1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* SCTP kernel implementation
3 * (C) Copyright IBM Corp. 2001, 2004
4 * Copyright (c) 1999-2000 Cisco, Inc.
5 * Copyright (c) 1999-2001 Motorola, Inc.
6 * Copyright (c) 2001 Intel Corp.
7 * Copyright (c) 2001 Nokia, Inc.
8 * Copyright (c) 2001 La Monte H.P. Yarroll
9 *
10 * This abstraction carries sctp events to the ULP (sockets).
11 *
12 * Please send any bug reports or fixes you make to the
13 * email address(es):
14 * lksctp developers <linux-sctp@vger.kernel.org>
15 *
16 * Written or modified by:
17 * Jon Grimm <jgrimm@us.ibm.com>
18 * La Monte H.P. Yarroll <piggy@acm.org>
19 * Sridhar Samudrala <sri@us.ibm.com>
20 */
21
22 #include <linux/slab.h>
23 #include <linux/types.h>
24 #include <linux/skbuff.h>
25 #include <net/sock.h>
26 #include <net/busy_poll.h>
27 #include <net/sctp/structs.h>
28 #include <net/sctp/sctp.h>
29 #include <net/sctp/sm.h>
30
31 /* Forward declarations for internal helpers. */
32 static struct sctp_ulpevent *sctp_ulpq_reasm(struct sctp_ulpq *ulpq,
33 struct sctp_ulpevent *);
34 static struct sctp_ulpevent *sctp_ulpq_order(struct sctp_ulpq *,
35 struct sctp_ulpevent *);
36 static void sctp_ulpq_reasm_drain(struct sctp_ulpq *ulpq);
37
38 /* 1st Level Abstractions */
39
40 /* Initialize a ULP queue from a block of memory. */
sctp_ulpq_init(struct sctp_ulpq * ulpq,struct sctp_association * asoc)41 struct sctp_ulpq *sctp_ulpq_init(struct sctp_ulpq *ulpq,
42 struct sctp_association *asoc)
43 {
44 memset(ulpq, 0, sizeof(struct sctp_ulpq));
45
46 ulpq->asoc = asoc;
47 skb_queue_head_init(&ulpq->reasm);
48 skb_queue_head_init(&ulpq->reasm_uo);
49 skb_queue_head_init(&ulpq->lobby);
50 ulpq->pd_mode = 0;
51
52 return ulpq;
53 }
54
55
56 /* Flush the reassembly and ordering queues. */
sctp_ulpq_flush(struct sctp_ulpq * ulpq)57 void sctp_ulpq_flush(struct sctp_ulpq *ulpq)
58 {
59 struct sk_buff *skb;
60 struct sctp_ulpevent *event;
61
62 while ((skb = __skb_dequeue(&ulpq->lobby)) != NULL) {
63 event = sctp_skb2event(skb);
64 sctp_ulpevent_free(event);
65 }
66
67 while ((skb = __skb_dequeue(&ulpq->reasm)) != NULL) {
68 event = sctp_skb2event(skb);
69 sctp_ulpevent_free(event);
70 }
71
72 while ((skb = __skb_dequeue(&ulpq->reasm_uo)) != NULL) {
73 event = sctp_skb2event(skb);
74 sctp_ulpevent_free(event);
75 }
76 }
77
78 /* Dispose of a ulpqueue. */
sctp_ulpq_free(struct sctp_ulpq * ulpq)79 void sctp_ulpq_free(struct sctp_ulpq *ulpq)
80 {
81 sctp_ulpq_flush(ulpq);
82 }
83
84 /* Process an incoming DATA chunk. */
sctp_ulpq_tail_data(struct sctp_ulpq * ulpq,struct sctp_chunk * chunk,gfp_t gfp)85 int sctp_ulpq_tail_data(struct sctp_ulpq *ulpq, struct sctp_chunk *chunk,
86 gfp_t gfp)
87 {
88 struct sk_buff_head temp;
89 struct sctp_ulpevent *event;
90 int event_eor = 0;
91
92 /* Create an event from the incoming chunk. */
93 event = sctp_ulpevent_make_rcvmsg(chunk->asoc, chunk, gfp);
94 if (!event)
95 return -ENOMEM;
96
97 event->ssn = ntohs(chunk->subh.data_hdr->ssn);
98 event->ppid = chunk->subh.data_hdr->ppid;
99
100 /* Do reassembly if needed. */
101 event = sctp_ulpq_reasm(ulpq, event);
102
103 /* Do ordering if needed. */
104 if (event) {
105 /* Create a temporary list to collect chunks on. */
106 skb_queue_head_init(&temp);
107 __skb_queue_tail(&temp, sctp_event2skb(event));
108
109 if (event->msg_flags & MSG_EOR)
110 event = sctp_ulpq_order(ulpq, event);
111 }
112
113 /* Send event to the ULP. 'event' is the sctp_ulpevent for
114 * very first SKB on the 'temp' list.
115 */
116 if (event) {
117 event_eor = (event->msg_flags & MSG_EOR) ? 1 : 0;
118 sctp_ulpq_tail_event(ulpq, &temp);
119 }
120
121 return event_eor;
122 }
123
124 /* Add a new event for propagation to the ULP. */
125 /* Clear the partial delivery mode for this socket. Note: This
126 * assumes that no association is currently in partial delivery mode.
