1 /* AF_RXRPC implementation 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13 14 #include <linux/module.h> 15 #include <linux/kernel.h> 16 #include <linux/net.h> 17 #include <linux/slab.h> 18 #include <linux/skbuff.h> 19 #include <linux/random.h> 20 #include <linux/poll.h> 21 #include <linux/proc_fs.h> 22 #include <linux/key-type.h> 23 #include <net/net_namespace.h> 24 #include <net/sock.h> 25 #include <net/af_rxrpc.h> 26 #define CREATE_TRACE_POINTS 27 #include "ar-internal.h" 28 29 MODULE_DESCRIPTION("RxRPC network protocol"); 30 MODULE_AUTHOR("Red Hat, Inc."); 31 MODULE_LICENSE("GPL"); 32 MODULE_ALIAS_NETPROTO(PF_RXRPC); 33 34 unsigned int rxrpc_debug; // = RXRPC_DEBUG_KPROTO; 35 module_param_named(debug, rxrpc_debug, uint, 0644); 36 MODULE_PARM_DESC(debug, "RxRPC debugging mask"); 37 38 static struct proto rxrpc_proto; 39 static const struct proto_ops rxrpc_rpc_ops; 40 41 /* current debugging ID */ 42 atomic_t rxrpc_debug_id; 43 EXPORT_SYMBOL(rxrpc_debug_id); 44 45 /* count of skbs currently in use */ 46 atomic_t rxrpc_n_tx_skbs, rxrpc_n_rx_skbs; 47 48 struct workqueue_struct *rxrpc_workqueue; 49 50 static void rxrpc_sock_destructor(struct sock *); 51 52 /* 53 * see if an RxRPC socket is currently writable 54 */ 55 static inline int rxrpc_writable(struct sock *sk) 56 { 57 return refcount_read(&sk->sk_wmem_alloc) < (size_t) sk->sk_sndbuf; 58 } 59 60 /* 61 * wait for write bufferage to become available 62 */ 63 static void rxrpc_write_space(struct sock *sk) 64 { 65 _enter("%p", sk); 66 rcu_read_lock(); 67 if (rxrpc_writable(sk)) { 68 struct socket_wq *wq = rcu_dereference(sk->sk_wq); 69 70 if (skwq_has_sleeper(wq)) 71 wake_up_interruptible(&wq->wait); 72 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT); 73 } 74 rcu_read_unlock(); 75 } 76 77 /* 78 * validate an RxRPC address 79 */ 80 static int rxrpc_validate_address(struct rxrpc_sock *rx, 81 struct sockaddr_rxrpc *srx, 82 int len) 83 { 84 unsigned int tail; 85 86 if (len < sizeof(struct sockaddr_rxrpc)) 87 return -EINVAL; 88 89 if (srx->srx_family != AF_RXRPC) 90 return -EAFNOSUPPORT; 91 92 if (srx->transport_type != SOCK_DGRAM) 93 return -ESOCKTNOSUPPORT; 94 95 len -= offsetof(struct sockaddr_rxrpc, transport); 96 if (srx->transport_len < sizeof(sa_family_t) || 97 srx->transport_len > len) 98 return -EINVAL; 99 100 if (srx->transport.family != rx->family && 101 srx->transport.family == AF_INET && rx->family != AF_INET6) 102 return -EAFNOSUPPORT; 103 104 switch (srx->transport.family) { 105 case AF_INET: 106 if (srx->transport_len < sizeof(struct sockaddr_in)) 107 return -EINVAL; 108 tail = offsetof(struct sockaddr_rxrpc, transport.sin.__pad); 109 break; 110 111 #ifdef CONFIG_AF_RXRPC_IPV6 112 case AF_INET6: 113 if (srx->transport_len < sizeof(struct sockaddr_in6)) 114 return -EINVAL; 115 tail = offsetof(struct sockaddr_rxrpc, transport) + 116 sizeof(struct sockaddr_in6); 117 break; 118 #endif 119 120 default: 121 return -EAFNOSUPPORT; 122 } 123 124 if (tail < len) 125 memset((void *)srx + tail, 0, len - tail); 126 _debug("INET: %pISp", &srx->transport); 127 return 0; 128 } 129 130 /* 131 * bind a local address to an RxRPC socket 132 */ 133 static int rxrpc_bind(struct socket *sock, struct sockaddr *saddr, int len) 134 { 135 struct sockaddr_rxrpc *srx = (struct sockaddr_rxrpc *)saddr; 136 struct rxrpc_local *local; 137 struct rxrpc_sock *rx = rxrpc_sk(sock->sk); 138 u16 service_id = srx->srx_service; 139 int ret; 140 141 _enter("%p,%p,%d", rx, saddr, len); 142 143 ret = rxrpc_validate_address(rx, srx, len); 144 if (ret < 0) 145 goto error; 146 147 lock_sock(&rx->sk); 148 149 switch (rx->sk.sk_state) { 150 case RXRPC_UNBOUND: 151 rx->srx = *srx; 152 local = rxrpc_lookup_local(sock_net(&rx->sk), &rx->srx); 