1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* SCTP kernel implementation
3  * (C) Copyright IBM Corp. 2001, 2004
4  * Copyright (c) 1999-2000 Cisco, Inc.
5  * Copyright (c) 1999-2001 Motorola, Inc.
6  * Copyright (c) 2001 Intel Corp.
7  *
8  * This file is part of the SCTP kernel implementation
9  *
10  * This file contains sctp stream maniuplation primitives and helpers.
11  *
12  * Please send any bug reports or fixes you make to the
13  * email address(es):
14  *    lksctp developers <linux-sctp@vger.kernel.org>
15  *
16  * Written or modified by:
17  *    Xin Long <lucien.xin@gmail.com>
18  */
19 
20 #include <linux/list.h>
21 #include <net/sctp/sctp.h>
22 #include <net/sctp/sm.h>
23 #include <net/sctp/stream_sched.h>
24 
sctp_stream_shrink_out(struct sctp_stream * stream,__u16 outcnt)25 static void sctp_stream_shrink_out(struct sctp_stream *stream, __u16 outcnt)
26 {
27 	struct sctp_association *asoc;
28 	struct sctp_chunk *ch, *temp;
29 	struct sctp_outq *outq;
30 
31 	asoc = container_of(stream, struct sctp_association, stream);
32 	outq = &asoc->outqueue;
33 
34 	list_for_each_entry_safe(ch, temp, &outq->out_chunk_list, list) {
35 		__u16 sid = sctp_chunk_stream_no(ch);
36 
37 		if (sid < outcnt)
38 			continue;
39 
40 		sctp_sched_dequeue_common(outq, ch);
41 		/* No need to call dequeue_done here because
42 		 * the chunks are not scheduled by now.
43 		 */
44 
45 		/* Mark as failed send. */
46 		sctp_chunk_fail(ch, (__force __u32)SCTP_ERROR_INV_STRM);
47 		if (asoc->peer.prsctp_capable &&
48 		    SCTP_PR_PRIO_ENABLED(ch->sinfo.sinfo_flags))
49 			asoc->sent_cnt_removable--;
50 
51 		sctp_chunk_free(ch);
52 	}
53 }
54 
sctp_stream_free_ext(struct sctp_stream * stream,__u16 sid)55 static void sctp_stream_free_ext(struct sctp_stream *stream, __u16 sid)
56 {
57 	struct sctp_sched_ops *sched;
58 
59 	if (!SCTP_SO(stream, sid)->ext)
60 		return;
61 
62 	sched = sctp_sched_ops_from_stream(stream);
63 	sched->free_sid(stream, sid);
64 	kfree(SCTP_SO(stream, sid)->ext);
65 	SCTP_SO(stream, sid)->ext = NULL;
66 }
67 
68 /* Migrates chunks from stream queues to new stream queues if needed,
69  * but not across associations. Also, removes those chunks to streams
70  * higher than the new max.
71  */
sctp_stream_outq_migrate(struct sctp_stream * stream,struct sctp_stream * new,__u16 outcnt)72 static void sctp_stream_outq_migrate(struct sctp_stream *stream,
73 				     struct sctp_stream *new, __u16 outcnt)
74 {
75 	int i;
76 
77 	if (stream->outcnt > outcnt)
78 		sctp_stream_shrink_out(stream, outcnt);
79 
80 	if (new) {
81 		/* Here we actually move the old ext stuff into the new
82 		 * buffer, because we want to keep it. Then
83 		 * sctp_stream_update will swap ->out pointers.
84 		 */
85 		for (i = 0; i < outcnt; i++) {
86 			sctp_stream_free_ext(new, i);
87 			SCTP_SO(new, i)->ext = SCTP_SO(stream, i)->ext;
88 			SCTP_SO(stream, i)->ext = NULL;
89 		}
90 	}
91 
92 	for (i = outcnt; i < stream->outcnt; i++)
93 		sctp_stream_free_ext(stream, i);
94 }
95 
sctp_stream_alloc_out(struct sctp_stream * stream,__u16 outcnt,gfp_t gfp)96 static int sctp_stream_alloc_out(struct sctp_stream *stream, __u16 outcnt,
97 				 gfp_t gfp)
98 {
99 	int ret;
100 
101 	if (outcnt <= stream->outcnt)
102 		goto out;
103 
104 	ret = genradix_prealloc(&stream->out, outcnt, gfp);
105 	if (ret)
106 		return ret;
107 
108 out:
109 	stream->outcnt = outcnt;
110 	return 0;
111 }
112 
sctp_stream_alloc_in(struct sctp_stream * stream,__u16 incnt,gfp_t gfp)113 static int sctp_stream_alloc_in(struct sctp_stream *stream, __u16 incnt,
114 				gfp_t gfp)
115 {
116 	int ret;
117 
118 	if (incnt <= stream->incnt)
119 		goto out;
120 
121 	ret = genradix_prealloc(&stream->in, incnt, gfp);
122 	if (ret)
123 		return ret;
124 
125 out:
126 	stream->incnt = incnt;
127 	return 0;
128 }
129 
sctp_stream_init(struct sctp_stream * stream,__u16 outcnt,__u16 incnt,gfp_t gfp)130 int sctp_stream_init(struct sctp_stream *stream, __u16 outcnt, __u16 incnt,
131 		     gfp_t gfp)
132 {
133 	struct sctp_sched_ops *sched = sctp_sched_ops_from_stream(stream);
134 	int i, ret = 0;
135 
136 	gfp |= __GFP_NOWARN;
137 
138 	/* Initial stream->out size may be very big, so free it and alloc
139 	 * a new one with new outcnt to save memory if needed.
