1 /* connection-level event handling 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13 14 #include <linux/module.h> 15 #include <linux/net.h> 16 #include <linux/skbuff.h> 17 #include <linux/errqueue.h> 18 #include <net/sock.h> 19 #include <net/af_rxrpc.h> 20 #include <net/ip.h> 21 #include "ar-internal.h" 22 23 /* 24 * Retransmit terminal ACK or ABORT of the previous call. 25 */ 26 static void rxrpc_conn_retransmit_call(struct rxrpc_connection *conn, 27 struct sk_buff *skb) 28 { 29 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 30 struct rxrpc_channel *chan; 31 struct msghdr msg; 32 struct kvec iov; 33 struct { 34 struct rxrpc_wire_header whdr; 35 union { 36 struct { 37 __be32 code; 38 } abort; 39 struct { 40 struct rxrpc_ackpacket ack; 41 u8 padding[3]; 42 struct rxrpc_ackinfo info; 43 }; 44 }; 45 } __attribute__((packed)) pkt; 46 size_t len; 47 u32 serial, mtu, call_id; 48 49 _enter("%d", conn->debug_id); 50 51 chan = &conn->channels[sp->hdr.cid & RXRPC_CHANNELMASK]; 52 53 /* If the last call got moved on whilst we were waiting to run, just 54 * ignore this packet. 55 */ 56 call_id = READ_ONCE(chan->last_call); 57 /* Sync with __rxrpc_disconnect_call() */ 58 smp_rmb(); 59 if (call_id != sp->hdr.callNumber) 60 return; 61 62 msg.msg_name = &conn->params.peer->srx.transport; 63 msg.msg_namelen = conn->params.peer->srx.transport_len; 64 msg.msg_control = NULL; 65 msg.msg_controllen = 0; 66 msg.msg_flags = 0; 67 68 pkt.whdr.epoch = htonl(sp->hdr.epoch); 69 pkt.whdr.cid = htonl(sp->hdr.cid); 70 pkt.whdr.callNumber = htonl(sp->hdr.callNumber); 71 pkt.whdr.seq = 0; 72 pkt.whdr.type = chan->last_type; 73 pkt.whdr.flags = conn->out_clientflag; 74 pkt.whdr.userStatus = 0; 75 pkt.whdr.securityIndex = conn->security_ix; 76 pkt.whdr._rsvd = 0; 77 pkt.whdr.serviceId = htons(chan->last_service_id); 78 79 len = sizeof(pkt.whdr); 80 switch (chan->last_type) { 81 case RXRPC_PACKET_TYPE_ABORT: 82 pkt.abort.code = htonl(chan->last_abort); 83 len += sizeof(pkt.abort); 84 break; 85 86 case RXRPC_PACKET_TYPE_ACK: 87 mtu = conn->params.peer->if_mtu; 88 mtu -= conn->params.peer->hdrsize; 89 pkt.ack.bufferSpace = 0; 90 pkt.ack.maxSkew = htons(skb->priority); 91 pkt.ack.firstPacket = htonl(chan->last_seq); 92 pkt.ack.previousPacket = htonl(chan->last_seq - 1); 93 pkt.ack.serial = htonl(sp->hdr.serial); 94 pkt.ack.reason = RXRPC_ACK_DUPLICATE; 95 pkt.ack.nAcks = 0; 96 pkt.info.rxMTU = htonl(rxrpc_rx_mtu); 97 pkt.info.maxMTU = htonl(mtu); 98 pkt.info.rwind = htonl(rxrpc_rx_window_size); 99 pkt.info.jumbo_max = htonl(rxrpc_rx_jumbo_max); 100 pkt.whdr.flags |= RXRPC_SLOW_START_OK; 101 len += sizeof(pkt.ack) + sizeof(pkt.info); 102 break; 103 } 104 105 /* Resync with __rxrpc_disconnect_call() and check that the last call 106 * didn't get advanced whilst we were filling out the packets. 107 */ 108 smp_rmb(); 109 if (READ_ONCE(chan->last_call) != call_id) 110 return; 111 112 iov.iov_base = &pkt; 113 iov.iov_len = len; 114 115 serial = atomic_inc_return(&conn->serial); 116 pkt.whdr.serial = htonl(serial); 117 118 switch (chan->last_type) { 119 case RXRPC_PACKET_TYPE_ABORT: 120 _proto("Tx ABORT %%%u { %d } [re]", serial, conn->local_abort); 121 break; 122 case RXRPC_PACKET_TYPE_ACK: 123 trace_rxrpc_tx_ack(NULL, serial, chan->last_seq, 0, 124 RXRPC_ACK_DUPLICATE, 0); 125 _proto("Tx ACK %%%u [re]", serial); 126 break; 127 } 128 129 kernel_sendmsg(conn->params.local->socket, &msg, &iov, 1, len); 130 _leave(""); 131 return; 132 } 133 134 /* 135 * pass a connection-level abort onto all calls on that connection 136 */ 137 static void rxrpc_abort_calls(struct rxrpc_connection *conn, 138 enum rxrpc_call_completion compl, 139 