1 /* RxRPC packet reception 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13 14 #include <linux/module.h> 15 #include <linux/net.h> 16 #include <linux/skbuff.h> 17 #include <linux/errqueue.h> 18 #include <linux/udp.h> 19 #include <linux/in.h> 20 #include <linux/in6.h> 21 #include <linux/icmp.h> 22 #include <linux/gfp.h> 23 #include <net/sock.h> 24 #include <net/af_rxrpc.h> 25 #include <net/ip.h> 26 #include <net/udp.h> 27 #include <net/net_namespace.h> 28 #include "ar-internal.h" 29 30 /* 31 * queue a packet for recvmsg to pass to userspace 32 * - the caller must hold a lock on call->lock 33 * - must not be called with interrupts disabled (sk_filter() disables BH's) 34 * - eats the packet whether successful or not 35 * - there must be just one reference to the packet, which the caller passes to 36 * this function 37 */ 38 int rxrpc_queue_rcv_skb(struct rxrpc_call *call, struct sk_buff *skb, 39 bool force, bool terminal) 40 { 41 struct rxrpc_skb_priv *sp; 42 struct rxrpc_sock *rx = call->socket; 43 struct sock *sk; 44 int ret; 45 46 _enter(",,%d,%d", force, terminal); 47 48 ASSERT(!irqs_disabled()); 49 50 sp = rxrpc_skb(skb); 51 ASSERTCMP(sp->call, ==, call); 52 53 /* if we've already posted the terminal message for a call, then we 54 * don't post any more */ 55 if (test_bit(RXRPC_CALL_TERMINAL_MSG, &call->flags)) { 56 _debug("already terminated"); 57 ASSERTCMP(call->state, >=, RXRPC_CALL_COMPLETE); 58 skb->destructor = NULL; 59 sp->call = NULL; 60 rxrpc_put_call(call); 61 rxrpc_free_skb(skb); 62 return 0; 63 } 64 65 sk = &rx->sk; 66 67 if (!force) { 68 /* cast skb->rcvbuf to unsigned... It's pointless, but 69 * reduces number of warnings when compiling with -W 70 * --ANK */ 71 // ret = -ENOBUFS; 72 // if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >= 73 // (unsigned int) sk->sk_rcvbuf) 74 // goto out; 75 76 ret = sk_filter(sk, skb); 77 if (ret < 0) 78 goto out; 79 } 80 81 spin_lock_bh(&sk->sk_receive_queue.lock); 82 if (!test_bit(RXRPC_CALL_TERMINAL_MSG, &call->flags) && 83 !test_bit(RXRPC_CALL_RELEASED, &call->flags) && 84 call->socket->sk.sk_state != RXRPC_CLOSE) { 85 skb->destructor = rxrpc_packet_destructor; 86 skb->dev = NULL; 87 skb->sk = sk; 88 atomic_add(skb->truesize, &sk->sk_rmem_alloc); 89 90 if (terminal) { 91 _debug("<<<< TERMINAL MESSAGE >>>>"); 92 set_bit(RXRPC_CALL_TERMINAL_MSG, &call->flags); 93 } 94 95 /* allow interception by a kernel service */ 96 if (rx->interceptor) { 97 rx->interceptor(sk, call->user_call_ID, skb); 98 spin_unlock_bh(&sk->sk_receive_queue.lock); 99 } else { 100 _net("post skb %p", skb); 101 __skb_queue_tail(&sk->sk_receive_queue, skb); 102 spin_unlock_bh(&sk->sk_receive_queue.lock); 103 104 if (!sock_flag(sk, SOCK_DEAD)) 105 sk->sk_data_ready(sk); 106 } 107 skb = NULL; 108 } else { 109 spin_unlock_bh(&sk->sk_receive_queue.lock); 110 } 111 ret = 0; 112 113 out: 114 /* release the socket buffer */ 115 if (skb) { 116 skb->destructor = NULL; 117 sp->call = NULL; 118 rxrpc_put_call(call); 119 rxrpc_free_skb(skb); 120 } 121 122 _leave(" = %d", ret); 123 return ret; 124 } 125 126 /* 127 * process a DATA