dccp: fix use-after-free in dccp_feat_activate_values
[linux/fpc-iii.git] / net / ipv6 / ip6_offload.c
blobfc7b4017ba241f9dd39d49bd6258ecd4a16e3a3a
1 /*
2 * IPV6 GSO/GRO offload support
3 * Linux INET6 implementation
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version
8 * 2 of the License, or (at your option) any later version.
9 */
11 #include <linux/kernel.h>
12 #include <linux/socket.h>
13 #include <linux/netdevice.h>
14 #include <linux/skbuff.h>
15 #include <linux/printk.h>
17 #include <net/protocol.h>
18 #include <net/ipv6.h>
19 #include <net/inet_common.h>
21 #include "ip6_offload.h"
23 static int ipv6_gso_pull_exthdrs(struct sk_buff *skb, int proto)
25 const struct net_offload *ops = NULL;
27 for (;;) {
28 struct ipv6_opt_hdr *opth;
29 int len;
31 if (proto != NEXTHDR_HOP) {
32 ops = rcu_dereference(inet6_offloads[proto]);
34 if (unlikely(!ops))
35 break;
37 if (!(ops->flags & INET6_PROTO_GSO_EXTHDR))
38 break;
41 if (unlikely(!pskb_may_pull(skb, 8)))
42 break;
44 opth = (void *)skb->data;
45 len = ipv6_optlen(opth);
47 if (unlikely(!pskb_may_pull(skb, len)))
48 break;
50 opth = (void *)skb->data;
51 proto = opth->nexthdr;
52 __skb_pull(skb, len);
55 return proto;
58 static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb,
59 netdev_features_t features)
61 struct sk_buff *segs = ERR_PTR(-EINVAL);
62 struct ipv6hdr *ipv6h;
63 const struct net_offload *ops;
64 int proto;
65 struct frag_hdr *fptr;
66 unsigned int unfrag_ip6hlen;
67 unsigned int payload_len;
68 u8 *prevhdr;
69 int offset = 0;
70 bool encap, udpfrag;
71 int nhoff;
72 bool gso_partial;
74 skb_reset_network_header(skb);
75 nhoff = skb_network_header(skb) - skb_mac_header(skb);
76 if (unlikely(!pskb_may_pull(skb, sizeof(*ipv6h))))
77 goto out;
79 encap = SKB_GSO_CB(skb)->encap_level > 0;
80 if (encap)
81 features &= skb->dev->hw_enc_features;
82 SKB_GSO_CB(skb)->encap_level += sizeof(*ipv6h);
84 ipv6h = ipv6_hdr(skb);
85 __skb_pull(skb, sizeof(*ipv6h));
86 segs = ERR_PTR(-EPROTONOSUPPORT);
88 proto = ipv6_gso_pull_exthdrs(skb, ipv6h->nexthdr);
90 if (skb->encapsulation &&
91 skb_shinfo(skb)->gso_type & (SKB_GSO_IPXIP4 | SKB_GSO_IPXIP6))
92 udpfrag = proto == IPPROTO_UDP && encap;
93 else
94 udpfrag = proto == IPPROTO_UDP && !skb->encapsulation;
96 ops = rcu_dereference(inet6_offloads[proto]);
97 if (likely(ops && ops->callbacks.gso_segment)) {
98 skb_reset_transport_header(skb);
99 segs = ops->callbacks.gso_segment(skb, features);
102 if (IS_ERR_OR_NULL(segs))
103 goto out;
105 gso_partial = !!(skb_shinfo(segs)->gso_type & SKB_GSO_PARTIAL);
107 for (skb = segs; skb; skb = skb->next) {
108 ipv6h = (struct ipv6hdr *)(skb_mac_header(skb) + nhoff);
109 if (gso_partial)
110 payload_len = skb_shinfo(skb)->gso_size +
111 SKB_GSO_CB(skb)->data_offset +
112 skb->head - (unsigned char *)(ipv6h + 1);
113 else
114 payload_len = skb->len - nhoff - sizeof(*ipv6h);
115 ipv6h->payload_len = htons(payload_len);
116 skb->network_header = (u8 *)ipv6h - skb->head;
118 if (udpfrag) {
119 unfrag_ip6hlen = ip6_find_1stfragopt(skb, &prevhdr);
120 fptr = (struct frag_hdr *)((u8 *)ipv6h + unfrag_ip6hlen);
121 fptr->frag_off = htons(offset);
122 if (skb->next)
123 fptr->frag_off |= htons(IP6_MF);
124 offset += (ntohs(ipv6h->payload_len) -
125 sizeof(struct frag_hdr));
127 if (encap)
128 skb_reset_inner_headers(skb);
131 out:
132 return segs;
135 /* Return the total length of all the extension hdrs, following the same
136 * logic in ipv6_gso_pull_exthdrs() when parsing ext-hdrs.
