Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Management Component Transport Protocol (MCTP) - routing
4 * implementation.
5 *
6 * This is currently based on a simple routing table, with no dst cache. The
7 * number of routes should stay fairly small, so the lookup cost is small.
8 *
9 * Copyright (c) 2021 Code Construct
10 * Copyright (c) 2021 Google
11 */
12
13#include <linux/idr.h>
14#include <linux/kconfig.h>
15#include <linux/mctp.h>
16#include <linux/netdevice.h>
17#include <linux/rtnetlink.h>
18#include <linux/skbuff.h>
19
20#include <uapi/linux/if_arp.h>
21
22#include <net/mctp.h>
23#include <net/mctpdevice.h>
24#include <net/netlink.h>
25#include <net/sock.h>
26
27#include <trace/events/mctp.h>
28
29static const unsigned int mctp_message_maxlen = 64 * 1024;
30static const unsigned long mctp_key_lifetime = 6 * CONFIG_HZ;
31
32static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev);
33
34/* route output callbacks */
35static int mctp_route_discard(struct mctp_route *route, struct sk_buff *skb)
36{
37 kfree_skb(skb);
38 return 0;
39}
40
41static struct mctp_sock *mctp_lookup_bind(struct net *net, struct sk_buff *skb)
42{
43 struct mctp_skb_cb *cb = mctp_cb(skb);
44 struct mctp_hdr *mh;
45 struct sock *sk;
46 u8 type;
47
48 WARN_ON(!rcu_read_lock_held());
49
50 /* TODO: look up in skb->cb? */
51 mh = mctp_hdr(skb);
52
53 if (!skb_headlen(skb))
54 return NULL;
55
56 type = (*(u8 *)skb->data) & 0x7f;
57
58 sk_for_each_rcu(sk, &net->mctp.binds) {
59 struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk);
60
61 if (msk->bind_net != MCTP_NET_ANY && msk->bind_net != cb->net)
62 continue;
63
64 if (msk->bind_type != type)
65 continue;
66
67 if (!mctp_address_matches(msk->bind_addr, mh->dest))
68 continue;
69
70 return msk;
71 }
72
73 return NULL;
74}
75
76static bool mctp_key_match(struct mctp_sk_key *key, mctp_eid_t local,
77 mctp_eid_t peer, u8 tag)
78{
79 if (!mctp_address_matches(key->local_addr, local))
80 return false;
81
82 if (key->peer_addr != peer)
83 return false;
84
85 if (key->tag != tag)
86 return false;
87
88 return true;
89}
90
91/* returns a key (with key->lock held, and refcounted), or NULL if no such
92 * key exists.
93 */
94static struct mctp_sk_key *mctp_lookup_key(struct net *net, struct sk_buff *skb,
95 mctp_eid_t peer,
96 unsigned long *irqflags)
97 __acquires(&key->lock)
98{
99 struct mctp_sk_key *key, *ret;
100 unsigned long flags;
101 struct mctp_hdr *mh;
102 u8 tag;
103
104 mh = mctp_hdr(skb);
105 tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
106
107 ret = NULL;
108 spin_lock_irqsave(&net->mctp.keys_lock, flags);
109
110 hlist_for_each_entry(key, &net->mctp.keys, hlist) {
111 if (!mctp_key_match(key, mh->dest, peer, tag))
112 continue;
113
114 spin_lock(&key->lock);
115 if (key->valid) {
116 refcount_inc(&key->refs);
117 ret = key;
118 break;
119 }
120 spin_unlock(&key->lock);
121 }
122
123 if (ret) {
124 spin_unlock(&net->mctp.keys_lock);
125 *irqflags = flags;
126 } else {
127 spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
128 }
129
130 return ret;
131}
132
133static struct mctp_sk_key *mctp_key_alloc(struct mctp_sock *msk,
134 mctp_eid_t local, mctp_eid_t peer,
135 u8 tag, gfp_t gfp)
136{
137 struct mctp_sk_key *key;
138
139 key = kzalloc(sizeof(*key), gfp);
140 if (!key)
141 return NULL;
142
143 key->peer_addr = peer;
144 key->local_addr = local;
145 key->tag = tag;
146 key->sk = &msk->sk;
147 key->valid = true;
148 spin_lock_init(&key->lock);
149 refcount_set(&key->refs, 1);
150 sock_hold(key->sk);
151
152 return key;
153}
154
155void mctp_key_unref(struct mctp_sk_key *key)
156{
157 unsigned long flags;
158
159 if (!refcount_dec_and_test(&key->refs))
160 return;
161
162 /* even though no refs exist here, the lock allows us to stay
163 * consistent with the locking requirement of mctp_dev_release_key
164 */
165 spin_lock_irqsave(&key->lock, flags);
166 mctp_dev_release_key(key->dev, key);
167 spin_unlock_irqrestore(&key->lock, flags);
168
169 sock_put(key->sk);
170 kfree(key);
171}
172
173static int mctp_key_add(struct mctp_sk_key *key, struct mctp_sock *msk)
174{
175 struct net *net = sock_net(&msk->sk);
176 struct mctp_sk_key *tmp;
177 unsigned long flags;
178 int rc = 0;
179
180 spin_lock_irqsave(&net->mctp.keys_lock, flags);
181
182 if (sock_flag(&msk->sk, SOCK_DEAD)) {
183 rc = -EINVAL;
184 goto out_unlock;
185 }
186
187 hlist_for_each_entry(tmp, &net->mctp.keys, hlist) {
188 if (mctp_key_match(tmp, key->local_addr, key->peer_addr,
189 key->tag)) {
190 spin_lock(&tmp->lock);
191 if (tmp->valid)
192 rc = -EEXIST;
193 spin_unlock(&tmp->lock);
194 if (rc)
195 break;
196 }
197 }
198
199 if (!rc) {
200 refcount_inc(&key->refs);
201 key->expiry = jiffies + mctp_key_lifetime;
202 timer_reduce(&msk->key_expiry, key->expiry);
203
204 hlist_add_head(&key->hlist, &net->mctp.keys);
205 hlist_add_head(&key->sklist, &msk->keys);
206 }
207
208out_unlock:
209 spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
210
211 return rc;
212}
213
214/* Helper for mctp_route_input().
215 * We're done with the key; unlock and unref the key.
216 * For the usual case of automatic expiry we remove the key from lists.
217 * In the case that manual allocation is set on a key we release the lock
218 * and local ref, reset reassembly, but don't remove from lists.
219 */
220static void __mctp_key_done_in(struct mctp_sk_key *key, struct net *net,
221 unsigned long flags, unsigned long reason)
222__releases(&key->lock)
223{
224 struct sk_buff *skb;
225
226 trace_mctp_key_release(key, reason);
227 skb = key->reasm_head;
228 key->reasm_head = NULL;
229
230 if (!key->manual_alloc) {
231 key->reasm_dead = true;
232 key->valid = false;
233 mctp_dev_release_key(key->dev, key);
234 }
235 spin_unlock_irqrestore(&key->lock, flags);
236
237 if (!key->manual_alloc) {
238 spin_lock_irqsave(&net->mctp.keys_lock, flags);
239 if (!hlist_unhashed(&key->hlist)) {
240 hlist_del_init(&key->hlist);
241 hlist_del_init(&key->sklist);
242 mctp_key_unref(key);
243 }
244 spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
245 }
246
247 /* and one for the local reference */
248 mctp_key_unref(key);
249
250 kfree_skb(skb);
251}
252
253#ifdef CONFIG_MCTP_FLOWS
254static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key)
255{
256 struct mctp_flow *flow;
257
258 flow = skb_ext_add(skb, SKB_EXT_MCTP);
259 if (!flow)
260 return;
261
262 refcount_inc(&key->refs);
263 flow->key = key;
264}
265
266static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev)
267{
268 struct mctp_sk_key *key;
269 struct mctp_flow *flow;
270
271 flow = skb_ext_find(skb, SKB_EXT_MCTP);
272 if (!flow)
273 return;
274
275 key = flow->key;
276
277 if (WARN_ON(key->dev && key->dev != dev))
278 return;
279
280 mctp_dev_set_key(dev, key);
281}
282#else
283static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key) {}
284static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev) {}
285#endif
286
287static int mctp_frag_queue(struct mctp_sk_key *key, struct sk_buff *skb)
288{
289 struct mctp_hdr *hdr = mctp_hdr(skb);
290 u8 exp_seq, this_seq;
291
292 this_seq = (hdr->flags_seq_tag >> MCTP_HDR_SEQ_SHIFT)
293 & MCTP_HDR_SEQ_MASK;
294
295 if (!key->reasm_head) {
296 key->reasm_head = skb;
297 key->reasm_tailp = &(skb_shinfo(skb)->frag_list);
298 key->last_seq = this_seq;
299 return 0;
300 }
301
302 exp_seq = (key->last_seq + 1) & MCTP_HDR_SEQ_MASK;
303
304 if (this_seq != exp_seq)
305 return -EINVAL;
306
307 if (key->reasm_head->len + skb->len > mctp_message_maxlen)
308 return -EINVAL;
309
310 skb->next = NULL;
311 skb->sk = NULL;
312 *key->reasm_tailp = skb;
313 key->reasm_tailp = &skb->next;
314
315 key->last_seq = this_seq;
316
317 key->reasm_head->data_len += skb->len;
318 key->reasm_head->len += skb->len;
319 key->reasm_head->truesize += skb->truesize;
320
321 return 0;
322}
323
324static int mctp_route_input(struct mctp_route *route, struct sk_buff *skb)
325{
326 struct mctp_sk_key *key, *any_key = NULL;
327 struct net *net = dev_net(skb->dev);
328 struct mctp_sock *msk;
329 struct mctp_hdr *mh;
330 unsigned long f;
331 u8 tag, flags;
332 int rc;
333
334 msk = NULL;
335 rc = -EINVAL;
336
337 /* we may be receiving a locally-routed packet; drop source sk
338 * accounting
339 */
340 skb_orphan(skb);
341
342 /* ensure we have enough data for a header and a type */
343 if (skb->len < sizeof(struct mctp_hdr) + 1)
344 goto out;
345
346 /* grab header, advance data ptr */
347 mh = mctp_hdr(skb);
348 skb_pull(skb, sizeof(struct mctp_hdr));
349
350 if (mh->ver != 1)
351 goto out;
352
353 flags = mh->flags_seq_tag & (MCTP_HDR_FLAG_SOM | MCTP_HDR_FLAG_EOM);
354 tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
355
356 rcu_read_lock();
357
358 /* lookup socket / reasm context, exactly matching (src,dest,tag).
359 * we hold a ref on the key, and key->lock held.
360 */
361 key = mctp_lookup_key(net, skb, mh->src, &f);
362
363 if (flags & MCTP_HDR_FLAG_SOM) {
364 if (key) {
365 msk = container_of(key->sk, struct mctp_sock, sk);
366 } else {
367 /* first response to a broadcast? do a more general
368 * key lookup to find the socket, but don't use this
369 * key for reassembly - we'll create a more specific
370 * one for future packets if required (ie, !EOM).
371 */
372 any_key = mctp_lookup_key(net, skb, MCTP_ADDR_ANY, &f);
373 if (any_key) {
374 msk = container_of(any_key->sk,
375 struct mctp_sock, sk);
376 spin_unlock_irqrestore(&any_key->lock, f);
377 }
378 }
379
380 if (!key && !msk && (tag & MCTP_HDR_FLAG_TO))
381 msk = mctp_lookup_bind(net, skb);
382
383 if (!msk) {
384 rc = -ENOENT;
385 goto out_unlock;
386 }
387
388 /* single-packet message? deliver to socket, clean up any
389 * pending key.
