PageRenderTime 124ms CodeModel.GetById 28ms app.highlight 70ms RepoModel.GetById 1ms app.codeStats 2ms

/net/sctp/socket.c

http://github.com/mirrors/linux
C | 9687 lines | 6253 code | 1457 blank | 1977 comment | 1474 complexity | 32df4213cbcfd876d7520045e797b19b MD5 | raw file

Large files files are truncated, but you can click here to view the full file

   1// SPDX-License-Identifier: GPL-2.0-or-later
   2/* SCTP kernel implementation
   3 * (C) Copyright IBM Corp. 2001, 2004
   4 * Copyright (c) 1999-2000 Cisco, Inc.
   5 * Copyright (c) 1999-2001 Motorola, Inc.
   6 * Copyright (c) 2001-2003 Intel Corp.
   7 * Copyright (c) 2001-2002 Nokia, Inc.
   8 * Copyright (c) 2001 La Monte H.P. Yarroll
   9 *
  10 * This file is part of the SCTP kernel implementation
  11 *
  12 * These functions interface with the sockets layer to implement the
  13 * SCTP Extensions for the Sockets API.
  14 *
  15 * Note that the descriptions from the specification are USER level
  16 * functions--this file is the functions which populate the struct proto
  17 * for SCTP which is the BOTTOM of the sockets interface.
  18 *
  19 * Please send any bug reports or fixes you make to the
  20 * email address(es):
  21 *    lksctp developers <linux-sctp@vger.kernel.org>
  22 *
  23 * Written or modified by:
  24 *    La Monte H.P. Yarroll <piggy@acm.org>
  25 *    Narasimha Budihal     <narsi@refcode.org>
  26 *    Karl Knutson          <karl@athena.chicago.il.us>
  27 *    Jon Grimm             <jgrimm@us.ibm.com>
  28 *    Xingang Guo           <xingang.guo@intel.com>
  29 *    Daisy Chang           <daisyc@us.ibm.com>
  30 *    Sridhar Samudrala     <samudrala@us.ibm.com>
  31 *    Inaky Perez-Gonzalez  <inaky.gonzalez@intel.com>
  32 *    Ardelle Fan	    <ardelle.fan@intel.com>
  33 *    Ryan Layer	    <rmlayer@us.ibm.com>
  34 *    Anup Pemmaiah         <pemmaiah@cc.usu.edu>
  35 *    Kevin Gao             <kevin.gao@intel.com>
  36 */
  37
  38#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  39
  40#include <crypto/hash.h>
  41#include <linux/types.h>
  42#include <linux/kernel.h>
  43#include <linux/wait.h>
  44#include <linux/time.h>
  45#include <linux/sched/signal.h>
  46#include <linux/ip.h>
  47#include <linux/capability.h>
  48#include <linux/fcntl.h>
  49#include <linux/poll.h>
  50#include <linux/init.h>
  51#include <linux/slab.h>
  52#include <linux/file.h>
  53#include <linux/compat.h>
  54#include <linux/rhashtable.h>
  55
  56#include <net/ip.h>
  57#include <net/icmp.h>
  58#include <net/route.h>
  59#include <net/ipv6.h>
  60#include <net/inet_common.h>
  61#include <net/busy_poll.h>
  62
  63#include <linux/socket.h> /* for sa_family_t */
  64#include <linux/export.h>
  65#include <net/sock.h>
  66#include <net/sctp/sctp.h>
  67#include <net/sctp/sm.h>
  68#include <net/sctp/stream_sched.h>
  69
  70/* Forward declarations for internal helper functions. */
  71static bool sctp_writeable(struct sock *sk);
  72static void sctp_wfree(struct sk_buff *skb);
  73static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p,
  74				size_t msg_len);
  75static int sctp_wait_for_packet(struct sock *sk, int *err, long *timeo_p);
  76static int sctp_wait_for_connect(struct sctp_association *, long *timeo_p);
  77static int sctp_wait_for_accept(struct sock *sk, long timeo);
  78static void sctp_wait_for_close(struct sock *sk, long timeo);
  79static void sctp_destruct_sock(struct sock *sk);
  80static struct sctp_af *sctp_sockaddr_af(struct sctp_sock *opt,
  81					union sctp_addr *addr, int len);
  82static int sctp_bindx_add(struct sock *, struct sockaddr *, int);
  83static int sctp_bindx_rem(struct sock *, struct sockaddr *, int);
  84static int sctp_send_asconf_add_ip(struct sock *, struct sockaddr *, int);
  85static int sctp_send_asconf_del_ip(struct sock *, struct sockaddr *, int);
  86static int sctp_send_asconf(struct sctp_association *asoc,
  87			    struct sctp_chunk *chunk);
  88static int sctp_do_bind(struct sock *, union sctp_addr *, int);
  89static int sctp_autobind(struct sock *sk);
  90static int sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
  91			     struct sctp_association *assoc,
  92			     enum sctp_socket_type type);
  93
  94static unsigned long sctp_memory_pressure;
  95static atomic_long_t sctp_memory_allocated;
  96struct percpu_counter sctp_sockets_allocated;
  97
  98static void sctp_enter_memory_pressure(struct sock *sk)
  99{
 100	sctp_memory_pressure = 1;
 101}
 102
 103
 104/* Get the sndbuf space available at the time on the association.  */
 105static inline int sctp_wspace(struct sctp_association *asoc)
 106{
 107	struct sock *sk = asoc->base.sk;
 108
 109	return asoc->ep->sndbuf_policy ? sk->sk_sndbuf - asoc->sndbuf_used
 110				       : sk_stream_wspace(sk);
 111}
 112
 113/* Increment the used sndbuf space count of the corresponding association by
 114 * the size of the outgoing data chunk.
 115 * Also, set the skb destructor for sndbuf accounting later.
 116 *
 117 * Since it is always 1-1 between chunk and skb, and also a new skb is always
 118 * allocated for chunk bundling in sctp_packet_transmit(), we can use the
 119 * destructor in the data chunk skb for the purpose of the sndbuf space
 120 * tracking.
 121 */
 122static inline void sctp_set_owner_w(struct sctp_chunk *chunk)
 123{
 124	struct sctp_association *asoc = chunk->asoc;
 125	struct sock *sk = asoc->base.sk;
 126
 127	/* The sndbuf space is tracked per association.  */
 128	sctp_association_hold(asoc);
 129
 130	if (chunk->shkey)
 131		sctp_auth_shkey_hold(chunk->shkey);
 132
 133	skb_set_owner_w(chunk->skb, sk);
 134
 135	chunk->skb->destructor = sctp_wfree;
 136	/* Save the chunk pointer in skb for sctp_wfree to use later.  */
 137	skb_shinfo(chunk->skb)->destructor_arg = chunk;
 138
 139	refcount_add(sizeof(struct sctp_chunk), &sk->sk_wmem_alloc);
 140	asoc->sndbuf_used += chunk->skb->truesize + sizeof(struct sctp_chunk);
 141	sk->sk_wmem_queued += chunk->skb->truesize + sizeof(struct sctp_chunk);
 142	sk_mem_charge(sk, chunk->skb->truesize);
 143}
 144
 145static void sctp_clear_owner_w(struct sctp_chunk *chunk)
 146{
 147	skb_orphan(chunk->skb);
 148}
 149
 150#define traverse_and_process()	\
 151do {				\
 152	msg = chunk->msg;	\
 153	if (msg == prev_msg)	\
 154		continue;	\
 155	list_for_each_entry(c, &msg->chunks, frag_list) {	\
 156		if ((clear && asoc->base.sk == c->skb->sk) ||	\
 157		    (!clear && asoc->base.sk != c->skb->sk))	\
 158			cb(c);	\
 159	}			\
 160	prev_msg = msg;		\
 161} while (0)
 162
 163static void sctp_for_each_tx_datachunk(struct sctp_association *asoc,
 164				       bool clear,
 165				       void (*cb)(struct sctp_chunk *))
 166
 167{
 168	struct sctp_datamsg *msg, *prev_msg = NULL;
 169	struct sctp_outq *q = &asoc->outqueue;
 170	struct sctp_chunk *chunk, *c;
 171	struct sctp_transport *t;
 172
 173	list_for_each_entry(t, &asoc->peer.transport_addr_list, transports)
 174		list_for_each_entry(chunk, &t->transmitted, transmitted_list)
 175			traverse_and_process();
 176
 177	list_for_each_entry(chunk, &q->retransmit, transmitted_list)
 178		traverse_and_process();
 179
 180	list_for_each_entry(chunk, &q->sacked, transmitted_list)
 181		traverse_and_process();
 182
 183	list_for_each_entry(chunk, &q->abandoned, transmitted_list)
 184		traverse_and_process();
 185
 186	list_for_each_entry(chunk, &q->out_chunk_list, list)
 187		traverse_and_process();
 188}
 189
 190static void sctp_for_each_rx_skb(struct sctp_association *asoc, struct sock *sk,
 191				 void (*cb)(struct sk_buff *, struct sock *))
 192
 193{
 194	struct sk_buff *skb, *tmp;
 195
 196	sctp_skb_for_each(skb, &asoc->ulpq.lobby, tmp)
 197		cb(skb, sk);
 198
 199	sctp_skb_for_each(skb, &asoc->ulpq.reasm, tmp)
 200		cb(skb, sk);
 201
 202	sctp_skb_for_each(skb, &asoc->ulpq.reasm_uo, tmp)
 203		cb(skb, sk);
 204}
 205
 206/* Verify that this is a valid address. */
 207static inline int sctp_verify_addr(struct sock *sk, union sctp_addr *addr,
 208				   int len)
 209{
 210	struct sctp_af *af;
 211
 212	/* Verify basic sockaddr. */
 213	af = sctp_sockaddr_af(sctp_sk(sk), addr, len);
 214	if (!af)
 215		return -EINVAL;
 216
 217	/* Is this a valid SCTP address?  */
 218	if (!af->addr_valid(addr, sctp_sk(sk), NULL))
 219		return -EINVAL;
 220
 221	if (!sctp_sk(sk)->pf->send_verify(sctp_sk(sk), (addr)))
 222		return -EINVAL;
 223
 224	return 0;
 225}
 226
 227/* Look up the association by its id.  If this is not a UDP-style
 228 * socket, the ID field is always ignored.