138 static int ipv6_exthdrs_len(struct ipv6hdr *iph,
139 const struct net_offload **opps)
141 struct ipv6_opt_hdr *opth = (void *)iph;
142 int len = 0, proto, optlen = sizeof(*iph);
144 proto = iph->nexthdr;
145 for (;;) {
146 if (proto != NEXTHDR_HOP) {
147 *opps = rcu_dereference(inet6_offloads[proto]);
148 if (unlikely(!(*opps)))
149 break;
150 if (!((*opps)->flags & INET6_PROTO_GSO_EXTHDR))
151 break;
153 opth = (void *)opth + optlen;
154 optlen = ipv6_optlen(opth);
155 len += optlen;
156 proto = opth->nexthdr;
158 return len;
161 static struct sk_buff **ipv6_gro_receive(struct sk_buff **head,
162 struct sk_buff *skb)
164 const struct net_offload *ops;
165 struct sk_buff **pp = NULL;
166 struct sk_buff *p;
167 struct ipv6hdr *iph;
168 unsigned int nlen;
169 unsigned int hlen;
170 unsigned int off;
171 u16 flush = 1;
172 int proto;
174 off = skb_gro_offset(skb);
175 hlen = off + sizeof(*iph);
176 iph = skb_gro_header_fast(skb, off);
177 if (skb_gro_header_hard(skb, hlen)) {
178 iph = skb_gro_header_slow(skb, hlen, off);
179 if (unlikely(!iph))
180 goto out;
183 skb_set_network_header(skb, off);
184 skb_gro_pull(skb, sizeof(*iph));
185 skb_set_transport_header(skb, skb_gro_offset(skb));
187 flush += ntohs(iph->payload_len) != skb_gro_len(skb);
189 rcu_read_lock();
190 proto = iph->nexthdr;
191 ops = rcu_dereference(inet6_offloads[proto]);
192 if (!ops || !ops->callbacks.gro_receive) {
193 __pskb_pull(skb, skb_gro_offset(skb));
194 skb_gro_frag0_invalidate(skb);
195 proto = ipv6_gso_pull_exthdrs(skb, proto);
196 skb_gro_pull(skb, -skb_transport_offset(skb));
197 skb_reset_transport_header(skb);
198 __skb_push(skb, skb_gro_offset(skb));
200 ops = rcu_dereference(inet6_offloads[proto]);
201 if (!ops || !ops->callbacks.gro_receive)
202 goto out_unlock;
204 iph = ipv6_hdr(skb);
207 NAPI_GRO_CB(skb)->proto = proto;
209 flush--;
210 nlen = skb_network_header_len(skb);
212 for (p = *head; p; p = p->next) {
213 const struct ipv6hdr *iph2;
214 __be32 first_word; /* <Version:4><Traffic_Class:8><Flow_Label:20> */
216 if (!NAPI_GRO_CB(p)->same_flow)
217 continue;
219 iph2 = (struct ipv6hdr *)(p->data + off);
220 first_word = *(__be32 *)iph ^ *(__be32 *)iph2;
222 /* All fields must match except length and Traffic Class.
223 * XXX skbs on the gro_list have all been parsed and pulled
224 * already so we don't need to compare nlen
225 * (nlen != (sizeof(*iph2) + ipv6_exthdrs_len(iph2, &ops)))
226 * memcmp() alone below is suffcient, right?
228 if ((first_word & htonl(0xF00FFFFF)) ||
229 memcmp(&iph->nexthdr, &iph2->nexthdr,
230 nlen - offsetof(struct ipv6hdr, nexthdr))) {
231 NAPI_GRO_CB(p)->same_flow = 0;
232 continue;
234 /* flush if Traffic Class fields are different */
235 NAPI_GRO_CB(p)->flush |= !!(first_word & htonl(0x0FF00000));
236 NAPI_GRO_CB(p)->flush |= flush;
238 /* If the previous IP ID value was based on an atomic
239 * datagram we can overwrite the value and ignore it.
