xref: /linux/net/mctp/route.c (revision 9b4a8c38f4fe8f6ed51032165c0fc34007d88415) 
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Management Component Transport Protocol (MCTP) - routing
4  * implementation.
5  *
6  * This is currently based on a simple routing table, with no dst cache. The
7  * number of routes should stay fairly small, so the lookup cost is small.
8  *
9  * Copyright (c) 2021 Code Construct
10  * Copyright (c) 2021 Google
11  */
12 
13 #include <linux/idr.h>
14 #include <linux/kconfig.h>
15 #include <linux/mctp.h>
16 #include <linux/netdevice.h>
17 #include <linux/rtnetlink.h>
18 #include <linux/skbuff.h>
19 
20 #include <kunit/static_stub.h>
21 
22 #include <uapi/linux/if_arp.h>
23 
24 #include <net/mctp.h>
25 #include <net/mctpdevice.h>
26 #include <net/netlink.h>
27 #include <net/sock.h>
28 
29 #include <trace/events/mctp.h>
30 
31 static const unsigned int mctp_message_maxlen = 64 * 1024;
32 static const unsigned long mctp_key_lifetime = 6 * CONFIG_HZ;
33 
34 static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev);
35 
36 /* route output callbacks */
37 static int mctp_dst_discard(struct mctp_dst *dst, struct sk_buff *skb)
38 {
39 	kfree_skb(skb);
40 	return 0;
41 }
42 
43 static struct mctp_sock *mctp_lookup_bind(struct net *net, struct sk_buff *skb)
44 {
45 	struct mctp_skb_cb *cb = mctp_cb(skb);
46 	struct mctp_hdr *mh;
47 	struct sock *sk;
48 	u8 type;
49 
50 	WARN_ON(!rcu_read_lock_held());
51 
52 	/* TODO: look up in skb->cb? */
53 	mh = mctp_hdr(skb);
54 
55 	if (!skb_headlen(skb))
56 		return NULL;
57 
58 	type = (*(u8 *)skb->data) & 0x7f;
59 
60 	sk_for_each_rcu(sk, &net->mctp.binds) {
61 		struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk);
62 
63 		if (msk->bind_net != MCTP_NET_ANY && msk->bind_net != cb->net)
64 			continue;
65 
66 		if (msk->bind_type != type)
67 			continue;
68 
69 		if (!mctp_address_matches(msk->bind_addr, mh->dest))
70 			continue;
71 
72 		return msk;
73 	}
74 
75 	return NULL;
76 }
77 
78 /* A note on the key allocations.
79  *
80  * struct net->mctp.keys contains our set of currently-allocated keys for
81  * MCTP tag management. The lookup tuple for these is the peer EID,
82  * local EID and MCTP tag.
83  *
84  * In some cases, the peer EID may be MCTP_EID_ANY: for example, when a
85  * broadcast message is sent, we may receive responses from any peer EID.
86  * Because the broadcast dest address is equivalent to ANY, we create
87  * a key with (local = local-eid, peer = ANY). This allows a match on the
88  * incoming broadcast responses from any peer.
89  *
90  * We perform lookups when packets are received, and when tags are allocated
91  * in two scenarios:
92  *
93  *  - when a packet is sent, with a locally-owned tag: we need to find an
94  *    unused tag value for the (local, peer) EID pair.
95  *
96  *  - when a tag is manually allocated: we need to find an unused tag value
97  *    for the peer EID, but don't have a specific local EID at that stage.
98  *
99  * in the latter case, on successful allocation, we end up with a tag with
100  * (local = ANY, peer = peer-eid).
101  *
102  * So, the key set allows both a local EID of ANY, as well as a peer EID of
103  * ANY in the lookup tuple. Both may be ANY if we prealloc for a broadcast.
104  * The matching (in mctp_key_match()) during lookup allows the match value to
105  * be ANY in either the dest or source addresses.
106  *
107  * When allocating (+ inserting) a tag, we need to check for conflicts amongst
108  * the existing tag set. This requires macthing either exactly on the local
109  * and peer addresses, or either being ANY.
110  */
111 
112 static bool mctp_key_match(struct mctp_sk_key *key, unsigned int net,
113 			   mctp_eid_t local, mctp_eid_t peer, u8 tag)
114 {
115 	if (key->net != net)
116 		return false;
117 
118 	if (!mctp_address_matches(key->local_addr, local))
119 		return false;
120 
121 	if (!mctp_address_matches(key->peer_addr, peer))
122 		return false;
123 
124 	if (key->tag != tag)
125 		return false;
126 
127 	return true;
128 }
129 
130 /* returns a key (with key->lock held, and refcounted), or NULL if no such
131  * key exists.
132  */
133 static struct mctp_sk_key *mctp_lookup_key(struct net *net, struct sk_buff *skb,
134 					   unsigned int netid, mctp_eid_t peer,
135 					   unsigned long *irqflags)
136 	__acquires(&key->lock)
137 {
138 	struct mctp_sk_key *key, *ret;
139 	unsigned long flags;
140 	struct mctp_hdr *mh;
141 	u8 tag;
142 
143 	mh = mctp_hdr(skb);
144 	tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
145 
146 	ret = NULL;
147 	spin_lock_irqsave(&net->mctp.keys_lock, flags);
148 
149 	hlist_for_each_entry(key, &net->mctp.keys, hlist) {
150 		if (!mctp_key_match(key, netid, mh->dest, peer, tag))
151 			continue;
152 
153 		spin_lock(&key->lock);
154 		if (key->valid) {
155 			refcount_inc(&key->refs);
156 			ret = key;
157 			break;
158 		}
159 		spin_unlock(&key->lock);
160 	}
161 
162 	if (ret) {
163 		spin_unlock(&net->mctp.keys_lock);
164 		*irqflags = flags;
165 	} else {
166 		spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
167 	}
168 
169 	return ret;
170 }
171 
172 static struct mctp_sk_key *mctp_key_alloc(struct mctp_sock *msk,
173 					  unsigned int net,
174 					  mctp_eid_t local, mctp_eid_t peer,
175 					  u8 tag, gfp_t gfp)
176 {
177 	struct mctp_sk_key *key;
178 
179 	key = kzalloc(sizeof(*key), gfp);
180 	if (!key)
181 		return NULL;
182 
183 	key->net = net;
184 	key->peer_addr = peer;
185 	key->local_addr = local;
186 	key->tag = tag;
187 	key->sk = &msk->sk;
188 	key->valid = true;
189 	spin_lock_init(&key->lock);
190 	refcount_set(&key->refs, 1);
191 	sock_hold(key->sk);
192 
193 	return key;
194 }
195 
196 void mctp_key_unref(struct mctp_sk_key *key)
197 {
198 	unsigned long flags;
199 
200 	if (!refcount_dec_and_test(&key->refs))
201 		return;
202 
203 	/* even though no refs exist here, the lock allows us to stay
204 	 * consistent with the locking requirement of mctp_dev_release_key
205 	 */
206 	spin_lock_irqsave(&key->lock, flags);
207 	mctp_dev_release_key(key->dev, key);
208 	spin_unlock_irqrestore(&key->lock, flags);
209 
210 	sock_put(key->sk);
211 	kfree(key);
212 }
213 
214 static int mctp_key_add(struct mctp_sk_key *key, struct mctp_sock *msk)
215 {
216 	struct net *net = sock_net(&msk->sk);
217 	struct mctp_sk_key *tmp;
218 	unsigned long flags;
219 	int rc = 0;
220 
221 	spin_lock_irqsave(&net->mctp.keys_lock, flags);
222 
223 	if (sock_flag(&msk->sk, SOCK_DEAD)) {
224 		rc = -EINVAL;
225 		goto out_unlock;
226 	}
227 
228 	hlist_for_each_entry(tmp, &net->mctp.keys, hlist) {
229 		if (mctp_key_match(tmp, key->net, key->local_addr,
230 				   key->peer_addr, key->tag)) {
231 			spin_lock(&tmp->lock);
232 			if (tmp->valid)
233 				rc = -EEXIST;
234 			spin_unlock(&tmp->lock);
235 			if (rc)
236 				break;
237 		}
238 	}
239 
240 	if (!rc) {
241 		refcount_inc(&key->refs);
242 		key->expiry = jiffies + mctp_key_lifetime;
243 		timer_reduce(&msk->key_expiry, key->expiry);
244 
245 		hlist_add_head(&key->hlist, &net->mctp.keys);
246 		hlist_add_head(&key->sklist, &msk->keys);
247 	}
248 
249 out_unlock:
250 	spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
251 
252 	return rc;
253 }
254 
255 /* Helper for mctp_route_input().
