1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Management Component Transport Protocol (MCTP) - routing 4 * implementation. 5 * 6 * This is currently based on a simple routing table, with no dst cache. The 7 * number of routes should stay fairly small, so the lookup cost is small. 8 * 9 * Copyright (c) 2021 Code Construct 10 * Copyright (c) 2021 Google 11 */ 12 13 #include <linux/idr.h> 14 #include <linux/kconfig.h> 15 #include <linux/mctp.h> 16 #include <linux/netdevice.h> 17 #include <linux/rtnetlink.h> 18 #include <linux/skbuff.h> 19 20 #include <uapi/linux/if_arp.h> 21 22 #include <net/mctp.h> 23 #include <net/mctpdevice.h> 24 #include <net/netlink.h> 25 #include <net/sock.h> 26 27 #include <trace/events/mctp.h> 28 29 static const unsigned int mctp_message_maxlen = 64 * 1024; 30 static const unsigned long mctp_key_lifetime = 6 * CONFIG_HZ; 31 32 /* route output callbacks */ 33 static int mctp_route_discard(struct mctp_route *route, struct sk_buff *skb) 34 { 35 kfree_skb(skb); 36 return 0; 37 } 38 39 static struct mctp_sock *mctp_lookup_bind(struct net *net, struct sk_buff *skb) 40 { 41 struct mctp_skb_cb *cb = mctp_cb(skb); 42 struct mctp_hdr *mh; 43 struct sock *sk; 44 u8 type; 45 46 WARN_ON(!rcu_read_lock_held()); 47 48 /* TODO: look up in skb->cb? */ 49 mh = mctp_hdr(skb); 50 51 if (!skb_headlen(skb)) 52 return NULL; 53 54 type = (*(u8 *)skb->data) & 0x7f; 55 56 sk_for_each_rcu(sk, &net->mctp.binds) { 57 struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk); 58 59 if (msk->bind_net != MCTP_NET_ANY && msk->bind_net != cb->net) 60 continue; 61 62 if (msk->bind_type != type) 63 continue; 64 65 if (msk->bind_addr != MCTP_ADDR_ANY && 66 msk->bind_addr != mh->dest) 67 continue; 68 69 return msk; 70 } 71 72 return NULL; 73 } 74 75 static bool mctp_key_match(struct mctp_sk_key *key, mctp_eid_t local, 76 mctp_eid_t peer, u8 tag) 77 { 78 if (key->local_addr != local) 79 return false; 80 81 if (key->peer_addr != peer) 82 return false; 83 84 if (key->tag != tag) 85 return false; 86 87 return true; 88 } 89 90 /* returns a key (with key->lock held, and refcounted), or NULL if no such 91 * key exists. 92 */ 93 static struct mctp_sk_key *mctp_lookup_key(struct net *net, struct sk_buff *skb, 94 mctp_eid_t peer, 95 unsigned long *irqflags) 96 __acquires(&key->lock) 97 { 98 struct mctp_sk_key *key, *ret; 99 unsigned long flags; 100 struct mctp_hdr *mh; 101 u8 tag; 102 103 mh = mctp_hdr(skb); 104 tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO); 105 106 ret = NULL; 107 spin_lock_irqsave(&net->mctp.keys_lock, flags); 108 109 hlist_for_each_entry(key, &net->mctp.keys, hlist) { 110 if (!mctp_key_match(key, mh->dest, peer, tag)) 111 continue; 112 113 spin_lock(&key->lock); 114 if (key->valid) { 115 refcount_inc(&key->refs); 116 ret = key; 117 break; 118 } 119 spin_unlock(&key->lock); 120 } 121 122 if (ret) { 123 spin_unlock(&net->mctp.keys_lock); 124 *irqflags = flags; 125 } else { 126 spin_unlock_irqrestore(&net->mctp.keys_lock, flags); 127 } 128 129 return ret; 130 } 131 132 static struct mctp_sk_key *mctp_key_alloc(struct mctp_sock *msk, 133 mctp_eid_t local, mctp_eid_t peer, 134 u8 tag, gfp_t gfp) 135 { 136 struct mctp_sk_key *key; 137 138 key = kzalloc(sizeof(*key), gfp); 139 if (!key) 140 return NULL; 141 142 key->peer_addr = peer; 143 key->local_addr = local; 144 key->tag = tag; 145 key->sk = &msk->sk; 146 key->valid = true; 147 spin_lock_init(&key->lock); 148 refcount_set(&key->refs, 1); 149 150 return key; 151 } 152 153 void mctp_key_unref(struct mctp_sk_key *key) 154 { 155 if (refcount_dec_and_test(&key->refs)) 156 kfree(key); 157 } 158 159 static int mctp_key_add(struct mctp_sk_key *key, struct mctp_sock *msk) 160 { 161 struct net *net = sock_net(&msk->sk); 162 struct mctp_sk_key *tmp; 163 unsigned long flags; 164 int rc = 0; 165 166 spin_lock_irqsave(&net->mctp.keys_lock, flags); 167 168 