1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2016 Namjae Jeon <namjae.jeon@protocolfreedom.org> 4 * Copyright (C) 2018 Samsung Electronics Co., Ltd. 5 */ 6 7 #include <linux/mutex.h> 8 #include <linux/freezer.h> 9 #include <linux/module.h> 10 11 #include "server.h" 12 #include "smb_common.h" 13 #include "mgmt/ksmbd_ida.h" 14 #include "connection.h" 15 #include "transport_tcp.h" 16 #include "transport_rdma.h" 17 18 static DEFINE_MUTEX(init_lock); 19 20 static struct ksmbd_conn_ops default_conn_ops; 21 22 LIST_HEAD(conn_list); 23 DECLARE_RWSEM(conn_list_lock); 24 25 /** 26 * ksmbd_conn_free() - free resources of the connection instance 27 * 28 * @conn: connection instance to be cleand up 29 * 30 * During the thread termination, the corresponding conn instance 31 * resources(sock/memory) are released and finally the conn object is freed. 32 */ 33 void ksmbd_conn_free(struct ksmbd_conn *conn) 34 { 35 down_write(&conn_list_lock); 36 list_del(&conn->conns_list); 37 up_write(&conn_list_lock); 38 39 xa_destroy(&conn->sessions); 40 kvfree(conn->request_buf); 41 kfree(conn->preauth_info); 42 kfree(conn); 43 } 44 45 /** 46 * ksmbd_conn_alloc() - initialize a new connection instance 47 * 48 * Return: ksmbd_conn struct on success, otherwise NULL 49 */ 50 struct ksmbd_conn *ksmbd_conn_alloc(void) 51 { 52 struct ksmbd_conn *conn; 53 54 conn = kzalloc(sizeof(struct ksmbd_conn), GFP_KERNEL); 55 if (!conn) 56 return NULL; 57 58 conn->need_neg = true; 59 ksmbd_conn_set_new(conn); 60 conn->local_nls = load_nls("utf8"); 61 if (!conn->local_nls) 62 conn->local_nls = load_nls_default(); 63 if (IS_ENABLED(CONFIG_UNICODE)) 64 conn->um = utf8_load(UNICODE_AGE(12, 1, 0)); 65 else 66 conn->um = ERR_PTR(-EOPNOTSUPP); 67 if (IS_ERR(conn->um)) 68 conn->um = NULL; 69 atomic_set(&conn->req_running, 0); 70 atomic_set(&conn->r_count, 0); 71 conn->total_credits = 1; 72 conn->outstanding_credits = 0; 73 74 init_waitqueue_head(&conn->req_running_q); 75 init_waitqueue_head(&conn->r_count_q); 76 INIT_LIST_HEAD(&conn->conns_list); 77 INIT_LIST_HEAD(&conn->requests); 78 INIT_LIST_HEAD(&conn->async_requests); 79 spin_lock_init(&conn->request_lock); 80 spin_lock_init(&conn->credits_lock); 81 ida_init(&conn->async_ida); 82 xa_init(&conn->sessions); 83 84 spin_lock_init(&conn->llist_lock); 85 INIT_LIST_HEAD(&conn->lock_list); 86 87 init_rwsem(&conn->session_lock); 88 89 down_write(&conn_list_lock); 90 list_add(&conn->conns_list, &conn_list); 91 up_write(&conn_list_lock); 92 return conn; 93 } 94 95 bool ksmbd_conn_lookup_dialect(struct ksmbd_conn *c) 96 { 97 struct ksmbd_conn *t; 98 bool ret = false; 99 100 down_read(&conn_list_lock); 101 list_for_each_entry(t, &conn_list, conns_list) { 102 if (memcmp(t->ClientGUID, c->ClientGUID, SMB2_CLIENT_GUID_SIZE)) 103 continue; 104 105 ret = true; 106 break; 107 } 108 up_read(&conn_list_lock); 109 return ret; 110 } 111 112 void ksmbd_conn_enqueue_request(struct ksmbd_work *work) 113 { 114 