route.c 41 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * Management Component Transport Protocol (MCTP) - routing
  4. * implementation.
  5. *
  6. * This is currently based on a simple routing table, with no dst cache. The
  7. * number of routes should stay fairly small, so the lookup cost is small.
  8. *
  9. * Copyright (c) 2021 Code Construct
  10. * Copyright (c) 2021 Google
  11. */
  12. #include <linux/idr.h>
  13. #include <linux/kconfig.h>
  14. #include <linux/mctp.h>
  15. #include <linux/netdevice.h>
  16. #include <linux/rtnetlink.h>
  17. #include <linux/skbuff.h>
  18. #include <kunit/static_stub.h>
  19. #include <uapi/linux/if_arp.h>
  20. #include <net/mctp.h>
  21. #include <net/mctpdevice.h>
  22. #include <net/netlink.h>
  23. #include <net/sock.h>
  24. #include <trace/events/mctp.h>
  25. static const unsigned int mctp_message_maxlen = 64 * 1024;
  26. static const unsigned long mctp_key_lifetime = 6 * CONFIG_HZ;
  27. static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev);
  28. /* route output callbacks */
  29. static int mctp_dst_discard(struct mctp_dst *dst, struct sk_buff *skb)
  30. {
  31. kfree_skb(skb);
  32. return 0;
  33. }
  34. static struct mctp_sock *mctp_lookup_bind_details(struct net *net,
  35. struct sk_buff *skb,
  36. u8 type, u8 dest,
  37. u8 src, bool allow_net_any)
  38. {
  39. struct mctp_skb_cb *cb = mctp_cb(skb);
  40. struct sock *sk;
  41. u8 hash;
  42. WARN_ON_ONCE(!rcu_read_lock_held());
  43. hash = mctp_bind_hash(type, dest, src);
  44. sk_for_each_rcu(sk, &net->mctp.binds[hash]) {
  45. struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk);
  46. if (!allow_net_any && msk->bind_net == MCTP_NET_ANY)
  47. continue;
  48. if (msk->bind_net != MCTP_NET_ANY && msk->bind_net != cb->net)
  49. continue;
  50. if (msk->bind_type != type)
  51. continue;
  52. if (msk->bind_peer_set &&
  53. !mctp_address_matches(msk->bind_peer_addr, src))
  54. continue;
  55. if (!mctp_address_matches(msk->bind_local_addr, dest))
  56. continue;
  57. return msk;
  58. }
  59. return NULL;
  60. }
  61. static struct mctp_sock *mctp_lookup_bind(struct net *net, struct sk_buff *skb)
  62. {
  63. struct mctp_sock *msk;
  64. struct mctp_hdr *mh;
  65. u8 type;
  66. /* TODO: look up in skb->cb? */
  67. mh = mctp_hdr(skb);
  68. if (!skb_headlen(skb))
  69. return NULL;
  70. type = (*(u8 *)skb->data) & 0x7f;
  71. /* Look for binds in order of widening scope. A given destination or
  72. * source address also implies matching on a particular network.
  73. *
  74. * - Matching destination and source
  75. * - Matching destination
  76. * - Matching source
  77. * - Matching network, any address
  78. * - Any network or address
  79. */
  80. msk = mctp_lookup_bind_details(net, skb, type, mh->dest, mh->src,
  81. false);
  82. if (msk)
  83. return msk;
  84. msk = mctp_lookup_bind_details(net, skb, type, MCTP_ADDR_ANY, mh->src,
  85. false);
  86. if (msk)
  87. return msk;
  88. msk = mctp_lookup_bind_details(net, skb, type, mh->dest, MCTP_ADDR_ANY,
  89. false);
  90. if (msk)
  91. return msk;
  92. msk = mctp_lookup_bind_details(net, skb, type, MCTP_ADDR_ANY,
  93. MCTP_ADDR_ANY, false);
  94. if (msk)
  95. return msk;
  96. msk = mctp_lookup_bind_details(net, skb, type, MCTP_ADDR_ANY,
  97. MCTP_ADDR_ANY, true);
  98. if (msk)
  99. return msk;
  100. return NULL;
  101. }
  102. /* A note on the key allocations.
  103. *
  104. * struct net->mctp.keys contains our set of currently-allocated keys for
  105. * MCTP tag management. The lookup tuple for these is the peer EID,
  106. * local EID and MCTP tag.
  107. *
  108. * In some cases, the peer EID may be MCTP_EID_ANY: for example, when a
  109. * broadcast message is sent, we may receive responses from any peer EID.
  110. * Because the broadcast dest address is equivalent to ANY, we create
  111. * a key with (local = local-eid, peer = ANY). This allows a match on the
  112. * incoming broadcast responses from any peer.
  113. *
  114. * We perform lookups when packets are received, and when tags are allocated
  115. * in two scenarios:
  116. *
  117. * - when a packet is sent, with a locally-owned tag: we need to find an
  118. * unused tag value for the (local, peer) EID pair.
  119. *
  120. * - when a tag is manually allocated: we need to find an unused tag value
  121. * for the peer EID, but don't have a specific local EID at that stage.
  122. *
  123. * in the latter case, on successful allocation, we end up with a tag with
  124. * (local = ANY, peer = peer-eid).
  125. *
  126. * So, the key set allows both a local EID of ANY, as well as a peer EID of
  127. * ANY in the lookup tuple. Both may be ANY if we prealloc for a broadcast.
  128. * The matching (in mctp_key_match()) during lookup allows the match value to
  129. * be ANY in either the dest or source addresses.
  130. *
  131. * When allocating (+ inserting) a tag, we need to check for conflicts amongst
  132. * the existing tag set. This requires macthing either exactly on the local
  133. * and peer addresses, or either being ANY.
  134. */
  135. static bool mctp_key_match(struct mctp_sk_key *key, unsigned int net,
  136. mctp_eid_t local, mctp_eid_t peer, u8 tag)
  137. {
  138. if (key->net != net)
  139. return false;
  140. if (!mctp_address_matches(key->local_addr, local))
  141. return false;
  142. if (!mctp_address_matches(key->peer_addr, peer))
  143. return false;
  144. if (key->tag != tag)
  145. return false;
  146. return true;
  147. }
  148. /* returns a key (with key->lock held, and refcounted), or NULL if no such
  149. * key exists.
