1 /* 2 * net/tipc/msg.c: TIPC message header routines 3 * 4 * Copyright (c) 2000-2006, 2014-2015, Ericsson AB 5 * Copyright (c) 2005, 2010-2011, Wind River Systems 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the names of the copyright holders nor the names of its 17 * contributors may be used to endorse or promote products derived from 18 * this software without specific prior written permission. 19 * 20 * Alternatively, this software may be distributed under the terms of the 21 * GNU General Public License ("GPL") version 2 as published by the Free 22 * Software Foundation. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 25 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 */ 36 37 #include <net/sock.h> 38 #include "core.h" 39 #include "msg.h" 40 #include "addr.h" 41 #include "name_table.h" 42 43 #define MAX_FORWARD_SIZE 1024 44 #define BUF_HEADROOM (LL_MAX_HEADER + 48) 45 #define BUF_TAILROOM 16 46 47 static unsigned int align(unsigned int i) 48 { 49 return (i + 3) & ~3u; 50 } 51 52 /** 53 * tipc_buf_acquire - creates a TIPC message buffer 54 * @size: message size (including TIPC header) 55 * 56 * Returns a new buffer with data pointers set to the specified size. 57 * 58 * NOTE: Headroom is reserved to allow prepending of a data link header. 59 * There may also be unrequested tailroom present at the buffer's end. 60 */ 61 struct sk_buff *tipc_buf_acquire(u32 size) 62 { 63 struct sk_buff *skb; 64 unsigned int buf_size = (BUF_HEADROOM + size + 3) & ~3u; 65 66 skb = alloc_skb_fclone(buf_size, GFP_ATOMIC); 67 if (skb) { 68 skb_reserve(skb, BUF_HEADROOM); 69 skb_put(skb, size); 70 skb->next = NULL; 71 } 72 return skb; 73 } 74 75 void tipc_msg_init(u32 own_node, struct tipc_msg *m, u32 user, u32 type, 76 u32 hsize, u32 dnode) 77 { 78 memset(m, 0, hsize); 79 msg_set_version(m); 80 msg_set_user(m, user); 81 msg_set_hdr_sz(m, hsize); 82 msg_set_size(m, hsize); 83 msg_set_prevnode(m, own_node); 84 msg_set_type(m, type); 85 if (hsize > SHORT_H_SIZE) { 86 msg_set_orignode(m, own_node); 87 msg_set_destnode(m, dnode); 88 } 89 } 90 91 struct sk_buff *tipc_msg_create(uint user, uint type, 92 uint hdr_sz, uint data_sz, u32 dnode, 93 u32 onode, u32 dport, u32 oport, int errcode) 94 { 95 struct tipc_msg *msg; 96 struct sk_buff *buf; 97 98 buf = tipc_buf_acquire(hdr_sz + data_sz); 99 if (unlikely(!buf)) 100 return NULL; 101 102 msg = buf_msg(buf); 103 tipc_msg_init(onode, msg, user, type, hdr_sz, dnode); 104 msg_set_size(msg, hdr_sz + data_sz); 105 msg_set_origport(msg, oport); 106 msg_set_destport(msg, dport); 107 msg_set_errcode(msg, errcode); 108 if (hdr_sz > SHORT_H_SIZE) { 109 msg_set_orignode(msg, onode); 110 msg_set_destnode(msg, dnode); 111 } 112 return buf; 113 } 114 115 /* tipc_buf_append(): Append a buffer to the fragment list of another buffer 116 * @*headbuf: in: NULL for first frag, otherwise value returned from prev call 117 * out: set when successful non-complete reassembly, otherwise NULL 118 * @*buf: