/net/tipc/msg.c

  1/*
  2 * net/tipc/msg.c: TIPC message header routines
  3 *
  4 * Copyright (c) 2000-2006, 2014-2015, Ericsson AB
  5 * Copyright (c) 2005, 2010-2011, Wind River Systems
  6 * All rights reserved.
  7 *
  8 * Redistribution and use in source and binary forms, with or without
  9 * modification, are permitted provided that the following conditions are met:
 10 *
 11 * 1. Redistributions of source code must retain the above copyright
 12 *    notice, this list of conditions and the following disclaimer.
 13 * 2. Redistributions in binary form must reproduce the above copyright
 14 *    notice, this list of conditions and the following disclaimer in the
 15 *    documentation and/or other materials provided with the distribution.
 16 * 3. Neither the names of the copyright holders nor the names of its
 17 *    contributors may be used to endorse or promote products derived from
 18 *    this software without specific prior written permission.
 19 *
 20 * Alternatively, this software may be distributed under the terms of the
 21 * GNU General Public License ("GPL") version 2 as published by the Free
 22 * Software Foundation.
 23 *
 24 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 25 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 34 * POSSIBILITY OF SUCH DAMAGE.
 35 */
 36
 37#include <net/sock.h>
 38#include "core.h"
 39#include "msg.h"
 40#include "addr.h"
 41#include "name_table.h"
 42#include "crypto.h"
 43
 44#define MAX_FORWARD_SIZE 1024
 45#ifdef CONFIG_TIPC_CRYPTO
 46#define BUF_HEADROOM ALIGN(((LL_MAX_HEADER + 48) + EHDR_MAX_SIZE), 16)
 47#define BUF_TAILROOM (TIPC_AES_GCM_TAG_SIZE)
 48#else
 49#define BUF_HEADROOM (LL_MAX_HEADER + 48)
 50#define BUF_TAILROOM 16
 51#endif
 52
 53static unsigned int align(unsigned int i)
 54{
 55	return (i + 3) & ~3u;
 56}
 57
 58/**
 59 * tipc_buf_acquire - creates a TIPC message buffer
 60 * @size: message size (including TIPC header)
 61 *
 62 * Returns a new buffer with data pointers set to the specified size.
 63 *
 64 * NOTE: Headroom is reserved to allow prepending of a data link header.
 65 *       There may also be unrequested tailroom present at the buffer's end.
 66 */
 67struct sk_buff *tipc_buf_acquire(u32 size, gfp_t gfp)
 68{
 69	struct sk_buff *skb;
 70#ifdef CONFIG_TIPC_CRYPTO
 71	unsigned int buf_size = (BUF_HEADROOM + size + BUF_TAILROOM + 3) & ~3u;
 72#else
 73	unsigned int buf_size = (BUF_HEADROOM + size + 3) & ~3u;
 74#endif
 75
 76	skb = alloc_skb_fclone(buf_size, gfp);
 77	if (skb) {
 78		skb_reserve(skb, BUF_HEADROOM);
 79		skb_put(skb, size);
 80		skb->next = NULL;
 81	}
 82	return skb;
 83}
 84
 85void tipc_msg_init(u32 own_node, struct tipc_msg *m, u32 user, u32 type,
 86		   u32 hsize, u32 dnode)
 87{
 88	memset(m, 0, hsize);
 89	msg_set_version(m);
 90	msg_set_user(m, user);
 91	msg_set_hdr_sz(m, hsize);
 92	msg_set_size(m, hsize);
 93	msg_set_prevnode(m, own_node);
 94	msg_set_type(m, type);
 95	if (hsize > SHORT_H_SIZE) {
 96		msg_set_orignode(m, own_node);
 97		msg_set_destnode(m, dnode);
 98	}
 99}
100
101struct sk_buff *tipc_msg_create(uint user, uint type,
