1 /* connection-level event handling 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13 14 #include <linux/module.h> 15 #include <linux/net.h> 16 #include <linux/skbuff.h> 17 #include <linux/errqueue.h> 18 #include <linux/udp.h> 19 #include <linux/in.h> 20 #include <linux/in6.h> 21 #include <linux/icmp.h> 22 #include <net/sock.h> 23 #include <net/af_rxrpc.h> 24 #include <net/ip.h> 25 #include "ar-internal.h" 26 27 /* 28 * Retransmit terminal ACK or ABORT of the previous call. 29 */ 30 static void rxrpc_conn_retransmit(struct rxrpc_connection *conn, 31 struct sk_buff *skb) 32 { 33 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 34 struct rxrpc_channel *chan; 35 struct msghdr msg; 36 struct kvec iov; 37 struct { 38 struct rxrpc_wire_header whdr; 39 union { 40 struct { 41 __be32 code; 42 } abort; 43 struct { 44 struct rxrpc_ackpacket ack; 45 u8 padding[3]; 46 struct rxrpc_ackinfo info; 47 }; 48 }; 49 } __attribute__((packed)) pkt; 50 size_t len; 51 u32 serial, mtu, call_id; 52 53 _enter("%d", conn->debug_id); 54 55 chan = &conn->channels[sp->hdr.cid & RXRPC_CHANNELMASK]; 56 57 /* If the last call got moved on whilst we were waiting to run, just 58 * ignore this packet. 59 */ 60 call_id = READ_ONCE(chan->last_call); 61 /* Sync with __rxrpc_disconnect_call() */ 62 smp_rmb(); 63 if (call_id != sp->hdr.callNumber) 64 return; 65 66 msg.msg_name = &conn->params.peer->srx.transport; 67 msg.msg_namelen = conn->params.peer->srx.transport_len; 68 msg.msg_control = NULL; 69 msg.msg_controllen = 0; 70 msg.msg_flags = 0; 71 72 pkt.whdr.epoch = htonl(sp->hdr.epoch); 73 pkt.whdr.cid = htonl(sp->hdr.cid); 74 pkt.whdr.callNumber = htonl(sp->hdr.callNumber); 75 pkt.whdr.seq = 0; 76 pkt.whdr.type = chan->last_type; 77 pkt.whdr.flags = conn->out_clientflag; 78 pkt.whdr.userStatus = 0; 79 pkt.whdr.securityIndex = conn->security_ix; 80 pkt.whdr._rsvd = 0; 81 pkt.whdr.serviceId = htons(chan->last_service_id); 82 83 len = sizeof(pkt.whdr); 84 switch (chan->last_type) { 85 case RXRPC_PACKET_TYPE_ABORT: 86 pkt.abort.code = htonl(chan->last_abort); 87 len += sizeof(pkt.abort); 88 break; 89 90 case RXRPC_PACKET_TYPE_ACK: 91 mtu = conn->params.peer->if_mtu; 92 mtu -= conn->params.peer->hdrsize; 93 pkt.ack.bufferSpace = 0; 94 pkt.ack.maxSkew = htons(skb->priority); 95 pkt.ack.firstPacket = htonl(chan->last_seq); 96 pkt.ack.previousPacket = htonl(chan->last_seq - 1); 97 pkt.ack.serial = htonl(sp->hdr.serial); 98 pkt.ack.reason = RXRPC_ACK_DUPLICATE; 99 pkt.ack.nAcks = 0; 100 pkt.info.rxMTU = htonl(rxrpc_rx_mtu); 101 pkt.info.maxMTU = htonl(mtu); 102 pkt.info.rwind = htonl(rxrpc_rx_window_size); 103 pkt.info.jumbo_max = htonl(rxrpc_rx_jumbo_max); 104 len += sizeof(pkt.ack) + sizeof(pkt.info); 105 break; 106 } 107 108 /* Resync with __rxrpc_disconnect_call() and check that the last call 109 * didn't get advanced whilst we were filling out the packets. 