hlist_for_each_entry(tmp, &net->mctp.keys, hlist) { 169 if (mctp_key_match(tmp, key->local_addr, key->peer_addr, 170 key->tag)) { 171 spin_lock(&tmp->lock); 172 if (tmp->valid) 173 rc = -EEXIST; 174 spin_unlock(&tmp->lock); 175 if (rc) 176 break; 177 } 178 } 179 180 if (!rc) { 181 refcount_inc(&key->refs); 182 key->expiry = jiffies + mctp_key_lifetime; 183 timer_reduce(&msk->key_expiry, key->expiry); 184 185 hlist_add_head(&key->hlist, &net->mctp.keys); 186 hlist_add_head(&key->sklist, &msk->keys); 187 } 188 189 spin_unlock_irqrestore(&net->mctp.keys_lock, flags); 190 191 return rc; 192 } 193 194 /* We're done with the key; unset valid and remove from lists. There may still 195 * be outstanding refs on the key though... 196 */ 197 static void __mctp_key_unlock_drop(struct mctp_sk_key *key, struct net *net, 198 unsigned long flags) 199 __releases(&key->lock) 200 { 201 struct sk_buff *skb; 202 203 skb = key->reasm_head; 204 key->reasm_head = NULL; 205 key->reasm_dead = true; 206 key->valid = false; 207 spin_unlock_irqrestore(&key->lock, flags); 208 209 spin_lock_irqsave(&net->mctp.keys_lock, flags); 210 hlist_del(&key->hlist); 211 hlist_del(&key->sklist); 212 spin_unlock_irqrestore(&net->mctp.keys_lock, flags); 213 214 /* one unref for the lists */ 215 mctp_key_unref(key); 216 217 /* and one for the local reference */ 218 mctp_key_unref(key); 219 220 if (skb) 221 kfree_skb(skb); 222 223 } 224 225 static int mctp_frag_queue(struct mctp_sk_key *key, struct sk_buff *skb) 226 { 227 struct mctp_hdr *hdr = mctp_hdr(skb); 228 u8 exp_seq, this_seq; 229 230 this_seq = (hdr->flags_seq_tag >> MCTP_HDR_SEQ_SHIFT) 231 & MCTP_HDR_SEQ_MASK; 232 233 if (!key->reasm_head) { 234 key->reasm_head = skb; 235 key->reasm_tailp = &(skb_shinfo(skb)->frag_list); 236 key->last_seq = this_seq; 237 return 0; 238 } 239 240 exp_seq = (key->last_seq + 1) & MCTP_HDR_SEQ_MASK; 241 242 if (this_seq != exp_seq) 243 return -EINVAL; 244 245 if (key->reasm_head->len + skb->len > mctp_message_maxlen) 246 return -EINVAL; 247 248 skb->next = NULL; 249 skb->sk = NULL; 250 *key->reasm_tailp = skb; 251 key->reasm_tailp = &skb->next; 252 253 key->last_seq = this_seq; 254 255 key->reasm_head->data_len += skb->len; 256 key->reasm_head->len += skb->len; 257 key->reasm_head->truesize += skb->truesize; 258 259 return 0; 260 } 261 262 static int mctp_route_input(struct mctp_route *route, struct sk_buff *skb) 263 { 264 struct net *net = dev_net(skb->dev); 265 struct mctp_sk_key *key; 266 struct mctp_sock *msk; 267 struct mctp_hdr *mh; 268 unsigned long f; 269 u8 tag, flags; 270 int rc; 271 272 msk = NULL; 273 rc = -EINVAL; 274 275 /* we may be receiving a locally-routed packet; drop source sk 276 * accounting 277 */ 278 skb_orphan(skb); 279 280 /* ensure we have enough data for a header and a type */ 281 if (skb->len < sizeof(struct mctp_hdr) + 1) 282 goto out; 283 284 /* grab header, advance data ptr */ 285 mh = mctp_hdr(skb); 286 skb_pull(skb, sizeof(struct mctp_hdr)); 287 288 if (mh->ver != 1) 289 goto out; 290 291 flags = mh->flags_seq_tag & (MCTP_HDR_FLAG_SOM | MCTP_HDR_FLAG_EOM); 292 tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO); 293 294 rcu_read_lock(); 295 296 /* lookup socket / reasm context, exactly matching (src,dest,tag). 297 * we hold a ref on the key, and key->lock held. 298 */ 299 key = mctp_lookup_key(net, skb, mh->src, &f); 300 301 if (flags & MCTP_HDR_FLAG_SOM) { 302 if (key) { 303 msk = container_of(key->sk, struct mctp_sock, sk); 304 } else { 305 /* first response to a broadcast? do a more general 306 * key lookup to find the socket, but don't use this 307 * key for reassembly - we'll create a more specific 308 * one for future packets if required (ie, !EOM). 