153 if (IS_ERR(local)) { 154 ret = PTR_ERR(local); 155 goto error_unlock; 156 } 157 158 if (service_id) { 159 write_lock(&local->services_lock); 160 if (rcu_access_pointer(local->service)) 161 goto service_in_use; 162 rx->local = local; 163 rcu_assign_pointer(local->service, rx); 164 write_unlock(&local->services_lock); 165 166 rx->sk.sk_state = RXRPC_SERVER_BOUND; 167 } else { 168 rx->local = local; 169 rx->sk.sk_state = RXRPC_CLIENT_BOUND; 170 } 171 break; 172 173 case RXRPC_SERVER_BOUND: 174 ret = -EINVAL; 175 if (service_id == 0) 176 goto error_unlock; 177 ret = -EADDRINUSE; 178 if (service_id == rx->srx.srx_service) 179 goto error_unlock; 180 ret = -EINVAL; 181 srx->srx_service = rx->srx.srx_service; 182 if (memcmp(srx, &rx->srx, sizeof(*srx)) != 0) 183 goto error_unlock; 184 rx->second_service = service_id; 185 rx->sk.sk_state = RXRPC_SERVER_BOUND2; 186 break; 187 188 default: 189 ret = -EINVAL; 190 goto error_unlock; 191 } 192 193 release_sock(&rx->sk); 194 _leave(" = 0"); 195 return 0; 196 197 service_in_use: 198 write_unlock(&local->services_lock); 199 rxrpc_put_local(local); 200 ret = -EADDRINUSE; 201 error_unlock: 202 release_sock(&rx->sk); 203 error: 204 _leave(" = %d", ret); 205 return ret; 206 } 207 208 /* 209 * set the number of pending calls permitted on a listening socket 210 */ 211 static int rxrpc_listen(struct socket *sock, int backlog) 212 { 213 struct sock *sk = sock->sk; 214 struct rxrpc_sock *rx = rxrpc_sk(sk); 215 unsigned int max, old; 216 int ret; 217 218 _enter("%p,%d", rx, backlog); 219 220 lock_sock(&rx->sk); 221 222 switch (rx->sk.sk_state) { 223 case RXRPC_UNBOUND: 224 ret = -EADDRNOTAVAIL; 225 break; 226 case RXRPC_SERVER_BOUND: 227 case RXRPC_SERVER_BOUND2: 228 ASSERT(rx->local != NULL); 229 max = READ_ONCE(rxrpc_max_backlog); 230 ret = -EINVAL; 231 if (backlog == INT_MAX) 232 backlog = max; 233 else if (backlog < 0 || backlog > max) 234 break; 235 old = sk->sk_max_ack_backlog; 236 sk->sk_max_ack_backlog = backlog; 237 ret = rxrpc_service_prealloc(rx, GFP_KERNEL); 238 if (ret == 0) 239 rx->sk.sk_state = RXRPC_SERVER_LISTENING; 240 else 241 sk->sk_max_ack_backlog = old; 242 break; 243 case RXRPC_SERVER_LISTENING: 244 if (backlog == 0) { 245 rx->sk.sk_state = RXRPC_SERVER_LISTEN_DISABLED; 246 sk->sk_max_ack_backlog = 0; 247 rxrpc_discard_prealloc(rx); 248 ret = 0; 249 break; 250 } 251 /* Fall through */ 252 default: 253 ret = -EBUSY; 254 break; 255 } 256 257 release_sock(&rx->sk); 258 _leave(" = %d", ret); 259 return ret; 260 } 261 262 /** 263 * rxrpc_kernel_begin_call - Allow a kernel service to begin a call 264 * @sock: The socket on which to make the call 265 * @srx: The address of the peer to contact 266 * @key: The security context to use (defaults to socket setting) 267 * @user_call_ID: The ID to use 268 * @tx_total_len: Total length of data to transmit during the call (or -1) 269 * @gfp: The allocation constraints 270 * @notify_rx: Where to send notifications instead of socket queue 271 * @upgrade: Request service upgrade for call 272 * @debug_id: The debug ID for tracing to be assigned to the call 273 * 274 * Allow a kernel service to begin a call on the nominated socket. This just 275 * sets up all the internal tracking structures and allocates connection and 276 * call IDs as appropriate. The call to be used is returned. 