1 /* 2 * net/tipc/msg.c: TIPC message header routines 3 * 4 * Copyright (c) 2000-2006, 2014-2015, Ericsson AB 5 * Copyright (c) 2005, 2010-2011, Wind River Systems 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the names of the copyright holders nor the names of its 17 * contributors may be used to endorse or promote products derived from 18 * this software without specific prior written permission. 19 * 20 * Alternatively, this software may be distributed under the terms of the 21 * GNU General Public License ("GPL") version 2 as published by the Free 22 * Software Foundation. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 25 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 */ 36 37 #include <net/sock.h> 38 #include "core.h" 39 #include "msg.h" 40 #include "addr.h" 41 #include "name_table.h" 42 43 #define MAX_FORWARD_SIZE 1024 44 45 static unsigned int align(unsigned int i) 46 { 47 return (i + 3) & ~3u; 48 } 49 50 /** 51 * tipc_buf_acquire - creates a TIPC message buffer 52 * @size: message size (including TIPC header) 53 * 54 * Returns a new buffer with data pointers set to the specified size. 55 * 56 * NOTE: Headroom is reserved to allow prepending of a data link header. 57 * There may also be unrequested tailroom present at the buffer's end. 58 */ 59 struct sk_buff *tipc_buf_acquire(u32 size) 60 { 61 struct sk_buff *skb; 62 unsigned int buf_size = (BUF_HEADROOM + size + 3) & ~3u; 63 64 skb = alloc_skb_fclone(buf_size, GFP_ATOMIC); 65 if (skb) { 66 skb_reserve(skb, BUF_HEADROOM); 67 skb_put(skb, size); 68 skb->next = NULL; 69 } 70 return skb; 71 } 72 73 void tipc_msg_init(u32 own_node, struct tipc_msg *m, u32 user, u32 type, 74 u32 hsize, u32 dnode) 75 { 76 memset(m, 0, hsize); 77 msg_set_version(m); 78 msg_set_user(m, user); 79 msg_set_hdr_sz(m, hsize); 80 msg_set_size(m, hsize); 81 msg_set_prevnode(m, own_node); 82 msg_set_type(m, type); 83 if (hsize > SHORT_H_SIZE) { 84 msg_set_orignode(m, own_node); 85 msg_set_destnode(m, dnode); 86 } 87 } 88 89 struct sk_buff *tipc_msg_create(uint user, uint type, 90 uint hdr_sz, uint data_sz, u32 dnode, 91 u32 onode, u32 dport, u32 oport, int errcode) 92 { 93 struct tipc_msg *msg; 94 struct sk_buff *buf; 95 96 buf = tipc_buf_acquire(hdr_sz + data_sz); 97 if (unlikely(!buf)) 98 return NULL; 99 100 msg = buf_msg(buf); 101 tipc_msg_init(onode, msg, user, type, hdr_sz, dnode); 102 msg_set_size(msg, hdr_sz + data_sz); 103 msg_set_origport(msg, oport); 104 msg_set_destport(msg, dport); 105 msg_set_errcode(msg, errcode); 106 if (hdr_sz > SHORT_H_SIZE) { 107 msg_set_orignode(msg, onode); 108 msg_set_destnode(msg, dnode); 109 } 110 return buf; 111 } 112 113 /* tipc_buf_append(): Append a buffer to the fragment list of another buffer 114 * @*headbuf: in: NULL for first frag, otherwise value returned from prev call 115 * out: set when successful non-complete reassembly, otherwise NULL 116 * @*buf: in: the buffer to append. Always defined 117 * out: head buf after successful complete reassembly, otherwise NULL 118 * Returns 1 when reassembly complete, otherwise 0 119 */ 120 int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf) 121 { 122 struct sk_buff *head = *headbuf; 123 struct sk_buff *frag = *buf; 124 struct sk_buff *tail = NULL; 125 struct tipc_msg *msg; 126 u32 fragid; 127 int delta; 128 bool headstolen; 129 130 if (!frag) 131 goto