in: the buffer to append. Always defined 119 * out: head buf after successful complete reassembly, otherwise NULL 120 * Returns 1 when reassembly complete, otherwise 0 121 */ 122 int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf) 123 { 124 struct sk_buff *head = *headbuf; 125 struct sk_buff *frag = *buf; 126 struct sk_buff *tail = NULL; 127 struct tipc_msg *msg; 128 u32 fragid; 129 int delta; 130 bool headstolen; 131 132 if (!frag) 133 goto err; 134 135 msg = buf_msg(frag); 136 fragid = msg_type(msg); 137 frag->next = NULL; 138 skb_pull(frag, msg_hdr_sz(msg)); 139 140 if (fragid == FIRST_FRAGMENT) { 141 if (unlikely(head)) 142 goto err; 143 if (unlikely(skb_unclone(frag, GFP_ATOMIC))) 144 goto err; 145 head = *headbuf = frag; 146 *buf = NULL; 147 TIPC_SKB_CB(head)->tail = NULL; 148 if (skb_is_nonlinear(head)) { 149 skb_walk_frags(head, tail) { 150 TIPC_SKB_CB(head)->tail = tail; 151 } 152 } else { 153 skb_frag_list_init(head); 154 } 155 return 0; 156 } 157 158 if (!head) 159 goto err; 160 161 if (skb_try_coalesce(head, frag, &headstolen, &delta)) { 162 kfree_skb_partial(frag, headstolen); 163 } else { 164 tail = TIPC_SKB_CB(head)->tail; 165 if (!skb_has_frag_list(head)) 166 skb_shinfo(head)->frag_list = frag; 167 else 168 tail->next = frag; 169 head->truesize += frag->truesize; 170 head->data_len += frag->len; 171 head->len += frag->len; 172 TIPC_SKB_CB(head)->tail = frag; 173 } 174 175 if (fragid == LAST_FRAGMENT) { 176 TIPC_SKB_CB(head)->validated = false; 177 if (unlikely(!tipc_msg_validate(head))) 178 goto err; 179 *buf = head; 180 TIPC_SKB_CB(head)->tail = NULL; 181 *headbuf = NULL; 182 return 1; 183 } 184 *buf = NULL; 185 return 0; 186 err: 187 kfree_skb(*buf); 188 kfree_skb(*headbuf); 189 *buf = *headbuf = NULL; 190 return 0; 191 } 192 193 /* tipc_msg_validate - validate basic format of received message 194 * 195 * This routine ensures a TIPC message has an acceptable header, and at least 196 * as much data as the header indicates it should. The routine also ensures 197 * that the entire message header is stored in the main fragment of the message 198 * buffer, to simplify future access to message header fields. 199 * 200 * Note: Having extra info present in the message header or data areas is OK. 201 * TIPC will ignore the excess, under the assumption that it is optional info 202 * introduced by a later release of the protocol. 203 */ 204 bool tipc_msg_validate(struct sk_buff *skb) 205 { 206 struct tipc_msg *msg; 207 int msz, hsz; 208 209 if (unlikely(TIPC_SKB_CB(skb)->validated)) 210 return true; 211 if (unlikely(!pskb_may_pull(skb, MIN_H_SIZE))) 212 return false; 213 214 hsz = msg_hdr_sz(buf_msg(skb)); 215 if (unlikely(hsz < MIN_H_SIZE) || (hsz > MAX_H_SIZE)) 216 return false; 217 if (unlikely(!pskb_may_pull(skb, hsz))) 218 return false; 219 220 msg = buf_msg(skb); 221 if (unlikely(msg_version(msg) != TIPC_VERSION)) 222 return false; 223 224 msz = msg_size(msg); 225 if (unlikely(msz < hsz)) 226 return