1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Management Component Transport Protocol (MCTP) - routing 4 * implementation. 5 * 6 * This is currently based on a simple routing table, with no dst cache. The 7 * number of routes should stay fairly small, so the lookup cost is small. 8 * 9 * Copyright (c) 2021 Code Construct 10 * Copyright (c) 2021 Google 11 */ 12 13 #include <linux/idr.h> 14 #include <linux/kconfig.h> 15 #include <linux/mctp.h> 16 #include <linux/netdevice.h> 17 #include <linux/rtnetlink.h> 18 #include <linux/skbuff.h> 19 20 #include <uapi/linux/if_arp.h> 21 22 #include <net/mctp.h> 23 #include <net/mctpdevice.h> 24 #include <net/netlink.h> 25 #include <net/sock.h> 26 27 #include <trace/events/mctp.h> 28 29 static const unsigned int mctp_message_maxlen = 64 * 1024; 30 static const unsigned long mctp_key_lifetime = 6 * CONFIG_HZ; 31 32 static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev); 33 34 /* route output callbacks */ 35 static int mctp_route_discard(struct mctp_route *route, struct sk_buff *skb) 36 { 37 kfree_skb(skb); 38 return 0; 39 } 40 41 static struct mctp_sock *mctp_lookup_bind(struct net *net, struct sk_buff *skb) 42 { 43 struct mctp_skb_cb *cb = mctp_cb(skb); 44 struct mctp_hdr *mh; 45 struct sock *sk; 46 u8 type; 47 48 WARN_ON(!rcu_read_lock_held()); 49 50 /* TODO: look up in skb->cb? */ 51 mh = mctp_hdr(skb); 52 53 if (!skb_headlen(skb)) 54 return NULL; 55 56 type = (*(u8 *)skb->data) & 0x7f; 57 58 sk_for_each_rcu(sk, &net->mctp.binds) { 59 struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk); 60 61 if (msk->bind_net != MCTP_NET_ANY && msk->bind_net != cb->net) 62 continue; 63 64 if (msk->bind_type != type) 65 continue; 66 67 if (!mctp_address_matches(msk->bind_addr, mh->dest)) 68 continue; 69 70 return msk; 71 } 72 73 return NULL; 74 } 75 76 static bool mctp_key_match(struct mctp_sk_key *key, mctp_eid_t local, 77 mctp_eid_t peer, u8 tag) 78 { 79 if (!mctp_address_matches(key->local_addr, local)) 80 return false; 81 82 if (key->peer_addr != peer) 83 return false; 84 85 if (key->tag != tag) 86 return false; 87 88 return true; 89 } 90 91 /* returns a key (with key->lock held, and refcounted), or NULL if no such 92 * key exists. 93 */ 94 static struct mctp_sk_key *mctp_lookup_key(struct net *net, struct sk_buff *skb, 95 mctp_eid_t peer, 96 unsigned long *irqflags) 97 __acquires(&key->lock) 98 { 99 struct mctp_sk_key *key, *ret; 100 unsigned long flags; 101 struct mctp_hdr *mh; 102 u8 tag; 103 104 mh = mctp_hdr(skb); 105 tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO); 106 107 ret = NULL; 108 spin_lock_irqsave(&net->mctp.keys_lock, flags); 109 110 hlist_for_each_entry(key, &net->mctp.keys, hlist) { 111 if (!mctp_key_match(key, mh->dest, peer, tag)) 112 continue; 113 114 spin_lock(&key->lock); 115 if (key->valid) { 116 refcount_inc(&key->refs); 117 ret = key; 118 break; 119 } 120 spin_unlock(&key->lock); 121 } 122 123 if (ret) { 124 spin_unlock(&net->mctp.keys_lock); 125 *irqflags = flags; 126 } else { 127 spin_unlock_irqrestore(&net->mctp.keys_lock, flags); 128 } 129 130 return ret; 131 } 132 133 static struct mctp_sk_key *mctp_key_alloc(struct mctp_sock *msk, 134 mctp_eid_t local, mctp_eid_t peer, 135 u8 tag, gfp_t gfp) 136 { 137 struct mctp_sk_key *key; 138 139 key = kzalloc(sizeof(*key), gfp); 140 if (!key) 141 return NULL; 142 143 key->peer_addr = peer; 144 key->local_addr = local; 145 key->tag = tag; 146 key->sk = &msk->sk; 147 key->valid = true; 148 spin_lock_init(&key->lock); 149 refcount_set(&key->refs, 1); 150 151 return key; 152 } 153 154 void mctp_key_unref(struct mctp_sk_key *key) 155 { 156 unsigned long flags; 157 158 if (!refcount_dec_and_test(&key->refs)) 159 return; 160 161 /* even though no refs exist here, the lock allows us to stay 162 * consistent with the locking requirement of mctp_dev_release_key 163 */ 164 spin_lock_irqsave(&key->lock, flags); 165 mctp_dev_release_key(key->dev, key); 166 spin_unlock_irqrestore(&key->lock, flags); 167 168 kfree(key); 169 } 170 171 static int mctp_key_add(struct mctp_sk_key *key, struct mctp_sock *msk) 172 { 173 struct net *net = sock_net(&msk->sk); 174 struct mctp_sk_key *tmp; 175 unsigned long flags; 176 int rc = 0; 177 178 spin_lock_irqsave(&net->mctp.keys_lock, flags); 179 180 hlist_for_each_entry(tmp, &net->mctp.keys, hlist) { 181 if (mctp_key_match(tmp, key->local_addr, key->peer_addr, 182 key->tag)) { 183 spin_lock(&tmp->lock); 184 if (tmp->valid) 185 rc = -EEXIST; 186 spin_unlock(&tmp->lock); 187 if (rc) 188 break; 189 } 190 } 191 192 if (!rc) { 193 refcount_inc(&key->refs); 194 key->expiry = jiffies + mctp_key_lifetime; 195 timer_reduce(&msk->key_expiry, key->expiry); 196 197 hlist_add_head(&key->hlist, &net->mctp.keys); 198 hlist_add_head(&key->sklist, &msk->keys); 199 } 200 201 spin_unlock_irqrestore(&net->mctp.keys_lock, flags); 202 203 return rc; 204 } 205 206 /* Helper for mctp_route_input(). 