/net/tipc/msg.c

http://github.com/mirrors/linux · C · 859 lines · 603 code · 86 blank · 170 comment · 115 complexity · cdf8fa8d1ec0ad302e2cda39eec8925d MD5 · raw file

  1. /*
  2. * net/tipc/msg.c: TIPC message header routines
  3. *
  4. * Copyright (c) 2000-2006, 2014-2015, Ericsson AB
  5. * Copyright (c) 2005, 2010-2011, Wind River Systems
  6. * All rights reserved.
  7. *
  8. * Redistribution and use in source and binary forms, with or without
  9. * modification, are permitted provided that the following conditions are met:
  10. *
  11. * 1. Redistributions of source code must retain the above copyright
  12. * notice, this list of conditions and the following disclaimer.
  13. * 2. Redistributions in binary form must reproduce the above copyright
  14. * notice, this list of conditions and the following disclaimer in the
  15. * documentation and/or other materials provided with the distribution.
  16. * 3. Neither the names of the copyright holders nor the names of its
  17. * contributors may be used to endorse or promote products derived from
  18. * this software without specific prior written permission.
  19. *
  20. * Alternatively, this software may be distributed under the terms of the
  21. * GNU General Public License ("GPL") version 2 as published by the Free
  22. * Software Foundation.
  23. *
  24. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  25. * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  26. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  27. * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
  28. * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  29. * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  30. * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  31. * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  32. * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  33. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  34. * POSSIBILITY OF SUCH DAMAGE.
  35. */
  36. #include <net/sock.h>
  37. #include "core.h"
  38. #include "msg.h"
  39. #include "addr.h"
  40. #include "name_table.h"
  41. #include "crypto.h"
  42. #define MAX_FORWARD_SIZE 1024
  43. #ifdef CONFIG_TIPC_CRYPTO
  44. #define BUF_HEADROOM ALIGN(((LL_MAX_HEADER + 48) + EHDR_MAX_SIZE), 16)
  45. #define BUF_TAILROOM (TIPC_AES_GCM_TAG_SIZE)
  46. #else
  47. #define BUF_HEADROOM (LL_MAX_HEADER + 48)
  48. #define BUF_TAILROOM 16
  49. #endif
  50. static unsigned int align(unsigned int i)
  51. {
  52. return (i + 3) & ~3u;
  53. }
  54. /**
  55. * tipc_buf_acquire - creates a TIPC message buffer
  56. * @size: message size (including TIPC header)
  57. *
  58. * Returns a new buffer with data pointers set to the specified size.
  59. *
  60. * NOTE: Headroom is reserved to allow prepending of a data link header.
  61. * There may also be unrequested tailroom present at the buffer's end.
  62. */
  63. struct sk_buff *tipc_buf_acquire(u32 size, gfp_t gfp)
  64. {
  65. struct sk_buff *skb;
  66. #ifdef CONFIG_TIPC_CRYPTO
  67. unsigned int buf_size = (BUF_HEADROOM + size + BUF_TAILROOM + 3) & ~3u;
  68. #else
  69. unsigned int buf_size = (BUF_HEADROOM + size + 3) & ~3u;
  70. #endif
  71. skb = alloc_skb_fclone(buf_size, gfp);
  72. if (skb) {
  73. skb_reserve(skb, BUF_HEADROOM);
  74. skb_put(skb, size);
  75. skb->next = NULL;
  76. }
  77. return skb;
  78. }
  79. void tipc_msg_init(u32 own_node, struct tipc_msg *m, u32 user, u32 type,
