]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame_incremental - net/tipc/msg.c
projects / mirror_ubuntu-jammy-kernel.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
gtp: fix an use-before-init in gtp_newlink()
[mirror_ubuntu-jammy-kernel.git] / net / tipc / msg.c
... / ...
CommitLineData
1/*
2 * net/tipc/msg.c: TIPC message header routines
3 *
4 * Copyright (c) 2000-2006, 2014-2015, Ericsson AB
5 * Copyright (c) 2005, 2010-2011, Wind River Systems
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the names of the copyright holders nor the names of its
17 * contributors may be used to endorse or promote products derived from
18 * this software without specific prior written permission.
19 *
20 * Alternatively, this software may be distributed under the terms of the
21 * GNU General Public License ("GPL") version 2 as published by the Free
22 * Software Foundation.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
25 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
34 * POSSIBILITY OF SUCH DAMAGE.
35 */
36
37#include <net/sock.h>
38#include "core.h"
39#include "msg.h"
40#include "addr.h"
41#include "name_table.h"
42#include "crypto.h"
43
44#define MAX_FORWARD_SIZE 1024
45#ifdef CONFIG_TIPC_CRYPTO
46#define BUF_HEADROOM ALIGN(((LL_MAX_HEADER + 48) + EHDR_MAX_SIZE), 16)
47#define BUF_TAILROOM (TIPC_AES_GCM_TAG_SIZE)
48#else
49#define BUF_HEADROOM (LL_MAX_HEADER + 48)
50#define BUF_TAILROOM 16
51#endif
52
53static unsigned int align(unsigned int i)
54{
55 return (i + 3) & ~3u;
56}
57
58/**
59 * tipc_buf_acquire - creates a TIPC message buffer
60 * @size: message size (including TIPC header)
61 *
62 * Returns a new buffer with data pointers set to the specified size.
63 *
64 * NOTE: Headroom is reserved to allow prepending of a data link header.
65 * There may also be unrequested tailroom present at the buffer's end.
66 */
67struct sk_buff *tipc_buf_acquire(u32 size, gfp_t gfp)
68{
69 struct sk_buff *skb;
70#ifdef CONFIG_TIPC_CRYPTO
71 unsigned int buf_size = (BUF_HEADROOM + size + BUF_TAILROOM + 3) & ~3u;
72#else
73 unsigned int buf_size = (BUF_HEADROOM + size + 3) & ~3u;
74#endif
75
76 skb = alloc_skb_fclone(buf_size, gfp);
77 if (skb) {
78 skb_reserve(skb, BUF_HEADROOM);
79 skb_put(skb, size);
80 skb->next = NULL;
81 }
82 return skb;
83}
84
85void tipc_msg_init(u32 own_node, struct tipc_msg *m, u32 user, u32 type,
86 u32 hsize, u32 dnode)
87{
88 memset(m, 0, hsize);
89 msg_set_version(m);
90 msg_set_user(m, user);
91 msg_set_hdr_sz(m, hsize);
92 msg_set_size(m, hsize);
93 msg_set_prevnode(m, own_node);
94 msg_set_type(m, type);
95 if (hsize > SHORT_H_SIZE) {
96 msg_set_orignode(m, own_node);
97 msg_set_destnode(m, dnode);
98 }
99}
100
101struct sk_buff *tipc_msg_create(uint user, uint type,
102 uint hdr_sz, uint data_sz, u32 dnode,
103 u32 onode, u32 dport, u32 oport, int errcode)
104{
105 struct tipc_msg *msg;
106 struct sk_buff *buf;
107
108 buf = tipc_buf_acquire(hdr_sz + data_sz, GFP_ATOMIC);
109 if (unlikely(!buf))