390 */
391 if (flags & MCTP_HDR_FLAG_EOM) {
392 sock_queue_rcv_skb(&msk->sk, skb);
393 if (key) {
394 /* we've hit a pending reassembly; not much we
395 * can do but drop it
396 */
397 __mctp_key_done_in(key, net, f,
398 MCTP_TRACE_KEY_REPLIED);
399 key = NULL;
400 }
401 rc = 0;
402 goto out_unlock;
403 }
404
405 /* broadcast response or a bind() - create a key for further
406 * packets for this message
407 */
408 if (!key) {
409 key = mctp_key_alloc(msk, mh->dest, mh->src,
410 tag, GFP_ATOMIC);
411 if (!key) {
412 rc = -ENOMEM;
413 goto out_unlock;
414 }
415
416 /* we can queue without the key lock here, as the
417 * key isn't observable yet
418 */
419 mctp_frag_queue(key, skb);
420
421 /* if the key_add fails, we've raced with another
422 * SOM packet with the same src, dest and tag. There's
423 * no way to distinguish future packets, so all we
424 * can do is drop; we'll free the skb on exit from
425 * this function.
426 */
427 rc = mctp_key_add(key, msk);
428 if (!rc)
429 trace_mctp_key_acquire(key);
430
431 /* we don't need to release key->lock on exit, so
432 * clean up here and suppress the unlock via
433 * setting to NULL
434 */
435 mctp_key_unref(key);
436 key = NULL;
437
438 } else {
439 if (key->reasm_head || key->reasm_dead) {
440 /* duplicate start? drop everything */
441 __mctp_key_done_in(key, net, f,
442 MCTP_TRACE_KEY_INVALIDATED);
443 rc = -EEXIST;
444 key = NULL;
445 } else {
446 rc = mctp_frag_queue(key, skb);
447 }
448 }
449
450 } else if (key) {
451 /* this packet continues a previous message; reassemble
452 * using the message-specific key
453 */
454
455 /* we need to be continuing an existing reassembly... */
456 if (!key->reasm_head)
457 rc = -EINVAL;
458 else
459 rc = mctp_frag_queue(key, skb);
460
461 /* end of message? deliver to socket, and we're done with
462 * the reassembly/response key
463 */
464 if (!rc && flags & MCTP_HDR_FLAG_EOM) {
465 sock_queue_rcv_skb(key->sk, key->reasm_head);
466 key->reasm_head = NULL;
467 __mctp_key_done_in(key, net, f, MCTP_TRACE_KEY_REPLIED);
468 key = NULL;
469 }
470
471 } else {
472 /* not a start, no matching key */
473 rc = -ENOENT;
474 }
475
476out_unlock:
477 rcu_read_unlock();
478 if (key) {
479 spin_unlock_irqrestore(&key->lock, f);
480 mctp_key_unref(key);
481 }
482 if (any_key)
483 mctp_key_unref(any_key);
484out:
485 if (rc)
486 kfree_skb(skb);
487 return rc;
488}
489
490static unsigned int mctp_route_mtu(struct mctp_route *rt)
491{
492 return rt->mtu ?: READ_ONCE(rt->dev->dev->mtu);
493}
494
495static int mctp_route_output(struct mctp_route *route, struct sk_buff *skb)
496{
497 struct mctp_skb_cb *cb = mctp_cb(skb);
498 struct mctp_hdr *hdr = mctp_hdr(skb);
499 char daddr_buf[MAX_ADDR_LEN];
500 char *daddr = NULL;
501 unsigned int mtu;
502 int rc;
503
504 skb->protocol = htons(ETH_P_MCTP);
505
506 mtu = READ_ONCE(skb->dev->mtu);
507 if (skb->len > mtu) {
508 kfree_skb(skb);
509 return -EMSGSIZE;
510 }
511
512 if (cb->ifindex) {
513 /* direct route; use the hwaddr we stashed in sendmsg */
514 if (cb->halen != skb->dev->addr_len) {
515 /* sanity check, sendmsg should have already caught this */
516 kfree_skb(skb);
517 return -EMSGSIZE;
518 }
519 daddr = cb->haddr;
520 } else {
521 /* If lookup fails let the device handle daddr==NULL */
522 if (mctp_neigh_lookup(route->dev, hdr->dest, daddr_buf) == 0)
523 daddr = daddr_buf;
524 }
525
526 rc = dev_hard_header(skb, skb->dev, ntohs(skb->protocol),
527 daddr, skb->dev->dev_addr, skb->len);
528 if (rc < 0) {
529 kfree_skb(skb);
530 return -EHOSTUNREACH;
531 }
532
533 mctp_flow_prepare_output(skb, route->dev);
534
535 rc = dev_queue_xmit(skb);
536 if (rc)
537 rc = net_xmit_errno(rc);
538
539 return rc;
540}
541
542/* route alloc/release */
543static void mctp_route_release(struct mctp_route *rt)
544{
545 if (refcount_dec_and_test(&rt->refs)) {
546 mctp_dev_put(rt->dev);
547 kfree_rcu(rt, rcu);
548 }
549}
550
551/* returns a route with the refcount at 1 */
552static struct mctp_route *mctp_route_alloc(void)
553{
554 struct mctp_route *rt;
555
556 rt = kzalloc(sizeof(*rt), GFP_KERNEL);
557 if (!rt)
558 return NULL;
559
560 INIT_LIST_HEAD(&rt->list);
561 refcount_set(&rt->refs, 1);
562 rt->output = mctp_route_discard;
563
564 return rt;
565}
566
567unsigned int mctp_default_net(struct net *net)
568{
569 return READ_ONCE(net->mctp.default_net);
570}
571
572int mctp_default_net_set(struct net *net, unsigned int index)
573{
574 if (index == 0)
575 return -EINVAL;
576 WRITE_ONCE(net->mctp.default_net, index);
577 return 0;
578}
579
580/* tag management */
581static void mctp_reserve_tag(struct net *net, struct mctp_sk_key *key,
582 struct mctp_sock *msk)
583{
584 struct netns_mctp *mns = &net->mctp;
585
586 lockdep_assert_held(&mns->keys_lock);
587
588 key->expiry = jiffies + mctp_key_lifetime;
589 timer_reduce(&msk->key_expiry, key->expiry);
590
591 /* we hold the net->key_lock here, allowing updates to both
592 * then net and sk
593 */
594 hlist_add_head_rcu(&key->hlist, &mns->keys);
595 hlist_add_head_rcu(&key->sklist, &msk->keys);
596 refcount_inc(&key->refs);
597}
598
599/* Allocate a locally-owned tag value for (saddr, daddr), and reserve
600 * it for the socket msk
601 */
602struct mctp_sk_key *mctp_alloc_local_tag(struct mctp_sock *msk,
603 mctp_eid_t daddr, mctp_eid_t saddr,
604 bool manual, u8 *tagp)
605{
606 struct net *net = sock_net(&msk->sk);
607 struct netns_mctp *mns = &net->mctp;
608 struct mctp_sk_key *key, *tmp;
609 unsigned long flags;
610 u8 tagbits;
611
612 /* for NULL destination EIDs, we may get a response from any peer */
613 if (daddr == MCTP_ADDR_NULL)
614 daddr = MCTP_ADDR_ANY;
615
616 /* be optimistic, alloc now */
617 key = mctp_key_alloc(msk, saddr, daddr, 0, GFP_KERNEL);
618 if (!key)
619 return ERR_PTR(-ENOMEM);
620
621 /* 8 possible tag values */
622 tagbits = 0xff;
623
624 spin_lock_irqsave(&mns->keys_lock, flags);
625
626 /* Walk through the existing keys, looking for potential conflicting
627 * tags. If we find a conflict, clear that bit from tagbits
628 */
629 hlist_for_each_entry(tmp, &mns->keys, hlist) {
630 /* We can check the lookup fields (*_addr, tag) without the
631 * lock held, they don't change over the lifetime of the key.
632 */
633
634 /* if we don't own the tag, it can't conflict */
635 if (tmp->tag & MCTP_HDR_FLAG_TO)
636 continue;
637
638 if (!(mctp_address_matches(tmp->peer_addr, daddr) &&
639 mctp_address_matches(tmp->local_addr, saddr)))
640 continue;
641
642 spin_lock(&tmp->lock);
643 /* key must still be valid. If we find a match, clear the
644 * potential tag value
645 */
646 if (tmp->valid)
647 tagbits &= ~(1 << tmp->tag);
648 spin_unlock(&tmp->lock);
649
650 if (!tagbits)
651 break;
652 }
653
654 if (tagbits) {
655 key->tag = __ffs(tagbits);
656 mctp_reserve_tag(net, key, msk);
657 trace_mctp_key_acquire(key);
658
659 key->manual_alloc = manual;
660 *tagp = key->tag;
661 }
662
663 spin_unlock_irqrestore(&mns->keys_lock, flags);
664
665 if (!tagbits) {
666 kfree(key);
667 return ERR_PTR(-EBUSY);
668 }
669
670 return key;
671}
672
673static struct mctp_sk_key *mctp_lookup_prealloc_tag(struct mctp_sock *msk,
674 mctp_eid_t daddr,
675 u8 req_tag, u8 *tagp)
676{
677 struct net *net = sock_net(&msk->sk);
678 struct netns_mctp *mns = &net->mctp;
679 struct mctp_sk_key *key, *tmp;
680 unsigned long flags;
681
682 req_tag &= ~(MCTP_TAG_PREALLOC | MCTP_TAG_OWNER);
683 key = NULL;
684
685 spin_lock_irqsave(&mns->keys_lock, flags);
686
687 hlist_for_each_entry(tmp, &mns->keys, hlist) {
688 if (tmp->tag != req_tag)
689 continue;
690
691 if (!mctp_address_matches(tmp->peer_addr, daddr))
692 continue;
693
694 if (!tmp->manual_alloc)
695 continue;
696
697 spin_lock(&tmp->lock);
698 if (tmp->valid) {
699 key = tmp;
700 refcount_inc(&key->refs);
701 spin_unlock(&tmp->lock);
702 break;
703 }
704 spin_unlock(&tmp->lock);
705 }
706 spin_unlock_irqrestore(&mns->keys_lock, flags);
707
708 if (!key)
709 return ERR_PTR(-ENOENT);
710
711 if (tagp)
712 *tagp = key->tag;
713
714 return key;
715}
716
717/* routing lookups */
718static bool mctp_rt_match_eid(struct mctp_route *rt,
719 unsigned int net, mctp_eid_t eid)
720{
721 return READ_ONCE(rt->dev->net) == net &&
722 rt->min <= eid && rt->max >= eid;
723}
724
725/* compares match, used for duplicate prevention */
726static bool mctp_rt_compare_exact(struct mctp_route *rt1,
727 struct mctp_route *rt2)
728{
729 ASSERT_RTNL();
730 return rt1->dev->net == rt2->dev->net &&
731 rt1->min == rt2->min &&
732 rt1->max == rt2->max;
733}
734
735struct mctp_route *mctp_route_lookup(struct net *net, unsigned int dnet,
736 mctp_eid_t daddr)
737{
738 struct mctp_route *tmp, *rt = NULL;
739
740 list_for_each_entry_rcu(tmp, &net->mctp.routes, list) {
741 /* TODO: add metrics */
742 if (mctp_rt_match_eid(tmp, dnet, daddr)) {
743 if (refcount_inc_not_zero(&tmp->refs)) {
744 rt = tmp;
745 break;
746 }
747 }
748 }
749
750 return rt;
751}
752
753static struct mctp_route *mctp_route_lookup_null(struct net *net,
754 struct net_device *dev)
755{
756 struct mctp_route *rt;
757
758 list_for_each_entry_rcu(rt, &net->mctp.routes, list) {
759 if (rt->dev->dev == dev && rt->type == RTN_LOCAL &&
760 refcount_inc_not_zero(&rt->refs))
761 return rt;
762 }
763
764 return NULL;
765}
766
767static int mctp_do_fragment_route(struct mctp_route *rt, struct sk_buff *skb,
768 unsigned int mtu, u8 tag)
769{
770 const unsigned int hlen = sizeof(struct mctp_hdr);
771 struct mctp_hdr *hdr, *hdr2;
772 unsigned int pos, size, headroom;
773 struct sk_buff *skb2;
774 int rc;
775 u8 seq;
776
777 hdr = mctp_hdr(skb);
778 seq = 0;
779 rc = 0;