127 */
sctp_clear_pd(struct sock * sk,struct sctp_association * asoc)128 int sctp_clear_pd(struct sock *sk, struct sctp_association *asoc)
129 {
130 struct sctp_sock *sp = sctp_sk(sk);
131
132 if (atomic_dec_and_test(&sp->pd_mode)) {
133 /* This means there are no other associations in PD, so
134 * we can go ahead and clear out the lobby in one shot
135 */
136 if (!skb_queue_empty(&sp->pd_lobby)) {
137 skb_queue_splice_tail_init(&sp->pd_lobby,
138 &sk->sk_receive_queue);
139 return 1;
140 }
141 } else {
142 /* There are other associations in PD, so we only need to
143 * pull stuff out of the lobby that belongs to the
144 * associations that is exiting PD (all of its notifications
145 * are posted here).
146 */
147 if (!skb_queue_empty(&sp->pd_lobby) && asoc) {
148 struct sk_buff *skb, *tmp;
149 struct sctp_ulpevent *event;
150
151 sctp_skb_for_each(skb, &sp->pd_lobby, tmp) {
152 event = sctp_skb2event(skb);
153 if (event->asoc == asoc) {
154 __skb_unlink(skb, &sp->pd_lobby);
155 __skb_queue_tail(&sk->sk_receive_queue,
156 skb);
157 }
158 }
159 }
160 }
161
162 return 0;
163 }
164
165 /* Set the pd_mode on the socket and ulpq */
sctp_ulpq_set_pd(struct sctp_ulpq * ulpq)166 static void sctp_ulpq_set_pd(struct sctp_ulpq *ulpq)
167 {
168 struct sctp_sock *sp = sctp_sk(ulpq->asoc->base.sk);
169
170 atomic_inc(&sp->pd_mode);
171 ulpq->pd_mode = 1;
172 }
173
174 /* Clear the pd_mode and restart any pending messages waiting for delivery. */
sctp_ulpq_clear_pd(struct sctp_ulpq * ulpq)175 static int sctp_ulpq_clear_pd(struct sctp_ulpq *ulpq)
176 {
177 ulpq->pd_mode = 0;
178 sctp_ulpq_reasm_drain(ulpq);
179 return sctp_clear_pd(ulpq->asoc->base.sk, ulpq->asoc);
180 }
181
sctp_ulpq_tail_event(struct sctp_ulpq * ulpq,struct sk_buff_head * skb_list)182 int sctp_ulpq_tail_event(struct sctp_ulpq *ulpq, struct sk_buff_head *skb_list)
183 {
184 struct sock *sk = ulpq->asoc->base.sk;
185 struct sctp_sock *sp = sctp_sk(sk);
186 struct sctp_ulpevent *event;
187 struct sk_buff_head *queue;
188 struct sk_buff *skb;
189 int clear_pd = 0;
190
191 skb = __skb_peek(skb_list);
192 event = sctp_skb2event(skb);
193
194 /* If the socket is just going to throw this away, do not
195 * even try to deliver it.
196 */
197 if (sk->sk_shutdown & RCV_SHUTDOWN &&
198 (sk->sk_shutdown & SEND_SHUTDOWN ||
199 !sctp_ulpevent_is_notification(event)))
200 goto out_free;
201
202 if (!sctp_ulpevent_is_notification(event)) {
203 sk_mark_napi_id(sk, skb);
204 sk_incoming_cpu_update(sk);
205 }
206 /* Check if the user wishes to receive this event. */
207 if (!sctp_ulpevent_is_enabled(event, ulpq->asoc->subscribe))
208 goto out_free;
209
210 /* If we are in partial delivery mode, post to the lobby until
211 * partial delivery is cleared, unless, of course _this_ is
212 * the association the cause of the partial delivery.
213 */
214
215 if (atomic_read(&sp->pd_mode) == 0) {
216 queue = &sk->sk_receive_queue;
217 } else {
218 if (ulpq->pd_mode) {
219 /* If the association is in partial delivery, we
220 * need to finish delivering the partially processed
221 * packet before passing any other data. This is
222 * because we don't truly support stream interleaving.
223 */
224 if ((event->msg_flags & MSG_NOTIFICATION) ||
225 (SCTP_DATA_NOT_FRAG ==
226 (event->msg_flags & SCTP_DATA_FRAG_MASK)))
227 queue = &sp->pd_lobby;
228 else {
229 clear_pd = event->msg_flags & MSG_EOR;
230 queue = &sk->sk_receive_queue;
231 }
232 } else {
233 /*
234 * If fragment interleave is enabled, we
235 * can queue this to the receive queue instead
236 * of the lobby.
237 */
238 if (sp->frag_interleave)
239 queue = &sk->sk_receive_queue;
240 else
241 queue = &sp->pd_lobby;
242 }
243 }
244
245 skb_queue_splice_tail_init(skb_list, queue);
246
247 /* Did we just complete partial delivery and need to get
248 * rolling again? Move pending data to the receive
249 * queue.
