1 /* incoming call handling 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13 14 #include <linux/module.h> 15 #include <linux/net.h> 16 #include <linux/skbuff.h> 17 #include <linux/errqueue.h> 18 #include <linux/udp.h> 19 #include <linux/in.h> 20 #include <linux/in6.h> 21 #include <linux/icmp.h> 22 #include <linux/gfp.h> 23 #include <net/sock.h> 24 #include <net/af_rxrpc.h> 25 #include <net/ip.h> 26 #include "ar-internal.h" 27 28 /* 29 * generate a connection-level abort 30 */ 31 static int rxrpc_busy(struct rxrpc_local *local, struct sockaddr_rxrpc *srx, 32 struct rxrpc_wire_header *whdr) 33 { 34 struct msghdr msg; 35 struct kvec iov[1]; 36 size_t len; 37 int ret; 38 39 _enter("%d,,", local->debug_id); 40 41 whdr->type = RXRPC_PACKET_TYPE_BUSY; 42 whdr->serial = htonl(1); 43 44 msg.msg_name = &srx->transport.sin; 45 msg.msg_namelen = sizeof(srx->transport.sin); 46 msg.msg_control = NULL; 47 msg.msg_controllen = 0; 48 msg.msg_flags = 0; 49 50 iov[0].iov_base = whdr; 51 iov[0].iov_len = sizeof(*whdr); 52 53 len = iov[0].iov_len; 54 55 _proto("Tx BUSY %%1"); 56 57 ret = kernel_sendmsg(local->socket, &msg, iov, 1, len); 58 if (ret < 0) { 59 _leave(" = -EAGAIN [sendmsg failed: %d]", ret); 60 return -EAGAIN; 61 } 62 63 _leave(" = 0"); 64 return 0; 65 } 66 67 /* 68 * accept an incoming call that needs peer, transport and/or connection setting 69 * up 70 */ 71 static int rxrpc_accept_incoming_call(struct rxrpc_local *local, 72 struct rxrpc_sock *rx, 73 struct sk_buff *skb, 74 struct sockaddr_rxrpc *srx) 75 { 76 struct rxrpc_connection *conn; 77 struct rxrpc_skb_priv *sp, *nsp; 78 struct rxrpc_call *call; 79 struct sk_buff *notification; 80 int ret; 81 82 _enter(""); 83 84 sp = rxrpc_skb(skb); 85 86 /* get a notification message to send to the server app */ 87 notification = alloc_skb(0, GFP_NOFS); 88 if (!notification) { 89 _debug("no memory"); 90 ret = -ENOMEM; 91 goto error_nofree; 92 } 93 rxrpc_new_skb(notification); 94 notification->mark = RXRPC_SKB_MARK_NEW_CALL; 95 96 conn = rxrpc_incoming_connection(local, srx, skb); 97 if (IS_ERR(conn)) { 98 _debug("no conn"); 99 ret = PTR_ERR(conn); 100 goto error; 101 } 102 103 call = rxrpc_incoming_call(rx, conn, skb); 104 rxrpc_put_connection(conn); 105 if (IS_ERR(call)) { 106 _debug("no call"); 107 ret = PTR_ERR(call); 108 goto error; 109 } 110 111 /* attach the call to the socket */ 112 read_lock_bh(&local->services_lock); 113 if (rx->sk.sk_state == RXRPC_CLOSE) 114 goto invalid_service; 115 116 write_lock(&rx->call_lock); 117 if (!test_and_set_bit(RXRPC_CALL_INIT_ACCEPT, &call->flags)) { 118 rxrpc_get_call(call); 119 120 spin_lock(&call->conn->state_lock); 121 if (sp->hdr.securityIndex > 0 && 122 call->conn->state == RXRPC_CONN_SERVICE_UNSECURED) { 123 _debug("await conn sec"); 124 list_add_tail(&call->accept_link, &rx->secureq); 125 call->conn->state = RXRPC_CONN_SERVICE_CHALLENGING; 126 set_bit(RXRPC_CONN_EV_CHALLENGE, &call->conn->events); 127 rxrpc_queue_conn(call->conn); 128 } else { 129 _debug("conn ready"); 130 call->state = RXRPC_CALL_SERVER_ACCEPTING; 131 list_add_tail(&call->accept_link, &rx->acceptq); 132 rxrpc_get_call(call); 