1 /* connection-level event handling 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13 14 #include <linux/module.h> 15 #include <linux/net.h> 16 #include <linux/skbuff.h> 17 #include <linux/errqueue.h> 18 #include <linux/udp.h> 19 #include <linux/in.h> 20 #include <linux/in6.h> 21 #include <linux/icmp.h> 22 #include <net/sock.h> 23 #include <net/af_rxrpc.h> 24 #include <net/ip.h> 25 #include "ar-internal.h" 26 27 /* 28 * Retransmit terminal ACK or ABORT of the previous call. 29 */ 30 static void rxrpc_conn_retransmit(struct rxrpc_connection *conn, 31 struct sk_buff *skb) 32 { 33 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 34 struct rxrpc_channel *chan; 35 struct msghdr msg; 36 struct kvec iov; 37 struct { 38 struct rxrpc_wire_header whdr; 39 union { 40 struct { 41 __be32 code; 42 } abort; 43 struct { 44 struct rxrpc_ackpacket ack; 45 struct rxrpc_ackinfo info; 46 }; 47 }; 48 } __attribute__((packed)) pkt; 49 size_t len; 50 u32 serial, mtu, call_id; 51 52 _enter("%d", conn->debug_id); 53 54 chan = &conn->channels[sp->hdr.cid & RXRPC_CHANNELMASK]; 55 56 /* If the last call got moved on whilst we were waiting to run, just 57 * ignore this packet. 58 */ 59 call_id = READ_ONCE(chan->last_call); 60 /* Sync with __rxrpc_disconnect_call() */ 61 smp_rmb(); 62 if (call_id != sp->hdr.callNumber) 63 return; 64 65 msg.msg_name = &conn->params.peer->srx.transport; 66 msg.msg_namelen = conn->params.peer->srx.transport_len; 67 msg.msg_control = NULL; 68 msg.msg_controllen = 0; 69 msg.msg_flags = 0; 70 71 pkt.whdr.epoch = htonl(sp->hdr.epoch); 72 pkt.whdr.cid = htonl(sp->hdr.cid); 73 pkt.whdr.callNumber = htonl(sp->hdr.callNumber); 74 pkt.whdr.seq = 0; 75 pkt.whdr.type = chan->last_type; 76 pkt.whdr.flags = conn->out_clientflag; 77 pkt.whdr.userStatus = 0; 78 pkt.whdr.securityIndex = conn->security_ix; 79 pkt.whdr._rsvd = 0; 80 pkt.whdr.serviceId = htons(chan->last_service_id); 81 82 len = sizeof(pkt.whdr); 83 switch (chan->last_type) { 84 case RXRPC_PACKET_TYPE_ABORT: 85 pkt.abort.code = htonl(chan->last_abort); 86 len += sizeof(pkt.abort); 87 break; 88 89 case RXRPC_PACKET_TYPE_ACK: 90 mtu = conn->params.peer->if_mtu; 91 mtu -= conn->params.peer->hdrsize; 92 pkt.ack.bufferSpace = 0; 93 pkt.ack.maxSkew = htons(skb->priority); 94 pkt.ack.firstPacket = htonl(chan->last_seq); 95 pkt.ack.previousPacket = htonl(chan->last_seq - 1); 96 pkt.ack.serial = htonl(sp->hdr.serial); 97 pkt.ack.reason = RXRPC_ACK_DUPLICATE; 98 pkt.ack.nAcks = 0; 99 pkt.info.rxMTU = htonl(rxrpc_rx_mtu); 100 pkt.info.maxMTU = htonl(mtu); 101 pkt.info.rwind = htonl(rxrpc_rx_window_size); 102 pkt.info.jumbo_max = htonl(rxrpc_rx_jumbo_max); 103 len += sizeof(pkt.ack) + sizeof(pkt.info); 104 break; 105 } 106 107 /* Resync with __rxrpc_disconnect_call() and check that the last call 108 * didn't get advanced whilst we were filling out the packets. 