110 return NULL;
111
112 msg = buf_msg(buf);
113 tipc_msg_init(onode, msg, user, type, hdr_sz, dnode);
114 msg_set_size(msg, hdr_sz + data_sz);
115 msg_set_origport(msg, oport);
116 msg_set_destport(msg, dport);
117 msg_set_errcode(msg, errcode);
118 if (hdr_sz > SHORT_H_SIZE) {
119 msg_set_orignode(msg, onode);
120 msg_set_destnode(msg, dnode);
121 }
122 return buf;
123}
124
125/* tipc_buf_append(): Append a buffer to the fragment list of another buffer
126 * @*headbuf: in: NULL for first frag, otherwise value returned from prev call
127 * out: set when successful non-complete reassembly, otherwise NULL
128 * @*buf: in: the buffer to append. Always defined
129 * out: head buf after successful complete reassembly, otherwise NULL
130 * Returns 1 when reassembly complete, otherwise 0
131 */
132int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf)
133{
134 struct sk_buff *head = *headbuf;
135 struct sk_buff *frag = *buf;
136 struct sk_buff *tail = NULL;
137 struct tipc_msg *msg;
138 u32 fragid;
139 int delta;
140 bool headstolen;
141
142 if (!frag)
143 goto err;
144
145 msg = buf_msg(frag);
146 fragid = msg_type(msg);
147 frag->next = NULL;
148 skb_pull(frag, msg_hdr_sz(msg));
149
150 if (fragid == FIRST_FRAGMENT) {
151 if (unlikely(head))
152 goto err;
153 if (skb_cloned(frag))
154 frag = skb_copy(frag, GFP_ATOMIC);
155 if (unlikely(!frag))
156 goto err;
157 head = *headbuf = frag;
158 *buf = NULL;
159 TIPC_SKB_CB(head)->tail = NULL;
160 if (skb_is_nonlinear(head)) {
161 skb_walk_frags(head, tail) {
162 TIPC_SKB_CB(head)->tail = tail;
163 }
164 } else {
165 skb_frag_list_init(head);
166 }
167 return 0;
168 }
169
170 if (!head)
171 goto err;
172
173 if (skb_try_coalesce(head, frag, &headstolen, &delta)) {
174 kfree_skb_partial(frag, headstolen);
175 } else {
176 tail = TIPC_SKB_CB(head)->tail;
177 if (!skb_has_frag_list(head))
178 skb_shinfo(head)->frag_list = frag;
179 else
180 tail->next = frag;
181 head->truesize += frag->truesize;
182 head->data_len += frag->len;
183 head->len += frag->len;
184 TIPC_SKB_CB(head)->tail = frag;
185 }
186
187 if (fragid == LAST_FRAGMENT) {
188 TIPC_SKB_CB(head)->validated = 0;
189 if (unlikely(!tipc_msg_validate(&head)))
190 goto err;
191 *buf = head;
192 TIPC_SKB_CB(head)->tail = NULL;
193 *headbuf = NULL;
194 return 1;
195 }
196 *buf = NULL;
197 return 0;
198err:
199 kfree_skb(*buf);
200 kfree_skb(*headbuf);
201 *buf = *headbuf = NULL;
202 return 0;
203}
204
205/**
206 * tipc_msg_append(): Append data to tail of an existing buffer queue
207 * @_hdr: header to be used
208 * @m: the data to be appended
209 * @mss: max allowable size of buffer
210 * @dlen: size of data to be appended
211 * @txq: queue to appand to
212 * Returns the number og 1k blocks appended or errno value
213 */
214int tipc_msg_append(struct tipc_msg *_hdr, struct msghdr *m, int dlen,
215 int mss, struct sk_buff_head *txq)
216{
217 struct sk_buff *skb;
218 int accounted, total, curr;
219 int mlen, cpy, rem = dlen;
220 struct tipc_msg *hdr;
