xref: /openbmc/linux/net/sctp/ulpqueue.c (revision 0883c2c0)
1 /* SCTP kernel implementation
2  * (C) Copyright IBM Corp. 2001, 2004
3  * Copyright (c) 1999-2000 Cisco, Inc.
4  * Copyright (c) 1999-2001 Motorola, Inc.
5  * Copyright (c) 2001 Intel Corp.
6  * Copyright (c) 2001 Nokia, Inc.
7  * Copyright (c) 2001 La Monte H.P. Yarroll
8  *
9  * This abstraction carries sctp events to the ULP (sockets).
10  *
11  * This SCTP implementation is free software;
12  * you can redistribute it and/or modify it under the terms of
13  * the GNU General Public License as published by
14  * the Free Software Foundation; either version 2, or (at your option)
15  * any later version.
16  *
17  * This SCTP implementation is distributed in the hope that it
18  * will be useful, but WITHOUT ANY WARRANTY; without even the implied
19  *                 ************************
20  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
21  * See the GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with GNU CC; see the file COPYING.  If not, see
25  * <http://www.gnu.org/licenses/>.
26  *
27  * Please send any bug reports or fixes you make to the
28  * email address(es):
29  *    lksctp developers <linux-sctp@vger.kernel.org>
30  *
31  * Written or modified by:
32  *    Jon Grimm             <jgrimm@us.ibm.com>
33  *    La Monte H.P. Yarroll <piggy@acm.org>
34  *    Sridhar Samudrala     <sri@us.ibm.com>
35  */
36 
37 #include <linux/slab.h>
38 #include <linux/types.h>
39 #include <linux/skbuff.h>
40 #include <net/sock.h>
41 #include <net/busy_poll.h>
42 #include <net/sctp/structs.h>
43 #include <net/sctp/sctp.h>
44 #include <net/sctp/sm.h>
45 
46 /* Forward declarations for internal helpers.  */
47 static struct sctp_ulpevent *sctp_ulpq_reasm(struct sctp_ulpq *ulpq,
48 					      struct sctp_ulpevent *);
49 static struct sctp_ulpevent *sctp_ulpq_order(struct sctp_ulpq *,
50 					      struct sctp_ulpevent *);
51 static void sctp_ulpq_reasm_drain(struct sctp_ulpq *ulpq);
52 
53 /* 1st Level Abstractions */
54 
55 /* Initialize a ULP queue from a block of memory.  */
56 struct sctp_ulpq *sctp_ulpq_init(struct sctp_ulpq *ulpq,
57 				 struct sctp_association *asoc)
58 {
59 	memset(ulpq, 0, sizeof(struct sctp_ulpq));
60 
61 	ulpq->asoc = asoc;
62 	skb_queue_head_init(&ulpq->reasm);
63 	skb_queue_head_init(&ulpq->lobby);
64 	ulpq->pd_mode  = 0;
65 
66 	return ulpq;
67 }
68 
69 
70 /* Flush the reassembly and ordering queues.  */
71 void sctp_ulpq_flush(struct sctp_ulpq *ulpq)
72 {
73 	struct sk_buff *skb;
74 	struct sctp_ulpevent *event;
75 
76 	while ((skb = __skb_dequeue(&ulpq->lobby)) != NULL) {
77 		event = sctp_skb2event(skb);
78 		sctp_ulpevent_free(event);
79 	}
80 
81 	while ((skb = __skb_dequeue(&ulpq->reasm)) != NULL) {
82 		event = sctp_skb2event(skb);
83 		sctp_ulpevent_free(event);
84 	}
85 
86 }
87 
88 /* Dispose of a ulpqueue.  */
89 void sctp_ulpq_free(struct sctp_ulpq *ulpq)
90 {
91 	sctp_ulpq_flush(ulpq);
92 }
93 
94 /* Process an incoming DATA chunk.  */
95 int sctp_ulpq_tail_data(struct sctp_ulpq *ulpq, struct sctp_chunk *chunk,
96 			gfp_t gfp)
97 {
98 	struct sk_buff_head temp;
99 	struct sctp_ulpevent *event;
100 	int event_eor = 0;
101 
102 	/* Create an event from the incoming chunk. */
103 	event = sctp_ulpevent_make_rcvmsg(chunk->asoc, chunk, gfp);
104 	if (!event)
105 		return -ENOMEM;
106 
107 	/* Do reassembly if needed.  */
108 	event = sctp_ulpq_reasm(ulpq, event);
109 
110 	/* Do ordering if needed.  */
111 	if ((event) && (event->msg_flags & MSG_EOR)) {
112 		/* Create a temporary list to collect chunks on.  */
113 		skb_queue_head_init(&temp);
114 		__skb_queue_tail(&temp, sctp_event2skb(event));
115 
116 		event = sctp_ulpq_order(ulpq, event);
117 	}
118 
119 	/* Send event to the ULP.  'event' is the sctp_ulpevent for
120 	 * very first SKB on the 'temp' list.
121 	 */
122 	if (event) {
123 		event_eor = (event->msg_flags & MSG_EOR) ? 1 : 0;
124 		sctp_ulpq_tail_event(ulpq, event);
125 	}
126 
127 	return event_eor;
128 }
129 
130 /* Add a new event for propagation to the ULP.  */
131 /* Clear the partial delivery mode for this socket.   Note: This
132  * assumes that no association is currently in partial delivery mode.