780
781 if (mtu < hlen + 1) {
782 kfree_skb(skb);
783 return -EMSGSIZE;
784 }
785
786 /* keep same headroom as the original skb */
787 headroom = skb_headroom(skb);
788
789 /* we've got the header */
790 skb_pull(skb, hlen);
791
792 for (pos = 0; pos < skb->len;) {
793 /* size of message payload */
794 size = min(mtu - hlen, skb->len - pos);
795
796 skb2 = alloc_skb(headroom + hlen + size, GFP_KERNEL);
797 if (!skb2) {
798 rc = -ENOMEM;
799 break;
800 }
801
802 /* generic skb copy */
803 skb2->protocol = skb->protocol;
804 skb2->priority = skb->priority;
805 skb2->dev = skb->dev;
806 memcpy(skb2->cb, skb->cb, sizeof(skb2->cb));
807
808 if (skb->sk)
809 skb_set_owner_w(skb2, skb->sk);
810
811 /* establish packet */
812 skb_reserve(skb2, headroom);
813 skb_reset_network_header(skb2);
814 skb_put(skb2, hlen + size);
815 skb2->transport_header = skb2->network_header + hlen;
816
817 /* copy header fields, calculate SOM/EOM flags & seq */
818 hdr2 = mctp_hdr(skb2);
819 hdr2->ver = hdr->ver;
820 hdr2->dest = hdr->dest;
821 hdr2->src = hdr->src;
822 hdr2->flags_seq_tag = tag &
823 (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
824
825 if (pos == 0)
826 hdr2->flags_seq_tag |= MCTP_HDR_FLAG_SOM;
827
828 if (pos + size == skb->len)
829 hdr2->flags_seq_tag |= MCTP_HDR_FLAG_EOM;
830
831 hdr2->flags_seq_tag |= seq << MCTP_HDR_SEQ_SHIFT;
832
833 /* copy message payload */
834 skb_copy_bits(skb, pos, skb_transport_header(skb2), size);
835
836 /* do route */
837 rc = rt->output(rt, skb2);
838 if (rc)
839 break;
840
841 seq = (seq + 1) & MCTP_HDR_SEQ_MASK;
842 pos += size;
843 }
844
845 consume_skb(skb);
846 return rc;
847}
848
849int mctp_local_output(struct sock *sk, struct mctp_route *rt,
850 struct sk_buff *skb, mctp_eid_t daddr, u8 req_tag)
851{
852 struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk);
853 struct mctp_skb_cb *cb = mctp_cb(skb);
854 struct mctp_route tmp_rt = {0};
855 struct mctp_sk_key *key;
856 struct mctp_hdr *hdr;
857 unsigned long flags;
858 unsigned int mtu;
859 mctp_eid_t saddr;
860 bool ext_rt;
861 int rc;
862 u8 tag;
863
864 rc = -ENODEV;
865
866 if (rt) {
867 ext_rt = false;
868 if (WARN_ON(!rt->dev))
869 goto out_release;
870
871 } else if (cb->ifindex) {
872 struct net_device *dev;
873
874 ext_rt = true;
875 rt = &tmp_rt;
876
877 rcu_read_lock();
878 dev = dev_get_by_index_rcu(sock_net(sk), cb->ifindex);
879 if (!dev) {
880 rcu_read_unlock();
881 return rc;
882 }
883 rt->dev = __mctp_dev_get(dev);
884 rcu_read_unlock();
885
886 if (!rt->dev)
887 goto out_release;
888
889 /* establish temporary route - we set up enough to keep
890 * mctp_route_output happy
891 */
892 rt->output = mctp_route_output;
893 rt->mtu = 0;
894
895 } else {
896 return -EINVAL;
897 }
898
899 spin_lock_irqsave(&rt->dev->addrs_lock, flags);
900 if (rt->dev->num_addrs == 0) {
901 rc = -EHOSTUNREACH;
902 } else {
903 /* use the outbound interface's first address as our source */
904 saddr = rt->dev->addrs[0];
905 rc = 0;
906 }
907 spin_unlock_irqrestore(&rt->dev->addrs_lock, flags);
908
909 if (rc)
910 goto out_release;
911
912 if (req_tag & MCTP_TAG_OWNER) {
913 if (req_tag & MCTP_TAG_PREALLOC)
914 key = mctp_lookup_prealloc_tag(msk, daddr,
915 req_tag, &tag);
916 else
917 key = mctp_alloc_local_tag(msk, daddr, saddr,
918 false, &tag);
919
920 if (IS_ERR(key)) {
921 rc = PTR_ERR(key);
922 goto out_release;
923 }
924 mctp_skb_set_flow(skb, key);
925 /* done with the key in this scope */
926 mctp_key_unref(key);
927 tag |= MCTP_HDR_FLAG_TO;
928 } else {
929 key = NULL;
930 tag = req_tag & MCTP_TAG_MASK;
931 }
932
933 skb->protocol = htons(ETH_P_MCTP);
934 skb->priority = 0;
935 skb_reset_transport_header(skb);
936 skb_push(skb, sizeof(struct mctp_hdr));
937 skb_reset_network_header(skb);
938 skb->dev = rt->dev->dev;
939
940 /* cb->net will have been set on initial ingress */
941 cb->src = saddr;
942
943 /* set up common header fields */
944 hdr = mctp_hdr(skb);
945 hdr->ver = 1;
946 hdr->dest = daddr;
947 hdr->src = saddr;
948
949 mtu = mctp_route_mtu(rt);
950
951 if (skb->len + sizeof(struct mctp_hdr) <= mtu) {
952 hdr->flags_seq_tag = MCTP_HDR_FLAG_SOM |
953 MCTP_HDR_FLAG_EOM | tag;
954 rc = rt->output(rt, skb);
955 } else {
956 rc = mctp_do_fragment_route(rt, skb, mtu, tag);
957 }
958
959out_release:
960 if (!ext_rt)
961 mctp_route_release(rt);
962
963 mctp_dev_put(tmp_rt.dev);
964
965 return rc;
966}
967
968/* route management */
969static int mctp_route_add(struct mctp_dev *mdev, mctp_eid_t daddr_start,
970 unsigned int daddr_extent, unsigned int mtu,
971 unsigned char type)
972{
973 int (*rtfn)(struct mctp_route *rt, struct sk_buff *skb);
974 struct net *net = dev_net(mdev->dev);
975 struct mctp_route *rt, *ert;
976
977 if (!mctp_address_unicast(daddr_start))
978 return -EINVAL;
979
980 if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255)
981 return -EINVAL;
982
983 switch (type) {
984 case RTN_LOCAL:
985 rtfn = mctp_route_input;
986 break;
987 case RTN_UNICAST:
988 rtfn = mctp_route_output;
989 break;
990 default:
991 return -EINVAL;
992 }
993
994 rt = mctp_route_alloc();
995 if (!rt)
996 return -ENOMEM;
997
998 rt->min = daddr_start;
999 rt->max = daddr_start + daddr_extent;
1000 rt->mtu = mtu;
1001 rt->dev = mdev;
1002 mctp_dev_hold(rt->dev);
1003 rt->type = type;
1004 rt->output = rtfn;
1005
1006 ASSERT_RTNL();
1007 /* Prevent duplicate identical routes. */
1008 list_for_each_entry(ert, &net->mctp.routes, list) {
1009 if (mctp_rt_compare_exact(rt, ert)) {
1010 mctp_route_release(rt);
1011 return -EEXIST;
1012 }
1013 }
1014
1015 list_add_rcu(&rt->list, &net->mctp.routes);
1016
1017 return 0;
1018}
1019
1020static int mctp_route_remove(struct mctp_dev *mdev, mctp_eid_t daddr_start,
1021 unsigned int daddr_extent, unsigned char type)
1022{
1023 struct net *net = dev_net(mdev->dev);
1024 struct mctp_route *rt, *tmp;
1025 mctp_eid_t daddr_end;
1026 bool dropped;
1027
1028 if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255)
1029 return -EINVAL;
1030
1031 daddr_end = daddr_start + daddr_extent;
1032 dropped = false;
1033
1034 ASSERT_RTNL();
1035
1036 list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) {
1037 if (rt->dev == mdev &&
1038 rt->min == daddr_start && rt->max == daddr_end &&
1039 rt->type == type) {
1040 list_del_rcu(&rt->list);
1041 /* TODO: immediate RTM_DELROUTE */
1042 mctp_route_release(rt);
1043 dropped = true;
1044 }
1045 }
1046
1047 return dropped ? 0 : -ENOENT;
1048}
1049
1050int mctp_route_add_local(struct mctp_dev *mdev, mctp_eid_t addr)
1051{
1052 return mctp_route_add(mdev, addr, 0, 0, RTN_LOCAL);
1053}
1054
1055int mctp_route_remove_local(struct mctp_dev *mdev, mctp_eid_t addr)
1056{
1057 return mctp_route_remove(mdev, addr, 0, RTN_LOCAL);
1058}
1059
1060/* removes all entries for a given device */
1061void mctp_route_remove_dev(struct mctp_dev *mdev)
1062{
1063 struct net *net = dev_net(mdev->dev);
1064 struct mctp_route *rt, *tmp;
1065
1066 ASSERT_RTNL();
1067 list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) {
1068 if (rt->dev == mdev) {
1069 list_del_rcu(&rt->list);
1070 /* TODO: immediate RTM_DELROUTE */
1071 mctp_route_release(rt);
1072 }
1073 }
1074}
1075
1076/* Incoming packet-handling */
1077
1078static int mctp_pkttype_receive(struct sk_buff *skb, struct net_device *dev,
1079 struct packet_type *pt,
1080 struct net_device *orig_dev)
1081{
1082 struct net *net = dev_net(dev);
1083 struct mctp_dev *mdev;
1084 struct mctp_skb_cb *cb;
1085 struct mctp_route *rt;
1086 struct mctp_hdr *mh;
1087
1088 rcu_read_lock();
1089 mdev = __mctp_dev_get(dev);
1090 rcu_read_unlock();
1091 if (!mdev) {
1092 /* basic non-data sanity checks */
1093 goto err_drop;
1094 }
1095
1096 if (!pskb_may_pull(skb, sizeof(struct mctp_hdr)))
1097 goto err_drop;
1098
1099 skb_reset_transport_header(skb);
1100 skb_reset_network_header(skb);
1101
1102 /* We have enough for a header; decode and route */
1103 mh = mctp_hdr(skb);
1104 if (mh->ver < MCTP_VER_MIN || mh->ver > MCTP_VER_MAX)
1105 goto err_drop;
1106
1107 /* source must be valid unicast or null; drop reserved ranges and
1108 * broadcast
1109 */
1110 if (!(mctp_address_unicast(mh->src) || mctp_address_null(mh->src)))
1111 goto err_drop;
1112
1113 /* dest address: as above, but allow broadcast */
1114 if (!(mctp_address_unicast(mh->dest) || mctp_address_null(mh->dest) ||
1115 mctp_address_broadcast(mh->dest)))
1116 goto err_drop;
1117
1118 /* MCTP drivers must populate halen/haddr */
1119 if (dev->type == ARPHRD_MCTP) {
1120 cb = mctp_cb(skb);
1121 } else {
1122 cb = __mctp_cb(skb);
1123 cb->halen = 0;
1124 }
1125 cb->net = READ_ONCE(mdev->net);
1126 cb->ifindex = dev->ifindex;
1127
1128 rt = mctp_route_lookup(net, cb->net, mh->dest);
1129
1130 /* NULL EID, but addressed to our physical address */
1131 if (!rt && mh->dest == MCTP_ADDR_NULL && skb->pkt_type == PACKET_HOST)
1132 rt = mctp_route_lookup_null(net, dev);
1133
1134 if (!rt)
1135 goto err_drop;
1136
1137 rt->output(rt, skb);
1138 mctp_route_release(rt);
1139 mctp_dev_put(mdev);
1140
1141 return NET_RX_SUCCESS;
1142
1143err_drop:
1144 kfree_skb(skb);
1145 mctp_dev_put(mdev);
1146 return NET_RX_DROP;
1147}
1148
1149static struct packet_type mctp_packet_type = {
1150 .type = cpu_to_be16(ETH_P_MCTP),
1151 .func = mctp_pkttype_receive,
1152};
1153
1154/* netlink interface */
1155
1156static const struct nla_policy rta_mctp_policy[RTA_MAX + 1] = {
1157 [RTA_DST] = { .type = NLA_U8 },
1158 [RTA_METRICS] = { .type = NLA_NESTED },
1159 [RTA_OIF] = { .type = NLA_U32 },
1160};
1161
1162/* Common part for RTM_NEWROUTE and RTM_DELROUTE parsing.
