1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org> 4 * Copyright (C) 2018 Samsung Electronics Co., Ltd. 5 */ 6 7 #include <linux/freezer.h> 8 9 #include "smb_common.h" 10 #include "server.h" 11 #include "auth.h" 12 #include "connection.h" 13 #include "transport_tcp.h" 14 15 #define IFACE_STATE_DOWN BIT(0) 16 #define IFACE_STATE_CONFIGURED BIT(1) 17 18 static atomic_t active_num_conn; 19 20 struct interface { 21 struct task_struct *ksmbd_kthread; 22 struct socket *ksmbd_socket; 23 struct list_head entry; 24 char *name; 25 struct mutex sock_release_lock; 26 int state; 27 }; 28 29 static LIST_HEAD(iface_list); 30 31 static int bind_additional_ifaces; 32 33 struct tcp_transport { 34 struct ksmbd_transport transport; 35 struct socket *sock; 36 struct kvec *iov; 37 unsigned int nr_iov; 38 }; 39 40 static struct ksmbd_transport_ops ksmbd_tcp_transport_ops; 41 42 static void tcp_stop_kthread(struct task_struct *kthread); 43 static struct interface *alloc_iface(char *ifname); 44 45 #define KSMBD_TRANS(t) (&(t)->transport) 46 #define TCP_TRANS(t) ((struct tcp_transport *)container_of(t, \ 47 struct tcp_transport, transport)) 48 49 static inline void ksmbd_tcp_nodelay(struct socket *sock) 50 { 51 tcp_sock_set_nodelay(sock->sk); 52 } 53 54 static inline void ksmbd_tcp_reuseaddr(struct socket *sock) 55 { 56 sock_set_reuseaddr(sock->sk); 57 } 58 59 static inline void ksmbd_tcp_rcv_timeout(struct socket *sock, s64 secs) 60 { 61 lock_sock(sock->sk); 62 if (secs && secs < MAX_SCHEDULE_TIMEOUT / HZ - 1) 63 sock->sk->sk_rcvtimeo = secs * HZ; 64 else 65 sock->sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT; 66 release_sock(sock->sk); 67 } 68 69 static inline void ksmbd_tcp_snd_timeout(struct socket *sock, s64 secs) 70 { 71 sock_set_sndtimeo(sock->sk, secs); 72 } 73 74 static struct tcp_transport *alloc_transport(struct socket *client_sk) 75 { 76 struct tcp_transport *t; 77 struct ksmbd_conn *conn; 78 79 t = kzalloc(sizeof(*t), GFP_KERNEL); 80 if (!t) 81 return NULL; 82 t->sock = client_sk; 83 84 conn = ksmbd_conn_alloc(); 85 if (!conn) { 86 kfree(t); 87 return NULL; 88 } 89 90 conn->transport = KSMBD_TRANS(t); 91 KSMBD_TRANS(t)->conn = conn; 92 KSMBD_TRANS(t)->ops = &ksmbd_tcp_transport_ops; 93 return t; 94 } 95 96 static void free_transport(struct tcp_transport *t) 97 { 98 kernel_sock_shutdown(t->sock, SHUT_RDWR); 99 sock_release(t->sock); 100 t->sock = NULL; 101 102 ksmbd_conn_free(KSMBD_TRANS(t)->conn); 103 kfree(t->iov); 104 kfree(t); 105 } 106 107 /** 108 * kvec_array_init() - initialize a IO vector segment 109 * @new: IO vector to be initialized 110 * @iov: base IO vector 111 * @nr_segs: number of segments in base iov 112 * @bytes: total iovec length so far for read 113 * 114 * Return: Number of IO segments 115 */ 116 static unsigned int kvec_array_init(struct kvec *new, struct kvec *iov, 117 unsigned int nr_segs, size_t bytes) 118 { 119 size_t base = 0; 120 121 while (bytes || !iov->iov_len) { 122 int copy = min(bytes, iov->iov_len); 123 124 bytes -= copy; 125 base += copy; 126 if (iov->iov_len == base) { 127 iov++; 128 nr_segs--; 129 base = 0; 130 } 131 } 132 133 memcpy(new, iov, sizeof(*iov) * nr_segs); 134 new->iov_base += base; 135 new->iov_len -= base; 136 return nr_segs; 137 } 138 139 /** 140 * get_conn_iovec() - get