109 */ 110 smp_rmb(); 111 if (READ_ONCE(chan->last_call) != call_id) 112 return; 113 114 iov.iov_base = &pkt; 115 iov.iov_len = len; 116 117 serial = atomic_inc_return(&conn->serial); 118 pkt.whdr.serial = htonl(serial); 119 120 switch (chan->last_type) { 121 case RXRPC_PACKET_TYPE_ABORT: 122 _proto("Tx ABORT %%%u { %d } [re]", serial, conn->local_abort); 123 break; 124 case RXRPC_PACKET_TYPE_ACK: 125 _proto("Tx ACK %%%u [re]", serial); 126 break; 127 } 128 129 kernel_sendmsg(conn->params.local->socket, &msg, &iov, 1, len); 130 _leave(""); 131 return; 132 } 133 134 /* 135 * pass a connection-level abort onto all calls on that connection 136 */ 137 static void rxrpc_abort_calls(struct rxrpc_connection *conn, int state, 138 u32 abort_code) 139 { 140 struct rxrpc_call *call; 141 int i; 142 143 _enter("{%d},%x", conn->debug_id, abort_code); 144 145 spin_lock(&conn->channel_lock); 146 147 for (i = 0; i < RXRPC_MAXCALLS; i++) { 148 call = rcu_dereference_protected( 149 conn->channels[i].call, 150 lockdep_is_held(&conn->channel_lock)); 151 write_lock_bh(&call->state_lock); 152 if (call->state <= RXRPC_CALL_COMPLETE) { 153 call->state = state; 154 if (state == RXRPC_CALL_LOCALLY_ABORTED) { 155 call->local_abort = conn->local_abort; 156 set_bit(RXRPC_CALL_EV_CONN_ABORT, &call->events); 157 } else { 158 call->remote_abort = conn->remote_abort; 159 set_bit(RXRPC_CALL_EV_RCVD_ABORT, &call->events); 160 } 161 rxrpc_queue_call(call); 162 } 163 write_unlock_bh(&call->state_lock); 164 } 165 166 spin_unlock(&conn->channel_lock); 167 _leave(""); 168 } 169 170 /* 171 * generate a connection-level abort 172 */ 173 static int rxrpc_abort_connection(struct rxrpc_connection *conn, 174 u32 error, u32 abort_code) 175 { 176 struct rxrpc_wire_header whdr; 177 struct msghdr msg; 178 struct kvec iov[2]; 179 __be32 word; 180 size_t len; 181 u32 serial; 182 int ret; 183 184 _enter("%d,,%u,%u", conn->debug_id, error, abort_code); 185 186 /* generate a connection-level abort */ 187 spin_lock_bh(&conn->state_lock); 188 if (conn->state < RXRPC_CONN_REMOTELY_ABORTED) { 189 conn->state = RXRPC_CONN_LOCALLY_ABORTED; 190 conn->error = error; 191 spin_unlock_bh(&conn->state_lock); 192 } else { 193 spin_unlock_bh(&conn->state_lock); 194 _leave(" = 0 [already dead]"); 195 return 0; 196 } 197 198 rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, abort_code); 199 200 msg.msg_name = &conn->params.peer->srx.transport; 201 msg.msg_namelen = conn->params.peer->srx.transport_len; 202 msg.msg_control = NULL; 203 msg.msg_controllen = 0; 204 msg.msg_flags = 0; 205 206 whdr.epoch = htonl(conn->proto.epoch); 207 whdr.cid = htonl(conn->proto.cid); 208 whdr.callNumber = 0; 209 whdr.seq = 0; 210 whdr.type = RXRPC_PACKET_TYPE_ABORT; 211 whdr.flags = conn->out_clientflag; 212 whdr.userStatus = 0; 213 whdr.securityIndex = conn->security_ix; 214 whdr._rsvd = 0; 215 whdr.serviceId = htons(conn->params.service_id); 216 217 word = htonl(conn->local_abort); 218 219 iov[0].iov_base = &whdr; 220 iov[0].iov_len = sizeof(whdr); 221 iov[1].iov_base = &word; 222 iov[1].iov_len = sizeof(word); 223 224 len = iov[0].iov_len + iov[1].iov_len; 225 226 serial = atomic_inc_return(&conn->serial); 227 whdr.serial = htonl(serial); 228 _proto("Tx CONN ABORT %%%u { %d }", serial, conn->local_abort); 229 230 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len); 231 if (ret < 0) { 232 _debug("sendmsg failed: %d", ret); 233 return -EAGAIN; 234 } 235 236 _leave(" = 0"); 237 return 0; 238 } 239 240 /* 241 * mark a call as being on a now-secured channel 242 * - must be called with softirqs disabled 243 */ 244 static void rxrpc_call_is_secure(struct