1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Management Component Transport Protocol (MCTP) - routing 4 * implementation. 5 * 6 * This is currently based on a simple routing table, with no dst cache. The 7 * number of routes should stay fairly small, so the lookup cost is small. 8 * 9 * Copyright (c) 2021 Code Construct 10 * Copyright (c) 2021 Google 11 */ 12 13 #include <linux/idr.h> 14 #include <linux/kconfig.h> 15 #include <linux/mctp.h> 16 #include <linux/netdevice.h> 17 #include <linux/rtnetlink.h> 18 #include <linux/skbuff.h> 19 20 #include <uapi/linux/if_arp.h> 21 22 #include <net/mctp.h> 23 #include <net/mctpdevice.h> 24 #include <net/netlink.h> 25 #include <net/sock.h> 26 27 #include <trace/events/mctp.h> 28 29 static const unsigned int mctp_message_maxlen = 64 * 1024; 30 static const unsigned long mctp_key_lifetime = 6 * CONFIG_HZ; 31 32 static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev); 33 34 /* route output callbacks */ 35 static int mctp_route_discard(struct mctp_route *route, struct sk_buff *skb) 36 { 37 kfree_skb(skb); 38 return 0; 39 } 40 41 static struct mctp_sock *mctp_lookup_bind(struct net *net, struct sk_buff *skb) 42 { 43 struct mctp_skb_cb *cb = mctp_cb(skb); 44 struct mctp_hdr *mh; 45 struct sock *sk; 46 u8 type; 47 48 WARN_ON(!rcu_read_lock_held()); 49 50 /* TODO: look up in skb->cb? */ 51 mh = mctp_hdr(skb); 52 53 if (!skb_headlen(skb)) 54 return NULL; 55 56 type = (*(u8 *)skb->data) & 0x7f; 57 58 sk_for_each_rcu(sk, &net->mctp.binds) { 59 struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk); 60 61 if (msk->bind_net != MCTP_NET_ANY && msk->bind_net != cb->net) 62 continue; 63 64 if (msk->bind_type != type) 65 continue; 66 67 if (!mctp_address_matches(msk->bind_addr, mh->dest)) 68 continue; 69 70 return msk; 71 } 72 73 return NULL; 74 } 75 76 static bool mctp_key_match(struct mctp_sk_key *key, mctp_eid_t local, 77 mctp_eid_t peer, u8 tag) 78 { 79 if (!mctp_address_matches(key->local_addr, local)) 80 return false; 81 82 if (key->peer_addr != peer) 83 return false; 84 85 if (key->tag != tag) 86 return false; 87 88 return true; 89 } 90 91 /* returns a key (with key->lock held, and refcounted), or NULL if no such 92 * key exists. 93 */ 94 static struct mctp_sk_key *mctp_lookup_key(struct net *net, struct sk_buff *skb, 95 mctp_eid_t peer, 96 unsigned long *irqflags) 97 __acquires(&key->lock) 98 { 99 struct mctp_sk_key *key, *ret; 100 unsigned long flags; 101 struct mctp_hdr *mh; 102 u8 tag; 103 104 mh = mctp_hdr(skb); 105 tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO); 106 107 ret = NULL; 108 spin_lock_irqsave(&net->mctp.keys_lock, flags); 109 110 hlist_for_each_entry(key, &net->mctp.keys, hlist) { 111 if (!mctp_key_match(key, mh->dest, peer, tag)) 112 continue; 113 114 spin_lock(&key->lock); 115 if (key->valid) { 116 refcount_inc(&key->refs); 117 ret = key; 118 break; 119 } 120 spin_unlock(&key->lock); 121 } 122 123 if (ret) { 124 spin_unlock(&net->mctp.keys_lock); 125 *irqflags = flags; 126 } else { 127 spin_unlock_irqrestore(&net->mctp.keys_lock, flags); 128 } 129 130 return ret; 131 } 132 133 static struct mctp_sk_key *mctp_key_alloc(struct mctp_sock *msk, 134 mctp_eid_t local, mctp_eid_t peer, 135 u8 tag, gfp_t gfp) 136 { 137 struct mctp_sk_key *key; 138 139 key = kzalloc(sizeof(*key), gfp); 140 if (!key) 141 return NULL; 142 143 key->peer_addr = peer; 144 key->local_addr = local; 145 key->tag = tag; 146 key->sk = &msk->sk; 147 key->valid = true; 148 spin_lock_init(&key->lock); 149 refcount_set(&key->refs, 1); 150 sock_hold(key->sk); 151 152 return key; 153 } 154 155 void mctp_key_unref(struct mctp_sk_key *key) 156 { 157 unsigned long flags; 158 159 if (!refcount_dec_and_test(&key->refs)) 160 return; 161 162 /* even though no refs exist here, the lock allows us to stay 163 * consistent with the locking requirement of mctp_dev_release_key 164 */ 165 spin_lock_irqsave(&key->lock, flags); 166 mctp_dev_release_key(key->dev, key); 167 spin_unlock_irqrestore(&key->lock, flags); 168 169 sock_put(key->sk); 170 kfree(key); 171 } 172 173 static int mctp_key_add(struct mctp_sk_key *key, struct mctp_sock *msk) 174 { 175 struct net *net = sock_net(&msk->sk); 176 struct mctp_sk_key *tmp; 177 unsigned long flags; 178 int rc = 0; 179 180 spin_lock_irqsave(&net->mctp.keys_lock, flags); 181 182 if (sock_flag(&msk->sk, SOCK_DEAD)) { 183 rc = -EINVAL; 184 goto out_unlock; 185 } 186 187 hlist_for_each_entry(tmp, &net->mctp.keys, hlist) { 188 if (mctp_key_match(tmp, key->local_addr, key->peer_addr, 189 key->tag)) { 190 spin_lock(&tmp->lock); 191 if (tmp->valid) 192 rc = -EEXIST; 193 spin_unlock(&tmp->lock); 194 if (rc) 195 break; 196 } 197 } 198 199 if (!rc) { 200 refcount_inc(&key->refs); 201 key->expiry = jiffies + mctp_key_lifetime; 202 timer_reduce(&msk->key_expiry, key->expiry); 203 204 hlist_add_head(&key->hlist, &net->mctp.keys); 205 hlist_add_head(&key->sklist, &msk->keys); 206 } 207 208 out_unlock: 209 spin_unlock_irqrestore(&net->mctp.keys_lock, flags); 210 211 return rc; 212 } 213 214 /* Helper for mctp_route_input(). 