xref: /openbmc/linux/net/tipc/msg.c (revision 4bce6fce)
1 /*
2  * net/tipc/msg.c: TIPC message header routines
3  *
4  * Copyright (c) 2000-2006, 2014-2015, Ericsson AB
5  * Copyright (c) 2005, 2010-2011, Wind River Systems
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions are met:
10  *
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 3. Neither the names of the copyright holders nor the names of its
17  *    contributors may be used to endorse or promote products derived from
18  *    this software without specific prior written permission.
19  *
20  * Alternatively, this software may be distributed under the terms of the
21  * GNU General Public License ("GPL") version 2 as published by the Free
22  * Software Foundation.
23  *
24  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
25  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
28  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
29  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
30  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
31  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
32  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
33  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
34  * POSSIBILITY OF SUCH DAMAGE.
35  */
36 
37 #include <net/sock.h>
38 #include "core.h"
39 #include "msg.h"
40 #include "addr.h"
41 #include "name_table.h"
42 
43 #define MAX_FORWARD_SIZE 1024
44 
45 static unsigned int align(unsigned int i)
46 {
47 	return (i + 3) & ~3u;
48 }
49 
50 /**
51  * tipc_buf_acquire - creates a TIPC message buffer
52  * @size: message size (including TIPC header)
53  *
54  * Returns a new buffer with data pointers set to the specified size.
55  *
56  * NOTE: Headroom is reserved to allow prepending of a data link header.
57  *       There may also be unrequested tailroom present at the buffer's end.
58  */
59 struct sk_buff *tipc_buf_acquire(u32 size)
60 {
61 	struct sk_buff *skb;
62 	unsigned int buf_size = (BUF_HEADROOM + size + 3) & ~3u;
63 
64 	skb = alloc_skb_fclone(buf_size, GFP_ATOMIC);
65 	if (skb) {
66 		skb_reserve(skb, BUF_HEADROOM);
67 		skb_put(skb, size);
68 		skb->next = NULL;
69 	}
70 	return skb;
71 }
72 
73 void tipc_msg_init(u32 own_node, struct tipc_msg *m, u32 user, u32 type,
74 		   u32 hsize, u32 dnode)
75 {
76 	memset(m, 0, hsize);
77 	msg_set_version(m);
78 	msg_set_user(m, user);
79 	msg_set_hdr_sz(m, hsize);
80 	msg_set_size(m, hsize);
81 	msg_set_prevnode(m, own_node);
82 	msg_set_type(m, type);
83 	if (hsize > SHORT_H_SIZE) {
84 		msg_set_orignode(m, own_node);
85 		msg_set_destnode(m, dnode);
86 	}
87 }
88 
89 struct sk_buff *tipc_msg_create(uint user, uint type,
90 				uint hdr_sz, uint data_sz, u32 dnode,
91 				u32 onode, u32 dport, u32 oport, int errcode)
92 {
93 	struct tipc_msg *msg;
94 	struct sk_buff *buf;
95 
96 	buf = tipc_buf_acquire(hdr_sz + data_sz);
97 	if (unlikely(!buf))
98 		return NULL;
99 
100 	msg = buf_msg(buf);
101 	tipc_msg_init(onode, msg, user, type, hdr_sz, dnode);
102 	msg_set_size(msg, hdr_sz + data_sz);
103 	msg_set_origport(msg, oport);
104 	msg_set_destport(msg, dport);
105 	msg_set_errcode(msg, errcode);
106 	if (hdr_sz > SHORT_H_SIZE) {
107 		msg_set_orignode(msg, onode);
108 		msg_set_destnode(msg, dnode);
109 	}
110 	return buf;
111 }
112 
113 /* tipc_buf_append(): Append a buffer to the fragment list of another buffer
114  * @*headbuf: in:  NULL for first frag, otherwise value returned from prev call
115  *            out: set when successful non-complete reassembly, otherwise NULL
116  * @*buf:     in:  the buffer to append. Always defined
117  *            out: head buf after successful complete reassembly, otherwise NULL
118  * Returns 1 when reassembly complete, otherwise 0
119  */
