Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Management Component Transport Protocol (MCTP) - routing
4 * implementation.
5 *
6 * This is currently based on a simple routing table, with no dst cache. The
7 * number of routes should stay fairly small, so the lookup cost is small.
8 *
9 * Copyright (c) 2021 Code Construct
10 * Copyright (c) 2021 Google
11 */
12
13#include <linux/idr.h>
14#include <linux/kconfig.h>
15#include <linux/mctp.h>
16#include <linux/netdevice.h>
17#include <linux/rtnetlink.h>
18#include <linux/skbuff.h>
19
20#include <uapi/linux/if_arp.h>
21
22#include <net/mctp.h>
23#include <net/mctpdevice.h>
24#include <net/netlink.h>
25#include <net/sock.h>
26
27#include <trace/events/mctp.h>
28
29static const unsigned int mctp_message_maxlen = 64 * 1024;
30static const unsigned long mctp_key_lifetime = 6 * CONFIG_HZ;
31
32static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev);
33
34/* route output callbacks */
35static int mctp_route_discard(struct mctp_route *route, struct sk_buff *skb)
36{
37 kfree_skb(skb);
38 return 0;
39}
40
41static struct mctp_sock *mctp_lookup_bind(struct net *net, struct sk_buff *skb)
42{
43 struct mctp_skb_cb *cb = mctp_cb(skb);
44 struct mctp_hdr *mh;
45 struct sock *sk;
46 u8 type;
47
48 WARN_ON(!rcu_read_lock_held());
49
50 /* TODO: look up in skb->cb? */
51 mh = mctp_hdr(skb);
52
53 if (!skb_headlen(skb))
54 return NULL;
55
56 type = (*(u8 *)skb->data) & 0x7f;
57
58 sk_for_each_rcu(sk, &net->mctp.binds) {
59 struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk);
60
61 if (msk->bind_net != MCTP_NET_ANY && msk->bind_net != cb->net)
62 continue;
63
64 if (msk->bind_type != type)
65 continue;
66
67 if (!mctp_address_matches(msk->bind_addr, mh->dest))
68 continue;
69
70 return msk;
71 }
72
73 return NULL;
74}
75
76static bool mctp_key_match(struct mctp_sk_key *key, mctp_eid_t local,
77 mctp_eid_t peer, u8 tag)
78{
79 if (!mctp_address_matches(key->local_addr, local))
80 return false;
81
82 if (key->peer_addr != peer)
83 return false;
84
85 if (key->tag != tag)
86 return false;
87
88 return true;
89}
90
91/* returns a key (with key->lock held, and refcounted), or NULL if no such
92 * key exists.
93 */
94static struct mctp_sk_key *mctp_lookup_key(struct net *net, struct sk_buff *skb,
95 mctp_eid_t peer,
96 unsigned long *irqflags)
97 __acquires(&key->lock)
98{
99 struct mctp_sk_key *key, *ret;
100 unsigned long flags;
101 struct mctp_hdr *mh;
102 u8 tag;
103
104 mh = mctp_hdr(skb);
105 tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
106
107 ret = NULL;
108 spin_lock_irqsave(&net->mctp.keys_lock, flags);
109
110 hlist_for_each_entry(key, &net->mctp.keys, hlist) {
111 if (!mctp_key_match(key, mh->dest, peer, tag))
112 continue;
113
114 spin_lock(&key->lock);
115 if (key->valid) {
116 refcount_inc(&key->refs);
117 ret = key;
118 break;
119 }
120 spin_unlock(&key->lock);
121 }
122
123 if (ret) {
124 spin_unlock(&net->mctp.keys_lock);
125 *irqflags = flags;
126 } else {
127 spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
128 }
129
130 return ret;
131}
132
133static struct mctp_sk_key *mctp_key_alloc(struct mctp_sock *msk,
134 mctp_eid_t local, mctp_eid_t peer,
135 u8 tag, gfp_t gfp)
136{
137 struct mctp_sk_key *key;
138
139 key = kzalloc(sizeof(*key), gfp);
140 if (!key)
141 return NULL;
142
143 key->peer_addr = peer;
144 key->local_addr = local;
145 key->tag = tag;
146 key->sk = &msk->sk;
147 key->valid = true;
148 spin_lock_init(&key->lock);
149 refcount_set(&key->refs, 1);
150 sock_hold(key->sk);
151
152 return key;
153}
154
155void mctp_key_unref(struct mctp_sk_key *key)
156{
157 unsigned long flags;
158
159 if (!refcount_dec_and_test(&key->refs))
160 return;
161
162 /* even though no refs exist here, the lock allows us to stay
163 * consistent with the locking requirement of mctp_dev_release_key
164 */
165 spin_lock_irqsave(&key->lock, flags);
166 mctp_dev_release_key(key->dev, key);
167 spin_unlock_irqrestore(&key->lock, flags);
168
169 sock_put(key->sk);
170 kfree(key);
171}
172
173static int mctp_key_add(struct mctp_sk_key *key, struct mctp_sock *msk)
174{
175 struct net *net = sock_net(&msk->sk);
176 struct mctp_sk_key *tmp;
177 unsigned long flags;
178 int rc = 0;
179
180 spin_lock_irqsave(&net->mctp.keys_lock, flags);
181
182 if (sock_flag(&msk->sk, SOCK_DEAD)) {
183 rc = -EINVAL;
184 goto out_unlock;
185 }
186
187 hlist_for_each_entry(tmp, &net->mctp.keys, hlist) {
188 if (mctp_key_match(tmp, key->local_addr, key->peer_addr,
189 key->tag)) {
190 spin_lock(&tmp->lock);
191 if (tmp->valid)
192 rc = -EEXIST;
193 spin_unlock(&tmp->lock);
194 if (rc)
195 break;
196 }
197 }
198
199 if (!rc) {
200 refcount_inc(&key->refs);
201 key->expiry = jiffies + mctp_key_lifetime;
202 timer_reduce(&msk->key_expiry, key->expiry);
203
204 hlist_add_head(&key->hlist, &net->mctp.keys);
205 hlist_add_head(&key->sklist, &msk->keys);
206 }
207
208out_unlock:
209 spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
210
211 return rc;
212}
213
214/* Helper for mctp_route_input().
215 * We're done with the key; unlock and unref the key.
216 * For the usual case of automatic expiry we remove the key from lists.
217 * In the case that manual allocation is set on a key we release the lock
218 * and local ref, reset reassembly, but don't remove from lists.
219 */
220static void __mctp_key_done_in(struct mctp_sk_key *key, struct net *net,
221 unsigned long flags, unsigned long reason)
222__releases(&key->lock)
223{
224 struct sk_buff *skb;
225
226 trace_mctp_key_release(key, reason);
227 skb = key->reasm_head;
228 key->reasm_head = NULL;
229
230 if (!key->manual_alloc) {
231 key->reasm_dead = true;
232 key->valid = false;
233 mctp_dev_release_key(key->dev, key);
234 }
235 spin_unlock_irqrestore(&key->lock, flags);
236
237 if (!key->manual_alloc) {
238 spin_lock_irqsave(&net->mctp.keys_lock, flags);
239 if (!hlist_unhashed(&key->hlist)) {
240 hlist_del_init(&key->hlist);
241 hlist_del_init(&key->sklist);
242 mctp_key_unref(key);
243 }
244 spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
245 }
246
247 /* and one for the local reference */
248 mctp_key_unref(key);
249
250 kfree_skb(skb);
251}
252
253#ifdef CONFIG_MCTP_FLOWS
254static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key)
255{
256 struct mctp_flow *flow;
257
258 flow = skb_ext_add(skb, SKB_EXT_MCTP);
259 if (!flow)
260 return;
261
262 refcount_inc(&key->refs);
263 flow->key = key;
264}
265
266static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev)
267{
268 struct mctp_sk_key *key;
269 struct mctp_flow *flow;
270
271 flow = skb_ext_find(skb, SKB_EXT_MCTP);
272 if (!flow)
273 return;
274
275 key = flow->key;
276
277 if (WARN_ON(key->dev && key->dev != dev))
278 return;
279
280 mctp_dev_set_key(dev, key);
281}
282#else
283static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key) {}
284static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev) {}
285#endif
286
287static int mctp_frag_queue(struct mctp_sk_key *key, struct sk_buff *skb)
288{
289 struct mctp_hdr *hdr = mctp_hdr(skb);
290 u8 exp_seq, this_seq;
291
292 this_seq = (hdr->flags_seq_tag >> MCTP_HDR_SEQ_SHIFT)
293 & MCTP_HDR_SEQ_MASK;
294
295 if (!key->reasm_head) {
296 key->reasm_head = skb;
297 key->reasm_tailp = &(skb_shinfo(skb)->frag_list);
298 key->last_seq = this_seq;
299 return 0;
300 }
301
302 exp_seq = (key->last_seq + 1) & MCTP_HDR_SEQ_MASK;
303
304 if (this_seq != exp_seq)
305 return -EINVAL;
306
307 if (key->reasm_head->len + skb->len > mctp_message_maxlen)
308 return -EINVAL;
309
310 skb->next = NULL;
311 skb->sk = NULL;
312 *key->reasm_tailp = skb;
313 key->reasm_tailp = &skb->next;
314
315 key->last_seq = this_seq;
316
317 key->reasm_head->data_len += skb->len;
318 key->reasm_head->len += skb->len;
319 key->reasm_head->truesize += skb->truesize;
320
321 return 0;
322}
323
324static int mctp_route_input(struct mctp_route *route, struct sk_buff *skb)
325{
326 struct mctp_sk_key *key, *any_key = NULL;
327 struct net *net = dev_net(skb->dev);
328 struct mctp_sock *msk;
329 struct mctp_hdr *mh;
330 unsigned long f;
331 u8 tag, flags;
332 int rc;
333
334 msk = NULL;
335 rc = -EINVAL;
336
337 /* we may be receiving a locally-routed packet; drop source sk
338 * accounting
339 */
340 skb_orphan(skb);
341
342 /* ensure we have enough data for a header and a type */
343 if (skb->len < sizeof(struct mctp_hdr) + 1)
344 goto out;
345
346 /* grab header, advance data ptr */
347 mh = mctp_hdr(skb);
348 skb_pull(skb, sizeof(struct mctp_hdr));
349
350 if (mh->ver != 1)
351 goto out;
352
353 flags = mh->flags_seq_tag & (MCTP_HDR_FLAG_SOM | MCTP_HDR_FLAG_EOM);
354 tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
355
356 rcu_read_lock();
357
358 /* lookup socket / reasm context, exactly matching (src,dest,tag).
359 * we hold a ref on the key, and key->lock held.
360 */
361 key = mctp_lookup_key(net, skb, mh->src, &f);
362
363 if (flags & MCTP_HDR_FLAG_SOM) {
364 if (key) {
365 msk = container_of(key->sk, struct mctp_sock, sk);
366 } else {
367 /* first response to a broadcast? do a more general
368 * key lookup to find the socket, but don't use this
369 * key for reassembly - we'll create a more specific
370 * one for future packets if required (ie, !EOM).
371 */
372 any_key = mctp_lookup_key(net, skb, MCTP_ADDR_ANY, &f);
373 if (any_key) {
374 msk = container_of(any_key->sk,
375 struct mctp_sock, sk);
376 spin_unlock_irqrestore(&any_key->lock, f);
377 }
378 }
379
380 if (!key && !msk && (tag & MCTP_HDR_FLAG_TO))
381 msk = mctp_lookup_bind(net, skb);
382
383 if (!msk) {
384 rc = -ENOENT;
385 goto out_unlock;
386 }
387
388 /* single-packet message? deliver to socket, clean up any
389 * pending key.