221
222 skb = skb_peek_tail(txq);
223 accounted = skb ? msg_blocks(buf_msg(skb)) : 0;
224 total = accounted;
225
226 do {
227 if (!skb || skb->len >= mss) {
228 skb = tipc_buf_acquire(mss, GFP_KERNEL);
229 if (unlikely(!skb))
230 return -ENOMEM;
231 skb_orphan(skb);
232 skb_trim(skb, MIN_H_SIZE);
233 hdr = buf_msg(skb);
234 skb_copy_to_linear_data(skb, _hdr, MIN_H_SIZE);
235 msg_set_hdr_sz(hdr, MIN_H_SIZE);
236 msg_set_size(hdr, MIN_H_SIZE);
237 __skb_queue_tail(txq, skb);
238 total += 1;
239 }
240 hdr = buf_msg(skb);
241 curr = msg_blocks(hdr);
242 mlen = msg_size(hdr);
243 cpy = min_t(size_t, rem, mss - mlen);
244 if (cpy != copy_from_iter(skb->data + mlen, cpy, &m->msg_iter))
245 return -EFAULT;
246 msg_set_size(hdr, mlen + cpy);
247 skb_put(skb, cpy);
248 rem -= cpy;
249 total += msg_blocks(hdr) - curr;
250 } while (rem > 0);
251 return total - accounted;
252}
253
254/* tipc_msg_validate - validate basic format of received message
255 *
256 * This routine ensures a TIPC message has an acceptable header, and at least
257 * as much data as the header indicates it should. The routine also ensures
258 * that the entire message header is stored in the main fragment of the message
259 * buffer, to simplify future access to message header fields.
260 *
261 * Note: Having extra info present in the message header or data areas is OK.
262 * TIPC will ignore the excess, under the assumption that it is optional info
263 * introduced by a later release of the protocol.
264 */
265bool tipc_msg_validate(struct sk_buff **_skb)
266{
267 struct sk_buff *skb = *_skb;
268 struct tipc_msg *hdr;
269 int msz, hsz;
270
271 /* Ensure that flow control ratio condition is satisfied */
272 if (unlikely(skb->truesize / buf_roundup_len(skb) >= 4)) {
273 skb = skb_copy_expand(skb, BUF_HEADROOM, 0, GFP_ATOMIC);
274 if (!skb)
275 return false;
276 kfree_skb(*_skb);
277 *_skb = skb;
278 }
279
280 if (unlikely(TIPC_SKB_CB(skb)->validated))
281 return true;
282
283 if (unlikely(!pskb_may_pull(skb, MIN_H_SIZE)))
284 return false;
285
286 hsz = msg_hdr_sz(buf_msg(skb));
287 if (unlikely(hsz < MIN_H_SIZE) || (hsz > MAX_H_SIZE))
288 return false;
289 if (unlikely(!pskb_may_pull(skb, hsz)))
290 return false;
291
292 hdr = buf_msg(skb);
293 if (unlikely(msg_version(hdr) != TIPC_VERSION))
294 return false;
295
296 msz = msg_size(hdr);
297 if (unlikely(msz < hsz))
298 return false;
299 if (unlikely((msz - hsz) > TIPC_MAX_USER_MSG_SIZE))
300 return false;
301 if (unlikely(skb->len < msz))
302 return false;
303
304 TIPC_SKB_CB(skb)->validated = 1;
305 return true;
306}
307
308/**
309 * tipc_msg_fragment - build a fragment skb list for TIPC message
310 *
311 * @skb: TIPC message skb
312 * @hdr: internal msg header to be put on the top of the fragments
313 * @pktmax: max size of a fragment incl. the header
314 * @frags: returned fragment skb list
315 *
316 * Returns 0 if the fragmentation is successful, otherwise: -EINVAL
317 * or -ENOMEM
318 */