250 */
251 if (clear_pd)
252 sctp_ulpq_clear_pd(ulpq);
253
254 if (queue == &sk->sk_receive_queue && !sp->data_ready_signalled) {
255 if (!sock_owned_by_user(sk))
256 sp->data_ready_signalled = 1;
257 sk->sk_data_ready(sk);
258 }
259 return 1;
260
261 out_free:
262 if (skb_list)
263 sctp_queue_purge_ulpevents(skb_list);
264 else
265 sctp_ulpevent_free(event);
266
267 return 0;
268 }
269
270 /* 2nd Level Abstractions */
271
272 /* Helper function to store chunks that need to be reassembled. */
sctp_ulpq_store_reasm(struct sctp_ulpq * ulpq,struct sctp_ulpevent * event)273 static void sctp_ulpq_store_reasm(struct sctp_ulpq *ulpq,
274 struct sctp_ulpevent *event)
275 {
276 struct sk_buff *pos;
277 struct sctp_ulpevent *cevent;
278 __u32 tsn, ctsn;
279
280 tsn = event->tsn;
281
282 /* See if it belongs at the end. */
283 pos = skb_peek_tail(&ulpq->reasm);
284 if (!pos) {
285 __skb_queue_tail(&ulpq->reasm, sctp_event2skb(event));
286 return;
287 }
288
289 /* Short circuit just dropping it at the end. */
290 cevent = sctp_skb2event(pos);
291 ctsn = cevent->tsn;
292 if (TSN_lt(ctsn, tsn)) {
293 __skb_queue_tail(&ulpq->reasm, sctp_event2skb(event));
294 return;
295 }
296
297 /* Find the right place in this list. We store them by TSN. */
298 skb_queue_walk(&ulpq->reasm, pos) {
299 cevent = sctp_skb2event(pos);
300 ctsn = cevent->tsn;
301
302 if (TSN_lt(tsn, ctsn))
303 break;
304 }
305
306 /* Insert before pos. */
307 __skb_queue_before(&ulpq->reasm, pos, sctp_event2skb(event));
308
309 }
310
311 /* Helper function to return an event corresponding to the reassembled
312 * datagram.
313 * This routine creates a re-assembled skb given the first and last skb's
314 * as stored in the reassembly queue. The skb's may be non-linear if the sctp
315 * payload was fragmented on the way and ip had to reassemble them.
316 * We add the rest of skb's to the first skb's fraglist.
317 */
sctp_make_reassembled_event(struct net * net,struct sk_buff_head * queue,struct sk_buff * f_frag,struct sk_buff * l_frag)318 struct sctp_ulpevent *sctp_make_reassembled_event(struct net *net,
319 struct sk_buff_head *queue,
320 struct sk_buff *f_frag,
321 struct sk_buff *l_frag)
322 {
323 struct sk_buff *pos;
324 struct sk_buff *new = NULL;
325 struct sctp_ulpevent *event;
326 struct sk_buff *pnext, *last;
327 struct sk_buff *list = skb_shinfo(f_frag)->frag_list;
328
329 /* Store the pointer to the 2nd skb */
330 if (f_frag == l_frag)
331 pos = NULL;
332 else
333 pos = f_frag->next;
334
335 /* Get the last skb in the f_frag's frag_list if present. */
336 for (last = list; list; last = list, list = list->next)
337 ;
338
339 /* Add the list of remaining fragments to the first fragments
340 * frag_list.
341 */
342 if (last)
343 last->next = pos;
344 else {
345 if (skb_cloned(f_frag)) {
346 /* This is a cloned skb, we can't just modify
347 * the frag_list. We need a new skb to do that.
348 * Instead of calling skb_unshare(), we'll do it
349 * ourselves since we need to delay the free.
350 */
351 new = skb_copy(f_frag, GFP_ATOMIC);
352 if (!new)
353 return NULL; /* try again later */
354
355 sctp_skb_set_owner_r(new, f_frag->sk);
356
357 skb_shinfo(new)->frag_list = pos;
358 } else
359 skb_shinfo(f_frag)->frag_list = pos;
360 }
361
362 /* Remove the first fragment from the reassembly queue. */
363 __skb_unlink(f_frag, queue);
364
365 /* if we did unshare, then free the old skb and re-assign */
366 if (new) {
367 kfree_skb(f_frag);
368 f_frag = new;
369 }
370
371 while (pos) {
372
373 pnext = pos->next;
374
375 /* Update the len and data_len fields of the first fragment. */
376 f_frag->len += pos->len;
377 f_frag->data_len += pos->len;
378
379 /* Remove the fragment from the reassembly queue. */
380 __skb_unlink(pos, queue);
381
382 /* Break if we have reached the last fragment. */
383 if (pos == l_frag)
384 break;
385 pos->next = pnext;
386 pos = pnext;
387 }
388
389 event = sctp_skb2event(f_frag);
390 SCTP_INC_STATS(net, SCTP_MIB_REASMUSRMSGS);
391
392 return event;
393 }
394
395
396 /* Helper function to check if an incoming chunk has filled up the last
397 * missing fragment in a SCTP datagram and return the corresponding event.
398 */
sctp_ulpq_retrieve_reassembled(struct sctp_ulpq * ulpq)399 static struct sctp_ulpevent *sctp_ulpq_retrieve_reassembled(struct sctp_ulpq *ulpq)
400 {
401 struct sk_buff *pos;
402 struct sctp_ulpevent *cevent;
403 struct sk_buff *first_frag = NULL;
404 __u32 ctsn, next_tsn;
405 struct sctp_ulpevent *retval = NULL;
406 struct sk_buff *pd_first = NULL;
407 struct sk_buff *pd_last = NULL;
408 size_t pd_len = 0;
409 struct sctp_association *asoc;
410 u32 pd_point;
411
412 /* Initialized to 0 just to avoid compiler warning message. Will
413 * never be used with this value. It is referenced only after it
414 * is set when we find the first fragment of a message.
415 */
416 next_tsn = 0;
417
418 /* The chunks are held in the reasm queue sorted by TSN.