120 int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf)
121 {
122 	struct sk_buff *head = *headbuf;
123 	struct sk_buff *frag = *buf;
124 	struct sk_buff *tail;
125 	struct tipc_msg *msg;
126 	u32 fragid;
127 	int delta;
128 	bool headstolen;
129 
130 	if (!frag)
131 		goto err;
132 
133 	msg = buf_msg(frag);
134 	fragid = msg_type(msg);
135 	frag->next = NULL;
136 	skb_pull(frag, msg_hdr_sz(msg));
137 
138 	if (fragid == FIRST_FRAGMENT) {
139 		if (unlikely(head))
140 			goto err;
141 		if (unlikely(skb_unclone(frag, GFP_ATOMIC)))
142 			goto err;
143 		head = *headbuf = frag;
144 		skb_frag_list_init(head);
145 		TIPC_SKB_CB(head)->tail = NULL;
146 		*buf = NULL;
147 		return 0;
148 	}
149 
150 	if (!head)
151 		goto err;
152 
153 	if (skb_try_coalesce(head, frag, &headstolen, &delta)) {
154 		kfree_skb_partial(frag, headstolen);
155 	} else {
156 		tail = TIPC_SKB_CB(head)->tail;
157 		if (!skb_has_frag_list(head))
158 			skb_shinfo(head)->frag_list = frag;
159 		else
160 			tail->next = frag;
161 		head->truesize += frag->truesize;
162 		head->data_len += frag->len;
163 		head->len += frag->len;
164 		TIPC_SKB_CB(head)->tail = frag;
165 	}
166 
167 	if (fragid == LAST_FRAGMENT) {
168 		TIPC_SKB_CB(head)->validated = false;
169 		if (unlikely(!tipc_msg_validate(head)))
170 			goto err;
171 		*buf = head;
172 		TIPC_SKB_CB(head)->tail = NULL;
173 		*headbuf = NULL;
174 		return 1;
175 	}
176 	*buf = NULL;
177 	return 0;
178 err:
179 	pr_warn_ratelimited("Unable to build fragment list\n");
180 	kfree_skb(*buf);
181 	kfree_skb(*headbuf);
182 	*buf = *headbuf = NULL;
183 	return 0;
184 }
185 
186 /* tipc_msg_validate - validate basic format of received message
187  *
188  * This routine ensures a TIPC message has an acceptable header, and at least
189  * as much data as the header indicates it should.  The routine also ensures
190  * that the entire message header is stored in the main fragment of the message
191  * buffer, to simplify future access to message header fields.
192  *
193  * Note: Having extra info present in the message header or data areas is OK.
194  * TIPC will ignore the excess, under the assumption that it is optional info
195  * introduced by a later release of the protocol.
196  */
197 bool tipc_msg_validate(struct sk_buff *skb)
198 {
199 	struct tipc_msg *msg;
200 	int msz, hsz;
201 
202 	if (unlikely(TIPC_SKB_CB(skb)->validated))
203 		return true;
204 	if (unlikely(!pskb_may_pull(skb, MIN_H_SIZE)))
205 		return false;
206 
207 	hsz = msg_hdr_sz(buf_msg(skb));
208 	if (unlikely(hsz < MIN_H_SIZE) || (hsz > MAX_H_SIZE))
209 		return false;
210 	if (unlikely(!pskb_may_pull(skb, hsz)))
211 		return false;
212 
213 	msg = buf_msg(skb);
214 	if (unlikely(msg_version(msg) != TIPC_VERSION))
215 		return false;
216 
217 	msz = msg_size(msg);
218 	if (unlikely(msz < hsz))
219 		return false;
220 	if (unlikely((msz - hsz) > TIPC_MAX_USER_MSG_SIZE))
221 		return false;
222 	if (unlikely(skb->len < msz))
223 		return false;
224 
225 	TIPC_SKB_CB(skb)->validated = true;
226 	return true;
227 }
228 
229 /**
230  * tipc_msg_build - create buffer chain containing specified header and data
231  * @mhdr: Message header, to be prepended to data
232  * @m: User message
233  * @dsz: Total length of user data
234  * @pktmax: Max packet size that can be used
235  * @list: Buffer or chain of buffers to be returned to caller
236  *
237  * Returns message data size or errno: -ENOMEM, -EFAULT
238  */
239 int tipc_msg_build(struct tipc_msg *mhdr, struct msghdr *m,
240 		   int offset, int dsz, int pktmax, struct sk_buff_head *list)
241 {
242 	int mhsz = msg_hdr_sz(mhdr);
243 	int msz = mhsz + dsz;
244 	int pktno = 1;
245 	int pktsz;
246 	int pktrem = pktmax;
247 	int drem = dsz;
248 	struct tipc_msg pkthdr;