215 * We're done with the key; unlock and unref the key. 216 * For the usual case of automatic expiry we remove the key from lists. 217 * In the case that manual allocation is set on a key we release the lock 218 * and local ref, reset reassembly, but don't remove from lists. 219 */ 220 static void __mctp_key_done_in(struct mctp_sk_key *key, struct net *net, 221 unsigned long flags, unsigned long reason) 222 __releases(&key->lock) 223 { 224 struct sk_buff *skb; 225 226 trace_mctp_key_release(key, reason); 227 skb = key->reasm_head; 228 key->reasm_head = NULL; 229 230 if (!key->manual_alloc) { 231 key->reasm_dead = true; 232 key->valid = false; 233 mctp_dev_release_key(key->dev, key); 234 } 235 spin_unlock_irqrestore(&key->lock, flags); 236 237 if (!key->manual_alloc) { 238 spin_lock_irqsave(&net->mctp.keys_lock, flags); 239 if (!hlist_unhashed(&key->hlist)) { 240 hlist_del_init(&key->hlist); 241 hlist_del_init(&key->sklist); 242 mctp_key_unref(key); 243 } 244 spin_unlock_irqrestore(&net->mctp.keys_lock, flags); 245 } 246 247 /* and one for the local reference */ 248 mctp_key_unref(key); 249 250 kfree_skb(skb); 251 } 252 253 #ifdef CONFIG_MCTP_FLOWS 254 static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key) 255 { 256 struct mctp_flow *flow; 257 258 flow = skb_ext_add(skb, SKB_EXT_MCTP); 259 if (!flow) 260 return; 261 262 refcount_inc(&key->refs); 263 flow->key = key; 264 } 265 266 static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev) 267 { 268 struct mctp_sk_key *key; 269 struct mctp_flow *flow; 270 271 flow = skb_ext_find(skb, SKB_EXT_MCTP); 272 if (!flow) 273 return; 274 275 key = flow->key; 276 277 if (WARN_ON(key->dev && key->dev != dev)) 278 return; 279 280 mctp_dev_set_key(dev, key); 281 } 282 #else 283 static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key) {} 284 static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev) {} 285 #endif 286 287 static int mctp_frag_queue(struct mctp_sk_key *key, struct sk_buff *skb) 288 { 289 struct mctp_hdr *hdr = mctp_hdr(skb); 290 u8 exp_seq, this_seq; 291 292 this_seq = (hdr->flags_seq_tag >> MCTP_HDR_SEQ_SHIFT) 293 & MCTP_HDR_SEQ_MASK; 294 295 if (!key->reasm_head) { 296 key->reasm_head = skb; 297 key->reasm_tailp = &(skb_shinfo(skb)->frag_list); 298 key->last_seq = this_seq; 299 return 0; 300 } 301 302 exp_seq = (key->last_seq + 1) & MCTP_HDR_SEQ_MASK; 303 304 if (this_seq != exp_seq) 305 return -EINVAL; 306 307 if (key->reasm_head->len + skb->len > mctp_message_maxlen) 308 return -EINVAL; 309 310 skb->next = NULL; 311 skb->sk = NULL; 312 *key->reasm_tailp = skb; 313 key->reasm_tailp = &skb->next; 314 315 key->last_seq = this_seq; 316 317 key->reasm_head->data_len += skb->len; 318 key->reasm_head->len += skb->len; 319 key->reasm_head->truesize += skb->truesize; 320 321 return 0; 322 } 323 324 static int mctp_route_input(struct mctp_route *route, struct sk_buff *skb) 325 { 326 struct mctp_sk_key *key, *any_key = NULL; 327 struct net *net = dev_net(skb->dev); 328 struct mctp_sock *msk; 329 struct mctp_hdr *mh; 330 unsigned long f; 331 u8 tag, flags; 332 int rc; 333 334 msk = NULL; 335 rc = -EINVAL; 336 337 /* we may be receiving a locally-routed packet; drop source sk 338 * accounting 339 */ 340 skb_orphan(skb); 341 342 /* ensure we have enough data for a header and a type */ 343 if (skb->len < sizeof(struct mctp_hdr) + 1) 344 goto out; 345 346 /* grab header, advance data ptr */ 347 mh = mctp_hdr(skb); 348 skb_pull(skb, sizeof(struct mctp_hdr)); 349 350 if (mh->ver != 1) 351 goto out; 352 353 flags = mh->flags_seq_tag & (MCTP_HDR_FLAG_SOM | MCTP_HDR_FLAG_EOM); 354 tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO); 355 356 rcu_read_lock(); 357 358 /* lookup socket / reasm context, exactly matching (src,dest,tag). 359 * we hold a ref on the key, and key->lock held. 360 */ 361 key = mctp_lookup_key(net, skb, mh->src, &f); 362 363 if (flags & MCTP_HDR_FLAG_SOM) { 364 if (key) { 365 msk = container_of(key->sk, struct mctp_sock, sk); 366 } else { 367 /* first response to a broadcast? do a more general 368 * key lookup to find the socket, but don't use this 369 * key for reassembly - we'll create a more specific 370 * one for future packets if required (ie, !EOM). 