packet, posting the packet to the appropriate queue 128 * - eats the packet if successful 129 */ 130 static int rxrpc_fast_process_data(struct rxrpc_call *call, 131 struct sk_buff *skb, u32 seq) 132 { 133 struct rxrpc_skb_priv *sp; 134 bool terminal; 135 int ret, ackbit, ack; 136 137 _enter("{%u,%u},,{%u}", call->rx_data_post, call->rx_first_oos, seq); 138 139 sp = rxrpc_skb(skb); 140 ASSERTCMP(sp->call, ==, NULL); 141 142 spin_lock(&call->lock); 143 144 if (call->state > RXRPC_CALL_COMPLETE) 145 goto discard; 146 147 ASSERTCMP(call->rx_data_expect, >=, call->rx_data_post); 148 ASSERTCMP(call->rx_data_post, >=, call->rx_data_recv); 149 ASSERTCMP(call->rx_data_recv, >=, call->rx_data_eaten); 150 151 if (seq < call->rx_data_post) { 152 _debug("dup #%u [-%u]", seq, call->rx_data_post); 153 ack = RXRPC_ACK_DUPLICATE; 154 ret = -ENOBUFS; 155 goto discard_and_ack; 156 } 157 158 /* we may already have the packet in the out of sequence queue */ 159 ackbit = seq - (call->rx_data_eaten + 1); 160 ASSERTCMP(ackbit, >=, 0); 161 if (__test_and_set_bit(ackbit, call->ackr_window)) { 162 _debug("dup oos #%u [%u,%u]", 163 seq, call->rx_data_eaten, call->rx_data_post); 164 ack = RXRPC_ACK_DUPLICATE; 165 goto discard_and_ack; 166 } 167 168 if (seq >= call->ackr_win_top) { 169 _debug("exceed #%u [%u]", seq, call->ackr_win_top); 170 __clear_bit(ackbit, call->ackr_window); 171 ack = RXRPC_ACK_EXCEEDS_WINDOW; 172 goto discard_and_ack; 173 } 174 175 if (seq == call->rx_data_expect) { 176 clear_bit(RXRPC_CALL_EXPECT_OOS, &call->flags); 177 call->rx_data_expect++; 178 } else if (seq > call->rx_data_expect) { 179 _debug("oos #%u [%u]", seq, call->rx_data_expect); 180 call->rx_data_expect = seq + 1; 181 if (test_and_set_bit(RXRPC_CALL_EXPECT_OOS, &call->flags)) { 182 ack = RXRPC_ACK_OUT_OF_SEQUENCE; 183 goto enqueue_and_ack; 184 } 185 goto enqueue_packet; 186 } 187 188 if (seq != call->rx_data_post) { 189 _debug("ahead #%u [%u]", seq, call->rx_data_post); 190 goto enqueue_packet; 191 } 192 193 if (test_bit(RXRPC_CALL_RCVD_LAST, &call->flags)) 194 goto protocol_error; 195 196 /* if the packet need security things doing to it, then it goes down 197 * the slow path */ 198 if (call->conn->security_ix) 199 goto enqueue_packet; 200 201 sp->call = call; 202 rxrpc_get_call(call); 203 terminal = ((sp->hdr.flags & RXRPC_LAST_PACKET) && 204 !(sp->hdr.flags & RXRPC_CLIENT_INITIATED)); 205 ret = rxrpc_queue_rcv_skb(call, skb, false, terminal); 206 if (ret < 0) { 207 if (ret == -ENOMEM || ret == -ENOBUFS) { 208 __clear_bit(ackbit, call->ackr_window); 209 ack = RXRPC_ACK_NOSPACE; 210 goto discard_and_ack; 211 } 212 goto out; 213 } 214 215 skb = NULL; 216 217 _debug("post #%u", seq); 218 ASSERTCMP(call->rx_data_post, ==, seq); 219 call->rx_data_post++; 220 221 if (sp->hdr.flags & RXRPC_LAST_PACKET) 222 set_bit(RXRPC_CALL_RCVD_LAST, &call->flags); 223 224 /* if we've reached an out of sequence packet then we need to drain 225 * that queue into the socket Rx queue now */ 226 if (call->rx_data_post == call->rx_first_oos) { 227 _debug("drain rx oos now"); 228 read_lock(&call->state_lock); 229 if (call->state < RXRPC_CALL_COMPLETE && 230 !test_and_set_bit(RXRPC_CALL_EV_DRAIN_RX_OOS, &call->events)) 231 rxrpc_queue_call(call); 232 read_unlock(&call->state_lock); 233 } 234 235 spin_unlock(&call->lock); 236 atomic_inc(&call->ackr_not_idle); 237 rxrpc_propose_ACK(call, RXRPC_ACK_DELAY, sp->hdr.serial, false); 238 _leave(" = 0 [posted]"); 239 return 0; 240 241 protocol_error: 242 ret = -EBADMSG; 243 out: 244 spin_unlock(&call->lock); 245 _leave(" = %d", ret); 246 return ret; 247 248 discard_and_ack: 249 _debug("discard and ACK packet %p", skb); 250 __rxrpc_propose_ACK(call, ack, sp->hdr.serial, true); 251 discard: 252 spin_unlock(&call->lock); 253 rxrpc_free_skb(skb); 254 _leave(" = 0 [discarded]"); 255 return 0; 256 257 enqueue_and_ack: 258 __rxrpc_propose_ACK(call, ack, sp->hdr.serial, true); 259 enqueue_packet: 260 _net("defer skb %p", skb); 261 spin_unlock(&call->lock); 262 skb_queue_tail(&call->rx_queue, skb); 263 atomic_inc(&call->ackr_not_idle); 264 read_lock(&call->state_lock); 265 if (call->state < RXRPC_CALL_DEAD) 266 rxrpc_queue_call(call); 267 read_unlock(&call->state_lock); 268 _leave(" = 0 [queued]"); 269 return 0; 270 } 271 272 /* 273 * assume an implicit ACKALL of the transmission phase of a client socket upon 274 * reception of the first reply packet 275 */ 276 static void rxrpc_assume_implicit_ackall(struct rxrpc_call *call, u32 serial) 277 { 278 write_lock_bh(&call->state_lock); 279 280 switch (call->state) { 281 case RXRPC_CALL_CLIENT_AWAIT_REPLY: 282 call->state = RXRPC_CALL_CLIENT_RECV_REPLY; 283 call->acks_latest = serial; 284 285 _debug("implicit ACKALL %%%u", call->acks_latest); 286 set_bit(RXRPC_CALL_EV_RCVD_ACKALL, &call->events); 287 write_unlock_bh(&call->state_lock); 288 289 if (try_to_del_timer_sync(&call->resend_timer) >= 0) { 290 clear_bit(RXRPC_CALL_EV_RESEND_TIMER, &call->events); 291 clear_bit(RXRPC_CALL_EV_RESEND, &call->events); 292 clear_bit(RXRPC_CALL_RUN_RTIMER, &call->flags); 293 } 294 break; 295 296 default: 297 write_unlock_bh(&call->state_lock); 298 break; 299 } 300 } 301 302 /* 303 * post an incoming packet to the nominated call to deal with 304 * - must get rid of the sk_buff, either by freeing it or by queuing it 305 */ 306 void rxrpc_fast_process_packet(struct rxrpc_call *call, struct sk_buff *skb) 307 { 308 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 309 __be32 wtmp; 310 u32 hi_serial, abort_code; 311 312 _enter("%p,%p", call, skb); 313 314 ASSERT(!irqs_disabled()); 315 316 #if 0 // INJECT RX ERROR 317 if (sp->hdr.type == RXRPC_PACKET_TYPE_DATA) { 318 static int skip = 0; 319 if (++skip == 3) { 320 printk("DROPPED 3RD PACKET!!!!!!!!!!!!!