struct ksmbd_conn *conn = work->conn; 115 struct list_head *requests_queue = NULL; 116 117 if (conn->ops->get_cmd_val(work) != SMB2_CANCEL_HE) 118 requests_queue = &conn->requests; 119 120 if (requests_queue) { 121 atomic_inc(&conn->req_running); 122 spin_lock(&conn->request_lock); 123 list_add_tail(&work->request_entry, requests_queue); 124 spin_unlock(&conn->request_lock); 125 } 126 } 127 128 void ksmbd_conn_try_dequeue_request(struct ksmbd_work *work) 129 { 130 struct ksmbd_conn *conn = work->conn; 131 132 if (list_empty(&work->request_entry) && 133 list_empty(&work->async_request_entry)) 134 return; 135 136 atomic_dec(&conn->req_running); 137 spin_lock(&conn->request_lock); 138 list_del_init(&work->request_entry); 139 spin_unlock(&conn->request_lock); 140 if (work->asynchronous) 141 release_async_work(work); 142 143 wake_up_all(&conn->req_running_q); 144 } 145 146 void ksmbd_conn_lock(struct ksmbd_conn *conn) 147 { 148 mutex_lock(&conn->srv_mutex); 149 } 150 151 void ksmbd_conn_unlock(struct ksmbd_conn *conn) 152 { 153 mutex_unlock(&conn->srv_mutex); 154 } 155 156 void ksmbd_all_conn_set_status(u64 sess_id, u32 status) 157 { 158 struct ksmbd_conn *conn; 159 160 down_read(&conn_list_lock); 161 list_for_each_entry(conn, &conn_list, conns_list) { 162 if (conn->binding || xa_load(&conn->sessions, sess_id)) 163 WRITE_ONCE(conn->status, status); 164 } 165 up_read(&conn_list_lock); 166 } 167 168 void ksmbd_conn_wait_idle(struct ksmbd_conn *conn, u64 sess_id) 169 { 170 struct ksmbd_conn *bind_conn; 171 172 wait_event(conn->req_running_q, atomic_read(&conn->req_running) < 2); 173 174 down_read(&conn_list_lock); 175 list_for_each_entry(bind_conn, &conn_list, conns_list) { 176 if (bind_conn == conn) 177 continue; 178 179 if ((bind_conn->binding || xa_load(&bind_conn->sessions, sess_id)) && 180 !ksmbd_conn_releasing(bind_conn) && 181 atomic_read(&bind_conn->req_running)) { 182 wait_event(bind_conn->req_running_q, 183 atomic_read(&bind_conn->req_running) == 0); 184 } 185 } 186 up_read(&conn_list_lock); 187 } 188 189 int ksmbd_conn_write(struct ksmbd_work *work) 190 { 191 struct ksmbd_conn *conn = work->conn; 192 int sent; 193 194 if (!work->response_buf) { 195 pr_err("NULL response header\n"); 196 return -EINVAL; 197 } 198 199 if (work->send_no_response) 200 return 0; 201 202 if (!work->iov_idx) 203 return -EINVAL; 204 205 ksmbd_conn_lock(conn); 206 sent = conn->transport->ops->writev(conn->transport, work->iov, 207 work->iov_cnt, 208 get_rfc1002_len(work->iov[0].iov_base) + 4, 209 work->need_invalidate_rkey, 210 work->remote_key); 211 ksmbd_conn_unlock(conn); 212 213 if (sent < 0) { 214 pr_err("Failed to send message: %d\n", sent); 215 return sent; 216 } 217 218 return 0; 219 } 220 221 int ksmbd_conn_rdma_read(struct ksmbd_conn *conn, 222 void *buf, unsigned int buflen, 223 struct smb2_buffer_desc_v1 *desc, 224 unsigned int desc_len) 225 { 226 int ret = -EINVAL; 227 228 if (conn->transport->ops->rdma_read) 