1 /* connection-level event handling 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13 14 #include <linux/module.h> 15 #include <linux/net.h> 16 #include <linux/skbuff.h> 17 #include <linux/errqueue.h> 18 #include <net/sock.h> 19 #include <net/af_rxrpc.h> 20 #include <net/ip.h> 21 #include "ar-internal.h" 22 23 /* 24 * Retransmit terminal ACK or ABORT of the previous call. 25 */ 26 static void rxrpc_conn_retransmit_call(struct rxrpc_connection *conn, 27 struct sk_buff *skb) 28 { 29 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 30 struct rxrpc_channel *chan; 31 struct msghdr msg; 32 struct kvec iov; 33 struct { 34 struct rxrpc_wire_header whdr; 35 union { 36 struct { 37 __be32 code; 38 } abort; 39 struct { 40 struct rxrpc_ackpacket ack; 41 u8 padding[3]; 42 struct rxrpc_ackinfo info; 43 }; 44 }; 45 } __attribute__((packed)) pkt; 46 size_t len; 47 u32 serial, mtu, call_id; 48 49 _enter("%d", conn->debug_id); 50 51 chan = &conn->channels[sp->hdr.cid & RXRPC_CHANNELMASK]; 52 53 /* If the last call got moved on whilst we were waiting to run, just 54 * ignore this packet. 55 */ 56 call_id = READ_ONCE(chan->last_call); 57 /* Sync with __rxrpc_disconnect_call() */ 58 smp_rmb(); 59 if (call_id != sp->hdr.callNumber) 60 return; 61 62 msg.msg_name = &conn->params.peer->srx.transport; 63 msg.msg_namelen = conn->params.peer->srx.transport_len; 64 msg.msg_control = NULL; 65 msg.msg_controllen = 0; 66 msg.msg_flags = 0; 67 68 pkt.whdr.epoch = htonl(sp->hdr.epoch); 69 pkt.whdr.cid = htonl(sp->hdr.cid); 70 pkt.whdr.callNumber = htonl(sp->hdr.callNumber); 71 pkt.whdr.seq = 0; 72 pkt.whdr.type = chan->last_type; 73 pkt.whdr.flags = conn->out_clientflag; 74 pkt.whdr.userStatus = 0; 75 pkt.whdr.securityIndex = conn->security_ix; 76 pkt.whdr._rsvd = 0; 77 pkt.whdr.serviceId = htons(chan->last_service_id); 78 79 len = sizeof(pkt.whdr); 80 switch (chan->last_type) { 81 case RXRPC_PACKET_TYPE_ABORT: 82 pkt.abort.code = htonl(chan->last_abort); 83 len += sizeof(pkt.abort); 84 break; 85 86 case RXRPC_PACKET_TYPE_ACK: 87 mtu = conn->params.peer->if_mtu; 88 mtu -= conn->params.peer->hdrsize; 89 pkt.ack.bufferSpace = 0; 90 pkt.ack.maxSkew = htons(skb->priority); 91 pkt.ack.firstPacket = htonl(chan->last_seq); 92 pkt.ack.previousPacket = htonl(chan->last_seq - 1); 93 pkt.ack.serial = htonl(sp->hdr.serial); 94 pkt.ack.reason = RXRPC_ACK_DUPLICATE; 95 pkt.ack.nAcks = 0; 96 pkt.info.rxMTU = htonl(rxrpc_rx_mtu); 97 pkt.info.maxMTU = htonl(mtu); 98 pkt.info.rwind = htonl(rxrpc_rx_window_size); 99 pkt.info.jumbo_max = htonl(rxrpc_rx_jumbo_max); 100 pkt.whdr.flags |= RXRPC_SLOW_START_OK; 101 len += sizeof(pkt.ack) + sizeof(pkt.info); 102 break; 103 } 104 105 /* Resync with __rxrpc_disconnect_call() and check that the last call 106 * didn't get advanced whilst we were filling out the packets. 107 */ 108 smp_rmb(); 109 if (READ_ONCE(chan->last_call) != call_id) 110 return; 111 112 iov.iov_base = &pkt; 113 iov.iov_len = len; 114 115 serial = atomic_inc_return(&conn->serial); 116 pkt.whdr.serial = htonl(serial); 117 118 switch (chan->last_type) { 119 case RXRPC_PACKET_TYPE_ABORT: 120 _proto("Tx ABORT %%%u { %d } [re]", serial, conn->local_abort); 121 break; 122 case RXRPC_PACKET_TYPE_ACK: 123 trace_rxrpc_tx_ack(NULL, serial, chan->last_seq, 0, 124 RXRPC_ACK_DUPLICATE, 0); 125 _proto("Tx ACK %%%u [re]", serial); 126 break; 127 } 128 129 kernel_sendmsg(conn->params.local->socket, &msg, &iov, 1, len); 130 _leave(""); 131 return; 132 } 133 134 /* 135 * pass a connection-level abort onto all calls on that connection 136 */ 137 static void rxrpc_abort_calls(struct rxrpc_connection *conn, 138 enum rxrpc_call_completion