 229 */
 230struct sctp_association *sctp_id2assoc(struct sock *sk, sctp_assoc_t id)
 231{
 232	struct sctp_association *asoc = NULL;
 233
 234	/* If this is not a UDP-style socket, assoc id should be ignored. */
 235	if (!sctp_style(sk, UDP)) {
 236		/* Return NULL if the socket state is not ESTABLISHED. It
 237		 * could be a TCP-style listening socket or a socket which
 238		 * hasn't yet called connect() to establish an association.
 239		 */
 240		if (!sctp_sstate(sk, ESTABLISHED) && !sctp_sstate(sk, CLOSING))
 241			return NULL;
 242
 243		/* Get the first and the only association from the list. */
 244		if (!list_empty(&sctp_sk(sk)->ep->asocs))
 245			asoc = list_entry(sctp_sk(sk)->ep->asocs.next,
 246					  struct sctp_association, asocs);
 247		return asoc;
 248	}
 249
 250	/* Otherwise this is a UDP-style socket. */
 251	if (id <= SCTP_ALL_ASSOC)
 252		return NULL;
 253
 254	spin_lock_bh(&sctp_assocs_id_lock);
 255	asoc = (struct sctp_association *)idr_find(&sctp_assocs_id, (int)id);
 256	if (asoc && (asoc->base.sk != sk || asoc->base.dead))
 257		asoc = NULL;
 258	spin_unlock_bh(&sctp_assocs_id_lock);
 259
 260	return asoc;
 261}
 262
 263/* Look up the transport from an address and an assoc id. If both address and
 264 * id are specified, the associations matching the address and the id should be
 265 * the same.
 266 */
 267static struct sctp_transport *sctp_addr_id2transport(struct sock *sk,
 268					      struct sockaddr_storage *addr,
 269					      sctp_assoc_t id)
 270{
 271	struct sctp_association *addr_asoc = NULL, *id_asoc = NULL;
 272	struct sctp_af *af = sctp_get_af_specific(addr->ss_family);
 273	union sctp_addr *laddr = (union sctp_addr *)addr;
 274	struct sctp_transport *transport;
 275
 276	if (!af || sctp_verify_addr(sk, laddr, af->sockaddr_len))
 277		return NULL;
 278
 279	addr_asoc = sctp_endpoint_lookup_assoc(sctp_sk(sk)->ep,
 280					       laddr,
 281					       &transport);
 282
 283	if (!addr_asoc)
 284		return NULL;
 285
 286	id_asoc = sctp_id2assoc(sk, id);
 287	if (id_asoc && (id_asoc != addr_asoc))
 288		return NULL;
 289
 290	sctp_get_pf_specific(sk->sk_family)->addr_to_user(sctp_sk(sk),
 291						(union sctp_addr *)addr);
 292
 293	return transport;
 294}
 295
 296/* API 3.1.2 bind() - UDP Style Syntax
 297 * The syntax of bind() is,
 298 *
 299 *   ret = bind(int sd, struct sockaddr *addr, int addrlen);
 300 *
 301 *   sd      - the socket descriptor returned by socket().
 302 *   addr    - the address structure (struct sockaddr_in or struct
 303 *             sockaddr_in6 [RFC 2553]),
 304 *   addr_len - the size of the address structure.
 305 */
 306static int sctp_bind(struct sock *sk, struct sockaddr *addr, int addr_len)
 307{
 308	int retval = 0;
 309
 310	lock_sock(sk);
 311
 312	pr_debug("%s: sk:%p, addr:%p, addr_len:%d\n", __func__, sk,
 313		 addr, addr_len);
 314
 315	/* Disallow binding twice. */
 316	if (!sctp_sk(sk)->ep->base.bind_addr.port)
 317		retval = sctp_do_bind(sk, (union sctp_addr *)addr,
 318				      addr_len);
 319	else
 320		retval = -EINVAL;
 321
 322	release_sock(sk);
 323
 324	return retval;
 325}
 326
 327static int sctp_get_port_local(struct sock *, union sctp_addr *);
 328
 329/* Verify this is a valid sockaddr. */
 330static struct sctp_af *sctp_sockaddr_af(struct sctp_sock *opt,
 331					union sctp_addr *addr, int len)
 332{
 333	struct sctp_af *af;
 334
 335	/* Check minimum size.  */
 336	if (len < sizeof (struct sockaddr))
 337		return NULL;
 338
 339	if (!opt->pf->af_supported(addr->sa.sa_family, opt))
 340		return NULL;
 341
 342	if (addr->sa.sa_family == AF_INET6) {
 343		if (len < SIN6_LEN_RFC2133)
 344			return NULL;
 345		/* V4 mapped address are really of AF_INET family */
 346		if (ipv6_addr_v4mapped(&addr->v6.sin6_addr) &&
 347		    !opt->pf->af_supported(AF_INET, opt))
 348			return NULL;
 349	}
 350
 351	/* If we get this far, af is valid. */
 352	af = sctp_get_af_specific(addr->sa.sa_family);
 353
 354	if (len < af->sockaddr_len)
 355		return NULL;
 356
 357	return af;
 358}
 359
 360/* Bind a local address either to an endpoint or to an association.  */
 361static int sctp_do_bind(struct sock *sk, union sctp_addr *addr, int len)
 362{
 363	struct net *net = sock_net(sk);
 364	struct sctp_sock *sp = sctp_sk(sk);
 365	struct sctp_endpoint *ep = sp->ep;
 366	struct sctp_bind_addr *bp = &ep->base.bind_addr;
 367	struct sctp_af *af;
 368	unsigned short snum;
 369	int ret = 0;
 370
 371	/* Common sockaddr verification. */
 372	af = sctp_sockaddr_af(sp, addr, len);
 373	if (!af) {
 374		pr_debug("%s: sk:%p, newaddr:%p, len:%d EINVAL\n",
 375			 __func__, sk, addr, len);
 376		return -EINVAL;
 377	}
 378
 379	snum = ntohs(addr->v4.sin_port);
 380
 381	pr_debug("%s: sk:%p, new addr:%pISc, port:%d, new port:%d, len:%d\n",
 382		 __func__, sk, &addr->sa, bp->port, snum, len);
 383
 384	/* PF specific bind() address verification. */
 385	if (!sp->pf->bind_verify(sp, addr))
 386		return -EADDRNOTAVAIL;
 387
 388	/* We must either be unbound, or bind to the same port.
 389	 * It's OK to allow 0 ports if we are already bound.
 390	 * We'll just inhert an already bound port in this case
 391	 */
 392	if (bp->port) {
 393		if (!snum)
 394			snum = bp->port;
 395		else if (snum != bp->port) {
 396			pr_debug("%s: new port %d doesn't match existing port "
 397				 "%d\n", __func__, snum, bp->port);
 398			return -EINVAL;
 399		}
 400	}
 401
 402	if (snum && inet_port_requires_bind_service(net, snum) &&
 403	    !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE))
 404		return -EACCES;
 405
 406	/* See if the address matches any of the addresses we may have
 407	 * already bound before checking against other endpoints.
 408	 */
 409	if (sctp_bind_addr_match(bp, addr, sp))
 410		return -EINVAL;
 411
 412	/* Make sure we are allowed to bind here.