277 * 278 * The default socket destination address and security may be overridden by 279 * supplying @srx and @key. 280 */ 281 struct rxrpc_call *rxrpc_kernel_begin_call(struct socket *sock, 282 struct sockaddr_rxrpc *srx, 283 struct key *key, 284 unsigned long user_call_ID, 285 s64 tx_total_len, 286 gfp_t gfp, 287 rxrpc_notify_rx_t notify_rx, 288 bool upgrade, 289 unsigned int debug_id) 290 { 291 struct rxrpc_conn_parameters cp; 292 struct rxrpc_call_params p; 293 struct rxrpc_call *call; 294 struct rxrpc_sock *rx = rxrpc_sk(sock->sk); 295 int ret; 296 297 _enter(",,%x,%lx", key_serial(key), user_call_ID); 298 299 ret = rxrpc_validate_address(rx, srx, sizeof(*srx)); 300 if (ret < 0) 301 return ERR_PTR(ret); 302 303 lock_sock(&rx->sk); 304 305 if (!key) 306 key = rx->key; 307 if (key && !key->payload.data[0]) 308 key = NULL; /* a no-security key */ 309 310 memset(&p, 0, sizeof(p)); 311 p.user_call_ID = user_call_ID; 312 p.tx_total_len = tx_total_len; 313 314 memset(&cp, 0, sizeof(cp)); 315 cp.local = rx->local; 316 cp.key = key; 317 cp.security_level = rx->min_sec_level; 318 cp.exclusive = false; 319 cp.upgrade = upgrade; 320 cp.service_id = srx->srx_service; 321 call = rxrpc_new_client_call(rx, &cp, srx, &p, gfp, debug_id); 322 /* The socket has been unlocked. */ 323 if (!IS_ERR(call)) { 324 call->notify_rx = notify_rx; 325 mutex_unlock(&call->user_mutex); 326 } 327 328 rxrpc_put_peer(cp.peer); 329 _leave(" = %p", call); 330 return call; 331 } 332 EXPORT_SYMBOL(rxrpc_kernel_begin_call); 333 334 /* 335 * Dummy function used to stop the notifier talking to recvmsg(). 336 */ 337 static void rxrpc_dummy_notify_rx(struct sock *sk, struct rxrpc_call *rxcall, 338 unsigned long call_user_ID) 339 { 340 } 341 342 /** 343 * rxrpc_kernel_end_call - Allow a kernel service to end a call it was using 344 * @sock: The socket the call is on 345 * @call: The call to end 346 * 347 * Allow a kernel service to end a call it was using. The call must be 348 * complete before this is called (the call should be aborted if necessary). 349 */ 350 void rxrpc_kernel_end_call(struct socket *sock, struct rxrpc_call *call) 351 { 352 _enter("%d{%d}", call->debug_id, atomic_read(&call->usage)); 353 354 mutex_lock(&call->user_mutex); 355 rxrpc_release_call(rxrpc_sk(sock->sk), call); 356 357 /* Make sure we're not going to call back into a kernel service */ 358 if (call->notify_rx) { 359 spin_lock_bh(&call->notify_lock); 360 call->notify_rx = rxrpc_dummy_notify_rx; 361 spin_unlock_bh(&call->notify_lock); 362 } 363 364 mutex_unlock(&call->user_mutex); 365 rxrpc_put_call(call, rxrpc_call_put_kernel); 366 } 367 EXPORT_SYMBOL(rxrpc_kernel_end_call); 368 369 /** 370 * rxrpc_kernel_check_life - Check to see whether a call is still alive 371 * @sock: The socket the call is on 372 * @call: The call to check 373 * 374 * Allow a kernel service to find out whether a call is still alive - ie. we're 375 * getting ACKs from the server. Returns a number representing the life state 376 * which can be compared to that returned by a previous call. 377 * 378 * If this is a client call, ping ACKs will be sent to the server to find out 379 * whether it's still responsive and whether the call is still alive on the 380 * server. 381 */ 382 u32 rxrpc_kernel_check_life(struct socket *sock, struct rxrpc_call *call) 383 { 384 return call->acks_latest; 385 } 386 EXPORT_SYMBOL(rxrpc_kernel_check_life); 387 388 /** 389 * rxrpc_kernel_get_epoch - Retrieve the epoch value from a call. 390 * @sock: The socket the call is on 391 * @call: The call to query 392 * 393 * Allow a kernel service to retrieve the epoch value from a service call to 394 * see if the client at the other end rebooted. 