1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* SCTP kernel implementation
3 * (C) Copyright IBM Corp. 2001, 2004
4 * Copyright (c) 1999-2000 Cisco, Inc.
5 * Copyright (c) 1999-2001 Motorola, Inc.
6 * Copyright (c) 2001 Intel Corp.
7 *
8 * This file is part of the SCTP kernel implementation
9 *
10 * This file contains sctp stream maniuplation primitives and helpers.
11 *
12 * Please send any bug reports or fixes you make to the
13 * email address(es):
14 * lksctp developers <linux-sctp@vger.kernel.org>
15 *
16 * Written or modified by:
17 * Xin Long <lucien.xin@gmail.com>
18 */
19
20 #include <linux/list.h>
21 #include <net/sctp/sctp.h>
22 #include <net/sctp/sm.h>
23 #include <net/sctp/stream_sched.h>
24
25 /* Migrates chunks from stream queues to new stream queues if needed,
26 * but not across associations. Also, removes those chunks to streams
27 * higher than the new max.
28 */
sctp_stream_outq_migrate(struct sctp_stream * stream,struct sctp_stream * new,__u16 outcnt)29 static void sctp_stream_outq_migrate(struct sctp_stream *stream,
30 struct sctp_stream *new, __u16 outcnt)
31 {
32 struct sctp_association *asoc;
33 struct sctp_chunk *ch, *temp;
34 struct sctp_outq *outq;
35 int i;
36
37 asoc = container_of(stream, struct sctp_association, stream);
38 outq = &asoc->outqueue;
39
40 list_for_each_entry_safe(ch, temp, &outq->out_chunk_list, list) {
41 __u16 sid = sctp_chunk_stream_no(ch);
42
43 if (sid < outcnt)
44 continue;
45
46 sctp_sched_dequeue_common(outq, ch);
47 /* No need to call dequeue_done here because
48 * the chunks are not scheduled by now.
49 */
50
51 /* Mark as failed send. */
52 sctp_chunk_fail(ch, (__force __u32)SCTP_ERROR_INV_STRM);
53 if (asoc->peer.prsctp_capable &&
54 SCTP_PR_PRIO_ENABLED(ch->sinfo.sinfo_flags))
55 asoc->sent_cnt_removable--;
56
57 sctp_chunk_free(ch);
58 }
59
60 if (new) {
61 /* Here we actually move the old ext stuff into the new
62 * buffer, because we want to keep it. Then
63 * sctp_stream_update will swap ->out pointers.
64 */
65 for (i = 0; i < outcnt; i++) {
66 kfree(SCTP_SO(new, i)->ext);
67 SCTP_SO(new, i)->ext = SCTP_SO(stream, i)->ext;
68 SCTP_SO(stream, i)->ext = NULL;
69 }
70 }
71
72 for (i = outcnt; i < stream->outcnt; i++) {
73 kfree(SCTP_SO(stream, i)->ext);
74 SCTP_SO(stream, i)->ext = NULL;
75 }
76 }
77
sctp_stream_alloc_out(struct sctp_stream * stream,__u16 outcnt,gfp_t gfp)78 static int sctp_stream_alloc_out(struct sctp_stream *stream, __u16 outcnt,
79 gfp_t gfp)
80 {
81 int ret;
82
83 if (outcnt <= stream->outcnt)
84 return 0;
85
86 ret = genradix_prealloc(&stream->out, outcnt, gfp);
87 if (ret)
88 return ret;
89
90 stream->outcnt = outcnt;
91 return 0;
92 }
93
sctp_stream_alloc_in(struct sctp_stream * stream,__u16 incnt,gfp_t gfp)94 static int sctp_stream_alloc_in(struct sctp_stream *stream, __u16 incnt,
95 gfp_t gfp)
96 {
97 int ret;
98
99 if (incnt <= stream->incnt)
100 return 0;
101
102 ret = genradix_prealloc(&stream->in, incnt, gfp);
103 if (ret)
104 return ret;
105
106 stream->incnt = incnt;
107 return 0;
108 }
109
sctp_stream_init(struct sctp_stream * stream,__u16 outcnt,__u16 incnt,gfp_t gfp)110 int sctp_stream_init(struct sctp_stream *stream, __u16 outcnt, __u16 incnt,
111 gfp_t gfp)
112 {
113 struct sctp_sched_ops *sched = sctp_sched_ops_from_stream(stream);
114 int i, ret = 0;
115
116 gfp |= __GFP_NOWARN;
117
118 /* Initial stream->out size may be very big, so free it and alloc
119 * a new one with new outcnt to save memory if needed.
