1 /* connection-level event handling 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13 14 #include <linux/module.h> 15 #include <linux/net.h> 16 #include <linux/skbuff.h> 17 #include <linux/errqueue.h> 18 #include <net/sock.h> 19 #include <net/af_rxrpc.h> 20 #include <net/ip.h> 21 #include "ar-internal.h" 22 23 /* 24 * Retransmit terminal ACK or ABORT of the previous call. 25 */ 26 static void rxrpc_conn_retransmit_call(struct rxrpc_connection *conn, 27 struct sk_buff *skb, 28 unsigned int channel) 29 { 30 struct rxrpc_skb_priv *sp = skb ? rxrpc_skb(skb) : NULL; 31 struct rxrpc_channel *chan; 32 struct msghdr msg; 33 struct kvec iov[3]; 34 struct { 35 struct rxrpc_wire_header whdr; 36 union { 37 __be32 abort_code; 38 struct rxrpc_ackpacket ack; 39 }; 40 } __attribute__((packed)) pkt; 41 struct rxrpc_ackinfo ack_info; 42 size_t len; 43 int ret, ioc; 44 u32 serial, mtu, call_id, padding; 45 46 _enter("%d", conn->debug_id); 47 48 chan = &conn->channels[channel]; 49 50 /* If the last call got moved on whilst we were waiting to run, just 51 * ignore this packet. 52 */ 53 call_id = READ_ONCE(chan->last_call); 54 /* Sync with __rxrpc_disconnect_call() */ 55 smp_rmb(); 56 if (skb && call_id != sp->hdr.callNumber) 57 return; 58 59 msg.msg_name = &conn->params.peer->srx.transport; 60 msg.msg_namelen = conn->params.peer->srx.transport_len; 61 msg.msg_control = NULL; 62 msg.msg_controllen = 0; 63 msg.msg_flags = 0; 64 65 iov[0].iov_base = &pkt; 66 iov[0].iov_len = sizeof(pkt.whdr); 67 iov[1].iov_base = &padding; 68 iov[1].iov_len = 3; 69 iov[2].iov_base = &ack_info; 70 iov[2].iov_len = sizeof(ack_info); 71 72 pkt.whdr.epoch = htonl(conn->proto.epoch); 73 pkt.whdr.cid = htonl(conn->proto.cid | channel); 74 pkt.whdr.callNumber = htonl(call_id); 75 pkt.whdr.seq = 0; 76 pkt.whdr.type = chan->last_type; 77 pkt.whdr.flags = conn->out_clientflag; 78 pkt.whdr.userStatus = 0; 79 pkt.whdr.securityIndex = conn->security_ix; 80 pkt.whdr._rsvd = 0; 81 pkt.whdr.serviceId = htons(conn->service_id); 82 83 len = sizeof(pkt.whdr); 84 switch (chan->last_type) { 85 case RXRPC_PACKET_TYPE_ABORT: 86 pkt.abort_code = htonl(chan->last_abort); 87 iov[0].iov_len += sizeof(pkt.abort_code); 88 len += sizeof(pkt.abort_code); 89 ioc = 1; 90 break; 91 92 case RXRPC_PACKET_TYPE_ACK: 93 mtu = conn->params.peer->if_mtu; 94 mtu -= conn->params.peer->hdrsize; 95 pkt.ack.bufferSpace = 0; 96 pkt.ack.maxSkew = htons(skb ? skb->priority : 0); 97 pkt.ack.firstPacket = htonl(chan->last_seq + 1); 98 pkt.ack.previousPacket = htonl(chan->last_seq); 99 pkt.ack.serial = htonl(skb ? sp->hdr.serial : 0); 100 pkt.ack.reason = skb ? RXRPC_ACK_DUPLICATE : RXRPC_ACK_IDLE; 101 pkt.ack.nAcks = 0; 102 ack_info.rxMTU = htonl(rxrpc_rx_mtu); 103 ack_info.maxMTU = htonl(mtu); 104 ack_info.rwind = htonl(rxrpc_rx_window_size); 105 ack_info.jumbo_max = htonl(rxrpc_rx_jumbo_max); 106 pkt.whdr.flags |= RXRPC_SLOW_START_OK; 107 padding = 0; 108 iov[0].iov_len += sizeof(pkt.ack); 109 len += sizeof(pkt.ack) + 3 + sizeof(ack_info); 110 ioc = 3; 111 break; 112 113 default: 114 return; 115 } 116 117 /* Resync with __rxrpc_disconnect_call() and check that the last call 118 * didn't get advanced whilst we were filling out the packets. 