395 */ 396 u32 rxrpc_kernel_get_epoch(struct socket *sock, struct rxrpc_call *call) 397 { 398 return call->conn->proto.epoch; 399 } 400 EXPORT_SYMBOL(rxrpc_kernel_get_epoch); 401 402 /** 403 * rxrpc_kernel_check_call - Check a call's state 404 * @sock: The socket the call is on 405 * @call: The call to check 406 * @_compl: Where to store the completion state 407 * @_abort_code: Where to store any abort code 408 * 409 * Allow a kernel service to query the state of a call and find out the manner 410 * of its termination if it has completed. Returns -EINPROGRESS if the call is 411 * still going, 0 if the call finished successfully, -ECONNABORTED if the call 412 * was aborted and an appropriate error if the call failed in some other way. 413 */ 414 int rxrpc_kernel_check_call(struct socket *sock, struct rxrpc_call *call, 415 enum rxrpc_call_completion *_compl, u32 *_abort_code) 416 { 417 if (call->state != RXRPC_CALL_COMPLETE) 418 return -EINPROGRESS; 419 smp_rmb(); 420 *_compl = call->completion; 421 *_abort_code = call->abort_code; 422 return call->error; 423 } 424 EXPORT_SYMBOL(rxrpc_kernel_check_call); 425 426 /** 427 * rxrpc_kernel_retry_call - Allow a kernel service to retry a call 428 * @sock: The socket the call is on 429 * @call: The call to retry 430 * @srx: The address of the peer to contact 431 * @key: The security context to use (defaults to socket setting) 432 * 433 * Allow a kernel service to try resending a client call that failed due to a 434 * network error to a new address. The Tx queue is maintained intact, thereby 435 * relieving the need to re-encrypt any request data that has already been 436 * buffered. 437 */ 438 int rxrpc_kernel_retry_call(struct socket *sock, struct rxrpc_call *call, 439 struct sockaddr_rxrpc *srx, struct key *key) 440 { 441 struct rxrpc_conn_parameters cp; 442 struct rxrpc_sock *rx = rxrpc_sk(sock->sk); 443 int ret; 444 445 _enter("%d{%d}", call->debug_id, atomic_read(&call->usage)); 446 447 if (!key) 448 key = rx->key; 449 if (key && !key->payload.data[0]) 450 key = NULL; /* a no-security key */ 451 452 memset(&cp, 0, sizeof(cp)); 453 cp.local = rx->local; 454 cp.key = key; 455 cp.security_level = 0; 456 cp.exclusive = false; 457 cp.service_id = srx->srx_service; 458 459 mutex_lock(&call->user_mutex); 460 461 ret = rxrpc_prepare_call_for_retry(rx, call); 462 if (ret == 0) 463 ret = rxrpc_retry_client_call(rx, call, &cp, srx, GFP_KERNEL); 464 465 mutex_unlock(&call->user_mutex); 466 rxrpc_put_peer(cp.peer); 467 _leave(" = %d", ret); 468 return ret; 469 } 470 EXPORT_SYMBOL(rxrpc_kernel_retry_call); 471 472 /** 473 * rxrpc_kernel_new_call_notification - Get notifications of new calls 474 * @sock: The socket to intercept received messages on 475 * @notify_new_call: Function to be called when new calls appear 476 * @discard_new_call: Function to discard preallocated calls 477 * 478 * Allow a kernel service to be given notifications about new calls. 479 */ 480 void rxrpc_kernel_new_call_notification( 481 struct socket *sock, 482 rxrpc_notify_new_call_t notify_new_call, 483 rxrpc_discard_new_call_t discard_new_call) 484 { 485 struct rxrpc_sock *rx = rxrpc_sk(sock->sk); 486 487 rx->notify_new_call = notify_new_call; 488 rx->discard_new_call = discard_new_call; 489 } 490 EXPORT_SYMBOL(rxrpc_kernel_new_call_notification); 491 492 /* 493 * connect an RxRPC socket 494 * - this just targets it at a specific destination; no actual connection 495 * negotiation takes place 496 */ 497 static int rxrpc_connect(struct socket *sock, struct sockaddr *addr, 498 int addr_len, int flags) 499 { 500 struct sockaddr_rxrpc *srx = (struct sockaddr_rxrpc *)addr; 501 struct rxrpc_sock *rx = rxrpc_sk(sock->sk); 502 int ret; 503 504 _enter("%p,%p,%d,%d", rx, addr, addr_len, flags); 505 506 ret = rxrpc_validate_address(rx, srx, addr_len); 507 if (ret < 0) { 508 _leave(" = %d [bad addr]", ret); 509 return ret; 510 } 511 512 lock_sock(&rx->sk); 513 514 ret = -EISCONN; 515 if (test_bit(RXRPC_SOCK_CONNECTED, &rx->flags)) 516 goto error; 517 518 switch (rx->sk.sk_state) { 519 case RXRPC_UNBOUND: 520 rx->sk.sk_state = RXRPC_CLIENT_UNBOUND; 521 case RXRPC_CLIENT_UNBOUND: 522 case RXRPC_CLIENT_BOUND: 523 