  150. */
  151. static struct mctp_sk_key *mctp_lookup_key(struct net *net, struct sk_buff *skb,
  152. unsigned int netid, mctp_eid_t peer,
  153. unsigned long *irqflags)
  154. __acquires(&key->lock)
  155. {
  156. struct mctp_sk_key *key, *ret;
  157. unsigned long flags;
  158. struct mctp_hdr *mh;
  159. u8 tag;
  160. mh = mctp_hdr(skb);
  161. tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
  162. ret = NULL;
  163. spin_lock_irqsave(&net->mctp.keys_lock, flags);
  164. hlist_for_each_entry(key, &net->mctp.keys, hlist) {
  165. if (!mctp_key_match(key, netid, mh->dest, peer, tag))
  166. continue;
  167. spin_lock(&key->lock);
  168. if (key->valid) {
  169. refcount_inc(&key->refs);
  170. ret = key;
  171. break;
  172. }
  173. spin_unlock(&key->lock);
  174. }
  175. if (ret) {
  176. spin_unlock(&net->mctp.keys_lock);
  177. *irqflags = flags;
  178. } else {
  179. spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
  180. }
  181. return ret;
  182. }
  183. static struct mctp_sk_key *mctp_key_alloc(struct mctp_sock *msk,
  184. unsigned int net,
  185. mctp_eid_t local, mctp_eid_t peer,
  186. u8 tag, gfp_t gfp)
  187. {
  188. struct mctp_sk_key *key;
  189. key = kzalloc_obj(*key, gfp);
  190. if (!key)
  191. return NULL;
  192. key->net = net;
  193. key->peer_addr = peer;
  194. key->local_addr = local;
  195. key->tag = tag;
  196. key->sk = &msk->sk;
  197. key->valid = true;
  198. spin_lock_init(&key->lock);
  199. refcount_set(&key->refs, 1);
  200. sock_hold(key->sk);
  201. return key;
  202. }
  203. void mctp_key_unref(struct mctp_sk_key *key)
  204. {
  205. unsigned long flags;
  206. if (!refcount_dec_and_test(&key->refs))
  207. return;
  208. /* even though no refs exist here, the lock allows us to stay
  209. * consistent with the locking requirement of mctp_dev_release_key
  210. */
  211. spin_lock_irqsave(&key->lock, flags);
  212. mctp_dev_release_key(key->dev, key);
  213. spin_unlock_irqrestore(&key->lock, flags);
  214. sock_put(key->sk);
  215. kfree(key);
  216. }
  217. static int mctp_key_add(struct mctp_sk_key *key, struct mctp_sock *msk)
  218. {
  219. struct net *net = sock_net(&msk->sk);
  220. struct mctp_sk_key *tmp;
  221. unsigned long flags;
  222. int rc = 0;
  223. spin_lock_irqsave(&net->mctp.keys_lock, flags);
  224. if (sock_flag(&msk->sk, SOCK_DEAD)) {
  225. rc = -EINVAL;
  226. goto out_unlock;
  227. }
  228. hlist_for_each_entry(tmp, &net->mctp.keys, hlist) {
  229. if (mctp_key_match(tmp, key->net, key->local_addr,
  230. key->peer_addr, key->tag)) {
  231. spin_lock(&tmp->lock);
  232. if (tmp->valid)
  233. rc = -EEXIST;
  234. spin_unlock(&tmp->lock);
  235. if (rc)
  236. break;
  237. }
  238. }
  239. if (!rc) {
  240. refcount_inc(&key->refs);
  241. key->expiry = jiffies + mctp_key_lifetime;
  242. timer_reduce(&msk->key_expiry, key->expiry);
  243. hlist_add_head(&key->hlist, &net->mctp.keys);
  244. hlist_add_head(&key->sklist, &msk->keys);
  245. }
  246. out_unlock:
  247. spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
  248. return rc;
  249. }
  250. /* Helper for mctp_route_input().
  251. * We're done with the key; unlock and unref the key.
  252. * For the usual case of automatic expiry we remove the key from lists.
  253. * In the case that manual allocation is set on a key we release the lock
  254. * and local ref, reset reassembly, but don't remove from lists.
  255. */
  256. static void __mctp_key_done_in(struct mctp_sk_key *key, struct net *net,
  257. unsigned long flags, unsigned long reason)
  258. __releases(&key->lock)
  259. {
  260. struct sk_buff *skb;
  261. trace_mctp_key_release(key, reason);
  262. skb = key->reasm_head;
  263. key->reasm_head = NULL;
  264. if (!key->manual_alloc) {
  265. key->reasm_dead = true;
  266. key->valid = false;
  267. mctp_dev_release_key(key->dev, key);
  268. }
  269. spin_unlock_irqrestore(&key->lock, flags);
  270. if (!key->manual_alloc) {
  271. spin_lock_irqsave(&net->mctp.keys_lock, flags);
  272. if (!hlist_unhashed(&key->hlist)) {
  273. hlist_del_init(&key->hlist);
  274. hlist_del_init(&key->sklist);
  275. mctp_key_unref(key);
  276. }
  277. spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
  278. }
  279. /* and one for the local reference */
  280. mctp_key_unref(key);
  281. kfree_skb(skb);
  282. }
  283. #ifdef CONFIG_MCTP_FLOWS
  284. static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key)
  285. {
  286. struct mctp_flow *flow;
  287. flow = skb_ext_add(skb, SKB_EXT_MCTP);
  288. if (!flow)
  289. return;
  290. refcount_inc(&key->refs);
  291. flow->key = key;
  292. }
  293. static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev)
  294. {
  295. struct mctp_sk_key *key;
  296. struct mctp_flow *flow;
  297. unsigned long flags;
  298. flow = skb_ext_find(skb, SKB_EXT_MCTP);
  299. if (!flow)
  300. return;
  301. key = flow->key;
  302. spin_lock_irqsave(&key->lock, flags);
  303. if (!key->dev)
  304. mctp_dev_set_key(dev, key);
  305. else
  306. WARN_ON(key->dev != dev);
  307. spin_unlock_irqrestore(&key->lock, flags);
  308. }
  309. #else
  310. static void mctp_skb_set_flow(struct sk_buff *skb, struct mctp_sk_key *key) {}
  311. static void mctp_flow_prepare_output(struct sk_buff *skb, struct mctp_dev *dev) {}
  312. #endif
  313. /* takes ownership of skb, both in success and failure cases */
  314. static int mctp_frag_queue(struct mctp_sk_key *key, struct sk_buff *skb)
  315. {
  316. struct mctp_hdr *hdr = mctp_hdr(skb);
  317. u8 exp_seq, this_seq;
  318. this_seq = (hdr->flags_seq_tag >> MCTP_HDR_SEQ_SHIFT)
  319. & MCTP_HDR_SEQ_MASK;
  320. if (!key->reasm_head) {
  321. /* Since we're manipulating the shared frag_list, ensure it
  322. * isn't shared with any other SKBs. In the cloned case,
  323. * this will free the skb; callers can no longer access it
  324. * safely.
  325. */
  326. key->reasm_head = skb_unshare(skb, GFP_ATOMIC);
  327. if (!key->reasm_head)
  328. return -ENOMEM;
  329. key->reasm_tailp = &(skb_shinfo(key->reasm_head)->frag_list);
  330. key->last_seq = this_seq;
  331. return 0;
  332. }
  333. exp_seq = (key->last_seq + 1) & MCTP_HDR_SEQ_MASK;
  334. if (this_seq != exp_seq)
  335. goto err_free;
  336. if (key->reasm_head->len + skb->len > mctp_message_maxlen)
  337. goto err_free;
  338. skb->next = NULL;
  339. skb->sk = NULL;
  340. *key->reasm_tailp = skb;
  341. key->reasm_tailp = &skb->next;
  342. key->last_seq = this_seq;
  343. key->reasm_head->data_len += skb->len;
  344. key->reasm_head->len += skb->len;
  345. key->reasm_head->truesize += skb->truesize;
  346. return 0;
  347. err_free:
  348. kfree_skb(skb);
  349. return -EINVAL;
  350. }
  351. static int mctp_dst_input(struct mctp_dst *dst, struct sk_buff *skb)
  352. {
  353. struct mctp_sk_key *key, *any_key = NULL;
  354. struct net *net = dev_net(skb->dev);
  355. struct mctp_sock *msk;
  356. struct mctp_hdr *mh;
  357. unsigned int netid;
  358. unsigned long f;
  359. u8 tag, flags;
  360. int rc;
  361. msk = NULL;
  362. rc = -EINVAL;
  363. /* We may be receiving a locally-routed packet; drop source sk
  364. * accounting.
  365. *
  366. * From here, we will either queue the skb - either to a frag_queue, or
  367. * to a receiving socket. When that succeeds, we clear the skb pointer;
  368. * a non-NULL skb on exit will be otherwise unowned, and hence
  369. * kfree_skb()-ed.
  370. */
  371. skb_orphan(skb);
  372. if (skb->pkt_type == PACKET_OUTGOING)
  373. skb->pkt_type = PACKET_LOOPBACK;
  374. /* ensure we have enough data for a header and a type */
  375. if (skb->len < sizeof(struct mctp_hdr) + 1)
  376. goto out;
  377. /* grab header, advance data ptr */
  378. mh = mctp_hdr(skb);
  379. netid = mctp_cb(skb)->net;
  380. skb_pull(skb, sizeof(struct mctp_hdr));
  381. if (mh->ver != 1)
  382. goto out;
  383. flags = mh->flags_seq_tag & (MCTP_HDR_FLAG_SOM | MCTP_HDR_FLAG_EOM);
  384. tag = mh->flags_seq_tag & (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
  385. rcu_read_lock();
  386. /* lookup socket / reasm context, exactly matching (src,dest,tag).