 413	 * The function sctp_get_port_local() does duplicate address
 414	 * detection.
 415	 */
 416	addr->v4.sin_port = htons(snum);
 417	if (sctp_get_port_local(sk, addr))
 418		return -EADDRINUSE;
 419
 420	/* Refresh ephemeral port.  */
 421	if (!bp->port)
 422		bp->port = inet_sk(sk)->inet_num;
 423
 424	/* Add the address to the bind address list.
 425	 * Use GFP_ATOMIC since BHs will be disabled.
 426	 */
 427	ret = sctp_add_bind_addr(bp, addr, af->sockaddr_len,
 428				 SCTP_ADDR_SRC, GFP_ATOMIC);
 429
 430	if (ret) {
 431		sctp_put_port(sk);
 432		return ret;
 433	}
 434	/* Copy back into socket for getsockname() use. */
 435	inet_sk(sk)->inet_sport = htons(inet_sk(sk)->inet_num);
 436	sp->pf->to_sk_saddr(addr, sk);
 437
 438	return ret;
 439}
 440
 441 /* ADDIP Section 4.1.1 Congestion Control of ASCONF Chunks
 442 *
 443 * R1) One and only one ASCONF Chunk MAY be in transit and unacknowledged
 444 * at any one time.  If a sender, after sending an ASCONF chunk, decides
 445 * it needs to transfer another ASCONF Chunk, it MUST wait until the
 446 * ASCONF-ACK Chunk returns from the previous ASCONF Chunk before sending a
 447 * subsequent ASCONF. Note this restriction binds each side, so at any
 448 * time two ASCONF may be in-transit on any given association (one sent
 449 * from each endpoint).
 450 */
 451static int sctp_send_asconf(struct sctp_association *asoc,
 452			    struct sctp_chunk *chunk)
 453{
 454	int retval = 0;
 455
 456	/* If there is an outstanding ASCONF chunk, queue it for later
 457	 * transmission.
 458	 */
 459	if (asoc->addip_last_asconf) {
 460		list_add_tail(&chunk->list, &asoc->addip_chunk_list);
 461		goto out;
 462	}
 463
 464	/* Hold the chunk until an ASCONF_ACK is received. */
 465	sctp_chunk_hold(chunk);
 466	retval = sctp_primitive_ASCONF(asoc->base.net, asoc, chunk);
 467	if (retval)
 468		sctp_chunk_free(chunk);
 469	else
 470		asoc->addip_last_asconf = chunk;
 471
 472out:
 473	return retval;
 474}
 475
 476/* Add a list of addresses as bind addresses to local endpoint or
 477 * association.
 478 *
 479 * Basically run through each address specified in the addrs/addrcnt
 480 * array/length pair, determine if it is IPv6 or IPv4 and call
 481 * sctp_do_bind() on it.
 482 *
 483 * If any of them fails, then the operation will be reversed and the
 484 * ones that were added will be removed.
 485 *
 486 * Only sctp_setsockopt_bindx() is supposed to call this function.
 487 */
 488static int sctp_bindx_add(struct sock *sk, struct sockaddr *addrs, int addrcnt)
 489{
 490	int cnt;
 491	int retval = 0;
 492	void *addr_buf;
 493	struct sockaddr *sa_addr;
 494	struct sctp_af *af;
 495
 496	pr_debug("%s: sk:%p, addrs:%p, addrcnt:%d\n", __func__, sk,
 497		 addrs, addrcnt);
 498
 499	addr_buf = addrs;
 500	for (cnt = 0; cnt < addrcnt; cnt++) {
 501		/* The list may contain either IPv4 or IPv6 address;
 502		 * determine the address length for walking thru the list.
 503		 */
 504		sa_addr = addr_buf;
 505		af = sctp_get_af_specific(sa_addr->sa_family);
 506		if (!af) {
 507			retval = -EINVAL;
 508			goto err_bindx_add;
 509		}
 510
 511		retval = sctp_do_bind(sk, (union sctp_addr *)sa_addr,
 512				      af->sockaddr_len);
 513
 514		addr_buf += af->sockaddr_len;
 515
 516err_bindx_add:
 517		if (retval < 0) {
 518			/* Failed. Cleanup the ones that have been added */
 519			if (cnt > 0)
 520				sctp_bindx_rem(sk, addrs, cnt);
 521			return retval;
 522		}
 523	}
 524
 525	return retval;
 526}
 527
 528/* Send an ASCONF chunk with Add IP address parameters to all the peers of the
 529 * associations that are part of the endpoint indicating that a list of local
 530 * addresses are added to the endpoint.
 531 *
 532 * If any of the addresses is already in the bind address list of the
 533 * association, we do not send the chunk for that association.  But it will not
 534 * affect other associations.
 535 *
 536 * Only sctp_setsockopt_bindx() is supposed to call this function.
 537 */
 538static int sctp_send_asconf_add_ip(struct sock		*sk,
 539				   struct sockaddr	*addrs,
 540				   int 			addrcnt)
 541{
 542	struct sctp_sock		*sp;
 543	struct sctp_endpoint		*ep;
 544	struct sctp_association		*asoc;
 545	struct sctp_bind_addr		*bp;
 546	struct sctp_chunk		*chunk;
 547	struct sctp_sockaddr_entry	*laddr;
 548	union sctp_addr			*addr;
 549	union sctp_addr			saveaddr;
 550	void				*addr_buf;
 551	struct sctp_af			*af;
 552	struct list_head		*p;
 553	int 				i;
 554	int 				retval = 0;
 555
 556	sp = sctp_sk(sk);
 557	ep = sp->ep;
 558
 559	if (!ep->asconf_enable)
 560		return retval;
 561
 562	pr_debug("%s: sk:%p, addrs:%p, addrcnt:%d\n",
 563		 __func__, sk, addrs, addrcnt);
 564
 565	list_for_each_entry(asoc, &ep->asocs, asocs) {
 566		if (!asoc->peer.asconf_capable)
 567			continue;
 568
 569		if (asoc->peer.addip_disabled_mask & SCTP_PARAM_ADD_IP)
 570			continue;
 571
 572		if (!sctp_state(asoc, ESTABLISHED))
 573			continue;
 574
 575		/* Check if any address in the packed array of addresses is
 576		 * in the bind address list of the association. If so,
 577		 * do not send the asconf chunk to its peer, but continue with
 578		 * other associations.
 579		 */
 580		addr_buf = addrs;
 581		for (i = 0; i < addrcnt; i++) {
 582			addr = addr_buf;
 583			af = sctp_get_af_specific(addr->v4.sin_family);
 584			if (!af) {
 585				retval = -EINVAL;
 586				goto out;
 587			}
 588
 589			if (sctp_assoc_lookup_laddr(asoc, addr))
 590				break;
 591
 592			addr_buf += af->sockaddr_len;
 593		}
 594		if (i < addrcnt)
 595			continue;
 596
 597		/* Use the first valid address in bind addr list of
 598		 * association as Address Parameter of ASCONF CHUNK.
 599		 */
 600		bp = &asoc->base.bind_addr;
 601		p = bp->address_list.next;
 602		laddr = list_entry(p, struct sctp_sockaddr_entry, list);
 603		chunk = sctp_make_asconf_update_ip(asoc, &laddr->a, addrs,
 604						   addrcnt, SCTP_PARAM_ADD_IP);
 605		if (!chunk) {
 606			retval = -ENOMEM;
 607			goto out;
 608		}
 609
 610		/* Add the new addresses to the bind address list with
 611		 * use_as_src set to 0.
 612		 */
 613		addr_buf = addrs;
 614		for (i = 0; i < addrcnt; i++) {
 615			addr = addr_buf;
 616			af = sctp_get_af_specific(addr->v4.sin_family);
 617			memcpy(&saveaddr, addr, af->sockaddr_len);
 618			retval = sctp_add_bind_addr(bp, &saveaddr,
 619						    sizeof(saveaddr),
 620						    SCTP_ADDR_NEW, GFP_ATOMIC);
 621			addr_buf += af->sockaddr_len;
 622		}
 623		if (asoc->src_out_of_asoc_ok) {
 624			struct sctp_transport *trans;
 625
 626			list_for_each_entry(trans,
 627			    &asoc->peer.transport_addr_list, transports) {
 628				trans->cwnd = min(4*asoc->pathmtu, max_t(__u32,
 629				    2*asoc->pathmtu, 4380));
 630				trans->ssthresh = asoc->peer.i.a_rwnd;
 631				trans->rto = asoc->rto_initial;
 632				sctp_max_rto(asoc, trans);
 633				trans->rtt = trans->srtt = trans->rttvar = 0;
 634				/* Clear the source and route cache */
 635				sctp_transport_route(trans, NULL,
 636						     sctp_sk(asoc->base.sk));
 637			}
 638		}
 639		retval = sctp_send_asconf(asoc, chunk);
 640	}
 641
 642out:
 643	return retval;
 644}
 645
 646/* Remove a list of addresses from bind addresses list.  Do not remove the
 647 * last address.