309 */ 310 key = mctp_lookup_key(net, skb, MCTP_ADDR_ANY, &f); 311 if (key) { 312 msk = container_of(key->sk, 313 struct mctp_sock, sk); 314 spin_unlock_irqrestore(&key->lock, f); 315 mctp_key_unref(key); 316 key = NULL; 317 } 318 } 319 320 if (!key && !msk && (tag & MCTP_HDR_FLAG_TO)) 321 msk = mctp_lookup_bind(net, skb); 322 323 if (!msk) { 324 rc = -ENOENT; 325 goto out_unlock; 326 } 327 328 /* single-packet message? deliver to socket, clean up any 329 * pending key. 330 */ 331 if (flags & MCTP_HDR_FLAG_EOM) { 332 sock_queue_rcv_skb(&msk->sk, skb); 333 if (key) { 334 /* we've hit a pending reassembly; not much we 335 * can do but drop it 336 */ 337 trace_mctp_key_release(key, 338 MCTP_TRACE_KEY_REPLIED); 339 __mctp_key_unlock_drop(key, net, f); 340 key = NULL; 341 } 342 rc = 0; 343 goto out_unlock; 344 } 345 346 /* broadcast response or a bind() - create a key for further 347 * packets for this message 348 */ 349 if (!key) { 350 key = mctp_key_alloc(msk, mh->dest, mh->src, 351 tag, GFP_ATOMIC); 352 if (!key) { 353 rc = -ENOMEM; 354 goto out_unlock; 355 } 356 357 /* we can queue without the key lock here, as the 358 * key isn't observable yet 359 */ 360 mctp_frag_queue(key, skb); 361 362 /* if the key_add fails, we've raced with another 363 * SOM packet with the same src, dest and tag. There's 364 * no way to distinguish future packets, so all we 365 * can do is drop; we'll free the skb on exit from 366 * this function. 367 */ 368 rc = mctp_key_add(key, msk); 369 if (rc) 370 kfree(key); 371 372 trace_mctp_key_acquire(key); 373 374 /* we don't need to release key->lock on exit */ 375 mctp_key_unref(key); 376 key = NULL; 377 378 } else { 379 if (key->reasm_head || key->reasm_dead) { 380 /* duplicate start? drop everything */ 381 trace_mctp_key_release(key, 382 MCTP_TRACE_KEY_INVALIDATED); 383 __mctp_key_unlock_drop(key, net, f); 384 rc = -EEXIST; 385 key = NULL; 386 } else { 387 rc = mctp_frag_queue(key, skb); 388 } 389 } 390 391 } else if (key) { 392 /* this packet continues a previous message; reassemble 393 * using the message-specific key 394 */ 395 396 /* we need to be continuing an existing reassembly... */ 397 if (!key->reasm_head) 398 rc = -EINVAL; 399 else 400 rc = mctp_frag_queue(key, skb); 401 402 /* end of message? deliver to socket, and we're done with 403 * the reassembly/response key 404 */ 405 if (!rc && flags & MCTP_HDR_FLAG_EOM) { 406 sock_queue_rcv_skb(key->sk, key->reasm_head); 407 key->reasm_head = NULL; 408 trace_mctp_key_release(key, MCTP_TRACE_KEY_REPLIED); 409 __mctp_key_unlock_drop(key, net, f); 410 key = NULL; 411 } 412 413 } else { 414 /* not a start, no matching key */ 415 rc = -ENOENT; 416 } 417 418 out_unlock: 419 rcu_read_unlock(); 420 if (key) { 421 spin_unlock_irqrestore(&key->lock, f); 422 mctp_key_unref(key); 423 } 424 out: 425 if (rc) 426 kfree_skb(skb); 427 return rc; 428 } 429 430 static unsigned int mctp_route_mtu(struct mctp_route *rt) 431 { 432 return rt->mtu ?: READ_ONCE(rt->dev->dev->mtu); 433 } 434 435 static int mctp_route_output(struct mctp_route *route, struct sk_buff *skb) 436 { 437 struct mctp_hdr *hdr = mctp_hdr(skb); 438 char daddr_buf[MAX_ADDR_LEN]; 439 char *daddr = NULL; 440 unsigned int mtu; 441 int rc; 442 443 skb->protocol = htons(ETH_P_MCTP); 444 445 mtu = READ_ONCE(skb->dev->mtu); 446 if (skb->len > mtu) { 447 kfree_skb(skb); 448 return -EMSGSIZE; 449 } 450 451 /* If lookup fails let the device handle daddr==NULL */ 452 if (mctp_neigh_lookup(route->dev, hdr->dest, daddr_buf) == 0) 453 daddr = daddr_buf; 454 455 rc = dev_hard_header(skb, skb->dev, ntohs(skb->protocol), 456 daddr, skb->dev->dev_addr, skb->len); 457 if (rc) { 458 kfree_skb(skb); 459 return -EHOSTUNREACH; 460 } 461 462 rc = dev_queue_xmit(skb); 463 if (rc) 464 rc = net_xmit_errno(rc); 465 466 return rc; 467 } 468 469 /* route alloc/release */ 470 static void mctp_route_release(struct mctp_route *rt) 471 { 472 if (refcount_dec_and_test(&rt->refs)) { 473 mctp_dev_put(rt->dev); 474 kfree_rcu(rt, rcu); 475 } 476 } 477 478 /* returns a route with the refcount at 1 */ 479 static struct mctp_route *mctp_route_alloc(void) 480 { 481 struct mctp_route *rt; 482 483 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 484 if (!rt) 485 return NULL; 486 487 INIT_LIST_HEAD(&rt->list); 488 refcount_set(&rt->refs, 1); 489 rt->output = mctp_route_discard; 490 491 return rt; 492 } 493 494 unsigned int mctp_default_net(struct net *net) 495 { 496 return READ_ONCE(net->mctp.default_net); 497 } 498 499 int mctp_default_net_set(struct net *net, unsigned int index) 500 { 501 if (index == 0) 502 return -EINVAL; 503 WRITE_ONCE(net->mctp.default_net, index); 504 return 0; 505 } 506 507 /* tag management */ 508 static void mctp_reserve_tag(struct net *net, struct mctp_sk_key *key, 509 struct mctp_sock *msk) 510 { 511 struct netns_mctp *mns = &net->mctp; 512 513 lockdep_assert_held(&mns->keys_lock); 514 515 key->expiry = jiffies + mctp_key_lifetime; 516 timer_reduce(&msk->key_expiry, key->expiry); 517 518 /* we hold the net->key_lock here, allowing updates to both 519 * then net and sk 520 */ 521 hlist_add_head_rcu(&key->hlist, &mns->keys); 522 hlist_add_head_rcu(&key->sklist, &msk->keys); 523 refcount_inc(&key->refs); 524 } 525 526 /* Allocate a locally-owned tag value for (saddr, daddr), and reserve 527 * it for the socket msk 528 */ 529 static int mctp_alloc_local_tag(struct mctp_sock *msk, 530 mctp_eid_t saddr, mctp_eid_t daddr, u8 *tagp) 531 { 532 struct net *net = sock_net(&msk->sk); 533 struct netns_mctp *mns = &net->mctp; 534 struct mctp_sk_key *key, *tmp; 535 unsigned long flags; 536 int rc = -EAGAIN; 537 u8 tagbits; 538 539 /* for NULL destination EIDs, we may get a response from any peer */ 540 if (daddr == MCTP_ADDR_NULL) 541 daddr = MCTP_ADDR_ANY; 542 543 /* be optimistic, alloc now */ 544 key = mctp_key_alloc(msk, saddr, daddr, 0, GFP_KERNEL); 545 if (!key) 546 return -ENOMEM; 547 548 /* 8 possible tag values */ 549 tagbits = 0xff; 550 551 spin_lock_irqsave(&mns->keys_lock, flags); 552 553 /* Walk through the existing keys, looking for potential conflicting 554 * tags. If we find a conflict, clear that bit from tagbits 555 */ 556 hlist_for_each_entry(tmp, &mns->keys, hlist) { 557 /* We can check the lookup fields (*_addr, tag) without the 558 * lock held, they don't change over the lifetime of the key. 559 */ 560 561 /* if we don't own the tag, it can't conflict */ 562 if (tmp->tag & MCTP_HDR_FLAG_TO) 563 continue; 564 565 if (!((tmp->peer_addr == daddr || 566 tmp->peer_addr == MCTP_ADDR_ANY) && 567 tmp->local_addr == saddr)) 568 continue; 569 570 spin_lock(&tmp->lock); 571 /* key must still be valid. If we find a match, clear the 572 * potential tag value 573 */ 574 if (tmp->valid) 575 tagbits &= ~(1 << tmp->tag); 576 spin_unlock(&tmp->lock); 577 578 if (!tagbits) 579 break; 580 } 581 582 if (tagbits) { 583 key->tag = __ffs(tagbits); 584 mctp_reserve_tag(net, key, msk); 585 trace_mctp_key_acquire(key); 586 587 *tagp = key->tag; 588 /* done with the key in this scope */ 589 mctp_key_unref(key); 590 key = NULL; 591 rc = 0; 592 } 593 594 spin_unlock_irqrestore(&mns->keys_lock, flags); 595 596 if (!tagbits) 597 kfree(key); 598 599 return rc; 600 } 601 602 /* routing lookups */ 603 static bool mctp_rt_match_eid(struct mctp_route *rt, 604 unsigned int net, mctp_eid_t eid) 605 { 606 return READ_ONCE(rt->dev->net) == net && 607 rt->min <= eid && rt->max >= eid; 608 } 609 610 /* compares match, used for duplicate prevention */ 611 static bool mctp_rt_compare_exact(struct mctp_route *rt1, 612 struct mctp_route *rt2) 613 { 614 ASSERT_RTNL(); 615 return rt1->dev->net == rt2->dev->net && 616 rt1->min == rt2->min && 617 rt1->max == rt2->max; 618 } 619 620 struct mctp_route *mctp_route_lookup(struct net *net, unsigned int dnet, 621 mctp_eid_t daddr) 622 { 623 struct mctp_route *tmp, *rt = NULL; 624 625 list_for_each_entry_rcu(tmp, &net->mctp.routes, list) { 626 /* TODO: add metrics */ 627 if (mctp_rt_match_eid(tmp, dnet, daddr)) { 628 