319int tipc_msg_fragment(struct sk_buff *skb, const struct tipc_msg *hdr,
320 int pktmax, struct sk_buff_head *frags)
321{
322 int pktno, nof_fragms, dsz, dmax, eat;
323 struct tipc_msg *_hdr;
324 struct sk_buff *_skb;
325 u8 *data;
326
327 /* Non-linear buffer? */
328 if (skb_linearize(skb))
329 return -ENOMEM;
330
331 data = (u8 *)skb->data;
332 dsz = msg_size(buf_msg(skb));
333 dmax = pktmax - INT_H_SIZE;
334 if (dsz <= dmax || !dmax)
335 return -EINVAL;
336
337 nof_fragms = dsz / dmax + 1;
338 for (pktno = 1; pktno <= nof_fragms; pktno++) {
339 if (pktno < nof_fragms)
340 eat = dmax;
341 else
342 eat = dsz % dmax;
343 /* Allocate a new fragment */
344 _skb = tipc_buf_acquire(INT_H_SIZE + eat, GFP_ATOMIC);
345 if (!_skb)
346 goto error;
347 skb_orphan(_skb);
348 __skb_queue_tail(frags, _skb);
349 /* Copy header & data to the fragment */
350 skb_copy_to_linear_data(_skb, hdr, INT_H_SIZE);
351 skb_copy_to_linear_data_offset(_skb, INT_H_SIZE, data, eat);
352 data += eat;
353 /* Update the fragment's header */
354 _hdr = buf_msg(_skb);
355 msg_set_fragm_no(_hdr, pktno);
356 msg_set_nof_fragms(_hdr, nof_fragms);
357 msg_set_size(_hdr, INT_H_SIZE + eat);
358 }
359 return 0;
360
361error:
362 __skb_queue_purge(frags);
363 __skb_queue_head_init(frags);
364 return -ENOMEM;
365}
366
367/**
368 * tipc_msg_build - create buffer chain containing specified header and data
369 * @mhdr: Message header, to be prepended to data
370 * @m: User message
371 * @dsz: Total length of user data
372 * @pktmax: Max packet size that can be used
373 * @list: Buffer or chain of buffers to be returned to caller
374 *
375 * Note that the recursive call we are making here is safe, since it can
376 * logically go only one further level down.
377 *
378 * Returns message data size or errno: -ENOMEM, -EFAULT
379 */
380int tipc_msg_build(struct tipc_msg *mhdr, struct msghdr *m, int offset,
381 int dsz, int pktmax, struct sk_buff_head *list)
382{
383 int mhsz = msg_hdr_sz(mhdr);
384 struct tipc_msg pkthdr;
385 int msz = mhsz + dsz;
386 int pktrem = pktmax;
387 struct sk_buff *skb;
388 int drem = dsz;
389 int pktno = 1;
390 char *pktpos;
391 int pktsz;
392 int rc;
393
394 msg_set_size(mhdr, msz);
395
396 /* No fragmentation needed? */
397 if (likely(msz <= pktmax)) {
398 skb = tipc_buf_acquire(msz, GFP_KERNEL);
399
400 /* Fall back to smaller MTU if node local message */
401 if (unlikely(!skb)) {
402 if (pktmax != MAX_MSG_SIZE)
403 return -ENOMEM;
404 rc = tipc_msg_build(mhdr, m, offset, dsz, FB_MTU, list);
405 if (rc != dsz)
406 return rc;
407 if (tipc_msg_assemble(list))
408 return dsz;
409 return -ENOMEM;
410 }
411 skb_orphan(skb);
412 __skb_queue_tail(list, skb);
413 skb_copy_to_linear_data(skb, mhdr, mhsz);
414 pktpos = skb->data + mhsz;
415 if (copy_from_iter_full(pktpos, dsz, &m->msg_iter))
416 return dsz;
417 rc = -EFAULT;
418 goto error;
419 }
420
421 /* Prepare reusable fragment header */
422 tipc_msg_init(msg_prevnode(mhdr), &pkthdr, MSG_FRAGMENTER,
423 FIRST_FRAGMENT, INT_H_SIZE, msg_destnode(mhdr));
