endpointola.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /* SCTP kernel implementation
  3. * Copyright (c) 1999-2000 Cisco, Inc.
  4. * Copyright (c) 1999-2001 Motorola, Inc.
  5. * Copyright (c) 2001-2002 International Business Machines, Corp.
  6. * Copyright (c) 2001 Intel Corp.
  7. * Copyright (c) 2001 Nokia, Inc.
  8. * Copyright (c) 2001 La Monte H.P. Yarroll
  9. *
  10. * This file is part of the SCTP kernel implementation
  11. *
  12. * This abstraction represents an SCTP endpoint.
  13. *
  14. * Please send any bug reports or fixes you make to the
  15. * email address(es):
  16. * lksctp developers <linux-sctp@vger.kernel.org>
  17. *
  18. * Written or modified by:
  19. * La Monte H.P. Yarroll <piggy@acm.org>
  20. * Karl Knutson <karl@athena.chicago.il.us>
  21. * Jon Grimm <jgrimm@austin.ibm.com>
  22. * Daisy Chang <daisyc@us.ibm.com>
  23. * Dajiang Zhang <dajiang.zhang@nokia.com>
  24. */
  25. #include <linux/types.h>
  26. #include <linux/slab.h>
  27. #include <linux/in.h>
  28. #include <linux/random.h> /* get_random_bytes() */
  29. #include <net/sock.h>
  30. #include <net/ipv6.h>
  31. #include <net/sctp/sctp.h>
  32. #include <net/sctp/sm.h>
  33. /* Forward declarations for internal helpers. */
  34. static void sctp_endpoint_bh_rcv(struct work_struct *work);
  35. static void gen_cookie_auth_key(struct hmac_sha256_key *key)
  36. {
  37. u8 raw_key[SCTP_COOKIE_KEY_SIZE];
  38. get_random_bytes(raw_key, sizeof(raw_key));
  39. hmac_sha256_preparekey(key, raw_key, sizeof(raw_key));
  40. memzero_explicit(raw_key, sizeof(raw_key));
  41. }
  42. /*
  43. * Initialize the base fields of the endpoint structure.
  44. */
  45. static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
  46. struct sock *sk,
  47. gfp_t gfp)
  48. {
  49. struct net *net = sock_net(sk);
  50. struct sctp_shared_key *null_key;
  51. ep->asconf_enable = net->sctp.addip_enable;
  52. ep->auth_enable = net->sctp.auth_enable;
  53. if (ep->auth_enable) {
  54. if (sctp_auth_init(ep, gfp))
  55. goto nomem;
  56. if (ep->asconf_enable) {
  57. sctp_auth_ep_add_chunkid(ep, SCTP_CID_ASCONF);
  58. sctp_auth_ep_add_chunkid(ep, SCTP_CID_ASCONF_ACK);
  59. }
  60. }
  61. /* Initialize the base structure. */
  62. /* What type of endpoint are we? */
  63. ep->base.type = SCTP_EP_TYPE_SOCKET;
  64. /* Initialize the basic object fields. */
  65. refcount_set(&ep->base.refcnt, 1);
  66. ep->base.dead = false;
  67. /* Create an input queue. */
  68. sctp_inq_init(&ep->base.inqueue);
  69. /* Set its top-half handler */
  70. sctp_inq_set_th_handler(&ep->base.inqueue, sctp_endpoint_bh_rcv);
  71. /* Initialize the bind addr area */
  72. sctp_bind_addr_init(&ep->base.bind_addr, 0);
  73. /* Create the lists of associations. */
  74. INIT_LIST_HEAD(&ep->asocs);
  75. /* Use SCTP specific send buffer space queues. */
  76. ep->sndbuf_policy = net->sctp.sndbuf_policy;
  77. sk->sk_data_ready = sctp_data_ready;
  78. sk->sk_write_space = sctp_write_space;
  79. sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
  80. /* Get the receive buffer policy for this endpoint */
  81. ep->rcvbuf_policy = net->sctp.rcvbuf_policy;
  82. /* Generate the cookie authentication key. */
  83. gen_cookie_auth_key(&ep->cookie_auth_key);
  84. /* SCTP-AUTH extensions*/
  85. INIT_LIST_HEAD(&ep->endpoint_shared_keys);
  86. null_key = sctp_auth_shkey_create(0, gfp);
  87. if (!null_key)
  88. goto nomem_shkey;
  89. list_add(&null_key->key_list, &ep->endpoint_shared_keys);
  90. /* Add the null key to the endpoint shared keys list and
  91. * set the hmcas and chunks pointers.
