cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

associola.c (50162B)


      1// SPDX-License-Identifier: GPL-2.0-or-later
      2/* SCTP kernel implementation
      3 * (C) Copyright IBM Corp. 2001, 2004
      4 * Copyright (c) 1999-2000 Cisco, Inc.
      5 * Copyright (c) 1999-2001 Motorola, Inc.
      6 * Copyright (c) 2001 Intel Corp.
      7 * Copyright (c) 2001 La Monte H.P. Yarroll
      8 *
      9 * This file is part of the SCTP kernel implementation
     10 *
     11 * This module provides the abstraction for an SCTP association.
     12 *
     13 * Please send any bug reports or fixes you make to the
     14 * email address(es):
     15 *    lksctp developers <linux-sctp@vger.kernel.org>
     16 *
     17 * Written or modified by:
     18 *    La Monte H.P. Yarroll <piggy@acm.org>
     19 *    Karl Knutson          <karl@athena.chicago.il.us>
     20 *    Jon Grimm             <jgrimm@us.ibm.com>
     21 *    Xingang Guo           <xingang.guo@intel.com>
     22 *    Hui Huang             <hui.huang@nokia.com>
     23 *    Sridhar Samudrala	    <sri@us.ibm.com>
     24 *    Daisy Chang	    <daisyc@us.ibm.com>
     25 *    Ryan Layer	    <rmlayer@us.ibm.com>
     26 *    Kevin Gao             <kevin.gao@intel.com>
     27 */
     28
     29#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
     30
     31#include <linux/types.h>
     32#include <linux/fcntl.h>
     33#include <linux/poll.h>
     34#include <linux/init.h>
     35
     36#include <linux/slab.h>
     37#include <linux/in.h>
     38#include <net/ipv6.h>
     39#include <net/sctp/sctp.h>
     40#include <net/sctp/sm.h>
     41
     42/* Forward declarations for internal functions. */
     43static void sctp_select_active_and_retran_path(struct sctp_association *asoc);
     44static void sctp_assoc_bh_rcv(struct work_struct *work);
     45static void sctp_assoc_free_asconf_acks(struct sctp_association *asoc);
     46static void sctp_assoc_free_asconf_queue(struct sctp_association *asoc);
     47
     48/* 1st Level Abstractions. */
     49
     50/* Initialize a new association from provided memory. */
     51static struct sctp_association *sctp_association_init(
     52					struct sctp_association *asoc,
     53					const struct sctp_endpoint *ep,
     54					const struct sock *sk,
     55					enum sctp_scope scope, gfp_t gfp)
     56{
     57	struct sctp_sock *sp;
     58	struct sctp_paramhdr *p;
     59	int i;
     60
     61	/* Retrieve the SCTP per socket area.  */
     62	sp = sctp_sk((struct sock *)sk);
     63
     64	/* Discarding const is appropriate here.  */
     65	asoc->ep = (struct sctp_endpoint *)ep;
     66	asoc->base.sk = (struct sock *)sk;
     67	asoc->base.net = sock_net(sk);
     68
     69	sctp_endpoint_hold(asoc->ep);
     70	sock_hold(asoc->base.sk);
     71
     72	/* Initialize the common base substructure.  */
     73	asoc->base.type = SCTP_EP_TYPE_ASSOCIATION;
     74
     75	/* Initialize the object handling fields.  */
     76	refcount_set(&asoc->base.refcnt, 1);
     77
     78	/* Initialize the bind addr area.  */
     79	sctp_bind_addr_init(&asoc->base.bind_addr, ep->base.bind_addr.port);
     80
     81	asoc->state = SCTP_STATE_CLOSED;
     82	asoc->cookie_life = ms_to_ktime(sp->assocparams.sasoc_cookie_life);
     83	asoc->user_frag = sp->user_frag;
     84
     85	/* Set the association max_retrans and RTO values from the
     86	 * socket values.
     87	 */
     88	asoc->max_retrans = sp->assocparams.sasoc_asocmaxrxt;
     89	asoc->pf_retrans  = sp->pf_retrans;
     90	asoc->ps_retrans  = sp->ps_retrans;
     91	asoc->pf_expose   = sp->pf_expose;
     92
     93	asoc->rto_initial = msecs_to_jiffies(sp->rtoinfo.srto_initial);
     94	asoc->rto_max = msecs_to_jiffies(sp->rtoinfo.srto_max);
     95	asoc->rto_min = msecs_to_jiffies(sp->rtoinfo.srto_min);
     96
     97	/* Initialize the association's heartbeat interval based on the
     98	 * sock configured value.
     99	 */
    100	asoc->hbinterval = msecs_to_jiffies(sp->hbinterval);
    101	asoc->probe_interval = msecs_to_jiffies(sp->probe_interval);
    102
    103	asoc->encap_port = sp->encap_port;
    104
    105	/* Initialize path max retrans value. */
    106	asoc->pathmaxrxt = sp->pathmaxrxt;
    107
    108	asoc->flowlabel = sp->flowlabel;
    109	asoc->dscp = sp->dscp;
    110
    111	/* Set association default SACK delay */
    112	asoc->sackdelay = msecs_to_jiffies(sp->sackdelay);
    113	asoc->sackfreq = sp->sackfreq;
    114
    115	/* Set the association default flags controlling
    116	 * Heartbeat, SACK delay, and Path MTU Discovery.
    117	 */
    118	asoc->param_flags = sp->param_flags;
    119
    120	/* Initialize the maximum number of new data packets that can be sent
    121	 * in a burst.
    122	 */
    123	asoc->max_burst = sp->max_burst;
    124
    125	asoc->subscribe = sp->subscribe;
    126
    127	/* initialize association timers */
    128	asoc->timeouts[SCTP_EVENT_TIMEOUT_T1_COOKIE] = asoc->rto_initial;
    129	asoc->timeouts[SCTP_EVENT_TIMEOUT_T1_INIT] = asoc->rto_initial;
    130	asoc->timeouts[SCTP_EVENT_TIMEOUT_T2_SHUTDOWN] = asoc->rto_initial;
    131
    132	/* sctpimpguide Section 2.12.2
    133	 * If the 'T5-shutdown-guard' timer is used, it SHOULD be set to the
    134	 * recommended value of 5 times 'RTO.Max'.
    135	 */
    136	asoc->timeouts[SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD]
    137		= 5 * asoc->rto_max;
    138
    139	asoc->timeouts[SCTP_EVENT_TIMEOUT_SACK] = asoc->sackdelay;
    140	asoc->timeouts[SCTP_EVENT_TIMEOUT_AUTOCLOSE] = sp->autoclose * HZ;
    141
    142	/* Initializes the timers */
    143	for (i = SCTP_EVENT_TIMEOUT_NONE; i < SCTP_NUM_TIMEOUT_TYPES; ++i)
    144		timer_setup(&asoc->timers[i], sctp_timer_events[i], 0);
    145
    146	/* Pull default initialization values from the sock options.
    147	 * Note: This assumes that the values have already been
    148	 * validated in the sock.
    149	 */
    150	asoc->c.sinit_max_instreams = sp->initmsg.sinit_max_instreams;
    151	asoc->c.sinit_num_ostreams  = sp->initmsg.sinit_num_ostreams;
    152	asoc->max_init_attempts	= sp->initmsg.sinit_max_attempts;
    153
    154	asoc->max_init_timeo =
    155		 msecs_to_jiffies(sp->initmsg.sinit_max_init_timeo);
    156
    157	/* Set the local window size for receive.
    158	 * This is also the rcvbuf space per association.
    159	 * RFC 6 - A SCTP receiver MUST be able to receive a minimum of
    160	 * 1500 bytes in one SCTP packet.
    161	 */
    162	if ((sk->sk_rcvbuf/2) < SCTP_DEFAULT_MINWINDOW)
    163		asoc->rwnd = SCTP_DEFAULT_MINWINDOW;
    164	else
    165		asoc->rwnd = sk->sk_rcvbuf/2;
    166
    167	asoc->a_rwnd = asoc->rwnd;
    168
    169	/* Use my own max window until I learn something better.  */
    170	asoc->peer.rwnd = SCTP_DEFAULT_MAXWINDOW;
    171
    172	/* Initialize the receive memory counter */
    173	atomic_set(&asoc->rmem_alloc, 0);
    174
    175	init_waitqueue_head(&asoc->wait);
    176
    177	asoc->c.my_vtag = sctp_generate_tag(ep);
    178	asoc->c.my_port = ep->base.bind_addr.port;
    179
    180	asoc->c.initial_tsn = sctp_generate_tsn(ep);
    181
    182	asoc->next_tsn = asoc->c.initial_tsn;
    183
    184	asoc->ctsn_ack_point = asoc->next_tsn - 1;
    185	asoc->adv_peer_ack_point = asoc->ctsn_ack_point;
    186	asoc->highest_sacked = asoc->ctsn_ack_point;
    187	asoc->last_cwr_tsn = asoc->ctsn_ack_point;
    188
    189	/* ADDIP Section 4.1 Asconf Chunk Procedures
    190	 *
    191	 * When an endpoint has an ASCONF signaled change to be sent to the
    192	 * remote endpoint it should do the following:
    193	 * ...