424 msg_set_size(&pkthdr, pktmax);
425 msg_set_fragm_no(&pkthdr, pktno);
426 msg_set_importance(&pkthdr, msg_importance(mhdr));
427
428 /* Prepare first fragment */
429 skb = tipc_buf_acquire(pktmax, GFP_KERNEL);
430 if (!skb)
431 return -ENOMEM;
432 skb_orphan(skb);
433 __skb_queue_tail(list, skb);
434 pktpos = skb->data;
435 skb_copy_to_linear_data(skb, &pkthdr, INT_H_SIZE);
436 pktpos += INT_H_SIZE;
437 pktrem -= INT_H_SIZE;
438 skb_copy_to_linear_data_offset(skb, INT_H_SIZE, mhdr, mhsz);
439 pktpos += mhsz;
440 pktrem -= mhsz;
441
442 do {
443 if (drem < pktrem)
444 pktrem = drem;
445
446 if (!copy_from_iter_full(pktpos, pktrem, &m->msg_iter)) {
447 rc = -EFAULT;
448 goto error;
449 }
450 drem -= pktrem;
451
452 if (!drem)
453 break;
454
455 /* Prepare new fragment: */
456 if (drem < (pktmax - INT_H_SIZE))
457 pktsz = drem + INT_H_SIZE;
458 else
459 pktsz = pktmax;
460 skb = tipc_buf_acquire(pktsz, GFP_KERNEL);
461 if (!skb) {
462 rc = -ENOMEM;
463 goto error;
464 }
465 skb_orphan(skb);
466 __skb_queue_tail(list, skb);
467 msg_set_type(&pkthdr, FRAGMENT);
468 msg_set_size(&pkthdr, pktsz);
469 msg_set_fragm_no(&pkthdr, ++pktno);
470 skb_copy_to_linear_data(skb, &pkthdr, INT_H_SIZE);
471 pktpos = skb->data + INT_H_SIZE;
472 pktrem = pktsz - INT_H_SIZE;
473
474 } while (1);
475 msg_set_type(buf_msg(skb), LAST_FRAGMENT);
476 return dsz;
477error:
478 __skb_queue_purge(list);
479 __skb_queue_head_init(list);
480 return rc;
481}
482
483/**
484 * tipc_msg_bundle - Append contents of a buffer to tail of an existing one
485 * @bskb: the bundle buffer to append to
486 * @msg: message to be appended
487 * @max: max allowable size for the bundle buffer
488 *
489 * Returns "true" if bundling has been performed, otherwise "false"
490 */
491static bool tipc_msg_bundle(struct sk_buff *bskb, struct tipc_msg *msg,
492 u32 max)
493{
494 struct tipc_msg *bmsg = buf_msg(bskb);
495 u32 msz, bsz, offset, pad;
496
497 msz = msg_size(msg);
498 bsz = msg_size(bmsg);
499 offset = align(bsz);
500 pad = offset - bsz;
501
502 if (unlikely(skb_tailroom(bskb) < (pad + msz)))
503 return false;
504 if (unlikely(max < (offset + msz)))
505 return false;
506
507 skb_put(bskb, pad + msz);
508 skb_copy_to_linear_data_offset(bskb, offset, msg, msz);
509 msg_set_size(bmsg, offset + msz);
510 msg_set_msgcnt(bmsg, msg_msgcnt(bmsg) + 1);
511 return true;
512}
513
514/**
515 * tipc_msg_try_bundle - Try to bundle a new message to the last one
516 * @tskb: the last/target message to which the new one will be appended
517 * @skb: the new message skb pointer
518 * @mss: max message size (header inclusive)
519 * @dnode: destination node for the message
520 * @new_bundle: if this call made a new bundle or not
521 *
522 * Return: "true" if the new message skb is potential for bundling this time or
523 * later, in the case a bundling has been done this time, the skb is consumed
524 * (the skb pointer = NULL).
525 * Otherwise, "false" if the skb cannot be bundled at all.