390 */
391 if (flags & MCTP_HDR_FLAG_EOM) {
392 sock_queue_rcv_skb(&msk->sk, skb);
393 if (key) {
394 /* we've hit a pending reassembly; not much we
395 * can do but drop it
396 */
397 __mctp_key_done_in(key, net, f,
398 MCTP_TRACE_KEY_REPLIED);
399 key = NULL;
400 }
401 rc = 0;
402 goto out_unlock;
403 }
404
405 /* broadcast response or a bind() - create a key for further
406 * packets for this message
407 */
408 if (!key) {
409 key = mctp_key_alloc(msk, mh->dest, mh->src,
410 tag, GFP_ATOMIC);
411 if (!key) {
412 rc = -ENOMEM;
413 goto out_unlock;
414 }
415
416 /* we can queue without the key lock here, as the
417 * key isn't observable yet
418 */
419 mctp_frag_queue(key, skb);
420
421 /* if the key_add fails, we've raced with another
422 * SOM packet with the same src, dest and tag. There's
423 * no way to distinguish future packets, so all we
424 * can do is drop; we'll free the skb on exit from
425 * this function.
426 */
427 rc = mctp_key_add(key, msk);
428 if (!rc)
429 trace_mctp_key_acquire(key);
430
431 /* we don't need to release key->lock on exit, so
432 * clean up here and suppress the unlock via
433 * setting to NULL
434 */
435 mctp_key_unref(key);
436 key = NULL;
437
438 } else {
439 if (key->reasm_head || key->reasm_dead) {
440 /* duplicate start? drop everything */
441 __mctp_key_done_in(key, net, f,
442 MCTP_TRACE_KEY_INVALIDATED);
443 rc = -EEXIST;
444 key = NULL;
445 } else {
446 rc = mctp_frag_queue(key, skb);
447 }
448 }
449
450 } else if (key) {
451 /* this packet continues a previous message; reassemble
452 * using the message-specific key
453 */
454
455 /* we need to be continuing an existing reassembly... */
456 if (!key->reasm_head)
457 rc = -EINVAL;
458 else
459 rc = mctp_frag_queue(key, skb);
460
461 /* end of message? deliver to socket, and we're done with
462 * the reassembly/response key
463 */
464 if (!rc && flags & MCTP_HDR_FLAG_EOM) {
465 sock_queue_rcv_skb(key->sk, key->reasm_head);
466 key->reasm_head = NULL;
467 __mctp_key_done_in(key, net, f, MCTP_TRACE_KEY_REPLIED);
468 key = NULL;
469 }
470
471 } else {
472 /* not a start, no matching key */
473 rc = -ENOENT;
474 }
475
476out_unlock:
477 rcu_read_unlock();
478 if (key) {
479 spin_unlock_irqrestore(&key->lock, f);
480 mctp_key_unref(key);
481 }
482 if (any_key)
483 mctp_key_unref(any_key);
484out:
485 if (rc)
486 kfree_skb(skb);
487 return rc;
488}
489
490static unsigned int mctp_route_mtu(struct mctp_route *rt)
491{
492 return rt->mtu ?: READ_ONCE(rt->dev->dev->mtu);
493}
494
495static int mctp_route_output(struct mctp_route *route, struct sk_buff *skb)
496{
497 struct mctp_skb_cb *cb = mctp_cb(skb);
498 struct mctp_hdr *hdr = mctp_hdr(skb);
499 char daddr_buf[MAX_ADDR_LEN];
500 char *daddr = NULL;
501 unsigned int mtu;
502 int rc;
503
504 skb->protocol = htons(ETH_P_MCTP);
505
506 mtu = READ_ONCE(skb->dev->mtu);
507 if (skb->len > mtu) {
508 kfree_skb(skb);
509 return -EMSGSIZE;
510 }
511
512 if (cb->ifindex) {
513 /* direct route; use the hwaddr we stashed in sendmsg */
514 if (cb->halen != skb->dev->addr_len) {
515 /* sanity check, sendmsg should have already caught this */
516 kfree_skb(skb);
517 return -EMSGSIZE;
518 }
519 daddr = cb->haddr;
520 } else {
521 /* If lookup fails let the device handle daddr==NULL */
522 if (mctp_neigh_lookup(route->dev, hdr->dest, daddr_buf) == 0)
523 daddr = daddr_buf;
524 }
525
526 rc = dev_hard_header(skb, skb->dev, ntohs(skb->protocol),
527 daddr, skb->dev->dev_addr, skb->len);
528 if (rc < 0) {
529 kfree_skb(skb);
530 return -EHOSTUNREACH;
531 }
532
533 mctp_flow_prepare_output(skb, route->dev);
534
535 rc = dev_queue_xmit(skb);
536 if (rc)
537 rc = net_xmit_errno(rc);
538
539 return rc;
540}
541
542/* route alloc/release */
543static void mctp_route_release(struct mctp_route *rt)
544{
545 if (refcount_dec_and_test(&rt->refs)) {
546 mctp_dev_put(rt->dev);
547 kfree_rcu(rt, rcu);
548 }
549}
550
551/* returns a route with the refcount at 1 */
552static struct mctp_route *mctp_route_alloc(void)
553{
554 struct mctp_route *rt;
555
556 rt = kzalloc(sizeof(*rt), GFP_KERNEL);
557 if (!rt)
558 return NULL;
559
560 INIT_LIST_HEAD(&rt->list);
561 refcount_set(&rt->refs, 1);
562 rt->output = mctp_route_discard;
563
564 return rt;
565}
566
567unsigned int mctp_default_net(struct net *net)
568{
569 return READ_ONCE(net->mctp.default_net);
570}
571
572int mctp_default_net_set(struct net *net, unsigned int index)
573{
574 if (index == 0)
575 return -EINVAL;
576 WRITE_ONCE(net->mctp.default_net, index);
577 return 0;
578}
579
580/* tag management */
581static void mctp_reserve_tag(struct net *net, struct mctp_sk_key *key,
582 struct mctp_sock *msk)
583{
584 struct netns_mctp *mns = &net->mctp;
585
586 lockdep_assert_held(&mns->keys_lock);
587
588 key->expiry = jiffies + mctp_key_lifetime;
589 timer_reduce(&msk->key_expiry, key->expiry);
590
591 /* we hold the net->key_lock here, allowing updates to both
592 * then net and sk
593 */
594 hlist_add_head_rcu(&key->hlist, &mns->keys);
595 hlist_add_head_rcu(&key->sklist, &msk->keys);
596 refcount_inc(&key->refs);
597}
598
599/* Allocate a locally-owned tag value for (saddr, daddr), and reserve
600 * it for the socket msk
601 */
602struct mctp_sk_key *mctp_alloc_local_tag(struct mctp_sock *msk,
603 mctp_eid_t daddr, mctp_eid_t saddr,
604 bool manual, u8 *tagp)
605{
606 struct net *net = sock_net(&msk->sk);
607 struct netns_mctp *mns = &net->mctp;
608 struct mctp_sk_key *key, *tmp;
609 unsigned long flags;
610 u8 tagbits;
611
612 /* for NULL destination EIDs, we may get a response from any peer */
613 if (daddr == MCTP_ADDR_NULL)
614 daddr = MCTP_ADDR_ANY;
615
616 /* be optimistic, alloc now */
617 key = mctp_key_alloc(msk, saddr, daddr, 0, GFP_KERNEL);
618 if (!key)
619 return ERR_PTR(-ENOMEM);
620
621 /* 8 possible tag values */
622 tagbits = 0xff;
623
624 spin_lock_irqsave(&mns->keys_lock, flags);
625
626 /* Walk through the existing keys, looking for potential conflicting
627 * tags. If we find a conflict, clear that bit from tagbits
628 */
629 hlist_for_each_entry(tmp, &mns->keys, hlist) {
630 /* We can check the lookup fields (*_addr, tag) without the
631 * lock held, they don't change over the lifetime of the key.
632 */
633
634 /* if we don't own the tag, it can't conflict */
635 if (tmp->tag & MCTP_HDR_FLAG_TO)
636 continue;
637
638 if (!(mctp_address_matches(tmp->peer_addr, daddr) &&
639 mctp_address_matches(tmp->local_addr, saddr)))
640 continue;
641
642 spin_lock(&tmp->lock);
643 /* key must still be valid. If we find a match, clear the
644 * potential tag value
645 */
646 if (tmp->valid)
647 tagbits &= ~(1 << tmp->tag);
648 spin_unlock(&tmp->lock);
649
650 if (!tagbits)
651 break;
652 }
653
654 if (tagbits) {
655 key->tag = __ffs(tagbits);
656 mctp_reserve_tag(net, key, msk);
657 trace_mctp_key_acquire(key);
658
659 key->manual_alloc = manual;
660 *tagp = key->tag;
661 }
662
663 spin_unlock_irqrestore(&mns->keys_lock, flags);
664
665 if (!tagbits) {
666 mctp_key_unref(key);
667 return ERR_PTR(-EBUSY);
668 }
669
670 return key;
671}
672
673static struct mctp_sk_key *mctp_lookup_prealloc_tag(struct mctp_sock *msk,
674 mctp_eid_t daddr,
675 u8 req_tag, u8 *tagp)
676{
677 struct net *net = sock_net(&msk->sk);
678 struct netns_mctp *mns = &net->mctp;
679 struct mctp_sk_key *key, *tmp;
680 unsigned long flags;
681
682 req_tag &= ~(MCTP_TAG_PREALLOC | MCTP_TAG_OWNER);
683 key = NULL;
684
685 spin_lock_irqsave(&mns->keys_lock, flags);
686
687 hlist_for_each_entry(tmp, &mns->keys, hlist) {
688 if (tmp->tag != req_tag)
689 continue;
690
691 if (!mctp_address_matches(tmp->peer_addr, daddr))
692 continue;
693
694 if (!tmp->manual_alloc)
695 continue;
696
697 spin_lock(&tmp->lock);
698 if (tmp->valid) {
699 key = tmp;
700 refcount_inc(&key->refs);
701 spin_unlock(&tmp->lock);
702 break;
703 }
704 spin_unlock(&tmp->lock);
705 }
706 spin_unlock_irqrestore(&mns->keys_lock, flags);
707
708 if (!key)
709 return ERR_PTR(-ENOENT);
710
711 if (tagp)
712 *tagp = key->tag;
713
714 return key;
715}
716
717/* routing lookups */
718static bool mctp_rt_match_eid(struct mctp_route *rt,
719 unsigned int net, mctp_eid_t eid)
720{
721 return READ_ONCE(rt->dev->net) == net &&
722 rt->min <= eid && rt->max >= eid;
723}
724
725/* compares match, used for duplicate prevention */
726static bool mctp_rt_compare_exact(struct mctp_route *rt1,
727 struct mctp_route *rt2)
728{
729 ASSERT_RTNL();
730 return rt1->dev->net == rt2->dev->net &&
731 rt1->min == rt2->min &&
732 rt1->max == rt2->max;
733}
734
735struct mctp_route *mctp_route_lookup(struct net *net, unsigned int dnet,
736 mctp_eid_t daddr)
737{
738 struct mctp_route *tmp, *rt = NULL;
739
740 rcu_read_lock();
741
742 list_for_each_entry_rcu(tmp, &net->mctp.routes, list) {
743 /* TODO: add metrics */
744 if (mctp_rt_match_eid(tmp, dnet, daddr)) {
745 if (refcount_inc_not_zero(&tmp->refs)) {
746 rt = tmp;
747 break;
748 }
749 }
750 }
751
752 rcu_read_unlock();
753
754 return rt;
755}
756
757static struct mctp_route *mctp_route_lookup_null(struct net *net,
758 struct net_device *dev)
759{
760 struct mctp_route *tmp, *rt = NULL;
761
762 rcu_read_lock();
763
764 list_for_each_entry_rcu(tmp, &net->mctp.routes, list) {
765 if (tmp->dev->dev == dev && tmp->type == RTN_LOCAL &&
766 refcount_inc_not_zero(&tmp->refs)) {
767 rt = tmp;
768 break;
769 }
770 }
771
772 rcu_read_unlock();
773
774 return rt;
775}
776
777static int mctp_do_fragment_route(struct mctp_route *rt, struct sk_buff *skb,
778 unsigned int mtu, u8 tag)
779{
780 const unsigned int hlen = sizeof(struct mctp_hdr);
781 struct mctp_hdr *hdr, *hdr2;
782 unsigned int pos, size, headroom;
783 struct sk_buff *skb2;
784 int rc;
785 u8 seq;
786
787 hdr = mctp_hdr(skb);
788 seq = 0;
789 rc = 0;