  80. u32 hsize, u32 dnode)
  81. {
  82. memset(m, 0, hsize);
  83. msg_set_version(m);
  84. msg_set_user(m, user);
  85. msg_set_hdr_sz(m, hsize);
  86. msg_set_size(m, hsize);
  87. msg_set_prevnode(m, own_node);
  88. msg_set_type(m, type);
  89. if (hsize > SHORT_H_SIZE) {
  90. msg_set_orignode(m, own_node);
  91. msg_set_destnode(m, dnode);
  92. }
  93. }
  94. struct sk_buff *tipc_msg_create(uint user, uint type,
  95. uint hdr_sz, uint data_sz, u32 dnode,
  96. u32 onode, u32 dport, u32 oport, int errcode)
  97. {
  98. struct tipc_msg *msg;
  99. struct sk_buff *buf;
  100. buf = tipc_buf_acquire(hdr_sz + data_sz, GFP_ATOMIC);
  101. if (unlikely(!buf))
  102. return NULL;
  103. msg = buf_msg(buf);
  104. tipc_msg_init(onode, msg, user, type, hdr_sz, dnode);
  105. msg_set_size(msg, hdr_sz + data_sz);
  106. msg_set_origport(msg, oport);
  107. msg_set_destport(msg, dport);
  108. msg_set_errcode(msg, errcode);
  109. if (hdr_sz > SHORT_H_SIZE) {
  110. msg_set_orignode(msg, onode);
  111. msg_set_destnode(msg, dnode);
  112. }
  113. return buf;
  114. }
  115. /* tipc_buf_append(): Append a buffer to the fragment list of another buffer
  116. * @*headbuf: in: NULL for first frag, otherwise value returned from prev call
  117. * out: set when successful non-complete reassembly, otherwise NULL
  118. * @*buf: in: the buffer to append. Always defined
  119. * out: head buf after successful complete reassembly, otherwise NULL
  120. * Returns 1 when reassembly complete, otherwise 0
  121. */
  122. int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf)
  123. {
  124. struct sk_buff *head = *headbuf;
  125. struct sk_buff *frag = *buf;
  126. struct sk_buff *tail = NULL;
  127. struct tipc_msg *msg;
  128. u32 fragid;
  129. int delta;
  130. bool headstolen;
  131. if (!frag)
  132. goto err;
  133. msg = buf_msg(frag);
  134. fragid = msg_type(msg);
  135. frag->next = NULL;
  136. skb_pull(frag, msg_hdr_sz(msg));
  137. if (fragid == FIRST_FRAGMENT) {
  138. if (unlikely(head))
  139. goto err;
  140. if (unlikely(skb_unclone(frag, GFP_ATOMIC)))
  141. goto err;
  142. head = *headbuf = frag;
  143. *buf = NULL;
  144. TIPC_SKB_CB(head)->tail = NULL;
  145. if (skb_is_nonlinear(head)) {
  146. skb_walk_frags(head, tail) {
  147. TIPC_SKB_CB(head)->tail = tail;
  148. }
  149. } else {
  150. skb_frag_list_init(head);
  151. }
  152. return 0;
  153. }
  154. if (!head)
  155. goto err;
  156. if (skb_try_coalesce(head, frag, &headstolen, &delta)) {
  157. kfree_skb_partial(frag, headstolen);
  158. } else {
  159. tail = TIPC_SKB_CB(head)->tail;
  160. if (!skb_has_frag_list(head))
  161. skb_shinfo(head)->frag_list = frag;
  162. else
  163. tail->next = frag;
  164. head->truesize += frag->truesize;
  165. head->data_len += frag->len;
  166. head->len += frag->len;
  167. TIPC_SKB_CB(head)->tail = frag;
  168. }
  169. if (fragid == LAST_FRAGMENT) {
  170. TIPC_SKB_CB(head)->validated = 0;
  171. if (unlikely(!tipc_msg_validate(&head)))
  172. goto err;
  173. *buf = head;
  174. TIPC_SKB_CB(head)->tail = NULL;
  175. *headbuf = NULL;
  176. return 1;
  177. }
  178. *buf = NULL;
  179. return 0;
  180. err:
  181. kfree_skb(*buf);
  182. kfree_skb(*headbuf);
  183. *buf = *headbuf = NULL;
  184. return 0;
  185. }
  186. /**
  187. * tipc_msg_append(): Append data to tail of an existing buffer queue
  188. * @hdr: header to be used