1163 * tb must hold RTA_MAX+1 elements.
1164 */
1165static int mctp_route_nlparse(struct sk_buff *skb, struct nlmsghdr *nlh,
1166 struct netlink_ext_ack *extack,
1167 struct nlattr **tb, struct rtmsg **rtm,
1168 struct mctp_dev **mdev, mctp_eid_t *daddr_start)
1169{
1170 struct net *net = sock_net(skb->sk);
1171 struct net_device *dev;
1172 unsigned int ifindex;
1173 int rc;
1174
1175 rc = nlmsg_parse(nlh, sizeof(struct rtmsg), tb, RTA_MAX,
1176 rta_mctp_policy, extack);
1177 if (rc < 0) {
1178 NL_SET_ERR_MSG(extack, "incorrect format");
1179 return rc;
1180 }
1181
1182 if (!tb[RTA_DST]) {
1183 NL_SET_ERR_MSG(extack, "dst EID missing");
1184 return -EINVAL;
1185 }
1186 *daddr_start = nla_get_u8(tb[RTA_DST]);
1187
1188 if (!tb[RTA_OIF]) {
1189 NL_SET_ERR_MSG(extack, "ifindex missing");
1190 return -EINVAL;
1191 }
1192 ifindex = nla_get_u32(tb[RTA_OIF]);
1193
1194 *rtm = nlmsg_data(nlh);
1195 if ((*rtm)->rtm_family != AF_MCTP) {
1196 NL_SET_ERR_MSG(extack, "route family must be AF_MCTP");
1197 return -EINVAL;
1198 }
1199
1200 dev = __dev_get_by_index(net, ifindex);
1201 if (!dev) {
1202 NL_SET_ERR_MSG(extack, "bad ifindex");
1203 return -ENODEV;
1204 }
1205 *mdev = mctp_dev_get_rtnl(dev);
1206 if (!*mdev)
1207 return -ENODEV;
1208
1209 if (dev->flags & IFF_LOOPBACK) {
1210 NL_SET_ERR_MSG(extack, "no routes to loopback");
1211 return -EINVAL;
1212 }
1213
1214 return 0;
1215}
1216
1217static const struct nla_policy rta_metrics_policy[RTAX_MAX + 1] = {
1218 [RTAX_MTU] = { .type = NLA_U32 },
1219};
1220
1221static int mctp_newroute(struct sk_buff *skb, struct nlmsghdr *nlh,
1222 struct netlink_ext_ack *extack)
1223{
1224 struct nlattr *tb[RTA_MAX + 1];
1225 struct nlattr *tbx[RTAX_MAX + 1];
1226 mctp_eid_t daddr_start;
1227 struct mctp_dev *mdev;
1228 struct rtmsg *rtm;
1229 unsigned int mtu;
1230 int rc;
1231
1232 rc = mctp_route_nlparse(skb, nlh, extack, tb,
1233 &rtm, &mdev, &daddr_start);
1234 if (rc < 0)
1235 return rc;
1236
1237 if (rtm->rtm_type != RTN_UNICAST) {
1238 NL_SET_ERR_MSG(extack, "rtm_type must be RTN_UNICAST");
1239 return -EINVAL;
1240 }
1241
1242 mtu = 0;
1243 if (tb[RTA_METRICS]) {
1244 rc = nla_parse_nested(tbx, RTAX_MAX, tb[RTA_METRICS],
1245 rta_metrics_policy, NULL);
1246 if (rc < 0)
1247 return rc;
1248 if (tbx[RTAX_MTU])
1249 mtu = nla_get_u32(tbx[RTAX_MTU]);
1250 }
1251
1252 if (rtm->rtm_type != RTN_UNICAST)
1253 return -EINVAL;
1254
1255 rc = mctp_route_add(mdev, daddr_start, rtm->rtm_dst_len, mtu,
1256 rtm->rtm_type);
1257 return rc;
1258}
1259
1260static int mctp_delroute(struct sk_buff *skb, struct nlmsghdr *nlh,
1261 struct netlink_ext_ack *extack)
1262{
1263 struct nlattr *tb[RTA_MAX + 1];
1264 mctp_eid_t daddr_start;
1265 struct mctp_dev *mdev;
1266 struct rtmsg *rtm;
1267 int rc;
1268
1269 rc = mctp_route_nlparse(skb, nlh, extack, tb,
1270 &rtm, &mdev, &daddr_start);
1271 if (rc < 0)
1272 return rc;
1273
1274 /* we only have unicast routes */
1275 if (rtm->rtm_type != RTN_UNICAST)
1276 return -EINVAL;
1277
1278 rc = mctp_route_remove(mdev, daddr_start, rtm->rtm_dst_len, RTN_UNICAST);
1279 return rc;
1280}
1281
1282static int mctp_fill_rtinfo(struct sk_buff *skb, struct mctp_route *rt,
1283 u32 portid, u32 seq, int event, unsigned int flags)
1284{
1285 struct nlmsghdr *nlh;
1286 struct rtmsg *hdr;
1287 void *metrics;
1288
1289 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*hdr), flags);
1290 if (!nlh)
1291 return -EMSGSIZE;
1292
1293 hdr = nlmsg_data(nlh);
1294 hdr->rtm_family = AF_MCTP;
1295
1296 /* we use the _len fields as a number of EIDs, rather than
1297 * a number of bits in the address
1298 */
1299 hdr->rtm_dst_len = rt->max - rt->min;
1300 hdr->rtm_src_len = 0;
1301 hdr->rtm_tos = 0;
1302 hdr->rtm_table = RT_TABLE_DEFAULT;
1303 hdr->rtm_protocol = RTPROT_STATIC; /* everything is user-defined */
1304 hdr->rtm_scope = RT_SCOPE_LINK; /* TODO: scope in mctp_route? */
1305 hdr->rtm_type = rt->type;
1306
1307 if (nla_put_u8(skb, RTA_DST, rt->min))
1308 goto cancel;
1309
1310 metrics = nla_nest_start_noflag(skb, RTA_METRICS);
1311 if (!metrics)
1312 goto cancel;
1313
1314 if (rt->mtu) {
1315 if (nla_put_u32(skb, RTAX_MTU, rt->mtu))
1316 goto cancel;
1317 }
1318
1319 nla_nest_end(skb, metrics);
1320
1321 if (rt->dev) {
1322 if (nla_put_u32(skb, RTA_OIF, rt->dev->dev->ifindex))
1323 goto cancel;
1324 }
1325
1326 /* TODO: conditional neighbour physaddr? */
1327
1328 nlmsg_end(skb, nlh);
1329
1330 return 0;
1331
1332cancel:
1333 nlmsg_cancel(skb, nlh);
1334 return -EMSGSIZE;
1335}
1336
1337static int mctp_dump_rtinfo(struct sk_buff *skb, struct netlink_callback *cb)
1338{
1339 struct net *net = sock_net(skb->sk);
1340 struct mctp_route *rt;
1341 int s_idx, idx;
1342
1343 /* TODO: allow filtering on route data, possibly under
1344 * cb->strict_check
1345 */
1346
1347 /* TODO: change to struct overlay */
1348 s_idx = cb->args[0];
1349 idx = 0;
1350
1351 rcu_read_lock();
1352 list_for_each_entry_rcu(rt, &net->mctp.routes, list) {
1353 if (idx++ < s_idx)
1354 continue;
1355 if (mctp_fill_rtinfo(skb, rt,
1356 NETLINK_CB(cb->skb).portid,
1357 cb->nlh->nlmsg_seq,
1358 RTM_NEWROUTE, NLM_F_MULTI) < 0)
1359 break;
1360 }
1361
1362 rcu_read_unlock();
1363 cb->args[0] = idx;
1364
1365 return skb->len;
1366}
1367
1368/* net namespace implementation */
1369static int __net_init mctp_routes_net_init(struct net *net)
1370{
1371 struct netns_mctp *ns = &net->mctp;
1372
1373 INIT_LIST_HEAD(&ns->routes);
1374 INIT_HLIST_HEAD(&ns->binds);
1375 mutex_init(&ns->bind_lock);
1376 INIT_HLIST_HEAD(&ns->keys);
1377 spin_lock_init(&ns->keys_lock);
1378 WARN_ON(mctp_default_net_set(net, MCTP_INITIAL_DEFAULT_NET));
1379 return 0;
1380}
1381
1382static void __net_exit mctp_routes_net_exit(struct net *net)
1383{
1384 struct mctp_route *rt;
1385
1386 rcu_read_lock();
1387 list_for_each_entry_rcu(rt, &net->mctp.routes, list)
1388 mctp_route_release(rt);
1389 rcu_read_unlock();
1390}
1391
1392static struct pernet_operations mctp_net_ops = {
1393 .init = mctp_routes_net_init,
1394 .exit = mctp_routes_net_exit,
1395};
1396
1397int __init mctp_routes_init(void)
1398{
1399 dev_add_pack(&mctp_packet_type);
1400
1401 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_GETROUTE,
1402 NULL, mctp_dump_rtinfo, 0);
1403 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_NEWROUTE,
1404 mctp_newroute, NULL, 0);
1405 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_DELROUTE,
1406 mctp_delroute, NULL, 0);
1407
1408 return register_pernet_subsys(&mctp_net_ops);
1409}
1410
1411void mctp_routes_exit(void)
1412{
1413 unregister_pernet_subsys(&mctp_net_ops);
1414 rtnl_unregister(PF_MCTP, RTM_DELROUTE);
1415 rtnl_unregister(PF_MCTP, RTM_NEWROUTE);
1416 rtnl_unregister(PF_MCTP, RTM_GETROUTE);
1417 dev_remove_pack(&mctp_packet_type);
1418}
1419
1420#if IS_ENABLED(CONFIG_MCTP_TEST)
1421#include "test/route-test.c"
1422#endif
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Management Component Transport Protocol (MCTP) - routing
4 * implementation.
5 *
6 * This is currently based on a simple routing table, with no dst cache. The
7 * number of routes should stay fairly small, so the lookup cost is small.
8 *
9 * Copyright (c) 2021 Code Construct
10 * Copyright (c) 2021 Google
11 */
12
13#include <linux/idr.h>
14#include <linux/kconfig.h>
15#include <linux/mctp.h>
16#include <linux/netdevice.h>
17#include <linux/rtnetlink.h>
18#include <linux/skbuff.h>
19
20#include <uapi/linux/if_arp.h>
21
22#include <net/mctp.h>
23#include <net/mctpdevice.h>
24#include <net/netlink.h>
25#include <net/sock.h>
26
27#include <trace/events/mctp.h>
28
29static const unsigned int mctp_message_maxlen = 64 * 1024;
30static const unsigned long mctp_key_lifetime = 6 * CONFIG_HZ;
31
32static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev);
33
34/* route output callbacks */
35static int mctp_route_discard(struct mctp_route *route, struct sk_buff *skb)
36{
37 kfree_skb(skb);
38 return 0;
39}
40
41static struct mctp_sock *mctp_lookup_bind(struct net *net, struct sk_buff *skb)
42{
43 struct mctp_skb_cb *cb = mctp_cb(skb);
44 struct mctp_hdr *mh;
45 struct sock *sk;
46 u8 type;
47
48 WARN_ON(!rcu_read_lock_held());
49
50 /* TODO: look up in skb->cb? */
51 mh = mctp_hdr(skb);
52
53 if (!skb_headlen(skb))
54 return NULL;
55
56 type = (*(u8 *)skb->data) & 0x7f;
57
58 sk_for_each_rcu(sk, &net->mctp.binds) {
59 struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk);
60
61 if (msk->bind_net != MCTP_NET_ANY && msk->bind_net != cb->net)
62 continue;
63
64 if (msk->bind_type != type)
65 continue;
66
67 if (!mctp_address_matches(msk->bind_addr, mh->dest))
68 continue;
69
70 return msk;
71 }
72
73 return NULL;
74}
75
76/* A note on the key allocations.