break; 524 default: 525 ret = -EBUSY; 526 goto error; 527 } 528 529 rx->connect_srx = *srx; 530 set_bit(RXRPC_SOCK_CONNECTED, &rx->flags); 531 ret = 0; 532 533 error: 534 release_sock(&rx->sk); 535 return ret; 536 } 537 538 /* 539 * send a message through an RxRPC socket 540 * - in a client this does a number of things: 541 * - finds/sets up a connection for the security specified (if any) 542 * - initiates a call (ID in control data) 543 * - ends the request phase of a call (if MSG_MORE is not set) 544 * - sends a call data packet 545 * - may send an abort (abort code in control data) 546 */ 547 static int rxrpc_sendmsg(struct socket *sock, struct msghdr *m, size_t len) 548 { 549 struct rxrpc_local *local; 550 struct rxrpc_sock *rx = rxrpc_sk(sock->sk); 551 int ret; 552 553 _enter(",{%d},,%zu", rx->sk.sk_state, len); 554 555 if (m->msg_flags & MSG_OOB) 556 return -EOPNOTSUPP; 557 558 if (m->msg_name) { 559 ret = rxrpc_validate_address(rx, m->msg_name, m->msg_namelen); 560 if (ret < 0) { 561 _leave(" = %d [bad addr]", ret); 562 return ret; 563 } 564 } 565 566 lock_sock(&rx->sk); 567 568 switch (rx->sk.sk_state) { 569 case RXRPC_UNBOUND: 570 rx->srx.srx_family = AF_RXRPC; 571 rx->srx.srx_service = 0; 572 rx->srx.transport_type = SOCK_DGRAM; 573 rx->srx.transport.family = rx->family; 574 switch (rx->family) { 575 case AF_INET: 576 rx->srx.transport_len = sizeof(struct sockaddr_in); 577 break; 578 #ifdef CONFIG_AF_RXRPC_IPV6 579 case AF_INET6: 580 rx->srx.transport_len = sizeof(struct sockaddr_in6); 581 break; 582 #endif 583 default: 584 ret = -EAFNOSUPPORT; 585 goto error_unlock; 586 } 587 local = rxrpc_lookup_local(sock_net(sock->sk), &rx->srx); 588 if (IS_ERR(local)) { 589 ret = PTR_ERR(local); 590 goto error_unlock; 591 } 592 593 rx->local = local; 594 rx->sk.sk_state = RXRPC_CLIENT_UNBOUND; 595 /* Fall through */ 596 597 case RXRPC_CLIENT_UNBOUND: 598 case RXRPC_CLIENT_BOUND: 599 if (!m->msg_name && 600 test_bit(RXRPC_SOCK_CONNECTED, &rx->flags)) { 601 m->msg_name = &rx->connect_srx; 602 m->msg_namelen = sizeof(rx->connect_srx); 603 } 604 /* Fall through */ 605 case RXRPC_SERVER_BOUND: 606 case RXRPC_SERVER_LISTENING: 607 ret = rxrpc_do_sendmsg(rx, m, len); 608 /* The socket has been unlocked */ 609 goto out; 610 default: 611 ret = -EINVAL; 612 goto error_unlock; 613 } 614 615 error_unlock: 616 release_sock(&rx->sk); 617 out: 618 _leave(" = %d", ret); 619 return ret; 620 } 621 622 /* 623 * set RxRPC socket options 624 */ 625 static int rxrpc_setsockopt(struct socket *sock, int level, int optname, 626 char __user *optval, unsigned int optlen) 627 { 628 struct rxrpc_sock *rx = rxrpc_sk(sock->sk); 629 unsigned int min_sec_level; 630 u16 service_upgrade[2]; 631 int ret; 632 633 _enter(",%d,%d,,%d", level, optname, optlen); 634 635 lock_sock(&rx->sk); 636 ret = -EOPNOTSUPP; 637 638 if (level == SOL_RXRPC) { 639 switch (optname) { 640 case RXRPC_EXCLUSIVE_CONNECTION: 641 ret = -EINVAL; 642 if (optlen != 0) 643 goto error; 644 ret = -EISCONN; 645 if (rx->sk.sk_state != RXRPC_UNBOUND) 646 goto error; 647 rx->exclusive = true; 648 goto success; 649 650 case RXRPC_SECURITY_KEY: 651 ret = -EINVAL; 652 if (rx->key) 653 goto error; 654 ret = -EISCONN; 655 if (rx->sk.sk_state != RXRPC_UNBOUND) 656 goto error; 657 ret = rxrpc_request_key(rx, optval, optlen); 658 goto error; 659 660 case RXRPC_SECURITY_KEYRING: 661 ret = -EINVAL; 662 if (rx->key) 663 goto error; 664 ret = -EISCONN; 665 if (rx->sk.sk_state != RXRPC_UNBOUND) 666 goto error; 667 ret = rxrpc_server_keyring(rx, optval, optlen); 668 goto error; 669 670 case RXRPC_MIN_SECURITY_LEVEL: 671 ret = -EINVAL; 672 if (optlen != sizeof(unsigned int)) 673 goto error; 674 ret = -EISCONN; 675 if (rx->sk.sk_state != RXRPC_UNBOUND) 676 