207 * We're done with the key; unlock and unref the key. 208 * For the usual case of automatic expiry we remove the key from lists. 209 * In the case that manual allocation is set on a key we release the lock 210 * and local ref, reset reassembly, but don't remove from lists. 211 */ 212 static void __mctp_key_done_in(struct mctp_sk_key *key, struct net *net, 213 unsigned long flags, unsigned long reason) 214 __releases(&key->lock) 215 { 216 struct sk_buff *skb; 217 218 trace_mctp_key_release(key, reason); 219 skb = key->reasm_head; 220 key->reasm_head = NULL; 221 222 if (!key->manual_alloc) { 223 key->reasm_dead = true; 224 key->valid = false; 225 mctp_dev_release_key(key->dev, key); 226 } 227 spin_unlock_irqrestore(&key->lock, flags); 228 229 if (!key->manual_alloc) { 230 spin_lock_irqsave(&net->mctp.keys_lock, flags); 231 hlist_del(&key->hlist); 232 hlist_del(&key->sklist); 233 spin_unlock_irqrestore(&net->mctp.keys_lock, flags); 234 235 /* unref for the lists */ 236 mctp_key_unref(key); 237 } 238 239 /* and one for the local reference */ 240 mctp_key_unref(key); 241 242 kfree_skb(skb); 243 } 244 245 #ifdef CONFIG_MCTP_FLOWS 246 static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key) 247 { 248 struct mctp_flow *flow; 249 250 flow = skb_ext_add(skb, SKB_EXT_MCTP); 251 if (!flow) 252 return; 253 254 refcount_inc(&key->refs); 255 flow->key = key; 256 } 257 258 static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev) 259 { 260 struct mctp_sk_key *key; 261 struct mctp_flow *flow; 262 263 flow = skb_ext_find(skb, SKB_EXT_MCTP); 264 if (!flow) 265 return; 266 267 key = flow->key; 268 269 if (WARN_ON(key->dev && key->dev != dev)) 270 return; 271 272 mctp_dev_set_key(dev, key); 273 } 274 #else 275 static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key) {} 276 static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev) {} 277 #endif 278 279 static int mctp_frag_queue(struct mctp_sk_key *key, struct sk_buff *skb) 280 { 281 struct mctp_hdr *hdr = mctp_hdr(skb); 282 u8 exp_seq, this_seq; 283 284 this_seq = (hdr->flags_seq_tag >> MCTP_HDR_SEQ_SHIFT) 285 & MCTP_HDR_SEQ_MASK; 286 287 if (!key->reasm_head) { 288 key->reasm_head = skb; 289 key->reasm_tailp = &(skb_shinfo(skb)->frag_list); 290 key->last_seq = this_seq; 291 return 0; 292 } 293 294 exp_seq = (key->last_seq + 1) & MCTP_HDR_SEQ_MASK; 295 296 if (this_seq != exp_seq) 297 return -EINVAL; 298 299 if (key->reasm_head->len + skb->len > mctp_message_maxlen) 300 return -EINVAL; 301 302 skb->next = NULL; 303 skb->sk = NULL; 304 *key->reasm_tailp = skb; 305 key->reasm_tailp = &skb->next; 306 307 key->last_seq = this_seq; 308 309 key->reasm_head->data_len += skb->len; 310 key->reasm_head->len += skb->len; 311 key->reasm_head->truesize += skb->truesize; 312 313 return 0; 314 } 315 316 static int mctp_route_input(struct mctp_route *route, struct sk_buff *skb) 317 { 318 struct net *net = dev_net(skb->dev); 319 struct mctp_sk_key *key; 320 struct mctp_sock *msk; 321 struct mctp_hdr *mh; 322 unsigned long f; 323 u8 tag, flags; 324 int rc; 325 326 msk = NULL; 327 rc = -EINVAL; 328 329 /* we may be receiving a locally-routed packet; drop source sk 330 * accounting 331 */ 332 skb_orphan(skb); 333 334 /* ensure we have enough data for a header and a type */ 335 if (skb->len < sizeof(struct mctp_hdr) + 1) 336 goto out; 337 338 /* grab header, advance data ptr */ 339 mh = mctp_hdr(skb); 340 skb_pull(skb, sizeof(struct mctp_hdr)); 341 342 if (mh->ver != 1) 343 goto out; 344 345 flags = mh->flags_seq_tag & (MCTP_HDR_FLAG_SOM | MCTP_HDR_FLAG_EOM); 346 tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO); 347 348 rcu_read_lock(); 349 350 /* lookup socket / reasm context, exactly matching (src,dest,tag). 351 * we hold a ref on the key, and key->lock held. 352 */ 353 key = mctp_lookup_key(net, skb, mh->src, &f); 354 355 if (flags & MCTP_HDR_FLAG_SOM) { 356 if (key) { 357 msk = container_of(key->sk, struct mctp_sock, sk); 358 } else { 359 /* first response to a broadcast? do a more general 360 * key lookup to find the socket, but don't use this 361 * key for reassembly - we'll create a more specific 362 * one for future packets if required (ie, !EOM). 