1 /* connection-level event handling 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13 14 #include <linux/module.h> 15 #include <linux/net.h> 16 #include <linux/skbuff.h> 17 #include <linux/errqueue.h> 18 #include <net/sock.h> 19 #include <net/af_rxrpc.h> 20 #include <net/ip.h> 21 #include "ar-internal.h" 22 23 /* 24 * Retransmit terminal ACK or ABORT of the previous call. 25 */ 26 static void rxrpc_conn_retransmit_call(struct rxrpc_connection *conn, 27 struct sk_buff *skb) 28 { 29 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 30 struct rxrpc_channel *chan; 31 struct msghdr msg; 32 struct kvec iov; 33 struct { 34 struct rxrpc_wire_header whdr; 35 union { 36 struct { 37 __be32 code; 38 } abort; 39 struct { 40 struct rxrpc_ackpacket ack; 41 u8 padding[3]; 42 struct rxrpc_ackinfo info; 43 }; 44 }; 45 } __attribute__((packed)) pkt; 46 size_t len; 47 u32 serial, mtu, call_id; 48 49 _enter("%d", conn->debug_id); 50 51 chan = &conn->channels[sp->hdr.cid & RXRPC_CHANNELMASK]; 52 53 /* If the last call got moved on whilst we were waiting to run, just 54 * ignore this packet. 55 */ 56 call_id = READ_ONCE(chan->last_call); 57 /* Sync with __rxrpc_disconnect_call() */ 58 smp_rmb(); 59 if (call_id != sp->hdr.callNumber) 60 return; 61 62 msg.msg_name = &conn->params.peer->srx.transport; 63 msg.msg_namelen = conn->params.peer->srx.transport_len; 64 msg.msg_control = NULL; 65 msg.msg_controllen = 0; 66 msg.msg_flags = 0; 67 68 pkt.whdr.epoch = htonl(sp->hdr.epoch); 69 pkt.whdr.cid = htonl(sp->hdr.cid); 70 pkt.whdr.callNumber = htonl(sp->hdr.callNumber); 71 pkt.whdr.seq = 0; 72 pkt.whdr.type = chan->last_type; 73 pkt.whdr.flags = conn->out_clientflag; 74 pkt.whdr.userStatus = 0; 75 pkt.whdr.securityIndex = conn->security_ix; 76 pkt.whdr._rsvd = 0; 77 pkt.whdr.serviceId = htons(chan->last_service_id); 78 79 len = sizeof(pkt.whdr); 80 switch (chan->last_type) { 81 case RXRPC_PACKET_TYPE_ABORT: 82 pkt.abort.code = htonl(chan->last_abort); 83 len += sizeof(pkt.abort); 84 break; 85 86 case RXRPC_PACKET_TYPE_ACK: 87 mtu = conn->params.peer->if_mtu; 88 mtu -= conn->params.peer->hdrsize; 89 pkt.ack.bufferSpace = 0; 90 pkt.ack.maxSkew = htons(skb->priority); 91 pkt.ack.firstPacket = htonl(chan->last_seq); 92 pkt.ack.previousPacket = htonl(chan->last_seq - 1); 93 pkt.ack.serial = htonl(sp->hdr.serial); 94 pkt.ack.reason = RXRPC_ACK_DUPLICATE; 95 pkt.ack.nAcks = 0; 96 pkt.info.rxMTU = htonl(rxrpc_rx_mtu); 97 pkt.info.maxMTU = htonl(mtu); 98 pkt.info.rwind = htonl(rxrpc_rx_window_size); 99 pkt.info.jumbo_max = htonl(rxrpc_rx_jumbo_max); 100 len += sizeof(pkt.ack) + sizeof(pkt.info); 101 break; 102 } 103 104 /* Resync with __rxrpc_disconnect_call() and check that the last call 105 * didn't get advanced whilst we were filling out the packets. 106 */ 107 smp_rmb(); 108 if (READ_ONCE(chan->last_call) != call_id) 109 return; 110 111 iov.iov_base = &pkt; 112 iov.iov_len = len; 113 114 serial = atomic_inc_return(&conn->serial); 115 pkt.whdr.serial = htonl(serial); 116 117 switch (chan->last_type) { 118 case RXRPC_PACKET_TYPE_ABORT: 119 _proto("Tx ABORT %%%u { %d } [re]", serial, conn->local_abort); 120 break; 121 case RXRPC_PACKET_TYPE_ACK: 122 _proto("Tx ACK %%%u [re]", serial); 123 break; 124 } 125 126 kernel_sendmsg(conn->params.local->socket, &msg, &iov, 1, len); 127 _leave(""); 128 return; 129 } 130 131 /* 132 * pass a connection-level abort onto all calls on that connection 133 */ 134 static void rxrpc_abort_calls(struct rxrpc_connection *conn, 135 enum rxrpc_call_completion compl, 136 u32 abort_code, int error) 137 { 138 struct rxrpc_call *call; 139 int i; 140 141 _enter("{%d},%x", conn->debug_id, abort_code); 142 143 spin_lock(&conn->channel_lock); 144 145 for (i = 0; i < RXRPC_MAXCALLS; i++) { 146 call = rcu_dereference_protected( 147 conn->channels[i].call, 148 lockdep_is_held(&conn->channel_lock)); 149 if (call) { 150 if (compl == RXRPC_CALL_LOCALLY_ABORTED) 151 trace_rxrpc_abort("CON", call->cid, 152 call->call_id, 0, 153 abort_code, error); 154 if (rxrpc_set_call_completion(call, compl, 155 abort_code, error)) 156 rxrpc_notify_socket(call); 157 } 158 } 159 160 spin_unlock(&conn->channel_lock); 161 _leave(""); 162 } 163 164 /* 165 * generate a connection-level abort 166 */ 167 static int rxrpc_abort_connection(struct rxrpc_connection *conn, 168 u32 error, u32 abort_code) 169 { 170 struct rxrpc_wire_header whdr; 171 struct msghdr msg; 172 struct kvec iov[2]; 173 __be32 word; 174 size_t len; 175 u32 serial; 176 int ret; 177 178 _enter("%d,,%u,%u", conn->debug_id, error, abort_code); 179 180 /* generate a connection-level abort */ 181 spin_lock_bh(&conn->state_lock); 182 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) { 183 spin_unlock_bh(&conn->state_lock); 184 _leave(" = 0 [already dead]"); 185 return 0; 186 } 187 188 conn->state = RXRPC_CONN_LOCALLY_ABORTED; 189 spin_unlock_bh(&conn->state_lock); 190 191 rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, abort_code, error); 192 193 msg.msg_name = &conn->params.peer->srx.transport; 194 msg.msg_namelen = conn->params.peer->srx.transport_len; 195 msg.msg_control = NULL; 196 msg.msg_controllen = 0; 197 msg.msg_flags = 0; 198 199 whdr.epoch = htonl(conn->proto.epoch); 200 whdr.cid = htonl(conn->proto.cid); 201 whdr.callNumber = 0; 202 whdr.seq = 0; 203 whdr.type = RXRPC_PACKET_TYPE_ABORT; 204 whdr.flags = conn->out_clientflag; 205 whdr.userStatus = 0; 206 whdr.securityIndex = conn->security_ix; 207 whdr._rsvd = 0; 208 whdr.serviceId = htons(conn->params.service_id); 209 210 word = htonl(conn->local_abort); 211 212 iov[0].iov_base = &whdr; 213 iov[0].iov_len = sizeof(whdr); 214 iov[1].iov_base = &word; 215 iov[1].iov_len = sizeof(word); 216 217 len = iov[0].iov_len + iov[1].iov_len; 218 219 serial = atomic_inc_return(&conn->serial); 220 whdr.serial = htonl(serial); 221 _proto("Tx CONN ABORT %%%u { %d }", serial, conn->local_abort); 222 223 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len); 224 if (ret < 0) { 225 _debug("sendmsg failed: %d", ret); 226 return -EAGAIN; 227 } 228 229 _leave(" = 0"); 230 return 0; 231 } 232 233 /* 234 * mark a call as being on a now-secured channel 235 * - must be called with BH's disabled. 236 */ 237 static void rxrpc_call_is_secure(struct rxrpc_call *call) 238 { 239 _enter("%p", call); 240 if (call) { 241 write_lock_bh(&call->state_lock); 242 if (call->state == RXRPC_CALL_SERVER_SECURING) { 243 call->state = RXRPC_CALL_SERVER_ACCEPTING; 244 rxrpc_notify_socket(call); 245 } 246 write_unlock_bh(&call->state_lock); 247 } 248 } 249 250 /* 251 * connection-level Rx packet processor 252 */ 253 static int rxrpc_process_event(struct rxrpc_connection *conn, 254 struct sk_buff *skb, 255 u32 *_abort_code) 256 { 257 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 258 __be32 wtmp; 259 u32 abort_code; 260 int loop, ret; 261 262 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) { 263 _leave(" = -ECONNABORTED [%u]", conn->state); 264 return -ECONNABORTED; 265 } 266 267 _enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial); 268 269 switch (sp->hdr.type) { 270 case RXRPC_PACKET_TYPE_DATA: 271 case RXRPC_PACKET_TYPE_ACK: 272 rxrpc_conn_retransmit_call(conn, skb); 273 