1 /* connection-level event handling 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13 14 #include <linux/module.h> 15 #include <linux/net.h> 16 #include <linux/skbuff.h> 17 #include <linux/errqueue.h> 18 #include <net/sock.h> 19 #include <net/af_rxrpc.h> 20 #include <net/ip.h> 21 #include "ar-internal.h" 22 23 /* 24 * Retransmit terminal ACK or ABORT of the previous call. 25 */ 26 static void rxrpc_conn_retransmit_call(struct rxrpc_connection *conn, 27 struct sk_buff *skb, 28 unsigned int channel) 29 { 30 struct rxrpc_skb_priv *sp = skb ? rxrpc_skb(skb) : NULL; 31 struct rxrpc_channel *chan; 32 struct msghdr msg; 33 struct kvec iov; 34 struct { 35 struct rxrpc_wire_header whdr; 36 union { 37 struct { 38 __be32 code; 39 } abort; 40 struct { 41 struct rxrpc_ackpacket ack; 42 u8 padding[3]; 43 struct rxrpc_ackinfo info; 44 }; 45 }; 46 } __attribute__((packed)) pkt; 47 size_t len; 48 u32 serial, mtu, call_id; 49 50 _enter("%d", conn->debug_id); 51 52 chan = &conn->channels[channel]; 53 54 /* If the last call got moved on whilst we were waiting to run, just 55 * ignore this packet. 56 */ 57 call_id = READ_ONCE(chan->last_call); 58 /* Sync with __rxrpc_disconnect_call() */ 59 smp_rmb(); 60 if (skb && call_id != sp->hdr.callNumber) 61 return; 62 63 msg.msg_name = &conn->params.peer->srx.transport; 64 msg.msg_namelen = conn->params.peer->srx.transport_len; 65 msg.msg_control = NULL; 66 msg.msg_controllen = 0; 67 msg.msg_flags = 0; 68 69 pkt.whdr.epoch = htonl(conn->proto.epoch); 70 pkt.whdr.cid = htonl(conn->proto.cid); 71 pkt.whdr.callNumber = htonl(call_id); 72 pkt.whdr.seq = 0; 73 pkt.whdr.type = chan->last_type; 74 pkt.whdr.flags = conn->out_clientflag; 75 pkt.whdr.userStatus = 0; 76 pkt.whdr.securityIndex = conn->security_ix; 77 pkt.whdr._rsvd = 0; 78 pkt.whdr.serviceId = htons(conn->service_id); 79 80 len = sizeof(pkt.whdr); 81 switch (chan->last_type) { 82 case RXRPC_PACKET_TYPE_ABORT: 83 pkt.abort.code = htonl(chan->last_abort); 84 len += sizeof(pkt.abort); 85 break; 86 87 case RXRPC_PACKET_TYPE_ACK: 88 mtu = conn->params.peer->if_mtu; 89 mtu -= conn->params.peer->hdrsize; 90 pkt.ack.bufferSpace = 0; 91 pkt.ack.maxSkew = htons(skb ? skb->priority : 0); 92 pkt.ack.firstPacket = htonl(chan->last_seq + 1); 93 pkt.ack.previousPacket = htonl(chan->last_seq); 94 pkt.ack.serial = htonl(skb ? sp->hdr.serial : 0); 95 pkt.ack.reason = skb ? RXRPC_ACK_DUPLICATE : RXRPC_ACK_IDLE; 96 pkt.ack.nAcks = 0; 97 pkt.info.rxMTU = htonl(rxrpc_rx_mtu); 98 pkt.info.maxMTU = htonl(mtu); 99 pkt.info.rwind = htonl(rxrpc_rx_window_size); 100 pkt.info.jumbo_max = htonl(rxrpc_rx_jumbo_max); 101 pkt.whdr.flags |= RXRPC_SLOW_START_OK; 102 len += sizeof(pkt.ack) + sizeof(pkt.info); 103 break; 104 } 105 106 /* Resync with __rxrpc_disconnect_call() and check that the last call 107 * didn't get advanced whilst we were filling out the packets. 