133  */
134 int sctp_clear_pd(struct sock *sk, struct sctp_association *asoc)
135 {
136 	struct sctp_sock *sp = sctp_sk(sk);
137 
138 	if (atomic_dec_and_test(&sp->pd_mode)) {
139 		/* This means there are no other associations in PD, so
140 		 * we can go ahead and clear out the lobby in one shot
141 		 */
142 		if (!skb_queue_empty(&sp->pd_lobby)) {
143 			struct list_head *list;
144 			skb_queue_splice_tail_init(&sp->pd_lobby,
145 						   &sk->sk_receive_queue);
146 			list = (struct list_head *)&sctp_sk(sk)->pd_lobby;
147 			INIT_LIST_HEAD(list);
148 			return 1;
149 		}
150 	} else {
151 		/* There are other associations in PD, so we only need to
152 		 * pull stuff out of the lobby that belongs to the
153 		 * associations that is exiting PD (all of its notifications
154 		 * are posted here).
155 		 */
156 		if (!skb_queue_empty(&sp->pd_lobby) && asoc) {
157 			struct sk_buff *skb, *tmp;
158 			struct sctp_ulpevent *event;
159 
160 			sctp_skb_for_each(skb, &sp->pd_lobby, tmp) {
161 				event = sctp_skb2event(skb);
162 				if (event->asoc == asoc) {
163 					__skb_unlink(skb, &sp->pd_lobby);
164 					__skb_queue_tail(&sk->sk_receive_queue,
165 							 skb);
166 				}
167 			}
168 		}
169 	}
170 
171 	return 0;
172 }
173 
174 /* Set the pd_mode on the socket and ulpq */
175 static void sctp_ulpq_set_pd(struct sctp_ulpq *ulpq)
176 {
177 	struct sctp_sock *sp = sctp_sk(ulpq->asoc->base.sk);
178 
179 	atomic_inc(&sp->pd_mode);
180 	ulpq->pd_mode = 1;
181 }
182 
183 /* Clear the pd_mode and restart any pending messages waiting for delivery. */
184 static int sctp_ulpq_clear_pd(struct sctp_ulpq *ulpq)
185 {
186 	ulpq->pd_mode = 0;
187 	sctp_ulpq_reasm_drain(ulpq);
188 	return sctp_clear_pd(ulpq->asoc->base.sk, ulpq->asoc);
189 }
190 
191 /* If the SKB of 'event' is on a list, it is the first such member
192  * of that list.
193  */
194 int sctp_ulpq_tail_event(struct sctp_ulpq *ulpq, struct sctp_ulpevent *event)
195 {
196 	struct sock *sk = ulpq->asoc->base.sk;
197 	struct sctp_sock *sp = sctp_sk(sk);
198 	struct sk_buff_head *queue, *skb_list;
199 	struct sk_buff *skb = sctp_event2skb(event);
200 	int clear_pd = 0;
201 
202 	skb_list = (struct sk_buff_head *) skb->prev;
203 
204 	/* If the socket is just going to throw this away, do not
205 	 * even try to deliver it.
206 	 */
207 	if (sock_flag(sk, SOCK_DEAD) || (sk->sk_shutdown & RCV_SHUTDOWN))
208 		goto out_free;
209 
210 	if (!sctp_ulpevent_is_notification(event)) {
211 		sk_mark_napi_id(sk, skb);
212 		sk_incoming_cpu_update(sk);
213 	}
214 	/* Check if the user wishes to receive this event.  */
215 	if (!sctp_ulpevent_is_enabled(event, &sp->subscribe))
216 		goto out_free;
217 
218 	/* If we are in partial delivery mode, post to the lobby until
219 	 * partial delivery is cleared, unless, of course _this_ is
220 	 * the association the cause of the partial delivery.
221 	 */
222 
223 	if (atomic_read(&sp->pd_mode) == 0) {
224 		queue = &sk->sk_receive_queue;
225 	} else {
226 		if (ulpq->pd_mode) {
227 			/* If the association is in partial delivery, we
228 			 * need to finish delivering the partially processed
229 			 * packet before passing any other data.  This is
230 			 * because we don't truly support stream interleaving.
231 			 */
232 			if ((event->msg_flags & MSG_NOTIFICATION) ||
233 			    (SCTP_DATA_NOT_FRAG ==
234 				    (event->msg_flags & SCTP_DATA_FRAG_MASK)))
235 				queue = &sp->pd_lobby;
236 			else {
237 				clear_pd = event->msg_flags & MSG_EOR;
238 				queue = &sk->sk_receive_queue;
239 			}
240 		} else {
241 			/*
242 			 * If fragment interleave is enabled, we
243 			 * can queue this to the receive queue instead
244 			 * of the lobby.
245 			 */
246 			if (sp->frag_interleave)
247 				queue = &sk->sk_receive_queue;
248 			else
249 				queue = &sp->pd_lobby;
250 		}
251 	}
252 
253 	/* If we are harvesting multiple skbs they will be
254 	 * collected on a list.
255 	 */
256 	if (skb_list)
257 		skb_queue_splice_tail_init(skb_list, queue);
258 	else
259 		__skb_queue_tail(queue, skb);
260 
261 	/* Did we just complete partial delivery and need to get
262 	 * rolling again?  Move pending data to the receive
263 	 * queue.