120 */
121 if (outcnt == stream->outcnt)
122 goto handle_in;
123
124 /* Filter out chunks queued on streams that won't exist anymore */
125 sched->unsched_all(stream);
126 sctp_stream_outq_migrate(stream, NULL, outcnt);
127 sched->sched_all(stream);
128
129 ret = sctp_stream_alloc_out(stream, outcnt, gfp);
130 if (ret)
131 goto out_err;
132
133 for (i = 0; i < stream->outcnt; i++)
134 SCTP_SO(stream, i)->state = SCTP_STREAM_OPEN;
135
136 handle_in:
137 sctp_stream_interleave_init(stream);
138 if (!incnt)
139 goto out;
140
141 ret = sctp_stream_alloc_in(stream, incnt, gfp);
142 if (ret)
143 goto in_err;
144
145 goto out;
146
147 in_err:
148 sched->free(stream);
149 genradix_free(&stream->in);
150 out_err:
151 genradix_free(&stream->out);
152 stream->outcnt = 0;
153 out:
154 return ret;
155 }
156
sctp_stream_init_ext(struct sctp_stream * stream,__u16 sid)157 int sctp_stream_init_ext(struct sctp_stream *stream, __u16 sid)
158 {
159 struct sctp_stream_out_ext *soute;
160 int ret;
161
162 soute = kzalloc(sizeof(*soute), GFP_KERNEL);
163 if (!soute)
164 return -ENOMEM;
165 SCTP_SO(stream, sid)->ext = soute;
166
167 ret = sctp_sched_init_sid(stream, sid, GFP_KERNEL);
168 if (ret) {
169 kfree(SCTP_SO(stream, sid)->ext);
170 SCTP_SO(stream, sid)->ext = NULL;
171 }
172
173 return ret;
174 }
175
sctp_stream_free(struct sctp_stream * stream)176 void sctp_stream_free(struct sctp_stream *stream)
177 {
178 struct sctp_sched_ops *sched = sctp_sched_ops_from_stream(stream);
179 int i;
180
181 sched->free(stream);
182 for (i = 0; i < stream->outcnt; i++)
183 kfree(SCTP_SO(stream, i)->ext);
184 genradix_free(&stream->out);
185 genradix_free(&stream->in);
186 }
187
sctp_stream_clear(struct sctp_stream * stream)188 void sctp_stream_clear(struct sctp_stream *stream)
189 {
190 int i;
191
192 for (i = 0; i < stream->outcnt; i++) {
193 SCTP_SO(stream, i)->mid = 0;
194 SCTP_SO(stream, i)->mid_uo = 0;
195 }
196
197 for (i = 0; i < stream->incnt; i++)
198 SCTP_SI(stream, i)->mid = 0;
199 }
200
sctp_stream_update(struct sctp_stream * stream,struct sctp_stream * new)201 void sctp_stream_update(struct sctp_stream *stream, struct sctp_stream *new)
202 {
203 struct sctp_sched_ops *sched = sctp_sched_ops_from_stream(stream);
204
205 sched->unsched_all(stream);
206 sctp_stream_outq_migrate(stream, new, new->outcnt);
207 sctp_stream_free(stream);
208
209 stream->out = new->out;
210 stream->in = new->in;
211 stream->outcnt = new->outcnt;
212 stream->incnt = new->incnt;
213
214 sched->sched_all(stream);
215
216 new->out.tree.root = NULL;
217 new->in.tree.root = NULL;
218 new->outcnt = 0;
219 new->incnt = 0;
220 }
221
sctp_send_reconf(struct sctp_association * asoc,struct sctp_chunk * chunk)222 static int sctp_send_reconf(struct sctp_association *asoc,
223 struct sctp_chunk *chunk)
224 {
225 struct net *net = sock_net(asoc->base.sk);
226 int retval = 0;
227
228 retval = sctp_primitive_RECONF(net, asoc, chunk);
229 if (retval)
230 sctp_chunk_free(chunk);
231
232 return retval;
233 }
234
sctp_stream_outq_is_empty(struct sctp_stream * stream,__u16 str_nums,__be16 * str_list)235 static bool sctp_stream_outq_is_empty(struct sctp_stream *stream,
236 __u16 str_nums, __be16 *str_list)
237 {
238 struct sctp_association *asoc;
239 __u16 i;
240
241 asoc = container_of(stream, struct sctp_association, stream);
242 if (!asoc->outqueue.out_qlen)
243 return true;
244
245 if (!str_nums)
246 return false;
247
248 for (i = 0; i < str_nums; i++) {
249 __u16 sid = ntohs(str_list[i]);
250
251 if (SCTP_SO(stream, sid)->ext &&
252 !list_empty(&SCTP_SO(stream, sid)->ext->outq))
253 return false;
254 }
255
256 return true;
257 }
258
sctp_send_reset_streams(struct sctp_association * asoc,struct sctp_reset_streams * params)259 int sctp_send_reset_streams(struct sctp_association *asoc,