  387. * we hold a ref on the key, and key->lock held.
  388. */
  389. key = mctp_lookup_key(net, skb, netid, mh->src, &f);
  390. if (flags & MCTP_HDR_FLAG_SOM) {
  391. if (key) {
  392. msk = container_of(key->sk, struct mctp_sock, sk);
  393. } else {
  394. /* first response to a broadcast? do a more general
  395. * key lookup to find the socket, but don't use this
  396. * key for reassembly - we'll create a more specific
  397. * one for future packets if required (ie, !EOM).
  398. *
  399. * this lookup requires key->peer to be MCTP_ADDR_ANY,
  400. * it doesn't match just any key->peer.
  401. */
  402. any_key = mctp_lookup_key(net, skb, netid,
  403. MCTP_ADDR_ANY, &f);
  404. if (any_key) {
  405. msk = container_of(any_key->sk,
  406. struct mctp_sock, sk);
  407. spin_unlock_irqrestore(&any_key->lock, f);
  408. }
  409. }
  410. if (!key && !msk && (tag & MCTP_HDR_FLAG_TO))
  411. msk = mctp_lookup_bind(net, skb);
  412. if (!msk) {
  413. rc = -ENOENT;
  414. goto out_unlock;
  415. }
  416. /* single-packet message? deliver to socket, clean up any
  417. * pending key.
  418. */
  419. if (flags & MCTP_HDR_FLAG_EOM) {
  420. rc = sock_queue_rcv_skb(&msk->sk, skb);
  421. if (!rc)
  422. skb = NULL;
  423. if (key) {
  424. /* we've hit a pending reassembly; not much we
  425. * can do but drop it
  426. */
  427. __mctp_key_done_in(key, net, f,
  428. MCTP_TRACE_KEY_REPLIED);
  429. key = NULL;
  430. }
  431. goto out_unlock;
  432. }
  433. /* broadcast response or a bind() - create a key for further
  434. * packets for this message
  435. */
  436. if (!key) {
  437. key = mctp_key_alloc(msk, netid, mh->dest, mh->src,
  438. tag, GFP_ATOMIC);
  439. if (!key) {
  440. rc = -ENOMEM;
  441. goto out_unlock;
  442. }
  443. /* we can queue without the key lock here, as the
  444. * key isn't observable yet
  445. */
  446. mctp_frag_queue(key, skb);
  447. skb = NULL;
  448. /* if the key_add fails, we've raced with another
  449. * SOM packet with the same src, dest and tag. There's
  450. * no way to distinguish future packets, so all we
  451. * can do is drop.
  452. */
  453. rc = mctp_key_add(key, msk);
  454. if (!rc)
  455. trace_mctp_key_acquire(key);
  456. /* we don't need to release key->lock on exit, so
  457. * clean up here and suppress the unlock via
  458. * setting to NULL
  459. */
  460. mctp_key_unref(key);
  461. key = NULL;
  462. } else {
  463. if (key->reasm_head || key->reasm_dead) {
  464. /* duplicate start? drop everything */
  465. __mctp_key_done_in(key, net, f,
  466. MCTP_TRACE_KEY_INVALIDATED);
  467. rc = -EEXIST;
  468. key = NULL;
  469. } else {
  470. rc = mctp_frag_queue(key, skb);
  471. skb = NULL;
  472. }
  473. }
  474. } else if (key) {
  475. /* this packet continues a previous message; reassemble
  476. * using the message-specific key
  477. */
  478. /* we need to be continuing an existing reassembly... */
  479. if (!key->reasm_head) {
  480. rc = -EINVAL;
  481. } else {
  482. rc = mctp_frag_queue(key, skb);
  483. skb = NULL;
  484. }
  485. if (rc)
  486. goto out_unlock;
  487. /* end of message? deliver to socket, and we're done with
  488. * the reassembly/response key
  489. */
  490. if (flags & MCTP_HDR_FLAG_EOM) {
  491. rc = sock_queue_rcv_skb(key->sk, key->reasm_head);
  492. if (!rc)
  493. key->reasm_head = NULL;
  494. __mctp_key_done_in(key, net, f, MCTP_TRACE_KEY_REPLIED);
  495. key = NULL;
  496. }
  497. } else {
  498. /* not a start, no matching key */
  499. rc = -ENOENT;
  500. }
  501. out_unlock:
  502. rcu_read_unlock();
  503. if (key) {
  504. spin_unlock_irqrestore(&key->lock, f);
  505. mctp_key_unref(key);
  506. }
  507. if (any_key)
  508. mctp_key_unref(any_key);
  509. out:
  510. kfree_skb(skb);
  511. return rc;
  512. }
  513. static int mctp_dst_output(struct mctp_dst *dst, struct sk_buff *skb)
  514. {
  515. char daddr_buf[MAX_ADDR_LEN];
  516. char *daddr = NULL;
  517. int rc;
  518. skb->protocol = htons(ETH_P_MCTP);
  519. skb->pkt_type = PACKET_OUTGOING;
  520. skb->dev = dst->dev->dev;
  521. if (skb->len > dst->mtu) {
  522. kfree_skb(skb);
  523. return -EMSGSIZE;
  524. }
  525. /* direct route; use the hwaddr we stashed in sendmsg */
  526. if (dst->halen) {
  527. if (dst->halen != skb->dev->addr_len) {
  528. /* sanity check, sendmsg should have already caught this */
  529. kfree_skb(skb);
  530. return -EMSGSIZE;
  531. }
  532. daddr = dst->haddr;
  533. } else {
  534. /* If lookup fails let the device handle daddr==NULL */
  535. if (mctp_neigh_lookup(dst->dev, dst->nexthop, daddr_buf) == 0)
  536. daddr = daddr_buf;
  537. }
  538. rc = dev_hard_header(skb, skb->dev, ntohs(skb->protocol),
  539. daddr, skb->dev->dev_addr, skb->len);
  540. if (rc < 0) {
  541. kfree_skb(skb);
  542. return -EHOSTUNREACH;
  543. }
  544. mctp_flow_prepare_output(skb, dst->dev);
  545. rc = dev_queue_xmit(skb);
  546. if (rc)
  547. rc = net_xmit_errno(rc);
  548. return rc;
  549. }
  550. /* route alloc/release */
  551. static void mctp_route_release(struct mctp_route *rt)
  552. {
  553. if (refcount_dec_and_test(&rt->refs)) {
  554. if (rt->dst_type == MCTP_ROUTE_DIRECT)
  555. mctp_dev_put(rt->dev);
  556. kfree_rcu(rt, rcu);
  557. }
  558. }
  559. /* returns a route with the refcount at 1 */
  560. static struct mctp_route *mctp_route_alloc(void)
  561. {
  562. struct mctp_route *rt;
  563. rt = kzalloc_obj(*rt);
  564. if (!rt)
  565. return NULL;
  566. INIT_LIST_HEAD(&rt->list);
  567. refcount_set(&rt->refs, 1);
  568. rt->output = mctp_dst_discard;
  569. return rt;
  570. }
  571. unsigned int mctp_default_net(struct net *net)
  572. {
  573. return READ_ONCE(net->mctp.default_net);
  574. }
  575. int mctp_default_net_set(struct net *net, unsigned int index)
  576. {
  577. if (index == 0)
  578. return -EINVAL;
  579. WRITE_ONCE(net->mctp.default_net, index);
  580. return 0;
  581. }
  582. /* tag management */
  583. static void mctp_reserve_tag(struct net *net, struct mctp_sk_key *key,
  584. struct mctp_sock *msk)
  585. {
  586. struct netns_mctp *mns = &net->mctp;
  587. lockdep_assert_held(&mns->keys_lock);
  588. key->expiry = jiffies + mctp_key_lifetime;
  589. timer_reduce(&msk->key_expiry, key->expiry);
  590. /* we hold the net->key_lock here, allowing updates to both
  591. * then net and sk
  592. */
  593. hlist_add_head_rcu(&key->hlist, &mns->keys);
  594. hlist_add_head_rcu(&key->sklist, &msk->keys);
  595. refcount_inc(&key->refs);
  596. }
  597. /* Allocate a locally-owned tag value for (local, peer), and reserve
  598. * it for the socket msk
  599. */
  600. struct mctp_sk_key *mctp_alloc_local_tag(struct mctp_sock *msk,
  601. unsigned int netid,
  602. mctp_eid_t local, mctp_eid_t peer,
  603. bool manual, u8 *tagp)
  604. {
  605. struct net *net = sock_net(&msk->sk);
  606. struct netns_mctp *mns = &net->mctp;
  607. struct mctp_sk_key *key, *tmp;
  608. unsigned long flags;
  609. u8 tagbits;
  610. /* for NULL destination EIDs, we may get a response from any peer */
  611. if (peer == MCTP_ADDR_NULL)
  612. peer = MCTP_ADDR_ANY;
  613. /* be optimistic, alloc now */
  614. key = mctp_key_alloc(msk, netid, local, peer, 0, GFP_KERNEL);
  615. if (!key)
  616. return ERR_PTR(-ENOMEM);
  617. /* 8 possible tag values */
  618. tagbits = 0xff;
  619. spin_lock_irqsave(&mns->keys_lock, flags);
  620. /* Walk through the existing keys, looking for potential conflicting
  621. * tags. If we find a conflict, clear that bit from tagbits
  622. */
  623. hlist_for_each_entry(tmp, &mns->keys, hlist) {
  624. /* We can check the lookup fields (*_addr, tag) without the
  625. * lock held, they don't change over the lifetime of the key.