264 	 */
265 	if (clear_pd)
266 		sctp_ulpq_clear_pd(ulpq);
267 
268 	if (queue == &sk->sk_receive_queue && !sp->data_ready_signalled) {
269 		sp->data_ready_signalled = 1;
270 		sk->sk_data_ready(sk);
271 	}
272 	return 1;
273 
274 out_free:
275 	if (skb_list)
276 		sctp_queue_purge_ulpevents(skb_list);
277 	else
278 		sctp_ulpevent_free(event);
279 
280 	return 0;
281 }
282 
283 /* 2nd Level Abstractions */
284 
285 /* Helper function to store chunks that need to be reassembled.  */
286 static void sctp_ulpq_store_reasm(struct sctp_ulpq *ulpq,
287 					 struct sctp_ulpevent *event)
288 {
289 	struct sk_buff *pos;
290 	struct sctp_ulpevent *cevent;
291 	__u32 tsn, ctsn;
292 
293 	tsn = event->tsn;
294 
295 	/* See if it belongs at the end. */
296 	pos = skb_peek_tail(&ulpq->reasm);
297 	if (!pos) {
298 		__skb_queue_tail(&ulpq->reasm, sctp_event2skb(event));
299 		return;
300 	}
301 
302 	/* Short circuit just dropping it at the end. */
303 	cevent = sctp_skb2event(pos);
304 	ctsn = cevent->tsn;
305 	if (TSN_lt(ctsn, tsn)) {
306 		__skb_queue_tail(&ulpq->reasm, sctp_event2skb(event));
307 		return;
308 	}
309 
310 	/* Find the right place in this list. We store them by TSN.  */
311 	skb_queue_walk(&ulpq->reasm, pos) {
312 		cevent = sctp_skb2event(pos);
313 		ctsn = cevent->tsn;
314 
315 		if (TSN_lt(tsn, ctsn))
316 			break;
317 	}
318 
319 	/* Insert before pos. */
320 	__skb_queue_before(&ulpq->reasm, pos, sctp_event2skb(event));
321 
322 }
323 
324 /* Helper function to return an event corresponding to the reassembled
325  * datagram.
326  * This routine creates a re-assembled skb given the first and last skb's
327  * as stored in the reassembly queue. The skb's may be non-linear if the sctp
328  * payload was fragmented on the way and ip had to reassemble them.
329  * We add the rest of skb's to the first skb's fraglist.
330  */
331 static struct sctp_ulpevent *sctp_make_reassembled_event(struct net *net,
332 	struct sk_buff_head *queue, struct sk_buff *f_frag,
333 	struct sk_buff *l_frag)
334 {
335 	struct sk_buff *pos;
336 	struct sk_buff *new = NULL;
337 	struct sctp_ulpevent *event;
338 	struct sk_buff *pnext, *last;
339 	struct sk_buff *list = skb_shinfo(f_frag)->frag_list;
340 
341 	/* Store the pointer to the 2nd skb */
342 	if (f_frag == l_frag)
343 		pos = NULL;
344 	else
345 		pos = f_frag->next;
346 
347 	/* Get the last skb in the f_frag's frag_list if present. */
348 	for (last = list; list; last = list, list = list->next)
349 		;
350 
351 	/* Add the list of remaining fragments to the first fragments
352 	 * frag_list.
353 	 */
354 	if (last)
355 		last->next = pos;
356 	else {
357 		if (skb_cloned(f_frag)) {
358 			/* This is a cloned skb, we can't just modify
359 			 * the frag_list.  We need a new skb to do that.
360 			 * Instead of calling skb_unshare(), we'll do it
361 			 * ourselves since we need to delay the free.
362 			 */
363 			new = skb_copy(f_frag, GFP_ATOMIC);
364 			if (!new)
365 				return NULL;	/* try again later */
366 
367 			sctp_skb_set_owner_r(new, f_frag->sk);
368 
369 			skb_shinfo(new)->frag_list = pos;
370 		} else
371 			skb_shinfo(f_frag)->frag_list = pos;
372 	}
373 
374 	/* Remove the first fragment from the reassembly queue.  */
375 	__skb_unlink(f_frag, queue);
376 
377 	/* if we did unshare, then free the old skb and re-assign */
378 	if (new) {
379 		kfree_skb(f_frag);
380 		f_frag = new;
381 	}
382 
383 	while (pos) {
384 
385 		pnext = pos->next;
386 
387 		/* Update the len and data_len fields of the first fragment. */
388 		f_frag->len += pos->len;
389 		f_frag->data_len += pos->len;
390 
391 		/* Remove the fragment from the reassembly queue.  */
392 		__skb_unlink(pos, queue);
393 
394 		/* Break if we have reached the last fragment.  */
395 		if (pos == l_frag)
396 			break;
397 		pos->next = pnext;
398 		pos = pnext;
399 	}
400 
401 	event = sctp_skb2event(f_frag);
402 	SCTP_INC_STATS(net, SCTP_MIB_REASMUSRMSGS);
403 
404 	return event;
405 }
406 
407 
408 /* Helper function to check if an incoming chunk has filled up the last
409  * missing fragment in a SCTP datagram and return the corresponding event.
410  */
411 static struct sctp_ulpevent *sctp_ulpq_retrieve_reassembled(struct sctp_ulpq *ulpq)
412 {
413 	struct sk_buff *pos;
414 	struct sctp_ulpevent *cevent;
415 	struct sk_buff *first_frag = NULL;
416 	__u32 ctsn, next_tsn;
417 	struct sctp_ulpevent *retval = NULL;
418 	struct sk_buff *pd_first = NULL;
419 	struct sk_buff *pd_last = NULL;
420 	size_t pd_len = 0;
421 	struct sctp_association *asoc;
422 	u32 pd_point;
423 
424 	/* Initialized to 0 just to avoid compiler warning message.  Will
425 	 * never be used with this value. It is referenced only after it
426 	 * is set when we find the first fragment of a message.
