1/* 2 * net/tipc/msg.c: TIPC message header routines 3 * 4 * Copyright (c) 2000-2006, 2014-2015, Ericsson AB 5 * Copyright (c) 2005, 2010-2011, Wind River Systems 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the names of the copyright holders nor the names of its 17 * contributors may be used to endorse or promote products derived from 18 * this software without specific prior written permission. 19 * 20 * Alternatively, this software may be distributed under the terms of the 21 * GNU General Public License ("GPL") version 2 as published by the Free 22 * Software Foundation. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 25 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 */ 36 37#include <net/sock.h> 38#include "core.h" 39#include "msg.h" 40#include "addr.h" 41#include "name_table.h" 42 43#define MAX_FORWARD_SIZE 1024 44 45static unsigned int align(unsigned int i) 46{ 47 return (i + 3) & ~3u; 48} 49 50/** 51 * tipc_buf_acquire - creates a TIPC message buffer 52 * @size: message size (including TIPC header) 53 * 54 * Returns a new buffer with data pointers set to the specified size. 55 * 56 * NOTE: Headroom is reserved to allow prepending of a data link header. 57 * There may also be unrequested tailroom present at the buffer's end. 58 */ 59struct sk_buff *tipc_buf_acquire(u32 size) 60{ 61 struct sk_buff *skb; 62 unsigned int buf_size = (BUF_HEADROOM + size + 3) & ~3u; 63 64 skb = alloc_skb_fclone(buf_size, GFP_ATOMIC); 65 if (skb) { 66 skb_reserve(skb, BUF_HEADROOM); 67 skb_put(skb, size); 68 skb->next = NULL; 69 } 70 return skb; 71} 72 73void tipc_msg_init(u32 own_node, struct tipc_msg *m, u32 user, u32 type, 74 u32 hsize, u32 dnode) 75{ 76 memset(m, 0, hsize); 77 msg_set_version(m); 78 msg_set_user(m, user); 79 msg_set_hdr_sz(m, hsize); 80 msg_set_size(m, hsize); 81 msg_set_prevnode(m, own_node); 82 msg_set_type(m, type); 83 if (hsize > SHORT_H_SIZE) { 84 msg_set_orignode(m, own_node); 85 msg_set_destnode(m, dnode); 86 } 87} 88 89struct sk_buff *tipc_msg_create(uint user, uint type, 90 uint hdr_sz, uint data_sz, u32 dnode, 91 u32 onode, u32 dport, u32 oport, int errcode) 92{ 93 struct tipc_msg *msg; 94 struct sk_buff *buf; 95 96 buf = tipc_buf_acquire(hdr_sz + data_sz); 97 if (unlikely(!buf)) 98 return NULL; 99 100 msg = buf_msg(buf); 101 tipc_msg_init(onode, msg, user, type, hdr_sz, dnode); 102 msg_set_size(msg, hdr_sz + data_sz); 103 msg_set_origport(msg, oport); 104 msg_set_destport(msg, dport); 105 msg_set_errcode(msg, errcode); 106 if (hdr_sz > SHORT_H_SIZE) { 107 msg_set_orignode(msg, onode); 108 msg_set_destnode(msg, dnode); 109 } 110 return buf; 111} 112 113/* tipc_buf_append(): Append a buffer to the fragment list of another buffer 114 * @*headbuf: in: NULL for first frag, otherwise value returned from prev call 115 * out: set when successful non-complete reassembly, otherwise NULL 116 * @*buf: in: the buffer to append. Always defined 117 * out: head buf after successful complete reassembly, otherwise NULL 118 * Returns 1 when reassembly complete, otherwise 0 119 */ 120int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf) 121{ 122 struct sk_buff *head = *headbuf; 123 struct sk_buff *frag = *buf; 124 struct sk_buff *tail = NULL; 125 struct tipc_msg *msg; 126 u32 fragid; 127 int delta; 128 bool headstolen; 129 130 if (!frag) 131 goto err; 132 133 msg = buf_msg(frag); 134 fragid = msg_type(msg); 135 frag->next = NULL; 136 skb_pull(frag, msg_hdr_sz(msg)); 137 138 if (fragid == FIRST_FRAGMENT) { 139 if (unlikely(head)) 