1/* $KAME: uipc_mbuf2.c,v 1.31 2001/11/28 11:08:53 itojun Exp $ */ 2/* $NetBSD: uipc_mbuf.c,v 1.40 1999/04/01 00:23:25 thorpej Exp $ */ 3 4/*- 5 * SPDX-License-Identifier: BSD-3-Clause 6 * 7 * Copyright (C) 1999 WIDE Project. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the project nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34/*- 35 * Copyright (c) 1982, 1986, 1988, 1991, 1993 36 * The Regents of the University of California. All rights reserved. 37 * 38 * Redistribution and use in source and binary forms, with or without 39 * modification, are permitted provided that the following conditions 40 * are met: 41 * 1. Redistributions of source code must retain the above copyright 42 * notice, this list of conditions and the following disclaimer. 43 * 2. Redistributions in binary form must reproduce the above copyright 44 * notice, this list of conditions and the following disclaimer in the 45 * documentation and/or other materials provided with the distribution. 46 * 3. Neither the name of the University nor the names of its contributors 47 * may be used to endorse or promote products derived from this software 48 * without specific prior written permission. 49 * 50 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 51 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 53 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 54 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 55 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 56 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 58 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 59 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 60 * SUCH DAMAGE. 61 */ 62 63#include <sys/cdefs.h> 64/*#define PULLDOWN_DEBUG*/ 65 66#include <sys/param.h> 67#include <sys/systm.h> 68#include <sys/kernel.h> 69#include <sys/lock.h> 70#include <sys/malloc.h> 71#include <sys/mbuf.h> 72#include <sys/mutex.h> 73 74#include <security/mac/mac_framework.h> 75 76static MALLOC_DEFINE(M_PACKET_TAGS, MBUF_TAG_MEM_NAME, 77 "packet-attached information"); 78 79/* can't call it m_dup(), as freebsd[34] uses m_dup() with different arg */ 80static struct mbuf *m_dup1(struct mbuf *, int, int, int); 81 82/* 83 * ensure that [off, off + len) is contiguous on the mbuf chain "m". 84 * packet chain before "off" is kept untouched. 85 * if offp == NULL, the target will start at <retval, 0> on resulting chain. 86 * if offp != NULL, the target will start at <retval, *offp> on resulting chain. 87 * 88 * on error return (NULL return value), original "m" will be freed. 89 * 90 * XXX: M_TRAILINGSPACE/M_LEADINGSPACE only permitted on writable ext_buf. 91 */ 92struct mbuf * 93m_pulldown(struct mbuf *m, int off, int len, int *offp) 94{ 95 struct mbuf *n, *o; 96 int hlen, tlen, olen; 97 int writable; 98 99 /* check invalid arguments. */ 100 KASSERT(m != NULL, ("%s: fix caller: m is NULL off %d len %d offp %p\n", 101 __func__, off, len, offp)); 102 if (len > MCLBYTES) { 103 m_freem(m); 104 return NULL; /* impossible */ 105 } 106 107#ifdef PULLDOWN_DEBUG 108 { 109 struct mbuf *t; 110 printf("before:"); 111 for (t = m; t; t = t->m_next) 112 printf(" %d", t->m_len); 113 printf("\n"); 114 } 115#endif 116 n = m; 117 while (n != NULL && off > 0) { 118 if (n->m_len > off) 119 break; 120 off -= n->m_len; 121 n = n->m_next; 122 } 123 /* be sure to point non-empty mbuf */ 124 while (n != NULL && n->m_len == 0) 125 n = n->m_next; 126 if (!n) { 127 m_freem(m); 128 return NULL; /* mbuf chain too short */ 129 } 130 131 /* 132 * The following comment is dated but still partially applies: 133 * 134 * XXX: This code is flawed because it considers a "writable" mbuf 135 * data region to require all of the following: 136 * (i) mbuf _has_ to have M_EXT set; if it is just a regular 137 * mbuf, it is still not considered "writable." 138 * (ii) since mbuf has M_EXT, the ext_type _has_ to be 139 * EXT_CLUSTER. Anything else makes it non-writable. 140 * (iii) M_WRITABLE() must evaluate true. 141 * Ideally, the requirement should only be (iii). 