Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/* SCTP kernel implementation
3 * Copyright (c) 1999-2000 Cisco, Inc.
4 * Copyright (c) 1999-2001 Motorola, Inc.
5 * Copyright (c) 2002 International Business Machines, Corp.
6 *
7 * This file is part of the SCTP kernel implementation
8 *
9 * These functions are the methods for accessing the SCTP inqueue.
10 *
11 * An SCTP inqueue is a queue into which you push SCTP packets
12 * (which might be bundles or fragments of chunks) and out of which you
13 * pop SCTP whole chunks.
14 *
15 * Please send any bug reports or fixes you make to the
16 * email address(es):
17 * lksctp developers <linux-sctp@vger.kernel.org>
18 *
19 * Written or modified by:
20 * La Monte H.P. Yarroll <piggy@acm.org>
21 * Karl Knutson <karl@athena.chicago.il.us>
22 */
23
24#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
25
26#include <net/sctp/sctp.h>
27#include <net/sctp/sm.h>
28#include <linux/interrupt.h>
29#include <linux/slab.h>
30
31/* Initialize an SCTP inqueue. */
32void sctp_inq_init(struct sctp_inq *queue)
33{
34 INIT_LIST_HEAD(&queue->in_chunk_list);
35 queue->in_progress = NULL;
36
37 /* Create a task for delivering data. */
38 INIT_WORK(&queue->immediate, NULL);
39}
40
41/* Properly release the chunk which is being worked on. */
42static inline void sctp_inq_chunk_free(struct sctp_chunk *chunk)
43{
44 if (chunk->head_skb)
45 chunk->skb = chunk->head_skb;
46 sctp_chunk_free(chunk);
47}
48
49/* Release the memory associated with an SCTP inqueue. */
50void sctp_inq_free(struct sctp_inq *queue)
51{
52 struct sctp_chunk *chunk, *tmp;
53
54 /* Empty the queue. */
55 list_for_each_entry_safe(chunk, tmp, &queue->in_chunk_list, list) {
56 list_del_init(&chunk->list);
57 sctp_chunk_free(chunk);
58 }
59
60 /* If there is a packet which is currently being worked on,
61 * free it as well.
62 */
63 if (queue->in_progress) {
64 sctp_inq_chunk_free(queue->in_progress);
65 queue->in_progress = NULL;
66 }
67}
68
69/* Put a new packet in an SCTP inqueue.
70 * We assume that packet->sctp_hdr is set and in host byte order.
71 */
72void sctp_inq_push(struct sctp_inq *q, struct sctp_chunk *chunk)
73{
74 /* Directly call the packet handling routine. */
75 if (chunk->rcvr->dead) {
76 sctp_chunk_free(chunk);
77 return;
78 }
79
80 /* We are now calling this either from the soft interrupt
81 * or from the backlog processing.
82 * Eventually, we should clean up inqueue to not rely
83 * on the BH related data structures.
84 */
85 list_add_tail(&chunk->list, &q->in_chunk_list);
86 if (chunk->asoc)
87 chunk->asoc->stats.ipackets++;
88 q->immediate.func(&q->immediate);
89}
90
91/* Peek at the next chunk on the inqeue. */
92struct sctp_chunkhdr *sctp_inq_peek(struct sctp_inq *queue)
93{
94 struct sctp_chunk *chunk;
95 struct sctp_chunkhdr *ch = NULL;
96
97 chunk = queue->in_progress;
98 /* If there is no more chunks in this packet, say so */
99 if (chunk->singleton ||
100 chunk->end_of_packet ||
101 chunk->pdiscard)
102 return NULL;
103
104 ch = (struct sctp_chunkhdr *)chunk->chunk_end;
105
106 return ch;
107}
108
109
110/* Extract a chunk from an SCTP inqueue.
111 *
112 * WARNING: If you need to put the chunk on another queue, you need to
113 * make a shallow copy (clone) of it.
114 */
115struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue)
116{
117 struct sctp_chunk *chunk;
118 struct sctp_chunkhdr *ch = NULL;
119
120 /* The assumption is that we are safe to process the chunks
121 * at this time.
122 */
123
124 chunk = queue->in_progress;
125 if (chunk) {
126 /* There is a packet that we have been working on.
127 * Any post processing work to do before we move on?