false; 227 if (unlikely((msz - hsz) > TIPC_MAX_USER_MSG_SIZE)) 228 return false; 229 if (unlikely(skb->len < msz)) 230 return false; 231 232 TIPC_SKB_CB(skb)->validated = true; 233 return true; 234 } 235 236 /** 237 * tipc_msg_build - create buffer chain containing specified header and data 238 * @mhdr: Message header, to be prepended to data 239 * @m: User message 240 * @dsz: Total length of user data 241 * @pktmax: Max packet size that can be used 242 * @list: Buffer or chain of buffers to be returned to caller 243 * 244 * Returns message data size or errno: -ENOMEM, -EFAULT 245 */ 246 int tipc_msg_build(struct tipc_msg *mhdr, struct msghdr *m, 247 int offset, int dsz, int pktmax, struct sk_buff_head *list) 248 { 249 int mhsz = msg_hdr_sz(mhdr); 250 int msz = mhsz + dsz; 251 int pktno = 1; 252 int pktsz; 253 int pktrem = pktmax; 254 int drem = dsz; 255 struct tipc_msg pkthdr; 256 struct sk_buff *skb; 257 char *pktpos; 258 int rc; 259 260 msg_set_size(mhdr, msz); 261 262 /* No fragmentation needed? */ 263 if (likely(msz <= pktmax)) { 264 skb = tipc_buf_acquire(msz); 265 if (unlikely(!skb)) 266 return -ENOMEM; 267 skb_orphan(skb); 268 __skb_queue_tail(list, skb); 269 skb_copy_to_linear_data(skb, mhdr, mhsz); 270 pktpos = skb->data + mhsz; 271 if (copy_from_iter(pktpos, dsz, &m->msg_iter) == dsz) 272 return dsz; 273 rc = -EFAULT; 274 goto error; 275 } 276 277 /* Prepare reusable fragment header */ 278 tipc_msg_init(msg_prevnode(mhdr), &pkthdr, MSG_FRAGMENTER, 279 FIRST_FRAGMENT, INT_H_SIZE, msg_destnode(mhdr)); 280 msg_set_size(&pkthdr, pktmax); 281 msg_set_fragm_no(&pkthdr, pktno); 282 msg_set_importance(&pkthdr, msg_importance(mhdr)); 283 284 /* Prepare first fragment */ 285 skb = tipc_buf_acquire(pktmax); 286 if (!skb) 287 return -ENOMEM; 288 skb_orphan(skb); 289 __skb_queue_tail(list, skb); 290 pktpos = skb->data; 291 skb_copy_to_linear_data(skb, &pkthdr, INT_H_SIZE); 292 pktpos += INT_H_SIZE; 293 pktrem -= INT_H_SIZE; 294 skb_copy_to_linear_data_offset(skb, INT_H_SIZE, mhdr, mhsz); 295 pktpos += mhsz; 296 pktrem -= mhsz; 297 298 do { 299 if (drem < pktrem) 300 pktrem = drem; 301 302 if (copy_from_iter(pktpos, pktrem, &m->msg_iter) != pktrem) { 303 rc = -EFAULT; 304 goto error; 305 } 306 drem -= pktrem; 307 308 if (!drem) 309 break; 310 311 /* Prepare new fragment: */ 312 if (drem < (pktmax - INT_H_SIZE)) 313 pktsz = drem + INT_H_SIZE; 314 else 315 pktsz = pktmax; 316 skb = tipc_buf_acquire(pktsz); 317 if (!skb) { 318 rc = -ENOMEM; 319 goto error; 320 } 321 skb_orphan(skb); 322 __skb_queue_tail(list, skb); 323 msg_set_type(&pkthdr, FRAGMENT); 324 msg_set_size(&pkthdr, pktsz); 325 msg_set_fragm_no(&pkthdr, ++pktno); 326 skb_copy_to_linear_data(skb, &pkthdr, INT_H_SIZE); 327 pktpos = skb->data + INT_H_SIZE; 328 pktrem = pktsz - INT_H_SIZE; 329 330 } while (1); 331 msg_set_type(buf_msg(skb), LAST_FRAGMENT); 332 return dsz; 333 error: 334 __skb_queue_purge(list); 335 __skb_queue_head_init(list); 336 return rc; 337 } 