1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* SCTP kernel implementation
3 * (C) Copyright IBM Corp. 2001, 2004
4 * Copyright (c) 1999-2000 Cisco, Inc.
5 * Copyright (c) 1999-2001 Motorola, Inc.
6 * Copyright (c) 2001 Intel Corp.
7 * Copyright (c) 2001 Nokia, Inc.
8 * Copyright (c) 2001 La Monte H.P. Yarroll
9 *
10 * This abstraction carries sctp events to the ULP (sockets).
11 *
12 * Please send any bug reports or fixes you make to the
13 * email address(es):
14 * lksctp developers <linux-sctp@vger.kernel.org>
15 *
16 * Written or modified by:
17 * Jon Grimm <jgrimm@us.ibm.com>
18 * La Monte H.P. Yarroll <piggy@acm.org>
19 * Sridhar Samudrala <sri@us.ibm.com>
20 */
21
22 #include <linux/slab.h>
23 #include <linux/types.h>
24 #include <linux/skbuff.h>
25 #include <net/sock.h>
26 #include <net/busy_poll.h>
27 #include <net/sctp/structs.h>
28 #include <net/sctp/sctp.h>
29 #include <net/sctp/sm.h>
30
31 /* Forward declarations for internal helpers. */
32 static struct sctp_ulpevent *sctp_ulpq_reasm(struct sctp_ulpq *ulpq,
33 struct sctp_ulpevent *);
34 static struct sctp_ulpevent *sctp_ulpq_order(struct sctp_ulpq *,
35 struct sctp_ulpevent *);
36 static void sctp_ulpq_reasm_drain(struct sctp_ulpq *ulpq);
37
38 /* 1st Level Abstractions */
39
40 /* Initialize a ULP queue from a block of memory. */
sctp_ulpq_init(struct sctp_ulpq * ulpq,struct sctp_association * asoc)41 struct sctp_ulpq *sctp_ulpq_init(struct sctp_ulpq *ulpq,
42 struct sctp_association *asoc)
43 {
44 memset(ulpq, 0, sizeof(struct sctp_ulpq));
45
46 ulpq->asoc = asoc;
47 skb_queue_head_init(&ulpq->reasm);
48 skb_queue_head_init(&ulpq->reasm_uo);
49 skb_queue_head_init(&ulpq->lobby);
50 ulpq->pd_mode = 0;
51
52 return ulpq;
53 }
54
55
56 /* Flush the reassembly and ordering queues. */
sctp_ulpq_flush(struct sctp_ulpq * ulpq)57 void sctp_ulpq_flush(struct sctp_ulpq *ulpq)
58 {
59 struct sk_buff *skb;
60 struct sctp_ulpevent *event;
61
62 while ((skb = __skb_dequeue(&ulpq->lobby)) != NULL) {
63 event = sctp_skb2event(skb);
64 sctp_ulpevent_free(event);
65 }
66
67 while ((skb = __skb_dequeue(&ulpq->reasm)) != NULL) {
68 event = sctp_skb2event(skb);
69 sctp_ulpevent_free(event);
70 }
71
72 while ((skb = __skb_dequeue(&ulpq->reasm_uo)) != NULL) {
73 event = sctp_skb2event(skb);
74 sctp_ulpevent_free(event);
75 }
76 }
77
78 /* Dispose of a ulpqueue. */
sctp_ulpq_free(struct sctp_ulpq * ulpq)79 void sctp_ulpq_free(struct sctp_ulpq *ulpq)
80 {
81 sctp_ulpq_flush(ulpq);
82 }
83
84 /* Process an incoming DATA chunk. */
sctp_ulpq_tail_data(struct sctp_ulpq * ulpq,struct sctp_chunk * chunk,gfp_t gfp)85 int sctp_ulpq_tail_data(struct sctp_ulpq *ulpq, struct sctp_chunk *chunk,
86 gfp_t gfp)
87 {
88 struct sk_buff_head temp;
89 struct sctp_ulpevent *event;
90 int event_eor = 0;
91
92 /* Create an event from the incoming chunk. */
93 event = sctp_ulpevent_make_rcvmsg(chunk->asoc, chunk, gfp);
94 if (!event)
95 return -ENOMEM;
96
97 event->ssn = ntohs(chunk->subh.data_hdr->ssn);
98 event->ppid = chunk->subh.data_hdr->ppid;
99
100 /* Do reassembly if needed. */
101 event = sctp_ulpq_reasm(ulpq, event);
102
103 /* Do ordering if needed. */
104 if (event) {
105 /* Create a temporary list to collect chunks on. */
106 skb_queue_head_init(&temp);
107 __skb_queue_tail(&temp, sctp_event2skb(event));
108
109 if (event->msg_flags & MSG_EOR)
110 event = sctp_ulpq_order(ulpq, event);
111 }
112
113 /* Send event to the ULP. 'event' is the sctp_ulpevent for
114 * very first SKB on the 'temp' list.
115 */
116 if (event) {
117 event_eor = (event->msg_flags & MSG_EOR) ? 1 : 0;
118 sctp_ulpq_tail_event(ulpq, &temp);
119 }
120
121 return event_eor;
122 }
123
124 /* Add a new event for propagation to the ULP. */
125 /* Clear the partial delivery mode for this socket. Note: This
126 * assumes that no association is currently in partial delivery mode.