140 	 */
141 	if (outcnt == stream->outcnt)
142 		goto handle_in;
143 
144 	/* Filter out chunks queued on streams that won't exist anymore */
145 	sched->unsched_all(stream);
146 	sctp_stream_outq_migrate(stream, NULL, outcnt);
147 	sched->sched_all(stream);
148 
149 	ret = sctp_stream_alloc_out(stream, outcnt, gfp);
150 	if (ret)
151 		return ret;
152 
153 	for (i = 0; i < stream->outcnt; i++)
154 		SCTP_SO(stream, i)->state = SCTP_STREAM_OPEN;
155 
156 handle_in:
157 	sctp_stream_interleave_init(stream);
158 	if (!incnt)
159 		return 0;
160 
161 	return sctp_stream_alloc_in(stream, incnt, gfp);
162 }
163 
sctp_stream_init_ext(struct sctp_stream * stream,__u16 sid)164 int sctp_stream_init_ext(struct sctp_stream *stream, __u16 sid)
165 {
166 	struct sctp_stream_out_ext *soute;
167 	int ret;
168 
169 	soute = kzalloc(sizeof(*soute), GFP_KERNEL);
170 	if (!soute)
171 		return -ENOMEM;
172 	SCTP_SO(stream, sid)->ext = soute;
173 
174 	ret = sctp_sched_init_sid(stream, sid, GFP_KERNEL);
175 	if (ret) {
176 		kfree(SCTP_SO(stream, sid)->ext);
177 		SCTP_SO(stream, sid)->ext = NULL;
178 	}
179 
180 	return ret;
181 }
182 
sctp_stream_free(struct sctp_stream * stream)183 void sctp_stream_free(struct sctp_stream *stream)
184 {
185 	struct sctp_sched_ops *sched = sctp_sched_ops_from_stream(stream);
186 	int i;
187 
188 	sched->unsched_all(stream);
189 	for (i = 0; i < stream->outcnt; i++)
190 		sctp_stream_free_ext(stream, i);
191 	genradix_free(&stream->out);
192 	genradix_free(&stream->in);
193 }
194 
sctp_stream_clear(struct sctp_stream * stream)195 void sctp_stream_clear(struct sctp_stream *stream)
196 {
197 	int i;
198 
199 	for (i = 0; i < stream->outcnt; i++) {
200 		SCTP_SO(stream, i)->mid = 0;
201 		SCTP_SO(stream, i)->mid_uo = 0;
202 	}
203 
204 	for (i = 0; i < stream->incnt; i++)
205 		SCTP_SI(stream, i)->mid = 0;
206 }
207 
sctp_stream_update(struct sctp_stream * stream,struct sctp_stream * new)208 void sctp_stream_update(struct sctp_stream *stream, struct sctp_stream *new)
209 {
210 	struct sctp_sched_ops *sched = sctp_sched_ops_from_stream(stream);
211 
212 	sched->unsched_all(stream);
213 	sctp_stream_outq_migrate(stream, new, new->outcnt);
214 	sctp_stream_free(stream);
215 
216 	stream->out = new->out;
217 	stream->in  = new->in;
218 	stream->outcnt = new->outcnt;
219 	stream->incnt  = new->incnt;
220 
221 	sched->sched_all(stream);
222 
223 	new->out.tree.root = NULL;
224 	new->in.tree.root  = NULL;
225 	new->outcnt = 0;
226 	new->incnt  = 0;
227 }
228 
sctp_send_reconf(struct sctp_association * asoc,struct sctp_chunk * chunk)229 static int sctp_send_reconf(struct sctp_association *asoc,
230 			    struct sctp_chunk *chunk)
231 {
232 	int retval = 0;
233 
234 	retval = sctp_primitive_RECONF(asoc->base.net, asoc, chunk);
235 	if (retval)
236 		sctp_chunk_free(chunk);
237 
238 	return retval;
239 }
240 
sctp_stream_outq_is_empty(struct sctp_stream * stream,__u16 str_nums,__be16 * str_list)241 static bool sctp_stream_outq_is_empty(struct sctp_stream *stream,
242 				      __u16 str_nums, __be16 *str_list)
243 {
244 	struct sctp_association *asoc;
245 	__u16 i;
246 
247 	asoc = container_of(stream, struct sctp_association, stream);
248 	if (!asoc->outqueue.out_qlen)
249 		return true;
250 
251 	if (!str_nums)
252 		return false;
253 
254 	for (i = 0; i < str_nums; i++) {
255 		__u16 sid = ntohs(str_list[i]);
256 
257 		if (SCTP_SO(stream, sid)->ext &&
258 		    !list_empty(&SCTP_SO(stream, sid)->ext->outq))
259 			return false;
260 	}
261 
262 	return true;
263 }
264 
sctp_send_reset_streams(struct sctp_association * asoc,struct sctp_reset_streams * params)265 int sctp_send_reset_streams(struct sctp_association *asoc,
266 			    struct sctp_reset_streams *params)
267 {
268 	struct sctp_stream *stream = &asoc->stream;
269 	__u16 i, str_nums, *str_list;
270 	struct sctp_chunk *chunk;
271 	int retval = -EINVAL;
272 	__be16 *nstr_list;