256  * We're done with the key; unlock and unref the key.
257  * For the usual case of automatic expiry we remove the key from lists.
258  * In the case that manual allocation is set on a key we release the lock
259  * and local ref, reset reassembly, but don't remove from lists.
260  */
261 static void __mctp_key_done_in(struct mctp_sk_key *key, struct net *net,
262 			       unsigned long flags, unsigned long reason)
263 __releases(&key->lock)
264 {
265 	struct sk_buff *skb;
266 
267 	trace_mctp_key_release(key, reason);
268 	skb = key->reasm_head;
269 	key->reasm_head = NULL;
270 
271 	if (!key->manual_alloc) {
272 		key->reasm_dead = true;
273 		key->valid = false;
274 		mctp_dev_release_key(key->dev, key);
275 	}
276 	spin_unlock_irqrestore(&key->lock, flags);
277 
278 	if (!key->manual_alloc) {
279 		spin_lock_irqsave(&net->mctp.keys_lock, flags);
280 		if (!hlist_unhashed(&key->hlist)) {
281 			hlist_del_init(&key->hlist);
282 			hlist_del_init(&key->sklist);
283 			mctp_key_unref(key);
284 		}
285 		spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
286 	}
287 
288 	/* and one for the local reference */
289 	mctp_key_unref(key);
290 
291 	kfree_skb(skb);
292 }
293 
294 #ifdef CONFIG_MCTP_FLOWS
295 static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key)
296 {
297 	struct mctp_flow *flow;
298 
299 	flow = skb_ext_add(skb, SKB_EXT_MCTP);
300 	if (!flow)
301 		return;
302 
303 	refcount_inc(&key->refs);
304 	flow->key = key;
305 }
306 
307 static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev)
308 {
309 	struct mctp_sk_key *key;
310 	struct mctp_flow *flow;
311 
312 	flow = skb_ext_find(skb, SKB_EXT_MCTP);
313 	if (!flow)
314 		return;
315 
316 	key = flow->key;
317 
318 	if (key->dev) {
319 		WARN_ON(key->dev != dev);
320 		return;
321 	}
322 
323 	mctp_dev_set_key(dev, key);
324 }
325 #else
326 static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key) {}
327 static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev) {}
328 #endif
329 
330 static int mctp_frag_queue(struct mctp_sk_key *key, struct sk_buff *skb)
331 {
332 	struct mctp_hdr *hdr = mctp_hdr(skb);
333 	u8 exp_seq, this_seq;
334 
335 	this_seq = (hdr->flags_seq_tag >> MCTP_HDR_SEQ_SHIFT)
336 		& MCTP_HDR_SEQ_MASK;
337 
338 	if (!key->reasm_head) {
339 		/* Since we're manipulating the shared frag_list, ensure it isn't
340 		 * shared with any other SKBs.
341 		 */
342 		key->reasm_head = skb_unshare(skb, GFP_ATOMIC);
343 		if (!key->reasm_head)
344 			return -ENOMEM;
345 
346 		key->reasm_tailp = &(skb_shinfo(key->reasm_head)->frag_list);
347 		key->last_seq = this_seq;
348 		return 0;
349 	}
350 
351 	exp_seq = (key->last_seq + 1) & MCTP_HDR_SEQ_MASK;
352 
353 	if (this_seq != exp_seq)
354 		return -EINVAL;
355 
356 	if (key->reasm_head->len + skb->len > mctp_message_maxlen)
357 		return -EINVAL;
358 
359 	skb->next = NULL;
360 	skb->sk = NULL;
361 	*key->reasm_tailp = skb;
362 	key->reasm_tailp = &skb->next;
363 
364 	key->last_seq = this_seq;
365 
366 	key->reasm_head->data_len += skb->len;
367 	key->reasm_head->len += skb->len;
368 	key->reasm_head->truesize += skb->truesize;
369 
370 	return 0;
371 }
372 
373 static int mctp_dst_input(struct mctp_dst *dst, struct sk_buff *skb)
374 {
375 	struct mctp_sk_key *key, *any_key = NULL;
376 	struct net *net = dev_net(skb->dev);
377 	struct mctp_sock *msk;
378 	struct mctp_hdr *mh;
379 	unsigned int netid;
380 	unsigned long f;
381 	u8 tag, flags;
382 	int rc;
383 
384 	msk = NULL;
385 	rc = -EINVAL;
386 
387 	/* We may be receiving a locally-routed packet; drop source sk
388 	 * accounting.
389 	 *
390 	 * From here, we will either queue the skb - either to a frag_queue, or
391 	 * to a receiving socket. When that succeeds, we clear the skb pointer;
392 	 * a non-NULL skb on exit will be otherwise unowned, and hence
393 	 * kfree_skb()-ed.
394 	 */
395 	skb_orphan(skb);
396 
397 	if (skb->pkt_type == PACKET_OUTGOING)
398 		skb->pkt_type = PACKET_LOOPBACK;
399 
400 	/* ensure we have enough data for a header and a type */
401 	if (skb->len < sizeof(struct mctp_hdr) + 1)
402 		goto out;
403 
404 	/* grab header, advance data ptr */
405 	mh = mctp_hdr(skb);
406 	netid = mctp_cb(skb)->net;
407 	skb_pull(skb, sizeof(struct mctp_hdr));
408 
409 	if (mh->ver != 1)
410 		goto out;
411 
412 	flags = mh->flags_seq_tag & (MCTP_HDR_FLAG_SOM | MCTP_HDR_FLAG_EOM);
413 	tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
414 
415 	rcu_read_lock();
416 
417 	/* lookup socket / reasm context, exactly matching (src,dest,tag).