  189. * @m: the data to be appended
  190. * @mss: max allowable size of buffer
  191. * @dlen: size of data to be appended
  192. * @txq: queue to appand to
  193. * Returns the number og 1k blocks appended or errno value
  194. */
  195. int tipc_msg_append(struct tipc_msg *_hdr, struct msghdr *m, int dlen,
  196. int mss, struct sk_buff_head *txq)
  197. {
  198. struct sk_buff *skb, *prev;
  199. int accounted, total, curr;
  200. int mlen, cpy, rem = dlen;
  201. struct tipc_msg *hdr;
  202. skb = skb_peek_tail(txq);
  203. accounted = skb ? msg_blocks(buf_msg(skb)) : 0;
  204. total = accounted;
  205. while (rem) {
  206. if (!skb || skb->len >= mss) {
  207. prev = skb;
  208. skb = tipc_buf_acquire(mss, GFP_KERNEL);
  209. if (unlikely(!skb))
  210. return -ENOMEM;
  211. skb_orphan(skb);
  212. skb_trim(skb, MIN_H_SIZE);
  213. hdr = buf_msg(skb);
  214. skb_copy_to_linear_data(skb, _hdr, MIN_H_SIZE);
  215. msg_set_hdr_sz(hdr, MIN_H_SIZE);
  216. msg_set_size(hdr, MIN_H_SIZE);
  217. __skb_queue_tail(txq, skb);
  218. total += 1;
  219. if (prev)
  220. msg_set_ack_required(buf_msg(prev), 0);
  221. msg_set_ack_required(hdr, 1);
  222. }
  223. hdr = buf_msg(skb);
  224. curr = msg_blocks(hdr);
  225. mlen = msg_size(hdr);
  226. cpy = min_t(int, rem, mss - mlen);
  227. if (cpy != copy_from_iter(skb->data + mlen, cpy, &m->msg_iter))
  228. return -EFAULT;
  229. msg_set_size(hdr, mlen + cpy);
  230. skb_put(skb, cpy);
  231. rem -= cpy;
  232. total += msg_blocks(hdr) - curr;
  233. }
  234. return total - accounted;
  235. }
  236. /* tipc_msg_validate - validate basic format of received message
  237. *
  238. * This routine ensures a TIPC message has an acceptable header, and at least
  239. * as much data as the header indicates it should. The routine also ensures
  240. * that the entire message header is stored in the main fragment of the message
  241. * buffer, to simplify future access to message header fields.
  242. *
  243. * Note: Having extra info present in the message header or data areas is OK.
  244. * TIPC will ignore the excess, under the assumption that it is optional info
  245. * introduced by a later release of the protocol.
  246. */
  247. bool tipc_msg_validate(struct sk_buff **_skb)
  248. {
  249. struct sk_buff *skb = *_skb;
  250. struct tipc_msg *hdr;
  251. int msz, hsz;
  252. /* Ensure that flow control ratio condition is satisfied */
  253. if (unlikely(skb->truesize / buf_roundup_len(skb) >= 4)) {
  254. skb = skb_copy_expand(skb, BUF_HEADROOM, 0, GFP_ATOMIC);
  255. if (!skb)
  256. return false;
  257. kfree_skb(*_skb);
  258. *_skb = skb;
  259. }
  260. if (unlikely(TIPC_SKB_CB(skb)->validated))
  261. return true;
  262. if (unlikely(!pskb_may_pull(skb, MIN_H_SIZE)))
  263. return false;
  264. hsz = msg_hdr_sz(buf_msg(skb));
  265. if (unlikely(hsz < MIN_H_SIZE) || (hsz > MAX_H_SIZE))
  266. return false;
  267. if (unlikely(!pskb_may_pull(skb, hsz)))
  268. return false;
  269. hdr = buf_msg(skb);
  270. if (unlikely(msg_version(hdr) != TIPC_VERSION))
  271. return false;
  272. msz = msg_size(hdr);
  273. if (unlikely(msz < hsz))
  274. return false;
  275. if (unlikely((msz - hsz) > TIPC_MAX_USER_MSG_SIZE))
  276. return false;
  277. if (unlikely(skb->len < msz))
  278. return false;
  279. TIPC_SKB_CB(skb)->validated = 1;
  280. return true;
  281. }
  282. /**
  283. * tipc_msg_fragment - build a fragment skb list for TIPC message
