1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
34
35#include <linux/types.h>
36#include <linux/kernel.h>
37#include <linux/net.h>
38#include <linux/inet.h>
39#include <linux/skbuff.h>
40#include <linux/slab.h>
41#include <net/sock.h>
42#include <net/sctp/sctp.h>
43#include <net/sctp/sm.h>
44
45
46
47
48
49
50static void sctp_datamsg_init(struct sctp_datamsg *msg)
51{
52 refcount_set(&msg->refcnt, 1);
53 msg->send_failed = 0;
54 msg->send_error = 0;
55 msg->can_delay = 1;
56 msg->abandoned = 0;
57 msg->expires_at = 0;
58 INIT_LIST_HEAD(&msg->chunks);
59}
60
61
62static struct sctp_datamsg *sctp_datamsg_new(gfp_t gfp)
63{
64 struct sctp_datamsg *msg;
65 msg = kmalloc(sizeof(struct sctp_datamsg), gfp);
66 if (msg) {
67 sctp_datamsg_init(msg);
68 SCTP_DBG_OBJCNT_INC(datamsg);
69 }
70 return msg;
71}
72
73void sctp_datamsg_free(struct sctp_datamsg *msg)
74{
75 struct sctp_chunk *chunk;
76
77
78
79
80 list_for_each_entry(chunk, &msg->chunks, frag_list)
81 sctp_chunk_free(chunk);
82
83 sctp_datamsg_put(msg);
84}
85
86
87static void sctp_datamsg_destroy(struct sctp_datamsg *msg)
88{
89 struct list_head *pos, *temp;
90 struct sctp_chunk *chunk;
91 struct sctp_sock *sp;
92 struct sctp_ulpevent *ev;
93 struct sctp_association *asoc = NULL;
94 int error = 0, notify;
95
96
97 notify = msg->send_failed ? -1 : 0;
98
99
100 list_for_each_safe(pos, temp, &msg->chunks) {
101 list_del_init(pos);
102 chunk = list_entry(pos, struct sctp_chunk, frag_list);
103
104 if (notify < 0) {
105 asoc = chunk->asoc;
106 if (msg->send_error)
107 error = msg->send_error;
108 else
109 error = asoc->outqueue.error;
110
111 sp = sctp_sk(asoc->base.sk);
112 notify = sctp_ulpevent_type_enabled(SCTP_SEND_FAILED,
113 &sp->subscribe);
114 }
115
116
117 if (notify > 0) {
118 int sent;
119 if (chunk->has_tsn)
120 sent = SCTP_DATA_SENT;
121 else
122 sent = SCTP_DATA_UNSENT;
123
124 ev = sctp_ulpevent_make_send_failed(asoc, chunk, sent,
125 error, GFP_ATOMIC);
126 if (ev)
127 asoc->stream.si->enqueue_event(&asoc->ulpq, ev);
128 }
129
130 sctp_chunk_put(chunk);
131 }
132
133 SCTP_DBG_OBJCNT_DEC(datamsg);
134 kfree(msg);
135}
136
137
138static void sctp_datamsg_hold(struct sctp_datamsg *msg)
139{
140 refcount_inc(&msg->refcnt);
141}
142
143
144void sctp_datamsg_put(struct sctp_datamsg *msg)
145{
146 if (refcount_dec_and_test(&msg->refcnt))
147 sctp_datamsg_destroy(msg);
148}
149
150
151static void sctp_datamsg_assign(struct sctp_datamsg *msg, struct sctp_chunk *chunk)
152{
153 sctp_datamsg_hold(msg);
154 chunk->msg = msg;
155}
156
157
158
159
160
161
162
163
164
165struct sctp_datamsg *sctp_datamsg_from_user(struct sctp_association *asoc,
166 struct sctp_sndrcvinfo *sinfo,
167 struct iov_iter *from)
168{
169 size_t len, first_len, max_data, remaining;
170 size_t msg_len = iov_iter_count(from);
171 struct sctp_shared_key *shkey = NULL;
172 struct list_head *pos, *temp;
173 struct sctp_chunk *chunk;
174 struct sctp_datamsg *msg;
175 struct sctp_sock *sp;
176 struct sctp_af *af;
177 int err;
178
179 msg = sctp_datamsg_new(GFP_KERNEL);
180 if (!msg)
181 return ERR_PTR(-ENOMEM);
182
183
184
185
186 if (asoc->peer.prsctp_capable && sinfo->sinfo_timetolive &&
187 (SCTP_PR_TTL_ENABLED(sinfo->sinfo_flags) ||
188 !SCTP_PR_POLICY(sinfo->sinfo_flags)))
189 msg->expires_at = jiffies +
190 msecs_to_jiffies(sinfo->sinfo_timetolive);
191
192
193
194
195 sp = sctp_sk(asoc->base.sk);
196 af = sp->pf->af;
197 max_data = asoc->pathmtu - af->net_header_len -
198 sizeof(struct sctphdr) - sctp_datachk_len(&asoc->stream) -
199 af->ip_options_len(asoc->base.sk);
200 max_data = SCTP_TRUNC4(max_data);
201
202
203
204
205
206 if (sctp_auth_send_cid(SCTP_CID_DATA, asoc)) {
207 struct sctp_hmac *hmac_desc = sctp_auth_asoc_get_hmac(asoc);
208
209 if (hmac_desc)