110 */ 111 smp_rmb(); 112 if (READ_ONCE(chan->last_call) != call_id) 113 return; 114 115 iov.iov_base = &pkt; 116 iov.iov_len = len; 117 118 serial = atomic_inc_return(&conn->serial); 119 pkt.whdr.serial = htonl(serial); 120 121 switch (chan->last_type) { 122 case RXRPC_PACKET_TYPE_ABORT: 123 _proto("Tx ABORT %%%u { %d } [re]", serial, conn->local_abort); 124 break; 125 case RXRPC_PACKET_TYPE_ACK: 126 _proto("Tx ACK %%%u [re]", serial); 127 break; 128 } 129 130 kernel_sendmsg(conn->params.local->socket, &msg, &iov, 1, len); 131 _leave(""); 132 return; 133 } 134 135 /* 136 * pass a connection-level abort onto all calls on that connection 137 */ 138 static void rxrpc_abort_calls(struct rxrpc_connection *conn, int state, 139 u32 abort_code) 140 { 141 struct rxrpc_call *call; 142 int i; 143 144 _enter("{%d},%x", conn->debug_id, abort_code); 145 146 spin_lock(&conn->channel_lock); 147 148 for (i = 0; i < RXRPC_MAXCALLS; i++) { 149 call = rcu_dereference_protected( 150 conn->channels[i].call, 151 lockdep_is_held(&conn->channel_lock)); 152 write_lock_bh(&call->state_lock); 153 if (call->state <= RXRPC_CALL_COMPLETE) { 154 call->state = state; 155 if (state == RXRPC_CALL_LOCALLY_ABORTED) { 156 call->local_abort = conn->local_abort; 157 set_bit(RXRPC_CALL_EV_CONN_ABORT, &call->events); 158 } else { 159 call->remote_abort = conn->remote_abort; 160 set_bit(RXRPC_CALL_EV_RCVD_ABORT, &call->events); 161 } 162 rxrpc_queue_call(call); 163 } 164 write_unlock_bh(&call->state_lock); 165 } 166 167 spin_unlock(&conn->channel_lock); 168 _leave(""); 169 } 170 171 /* 172 * generate a connection-level abort 173 */ 174 static int rxrpc_abort_connection(struct rxrpc_connection *conn, 175 u32 error, u32 abort_code) 176 { 177 struct rxrpc_wire_header whdr; 178 struct msghdr msg; 179 struct kvec iov[2]; 180 __be32 word; 181 size_t len; 182 u32 serial; 183 int ret; 184 185 _enter("%d,,%u,%u", conn->debug_id, error, abort_code); 186 187 /* generate a connection-level abort */ 188 spin_lock_bh(&conn->state_lock); 189 if (conn->state < RXRPC_CONN_REMOTELY_ABORTED) { 190 conn->state = RXRPC_CONN_LOCALLY_ABORTED; 191 conn->error = error; 192 spin_unlock_bh(&conn->state_lock); 193 } else { 194 spin_unlock_bh(&conn->state_lock); 195 _leave(" = 0 [already dead]"); 196 return 0; 197 } 198 199 rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, abort_code); 200 201 msg.msg_name = &conn->params.peer->srx.transport; 202 msg.msg_namelen = conn->params.peer->srx.transport_len; 203 msg.msg_control = NULL; 204 msg.msg_controllen = 0; 205 msg.msg_flags = 0; 206 207 whdr.epoch = htonl(conn->proto.epoch); 208 whdr.cid = htonl(conn->proto.cid); 209 whdr.callNumber = 0; 210 whdr.seq = 0; 211 whdr.type = RXRPC_PACKET_TYPE_ABORT; 212 whdr.flags = conn->out_clientflag; 213 whdr.userStatus = 0; 214 whdr.securityIndex = conn->security_ix; 215 whdr._rsvd = 0; 216 whdr.serviceId = htons(conn->params.service_id); 217 218 word = htonl(conn->local_abort); 219 220 iov[0].iov_base = &whdr; 221 iov[0].iov_len = sizeof(whdr); 222 iov[1].iov_base = &word; 223 iov[1].iov_len = sizeof(word); 224 225 len = iov[0].iov_len + iov[1].iov_len; 226 227 serial = atomic_inc_return(&conn->serial); 228 whdr.serial = htonl(serial); 229 _proto("Tx CONN ABORT %%%u { %d }", serial, conn->local_abort); 230 231 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len); 232 if (ret < 0) { 233 _debug("sendmsg failed: %d", ret); 234 return -EAGAIN; 235 } 236 237 _leave(" = 0"); 238 return 0; 239 } 240 241 /* 242 * mark a call as being on a now-secured channel 243 * - must be called with softirqs disabled 244 */ 245 static void