projects / linux-2.6-microblaze.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge tag 'linux-watchdog-6.6-rc1' of git://www.linux-watchdog.org/linux-watchdog
[linux-2.6-microblaze.git] / net / ieee802154 / 6lowpan / reassembly.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*      6LoWPAN fragment reassembly
3  *
4  *      Authors:
5  *      Alexander Aring         <aar@pengutronix.de>
6  *
7  *      Based on: net/ipv6/reassembly.c
8  */
9
10 #define pr_fmt(fmt) "6LoWPAN: " fmt
11
12 #include <linux/net.h>
13 #include <linux/list.h>
14 #include <linux/netdevice.h>
15 #include <linux/random.h>
16 #include <linux/jhash.h>
17 #include <linux/skbuff.h>
18 #include <linux/slab.h>
19 #include <linux/export.h>
20
21 #include <net/ieee802154_netdev.h>
22 #include <net/6lowpan.h>
23 #include <net/ipv6_frag.h>
24 #include <net/inet_frag.h>
25 #include <net/ip.h>
26
27 #include "6lowpan_i.h"
28
29 static const char lowpan_frags_cache_name[] = "lowpan-frags";
30
31 static struct inet_frags lowpan_frags;
32
33 static int lowpan_frag_reasm(struct lowpan_frag_queue *fq, struct sk_buff *skb,
34                              struct sk_buff *prev,  struct net_device *ldev);
35
36 static void lowpan_frag_init(struct inet_frag_queue *q, const void *a)
37 {
38         const struct frag_lowpan_compare_key *key = a;
39
40         BUILD_BUG_ON(sizeof(*key) > sizeof(q->key));
41         memcpy(&q->key, key, sizeof(*key));
42 }
43
44 static void lowpan_frag_expire(struct timer_list *t)
45 {
46         struct inet_frag_queue *frag = from_timer(frag, t, timer);
47         struct frag_queue *fq;
48
49         fq = container_of(frag, struct frag_queue, q);
50
51         spin_lock(&fq->q.lock);
52
53         if (fq->q.flags & INET_FRAG_COMPLETE)
54                 goto out;
55
56         inet_frag_kill(&fq->q);
57 out:
58         spin_unlock(&fq->q.lock);
59         inet_frag_put(&fq->q);
60 }
61
62 static inline struct lowpan_frag_queue *
63 fq_find(struct net *net, const struct lowpan_802154_cb *cb,
64         const struct ieee802154_addr *src,
65         const struct ieee802154_addr *dst)
66 {
67         struct netns_ieee802154_lowpan *ieee802154_lowpan =
68                 net_ieee802154_lowpan(net);
69         struct frag_lowpan_compare_key key = {};
70         struct inet_frag_queue *q;
71
72         key.tag = cb->d_tag;
73         key.d_size = cb->d_size;
74         key.src = *src;
75         key.dst = *dst;
76
77         q = inet_frag_find(ieee802154_lowpan->fqdir, &key);
78         if (!q)
79                 return NULL;
80
81         return container_of(q, struct lowpan_frag_queue, q);
82 }
83
84 static int lowpan_frag_queue(struct lowpan_frag_queue *fq,
85                              struct sk_buff *skb, u8 frag_type)
86 {
87         struct sk_buff *prev_tail;
88         struct net_device *ldev;
89         int end, offset, err;
90
91         /* inet_frag_queue_* functions use skb->cb; see struct ipfrag_skb_cb
92          * in inet_fragment.c
93          */
94         BUILD_BUG_ON(sizeof(struct lowpan_802154_cb) > sizeof(struct inet_skb_parm));
95         BUILD_BUG_ON(sizeof(struct lowpan_802154_cb) > sizeof(struct inet6_skb_parm));
96
97         if (fq->q.flags & INET_FRAG_COMPLETE)
98                 goto err;
99
100         offset = lowpan_802154_cb(skb)->d_offset << 3;
101         end = lowpan_802154_cb(skb)->d_size;
102
103         /* Is this the final fragment? */
104         if (offset + skb->len == end) {
105                 /* If we already have some bits beyond end
106                  * or have different end, the segment is corrupted.