127 */
sctp_clear_pd(struct sock * sk,struct sctp_association * asoc)128 int sctp_clear_pd(struct sock *sk, struct sctp_association *asoc)
129 {
130 struct sctp_sock *sp = sctp_sk(sk);
131
132 if (atomic_dec_and_test(&sp->pd_mode)) {
133 /* This means there are no other associations in PD, so
134 * we can go ahead and clear out the lobby in one shot
135 */
136 if (!skb_queue_empty(&sp->pd_lobby)) {
137 skb_queue_splice_tail_init(&sp->pd_lobby,
138 &sk->sk_receive_queue);
139 return 1;
140 }
141 } else {
142 /* There are other associations in PD, so we only need to
143 * pull stuff out of the lobby that belongs to the
144 * associations that is exiting PD (all of its notifications
145 * are posted here).
146 */
147 if (!skb_queue_empty(&sp->pd_lobby) && asoc) {
148 struct sk_buff *skb, *tmp;
149 struct sctp_ulpevent *event;
150
151 sctp_skb_for_each(skb, &sp->pd_lobby, tmp) {
152 event = sctp_skb2event(skb);
153 if (event->asoc == asoc) {
154 __skb_unlink(skb, &sp->pd_lobby);
155 __skb_queue_tail(&sk->sk_receive_queue,
156 skb);
157 }
158 }
159 }
160 }
161
162 return 0;
163 }
164
165 /* Set the pd_mode on the socket and ulpq */
sctp_ulpq_set_pd(struct sctp_ulpq * ulpq)166 static void sctp_ulpq_set_pd(struct sctp_ulpq *ulpq)
167 {
168 struct sctp_sock *sp = sctp_sk(ulpq->asoc->base.sk);
169
170 atomic_inc(&sp->pd_mode);
171 ulpq->pd_mode = 1;
172 }
173
174 /* Clear the pd_mode and restart any pending messages waiting for delivery. */
sctp_ulpq_clear_pd(struct sctp_ulpq * ulpq)175 static int sctp_ulpq_clear_pd(struct sctp_ulpq *ulpq)
176 {
177 ulpq->pd_mode = 0;
178 sctp_ulpq_reasm_drain(ulpq);
179 return sctp_clear_pd(ulpq->asoc->base.sk, ulpq->asoc);
180 }
181
sctp_ulpq_tail_event(struct sctp_ulpq * ulpq,struct sk_buff_head * skb_list)182 int sctp_ulpq_tail_event(struct sctp_ulpq *ulpq, struct sk_buff_head *skb_list)
183 {
184 struct sock *sk = ulpq->asoc->base.sk;
185 struct sctp_sock *sp = sctp_sk(sk);
186 struct sctp_ulpevent *event;
187 struct sk_buff_head *queue;
188 struct sk_buff *skb;
189 int clear_pd = 0;
190
191 skb = __skb_peek(skb_list);
192 event = sctp_skb2event(skb);
193
194 /* If the socket is just going to throw this away, do not
195 * even try to deliver it.
196 */
197 if (sk->sk_shutdown & RCV_SHUTDOWN &&
198 (sk->sk_shutdown & SEND_SHUTDOWN ||
199 !sctp_ulpevent_is_notification(event)))
200 goto out_free;
201
202 if (!sctp_ulpevent_is_notification(event)) {
203 sk_mark_napi_id(sk, skb);
204 sk_incoming_cpu_update(sk);
205 }
206 /* Check if the user wishes to receive this event. */
207 if (!sctp_ulpevent_is_enabled(event, ulpq->asoc->subscribe))
208 goto out_free;
209
210 /* If we are in partial delivery mode, post to the lobby until
211 * partial delivery is cleared, unless, of course _this_ is
212 * the association the cause of the partial delivery.
213 */
214
215 if (atomic_read(&sp->pd_mode) == 0) {
216 queue = &sk->sk_receive_queue;
217 } else {
218 if (ulpq->pd_mode) {
219 /* If the association is in partial delivery, we
220 * need to finish delivering the partially processed
221 * packet before passing any other data. This is
222 * because we don't truly support stream interleaving.
223 */
224 if ((event->msg_flags & MSG_NOTIFICATION) ||
225 (SCTP_DATA_NOT_FRAG ==
226 (event->msg_flags & SCTP_DATA_FRAG_MASK)))
227 queue = &sp->pd_lobby;
228 else {
229 clear_pd = event->msg_flags & MSG_EOR;
230 queue = &sk->sk_receive_queue;
231 }
232 } else {
233 /*
234 * If fragment interleave is enabled, we
235 * can queue this to the receive queue instead
236 * of the lobby.
237 */
238 if (sp->frag_interleave)
239 queue = &sk->sk_receive_queue;
240 else
241 queue = &sp->pd_lobby;
242 }
243 }
244
245 skb_queue_splice_tail_init(skb_list, queue);
246
247 /* Did we just complete partial delivery and need to get
248 * rolling again? Move pending data to the receive
249 * queue.