rxrpc_call_is_secure(struct rxrpc_call *call) 246 { 247 _enter("%p", call); 248 if (call) { 249 read_lock(&call->state_lock); 250 if (call->state < RXRPC_CALL_COMPLETE && 251 !test_and_set_bit(RXRPC_CALL_EV_SECURED, &call->events)) 252 rxrpc_queue_call(call); 253 read_unlock(&call->state_lock); 254 } 255 } 256 257 /* 258 * connection-level Rx packet processor 259 */ 260 static int rxrpc_process_event(struct rxrpc_connection *conn, 261 struct sk_buff *skb, 262 u32 *_abort_code) 263 { 264 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 265 __be32 wtmp; 266 u32 abort_code; 267 int loop, ret; 268 269 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) { 270 kleave(" = -ECONNABORTED [%u]", conn->state); 271 return -ECONNABORTED; 272 } 273 274 _enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial); 275 276 switch (sp->hdr.type) { 277 case RXRPC_PACKET_TYPE_DATA: 278 case RXRPC_PACKET_TYPE_ACK: 279 rxrpc_conn_retransmit(conn, skb); 280 rxrpc_free_skb(skb); 281 return 0; 282 283 case RXRPC_PACKET_TYPE_ABORT: 284 if (skb_copy_bits(skb, 0, &wtmp, sizeof(wtmp)) < 0) 285 return -EPROTO; 286 abort_code = ntohl(wtmp); 287 _proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code); 288 289 conn->state = RXRPC_CONN_REMOTELY_ABORTED; 290 rxrpc_abort_calls(conn, RXRPC_CALL_REMOTELY_ABORTED, 291 abort_code); 292 return -ECONNABORTED; 293 294 case RXRPC_PACKET_TYPE_CHALLENGE: 295 return conn->security->respond_to_challenge(conn, skb, 296 _abort_code); 297 298 case RXRPC_PACKET_TYPE_RESPONSE: 299 ret = conn->security->verify_response(conn, skb, _abort_code); 300 if (ret < 0) 301 return ret; 302 303 ret = conn->security->init_connection_security(conn); 304 if (ret < 0) 305 return ret; 306 307 ret = conn->security->prime_packet_security(conn); 308 if (ret < 0) 309 return ret; 310 311 spin_lock(&conn->channel_lock); 312 spin_lock(&conn->state_lock); 313 314 if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) { 315 conn->state = RXRPC_CONN_SERVICE; 316 for (loop = 0; loop < RXRPC_MAXCALLS; loop++) 317 rxrpc_call_is_secure( 318 rcu_dereference_protected( 319 conn->channels[loop].call, 320 lockdep_is_held(&conn->channel_lock))); 321 } 322 323 spin_unlock(&conn->state_lock); 324 spin_unlock(&conn->channel_lock); 325 return 0; 326 327 default: 328 _leave(" = -EPROTO [%u]", sp->hdr.type); 329 return -EPROTO; 330 } 331 } 332 333 /* 334 * set up security and issue a challenge 335 */ 336 static void rxrpc_secure_connection(struct rxrpc_connection *conn) 337 { 338 u32 abort_code; 339 int ret; 340 341 _enter("{%d}", conn->debug_id); 342 343 ASSERT(conn->security_ix != 0); 344 345 if (!conn->params.key) { 346 _debug("set up security"); 347 ret = rxrpc_init_server_conn_security(conn); 348 switch (ret) { 349 case 0: 350 break; 351 case -ENOENT: 352 abort_code = RX_CALL_DEAD; 353 goto abort; 354 default: 355 abort_code = RXKADNOAUTH; 356 goto abort; 357 } 358 } 359 360 if (conn->security->issue_challenge(conn) < 0) { 361 abort_code = RX_CALL_DEAD; 362 ret = -ENOMEM; 363 goto abort; 364 } 365 366 _leave(""); 367 return; 368 369 abort: 370 _debug("abort %d, %d", ret, abort_code); 371 rxrpc_abort_connection(conn, -ret, abort_code); 372 _leave(" [aborted]"); 373 } 374 375 /* 376 * connection-level event processor 377 */ 378 