107                  */
108                 if (end < fq->q.len ||
109                     ((fq->q.flags & INET_FRAG_LAST_IN) && end != fq->q.len))
110                         goto err;
111                 fq->q.flags |= INET_FRAG_LAST_IN;
112                 fq->q.len = end;
113         } else {
114                 if (end > fq->q.len) {
115                         /* Some bits beyond end -> corruption. */
116                         if (fq->q.flags & INET_FRAG_LAST_IN)
117                                 goto err;
118                         fq->q.len = end;
119                 }
120         }
121
122         ldev = skb->dev;
123         if (ldev)
124                 skb->dev = NULL;
125         barrier();
126
127         prev_tail = fq->q.fragments_tail;
128         err = inet_frag_queue_insert(&fq->q, skb, offset, end);
129         if (err)
130                 goto err;
131
132         fq->q.stamp = skb->tstamp;
133         fq->q.mono_delivery_time = skb->mono_delivery_time;
134         if (frag_type == LOWPAN_DISPATCH_FRAG1)
135                 fq->q.flags |= INET_FRAG_FIRST_IN;
136
137         fq->q.meat += skb->len;
138         add_frag_mem_limit(fq->q.fqdir, skb->truesize);
139
140         if (fq->q.flags == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) &&
141             fq->q.meat == fq->q.len) {
142                 int res;
143                 unsigned long orefdst = skb->_skb_refdst;
144
145                 skb->_skb_refdst = 0UL;
146                 res = lowpan_frag_reasm(fq, skb, prev_tail, ldev);
147                 skb->_skb_refdst = orefdst;
148                 return res;
149         }
150         skb_dst_drop(skb);
151
152         return -1;
153 err:
154         kfree_skb(skb);
155         return -1;
156 }
157
158 /*      Check if this packet is complete.
159  *
160  *      It is called with locked fq, and caller must check that
161  *      queue is eligible for reassembly i.e. it is not COMPLETE,
162  *      the last and the first frames arrived and all the bits are here.
163  */
164 static int lowpan_frag_reasm(struct lowpan_frag_queue *fq, struct sk_buff *skb,
165                              struct sk_buff *prev_tail, struct net_device *ldev)
166 {
167         void *reasm_data;
168
169         inet_frag_kill(&fq->q);
170
171         reasm_data = inet_frag_reasm_prepare(&fq->q, skb, prev_tail);
172         if (!reasm_data)
173                 goto out_oom;
174         inet_frag_reasm_finish(&fq->q, skb, reasm_data, false);
175
176         skb->dev = ldev;
177         skb->tstamp = fq->q.stamp;
178         fq->q.rb_fragments = RB_ROOT;
179         fq->q.fragments_tail = NULL;
180         fq->q.last_run_head = NULL;
181
182         return 1;
183 out_oom:
184         net_dbg_ratelimited("lowpan_frag_reasm: no memory for reassembly\n");
185         return -1;
186 }
187
188 static int lowpan_frag_rx_handlers_result(struct sk_buff *skb,
189                                           lowpan_rx_result res)
190 {
191         switch (res) {
192         case RX_QUEUED:
193                 return NET_RX_SUCCESS;
194         case RX_CONTINUE:
195                 /* nobody cared about this packet */
196                 net_warn_ratelimited("%s: received unknown dispatch\n",
197                                      __func__);
198
199                 fallthrough;
200         default:
201                 /* all others failure */
202                 return NET_RX_DROP;
203         }
204 }
205
206 static lowpan_rx_result lowpan_frag_rx_h_iphc(struct sk_buff *skb)
207 {
208         int ret;
209
210         if (!lowpan_is_iphc(*skb_network_header(skb)))
211                 return RX_CONTINUE;
212
213         ret = lowpan_iphc_decompress(skb);
214         if (ret < 0)
215                 return RX_DROP;
216
217         return RX_QUEUED;
218 }
219
220 static int lowpan_invoke_frag_rx_handlers(struct sk_buff *skb)