250 */
251 if (clear_pd)
252 sctp_ulpq_clear_pd(ulpq);
253
254 if (queue == &sk->sk_receive_queue && !sp->data_ready_signalled) {
255 if (!sock_owned_by_user(sk))
256 sp->data_ready_signalled = 1;
257 sk->sk_data_ready(sk);
258 }
259 return 1;
260
261 out_free:
262 if (skb_list)
263 sctp_queue_purge_ulpevents(skb_list);
264 else
265 sctp_ulpevent_free(event);
266
267 return 0;
268 }
269
270 /* 2nd Level Abstractions */
271
272 /* Helper function to store chunks that need to be reassembled. */
sctp_ulpq_store_reasm(struct sctp_ulpq * ulpq,struct sctp_ulpevent * event)273 static void sctp_ulpq_store_reasm(struct sctp_ulpq *ulpq,
274 struct sctp_ulpevent *event)
275 {
276 struct sk_buff *pos;
277 struct sctp_ulpevent *cevent;
278 __u32 tsn, ctsn;
279
280 tsn = event->tsn;
281
282 /* See if it belongs at the end. */
283 pos = skb_peek_tail(&ulpq->reasm);
284 if (!pos) {
285 __skb_queue_tail(&ulpq->reasm, sctp_event2skb(event));
286 return;
287 }
288
289 /* Short circuit just dropping it at the end. */
290 cevent = sctp_skb2event(pos);
291 ctsn = cevent->tsn;
292 if (TSN_lt(ctsn, tsn)) {
293 __skb_queue_tail(&ulpq->reasm, sctp_event2skb(event));
294 return;
295 }
296
297 /* Find the right place in this list. We store them by TSN. */
298 skb_queue_walk(&ulpq->reasm, pos) {
299 cevent = sctp_skb2event(pos);
300 ctsn = cevent->tsn;
301
302 if (TSN_lt(tsn, ctsn))
303 break;
304 }
305
306 /* Insert before pos. */
307 __skb_queue_before(&ulpq->reasm, pos, sctp_event2skb(event));
308
309 }
310
311 /* Helper function to return an event corresponding to the reassembled
312 * datagram.
313 * This routine creates a re-assembled skb given the first and last skb's
314 * as stored in the reassembly queue. The skb's may be non-linear if the sctp
315 * payload was fragmented on the way and ip had to reassemble them.
316 * We add the rest of skb's to the first skb's fraglist.
317 */
sctp_make_reassembled_event(struct net * net,struct sk_buff_head * queue,struct sk_buff * f_frag,struct sk_buff * l_frag)318 struct sctp_ulpevent *sctp_make_reassembled_event(struct net *net,
319 struct sk_buff_head *queue,
320 struct sk_buff *f_frag,
321 struct sk_buff *l_frag)
322 {
323 struct sk_buff *pos;
324 struct sk_buff *new = NULL;
325 struct sctp_ulpevent *event;
326 struct sk_buff *pnext, *last;
327 struct sk_buff *list = skb_shinfo(f_frag)->frag_list;
328
329 /* Store the pointer to the 2nd skb */
330 if (f_frag == l_frag)
331 pos = NULL;
332 else
333 pos = f_frag->next;
334
335 /* Get the last skb in the f_frag's frag_list if present. */
336 for (last = list; list; last = list, list = list->next)
337 ;
338
339 /* Add the list of remaining fragments to the first fragments
340 * frag_list.
341 */
342 if (last)
343 last->next = pos;
344 else {
345 if (skb_cloned(f_frag)) {
346 /* This is a cloned skb, we can't just modify
347 * the frag_list. We need a new skb to do that.
348 * Instead of calling skb_unshare(), we'll do it
349 * ourselves since we need to delay the free.
350 */
351 new = skb_copy(f_frag, GFP_ATOMIC);
352 if (!new)
353 return NULL; /* try again later */
354
355 sctp_skb_set_owner_r(new, f_frag->sk);
356
357 skb_shinfo(new)->frag_list = pos;
358 } else
359 skb_shinfo(f_frag)->frag_list = pos;
360 }
361
362 /* Remove the first fragment from the reassembly queue. */
363 __skb_unlink(f_frag, queue);
364
365 /* if we did unshare, then free the old skb and re-assign */
366 if (new) {
367 kfree_skb(f_frag);
368 f_frag = new;
369 }
370
371 while (pos) {
372
373 pnext = pos->next;
374
375 /* Update the len and data_len fields of the first fragment. */
376 f_frag->len += pos->len;
377 f_frag->data_len += pos->len;
378
379 /* Remove the fragment from the reassembly queue. */
380 __skb_unlink(pos, queue);
381
382 /* Break if we have reached the last fragment. */
383 if (pos == l_frag)
384 break;
385 pos->next = pnext;
386 pos = pnext;
387 }
388
389 event = sctp_skb2event(f_frag);
390 SCTP_INC_STATS(net, SCTP_MIB_REASMUSRMSGS);
391
392 return event;
393 }
394
395
396 /* Helper function to check if an incoming chunk has filled up the last
397 * missing fragment in a SCTP datagram and return the corresponding event.
398 */
sctp_ulpq_retrieve_reassembled(struct sctp_ulpq * ulpq)399 static struct sctp_ulpevent *sctp_ulpq_retrieve_reassembled(struct sctp_ulpq *ulpq)
400 {
401 struct sk_buff *pos;
402 struct sctp_ulpevent *cevent;
403 struct sk_buff *first_frag = NULL;
404 __u32 ctsn, next_tsn;
405 struct sctp_ulpevent *retval = NULL;
406 struct sk_buff *pd_first = NULL;
407 struct sk_buff *pd_last = NULL;
408 size_t pd_len = 0;
409 struct sctp_association *asoc;
410 u32 pd_point;
411
412 /* Initialized to 0 just to avoid compiler warning message. Will
413 * never be used with this value. It is referenced only after it
414 * is set when we find the first fragment of a message.
415 */
416 next_tsn = 0;
417
418 /* The chunks are held in the reasm queue sorted by TSN.
419 * Walk through the queue sequentially and look for a sequence of
420 * fragmented chunks that complete a datagram.