427 	 */
428 	next_tsn = 0;
429 
430 	/* The chunks are held in the reasm queue sorted by TSN.
431 	 * Walk through the queue sequentially and look for a sequence of
432 	 * fragmented chunks that complete a datagram.
433 	 * 'first_frag' and next_tsn are reset when we find a chunk which
434 	 * is the first fragment of a datagram. Once these 2 fields are set
435 	 * we expect to find the remaining middle fragments and the last
436 	 * fragment in order. If not, first_frag is reset to NULL and we
437 	 * start the next pass when we find another first fragment.
438 	 *
439 	 * There is a potential to do partial delivery if user sets
440 	 * SCTP_PARTIAL_DELIVERY_POINT option. Lets count some things here
441 	 * to see if can do PD.
442 	 */
443 	skb_queue_walk(&ulpq->reasm, pos) {
444 		cevent = sctp_skb2event(pos);
445 		ctsn = cevent->tsn;
446 
447 		switch (cevent->msg_flags & SCTP_DATA_FRAG_MASK) {
448 		case SCTP_DATA_FIRST_FRAG:
449 			/* If this "FIRST_FRAG" is the first
450 			 * element in the queue, then count it towards
451 			 * possible PD.
452 			 */
453 			if (pos == ulpq->reasm.next) {
454 			    pd_first = pos;
455 			    pd_last = pos;
456 			    pd_len = pos->len;
457 			} else {
458 			    pd_first = NULL;
459 			    pd_last = NULL;
460 			    pd_len = 0;
461 			}
462 
463 			first_frag = pos;
464 			next_tsn = ctsn + 1;
465 			break;
466 
467 		case SCTP_DATA_MIDDLE_FRAG:
468 			if ((first_frag) && (ctsn == next_tsn)) {
469 				next_tsn++;
470 				if (pd_first) {
471 				    pd_last = pos;
472 				    pd_len += pos->len;
473 				}
474 			} else
475 				first_frag = NULL;
476 			break;
477 
478 		case SCTP_DATA_LAST_FRAG:
479 			if (first_frag && (ctsn == next_tsn))
480 				goto found;
481 			else
482 				first_frag = NULL;
483 			break;
484 		}
485 	}
486 
487 	asoc = ulpq->asoc;
488 	if (pd_first) {
489 		/* Make sure we can enter partial deliver.
490 		 * We can trigger partial delivery only if framgent
491 		 * interleave is set, or the socket is not already
492 		 * in  partial delivery.
493 		 */
494 		if (!sctp_sk(asoc->base.sk)->frag_interleave &&
495 		    atomic_read(&sctp_sk(asoc->base.sk)->pd_mode))
496 			goto done;
497 
498 		cevent = sctp_skb2event(pd_first);
499 		pd_point = sctp_sk(asoc->base.sk)->pd_point;
500 		if (pd_point && pd_point <= pd_len) {
501 			retval = sctp_make_reassembled_event(sock_net(asoc->base.sk),
502 							     &ulpq->reasm,
503 							     pd_first,
504 							     pd_last);
505 			if (retval)
506 				sctp_ulpq_set_pd(ulpq);
507 		}
508 	}
509 done:
510 	return retval;
511 found:
512 	retval = sctp_make_reassembled_event(sock_net(ulpq->asoc->base.sk),
513 					     &ulpq->reasm, first_frag, pos);
514 	if (retval)
515 		retval->msg_flags |= MSG_EOR;
516 	goto done;
517 }
518 
519 /* Retrieve the next set of fragments of a partial message. */
520 static struct sctp_ulpevent *sctp_ulpq_retrieve_partial(struct sctp_ulpq *ulpq)
521 {
522 	struct sk_buff *pos, *last_frag, *first_frag;
523 	struct sctp_ulpevent *cevent;
524 	__u32 ctsn, next_tsn;
525 	int is_last;
526 	struct sctp_ulpevent *retval;
527 
528 	/* The chunks are held in the reasm queue sorted by TSN.
529 	 * Walk through the queue sequentially and look for the first
530 	 * sequence of fragmented chunks.
531 	 */
532 
533 	if (skb_queue_empty(&ulpq->reasm))
534 		return NULL;
535 
536 	last_frag = first_frag = NULL;
537 	retval = NULL;
538 	next_tsn = 0;
539 	is_last = 0;
540 
541 	skb_queue_walk(&ulpq->reasm, pos) {
542 		cevent = sctp_skb2event(pos);
543 		ctsn = cevent->tsn;
544 
545 		switch (cevent->msg_flags & SCTP_DATA_FRAG_MASK) {
546 		case SCTP_DATA_FIRST_FRAG:
547 			if (!first_frag)
548 				return NULL;
549 			goto done;
550 		case SCTP_DATA_MIDDLE_FRAG:
551 			if (!first_frag) {
552 				first_frag = pos;
553 				next_tsn = ctsn + 1;
554 				last_frag = pos;
555 			} else if (next_tsn == ctsn) {
556 				next_tsn++;
557 				last_frag = pos;
558 			} else
559 				goto done;
560 			break;
561 		case SCTP_DATA_LAST_FRAG:
562 			if (!first_frag)
563 				first_frag = pos;
564 			else if (ctsn != next_tsn)
565 				goto done;
566 			last_frag = pos;
567 			is_last = 1;
568 			goto done;
569 		default:
570 			return NULL;
571 		}
572 	}
573 
574 	/* We have the reassembled event. There is no need to look
575 	 * further.