221 {
222         lowpan_rx_result res;
223
224 #define CALL_RXH(rxh)                   \
225         do {                            \
226                 res = rxh(skb); \
227                 if (res != RX_CONTINUE) \
228                         goto rxh_next;  \
229         } while (0)
230
231         /* likely at first */
232         CALL_RXH(lowpan_frag_rx_h_iphc);
233         CALL_RXH(lowpan_rx_h_ipv6);
234
235 rxh_next:
236         return lowpan_frag_rx_handlers_result(skb, res);
237 #undef CALL_RXH
238 }
239
240 #define LOWPAN_FRAG_DGRAM_SIZE_HIGH_MASK        0x07
241 #define LOWPAN_FRAG_DGRAM_SIZE_HIGH_SHIFT       8
242
243 static int lowpan_get_cb(struct sk_buff *skb, u8 frag_type,
244                          struct lowpan_802154_cb *cb)
245 {
246         bool fail;
247         u8 high = 0, low = 0;
248         __be16 d_tag = 0;
249
250         fail = lowpan_fetch_skb(skb, &high, 1);
251         fail |= lowpan_fetch_skb(skb, &low, 1);
252         /* remove the dispatch value and use first three bits as high value
253          * for the datagram size
254          */
255         cb->d_size = (high & LOWPAN_FRAG_DGRAM_SIZE_HIGH_MASK) <<
256                 LOWPAN_FRAG_DGRAM_SIZE_HIGH_SHIFT | low;
257         fail |= lowpan_fetch_skb(skb, &d_tag, 2);
258         cb->d_tag = ntohs(d_tag);
259
260         if (frag_type == LOWPAN_DISPATCH_FRAGN) {
261                 fail |= lowpan_fetch_skb(skb, &cb->d_offset, 1);
262         } else {
263                 skb_reset_network_header(skb);
264                 cb->d_offset = 0;
265                 /* check if datagram_size has ipv6hdr on FRAG1 */
266                 fail |= cb->d_size < sizeof(struct ipv6hdr);
267                 /* check if we can dereference the dispatch value */
268                 fail |= !skb->len;
269         }
270
271         if (unlikely(fail))
272                 return -EIO;
273
274         return 0;
275 }
276
277 int lowpan_frag_rcv(struct sk_buff *skb, u8 frag_type)
278 {
279         struct lowpan_frag_queue *fq;
280         struct net *net = dev_net(skb->dev);
281         struct lowpan_802154_cb *cb = lowpan_802154_cb(skb);
282         struct ieee802154_hdr hdr = {};
283         int err;
284
285         if (ieee802154_hdr_peek_addrs(skb, &hdr) < 0)
286                 goto err;
287
288         err = lowpan_get_cb(skb, frag_type, cb);
289         if (err < 0)
290                 goto err;
291
292         if (frag_type == LOWPAN_DISPATCH_FRAG1) {
293                 err = lowpan_invoke_frag_rx_handlers(skb);
294                 if (err == NET_RX_DROP)
295                         goto err;
296         }
297
298         if (cb->d_size > IPV6_MIN_MTU) {
299                 net_warn_ratelimited("lowpan_frag_rcv: datagram size exceeds MTU\n");
300                 goto err;
301         }
302
303         fq = fq_find(net, cb, &hdr.source, &hdr.dest);
304         if (fq != NULL) {
305                 int ret;
306
307                 spin_lock(&fq->q.lock);
308                 ret = lowpan_frag_queue(fq, skb, frag_type);
309                 spin_unlock(&fq->q.lock);
310
311                 inet_frag_put(&fq->q);
312                 return ret;
313         }
314
315 err:
316         kfree_skb(skb);
317         return -1;
318 }
319
320 #ifdef CONFIG_SYSCTL
321
322 static struct ctl_table lowpan_frags_ns_ctl_table[] = {
323         {
324                 .procname       = "6lowpanfrag_high_thresh",
325                 .maxlen         = sizeof(unsigned long),
326                 .mode           = 0644,
327                 .proc_handler   = proc_doulongvec_minmax,
328         },
329         {
330                 .procname       = "6lowpanfrag_low_thresh",
331                 .maxlen         = sizeof(unsigned long),
332                 .mode           = 0644,
333                 .proc_handler   = proc_doulongvec_minmax,