119 */ 120 smp_rmb(); 121 if (READ_ONCE(chan->last_call) != call_id) 122 return; 123 124 serial = atomic_inc_return(&conn->serial); 125 pkt.whdr.serial = htonl(serial); 126 127 switch (chan->last_type) { 128 case RXRPC_PACKET_TYPE_ABORT: 129 _proto("Tx ABORT %%%u { %d } [re]", serial, conn->abort_code); 130 break; 131 case RXRPC_PACKET_TYPE_ACK: 132 trace_rxrpc_tx_ack(chan->call_debug_id, serial, 133 ntohl(pkt.ack.firstPacket), 134 ntohl(pkt.ack.serial), 135 pkt.ack.reason, 0); 136 _proto("Tx ACK %%%u [re]", serial); 137 break; 138 } 139 140 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, ioc, len); 141 conn->params.peer->last_tx_at = ktime_get_seconds(); 142 if (ret < 0) 143 trace_rxrpc_tx_fail(chan->call_debug_id, serial, ret, 144 rxrpc_tx_point_call_final_resend); 145 else 146 trace_rxrpc_tx_packet(chan->call_debug_id, &pkt.whdr, 147 rxrpc_tx_point_call_final_resend); 148 149 _leave(""); 150 } 151 152 /* 153 * pass a connection-level abort onto all calls on that connection 154 */ 155 static void rxrpc_abort_calls(struct rxrpc_connection *conn, 156 enum rxrpc_call_completion compl) 157 { 158 struct rxrpc_call *call; 159 int i; 160 161 _enter("{%d},%x", conn->debug_id, conn->abort_code); 162 163 spin_lock(&conn->channel_lock); 164 165 for (i = 0; i < RXRPC_MAXCALLS; i++) { 166 call = rcu_dereference_protected( 167 conn->channels[i].call, 168 lockdep_is_held(&conn->channel_lock)); 169 if (call) { 170 if (compl == RXRPC_CALL_LOCALLY_ABORTED) 171 trace_rxrpc_abort(call->debug_id, 172 "CON", call->cid, 173 call->call_id, 0, 174 conn->abort_code, 175 conn->error); 176 if (rxrpc_set_call_completion(call, compl, 177 conn->abort_code, 178 conn->error)) 179 rxrpc_notify_socket(call); 180 } 181 } 182 183 spin_unlock(&conn->channel_lock); 184 _leave(""); 185 } 186 187 /* 188 * generate a connection-level abort 189 */ 190 static int rxrpc_abort_connection(struct rxrpc_connection *conn, 191 int error, u32 abort_code) 192 { 193 struct rxrpc_wire_header whdr; 194 struct msghdr msg; 195 struct kvec iov[2]; 196 __be32 word; 197 size_t len; 198 u32 serial; 199 int ret; 200 201 _enter("%d,,%u,%u", conn->debug_id, error, abort_code); 202 203 /* generate a connection-level abort */ 204 spin_lock_bh(&conn->state_lock); 205 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) { 206 spin_unlock_bh(&conn->state_lock); 207 _leave(" = 0 [already dead]"); 208 return 0; 209 } 210 211 conn->error = error; 212 conn->abort_code = abort_code; 213 conn->state = RXRPC_CONN_LOCALLY_ABORTED; 214 spin_unlock_bh(&conn->state_lock); 215 216 rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED); 217 218 msg.msg_name = &conn->params.peer->srx.transport; 219 msg.msg_namelen = conn->params.peer->srx.transport_len; 220 msg.msg_control = NULL; 221 msg.msg_controllen = 0; 222 msg.msg_flags = 0; 223 224 whdr.epoch = htonl(conn->proto.epoch); 225 whdr.cid = htonl(conn->proto.cid); 226 whdr.callNumber = 0; 227 whdr.seq = 0; 228 whdr.type = RXRPC_PACKET_TYPE_ABORT; 229 whdr.flags = conn->out_clientflag; 230 whdr.userStatus = 0; 231 whdr.securityIndex = conn->security_ix; 232 whdr._rsvd = 0; 233 whdr.serviceId = htons(conn->service_id); 234 235 word = htonl(conn->abort_code); 236 237 iov[0].iov_base = &whdr; 238 iov[0].iov_len = sizeof(whdr); 239 iov[1].iov_base = &word; 240 iov[1].iov_len = sizeof(word); 241 242 len = iov[0].iov_len + iov[1].iov_len; 243 244 serial = atomic_inc_return(&conn->serial); 245 whdr.serial = htonl(serial); 246 _proto("Tx CONN ABORT %%%u { %d }", serial, conn->abort_code); 247 