Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Management Component Transport Protocol (MCTP) - routing
4 * implementation.
5 *
6 * This is currently based on a simple routing table, with no dst cache. The
7 * number of routes should stay fairly small, so the lookup cost is small.
8 *
9 * Copyright (c) 2021 Code Construct
10 * Copyright (c) 2021 Google
11 */
12
13#include <linux/idr.h>
14#include <linux/kconfig.h>
15#include <linux/mctp.h>
16#include <linux/netdevice.h>
17#include <linux/rtnetlink.h>
18#include <linux/skbuff.h>
19
20#include <uapi/linux/if_arp.h>
21
22#include <net/mctp.h>
23#include <net/mctpdevice.h>
24#include <net/netlink.h>
25#include <net/sock.h>
26
27#include <trace/events/mctp.h>
28
29static const unsigned int mctp_message_maxlen = 64 * 1024;
30static const unsigned long mctp_key_lifetime = 6 * CONFIG_HZ;
31
32static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev);
33
34/* route output callbacks */
35static int mctp_route_discard(struct mctp_route *route, struct sk_buff *skb)
36{
37 kfree_skb(skb);
38 return 0;
39}
40
41static struct mctp_sock *mctp_lookup_bind(struct net *net, struct sk_buff *skb)
42{
43 struct mctp_skb_cb *cb = mctp_cb(skb);
44 struct mctp_hdr *mh;
45 struct sock *sk;
46 u8 type;
47
48 WARN_ON(!rcu_read_lock_held());
49
50 /* TODO: look up in skb->cb? */
51 mh = mctp_hdr(skb);
52
53 if (!skb_headlen(skb))
54 return NULL;
55
56 type = (*(u8 *)skb->data) & 0x7f;
57
58 sk_for_each_rcu(sk, &net->mctp.binds) {
59 struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk);
60
61 if (msk->bind_net != MCTP_NET_ANY && msk->bind_net != cb->net)
62 continue;
63
64 if (msk->bind_type != type)
65 continue;
66
67 if (!mctp_address_matches(msk->bind_addr, mh->dest))
68 continue;
69
70 return msk;
71 }
72
73 return NULL;
74}
75
76static bool mctp_key_match(struct mctp_sk_key *key, mctp_eid_t local,
77 mctp_eid_t peer, u8 tag)
78{
79 if (!mctp_address_matches(key->local_addr, local))
80 return false;
81
82 if (key->peer_addr != peer)
83 return false;
84
85 if (key->tag != tag)
86 return false;
87
88 return true;
89}
90
91/* returns a key (with key->lock held, and refcounted), or NULL if no such
92 * key exists.
93 */
94static struct mctp_sk_key *mctp_lookup_key(struct net *net, struct sk_buff *skb,
95 mctp_eid_t peer,
96 unsigned long *irqflags)
97 __acquires(&key->lock)
98{
99 struct mctp_sk_key *key, *ret;
100 unsigned long flags;
101 struct mctp_hdr *mh;
102 u8 tag;
103
104 mh = mctp_hdr(skb);
105 tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
106
107 ret = NULL;
108 spin_lock_irqsave(&net->mctp.keys_lock, flags);
109
110 hlist_for_each_entry(key, &net->mctp.keys, hlist) {
111 if (!mctp_key_match(key, mh->dest, peer, tag))
112 continue;
113
114 spin_lock(&key->lock);
115 if (key->valid) {
116 refcount_inc(&key->refs);
117 ret = key;
118 break;
119 }
120 spin_unlock(&key->lock);
121 }
122
123 if (ret) {
124 spin_unlock(&net->mctp.keys_lock);
125 *irqflags = flags;
126 } else {
127 spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
128 }
129
130 return ret;
131}
132
133static struct mctp_sk_key *mctp_key_alloc(struct mctp_sock *msk,
134 mctp_eid_t local, mctp_eid_t peer,
135 u8 tag, gfp_t gfp)
136{
137 struct mctp_sk_key *key;
138
139 key = kzalloc(sizeof(*key), gfp);
140 if (!key)
141 return NULL;
142
143 key->peer_addr = peer;
144 key->local_addr = local;
145 key->tag = tag;
146 key->sk = &msk->sk;
147 key->valid = true;
148 spin_lock_init(&key->lock);
149 refcount_set(&key->refs, 1);
150 sock_hold(key->sk);
151
152 return key;
153}
154
155void mctp_key_unref(struct mctp_sk_key *key)
156{
157 unsigned long flags;
158
159 if (!refcount_dec_and_test(&key->refs))
160 return;
161
162 /* even though no refs exist here, the lock allows us to stay
163 * consistent with the locking requirement of mctp_dev_release_key
164 */
165 spin_lock_irqsave(&key->lock, flags);
166 mctp_dev_release_key(key->dev, key);
167 spin_unlock_irqrestore(&key->lock, flags);
168
169 sock_put(key->sk);
170 kfree(key);
171}
172
173static int mctp_key_add(struct mctp_sk_key *key, struct mctp_sock *msk)
174{
175 struct net *net = sock_net(&msk->sk);
176 struct mctp_sk_key *tmp;
177 unsigned long flags;
178 int rc = 0;
179
180 spin_lock_irqsave(&net->mctp.keys_lock, flags);
181
182 if (sock_flag(&msk->sk, SOCK_DEAD)) {
183 rc = -EINVAL;
184 goto out_unlock;
185 }
186
187 hlist_for_each_entry(tmp, &net->mctp.keys, hlist) {
188 if (mctp_key_match(tmp, key->local_addr, key->peer_addr,
189 key->tag)) {
190 spin_lock(&tmp->lock);
191 if (tmp->valid)
192 rc = -EEXIST;
193 spin_unlock(&tmp->lock);
194 if (rc)
195 break;
196 }
197 }
198
199 if (!rc) {
200 refcount_inc(&key->refs);
201 key->expiry = jiffies + mctp_key_lifetime;
202 timer_reduce(&msk->key_expiry, key->expiry);
203
204 hlist_add_head(&key->hlist, &net->mctp.keys);
205 hlist_add_head(&key->sklist, &msk->keys);
206 }
207
208out_unlock:
209 spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
210
211 return rc;
212}
213
214/* Helper for mctp_route_input().
215 * We're done with the key; unlock and unref the key.
216 * For the usual case of automatic expiry we remove the key from lists.
217 * In the case that manual allocation is set on a key we release the lock
218 * and local ref, reset reassembly, but don't remove from lists.
219 */
220static void __mctp_key_done_in(struct mctp_sk_key *key, struct net *net,
221 unsigned long flags, unsigned long reason)
222__releases(&key->lock)
223{
224 struct sk_buff *skb;
225
226 trace_mctp_key_release(key, reason);
227 skb = key->reasm_head;
228 key->reasm_head = NULL;
229
230 if (!key->manual_alloc) {
231 key->reasm_dead = true;
232 key->valid = false;
233 mctp_dev_release_key(key->dev, key);
234 }
235 spin_unlock_irqrestore(&key->lock, flags);
236
237 if (!key->manual_alloc) {
238 spin_lock_irqsave(&net->mctp.keys_lock, flags);
239 if (!hlist_unhashed(&key->hlist)) {
240 hlist_del_init(&key->hlist);
241 hlist_del_init(&key->sklist);
242 mctp_key_unref(key);
243 }
244 spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
245 }
246
247 /* and one for the local reference */
248 mctp_key_unref(key);
249
250 kfree_skb(skb);
251}
252
253#ifdef CONFIG_MCTP_FLOWS
254static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key)
255{
256 struct mctp_flow *flow;
257
258 flow = skb_ext_add(skb, SKB_EXT_MCTP);
259 if (!flow)
260 return;
261
262 refcount_inc(&key->refs);
263 flow->key = key;
264}
265
266static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev)
267{
268 struct mctp_sk_key *key;
269 struct mctp_flow *flow;
270
271 flow = skb_ext_find(skb, SKB_EXT_MCTP);
272 if (!flow)
273 return;
274
275 key = flow->key;
276
277 if (WARN_ON(key->dev && key->dev != dev))
278 return;
279
280 mctp_dev_set_key(dev, key);
281}
282#else
283static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key) {}
284static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev) {}
285#endif
286
287static int mctp_frag_queue(struct mctp_sk_key *key, struct sk_buff *skb)
288{
289 struct mctp_hdr *hdr = mctp_hdr(skb);
290 u8 exp_seq, this_seq;
291
292 this_seq = (hdr->flags_seq_tag >> MCTP_HDR_SEQ_SHIFT)
293 & MCTP_HDR_SEQ_MASK;
294
295 if (!key->reasm_head) {
296 key->reasm_head = skb;
297 key->reasm_tailp = &(skb_shinfo(skb)->frag_list);
298 key->last_seq = this_seq;
299 return 0;
300 }
301
302 exp_seq = (key->last_seq + 1) & MCTP_HDR_SEQ_MASK;
303
304 if (this_seq != exp_seq)
305 return -EINVAL;
306
307 if (key->reasm_head->len + skb->len > mctp_message_maxlen)
308 return -EINVAL;
309
310 skb->next = NULL;
311 skb->sk = NULL;
312 *key->reasm_tailp = skb;
313 key->reasm_tailp = &skb->next;
314
315 key->last_seq = this_seq;
316
317 key->reasm_head->data_len += skb->len;
318 key->reasm_head->len += skb->len;
319 key->reasm_head->truesize += skb->truesize;
320
321 return 0;
322}
323
324static int mctp_route_input(struct mctp_route *route, struct sk_buff *skb)
325{
326 struct mctp_sk_key *key, *any_key = NULL;
327 struct net *net = dev_net(skb->dev);
328 struct mctp_sock *msk;
329 struct mctp_hdr *mh;
330 unsigned long f;
331 u8 tag, flags;
332 int rc;
333
334 msk = NULL;
335 rc = -EINVAL;
336
337 /* we may be receiving a locally-routed packet; drop source sk
338 * accounting
339 */
340 skb_orphan(skb);
341
342 /* ensure we have enough data for a header and a type */
343 if (skb->len < sizeof(struct mctp_hdr) + 1)
344 goto out;
345
346 /* grab header, advance data ptr */
347 mh = mctp_hdr(skb);
348 skb_pull(skb, sizeof(struct mctp_hdr));
349
350 if (mh->ver != 1)
351 goto out;
352
353 flags = mh->flags_seq_tag & (MCTP_HDR_FLAG_SOM | MCTP_HDR_FLAG_EOM);
354 tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
355
356 rcu_read_lock();
357
358 /* lookup socket / reasm context, exactly matching (src,dest,tag).
359 * we hold a ref on the key, and key->lock held.
360 */
361 key = mctp_lookup_key(net, skb, mh->src, &f);
362
363 if (flags & MCTP_HDR_FLAG_SOM) {
364 if (key) {
365 msk = container_of(key->sk, struct mctp_sock, sk);
366 } else {
367 /* first response to a broadcast? do a more general
368 * key lookup to find the socket, but don't use this
369 * key for reassembly - we'll create a more specific
370 * one for future packets if required (ie, !EOM).
371 */
372 any_key = mctp_lookup_key(net, skb, MCTP_ADDR_ANY, &f);
373 if (any_key) {
374 msk = container_of(any_key->sk,
375 struct mctp_sock, sk);
376 spin_unlock_irqrestore(&any_key->lock, f);
377 }
378 }
379
380 if (!key && !msk && (tag & MCTP_HDR_FLAG_TO))
381 msk = mctp_lookup_bind(net, skb);
382
383 if (!msk) {
384 rc = -ENOENT;
385 goto out_unlock;
386 }
387
388 /* single-packet message? deliver to socket, clean up any
389 * pending key.
