1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* SCTP kernel implementation 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2002 International Business Machines, Corp. 6 * 7 * This file is part of the SCTP kernel implementation 8 * 9 * These functions are the methods for accessing the SCTP inqueue. 10 * 11 * An SCTP inqueue is a queue into which you push SCTP packets 12 * (which might be bundles or fragments of chunks) and out of which you 13 * pop SCTP whole chunks. 14 * 15 * Please send any bug reports or fixes you make to the 16 * email address(es): 17 * lksctp developers <linux-sctp@vger.kernel.org> 18 * 19 * Written or modified by: 20 * La Monte H.P. Yarroll <piggy@acm.org> 21 * Karl Knutson <karl@athena.chicago.il.us> 22 */ 23 24 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 25 26 #include <net/sctp/sctp.h> 27 #include <net/sctp/sm.h> 28 #include <linux/interrupt.h> 29 #include <linux/slab.h> 30 31 /* Initialize an SCTP inqueue. */ sctp_inq_init(struct sctp_inq * queue)32 void sctp_inq_init(struct sctp_inq *queue) 33 { 34 INIT_LIST_HEAD(&queue->in_chunk_list); 35 queue->in_progress = NULL; 36 37 /* Create a task for delivering data. */ 38 INIT_WORK(&queue->immediate, NULL); 39 } 40 41 /* Properly release the chunk which is being worked on. */ sctp_inq_chunk_free(struct sctp_chunk * chunk)42 static inline void sctp_inq_chunk_free(struct sctp_chunk *chunk) 43 { 44 if (chunk->head_skb) 45 chunk->skb = chunk->head_skb; 46 sctp_chunk_free(chunk); 47 } 48 49 /* Release the memory associated with an SCTP inqueue. */ sctp_inq_free(struct sctp_inq * queue)50 void sctp_inq_free(struct sctp_inq *queue) 51 { 52 struct sctp_chunk *chunk, *tmp; 53 54 /* Empty the queue. */ 55 list_for_each_entry_safe(chunk, tmp, &queue->in_chunk_list, list) { 56 list_del_init(&chunk->list); 57 sctp_chunk_free(chunk); 58 } 59 60 /* If there is a packet which is currently being worked on, 61 * free it as well. 62 */ 63 if (queue->in_progress) { 64 sctp_inq_chunk_free(queue->in_progress); 65 queue->in_progress = NULL; 66 } 67 } 68 69 /* Put a new packet in an SCTP inqueue. 70 * We assume that packet->sctp_hdr is set and in host byte order. 71 */ sctp_inq_push(struct sctp_inq * q,struct sctp_chunk * chunk)72 void sctp_inq_push(struct sctp_inq *q, struct sctp_chunk *chunk) 73 { 74 /* Directly call the packet handling routine. */ 75 if (chunk->rcvr->dead) { 76 sctp_chunk_free(chunk); 77 return; 78 } 79 80 /* We are now calling this either from the soft interrupt 81 * or from the backlog processing. 82 * Eventually, we should clean up inqueue to not rely 83 * on the BH related data structures. 84 */ 85 list_add_tail(&chunk->list, &q->in_chunk_list); 86 if (chunk->asoc) 87 chunk->asoc->stats.ipackets++; 88 q->immediate.func(&q->immediate); 89 } 90 91 /* Peek at the next chunk on the inqeue. */ sctp_inq_peek(struct sctp_inq * queue)92 struct sctp_chunkhdr *sctp_inq_peek(struct sctp_inq *queue) 93 { 94 struct sctp_chunk *chunk; 95 struct sctp_chunkhdr *ch = NULL; 96 97 chunk = queue->in_progress; 98 /* If there is no more chunks in this packet, say so */ 99 if (chunk->singleton || 100 chunk->end_of_packet || 101 chunk->pdiscard) 102 return NULL; 103 104 ch = (struct sctp_chunkhdr *)chunk->chunk_end; 105 106 return ch; 107 } 108 109 110 /* Extract a chunk from an SCTP inqueue. 