421 * 'first_frag' and next_tsn are reset when we find a chunk which
422 * is the first fragment of a datagram. Once these 2 fields are set
423 * we expect to find the remaining middle fragments and the last
424 * fragment in order. If not, first_frag is reset to NULL and we
425 * start the next pass when we find another first fragment.
426 *
427 * There is a potential to do partial delivery if user sets
428 * SCTP_PARTIAL_DELIVERY_POINT option. Lets count some things here
429 * to see if can do PD.
430 */
431 skb_queue_walk(&ulpq->reasm, pos) {
432 cevent = sctp_skb2event(pos);
433 ctsn = cevent->tsn;
434
435 switch (cevent->msg_flags & SCTP_DATA_FRAG_MASK) {
436 case SCTP_DATA_FIRST_FRAG:
437 /* If this "FIRST_FRAG" is the first
438 * element in the queue, then count it towards
439 * possible PD.
440 */
441 if (skb_queue_is_first(&ulpq->reasm, pos)) {
442 pd_first = pos;
443 pd_last = pos;
444 pd_len = pos->len;
445 } else {
446 pd_first = NULL;
447 pd_last = NULL;
448 pd_len = 0;
449 }
450
451 first_frag = pos;
452 next_tsn = ctsn + 1;
453 break;
454
455 case SCTP_DATA_MIDDLE_FRAG:
456 if ((first_frag) && (ctsn == next_tsn)) {
457 next_tsn++;
458 if (pd_first) {
459 pd_last = pos;
460 pd_len += pos->len;
461 }
462 } else
463 first_frag = NULL;
464 break;
465
466 case SCTP_DATA_LAST_FRAG:
467 if (first_frag && (ctsn == next_tsn))
468 goto found;
469 else
470 first_frag = NULL;
471 break;
472 }
473 }
474
475 asoc = ulpq->asoc;
476 if (pd_first) {
477 /* Make sure we can enter partial deliver.
478 * We can trigger partial delivery only if framgent
479 * interleave is set, or the socket is not already
480 * in partial delivery.
481 */
482 if (!sctp_sk(asoc->base.sk)->frag_interleave &&
483 atomic_read(&sctp_sk(asoc->base.sk)->pd_mode))
484 goto done;
485
486 cevent = sctp_skb2event(pd_first);
487 pd_point = sctp_sk(asoc->base.sk)->pd_point;
488 if (pd_point && pd_point <= pd_len) {
489 retval = sctp_make_reassembled_event(sock_net(asoc->base.sk),
490 &ulpq->reasm,
491 pd_first,
492 pd_last);
493 if (retval)
494 sctp_ulpq_set_pd(ulpq);
495 }
496 }
497 done:
498 return retval;
499 found:
500 retval = sctp_make_reassembled_event(sock_net(ulpq->asoc->base.sk),
501 &ulpq->reasm, first_frag, pos);
502 if (retval)
503 retval->msg_flags |= MSG_EOR;
504 goto done;
505 }
506
507 /* Retrieve the next set of fragments of a partial message. */
sctp_ulpq_retrieve_partial(struct sctp_ulpq * ulpq)508 static struct sctp_ulpevent *sctp_ulpq_retrieve_partial(struct sctp_ulpq *ulpq)
509 {
510 struct sk_buff *pos, *last_frag, *first_frag;
511 struct sctp_ulpevent *cevent;
512 __u32 ctsn, next_tsn;
513 int is_last;
514 struct sctp_ulpevent *retval;
515
516 /* The chunks are held in the reasm queue sorted by TSN.
517 * Walk through the queue sequentially and look for the first
518 * sequence of fragmented chunks.
519 */
520
521 if (skb_queue_empty(&ulpq->reasm))
522 return NULL;
523
524 last_frag = first_frag = NULL;
525 retval = NULL;
526 next_tsn = 0;
527 is_last = 0;
528
529 skb_queue_walk(&ulpq->reasm, pos) {
530 cevent = sctp_skb2event(pos);
531 ctsn = cevent->tsn;
532
533 switch (cevent->msg_flags & SCTP_DATA_FRAG_MASK) {
534 case SCTP_DATA_FIRST_FRAG:
535 if (!first_frag)
536 return NULL;
537 goto done;
538 case SCTP_DATA_MIDDLE_FRAG:
539 if (!first_frag) {
540 first_frag = pos;
541 next_tsn = ctsn + 1;
542 last_frag = pos;
543 } else if (next_tsn == ctsn) {
544 next_tsn++;
545 last_frag = pos;
546 } else
547 goto done;
548 break;
549 case SCTP_DATA_LAST_FRAG:
550 if (!first_frag)
551 first_frag = pos;
552 else if (ctsn != next_tsn)
553 goto done;
554 last_frag = pos;
555 is_last = 1;
556 goto done;
557 default:
558 return NULL;
559 }
560 }
561
562 /* We have the reassembled event. There is no need to look
563 * further.
564 */
565 done:
566 retval = sctp_make_reassembled_event(sock_net(ulpq->asoc->base.sk),
567 &ulpq->reasm, first_frag, last_frag);
568 if (retval && is_last)
569 retval->msg_flags |= MSG_EOR;
570
571 return retval;
572 }
573
574
575 /* Helper function to reassemble chunks. Hold chunks on the reasm queue that
576 * need reassembling.