260 struct sctp_reset_streams *params)
261 {
262 struct sctp_stream *stream = &asoc->stream;
263 __u16 i, str_nums, *str_list;
264 struct sctp_chunk *chunk;
265 int retval = -EINVAL;
266 __be16 *nstr_list;
267 bool out, in;
268
269 if (!asoc->peer.reconf_capable ||
270 !(asoc->strreset_enable & SCTP_ENABLE_RESET_STREAM_REQ)) {
271 retval = -ENOPROTOOPT;
272 goto out;
273 }
274
275 if (asoc->strreset_outstanding) {
276 retval = -EINPROGRESS;
277 goto out;
278 }
279
280 out = params->srs_flags & SCTP_STREAM_RESET_OUTGOING;
281 in = params->srs_flags & SCTP_STREAM_RESET_INCOMING;
282 if (!out && !in)
283 goto out;
284
285 str_nums = params->srs_number_streams;
286 str_list = params->srs_stream_list;
287 if (str_nums) {
288 int param_len = 0;
289
290 if (out) {
291 for (i = 0; i < str_nums; i++)
292 if (str_list[i] >= stream->outcnt)
293 goto out;
294
295 param_len = str_nums * sizeof(__u16) +
296 sizeof(struct sctp_strreset_outreq);
297 }
298
299 if (in) {
300 for (i = 0; i < str_nums; i++)
301 if (str_list[i] >= stream->incnt)
302 goto out;
303
304 param_len += str_nums * sizeof(__u16) +
305 sizeof(struct sctp_strreset_inreq);
306 }
307
308 if (param_len > SCTP_MAX_CHUNK_LEN -
309 sizeof(struct sctp_reconf_chunk))
310 goto out;
311 }
312
313 nstr_list = kcalloc(str_nums, sizeof(__be16), GFP_KERNEL);
314 if (!nstr_list) {
315 retval = -ENOMEM;
316 goto out;
317 }
318
319 for (i = 0; i < str_nums; i++)
320 nstr_list[i] = htons(str_list[i]);
321
322 if (out && !sctp_stream_outq_is_empty(stream, str_nums, nstr_list)) {
323 kfree(nstr_list);
324 retval = -EAGAIN;
325 goto out;
326 }
327
328 chunk = sctp_make_strreset_req(asoc, str_nums, nstr_list, out, in);
329
330 kfree(nstr_list);
331
332 if (!chunk) {
333 retval = -ENOMEM;
334 goto out;
335 }
336
337 if (out) {
338 if (str_nums)
339 for (i = 0; i < str_nums; i++)
340 SCTP_SO(stream, str_list[i])->state =
341 SCTP_STREAM_CLOSED;
342 else
343 for (i = 0; i < stream->outcnt; i++)
344 SCTP_SO(stream, i)->state = SCTP_STREAM_CLOSED;
345 }
346
347 asoc->strreset_chunk = chunk;
348 sctp_chunk_hold(asoc->strreset_chunk);
349
350 retval = sctp_send_reconf(asoc, chunk);
351 if (retval) {
352 sctp_chunk_put(asoc->strreset_chunk);
353 asoc->strreset_chunk = NULL;
354 if (!out)
355 goto out;
356
357 if (str_nums)
358 for (i = 0; i < str_nums; i++)
359 SCTP_SO(stream, str_list[i])->state =
360 SCTP_STREAM_OPEN;
361 else
362 for (i = 0; i < stream->outcnt; i++)
363 SCTP_SO(stream, i)->state = SCTP_STREAM_OPEN;
364
365 goto out;
366 }
367
368 asoc->strreset_outstanding = out + in;
369
370 out:
371 return retval;
372 }
373
sctp_send_reset_assoc(struct sctp_association * asoc)374 int sctp_send_reset_assoc(struct sctp_association *asoc)
375 {
376 struct sctp_stream *stream = &asoc->stream;
377 struct sctp_chunk *chunk = NULL;
378 int retval;
379 __u16 i;
380
381 if (!asoc->peer.reconf_capable ||
382 !(asoc->strreset_enable & SCTP_ENABLE_RESET_ASSOC_REQ))
383 return -ENOPROTOOPT;
384
385 if (asoc->strreset_outstanding)
386 return -EINPROGRESS;
387
388 if (!sctp_outq_is_empty(&asoc->outqueue))
389 return -EAGAIN;
390
391 chunk = sctp_make_strreset_tsnreq(asoc);
392 if (!chunk)
393 return -ENOMEM;
394
395 /* Block further xmit of data until this request is completed */
396 for (i = 0; i < stream->outcnt; i++)
397 SCTP_SO(stream, i)->state = SCTP_STREAM_CLOSED;
398
399 asoc->strreset_chunk = chunk;
400 sctp_chunk_hold(asoc->strreset_chunk);
401
402 retval = sctp_send_reconf(asoc, chunk);
403 if (retval) {
404 sctp_chunk_put(asoc->strreset_chunk);
405 asoc->strreset_chunk = NULL;
406
407 for (i = 0; i < stream->outcnt; i++)
408 SCTP_SO(stream, i)->state = SCTP_STREAM_OPEN;
409
410 return retval;
411 }
412
413 asoc->strreset_outstanding = 1;
414
415 return 0;
416 }
417