128 */
129 if (chunk->singleton ||
130 chunk->end_of_packet ||
131 chunk->pdiscard) {
132 if (chunk->head_skb == chunk->skb) {
133 chunk->skb = skb_shinfo(chunk->skb)->frag_list;
134 goto new_skb;
135 }
136 if (chunk->skb->next) {
137 chunk->skb = chunk->skb->next;
138 goto new_skb;
139 }
140
141 sctp_inq_chunk_free(chunk);
142 chunk = queue->in_progress = NULL;
143 } else {
144 /* Nothing to do. Next chunk in the packet, please. */
145 ch = (struct sctp_chunkhdr *)chunk->chunk_end;
146 /* Force chunk->skb->data to chunk->chunk_end. */
147 skb_pull(chunk->skb, chunk->chunk_end - chunk->skb->data);
148 /* We are guaranteed to pull a SCTP header. */
149 }
150 }
151
152 /* Do we need to take the next packet out of the queue to process? */
153 if (!chunk) {
154 struct list_head *entry;
155
156next_chunk:
157 /* Is the queue empty? */
158 entry = sctp_list_dequeue(&queue->in_chunk_list);
159 if (!entry)
160 return NULL;
161
162 chunk = list_entry(entry, struct sctp_chunk, list);
163
164 if (skb_is_gso(chunk->skb) && skb_is_gso_sctp(chunk->skb)) {
165 /* GSO-marked skbs but without frags, handle
166 * them normally
167 */
168 if (skb_shinfo(chunk->skb)->frag_list)
169 chunk->head_skb = chunk->skb;
170
171 /* skbs with "cover letter" */
172 if (chunk->head_skb && chunk->skb->data_len == chunk->skb->len)
173 chunk->skb = skb_shinfo(chunk->skb)->frag_list;
174
175 if (WARN_ON(!chunk->skb)) {
176 __SCTP_INC_STATS(dev_net(chunk->skb->dev), SCTP_MIB_IN_PKT_DISCARDS);
177 sctp_chunk_free(chunk);
178 goto next_chunk;
179 }
180 }
181
182 if (chunk->asoc)
183 sock_rps_save_rxhash(chunk->asoc->base.sk, chunk->skb);
184
185 queue->in_progress = chunk;
186
187new_skb:
188 /* This is the first chunk in the packet. */
189 ch = (struct sctp_chunkhdr *)chunk->skb->data;
190 chunk->singleton = 1;
191 chunk->data_accepted = 0;
192 chunk->pdiscard = 0;
193 chunk->auth = 0;
194 chunk->has_asconf = 0;
195 chunk->end_of_packet = 0;
196 if (chunk->head_skb) {
197 struct sctp_input_cb
198 *cb = SCTP_INPUT_CB(chunk->skb),
199 *head_cb = SCTP_INPUT_CB(chunk->head_skb);
200
201 cb->chunk = head_cb->chunk;
202 cb->af = head_cb->af;
203 }
204 }
205
206 chunk->chunk_hdr = ch;
207 chunk->chunk_end = ((__u8 *)ch) + SCTP_PAD4(ntohs(ch->length));
208 skb_pull(chunk->skb, sizeof(*ch));
209 chunk->subh.v = NULL; /* Subheader is no longer valid. */
210
211 if (chunk->chunk_end + sizeof(*ch) <= skb_tail_pointer(chunk->skb)) {
212 /* This is not a singleton */
213 chunk->singleton = 0;
214 } else if (chunk->chunk_end > skb_tail_pointer(chunk->skb)) {
215 /* Discard inside state machine. */
216 chunk->pdiscard = 1;
217 chunk->chunk_end = skb_tail_pointer(chunk->skb);
218 } else {
219 /* We are at the end of the packet, so mark the chunk
220 * in case we need to send a SACK.
221 */
222 chunk->end_of_packet = 1;
223 }
224
225 pr_debug("+++sctp_inq_pop+++ chunk:%p[%s], length:%d, skb->len:%d\n",
226 chunk, sctp_cname(SCTP_ST_CHUNK(chunk->chunk_hdr->type)),
227 ntohs(chunk->chunk_hdr->length), chunk->skb->len);
228
229 return chunk;
230}
231
232/* Set a top-half handler.
233 *
234 * Originally, we the top-half handler was scheduled as a BH. We now
235 * call the handler directly in sctp_inq_push() at a time that
236 * we know we are lock safe.
237 * The intent is that this routine will pull stuff out of the
238 * inqueue and process it.
239 */
240void sctp_inq_set_th_handler(struct sctp_inq *q, work_func_t callback)
241{
242 INIT_WORK(&q->immediate, callback);
243}
1/* SCTP kernel implementation
2 * Copyright (c) 1999-2000 Cisco, Inc.