790
791 if (mtu < hlen + 1) {
792 kfree_skb(skb);
793 return -EMSGSIZE;
794 }
795
796 /* keep same headroom as the original skb */
797 headroom = skb_headroom(skb);
798
799 /* we've got the header */
800 skb_pull(skb, hlen);
801
802 for (pos = 0; pos < skb->len;) {
803 /* size of message payload */
804 size = min(mtu - hlen, skb->len - pos);
805
806 skb2 = alloc_skb(headroom + hlen + size, GFP_KERNEL);
807 if (!skb2) {
808 rc = -ENOMEM;
809 break;
810 }
811
812 /* generic skb copy */
813 skb2->protocol = skb->protocol;
814 skb2->priority = skb->priority;
815 skb2->dev = skb->dev;
816 memcpy(skb2->cb, skb->cb, sizeof(skb2->cb));
817
818 if (skb->sk)
819 skb_set_owner_w(skb2, skb->sk);
820
821 /* establish packet */
822 skb_reserve(skb2, headroom);
823 skb_reset_network_header(skb2);
824 skb_put(skb2, hlen + size);
825 skb2->transport_header = skb2->network_header + hlen;
826
827 /* copy header fields, calculate SOM/EOM flags & seq */
828 hdr2 = mctp_hdr(skb2);
829 hdr2->ver = hdr->ver;
830 hdr2->dest = hdr->dest;
831 hdr2->src = hdr->src;
832 hdr2->flags_seq_tag = tag &
833 (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
834
835 if (pos == 0)
836 hdr2->flags_seq_tag |= MCTP_HDR_FLAG_SOM;
837
838 if (pos + size == skb->len)
839 hdr2->flags_seq_tag |= MCTP_HDR_FLAG_EOM;
840
841 hdr2->flags_seq_tag |= seq << MCTP_HDR_SEQ_SHIFT;
842
843 /* copy message payload */
844 skb_copy_bits(skb, pos, skb_transport_header(skb2), size);
845
846 /* do route */
847 rc = rt->output(rt, skb2);
848 if (rc)
849 break;
850
851 seq = (seq + 1) & MCTP_HDR_SEQ_MASK;
852 pos += size;
853 }
854
855 consume_skb(skb);
856 return rc;
857}
858
859int mctp_local_output(struct sock *sk, struct mctp_route *rt,
860 struct sk_buff *skb, mctp_eid_t daddr, u8 req_tag)
861{
862 struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk);
863 struct mctp_skb_cb *cb = mctp_cb(skb);
864 struct mctp_route tmp_rt = {0};
865 struct mctp_sk_key *key;
866 struct mctp_hdr *hdr;
867 unsigned long flags;
868 unsigned int mtu;
869 mctp_eid_t saddr;
870 bool ext_rt;
871 int rc;
872 u8 tag;
873
874 rc = -ENODEV;
875
876 if (rt) {
877 ext_rt = false;
878 if (WARN_ON(!rt->dev))
879 goto out_release;
880
881 } else if (cb->ifindex) {
882 struct net_device *dev;
883
884 ext_rt = true;
885 rt = &tmp_rt;
886
887 rcu_read_lock();
888 dev = dev_get_by_index_rcu(sock_net(sk), cb->ifindex);
889 if (!dev) {
890 rcu_read_unlock();
891 goto out_free;
892 }
893 rt->dev = __mctp_dev_get(dev);
894 rcu_read_unlock();
895
896 if (!rt->dev)
897 goto out_release;
898
899 /* establish temporary route - we set up enough to keep
900 * mctp_route_output happy
901 */
902 rt->output = mctp_route_output;
903 rt->mtu = 0;
904
905 } else {
906 rc = -EINVAL;
907 goto out_free;
908 }
909
910 spin_lock_irqsave(&rt->dev->addrs_lock, flags);
911 if (rt->dev->num_addrs == 0) {
912 rc = -EHOSTUNREACH;
913 } else {
914 /* use the outbound interface's first address as our source */
915 saddr = rt->dev->addrs[0];
916 rc = 0;
917 }
918 spin_unlock_irqrestore(&rt->dev->addrs_lock, flags);
919
920 if (rc)
921 goto out_release;
922
923 if (req_tag & MCTP_TAG_OWNER) {
924 if (req_tag & MCTP_TAG_PREALLOC)
925 key = mctp_lookup_prealloc_tag(msk, daddr,
926 req_tag, &tag);
927 else
928 key = mctp_alloc_local_tag(msk, daddr, saddr,
929 false, &tag);
930
931 if (IS_ERR(key)) {
932 rc = PTR_ERR(key);
933 goto out_release;
934 }
935 mctp_skb_set_flow(skb, key);
936 /* done with the key in this scope */
937 mctp_key_unref(key);
938 tag |= MCTP_HDR_FLAG_TO;
939 } else {
940 key = NULL;
941 tag = req_tag & MCTP_TAG_MASK;
942 }
943
944 skb->protocol = htons(ETH_P_MCTP);
945 skb->priority = 0;
946 skb_reset_transport_header(skb);
947 skb_push(skb, sizeof(struct mctp_hdr));
948 skb_reset_network_header(skb);
949 skb->dev = rt->dev->dev;
950
951 /* cb->net will have been set on initial ingress */
952 cb->src = saddr;
953
954 /* set up common header fields */
955 hdr = mctp_hdr(skb);
956 hdr->ver = 1;
957 hdr->dest = daddr;
958 hdr->src = saddr;
959
960 mtu = mctp_route_mtu(rt);
961
962 if (skb->len + sizeof(struct mctp_hdr) <= mtu) {
963 hdr->flags_seq_tag = MCTP_HDR_FLAG_SOM |
964 MCTP_HDR_FLAG_EOM | tag;
965 rc = rt->output(rt, skb);
966 } else {
967 rc = mctp_do_fragment_route(rt, skb, mtu, tag);
968 }
969
970 /* route output functions consume the skb, even on error */
971 skb = NULL;
972
973out_release:
974 if (!ext_rt)
975 mctp_route_release(rt);
976
977 mctp_dev_put(tmp_rt.dev);
978
979out_free:
980 kfree_skb(skb);
981 return rc;
982}
983
984/* route management */
985static int mctp_route_add(struct mctp_dev *mdev, mctp_eid_t daddr_start,
986 unsigned int daddr_extent, unsigned int mtu,
987 unsigned char type)
988{
989 int (*rtfn)(struct mctp_route *rt, struct sk_buff *skb);
990 struct net *net = dev_net(mdev->dev);
991 struct mctp_route *rt, *ert;
992
993 if (!mctp_address_unicast(daddr_start))
994 return -EINVAL;
995
996 if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255)
997 return -EINVAL;
998
999 switch (type) {
1000 case RTN_LOCAL:
1001 rtfn = mctp_route_input;
1002 break;
1003 case RTN_UNICAST:
1004 rtfn = mctp_route_output;
1005 break;
1006 default:
1007 return -EINVAL;
1008 }
1009
1010 rt = mctp_route_alloc();
1011 if (!rt)
1012 return -ENOMEM;
1013
1014 rt->min = daddr_start;
1015 rt->max = daddr_start + daddr_extent;
1016 rt->mtu = mtu;
1017 rt->dev = mdev;
1018 mctp_dev_hold(rt->dev);
1019 rt->type = type;
1020 rt->output = rtfn;
1021
1022 ASSERT_RTNL();
1023 /* Prevent duplicate identical routes. */
1024 list_for_each_entry(ert, &net->mctp.routes, list) {
1025 if (mctp_rt_compare_exact(rt, ert)) {
1026 mctp_route_release(rt);
1027 return -EEXIST;
1028 }
1029 }
1030
1031 list_add_rcu(&rt->list, &net->mctp.routes);
1032
1033 return 0;
1034}
1035
1036static int mctp_route_remove(struct mctp_dev *mdev, mctp_eid_t daddr_start,
1037 unsigned int daddr_extent, unsigned char type)
1038{
1039 struct net *net = dev_net(mdev->dev);
1040 struct mctp_route *rt, *tmp;
1041 mctp_eid_t daddr_end;
1042 bool dropped;
1043
1044 if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255)
1045 return -EINVAL;
1046
1047 daddr_end = daddr_start + daddr_extent;
1048 dropped = false;
1049
1050 ASSERT_RTNL();
1051
1052 list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) {
1053 if (rt->dev == mdev &&
1054 rt->min == daddr_start && rt->max == daddr_end &&
1055 rt->type == type) {
1056 list_del_rcu(&rt->list);
1057 /* TODO: immediate RTM_DELROUTE */
1058 mctp_route_release(rt);
1059 dropped = true;
1060 }
1061 }
1062
1063 return dropped ? 0 : -ENOENT;
1064}
1065
1066int mctp_route_add_local(struct mctp_dev *mdev, mctp_eid_t addr)
1067{
1068 return mctp_route_add(mdev, addr, 0, 0, RTN_LOCAL);
1069}
1070
1071int mctp_route_remove_local(struct mctp_dev *mdev, mctp_eid_t addr)
1072{
1073 return mctp_route_remove(mdev, addr, 0, RTN_LOCAL);
1074}
1075
1076/* removes all entries for a given device */
1077void mctp_route_remove_dev(struct mctp_dev *mdev)
1078{
1079 struct net *net = dev_net(mdev->dev);
1080 struct mctp_route *rt, *tmp;
1081
1082 ASSERT_RTNL();
1083 list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) {
1084 if (rt->dev == mdev) {
1085 list_del_rcu(&rt->list);
1086 /* TODO: immediate RTM_DELROUTE */
1087 mctp_route_release(rt);
1088 }
1089 }
1090}
1091
1092/* Incoming packet-handling */
1093
1094static int mctp_pkttype_receive(struct sk_buff *skb, struct net_device *dev,
1095 struct packet_type *pt,
1096 struct net_device *orig_dev)
1097{
1098 struct net *net = dev_net(dev);
1099 struct mctp_dev *mdev;
1100 struct mctp_skb_cb *cb;
1101 struct mctp_route *rt;
1102 struct mctp_hdr *mh;
1103
1104 rcu_read_lock();
1105 mdev = __mctp_dev_get(dev);
1106 rcu_read_unlock();
1107 if (!mdev) {
1108 /* basic non-data sanity checks */
1109 goto err_drop;
1110 }
1111
1112 if (!pskb_may_pull(skb, sizeof(struct mctp_hdr)))
1113 goto err_drop;
1114
1115 skb_reset_transport_header(skb);
1116 skb_reset_network_header(skb);
1117
1118 /* We have enough for a header; decode and route */
1119 mh = mctp_hdr(skb);
1120 if (mh->ver < MCTP_VER_MIN || mh->ver > MCTP_VER_MAX)
1121 goto err_drop;
1122
1123 /* source must be valid unicast or null; drop reserved ranges and
1124 * broadcast
1125 */
1126 if (!(mctp_address_unicast(mh->src) || mctp_address_null(mh->src)))
1127 goto err_drop;
1128
1129 /* dest address: as above, but allow broadcast */
1130 if (!(mctp_address_unicast(mh->dest) || mctp_address_null(mh->dest) ||
1131 mctp_address_broadcast(mh->dest)))
1132 goto err_drop;
1133
1134 /* MCTP drivers must populate halen/haddr */
1135 if (dev->type == ARPHRD_MCTP) {
1136 cb = mctp_cb(skb);
1137 } else {
1138 cb = __mctp_cb(skb);
1139 cb->halen = 0;
1140 }
1141 cb->net = READ_ONCE(mdev->net);
1142 cb->ifindex = dev->ifindex;
1143
1144 rt = mctp_route_lookup(net, cb->net, mh->dest);
1145
1146 /* NULL EID, but addressed to our physical address */
1147 if (!rt && mh->dest == MCTP_ADDR_NULL && skb->pkt_type == PACKET_HOST)
1148 rt = mctp_route_lookup_null(net, dev);
1149
1150 if (!rt)
1151 goto err_drop;
1152
1153 rt->output(rt, skb);
1154 mctp_route_release(rt);
1155 mctp_dev_put(mdev);
1156
1157 return NET_RX_SUCCESS;
1158
1159err_drop:
1160 kfree_skb(skb);
1161 mctp_dev_put(mdev);
1162 return NET_RX_DROP;
1163}
1164
1165static struct packet_type mctp_packet_type = {
1166 .type = cpu_to_be16(ETH_P_MCTP),
1167 .func = mctp_pkttype_receive,
1168};
1169
1170/* netlink interface */
1171
1172static const struct nla_policy rta_mctp_policy[RTA_MAX + 1] = {
1173 [RTA_DST] = { .type = NLA_U8 },
1174 [RTA_METRICS] = { .type = NLA_NESTED },
1175 [RTA_OIF] = { .type = NLA_U32 },
1176};
1177
1178/* Common part for RTM_NEWROUTE and RTM_DELROUTE parsing.