363 */ 364 key = mctp_lookup_key(net, skb, MCTP_ADDR_ANY, &f); 365 if (key) { 366 msk = container_of(key->sk, 367 struct mctp_sock, sk); 368 spin_unlock_irqrestore(&key->lock, f); 369 mctp_key_unref(key); 370 key = NULL; 371 } 372 } 373 374 if (!key && !msk && (tag & MCTP_HDR_FLAG_TO)) 375 msk = mctp_lookup_bind(net, skb); 376 377 if (!msk) { 378 rc = -ENOENT; 379 goto out_unlock; 380 } 381 382 /* single-packet message? deliver to socket, clean up any 383 * pending key. 384 */ 385 if (flags & MCTP_HDR_FLAG_EOM) { 386 sock_queue_rcv_skb(&msk->sk, skb); 387 if (key) { 388 /* we've hit a pending reassembly; not much we 389 * can do but drop it 390 */ 391 __mctp_key_done_in(key, net, f, 392 MCTP_TRACE_KEY_REPLIED); 393 key = NULL; 394 } 395 rc = 0; 396 goto out_unlock; 397 } 398 399 /* broadcast response or a bind() - create a key for further 400 * packets for this message 401 */ 402 if (!key) { 403 key = mctp_key_alloc(msk, mh->dest, mh->src, 404 tag, GFP_ATOMIC); 405 if (!key) { 406 rc = -ENOMEM; 407 goto out_unlock; 408 } 409 410 /* we can queue without the key lock here, as the 411 * key isn't observable yet 412 */ 413 mctp_frag_queue(key, skb); 414 415 /* if the key_add fails, we've raced with another 416 * SOM packet with the same src, dest and tag. There's 417 * no way to distinguish future packets, so all we 418 * can do is drop; we'll free the skb on exit from 419 * this function. 420 */ 421 rc = mctp_key_add(key, msk); 422 if (rc) { 423 kfree(key); 424 } else { 425 trace_mctp_key_acquire(key); 426 427 /* we don't need to release key->lock on exit */ 428 mctp_key_unref(key); 429 } 430 key = NULL; 431 432 } else { 433 if (key->reasm_head || key->reasm_dead) { 434 /* duplicate start? drop everything */ 435 __mctp_key_done_in(key, net, f, 436 MCTP_TRACE_KEY_INVALIDATED); 437 rc = -EEXIST; 438 key = NULL; 439 } else { 440 rc = mctp_frag_queue(key, skb); 441 } 442 } 443 444 } else if (key) { 445 /* this packet continues a previous message; reassemble 446 * using the message-specific key 447 */ 448 449 /* we need to be continuing an existing reassembly... */ 450 if (!key->reasm_head) 451 rc = -EINVAL; 452 else 453 rc = mctp_frag_queue(key, skb); 454 455 /* end of message? deliver to socket, and we're done with 456 * the reassembly/response key 457 */ 458 if (!rc && flags & MCTP_HDR_FLAG_EOM) { 459 sock_queue_rcv_skb(key->sk, key->reasm_head); 460 key->reasm_head = NULL; 461 __mctp_key_done_in(key, net, f, MCTP_TRACE_KEY_REPLIED); 462 key = NULL; 463 } 464 465 } else { 466 /* not a start, no matching key */ 467 rc = -ENOENT; 468 } 469 470 out_unlock: 471 rcu_read_unlock(); 472 if (key) { 473 spin_unlock_irqrestore(&key->lock, f); 474 mctp_key_unref(key); 475 } 476 out: 477 if (rc) 478 kfree_skb(skb); 479 return rc; 480 } 481 482 static unsigned int mctp_route_mtu(struct mctp_route *rt) 483 { 484 return rt->mtu ?: READ_ONCE(rt->dev->dev->mtu); 485 } 486 487 static int mctp_route_output(struct mctp_route *route, struct sk_buff *skb) 488 { 489 struct mctp_skb_cb *cb = mctp_cb(skb); 490 struct mctp_hdr *hdr = mctp_hdr(skb); 491 char daddr_buf[MAX_ADDR_LEN]; 492 char *daddr = NULL; 493 unsigned int mtu; 494 int rc; 495 496 skb->protocol = htons(ETH_P_MCTP); 497 498 mtu = READ_ONCE(skb->dev->mtu); 499 if (skb->len > mtu) { 500 kfree_skb(skb); 501 return -EMSGSIZE; 502 } 503 504 if (cb->ifindex) { 505 /* direct route; use the hwaddr we stashed in sendmsg */ 506 if (cb->halen != skb->dev->addr_len) { 507 /* sanity check, sendmsg should have already caught this */ 508 kfree_skb(skb); 509 return -EMSGSIZE; 510 } 511 daddr = cb->haddr; 512 } else { 513 /* If lookup fails let the device handle daddr==NULL */ 514 if (mctp_neigh_lookup(route->dev, hdr->dest, daddr_buf) == 0) 515 daddr = daddr_buf; 516 } 517 518 rc = dev_hard_header(skb, skb->dev, ntohs(skb->protocol), 519 daddr, skb->dev->dev_addr, skb->len); 520 if (rc < 0) { 521 kfree_skb(skb); 522 return -EHOSTUNREACH; 523 } 524 525 mctp_flow_prepare_output(skb, route->dev); 526 527 rc = dev_queue_xmit(skb); 528 if (rc) 529 rc = net_xmit_errno(rc); 530 531 return rc; 532 } 533 534 /* route alloc/release */ 535 static void mctp_route_release(struct mctp_route *rt) 536 { 537 if (refcount_dec_and_test(&rt->refs)) { 538 mctp_dev_put(rt->dev); 