102				uint hdr_sz, uint data_sz, u32 dnode,
103				u32 onode, u32 dport, u32 oport, int errcode)
104{
105	struct tipc_msg *msg;
106	struct sk_buff *buf;
107
108	buf = tipc_buf_acquire(hdr_sz + data_sz, GFP_ATOMIC);
109	if (unlikely(!buf))
110		return NULL;
111
112	msg = buf_msg(buf);
113	tipc_msg_init(onode, msg, user, type, hdr_sz, dnode);
114	msg_set_size(msg, hdr_sz + data_sz);
115	msg_set_origport(msg, oport);
116	msg_set_destport(msg, dport);
117	msg_set_errcode(msg, errcode);
118	if (hdr_sz > SHORT_H_SIZE) {
119		msg_set_orignode(msg, onode);
120		msg_set_destnode(msg, dnode);
121	}
122	return buf;
123}
124
125/* tipc_buf_append(): Append a buffer to the fragment list of another buffer
126 * @*headbuf: in:  NULL for first frag, otherwise value returned from prev call
127 *            out: set when successful non-complete reassembly, otherwise NULL
128 * @*buf:     in:  the buffer to append. Always defined
129 *            out: head buf after successful complete reassembly, otherwise NULL
130 * Returns 1 when reassembly complete, otherwise 0
131 */
132int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf)
133{
134	struct sk_buff *head = *headbuf;
135	struct sk_buff *frag = *buf;
136	struct sk_buff *tail = NULL;
137	struct tipc_msg *msg;
138	u32 fragid;
139	int delta;
140	bool headstolen;
141
142	if (!frag)
143		goto err;
144
145	msg = buf_msg(frag);
146	fragid = msg_type(msg);
147	frag->next = NULL;
148	skb_pull(frag, msg_hdr_sz(msg));
149
150	if (fragid == FIRST_FRAGMENT) {
151		if (unlikely(head))
152			goto err;
153		if (unlikely(skb_unclone(frag, GFP_ATOMIC)))
154			goto err;
155		head = *headbuf = frag;
156		*buf = NULL;
157		TIPC_SKB_CB(head)->tail = NULL;
158		if (skb_is_nonlinear(head)) {
159			skb_walk_frags(head, tail) {
160				TIPC_SKB_CB(head)->tail = tail;
161			}
162		} else {
163			skb_frag_list_init(head);
164		}
165		return 0;
166	}
167
168	if (!head)
169		goto err;
170
171	if (skb_try_coalesce(head, frag, &headstolen, &delta)) {
172		kfree_skb_partial(frag, headstolen);
173	} else {
174		tail = TIPC_SKB_CB(head)->tail;
175		if (!skb_has_frag_list(head))
176			skb_shinfo(head)->frag_list = frag;
177		else
178			tail->next = frag;
179		head->truesize += frag->truesize;
180		head->data_len += frag->len;
181		head->len += frag->len;
182		TIPC_SKB_CB(head)->tail = frag;
183	}
184
185	if (fragid == LAST_FRAGMENT) {
186		TIPC_SKB_CB(head)->validated = 0;
187		if (unlikely(!tipc_msg_validate(&head)))
188			goto err;
189		*buf = head;
190		TIPC_SKB_CB(head)->tail = NULL;
191		*headbuf = NULL;
192		return 1;
193	}
194	*buf = NULL;
195	return 0;
196err:
197	kfree_skb(*buf);
198	kfree_skb(*headbuf);
199	*buf = *headbuf = NULL;
200	return 0;
201}
202
203/**
204 * tipc_msg_append(): Append data to tail of an existing buffer queue
205 * @hdr: header to be used
206 * @m: the data to be appended
207 * @mss: max allowable size of buffer
208 * @dlen: size of data to be appended
209 * @txq: queue to appand to
210 * Returns the number og 1k blocks appended or errno value
211 */
212int tipc_msg_append(struct tipc_msg *_hdr, struct msghdr *m, int dlen,
213		    int mss, struct sk_buff_head *txq)