u32 abort_code, int error) 140 { 141 struct rxrpc_call *call; 142 int i; 143 144 _enter("{%d},%x", conn->debug_id, abort_code); 145 146 spin_lock(&conn->channel_lock); 147 148 for (i = 0; i < RXRPC_MAXCALLS; i++) { 149 call = rcu_dereference_protected( 150 conn->channels[i].call, 151 lockdep_is_held(&conn->channel_lock)); 152 if (call) { 153 if (compl == RXRPC_CALL_LOCALLY_ABORTED) 154 trace_rxrpc_abort("CON", call->cid, 155 call->call_id, 0, 156 abort_code, error); 157 if (rxrpc_set_call_completion(call, compl, 158 abort_code, error)) 159 rxrpc_notify_socket(call); 160 } 161 } 162 163 spin_unlock(&conn->channel_lock); 164 _leave(""); 165 } 166 167 /* 168 * generate a connection-level abort 169 */ 170 static int rxrpc_abort_connection(struct rxrpc_connection *conn, 171 u32 error, u32 abort_code) 172 { 173 struct rxrpc_wire_header whdr; 174 struct msghdr msg; 175 struct kvec iov[2]; 176 __be32 word; 177 size_t len; 178 u32 serial; 179 int ret; 180 181 _enter("%d,,%u,%u", conn->debug_id, error, abort_code); 182 183 /* generate a connection-level abort */ 184 spin_lock_bh(&conn->state_lock); 185 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) { 186 spin_unlock_bh(&conn->state_lock); 187 _leave(" = 0 [already dead]"); 188 return 0; 189 } 190 191 conn->state = RXRPC_CONN_LOCALLY_ABORTED; 192 spin_unlock_bh(&conn->state_lock); 193 194 rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, abort_code, error); 195 196 msg.msg_name = &conn->params.peer->srx.transport; 197 msg.msg_namelen = conn->params.peer->srx.transport_len; 198 msg.msg_control = NULL; 199 msg.msg_controllen = 0; 200 msg.msg_flags = 0; 201 202 whdr.epoch = htonl(conn->proto.epoch); 203 whdr.cid = htonl(conn->proto.cid); 204 whdr.callNumber = 0; 205 whdr.seq = 0; 206 whdr.type = RXRPC_PACKET_TYPE_ABORT; 207 whdr.flags = conn->out_clientflag; 208 whdr.userStatus = 0; 209 whdr.securityIndex = conn->security_ix; 210 whdr._rsvd = 0; 211 whdr.serviceId = htons(conn->params.service_id); 212 213 word = htonl(conn->local_abort); 214 215 iov[0].iov_base = &whdr; 216 iov[0].iov_len = sizeof(whdr); 217 iov[1].iov_base = &word; 218 iov[1].iov_len = sizeof(word); 219 220 len = iov[0].iov_len + iov[1].iov_len; 221 222 serial = atomic_inc_return(&conn->serial); 223 whdr.serial = htonl(serial); 224 _proto("Tx CONN ABORT %%%u { %d }", serial, conn->local_abort); 225 226 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len); 227 if (ret < 0) { 228 _debug("sendmsg failed: %d", ret); 229 return -EAGAIN; 230 } 231 232 _leave(" = 0"); 233 return 0; 234 } 235 236 /* 237 * mark a call as being on a now-secured channel 238 * - must be called with BH's disabled. 239 */ 240 static void rxrpc_call_is_secure(struct rxrpc_call *call) 241 { 242 _enter("%p", call); 243 if (call) { 244 write_lock_bh(&call->state_lock); 245 if (call->state == RXRPC_CALL_SERVER_SECURING) { 246 call->state = RXRPC_CALL_SERVER_ACCEPTING; 247 rxrpc_notify_socket(call); 248 } 249 write_unlock_bh(&call->state_lock); 250 } 251 } 252 253 /* 254 * connection-level Rx packet processor 255 */ 256 static int rxrpc_process_event(struct rxrpc_connection *conn, 257 struct sk_buff *skb, 258 u32 *_abort_code) 259 { 260 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 261 __be32 wtmp; 262 u32 abort_code; 263 int loop, ret; 264 265 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) { 266 _leave(" = -ECONNABORTED [%u]", conn->state); 267 return -ECONNABORTED; 268 } 269 270 _enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial); 271 272 switch (sp->hdr.type) { 273 case RXRPC_PACKET_TYPE_DATA: 274 case RXRPC_PACKET_TYPE_ACK: 275 rxrpc_conn_retransmit_call(conn, skb); 276 return 0; 277 