err; 132 133 msg = buf_msg(frag); 134 fragid = msg_type(msg); 135 frag->next = NULL; 136 skb_pull(frag, msg_hdr_sz(msg)); 137 138 if (fragid == FIRST_FRAGMENT) { 139 if (unlikely(head)) 140 goto err; 141 if (unlikely(skb_unclone(frag, GFP_ATOMIC))) 142 goto err; 143 head = *headbuf = frag; 144 *buf = NULL; 145 TIPC_SKB_CB(head)->tail = NULL; 146 if (skb_is_nonlinear(head)) { 147 skb_walk_frags(head, tail) { 148 TIPC_SKB_CB(head)->tail = tail; 149 } 150 } else { 151 skb_frag_list_init(head); 152 } 153 return 0; 154 } 155 156 if (!head) 157 goto err; 158 159 if (skb_try_coalesce(head, frag, &headstolen, &delta)) { 160 kfree_skb_partial(frag, headstolen); 161 } else { 162 tail = TIPC_SKB_CB(head)->tail; 163 if (!skb_has_frag_list(head)) 164 skb_shinfo(head)->frag_list = frag; 165 else 166 tail->next = frag; 167 head->truesize += frag->truesize; 168 head->data_len += frag->len; 169 head->len += frag->len; 170 TIPC_SKB_CB(head)->tail = frag; 171 } 172 173 if (fragid == LAST_FRAGMENT) { 174 TIPC_SKB_CB(head)->validated = false; 175 if (unlikely(!tipc_msg_validate(head))) 176 goto err; 177 *buf = head; 178 TIPC_SKB_CB(head)->tail = NULL; 179 *headbuf = NULL; 180 return 1; 181 } 182 *buf = NULL; 183 return 0; 184 err: 185 pr_warn_ratelimited("Unable to build fragment list\n"); 186 kfree_skb(*buf); 187 kfree_skb(*headbuf); 188 *buf = *headbuf = NULL; 189 return 0; 190 } 191 192 /* tipc_msg_validate - validate basic format of received message 193 * 194 * This routine ensures a TIPC message has an acceptable header, and at least 195 * as much data as the header indicates it should. The routine also ensures 196 * that the entire message header is stored in the main fragment of the message 197 * buffer, to simplify future access to message header fields. 198 * 199 * Note: Having extra info present in the message header or data areas is OK. 200 * TIPC will ignore the excess, under the assumption that it is optional info 201 * introduced by a later release of the protocol. 202 */ 203 bool tipc_msg_validate(struct sk_buff *skb) 204 { 205 struct tipc_msg *msg; 206 int msz, hsz; 207 208 if (unlikely(TIPC_SKB_CB(skb)->validated)) 209 return true; 210 if (unlikely(!pskb_may_pull(skb, MIN_H_SIZE))) 211 return false; 212 213 hsz = msg_hdr_sz(buf_msg(skb)); 214 if (unlikely(hsz < MIN_H_SIZE) || (hsz > MAX_H_SIZE)) 215 return false; 216 if (unlikely(!pskb_may_pull(skb, hsz))) 217 return false; 218 219 msg = buf_msg(skb); 220 if (unlikely(msg_version(msg) != TIPC_VERSION)) 221 return false; 222 223 msz = msg_size(msg); 224 if (unlikely(msz < hsz)) 225 return false; 226 if (unlikely((msz - hsz) > TIPC_MAX_USER_MSG_SIZE)) 227 return false; 228 if (unlikely(skb->len < msz)) 229 return false; 230 231 TIPC_SKB_CB(skb)->validated = true; 232 return true; 233 } 234 235 /** 236 * tipc_msg_build - create buffer chain containing specified header and data 237 * @mhdr: Message header, to be prepended to data 238 * @m: User message 239 * @dsz: Total length of user data 240 * @pktmax: Max packet size that can be used 241 * @list: Buffer or chain of buffers to be returned to caller 242 * 243 * Returns message data size or errno: -ENOMEM, -EFAULT 244 */ 245 int tipc_msg_build(struct tipc_msg *mhdr, struct msghdr *m, 246 int offset, int dsz, int pktmax, struct sk_buff_head *list) 247 { 248 int mhsz = msg_hdr_sz(mhdr); 249 int msz = mhsz + dsz; 250 int pktno = 1; 251 int pktsz; 252 int pktrem = pktmax; 253 int drem = dsz; 254 struct tipc_msg pkthdr; 255 struct sk_buff *skb; 256 char *pktpos; 257 int rc; 258 259 msg_set_size(mhdr, msz); 260 261 /* No fragmentation needed? */ 262 if (likely(msz <= pktmax)) { 263 skb = tipc_buf_acquire(msz); 264 if (unlikely(!skb)) 265 return -ENOMEM; 266 skb_orphan(skb); 267 __skb_queue_tail(list, skb); 268 skb_copy_to_linear_data(skb, mhdr, mhsz); 269 pktpos = skb->data + mhsz; 270 if (copy_from_iter(pktpos, dsz, &m->msg_iter) == dsz) 271 return dsz; 272 rc = -EFAULT; 273 goto error; 274 } 275 276 /* Prepare reusable fragment header */ 277 tipc_msg_init(msg_prevnode(mhdr), &pkthdr, MSG_FRAGMENTER, 278 FIRST_FRAGMENT, INT_H_SIZE, msg_destnode(mhdr)); 279 msg_set_size(&pkthdr, pktmax); 280 msg_set_fragm_no(&pkthdr, pktno); 281 msg_set_importance(&pkthdr, msg_importance(mhdr)); 282 283 /* Prepare first fragment */ 284 skb = tipc_buf_acquire(pktmax); 285 if (!skb) 286 return -ENOMEM; 287 skb_orphan(skb); 288 __skb_queue_tail(list, skb); 289 pktpos = skb->data; 290 skb_copy_to_linear_data(skb, &pkthdr, INT_H_SIZE); 291 pktpos += INT_H_SIZE; 292 pktrem -= INT_H_SIZE; 293 skb_copy_to_linear_data_offset(skb, INT_H_SIZE, mhdr, mhsz); 294 pktpos += mhsz; 295 pktrem -= mhsz; 296 297 do { 298 if (drem < pktrem) 299 pktrem = drem; 300 301 if (copy_from_iter(pktpos, pktrem, &m->msg_iter) != pktrem) { 302 rc = -EFAULT; 303 goto error; 304 } 305 drem -= pktrem; 306 307 if (!drem) 308 break; 309 310 /* Prepare new fragment: */ 311 if (drem < (pktmax - INT_H_SIZE)) 312 pktsz = drem + INT_H_SIZE; 313 else 314 pktsz = pktmax; 315 skb = tipc_buf_acquire(pktsz); 316 if (!skb) { 317 rc = -ENOMEM; 318 goto error; 319 } 320 skb_orphan(skb); 321 __skb_queue_tail(list, skb); 322 msg_set_type(&pkthdr, FRAGMENT); 323 msg_set_size(&pkthdr, pktsz); 324 msg_set_fragm_no(&pkthdr, ++pktno); 325 skb_copy_to_linear_data(skb, &pkthdr, INT_H_SIZE); 326 pktpos = skb->data + INT_H_SIZE; 327 pktrem = pktsz - INT_H_SIZE; 328 329 } while (1); 330 msg_set_type(buf_msg(skb), LAST_FRAGMENT); 331 return dsz; 332 error: 333 __skb_queue_purge(list); 334 __skb_queue_head_init(list); 335 return rc; 336 } 337 338 /** 339 * tipc_msg_bundle(): Append contents of a buffer to tail of an existing one 340 * @skb: the buffer to append to ("bundle") 341 * @msg: message to be appended 342 * @mtu: max allowable size for the bundle buffer 343 * Consumes buffer if successful 344 * Returns true if bundling could be performed, otherwise false 345 */ 346 bool tipc_msg_bundle(struct sk_buff *skb, struct tipc_msg *msg, u32 mtu) 347 { 348 struct tipc_msg *bmsg; 349 unsigned int bsz; 350 unsigned int msz = msg_size(msg); 351 u32 start, pad; 352 u32 max = mtu - INT_H_SIZE; 353 354 if (likely(msg_user(msg) == MSG_FRAGMENTER)) 355 return false; 356 if (!skb) 357 return false; 358 bmsg = buf_msg(skb); 359 bsz = msg_size(bmsg); 360 start = align(bsz); 361 pad = start - bsz; 362 363 if (unlikely(msg_user(msg) == TUNNEL_PROTOCOL)) 364 return false; 365 if (unlikely(msg_user(msg) == BCAST_PROTOCOL)) 366 return false; 367 if (unlikely(msg_user(bmsg) != MSG_BUNDLER)) 368 return false; 369 if (unlikely(skb_tailroom(skb) < (pad + msz))) 370 return false; 371 if (unlikely(max < (start + msz))) 372 return false; 373 if ((msg_importance(msg) < TIPC_SYSTEM_IMPORTANCE) && 