77 *
78 * struct net->mctp.keys contains our set of currently-allocated keys for
79 * MCTP tag management. The lookup tuple for these is the peer EID,
80 * local EID and MCTP tag.
81 *
82 * In some cases, the peer EID may be MCTP_EID_ANY: for example, when a
83 * broadcast message is sent, we may receive responses from any peer EID.
84 * Because the broadcast dest address is equivalent to ANY, we create
85 * a key with (local = local-eid, peer = ANY). This allows a match on the
86 * incoming broadcast responses from any peer.
87 *
88 * We perform lookups when packets are received, and when tags are allocated
89 * in two scenarios:
90 *
91 * - when a packet is sent, with a locally-owned tag: we need to find an
92 * unused tag value for the (local, peer) EID pair.
93 *
94 * - when a tag is manually allocated: we need to find an unused tag value
95 * for the peer EID, but don't have a specific local EID at that stage.
96 *
97 * in the latter case, on successful allocation, we end up with a tag with
98 * (local = ANY, peer = peer-eid).
99 *
100 * So, the key set allows both a local EID of ANY, as well as a peer EID of
101 * ANY in the lookup tuple. Both may be ANY if we prealloc for a broadcast.
102 * The matching (in mctp_key_match()) during lookup allows the match value to
103 * be ANY in either the dest or source addresses.
104 *
105 * When allocating (+ inserting) a tag, we need to check for conflicts amongst
106 * the existing tag set. This requires macthing either exactly on the local
107 * and peer addresses, or either being ANY.
108 */
109
110static bool mctp_key_match(struct mctp_sk_key *key, unsigned int net,
111 mctp_eid_t local, mctp_eid_t peer, u8 tag)
112{
113 if (key->net != net)
114 return false;
115
116 if (!mctp_address_matches(key->local_addr, local))
117 return false;
118
119 if (!mctp_address_matches(key->peer_addr, peer))
120 return false;
121
122 if (key->tag != tag)
123 return false;
124
125 return true;
126}
127
128/* returns a key (with key->lock held, and refcounted), or NULL if no such
129 * key exists.
130 */
131static struct mctp_sk_key *mctp_lookup_key(struct net *net, struct sk_buff *skb,
132 unsigned int netid, mctp_eid_t peer,
133 unsigned long *irqflags)
134 __acquires(&key->lock)
135{
136 struct mctp_sk_key *key, *ret;
137 unsigned long flags;
138 struct mctp_hdr *mh;
139 u8 tag;
140
141 mh = mctp_hdr(skb);
142 tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
143
144 ret = NULL;
145 spin_lock_irqsave(&net->mctp.keys_lock, flags);
146
147 hlist_for_each_entry(key, &net->mctp.keys, hlist) {
148 if (!mctp_key_match(key, netid, mh->dest, peer, tag))
149 continue;
150
151 spin_lock(&key->lock);
152 if (key->valid) {
153 refcount_inc(&key->refs);
154 ret = key;
155 break;
156 }
157 spin_unlock(&key->lock);
158 }
159
160 if (ret) {
161 spin_unlock(&net->mctp.keys_lock);
162 *irqflags = flags;
163 } else {
164 spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
165 }
166
167 return ret;
168}
169
170static struct mctp_sk_key *mctp_key_alloc(struct mctp_sock *msk,
171 unsigned int net,
172 mctp_eid_t local, mctp_eid_t peer,
173 u8 tag, gfp_t gfp)
174{
175 struct mctp_sk_key *key;
176
177 key = kzalloc(sizeof(*key), gfp);
178 if (!key)
179 return NULL;
180
181 key->net = net;
182 key->peer_addr = peer;
183 key->local_addr = local;
184 key->tag = tag;
185 key->sk = &msk->sk;
186 key->valid = true;
187 spin_lock_init(&key->lock);
188 refcount_set(&key->refs, 1);
189 sock_hold(key->sk);
190
191 return key;
192}
193
194void mctp_key_unref(struct mctp_sk_key *key)
195{
196 unsigned long flags;
197
198 if (!refcount_dec_and_test(&key->refs))
199 return;
200
201 /* even though no refs exist here, the lock allows us to stay
202 * consistent with the locking requirement of mctp_dev_release_key
203 */
204 spin_lock_irqsave(&key->lock, flags);
205 mctp_dev_release_key(key->dev, key);
206 spin_unlock_irqrestore(&key->lock, flags);
207
208 sock_put(key->sk);
209 kfree(key);
210}
211
212static int mctp_key_add(struct mctp_sk_key *key, struct mctp_sock *msk)
213{
214 struct net *net = sock_net(&msk->sk);
215 struct mctp_sk_key *tmp;
216 unsigned long flags;
217 int rc = 0;
218
219 spin_lock_irqsave(&net->mctp.keys_lock, flags);
220
221 if (sock_flag(&msk->sk, SOCK_DEAD)) {
222 rc = -EINVAL;
223 goto out_unlock;
224 }
225
226 hlist_for_each_entry(tmp, &net->mctp.keys, hlist) {
227 if (mctp_key_match(tmp, key->net, key->local_addr,
228 key->peer_addr, key->tag)) {
229 spin_lock(&tmp->lock);
230 if (tmp->valid)
231 rc = -EEXIST;
232 spin_unlock(&tmp->lock);
233 if (rc)
234 break;
235 }
236 }
237
238 if (!rc) {
239 refcount_inc(&key->refs);
240 key->expiry = jiffies + mctp_key_lifetime;
241 timer_reduce(&msk->key_expiry, key->expiry);
242
243 hlist_add_head(&key->hlist, &net->mctp.keys);
244 hlist_add_head(&key->sklist, &msk->keys);
245 }
246
247out_unlock:
248 spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
249
250 return rc;
251}
252
253/* Helper for mctp_route_input().
254 * We're done with the key; unlock and unref the key.
255 * For the usual case of automatic expiry we remove the key from lists.
256 * In the case that manual allocation is set on a key we release the lock
257 * and local ref, reset reassembly, but don't remove from lists.
258 */
259static void __mctp_key_done_in(struct mctp_sk_key *key, struct net *net,
260 unsigned long flags, unsigned long reason)
261__releases(&key->lock)
262{
263 struct sk_buff *skb;
264
265 trace_mctp_key_release(key, reason);
266 skb = key->reasm_head;
267 key->reasm_head = NULL;
268
269 if (!key->manual_alloc) {
270 key->reasm_dead = true;
271 key->valid = false;
272 mctp_dev_release_key(key->dev, key);
273 }
274 spin_unlock_irqrestore(&key->lock, flags);
275
276 if (!key->manual_alloc) {
277 spin_lock_irqsave(&net->mctp.keys_lock, flags);
278 if (!hlist_unhashed(&key->hlist)) {
279 hlist_del_init(&key->hlist);
280 hlist_del_init(&key->sklist);
281 mctp_key_unref(key);
282 }
283 spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
284 }
285
286 /* and one for the local reference */
287 mctp_key_unref(key);
288
289 kfree_skb(skb);
290}
291
292#ifdef CONFIG_MCTP_FLOWS
293static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key)
294{
295 struct mctp_flow *flow;
296
297 flow = skb_ext_add(skb, SKB_EXT_MCTP);
298 if (!flow)
299 return;
300
301 refcount_inc(&key->refs);
302 flow->key = key;
303}
304
305static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev)
306{
307 struct mctp_sk_key *key;
308 struct mctp_flow *flow;
309
310 flow = skb_ext_find(skb, SKB_EXT_MCTP);
311 if (!flow)
312 return;
313
314 key = flow->key;
315
316 if (WARN_ON(key->dev && key->dev != dev))
317 return;
318
319 mctp_dev_set_key(dev, key);
320}
321#else
322static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key) {}
323static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev) {}
324#endif
325
326static int mctp_frag_queue(struct mctp_sk_key *key, struct sk_buff *skb)
327{
328 struct mctp_hdr *hdr = mctp_hdr(skb);
329 u8 exp_seq, this_seq;
330
331 this_seq = (hdr->flags_seq_tag >> MCTP_HDR_SEQ_SHIFT)
332 & MCTP_HDR_SEQ_MASK;
333
334 if (!key->reasm_head) {
335 key->reasm_head = skb;
336 key->reasm_tailp = &(skb_shinfo(skb)->frag_list);
337 key->last_seq = this_seq;
338 return 0;
339 }
340
341 exp_seq = (key->last_seq + 1) & MCTP_HDR_SEQ_MASK;
342
343 if (this_seq != exp_seq)
344 return -EINVAL;
345
346 if (key->reasm_head->len + skb->len > mctp_message_maxlen)
347 return -EINVAL;
348
349 skb->next = NULL;
350 skb->sk = NULL;
351 *key->reasm_tailp = skb;
352 key->reasm_tailp = &skb->next;
353
354 key->last_seq = this_seq;
355
356 key->reasm_head->data_len += skb->len;
357 key->reasm_head->len += skb->len;
358 key->reasm_head->truesize += skb->truesize;
359
360 return 0;
361}
362
363static int mctp_route_input(struct mctp_route *route, struct sk_buff *skb)
364{
365 struct mctp_sk_key *key, *any_key = NULL;
366 struct net *net = dev_net(skb->dev);
367 struct mctp_sock *msk;
368 struct mctp_hdr *mh;
369 unsigned int netid;
370 unsigned long f;
371 u8 tag, flags;
372 int rc;
373
374 msk = NULL;
375 rc = -EINVAL;
376
377 /* we may be receiving a locally-routed packet; drop source sk
378 * accounting
379 */
380 skb_orphan(skb);
381
382 /* ensure we have enough data for a header and a type */
383 if (skb->len < sizeof(struct mctp_hdr) + 1)
384 goto out;
385
386 /* grab header, advance data ptr */
387 mh = mctp_hdr(skb);
388 netid = mctp_cb(skb)->net;
389 skb_pull(skb, sizeof(struct mctp_hdr));
390
391 if (mh->ver != 1)
392 goto out;
393
394 flags = mh->flags_seq_tag & (MCTP_HDR_FLAG_SOM | MCTP_HDR_FLAG_EOM);
395 tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
396
397 rcu_read_lock();
398
399 /* lookup socket / reasm context, exactly matching (src,dest,tag).
400 * we hold a ref on the key, and key->lock held.
401 */
402 key = mctp_lookup_key(net, skb, netid, mh->src, &f);
403
404 if (flags & MCTP_HDR_FLAG_SOM) {
405 if (key) {
406 msk = container_of(key->sk, struct mctp_sock, sk);
407 } else {
408 /* first response to a broadcast? do a more general
409 * key lookup to find the socket, but don't use this
410 * key for reassembly - we'll create a more specific
411 * one for future packets if required (ie, !EOM).
412 *
413 * this lookup requires key->peer to be MCTP_ADDR_ANY,
414 * it doesn't match just any key->peer.
415 */
416 any_key = mctp_lookup_key(net, skb, netid,
417 MCTP_ADDR_ANY, &f);
418 if (any_key) {
419 msk = container_of(any_key->sk,
420 struct mctp_sock, sk);
421 spin_unlock_irqrestore(&any_key->lock, f);
422 }
423 }
424
425 if (!key && !msk && (tag & MCTP_HDR_FLAG_TO))
426 msk = mctp_lookup_bind(net, skb);
427
428 if (!msk) {
429 rc = -ENOENT;
430 goto out_unlock;
431 }
432
433 /* single-packet message? deliver to socket, clean up any
434 * pending key.