  626. */
  627. /* tags are net-specific */
  628. if (tmp->net != netid)
  629. continue;
  630. /* if we don't own the tag, it can't conflict */
  631. if (tmp->tag & MCTP_HDR_FLAG_TO)
  632. continue;
  633. /* Since we're avoiding conflicting entries, match peer and
  634. * local addresses, including with a wildcard on ANY. See
  635. * 'A note on key allocations' for background.
  636. */
  637. if (peer != MCTP_ADDR_ANY &&
  638. !mctp_address_matches(tmp->peer_addr, peer))
  639. continue;
  640. if (local != MCTP_ADDR_ANY &&
  641. !mctp_address_matches(tmp->local_addr, local))
  642. continue;
  643. spin_lock(&tmp->lock);
  644. /* key must still be valid. If we find a match, clear the
  645. * potential tag value
  646. */
  647. if (tmp->valid)
  648. tagbits &= ~(1 << tmp->tag);
  649. spin_unlock(&tmp->lock);
  650. if (!tagbits)
  651. break;
  652. }
  653. if (tagbits) {
  654. key->tag = __ffs(tagbits);
  655. mctp_reserve_tag(net, key, msk);
  656. trace_mctp_key_acquire(key);
  657. key->manual_alloc = manual;
  658. *tagp = key->tag;
  659. }
  660. spin_unlock_irqrestore(&mns->keys_lock, flags);
  661. if (!tagbits) {
  662. mctp_key_unref(key);
  663. return ERR_PTR(-EBUSY);
  664. }
  665. return key;
  666. }
  667. static struct mctp_sk_key *mctp_lookup_prealloc_tag(struct mctp_sock *msk,
  668. unsigned int netid,
  669. mctp_eid_t daddr,
  670. u8 req_tag, u8 *tagp)
  671. {
  672. struct net *net = sock_net(&msk->sk);
  673. struct netns_mctp *mns = &net->mctp;
  674. struct mctp_sk_key *key, *tmp;
  675. unsigned long flags;
  676. req_tag &= ~(MCTP_TAG_PREALLOC | MCTP_TAG_OWNER);
  677. key = NULL;
  678. spin_lock_irqsave(&mns->keys_lock, flags);
  679. hlist_for_each_entry(tmp, &mns->keys, hlist) {
  680. if (tmp->net != netid)
  681. continue;
  682. if (tmp->tag != req_tag)
  683. continue;
  684. if (!mctp_address_matches(tmp->peer_addr, daddr))
  685. continue;
  686. if (!tmp->manual_alloc)
  687. continue;
  688. spin_lock(&tmp->lock);
  689. if (tmp->valid) {
  690. key = tmp;
  691. refcount_inc(&key->refs);
  692. spin_unlock(&tmp->lock);
  693. break;
  694. }
  695. spin_unlock(&tmp->lock);
  696. }
  697. spin_unlock_irqrestore(&mns->keys_lock, flags);
  698. if (!key)
  699. return ERR_PTR(-ENOENT);
  700. if (tagp)
  701. *tagp = key->tag;
  702. return key;
  703. }
  704. /* routing lookups */
  705. static unsigned int mctp_route_netid(struct mctp_route *rt)
  706. {
  707. return rt->dst_type == MCTP_ROUTE_DIRECT ?
  708. READ_ONCE(rt->dev->net) : rt->gateway.net;
  709. }
  710. static bool mctp_rt_match_eid(struct mctp_route *rt,
  711. unsigned int net, mctp_eid_t eid)
  712. {
  713. return mctp_route_netid(rt) == net &&
  714. rt->min <= eid && rt->max >= eid;
  715. }
  716. /* compares match, used for duplicate prevention */
  717. static bool mctp_rt_compare_exact(struct mctp_route *rt1,
  718. struct mctp_route *rt2)
  719. {
  720. ASSERT_RTNL();
  721. return mctp_route_netid(rt1) == mctp_route_netid(rt2) &&
  722. rt1->min == rt2->min &&
  723. rt1->max == rt2->max;
  724. }
  725. /* must only be called on a direct route, as the final output hop */
  726. static void mctp_dst_from_route(struct mctp_dst *dst, mctp_eid_t eid,
  727. unsigned int mtu, struct mctp_route *route)
  728. {
  729. mctp_dev_hold(route->dev);
  730. dst->nexthop = eid;
  731. dst->dev = route->dev;
  732. dst->mtu = READ_ONCE(dst->dev->dev->mtu);
  733. if (mtu)
  734. dst->mtu = min(dst->mtu, mtu);
  735. dst->halen = 0;
  736. dst->output = route->output;
  737. }
  738. int mctp_dst_from_extaddr(struct mctp_dst *dst, struct net *net, int ifindex,
  739. unsigned char halen, const unsigned char *haddr)
  740. {
  741. struct net_device *netdev;
  742. struct mctp_dev *dev;
  743. int rc = -ENOENT;
  744. if (halen > sizeof(dst->haddr))
  745. return -EINVAL;
  746. rcu_read_lock();
  747. netdev = dev_get_by_index_rcu(net, ifindex);
  748. if (!netdev)
  749. goto out_unlock;
  750. if (netdev->addr_len != halen) {
  751. rc = -EINVAL;
  752. goto out_unlock;
  753. }
  754. dev = __mctp_dev_get(netdev);
  755. if (!dev)
  756. goto out_unlock;
  757. dst->dev = dev;
  758. dst->mtu = READ_ONCE(netdev->mtu);
  759. dst->halen = halen;
  760. dst->output = mctp_dst_output;
  761. dst->nexthop = 0;
  762. memcpy(dst->haddr, haddr, halen);
  763. rc = 0;
  764. out_unlock:
  765. rcu_read_unlock();
  766. return rc;
  767. }
  768. void mctp_dst_release(struct mctp_dst *dst)
  769. {
  770. mctp_dev_put(dst->dev);
  771. }
  772. static struct mctp_route *mctp_route_lookup_single(struct net *net,
  773. unsigned int dnet,
  774. mctp_eid_t daddr)
  775. {
  776. struct mctp_route *rt;
  777. list_for_each_entry_rcu(rt, &net->mctp.routes, list) {
  778. if (mctp_rt_match_eid(rt, dnet, daddr))
  779. return rt;
  780. }
  781. return NULL;
  782. }
  783. /* populates *dst on successful lookup, if set */
  784. int mctp_route_lookup(struct net *net, unsigned int dnet,
  785. mctp_eid_t daddr, struct mctp_dst *dst)
  786. {
  787. const unsigned int max_depth = 32;
  788. unsigned int depth, mtu = 0;
  789. int rc = -EHOSTUNREACH;
  790. rcu_read_lock();
  791. for (depth = 0; depth < max_depth; depth++) {
  792. struct mctp_route *rt;
  793. rt = mctp_route_lookup_single(net, dnet, daddr);
  794. if (!rt)
  795. break;
  796. /* clamp mtu to the smallest in the path, allowing 0
  797. * to specify no restrictions
  798. */
  799. if (mtu && rt->mtu)
  800. mtu = min(mtu, rt->mtu);
  801. else
  802. mtu = mtu ?: rt->mtu;
  803. if (rt->dst_type == MCTP_ROUTE_DIRECT) {
  804. if (dst)
