1 /* connection-level event handling 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13 14 #include <linux/module.h> 15 #include <linux/net.h> 16 #include <linux/skbuff.h> 17 #include <linux/errqueue.h> 18 #include <net/sock.h> 19 #include <net/af_rxrpc.h> 20 #include <net/ip.h> 21 #include "ar-internal.h" 22 23 /* 24 * Retransmit terminal ACK or ABORT of the previous call. 25 */ 26 static void rxrpc_conn_retransmit_call(struct rxrpc_connection *conn, 27 struct sk_buff *skb) 28 { 29 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 30 struct rxrpc_channel *chan; 31 struct msghdr msg; 32 struct kvec iov; 33 struct { 34 struct rxrpc_wire_header whdr; 35 union { 36 struct { 37 __be32 code; 38 } abort; 39 struct { 40 struct rxrpc_ackpacket ack; 41 u8 padding[3]; 42 struct rxrpc_ackinfo info; 43 }; 44 }; 45 } __attribute__((packed)) pkt; 46 size_t len; 47 u32 serial, mtu, call_id; 48 49 _enter("%d", conn->debug_id); 50 51 chan = &conn->channels[sp->hdr.cid & RXRPC_CHANNELMASK]; 52 53 /* If the last call got moved on whilst we were waiting to run, just 54 * ignore this packet. 55 */ 56 call_id = READ_ONCE(chan->last_call); 57 /* Sync with __rxrpc_disconnect_call() */ 58 smp_rmb(); 59 if (call_id != sp->hdr.callNumber) 60 return; 61 62 msg.msg_name = &conn->params.peer->srx.transport; 63 msg.msg_namelen = conn->params.peer->srx.transport_len; 64 msg.msg_control = NULL; 65 msg.msg_controllen = 0; 66 msg.msg_flags = 0; 67 68 pkt.whdr.epoch = htonl(sp->hdr.epoch); 69 pkt.whdr.cid = htonl(sp->hdr.cid); 70 pkt.whdr.callNumber = htonl(sp->hdr.callNumber); 71 pkt.whdr.seq = 0; 72 pkt.whdr.type = chan->last_type; 73 pkt.whdr.flags = conn->out_clientflag; 74 pkt.whdr.userStatus = 0; 75 pkt.whdr.securityIndex = conn->security_ix; 76 pkt.whdr._rsvd = 0; 77 pkt.whdr.serviceId = htons(chan->last_service_id); 78 79 len = sizeof(pkt.whdr); 80 switch (chan->last_type) { 81 case RXRPC_PACKET_TYPE_ABORT: 82 pkt.abort.code = htonl(chan->last_abort); 83 len += sizeof(pkt.abort); 84 break; 85 86 case RXRPC_PACKET_TYPE_ACK: 87 mtu = conn->params.peer->if_mtu; 88 mtu -= conn->params.peer->hdrsize; 89 pkt.ack.bufferSpace = 0; 90 pkt.ack.maxSkew = htons(skb->priority); 91 pkt.ack.firstPacket = htonl(chan->last_seq); 92 pkt.ack.previousPacket = htonl(chan->last_seq - 1); 93 pkt.ack.serial = htonl(sp->hdr.serial); 94 pkt.ack.reason = RXRPC_ACK_DUPLICATE; 95 pkt.ack.nAcks = 0; 96 pkt.info.rxMTU = htonl(rxrpc_rx_mtu); 97 pkt.info.maxMTU = htonl(mtu); 98 pkt.info.rwind = htonl(rxrpc_rx_window_size); 99 pkt.info.jumbo_max = htonl(rxrpc_rx_jumbo_max); 100 pkt.whdr.flags |= RXRPC_SLOW_START_OK; 101 len += sizeof(pkt.ack) + sizeof(pkt.info); 102 break; 103 } 104 105 /* Resync with __rxrpc_disconnect_call() and check that the last call 106 * didn't get advanced whilst we were filling out the packets. 107 */ 108 smp_rmb(); 109 if (READ_ONCE(chan->last_call) != call_id) 110 return; 111 112 iov.iov_base = &pkt; 113 iov.iov_len = len; 114 115 serial = atomic_inc_return(&conn->serial); 116 pkt.whdr.serial = htonl(serial); 117 118 switch (chan->last_type) { 119 case RXRPC_PACKET_TYPE_ABORT: 120 _proto("Tx ABORT %%%u { %d } [re]", serial, conn->local_abort); 121 break; 122 case RXRPC_PACKET_TYPE_ACK: 123 trace_rxrpc_tx_ack(NULL, serial, chan->last_seq, 0, 124 RXRPC_ACK_DUPLICATE, 0); 125 _proto("Tx ACK %%%u [re]", serial); 126 break; 127 } 128 129 kernel_sendmsg(conn->params.local->socket, &msg, &iov, 1, len); 130 _leave(""); 131 return; 132 } 133 134 /* 135 * pass a connection-level abort onto all calls on that connection 136 */ 137 static void rxrpc_abort_calls(struct rxrpc_connection *conn, 138 enum rxrpc_call_completion compl, 139 u32 abort_code, int error) 140 { 141 struct rxrpc_call *call; 142 int i; 143 