    194	 * A2) a serial number should be assigned to the chunk. The serial
    195	 * number SHOULD be a monotonically increasing number. The serial
    196	 * numbers SHOULD be initialized at the start of the
    197	 * association to the same value as the initial TSN.
    198	 */
    199	asoc->addip_serial = asoc->c.initial_tsn;
    200	asoc->strreset_outseq = asoc->c.initial_tsn;
    201
    202	INIT_LIST_HEAD(&asoc->addip_chunk_list);
    203	INIT_LIST_HEAD(&asoc->asconf_ack_list);
    204
    205	/* Make an empty list of remote transport addresses.  */
    206	INIT_LIST_HEAD(&asoc->peer.transport_addr_list);
    207
    208	/* RFC 2960 5.1 Normal Establishment of an Association
    209	 *
    210	 * After the reception of the first data chunk in an
    211	 * association the endpoint must immediately respond with a
    212	 * sack to acknowledge the data chunk.  Subsequent
    213	 * acknowledgements should be done as described in Section
    214	 * 6.2.
    215	 *
    216	 * [We implement this by telling a new association that it
    217	 * already received one packet.]
    218	 */
    219	asoc->peer.sack_needed = 1;
    220	asoc->peer.sack_generation = 1;
    221
    222	/* Create an input queue.  */
    223	sctp_inq_init(&asoc->base.inqueue);
    224	sctp_inq_set_th_handler(&asoc->base.inqueue, sctp_assoc_bh_rcv);
    225
    226	/* Create an output queue.  */
    227	sctp_outq_init(asoc, &asoc->outqueue);
    228
    229	if (!sctp_ulpq_init(&asoc->ulpq, asoc))
    230		goto fail_init;
    231
    232	if (sctp_stream_init(&asoc->stream, asoc->c.sinit_num_ostreams,
    233			     0, gfp))
    234		goto fail_init;
    235
    236	/* Initialize default path MTU. */
    237	asoc->pathmtu = sp->pathmtu;
    238	sctp_assoc_update_frag_point(asoc);
    239
    240	/* Assume that peer would support both address types unless we are
    241	 * told otherwise.
    242	 */
    243	asoc->peer.ipv4_address = 1;
    244	if (asoc->base.sk->sk_family == PF_INET6)
    245		asoc->peer.ipv6_address = 1;
    246	INIT_LIST_HEAD(&asoc->asocs);
    247
    248	asoc->default_stream = sp->default_stream;
    249	asoc->default_ppid = sp->default_ppid;
    250	asoc->default_flags = sp->default_flags;
    251	asoc->default_context = sp->default_context;
    252	asoc->default_timetolive = sp->default_timetolive;
    253	asoc->default_rcv_context = sp->default_rcv_context;
    254
    255	/* AUTH related initializations */
    256	INIT_LIST_HEAD(&asoc->endpoint_shared_keys);
    257	if (sctp_auth_asoc_copy_shkeys(ep, asoc, gfp))
    258		goto stream_free;
    259
    260	asoc->active_key_id = ep->active_key_id;
    261	asoc->strreset_enable = ep->strreset_enable;
    262
    263	/* Save the hmacs and chunks list into this association */
    264	if (ep->auth_hmacs_list)
    265		memcpy(asoc->c.auth_hmacs, ep->auth_hmacs_list,
    266			ntohs(ep->auth_hmacs_list->param_hdr.length));
    267	if (ep->auth_chunk_list)
    268		memcpy(asoc->c.auth_chunks, ep->auth_chunk_list,
    269			ntohs(ep->auth_chunk_list->param_hdr.length));
    270
    271	/* Get the AUTH random number for this association */
    272	p = (struct sctp_paramhdr *)asoc->c.auth_random;
    273	p->type = SCTP_PARAM_RANDOM;
    274	p->length = htons(sizeof(*p) + SCTP_AUTH_RANDOM_LENGTH);
    275	get_random_bytes(p+1, SCTP_AUTH_RANDOM_LENGTH);
    276
    277	return asoc;
    278
    279stream_free:
    280	sctp_stream_free(&asoc->stream);
    281fail_init:
    282	sock_put(asoc->base.sk);
    283	sctp_endpoint_put(asoc->ep);
    284	return NULL;
    285}
    286
    287/* Allocate and initialize a new association */
    288struct sctp_association *sctp_association_new(const struct sctp_endpoint *ep,
    289					      const struct sock *sk,
    290					      enum sctp_scope scope, gfp_t gfp)
    291{
    292	struct sctp_association *asoc;
    293
    294	asoc = kzalloc(sizeof(*asoc), gfp);
    295	if (!asoc)
    296		goto fail;
    297
    298	if (!sctp_association_init(asoc, ep, sk, scope, gfp))
    299		goto fail_init;
    300
    301	SCTP_DBG_OBJCNT_INC(assoc);
    302
    303	pr_debug("Created asoc %p\n", asoc);
    304
    305	return asoc;
    306
    307fail_init:
    308	kfree(asoc);
    309fail:
    310	return NULL;
    311}
    312
    313/* Free this association if possible.  There may still be users, so
    314 * the actual deallocation may be delayed.
    315 */
    316void sctp_association_free(struct sctp_association *asoc)
    317{
    318	struct sock *sk = asoc->base.sk;
    319	struct sctp_transport *transport;
    320	struct list_head *pos, *temp;
    321	int i;
    322
    323	/* Only real associations count against the endpoint, so
    324	 * don't bother for if this is a temporary association.
    325	 */
    326	if (!list_empty(&asoc->asocs)) {
    327		list_del(&asoc->asocs);
    328
    329		/* Decrement the backlog value for a TCP-style listening
    330		 * socket.
    331		 */
    332		if (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING))
    333			sk_acceptq_removed(sk);
    334	}
    335
    336	/* Mark as dead, so other users can know this structure is
    337	 * going away.
    338	 */
    339	asoc->base.dead = true;
    340
    341	/* Dispose of any data lying around in the outqueue. */
    342	sctp_outq_free(&asoc->outqueue);
    343
    344	/* Dispose of any pending messages for the upper layer. */
    345	sctp_ulpq_free(&asoc->ulpq);
    346
    347	/* Dispose of any pending chunks on the inqueue. */
    348	sctp_inq_free(&asoc->base.inqueue);
    349
    350	sctp_tsnmap_free(&asoc->peer.tsn_map);
    351
    352	/* Free stream information. */
    353	sctp_stream_free(&asoc->stream);
    354
    355	if (asoc->strreset_chunk)
    356		sctp_chunk_free(asoc->strreset_chunk);
    357
    358	/* Clean up the bound address list. */
    359	sctp_bind_addr_free(&asoc->base.bind_addr);
    360
    361	/* Do we need to go through all of our timers and
    362	 * delete them?   To be safe we will try to delete all, but we
    363	 * should be able to go through and make a guess based
    364	 * on our state.
    365	 */
    366	for (i = SCTP_EVENT_TIMEOUT_NONE; i < SCTP_NUM_TIMEOUT_TYPES; ++i) {
    367		if (del_timer(&asoc->timers[i]))
    368			sctp_association_put(asoc);
    369	}
    370
    371	/* Free peer's cached cookie. */
    372	kfree(asoc->peer.cookie);
    373	kfree(asoc->peer.peer_random);
    374	kfree(asoc->peer.peer_chunks);
    375	kfree(asoc->peer.peer_hmacs);
    376
    377	/* Release the transport structures. */
    378	list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
    379		transport = list_entry(pos, struct sctp_transport, transports);
    380		list_del_rcu(pos);
    381		sctp_unhash_transport(transport);
    382		sctp_transport_free(transport);
    383	}
    384
    385	asoc->peer.transport_count = 0;
    386
    387	sctp_asconf_queue_teardown(asoc);
    388
    389	/* Free pending address space being deleted */
    390	kfree(asoc->asconf_addr_del_pending);
    391
    392	/* AUTH - Free the endpoint shared keys */
    393	sctp_auth_destroy_keys(&asoc->endpoint_shared_keys);
    394
    395	/* AUTH - Free the association shared key */
    396	sctp_auth_key_put(asoc->asoc_shared_key);
    397
    398	sctp_association_put(asoc);
    399}
    400
    401/* Cleanup and free up an association. */
    402static void sctp_association_destroy(struct sctp_association *asoc)
    403{
    404	if (unlikely(!asoc->base.dead)) {
    405		WARN(1, "Attempt to destroy undead association %p!\n", asoc);
    406		return;
    407	}
    408
    409	sctp_endpoint_put(asoc->ep);
    410	sock_put(asoc->base.sk);
    411
    412	if (asoc->assoc_id != 0) {
    413		spin_lock_bh(&sctp_assocs_id_lock);
    414		idr_remove(&sctp_assocs_id, asoc->assoc_id);
    415		spin_unlock_bh(&sctp_assocs_id_lock);
    416	}
    417
    418	WARN_ON(atomic_read(&asoc->rmem_alloc));
    419
    420	kfree_rcu(asoc, rcu);
    421	SCTP_DBG_OBJCNT_DEC(assoc);
    422}
    423
    424/* Change the primary destination address for the peer. */
    425void sctp_assoc_set_primary(struct sctp_association *asoc,
    426			    struct sctp_transport *transport)
    427{
    428	int changeover = 0;
    429
    430	/* it's a changeover only if we already have a primary path
    431	 * that we are changing
    432	 */
    433	if (asoc->peer.primary_path != NULL &&
    434	    asoc->peer.primary_path != transport)
    435		changeover = 1 ;
    436
    437	asoc->peer.primary_path = transport;
    438	sctp_ulpevent_notify_peer_addr_change(transport,
    439					      SCTP_ADDR_MADE_PRIM, 0);
    440
    441	/* Set a default msg_name for events. */
    442	memcpy(&asoc->peer.primary_addr, &transport->ipaddr,
    443	       sizeof(union sctp_addr));
    444
    445	/* If the primary path is changing, assume that the
    446	 * user wants to use this new path.
