1 /* connection-level event handling 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13 14 #include <linux/module.h> 15 #include <linux/net.h> 16 #include <linux/skbuff.h> 17 #include <linux/errqueue.h> 18 #include <linux/udp.h> 19 #include <linux/in.h> 20 #include <linux/in6.h> 21 #include <linux/icmp.h> 22 #include <net/sock.h> 23 #include <net/af_rxrpc.h> 24 #include <net/ip.h> 25 #include "ar-internal.h" 26 27 /* 28 * pass a connection-level abort onto all calls on that connection 29 */ 30 static void rxrpc_abort_calls(struct rxrpc_connection *conn, int state, 31 u32 abort_code) 32 { 33 struct rxrpc_call *call; 34 int i; 35 36 _enter("{%d},%x", conn->debug_id, abort_code); 37 38 spin_lock(&conn->channel_lock); 39 40 for (i = 0; i < RXRPC_MAXCALLS; i++) { 41 call = rcu_dereference_protected( 42 conn->channels[i].call, 43 lockdep_is_held(&conn->channel_lock)); 44 write_lock_bh(&call->state_lock); 45 if (call->state <= RXRPC_CALL_COMPLETE) { 46 call->state = state; 47 if (state == RXRPC_CALL_LOCALLY_ABORTED) { 48 call->local_abort = conn->local_abort; 49 set_bit(RXRPC_CALL_EV_CONN_ABORT, &call->events); 50 } else { 51 call->remote_abort = conn->remote_abort; 52 set_bit(RXRPC_CALL_EV_RCVD_ABORT, &call->events); 53 } 54 rxrpc_queue_call(call); 55 } 56 write_unlock_bh(&call->state_lock); 57 } 58 59 spin_unlock(&conn->channel_lock); 60 _leave(""); 61 } 62 63 /* 64 * generate a connection-level abort 65 */ 66 static int rxrpc_abort_connection(struct rxrpc_connection *conn, 67 u32 error, u32 abort_code) 68 { 69 struct rxrpc_wire_header whdr; 70 struct msghdr msg; 71 struct kvec iov[2]; 72 __be32 word; 73 size_t len; 74 u32 serial; 75 int ret; 76 77 _enter("%d,,%u,%u", conn->debug_id, error, abort_code); 78 79 /* generate a connection-level abort */ 80 spin_lock_bh(&conn->state_lock); 81 if (conn->state < RXRPC_CONN_REMOTELY_ABORTED) { 82 conn->state = RXRPC_CONN_LOCALLY_ABORTED; 83 conn->error = error; 84 spin_unlock_bh(&conn->state_lock); 85 } else { 86 spin_unlock_bh(&conn->state_lock); 87 _leave(" = 0 [already dead]"); 88 return 0; 89 } 90 91 rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, abort_code); 92 93 msg.msg_name = &conn->params.peer->srx.transport; 94 msg.msg_namelen = conn->params.peer->srx.transport_len; 95 msg.msg_control = NULL; 96 msg.msg_controllen = 0; 97 msg.msg_flags = 0; 98 99 whdr.epoch = htonl(conn->proto.epoch); 100 whdr.cid = htonl(conn->proto.cid); 101 whdr.callNumber = 0; 102 whdr.seq = 0; 103 whdr.type = RXRPC_PACKET_TYPE_ABORT; 104 whdr.flags = conn->out_clientflag; 105 whdr.userStatus = 0; 106 whdr.securityIndex = conn->security_ix; 107 whdr._rsvd = 0; 108 whdr.serviceId = htons(conn->params.service_id); 109 110 word = htonl(conn->local_abort); 111 112 iov[0].iov_base = &whdr; 113 iov[0].iov_len = sizeof(whdr); 114 iov[1].iov_base = &word; 115 iov[1].iov_len = sizeof(word); 116 117 len = iov[0].iov_len + iov[1].iov_len; 118 119 serial = atomic_inc_return(&conn->serial); 120 whdr.serial = htonl(serial); 121 _proto("Tx CONN ABORT %%%u { %d }", serial, conn->local_abort); 122 123 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len); 124 if (ret < 0) { 125 _debug("sendmsg failed: %d", ret); 126 return -EAGAIN; 127 } 128 129 _leave(" = 0"); 