576 	 */
577 done:
578 	retval = sctp_make_reassembled_event(sock_net(ulpq->asoc->base.sk),
579 					&ulpq->reasm, first_frag, last_frag);
580 	if (retval && is_last)
581 		retval->msg_flags |= MSG_EOR;
582 
583 	return retval;
584 }
585 
586 
587 /* Helper function to reassemble chunks.  Hold chunks on the reasm queue that
588  * need reassembling.
589  */
590 static struct sctp_ulpevent *sctp_ulpq_reasm(struct sctp_ulpq *ulpq,
591 						struct sctp_ulpevent *event)
592 {
593 	struct sctp_ulpevent *retval = NULL;
594 
595 	/* Check if this is part of a fragmented message.  */
596 	if (SCTP_DATA_NOT_FRAG == (event->msg_flags & SCTP_DATA_FRAG_MASK)) {
597 		event->msg_flags |= MSG_EOR;
598 		return event;
599 	}
600 
601 	sctp_ulpq_store_reasm(ulpq, event);
602 	if (!ulpq->pd_mode)
603 		retval = sctp_ulpq_retrieve_reassembled(ulpq);
604 	else {
605 		__u32 ctsn, ctsnap;
606 
607 		/* Do not even bother unless this is the next tsn to
608 		 * be delivered.
609 		 */
610 		ctsn = event->tsn;
611 		ctsnap = sctp_tsnmap_get_ctsn(&ulpq->asoc->peer.tsn_map);
612 		if (TSN_lte(ctsn, ctsnap))
613 			retval = sctp_ulpq_retrieve_partial(ulpq);
614 	}
615 
616 	return retval;
617 }
618 
619 /* Retrieve the first part (sequential fragments) for partial delivery.  */
620 static struct sctp_ulpevent *sctp_ulpq_retrieve_first(struct sctp_ulpq *ulpq)
621 {
622 	struct sk_buff *pos, *last_frag, *first_frag;
623 	struct sctp_ulpevent *cevent;
624 	__u32 ctsn, next_tsn;
625 	struct sctp_ulpevent *retval;
626 
627 	/* The chunks are held in the reasm queue sorted by TSN.
628 	 * Walk through the queue sequentially and look for a sequence of
629 	 * fragmented chunks that start a datagram.
630 	 */
631 
632 	if (skb_queue_empty(&ulpq->reasm))
633 		return NULL;
634 
635 	last_frag = first_frag = NULL;
636 	retval = NULL;
637 	next_tsn = 0;
638 
639 	skb_queue_walk(&ulpq->reasm, pos) {
640 		cevent = sctp_skb2event(pos);
641 		ctsn = cevent->tsn;
642 
643 		switch (cevent->msg_flags & SCTP_DATA_FRAG_MASK) {
644 		case SCTP_DATA_FIRST_FRAG:
645 			if (!first_frag) {
646 				first_frag = pos;
647 				next_tsn = ctsn + 1;
648 				last_frag = pos;
649 			} else
650 				goto done;
651 			break;
652 
653 		case SCTP_DATA_MIDDLE_FRAG:
654 			if (!first_frag)
655 				return NULL;
656 			if (ctsn == next_tsn) {
657 				next_tsn++;
658 				last_frag = pos;
659 			} else
660 				goto done;
661 			break;
662 
663 		case SCTP_DATA_LAST_FRAG:
664 			if (!first_frag)
665 				return NULL;
666 			else
667 				goto done;
668 			break;
669 
670 		default:
671 			return NULL;
672 		}
673 	}
674 
675 	/* We have the reassembled event. There is no need to look
676 	 * further.
677 	 */
678 done:
679 	retval = sctp_make_reassembled_event(sock_net(ulpq->asoc->base.sk),
680 					&ulpq->reasm, first_frag, last_frag);
681 	return retval;
682 }
683 
684 /*
685  * Flush out stale fragments from the reassembly queue when processing
686  * a Forward TSN.
687  *
688  * RFC 3758, Section 3.6
689  *
690  * After receiving and processing a FORWARD TSN, the data receiver MUST
691  * take cautions in updating its re-assembly queue.  The receiver MUST
692  * remove any partially reassembled message, which is still missing one
693  * or more TSNs earlier than or equal to the new cumulative TSN point.
694  * In the event that the receiver has invoked the partial delivery API,
695  * a notification SHOULD also be generated to inform the upper layer API
696  * that the message being partially delivered will NOT be completed.
697  */
698 void sctp_ulpq_reasm_flushtsn(struct sctp_ulpq *ulpq, __u32 fwd_tsn)
699 {
700 	struct sk_buff *pos, *tmp;
701 	struct sctp_ulpevent *event;
702 	__u32 tsn;
703 
704 	if (skb_queue_empty(&ulpq->reasm))
705 		return;
706 
707 	skb_queue_walk_safe(&ulpq->reasm, pos, tmp) {
708 		event = sctp_skb2event(pos);
709 		tsn = event->tsn;
710 
711 		/* Since the entire message must be abandoned by the
712 		 * sender (item A3 in Section 3.5, RFC 3758), we can
713 		 * free all fragments on the list that are less then
714 		 * or equal to ctsn_point
715 		 */
716 		if (TSN_lte(tsn, fwd_tsn)) {
717 			__skb_unlink(pos, &ulpq->reasm);
718 			sctp_ulpevent_free(event);
719 		} else
720 			break;
721 	}
722 }
723 
724 /*
725  * Drain the reassembly queue.  If we just cleared parted delivery, it
726  * is possible that the reassembly queue will contain already reassembled
727  * messages.  Retrieve any such messages and give them to the user.