210 max_data -= SCTP_PAD4(sizeof(struct sctp_auth_chunk) +
211 hmac_desc->hmac_len);
212
213 if (sinfo->sinfo_tsn &&
214 sinfo->sinfo_ssn != asoc->active_key_id) {
215 shkey = sctp_auth_get_shkey(asoc, sinfo->sinfo_ssn);
216 if (!shkey) {
217 err = -EINVAL;
218 goto errout;
219 }
220 } else {
221 shkey = asoc->shkey;
222 }
223 }
224
225
226 max_data = min_t(size_t, max_data, asoc->frag_point);
227
228
229 first_len = max_data;
230
231
232
233
234
235
236
237 if (timer_pending(&asoc->timers[SCTP_EVENT_TIMEOUT_SACK]) &&
238 asoc->outqueue.out_qlen == 0 &&
239 list_empty(&asoc->outqueue.retransmit) &&
240 msg_len > max_data)
241 first_len -= SCTP_PAD4(sizeof(struct sctp_sack_chunk));
242
243
244 if (asoc->state < SCTP_STATE_COOKIE_ECHOED)
245 first_len -= SCTP_ARBITRARY_COOKIE_ECHO_LEN;
246
247
248 if (msg_len >= first_len) {
249 msg->can_delay = 0;
250 SCTP_INC_STATS(sock_net(asoc->base.sk), SCTP_MIB_FRAGUSRMSGS);
251 } else {
252
253 first_len = msg_len;
254 }
255
256
257 for (remaining = msg_len; remaining; remaining -= len) {
258 u8 frag = SCTP_DATA_MIDDLE_FRAG;
259
260 if (remaining == msg_len) {
261
262 frag |= SCTP_DATA_FIRST_FRAG;
263 len = first_len;
264 } else {
265
266 len = max_data;
267 }
268
269 if (len >= remaining) {
270
271 len = remaining;
272 frag |= SCTP_DATA_LAST_FRAG;
273
274
275
276
277
278 if ((sinfo->sinfo_flags & SCTP_EOF) ||
279 (sinfo->sinfo_flags & SCTP_SACK_IMMEDIATELY))
280 frag |= SCTP_DATA_SACK_IMM;
281 }
282
283 chunk = asoc->stream.si->make_datafrag(asoc, sinfo, len, frag,
284 GFP_KERNEL);
285 if (!chunk) {
286 err = -ENOMEM;
287 goto errout;
288 }
289
290 err = sctp_user_addto_chunk(chunk, len, from);
291 if (err < 0)
292 goto errout_chunk_free;
293
294 chunk->shkey = shkey;
295
296
297 __skb_pull(chunk->skb, (__u8 *)chunk->chunk_hdr -
298 chunk->skb->data);
299
300 sctp_datamsg_assign(msg, chunk);
301 list_add_tail(&chunk->frag_list, &msg->chunks);
302 }
303
304 return msg;
305
306errout_chunk_free:
307 sctp_chunk_free(chunk);
308
309errout:
310 list_for_each_safe(pos, temp, &msg->chunks) {
311 list_del_init(pos);
312 chunk = list_entry(pos, struct sctp_chunk, frag_list);
313 sctp_chunk_free(chunk);
314 }
315 sctp_datamsg_put(msg);
316
317 return ERR_PTR(err);
318}
319
320
321int sctp_chunk_abandoned(struct sctp_chunk *chunk)
322{
323 if (!chunk->asoc->peer.prsctp_capable)
324 return 0;
325
326 if (chunk->msg->abandoned)
327 return 1;
328
329 if (!chunk->has_tsn &&
330 !(chunk->chunk_hdr->flags & SCTP_DATA_FIRST_FRAG))
331 return 0;
332
333 if (SCTP_PR_TTL_ENABLED(chunk->sinfo.sinfo_flags) &&
334 time_after(jiffies, chunk->msg->expires_at)) {
335 struct sctp_stream_out *streamout =
336 &chunk->asoc->stream.out[chunk->sinfo.sinfo_stream];
337
338 if (chunk->sent_count) {
339 chunk->asoc->abandoned_sent[SCTP_PR_INDEX(TTL)]++;
340 streamout->ext->abandoned_sent[SCTP_PR_INDEX(TTL)]++;
341 } else {
342 chunk->asoc->abandoned_unsent[SCTP_PR_INDEX(TTL)]++;
343 streamout->ext->abandoned_unsent[SCTP_PR_INDEX(TTL)]++;
344 }
345 chunk->msg->abandoned = 1;
346 return 1;
347 } else if (SCTP_PR_RTX_ENABLED(chunk->sinfo.sinfo_flags) &&
348 chunk->sent_count > chunk->sinfo.sinfo_timetolive) {
349 struct sctp_stream_out *streamout =
350 &chunk->asoc->stream.out[chunk->sinfo.sinfo_stream];
351
352 chunk->asoc->abandoned_sent[SCTP_PR_INDEX(RTX)]++;
353 streamout->ext->abandoned_sent[SCTP_PR_INDEX(RTX)]++;
354 chunk->msg->abandoned = 1;
355 return 1;
356 } else if (!SCTP_PR_POLICY(chunk->sinfo.sinfo_flags) &&
357 chunk->msg->expires_at &&
358 time_after(jiffies, chunk->msg->expires_at)) {
359 chunk->msg->abandoned = 1;
360 return 1;
361 }
362
363
364 return 0;
365}
366
367
368void sctp_chunk_fail(struct sctp_chunk *chunk, int error)
369{
370 chunk->msg->send_failed = 1;
371 chunk->msg->send_error = error;
372}
373