526 */
527bool tipc_msg_try_bundle(struct sk_buff *tskb, struct sk_buff **skb, u32 mss,
528 u32 dnode, bool *new_bundle)
529{
530 struct tipc_msg *msg, *inner, *outer;
531 u32 tsz;
532
533 /* First, check if the new buffer is suitable for bundling */
534 msg = buf_msg(*skb);
535 if (msg_user(msg) == MSG_FRAGMENTER)
536 return false;
537 if (msg_user(msg) == TUNNEL_PROTOCOL)
538 return false;
539 if (msg_user(msg) == BCAST_PROTOCOL)
540 return false;
541 if (mss <= INT_H_SIZE + msg_size(msg))
542 return false;
543
544 /* Ok, but the last/target buffer can be empty? */
545 if (unlikely(!tskb))
546 return true;
547
548 /* Is it a bundle already? Try to bundle the new message to it */
549 if (msg_user(buf_msg(tskb)) == MSG_BUNDLER) {
550 *new_bundle = false;
551 goto bundle;
552 }
553
554 /* Make a new bundle of the two messages if possible */
555 tsz = msg_size(buf_msg(tskb));
556 if (unlikely(mss < align(INT_H_SIZE + tsz) + msg_size(msg)))
557 return true;
558 if (unlikely(pskb_expand_head(tskb, INT_H_SIZE, mss - tsz - INT_H_SIZE,
559 GFP_ATOMIC)))
560 return true;
561 inner = buf_msg(tskb);
562 skb_push(tskb, INT_H_SIZE);
563 outer = buf_msg(tskb);
564 tipc_msg_init(msg_prevnode(inner), outer, MSG_BUNDLER, 0, INT_H_SIZE,
565 dnode);
566 msg_set_importance(outer, msg_importance(inner));
567 msg_set_size(outer, INT_H_SIZE + tsz);
568 msg_set_msgcnt(outer, 1);
569 *new_bundle = true;
570
571bundle:
572 if (likely(tipc_msg_bundle(tskb, msg, mss))) {
573 consume_skb(*skb);
574 *skb = NULL;
575 }
576 return true;
577}
578
579/**
580 * tipc_msg_extract(): extract bundled inner packet from buffer
581 * @skb: buffer to be extracted from.
582 * @iskb: extracted inner buffer, to be returned
583 * @pos: position in outer message of msg to be extracted.
584 * Returns position of next msg
585 * Consumes outer buffer when last packet extracted
586 * Returns true when there is an extracted buffer, otherwise false
587 */
588bool tipc_msg_extract(struct sk_buff *skb, struct sk_buff **iskb, int *pos)
589{
590 struct tipc_msg *hdr, *ihdr;
591 int imsz;
592
593 *iskb = NULL;
594 if (unlikely(skb_linearize(skb)))
595 goto none;
596
597 hdr = buf_msg(skb);
598 if (unlikely(*pos > (msg_data_sz(hdr) - MIN_H_SIZE)))
599 goto none;
600
601 ihdr = (struct tipc_msg *)(msg_data(hdr) + *pos);
602 imsz = msg_size(ihdr);
603
604 if ((*pos + imsz) > msg_data_sz(hdr))
605 goto none;
606
607 *iskb = tipc_buf_acquire(imsz, GFP_ATOMIC);
608 if (!*iskb)
609 goto none;
610
611 skb_copy_to_linear_data(*iskb, ihdr, imsz);
612 if (unlikely(!tipc_msg_validate(iskb)))
613 goto none;
614
615 *pos += align(imsz);
616 return true;
617none:
618 kfree_skb(skb);
619 kfree_skb(*iskb);
620 *iskb = NULL;
621 return false;
622}
623
624/**
625 * tipc_msg_reverse(): swap source and destination addresses and add error code
626 * @own_node: originating node id for reversed message
627 * @skb: buffer containing message to be reversed; will be consumed
628 * @err: error code to be set in message, if any
629 * Replaces consumed buffer with new one when successful