419 * Walk through the queue sequentially and look for a sequence of
420 * fragmented chunks that complete a datagram.
421 * 'first_frag' and next_tsn are reset when we find a chunk which
422 * is the first fragment of a datagram. Once these 2 fields are set
423 * we expect to find the remaining middle fragments and the last
424 * fragment in order. If not, first_frag is reset to NULL and we
425 * start the next pass when we find another first fragment.
426 *
427 * There is a potential to do partial delivery if user sets
428 * SCTP_PARTIAL_DELIVERY_POINT option. Lets count some things here
429 * to see if can do PD.
430 */
431 skb_queue_walk(&ulpq->reasm, pos) {
432 cevent = sctp_skb2event(pos);
433 ctsn = cevent->tsn;
434
435 switch (cevent->msg_flags & SCTP_DATA_FRAG_MASK) {
436 case SCTP_DATA_FIRST_FRAG:
437 /* If this "FIRST_FRAG" is the first
438 * element in the queue, then count it towards
439 * possible PD.
440 */
441 if (skb_queue_is_first(&ulpq->reasm, pos)) {
442 pd_first = pos;
443 pd_last = pos;
444 pd_len = pos->len;
445 } else {
446 pd_first = NULL;
447 pd_last = NULL;
448 pd_len = 0;
449 }
450
451 first_frag = pos;
452 next_tsn = ctsn + 1;
453 break;
454
455 case SCTP_DATA_MIDDLE_FRAG:
456 if ((first_frag) && (ctsn == next_tsn)) {
457 next_tsn++;
458 if (pd_first) {
459 pd_last = pos;
460 pd_len += pos->len;
461 }
462 } else
463 first_frag = NULL;
464 break;
465
466 case SCTP_DATA_LAST_FRAG:
467 if (first_frag && (ctsn == next_tsn))
468 goto found;
469 else
470 first_frag = NULL;
471 break;
472 }
473 }
474
475 asoc = ulpq->asoc;
476 if (pd_first) {
477 /* Make sure we can enter partial deliver.
478 * We can trigger partial delivery only if framgent
479 * interleave is set, or the socket is not already
480 * in partial delivery.
481 */
482 if (!sctp_sk(asoc->base.sk)->frag_interleave &&
483 atomic_read(&sctp_sk(asoc->base.sk)->pd_mode))
484 goto done;
485
486 cevent = sctp_skb2event(pd_first);
487 pd_point = sctp_sk(asoc->base.sk)->pd_point;
488 if (pd_point && pd_point <= pd_len) {
489 retval = sctp_make_reassembled_event(asoc->base.net,
490 &ulpq->reasm,
491 pd_first, pd_last);
492 if (retval)
493 sctp_ulpq_set_pd(ulpq);
494 }
495 }
496 done:
497 return retval;
498 found:
499 retval = sctp_make_reassembled_event(ulpq->asoc->base.net,
500 &ulpq->reasm, first_frag, pos);
501 if (retval)
502 retval->msg_flags |= MSG_EOR;
503 goto done;
504 }
505
506 /* Retrieve the next set of fragments of a partial message. */
sctp_ulpq_retrieve_partial(struct sctp_ulpq * ulpq)507 static struct sctp_ulpevent *sctp_ulpq_retrieve_partial(struct sctp_ulpq *ulpq)
508 {
509 struct sk_buff *pos, *last_frag, *first_frag;
510 struct sctp_ulpevent *cevent;
511 __u32 ctsn, next_tsn;
512 int is_last;
513 struct sctp_ulpevent *retval;
514
515 /* The chunks are held in the reasm queue sorted by TSN.
516 * Walk through the queue sequentially and look for the first
517 * sequence of fragmented chunks.
518 */
519
520 if (skb_queue_empty(&ulpq->reasm))
521 return NULL;
522
523 last_frag = first_frag = NULL;
524 retval = NULL;
525 next_tsn = 0;
526 is_last = 0;
527
528 skb_queue_walk(&ulpq->reasm, pos) {
529 cevent = sctp_skb2event(pos);
530 ctsn = cevent->tsn;
531
532 switch (cevent->msg_flags & SCTP_DATA_FRAG_MASK) {
533 case SCTP_DATA_FIRST_FRAG:
534 if (!first_frag)
535 return NULL;
536 goto done;
537 case SCTP_DATA_MIDDLE_FRAG:
538 if (!first_frag) {
539 first_frag = pos;
540 next_tsn = ctsn + 1;
541 last_frag = pos;
542 } else if (next_tsn == ctsn) {
543 next_tsn++;
544 last_frag = pos;
545 } else
546 goto done;
547 break;
548 case SCTP_DATA_LAST_FRAG:
549 if (!first_frag)
550 first_frag = pos;
551 else if (ctsn != next_tsn)
552 goto done;
553 last_frag = pos;
554 is_last = 1;
555 goto done;
556 default:
557 return NULL;
558 }
559 }
560
561 /* We have the reassembled event. There is no need to look
562 * further.
563 */
564 done:
565 retval = sctp_make_reassembled_event(ulpq->asoc->base.net, &ulpq->reasm,
566 first_frag, last_frag);
567 if (retval && is_last)
568 retval->msg_flags |= MSG_EOR;
569
570 return retval;
571 }
572
573
574 /* Helper function to reassemble chunks. Hold chunks on the reasm queue that
575 * need reassembling.