338 339 /** 340 * tipc_msg_bundle(): Append contents of a buffer to tail of an existing one 341 * @skb: the buffer to append to ("bundle") 342 * @msg: message to be appended 343 * @mtu: max allowable size for the bundle buffer 344 * Consumes buffer if successful 345 * Returns true if bundling could be performed, otherwise false 346 */ 347 bool tipc_msg_bundle(struct sk_buff *skb, struct tipc_msg *msg, u32 mtu) 348 { 349 struct tipc_msg *bmsg; 350 unsigned int bsz; 351 unsigned int msz = msg_size(msg); 352 u32 start, pad; 353 u32 max = mtu - INT_H_SIZE; 354 355 if (likely(msg_user(msg) == MSG_FRAGMENTER)) 356 return false; 357 if (!skb) 358 return false; 359 bmsg = buf_msg(skb); 360 bsz = msg_size(bmsg); 361 start = align(bsz); 362 pad = start - bsz; 363 364 if (unlikely(msg_user(msg) == TUNNEL_PROTOCOL)) 365 return false; 366 if (unlikely(msg_user(msg) == BCAST_PROTOCOL)) 367 return false; 368 if (unlikely(msg_user(bmsg) != MSG_BUNDLER)) 369 return false; 370 if (unlikely(skb_tailroom(skb) < (pad + msz))) 371 return false; 372 if (unlikely(max < (start + msz))) 373 return false; 374 if ((msg_importance(msg) < TIPC_SYSTEM_IMPORTANCE) && 375 (msg_importance(bmsg) == TIPC_SYSTEM_IMPORTANCE)) 376 return false; 377 378 skb_put(skb, pad + msz); 379 skb_copy_to_linear_data_offset(skb, start, msg, msz); 380 msg_set_size(bmsg, start + msz); 381 msg_set_msgcnt(bmsg, msg_msgcnt(bmsg) + 1); 382 return true; 383 } 384 385 /** 386 * tipc_msg_extract(): extract bundled inner packet from buffer 387 * @skb: buffer to be extracted from. 388 * @iskb: extracted inner buffer, to be returned 389 * @pos: position in outer message of msg to be extracted. 390 * Returns position of next msg 391 * Consumes outer buffer when last packet extracted 392 * Returns true when when there is an extracted buffer, otherwise false 393 */ 394 bool tipc_msg_extract(struct sk_buff *skb, struct sk_buff **iskb, int *pos) 395 { 396 struct tipc_msg *msg; 397 int imsz, offset; 398 399 *iskb = NULL; 400 if (unlikely(skb_linearize(skb))) 401 goto none; 402 403 msg = buf_msg(skb); 404 offset = msg_hdr_sz(msg) + *pos; 405 if (unlikely(offset > (msg_size(msg) - MIN_H_SIZE))) 406 goto none; 407 408 *iskb = skb_clone(skb, GFP_ATOMIC); 409 if (unlikely(!*iskb)) 410 goto none; 411 skb_pull(*iskb, offset); 412 imsz = msg_size(buf_msg(*iskb)); 413 skb_trim(*iskb, imsz); 414 if (unlikely(!tipc_msg_validate(*iskb))) 415 goto none; 416 *pos += align(imsz); 417 return true; 418 none: 419 kfree_skb(skb); 420 kfree_skb(*iskb); 421 *iskb = NULL; 422 return false; 423 } 424 425 /** 426 * tipc_msg_make_bundle(): Create bundle buf and append message to its tail 427 * @list: the buffer chain, where head is the buffer to replace/append 428 * @skb: buffer to be created, appended to and returned in case of success 429 * @msg: message to be appended 430 * @mtu: max allowable size for the bundle buffer, inclusive header 431 * @dnode: destination node for message. (Not always present in header) 