conn_event.c 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /* connection-level event handling
  3. *
  4. * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
  5. * Written by David Howells (dhowells@redhat.com)
  6. */
  7. #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  8. #include <linux/module.h>
  9. #include <linux/net.h>
  10. #include <linux/skbuff.h>
  11. #include <linux/errqueue.h>
  12. #include <net/sock.h>
  13. #include <net/af_rxrpc.h>
  14. #include <net/ip.h>
  15. #include "ar-internal.h"
  16. /*
  17. * Set the completion state on an aborted connection.
  18. */
  19. static bool rxrpc_set_conn_aborted(struct rxrpc_connection *conn,
  20. s32 abort_code, int err,
  21. enum rxrpc_call_completion compl)
  22. {
  23. bool aborted = false;
  24. if (conn->state != RXRPC_CONN_ABORTED) {
  25. spin_lock_irq(&conn->state_lock);
  26. if (conn->state != RXRPC_CONN_ABORTED) {
  27. conn->abort_code = abort_code;
  28. conn->error = err;
  29. conn->completion = compl;
  30. /* Order the abort info before the state change. */
  31. smp_store_release(&conn->state, RXRPC_CONN_ABORTED);
  32. set_bit(RXRPC_CONN_DONT_REUSE, &conn->flags);
  33. set_bit(RXRPC_CONN_EV_ABORT_CALLS, &conn->events);
  34. aborted = true;
  35. }
  36. spin_unlock_irq(&conn->state_lock);
  37. }
  38. return aborted;
  39. }
  40. /*
  41. * Mark a socket buffer to indicate that the connection it's on should be aborted.
  42. */
  43. int rxrpc_abort_conn(struct rxrpc_connection *conn, struct sk_buff *skb,
  44. s32 abort_code, int err, enum rxrpc_abort_reason why)
  45. {
  46. u32 cid = conn->proto.cid, call = 0, seq = 0;
  47. if (skb) {
  48. struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
  49. cid = sp->hdr.cid;
  50. call = sp->hdr.callNumber;
  51. seq = sp->hdr.seq;
  52. }
  53. if (rxrpc_set_conn_aborted(conn, abort_code, err,
  54. RXRPC_CALL_LOCALLY_ABORTED)) {
  55. trace_rxrpc_abort(0, why, cid, call, seq, abort_code, err);
  56. rxrpc_poke_conn(conn, rxrpc_conn_get_poke_abort);
  57. }
  58. return -EPROTO;
  59. }
  60. /*
  61. * Mark a connection as being remotely aborted.
  62. */
  63. static void rxrpc_input_conn_abort(struct rxrpc_connection *conn,
  64. struct sk_buff *skb)
  65. {
  66. trace_rxrpc_rx_conn_abort(conn, skb);
  67. rxrpc_set_conn_aborted(conn, skb->priority, -ECONNABORTED,
  68. RXRPC_CALL_REMOTELY_ABORTED);
  69. }
  70. /*
  71. * Retransmit terminal ACK or ABORT of the previous call.
  72. */
  73. void rxrpc_conn_retransmit_call(struct rxrpc_connection *conn,
  74. struct sk_buff *skb,
  75. unsigned int channel)
  76. {
  77. struct rxrpc_skb_priv *sp = skb ? rxrpc_skb(skb) : NULL;
  78. struct rxrpc_channel *chan;
  79. struct msghdr msg;
  80. struct kvec iov[3];
  81. struct {
  82. struct rxrpc_wire_header whdr;
  83. union {
  84. __be32 abort_code;
  85. struct rxrpc_ackpacket ack;
  86. };
  87. } __attribute__((packed)) pkt;
  88. struct rxrpc_acktrailer trailer;
  89. size_t len;
  90. int ret, ioc;
  91. u32 serial, max_mtu, if_mtu, call_id, padding;
  92. _enter("%d", conn->debug_id);
  93. if (sp && sp->hdr.type == RXRPC_PACKET_TYPE_ACK) {
  94. if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header),
  95. &pkt.ack, sizeof(pkt.ack)) < 0)
  96. return;
  97. if (pkt.ack.reason == RXRPC_ACK_PING_RESPONSE)
  98. return;
  99. }
  100. chan = &conn->channels[channel];
  101. /* If the last call got moved on whilst we were waiting to run, just
  102. * ignore this packet.