108 */ 109 smp_rmb(); 110 if (READ_ONCE(chan->last_call) != call_id) 111 return; 112 113 iov.iov_base = &pkt; 114 iov.iov_len = len; 115 116 serial = atomic_inc_return(&conn->serial); 117 pkt.whdr.serial = htonl(serial); 118 119 switch (chan->last_type) { 120 case RXRPC_PACKET_TYPE_ABORT: 121 _proto("Tx ABORT %%%u { %d } [re]", serial, conn->local_abort); 122 break; 123 case RXRPC_PACKET_TYPE_ACK: 124 trace_rxrpc_tx_ack(NULL, serial, chan->last_seq, 0, 125 RXRPC_ACK_DUPLICATE, 0); 126 _proto("Tx ACK %%%u [re]", serial); 127 break; 128 } 129 130 kernel_sendmsg(conn->params.local->socket, &msg, &iov, 1, len); 131 _leave(""); 132 return; 133 } 134 135 /* 136 * pass a connection-level abort onto all calls on that connection 137 */ 138 static void rxrpc_abort_calls(struct rxrpc_connection *conn, 139 enum rxrpc_call_completion compl, 140 u32 abort_code, int error) 141 { 142 struct rxrpc_call *call; 143 int i; 144 145 _enter("{%d},%x", conn->debug_id, abort_code); 146 147 spin_lock(&conn->channel_lock); 148 149 for (i = 0; i < RXRPC_MAXCALLS; i++) { 150 call = rcu_dereference_protected( 151 conn->channels[i].call, 152 lockdep_is_held(&conn->channel_lock)); 153 if (call) { 154 if (compl == RXRPC_CALL_LOCALLY_ABORTED) 155 trace_rxrpc_abort("CON", call->cid, 156 call->call_id, 0, 157 abort_code, error); 158 if (rxrpc_set_call_completion(call, compl, 159 abort_code, error)) 160 rxrpc_notify_socket(call); 161 } 162 } 163 164 spin_unlock(&conn->channel_lock); 165 _leave(""); 166 } 167 168 /* 169 * generate a connection-level abort 170 */ 171 static int rxrpc_abort_connection(struct rxrpc_connection *conn, 172 int error, u32 abort_code) 173 { 174 struct rxrpc_wire_header whdr; 175 struct msghdr msg; 176 struct kvec iov[2]; 177 __be32 word; 178 size_t len; 179 u32 serial; 180 int ret; 181 182 _enter("%d,,%u,%u", conn->debug_id, error, abort_code); 183 184 /* generate a connection-level abort */ 185 spin_lock_bh(&conn->state_lock); 186 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) { 187 spin_unlock_bh(&conn->state_lock); 188 _leave(" = 0 [already dead]"); 189 return 0; 190 } 191 192 conn->state = RXRPC_CONN_LOCALLY_ABORTED; 193 spin_unlock_bh(&conn->state_lock); 194 195 rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, abort_code, error); 196 197 msg.msg_name = &conn->params.peer->srx.transport; 198 msg.msg_namelen = conn->params.peer->srx.transport_len; 199 msg.msg_control = NULL; 200 msg.msg_controllen = 0; 201 msg.msg_flags = 0; 202 203 whdr.epoch = htonl(conn->proto.epoch); 204 whdr.cid = htonl(conn->proto.cid); 205 whdr.callNumber = 0; 206 whdr.seq = 0; 207 whdr.type = RXRPC_PACKET_TYPE_ABORT; 208 whdr.flags = conn->out_clientflag; 209 whdr.userStatus = 0; 210 whdr.securityIndex = conn->security_ix; 211 whdr._rsvd = 0; 212 whdr.serviceId = htons(conn->service_id); 213 214 word = htonl(conn->local_abort); 215 216 iov[0].iov_base = &whdr; 217 iov[0].iov_len = sizeof(whdr); 218 iov[1].iov_base = &word; 219 iov[1].iov_len = sizeof(word); 220 221 len = iov[0].iov_len + iov[1].iov_len; 222 223 serial = atomic_inc_return(&conn->serial); 224 whdr.serial = htonl(serial); 225 _proto("Tx CONN ABORT %%%u { %d }", serial, conn->local_abort); 226 227 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len); 228 if (ret < 0) { 229 _debug("sendmsg failed: %d", ret); 230 return -EAGAIN; 231 } 232 233 _leave(" = 0"); 234 return 0; 235 } 236 237 /* 238 * mark a call as being on a now-secured channel 239 * - must be called with BH's disabled. 