ring->desc[ring_idx + 1] & (1ULL << 63))) ++ crp->crp_etype = -EINVAL; ++ } ++ crypto_done(TX_DESC_INFO(ring, ++ ring->next_to_clean).cf_crp); ++ TX_DESC_INFO(ring, ring->next_to_clean).cf_crp = NULL; ++ pci_unmap_single( ++ sc->dma_pdev, ++ XCT_PTR_ADDR_LEN(ring->desc[ring_idx + 1]), ++ PCI_DMA_TODEVICE); ++ ++ ring->desc[ring_idx] = ring->desc[ring_idx + 1] = 0; ++ ++ ring->next_to_clean++; ++ for (j = 1; j < desc_size; j++) { ++ ring_idx = 2 * ++ (ring->next_to_clean & ++ (TX_RING_SIZE-1)); ++ pci_unmap_single( ++ sc->dma_pdev, ++ XCT_PTR_ADDR_LEN(ring->desc[ring_idx]), ++ PCI_DMA_TODEVICE); ++ if (ring->desc[ring_idx + 1]) ++ pci_unmap_single( ++ sc->dma_pdev, ++ XCT_PTR_ADDR_LEN( ++ ring->desc[ ++ ring_idx + 1]), ++ PCI_DMA_TODEVICE); ++ ring->desc[ring_idx] = ++ ring->desc[ring_idx + 1] = 0; ++ ring->next_to_clean++; ++ } ++ } else { ++ for (j = 0; j < desc_size; j++) { ++ ring_idx = 2 * (ring->next_to_clean & (TX_RING_SIZE-1)); ++ ring->desc[ring_idx] = ++ ring->desc[ring_idx + 1] = 0; ++ ring->next_to_clean++; ++ } ++ } ++ } ++ ++ ring->total_pktcnt += delta_cnt; ++ } ++ spin_unlock_irqrestore(&ring->clean_lock, flags); ++ ++ return 0; ++} ++ ++static void sweepup_tx(struct pasemi_softc *sc) ++{ ++ int i; ++ ++ for (i = 0; i < sc->sc_num_channels; i++) ++ pasemi_clean_tx(sc, i); ++} ++ ++static irqreturn_t pasemi_intr(int irq, void *arg, struct pt_regs *regs) ++{ ++ struct pasemi_softc *sc = arg; ++ unsigned int reg; ++ int chan = irq - sc->base_irq; ++ int chan_index = sc->base_chan + chan; ++ u64 stat = dma_status->tx_sta[chan_index]; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ if (!(stat & PAS_STATUS_CAUSE_M)) ++ return IRQ_NONE; ++ ++ pasemi_clean_tx(sc, chan); ++ ++ stat = dma_status->tx_sta[chan_index]; ++ ++ reg = PAS_IOB_DMA_TXCH_RESET_PINTC | ++ PAS_IOB_DMA_TXCH_RESET_PCNT(sc->tx[chan].total_pktcnt); ++ ++ if (stat & PAS_STATUS_SOFT) ++ reg |= PAS_IOB_DMA_RXCH_RESET_SINTC; ++ ++ out_le32(sc->iob_regs + PAS_IOB_DMA_TXCH_RESET(chan_index), reg); ++ ++ ++ return IRQ_HANDLED; ++} ++ ++static int pasemi_dma_setup_tx_resources(struct pasemi_softc *sc, int chan) ++{ ++ u32 val; ++ int chan_index = chan + sc->base_chan; ++ int ret; ++ struct pasemi_fnu_txring *ring; ++ ++ ring = &sc->tx[chan]; ++ ++ spin_lock_init(&ring->fill_lock); ++ spin_lock_init(&ring->clean_lock); ++ ++ ring->desc_info = kzalloc(sizeof(struct pasemi_desc_info) * ++ TX_RING_SIZE, GFP_KERNEL); ++ if (!ring->desc_info) ++ return -ENOMEM; ++ ++ /* Allocate descriptors */ ++ ring->desc = dma_alloc_coherent(&sc->dma_pdev->dev, ++ TX_RING_SIZE * ++ 2 * sizeof(u64), ++ &ring->dma, GFP_KERNEL); ++ if (!ring->desc) ++ return -ENOMEM; ++ ++ memset((void *) ring->desc, 0, TX_RING_SIZE * 2 * sizeof(u64)); ++ ++ out_le32(sc->iob_regs + PAS_IOB_DMA_TXCH_RESET(chan_index), 0x30); ++ ++ ring->total_pktcnt = 0; ++ ++ out_le32(sc->dma_regs + PAS_DMA_TXCHAN_BASEL(chan_index), ++ PAS_DMA_TXCHAN_BASEL_BRBL(ring->dma)); ++ ++ val = PAS_DMA_TXCHAN_BASEU_BRBH(ring->dma >> 32); ++ val |= PAS_DMA_TXCHAN_BASEU_SIZ(TX_RING_SIZE >> 2); ++ ++ out_le32(sc->dma_regs + PAS_DMA_TXCHAN_BASEU(chan_index), val); ++ ++ out_le32(sc->dma_regs + PAS_DMA_TXCHAN_CFG(chan_index), ++ PAS_DMA_TXCHAN_CFG_TY_FUNC | ++ PAS_DMA_TXCHAN_CFG_TATTR(chan) | ++ PAS_DMA_TXCHAN_CFG_WT(2)); ++ ++ /* enable tx channel */ ++ out_le32(sc->dma_regs + ++ PAS_DMA_TXCHAN_TCMDSTA(chan_index), ++ PAS_DMA_TXCHAN_TCMDSTA_EN); ++ ++ out_le32(sc->iob_regs + PAS_IOB_DMA_TXCH_CFG(chan_index), ++ PAS_IOB_DMA_TXCH_CFG_CNTTH(1000)); ++ ++ ring->next_to_fill = 0; ++ ring->next_to_clean = 0; ++ ++ snprintf(ring->irq_name, sizeof(ring->irq_name), ++ "%s%d", "crypto", chan); ++ ++ ring->irq = irq_create_mapping(NULL, sc->base_irq + chan); ++ ret = request_irq(ring->irq, (irq_handler_t) ++ pasemi_intr, IRQF_DISABLED, ring->irq_name, sc); ++ if (ret) { ++ printk(KERN_ERR DRV_NAME ": failed to hook irq %d ret %d\n", ++ ring->irq, ret); ++ ring->irq = -1; ++ return ret; ++ } ++ ++ setup_timer(&ring->crypto_timer, (void *) sweepup_tx, (unsigned long) sc); ++ ++ return 0; ++} ++ ++static device_method_t pasemi_methods = { ++ /* crypto device methods */ ++ DEVMETHOD(cryptodev_newsession, pasemi_newsession), ++ DEVMETHOD(cryptodev_freesession, pasemi_freesession), ++ DEVMETHOD(cryptodev_process, pasemi_process), ++}; ++ ++/* Set up the crypto device structure, private data, ++ * and anything else we need before we start */ ++ ++static int __devinit ++pasemi_dma_probe(struct pci_dev *pdev, const struct pci_device_id *ent) ++{ ++ struct pasemi_softc *sc; ++ int ret, i; ++ ++ DPRINTF(KERN_ERR "%s()\n", __FUNCTION__); ++ ++ sc = kzalloc(sizeof(*sc), GFP_KERNEL); ++ if (!sc) ++ return -ENOMEM; ++ ++ softc_device_init(sc, DRV_NAME, 1, pasemi_methods); ++ ++ pci_set_drvdata(pdev, sc); ++ ++ spin_lock_init(&sc->sc_chnlock); ++ ++ sc->sc_sessions = (struct pasemi_session **) ++ kzalloc(PASEMI_INITIAL_SESSIONS * ++ sizeof(struct pasemi_session *), GFP_ATOMIC); ++ if (sc->sc_sessions == NULL) { ++ ret = -ENOMEM; ++ goto out; ++ } ++ ++ sc->sc_nsessions = PASEMI_INITIAL_SESSIONS; ++ sc->sc_lastchn = 0; ++ sc->base_irq = pdev->irq + 6; ++ sc->base_chan = 6; ++ sc->sc_cid = -1; ++ sc->dma_pdev = pdev; ++ ++ sc->iob_pdev = pci_get_device(PCI_VENDOR_ID_PASEMI, 0xa001, NULL); ++ if (!sc->iob_pdev) { ++ dev_err(&pdev->dev, "Can't find I/O Bridge\n"); ++ ret = -ENODEV; ++ goto out; ++ } ++ ++ /* This is hardcoded and ugly, but we have some firmware versions ++ * who don't provide the register space in the device tree. Luckily ++ * they are at well-known locations so we can just do the math here. ++ */ ++ sc->dma_regs = ++ ioremap(0xe0000000 + (sc->dma_pdev->devfn << 12), 0x2000); ++ sc->iob_regs = ++ ioremap(0xe0000000 + (sc->iob_pdev->devfn << 12), 0x2000); ++ if (!sc->dma_regs || !sc->iob_regs) { ++ dev_err(&pdev->dev, "Can't map registers\n"); ++ ret = -ENODEV; ++ goto out; ++ } ++ ++ dma_status = __ioremap(0xfd800000, 0x1000, 0); ++ if (!dma_status) { ++ ret = -ENODEV; ++ dev_err(&pdev->dev, "Can't map dmastatus space\n"); ++ goto out; ++ } ++ ++ sc->tx = (struct pasemi_fnu_txring *) ++ kzalloc(sizeof(struct pasemi_fnu_txring) ++ * 8, GFP_KERNEL); ++ if (!sc->tx) { ++ ret = -ENOMEM; ++ goto out; ++ } ++ ++ /* Initialize the h/w */ ++ out_le32(sc->dma_regs + PAS_DMA_COM_CFG, ++ (in_le32(sc->dma_regs + PAS_DMA_COM_CFG) | ++ PAS_DMA_COM_CFG_FWF)); ++ out_le32(sc->dma_regs + PAS_DMA_COM_TXCMD, PAS_DMA_COM_TXCMD_EN); ++ ++ for (i = 0; i < PASEMI_FNU_CHANNELS; i++) { ++ sc->sc_num_channels++; ++ ret = pasemi_dma_setup_tx_resources(sc, i); ++ if (ret) ++ goto out; ++ } ++ ++ sc->sc_cid = crypto_get_driverid(softc_get_device(sc), ++ CRYPTOCAP_F_HARDWARE); ++ if (sc->sc_cid < 0) { ++ printk(KERN_ERR DRV_NAME ": could not get crypto driver id\n"); ++ ret = -ENXIO; ++ goto out; ++ } ++ ++ /* register algorithms with the framework */ ++ printk(DRV_NAME ":"); ++ ++ crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0); ++ crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0); ++ crypto_register(sc->sc_cid, CRYPTO_AES_CBC, 0, 0); ++ crypto_register(sc->sc_cid, CRYPTO_ARC4, 0, 0); ++ crypto_register(sc->sc_cid, CRYPTO_SHA1, 0, 0); ++ crypto_register(sc->sc_cid, CRYPTO_MD5, 0, 0); ++ crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0); ++ crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0); ++ ++ return 0; ++ ++out: ++ pasemi_dma_remove(pdev); ++ return ret; ++} ++ ++#define MAX_RETRIES 5000 ++ ++static void pasemi_free_tx_resources(struct pasemi_softc *sc, int chan) ++{ ++ struct pasemi_fnu_txring *ring = &sc->tx[chan]; ++ int chan_index = chan + sc->base_chan; ++ int retries; ++ u32 stat; ++ ++ /* Stop the channel */ ++ out_le32(sc->dma_regs + ++ PAS_DMA_TXCHAN_TCMDSTA(chan_index), ++ PAS_DMA_TXCHAN_TCMDSTA_ST); ++ ++ for (retries = 0; retries < MAX_RETRIES; retries++) { ++ stat = in_le32(sc->dma_regs + ++ PAS_DMA_TXCHAN_TCMDSTA(chan_index)); ++ if (!(stat & PAS_DMA_TXCHAN_TCMDSTA_ACT)) ++ break; ++ cond_resched(); ++ } ++ ++ if (stat & PAS_DMA_TXCHAN_TCMDSTA_ACT) ++ dev_err(&sc->dma_pdev->dev, "Failed to stop tx channel %d\n", ++ chan_index); ++ ++ /* Disable the channel */ ++ out_le32(sc->dma_regs + ++ PAS_DMA_TXCHAN_TCMDSTA(chan_index), ++ 0); ++ ++ if (ring->desc_info) ++ kfree((void *) ring->desc_info); ++ if (ring->desc) ++ dma_free_coherent(&sc->dma_pdev->dev, ++ TX_RING_SIZE * ++ 2 * sizeof(u64), ++ (void *) ring->desc, ring->dma); ++ if (ring->irq != -1) ++ free_irq(ring->irq, sc); ++ ++ del_timer(&ring->crypto_timer); ++} ++ ++static void __devexit pasemi_dma_remove(struct pci_dev *pdev) ++{ ++ struct pasemi_softc *sc = pci_get_drvdata(pdev); ++ int i; ++ ++ DPRINTF("%s()\n", __FUNCTION__); ++ ++ if (sc->sc_cid >= 0) { ++ crypto_unregister_all(sc->sc_cid); ++ } ++ ++ if (sc->tx) { ++ for (i = 0; i < sc->sc_num_channels; i++) ++ pasemi_free_tx_resources(sc, i); ++ ++ kfree(sc->tx); ++ } ++ if (sc->sc_sessions) { ++ for (i = 0; i < sc->sc_nsessions; i++) ++ kfree(sc->sc_sessions[i]); ++ kfree(sc->sc_sessions); ++ } ++ if (sc->iob_pdev) ++ pci_dev_put(sc->iob_pdev); ++ if (sc->dma_regs) ++ iounmap(sc->dma_regs); ++ if (sc->iob_regs) ++ iounmap(sc->iob_regs); ++ kfree(sc); ++} ++ ++static struct pci_device_id pasemi_dma_pci_tbl[] = { ++ { PCI_DEVICE(PCI_VENDOR_ID_PASEMI, 0xa007) }, ++}; ++ ++MODULE_DEVICE_TABLE(pci, pasemi_dma_pci_tbl); ++ ++static struct pci_driver pasemi_dma_driver = { ++ .name = "pasemi_dma", ++ .id_table = pasemi_dma_pci_tbl, ++ .probe = pasemi_dma_probe, ++ .remove = __devexit_p(pasemi_dma_remove), ++}; ++ ++static void __exit pasemi_dma_cleanup_module(void) ++{ ++ pci_unregister_driver(&pasemi_dma_driver); ++ __iounmap(dma_status); ++ dma_status = NULL; ++} ++ ++int pasemi_dma_init_module(void) ++{ ++ return pci_register_driver(&pasemi_dma_driver); ++} ++ ++module_init(pasemi_dma_init_module); ++module_exit(pasemi_dma_cleanup_module); ++ ++MODULE_LICENSE("Dual BSD/GPL"); ++MODULE_AUTHOR("Egor Martovetsky egor@pasemi.com"); ++MODULE_DESCRIPTION("OCF driver for PA Semi PWRficient DMA Crypto Engine"); +--- /dev/null ++++ b/crypto/ocf/pasemi/pasemi_fnu.h +@@ -0,0 +1,410 @@ ++/* ++ * Copyright (C) 2007 PA Semi, Inc ++ * ++ * Driver for the PA Semi PWRficient DMA Crypto Engine, soft state and ++ * hardware register layouts. ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ++ */ ++ ++#ifndef PASEMI_FNU_H ++#define PASEMI_FNU_H ++ ++#include <linux/spinlock.h> ++ ++#define PASEMI_SESSION(sid) ((sid) & 0xffffffff) ++#define PASEMI_SID(sesn) ((sesn) & 0xffffffff) ++#define DPRINTF(a...) if (debug) { printk(DRV_NAME ": " a); } ++ ++/* Must be a power of two */ ++#define RX_RING_SIZE 512 ++#define TX_RING_SIZE 512 ++#define TX_DESC(ring, num) ((ring)->desc[2 * (num & (TX_RING_SIZE-1))]) ++#define TX_DESC_INFO(ring, num) ((ring)->desc_info[(num) & (TX_RING_SIZE-1)]) ++#define MAX_DESC_SIZE 8 ++#define PASEMI_INITIAL_SESSIONS 10 ++#define PASEMI_FNU_CHANNELS 8 ++ ++/* DMA descriptor */ ++struct pasemi_desc { ++ u64 quad[2*MAX_DESC_SIZE]; ++ int quad_cnt; ++ int size; ++ int postop; ++}; ++ ++/* ++ * Holds per descriptor data ++ */ ++struct pasemi_desc_info { ++ int desc_size; ++ int desc_postop; ++#define PASEMI_CHECK_SIG 0x1 ++ ++ struct cryptop *cf_crp; ++}; ++ ++/* ++ * Holds per channel data ++ */ ++struct pasemi_fnu_txring { ++ volatile u64 *desc; ++ volatile struct ++ pasemi_desc_info *desc_info; ++ dma_addr_t dma; ++ struct timer_list crypto_timer; ++ spinlock_t fill_lock; ++ spinlock_t clean_lock; ++ unsigned int next_to_fill; ++ unsigned int next_to_clean; ++ u16 total_pktcnt; ++ int irq; ++ int sesn; ++ char irq_name[10]; ++}; ++ ++/* ++ * Holds data specific to a single pasemi device. ++ */ ++struct pasemi_softc { ++ softc_device_decl sc_cdev; ++ struct pci_dev *dma_pdev; /* device backpointer */ ++ struct pci_dev *iob_pdev; /* device backpointer */ ++ void __iomem *dma_regs; ++ void __iomem *iob_regs; ++ int base_irq; ++ int base_chan; ++ int32_t sc_cid; /* crypto tag */ ++ int sc_nsessions; ++ struct pasemi_session **sc_sessions; ++ int sc_num_channels;/* number of crypto channels */ ++ ++ /* pointer to the array of txring datastructures, one txring per channel */ ++ struct pasemi_fnu_txring *tx; ++ ++ /* ++ * mutual exclusion for the channel scheduler ++ */ ++ spinlock_t sc_chnlock; ++ /* last channel used, for now use round-robin to allocate channels */ ++ int sc_lastchn; ++}; ++ ++struct pasemi_session { ++ u64 civ[2]; ++ u64 keysz; ++ u64 key[4]; ++ u64 ccmd; ++ u64 hkey[4]; ++ u64 hseq; ++ u64 giv[2]; ++ u64 hiv[4]; ++ ++ int used; ++ dma_addr_t dma_addr; ++ int chan; ++}; ++ ++/* status register layout in IOB region, at 0xfd800000 */ ++struct pasdma_status { ++ u64 rx_sta[64]; ++ u64 tx_sta[20]; ++}; ++ ++#define ALG_IS_CIPHER(alg) ((alg == CRYPTO_DES_CBC) || \ ++ (alg == CRYPTO_3DES_CBC) || \ ++ (alg == CRYPTO_AES_CBC) || \ ++ (alg == CRYPTO_ARC4) || \ ++ (alg == CRYPTO_NULL_CBC)) ++ ++#define ALG_IS_SIG(alg) ((alg == CRYPTO_MD5) || \ ++ (alg == CRYPTO_MD5_HMAC) || \ ++ (alg == CRYPTO_SHA1) || \ ++ (alg == CRYPTO_SHA1_HMAC) || \ ++ (alg == CRYPTO_NULL_HMAC)) ++ ++enum { ++ PAS_DMA_COM_TXCMD = 0x100, /* Transmit Command Register */ ++ PAS_DMA_COM_TXSTA = 0x104, /* Transmit Status Register */ ++ PAS_DMA_COM_RXCMD = 0x108, /* Receive Command Register */ ++ PAS_DMA_COM_RXSTA = 0x10c, /* Receive Status Register */ ++ PAS_DMA_COM_CFG = 0x114, /* DMA Configuration Register */ ++}; ++ ++/* All these registers live in the PCI configuration space for the DMA PCI ++ * device. Use the normal PCI config access functions for them. ++ */ ++ ++#define PAS_DMA_COM_CFG_FWF 0x18000000 ++ ++#define PAS_DMA_COM_TXCMD_EN 0x00000001 /* enable */ ++#define PAS_DMA_COM_TXSTA_ACT 0x00000001 /* active */ ++#define PAS_DMA_COM_RXCMD_EN 0x00000001 /* enable */ ++#define PAS_DMA_COM_RXSTA_ACT 0x00000001 /* active */ ++ ++#define _PAS_DMA_TXCHAN_STRIDE 0x20 /* Size per channel */ ++#define _PAS_DMA_TXCHAN_TCMDSTA 0x300 /* Command / Status */ ++#define _PAS_DMA_TXCHAN_CFG 0x304 /* Configuration */ ++#define _PAS_DMA_TXCHAN_DSCRBU 0x308 /* Descriptor BU Allocation */ ++#define _PAS_DMA_TXCHAN_INCR 0x310 /* Descriptor increment */ ++#define _PAS_DMA_TXCHAN_CNT 0x314 /* Descriptor count/offset */ ++#define _PAS_DMA_TXCHAN_BASEL 0x318 /* Descriptor ring base (low) */ ++#define _PAS_DMA_TXCHAN_BASEU 0x31c /* (high) */ ++#define PAS_DMA_TXCHAN_TCMDSTA(c) (0x300+(c)*_PAS_DMA_TXCHAN_STRIDE) ++#define PAS_DMA_TXCHAN_TCMDSTA_EN 0x00000001 /* Enabled */ ++#define PAS_DMA_TXCHAN_TCMDSTA_ST 0x00000002 /* Stop interface */ ++#define PAS_DMA_TXCHAN_TCMDSTA_ACT 0x00010000 /* Active */ ++#define PAS_DMA_TXCHAN_CFG(c) (0x304+(c)*_PAS_DMA_TXCHAN_STRIDE) ++#define PAS_DMA_TXCHAN_CFG_TY_FUNC 0x00000002 /* Type = interface */ ++#define PAS_DMA_TXCHAN_CFG_TY_IFACE 0x00000000 /* Type = interface */ ++#define PAS_DMA_TXCHAN_CFG_TATTR_M 0x0000003c ++#define PAS_DMA_TXCHAN_CFG_TATTR_S 2 ++#define PAS_DMA_TXCHAN_CFG_TATTR(x) (((x) << PAS_DMA_TXCHAN_CFG_TATTR_S) & \ ++ PAS_DMA_TXCHAN_CFG_TATTR_M) ++#define PAS_DMA_TXCHAN_CFG_WT_M 0x000001c0 ++#define PAS_DMA_TXCHAN_CFG_WT_S 6 ++#define PAS_DMA_TXCHAN_CFG_WT(x) (((x) << PAS_DMA_TXCHAN_CFG_WT_S) & \ ++ PAS_DMA_TXCHAN_CFG_WT_M) ++#define PAS_DMA_TXCHAN_CFG_LPSQ_FAST 0x00000400 ++#define PAS_DMA_TXCHAN_CFG_LPDQ_FAST 0x00000800 ++#define PAS_DMA_TXCHAN_CFG_CF 0x00001000 /* Clean first line */ ++#define PAS_DMA_TXCHAN_CFG_CL 0x00002000 /* Clean last line */ ++#define PAS_DMA_TXCHAN_CFG_UP 0x00004000 /* update tx descr when sent */ ++#define PAS_DMA_TXCHAN_INCR(c) (0x310+(c)*_PAS_DMA_TXCHAN_STRIDE) ++#define PAS_DMA_TXCHAN_BASEL(c) (0x318+(c)*_PAS_DMA_TXCHAN_STRIDE) ++#define PAS_DMA_TXCHAN_BASEL_BRBL_M 0xffffffc0 ++#define PAS_DMA_TXCHAN_BASEL_BRBL_S 0 ++#define PAS_DMA_TXCHAN_BASEL_BRBL(x) (((x) << PAS_DMA_TXCHAN_BASEL_BRBL_S) & \ ++ PAS_DMA_TXCHAN_BASEL_BRBL_M) ++#define PAS_DMA_TXCHAN_BASEU(c) (0x31c+(c)*_PAS_DMA_TXCHAN_STRIDE) ++#define PAS_DMA_TXCHAN_BASEU_BRBH_M 0x00000fff ++#define PAS_DMA_TXCHAN_BASEU_BRBH_S 0 ++#define PAS_DMA_TXCHAN_BASEU_BRBH(x) (((x) << PAS_DMA_TXCHAN_BASEU_BRBH_S) & \ ++ PAS_DMA_TXCHAN_BASEU_BRBH_M) ++/* # of cache lines worth of buffer ring */ ++#define PAS_DMA_TXCHAN_BASEU_SIZ_M 0x3fff0000 ++#define PAS_DMA_TXCHAN_BASEU_SIZ_S 16 /* 0 = 16K */ ++#define PAS_DMA_TXCHAN_BASEU_SIZ(x) (((x) << PAS_DMA_TXCHAN_BASEU_SIZ_S) & \ ++ PAS_DMA_TXCHAN_BASEU_SIZ_M) ++ ++#define PAS_STATUS_PCNT_M 0x000000000000ffffull ++#define PAS_STATUS_PCNT_S 0 ++#define PAS_STATUS_DCNT_M 0x00000000ffff0000ull ++#define PAS_STATUS_DCNT_S 16 ++#define PAS_STATUS_BPCNT_M 0x0000ffff00000000ull ++#define PAS_STATUS_BPCNT_S 32 ++#define PAS_STATUS_CAUSE_M 0xf000000000000000ull ++#define PAS_STATUS_TIMER 0x1000000000000000ull ++#define PAS_STATUS_ERROR 0x2000000000000000ull ++#define PAS_STATUS_SOFT 0x4000000000000000ull ++#define PAS_STATUS_INT 0x8000000000000000ull ++ ++#define PAS_IOB_DMA_RXCH_CFG(i) (0x1100 + (i)*4) ++#define PAS_IOB_DMA_RXCH_CFG_CNTTH_M 0x00000fff ++#define PAS_IOB_DMA_RXCH_CFG_CNTTH_S 0 ++#define PAS_IOB_DMA_RXCH_CFG_CNTTH(x) (((x) << PAS_IOB_DMA_RXCH_CFG_CNTTH_S) & \ ++ PAS_IOB_DMA_RXCH_CFG_CNTTH_M) ++#define PAS_IOB_DMA_TXCH_CFG(i) (0x1200 + (i)*4) ++#define PAS_IOB_DMA_TXCH_CFG_CNTTH_M 0x00000fff ++#define PAS_IOB_DMA_TXCH_CFG_CNTTH_S 0 ++#define PAS_IOB_DMA_TXCH_CFG_CNTTH(x) (((x) << PAS_IOB_DMA_TXCH_CFG_CNTTH_S) & \ ++ PAS_IOB_DMA_TXCH_CFG_CNTTH_M) ++#define PAS_IOB_DMA_RXCH_STAT(i) (0x1300 + (i)*4) ++#define PAS_IOB_DMA_RXCH_STAT_INTGEN 0x00001000 ++#define PAS_IOB_DMA_RXCH_STAT_CNTDEL_M 0x00000fff ++#define PAS_IOB_DMA_RXCH_STAT_CNTDEL_S 0 ++#define PAS_IOB_DMA_RXCH_STAT_CNTDEL(x) (((x) << PAS_IOB_DMA_RXCH_STAT_CNTDEL_S) &\ ++ PAS_IOB_DMA_RXCH_STAT_CNTDEL_M) ++#define PAS_IOB_DMA_TXCH_STAT(i) (0x1400 + (i)*4) ++#define PAS_IOB_DMA_TXCH_STAT_INTGEN 0x00001000 ++#define PAS_IOB_DMA_TXCH_STAT_CNTDEL_M 0x00000fff ++#define PAS_IOB_DMA_TXCH_STAT_CNTDEL_S 0 ++#define PAS_IOB_DMA_TXCH_STAT_CNTDEL(x) (((x) << PAS_IOB_DMA_TXCH_STAT_CNTDEL_S) &\ ++ PAS_IOB_DMA_TXCH_STAT_CNTDEL_M) ++#define PAS_IOB_DMA_RXCH_RESET(i) (0x1500 + (i)*4) ++#define PAS_IOB_DMA_RXCH_RESET_PCNT_M 0xffff0000 ++#define PAS_IOB_DMA_RXCH_RESET_PCNT_S 16 ++#define PAS_IOB_DMA_RXCH_RESET_PCNT(x) (((x) << PAS_IOB_DMA_RXCH_RESET_PCNT_S) & \ ++ PAS_IOB_DMA_RXCH_RESET_PCNT_M) ++#define PAS_IOB_DMA_RXCH_RESET_PCNTRST 0x00000020 ++#define PAS_IOB_DMA_RXCH_RESET_DCNTRST 0x00000010 ++#define PAS_IOB_DMA_RXCH_RESET_TINTC 0x00000008 ++#define PAS_IOB_DMA_RXCH_RESET_DINTC 0x00000004 ++#define PAS_IOB_DMA_RXCH_RESET_SINTC 0x00000002 ++#define PAS_IOB_DMA_RXCH_RESET_PINTC 0x00000001 ++#define PAS_IOB_DMA_TXCH_RESET(i) (0x1600 + (i)*4) ++#define PAS_IOB_DMA_TXCH_RESET_PCNT_M 0xffff0000 ++#define PAS_IOB_DMA_TXCH_RESET_PCNT_S 16 ++#define PAS_IOB_DMA_TXCH_RESET_PCNT(x) (((x) << PAS_IOB_DMA_TXCH_RESET_PCNT_S) & \ ++ PAS_IOB_DMA_TXCH_RESET_PCNT_M) ++#define PAS_IOB_DMA_TXCH_RESET_PCNTRST 0x00000020 ++#define PAS_IOB_DMA_TXCH_RESET_DCNTRST 0x00000010 ++#define PAS_IOB_DMA_TXCH_RESET_TINTC 0x00000008 ++#define PAS_IOB_DMA_TXCH_RESET_DINTC 0x00000004 ++#define PAS_IOB_DMA_TXCH_RESET_SINTC 0x00000002 ++#define PAS_IOB_DMA_TXCH_RESET_PINTC 0x00000001 ++ ++#define PAS_IOB_DMA_COM_TIMEOUTCFG 0x1700 ++#define PAS_IOB_DMA_COM_TIMEOUTCFG_TCNT_M 0x00ffffff ++#define PAS_IOB_DMA_COM_TIMEOUTCFG_TCNT_S 0 ++#define PAS_IOB_DMA_COM_TIMEOUTCFG_TCNT(x) (((x) << PAS_IOB_DMA_COM_TIMEOUTCFG_TCNT_S) & \ ++ PAS_IOB_DMA_COM_TIMEOUTCFG_TCNT_M) ++ ++/* Transmit descriptor fields */ ++#define XCT_MACTX_T 0x8000000000000000ull ++#define XCT_MACTX_ST 0x4000000000000000ull ++#define XCT_MACTX_NORES 0x0000000000000000ull ++#define XCT_MACTX_8BRES 0x1000000000000000ull ++#define XCT_MACTX_24BRES 0x2000000000000000ull ++#define XCT_MACTX_40BRES 0x3000000000000000ull ++#define XCT_MACTX_I 0x0800000000000000ull ++#define XCT_MACTX_O 0x0400000000000000ull ++#define XCT_MACTX_E 0x0200000000000000ull ++#define XCT_MACTX_VLAN_M 0x0180000000000000ull ++#define XCT_MACTX_VLAN_NOP 0x0000000000000000ull ++#define XCT_MACTX_VLAN_REMOVE 0x0080000000000000ull ++#define XCT_MACTX_VLAN_INSERT 0x0100000000000000ull ++#define XCT_MACTX_VLAN_REPLACE 0x0180000000000000ull ++#define XCT_MACTX_CRC_M 0x0060000000000000ull ++#define XCT_MACTX_CRC_NOP 0x0000000000000000ull ++#define XCT_MACTX_CRC_INSERT 0x0020000000000000ull ++#define XCT_MACTX_CRC_PAD 0x0040000000000000ull ++#define XCT_MACTX_CRC_REPLACE 0x0060000000000000ull ++#define XCT_MACTX_SS 0x0010000000000000ull ++#define XCT_MACTX_LLEN_M 0x00007fff00000000ull ++#define XCT_MACTX_LLEN_S 32ull ++#define XCT_MACTX_LLEN(x) ((((long)(x)) << XCT_MACTX_LLEN_S) & \ ++ XCT_MACTX_LLEN_M) ++#define XCT_MACTX_IPH_M 0x00000000f8000000ull ++#define XCT_MACTX_IPH_S 27ull ++#define XCT_MACTX_IPH(x) ((((long)(x)) << XCT_MACTX_IPH_S) & \ ++ XCT_MACTX_IPH_M) ++#define XCT_MACTX_IPO_M 0x0000000007c00000ull ++#define XCT_MACTX_IPO_S 22ull ++#define XCT_MACTX_IPO(x) ((((long)(x)) << XCT_MACTX_IPO_S) & \ ++ XCT_MACTX_IPO_M) ++#define XCT_MACTX_CSUM_M 0x0000000000000060ull ++#define XCT_MACTX_CSUM_NOP 0x0000000000000000ull ++#define XCT_MACTX_CSUM_TCP 0x0000000000000040ull ++#define XCT_MACTX_CSUM_UDP 0x0000000000000060ull ++#define XCT_MACTX_V6 0x0000000000000010ull ++#define XCT_MACTX_C 0x0000000000000004ull ++#define XCT_MACTX_AL2 0x0000000000000002ull ++ ++#define XCT_PTR_T 0x8000000000000000ull ++#define XCT_PTR_LEN_M 0x7ffff00000000000ull ++#define XCT_PTR_LEN_S 44 ++#define XCT_PTR_LEN(x) ((((long)(x)) << XCT_PTR_LEN_S) & \ ++ XCT_PTR_LEN_M) ++#define XCT_PTR_ADDR_M 0x00000fffffffffffull ++#define XCT_PTR_ADDR_S 0 ++#define XCT_PTR_ADDR(x) ((((long)(x)) << XCT_PTR_ADDR_S) & \ ++ XCT_PTR_ADDR_M) ++ ++/* Function descriptor fields */ ++#define XCT_FUN_T 0x8000000000000000ull ++#define XCT_FUN_ST 0x4000000000000000ull ++#define XCT_FUN_NORES 0x0000000000000000ull ++#define XCT_FUN_8BRES 0x1000000000000000ull ++#define XCT_FUN_24BRES 0x2000000000000000ull ++#define XCT_FUN_40BRES 0x3000000000000000ull ++#define XCT_FUN_I 0x0800000000000000ull ++#define XCT_FUN_O 0x0400000000000000ull ++#define XCT_FUN_E 0x0200000000000000ull ++#define XCT_FUN_FUN_S 54 ++#define XCT_FUN_FUN_M 0x01c0000000000000ull ++#define XCT_FUN_FUN(num) ((((long)(num)) << XCT_FUN_FUN_S) & \ ++ XCT_FUN_FUN_M) ++#define XCT_FUN_CRM_NOP 0x0000000000000000ull ++#define XCT_FUN_CRM_SIG 0x0008000000000000ull ++#define XCT_FUN_CRM_ENC 0x0010000000000000ull ++#define XCT_FUN_CRM_DEC 0x0018000000000000ull ++#define XCT_FUN_CRM_SIG_ENC 0x0020000000000000ull ++#define XCT_FUN_CRM_ENC_SIG 0x0028000000000000ull ++#define XCT_FUN_CRM_SIG_DEC 0x0030000000000000ull ++#define XCT_FUN_CRM_DEC_SIG 0x0038000000000000ull ++#define XCT_FUN_LLEN_M 0x0007ffff00000000ull ++#define XCT_FUN_LLEN_S 32ULL ++#define XCT_FUN_LLEN(x) ((((long)(x)) << XCT_FUN_LLEN_S) & \ ++ XCT_FUN_LLEN_M) ++#define