140 goto err; 141 if (unlikely(skb_unclone(frag, GFP_ATOMIC))) 142 goto err; 143 head = *headbuf = frag; 144 *buf = NULL; 145 TIPC_SKB_CB(head)->tail = NULL; 146 if (skb_is_nonlinear(head)) { 147 skb_walk_frags(head, tail) { 148 TIPC_SKB_CB(head)->tail = tail; 149 } 150 } else { 151 skb_frag_list_init(head); 152 } 153 return 0; 154 } 155 156 if (!head) 157 goto err; 158 159 if (skb_try_coalesce(head, frag, &headstolen, &delta)) { 160 kfree_skb_partial(frag, headstolen); 161 } else { 162 tail = TIPC_SKB_CB(head)->tail; 163 if (!skb_has_frag_list(head)) 164 skb_shinfo(head)->frag_list = frag; 165 else 166 tail->next = frag; 167 head->truesize += frag->truesize; 168 head->data_len += frag->len; 169 head->len += frag->len; 170 TIPC_SKB_CB(head)->tail = frag; 171 } 172 173 if (fragid == LAST_FRAGMENT) { 174 TIPC_SKB_CB(head)->validated = false; 175 if (unlikely(!tipc_msg_validate(head))) 176 goto err; 177 *buf = head; 178 TIPC_SKB_CB(head)->tail = NULL; 179 *headbuf = NULL; 180 return 1; 181 } 182 *buf = NULL; 183 return 0; 184err: 185 kfree_skb(*buf); 186 kfree_skb(*headbuf); 187 *buf = *headbuf = NULL; 188 return 0; 189} 190 191/* tipc_msg_validate - validate basic format of received message 192 * 193 * This routine ensures a TIPC message has an acceptable header, and at least 194 * as much data as the header indicates it should. The routine also ensures 195 * that the entire message header is stored in the main fragment of the message 196 * buffer, to simplify future access to message header fields. 197 * 198 * Note: Having extra info present in the message header or data areas is OK. 199 * TIPC will ignore the excess, under the assumption that it is optional info 200 * introduced by a later release of the protocol. 201 */ 202bool tipc_msg_validate(struct sk_buff *skb) 203{ 204 struct tipc_msg *msg; 205 int msz, hsz; 206 207 if (unlikely(TIPC_SKB_CB(skb)->validated)) 208 return true; 209 if (unlikely(!pskb_may_pull(skb, MIN_H_SIZE))) 210 return false; 211 212 hsz = msg_hdr_sz(buf_msg(skb)); 213 if (unlikely(hsz < MIN_H_SIZE) || (hsz > MAX_H_SIZE)) 214 return false; 215 if (unlikely(!pskb_may_pull(skb, hsz))) 216 return false; 217 218 msg = buf_msg(skb); 219 if (unlikely(msg_version(msg) != TIPC_VERSION)) 220 return false; 221 222 msz = msg_size(msg); 223 if (unlikely(msz < hsz)) 224 return false; 225 if (unlikely((msz - hsz) > TIPC_MAX_USER_MSG_SIZE)) 226 return false; 227 if (unlikely(skb->len < msz)) 228 return false; 229 230 TIPC_SKB_CB(skb)->validated = true; 231 return true; 232} 233 234/** 235 * tipc_msg_build - create buffer chain containing specified header and data 236 * @mhdr: Message header, to be prepended to data 237 * @m: User message 238 * @dsz: Total length of user data 239 * @pktmax: Max packet size that can be used 240 * @list: Buffer or chain of buffers to be returned to caller 241 * 242 * Returns message data size or errno: -ENOMEM, -EFAULT 243 */ 244int tipc_msg_build(struct tipc_msg *mhdr, struct msghdr *m, 245 int offset, int dsz, int pktmax, struct sk_buff_head *list) 246{ 247 int mhsz = msg_hdr_sz(mhdr); 248 int msz = mhsz + dsz; 249 int pktno = 1; 250 int pktsz; 251 int pktrem = pktmax; 252 int drem = dsz; 253 struct tipc_msg pkthdr; 254 struct sk_buff *skb; 255 char *pktpos; 256 int rc; 257 258 msg_set_size(mhdr, msz); 259 260 /* No fragmentation needed? */ 261 if (likely(msz <= pktmax)) { 262 skb = tipc_buf_acquire(msz); 263 if (unlikely(!skb)) 264 return -ENOMEM; 265 skb_orphan(skb); 266 __skb_queue_tail(list, skb); 267 