229 ret = conn->transport->ops->rdma_read(conn->transport, 230 buf, buflen, 231 desc, desc_len); 232 return ret; 233 } 234 235 int ksmbd_conn_rdma_write(struct ksmbd_conn *conn, 236 void *buf, unsigned int buflen, 237 struct smb2_buffer_desc_v1 *desc, 238 unsigned int desc_len) 239 { 240 int ret = -EINVAL; 241 242 if (conn->transport->ops->rdma_write) 243 ret = conn->transport->ops->rdma_write(conn->transport, 244 buf, buflen, 245 desc, desc_len); 246 return ret; 247 } 248 249 bool ksmbd_conn_alive(struct ksmbd_conn *conn) 250 { 251 if (!ksmbd_server_running()) 252 return false; 253 254 if (ksmbd_conn_exiting(conn)) 255 return false; 256 257 if (kthread_should_stop()) 258 return false; 259 260 if (atomic_read(&conn->stats.open_files_count) > 0) 261 return true; 262 263 /* 264 * Stop current session if the time that get last request from client 265 * is bigger than deadtime user configured and opening file count is 266 * zero. 267 */ 268 if (server_conf.deadtime > 0 && 269 time_after(jiffies, conn->last_active + server_conf.deadtime)) { 270 ksmbd_debug(CONN, "No response from client in %lu minutes\n", 271 server_conf.deadtime / SMB_ECHO_INTERVAL); 272 return false; 273 } 274 return true; 275 } 276 277 #define SMB1_MIN_SUPPORTED_HEADER_SIZE (sizeof(struct smb_hdr)) 278 #define SMB2_MIN_SUPPORTED_HEADER_SIZE (sizeof(struct smb2_hdr) + 4) 279 280 /** 281 * ksmbd_conn_handler_loop() - session thread to listen on new smb requests 282 * @p: connection instance 283 * 284 * One thread each per connection 285 * 286 * Return: 0 on success 287 */ 288 int ksmbd_conn_handler_loop(void *p) 289 { 290 struct ksmbd_conn *conn = (struct ksmbd_conn *)p; 291 struct ksmbd_transport *t = conn->transport; 292 unsigned int pdu_size, max_allowed_pdu_size; 293 char hdr_buf[4] = {0,}; 294 int size; 295 296 mutex_init(&conn->srv_mutex); 297 __module_get(THIS_MODULE); 298 299 if (t->ops->prepare && t->ops->prepare(t)) 300 goto out; 301 302 conn->last_active = jiffies; 303 while (ksmbd_conn_alive(conn)) { 304 if (try_to_freeze()) 305 continue; 306 307 kvfree(conn->request_buf); 308 conn->request_buf = NULL; 309 310 size = t->ops->read(t, hdr_buf, sizeof(hdr_buf), -1); 311 if (size != sizeof(hdr_buf)) 312 break; 313 314 pdu_size = get_rfc1002_len(hdr_buf); 315 ksmbd_debug(CONN, "RFC1002 header %u bytes\n", pdu_size); 316 317 if (ksmbd_conn_good(conn)) 318 max_allowed_pdu_size = 319 SMB3_MAX_MSGSIZE + conn->vals->max_write_size; 320 else 321 max_allowed_pdu_size = SMB3_MAX_MSGSIZE; 322 323 if (pdu_size > max_allowed_pdu_size) { 324 pr_err_ratelimited("PDU length(%u) exceeded maximum allowed pdu size(%u) on connection(%d)\n", 325 pdu_size, max_allowed_pdu_size, 326 READ_ONCE(conn->status)); 327 break; 328 } 329 330 /* 331 * Check maximum pdu size(0x00FFFFFF). 