1 /* 2 * net/tipc/msg.c: TIPC message header routines 3 * 4 * Copyright (c) 2000-2006, 2014-2015, Ericsson AB 5 * Copyright (c) 2005, 2010-2011, Wind River Systems 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the names of the copyright holders nor the names of its 17 * contributors may be used to endorse or promote products derived from 18 * this software without specific prior written permission. 19 * 20 * Alternatively, this software may be distributed under the terms of the 21 * GNU General Public License ("GPL") version 2 as published by the Free 22 * Software Foundation. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 25 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 */ 36 37 #include <net/sock.h> 38 #include "core.h" 39 #include "msg.h" 40 #include "addr.h" 41 #include "name_table.h" 42 43 #define MAX_FORWARD_SIZE 1024 44 45 static unsigned int align(unsigned int i) 46 { 47 return (i + 3) & ~3u; 48 } 49 50 /** 51 * tipc_buf_acquire - creates a TIPC message buffer 52 * @size: message size (including TIPC header) 53 * 54 * Returns a new buffer with data pointers set to the specified size. 55 * 56 * NOTE: Headroom is reserved to allow prepending of a data link header. 57 * There may also be unrequested tailroom present at the buffer's end. 58 */ 59 struct sk_buff *tipc_buf_acquire(u32 size) 60 { 61 struct sk_buff *skb; 62 unsigned int buf_size = (BUF_HEADROOM + size + 3) & ~3u; 63 64 skb = alloc_skb_fclone(buf_size, GFP_ATOMIC); 65 if (skb) { 66 skb_reserve(skb, BUF_HEADROOM); 67 skb_put(skb, size); 68 skb->next = NULL; 69 } 70 return skb; 71 } 72 73 void tipc_msg_init(u32 own_node, struct tipc_msg *m, u32 user, u32 type, 74 u32 hsize, u32 dnode) 75 { 76 memset(m, 0, hsize); 77 msg_set_version(m); 78 msg_set_user(m, user); 79 msg_set_hdr_sz(m, hsize); 80 msg_set_size(m, hsize); 81 msg_set_prevnode(m, own_node); 82 msg_set_type(m, type); 83 if (hsize > SHORT_H_SIZE) { 84 msg_set_orignode(m, own_node); 85 msg_set_destnode(m, dnode); 86 } 87 } 88 89 struct sk_buff *tipc_msg_create(uint user, uint type, 90 uint hdr_sz, uint data_sz, u32 dnode, 91 u32 onode, u32 dport, u32 oport, int errcode) 92 { 93 struct tipc_msg *msg; 94 struct sk_buff *buf; 95 96 buf = tipc_buf_acquire(hdr_sz + data_sz); 97 if (unlikely(!buf)) 98 return NULL; 99 100 msg = buf_msg(buf); 101 tipc_msg_init(onode, msg, user, type, hdr_sz, dnode); 102 msg_set_size(msg, hdr_sz + data_sz); 103 msg_set_origport(msg, oport); 104 msg_set_destport(msg, dport); 105 msg_set_errcode(msg, errcode); 106 if (hdr_sz > SHORT_H_SIZE) { 107 msg_set_orignode(msg, onode); 108 msg_set_destnode(msg, dnode); 109 } 110 return buf; 111 } 112 113 /* tipc_buf_append(): Append a buffer to the fragment list of another buffer 114 * @*headbuf: in: NULL for first frag, otherwise value returned from prev call 115 * out: set when successful non-complete reassembly, otherwise NULL 116 * @*buf: in: the buffer to append. Always defined 117 * out: head buf after successful complete reassembly, otherwise NULL 118 * Returns 1 when reassembly complete, otherwise 0 119 */ 120 int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf) 121 { 122 struct sk_buff *head = *headbuf; 123 struct