418 	 * we hold a ref on the key, and key->lock held.
419 	 */
420 	key = mctp_lookup_key(net, skb, netid, mh->src, &f);
421 
422 	if (flags & MCTP_HDR_FLAG_SOM) {
423 		if (key) {
424 			msk = container_of(key->sk, struct mctp_sock, sk);
425 		} else {
426 			/* first response to a broadcast? do a more general
427 			 * key lookup to find the socket, but don't use this
428 			 * key for reassembly - we'll create a more specific
429 			 * one for future packets if required (ie, !EOM).
430 			 *
431 			 * this lookup requires key->peer to be MCTP_ADDR_ANY,
432 			 * it doesn't match just any key->peer.
433 			 */
434 			any_key = mctp_lookup_key(net, skb, netid,
435 						  MCTP_ADDR_ANY, &f);
436 			if (any_key) {
437 				msk = container_of(any_key->sk,
438 						   struct mctp_sock, sk);
439 				spin_unlock_irqrestore(&any_key->lock, f);
440 			}
441 		}
442 
443 		if (!key && !msk && (tag & MCTP_HDR_FLAG_TO))
444 			msk = mctp_lookup_bind(net, skb);
445 
446 		if (!msk) {
447 			rc = -ENOENT;
448 			goto out_unlock;
449 		}
450 
451 		/* single-packet message? deliver to socket, clean up any
452 		 * pending key.
453 		 */
454 		if (flags & MCTP_HDR_FLAG_EOM) {
455 			rc = sock_queue_rcv_skb(&msk->sk, skb);
456 			if (!rc)
457 				skb = NULL;
458 			if (key) {
459 				/* we've hit a pending reassembly; not much we
460 				 * can do but drop it
461 				 */
462 				__mctp_key_done_in(key, net, f,
463 						   MCTP_TRACE_KEY_REPLIED);
464 				key = NULL;
465 			}
466 			goto out_unlock;
467 		}
468 
469 		/* broadcast response or a bind() - create a key for further
470 		 * packets for this message
471 		 */
472 		if (!key) {
473 			key = mctp_key_alloc(msk, netid, mh->dest, mh->src,
474 					     tag, GFP_ATOMIC);
475 			if (!key) {
476 				rc = -ENOMEM;
477 				goto out_unlock;
478 			}
479 
480 			/* we can queue without the key lock here, as the
481 			 * key isn't observable yet
482 			 */
483 			mctp_frag_queue(key, skb);
484 
485 			/* if the key_add fails, we've raced with another
486 			 * SOM packet with the same src, dest and tag. There's
487 			 * no way to distinguish future packets, so all we
488 			 * can do is drop; we'll free the skb on exit from
489 			 * this function.
490 			 */
491 			rc = mctp_key_add(key, msk);
492 			if (!rc) {
493 				trace_mctp_key_acquire(key);
494 				skb = NULL;
495 			}
496 
497 			/* we don't need to release key->lock on exit, so
498 			 * clean up here and suppress the unlock via
499 			 * setting to NULL
500 			 */
501 			mctp_key_unref(key);
502 			key = NULL;
503 
504 		} else {
505 			if (key->reasm_head || key->reasm_dead) {
506 				/* duplicate start? drop everything */
507 				__mctp_key_done_in(key, net, f,
508 						   MCTP_TRACE_KEY_INVALIDATED);
509 				rc = -EEXIST;
510 				key = NULL;
511 			} else {
512 				rc = mctp_frag_queue(key, skb);
513 				if (!rc)
514 					skb = NULL;
515 			}
516 		}
517 
518 	} else if (key) {
519 		/* this packet continues a previous message; reassemble
520 		 * using the message-specific key
521 		 */
522 
523 		/* we need to be continuing an existing reassembly... */
524 		if (!key->reasm_head)
525 			rc = -EINVAL;
526 		else
527 			rc = mctp_frag_queue(key, skb);
528 
529 		if (rc)
530 			goto out_unlock;
531 
532 		/* we've queued; the queue owns the skb now */
533 		skb = NULL;
534 
535 		/* end of message? deliver to socket, and we're done with
536 		 * the reassembly/response key
537 		 */
538 		if (flags & MCTP_HDR_FLAG_EOM) {
539 			rc = sock_queue_rcv_skb(key->sk, key->reasm_head);
540 			if (!rc)
541 				key->reasm_head = NULL;
542 			__mctp_key_done_in(key, net, f, MCTP_TRACE_KEY_REPLIED);
543 			key = NULL;
544 		}
545 
546 	} else {
547 		/* not a start, no matching key */
548 		rc = -ENOENT;
549 	}
550 
551 out_unlock:
552 	rcu_read_unlock();
553 	if (key) {
554 		spin_unlock_irqrestore(&key->lock, f);
555 		mctp_key_unref(key);
556 	}
557 	if (any_key)
558 		mctp_key_unref(any_key);
559 out:
560 	kfree_skb(skb);
561 	return rc;
562 }
563 
564 static int mctp_dst_output(struct mctp_dst *dst, struct sk_buff *skb)
565 {
566 	struct mctp_hdr *hdr = mctp_hdr(skb);
567 	char daddr_buf[MAX_ADDR_LEN];
568 	char *daddr = NULL;
569 	int rc;
570 
571 	skb->protocol = htons(ETH_P_MCTP);
572 	skb->pkt_type = PACKET_OUTGOING;
573 
574 	if (skb->len > dst->mtu) {
575 		kfree_skb(skb);
576 		return -EMSGSIZE;
577 	}
578 
579 	/* direct route; use the hwaddr we stashed in sendmsg */
580 	if (dst->halen) {
581 		if (dst->halen != skb->dev->addr_len) {
582 			/* sanity check, sendmsg should have already caught this */
583 			kfree_skb(skb);
584 			return -EMSGSIZE;
585 		}
586 		daddr = dst->haddr;
587 	} else {
588 		/* If lookup fails let the device handle daddr==NULL */
589 		if (mctp_neigh_lookup(dst->dev, hdr->dest, daddr_buf) == 0)
590 			daddr = daddr_buf;
591 	}
592 
593 	rc = dev_hard_header(skb, skb->dev, ntohs(skb->protocol),
594 			     daddr, skb->dev->dev_addr, skb->len);
595 	if (rc < 0) {
596 		kfree_skb(skb);
597 		return -EHOSTUNREACH;
598 	}
599 
600 	mctp_flow_prepare_output(skb, dst->dev);
601 