sctp_send_add_streams(struct sctp_association * asoc,struct sctp_add_streams * params)418 int sctp_send_add_streams(struct sctp_association *asoc,
419 struct sctp_add_streams *params)
420 {
421 struct sctp_stream *stream = &asoc->stream;
422 struct sctp_chunk *chunk = NULL;
423 int retval;
424 __u32 outcnt, incnt;
425 __u16 out, in;
426
427 if (!asoc->peer.reconf_capable ||
428 !(asoc->strreset_enable & SCTP_ENABLE_CHANGE_ASSOC_REQ)) {
429 retval = -ENOPROTOOPT;
430 goto out;
431 }
432
433 if (asoc->strreset_outstanding) {
434 retval = -EINPROGRESS;
435 goto out;
436 }
437
438 out = params->sas_outstrms;
439 in = params->sas_instrms;
440 outcnt = stream->outcnt + out;
441 incnt = stream->incnt + in;
442 if (outcnt > SCTP_MAX_STREAM || incnt > SCTP_MAX_STREAM ||
443 (!out && !in)) {
444 retval = -EINVAL;
445 goto out;
446 }
447
448 if (out) {
449 retval = sctp_stream_alloc_out(stream, outcnt, GFP_KERNEL);
450 if (retval)
451 goto out;
452 }
453
454 chunk = sctp_make_strreset_addstrm(asoc, out, in);
455 if (!chunk) {
456 retval = -ENOMEM;
457 goto out;
458 }
459
460 asoc->strreset_chunk = chunk;
461 sctp_chunk_hold(asoc->strreset_chunk);
462
463 retval = sctp_send_reconf(asoc, chunk);
464 if (retval) {
465 sctp_chunk_put(asoc->strreset_chunk);
466 asoc->strreset_chunk = NULL;
467 goto out;
468 }
469
470 asoc->strreset_outstanding = !!out + !!in;
471
472 out:
473 return retval;
474 }
475
sctp_chunk_lookup_strreset_param(struct sctp_association * asoc,__be32 resp_seq,__be16 type)476 static struct sctp_paramhdr *sctp_chunk_lookup_strreset_param(
477 struct sctp_association *asoc, __be32 resp_seq,
478 __be16 type)
479 {
480 struct sctp_chunk *chunk = asoc->strreset_chunk;
481 struct sctp_reconf_chunk *hdr;
482 union sctp_params param;
483
484 if (!chunk)
485 return NULL;
486
487 hdr = (struct sctp_reconf_chunk *)chunk->chunk_hdr;
488 sctp_walk_params(param, hdr, params) {
489 /* sctp_strreset_tsnreq is actually the basic structure
490 * of all stream reconf params, so it's safe to use it
491 * to access request_seq.
492 */
493 struct sctp_strreset_tsnreq *req = param.v;
494
495 if ((!resp_seq || req->request_seq == resp_seq) &&
496 (!type || type == req->param_hdr.type))
497 return param.v;
498 }
499
500 return NULL;
501 }
502
sctp_update_strreset_result(struct sctp_association * asoc,__u32 result)503 static void sctp_update_strreset_result(struct sctp_association *asoc,
504 __u32 result)
505 {
506 asoc->strreset_result[1] = asoc->strreset_result[0];
507 asoc->strreset_result[0] = result;
508 }
509
sctp_process_strreset_outreq(struct sctp_association * asoc,union sctp_params param,struct sctp_ulpevent ** evp)510 struct sctp_chunk *sctp_process_strreset_outreq(
511 struct sctp_association *asoc,
512 union sctp_params param,
513 struct sctp_ulpevent **evp)
514 {
515 struct sctp_strreset_outreq *outreq = param.v;
516 struct sctp_stream *stream = &asoc->stream;
517 __u32 result = SCTP_STRRESET_DENIED;
518 __be16 *str_p = NULL;
519 __u32 request_seq;
520 __u16 i, nums;
521
522 request_seq = ntohl(outreq->request_seq);
523
524 if (ntohl(outreq->send_reset_at_tsn) >
525 sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map)) {
526 result = SCTP_STRRESET_IN_PROGRESS;
527 goto err;
528 }
529
530 if (TSN_lt(asoc->strreset_inseq, request_seq) ||
531 TSN_lt(request_seq, asoc->strreset_inseq - 2)) {
532 result = SCTP_STRRESET_ERR_BAD_SEQNO;
533 goto err;
534 } else if (TSN_lt(request_seq, asoc->strreset_inseq)) {
535 i = asoc->strreset_inseq - request_seq - 1;
536 result = asoc->strreset_result[i];
537 goto err;
538 }
539 asoc->strreset_inseq++;
540
541 /* Check strreset_enable after inseq inc, as sender cannot tell
542 * the peer doesn't enable strreset after receiving response with
543 * result denied, as well as to keep consistent with bsd.