390 */
391 if (flags & MCTP_HDR_FLAG_EOM) {
392 sock_queue_rcv_skb(&msk->sk, skb);
393 if (key) {
394 /* we've hit a pending reassembly; not much we
395 * can do but drop it
396 */
397 __mctp_key_done_in(key, net, f,
398 MCTP_TRACE_KEY_REPLIED);
399 key = NULL;
400 }
401 rc = 0;
402 goto out_unlock;
403 }
404
405 /* broadcast response or a bind() - create a key for further
406 * packets for this message
407 */
408 if (!key) {
409 key = mctp_key_alloc(msk, mh->dest, mh->src,
410 tag, GFP_ATOMIC);
411 if (!key) {
412 rc = -ENOMEM;
413 goto out_unlock;
414 }
415
416 /* we can queue without the key lock here, as the
417 * key isn't observable yet
418 */
419 mctp_frag_queue(key, skb);
420
421 /* if the key_add fails, we've raced with another
422 * SOM packet with the same src, dest and tag. There's
423 * no way to distinguish future packets, so all we
424 * can do is drop; we'll free the skb on exit from
425 * this function.
426 */
427 rc = mctp_key_add(key, msk);
428 if (!rc)
429 trace_mctp_key_acquire(key);
430
431 /* we don't need to release key->lock on exit, so
432 * clean up here and suppress the unlock via
433 * setting to NULL
434 */
435 mctp_key_unref(key);
436 key = NULL;
437
438 } else {
439 if (key->reasm_head || key->reasm_dead) {
440 /* duplicate start? drop everything */
441 __mctp_key_done_in(key, net, f,
442 MCTP_TRACE_KEY_INVALIDATED);
443 rc = -EEXIST;
444 key = NULL;
445 } else {
446 rc = mctp_frag_queue(key, skb);
447 }
448 }
449
450 } else if (key) {
451 /* this packet continues a previous message; reassemble
452 * using the message-specific key
453 */
454
455 /* we need to be continuing an existing reassembly... */
456 if (!key->reasm_head)
457 rc = -EINVAL;
458 else
459 rc = mctp_frag_queue(key, skb);
460
461 /* end of message? deliver to socket, and we're done with
462 * the reassembly/response key
463 */
464 if (!rc && flags & MCTP_HDR_FLAG_EOM) {
465 sock_queue_rcv_skb(key->sk, key->reasm_head);
466 key->reasm_head = NULL;
467 __mctp_key_done_in(key, net, f, MCTP_TRACE_KEY_REPLIED);
468 key = NULL;
469 }
470
471 } else {
472 /* not a start, no matching key */
473 rc = -ENOENT;
474 }
475
476out_unlock:
477 rcu_read_unlock();
478 if (key) {
479 spin_unlock_irqrestore(&key->lock, f);
480 mctp_key_unref(key);
481 }
482 if (any_key)
483 mctp_key_unref(any_key);
484out:
485 if (rc)
486 kfree_skb(skb);
487 return rc;
488}
489
490static unsigned int mctp_route_mtu(struct mctp_route *rt)
491{
492 return rt->mtu ?: READ_ONCE(rt->dev->dev->mtu);
493}
494
495static int mctp_route_output(struct mctp_route *route, struct sk_buff *skb)
496{
497 struct mctp_skb_cb *cb = mctp_cb(skb);
498 struct mctp_hdr *hdr = mctp_hdr(skb);
499 char daddr_buf[MAX_ADDR_LEN];
500 char *daddr = NULL;
501 unsigned int mtu;
502 int rc;
503
504 skb->protocol = htons(ETH_P_MCTP);
505
506 mtu = READ_ONCE(skb->dev->mtu);
507 if (skb->len > mtu) {
508 kfree_skb(skb);
509 return -EMSGSIZE;
510 }
511
512 if (cb->ifindex) {
513 /* direct route; use the hwaddr we stashed in sendmsg */
514 if (cb->halen != skb->dev->addr_len) {
515 /* sanity check, sendmsg should have already caught this */
516 kfree_skb(skb);
517 return -EMSGSIZE;
518 }
519 daddr = cb->haddr;
520 } else {
521 /* If lookup fails let the device handle daddr==NULL */
522 if (mctp_neigh_lookup(route->dev, hdr->dest, daddr_buf) == 0)
523 daddr = daddr_buf;
524 }
525
526 rc = dev_hard_header(skb, skb->dev, ntohs(skb->protocol),
527 daddr, skb->dev->dev_addr, skb->len);
528 if (rc < 0) {
529 kfree_skb(skb);
530 return -EHOSTUNREACH;
531 }
532
533 mctp_flow_prepare_output(skb, route->dev);
534
535 rc = dev_queue_xmit(skb);
536 if (rc)
537 rc = net_xmit_errno(rc);
538
539 return rc;
540}
541
542/* route alloc/release */
543static void mctp_route_release(struct mctp_route *rt)
544{
545 if (refcount_dec_and_test(&rt->refs)) {
546 mctp_dev_put(rt->dev);
547 kfree_rcu(rt, rcu);
548 }
549}
550
551/* returns a route with the refcount at 1 */
552static struct mctp_route *mctp_route_alloc(void)
553{
554 struct mctp_route *rt;
555
556 rt = kzalloc(sizeof(*rt), GFP_KERNEL);
557 if (!rt)
558 return NULL;
559
560 INIT_LIST_HEAD(&rt->list);
561 refcount_set(&rt->refs, 1);
562 rt->output = mctp_route_discard;
563
564 return rt;
565}
566
567unsigned int mctp_default_net(struct net *net)
568{
569 return READ_ONCE(net->mctp.default_net);
570}
571
572int mctp_default_net_set(struct net *net, unsigned int index)
573{
574 if (index == 0)
575 return -EINVAL;
576 WRITE_ONCE(net->mctp.default_net, index);
577 return 0;
578}
579
580/* tag management */
581static void mctp_reserve_tag(struct net *net, struct mctp_sk_key *key,
582 struct mctp_sock *msk)
583{
584 struct netns_mctp *mns = &net->mctp;
585
586 lockdep_assert_held(&mns->keys_lock);
587
588 key->expiry = jiffies + mctp_key_lifetime;
589 timer_reduce(&msk->key_expiry, key->expiry);
590
591 /* we hold the net->key_lock here, allowing updates to both
592 * then net and sk
593 */
594 hlist_add_head_rcu(&key->hlist, &mns->keys);
595 hlist_add_head_rcu(&key->sklist, &msk->keys);
596 refcount_inc(&key->refs);
597}
598
599/* Allocate a locally-owned tag value for (saddr, daddr), and reserve
600 * it for the socket msk
601 */
602struct mctp_sk_key *mctp_alloc_local_tag(struct mctp_sock *msk,
603 mctp_eid_t daddr, mctp_eid_t saddr,
604 bool manual, u8 *tagp)
605{
606 struct net *net = sock_net(&msk->sk);
607 struct netns_mctp *mns = &net->mctp;
608 struct mctp_sk_key *key, *tmp;
609 unsigned long flags;
610 u8 tagbits;
611
612 /* for NULL destination EIDs, we may get a response from any peer */
613 if (daddr == MCTP_ADDR_NULL)
614 daddr = MCTP_ADDR_ANY;
615
616 /* be optimistic, alloc now */
617 key = mctp_key_alloc(msk, saddr, daddr, 0, GFP_KERNEL);
618 if (!key)
619 return ERR_PTR(-ENOMEM);
620
621 /* 8 possible tag values */
622 tagbits = 0xff;
623
624 spin_lock_irqsave(&mns->keys_lock, flags);
625
626 /* Walk through the existing keys, looking for potential conflicting
627 * tags. If we find a conflict, clear that bit from tagbits
628 */
629 hlist_for_each_entry(tmp, &mns->keys, hlist) {
630 /* We can check the lookup fields (*_addr, tag) without the
631 * lock held, they don't change over the lifetime of the key.
632 */
633
634 /* if we don't own the tag, it can't conflict */
635 if (tmp->tag & MCTP_HDR_FLAG_TO)
636 continue;
637
638 if (!(mctp_address_matches(tmp->peer_addr, daddr) &&
639 mctp_address_matches(tmp->local_addr, saddr)))
640 continue;
641
642 spin_lock(&tmp->lock);
643 /* key must still be valid. If we find a match, clear the
644 * potential tag value
645 */
646 if (tmp->valid)
647 tagbits &= ~(1 << tmp->tag);
648 spin_unlock(&tmp->lock);
649
650 if (!tagbits)
651 break;
652 }
653
654 if (tagbits) {
655 key->tag = __ffs(tagbits);
656 mctp_reserve_tag(net, key, msk);
657 trace_mctp_key_acquire(key);
658
659 key->manual_alloc = manual;
660 *tagp = key->tag;
661 }
662
663 spin_unlock_irqrestore(&mns->keys_lock, flags);
664
665 if (!tagbits) {
666 mctp_key_unref(key);
667 return ERR_PTR(-EBUSY);
668 }
669
670 return key;
671}
672
673static struct mctp_sk_key *mctp_lookup_prealloc_tag(struct mctp_sock *msk,
674 mctp_eid_t daddr,
675 u8 req_tag, u8 *tagp)
676{
677 struct net *net = sock_net(&msk->sk);
678 struct netns_mctp *mns = &net->mctp;
679 struct mctp_sk_key *key, *tmp;
680 unsigned long flags;
681
682 req_tag &= ~(MCTP_TAG_PREALLOC | MCTP_TAG_OWNER);
683 key = NULL;
684
685 spin_lock_irqsave(&mns->keys_lock, flags);
686
687 hlist_for_each_entry(tmp, &mns->keys, hlist) {
688 if (tmp->tag != req_tag)
689 continue;
690
691 if (!mctp_address_matches(tmp->peer_addr, daddr))
692 continue;
693
694 if (!tmp->manual_alloc)
695 continue;
696
697 spin_lock(&tmp->lock);
698 if (tmp->valid) {
699 key = tmp;
700 refcount_inc(&key->refs);
701 spin_unlock(&tmp->lock);
702 break;
703 }
704 spin_unlock(&tmp->lock);
705 }
706 spin_unlock_irqrestore(&mns->keys_lock, flags);
707
708 if (!key)
709 return ERR_PTR(-ENOENT);
710
711 if (tagp)
712 *tagp = key->tag;
713
714 return key;
715}
716
717/* routing lookups */
718static bool mctp_rt_match_eid(struct mctp_route *rt,
719 unsigned int net, mctp_eid_t eid)
720{
721 return READ_ONCE(rt->dev->net) == net &&
722 rt->min <= eid && rt->max >= eid;
723}
724
725/* compares match, used for duplicate prevention */
726static bool mctp_rt_compare_exact(struct mctp_route *rt1,
727 struct mctp_route *rt2)
728{
729 ASSERT_RTNL();
730 return rt1->dev->net == rt2->dev->net &&
731 rt1->min == rt2->min &&
732 rt1->max == rt2->max;
733}
734
735struct mctp_route *mctp_route_lookup(struct net *net, unsigned int dnet,
736 mctp_eid_t daddr)
737{
738 struct mctp_route *tmp, *rt = NULL;
739
740 rcu_read_lock();
741
742 list_for_each_entry_rcu(tmp, &net->mctp.routes, list) {
743 /* TODO: add metrics */
744 if (mctp_rt_match_eid(tmp, dnet, daddr)) {
745 if (refcount_inc_not_zero(&tmp->refs)) {
746 rt = tmp;
747 break;
748 }
749 }
750 }
751
752 rcu_read_unlock();
753
754 return rt;
755}
756
757static struct mctp_route *mctp_route_lookup_null(struct net *net,
758 struct net_device *dev)
759{
760 struct mctp_route *tmp, *rt = NULL;
761
762 rcu_read_lock();
763
764 list_for_each_entry_rcu(tmp, &net->mctp.routes, list) {
765 if (tmp->dev->dev == dev && tmp->type == RTN_LOCAL &&
766 refcount_inc_not_zero(&tmp->refs)) {
767 rt = tmp;
768 break;
769 }
770 }
771
772 rcu_read_unlock();
773
774 return rt;
775}
776
777static int mctp_do_fragment_route(struct mctp_route *rt, struct sk_buff *skb,
778 unsigned int mtu, u8 tag)
779{
780 const unsigned int hlen = sizeof(struct mctp_hdr);
781 struct mctp_hdr *hdr, *hdr2;
782 unsigned int pos, size, headroom;
783 struct sk_buff *skb2;
784 int rc;
785 u8 seq;
786
787 hdr = mctp_hdr(skb);
788 seq = 0;
789 rc = 0;