1179 * tb must hold RTA_MAX+1 elements.
1180 */
1181static int mctp_route_nlparse(struct sk_buff *skb, struct nlmsghdr *nlh,
1182 struct netlink_ext_ack *extack,
1183 struct nlattr **tb, struct rtmsg **rtm,
1184 struct mctp_dev **mdev, mctp_eid_t *daddr_start)
1185{
1186 struct net *net = sock_net(skb->sk);
1187 struct net_device *dev;
1188 unsigned int ifindex;
1189 int rc;
1190
1191 rc = nlmsg_parse(nlh, sizeof(struct rtmsg), tb, RTA_MAX,
1192 rta_mctp_policy, extack);
1193 if (rc < 0) {
1194 NL_SET_ERR_MSG(extack, "incorrect format");
1195 return rc;
1196 }
1197
1198 if (!tb[RTA_DST]) {
1199 NL_SET_ERR_MSG(extack, "dst EID missing");
1200 return -EINVAL;
1201 }
1202 *daddr_start = nla_get_u8(tb[RTA_DST]);
1203
1204 if (!tb[RTA_OIF]) {
1205 NL_SET_ERR_MSG(extack, "ifindex missing");
1206 return -EINVAL;
1207 }
1208 ifindex = nla_get_u32(tb[RTA_OIF]);
1209
1210 *rtm = nlmsg_data(nlh);
1211 if ((*rtm)->rtm_family != AF_MCTP) {
1212 NL_SET_ERR_MSG(extack, "route family must be AF_MCTP");
1213 return -EINVAL;
1214 }
1215
1216 dev = __dev_get_by_index(net, ifindex);
1217 if (!dev) {
1218 NL_SET_ERR_MSG(extack, "bad ifindex");
1219 return -ENODEV;
1220 }
1221 *mdev = mctp_dev_get_rtnl(dev);
1222 if (!*mdev)
1223 return -ENODEV;
1224
1225 if (dev->flags & IFF_LOOPBACK) {
1226 NL_SET_ERR_MSG(extack, "no routes to loopback");
1227 return -EINVAL;
1228 }
1229
1230 return 0;
1231}
1232
1233static const struct nla_policy rta_metrics_policy[RTAX_MAX + 1] = {
1234 [RTAX_MTU] = { .type = NLA_U32 },
1235};
1236
1237static int mctp_newroute(struct sk_buff *skb, struct nlmsghdr *nlh,
1238 struct netlink_ext_ack *extack)
1239{
1240 struct nlattr *tb[RTA_MAX + 1];
1241 struct nlattr *tbx[RTAX_MAX + 1];
1242 mctp_eid_t daddr_start;
1243 struct mctp_dev *mdev;
1244 struct rtmsg *rtm;
1245 unsigned int mtu;
1246 int rc;
1247
1248 rc = mctp_route_nlparse(skb, nlh, extack, tb,
1249 &rtm, &mdev, &daddr_start);
1250 if (rc < 0)
1251 return rc;
1252
1253 if (rtm->rtm_type != RTN_UNICAST) {
1254 NL_SET_ERR_MSG(extack, "rtm_type must be RTN_UNICAST");
1255 return -EINVAL;
1256 }
1257
1258 mtu = 0;
1259 if (tb[RTA_METRICS]) {
1260 rc = nla_parse_nested(tbx, RTAX_MAX, tb[RTA_METRICS],
1261 rta_metrics_policy, NULL);
1262 if (rc < 0)
1263 return rc;
1264 if (tbx[RTAX_MTU])
1265 mtu = nla_get_u32(tbx[RTAX_MTU]);
1266 }
1267
1268 rc = mctp_route_add(mdev, daddr_start, rtm->rtm_dst_len, mtu,
1269 rtm->rtm_type);
1270 return rc;
1271}
1272
1273static int mctp_delroute(struct sk_buff *skb, struct nlmsghdr *nlh,
1274 struct netlink_ext_ack *extack)
1275{
1276 struct nlattr *tb[RTA_MAX + 1];
1277 mctp_eid_t daddr_start;
1278 struct mctp_dev *mdev;
1279 struct rtmsg *rtm;
1280 int rc;
1281
1282 rc = mctp_route_nlparse(skb, nlh, extack, tb,
1283 &rtm, &mdev, &daddr_start);
1284 if (rc < 0)
1285 return rc;
1286
1287 /* we only have unicast routes */
1288 if (rtm->rtm_type != RTN_UNICAST)
1289 return -EINVAL;
1290
1291 rc = mctp_route_remove(mdev, daddr_start, rtm->rtm_dst_len, RTN_UNICAST);
1292 return rc;
1293}
1294
1295static int mctp_fill_rtinfo(struct sk_buff *skb, struct mctp_route *rt,
1296 u32 portid, u32 seq, int event, unsigned int flags)
1297{
1298 struct nlmsghdr *nlh;
1299 struct rtmsg *hdr;
1300 void *metrics;
1301
1302 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*hdr), flags);
1303 if (!nlh)
1304 return -EMSGSIZE;
1305
1306 hdr = nlmsg_data(nlh);
1307 hdr->rtm_family = AF_MCTP;
1308
1309 /* we use the _len fields as a number of EIDs, rather than
1310 * a number of bits in the address
1311 */
1312 hdr->rtm_dst_len = rt->max - rt->min;
1313 hdr->rtm_src_len = 0;
1314 hdr->rtm_tos = 0;
1315 hdr->rtm_table = RT_TABLE_DEFAULT;
1316 hdr->rtm_protocol = RTPROT_STATIC; /* everything is user-defined */
1317 hdr->rtm_scope = RT_SCOPE_LINK; /* TODO: scope in mctp_route? */
1318 hdr->rtm_type = rt->type;
1319
1320 if (nla_put_u8(skb, RTA_DST, rt->min))
1321 goto cancel;
1322
1323 metrics = nla_nest_start_noflag(skb, RTA_METRICS);
1324 if (!metrics)
1325 goto cancel;
1326
1327 if (rt->mtu) {
1328 if (nla_put_u32(skb, RTAX_MTU, rt->mtu))
1329 goto cancel;
1330 }
1331
1332 nla_nest_end(skb, metrics);
1333
1334 if (rt->dev) {
1335 if (nla_put_u32(skb, RTA_OIF, rt->dev->dev->ifindex))
1336 goto cancel;
1337 }
1338
1339 /* TODO: conditional neighbour physaddr? */
1340
1341 nlmsg_end(skb, nlh);
1342
1343 return 0;
1344
1345cancel:
1346 nlmsg_cancel(skb, nlh);
1347 return -EMSGSIZE;
1348}
1349
1350static int mctp_dump_rtinfo(struct sk_buff *skb, struct netlink_callback *cb)
1351{
1352 struct net *net = sock_net(skb->sk);
1353 struct mctp_route *rt;
1354 int s_idx, idx;
1355
1356 /* TODO: allow filtering on route data, possibly under
1357 * cb->strict_check
1358 */
1359
1360 /* TODO: change to struct overlay */
1361 s_idx = cb->args[0];
1362 idx = 0;
1363
1364 rcu_read_lock();
1365 list_for_each_entry_rcu(rt, &net->mctp.routes, list) {
1366 if (idx++ < s_idx)
1367 continue;
1368 if (mctp_fill_rtinfo(skb, rt,
1369 NETLINK_CB(cb->skb).portid,
1370 cb->nlh->nlmsg_seq,
1371 RTM_NEWROUTE, NLM_F_MULTI) < 0)
1372 break;
1373 }
1374
1375 rcu_read_unlock();
1376 cb->args[0] = idx;
1377
1378 return skb->len;
1379}
1380
1381/* net namespace implementation */
1382static int __net_init mctp_routes_net_init(struct net *net)
1383{
1384 struct netns_mctp *ns = &net->mctp;
1385
1386 INIT_LIST_HEAD(&ns->routes);
1387 INIT_HLIST_HEAD(&ns->binds);
1388 mutex_init(&ns->bind_lock);
1389 INIT_HLIST_HEAD(&ns->keys);
1390 spin_lock_init(&ns->keys_lock);
1391 WARN_ON(mctp_default_net_set(net, MCTP_INITIAL_DEFAULT_NET));
1392 return 0;
1393}
1394
1395static void __net_exit mctp_routes_net_exit(struct net *net)
1396{
1397 struct mctp_route *rt;
1398
1399 rcu_read_lock();
1400 list_for_each_entry_rcu(rt, &net->mctp.routes, list)
1401 mctp_route_release(rt);
1402 rcu_read_unlock();
1403}
1404
1405static struct pernet_operations mctp_net_ops = {
1406 .init = mctp_routes_net_init,
1407 .exit = mctp_routes_net_exit,
1408};
1409
1410int __init mctp_routes_init(void)
1411{
1412 dev_add_pack(&mctp_packet_type);
1413
1414 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_GETROUTE,
1415 NULL, mctp_dump_rtinfo, 0);
1416 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_NEWROUTE,
1417 mctp_newroute, NULL, 0);
1418 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_DELROUTE,
1419 mctp_delroute, NULL, 0);
1420
1421 return register_pernet_subsys(&mctp_net_ops);
1422}
1423
1424void mctp_routes_exit(void)
1425{
1426 unregister_pernet_subsys(&mctp_net_ops);
1427 rtnl_unregister(PF_MCTP, RTM_DELROUTE);
1428 rtnl_unregister(PF_MCTP, RTM_NEWROUTE);
1429 rtnl_unregister(PF_MCTP, RTM_GETROUTE);
1430 dev_remove_pack(&mctp_packet_type);
1431}
1432
1433#if IS_ENABLED(CONFIG_MCTP_TEST)
1434#include "test/route-test.c"
1435#endif
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Management Component Transport Protocol (MCTP) - routing
4 * implementation.
5 *
6 * This is currently based on a simple routing table, with no dst cache. The
7 * number of routes should stay fairly small, so the lookup cost is small.
8 *
9 * Copyright (c) 2021 Code Construct
10 * Copyright (c) 2021 Google
11 */
12
13#include <linux/idr.h>
14#include <linux/kconfig.h>
15#include <linux/mctp.h>
16#include <linux/netdevice.h>
17#include <linux/rtnetlink.h>
18#include <linux/skbuff.h>
19
20#include <uapi/linux/if_arp.h>
21
22#include <net/mctp.h>
23#include <net/mctpdevice.h>
24#include <net/netlink.h>
25#include <net/sock.h>
26
27#include <trace/events/mctp.h>
28
29static const unsigned int mctp_message_maxlen = 64 * 1024;
30static const unsigned long mctp_key_lifetime = 6 * CONFIG_HZ;
31
32static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev);
33
34/* route output callbacks */
35static int mctp_route_discard(struct mctp_route *route, struct sk_buff *skb)
36{
37 kfree_skb(skb);
38 return 0;
39}
40
41static struct mctp_sock *mctp_lookup_bind(struct net *net, struct sk_buff *skb)
42{
43 struct mctp_skb_cb *cb = mctp_cb(skb);
44 struct mctp_hdr *mh;
45 struct sock *sk;
46 u8 type;
47
48 WARN_ON(!rcu_read_lock_held());
49
50 /* TODO: look up in skb->cb? */
51 mh = mctp_hdr(skb);
52
53 if (!skb_headlen(skb))
54 return NULL;
55
56 type = (*(u8 *)skb->data) & 0x7f;
57
58 sk_for_each_rcu(sk, &net->mctp.binds) {
59 struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk);
60
61 if (msk->bind_net != MCTP_NET_ANY && msk->bind_net != cb->net)
62 continue;
63
64 if (msk->bind_type != type)
65 continue;
66
67 if (!mctp_address_matches(msk->bind_addr, mh->dest))
68 continue;
69
70 return msk;
71 }
72
73 return NULL;
74}
75
76/* A note on the key allocations.
