xref: /openbmc/linux/net/rxrpc/local_object.c (revision 4b0aaacee51eb6592a03fdefd5ce97558518e291) 
1 /* Local endpoint object management
2  *
3  * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public Licence
8  * as published by the Free Software Foundation; either version
9  * 2 of the Licence, or (at your option) any later version.
10  */
11 
12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13 
14 #include <linux/module.h>
15 #include <linux/net.h>
16 #include <linux/skbuff.h>
17 #include <linux/slab.h>
18 #include <linux/udp.h>
19 #include <linux/ip.h>
20 #include <linux/hashtable.h>
21 #include <net/sock.h>
22 #include <net/af_rxrpc.h>
23 #include "ar-internal.h"
24 
25 static void rxrpc_local_processor(struct work_struct *);
26 static void rxrpc_local_rcu(struct rcu_head *);
27 
28 /*
29  * Compare a local to an address.  Return -ve, 0 or +ve to indicate less than,
30  * same or greater than.
31  *
32  * We explicitly don't compare the RxRPC service ID as we want to reject
33  * conflicting uses by differing services.  Further, we don't want to share
34  * addresses with different options (IPv6), so we don't compare those bits
35  * either.
36  */
37 static long rxrpc_local_cmp_key(const struct rxrpc_local *local,
38 				const struct sockaddr_rxrpc *srx)
39 {
40 	long diff;
41 
42 	diff = ((local->srx.transport_type - srx->transport_type) ?:
43 		(local->srx.transport_len - srx->transport_len) ?:
44 		(local->srx.transport.family - srx->transport.family));
45 	if (diff != 0)
46 		return diff;
47 
48 	switch (srx->transport.family) {
49 	case AF_INET:
50 		/* If the choice of UDP port is left up to the transport, then
51 		 * the endpoint record doesn't match.
52 		 */
53 		return ((u16 __force)local->srx.transport.sin.sin_port -
54 			(u16 __force)srx->transport.sin.sin_port) ?:
55 			memcmp(&local->srx.transport.sin.sin_addr,
56 			       &srx->transport.sin.sin_addr,
57 			       sizeof(struct in_addr));
58 #ifdef CONFIG_AF_RXRPC_IPV6
59 	case AF_INET6:
60 		/* If the choice of UDP6 port is left up to the transport, then
61 		 * the endpoint record doesn't match.
62 		 */
63 		return ((u16 __force)local->srx.transport.sin6.sin6_port -
64 			(u16 __force)srx->transport.sin6.sin6_port) ?:
65 			memcmp(&local->srx.transport.sin6.sin6_addr,
66 			       &srx->transport.sin6.sin6_addr,
67 			       sizeof(struct in6_addr));
68 #endif
69 	default:
70 		BUG();
71 	}
72 }
73 
74 /*
75  * Allocate a new local endpoint.
76  */
77 static struct rxrpc_local *rxrpc_alloc_local(struct rxrpc_net *rxnet,
78 					     const struct sockaddr_rxrpc *srx)
79 {
80 	struct rxrpc_local *local;
81 
82 	local = kzalloc(sizeof(struct rxrpc_local), GFP_KERNEL);
83 	if (local) {
84 		atomic_set(&local->usage, 1);
85 		local->rxnet = rxnet;
86 		INIT_LIST_HEAD(&local->link);
87 		INIT_WORK(&local->processor, rxrpc_local_processor);
88 		init_rwsem(&local->defrag_sem);
89 		skb_queue_head_init(&local->reject_queue);
90 		skb_queue_head_init(&local->event_queue);
91 		local->client_conns = RB_ROOT;
92 		spin_lock_init(&local->client_conns_lock);
93 		spin_lock_init(&local->lock);
94 		rwlock_init(&local->services_lock);
95 		local->debug_id = atomic_inc_return(&rxrpc_debug_id);
96 		memcpy(&local->srx, srx, sizeof(*srx));