602 	rc = dev_queue_xmit(skb);
603 	if (rc)
604 		rc = net_xmit_errno(rc);
605 
606 	return rc;
607 }
608 
609 /* route alloc/release */
610 static void mctp_route_release(struct mctp_route *rt)
611 {
612 	if (refcount_dec_and_test(&rt->refs)) {
613 		mctp_dev_put(rt->dev);
614 		kfree_rcu(rt, rcu);
615 	}
616 }
617 
618 /* returns a route with the refcount at 1 */
619 static struct mctp_route *mctp_route_alloc(void)
620 {
621 	struct mctp_route *rt;
622 
623 	rt = kzalloc(sizeof(*rt), GFP_KERNEL);
624 	if (!rt)
625 		return NULL;
626 
627 	INIT_LIST_HEAD(&rt->list);
628 	refcount_set(&rt->refs, 1);
629 	rt->output = mctp_dst_discard;
630 
631 	return rt;
632 }
633 
634 unsigned int mctp_default_net(struct net *net)
635 {
636 	return READ_ONCE(net->mctp.default_net);
637 }
638 
639 int mctp_default_net_set(struct net *net, unsigned int index)
640 {
641 	if (index == 0)
642 		return -EINVAL;
643 	WRITE_ONCE(net->mctp.default_net, index);
644 	return 0;
645 }
646 
647 /* tag management */
648 static void mctp_reserve_tag(struct net *net, struct mctp_sk_key *key,
649 			     struct mctp_sock *msk)
650 {
651 	struct netns_mctp *mns = &net->mctp;
652 
653 	lockdep_assert_held(&mns->keys_lock);
654 
655 	key->expiry = jiffies + mctp_key_lifetime;
656 	timer_reduce(&msk->key_expiry, key->expiry);
657 
658 	/* we hold the net->key_lock here, allowing updates to both
659 	 * then net and sk
660 	 */
661 	hlist_add_head_rcu(&key->hlist, &mns->keys);
662 	hlist_add_head_rcu(&key->sklist, &msk->keys);
663 	refcount_inc(&key->refs);
664 }
665 
666 /* Allocate a locally-owned tag value for (local, peer), and reserve
667  * it for the socket msk
668  */
669 struct mctp_sk_key *mctp_alloc_local_tag(struct mctp_sock *msk,
670 					 unsigned int netid,
671 					 mctp_eid_t local, mctp_eid_t peer,
672 					 bool manual, u8 *tagp)
673 {
674 	struct net *net = sock_net(&msk->sk);
675 	struct netns_mctp *mns = &net->mctp;
676 	struct mctp_sk_key *key, *tmp;
677 	unsigned long flags;
678 	u8 tagbits;
679 
680 	/* for NULL destination EIDs, we may get a response from any peer */
681 	if (peer == MCTP_ADDR_NULL)
682 		peer = MCTP_ADDR_ANY;
683 
684 	/* be optimistic, alloc now */
685 	key = mctp_key_alloc(msk, netid, local, peer, 0, GFP_KERNEL);
686 	if (!key)
687 		return ERR_PTR(-ENOMEM);
688 
689 	/* 8 possible tag values */
690 	tagbits = 0xff;
691 
692 	spin_lock_irqsave(&mns->keys_lock, flags);
693 
694 	/* Walk through the existing keys, looking for potential conflicting
695 	 * tags. If we find a conflict, clear that bit from tagbits
696 	 */
697 	hlist_for_each_entry(tmp, &mns->keys, hlist) {
698 		/* We can check the lookup fields (*_addr, tag) without the
699 		 * lock held, they don't change over the lifetime of the key.
700 		 */
701 
702 		/* tags are net-specific */
703 		if (tmp->net != netid)
704 			continue;
705 
706 		/* if we don't own the tag, it can't conflict */
707 		if (tmp->tag & MCTP_HDR_FLAG_TO)
708 			continue;
709 
710 		/* Since we're avoiding conflicting entries, match peer and
711 		 * local addresses, including with a wildcard on ANY. See
712 		 * 'A note on key allocations' for background.
713 		 */
714 		if (peer != MCTP_ADDR_ANY &&
715 		    !mctp_address_matches(tmp->peer_addr, peer))
716 			continue;
717 
718 		if (local != MCTP_ADDR_ANY &&
719 		    !mctp_address_matches(tmp->local_addr, local))
720 			continue;
721 
722 		spin_lock(&tmp->lock);
723 		/* key must still be valid. If we find a match, clear the
724 		 * potential tag value
725 		 */
726 		if (tmp->valid)
727 			tagbits &= ~(1 << tmp->tag);
728 		spin_unlock(&tmp->lock);
729 
730 		if (!tagbits)
731 			break;
732 	}
733 
734 	if (tagbits) {
735 		key->tag = __ffs(tagbits);
736 		mctp_reserve_tag(net, key, msk);
737 		trace_mctp_key_acquire(key);
738 
739 		key->manual_alloc = manual;
740 		*tagp = key->tag;
741 	}
742 
743 	spin_unlock_irqrestore(&mns->keys_lock, flags);
744 
745 	if (!tagbits) {
746 		mctp_key_unref(key);
747 		return ERR_PTR(-EBUSY);
748 	}
749 
750 	return key;
751 }
752 
753 static struct mctp_sk_key *mctp_lookup_prealloc_tag(struct mctp_sock *msk,
754 						    unsigned int netid,
755 						    mctp_eid_t daddr,
756 						    u8 req_tag, u8 *tagp)
757 {
758 	struct net *net = sock_net(&msk->sk);
759 	struct netns_mctp *mns = &net->mctp;
760 	struct mctp_sk_key *key, *tmp;
761 	unsigned long flags;
762 
763 	req_tag &= ~(MCTP_TAG_PREALLOC | MCTP_TAG_OWNER);
764 	key = NULL;
765 
766 	spin_lock_irqsave(&mns->keys_lock, flags);
767 
768 	hlist_for_each_entry(tmp, &mns->keys, hlist) {
769 		if (tmp->net != netid)
770 			continue;
771 
772 		if (tmp->tag != req_tag)
773 			continue;
774 
775 		if (!mctp_address_matches(tmp->peer_addr, daddr))
776 			continue;
777 
778 		if (!tmp->manual_alloc)
779 			continue;
780 
781 		spin_lock(&tmp->lock);
782 		if (tmp->valid) {
783 			key = tmp;
784 			refcount_inc(&key->refs);
785 			spin_unlock(&tmp->lock);
786 			break;
787 		}
788 		spin_unlock(&tmp->lock);
789 	}
790 	spin_unlock_irqrestore(&mns->keys_lock, flags);
791 
792 	if (!key)
793 		return ERR_PTR(-ENOENT);