249 	struct sk_buff *skb;
250 	char *pktpos;
251 	int rc;
252 
253 	msg_set_size(mhdr, msz);
254 
255 	/* No fragmentation needed? */
256 	if (likely(msz <= pktmax)) {
257 		skb = tipc_buf_acquire(msz);
258 		if (unlikely(!skb))
259 			return -ENOMEM;
260 		skb_orphan(skb);
261 		__skb_queue_tail(list, skb);
262 		skb_copy_to_linear_data(skb, mhdr, mhsz);
263 		pktpos = skb->data + mhsz;
264 		if (copy_from_iter(pktpos, dsz, &m->msg_iter) == dsz)
265 			return dsz;
266 		rc = -EFAULT;
267 		goto error;
268 	}
269 
270 	/* Prepare reusable fragment header */
271 	tipc_msg_init(msg_prevnode(mhdr), &pkthdr, MSG_FRAGMENTER,
272 		      FIRST_FRAGMENT, INT_H_SIZE, msg_destnode(mhdr));
273 	msg_set_size(&pkthdr, pktmax);
274 	msg_set_fragm_no(&pkthdr, pktno);
275 	msg_set_importance(&pkthdr, msg_importance(mhdr));
276 
277 	/* Prepare first fragment */
278 	skb = tipc_buf_acquire(pktmax);
279 	if (!skb)
280 		return -ENOMEM;
281 	skb_orphan(skb);
282 	__skb_queue_tail(list, skb);
283 	pktpos = skb->data;
284 	skb_copy_to_linear_data(skb, &pkthdr, INT_H_SIZE);
285 	pktpos += INT_H_SIZE;
286 	pktrem -= INT_H_SIZE;
287 	skb_copy_to_linear_data_offset(skb, INT_H_SIZE, mhdr, mhsz);
288 	pktpos += mhsz;
289 	pktrem -= mhsz;
290 
291 	do {
292 		if (drem < pktrem)
293 			pktrem = drem;
294 
295 		if (copy_from_iter(pktpos, pktrem, &m->msg_iter) != pktrem) {
296 			rc = -EFAULT;
297 			goto error;
298 		}
299 		drem -= pktrem;
300 
301 		if (!drem)
302 			break;
303 
304 		/* Prepare new fragment: */
305 		if (drem < (pktmax - INT_H_SIZE))
306 			pktsz = drem + INT_H_SIZE;
307 		else
308 			pktsz = pktmax;
309 		skb = tipc_buf_acquire(pktsz);
310 		if (!skb) {
311 			rc = -ENOMEM;
312 			goto error;
313 		}
314 		skb_orphan(skb);
315 		__skb_queue_tail(list, skb);
316 		msg_set_type(&pkthdr, FRAGMENT);
317 		msg_set_size(&pkthdr, pktsz);
318 		msg_set_fragm_no(&pkthdr, ++pktno);
319 		skb_copy_to_linear_data(skb, &pkthdr, INT_H_SIZE);
320 		pktpos = skb->data + INT_H_SIZE;
321 		pktrem = pktsz - INT_H_SIZE;
322 
323 	} while (1);
324 	msg_set_type(buf_msg(skb), LAST_FRAGMENT);
325 	return dsz;
326 error:
327 	__skb_queue_purge(list);
328 	__skb_queue_head_init(list);
329 	return rc;
330 }
331 
332 /**
333  * tipc_msg_bundle(): Append contents of a buffer to tail of an existing one
334  * @bskb: the buffer to append to ("bundle")
335  * @skb:  buffer to be appended
336  * @mtu:  max allowable size for the bundle buffer
337  * Consumes buffer if successful
338  * Returns true if bundling could be performed, otherwise false
339  */
340 bool tipc_msg_bundle(struct sk_buff *bskb, struct sk_buff *skb, u32 mtu)
341 {
342 	struct tipc_msg *bmsg;
343 	struct tipc_msg *msg = buf_msg(skb);
344 	unsigned int bsz;
345 	unsigned int msz = msg_size(msg);
346 	u32 start, pad;
347 	u32 max = mtu - INT_H_SIZE;
348 
349 	if (likely(msg_user(msg) == MSG_FRAGMENTER))
350 		return false;
351 	if (!bskb)
352 		return false;
353 	bmsg = buf_msg(bskb);
354 	bsz = msg_size(bmsg);
355 	start = align(bsz);
356 	pad = start - bsz;
357 
358 	if (unlikely(msg_user(msg) == TUNNEL_PROTOCOL))
359 		return false;
360 	if (unlikely(msg_user(msg) == BCAST_PROTOCOL))
361 		return false;
362 	if (likely(msg_user(bmsg) != MSG_BUNDLER))
363 		return false;
364 	if (unlikely(skb_tailroom(bskb) < (pad + msz)))
365 		return false;
366 	if (unlikely(max < (start + msz)))
367 		return false;
368 
369 	skb_put(bskb, pad + msz);
370 	skb_copy_to_linear_data_offset(bskb, start, skb->data, msz);
371 	msg_set_size(bmsg, start + msz);
372 	msg_set_msgcnt(bmsg, msg_msgcnt(bmsg) + 1);
373 	kfree_skb(skb);
374 	return true;
375 }
376 
377 /**
378  *  tipc_msg_extract(): extract bundled inner packet from buffer
379  *  @skb: buffer to be extracted from.