728  */
729 static void sctp_ulpq_reasm_drain(struct sctp_ulpq *ulpq)
730 {
731 	struct sctp_ulpevent *event = NULL;
732 	struct sk_buff_head temp;
733 
734 	if (skb_queue_empty(&ulpq->reasm))
735 		return;
736 
737 	while ((event = sctp_ulpq_retrieve_reassembled(ulpq)) != NULL) {
738 		/* Do ordering if needed.  */
739 		if ((event) && (event->msg_flags & MSG_EOR)) {
740 			skb_queue_head_init(&temp);
741 			__skb_queue_tail(&temp, sctp_event2skb(event));
742 
743 			event = sctp_ulpq_order(ulpq, event);
744 		}
745 
746 		/* Send event to the ULP.  'event' is the
747 		 * sctp_ulpevent for  very first SKB on the  temp' list.
748 		 */
749 		if (event)
750 			sctp_ulpq_tail_event(ulpq, event);
751 	}
752 }
753 
754 
755 /* Helper function to gather skbs that have possibly become
756  * ordered by an an incoming chunk.
757  */
758 static void sctp_ulpq_retrieve_ordered(struct sctp_ulpq *ulpq,
759 					      struct sctp_ulpevent *event)
760 {
761 	struct sk_buff_head *event_list;
762 	struct sk_buff *pos, *tmp;
763 	struct sctp_ulpevent *cevent;
764 	struct sctp_stream *in;
765 	__u16 sid, csid, cssn;
766 
767 	sid = event->stream;
768 	in  = &ulpq->asoc->ssnmap->in;
769 
770 	event_list = (struct sk_buff_head *) sctp_event2skb(event)->prev;
771 
772 	/* We are holding the chunks by stream, by SSN.  */
773 	sctp_skb_for_each(pos, &ulpq->lobby, tmp) {
774 		cevent = (struct sctp_ulpevent *) pos->cb;
775 		csid = cevent->stream;
776 		cssn = cevent->ssn;
777 
778 		/* Have we gone too far?  */
779 		if (csid > sid)
780 			break;
781 
782 		/* Have we not gone far enough?  */
783 		if (csid < sid)
784 			continue;
785 
786 		if (cssn != sctp_ssn_peek(in, sid))
787 			break;
788 
789 		/* Found it, so mark in the ssnmap. */
790 		sctp_ssn_next(in, sid);
791 
792 		__skb_unlink(pos, &ulpq->lobby);
793 
794 		/* Attach all gathered skbs to the event.  */
795 		__skb_queue_tail(event_list, pos);
796 	}
797 }
798 
799 /* Helper function to store chunks needing ordering.  */
800 static void sctp_ulpq_store_ordered(struct sctp_ulpq *ulpq,
801 					   struct sctp_ulpevent *event)
802 {
803 	struct sk_buff *pos;
804 	struct sctp_ulpevent *cevent;
805 	__u16 sid, csid;
806 	__u16 ssn, cssn;
807 
808 	pos = skb_peek_tail(&ulpq->lobby);
809 	if (!pos) {
810 		__skb_queue_tail(&ulpq->lobby, sctp_event2skb(event));
811 		return;
812 	}
813 
814 	sid = event->stream;
815 	ssn = event->ssn;
816 
817 	cevent = (struct sctp_ulpevent *) pos->cb;
818 	csid = cevent->stream;
819 	cssn = cevent->ssn;
820 	if (sid > csid) {
821 		__skb_queue_tail(&ulpq->lobby, sctp_event2skb(event));
822 		return;
823 	}
824 
825 	if ((sid == csid) && SSN_lt(cssn, ssn)) {
826 		__skb_queue_tail(&ulpq->lobby, sctp_event2skb(event));
827 		return;
828 	}
829 
830 	/* Find the right place in this list.  We store them by
831 	 * stream ID and then by SSN.
832 	 */
833 	skb_queue_walk(&ulpq->lobby, pos) {
834 		cevent = (struct sctp_ulpevent *) pos->cb;
835 		csid = cevent->stream;
836 		cssn = cevent->ssn;
837 
838 		if (csid > sid)
839 			break;
840 		if (csid == sid && SSN_lt(ssn, cssn))
841 			break;
842 	}
843 
844 
845 	/* Insert before pos. */
846 	__skb_queue_before(&ulpq->lobby, pos, sctp_event2skb(event));
847 }
848 
849 static struct sctp_ulpevent *sctp_ulpq_order(struct sctp_ulpq *ulpq,
850 					     struct sctp_ulpevent *event)
851 {
852 	__u16 sid, ssn;
853 	struct sctp_stream *in;
854 
855 	/* Check if this message needs ordering.  */
856 	if (SCTP_DATA_UNORDERED & event->msg_flags)
857 		return event;
858 
859 	/* Note: The stream ID must be verified before this routine.  */
860 	sid = event->stream;
861 	ssn = event->ssn;
862 	in  = &ulpq->asoc->ssnmap->in;
863 
864 	/* Is this the expected SSN for this stream ID?  */
865 	if (ssn != sctp_ssn_peek(in, sid)) {
866 		/* We've received something out of order, so find where it
867 		 * needs to be placed.  We order by stream and then by SSN.
868 		 */
869 		sctp_ulpq_store_ordered(ulpq, event);
870 		return NULL;
871 	}
872 
873 	/* Mark that the next chunk has been found.  */
874 	sctp_ssn_next(in, sid);
875 
876 	/* Go find any other chunks that were waiting for
877 	 * ordering.