  805. mctp_dst_from_route(dst, daddr, mtu, rt);
  806. rc = 0;
  807. break;
  808. } else if (rt->dst_type == MCTP_ROUTE_GATEWAY) {
  809. daddr = rt->gateway.eid;
  810. }
  811. }
  812. rcu_read_unlock();
  813. return rc;
  814. }
  815. static int mctp_route_lookup_null(struct net *net, struct net_device *dev,
  816. struct mctp_dst *dst)
  817. {
  818. int rc = -EHOSTUNREACH;
  819. struct mctp_route *rt;
  820. rcu_read_lock();
  821. list_for_each_entry_rcu(rt, &net->mctp.routes, list) {
  822. if (rt->dst_type != MCTP_ROUTE_DIRECT || rt->type != RTN_LOCAL)
  823. continue;
  824. if (rt->dev->dev != dev)
  825. continue;
  826. mctp_dst_from_route(dst, 0, 0, rt);
  827. rc = 0;
  828. break;
  829. }
  830. rcu_read_unlock();
  831. return rc;
  832. }
  833. static int mctp_do_fragment_route(struct mctp_dst *dst, struct sk_buff *skb,
  834. unsigned int mtu, u8 tag)
  835. {
  836. const unsigned int hlen = sizeof(struct mctp_hdr);
  837. struct mctp_hdr *hdr, *hdr2;
  838. unsigned int pos, size, headroom;
  839. struct sk_buff *skb2;
  840. int rc;
  841. u8 seq;
  842. hdr = mctp_hdr(skb);
  843. seq = 0;
  844. rc = 0;
  845. if (mtu < hlen + 1) {
  846. kfree_skb(skb);
  847. return -EMSGSIZE;
  848. }
  849. /* keep same headroom as the original skb */
  850. headroom = skb_headroom(skb);
  851. /* we've got the header */
  852. skb_pull(skb, hlen);
  853. for (pos = 0; pos < skb->len;) {
  854. /* size of message payload */
  855. size = min(mtu - hlen, skb->len - pos);
  856. skb2 = alloc_skb(headroom + hlen + size, GFP_KERNEL);
  857. if (!skb2) {
  858. rc = -ENOMEM;
  859. break;
  860. }
  861. /* generic skb copy */
  862. skb2->protocol = skb->protocol;
  863. skb2->priority = skb->priority;
  864. skb2->dev = skb->dev;
  865. memcpy(skb2->cb, skb->cb, sizeof(skb2->cb));
  866. if (skb->sk)
  867. skb_set_owner_w(skb2, skb->sk);
  868. /* establish packet */
  869. skb_reserve(skb2, headroom);
  870. skb_reset_network_header(skb2);
  871. skb_put(skb2, hlen + size);
  872. skb2->transport_header = skb2->network_header + hlen;
  873. /* copy header fields, calculate SOM/EOM flags & seq */
  874. hdr2 = mctp_hdr(skb2);
  875. hdr2->ver = hdr->ver;
  876. hdr2->dest = hdr->dest;
  877. hdr2->src = hdr->src;
  878. hdr2->flags_seq_tag = tag &
  879. (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
  880. if (pos == 0)
  881. hdr2->flags_seq_tag |= MCTP_HDR_FLAG_SOM;
  882. if (pos + size == skb->len)
  883. hdr2->flags_seq_tag |= MCTP_HDR_FLAG_EOM;
  884. hdr2->flags_seq_tag |= seq << MCTP_HDR_SEQ_SHIFT;
  885. /* copy message payload */
  886. skb_copy_bits(skb, pos, skb_transport_header(skb2), size);
  887. /* we need to copy the extensions, for MCTP flow data */
  888. skb_ext_copy(skb2, skb);
  889. /* do route */
  890. rc = dst->output(dst, skb2);
  891. if (rc)
  892. break;
  893. seq = (seq + 1) & MCTP_HDR_SEQ_MASK;
  894. pos += size;
  895. }
  896. consume_skb(skb);
  897. return rc;
  898. }
  899. int mctp_local_output(struct sock *sk, struct mctp_dst *dst,
  900. struct sk_buff *skb, mctp_eid_t daddr, u8 req_tag)
  901. {
  902. struct mctp_sock *msk = container_of(sk, struct mctp_sock, sk);
  903. struct mctp_sk_key *key;
  904. struct mctp_hdr *hdr;
  905. unsigned long flags;
  906. unsigned int netid;
  907. unsigned int mtu;
  908. mctp_eid_t saddr;
  909. int rc;
  910. u8 tag;
  911. KUNIT_STATIC_STUB_REDIRECT(mctp_local_output, sk, dst, skb, daddr,
  912. req_tag);
  913. rc = -ENODEV;
  914. spin_lock_irqsave(&dst->dev->addrs_lock, flags);
  915. if (dst->dev->num_addrs == 0) {
  916. rc = -EHOSTUNREACH;
  917. } else {
  918. /* use the outbound interface's first address as our source */
  919. saddr = dst->dev->addrs[0];
  920. rc = 0;
  921. }
  922. spin_unlock_irqrestore(&dst->dev->addrs_lock, flags);
  923. netid = READ_ONCE(dst->dev->net);
  924. if (rc)
  925. goto out_release;
  926. if (req_tag & MCTP_TAG_OWNER) {
  927. if (req_tag & MCTP_TAG_PREALLOC)
  928. key = mctp_lookup_prealloc_tag(msk, netid, daddr,
  929. req_tag, &tag);
  930. else
  931. key = mctp_alloc_local_tag(msk, netid, saddr, daddr,
  932. false, &tag);
  933. if (IS_ERR(key)) {
  934. rc = PTR_ERR(key);
  935. goto out_release;
  936. }
  937. mctp_skb_set_flow(skb, key);
  938. /* done with the key in this scope */
  939. mctp_key_unref(key);
  940. tag |= MCTP_HDR_FLAG_TO;
  941. } else {
  942. key = NULL;
  943. tag = req_tag & MCTP_TAG_MASK;
  944. }
  945. skb->pkt_type = PACKET_OUTGOING;
  946. skb->protocol = htons(ETH_P_MCTP);
  947. skb->priority = 0;
  948. skb_reset_transport_header(skb);
  949. skb_push(skb, sizeof(struct mctp_hdr));
  950. skb_reset_network_header(skb);
  951. skb->dev = dst->dev->dev;
  952. /* set up common header fields */
  953. hdr = mctp_hdr(skb);
  954. hdr->ver = 1;
  955. hdr->dest = daddr;
  956. hdr->src = saddr;
  957. mtu = dst->mtu;
  958. if (skb->len + sizeof(struct mctp_hdr) <= mtu) {
  959. hdr->flags_seq_tag = MCTP_HDR_FLAG_SOM |
  960. MCTP_HDR_FLAG_EOM | tag;
  961. rc = dst->output(dst, skb);
  962. } else {
  963. rc = mctp_do_fragment_route(dst, skb, mtu, tag);
  964. }
  965. /* route output functions consume the skb, even on error */
  966. skb = NULL;
  967. out_release:
  968. kfree_skb(skb);
  969. return rc;
  970. }
  971. /* route management */
  972. /* mctp_route_add(): Add the provided route, previously allocated via
  973. * mctp_route_alloc(). On success, takes ownership of @rt, which includes a
  974. * hold on rt->dev for usage in the route table. On failure a caller will want
  975. * to mctp_route_release().