380  *  @iskb: extracted inner buffer, to be returned
381  *  @pos: position in outer message of msg to be extracted.
382  *        Returns position of next msg
383  *  Consumes outer buffer when last packet extracted
384  *  Returns true when when there is an extracted buffer, otherwise false
385  */
386 bool tipc_msg_extract(struct sk_buff *skb, struct sk_buff **iskb, int *pos)
387 {
388 	struct tipc_msg *msg;
389 	int imsz, offset;
390 
391 	*iskb = NULL;
392 	if (unlikely(skb_linearize(skb)))
393 		goto none;
394 
395 	msg = buf_msg(skb);
396 	offset = msg_hdr_sz(msg) + *pos;
397 	if (unlikely(offset > (msg_size(msg) - MIN_H_SIZE)))
398 		goto none;
399 
400 	*iskb = skb_clone(skb, GFP_ATOMIC);
401 	if (unlikely(!*iskb))
402 		goto none;
403 	skb_pull(*iskb, offset);
404 	imsz = msg_size(buf_msg(*iskb));
405 	skb_trim(*iskb, imsz);
406 	if (unlikely(!tipc_msg_validate(*iskb)))
407 		goto none;
408 	*pos += align(imsz);
409 	return true;
410 none:
411 	kfree_skb(skb);
412 	kfree_skb(*iskb);
413 	*iskb = NULL;
414 	return false;
415 }
416 
417 /**
418  * tipc_msg_make_bundle(): Create bundle buf and append message to its tail
419  * @list: the buffer chain
420  * @skb: buffer to be appended and replaced
421  * @mtu: max allowable size for the bundle buffer, inclusive header
422  * @dnode: destination node for message. (Not always present in header)
423  * Replaces buffer if successful
424  * Returns true if success, otherwise false
425  */
426 bool tipc_msg_make_bundle(struct sk_buff **skb, u32 mtu, u32 dnode)
427 {
428 	struct sk_buff *bskb;
429 	struct tipc_msg *bmsg;
430 	struct tipc_msg *msg = buf_msg(*skb);
431 	u32 msz = msg_size(msg);
432 	u32 max = mtu - INT_H_SIZE;
433 
434 	if (msg_user(msg) == MSG_FRAGMENTER)
435 		return false;
436 	if (msg_user(msg) == TUNNEL_PROTOCOL)
437 		return false;
438 	if (msg_user(msg) == BCAST_PROTOCOL)
439 		return false;
440 	if (msz > (max / 2))
441 		return false;
442 
443 	bskb = tipc_buf_acquire(max);
444 	if (!bskb)
445 		return false;
446 
447 	skb_trim(bskb, INT_H_SIZE);
448 	bmsg = buf_msg(bskb);
449 	tipc_msg_init(msg_prevnode(msg), bmsg, MSG_BUNDLER, 0,
450 		      INT_H_SIZE, dnode);
451 	msg_set_seqno(bmsg, msg_seqno(msg));
452 	msg_set_ack(bmsg, msg_ack(msg));
453 	msg_set_bcast_ack(bmsg, msg_bcast_ack(msg));
454 	tipc_msg_bundle(bskb, *skb, mtu);
455 	*skb = bskb;
456 	return true;
457 }
458 
459 /**
460  * tipc_msg_reverse(): swap source and destination addresses and add error code
461  * @buf:  buffer containing message to be reversed
462  * @dnode: return value: node where to send message after reversal
463  * @err:  error code to be set in message
464  * Consumes buffer if failure
465  * Returns true if success, otherwise false
466  */
467 bool tipc_msg_reverse(u32 own_addr,  struct sk_buff *buf, u32 *dnode,
468 		      int err)
469 {
470 	struct tipc_msg *msg = buf_msg(buf);
471 	struct tipc_msg ohdr;
472 	uint rdsz = min_t(uint, msg_data_sz(msg), MAX_FORWARD_SIZE);
473 