371 */ 372 any_key = mctp_lookup_key(net, skb, MCTP_ADDR_ANY, &f); 373 if (any_key) { 374 msk = container_of(any_key->sk, 375 struct mctp_sock, sk); 376 spin_unlock_irqrestore(&any_key->lock, f); 377 } 378 } 379 380 if (!key && !msk && (tag & MCTP_HDR_FLAG_TO)) 381 msk = mctp_lookup_bind(net, skb); 382 383 if (!msk) { 384 rc = -ENOENT; 385 goto out_unlock; 386 } 387 388 /* single-packet message? deliver to socket, clean up any 389 * pending key. 390 */ 391 if (flags & MCTP_HDR_FLAG_EOM) { 392 sock_queue_rcv_skb(&msk->sk, skb); 393 if (key) { 394 /* we've hit a pending reassembly; not much we 395 * can do but drop it 396 */ 397 __mctp_key_done_in(key, net, f, 398 MCTP_TRACE_KEY_REPLIED); 399 key = NULL; 400 } 401 rc = 0; 402 goto out_unlock; 403 } 404 405 /* broadcast response or a bind() - create a key for further 406 * packets for this message 407 */ 408 if (!key) { 409 key = mctp_key_alloc(msk, mh->dest, mh->src, 410 tag, GFP_ATOMIC); 411 if (!key) { 412 rc = -ENOMEM; 413 goto out_unlock; 414 } 415 416 /* we can queue without the key lock here, as the 417 * key isn't observable yet 418 */ 419 mctp_frag_queue(key, skb); 420 421 /* if the key_add fails, we've raced with another 422 * SOM packet with the same src, dest and tag. There's 423 * no way to distinguish future packets, so all we 424 * can do is drop; we'll free the skb on exit from 425 * this function. 426 */ 427 rc = mctp_key_add(key, msk); 428 if (!rc) 429 trace_mctp_key_acquire(key); 430 431 /* we don't need to release key->lock on exit, so 432 * clean up here and suppress the unlock via 433 * setting to NULL 434 */ 435 mctp_key_unref(key); 436 key = NULL; 437 438 } else { 439 if (key->reasm_head || key->reasm_dead) { 440 /* duplicate start? drop everything */ 441 __mctp_key_done_in(key, net, f, 442 MCTP_TRACE_KEY_INVALIDATED); 443 rc = -EEXIST; 444 key = NULL; 445 } else { 446 rc = mctp_frag_queue(key, skb); 447 } 448 } 449 450 } else if (key) { 451 /* this packet continues a previous message; reassemble 452 * using the message-specific key 453 */ 454 455 /* we need to be continuing an existing reassembly... */ 456 if (!key->reasm_head) 457 rc = -EINVAL; 458 else 459 rc = mctp_frag_queue(key, skb); 460 461 /* end of message? deliver to socket, and we're done with 462 * the reassembly/response key 463 */ 464 if (!rc && flags & MCTP_HDR_FLAG_EOM) { 465 sock_queue_rcv_skb(key->sk, key->reasm_head); 466 key->reasm_head = NULL; 467 __mctp_key_done_in(key, net, f, MCTP_TRACE_KEY_REPLIED); 468 key = NULL; 469 } 470 471 } else { 472 /* not a start, no matching key */ 473 rc = -ENOENT; 474 } 475 476 out_unlock: 477 rcu_read_unlock(); 478 if (key) { 479 spin_unlock_irqrestore(&key->lock, f); 480 mctp_key_unref(key); 481 } 482 if (any_key) 483 mctp_key_unref(any_key); 484 out: 485 if (rc) 486 kfree_skb(skb); 487 return rc; 488 } 489 490 static unsigned int mctp_route_mtu(struct mctp_route *rt) 491 { 492 return rt->mtu ?: READ_ONCE(rt->dev->dev->mtu); 493 } 494 495 static int mctp_route_output(struct mctp_route *route, struct sk_buff *skb) 496 { 497 struct mctp_skb_cb *cb = mctp_cb(skb); 498 struct mctp_hdr *hdr = mctp_hdr(skb); 499 char daddr_buf[MAX_ADDR_LEN]; 500 char *daddr = NULL; 501 unsigned int mtu; 502 int rc; 503 504 skb->protocol = htons(ETH_P_MCTP); 505 506 mtu = READ_ONCE(skb->dev->mtu); 507 if (skb->len > mtu) { 508 kfree_skb(skb); 509 return -EMSGSIZE; 510 } 511 512 if (cb->ifindex) { 513 /* direct route; use the hwaddr we stashed in sendmsg */ 514 if (cb->halen != skb->dev->addr_len) { 515 /* sanity check, sendmsg should have already caught this */ 516 kfree_skb(skb); 517 return -EMSGSIZE; 518 } 519 daddr = cb->haddr; 520 } else { 521 /* If lookup fails let the device handle daddr==NULL */ 522 if (mctp_neigh_lookup(route->dev, hdr->dest, daddr_buf) == 0) 523 daddr = daddr_buf; 524 } 525 526 rc = dev_hard_header(skb, skb->dev, ntohs(skb->protocol), 527 daddr, skb->dev->dev_addr, skb->len); 528 if (rc < 0) { 529 kfree_skb(skb); 530 return -EHOSTUNREACH; 531 } 532 533 mctp_flow_prepare_output(skb, route->dev); 534 535 rc = dev_queue_xmit(skb); 536 if (rc) 537 rc = net_xmit_errno(rc); 538 539 return rc; 540 } 541 542 /* route alloc/release */ 543 static void mctp_route_release(struct mctp_route *rt) 544 { 545 if (refcount_dec_and_test(&rt->refs)) { 546 mctp_dev_put(rt->dev); 547 kfree_rcu(rt, rcu); 548 } 549 } 550 551 /* returns