goto error; 677 ret = get_user(min_sec_level, 678 (unsigned int __user *) optval); 679 if (ret < 0) 680 goto error; 681 ret = -EINVAL; 682 if (min_sec_level > RXRPC_SECURITY_MAX) 683 goto error; 684 rx->min_sec_level = min_sec_level; 685 goto success; 686 687 case RXRPC_UPGRADEABLE_SERVICE: 688 ret = -EINVAL; 689 if (optlen != sizeof(service_upgrade) || 690 rx->service_upgrade.from != 0) 691 goto error; 692 ret = -EISCONN; 693 if (rx->sk.sk_state != RXRPC_SERVER_BOUND2) 694 goto error; 695 ret = -EFAULT; 696 if (copy_from_user(service_upgrade, optval, 697 sizeof(service_upgrade)) != 0) 698 goto error; 699 ret = -EINVAL; 700 if ((service_upgrade[0] != rx->srx.srx_service || 701 service_upgrade[1] != rx->second_service) && 702 (service_upgrade[0] != rx->second_service || 703 service_upgrade[1] != rx->srx.srx_service)) 704 goto error; 705 rx->service_upgrade.from = service_upgrade[0]; 706 rx->service_upgrade.to = service_upgrade[1]; 707 goto success; 708 709 default: 710 break; 711 } 712 } 713 714 success: 715 ret = 0; 716 error: 717 release_sock(&rx->sk); 718 return ret; 719 } 720 721 /* 722 * Get socket options. 723 */ 724 static int rxrpc_getsockopt(struct socket *sock, int level, int optname, 725 char __user *optval, int __user *_optlen) 726 { 727 int optlen; 728 729 if (level != SOL_RXRPC) 730 return -EOPNOTSUPP; 731 732 if (get_user(optlen, _optlen)) 733 return -EFAULT; 734 735 switch (optname) { 736 case RXRPC_SUPPORTED_CMSG: 737 if (optlen < sizeof(int)) 738 return -ETOOSMALL; 739 if (put_user(RXRPC__SUPPORTED - 1, (int __user *)optval) || 740 put_user(sizeof(int), _optlen)) 741 return -EFAULT; 742 return 0; 743 744 default: 745 return -EOPNOTSUPP; 746 } 747 } 748 749 /* 750 * permit an RxRPC socket to be polled 751 */ 752 static __poll_t rxrpc_poll(struct file *file, struct socket *sock, 753 poll_table *wait) 754 { 755 struct sock *sk = sock->sk; 756 struct rxrpc_sock *rx = rxrpc_sk(sk); 757 __poll_t mask; 758 759 sock_poll_wait(file, sock, wait); 760 mask = 0; 761 762 /* the socket is readable if there are any messages waiting on the Rx 763 * queue */ 764 if (!list_empty(&rx->recvmsg_q)) 765 mask |= EPOLLIN | EPOLLRDNORM; 766 767 /* the socket is writable if there is space to add new data to the 768 * socket; there is no guarantee that any particular call in progress 769 * on the socket may have space in the Tx ACK window */ 770 if (rxrpc_writable(sk)) 771 mask |= EPOLLOUT | EPOLLWRNORM; 772 773 return mask; 774 } 775 776 /* 777 * create an RxRPC socket 778 */ 779 static int rxrpc_create(struct net *net, struct socket *sock, int protocol, 780 int kern) 781 { 782 struct rxrpc_net *rxnet; 783 struct rxrpc_sock *rx; 784 struct sock *sk; 785 786 _enter("%p,%d", sock, protocol); 787 788 /* we support transport protocol UDP/UDP6 only */ 789 if (protocol != PF_INET && 790 IS_ENABLED(CONFIG_AF_RXRPC_IPV6) && protocol != PF_INET6) 791 return -EPROTONOSUPPORT; 792 793 if (sock->type != SOCK_DGRAM) 794 return -ESOCKTNOSUPPORT; 795 796 sock->ops = &rxrpc_rpc_ops; 797 sock->state = SS_UNCONNECTED; 798 799 sk = sk_alloc(net, PF_RXRPC, GFP_KERNEL, &rxrpc_proto, kern); 800 if (!sk) 801 return -ENOMEM; 802 803 sock_init_data(sock, sk); 804 sock_set_flag(sk, SOCK_RCU_FREE); 805 sk->sk_state = RXRPC_UNBOUND; 806 sk->sk_write_space = rxrpc_write_space; 807 sk->sk_max_ack_backlog = 0; 808 sk->sk_destruct = rxrpc_sock_destructor; 809 810 rx = rxrpc_sk(sk); 811 rx->family = protocol; 812 rx->calls = RB_ROOT; 813 814 spin_lock_init(&rx->incoming_lock); 815 INIT_LIST_HEAD(&rx->sock_calls); 816 INIT_LIST_HEAD(&rx->to_be_accepted); 817 INIT_LIST_HEAD(&rx->recvmsg_q); 818 rwlock_init(&rx->recvmsg_lock); 819 rwlock_init(&rx->call_lock); 820 memset(&rx->srx, 0, sizeof(rx->srx)); 821 822 