334         },
335         {
336                 .procname       = "6lowpanfrag_time",
337                 .maxlen         = sizeof(int),
338                 .mode           = 0644,
339                 .proc_handler   = proc_dointvec_jiffies,
340         },
341         { }
342 };
343
344 /* secret interval has been deprecated */
345 static int lowpan_frags_secret_interval_unused;
346 static struct ctl_table lowpan_frags_ctl_table[] = {
347         {
348                 .procname       = "6lowpanfrag_secret_interval",
349                 .data           = &lowpan_frags_secret_interval_unused,
350                 .maxlen         = sizeof(int),
351                 .mode           = 0644,
352                 .proc_handler   = proc_dointvec_jiffies,
353         },
354         { }
355 };
356
357 static int __net_init lowpan_frags_ns_sysctl_register(struct net *net)
358 {
359         struct ctl_table *table;
360         struct ctl_table_header *hdr;
361         struct netns_ieee802154_lowpan *ieee802154_lowpan =
362                 net_ieee802154_lowpan(net);
363         size_t table_size = ARRAY_SIZE(lowpan_frags_ns_ctl_table);
364
365         table = lowpan_frags_ns_ctl_table;
366         if (!net_eq(net, &init_net)) {
367                 table = kmemdup(table, sizeof(lowpan_frags_ns_ctl_table),
368                                 GFP_KERNEL);
369                 if (table == NULL)
370                         goto err_alloc;
371
372                 /* Don't export sysctls to unprivileged users */
373                 if (net->user_ns != &init_user_ns) {
374                         table[0].procname = NULL;
375                         table_size = 0;
376                 }
377         }
378
379         table[0].data   = &ieee802154_lowpan->fqdir->high_thresh;
380         table[0].extra1 = &ieee802154_lowpan->fqdir->low_thresh;
381         table[1].data   = &ieee802154_lowpan->fqdir->low_thresh;
382         table[1].extra2 = &ieee802154_lowpan->fqdir->high_thresh;
383         table[2].data   = &ieee802154_lowpan->fqdir->timeout;
384
385         hdr = register_net_sysctl_sz(net, "net/ieee802154/6lowpan", table,
386                                      table_size);
387         if (hdr == NULL)
388                 goto err_reg;
389
390         ieee802154_lowpan->sysctl.frags_hdr = hdr;
391         return 0;
392
393 err_reg:
394         if (!net_eq(net, &init_net))
395                 kfree(table);
396 err_alloc:
397         return -ENOMEM;
398 }
399
400 static void __net_exit lowpan_frags_ns_sysctl_unregister(struct net *net)
401 {
402         struct ctl_table *table;
403         struct netns_ieee802154_lowpan *ieee802154_lowpan =
404                 net_ieee802154_lowpan(net);
405
406         table = ieee802154_lowpan->sysctl.frags_hdr->ctl_table_arg;
407         unregister_net_sysctl_table(ieee802154_lowpan->sysctl.frags_hdr);
408         if (!net_eq(net, &init_net))
409                 kfree(table);
410 }
411
412 static struct ctl_table_header *lowpan_ctl_header;
413
414 static int __init lowpan_frags_sysctl_register(void)
415 {
416         lowpan_ctl_header = register_net_sysctl(&init_net,
417                                                 "net/ieee802154/6lowpan",
418                                                 lowpan_frags_ctl_table);
419         return lowpan_ctl_header == NULL ? -ENOMEM : 0;
420 }
421
422 static void lowpan_frags_sysctl_unregister(void)
423 {
424         unregister_net_sysctl_table(lowpan_ctl_header);
425 }
426 #else
427 static inline int lowpan_frags_ns_sysctl_register(struct net *net)
428 {
429         return 0;
430 }
431
432 static inline void lowpan_frags_ns_sysctl_unregister(struct net *net)
433 {
434 }
435
436 static inline int __init lowpan_frags_sysctl_register(void)
437 {
438         return 0;
439 }
440
441 static inline void lowpan_frags_sysctl_unregister(void)