278 case RXRPC_PACKET_TYPE_ABORT: 279 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header), 280 &wtmp, sizeof(wtmp)) < 0) 281 return -EPROTO; 282 abort_code = ntohl(wtmp); 283 _proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code); 284 285 conn->state = RXRPC_CONN_REMOTELY_ABORTED; 286 rxrpc_abort_calls(conn, RXRPC_CALL_REMOTELY_ABORTED, 287 abort_code, ECONNABORTED); 288 return -ECONNABORTED; 289 290 case RXRPC_PACKET_TYPE_CHALLENGE: 291 return conn->security->respond_to_challenge(conn, skb, 292 _abort_code); 293 294 case RXRPC_PACKET_TYPE_RESPONSE: 295 ret = conn->security->verify_response(conn, skb, _abort_code); 296 if (ret < 0) 297 return ret; 298 299 ret = conn->security->init_connection_security(conn); 300 if (ret < 0) 301 return ret; 302 303 ret = conn->security->prime_packet_security(conn); 304 if (ret < 0) 305 return ret; 306 307 spin_lock(&conn->channel_lock); 308 spin_lock(&conn->state_lock); 309 310 if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) { 311 conn->state = RXRPC_CONN_SERVICE; 312 spin_unlock(&conn->state_lock); 313 for (loop = 0; loop < RXRPC_MAXCALLS; loop++) 314 rxrpc_call_is_secure( 315 rcu_dereference_protected( 316 conn->channels[loop].call, 317 lockdep_is_held(&conn->channel_lock))); 318 } else { 319 spin_unlock(&conn->state_lock); 320 } 321 322 spin_unlock(&conn->channel_lock); 323 return 0; 324 325 default: 326 _leave(" = -EPROTO [%u]", sp->hdr.type); 327 return -EPROTO; 328 } 329 } 330 331 /* 332 * set up security and issue a challenge 333 */ 334 static void rxrpc_secure_connection(struct rxrpc_connection *conn) 335 { 336 u32 abort_code; 337 int ret; 338 339 _enter("{%d}", conn->debug_id); 340 341 ASSERT(conn->security_ix != 0); 342 343 if (!conn->params.key) { 344 _debug("set up security"); 345 ret = rxrpc_init_server_conn_security(conn); 346 switch (ret) { 347 case 0: 348 break; 349 case -ENOENT: 350 abort_code = RX_CALL_DEAD; 351 goto abort; 352 default: 353 abort_code = RXKADNOAUTH; 354 goto abort; 355 } 356 } 357 358 if (conn->security->issue_challenge(conn) < 0) { 359 abort_code = RX_CALL_DEAD; 360 ret = -ENOMEM; 361 goto abort; 362 } 363 364 _leave(""); 365 return; 366 367 abort: 368 _debug("abort %d, %d", ret, abort_code); 369 rxrpc_abort_connection(conn, -ret, abort_code); 370 _leave(" [aborted]"); 371 } 372 373 /* 374 * connection-level event processor 375 */ 376 void rxrpc_process_connection(struct work_struct *work) 377 { 378 struct rxrpc_connection *conn = 379 container_of(work, struct rxrpc_connection, processor); 380 struct sk_buff *skb; 381 u32 abort_code = RX_PROTOCOL_ERROR; 382 int ret; 383 384 rxrpc_see_connection(conn); 385 386 if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events)) 387 rxrpc_secure_connection(conn); 388 389 /* go through the conn-level event packets, releasing the ref on this 390 * connection that each one has when we've finished with it */ 391 while ((skb = skb_dequeue(&conn->rx_queue))) { 392 rxrpc_see_skb(skb, rxrpc_skb_rx_seen); 393 ret = rxrpc_process_event(conn, skb, &abort_code); 394 switch (ret) { 395 case -EPROTO: 396 case -EKEYEXPIRED: 397 case -EKEYREJECTED: 398 goto protocol_error; 399 case -EAGAIN: 400 goto requeue_and_leave; 401 case -ECONNABORTED: 402 default: 403 rxrpc_free_skb(skb, rxrpc_skb_rx_freed); 404 break; 405 } 406 } 407 408 out: 409 rxrpc_put_connection(conn); 410 _leave(""); 411 return; 412 413 requeue_and_leave: 414 skb_queue_head(&conn->rx_queue, skb); 415 goto out; 416 417 protocol_error: 418 if (rxrpc_abort_connection(conn, -ret, abort_code) < 0) 419 goto requeue_and_leave; 420 rxrpc_free_skb(skb, rxrpc_skb_rx_freed); 421 _leave(" [EPROTO]"); 422 goto out; 423 } 424