332 */ 333 if (pdu_size > MAX_STREAM_PROT_LEN) 334 break; 335 336 if (pdu_size < SMB1_MIN_SUPPORTED_HEADER_SIZE) 337 break; 338 339 /* 4 for rfc1002 length field */ 340 /* 1 for implied bcc[0] */ 341 size = pdu_size + 4 + 1; 342 conn->request_buf = kvmalloc(size, GFP_KERNEL); 343 if (!conn->request_buf) 344 break; 345 346 memcpy(conn->request_buf, hdr_buf, sizeof(hdr_buf)); 347 348 /* 349 * We already read 4 bytes to find out PDU size, now 350 * read in PDU 351 */ 352 size = t->ops->read(t, conn->request_buf + 4, pdu_size, 2); 353 if (size < 0) { 354 pr_err("sock_read failed: %d\n", size); 355 break; 356 } 357 358 if (size != pdu_size) { 359 pr_err("PDU error. Read: %d, Expected: %d\n", 360 size, pdu_size); 361 continue; 362 } 363 364 if (!ksmbd_smb_request(conn)) 365 break; 366 367 if (((struct smb2_hdr *)smb2_get_msg(conn->request_buf))->ProtocolId == 368 SMB2_PROTO_NUMBER) { 369 if (pdu_size < SMB2_MIN_SUPPORTED_HEADER_SIZE) 370 break; 371 } 372 373 if (!default_conn_ops.process_fn) { 374 pr_err("No connection request callback\n"); 375 break; 376 } 377 378 if (default_conn_ops.process_fn(conn)) { 379 pr_err("Cannot handle request\n"); 380 break; 381 } 382 } 383 384 out: 385 ksmbd_conn_set_releasing(conn); 386 /* Wait till all reference dropped to the Server object*/ 387 wait_event(conn->r_count_q, atomic_read(&conn->r_count) == 0); 388 389 if (IS_ENABLED(CONFIG_UNICODE)) 390 utf8_unload(conn->um); 391 unload_nls(conn->local_nls); 392 if (default_conn_ops.terminate_fn) 393 default_conn_ops.terminate_fn(conn); 394 t->ops->disconnect(t); 395 module_put(THIS_MODULE); 396 return 0; 397 } 398 399 void ksmbd_conn_init_server_callbacks(struct ksmbd_conn_ops *ops) 400 { 401 default_conn_ops.process_fn = ops->process_fn; 402 default_conn_ops.terminate_fn = ops->terminate_fn; 403 } 404 405 int ksmbd_conn_transport_init(void) 406 { 407 int ret; 408 409 mutex_lock(&init_lock); 410 ret = ksmbd_tcp_init(); 411 if (ret) { 412 pr_err("Failed to init TCP subsystem: %d\n", ret); 413 goto out; 414 } 415 416 ret = ksmbd_rdma_init(); 417 if (ret) { 418 pr_err("Failed to init RDMA subsystem: %d\n", ret); 419 goto out; 420 } 421 out: 422 mutex_unlock(&init_lock); 423 return ret; 424 } 425 426 static void stop_sessions(void) 427 { 428 struct ksmbd_conn *conn; 429 struct ksmbd_transport *t; 430 431 again: 432 down_read(&conn_list_lock); 433 list_for_each_entry(conn, &conn_list, conns_list) { 434 struct task_struct *task; 435 436 t = conn->transport; 437 task = t->handler; 438 if (task) 439 ksmbd_debug(CONN, "Stop session handler %s/%d\n", 440 task->comm, task_pid_nr(task)); 441 ksmbd_conn_set_exiting(conn); 442 if (t->ops->shutdown) { 443 up_read(&conn_list_lock); 444 t->ops->shutdown(t); 445 down_read(&conn_list_lock); 446 } 447 } 448 up_read(&conn_list_lock); 449 450 if (!list_empty(&conn_list)) { 451 schedule_timeout_interruptible(HZ / 10); /* 100ms */ 452 goto again; 453 } 454 } 455 456 void ksmbd_conn_transport_destroy(void) 457 { 458 mutex_lock(&init_lock); 459 ksmbd_tcp_destroy(); 460 ksmbd_rdma_destroy(); 461 stop_sessions(); 462 mutex_unlock(&init_lock); 463 } 464