474 	if (skb_linearize(buf))
475 		goto exit;
476 	msg = buf_msg(buf);
477 	if (msg_dest_droppable(msg))
478 		goto exit;
479 	if (msg_errcode(msg))
480 		goto exit;
481 	memcpy(&ohdr, msg, msg_hdr_sz(msg));
482 	msg_set_errcode(msg, err);
483 	msg_set_origport(msg, msg_destport(&ohdr));
484 	msg_set_destport(msg, msg_origport(&ohdr));
485 	msg_set_prevnode(msg, own_addr);
486 	if (!msg_short(msg)) {
487 		msg_set_orignode(msg, msg_destnode(&ohdr));
488 		msg_set_destnode(msg, msg_orignode(&ohdr));
489 	}
490 	msg_set_size(msg, msg_hdr_sz(msg) + rdsz);
491 	skb_trim(buf, msg_size(msg));
492 	skb_orphan(buf);
493 	*dnode = msg_orignode(&ohdr);
494 	return true;
495 exit:
496 	kfree_skb(buf);
497 	*dnode = 0;
498 	return false;
499 }
500 
501 /**
502  * tipc_msg_lookup_dest(): try to find new destination for named message
503  * @skb: the buffer containing the message.
504  * @dnode: return value: next-hop node, if destination found
505  * @err: return value: error code to use, if message to be rejected
506  * Does not consume buffer
507  * Returns true if a destination is found, false otherwise
508  */
509 bool tipc_msg_lookup_dest(struct net *net, struct sk_buff *skb,
510 			  u32 *dnode, int *err)
511 {
512 	struct tipc_msg *msg = buf_msg(skb);
513 	u32 dport;
514 	u32 own_addr = tipc_own_addr(net);
515 
516 	if (!msg_isdata(msg))
517 		return false;
518 	if (!msg_named(msg))
519 		return false;
520 	if (msg_errcode(msg))
521 		return false;
522 	*err = -TIPC_ERR_NO_NAME;
523 	if (skb_linearize(skb))
524 		return false;
525 	if (msg_reroute_cnt(msg))
526 		return false;
527 	*dnode = addr_domain(net, msg_lookup_scope(msg));
528 	dport = tipc_nametbl_translate(net, msg_nametype(msg),
529 				       msg_nameinst(msg), dnode);
530 	if (!dport)
531 		return false;
532 	msg_incr_reroute_cnt(msg);
533 	if (*dnode != own_addr)
534 		msg_set_prevnode(msg, own_addr);
535 	msg_set_destnode(msg, *dnode);
536 	msg_set_destport(msg, dport);
537 	*err = TIPC_OK;
538 	return true;
539 }
540 
541 /* tipc_msg_reassemble() - clone a buffer chain of fragments and
542  *                         reassemble the clones into one message
543  */
544 struct sk_buff *tipc_msg_reassemble(struct sk_buff_head *list)
545 {
546 	struct sk_buff *skb;
547 	struct sk_buff *frag = NULL;
548 	struct sk_buff *head = NULL;
549 	int hdr_sz;
550 
551 	/* Copy header if single buffer */
552 	if (skb_queue_len(list) == 1) {
553 		skb = skb_peek(list);
554 		hdr_sz = skb_headroom(skb) + msg_hdr_sz(buf_msg(skb));
555 		return __pskb_copy(skb, hdr_sz, GFP_ATOMIC);
556 	}
557 
558 	/* Clone all fragments and reassemble */
559 	skb_queue_walk(list, skb) {
560 		frag = skb_clone(skb, GFP_ATOMIC);
561 		if (!frag)
562 			goto error;
563 		frag->next = NULL;
564 		if (tipc_buf_append(&head, &frag))
565 			break;
566 		if (!head)
567 			goto error;
568 	}
569 	return frag;
570 error:
571 	pr_warn("Failed do clone local mcast rcv buffer\n");
572 	kfree_skb(head);
573 	return NULL;
574 }
575