xref: /openbmc/linux/net/rxrpc/conn_service.c (revision 2a12187d)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* Service connection management
3  *
4  * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
5  * Written by David Howells (dhowells@redhat.com)
6  */
7 
8 #include <linux/slab.h>
9 #include "ar-internal.h"
10 
11 static struct rxrpc_bundle rxrpc_service_dummy_bundle = {
12 	.ref		= REFCOUNT_INIT(1),
13 	.debug_id	= UINT_MAX,
14 	.channel_lock	= __SPIN_LOCK_UNLOCKED(&rxrpc_service_dummy_bundle.channel_lock),
15 };
16 
17 /*
18  * Find a service connection under RCU conditions.
19  *
20  * We could use a hash table, but that is subject to bucket stuffing by an
21  * attacker as the client gets to pick the epoch and cid values and would know
22  * the hash function.  So, instead, we use a hash table for the peer and from
23  * that an rbtree to find the service connection.  Under ordinary circumstances
24  * it might be slower than a large hash table, but it is at least limited in
25  * depth.
26  */
27 struct rxrpc_connection *rxrpc_find_service_conn_rcu(struct rxrpc_peer *peer,
28 						     struct sk_buff *skb)
29 {
30 	struct rxrpc_connection *conn = NULL;
31 	struct rxrpc_conn_proto k;
32 	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
33 	struct rb_node *p;
34 	unsigned int seq = 0;
35 
36 	k.epoch	= sp->hdr.epoch;
37 	k.cid	= sp->hdr.cid & RXRPC_CIDMASK;
38 
39 	do {
40 		/* Unfortunately, rbtree walking doesn't give reliable results
41 		 * under just the RCU read lock, so we have to check for
42 		 * changes.
43 		 */
44 		read_seqbegin_or_lock(&peer->service_conn_lock, &seq);
45 
46 		p = rcu_dereference_raw(peer->service_conns.rb_node);
47 		while (p) {
48 			conn = rb_entry(p, struct rxrpc_connection, service_node);
49 
50 			if (conn->proto.index_key < k.index_key)
51 				p = rcu_dereference_raw(p->rb_left);
52 			else if (conn->proto.index_key > k.index_key)
53 				p = rcu_dereference_raw(p->rb_right);
54 			else
55 				break;
56 			conn = NULL;
57 		}
58 	} while (need_seqretry(&peer->service_conn_lock, seq));
59 
60 	done_seqretry(&peer->service_conn_lock, seq);
61 	_leave(" = %d", conn ? conn->debug_id : -1);
62 	return conn;
63 }
64 
65 /*
66  * Insert a service connection into a peer's tree, thereby making it a target
67  * for incoming packets.
68  */
69 static void rxrpc_publish_service_conn(struct rxrpc_peer *peer,
70 				       struct rxrpc_connection *conn)
71 {
72 	struct rxrpc_connection *cursor = NULL;
73 	struct rxrpc_conn_proto k = conn->proto;
74 	struct rb_node **pp, *parent;
75 
76 	write_seqlock(&peer->service_conn_lock);
77 
78 	pp = &peer->service_conns.rb_node;
79 	parent = NULL;
80 	while (*pp) {
81 		parent = *pp;
82 		cursor = rb_entry(parent,
83 				  struct rxrpc_connection, service_node);
84 
85 		if (cursor->proto.index_key < k.index_key)
86 			pp = &(*pp)->rb_left;
87 		else if (cursor->proto.index_key > k.index_key)
88 			pp = &(*pp)->rb_right;
89 		else
90 			goto found_extant_conn;
91 	}
92 
93 	rb_link_node_rcu(&conn->service_node, parent, pp);
94 	rb_insert_color(&conn->service_node, &peer->service_conns);
95 conn_published:
96 	set_bit(RXRPC_CONN_IN_SERVICE_CONNS, &conn->flags);
97 	write_sequnlock(&peer->service_conn_lock);
98 	_leave(" = %d [new]", conn->debug_id);
99 	return;
100 
101 found_extant_conn:
102 	if (refcount_read(&cursor->ref) == 0)
103 		goto replace_old_connection;
104 	write_sequnlock(&peer->service_conn_lock);
105 	/* We should not be able to get here.  rxrpc_incoming_connection() is
106 	 * called in a non-reentrant context, so there can't be a race to
107 	 * insert a new connection.