77 *
78 * struct net->mctp.keys contains our set of currently-allocated keys for
79 * MCTP tag management. The lookup tuple for these is the peer EID,
80 * local EID and MCTP tag.
81 *
82 * In some cases, the peer EID may be MCTP_EID_ANY: for example, when a
83 * broadcast message is sent, we may receive responses from any peer EID.
84 * Because the broadcast dest address is equivalent to ANY, we create
85 * a key with (local = local-eid, peer = ANY). This allows a match on the
86 * incoming broadcast responses from any peer.
87 *
88 * We perform lookups when packets are received, and when tags are allocated
89 * in two scenarios:
90 *
91 * - when a packet is sent, with a locally-owned tag: we need to find an
92 * unused tag value for the (local, peer) EID pair.
93 *
94 * - when a tag is manually allocated: we need to find an unused tag value
95 * for the peer EID, but don't have a specific local EID at that stage.
96 *
97 * in the latter case, on successful allocation, we end up with a tag with
98 * (local = ANY, peer = peer-eid).
99 *
100 * So, the key set allows both a local EID of ANY, as well as a peer EID of
101 * ANY in the lookup tuple. Both may be ANY if we prealloc for a broadcast.
102 * The matching (in mctp_key_match()) during lookup allows the match value to
103 * be ANY in either the dest or source addresses.
104 *
105 * When allocating (+ inserting) a tag, we need to check for conflicts amongst
106 * the existing tag set. This requires macthing either exactly on the local
107 * and peer addresses, or either being ANY.
108 */
109
110static bool mctp_key_match(struct mctp_sk_key *key, unsigned int net,
111 mctp_eid_t local, mctp_eid_t peer, u8 tag)
112{
113 if (key->net != net)
114 return false;
115
116 if (!mctp_address_matches(key->local_addr, local))
117 return false;
118
119 if (!mctp_address_matches(key->peer_addr, peer))
120 return false;
121
122 if (key->tag != tag)
123 return false;
124
125 return true;
126}
127
128/* returns a key (with key->lock held, and refcounted), or NULL if no such
129 * key exists.
130 */
131static struct mctp_sk_key *mctp_lookup_key(struct net *net, struct sk_buff *skb,
132 unsigned int netid, mctp_eid_t peer,
133 unsigned long *irqflags)
134 __acquires(&key->lock)
135{
136 struct mctp_sk_key *key, *ret;
137 unsigned long flags;
138 struct mctp_hdr *mh;
139 u8 tag;
140
141 mh = mctp_hdr(skb);
142 tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
143
144 ret = NULL;
145 spin_lock_irqsave(&net->mctp.keys_lock, flags);
146
147 hlist_for_each_entry(key, &net->mctp.keys, hlist) {
148 if (!mctp_key_match(key, netid, mh->dest, peer, tag))
149 continue;
150
151 spin_lock(&key->lock);
152 if (key->valid) {
153 refcount_inc(&key->refs);
154 ret = key;
155 break;
156 }
157 spin_unlock(&key->lock);
158 }
159
160 if (ret) {
161 spin_unlock(&net->mctp.keys_lock);
162 *irqflags = flags;
163 } else {
164 spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
165 }
166
167 return ret;
168}
169
170static struct mctp_sk_key *mctp_key_alloc(struct mctp_sock *msk,
171 unsigned int net,
172 mctp_eid_t local, mctp_eid_t peer,
173 u8 tag, gfp_t gfp)
174{
175 struct mctp_sk_key *key;
176
177 key = kzalloc(sizeof(*key), gfp);
178 if (!key)
179 return NULL;
180
181 key->net = net;
182 key->peer_addr = peer;
183 key->local_addr = local;
184 key->tag = tag;
185 key->sk = &msk->sk;
186 key->valid = true;
187 spin_lock_init(&key->lock);
188 refcount_set(&key->refs, 1);
189 sock_hold(key->sk);
190
191 return key;
192}
193
194void mctp_key_unref(struct mctp_sk_key *key)
195{
196 unsigned long flags;
197
198 if (!refcount_dec_and_test(&key->refs))
199 return;
200
201 /* even though no refs exist here, the lock allows us to stay
202 * consistent with the locking requirement of mctp_dev_release_key
203 */
204 spin_lock_irqsave(&key->lock, flags);
205 mctp_dev_release_key(key->dev, key);
206 spin_unlock_irqrestore(&key->lock, flags);
207
208 sock_put(key->sk);
209 kfree(key);
210}
211
212static int mctp_key_add(struct mctp_sk_key *key, struct mctp_sock *msk)
213{
214 struct net *net = sock_net(&msk->sk);
215 struct mctp_sk_key *tmp;
216 unsigned long flags;
217 int rc = 0;
218
219 spin_lock_irqsave(&net->mctp.keys_lock, flags);
220
221 if (sock_flag(&msk->sk, SOCK_DEAD)) {
222 rc = -EINVAL;
223 goto out_unlock;
224 }
225
226 hlist_for_each_entry(tmp, &net->mctp.keys, hlist) {
227 if (mctp_key_match(tmp, key->net, key->local_addr,
228 key->peer_addr, key->tag)) {
229 spin_lock(&tmp->lock);
230 if (tmp->valid)
231 rc = -EEXIST;
232 spin_unlock(&tmp->lock);
233 if (rc)
234 break;
235 }
236 }
237
238 if (!rc) {
239 refcount_inc(&key->refs);
240 key->expiry = jiffies + mctp_key_lifetime;
241 timer_reduce(&msk->key_expiry, key->expiry);
242
243 hlist_add_head(&key->hlist, &net->mctp.keys);
244 hlist_add_head(&key->sklist, &msk->keys);
245 }
246
247out_unlock:
248 spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
249
250 return rc;
251}
252
253/* Helper for mctp_route_input().
254 * We're done with the key; unlock and unref the key.
255 * For the usual case of automatic expiry we remove the key from lists.
256 * In the case that manual allocation is set on a key we release the lock
257 * and local ref, reset reassembly, but don't remove from lists.
258 */
259static void __mctp_key_done_in(struct mctp_sk_key *key, struct net *net,
260 unsigned long flags, unsigned long reason)
261__releases(&key->lock)
262{
263 struct sk_buff *skb;
264
265 trace_mctp_key_release(key, reason);
266 skb = key->reasm_head;
267 key->reasm_head = NULL;
268
269 if (!key->manual_alloc) {
270 key->reasm_dead = true;
271 key->valid = false;
272 mctp_dev_release_key(key->dev, key);
273 }
274 spin_unlock_irqrestore(&key->lock, flags);
275
276 if (!key->manual_alloc) {
277 spin_lock_irqsave(&net->mctp.keys_lock, flags);
278 if (!hlist_unhashed(&key->hlist)) {
279 hlist_del_init(&key->hlist);
280 hlist_del_init(&key->sklist);
281 mctp_key_unref(key);
282 }
283 spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
284 }
285
286 /* and one for the local reference */
287 mctp_key_unref(key);
288
289 kfree_skb(skb);
290}
291
292#ifdef CONFIG_MCTP_FLOWS
293static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key)
294{
295 struct mctp_flow *flow;
296
297 flow = skb_ext_add(skb, SKB_EXT_MCTP);
298 if (!flow)
299 return;
300
301 refcount_inc(&key->refs);
302 flow->key = key;
303}
304
305static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev)
306{
307 struct mctp_sk_key *key;
308 struct mctp_flow *flow;
309
310 flow = skb_ext_find(skb, SKB_EXT_MCTP);
311 if (!flow)
312 return;
313
314 key = flow->key;
315
316 if (WARN_ON(key->dev && key->dev != dev))
317 return;
318
319 mctp_dev_set_key(dev, key);
320}
321#else
322static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key) {}
323static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev) {}
324#endif
325
326static int mctp_frag_queue(struct mctp_sk_key *key, struct sk_buff *skb)
327{
328 struct mctp_hdr *hdr = mctp_hdr(skb);
329 u8 exp_seq, this_seq;
330
331 this_seq = (hdr->flags_seq_tag >> MCTP_HDR_SEQ_SHIFT)
332 & MCTP_HDR_SEQ_MASK;
333
334 if (!key->reasm_head) {
335 key->reasm_head = skb;
336 key->reasm_tailp = &(skb_shinfo(skb)->frag_list);
337 key->last_seq = this_seq;
338 return 0;
339 }
340
341 exp_seq = (key->last_seq + 1) & MCTP_HDR_SEQ_MASK;
342
343 if (this_seq != exp_seq)
344 return -EINVAL;
345
346 if (key->reasm_head->len + skb->len > mctp_message_maxlen)
347 return -EINVAL;
348
349 skb->next = NULL;
350 skb->sk = NULL;
351 *key->reasm_tailp = skb;
352 key->reasm_tailp = &skb->next;
353
354 key->last_seq = this_seq;
355
356 key->reasm_head->data_len += skb->len;
357 key->reasm_head->len += skb->len;
358 key->reasm_head->truesize += skb->truesize;
359
360 return 0;
361}
362
363static int mctp_route_input(struct mctp_route *route, struct sk_buff *skb)
364{
365 struct mctp_sk_key *key, *any_key = NULL;
366 struct net *net = dev_net(skb->dev);
367 struct mctp_sock *msk;
368 struct mctp_hdr *mh;
369 unsigned int netid;
370 unsigned long f;
371 u8 tag, flags;
372 int rc;
373
374 msk = NULL;
375 rc = -EINVAL;
376
377 /* we may be receiving a locally-routed packet; drop source sk
378 * accounting
379 */
380 skb_orphan(skb);
381
382 /* ensure we have enough data for a header and a type */
383 if (skb->len < sizeof(struct mctp_hdr) + 1)
384 goto out;
385
386 /* grab header, advance data ptr */
387 mh = mctp_hdr(skb);
388 netid = mctp_cb(skb)->net;
389 skb_pull(skb, sizeof(struct mctp_hdr));
390
391 if (mh->ver != 1)
392 goto out;
393
394 flags = mh->flags_seq_tag & (MCTP_HDR_FLAG_SOM | MCTP_HDR_FLAG_EOM);
395 tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
396
397 rcu_read_lock();
398
399 /* lookup socket / reasm context, exactly matching (src,dest,tag).
400 * we hold a ref on the key, and key->lock held.
401 */
402 key = mctp_lookup_key(net, skb, netid, mh->src, &f);
403
404 if (flags & MCTP_HDR_FLAG_SOM) {
405 if (key) {
406 msk = container_of(key->sk, struct mctp_sock, sk);
407 } else {
408 /* first response to a broadcast? do a more general
409 * key lookup to find the socket, but don't use this
410 * key for reassembly - we'll create a more specific
411 * one for future packets if required (ie, !EOM).
412 *
413 * this lookup requires key->peer to be MCTP_ADDR_ANY,
414 * it doesn't match just any key->peer.
415 */
416 any_key = mctp_lookup_key(net, skb, netid,
417 MCTP_ADDR_ANY, &f);
418 if (any_key) {
419 msk = container_of(any_key->sk,
420 struct mctp_sock, sk);
421 spin_unlock_irqrestore(&any_key->lock, f);
422 }
423 }
424
425 if (!key && !msk && (tag & MCTP_HDR_FLAG_TO))
426 msk = mctp_lookup_bind(net, skb);
427
428 if (!msk) {
429 rc = -ENOENT;
430 goto out_unlock;
431 }
432
433 /* single-packet message? deliver to socket, clean up any
434 * pending key.
