1 /* Local endpoint object management 2 * 3 * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public Licence 8 * as published by the Free Software Foundation; either version 9 * 2 of the Licence, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13 14 #include <linux/module.h> 15 #include <linux/net.h> 16 #include <linux/skbuff.h> 17 #include <linux/slab.h> 18 #include <linux/udp.h> 19 #include <linux/ip.h> 20 #include <linux/hashtable.h> 21 #include <net/sock.h> 22 #include <net/af_rxrpc.h> 23 #include "ar-internal.h" 24 25 static void rxrpc_local_processor(struct work_struct *); 26 static void rxrpc_local_rcu(struct rcu_head *); 27 28 static DEFINE_MUTEX(rxrpc_local_mutex); 29 static LIST_HEAD(rxrpc_local_endpoints); 30 31 /* 32 * Compare a local to an address. Return -ve, 0 or +ve to indicate less than, 33 * same or greater than. 34 * 35 * We explicitly don't compare the RxRPC service ID as we want to reject 36 * conflicting uses by differing services. Further, we don't want to share 37 * addresses with different options (IPv6), so we don't compare those bits 38 * either. 39 */ 40 static long rxrpc_local_cmp_key(const struct rxrpc_local *local, 41 const struct sockaddr_rxrpc *srx) 42 { 43 long diff; 44 45 diff = ((local->srx.transport_type - srx->transport_type) ?: 46 (local->srx.transport_len - srx->transport_len) ?: 47 (local->srx.transport.family - srx->transport.family)); 48 if (diff != 0) 49 return diff; 50 51 switch (srx->transport.family) { 52 case AF_INET: 53 /* If the choice of UDP port is left up to the transport, then 54 * the endpoint record doesn't match. 55 */ 56 return ((u16 __force)local->srx.transport.sin.sin_port - 57 (u16 __force)srx->transport.sin.sin_port) ?: 58 memcmp(&local->srx.transport.sin.sin_addr, 59 &srx->transport.sin.sin_addr, 60 sizeof(struct in_addr)); 61 #ifdef CONFIG_AF_RXRPC_IPV6 62 case AF_INET6: 63 /* If the choice of UDP6 port is left up to the transport, then 64 * the endpoint record doesn't match. 65 */ 66 return ((u16 __force)local->srx.transport.sin6.sin6_port - 67 (u16 __force)srx->transport.sin6.sin6_port) ?: 68 memcmp(&local->srx.transport.sin6.sin6_addr, 69 &srx->transport.sin6.sin6_addr, 70 sizeof(struct in6_addr)); 71 #endif 72 default: 73 BUG(); 74 } 75 } 76 77 /* 78 * Allocate a new local endpoint. 79 */ 80 static struct rxrpc_local *rxrpc_alloc_local(const struct sockaddr_rxrpc *srx) 81 { 82 struct rxrpc_local *local; 83 84 local = kzalloc(sizeof(struct rxrpc_local), GFP_KERNEL); 85 if (local) { 86 atomic_set(&local->usage, 1); 87 INIT_LIST_HEAD(&local->link); 88 INIT_WORK(&local->processor, rxrpc_local_processor); 89 init_rwsem(&local->defrag_sem); 90 skb_queue_head_init(&local->reject_queue); 91 skb_queue_head_init(&local->event_queue); 92 local->client_conns = RB_ROOT; 93 spin_lock_init(&local->client_conns_lock); 94 spin_lock_init(&local->lock); 95 rwlock_init(&local->services_lock); 96 local->debug_id = atomic_inc_return(&rxrpc_debug_id); 97 memcpy(&local->srx, srx, sizeof(*srx)); 98 } 99 100 _leave(" = %p", local); 101 return local; 102 } 103 104 /* 105 * create the local socket 106 * - must be called with rxrpc_local_mutex locked 107 */ 108 static int rxrpc_open_socket(struct rxrpc_local *local) 109 { 110 struct sock *sock; 111 int ret, opt; 112 113 _enter("%p{%d,%d}", 114 local, local->srx.transport_type, local->srx.transport.family); 