    447	 */
    448	if ((transport->state == SCTP_ACTIVE) ||
    449	    (transport->state == SCTP_UNKNOWN))
    450		asoc->peer.active_path = transport;
    451
    452	/*
    453	 * SFR-CACC algorithm:
    454	 * Upon the receipt of a request to change the primary
    455	 * destination address, on the data structure for the new
    456	 * primary destination, the sender MUST do the following:
    457	 *
    458	 * 1) If CHANGEOVER_ACTIVE is set, then there was a switch
    459	 * to this destination address earlier. The sender MUST set
    460	 * CYCLING_CHANGEOVER to indicate that this switch is a
    461	 * double switch to the same destination address.
    462	 *
    463	 * Really, only bother is we have data queued or outstanding on
    464	 * the association.
    465	 */
    466	if (!asoc->outqueue.outstanding_bytes && !asoc->outqueue.out_qlen)
    467		return;
    468
    469	if (transport->cacc.changeover_active)
    470		transport->cacc.cycling_changeover = changeover;
    471
    472	/* 2) The sender MUST set CHANGEOVER_ACTIVE to indicate that
    473	 * a changeover has occurred.
    474	 */
    475	transport->cacc.changeover_active = changeover;
    476
    477	/* 3) The sender MUST store the next TSN to be sent in
    478	 * next_tsn_at_change.
    479	 */
    480	transport->cacc.next_tsn_at_change = asoc->next_tsn;
    481}
    482
    483/* Remove a transport from an association.  */
    484void sctp_assoc_rm_peer(struct sctp_association *asoc,
    485			struct sctp_transport *peer)
    486{
    487	struct sctp_transport *transport;
    488	struct list_head *pos;
    489	struct sctp_chunk *ch;
    490
    491	pr_debug("%s: association:%p addr:%pISpc\n",
    492		 __func__, asoc, &peer->ipaddr.sa);
    493
    494	/* If we are to remove the current retran_path, update it
    495	 * to the next peer before removing this peer from the list.
    496	 */
    497	if (asoc->peer.retran_path == peer)
    498		sctp_assoc_update_retran_path(asoc);
    499
    500	/* Remove this peer from the list. */
    501	list_del_rcu(&peer->transports);
    502	/* Remove this peer from the transport hashtable */
    503	sctp_unhash_transport(peer);
    504
    505	/* Get the first transport of asoc. */
    506	pos = asoc->peer.transport_addr_list.next;
    507	transport = list_entry(pos, struct sctp_transport, transports);
    508
    509	/* Update any entries that match the peer to be deleted. */
    510	if (asoc->peer.primary_path == peer)
    511		sctp_assoc_set_primary(asoc, transport);
    512	if (asoc->peer.active_path == peer)
    513		asoc->peer.active_path = transport;
    514	if (asoc->peer.retran_path == peer)
    515		asoc->peer.retran_path = transport;
    516	if (asoc->peer.last_data_from == peer)
    517		asoc->peer.last_data_from = transport;
    518
    519	if (asoc->strreset_chunk &&
    520	    asoc->strreset_chunk->transport == peer) {
    521		asoc->strreset_chunk->transport = transport;
    522		sctp_transport_reset_reconf_timer(transport);
    523	}
    524
    525	/* If we remove the transport an INIT was last sent to, set it to
    526	 * NULL. Combined with the update of the retran path above, this
    527	 * will cause the next INIT to be sent to the next available
    528	 * transport, maintaining the cycle.
    529	 */
    530	if (asoc->init_last_sent_to == peer)
    531		asoc->init_last_sent_to = NULL;
    532
    533	/* If we remove the transport an SHUTDOWN was last sent to, set it
    534	 * to NULL. Combined with the update of the retran path above, this
    535	 * will cause the next SHUTDOWN to be sent to the next available
    536	 * transport, maintaining the cycle.
    537	 */
    538	if (asoc->shutdown_last_sent_to == peer)
    539		asoc->shutdown_last_sent_to = NULL;
    540
    541	/* If we remove the transport an ASCONF was last sent to, set it to
    542	 * NULL.
    543	 */
    544	if (asoc->addip_last_asconf &&
    545	    asoc->addip_last_asconf->transport == peer)
    546		asoc->addip_last_asconf->transport = NULL;
    547
    548	/* If we have something on the transmitted list, we have to
    549	 * save it off.  The best place is the active path.
    550	 */
    551	if (!list_empty(&peer->transmitted)) {
    552		struct sctp_transport *active = asoc->peer.active_path;
    553
    554		/* Reset the transport of each chunk on this list */
    555		list_for_each_entry(ch, &peer->transmitted,
    556					transmitted_list) {
    557			ch->transport = NULL;
    558			ch->rtt_in_progress = 0;
    559		}
    560
    561		list_splice_tail_init(&peer->transmitted,
    562					&active->transmitted);
    563
    564		/* Start a T3 timer here in case it wasn't running so
    565		 * that these migrated packets have a chance to get
    566		 * retransmitted.
    567		 */
    568		if (!timer_pending(&active->T3_rtx_timer))
    569			if (!mod_timer(&active->T3_rtx_timer,
    570					jiffies + active->rto))
    571				sctp_transport_hold(active);
    572	}
    573
    574	list_for_each_entry(ch, &asoc->outqueue.out_chunk_list, list)
    575		if (ch->transport == peer)
    576			ch->transport = NULL;
    577
    578	asoc->peer.transport_count--;
    579
    580	sctp_ulpevent_notify_peer_addr_change(peer, SCTP_ADDR_REMOVED, 0);
    581	sctp_transport_free(peer);
    582}
    583
    584/* Add a transport address to an association.  */
    585struct sctp_transport *sctp_assoc_add_peer(struct sctp_association *asoc,
    586					   const union sctp_addr *addr,
    587					   const gfp_t gfp,
    588					   const int peer_state)
    589{
    590	struct sctp_transport *peer;
    591	struct sctp_sock *sp;
    592	unsigned short port;
    593
    594	sp = sctp_sk(asoc->base.sk);
    595
    596	/* AF_INET and AF_INET6 share common port field. */
    597	port = ntohs(addr->v4.sin_port);
    598
    599	pr_debug("%s: association:%p addr:%pISpc state:%d\n", __func__,
    600		 asoc, &addr->sa, peer_state);
    601
    602	/* Set the port if it has not been set yet.  */
    603	if (0 == asoc->peer.port)
    604		asoc->peer.port = port;
    605
    606	/* Check to see if this is a duplicate. */
    607	peer = sctp_assoc_lookup_paddr(asoc, addr);
    608	if (peer) {
    609		/* An UNKNOWN state is only set on transports added by
    610		 * user in sctp_connectx() call.  Such transports should be
    611		 * considered CONFIRMED per RFC 4960, Section 5.4.
    612		 */
    613		if (peer->state == SCTP_UNKNOWN) {
    614			peer->state = SCTP_ACTIVE;
    615		}
    616		return peer;
    617	}
    618
    619	peer = sctp_transport_new(asoc->base.net, addr, gfp);
    620	if (!peer)
    621		return NULL;
    622
    623	sctp_transport_set_owner(peer, asoc);
    624
    625	/* Initialize the peer's heartbeat interval based on the
    626	 * association configured value.
    627	 */
    628	peer->hbinterval = asoc->hbinterval;
    629	peer->probe_interval = asoc->probe_interval;
    630
    631	peer->encap_port = asoc->encap_port;
    632
    633	/* Set the path max_retrans.  */
    634	peer->pathmaxrxt = asoc->pathmaxrxt;
    635
    636	/* And the partial failure retrans threshold */
    637	peer->pf_retrans = asoc->pf_retrans;
    638	/* And the primary path switchover retrans threshold */
    639	peer->ps_retrans = asoc->ps_retrans;
    640
    641	/* Initialize the peer's SACK delay timeout based on the
    642	 * association configured value.