rxrpc_call *call) 245 { 246 _enter("%p", call); 247 if (call) { 248 read_lock(&call->state_lock); 249 if (call->state < RXRPC_CALL_COMPLETE && 250 !test_and_set_bit(RXRPC_CALL_EV_SECURED, &call->events)) 251 rxrpc_queue_call(call); 252 read_unlock(&call->state_lock); 253 } 254 } 255 256 /* 257 * connection-level Rx packet processor 258 */ 259 static int rxrpc_process_event(struct rxrpc_connection *conn, 260 struct sk_buff *skb, 261 u32 *_abort_code) 262 { 263 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 264 __be32 wtmp; 265 u32 abort_code; 266 int loop, ret; 267 268 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) { 269 kleave(" = -ECONNABORTED [%u]", conn->state); 270 return -ECONNABORTED; 271 } 272 273 _enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial); 274 275 switch (sp->hdr.type) { 276 case RXRPC_PACKET_TYPE_DATA: 277 case RXRPC_PACKET_TYPE_ACK: 278 rxrpc_conn_retransmit(conn, skb); 279 rxrpc_free_skb(skb); 280 return 0; 281 282 case RXRPC_PACKET_TYPE_ABORT: 283 if (skb_copy_bits(skb, 0, &wtmp, sizeof(wtmp)) < 0) 284 return -EPROTO; 285 abort_code = ntohl(wtmp); 286 _proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code); 287 288 conn->state = RXRPC_CONN_REMOTELY_ABORTED; 289 rxrpc_abort_calls(conn, RXRPC_CALL_REMOTELY_ABORTED, 290 abort_code); 291 return -ECONNABORTED; 292 293 case RXRPC_PACKET_TYPE_CHALLENGE: 294 return conn->security->respond_to_challenge(conn, skb, 295 _abort_code); 296 297 case RXRPC_PACKET_TYPE_RESPONSE: 298 ret = conn->security->verify_response(conn, skb, _abort_code); 299 if (ret < 0) 300 return ret; 301 302 ret = conn->security->init_connection_security(conn); 303 if (ret < 0) 304 return ret; 305 306 ret = conn->security->prime_packet_security(conn); 307 if (ret < 0) 308 return ret; 309 310 spin_lock(&conn->channel_lock); 311 spin_lock(&conn->state_lock); 312 313 if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) { 314 conn->state = RXRPC_CONN_SERVICE; 315 for (loop = 0; loop < RXRPC_MAXCALLS; loop++) 316 rxrpc_call_is_secure( 317 rcu_dereference_protected( 318 conn->channels[loop].call, 319 lockdep_is_held(&conn->channel_lock))); 320 } 321 322 spin_unlock(&conn->state_lock); 323 spin_unlock(&conn->channel_lock); 324 return 0; 325 326 default: 327 _leave(" = -EPROTO [%u]", sp->hdr.type); 328 return -EPROTO; 329 } 330 } 331 332 /* 333 * set up security and issue a challenge 334 */ 335 static void rxrpc_secure_connection(struct rxrpc_connection *conn) 336 { 337 u32 abort_code; 338 int ret; 339 340 _enter("{%d}", conn->debug_id); 341 342 ASSERT(conn->security_ix != 0); 343 344 if (!conn->params.key) { 345 _debug("set up security"); 346 ret = rxrpc_init_server_conn_security(conn); 347 switch (ret) { 348 case 0: 349 break; 350 case -ENOENT: 351 abort_code = RX_CALL_DEAD; 352 goto abort; 353 default: 354 abort_code = RXKADNOAUTH; 355 goto abort; 356 } 357 } 358 359 if (conn->security->issue_challenge(conn) < 0) { 360 abort_code = RX_CALL_DEAD; 361 ret = -ENOMEM; 362 goto abort; 363 } 364 365 _leave(""); 366 return; 367 368 abort: 369 _debug("abort %d, %d", ret, abort_code); 370 rxrpc_abort_connection(conn, -ret, abort_code); 371 _leave(" [aborted]"); 372 } 373 374 /* 375 * connection-level event processor 376 */ 377 void