  103. */
  104. call_id = chan->last_call;
  105. if (skb && call_id != sp->hdr.callNumber)
  106. return;
  107. msg.msg_name = &conn->peer->srx.transport;
  108. msg.msg_namelen = conn->peer->srx.transport_len;
  109. msg.msg_control = NULL;
  110. msg.msg_controllen = 0;
  111. msg.msg_flags = 0;
  112. iov[0].iov_base = &pkt;
  113. iov[0].iov_len = sizeof(pkt.whdr);
  114. iov[1].iov_base = &padding;
  115. iov[1].iov_len = 3;
  116. iov[2].iov_base = &trailer;
  117. iov[2].iov_len = sizeof(trailer);
  118. serial = rxrpc_get_next_serial(conn);
  119. pkt.whdr.epoch = htonl(conn->proto.epoch);
  120. pkt.whdr.cid = htonl(conn->proto.cid | channel);
  121. pkt.whdr.callNumber = htonl(call_id);
  122. pkt.whdr.serial = htonl(serial);
  123. pkt.whdr.seq = 0;
  124. pkt.whdr.type = chan->last_type;
  125. pkt.whdr.flags = conn->out_clientflag;
  126. pkt.whdr.userStatus = 0;
  127. pkt.whdr.securityIndex = conn->security_ix;
  128. pkt.whdr._rsvd = 0;
  129. pkt.whdr.serviceId = htons(conn->service_id);
  130. len = sizeof(pkt.whdr);
  131. switch (chan->last_type) {
  132. case RXRPC_PACKET_TYPE_ABORT:
  133. pkt.abort_code = htonl(chan->last_abort);
  134. iov[0].iov_len += sizeof(pkt.abort_code);
  135. len += sizeof(pkt.abort_code);
  136. ioc = 1;
  137. break;
  138. case RXRPC_PACKET_TYPE_ACK:
  139. if_mtu = conn->peer->if_mtu - conn->peer->hdrsize;
  140. if (conn->peer->ackr_adv_pmtud) {
  141. max_mtu = umax(conn->peer->max_data, rxrpc_rx_mtu);
  142. } else {
  143. if_mtu = umin(1444, if_mtu);
  144. max_mtu = if_mtu;
  145. }
  146. pkt.ack.bufferSpace = 0;
  147. pkt.ack.maxSkew = htons(skb ? skb->priority : 0);
  148. pkt.ack.firstPacket = htonl(chan->last_seq + 1);
  149. pkt.ack.previousPacket = htonl(chan->last_seq);
  150. pkt.ack.serial = htonl(skb ? sp->hdr.serial : 0);
  151. pkt.ack.reason = skb ? RXRPC_ACK_DUPLICATE : RXRPC_ACK_IDLE;
  152. pkt.ack.nAcks = 0;
  153. trailer.maxMTU = htonl(max_mtu);
  154. trailer.ifMTU = htonl(if_mtu);
  155. trailer.rwind = htonl(rxrpc_rx_window_size);
  156. trailer.jumbo_max = 0;
  157. pkt.whdr.flags |= RXRPC_SLOW_START_OK;
  158. padding = 0;
  159. iov[0].iov_len += sizeof(pkt.ack);
  160. len += sizeof(pkt.ack) + 3 + sizeof(trailer);
  161. ioc = 3;
  162. trace_rxrpc_tx_ack(chan->call_debug_id, serial,
  163. ntohl(pkt.ack.firstPacket),
  164. ntohl(pkt.ack.serial),
  165. pkt.ack.reason, 0, rxrpc_rx_window_size,
  166. rxrpc_propose_ack_retransmit);
  167. break;
  168. default:
  169. return;
  170. }
  171. ret = kernel_sendmsg(conn->local->socket, &msg, iov, ioc, len);
  172. rxrpc_peer_mark_tx(conn->peer);
  173. if (ret < 0)
  174. trace_rxrpc_tx_fail(chan->call_debug_id, serial, ret,
  175. rxrpc_tx_point_call_final_resend);
  176. else
  177. trace_rxrpc_tx_packet(chan->call_debug_id, &pkt.whdr,
  178. rxrpc_tx_point_call_final_resend);
  179. _leave("");
  180. }
  181. /*
  182. * pass a connection-level abort onto all calls on that connection
  183. */
  184. static void rxrpc_abort_calls(struct rxrpc_connection *conn)
  185. {
  186. struct rxrpc_call *call;
  187. int i;
  188. _enter("{%d},%x", conn->debug_id, conn->abort_code);
  189. for (i = 0; i < RXRPC_MAXCALLS; i++) {
  190. call = conn->channels[i].call;
  191. if (call) {
  192. rxrpc_see_call(call, rxrpc_call_see_conn_abort);
  193. rxrpc_set_call_completion(call,
  194. conn->completion,
  195. conn->abort_code,
  196. conn->error);
  197. rxrpc_poke_call(call, rxrpc_call_poke_conn_abort);
  198. }
  199. }
  200. _leave("");
  201. }
  202. /*
  203. * mark a call as being on a now-secured channel
  204. * - must be called with BH's disabled.