    643	 */
    644	peer->sackdelay = asoc->sackdelay;
    645	peer->sackfreq = asoc->sackfreq;
    646
    647	if (addr->sa.sa_family == AF_INET6) {
    648		__be32 info = addr->v6.sin6_flowinfo;
    649
    650		if (info) {
    651			peer->flowlabel = ntohl(info & IPV6_FLOWLABEL_MASK);
    652			peer->flowlabel |= SCTP_FLOWLABEL_SET_MASK;
    653		} else {
    654			peer->flowlabel = asoc->flowlabel;
    655		}
    656	}
    657	peer->dscp = asoc->dscp;
    658
    659	/* Enable/disable heartbeat, SACK delay, and path MTU discovery
    660	 * based on association setting.
    661	 */
    662	peer->param_flags = asoc->param_flags;
    663
    664	/* Initialize the pmtu of the transport. */
    665	sctp_transport_route(peer, NULL, sp);
    666
    667	/* If this is the first transport addr on this association,
    668	 * initialize the association PMTU to the peer's PMTU.
    669	 * If not and the current association PMTU is higher than the new
    670	 * peer's PMTU, reset the association PMTU to the new peer's PMTU.
    671	 */
    672	sctp_assoc_set_pmtu(asoc, asoc->pathmtu ?
    673				  min_t(int, peer->pathmtu, asoc->pathmtu) :
    674				  peer->pathmtu);
    675
    676	peer->pmtu_pending = 0;
    677
    678	/* The asoc->peer.port might not be meaningful yet, but
    679	 * initialize the packet structure anyway.
    680	 */
    681	sctp_packet_init(&peer->packet, peer, asoc->base.bind_addr.port,
    682			 asoc->peer.port);
    683
    684	/* 7.2.1 Slow-Start
    685	 *
    686	 * o The initial cwnd before DATA transmission or after a sufficiently
    687	 *   long idle period MUST be set to
    688	 *      min(4*MTU, max(2*MTU, 4380 bytes))
    689	 *
    690	 * o The initial value of ssthresh MAY be arbitrarily high
    691	 *   (for example, implementations MAY use the size of the
    692	 *   receiver advertised window).
    693	 */
    694	peer->cwnd = min(4*asoc->pathmtu, max_t(__u32, 2*asoc->pathmtu, 4380));
    695
    696	/* At this point, we may not have the receiver's advertised window,
    697	 * so initialize ssthresh to the default value and it will be set
    698	 * later when we process the INIT.
    699	 */
    700	peer->ssthresh = SCTP_DEFAULT_MAXWINDOW;
    701
    702	peer->partial_bytes_acked = 0;
    703	peer->flight_size = 0;
    704	peer->burst_limited = 0;
    705
    706	/* Set the transport's RTO.initial value */
    707	peer->rto = asoc->rto_initial;
    708	sctp_max_rto(asoc, peer);
    709
    710	/* Set the peer's active state. */
    711	peer->state = peer_state;
    712
    713	/* Add this peer into the transport hashtable */
    714	if (sctp_hash_transport(peer)) {
    715		sctp_transport_free(peer);
    716		return NULL;
    717	}
    718
    719	sctp_transport_pl_reset(peer);
    720
    721	/* Attach the remote transport to our asoc.  */
    722	list_add_tail_rcu(&peer->transports, &asoc->peer.transport_addr_list);
    723	asoc->peer.transport_count++;
    724
    725	sctp_ulpevent_notify_peer_addr_change(peer, SCTP_ADDR_ADDED, 0);
    726
    727	/* If we do not yet have a primary path, set one.  */
    728	if (!asoc->peer.primary_path) {
    729		sctp_assoc_set_primary(asoc, peer);
    730		asoc->peer.retran_path = peer;
    731	}
    732
    733	if (asoc->peer.active_path == asoc->peer.retran_path &&
    734	    peer->state != SCTP_UNCONFIRMED) {
    735		asoc->peer.retran_path = peer;
    736	}
    737
    738	return peer;
    739}
    740
    741/* Delete a transport address from an association.  */
    742void sctp_assoc_del_peer(struct sctp_association *asoc,
    743			 const union sctp_addr *addr)
    744{
    745	struct list_head	*pos;
    746	struct list_head	*temp;
    747	struct sctp_transport	*transport;
    748
    749	list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
    750		transport = list_entry(pos, struct sctp_transport, transports);
    751		if (sctp_cmp_addr_exact(addr, &transport->ipaddr)) {
    752			/* Do book keeping for removing the peer and free it. */
    753			sctp_assoc_rm_peer(asoc, transport);
    754			break;
    755		}
    756	}
    757}
    758
    759/* Lookup a transport by address. */
    760struct sctp_transport *sctp_assoc_lookup_paddr(
    761					const struct sctp_association *asoc,
    762					const union sctp_addr *address)
    763{
    764	struct sctp_transport *t;
    765
    766	/* Cycle through all transports searching for a peer address. */
    767
    768	list_for_each_entry(t, &asoc->peer.transport_addr_list,
    769			transports) {
    770		if (sctp_cmp_addr_exact(address, &t->ipaddr))
    771			return t;
    772	}
    773
    774	return NULL;
    775}
    776
    777/* Remove all transports except a give one */
    778void sctp_assoc_del_nonprimary_peers(struct sctp_association *asoc,
    779				     struct sctp_transport *primary)
    780{
    781	struct sctp_transport	*temp;
    782	struct sctp_transport	*t;
    783
    784	list_for_each_entry_safe(t, temp, &asoc->peer.transport_addr_list,
    785				 transports) {
    786		/* if the current transport is not the primary one, delete it */
    787		if (t != primary)
    788			sctp_assoc_rm_peer(asoc, t);
    789	}
    790}
    791
    792/* Engage in transport control operations.
    793 * Mark the transport up or down and send a notification to the user.
    794 * Select and update the new active and retran paths.
    795 */
    796void sctp_assoc_control_transport(struct sctp_association *asoc,
    797				  struct sctp_transport *transport,
    798				  enum sctp_transport_cmd command,
    799				  sctp_sn_error_t error)
    800{
    801	int spc_state = SCTP_ADDR_AVAILABLE;
    802	bool ulp_notify = true;
    803
    804	/* Record the transition on the transport.  */
    805	switch (command) {
    806	case SCTP_TRANSPORT_UP:
    807		/* If we are moving from UNCONFIRMED state due
    808		 * to heartbeat success, report the SCTP_ADDR_CONFIRMED
    809		 * state to the user, otherwise report SCTP_ADDR_AVAILABLE.
    810		 */
    811		if (transport->state == SCTP_PF &&
    812		    asoc->pf_expose != SCTP_PF_EXPOSE_ENABLE)
    813			ulp_notify = false;
    814		else if (transport->state == SCTP_UNCONFIRMED &&
    815			 error == SCTP_HEARTBEAT_SUCCESS)
    816			spc_state = SCTP_ADDR_CONFIRMED;
    817
    818		transport->state = SCTP_ACTIVE;
    819		sctp_transport_pl_reset(transport);
    820		break;
    821
    822	case SCTP_TRANSPORT_DOWN:
    823		/* If the transport was never confirmed, do not transition it
    824		 * to inactive state.  Also, release the cached route since
    825		 * there may be a better route next time.
    826		 */
    827		if (transport->state != SCTP_UNCONFIRMED) {
    828			transport->state = SCTP_INACTIVE;
    829			sctp_transport_pl_reset(transport);
    830			spc_state = SCTP_ADDR_UNREACHABLE;
    831		} else {
    832			sctp_transport_dst_release(transport);
    833			ulp_notify = false;
    834		}
    835		break;
    836
    837	case SCTP_TRANSPORT_PF:
    838		transport->state = SCTP_PF;
    839		if (asoc->pf_expose != SCTP_PF_EXPOSE_ENABLE)
    840			ulp_notify = false;
    841		else
    842			spc_state = SCTP_ADDR_POTENTIALLY_FAILED;
    843		break;
    844
    845	default:
    846		return;
    847	}
    848
    849	/* Generate and send a SCTP_PEER_ADDR_CHANGE notification
    850	 * to the user.
    851	 */
    852	if (ulp_notify)
    853		sctp_ulpevent_notify_peer_addr_change(transport,
    854						      spc_state, error);
    855
    856	/* Select new active and retran paths. */
    857	sctp_select_active_and_retran_path(asoc);
    858}
    859
    860/* Hold a reference to an association. */
    861void sctp_association_hold(struct sctp_association *asoc)
    862{
    863	refcount_inc(&asoc->base.refcnt);
    864}
    865
    866/* Release a reference to an association and cleanup
    867 * if there are no more references.