214{
215	struct sk_buff *skb, *prev;
216	int accounted, total, curr;
217	int mlen, cpy, rem = dlen;
218	struct tipc_msg *hdr;
219
220	skb = skb_peek_tail(txq);
221	accounted = skb ? msg_blocks(buf_msg(skb)) : 0;
222	total = accounted;
223
224	while (rem) {
225		if (!skb || skb->len >= mss) {
226			prev = skb;
227			skb = tipc_buf_acquire(mss, GFP_KERNEL);
228			if (unlikely(!skb))
229				return -ENOMEM;
230			skb_orphan(skb);
231			skb_trim(skb, MIN_H_SIZE);
232			hdr = buf_msg(skb);
233			skb_copy_to_linear_data(skb, _hdr, MIN_H_SIZE);
234			msg_set_hdr_sz(hdr, MIN_H_SIZE);
235			msg_set_size(hdr, MIN_H_SIZE);
236			__skb_queue_tail(txq, skb);
237			total += 1;
238			if (prev)
239				msg_set_ack_required(buf_msg(prev), 0);
240			msg_set_ack_required(hdr, 1);
241		}
242		hdr = buf_msg(skb);
243		curr = msg_blocks(hdr);
244		mlen = msg_size(hdr);
245		cpy = min_t(int, rem, mss - mlen);
246		if (cpy != copy_from_iter(skb->data + mlen, cpy, &m->msg_iter))
247			return -EFAULT;
248		msg_set_size(hdr, mlen + cpy);
249		skb_put(skb, cpy);
250		rem -= cpy;
251		total += msg_blocks(hdr) - curr;
252	}
253	return total - accounted;
254}
255
256/* tipc_msg_validate - validate basic format of received message
257 *
258 * This routine ensures a TIPC message has an acceptable header, and at least
259 * as much data as the header indicates it should.  The routine also ensures
260 * that the entire message header is stored in the main fragment of the message
261 * buffer, to simplify future access to message header fields.
262 *
263 * Note: Having extra info present in the message header or data areas is OK.
264 * TIPC will ignore the excess, under the assumption that it is optional info
265 * introduced by a later release of the protocol.
266 */
267bool tipc_msg_validate(struct sk_buff **_skb)
268{
269	struct sk_buff *skb = *_skb;
270	struct tipc_msg *hdr;
271	int msz, hsz;
272
273	/* Ensure that flow control ratio condition is satisfied */
274	if (unlikely(skb->truesize / buf_roundup_len(skb) >= 4)) {
275		skb = skb_copy_expand(skb, BUF_HEADROOM, 0, GFP_ATOMIC);
276		if (!skb)
277			return false;
278		kfree_skb(*_skb);
279		*_skb = skb;
280	}
281
282	if (unlikely(TIPC_SKB_CB(skb)->validated))
283		return true;
284
285	if (unlikely(!pskb_may_pull(skb, MIN_H_SIZE)))
286		return false;
287
288	hsz = msg_hdr_sz(buf_msg(skb));
289	if (unlikely(hsz < MIN_H_SIZE) || (hsz > MAX_H_SIZE))
290		return false;
291	if (unlikely(!pskb_may_pull(skb, hsz)))
292		return false;
293
294	hdr = buf_msg(skb);
295	if (unlikely(msg_version(hdr) != TIPC_VERSION))
296		return false;
297
298	msz = msg_size(hdr);
299	if (unlikely(msz < hsz))
300		return false;
301	if (unlikely((msz - hsz) > TIPC_MAX_USER_MSG_SIZE))
302		return false;
303	if (unlikely(skb->len < msz))
304		return false;
305
306	TIPC_SKB_CB(skb)->validated = 1;
307	return true;
308}
309
310/**
311 * tipc_msg_fragment - build a fragment skb list for TIPC message
312 *
313 * @skb: TIPC message skb
314 * @hdr: internal msg header to be put on the top of the fragments
315 * @pktmax: max size of a fragment incl. the header