compl, 139 u32 abort_code, int error) 140 { 141 struct rxrpc_call *call; 142 int i; 143 144 _enter("{%d},%x", conn->debug_id, abort_code); 145 146 spin_lock(&conn->channel_lock); 147 148 for (i = 0; i < RXRPC_MAXCALLS; i++) { 149 call = rcu_dereference_protected( 150 conn->channels[i].call, 151 lockdep_is_held(&conn->channel_lock)); 152 if (call) { 153 if (compl == RXRPC_CALL_LOCALLY_ABORTED) 154 trace_rxrpc_abort("CON", call->cid, 155 call->call_id, 0, 156 abort_code, error); 157 if (rxrpc_set_call_completion(call, compl, 158 abort_code, error)) 159 rxrpc_notify_socket(call); 160 } 161 } 162 163 spin_unlock(&conn->channel_lock); 164 _leave(""); 165 } 166 167 /* 168 * generate a connection-level abort 169 */ 170 static int rxrpc_abort_connection(struct rxrpc_connection *conn, 171 u32 error, u32 abort_code) 172 { 173 struct rxrpc_wire_header whdr; 174 struct msghdr msg; 175 struct kvec iov[2]; 176 __be32 word; 177 size_t len; 178 u32 serial; 179 int ret; 180 181 _enter("%d,,%u,%u", conn->debug_id, error, abort_code); 182 183 /* generate a connection-level abort */ 184 spin_lock_bh(&conn->state_lock); 185 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) { 186 spin_unlock_bh(&conn->state_lock); 187 _leave(" = 0 [already dead]"); 188 return 0; 189 } 190 191 conn->state = RXRPC_CONN_LOCALLY_ABORTED; 192 spin_unlock_bh(&conn->state_lock); 193 194 rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, abort_code, error); 195 196 msg.msg_name = &conn->params.peer->srx.transport; 197 msg.msg_namelen = conn->params.peer->srx.transport_len; 198 msg.msg_control = NULL; 199 msg.msg_controllen = 0; 200 msg.msg_flags = 0; 201 202 whdr.epoch = htonl(conn->proto.epoch); 203 whdr.cid = htonl(conn->proto.cid); 204 whdr.callNumber = 0; 205 whdr.seq = 0; 206 whdr.type = RXRPC_PACKET_TYPE_ABORT; 207 whdr.flags = conn->out_clientflag; 208 whdr.userStatus = 0; 209 whdr.securityIndex = conn->security_ix; 210 whdr._rsvd = 0; 211 whdr.serviceId = htons(conn->params.service_id); 212 213 word = htonl(conn->local_abort); 214 215 iov[0].iov_base = &whdr; 216 iov[0].iov_len = sizeof(whdr); 217 iov[1].iov_base = &word; 218 iov[1].iov_len = sizeof(word); 219 220 len = iov[0].iov_len + iov[1].iov_len; 221 222 serial = atomic_inc_return(&conn->serial); 223 whdr.serial = htonl(serial); 224 _proto("Tx CONN ABORT %%%u { %d }", serial, conn->local_abort); 225 226 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len); 227 if (ret < 0) { 228 _debug("sendmsg failed: %d", ret); 229 return -EAGAIN; 230 } 231 232 _leave(" = 0"); 233 return 0; 234 } 235 236 /* 237 * mark a call as being on a now-secured channel 238 * - must be called with BH's disabled. 239 */ 240 static void rxrpc_call_is_secure(struct rxrpc_call *call) 241 { 242 _enter("%p", call); 243 if (call) { 244 write_lock_bh(&call->state_lock); 245 if (call->state == RXRPC_CALL_SERVER_SECURING) { 246 call->state = RXRPC_CALL_SERVER_ACCEPTING; 247 rxrpc_notify_socket(call); 248 } 249 write_unlock_bh(&call->state_lock); 250 } 251 } 252 253 /* 254 * connection-level Rx packet processor 255 */ 256 static int rxrpc_process_event(struct rxrpc_connection *conn, 257 struct sk_buff *skb, 258 u32 *_abort_code) 259 { 260 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 261 __be32 wtmp; 262 u32 abort_code; 263 int loop, ret; 264 265 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) { 266 _leave(" = -ECONNABORTED [%u]", conn->state); 267 return -ECONNABORTED; 268 } 269 270 _enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial); 271 272 switch (sp->hdr.type) { 273 case RXRPC_PACKET_TYPE_DATA: 274 case RXRPC_PACKET_TYPE_ACK: 275 rxrpc_conn_retransmit_call(conn, skb); 