133 atomic_inc(&call->skb_count); 134 nsp = rxrpc_skb(notification); 135 nsp->call = call; 136 137 ASSERTCMP(atomic_read(&call->usage), >=, 3); 138 139 _debug("notify"); 140 spin_lock(&call->lock); 141 ret = rxrpc_queue_rcv_skb(call, notification, true, 142 false); 143 spin_unlock(&call->lock); 144 notification = NULL; 145 BUG_ON(ret < 0); 146 } 147 spin_unlock(&call->conn->state_lock); 148 149 _debug("queued"); 150 } 151 write_unlock(&rx->call_lock); 152 153 _debug("process"); 154 rxrpc_fast_process_packet(call, skb); 155 156 _debug("done"); 157 read_unlock_bh(&local->services_lock); 158 rxrpc_free_skb(notification); 159 rxrpc_put_call(call); 160 _leave(" = 0"); 161 return 0; 162 163 invalid_service: 164 _debug("invalid"); 165 read_unlock_bh(&local->services_lock); 166 167 read_lock_bh(&call->state_lock); 168 if (!test_bit(RXRPC_CALL_RELEASED, &call->flags) && 169 !test_and_set_bit(RXRPC_CALL_EV_RELEASE, &call->events)) { 170 rxrpc_get_call(call); 171 rxrpc_queue_call(call); 172 } 173 read_unlock_bh(&call->state_lock); 174 rxrpc_put_call(call); 175 ret = -ECONNREFUSED; 176 error: 177 rxrpc_free_skb(notification); 178 error_nofree: 179 _leave(" = %d", ret); 180 return ret; 181 } 182 183 /* 184 * accept incoming calls that need peer, transport and/or connection setting up 185 * - the packets we get are all incoming client DATA packets that have seq == 1 186 */ 187 void rxrpc_accept_incoming_calls(struct rxrpc_local *local) 188 { 189 struct rxrpc_skb_priv *sp; 190 struct sockaddr_rxrpc srx; 191 struct rxrpc_sock *rx; 192 struct rxrpc_wire_header whdr; 193 struct sk_buff *skb; 194 int ret; 195 196 _enter("%d", local->debug_id); 197 198 skb = skb_dequeue(&local->accept_queue); 199 if (!skb) { 200 _leave("\n"); 201 return; 202 } 203 204 _net("incoming call skb %p", skb); 205 206 sp = rxrpc_skb(skb); 207 208 /* Set up a response packet header in case we need it */ 209 whdr.epoch = htonl(sp->hdr.epoch); 210 whdr.cid = htonl(sp->hdr.cid); 211 whdr.callNumber = htonl(sp->hdr.callNumber); 212 whdr.seq = htonl(sp->hdr.seq); 213 whdr.serial = 0; 214 whdr.flags = 0; 215 whdr.type = 0; 216 whdr.userStatus = 0; 217 whdr.securityIndex = sp->hdr.securityIndex; 218 whdr._rsvd = 0; 219 whdr.serviceId = htons(sp->hdr.serviceId); 220 221 if (rxrpc_extract_addr_from_skb(&srx, skb) < 0) 222 goto drop; 223 224 /* get the socket providing the service */ 225 read_lock_bh(&local->services_lock); 226 list_for_each_entry(rx, &local->services, listen_link) { 227 if (rx->srx.srx_service == sp->hdr.serviceId && 228 rx->sk.sk_state != RXRPC_CLOSE) 229 goto found_service; 230 } 231 read_unlock_bh(&local->services_lock); 232 goto invalid_service; 233 234 found_service: 235 _debug("found service %hd", rx->srx.srx_service); 236 if (sk_acceptq_is_full(&rx->sk)) 237 goto backlog_full; 238 sk_acceptq_added(&rx->sk); 239 sock_hold(&rx->sk); 240 read_unlock_bh(&local->services_lock); 241 242 ret = rxrpc_accept_incoming_call(local, rx, skb, &srx); 243 if (ret < 0) 244 sk_acceptq_removed(&rx->sk); 245 sock_put(&rx->sk); 246 switch (ret) { 247 case -ECONNRESET: /* old calls are ignored */ 248 case -ECONNABORTED: /* aborted