rxrpc_process_connection(struct work_struct *work) 378 { 379 struct rxrpc_connection *conn = 380 container_of(work, struct rxrpc_connection, processor); 381 struct sk_buff *skb; 382 u32 abort_code = RX_PROTOCOL_ERROR; 383 int ret; 384 385 _enter("{%d}", conn->debug_id); 386 387 if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events)) 388 rxrpc_secure_connection(conn); 389 390 /* go through the conn-level event packets, releasing the ref on this 391 * connection that each one has when we've finished with it */ 392 while ((skb = skb_dequeue(&conn->rx_queue))) { 393 rxrpc_see_skb(skb); 394 ret = rxrpc_process_event(conn, skb, &abort_code); 395 switch (ret) { 396 case -EPROTO: 397 case -EKEYEXPIRED: 398 case -EKEYREJECTED: 399 goto protocol_error; 400 case -EAGAIN: 401 goto requeue_and_leave; 402 case -ECONNABORTED: 403 default: 404 rxrpc_free_skb(skb); 405 break; 406 } 407 } 408 409 out: 410 rxrpc_put_connection(conn); 411 _leave(""); 412 return; 413 414 requeue_and_leave: 415 skb_queue_head(&conn->rx_queue, skb); 416 goto out; 417 418 protocol_error: 419 if (rxrpc_abort_connection(conn, -ret, abort_code) < 0) 420 goto requeue_and_leave; 421 rxrpc_free_skb(skb); 422 _leave(" [EPROTO]"); 423 goto out; 424 } 425 426 /* 427 * put a packet up for transport-level abort 428 */ 429 void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb) 430 { 431 CHECK_SLAB_OKAY(&local->usage); 432 433 skb_queue_tail(&local->reject_queue, skb); 434 rxrpc_queue_local(local); 435 } 436 437 /* 438 * reject packets through the local endpoint 439 */ 440 void rxrpc_reject_packets(struct rxrpc_local *local) 441 { 442 union { 443 struct sockaddr sa; 444 struct sockaddr_in sin; 445 } sa; 446 struct rxrpc_skb_priv *sp; 447 struct rxrpc_wire_header whdr; 448 struct sk_buff *skb; 449 struct msghdr msg; 450 struct kvec iov[2]; 451 size_t size; 452 __be32 code; 453 454 _enter("%d", local->debug_id); 455 456 iov[0].iov_base = &whdr; 457 iov[0].iov_len = sizeof(whdr); 458 iov[1].iov_base = &code; 459 iov[1].iov_len = sizeof(code); 460 size = sizeof(whdr) + sizeof(code); 461 462 msg.msg_name = &sa; 463 msg.msg_control = NULL; 464 msg.msg_controllen = 0; 465 msg.msg_flags = 0; 466 467 memset(&sa, 0, sizeof(sa)); 468 sa.sa.sa_family = local->srx.transport.family; 469 switch (sa.sa.sa_family) { 470 case AF_INET: 471 msg.msg_namelen = sizeof(sa.sin); 472 break; 473 default: 474 msg.msg_namelen = 0; 475 break; 476 } 477 478 memset(&whdr, 0, sizeof(whdr)); 479 whdr.type = RXRPC_PACKET_TYPE_ABORT; 480 481 while ((skb = skb_dequeue(&local->reject_queue))) { 482 rxrpc_see_skb(skb); 483 sp = rxrpc_skb(skb); 484 switch (sa.sa.sa_family) { 485 case AF_INET: 486 sa.sin.sin_port = udp_hdr(skb)->source; 487 sa.sin.sin_addr.s_addr = ip_hdr(skb)->saddr; 488 code = htonl(skb->priority); 489 490 whdr.epoch = htonl(sp->hdr.epoch); 491 whdr.cid = htonl(sp->hdr.cid); 492 whdr.callNumber = htonl(sp->hdr.callNumber); 493 whdr.serviceId = htons(sp->hdr.serviceId); 494 whdr.flags = sp->hdr.flags; 495 whdr.flags ^= RXRPC_CLIENT_INITIATED; 496 whdr.flags &= RXRPC_CLIENT_INITIATED; 497 498 kernel_sendmsg(local->socket, &msg, iov, 2, size); 499 break; 500 501 default: 502 break; 503 } 504 505 rxrpc_free_skb(skb); 506 } 507 508 _leave(""); 509 } 510