576 */
sctp_ulpq_reasm(struct sctp_ulpq * ulpq,struct sctp_ulpevent * event)577 static struct sctp_ulpevent *sctp_ulpq_reasm(struct sctp_ulpq *ulpq,
578 struct sctp_ulpevent *event)
579 {
580 struct sctp_ulpevent *retval = NULL;
581
582 /* Check if this is part of a fragmented message. */
583 if (SCTP_DATA_NOT_FRAG == (event->msg_flags & SCTP_DATA_FRAG_MASK)) {
584 event->msg_flags |= MSG_EOR;
585 return event;
586 }
587
588 sctp_ulpq_store_reasm(ulpq, event);
589 if (!ulpq->pd_mode)
590 retval = sctp_ulpq_retrieve_reassembled(ulpq);
591 else {
592 __u32 ctsn, ctsnap;
593
594 /* Do not even bother unless this is the next tsn to
595 * be delivered.
596 */
597 ctsn = event->tsn;
598 ctsnap = sctp_tsnmap_get_ctsn(&ulpq->asoc->peer.tsn_map);
599 if (TSN_lte(ctsn, ctsnap))
600 retval = sctp_ulpq_retrieve_partial(ulpq);
601 }
602
603 return retval;
604 }
605
606 /* Retrieve the first part (sequential fragments) for partial delivery. */
sctp_ulpq_retrieve_first(struct sctp_ulpq * ulpq)607 static struct sctp_ulpevent *sctp_ulpq_retrieve_first(struct sctp_ulpq *ulpq)
608 {
609 struct sk_buff *pos, *last_frag, *first_frag;
610 struct sctp_ulpevent *cevent;
611 __u32 ctsn, next_tsn;
612 struct sctp_ulpevent *retval;
613
614 /* The chunks are held in the reasm queue sorted by TSN.
615 * Walk through the queue sequentially and look for a sequence of
616 * fragmented chunks that start a datagram.
617 */
618
619 if (skb_queue_empty(&ulpq->reasm))
620 return NULL;
621
622 last_frag = first_frag = NULL;
623 retval = NULL;
624 next_tsn = 0;
625
626 skb_queue_walk(&ulpq->reasm, pos) {
627 cevent = sctp_skb2event(pos);
628 ctsn = cevent->tsn;
629
630 switch (cevent->msg_flags & SCTP_DATA_FRAG_MASK) {
631 case SCTP_DATA_FIRST_FRAG:
632 if (!first_frag) {
633 first_frag = pos;
634 next_tsn = ctsn + 1;
635 last_frag = pos;
636 } else
637 goto done;
638 break;
639
640 case SCTP_DATA_MIDDLE_FRAG:
641 if (!first_frag)
642 return NULL;
643 if (ctsn == next_tsn) {
644 next_tsn++;
645 last_frag = pos;
646 } else
647 goto done;
648 break;
649
650 case SCTP_DATA_LAST_FRAG:
651 if (!first_frag)
652 return NULL;
653 else
654 goto done;
655 break;
656
657 default:
658 return NULL;
659 }
660 }
661
662 /* We have the reassembled event. There is no need to look
663 * further.
664 */
665 done:
666 retval = sctp_make_reassembled_event(ulpq->asoc->base.net, &ulpq->reasm,
667 first_frag, last_frag);
668 return retval;
669 }
670
671 /*
672 * Flush out stale fragments from the reassembly queue when processing
673 * a Forward TSN.
674 *
675 * RFC 3758, Section 3.6
676 *
677 * After receiving and processing a FORWARD TSN, the data receiver MUST
678 * take cautions in updating its re-assembly queue. The receiver MUST
679 * remove any partially reassembled message, which is still missing one
680 * or more TSNs earlier than or equal to the new cumulative TSN point.
681 * In the event that the receiver has invoked the partial delivery API,
682 * a notification SHOULD also be generated to inform the upper layer API
683 * that the message being partially delivered will NOT be completed.
684 */
sctp_ulpq_reasm_flushtsn(struct sctp_ulpq * ulpq,__u32 fwd_tsn)685 void sctp_ulpq_reasm_flushtsn(struct sctp_ulpq *ulpq, __u32 fwd_tsn)
686 {
687 struct sk_buff *pos, *tmp;
688 struct sctp_ulpevent *event;
689 __u32 tsn;
690
691 if (skb_queue_empty(&ulpq->reasm))
692 return;
693
694 skb_queue_walk_safe(&ulpq->reasm, pos, tmp) {
695 event = sctp_skb2event(pos);
696 tsn = event->tsn;
697
698 /* Since the entire message must be abandoned by the
699 * sender (item A3 in Section 3.5, RFC 3758), we can
700 * free all fragments on the list that are less then
701 * or equal to ctsn_point
702 */
703 if (TSN_lte(tsn, fwd_tsn)) {
704 __skb_unlink(pos, &ulpq->reasm);
705 sctp_ulpevent_free(event);
706 } else
707 break;
708 }
709 }
710
711 /*
712 * Drain the reassembly queue. If we just cleared parted delivery, it
713 * is possible that the reassembly queue will contain already reassembled
714 * messages. Retrieve any such messages and give them to the user.
715 */
sctp_ulpq_reasm_drain(struct sctp_ulpq * ulpq)716 static void sctp_ulpq_reasm_drain(struct sctp_ulpq *ulpq)
717 {
718 struct sctp_ulpevent *event = NULL;
719
720 if (skb_queue_empty(&ulpq->reasm))
721 return;
722
723 while ((event = sctp_ulpq_retrieve_reassembled(ulpq)) != NULL) {
724 struct sk_buff_head temp;
725
726 skb_queue_head_init(&temp);
727 __skb_queue_tail(&temp, sctp_event2skb(event));
728
729 /* Do ordering if needed. */
730 if (event->msg_flags & MSG_EOR)
731 event = sctp_ulpq_order(ulpq, event);
732
733 /* Send event to the ULP. 'event' is the
734 * sctp_ulpevent for very first SKB on the temp' list.