241 if (NAPI_GRO_CB(skb)->is_atomic)
242 NAPI_GRO_CB(p)->flush_id = 0;
245 NAPI_GRO_CB(skb)->is_atomic = true;
246 NAPI_GRO_CB(skb)->flush |= flush;
248 skb_gro_postpull_rcsum(skb, iph, nlen);
250 pp = call_gro_receive(ops->callbacks.gro_receive, head, skb);
252 out_unlock:
253 rcu_read_unlock();
255 out:
256 NAPI_GRO_CB(skb)->flush |= flush;
258 return pp;
261 static struct sk_buff **sit_ip6ip6_gro_receive(struct sk_buff **head,
262 struct sk_buff *skb)
264 /* Common GRO receive for SIT and IP6IP6 */
266 if (NAPI_GRO_CB(skb)->encap_mark) {
267 NAPI_GRO_CB(skb)->flush = 1;
268 return NULL;
271 NAPI_GRO_CB(skb)->encap_mark = 1;
273 return ipv6_gro_receive(head, skb);
276 static struct sk_buff **ip4ip6_gro_receive(struct sk_buff **head,
277 struct sk_buff *skb)
279 /* Common GRO receive for SIT and IP6IP6 */
281 if (NAPI_GRO_CB(skb)->encap_mark) {
282 NAPI_GRO_CB(skb)->flush = 1;
283 return NULL;
286 NAPI_GRO_CB(skb)->encap_mark = 1;
288 return inet_gro_receive(head, skb);
291 static int ipv6_gro_complete(struct sk_buff *skb, int nhoff)
293 const struct net_offload *ops;
294 struct ipv6hdr *iph = (struct ipv6hdr *)(skb->data + nhoff);
295 int err = -ENOSYS;
297 if (skb->encapsulation)
298 skb_set_inner_network_header(skb, nhoff);
300 iph->payload_len = htons(skb->len - nhoff - sizeof(*iph));
302 rcu_read_lock();
304 nhoff += sizeof(*iph) + ipv6_exthdrs_len(iph, &ops);
305 if (WARN_ON(!ops || !ops->callbacks.gro_complete))
306 goto out_unlock;
308 err = ops->callbacks.gro_complete(skb, nhoff);
310 out_unlock:
311 rcu_read_unlock();
313 return err;
316 static int sit_gro_complete(struct sk_buff *skb, int nhoff)
318 skb->encapsulation = 1;
319 skb_shinfo(skb)->gso_type |= SKB_GSO_IPXIP4;
320 return ipv6_gro_complete(skb, nhoff);
323 static int ip6ip6_gro_complete(struct sk_buff *skb, int nhoff)
325 skb->encapsulation = 1;
326 skb_shinfo(skb)->gso_type |= SKB_GSO_IPXIP6;
327 return ipv6_gro_complete(skb, nhoff);
330 static int ip4ip6_gro_complete(struct sk_buff *skb, int nhoff)
332 skb->encapsulation = 1;
333 skb_shinfo(skb)->gso_type |= SKB_GSO_IPXIP6;
334 return inet_gro_complete(skb, nhoff);
337 static struct packet_offload ipv6_packet_offload __read_mostly = {
338 .type = cpu_to_be16(ETH_P_IPV6),
339 .callbacks = {
340 .gso_segment = ipv6_gso_segment,
341 .gro_receive = ipv6_gro_receive,
342 .gro_complete = ipv6_gro_complete,
346 static const struct net_offload sit_offload = {
347 .callbacks = {
348 .gso_segment = ipv6_gso_segment,
349 .gro_receive = sit_ip6ip6_gro_receive,
350 .gro_complete = sit_gro_complete,
354 static const struct net_offload ip4ip6_offload = {
355 .callbacks = {
356 .gso_segment = inet_gso_segment,
357 .gro_receive = ip4ip6_gro_receive,
358 .gro_complete = ip4ip6_gro_complete,
362 static const struct net_offload ip6ip6_offload = {
363 .callbacks = {
364 .gso_segment = ipv6_gso_segment,
365 .gro_receive = sit_ip6ip6_gro_receive,
366 .gro_complete = ip6ip6_gro_complete,
369 static int __init ipv6_offload_init(void)
372 if (tcpv6_offload_init() < 0)
373 pr_crit("%s: Cannot add TCP protocol offload\n", __func__);
374 if (ipv6_exthdrs_offload_init() < 0)
375 pr_crit("%s: Cannot add EXTHDRS protocol offload\n", __func__);
377 dev_add_offload(&ipv6_packet_offload);
379 inet_add_offload(&sit_offload, IPPROTO_IPV6);
380 inet6_add_offload(&ip6ip6_offload, IPPROTO_IPV6);
381 inet6_add_offload(&ip4ip6_offload, IPPROTO_IPIP);
383 return 0;
386 fs_initcall(ipv6_offload_init);