794 
795 	if (tagp)
796 		*tagp = key->tag;
797 
798 	return key;
799 }
800 
801 /* routing lookups */
802 static bool mctp_rt_match_eid(struct mctp_route *rt,
803 			      unsigned int net, mctp_eid_t eid)
804 {
805 	return READ_ONCE(rt->dev->net) == net &&
806 		rt->min <= eid && rt->max >= eid;
807 }
808 
809 /* compares match, used for duplicate prevention */
810 static bool mctp_rt_compare_exact(struct mctp_route *rt1,
811 				  struct mctp_route *rt2)
812 {
813 	ASSERT_RTNL();
814 	return rt1->dev->net == rt2->dev->net &&
815 		rt1->min == rt2->min &&
816 		rt1->max == rt2->max;
817 }
818 
819 static void mctp_dst_from_route(struct mctp_dst *dst, struct mctp_route *route)
820 {
821 	mctp_dev_hold(route->dev);
822 	dst->dev = route->dev;
823 	dst->mtu = route->mtu ?: READ_ONCE(dst->dev->dev->mtu);
824 	dst->halen = 0;
825 	dst->output = route->output;
826 }
827 
828 int mctp_dst_from_extaddr(struct mctp_dst *dst, struct net *net, int ifindex,
829 			  unsigned char halen, const unsigned char *haddr)
830 {
831 	struct net_device *netdev;
832 	struct mctp_dev *dev;
833 	int rc = -ENOENT;
834 
835 	if (halen > sizeof(dst->haddr))
836 		return -EINVAL;
837 
838 	rcu_read_lock();
839 
840 	netdev = dev_get_by_index_rcu(net, ifindex);
841 	if (!netdev)
842 		goto out_unlock;
843 
844 	if (netdev->addr_len != halen) {
845 		rc = -EINVAL;
846 		goto out_unlock;
847 	}
848 
849 	dev = __mctp_dev_get(netdev);
850 	if (!dev)
851 		goto out_unlock;
852 
853 	dst->dev = dev;
854 	dst->mtu = READ_ONCE(netdev->mtu);
855 	dst->halen = halen;
856 	dst->output = mctp_dst_output;
857 	memcpy(dst->haddr, haddr, halen);
858 
859 	rc = 0;
860 
861 out_unlock:
862 	rcu_read_unlock();
863 	return rc;
864 }
865 
866 void mctp_dst_release(struct mctp_dst *dst)
867 {
868 	mctp_dev_put(dst->dev);
869 }
870 
871 /* populates *dst on successful lookup, if set */
872 int mctp_route_lookup(struct net *net, unsigned int dnet,
873 		      mctp_eid_t daddr, struct mctp_dst *dst)
874 {
875 	int rc = -EHOSTUNREACH;
876 	struct mctp_route *rt;
877 
878 	rcu_read_lock();
879 
880 	list_for_each_entry_rcu(rt, &net->mctp.routes, list) {
881 		/* TODO: add metrics */
882 		if (!mctp_rt_match_eid(rt, dnet, daddr))
883 			continue;
884 
885 		if (dst)
886 			mctp_dst_from_route(dst, rt);
887 		rc = 0;
888 		break;
889 	}
890 
891 	rcu_read_unlock();
892 
893 	return rc;
894 }
895 
896 static int mctp_route_lookup_null(struct net *net, struct net_device *dev,
897 				  struct mctp_dst *dst)
898 {
899 	int rc = -EHOSTUNREACH;
900 	struct mctp_route *rt;
901 
902 	rcu_read_lock();
903 
904 	list_for_each_entry_rcu(rt, &net->mctp.routes, list) {
905 		if (rt->dev->dev != dev || rt->type != RTN_LOCAL)
906 			continue;
907 
908 		mctp_dst_from_route(dst, rt);
909 		rc = 0;
910 		break;
911 	}
912 
913 	rcu_read_unlock();
914 
915 	return rc;
916 }
917 
918 static int mctp_do_fragment_route(struct mctp_dst *dst, struct sk_buff *skb,
919 				  unsigned int mtu, u8 tag)
920 {
921 	const unsigned int hlen = sizeof(struct mctp_hdr);
922 	struct mctp_hdr *hdr, *hdr2;
923 	unsigned int pos, size, headroom;
924 	struct sk_buff *skb2;
925 	int rc;
926 	u8 seq;
927 
928 	hdr = mctp_hdr(skb);
929 	seq = 0;
930 	rc = 0;
931 
932 	if (mtu < hlen + 1) {
933 		kfree_skb(skb);
934 		return -EMSGSIZE;
935 	}
936 
937 	/* keep same headroom as the original skb */
938 	headroom = skb_headroom(skb);
939 
940 	/* we've got the header */
941 	skb_pull(skb, hlen);
942 
943 	for (pos = 0; pos < skb->len;) {
944 		/* size of message payload */
945 		size = min(mtu - hlen, skb->len - pos);
946 
947 		skb2 = alloc_skb(headroom + hlen + size, GFP_KERNEL);
948 		if (!skb2) {
949 			rc = -ENOMEM;
950 			break;
951 		}
952 
953 		/* generic skb copy */
954 		skb2->protocol = skb->protocol;
955 		skb2->priority = skb->priority;
956 		skb2->dev = skb->dev;
957 		memcpy(skb2->cb, skb->cb, sizeof(skb2->cb));
958 
959 		if (skb->sk)
960 			skb_set_owner_w(skb2, skb->sk);
961 
962 		/* establish packet */
963 		skb_reserve(skb2, headroom);
964 		skb_reset_network_header(skb2);
965 		skb_put(skb2, hlen + size);
966 		skb2->transport_header = skb2->network_header + hlen;
967 
968 		/* copy header fields, calculate SOM/EOM flags & seq */
969 		hdr2 = mctp_hdr(skb2);
970 		hdr2->ver = hdr->ver;
971 		hdr2->dest = hdr->dest;
972 		hdr2->src = hdr->src;
973 		hdr2->flags_seq_tag = tag &
974 			(MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
975 
976 		if (pos == 0)
977 			hdr2->flags_seq_tag |= MCTP_HDR_FLAG_SOM;
978 
979 		if (pos + size == skb->len)
980 			hdr2->flags_seq_tag |= MCTP_HDR_FLAG_EOM;
981 
982 		hdr2->flags_seq_tag |= seq << MCTP_HDR_SEQ_SHIFT;
983 
984 		/* copy message payload */
985 		skb_copy_bits(skb, pos, skb_transport_header(skb2), size);
986 
987 		/* we need to copy the extensions, for MCTP flow data */
988 		skb_ext_copy(skb2, skb);
989 
990 		/* do route */
991 		rc = dst->output(dst, skb2);
992 		if (rc)
993 			break;
994 
995 		seq = (seq + 1) & MCTP_HDR_SEQ_MASK;
996 		pos += size;
997 	}
998 
999 	consume_skb(skb);
1000 	return rc;
1001 }
1002 