return 0; 274 275 case RXRPC_PACKET_TYPE_ABORT: 276 if (skb_copy_bits(skb, sp->offset, &wtmp, sizeof(wtmp)) < 0) 277 return -EPROTO; 278 abort_code = ntohl(wtmp); 279 _proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code); 280 281 conn->state = RXRPC_CONN_REMOTELY_ABORTED; 282 rxrpc_abort_calls(conn, RXRPC_CALL_REMOTELY_ABORTED, 283 abort_code, ECONNABORTED); 284 return -ECONNABORTED; 285 286 case RXRPC_PACKET_TYPE_CHALLENGE: 287 return conn->security->respond_to_challenge(conn, skb, 288 _abort_code); 289 290 case RXRPC_PACKET_TYPE_RESPONSE: 291 ret = conn->security->verify_response(conn, skb, _abort_code); 292 if (ret < 0) 293 return ret; 294 295 ret = conn->security->init_connection_security(conn); 296 if (ret < 0) 297 return ret; 298 299 ret = conn->security->prime_packet_security(conn); 300 if (ret < 0) 301 return ret; 302 303 spin_lock(&conn->channel_lock); 304 spin_lock(&conn->state_lock); 305 306 if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) { 307 conn->state = RXRPC_CONN_SERVICE; 308 spin_unlock(&conn->state_lock); 309 for (loop = 0; loop < RXRPC_MAXCALLS; loop++) 310 rxrpc_call_is_secure( 311 rcu_dereference_protected( 312 conn->channels[loop].call, 313 lockdep_is_held(&conn->channel_lock))); 314 } else { 315 spin_unlock(&conn->state_lock); 316 } 317 318 spin_unlock(&conn->channel_lock); 319 return 0; 320 321 default: 322 _leave(" = -EPROTO [%u]", sp->hdr.type); 323 return -EPROTO; 324 } 325 } 326 327 /* 328 * set up security and issue a challenge 329 */ 330 static void rxrpc_secure_connection(struct rxrpc_connection *conn) 331 { 332 u32 abort_code; 333 int ret; 334 335 _enter("{%d}", conn->debug_id); 336 337 ASSERT(conn->security_ix != 0); 338 339 if (!conn->params.key) { 340 _debug("set up security"); 341 ret = rxrpc_init_server_conn_security(conn); 342 switch (ret) { 343 case 0: 344 break; 345 case -ENOENT: 346 abort_code = RX_CALL_DEAD; 347 goto abort; 348 default: 349 abort_code = RXKADNOAUTH; 350 goto abort; 351 } 352 } 353 354 if (conn->security->issue_challenge(conn) < 0) { 355 abort_code = RX_CALL_DEAD; 356 ret = -ENOMEM; 357 goto abort; 358 } 359 360 _leave(""); 361 return; 362 363 abort: 364 _debug("abort %d, %d", ret, abort_code); 365 rxrpc_abort_connection(conn, -ret, abort_code); 366 _leave(" [aborted]"); 367 } 368 369 /* 370 * connection-level event processor 371 */ 372 void rxrpc_process_connection(struct work_struct *work) 373 { 374 struct rxrpc_connection *conn = 375 container_of(work, struct rxrpc_connection, processor); 376 struct sk_buff *skb; 377 u32 abort_code = RX_PROTOCOL_ERROR; 378 int ret; 379 380 _enter("{%d}", conn->debug_id); 381 382 if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events)) 383 rxrpc_secure_connection(conn); 384 385 /* go through the conn-level event packets, releasing the ref on this 386 * connection that each one has when we've finished with it */ 387 while ((skb = skb_dequeue(&conn->rx_queue))) { 388 rxrpc_see_skb(skb); 389 ret = rxrpc_process_event(conn, skb, &abort_code); 390 switch (ret) { 391 case -EPROTO: 392 case -EKEYEXPIRED: 393 case -EKEYREJECTED: 394 goto protocol_error; 395 case -EAGAIN: 396 goto requeue_and_leave; 397 case -ECONNABORTED: 398 default: 399 rxrpc_free_skb(skb); 400 break; 401 } 402 } 403 404 out: 405 rxrpc_put_connection(conn); 406 _leave(""); 407 return; 408 409 requeue_and_leave: 410 skb_queue_head(&conn->rx_queue, skb); 411 goto out; 412 413 protocol_error: 414 if (rxrpc_abort_connection(conn, -ret, abort_code) < 0) 415 goto requeue_and_leave; 416 rxrpc_free_skb(skb); 417 _leave(" [EPROTO]"); 418 goto out; 419 } 420