connection iovec for reading from socket 141 * @t: TCP transport instance 142 * @nr_segs: number of segments in iov 143 * 144 * Return: return existing or newly allocate iovec 145 */ 146 static struct kvec *get_conn_iovec(struct tcp_transport *t, unsigned int nr_segs) 147 { 148 struct kvec *new_iov; 149 150 if (t->iov && nr_segs <= t->nr_iov) 151 return t->iov; 152 153 /* not big enough -- allocate a new one and release the old */ 154 new_iov = kmalloc_array(nr_segs, sizeof(*new_iov), GFP_KERNEL); 155 if (new_iov) { 156 kfree(t->iov); 157 t->iov = new_iov; 158 t->nr_iov = nr_segs; 159 } 160 return new_iov; 161 } 162 163 static unsigned short ksmbd_tcp_get_port(const struct sockaddr *sa) 164 { 165 switch (sa->sa_family) { 166 case AF_INET: 167 return ntohs(((struct sockaddr_in *)sa)->sin_port); 168 case AF_INET6: 169 return ntohs(((struct sockaddr_in6 *)sa)->sin6_port); 170 } 171 return 0; 172 } 173 174 /** 175 * ksmbd_tcp_new_connection() - create a new tcp session on mount 176 * @client_sk: socket associated with new connection 177 * 178 * whenever a new connection is requested, create a conn thread 179 * (session thread) to handle new incoming smb requests from the connection 180 * 181 * Return: 0 on success, otherwise error 182 */ 183 static int ksmbd_tcp_new_connection(struct socket *client_sk) 184 { 185 struct sockaddr *csin; 186 int rc = 0; 187 struct tcp_transport *t; 188 struct task_struct *handler; 189 190 t = alloc_transport(client_sk); 191 if (!t) { 192 sock_release(client_sk); 193 return -ENOMEM; 194 } 195 196 csin = KSMBD_TCP_PEER_SOCKADDR(KSMBD_TRANS(t)->conn); 197 if (kernel_getpeername(client_sk, csin) < 0) { 198 pr_err("client ip resolution failed\n"); 199 rc = -EINVAL; 200 goto out_error; 201 } 202 203 handler = kthread_run(ksmbd_conn_handler_loop, 204 KSMBD_TRANS(t)->conn, 205 "ksmbd:%u", 206 ksmbd_tcp_get_port(csin)); 207 if (IS_ERR(handler)) { 208 pr_err("cannot start conn thread\n"); 209 rc = PTR_ERR(handler); 210 free_transport(t); 211 } 212 return rc; 213 214 out_error: 215 free_transport(t); 216 return rc; 217 } 218 219 /** 220 * ksmbd_kthread_fn() - listen to new SMB connections and callback server 221 * @p: arguments to forker thread 222 * 223 * Return: 0 on success, error number otherwise 224 */ 225 static int ksmbd_kthread_fn(void *p) 226 { 227 struct socket *client_sk = NULL; 228 struct interface *iface = (struct interface *)p; 229 int ret; 230 231 while (!kthread_should_stop()) { 232 mutex_lock(&iface->sock_release_lock); 233 if (!iface->ksmbd_socket) { 234 mutex_unlock(&iface->sock_release_lock); 235 break; 236 } 237 ret = kernel_accept(iface->ksmbd_socket, &client_sk, 238 SOCK_NONBLOCK); 239 mutex_unlock(&iface->sock_release_lock); 240 if (ret) { 241 if (ret == -EAGAIN) 242 /* check for new connections every 100 msecs */ 243 schedule_timeout_interruptible(HZ / 10); 244 continue; 245 } 246 247 if (server_conf.max_connections && 248 atomic_inc_return(&active_num_conn) >= server_conf.max_connections) { 249 pr_info_ratelimited("Limit the maximum number of connections(%u)\n", 250 atomic_read(&active_num_conn)); 251 atomic_dec(&active_num_conn); 252 sock_release(client_sk); 253 continue; 254 } 255 256 ksmbd_debug(CONN, "connect success: accepted new connection\n"); 257 client_sk->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT; 