790
791 if (mtu < hlen + 1) {
792 kfree_skb(skb);
793 return -EMSGSIZE;
794 }
795
796 /* keep same headroom as the original skb */
797 headroom = skb_headroom(skb);
798
799 /* we've got the header */
800 skb_pull(skb, hlen);
801
802 for (pos = 0; pos < skb->len;) {
803 /* size of message payload */
804 size = min(mtu - hlen, skb->len - pos);
805
806 skb2 = alloc_skb(headroom + hlen + size, GFP_KERNEL);
807 if (!skb2) {
808 rc = -ENOMEM;
809 break;
810 }
811
812 /* generic skb copy */
813 skb2->protocol = skb->protocol;
814 skb2->priority = skb->priority;
815 skb2->dev = skb->dev;
816 memcpy(skb2->cb, skb->cb, sizeof(skb2->cb));
817
818 if (skb->sk)
819 skb_set_owner_w(skb2, skb->sk);
820
821 /* establish packet */
822 skb_reserve(skb2, headroom);
823 skb_reset_network_header(skb2);
824 skb_put(skb2, hlen + size);
825 skb2->transport_header = skb2->network_header + hlen;
826
827 /* copy header fields, calculate SOM/EOM flags & seq */
828 hdr2 = mctp_hdr(skb2);
829 hdr2->ver = hdr->ver;
830 hdr2->dest = hdr->dest;
831 hdr2->src = hdr->src;
832 hdr2->flags_seq_tag = tag &
833 (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
834
835 if (pos == 0)
836 hdr2->flags_seq_tag |= MCTP_HDR_FLAG_SOM;
837
838 if (pos + size == skb->len)
839 hdr2->flags_seq_tag |= MCTP_HDR_FLAG_EOM;
840
841 hdr2->flags_seq_tag |= seq << MCTP_HDR_SEQ_SHIFT;
842
843 /* copy message payload */
844 skb_copy_bits(skb, pos, skb_transport_header(skb2), size);
845
846 /* do route */
847 rc = rt->output(rt, skb2);
848 if (rc)
849 break;
850
851 seq = (seq + 1) & MCTP_HDR_SEQ_MASK;
852 pos += size;
853 }
854
855 consume_skb(skb);
856 return rc;
857}
858
859int mctp_local_output(struct sock *sk, struct mctp_route *rt,
860 struct sk_buff *skb, mctp_eid_t daddr, u8 req_tag)
861{
862 struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk);
863 struct mctp_skb_cb *cb = mctp_cb(skb);
864 struct mctp_route tmp_rt = {0};
865 struct mctp_sk_key *key;
866 struct mctp_hdr *hdr;
867 unsigned long flags;
868 unsigned int mtu;
869 mctp_eid_t saddr;
870 bool ext_rt;
871 int rc;
872 u8 tag;
873
874 rc = -ENODEV;
875
876 if (rt) {
877 ext_rt = false;
878 if (WARN_ON(!rt->dev))
879 goto out_release;
880
881 } else if (cb->ifindex) {
882 struct net_device *dev;
883
884 ext_rt = true;
885 rt = &tmp_rt;
886
887 rcu_read_lock();
888 dev = dev_get_by_index_rcu(sock_net(sk), cb->ifindex);
889 if (!dev) {
890 rcu_read_unlock();
891 goto out_free;
892 }
893 rt->dev = __mctp_dev_get(dev);
894 rcu_read_unlock();
895
896 if (!rt->dev)
897 goto out_release;
898
899 /* establish temporary route - we set up enough to keep
900 * mctp_route_output happy
901 */
902 rt->output = mctp_route_output;
903 rt->mtu = 0;
904
905 } else {
906 rc = -EINVAL;
907 goto out_free;
908 }
909
910 spin_lock_irqsave(&rt->dev->addrs_lock, flags);
911 if (rt->dev->num_addrs == 0) {
912 rc = -EHOSTUNREACH;
913 } else {
914 /* use the outbound interface's first address as our source */
915 saddr = rt->dev->addrs[0];
916 rc = 0;
917 }
918 spin_unlock_irqrestore(&rt->dev->addrs_lock, flags);
919
920 if (rc)
921 goto out_release;
922
923 if (req_tag & MCTP_TAG_OWNER) {
924 if (req_tag & MCTP_TAG_PREALLOC)
925 key = mctp_lookup_prealloc_tag(msk, daddr,
926 req_tag, &tag);
927 else
928 key = mctp_alloc_local_tag(msk, daddr, saddr,
929 false, &tag);
930
931 if (IS_ERR(key)) {
932 rc = PTR_ERR(key);
933 goto out_release;
934 }
935 mctp_skb_set_flow(skb, key);
936 /* done with the key in this scope */
937 mctp_key_unref(key);
938 tag |= MCTP_HDR_FLAG_TO;
939 } else {
940 key = NULL;
941 tag = req_tag & MCTP_TAG_MASK;
942 }
943
944 skb->protocol = htons(ETH_P_MCTP);
945 skb->priority = 0;
946 skb_reset_transport_header(skb);
947 skb_push(skb, sizeof(struct mctp_hdr));
948 skb_reset_network_header(skb);
949 skb->dev = rt->dev->dev;
950
951 /* cb->net will have been set on initial ingress */
952 cb->src = saddr;
953
954 /* set up common header fields */
955 hdr = mctp_hdr(skb);
956 hdr->ver = 1;
957 hdr->dest = daddr;
958 hdr->src = saddr;
959
960 mtu = mctp_route_mtu(rt);
961
962 if (skb->len + sizeof(struct mctp_hdr) <= mtu) {
963 hdr->flags_seq_tag = MCTP_HDR_FLAG_SOM |
964 MCTP_HDR_FLAG_EOM | tag;
965 rc = rt->output(rt, skb);
966 } else {
967 rc = mctp_do_fragment_route(rt, skb, mtu, tag);
968 }
969
970 /* route output functions consume the skb, even on error */
971 skb = NULL;
972
973out_release:
974 if (!ext_rt)
975 mctp_route_release(rt);
976
977 mctp_dev_put(tmp_rt.dev);
978
979out_free:
980 kfree_skb(skb);
981 return rc;
982}
983
984/* route management */
985static int mctp_route_add(struct mctp_dev *mdev, mctp_eid_t daddr_start,
986 unsigned int daddr_extent, unsigned int mtu,
987 unsigned char type)
988{
989 int (*rtfn)(struct mctp_route *rt, struct sk_buff *skb);
990 struct net *net = dev_net(mdev->dev);
991 struct mctp_route *rt, *ert;
992
993 if (!mctp_address_unicast(daddr_start))
994 return -EINVAL;
995
996 if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255)
997 return -EINVAL;
998
999 switch (type) {
1000 case RTN_LOCAL:
1001 rtfn = mctp_route_input;
1002 break;
1003 case RTN_UNICAST:
1004 rtfn = mctp_route_output;
1005 break;
1006 default:
1007 return -EINVAL;
1008 }
1009
1010 rt = mctp_route_alloc();
1011 if (!rt)
1012 return -ENOMEM;
1013
1014 rt->min = daddr_start;
1015 rt->max = daddr_start + daddr_extent;
1016 rt->mtu = mtu;
1017 rt->dev = mdev;
1018 mctp_dev_hold(rt->dev);
1019 rt->type = type;
1020 rt->output = rtfn;
1021
1022 ASSERT_RTNL();
1023 /* Prevent duplicate identical routes. */
1024 list_for_each_entry(ert, &net->mctp.routes, list) {
1025 if (mctp_rt_compare_exact(rt, ert)) {
1026 mctp_route_release(rt);
1027 return -EEXIST;
1028 }
1029 }
1030
1031 list_add_rcu(&rt->list, &net->mctp.routes);
1032
1033 return 0;
1034}
1035
1036static int mctp_route_remove(struct mctp_dev *mdev, mctp_eid_t daddr_start,
1037 unsigned int daddr_extent, unsigned char type)
1038{
1039 struct net *net = dev_net(mdev->dev);
1040 struct mctp_route *rt, *tmp;
1041 mctp_eid_t daddr_end;
1042 bool dropped;
1043
1044 if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255)
1045 return -EINVAL;
1046
1047 daddr_end = daddr_start + daddr_extent;
1048 dropped = false;
1049
1050 ASSERT_RTNL();
1051
1052 list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) {
1053 if (rt->dev == mdev &&
1054 rt->min == daddr_start && rt->max == daddr_end &&
1055 rt->type == type) {
1056 list_del_rcu(&rt->list);
1057 /* TODO: immediate RTM_DELROUTE */
1058 mctp_route_release(rt);
1059 dropped = true;
1060 }
1061 }
1062
1063 return dropped ? 0 : -ENOENT;
1064}
1065
1066int mctp_route_add_local(struct mctp_dev *mdev, mctp_eid_t addr)
1067{
1068 return mctp_route_add(mdev, addr, 0, 0, RTN_LOCAL);
1069}
1070
1071int mctp_route_remove_local(struct mctp_dev *mdev, mctp_eid_t addr)
1072{
1073 return mctp_route_remove(mdev, addr, 0, RTN_LOCAL);
1074}
1075
1076/* removes all entries for a given device */
1077void mctp_route_remove_dev(struct mctp_dev *mdev)
1078{
1079 struct net *net = dev_net(mdev->dev);
1080 struct mctp_route *rt, *tmp;
1081
1082 ASSERT_RTNL();
1083 list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) {
1084 if (rt->dev == mdev) {
1085 list_del_rcu(&rt->list);
1086 /* TODO: immediate RTM_DELROUTE */
1087 mctp_route_release(rt);
1088 }
1089 }
1090}
1091
1092/* Incoming packet-handling */
1093
1094static int mctp_pkttype_receive(struct sk_buff *skb, struct net_device *dev,
1095 struct packet_type *pt,
1096 struct net_device *orig_dev)
1097{
1098 struct net *net = dev_net(dev);
1099 struct mctp_dev *mdev;
1100 struct mctp_skb_cb *cb;
1101 struct mctp_route *rt;
1102 struct mctp_hdr *mh;
1103
1104 rcu_read_lock();
1105 mdev = __mctp_dev_get(dev);
1106 rcu_read_unlock();
1107 if (!mdev) {
1108 /* basic non-data sanity checks */
1109 goto err_drop;
1110 }
1111
1112 if (!pskb_may_pull(skb, sizeof(struct mctp_hdr)))
1113 goto err_drop;
1114
1115 skb_reset_transport_header(skb);
1116 skb_reset_network_header(skb);
1117
1118 /* We have enough for a header; decode and route */
1119 mh = mctp_hdr(skb);
1120 if (mh->ver < MCTP_VER_MIN || mh->ver > MCTP_VER_MAX)
1121 goto err_drop;
1122
1123 /* source must be valid unicast or null; drop reserved ranges and
1124 * broadcast
1125 */
1126 if (!(mctp_address_unicast(mh->src) || mctp_address_null(mh->src)))
1127 goto err_drop;
1128
1129 /* dest address: as above, but allow broadcast */
1130 if (!(mctp_address_unicast(mh->dest) || mctp_address_null(mh->dest) ||
1131 mctp_address_broadcast(mh->dest)))
1132 goto err_drop;
1133
1134 /* MCTP drivers must populate halen/haddr */
1135 if (dev->type == ARPHRD_MCTP) {
1136 cb = mctp_cb(skb);
1137 } else {
1138 cb = __mctp_cb(skb);
1139 cb->halen = 0;
1140 }
1141 cb->net = READ_ONCE(mdev->net);
1142 cb->ifindex = dev->ifindex;
1143
1144 rt = mctp_route_lookup(net, cb->net, mh->dest);
1145
1146 /* NULL EID, but addressed to our physical address */
1147 if (!rt && mh->dest == MCTP_ADDR_NULL && skb->pkt_type == PACKET_HOST)
1148 rt = mctp_route_lookup_null(net, dev);
1149
1150 if (!rt)
1151 goto err_drop;
1152
1153 rt->output(rt, skb);
1154 mctp_route_release(rt);
1155 mctp_dev_put(mdev);
1156
1157 return NET_RX_SUCCESS;
1158
1159err_drop:
1160 kfree_skb(skb);
1161 mctp_dev_put(mdev);
1162 return NET_RX_DROP;
1163}
1164
1165static struct packet_type mctp_packet_type = {
1166 .type = cpu_to_be16(ETH_P_MCTP),
1167 .func = mctp_pkttype_receive,
1168};
1169
1170/* netlink interface */
1171
1172static const struct nla_policy rta_mctp_policy[RTA_MAX + 1] = {
1173 [RTA_DST] = { .type = NLA_U8 },
1174 [RTA_METRICS] = { .type = NLA_NESTED },
1175 [RTA_OIF] = { .type = NLA_U32 },
1176};
1177
1178/* Common part for RTM_NEWROUTE and RTM_DELROUTE parsing.