544 */
545 if (!(asoc->strreset_enable & SCTP_ENABLE_RESET_STREAM_REQ))
546 goto out;
547
548 nums = (ntohs(param.p->length) - sizeof(*outreq)) / sizeof(__u16);
549 str_p = outreq->list_of_streams;
550 for (i = 0; i < nums; i++) {
551 if (ntohs(str_p[i]) >= stream->incnt) {
552 result = SCTP_STRRESET_ERR_WRONG_SSN;
553 goto out;
554 }
555 }
556
557 if (asoc->strreset_chunk) {
558 if (!sctp_chunk_lookup_strreset_param(
559 asoc, outreq->response_seq,
560 SCTP_PARAM_RESET_IN_REQUEST)) {
561 /* same process with outstanding isn't 0 */
562 result = SCTP_STRRESET_ERR_IN_PROGRESS;
563 goto out;
564 }
565
566 asoc->strreset_outstanding--;
567 asoc->strreset_outseq++;
568
569 if (!asoc->strreset_outstanding) {
570 struct sctp_transport *t;
571
572 t = asoc->strreset_chunk->transport;
573 if (del_timer(&t->reconf_timer))
574 sctp_transport_put(t);
575
576 sctp_chunk_put(asoc->strreset_chunk);
577 asoc->strreset_chunk = NULL;
578 }
579 }
580
581 if (nums)
582 for (i = 0; i < nums; i++)
583 SCTP_SI(stream, ntohs(str_p[i]))->mid = 0;
584 else
585 for (i = 0; i < stream->incnt; i++)
586 SCTP_SI(stream, i)->mid = 0;
587
588 result = SCTP_STRRESET_PERFORMED;
589
590 *evp = sctp_ulpevent_make_stream_reset_event(asoc,
591 SCTP_STREAM_RESET_INCOMING_SSN, nums, str_p, GFP_ATOMIC);
592
593 out:
594 sctp_update_strreset_result(asoc, result);
595 err:
596 return sctp_make_strreset_resp(asoc, result, request_seq);
597 }
598
sctp_process_strreset_inreq(struct sctp_association * asoc,union sctp_params param,struct sctp_ulpevent ** evp)599 struct sctp_chunk *sctp_process_strreset_inreq(
600 struct sctp_association *asoc,
601 union sctp_params param,
602 struct sctp_ulpevent **evp)
603 {
604 struct sctp_strreset_inreq *inreq = param.v;
605 struct sctp_stream *stream = &asoc->stream;
606 __u32 result = SCTP_STRRESET_DENIED;
607 struct sctp_chunk *chunk = NULL;
608 __u32 request_seq;
609 __u16 i, nums;
610 __be16 *str_p;
611
612 request_seq = ntohl(inreq->request_seq);
613 if (TSN_lt(asoc->strreset_inseq, request_seq) ||
614 TSN_lt(request_seq, asoc->strreset_inseq - 2)) {
615 result = SCTP_STRRESET_ERR_BAD_SEQNO;
616 goto err;
617 } else if (TSN_lt(request_seq, asoc->strreset_inseq)) {
618 i = asoc->strreset_inseq - request_seq - 1;
619 result = asoc->strreset_result[i];
620 if (result == SCTP_STRRESET_PERFORMED)
621 return NULL;
622 goto err;
623 }
624 asoc->strreset_inseq++;
625
626 if (!(asoc->strreset_enable & SCTP_ENABLE_RESET_STREAM_REQ))
627 goto out;
628
629 if (asoc->strreset_outstanding) {
630 result = SCTP_STRRESET_ERR_IN_PROGRESS;
631 goto out;
632 }
633
634 nums = (ntohs(param.p->length) - sizeof(*inreq)) / sizeof(__u16);
635 str_p = inreq->list_of_streams;
636 for (i = 0; i < nums; i++) {
637 if (ntohs(str_p[i]) >= stream->outcnt) {
638 result = SCTP_STRRESET_ERR_WRONG_SSN;
639 goto out;
640 }
641 }
642
643 if (!sctp_stream_outq_is_empty(stream, nums, str_p)) {
644 result = SCTP_STRRESET_IN_PROGRESS;
645 asoc->strreset_inseq--;
646 goto err;
647 }
648
649 chunk = sctp_make_strreset_req(asoc, nums, str_p, 1, 0);
650 if (!chunk)
651 goto out;
652
653 if (nums)
654 for (i = 0; i < nums; i++)
655 SCTP_SO(stream, ntohs(str_p[i]))->state =
656 SCTP_STREAM_CLOSED;
657 else
658 for (i = 0; i < stream->outcnt; i++)
659 SCTP_SO(stream, i)->state = SCTP_STREAM_CLOSED;
660
661 asoc->strreset_chunk = chunk;
662 asoc->strreset_outstanding = 1;
663 sctp_chunk_hold(asoc->strreset_chunk);
664
665 result = SCTP_STRRESET_PERFORMED;
666
667 out:
668 sctp_update_strreset_result(asoc, result);
669 err:
670 if (!chunk)
671 chunk = sctp_make_strreset_resp(asoc, result, request_seq);
672
673 return chunk;
674 }
675
sctp_process_strreset_tsnreq(struct sctp_association * asoc,union sctp_params param,struct sctp_ulpevent ** evp)676 struct sctp_chunk *sctp_process_strreset_tsnreq(
677 struct sctp_association *asoc,
678 union sctp_params param,
679 struct sctp_ulpevent **evp)
680 {
681 __u32 init_tsn = 0, next_tsn = 0, max_tsn_seen;
682 struct sctp_strreset_tsnreq *tsnreq = param.v;
683 struct sctp_stream *stream = &asoc->stream;
684 __u32 result = SCTP_STRRESET_DENIED;
685 __u32 request_seq;
686 __u16 i;
687
688 request_seq = ntohl(tsnreq->request_seq);
689 if (TSN_lt(asoc->strreset_inseq, request_seq) ||
690 TSN_lt(request_seq, asoc->strreset_inseq - 2)) {
691 result = SCTP_STRRESET_ERR_BAD_SEQNO;
692 goto err;
693 } else if (TSN_lt(request_seq, asoc->strreset_inseq)) {
694 i = asoc->strreset_inseq - request_seq - 1;
695 result = asoc->strreset_result[i];
696 if (result == SCTP_STRRESET_PERFORMED) {
697 next_tsn = asoc->ctsn_ack_point + 1;
698 init_tsn =
699 sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map) + 1;
700 }
701 goto err;
702 }
703
704 if (!sctp_outq_is_empty(&asoc->outqueue)) {
705 result = SCTP_STRRESET_IN_PROGRESS;
706 goto err;
707 }
708
709 asoc->strreset_inseq++;
710
711 if (!(asoc->strreset_enable & SCTP_ENABLE_RESET_ASSOC_REQ))
712 goto out;
713
714 if (asoc->strreset_outstanding) {
715 result = SCTP_STRRESET_ERR_IN_PROGRESS;
716 goto out;
717 }
718
719 /* G4: The same processing as though a FWD-TSN chunk (as defined in
720 * [RFC3758]) with all streams affected and a new cumulative TSN
721 * ACK of the Receiver's Next TSN minus 1 were received MUST be
722 * performed.