  284. *
  285. * @skb: TIPC message skb
  286. * @hdr: internal msg header to be put on the top of the fragments
  287. * @pktmax: max size of a fragment incl. the header
  288. * @frags: returned fragment skb list
  289. *
  290. * Returns 0 if the fragmentation is successful, otherwise: -EINVAL
  291. * or -ENOMEM
  292. */
  293. int tipc_msg_fragment(struct sk_buff *skb, const struct tipc_msg *hdr,
  294. int pktmax, struct sk_buff_head *frags)
  295. {
  296. int pktno, nof_fragms, dsz, dmax, eat;
  297. struct tipc_msg *_hdr;
  298. struct sk_buff *_skb;
  299. u8 *data;
  300. /* Non-linear buffer? */
  301. if (skb_linearize(skb))
  302. return -ENOMEM;
  303. data = (u8 *)skb->data;
  304. dsz = msg_size(buf_msg(skb));
  305. dmax = pktmax - INT_H_SIZE;
  306. if (dsz <= dmax || !dmax)
  307. return -EINVAL;
  308. nof_fragms = dsz / dmax + 1;
  309. for (pktno = 1; pktno <= nof_fragms; pktno++) {
  310. if (pktno < nof_fragms)
  311. eat = dmax;
  312. else
  313. eat = dsz % dmax;
  314. /* Allocate a new fragment */
  315. _skb = tipc_buf_acquire(INT_H_SIZE + eat, GFP_ATOMIC);
  316. if (!_skb)
  317. goto error;
  318. skb_orphan(_skb);
  319. __skb_queue_tail(frags, _skb);
  320. /* Copy header & data to the fragment */
  321. skb_copy_to_linear_data(_skb, hdr, INT_H_SIZE);
  322. skb_copy_to_linear_data_offset(_skb, INT_H_SIZE, data, eat);
  323. data += eat;
  324. /* Update the fragment's header */
  325. _hdr = buf_msg(_skb);
  326. msg_set_fragm_no(_hdr, pktno);
  327. msg_set_nof_fragms(_hdr, nof_fragms);
  328. msg_set_size(_hdr, INT_H_SIZE + eat);
  329. }
  330. return 0;
  331. error:
  332. __skb_queue_purge(frags);
  333. __skb_queue_head_init(frags);
  334. return -ENOMEM;
  335. }
  336. /**
  337. * tipc_msg_build - create buffer chain containing specified header and data
  338. * @mhdr: Message header, to be prepended to data
  339. * @m: User message
  340. * @dsz: Total length of user data
  341. * @pktmax: Max packet size that can be used
  342. * @list: Buffer or chain of buffers to be returned to caller
  343. *
  344. * Note that the recursive call we are making here is safe, since it can
  345. * logically go only one further level down.
  346. *
  347. * Returns message data size or errno: -ENOMEM, -EFAULT
  348. */
  349. int tipc_msg_build(struct tipc_msg *mhdr, struct msghdr *m, int offset,
  350. int dsz, int pktmax, struct sk_buff_head *list)
  351. {
  352. int mhsz = msg_hdr_sz(mhdr);
  353. struct tipc_msg pkthdr;
  354. int msz = mhsz + dsz;
  355. int pktrem = pktmax;
  356. struct sk_buff *skb;
  357. int drem = dsz;
  358. int pktno = 1;
  359. char *pktpos;
  360. int pktsz;
  361. int rc;
  362. msg_set_size(mhdr, msz);
  363. /* No fragmentation needed? */
  364. if (likely(msz <= pktmax)) {
  365. skb = tipc_buf_acquire(msz, GFP_KERNEL);
  366. /* Fall back to smaller MTU if node local message */
  367. if (unlikely(!skb)) {
  368. if (pktmax != MAX_MSG_SIZE)
  369. return -ENOMEM;
  370. rc = tipc_msg_build(mhdr, m, offset, dsz, FB_MTU, list);
  371. if (rc != dsz)
  372. return rc;
  373. if (tipc_msg_assemble(list))
  374. return dsz;
  375. return -ENOMEM;
  376. }
  377. skb_orphan(skb);
  378. __skb_queue_tail(list, skb);
  379. skb_copy_to_linear_data(skb, mhdr, mhsz);
  380. pktpos = skb->data + mhsz;
  381. if (copy_from_iter_full(pktpos, dsz, &m->msg_iter))
  382. return dsz;