sk_buff *frag = *buf; 124 struct sk_buff *tail; 125 struct tipc_msg *msg; 126 u32 fragid; 127 int delta; 128 bool headstolen; 129 130 if (!frag) 131 goto err; 132 133 msg = buf_msg(frag); 134 fragid = msg_type(msg); 135 frag->next = NULL; 136 skb_pull(frag, msg_hdr_sz(msg)); 137 138 if (fragid == FIRST_FRAGMENT) { 139 if (unlikely(head)) 140 goto err; 141 if (unlikely(skb_unclone(frag, GFP_ATOMIC))) 142 goto err; 143 head = *headbuf = frag; 144 skb_frag_list_init(head); 145 TIPC_SKB_CB(head)->tail = NULL; 146 *buf = NULL; 147 return 0; 148 } 149 150 if (!head) 151 goto err; 152 153 if (skb_try_coalesce(head, frag, &headstolen, &delta)) { 154 kfree_skb_partial(frag, headstolen); 155 } else { 156 tail = TIPC_SKB_CB(head)->tail; 157 if (!skb_has_frag_list(head)) 158 skb_shinfo(head)->frag_list = frag; 159 else 160 tail->next = frag; 161 head->truesize += frag->truesize; 162 head->data_len += frag->len; 163 head->len += frag->len; 164 TIPC_SKB_CB(head)->tail = frag; 165 } 166 167 if (fragid == LAST_FRAGMENT) { 168 TIPC_SKB_CB(head)->validated = false; 169 if (unlikely(!tipc_msg_validate(head))) 170 goto err; 171 *buf = head; 172 TIPC_SKB_CB(head)->tail = NULL; 173 *headbuf = NULL; 174 return 1; 175 } 176 *buf = NULL; 177 return 0; 178 err: 179 pr_warn_ratelimited("Unable to build fragment list\n"); 180 kfree_skb(*buf); 181 kfree_skb(*headbuf); 182 *buf = *headbuf = NULL; 183 return 0; 184 } 185 186 /* tipc_msg_validate - validate basic format of received message 187 * 188 * This routine ensures a TIPC message has an acceptable header, and at least 189 * as much data as the header indicates it should. The routine also ensures 190 * that the entire message header is stored in the main fragment of the message 191 * buffer, to simplify future access to message header fields. 192 * 193 * Note: Having extra info present in the message header or data areas is OK. 194 * TIPC will ignore the excess, under the assumption that it is optional info 195 * introduced by a later release of the protocol. 196 */ 197 bool tipc_msg_validate(struct sk_buff *skb) 198 { 199 struct tipc_msg *msg; 200 int msz, hsz; 201 202 if (unlikely(TIPC_SKB_CB(skb)->validated)) 203 return true; 204 if (unlikely(!pskb_may_pull(skb, MIN_H_SIZE))) 205 return false; 206 207 hsz = msg_hdr_sz(buf_msg(skb)); 208 if (unlikely(hsz < MIN_H_SIZE) || (hsz > MAX_H_SIZE)) 209 return false; 210 if (unlikely(!pskb_may_pull(skb, hsz))) 211 return false; 212 213 msg = buf_msg(skb); 214 if (unlikely(msg_version(msg) != TIPC_VERSION)) 215 return false; 216 217 msz = msg_size(msg); 218 if (unlikely(msz < hsz)) 219 return false; 220 if (unlikely((msz - hsz) > TIPC_MAX_USER_MSG_SIZE)) 221 return false; 222 if (unlikely(skb->len < msz)) 223 return false; 224 225 TIPC_SKB_CB(skb)->validated = true; 226 return true; 227 } 228 229 /** 230 * tipc_msg_build - create buffer chain containing specified header and data 231 * @mhdr: Message header, to be prepended to data 232 * @m: User message 233 * @dsz: Total length of user data 234 * @pktmax: Max packet size that can be used 235 * @list: Buffer or chain of buffers to be returned to caller 236 * 237 * Returns message data size or errno: -ENOMEM, -EFAULT 238 */ 239 int tipc_msg_build(struct tipc_msg *mhdr, struct msghdr *m, 240 int offset, int dsz, int pktmax, struct sk_buff_head *list) 241 { 242 int mhsz = msg_hdr_sz(mhdr); 243 int msz = mhsz + dsz; 244 int pktno = 1; 245 int pktsz; 246 int pktrem = pktmax; 247 int drem = dsz; 248 struct tipc_msg pkthdr; 249 struct sk_buff *skb; 250 char *pktpos; 251 int rc; 252 253 msg_set_size(mhdr, msz); 254 255 /* No fragmentation needed? */ 256 if (likely(msz <= pktmax)) { 257 skb = tipc_buf_acquire(msz); 258 if (unlikely(!skb)) 259 return -ENOMEM; 260 skb_orphan(skb); 261 __skb_queue_tail(list, skb); 262 skb_copy_to_linear_data(skb, mhdr, mhsz); 263 pktpos = skb->data + mhsz; 264 if (copy_from_iter(pktpos, dsz, &m->msg_iter) == dsz) 265 return dsz; 266 rc = -EFAULT; 267 goto error; 268 } 269 270 /* Prepare reusable fragment header */ 271 tipc_msg_init(msg_prevnode(mhdr), &pkthdr, MSG_FRAGMENTER, 272 FIRST_FRAGMENT, INT_H_SIZE, msg_destnode(mhdr)); 273 msg_set_size(&pkthdr, pktmax); 274 msg_set_fragm_no(&pkthdr, pktno); 275 msg_set_importance(&pkthdr, msg_importance(mhdr)); 276 277 /* Prepare first fragment */ 278 skb = tipc_buf_acquire(pktmax); 279 if (!skb) 280 return -ENOMEM; 281 skb_orphan(skb); 282 __skb_queue_tail(list, skb); 283 pktpos = skb->data; 284 skb_copy_to_linear_data(skb, &pkthdr, INT_H_SIZE); 285 pktpos += INT_H_SIZE; 286 pktrem -= INT_H_SIZE; 287 skb_copy_to_linear_data_offset(skb, INT_H_SIZE, mhdr, mhsz); 288 pktpos += mhsz; 289 pktrem -= mhsz; 290 291 do { 292 if (drem < pktrem) 293 pktrem = drem; 294 295 if (copy_from_iter(pktpos, pktrem, &m->msg_iter) != pktrem) { 296 rc = -EFAULT; 297 goto error; 298 } 299 drem -= pktrem; 300 301 if (!drem) 302 break; 303 304 /* Prepare new fragment: */ 305 if (drem < (pktmax - INT_H_SIZE)) 306 pktsz = drem + INT_H_SIZE; 307 else 308 pktsz = pktmax; 309 skb = tipc_buf_acquire(pktsz); 310 if (!skb) { 311 rc = -ENOMEM; 312 goto error; 313 } 314 skb_orphan(skb); 315 __skb_queue_tail(list, skb); 316 msg_set_type(&pkthdr, FRAGMENT); 317 msg_set_size(&pkthdr, pktsz); 318 msg_set_fragm_no(&pkthdr, ++pktno); 319 skb_copy_to_linear_data(skb, &pkthdr, INT_H_SIZE); 320 pktpos = skb->data + INT_H_SIZE; 321 pktrem = pktsz - INT_H_SIZE; 322 323 } while (1); 324 msg_set_type(buf_msg(skb), LAST_FRAGMENT); 325 return dsz; 326 error: 327 __skb_queue_purge(list); 328 __skb_queue_head_init(list); 329 return rc; 330 } 331 332 /** 333 * tipc_msg_bundle(): Append contents of a buffer to tail of an existing one 334 * @bskb: the buffer to append to ("bundle") 335 * @skb: buffer to be appended 336 * @mtu: max allowable size for the bundle buffer 337 * Consumes buffer if successful 338 * Returns true if bundling could be performed, otherwise false 339 */ 340 bool tipc_msg_bundle(struct sk_buff *bskb, struct sk_buff *skb, u32 mtu) 341 { 342 struct tipc_msg *bmsg; 343 struct tipc_msg *msg = buf_msg(skb); 344 unsigned int bsz; 345 unsigned int msz = msg_size(msg); 346 u32 start, pad; 347 u32 max = mtu - INT_H_SIZE; 348 349 if (likely(msg_user(msg) == MSG_FRAGMENTER)) 350 return false; 351 if (!bskb) 352 return false; 353 bmsg = buf_msg(bskb); 354 bsz = msg_size(bmsg); 355 start = align(bsz); 356 pad = start - bsz; 357 