130 return 0; 131 } 132 133 /* 134 * mark a call as being on a now-secured channel 135 * - must be called with softirqs disabled 136 */ 137 static void rxrpc_call_is_secure(struct rxrpc_call *call) 138 { 139 _enter("%p", call); 140 if (call) { 141 read_lock(&call->state_lock); 142 if (call->state < RXRPC_CALL_COMPLETE && 143 !test_and_set_bit(RXRPC_CALL_EV_SECURED, &call->events)) 144 rxrpc_queue_call(call); 145 read_unlock(&call->state_lock); 146 } 147 } 148 149 /* 150 * connection-level Rx packet processor 151 */ 152 static int rxrpc_process_event(struct rxrpc_connection *conn, 153 struct sk_buff *skb, 154 u32 *_abort_code) 155 { 156 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 157 __be32 wtmp; 158 u32 abort_code; 159 int loop, ret; 160 161 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) { 162 kleave(" = -ECONNABORTED [%u]", conn->state); 163 return -ECONNABORTED; 164 } 165 166 _enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial); 167 168 switch (sp->hdr.type) { 169 case RXRPC_PACKET_TYPE_ABORT: 170 if (skb_copy_bits(skb, 0, &wtmp, sizeof(wtmp)) < 0) 171 return -EPROTO; 172 abort_code = ntohl(wtmp); 173 _proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code); 174 175 conn->state = RXRPC_CONN_REMOTELY_ABORTED; 176 rxrpc_abort_calls(conn, RXRPC_CALL_REMOTELY_ABORTED, 177 abort_code); 178 return -ECONNABORTED; 179 180 case RXRPC_PACKET_TYPE_CHALLENGE: 181 return conn->security->respond_to_challenge(conn, skb, 182 _abort_code); 183 184 case RXRPC_PACKET_TYPE_RESPONSE: 185 ret = conn->security->verify_response(conn, skb, _abort_code); 186 if (ret < 0) 187 return ret; 188 189 ret = conn->security->init_connection_security(conn); 190 if (ret < 0) 191 return ret; 192 193 ret = conn->security->prime_packet_security(conn); 194 if (ret < 0) 195 return ret; 196 197 spin_lock(&conn->channel_lock); 198 spin_lock(&conn->state_lock); 199 200 if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) { 201 conn->state = RXRPC_CONN_SERVICE; 202 for (loop = 0; loop < RXRPC_MAXCALLS; loop++) 203 rxrpc_call_is_secure( 204 rcu_dereference_protected( 205 conn->channels[loop].call, 206 lockdep_is_held(&conn->channel_lock))); 207 } 208 209 spin_unlock(&conn->state_lock); 210 spin_unlock(&conn->channel_lock); 211 return 0; 212 213 default: 214 _leave(" = -EPROTO [%u]", sp->hdr.type); 215 return -EPROTO; 216 } 217 } 218 219 /* 220 * set up security and issue a challenge 221 */ 222 static void rxrpc_secure_connection(struct rxrpc_connection *conn) 223 { 224 u32 abort_code; 225 int ret; 226 227 _enter("{%d}", conn->debug_id); 228 229 ASSERT(conn->security_ix != 0); 230 231 if (!conn->params.key) { 232 _debug("set up security"); 233 ret = rxrpc_init_server_conn_security(conn); 234 switch (ret) { 235 case 0: 236 break; 237 case -ENOENT: 238 abort_code = RX_CALL_DEAD; 239 goto abort; 240 default: 241 abort_code = RXKADNOAUTH; 242 goto abort; 243 } 244 } 245 246 if (conn->security->issue_challenge(conn) < 0) { 247 abort_code = RX_CALL_DEAD; 248 ret = -ENOMEM; 249 goto abort; 250 } 251 252 _leave(""); 253 return; 254 255 abort: 256 _debug("abort %d, %d", ret, abort_code); 257 rxrpc_abort_connection(conn, -ret, abort_code); 258 _leave(" [aborted]"); 259 } 260 261 /* 262 * connection-level