142 * 143 * If we're writable, we're sure we're writable, because the ref. count 144 * cannot increase from 1, as that would require possession of mbuf 145 * n by someone else (which is impossible). However, if we're _not_ 146 * writable, we may eventually become writable )if the ref. count drops 147 * to 1), but we'll fail to notice it unless we re-evaluate 148 * M_WRITABLE(). For now, we only evaluate once at the beginning and 149 * live with this. 150 */ 151 writable = 0; 152 if ((n->m_flags & M_EXT) == 0 || 153 (n->m_ext.ext_type == EXT_CLUSTER && M_WRITABLE(n))) 154 writable = 1; 155 156 /* 157 * the target data is on <n, off>. 158 * if we got enough data on the mbuf "n", we're done. 159 */ 160 if ((off == 0 || offp) && len <= n->m_len - off) 161 goto ok; 162 163 /* 164 * when len <= n->m_len - off and off != 0, it is a special case. 165 * len bytes from <n, off> sits in single mbuf, but the caller does 166 * not like the starting position (off). 167 * chop the current mbuf into two pieces, set off to 0. 168 */ 169 if (len <= n->m_len - off) { 170 o = m_dup1(n, off, n->m_len - off, M_NOWAIT); 171 if (o == NULL) { 172 m_freem(m); 173 return NULL; /* ENOBUFS */ 174 } 175 n->m_len = off; 176 o->m_next = n->m_next; 177 n->m_next = o; 178 n = n->m_next; 179 off = 0; 180 goto ok; 181 } 182 183 /* 184 * we need to take hlen from <n, off> and tlen from <n->m_next, 0>, 185 * and construct contiguous mbuf with m_len == len. 186 * note that hlen + tlen == len, and tlen > 0. 187 */ 188 hlen = n->m_len - off; 189 tlen = len - hlen; 190 191 /* 192 * ensure that we have enough trailing data on mbuf chain. 193 * if not, we can do nothing about the chain. 194 */ 195 olen = 0; 196 for (o = n->m_next; o != NULL; o = o->m_next) 197 olen += o->m_len; 198 if (hlen + olen < len) { 199 m_freem(m); 200 return NULL; /* mbuf chain too short */ 201 } 202 203 /* 204 * easy cases first. 205 * we need to use m_copydata() to get data from <n->m_next, 0>. 206 */ 207 if ((off == 0 || offp) && M_TRAILINGSPACE(n) >= tlen 208 && writable) { 209 m_copydata(n->m_next, 0, tlen, mtod(n, caddr_t) + n->m_len); 210 n->m_len += tlen; 211 m_adj(n->m_next, tlen); 212 goto ok; 213 } 214 if ((off == 0 || offp) && M_LEADINGSPACE(n->m_next) >= hlen 215 && writable && n->m_next->m_len >= tlen) { 216 n->m_next->m_data -= hlen; 217 n->m_next->m_len += hlen; 218 bcopy(mtod(n, caddr_t) + off, mtod(n->m_next, caddr_t), hlen); 219 n->m_len -= hlen; 220 n = n->m_next; 221 off = 0; 222 goto ok; 223 } 224 225 /* 226 * now, we need to do the hard way. don't m_copy as there's no room 227 * on both end. 228 */ 229 if (len > MLEN) 230 o = m_getcl(M_NOWAIT, m->m_type, 0); 231 else 232 o = m_get(M_NOWAIT, m->m_type); 233 if (!o) { 234 m_freem(m); 235 return NULL; /* ENOBUFS */ 236 } 237 /* get hlen from <n, off> into <o, 0> */ 238 o->m_len = hlen; 239 bcopy(mtod(n, caddr_t) + off, mtod(o, caddr_t), hlen); 240 n->m_len -= hlen; 241 /* get tlen from <n->m_next, 0> into <o, hlen> */ 242 m_copydata(n->m_next, 0, tlen, mtod(o, caddr_t) + o->m_len); 243 o->m_len += tlen; 244 m_adj(n->m_next, tlen); 245 o->m_next = n->m_next; 246 n->m_next = o; 247 n = o; 248 off = 0; 249 250ok: 251#ifdef PULLDOWN_DEBUG 252 { 253 struct mbuf *t; 254 printf("after:"); 255 for (t = m; t; t = t->m_next) 256 printf("%c%d", t == n ? '*' : ' ', t->m_len); 257 printf(" (off=%d)\n", off); 258 } 259#endif 260 if (offp) 261 *offp = off; 262 return n; 263} 264 265static struct mbuf * 266m_dup1(struct mbuf *m, int off, int len, int wait) 267{ 268 struct mbuf *n; 269 int copyhdr; 270 271 if (len > MCLBYTES) 272 return NULL; 273 if (off == 0 && (m->m_flags & M_PKTHDR) != 0) 274 copyhdr = 1; 275 else 276 copyhdr = 0; 277 if (len >= MINCLSIZE) { 278 if (copyhdr == 1) 279 n = m_getcl(wait, m->m_type, M_PKTHDR); 280 else 281 n = m_getcl(wait, m->m_type, 0); 282 } else { 283 if (copyhdr == 1) 284 n = m_gethdr(wait, m->m_type); 285 else 286 n = m_get(wait, m->m_type); 287 } 288 if (!n) 289 return NULL; /* ENOBUFS */ 290 291 if (copyhdr && !m_dup_pkthdr(n, m, wait)) { 292 m_free(n); 293 