735 */
736 if (event)
737 sctp_ulpq_tail_event(ulpq, &temp);
738 }
739 }
740
741
742 /* Helper function to gather skbs that have possibly become
743 * ordered by an incoming chunk.
744 */
sctp_ulpq_retrieve_ordered(struct sctp_ulpq * ulpq,struct sctp_ulpevent * event)745 static void sctp_ulpq_retrieve_ordered(struct sctp_ulpq *ulpq,
746 struct sctp_ulpevent *event)
747 {
748 struct sk_buff_head *event_list;
749 struct sk_buff *pos, *tmp;
750 struct sctp_ulpevent *cevent;
751 struct sctp_stream *stream;
752 __u16 sid, csid, cssn;
753
754 sid = event->stream;
755 stream = &ulpq->asoc->stream;
756
757 event_list = (struct sk_buff_head *) sctp_event2skb(event)->prev;
758
759 /* We are holding the chunks by stream, by SSN. */
760 sctp_skb_for_each(pos, &ulpq->lobby, tmp) {
761 cevent = (struct sctp_ulpevent *) pos->cb;
762 csid = cevent->stream;
763 cssn = cevent->ssn;
764
765 /* Have we gone too far? */
766 if (csid > sid)
767 break;
768
769 /* Have we not gone far enough? */
770 if (csid < sid)
771 continue;
772
773 if (cssn != sctp_ssn_peek(stream, in, sid))
774 break;
775
776 /* Found it, so mark in the stream. */
777 sctp_ssn_next(stream, in, sid);
778
779 __skb_unlink(pos, &ulpq->lobby);
780
781 /* Attach all gathered skbs to the event. */
782 __skb_queue_tail(event_list, pos);
783 }
784 }
785
786 /* Helper function to store chunks needing ordering. */
sctp_ulpq_store_ordered(struct sctp_ulpq * ulpq,struct sctp_ulpevent * event)787 static void sctp_ulpq_store_ordered(struct sctp_ulpq *ulpq,
788 struct sctp_ulpevent *event)
789 {
790 struct sk_buff *pos;
791 struct sctp_ulpevent *cevent;
792 __u16 sid, csid;
793 __u16 ssn, cssn;
794
795 pos = skb_peek_tail(&ulpq->lobby);
796 if (!pos) {
797 __skb_queue_tail(&ulpq->lobby, sctp_event2skb(event));
798 return;
799 }
800
801 sid = event->stream;
802 ssn = event->ssn;
803
804 cevent = (struct sctp_ulpevent *) pos->cb;
805 csid = cevent->stream;
806 cssn = cevent->ssn;
807 if (sid > csid) {
808 __skb_queue_tail(&ulpq->lobby, sctp_event2skb(event));
809 return;
810 }
811
812 if ((sid == csid) && SSN_lt(cssn, ssn)) {
813 __skb_queue_tail(&ulpq->lobby, sctp_event2skb(event));
814 return;
815 }
816
817 /* Find the right place in this list. We store them by
818 * stream ID and then by SSN.
819 */
820 skb_queue_walk(&ulpq->lobby, pos) {
821 cevent = (struct sctp_ulpevent *) pos->cb;
822 csid = cevent->stream;
823 cssn = cevent->ssn;
824
825 if (csid > sid)
826 break;
827 if (csid == sid && SSN_lt(ssn, cssn))
828 break;
829 }
830
831
832 /* Insert before pos. */
833 __skb_queue_before(&ulpq->lobby, pos, sctp_event2skb(event));
834 }
835
sctp_ulpq_order(struct sctp_ulpq * ulpq,struct sctp_ulpevent * event)836 static struct sctp_ulpevent *sctp_ulpq_order(struct sctp_ulpq *ulpq,
837 struct sctp_ulpevent *event)
838 {
839 __u16 sid, ssn;
840 struct sctp_stream *stream;
841
842 /* Check if this message needs ordering. */
843 if (event->msg_flags & SCTP_DATA_UNORDERED)
844 return event;
845
846 /* Note: The stream ID must be verified before this routine. */
847 sid = event->stream;
848 ssn = event->ssn;
849 stream = &ulpq->asoc->stream;
850
851 /* Is this the expected SSN for this stream ID? */
852 if (ssn != sctp_ssn_peek(stream, in, sid)) {
853 /* We've received something out of order, so find where it
854 * needs to be placed. We order by stream and then by SSN.
855 */
856 sctp_ulpq_store_ordered(ulpq, event);
857 return NULL;
858 }
859
860 /* Mark that the next chunk has been found. */
861 sctp_ssn_next(stream, in, sid);
862
863 /* Go find any other chunks that were waiting for
864 * ordering.
865 */
866 sctp_ulpq_retrieve_ordered(ulpq, event);
867
868 return event;
869 }
870
871 /* Helper function to gather skbs that have possibly become
872 * ordered by forward tsn skipping their dependencies.