    868 */
    869void sctp_association_put(struct sctp_association *asoc)
    870{
    871	if (refcount_dec_and_test(&asoc->base.refcnt))
    872		sctp_association_destroy(asoc);
    873}
    874
    875/* Allocate the next TSN, Transmission Sequence Number, for the given
    876 * association.
    877 */
    878__u32 sctp_association_get_next_tsn(struct sctp_association *asoc)
    879{
    880	/* From Section 1.6 Serial Number Arithmetic:
    881	 * Transmission Sequence Numbers wrap around when they reach
    882	 * 2**32 - 1.  That is, the next TSN a DATA chunk MUST use
    883	 * after transmitting TSN = 2*32 - 1 is TSN = 0.
    884	 */
    885	__u32 retval = asoc->next_tsn;
    886	asoc->next_tsn++;
    887	asoc->unack_data++;
    888
    889	return retval;
    890}
    891
    892/* Compare two addresses to see if they match.  Wildcard addresses
    893 * only match themselves.
    894 */
    895int sctp_cmp_addr_exact(const union sctp_addr *ss1,
    896			const union sctp_addr *ss2)
    897{
    898	struct sctp_af *af;
    899
    900	af = sctp_get_af_specific(ss1->sa.sa_family);
    901	if (unlikely(!af))
    902		return 0;
    903
    904	return af->cmp_addr(ss1, ss2);
    905}
    906
    907/* Return an ecne chunk to get prepended to a packet.
    908 * Note:  We are sly and return a shared, prealloced chunk.  FIXME:
    909 * No we don't, but we could/should.
    910 */
    911struct sctp_chunk *sctp_get_ecne_prepend(struct sctp_association *asoc)
    912{
    913	if (!asoc->need_ecne)
    914		return NULL;
    915
    916	/* Send ECNE if needed.
    917	 * Not being able to allocate a chunk here is not deadly.
    918	 */
    919	return sctp_make_ecne(asoc, asoc->last_ecne_tsn);
    920}
    921
    922/*
    923 * Find which transport this TSN was sent on.
    924 */
    925struct sctp_transport *sctp_assoc_lookup_tsn(struct sctp_association *asoc,
    926					     __u32 tsn)
    927{
    928	struct sctp_transport *active;
    929	struct sctp_transport *match;
    930	struct sctp_transport *transport;
    931	struct sctp_chunk *chunk;
    932	__be32 key = htonl(tsn);
    933
    934	match = NULL;
    935
    936	/*
    937	 * FIXME: In general, find a more efficient data structure for
    938	 * searching.
    939	 */
    940
    941	/*
    942	 * The general strategy is to search each transport's transmitted
    943	 * list.   Return which transport this TSN lives on.
    944	 *
    945	 * Let's be hopeful and check the active_path first.
    946	 * Another optimization would be to know if there is only one
    947	 * outbound path and not have to look for the TSN at all.
    948	 *
    949	 */
    950
    951	active = asoc->peer.active_path;
    952
    953	list_for_each_entry(chunk, &active->transmitted,
    954			transmitted_list) {
    955
    956		if (key == chunk->subh.data_hdr->tsn) {
    957			match = active;
    958			goto out;
    959		}
    960	}
    961
    962	/* If not found, go search all the other transports. */
    963	list_for_each_entry(transport, &asoc->peer.transport_addr_list,
    964			transports) {
    965
    966		if (transport == active)
    967			continue;
    968		list_for_each_entry(chunk, &transport->transmitted,
    969				transmitted_list) {
    970			if (key == chunk->subh.data_hdr->tsn) {
    971				match = transport;
    972				goto out;
    973			}
    974		}
    975	}
    976out:
    977	return match;
    978}
    979
    980/* Do delayed input processing.  This is scheduled by sctp_rcv(). */
    981static void sctp_assoc_bh_rcv(struct work_struct *work)
    982{
    983	struct sctp_association *asoc =
    984		container_of(work, struct sctp_association,
    985			     base.inqueue.immediate);
    986	struct net *net = asoc->base.net;
    987	union sctp_subtype subtype;
    988	struct sctp_endpoint *ep;
    989	struct sctp_chunk *chunk;
    990	struct sctp_inq *inqueue;
    991	int first_time = 1;	/* is this the first time through the loop */
    992	int error = 0;
    993	int state;
    994
    995	/* The association should be held so we should be safe. */
    996	ep = asoc->ep;
    997
    998	inqueue = &asoc->base.inqueue;
    999	sctp_association_hold(asoc);
   1000	while (NULL != (chunk = sctp_inq_pop(inqueue))) {
   1001		state = asoc->state;
   1002		subtype = SCTP_ST_CHUNK(chunk->chunk_hdr->type);
   1003
   1004		/* If the first chunk in the packet is AUTH, do special
   1005		 * processing specified in Section 6.3 of SCTP-AUTH spec
   1006		 */
   1007		if (first_time && subtype.chunk == SCTP_CID_AUTH) {
   1008			struct sctp_chunkhdr *next_hdr;
   1009
   1010			next_hdr = sctp_inq_peek(inqueue);
   1011			if (!next_hdr)
   1012				goto normal;
   1013
   1014			/* If the next chunk is COOKIE-ECHO, skip the AUTH
   1015			 * chunk while saving a pointer to it so we can do
   1016			 * Authentication later (during cookie-echo
   1017			 * processing).
   1018			 */
   1019			if (next_hdr->type == SCTP_CID_COOKIE_ECHO) {
   1020				chunk->auth_chunk = skb_clone(chunk->skb,
   1021							      GFP_ATOMIC);
   1022				chunk->auth = 1;
   1023				continue;
   1024			}
   1025		}
   1026
   1027normal:
   1028		/* SCTP-AUTH, Section 6.3:
   1029		 *    The receiver has a list of chunk types which it expects
   1030		 *    to be received only after an AUTH-chunk.  This list has
   1031		 *    been sent to the peer during the association setup.  It
   1032		 *    MUST silently discard these chunks if they are not placed
   1033		 *    after an AUTH chunk in the packet.
   1034		 */
   1035		if (sctp_auth_recv_cid(subtype.chunk, asoc) && !chunk->auth)
   1036			continue;
   1037
   1038		/* Remember where the last DATA chunk came from so we
   1039		 * know where to send the SACK.
   1040		 */
   1041		if (sctp_chunk_is_data(chunk))
   1042			asoc->peer.last_data_from = chunk->transport;
   1043		else {
   1044			SCTP_INC_STATS(net, SCTP_MIB_INCTRLCHUNKS);
   1045			asoc->stats.ictrlchunks++;
   1046			if (chunk->chunk_hdr->type == SCTP_CID_SACK)
   1047				asoc->stats.isacks++;
   1048		}
   1049
   1050		if (chunk->transport)
   1051			chunk->transport->last_time_heard = ktime_get();
   1052
   1053		/* Run through the state machine. */
   1054		error = sctp_do_sm(net, SCTP_EVENT_T_CHUNK, subtype,
   1055				   state, ep, asoc, chunk, GFP_ATOMIC);
   1056
   1057		/* Check to see if the association is freed in response to
   1058		 * the incoming chunk.  If so, get out of the while loop.
   1059		 */
   1060		if (asoc->base.dead)
   1061			break;
   1062
   1063		/* If there is an error on chunk, discard this packet. */
   1064		if (error && chunk)
   1065			chunk->pdiscard = 1;
   1066
   1067		if (first_time)
   1068			first_time = 0;
   1069	}
   1070	sctp_association_put(asoc);
   1071}
   1072
   1073/* This routine moves an association from its old sk to a new sk.  */
   1074void sctp_assoc_migrate(struct sctp_association *assoc, struct sock *newsk)
   1075{
   1076	struct sctp_sock *newsp = sctp_sk(newsk);
   1077	struct sock *oldsk = assoc->base.sk;
   1078
   1079	/* Delete the association from the old endpoint's list of
   1080	 * associations.