XCT_FUN_SHL_M 0x00000000f8000000ull ++#define XCT_FUN_SHL_S 27ull ++#define XCT_FUN_SHL(x) ((((long)(x)) << XCT_FUN_SHL_S) & \ ++ XCT_FUN_SHL_M) ++#define XCT_FUN_CHL_M 0x0000000007c00000ull ++#define XCT_FUN_CHL_S 22ull ++#define XCT_FUN_CHL(x) ((((long)(x)) << XCT_FUN_CHL_S) & \ ++ XCT_FUN_CHL_M) ++#define XCT_FUN_HSZ_M 0x00000000003c0000ull ++#define XCT_FUN_HSZ_S 18ull ++#define XCT_FUN_HSZ(x) ((((long)(x)) << XCT_FUN_HSZ_S) & \ ++ XCT_FUN_HSZ_M) ++#define XCT_FUN_ALG_DES 0x0000000000000000ull ++#define XCT_FUN_ALG_3DES 0x0000000000008000ull ++#define XCT_FUN_ALG_AES 0x0000000000010000ull ++#define XCT_FUN_ALG_ARC 0x0000000000018000ull ++#define XCT_FUN_ALG_KASUMI 0x0000000000020000ull ++#define XCT_FUN_BCM_ECB 0x0000000000000000ull ++#define XCT_FUN_BCM_CBC 0x0000000000001000ull ++#define XCT_FUN_BCM_CFB 0x0000000000002000ull ++#define XCT_FUN_BCM_OFB 0x0000000000003000ull ++#define XCT_FUN_BCM_CNT 0x0000000000003800ull ++#define XCT_FUN_BCM_KAS_F8 0x0000000000002800ull ++#define XCT_FUN_BCM_KAS_F9 0x0000000000001800ull ++#define XCT_FUN_BCP_NO_PAD 0x0000000000000000ull ++#define XCT_FUN_BCP_ZRO 0x0000000000000200ull ++#define XCT_FUN_BCP_PL 0x0000000000000400ull ++#define XCT_FUN_BCP_INCR 0x0000000000000600ull ++#define XCT_FUN_SIG_MD5 (0ull << 4) ++#define XCT_FUN_SIG_SHA1 (2ull << 4) ++#define XCT_FUN_SIG_HMAC_MD5 (8ull << 4) ++#define XCT_FUN_SIG_HMAC_SHA1 (10ull << 4) ++#define XCT_FUN_A 0x0000000000000008ull ++#define XCT_FUN_C 0x0000000000000004ull ++#define XCT_FUN_AL2 0x0000000000000002ull ++#define XCT_FUN_SE 0x0000000000000001ull ++ ++#define XCT_FUN_SRC_PTR(len, addr) (XCT_PTR_LEN(len) | XCT_PTR_ADDR(addr)) ++#define XCT_FUN_DST_PTR(len, addr) (XCT_FUN_SRC_PTR(len, addr) | \ ++ 0x8000000000000000ull) ++ ++#define XCT_CTRL_HDR_FUN_NUM_M 0x01c0000000000000ull ++#define XCT_CTRL_HDR_FUN_NUM_S 54 ++#define XCT_CTRL_HDR_LEN_M 0x0007ffff00000000ull ++#define XCT_CTRL_HDR_LEN_S 32 ++#define XCT_CTRL_HDR_REG_M 0x00000000000000ffull ++#define XCT_CTRL_HDR_REG_S 0 ++ ++#define XCT_CTRL_HDR(funcN,len,reg) (0x9400000000000000ull | \ ++ ((((long)(funcN)) << XCT_CTRL_HDR_FUN_NUM_S) \ ++ & XCT_CTRL_HDR_FUN_NUM_M) | \ ++ ((((long)(len)) << \ ++ XCT_CTRL_HDR_LEN_S) & XCT_CTRL_HDR_LEN_M) | \ ++ ((((long)(reg)) << \ ++ XCT_CTRL_HDR_REG_S) & XCT_CTRL_HDR_REG_M)) ++ ++/* Function config command options */ ++#define DMA_CALGO_DES 0x00 ++#define DMA_CALGO_3DES 0x01 ++#define DMA_CALGO_AES 0x02 ++#define DMA_CALGO_ARC 0x03 ++ ++#define DMA_FN_CIV0 0x02 ++#define DMA_FN_CIV1 0x03 ++#define DMA_FN_HKEY0 0x0a ++ ++#define XCT_PTR_ADDR_LEN(ptr) ((ptr) & XCT_PTR_ADDR_M), \ ++ (((ptr) & XCT_PTR_LEN_M) >> XCT_PTR_LEN_S) ++ ++#endif /* PASEMI_FNU_H */ diff --git a/target/linux/generic-2.6/patches-2.6.27/971-ocf_compile_fix.patch b/target/linux/generic-2.6/patches-2.6.27/971-ocf_compile_fix.patch new file mode 100644 index 0000000000..a3fa226814 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.27/971-ocf_compile_fix.patch @@ -0,0 +1,11 @@ +--- a/crypto/ocf/cryptosoft.c ++++ b/crypto/ocf/cryptosoft.c +@@ -47,7 +47,7 @@ + #include <linux/mm.h> + #include <linux/skbuff.h> + #include <linux/random.h> +-#include <asm/scatterlist.h> ++#include <linux/scatterlist.h> + + #include <cryptodev.h> + #include <uio.h> |