435 */
436 if (flags & MCTP_HDR_FLAG_EOM) {
437 sock_queue_rcv_skb(&msk->sk, skb);
438 if (key) {
439 /* we've hit a pending reassembly; not much we
440 * can do but drop it
441 */
442 __mctp_key_done_in(key, net, f,
443 MCTP_TRACE_KEY_REPLIED);
444 key = NULL;
445 }
446 rc = 0;
447 goto out_unlock;
448 }
449
450 /* broadcast response or a bind() - create a key for further
451 * packets for this message
452 */
453 if (!key) {
454 key = mctp_key_alloc(msk, netid, mh->dest, mh->src,
455 tag, GFP_ATOMIC);
456 if (!key) {
457 rc = -ENOMEM;
458 goto out_unlock;
459 }
460
461 /* we can queue without the key lock here, as the
462 * key isn't observable yet
463 */
464 mctp_frag_queue(key, skb);
465
466 /* if the key_add fails, we've raced with another
467 * SOM packet with the same src, dest and tag. There's
468 * no way to distinguish future packets, so all we
469 * can do is drop; we'll free the skb on exit from
470 * this function.
471 */
472 rc = mctp_key_add(key, msk);
473 if (!rc)
474 trace_mctp_key_acquire(key);
475
476 /* we don't need to release key->lock on exit, so
477 * clean up here and suppress the unlock via
478 * setting to NULL
479 */
480 mctp_key_unref(key);
481 key = NULL;
482
483 } else {
484 if (key->reasm_head || key->reasm_dead) {
485 /* duplicate start? drop everything */
486 __mctp_key_done_in(key, net, f,
487 MCTP_TRACE_KEY_INVALIDATED);
488 rc = -EEXIST;
489 key = NULL;
490 } else {
491 rc = mctp_frag_queue(key, skb);
492 }
493 }
494
495 } else if (key) {
496 /* this packet continues a previous message; reassemble
497 * using the message-specific key
498 */
499
500 /* we need to be continuing an existing reassembly... */
501 if (!key->reasm_head)
502 rc = -EINVAL;
503 else
504 rc = mctp_frag_queue(key, skb);
505
506 /* end of message? deliver to socket, and we're done with
507 * the reassembly/response key
508 */
509 if (!rc && flags & MCTP_HDR_FLAG_EOM) {
510 sock_queue_rcv_skb(key->sk, key->reasm_head);
511 key->reasm_head = NULL;
512 __mctp_key_done_in(key, net, f, MCTP_TRACE_KEY_REPLIED);
513 key = NULL;
514 }
515
516 } else {
517 /* not a start, no matching key */
518 rc = -ENOENT;
519 }
520
521out_unlock:
522 rcu_read_unlock();
523 if (key) {
524 spin_unlock_irqrestore(&key->lock, f);
525 mctp_key_unref(key);
526 }
527 if (any_key)
528 mctp_key_unref(any_key);
529out:
530 if (rc)
531 kfree_skb(skb);
532 return rc;
533}
534
535static unsigned int mctp_route_mtu(struct mctp_route *rt)
536{
537 return rt->mtu ?: READ_ONCE(rt->dev->dev->mtu);
538}
539
540static int mctp_route_output(struct mctp_route *route, struct sk_buff *skb)
541{
542 struct mctp_skb_cb *cb = mctp_cb(skb);
543 struct mctp_hdr *hdr = mctp_hdr(skb);
544 char daddr_buf[MAX_ADDR_LEN];
545 char *daddr = NULL;
546 unsigned int mtu;
547 int rc;
548
549 skb->protocol = htons(ETH_P_MCTP);
550
551 mtu = READ_ONCE(skb->dev->mtu);
552 if (skb->len > mtu) {
553 kfree_skb(skb);
554 return -EMSGSIZE;
555 }
556
557 if (cb->ifindex) {
558 /* direct route; use the hwaddr we stashed in sendmsg */
559 if (cb->halen != skb->dev->addr_len) {
560 /* sanity check, sendmsg should have already caught this */
561 kfree_skb(skb);
562 return -EMSGSIZE;
563 }
564 daddr = cb->haddr;
565 } else {
566 /* If lookup fails let the device handle daddr==NULL */
567 if (mctp_neigh_lookup(route->dev, hdr->dest, daddr_buf) == 0)
568 daddr = daddr_buf;
569 }
570
571 rc = dev_hard_header(skb, skb->dev, ntohs(skb->protocol),
572 daddr, skb->dev->dev_addr, skb->len);
573 if (rc < 0) {
574 kfree_skb(skb);
575 return -EHOSTUNREACH;
576 }
577
578 mctp_flow_prepare_output(skb, route->dev);
579
580 rc = dev_queue_xmit(skb);
581 if (rc)
582 rc = net_xmit_errno(rc);
583
584 return rc;
585}
586
587/* route alloc/release */
588static void mctp_route_release(struct mctp_route *rt)
589{
590 if (refcount_dec_and_test(&rt->refs)) {
591 mctp_dev_put(rt->dev);
592 kfree_rcu(rt, rcu);
593 }
594}
595
596/* returns a route with the refcount at 1 */
597static struct mctp_route *mctp_route_alloc(void)
598{
599 struct mctp_route *rt;
600
601 rt = kzalloc(sizeof(*rt), GFP_KERNEL);
602 if (!rt)
603 return NULL;
604
605 INIT_LIST_HEAD(&rt->list);
606 refcount_set(&rt->refs, 1);
607 rt->output = mctp_route_discard;
608
609 return rt;
610}
611
612unsigned int mctp_default_net(struct net *net)
613{
614 return READ_ONCE(net->mctp.default_net);
615}
616
617int mctp_default_net_set(struct net *net, unsigned int index)
618{
619 if (index == 0)
620 return -EINVAL;
621 WRITE_ONCE(net->mctp.default_net, index);
622 return 0;
623}
624
625/* tag management */
626static void mctp_reserve_tag(struct net *net, struct mctp_sk_key *key,
627 struct mctp_sock *msk)
628{
629 struct netns_mctp *mns = &net->mctp;
630
631 lockdep_assert_held(&mns->keys_lock);
632
633 key->expiry = jiffies + mctp_key_lifetime;
634 timer_reduce(&msk->key_expiry, key->expiry);
635
636 /* we hold the net->key_lock here, allowing updates to both
637 * then net and sk
638 */
639 hlist_add_head_rcu(&key->hlist, &mns->keys);
640 hlist_add_head_rcu(&key->sklist, &msk->keys);
641 refcount_inc(&key->refs);
642}
643
644/* Allocate a locally-owned tag value for (local, peer), and reserve
645 * it for the socket msk
646 */
647struct mctp_sk_key *mctp_alloc_local_tag(struct mctp_sock *msk,
648 unsigned int netid,
649 mctp_eid_t local, mctp_eid_t peer,
650 bool manual, u8 *tagp)
651{
652 struct net *net = sock_net(&msk->sk);
653 struct netns_mctp *mns = &net->mctp;
654 struct mctp_sk_key *key, *tmp;
655 unsigned long flags;
656 u8 tagbits;
657
658 /* for NULL destination EIDs, we may get a response from any peer */
659 if (peer == MCTP_ADDR_NULL)
660 peer = MCTP_ADDR_ANY;
661
662 /* be optimistic, alloc now */
663 key = mctp_key_alloc(msk, netid, local, peer, 0, GFP_KERNEL);
664 if (!key)
665 return ERR_PTR(-ENOMEM);
666
667 /* 8 possible tag values */
668 tagbits = 0xff;
669
670 spin_lock_irqsave(&mns->keys_lock, flags);
671
672 /* Walk through the existing keys, looking for potential conflicting
673 * tags. If we find a conflict, clear that bit from tagbits
674 */
675 hlist_for_each_entry(tmp, &mns->keys, hlist) {
676 /* We can check the lookup fields (*_addr, tag) without the
677 * lock held, they don't change over the lifetime of the key.
678 */
679
680 /* tags are net-specific */
681 if (tmp->net != netid)
682 continue;
683
684 /* if we don't own the tag, it can't conflict */
685 if (tmp->tag & MCTP_HDR_FLAG_TO)
686 continue;
687
688 /* Since we're avoiding conflicting entries, match peer and
689 * local addresses, including with a wildcard on ANY. See
690 * 'A note on key allocations' for background.