 648 *
 649 * Basically run through each address specified in the addrs/addrcnt
 650 * array/length pair, determine if it is IPv6 or IPv4 and call
 651 * sctp_del_bind() on it.
 652 *
 653 * If any of them fails, then the operation will be reversed and the
 654 * ones that were removed will be added back.
 655 *
 656 * At least one address has to be left; if only one address is
 657 * available, the operation will return -EBUSY.
 658 *
 659 * Only sctp_setsockopt_bindx() is supposed to call this function.
 660 */
 661static int sctp_bindx_rem(struct sock *sk, struct sockaddr *addrs, int addrcnt)
 662{
 663	struct sctp_sock *sp = sctp_sk(sk);
 664	struct sctp_endpoint *ep = sp->ep;
 665	int cnt;
 666	struct sctp_bind_addr *bp = &ep->base.bind_addr;
 667	int retval = 0;
 668	void *addr_buf;
 669	union sctp_addr *sa_addr;
 670	struct sctp_af *af;
 671
 672	pr_debug("%s: sk:%p, addrs:%p, addrcnt:%d\n",
 673		 __func__, sk, addrs, addrcnt);
 674
 675	addr_buf = addrs;
 676	for (cnt = 0; cnt < addrcnt; cnt++) {
 677		/* If the bind address list is empty or if there is only one
 678		 * bind address, there is nothing more to be removed (we need
 679		 * at least one address here).
 680		 */
 681		if (list_empty(&bp->address_list) ||
 682		    (sctp_list_single_entry(&bp->address_list))) {
 683			retval = -EBUSY;
 684			goto err_bindx_rem;
 685		}
 686
 687		sa_addr = addr_buf;
 688		af = sctp_get_af_specific(sa_addr->sa.sa_family);
 689		if (!af) {
 690			retval = -EINVAL;
 691			goto err_bindx_rem;
 692		}
 693
 694		if (!af->addr_valid(sa_addr, sp, NULL)) {
 695			retval = -EADDRNOTAVAIL;
 696			goto err_bindx_rem;
 697		}
 698
 699		if (sa_addr->v4.sin_port &&
 700		    sa_addr->v4.sin_port != htons(bp->port)) {
 701			retval = -EINVAL;
 702			goto err_bindx_rem;
 703		}
 704
 705		if (!sa_addr->v4.sin_port)
 706			sa_addr->v4.sin_port = htons(bp->port);
 707
 708		/* FIXME - There is probably a need to check if sk->sk_saddr and
 709		 * sk->sk_rcv_addr are currently set to one of the addresses to
 710		 * be removed. This is something which needs to be looked into
 711		 * when we are fixing the outstanding issues with multi-homing
 712		 * socket routing and failover schemes. Refer to comments in
 713		 * sctp_do_bind(). -daisy
 714		 */
 715		retval = sctp_del_bind_addr(bp, sa_addr);
 716
 717		addr_buf += af->sockaddr_len;
 718err_bindx_rem:
 719		if (retval < 0) {
 720			/* Failed. Add the ones that has been removed back */
 721			if (cnt > 0)
 722				sctp_bindx_add(sk, addrs, cnt);
 723			return retval;
 724		}
 725	}
 726
 727	return retval;
 728}
 729
 730/* Send an ASCONF chunk with Delete IP address parameters to all the peers of
 731 * the associations that are part of the endpoint indicating that a list of
 732 * local addresses are removed from the endpoint.
 733 *
 734 * If any of the addresses is already in the bind address list of the
 735 * association, we do not send the chunk for that association.  But it will not
 736 * affect other associations.
 737 *
 738 * Only sctp_setsockopt_bindx() is supposed to call this function.
 739 */
 740static int sctp_send_asconf_del_ip(struct sock		*sk,
 741				   struct sockaddr	*addrs,
 742				   int			addrcnt)
 743{
 744	struct sctp_sock	*sp;
 745	struct sctp_endpoint	*ep;
 746	struct sctp_association	*asoc;
 747	struct sctp_transport	*transport;
 748	struct sctp_bind_addr	*bp;
 749	struct sctp_chunk	*chunk;
 750	union sctp_addr		*laddr;
 751	void			*addr_buf;
 752	struct sctp_af		*af;
 753	struct sctp_sockaddr_entry *saddr;
 754	int 			i;
 755	int 			retval = 0;
 756	int			stored = 0;
 757
 758	chunk = NULL;
 759	sp = sctp_sk(sk);
 760	ep = sp->ep;
 761
 762	if (!ep->asconf_enable)
 763		return retval;
 764
 765	pr_debug("%s: sk:%p, addrs:%p, addrcnt:%d\n",
 766		 __func__, sk, addrs, addrcnt);
 767
 768	list_for_each_entry(asoc, &ep->asocs, asocs) {
 769
 770		if (!asoc->peer.asconf_capable)
 771			continue;
 772
 773		if (asoc->peer.addip_disabled_mask & SCTP_PARAM_DEL_IP)
 774			continue;
 775
 776		if (!sctp_state(asoc, ESTABLISHED))
 777			continue;
 778
 779		/* Check if any address in the packed array of addresses is
 780		 * not present in the bind address list of the association.
 781		 * If so, do not send the asconf chunk to its peer, but
 782		 * continue with other associations.
 783		 */
 784		addr_buf = addrs;
 785		for (i = 0; i < addrcnt; i++) {
 786			laddr = addr_buf;
 787			af = sctp_get_af_specific(laddr->v4.sin_family);
 788			if (!af) {
 789				retval = -EINVAL;
 790				goto out;
 791			}
 792
 793			if (!sctp_assoc_lookup_laddr(asoc, laddr))
 794				break;
 795
 796			addr_buf += af->sockaddr_len;
 797		}
 798		if (i < addrcnt)
 799			continue;
 800
 801		/* Find one address in the association's bind address list
 802		 * that is not in the packed array of addresses. This is to
 803		 * make sure that we do not delete all the addresses in the
 804		 * association.
 805		 */
 806		bp = &asoc->base.bind_addr;
 807		laddr = sctp_find_unmatch_addr(bp, (union sctp_addr *)addrs,
 808					       addrcnt, sp);
 809		if ((laddr == NULL) && (addrcnt == 1)) {
 810			if (asoc->asconf_addr_del_pending)
 811				continue;
 812			asoc->asconf_addr_del_pending =
 813			    kzalloc(sizeof(union sctp_addr), GFP_ATOMIC);
 814			if (asoc->asconf_addr_del_pending == NULL) {
 815				retval = -ENOMEM;
 816				goto out;
 817			}
 818			asoc->asconf_addr_del_pending->sa.sa_family =
 819				    addrs->sa_family;
 820			asoc->asconf_addr_del_pending->v4.sin_port =
 821				    htons(bp->port);
 822			if (addrs->sa_family == AF_INET) {
 823				struct sockaddr_in *sin;
 824
 825				sin = (struct sockaddr_in *)addrs;
 826				asoc->asconf_addr_del_pending->v4.sin_addr.s_addr = sin->sin_addr.s_addr;
 827			} else if (addrs->sa_family == AF_INET6) {
 828				struct sockaddr_in6 *sin6;
 829
 830				sin6 = (struct sockaddr_in6 *)addrs;
 831				asoc->asconf_addr_del_pending->v6.sin6_addr = sin6->sin6_addr;
 832			}
 833
 834			pr_debug("%s: keep the last address asoc:%p %pISc at %p\n",
 835				 __func__, asoc, &asoc->asconf_addr_del_pending->sa,
 836				 asoc->asconf_addr_del_pending);
 837
 838			asoc->src_out_of_asoc_ok = 1;
 839			stored = 1;
 840			goto skip_mkasconf;
 841		}
 842
 843		if (laddr == NULL)
 844			return -EINVAL;
 845
 846		/* We do not need RCU protection throughout this loop
 847		 * because this is done under a socket lock from the
 848		 * setsockopt call.
 849		 */
 850		chunk = sctp_make_asconf_update_ip(asoc, laddr, addrs, addrcnt,
 851						   SCTP_PARAM_DEL_IP);
 852		if (!chunk) {
 853			retval = -ENOMEM;
 854			goto out;
 855		}
 856
 857skip_mkasconf:
 858		/* Reset use_as_src flag for the addresses in the bind address
 859		 * list that are to be deleted.