  976. *
  977. * We expect that the caller has set rt->type, rt->dst_type, rt->min, rt->max,
  978. * rt->mtu and either rt->dev (with a reference held appropriately) or
  979. * rt->gateway. Other fields will be populated.
  980. */
  981. static int mctp_route_add(struct net *net, struct mctp_route *rt)
  982. {
  983. struct mctp_route *ert;
  984. if (!mctp_address_unicast(rt->min) || !mctp_address_unicast(rt->max))
  985. return -EINVAL;
  986. if (rt->dst_type == MCTP_ROUTE_DIRECT && !rt->dev)
  987. return -EINVAL;
  988. if (rt->dst_type == MCTP_ROUTE_GATEWAY && !rt->gateway.eid)
  989. return -EINVAL;
  990. switch (rt->type) {
  991. case RTN_LOCAL:
  992. rt->output = mctp_dst_input;
  993. break;
  994. case RTN_UNICAST:
  995. rt->output = mctp_dst_output;
  996. break;
  997. default:
  998. return -EINVAL;
  999. }
  1000. ASSERT_RTNL();
  1001. /* Prevent duplicate identical routes. */
  1002. list_for_each_entry(ert, &net->mctp.routes, list) {
  1003. if (mctp_rt_compare_exact(rt, ert)) {
  1004. return -EEXIST;
  1005. }
  1006. }
  1007. list_add_rcu(&rt->list, &net->mctp.routes);
  1008. return 0;
  1009. }
  1010. static int mctp_route_remove(struct net *net, unsigned int netid,
  1011. mctp_eid_t daddr_start, unsigned int daddr_extent,
  1012. unsigned char type)
  1013. {
  1014. struct mctp_route *rt, *tmp;
  1015. mctp_eid_t daddr_end;
  1016. bool dropped;
  1017. if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255)
  1018. return -EINVAL;
  1019. daddr_end = daddr_start + daddr_extent;
  1020. dropped = false;
  1021. ASSERT_RTNL();
  1022. list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) {
  1023. if (mctp_route_netid(rt) == netid &&
  1024. rt->min == daddr_start && rt->max == daddr_end &&
  1025. rt->type == type) {
  1026. list_del_rcu(&rt->list);
  1027. /* TODO: immediate RTM_DELROUTE */
  1028. mctp_route_release(rt);
  1029. dropped = true;
  1030. }
  1031. }
  1032. return dropped ? 0 : -ENOENT;
  1033. }
  1034. int mctp_route_add_local(struct mctp_dev *mdev, mctp_eid_t addr)
  1035. {
  1036. struct mctp_route *rt;
  1037. int rc;
  1038. rt = mctp_route_alloc();
  1039. if (!rt)
  1040. return -ENOMEM;
  1041. rt->min = addr;
  1042. rt->max = addr;
  1043. rt->dst_type = MCTP_ROUTE_DIRECT;
  1044. rt->dev = mdev;
  1045. rt->type = RTN_LOCAL;
  1046. mctp_dev_hold(rt->dev);
  1047. rc = mctp_route_add(dev_net(mdev->dev), rt);
  1048. if (rc)
  1049. mctp_route_release(rt);
  1050. return rc;
  1051. }
  1052. int mctp_route_remove_local(struct mctp_dev *mdev, mctp_eid_t addr)
  1053. {
  1054. return mctp_route_remove(dev_net(mdev->dev), mdev->net,
  1055. addr, 0, RTN_LOCAL);
  1056. }
  1057. /* removes all entries for a given device */
  1058. void mctp_route_remove_dev(struct mctp_dev *mdev)
  1059. {
  1060. struct net *net = dev_net(mdev->dev);
  1061. struct mctp_route *rt, *tmp;
  1062. ASSERT_RTNL();
  1063. list_for_each_entry_safe(rt, tmp, &net->mctp.routes, list) {
  1064. if (rt->dst_type == MCTP_ROUTE_DIRECT && rt->dev == mdev) {
  1065. list_del_rcu(&rt->list);
  1066. /* TODO: immediate RTM_DELROUTE */
  1067. mctp_route_release(rt);
  1068. }
  1069. }
  1070. }
  1071. /* Incoming packet-handling */
  1072. static int mctp_pkttype_receive(struct sk_buff *skb, struct net_device *dev,
  1073. struct packet_type *pt,
  1074. struct net_device *orig_dev)
  1075. {
  1076. struct net *net = dev_net(dev);
  1077. struct mctp_dev *mdev;
  1078. struct mctp_skb_cb *cb;
  1079. struct mctp_dst dst;
  1080. struct mctp_hdr *mh;
  1081. int rc;
  1082. rcu_read_lock();
  1083. mdev = __mctp_dev_get(dev);
  1084. rcu_read_unlock();
  1085. if (!mdev) {
  1086. /* basic non-data sanity checks */
  1087. goto err_drop;
  1088. }
  1089. if (!pskb_may_pull(skb, sizeof(struct mctp_hdr)))
  1090. goto err_drop;
  1091. skb_reset_transport_header(skb);
  1092. skb_reset_network_header(skb);
  1093. /* We have enough for a header; decode and route */
  1094. mh = mctp_hdr(skb);
  1095. if (mh->ver < MCTP_VER_MIN || mh->ver > MCTP_VER_MAX)
  1096. goto err_drop;
  1097. /* source must be valid unicast or null; drop reserved ranges and
  1098. * broadcast
  1099. */
  1100. if (!(mctp_address_unicast(mh->src) || mctp_address_null(mh->src)))
  1101. goto err_drop;
  1102. /* dest address: as above, but allow broadcast */
  1103. if (!(mctp_address_unicast(mh->dest) || mctp_address_null(mh->dest) ||
  1104. mctp_address_broadcast(mh->dest)))
  1105. goto err_drop;
  1106. /* MCTP drivers must populate halen/haddr */
  1107. if (dev->type == ARPHRD_MCTP) {
  1108. cb = mctp_cb(skb);
  1109. } else {
  1110. cb = __mctp_cb(skb);
  1111. cb->halen = 0;
  1112. }
  1113. cb->net = READ_ONCE(mdev->net);
  1114. cb->ifindex = dev->ifindex;
  1115. rc = mctp_route_lookup(net, cb->net, mh->dest, &dst);
  1116. /* NULL EID, but addressed to our physical address */
  1117. if (rc && mh->dest == MCTP_ADDR_NULL && skb->pkt_type == PACKET_HOST)
  1118. rc = mctp_route_lookup_null(net, dev, &dst);
  1119. if (rc)
  1120. goto err_drop;
  1121. dst.output(&dst, skb);
  1122. mctp_dst_release(&dst);
  1123. mctp_dev_put(mdev);
  1124. return NET_RX_SUCCESS;
  1125. err_drop:
  1126. kfree_skb(skb);
  1127. mctp_dev_put(mdev);
  1128. return NET_RX_DROP;
  1129. }
  1130. static struct packet_type mctp_packet_type = {
  1131. .type = cpu_to_be16(ETH_P_MCTP),
  1132. .func = mctp_pkttype_receive,
  1133. };
  1134. /* netlink interface */
  1135. static const struct nla_policy rta_mctp_policy[RTA_MAX + 1] = {
  1136. [RTA_DST] = { .type = NLA_U8 },
  1137. [RTA_METRICS] = { .type = NLA_NESTED },
  1138. [RTA_OIF] = { .type = NLA_U32 },
  1139. [RTA_GATEWAY] = NLA_POLICY_EXACT_LEN(sizeof(struct mctp_fq_addr)),
  1140. };
  1141. static const struct nla_policy rta_metrics_policy[RTAX_MAX + 1] = {
  1142. [RTAX_MTU] = { .type = NLA_U32 },
  1143. };
  1144. /* base parsing; common to both _lookup and _populate variants.