a route with the refcount at 1 */ 552 static struct mctp_route *mctp_route_alloc(void) 553 { 554 struct mctp_route *rt; 555 556 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 557 if (!rt) 558 return NULL; 559 560 INIT_LIST_HEAD(&rt->list); 561 refcount_set(&rt->refs, 1); 562 rt->output = mctp_route_discard; 563 564 return rt; 565 } 566 567 unsigned int mctp_default_net(struct net *net) 568 { 569 return READ_ONCE(net->mctp.default_net); 570 } 571 572 int mctp_default_net_set(struct net *net, unsigned int index) 573 { 574 if (index == 0) 575 return -EINVAL; 576 WRITE_ONCE(net->mctp.default_net, index); 577 return 0; 578 } 579 580 /* tag management */ 581 static void mctp_reserve_tag(struct net *net, struct mctp_sk_key *key, 582 struct mctp_sock *msk) 583 { 584 struct netns_mctp *mns = &net->mctp; 585 586 lockdep_assert_held(&mns->keys_lock); 587 588 key->expiry = jiffies + mctp_key_lifetime; 589 timer_reduce(&msk->key_expiry, key->expiry); 590 591 /* we hold the net->key_lock here, allowing updates to both 592 * then net and sk 593 */ 594 hlist_add_head_rcu(&key->hlist, &mns->keys); 595 hlist_add_head_rcu(&key->sklist, &msk->keys); 596 refcount_inc(&key->refs); 597 } 598 599 /* Allocate a locally-owned tag value for (saddr, daddr), and reserve 600 * it for the socket msk 601 */ 602 struct mctp_sk_key *mctp_alloc_local_tag(struct mctp_sock *msk, 603 mctp_eid_t daddr, mctp_eid_t saddr, 604 bool manual, u8 *tagp) 605 { 606 struct net *net = sock_net(&msk->sk); 607 struct netns_mctp *mns = &net->mctp; 608 struct mctp_sk_key *key, *tmp; 609 unsigned long flags; 610 u8 tagbits; 611 612 /* for NULL destination EIDs, we may get a response from any peer */ 613 if (daddr == MCTP_ADDR_NULL) 614 daddr = MCTP_ADDR_ANY; 615 616 /* be optimistic, alloc now */ 617 key = mctp_key_alloc(msk, saddr, daddr, 0, GFP_KERNEL); 618 if (!key) 619 return ERR_PTR(-ENOMEM); 620 621 /* 8 possible tag values */ 622 tagbits = 0xff; 623 624 spin_lock_irqsave(&mns->keys_lock, flags); 625 626 /* Walk through the existing keys, looking for potential conflicting 627 * tags. If we find a conflict, clear that bit from tagbits 628 */ 629 hlist_for_each_entry(tmp, &mns->keys, hlist) { 630 /* We can check the lookup fields (*_addr, tag) without the 631 * lock held, they don't change over the lifetime of the key. 632 */ 633 634 /* if we don't own the tag, it can't conflict */ 635 if (tmp->tag & MCTP_HDR_FLAG_TO) 636 continue; 637 638 if (!(mctp_address_matches(tmp->peer_addr, daddr) && 639 mctp_address_matches(tmp->local_addr, saddr))) 640 continue; 641 642 spin_lock(&tmp->lock); 643 /* key must still be valid. If we find a match, clear the 644 * potential tag value 645 */ 646 if (tmp->valid) 647 tagbits &= ~(1 << tmp->tag); 648 spin_unlock(&tmp->lock); 649 650 if (!tagbits) 651 break; 652 } 653 654 if (tagbits) { 655 key->tag = __ffs(tagbits); 656 mctp_reserve_tag(net, key, msk); 657 trace_mctp_key_acquire(key); 658 659 key->manual_alloc = manual; 660 *tagp = key->tag; 661 } 662 663 spin_unlock_irqrestore(&mns->keys_lock, flags); 664 665 if (!tagbits) { 666 mctp_key_unref(key); 667 return ERR_PTR(-EBUSY); 668 } 669 670 return key; 671 } 672 673 static struct mctp_sk_key *mctp_lookup_prealloc_tag(struct mctp_sock *msk, 674 mctp_eid_t daddr, 675 u8 req_tag, u8 *tagp) 676 { 677 struct net *net = sock_net(&msk->sk); 678 struct netns_mctp *mns = &net->mctp; 679 struct mctp_sk_key *key, *tmp; 680 unsigned long flags; 681 682 req_tag &= ~(MCTP_TAG_PREALLOC | MCTP_TAG_OWNER); 683 key = NULL; 684 685 spin_lock_irqsave(&mns->keys_lock, flags); 686 687 hlist_for_each_entry(tmp, &mns->keys, hlist) { 688 if (tmp->tag != req_tag) 689 continue; 690 691 if (!mctp_address_matches(tmp->peer_addr, daddr)) 692 continue; 693 694 if (!tmp->manual_alloc) 695 continue; 696 697 spin_lock(&tmp->lock); 698 if (tmp->valid) { 699 key = tmp; 700 refcount_inc(&key->refs); 701 spin_unlock(&tmp->lock); 702 break; 703 } 704 spin_unlock(&tmp->lock); 705 } 706 spin_unlock_irqrestore(&mns->keys_lock, flags); 707 708 if (!key) 709 return ERR_PTR(-ENOENT); 710 711 if (tagp) 712 *tagp = key->tag; 713 714 return key; 715 } 716 717 /* routing lookups */ 718 static bool mctp_rt_match_eid(struct mctp_route *rt, 719 unsigned int net, mctp_eid_t eid) 720 { 721 return READ_ONCE(rt->dev->net) == net && 722 rt->min <= eid && rt->max >= eid; 723 } 724 725 /* compares match, used for duplicate prevention */ 726 static bool mctp_rt_compare_exact(struct mctp_route *rt1, 727 struct mctp_route *rt2) 728 { 729 ASSERT_RTNL(); 730 return rt1->dev->net == rt2->dev->net && 731 rt1->min == rt2->min && 732 rt1->max == rt2->max; 733 } 734 735 struct mctp_route *mctp_route_lookup(struct net *net, unsigned int dnet, 736 mctp_eid_t daddr) 737 { 738 struct mctp_route *tmp, *rt = NULL; 739 740 rcu_read_lock(); 741 742 list_for_each_entry_rcu(tmp, &net->mctp.routes, list) { 743 /* TODO: add metrics */ 744 if (mctp_rt_match_eid(tmp, dnet, daddr)) { 745 if (refcount_inc_not_zero(&tmp->refs)) { 746 rt = tmp; 747 break; 748 } 749 } 750 } 751 752 rcu_read_unlock(); 753 754 return rt; 755 } 756 757 static struct mctp_route *mctp_route_lookup_null(struct net *net, 758 struct net_device *dev) 759 { 760 struct mctp_route *tmp, *rt = NULL; 761 762 rcu_read_lock(); 763 764 list_for_each_entry_rcu(tmp, &net->mctp.routes, list) { 765 if (tmp->dev->dev == dev && tmp->type == RTN_LOCAL && 766 refcount_inc_not_zero(&tmp->refs)) { 767 rt = tmp; 768 break; 769 } 770 } 771 772 rcu_read_unlock(); 773 774 return rt; 775 } 776 777 static int mctp_do_fragment_route(struct mctp_route *rt, struct sk_buff *skb, 778 unsigned int mtu, u8 tag) 779 { 780 const unsigned int hlen = sizeof(struct mctp_hdr); 781 struct mctp_hdr *hdr, *hdr2; 782 unsigned int pos, size, headroom; 783 struct sk_buff *skb2; 784 int rc; 785 u8 seq; 786 787 hdr = mctp_hdr(skb); 788 seq = 0; 789 rc = 0; 790 791 if (mtu < hlen + 1) { 792 kfree_skb(skb); 793 return -EMSGSIZE; 794 } 795 796 /* keep same headroom as the original skb */ 797 headroom = skb_headroom(skb); 798 799 /* we've got the header */ 800 skb_pull(skb, hlen); 801 802 for (pos = 0; pos < skb->len;) { 803 /* size of message payload */ 804 size = min(mtu - hlen, skb->len - pos); 805 806 skb2 = alloc_skb(headroom + hlen + size, GFP_KERNEL); 807 if (!skb2) { 808 rc = -ENOMEM; 809 break; 810 } 811 812 /* generic skb copy */ 813 skb2->protocol = skb->protocol; 814 skb2->priority = skb->priority; 815 skb2->dev = skb->dev; 816 memcpy(skb2->cb, skb->cb, sizeof(skb2->cb)); 817 818 if (skb->sk) 819 skb_set_owner_w(skb2, skb->sk); 820 821 /* establish packet */ 822 skb_reserve(skb2, headroom); 823 skb_reset_network_header(skb2); 824 skb_put(skb2, hlen + size); 825 skb2->transport_header = skb2->network_header + hlen; 826 827 /* copy header fields, calculate SOM/EOM flags & seq */ 828 hdr2 = mctp_hdr(skb2); 829 hdr2->ver = hdr->ver; 830 hdr2->dest = hdr->dest; 831 hdr2->src = hdr->src; 832 hdr2->flags_seq_tag = tag & 833 (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO); 834 835 if (pos == 0) 836 hdr2->flags_seq_tag |= MCTP_HDR_FLAG_SOM; 837 838 if (pos + size == skb->len) 839 hdr2->flags_seq_tag |= MCTP_HDR_FLAG_EOM; 840 841 hdr2->flags_seq_tag |= seq << MCTP_HDR_SEQ_SHIFT; 842 843 /* copy message payload */ 844 skb_copy_bits(skb, pos, skb_transport_header(skb2), size); 845 846 /* we need to copy the extensions, for MCTP flow data */ 847 skb_ext_copy(skb2, skb); 848 849 /* do route */ 850 rc = rt->output(rt, skb2); 851 if (rc) 852 break; 853 854 seq = (seq + 1) & MCTP_HDR_SEQ_MASK; 855 pos += size; 856 } 857 858 consume_skb(skb); 859 return rc; 860 } 861 862 int mctp_local_output(struct sock *sk, struct mctp_route *rt, 863 struct sk_buff *skb, mctp_eid_t daddr, u8 req_tag) 864 { 865 struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk); 866 struct mctp_skb_cb *cb = mctp_cb(skb); 867 struct mctp_route tmp_rt = {0}; 868 struct mctp_sk_key *key; 869 struct mctp_hdr *hdr; 870 unsigned long flags; 871 unsigned int mtu; 872 mctp_eid_t saddr; 873 bool ext_rt; 874 int rc; 875 u8 tag; 876 877 rc = -ENODEV; 878 879 if (rt) { 880 ext_rt = false; 881 if (WARN_ON(!rt->dev)) 882 goto out_release; 883 884 } else if (cb->ifindex) { 885 struct net_device *dev; 886 887 ext_rt = true; 888 rt = &tmp_rt; 889 890 rcu_read_lock(); 891 dev = dev_get_by_index_rcu(sock_net(sk), cb->ifindex); 892 if (!dev) { 893 rcu_read_unlock(); 894 goto out_free; 895 } 896 rt->dev = __mctp_dev_get(dev); 897 rcu_read_unlock(); 898 899 if (!rt->dev) 900 goto out_release; 901 902 /* establish temporary route - we set up enough to keep 903 * mctp_route_output happy 904 */ 905 rt->output = mctp_route_output; 906 rt->mtu = 0; 907 908 } else { 909 rc = -EINVAL; 910 goto out_free; 911 } 912 913 spin_lock_irqsave(&rt->dev->addrs_lock, flags); 914 if (rt->dev->num_addrs == 0) { 915 rc = -EHOSTUNREACH; 916 } else { 917 /* use the outbound interface's first address as our source */ 918 saddr = rt->dev->addrs[0]; 919 rc = 0; 920 } 921 spin_unlock_irqrestore(&rt->dev->addrs_lock, flags); 922 923 if (rc) 924 goto out_release; 925 926 if (req_tag & MCTP_TAG_OWNER) { 927 