432 * Returns true if success, otherwise false 433 */ 434 bool tipc_msg_make_bundle(struct sk_buff **skb, struct tipc_msg *msg, 435 u32 mtu, u32 dnode) 436 { 437 struct sk_buff *_skb; 438 struct tipc_msg *bmsg; 439 u32 msz = msg_size(msg); 440 u32 max = mtu - INT_H_SIZE; 441 442 if (msg_user(msg) == MSG_FRAGMENTER) 443 return false; 444 if (msg_user(msg) == TUNNEL_PROTOCOL) 445 return false; 446 if (msg_user(msg) == BCAST_PROTOCOL) 447 return false; 448 if (msz > (max / 2)) 449 return false; 450 451 _skb = tipc_buf_acquire(max); 452 if (!_skb) 453 return false; 454 455 skb_trim(_skb, INT_H_SIZE); 456 bmsg = buf_msg(_skb); 457 tipc_msg_init(msg_prevnode(msg), bmsg, MSG_BUNDLER, 0, 458 INT_H_SIZE, dnode); 459 if (msg_isdata(msg)) 460 msg_set_importance(bmsg, TIPC_CRITICAL_IMPORTANCE); 461 else 462 msg_set_importance(bmsg, TIPC_SYSTEM_IMPORTANCE); 463 msg_set_seqno(bmsg, msg_seqno(msg)); 464 msg_set_ack(bmsg, msg_ack(msg)); 465 msg_set_bcast_ack(bmsg, msg_bcast_ack(msg)); 466 tipc_msg_bundle(_skb, msg, mtu); 467 *skb = _skb; 468 return true; 469 } 470 471 /** 472 * tipc_msg_reverse(): swap source and destination addresses and add error code 473 * @own_node: originating node id for reversed message 474 * @skb: buffer containing message to be reversed; may be replaced. 475 * @err: error code to be set in message, if any 476 * Consumes buffer at failure 477 * Returns true if success, otherwise false 478 */ 479 bool tipc_msg_reverse(u32 own_node, struct sk_buff **skb, int err) 480 { 481 struct sk_buff *_skb = *skb; 482 struct tipc_msg *hdr = buf_msg(_skb); 483 struct tipc_msg ohdr; 484 int dlen = min_t(uint, msg_data_sz(hdr), MAX_FORWARD_SIZE); 485 486 if (skb_linearize(_skb)) 487 goto exit; 488 hdr = buf_msg(_skb); 489 if (msg_dest_droppable(hdr)) 490 goto exit; 491 if (msg_errcode(hdr)) 492 goto exit; 493 494 /* Take a copy of original header before altering message */ 495 memcpy(&ohdr, hdr, msg_hdr_sz(hdr)); 496 497 /* Never return SHORT header; expand by replacing buffer if necessary */ 498 if (msg_short(hdr)) { 499 *skb = tipc_buf_acquire(BASIC_H_SIZE + dlen); 500 if (!*skb) 501 goto exit; 502 memcpy((*skb)->data + BASIC_H_SIZE, msg_data(hdr), dlen); 503 kfree_skb(_skb); 504 _skb = *skb; 505 hdr = buf_msg(_skb); 506 memcpy(hdr, &ohdr, BASIC_H_SIZE); 507 msg_set_hdr_sz(hdr, BASIC_H_SIZE); 508 } 509 510 if (skb_cloned(_skb) && 511 pskb_expand_head(_skb, BUF_HEADROOM, BUF_TAILROOM, GFP_KERNEL)) 512 goto exit; 513 514 /* Now reverse the concerned fields */ 515 msg_set_errcode(hdr, err); 516 msg_set_origport(hdr, msg_destport(&ohdr)); 517 msg_set_destport(hdr, msg_origport(&ohdr)); 518 msg_set_destnode(hdr, msg_prevnode(&ohdr)); 519 msg_set_prevnode(hdr, own_node); 520 msg_set_orignode(hdr, own_node); 521 msg_set_size(hdr, msg_hdr_sz(hdr) + dlen); 522 skb_trim(_skb, msg_size(hdr)); 523 skb_orphan(_skb); 524 return true; 525 exit: 526 kfree_skb(_skb); 527 *skb = NULL; 528 return false; 529 } 530 531 /** 532 * tipc_msg_lookup_dest(): try to find new destination for named message 533 * @skb: the buffer containing the message. 