xref: /openbmc/linux/net/rxrpc/conn_object.c (revision 4f139972b489f8bc2c821aa25ac65018d92af3f7)
1 /* RxRPC virtual connection handler, common bits.
2  *
3  * Copyright (C) 2007, 2016 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  */
11 
12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13 
14 #include <linux/module.h>
15 #include <linux/slab.h>
16 #include <linux/net.h>
17 #include <linux/skbuff.h>
18 #include "ar-internal.h"
19 
20 /*
21  * Time till a connection expires after last use (in seconds).
22  */
23 unsigned int rxrpc_connection_expiry = 10 * 60;
24 
25 static void rxrpc_connection_reaper(struct work_struct *work);
26 
27 LIST_HEAD(rxrpc_connections);
28 LIST_HEAD(rxrpc_connection_proc_list);
29 DEFINE_RWLOCK(rxrpc_connection_lock);
30 static DECLARE_DELAYED_WORK(rxrpc_connection_reap, rxrpc_connection_reaper);
31 
32 static void rxrpc_destroy_connection(struct rcu_head *);
33 
34 /*
35  * allocate a new connection
36  */
37 struct rxrpc_connection *rxrpc_alloc_connection(gfp_t gfp)
38 {
39 	struct rxrpc_connection *conn;
40 
41 	_enter("");
42 
43 	conn = kzalloc(sizeof(struct rxrpc_connection), gfp);
44 	if (conn) {
45 		INIT_LIST_HEAD(&conn->cache_link);
46 		spin_lock_init(&conn->channel_lock);
47 		INIT_LIST_HEAD(&conn->waiting_calls);
48 		INIT_WORK(&conn->processor, &rxrpc_process_connection);
49 		INIT_LIST_HEAD(&conn->proc_link);
50 		INIT_LIST_HEAD(&conn->link);
51 		skb_queue_head_init(&conn->rx_queue);
52 		conn->security = &rxrpc_no_security;
53 		spin_lock_init(&conn->state_lock);
54 		conn->debug_id = atomic_inc_return(&rxrpc_debug_id);
55 		conn->size_align = 4;
56 		conn->idle_timestamp = jiffies;
57 	}
58 
59 	_leave(" = %p{%d}", conn, conn ? conn->debug_id : 0);
60 	return conn;
61 }
62 
63 /*
64  * Look up a connection in the cache by protocol parameters.
65  *
66  * If successful, a pointer to the connection is returned, but no ref is taken.
67  * NULL is returned if there is no match.
68  *
69  * The caller must be holding the RCU read lock.
70  */
71 struct rxrpc_connection *rxrpc_find_connection_rcu(struct rxrpc_local *local,
72 						   struct sk_buff *skb)
73 {
74 	struct rxrpc_connection *conn;
75 	struct rxrpc_conn_proto k;
76 	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
77 	struct sockaddr_rxrpc srx;
78 	struct rxrpc_peer *peer;
79 
80 	_enter(",%x", sp->hdr.cid & RXRPC_CIDMASK);
81 
82 	if (rxrpc_extract_addr_from_skb(&srx, skb) < 0)
83 		goto not_found;
84 
85 	k.epoch	= sp->hdr.epoch;
86 	k.cid	= sp->hdr.cid & RXRPC_CIDMASK;
87 
88 	/* We may have to handle mixing IPv4 and IPv6 */
89 	if (srx.transport.family != local->srx.transport.family) {
90 		pr_warn_ratelimited("AF_RXRPC: Protocol mismatch %u not %u\n",
91 				    srx.transport.family,
92 				    local->srx.transport.family);
93 		goto not_found;
94 	}
95 
96 	k.epoch	= sp->hdr.epoch;
97 	k.cid	= sp->hdr.cid & RXRPC_CIDMASK;
98 
99 	if (sp->hdr.flags & RXRPC_CLIENT_INITIATED) {
100 		/* We need to look up service connections by the full protocol
101 		 * parameter set.  We look up the peer first as an intermediate
102 		 * step and then the connection from the peer's tree.