   1081	 */
   1082	list_del_init(&assoc->asocs);
   1083
   1084	/* Decrement the backlog value for a TCP-style socket. */
   1085	if (sctp_style(oldsk, TCP))
   1086		sk_acceptq_removed(oldsk);
   1087
   1088	/* Release references to the old endpoint and the sock.  */
   1089	sctp_endpoint_put(assoc->ep);
   1090	sock_put(assoc->base.sk);
   1091
   1092	/* Get a reference to the new endpoint.  */
   1093	assoc->ep = newsp->ep;
   1094	sctp_endpoint_hold(assoc->ep);
   1095
   1096	/* Get a reference to the new sock.  */
   1097	assoc->base.sk = newsk;
   1098	sock_hold(assoc->base.sk);
   1099
   1100	/* Add the association to the new endpoint's list of associations.  */
   1101	sctp_endpoint_add_asoc(newsp->ep, assoc);
   1102}
   1103
   1104/* Update an association (possibly from unexpected COOKIE-ECHO processing).  */
   1105int sctp_assoc_update(struct sctp_association *asoc,
   1106		      struct sctp_association *new)
   1107{
   1108	struct sctp_transport *trans;
   1109	struct list_head *pos, *temp;
   1110
   1111	/* Copy in new parameters of peer. */
   1112	asoc->c = new->c;
   1113	asoc->peer.rwnd = new->peer.rwnd;
   1114	asoc->peer.sack_needed = new->peer.sack_needed;
   1115	asoc->peer.auth_capable = new->peer.auth_capable;
   1116	asoc->peer.i = new->peer.i;
   1117
   1118	if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
   1119			      asoc->peer.i.initial_tsn, GFP_ATOMIC))
   1120		return -ENOMEM;
   1121
   1122	/* Remove any peer addresses not present in the new association. */
   1123	list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
   1124		trans = list_entry(pos, struct sctp_transport, transports);
   1125		if (!sctp_assoc_lookup_paddr(new, &trans->ipaddr)) {
   1126			sctp_assoc_rm_peer(asoc, trans);
   1127			continue;
   1128		}
   1129
   1130		if (asoc->state >= SCTP_STATE_ESTABLISHED)
   1131			sctp_transport_reset(trans);
   1132	}
   1133
   1134	/* If the case is A (association restart), use
   1135	 * initial_tsn as next_tsn. If the case is B, use
   1136	 * current next_tsn in case data sent to peer
   1137	 * has been discarded and needs retransmission.
   1138	 */
   1139	if (asoc->state >= SCTP_STATE_ESTABLISHED) {
   1140		asoc->next_tsn = new->next_tsn;
   1141		asoc->ctsn_ack_point = new->ctsn_ack_point;
   1142		asoc->adv_peer_ack_point = new->adv_peer_ack_point;
   1143
   1144		/* Reinitialize SSN for both local streams
   1145		 * and peer's streams.
   1146		 */
   1147		sctp_stream_clear(&asoc->stream);
   1148
   1149		/* Flush the ULP reassembly and ordered queue.
   1150		 * Any data there will now be stale and will
   1151		 * cause problems.
   1152		 */
   1153		sctp_ulpq_flush(&asoc->ulpq);
   1154
   1155		/* reset the overall association error count so
   1156		 * that the restarted association doesn't get torn
   1157		 * down on the next retransmission timer.
   1158		 */
   1159		asoc->overall_error_count = 0;
   1160
   1161	} else {
   1162		/* Add any peer addresses from the new association. */
   1163		list_for_each_entry(trans, &new->peer.transport_addr_list,
   1164				    transports)
   1165			if (!sctp_assoc_lookup_paddr(asoc, &trans->ipaddr) &&
   1166			    !sctp_assoc_add_peer(asoc, &trans->ipaddr,
   1167						 GFP_ATOMIC, trans->state))
   1168				return -ENOMEM;
   1169
   1170		asoc->ctsn_ack_point = asoc->next_tsn - 1;
   1171		asoc->adv_peer_ack_point = asoc->ctsn_ack_point;
   1172
   1173		if (sctp_state(asoc, COOKIE_WAIT))
   1174			sctp_stream_update(&asoc->stream, &new->stream);
   1175
   1176		/* get a new assoc id if we don't have one yet. */
   1177		if (sctp_assoc_set_id(asoc, GFP_ATOMIC))
   1178			return -ENOMEM;
   1179	}
   1180
   1181	/* SCTP-AUTH: Save the peer parameters from the new associations
   1182	 * and also move the association shared keys over
   1183	 */
   1184	kfree(asoc->peer.peer_random);
   1185	asoc->peer.peer_random = new->peer.peer_random;
   1186	new->peer.peer_random = NULL;
   1187
   1188	kfree(asoc->peer.peer_chunks);
   1189	asoc->peer.peer_chunks = new->peer.peer_chunks;
   1190	new->peer.peer_chunks = NULL;
   1191
   1192	kfree(asoc->peer.peer_hmacs);
   1193	asoc->peer.peer_hmacs = new->peer.peer_hmacs;
   1194	new->peer.peer_hmacs = NULL;
   1195
   1196	return sctp_auth_asoc_init_active_key(asoc, GFP_ATOMIC);
   1197}
   1198
   1199/* Update the retran path for sending a retransmitted packet.
   1200 * See also RFC4960, 6.4. Multi-Homed SCTP Endpoints:
   1201 *
   1202 *   When there is outbound data to send and the primary path
   1203 *   becomes inactive (e.g., due to failures), or where the
   1204 *   SCTP user explicitly requests to send data to an
   1205 *   inactive destination transport address, before reporting
   1206 *   an error to its ULP, the SCTP endpoint should try to send
   1207 *   the data to an alternate active destination transport
   1208 *   address if one exists.
   1209 *
   1210 *   When retransmitting data that timed out, if the endpoint
   1211 *   is multihomed, it should consider each source-destination
   1212 *   address pair in its retransmission selection policy.
   1213 *   When retransmitting timed-out data, the endpoint should
   1214 *   attempt to pick the most divergent source-destination
   1215 *   pair from the original source-destination pair to which
   1216 *   the packet was transmitted.
   1217 *
   1218 *   Note: Rules for picking the most divergent source-destination
   1219 *   pair are an implementation decision and are not specified
   1220 *   within this document.
   1221 *
   1222 * Our basic strategy is to round-robin transports in priorities
   1223 * according to sctp_trans_score() e.g., if no such
   1224 * transport with state SCTP_ACTIVE exists, round-robin through
   1225 * SCTP_UNKNOWN, etc. You get the picture.
   1226 */
   1227static u8 sctp_trans_score(const struct sctp_transport *trans)
   1228{
   1229	switch (trans->state) {
   1230	case SCTP_ACTIVE:
   1231		return 3;	/* best case */
   1232	case SCTP_UNKNOWN:
   1233		return 2;
   1234	case SCTP_PF:
   1235		return 1;
   1236	default: /* case SCTP_INACTIVE */
   1237		return 0;	/* worst case */
   1238	}
   1239}
   1240
   1241static struct sctp_transport *sctp_trans_elect_tie(struct sctp_transport *trans1,
   1242						   struct sctp_transport *trans2)
   1243{
   1244	if (trans1->error_count > trans2->error_count) {
   1245		return trans2;
   1246	} else if (trans1->error_count == trans2->error_count &&
   1247		   ktime_after(trans2->last_time_heard,
   1248			       trans1->last_time_heard)) {
   1249		return trans2;
   1250	} else {
   1251		return trans1;
   1252	}
   1253}
   1254
   1255static struct sctp_transport *sctp_trans_elect_best(struct sctp_transport *curr,
   1256						    struct sctp_transport *best)
   1257{
   1258	u8 score_curr, score_best;
   1259
   1260	if (best == NULL || curr == best)
   1261		return curr;
   1262
   1263	score_curr = sctp_trans_score(curr);
   1264	score_best = sctp_trans_score(best);
   1265
   1266	/* First, try a score-based selection if both transport states
   1267	 * differ. If we're in a tie, lets try to make a more clever
   1268	 * decision here based on error counts and last time heard.
   1269	 */
   1270	if (score_curr > score_best)
   1271		return curr;
   1272	else if (score_curr == score_best)
   1273		return sctp_trans_elect_tie(best, curr);
   1274	else
   1275		return best;
   1276}
   1277
   1278void sctp_assoc_update_retran_path(struct sctp_association *asoc)
   1279{
   1280	struct sctp_transport *trans = asoc->peer.retran_path;
   1281	struct sctp_transport *trans_next = NULL;
   1282
   1283	/* We're done as we only have the one and only path. */
   1284	if (asoc->peer.transport_count == 1)
   1285		return;
   1286	/* If active_path and retran_path are the same and active,
   1287	 * then this is the only active path. Use it.
   1288	 */
   1289	if (asoc->peer.active_path == asoc->peer.retran_path &&
   1290	    asoc->peer.active_path->state == SCTP_ACTIVE)
   1291		return;
   1292
   1293	/* Iterate from retran_path's successor back to retran_path. */
   1294	for (trans = list_next_entry(trans, transports); 1;
   1295	     trans = list_next_entry(trans, transports)) {
   1296		/* Manually skip the head element. */
   1297		if (&trans->transports == &asoc->peer.transport_addr_list)
   1298			continue;
   1299		if (trans->state == SCTP_UNCONFIRMED)
   1300			continue;
   1301		trans_next = sctp_trans_elect_best(trans, trans_next);
   1302		/* Active is good enough for immediate return. */
   1303		if (trans_next->state == SCTP_ACTIVE)
   1304			break;
   1305		/* We've reached the end, time to update path. */
   1306		if (trans == asoc->peer.retran_path)
   1307			break;
   1308	}
   1309
   1310	asoc->peer.retran_path = trans_next;
   1311
   1312	pr_debug("%s: association:%p updated new path to addr:%pISpc\n",
   1313		 __func__, asoc, &asoc->peer.retran_path->ipaddr.sa);
   1314}
   1315
   1316static void sctp_select_active_and_retran_path(struct sctp_association *asoc)
   1317{
   1318	struct sctp_transport *trans, *trans_pri = NULL, *trans_sec = NULL;
   1319	struct sctp_transport *trans_pf = NULL;
   1320
   1321	/* Look for the two most recently used active transports. */
   1322	list_for_each_entry(trans, &asoc->peer.transport_addr_list,
   1323			    transports) {
   1324		/* Skip uninteresting transports. */
   1325		if (trans->state == SCTP_INACTIVE ||
   1326		    trans->state == SCTP_UNCONFIRMED)
   1327			continue;
   1328		/* Keep track of the best PF transport from our
   1329		 * list in case we don't find an active one.