1179 * tb must hold RTA_MAX+1 elements.
1180 */
1181static int mctp_route_nlparse(struct sk_buff *skb, struct nlmsghdr *nlh,
1182 struct netlink_ext_ack *extack,
1183 struct nlattr **tb, struct rtmsg **rtm,
1184 struct mctp_dev **mdev, mctp_eid_t *daddr_start)
1185{
1186 struct net *net = sock_net(skb->sk);
1187 struct net_device *dev;
1188 unsigned int ifindex;
1189 int rc;
1190
1191 rc = nlmsg_parse(nlh, sizeof(struct rtmsg), tb, RTA_MAX,
1192 rta_mctp_policy, extack);
1193 if (rc < 0) {
1194 NL_SET_ERR_MSG(extack, "incorrect format");
1195 return rc;
1196 }
1197
1198 if (!tb[RTA_DST]) {
1199 NL_SET_ERR_MSG(extack, "dst EID missing");
1200 return -EINVAL;
1201 }
1202 *daddr_start = nla_get_u8(tb[RTA_DST]);
1203
1204 if (!tb[RTA_OIF]) {
1205 NL_SET_ERR_MSG(extack, "ifindex missing");
1206 return -EINVAL;
1207 }
1208 ifindex = nla_get_u32(tb[RTA_OIF]);
1209
1210 *rtm = nlmsg_data(nlh);
1211 if ((*rtm)->rtm_family != AF_MCTP) {
1212 NL_SET_ERR_MSG(extack, "route family must be AF_MCTP");
1213 return -EINVAL;
1214 }
1215
1216 dev = __dev_get_by_index(net, ifindex);
1217 if (!dev) {
1218 NL_SET_ERR_MSG(extack, "bad ifindex");
1219 return -ENODEV;
1220 }
1221 *mdev = mctp_dev_get_rtnl(dev);
1222 if (!*mdev)
1223 return -ENODEV;
1224
1225 if (dev->flags & IFF_LOOPBACK) {
1226 NL_SET_ERR_MSG(extack, "no routes to loopback");
1227 return -EINVAL;
1228 }
1229
1230 return 0;
1231}
1232
1233static const struct nla_policy rta_metrics_policy[RTAX_MAX + 1] = {
1234 [RTAX_MTU] = { .type = NLA_U32 },
1235};
1236
1237static int mctp_newroute(struct sk_buff *skb, struct nlmsghdr *nlh,
1238 struct netlink_ext_ack *extack)
1239{
1240 struct nlattr *tb[RTA_MAX + 1];
1241 struct nlattr *tbx[RTAX_MAX + 1];
1242 mctp_eid_t daddr_start;
1243 struct mctp_dev *mdev;
1244 struct rtmsg *rtm;
1245 unsigned int mtu;
1246 int rc;
1247
1248 rc = mctp_route_nlparse(skb, nlh, extack, tb,
1249 &rtm, &mdev, &daddr_start);
1250 if (rc < 0)
1251 return rc;
1252
1253 if (rtm->rtm_type != RTN_UNICAST) {
1254 NL_SET_ERR_MSG(extack, "rtm_type must be RTN_UNICAST");
1255 return -EINVAL;
1256 }
1257
1258 mtu = 0;
1259 if (tb[RTA_METRICS]) {
1260 rc = nla_parse_nested(tbx, RTAX_MAX, tb[RTA_METRICS],
1261 rta_metrics_policy, NULL);
1262 if (rc < 0)
1263 return rc;
1264 if (tbx[RTAX_MTU])
1265 mtu = nla_get_u32(tbx[RTAX_MTU]);
1266 }
1267
1268 rc = mctp_route_add(mdev, daddr_start, rtm->rtm_dst_len, mtu,
1269 rtm->rtm_type);
1270 return rc;
1271}
1272
1273static int mctp_delroute(struct sk_buff *skb, struct nlmsghdr *nlh,
1274 struct netlink_ext_ack *extack)
1275{
1276 struct nlattr *tb[RTA_MAX + 1];
1277 mctp_eid_t daddr_start;
1278 struct mctp_dev *mdev;
1279 struct rtmsg *rtm;
1280 int rc;
1281
1282 rc = mctp_route_nlparse(skb, nlh, extack, tb,
1283 &rtm, &mdev, &daddr_start);
1284 if (rc < 0)
1285 return rc;
1286
1287 /* we only have unicast routes */
1288 if (rtm->rtm_type != RTN_UNICAST)
1289 return -EINVAL;
1290
1291 rc = mctp_route_remove(mdev, daddr_start, rtm->rtm_dst_len, RTN_UNICAST);
1292 return rc;
1293}
1294
1295static int mctp_fill_rtinfo(struct sk_buff *skb, struct mctp_route *rt,
1296 u32 portid, u32 seq, int event, unsigned int flags)
1297{
1298 struct nlmsghdr *nlh;
1299 struct rtmsg *hdr;
1300 void *metrics;
1301
1302 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*hdr), flags);
1303 if (!nlh)
1304 return -EMSGSIZE;
1305
1306 hdr = nlmsg_data(nlh);
1307 hdr->rtm_family = AF_MCTP;
1308
1309 /* we use the _len fields as a number of EIDs, rather than
1310 * a number of bits in the address
1311 */
1312 hdr->rtm_dst_len = rt->max - rt->min;
1313 hdr->rtm_src_len = 0;
1314 hdr->rtm_tos = 0;
1315 hdr->rtm_table = RT_TABLE_DEFAULT;
1316 hdr->rtm_protocol = RTPROT_STATIC; /* everything is user-defined */
1317 hdr->rtm_scope = RT_SCOPE_LINK; /* TODO: scope in mctp_route? */
1318 hdr->rtm_type = rt->type;
1319
1320 if (nla_put_u8(skb, RTA_DST, rt->min))
1321 goto cancel;
1322
1323 metrics = nla_nest_start_noflag(skb, RTA_METRICS);
1324 if (!metrics)
1325 goto cancel;
1326
1327 if (rt->mtu) {
1328 if (nla_put_u32(skb, RTAX_MTU, rt->mtu))
1329 goto cancel;
1330 }
1331
1332 nla_nest_end(skb, metrics);
1333
1334 if (rt->dev) {
1335 if (nla_put_u32(skb, RTA_OIF, rt->dev->dev->ifindex))
1336 goto cancel;
1337 }
1338
1339 /* TODO: conditional neighbour physaddr? */
1340
1341 nlmsg_end(skb, nlh);
1342
1343 return 0;
1344
1345cancel:
1346 nlmsg_cancel(skb, nlh);
1347 return -EMSGSIZE;
1348}
1349
1350static int mctp_dump_rtinfo(struct sk_buff *skb, struct netlink_callback *cb)
1351{
1352 struct net *net = sock_net(skb->sk);
1353 struct mctp_route *rt;
1354 int s_idx, idx;
1355
1356 /* TODO: allow filtering on route data, possibly under
1357 * cb->strict_check
1358 */
1359
1360 /* TODO: change to struct overlay */
1361 s_idx = cb->args[0];
1362 idx = 0;
1363
1364 rcu_read_lock();
1365 list_for_each_entry_rcu(rt, &net->mctp.routes, list) {
1366 if (idx++ < s_idx)
1367 continue;
1368 if (mctp_fill_rtinfo(skb, rt,
1369 NETLINK_CB(cb->skb).portid,
1370 cb->nlh->nlmsg_seq,
1371 RTM_NEWROUTE, NLM_F_MULTI) < 0)
1372 break;
1373 }
1374
1375 rcu_read_unlock();
1376 cb->args[0] = idx;
1377
1378 return skb->len;
1379}
1380
1381/* net namespace implementation */
1382static int __net_init mctp_routes_net_init(struct net *net)
1383{
1384 struct netns_mctp *ns = &net->mctp;
1385
1386 INIT_LIST_HEAD(&ns->routes);
1387 INIT_HLIST_HEAD(&ns->binds);
1388 mutex_init(&ns->bind_lock);
1389 INIT_HLIST_HEAD(&ns->keys);
1390 spin_lock_init(&ns->keys_lock);
1391 WARN_ON(mctp_default_net_set(net, MCTP_INITIAL_DEFAULT_NET));
1392 return 0;
1393}
1394
1395static void __net_exit mctp_routes_net_exit(struct net *net)
1396{
1397 struct mctp_route *rt;
1398
1399 rcu_read_lock();
1400 list_for_each_entry_rcu(rt, &net->mctp.routes, list)
1401 mctp_route_release(rt);
1402 rcu_read_unlock();
1403}
1404
1405static struct pernet_operations mctp_net_ops = {
1406 .init = mctp_routes_net_init,
1407 .exit = mctp_routes_net_exit,
1408};
1409
1410int __init mctp_routes_init(void)
1411{
1412 dev_add_pack(&mctp_packet_type);
1413
1414 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_GETROUTE,
1415 NULL, mctp_dump_rtinfo, 0);
1416 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_NEWROUTE,
1417 mctp_newroute, NULL, 0);
1418 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_DELROUTE,
1419 mctp_delroute, NULL, 0);
1420
1421 return register_pernet_subsys(&mctp_net_ops);
1422}
1423
1424void mctp_routes_exit(void)
1425{
1426 unregister_pernet_subsys(&mctp_net_ops);
1427 rtnl_unregister(PF_MCTP, RTM_DELROUTE);
1428 rtnl_unregister(PF_MCTP, RTM_NEWROUTE);
1429 rtnl_unregister(PF_MCTP, RTM_GETROUTE);
1430 dev_remove_pack(&mctp_packet_type);
1431}
1432
1433#if IS_ENABLED(CONFIG_MCTP_TEST)
1434#include "test/route-test.c"
1435#endif
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Management Component Transport Protocol (MCTP) - routing
4 * implementation.
5 *
6 * This is currently based on a simple routing table, with no dst cache. The
7 * number of routes should stay fairly small, so the lookup cost is small.
8 *
9 * Copyright (c) 2021 Code Construct
10 * Copyright (c) 2021 Google
11 */
12
13#include <linux/idr.h>
14#include <linux/kconfig.h>
15#include <linux/mctp.h>
16#include <linux/netdevice.h>
17#include <linux/rtnetlink.h>
18#include <linux/skbuff.h>
19
20#include <uapi/linux/if_arp.h>
21
22#include <net/mctp.h>
23#include <net/mctpdevice.h>
24#include <net/netlink.h>
25#include <net/sock.h>
26
27#include <trace/events/mctp.h>
28
29static const unsigned int mctp_message_maxlen = 64 * 1024;
30static const unsigned long mctp_key_lifetime = 6 * CONFIG_HZ;
31
32static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev);
33
34/* route output callbacks */
35static int mctp_route_discard(struct mctp_route *route, struct sk_buff *skb)
36{
37 kfree_skb(skb);
38 return 0;
39}
40
41static struct mctp_sock *mctp_lookup_bind(struct net *net, struct sk_buff *skb)
42{
43 struct mctp_skb_cb *cb = mctp_cb(skb);
44 struct mctp_hdr *mh;
45 struct sock *sk;
46 u8 type;
47
48 WARN_ON(!rcu_read_lock_held());
49
50 /* TODO: look up in skb->cb? */
51 mh = mctp_hdr(skb);
52
53 if (!skb_headlen(skb))
54 return NULL;
55
56 type = (*(u8 *)skb->data) & 0x7f;
57
58 sk_for_each_rcu(sk, &net->mctp.binds) {
59 struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk);
60
61 if (msk->bind_net != MCTP_NET_ANY && msk->bind_net != cb->net)
62 continue;
63
64 if (msk->bind_type != type)
65 continue;
66
67 if (!mctp_address_matches(msk->bind_addr, mh->dest))
68 continue;
69
70 return msk;
71 }
72
73 return NULL;
74}
75
76/* A note on the key allocations.