273 	bool out, in;
274 
275 	if (!asoc->peer.reconf_capable ||
276 	    !(asoc->strreset_enable & SCTP_ENABLE_RESET_STREAM_REQ)) {
277 		retval = -ENOPROTOOPT;
278 		goto out;
279 	}
280 
281 	if (asoc->strreset_outstanding) {
282 		retval = -EINPROGRESS;
283 		goto out;
284 	}
285 
286 	out = params->srs_flags & SCTP_STREAM_RESET_OUTGOING;
287 	in  = params->srs_flags & SCTP_STREAM_RESET_INCOMING;
288 	if (!out && !in)
289 		goto out;
290 
291 	str_nums = params->srs_number_streams;
292 	str_list = params->srs_stream_list;
293 	if (str_nums) {
294 		int param_len = 0;
295 
296 		if (out) {
297 			for (i = 0; i < str_nums; i++)
298 				if (str_list[i] >= stream->outcnt)
299 					goto out;
300 
301 			param_len = str_nums * sizeof(__u16) +
302 				    sizeof(struct sctp_strreset_outreq);
303 		}
304 
305 		if (in) {
306 			for (i = 0; i < str_nums; i++)
307 				if (str_list[i] >= stream->incnt)
308 					goto out;
309 
310 			param_len += str_nums * sizeof(__u16) +
311 				     sizeof(struct sctp_strreset_inreq);
312 		}
313 
314 		if (param_len > SCTP_MAX_CHUNK_LEN -
315 				sizeof(struct sctp_reconf_chunk))
316 			goto out;
317 	}
318 
319 	nstr_list = kcalloc(str_nums, sizeof(__be16), GFP_KERNEL);
320 	if (!nstr_list) {
321 		retval = -ENOMEM;
322 		goto out;
323 	}
324 
325 	for (i = 0; i < str_nums; i++)
326 		nstr_list[i] = htons(str_list[i]);
327 
328 	if (out && !sctp_stream_outq_is_empty(stream, str_nums, nstr_list)) {
329 		kfree(nstr_list);
330 		retval = -EAGAIN;
331 		goto out;
332 	}
333 
334 	chunk = sctp_make_strreset_req(asoc, str_nums, nstr_list, out, in);
335 
336 	kfree(nstr_list);
337 
338 	if (!chunk) {
339 		retval = -ENOMEM;
340 		goto out;
341 	}
342 
343 	if (out) {
344 		if (str_nums)
345 			for (i = 0; i < str_nums; i++)
346 				SCTP_SO(stream, str_list[i])->state =
347 						       SCTP_STREAM_CLOSED;
348 		else
349 			for (i = 0; i < stream->outcnt; i++)
350 				SCTP_SO(stream, i)->state = SCTP_STREAM_CLOSED;
351 	}
352 
353 	asoc->strreset_chunk = chunk;
354 	sctp_chunk_hold(asoc->strreset_chunk);
355 
356 	retval = sctp_send_reconf(asoc, chunk);
357 	if (retval) {
358 		sctp_chunk_put(asoc->strreset_chunk);
359 		asoc->strreset_chunk = NULL;
360 		if (!out)
361 			goto out;
362 
363 		if (str_nums)
364 			for (i = 0; i < str_nums; i++)
365 				SCTP_SO(stream, str_list[i])->state =
366 						       SCTP_STREAM_OPEN;
367 		else
368 			for (i = 0; i < stream->outcnt; i++)
369 				SCTP_SO(stream, i)->state = SCTP_STREAM_OPEN;
370 
371 		goto out;
372 	}
373 
374 	asoc->strreset_outstanding = out + in;
375 
376 out:
377 	return retval;
378 }
379 
sctp_send_reset_assoc(struct sctp_association * asoc)380 int sctp_send_reset_assoc(struct sctp_association *asoc)
381 {
382 	struct sctp_stream *stream = &asoc->stream;
383 	struct sctp_chunk *chunk = NULL;
384 	int retval;
385 	__u16 i;
386 
387 	if (!asoc->peer.reconf_capable ||
388 	    !(asoc->strreset_enable & SCTP_ENABLE_RESET_ASSOC_REQ))
389 		return -ENOPROTOOPT;
390 
391 	if (asoc->strreset_outstanding)
392 		return -EINPROGRESS;
393 
394 	if (!sctp_outq_is_empty(&asoc->outqueue))
395 		return -EAGAIN;
396 
397 	chunk = sctp_make_strreset_tsnreq(asoc);
398 	if (!chunk)
399 		return -ENOMEM;
400 
401 	/* Block further xmit of data until this request is completed */
402 	for (i = 0; i < stream->outcnt; i++)
403 		SCTP_SO(stream, i)->state = SCTP_STREAM_CLOSED;
404 
405 	asoc->strreset_chunk = chunk;
406 	sctp_chunk_hold(asoc->strreset_chunk);
407 
408 	retval = sctp_send_reconf(asoc, chunk);
409 	if (retval) {
410 		sctp_chunk_put(asoc->strreset_chunk);
411 		asoc->strreset_chunk = NULL;
412 
413 		for (i = 0; i < stream->outcnt; i++)
414 			SCTP_SO(stream, i)->state = SCTP_STREAM_OPEN;
415 
416 		return retval;
417 	}
418 
419 	asoc->strreset_outstanding = 1;
420 
421 	return 0;
422 }
423 
sctp_send_add_streams(struct sctp_association * asoc,struct sctp_add_streams * params)424 int sctp_send_add_streams(struct sctp_association *asoc,