  92. */
  93. ep->prsctp_enable = net->sctp.prsctp_enable;
  94. ep->reconf_enable = net->sctp.reconf_enable;
  95. ep->ecn_enable = net->sctp.ecn_enable;
  96. /* Remember who we are attached to. */
  97. ep->base.sk = sk;
  98. ep->base.net = sock_net(sk);
  99. sock_hold(ep->base.sk);
  100. return ep;
  101. nomem_shkey:
  102. sctp_auth_free(ep);
  103. nomem:
  104. return NULL;
  105. }
  106. /* Create a sctp_endpoint with all that boring stuff initialized.
  107. * Returns NULL if there isn't enough memory.
  108. */
  109. struct sctp_endpoint *sctp_endpoint_new(struct sock *sk, gfp_t gfp)
  110. {
  111. struct sctp_endpoint *ep;
  112. /* Build a local endpoint. */
  113. ep = kzalloc_obj(*ep, gfp);
  114. if (!ep)
  115. goto fail;
  116. if (!sctp_endpoint_init(ep, sk, gfp))
  117. goto fail_init;
  118. SCTP_DBG_OBJCNT_INC(ep);
  119. return ep;
  120. fail_init:
  121. kfree(ep);
  122. fail:
  123. return NULL;
  124. }
  125. /* Add an association to an endpoint. */
  126. void sctp_endpoint_add_asoc(struct sctp_endpoint *ep,
  127. struct sctp_association *asoc)
  128. {
  129. struct sock *sk = ep->base.sk;
  130. /* If this is a temporary association, don't bother
  131. * since we'll be removing it shortly and don't
  132. * want anyone to find it anyway.
  133. */
  134. if (asoc->temp)
  135. return;
  136. /* Now just add it to our list of asocs */
  137. list_add_tail(&asoc->asocs, &ep->asocs);
  138. /* Increment the backlog value for a TCP-style listening socket. */
  139. if (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING))
  140. sk_acceptq_added(sk);
  141. }
  142. /* Free the endpoint structure. Delay cleanup until
  143. * all users have released their reference count on this structure.
  144. */
  145. void sctp_endpoint_free(struct sctp_endpoint *ep)
  146. {
  147. ep->base.dead = true;
  148. inet_sk_set_state(ep->base.sk, SCTP_SS_CLOSED);
  149. /* Unlink this endpoint, so we can't find it again! */
  150. sctp_unhash_endpoint(ep);
  151. sctp_endpoint_put(ep);
  152. }
  153. /* Final destructor for endpoint. */
  154. static void sctp_endpoint_destroy_rcu(struct rcu_head *head)
  155. {
  156. struct sctp_endpoint *ep = container_of(head, struct sctp_endpoint, rcu);
  157. struct sock *sk = ep->base.sk;
  158. sctp_sk(sk)->ep = NULL;
  159. sock_put(sk);
  160. kfree(ep);
  161. SCTP_DBG_OBJCNT_DEC(ep);
  162. }
  163. static void sctp_endpoint_destroy(struct sctp_endpoint *ep)
  164. {
  165. struct sock *sk;
  166. if (unlikely(!ep->base.dead)) {
  167. WARN(1, "Attempt to destroy undead endpoint %p!\n", ep);
  168. return;
  169. }
  170. /* SCTP-AUTH: Free up AUTH releated data such as shared keys
  171. * chunks and hmacs arrays that were allocated
  172. */
  173. sctp_auth_destroy_keys(&ep->endpoint_shared_keys);
  174. sctp_auth_free(ep);
  175. /* Cleanup. */
  176. sctp_inq_free(&ep->base.inqueue);
  177. sctp_bind_addr_free(&ep->base.bind_addr);
  178. memzero_explicit(&ep->cookie_auth_key, sizeof(ep->cookie_auth_key));
  179. sk = ep->base.sk;
  180. /* Remove and free the port */
  181. if (sctp_sk(sk)->bind_hash)
  182. sctp_put_port(sk);
  183. call_rcu(&ep->rcu, sctp_endpoint_destroy_rcu);
  184. }
  185. /* Hold a reference to an endpoint. */
  186. int sctp_endpoint_hold(struct sctp_endpoint *ep)
  187. {
  188. return refcount_inc_not_zero(&ep->base.refcnt);
  189. }
  190. /* Release a reference to an endpoint and clean up if there are
  191. * no more references.