111 * 112 * WARNING: If you need to put the chunk on another queue, you need to 113 * make a shallow copy (clone) of it. 114 */ sctp_inq_pop(struct sctp_inq * queue)115 struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue) 116 { 117 struct sctp_chunk *chunk; 118 struct sctp_chunkhdr *ch = NULL; 119 120 /* The assumption is that we are safe to process the chunks 121 * at this time. 122 */ 123 124 chunk = queue->in_progress; 125 if (chunk) { 126 /* There is a packet that we have been working on. 127 * Any post processing work to do before we move on? 128 */ 129 if (chunk->singleton || 130 chunk->end_of_packet || 131 chunk->pdiscard) { 132 if (chunk->head_skb == chunk->skb) { 133 chunk->skb = skb_shinfo(chunk->skb)->frag_list; 134 goto new_skb; 135 } 136 if (chunk->skb->next) { 137 chunk->skb = chunk->skb->next; 138 goto new_skb; 139 } 140 141 sctp_inq_chunk_free(chunk); 142 chunk = queue->in_progress = NULL; 143 } else { 144 /* Nothing to do. Next chunk in the packet, please. */ 145 ch = (struct sctp_chunkhdr *)chunk->chunk_end; 146 /* Force chunk->skb->data to chunk->chunk_end. */ 147 skb_pull(chunk->skb, chunk->chunk_end - chunk->skb->data); 148 /* We are guaranteed to pull a SCTP header. */ 149 } 150 } 151 152 /* Do we need to take the next packet out of the queue to process? */ 153 if (!chunk) { 154 struct list_head *entry; 155 156 next_chunk: 157 /* Is the queue empty? */ 158 entry = sctp_list_dequeue(&queue->in_chunk_list); 159 if (!entry) 160 return NULL; 161 162 chunk = list_entry(entry, struct sctp_chunk, list); 163 164 if (skb_is_gso(chunk->skb) && skb_is_gso_sctp(chunk->skb)) { 165 /* GSO-marked skbs but without frags, handle 166 * them normally 167 */ 168 if (skb_shinfo(chunk->skb)->frag_list) 169 chunk->head_skb = chunk->skb; 170 171 /* skbs with "cover letter" */ 172 if (chunk->head_skb && chunk->skb->data_len == chunk->skb->len) 173 chunk->skb = skb_shinfo(chunk->skb)->frag_list; 174 175 if (WARN_ON(!chunk->skb)) { 176 __SCTP_INC_STATS(dev_net(chunk->skb->dev), SCTP_MIB_IN_PKT_DISCARDS); 177 sctp_chunk_free(chunk); 178 goto next_chunk; 179 } 180 } 181 182 if (chunk->asoc) 183 sock_rps_save_rxhash(chunk->asoc->base.sk, chunk->skb); 184 185 queue->in_progress = chunk; 186 187 new_skb: 188 /* This is the first chunk in the packet. */ 189 ch = (struct sctp_chunkhdr *)chunk->skb->data; 190 chunk->singleton = 1; 191 chunk->data_accepted = 0; 192 chunk->pdiscard = 0; 193 chunk->auth = 0; 194 chunk->has_asconf = 0; 195 chunk->end_of_packet = 0; 196 if (chunk->head_skb) { 197 struct sctp_input_cb 198 *cb = SCTP_INPUT_CB(chunk->skb), 199 *head_cb = SCTP_INPUT_CB(chunk->head_skb); 200 201 cb->chunk = head_cb->chunk; 202 cb->af = head_cb->af; 203 } 204 } 205 206 chunk->chunk_hdr = ch; 207 chunk->chunk_end = ((__u8 *)ch) + SCTP_PAD4(ntohs(ch->length)); 208 skb_pull(chunk->skb, sizeof(*ch)); 209 chunk->subh.v = NULL; /* Subheader is no longer valid. */ 210 211 if (chunk->chunk_end + sizeof(*ch) <= skb_tail_pointer(chunk->skb)) { 212 /* This is not a singleton */ 213 chunk->singleton = 0; 214 } else if (chunk->chunk_end > skb_tail_pointer(chunk->skb)) { 215 /* Discard inside state machine. */ 216 chunk->pdiscard = 1; 217 chunk->chunk_end = skb_tail_pointer(chunk->skb); 218 } else { 219 /* We are at the end of the packet, so mark the chunk 220 * in case we need to send a SACK. 221 */ 222 chunk->end_of_packet = 1; 223 } 224 225 pr_debug("+++sctp_inq_pop+++ chunk:%p[%s], length:%d, skb->len:%d\n", 226 chunk, sctp_cname(SCTP_ST_CHUNK(chunk->chunk_hdr->type)), 227 ntohs(chunk->chunk_hdr->length), chunk->skb->len); 228 229 return chunk; 230 } 231 232 /* Set a top-half handler. 233 * 234 * Originally, we the top-half handler was scheduled as a BH. We now 235 * call the handler directly in sctp_inq_push() at a time that 236 * we know we are lock safe. 237 * The intent is that this routine will pull stuff out of the 238 * inqueue and process it. 239 */ sctp_inq_set_th_handler(struct sctp_inq * q,work_func_t callback)240 void sctp_inq_set_th_handler(struct sctp_inq *q, work_func_t callback) 241 { 242 INIT_WORK(&q->immediate, callback); 243 } 244