577 */
sctp_ulpq_reasm(struct sctp_ulpq * ulpq,struct sctp_ulpevent * event)578 static struct sctp_ulpevent *sctp_ulpq_reasm(struct sctp_ulpq *ulpq,
579 struct sctp_ulpevent *event)
580 {
581 struct sctp_ulpevent *retval = NULL;
582
583 /* Check if this is part of a fragmented message. */
584 if (SCTP_DATA_NOT_FRAG == (event->msg_flags & SCTP_DATA_FRAG_MASK)) {
585 event->msg_flags |= MSG_EOR;
586 return event;
587 }
588
589 sctp_ulpq_store_reasm(ulpq, event);
590 if (!ulpq->pd_mode)
591 retval = sctp_ulpq_retrieve_reassembled(ulpq);
592 else {
593 __u32 ctsn, ctsnap;
594
595 /* Do not even bother unless this is the next tsn to
596 * be delivered.
597 */
598 ctsn = event->tsn;
599 ctsnap = sctp_tsnmap_get_ctsn(&ulpq->asoc->peer.tsn_map);
600 if (TSN_lte(ctsn, ctsnap))
601 retval = sctp_ulpq_retrieve_partial(ulpq);
602 }
603
604 return retval;
605 }
606
607 /* Retrieve the first part (sequential fragments) for partial delivery. */
sctp_ulpq_retrieve_first(struct sctp_ulpq * ulpq)608 static struct sctp_ulpevent *sctp_ulpq_retrieve_first(struct sctp_ulpq *ulpq)
609 {
610 struct sk_buff *pos, *last_frag, *first_frag;
611 struct sctp_ulpevent *cevent;
612 __u32 ctsn, next_tsn;
613 struct sctp_ulpevent *retval;
614
615 /* The chunks are held in the reasm queue sorted by TSN.
616 * Walk through the queue sequentially and look for a sequence of
617 * fragmented chunks that start a datagram.
618 */
619
620 if (skb_queue_empty(&ulpq->reasm))
621 return NULL;
622
623 last_frag = first_frag = NULL;
624 retval = NULL;
625 next_tsn = 0;
626
627 skb_queue_walk(&ulpq->reasm, pos) {
628 cevent = sctp_skb2event(pos);
629 ctsn = cevent->tsn;
630
631 switch (cevent->msg_flags & SCTP_DATA_FRAG_MASK) {
632 case SCTP_DATA_FIRST_FRAG:
633 if (!first_frag) {
634 first_frag = pos;
635 next_tsn = ctsn + 1;
636 last_frag = pos;
637 } else
638 goto done;
639 break;
640
641 case SCTP_DATA_MIDDLE_FRAG:
642 if (!first_frag)
643 return NULL;
644 if (ctsn == next_tsn) {
645 next_tsn++;
646 last_frag = pos;
647 } else
648 goto done;
649 break;
650
651 case SCTP_DATA_LAST_FRAG:
652 if (!first_frag)
653 return NULL;
654 else
655 goto done;
656 break;
657
658 default:
659 return NULL;
660 }
661 }
662
663 /* We have the reassembled event. There is no need to look
664 * further.
665 */
666 done:
667 retval = sctp_make_reassembled_event(sock_net(ulpq->asoc->base.sk),
668 &ulpq->reasm, first_frag, last_frag);
669 return retval;
670 }
671
672 /*
673 * Flush out stale fragments from the reassembly queue when processing
674 * a Forward TSN.
675 *
676 * RFC 3758, Section 3.6
677 *
678 * After receiving and processing a FORWARD TSN, the data receiver MUST
679 * take cautions in updating its re-assembly queue. The receiver MUST
680 * remove any partially reassembled message, which is still missing one
681 * or more TSNs earlier than or equal to the new cumulative TSN point.
682 * In the event that the receiver has invoked the partial delivery API,
683 * a notification SHOULD also be generated to inform the upper layer API
684 * that the message being partially delivered will NOT be completed.
685 */
sctp_ulpq_reasm_flushtsn(struct sctp_ulpq * ulpq,__u32 fwd_tsn)686 void sctp_ulpq_reasm_flushtsn(struct sctp_ulpq *ulpq, __u32 fwd_tsn)
687 {
688 struct sk_buff *pos, *tmp;
689 struct sctp_ulpevent *event;
690 __u32 tsn;
691
692 if (skb_queue_empty(&ulpq->reasm))
693 return;
694
695 skb_queue_walk_safe(&ulpq->reasm, pos, tmp) {
696 event = sctp_skb2event(pos);
697 tsn = event->tsn;
698
699 /* Since the entire message must be abandoned by the
700 * sender (item A3 in Section 3.5, RFC 3758), we can
701 * free all fragments on the list that are less then
702 * or equal to ctsn_point
703 */
704 if (TSN_lte(tsn, fwd_tsn)) {
705 __skb_unlink(pos, &ulpq->reasm);
706 sctp_ulpevent_free(event);
707 } else
708 break;
709 }
710 }
711
712 /*
713 * Drain the reassembly queue. If we just cleared parted delivery, it
714 * is possible that the reassembly queue will contain already reassembled
715 * messages. Retrieve any such messages and give them to the user.
716 */
sctp_ulpq_reasm_drain(struct sctp_ulpq * ulpq)717 static void sctp_ulpq_reasm_drain(struct sctp_ulpq *ulpq)
718 {
719 struct sctp_ulpevent *event = NULL;
720
721 if (skb_queue_empty(&ulpq->reasm))
722 return;
723
724 while ((event = sctp_ulpq_retrieve_reassembled(ulpq)) != NULL) {
725 struct sk_buff_head temp;
726
727 skb_queue_head_init(&temp);
728 __skb_queue_tail(&temp, sctp_event2skb(event));
729
730 /* Do ordering if needed. */
731 if (event->msg_flags & MSG_EOR)
732 event = sctp_ulpq_order(ulpq, event);
733
734 /* Send event to the ULP. 'event' is the
735 * sctp_ulpevent for very first SKB on the temp' list.