878 	 */
879 	sctp_ulpq_retrieve_ordered(ulpq, event);
880 
881 	return event;
882 }
883 
884 /* Helper function to gather skbs that have possibly become
885  * ordered by forward tsn skipping their dependencies.
886  */
887 static void sctp_ulpq_reap_ordered(struct sctp_ulpq *ulpq, __u16 sid)
888 {
889 	struct sk_buff *pos, *tmp;
890 	struct sctp_ulpevent *cevent;
891 	struct sctp_ulpevent *event;
892 	struct sctp_stream *in;
893 	struct sk_buff_head temp;
894 	struct sk_buff_head *lobby = &ulpq->lobby;
895 	__u16 csid, cssn;
896 
897 	in  = &ulpq->asoc->ssnmap->in;
898 
899 	/* We are holding the chunks by stream, by SSN.  */
900 	skb_queue_head_init(&temp);
901 	event = NULL;
902 	sctp_skb_for_each(pos, lobby, tmp) {
903 		cevent = (struct sctp_ulpevent *) pos->cb;
904 		csid = cevent->stream;
905 		cssn = cevent->ssn;
906 
907 		/* Have we gone too far?  */
908 		if (csid > sid)
909 			break;
910 
911 		/* Have we not gone far enough?  */
912 		if (csid < sid)
913 			continue;
914 
915 		/* see if this ssn has been marked by skipping */
916 		if (!SSN_lt(cssn, sctp_ssn_peek(in, csid)))
917 			break;
918 
919 		__skb_unlink(pos, lobby);
920 		if (!event)
921 			/* Create a temporary list to collect chunks on.  */
922 			event = sctp_skb2event(pos);
923 
924 		/* Attach all gathered skbs to the event.  */
925 		__skb_queue_tail(&temp, pos);
926 	}
927 
928 	/* If we didn't reap any data, see if the next expected SSN
929 	 * is next on the queue and if so, use that.
930 	 */
931 	if (event == NULL && pos != (struct sk_buff *)lobby) {
932 		cevent = (struct sctp_ulpevent *) pos->cb;
933 		csid = cevent->stream;
934 		cssn = cevent->ssn;
935 
936 		if (csid == sid && cssn == sctp_ssn_peek(in, csid)) {
937 			sctp_ssn_next(in, csid);
938 			__skb_unlink(pos, lobby);
939 			__skb_queue_tail(&temp, pos);
940 			event = sctp_skb2event(pos);
941 		}
942 	}
943 
944 	/* Send event to the ULP.  'event' is the sctp_ulpevent for
945 	 * very first SKB on the 'temp' list.
946 	 */
947 	if (event) {
948 		/* see if we have more ordered that we can deliver */
949 		sctp_ulpq_retrieve_ordered(ulpq, event);
950 		sctp_ulpq_tail_event(ulpq, event);
951 	}
952 }
953 
954 /* Skip over an SSN. This is used during the processing of
955  * Forwared TSN chunk to skip over the abandoned ordered data
956  */
957 void sctp_ulpq_skip(struct sctp_ulpq *ulpq, __u16 sid, __u16 ssn)
958 {
959 	struct sctp_stream *in;
960 
961 	/* Note: The stream ID must be verified before this routine.  */
962 	in  = &ulpq->asoc->ssnmap->in;
963 
964 	/* Is this an old SSN?  If so ignore. */
965 	if (SSN_lt(ssn, sctp_ssn_peek(in, sid)))
966 		return;
967 
968 	/* Mark that we are no longer expecting this SSN or lower. */
969 	sctp_ssn_skip(in, sid, ssn);
970 
971 	/* Go find any other chunks that were waiting for
972 	 * ordering and deliver them if needed.
973 	 */
974 	sctp_ulpq_reap_ordered(ulpq, sid);
975 }
976 
977 static __u16 sctp_ulpq_renege_list(struct sctp_ulpq *ulpq,
978 		struct sk_buff_head *list, __u16 needed)
979 {
980 	__u16 freed = 0;
981 	__u32 tsn, last_tsn;
982 	struct sk_buff *skb, *flist, *last;
983 	struct sctp_ulpevent *event;
984 	struct sctp_tsnmap *tsnmap;
985 
986 	tsnmap = &ulpq->asoc->peer.tsn_map;
987 
988 	while ((skb = skb_peek_tail(list)) != NULL) {
989 		event = sctp_skb2event(skb);
990 		tsn = event->tsn;
991 
992 		/* Don't renege below the Cumulative TSN ACK Point. */
993 		if (TSN_lte(tsn, sctp_tsnmap_get_ctsn(tsnmap)))
994 			break;
995 
996 		/* Events in ordering queue may have multiple fragments
997 		 * corresponding to additional TSNs.  Sum the total
998 		 * freed space; find the last TSN.