316 * @frags: returned fragment skb list
317 *
318 * Returns 0 if the fragmentation is successful, otherwise: -EINVAL
319 * or -ENOMEM
320 */
321int tipc_msg_fragment(struct sk_buff *skb, const struct tipc_msg *hdr,
322		      int pktmax, struct sk_buff_head *frags)
323{
324	int pktno, nof_fragms, dsz, dmax, eat;
325	struct tipc_msg *_hdr;
326	struct sk_buff *_skb;
327	u8 *data;
328
329	/* Non-linear buffer? */
330	if (skb_linearize(skb))
331		return -ENOMEM;
332
333	data = (u8 *)skb->data;
334	dsz = msg_size(buf_msg(skb));
335	dmax = pktmax - INT_H_SIZE;
336	if (dsz <= dmax || !dmax)
337		return -EINVAL;
338
339	nof_fragms = dsz / dmax + 1;
340	for (pktno = 1; pktno <= nof_fragms; pktno++) {
341		if (pktno < nof_fragms)
342			eat = dmax;
343		else
344			eat = dsz % dmax;
345		/* Allocate a new fragment */
346		_skb = tipc_buf_acquire(INT_H_SIZE + eat, GFP_ATOMIC);
347		if (!_skb)
348			goto error;
349		skb_orphan(_skb);
350		__skb_queue_tail(frags, _skb);
351		/* Copy header & data to the fragment */
352		skb_copy_to_linear_data(_skb, hdr, INT_H_SIZE);
353		skb_copy_to_linear_data_offset(_skb, INT_H_SIZE, data, eat);
354		data += eat;
355		/* Update the fragment's header */
356		_hdr = buf_msg(_skb);
357		msg_set_fragm_no(_hdr, pktno);
358		msg_set_nof_fragms(_hdr, nof_fragms);
359		msg_set_size(_hdr, INT_H_SIZE + eat);
360	}
361	return 0;
362
363error:
364	__skb_queue_purge(frags);
365	__skb_queue_head_init(frags);
366	return -ENOMEM;
367}
368
369/**
370 * tipc_msg_build - create buffer chain containing specified header and data
371 * @mhdr: Message header, to be prepended to data
372 * @m: User message
373 * @dsz: Total length of user data
374 * @pktmax: Max packet size that can be used
375 * @list: Buffer or chain of buffers to be returned to caller
376 *
377 * Note that the recursive call we are making here is safe, since it can
378 * logically go only one further level down.
379 *
380 * Returns message data size or errno: -ENOMEM, -EFAULT
381 */
382int tipc_msg_build(struct tipc_msg *mhdr, struct msghdr *m, int offset,
383		   int dsz, int pktmax, struct sk_buff_head *list)
384{
385	int mhsz = msg_hdr_sz(mhdr);
386	struct tipc_msg pkthdr;
387	int msz = mhsz + dsz;
388	int pktrem = pktmax;
389	struct sk_buff *skb;
390	int drem = dsz;
391	int pktno = 1;
392	char *pktpos;
393	int pktsz;
394	int rc;
395
396	msg_set_size(mhdr, msz);
397
398	/* No fragmentation needed? */
399	if (likely(msz <= pktmax)) {
400		skb = tipc_buf_acquire(msz, GFP_KERNEL);
401
402		/* Fall back to smaller MTU if node local message */
403		if (unlikely(!skb)) {
404			if (pktmax != MAX_MSG_SIZE)
405				return -ENOMEM;
406			rc = tipc_msg_build(mhdr, m, offset, dsz, FB_MTU, list);
407			if (rc != dsz)
408				return rc;
409			if (tipc_msg_assemble(list))
410				return dsz;
411			return -ENOMEM;
412		}
413		skb_orphan(skb);
414		__skb_queue_tail(list, skb);
415		skb_copy_to_linear_data(skb, mhdr, mhsz);
416		pktpos = skb->data + mhsz;
417		if (copy_from_iter_full(pktpos, dsz, &m->msg_iter))
418			return dsz;
419		rc = -EFAULT;
420		goto error;
421	}
422
423	/* Prepare reusable fragment header */