skb_copy_to_linear_data(skb, mhdr, mhsz); 268 pktpos = skb->data + mhsz; 269 if (copy_from_iter(pktpos, dsz, &m->msg_iter) == dsz) 270 return dsz; 271 rc = -EFAULT; 272 goto error; 273 } 274 275 /* Prepare reusable fragment header */ 276 tipc_msg_init(msg_prevnode(mhdr), &pkthdr, MSG_FRAGMENTER, 277 FIRST_FRAGMENT, INT_H_SIZE, msg_destnode(mhdr)); 278 msg_set_size(&pkthdr, pktmax); 279 msg_set_fragm_no(&pkthdr, pktno); 280 msg_set_importance(&pkthdr, msg_importance(mhdr)); 281 282 /* Prepare first fragment */ 283 skb = tipc_buf_acquire(pktmax); 284 if (!skb) 285 return -ENOMEM; 286 skb_orphan(skb); 287 __skb_queue_tail(list, skb); 288 pktpos = skb->data; 289 skb_copy_to_linear_data(skb, &pkthdr, INT_H_SIZE); 290 pktpos += INT_H_SIZE; 291 pktrem -= INT_H_SIZE; 292 skb_copy_to_linear_data_offset(skb, INT_H_SIZE, mhdr, mhsz); 293 pktpos += mhsz; 294 pktrem -= mhsz; 295 296 do { 297 if (drem < pktrem) 298 pktrem = drem; 299 300 if (copy_from_iter(pktpos, pktrem, &m->msg_iter) != pktrem) { 301 rc = -EFAULT; 302 goto error; 303 } 304 drem -= pktrem; 305 306 if (!drem) 307 break; 308 309 /* Prepare new fragment: */ 310 if (drem < (pktmax - INT_H_SIZE)) 311 pktsz = drem + INT_H_SIZE; 312 else 313 pktsz = pktmax; 314 skb = tipc_buf_acquire(pktsz); 315 if (!skb) { 316 rc = -ENOMEM; 317 goto error; 318 } 319 skb_orphan(skb); 320 __skb_queue_tail(list, skb); 321 msg_set_type(&pkthdr, FRAGMENT); 322 msg_set_size(&pkthdr, pktsz); 323 msg_set_fragm_no(&pkthdr, ++pktno); 324 skb_copy_to_linear_data(skb, &pkthdr, INT_H_SIZE); 325 pktpos = skb->data + INT_H_SIZE; 326 pktrem = pktsz - INT_H_SIZE; 327 328 } while (1); 329 msg_set_type(buf_msg(skb), LAST_FRAGMENT); 330 return dsz; 331error: 332 __skb_queue_purge(list); 333 __skb_queue_head_init(list); 334 return rc; 335} 336 337/** 338 * tipc_msg_bundle(): Append contents of a buffer to tail of an existing one 339 * @skb: the buffer to append to ("bundle") 340 * @msg: message to be appended 341 * @mtu: max allowable size for the bundle buffer 342 * Consumes buffer if successful 343 * Returns true if bundling could be performed, otherwise false 344 */ 345bool tipc_msg_bundle(struct sk_buff *skb, struct tipc_msg *msg, u32 mtu) 346{ 347 struct tipc_msg *bmsg; 348 unsigned int bsz; 349 unsigned int msz = msg_size(msg); 350 u32 start, pad; 351 u32 max = mtu - INT_H_SIZE; 352 353 if (likely(msg_user(msg) == MSG_FRAGMENTER)) 354 return false; 355 if (!skb) 356 return false; 357 bmsg = buf_msg(skb); 358 bsz = msg_size(bmsg); 359 start = align(bsz); 360 pad = start - bsz; 361 362 if (unlikely(msg_user(msg) == TUNNEL_PROTOCOL)) 363 return false; 364 if (unlikely(msg_user(msg) == BCAST_PROTOCOL)) 365 return false; 366 if (unlikely(msg_user(bmsg) != MSG_BUNDLER)) 367 return false; 368 if (unlikely(skb_tailroom(skb) < (pad + msz))) 369 return false; 370 if (unlikely(max < (start + msz))) 371 return false; 372 if ((msg_importance(msg) < TIPC_SYSTEM_IMPORTANCE) && 373 (msg_importance(bmsg) == TIPC_SYSTEM_IMPORTANCE)) 374 return false; 375 376 skb_put(skb, pad + msz); 377 skb_copy_to_linear_data_offset(skb, start, msg, msz); 378 msg_set_size(bmsg, start + msz); 379 msg_set_msgcnt(bmsg, msg_msgcnt(bmsg) + 1); 380 return true; 381} 382 383/** 384 * tipc_msg_extract(): extract bundled inner packet from buffer 385 * @skb: buffer to be extracted from. 386 * @iskb: extracted inner buffer, to be returned 387 * @pos: position in outer message of msg to be extracted. 