539 kfree_rcu(rt, rcu); 540 } 541 } 542 543 /* returns a route with the refcount at 1 */ 544 static struct mctp_route *mctp_route_alloc(void) 545 { 546 struct mctp_route *rt; 547 548 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 549 if (!rt) 550 return NULL; 551 552 INIT_LIST_HEAD(&rt->list); 553 refcount_set(&rt->refs, 1); 554 rt->output = mctp_route_discard; 555 556 return rt; 557 } 558 559 unsigned int mctp_default_net(struct net *net) 560 { 561 return READ_ONCE(net->mctp.default_net); 562 } 563 564 int mctp_default_net_set(struct net *net, unsigned int index) 565 { 566 if (index == 0) 567 return -EINVAL; 568 WRITE_ONCE(net->mctp.default_net, index); 569 return 0; 570 } 571 572 /* tag management */ 573 static void mctp_reserve_tag(struct net *net, struct mctp_sk_key *key, 574 struct mctp_sock *msk) 575 { 576 struct netns_mctp *mns = &net->mctp; 577 578 lockdep_assert_held(&mns->keys_lock); 579 580 key->expiry = jiffies + mctp_key_lifetime; 581 timer_reduce(&msk->key_expiry, key->expiry); 582 583 /* we hold the net->key_lock here, allowing updates to both 584 * then net and sk 585 */ 586 hlist_add_head_rcu(&key->hlist, &mns->keys); 587 hlist_add_head_rcu(&key->sklist, &msk->keys); 588 refcount_inc(&key->refs); 589 } 590 591 /* Allocate a locally-owned tag value for (saddr, daddr), and reserve 592 * it for the socket msk 593 */ 594 struct mctp_sk_key *mctp_alloc_local_tag(struct mctp_sock *msk, 595 mctp_eid_t daddr, mctp_eid_t saddr, 596 bool manual, u8 *tagp) 597 { 598 struct net *net = sock_net(&msk->sk); 599 struct netns_mctp *mns = &net->mctp; 600 struct mctp_sk_key *key, *tmp; 601 unsigned long flags; 602 u8 tagbits; 603 604 /* for NULL destination EIDs, we may get a response from any peer */ 605 if (daddr == MCTP_ADDR_NULL) 606 daddr = MCTP_ADDR_ANY; 607 608 /* be optimistic, alloc now */ 609 key = mctp_key_alloc(msk, saddr, daddr, 0, GFP_KERNEL); 610 if (!key) 611 return ERR_PTR(-ENOMEM); 612 613 /* 8 possible tag values */ 614 tagbits = 0xff; 615 616 spin_lock_irqsave(&mns->keys_lock, flags); 617 618 /* Walk through the existing keys, looking for potential conflicting 619 * tags. If we find a conflict, clear that bit from tagbits 620 */ 621 hlist_for_each_entry(tmp, &mns->keys, hlist) { 622 /* We can check the lookup fields (*_addr, tag) without the 623 * lock held, they don't change over the lifetime of the key. 624 */ 625 626 /* if we don't own the tag, it can't conflict */ 627 if (tmp->tag & MCTP_HDR_FLAG_TO) 628 continue; 629 630 if (!(mctp_address_matches(tmp->peer_addr, daddr) && 631 mctp_address_matches(tmp->local_addr, saddr))) 632 continue; 633 634 spin_lock(&tmp->lock); 635 /* key must still be valid. If we find a match, clear the 636 * potential tag value 637 */ 638 if (tmp->valid) 639 tagbits &= ~(1 << tmp->tag); 640 spin_unlock(&tmp->lock); 641 642 if (!tagbits) 643 break; 644 } 645 646 if (tagbits) { 647 key->tag = __ffs(tagbits); 648 mctp_reserve_tag(net, key, msk); 649 trace_mctp_key_acquire(key); 650 651 key->manual_alloc = manual; 652 *tagp = key->tag; 653 } 654 655 spin_unlock_irqrestore(&mns->keys_lock, flags); 656 657 if (!tagbits) { 658 kfree(key); 659 return ERR_PTR(-EBUSY); 660 } 661 662 return key; 663 } 664 665 static struct mctp_sk_key *mctp_lookup_prealloc_tag(struct mctp_sock *msk, 666 mctp_eid_t daddr, 667 u8 req_tag, u8 *tagp) 668 { 669 struct net *net = sock_net(&msk->sk); 670 struct netns_mctp *mns = &net->mctp; 671 struct mctp_sk_key *key, *tmp; 672 unsigned long flags; 673 674 req_tag &= ~(MCTP_TAG_PREALLOC | MCTP_TAG_OWNER); 675 key = NULL; 676 677 spin_lock_irqsave(&mns->keys_lock, flags); 678 679 hlist_for_each_entry(tmp, &mns->keys, hlist) { 680 if (tmp->tag != req_tag) 681 continue; 682 683 if (!mctp_address_matches(tmp->peer_addr, daddr)) 684 continue; 685 686 if (!tmp->manual_alloc) 687 continue; 688 689 spin_lock(&tmp->lock); 690 if (tmp->valid) { 691 key = tmp; 692 refcount_inc(&key->refs); 693 spin_unlock(&tmp->lock); 694 break; 695 } 696 spin_unlock(&tmp->lock); 697 } 698 spin_unlock_irqrestore(&mns->keys_lock, flags); 699 700 if (!key) 701 return ERR_PTR(-ENOENT); 702 703 if (tagp) 704 *tagp = key->tag; 705 706 return key; 707 } 708 709 /* routing lookups */ 710 static bool mctp_rt_match_eid(struct mctp_route *rt, 711 unsigned int net, mctp_eid_t eid) 712 { 713 return READ_ONCE(rt->dev->net) == net && 714 rt->min <= eid && rt->max >= eid; 715 } 716 717 /* compares match, used for duplicate prevention */ 718 static bool mctp_rt_compare_exact(struct mctp_route *rt1, 719 struct mctp_route *rt2) 720 { 721 ASSERT_RTNL(); 722 return rt1->dev->net == rt2->dev->net && 723 rt1->min == rt2->min && 724 rt1->max == rt2->max; 725 } 726 727 struct mctp_route *mctp_route_lookup(struct net *net, unsigned int dnet, 728 mctp_eid_t daddr) 729 { 730 struct mctp_route *tmp, *rt = NULL; 731 732 list_for_each_entry_rcu(tmp, &net->mctp.routes, list) { 733 /* TODO: add metrics */ 734 if (mctp_rt_match_eid(tmp, dnet, daddr)) { 735 if (refcount_inc_not_zero(&tmp->refs)) { 736 rt = tmp; 737 break; 738 } 739 } 740 } 741 742 return rt; 743 } 744 745 static struct mctp_route *mctp_route_lookup_null(struct net *net, 746 struct net_device *dev) 747 { 748 struct mctp_route *rt; 749 750 list_for_each_entry_rcu(rt, &net->mctp.routes, list) { 751 if (rt->dev->dev == dev && rt->type == RTN_LOCAL && 752 refcount_inc_not_zero(&rt->refs)) 753 return rt; 754 } 755 756 return NULL; 757 } 758 759 static int mctp_do_fragment_route(struct mctp_route *rt, struct sk_buff *skb, 760 unsigned int mtu, u8 tag) 761 { 762 const unsigned int hlen = sizeof(struct mctp_hdr); 763 struct mctp_hdr *hdr, *hdr2; 764 unsigned int pos, size, headroom; 765 struct sk_buff *skb2; 766 int rc; 767 u8 seq; 768 769 hdr = mctp_hdr(skb); 770 seq = 0; 771 rc = 0; 772 773 if (mtu < hlen + 1) { 774 kfree_skb(skb); 775 return -EMSGSIZE; 776 } 777 778 /* keep same headroom as the original skb */ 779 headroom = skb_headroom(skb); 780 781 /* we've got the header */ 782 skb_pull(skb, hlen); 783 784 for (pos = 0; pos < skb->len;) { 785 /* size of message payload */ 786 size = min(mtu - hlen, skb->len - pos); 787 788 skb2 = alloc_skb(headroom + hlen + size, GFP_KERNEL); 789 if (!skb2) { 790 rc = -ENOMEM; 791 break; 792 } 793 794 /* generic skb copy */ 795 skb2->protocol = skb->protocol; 796 skb2->priority = skb->priority; 797 skb2->dev = skb->dev; 798 memcpy(skb2->cb, skb->cb, sizeof(skb2->cb)); 799 800 if (skb->sk) 801 skb_set_owner_w(skb2, skb->sk); 802 803 /* establish packet */ 804 skb_reserve(skb2, headroom); 805 skb_reset_network_header(skb2); 806 skb_put(skb2, hlen + size); 807 skb2->transport_header = skb2->network_header + hlen; 808 809 /* copy header fields, calculate SOM/EOM flags & seq */ 810 hdr2 = mctp_hdr(skb2); 811 hdr2->ver = hdr->ver; 812 hdr2->dest = hdr->dest; 813 hdr2->src = hdr->src; 814 hdr2->flags_seq_tag = tag & 815 (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO); 816 817 if (pos == 0) 818 hdr2->flags_seq_tag |= MCTP_HDR_FLAG_SOM; 819 820 if (pos + size == skb->len) 821 hdr2->flags_seq_tag |= MCTP_HDR_FLAG_EOM; 822 823 hdr2->flags_seq_tag |= seq << MCTP_HDR_SEQ_SHIFT; 824 825 /* copy message payload */ 826 skb_copy_bits(skb, pos, skb_transport_header(skb2), size); 827 828 /* do route */ 829 rc = rt->output(rt, skb2); 830 if (rc) 831 break; 832 833 seq = (seq + 1) & MCTP_HDR_SEQ_MASK; 834 pos += size; 835 } 836 837 consume_skb(skb); 838 return rc; 839 } 840 841 int mctp_local_output(struct sock *sk, struct mctp_route *rt, 842 struct sk_buff *skb, mctp_eid_t daddr, u8 req_tag) 843 { 844 struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk); 845 struct mctp_skb_cb *cb = mctp_cb(skb); 846 struct mctp_route tmp_rt = {0}; 847 struct mctp_sk_key *key; 848 struct mctp_hdr *hdr; 849 unsigned long flags; 850 unsigned int mtu; 851 mctp_eid_t saddr; 852 bool ext_rt; 853 int rc; 854 u8 tag; 855 856 rc = -ENODEV; 857 858 if (rt) { 859 ext_rt = false; 860 if (WARN_ON(!rt->dev)) 861 goto out_release; 862 863 } else if (cb->ifindex) { 864 struct net_device *dev; 865 866 ext_rt = true; 867 rt = &tmp_rt; 868 869 rcu_read_lock(); 870 dev = dev_get_by_index_rcu(sock_net(sk), cb->ifindex); 871 if (!dev) { 872 rcu_read_unlock(); 873 return rc; 874 } 875 rt->dev = __mctp_dev_get(dev); 876 rcu_read_unlock(); 877 878 if (!rt->dev) 879 goto out_release; 880 881 /* establish temporary route - we set up enough to keep 882 * mctp_route_output happy 883 */ 884 rt->output = mctp_route_output; 885 rt->mtu = 0; 886 887 } else { 888 return -EINVAL; 889 } 890 891 spin_lock_irqsave(&rt->dev->addrs_lock, flags); 892 if (rt->dev->num_addrs == 0) { 893 rc = -EHOSTUNREACH; 894 } else { 895 /* use the outbound interface's first address as our source */ 896 saddr = rt->dev->addrs[0]; 897 rc = 0; 898 } 899 spin_unlock_irqrestore(&rt->dev->addrs_lock, flags); 900 901 if (rc) 902 goto out_release; 903 904 if (req_tag & MCTP_TAG_OWNER) { 905 if (req_tag & MCTP_TAG_PREALLOC) 906 key = mctp_lookup_prealloc_tag(msk, daddr, 907 req_tag, &tag); 908 else 909 key = mctp_alloc_local_tag(msk, daddr, saddr, 910 false, &tag); 911 912 if (IS_ERR(key)) { 913 rc = PTR_ERR(key); 914 goto out_release; 915 } 916 mctp_skb_set_flow(skb, key); 917 /* done with the key in this scope */ 918 mctp_key_unref(key); 919 tag |= MCTP_HDR_FLAG_TO; 920 } else { 921 key = NULL; 922 tag = req_tag & MCTP_TAG_MASK; 923 } 924 925 skb->protocol = htons(ETH_P_MCTP); 926 skb->priority = 0; 927 skb_reset_transport_header(skb); 928 skb_push(skb, sizeof(struct mctp_hdr)); 929 skb_reset_network_header(skb); 930 skb->dev = rt->dev->dev; 931 932 /* cb->net will have been set on initial ingress */ 933 cb->src = saddr; 934 935 /* set up common header fields */ 936 hdr = mctp_hdr(skb); 937 hdr->ver = 1; 938 hdr->dest = daddr; 939 hdr->src = saddr; 940 941 mtu = mctp_route_mtu(rt); 942 943 if (skb->len + sizeof(struct mctp_hdr) <= mtu) { 944 hdr->flags_seq_tag = MCTP_HDR_FLAG_SOM | 945 MCTP_HDR_FLAG_EOM | tag; 946 rc = rt->output(rt, skb); 947 } else { 948 rc = mctp_do_fragment_route(rt, skb, mtu, tag); 949 } 950 951 out_release: 952 if (!ext_rt) 953 mctp_route_release(rt); 954 955 mctp_dev_put(tmp_rt.dev); 956 957 return rc; 958 } 959 960 /* route management */ 961 static int mctp_route_add(struct mctp_dev *mdev, mctp_eid_t daddr_start, 962 unsigned int daddr_extent, unsigned int mtu, 963 unsigned char type) 964 { 965 int (*rtfn)(struct mctp_route *rt, struct sk_buff *skb); 966 struct net *net = dev_net(mdev->dev); 967 struct mctp_route *rt, *ert; 968 969 if (!mctp_address_unicast(daddr_start)) 970 return -EINVAL; 971 972 if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255) 973 return -EINVAL; 974 975 switch (type) { 976 case RTN_LOCAL: 977 rtfn = mctp_route_input; 978 break; 979 case RTN_UNICAST: 980 rtfn = mctp_route_output; 981 break; 982 default: 983 return -EINVAL; 984 } 985 986 rt = mctp_route_alloc(); 987 if (!rt) 988 return -ENOMEM; 989 990 rt->min = daddr_start; 991 rt->max = daddr_start + daddr_extent; 992 rt->mtu = mtu; 993 rt->dev = mdev; 994 mctp_dev_hold(rt->dev); 995 rt->type = type; 996 rt->output = rtfn; 997 998 ASSERT_RTNL(); 999 /* Prevent duplicate identical routes. */ 1000 list_for_each_entry(ert, &net->mctp.routes, list) { 1001 if (mctp_rt_compare_exact(rt, ert)) { 1002 mctp_route_release(rt); 1003 return -EEXIST; 1004 } 1005 } 1006 1007 list_add_rcu(&rt->list, &net->mctp.routes); 1008 1009 return 0; 1010 } 1011 1012 static int mctp_route_remove(struct mctp_dev *mdev, mctp_eid_t daddr_start, 1013 unsigned int daddr_extent, unsigned char type) 1014 { 1015 struct net *net = dev_net(mdev->dev); 1016 struct mctp_route *rt, *tmp; 1017 mctp_eid_t daddr_end; 1018 bool dropped; 1019 1020 if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255) 1021 return -EINVAL; 1022 1023 daddr_end = daddr_start + daddr_extent; 1024 dropped = false; 1025 1026 ASSERT_RTNL(); 1027 1028 list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) { 1029 if (rt->dev == mdev && 1030 rt->min == daddr_start && rt->max == daddr_end && 1031 rt->type == type) { 1032 list_del_rcu(&rt->list); 1033 /* TODO: immediate RTM_DELROUTE */ 1034 mctp_route_release(rt); 1035 dropped = true; 1036 } 1037 } 1038 1039 return dropped ? 0 : -ENOENT; 1040 } 1041 1042 int mctp_route_add_local(struct mctp_dev *mdev, mctp_eid_t addr) 1043 { 1044 return mctp_route_add(mdev, addr, 0, 0, RTN_LOCAL); 1045 } 1046 1047 int mctp_route_remove_local(struct mctp_dev *mdev, mctp_eid_t addr) 1048 { 1049 return mctp_route_remove(mdev, addr, 0, RTN_LOCAL); 1050 } 1051 1052 /* removes all entries for a given device */ 1053 void mctp_route_remove_dev(struct mctp_dev *mdev) 1054 { 1055 struct net *net = dev_net(mdev->dev); 1056 struct mctp_route *rt, *tmp; 1057 1058 ASSERT_RTNL(); 1059 list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) { 1060 if (rt->dev == mdev) { 1061 list_del_rcu(&rt->list); 1062 /* TODO: immediate RTM_DELROUTE */ 1063 mctp_route_release(rt); 1064 } 1065 } 1066 } 1067 1068 /* Incoming packet-handling */ 1069 1070 static int mctp_pkttype_receive(struct sk_buff *skb, struct net_device *dev, 1071 struct packet_type *pt, 1072 struct net_device *orig_dev) 1073 { 1074 struct net *net = dev_net(dev); 1075 struct mctp_dev *mdev; 1076 struct mctp_skb_cb *cb; 1077 struct mctp_route *rt; 1078 struct mctp_hdr *mh; 1079 1080 rcu_read_lock(); 1081 mdev = __mctp_dev_get(dev); 1082 rcu_read_unlock(); 1083 if (!mdev) { 1084 /* basic non-data sanity checks */ 1085 goto err_drop; 1086 } 1087 1088 if (!pskb_may_pull(skb, sizeof(struct mctp_hdr))) 1089 goto err_drop; 1090 1091 skb_reset_transport_header(skb); 1092 skb_reset_network_header(skb); 1093 1094 /* We have enough for a header; decode and route */ 1095 mh = mctp_hdr(skb); 1096 if (mh->ver < MCTP_VER_MIN || mh->ver > MCTP_VER_MAX) 1097 goto err_drop; 1098 1099 /* source must be valid unicast or null; drop reserved ranges and 1100 * broadcast 1101 */ 1102 if (!