115 116 /* create a socket to represent the local endpoint */ 117 ret = sock_create_kern(&init_net, local->srx.transport.family, 118 local->srx.transport_type, 0, &local->socket); 119 if (ret < 0) { 120 _leave(" = %d [socket]", ret); 121 return ret; 122 } 123 124 /* if a local address was supplied then bind it */ 125 if (local->srx.transport_len > sizeof(sa_family_t)) { 126 _debug("bind"); 127 ret = kernel_bind(local->socket, 128 (struct sockaddr *)&local->srx.transport, 129 local->srx.transport_len); 130 if (ret < 0) { 131 _debug("bind failed %d", ret); 132 goto error; 133 } 134 } 135 136 /* we want to receive ICMP errors */ 137 opt = 1; 138 ret = kernel_setsockopt(local->socket, SOL_IP, IP_RECVERR, 139 (char *) &opt, sizeof(opt)); 140 if (ret < 0) { 141 _debug("setsockopt failed"); 142 goto error; 143 } 144 145 /* we want to set the don't fragment bit */ 146 opt = IP_PMTUDISC_DO; 147 ret = kernel_setsockopt(local->socket, SOL_IP, IP_MTU_DISCOVER, 148 (char *) &opt, sizeof(opt)); 149 if (ret < 0) { 150 _debug("setsockopt failed"); 151 goto error; 152 } 153 154 /* set the socket up */ 155 sock = local->socket->sk; 156 sock->sk_user_data = local; 157 sock->sk_data_ready = rxrpc_data_ready; 158 sock->sk_error_report = rxrpc_error_report; 159 _leave(" = 0"); 160 return 0; 161 162 error: 163 kernel_sock_shutdown(local->socket, SHUT_RDWR); 164 local->socket->sk->sk_user_data = NULL; 165 sock_release(local->socket); 166 local->socket = NULL; 167 168 _leave(" = %d", ret); 169 return ret; 170 } 171 172 /* 173 * Look up or create a new local endpoint using the specified local address. 174 */ 175 struct rxrpc_local *rxrpc_lookup_local(const struct sockaddr_rxrpc *srx) 176 { 177 struct rxrpc_local *local; 178 struct list_head *cursor; 179 const char *age; 180 long diff; 181 int ret; 182 183 _enter("{%d,%d,%pISp}", 184 srx->transport_type, srx->transport.family, &srx->transport); 185 186 mutex_lock(&rxrpc_local_mutex); 187 188 for (cursor = rxrpc_local_endpoints.next; 189 cursor != &rxrpc_local_endpoints; 190 cursor = cursor->next) { 191 local = list_entry(cursor, struct rxrpc_local, link); 192 193 diff = rxrpc_local_cmp_key(local, srx); 194 if (diff < 0) 195 continue; 196 if (diff > 0) 197 break; 198 199 /* Services aren't allowed to share transport sockets, so 200 * reject that here. It is possible that the object is dying - 201 * but it may also still have the local transport address that 202 * we want bound. 203 */ 204 if (srx->srx_service) { 205 local = NULL; 206 goto addr_in_use; 207 } 208 209 /* Found a match. We replace a dying object. Attempting to 210 * bind the transport socket may still fail if we're attempting 211 * to use a local address that the dying object is still using. 212 */ 213 if (!rxrpc_get_local_maybe(local)) { 214 cursor = cursor->next; 215 list_del_init(&local->link); 216 break; 217 } 218 219 age = "old"; 220 goto found; 221 } 222 223 local = rxrpc_alloc_local(srx); 224 if (!local) 225 goto nomem; 226 227 ret = rxrpc_open_socket(local); 228 if (ret < 0) 229 goto sock_error; 230 231 list_add_tail(&local->link, cursor); 232 age = "new"; 233 234 found: 235 mutex_unlock(&rxrpc_local_mutex); 236 237 _net("LOCAL %s %d {%pISp}", 238 age, local->debug_id, &local->srx.transport); 239 240 _leave(" = %p", local); 241 return local; 242 243 nomem: 244 ret = -ENOMEM; 245 sock_error: 246 