 860		 */
 861		addr_buf = addrs;
 862		for (i = 0; i < addrcnt; i++) {
 863			laddr = addr_buf;
 864			af = sctp_get_af_specific(laddr->v4.sin_family);
 865			list_for_each_entry(saddr, &bp->address_list, list) {
 866				if (sctp_cmp_addr_exact(&saddr->a, laddr))
 867					saddr->state = SCTP_ADDR_DEL;
 868			}
 869			addr_buf += af->sockaddr_len;
 870		}
 871
 872		/* Update the route and saddr entries for all the transports
 873		 * as some of the addresses in the bind address list are
 874		 * about to be deleted and cannot be used as source addresses.
 875		 */
 876		list_for_each_entry(transport, &asoc->peer.transport_addr_list,
 877					transports) {
 878			sctp_transport_route(transport, NULL,
 879					     sctp_sk(asoc->base.sk));
 880		}
 881
 882		if (stored)
 883			/* We don't need to transmit ASCONF */
 884			continue;
 885		retval = sctp_send_asconf(asoc, chunk);
 886	}
 887out:
 888	return retval;
 889}
 890
 891/* set addr events to assocs in the endpoint.  ep and addr_wq must be locked */
 892int sctp_asconf_mgmt(struct sctp_sock *sp, struct sctp_sockaddr_entry *addrw)
 893{
 894	struct sock *sk = sctp_opt2sk(sp);
 895	union sctp_addr *addr;
 896	struct sctp_af *af;
 897
 898	/* It is safe to write port space in caller. */
 899	addr = &addrw->a;
 900	addr->v4.sin_port = htons(sp->ep->base.bind_addr.port);
 901	af = sctp_get_af_specific(addr->sa.sa_family);
 902	if (!af)
 903		return -EINVAL;
 904	if (sctp_verify_addr(sk, addr, af->sockaddr_len))
 905		return -EINVAL;
 906
 907	if (addrw->state == SCTP_ADDR_NEW)
 908		return sctp_send_asconf_add_ip(sk, (struct sockaddr *)addr, 1);
 909	else
 910		return sctp_send_asconf_del_ip(sk, (struct sockaddr *)addr, 1);
 911}
 912
 913/* Helper for tunneling sctp_bindx() requests through sctp_setsockopt()
 914 *
 915 * API 8.1
 916 * int sctp_bindx(int sd, struct sockaddr *addrs, int addrcnt,
 917 *                int flags);
 918 *
 919 * If sd is an IPv4 socket, the addresses passed must be IPv4 addresses.
 920 * If the sd is an IPv6 socket, the addresses passed can either be IPv4
 921 * or IPv6 addresses.
 922 *
 923 * A single address may be specified as INADDR_ANY or IN6ADDR_ANY, see
 924 * Section 3.1.2 for this usage.
 925 *
 926 * addrs is a pointer to an array of one or more socket addresses. Each
 927 * address is contained in its appropriate structure (i.e. struct
 928 * sockaddr_in or struct sockaddr_in6) the family of the address type
 929 * must be used to distinguish the address length (note that this
 930 * representation is termed a "packed array" of addresses). The caller
 931 * specifies the number of addresses in the array with addrcnt.
 932 *
 933 * On success, sctp_bindx() returns 0. On failure, sctp_bindx() returns
 934 * -1, and sets errno to the appropriate error code.
 935 *
 936 * For SCTP, the port given in each socket address must be the same, or
 937 * sctp_bindx() will fail, setting errno to EINVAL.
 938 *
 939 * The flags parameter is formed from the bitwise OR of zero or more of
 940 * the following currently defined flags:
 941 *
 942 * SCTP_BINDX_ADD_ADDR
 943 *
 944 * SCTP_BINDX_REM_ADDR
 945 *
 946 * SCTP_BINDX_ADD_ADDR directs SCTP to add the given addresses to the
 947 * association, and SCTP_BINDX_REM_ADDR directs SCTP to remove the given
 948 * addresses from the association. The two flags are mutually exclusive;
 949 * if both are given, sctp_bindx() will fail with EINVAL. A caller may
 950 * not remove all addresses from an association; sctp_bindx() will
 951 * reject such an attempt with EINVAL.
 952 *
 953 * An application can use sctp_bindx(SCTP_BINDX_ADD_ADDR) to associate
 954 * additional addresses with an endpoint after calling bind().  Or use
 955 * sctp_bindx(SCTP_BINDX_REM_ADDR) to remove some addresses a listening
 956 * socket is associated with so that no new association accepted will be
 957 * associated with those addresses. If the endpoint supports dynamic
 958 * address a SCTP_BINDX_REM_ADDR or SCTP_BINDX_ADD_ADDR may cause a
 959 * endpoint to send the appropriate message to the peer to change the
 960 * peers address lists.
 961 *
 962 * Adding and removing addresses from a connected association is
 963 * optional functionality. Implementations that do not support this
 964 * functionality should return EOPNOTSUPP.
 965 *
 966 * Basically do nothing but copying the addresses from user to kernel
 967 * land and invoking either sctp_bindx_add() or sctp_bindx_rem() on the sk.
 968 * This is used for tunneling the sctp_bindx() request through sctp_setsockopt()
 969 * from userspace.
 970 *
 971 * On exit there is no need to do sockfd_put(), sys_setsockopt() does
 972 * it.
 973 *
 974 * sk        The sk of the socket
 975 * addrs     The pointer to the addresses in user land
 976 * addrssize Size of the addrs buffer
 977 * op        Operation to perform (add or remove, see the flags of
 978 *           sctp_bindx)
 979 *
 980 * Returns 0 if ok, <0 errno code on error.
 981 */
 982static int sctp_setsockopt_bindx(struct sock *sk,
 983				 struct sockaddr __user *addrs,
 984				 int addrs_size, int op)
 985{
 986	struct sockaddr *kaddrs;
 987	int err;
 988	int addrcnt = 0;
 989	int walk_size = 0;
 990	struct sockaddr *sa_addr;
 991	void *addr_buf;
 992	struct sctp_af *af;
 993
 994	pr_debug("%s: sk:%p addrs:%p addrs_size:%d opt:%d\n",
 995		 __func__, sk, addrs, addrs_size, op);
 996
 997	if (unlikely(addrs_size <= 0))
 998		return -EINVAL;
 999
1000	kaddrs = memdup_user(addrs, addrs_size);
1001	if (IS_ERR(kaddrs))
1002		return PTR_ERR(kaddrs);
1003
1004	/* Walk through the addrs buffer and count the number of addresses. */
1005	addr_buf = kaddrs;
1006	while (walk_size < addrs_size) {
1007		if (walk_size + sizeof(sa_family_t) > addrs_size) {
1008			kfree(kaddrs);
1009			return -EINVAL;
1010		}
1011
1012		sa_addr = addr_buf;
1013		af = sctp_get_af_specific(sa_addr->sa_family);
1014
1015		/* If the address family is not supported or if this address
1016		 * causes the address buffer to overflow return EINVAL.