(mctp_address_unicast(mh->src) || mctp_address_null(mh->src))) 1103 goto err_drop; 1104 1105 /* dest address: as above, but allow broadcast */ 1106 if (!(mctp_address_unicast(mh->dest) || mctp_address_null(mh->dest) || 1107 mctp_address_broadcast(mh->dest))) 1108 goto err_drop; 1109 1110 /* MCTP drivers must populate halen/haddr */ 1111 if (dev->type == ARPHRD_MCTP) { 1112 cb = mctp_cb(skb); 1113 } else { 1114 cb = __mctp_cb(skb); 1115 cb->halen = 0; 1116 } 1117 cb->net = READ_ONCE(mdev->net); 1118 cb->ifindex = dev->ifindex; 1119 1120 rt = mctp_route_lookup(net, cb->net, mh->dest); 1121 1122 /* NULL EID, but addressed to our physical address */ 1123 if (!rt && mh->dest == MCTP_ADDR_NULL && skb->pkt_type == PACKET_HOST) 1124 rt = mctp_route_lookup_null(net, dev); 1125 1126 if (!rt) 1127 goto err_drop; 1128 1129 rt->output(rt, skb); 1130 mctp_route_release(rt); 1131 mctp_dev_put(mdev); 1132 1133 return NET_RX_SUCCESS; 1134 1135 err_drop: 1136 kfree_skb(skb); 1137 mctp_dev_put(mdev); 1138 return NET_RX_DROP; 1139 } 1140 1141 static struct packet_type mctp_packet_type = { 1142 .type = cpu_to_be16(ETH_P_MCTP), 1143 .func = mctp_pkttype_receive, 1144 }; 1145 1146 /* netlink interface */ 1147 1148 static const struct nla_policy rta_mctp_policy[RTA_MAX + 1] = { 1149 [RTA_DST] = { .type = NLA_U8 }, 1150 [RTA_METRICS] = { .type = NLA_NESTED }, 1151 [RTA_OIF] = { .type = NLA_U32 }, 1152 }; 1153 1154 /* Common part for RTM_NEWROUTE and RTM_DELROUTE parsing. 1155 * tb must hold RTA_MAX+1 elements. 1156 */ 1157 static int mctp_route_nlparse(struct sk_buff *skb, struct nlmsghdr *nlh, 1158 struct netlink_ext_ack *extack, 1159 struct nlattr **tb, struct rtmsg **rtm, 1160 struct mctp_dev **mdev, mctp_eid_t *daddr_start) 1161 { 1162 struct net *net = sock_net(skb->sk); 1163 struct net_device *dev; 1164 unsigned int ifindex; 1165 int rc; 1166 1167 rc = nlmsg_parse(nlh, sizeof(struct rtmsg), tb, RTA_MAX, 1168 rta_mctp_policy, extack); 1169 if (rc < 0) { 1170 NL_SET_ERR_MSG(extack, "incorrect format"); 1171 return rc; 1172 } 1173 1174 if (!tb[RTA_DST]) { 1175 NL_SET_ERR_MSG(extack, "dst EID missing"); 1176 return -EINVAL; 1177 } 1178 *daddr_start = nla_get_u8(tb[RTA_DST]); 1179 1180 if (!tb[RTA_OIF]) { 1181 NL_SET_ERR_MSG(extack, "ifindex missing"); 1182 return -EINVAL; 1183 } 1184 ifindex = nla_get_u32(tb[RTA_OIF]); 1185 1186 *rtm = nlmsg_data(nlh); 1187 if ((*rtm)->rtm_family != AF_MCTP) { 1188 NL_SET_ERR_MSG(extack, "route family must be AF_MCTP"); 1189 return -EINVAL; 1190 } 1191 1192 dev = __dev_get_by_index(net, ifindex); 1193 if (!dev) { 1194 NL_SET_ERR_MSG(extack, "bad ifindex"); 1195 return -ENODEV; 1196 } 1197 *mdev = mctp_dev_get_rtnl(dev); 1198 if (!*mdev) 1199 return -ENODEV; 1200 1201 if (dev->flags & IFF_LOOPBACK) { 1202 NL_SET_ERR_MSG(extack, "no routes to loopback"); 1203 return -EINVAL; 1204 } 1205 1206 return 0; 1207 } 1208 1209 static const struct nla_policy rta_metrics_policy[RTAX_MAX + 1] = { 1210 [RTAX_MTU] = { .type = NLA_U32 }, 1211 }; 1212 1213 static int mctp_newroute(struct sk_buff *skb, struct nlmsghdr *nlh, 1214 struct netlink_ext_ack *extack) 1215 { 1216 struct nlattr *tb[RTA_MAX + 1]; 1217 struct nlattr *tbx[RTAX_MAX + 1]; 1218 mctp_eid_t daddr_start; 1219 struct mctp_dev *mdev; 1220 struct rtmsg *rtm; 1221 unsigned int mtu; 1222 int rc; 1223 1224 rc = mctp_route_nlparse(skb, nlh, extack, tb, 1225 &rtm, &mdev, &daddr_start); 1226 if (rc < 0) 1227 return rc; 1228 1229 if (rtm->rtm_type != RTN_UNICAST) { 1230 NL_SET_ERR_MSG(extack, "rtm_type must be RTN_UNICAST"); 1231 return -EINVAL; 1232 } 1233 1234 mtu = 0; 1235 if (tb[RTA_METRICS]) { 1236 rc = nla_parse_nested(tbx, RTAX_MAX, tb[RTA_METRICS], 1237 rta_metrics_policy, NULL); 1238 if (rc < 0) 1239 return rc; 1240 if (tbx[RTAX_MTU]) 1241 mtu = nla_get_u32(tbx[RTAX_MTU]); 1242 } 1243 1244 if (rtm->rtm_type != RTN_UNICAST) 1245 return -EINVAL; 1246 1247 rc = mctp_route_add(mdev, daddr_start, rtm->rtm_dst_len, mtu, 1248 rtm->rtm_type); 1249 return rc; 1250 } 1251 1252 static int mctp_delroute(struct sk_buff *skb, struct nlmsghdr *nlh, 1253 struct netlink_ext_ack *extack) 1254 { 1255 struct nlattr *tb[RTA_MAX + 1]; 1256 mctp_eid_t daddr_start; 1257 struct mctp_dev *mdev; 1258 struct rtmsg *rtm; 1259 int rc; 1260 1261 rc = mctp_route_nlparse(skb, nlh, extack, tb, 1262 &rtm, &mdev, &daddr_start); 1263 if (rc < 0) 1264 return rc; 1265 1266 /* we only have unicast routes */ 1267 if (rtm->rtm_type != RTN_UNICAST) 1268 return -EINVAL; 1269 1270 rc = mctp_route_remove(mdev, daddr_start, rtm->rtm_dst_len, RTN_UNICAST); 1271 return rc; 1272 } 1273 1274 static int mctp_fill_rtinfo(struct sk_buff *skb, struct mctp_route *rt, 1275 u32 portid, u32 seq, int event, unsigned int flags) 1276 { 1277 struct nlmsghdr *nlh; 1278 struct rtmsg *hdr; 1279 void *metrics; 1280 1281 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*hdr), flags); 1282 if (!nlh) 1283 return -EMSGSIZE; 1284 1285 hdr = nlmsg_data(nlh); 1286 hdr->rtm_family = AF_MCTP; 1287 1288 /* we use the _len fields as a number of EIDs, rather than 1289 * a number of bits in the address 1290 */ 1291 hdr->rtm_dst_len = rt->max - rt->min; 1292 hdr->rtm_src_len = 0; 1293 hdr->rtm_tos = 0; 1294 hdr->rtm_table = RT_TABLE_DEFAULT; 1295 hdr->rtm_protocol = RTPROT_STATIC; /* everything is user-defined */ 1296 hdr->rtm_scope = RT_SCOPE_LINK; /* TODO: scope in mctp_route? */ 1297 hdr->rtm_type = rt->type; 1298 1299 if (nla_put_u8(skb, RTA_DST, rt->min)) 1300 goto cancel; 1301 1302 metrics = nla_nest_start_noflag(skb, RTA_METRICS); 1303 if (!metrics) 1304 goto cancel; 1305 1306 if (rt->mtu) { 1307 if (nla_put_u32(skb, RTAX_MTU, rt->mtu)) 1308 goto cancel; 1309 } 1310 1311 nla_nest_end(skb, metrics); 1312 1313 if (rt->dev) { 1314 if (nla_put_u32(skb, RTA_OIF, rt->dev->dev->ifindex)) 1315 goto cancel; 1316 } 1317 1318 /* TODO: conditional neighbour physaddr? */ 1319 1320 nlmsg_end(skb, nlh); 1321 1322 return 0; 1323 1324 cancel: 1325 nlmsg_cancel(skb, nlh); 1326 return -EMSGSIZE; 1327 } 1328 1329 static int mctp_dump_rtinfo(struct sk_buff *skb, struct netlink_callback *cb) 1330 { 1331 struct net *net = sock_net(skb->sk); 1332 struct mctp_route *rt; 1333 int s_idx, idx; 1334 1335 /* TODO: allow filtering on route data, possibly under 1336 * cb->strict_check 1337 */ 1338 1339 /* TODO: change to struct overlay */ 1340 s_idx = cb->args[0]; 1341 idx = 0; 1342 1343 rcu_read_lock(); 1344 list_for_each_entry_rcu(rt, &net->mctp.routes, list) { 1345 if (idx++ < s_idx) 1346 continue; 1347 if (mctp_fill_rtinfo(skb, rt, 1348 NETLINK_CB(cb->skb).portid, 1349 cb->nlh->nlmsg_seq, 1350 RTM_NEWROUTE, NLM_F_MULTI) < 0) 1351 break; 1352 } 1353 1354 rcu_read_unlock(); 1355 cb->args[0] = idx; 1356 1357 return skb->len; 1358 } 1359 1360 /* net namespace implementation */ 1361 static int __net_init mctp_routes_net_init(struct net *net) 1362 { 1363 struct netns_mctp *ns = &net->mctp; 1364 1365 INIT_LIST_HEAD(&ns->routes); 1366 INIT_HLIST_HEAD(&ns->binds); 1367 mutex_init(&ns->bind_lock); 1368 INIT_HLIST_HEAD(&ns->keys); 1369 spin_lock_init(&ns->keys_lock); 1370 WARN_ON(mctp_default_net_set(net, MCTP_INITIAL_DEFAULT_NET)); 1371 return 0; 1372 } 1373 1374 static void __net_exit mctp_routes_net_exit(struct net *net) 1375 { 1376 struct mctp_route *rt; 1377 1378 rcu_read_lock(); 1379 list_for_each_entry_rcu(rt, &net->mctp.routes, list) 1380 mctp_route_release(rt); 1381 rcu_read_unlock(); 1382 } 1383 1384 static struct pernet_operations mctp_net_ops = { 1385 .init = mctp_routes_net_init, 1386 .exit = mctp_routes_net_exit, 1387 }; 1388 1389 int __init mctp_routes_init(void) 1390 { 1391 dev_add_pack(&mctp_packet_type); 1392 1393 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_GETROUTE, 1394 NULL, mctp_dump_rtinfo, 0); 1395 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_NEWROUTE, 1396 mctp_newroute, NULL, 0); 1397 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_DELROUTE, 1398 mctp_delroute, NULL, 0); 1399 1400 return register_pernet_subsys(&mctp_net_ops); 1401 } 1402 1403 void __exit mctp_routes_exit(void) 1404 { 1405 unregister_pernet_subsys(&mctp_net_ops); 1406 rtnl_unregister(PF_MCTP, RTM_DELROUTE); 1407 rtnl_unregister(PF_MCTP, RTM_NEWROUTE); 1408 rtnl_unregister(PF_MCTP, RTM_GETROUTE); 1409 dev_remove_pack(&mctp_packet_type); 1410 } 1411 1412 #if IS_ENABLED(CONFIG_MCTP_TEST) 1413 #include "test/route-test.c" 1414 #endif 1415