calls are reaborted or ignored */ 249 case 0: 250 return; 251 case -ECONNREFUSED: 252 goto invalid_service; 253 case -EBUSY: 254 goto busy; 255 case -EKEYREJECTED: 256 goto security_mismatch; 257 default: 258 BUG(); 259 } 260 261 backlog_full: 262 read_unlock_bh(&local->services_lock); 263 busy: 264 rxrpc_busy(local, &srx, &whdr); 265 rxrpc_free_skb(skb); 266 return; 267 268 drop: 269 rxrpc_free_skb(skb); 270 return; 271 272 invalid_service: 273 skb->priority = RX_INVALID_OPERATION; 274 rxrpc_reject_packet(local, skb); 275 return; 276 277 /* can't change connection security type mid-flow */ 278 security_mismatch: 279 skb->priority = RX_PROTOCOL_ERROR; 280 rxrpc_reject_packet(local, skb); 281 return; 282 } 283 284 /* 285 * handle acceptance of a call by userspace 286 * - assign the user call ID to the call at the front of the queue 287 */ 288 struct rxrpc_call *rxrpc_accept_call(struct rxrpc_sock *rx, 289 unsigned long user_call_ID) 290 { 291 struct rxrpc_call *call; 292 struct rb_node *parent, **pp; 293 int ret; 294 295 _enter(",%lx", user_call_ID); 296 297 ASSERT(!irqs_disabled()); 298 299 write_lock(&rx->call_lock); 300 301 ret = -ENODATA; 302 if (list_empty(&rx->acceptq)) 303 goto out; 304 305 /* check the user ID isn't already in use */ 306 ret = -EBADSLT; 307 pp = &rx->calls.rb_node; 308 parent = NULL; 309 while (*pp) { 310 parent = *pp; 311 call = rb_entry(parent, struct rxrpc_call, sock_node); 312 313 if (user_call_ID < call->user_call_ID) 314 pp = &(*pp)->rb_left; 315 else if (user_call_ID > call->user_call_ID) 316 pp = &(*pp)->rb_right; 317 else 318 goto out; 319 } 320 321 /* dequeue the first call and check it's still valid */ 322 call = list_entry(rx->acceptq.next, struct rxrpc_call, accept_link); 323 list_del_init(&call->accept_link); 324 sk_acceptq_removed(&rx->sk); 325 326 write_lock_bh(&call->state_lock); 327 switch (call->state) { 328 case RXRPC_CALL_SERVER_ACCEPTING: 329 call->state = RXRPC_CALL_SERVER_RECV_REQUEST; 330 break; 331 case RXRPC_CALL_REMOTELY_ABORTED: 332 case RXRPC_CALL_LOCALLY_ABORTED: 333 ret = -ECONNABORTED; 334 goto out_release; 335 case RXRPC_CALL_NETWORK_ERROR: 336 ret = call->conn->error; 337 goto out_release; 338 case RXRPC_CALL_DEAD: 339 ret = -ETIME; 340 goto out_discard; 341 default: 342 BUG(); 343 } 344 345 /* formalise the acceptance */ 346 call->user_call_ID = user_call_ID; 347 rb_link_node(&call->sock_node, parent, pp); 348 rb_insert_color(&call->sock_node, &rx->calls); 349 if (test_and_set_bit(RXRPC_CALL_HAS_USERID, &call->flags)) 350 BUG(); 351 if (test_and_set_bit(RXRPC_CALL_EV_ACCEPTED, &call->events)) 352 BUG(); 353 rxrpc_queue_call(call); 354 355 rxrpc_get_call(call); 356 write_unlock_bh(&call->state_lock); 357 write_unlock(&rx->call_lock); 358 _leave(" = %p{%d}", call, call->debug_id); 359 return call; 360 361 /* if the call is already dying or dead, then we leave the socket's ref 362 * on it to be released by rxrpc_dead_call_expired() as induced by 363 * rxrpc_release_call() */ 364 out_release: 365 _debug("release %p", call); 366 if (!test_bit(RXRPC_CALL_RELEASED, &call->flags) && 367 !test_and_set_bit(RXRPC_CALL_EV_RELEASE, &call->events)) 