1017		 */
1018		if (!af || (walk_size + af->sockaddr_len) > addrs_size) {
1019			kfree(kaddrs);
1020			return -EINVAL;
1021		}
1022		addrcnt++;
1023		addr_buf += af->sockaddr_len;
1024		walk_size += af->sockaddr_len;
1025	}
1026
1027	/* Do the work. */
1028	switch (op) {
1029	case SCTP_BINDX_ADD_ADDR:
1030		/* Allow security module to validate bindx addresses. */
1031		err = security_sctp_bind_connect(sk, SCTP_SOCKOPT_BINDX_ADD,
1032						 (struct sockaddr *)kaddrs,
1033						 addrs_size);
1034		if (err)
1035			goto out;
1036		err = sctp_bindx_add(sk, kaddrs, addrcnt);
1037		if (err)
1038			goto out;
1039		err = sctp_send_asconf_add_ip(sk, kaddrs, addrcnt);
1040		break;
1041
1042	case SCTP_BINDX_REM_ADDR:
1043		err = sctp_bindx_rem(sk, kaddrs, addrcnt);
1044		if (err)
1045			goto out;
1046		err = sctp_send_asconf_del_ip(sk, kaddrs, addrcnt);
1047		break;
1048
1049	default:
1050		err = -EINVAL;
1051		break;
1052	}
1053
1054out:
1055	kfree(kaddrs);
1056
1057	return err;
1058}
1059
1060static int sctp_connect_new_asoc(struct sctp_endpoint *ep,
1061				 const union sctp_addr *daddr,
1062				 const struct sctp_initmsg *init,
1063				 struct sctp_transport **tp)
1064{
1065	struct sctp_association *asoc;
1066	struct sock *sk = ep->base.sk;
1067	struct net *net = sock_net(sk);
1068	enum sctp_scope scope;
1069	int err;
1070
1071	if (sctp_endpoint_is_peeled_off(ep, daddr))
1072		return -EADDRNOTAVAIL;
1073
1074	if (!ep->base.bind_addr.port) {
1075		if (sctp_autobind(sk))
1076			return -EAGAIN;
1077	} else {
1078		if (inet_port_requires_bind_service(net, ep->base.bind_addr.port) &&
1079		    !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE))
1080			return -EACCES;
1081	}
1082
1083	scope = sctp_scope(daddr);
1084	asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);
1085	if (!asoc)
1086		return -ENOMEM;
1087
1088	err = sctp_assoc_set_bind_addr_from_ep(asoc, scope, GFP_KERNEL);
1089	if (err < 0)
1090		goto free;
1091
1092	*tp = sctp_assoc_add_peer(asoc, daddr, GFP_KERNEL, SCTP_UNKNOWN);
1093	if (!*tp) {
1094		err = -ENOMEM;
1095		goto free;
1096	}
1097
1098	if (!init)
1099		return 0;
1100
1101	if (init->sinit_num_ostreams) {
1102		__u16 outcnt = init->sinit_num_ostreams;
1103
1104		asoc->c.sinit_num_ostreams = outcnt;
1105		/* outcnt has been changed, need to re-init stream */
1106		err = sctp_stream_init(&asoc->stream, outcnt, 0, GFP_KERNEL);
1107		if (err)
1108			goto free;
1109	}
1110
1111	if (init->sinit_max_instreams)
1112		asoc->c.sinit_max_instreams = init->sinit_max_instreams;
1113
1114	if (init->sinit_max_attempts)
1115		asoc->max_init_attempts = init->sinit_max_attempts;
1116
1117	if (init->sinit_max_init_timeo)
1118		asoc->max_init_timeo =
1119			msecs_to_jiffies(init->sinit_max_init_timeo);
1120
1121	return 0;
1122free:
1123	sctp_association_free(asoc);
1124	return err;
1125}
1126
1127static int sctp_connect_add_peer(struct sctp_association *asoc,
1128				 union sctp_addr *daddr, int addr_len)
1129{
1130	struct sctp_endpoint *ep = asoc->ep;
1131	struct sctp_association *old;
1132	struct sctp_transport *t;
1133	int err;
1134
1135	err = sctp_verify_addr(ep->base.sk, daddr, addr_len);
1136	if (err)
1137		return err;
1138
1139	old = sctp_endpoint_lookup_assoc(ep, daddr, &t);
1140	if (old && old != asoc)
1141		return old->state >= SCTP_STATE_ESTABLISHED ? -EISCONN
1142							    : -EALREADY;
1143
1144	if (sctp_endpoint_is_peeled_off(ep, daddr))
1145		return -EADDRNOTAVAIL;
1146
1147	t = sctp_assoc_add_peer(asoc, daddr, GFP_KERNEL, SCTP_UNKNOWN);
1148	if (!t)
1149		return -ENOMEM;
1150
1151	return 0;
1152}
1153
1154/* __sctp_connect(struct sock* sk, struct sockaddr *kaddrs, int addrs_size)
1155 *
1156 * Common routine for handling connect() and sctp_connectx().
1157 * Connect will come in with just a single address.
1158 */
1159static int __sctp_connect(struct sock *sk, struct sockaddr *kaddrs,
1160			  int addrs_size, int flags, sctp_assoc_t *assoc_id)
1161{
1162	struct sctp_sock *sp = sctp_sk(sk);
1163	struct sctp_endpoint *ep = sp->ep;
1164	struct sctp_transport *transport;
1165	struct sctp_association *asoc;
1166	void *addr_buf = kaddrs;
1167	union sctp_addr *daddr;
1168	struct sctp_af *af;
1169	int walk_size, err;
1170	long timeo;
1171
1172	if (sctp_sstate(sk, ESTABLISHED) || sctp_sstate(sk, CLOSING) ||
1173	    (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING)))
1174		return -EISCONN;
1175
1176	daddr = addr_buf;
1177	af = sctp_get_af_specific(daddr->sa.sa_family);
1178	if (!af || af->sockaddr_len > addrs_size)
1179		return -EINVAL;
1180
1181	err = sctp_verify_addr(sk, daddr, af->sockaddr_len);
1182	if (err)
1183		return err;
1184
1185	asoc = sctp_endpoint_lookup_assoc(ep, daddr, &transport);
1186	if (asoc)
1187		return asoc->state >= SCTP_STATE_ESTABLISHED ? -EISCONN
1188							     : -EALREADY;
1189
1190	err = sctp_connect_new_asoc(ep, daddr, NULL, &transport);
1191	if (err)
1192		return err;
1193	asoc = transport->asoc;
1194
1195	addr_buf += af->sockaddr_len;
1196	walk_size = af->sockaddr_len;
1197	while (walk_size < addrs_size) {
1198		err = -EINVAL;
1199		if (walk_size + sizeof(sa_family_t) > addrs_size)
1200			goto out_free;
1201
1202		daddr = addr_buf;
1203		af = sctp_get_af_specific(daddr->sa.sa_family);
1204		if (!af || af->sockaddr_len + walk_size > addrs_size)
1205			goto out_free;
1206
1207		if (asoc->peer.port != ntohs(daddr->v4.sin_port))
1208			goto out_free;
1209
1210		err = sctp_connect_add_peer(asoc, daddr, af->sockaddr_len);
1211		if (err)
1212			goto out_free;
1213
1214		addr_buf  += af->sockaddr_len;
1215		walk_size += af->sockaddr_len;
1216	}
1217
1218	/* In case the user of sctp_connectx() wants an association
1219	 * id back, assign one now.
1220	 */
1221	if (assoc_id) {
1222		err = sctp_assoc_set_id(asoc, GFP_KERNEL);
1223		if (err < 0)
1224			goto out_free;
1225	}
1226
1227	err = sctp_primitive_ASSOCIATE(sock_net(sk), asoc, NULL);
1228	if (err < 0)
1229		goto out_free;
1230
1231	/* Initialize sk's dport and daddr for getpeername() */
1232	inet_sk(sk)->inet_dport = htons(asoc->peer.port);
1233	sp->pf->to_sk_daddr(daddr, sk);
1234	sk->sk_err = 0;
1235
1236	if (assoc_id)
1237		*assoc_id = asoc->assoc_id;
1238
1239	timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1240	return sctp_wait_for_connect(asoc, &timeo);
1241
1242out_free:
1243	pr_debug("%s: took out_free path with asoc:%p kaddrs:%p err:%d\n",
1244		 __func__, asoc, kaddrs, err);
1245	sctp_association_free(asoc);
1246	return err;
1247}
1248
1249/* Helper for tunneling sctp_connectx() requests through sctp_setsockopt()
1250 *
1251 * API 8.9
1252 * int sctp_connectx(int sd, struct sockaddr *addrs, int addrcnt,
1253 * 			sctp_assoc_t *asoc);
1254 *
1255 * If sd is an IPv4 socket, the addresses passed must be IPv4 addresses.
1256 * If the sd is an IPv6 socket, the addresses passed can either be IPv4
1257 * or IPv6 addresses.
1258 *
1259 * A single address may be specified as INADDR_ANY or IN6ADDR_ANY, see
1260 * Section 3.1.2 for this usage.
1261 *
1262 * addrs is a pointer to an array of one or more socket addresses. Each
1263 * address is contained in its appropriate structure (i.e. struct
1264 * sockaddr_in or struct sockaddr_in6) the family of the address type
1265 * must be used to distengish the address length (note that this
1266 * representation is termed a "packed array" of addresses). The caller
1267 * specifies the number of addresses in the array with addrcnt.
1268 *
1269 * On success, sctp_connectx() returns 0. It also sets the assoc_id to
1270 * the association id of the new association.  On failure, sctp_connectx()
1271 * returns -1, and sets errno to the appropriate error code.  The assoc_id
1272 * is not touched by the kernel.
1273 *
1274 * For SCTP, the port given in each socket address must be the same, or
1275 * sctp_connectx() will fail, setting errno to EINVAL.
1276 *
1277 * An application can use sctp_connectx to initiate an association with
1278 * an endpoint that is multi-homed.  Much like sctp_bindx() this call
1279 * allows a caller to specify multiple addresses at which a peer can be
1280 * reached.  The way the SCTP stack uses the list of addresses to set up
1281 * the association is implementation dependent.  This function only
1282 * specifies that the stack will try to make use of all the addresses in
1283 * the list when needed.
1284 *
1285 * Note that the list of addresses passed in is only used for setting up
1286 * the association.  It does not necessarily equal the set of addresses
1287 * the peer uses for the resulting association.  If the caller wants to
1288 * find out the set of peer addresses, it must use sctp_getpaddrs() to
1289 * retrieve them after the association has been set up.