return NULL; 294 } 295 m_copydata(m, off, len, mtod(n, caddr_t)); 296 n->m_len = len; 297 return n; 298} 299 300/* Free a packet tag. */ 301void 302m_tag_free_default(struct m_tag *t) 303{ 304#ifdef MAC 305 if (t->m_tag_id == PACKET_TAG_MACLABEL) 306 mac_mbuf_tag_destroy(t); 307#endif 308 free(t, M_PACKET_TAGS); 309} 310 311/* Get a packet tag structure along with specified data following. */ 312struct m_tag * 313m_tag_alloc(uint32_t cookie, uint16_t type, int len, int wait) 314{ 315 struct m_tag *t; 316 317 MBUF_CHECKSLEEP(wait); 318 if (len < 0) 319 return NULL; 320 t = malloc(len + sizeof(struct m_tag), M_PACKET_TAGS, wait); 321 if (t == NULL) 322 return NULL; 323 m_tag_setup(t, cookie, type, len); 324 t->m_tag_free = m_tag_free_default; 325 return t; 326} 327 328/* Unlink and free a packet tag. */ 329void 330m_tag_delete(struct mbuf *m, struct m_tag *t) 331{ 332 333 KASSERT(m && t, ("m_tag_delete: null argument, m %p t %p", m, t)); 334 m_tag_unlink(m, t); 335 m_tag_free(t); 336} 337 338/* Unlink and free a packet tag chain, starting from given tag. */ 339void 340m_tag_delete_chain(struct mbuf *m, struct m_tag *t) 341{ 342 struct m_tag *p, *q; 343 344 KASSERT(m, ("m_tag_delete_chain: null mbuf")); 345 if (t != NULL) 346 p = t; 347 else 348 p = SLIST_FIRST(&m->m_pkthdr.tags); 349 if (p == NULL) 350 return; 351 while ((q = SLIST_NEXT(p, m_tag_link)) != NULL) 352 m_tag_delete(m, q); 353 m_tag_delete(m, p); 354} 355 356/* 357 * Strip off all tags that would normally vanish when 358 * passing through a network interface. Only persistent 359 * tags will exist after this; these are expected to remain 360 * so long as the mbuf chain exists, regardless of the 361 * path the mbufs take. 362 */ 363void 364m_tag_delete_nonpersistent(struct mbuf *m) 365{ 366 struct m_tag *p, *q; 367 368 SLIST_FOREACH_SAFE(p, &m->m_pkthdr.tags, m_tag_link, q) 369 if ((p->m_tag_id & MTAG_PERSISTENT) == 0) 370 m_tag_delete(m, p); 371} 372 373/* Find a tag, starting from a given position. */ 374struct m_tag * 375m_tag_locate(struct mbuf *m, uint32_t cookie, uint16_t type, struct m_tag *t) 376{ 377 struct m_tag *p; 378 379 KASSERT(m, ("m_tag_locate: null mbuf")); 380 if (t == NULL) 381 p = SLIST_FIRST(&m->m_pkthdr.tags); 382 else 383 p = SLIST_NEXT(t, m_tag_link); 384 while (p != NULL) { 385 if (p->m_tag_cookie == cookie && p->m_tag_id == type) 386 return p; 387 p = SLIST_NEXT(p, m_tag_link); 388 } 389 return NULL; 390} 391 392/* Copy a single tag. */ 393struct m_tag * 394m_tag_copy(struct m_tag *t, int how) 395{ 396 struct m_tag *p; 397 398 MBUF_CHECKSLEEP(how); 399 KASSERT(t, ("m_tag_copy: null tag")); 400 p = m_tag_alloc(t->m_tag_cookie, t->m_tag_id, t->m_tag_len, how); 401 if (p == NULL) 402 return (NULL); 403#ifdef MAC 404 /* 405 * XXXMAC: we should probably pass off the initialization, and 406 * copying here? can we hide that PACKET_TAG_MACLABEL is 407 * special from the mbuf code? 408 */ 409 if (t->m_tag_id == PACKET_TAG_MACLABEL) { 410 if (mac_mbuf_tag_init(p, how) != 0) { 411 m_tag_free(p); 412 return (NULL); 413 } 414 mac_mbuf_tag_copy(t, p); 415 } else 416#endif 417 bcopy(t + 1, p + 1, t->m_tag_len); /* Copy the data */ 418 return p; 419} 420 421/* 422 * Copy two tag chains. The destination mbuf (to) loses any attached 423 * tags even if the operation fails. This should not be a problem, as 424 * m_tag_copy_chain() is typically called with a newly-allocated 425 * destination mbuf. 426 */ 427int 428m_tag_copy_chain(struct mbuf *to, const struct mbuf *from, int how) 429{ 430 struct m_tag *p, *t, *tprev = NULL; 431 432 MBUF_CHECKSLEEP(how); 433 KASSERT(to && from, 434 ("m_tag_copy_chain: null argument, to %p from %p", to, from)); 435 m_tag_delete_chain(to, NULL); 436 SLIST_FOREACH(p, &from->m_pkthdr.tags, m_tag_link) { 437 t = m_tag_copy(p, how); 438 if (t == NULL) { 439 m_tag_delete_chain(to, NULL); 440 return 0; 441 } 442 if (tprev == NULL) 443 SLIST_INSERT_HEAD(&to->m_pkthdr.tags, t, m_tag_link); 444 else 445 SLIST_INSERT_AFTER(tprev, t, m_tag_link); 446 tprev = t; 447 } 448 return 1; 449} 450