  205. */
  206. static void rxrpc_call_is_secure(struct rxrpc_call *call)
  207. {
  208. if (call && __test_and_clear_bit(RXRPC_CALL_CONN_CHALLENGING, &call->flags))
  209. rxrpc_notify_socket(call);
  210. }
  211. /*
  212. * connection-level Rx packet processor
  213. */
  214. static int rxrpc_process_event(struct rxrpc_connection *conn,
  215. struct sk_buff *skb)
  216. {
  217. struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
  218. bool secured = false;
  219. int ret;
  220. if (conn->state == RXRPC_CONN_ABORTED)
  221. return -ECONNABORTED;
  222. _enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial);
  223. switch (sp->hdr.type) {
  224. case RXRPC_PACKET_TYPE_CHALLENGE:
  225. ret = conn->security->respond_to_challenge(conn, skb);
  226. sp->chall.conn = NULL;
  227. rxrpc_put_connection(conn, rxrpc_conn_put_challenge_input);
  228. return ret;
  229. case RXRPC_PACKET_TYPE_RESPONSE:
  230. spin_lock_irq(&conn->state_lock);
  231. if (conn->state != RXRPC_CONN_SERVICE_CHALLENGING) {
  232. spin_unlock_irq(&conn->state_lock);
  233. return 0;
  234. }
  235. spin_unlock_irq(&conn->state_lock);
  236. ret = conn->security->verify_response(conn, skb);
  237. if (ret < 0)
  238. return ret;
  239. ret = conn->security->init_connection_security(
  240. conn, conn->key->payload.data[0]);
  241. if (ret < 0)
  242. return ret;
  243. spin_lock_irq(&conn->state_lock);
  244. if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) {
  245. conn->state = RXRPC_CONN_SERVICE;
  246. secured = true;
  247. }
  248. spin_unlock_irq(&conn->state_lock);
  249. if (secured) {
  250. /* Offload call state flipping to the I/O thread. As
  251. * we've already received the packet, put it on the
  252. * front of the queue.
  253. */
  254. sp->poke_conn = rxrpc_get_connection(
  255. conn, rxrpc_conn_get_poke_secured);
  256. skb->mark = RXRPC_SKB_MARK_SERVICE_CONN_SECURED;
  257. rxrpc_get_skb(skb, rxrpc_skb_get_conn_secured);
  258. skb_queue_head(&conn->local->rx_queue, skb);
  259. rxrpc_wake_up_io_thread(conn->local);
  260. }
  261. return 0;
  262. default:
  263. WARN_ON_ONCE(1);
  264. return -EPROTO;
  265. }
  266. }
  267. /*
  268. * set up security and issue a challenge
  269. */
  270. static void rxrpc_secure_connection(struct rxrpc_connection *conn)
  271. {
  272. if (conn->security->issue_challenge(conn) < 0)
  273. rxrpc_abort_conn(conn, NULL, RX_CALL_DEAD, -ENOMEM,
  274. rxrpc_abort_nomem);
  275. }
  276. /*
  277. * Process delayed final ACKs that we haven't subsumed into a subsequent call.