873 */
sctp_ulpq_reap_ordered(struct sctp_ulpq * ulpq,__u16 sid)874 static void sctp_ulpq_reap_ordered(struct sctp_ulpq *ulpq, __u16 sid)
875 {
876 struct sk_buff *pos, *tmp;
877 struct sctp_ulpevent *cevent;
878 struct sctp_ulpevent *event;
879 struct sctp_stream *stream;
880 struct sk_buff_head temp;
881 struct sk_buff_head *lobby = &ulpq->lobby;
882 __u16 csid, cssn;
883
884 stream = &ulpq->asoc->stream;
885
886 /* We are holding the chunks by stream, by SSN. */
887 skb_queue_head_init(&temp);
888 event = NULL;
889 sctp_skb_for_each(pos, lobby, tmp) {
890 cevent = (struct sctp_ulpevent *) pos->cb;
891 csid = cevent->stream;
892 cssn = cevent->ssn;
893
894 /* Have we gone too far? */
895 if (csid > sid)
896 break;
897
898 /* Have we not gone far enough? */
899 if (csid < sid)
900 continue;
901
902 /* see if this ssn has been marked by skipping */
903 if (!SSN_lt(cssn, sctp_ssn_peek(stream, in, csid)))
904 break;
905
906 __skb_unlink(pos, lobby);
907 if (!event)
908 /* Create a temporary list to collect chunks on. */
909 event = sctp_skb2event(pos);
910
911 /* Attach all gathered skbs to the event. */
912 __skb_queue_tail(&temp, pos);
913 }
914
915 /* If we didn't reap any data, see if the next expected SSN
916 * is next on the queue and if so, use that.
917 */
918 if (event == NULL && pos != (struct sk_buff *)lobby) {
919 cevent = (struct sctp_ulpevent *) pos->cb;
920 csid = cevent->stream;
921 cssn = cevent->ssn;
922
923 if (csid == sid && cssn == sctp_ssn_peek(stream, in, csid)) {
924 sctp_ssn_next(stream, in, csid);
925 __skb_unlink(pos, lobby);
926 __skb_queue_tail(&temp, pos);
927 event = sctp_skb2event(pos);
928 }
929 }
930
931 /* Send event to the ULP. 'event' is the sctp_ulpevent for
932 * very first SKB on the 'temp' list.
933 */
934 if (event) {
935 /* see if we have more ordered that we can deliver */
936 sctp_ulpq_retrieve_ordered(ulpq, event);
937 sctp_ulpq_tail_event(ulpq, &temp);
938 }
939 }
940
941 /* Skip over an SSN. This is used during the processing of
942 * Forwared TSN chunk to skip over the abandoned ordered data
943 */
sctp_ulpq_skip(struct sctp_ulpq * ulpq,__u16 sid,__u16 ssn)944 void sctp_ulpq_skip(struct sctp_ulpq *ulpq, __u16 sid, __u16 ssn)
945 {
946 struct sctp_stream *stream;
947
948 /* Note: The stream ID must be verified before this routine. */
949 stream = &ulpq->asoc->stream;
950
951 /* Is this an old SSN? If so ignore. */
952 if (SSN_lt(ssn, sctp_ssn_peek(stream, in, sid)))
953 return;
954
955 /* Mark that we are no longer expecting this SSN or lower. */
956 sctp_ssn_skip(stream, in, sid, ssn);
957
958 /* Go find any other chunks that were waiting for
959 * ordering and deliver them if needed.
960 */
961 sctp_ulpq_reap_ordered(ulpq, sid);
962 }
963
sctp_ulpq_renege_list(struct sctp_ulpq * ulpq,struct sk_buff_head * list,__u16 needed)964 __u16 sctp_ulpq_renege_list(struct sctp_ulpq *ulpq, struct sk_buff_head *list,
965 __u16 needed)
966 {
967 __u16 freed = 0;
968 __u32 tsn, last_tsn;
969 struct sk_buff *skb, *flist, *last;
970 struct sctp_ulpevent *event;
971 struct sctp_tsnmap *tsnmap;
972
973 tsnmap = &ulpq->asoc->peer.tsn_map;
974
975 while ((skb = skb_peek_tail(list)) != NULL) {
976 event = sctp_skb2event(skb);
977 tsn = event->tsn;
978
979 /* Don't renege below the Cumulative TSN ACK Point. */
980 if (TSN_lte(tsn, sctp_tsnmap_get_ctsn(tsnmap)))
981 break;
982
983 /* Events in ordering queue may have multiple fragments
984 * corresponding to additional TSNs. Sum the total
985 * freed space; find the last TSN.