736 */
737 if (event)
738 sctp_ulpq_tail_event(ulpq, &temp);
739 }
740 }
741
742
743 /* Helper function to gather skbs that have possibly become
744 * ordered by an an incoming chunk.
745 */
sctp_ulpq_retrieve_ordered(struct sctp_ulpq * ulpq,struct sctp_ulpevent * event)746 static void sctp_ulpq_retrieve_ordered(struct sctp_ulpq *ulpq,
747 struct sctp_ulpevent *event)
748 {
749 struct sk_buff_head *event_list;
750 struct sk_buff *pos, *tmp;
751 struct sctp_ulpevent *cevent;
752 struct sctp_stream *stream;
753 __u16 sid, csid, cssn;
754
755 sid = event->stream;
756 stream = &ulpq->asoc->stream;
757
758 event_list = (struct sk_buff_head *) sctp_event2skb(event)->prev;
759
760 /* We are holding the chunks by stream, by SSN. */
761 sctp_skb_for_each(pos, &ulpq->lobby, tmp) {
762 cevent = (struct sctp_ulpevent *) pos->cb;
763 csid = cevent->stream;
764 cssn = cevent->ssn;
765
766 /* Have we gone too far? */
767 if (csid > sid)
768 break;
769
770 /* Have we not gone far enough? */
771 if (csid < sid)
772 continue;
773
774 if (cssn != sctp_ssn_peek(stream, in, sid))
775 break;
776
777 /* Found it, so mark in the stream. */
778 sctp_ssn_next(stream, in, sid);
779
780 __skb_unlink(pos, &ulpq->lobby);
781
782 /* Attach all gathered skbs to the event. */
783 __skb_queue_tail(event_list, pos);
784 }
785 }
786
787 /* Helper function to store chunks needing ordering. */
sctp_ulpq_store_ordered(struct sctp_ulpq * ulpq,struct sctp_ulpevent * event)788 static void sctp_ulpq_store_ordered(struct sctp_ulpq *ulpq,
789 struct sctp_ulpevent *event)
790 {
791 struct sk_buff *pos;
792 struct sctp_ulpevent *cevent;
793 __u16 sid, csid;
794 __u16 ssn, cssn;
795
796 pos = skb_peek_tail(&ulpq->lobby);
797 if (!pos) {
798 __skb_queue_tail(&ulpq->lobby, sctp_event2skb(event));
799 return;
800 }
801
802 sid = event->stream;
803 ssn = event->ssn;
804
805 cevent = (struct sctp_ulpevent *) pos->cb;
806 csid = cevent->stream;
807 cssn = cevent->ssn;
808 if (sid > csid) {
809 __skb_queue_tail(&ulpq->lobby, sctp_event2skb(event));
810 return;
811 }
812
813 if ((sid == csid) && SSN_lt(cssn, ssn)) {
814 __skb_queue_tail(&ulpq->lobby, sctp_event2skb(event));
815 return;
816 }
817
818 /* Find the right place in this list. We store them by
819 * stream ID and then by SSN.
820 */
821 skb_queue_walk(&ulpq->lobby, pos) {
822 cevent = (struct sctp_ulpevent *) pos->cb;
823 csid = cevent->stream;
824 cssn = cevent->ssn;
825
826 if (csid > sid)
827 break;
828 if (csid == sid && SSN_lt(ssn, cssn))
829 break;
830 }
831
832
833 /* Insert before pos. */
834 __skb_queue_before(&ulpq->lobby, pos, sctp_event2skb(event));
835 }
836
sctp_ulpq_order(struct sctp_ulpq * ulpq,struct sctp_ulpevent * event)837 static struct sctp_ulpevent *sctp_ulpq_order(struct sctp_ulpq *ulpq,
838 struct sctp_ulpevent *event)
839 {
840 __u16 sid, ssn;
841 struct sctp_stream *stream;
842
843 /* Check if this message needs ordering. */
844 if (event->msg_flags & SCTP_DATA_UNORDERED)
845 return event;
846
847 /* Note: The stream ID must be verified before this routine. */
848 sid = event->stream;
849 ssn = event->ssn;
850 stream = &ulpq->asoc->stream;
851
852 /* Is this the expected SSN for this stream ID? */
853 if (ssn != sctp_ssn_peek(stream, in, sid)) {
854 /* We've received something out of order, so find where it
855 * needs to be placed. We order by stream and then by SSN.
856 */
857 sctp_ulpq_store_ordered(ulpq, event);
858 return NULL;
859 }
860
861 /* Mark that the next chunk has been found. */
862 sctp_ssn_next(stream, in, sid);
863
864 /* Go find any other chunks that were waiting for
865 * ordering.
866 */
867 sctp_ulpq_retrieve_ordered(ulpq, event);
868
869 return event;
870 }
871
872 /* Helper function to gather skbs that have possibly become
873 * ordered by forward tsn skipping their dependencies.