  383. rc = -EFAULT;
  384. goto error;
  385. }
  386. /* Prepare reusable fragment header */
  387. tipc_msg_init(msg_prevnode(mhdr), &pkthdr, MSG_FRAGMENTER,
  388. FIRST_FRAGMENT, INT_H_SIZE, msg_destnode(mhdr));
  389. msg_set_size(&pkthdr, pktmax);
  390. msg_set_fragm_no(&pkthdr, pktno);
  391. msg_set_importance(&pkthdr, msg_importance(mhdr));
  392. /* Prepare first fragment */
  393. skb = tipc_buf_acquire(pktmax, GFP_KERNEL);
  394. if (!skb)
  395. return -ENOMEM;
  396. skb_orphan(skb);
  397. __skb_queue_tail(list, skb);
  398. pktpos = skb->data;
  399. skb_copy_to_linear_data(skb, &pkthdr, INT_H_SIZE);
  400. pktpos += INT_H_SIZE;
  401. pktrem -= INT_H_SIZE;
  402. skb_copy_to_linear_data_offset(skb, INT_H_SIZE, mhdr, mhsz);
  403. pktpos += mhsz;
  404. pktrem -= mhsz;
  405. do {
  406. if (drem < pktrem)
  407. pktrem = drem;
  408. if (!copy_from_iter_full(pktpos, pktrem, &m->msg_iter)) {
  409. rc = -EFAULT;
  410. goto error;
  411. }
  412. drem -= pktrem;
  413. if (!drem)
  414. break;
  415. /* Prepare new fragment: */
  416. if (drem < (pktmax - INT_H_SIZE))
  417. pktsz = drem + INT_H_SIZE;
  418. else
  419. pktsz = pktmax;
  420. skb = tipc_buf_acquire(pktsz, GFP_KERNEL);
  421. if (!skb) {
  422. rc = -ENOMEM;
  423. goto error;
  424. }
  425. skb_orphan(skb);
  426. __skb_queue_tail(list, skb);
  427. msg_set_type(&pkthdr, FRAGMENT);
  428. msg_set_size(&pkthdr, pktsz);
  429. msg_set_fragm_no(&pkthdr, ++pktno);
  430. skb_copy_to_linear_data(skb, &pkthdr, INT_H_SIZE);
  431. pktpos = skb->data + INT_H_SIZE;
  432. pktrem = pktsz - INT_H_SIZE;
  433. } while (1);
  434. msg_set_type(buf_msg(skb), LAST_FRAGMENT);
  435. return dsz;
  436. error:
  437. __skb_queue_purge(list);
  438. __skb_queue_head_init(list);
  439. return rc;
  440. }
  441. /**
  442. * tipc_msg_bundle - Append contents of a buffer to tail of an existing one
  443. * @bskb: the bundle buffer to append to
  444. * @msg: message to be appended
  445. * @max: max allowable size for the bundle buffer
  446. *
  447. * Returns "true" if bundling has been performed, otherwise "false"
  448. */
  449. static bool tipc_msg_bundle(struct sk_buff *bskb, struct tipc_msg *msg,
  450. u32 max)
  451. {
  452. struct tipc_msg *bmsg = buf_msg(bskb);
  453. u32 msz, bsz, offset, pad;
  454. msz = msg_size(msg);
  455. bsz = msg_size(bmsg);
  456. offset = align(bsz);
  457. pad = offset - bsz;
  458. if (unlikely(skb_tailroom(bskb) < (pad + msz)))
  459. return false;
  460. if (unlikely(max < (offset + msz)))
  461. return false;
  462. skb_put(bskb, pad + msz);
  463. skb_copy_to_linear_data_offset(bskb, offset, msg, msz);
  464. msg_set_size(bmsg, offset + msz);
  465. msg_set_msgcnt(bmsg, msg_msgcnt(bmsg) + 1);
  466. return true;
  467. }
  468. /**
  469. * tipc_msg_try_bundle - Try to bundle a new message to the last one
  470. * @tskb: the last/target message to which the new one will be appended
  471. * @skb: the new message skb pointer
  472. * @mss: max message size (header inclusive)
  473. * @dnode: destination node for the message
  474. * @new_bundle: if this call made a new bundle or not
  475. *
  476. * Return: "true" if the new message skb is potential for bundling this time or
  477. * later, in the case a bundling has been done this time, the skb is consumed
  478. * (the skb pointer = NULL).
  479. * Otherwise, "false" if the skb cannot be bundled at all.