if (req_tag & MCTP_TAG_PREALLOC) 928 key = mctp_lookup_prealloc_tag(msk, daddr, 929 req_tag, &tag); 930 else 931 key = mctp_alloc_local_tag(msk, daddr, saddr, 932 false, &tag); 933 934 if (IS_ERR(key)) { 935 rc = PTR_ERR(key); 936 goto out_release; 937 } 938 mctp_skb_set_flow(skb, key); 939 /* done with the key in this scope */ 940 mctp_key_unref(key); 941 tag |= MCTP_HDR_FLAG_TO; 942 } else { 943 key = NULL; 944 tag = req_tag & MCTP_TAG_MASK; 945 } 946 947 skb->protocol = htons(ETH_P_MCTP); 948 skb->priority = 0; 949 skb_reset_transport_header(skb); 950 skb_push(skb, sizeof(struct mctp_hdr)); 951 skb_reset_network_header(skb); 952 skb->dev = rt->dev->dev; 953 954 /* cb->net will have been set on initial ingress */ 955 cb->src = saddr; 956 957 /* set up common header fields */ 958 hdr = mctp_hdr(skb); 959 hdr->ver = 1; 960 hdr->dest = daddr; 961 hdr->src = saddr; 962 963 mtu = mctp_route_mtu(rt); 964 965 if (skb->len + sizeof(struct mctp_hdr) <= mtu) { 966 hdr->flags_seq_tag = MCTP_HDR_FLAG_SOM | 967 MCTP_HDR_FLAG_EOM | tag; 968 rc = rt->output(rt, skb); 969 } else { 970 rc = mctp_do_fragment_route(rt, skb, mtu, tag); 971 } 972 973 /* route output functions consume the skb, even on error */ 974 skb = NULL; 975 976 out_release: 977 if (!ext_rt) 978 mctp_route_release(rt); 979 980 mctp_dev_put(tmp_rt.dev); 981 982 out_free: 983 kfree_skb(skb); 984 return rc; 985 } 986 987 /* route management */ 988 static int mctp_route_add(struct mctp_dev *mdev, mctp_eid_t daddr_start, 989 unsigned int daddr_extent, unsigned int mtu, 990 unsigned char type) 991 { 992 int (*rtfn)(struct mctp_route *rt, struct sk_buff *skb); 993 struct net *net = dev_net(mdev->dev); 994 struct mctp_route *rt, *ert; 995 996 if (!mctp_address_unicast(daddr_start)) 997 return -EINVAL; 998 999 if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255) 1000 return -EINVAL; 1001 1002 switch (type) { 1003 case RTN_LOCAL: 1004 rtfn = mctp_route_input; 1005 break; 1006 case RTN_UNICAST: 1007 rtfn = mctp_route_output; 1008 break; 1009 default: 1010 return -EINVAL; 1011 } 1012 1013 rt = mctp_route_alloc(); 1014 if (!rt) 1015 return -ENOMEM; 1016 1017 rt->min = daddr_start; 1018 rt->max = daddr_start + daddr_extent; 1019 rt->mtu = mtu; 1020 rt->dev = mdev; 1021 mctp_dev_hold(rt->dev); 1022 rt->type = type; 1023 rt->output = rtfn; 1024 1025 ASSERT_RTNL(); 1026 /* Prevent duplicate identical routes. */ 1027 list_for_each_entry(ert, &net->mctp.routes, list) { 1028 if (mctp_rt_compare_exact(rt, ert)) { 1029 mctp_route_release(rt); 1030 return -EEXIST; 1031 } 1032 } 1033 1034 list_add_rcu(&rt->list, &net->mctp.routes); 1035 1036 return 0; 1037 } 1038 1039 static int mctp_route_remove(struct mctp_dev *mdev, mctp_eid_t daddr_start, 1040 unsigned int daddr_extent, unsigned char type) 1041 { 1042 struct net *net = dev_net(mdev->dev); 1043 struct mctp_route *rt, *tmp; 1044 mctp_eid_t daddr_end; 1045 bool dropped; 1046 1047 if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255) 1048 return -EINVAL; 1049 1050 daddr_end = daddr_start + daddr_extent; 1051 dropped = false; 1052 1053 ASSERT_RTNL(); 1054 1055 list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) { 1056 if (rt->dev == mdev && 1057 rt->min == daddr_start && rt->max == daddr_end && 1058 rt->type == type) { 1059 list_del_rcu(&rt->list); 1060 /* TODO: immediate RTM_DELROUTE */ 1061 mctp_route_release(rt); 1062 dropped = true; 1063 } 1064 } 1065 1066 return dropped ? 0 : -ENOENT; 1067 } 1068 1069 int mctp_route_add_local(struct mctp_dev *mdev, mctp_eid_t addr) 1070 { 1071 return mctp_route_add(mdev, addr, 0, 0, RTN_LOCAL); 1072 } 1073 1074 int mctp_route_remove_local(struct mctp_dev *mdev, mctp_eid_t addr) 1075 { 1076 return mctp_route_remove(mdev, addr, 0, RTN_LOCAL); 1077 } 1078 1079 /* removes all entries for a given device */ 1080 void mctp_route_remove_dev(struct mctp_dev *mdev) 1081 { 1082 struct net *net = dev_net(mdev->dev); 1083 struct mctp_route *rt, *tmp; 1084 1085 ASSERT_RTNL(); 1086 list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) { 1087 if (rt->dev == mdev) { 1088 list_del_rcu(&rt->list); 1089 /* TODO: immediate RTM_DELROUTE */ 1090 mctp_route_release(rt); 1091 } 1092 } 1093 } 1094 1095 /* Incoming packet-handling */ 1096 1097 static int mctp_pkttype_receive(struct sk_buff *skb, struct net_device *dev, 1098 struct packet_type *pt, 1099 struct net_device *orig_dev) 1100 { 1101 struct net *net = dev_net(dev); 1102 struct mctp_dev *mdev; 1103 struct mctp_skb_cb *cb; 1104 struct mctp_route *rt; 1105 struct mctp_hdr *mh; 1106 1107 rcu_read_lock(); 1108 mdev = __mctp_dev_get(dev); 1109 rcu_read_unlock(); 1110 if (!mdev) { 1111 /* basic non-data sanity checks */ 1112 goto err_drop; 1113 } 1114 1115 if (!pskb_may_pull(skb, sizeof(struct mctp_hdr))) 1116 goto err_drop; 1117 1118 skb_reset_transport_header(skb); 1119 skb_reset_network_header(skb); 1120 1121 /* We have enough for a header; decode and route */ 1122 mh = mctp_hdr(skb); 1123 if (mh->ver < MCTP_VER_MIN || mh->ver > MCTP_VER_MAX) 1124 goto err_drop; 1125 1126 /* source must be valid unicast or null; drop reserved ranges and 1127 * broadcast 1128 */ 1129 if (!