630 * Returns true if success, otherwise false
631 */
632bool tipc_msg_reverse(u32 own_node, struct sk_buff **skb, int err)
633{
634 struct sk_buff *_skb = *skb;
635 struct tipc_msg *_hdr, *hdr;
636 int hlen, dlen;
637
638 if (skb_linearize(_skb))
639 goto exit;
640 _hdr = buf_msg(_skb);
641 dlen = min_t(uint, msg_data_sz(_hdr), MAX_FORWARD_SIZE);
642 hlen = msg_hdr_sz(_hdr);
643
644 if (msg_dest_droppable(_hdr))
645 goto exit;
646 if (msg_errcode(_hdr))
647 goto exit;
648
649 /* Never return SHORT header */
650 if (hlen == SHORT_H_SIZE)
651 hlen = BASIC_H_SIZE;
652
653 /* Don't return data along with SYN+, - sender has a clone */
654 if (msg_is_syn(_hdr) && err == TIPC_ERR_OVERLOAD)
655 dlen = 0;
656
657 /* Allocate new buffer to return */
658 *skb = tipc_buf_acquire(hlen + dlen, GFP_ATOMIC);
659 if (!*skb)
660 goto exit;
661 memcpy((*skb)->data, _skb->data, msg_hdr_sz(_hdr));
662 memcpy((*skb)->data + hlen, msg_data(_hdr), dlen);
663
664 /* Build reverse header in new buffer */
665 hdr = buf_msg(*skb);
666 msg_set_hdr_sz(hdr, hlen);
667 msg_set_errcode(hdr, err);
668 msg_set_non_seq(hdr, 0);
669 msg_set_origport(hdr, msg_destport(_hdr));
670 msg_set_destport(hdr, msg_origport(_hdr));
671 msg_set_destnode(hdr, msg_prevnode(_hdr));
672 msg_set_prevnode(hdr, own_node);
673 msg_set_orignode(hdr, own_node);
674 msg_set_size(hdr, hlen + dlen);
675 skb_orphan(_skb);
676 kfree_skb(_skb);
677 return true;
678exit:
679 kfree_skb(_skb);
680 *skb = NULL;
681 return false;
682}
683
684bool tipc_msg_skb_clone(struct sk_buff_head *msg, struct sk_buff_head *cpy)
685{
686 struct sk_buff *skb, *_skb;
687
688 skb_queue_walk(msg, skb) {
689 _skb = skb_clone(skb, GFP_ATOMIC);
690 if (!_skb) {
691 __skb_queue_purge(cpy);
692 pr_err_ratelimited("Failed to clone buffer chain\n");
693 return false;
694 }
695 __skb_queue_tail(cpy, _skb);
696 }
697 return true;
698}
699
700/**
701 * tipc_msg_lookup_dest(): try to find new destination for named message
702 * @skb: the buffer containing the message.
703 * @err: error code to be used by caller if lookup fails
704 * Does not consume buffer
705 * Returns true if a destination is found, false otherwise
706 */
707bool tipc_msg_lookup_dest(struct net *net, struct sk_buff *skb, int *err)
708{
709 struct tipc_msg *msg = buf_msg(skb);
710 u32 dport, dnode;
711 u32 onode = tipc_own_addr(net);
712
713 if (!msg_isdata(msg))
714 return false;
715 if (!msg_named(msg))
716 return false;
717 if (msg_errcode(msg))
718 return false;
719 *err = TIPC_ERR_NO_NAME;
720 if (skb_linearize(skb))
721 return false;
722 msg = buf_msg(skb);
723 if (msg_reroute_cnt(msg))
724 return false;
725 dnode = tipc_scope2node(net, msg_lookup_scope(msg));
726 dport = tipc_nametbl_translate(net, msg_nametype(msg),
727 msg_nameinst(msg), &dnode);
728 if (!dport)
729 return false;
730 msg_incr_reroute_cnt(msg);
731 if (dnode != onode)
732 msg_set_prevnode(msg, onode);
733 msg_set_destnode(msg, dnode);
734 msg_set_destport(msg, dport);
735 *err = TIPC_OK;
736
737 return true;
738}
739