97 		local->srx.srx_service = 0;
98 		trace_rxrpc_local(local, rxrpc_local_new, 1, NULL);
99 	}
100 
101 	_leave(" = %p", local);
102 	return local;
103 }
104 
105 /*
106  * create the local socket
107  * - must be called with rxrpc_local_mutex locked
108  */
109 static int rxrpc_open_socket(struct rxrpc_local *local, struct net *net)
110 {
111 	struct sock *sock;
112 	int ret, opt;
113 
114 	_enter("%p{%d,%d}",
115 	       local, local->srx.transport_type, local->srx.transport.family);
116 
117 	/* create a socket to represent the local endpoint */
118 	ret = sock_create_kern(net, local->srx.transport.family,
119 			       local->srx.transport_type, 0, &local->socket);
120 	if (ret < 0) {
121 		_leave(" = %d [socket]", ret);
122 		return ret;
123 	}
124 
125 	/* if a local address was supplied then bind it */
126 	if (local->srx.transport_len > sizeof(sa_family_t)) {
127 		_debug("bind");
128 		ret = kernel_bind(local->socket,
129 				  (struct sockaddr *)&local->srx.transport,
130 				  local->srx.transport_len);
131 		if (ret < 0) {
132 			_debug("bind failed %d", ret);
133 			goto error;
134 		}
135 	}
136 
137 	switch (local->srx.transport.family) {
138 	case AF_INET6:
139 		/* we want to receive ICMPv6 errors */
140 		opt = 1;
141 		ret = kernel_setsockopt(local->socket, SOL_IPV6, IPV6_RECVERR,
142 					(char *) &opt, sizeof(opt));
143 		if (ret < 0) {
144 			_debug("setsockopt failed");
145 			goto error;
146 		}
147 
148 		/* we want to set the don't fragment bit */
149 		opt = IPV6_PMTUDISC_DO;
150 		ret = kernel_setsockopt(local->socket, SOL_IPV6, IPV6_MTU_DISCOVER,
151 					(char *) &opt, sizeof(opt));
152 		if (ret < 0) {
153 			_debug("setsockopt failed");
154 			goto error;
155 		}
156 
157 		/* Fall through and set IPv4 options too otherwise we don't get
158 		 * errors from IPv4 packets sent through the IPv6 socket.
159 		 */
160 
161 	case AF_INET:
162 		/* we want to receive ICMP errors */
163 		opt = 1;
164 		ret = kernel_setsockopt(local->socket, SOL_IP, IP_RECVERR,
165 					(char *) &opt, sizeof(opt));
166 		if (ret < 0) {
167 			_debug("setsockopt failed");
168 			goto error;
169 		}
170 
171 		/* we want to set the don't fragment bit */
172 		opt = IP_PMTUDISC_DO;
173 		ret = kernel_setsockopt(local->socket, SOL_IP, IP_MTU_DISCOVER,
174 					(char *) &opt, sizeof(opt));
175 		if (ret < 0) {
176 			_debug("setsockopt failed");
177 			goto error;
178 		}
179 
180 		/* We want receive timestamps. */
181 		opt = 1;
182 		ret = kernel_setsockopt(local->socket, SOL_SOCKET, SO_TIMESTAMPNS,
183 					(char *)&opt, sizeof(opt));
184 		if (ret < 0) {
185 			_debug("setsockopt failed");
186 			goto error;
187 		}
188 		break;
189 
190 	default:
191 		BUG();
192 	}
193 
194 	/* set the socket up */
195 	sock = local->socket->sk;
196 	sock->sk_user_data	= local;
197 	sock->sk_data_ready	= rxrpc_data_ready;
198 	sock->sk_error_report	= rxrpc_error_report;
199 	_leave(" = 0");
200 	return 0;
201 
202 error:
203 	kernel_sock_shutdown(local->socket, SHUT_RDWR);
204 	local->socket->sk->sk_user_data = NULL;
205 	sock_release(local->socket);
206 	local->socket = NULL;
207 
208 	_leave(" = %d", ret);
209 	return ret;
210 }
211 
212 /*
213  * Look up or create a new local endpoint using the specified local address.