77 *
78 * struct net->mctp.keys contains our set of currently-allocated keys for
79 * MCTP tag management. The lookup tuple for these is the peer EID,
80 * local EID and MCTP tag.
81 *
82 * In some cases, the peer EID may be MCTP_EID_ANY: for example, when a
83 * broadcast message is sent, we may receive responses from any peer EID.
84 * Because the broadcast dest address is equivalent to ANY, we create
85 * a key with (local = local-eid, peer = ANY). This allows a match on the
86 * incoming broadcast responses from any peer.
87 *
88 * We perform lookups when packets are received, and when tags are allocated
89 * in two scenarios:
90 *
91 * - when a packet is sent, with a locally-owned tag: we need to find an
92 * unused tag value for the (local, peer) EID pair.
93 *
94 * - when a tag is manually allocated: we need to find an unused tag value
95 * for the peer EID, but don't have a specific local EID at that stage.
96 *
97 * in the latter case, on successful allocation, we end up with a tag with
98 * (local = ANY, peer = peer-eid).
99 *
100 * So, the key set allows both a local EID of ANY, as well as a peer EID of
101 * ANY in the lookup tuple. Both may be ANY if we prealloc for a broadcast.
102 * The matching (in mctp_key_match()) during lookup allows the match value to
103 * be ANY in either the dest or source addresses.
104 *
105 * When allocating (+ inserting) a tag, we need to check for conflicts amongst
106 * the existing tag set. This requires macthing either exactly on the local
107 * and peer addresses, or either being ANY.
108 */
109
110static bool mctp_key_match(struct mctp_sk_key *key, unsigned int net,
111 mctp_eid_t local, mctp_eid_t peer, u8 tag)
112{
113 if (key->net != net)
114 return false;
115
116 if (!mctp_address_matches(key->local_addr, local))
117 return false;
118
119 if (!mctp_address_matches(key->peer_addr, peer))
120 return false;
121
122 if (key->tag != tag)
123 return false;
124
125 return true;
126}
127
128/* returns a key (with key->lock held, and refcounted), or NULL if no such
129 * key exists.
130 */
131static struct mctp_sk_key *mctp_lookup_key(struct net *net, struct sk_buff *skb,
132 unsigned int netid, mctp_eid_t peer,
133 unsigned long *irqflags)
134 __acquires(&key->lock)
135{
136 struct mctp_sk_key *key, *ret;
137 unsigned long flags;
138 struct mctp_hdr *mh;
139 u8 tag;
140
141 mh = mctp_hdr(skb);
142 tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
143
144 ret = NULL;
145 spin_lock_irqsave(&net->mctp.keys_lock, flags);
146
147 hlist_for_each_entry(key, &net->mctp.keys, hlist) {
148 if (!mctp_key_match(key, netid, mh->dest, peer, tag))
149 continue;
150
151 spin_lock(&key->lock);
152 if (key->valid) {
153 refcount_inc(&key->refs);
154 ret = key;
155 break;
156 }
157 spin_unlock(&key->lock);
158 }
159
160 if (ret) {
161 spin_unlock(&net->mctp.keys_lock);
162 *irqflags = flags;
163 } else {
164 spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
165 }
166
167 return ret;
168}
169
170static struct mctp_sk_key *mctp_key_alloc(struct mctp_sock *msk,
171 unsigned int net,
172 mctp_eid_t local, mctp_eid_t peer,
173 u8 tag, gfp_t gfp)
174{
175 struct mctp_sk_key *key;
176
177 key = kzalloc(sizeof(*key), gfp);
178 if (!key)
179 return NULL;
180
181 key->net = net;
182 key->peer_addr = peer;
183 key->local_addr = local;
184 key->tag = tag;
185 key->sk = &msk->sk;
186 key->valid = true;
187 spin_lock_init(&key->lock);
188 refcount_set(&key->refs, 1);
189 sock_hold(key->sk);
190
191 return key;
192}
193
194void mctp_key_unref(struct mctp_sk_key *key)
195{
196 unsigned long flags;
197
198 if (!refcount_dec_and_test(&key->refs))
199 return;
200
201 /* even though no refs exist here, the lock allows us to stay
202 * consistent with the locking requirement of mctp_dev_release_key
203 */
204 spin_lock_irqsave(&key->lock, flags);
205 mctp_dev_release_key(key->dev, key);
206 spin_unlock_irqrestore(&key->lock, flags);
207
208 sock_put(key->sk);
209 kfree(key);
210}
211
212static int mctp_key_add(struct mctp_sk_key *key, struct mctp_sock *msk)
213{
214 struct net *net = sock_net(&msk->sk);
215 struct mctp_sk_key *tmp;
216 unsigned long flags;
217 int rc = 0;
218
219 spin_lock_irqsave(&net->mctp.keys_lock, flags);
220
221 if (sock_flag(&msk->sk, SOCK_DEAD)) {
222 rc = -EINVAL;
223 goto out_unlock;
224 }
225
226 hlist_for_each_entry(tmp, &net->mctp.keys, hlist) {
227 if (mctp_key_match(tmp, key->net, key->local_addr,
228 key->peer_addr, key->tag)) {
229 spin_lock(&tmp->lock);
230 if (tmp->valid)
231 rc = -EEXIST;
232 spin_unlock(&tmp->lock);
233 if (rc)
234 break;
235 }
236 }
237
238 if (!rc) {
239 refcount_inc(&key->refs);
240 key->expiry = jiffies + mctp_key_lifetime;
241 timer_reduce(&msk->key_expiry, key->expiry);
242
243 hlist_add_head(&key->hlist, &net->mctp.keys);
244 hlist_add_head(&key->sklist, &msk->keys);
245 }
246
247out_unlock:
248 spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
249
250 return rc;
251}
252
253/* Helper for mctp_route_input().
254 * We're done with the key; unlock and unref the key.
255 * For the usual case of automatic expiry we remove the key from lists.
256 * In the case that manual allocation is set on a key we release the lock
257 * and local ref, reset reassembly, but don't remove from lists.
258 */
259static void __mctp_key_done_in(struct mctp_sk_key *key, struct net *net,
260 unsigned long flags, unsigned long reason)
261__releases(&key->lock)
262{
263 struct sk_buff *skb;
264
265 trace_mctp_key_release(key, reason);
266 skb = key->reasm_head;
267 key->reasm_head = NULL;
268
269 if (!key->manual_alloc) {
270 key->reasm_dead = true;
271 key->valid = false;
272 mctp_dev_release_key(key->dev, key);
273 }
274 spin_unlock_irqrestore(&key->lock, flags);
275
276 if (!key->manual_alloc) {
277 spin_lock_irqsave(&net->mctp.keys_lock, flags);
278 if (!hlist_unhashed(&key->hlist)) {
279 hlist_del_init(&key->hlist);
280 hlist_del_init(&key->sklist);
281 mctp_key_unref(key);
282 }
283 spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
284 }
285
286 /* and one for the local reference */
287 mctp_key_unref(key);
288
289 kfree_skb(skb);
290}
291
292#ifdef CONFIG_MCTP_FLOWS
293static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key)
294{
295 struct mctp_flow *flow;
296
297 flow = skb_ext_add(skb, SKB_EXT_MCTP);
298 if (!flow)
299 return;
300
301 refcount_inc(&key->refs);
302 flow->key = key;
303}
304
305static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev)
306{
307 struct mctp_sk_key *key;
308 struct mctp_flow *flow;
309
310 flow = skb_ext_find(skb, SKB_EXT_MCTP);
311 if (!flow)
312 return;
313
314 key = flow->key;
315
316 if (WARN_ON(key->dev && key->dev != dev))
317 return;
318
319 mctp_dev_set_key(dev, key);
320}
321#else
322static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key) {}
323static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev) {}
324#endif
325
326static int mctp_frag_queue(struct mctp_sk_key *key, struct sk_buff *skb)
327{
328 struct mctp_hdr *hdr = mctp_hdr(skb);
329 u8 exp_seq, this_seq;
330
331 this_seq = (hdr->flags_seq_tag >> MCTP_HDR_SEQ_SHIFT)
332 & MCTP_HDR_SEQ_MASK;
333
334 if (!key->reasm_head) {
335 key->reasm_head = skb;
336 key->reasm_tailp = &(skb_shinfo(skb)->frag_list);
337 key->last_seq = this_seq;
338 return 0;
339 }
340
341 exp_seq = (key->last_seq + 1) & MCTP_HDR_SEQ_MASK;
342
343 if (this_seq != exp_seq)
344 return -EINVAL;
345
346 if (key->reasm_head->len + skb->len > mctp_message_maxlen)
347 return -EINVAL;
348
349 skb->next = NULL;
350 skb->sk = NULL;
351 *key->reasm_tailp = skb;
352 key->reasm_tailp = &skb->next;
353
354 key->last_seq = this_seq;
355
356 key->reasm_head->data_len += skb->len;
357 key->reasm_head->len += skb->len;
358 key->reasm_head->truesize += skb->truesize;
359
360 return 0;
361}
362
363static int mctp_route_input(struct mctp_route *route, struct sk_buff *skb)
364{
365 struct mctp_sk_key *key, *any_key = NULL;
366 struct net *net = dev_net(skb->dev);
367 struct mctp_sock *msk;
368 struct mctp_hdr *mh;
369 unsigned int netid;
370 unsigned long f;
371 u8 tag, flags;
372 int rc;
373
374 msk = NULL;
375 rc = -EINVAL;
376
377 /* We may be receiving a locally-routed packet; drop source sk
378 * accounting.
379 *
380 * From here, we will either queue the skb - either to a frag_queue, or
381 * to a receiving socket. When that succeeds, we clear the skb pointer;
382 * a non-NULL skb on exit will be otherwise unowned, and hence
383 * kfree_skb()-ed.
384 */
385 skb_orphan(skb);
386
387 /* ensure we have enough data for a header and a type */
388 if (skb->len < sizeof(struct mctp_hdr) + 1)
389 goto out;
390
391 /* grab header, advance data ptr */
392 mh = mctp_hdr(skb);
393 netid = mctp_cb(skb)->net;
394 skb_pull(skb, sizeof(struct mctp_hdr));
395
396 if (mh->ver != 1)
397 goto out;
398
399 flags = mh->flags_seq_tag & (MCTP_HDR_FLAG_SOM | MCTP_HDR_FLAG_EOM);
400 tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
401
402 rcu_read_lock();
403
404 /* lookup socket / reasm context, exactly matching (src,dest,tag).
405 * we hold a ref on the key, and key->lock held.
406 */
407 key = mctp_lookup_key(net, skb, netid, mh->src, &f);
408
409 if (flags & MCTP_HDR_FLAG_SOM) {
410 if (key) {
411 msk = container_of(key->sk, struct mctp_sock, sk);
412 } else {
413 /* first response to a broadcast? do a more general
414 * key lookup to find the socket, but don't use this
415 * key for reassembly - we'll create a more specific
416 * one for future packets if required (ie, !EOM).
417 *
418 * this lookup requires key->peer to be MCTP_ADDR_ANY,
419 * it doesn't match just any key->peer.
420 */
421 any_key = mctp_lookup_key(net, skb, netid,
422 MCTP_ADDR_ANY, &f);
423 if (any_key) {
424 msk = container_of(any_key->sk,
425 struct mctp_sock, sk);
426 spin_unlock_irqrestore(&any_key->lock, f);
427 }
428 }
429
430 if (!key && !msk && (tag & MCTP_HDR_FLAG_TO))
431 msk = mctp_lookup_bind(net, skb);
432
433 if (!msk) {
434 rc = -ENOENT;
435 goto out_unlock;
436 }
437
438 /* single-packet message? deliver to socket, clean up any
439 * pending key.