435 */
436 if (flags & MCTP_HDR_FLAG_EOM) {
437 sock_queue_rcv_skb(&msk->sk, skb);
438 if (key) {
439 /* we've hit a pending reassembly; not much we
440 * can do but drop it
441 */
442 __mctp_key_done_in(key, net, f,
443 MCTP_TRACE_KEY_REPLIED);
444 key = NULL;
445 }
446 rc = 0;
447 goto out_unlock;
448 }
449
450 /* broadcast response or a bind() - create a key for further
451 * packets for this message
452 */
453 if (!key) {
454 key = mctp_key_alloc(msk, netid, mh->dest, mh->src,
455 tag, GFP_ATOMIC);
456 if (!key) {
457 rc = -ENOMEM;
458 goto out_unlock;
459 }
460
461 /* we can queue without the key lock here, as the
462 * key isn't observable yet
463 */
464 mctp_frag_queue(key, skb);
465
466 /* if the key_add fails, we've raced with another
467 * SOM packet with the same src, dest and tag. There's
468 * no way to distinguish future packets, so all we
469 * can do is drop; we'll free the skb on exit from
470 * this function.
471 */
472 rc = mctp_key_add(key, msk);
473 if (!rc)
474 trace_mctp_key_acquire(key);
475
476 /* we don't need to release key->lock on exit, so
477 * clean up here and suppress the unlock via
478 * setting to NULL
479 */
480 mctp_key_unref(key);
481 key = NULL;
482
483 } else {
484 if (key->reasm_head || key->reasm_dead) {
485 /* duplicate start? drop everything */
486 __mctp_key_done_in(key, net, f,
487 MCTP_TRACE_KEY_INVALIDATED);
488 rc = -EEXIST;
489 key = NULL;
490 } else {
491 rc = mctp_frag_queue(key, skb);
492 }
493 }
494
495 } else if (key) {
496 /* this packet continues a previous message; reassemble
497 * using the message-specific key
498 */
499
500 /* we need to be continuing an existing reassembly... */
501 if (!key->reasm_head)
502 rc = -EINVAL;
503 else
504 rc = mctp_frag_queue(key, skb);
505
506 /* end of message? deliver to socket, and we're done with
507 * the reassembly/response key
508 */
509 if (!rc && flags & MCTP_HDR_FLAG_EOM) {
510 sock_queue_rcv_skb(key->sk, key->reasm_head);
511 key->reasm_head = NULL;
512 __mctp_key_done_in(key, net, f, MCTP_TRACE_KEY_REPLIED);
513 key = NULL;
514 }
515
516 } else {
517 /* not a start, no matching key */
518 rc = -ENOENT;
519 }
520
521out_unlock:
522 rcu_read_unlock();
523 if (key) {
524 spin_unlock_irqrestore(&key->lock, f);
525 mctp_key_unref(key);
526 }
527 if (any_key)
528 mctp_key_unref(any_key);
529out:
530 if (rc)
531 kfree_skb(skb);
532 return rc;
533}
534
535static unsigned int mctp_route_mtu(struct mctp_route *rt)
536{
537 return rt->mtu ?: READ_ONCE(rt->dev->dev->mtu);
538}
539
540static int mctp_route_output(struct mctp_route *route, struct sk_buff *skb)
541{
542 struct mctp_skb_cb *cb = mctp_cb(skb);
543 struct mctp_hdr *hdr = mctp_hdr(skb);
544 char daddr_buf[MAX_ADDR_LEN];
545 char *daddr = NULL;
546 unsigned int mtu;
547 int rc;
548
549 skb->protocol = htons(ETH_P_MCTP);
550
551 mtu = READ_ONCE(skb->dev->mtu);
552 if (skb->len > mtu) {
553 kfree_skb(skb);
554 return -EMSGSIZE;
555 }
556
557 if (cb->ifindex) {
558 /* direct route; use the hwaddr we stashed in sendmsg */
559 if (cb->halen != skb->dev->addr_len) {
560 /* sanity check, sendmsg should have already caught this */
561 kfree_skb(skb);
562 return -EMSGSIZE;
563 }
564 daddr = cb->haddr;
565 } else {
566 /* If lookup fails let the device handle daddr==NULL */
567 if (mctp_neigh_lookup(route->dev, hdr->dest, daddr_buf) == 0)
568 daddr = daddr_buf;
569 }
570
571 rc = dev_hard_header(skb, skb->dev, ntohs(skb->protocol),
572 daddr, skb->dev->dev_addr, skb->len);
573 if (rc < 0) {
574 kfree_skb(skb);
575 return -EHOSTUNREACH;
576 }
577
578 mctp_flow_prepare_output(skb, route->dev);
579
580 rc = dev_queue_xmit(skb);
581 if (rc)
582 rc = net_xmit_errno(rc);
583
584 return rc;
585}
586
587/* route alloc/release */
588static void mctp_route_release(struct mctp_route *rt)
589{
590 if (refcount_dec_and_test(&rt->refs)) {
591 mctp_dev_put(rt->dev);
592 kfree_rcu(rt, rcu);
593 }
594}
595
596/* returns a route with the refcount at 1 */
597static struct mctp_route *mctp_route_alloc(void)
598{
599 struct mctp_route *rt;
600
601 rt = kzalloc(sizeof(*rt), GFP_KERNEL);
602 if (!rt)
603 return NULL;
604
605 INIT_LIST_HEAD(&rt->list);
606 refcount_set(&rt->refs, 1);
607 rt->output = mctp_route_discard;
608
609 return rt;
610}
611
612unsigned int mctp_default_net(struct net *net)
613{
614 return READ_ONCE(net->mctp.default_net);
615}
616
617int mctp_default_net_set(struct net *net, unsigned int index)
618{
619 if (index == 0)
620 return -EINVAL;
621 WRITE_ONCE(net->mctp.default_net, index);
622 return 0;
623}
624
625/* tag management */
626static void mctp_reserve_tag(struct net *net, struct mctp_sk_key *key,
627 struct mctp_sock *msk)
628{
629 struct netns_mctp *mns = &net->mctp;
630
631 lockdep_assert_held(&mns->keys_lock);
632
633 key->expiry = jiffies + mctp_key_lifetime;
634 timer_reduce(&msk->key_expiry, key->expiry);
635
636 /* we hold the net->key_lock here, allowing updates to both
637 * then net and sk
638 */
639 hlist_add_head_rcu(&key->hlist, &mns->keys);
640 hlist_add_head_rcu(&key->sklist, &msk->keys);
641 refcount_inc(&key->refs);
642}
643
644/* Allocate a locally-owned tag value for (local, peer), and reserve
645 * it for the socket msk
646 */
647struct mctp_sk_key *mctp_alloc_local_tag(struct mctp_sock *msk,
648 unsigned int netid,
649 mctp_eid_t local, mctp_eid_t peer,
650 bool manual, u8 *tagp)
651{
652 struct net *net = sock_net(&msk->sk);
653 struct netns_mctp *mns = &net->mctp;
654 struct mctp_sk_key *key, *tmp;
655 unsigned long flags;
656 u8 tagbits;
657
658 /* for NULL destination EIDs, we may get a response from any peer */
659 if (peer == MCTP_ADDR_NULL)
660 peer = MCTP_ADDR_ANY;
661
662 /* be optimistic, alloc now */
663 key = mctp_key_alloc(msk, netid, local, peer, 0, GFP_KERNEL);
664 if (!key)
665 return ERR_PTR(-ENOMEM);
666
667 /* 8 possible tag values */
668 tagbits = 0xff;
669
670 spin_lock_irqsave(&mns->keys_lock, flags);
671
672 /* Walk through the existing keys, looking for potential conflicting
673 * tags. If we find a conflict, clear that bit from tagbits
674 */
675 hlist_for_each_entry(tmp, &mns->keys, hlist) {
676 /* We can check the lookup fields (*_addr, tag) without the
677 * lock held, they don't change over the lifetime of the key.
678 */
679
680 /* tags are net-specific */
681 if (tmp->net != netid)
682 continue;
683
684 /* if we don't own the tag, it can't conflict */
685 if (tmp->tag & MCTP_HDR_FLAG_TO)
686 continue;
687
688 /* Since we're avoiding conflicting entries, match peer and
689 * local addresses, including with a wildcard on ANY. See
690 * 'A note on key allocations' for background.
691 */
692 if (peer != MCTP_ADDR_ANY &&
693 !mctp_address_matches(tmp->peer_addr, peer))
694 continue;
695
696 if (local != MCTP_ADDR_ANY &&
697 !mctp_address_matches(tmp->local_addr, local))
698 continue;
699
700 spin_lock(&tmp->lock);
701 /* key must still be valid. If we find a match, clear the
702 * potential tag value
703 */
704 if (tmp->valid)
705 tagbits &= ~(1 << tmp->tag);
706 spin_unlock(&tmp->lock);
707
708 if (!tagbits)
709 break;
710 }
711
712 if (tagbits) {
713 key->tag = __ffs(tagbits);
714 mctp_reserve_tag(net, key, msk);
715 trace_mctp_key_acquire(key);
716
717 key->manual_alloc = manual;
718 *tagp = key->tag;
719 }
720
721 spin_unlock_irqrestore(&mns->keys_lock, flags);
722
723 if (!tagbits) {
724 mctp_key_unref(key);
725 return ERR_PTR(-EBUSY);
726 }
727
728 return key;
729}
730
731static struct mctp_sk_key *mctp_lookup_prealloc_tag(struct mctp_sock *msk,
732 unsigned int netid,
733 mctp_eid_t daddr,
734 u8 req_tag, u8 *tagp)
735{
736 struct net *net = sock_net(&msk->sk);
737 struct netns_mctp *mns = &net->mctp;
738 struct mctp_sk_key *key, *tmp;
739 unsigned long flags;
740
741 req_tag &= ~(MCTP_TAG_PREALLOC | MCTP_TAG_OWNER);
742 key = NULL;
743
744 spin_lock_irqsave(&mns->keys_lock, flags);
745
746 hlist_for_each_entry(tmp, &mns->keys, hlist) {
747 if (tmp->net != netid)
748 continue;
749
750 if (tmp->tag != req_tag)
751 continue;
752
753 if (!mctp_address_matches(tmp->peer_addr, daddr))
754 continue;
755
756 if (!tmp->manual_alloc)
757 continue;
758
759 spin_lock(&tmp->lock);
760 if (tmp->valid) {
761 key = tmp;
762 refcount_inc(&key->refs);
763 spin_unlock(&tmp->lock);
764 break;
765 }
766 spin_unlock(&tmp->lock);
767 }
768 spin_unlock_irqrestore(&mns->keys_lock, flags);
769
770 if (!key)
771 return ERR_PTR(-ENOENT);
772
773 if (tagp)
774 *tagp = key->tag;
775
776 return key;
777}
778
779/* routing lookups */
780static bool mctp_rt_match_eid(struct mctp_route *rt,
781 unsigned int net, mctp_eid_t eid)
782{
783 return READ_ONCE(rt->dev->net) == net &&
784 rt->min <= eid && rt->max >= eid;
785}
786
787/* compares match, used for duplicate prevention */
788static bool mctp_rt_compare_exact(struct mctp_route *rt1,
789 struct mctp_route *rt2)
790{
791 ASSERT_RTNL();
792 return rt1->dev->net == rt2->dev->net &&
793 rt1->min == rt2->min &&
794 rt1->max == rt2->max;
795}
796
797struct mctp_route *mctp_route_lookup(struct net *net, unsigned int dnet,
798 mctp_eid_t daddr)
799{
800 struct mctp_route *tmp, *rt = NULL;
801
802 rcu_read_lock();
803
804 list_for_each_entry_rcu(tmp, &net->mctp.routes, list) {
805 /* TODO: add metrics */
806 if (mctp_rt_match_eid(tmp, dnet, daddr)) {
807 if (refcount_inc_not_zero(&tmp->refs)) {
808 rt = tmp;
809 break;
810 }
811 }
812 }
813
814 rcu_read_unlock();
815
816 return rt;
817}
818
819static struct mctp_route *mctp_route_lookup_null(struct net *net,
820 struct net_device *dev)
821{
822 struct mctp_route *tmp, *rt = NULL;
823
824 rcu_read_lock();
825
826 list_for_each_entry_rcu(tmp, &net->mctp.routes, list) {
827 if (tmp->dev->dev == dev && tmp->type == RTN_LOCAL &&
828 refcount_inc_not_zero(&tmp->refs)) {
829 rt = tmp;
830 break;
831 }
832 }
833
834 rcu_read_unlock();
835
836 return rt;
837}
838
839static int mctp_do_fragment_route(struct mctp_route *rt, struct sk_buff *skb,
840 unsigned int mtu, u8 tag)
841{
842 const unsigned int hlen = sizeof(struct mctp_hdr);
843 struct mctp_hdr *hdr, *hdr2;
844 unsigned int pos, size, headroom;