258 client_sk->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT; 259 260 ksmbd_tcp_new_connection(client_sk); 261 } 262 263 ksmbd_debug(CONN, "releasing socket\n"); 264 return 0; 265 } 266 267 /** 268 * ksmbd_tcp_run_kthread() - start forker thread 269 * @iface: pointer to struct interface 270 * 271 * start forker thread(ksmbd/0) at module init time to listen 272 * on port 445 for new SMB connection requests. It creates per connection 273 * server threads(ksmbd/x) 274 * 275 * Return: 0 on success or error number 276 */ 277 static int ksmbd_tcp_run_kthread(struct interface *iface) 278 { 279 int rc; 280 struct task_struct *kthread; 281 282 kthread = kthread_run(ksmbd_kthread_fn, (void *)iface, "ksmbd-%s", 283 iface->name); 284 if (IS_ERR(kthread)) { 285 rc = PTR_ERR(kthread); 286 return rc; 287 } 288 iface->ksmbd_kthread = kthread; 289 290 return 0; 291 } 292 293 /** 294 * ksmbd_tcp_readv() - read data from socket in given iovec 295 * @t: TCP transport instance 296 * @iov_orig: base IO vector 297 * @nr_segs: number of segments in base iov 298 * @to_read: number of bytes to read from socket 299 * @max_retries: maximum retry count 300 * 301 * Return: on success return number of bytes read from socket, 302 * otherwise return error number 303 */ 304 static int ksmbd_tcp_readv(struct tcp_transport *t, struct kvec *iov_orig, 305 unsigned int nr_segs, unsigned int to_read, 306 int max_retries) 307 { 308 int length = 0; 309 int total_read; 310 unsigned int segs; 311 struct msghdr ksmbd_msg; 312 struct kvec *iov; 313 struct ksmbd_conn *conn = KSMBD_TRANS(t)->conn; 314 315 iov = get_conn_iovec(t, nr_segs); 316 if (!iov) 317 return -ENOMEM; 318 319 ksmbd_msg.msg_control = NULL; 320 ksmbd_msg.msg_controllen = 0; 321 322 for (total_read = 0; to_read; total_read += length, to_read -= length) { 323 try_to_freeze(); 324 325 if (!ksmbd_conn_alive(conn)) { 326 total_read = -ESHUTDOWN; 327 break; 328 } 329 segs = kvec_array_init(iov, iov_orig, nr_segs, total_read); 330 331 length = kernel_recvmsg(t->sock, &ksmbd_msg, 332 iov, segs, to_read, 0); 333 334 if (length == -EINTR) { 335 total_read = -ESHUTDOWN; 336 break; 337 } else if (ksmbd_conn_need_reconnect(conn)) { 338 total_read = -EAGAIN; 339 break; 340 } else if (length == -ERESTARTSYS || length == -EAGAIN) { 341 /* 342 * If max_retries is negative, Allow unlimited 343 * retries to keep connection with inactive sessions. 344 */ 345 if (max_retries == 0) { 346 total_read = length; 347 break; 348 } else if (max_retries > 0) { 349 max_retries--; 350 } 351 352 usleep_range(1000, 2000); 353 length = 0; 354 continue; 355 } else if (length <= 0) { 356 total_read = length; 357 break; 358 } 359 } 360 return total_read; 361 } 362 363 /** 364 * ksmbd_tcp_read() - read data from socket in given buffer 365 * @t: TCP transport instance 366 * @buf: buffer to store read data from socket 367 * @to_read: number of bytes to read from socket 368 * 369 * Return: on success return number of bytes read from socket, 370 * otherwise return error number 371 */ 372 static int ksmbd_tcp_read(struct ksmbd_transport *t, char *buf, 373 unsigned int to_read, int max_retries) 374 { 375 struct kvec iov; 376 377 iov.iov_base = buf; 378 iov.iov_len = to_read; 379 380 return ksmbd_tcp_readv(TCP_TRANS(t), &iov, 