874 */
sctp_ulpq_reap_ordered(struct sctp_ulpq * ulpq,__u16 sid)875 static void sctp_ulpq_reap_ordered(struct sctp_ulpq *ulpq, __u16 sid)
876 {
877 struct sk_buff *pos, *tmp;
878 struct sctp_ulpevent *cevent;
879 struct sctp_ulpevent *event;
880 struct sctp_stream *stream;
881 struct sk_buff_head temp;
882 struct sk_buff_head *lobby = &ulpq->lobby;
883 __u16 csid, cssn;
884
885 stream = &ulpq->asoc->stream;
886
887 /* We are holding the chunks by stream, by SSN. */
888 skb_queue_head_init(&temp);
889 event = NULL;
890 sctp_skb_for_each(pos, lobby, tmp) {
891 cevent = (struct sctp_ulpevent *) pos->cb;
892 csid = cevent->stream;
893 cssn = cevent->ssn;
894
895 /* Have we gone too far? */
896 if (csid > sid)
897 break;
898
899 /* Have we not gone far enough? */
900 if (csid < sid)
901 continue;
902
903 /* see if this ssn has been marked by skipping */
904 if (!SSN_lt(cssn, sctp_ssn_peek(stream, in, csid)))
905 break;
906
907 __skb_unlink(pos, lobby);
908 if (!event)
909 /* Create a temporary list to collect chunks on. */
910 event = sctp_skb2event(pos);
911
912 /* Attach all gathered skbs to the event. */
913 __skb_queue_tail(&temp, pos);
914 }
915
916 /* If we didn't reap any data, see if the next expected SSN
917 * is next on the queue and if so, use that.
918 */
919 if (event == NULL && pos != (struct sk_buff *)lobby) {
920 cevent = (struct sctp_ulpevent *) pos->cb;
921 csid = cevent->stream;
922 cssn = cevent->ssn;
923
924 if (csid == sid && cssn == sctp_ssn_peek(stream, in, csid)) {
925 sctp_ssn_next(stream, in, csid);
926 __skb_unlink(pos, lobby);
927 __skb_queue_tail(&temp, pos);
928 event = sctp_skb2event(pos);
929 }
930 }
931
932 /* Send event to the ULP. 'event' is the sctp_ulpevent for
933 * very first SKB on the 'temp' list.
934 */
935 if (event) {
936 /* see if we have more ordered that we can deliver */
937 sctp_ulpq_retrieve_ordered(ulpq, event);
938 sctp_ulpq_tail_event(ulpq, &temp);
939 }
940 }
941
942 /* Skip over an SSN. This is used during the processing of
943 * Forwared TSN chunk to skip over the abandoned ordered data
944 */
sctp_ulpq_skip(struct sctp_ulpq * ulpq,__u16 sid,__u16 ssn)945 void sctp_ulpq_skip(struct sctp_ulpq *ulpq, __u16 sid, __u16 ssn)
946 {
947 struct sctp_stream *stream;
948
949 /* Note: The stream ID must be verified before this routine. */
950 stream = &ulpq->asoc->stream;
951
952 /* Is this an old SSN? If so ignore. */
953 if (SSN_lt(ssn, sctp_ssn_peek(stream, in, sid)))
954 return;
955
956 /* Mark that we are no longer expecting this SSN or lower. */
957 sctp_ssn_skip(stream, in, sid, ssn);
958
959 /* Go find any other chunks that were waiting for
960 * ordering and deliver them if needed.
961 */
962 sctp_ulpq_reap_ordered(ulpq, sid);
963 }
964
sctp_ulpq_renege_list(struct sctp_ulpq * ulpq,struct sk_buff_head * list,__u16 needed)965 __u16 sctp_ulpq_renege_list(struct sctp_ulpq *ulpq, struct sk_buff_head *list,
966 __u16 needed)
967 {
968 __u16 freed = 0;
969 __u32 tsn, last_tsn;
970 struct sk_buff *skb, *flist, *last;
971 struct sctp_ulpevent *event;
972 struct sctp_tsnmap *tsnmap;
973
974 tsnmap = &ulpq->asoc->peer.tsn_map;
975
976 while ((skb = skb_peek_tail(list)) != NULL) {
977 event = sctp_skb2event(skb);
978 tsn = event->tsn;
979
980 /* Don't renege below the Cumulative TSN ACK Point. */
981 if (TSN_lte(tsn, sctp_tsnmap_get_ctsn(tsnmap)))
982 break;
983
984 /* Events in ordering queue may have multiple fragments
985 * corresponding to additional TSNs. Sum the total
986 * freed space; find the last TSN.