1290 *
1291 * Basically do nothing but copying the addresses from user to kernel
1292 * land and invoking either sctp_connectx(). This is used for tunneling
1293 * the sctp_connectx() request through sctp_setsockopt() from userspace.
1294 *
1295 * On exit there is no need to do sockfd_put(), sys_setsockopt() does
1296 * it.
1297 *
1298 * sk        The sk of the socket
1299 * addrs     The pointer to the addresses in user land
1300 * addrssize Size of the addrs buffer
1301 *
1302 * Returns >=0 if ok, <0 errno code on error.
1303 */
1304static int __sctp_setsockopt_connectx(struct sock *sk,
1305				      struct sockaddr __user *addrs,
1306				      int addrs_size,
1307				      sctp_assoc_t *assoc_id)
1308{
1309	struct sockaddr *kaddrs;
1310	int err = 0, flags = 0;
1311
1312	pr_debug("%s: sk:%p addrs:%p addrs_size:%d\n",
1313		 __func__, sk, addrs, addrs_size);
1314
1315	/* make sure the 1st addr's sa_family is accessible later */
1316	if (unlikely(addrs_size < sizeof(sa_family_t)))
1317		return -EINVAL;
1318
1319	kaddrs = memdup_user(addrs, addrs_size);
1320	if (IS_ERR(kaddrs))
1321		return PTR_ERR(kaddrs);
1322
1323	/* Allow security module to validate connectx addresses. */
1324	err = security_sctp_bind_connect(sk, SCTP_SOCKOPT_CONNECTX,
1325					 (struct sockaddr *)kaddrs,
1326					  addrs_size);
1327	if (err)
1328		goto out_free;
1329
1330	/* in-kernel sockets don't generally have a file allocated to them
1331	 * if all they do is call sock_create_kern().
1332	 */
1333	if (sk->sk_socket->file)
1334		flags = sk->sk_socket->file->f_flags;
1335
1336	err = __sctp_connect(sk, kaddrs, addrs_size, flags, assoc_id);
1337
1338out_free:
1339	kfree(kaddrs);
1340
1341	return err;
1342}
1343
1344/*
1345 * This is an older interface.  It's kept for backward compatibility
1346 * to the option that doesn't provide association id.
1347 */
1348static int sctp_setsockopt_connectx_old(struct sock *sk,
1349					struct sockaddr __user *addrs,
1350					int addrs_size)
1351{
1352	return __sctp_setsockopt_connectx(sk, addrs, addrs_size, NULL);
1353}
1354
1355/*
1356 * New interface for the API.  The since the API is done with a socket
1357 * option, to make it simple we feed back the association id is as a return
1358 * indication to the call.  Error is always negative and association id is
1359 * always positive.
1360 */
1361static int sctp_setsockopt_connectx(struct sock *sk,
1362				    struct sockaddr __user *addrs,
1363				    int addrs_size)
1364{
1365	sctp_assoc_t assoc_id = 0;
1366	int err = 0;
1367
1368	err = __sctp_setsockopt_connectx(sk, addrs, addrs_size, &assoc_id);
1369
1370	if (err)
1371		return err;
1372	else
1373		return assoc_id;
1374}
1375
1376/*
1377 * New (hopefully final) interface for the API.
1378 * We use the sctp_getaddrs_old structure so that use-space library
1379 * can avoid any unnecessary allocations. The only different part
1380 * is that we store the actual length of the address buffer into the
1381 * addrs_num structure member. That way we can re-use the existing
1382 * code.
1383 */
1384#ifdef CONFIG_COMPAT
1385struct compat_sctp_getaddrs_old {
1386	sctp_assoc_t	assoc_id;
1387	s32		addr_num;
1388	compat_uptr_t	addrs;		/* struct sockaddr * */
1389};
1390#endif
1391
1392static int sctp_getsockopt_connectx3(struct sock *sk, int len,
1393				     char __user *optval,
1394				     int __user *optlen)
1395{
1396	struct sctp_getaddrs_old param;
1397	sctp_assoc_t assoc_id = 0;
1398	int err = 0;
1399
1400#ifdef CONFIG_COMPAT
1401	if (in_compat_syscall()) {
1402		struct compat_sctp_getaddrs_old param32;
1403
1404		if (len < sizeof(param32))
1405			return -EINVAL;
1406		if (copy_from_user(&param32, optval, sizeof(param32)))
1407			return -EFAULT;
1408
1409		param.assoc_id = param32.assoc_id;
1410		param.addr_num = param32.addr_num;
1411		param.addrs = compat_ptr(param32.addrs);
1412	} else
1413#endif
1414	{
1415		if (len < sizeof(param))
1416			return -EINVAL;
1417		if (copy_from_user(&param, optval, sizeof(param)))
1418			return -EFAULT;
1419	}
1420
1421	err = __sctp_setsockopt_connectx(sk, (struct sockaddr __user *)
1422					 param.addrs, param.addr_num,
1423					 &assoc_id);
1424	if (err == 0 || err == -EINPROGRESS) {
1425		if (copy_to_user(optval, &assoc_id, sizeof(assoc_id)))
1426			return -EFAULT;
1427		if (put_user(sizeof(assoc_id), optlen))
1428			return -EFAULT;
1429	}
1430
1431	return err;
1432}
1433
1434/* API 3.1.4 close() - UDP Style Syntax
1435 * Applications use close() to perform graceful shutdown (as described in
1436 * Section 10.1 of [SCTP]) on ALL the associations currently represented
1437 * by a UDP-style socket.
1438 *
1439 * The syntax is
1440 *
1441 *   ret = close(int sd);
1442 *
1443 *   sd      - the socket descriptor of the associations to be closed.
1444 *
1445 * To gracefully shutdown a specific association represented by the
1446 * UDP-style socket, an application should use the sendmsg() call,
1447 * passing no user data, but including the appropriate flag in the
1448 * ancillary data (see Section xxxx).
1449 *
1450 * If sd in the close() call is a branched-off socket representing only
1451 * one association, the shutdown is performed on that association only.
1452 *
1453 * 4.1.6 close() - TCP Style Syntax
1454 *
1455 * Applications use close() to gracefully close down an association.
1456 *
1457 * The syntax is:
1458 *
1459 *    int close(int sd);
1460 *
1461 *      sd      - the socket descriptor of the association to be closed.
1462 *
1463 * After an application calls close() on a socket descriptor, no further
1464 * socket operations will succeed on that descriptor.
1465 *
1466 * API 7.1.4 SO_LINGER
1467 *
1468 * An application using the TCP-style socket can use this option to
1469 * perform the SCTP ABORT primitive.  The linger option structure is:
1470 *
1471 *  struct  linger {
1472 *     int     l_onoff;                // option on/off
1473 *     int     l_linger;               // linger time
1474 * };
1475 *
1476 * To enable the option, set l_onoff to 1.  If the l_linger value is set
1477 * to 0, calling close() is the same as the ABORT primitive.  If the
1478 * value is set to a negative value, the setsockopt() call will return
1479 * an error.  If the value is set to a positive value linger_time, the
1480 * close() can be blocked for at most linger_time ms.  If the graceful
1481 * shutdown phase does not finish during this period, close() will
1482 * return but the graceful shutdown phase continues in the system.
1483 */
1484static void sctp_close(struct sock *sk, long timeout)
1485{
1486	struct net *net = sock_net(sk);
1487	struct sctp_endpoint *ep;
1488	struct sctp_association *asoc;
1489	struct list_head *pos, *temp;
1490	unsigned int data_was_unread;
1491
1492	pr_debug("%s: sk:%p, timeout:%ld\n", __func__, sk, timeout);
1493
1494	lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1495	sk->sk_shutdown = SHUTDOWN_MASK;
1496	inet_sk_set_state(sk, SCTP_SS_CLOSING);
1497
1498	ep = sctp_sk(sk)->ep;
1499
1500	/* Clean up any skbs sitting on the receive queue.  */
1501	data_was_unread = sctp_queue_purge_ulpevents(&sk->sk_receive_queue);
1502	data_was_unread += sctp_queue_purge_ulpevents(&sctp_sk(sk)->pd_lobby);
1503
1504	/* Walk all associations on an endpoint.  */
1505	list_for_each_safe(pos, temp, &ep->asocs) {
1506		asoc = list_entry(pos, struct sctp_association, asocs);
1507
1508		if (sctp_style(sk, TCP)) {
1509			/* A closed association can still be in the list if
1510			 * it belongs to a TCP-style listening socket that is
1511			 * not yet accepted. If so, free it. If not, send an
1512			 * ABORT or SHUTDOWN based on the linger options.