103 		 */
104 		peer = rxrpc_lookup_peer_rcu(local, &srx);
105 		if (!peer)
106 			goto not_found;
107 		conn = rxrpc_find_service_conn_rcu(peer, skb);
108 		if (!conn || atomic_read(&conn->usage) == 0)
109 			goto not_found;
110 		_leave(" = %p", conn);
111 		return conn;
112 	} else {
113 		/* Look up client connections by connection ID alone as their
114 		 * IDs are unique for this machine.
115 		 */
116 		conn = idr_find(&rxrpc_client_conn_ids,
117 				sp->hdr.cid >> RXRPC_CIDSHIFT);
118 		if (!conn || atomic_read(&conn->usage) == 0) {
119 			_debug("no conn");
120 			goto not_found;
121 		}
122 
123 		if (conn->proto.epoch != k.epoch ||
124 		    conn->params.local != local)
125 			goto not_found;
126 
127 		peer = conn->params.peer;
128 		switch (srx.transport.family) {
129 		case AF_INET:
130 			if (peer->srx.transport.sin.sin_port !=
131 			    srx.transport.sin.sin_port ||
132 			    peer->srx.transport.sin.sin_addr.s_addr !=
133 			    srx.transport.sin.sin_addr.s_addr)
134 				goto not_found;
135 			break;
136 #ifdef CONFIG_AF_RXRPC_IPV6
137 		case AF_INET6:
138 			if (peer->srx.transport.sin6.sin6_port !=
139 			    srx.transport.sin6.sin6_port ||
140 			    memcmp(&peer->srx.transport.sin6.sin6_addr,
141 				   &srx.transport.sin6.sin6_addr,
142 				   sizeof(struct in6_addr)) != 0)
143 				goto not_found;
144 			break;
145 #endif
146 		default:
147 			BUG();
148 		}
149 
150 		_leave(" = %p", conn);
151 		return conn;
152 	}
153 
154 not_found:
155 	_leave(" = NULL");
156 	return NULL;
157 }
158 
159 /*
160  * Disconnect a call and clear any channel it occupies when that call
161  * terminates.  The caller must hold the channel_lock and must release the
162  * call's ref on the connection.
163  */
164 void __rxrpc_disconnect_call(struct rxrpc_connection *conn,
165 			     struct rxrpc_call *call)
166 {
167 	struct rxrpc_channel *chan =
168 		&conn->channels[call->cid & RXRPC_CHANNELMASK];
169 
170 	_enter("%d,%x", conn->debug_id, call->cid);
171 
172 	if (rcu_access_pointer(chan->call) == call) {
173 		/* Save the result of the call so that we can repeat it if necessary
174 		 * through the channel, whilst disposing of the actual call record.
175 		 */
176 		trace_rxrpc_disconnect_call(call);
177 		chan->last_service_id = call->service_id;
178 		if (call->abort_code) {
179 			chan->last_abort = call->abort_code;
180 			chan->last_type = RXRPC_PACKET_TYPE_ABORT;
181 		} else {
182 			chan->last_seq = call->rx_hard_ack;
183 			chan->last_type = RXRPC_PACKET_TYPE_ACK;
184 		}
185 		/* Sync with rxrpc_conn_retransmit(). */
186 		smp_wmb();
187 		chan->last_call = chan->call_id;
188 		chan->call_id = chan->call_counter;
189 
190 		rcu_assign_pointer(chan->call, NULL);
191 	}
192 
193 	_leave("");
194 }
195 
196 /*
197  * Disconnect a call and clear any channel it occupies when that call
198  * terminates.
199  */
200 void rxrpc_disconnect_call(struct rxrpc_call *call)
201 {
202 	struct rxrpc_connection *conn = call->conn;
203 
204 	spin_lock_bh(&conn->params.peer->lock);
205 	hlist_del_init(&call->error_link);
206 	spin_unlock_bh(&conn->params.peer->lock);
207 
208 	if (rxrpc_is_client_call(call))
209 		return rxrpc_disconnect_client_call(call);
210 
211 	spin_lock(&conn->channel_lock);
212 	__rxrpc_disconnect_call(conn, call);
213 	spin_unlock(&conn->channel_lock);
214 
215 	call->conn = NULL;
216 	conn->idle_timestamp = jiffies;
217 	rxrpc_put_connection(conn);
218 }
219 
220 /*
221  * Kill off a connection.