  278. */
  279. void rxrpc_process_delayed_final_acks(struct rxrpc_connection *conn, bool force)
  280. {
  281. unsigned long j = jiffies, next_j;
  282. unsigned int channel;
  283. bool set;
  284. again:
  285. next_j = j + LONG_MAX;
  286. set = false;
  287. for (channel = 0; channel < RXRPC_MAXCALLS; channel++) {
  288. struct rxrpc_channel *chan = &conn->channels[channel];
  289. unsigned long ack_at;
  290. if (!test_bit(RXRPC_CONN_FINAL_ACK_0 + channel, &conn->flags))
  291. continue;
  292. ack_at = chan->final_ack_at;
  293. if (time_before(j, ack_at) && !force) {
  294. if (time_before(ack_at, next_j)) {
  295. next_j = ack_at;
  296. set = true;
  297. }
  298. continue;
  299. }
  300. if (test_and_clear_bit(RXRPC_CONN_FINAL_ACK_0 + channel,
  301. &conn->flags))
  302. rxrpc_conn_retransmit_call(conn, NULL, channel);
  303. }
  304. j = jiffies;
  305. if (time_before_eq(next_j, j))
  306. goto again;
  307. if (set)
  308. rxrpc_reduce_conn_timer(conn, next_j);
  309. }
  310. /*
  311. * connection-level event processor
  312. */
  313. static void rxrpc_do_process_connection(struct rxrpc_connection *conn)
  314. {
  315. struct sk_buff *skb;
  316. int ret;
  317. if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events))
  318. rxrpc_secure_connection(conn);
  319. /* go through the conn-level event packets, releasing the ref on this
  320. * connection that each one has when we've finished with it */
  321. while ((skb = skb_dequeue(&conn->rx_queue))) {
  322. rxrpc_see_skb(skb, rxrpc_skb_see_conn_work);
  323. ret = rxrpc_process_event(conn, skb);
  324. switch (ret) {
  325. case -ENOMEM:
  326. case -EAGAIN:
  327. skb_queue_head(&conn->rx_queue, skb);
  328. rxrpc_queue_conn(conn, rxrpc_conn_queue_retry_work);
  329. break;
  330. default:
  331. rxrpc_free_skb(skb, rxrpc_skb_put_conn_work);
  332. break;
  333. }
  334. }
  335. }
  336. void rxrpc_process_connection(struct work_struct *work)
  337. {
  338. struct rxrpc_connection *conn =
  339. container_of(work, struct rxrpc_connection, processor);
  340. rxrpc_see_connection(conn, rxrpc_conn_see_work);
  341. if (__rxrpc_use_local(conn->local, rxrpc_local_use_conn_work)) {
  342. rxrpc_do_process_connection(conn);
  343. rxrpc_unuse_local(conn->local, rxrpc_local_unuse_conn_work);
  344. }
  345. }
  346. /*
  347. * post connection-level events to the connection
  348. * - this includes challenges, responses, some aborts and call terminal packet
  349. * retransmission.
  350. */
  351. static void rxrpc_post_packet_to_conn(struct rxrpc_connection *conn,
  352. struct sk_buff *skb)
  353. {
  354. _enter("%p,%p", conn, skb);
  355. rxrpc_get_skb(skb, rxrpc_skb_get_conn_work);
  356. skb_queue_tail(&conn->rx_queue, skb);
  357. rxrpc_queue_conn(conn, rxrpc_conn_queue_rx_work);
  358. }
  359. /*
  360. * Post a CHALLENGE packet to the socket of one of a connection's calls so that
  361. * it can get application data to include in the packet, possibly querying
  362. * userspace.
  363. */
  364. static bool rxrpc_post_challenge(struct rxrpc_connection *conn,
  365. struct sk_buff *skb)
  366. {
  367. struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
  368. struct rxrpc_call *call = NULL;
  369. struct rxrpc_sock *rx;
  370. bool respond = false;
  371. sp->chall.conn =
  372. rxrpc_get_connection(conn, rxrpc_conn_get_challenge_input);
  373. if (!conn->security->challenge_to_recvmsg) {
  374. rxrpc_post_packet_to_conn(conn, skb);
  375. return true;
  376. }
  377. rcu_read_lock();
  378. for (int i = 0; i < ARRAY_SIZE(conn->channels); i++) {
  379. if (conn->channels[i].call) {
  380. call = conn->channels[i].call;
  381. rx = rcu_dereference(call->socket);
  382. if (!rx) {
  383. call = NULL;
  384. continue;
  385. }
  386. respond = true;
  387. if (test_bit(RXRPC_SOCK_MANAGE_RESPONSE, &rx->flags))
  388. break;
  389. call = NULL;
  390. }
  391. }
  392. if (!respond) {
  393. rcu_read_unlock();
  394. rxrpc_put_connection(conn, rxrpc_conn_put_challenge_input);
  395. sp->chall.conn = NULL;
  396. return false;
  397. }
  398. if (call)
  399. rxrpc_notify_socket_oob(call, skb);
  400. rcu_read_unlock();
  401. if (!call)
  402. rxrpc_post_packet_to_conn(conn, skb);
  403. return true;
  404. }
  405. /*
  406. * Input a connection-level packet.