3 * Copyright (c) 1999-2001 Motorola, Inc.
4 * Copyright (c) 2002 International Business Machines, Corp.
5 *
6 * This file is part of the SCTP kernel implementation
7 *
8 * These functions are the methods for accessing the SCTP inqueue.
9 *
10 * An SCTP inqueue is a queue into which you push SCTP packets
11 * (which might be bundles or fragments of chunks) and out of which you
12 * pop SCTP whole chunks.
13 *
14 * This SCTP implementation is free software;
15 * you can redistribute it and/or modify it under the terms of
16 * the GNU General Public License as published by
17 * the Free Software Foundation; either version 2, or (at your option)
18 * any later version.
19 *
20 * This SCTP implementation is distributed in the hope that it
21 * will be useful, but WITHOUT ANY WARRANTY; without even the implied
22 * ************************
23 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
24 * See the GNU General Public License for more details.
25 *
26 * You should have received a copy of the GNU General Public License
27 * along with GNU CC; see the file COPYING. If not, write to
28 * the Free Software Foundation, 59 Temple Place - Suite 330,
29 * Boston, MA 02111-1307, USA.
30 *
31 * Please send any bug reports or fixes you make to the
32 * email address(es):
33 * lksctp developers <lksctp-developers@lists.sourceforge.net>
34 *
35 * Or submit a bug report through the following website:
36 * http://www.sf.net/projects/lksctp
37 *
38 * Written or modified by:
39 * La Monte H.P. Yarroll <piggy@acm.org>
40 * Karl Knutson <karl@athena.chicago.il.us>
41 *
42 * Any bugs reported given to us we will try to fix... any fixes shared will
43 * be incorporated into the next SCTP release.
44 */
45
46#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
47
48#include <net/sctp/sctp.h>
49#include <net/sctp/sm.h>
50#include <linux/interrupt.h>
51#include <linux/slab.h>
52
53/* Initialize an SCTP inqueue. */
54void sctp_inq_init(struct sctp_inq *queue)
55{
56 INIT_LIST_HEAD(&queue->in_chunk_list);
57 queue->in_progress = NULL;
58
59 /* Create a task for delivering data. */
60 INIT_WORK(&queue->immediate, NULL);
61
62 queue->malloced = 0;
63}
64
65/* Release the memory associated with an SCTP inqueue. */
66void sctp_inq_free(struct sctp_inq *queue)
67{
68 struct sctp_chunk *chunk, *tmp;
69
70 /* Empty the queue. */
71 list_for_each_entry_safe(chunk, tmp, &queue->in_chunk_list, list) {
72 list_del_init(&chunk->list);
73 sctp_chunk_free(chunk);
74 }
75
76 /* If there is a packet which is currently being worked on,
77 * free it as well.
78 */
79 if (queue->in_progress) {
80 sctp_chunk_free(queue->in_progress);
81 queue->in_progress = NULL;
82 }
83
84 if (queue->malloced) {
85 /* Dump the master memory segment. */
86 kfree(queue);
87 }
88}
89
90/* Put a new packet in an SCTP inqueue.
91 * We assume that packet->sctp_hdr is set and in host byte order.
92 */
93void sctp_inq_push(struct sctp_inq *q, struct sctp_chunk *chunk)
94{
95 /* Directly call the packet handling routine. */
96 if (chunk->rcvr->dead) {
97 sctp_chunk_free(chunk);
98 return;
99 }
100
101 /* We are now calling this either from the soft interrupt
102 * or from the backlog processing.
103 * Eventually, we should clean up inqueue to not rely
104 * on the BH related data structures.
105 */
106 list_add_tail(&chunk->list, &q->in_chunk_list);
107 q->immediate.func(&q->immediate);
108}
109
110/* Peek at the next chunk on the inqeue. */
111struct sctp_chunkhdr *sctp_inq_peek(struct sctp_inq *queue)
112{
113 struct sctp_chunk *chunk;
114 sctp_chunkhdr_t *ch = NULL;
115
116 chunk = queue->in_progress;
117 /* If there is no more chunks in this packet, say so */
118 if (chunk->singleton ||
119 chunk->end_of_packet ||
120 chunk->pdiscard)
121 return NULL;
122
123 ch = (sctp_chunkhdr_t *)chunk->chunk_end;
124
125 return ch;
126}
127
128
129/* Extract a chunk from an SCTP inqueue.