1513			 */
1514			if (sctp_state(asoc, CLOSED)) {
1515				sctp_association_free(asoc);
1516				continue;
1517			}
1518		}
1519
1520		if (data_was_unread || !skb_queue_empty(&asoc->ulpq.lobby) ||
1521		    !skb_queue_empty(&asoc->ulpq.reasm) ||
1522		    !skb_queue_empty(&asoc->ulpq.reasm_uo) ||
1523		    (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime)) {
1524			struct sctp_chunk *chunk;
1525
1526			chunk = sctp_make_abort_user(asoc, NULL, 0);
1527			sctp_primitive_ABORT(net, asoc, chunk);
1528		} else
1529			sctp_primitive_SHUTDOWN(net, asoc, NULL);
1530	}
1531
1532	/* On a TCP-style socket, block for at most linger_time if set. */
1533	if (sctp_style(sk, TCP) && timeout)
1534		sctp_wait_for_close(sk, timeout);
1535
1536	/* This will run the backlog queue.  */
1537	release_sock(sk);
1538
1539	/* Supposedly, no process has access to the socket, but
1540	 * the net layers still may.
1541	 * Also, sctp_destroy_sock() needs to be called with addr_wq_lock
1542	 * held and that should be grabbed before socket lock.
1543	 */
1544	spin_lock_bh(&net->sctp.addr_wq_lock);
1545	bh_lock_sock_nested(sk);
1546
1547	/* Hold the sock, since sk_common_release() will put sock_put()
1548	 * and we have just a little more cleanup.
1549	 */
1550	sock_hold(sk);
1551	sk_common_release(sk);
1552
1553	bh_unlock_sock(sk);
1554	spin_unlock_bh(&net->sctp.addr_wq_lock);
1555
1556	sock_put(sk);
1557
1558	SCTP_DBG_OBJCNT_DEC(sock);
1559}
1560
1561/* Handle EPIPE error. */
1562static int sctp_error(struct sock *sk, int flags, int err)
1563{
1564	if (err == -EPIPE)
1565		err = sock_error(sk) ? : -EPIPE;
1566	if (err == -EPIPE && !(flags & MSG_NOSIGNAL))
1567		send_sig(SIGPIPE, current, 0);
1568	return err;
1569}
1570
1571/* API 3.1.3 sendmsg() - UDP Style Syntax
1572 *
1573 * An application uses sendmsg() and recvmsg() calls to transmit data to
1574 * and receive data from its peer.
1575 *
1576 *  ssize_t sendmsg(int socket, const struct msghdr *message,
1577 *                  int flags);
1578 *
1579 *  socket  - the socket descriptor of the endpoint.
1580 *  message - pointer to the msghdr structure which contains a single
1581 *            user message and possibly some ancillary data.
1582 *
1583 *            See Section 5 for complete description of the data
1584 *            structures.
1585 *
1586 *  flags   - flags sent or received with the user message, see Section
1587 *            5 for complete description of the flags.
1588 *
1589 * Note:  This function could use a rewrite especially when explicit
1590 * connect support comes in.
1591 */
1592/* BUG:  We do not implement the equivalent of sk_stream_wait_memory(). */
1593
1594static int sctp_msghdr_parse(const struct msghdr *msg,
1595			     struct sctp_cmsgs *cmsgs);
1596
1597static int sctp_sendmsg_parse(struct sock *sk, struct sctp_cmsgs *cmsgs,
1598			      struct sctp_sndrcvinfo *srinfo,
1599			      const struct msghdr *msg, size_t msg_len)
1600{
1601	__u16 sflags;
1602	int err;
1603
1604	if (sctp_sstate(sk, LISTENING) && sctp_style(sk, TCP))
1605		return -EPIPE;
1606
1607	if (msg_len > sk->sk_sndbuf)
1608		return -EMSGSIZE;
1609
1610	memset(cmsgs, 0, sizeof(*cmsgs));
1611	err = sctp_msghdr_parse(msg, cmsgs);
1612	if (err) {
1613		pr_debug("%s: msghdr parse err:%x\n", __func__, err);
1614		return err;
1615	}
1616
1617	memset(srinfo, 0, sizeof(*srinfo));
1618	if (cmsgs->srinfo) {
1619		srinfo->sinfo_stream = cmsgs->srinfo->sinfo_stream;
1620		srinfo->sinfo_flags = cmsgs->srinfo->sinfo_flags;
1621		srinfo->sinfo_ppid = cmsgs->srinfo->sinfo_ppid;
1622		srinfo->sinfo_context = cmsgs->srinfo->sinfo_context;
1623		srinfo->sinfo_assoc_id = cmsgs->srinfo->sinfo_assoc_id;
1624		srinfo->sinfo_timetolive = cmsgs->srinfo->sinfo_timetolive;
1625	}
1626
1627	if (cmsgs->sinfo) {
1628		srinfo->sinfo_stream = cmsgs->sinfo->snd_sid;
1629		srinfo->sinfo_flags = cmsgs->sinfo->snd_flags;
1630		srinfo->sinfo_ppid = cmsgs->sinfo->snd_ppid;
1631		srinfo->sinfo_context = cmsgs->sinfo->snd_context;
1632		srinfo->sinfo_assoc_id = cmsgs->sinfo->snd_assoc_id;
1633	}
1634
1635	if (cmsgs->prinfo) {
1636		srinfo->sinfo_timetolive = cmsgs->prinfo->pr_value;
1637		SCTP_PR_SET_POLICY(srinfo->sinfo_flags,
1638				   cmsgs->prinfo->pr_policy);
1639	}
1640
1641	sflags = srinfo->sinfo_flags;
1642	if (!sflags && msg_len)
1643		return 0;
1644
1645	if (sctp_style(sk, TCP) && (sflags & (SCTP_EOF | SCTP_ABORT)))
1646		return -EINVAL;
1647
1648	if (((sflags & SCTP_EOF) && msg_len > 0) ||
1649	    (!(sflags & (SCTP_EOF | SCTP_ABORT)) && msg_len == 0))
1650		return -EINVAL;
1651
1652	if ((sflags & SCTP_ADDR_OVER) && !msg->msg_name)
1653		return -EINVAL;
1654
1655	return 0;
1656}
1657
1658static int sctp_sendmsg_new_asoc(struct sock *sk, __u16 sflags,
1659				 struct sctp_cmsgs *cmsgs,
1660				 union sctp_addr *daddr,
1661				 struct sctp_transport **tp)
1662{
1663	struct sctp_endpoint *ep = sctp_sk(sk)->ep;
1664	struct sctp_association *asoc;
1665	struct cmsghdr *cmsg;
1666	__be32 flowinfo = 0;
1667	struct sctp_af *af;
1668	int err;
1669
1670	*tp = NULL;
1671
1672	if (sflags & (SCTP_EOF | SCTP_ABORT))
1673		return -EINVAL;
1674
1675	if (sctp_style(sk, TCP) && (sctp_sstate(sk, ESTABLISHED) ||
1676				    sctp_sstate(sk, CLOSING)))
1677		return -EADDRNOTAVAIL;
1678
1679	/* Label connection socket for first association 1-to-many
1680	 * style for client sequence socket()->sendmsg(). This
1681	 * needs to be done before sctp_assoc_add_peer() as that will
1682	 * set up the initial packet that needs to account for any
1683	 * security ip options (CIPSO/CALIPSO) added to the packet.
1684	 */
1685	af = sctp_get_af_specific(daddr->sa.sa_family);
1686	if (!af)
1687		return -EINVAL;
1688	err = security_sctp_bind_connect(sk, SCTP_SENDMSG_CONNECT,
1689					 (struct sockaddr *)daddr,
1690					 af->sockaddr_len);
1691	if (err < 0)
1692		return err;
1693
1694	err = sctp_connect_new_asoc(ep, daddr, cmsgs->init, tp);
1695	if (err)
1696		return err;
1697	asoc = (*tp)->asoc;
1698
1699	if (!cmsgs->addrs_msg)
1700		return 0;
1701
1702	if (daddr->sa.sa_family == AF_INET6)
1703		flowinfo = daddr->v6.sin6_flowinfo;
1704
1705	/* sendv addr list parse */
1706	for_each_cmsghdr(cmsg, cmsgs->addrs_msg) {
1707		union sctp_addr _daddr;
1708		int dlen;
1709
1710		if (cmsg->cmsg_level != IPPROTO_SCTP ||
1711		    (cmsg->cmsg_type != SCTP_DSTADDRV4 &&
1712		     cmsg->cmsg_type != SCTP_DSTADDRV6))
1713			continue;
1714
1715		daddr = &_daddr;
1716		memset(daddr, 0, sizeof(*daddr));
1717		dlen = cmsg->cmsg_len - sizeof(struct cmsghdr);
1718		if (cmsg->cmsg_type == SCTP_DST

Large files files are truncated, but you can click here to view the full file