  407. */
  408. bool rxrpc_input_conn_packet(struct rxrpc_connection *conn, struct sk_buff *skb)
  409. {
  410. struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
  411. switch (sp->hdr.type) {
  412. case RXRPC_PACKET_TYPE_BUSY:
  413. /* Just ignore BUSY packets for now. */
  414. return true;
  415. case RXRPC_PACKET_TYPE_ABORT:
  416. if (rxrpc_is_conn_aborted(conn))
  417. return true;
  418. rxrpc_input_conn_abort(conn, skb);
  419. rxrpc_abort_calls(conn);
  420. return true;
  421. case RXRPC_PACKET_TYPE_CHALLENGE:
  422. rxrpc_see_skb(skb, rxrpc_skb_see_oob_challenge);
  423. if (rxrpc_is_conn_aborted(conn)) {
  424. if (conn->completion == RXRPC_CALL_LOCALLY_ABORTED)
  425. rxrpc_send_conn_abort(conn);
  426. return true;
  427. }
  428. if (!conn->security->validate_challenge(conn, skb))
  429. return false;
  430. return rxrpc_post_challenge(conn, skb);
  431. case RXRPC_PACKET_TYPE_RESPONSE:
  432. if (rxrpc_is_conn_aborted(conn)) {
  433. if (conn->completion == RXRPC_CALL_LOCALLY_ABORTED)
  434. rxrpc_send_conn_abort(conn);
  435. return true;
  436. }
  437. rxrpc_post_packet_to_conn(conn, skb);
  438. return true;
  439. default:
  440. WARN_ON_ONCE(1);
  441. return true;
  442. }
  443. }
  444. /*
  445. * Input a connection event.
  446. */
  447. void rxrpc_input_conn_event(struct rxrpc_connection *conn, struct sk_buff *skb)
  448. {
  449. unsigned int loop;
  450. if (test_and_clear_bit(RXRPC_CONN_EV_ABORT_CALLS, &conn->events))
  451. rxrpc_abort_calls(conn);
  452. if (conn->tx_response) {
  453. struct sk_buff *skb;
  454. spin_lock_irq(&conn->local->lock);
  455. skb = conn->tx_response;
  456. conn->tx_response = NULL;
  457. spin_unlock_irq(&conn->local->lock);
  458. if (conn->state != RXRPC_CONN_ABORTED)
  459. rxrpc_send_response(conn, skb);
  460. rxrpc_free_skb(skb, rxrpc_skb_put_response);
  461. }
  462. if (skb) {
  463. switch (skb->mark) {
  464. case RXRPC_SKB_MARK_SERVICE_CONN_SECURED:
  465. if (conn->state != RXRPC_CONN_SERVICE)
  466. break;
  467. for (loop = 0; loop < RXRPC_MAXCALLS; loop++)
  468. rxrpc_call_is_secure(conn->channels[loop].call);
  469. break;
  470. }
  471. }
  472. /* Process delayed ACKs whose time has come. */
  473. if (conn->flags & RXRPC_CONN_FINAL_ACK_MASK)
  474. rxrpc_process_delayed_final_acks(conn, false);
  475. }
  476. /*
  477. * Post a RESPONSE message to the I/O thread for transmission.
  478. */
  479. void rxrpc_post_response(struct rxrpc_connection *conn, struct sk_buff *skb)
  480. {
  481. struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
  482. struct rxrpc_local *local = conn->local;
  483. struct sk_buff *old;
  484. _enter("%x", sp->resp.challenge_serial);
  485. spin_lock_irq(&local->lock);
  486. old = conn->tx_response;
  487. if (old) {
  488. struct rxrpc_skb_priv *osp = rxrpc_skb(old);
  489. /* Always go with the response to the most recent challenge. */
  490. if (after(sp->resp.challenge_serial, osp->resp.challenge_serial))
  491. conn->tx_response = skb;
  492. else
  493. old = skb;
  494. } else {
  495. conn->tx_response = skb;
  496. }
  497. spin_unlock_irq(&local->lock);
  498. rxrpc_poke_conn(conn, rxrpc_conn_get_poke_response);
  499. rxrpc_free_skb(old, rxrpc_skb_put_old_response);
  500. }