440 */
441 if (flags & MCTP_HDR_FLAG_EOM) {
442 rc = sock_queue_rcv_skb(&msk->sk, skb);
443 if (!rc)
444 skb = NULL;
445 if (key) {
446 /* we've hit a pending reassembly; not much we
447 * can do but drop it
448 */
449 __mctp_key_done_in(key, net, f,
450 MCTP_TRACE_KEY_REPLIED);
451 key = NULL;
452 }
453 goto out_unlock;
454 }
455
456 /* broadcast response or a bind() - create a key for further
457 * packets for this message
458 */
459 if (!key) {
460 key = mctp_key_alloc(msk, netid, mh->dest, mh->src,
461 tag, GFP_ATOMIC);
462 if (!key) {
463 rc = -ENOMEM;
464 goto out_unlock;
465 }
466
467 /* we can queue without the key lock here, as the
468 * key isn't observable yet
469 */
470 mctp_frag_queue(key, skb);
471
472 /* if the key_add fails, we've raced with another
473 * SOM packet with the same src, dest and tag. There's
474 * no way to distinguish future packets, so all we
475 * can do is drop; we'll free the skb on exit from
476 * this function.
477 */
478 rc = mctp_key_add(key, msk);
479 if (!rc) {
480 trace_mctp_key_acquire(key);
481 skb = NULL;
482 }
483
484 /* we don't need to release key->lock on exit, so
485 * clean up here and suppress the unlock via
486 * setting to NULL
487 */
488 mctp_key_unref(key);
489 key = NULL;
490
491 } else {
492 if (key->reasm_head || key->reasm_dead) {
493 /* duplicate start? drop everything */
494 __mctp_key_done_in(key, net, f,
495 MCTP_TRACE_KEY_INVALIDATED);
496 rc = -EEXIST;
497 key = NULL;
498 } else {
499 rc = mctp_frag_queue(key, skb);
500 if (!rc)
501 skb = NULL;
502 }
503 }
504
505 } else if (key) {
506 /* this packet continues a previous message; reassemble
507 * using the message-specific key
508 */
509
510 /* we need to be continuing an existing reassembly... */
511 if (!key->reasm_head)
512 rc = -EINVAL;
513 else
514 rc = mctp_frag_queue(key, skb);
515
516 if (rc)
517 goto out_unlock;
518
519 /* we've queued; the queue owns the skb now */
520 skb = NULL;
521
522 /* end of message? deliver to socket, and we're done with
523 * the reassembly/response key
524 */
525 if (flags & MCTP_HDR_FLAG_EOM) {
526 rc = sock_queue_rcv_skb(key->sk, key->reasm_head);
527 if (!rc)
528 key->reasm_head = NULL;
529 __mctp_key_done_in(key, net, f, MCTP_TRACE_KEY_REPLIED);
530 key = NULL;
531 }
532
533 } else {
534 /* not a start, no matching key */
535 rc = -ENOENT;
536 }
537
538out_unlock:
539 rcu_read_unlock();
540 if (key) {
541 spin_unlock_irqrestore(&key->lock, f);
542 mctp_key_unref(key);
543 }
544 if (any_key)
545 mctp_key_unref(any_key);
546out:
547 kfree_skb(skb);
548 return rc;
549}
550
551static unsigned int mctp_route_mtu(struct mctp_route *rt)
552{
553 return rt->mtu ?: READ_ONCE(rt->dev->dev->mtu);
554}
555
556static int mctp_route_output(struct mctp_route *route, struct sk_buff *skb)
557{
558 struct mctp_skb_cb *cb = mctp_cb(skb);
559 struct mctp_hdr *hdr = mctp_hdr(skb);
560 char daddr_buf[MAX_ADDR_LEN];
561 char *daddr = NULL;
562 unsigned int mtu;
563 int rc;
564
565 skb->protocol = htons(ETH_P_MCTP);
566
567 mtu = READ_ONCE(skb->dev->mtu);
568 if (skb->len > mtu) {
569 kfree_skb(skb);
570 return -EMSGSIZE;
571 }
572
573 if (cb->ifindex) {
574 /* direct route; use the hwaddr we stashed in sendmsg */
575 if (cb->halen != skb->dev->addr_len) {
576 /* sanity check, sendmsg should have already caught this */
577 kfree_skb(skb);
578 return -EMSGSIZE;
579 }
580 daddr = cb->haddr;
581 } else {
582 /* If lookup fails let the device handle daddr==NULL */
583 if (mctp_neigh_lookup(route->dev, hdr->dest, daddr_buf) == 0)
584 daddr = daddr_buf;
585 }
586
587 rc = dev_hard_header(skb, skb->dev, ntohs(skb->protocol),
588 daddr, skb->dev->dev_addr, skb->len);
589 if (rc < 0) {
590 kfree_skb(skb);
591 return -EHOSTUNREACH;
592 }
593
594 mctp_flow_prepare_output(skb, route->dev);
595
596 rc = dev_queue_xmit(skb);
597 if (rc)
598 rc = net_xmit_errno(rc);
599
600 return rc;
601}
602
603/* route alloc/release */
604static void mctp_route_release(struct mctp_route *rt)
605{
606 if (refcount_dec_and_test(&rt->refs)) {
607 mctp_dev_put(rt->dev);
608 kfree_rcu(rt, rcu);
609 }
610}
611
612/* returns a route with the refcount at 1 */
613static struct mctp_route *mctp_route_alloc(void)
614{
615 struct mctp_route *rt;
616
617 rt = kzalloc(sizeof(*rt), GFP_KERNEL);
618 if (!rt)
619 return NULL;
620
621 INIT_LIST_HEAD(&rt->list);
622 refcount_set(&rt->refs, 1);
623 rt->output = mctp_route_discard;
624
625 return rt;
626}
627
628unsigned int mctp_default_net(struct net *net)
629{
630 return READ_ONCE(net->mctp.default_net);
631}
632
633int mctp_default_net_set(struct net *net, unsigned int index)
634{
635 if (index == 0)
636 return -EINVAL;
637 WRITE_ONCE(net->mctp.default_net, index);
638 return 0;
639}
640
641/* tag management */
642static void mctp_reserve_tag(struct net *net, struct mctp_sk_key *key,
643 struct mctp_sock *msk)
644{
645 struct netns_mctp *mns = &net->mctp;
646
647 lockdep_assert_held(&mns->keys_lock);
648
649 key->expiry = jiffies + mctp_key_lifetime;
650 timer_reduce(&msk->key_expiry, key->expiry);
651
652 /* we hold the net->key_lock here, allowing updates to both
653 * then net and sk
654 */
655 hlist_add_head_rcu(&key->hlist, &mns->keys);
656 hlist_add_head_rcu(&key->sklist, &msk->keys);
657 refcount_inc(&key->refs);
658}
659
660/* Allocate a locally-owned tag value for (local, peer), and reserve
661 * it for the socket msk
662 */
663struct mctp_sk_key *mctp_alloc_local_tag(struct mctp_sock *msk,
664 unsigned int netid,
665 mctp_eid_t local, mctp_eid_t peer,
666 bool manual, u8 *tagp)
667{
668 struct net *net = sock_net(&msk->sk);
669 struct netns_mctp *mns = &net->mctp;
670 struct mctp_sk_key *key, *tmp;
671 unsigned long flags;
672 u8 tagbits;
673
674 /* for NULL destination EIDs, we may get a response from any peer */
675 if (peer == MCTP_ADDR_NULL)
676 peer = MCTP_ADDR_ANY;
677
678 /* be optimistic, alloc now */
679 key = mctp_key_alloc(msk, netid, local, peer, 0, GFP_KERNEL);
680 if (!key)
681 return ERR_PTR(-ENOMEM);
682
683 /* 8 possible tag values */
684 tagbits = 0xff;
685
686 spin_lock_irqsave(&mns->keys_lock, flags);
687
688 /* Walk through the existing keys, looking for potential conflicting
689 * tags. If we find a conflict, clear that bit from tagbits
690 */
691 hlist_for_each_entry(tmp, &mns->keys, hlist) {
692 /* We can check the lookup fields (*_addr, tag) without the
693 * lock held, they don't change over the lifetime of the key.
694 */
695
696 /* tags are net-specific */
697 if (tmp->net != netid)
698 continue;
699
700 /* if we don't own the tag, it can't conflict */
701 if (tmp->tag & MCTP_HDR_FLAG_TO)
702 continue;
703
704 /* Since we're avoiding conflicting entries, match peer and
705 * local addresses, including with a wildcard on ANY. See
706 * 'A note on key allocations' for background.
707 */
708 if (peer != MCTP_ADDR_ANY &&
709 !mctp_address_matches(tmp->peer_addr, peer))
710 continue;
711
712 if (local != MCTP_ADDR_ANY &&
713 !mctp_address_matches(tmp->local_addr, local))
714 continue;
715
716 spin_lock(&tmp->lock);
717 /* key must still be valid. If we find a match, clear the
718 * potential tag value
719 */
720 if (tmp->valid)
721 tagbits &= ~(1 << tmp->tag);
722 spin_unlock(&tmp->lock);
723
724 if (!tagbits)
725 break;
726 }
727
728 if (tagbits) {
729 key->tag = __ffs(tagbits);
730 mctp_reserve_tag(net, key, msk);
731 trace_mctp_key_acquire(key);
732
733 key->manual_alloc = manual;
734 *tagp = key->tag;
735 }
736
737 spin_unlock_irqrestore(&mns->keys_lock, flags);
738
739 if (!tagbits) {
740 mctp_key_unref(key);
741 return ERR_PTR(-EBUSY);
742 }
743
744 return key;
745}
746
747static struct mctp_sk_key *mctp_lookup_prealloc_tag(struct mctp_sock *msk,
748 unsigned int netid,
749 mctp_eid_t daddr,
750 u8 req_tag, u8 *tagp)
751{
752 struct net *net = sock_net(&msk->sk);
753 struct netns_mctp *mns = &net->mctp;
754 struct mctp_sk_key *key, *tmp;
755 unsigned long flags;
756
757 req_tag &= ~(MCTP_TAG_PREALLOC | MCTP_TAG_OWNER);
758 key = NULL;
759
760 spin_lock_irqsave(&mns->keys_lock, flags);
761
762 hlist_for_each_entry(tmp, &mns->keys, hlist) {
763 if (tmp->net != netid)
764 continue;
765
766 if (tmp->tag != req_tag)
767 continue;
768
769 if (!mctp_address_matches(tmp->peer_addr, daddr))
770 continue;
771
772 if (!tmp->manual_alloc)
773 continue;
774
775 spin_lock(&tmp->lock);
776 if (tmp->valid) {
777 key = tmp;
778 refcount_inc(&key->refs);
779 spin_unlock(&tmp->lock);
780 break;
781 }
782 spin_unlock(&tmp->lock);
783 }
784 spin_unlock_irqrestore(&mns->keys_lock, flags);
785
786 if (!key)
787 return ERR_PTR(-ENOENT);
788
789 if (tagp)
790 *tagp = key->tag;
791
792 return key;
793}
794
795/* routing lookups */
796static bool mctp_rt_match_eid(struct mctp_route *rt,
797 unsigned int net, mctp_eid_t eid)
798{
799 return READ_ONCE(rt->dev->net) == net &&
800 rt->min <= eid && rt->max >= eid;
801}
802
803/* compares match, used for duplicate prevention */
804static bool mctp_rt_compare_exact(struct mctp_route *rt1,
805 struct mctp_route *rt2)
806{
807 ASSERT_RTNL();
808 return rt1->dev->net == rt2->dev->net &&
809 rt1->min == rt2->min &&
810 rt1->max == rt2->max;
811}
812
813struct mctp_route *mctp_route_lookup(struct net *net, unsigned int dnet,
814 mctp_eid_t daddr)
815{
816 struct mctp_route *tmp, *rt = NULL;
817
818 rcu_read_lock();
819
820 list_for_each_entry_rcu(tmp, &net->mctp.routes, list) {
821 /* TODO: add metrics */
822 if (mctp_rt_match_eid(tmp, dnet, daddr)) {
823 if (refcount_inc_not_zero(&tmp->refs)) {
824 rt = tmp;
825 break;
826 }
827 }
828 }
829
830 rcu_read_unlock();
831
832 return rt;
833}
834
835static struct mctp_route *mctp_route_lookup_null(struct net *net,
836 struct net_device *dev)
837{
838 struct mctp_route *tmp, *rt = NULL;
839
840 rcu_read_lock();
841
842 list_for_each_entry_rcu(tmp, &net->mctp.routes, list) {
843 if (tmp->dev->dev == dev && tmp->type == RTN_LOCAL &&
844 refcount_inc_not_zero(&tmp->refs)) {
845 rt = tmp;
846 break;
847 }
848 }
849
850 rcu_read_unlock();
851
852 return rt;
853}
854
855static int mctp_do_fragment_route(struct mctp_route *rt, struct sk_buff *skb,
856 unsigned int mtu, u8 tag)
857{
858 const unsigned int hlen = sizeof(struct mctp_hdr);