723 */
724 max_tsn_seen = sctp_tsnmap_get_max_tsn_seen(&asoc->peer.tsn_map);
725 asoc->stream.si->report_ftsn(&asoc->ulpq, max_tsn_seen);
726
727 /* G1: Compute an appropriate value for the Receiver's Next TSN -- the
728 * TSN that the peer should use to send the next DATA chunk. The
729 * value SHOULD be the smallest TSN not acknowledged by the
730 * receiver of the request plus 2^31.
731 */
732 init_tsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map) + (1 << 31);
733 sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
734 init_tsn, GFP_ATOMIC);
735
736 /* G3: The same processing as though a SACK chunk with no gap report
737 * and a cumulative TSN ACK of the Sender's Next TSN minus 1 were
738 * received MUST be performed.
739 */
740 sctp_outq_free(&asoc->outqueue);
741
742 /* G2: Compute an appropriate value for the local endpoint's next TSN,
743 * i.e., the next TSN assigned by the receiver of the SSN/TSN reset
744 * chunk. The value SHOULD be the highest TSN sent by the receiver
745 * of the request plus 1.
746 */
747 next_tsn = asoc->next_tsn;
748 asoc->ctsn_ack_point = next_tsn - 1;
749 asoc->adv_peer_ack_point = asoc->ctsn_ack_point;
750
751 /* G5: The next expected and outgoing SSNs MUST be reset to 0 for all
752 * incoming and outgoing streams.
753 */
754 for (i = 0; i < stream->outcnt; i++) {
755 SCTP_SO(stream, i)->mid = 0;
756 SCTP_SO(stream, i)->mid_uo = 0;
757 }
758 for (i = 0; i < stream->incnt; i++)
759 SCTP_SI(stream, i)->mid = 0;
760
761 result = SCTP_STRRESET_PERFORMED;
762
763 *evp = sctp_ulpevent_make_assoc_reset_event(asoc, 0, init_tsn,
764 next_tsn, GFP_ATOMIC);
765
766 out:
767 sctp_update_strreset_result(asoc, result);
768 err:
769 return sctp_make_strreset_tsnresp(asoc, result, request_seq,
770 next_tsn, init_tsn);
771 }
772
sctp_process_strreset_addstrm_out(struct sctp_association * asoc,union sctp_params param,struct sctp_ulpevent ** evp)773 struct sctp_chunk *sctp_process_strreset_addstrm_out(
774 struct sctp_association *asoc,
775 union sctp_params param,
776 struct sctp_ulpevent **evp)
777 {
778 struct sctp_strreset_addstrm *addstrm = param.v;
779 struct sctp_stream *stream = &asoc->stream;
780 __u32 result = SCTP_STRRESET_DENIED;
781 __u32 request_seq, incnt;
782 __u16 in, i;
783
784 request_seq = ntohl(addstrm->request_seq);
785 if (TSN_lt(asoc->strreset_inseq, request_seq) ||
786 TSN_lt(request_seq, asoc->strreset_inseq - 2)) {
787 result = SCTP_STRRESET_ERR_BAD_SEQNO;
788 goto err;
789 } else if (TSN_lt(request_seq, asoc->strreset_inseq)) {
790 i = asoc->strreset_inseq - request_seq - 1;
791 result = asoc->strreset_result[i];
792 goto err;
793 }
794 asoc->strreset_inseq++;
795
796 if (!(asoc->strreset_enable & SCTP_ENABLE_CHANGE_ASSOC_REQ))
797 goto out;
798
799 in = ntohs(addstrm->number_of_streams);
800 incnt = stream->incnt + in;
801 if (!in || incnt > SCTP_MAX_STREAM)
802 goto out;
803
804 if (sctp_stream_alloc_in(stream, incnt, GFP_ATOMIC))
805 goto out;
806
807 if (asoc->strreset_chunk) {
808 if (!sctp_chunk_lookup_strreset_param(
809 asoc, 0, SCTP_PARAM_RESET_ADD_IN_STREAMS)) {
810 /* same process with outstanding isn't 0 */
811 result = SCTP_STRRESET_ERR_IN_PROGRESS;
812 goto out;
813 }
814
815 asoc->strreset_outstanding--;
816 asoc->strreset_outseq++;
817
818 if (!asoc->strreset_outstanding) {
819 struct sctp_transport *t;
820
821 t = asoc->strreset_chunk->transport;
822 if (del_timer(&t->reconf_timer))
823 sctp_transport_put(t);
824
825 sctp_chunk_put(asoc->strreset_chunk);
826 asoc->strreset_chunk = NULL;
827 }
828 }
829
830 stream->incnt = incnt;
831
832 result = SCTP_STRRESET_PERFORMED;
833
834 *evp = sctp_ulpevent_make_stream_change_event(asoc,
835 0, ntohs(addstrm->number_of_streams), 0, GFP_ATOMIC);