374 (msg_importance(bmsg) == TIPC_SYSTEM_IMPORTANCE)) 375 return false; 376 377 skb_put(skb, pad + msz); 378 skb_copy_to_linear_data_offset(skb, start, msg, msz); 379 msg_set_size(bmsg, start + msz); 380 msg_set_msgcnt(bmsg, msg_msgcnt(bmsg) + 1); 381 return true; 382 } 383 384 /** 385 * tipc_msg_extract(): extract bundled inner packet from buffer 386 * @skb: buffer to be extracted from. 387 * @iskb: extracted inner buffer, to be returned 388 * @pos: position in outer message of msg to be extracted. 389 * Returns position of next msg 390 * Consumes outer buffer when last packet extracted 391 * Returns true when when there is an extracted buffer, otherwise false 392 */ 393 bool tipc_msg_extract(struct sk_buff *skb, struct sk_buff **iskb, int *pos) 394 { 395 struct tipc_msg *msg; 396 int imsz, offset; 397 398 *iskb = NULL; 399 if (unlikely(skb_linearize(skb))) 400 goto none; 401 402 msg = buf_msg(skb); 403 offset = msg_hdr_sz(msg) + *pos; 404 if (unlikely(offset > (msg_size(msg) - MIN_H_SIZE))) 405 goto none; 406 407 *iskb = skb_clone(skb, GFP_ATOMIC); 408 if (unlikely(!*iskb)) 409 goto none; 410 skb_pull(*iskb, offset); 411 imsz = msg_size(buf_msg(*iskb)); 412 skb_trim(*iskb, imsz); 413 if (unlikely(!tipc_msg_validate(*iskb))) 414 goto none; 415 *pos += align(imsz); 416 return true; 417 none: 418 kfree_skb(skb); 419 kfree_skb(*iskb); 420 *iskb = NULL; 421 return false; 422 } 423 424 /** 425 * tipc_msg_make_bundle(): Create bundle buf and append message to its tail 426 * @list: the buffer chain, where head is the buffer to replace/append 427 * @skb: buffer to be created, appended to and returned in case of success 428 * @msg: message to be appended 429 * @mtu: max allowable size for the bundle buffer, inclusive header 430 * @dnode: destination node for message. (Not always present in header) 431 * Returns true if success, otherwise false 432 */ 433 bool tipc_msg_make_bundle(struct sk_buff **skb, struct tipc_msg *msg, 434 u32 mtu, u32 dnode) 435 { 436 struct sk_buff *_skb; 437 struct tipc_msg *bmsg; 438 u32 msz = msg_size(msg); 439 u32 max = mtu - INT_H_SIZE; 440 441 if (msg_user(msg) == MSG_FRAGMENTER) 442 return false; 443 if (msg_user(msg) == TUNNEL_PROTOCOL) 444 return false; 445 if (msg_user(msg) == BCAST_PROTOCOL) 446 return false; 447 if (msz > (max / 2)) 448 return false; 449 450 _skb = tipc_buf_acquire(max); 451 if (!_skb) 452 return false; 453 454 skb_trim(_skb, INT_H_SIZE); 455 bmsg = buf_msg(_skb); 456 tipc_msg_init(msg_prevnode(msg), bmsg, MSG_BUNDLER, 0, 457 INT_H_SIZE, dnode); 458 if (msg_isdata(msg)) 459 msg_set_importance(bmsg, TIPC_CRITICAL_IMPORTANCE); 460 else 461 msg_set_importance(bmsg, TIPC_SYSTEM_IMPORTANCE); 462 msg_set_seqno(bmsg, msg_seqno(msg)); 463 msg_set_ack(bmsg, msg_ack(msg)); 464 msg_set_bcast_ack(bmsg, msg_bcast_ack(msg)); 465 tipc_msg_bundle(_skb, msg, mtu); 466 *skb = _skb; 467 return true; 468 } 469 470 /** 471 * tipc_msg_reverse(): swap source and destination addresses and add error code 472 * @own_node: originating node id for reversed message 473 * @skb: buffer containing message to be reversed; may be replaced. 