   1330		 */
   1331		if (trans->state == SCTP_PF) {
   1332			trans_pf = sctp_trans_elect_best(trans, trans_pf);
   1333			continue;
   1334		}
   1335		/* For active transports, pick the most recent ones. */
   1336		if (trans_pri == NULL ||
   1337		    ktime_after(trans->last_time_heard,
   1338				trans_pri->last_time_heard)) {
   1339			trans_sec = trans_pri;
   1340			trans_pri = trans;
   1341		} else if (trans_sec == NULL ||
   1342			   ktime_after(trans->last_time_heard,
   1343				       trans_sec->last_time_heard)) {
   1344			trans_sec = trans;
   1345		}
   1346	}
   1347
   1348	/* RFC 2960 6.4 Multi-Homed SCTP Endpoints
   1349	 *
   1350	 * By default, an endpoint should always transmit to the primary
   1351	 * path, unless the SCTP user explicitly specifies the
   1352	 * destination transport address (and possibly source transport
   1353	 * address) to use. [If the primary is active but not most recent,
   1354	 * bump the most recently used transport.]
   1355	 */
   1356	if ((asoc->peer.primary_path->state == SCTP_ACTIVE ||
   1357	     asoc->peer.primary_path->state == SCTP_UNKNOWN) &&
   1358	     asoc->peer.primary_path != trans_pri) {
   1359		trans_sec = trans_pri;
   1360		trans_pri = asoc->peer.primary_path;
   1361	}
   1362
   1363	/* We did not find anything useful for a possible retransmission
   1364	 * path; either primary path that we found is the same as
   1365	 * the current one, or we didn't generally find an active one.
   1366	 */
   1367	if (trans_sec == NULL)
   1368		trans_sec = trans_pri;
   1369
   1370	/* If we failed to find a usable transport, just camp on the
   1371	 * active or pick a PF iff it's the better choice.
   1372	 */
   1373	if (trans_pri == NULL) {
   1374		trans_pri = sctp_trans_elect_best(asoc->peer.active_path, trans_pf);
   1375		trans_sec = trans_pri;
   1376	}
   1377
   1378	/* Set the active and retran transports. */
   1379	asoc->peer.active_path = trans_pri;
   1380	asoc->peer.retran_path = trans_sec;
   1381}
   1382
   1383struct sctp_transport *
   1384sctp_assoc_choose_alter_transport(struct sctp_association *asoc,
   1385				  struct sctp_transport *last_sent_to)
   1386{
   1387	/* If this is the first time packet is sent, use the active path,
   1388	 * else use the retran path. If the last packet was sent over the
   1389	 * retran path, update the retran path and use it.
   1390	 */
   1391	if (last_sent_to == NULL) {
   1392		return asoc->peer.active_path;
   1393	} else {
   1394		if (last_sent_to == asoc->peer.retran_path)
   1395			sctp_assoc_update_retran_path(asoc);
   1396
   1397		return asoc->peer.retran_path;
   1398	}
   1399}
   1400
   1401void sctp_assoc_update_frag_point(struct sctp_association *asoc)
   1402{
   1403	int frag = sctp_mtu_payload(sctp_sk(asoc->base.sk), asoc->pathmtu,
   1404				    sctp_datachk_len(&asoc->stream));
   1405
   1406	if (asoc->user_frag)
   1407		frag = min_t(int, frag, asoc->user_frag);
   1408
   1409	frag = min_t(int, frag, SCTP_MAX_CHUNK_LEN -
   1410				sctp_datachk_len(&asoc->stream));
   1411
   1412	asoc->frag_point = SCTP_TRUNC4(frag);
   1413}
   1414
   1415void sctp_assoc_set_pmtu(struct sctp_association *asoc, __u32 pmtu)
   1416{
   1417	if (asoc->pathmtu != pmtu) {
   1418		asoc->pathmtu = pmtu;
   1419		sctp_assoc_update_frag_point(asoc);
   1420	}
   1421
   1422	pr_debug("%s: asoc:%p, pmtu:%d, frag_point:%d\n", __func__, asoc,
   1423		 asoc->pathmtu, asoc->frag_point);
   1424}
   1425
   1426/* Update the association's pmtu and frag_point by going through all the
   1427 * transports. This routine is called when a transport's PMTU has changed.
   1428 */
   1429void sctp_assoc_sync_pmtu(struct sctp_association *asoc)
   1430{
   1431	struct sctp_transport *t;
   1432	__u32 pmtu = 0;
   1433
   1434	if (!asoc)
   1435		return;
   1436
   1437	/* Get the lowest pmtu of all the transports. */
   1438	list_for_each_entry(t, &asoc->peer.transport_addr_list, transports) {
   1439		if (t->pmtu_pending && t->dst) {
   1440			sctp_transport_update_pmtu(t,
   1441						   atomic_read(&t->mtu_info));
   1442			t->pmtu_pending = 0;
   1443		}
   1444		if (!pmtu || (t->pathmtu < pmtu))
   1445			pmtu = t->pathmtu;
   1446	}
   1447
   1448	sctp_assoc_set_pmtu(asoc, pmtu);
   1449}
   1450
   1451/* Should we send a SACK to update our peer? */
   1452static inline bool sctp_peer_needs_update(struct sctp_association *asoc)
   1453{
   1454	struct net *net = asoc->base.net;
   1455
   1456	switch (asoc->state) {
   1457	case SCTP_STATE_ESTABLISHED:
   1458	case SCTP_STATE_SHUTDOWN_PENDING:
   1459	case SCTP_STATE_SHUTDOWN_RECEIVED:
   1460	case SCTP_STATE_SHUTDOWN_SENT:
   1461		if ((asoc->rwnd > asoc->a_rwnd) &&
   1462		    ((asoc->rwnd - asoc->a_rwnd) >= max_t(__u32,
   1463			   (asoc->base.sk->sk_rcvbuf >> net->sctp.rwnd_upd_shift),
   1464			   asoc->pathmtu)))
   1465			return true;
   1466		break;
   1467	default:
   1468		break;
   1469	}
   1470	return false;
   1471}
   1472
   1473/* Increase asoc's rwnd by len and send any window update SACK if needed. */
   1474void sctp_assoc_rwnd_increase(struct sctp_association *asoc, unsigned int len)
   1475{
   1476	struct sctp_chunk *sack;
   1477	struct timer_list *timer;
   1478
   1479	if (asoc->rwnd_over) {
   1480		if (asoc->rwnd_over >= len) {
   1481			asoc->rwnd_over -= len;
   1482		} else {
   1483			asoc->rwnd += (len - asoc->rwnd_over);
   1484			asoc->rwnd_over = 0;
   1485		}
   1486	} else {
   1487		asoc->rwnd += len;
   1488	}
   1489
   1490	/* If we had window pressure, start recovering it
   1491	 * once our rwnd had reached the accumulated pressure
   1492	 * threshold.  The idea is to recover slowly, but up
   1493	 * to the initial advertised window.
   1494	 */
   1495	if (asoc->rwnd_press) {
   1496		int change = min(asoc->pathmtu, asoc->rwnd_press);
   1497		asoc->rwnd += change;
   1498		asoc->rwnd_press -= change;
   1499	}
   1500
   1501	pr_debug("%s: asoc:%p rwnd increased by %d to (%u, %u) - %u\n",
   1502		 __func__, asoc, len, asoc->rwnd, asoc->rwnd_over,
   1503		 asoc->a_rwnd);
   1504
   1505	/* Send a window update SACK if the rwnd has increased by at least the
   1506	 * minimum of the association's PMTU and half of the receive buffer.
   1507	 * The algorithm used is similar to the one described in
   1508	 * Section 4.2.3.3 of RFC 1122.