222  */
223 void rxrpc_kill_connection(struct rxrpc_connection *conn)
224 {
225 	ASSERT(!rcu_access_pointer(conn->channels[0].call) &&
226 	       !rcu_access_pointer(conn->channels[1].call) &&
227 	       !rcu_access_pointer(conn->channels[2].call) &&
228 	       !rcu_access_pointer(conn->channels[3].call));
229 	ASSERT(list_empty(&conn->cache_link));
230 
231 	write_lock(&rxrpc_connection_lock);
232 	list_del_init(&conn->proc_link);
233 	write_unlock(&rxrpc_connection_lock);
234 
235 	/* Drain the Rx queue.  Note that even though we've unpublished, an
236 	 * incoming packet could still be being added to our Rx queue, so we
237 	 * will need to drain it again in the RCU cleanup handler.
238 	 */
239 	rxrpc_purge_queue(&conn->rx_queue);
240 
241 	/* Leave final destruction to RCU.  The connection processor work item
242 	 * must carry a ref on the connection to prevent us getting here whilst
243 	 * it is queued or running.
244 	 */
245 	call_rcu(&conn->rcu, rxrpc_destroy_connection);
246 }
247 
248 /*
249  * Queue a connection's work processor, getting a ref to pass to the work
250  * queue.
251  */
252 bool rxrpc_queue_conn(struct rxrpc_connection *conn)
253 {
254 	const void *here = __builtin_return_address(0);
255 	int n = __atomic_add_unless(&conn->usage, 1, 0);
256 	if (n == 0)
257 		return false;
258 	if (rxrpc_queue_work(&conn->processor))
259 		trace_rxrpc_conn(conn, rxrpc_conn_queued, n + 1, here);
260 	else
261 		rxrpc_put_connection(conn);
262 	return true;
263 }
264 
265 /*
266  * Note the re-emergence of a connection.
267  */
268 void rxrpc_see_connection(struct rxrpc_connection *conn)
269 {
270 	const void *here = __builtin_return_address(0);
271 	if (conn) {
272 		int n = atomic_read(&conn->usage);
273 
274 		trace_rxrpc_conn(conn, rxrpc_conn_seen, n, here);
275 	}
276 }
277 
278 /*
279  * Get a ref on a connection.
280  */
281 void rxrpc_get_connection(struct rxrpc_connection *conn)
282 {
283 	const void *here = __builtin_return_address(0);
284 	int n = atomic_inc_return(&conn->usage);
285 
286 	trace_rxrpc_conn(conn, rxrpc_conn_got, n, here);
287 }
288 
289 /*
290  * Try to get a ref on a connection.
291  */
292 struct rxrpc_connection *
293 rxrpc_get_connection_maybe(struct rxrpc_connection *conn)
294 {
295 	const void *here = __builtin_return_address(0);
296 
297 	if (conn) {
298 		int n = __atomic_add_unless(&conn->usage, 1, 0);
299 		if (n > 0)
300 			trace_rxrpc_conn(conn, rxrpc_conn_got, n + 1, here);
301 		else
302 			conn = NULL;
303 	}
304 	return conn;
305 }
306 
307 /*
308  * Release a service connection
309  */
310 void rxrpc_put_service_conn(struct rxrpc_connection *conn)
311 {
312 	const void *here = __builtin_return_address(0);
313 	int n;
314 
315 	n = atomic_dec_return(&conn->usage);
316 	trace_rxrpc_conn(conn, rxrpc_conn_put_service, n, here);
317 	ASSERTCMP(n, >=, 0);
318 	if (n == 0)
319 		rxrpc_queue_delayed_work(&rxrpc_connection_reap, 0);
320 }
321 
322 /*
323  * destroy a virtual connection
324  */
325 static void rxrpc_destroy_connection(struct rcu_head *rcu)
326 {
327 	struct rxrpc_connection *conn =
328 		container_of(rcu, struct rxrpc_connection, rcu);
329 
330 	_enter("{%d,u=%d}", conn->debug_id, atomic_read(&conn->usage));
331 
332 	ASSERTCMP(atomic_read(&conn->usage), ==, 0);
333 
334 	_net("DESTROY CONN %d", conn->debug_id);
335 
336 	rxrpc_purge_queue(&conn->rx_queue);