  192. */
  193. void sctp_endpoint_put(struct sctp_endpoint *ep)
  194. {
  195. if (refcount_dec_and_test(&ep->base.refcnt))
  196. sctp_endpoint_destroy(ep);
  197. }
  198. /* Is this the endpoint we are looking for? */
  199. struct sctp_endpoint *sctp_endpoint_is_match(struct sctp_endpoint *ep,
  200. struct net *net,
  201. const union sctp_addr *laddr,
  202. int dif, int sdif)
  203. {
  204. int bound_dev_if = READ_ONCE(ep->base.sk->sk_bound_dev_if);
  205. struct sctp_endpoint *retval = NULL;
  206. if (net_eq(ep->base.net, net) &&
  207. sctp_sk_bound_dev_eq(net, bound_dev_if, dif, sdif) &&
  208. (htons(ep->base.bind_addr.port) == laddr->v4.sin_port)) {
  209. if (sctp_bind_addr_match(&ep->base.bind_addr, laddr,
  210. sctp_sk(ep->base.sk)))
  211. retval = ep;
  212. }
  213. return retval;
  214. }
  215. /* Find the association that goes with this chunk.
  216. * We lookup the transport from hashtable at first, then get association
  217. * through t->assoc.
  218. */
  219. struct sctp_association *sctp_endpoint_lookup_assoc(
  220. const struct sctp_endpoint *ep,
  221. const union sctp_addr *paddr,
  222. struct sctp_transport **transport)
  223. {
  224. struct sctp_association *asoc = NULL;
  225. struct sctp_transport *t;
  226. *transport = NULL;
  227. /* If the local port is not set, there can't be any associations
  228. * on this endpoint.
  229. */
  230. if (!ep->base.bind_addr.port)
  231. return NULL;
  232. rcu_read_lock();
  233. t = sctp_epaddr_lookup_transport(ep, paddr);
  234. if (!t)
  235. goto out;
  236. *transport = t;
  237. asoc = t->asoc;
  238. out:
  239. rcu_read_unlock();
  240. return asoc;
  241. }
  242. /* Look for any peeled off association from the endpoint that matches the
  243. * given peer address.
  244. */
  245. bool sctp_endpoint_is_peeled_off(struct sctp_endpoint *ep,
  246. const union sctp_addr *paddr)
  247. {
  248. int bound_dev_if = READ_ONCE(ep->base.sk->sk_bound_dev_if);
  249. struct sctp_sockaddr_entry *addr;
  250. struct net *net = ep->base.net;
  251. struct sctp_bind_addr *bp;
  252. bp = &ep->base.bind_addr;
  253. /* This function is called with the socket lock held,
  254. * so the address_list can not change.