  480. */
  481. bool tipc_msg_try_bundle(struct sk_buff *tskb, struct sk_buff **skb, u32 mss,
  482. u32 dnode, bool *new_bundle)
  483. {
  484. struct tipc_msg *msg, *inner, *outer;
  485. u32 tsz;
  486. /* First, check if the new buffer is suitable for bundling */
  487. msg = buf_msg(*skb);
  488. if (msg_user(msg) == MSG_FRAGMENTER)
  489. return false;
  490. if (msg_user(msg) == TUNNEL_PROTOCOL)
  491. return false;
  492. if (msg_user(msg) == BCAST_PROTOCOL)
  493. return false;
  494. if (mss <= INT_H_SIZE + msg_size(msg))
  495. return false;
  496. /* Ok, but the last/target buffer can be empty? */
  497. if (unlikely(!tskb))
  498. return true;
  499. /* Is it a bundle already? Try to bundle the new message to it */
  500. if (msg_user(buf_msg(tskb)) == MSG_BUNDLER) {
  501. *new_bundle = false;
  502. goto bundle;
  503. }
  504. /* Make a new bundle of the two messages if possible */
  505. tsz = msg_size(buf_msg(tskb));
  506. if (unlikely(mss < align(INT_H_SIZE + tsz) + msg_size(msg)))
  507. return true;
  508. if (unlikely(pskb_expand_head(tskb, INT_H_SIZE, mss - tsz - INT_H_SIZE,
  509. GFP_ATOMIC)))
  510. return true;
  511. inner = buf_msg(tskb);
  512. skb_push(tskb, INT_H_SIZE);
  513. outer = buf_msg(tskb);
  514. tipc_msg_init(msg_prevnode(inner), outer, MSG_BUNDLER, 0, INT_H_SIZE,
  515. dnode);
  516. msg_set_importance(outer, msg_importance(inner));
  517. msg_set_size(outer, INT_H_SIZE + tsz);
  518. msg_set_msgcnt(outer, 1);
  519. *new_bundle = true;
  520. bundle:
  521. if (likely(tipc_msg_bundle(tskb, msg, mss))) {
  522. consume_skb(*skb);
  523. *skb = NULL;
  524. }
  525. return true;
  526. }
  527. /**
  528. * tipc_msg_extract(): extract bundled inner packet from buffer
  529. * @skb: buffer to be extracted from.
  530. * @iskb: extracted inner buffer, to be returned
  531. * @pos: position in outer message of msg to be extracted.
  532. * Returns position of next msg
  533. * Consumes outer buffer when last packet extracted
  534. * Returns true when when there is an extracted buffer, otherwise false
  535. */
  536. bool tipc_msg_extract(struct sk_buff *skb, struct sk_buff **iskb, int *pos)
  537. {
  538. struct tipc_msg *hdr, *ihdr;
  539. int imsz;
  540. *iskb = NULL;
  541. if (unlikely(skb_linearize(skb)))
  542. goto none;
  543. hdr = buf_msg(skb);
  544. if (unlikely(*pos > (msg_data_sz(hdr) - MIN_H_SIZE)))
  545. goto none;
  546. ihdr = (struct tipc_msg *)(msg_data(hdr) + *pos);
  547. imsz = msg_size(ihdr);
  548. if ((*pos + imsz) > msg_data_sz(hdr))
  549. goto none;
  550. *iskb = tipc_buf_acquire(imsz, GFP_ATOMIC);
  551. if (!*iskb)
  552. goto none;
  553. skb_copy_to_linear_data(*iskb, ihdr, imsz);
  554. if (unlikely(!tipc_msg_validate(iskb)))
  555. goto none;
  556. *pos += align(imsz);
  557. return true;
  558. none:
  559. kfree_skb(skb);
  560. kfree_skb(*iskb);
  561. *iskb = NULL;
  562. return false;
  563. }
  564. /**
  565. * tipc_msg_reverse(): swap source and destination addresses and add error code
  566. * @own_node: originating node id for reversed message
  567. * @skb: buffer containing message to be reversed; will be consumed
  568. * @err: error code to be set in message, if any
  569. * Replaces consumed buffer with new one when successful