424	tipc_msg_init(msg_prevnode(mhdr), &pkthdr, MSG_FRAGMENTER,
425		      FIRST_FRAGMENT, INT_H_SIZE, msg_destnode(mhdr));
426	msg_set_size(&pkthdr, pktmax);
427	msg_set_fragm_no(&pkthdr, pktno);
428	msg_set_importance(&pkthdr, msg_importance(mhdr));
429
430	/* Prepare first fragment */
431	skb = tipc_buf_acquire(pktmax, GFP_KERNEL);
432	if (!skb)
433		return -ENOMEM;
434	skb_orphan(skb);
435	__skb_queue_tail(list, skb);
436	pktpos = skb->data;
437	skb_copy_to_linear_data(skb, &pkthdr, INT_H_SIZE);
438	pktpos += INT_H_SIZE;
439	pktrem -= INT_H_SIZE;
440	skb_copy_to_linear_data_offset(skb, INT_H_SIZE, mhdr, mhsz);
441	pktpos += mhsz;
442	pktrem -= mhsz;
443
444	do {
445		if (drem < pktrem)
446			pktrem = drem;
447
448		if (!copy_from_iter_full(pktpos, pktrem, &m->msg_iter)) {
449			rc = -EFAULT;
450			goto error;
451		}
452		drem -= pktrem;
453
454		if (!drem)
455			break;
456
457		/* Prepare new fragment: */
458		if (drem < (pktmax - INT_H_SIZE))
459			pktsz = drem + INT_H_SIZE;
460		else
461			pktsz = pktmax;
462		skb = tipc_buf_acquire(pktsz, GFP_KERNEL);
463		if (!skb) {
464			rc = -ENOMEM;
465			goto error;
466		}
467		skb_orphan(skb);
468		__skb_queue_tail(list, skb);
469		msg_set_type(&pkthdr, FRAGMENT);
470		msg_set_size(&pkthdr, pktsz);
471		msg_set_fragm_no(&pkthdr, ++pktno);
472		skb_copy_to_linear_data(skb, &pkthdr, INT_H_SIZE);
473		pktpos = skb->data + INT_H_SIZE;
474		pktrem = pktsz - INT_H_SIZE;
475
476	} while (1);
477	msg_set_type(buf_msg(skb), LAST_FRAGMENT);
478	return dsz;
479error:
480	__skb_queue_purge(list);
481	__skb_queue_head_init(list);
482	return rc;
483}
484
485/**
486 * tipc_msg_bundle - Append contents of a buffer to tail of an existing one
487 * @bskb: the bundle buffer to append to
488 * @msg: message to be appended
489 * @max: max allowable size for the bundle buffer
490 *
491 * Returns "true" if bundling has been performed, otherwise "false"
492 */
493static bool tipc_msg_bundle(struct sk_buff *bskb, struct tipc_msg *msg,
494			    u32 max)
495{
496	struct tipc_msg *bmsg = buf_msg(bskb);
497	u32 msz, bsz, offset, pad;
498
499	msz = msg_size(msg);
500	bsz = msg_size(bmsg);
501	offset = align(bsz);
502	pad = offset - bsz;
503
504	if (unlikely(skb_tailroom(bskb) < (pad + msz)))
505		return false;
506	if (unlikely(max < (offset + msz)))
507		return false;
508
509	skb_put(bskb, pad + msz);
510	skb_copy_to_linear_data_offset(bskb, offset, msg, msz);
511	msg_set_size(bmsg, offset + msz);
512	msg_set_msgcnt(bmsg, msg_msgcnt(bmsg) + 1);
513	return true;
514}
515
516/**
517 * tipc_msg_try_bundle - Try to bundle a new message to the last one
518 * @tskb: the last/target message to which the new one will be appended
519 * @skb: the new message skb pointer
520 * @mss: max message size (header inclusive)
521 * @dnode: destination node for the message
522 * @new_bundle: if this call made a new bundle or not
523 *
524 * Return: "true" if the new message skb is potential for bundling this time or
525 * later, in the case a bundling has been done this time, the skb is consumed
526 * (the skb pointer = NULL).
527 * Otherwise, "false" if the skb cannot be bundled at all.