1, to_read, max_retries); 381 } 382 383 static int ksmbd_tcp_writev(struct ksmbd_transport *t, struct kvec *iov, 384 int nvecs, int size, bool need_invalidate, 385 unsigned int remote_key) 386 387 { 388 struct msghdr smb_msg = {.msg_flags = MSG_NOSIGNAL}; 389 390 return kernel_sendmsg(TCP_TRANS(t)->sock, &smb_msg, iov, nvecs, size); 391 } 392 393 static void ksmbd_tcp_disconnect(struct ksmbd_transport *t) 394 { 395 free_transport(TCP_TRANS(t)); 396 if (server_conf.max_connections) 397 atomic_dec(&active_num_conn); 398 } 399 400 static void tcp_destroy_socket(struct socket *ksmbd_socket) 401 { 402 int ret; 403 404 if (!ksmbd_socket) 405 return; 406 407 /* set zero to timeout */ 408 ksmbd_tcp_rcv_timeout(ksmbd_socket, 0); 409 ksmbd_tcp_snd_timeout(ksmbd_socket, 0); 410 411 ret = kernel_sock_shutdown(ksmbd_socket, SHUT_RDWR); 412 if (ret) 413 pr_err("Failed to shutdown socket: %d\n", ret); 414 sock_release(ksmbd_socket); 415 } 416 417 /** 418 * create_socket - create socket for ksmbd/0 419 * 420 * Return: 0 on success, error number otherwise 421 */ 422 static int create_socket(struct interface *iface) 423 { 424 int ret; 425 struct sockaddr_in6 sin6; 426 struct sockaddr_in sin; 427 struct socket *ksmbd_socket; 428 bool ipv4 = false; 429 430 ret = sock_create(PF_INET6, SOCK_STREAM, IPPROTO_TCP, &ksmbd_socket); 431 if (ret) { 432 if (ret != -EAFNOSUPPORT) 433 pr_err("Can't create socket for ipv6, fallback to ipv4: %d\n", ret); 434 ret = sock_create(PF_INET, SOCK_STREAM, IPPROTO_TCP, 435 &ksmbd_socket); 436 if (ret) { 437 pr_err("Can't create socket for ipv4: %d\n", ret); 438 goto out_clear; 439 } 440 441 sin.sin_family = PF_INET; 442 sin.sin_addr.s_addr = htonl(INADDR_ANY); 443 sin.sin_port = htons(server_conf.tcp_port); 444 ipv4 = true; 445 } else { 446 sin6.sin6_family = PF_INET6; 447 sin6.sin6_addr = in6addr_any; 448 sin6.sin6_port = htons(server_conf.tcp_port); 449 } 450 451 ksmbd_tcp_nodelay(ksmbd_socket); 452 ksmbd_tcp_reuseaddr(ksmbd_socket); 453 454 ret = sock_setsockopt(ksmbd_socket, 455 SOL_SOCKET, 456 SO_BINDTODEVICE, 457 KERNEL_SOCKPTR(iface->name), 458 strlen(iface->name)); 459 if (ret != -ENODEV && ret < 0) { 460 pr_err("Failed to set SO_BINDTODEVICE: %d\n", ret); 461 goto out_error; 462 } 463 464 if (ipv4) 465 ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin, 466 sizeof(sin)); 467 else 468 ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin6, 469 sizeof(sin6)); 470 if (ret) { 471 pr_err("Failed to bind socket: %d\n", ret); 472 goto out_error; 473 } 474 475 ksmbd_socket->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT; 476 ksmbd_socket->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT; 477 478 ret = kernel_listen(ksmbd_socket, KSMBD_SOCKET_BACKLOG); 479 if (ret) { 480 pr_err("Port listen() error: %d\n", ret); 481 goto out_error; 482 } 483 484 iface->ksmbd_socket = ksmbd_socket; 485 ret = ksmbd_tcp_run_kthread(iface); 486 if (ret) { 487 pr_err("Can't start ksmbd main kthread: %d\n", ret); 488 goto out_error; 489 } 490 iface->state = IFACE_STATE_CONFIGURED; 491 492 return 0; 493 494 out_error: 495 tcp_destroy_socket(ksmbd_socket); 496 out_clear: 497 iface->ksmbd_socket = NULL; 498 return ret; 499 } 500 501 static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event, 502 void *ptr) 