425 			  struct sctp_add_streams *params)
426 {
427 	struct sctp_stream *stream = &asoc->stream;
428 	struct sctp_chunk *chunk = NULL;
429 	int retval;
430 	__u32 outcnt, incnt;
431 	__u16 out, in;
432 
433 	if (!asoc->peer.reconf_capable ||
434 	    !(asoc->strreset_enable & SCTP_ENABLE_CHANGE_ASSOC_REQ)) {
435 		retval = -ENOPROTOOPT;
436 		goto out;
437 	}
438 
439 	if (asoc->strreset_outstanding) {
440 		retval = -EINPROGRESS;
441 		goto out;
442 	}
443 
444 	out = params->sas_outstrms;
445 	in  = params->sas_instrms;
446 	outcnt = stream->outcnt + out;
447 	incnt = stream->incnt + in;
448 	if (outcnt > SCTP_MAX_STREAM || incnt > SCTP_MAX_STREAM ||
449 	    (!out && !in)) {
450 		retval = -EINVAL;
451 		goto out;
452 	}
453 
454 	if (out) {
455 		retval = sctp_stream_alloc_out(stream, outcnt, GFP_KERNEL);
456 		if (retval)
457 			goto out;
458 	}
459 
460 	chunk = sctp_make_strreset_addstrm(asoc, out, in);
461 	if (!chunk) {
462 		retval = -ENOMEM;
463 		goto out;
464 	}
465 
466 	asoc->strreset_chunk = chunk;
467 	sctp_chunk_hold(asoc->strreset_chunk);
468 
469 	retval = sctp_send_reconf(asoc, chunk);
470 	if (retval) {
471 		sctp_chunk_put(asoc->strreset_chunk);
472 		asoc->strreset_chunk = NULL;
473 		goto out;
474 	}
475 
476 	asoc->strreset_outstanding = !!out + !!in;
477 
478 out:
479 	return retval;
480 }
481 
sctp_chunk_lookup_strreset_param(struct sctp_association * asoc,__be32 resp_seq,__be16 type)482 static struct sctp_paramhdr *sctp_chunk_lookup_strreset_param(
483 			struct sctp_association *asoc, __be32 resp_seq,
484 			__be16 type)
485 {
486 	struct sctp_chunk *chunk = asoc->strreset_chunk;
487 	struct sctp_reconf_chunk *hdr;
488 	union sctp_params param;
489 
490 	if (!chunk)
491 		return NULL;
492 
493 	hdr = (struct sctp_reconf_chunk *)chunk->chunk_hdr;
494 	sctp_walk_params(param, hdr) {
495 		/* sctp_strreset_tsnreq is actually the basic structure
496 		 * of all stream reconf params, so it's safe to use it
497 		 * to access request_seq.
498 		 */
499 		struct sctp_strreset_tsnreq *req = param.v;
500 
501 		if ((!resp_seq || req->request_seq == resp_seq) &&
502 		    (!type || type == req->param_hdr.type))
503 			return param.v;
504 	}
505 
506 	return NULL;
507 }
508 
sctp_update_strreset_result(struct sctp_association * asoc,__u32 result)509 static void sctp_update_strreset_result(struct sctp_association *asoc,
510 					__u32 result)
511 {
512 	asoc->strreset_result[1] = asoc->strreset_result[0];
513 	asoc->strreset_result[0] = result;
514 }
515 
sctp_process_strreset_outreq(struct sctp_association * asoc,union sctp_params param,struct sctp_ulpevent ** evp)516 struct sctp_chunk *sctp_process_strreset_outreq(
517 				struct sctp_association *asoc,
518 				union sctp_params param,
519 				struct sctp_ulpevent **evp)
520 {
521 	struct sctp_strreset_outreq *outreq = param.v;
522 	struct sctp_stream *stream = &asoc->stream;
523 	__u32 result = SCTP_STRRESET_DENIED;
524 	__be16 *str_p = NULL;
525 	__u32 request_seq;
526 	__u16 i, nums;
527 
528 	request_seq = ntohl(outreq->request_seq);
529 
530 	if (ntohl(outreq->send_reset_at_tsn) >
531 	    sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map)) {
532 		result = SCTP_STRRESET_IN_PROGRESS;
533 		goto err;
534 	}
535 
536 	if (TSN_lt(asoc->strreset_inseq, request_seq) ||
537 	    TSN_lt(request_seq, asoc->strreset_inseq - 2)) {
538 		result = SCTP_STRRESET_ERR_BAD_SEQNO;
539 		goto err;
540 	} else if (TSN_lt(request_seq, asoc->strreset_inseq)) {
541 		i = asoc->strreset_inseq - request_seq - 1;
542 		result = asoc->strreset_result[i];
543 		goto err;
544 	}
545 	asoc->strreset_inseq++;
546 
547 	/* Check strreset_enable after inseq inc, as sender cannot tell
548 	 * the peer doesn't enable strreset after receiving response with
549 	 * result denied, as well as to keep consistent with bsd.