836
837 out:
838 sctp_update_strreset_result(asoc, result);
839 err:
840 return sctp_make_strreset_resp(asoc, result, request_seq);
841 }
842
sctp_process_strreset_addstrm_in(struct sctp_association * asoc,union sctp_params param,struct sctp_ulpevent ** evp)843 struct sctp_chunk *sctp_process_strreset_addstrm_in(
844 struct sctp_association *asoc,
845 union sctp_params param,
846 struct sctp_ulpevent **evp)
847 {
848 struct sctp_strreset_addstrm *addstrm = param.v;
849 struct sctp_stream *stream = &asoc->stream;
850 __u32 result = SCTP_STRRESET_DENIED;
851 struct sctp_chunk *chunk = NULL;
852 __u32 request_seq, outcnt;
853 __u16 out, i;
854 int ret;
855
856 request_seq = ntohl(addstrm->request_seq);
857 if (TSN_lt(asoc->strreset_inseq, request_seq) ||
858 TSN_lt(request_seq, asoc->strreset_inseq - 2)) {
859 result = SCTP_STRRESET_ERR_BAD_SEQNO;
860 goto err;
861 } else if (TSN_lt(request_seq, asoc->strreset_inseq)) {
862 i = asoc->strreset_inseq - request_seq - 1;
863 result = asoc->strreset_result[i];
864 if (result == SCTP_STRRESET_PERFORMED)
865 return NULL;
866 goto err;
867 }
868 asoc->strreset_inseq++;
869
870 if (!(asoc->strreset_enable & SCTP_ENABLE_CHANGE_ASSOC_REQ))
871 goto out;
872
873 if (asoc->strreset_outstanding) {
874 result = SCTP_STRRESET_ERR_IN_PROGRESS;
875 goto out;
876 }
877
878 out = ntohs(addstrm->number_of_streams);
879 outcnt = stream->outcnt + out;
880 if (!out || outcnt > SCTP_MAX_STREAM)
881 goto out;
882
883 ret = sctp_stream_alloc_out(stream, outcnt, GFP_ATOMIC);
884 if (ret)
885 goto out;
886
887 chunk = sctp_make_strreset_addstrm(asoc, out, 0);
888 if (!chunk)
889 goto out;
890
891 asoc->strreset_chunk = chunk;
892 asoc->strreset_outstanding = 1;
893 sctp_chunk_hold(asoc->strreset_chunk);
894
895 stream->outcnt = outcnt;
896
897 result = SCTP_STRRESET_PERFORMED;
898
899 out:
900 sctp_update_strreset_result(asoc, result);
901 err:
902 if (!chunk)
903 chunk = sctp_make_strreset_resp(asoc, result, request_seq);
904
905 return chunk;
906 }
907
sctp_process_strreset_resp(struct sctp_association * asoc,union sctp_params param,struct sctp_ulpevent ** evp)908 struct sctp_chunk *sctp_process_strreset_resp(
909 struct sctp_association *asoc,
910 union sctp_params param,
911 struct sctp_ulpevent **evp)
912 {
913 struct sctp_stream *stream = &asoc->stream;
914 struct sctp_strreset_resp *resp = param.v;
915 struct sctp_transport *t;
916 __u16 i, nums, flags = 0;
917 struct sctp_paramhdr *req;
918 __u32 result;
919
920 req = sctp_chunk_lookup_strreset_param(asoc, resp->response_seq, 0);
921 if (!req)
922 return NULL;
923
924 result = ntohl(resp->result);
925 if (result != SCTP_STRRESET_PERFORMED) {
926 /* if in progress, do nothing but retransmit */
927 if (result == SCTP_STRRESET_IN_PROGRESS)
928 return NULL;
929 else if (result == SCTP_STRRESET_DENIED)
930 flags = SCTP_STREAM_RESET_DENIED;
931 else
932 flags = SCTP_STREAM_RESET_FAILED;
933 }
934
935 if (req->type == SCTP_PARAM_RESET_OUT_REQUEST) {
936 struct sctp_strreset_outreq *outreq;
937 __be16 *str_p;
938
939 outreq = (struct sctp_strreset_outreq *)req;
940 str_p = outreq->list_of_streams;
941 nums = (ntohs(outreq->param_hdr.length) - sizeof(*outreq)) /
942 sizeof(__u16);
943
944 if (result == SCTP_STRRESET_PERFORMED) {
945 struct sctp_stream_out *sout;
946 if (nums) {
947 for (i = 0; i < nums; i++) {
948 sout = SCTP_SO(stream, ntohs(str_p[i]));
949 sout->mid = 0;
950 sout->mid_uo = 0;
951 }
952 } else {
953 for (i = 0; i < stream->outcnt; i++) {
954 sout = SCTP_SO(stream, i);
955 sout->mid = 0;
956 sout->mid_uo = 0;
957 }
958 }
959 }
960
961 flags |= SCTP_STREAM_RESET_OUTGOING_SSN;
962
963 for (i = 0; i < stream->outcnt; i++)