  570. * Returns true if success, otherwise false
  571. */
  572. bool tipc_msg_reverse(u32 own_node, struct sk_buff **skb, int err)
  573. {
  574. struct sk_buff *_skb = *skb;
  575. struct tipc_msg *_hdr, *hdr;
  576. int hlen, dlen;
  577. if (skb_linearize(_skb))
  578. goto exit;
  579. _hdr = buf_msg(_skb);
  580. dlen = min_t(uint, msg_data_sz(_hdr), MAX_FORWARD_SIZE);
  581. hlen = msg_hdr_sz(_hdr);
  582. if (msg_dest_droppable(_hdr))
  583. goto exit;
  584. if (msg_errcode(_hdr))
  585. goto exit;
  586. /* Never return SHORT header */
  587. if (hlen == SHORT_H_SIZE)
  588. hlen = BASIC_H_SIZE;
  589. /* Don't return data along with SYN+, - sender has a clone */
  590. if (msg_is_syn(_hdr) && err == TIPC_ERR_OVERLOAD)
  591. dlen = 0;
  592. /* Allocate new buffer to return */
  593. *skb = tipc_buf_acquire(hlen + dlen, GFP_ATOMIC);
  594. if (!*skb)
  595. goto exit;
  596. memcpy((*skb)->data, _skb->data, msg_hdr_sz(_hdr));
  597. memcpy((*skb)->data + hlen, msg_data(_hdr), dlen);
  598. /* Build reverse header in new buffer */
  599. hdr = buf_msg(*skb);
  600. msg_set_hdr_sz(hdr, hlen);
  601. msg_set_errcode(hdr, err);
  602. msg_set_non_seq(hdr, 0);
  603. msg_set_origport(hdr, msg_destport(_hdr));
  604. msg_set_destport(hdr, msg_origport(_hdr));
  605. msg_set_destnode(hdr, msg_prevnode(_hdr));
  606. msg_set_prevnode(hdr, own_node);
  607. msg_set_orignode(hdr, own_node);
  608. msg_set_size(hdr, hlen + dlen);
  609. skb_orphan(_skb);
  610. kfree_skb(_skb);
  611. return true;
  612. exit:
  613. kfree_skb(_skb);
  614. *skb = NULL;
  615. return false;
  616. }
  617. bool tipc_msg_skb_clone(struct sk_buff_head *msg, struct sk_buff_head *cpy)
  618. {
  619. struct sk_buff *skb, *_skb;
  620. skb_queue_walk(msg, skb) {
  621. _skb = skb_clone(skb, GFP_ATOMIC);
  622. if (!_skb) {
  623. __skb_queue_purge(cpy);
  624. pr_err_ratelimited("Failed to clone buffer chain\n");
  625. return false;
  626. }
  627. __skb_queue_tail(cpy, _skb);
  628. }
  629. return true;
  630. }
  631. /**
  632. * tipc_msg_lookup_dest(): try to find new destination for named message
  633. * @skb: the buffer containing the message.
  634. * @err: error code to be used by caller if lookup fails
  635. * Does not consume buffer
  636. * Returns true if a destination is found, false otherwise
  637. */
  638. bool tipc_msg_lookup_dest(struct net *net, struct sk_buff *skb, int *err)
  639. {
  640. struct tipc_msg *msg = buf_msg(skb);
  641. u32 dport, dnode;
  642. u32 onode = tipc_own_addr(net);
  643. if (!msg_isdata(msg))
  644. return false;
  645. if (!msg_named(msg))
  646. return false;
  647. if (msg_errcode(msg))
  648. return false;
  649. *err = TIPC_ERR_NO_NAME;
  650. if (skb_linearize(skb))
  651. return false;
  652. msg = buf_msg(skb);
  653. if (msg_reroute_cnt(msg))
  654. return false;
  655. dnode = tipc_scope2node(net, msg_lookup_scope(msg));
  656. dport = tipc_nametbl_translate(net, msg_nametype(msg),
  657. msg_nameinst(msg), &dnode);
  658. if (!dport)
  659. return false;
  660. msg_incr_reroute_cnt(msg);
  661. if (dnode != onode)
  662. msg_set_prevnode(msg, onode);
  663. msg_set_destnode(msg, dnode);
  664. msg_set_destport(msg, dport);
  665. *err = TIPC_OK;
  666. return true;
  667. }