388 * Returns position of next msg 389 * Consumes outer buffer when last packet extracted 390 * Returns true when when there is an extracted buffer, otherwise false 391 */ 392bool tipc_msg_extract(struct sk_buff *skb, struct sk_buff **iskb, int *pos) 393{ 394 struct tipc_msg *msg; 395 int imsz, offset; 396 397 *iskb = NULL; 398 if (unlikely(skb_linearize(skb))) 399 goto none; 400 401 msg = buf_msg(skb); 402 offset = msg_hdr_sz(msg) + *pos; 403 if (unlikely(offset > (msg_size(msg) - MIN_H_SIZE))) 404 goto none; 405 406 *iskb = skb_clone(skb, GFP_ATOMIC); 407 if (unlikely(!*iskb)) 408 goto none; 409 skb_pull(*iskb, offset); 410 imsz = msg_size(buf_msg(*iskb)); 411 skb_trim(*iskb, imsz); 412 if (unlikely(!tipc_msg_validate(*iskb))) 413 goto none; 414 *pos += align(imsz); 415 return true; 416none: 417 kfree_skb(skb); 418 kfree_skb(*iskb); 419 *iskb = NULL; 420 return false; 421} 422 423/** 424 * tipc_msg_make_bundle(): Create bundle buf and append message to its tail 425 * @list: the buffer chain, where head is the buffer to replace/append 426 * @skb: buffer to be created, appended to and returned in case of success 427 * @msg: message to be appended 428 * @mtu: max allowable size for the bundle buffer, inclusive header 429 * @dnode: destination node for message. (Not always present in header) 430 * Returns true if success, otherwise false 431 */ 432bool tipc_msg_make_bundle(struct sk_buff **skb, struct tipc_msg *msg, 433 u32 mtu, u32 dnode) 434{ 435 struct sk_buff *_skb; 436 struct tipc_msg *bmsg; 437 u32 msz = msg_size(msg); 438 u32 max = mtu - INT_H_SIZE; 439 440 if (msg_user(msg) == MSG_FRAGMENTER) 441 return false; 442 if (msg_user(msg) == TUNNEL_PROTOCOL) 443 return false; 444 if (msg_user(msg) == BCAST_PROTOCOL) 445 return false; 446 if (msz > (max / 2)) 447 return false; 448 449 _skb = tipc_buf_acquire(max); 450 if (!_skb) 451 return false; 452 453 skb_trim(_skb, INT_H_SIZE); 454 bmsg = buf_msg(_skb); 455 tipc_msg_init(msg_prevnode(msg), bmsg, MSG_BUNDLER, 0, 456 INT_H_SIZE, dnode); 457 if (msg_isdata(msg)) 458 msg_set_importance(bmsg, TIPC_CRITICAL_IMPORTANCE); 459 else 460 msg_set_importance(bmsg, TIPC_SYSTEM_IMPORTANCE); 461 msg_set_seqno(bmsg, msg_seqno(msg)); 462 msg_set_ack(bmsg, msg_ack(msg)); 463 msg_set_bcast_ack(bmsg, msg_bcast_ack(msg)); 464 tipc_msg_bundle(_skb, msg, mtu); 465 *skb = _skb; 466 return true; 467} 468 469/** 470 * tipc_msg_reverse(): swap source and destination addresses and add error code 471 * @own_node: originating node id for reversed message 472 * @skb: buffer containing message to be reversed; may be replaced. 473 * @err: error code to be set in message, if any 474 * Consumes buffer at failure 475 * Returns true if success, otherwise false 476 */ 477bool tipc_msg_reverse(u32 own_node, struct sk_buff **skb, int err) 478{ 479 struct sk_buff *_skb = *skb; 480 struct tipc_msg *hdr = buf_msg(_skb); 481 struct tipc_msg ohdr; 482 int dlen = min_t(uint, msg_data_sz(hdr), MAX_FORWARD_SIZE); 483 484 if (skb_linearize(_skb)) 485 goto exit; 486 hdr = buf_msg(_skb); 487 if (msg_dest_droppable(hdr)) 488 goto exit; 489 if (msg_errcode(hdr)) 490 goto exit; 491 492 /* Take a copy of original header before altering message */ 493 memcpy(&ohdr, hdr, msg_hdr_sz(hdr)); 494 495 /* Never return SHORT header; expand by replacing buffer if necessary */ 496 if (msg_short(hdr)) { 497 *skb = tipc_buf_acquire(BASIC_H_SIZE + dlen); 498 if (!