368 rxrpc_queue_call(call); 369 out_discard: 370 write_unlock_bh(&call->state_lock); 371 _debug("discard %p", call); 372 out: 373 write_unlock(&rx->call_lock); 374 _leave(" = %d", ret); 375 return ERR_PTR(ret); 376 } 377 378 /* 379 * Handle rejection of a call by userspace 380 * - reject the call at the front of the queue 381 */ 382 int rxrpc_reject_call(struct rxrpc_sock *rx) 383 { 384 struct rxrpc_call *call; 385 int ret; 386 387 _enter(""); 388 389 ASSERT(!irqs_disabled()); 390 391 write_lock(&rx->call_lock); 392 393 ret = -ENODATA; 394 if (list_empty(&rx->acceptq)) 395 goto out; 396 397 /* dequeue the first call and check it's still valid */ 398 call = list_entry(rx->acceptq.next, struct rxrpc_call, accept_link); 399 list_del_init(&call->accept_link); 400 sk_acceptq_removed(&rx->sk); 401 402 write_lock_bh(&call->state_lock); 403 switch (call->state) { 404 case RXRPC_CALL_SERVER_ACCEPTING: 405 call->state = RXRPC_CALL_SERVER_BUSY; 406 if (test_and_set_bit(RXRPC_CALL_EV_REJECT_BUSY, &call->events)) 407 rxrpc_queue_call(call); 408 ret = 0; 409 goto out_release; 410 case RXRPC_CALL_REMOTELY_ABORTED: 411 case RXRPC_CALL_LOCALLY_ABORTED: 412 ret = -ECONNABORTED; 413 goto out_release; 414 case RXRPC_CALL_NETWORK_ERROR: 415 ret = call->conn->error; 416 goto out_release; 417 case RXRPC_CALL_DEAD: 418 ret = -ETIME; 419 goto out_discard; 420 default: 421 BUG(); 422 } 423 424 /* if the call is already dying or dead, then we leave the socket's ref 425 * on it to be released by rxrpc_dead_call_expired() as induced by 426 * rxrpc_release_call() */ 427 out_release: 428 _debug("release %p", call); 429 if (!test_bit(RXRPC_CALL_RELEASED, &call->flags) && 430 !test_and_set_bit(RXRPC_CALL_EV_RELEASE, &call->events)) 431 rxrpc_queue_call(call); 432 out_discard: 433 write_unlock_bh(&call->state_lock); 434 _debug("discard %p", call); 435 out: 436 write_unlock(&rx->call_lock); 437 _leave(" = %d", ret); 438 return ret; 439 } 440 441 /** 442 * rxrpc_kernel_accept_call - Allow a kernel service to accept an incoming call 443 * @sock: The socket on which the impending call is waiting 444 * @user_call_ID: The tag to attach to the call 445 * 446 * Allow a kernel service to accept an incoming call, assuming the incoming 447 * call is still valid. 448 */ 449 struct rxrpc_call *rxrpc_kernel_accept_call(struct socket *sock, 450 unsigned long user_call_ID) 451 { 452 struct rxrpc_call *call; 453 454 _enter(",%lx", user_call_ID); 455 call = rxrpc_accept_call(rxrpc_sk(sock->sk), user_call_ID); 456 _leave(" = %p", call); 457 return call; 458 } 459 EXPORT_SYMBOL(rxrpc_kernel_accept_call); 460 461 /** 462 * rxrpc_kernel_reject_call - Allow a kernel service to reject an incoming call 463 * @sock: The socket on which the impending call is waiting 464 * 465 * Allow a kernel service to reject an incoming call with a BUSY message, 466 * assuming the incoming call is still valid. 467 */ 468 int rxrpc_kernel_reject_call(struct socket *sock) 469 { 470 int ret; 471 472 _enter(""); 473 ret = rxrpc_reject_call(rxrpc_sk(sock->sk)); 474 _leave(" = %d", ret); 475 return ret; 476 } 477 EXPORT_SYMBOL(rxrpc_kernel_reject_call); 478