144 _enter("{%d},%x", conn->debug_id, abort_code); 145 146 spin_lock(&conn->channel_lock); 147 148 for (i = 0; i < RXRPC_MAXCALLS; i++) { 149 call = rcu_dereference_protected( 150 conn->channels[i].call, 151 lockdep_is_held(&conn->channel_lock)); 152 if (call) { 153 if (compl == RXRPC_CALL_LOCALLY_ABORTED) 154 trace_rxrpc_abort("CON", call->cid, 155 call->call_id, 0, 156 abort_code, error); 157 if (rxrpc_set_call_completion(call, compl, 158 abort_code, error)) 159 rxrpc_notify_socket(call); 160 } 161 } 162 163 spin_unlock(&conn->channel_lock); 164 _leave(""); 165 } 166 167 /* 168 * generate a connection-level abort 169 */ 170 static int rxrpc_abort_connection(struct rxrpc_connection *conn, 171 int error, u32 abort_code) 172 { 173 struct rxrpc_wire_header whdr; 174 struct msghdr msg; 175 struct kvec iov[2]; 176 __be32 word; 177 size_t len; 178 u32 serial; 179 int ret; 180 181 _enter("%d,,%u,%u", conn->debug_id, error, abort_code); 182 183 /* generate a connection-level abort */ 184 spin_lock_bh(&conn->state_lock); 185 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) { 186 spin_unlock_bh(&conn->state_lock); 187 _leave(" = 0 [already dead]"); 188 return 0; 189 } 190 191 conn->state = RXRPC_CONN_LOCALLY_ABORTED; 192 spin_unlock_bh(&conn->state_lock); 193 194 rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, abort_code, error); 195 196 msg.msg_name = &conn->params.peer->srx.transport; 197 msg.msg_namelen = conn->params.peer->srx.transport_len; 198 msg.msg_control = NULL; 199 msg.msg_controllen = 0; 200 msg.msg_flags = 0; 201 202 whdr.epoch = htonl(conn->proto.epoch); 203 whdr.cid = htonl(conn->proto.cid); 204 whdr.callNumber = 0; 205 whdr.seq = 0; 206 whdr.type = RXRPC_PACKET_TYPE_ABORT; 207 whdr.flags = conn->out_clientflag; 208 whdr.userStatus = 0; 209 whdr.securityIndex = conn->security_ix; 210 whdr._rsvd = 0; 211 whdr.serviceId = htons(conn->params.service_id); 212 213 word = htonl(conn->local_abort); 214 215 iov[0].iov_base = &whdr; 216 iov[0].iov_len = sizeof(whdr); 217 iov[1].iov_base = &word; 218 iov[1].iov_len = sizeof(word); 219 220 len = iov[0].iov_len + iov[1].iov_len; 221 222 serial = atomic_inc_return(&conn->serial); 223 whdr.serial = htonl(serial); 224 _proto("Tx CONN ABORT %%%u { %d }", serial, conn->local_abort); 225 226 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len); 227 if (ret < 0) { 228 _debug("sendmsg failed: %d", ret); 229 return -EAGAIN; 230 } 231 232 _leave(" = 0"); 233 return 0; 234 } 235 236 /* 237 * mark a call as being on a now-secured channel 238 * - must be called with BH's disabled. 239 */ 240 static void rxrpc_call_is_secure(struct rxrpc_call *call) 241 { 242 _enter("%p", call); 243 if (call) { 244 write_lock_bh(&call->state_lock); 245 if (call->state == RXRPC_CALL_SERVER_SECURING) { 246 call->state = RXRPC_CALL_SERVER_ACCEPTING; 247 rxrpc_notify_socket(call); 248 } 249 write_unlock_bh(&call->state_lock); 250 } 251 } 252 253 /* 254 * connection-level Rx packet processor 255 */ 256 static int rxrpc_process_event(struct rxrpc_connection *conn, 257 struct sk_buff *skb, 258 u32 *_abort_code) 259 { 260 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 261 __be32 wtmp; 262 u32 abort_code; 263 int loop, ret; 264 265 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) { 266 _leave(" = -ECONNABORTED [%u]", conn->state); 267 return -ECONNABORTED; 268 } 269 270 _enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial); 271 272 switch (sp->hdr.type) { 273 case RXRPC_PACKET_TYPE_DATA: 274 case RXRPC_PACKET_TYPE_ACK: 275 rxrpc_conn_retransmit_call(conn, skb); 276 return 0; 277 278 case RXRPC_PACKET_TYPE_BUSY: 279 /* Just ignore BUSY packets for now. */ 280 return 0; 281 282 case RXRPC_PACKET_TYPE_ABORT: 283 