130 *
131 * WARNING: If you need to put the chunk on another queue, you need to
132 * make a shallow copy (clone) of it.
133 */
134struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue)
135{
136 struct sctp_chunk *chunk;
137 sctp_chunkhdr_t *ch = NULL;
138
139 /* The assumption is that we are safe to process the chunks
140 * at this time.
141 */
142
143 if ((chunk = queue->in_progress)) {
144 /* There is a packet that we have been working on.
145 * Any post processing work to do before we move on?
146 */
147 if (chunk->singleton ||
148 chunk->end_of_packet ||
149 chunk->pdiscard) {
150 sctp_chunk_free(chunk);
151 chunk = queue->in_progress = NULL;
152 } else {
153 /* Nothing to do. Next chunk in the packet, please. */
154 ch = (sctp_chunkhdr_t *) chunk->chunk_end;
155
156 /* Force chunk->skb->data to chunk->chunk_end. */
157 skb_pull(chunk->skb,
158 chunk->chunk_end - chunk->skb->data);
159
160 /* Verify that we have at least chunk headers
161 * worth of buffer left.
162 */
163 if (skb_headlen(chunk->skb) < sizeof(sctp_chunkhdr_t)) {
164 sctp_chunk_free(chunk);
165 chunk = queue->in_progress = NULL;
166 }
167 }
168 }
169
170 /* Do we need to take the next packet out of the queue to process? */
171 if (!chunk) {
172 struct list_head *entry;
173
174 /* Is the queue empty? */
175 if (list_empty(&queue->in_chunk_list))
176 return NULL;
177
178 entry = queue->in_chunk_list.next;
179 chunk = queue->in_progress =
180 list_entry(entry, struct sctp_chunk, list);
181 list_del_init(entry);
182
183 /* This is the first chunk in the packet. */
184 chunk->singleton = 1;
185 ch = (sctp_chunkhdr_t *) chunk->skb->data;
186 chunk->data_accepted = 0;
187 }
188
189 chunk->chunk_hdr = ch;
190 chunk->chunk_end = ((__u8 *)ch) + WORD_ROUND(ntohs(ch->length));
191 /* In the unlikely case of an IP reassembly, the skb could be
192 * non-linear. If so, update chunk_end so that it doesn't go past
193 * the skb->tail.
194 */
195 if (unlikely(skb_is_nonlinear(chunk->skb))) {
196 if (chunk->chunk_end > skb_tail_pointer(chunk->skb))
197 chunk->chunk_end = skb_tail_pointer(chunk->skb);
198 }
199 skb_pull(chunk->skb, sizeof(sctp_chunkhdr_t));
200 chunk->subh.v = NULL; /* Subheader is no longer valid. */
201
202 if (chunk->chunk_end < skb_tail_pointer(chunk->skb)) {
203 /* This is not a singleton */
204 chunk->singleton = 0;
205 } else if (chunk->chunk_end > skb_tail_pointer(chunk->skb)) {
206 /* RFC 2960, Section 6.10 Bundling
207 *
208 * Partial chunks MUST NOT be placed in an SCTP packet.
209 * If the receiver detects a partial chunk, it MUST drop
210 * the chunk.
211 *
212 * Since the end of the chunk is past the end of our buffer
213 * (which contains the whole packet, we can freely discard
214 * the whole packet.
215 */
216 sctp_chunk_free(chunk);
217 chunk = queue->in_progress = NULL;
218
219 return NULL;
220 } else {
221 /* We are at the end of the packet, so mark the chunk
222 * in case we need to send a SACK.
223 */
224 chunk->end_of_packet = 1;
225 }
226
227 SCTP_DEBUG_PRINTK("+++sctp_inq_pop+++ chunk %p[%s],"
228 " length %d, skb->len %d\n",chunk,
229 sctp_cname(SCTP_ST_CHUNK(chunk->chunk_hdr->type)),
230 ntohs(chunk->chunk_hdr->length), chunk->skb->len);
231 return chunk;
232}
233
234/* Set a top-half handler.
235 *
236 * Originally, we the top-half handler was scheduled as a BH. We now
237 * call the handler directly in sctp_inq_push() at a time that
238 * we know we are lock safe.
239 * The intent is that this routine will pull stuff out of the
240 * inqueue and process it.
241 */
242void sctp_inq_set_th_handler(struct sctp_inq *q, work_func_t callback)
243{
244 INIT_WORK(&q->immediate, callback);
245}
246