740/* tipc_msg_assemble() - assemble chain of fragments into one message
741 */
742bool tipc_msg_assemble(struct sk_buff_head *list)
743{
744 struct sk_buff *skb, *tmp = NULL;
745
746 if (skb_queue_len(list) == 1)
747 return true;
748
749 while ((skb = __skb_dequeue(list))) {
750 skb->next = NULL;
751 if (tipc_buf_append(&tmp, &skb)) {
752 __skb_queue_tail(list, skb);
753 return true;
754 }
755 if (!tmp)
756 break;
757 }
758 __skb_queue_purge(list);
759 __skb_queue_head_init(list);
760 pr_warn("Failed do assemble buffer\n");
761 return false;
762}
763
764/* tipc_msg_reassemble() - clone a buffer chain of fragments and
765 * reassemble the clones into one message
766 */
767bool tipc_msg_reassemble(struct sk_buff_head *list, struct sk_buff_head *rcvq)
768{
769 struct sk_buff *skb, *_skb;
770 struct sk_buff *frag = NULL;
771 struct sk_buff *head = NULL;
772 int hdr_len;
773
774 /* Copy header if single buffer */
775 if (skb_queue_len(list) == 1) {
776 skb = skb_peek(list);
777 hdr_len = skb_headroom(skb) + msg_hdr_sz(buf_msg(skb));
778 _skb = __pskb_copy(skb, hdr_len, GFP_ATOMIC);
779 if (!_skb)
780 return false;
781 __skb_queue_tail(rcvq, _skb);
782 return true;
783 }
784
785 /* Clone all fragments and reassemble */
786 skb_queue_walk(list, skb) {
787 frag = skb_clone(skb, GFP_ATOMIC);
788 if (!frag)
789 goto error;
790 frag->next = NULL;
791 if (tipc_buf_append(&head, &frag))
792 break;
793 if (!head)
794 goto error;
795 }
796 __skb_queue_tail(rcvq, frag);
797 return true;
798error:
799 pr_warn("Failed do clone local mcast rcv buffer\n");
800 kfree_skb(head);
801 return false;
802}
803
804bool tipc_msg_pskb_copy(u32 dst, struct sk_buff_head *msg,
805 struct sk_buff_head *cpy)
806{
807 struct sk_buff *skb, *_skb;
808
809 skb_queue_walk(msg, skb) {
810 _skb = pskb_copy(skb, GFP_ATOMIC);
811 if (!_skb) {
812 __skb_queue_purge(cpy);
813 return false;
814 }
815 msg_set_destnode(buf_msg(_skb), dst);
816 __skb_queue_tail(cpy, _skb);
817 }
818 return true;
819}
820
821/* tipc_skb_queue_sorted(); sort pkt into list according to sequence number
822 * @list: list to be appended to
823 * @seqno: sequence number of buffer to add
824 * @skb: buffer to add
825 */
826bool __tipc_skb_queue_sorted(struct sk_buff_head *list, u16 seqno,
827 struct sk_buff *skb)
828{
829 struct sk_buff *_skb, *tmp;
830
831 if (skb_queue_empty(list) || less(seqno, buf_seqno(skb_peek(list)))) {
832 __skb_queue_head(list, skb);
833 return true;
834 }
835
836 if (more(seqno, buf_seqno(skb_peek_tail(list)))) {
837 __skb_queue_tail(list, skb);
838 return true;
839 }
840
841 skb_queue_walk_safe(list, _skb, tmp) {
842 if (more(seqno, buf_seqno(_skb)))
843 continue;
844 if (seqno == buf_seqno(_skb))
845 break;
846 __skb_queue_before(list, _skb, skb);
847 return true;
848 }
849 kfree_skb(skb);
850 return false;
851}
852
853void tipc_skb_reject(struct net *net, int err, struct sk_buff *skb,
854 struct sk_buff_head *xmitq)
855{
856 if (tipc_msg_reverse(tipc_own_addr(net), &skb, err))
857 __skb_queue_tail(xmitq, skb);
858}
Ubuntu Jammy Linux kernel mirror