248 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len); 249 if (ret < 0) { 250 trace_rxrpc_tx_fail(conn->debug_id, serial, ret, 251 rxrpc_tx_point_conn_abort); 252 _debug("sendmsg failed: %d", ret); 253 return -EAGAIN; 254 } 255 256 trace_rxrpc_tx_packet(conn->debug_id, &whdr, rxrpc_tx_point_conn_abort); 257 258 conn->params.peer->last_tx_at = ktime_get_seconds(); 259 260 _leave(" = 0"); 261 return 0; 262 } 263 264 /* 265 * mark a call as being on a now-secured channel 266 * - must be called with BH's disabled. 267 */ 268 static void rxrpc_call_is_secure(struct rxrpc_call *call) 269 { 270 _enter("%p", call); 271 if (call) { 272 write_lock_bh(&call->state_lock); 273 if (call->state == RXRPC_CALL_SERVER_SECURING) { 274 call->state = RXRPC_CALL_SERVER_ACCEPTING; 275 rxrpc_notify_socket(call); 276 } 277 write_unlock_bh(&call->state_lock); 278 } 279 } 280 281 /* 282 * connection-level Rx packet processor 283 */ 284 static int rxrpc_process_event(struct rxrpc_connection *conn, 285 struct sk_buff *skb, 286 u32 *_abort_code) 287 { 288 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 289 __be32 wtmp; 290 u32 abort_code; 291 int loop, ret; 292 293 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) { 294 _leave(" = -ECONNABORTED [%u]", conn->state); 295 return -ECONNABORTED; 296 } 297 298 _enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial); 299 300 switch (sp->hdr.type) { 301 case RXRPC_PACKET_TYPE_DATA: 302 case RXRPC_PACKET_TYPE_ACK: 303 rxrpc_conn_retransmit_call(conn, skb, 304 sp->hdr.cid & RXRPC_CHANNELMASK); 305 return 0; 306 307 case RXRPC_PACKET_TYPE_BUSY: 308 /* Just ignore BUSY packets for now. */ 309 return 0; 310 311 case RXRPC_PACKET_TYPE_ABORT: 312 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header), 313 &wtmp, sizeof(wtmp)) < 0) { 314 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial, 315 tracepoint_string("bad_abort")); 316 return -EPROTO; 317 } 318 abort_code = ntohl(wtmp); 319 _proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code); 320 321 conn->error = -ECONNABORTED; 322 conn->abort_code = abort_code; 323 conn->state = RXRPC_CONN_REMOTELY_ABORTED; 324 rxrpc_abort_calls(conn, RXRPC_CALL_REMOTELY_ABORTED); 325 return -ECONNABORTED; 326 327 case RXRPC_PACKET_TYPE_CHALLENGE: 328 return conn->security->respond_to_challenge(conn, skb, 329 _abort_code); 330 331 case RXRPC_PACKET_TYPE_RESPONSE: 332 ret = conn->security->verify_response(conn, skb, _abort_code); 333 if (ret < 0) 334 return ret; 335 336 ret = conn->security->init_connection_security(conn); 337 if (ret < 0) 338 return ret; 339 340 ret = conn->security->prime_packet_security(conn); 341 if (ret < 0) 342 return ret; 343 344 spin_lock(&conn->channel_lock); 345 spin_lock(&conn->state_lock); 346 347 if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) { 348 conn->state = RXRPC_CONN_SERVICE; 349 spin_unlock(&conn->state_lock); 350 for (loop = 0; loop < RXRPC_MAXCALLS; loop++) 351 rxrpc_call_is_secure( 352 rcu_dereference_protected( 353 conn->channels[loop].call, 354 lockdep_is_held(&conn->channel_lock))); 355 } else { 356 spin_unlock(&conn->state_lock); 357 } 358 359 spin_unlock(&conn->channel_lock); 360 return 0; 361 362 default: 363 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial, 364 tracepoint_string("bad_conn_pkt")); 365 return -EPROTO; 366 } 367 } 368 369 /* 370 * set up security and issue