1// SPDX-License-Identifier: GPL-2.0-or-later
2/* SCTP kernel implementation
3 * Copyright (c) 1999-2000 Cisco, Inc.
4 * Copyright (c) 1999-2001 Motorola, Inc.
5 * Copyright (c) 2002 International Business Machines, Corp.
6 *
7 * This file is part of the SCTP kernel implementation
8 *
9 * These functions are the methods for accessing the SCTP inqueue.
10 *
11 * An SCTP inqueue is a queue into which you push SCTP packets
12 * (which might be bundles or fragments of chunks) and out of which you
13 * pop SCTP whole chunks.
14 *
15 * Please send any bug reports or fixes you make to the
16 * email address(es):
17 *    lksctp developers <linux-sctp@vger.kernel.org>
18 *
19 * Written or modified by:
20 *    La Monte H.P. Yarroll <piggy@acm.org>
21 *    Karl Knutson <karl@athena.chicago.il.us>
22 */
23
24#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
25
26#include <net/sctp/sctp.h>
27#include <net/sctp/sm.h>
28#include <linux/interrupt.h>
29#include <linux/slab.h>
30
31/* Initialize an SCTP inqueue.  */
32void sctp_inq_init(struct sctp_inq *queue)
33{
34	INIT_LIST_HEAD(&queue->in_chunk_list);
35	queue->in_progress = NULL;
36
37	/* Create a task for delivering data.  */
38	INIT_WORK(&queue->immediate, NULL);
39}
40
41/* Properly release the chunk which is being worked on. */
42static inline void sctp_inq_chunk_free(struct sctp_chunk *chunk)
43{
44	if (chunk->head_skb)
45		chunk->skb = chunk->head_skb;
46	sctp_chunk_free(chunk);
47}
48
49/* Release the memory associated with an SCTP inqueue.  */
50void sctp_inq_free(struct sctp_inq *queue)
51{
52	struct sctp_chunk *chunk, *tmp;
53
54	/* Empty the queue.  */
55	list_for_each_entry_safe(chunk, tmp, &queue->in_chunk_list, list) {
56		list_del_init(&chunk->list);
57		sctp_chunk_free(chunk);
58	}
59
60	/* If there is a packet which is currently being worked on,
61	 * free it as well.
62	 */
63	if (queue->in_progress) {
64		sctp_inq_chunk_free(queue->in_progress);
65		queue->in_progress = NULL;
66	}
67}
68
69/* Put a new packet in an SCTP inqueue.
70 * We assume that packet->sctp_hdr is set and in host byte order.
71 */
72void sctp_inq_push(struct sctp_inq *q, struct sctp_chunk *chunk)
73{
74	/* Directly call the packet handling routine. */
75	if (chunk->rcvr->dead) {
76		sctp_chunk_free(chunk);
77		return;
78	}
79
80	/* We are now calling this either from the soft interrupt
81	 * or from the backlog processing.
82	 * Eventually, we should clean up inqueue to not rely
83	 * on the BH related data structures.
84	 */
85	list_add_tail(&chunk->list, &q->in_chunk_list);
86	if (chunk->asoc)
87		chunk->asoc->stats.ipackets++;
88	q->immediate.func(&q->immediate);
89}
90
91/* Peek at the next chunk on the inqeue. */
92struct sctp_chunkhdr *sctp_inq_peek(struct sctp_inq *queue)
93{
94	struct sctp_chunk *chunk;
95	struct sctp_chunkhdr *ch = NULL;
96
97	chunk = queue->in_progress;
98	/* If there is no more chunks in this packet, say so */
99	if (chunk->singleton ||
100	    chunk->end_of_packet ||
101	    chunk->pdiscard)
102		    return NULL;
103
104	ch = (struct sctp_chunkhdr *)chunk->chunk_end;
105
106	return ch;
107}
108
109
110/* Extract a chunk from an SCTP inqueue.
111 *
112 * WARNING:  If you need to put the chunk on another queue, you need to
113 * make a shallow copy (clone) of it.
114 */
115struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue)
116{
117	struct sctp_chunk *chunk;
118	struct sctp_chunkhdr *ch = NULL;
119
120	/* The assumption is that we are safe to process the chunks
121	 * at this time.
122	 */
123
124	chunk = queue->in_progress;
125	if (chunk) {
126		/* There is a packet that we have been working on.
127		 * Any post processing work to do before we move on?