845 struct sk_buff *skb2;
846 int rc;
847 u8 seq;
848
849 hdr = mctp_hdr(skb);
850 seq = 0;
851 rc = 0;
852
853 if (mtu < hlen + 1) {
854 kfree_skb(skb);
855 return -EMSGSIZE;
856 }
857
858 /* keep same headroom as the original skb */
859 headroom = skb_headroom(skb);
860
861 /* we've got the header */
862 skb_pull(skb, hlen);
863
864 for (pos = 0; pos < skb->len;) {
865 /* size of message payload */
866 size = min(mtu - hlen, skb->len - pos);
867
868 skb2 = alloc_skb(headroom + hlen + size, GFP_KERNEL);
869 if (!skb2) {
870 rc = -ENOMEM;
871 break;
872 }
873
874 /* generic skb copy */
875 skb2->protocol = skb->protocol;
876 skb2->priority = skb->priority;
877 skb2->dev = skb->dev;
878 memcpy(skb2->cb, skb->cb, sizeof(skb2->cb));
879
880 if (skb->sk)
881 skb_set_owner_w(skb2, skb->sk);
882
883 /* establish packet */
884 skb_reserve(skb2, headroom);
885 skb_reset_network_header(skb2);
886 skb_put(skb2, hlen + size);
887 skb2->transport_header = skb2->network_header + hlen;
888
889 /* copy header fields, calculate SOM/EOM flags & seq */
890 hdr2 = mctp_hdr(skb2);
891 hdr2->ver = hdr->ver;
892 hdr2->dest = hdr->dest;
893 hdr2->src = hdr->src;
894 hdr2->flags_seq_tag = tag &
895 (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
896
897 if (pos == 0)
898 hdr2->flags_seq_tag |= MCTP_HDR_FLAG_SOM;
899
900 if (pos + size == skb->len)
901 hdr2->flags_seq_tag |= MCTP_HDR_FLAG_EOM;
902
903 hdr2->flags_seq_tag |= seq << MCTP_HDR_SEQ_SHIFT;
904
905 /* copy message payload */
906 skb_copy_bits(skb, pos, skb_transport_header(skb2), size);
907
908 /* we need to copy the extensions, for MCTP flow data */
909 skb_ext_copy(skb2, skb);
910
911 /* do route */
912 rc = rt->output(rt, skb2);
913 if (rc)
914 break;
915
916 seq = (seq + 1) & MCTP_HDR_SEQ_MASK;
917 pos += size;
918 }
919
920 consume_skb(skb);
921 return rc;
922}
923
924int mctp_local_output(struct sock *sk, struct mctp_route *rt,
925 struct sk_buff *skb, mctp_eid_t daddr, u8 req_tag)
926{
927 struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk);
928 struct mctp_skb_cb *cb = mctp_cb(skb);
929 struct mctp_route tmp_rt = {0};
930 struct mctp_sk_key *key;
931 struct mctp_hdr *hdr;
932 unsigned long flags;
933 unsigned int netid;
934 unsigned int mtu;
935 mctp_eid_t saddr;
936 bool ext_rt;
937 int rc;
938 u8 tag;
939
940 rc = -ENODEV;
941
942 if (rt) {
943 ext_rt = false;
944 if (WARN_ON(!rt->dev))
945 goto out_release;
946
947 } else if (cb->ifindex) {
948 struct net_device *dev;
949
950 ext_rt = true;
951 rt = &tmp_rt;
952
953 rcu_read_lock();
954 dev = dev_get_by_index_rcu(sock_net(sk), cb->ifindex);
955 if (!dev) {
956 rcu_read_unlock();
957 goto out_free;
958 }
959 rt->dev = __mctp_dev_get(dev);
960 rcu_read_unlock();
961
962 if (!rt->dev)
963 goto out_release;
964
965 /* establish temporary route - we set up enough to keep
966 * mctp_route_output happy
967 */
968 rt->output = mctp_route_output;
969 rt->mtu = 0;
970
971 } else {
972 rc = -EINVAL;
973 goto out_free;
974 }
975
976 spin_lock_irqsave(&rt->dev->addrs_lock, flags);
977 if (rt->dev->num_addrs == 0) {
978 rc = -EHOSTUNREACH;
979 } else {
980 /* use the outbound interface's first address as our source */
981 saddr = rt->dev->addrs[0];
982 rc = 0;
983 }
984 spin_unlock_irqrestore(&rt->dev->addrs_lock, flags);
985 netid = READ_ONCE(rt->dev->net);
986
987 if (rc)
988 goto out_release;
989
990 if (req_tag & MCTP_TAG_OWNER) {
991 if (req_tag & MCTP_TAG_PREALLOC)
992 key = mctp_lookup_prealloc_tag(msk, netid, daddr,
993 req_tag, &tag);
994 else
995 key = mctp_alloc_local_tag(msk, netid, saddr, daddr,
996 false, &tag);
997
998 if (IS_ERR(key)) {
999 rc = PTR_ERR(key);
1000 goto out_release;
1001 }
1002 mctp_skb_set_flow(skb, key);
1003 /* done with the key in this scope */
1004 mctp_key_unref(key);
1005 tag |= MCTP_HDR_FLAG_TO;
1006 } else {
1007 key = NULL;
1008 tag = req_tag & MCTP_TAG_MASK;
1009 }
1010
1011 skb->protocol = htons(ETH_P_MCTP);
1012 skb->priority = 0;
1013 skb_reset_transport_header(skb);
1014 skb_push(skb, sizeof(struct mctp_hdr));
1015 skb_reset_network_header(skb);
1016 skb->dev = rt->dev->dev;
1017
1018 /* cb->net will have been set on initial ingress */
1019 cb->src = saddr;
1020
1021 /* set up common header fields */
1022 hdr = mctp_hdr(skb);
1023 hdr->ver = 1;
1024 hdr->dest = daddr;
1025 hdr->src = saddr;
1026
1027 mtu = mctp_route_mtu(rt);
1028
1029 if (skb->len + sizeof(struct mctp_hdr) <= mtu) {
1030 hdr->flags_seq_tag = MCTP_HDR_FLAG_SOM |
1031 MCTP_HDR_FLAG_EOM | tag;
1032 rc = rt->output(rt, skb);
1033 } else {
1034 rc = mctp_do_fragment_route(rt, skb, mtu, tag);
1035 }
1036
1037 /* route output functions consume the skb, even on error */
1038 skb = NULL;
1039
1040out_release:
1041 if (!ext_rt)
1042 mctp_route_release(rt);
1043
1044 mctp_dev_put(tmp_rt.dev);
1045
1046out_free:
1047 kfree_skb(skb);
1048 return rc;
1049}
1050
1051/* route management */
1052static int mctp_route_add(struct mctp_dev *mdev, mctp_eid_t daddr_start,
1053 unsigned int daddr_extent, unsigned int mtu,
1054 unsigned char type)
1055{
1056 int (*rtfn)(struct mctp_route *rt, struct sk_buff *skb);
1057 struct net *net = dev_net(mdev->dev);
1058 struct mctp_route *rt, *ert;
1059
1060 if (!mctp_address_unicast(daddr_start))
1061 return -EINVAL;
1062
1063 if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255)
1064 return -EINVAL;
1065
1066 switch (type) {
1067 case RTN_LOCAL:
1068 rtfn = mctp_route_input;
1069 break;
1070 case RTN_UNICAST:
1071 rtfn = mctp_route_output;
1072 break;
1073 default:
1074 return -EINVAL;
1075 }
1076
1077 rt = mctp_route_alloc();
1078 if (!rt)
1079 return -ENOMEM;
1080
1081 rt->min = daddr_start;
1082 rt->max = daddr_start + daddr_extent;
1083 rt->mtu = mtu;
1084 rt->dev = mdev;
1085 mctp_dev_hold(rt->dev);
1086 rt->type = type;
1087 rt->output = rtfn;
1088
1089 ASSERT_RTNL();
1090 /* Prevent duplicate identical routes. */
1091 list_for_each_entry(ert, &net->mctp.routes, list) {
1092 if (mctp_rt_compare_exact(rt, ert)) {
1093 mctp_route_release(rt);
1094 return -EEXIST;
1095 }
1096 }
1097
1098 list_add_rcu(&rt->list, &net->mctp.routes);
1099
1100 return 0;
1101}
1102
1103static int mctp_route_remove(struct mctp_dev *mdev, mctp_eid_t daddr_start,
1104 unsigned int daddr_extent, unsigned char type)
1105{
1106 struct net *net = dev_net(mdev->dev);
1107 struct mctp_route *rt, *tmp;
1108 mctp_eid_t daddr_end;
1109 bool dropped;
1110
1111 if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255)
1112 return -EINVAL;
1113
1114 daddr_end = daddr_start + daddr_extent;
1115 dropped = false;
1116
1117 ASSERT_RTNL();
1118
1119 list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) {
1120 if (rt->dev == mdev &&
1121 rt->min == daddr_start && rt->max == daddr_end &&
1122 rt->type == type) {
1123 list_del_rcu(&rt->list);
1124 /* TODO: immediate RTM_DELROUTE */
1125 mctp_route_release(rt);
1126 dropped = true;
1127 }
1128 }
1129
1130 return dropped ? 0 : -ENOENT;
1131}
1132
1133int mctp_route_add_local(struct mctp_dev *mdev, mctp_eid_t addr)
1134{
1135 return mctp_route_add(mdev, addr, 0, 0, RTN_LOCAL);
1136}
1137
1138int mctp_route_remove_local(struct mctp_dev *mdev, mctp_eid_t addr)
1139{
1140 return mctp_route_remove(mdev, addr, 0, RTN_LOCAL);
1141}
1142
1143/* removes all entries for a given device */
1144void mctp_route_remove_dev(struct mctp_dev *mdev)
1145{
1146 struct net *net = dev_net(mdev->dev);
1147 struct mctp_route *rt, *tmp;
1148
1149 ASSERT_RTNL();
1150 list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) {
1151 if (rt->dev == mdev) {
1152 list_del_rcu(&rt->list);
1153 /* TODO: immediate RTM_DELROUTE */
1154 mctp_route_release(rt);
1155 }
1156 }
1157}
1158
1159/* Incoming packet-handling */
1160
1161static int mctp_pkttype_receive(struct sk_buff *skb, struct net_device *dev,
1162 struct packet_type *pt,
1163 struct net_device *orig_dev)
1164{
1165 struct net *net = dev_net(dev);
1166 struct mctp_dev *mdev;
1167 struct mctp_skb_cb *cb;
1168 struct mctp_route *rt;
1169 struct mctp_hdr *mh;
1170
1171 rcu_read_lock();
1172 mdev = __mctp_dev_get(dev);
1173 rcu_read_unlock();
1174 if (!mdev) {
1175 /* basic non-data sanity checks */
1176 goto err_drop;
1177 }
1178
1179 if (!pskb_may_pull(skb, sizeof(struct mctp_hdr)))
1180 goto err_drop;
1181
1182 skb_reset_transport_header(skb);
1183 skb_reset_network_header(skb);
1184
1185 /* We have enough for a header; decode and route */
1186 mh = mctp_hdr(skb);
1187 if (mh->ver < MCTP_VER_MIN || mh->ver > MCTP_VER_MAX)
1188 goto err_drop;
1189
1190 /* source must be valid unicast or null; drop reserved ranges and
1191 * broadcast
1192 */
1193 if (!(mctp_address_unicast(mh->src) || mctp_address_null(mh->src)))
1194 goto err_drop;
1195
1196 /* dest address: as above, but allow broadcast */
1197 if (!(mctp_address_unicast(mh->dest) || mctp_address_null(mh->dest) ||
1198 mctp_address_broadcast(mh->dest)))
1199 goto err_drop;
1200
1201 /* MCTP drivers must populate halen/haddr */
1202 if (dev->type == ARPHRD_MCTP) {
1203 cb = mctp_cb(skb);
1204 } else {
1205 cb = __mctp_cb(skb);
1206 cb->halen = 0;
1207 }
1208 cb->net = READ_ONCE(mdev->net);
1209 cb->ifindex = dev->ifindex;
1210
1211 rt = mctp_route_lookup(net, cb->net, mh->dest);
1212
1213 /* NULL EID, but addressed to our physical address */
1214 if (!rt && mh->dest == MCTP_ADDR_NULL && skb->pkt_type == PACKET_HOST)
1215 rt = mctp_route_lookup_null(net, dev);
1216
1217 if (!rt)
1218 goto err_drop;
1219
1220 rt->output(rt, skb);
1221 mctp_route_release(rt);
1222 mctp_dev_put(mdev);
1223
1224 return NET_RX_SUCCESS;
1225
1226err_drop:
1227 kfree_skb(skb);
1228 mctp_dev_put(mdev);
1229 return NET_RX_DROP;
1230}
1231
1232static struct packet_type mctp_packet_type = {
1233 .type = cpu_to_be16(ETH_P_MCTP),
1234 .func = mctp_pkttype_receive,
1235};
1236
1237/* netlink interface */
1238
1239static const struct nla_policy rta_mctp_policy[RTA_MAX + 1] = {
1240 [RTA_DST] = { .type = NLA_U8 },
1241 [RTA_METRICS] = { .type = NLA_NESTED },
1242 [RTA_OIF] = { .type = NLA_U32 },
1243};
1244
1245/* Common part for RTM_NEWROUTE and RTM_DELROUTE parsing.