550 	 */
551 	if (!(asoc->strreset_enable & SCTP_ENABLE_RESET_STREAM_REQ))
552 		goto out;
553 
554 	nums = (ntohs(param.p->length) - sizeof(*outreq)) / sizeof(__u16);
555 	str_p = outreq->list_of_streams;
556 	for (i = 0; i < nums; i++) {
557 		if (ntohs(str_p[i]) >= stream->incnt) {
558 			result = SCTP_STRRESET_ERR_WRONG_SSN;
559 			goto out;
560 		}
561 	}
562 
563 	if (asoc->strreset_chunk) {
564 		if (!sctp_chunk_lookup_strreset_param(
565 				asoc, outreq->response_seq,
566 				SCTP_PARAM_RESET_IN_REQUEST)) {
567 			/* same process with outstanding isn't 0 */
568 			result = SCTP_STRRESET_ERR_IN_PROGRESS;
569 			goto out;
570 		}
571 
572 		asoc->strreset_outstanding--;
573 		asoc->strreset_outseq++;
574 
575 		if (!asoc->strreset_outstanding) {
576 			struct sctp_transport *t;
577 
578 			t = asoc->strreset_chunk->transport;
579 			if (del_timer(&t->reconf_timer))
580 				sctp_transport_put(t);
581 
582 			sctp_chunk_put(asoc->strreset_chunk);
583 			asoc->strreset_chunk = NULL;
584 		}
585 	}
586 
587 	if (nums)
588 		for (i = 0; i < nums; i++)
589 			SCTP_SI(stream, ntohs(str_p[i]))->mid = 0;
590 	else
591 		for (i = 0; i < stream->incnt; i++)
592 			SCTP_SI(stream, i)->mid = 0;
593 
594 	result = SCTP_STRRESET_PERFORMED;
595 
596 	*evp = sctp_ulpevent_make_stream_reset_event(asoc,
597 		SCTP_STREAM_RESET_INCOMING_SSN, nums, str_p, GFP_ATOMIC);
598 
599 out:
600 	sctp_update_strreset_result(asoc, result);
601 err:
602 	return sctp_make_strreset_resp(asoc, result, request_seq);
603 }
604 
sctp_process_strreset_inreq(struct sctp_association * asoc,union sctp_params param,struct sctp_ulpevent ** evp)605 struct sctp_chunk *sctp_process_strreset_inreq(
606 				struct sctp_association *asoc,
607 				union sctp_params param,
608 				struct sctp_ulpevent **evp)
609 {
610 	struct sctp_strreset_inreq *inreq = param.v;
611 	struct sctp_stream *stream = &asoc->stream;
612 	__u32 result = SCTP_STRRESET_DENIED;
613 	struct sctp_chunk *chunk = NULL;
614 	__u32 request_seq;
615 	__u16 i, nums;
616 	__be16 *str_p;
617 
618 	request_seq = ntohl(inreq->request_seq);
619 	if (TSN_lt(asoc->strreset_inseq, request_seq) ||
620 	    TSN_lt(request_seq, asoc->strreset_inseq - 2)) {
621 		result = SCTP_STRRESET_ERR_BAD_SEQNO;
622 		goto err;
623 	} else if (TSN_lt(request_seq, asoc->strreset_inseq)) {
624 		i = asoc->strreset_inseq - request_seq - 1;
625 		result = asoc->strreset_result[i];
626 		if (result == SCTP_STRRESET_PERFORMED)
627 			return NULL;
628 		goto err;
629 	}
630 	asoc->strreset_inseq++;
631 
632 	if (!(asoc->strreset_enable & SCTP_ENABLE_RESET_STREAM_REQ))
633 		goto out;
634 
635 	if (asoc->strreset_outstanding) {
636 		result = SCTP_STRRESET_ERR_IN_PROGRESS;
637 		goto out;
638 	}
639 
640 	nums = (ntohs(param.p->length) - sizeof(*inreq)) / sizeof(__u16);
641 	str_p = inreq->list_of_streams;
642 	for (i = 0; i < nums; i++) {
643 		if (ntohs(str_p[i]) >= stream->outcnt) {
644 			result = SCTP_STRRESET_ERR_WRONG_SSN;
645 			goto out;
646 		}
647 	}
648 
649 	if (!sctp_stream_outq_is_empty(stream, nums, str_p)) {
650 		result = SCTP_STRRESET_IN_PROGRESS;
651 		asoc->strreset_inseq--;
652 		goto err;
653 	}
654 
655 	chunk = sctp_make_strreset_req(asoc, nums, str_p, 1, 0);
656 	if (!chunk)
657 		goto out;
658 
659 	if (nums)
660 		for (i = 0; i < nums; i++)
661 			SCTP_SO(stream, ntohs(str_p[i]))->state =
662 					       SCTP_STREAM_CLOSED;
663 	else
664 		for (i = 0; i < stream->outcnt; i++)
665 			SCTP_SO(stream, i)->state = SCTP_STREAM_CLOSED;
666 
667 	asoc->strreset_chunk = chunk;
668 	asoc->strreset_outstanding = 1;
669 	sctp_chunk_hold(asoc->strreset_chunk);
670 
671 	result = SCTP_STRRESET_PERFORMED;
672 
673 out:
674 	sctp_update_strreset_result(asoc, result);
675 err:
676 	if (!chunk)
677 		chunk =  sctp_make_strreset_resp(asoc, result, request_seq);
678 
679 	return chunk;
680 }
681 
sctp_process_strreset_tsnreq(struct sctp_association * asoc,union sctp_params param,struct sctp_ulpevent ** evp)682 struct sctp_chunk *sctp_process_strreset_tsnreq(
683 				struct sctp_association *asoc,
684 				union sctp_params param,
685 				struct sctp_ulpevent **evp)
686 {
687 	__u32 init_tsn = 0, next_tsn = 0, max_tsn_seen;
688 	struct sctp_strreset_tsnreq *tsnreq = param.v;
689 	struct sctp_stream *stream = &asoc->stream;
690 	__u32 result = SCTP_STRRESET_DENIED;
691 	__u32 request_seq;
692 	__u16 i;
693 
694 	request_seq = ntohl(tsnreq->request_seq);
695 	if (TSN_lt(asoc->strreset_inseq, request_seq) ||
696 	    TSN_lt(request_seq, asoc->strreset_inseq - 2)) {
697 		result = SCTP_STRRESET_ERR_BAD_SEQNO;
698 		goto err;
699 	} else if (TSN_lt(request_seq, asoc->strreset_inseq)) {
700 		i = asoc->strreset_inseq - request_seq - 1;
701 		result = asoc->strreset_result[i];
702 		if (result == SCTP_STRRESET_PERFORMED) {
703 			next_tsn = asoc->ctsn_ack_point + 1;
704 			init_tsn =
705 				sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map) + 1;
706 		}
707 		goto err;
708 	}
709 
710 	if (!sctp_outq_is_empty(&asoc->outqueue)) {
711 		result = SCTP_STRRESET_IN_PROGRESS;
712 		goto err;
713 	}
714 
715 	asoc->strreset_inseq++;
716 
717 	if (!(asoc->strreset_enable & SCTP_ENABLE_RESET_ASSOC_REQ))
718 		goto out;
719 
720 	if (asoc->strreset_outstanding) {
721 		result = SCTP_STRRESET_ERR_IN_PROGRESS;
722 		goto out;
723 	}
724 
725 	/* G4: The same processing as though a FWD-TSN chunk (as defined in
726 	 *     [RFC3758]) with all streams affected and a new cumulative TSN
727 	 *     ACK of the Receiver's Next TSN minus 1 were received MUST be
728 	 *     performed.