337 
338 	conn->security->clear(conn);
339 	key_put(conn->params.key);
340 	key_put(conn->server_key);
341 	rxrpc_put_peer(conn->params.peer);
342 	rxrpc_put_local(conn->params.local);
343 
344 	kfree(conn);
345 	_leave("");
346 }
347 
348 /*
349  * reap dead service connections
350  */
351 static void rxrpc_connection_reaper(struct work_struct *work)
352 {
353 	struct rxrpc_connection *conn, *_p;
354 	unsigned long reap_older_than, earliest, idle_timestamp, now;
355 
356 	LIST_HEAD(graveyard);
357 
358 	_enter("");
359 
360 	now = jiffies;
361 	reap_older_than = now - rxrpc_connection_expiry * HZ;
362 	earliest = ULONG_MAX;
363 
364 	write_lock(&rxrpc_connection_lock);
365 	list_for_each_entry_safe(conn, _p, &rxrpc_connections, link) {
366 		ASSERTCMP(atomic_read(&conn->usage), >, 0);
367 		if (likely(atomic_read(&conn->usage) > 1))
368 			continue;
369 		if (conn->state == RXRPC_CONN_SERVICE_PREALLOC)
370 			continue;
371 
372 		idle_timestamp = READ_ONCE(conn->idle_timestamp);
373 		_debug("reap CONN %d { u=%d,t=%ld }",
374 		       conn->debug_id, atomic_read(&conn->usage),
375 		       (long)reap_older_than - (long)idle_timestamp);
376 
377 		if (time_after(idle_timestamp, reap_older_than)) {
378 			if (time_before(idle_timestamp, earliest))
379 				earliest = idle_timestamp;
380 			continue;
381 		}
382 
383 		/* The usage count sits at 1 whilst the object is unused on the
384 		 * list; we reduce that to 0 to make the object unavailable.
385 		 */
386 		if (atomic_cmpxchg(&conn->usage, 1, 0) != 1)
387 			continue;
388 
389 		if (rxrpc_conn_is_client(conn))
390 			BUG();
391 		else
392 			rxrpc_unpublish_service_conn(conn);
393 
394 		list_move_tail(&conn->link, &graveyard);
395 	}
396 	write_unlock(&rxrpc_connection_lock);
397 
398 	if (earliest != ULONG_MAX) {
399 		_debug("reschedule reaper %ld", (long) earliest - now);
400 		ASSERT(time_after(earliest, now));
401 		rxrpc_queue_delayed_work(&rxrpc_connection_reap,
402 					 earliest - now);
403 	}
404 
405 	while (!list_empty(&graveyard)) {
406 		conn = list_entry(graveyard.next, struct rxrpc_connection,
407 				  link);
408 		list_del_init(&conn->link);
409 
410 		ASSERTCMP(atomic_read(&conn->usage), ==, 0);
411 		rxrpc_kill_connection(conn);
412 	}
413 
414 	_leave("");
415 }
416 
417 /*
418  * preemptively destroy all the service connection records rather than
419  * waiting for them to time out
420  */
421 void __exit rxrpc_destroy_all_connections(void)
422 {
423 	struct rxrpc_connection *conn, *_p;
424 	bool leak = false;
425 
426 	_enter("");
427 
428 	rxrpc_destroy_all_client_connections();
429 
430 	rxrpc_connection_expiry = 0;
431 	cancel_delayed_work(&rxrpc_connection_reap);
432 	rxrpc_queue_delayed_work(&rxrpc_connection_reap, 0);
433 	flush_workqueue(rxrpc_workqueue);
434 
435 	write_lock(&rxrpc_connection_lock);
436 	list_for_each_entry_safe(conn, _p, &rxrpc_connections, link) {
437 		pr_err("AF_RXRPC: Leaked conn %p {%d}\n",
438 		       conn, atomic_read(&conn->usage));
439 		leak = true;
440 	}
441 	write_unlock(&rxrpc_connection_lock);
442 	BUG_ON(leak);
443 
444 	ASSERT(list_empty(&rxrpc_connection_proc_list));
445 
446 	/* Make sure the local and peer records pinned by any dying connections
447 	 * are released.
448 	 */
449 	rcu_barrier();
450 	rxrpc_destroy_client_conn_ids();
451 
452 	_leave("");
453 }
454