528 */
529bool tipc_msg_try_bundle(struct sk_buff *tskb, struct sk_buff **skb, u32 mss,
530			 u32 dnode, bool *new_bundle)
531{
532	struct tipc_msg *msg, *inner, *outer;
533	u32 tsz;
534
535	/* First, check if the new buffer is suitable for bundling */
536	msg = buf_msg(*skb);
537	if (msg_user(msg) == MSG_FRAGMENTER)
538		return false;
539	if (msg_user(msg) == TUNNEL_PROTOCOL)
540		return false;
541	if (msg_user(msg) == BCAST_PROTOCOL)
542		return false;
543	if (mss <= INT_H_SIZE + msg_size(msg))
544		return false;
545
546	/* Ok, but the last/target buffer can be empty? */
547	if (unlikely(!tskb))
548		return true;
549
550	/* Is it a bundle already? Try to bundle the new message to it */
551	if (msg_user(buf_msg(tskb)) == MSG_BUNDLER) {
552		*new_bundle = false;
553		goto bundle;
554	}
555
556	/* Make a new bundle of the two messages if possible */
557	tsz = msg_size(buf_msg(tskb));
558	if (unlikely(mss < align(INT_H_SIZE + tsz) + msg_size(msg)))
559		return true;
560	if (unlikely(pskb_expand_head(tskb, INT_H_SIZE, mss - tsz - INT_H_SIZE,
561				      GFP_ATOMIC)))
562		return true;
563	inner = buf_msg(tskb);
564	skb_push(tskb, INT_H_SIZE);
565	outer = buf_msg(tskb);
566	tipc_msg_init(msg_prevnode(inner), outer, MSG_BUNDLER, 0, INT_H_SIZE,
567		      dnode);
568	msg_set_importance(outer, msg_importance(inner));
569	msg_set_size(outer, INT_H_SIZE + tsz);
570	msg_set_msgcnt(outer, 1);
571	*new_bundle = true;
572
573bundle:
574	if (likely(tipc_msg_bundle(tskb, msg, mss))) {
575		consume_skb(*skb);
576		*skb = NULL;
577	}
578	return true;
579}
580
581/**
582 *  tipc_msg_extract(): extract bundled inner packet from buffer
583 *  @skb: buffer to be extracted from.
584 *  @iskb: extracted inner buffer, to be returned
585 *  @pos: position in outer message of msg to be extracted.
586 *        Returns position of next msg
587 *  Consumes outer buffer when last packet extracted
588 *  Returns true when when there is an extracted buffer, otherwise false
589 */
590bool tipc_msg_extract(struct sk_buff *skb, struct sk_buff **iskb, int *pos)
591{
592	struct tipc_msg *hdr, *ihdr;
593	int imsz;
594
595	*iskb = NULL;
596	if (unlikely(skb_linearize(skb)))
597		goto none;
598
599	hdr = buf_msg(skb);
600	if (unlikely(*pos > (msg_data_sz(hdr) - MIN_H_SIZE)))
601		goto none;
602
603	ihdr = (struct tipc_msg *)(msg_data(hdr) + *pos);
604	imsz = msg_size(ihdr);
605
606	if ((*pos + imsz) > msg_data_sz(hdr))
607		goto none;
608
609	*iskb = tipc_buf_acquire(imsz, GFP_ATOMIC);
610	if (!*iskb)
611		goto none;
612
613	skb_copy_to_linear_data(*iskb, ihdr, imsz);
614	if (unlikely(!tipc_msg_validate(iskb)))
615		goto none;
616
617	*pos += align(imsz);
618	return true;
619none:
620	kfree_skb(skb);
621	kfree_skb(*iskb);
622	*iskb = NULL;
623	return false;
624}
625
626/**
627 * tipc_msg_reverse(): swap source and destination addresses and add error code
628 * @own_node: originating node id for reversed message
629 * @skb:  buffer containing message to be reversed; will be consumed
630 * @err:  error code to be set in message, if any
631 * Replaces consumed buffer with new one when successful