(mctp_address_unicast(mh->src) || mctp_address_null(mh->src))) 1130 goto err_drop; 1131 1132 /* dest address: as above, but allow broadcast */ 1133 if (!(mctp_address_unicast(mh->dest) || mctp_address_null(mh->dest) || 1134 mctp_address_broadcast(mh->dest))) 1135 goto err_drop; 1136 1137 /* MCTP drivers must populate halen/haddr */ 1138 if (dev->type == ARPHRD_MCTP) { 1139 cb = mctp_cb(skb); 1140 } else { 1141 cb = __mctp_cb(skb); 1142 cb->halen = 0; 1143 } 1144 cb->net = READ_ONCE(mdev->net); 1145 cb->ifindex = dev->ifindex; 1146 1147 rt = mctp_route_lookup(net, cb->net, mh->dest); 1148 1149 /* NULL EID, but addressed to our physical address */ 1150 if (!rt && mh->dest == MCTP_ADDR_NULL && skb->pkt_type == PACKET_HOST) 1151 rt = mctp_route_lookup_null(net, dev); 1152 1153 if (!rt) 1154 goto err_drop; 1155 1156 rt->output(rt, skb); 1157 mctp_route_release(rt); 1158 mctp_dev_put(mdev); 1159 1160 return NET_RX_SUCCESS; 1161 1162 err_drop: 1163 kfree_skb(skb); 1164 mctp_dev_put(mdev); 1165 return NET_RX_DROP; 1166 } 1167 1168 static struct packet_type mctp_packet_type = { 1169 .type = cpu_to_be16(ETH_P_MCTP), 1170 .func = mctp_pkttype_receive, 1171 }; 1172 1173 /* netlink interface */ 1174 1175 static const struct nla_policy rta_mctp_policy[RTA_MAX + 1] = { 1176 [RTA_DST] = { .type = NLA_U8 }, 1177 [RTA_METRICS] = { .type = NLA_NESTED }, 1178 [RTA_OIF] = { .type = NLA_U32 }, 1179 }; 1180 1181 /* Common part for RTM_NEWROUTE and RTM_DELROUTE parsing. 1182 * tb must hold RTA_MAX+1 elements. 1183 */ 1184 static int mctp_route_nlparse(struct sk_buff *skb, struct nlmsghdr *nlh, 1185 struct netlink_ext_ack *extack, 1186 struct nlattr **tb, struct rtmsg **rtm, 1187 struct mctp_dev **mdev, mctp_eid_t *daddr_start) 1188 { 1189 struct net *net = sock_net(skb->sk); 1190 struct net_device *dev; 1191 unsigned int ifindex; 1192 int rc; 1193 1194 rc = nlmsg_parse(nlh, sizeof(struct rtmsg), tb, RTA_MAX, 1195 rta_mctp_policy, extack); 1196 if (rc < 0) { 1197 NL_SET_ERR_MSG(extack, "incorrect format"); 1198 return rc; 1199 } 1200 1201 if (!tb[RTA_DST]) { 1202 NL_SET_ERR_MSG(extack, "dst EID missing"); 1203 return -EINVAL; 1204 } 1205 *daddr_start = nla_get_u8(tb[RTA_DST]); 1206 1207 if (!tb[RTA_OIF]) { 1208 NL_SET_ERR_MSG(extack, "ifindex missing"); 1209 return -EINVAL; 1210 } 1211 ifindex = nla_get_u32(tb[RTA_OIF]); 1212 1213 *rtm = nlmsg_data(nlh); 1214 if ((*rtm)->rtm_family != AF_MCTP) { 1215 NL_SET_ERR_MSG(extack, "route family must be AF_MCTP"); 1216 return -EINVAL; 1217 } 1218 1219 dev = __dev_get_by_index(net, ifindex); 1220 if (!dev) { 1221 NL_SET_ERR_MSG(extack, "bad ifindex"); 1222 return -ENODEV; 1223 } 1224 *mdev = mctp_dev_get_rtnl(dev); 1225 if (!*mdev) 1226 return -ENODEV; 1227 1228 if (dev->flags & IFF_LOOPBACK) { 1229 NL_SET_ERR_MSG(extack, "no routes to loopback"); 1230 return -EINVAL; 1231 } 1232 1233 return 0; 1234 } 1235 1236 static const struct nla_policy rta_metrics_policy[RTAX_MAX + 1] = { 1237 [RTAX_MTU] = { .type = NLA_U32 }, 1238 }; 1239 1240 static int mctp_newroute(struct sk_buff *skb, struct nlmsghdr *nlh, 1241 struct netlink_ext_ack *extack) 1242 { 1243 struct nlattr *tb[RTA_MAX + 1]; 1244 struct nlattr *tbx[RTAX_MAX + 1]; 1245 mctp_eid_t daddr_start; 1246 struct mctp_dev *mdev; 1247 struct rtmsg *rtm; 1248 unsigned int mtu; 1249 int rc; 1250 1251 rc = mctp_route_nlparse(skb, nlh, extack, tb, 1252 &rtm, &mdev, &daddr_start); 1253 if (rc < 0) 1254 return rc; 1255 1256 if (rtm->rtm_type != RTN_UNICAST) { 1257 NL_SET_ERR_MSG(extack, "rtm_type must be RTN_UNICAST"); 1258 return -EINVAL; 1259 } 1260 1261 mtu = 0; 1262 if (tb[RTA_METRICS]) { 1263 rc = nla_parse_nested(tbx, RTAX_MAX, tb[RTA_METRICS], 1264 rta_metrics_policy, NULL); 1265 if (rc < 0) 1266 return rc; 1267 if (tbx[RTAX_MTU]) 1268 mtu = nla_get_u32(tbx[RTAX_MTU]); 1269 } 1270 1271 rc = mctp_route_add(mdev, daddr_start, rtm->rtm_dst_len, mtu, 1272 rtm->rtm_type); 1273 return rc; 1274 } 1275 1276 static int mctp_delroute(struct