214  */
215 struct rxrpc_local *rxrpc_lookup_local(struct net *net,
216 				       const struct sockaddr_rxrpc *srx)
217 {
218 	struct rxrpc_local *local;
219 	struct rxrpc_net *rxnet = rxrpc_net(net);
220 	struct list_head *cursor;
221 	const char *age;
222 	long diff;
223 	int ret;
224 
225 	_enter("{%d,%d,%pISp}",
226 	       srx->transport_type, srx->transport.family, &srx->transport);
227 
228 	mutex_lock(&rxnet->local_mutex);
229 
230 	for (cursor = rxnet->local_endpoints.next;
231 	     cursor != &rxnet->local_endpoints;
232 	     cursor = cursor->next) {
233 		local = list_entry(cursor, struct rxrpc_local, link);
234 
235 		diff = rxrpc_local_cmp_key(local, srx);
236 		if (diff < 0)
237 			continue;
238 		if (diff > 0)
239 			break;
240 
241 		/* Services aren't allowed to share transport sockets, so
242 		 * reject that here.  It is possible that the object is dying -
243 		 * but it may also still have the local transport address that
244 		 * we want bound.
245 		 */
246 		if (srx->srx_service) {
247 			local = NULL;
248 			goto addr_in_use;
249 		}
250 
251 		/* Found a match.  We replace a dying object.  Attempting to
252 		 * bind the transport socket may still fail if we're attempting
253 		 * to use a local address that the dying object is still using.
254 		 */
255 		if (!rxrpc_get_local_maybe(local)) {
256 			cursor = cursor->next;
257 			list_del_init(&local->link);
258 			break;
259 		}
260 
261 		age = "old";
262 		goto found;
263 	}
264 
265 	local = rxrpc_alloc_local(rxnet, srx);
266 	if (!local)
267 		goto nomem;
268 
269 	ret = rxrpc_open_socket(local, net);
270 	if (ret < 0)
271 		goto sock_error;
272 
273 	list_add_tail(&local->link, cursor);
274 	age = "new";
275 
276 found:
277 	mutex_unlock(&rxnet->local_mutex);
278 
279 	_net("LOCAL %s %d {%pISp}",
280 	     age, local->debug_id, &local->srx.transport);
281 
282 	_leave(" = %p", local);
283 	return local;
284 
285 nomem:
286 	ret = -ENOMEM;
287 sock_error:
288 	mutex_unlock(&rxnet->local_mutex);
289 	kfree(local);
290 	_leave(" = %d", ret);
291 	return ERR_PTR(ret);
292 
293 addr_in_use:
294 	mutex_unlock(&rxnet->local_mutex);
295 	_leave(" = -EADDRINUSE");
296 	return ERR_PTR(-EADDRINUSE);
297 }
298 
299 /*
300  * Get a ref on a local endpoint.
301  */
302 struct rxrpc_local *rxrpc_get_local(struct rxrpc_local *local)
303 {
304 	const void *here = __builtin_return_address(0);
305 	int n;
306 
307 	n = atomic_inc_return(&local->usage);
308 	trace_rxrpc_local(local, rxrpc_local_got, n, here);
309 	return local;
310 }
311 
312 /*
313  * Get a ref on a local endpoint unless its usage has already reached 0.
314  */
315 struct rxrpc_local *rxrpc_get_local_maybe(struct rxrpc_local *local)
316 {
317 	const void *here = __builtin_return_address(0);
318 
319 	if (local) {
320 		int n = atomic_fetch_add_unless(&local->usage, 1, 0);
321 		if (n > 0)
322 			trace_rxrpc_local(local, rxrpc_local_got, n + 1, here);
323 		else
324 			local = NULL;
325 	}
326 	return local;
327 }
328 
329 /*
330  * Queue a local endpoint.
331  */
332 void rxrpc_queue_local(struct rxrpc_local *local)
333 {
334 	const void *here = __builtin_return_address(0);
335 
336 	if (rxrpc_queue_work(&local->processor))
337 		trace_rxrpc_local(local, rxrpc_local_queued,
338 				  atomic_read(&local->usage), here);
339 }
340 
341 /*
342  * A local endpoint reached its end of life.
343  */
344 static void __rxrpc_put_local(struct rxrpc_local *local)
345 {
346 	_enter("%d", local->debug_id);
347 	rxrpc_queue_work(&local->processor);
348 }
349 
350 /*
351  * Drop a ref on a local endpoint.