void rxrpc_process_connection(struct work_struct *work) 379 { 380 struct rxrpc_connection *conn = 381 container_of(work, struct rxrpc_connection, processor); 382 struct sk_buff *skb; 383 u32 abort_code = RX_PROTOCOL_ERROR; 384 int ret; 385 386 _enter("{%d}", conn->debug_id); 387 388 if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events)) 389 rxrpc_secure_connection(conn); 390 391 /* go through the conn-level event packets, releasing the ref on this 392 * connection that each one has when we've finished with it */ 393 while ((skb = skb_dequeue(&conn->rx_queue))) { 394 rxrpc_see_skb(skb); 395 ret = rxrpc_process_event(conn, skb, &abort_code); 396 switch (ret) { 397 case -EPROTO: 398 case -EKEYEXPIRED: 399 case -EKEYREJECTED: 400 goto protocol_error; 401 case -EAGAIN: 402 goto requeue_and_leave; 403 case -ECONNABORTED: 404 default: 405 rxrpc_free_skb(skb); 406 break; 407 } 408 } 409 410 out: 411 rxrpc_put_connection(conn); 412 _leave(""); 413 return; 414 415 requeue_and_leave: 416 skb_queue_head(&conn->rx_queue, skb); 417 goto out; 418 419 protocol_error: 420 if (rxrpc_abort_connection(conn, -ret, abort_code) < 0) 421 goto requeue_and_leave; 422 rxrpc_free_skb(skb); 423 _leave(" [EPROTO]"); 424 goto out; 425 } 426 427 /* 428 * put a packet up for transport-level abort 429 */ 430 void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb) 431 { 432 CHECK_SLAB_OKAY(&local->usage); 433 434 skb_queue_tail(&local->reject_queue, skb); 435 rxrpc_queue_local(local); 436 } 437 438 /* 439 * reject packets through the local endpoint 440 */ 441 void rxrpc_reject_packets(struct rxrpc_local *local) 442 { 443 union { 444 struct sockaddr sa; 445 struct sockaddr_in sin; 446 } sa; 447 struct rxrpc_skb_priv *sp; 448 struct rxrpc_wire_header whdr; 449 struct sk_buff *skb; 450 struct msghdr msg; 451 struct kvec iov[2]; 452 size_t size; 453 __be32 code; 454 455 _enter("%d", local->debug_id); 456 457 iov[0].iov_base = &whdr; 458 iov[0].iov_len = sizeof(whdr); 459 iov[1].iov_base = &code; 460 iov[1].iov_len = sizeof(code); 461 size = sizeof(whdr) + sizeof(code); 462 463 msg.msg_name = &sa; 464 msg.msg_control = NULL; 465 msg.msg_controllen = 0; 466 msg.msg_flags = 0; 467 468 memset(&sa, 0, sizeof(sa)); 469 sa.sa.sa_family = local->srx.transport.family; 470 switch (sa.sa.sa_family) { 471 case AF_INET: 472 msg.msg_namelen = sizeof(sa.sin); 473 break; 474 default: 475 msg.msg_namelen = 0; 476 break; 477 } 478 479 memset(&whdr, 0, sizeof(whdr)); 480 whdr.type = RXRPC_PACKET_TYPE_ABORT; 481 482 while ((skb = skb_dequeue(&local->reject_queue))) { 483 rxrpc_see_skb(skb); 484 sp = rxrpc_skb(skb); 485 switch (sa.sa.sa_family) { 486 case AF_INET: 487 sa.sin.sin_port = udp_hdr(skb)->source; 488 sa.sin.sin_addr.s_addr = ip_hdr(skb)->saddr; 489 code = htonl(skb->priority); 490 491 whdr.epoch = htonl(sp->hdr.epoch); 492 whdr.cid = htonl(sp->hdr.cid); 493 whdr.callNumber = htonl(sp->hdr.callNumber); 494 whdr.serviceId = htons(sp->hdr.serviceId); 495 whdr.flags = sp->hdr.flags; 496 whdr.flags ^= RXRPC_CLIENT_INITIATED; 497 whdr.flags &= RXRPC_CLIENT_INITIATED; 498 499 kernel_sendmsg(local->socket, &msg, iov, 2, size); 500 break; 501 502 default: 503 break; 504 } 505 506 rxrpc_free_skb(skb); 507 } 508 509 _leave(""); 510 } 511