442 {
443 }
444 #endif
445
446 static int __net_init lowpan_frags_init_net(struct net *net)
447 {
448         struct netns_ieee802154_lowpan *ieee802154_lowpan =
449                 net_ieee802154_lowpan(net);
450         int res;
451
452
453         res = fqdir_init(&ieee802154_lowpan->fqdir, &lowpan_frags, net);
454         if (res < 0)
455                 return res;
456
457         ieee802154_lowpan->fqdir->high_thresh = IPV6_FRAG_HIGH_THRESH;
458         ieee802154_lowpan->fqdir->low_thresh = IPV6_FRAG_LOW_THRESH;
459         ieee802154_lowpan->fqdir->timeout = IPV6_FRAG_TIMEOUT;
460
461         res = lowpan_frags_ns_sysctl_register(net);
462         if (res < 0)
463                 fqdir_exit(ieee802154_lowpan->fqdir);
464         return res;
465 }
466
467 static void __net_exit lowpan_frags_pre_exit_net(struct net *net)
468 {
469         struct netns_ieee802154_lowpan *ieee802154_lowpan =
470                 net_ieee802154_lowpan(net);
471
472         fqdir_pre_exit(ieee802154_lowpan->fqdir);
473 }
474
475 static void __net_exit lowpan_frags_exit_net(struct net *net)
476 {
477         struct netns_ieee802154_lowpan *ieee802154_lowpan =
478                 net_ieee802154_lowpan(net);
479
480         lowpan_frags_ns_sysctl_unregister(net);
481         fqdir_exit(ieee802154_lowpan->fqdir);
482 }
483
484 static struct pernet_operations lowpan_frags_ops = {
485         .init           = lowpan_frags_init_net,
486         .pre_exit       = lowpan_frags_pre_exit_net,
487         .exit           = lowpan_frags_exit_net,
488 };
489
490 static u32 lowpan_key_hashfn(const void *data, u32 len, u32 seed)
491 {
492         return jhash2(data,
493                       sizeof(struct frag_lowpan_compare_key) / sizeof(u32), seed);
494 }
495
496 static u32 lowpan_obj_hashfn(const void *data, u32 len, u32 seed)
497 {
498         const struct inet_frag_queue *fq = data;
499
500         return jhash2((const u32 *)&fq->key,
501                       sizeof(struct frag_lowpan_compare_key) / sizeof(u32), seed);
502 }
503
504 static int lowpan_obj_cmpfn(struct rhashtable_compare_arg *arg, const void *ptr)
505 {
506         const struct frag_lowpan_compare_key *key = arg->key;
507         const struct inet_frag_queue *fq = ptr;
508
509         return !!memcmp(&fq->key, key, sizeof(*key));
510 }
511
512 static const struct rhashtable_params lowpan_rhash_params = {
513         .head_offset            = offsetof(struct inet_frag_queue, node),
514         .hashfn                 = lowpan_key_hashfn,
515         .obj_hashfn             = lowpan_obj_hashfn,
516         .obj_cmpfn              = lowpan_obj_cmpfn,
517         .automatic_shrinking    = true,
518 };
519
520 int __init lowpan_net_frag_init(void)
521 {
522         int ret;
523
524         lowpan_frags.constructor = lowpan_frag_init;
525         lowpan_frags.destructor = NULL;
526         lowpan_frags.qsize = sizeof(struct frag_queue);
527         lowpan_frags.frag_expire = lowpan_frag_expire;
528         lowpan_frags.frags_cache_name = lowpan_frags_cache_name;
529         lowpan_frags.rhash_params = lowpan_rhash_params;
530         ret = inet_frags_init(&lowpan_frags);
531         if (ret)
532                 goto out;
533
534         ret = lowpan_frags_sysctl_register();
535         if (ret)
536                 goto err_sysctl;
537
538         ret = register_pernet_subsys(&lowpan_frags_ops);
539         if (ret)
540                 goto err_pernet;
541 out:
542         return ret;
543 err_pernet:
544         lowpan_frags_sysctl_unregister();
545 err_sysctl:
546         inet_frags_fini(&lowpan_frags);
547         return ret;
548 }
549
550 void lowpan_net_frag_exit(void)
551 {
552         lowpan_frags_sysctl_unregister();
553         unregister_pernet_subsys(&lowpan_frags_ops);
554         inet_frags_fini(&lowpan_frags);
555 }
MicroBlaze GIT Repository