474 * @err: error code to be set in message, if any 475 * Consumes buffer at failure 476 * Returns true if success, otherwise false 477 */ 478 bool tipc_msg_reverse(u32 own_node, struct sk_buff **skb, int err) 479 { 480 struct sk_buff *_skb = *skb; 481 struct tipc_msg *hdr = buf_msg(_skb); 482 struct tipc_msg ohdr; 483 int dlen = min_t(uint, msg_data_sz(hdr), MAX_FORWARD_SIZE); 484 485 if (skb_linearize(_skb)) 486 goto exit; 487 hdr = buf_msg(_skb); 488 if (msg_dest_droppable(hdr)) 489 goto exit; 490 if (msg_errcode(hdr)) 491 goto exit; 492 493 /* Take a copy of original header before altering message */ 494 memcpy(&ohdr, hdr, msg_hdr_sz(hdr)); 495 496 /* Never return SHORT header; expand by replacing buffer if necessary */ 497 if (msg_short(hdr)) { 498 *skb = tipc_buf_acquire(BASIC_H_SIZE + dlen); 499 if (!*skb) 500 goto exit; 501 memcpy((*skb)->data + BASIC_H_SIZE, msg_data(hdr), dlen); 502 kfree_skb(_skb); 503 _skb = *skb; 504 hdr = buf_msg(_skb); 505 memcpy(hdr, &ohdr, BASIC_H_SIZE); 506 msg_set_hdr_sz(hdr, BASIC_H_SIZE); 507 } 508 509 /* Now reverse the concerned fields */ 510 msg_set_errcode(hdr, err); 511 msg_set_origport(hdr, msg_destport(&ohdr)); 512 msg_set_destport(hdr, msg_origport(&ohdr)); 513 msg_set_destnode(hdr, msg_prevnode(&ohdr)); 514 msg_set_prevnode(hdr, own_node); 515 msg_set_orignode(hdr, own_node); 516 msg_set_size(hdr, msg_hdr_sz(hdr) + dlen); 517 skb_trim(_skb, msg_size(hdr)); 518 skb_orphan(_skb); 519 return true; 520 exit: 521 kfree_skb(_skb); 522 *skb = NULL; 523 return false; 524 } 525 526 /** 527 * tipc_msg_lookup_dest(): try to find new destination for named message 528 * @skb: the buffer containing the message. 529 * @err: error code to be used by caller if lookup fails 530 * Does not consume buffer 531 * Returns true if a destination is found, false otherwise 532 */ 533 bool tipc_msg_lookup_dest(struct net *net, struct sk_buff *skb, int *err) 534 { 535 struct tipc_msg *msg = buf_msg(skb); 536 u32 dport, dnode; 537 u32 onode = tipc_own_addr(net); 538 539 if (!msg_isdata(msg)) 540 return false; 541 if (!msg_named(msg)) 542 return false; 543 if (msg_errcode(msg)) 544 return false; 545 *err = -TIPC_ERR_NO_NAME; 546 if (skb_linearize(skb)) 547 return false; 548 msg = buf_msg(skb); 549 if (msg_reroute_cnt(msg)) 550 return false; 551 dnode = addr_domain(net, msg_lookup_scope(msg)); 552 dport = tipc_nametbl_translate(net, msg_nametype(msg), 553 msg_nameinst(msg), &dnode); 554 if (!dport) 555 return false; 556 msg_incr_reroute_cnt(msg); 557 if (dnode != onode) 558 msg_set_prevnode(msg, onode); 559 msg_set_destnode(msg, dnode); 560 msg_set_destport(msg, dport); 561 *err = TIPC_OK; 562 return true; 563 } 564 565 /* tipc_msg_reassemble() - clone a buffer chain of fragments and 566 * reassemble the clones into one message 567 */ 568 struct sk_buff *tipc_msg_reassemble(struct sk_buff_head *list) 569 { 570 struct sk_buff *skb; 571 struct sk_buff *frag = NULL; 572 struct sk_buff *head = NULL; 573 int hdr_sz; 574 575 /* Copy header if single buffer */ 576 if (skb_queue_len(list) == 1) { 577 skb = skb_peek(list); 578 hdr_sz = skb_headroom(skb) + msg_hdr_sz(buf_msg(skb)); 579 return __pskb_copy(skb, hdr_sz, GFP_ATOMIC); 580 } 581 582 /* Clone all fragments and reassemble */ 583 skb_queue_walk(list, skb) { 584 frag = skb_clone(skb, GFP_ATOMIC); 585 if (!frag) 586 goto error; 587 frag->next = NULL; 588 if (tipc_buf_append(&head, &frag)) 589 break; 590 if (!head) 591 goto error; 592 } 593 return frag; 594 error: 595 pr_warn("Failed do clone local mcast rcv buffer\n"); 596 kfree_skb(head); 597 return NULL; 598 } 599