  1145. *
  1146. * For gateway routes (which have a RTA_GATEWAY, and no RTA_OIF), we populate
  1147. * *gatweayp. for direct routes (RTA_OIF, no RTA_GATEWAY), we populate *mdev.
  1148. */
  1149. static int mctp_route_nlparse_common(struct net *net, struct nlmsghdr *nlh,
  1150. struct netlink_ext_ack *extack,
  1151. struct nlattr **tb, struct rtmsg **rtm,
  1152. struct mctp_dev **mdev,
  1153. struct mctp_fq_addr *gatewayp,
  1154. mctp_eid_t *daddr_start)
  1155. {
  1156. struct mctp_fq_addr *gateway = NULL;
  1157. unsigned int ifindex = 0;
  1158. struct net_device *dev;
  1159. int rc;
  1160. rc = nlmsg_parse(nlh, sizeof(struct rtmsg), tb, RTA_MAX,
  1161. rta_mctp_policy, extack);
  1162. if (rc < 0) {
  1163. NL_SET_ERR_MSG(extack, "incorrect format");
  1164. return rc;
  1165. }
  1166. if (!tb[RTA_DST]) {
  1167. NL_SET_ERR_MSG(extack, "dst EID missing");
  1168. return -EINVAL;
  1169. }
  1170. *daddr_start = nla_get_u8(tb[RTA_DST]);
  1171. if (tb[RTA_OIF])
  1172. ifindex = nla_get_u32(tb[RTA_OIF]);
  1173. if (tb[RTA_GATEWAY])
  1174. gateway = nla_data(tb[RTA_GATEWAY]);
  1175. if (ifindex && gateway) {
  1176. NL_SET_ERR_MSG(extack,
  1177. "cannot specify both ifindex and gateway");
  1178. return -EINVAL;
  1179. } else if (ifindex) {
  1180. dev = __dev_get_by_index(net, ifindex);
  1181. if (!dev) {
  1182. NL_SET_ERR_MSG(extack, "bad ifindex");
  1183. return -ENODEV;
  1184. }
  1185. *mdev = mctp_dev_get_rtnl(dev);
  1186. if (!*mdev)
  1187. return -ENODEV;
  1188. gatewayp->eid = 0;
  1189. } else if (gateway) {
  1190. if (!mctp_address_unicast(gateway->eid)) {
  1191. NL_SET_ERR_MSG(extack, "bad gateway");
  1192. return -EINVAL;
  1193. }
  1194. gatewayp->eid = gateway->eid;
  1195. gatewayp->net = gateway->net != MCTP_NET_ANY ?
  1196. gateway->net :
  1197. READ_ONCE(net->mctp.default_net);
  1198. *mdev = NULL;
  1199. } else {
  1200. NL_SET_ERR_MSG(extack, "no route output provided");
  1201. return -EINVAL;
  1202. }
  1203. *rtm = nlmsg_data(nlh);
  1204. if ((*rtm)->rtm_family != AF_MCTP) {
  1205. NL_SET_ERR_MSG(extack, "route family must be AF_MCTP");
  1206. return -EINVAL;
  1207. }
  1208. if ((*rtm)->rtm_type != RTN_UNICAST) {
  1209. NL_SET_ERR_MSG(extack, "rtm_type must be RTN_UNICAST");
  1210. return -EINVAL;
  1211. }
  1212. return 0;
  1213. }
  1214. /* Route parsing for lookup operations; we only need the "route target"
  1215. * components (ie., network and dest-EID range).
  1216. */
  1217. static int mctp_route_nlparse_lookup(struct net *net, struct nlmsghdr *nlh,
  1218. struct netlink_ext_ack *extack,
  1219. unsigned char *type, unsigned int *netid,
  1220. mctp_eid_t *daddr_start,
  1221. unsigned int *daddr_extent)
  1222. {
  1223. struct nlattr *tb[RTA_MAX + 1];
  1224. struct mctp_fq_addr gw;
  1225. struct mctp_dev *mdev;
  1226. struct rtmsg *rtm;
  1227. int rc;
  1228. rc = mctp_route_nlparse_common(net, nlh, extack, tb, &rtm,
  1229. &mdev, &gw, daddr_start);
  1230. if (rc)
  1231. return rc;
  1232. if (mdev) {
  1233. *netid = mdev->net;
  1234. } else if (gw.eid) {
  1235. *netid = gw.net;
  1236. } else {
  1237. /* bug: _nlparse_common should not allow this */
  1238. return -1;
  1239. }
  1240. *type = rtm->rtm_type;
  1241. *daddr_extent = rtm->rtm_dst_len;
  1242. return 0;
  1243. }
  1244. /* Full route parse for RTM_NEWROUTE: populate @rt. On success,
  1245. * MCTP_ROUTE_DIRECT routes (ie, those with a direct dev) will hold a reference
  1246. * to that dev.
  1247. */
  1248. static int mctp_route_nlparse_populate(struct net *net, struct nlmsghdr *nlh,
  1249. struct netlink_ext_ack *extack,
  1250. struct mctp_route *rt)
  1251. {
  1252. struct nlattr *tbx[RTAX_MAX + 1];
  1253. struct nlattr *tb[RTA_MAX + 1];
  1254. unsigned int daddr_extent;
  1255. struct mctp_fq_addr gw;
  1256. mctp_eid_t daddr_start;
  1257. struct mctp_dev *dev;
  1258. struct rtmsg *rtm;
  1259. u32 mtu = 0;
  1260. int rc;
  1261. rc = mctp_route_nlparse_common(net, nlh, extack, tb, &rtm,
  1262. &dev, &gw, &daddr_start);
  1263. if (rc)
  1264. return rc;
  1265. daddr_extent = rtm->rtm_dst_len;
  1266. if (daddr_extent > 0xff || daddr_extent + daddr_start >= 255) {
  1267. NL_SET_ERR_MSG(extack, "invalid eid range");
  1268. return -EINVAL;
  1269. }
  1270. if (tb[RTA_METRICS]) {
  1271. rc = nla_parse_nested(tbx, RTAX_MAX, tb[RTA_METRICS],
  1272. rta_metrics_policy, NULL);
  1273. if (rc < 0) {
  1274. NL_SET_ERR_MSG(extack, "incorrect RTA_METRICS format");
  1275. return rc;
  1276. }
  1277. if (tbx[RTAX_MTU])
  1278. mtu = nla_get_u32(tbx[RTAX_MTU]);
  1279. }
  1280. rt->type = rtm->rtm_type;
  1281. rt->min = daddr_start;
  1282. rt->max = daddr_start + daddr_extent;
  1283. rt->mtu = mtu;
  1284. if (gw.eid) {
  1285. rt->dst_type = MCTP_ROUTE_GATEWAY;
  1286. rt->gateway.eid = gw.eid;
  1287. rt->gateway.net = gw.net;
  1288. } else {
  1289. rt->dst_type = MCTP_ROUTE_DIRECT;
  1290. rt->dev = dev;
  1291. mctp_dev_hold(rt->dev);
  1292. }
  1293. return 0;
  1294. }
  1295. static int mctp_newroute(struct sk_buff *skb, struct nlmsghdr *nlh,
  1296. struct netlink_ext_ack *extack)
  1297. {
  1298. struct net *net = sock_net(skb->sk);
  1299. struct mctp_route *rt;
  1300. int rc;
  1301. rt = mctp_route_alloc();
  1302. if (!rt)
  1303. return -ENOMEM;
  1304. rc = mctp_route_nlparse_populate(net, nlh, extack, rt);
  1305. if (rc < 0)