534 * @err: error code to be used by caller if lookup fails 535 * Does not consume buffer 536 * Returns true if a destination is found, false otherwise 537 */ 538 bool tipc_msg_lookup_dest(struct net *net, struct sk_buff *skb, int *err) 539 { 540 struct tipc_msg *msg = buf_msg(skb); 541 u32 dport, dnode; 542 u32 onode = tipc_own_addr(net); 543 544 if (!msg_isdata(msg)) 545 return false; 546 if (!msg_named(msg)) 547 return false; 548 if (msg_errcode(msg)) 549 return false; 550 *err = -TIPC_ERR_NO_NAME; 551 if (skb_linearize(skb)) 552 return false; 553 msg = buf_msg(skb); 554 if (msg_reroute_cnt(msg)) 555 return false; 556 dnode = addr_domain(net, msg_lookup_scope(msg)); 557 dport = tipc_nametbl_translate(net, msg_nametype(msg), 558 msg_nameinst(msg), &dnode); 559 if (!dport) 560 return false; 561 msg_incr_reroute_cnt(msg); 562 if (dnode != onode) 563 msg_set_prevnode(msg, onode); 564 msg_set_destnode(msg, dnode); 565 msg_set_destport(msg, dport); 566 *err = TIPC_OK; 567 return true; 568 } 569 570 /* tipc_msg_reassemble() - clone a buffer chain of fragments and 571 * reassemble the clones into one message 572 */ 573 bool tipc_msg_reassemble(struct sk_buff_head *list, struct sk_buff_head *rcvq) 574 { 575 struct sk_buff *skb, *_skb; 576 struct sk_buff *frag = NULL; 577 struct sk_buff *head = NULL; 578 int hdr_len; 579 580 /* Copy header if single buffer */ 581 if (skb_queue_len(list) == 1) { 582 skb = skb_peek(list); 583 hdr_len = skb_headroom(skb) + msg_hdr_sz(buf_msg(skb)); 584 _skb = __pskb_copy(skb, hdr_len, GFP_ATOMIC); 585 if (!_skb) 586 return false; 587 __skb_queue_tail(rcvq, _skb); 588 return true; 589 } 590 591 /* Clone all fragments and reassemble */ 592 skb_queue_walk(list, skb) { 593 frag = skb_clone(skb, GFP_ATOMIC); 594 if (!frag) 595 goto error; 596 frag->next = NULL; 597 if (tipc_buf_append(&head, &frag)) 598 break; 599 if (!head) 600 goto error; 601 } 602 __skb_queue_tail(rcvq, frag); 603 return true; 604 error: 605 pr_warn("Failed do clone local mcast rcv buffer\n"); 606 kfree_skb(head); 607 return false; 608 } 609 610 /* tipc_skb_queue_sorted(); sort pkt into list according to sequence number 611 * @list: list to be appended to 612 * @seqno: sequence number of buffer to add 613 * @skb: buffer to add 614 */ 615 void __tipc_skb_queue_sorted(struct sk_buff_head *list, u16 seqno, 616 struct sk_buff *skb) 617 { 618 struct sk_buff *_skb, *tmp; 619 620 if (skb_queue_empty(list) || less(seqno, buf_seqno(skb_peek(list)))) { 621 __skb_queue_head(list, skb); 622 return; 623 } 624 625 if (more(seqno, buf_seqno(skb_peek_tail(list)))) { 626 __skb_queue_tail(list, skb); 627 return; 628 } 629 630 skb_queue_walk_safe(list, _skb, tmp) { 631 if (more(seqno, buf_seqno(_skb))) 632 continue; 633 if (seqno == buf_seqno(_skb)) 634 break; 635 __skb_queue_before(list, _skb, skb); 636 return; 637 } 638 kfree_skb(skb); 639 } 640