a challenge 371 */ 372 static void rxrpc_secure_connection(struct rxrpc_connection *conn) 373 { 374 u32 abort_code; 375 int ret; 376 377 _enter("{%d}", conn->debug_id); 378 379 ASSERT(conn->security_ix != 0); 380 381 if (!conn->params.key) { 382 _debug("set up security"); 383 ret = rxrpc_init_server_conn_security(conn); 384 switch (ret) { 385 case 0: 386 break; 387 case -ENOENT: 388 abort_code = RX_CALL_DEAD; 389 goto abort; 390 default: 391 abort_code = RXKADNOAUTH; 392 goto abort; 393 } 394 } 395 396 if (conn->security->issue_challenge(conn) < 0) { 397 abort_code = RX_CALL_DEAD; 398 ret = -ENOMEM; 399 goto abort; 400 } 401 402 _leave(""); 403 return; 404 405 abort: 406 _debug("abort %d, %d", ret, abort_code); 407 rxrpc_abort_connection(conn, ret, abort_code); 408 _leave(" [aborted]"); 409 } 410 411 /* 412 * Process delayed final ACKs that we haven't subsumed into a subsequent call. 413 */ 414 static void rxrpc_process_delayed_final_acks(struct rxrpc_connection *conn) 415 { 416 unsigned long j = jiffies, next_j; 417 unsigned int channel; 418 bool set; 419 420 again: 421 next_j = j + LONG_MAX; 422 set = false; 423 for (channel = 0; channel < RXRPC_MAXCALLS; channel++) { 424 struct rxrpc_channel *chan = &conn->channels[channel]; 425 unsigned long ack_at; 426 427 if (!test_bit(RXRPC_CONN_FINAL_ACK_0 + channel, &conn->flags)) 428 continue; 429 430 smp_rmb(); /* vs rxrpc_disconnect_client_call */ 431 ack_at = READ_ONCE(chan->final_ack_at); 432 433 if (time_before(j, ack_at)) { 434 if (time_before(ack_at, next_j)) { 435 next_j = ack_at; 436 set = true; 437 } 438 continue; 439 } 440 441 if (test_and_clear_bit(RXRPC_CONN_FINAL_ACK_0 + channel, 442 &conn->flags)) 443 rxrpc_conn_retransmit_call(conn, NULL, channel); 444 } 445 446 j = jiffies; 447 if (time_before_eq(next_j, j)) 448 goto again; 449 if (set) 450 rxrpc_reduce_conn_timer(conn, next_j); 451 } 452 453 /* 454 * connection-level event processor 455 */ 456 void rxrpc_process_connection(struct work_struct *work) 457 { 458 struct rxrpc_connection *conn = 459 container_of(work, struct rxrpc_connection, processor); 460 struct sk_buff *skb; 461 u32 abort_code = RX_PROTOCOL_ERROR; 462 int ret; 463 464 rxrpc_see_connection(conn); 465 466 if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events)) 467 rxrpc_secure_connection(conn); 468 469 /* Process delayed ACKs whose time has come. */ 470 if (conn->flags & RXRPC_CONN_FINAL_ACK_MASK) 471 rxrpc_process_delayed_final_acks(conn); 472 473 /* go through the conn-level event packets, releasing the ref on this 474 * connection that each one has when we've finished with it */ 475 while ((skb = skb_dequeue(&conn->rx_queue))) { 476 rxrpc_see_skb(skb, rxrpc_skb_rx_seen); 477 ret = rxrpc_process_event(conn, skb, &abort_code); 478 switch (ret) { 479 case -EPROTO: 480 case -EKEYEXPIRED: 481 case -EKEYREJECTED: 482 goto protocol_error; 483 case -ENOMEM: 484 case -EAGAIN: 485 goto requeue_and_leave; 486 case -ECONNABORTED: 487 default: 488 rxrpc_free_skb(skb, rxrpc_skb_rx_freed); 489 break; 490 } 491 } 492 493 out: 494 rxrpc_put_connection(conn); 495 _leave(""); 496 return; 497 498 requeue_and_leave: 499 skb_queue_head(&conn->rx_queue, skb); 500 goto out; 501 502 protocol_error: 503 if (rxrpc_abort_connection(conn, ret, abort_code) < 0) 504 goto requeue_and_leave; 505 rxrpc_free_skb(skb, rxrpc_skb_rx_freed); 506 goto out; 507 } 508