1 /* connection-level event handling 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13 14 #include <linux/module.h> 15 #include <linux/net.h> 16 #include <linux/skbuff.h> 17 #include <linux/errqueue.h> 18 #include <linux/udp.h> 19 #include <linux/in.h> 20 #include <linux/in6.h> 21 #include <linux/icmp.h> 22 #include <net/sock.h> 23 #include <net/af_rxrpc.h> 24 #include <net/ip.h> 25 #include "ar-internal.h" 26 27 /* 28 * pass a connection-level abort onto all calls on that connection 29 */ 30 static void rxrpc_abort_calls(struct rxrpc_connection *conn, int state, 31 u32 abort_code) 32 { 33 struct rxrpc_call *call; 34 struct rb_node *p; 35 36 _enter("{%d},%x", conn->debug_id, abort_code); 37 38 read_lock_bh(&conn->lock); 39 40 for (p = rb_first(&conn->calls); p; p = rb_next(p)) { 41 call = rb_entry(p, struct rxrpc_call, conn_node); 42 write_lock(&call->state_lock); 43 if (call->state <= RXRPC_CALL_COMPLETE) { 44 call->state = state; 45 if (state == RXRPC_CALL_LOCALLY_ABORTED) { 46 call->local_abort = conn->local_abort; 47 set_bit(RXRPC_CALL_EV_CONN_ABORT, &call->events); 48 } else { 49 call->remote_abort = conn->remote_abort; 50 set_bit(RXRPC_CALL_EV_RCVD_ABORT, &call->events); 51 } 52 rxrpc_queue_call(call); 53 } 54 write_unlock(&call->state_lock); 55 } 56 57 read_unlock_bh(&conn->lock); 58 _leave(""); 59 } 60 61 /* 62 * generate a connection-level abort 63 */ 64 static int rxrpc_abort_connection(struct rxrpc_connection *conn, 65 u32 error, u32 abort_code) 66 { 67 struct rxrpc_wire_header whdr; 68 struct msghdr msg; 69 struct kvec iov[2]; 70 __be32 word; 71 size_t len; 72 u32 serial; 73 int ret; 74 75 _enter("%d,,%u,%u", conn->debug_id, error, abort_code); 76 77 /* generate a connection-level abort */ 78 spin_lock_bh(&conn->state_lock); 79 if (conn->state < RXRPC_CONN_REMOTELY_ABORTED) { 80 conn->state = RXRPC_CONN_LOCALLY_ABORTED; 81 conn->error = error; 82 spin_unlock_bh(&conn->state_lock); 83 } else { 84 spin_unlock_bh(&conn->state_lock); 85 _leave(" = 0 [already dead]"); 86 return 0; 87 } 88 89 rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, abort_code); 90 91 msg.msg_name = &conn->params.peer->srx.transport; 92 msg.msg_namelen = conn->params.peer->srx.transport_len; 93 msg.msg_control = NULL; 94 msg.msg_controllen = 0; 95 msg.msg_flags = 0; 96 97 whdr.epoch = htonl(conn->proto.epoch); 98 whdr.cid = htonl(conn->proto.cid); 99 whdr.callNumber = 0; 100 whdr.seq = 0; 101 whdr.type = RXRPC_PACKET_TYPE_ABORT; 102 whdr.flags = conn->out_clientflag; 103 whdr.userStatus = 0; 104 whdr.securityIndex = conn->security_ix; 105 whdr._rsvd = 0; 106 whdr.serviceId = htons(conn->params.service_id); 107 108 word = htonl(conn->local_abort); 109 110 iov[0].iov_base = &whdr; 111 iov[0].iov_len = sizeof(whdr); 112 iov[1].iov_base = &word; 113 iov[1].iov_len = sizeof(word); 114 115 len = iov[0].iov_len + iov[1].iov_len; 116 117 serial = atomic_inc_return(&conn->serial); 118 whdr.serial = htonl(serial); 119 _proto("Tx CONN ABORT %%%u { %d }", serial, conn->local_abort); 120 121 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len); 122 if (ret < 0) { 123 _debug("sendmsg failed: %d", ret); 124 return -EAGAIN; 125 } 126 127 _leave(" = 0"); 128 return 0; 129 } 