  255. */
  256. list_for_each_entry(addr, &bp->address_list, list) {
  257. if (sctp_has_association(net, &addr->a, paddr,
  258. bound_dev_if, bound_dev_if))
  259. return true;
  260. }
  261. return false;
  262. }
  263. /* Do delayed input processing. This is scheduled by sctp_rcv().
  264. * This may be called on BH or task time.
  265. */
  266. static void sctp_endpoint_bh_rcv(struct work_struct *work)
  267. {
  268. struct sctp_endpoint *ep =
  269. container_of(work, struct sctp_endpoint,
  270. base.inqueue.immediate);
  271. struct sctp_association *asoc;
  272. struct sock *sk;
  273. struct net *net;
  274. struct sctp_transport *transport;
  275. struct sctp_chunk *chunk;
  276. struct sctp_inq *inqueue;
  277. union sctp_subtype subtype;
  278. enum sctp_state state;
  279. int error = 0;
  280. int first_time = 1; /* is this the first time through the loop */
  281. if (ep->base.dead)
  282. return;
  283. asoc = NULL;
  284. inqueue = &ep->base.inqueue;
  285. sk = ep->base.sk;
  286. net = sock_net(sk);
  287. while (NULL != (chunk = sctp_inq_pop(inqueue))) {
  288. subtype = SCTP_ST_CHUNK(chunk->chunk_hdr->type);
  289. /* If the first chunk in the packet is AUTH, do special
  290. * processing specified in Section 6.3 of SCTP-AUTH spec
  291. */
  292. if (first_time && (subtype.chunk == SCTP_CID_AUTH)) {
  293. struct sctp_chunkhdr *next_hdr;
  294. next_hdr = sctp_inq_peek(inqueue);
  295. if (!next_hdr)
  296. goto normal;
  297. /* If the next chunk is COOKIE-ECHO, skip the AUTH
  298. * chunk while saving a pointer to it so we can do
  299. * Authentication later (during cookie-echo
  300. * processing).
  301. */
  302. if (next_hdr->type == SCTP_CID_COOKIE_ECHO) {
  303. chunk->auth_chunk = skb_clone(chunk->skb,
  304. GFP_ATOMIC);
  305. chunk->auth = 1;
  306. continue;
  307. }
  308. }
  309. normal:
  310. /* We might have grown an association since last we
  311. * looked, so try again.
  312. *
  313. * This happens when we've just processed our
  314. * COOKIE-ECHO chunk.
  315. */
  316. if (NULL == chunk->asoc) {
  317. asoc = sctp_endpoint_lookup_assoc(ep,
  318. sctp_source(chunk),
  319. &transport);
  320. chunk->asoc = asoc;
  321. chunk->transport = transport;
  322. }
  323. state = asoc ? asoc->state : SCTP_STATE_CLOSED;
  324. if (sctp_auth_recv_cid(subtype.chunk, asoc) && !chunk->auth)
  325. continue;
  326. /* Remember where the last DATA chunk came from so we
  327. * know where to send the SACK.
  328. */
  329. if (asoc && sctp_chunk_is_data(chunk))
  330. asoc->peer.last_data_from = chunk->transport;
  331. else {
  332. SCTP_INC_STATS(ep->base.net, SCTP_MIB_INCTRLCHUNKS);
  333. if (asoc)
  334. asoc->stats.ictrlchunks++;
  335. }
  336. if (chunk->transport)
  337. chunk->transport->last_time_heard = ktime_get();
  338. error = sctp_do_sm(net, SCTP_EVENT_T_CHUNK, subtype, state,
  339. ep, asoc, chunk, GFP_ATOMIC);
  340. if (error && chunk)
  341. chunk->pdiscard = 1;
  342. /* Check to see if the endpoint is freed in response to
  343. * the incoming chunk. If so, get out of the while loop.
  344. */
  345. if (!sctp_sk(sk)->ep)
  346. break;
  347. if (first_time)
  348. first_time = 0;
  349. }
  350. }