1246 * tb must hold RTA_MAX+1 elements.
1247 */
1248static int mctp_route_nlparse(struct sk_buff *skb, struct nlmsghdr *nlh,
1249 struct netlink_ext_ack *extack,
1250 struct nlattr **tb, struct rtmsg **rtm,
1251 struct mctp_dev **mdev, mctp_eid_t *daddr_start)
1252{
1253 struct net *net = sock_net(skb->sk);
1254 struct net_device *dev;
1255 unsigned int ifindex;
1256 int rc;
1257
1258 rc = nlmsg_parse(nlh, sizeof(struct rtmsg), tb, RTA_MAX,
1259 rta_mctp_policy, extack);
1260 if (rc < 0) {
1261 NL_SET_ERR_MSG(extack, "incorrect format");
1262 return rc;
1263 }
1264
1265 if (!tb[RTA_DST]) {
1266 NL_SET_ERR_MSG(extack, "dst EID missing");
1267 return -EINVAL;
1268 }
1269 *daddr_start = nla_get_u8(tb[RTA_DST]);
1270
1271 if (!tb[RTA_OIF]) {
1272 NL_SET_ERR_MSG(extack, "ifindex missing");
1273 return -EINVAL;
1274 }
1275 ifindex = nla_get_u32(tb[RTA_OIF]);
1276
1277 *rtm = nlmsg_data(nlh);
1278 if ((*rtm)->rtm_family != AF_MCTP) {
1279 NL_SET_ERR_MSG(extack, "route family must be AF_MCTP");
1280 return -EINVAL;
1281 }
1282
1283 dev = __dev_get_by_index(net, ifindex);
1284 if (!dev) {
1285 NL_SET_ERR_MSG(extack, "bad ifindex");
1286 return -ENODEV;
1287 }
1288 *mdev = mctp_dev_get_rtnl(dev);
1289 if (!*mdev)
1290 return -ENODEV;
1291
1292 if (dev->flags & IFF_LOOPBACK) {
1293 NL_SET_ERR_MSG(extack, "no routes to loopback");
1294 return -EINVAL;
1295 }
1296
1297 return 0;
1298}
1299
1300static const struct nla_policy rta_metrics_policy[RTAX_MAX + 1] = {
1301 [RTAX_MTU] = { .type = NLA_U32 },
1302};
1303
1304static int mctp_newroute(struct sk_buff *skb, struct nlmsghdr *nlh,
1305 struct netlink_ext_ack *extack)
1306{
1307 struct nlattr *tb[RTA_MAX + 1];
1308 struct nlattr *tbx[RTAX_MAX + 1];
1309 mctp_eid_t daddr_start;
1310 struct mctp_dev *mdev;
1311 struct rtmsg *rtm;
1312 unsigned int mtu;
1313 int rc;
1314
1315 rc = mctp_route_nlparse(skb, nlh, extack, tb,
1316 &rtm, &mdev, &daddr_start);
1317 if (rc < 0)
1318 return rc;
1319
1320 if (rtm->rtm_type != RTN_UNICAST) {
1321 NL_SET_ERR_MSG(extack, "rtm_type must be RTN_UNICAST");
1322 return -EINVAL;
1323 }
1324
1325 mtu = 0;
1326 if (tb[RTA_METRICS]) {
1327 rc = nla_parse_nested(tbx, RTAX_MAX, tb[RTA_METRICS],
1328 rta_metrics_policy, NULL);
1329 if (rc < 0)
1330 return rc;
1331 if (tbx[RTAX_MTU])
1332 mtu = nla_get_u32(tbx[RTAX_MTU]);
1333 }
1334
1335 rc = mctp_route_add(mdev, daddr_start, rtm->rtm_dst_len, mtu,
1336 rtm->rtm_type);
1337 return rc;
1338}
1339
1340static int mctp_delroute(struct sk_buff *skb, struct nlmsghdr *nlh,
1341 struct netlink_ext_ack *extack)
1342{
1343 struct nlattr *tb[RTA_MAX + 1];
1344 mctp_eid_t daddr_start;
1345 struct mctp_dev *mdev;
1346 struct rtmsg *rtm;
1347 int rc;
1348
1349 rc = mctp_route_nlparse(skb, nlh, extack, tb,
1350 &rtm, &mdev, &daddr_start);
1351 if (rc < 0)
1352 return rc;
1353
1354 /* we only have unicast routes */
1355 if (rtm->rtm_type != RTN_UNICAST)
1356 return -EINVAL;
1357
1358 rc = mctp_route_remove(mdev, daddr_start, rtm->rtm_dst_len, RTN_UNICAST);
1359 return rc;
1360}
1361
1362static int mctp_fill_rtinfo(struct sk_buff *skb, struct mctp_route *rt,
1363 u32 portid, u32 seq, int event, unsigned int flags)
1364{
1365 struct nlmsghdr *nlh;
1366 struct rtmsg *hdr;
1367 void *metrics;
1368
1369 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*hdr), flags);
1370 if (!nlh)
1371 return -EMSGSIZE;
1372
1373 hdr = nlmsg_data(nlh);
1374 hdr->rtm_family = AF_MCTP;
1375
1376 /* we use the _len fields as a number of EIDs, rather than
1377 * a number of bits in the address
1378 */
1379 hdr->rtm_dst_len = rt->max - rt->min;
1380 hdr->rtm_src_len = 0;
1381 hdr->rtm_tos = 0;
1382 hdr->rtm_table = RT_TABLE_DEFAULT;
1383 hdr->rtm_protocol = RTPROT_STATIC; /* everything is user-defined */
1384 hdr->rtm_scope = RT_SCOPE_LINK; /* TODO: scope in mctp_route? */
1385 hdr->rtm_type = rt->type;
1386
1387 if (nla_put_u8(skb, RTA_DST, rt->min))
1388 goto cancel;
1389
1390 metrics = nla_nest_start_noflag(skb, RTA_METRICS);
1391 if (!metrics)
1392 goto cancel;
1393
1394 if (rt->mtu) {
1395 if (nla_put_u32(skb, RTAX_MTU, rt->mtu))
1396 goto cancel;
1397 }
1398
1399 nla_nest_end(skb, metrics);
1400
1401 if (rt->dev) {
1402 if (nla_put_u32(skb, RTA_OIF, rt->dev->dev->ifindex))
1403 goto cancel;
1404 }
1405
1406 /* TODO: conditional neighbour physaddr? */
1407
1408 nlmsg_end(skb, nlh);
1409
1410 return 0;
1411
1412cancel:
1413 nlmsg_cancel(skb, nlh);
1414 return -EMSGSIZE;
1415}
1416
1417static int mctp_dump_rtinfo(struct sk_buff *skb, struct netlink_callback *cb)
1418{
1419 struct net *net = sock_net(skb->sk);
1420 struct mctp_route *rt;
1421 int s_idx, idx;
1422
1423 /* TODO: allow filtering on route data, possibly under
1424 * cb->strict_check
1425 */
1426
1427 /* TODO: change to struct overlay */
1428 s_idx = cb->args[0];
1429 idx = 0;
1430
1431 rcu_read_lock();
1432 list_for_each_entry_rcu(rt, &net->mctp.routes, list) {
1433 if (idx++ < s_idx)
1434 continue;
1435 if (mctp_fill_rtinfo(skb, rt,
1436 NETLINK_CB(cb->skb).portid,
1437 cb->nlh->nlmsg_seq,
1438 RTM_NEWROUTE, NLM_F_MULTI) < 0)
1439 break;
1440 }
1441
1442 rcu_read_unlock();
1443 cb->args[0] = idx;
1444
1445 return skb->len;
1446}
1447
1448/* net namespace implementation */
1449static int __net_init mctp_routes_net_init(struct net *net)
1450{
1451 struct netns_mctp *ns = &net->mctp;
1452
1453 INIT_LIST_HEAD(&ns->routes);
1454 INIT_HLIST_HEAD(&ns->binds);
1455 mutex_init(&ns->bind_lock);
1456 INIT_HLIST_HEAD(&ns->keys);
1457 spin_lock_init(&ns->keys_lock);
1458 WARN_ON(mctp_default_net_set(net, MCTP_INITIAL_DEFAULT_NET));
1459 return 0;
1460}
1461
1462static void __net_exit mctp_routes_net_exit(struct net *net)
1463{
1464 struct mctp_route *rt;
1465
1466 rcu_read_lock();
1467 list_for_each_entry_rcu(rt, &net->mctp.routes, list)
1468 mctp_route_release(rt);
1469 rcu_read_unlock();
1470}
1471
1472static struct pernet_operations mctp_net_ops = {
1473 .init = mctp_routes_net_init,
1474 .exit = mctp_routes_net_exit,
1475};
1476
1477int __init mctp_routes_init(void)
1478{
1479 dev_add_pack(&mctp_packet_type);
1480
1481 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_GETROUTE,
1482 NULL, mctp_dump_rtinfo, 0);
1483 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_NEWROUTE,
1484 mctp_newroute, NULL, 0);
1485 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_DELROUTE,
1486 mctp_delroute, NULL, 0);
1487
1488 return register_pernet_subsys(&mctp_net_ops);
1489}
1490
1491void mctp_routes_exit(void)
1492{
1493 unregister_pernet_subsys(&mctp_net_ops);
1494 rtnl_unregister(PF_MCTP, RTM_DELROUTE);
1495 rtnl_unregister(PF_MCTP, RTM_NEWROUTE);
1496 rtnl_unregister(PF_MCTP, RTM_GETROUTE);
1497 dev_remove_pack(&mctp_packet_type);
1498}
1499
1500#if IS_ENABLED(CONFIG_MCTP_TEST)
1501#include "test/route-test.c"
1502#endif