if (refcount_inc_not_zero(&tmp->refs)) { 629 rt = tmp; 630 break; 631 } 632 } 633 } 634 635 return rt; 636 } 637 638 static struct mctp_route *mctp_route_lookup_null(struct net *net, 639 struct net_device *dev) 640 { 641 struct mctp_route *rt; 642 643 list_for_each_entry_rcu(rt, &net->mctp.routes, list) { 644 if (rt->dev->dev == dev && rt->type == RTN_LOCAL && 645 refcount_inc_not_zero(&rt->refs)) 646 return rt; 647 } 648 649 return NULL; 650 } 651 652 /* sends a skb to rt and releases the route. */ 653 int mctp_do_route(struct mctp_route *rt, struct sk_buff *skb) 654 { 655 int rc; 656 657 rc = rt->output(rt, skb); 658 mctp_route_release(rt); 659 return rc; 660 } 661 662 static int mctp_do_fragment_route(struct mctp_route *rt, struct sk_buff *skb, 663 unsigned int mtu, u8 tag) 664 { 665 const unsigned int hlen = sizeof(struct mctp_hdr); 666 struct mctp_hdr *hdr, *hdr2; 667 unsigned int pos, size; 668 struct sk_buff *skb2; 669 int rc; 670 u8 seq; 671 672 hdr = mctp_hdr(skb); 673 seq = 0; 674 rc = 0; 675 676 if (mtu < hlen + 1) { 677 kfree_skb(skb); 678 return -EMSGSIZE; 679 } 680 681 /* we've got the header */ 682 skb_pull(skb, hlen); 683 684 for (pos = 0; pos < skb->len;) { 685 /* size of message payload */ 686 size = min(mtu - hlen, skb->len - pos); 687 688 skb2 = alloc_skb(MCTP_HEADER_MAXLEN + hlen + size, GFP_KERNEL); 689 if (!skb2) { 690 rc = -ENOMEM; 691 break; 692 } 693 694 /* generic skb copy */ 695 skb2->protocol = skb->protocol; 696 skb2->priority = skb->priority; 697 skb2->dev = skb->dev; 698 memcpy(skb2->cb, skb->cb, sizeof(skb2->cb)); 699 700 if (skb->sk) 701 skb_set_owner_w(skb2, skb->sk); 702 703 /* establish packet */ 704 skb_reserve(skb2, MCTP_HEADER_MAXLEN); 705 skb_reset_network_header(skb2); 706 skb_put(skb2, hlen + size); 707 skb2->transport_header = skb2->network_header + hlen; 708 709 /* copy header fields, calculate SOM/EOM flags & seq */ 710 hdr2 = mctp_hdr(skb2); 711 hdr2->ver = hdr->ver; 712 hdr2->dest = hdr->dest; 713 hdr2->src = hdr->src; 714 hdr2->flags_seq_tag = tag & 715 (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO); 716 717 if (pos == 0) 718 hdr2->flags_seq_tag |= MCTP_HDR_FLAG_SOM; 719 720 if (pos + size == skb->len) 721 hdr2->flags_seq_tag |= MCTP_HDR_FLAG_EOM; 722 723 hdr2->flags_seq_tag |= seq << MCTP_HDR_SEQ_SHIFT; 724 725 /* copy message payload */ 726 skb_copy_bits(skb, pos, skb_transport_header(skb2), size); 727 728 /* do route, but don't drop the rt reference */ 729 rc = rt->output(rt, skb2); 730 if (rc) 731 break; 732 733 seq = (seq + 1) & MCTP_HDR_SEQ_MASK; 734 pos += size; 735 } 736 737 mctp_route_release(rt); 738 consume_skb(skb); 739 return rc; 740 } 741 742 int mctp_local_output(struct sock *sk, struct mctp_route *rt, 743 struct sk_buff *skb, mctp_eid_t daddr, u8 req_tag) 744 { 745 struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk); 746 struct mctp_skb_cb *cb = mctp_cb(skb); 747 struct mctp_hdr *hdr; 748 unsigned long flags; 749 unsigned int mtu; 750 mctp_eid_t saddr; 751 int rc; 752 u8 tag; 753 754 if (WARN_ON(!rt->dev)) 755 return -EINVAL; 756 757 spin_lock_irqsave(&rt->dev->addrs_lock, flags); 758 if (rt->dev->num_addrs == 0) { 759 rc = -EHOSTUNREACH; 760 } else { 761 /* use the outbound interface's first address as our source */ 762 saddr = rt->dev->addrs[0]; 763 rc = 0; 764 } 765 spin_unlock_irqrestore(&rt->dev->addrs_lock, flags); 766 767 if (rc) 768 return rc; 769 770 if (req_tag & MCTP_HDR_FLAG_TO) { 771 rc = mctp_alloc_local_tag(msk, saddr, daddr, &tag); 772 if (rc) 773 return rc; 774 tag |= MCTP_HDR_FLAG_TO; 775 } else { 776 tag = req_tag; 777 } 778 779 780 skb->protocol = htons(ETH_P_MCTP); 781 skb->priority = 0; 782 skb_reset_transport_header(skb); 783 skb_push(skb, sizeof(struct mctp_hdr)); 784 skb_reset_network_header(skb); 785 skb->dev = rt->dev->dev; 786 787 /* cb->net will have been set on initial ingress */ 788 cb->src = saddr; 789 790 /* set up common header fields */ 791 hdr = mctp_hdr(skb); 792 hdr->ver = 1; 793 hdr->dest = daddr; 794 hdr->src = saddr; 795 796 mtu = mctp_route_mtu(rt); 797 798 if (skb->len + sizeof(struct mctp_hdr) <= mtu) { 799 hdr->flags_seq_tag = MCTP_HDR_FLAG_SOM | MCTP_HDR_FLAG_EOM | 800 tag; 801 return mctp_do_route(rt, skb); 802 } else { 803 return mctp_do_fragment_route(rt, skb, mtu, tag); 804 } 805 } 806 807 /* route management */ 808 static int mctp_route_add(struct mctp_dev *mdev, mctp_eid_t daddr_start, 809 unsigned int daddr_extent, unsigned int mtu, 810 unsigned char type) 811 { 812 int (*rtfn)(struct mctp_route *rt, struct sk_buff *skb); 813 struct net *net = dev_net(mdev->dev); 814 struct mctp_route *rt, *ert; 815 816 if (!mctp_address_ok(daddr_start)) 817 return -EINVAL; 818 819 if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255) 820 return -EINVAL; 821 822 switch (type) { 823 case RTN_LOCAL: 824 rtfn = mctp_route_input; 825 break; 826 case RTN_UNICAST: 827 rtfn = mctp_route_output; 828 break; 829 default: 830 return -EINVAL; 831 } 832 833 rt = mctp_route_alloc(); 834 if (!rt) 835 return -ENOMEM; 836 837 rt->min = daddr_start; 838 rt->max = daddr_start + daddr_extent; 839 rt->mtu = mtu; 840 rt->dev = mdev; 841 mctp_dev_hold(rt->dev); 842 rt->type = type; 843 rt->output = rtfn; 844 845 ASSERT_RTNL(); 846 /* Prevent duplicate identical routes. */ 847 list_for_each_entry(ert, &net->mctp.routes, list) { 848 if (mctp_rt_compare_exact(rt, ert)) { 849 mctp_route_release(rt); 850 return -EEXIST; 851 } 852 } 853 854 list_add_rcu(&rt->list, &net->mctp.routes); 855 856 return 0; 857 } 858 859 static int mctp_route_remove(struct mctp_dev *mdev, mctp_eid_t daddr_start, 860 unsigned int daddr_extent, unsigned char type) 861 { 862 struct net *net = dev_net(mdev->dev); 863 struct mctp_route *rt, *tmp; 864 mctp_eid_t daddr_end; 865 bool dropped; 866 867 if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255) 868 return -EINVAL; 869 870 daddr_end = daddr_start + daddr_extent; 871 dropped = false; 872 873 ASSERT_RTNL(); 874 875 list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) { 876 if (rt->dev == mdev && 877 rt->min == daddr_start && rt->max == daddr_end && 878 rt->type == type) { 879 list_del_rcu(&rt->list); 880 /* TODO: immediate RTM_DELROUTE */ 881 mctp_route_release(rt); 882 dropped = true; 883 } 884 } 885 886 return dropped ? 0 : -ENOENT; 887 } 888 889 int mctp_route_add_local(struct mctp_dev *mdev, mctp_eid_t addr) 890 { 891 return mctp_route_add(mdev, addr, 0, 0, RTN_LOCAL); 892 } 893 894 int mctp_route_remove_local(struct mctp_dev *mdev, mctp_eid_t addr) 895 { 896 return mctp_route_remove(mdev, addr, 0, RTN_LOCAL); 897 } 898 899 /* removes all entries for a given device */ 900 void mctp_route_remove_dev(struct mctp_dev *mdev) 901 { 902 struct net *net = dev_net(mdev->dev); 903 struct mctp_route *rt, *tmp; 904 905 ASSERT_RTNL(); 906 list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) { 907 if (rt->dev == mdev) { 908 list_del_rcu(&rt->list); 909 /* TODO: immediate RTM_DELROUTE */ 910 mctp_route_release(rt); 911 } 912 } 913 } 914 915 /* Incoming packet-handling */ 916 917 static int mctp_pkttype_receive(struct sk_buff *skb, struct net_device *dev, 918 struct packet_type *pt, 919 struct net_device *orig_dev) 920 { 921 struct net *net = dev_net(dev); 922 struct mctp_dev *mdev; 923 struct mctp_skb_cb *cb; 924 struct mctp_route *rt; 925 struct mctp_hdr *mh; 926 927 rcu_read_lock(); 928 mdev = __mctp_dev_get(dev); 929 rcu_read_unlock(); 930 if (!mdev) { 931 /* basic non-data sanity checks */ 932 goto err_drop; 933 } 934 935 if (!pskb_may_pull(skb, sizeof(struct mctp_hdr))) 936 goto err_drop; 937 938 skb_reset_transport_header(skb); 939 skb_reset_network_header(skb); 940 941 /* We have enough for a header; decode and route */ 942 mh = mctp_hdr(skb); 943 if (mh->ver < MCTP_VER_MIN || mh->ver > MCTP_VER_MAX) 