691 */
692 if (peer != MCTP_ADDR_ANY &&
693 !mctp_address_matches(tmp->peer_addr, peer))
694 continue;
695
696 if (local != MCTP_ADDR_ANY &&
697 !mctp_address_matches(tmp->local_addr, local))
698 continue;
699
700 spin_lock(&tmp->lock);
701 /* key must still be valid. If we find a match, clear the
702 * potential tag value
703 */
704 if (tmp->valid)
705 tagbits &= ~(1 << tmp->tag);
706 spin_unlock(&tmp->lock);
707
708 if (!tagbits)
709 break;
710 }
711
712 if (tagbits) {
713 key->tag = __ffs(tagbits);
714 mctp_reserve_tag(net, key, msk);
715 trace_mctp_key_acquire(key);
716
717 key->manual_alloc = manual;
718 *tagp = key->tag;
719 }
720
721 spin_unlock_irqrestore(&mns->keys_lock, flags);
722
723 if (!tagbits) {
724 mctp_key_unref(key);
725 return ERR_PTR(-EBUSY);
726 }
727
728 return key;
729}
730
731static struct mctp_sk_key *mctp_lookup_prealloc_tag(struct mctp_sock *msk,
732 unsigned int netid,
733 mctp_eid_t daddr,
734 u8 req_tag, u8 *tagp)
735{
736 struct net *net = sock_net(&msk->sk);
737 struct netns_mctp *mns = &net->mctp;
738 struct mctp_sk_key *key, *tmp;
739 unsigned long flags;
740
741 req_tag &= ~(MCTP_TAG_PREALLOC | MCTP_TAG_OWNER);
742 key = NULL;
743
744 spin_lock_irqsave(&mns->keys_lock, flags);
745
746 hlist_for_each_entry(tmp, &mns->keys, hlist) {
747 if (tmp->net != netid)
748 continue;
749
750 if (tmp->tag != req_tag)
751 continue;
752
753 if (!mctp_address_matches(tmp->peer_addr, daddr))
754 continue;
755
756 if (!tmp->manual_alloc)
757 continue;
758
759 spin_lock(&tmp->lock);
760 if (tmp->valid) {
761 key = tmp;
762 refcount_inc(&key->refs);
763 spin_unlock(&tmp->lock);
764 break;
765 }
766 spin_unlock(&tmp->lock);
767 }
768 spin_unlock_irqrestore(&mns->keys_lock, flags);
769
770 if (!key)
771 return ERR_PTR(-ENOENT);
772
773 if (tagp)
774 *tagp = key->tag;
775
776 return key;
777}
778
779/* routing lookups */
780static bool mctp_rt_match_eid(struct mctp_route *rt,
781 unsigned int net, mctp_eid_t eid)
782{
783 return READ_ONCE(rt->dev->net) == net &&
784 rt->min <= eid && rt->max >= eid;
785}
786
787/* compares match, used for duplicate prevention */
788static bool mctp_rt_compare_exact(struct mctp_route *rt1,
789 struct mctp_route *rt2)
790{
791 ASSERT_RTNL();
792 return rt1->dev->net == rt2->dev->net &&
793 rt1->min == rt2->min &&
794 rt1->max == rt2->max;
795}
796
797struct mctp_route *mctp_route_lookup(struct net *net, unsigned int dnet,
798 mctp_eid_t daddr)
799{
800 struct mctp_route *tmp, *rt = NULL;
801
802 rcu_read_lock();
803
804 list_for_each_entry_rcu(tmp, &net->mctp.routes, list) {
805 /* TODO: add metrics */
806 if (mctp_rt_match_eid(tmp, dnet, daddr)) {
807 if (refcount_inc_not_zero(&tmp->refs)) {
808 rt = tmp;
809 break;
810 }
811 }
812 }
813
814 rcu_read_unlock();
815
816 return rt;
817}
818
819static struct mctp_route *mctp_route_lookup_null(struct net *net,
820 struct net_device *dev)
821{
822 struct mctp_route *tmp, *rt = NULL;
823
824 rcu_read_lock();
825
826 list_for_each_entry_rcu(tmp, &net->mctp.routes, list) {
827 if (tmp->dev->dev == dev && tmp->type == RTN_LOCAL &&
828 refcount_inc_not_zero(&tmp->refs)) {
829 rt = tmp;
830 break;
831 }
832 }
833
834 rcu_read_unlock();
835
836 return rt;
837}
838
839static int mctp_do_fragment_route(struct mctp_route *rt, struct sk_buff *skb,
840 unsigned int mtu, u8 tag)
841{
842 const unsigned int hlen = sizeof(struct mctp_hdr);
843 struct mctp_hdr *hdr, *hdr2;
844 unsigned int pos, size, headroom;
845 struct sk_buff *skb2;
846 int rc;
847 u8 seq;
848
849 hdr = mctp_hdr(skb);
850 seq = 0;
851 rc = 0;
852
853 if (mtu < hlen + 1) {
854 kfree_skb(skb);
855 return -EMSGSIZE;
856 }
857
858 /* keep same headroom as the original skb */
859 headroom = skb_headroom(skb);
860
861 /* we've got the header */
862 skb_pull(skb, hlen);
863
864 for (pos = 0; pos < skb->len;) {
865 /* size of message payload */
866 size = min(mtu - hlen, skb->len - pos);
867
868 skb2 = alloc_skb(headroom + hlen + size, GFP_KERNEL);
869 if (!skb2) {
870 rc = -ENOMEM;
871 break;
872 }
873
874 /* generic skb copy */
875 skb2->protocol = skb->protocol;
876 skb2->priority = skb->priority;
877 skb2->dev = skb->dev;
878 memcpy(skb2->cb, skb->cb, sizeof(skb2->cb));
879
880 if (skb->sk)
881 skb_set_owner_w(skb2, skb->sk);
882
883 /* establish packet */
884 skb_reserve(skb2, headroom);
885 skb_reset_network_header(skb2);
886 skb_put(skb2, hlen + size);
887 skb2->transport_header = skb2->network_header + hlen;
888
889 /* copy header fields, calculate SOM/EOM flags & seq */
890 hdr2 = mctp_hdr(skb2);
891 hdr2->ver = hdr->ver;
892 hdr2->dest = hdr->dest;
893 hdr2->src = hdr->src;
894 hdr2->flags_seq_tag = tag &
895 (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
896
897 if (pos == 0)
898 hdr2->flags_seq_tag |= MCTP_HDR_FLAG_SOM;
899
900 if (pos + size == skb->len)
901 hdr2->flags_seq_tag |= MCTP_HDR_FLAG_EOM;
902
903 hdr2->flags_seq_tag |= seq << MCTP_HDR_SEQ_SHIFT;
904
905 /* copy message payload */
906 skb_copy_bits(skb, pos, skb_transport_header(skb2), size);
907
908 /* we need to copy the extensions, for MCTP flow data */
909 skb_ext_copy(skb2, skb);
910
911 /* do route */
912 rc = rt->output(rt, skb2);
913 if (rc)
914 break;
915
916 seq = (seq + 1) & MCTP_HDR_SEQ_MASK;
917 pos += size;
918 }
919
920 consume_skb(skb);
921 return rc;
922}
923
924int mctp_local_output(struct sock *sk, struct mctp_route *rt,
925 struct sk_buff *skb, mctp_eid_t daddr, u8 req_tag)
926{
927 struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk);
928 struct mctp_skb_cb *cb = mctp_cb(skb);
929 struct mctp_route tmp_rt = {0};
930 struct mctp_sk_key *key;
931 struct mctp_hdr *hdr;
932 unsigned long flags;
933 unsigned int netid;
934 unsigned int mtu;
935 mctp_eid_t saddr;
936 bool ext_rt;
937 int rc;
938 u8 tag;
939
940 rc = -ENODEV;
941
942 if (rt) {
943 ext_rt = false;
944 if (WARN_ON(!rt->dev))
945 goto out_release;
946
947 } else if (cb->ifindex) {
948 struct net_device *dev;
949
950 ext_rt = true;
951 rt = &tmp_rt;
952
953 rcu_read_lock();
954 dev = dev_get_by_index_rcu(sock_net(sk), cb->ifindex);
955 if (!dev) {
956 rcu_read_unlock();
957 goto out_free;
958 }
959 rt->dev = __mctp_dev_get(dev);
960 rcu_read_unlock();
961
962 if (!rt->dev)
963 goto out_release;
964
965 /* establish temporary route - we set up enough to keep
966 * mctp_route_output happy
967 */
968 rt->output = mctp_route_output;
969 rt->mtu = 0;
970
971 } else {
972 rc = -EINVAL;
973 goto out_free;
974 }
975
976 spin_lock_irqsave(&rt->dev->addrs_lock, flags);
977 if (rt->dev->num_addrs == 0) {
978 rc = -EHOSTUNREACH;
979 } else {
980 /* use the outbound interface's first address as our source */
981 saddr = rt->dev->addrs[0];
982 rc = 0;
983 }
984 spin_unlock_irqrestore(&rt->dev->addrs_lock, flags);
985 netid = READ_ONCE(rt->dev->net);
986
987 if (rc)
988 goto out_release;
989
990 if (req_tag & MCTP_TAG_OWNER) {
991 if (req_tag & MCTP_TAG_PREALLOC)
992 key = mctp_lookup_prealloc_tag(msk, netid, daddr,
993 req_tag, &tag);
994 else
995 key = mctp_alloc_local_tag(msk, netid, saddr, daddr,
996 false, &tag);
997
998 if (IS_ERR(key)) {
999 rc = PTR_ERR(key);
1000 goto out_release;
1001 }
1002 mctp_skb_set_flow(skb, key);
1003 /* done with the key in this scope */
1004 mctp_key_unref(key);
1005 tag |= MCTP_HDR_FLAG_TO;
1006 } else {
1007 key = NULL;
1008 tag = req_tag & MCTP_TAG_MASK;
1009 }
1010
1011 skb->protocol = htons(ETH_P_MCTP);
1012 skb->priority = 0;
1013 skb_reset_transport_header(skb);
1014 skb_push(skb, sizeof(struct mctp_hdr));
1015 skb_reset_network_header(skb);
1016 skb->dev = rt->dev->dev;
1017
1018 /* cb->net will have been set on initial ingress */
1019 cb->src = saddr;
1020
1021 /* set up common header fields */
1022 hdr = mctp_hdr(skb);
1023 hdr->ver = 1;
1024 hdr->dest = daddr;
1025 hdr->src = saddr;
1026
1027 mtu = mctp_route_mtu(rt);
1028
1029 if (skb->len + sizeof(struct mctp_hdr) <= mtu) {
1030 hdr->flags_seq_tag = MCTP_HDR_FLAG_SOM |
1031 MCTP_HDR_FLAG_EOM | tag;
1032 rc = rt->output(rt, skb);
1033 } else {
1034 rc = mctp_do_fragment_route(rt, skb, mtu, tag);
1035 }
1036
1037 /* route output functions consume the skb, even on error */
1038 skb = NULL;
1039
1040out_release:
1041 if (!ext_rt)
1042 mctp_route_release(rt);
1043
1044 mctp_dev_put(tmp_rt.dev);
1045
1046out_free:
1047 kfree_skb(skb);
1048 return rc;
1049}
1050
1051/* route management */
1052static int mctp_route_add(struct mctp_dev *mdev, mctp_eid_t daddr_start,
1053 unsigned int daddr_extent, unsigned int mtu,
1054 unsigned char type)
1055{
1056 int (*rtfn)(struct mctp_route *rt, struct sk_buff *skb);
1057 struct net *net = dev_net(mdev->dev);
1058 struct mctp_route *rt, *ert;
1059
1060 if (!mctp_address_unicast(daddr_start))
1061 return -EINVAL;
1062
1063 if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255)
1064 return -EINVAL;
1065
1066 switch (type) {
1067 case RTN_LOCAL:
1068 rtfn = mctp_route_input;
1069 break;
1070 case RTN_UNICAST:
1071 rtfn = mctp_route_output;
1072 break;
1073 default:
1074 return -EINVAL;
1075 }
1076
1077 rt = mctp_route_alloc();
1078 if (!rt)
1079 return -ENOMEM;
1080
1081 rt->min = daddr_start;
1082 rt->max = daddr_start + daddr_extent;
1083 rt->mtu = mtu;
1084 rt->dev = mdev;
1085 mctp_dev_hold(rt->dev);
1086 rt->type = type;
1087 rt->output = rtfn;
1088
1089 ASSERT_RTNL();
1090 /* Prevent duplicate identical routes. */
1091 list_for_each_entry(ert, &net->mctp.routes, list) {
1092 if (mctp_rt_compare_exact(rt, ert)) {
1093 mctp_route_release(rt);
1094 return -EEXIST;
1095 }
1096 }
1097
1098 list_add_rcu(&rt->list, &net->mctp.routes);
1099
1100 return 0;
1101}
1102
1103static int mctp_route_remove(struct mctp_dev *mdev, mctp_eid_t daddr_start,
1104 unsigned int daddr_extent, unsigned char type)
1105{
1106 struct net *net = dev_net(mdev->dev);
1107 struct mctp_route *rt, *tmp;
1108 mctp_eid_t daddr_end;
1109 bool dropped;
1110
1111 if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255)
1112 return -EINVAL;
1113
1114 daddr_end = daddr_start + daddr_extent;
1115 dropped = false;
1116
1117 ASSERT_RTNL();
1118
1119 list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) {
1120 if (rt->dev == mdev &&
1121 rt->min == daddr_start && rt->max == daddr_end &&
1122 rt->type == type) {
1123 list_del_rcu(&rt->list);
1124 /* TODO: immediate RTM_DELROUTE */
1125 mctp_route_release(rt);
1126 dropped = true;
1127 }
1128 }
1129
1130 return dropped ? 0 : -ENOENT;
1131}
1132
1133int mctp_route_add_local(struct mctp_dev *mdev, mctp_eid_t addr)
1134{
1135 return mctp_route_add(mdev, addr, 0, 0, RTN_LOCAL);
1136}
1137
1138int mctp_route_remove_local(struct mctp_dev *mdev, mctp_eid_t addr)
1139{
1140 return mctp_route_remove(mdev, addr, 0, RTN_LOCAL);
1141}
1142
1143/* removes all entries for a given device */
1144void mctp_route_remove_dev(struct mctp_dev *mdev)
1145{
1146 struct net *net = dev_net(mdev->dev);
1147 struct mctp_route *rt, *tmp;
1148
1149 ASSERT_RTNL();
1150 list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) {
1151 if (rt->dev == mdev) {
1152 list_del_rcu(&rt->list);
1153 /* TODO: immediate RTM_DELROUTE */
1154 mctp_route_release(rt);
1155 }
1156 }
1157}
1158
1159/* Incoming packet-handling */
1160
1161static int mctp_pkttype_receive(struct sk_buff *skb, struct net_device *dev,
1162 struct packet_type *pt,
1163 struct net_device *orig_dev)
1164{
1165 struct net *net = dev_net(dev);
1166 struct mctp_dev *mdev;
1167 struct mctp_skb_cb *cb;
1168 struct mctp_route *rt;
1169 struct mctp_hdr *mh;
1170
1171 rcu_read_lock();
1172 mdev = __mctp_dev_get(dev);
1173 rcu_read_unlock();
1174 if (!mdev) {
1175 /* basic non-data sanity checks */
1176 goto err_drop;
1177 }
1178
1179 if (!pskb_may_pull(skb, sizeof(struct mctp_hdr)))
1180 goto err_drop;
1181
1182 skb_reset_transport_header(skb);
1183 skb_reset_network_header(skb);
1184
1185 /* We have enough for a header; decode and route */
1186 mh = mctp_hdr(skb);
1187 if (mh->ver < MCTP_VER_MIN || mh->ver > MCTP_VER_MAX)
1188 goto err_drop;
1189
1190 /* source must be valid unicast or null; drop reserved ranges and
1191 * broadcast
1192 */
1193 if (!(mctp_address_unicast(mh->src) || mctp_address_null(mh->src)))
1194 goto err_drop;
1195
1196 /* dest address: as above, but allow broadcast */
1197 if (!(mctp_address_unicast(mh->dest) || mctp_address_null(mh->dest) ||
1198 mctp_address_broadcast(mh->dest)))
1199 goto err_drop;
1200
1201 /* MCTP drivers must populate halen/haddr */
1202 if (dev->type == ARPHRD_MCTP) {
1203 cb = mctp_cb(skb);
1204 } else {
1205 cb = __mctp_cb(skb);
1206 cb->halen = 0;
1207 }
1208 cb->net = READ_ONCE(mdev->net);
1209 cb->ifindex = dev->ifindex;
1210
1211 rt = mctp_route_lookup(net, cb->net, mh->dest);
1212
1213 /* NULL EID, but addressed to our physical address */
1214 if (!rt && mh->dest == MCTP_ADDR_NULL && skb->pkt_type == PACKET_HOST)
1215 rt = mctp_route_lookup_null(net, dev);
1216
1217 if (!rt)
1218 goto err_drop;
1219
1220 rt->output(rt, skb);
1221 mctp_route_release(rt);
1222 mctp_dev_put(mdev);
1223
1224 return NET_RX_SUCCESS;
1225
1226err_drop:
1227 kfree_skb(skb);
1228 mctp_dev_put(mdev);
1229 return NET_RX_DROP;
1230}
1231
1232static struct packet_type mctp_packet_type = {
1233 .type = cpu_to_be16(ETH_P_MCTP),
1234 .func = mctp_pkttype_receive,
1235};
1236
1237/* netlink interface */
1238
1239static const struct nla_policy rta_mctp_policy[RTA_MAX + 1] = {
1240 [RTA_DST] = { .type = NLA_U8 },
1241 [RTA_METRICS] = { .type = NLA_NESTED },
1242 [RTA_OIF] = { .type = NLA_U32 },
1243};
1244
1245/* Common part for RTM_NEWROUTE and RTM_DELROUTE parsing.
