SUNRPC: new svc_bind() routine introduced
[linux-3.10.git] / net / sctp / input.c
index bf612d9..80f71af 100644 (file)
@@ -53,6 +53,7 @@
 #include <linux/socket.h>
 #include <linux/ip.h>
 #include <linux/time.h> /* For struct timeval */
+#include <linux/slab.h>
 #include <net/ip.h>
 #include <net/icmp.h>
 #include <net/snmp.h>
@@ -75,22 +76,23 @@ static struct sctp_association *__sctp_lookup_association(
                                        const union sctp_addr *peer,
                                        struct sctp_transport **pt);
 
-static void sctp_add_backlog(struct sock *sk, struct sk_buff *skb);
+static int sctp_add_backlog(struct sock *sk, struct sk_buff *skb);
 
 
 /* Calculate the SCTP checksum of an SCTP packet.  */
 static inline int sctp_rcv_checksum(struct sk_buff *skb)
 {
-       struct sk_buff *list = skb_shinfo(skb)->frag_list;
        struct sctphdr *sh = sctp_hdr(skb);
-       __be32 cmp = sh->checksum;
-       __be32 val = sctp_start_cksum((__u8 *)sh, skb_headlen(skb));
+       __le32 cmp = sh->checksum;
+       struct sk_buff *list;
+       __le32 val;
+       __u32 tmp = sctp_start_cksum((__u8 *)sh, skb_headlen(skb));
 
-       for (; list; list = list->next)
-               val = sctp_update_cksum((__u8 *)list->data, skb_headlen(list),
-                                       val);
+       skb_walk_frags(skb, list)
+               tmp = sctp_update_cksum((__u8 *)list->data, skb_headlen(list),
+                                       tmp);
 
-       val = sctp_end_cksum(val);
+       val = sctp_end_cksum(tmp);
 
        if (val != cmp) {
                /* CRC failure, dump it. */
@@ -103,7 +105,7 @@ static inline int sctp_rcv_checksum(struct sk_buff *skb)
 struct sctp_input_cb {
        union {
                struct inet_skb_parm    h4;
-#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
                struct inet6_skb_parm   h6;
 #endif
        } header;
@@ -142,7 +144,8 @@ int sctp_rcv(struct sk_buff *skb)
        __skb_pull(skb, skb_transport_offset(skb));
        if (skb->len < sizeof(struct sctphdr))
                goto discard_it;
-       if (!skb_csum_unnecessary(skb) && sctp_rcv_checksum(skb) < 0)
+       if (!sctp_checksum_disable && !skb_csum_unnecessary(skb) &&
+                 sctp_rcv_checksum(skb) < 0)
                goto discard_it;
 
        skb_pull(skb, sizeof(struct sctphdr));
@@ -249,9 +252,27 @@ int sctp_rcv(struct sk_buff *skb)
         */
        sctp_bh_lock_sock(sk);
 
+       if (sk != rcvr->sk) {
+               /* Our cached sk is different from the rcvr->sk.  This is
+                * because migrate()/accept() may have moved the association
+                * to a new socket and released all the sockets.  So now we
+                * are holding a lock on the old socket while the user may
+                * be doing something with the new socket.  Switch our veiw
+                * of the current sk.
+                */
+               sctp_bh_unlock_sock(sk);
+               sk = rcvr->sk;
+               sctp_bh_lock_sock(sk);
+       }
+
        if (sock_owned_by_user(sk)) {
+               if (sctp_add_backlog(sk, skb)) {
+                       sctp_bh_unlock_sock(sk);
+                       sctp_chunk_free(chunk);
+                       skb = NULL; /* sctp_chunk_free already freed the skb */
+                       goto discard_release;
+               }
                SCTP_INC_STATS_BH(SCTP_MIB_IN_PKT_BACKLOG);
-               sctp_add_backlog(sk, skb);
        } else {
                SCTP_INC_STATS_BH(SCTP_MIB_IN_PKT_SOFTIRQ);
                sctp_inq_push(&chunk->rcvr->inqueue, chunk);
@@ -321,8 +342,10 @@ int sctp_backlog_rcv(struct sock *sk, struct sk_buff *skb)
                sctp_bh_lock_sock(sk);
 
                if (sock_owned_by_user(sk)) {
-                       sk_add_backlog(sk, skb);
-                       backloged = 1;
+                       if (sk_add_backlog(sk, skb))
+                               sctp_chunk_free(chunk);
+                       else
+                               backloged = 1;
                } else
                        sctp_inq_push(inqueue, chunk);
 
@@ -347,22 +370,27 @@ done:
        return 0;
 }
 
-static void sctp_add_backlog(struct sock *sk, struct sk_buff *skb)
+static int sctp_add_backlog(struct sock *sk, struct sk_buff *skb)
 {
        struct sctp_chunk *chunk = SCTP_INPUT_CB(skb)->chunk;
        struct sctp_ep_common *rcvr = chunk->rcvr;
+       int ret;
 
-       /* Hold the assoc/ep while hanging on the backlog queue.
-        * This way, we know structures we need will not disappear from us
-        */
-       if (SCTP_EP_TYPE_ASSOCIATION == rcvr->type)
-               sctp_association_hold(sctp_assoc(rcvr));
-       else if (SCTP_EP_TYPE_SOCKET == rcvr->type)
-               sctp_endpoint_hold(sctp_ep(rcvr));
-       else
-               BUG();
+       ret = sk_add_backlog(sk, skb);
+       if (!ret) {
+               /* Hold the assoc/ep while hanging on the backlog queue.
+                * This way, we know structures we need will not disappear
+                * from us
+                */
+               if (SCTP_EP_TYPE_ASSOCIATION == rcvr->type)
+                       sctp_association_hold(sctp_assoc(rcvr));
+               else if (SCTP_EP_TYPE_SOCKET == rcvr->type)
+                       sctp_endpoint_hold(sctp_ep(rcvr));
+               else
+                       BUG();
+       }
+       return ret;
 