944 goto err_drop; 945 946 cb = __mctp_cb(skb); 947 cb->net = READ_ONCE(mdev->net); 948 949 rt = mctp_route_lookup(net, cb->net, mh->dest); 950 951 /* NULL EID, but addressed to our physical address */ 952 if (!rt && mh->dest == MCTP_ADDR_NULL && skb->pkt_type == PACKET_HOST) 953 rt = mctp_route_lookup_null(net, dev); 954 955 if (!rt) 956 goto err_drop; 957 958 mctp_do_route(rt, skb); 959 960 return NET_RX_SUCCESS; 961 962 err_drop: 963 kfree_skb(skb); 964 return NET_RX_DROP; 965 } 966 967 static struct packet_type mctp_packet_type = { 968 .type = cpu_to_be16(ETH_P_MCTP), 969 .func = mctp_pkttype_receive, 970 }; 971 972 /* netlink interface */ 973 974 static const struct nla_policy rta_mctp_policy[RTA_MAX + 1] = { 975 [RTA_DST] = { .type = NLA_U8 }, 976 [RTA_METRICS] = { .type = NLA_NESTED }, 977 [RTA_OIF] = { .type = NLA_U32 }, 978 }; 979 980 /* Common part for RTM_NEWROUTE and RTM_DELROUTE parsing. 981 * tb must hold RTA_MAX+1 elements. 982 */ 983 static int mctp_route_nlparse(struct sk_buff *skb, struct nlmsghdr *nlh, 984 struct netlink_ext_ack *extack, 985 struct nlattr **tb, struct rtmsg **rtm, 986 struct mctp_dev **mdev, mctp_eid_t *daddr_start) 987 { 988 struct net *net = sock_net(skb->sk); 989 struct net_device *dev; 990 unsigned int ifindex; 991 int rc; 992 993 rc = nlmsg_parse(nlh, sizeof(struct rtmsg), tb, RTA_MAX, 994 rta_mctp_policy, extack); 995 if (rc < 0) { 996 NL_SET_ERR_MSG(extack, "incorrect format"); 997 return rc; 998 } 999 1000 if (!tb[RTA_DST]) { 1001 NL_SET_ERR_MSG(extack, "dst EID missing"); 1002 return -EINVAL; 1003 } 1004 *daddr_start = nla_get_u8(tb[RTA_DST]); 1005 1006 if (!tb[RTA_OIF]) { 1007 NL_SET_ERR_MSG(extack, "ifindex missing"); 1008 return -EINVAL; 1009 } 1010 ifindex = nla_get_u32(tb[RTA_OIF]); 1011 1012 *rtm = nlmsg_data(nlh); 1013 if ((*rtm)->rtm_family != AF_MCTP) { 1014 NL_SET_ERR_MSG(extack, "route family must be AF_MCTP"); 1015 return -EINVAL; 1016 } 1017 1018 dev = __dev_get_by_index(net, ifindex); 1019 if (!dev) { 1020 NL_SET_ERR_MSG(extack, "bad ifindex"); 1021 return -ENODEV; 1022 } 1023 *mdev = mctp_dev_get_rtnl(dev); 1024 if (!*mdev) 1025 return -ENODEV; 1026 1027 if (dev->flags & IFF_LOOPBACK) { 1028 NL_SET_ERR_MSG(extack, "no routes to loopback"); 1029 return -EINVAL; 1030 } 1031 1032 return 0; 1033 } 1034 1035 static const struct nla_policy rta_metrics_policy[RTAX_MAX + 1] = { 1036 [RTAX_MTU] = { .type = NLA_U32 }, 1037 }; 1038 1039 static int mctp_newroute(struct sk_buff *skb, struct nlmsghdr *nlh, 1040 struct netlink_ext_ack *extack) 1041 { 1042 struct nlattr *tb[RTA_MAX + 1]; 1043 struct nlattr *tbx[RTAX_MAX + 1]; 1044 mctp_eid_t daddr_start; 1045 struct mctp_dev *mdev; 1046 struct rtmsg *rtm; 1047 unsigned int mtu; 1048 int rc; 1049 1050 rc = mctp_route_nlparse(skb, nlh, extack, tb, 1051 &rtm, &mdev, &daddr_start); 1052 if (rc < 0) 1053 return rc; 1054 1055 if (rtm->rtm_type != RTN_UNICAST) { 1056 NL_SET_ERR_MSG(extack, "rtm_type must be RTN_UNICAST"); 1057 return -EINVAL; 1058 } 1059 1060 mtu = 0; 1061 if (tb[RTA_METRICS]) { 1062 rc = nla_parse_nested(tbx, RTAX_MAX, tb[RTA_METRICS], 1063 rta_metrics_policy, NULL); 1064 if (rc < 0) 1065 return rc; 1066 if (tbx[RTAX_MTU]) 1067 mtu = nla_get_u32(tbx[RTAX_MTU]); 1068 } 1069 1070 if (rtm->rtm_type != RTN_UNICAST) 1071 return -EINVAL; 1072 1073 rc = mctp_route_add(mdev, daddr_start, rtm->rtm_dst_len, mtu, 1074 rtm->rtm_type); 1075 return rc; 1076 } 1077 1078 static int mctp_delroute(struct sk_buff *skb, struct nlmsghdr *nlh, 1079 struct netlink_ext_ack *extack) 1080 { 1081 struct nlattr *tb[RTA_MAX + 1]; 1082 mctp_eid_t daddr_start; 1083 struct mctp_dev *mdev; 1084 struct rtmsg *rtm; 1085 int rc; 1086 1087 rc = mctp_route_nlparse(skb, nlh, extack, tb, 1088 &rtm, &mdev, &daddr_start); 1089 if (rc < 0) 1090 return rc; 1091 1092 /* we only have unicast routes */ 1093 if (rtm->rtm_type != RTN_UNICAST) 1094 return -EINVAL; 1095 1096 rc = mctp_route_remove(mdev, daddr_start, rtm->rtm_dst_len, RTN_UNICAST); 1097 return rc; 1098 } 1099 1100 static int mctp_fill_rtinfo(struct sk_buff *skb, struct mctp_route *rt, 1101 u32 portid, u32 seq, int event, unsigned int flags) 1102 { 1103 struct nlmsghdr *nlh; 1104 struct rtmsg *hdr; 1105 void *metrics; 1106 1107 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*hdr), flags); 1108 if (!nlh) 1109 return -EMSGSIZE; 1110 1111 hdr = nlmsg_data(nlh); 1112 hdr->rtm_family = AF_MCTP; 1113 1114 /* we use the _len fields as a number of EIDs, rather than 1115 * a number of bits in the address 1116 */ 1117 hdr->rtm_dst_len = rt->max - rt->min; 1118 hdr->rtm_src_len = 0; 1119 hdr->rtm_tos = 0; 1120 hdr->rtm_table = RT_TABLE_DEFAULT; 1121 hdr->rtm_protocol = RTPROT_STATIC; /* everything is user-defined */ 1122 hdr->rtm_scope = RT_SCOPE_LINK; /* TODO: scope in mctp_route? */ 1123 hdr->rtm_type = rt->type; 1124 1125 if (nla_put_u8(skb, RTA_DST, rt->min)) 1126 goto cancel; 1127 1128 metrics = nla_nest_start_noflag(skb, RTA_METRICS); 1129 if (!metrics) 1130 goto cancel; 1131 1132 if (rt->mtu) { 1133 if (nla_put_u32(skb, RTAX_MTU, rt->mtu)) 1134 goto cancel; 1135 } 1136 1137 nla_nest_end(skb, metrics); 1138 1139 if (rt->dev) { 1140 if (nla_put_u32(skb, RTA_OIF, rt->dev->dev->ifindex)) 1141 goto cancel; 1142 } 1143 1144 /* TODO: conditional neighbour physaddr? */ 1145 1146 nlmsg_end(skb, nlh); 1147 1148 return 0; 1149 1150 cancel: 1151 nlmsg_cancel(skb, nlh); 1152 return -EMSGSIZE; 1153 } 1154 1155 static int mctp_dump_rtinfo(struct sk_buff *skb, struct netlink_callback *cb) 1156 { 1157 struct net *net = sock_net(skb->sk); 1158 struct mctp_route *rt; 1159 int s_idx, idx; 1160 1161 /* TODO: allow filtering on route data, possibly under 1162 * cb->strict_check 1163 */ 1164 1165 /* TODO: change to struct overlay */ 1166 s_idx = cb->args[0]; 1167 idx = 0; 1168 1169 rcu_read_lock(); 1170 list_for_each_entry_rcu(rt, &net->mctp.routes, list) { 1171 if (idx++ < s_idx) 1172 continue; 1173 if (mctp_fill_rtinfo(skb, rt, 1174 NETLINK_CB(cb->skb).portid, 1175 cb->nlh->nlmsg_seq, 1176 RTM_NEWROUTE, NLM_F_MULTI) < 0) 1177 break; 1178 } 1179 1180 rcu_read_unlock(); 1181 cb->args[0] = idx; 1182 1183 return skb->len; 1184 } 1185 1186 /* net namespace implementation */ 1187 static int __net_init mctp_routes_net_init(struct net *net) 1188 { 1189 struct netns_mctp *ns = &net->mctp; 1190 1191 INIT_LIST_HEAD(&ns->routes); 1192 INIT_HLIST_HEAD(&ns->binds); 1193 mutex_init(&ns->bind_lock); 1194 INIT_HLIST_HEAD(&ns->keys); 1195 spin_lock_init(&ns->keys_lock); 1196 WARN_ON(mctp_default_net_set(net, MCTP_INITIAL_DEFAULT_NET)); 1197 return 0; 1198 } 1199 1200 static void __net_exit mctp_routes_net_exit(struct net *net) 1201 { 1202 struct mctp_route *rt; 1203 1204 rcu_read_lock(); 1205 list_for_each_entry_rcu(rt, &net->mctp.routes, list) 1206 mctp_route_release(rt); 1207 rcu_read_unlock(); 1208 } 1209 1210 static struct pernet_operations mctp_net_ops = { 1211 .init = mctp_routes_net_init, 1212 .exit = mctp_routes_net_exit, 1213 }; 1214 1215 int __init mctp_routes_init(void) 1216 { 1217 dev_add_pack(&mctp_packet_type); 1218 1219 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_GETROUTE, 1220 NULL, mctp_dump_rtinfo, 0); 1221 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_NEWROUTE, 1222 mctp_newroute, NULL, 0); 1223 rtnl_register_module(THIS_MODULE, PF_MCTP, RTM_DELROUTE, 1224 mctp_delroute, NULL, 0); 1225 1226 return register_pernet_subsys(&mctp_net_ops); 1227 } 1228 1229 void __exit mctp_routes_exit(void) 1230 { 1231 unregister_pernet_subsys(&mctp_net_ops); 1232 rtnl_unregister(PF_MCTP, RTM_DELROUTE); 1233 rtnl_unregister(PF_MCTP, RTM_NEWROUTE); 1234 rtnl_unregister(PF_MCTP, RTM_GETROUTE); 1235 dev_remove_pack(&mctp_packet_type); 1236 } 1237 1238 #if IS_ENABLED(CONFIG_MCTP_TEST) 1239 #include "test/route-test.c" 1240 #endif 1241