108 	 */
109 	BUG();
110 
111 replace_old_connection:
112 	/* The old connection is from an outdated epoch. */
113 	_debug("replace conn");
114 	rb_replace_node_rcu(&cursor->service_node,
115 			    &conn->service_node,
116 			    &peer->service_conns);
117 	clear_bit(RXRPC_CONN_IN_SERVICE_CONNS, &cursor->flags);
118 	goto conn_published;
119 }
120 
121 /*
122  * Preallocate a service connection.  The connection is placed on the proc and
123  * reap lists so that we don't have to get the lock from BH context.
124  */
125 struct rxrpc_connection *rxrpc_prealloc_service_connection(struct rxrpc_net *rxnet,
126 							   gfp_t gfp)
127 {
128 	struct rxrpc_connection *conn = rxrpc_alloc_connection(rxnet, gfp);
129 
130 	if (conn) {
131 		/* We maintain an extra ref on the connection whilst it is on
132 		 * the rxrpc_connections list.
133 		 */
134 		conn->state = RXRPC_CONN_SERVICE_PREALLOC;
135 		refcount_set(&conn->ref, 2);
136 		conn->bundle = rxrpc_get_bundle(&rxrpc_service_dummy_bundle,
137 						rxrpc_bundle_get_service_conn);
138 
139 		atomic_inc(&rxnet->nr_conns);
140 		write_lock(&rxnet->conn_lock);
141 		list_add_tail(&conn->link, &rxnet->service_conns);
142 		list_add_tail(&conn->proc_link, &rxnet->conn_proc_list);
143 		write_unlock(&rxnet->conn_lock);
144 
145 		rxrpc_see_connection(conn, rxrpc_conn_new_service);
146 	}
147 
148 	return conn;
149 }
150 
151 /*
152  * Set up an incoming connection.  This is called in BH context with the RCU
153  * read lock held.
154  */
155 void rxrpc_new_incoming_connection(struct rxrpc_sock *rx,
156 				   struct rxrpc_connection *conn,
157 				   const struct rxrpc_security *sec,
158 				   struct sk_buff *skb)
159 {
160 	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
161 
162 	_enter("");
163 
164 	conn->proto.epoch	= sp->hdr.epoch;
165 	conn->proto.cid		= sp->hdr.cid & RXRPC_CIDMASK;
166 	conn->orig_service_id	= sp->hdr.serviceId;
167 	conn->service_id	= sp->hdr.serviceId;
168 	conn->security_ix	= sp->hdr.securityIndex;
169 	conn->out_clientflag	= 0;
170 	conn->security		= sec;
171 	if (conn->security_ix)
172 		conn->state	= RXRPC_CONN_SERVICE_UNSECURED;
173 	else
174 		conn->state	= RXRPC_CONN_SERVICE;
175 
176 	/* See if we should upgrade the service.  This can only happen on the
177 	 * first packet on a new connection.  Once done, it applies to all
178 	 * subsequent calls on that connection.
179 	 */
180 	if (sp->hdr.userStatus == RXRPC_USERSTATUS_SERVICE_UPGRADE &&
181 	    conn->service_id == rx->service_upgrade.from)
182 		conn->service_id = rx->service_upgrade.to;
183 
184 	atomic_set(&conn->active, 1);
185 
186 	/* Make the connection a target for incoming packets. */
187 	rxrpc_publish_service_conn(conn->peer, conn);
188 }
189 
190 /*
191  * Remove the service connection from the peer's tree, thereby removing it as a
192  * target for incoming packets.
193  */
194 void rxrpc_unpublish_service_conn(struct rxrpc_connection *conn)
195 {
196 	struct rxrpc_peer *peer = conn->peer;
197 
198 	write_seqlock(&peer->service_conn_lock);
199 	if (test_and_clear_bit(RXRPC_CONN_IN_SERVICE_CONNS, &conn->flags))
200 		rb_erase(&conn->service_node, &peer->service_conns);
201 	write_sequnlock(&peer->service_conn_lock);
202 }
203