1246 * tb must hold RTA_MAX+1 elements.
1247 */
1248static int mctp_route_nlparse(struct sk_buff *skb, struct nlmsghdr *nlh,
1249 struct netlink_ext_ack *extack,
1250 struct nlattr **tb, struct rtmsg **rtm,
1251 struct mctp_dev **mdev, mctp_eid_t *daddr_start)
1252{
1253 struct net *net = sock_net(skb->sk);
1254 struct net_device *dev;
1255 unsigned int ifindex;
1256 int rc;
1257
1258 rc = nlmsg_parse(nlh, sizeof(struct rtmsg), tb, RTA_MAX,
1259 rta_mctp_policy, extack);
1260 if (rc < 0) {
1261 NL_SET_ERR_MSG(extack, "incorrect format");
1262 return rc;
1263 }
1264
1265 if (!tb[RTA_DST]) {
1266 NL_SET_ERR_MSG(extack, "dst EID missing");
1267 return -EINVAL;
1268 }
1269 *daddr_start = nla_get_u8(tb[RTA_DST]);
1270
1271 if (!tb[RTA_OIF]) {
1272 NL_SET_ERR_MSG(extack, "ifindex missing");
1273 return -EINVAL;
1274 }
1275 ifindex = nla_get_u32(tb[RTA_OIF]);
1276
1277 *rtm = nlmsg_data(nlh);
1278 if ((*rtm)->rtm_family != AF_MCTP) {
1279 NL_SET_ERR_MSG(extack, "route family must be AF_MCTP");
1280 return -EINVAL;
1281 }
1282
1283 dev = __dev_get_by_index(net, ifindex);
1284 if (!dev) {
1285 NL_SET_ERR_MSG(extack, "bad ifindex");
1286 return -ENODEV;
1287 }
1288 *mdev = mctp_dev_get_rtnl(dev);
1289 if (!*mdev)
1290 return -ENODEV;
1291
1292 if (dev->flags & IFF_LOOPBACK) {
1293 NL_SET_ERR_MSG(extack, "no routes to loopback");
1294 return -EINVAL;
1295 }
1296
1297 return 0;
1298}
1299
1300static const struct nla_policy rta_metrics_policy[RTAX_MAX + 1] = {
1301 [RTAX_MTU] = { .type = NLA_U32 },
1302};
1303
1304static int mctp_newroute(struct sk_buff *skb, struct nlmsghdr *nlh,
1305 struct netlink_ext_ack *extack)
1306{
1307 struct nlattr *tb[RTA_MAX + 1];
1308 struct nlattr *tbx[RTAX_MAX + 1];
1309 mctp_eid_t daddr_start;
1310 struct mctp_dev *mdev;
1311 struct rtmsg *rtm;
1312 unsigned int mtu;
1313 int rc;
1314
1315 rc = mctp_route_nlparse(skb, nlh, extack, tb,
1316 &rtm, &mdev, &daddr_start);
1317 if (rc < 0)
1318 return rc;
1319
1320 if (rtm->rtm_type != RTN_UNICAST) {
1321 NL_SET_ERR_MSG(extack, "rtm_type must be RTN_UNICAST");
1322 return -EINVAL;
1323 }
1324
1325 mtu = 0;
1326 if (tb[RTA_METRICS]) {
1327 rc = nla_parse_nested(tbx, RTAX_MAX, tb[RTA_METRICS],
1328 rta_metrics_policy, NULL);
1329 if (rc < 0)
1330 return rc;
1331 if (tbx[RTAX_MTU])
1332 mtu = nla_get_u32(tbx[RTAX_MTU]);
1333 }
1334
1335 rc = mctp_route_add(mdev, daddr_start, rtm->rtm_dst_len, mtu,
1336 rtm->rtm_type);
1337 return rc;
1338}
1339
1340static int mctp_delroute(struct sk_buff *skb, struct nlmsghdr *nlh,
1341 struct netlink_ext_ack *extack)
1342{
1343 struct nlattr *tb[RTA_MAX + 1];
1344 mctp_eid_t daddr_start;
1345 struct mctp_dev *mdev;
1346 struct rtmsg *rtm;
1347 int rc;
1348
1349 rc = mctp_route_nlparse(skb, nlh, extack, tb,
1350 &rtm, &mdev, &daddr_start);
1351 if (rc < 0)
1352 return rc;
1353
1354 /* we only have unicast routes */
1355 if (rtm->rtm_type != RTN_UNICAST)
1356 return -EINVAL;
1357
1358 rc = mctp_route_remove(mdev, daddr_start, rtm->rtm_dst_len, RTN_UNICAST);
1359 return rc;
1360}
1361
1362static int mctp_fill_rtinfo(struct sk_buff *skb, struct mctp_route *rt,
1363 u32 portid, u32 seq, int event, unsigned int flags)
1364{
1365 struct nlmsghdr *nlh;
1366 struct rtmsg *hdr;
1367 void *metrics;
1368
1369 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*hdr), flags);
1370 if (!nlh)
1371 return -EMSGSIZE;
1372
1373 hdr = nlmsg_data(nlh);
1374 hdr->rtm_family = AF_MCTP;
1375
1376 /* we use the _len fields as a number of EIDs, rather than
1377 * a number of bits in the address
1378 */
1379 hdr->rtm_dst_len = rt->max - rt->min;
1380 hdr->rtm_src_len = 0;
1381 hdr->rtm_tos = 0;
1382 hdr->rtm_table = RT_TABLE_DEFAULT;
1383 hdr->rtm_protocol = RTPROT_STATIC; /* everything is user-defined */
1384 hdr->rtm_scope = RT_SCOPE_LINK; /* TODO: scope in mctp_route? */
1385 hdr->rtm_type = rt->type;
1386
1387 if (nla_put_u8(skb, RTA_DST, rt->min))
1388 goto cancel;
1389
1390 metrics = nla_nest_start_noflag(skb, RTA_METRICS);
1391 if (!metrics)
1392 goto cancel;
1393
1394 if (rt->mtu) {
1395 if (nla_put_u32(skb, RTAX_MTU, rt->mtu))
1396 goto cancel;
1397 }
1398
1399 nla_nest_end(skb, metrics);
1400
1401 if (rt->dev) {
1402 if (nla_put_u32(skb, RTA_OIF, rt->dev->dev->ifindex))
1403 goto cancel;
1404 }
1405
1406 /* TODO: conditional neighbour physaddr? */
1407
1408 nlmsg_end(skb, nlh);
1409
1410 return 0;
1411
1412cancel:
1413 nlmsg_cancel(skb, nlh);
1414 return -EMSGSIZE;
1415}
1416
1417static int mctp_dump_rtinfo(struct sk_buff *skb, struct netlink_callback *cb)
1418{
1419 struct net *net = sock_net(skb->sk);
1420 struct mctp_route *rt;
1421 int s_idx, idx;
1422
1423 /* TODO: allow filtering on route data, possibly under
1424 * cb->strict_check
1425 */
1426
1427 /* TODO: change to struct overlay */
1428 s_idx = cb->args[0];
1429 idx = 0;
1430
1431 rcu_read_lock();
1432 list_for_each_entry_rcu(rt, &net->mctp.routes, list) {
1433 if (idx++ < s_idx)
1434 continue;
1435 if (mctp_fill_rtinfo(skb, rt,
1436 NETLINK_CB(cb->skb).portid,
1437 cb->nlh->nlmsg_seq,
1438 RTM_NEWROUTE, NLM_F_MULTI) < 0)
1439 break;
1440 }
1441
1442 rcu_read_unlock();
1443 cb->args[0] = idx;
1444
1445 return skb->len;
1446}
1447
1448/* net namespace implementation */
1449static int __net_init mctp_routes_net_init(struct net *net)
1450{
1451 struct netns_mctp *ns = &net->mctp;
1452
1453 INIT_LIST_HEAD(&ns->routes);
1454 INIT_HLIST_HEAD(&ns->binds);
1455 mutex_init(&ns->bind_lock);
1456 INIT_HLIST_HEAD(&ns->keys);
1457 spin_lock_init(&ns->keys_lock);
1458 WARN_ON(mctp_default_net_set(net, MCTP_INITIAL_DEFAULT_NET));
1459 return 0;
1460}
1461
1462static void __net_exit mctp_routes_net_exit(struct net *net)
1463{
1464 struct mctp_route *rt;
1465
1466 rcu_read_lock();
1467 list_for_each_entry_rcu(rt, &net->mctp.routes, list)
1468 mctp_route_release(rt);
1469 rcu_read_unlock();
1470}
1471
1472static struct pernet_operations mctp_net_ops = {
1473 .init = mctp_routes_net_init,
1474 .exit = mctp_routes_net_exit,
1475};
1476
1477int __init mctp_routes_init(void)
1478{
1479 dev_add_pack(&mctp_packet_type);
1480
1481 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_GETROUTE,
1482 NULL, mctp_dump_rtinfo, 0);
1483 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_NEWROUTE,
1484 mctp_newroute, NULL, 0);
1485 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_DELROUTE,
1486 mctp_delroute, NULL, 0);
1487
1488 return register_pernet_subsys(&mctp_net_ops);
1489}
1490
1491void mctp_routes_exit(void)
1492{
1493 unregister_pernet_subsys(&mctp_net_ops);
1494 rtnl_unregister(PF_MCTP, RTM_DELROUTE);
1495 rtnl_unregister(PF_MCTP, RTM_NEWROUTE);
1496 rtnl_unregister(PF_MCTP, RTM_GETROUTE);
1497 dev_remove_pack(&mctp_packet_type);
1498}
1499
1500#if IS_ENABLED(CONFIG_MCTP_TEST)
1501#include "test/route-test.c"
1502#endif