729 	 */
730 	max_tsn_seen = sctp_tsnmap_get_max_tsn_seen(&asoc->peer.tsn_map);
731 	asoc->stream.si->report_ftsn(&asoc->ulpq, max_tsn_seen);
732 
733 	/* G1: Compute an appropriate value for the Receiver's Next TSN -- the
734 	 *     TSN that the peer should use to send the next DATA chunk.  The
735 	 *     value SHOULD be the smallest TSN not acknowledged by the
736 	 *     receiver of the request plus 2^31.
737 	 */
738 	init_tsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map) + (1 << 31);
739 	sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
740 			 init_tsn, GFP_ATOMIC);
741 
742 	/* G3: The same processing as though a SACK chunk with no gap report
743 	 *     and a cumulative TSN ACK of the Sender's Next TSN minus 1 were
744 	 *     received MUST be performed.
745 	 */
746 	sctp_outq_free(&asoc->outqueue);
747 
748 	/* G2: Compute an appropriate value for the local endpoint's next TSN,
749 	 *     i.e., the next TSN assigned by the receiver of the SSN/TSN reset
750 	 *     chunk.  The value SHOULD be the highest TSN sent by the receiver
751 	 *     of the request plus 1.
752 	 */
753 	next_tsn = asoc->next_tsn;
754 	asoc->ctsn_ack_point = next_tsn - 1;
755 	asoc->adv_peer_ack_point = asoc->ctsn_ack_point;
756 
757 	/* G5:  The next expected and outgoing SSNs MUST be reset to 0 for all
758 	 *      incoming and outgoing streams.
759 	 */
760 	for (i = 0; i < stream->outcnt; i++) {
761 		SCTP_SO(stream, i)->mid = 0;
762 		SCTP_SO(stream, i)->mid_uo = 0;
763 	}
764 	for (i = 0; i < stream->incnt; i++)
765 		SCTP_SI(stream, i)->mid = 0;
766 
767 	result = SCTP_STRRESET_PERFORMED;
768 
769 	*evp = sctp_ulpevent_make_assoc_reset_event(asoc, 0, init_tsn,
770 						    next_tsn, GFP_ATOMIC);
771 
772 out:
773 	sctp_update_strreset_result(asoc, result);
774 err:
775 	return sctp_make_strreset_tsnresp(asoc, result, request_seq,
776 					  next_tsn, init_tsn);
777 }
778 
sctp_process_strreset_addstrm_out(struct sctp_association * asoc,union sctp_params param,struct sctp_ulpevent ** evp)779 struct sctp_chunk *sctp_process_strreset_addstrm_out(
780 				struct sctp_association *asoc,
781 				union sctp_params param,
782 				struct sctp_ulpevent **evp)
783 {
784 	struct sctp_strreset_addstrm *addstrm = param.v;
785 	struct sctp_stream *stream = &asoc->stream;
786 	__u32 result = SCTP_STRRESET_DENIED;
787 	__u32 request_seq, incnt;
788 	__u16 in, i;
789 
790 	request_seq = ntohl(addstrm->request_seq);
791 	if (TSN_lt(asoc->strreset_inseq, request_seq) ||
792 	    TSN_lt(request_seq, asoc->strreset_inseq - 2)) {
793 		result = SCTP_STRRESET_ERR_BAD_SEQNO;
794 		goto err;
795 	} else if (TSN_lt(request_seq, asoc->strreset_inseq)) {
796 		i = asoc->strreset_inseq - request_seq - 1;
797 		result = asoc->strreset_result[i];
798 		goto err;
799 	}
800 	asoc->strreset_inseq++;
801 
802 	if (!(asoc->strreset_enable & SCTP_ENABLE_CHANGE_ASSOC_REQ))
803 		goto out;
804 
805 	in = ntohs(addstrm->number_of_streams);
806 	incnt = stream->incnt + in;
807 	if (!in || incnt > SCTP_MAX_STREAM)
808 		goto out;
809 
810 	if (sctp_stream_alloc_in(stream, incnt, GFP_ATOMIC))
811 		goto out;
812 
813 	if (asoc->strreset_chunk) {
814 		if (!sctp_chunk_lookup_strreset_param(
815 			asoc, 0, SCTP_PARAM_RESET_ADD_IN_STREAMS)) {
816 			/* same process with outstanding isn't 0 */
817 			result = SCTP_STRRESET_ERR_IN_PROGRESS;
818 			goto out;
819 		}
820 
821 		asoc->strreset_outstanding--;
822 		asoc->strreset_outseq++;
823 
824 		if (!asoc->strreset_outstanding) {
825 			struct sctp_transport *t;
826 
827 			t = asoc->strreset_chunk->transport;
828 			if (del_timer(&t->reconf_timer))
829 				sctp_transport_put(t);
830 
831 			sctp_chunk_put(asoc->strreset_chunk);
832 			asoc->strreset_chunk = NULL;
833 		}
834 	}
835 
836 	stream->incnt = incnt;
837 
838 	result = SCTP_STRRESET_PERFORMED;
839 
840 	*evp = sctp_ulpevent_make_stream_change_event(asoc,
841 		0, ntohs(addstrm->number_of_streams), 0, GFP_ATOMIC);
842 