859 struct mctp_hdr *hdr, *hdr2;
860 unsigned int pos, size, headroom;
861 struct sk_buff *skb2;
862 int rc;
863 u8 seq;
864
865 hdr = mctp_hdr(skb);
866 seq = 0;
867 rc = 0;
868
869 if (mtu < hlen + 1) {
870 kfree_skb(skb);
871 return -EMSGSIZE;
872 }
873
874 /* keep same headroom as the original skb */
875 headroom = skb_headroom(skb);
876
877 /* we've got the header */
878 skb_pull(skb, hlen);
879
880 for (pos = 0; pos < skb->len;) {
881 /* size of message payload */
882 size = min(mtu - hlen, skb->len - pos);
883
884 skb2 = alloc_skb(headroom + hlen + size, GFP_KERNEL);
885 if (!skb2) {
886 rc = -ENOMEM;
887 break;
888 }
889
890 /* generic skb copy */
891 skb2->protocol = skb->protocol;
892 skb2->priority = skb->priority;
893 skb2->dev = skb->dev;
894 memcpy(skb2->cb, skb->cb, sizeof(skb2->cb));
895
896 if (skb->sk)
897 skb_set_owner_w(skb2, skb->sk);
898
899 /* establish packet */
900 skb_reserve(skb2, headroom);
901 skb_reset_network_header(skb2);
902 skb_put(skb2, hlen + size);
903 skb2->transport_header = skb2->network_header + hlen;
904
905 /* copy header fields, calculate SOM/EOM flags & seq */
906 hdr2 = mctp_hdr(skb2);
907 hdr2->ver = hdr->ver;
908 hdr2->dest = hdr->dest;
909 hdr2->src = hdr->src;
910 hdr2->flags_seq_tag = tag &
911 (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
912
913 if (pos == 0)
914 hdr2->flags_seq_tag |= MCTP_HDR_FLAG_SOM;
915
916 if (pos + size == skb->len)
917 hdr2->flags_seq_tag |= MCTP_HDR_FLAG_EOM;
918
919 hdr2->flags_seq_tag |= seq << MCTP_HDR_SEQ_SHIFT;
920
921 /* copy message payload */
922 skb_copy_bits(skb, pos, skb_transport_header(skb2), size);
923
924 /* we need to copy the extensions, for MCTP flow data */
925 skb_ext_copy(skb2, skb);
926
927 /* do route */
928 rc = rt->output(rt, skb2);
929 if (rc)
930 break;
931
932 seq = (seq + 1) & MCTP_HDR_SEQ_MASK;
933 pos += size;
934 }
935
936 consume_skb(skb);
937 return rc;
938}
939
940int mctp_local_output(struct sock *sk, struct mctp_route *rt,
941 struct sk_buff *skb, mctp_eid_t daddr, u8 req_tag)
942{
943 struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk);
944 struct mctp_skb_cb *cb = mctp_cb(skb);
945 struct mctp_route tmp_rt = {0};
946 struct mctp_sk_key *key;
947 struct mctp_hdr *hdr;
948 unsigned long flags;
949 unsigned int netid;
950 unsigned int mtu;
951 mctp_eid_t saddr;
952 bool ext_rt;
953 int rc;
954 u8 tag;
955
956 rc = -ENODEV;
957
958 if (rt) {
959 ext_rt = false;
960 if (WARN_ON(!rt->dev))
961 goto out_release;
962
963 } else if (cb->ifindex) {
964 struct net_device *dev;
965
966 ext_rt = true;
967 rt = &tmp_rt;
968
969 rcu_read_lock();
970 dev = dev_get_by_index_rcu(sock_net(sk), cb->ifindex);
971 if (!dev) {
972 rcu_read_unlock();
973 goto out_free;
974 }
975 rt->dev = __mctp_dev_get(dev);
976 rcu_read_unlock();
977
978 if (!rt->dev)
979 goto out_release;
980
981 /* establish temporary route - we set up enough to keep
982 * mctp_route_output happy
983 */
984 rt->output = mctp_route_output;
985 rt->mtu = 0;
986
987 } else {
988 rc = -EINVAL;
989 goto out_free;
990 }
991
992 spin_lock_irqsave(&rt->dev->addrs_lock, flags);
993 if (rt->dev->num_addrs == 0) {
994 rc = -EHOSTUNREACH;
995 } else {
996 /* use the outbound interface's first address as our source */
997 saddr = rt->dev->addrs[0];
998 rc = 0;
999 }
1000 spin_unlock_irqrestore(&rt->dev->addrs_lock, flags);
1001 netid = READ_ONCE(rt->dev->net);
1002
1003 if (rc)
1004 goto out_release;
1005
1006 if (req_tag & MCTP_TAG_OWNER) {
1007 if (req_tag & MCTP_TAG_PREALLOC)
1008 key = mctp_lookup_prealloc_tag(msk, netid, daddr,
1009 req_tag, &tag);
1010 else
1011 key = mctp_alloc_local_tag(msk, netid, saddr, daddr,
1012 false, &tag);
1013
1014 if (IS_ERR(key)) {
1015 rc = PTR_ERR(key);
1016 goto out_release;
1017 }
1018 mctp_skb_set_flow(skb, key);
1019 /* done with the key in this scope */
1020 mctp_key_unref(key);
1021 tag |= MCTP_HDR_FLAG_TO;
1022 } else {
1023 key = NULL;
1024 tag = req_tag & MCTP_TAG_MASK;
1025 }
1026
1027 skb->protocol = htons(ETH_P_MCTP);
1028 skb->priority = 0;
1029 skb_reset_transport_header(skb);
1030 skb_push(skb, sizeof(struct mctp_hdr));
1031 skb_reset_network_header(skb);
1032 skb->dev = rt->dev->dev;
1033
1034 /* cb->net will have been set on initial ingress */
1035 cb->src = saddr;
1036
1037 /* set up common header fields */
1038 hdr = mctp_hdr(skb);
1039 hdr->ver = 1;
1040 hdr->dest = daddr;
1041 hdr->src = saddr;
1042
1043 mtu = mctp_route_mtu(rt);
1044
1045 if (skb->len + sizeof(struct mctp_hdr) <= mtu) {
1046 hdr->flags_seq_tag = MCTP_HDR_FLAG_SOM |
1047 MCTP_HDR_FLAG_EOM | tag;
1048 rc = rt->output(rt, skb);
1049 } else {
1050 rc = mctp_do_fragment_route(rt, skb, mtu, tag);
1051 }
1052
1053 /* route output functions consume the skb, even on error */
1054 skb = NULL;
1055
1056out_release:
1057 if (!ext_rt)
1058 mctp_route_release(rt);
1059
1060 mctp_dev_put(tmp_rt.dev);
1061
1062out_free:
1063 kfree_skb(skb);
1064 return rc;
1065}
1066
1067/* route management */
1068static int mctp_route_add(struct mctp_dev *mdev, mctp_eid_t daddr_start,
1069 unsigned int daddr_extent, unsigned int mtu,
1070 unsigned char type)
1071{
1072 int (*rtfn)(struct mctp_route *rt, struct sk_buff *skb);
1073 struct net *net = dev_net(mdev->dev);
1074 struct mctp_route *rt, *ert;
1075
1076 if (!mctp_address_unicast(daddr_start))
1077 return -EINVAL;
1078
1079 if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255)
1080 return -EINVAL;
1081
1082 switch (type) {
1083 case RTN_LOCAL:
1084 rtfn = mctp_route_input;
1085 break;
1086 case RTN_UNICAST:
1087 rtfn = mctp_route_output;
1088 break;
1089 default:
1090 return -EINVAL;
1091 }
1092
1093 rt = mctp_route_alloc();
1094 if (!rt)
1095 return -ENOMEM;
1096
1097 rt->min = daddr_start;
1098 rt->max = daddr_start + daddr_extent;
1099 rt->mtu = mtu;
1100 rt->dev = mdev;
1101 mctp_dev_hold(rt->dev);
1102 rt->type = type;
1103 rt->output = rtfn;
1104
1105 ASSERT_RTNL();
1106 /* Prevent duplicate identical routes. */
1107 list_for_each_entry(ert, &net->mctp.routes, list) {
1108 if (mctp_rt_compare_exact(rt, ert)) {
1109 mctp_route_release(rt);
1110 return -EEXIST;
1111 }
1112 }
1113
1114 list_add_rcu(&rt->list, &net->mctp.routes);
1115
1116 return 0;
1117}
1118
1119static int mctp_route_remove(struct mctp_dev *mdev, mctp_eid_t daddr_start,
1120 unsigned int daddr_extent, unsigned char type)
1121{
1122 struct net *net = dev_net(mdev->dev);
1123 struct mctp_route *rt, *tmp;
1124 mctp_eid_t daddr_end;
1125 bool dropped;
1126
1127 if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255)
1128 return -EINVAL;
1129
1130 daddr_end = daddr_start + daddr_extent;
1131 dropped = false;
1132
1133 ASSERT_RTNL();
1134
1135 list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) {
1136 if (rt->dev == mdev &&
1137 rt->min == daddr_start && rt->max == daddr_end &&
1138 rt->type == type) {
1139 list_del_rcu(&rt->list);
1140 /* TODO: immediate RTM_DELROUTE */
1141 mctp_route_release(rt);
1142 dropped = true;
1143 }
1144 }
1145
1146 return dropped ? 0 : -ENOENT;
1147}
1148
1149int mctp_route_add_local(struct mctp_dev *mdev, mctp_eid_t addr)
1150{
1151 return mctp_route_add(mdev, addr, 0, 0, RTN_LOCAL);
1152}
1153
1154int mctp_route_remove_local(struct mctp_dev *mdev, mctp_eid_t addr)
1155{
1156 return mctp_route_remove(mdev, addr, 0, RTN_LOCAL);
1157}
1158
1159/* removes all entries for a given device */
1160void mctp_route_remove_dev(struct mctp_dev *mdev)
1161{
1162 struct net *net = dev_net(mdev->dev);
1163 struct mctp_route *rt, *tmp;
1164
1165 ASSERT_RTNL();
1166 list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) {
1167 if (rt->dev == mdev) {
1168 list_del_rcu(&rt->list);
1169 /* TODO: immediate RTM_DELROUTE */
1170 mctp_route_release(rt);
1171 }
1172 }
1173}
1174
1175/* Incoming packet-handling */
1176
1177static int mctp_pkttype_receive(struct sk_buff *skb, struct net_device *dev,
1178 struct packet_type *pt,
1179 struct net_device *orig_dev)
1180{
1181 struct net *net = dev_net(dev);
1182 struct mctp_dev *mdev;
1183 struct mctp_skb_cb *cb;
1184 struct mctp_route *rt;
1185 struct mctp_hdr *mh;
1186
1187 rcu_read_lock();
1188 mdev = __mctp_dev_get(dev);
1189 rcu_read_unlock();
1190 if (!mdev) {
1191 /* basic non-data sanity checks */
1192 goto err_drop;
1193 }
1194
1195 if (!pskb_may_pull(skb, sizeof(struct mctp_hdr)))
1196 goto err_drop;
1197
1198 skb_reset_transport_header(skb);
1199 skb_reset_network_header(skb);
1200
1201 /* We have enough for a header; decode and route */
1202 mh = mctp_hdr(skb);
1203 if (mh->ver < MCTP_VER_MIN || mh->ver > MCTP_VER_MAX)
1204 goto err_drop;
1205
1206 /* source must be valid unicast or null; drop reserved ranges and
1207 * broadcast
1208 */
1209 if (!(mctp_address_unicast(mh->src) || mctp_address_null(mh->src)))
1210 goto err_drop;
1211
1212 /* dest address: as above, but allow broadcast */
1213 if (!(mctp_address_unicast(mh->dest) || mctp_address_null(mh->dest) ||
1214 mctp_address_broadcast(mh->dest)))
1215 goto err_drop;
1216
1217 /* MCTP drivers must populate halen/haddr */
1218 if (dev->type == ARPHRD_MCTP) {
1219 cb = mctp_cb(skb);
1220 } else {
1221 cb = __mctp_cb(skb);
1222 cb->halen = 0;
1223 }
1224 cb->net = READ_ONCE(mdev->net);
1225 cb->ifindex = dev->ifindex;
1226
1227 rt = mctp_route_lookup(net, cb->net, mh->dest);
1228
1229 /* NULL EID, but addressed to our physical address */
1230 if (!rt && mh->dest == MCTP_ADDR_NULL && skb->pkt_type == PACKET_HOST)
1231 rt = mctp_route_lookup_null(net, dev);
1232
1233 if (!rt)
1234 goto err_drop;
1235
1236 rt->output(rt, skb);
1237 mctp_route_release(rt);
1238 mctp_dev_put(mdev);
1239
1240 return NET_RX_SUCCESS;
1241
1242err_drop:
1243 kfree_skb(skb);
1244 mctp_dev_put(mdev);
1245 return NET_RX_DROP;
1246}
1247
1248static struct packet_type mctp_packet_type = {
1249 .type = cpu_to_be16(ETH_P_MCTP),
1250 .func = mctp_pkttype_receive,
1251};
1252
1253/* netlink interface */
1254
1255static const struct nla_policy rta_mctp_policy[RTA_MAX + 1] = {
1256 [RTA_DST] = { .type = NLA_U8 },
1257 [RTA_METRICS] = { .type = NLA_NESTED },
1258 [RTA_OIF] = { .type = NLA_U32 },
1259};
1260
1261/* Common part for RTM_NEWROUTE and RTM_DELROUTE parsing.