128		 */
129		if (chunk->singleton ||
130		    chunk->end_of_packet ||
131		    chunk->pdiscard) {
132			if (chunk->head_skb == chunk->skb) {
133				chunk->skb = skb_shinfo(chunk->skb)->frag_list;
134				goto new_skb;
135			}
136			if (chunk->skb->next) {
137				chunk->skb = chunk->skb->next;
138				goto new_skb;
139			}
140
141			sctp_inq_chunk_free(chunk);
142			chunk = queue->in_progress = NULL;
143		} else {
144			/* Nothing to do. Next chunk in the packet, please. */
145			ch = (struct sctp_chunkhdr *)chunk->chunk_end;
146			/* Force chunk->skb->data to chunk->chunk_end.  */
147			skb_pull(chunk->skb, chunk->chunk_end - chunk->skb->data);
148			/* We are guaranteed to pull a SCTP header. */
149		}
150	}
151
152	/* Do we need to take the next packet out of the queue to process? */
153	if (!chunk) {
154		struct list_head *entry;
155
156next_chunk:
157		/* Is the queue empty?  */
158		entry = sctp_list_dequeue(&queue->in_chunk_list);
159		if (!entry)
160			return NULL;
161
162		chunk = list_entry(entry, struct sctp_chunk, list);
163
164		if (skb_is_gso(chunk->skb) && skb_is_gso_sctp(chunk->skb)) {
165			/* GSO-marked skbs but without frags, handle
166			 * them normally
167			 */
168			if (skb_shinfo(chunk->skb)->frag_list)
169				chunk->head_skb = chunk->skb;
170
171			/* skbs with "cover letter" */
172			if (chunk->head_skb && chunk->skb->data_len == chunk->skb->len)
173				chunk->skb = skb_shinfo(chunk->skb)->frag_list;
174
175			if (WARN_ON(!chunk->skb)) {
176				__SCTP_INC_STATS(dev_net(chunk->skb->dev), SCTP_MIB_IN_PKT_DISCARDS);
177				sctp_chunk_free(chunk);
178				goto next_chunk;
179			}
180		}
181
182		if (chunk->asoc)
183			sock_rps_save_rxhash(chunk->asoc->base.sk, chunk->skb);
184
185		queue->in_progress = chunk;
186
187new_skb:
188		/* This is the first chunk in the packet.  */
189		ch = (struct sctp_chunkhdr *)chunk->skb->data;
190		chunk->singleton = 1;
191		chunk->data_accepted = 0;
192		chunk->pdiscard = 0;
193		chunk->auth = 0;
194		chunk->has_asconf = 0;
195		chunk->end_of_packet = 0;
196		if (chunk->head_skb) {
197			struct sctp_input_cb
198				*cb = SCTP_INPUT_CB(chunk->skb),
199				*head_cb = SCTP_INPUT_CB(chunk->head_skb);
200
201			cb->chunk = head_cb->chunk;
202			cb->af = head_cb->af;
203		}
204	}
205
206	chunk->chunk_hdr = ch;
207	chunk->chunk_end = ((__u8 *)ch) + SCTP_PAD4(ntohs(ch->length));
208	skb_pull(chunk->skb, sizeof(*ch));
209	chunk->subh.v = NULL; /* Subheader is no longer valid.  */
210
211	if (chunk->chunk_end + sizeof(*ch) <= skb_tail_pointer(chunk->skb)) {
212		/* This is not a singleton */
213		chunk->singleton = 0;
214	} else if (chunk->chunk_end > skb_tail_pointer(chunk->skb)) {
215		/* Discard inside state machine. */
216		chunk->pdiscard = 1;
217		chunk->chunk_end = skb_tail_pointer(chunk->skb);
218	} else {
219		/* We are at the end of the packet, so mark the chunk
220		 * in case we need to send a SACK.
221		 */
222		chunk->end_of_packet = 1;
223	}
224
225	pr_debug("+++sctp_inq_pop+++ chunk:%p[%s], length:%d, skb->len:%d\n",
226		 chunk, sctp_cname(SCTP_ST_CHUNK(chunk->chunk_hdr->type)),
227		 ntohs(chunk->chunk_hdr->length), chunk->skb->len);
228
229	return chunk;
230}
231
232/* Set a top-half handler.
233 *
234 * Originally, we the top-half handler was scheduled as a BH.  We now
235 * call the handler directly in sctp_inq_push() at a time that
236 * we know we are lock safe.
237 * The intent is that this routine will pull stuff out of the
238 * inqueue and process it.
239 */
240void sctp_inq_set_th_handler(struct sctp_inq *q, work_func_t callback)
241{
242	INIT_WORK(&q->immediate, callback);
243}
244