\n"); 321 skip = 0; 322 goto free_packet; 323 } 324 } 325 #endif 326 327 /* track the latest serial number on this connection for ACK packet 328 * information */ 329 hi_serial = atomic_read(&call->conn->hi_serial); 330 while (sp->hdr.serial > hi_serial) 331 hi_serial = atomic_cmpxchg(&call->conn->hi_serial, hi_serial, 332 sp->hdr.serial); 333 334 /* request ACK generation for any ACK or DATA packet that requests 335 * it */ 336 if (sp->hdr.flags & RXRPC_REQUEST_ACK) { 337 _proto("ACK Requested on %%%u", sp->hdr.serial); 338 rxrpc_propose_ACK(call, RXRPC_ACK_REQUESTED, sp->hdr.serial, false); 339 } 340 341 switch (sp->hdr.type) { 342 case RXRPC_PACKET_TYPE_ABORT: 343 _debug("abort"); 344 345 if (skb_copy_bits(skb, 0, &wtmp, sizeof(wtmp)) < 0) 346 goto protocol_error; 347 348 abort_code = ntohl(wtmp); 349 _proto("Rx ABORT %%%u { %x }", sp->hdr.serial, abort_code); 350 351 write_lock_bh(&call->state_lock); 352 if (call->state < RXRPC_CALL_COMPLETE) { 353 call->state = RXRPC_CALL_REMOTELY_ABORTED; 354 call->remote_abort = abort_code; 355 set_bit(RXRPC_CALL_EV_RCVD_ABORT, &call->events); 356 rxrpc_queue_call(call); 357 } 358 goto free_packet_unlock; 359 360 case RXRPC_PACKET_TYPE_BUSY: 361 _proto("Rx BUSY %%%u", sp->hdr.serial); 362 363 if (call->conn->out_clientflag) 364 goto protocol_error; 365 366 write_lock_bh(&call->state_lock); 367 switch (call->state) { 368 case RXRPC_CALL_CLIENT_SEND_REQUEST: 369 call->state = RXRPC_CALL_SERVER_BUSY; 370 set_bit(RXRPC_CALL_EV_RCVD_BUSY, &call->events); 371 rxrpc_queue_call(call); 372 case RXRPC_CALL_SERVER_BUSY: 373 goto free_packet_unlock; 374 default: 375 goto protocol_error_locked; 376 } 377 378 default: 379 _proto("Rx %s %%%u", rxrpc_pkts[sp->hdr.type], sp->hdr.serial); 380 goto protocol_error; 381 382 case RXRPC_PACKET_TYPE_DATA: 383 _proto("Rx DATA %%%u { #%u }", sp->hdr.serial, sp->hdr.seq); 384 385 if (sp->hdr.seq == 0) 386 goto protocol_error; 387 388 call->ackr_prev_seq = sp->hdr.seq; 389 390 /* received data implicitly ACKs all of the request packets we 391 * sent when we're acting as a client */ 392 if (call->state == RXRPC_CALL_CLIENT_AWAIT_REPLY) 393 rxrpc_assume_implicit_ackall(call, sp->hdr.serial); 394 395 switch (rxrpc_fast_process_data(call, skb, sp->hdr.seq)) { 396 case 0: 397 skb = NULL; 398 goto done; 399 400 default: 401 BUG(); 402 403 /* data packet received beyond the last packet */ 404 case -EBADMSG: 405 goto protocol_error; 406 } 407 408 case RXRPC_PACKET_TYPE_ACKALL: 409 case RXRPC_PACKET_TYPE_ACK: 410 /* ACK processing is done in process context */ 411 read_lock_bh(&call->state_lock); 412 if (call->state < RXRPC_CALL_DEAD) { 413 skb_queue_tail(&call->rx_queue, skb); 414 rxrpc_queue_call(call); 415 skb = NULL; 416 } 417 read_unlock_bh(&call->state_lock); 418 goto free_packet; 419 } 420 421 protocol_error: 422 _debug("protocol error"); 423 write_lock_bh(&call->state_lock); 424 protocol_error_locked: 425 if (call->state <= RXRPC_CALL_COMPLETE) { 426 call->state = RXRPC_CALL_LOCALLY_ABORTED; 427 call->local_abort = RX_PROTOCOL_ERROR; 428 set_bit(RXRPC_CALL_EV_ABORT, &call->events); 429 rxrpc_queue_call(call); 430 } 431 free_packet_unlock: 432 write_unlock_bh(&call->state_lock); 433 free_packet: 434 rxrpc_free_skb(skb); 435 done: 436 _leave(""); 437 } 438 439 /* 440 * split up a jumbo data packet 441 */ 442 static void rxrpc_process_jumbo_packet(struct rxrpc_call *call, 443 struct sk_buff *jumbo) 444 { 445 struct rxrpc_jumbo_header jhdr; 446 struct rxrpc_skb_priv *sp; 447 struct sk_buff *part; 448 449 _enter(",{%u,%u}", jumbo->data_len, jumbo->len); 