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header), 284 &wtmp, sizeof(wtmp)) < 0) { 285 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial, 286 tracepoint_string("bad_abort")); 287 return -EPROTO; 288 } 289 abort_code = ntohl(wtmp); 290 _proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code); 291 292 conn->state = RXRPC_CONN_REMOTELY_ABORTED; 293 rxrpc_abort_calls(conn, RXRPC_CALL_REMOTELY_ABORTED, 294 abort_code, -ECONNABORTED); 295 return -ECONNABORTED; 296 297 case RXRPC_PACKET_TYPE_CHALLENGE: 298 return conn->security->respond_to_challenge(conn, skb, 299 _abort_code); 300 301 case RXRPC_PACKET_TYPE_RESPONSE: 302 ret = conn->security->verify_response(conn, skb, _abort_code); 303 if (ret < 0) 304 return ret; 305 306 ret = conn->security->init_connection_security(conn); 307 if (ret < 0) 308 return ret; 309 310 ret = conn->security->prime_packet_security(conn); 311 if (ret < 0) 312 return ret; 313 314 spin_lock(&conn->channel_lock); 315 spin_lock(&conn->state_lock); 316 317 if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) { 318 conn->state = RXRPC_CONN_SERVICE; 319 spin_unlock(&conn->state_lock); 320 for (loop = 0; loop < RXRPC_MAXCALLS; loop++) 321 rxrpc_call_is_secure( 322 rcu_dereference_protected( 323 conn->channels[loop].call, 324 lockdep_is_held(&conn->channel_lock))); 325 } else { 326 spin_unlock(&conn->state_lock); 327 } 328 329 spin_unlock(&conn->channel_lock); 330 return 0; 331 332 default: 333 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial, 334 tracepoint_string("bad_conn_pkt")); 335 return -EPROTO; 336 } 337 } 338 339 /* 340 * set up security and issue a challenge 341 */ 342 static void rxrpc_secure_connection(struct rxrpc_connection *conn) 343 { 344 u32 abort_code; 345 int ret; 346 347 _enter("{%d}", conn->debug_id); 348 349 ASSERT(conn->security_ix != 0); 350 351 if (!conn->params.key) { 352 _debug("set up security"); 353 ret = rxrpc_init_server_conn_security(conn); 354 switch (ret) { 355 case 0: 356 break; 357 case -ENOENT: 358 abort_code = RX_CALL_DEAD; 359 goto abort; 360 default: 361 abort_code = RXKADNOAUTH; 362 goto abort; 363 } 364 } 365 366 if (conn->security->issue_challenge(conn) < 0) { 367 abort_code = RX_CALL_DEAD; 368 ret = -ENOMEM; 369 goto abort; 370 } 371 372 _leave(""); 373 return; 374 375 abort: 376 _debug("abort %d, %d", ret, abort_code); 377 rxrpc_abort_connection(conn, ret, abort_code); 378 _leave(" [aborted]"); 379 } 380 381 /* 382 * connection-level event processor 383 */ 384 void rxrpc_process_connection(struct work_struct *work) 385 { 386 struct rxrpc_connection *conn = 387 container_of(work, struct rxrpc_connection, processor); 388 struct sk_buff *skb; 389 u32 abort_code = RX_PROTOCOL_ERROR; 390 int ret; 391 392 rxrpc_see_connection(conn); 393 394 if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events)) 395 rxrpc_secure_connection(conn); 396 397 /* go through the conn-level event packets, releasing the ref on this 398 * connection that each one has when we've finished with it */ 399 while ((skb = skb_dequeue(&conn->rx_queue))) { 400 rxrpc_see_skb(skb, rxrpc_skb_rx_seen); 401 ret = rxrpc_process_event(conn, skb, &abort_code); 402 switch (ret) { 403 case -EPROTO: 404 case -EKEYEXPIRED: 405 case -EKEYREJECTED: 406 goto protocol_error; 407 case -EAGAIN: 408 goto requeue_and_leave; 409 case -ECONNABORTED: 410 default: 411 rxrpc_free_skb(skb, rxrpc_skb_rx_freed); 412 break; 413 } 414 } 415 416 out: 417 rxrpc_put_connection(conn); 418 _leave(""); 419 return; 420 421 requeue_and_leave: 422 skb_queue_head(&conn->rx_queue, skb); 423 goto out; 424 425 protocol_error: 426 if (rxrpc_abort_connection(conn, ret, abort_code) < 0) 427 goto requeue_and_leave; 428 rxrpc_free_skb(skb, rxrpc_skb_rx_freed); 429 goto out; 430 } 431