  1306. goto err_free;
  1307. if (rt->dst_type == MCTP_ROUTE_DIRECT &&
  1308. rt->dev->dev->flags & IFF_LOOPBACK) {
  1309. NL_SET_ERR_MSG(extack, "no routes to loopback");
  1310. rc = -EINVAL;
  1311. goto err_free;
  1312. }
  1313. rc = mctp_route_add(net, rt);
  1314. if (!rc)
  1315. return 0;
  1316. err_free:
  1317. mctp_route_release(rt);
  1318. return rc;
  1319. }
  1320. static int mctp_delroute(struct sk_buff *skb, struct nlmsghdr *nlh,
  1321. struct netlink_ext_ack *extack)
  1322. {
  1323. struct net *net = sock_net(skb->sk);
  1324. unsigned int netid, daddr_extent;
  1325. unsigned char type = RTN_UNSPEC;
  1326. mctp_eid_t daddr_start;
  1327. int rc;
  1328. rc = mctp_route_nlparse_lookup(net, nlh, extack, &type, &netid,
  1329. &daddr_start, &daddr_extent);
  1330. if (rc < 0)
  1331. return rc;
  1332. /* we only have unicast routes */
  1333. if (type != RTN_UNICAST)
  1334. return -EINVAL;
  1335. rc = mctp_route_remove(net, netid, daddr_start, daddr_extent, type);
  1336. return rc;
  1337. }
  1338. static int mctp_fill_rtinfo(struct sk_buff *skb, struct mctp_route *rt,
  1339. u32 portid, u32 seq, int event, unsigned int flags)
  1340. {
  1341. struct nlmsghdr *nlh;
  1342. struct rtmsg *hdr;
  1343. void *metrics;
  1344. nlh = nlmsg_put(skb, portid, seq, event, sizeof(*hdr), flags);
  1345. if (!nlh)
  1346. return -EMSGSIZE;
  1347. hdr = nlmsg_data(nlh);
  1348. memset(hdr, 0, sizeof(*hdr));
  1349. hdr->rtm_family = AF_MCTP;
  1350. /* we use the _len fields as a number of EIDs, rather than
  1351. * a number of bits in the address
  1352. */
  1353. hdr->rtm_dst_len = rt->max - rt->min;
  1354. hdr->rtm_src_len = 0;
  1355. hdr->rtm_tos = 0;
  1356. hdr->rtm_table = RT_TABLE_DEFAULT;
  1357. hdr->rtm_protocol = RTPROT_STATIC; /* everything is user-defined */
  1358. hdr->rtm_type = rt->type;
  1359. if (nla_put_u8(skb, RTA_DST, rt->min))
  1360. goto cancel;
  1361. metrics = nla_nest_start_noflag(skb, RTA_METRICS);
  1362. if (!metrics)
  1363. goto cancel;
  1364. if (rt->mtu) {
  1365. if (nla_put_u32(skb, RTAX_MTU, rt->mtu))
  1366. goto cancel;
  1367. }
  1368. nla_nest_end(skb, metrics);
  1369. if (rt->dst_type == MCTP_ROUTE_DIRECT) {
  1370. hdr->rtm_scope = RT_SCOPE_LINK;
  1371. if (nla_put_u32(skb, RTA_OIF, rt->dev->dev->ifindex))
  1372. goto cancel;
  1373. } else if (rt->dst_type == MCTP_ROUTE_GATEWAY) {
  1374. hdr->rtm_scope = RT_SCOPE_UNIVERSE;
  1375. if (nla_put(skb, RTA_GATEWAY,
  1376. sizeof(rt->gateway), &rt->gateway))
  1377. goto cancel;
  1378. }
  1379. nlmsg_end(skb, nlh);
  1380. return 0;
  1381. cancel:
  1382. nlmsg_cancel(skb, nlh);
  1383. return -EMSGSIZE;
  1384. }
  1385. static int mctp_dump_rtinfo(struct sk_buff *skb, struct netlink_callback *cb)
  1386. {
  1387. struct net *net = sock_net(skb->sk);
  1388. struct mctp_route *rt;
  1389. int s_idx, idx;
  1390. /* TODO: allow filtering on route data, possibly under
  1391. * cb->strict_check
  1392. */
  1393. /* TODO: change to struct overlay */
  1394. s_idx = cb->args[0];
  1395. idx = 0;
  1396. rcu_read_lock();
  1397. list_for_each_entry_rcu(rt, &net->mctp.routes, list) {
  1398. if (idx++ < s_idx)
  1399. continue;
  1400. if (mctp_fill_rtinfo(skb, rt,
  1401. NETLINK_CB(cb->skb).portid,
  1402. cb->nlh->nlmsg_seq,
  1403. RTM_NEWROUTE, NLM_F_MULTI) < 0)
  1404. break;
  1405. }
  1406. rcu_read_unlock();
  1407. cb->args[0] = idx;
  1408. return skb->len;
  1409. }
  1410. /* net namespace implementation */
  1411. static int __net_init mctp_routes_net_init(struct net *net)
  1412. {
  1413. struct netns_mctp *ns = &net->mctp;
  1414. INIT_LIST_HEAD(&ns->routes);
  1415. hash_init(ns->binds);
  1416. mutex_init(&ns->bind_lock);
  1417. INIT_HLIST_HEAD(&ns->keys);
  1418. spin_lock_init(&ns->keys_lock);
  1419. WARN_ON(mctp_default_net_set(net, MCTP_INITIAL_DEFAULT_NET));
  1420. return 0;
  1421. }
  1422. static void __net_exit mctp_routes_net_exit(struct net *net)
  1423. {
  1424. struct mctp_route *rt;
  1425. rcu_read_lock();
  1426. list_for_each_entry_rcu(rt, &net->mctp.routes, list)
  1427. mctp_route_release(rt);
  1428. rcu_read_unlock();
  1429. }
  1430. static struct pernet_operations mctp_net_ops = {
  1431. .init = mctp_routes_net_init,
  1432. .exit = mctp_routes_net_exit,
  1433. };
  1434. static const struct rtnl_msg_handler mctp_route_rtnl_msg_handlers[] = {
  1435. {THIS_MODULE, PF_MCTP, RTM_NEWROUTE, mctp_newroute, NULL, 0},
  1436. {THIS_MODULE, PF_MCTP, RTM_DELROUTE, mctp_delroute, NULL, 0},
  1437. {THIS_MODULE, PF_MCTP, RTM_GETROUTE, NULL, mctp_dump_rtinfo, 0},
  1438. };
  1439. int __init mctp_routes_init(void)
  1440. {
  1441. int err;
  1442. dev_add_pack(&mctp_packet_type);
  1443. err = register_pernet_subsys(&mctp_net_ops);
  1444. if (err)
  1445. goto err_pernet;
  1446. err = rtnl_register_many(mctp_route_rtnl_msg_handlers);
  1447. if (err)
  1448. goto err_rtnl;
  1449. return 0;
  1450. err_rtnl:
  1451. unregister_pernet_subsys(&mctp_net_ops);
  1452. err_pernet:
  1453. dev_remove_pack(&mctp_packet_type);
  1454. return err;
  1455. }
  1456. void mctp_routes_exit(void)
  1457. {
  1458. rtnl_unregister_many(mctp_route_rtnl_msg_handlers);
  1459. unregister_pernet_subsys(&mctp_net_ops);
  1460. dev_remove_pack(&mctp_packet_type);
  1461. }
  1462. #if IS_ENABLED(CONFIG_MCTP_TEST)
  1463. #include "test/route-test.c"
  1464. #endif