964 SCTP_SO(stream, i)->state = SCTP_STREAM_OPEN;
965
966 *evp = sctp_ulpevent_make_stream_reset_event(asoc, flags,
967 nums, str_p, GFP_ATOMIC);
968 } else if (req->type == SCTP_PARAM_RESET_IN_REQUEST) {
969 struct sctp_strreset_inreq *inreq;
970 __be16 *str_p;
971
972 /* if the result is performed, it's impossible for inreq */
973 if (result == SCTP_STRRESET_PERFORMED)
974 return NULL;
975
976 inreq = (struct sctp_strreset_inreq *)req;
977 str_p = inreq->list_of_streams;
978 nums = (ntohs(inreq->param_hdr.length) - sizeof(*inreq)) /
979 sizeof(__u16);
980
981 flags |= SCTP_STREAM_RESET_INCOMING_SSN;
982
983 *evp = sctp_ulpevent_make_stream_reset_event(asoc, flags,
984 nums, str_p, GFP_ATOMIC);
985 } else if (req->type == SCTP_PARAM_RESET_TSN_REQUEST) {
986 struct sctp_strreset_resptsn *resptsn;
987 __u32 stsn, rtsn;
988
989 /* check for resptsn, as sctp_verify_reconf didn't do it*/
990 if (ntohs(param.p->length) != sizeof(*resptsn))
991 return NULL;
992
993 resptsn = (struct sctp_strreset_resptsn *)resp;
994 stsn = ntohl(resptsn->senders_next_tsn);
995 rtsn = ntohl(resptsn->receivers_next_tsn);
996
997 if (result == SCTP_STRRESET_PERFORMED) {
998 __u32 mtsn = sctp_tsnmap_get_max_tsn_seen(
999 &asoc->peer.tsn_map);
1000 LIST_HEAD(temp);
1001
1002 asoc->stream.si->report_ftsn(&asoc->ulpq, mtsn);
1003
1004 sctp_tsnmap_init(&asoc->peer.tsn_map,
1005 SCTP_TSN_MAP_INITIAL,
1006 stsn, GFP_ATOMIC);
1007
1008 /* Clean up sacked and abandoned queues only. As the
1009 * out_chunk_list may not be empty, splice it to temp,
1010 * then get it back after sctp_outq_free is done.
1011 */
1012 list_splice_init(&asoc->outqueue.out_chunk_list, &temp);
1013 sctp_outq_free(&asoc->outqueue);
1014 list_splice_init(&temp, &asoc->outqueue.out_chunk_list);
1015
1016 asoc->next_tsn = rtsn;
1017 asoc->ctsn_ack_point = asoc->next_tsn - 1;
1018 asoc->adv_peer_ack_point = asoc->ctsn_ack_point;
1019
1020 for (i = 0; i < stream->outcnt; i++) {
1021 SCTP_SO(stream, i)->mid = 0;
1022 SCTP_SO(stream, i)->mid_uo = 0;
1023 }
1024 for (i = 0; i < stream->incnt; i++)
1025 SCTP_SI(stream, i)->mid = 0;
1026 }
1027
1028 for (i = 0; i < stream->outcnt; i++)
1029 SCTP_SO(stream, i)->state = SCTP_STREAM_OPEN;
1030
1031 *evp = sctp_ulpevent_make_assoc_reset_event(asoc, flags,
1032 stsn, rtsn, GFP_ATOMIC);
1033 } else if (req->type == SCTP_PARAM_RESET_ADD_OUT_STREAMS) {
1034 struct sctp_strreset_addstrm *addstrm;
1035 __u16 number;
1036
1037 addstrm = (struct sctp_strreset_addstrm *)req;
1038 nums = ntohs(addstrm->number_of_streams);
1039 number = stream->outcnt - nums;
1040
1041 if (result == SCTP_STRRESET_PERFORMED)
1042 for (i = number; i < stream->outcnt; i++)
1043 SCTP_SO(stream, i)->state = SCTP_STREAM_OPEN;
1044 else
1045 stream->outcnt = number;
1046
1047 *evp = sctp_ulpevent_make_stream_change_event(asoc, flags,
1048 0, nums, GFP_ATOMIC);
1049 } else if (req->type == SCTP_PARAM_RESET_ADD_IN_STREAMS) {
1050 struct sctp_strreset_addstrm *addstrm;
1051
1052 /* if the result is performed, it's impossible for addstrm in
1053 * request.
1054 */
1055 if (result == SCTP_STRRESET_PERFORMED)
1056 return NULL;
1057
1058 addstrm = (struct sctp_strreset_addstrm *)req;
1059 nums = ntohs(addstrm->number_of_streams);
1060
1061 *evp = sctp_ulpevent_make_stream_change_event(asoc, flags,
1062 nums, 0, GFP_ATOMIC);
1063 }
1064
1065 asoc->strreset_outstanding--;
1066 asoc->strreset_outseq++;
1067
1068 /* remove everything for this reconf request */
1069 if (!asoc->strreset_outstanding) {
1070 t = asoc->strreset_chunk->transport;
1071 if (del_timer(&t->reconf_timer))
1072 sctp_transport_put(t);
1073
1074 sctp_chunk_put(asoc->strreset_chunk);
1075 asoc->strreset_chunk = NULL;
1076 }
1077
1078 return NULL;
1079 }
1080