843 out:
844 	sctp_update_strreset_result(asoc, result);
845 err:
846 	return sctp_make_strreset_resp(asoc, result, request_seq);
847 }
848 
sctp_process_strreset_addstrm_in(struct sctp_association * asoc,union sctp_params param,struct sctp_ulpevent ** evp)849 struct sctp_chunk *sctp_process_strreset_addstrm_in(
850 				struct sctp_association *asoc,
851 				union sctp_params param,
852 				struct sctp_ulpevent **evp)
853 {
854 	struct sctp_strreset_addstrm *addstrm = param.v;
855 	struct sctp_stream *stream = &asoc->stream;
856 	__u32 result = SCTP_STRRESET_DENIED;
857 	struct sctp_chunk *chunk = NULL;
858 	__u32 request_seq, outcnt;
859 	__u16 out, i;
860 	int ret;
861 
862 	request_seq = ntohl(addstrm->request_seq);
863 	if (TSN_lt(asoc->strreset_inseq, request_seq) ||
864 	    TSN_lt(request_seq, asoc->strreset_inseq - 2)) {
865 		result = SCTP_STRRESET_ERR_BAD_SEQNO;
866 		goto err;
867 	} else if (TSN_lt(request_seq, asoc->strreset_inseq)) {
868 		i = asoc->strreset_inseq - request_seq - 1;
869 		result = asoc->strreset_result[i];
870 		if (result == SCTP_STRRESET_PERFORMED)
871 			return NULL;
872 		goto err;
873 	}
874 	asoc->strreset_inseq++;
875 
876 	if (!(asoc->strreset_enable & SCTP_ENABLE_CHANGE_ASSOC_REQ))
877 		goto out;
878 
879 	if (asoc->strreset_outstanding) {
880 		result = SCTP_STRRESET_ERR_IN_PROGRESS;
881 		goto out;
882 	}
883 
884 	out = ntohs(addstrm->number_of_streams);
885 	outcnt = stream->outcnt + out;
886 	if (!out || outcnt > SCTP_MAX_STREAM)
887 		goto out;
888 
889 	ret = sctp_stream_alloc_out(stream, outcnt, GFP_ATOMIC);
890 	if (ret)
891 		goto out;
892 
893 	chunk = sctp_make_strreset_addstrm(asoc, out, 0);
894 	if (!chunk)
895 		goto out;
896 
897 	asoc->strreset_chunk = chunk;
898 	asoc->strreset_outstanding = 1;
899 	sctp_chunk_hold(asoc->strreset_chunk);
900 
901 	stream->outcnt = outcnt;
902 
903 	result = SCTP_STRRESET_PERFORMED;
904 
905 out:
906 	sctp_update_strreset_result(asoc, result);
907 err:
908 	if (!chunk)
909 		chunk = sctp_make_strreset_resp(asoc, result, request_seq);
910 
911 	return chunk;
912 }
913 
sctp_process_strreset_resp(struct sctp_association * asoc,union sctp_params param,struct sctp_ulpevent ** evp)914 struct sctp_chunk *sctp_process_strreset_resp(
915 				struct sctp_association *asoc,
916 				union sctp_params param,
917 				struct sctp_ulpevent **evp)
918 {
919 	struct sctp_stream *stream = &asoc->stream;
920 	struct sctp_strreset_resp *resp = param.v;
921 	struct sctp_transport *t;
922 	__u16 i, nums, flags = 0;
923 	struct sctp_paramhdr *req;
924 	__u32 result;
925 
926 	req = sctp_chunk_lookup_strreset_param(asoc, resp->response_seq, 0);
927 	if (!req)
928 		return NULL;
929 
930 	result = ntohl(resp->result);
931 	if (result != SCTP_STRRESET_PERFORMED) {
932 		/* if in progress, do nothing but retransmit */
933 		if (result == SCTP_STRRESET_IN_PROGRESS)
934 			return NULL;
935 		else if (result == SCTP_STRRESET_DENIED)
936 			flags = SCTP_STREAM_RESET_DENIED;
937 		else
938 			flags = SCTP_STREAM_RESET_FAILED;
939 	}
940 
941 	if (req->type == SCTP_PARAM_RESET_OUT_REQUEST) {
942 		struct sctp_strreset_outreq *outreq;
943 		__be16 *str_p;
944 
945 		outreq = (struct sctp_strreset_outreq *)req;
946 		str_p = outreq->list_of_streams;
947 		nums = (ntohs(outreq->param_hdr.length) - sizeof(*outreq)) /
948 		       sizeof(__u16);
949 
950 		if (result == SCTP_STRRESET_PERFORMED) {
951 			struct sctp_stream_out *sout;
952 			if (nums) {
953 				for (i = 0; i < nums; i++) {
954 					sout = SCTP_SO(stream, ntohs(str_p[i]));
955 					sout->mid = 0;
956 					sout->mid_uo = 0;
957 				}
958 			} else {
959 				for (i = 0; i < stream->outcnt; i++) {
960 					sout = SCTP_SO(stream, i);
961 					sout->mid = 0;
962 					sout->mid_uo = 0;
963 				}
964 			}
965 		}
966 
967 		flags |= SCTP_STREAM_RESET_OUTGOING_SSN;
968 
969 		for (i = 0; i < stream->outcnt; i++)
970 			SCTP_SO(stream, i)->state = SCTP_STREAM_OPEN;
971 