  668. /* tipc_msg_assemble() - assemble chain of fragments into one message
  669. */
  670. bool tipc_msg_assemble(struct sk_buff_head *list)
  671. {
  672. struct sk_buff *skb, *tmp = NULL;
  673. if (skb_queue_len(list) == 1)
  674. return true;
  675. while ((skb = __skb_dequeue(list))) {
  676. skb->next = NULL;
  677. if (tipc_buf_append(&tmp, &skb)) {
  678. __skb_queue_tail(list, skb);
  679. return true;
  680. }
  681. if (!tmp)
  682. break;
  683. }
  684. __skb_queue_purge(list);
  685. __skb_queue_head_init(list);
  686. pr_warn("Failed do assemble buffer\n");
  687. return false;
  688. }
  689. /* tipc_msg_reassemble() - clone a buffer chain of fragments and
  690. * reassemble the clones into one message
  691. */
  692. bool tipc_msg_reassemble(struct sk_buff_head *list, struct sk_buff_head *rcvq)
  693. {
  694. struct sk_buff *skb, *_skb;
  695. struct sk_buff *frag = NULL;
  696. struct sk_buff *head = NULL;
  697. int hdr_len;
  698. /* Copy header if single buffer */
  699. if (skb_queue_len(list) == 1) {
  700. skb = skb_peek(list);
  701. hdr_len = skb_headroom(skb) + msg_hdr_sz(buf_msg(skb));
  702. _skb = __pskb_copy(skb, hdr_len, GFP_ATOMIC);
  703. if (!_skb)
  704. return false;
  705. __skb_queue_tail(rcvq, _skb);
  706. return true;
  707. }
  708. /* Clone all fragments and reassemble */
  709. skb_queue_walk(list, skb) {
  710. frag = skb_clone(skb, GFP_ATOMIC);
  711. if (!frag)
  712. goto error;
  713. frag->next = NULL;
  714. if (tipc_buf_append(&head, &frag))
  715. break;
  716. if (!head)
  717. goto error;
  718. }
  719. __skb_queue_tail(rcvq, frag);
  720. return true;
  721. error:
  722. pr_warn("Failed do clone local mcast rcv buffer\n");
  723. kfree_skb(head);
  724. return false;
  725. }
  726. bool tipc_msg_pskb_copy(u32 dst, struct sk_buff_head *msg,
  727. struct sk_buff_head *cpy)
  728. {
  729. struct sk_buff *skb, *_skb;
  730. skb_queue_walk(msg, skb) {
  731. _skb = pskb_copy(skb, GFP_ATOMIC);
  732. if (!_skb) {
  733. __skb_queue_purge(cpy);
  734. return false;
  735. }
  736. msg_set_destnode(buf_msg(_skb), dst);
  737. __skb_queue_tail(cpy, _skb);
  738. }
  739. return true;
  740. }
  741. /* tipc_skb_queue_sorted(); sort pkt into list according to sequence number
  742. * @list: list to be appended to
  743. * @seqno: sequence number of buffer to add
  744. * @skb: buffer to add
  745. */
  746. void __tipc_skb_queue_sorted(struct sk_buff_head *list, u16 seqno,
  747. struct sk_buff *skb)
  748. {
  749. struct sk_buff *_skb, *tmp;
  750. if (skb_queue_empty(list) || less(seqno, buf_seqno(skb_peek(list)))) {
  751. __skb_queue_head(list, skb);
  752. return;
  753. }
  754. if (more(seqno, buf_seqno(skb_peek_tail(list)))) {
  755. __skb_queue_tail(list, skb);
  756. return;
  757. }
  758. skb_queue_walk_safe(list, _skb, tmp) {
  759. if (more(seqno, buf_seqno(_skb)))
  760. continue;
  761. if (seqno == buf_seqno(_skb))
  762. break;
  763. __skb_queue_before(list, _skb, skb);
  764. return;
  765. }
  766. kfree_skb(skb);
  767. }
  768. void tipc_skb_reject(struct net *net, int err, struct sk_buff *skb,
  769. struct sk_buff_head *xmitq)
  770. {
  771. if (tipc_msg_reverse(tipc_own_addr(net), &skb, err))
  772. __skb_queue_tail(xmitq, skb);
  773. }