*skb) 499 goto exit; 500 memcpy((*skb)->data + BASIC_H_SIZE, msg_data(hdr), dlen); 501 kfree_skb(_skb); 502 _skb = *skb; 503 hdr = buf_msg(_skb); 504 memcpy(hdr, &ohdr, BASIC_H_SIZE); 505 msg_set_hdr_sz(hdr, BASIC_H_SIZE); 506 } 507 508 /* Now reverse the concerned fields */ 509 msg_set_errcode(hdr, err); 510 msg_set_origport(hdr, msg_destport(&ohdr)); 511 msg_set_destport(hdr, msg_origport(&ohdr)); 512 msg_set_destnode(hdr, msg_prevnode(&ohdr)); 513 msg_set_prevnode(hdr, own_node); 514 msg_set_orignode(hdr, own_node); 515 msg_set_size(hdr, msg_hdr_sz(hdr) + dlen); 516 skb_trim(_skb, msg_size(hdr)); 517 skb_orphan(_skb); 518 return true; 519exit: 520 kfree_skb(_skb); 521 *skb = NULL; 522 return false; 523} 524 525/** 526 * tipc_msg_lookup_dest(): try to find new destination for named message 527 * @skb: the buffer containing the message. 528 * @err: error code to be used by caller if lookup fails 529 * Does not consume buffer 530 * Returns true if a destination is found, false otherwise 531 */ 532bool tipc_msg_lookup_dest(struct net *net, struct sk_buff *skb, int *err) 533{ 534 struct tipc_msg *msg = buf_msg(skb); 535 u32 dport, dnode; 536 u32 onode = tipc_own_addr(net); 537 538 if (!msg_isdata(msg)) 539 return false; 540 if (!msg_named(msg)) 541 return false; 542 if (msg_errcode(msg)) 543 return false; 544 *err = -TIPC_ERR_NO_NAME; 545 if (skb_linearize(skb)) 546 return false; 547 msg = buf_msg(skb); 548 if (msg_reroute_cnt(msg)) 549 return false; 550 dnode = addr_domain(net, msg_lookup_scope(msg)); 551 dport = tipc_nametbl_translate(net, msg_nametype(msg), 552 msg_nameinst(msg), &dnode); 553 if (!dport) 554 return false; 555 msg_incr_reroute_cnt(msg); 556 if (dnode != onode) 557 msg_set_prevnode(msg, onode); 558 msg_set_destnode(msg, dnode); 559 msg_set_destport(msg, dport); 560 *err = TIPC_OK; 561 return true; 562} 563 564/* tipc_msg_reassemble() - clone a buffer chain of fragments and 565 * reassemble the clones into one message 566 */ 567bool tipc_msg_reassemble(struct sk_buff_head *list, struct sk_buff_head *rcvq) 568{ 569 struct sk_buff *skb, *_skb; 570 struct sk_buff *frag = NULL; 571 struct sk_buff *head = NULL; 572 int hdr_len; 573 574 /* Copy header if single buffer */ 575 if (skb_queue_len(list) == 1) { 576 skb = skb_peek(list); 577 hdr_len = skb_headroom(skb) + msg_hdr_sz(buf_msg(skb)); 578 _skb = __pskb_copy(skb, hdr_len, GFP_ATOMIC); 579 if (!_skb) 580 return false; 581 __skb_queue_tail(rcvq, _skb); 582 return true; 583 } 584 585 /* Clone all fragments and reassemble */ 586 skb_queue_walk(list, skb) { 587 frag = skb_clone(skb, GFP_ATOMIC); 588 if (!frag) 589 goto error; 590 frag->next = NULL; 591 if (tipc_buf_append(&head, &frag)) 592 break; 593 if (!head) 594 goto error; 595 } 596 __skb_queue_tail(rcvq, frag); 597 return true; 598error: 599 pr_warn("Failed do clone local mcast rcv buffer\n"); 600 kfree_skb(head); 601 return false; 602} 603 604/* tipc_skb_queue_sorted(); sort pkt into list according to sequence number 605 * @list: list to be appended to 606 * @seqno: sequence number of buffer to add 607 * @skb: buffer to add 608 */ 609void __tipc_skb_queue_sorted(struct sk_buff_head *list, u16 seqno, 610 struct sk_buff *skb) 611{ 612 struct sk_buff *_skb, *tmp; 613 614 if (skb_queue_empty(list) || less(seqno, buf_seqno(skb_peek(list)))) { 615 __skb_queue_head(list, skb); 616 return; 617 } 618 619 if (more(seqno, buf_seqno(skb_peek_tail(list)))) { 620 __skb_queue_tail(list, skb); 621 return; 622 } 623 624 skb_queue_walk_safe(list, _skb, tmp) { 625 if (more(seqno, buf_seqno(_skb))) 626 continue; 627 if (seqno == buf_seqno(_skb)) 628 break; 629 __skb_queue_before(list, _skb, skb); 630 return; 631 } 632 kfree_skb(skb); 633} 634