1003 int mctp_local_output(struct sock *sk, struct mctp_dst *dst,
1004 		      struct sk_buff *skb, mctp_eid_t daddr, u8 req_tag)
1005 {
1006 	struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk);
1007 	struct mctp_sk_key *key;
1008 	struct mctp_hdr *hdr;
1009 	unsigned long flags;
1010 	unsigned int netid;
1011 	unsigned int mtu;
1012 	mctp_eid_t saddr;
1013 	int rc;
1014 	u8 tag;
1015 
1016 	KUNIT_STATIC_STUB_REDIRECT(mctp_local_output, sk, dst, skb, daddr,
1017 				   req_tag);
1018 
1019 	rc = -ENODEV;
1020 
1021 	spin_lock_irqsave(&dst->dev->addrs_lock, flags);
1022 	if (dst->dev->num_addrs == 0) {
1023 		rc = -EHOSTUNREACH;
1024 	} else {
1025 		/* use the outbound interface's first address as our source */
1026 		saddr = dst->dev->addrs[0];
1027 		rc = 0;
1028 	}
1029 	spin_unlock_irqrestore(&dst->dev->addrs_lock, flags);
1030 	netid = READ_ONCE(dst->dev->net);
1031 
1032 	if (rc)
1033 		goto out_release;
1034 
1035 	if (req_tag & MCTP_TAG_OWNER) {
1036 		if (req_tag & MCTP_TAG_PREALLOC)
1037 			key = mctp_lookup_prealloc_tag(msk, netid, daddr,
1038 						       req_tag, &tag);
1039 		else
1040 			key = mctp_alloc_local_tag(msk, netid, saddr, daddr,
1041 						   false, &tag);
1042 
1043 		if (IS_ERR(key)) {
1044 			rc = PTR_ERR(key);
1045 			goto out_release;
1046 		}
1047 		mctp_skb_set_flow(skb, key);
1048 		/* done with the key in this scope */
1049 		mctp_key_unref(key);
1050 		tag |= MCTP_HDR_FLAG_TO;
1051 	} else {
1052 		key = NULL;
1053 		tag = req_tag & MCTP_TAG_MASK;
1054 	}
1055 
1056 	skb->pkt_type = PACKET_OUTGOING;
1057 	skb->protocol = htons(ETH_P_MCTP);
1058 	skb->priority = 0;
1059 	skb_reset_transport_header(skb);
1060 	skb_push(skb, sizeof(struct mctp_hdr));
1061 	skb_reset_network_header(skb);
1062 	skb->dev = dst->dev->dev;
1063 
1064 	/* set up common header fields */
1065 	hdr = mctp_hdr(skb);
1066 	hdr->ver = 1;
1067 	hdr->dest = daddr;
1068 	hdr->src = saddr;
1069 
1070 	mtu = dst->mtu;
1071 
1072 	if (skb->len + sizeof(struct mctp_hdr) <= mtu) {
1073 		hdr->flags_seq_tag = MCTP_HDR_FLAG_SOM |
1074 			MCTP_HDR_FLAG_EOM | tag;
1075 		rc = dst->output(dst, skb);
1076 	} else {
1077 		rc = mctp_do_fragment_route(dst, skb, mtu, tag);
1078 	}
1079 
1080 	/* route output functions consume the skb, even on error */
1081 	skb = NULL;
1082 
1083 out_release:
1084 	kfree_skb(skb);
1085 	return rc;
1086 }
1087 
1088 /* route management */
1089 static int mctp_route_add(struct mctp_dev *mdev, mctp_eid_t daddr_start,
1090 			  unsigned int daddr_extent, unsigned int mtu,
1091 			  unsigned char type)
1092 {
1093 	int (*rtfn)(struct mctp_dst *dst, struct sk_buff *skb);
1094 	struct net *net = dev_net(mdev->dev);
1095 	struct mctp_route *rt, *ert;
1096 
1097 	if (!mctp_address_unicast(daddr_start))
1098 		return -EINVAL;
1099 
1100 	if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255)
1101 		return -EINVAL;
1102 
1103 	switch (type) {
1104 	case RTN_LOCAL:
1105 		rtfn = mctp_dst_input;
1106 		break;
1107 	case RTN_UNICAST:
1108 		rtfn = mctp_dst_output;
1109 		break;
1110 	default:
1111 		return -EINVAL;
1112 	}
1113 
1114 	ASSERT_RTNL();
1115 
1116 	rt = mctp_route_alloc();
1117 	if (!rt)
1118 		return -ENOMEM;
1119 
1120 	rt->min = daddr_start;
1121 	rt->max = daddr_start + daddr_extent;
1122 	rt->mtu = mtu;
1123 	rt->dev = mdev;
1124 	mctp_dev_hold(rt->dev);
1125 	rt->type = type;
1126 	rt->output = rtfn;
1127 
1128 	/* Prevent duplicate identical routes. */
1129 	list_for_each_entry(ert, &net->mctp.routes, list) {
1130 		if (mctp_rt_compare_exact(rt, ert)) {
1131 			mctp_route_release(rt);
1132 			return -EEXIST;
1133 		}
1134 	}
1135 
1136 	list_add_rcu(&rt->list, &net->mctp.routes);
1137 
1138 	return 0;
1139 }
1140 
1141 static int mctp_route_remove(struct mctp_dev *mdev, mctp_eid_t daddr_start,
1142 			     unsigned int daddr_extent, unsigned char type)
1143 {
1144 	struct net *net = dev_net(mdev->dev);
1145 	struct mctp_route *rt, *tmp;
1146 	mctp_eid_t daddr_end;
1147 	bool dropped;
1148 
1149 	if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255)
1150 		return -EINVAL;
1151 
1152 	daddr_end = daddr_start + daddr_extent;
1153 	dropped = false;
1154 
1155 	ASSERT_RTNL();
1156 
1157 	list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) {
1158 		if (rt->dev == mdev &&
1159 		    rt->min == daddr_start && rt->max == daddr_end &&
1160 		    rt->type == type) {
1161 			list_del_rcu(&rt->list);
1162 			/* TODO: immediate RTM_DELROUTE */
1163 			mctp_route_release(rt);
1164 			dropped = true;
1165 		}
1166 	}
1167 
1168 	return dropped ? 0 : -ENOENT;
1169 }
1170 
1171 int mctp_route_add_local(struct mctp_dev *mdev, mctp_eid_t addr)
1172 {
1173 	return mctp_route_add(mdev, addr, 0, 0, RTN_LOCAL);
1174 }
1175 
1176 int mctp_route_remove_local(struct mctp_dev *mdev, mctp_eid_t addr)
1177 {
1178 	return mctp_route_remove(mdev, addr, 0, RTN_LOCAL);
1179 }
1180 
1181 /* removes all entries for a given device */
1182 void mctp_route_remove_dev(struct mctp_dev *mdev)
1183 {
1184 	struct net *net = dev_net(mdev->dev);
1185 	struct mctp_route *rt, *tmp;
1186 