450 451 sp = rxrpc_skb(jumbo); 452 453 do { 454 sp->hdr.flags &= ~RXRPC_JUMBO_PACKET; 455 456 /* make a clone to represent the first subpacket in what's left 457 * of the jumbo packet */ 458 part = skb_clone(jumbo, GFP_ATOMIC); 459 if (!part) { 460 /* simply ditch the tail in the event of ENOMEM */ 461 pskb_trim(jumbo, RXRPC_JUMBO_DATALEN); 462 break; 463 } 464 rxrpc_new_skb(part); 465 466 pskb_trim(part, RXRPC_JUMBO_DATALEN); 467 468 if (!pskb_pull(jumbo, RXRPC_JUMBO_DATALEN)) 469 goto protocol_error; 470 471 if (skb_copy_bits(jumbo, 0, &jhdr, sizeof(jhdr)) < 0) 472 goto protocol_error; 473 if (!pskb_pull(jumbo, sizeof(jhdr))) 474 BUG(); 475 476 sp->hdr.seq += 1; 477 sp->hdr.serial += 1; 478 sp->hdr.flags = jhdr.flags; 479 sp->hdr._rsvd = jhdr._rsvd; 480 481 _proto("Rx DATA Jumbo %%%u", sp->hdr.serial - 1); 482 483 rxrpc_fast_process_packet(call, part); 484 part = NULL; 485 486 } while (sp->hdr.flags & RXRPC_JUMBO_PACKET); 487 488 rxrpc_fast_process_packet(call, jumbo); 489 _leave(""); 490 return; 491 492 protocol_error: 493 _debug("protocol error"); 494 rxrpc_free_skb(part); 495 rxrpc_free_skb(jumbo); 496 write_lock_bh(&call->state_lock); 497 if (call->state <= RXRPC_CALL_COMPLETE) { 498 call->state = RXRPC_CALL_LOCALLY_ABORTED; 499 call->local_abort = RX_PROTOCOL_ERROR; 500 set_bit(RXRPC_CALL_EV_ABORT, &call->events); 501 rxrpc_queue_call(call); 502 } 503 write_unlock_bh(&call->state_lock); 504 _leave(""); 505 } 506 507 /* 508 * post an incoming packet to the appropriate call/socket to deal with 509 * - must get rid of the sk_buff, either by freeing it or by queuing it 510 */ 511 static void rxrpc_post_packet_to_call(struct rxrpc_call *call, 512 struct sk_buff *skb) 513 { 514 struct rxrpc_skb_priv *sp; 515 516 _enter("%p,%p", call, skb); 517 518 sp = rxrpc_skb(skb); 519 520 _debug("extant call [%d]", call->state); 521 522 read_lock(&call->state_lock); 523 switch (call->state) { 524 case RXRPC_CALL_LOCALLY_ABORTED: 525 if (!test_and_set_bit(RXRPC_CALL_EV_ABORT, &call->events)) { 526 rxrpc_queue_call(call); 527 goto free_unlock; 528 } 529 case RXRPC_CALL_REMOTELY_ABORTED: 530 case RXRPC_CALL_NETWORK_ERROR: 531 case RXRPC_CALL_DEAD: 532 goto dead_call; 533 case RXRPC_CALL_COMPLETE: 534 case RXRPC_CALL_CLIENT_FINAL_ACK: 535 /* complete server call */ 536 if (call->conn->in_clientflag) 537 goto dead_call; 538 /* resend last packet of a completed call */ 539 _debug("final ack again"); 540 rxrpc_get_call(call); 541 set_bit(RXRPC_CALL_EV_ACK_FINAL, &call->events); 542 rxrpc_queue_call(call); 543 goto free_unlock; 544 default: 545 break; 546 } 547 548 read_unlock(&call->state_lock); 549 rxrpc_get_call(call); 550 551 if (sp->hdr.type == RXRPC_PACKET_TYPE_DATA && 552 sp->hdr.flags & RXRPC_JUMBO_PACKET) 553 rxrpc_process_jumbo_packet(call, skb); 554 else 555 rxrpc_fast_process_packet(call, skb); 556 557 rxrpc_put_call(call); 558 goto done; 559 560 dead_call: 561 if (sp->hdr.type != RXRPC_PACKET_TYPE_ABORT) { 562 skb->priority = RX_CALL_DEAD; 563 rxrpc_reject_packet(call->conn->trans->local, skb); 564 goto unlock; 565 } 566 free_unlock: 567 rxrpc_free_skb(skb); 