503 { 504 struct net_device *netdev = netdev_notifier_info_to_dev(ptr); 505 struct interface *iface; 506 int ret, found = 0; 507 508 switch (event) { 509 case NETDEV_UP: 510 if (netif_is_bridge_port(netdev)) 511 return NOTIFY_OK; 512 513 list_for_each_entry(iface, &iface_list, entry) { 514 if (!strcmp(iface->name, netdev->name)) { 515 found = 1; 516 if (iface->state != IFACE_STATE_DOWN) 517 break; 518 ret = create_socket(iface); 519 if (ret) 520 return NOTIFY_OK; 521 break; 522 } 523 } 524 if (!found && bind_additional_ifaces) { 525 iface = alloc_iface(kstrdup(netdev->name, GFP_KERNEL)); 526 if (!iface) 527 return NOTIFY_OK; 528 ret = create_socket(iface); 529 if (ret) 530 break; 531 } 532 break; 533 case NETDEV_DOWN: 534 list_for_each_entry(iface, &iface_list, entry) { 535 if (!strcmp(iface->name, netdev->name) && 536 iface->state == IFACE_STATE_CONFIGURED) { 537 tcp_stop_kthread(iface->ksmbd_kthread); 538 iface->ksmbd_kthread = NULL; 539 mutex_lock(&iface->sock_release_lock); 540 tcp_destroy_socket(iface->ksmbd_socket); 541 iface->ksmbd_socket = NULL; 542 mutex_unlock(&iface->sock_release_lock); 543 544 iface->state = IFACE_STATE_DOWN; 545 break; 546 } 547 } 548 break; 549 } 550 551 return NOTIFY_DONE; 552 } 553 554 static struct notifier_block ksmbd_netdev_notifier = { 555 .notifier_call = ksmbd_netdev_event, 556 }; 557 558 int ksmbd_tcp_init(void) 559 { 560 register_netdevice_notifier(&ksmbd_netdev_notifier); 561 562 return 0; 563 } 564 565 static void tcp_stop_kthread(struct task_struct *kthread) 566 { 567 int ret; 568 569 if (!kthread) 570 return; 571 572 ret = kthread_stop(kthread); 573 if (ret) 574 pr_err("failed to stop forker thread\n"); 575 } 576 577 void ksmbd_tcp_destroy(void) 578 { 579 struct interface *iface, *tmp; 580 581 unregister_netdevice_notifier(&ksmbd_netdev_notifier); 582 583 list_for_each_entry_safe(iface, tmp, &iface_list, entry) { 584 list_del(&iface->entry); 585 kfree(iface->name); 586 kfree(iface); 587 } 588 } 589 590 static struct interface *alloc_iface(char *ifname) 591 { 592 struct interface *iface; 593 594 if (!ifname) 595 return NULL; 596 597 iface = kzalloc(sizeof(struct interface), GFP_KERNEL); 598 if (!iface) { 599 kfree(ifname); 600 return NULL; 601 } 602 603 iface->name = ifname; 604 iface->state = IFACE_STATE_DOWN; 605 list_add(&iface->entry, &iface_list); 606 mutex_init(&iface->sock_release_lock); 607 return iface; 608 } 609 610 int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz) 611 { 612 int sz = 0; 613 614 if (!ifc_list_sz) { 615 struct net_device *netdev; 616 617 rtnl_lock(); 618 for_each_netdev(&init_net, netdev) { 619 if (netif_is_bridge_port(netdev)) 620 continue; 621 if (!alloc_iface(kstrdup(netdev->name, GFP_KERNEL))) 622 return -ENOMEM; 623 } 624 rtnl_unlock(); 625 bind_additional_ifaces = 1; 626 return 0; 627 } 628 629 while (ifc_list_sz > 0) { 630 if (!alloc_iface(kstrdup(ifc_list, GFP_KERNEL))) 631 return -ENOMEM; 632 633 sz = strlen(ifc_list); 634 if (!sz) 635 break; 636 637 ifc_list += sz + 1; 638 ifc_list_sz -= (sz + 1); 639 } 640 641 bind_additional_ifaces = 0; 642 643 return 0; 644 } 645 646 static struct ksmbd_transport_ops ksmbd_tcp_transport_ops = { 647 .read = ksmbd_tcp_read, 648 .writev = ksmbd_tcp_writev, 649 .disconnect = ksmbd_tcp_disconnect, 650 }; 651