358 if (unlikely(msg_user(msg) == TUNNEL_PROTOCOL)) 359 return false; 360 if (unlikely(msg_user(msg) == BCAST_PROTOCOL)) 361 return false; 362 if (likely(msg_user(bmsg) != MSG_BUNDLER)) 363 return false; 364 if (unlikely(skb_tailroom(bskb) < (pad + msz))) 365 return false; 366 if (unlikely(max < (start + msz))) 367 return false; 368 369 skb_put(bskb, pad + msz); 370 skb_copy_to_linear_data_offset(bskb, start, skb->data, msz); 371 msg_set_size(bmsg, start + msz); 372 msg_set_msgcnt(bmsg, msg_msgcnt(bmsg) + 1); 373 kfree_skb(skb); 374 return true; 375 } 376 377 /** 378 * tipc_msg_extract(): extract bundled inner packet from buffer 379 * @skb: buffer to be extracted from. 380 * @iskb: extracted inner buffer, to be returned 381 * @pos: position in outer message of msg to be extracted. 382 * Returns position of next msg 383 * Consumes outer buffer when last packet extracted 384 * Returns true when when there is an extracted buffer, otherwise false 385 */ 386 bool tipc_msg_extract(struct sk_buff *skb, struct sk_buff **iskb, int *pos) 387 { 388 struct tipc_msg *msg; 389 int imsz, offset; 390 391 *iskb = NULL; 392 if (unlikely(skb_linearize(skb))) 393 goto none; 394 395 msg = buf_msg(skb); 396 offset = msg_hdr_sz(msg) + *pos; 397 if (unlikely(offset > (msg_size(msg) - MIN_H_SIZE))) 398 goto none; 399 400 *iskb = skb_clone(skb, GFP_ATOMIC); 401 if (unlikely(!*iskb)) 402 goto none; 403 skb_pull(*iskb, offset); 404 imsz = msg_size(buf_msg(*iskb)); 405 skb_trim(*iskb, imsz); 406 if (unlikely(!tipc_msg_validate(*iskb))) 407 goto none; 408 *pos += align(imsz); 409 return true; 410 none: 411 kfree_skb(skb); 412 kfree_skb(*iskb); 413 *iskb = NULL; 414 return false; 415 } 416 417 /** 418 * tipc_msg_make_bundle(): Create bundle buf and append message to its tail 419 * @list: the buffer chain 420 * @skb: buffer to be appended and replaced 421 * @mtu: max allowable size for the bundle buffer, inclusive header 422 * @dnode: destination node for message. (Not always present in header) 423 * Replaces buffer if successful 424 * Returns true if success, otherwise false 425 */ 426 bool tipc_msg_make_bundle(struct sk_buff **skb, u32 mtu, u32 dnode) 427 { 428 struct sk_buff *bskb; 429 struct tipc_msg *bmsg; 430 struct tipc_msg *msg = buf_msg(*skb); 431 u32 msz = msg_size(msg); 432 u32 max = mtu - INT_H_SIZE; 433 434 if (msg_user(msg) == MSG_FRAGMENTER) 435 return false; 436 if (msg_user(msg) == TUNNEL_PROTOCOL) 437 return false; 438 if (msg_user(msg) == BCAST_PROTOCOL) 439 return false; 440 if (msz > (max / 2)) 441 return false; 442 443 bskb = tipc_buf_acquire(max); 444 if (!bskb) 445 return false; 446 447 skb_trim(bskb, INT_H_SIZE); 448 bmsg = buf_msg(bskb); 449 tipc_msg_init(msg_prevnode(msg), bmsg, MSG_BUNDLER, 0, 450 INT_H_SIZE, dnode); 451 msg_set_seqno(bmsg, msg_seqno(msg)); 452 msg_set_ack(bmsg, msg_ack(msg)); 453 msg_set_bcast_ack(bmsg, msg_bcast_ack(msg)); 454 tipc_msg_bundle(bskb, *skb, mtu); 455 *skb = bskb; 456 return true; 457 } 458 459 /** 460 * tipc_msg_reverse(): swap source and destination addresses and add error code 461 * @buf: buffer containing message to be reversed 462 * @dnode: return value: node where to send message after reversal 463 * @err: error code to be set in message 464 * Consumes buffer if failure 465 * Returns true if success, otherwise false 466 */ 467 bool tipc_msg_reverse(u32 own_addr, struct sk_buff *buf, u32 *dnode, 468 int err) 469 { 470 struct tipc_msg *msg = buf_msg(buf); 471 struct tipc_msg ohdr; 472 uint rdsz = min_t(uint, msg_data_sz(msg), MAX_FORWARD_SIZE); 473 474 if (skb_linearize(buf)) 475 goto exit; 476 msg = buf_msg(buf); 477 if (msg_dest_droppable(msg)) 478 goto exit; 479 if (msg_errcode(msg)) 480 goto exit; 481 memcpy(&ohdr, msg, msg_hdr_sz(msg)); 482 msg_set_errcode(msg, err); 483 msg_set_origport(msg, msg_destport(&ohdr)); 484 msg_set_destport(msg, msg_origport(&ohdr)); 485 msg_set_prevnode(msg, own_addr); 486 if (!msg_short(msg)) { 487 msg_set_orignode(msg, msg_destnode(&ohdr)); 488 msg_set_destnode(msg, msg_orignode(&ohdr)); 489 } 490 msg_set_size(msg, msg_hdr_sz(msg) + rdsz); 491 skb_trim(buf, msg_size(msg)); 492 skb_orphan(buf); 493 *dnode = msg_orignode(&ohdr); 494 return true; 495 exit: 496 kfree_skb(buf); 497 *dnode = 0; 498 return false; 499 } 500 501 /** 502 * tipc_msg_lookup_dest(): try to find new destination for named message 503 * @skb: the buffer containing the message. 504 * @dnode: return value: next-hop node, if destination found 505 * @err: return value: error code to use, if message to be rejected 506 * Does not consume buffer 507 * Returns true if a destination is found, false otherwise 508 */ 509 bool tipc_msg_lookup_dest(struct net *net, struct sk_buff *skb, 510 u32 *dnode, int *err) 511 { 512 struct tipc_msg *msg = buf_msg(skb); 513 u32 dport; 514 u32 own_addr = tipc_own_addr(net); 515 516 if (!msg_isdata(msg)) 517 return false; 518 if (!msg_named(msg)) 519 return false; 520 if (msg_errcode(msg)) 521 return false; 522 *err = -TIPC_ERR_NO_NAME; 523 if (skb_linearize(skb)) 524 return false; 525 if (msg_reroute_cnt(msg)) 526 return false; 527 *dnode = addr_domain(net, msg_lookup_scope(msg)); 528 dport = tipc_nametbl_translate(net, msg_nametype(msg), 529 msg_nameinst(msg), dnode); 530 if (!dport) 531 return false; 532 msg_incr_reroute_cnt(msg); 533 if (*dnode != own_addr) 534 msg_set_prevnode(msg, own_addr); 535 msg_set_destnode(msg, *dnode); 536 msg_set_destport(msg, dport); 537 *err = TIPC_OK; 538 return true; 539 } 540 541 /* tipc_msg_reassemble() - clone a buffer chain of fragments and 542 * reassemble the clones into one message 543 */ 544 struct sk_buff *tipc_msg_reassemble(struct sk_buff_head *list) 545 { 546 struct sk_buff *skb; 547 struct sk_buff *frag = NULL; 548 struct sk_buff *head = NULL; 549 int hdr_sz; 550 551 /* Copy header if single buffer */ 552 if (skb_queue_len(list) == 1) { 553 skb = skb_peek(list); 554 hdr_sz = skb_headroom(skb) + msg_hdr_sz(buf_msg(skb)); 555 return __pskb_copy(skb, hdr_sz, GFP_ATOMIC); 556 } 557 558 /* Clone all fragments and reassemble */ 559 skb_queue_walk(list, skb) { 560 frag = skb_clone(skb, GFP_ATOMIC); 561 if (!frag) 562 goto error; 563 frag->next = NULL; 564 if (tipc_buf_append(&head, &frag)) 565 break; 566 if (!head) 567 goto error; 568 } 569 return frag; 570 error: 571 pr_warn("Failed do clone local mcast rcv buffer\n"); 572 kfree_skb(head); 573 return NULL; 574 } 575