568 unlock: 569 read_unlock(&call->state_lock); 570 done: 571 _leave(""); 572 } 573 574 /* 575 * post connection-level events to the connection 576 * - this includes challenges, responses and some aborts 577 */ 578 static void rxrpc_post_packet_to_conn(struct rxrpc_connection *conn, 579 struct sk_buff *skb) 580 { 581 _enter("%p,%p", conn, skb); 582 583 atomic_inc(&conn->usage); 584 skb_queue_tail(&conn->rx_queue, skb); 585 rxrpc_queue_conn(conn); 586 } 587 588 /* 589 * post endpoint-level events to the local endpoint 590 * - this includes debug and version messages 591 */ 592 static void rxrpc_post_packet_to_local(struct rxrpc_local *local, 593 struct sk_buff *skb) 594 { 595 _enter("%p,%p", local, skb); 596 597 atomic_inc(&local->usage); 598 skb_queue_tail(&local->event_queue, skb); 599 rxrpc_queue_work(&local->event_processor); 600 } 601 602 /* 603 * Extract the wire header from a packet and translate the byte order. 604 */ 605 static noinline 606 int rxrpc_extract_header(struct rxrpc_skb_priv *sp, struct sk_buff *skb) 607 { 608 struct rxrpc_wire_header whdr; 609 610 /* dig out the RxRPC connection details */ 611 if (skb_copy_bits(skb, 0, &whdr, sizeof(whdr)) < 0) 612 return -EBADMSG; 613 if (!pskb_pull(skb, sizeof(whdr))) 614 BUG(); 615 616 memset(sp, 0, sizeof(*sp)); 617 sp->hdr.epoch = ntohl(whdr.epoch); 618 sp->hdr.cid = ntohl(whdr.cid); 619 sp->hdr.callNumber = ntohl(whdr.callNumber); 620 sp->hdr.seq = ntohl(whdr.seq); 621 sp->hdr.serial = ntohl(whdr.serial); 622 sp->hdr.flags = whdr.flags; 623 sp->hdr.type = whdr.type; 624 sp->hdr.userStatus = whdr.userStatus; 625 sp->hdr.securityIndex = whdr.securityIndex; 626 sp->hdr._rsvd = ntohs(whdr._rsvd); 627 sp->hdr.serviceId = ntohs(whdr.serviceId); 628 return 0; 629 } 630 631 static struct rxrpc_connection *rxrpc_conn_from_local(struct rxrpc_local *local, 632 struct sk_buff *skb, 633 struct rxrpc_skb_priv *sp) 634 { 635 struct rxrpc_peer *peer; 636 struct rxrpc_transport *trans; 637 struct rxrpc_connection *conn; 638 639 peer = rxrpc_find_peer(local, ip_hdr(skb)->saddr, 640 udp_hdr(skb)->source); 641 if (IS_ERR(peer)) 642 goto cant_find_conn; 643 644 trans = rxrpc_find_transport(local, peer); 645 rxrpc_put_peer(peer); 646 if (!trans) 647 goto cant_find_conn; 648 649 conn = rxrpc_find_connection(trans, &sp->hdr); 650 rxrpc_put_transport(trans); 651 if (!conn) 652 goto cant_find_conn; 653 654 return conn; 655 cant_find_conn: 656 return NULL; 657 } 658 659 /* 660 * handle data received on the local endpoint 661 * - may be called in interrupt context 662 */ 663 void rxrpc_data_ready(struct sock *sk) 664 { 665 struct rxrpc_skb_priv *sp; 666 struct rxrpc_local *local; 667 struct sk_buff *skb; 668 int ret; 669 670 _enter("%p", sk); 671 672 ASSERT(!irqs_disabled()); 673 674 read_lock_bh(&rxrpc_local_lock); 675 local = sk->sk_user_data; 676 if (local && atomic_read(&local->usage) > 0) 677 rxrpc_get_local(local); 678 else 679 local = NULL; 680 read_unlock_bh(&rxrpc_local_lock); 681 if (!local) { 682 _leave(" [local dead]"); 683 return; 684 } 685 686 skb = skb_recv_datagram(sk, 0, 1, &ret); 687 if (!skb) { 688 rxrpc_put_local(local); 689 if (ret == -EAGAIN) 690 return; 691 _debug("UDP socket error %d", ret); 692 return; 693 } 694 695 rxrpc_new_skb(skb); 696 697 _net("recv skb %p", skb); 698 699 /* we'll probably need to checksum it (didn't call sock_recvmsg) */ 700 if (skb_checksum_complete(skb)) { 701 rxrpc_free_skb(skb); 702 rxrpc_put_local(local); 703 __UDP_INC_STATS(&init_net, UDP_MIB_INERRORS, 0); 704 _leave(" [CSUM failed]"); 705 return; 706 } 707 708 __UDP_INC_STATS(&init_net, UDP_MIB_INDATAGRAMS, 0); 709 710 /* The socket buffer we have is owned by UDP, with UDP's data all over 711 * it, but we really want our own data there. 712 */ 713 skb_orphan(skb); 714 sp = rxrpc_skb(skb); 715 716 _net("Rx UDP packet from %08x:%04hu", 717 ntohl(ip_hdr(skb)->saddr), ntohs(udp_hdr(skb)->source)); 718 719 /* dig out the RxRPC connection details */ 720 if (rxrpc_extract_header(sp, skb) < 0) 721 goto bad_message; 722 723 _net("Rx RxRPC %s ep=%x call=%x:%x", 724 sp->hdr.flags & RXRPC_CLIENT_INITIATED ? "ToServer" : "ToClient", 725 sp->hdr.epoch, sp->hdr.cid, sp->hdr.callNumber); 726 727 if (sp->hdr.type >= RXRPC_N_PACKET_TYPES || 728 !((RXRPC_SUPPORTED_PACKET_TYPES >> sp->hdr.type) & 1)) { 729 _proto("Rx Bad Packet Type %u", sp->hdr.type); 730 goto bad_message; 731 } 732 733 if (sp->hdr.type == RXRPC_PACKET_TYPE_VERSION) { 734 rxrpc_post_packet_to_local(local, skb); 735 goto out; 736 } 737 738 if (sp->hdr.type == RXRPC_PACKET_TYPE_DATA && 739 (sp->hdr.callNumber == 0 || sp->hdr.seq == 0)) 740 goto bad_message; 741 742 if (sp->hdr.callNumber == 0) { 743 /* This is a connection-level packet. These should be 744 * fairly rare, so the extra overhead of looking them up the 745 * old-fashioned way doesn't really hurt */ 746 struct rxrpc_connection *conn; 747 748 conn = rxrpc_conn_from_local(local, skb, sp); 749 if (!conn) 750 goto cant_route_call; 751 752 _debug("CONN %p {%d}", conn, conn->debug_id); 753 rxrpc_post_packet_to_conn(conn, skb); 754 rxrpc_put_connection(conn); 755 } else { 756 struct rxrpc_call *call; 757 758 call = rxrpc_find_call_hash(&sp->hdr, local, 759 AF_INET, &ip_hdr(skb)->saddr); 760 if (call) 761 rxrpc_post_packet_to_call(call, skb); 762 else 763 goto cant_route_call; 764 } 765 766 out: 767 rxrpc_put_local(local); 768 return; 769 770 cant_route_call: 771 _debug("can't route call"); 772 if (sp->hdr.flags & RXRPC_CLIENT_INITIATED && 773 sp->hdr.type == RXRPC_PACKET_TYPE_DATA) { 774 if (sp->hdr.seq == 1) { 775 _debug("first packet"); 776 skb_queue_tail(&local->accept_queue, skb); 777 rxrpc_queue_work(&local->acceptor); 778 rxrpc_put_local(local); 779 _leave(" [incoming]"); 780 return; 781 } 782 skb->priority = RX_INVALID_OPERATION; 783 } else { 784 skb->priority = RX_CALL_DEAD; 785 } 786 787 if (sp->hdr.type != RXRPC_PACKET_TYPE_ABORT) { 788 _debug("reject type %d",sp->hdr.type); 789 rxrpc_reject_packet(local, skb); 790 } 791 rxrpc_put_local(local); 792 _leave(" [no call]"); 793 return; 794 795 bad_message: 796 skb->priority = RX_PROTOCOL_ERROR; 797 rxrpc_reject_packet(local, skb); 798 rxrpc_put_local(local); 799 _leave(" [badmsg]"); 800 } 801