sk_buff *skb, struct nlmsghdr *nlh, 1277 struct netlink_ext_ack *extack) 1278 { 1279 struct nlattr *tb[RTA_MAX + 1]; 1280 mctp_eid_t daddr_start; 1281 struct mctp_dev *mdev; 1282 struct rtmsg *rtm; 1283 int rc; 1284 1285 rc = mctp_route_nlparse(skb, nlh, extack, tb, 1286 &rtm, &mdev, &daddr_start); 1287 if (rc < 0) 1288 return rc; 1289 1290 /* we only have unicast routes */ 1291 if (rtm->rtm_type != RTN_UNICAST) 1292 return -EINVAL; 1293 1294 rc = mctp_route_remove(mdev, daddr_start, rtm->rtm_dst_len, RTN_UNICAST); 1295 return rc; 1296 } 1297 1298 static int mctp_fill_rtinfo(struct sk_buff *skb, struct mctp_route *rt, 1299 u32 portid, u32 seq, int event, unsigned int flags) 1300 { 1301 struct nlmsghdr *nlh; 1302 struct rtmsg *hdr; 1303 void *metrics; 1304 1305 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*hdr), flags); 1306 if (!nlh) 1307 return -EMSGSIZE; 1308 1309 hdr = nlmsg_data(nlh); 1310 hdr->rtm_family = AF_MCTP; 1311 1312 /* we use the _len fields as a number of EIDs, rather than 1313 * a number of bits in the address 1314 */ 1315 hdr->rtm_dst_len = rt->max - rt->min; 1316 hdr->rtm_src_len = 0; 1317 hdr->rtm_tos = 0; 1318 hdr->rtm_table = RT_TABLE_DEFAULT; 1319 hdr->rtm_protocol = RTPROT_STATIC; /* everything is user-defined */ 1320 hdr->rtm_scope = RT_SCOPE_LINK; /* TODO: scope in mctp_route? */ 1321 hdr->rtm_type = rt->type; 1322 1323 if (nla_put_u8(skb, RTA_DST, rt->min)) 1324 goto cancel; 1325 1326 metrics = nla_nest_start_noflag(skb, RTA_METRICS); 1327 if (!metrics) 1328 goto cancel; 1329 1330 if (rt->mtu) { 1331 if (nla_put_u32(skb, RTAX_MTU, rt->mtu)) 1332 goto cancel; 1333 } 1334 1335 nla_nest_end(skb, metrics); 1336 1337 if (rt->dev) { 1338 if (nla_put_u32(skb, RTA_OIF, rt->dev->dev->ifindex)) 1339 goto cancel; 1340 } 1341 1342 /* TODO: conditional neighbour physaddr? */ 1343 1344 nlmsg_end(skb, nlh); 1345 1346 return 0; 1347 1348 cancel: 1349 nlmsg_cancel(skb, nlh); 1350 return -EMSGSIZE; 1351 } 1352 1353 static int mctp_dump_rtinfo(struct sk_buff *skb, struct netlink_callback *cb) 1354 { 1355 struct net *net = sock_net(skb->sk); 1356 struct mctp_route *rt; 1357 int s_idx, idx; 1358 1359 /* TODO: allow filtering on route data, possibly under 1360 * cb->strict_check 1361 */ 1362 1363 /* TODO: change to struct overlay */ 1364 s_idx = cb->args[0]; 1365 idx = 0; 1366 1367 rcu_read_lock(); 1368 list_for_each_entry_rcu(rt, &net->mctp.routes, list) { 1369 if (idx++ < s_idx) 1370 continue; 1371 if (mctp_fill_rtinfo(skb, rt, 1372 NETLINK_CB(cb->skb).portid, 1373 cb->nlh->nlmsg_seq, 1374 RTM_NEWROUTE, NLM_F_MULTI) < 0) 1375 break; 1376 } 1377 1378 rcu_read_unlock(); 1379 cb->args[0] = idx; 1380 1381 return skb->len; 1382 } 1383 1384 /* net namespace implementation */ 1385 static int __net_init mctp_routes_net_init(struct net *net) 1386 { 1387 struct netns_mctp *ns = &net->mctp; 1388 1389 INIT_LIST_HEAD(&ns->routes); 1390 INIT_HLIST_HEAD(&ns->binds); 1391 mutex_init(&ns->bind_lock); 1392 INIT_HLIST_HEAD(&ns->keys); 1393 spin_lock_init(&ns->keys_lock); 1394 WARN_ON(mctp_default_net_set(net, MCTP_INITIAL_DEFAULT_NET)); 1395 return 0; 1396 } 1397 1398 static void __net_exit mctp_routes_net_exit(struct net *net) 1399 { 1400 struct mctp_route *rt; 1401 1402 rcu_read_lock(); 1403 list_for_each_entry_rcu(rt, &net->mctp.routes, list) 1404 mctp_route_release(rt); 1405 rcu_read_unlock(); 1406 } 1407 1408 static struct pernet_operations mctp_net_ops = { 1409 .init = mctp_routes_net_init, 1410 .exit = mctp_routes_net_exit, 1411 }; 1412 1413 static const struct rtnl_msg_handler mctp_route_rtnl_msg_handlers[] = { 1414 {THIS_MODULE, PF_MCTP, RTM_NEWROUTE, mctp_newroute, NULL, 0}, 1415 {THIS_MODULE, PF_MCTP, RTM_DELROUTE, mctp_delroute, NULL, 0}, 1416 {THIS_MODULE, PF_MCTP, RTM_GETROUTE, NULL, mctp_dump_rtinfo, 0}, 1417 }; 1418 1419 int __init mctp_routes_init(void) 1420 { 1421 int err; 1422 1423 dev_add_pack(&mctp_packet_type); 1424 1425 err = register_pernet_subsys(&mctp_net_ops); 1426 if (err) 1427 goto err_pernet; 1428 1429 err = rtnl_register_many(mctp_route_rtnl_msg_handlers); 1430 if (err) 1431 goto err_rtnl; 1432 1433 return 0; 1434 1435 err_rtnl: 1436 unregister_pernet_subsys(&mctp_net_ops); 1437 err_pernet: 1438 dev_remove_pack(&mctp_packet_type); 1439 return err; 1440 } 1441 1442 void mctp_routes_exit(void) 1443 { 1444 rtnl_unregister_many(mctp_route_rtnl_msg_handlers); 1445 unregister_pernet_subsys(&mctp_net_ops); 1446 dev_remove_pack(&mctp_packet_type); 1447 } 1448 1449 #if IS_ENABLED(CONFIG_MCTP_TEST) 1450 #include "test/route-test.c" 1451 #endif 1452