276 return 0; 277 278 case RXRPC_PACKET_TYPE_ABORT: 279 if (skb_copy_bits(skb, sp->offset, &wtmp, sizeof(wtmp)) < 0) 280 return -EPROTO; 281 abort_code = ntohl(wtmp); 282 _proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code); 283 284 conn->state = RXRPC_CONN_REMOTELY_ABORTED; 285 rxrpc_abort_calls(conn, RXRPC_CALL_REMOTELY_ABORTED, 286 abort_code, ECONNABORTED); 287 return -ECONNABORTED; 288 289 case RXRPC_PACKET_TYPE_CHALLENGE: 290 return conn->security->respond_to_challenge(conn, skb, 291 _abort_code); 292 293 case RXRPC_PACKET_TYPE_RESPONSE: 294 ret = conn->security->verify_response(conn, skb, _abort_code); 295 if (ret < 0) 296 return ret; 297 298 ret = conn->security->init_connection_security(conn); 299 if (ret < 0) 300 return ret; 301 302 ret = conn->security->prime_packet_security(conn); 303 if (ret < 0) 304 return ret; 305 306 spin_lock(&conn->channel_lock); 307 spin_lock(&conn->state_lock); 308 309 if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) { 310 conn->state = RXRPC_CONN_SERVICE; 311 spin_unlock(&conn->state_lock); 312 for (loop = 0; loop < RXRPC_MAXCALLS; loop++) 313 rxrpc_call_is_secure( 314 rcu_dereference_protected( 315 conn->channels[loop].call, 316 lockdep_is_held(&conn->channel_lock))); 317 } else { 318 spin_unlock(&conn->state_lock); 319 } 320 321 spin_unlock(&conn->channel_lock); 322 return 0; 323 324 default: 325 _leave(" = -EPROTO [%u]", sp->hdr.type); 326 return -EPROTO; 327 } 328 } 329 330 /* 331 * set up security and issue a challenge 332 */ 333 static void rxrpc_secure_connection(struct rxrpc_connection *conn) 334 { 335 u32 abort_code; 336 int ret; 337 338 _enter("{%d}", conn->debug_id); 339 340 ASSERT(conn->security_ix != 0); 341 342 if (!conn->params.key) { 343 _debug("set up security"); 344 ret = rxrpc_init_server_conn_security(conn); 345 switch (ret) { 346 case 0: 347 break; 348 case -ENOENT: 349 abort_code = RX_CALL_DEAD; 350 goto abort; 351 default: 352 abort_code = RXKADNOAUTH; 353 goto abort; 354 } 355 } 356 357 if (conn->security->issue_challenge(conn) < 0) { 358 abort_code = RX_CALL_DEAD; 359 ret = -ENOMEM; 360 goto abort; 361 } 362 363 _leave(""); 364 return; 365 366 abort: 367 _debug("abort %d, %d", ret, abort_code); 368 rxrpc_abort_connection(conn, -ret, abort_code); 369 _leave(" [aborted]"); 370 } 371 372 /* 373 * connection-level event processor 374 */ 375 void rxrpc_process_connection(struct work_struct *work) 376 { 377 struct rxrpc_connection *conn = 378 container_of(work, struct rxrpc_connection, processor); 379 struct sk_buff *skb; 380 u32 abort_code = RX_PROTOCOL_ERROR; 381 int ret; 382 383 rxrpc_see_connection(conn); 384 385 if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events)) 386 rxrpc_secure_connection(conn); 387 388 /* go through the conn-level event packets, releasing the ref on this 389 * connection that each one has when we've finished with it */ 390 while ((skb = skb_dequeue(&conn->rx_queue))) { 391 rxrpc_see_skb(skb, rxrpc_skb_rx_seen); 392 ret = rxrpc_process_event(conn, skb, &abort_code); 393 switch (ret) { 394 case -EPROTO: 395 case -EKEYEXPIRED: 396 case -EKEYREJECTED: 397 goto protocol_error; 398 case -EAGAIN: 399 goto requeue_and_leave; 400 case -ECONNABORTED: 401 default: 402 rxrpc_free_skb(skb, rxrpc_skb_rx_freed); 403 break; 404 } 405 } 406 407 out: 408 rxrpc_put_connection(conn); 409 _leave(""); 410 return; 411 412 requeue_and_leave: 413 skb_queue_head(&conn->rx_queue, skb); 414 goto out; 415 416 protocol_error: 417 if (rxrpc_abort_connection(conn, -ret, abort_code) < 0) 418 goto requeue_and_leave; 419 rxrpc_free_skb(skb, rxrpc_skb_rx_freed); 420 _leave(" [EPROTO]"); 421 goto out; 422 } 423