972 		*evp = sctp_ulpevent_make_stream_reset_event(asoc, flags,
973 			nums, str_p, GFP_ATOMIC);
974 	} else if (req->type == SCTP_PARAM_RESET_IN_REQUEST) {
975 		struct sctp_strreset_inreq *inreq;
976 		__be16 *str_p;
977 
978 		/* if the result is performed, it's impossible for inreq */
979 		if (result == SCTP_STRRESET_PERFORMED)
980 			return NULL;
981 
982 		inreq = (struct sctp_strreset_inreq *)req;
983 		str_p = inreq->list_of_streams;
984 		nums = (ntohs(inreq->param_hdr.length) - sizeof(*inreq)) /
985 		       sizeof(__u16);
986 
987 		flags |= SCTP_STREAM_RESET_INCOMING_SSN;
988 
989 		*evp = sctp_ulpevent_make_stream_reset_event(asoc, flags,
990 			nums, str_p, GFP_ATOMIC);
991 	} else if (req->type == SCTP_PARAM_RESET_TSN_REQUEST) {
992 		struct sctp_strreset_resptsn *resptsn;
993 		__u32 stsn, rtsn;
994 
995 		/* check for resptsn, as sctp_verify_reconf didn't do it*/
996 		if (ntohs(param.p->length) != sizeof(*resptsn))
997 			return NULL;
998 
999 		resptsn = (struct sctp_strreset_resptsn *)resp;
1000 		stsn = ntohl(resptsn->senders_next_tsn);
1001 		rtsn = ntohl(resptsn->receivers_next_tsn);
1002 
1003 		if (result == SCTP_STRRESET_PERFORMED) {
1004 			__u32 mtsn = sctp_tsnmap_get_max_tsn_seen(
1005 						&asoc->peer.tsn_map);
1006 			LIST_HEAD(temp);
1007 
1008 			asoc->stream.si->report_ftsn(&asoc->ulpq, mtsn);
1009 
1010 			sctp_tsnmap_init(&asoc->peer.tsn_map,
1011 					 SCTP_TSN_MAP_INITIAL,
1012 					 stsn, GFP_ATOMIC);
1013 
1014 			/* Clean up sacked and abandoned queues only. As the
1015 			 * out_chunk_list may not be empty, splice it to temp,
1016 			 * then get it back after sctp_outq_free is done.
1017 			 */
1018 			list_splice_init(&asoc->outqueue.out_chunk_list, &temp);
1019 			sctp_outq_free(&asoc->outqueue);
1020 			list_splice_init(&temp, &asoc->outqueue.out_chunk_list);
1021 
1022 			asoc->next_tsn = rtsn;
1023 			asoc->ctsn_ack_point = asoc->next_tsn - 1;
1024 			asoc->adv_peer_ack_point = asoc->ctsn_ack_point;
1025 
1026 			for (i = 0; i < stream->outcnt; i++) {
1027 				SCTP_SO(stream, i)->mid = 0;
1028 				SCTP_SO(stream, i)->mid_uo = 0;
1029 			}
1030 			for (i = 0; i < stream->incnt; i++)
1031 				SCTP_SI(stream, i)->mid = 0;
1032 		}
1033 
1034 		for (i = 0; i < stream->outcnt; i++)
1035 			SCTP_SO(stream, i)->state = SCTP_STREAM_OPEN;
1036 
1037 		*evp = sctp_ulpevent_make_assoc_reset_event(asoc, flags,
1038 			stsn, rtsn, GFP_ATOMIC);
1039 	} else if (req->type == SCTP_PARAM_RESET_ADD_OUT_STREAMS) {
1040 		struct sctp_strreset_addstrm *addstrm;
1041 		__u16 number;
1042 
1043 		addstrm = (struct sctp_strreset_addstrm *)req;
1044 		nums = ntohs(addstrm->number_of_streams);
1045 		number = stream->outcnt - nums;
1046 
1047 		if (result == SCTP_STRRESET_PERFORMED) {
1048 			for (i = number; i < stream->outcnt; i++)
1049 				SCTP_SO(stream, i)->state = SCTP_STREAM_OPEN;
1050 		} else {
1051 			sctp_stream_shrink_out(stream, number);
1052 			stream->outcnt = number;
1053 		}
1054 
1055 		*evp = sctp_ulpevent_make_stream_change_event(asoc, flags,
1056 			0, nums, GFP_ATOMIC);
1057 	} else if (req->type == SCTP_PARAM_RESET_ADD_IN_STREAMS) {
1058 		struct sctp_strreset_addstrm *addstrm;
1059 
1060 		/* if the result is performed, it's impossible for addstrm in
1061 		 * request.
1062 		 */
1063 		if (result == SCTP_STRRESET_PERFORMED)
1064 			return NULL;
1065 
1066 		addstrm = (struct sctp_strreset_addstrm *)req;
1067 		nums = ntohs(addstrm->number_of_streams);
1068 
1069 		*evp = sctp_ulpevent_make_stream_change_event(asoc, flags,
1070 			nums, 0, GFP_ATOMIC);
1071 	}
1072 
1073 	asoc->strreset_outstanding--;
1074 	asoc->strreset_outseq++;
1075 
1076 	/* remove everything for this reconf request */
1077 	if (!asoc->strreset_outstanding) {
1078 		t = asoc->strreset_chunk->transport;
1079 		if (del_timer(&t->reconf_timer))
1080 			sctp_transport_put(t);
1081 
1082 		sctp_chunk_put(asoc->strreset_chunk);
1083 		asoc->strreset_chunk = NULL;
1084 	}
1085 
1086 	return NULL;
1087 }
1088