632 * Returns true if success, otherwise false
633 */
634bool tipc_msg_reverse(u32 own_node,  struct sk_buff **skb, int err)
635{
636	struct sk_buff *_skb = *skb;
637	struct tipc_msg *_hdr, *hdr;
638	int hlen, dlen;
639
640	if (skb_linearize(_skb))
641		goto exit;
642	_hdr = buf_msg(_skb);
643	dlen = min_t(uint, msg_data_sz(_hdr), MAX_FORWARD_SIZE);
644	hlen = msg_hdr_sz(_hdr);
645
646	if (msg_dest_droppable(_hdr))
647		goto exit;
648	if (msg_errcode(_hdr))
649		goto exit;
650
651	/* Never return SHORT header */
652	if (hlen == SHORT_H_SIZE)
653		hlen = BASIC_H_SIZE;
654
655	/* Don't return data along with SYN+, - sender has a clone */
656	if (msg_is_syn(_hdr) && err == TIPC_ERR_OVERLOAD)
657		dlen = 0;
658
659	/* Allocate new buffer to return */
660	*skb = tipc_buf_acquire(hlen + dlen, GFP_ATOMIC);
661	if (!*skb)
662		goto exit;
663	memcpy((*skb)->data, _skb->data, msg_hdr_sz(_hdr));
664	memcpy((*skb)->data + hlen, msg_data(_hdr), dlen);
665
666	/* Build reverse header in new buffer */
667	hdr = buf_msg(*skb);
668	msg_set_hdr_sz(hdr, hlen);
669	msg_set_errcode(hdr, err);
670	msg_set_non_seq(hdr, 0);
671	msg_set_origport(hdr, msg_destport(_hdr));
672	msg_set_destport(hdr, msg_origport(_hdr));
673	msg_set_destnode(hdr, msg_prevnode(_hdr));
674	msg_set_prevnode(hdr, own_node);
675	msg_set_orignode(hdr, own_node);
676	msg_set_size(hdr, hlen + dlen);
677	skb_orphan(_skb);
678	kfree_skb(_skb);
679	return true;
680exit:
681	kfree_skb(_skb);
682	*skb = NULL;
683	return false;
684}
685
686bool tipc_msg_skb_clone(struct sk_buff_head *msg, struct sk_buff_head *cpy)
687{
688	struct sk_buff *skb, *_skb;
689
690	skb_queue_walk(msg, skb) {
691		_skb = skb_clone(skb, GFP_ATOMIC);
692		if (!_skb) {
693			__skb_queue_purge(cpy);
694			pr_err_ratelimited("Failed to clone buffer chain\n");
695			return false;
696		}
697		__skb_queue_tail(cpy, _skb);
698	}
699	return true;
700}
701
702/**
703 * tipc_msg_lookup_dest(): try to find new destination for named message
704 * @skb: the buffer containing the message.
705 * @err: error code to be used by caller if lookup fails
706 * Does not consume buffer
707 * Returns true if a destination is found, false otherwise
708 */
709bool tipc_msg_lookup_dest(struct net *net, struct sk_buff *skb, int *err)
710{
711	struct tipc_msg *msg = buf_msg(skb);
712	u32 dport, dnode;
713	u32 onode = tipc_own_addr(net);
714
715	if (!msg_isdata(msg))
716		return false;
717	if (!msg_named(msg))
718		return false;
719	if (msg_errcode(msg))
720		return false;
721	*err = TIPC_ERR_NO_NAME;
722	if (skb_linearize(skb))
723		return false;
724	msg = buf_msg(skb);
725	if (msg_reroute_cnt(msg))
726		return false;
727	dnode = tipc_scope2node(net, msg_lookup_scope(msg));
728	dport = tipc_nametbl_translate(net, msg_nametype(msg),
729				       msg_nameinst(msg), &dnode);
730	if (!dport)
731		return false;
732	msg_incr_reroute_cnt(msg);
733	if (dnode != onode)
734		msg_set_prevnode(msg, onode);
735	msg_set_destnode(msg, dnode);
736	msg_set_destport(msg, dport);
737	*err = TIPC_OK;
738
739	return true;
740}
741