   1509	 */
   1510	if (sctp_peer_needs_update(asoc)) {
   1511		asoc->a_rwnd = asoc->rwnd;
   1512
   1513		pr_debug("%s: sending window update SACK- asoc:%p rwnd:%u "
   1514			 "a_rwnd:%u\n", __func__, asoc, asoc->rwnd,
   1515			 asoc->a_rwnd);
   1516
   1517		sack = sctp_make_sack(asoc);
   1518		if (!sack)
   1519			return;
   1520
   1521		asoc->peer.sack_needed = 0;
   1522
   1523		sctp_outq_tail(&asoc->outqueue, sack, GFP_ATOMIC);
   1524
   1525		/* Stop the SACK timer.  */
   1526		timer = &asoc->timers[SCTP_EVENT_TIMEOUT_SACK];
   1527		if (del_timer(timer))
   1528			sctp_association_put(asoc);
   1529	}
   1530}
   1531
   1532/* Decrease asoc's rwnd by len. */
   1533void sctp_assoc_rwnd_decrease(struct sctp_association *asoc, unsigned int len)
   1534{
   1535	int rx_count;
   1536	int over = 0;
   1537
   1538	if (unlikely(!asoc->rwnd || asoc->rwnd_over))
   1539		pr_debug("%s: association:%p has asoc->rwnd:%u, "
   1540			 "asoc->rwnd_over:%u!\n", __func__, asoc,
   1541			 asoc->rwnd, asoc->rwnd_over);
   1542
   1543	if (asoc->ep->rcvbuf_policy)
   1544		rx_count = atomic_read(&asoc->rmem_alloc);
   1545	else
   1546		rx_count = atomic_read(&asoc->base.sk->sk_rmem_alloc);
   1547
   1548	/* If we've reached or overflowed our receive buffer, announce
   1549	 * a 0 rwnd if rwnd would still be positive.  Store the
   1550	 * potential pressure overflow so that the window can be restored
   1551	 * back to original value.
   1552	 */
   1553	if (rx_count >= asoc->base.sk->sk_rcvbuf)
   1554		over = 1;
   1555
   1556	if (asoc->rwnd >= len) {
   1557		asoc->rwnd -= len;
   1558		if (over) {
   1559			asoc->rwnd_press += asoc->rwnd;
   1560			asoc->rwnd = 0;
   1561		}
   1562	} else {
   1563		asoc->rwnd_over += len - asoc->rwnd;
   1564		asoc->rwnd = 0;
   1565	}
   1566
   1567	pr_debug("%s: asoc:%p rwnd decreased by %d to (%u, %u, %u)\n",
   1568		 __func__, asoc, len, asoc->rwnd, asoc->rwnd_over,
   1569		 asoc->rwnd_press);
   1570}
   1571
   1572/* Build the bind address list for the association based on info from the
   1573 * local endpoint and the remote peer.
   1574 */
   1575int sctp_assoc_set_bind_addr_from_ep(struct sctp_association *asoc,
   1576				     enum sctp_scope scope, gfp_t gfp)
   1577{
   1578	struct sock *sk = asoc->base.sk;
   1579	int flags;
   1580
   1581	/* Use scoping rules to determine the subset of addresses from
   1582	 * the endpoint.
   1583	 */
   1584	flags = (PF_INET6 == sk->sk_family) ? SCTP_ADDR6_ALLOWED : 0;
   1585	if (!inet_v6_ipv6only(sk))
   1586		flags |= SCTP_ADDR4_ALLOWED;
   1587	if (asoc->peer.ipv4_address)
   1588		flags |= SCTP_ADDR4_PEERSUPP;
   1589	if (asoc->peer.ipv6_address)
   1590		flags |= SCTP_ADDR6_PEERSUPP;
   1591
   1592	return sctp_bind_addr_copy(asoc->base.net,
   1593				   &asoc->base.bind_addr,
   1594				   &asoc->ep->base.bind_addr,
   1595				   scope, gfp, flags);
   1596}
   1597
   1598/* Build the association's bind address list from the cookie.  */
   1599int sctp_assoc_set_bind_addr_from_cookie(struct sctp_association *asoc,
   1600					 struct sctp_cookie *cookie,
   1601					 gfp_t gfp)
   1602{
   1603	int var_size2 = ntohs(cookie->peer_init->chunk_hdr.length);
   1604	int var_size3 = cookie->raw_addr_list_len;
   1605	__u8 *raw = (__u8 *)cookie->peer_init + var_size2;
   1606
   1607	return sctp_raw_to_bind_addrs(&asoc->base.bind_addr, raw, var_size3,
   1608				      asoc->ep->base.bind_addr.port, gfp);
   1609}
   1610
   1611/* Lookup laddr in the bind address list of an association. */
   1612int sctp_assoc_lookup_laddr(struct sctp_association *asoc,
   1613			    const union sctp_addr *laddr)
   1614{
   1615	int found = 0;
   1616
   1617	if ((asoc->base.bind_addr.port == ntohs(laddr->v4.sin_port)) &&
   1618	    sctp_bind_addr_match(&asoc->base.bind_addr, laddr,
   1619				 sctp_sk(asoc->base.sk)))
   1620		found = 1;
   1621
   1622	return found;
   1623}
   1624
   1625/* Set an association id for a given association */
   1626int sctp_assoc_set_id(struct sctp_association *asoc, gfp_t gfp)
   1627{
   1628	bool preload = gfpflags_allow_blocking(gfp);
   1629	int ret;
   1630
   1631	/* If the id is already assigned, keep it. */
   1632	if (asoc->assoc_id)
   1633		return 0;
   1634
   1635	if (preload)
   1636		idr_preload(gfp);
   1637	spin_lock_bh(&sctp_assocs_id_lock);
   1638	/* 0, 1, 2 are used as SCTP_FUTURE_ASSOC, SCTP_CURRENT_ASSOC and
   1639	 * SCTP_ALL_ASSOC, so an available id must be > SCTP_ALL_ASSOC.
   1640	 */
   1641	ret = idr_alloc_cyclic(&sctp_assocs_id, asoc, SCTP_ALL_ASSOC + 1, 0,
   1642			       GFP_NOWAIT);
   1643	spin_unlock_bh(&sctp_assocs_id_lock);
   1644	if (preload)
   1645		idr_preload_end();
   1646	if (ret < 0)
   1647		return ret;
   1648
   1649	asoc->assoc_id = (sctp_assoc_t)ret;
   1650	return 0;
   1651}
   1652
   1653/* Free the ASCONF queue */
   1654static void sctp_assoc_free_asconf_queue(struct sctp_association *asoc)
   1655{
   1656	struct sctp_chunk *asconf;
   1657	struct sctp_chunk *tmp;
   1658
   1659	list_for_each_entry_safe(asconf, tmp, &asoc->addip_chunk_list, list) {
   1660		list_del_init(&asconf->list);
   1661		sctp_chunk_free(asconf);
   1662	}
   1663}
   1664
   1665/* Free asconf_ack cache */
   1666static void sctp_assoc_free_asconf_acks(struct sctp_association *asoc)
   1667{
   1668	struct sctp_chunk *ack;
   1669	struct sctp_chunk *tmp;
   1670
   1671	list_for_each_entry_safe(ack, tmp, &asoc->asconf_ack_list,
   1672				transmitted_list) {
   1673		list_del_init(&ack->transmitted_list);
   1674		sctp_chunk_free(ack);
   1675	}
   1676}
   1677
   1678/* Clean up the ASCONF_ACK queue */
   1679void sctp_assoc_clean_asconf_ack_cache(const struct sctp_association *asoc)
   1680{
   1681	struct sctp_chunk *ack;
   1682	struct sctp_chunk *tmp;
   1683
   1684	/* We can remove all the entries from the queue up to
   1685	 * the "Peer-Sequence-Number".
   1686	 */
   1687	list_for_each_entry_safe(ack, tmp, &asoc->asconf_ack_list,
   1688				transmitted_list) {
   1689		if (ack->subh.addip_hdr->serial ==
   1690				htonl(asoc->peer.addip_serial))
   1691			break;
   1692
   1693		list_del_init(&ack->transmitted_list);
   1694		sctp_chunk_free(ack);
   1695	}
   1696}
   1697
   1698/* Find the ASCONF_ACK whose serial number matches ASCONF */
   1699struct sctp_chunk *sctp_assoc_lookup_asconf_ack(
   1700					const struct sctp_association *asoc,
   1701					__be32 serial)
   1702{
   1703	struct sctp_chunk *ack;
   1704
   1705	/* Walk through the list of cached ASCONF-ACKs and find the
   1706	 * ack chunk whose serial number matches that of the request.
   1707	 */
   1708	list_for_each_entry(ack, &asoc->asconf_ack_list, transmitted_list) {
   1709		if (sctp_chunk_pending(ack))
   1710			continue;
   1711		if (ack->subh.addip_hdr->serial == serial) {
   1712			sctp_chunk_hold(ack);
   1713			return ack;
   1714		}
   1715	}
   1716
   1717	return NULL;
   1718}
   1719
   1720void sctp_asconf_queue_teardown(struct sctp_association *asoc)
   1721{
   1722	/* Free any cached ASCONF_ACK chunk. */
   1723	sctp_assoc_free_asconf_acks(asoc);
   1724
   1725	/* Free the ASCONF queue. */
   1726	sctp_assoc_free_asconf_queue(asoc);
   1727
   1728	/* Free any cached ASCONF chunk. */
   1729	if (asoc->addip_last_asconf)
   1730		sctp_chunk_free(asoc->addip_last_asconf);
   1731}