1262 * tb must hold RTA_MAX+1 elements.
1263 */
1264static int mctp_route_nlparse(struct sk_buff *skb, struct nlmsghdr *nlh,
1265 struct netlink_ext_ack *extack,
1266 struct nlattr **tb, struct rtmsg **rtm,
1267 struct mctp_dev **mdev, mctp_eid_t *daddr_start)
1268{
1269 struct net *net = sock_net(skb->sk);
1270 struct net_device *dev;
1271 unsigned int ifindex;
1272 int rc;
1273
1274 rc = nlmsg_parse(nlh, sizeof(struct rtmsg), tb, RTA_MAX,
1275 rta_mctp_policy, extack);
1276 if (rc < 0) {
1277 NL_SET_ERR_MSG(extack, "incorrect format");
1278 return rc;
1279 }
1280
1281 if (!tb[RTA_DST]) {
1282 NL_SET_ERR_MSG(extack, "dst EID missing");
1283 return -EINVAL;
1284 }
1285 *daddr_start = nla_get_u8(tb[RTA_DST]);
1286
1287 if (!tb[RTA_OIF]) {
1288 NL_SET_ERR_MSG(extack, "ifindex missing");
1289 return -EINVAL;
1290 }
1291 ifindex = nla_get_u32(tb[RTA_OIF]);
1292
1293 *rtm = nlmsg_data(nlh);
1294 if ((*rtm)->rtm_family != AF_MCTP) {
1295 NL_SET_ERR_MSG(extack, "route family must be AF_MCTP");
1296 return -EINVAL;
1297 }
1298
1299 dev = __dev_get_by_index(net, ifindex);
1300 if (!dev) {
1301 NL_SET_ERR_MSG(extack, "bad ifindex");
1302 return -ENODEV;
1303 }
1304 *mdev = mctp_dev_get_rtnl(dev);
1305 if (!*mdev)
1306 return -ENODEV;
1307
1308 if (dev->flags & IFF_LOOPBACK) {
1309 NL_SET_ERR_MSG(extack, "no routes to loopback");
1310 return -EINVAL;
1311 }
1312
1313 return 0;
1314}
1315
1316static const struct nla_policy rta_metrics_policy[RTAX_MAX + 1] = {
1317 [RTAX_MTU] = { .type = NLA_U32 },
1318};
1319
1320static int mctp_newroute(struct sk_buff *skb, struct nlmsghdr *nlh,
1321 struct netlink_ext_ack *extack)
1322{
1323 struct nlattr *tb[RTA_MAX + 1];
1324 struct nlattr *tbx[RTAX_MAX + 1];
1325 mctp_eid_t daddr_start;
1326 struct mctp_dev *mdev;
1327 struct rtmsg *rtm;
1328 unsigned int mtu;
1329 int rc;
1330
1331 rc = mctp_route_nlparse(skb, nlh, extack, tb,
1332 &rtm, &mdev, &daddr_start);
1333 if (rc < 0)
1334 return rc;
1335
1336 if (rtm->rtm_type != RTN_UNICAST) {
1337 NL_SET_ERR_MSG(extack, "rtm_type must be RTN_UNICAST");
1338 return -EINVAL;
1339 }
1340
1341 mtu = 0;
1342 if (tb[RTA_METRICS]) {
1343 rc = nla_parse_nested(tbx, RTAX_MAX, tb[RTA_METRICS],
1344 rta_metrics_policy, NULL);
1345 if (rc < 0)
1346 return rc;
1347 if (tbx[RTAX_MTU])
1348 mtu = nla_get_u32(tbx[RTAX_MTU]);
1349 }
1350
1351 rc = mctp_route_add(mdev, daddr_start, rtm->rtm_dst_len, mtu,
1352 rtm->rtm_type);
1353 return rc;
1354}
1355
1356static int mctp_delroute(struct sk_buff *skb, struct nlmsghdr *nlh,
1357 struct netlink_ext_ack *extack)
1358{
1359 struct nlattr *tb[RTA_MAX + 1];
1360 mctp_eid_t daddr_start;
1361 struct mctp_dev *mdev;
1362 struct rtmsg *rtm;
1363 int rc;
1364
1365 rc = mctp_route_nlparse(skb, nlh, extack, tb,
1366 &rtm, &mdev, &daddr_start);
1367 if (rc < 0)
1368 return rc;
1369
1370 /* we only have unicast routes */
1371 if (rtm->rtm_type != RTN_UNICAST)
1372 return -EINVAL;
1373
1374 rc = mctp_route_remove(mdev, daddr_start, rtm->rtm_dst_len, RTN_UNICAST);
1375 return rc;
1376}
1377
1378static int mctp_fill_rtinfo(struct sk_buff *skb, struct mctp_route *rt,
1379 u32 portid, u32 seq, int event, unsigned int flags)
1380{
1381 struct nlmsghdr *nlh;
1382 struct rtmsg *hdr;
1383 void *metrics;
1384
1385 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*hdr), flags);
1386 if (!nlh)
1387 return -EMSGSIZE;
1388
1389 hdr = nlmsg_data(nlh);
1390 hdr->rtm_family = AF_MCTP;
1391
1392 /* we use the _len fields as a number of EIDs, rather than
1393 * a number of bits in the address
1394 */
1395 hdr->rtm_dst_len = rt->max - rt->min;
1396 hdr->rtm_src_len = 0;
1397 hdr->rtm_tos = 0;
1398 hdr->rtm_table = RT_TABLE_DEFAULT;
1399 hdr->rtm_protocol = RTPROT_STATIC; /* everything is user-defined */
1400 hdr->rtm_scope = RT_SCOPE_LINK; /* TODO: scope in mctp_route? */
1401 hdr->rtm_type = rt->type;
1402
1403 if (nla_put_u8(skb, RTA_DST, rt->min))
1404 goto cancel;
1405
1406 metrics = nla_nest_start_noflag(skb, RTA_METRICS);
1407 if (!metrics)
1408 goto cancel;
1409
1410 if (rt->mtu) {
1411 if (nla_put_u32(skb, RTAX_MTU, rt->mtu))
1412 goto cancel;
1413 }
1414
1415 nla_nest_end(skb, metrics);
1416
1417 if (rt->dev) {
1418 if (nla_put_u32(skb, RTA_OIF, rt->dev->dev->ifindex))
1419 goto cancel;
1420 }
1421
1422 /* TODO: conditional neighbour physaddr? */
1423
1424 nlmsg_end(skb, nlh);
1425
1426 return 0;
1427
1428cancel:
1429 nlmsg_cancel(skb, nlh);
1430 return -EMSGSIZE;
1431}
1432
1433static int mctp_dump_rtinfo(struct sk_buff *skb, struct netlink_callback *cb)
1434{
1435 struct net *net = sock_net(skb->sk);
1436 struct mctp_route *rt;
1437 int s_idx, idx;
1438
1439 /* TODO: allow filtering on route data, possibly under
1440 * cb->strict_check
1441 */
1442
1443 /* TODO: change to struct overlay */
1444 s_idx = cb->args[0];
1445 idx = 0;
1446
1447 rcu_read_lock();
1448 list_for_each_entry_rcu(rt, &net->mctp.routes, list) {
1449 if (idx++ < s_idx)
1450 continue;
1451 if (mctp_fill_rtinfo(skb, rt,
1452 NETLINK_CB(cb->skb).portid,
1453 cb->nlh->nlmsg_seq,
1454 RTM_NEWROUTE, NLM_F_MULTI) < 0)
1455 break;
1456 }
1457
1458 rcu_read_unlock();
1459 cb->args[0] = idx;
1460
1461 return skb->len;
1462}
1463
1464/* net namespace implementation */
1465static int __net_init mctp_routes_net_init(struct net *net)
1466{
1467 struct netns_mctp *ns = &net->mctp;
1468
1469 INIT_LIST_HEAD(&ns->routes);
1470 INIT_HLIST_HEAD(&ns->binds);
1471 mutex_init(&ns->bind_lock);
1472 INIT_HLIST_HEAD(&ns->keys);
1473 spin_lock_init(&ns->keys_lock);
1474 WARN_ON(mctp_default_net_set(net, MCTP_INITIAL_DEFAULT_NET));
1475 return 0;
1476}
1477
1478static void __net_exit mctp_routes_net_exit(struct net *net)
1479{
1480 struct mctp_route *rt;
1481
1482 rcu_read_lock();
1483 list_for_each_entry_rcu(rt, &net->mctp.routes, list)
1484 mctp_route_release(rt);
1485 rcu_read_unlock();
1486}
1487
1488static struct pernet_operations mctp_net_ops = {
1489 .init = mctp_routes_net_init,
1490 .exit = mctp_routes_net_exit,
1491};
1492
1493static const struct rtnl_msg_handler mctp_route_rtnl_msg_handlers[] = {
1494 {THIS_MODULE, PF_MCTP, RTM_NEWROUTE, mctp_newroute, NULL, 0},
1495 {THIS_MODULE, PF_MCTP, RTM_DELROUTE, mctp_delroute, NULL, 0},
1496 {THIS_MODULE, PF_MCTP, RTM_GETROUTE, NULL, mctp_dump_rtinfo, 0},
1497};
1498
1499int __init mctp_routes_init(void)
1500{
1501 int err;
1502
1503 dev_add_pack(&mctp_packet_type);
1504
1505 err = register_pernet_subsys(&mctp_net_ops);
1506 if (err)
1507 goto err_pernet;
1508
1509 err = rtnl_register_many(mctp_route_rtnl_msg_handlers);
1510 if (err)
1511 goto err_rtnl;
1512
1513 return 0;
1514
1515err_rtnl:
1516 unregister_pernet_subsys(&mctp_net_ops);
1517err_pernet:
1518 dev_remove_pack(&mctp_packet_type);
1519 return err;
1520}
1521
1522void mctp_routes_exit(void)
1523{
1524 rtnl_unregister_many(mctp_route_rtnl_msg_handlers);
1525 unregister_pernet_subsys(&mctp_net_ops);
1526 dev_remove_pack(&mctp_packet_type);
1527}
1528
1529#if IS_ENABLED(CONFIG_MCTP_TEST)
1530#include "test/route-test.c"
1531#endif