999 		 */
1000 		freed += skb_headlen(skb);
1001 		flist = skb_shinfo(skb)->frag_list;
1002 		for (last = flist; flist; flist = flist->next) {
1003 			last = flist;
1004 			freed += skb_headlen(last);
1005 		}
1006 		if (last)
1007 			last_tsn = sctp_skb2event(last)->tsn;
1008 		else
1009 			last_tsn = tsn;
1010 
1011 		/* Unlink the event, then renege all applicable TSNs. */
1012 		__skb_unlink(skb, list);
1013 		sctp_ulpevent_free(event);
1014 		while (TSN_lte(tsn, last_tsn)) {
1015 			sctp_tsnmap_renege(tsnmap, tsn);
1016 			tsn++;
1017 		}
1018 		if (freed >= needed)
1019 			return freed;
1020 	}
1021 
1022 	return freed;
1023 }
1024 
1025 /* Renege 'needed' bytes from the ordering queue. */
1026 static __u16 sctp_ulpq_renege_order(struct sctp_ulpq *ulpq, __u16 needed)
1027 {
1028 	return sctp_ulpq_renege_list(ulpq, &ulpq->lobby, needed);
1029 }
1030 
1031 /* Renege 'needed' bytes from the reassembly queue. */
1032 static __u16 sctp_ulpq_renege_frags(struct sctp_ulpq *ulpq, __u16 needed)
1033 {
1034 	return sctp_ulpq_renege_list(ulpq, &ulpq->reasm, needed);
1035 }
1036 
1037 /* Partial deliver the first message as there is pressure on rwnd. */
1038 void sctp_ulpq_partial_delivery(struct sctp_ulpq *ulpq,
1039 				gfp_t gfp)
1040 {
1041 	struct sctp_ulpevent *event;
1042 	struct sctp_association *asoc;
1043 	struct sctp_sock *sp;
1044 	__u32 ctsn;
1045 	struct sk_buff *skb;
1046 
1047 	asoc = ulpq->asoc;
1048 	sp = sctp_sk(asoc->base.sk);
1049 
1050 	/* If the association is already in Partial Delivery mode
1051 	 * we have nothing to do.
1052 	 */
1053 	if (ulpq->pd_mode)
1054 		return;
1055 
1056 	/* Data must be at or below the Cumulative TSN ACK Point to
1057 	 * start partial delivery.
1058 	 */
1059 	skb = skb_peek(&asoc->ulpq.reasm);
1060 	if (skb != NULL) {
1061 		ctsn = sctp_skb2event(skb)->tsn;
1062 		if (!TSN_lte(ctsn, sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map)))
1063 			return;
1064 	}
1065 
1066 	/* If the user enabled fragment interleave socket option,
1067 	 * multiple associations can enter partial delivery.
1068 	 * Otherwise, we can only enter partial delivery if the
1069 	 * socket is not in partial deliver mode.
1070 	 */
1071 	if (sp->frag_interleave || atomic_read(&sp->pd_mode) == 0) {
1072 		/* Is partial delivery possible?  */
1073 		event = sctp_ulpq_retrieve_first(ulpq);
1074 		/* Send event to the ULP.   */
1075 		if (event) {
1076 			sctp_ulpq_tail_event(ulpq, event);
1077 			sctp_ulpq_set_pd(ulpq);
1078 			return;
1079 		}
1080 	}
1081 }
1082 
1083 /* Renege some packets to make room for an incoming chunk.  */
1084 void sctp_ulpq_renege(struct sctp_ulpq *ulpq, struct sctp_chunk *chunk,
1085 		      gfp_t gfp)
1086 {
1087 	struct sctp_association *asoc;
1088 	__u16 needed, freed;
1089 
1090 	asoc = ulpq->asoc;
1091 
1092 	if (chunk) {
1093 		needed = ntohs(chunk->chunk_hdr->length);
1094 		needed -= sizeof(sctp_data_chunk_t);
1095 	} else
1096 		needed = SCTP_DEFAULT_MAXWINDOW;
1097 
1098 	freed = 0;
1099 
1100 	if (skb_queue_empty(&asoc->base.sk->sk_receive_queue)) {
1101 		freed = sctp_ulpq_renege_order(ulpq, needed);
1102 		if (freed < needed) {
1103 			freed += sctp_ulpq_renege_frags(ulpq, needed - freed);
1104 		}
1105 	}
1106 	/* If able to free enough room, accept this chunk. */
1107 	if (chunk && (freed >= needed)) {
1108 		int retval;
1109 		retval = sctp_ulpq_tail_data(ulpq, chunk, gfp);
1110 		/*
1111 		 * Enter partial delivery if chunk has not been
1112 		 * delivered; otherwise, drain the reassembly queue.
1113 		 */
1114 		if (retval <= 0)
1115 			sctp_ulpq_partial_delivery(ulpq, gfp);
1116 		else if (retval == 1)
1117 			sctp_ulpq_reasm_drain(ulpq);
1118 	}
1119 
1120 	sk_mem_reclaim(asoc->base.sk);
1121 }
1122 
1123 
1124 
1125 /* Notify the application if an association is aborted and in
1126  * partial delivery mode.  Send up any pending received messages.
1127  */
1128 void sctp_ulpq_abort_pd(struct sctp_ulpq *ulpq, gfp_t gfp)
1129 {
1130 	struct sctp_ulpevent *ev = NULL;
1131 	struct sock *sk;
1132 	struct sctp_sock *sp;
1133 
1134 	if (!ulpq->pd_mode)
1135 		return;
1136 
1137 	sk = ulpq->asoc->base.sk;
1138 	sp = sctp_sk(sk);
1139 	if (sctp_ulpevent_type_enabled(SCTP_PARTIAL_DELIVERY_EVENT,
1140 				       &sctp_sk(sk)->subscribe))
1141 		ev = sctp_ulpevent_make_pdapi(ulpq->asoc,
1142 					      SCTP_PARTIAL_DELIVERY_ABORTED,
1143 					      gfp);
1144 	if (ev)
1145 		__skb_queue_tail(&sk->sk_receive_queue, sctp_event2skb(ev));
1146 
1147 	/* If there is data waiting, send it up the socket now. */
1148 	if ((sctp_ulpq_clear_pd(ulpq) || ev) && !sp->data_ready_signalled) {
1149 		sp->data_ready_signalled = 1;
1150 		sk->sk_data_ready(sk);
1151 	}
1152 }
1153