rxnet = rxrpc_net(sock_net(&rx->sk)); 823 timer_reduce(&rxnet->peer_keepalive_timer, jiffies + 1); 824 825 _leave(" = 0 [%p]", rx); 826 return 0; 827 } 828 829 /* 830 * Kill all the calls on a socket and shut it down. 831 */ 832 static int rxrpc_shutdown(struct socket *sock, int flags) 833 { 834 struct sock *sk = sock->sk; 835 struct rxrpc_sock *rx = rxrpc_sk(sk); 836 int ret = 0; 837 838 _enter("%p,%d", sk, flags); 839 840 if (flags != SHUT_RDWR) 841 return -EOPNOTSUPP; 842 if (sk->sk_state == RXRPC_CLOSE) 843 return -ESHUTDOWN; 844 845 lock_sock(sk); 846 847 spin_lock_bh(&sk->sk_receive_queue.lock); 848 if (sk->sk_state < RXRPC_CLOSE) { 849 sk->sk_state = RXRPC_CLOSE; 850 sk->sk_shutdown = SHUTDOWN_MASK; 851 } else { 852 ret = -ESHUTDOWN; 853 } 854 spin_unlock_bh(&sk->sk_receive_queue.lock); 855 856 rxrpc_discard_prealloc(rx); 857 858 release_sock(sk); 859 return ret; 860 } 861 862 /* 863 * RxRPC socket destructor 864 */ 865 static void rxrpc_sock_destructor(struct sock *sk) 866 { 867 _enter("%p", sk); 868 869 rxrpc_purge_queue(&sk->sk_receive_queue); 870 871 WARN_ON(refcount_read(&sk->sk_wmem_alloc)); 872 WARN_ON(!sk_unhashed(sk)); 873 WARN_ON(sk->sk_socket); 874 875 if (!sock_flag(sk, SOCK_DEAD)) { 876 printk("Attempt to release alive rxrpc socket: %p\n", sk); 877 return; 878 } 879 } 880 881 /* 882 * release an RxRPC socket 883 */ 884 static int rxrpc_release_sock(struct sock *sk) 885 { 886 struct rxrpc_sock *rx = rxrpc_sk(sk); 887 struct rxrpc_net *rxnet = rxrpc_net(sock_net(&rx->sk)); 888 889 _enter("%p{%d,%d}", sk, sk->sk_state, refcount_read(&sk->sk_refcnt)); 890 891 /* declare the socket closed for business */ 892 sock_orphan(sk); 893 sk->sk_shutdown = SHUTDOWN_MASK; 894 895 /* We want to kill off all connections from a service socket 896 * as fast as possible because we can't share these; client 897 * sockets, on the other hand, can share an endpoint. 898 */ 899 switch (sk->sk_state) { 900 case RXRPC_SERVER_BOUND: 901 case RXRPC_SERVER_BOUND2: 902 case RXRPC_SERVER_LISTENING: 903 case RXRPC_SERVER_LISTEN_DISABLED: 904 rx->local->service_closed = true; 905 break; 906 } 907 908 spin_lock_bh(&sk->sk_receive_queue.lock); 909 sk->sk_state = RXRPC_CLOSE; 910 spin_unlock_bh(&sk->sk_receive_queue.lock); 911 912 if (rx->local && rcu_access_pointer(rx->local->service) == rx) { 913 write_lock(&rx->local->services_lock); 914 rcu_assign_pointer(rx->local->service, NULL); 915 write_unlock(&rx->local->services_lock); 916 } 917 918 /* try to flush out this socket */ 919 rxrpc_discard_prealloc(rx); 920 rxrpc_release_calls_on_socket(rx); 921 flush_workqueue(rxrpc_workqueue); 922 rxrpc_purge_queue(&sk->sk_receive_queue); 923 rxrpc_queue_work(&rxnet->service_conn_reaper); 924 rxrpc_queue_work(&rxnet->client_conn_reaper); 925 926 rxrpc_put_local(rx->local); 927 rx->local = NULL; 928 key_put(rx->key); 929 rx->key = NULL; 930 key_put(rx->securities); 931 rx->securities = NULL; 932 sock_put(sk); 933 934 _leave(" = 0"); 935 return 0; 936 } 937 938 /* 939 * release an RxRPC BSD socket on close() or equivalent 940 */ 941 static int rxrpc_release(struct socket *sock) 942 { 943 struct sock *sk = sock->sk; 944 945 _enter("%p{%p}", sock, sk); 946 947 if (!sk) 948 return 0; 949 950 sock->sk = NULL; 951 952 return rxrpc_release_sock(sk); 953 } 954 955 /* 956 * RxRPC network protocol 957 */ 958 static const struct proto_ops rxrpc_rpc_ops = { 959 .family = PF_RXRPC, 960 .owner = THIS_MODULE, 961 .release = rxrpc_release, 962 .bind = rxrpc_bind, 963 .connect = rxrpc_connect, 964 .socketpair = sock_no_socketpair, 965 .accept = sock_no_accept, 966 .getname = sock_no_getname, 967 .poll = rxrpc_poll, 968 .ioctl = sock_no_ioctl, 969 .listen = rxrpc_listen, 970 .shutdown = rxrpc_shutdown, 971 .setsockopt = rxrpc_setsockopt, 972 .getsockopt = rxrpc_getsockopt, 973 .sendmsg = rxrpc_sendmsg, 974 .recvmsg = rxrpc_recvmsg, 975 .mmap = sock_no_mmap, 976 .sendpage = sock_no_sendpage, 977 }; 978 979 static struct proto rxrpc_proto = { 980 .name = "RXRPC", 981 .owner = THIS_MODULE, 982 .obj_size = sizeof(struct rxrpc_sock), 983 .max_header = sizeof(struct rxrpc_wire_header), 984 }; 985 986 static const struct net_proto_family rxrpc_family_ops = { 987 .family = PF_RXRPC, 988 .create = rxrpc_create, 989 .owner = THIS_MODULE, 990 }; 991 992 /* 993 * initialise and register the RxRPC protocol 994 */ 995 static int __init af_rxrpc_init(void) 996 { 997 int ret = -1; 998 unsigned int tmp; 999 1000 BUILD_BUG_ON(sizeof(struct rxrpc_skb_priv) > FIELD_SIZEOF(struct sk_buff, cb)); 1001 1002 get_random_bytes(&tmp, sizeof(tmp)); 1003 tmp &= 0x3fffffff; 1004 if (tmp == 0) 1005 tmp = 1; 1006 idr_set_cursor(&rxrpc_client_conn_ids, tmp); 1007 1008 ret = -ENOMEM; 1009 rxrpc_call_jar = kmem_cache_create( 1010 "rxrpc_call_jar", sizeof(struct rxrpc_call), 0, 1011 SLAB_HWCACHE_ALIGN, NULL); 1012 if (!rxrpc_call_jar) { 1013 pr_notice("Failed to allocate call jar\n"); 1014 goto error_call_jar; 1015 } 1016 1017 rxrpc_workqueue = alloc_workqueue("krxrpcd", 0, 1); 1018 if (!rxrpc_workqueue) { 1019 pr_notice("Failed to allocate work queue\n"); 1020 goto error_work_queue; 1021 } 1022 1023 ret = rxrpc_init_security(); 1024 if (ret < 0) { 1025 pr_crit("Cannot initialise security\n"); 1026 goto error_security; 1027 } 1028 1029 ret = register_pernet_subsys(&rxrpc_net_ops); 1030 if (ret) 1031 goto error_pernet; 1032 1033 ret = proto_register(&rxrpc_proto, 1); 1034 if (ret < 0) { 1035 pr_crit("Cannot register protocol\n"); 1036 goto error_proto; 1037 } 1038 1039 ret = sock_register(&rxrpc_family_ops); 1040 if (ret < 0) { 1041 pr_crit("Cannot register socket family\n"); 1042 goto error_sock; 1043 } 1044 1045 ret = register_key_type(&key_type_rxrpc); 1046 if (ret < 0) { 1047 pr_crit("Cannot register client key type\n"); 1048 goto error_key_type; 1049 } 1050 1051 ret = register_key_type(&key_type_rxrpc_s); 1052 if (ret < 0) { 1053 pr_crit("Cannot register server key type\n"); 1054 goto error_key_type_s; 1055 } 1056 1057 ret = rxrpc_sysctl_init(); 1058 if (ret < 0) { 1059 pr_crit("Cannot register sysctls\n"); 1060 goto error_sysctls; 1061 } 1062 1063 return 0; 1064 1065 error_sysctls: 1066 unregister_key_type(&key_type_rxrpc_s); 1067 error_key_type_s: 1068 unregister_key_type(&key_type_rxrpc); 1069 error_key_type: 1070 sock_unregister(PF_RXRPC); 1071 error_sock: 1072 proto_unregister(&rxrpc_proto); 1073 error_proto: 1074 unregister_pernet_subsys(&rxrpc_net_ops); 1075 error_pernet: 1076 rxrpc_exit_security(); 1077 error_security: 1078 destroy_workqueue(rxrpc_workqueue); 1079 error_work_queue: 1080 kmem_cache_destroy(rxrpc_call_jar); 1081 error_call_jar: 1082 return ret; 1083 } 1084 1085 /* 1086 * unregister the RxRPC protocol 1087 */ 1088 static void __exit af_rxrpc_exit(void) 1089 { 1090 _enter(""); 1091 rxrpc_sysctl_exit(); 1092 unregister_key_type(&key_type_rxrpc_s); 1093 unregister_key_type(&key_type_rxrpc); 1094 sock_unregister(PF_RXRPC); 1095 proto_unregister(&rxrpc_proto); 1096 unregister_pernet_subsys(&rxrpc_net_ops); 1097 ASSERTCMP(atomic_read(&rxrpc_n_tx_skbs), ==, 0); 1098 ASSERTCMP(atomic_read(&rxrpc_n_rx_skbs), ==, 0); 1099 1100 /* Make sure the local and peer records pinned by any dying connections 1101 * are released. 1102 */ 1103 rcu_barrier(); 1104 rxrpc_destroy_client_conn_ids(); 1105 1106 destroy_workqueue(rxrpc_workqueue); 1107 rxrpc_exit_security(); 1108 kmem_cache_destroy(rxrpc_call_jar); 1109 _leave(""); 1110 } 1111 1112 module_init(af_rxrpc_init); 1113 module_exit(af_rxrpc_exit); 1114