1187 	ASSERT_RTNL();
1188 	list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) {
1189 		if (rt->dev == mdev) {
1190 			list_del_rcu(&rt->list);
1191 			/* TODO: immediate RTM_DELROUTE */
1192 			mctp_route_release(rt);
1193 		}
1194 	}
1195 }
1196 
1197 /* Incoming packet-handling */
1198 
1199 static int mctp_pkttype_receive(struct sk_buff *skb, struct net_device *dev,
1200 				struct packet_type *pt,
1201 				struct net_device *orig_dev)
1202 {
1203 	struct net *net = dev_net(dev);
1204 	struct mctp_dev *mdev;
1205 	struct mctp_skb_cb *cb;
1206 	struct mctp_dst dst;
1207 	struct mctp_hdr *mh;
1208 	int rc;
1209 
1210 	rcu_read_lock();
1211 	mdev = __mctp_dev_get(dev);
1212 	rcu_read_unlock();
1213 	if (!mdev) {
1214 		/* basic non-data sanity checks */
1215 		goto err_drop;
1216 	}
1217 
1218 	if (!pskb_may_pull(skb, sizeof(struct mctp_hdr)))
1219 		goto err_drop;
1220 
1221 	skb_reset_transport_header(skb);
1222 	skb_reset_network_header(skb);
1223 
1224 	/* We have enough for a header; decode and route */
1225 	mh = mctp_hdr(skb);
1226 	if (mh->ver < MCTP_VER_MIN || mh->ver > MCTP_VER_MAX)
1227 		goto err_drop;
1228 
1229 	/* source must be valid unicast or null; drop reserved ranges and
1230 	 * broadcast
1231 	 */
1232 	if (!(mctp_address_unicast(mh->src) || mctp_address_null(mh->src)))
1233 		goto err_drop;
1234 
1235 	/* dest address: as above, but allow broadcast */
1236 	if (!(mctp_address_unicast(mh->dest) || mctp_address_null(mh->dest) ||
1237 	      mctp_address_broadcast(mh->dest)))
1238 		goto err_drop;
1239 
1240 	/* MCTP drivers must populate halen/haddr */
1241 	if (dev->type == ARPHRD_MCTP) {
1242 		cb = mctp_cb(skb);
1243 	} else {
1244 		cb = __mctp_cb(skb);
1245 		cb->halen = 0;
1246 	}
1247 	cb->net = READ_ONCE(mdev->net);
1248 	cb->ifindex = dev->ifindex;
1249 
1250 	rc = mctp_route_lookup(net, cb->net, mh->dest, &dst);
1251 
1252 	/* NULL EID, but addressed to our physical address */
1253 	if (rc && mh->dest == MCTP_ADDR_NULL && skb->pkt_type == PACKET_HOST)
1254 		rc = mctp_route_lookup_null(net, dev, &dst);
1255 
1256 	if (rc)
1257 		goto err_drop;
1258 
1259 	dst.output(&dst, skb);
1260 	mctp_dst_release(&dst);
1261 	mctp_dev_put(mdev);
1262 
1263 	return NET_RX_SUCCESS;
1264 
1265 err_drop:
1266 	kfree_skb(skb);
1267 	mctp_dev_put(mdev);
1268 	return NET_RX_DROP;
1269 }
1270 
1271 static struct packet_type mctp_packet_type = {
1272 	.type = cpu_to_be16(ETH_P_MCTP),
1273 	.func = mctp_pkttype_receive,
1274 };
1275 
1276 /* netlink interface */
1277 
1278 static const struct nla_policy rta_mctp_policy[RTA_MAX + 1] = {
1279 	[RTA_DST]		= { .type = NLA_U8 },
1280 	[RTA_METRICS]		= { .type = NLA_NESTED },
1281 	[RTA_OIF]		= { .type = NLA_U32 },
1282 };
1283 
1284 /* Common part for RTM_NEWROUTE and RTM_DELROUTE parsing.
1285  * tb must hold RTA_MAX+1 elements.
1286  */
1287 static int mctp_route_nlparse(struct sk_buff *skb, struct nlmsghdr *nlh,
1288 			      struct netlink_ext_ack *extack,
1289 			      struct nlattr **tb, struct rtmsg **rtm,
1290 			      struct mctp_dev **mdev, mctp_eid_t *daddr_start)
1291 {
1292 	struct net *net = sock_net(skb->sk);
1293 	struct net_device *dev;
1294 	unsigned int ifindex;
1295 	int rc;
1296 
1297 	rc = nlmsg_parse(nlh, sizeof(struct rtmsg), tb, RTA_MAX,
1298 			 rta_mctp_policy, extack);
1299 	if (rc < 0) {
1300 		NL_SET_ERR_MSG(extack, "incorrect format");
1301 		return rc;
1302 	}
1303 
1304 	if (!tb[RTA_DST]) {
1305 		NL_SET_ERR_MSG(extack, "dst EID missing");
1306 		return -EINVAL;
1307 	}
1308 	*daddr_start = nla_get_u8(tb[RTA_DST]);
1309 
1310 	if (!tb[RTA_OIF]) {
1311 		NL_SET_ERR_MSG(extack, "ifindex missing");
1312 		return -EINVAL;
1313 	}
1314 	ifindex = nla_get_u32(tb[RTA_OIF]);
1315 
1316 	*rtm = nlmsg_data(nlh);
1317 	if ((*rtm)->rtm_family != AF_MCTP) {
1318 		NL_SET_ERR_MSG(extack, "route family must be AF_MCTP");
1319 		return -EINVAL;
1320 	}
1321 
1322 	dev = __dev_get_by_index(net, ifindex);
1323 	if (!dev) {
1324 		NL_SET_ERR_MSG(extack, "bad ifindex");
1325 		return -ENODEV;
1326 	}
1327 	*mdev = mctp_dev_get_rtnl(dev);
1328 	if (!*mdev)
1329 		return -ENODEV;
1330 
1331 	if (dev->flags & IFF_LOOPBACK) {
1332 		NL_SET_ERR_MSG(extack, "no routes to loopback");
1333 		return -EINVAL;
1334 	}
1335 
1336 	return 0;
1337 }
1338 
1339 static const struct nla_policy rta_metrics_policy[RTAX_MAX + 1] = {
1340 	[RTAX_MTU]		= { .type = NLA_U32 },
1341 };
1342 
1343 static int mctp_newroute(struct sk_buff *skb, struct nlmsghdr *nlh,
1344 			 struct netlink_ext_ack *extack)
1345 {
1346 	struct nlattr *tb[RTA_MAX + 1];
1347 	struct nlattr *tbx[RTAX_MAX + 1];
1348 	mctp_eid_t daddr_start;
1349 	struct mctp_dev *mdev;
1350 	struct rtmsg *rtm;
1351 	unsigned int mtu;
1352 	int rc;
1353 
1354 	rc = mctp_route_nlparse(skb, nlh, extack, tb,
1355 				&rtm, &mdev, &daddr_start);
1356 	if (rc < 0)
1357 		return rc;
1358 
1359 	if (rtm->rtm_type != RTN_UNICAST) {
1360 		NL_SET_ERR_MSG(extack, "rtm_type must be RTN_UNICAST");
1361 		return -EINVAL;
1362 	}
1363 
1364 	mtu = 0;
1365 	if (tb[RTA_METRICS]) {
1366 		rc = nla_parse_nested(tbx, RTAX_MAX, tb[RTA_METRICS],