352  */
353 void rxrpc_put_local(struct rxrpc_local *local)
354 {
355 	const void *here = __builtin_return_address(0);
356 	int n;
357 
358 	if (local) {
359 		n = atomic_dec_return(&local->usage);
360 		trace_rxrpc_local(local, rxrpc_local_put, n, here);
361 
362 		if (n == 0)
363 			__rxrpc_put_local(local);
364 	}
365 }
366 
367 /*
368  * Destroy a local endpoint's socket and then hand the record to RCU to dispose
369  * of.
370  *
371  * Closing the socket cannot be done from bottom half context or RCU callback
372  * context because it might sleep.
373  */
374 static void rxrpc_local_destroyer(struct rxrpc_local *local)
375 {
376 	struct socket *socket = local->socket;
377 	struct rxrpc_net *rxnet = local->rxnet;
378 
379 	_enter("%d", local->debug_id);
380 
381 	/* We can get a race between an incoming call packet queueing the
382 	 * processor again and the work processor starting the destruction
383 	 * process which will shut down the UDP socket.
384 	 */
385 	if (local->dead) {
386 		_leave(" [already dead]");
387 		return;
388 	}
389 	local->dead = true;
390 
391 	mutex_lock(&rxnet->local_mutex);
392 	list_del_init(&local->link);
393 	mutex_unlock(&rxnet->local_mutex);
394 
395 	ASSERT(RB_EMPTY_ROOT(&local->client_conns));
396 	ASSERT(!local->service);
397 
398 	if (socket) {
399 		local->socket = NULL;
400 		kernel_sock_shutdown(socket, SHUT_RDWR);
401 		socket->sk->sk_user_data = NULL;
402 		sock_release(socket);
403 	}
404 
405 	/* At this point, there should be no more packets coming in to the
406 	 * local endpoint.
407 	 */
408 	rxrpc_purge_queue(&local->reject_queue);
409 	rxrpc_purge_queue(&local->event_queue);
410 
411 	_debug("rcu local %d", local->debug_id);
412 	call_rcu(&local->rcu, rxrpc_local_rcu);
413 }
414 
415 /*
416  * Process events on an endpoint
417  */
418 static void rxrpc_local_processor(struct work_struct *work)
419 {
420 	struct rxrpc_local *local =
421 		container_of(work, struct rxrpc_local, processor);
422 	bool again;
423 
424 	trace_rxrpc_local(local, rxrpc_local_processing,
425 			  atomic_read(&local->usage), NULL);
426 
427 	do {
428 		again = false;
429 		if (atomic_read(&local->usage) == 0)
430 			return rxrpc_local_destroyer(local);
431 
432 		if (!skb_queue_empty(&local->reject_queue)) {
433 			rxrpc_reject_packets(local);
434 			again = true;
435 		}
436 
437 		if (!skb_queue_empty(&local->event_queue)) {
438 			rxrpc_process_local_events(local);
439 			again = true;
440 		}
441 	} while (again);
442 }
443 
444 /*
445  * Destroy a local endpoint after the RCU grace period expires.
446  */
447 static void rxrpc_local_rcu(struct rcu_head *rcu)
448 {
449 	struct rxrpc_local *local = container_of(rcu, struct rxrpc_local, rcu);
450 
451 	_enter("%d", local->debug_id);
452 
453 	ASSERT(!work_pending(&local->processor));
454 
455 	_net("DESTROY LOCAL %d", local->debug_id);
456 	kfree(local);
457 	_leave("");
458 }
459 
460 /*
461  * Verify the local endpoint list is empty by this point.
462  */
463 void rxrpc_destroy_all_locals(struct rxrpc_net *rxnet)
464 {
465 	struct rxrpc_local *local;
466 
467 	_enter("");
468 
469 	flush_workqueue(rxrpc_workqueue);
470 
471 	if (!list_empty(&rxnet->local_endpoints)) {
472 		mutex_lock(&rxnet->local_mutex);
473 		list_for_each_entry(local, &rxnet->local_endpoints, link) {
474 			pr_err("AF_RXRPC: Leaked local %p {%d}\n",
475 			       local, atomic_read(&local->usage));
476 		}
477 		mutex_unlock(&rxnet->local_mutex);
478 		BUG();
479 	}
480 }
481