240 */ 241 static void rxrpc_call_is_secure(struct rxrpc_call *call) 242 { 243 _enter("%p", call); 244 if (call) { 245 write_lock_bh(&call->state_lock); 246 if (call->state == RXRPC_CALL_SERVER_SECURING) { 247 call->state = RXRPC_CALL_SERVER_ACCEPTING; 248 rxrpc_notify_socket(call); 249 } 250 write_unlock_bh(&call->state_lock); 251 } 252 } 253 254 /* 255 * connection-level Rx packet processor 256 */ 257 static int rxrpc_process_event(struct rxrpc_connection *conn, 258 struct sk_buff *skb, 259 u32 *_abort_code) 260 { 261 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 262 __be32 wtmp; 263 u32 abort_code; 264 int loop, ret; 265 266 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) { 267 _leave(" = -ECONNABORTED [%u]", conn->state); 268 return -ECONNABORTED; 269 } 270 271 _enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial); 272 273 switch (sp->hdr.type) { 274 case RXRPC_PACKET_TYPE_DATA: 275 case RXRPC_PACKET_TYPE_ACK: 276 rxrpc_conn_retransmit_call(conn, skb, 277 sp->hdr.cid & RXRPC_CHANNELMASK); 278 return 0; 279 280 case RXRPC_PACKET_TYPE_BUSY: 281 /* Just ignore BUSY packets for now. */ 282 return 0; 283 284 case RXRPC_PACKET_TYPE_ABORT: 285 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header), 286 &wtmp, sizeof(wtmp)) < 0) { 287 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial, 288 tracepoint_string("bad_abort")); 289 return -EPROTO; 290 } 291 abort_code = ntohl(wtmp); 292 _proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code); 293 294 conn->state = RXRPC_CONN_REMOTELY_ABORTED; 295 rxrpc_abort_calls(conn, RXRPC_CALL_REMOTELY_ABORTED, 296 abort_code, -ECONNABORTED); 297 return -ECONNABORTED; 298 299 case RXRPC_PACKET_TYPE_CHALLENGE: 300 return conn->security->respond_to_challenge(conn, skb, 301 _abort_code); 302 303 case RXRPC_PACKET_TYPE_RESPONSE: 304 ret = conn->security->verify_response(conn, skb, _abort_code); 305 if (ret < 0) 306 return ret; 307 308 ret = conn->security->init_connection_security(conn); 309 if (ret < 0) 310 return ret; 311 312 ret = conn->security->prime_packet_security(conn); 313 if (ret < 0) 314 return ret; 315 316 spin_lock(&conn->channel_lock); 317 spin_lock(&conn->state_lock); 318 319 if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) { 320 conn->state = RXRPC_CONN_SERVICE; 321 spin_unlock(&conn->state_lock); 322 for (loop = 0; loop < RXRPC_MAXCALLS; loop++) 323 rxrpc_call_is_secure( 324 rcu_dereference_protected( 325 conn->channels[loop].call, 326 lockdep_is_held(&conn->channel_lock))); 327 } else { 328 spin_unlock(&conn->state_lock); 329 } 330 331 spin_unlock(&conn->channel_lock); 332 return 0; 333 334 default: 335 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial, 336 tracepoint_string("bad_conn_pkt")); 337 return -EPROTO; 338 } 339 } 340 341 /* 342 * set up security and issue a challenge 343 */ 344 static void rxrpc_secure_connection(struct rxrpc_connection *conn) 345 { 346 u32 abort_code; 347 int ret; 348 349 _enter("{%d}", conn->debug_id); 350 351 ASSERT(conn->security_ix != 0); 352 353 if (!conn->params.key) { 354 _debug("set up security"); 355 ret = rxrpc_init_server_conn_security(conn); 356 switch (ret) { 357 case 0: 358 break; 359 case -ENOENT: 360 abort_code = RX_CALL_DEAD; 361 goto abort; 362 default: 363 abort_code = RXKADNOAUTH; 364 goto abort; 365 } 366 } 367 368 if (conn->security->issue_challenge(conn) < 0) { 369 abort_code = RX_CALL_DEAD; 370 ret = -ENOMEM; 371 goto abort; 372 } 373 374 _leave(""); 375 return; 376 377 abort: 378 _debug("abort %d, %d", ret, abort_code); 379 rxrpc_abort_connection(conn, ret, abort_code); 380 _leave(" [aborted]"); 381 } 382 383 /* 384 * Process delayed final ACKs that we haven't subsumed into a subsequent call. 385 */ 386 static void rxrpc_process_delayed_final_acks(struct rxrpc_connection *conn) 387 { 388 unsigned long j = jiffies, next_j; 389 unsigned int channel; 390 bool set; 391 392 again: 393 next_j = j + LONG_MAX; 394 set = false; 395 for (channel = 0; channel < RXRPC_MAXCALLS; channel++) { 396 struct rxrpc_channel *chan = &conn->channels[channel]; 397 unsigned long ack_at; 398 399 if (!test_bit(RXRPC_CONN_FINAL_ACK_0 + channel, &conn->flags)) 400 continue; 401 402 smp_rmb(); /* vs rxrpc_disconnect_client_call */ 403 ack_at = READ_ONCE(chan->final_ack_at); 404 405 if (time_before(j, ack_at)) { 406 if (time_before(ack_at, next_j)) { 407 next_j = ack_at; 408 set = true; 409 } 410 continue; 411 } 412 413 if (test_and_clear_bit(RXRPC_CONN_FINAL_ACK_0 + channel, 414 &conn->flags)) 415 rxrpc_conn_retransmit_call(conn, NULL, channel); 416 } 417 418 j = jiffies; 419 if (time_before_eq(next_j, j)) 420 goto again; 421 if (set) 422 rxrpc_reduce_conn_timer(conn, next_j); 423 } 424 425 /* 426 * connection-level event processor 427 */ 428 void rxrpc_process_connection(struct work_struct *work) 429 { 430 struct rxrpc_connection *conn = 431 container_of(work, struct rxrpc_connection, processor); 432 struct sk_buff *skb; 433 u32 abort_code = RX_PROTOCOL_ERROR; 434 int ret; 435 436 rxrpc_see_connection(conn); 437 438 if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events)) 439 rxrpc_secure_connection(conn); 440 441 /* Process delayed ACKs whose time has come. */ 442 if (conn->flags & RXRPC_CONN_FINAL_ACK_MASK) 443 rxrpc_process_delayed_final_acks(conn); 444 445 /* go through the conn-level event packets, releasing the ref on this 446 * connection that each one has when we've finished with it */ 447 while ((skb = skb_dequeue(&conn->rx_queue))) { 448 rxrpc_see_skb(skb, rxrpc_skb_rx_seen); 449 ret = rxrpc_process_event(conn, skb, &abort_code); 450 switch (ret) { 451 case -EPROTO: 452 case -EKEYEXPIRED: 453 case -EKEYREJECTED: 454 goto protocol_error; 455 case -EAGAIN: 456 goto requeue_and_leave; 457 case -ECONNABORTED: 458 default: 459 rxrpc_free_skb(skb, rxrpc_skb_rx_freed); 460 break; 461 } 462 } 463 464 out: 465 rxrpc_put_connection(conn); 466 _leave(""); 467 return; 468 469 requeue_and_leave: 470 skb_queue_head(&conn->rx_queue, skb); 471 goto out; 472 473 protocol_error: 474 if (rxrpc_abort_connection(conn, ret, abort_code) < 0) 475 goto requeue_and_leave; 476 rxrpc_free_skb(skb, rxrpc_skb_rx_freed); 477 goto out; 478 } 479