1367 				      rta_metrics_policy, NULL);
1368 		if (rc < 0)
1369 			return rc;
1370 		if (tbx[RTAX_MTU])
1371 			mtu = nla_get_u32(tbx[RTAX_MTU]);
1372 	}
1373 
1374 	rc = mctp_route_add(mdev, daddr_start, rtm->rtm_dst_len, mtu,
1375 			    rtm->rtm_type);
1376 	return rc;
1377 }
1378 
1379 static int mctp_delroute(struct sk_buff *skb, struct nlmsghdr *nlh,
1380 			 struct netlink_ext_ack *extack)
1381 {
1382 	struct nlattr *tb[RTA_MAX + 1];
1383 	mctp_eid_t daddr_start;
1384 	struct mctp_dev *mdev;
1385 	struct rtmsg *rtm;
1386 	int rc;
1387 
1388 	rc = mctp_route_nlparse(skb, nlh, extack, tb,
1389 				&rtm, &mdev, &daddr_start);
1390 	if (rc < 0)
1391 		return rc;
1392 
1393 	/* we only have unicast routes */
1394 	if (rtm->rtm_type != RTN_UNICAST)
1395 		return -EINVAL;
1396 
1397 	rc = mctp_route_remove(mdev, daddr_start, rtm->rtm_dst_len, RTN_UNICAST);
1398 	return rc;
1399 }
1400 
1401 static int mctp_fill_rtinfo(struct sk_buff *skb, struct mctp_route *rt,
1402 			    u32 portid, u32 seq, int event, unsigned int flags)
1403 {
1404 	struct nlmsghdr *nlh;
1405 	struct rtmsg *hdr;
1406 	void *metrics;
1407 
1408 	nlh = nlmsg_put(skb, portid, seq, event, sizeof(*hdr), flags);
1409 	if (!nlh)
1410 		return -EMSGSIZE;
1411 
1412 	hdr = nlmsg_data(nlh);
1413 	hdr->rtm_family = AF_MCTP;
1414 
1415 	/* we use the _len fields as a number of EIDs, rather than
1416 	 * a number of bits in the address
1417 	 */
1418 	hdr->rtm_dst_len = rt->max - rt->min;
1419 	hdr->rtm_src_len = 0;
1420 	hdr->rtm_tos = 0;
1421 	hdr->rtm_table = RT_TABLE_DEFAULT;
1422 	hdr->rtm_protocol = RTPROT_STATIC; /* everything is user-defined */
1423 	hdr->rtm_scope = RT_SCOPE_LINK; /* TODO: scope in mctp_route? */
1424 	hdr->rtm_type = rt->type;
1425 
1426 	if (nla_put_u8(skb, RTA_DST, rt->min))
1427 		goto cancel;
1428 
1429 	metrics = nla_nest_start_noflag(skb, RTA_METRICS);
1430 	if (!metrics)
1431 		goto cancel;
1432 
1433 	if (rt->mtu) {
1434 		if (nla_put_u32(skb, RTAX_MTU, rt->mtu))
1435 			goto cancel;
1436 	}
1437 
1438 	nla_nest_end(skb, metrics);
1439 
1440 	if (rt->dev) {
1441 		if (nla_put_u32(skb, RTA_OIF, rt->dev->dev->ifindex))
1442 			goto cancel;
1443 	}
1444 
1445 	/* TODO: conditional neighbour physaddr? */
1446 
1447 	nlmsg_end(skb, nlh);
1448 
1449 	return 0;
1450 
1451 cancel:
1452 	nlmsg_cancel(skb, nlh);
1453 	return -EMSGSIZE;
1454 }
1455 
1456 static int mctp_dump_rtinfo(struct sk_buff *skb, struct netlink_callback *cb)
1457 {
1458 	struct net *net = sock_net(skb->sk);
1459 	struct mctp_route *rt;
1460 	int s_idx, idx;
1461 
1462 	/* TODO: allow filtering on route data, possibly under
1463 	 * cb->strict_check
1464 	 */
1465 
1466 	/* TODO: change to struct overlay */
1467 	s_idx = cb->args[0];
1468 	idx = 0;
1469 
1470 	rcu_read_lock();
1471 	list_for_each_entry_rcu(rt, &net->mctp.routes, list) {
1472 		if (idx++ < s_idx)
1473 			continue;
1474 		if (mctp_fill_rtinfo(skb, rt,
1475 				     NETLINK_CB(cb->skb).portid,
1476 				     cb->nlh->nlmsg_seq,
1477 				     RTM_NEWROUTE, NLM_F_MULTI) < 0)
1478 			break;
1479 	}
1480 
1481 	rcu_read_unlock();
1482 	cb->args[0] = idx;
1483 
1484 	return skb->len;
1485 }
1486 
1487 /* net namespace implementation */
1488 static int __net_init mctp_routes_net_init(struct net *net)
1489 {
1490 	struct netns_mctp *ns = &net->mctp;
1491 
1492 	INIT_LIST_HEAD(&ns->routes);
1493 	INIT_HLIST_HEAD(&ns->binds);
1494 	mutex_init(&ns->bind_lock);
1495 	INIT_HLIST_HEAD(&ns->keys);
1496 	spin_lock_init(&ns->keys_lock);
1497 	WARN_ON(mctp_default_net_set(net, MCTP_INITIAL_DEFAULT_NET));
1498 	return 0;
1499 }
1500 
1501 static void __net_exit mctp_routes_net_exit(struct net *net)
1502 {
1503 	struct mctp_route *rt;
1504 
1505 	rcu_read_lock();
1506 	list_for_each_entry_rcu(rt, &net->mctp.routes, list)
1507 		mctp_route_release(rt);
1508 	rcu_read_unlock();
1509 }
1510 
1511 static struct pernet_operations mctp_net_ops = {
1512 	.init = mctp_routes_net_init,
1513 	.exit = mctp_routes_net_exit,
1514 };
1515 
1516 static const struct rtnl_msg_handler mctp_route_rtnl_msg_handlers[] = {
1517 	{THIS_MODULE, PF_MCTP, RTM_NEWROUTE, mctp_newroute, NULL, 0},
1518 	{THIS_MODULE, PF_MCTP, RTM_DELROUTE, mctp_delroute, NULL, 0},
1519 	{THIS_MODULE, PF_MCTP, RTM_GETROUTE, NULL, mctp_dump_rtinfo, 0},
1520 };
1521 
1522 int __init mctp_routes_init(void)
1523 {
1524 	int err;
1525 
1526 	dev_add_pack(&mctp_packet_type);
1527 
1528 	err = register_pernet_subsys(&mctp_net_ops);
1529 	if (err)
1530 		goto err_pernet;
1531 
1532 	err = rtnl_register_many(mctp_route_rtnl_msg_handlers);
1533 	if (err)
1534 		goto err_rtnl;
1535 
1536 	return 0;
1537 
1538 err_rtnl:
1539 	unregister_pernet_subsys(&mctp_net_ops);
1540 err_pernet:
1541 	dev_remove_pack(&mctp_packet_type);
1542 	return err;
1543 }
1544 
1545 void mctp_routes_exit(void)
1546 {
1547 	rtnl_unregister_many(mctp_route_rtnl_msg_handlers);
1548 	unregister_pernet_subsys(&mctp_net_ops);
1549 	dev_remove_pack(&mctp_packet_type);
1550 }
1551 
1552 #if IS_ENABLED(CONFIG_MCTP_TEST)
1553 #include "test/route-test.c"
1554 #endif
1555