130 131 /* 132 * mark a call as being on a now-secured channel 133 * - must be called with softirqs disabled 134 */ 135 static void rxrpc_call_is_secure(struct rxrpc_call *call) 136 { 137 _enter("%p", call); 138 if (call) { 139 read_lock(&call->state_lock); 140 if (call->state < RXRPC_CALL_COMPLETE && 141 !test_and_set_bit(RXRPC_CALL_EV_SECURED, &call->events)) 142 rxrpc_queue_call(call); 143 read_unlock(&call->state_lock); 144 } 145 } 146 147 /* 148 * connection-level Rx packet processor 149 */ 150 static int rxrpc_process_event(struct rxrpc_connection *conn, 151 struct sk_buff *skb, 152 u32 *_abort_code) 153 { 154 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 155 __be32 wtmp; 156 u32 abort_code; 157 int loop, ret; 158 159 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) { 160 kleave(" = -ECONNABORTED [%u]", conn->state); 161 return -ECONNABORTED; 162 } 163 164 _enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial); 165 166 switch (sp->hdr.type) { 167 case RXRPC_PACKET_TYPE_ABORT: 168 if (skb_copy_bits(skb, 0, &wtmp, sizeof(wtmp)) < 0) 169 return -EPROTO; 170 abort_code = ntohl(wtmp); 171 _proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code); 172 173 conn->state = RXRPC_CONN_REMOTELY_ABORTED; 174 rxrpc_abort_calls(conn, RXRPC_CALL_REMOTELY_ABORTED, 175 abort_code); 176 return -ECONNABORTED; 177 178 case RXRPC_PACKET_TYPE_CHALLENGE: 179 return conn->security->respond_to_challenge(conn, skb, 180 _abort_code); 181 182 case RXRPC_PACKET_TYPE_RESPONSE: 183 ret = conn->security->verify_response(conn, skb, _abort_code); 184 if (ret < 0) 185 return ret; 186 187 ret = conn->security->init_connection_security(conn); 188 if (ret < 0) 189 return ret; 190 191 ret = conn->security->prime_packet_security(conn); 192 if (ret < 0) 193 return ret; 194 195 read_lock_bh(&conn->lock); 196 spin_lock(&conn->state_lock); 197 198 if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) { 199 conn->state = RXRPC_CONN_SERVICE; 200 for (loop = 0; loop < RXRPC_MAXCALLS; loop++) 201 rxrpc_call_is_secure( 202 rcu_dereference_protected( 203 conn->channels[loop], 204 lockdep_is_held(&conn->lock))); 205 } 206 207 spin_unlock(&conn->state_lock); 208 read_unlock_bh(&conn->lock); 209 return 0; 210 211 default: 212 _leave(" = -EPROTO [%u]", sp->hdr.type); 213 return -EPROTO; 214 } 215 } 216 217 /* 218 * set up security and issue a challenge 219 */ 220 static void rxrpc_secure_connection(struct rxrpc_connection *conn) 221 { 222 u32 abort_code; 223 int ret; 224 225 _enter("{%d}", conn->debug_id); 226 227 ASSERT(conn->security_ix != 0); 228 229 if (!conn->params.key) { 230 _debug("set up security"); 231 ret = rxrpc_init_server_conn_security(conn); 232 switch (ret) { 233 case 0: 234 break; 235 case -ENOENT: 236 abort_code = RX_CALL_DEAD; 237 goto abort; 238 default: 239 abort_code = RXKADNOAUTH; 240 goto abort; 241 } 242 } 243 244 if (conn->security->issue_challenge(conn) < 0) { 245 abort_code = RX_CALL_DEAD; 246 ret = -ENOMEM; 247 goto abort; 248 } 249 250 _leave(""); 251 return; 252 253 abort: 254 _debug("abort %d, %d", ret, abort_code); 255 rxrpc_abort_connection(conn, -ret, abort_code); 256 _leave(" [aborted]"); 257 } 258 259 /* 260 * connection-level event processor 