986 */
987 freed += skb_headlen(skb);
988 flist = skb_shinfo(skb)->frag_list;
989 for (last = flist; flist; flist = flist->next) {
990 last = flist;
991 freed += skb_headlen(last);
992 }
993 if (last)
994 last_tsn = sctp_skb2event(last)->tsn;
995 else
996 last_tsn = tsn;
997
998 /* Unlink the event, then renege all applicable TSNs. */
999 __skb_unlink(skb, list);
1000 sctp_ulpevent_free(event);
1001 while (TSN_lte(tsn, last_tsn)) {
1002 sctp_tsnmap_renege(tsnmap, tsn);
1003 tsn++;
1004 }
1005 if (freed >= needed)
1006 return freed;
1007 }
1008
1009 return freed;
1010 }
1011
1012 /* Renege 'needed' bytes from the ordering queue. */
sctp_ulpq_renege_order(struct sctp_ulpq * ulpq,__u16 needed)1013 static __u16 sctp_ulpq_renege_order(struct sctp_ulpq *ulpq, __u16 needed)
1014 {
1015 return sctp_ulpq_renege_list(ulpq, &ulpq->lobby, needed);
1016 }
1017
1018 /* Renege 'needed' bytes from the reassembly queue. */
sctp_ulpq_renege_frags(struct sctp_ulpq * ulpq,__u16 needed)1019 static __u16 sctp_ulpq_renege_frags(struct sctp_ulpq *ulpq, __u16 needed)
1020 {
1021 return sctp_ulpq_renege_list(ulpq, &ulpq->reasm, needed);
1022 }
1023
1024 /* Partial deliver the first message as there is pressure on rwnd. */
sctp_ulpq_partial_delivery(struct sctp_ulpq * ulpq,gfp_t gfp)1025 void sctp_ulpq_partial_delivery(struct sctp_ulpq *ulpq,
1026 gfp_t gfp)
1027 {
1028 struct sctp_ulpevent *event;
1029 struct sctp_association *asoc;
1030 struct sctp_sock *sp;
1031 __u32 ctsn;
1032 struct sk_buff *skb;
1033
1034 asoc = ulpq->asoc;
1035 sp = sctp_sk(asoc->base.sk);
1036
1037 /* If the association is already in Partial Delivery mode
1038 * we have nothing to do.
1039 */
1040 if (ulpq->pd_mode)
1041 return;
1042
1043 /* Data must be at or below the Cumulative TSN ACK Point to
1044 * start partial delivery.
1045 */
1046 skb = skb_peek(&asoc->ulpq.reasm);
1047 if (skb != NULL) {
1048 ctsn = sctp_skb2event(skb)->tsn;
1049 if (!TSN_lte(ctsn, sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map)))
1050 return;
1051 }
1052
1053 /* If the user enabled fragment interleave socket option,
1054 * multiple associations can enter partial delivery.
1055 * Otherwise, we can only enter partial delivery if the
1056 * socket is not in partial deliver mode.
1057 */
1058 if (sp->frag_interleave || atomic_read(&sp->pd_mode) == 0) {
1059 /* Is partial delivery possible? */
1060 event = sctp_ulpq_retrieve_first(ulpq);
1061 /* Send event to the ULP. */
1062 if (event) {
1063 struct sk_buff_head temp;
1064
1065 skb_queue_head_init(&temp);
1066 __skb_queue_tail(&temp, sctp_event2skb(event));
1067 sctp_ulpq_tail_event(ulpq, &temp);
1068 sctp_ulpq_set_pd(ulpq);
1069 return;
1070 }
1071 }
1072 }
1073
1074 /* Renege some packets to make room for an incoming chunk. */
sctp_ulpq_renege(struct sctp_ulpq * ulpq,struct sctp_chunk * chunk,gfp_t gfp)1075 void sctp_ulpq_renege(struct sctp_ulpq *ulpq, struct sctp_chunk *chunk,
1076 gfp_t gfp)
1077 {
1078 struct sctp_association *asoc = ulpq->asoc;
1079 __u32 freed = 0;
1080 __u16 needed;
1081
1082 needed = ntohs(chunk->chunk_hdr->length) -
1083 sizeof(struct sctp_data_chunk);
1084
1085 if (skb_queue_empty(&asoc->base.sk->sk_receive_queue)) {
1086 freed = sctp_ulpq_renege_order(ulpq, needed);
1087 if (freed < needed)
1088 freed += sctp_ulpq_renege_frags(ulpq, needed - freed);
1089 }
1090 /* If able to free enough room, accept this chunk. */
1091 if (sk_rmem_schedule(asoc->base.sk, chunk->skb, needed) &&
1092 freed >= needed) {
1093 int retval = sctp_ulpq_tail_data(ulpq, chunk, gfp);
1094 /*
1095 * Enter partial delivery if chunk has not been
1096 * delivered; otherwise, drain the reassembly queue.
1097 */
1098 if (retval <= 0)
1099 sctp_ulpq_partial_delivery(ulpq, gfp);
1100 else if (retval == 1)
1101 sctp_ulpq_reasm_drain(ulpq);
1102 }
1103 }
1104
1105 /* Notify the application if an association is aborted and in
1106 * partial delivery mode. Send up any pending received messages.
1107 */
sctp_ulpq_abort_pd(struct sctp_ulpq * ulpq,gfp_t gfp)1108 void sctp_ulpq_abort_pd(struct sctp_ulpq *ulpq, gfp_t gfp)
1109 {
1110 struct sctp_ulpevent *ev = NULL;
1111 struct sctp_sock *sp;
1112 struct sock *sk;
1113
1114 if (!ulpq->pd_mode)
1115 return;
1116
1117 sk = ulpq->asoc->base.sk;
1118 sp = sctp_sk(sk);
1119 if (sctp_ulpevent_type_enabled(ulpq->asoc->subscribe,
1120 SCTP_PARTIAL_DELIVERY_EVENT))
1121 ev = sctp_ulpevent_make_pdapi(ulpq->asoc,
1122 SCTP_PARTIAL_DELIVERY_ABORTED,
1123 0, 0, 0, gfp);
1124 if (ev)
1125 __skb_queue_tail(&sk->sk_receive_queue, sctp_event2skb(ev));
1126
1127 /* If there is data waiting, send it up the socket now. */
1128 if ((sctp_ulpq_clear_pd(ulpq) || ev) && !sp->data_ready_signalled) {
1129 sp->data_ready_signalled = 1;
1130 sk->sk_data_ready(sk);
1131 }
1132 }
1133