987 */
988 freed += skb_headlen(skb);
989 flist = skb_shinfo(skb)->frag_list;
990 for (last = flist; flist; flist = flist->next) {
991 last = flist;
992 freed += skb_headlen(last);
993 }
994 if (last)
995 last_tsn = sctp_skb2event(last)->tsn;
996 else
997 last_tsn = tsn;
998
999 /* Unlink the event, then renege all applicable TSNs. */
1000 __skb_unlink(skb, list);
1001 sctp_ulpevent_free(event);
1002 while (TSN_lte(tsn, last_tsn)) {
1003 sctp_tsnmap_renege(tsnmap, tsn);
1004 tsn++;
1005 }
1006 if (freed >= needed)
1007 return freed;
1008 }
1009
1010 return freed;
1011 }
1012
1013 /* Renege 'needed' bytes from the ordering queue. */
sctp_ulpq_renege_order(struct sctp_ulpq * ulpq,__u16 needed)1014 static __u16 sctp_ulpq_renege_order(struct sctp_ulpq *ulpq, __u16 needed)
1015 {
1016 return sctp_ulpq_renege_list(ulpq, &ulpq->lobby, needed);
1017 }
1018
1019 /* Renege 'needed' bytes from the reassembly queue. */
sctp_ulpq_renege_frags(struct sctp_ulpq * ulpq,__u16 needed)1020 static __u16 sctp_ulpq_renege_frags(struct sctp_ulpq *ulpq, __u16 needed)
1021 {
1022 return sctp_ulpq_renege_list(ulpq, &ulpq->reasm, needed);
1023 }
1024
1025 /* Partial deliver the first message as there is pressure on rwnd. */
sctp_ulpq_partial_delivery(struct sctp_ulpq * ulpq,gfp_t gfp)1026 void sctp_ulpq_partial_delivery(struct sctp_ulpq *ulpq,
1027 gfp_t gfp)
1028 {
1029 struct sctp_ulpevent *event;
1030 struct sctp_association *asoc;
1031 struct sctp_sock *sp;
1032 __u32 ctsn;
1033 struct sk_buff *skb;
1034
1035 asoc = ulpq->asoc;
1036 sp = sctp_sk(asoc->base.sk);
1037
1038 /* If the association is already in Partial Delivery mode
1039 * we have nothing to do.
1040 */
1041 if (ulpq->pd_mode)
1042 return;
1043
1044 /* Data must be at or below the Cumulative TSN ACK Point to
1045 * start partial delivery.
1046 */
1047 skb = skb_peek(&asoc->ulpq.reasm);
1048 if (skb != NULL) {
1049 ctsn = sctp_skb2event(skb)->tsn;
1050 if (!TSN_lte(ctsn, sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map)))
1051 return;
1052 }
1053
1054 /* If the user enabled fragment interleave socket option,
1055 * multiple associations can enter partial delivery.
1056 * Otherwise, we can only enter partial delivery if the
1057 * socket is not in partial deliver mode.
1058 */
1059 if (sp->frag_interleave || atomic_read(&sp->pd_mode) == 0) {
1060 /* Is partial delivery possible? */
1061 event = sctp_ulpq_retrieve_first(ulpq);
1062 /* Send event to the ULP. */
1063 if (event) {
1064 struct sk_buff_head temp;
1065
1066 skb_queue_head_init(&temp);
1067 __skb_queue_tail(&temp, sctp_event2skb(event));
1068 sctp_ulpq_tail_event(ulpq, &temp);
1069 sctp_ulpq_set_pd(ulpq);
1070 return;
1071 }
1072 }
1073 }
1074
1075 /* Renege some packets to make room for an incoming chunk. */
sctp_ulpq_renege(struct sctp_ulpq * ulpq,struct sctp_chunk * chunk,gfp_t gfp)1076 void sctp_ulpq_renege(struct sctp_ulpq *ulpq, struct sctp_chunk *chunk,
1077 gfp_t gfp)
1078 {
1079 struct sctp_association *asoc = ulpq->asoc;
1080 __u32 freed = 0;
1081 __u16 needed;
1082
1083 needed = ntohs(chunk->chunk_hdr->length) -
1084 sizeof(struct sctp_data_chunk);
1085
1086 if (skb_queue_empty(&asoc->base.sk->sk_receive_queue)) {
1087 freed = sctp_ulpq_renege_order(ulpq, needed);
1088 if (freed < needed)
1089 freed += sctp_ulpq_renege_frags(ulpq, needed - freed);
1090 }
1091 /* If able to free enough room, accept this chunk. */
1092 if (sk_rmem_schedule(asoc->base.sk, chunk->skb, needed) &&
1093 freed >= needed) {
1094 int retval = sctp_ulpq_tail_data(ulpq, chunk, gfp);
1095 /*
1096 * Enter partial delivery if chunk has not been
1097 * delivered; otherwise, drain the reassembly queue.
1098 */
1099 if (retval <= 0)
1100 sctp_ulpq_partial_delivery(ulpq, gfp);
1101 else if (retval == 1)
1102 sctp_ulpq_reasm_drain(ulpq);
1103 }
1104
1105 sk_mem_reclaim(asoc->base.sk);
1106 }
1107
1108
1109
1110 /* Notify the application if an association is aborted and in
1111 * partial delivery mode. Send up any pending received messages.
1112 */
sctp_ulpq_abort_pd(struct sctp_ulpq * ulpq,gfp_t gfp)1113 void sctp_ulpq_abort_pd(struct sctp_ulpq *ulpq, gfp_t gfp)
1114 {
1115 struct sctp_ulpevent *ev = NULL;
1116 struct sctp_sock *sp;
1117 struct sock *sk;
1118
1119 if (!ulpq->pd_mode)
1120 return;
1121
1122 sk = ulpq->asoc->base.sk;
1123 sp = sctp_sk(sk);
1124 if (sctp_ulpevent_type_enabled(ulpq->asoc->subscribe,
1125 SCTP_PARTIAL_DELIVERY_EVENT))
1126 ev = sctp_ulpevent_make_pdapi(ulpq->asoc,
1127 SCTP_PARTIAL_DELIVERY_ABORTED,
1128 0, 0, 0, gfp);
1129 if (ev)
1130 __skb_queue_tail(&sk->sk_receive_queue, sctp_event2skb(ev));
1131
1132 /* If there is data waiting, send it up the socket now. */
1133 if ((sctp_ulpq_clear_pd(ulpq) || ev) && !sp->data_ready_signalled) {
1134 sp->data_ready_signalled = 1;
1135 sk->sk_data_ready(sk);
1136 }
1137 }
1138