261 */ 262 void rxrpc_process_connection(struct work_struct *work) 263 { 264 struct rxrpc_connection *conn = 265 container_of(work, struct rxrpc_connection, processor); 266 struct sk_buff *skb; 267 u32 abort_code = RX_PROTOCOL_ERROR; 268 int ret; 269 270 _enter("{%d}", conn->debug_id); 271 272 if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events)) 273 rxrpc_secure_connection(conn); 274 275 /* go through the conn-level event packets, releasing the ref on this 276 * connection that each one has when we've finished with it */ 277 while ((skb = skb_dequeue(&conn->rx_queue))) { 278 ret = rxrpc_process_event(conn, skb, &abort_code); 279 switch (ret) { 280 case -EPROTO: 281 case -EKEYEXPIRED: 282 case -EKEYREJECTED: 283 goto protocol_error; 284 case -EAGAIN: 285 goto requeue_and_leave; 286 case -ECONNABORTED: 287 default: 288 rxrpc_free_skb(skb); 289 break; 290 } 291 } 292 293 out: 294 rxrpc_put_connection(conn); 295 _leave(""); 296 return; 297 298 requeue_and_leave: 299 skb_queue_head(&conn->rx_queue, skb); 300 goto out; 301 302 protocol_error: 303 if (rxrpc_abort_connection(conn, -ret, abort_code) < 0) 304 goto requeue_and_leave; 305 rxrpc_free_skb(skb); 306 _leave(" [EPROTO]"); 307 goto out; 308 } 309 310 /* 311 * put a packet up for transport-level abort 312 */ 313 void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb) 314 { 315 CHECK_SLAB_OKAY(&local->usage); 316 317 skb_queue_tail(&local->reject_queue, skb); 318 rxrpc_queue_local(local); 319 } 320 321 /* 322 * reject packets through the local endpoint 323 */ 324 void rxrpc_reject_packets(struct rxrpc_local *local) 325 { 326 union { 327 struct sockaddr sa; 328 struct sockaddr_in sin; 329 } sa; 330 struct rxrpc_skb_priv *sp; 331 struct rxrpc_wire_header whdr; 332 struct sk_buff *skb; 333 struct msghdr msg; 334 struct kvec iov[2]; 335 size_t size; 336 __be32 code; 337 338 _enter("%d", local->debug_id); 339 340 iov[0].iov_base = &whdr; 341 iov[0].iov_len = sizeof(whdr); 342 iov[1].iov_base = &code; 343 iov[1].iov_len = sizeof(code); 344 size = sizeof(whdr) + sizeof(code); 345 346 msg.msg_name = &sa; 347 msg.msg_control = NULL; 348 msg.msg_controllen = 0; 349 msg.msg_flags = 0; 350 351 memset(&sa, 0, sizeof(sa)); 352 sa.sa.sa_family = local->srx.transport.family; 353 switch (sa.sa.sa_family) { 354 case AF_INET: 355 msg.msg_namelen = sizeof(sa.sin); 356 break; 357 default: 358 msg.msg_namelen = 0; 359 break; 360 } 361 362 memset(&whdr, 0, sizeof(whdr)); 363 whdr.type = RXRPC_PACKET_TYPE_ABORT; 364 365 while ((skb = skb_dequeue(&local->reject_queue))) { 366 sp = rxrpc_skb(skb); 367 switch (sa.sa.sa_family) { 368 case AF_INET: 369 sa.sin.sin_port = udp_hdr(skb)->source; 370 sa.sin.sin_addr.s_addr = ip_hdr(skb)->saddr; 371 code = htonl(skb->priority); 372 373 whdr.epoch = htonl(sp->hdr.epoch); 374 whdr.cid = htonl(sp->hdr.cid); 375 whdr.callNumber = htonl(sp->hdr.callNumber); 376 whdr.serviceId = htons(sp->hdr.serviceId); 377 whdr.flags = sp->hdr.flags; 378 whdr.flags ^= RXRPC_CLIENT_INITIATED; 379 whdr.flags &= RXRPC_CLIENT_INITIATED; 380 381 kernel_sendmsg(local->socket, &msg, iov, 2, size); 382 break; 383 384 default: 385 break; 386 } 387 388 rxrpc_free_skb(skb); 389 } 390 391 _leave(""); 392 } 393