-       sk_add_backlog(sk, skb);
 }
 
 /* Handle icmp frag needed error. */
@@ -412,11 +440,25 @@ void sctp_icmp_proto_unreachable(struct sock *sk,
 {
        SCTP_DEBUG_PRINTK("%s\n",  __func__);
 
-       sctp_do_sm(SCTP_EVENT_T_OTHER,
-                  SCTP_ST_OTHER(SCTP_EVENT_ICMP_PROTO_UNREACH),
-                  asoc->state, asoc->ep, asoc, t,
-                  GFP_ATOMIC);
+       if (sock_owned_by_user(sk)) {
+               if (timer_pending(&t->proto_unreach_timer))
+                       return;
+               else {
+                       if (!mod_timer(&t->proto_unreach_timer,
+                                               jiffies + (HZ/20)))
+                               sctp_association_hold(asoc);
+               }
+                       
+       } else {
+               if (timer_pending(&t->proto_unreach_timer) &&
+                   del_timer(&t->proto_unreach_timer))
+                       sctp_association_put(asoc);
 
+               sctp_do_sm(SCTP_EVENT_T_OTHER,
+                          SCTP_ST_OTHER(SCTP_EVENT_ICMP_PROTO_UNREACH),
+                          asoc->state, asoc->ep, asoc, t,
+                          GFP_ATOMIC);
+       }
 }
 
 /* Common lookup code for icmp/icmpv6 error handler. */
@@ -468,8 +510,7 @@ struct sock *sctp_err_lookup(int family, struct sk_buff *skb,
         * discard the packet.
         */
        if (vtag == 0) {
-               chunkhdr = (struct sctp_init_chunk *)((void *)sctphdr
-                               + sizeof(struct sctphdr));
+               chunkhdr = (void *)sctphdr + sizeof(struct sctphdr);
                if (len < sizeof(struct sctphdr) + sizeof(sctp_chunkhdr_t)
                          + sizeof(__be32) ||
                    chunkhdr->chunk_hdr.type != SCTP_CID_INIT ||
@@ -523,7 +564,7 @@ void sctp_err_finish(struct sock *sk, struct sctp_association *asoc)
  */
 void sctp_v4_err(struct sk_buff *skb, __u32 info)
 {
-       struct iphdr *iph = (struct iphdr *)skb->data;
+       const struct iphdr *iph = (const struct iphdr *)skb->data;
        const int ihlen = iph->ihl * 4;
        const int type = icmp_hdr(skb)->type;
        const int code = icmp_hdr(skb)->code;
@@ -619,7 +660,6 @@ static int sctp_rcv_ootb(struct sk_buff *skb)
 {
        sctp_chunkhdr_t *ch;
        __u8 *ch_end;
-       sctp_errhdr_t *err;
 
        ch = (sctp_chunkhdr_t *) skb->data;
 
@@ -655,20 +695,6 @@ static int sctp_rcv_ootb(struct sk_buff *skb)
                if (SCTP_CID_INIT == ch->type && (void *)ch != skb->data)
                        goto discard;
 
-               /* RFC 8.4, 7) If the packet contains a "Stale cookie" ERROR
-                * or a COOKIE ACK the SCTP Packet should be silently
-                * discarded.
-                */
-               if (SCTP_CID_COOKIE_ACK == ch->type)
-                       goto discard;
-
-               if (SCTP_CID_ERROR == ch->type) {
-                       sctp_walk_errors(err, ch) {
-                               if (SCTP_ERROR_STALE_COOKIE == err->cause)
-                                       goto discard;
-                       }
-               }
-
                ch = (sctp_chunkhdr_t *) ch_end;
        } while (ch_end < skb_tail_pointer(skb));
 
@@ -906,14 +932,11 @@ static struct sctp_association *__sctp_rcv_init_lookup(struct sk_buff *skb,
        union sctp_addr addr;
        union sctp_addr *paddr = &addr;
        struct sctphdr *sh = sctp_hdr(skb);
-       sctp_chunkhdr_t *ch;
        union sctp_params params;
        sctp_init_chunk_t *init;
        struct sctp_transport *transport;
        struct sctp_af *af;
 
-       ch = (sctp_chunkhdr_t *) skb->data;
-
        /*
         * This code will NOT touch anything inside the chunk--it is
         * strictly READ-ONLY.
@@ -978,7 +1001,7 @@ static struct sctp_association *__sctp_rcv_asconf_lookup(
        /* Skip over the ADDIP header and find the Address parameter */
        param = (union sctp_addr_param *)(asconf + 1);
 
-       af = sctp_get_af_specific(param_type2af(param->v4.param_hdr.type));
+       af = sctp_get_af_specific(param_type2af(param->p.type));
        if (unlikely(!af))
                return NULL;
 
@@ -995,7 +1018,7 @@ static struct sctp_association *__sctp_rcv_asconf_lookup(
 *    association.
 *
 * This means that any chunks that can help us identify the association need
-* to be looked at to find this assocation.
+* to be looked at to find this association.
 */
 static struct sctp_association *__sctp_rcv_walk_lookup(struct sk_buff *skb,
                                      const union sctp_addr *laddr,