event processor 263 */ 264 void rxrpc_process_connection(struct work_struct *work) 265 { 266 struct rxrpc_connection *conn = 267 container_of(work, struct rxrpc_connection, processor); 268 struct sk_buff *skb; 269 u32 abort_code = RX_PROTOCOL_ERROR; 270 int ret; 271 272 _enter("{%d}", conn->debug_id); 273 274 if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events)) 275 rxrpc_secure_connection(conn); 276 277 /* go through the conn-level event packets, releasing the ref on this 278 * connection that each one has when we've finished with it */ 279 while ((skb = skb_dequeue(&conn->rx_queue))) { 280 ret = rxrpc_process_event(conn, skb, &abort_code); 281 switch (ret) { 282 case -EPROTO: 283 case -EKEYEXPIRED: 284 case -EKEYREJECTED: 285 goto protocol_error; 286 case -EAGAIN: 287 goto requeue_and_leave; 288 case -ECONNABORTED: 289 default: 290 rxrpc_free_skb(skb); 291 break; 292 } 293 } 294 295 out: 296 rxrpc_put_connection(conn); 297 _leave(""); 298 return; 299 300 requeue_and_leave: 301 skb_queue_head(&conn->rx_queue, skb); 302 goto out; 303 304 protocol_error: 305 if (rxrpc_abort_connection(conn, -ret, abort_code) < 0) 306 goto requeue_and_leave; 307 rxrpc_free_skb(skb); 308 _leave(" [EPROTO]"); 309 goto out; 310 } 311 312 /* 313 * put a packet up for transport-level abort 314 */ 315 void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb) 316 { 317 CHECK_SLAB_OKAY(&local->usage); 318 319 skb_queue_tail(&local->reject_queue, skb); 320 rxrpc_queue_local(local); 321 } 322 323 /* 324 * reject packets through the local endpoint 325 */ 326 void rxrpc_reject_packets(struct rxrpc_local *local) 327 { 328 union { 329 struct sockaddr sa; 330 struct sockaddr_in sin; 331 } sa; 332 struct rxrpc_skb_priv *sp; 333 struct rxrpc_wire_header whdr; 334 struct sk_buff *skb; 335 struct msghdr msg; 336 struct kvec iov[2]; 337 size_t size; 338 __be32 code; 339 340 _enter("%d", local->debug_id); 341 342 iov[0].iov_base = &whdr; 343 iov[0].iov_len = sizeof(whdr); 344 iov[1].iov_base = &code; 345 iov[1].iov_len = sizeof(code); 346 size = sizeof(whdr) + sizeof(code); 347 348 msg.msg_name = &sa; 349 msg.msg_control = NULL; 350 msg.msg_controllen = 0; 351 msg.msg_flags = 0; 352 353 memset(&sa, 0, sizeof(sa)); 354 sa.sa.sa_family = local->srx.transport.family; 355 switch (sa.sa.sa_family) { 356 case AF_INET: 357 msg.msg_namelen = sizeof(sa.sin); 358 break; 359 default: 360 msg.msg_namelen = 0; 361 break; 362 } 363 364 memset(&whdr, 0, sizeof(whdr)); 365 whdr.type = RXRPC_PACKET_TYPE_ABORT; 366 367 while ((skb = skb_dequeue(&local->reject_queue))) { 368 sp = rxrpc_skb(skb); 369 switch (sa.sa.sa_family) { 370 case AF_INET: 371 sa.sin.sin_port = udp_hdr(skb)->source; 372 sa.sin.sin_addr.s_addr = ip_hdr(skb)->saddr; 373 code = htonl(skb->priority); 374 375 whdr.epoch = htonl(sp->hdr.epoch); 376 whdr.cid = htonl(sp->hdr.cid); 377 whdr.callNumber = htonl(sp->hdr.callNumber); 378 whdr.serviceId = htons(sp->hdr.serviceId); 379 whdr.flags = sp->hdr.flags; 380 whdr.flags ^= RXRPC_CLIENT_INITIATED; 381 whdr.flags &= RXRPC_CLIENT_INITIATED; 382 383 kernel_sendmsg(local->socket, &msg, iov, 2, size); 384 break; 385 386 default: 387 break; 388 } 389 390 rxrpc_free_skb(skb); 391 } 392 393 _leave(""); 394 } 395