mutex_unlock(&rxrpc_local_mutex); 247 kfree(local); 248 _leave(" = %d", ret); 249 return ERR_PTR(ret); 250 251 addr_in_use: 252 mutex_unlock(&rxrpc_local_mutex); 253 _leave(" = -EADDRINUSE"); 254 return ERR_PTR(-EADDRINUSE); 255 } 256 257 /* 258 * A local endpoint reached its end of life. 259 */ 260 void __rxrpc_put_local(struct rxrpc_local *local) 261 { 262 _enter("%d", local->debug_id); 263 rxrpc_queue_work(&local->processor); 264 } 265 266 /* 267 * Destroy a local endpoint's socket and then hand the record to RCU to dispose 268 * of. 269 * 270 * Closing the socket cannot be done from bottom half context or RCU callback 271 * context because it might sleep. 272 */ 273 static void rxrpc_local_destroyer(struct rxrpc_local *local) 274 { 275 struct socket *socket = local->socket; 276 277 _enter("%d", local->debug_id); 278 279 /* We can get a race between an incoming call packet queueing the 280 * processor again and the work processor starting the destruction 281 * process which will shut down the UDP socket. 282 */ 283 if (local->dead) { 284 _leave(" [already dead]"); 285 return; 286 } 287 local->dead = true; 288 289 mutex_lock(&rxrpc_local_mutex); 290 list_del_init(&local->link); 291 mutex_unlock(&rxrpc_local_mutex); 292 293 ASSERT(RB_EMPTY_ROOT(&local->client_conns)); 294 ASSERT(!local->service); 295 296 if (socket) { 297 local->socket = NULL; 298 kernel_sock_shutdown(socket, SHUT_RDWR); 299 socket->sk->sk_user_data = NULL; 300 sock_release(socket); 301 } 302 303 /* At this point, there should be no more packets coming in to the 304 * local endpoint. 305 */ 306 rxrpc_purge_queue(&local->reject_queue); 307 rxrpc_purge_queue(&local->event_queue); 308 309 _debug("rcu local %d", local->debug_id); 310 call_rcu(&local->rcu, rxrpc_local_rcu); 311 } 312 313 /* 314 * Process events on an endpoint 315 */ 316 static void rxrpc_local_processor(struct work_struct *work) 317 { 318 struct rxrpc_local *local = 319 container_of(work, struct rxrpc_local, processor); 320 bool again; 321 322 _enter("%d", local->debug_id); 323 324 do { 325 again = false; 326 if (atomic_read(&local->usage) == 0) 327 return rxrpc_local_destroyer(local); 328 329 if (!skb_queue_empty(&local->reject_queue)) { 330 rxrpc_reject_packets(local); 331 again = true; 332 } 333 334 if (!skb_queue_empty(&local->event_queue)) { 335 rxrpc_process_local_events(local); 336 again = true; 337 } 338 } while (again); 339 } 340 341 /* 342 * Destroy a local endpoint after the RCU grace period expires. 343 */ 344 static void rxrpc_local_rcu(struct rcu_head *rcu) 345 { 346 struct rxrpc_local *local = container_of(rcu, struct rxrpc_local, rcu); 347 348 _enter("%d", local->debug_id); 349 350 ASSERT(!work_pending(&local->processor)); 351 352 _net("DESTROY LOCAL %d", local->debug_id); 353 kfree(local); 354 _leave(""); 355 } 356 357 /* 358 * Verify the local endpoint list is empty by this point. 359 */ 360 void __exit rxrpc_destroy_all_locals(void) 361 { 362 struct rxrpc_local *local; 363 364 _enter(""); 365 366 flush_workqueue(rxrpc_workqueue); 367 368 if (!list_empty(&rxrpc_local_endpoints)) { 369 mutex_lock(&rxrpc_local_mutex); 370 list_for_each_entry(local, &rxrpc_local_endpoints, link) { 371 pr_err("AF_RXRPC: Leaked local %p {%d}\n", 372 local, atomic_read(&local->usage)); 373 } 374 mutex_unlock(&rxrpc_local_mutex); 375 BUG(); 376 } 377 378 rcu_barrier(); 379 } 380