742/* tipc_msg_assemble() - assemble chain of fragments into one message
743 */
744bool tipc_msg_assemble(struct sk_buff_head *list)
745{
746	struct sk_buff *skb, *tmp = NULL;
747
748	if (skb_queue_len(list) == 1)
749		return true;
750
751	while ((skb = __skb_dequeue(list))) {
752		skb->next = NULL;
753		if (tipc_buf_append(&tmp, &skb)) {
754			__skb_queue_tail(list, skb);
755			return true;
756		}
757		if (!tmp)
758			break;
759	}
760	__skb_queue_purge(list);
761	__skb_queue_head_init(list);
762	pr_warn("Failed do assemble buffer\n");
763	return false;
764}
765
766/* tipc_msg_reassemble() - clone a buffer chain of fragments and
767 *                         reassemble the clones into one message
768 */
769bool tipc_msg_reassemble(struct sk_buff_head *list, struct sk_buff_head *rcvq)
770{
771	struct sk_buff *skb, *_skb;
772	struct sk_buff *frag = NULL;
773	struct sk_buff *head = NULL;
774	int hdr_len;
775
776	/* Copy header if single buffer */
777	if (skb_queue_len(list) == 1) {
778		skb = skb_peek(list);
779		hdr_len = skb_headroom(skb) + msg_hdr_sz(buf_msg(skb));
780		_skb = __pskb_copy(skb, hdr_len, GFP_ATOMIC);
781		if (!_skb)
782			return false;
783		__skb_queue_tail(rcvq, _skb);
784		return true;
785	}
786
787	/* Clone all fragments and reassemble */
788	skb_queue_walk(list, skb) {
789		frag = skb_clone(skb, GFP_ATOMIC);
790		if (!frag)
791			goto error;
792		frag->next = NULL;
793		if (tipc_buf_append(&head, &frag))
794			break;
795		if (!head)
796			goto error;
797	}
798	__skb_queue_tail(rcvq, frag);
799	return true;
800error:
801	pr_warn("Failed do clone local mcast rcv buffer\n");
802	kfree_skb(head);
803	return false;
804}
805
806bool tipc_msg_pskb_copy(u32 dst, struct sk_buff_head *msg,
807			struct sk_buff_head *cpy)
808{
809	struct sk_buff *skb, *_skb;
810
811	skb_queue_walk(msg, skb) {
812		_skb = pskb_copy(skb, GFP_ATOMIC);
813		if (!_skb) {
814			__skb_queue_purge(cpy);
815			return false;
816		}
817		msg_set_destnode(buf_msg(_skb), dst);
818		__skb_queue_tail(cpy, _skb);
819	}
820	return true;
821}
822
823/* tipc_skb_queue_sorted(); sort pkt into list according to sequence number
824 * @list: list to be appended to
825 * @seqno: sequence number of buffer to add
826 * @skb: buffer to add
827 */
828void __tipc_skb_queue_sorted(struct sk_buff_head *list, u16 seqno,
829			     struct sk_buff *skb)
830{
831	struct sk_buff *_skb, *tmp;
832
833	if (skb_queue_empty(list) || less(seqno, buf_seqno(skb_peek(list)))) {
834		__skb_queue_head(list, skb);
835		return;
836	}
837
838	if (more(seqno, buf_seqno(skb_peek_tail(list)))) {
839		__skb_queue_tail(list, skb);
840		return;
841	}
842
843	skb_queue_walk_safe(list, _skb, tmp) {
844		if (more(seqno, buf_seqno(_skb)))
845			continue;
846		if (seqno == buf_seqno(_skb))
847			break;
848		__skb_queue_before(list, _skb, skb);
849		return;
850	}
851	kfree_skb(skb);
852}
853
854void tipc_skb_reject(struct net *net, int err, struct sk_buff *skb,
855		     struct sk_buff_head *xmitq)
856{
857	if (tipc_msg_reverse(tipc_own_addr(net), &skb, err))
858		__skb_queue_tail(xmitq, skb);
859}