1 /* Local endpoint object management 2 * 3 * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public Licence 8 * as published by the Free Software Foundation; either version 9 * 2 of the Licence, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13 14 #include <linux/module.h> 15 #include <linux/net.h> 16 #include <linux/skbuff.h> 17 #include <linux/slab.h> 18 #include <linux/udp.h> 19 #include <linux/ip.h> 20 #include <linux/hashtable.h> 21 #include <net/sock.h> 22 #include <net/udp.h> 23 #include <net/af_rxrpc.h> 24 #include "ar-internal.h" 25 26 static void rxrpc_local_processor(struct work_struct *); 27 static void rxrpc_local_rcu(struct rcu_head *); 28 29 /* 30 * Compare a local to an address. Return -ve, 0 or +ve to indicate less than, 31 * same or greater than. 32 * 33 * We explicitly don't compare the RxRPC service ID as we want to reject 34 * conflicting uses by differing services. Further, we don't want to share 35 * addresses with different options (IPv6), so we don't compare those bits 36 * either. 37 */ 38 static long rxrpc_local_cmp_key(const struct rxrpc_local *local, 39 const struct sockaddr_rxrpc *srx) 40 { 41 long diff; 42 43 diff = ((local->srx.transport_type - srx->transport_type) ?: 44 (local->srx.transport_len - srx->transport_len) ?: 45 (local->srx.transport.family - srx->transport.family)); 46 if (diff != 0) 47 return diff; 48 49 switch (srx->transport.family) { 50 case AF_INET: 51 /* If the choice of UDP port is left up to the transport, then 52 * the endpoint record doesn't match. 53 */ 54 return ((u16 __force)local->srx.transport.sin.sin_port - 55 (u16 __force)srx->transport.sin.sin_port) ?: 56 memcmp(&local->srx.transport.sin.sin_addr, 57 &srx->transport.sin.sin_addr, 58 sizeof(struct in_addr)); 59 #ifdef CONFIG_AF_RXRPC_IPV6 60 case AF_INET6: 61 /* If the choice of UDP6 port is left up to the transport, then 62 * the endpoint record doesn't match. 63 */ 64 return ((u16 __force)local->srx.transport.sin6.sin6_port - 65 (u16 __force)srx->transport.sin6.sin6_port) ?: 66 memcmp(&local->srx.transport.sin6.sin6_addr, 67 &srx->transport.sin6.sin6_addr, 68 sizeof(struct in6_addr)); 69 #endif 70 default: 71 BUG(); 72 } 73 } 74 75 /* 76 * Allocate a new local endpoint. 77 */ 78 static struct rxrpc_local *rxrpc_alloc_local(struct rxrpc_net *rxnet, 79 const struct sockaddr_rxrpc *srx) 80 { 81 struct rxrpc_local *local; 82 83 local = kzalloc(sizeof(struct rxrpc_local), GFP_KERNEL); 84 if (local) { 85 atomic_set(&local->usage, 1); 86 local->rxnet = rxnet; 87 INIT_LIST_HEAD(&local->link); 88 INIT_WORK(&local->processor, rxrpc_local_processor); 89 init_rwsem(&local->defrag_sem); 90 skb_queue_head_init(&local->reject_queue); 91 skb_queue_head_init(&local->event_queue); 92 local->client_conns = RB_ROOT; 93 spin_lock_init(&local->client_conns_lock); 94 spin_lock_init(&local->lock); 95 rwlock_init(&local->services_lock); 96 local->debug_id = atomic_inc_return(&rxrpc_debug_id); 97 memcpy(&local->srx, srx, sizeof(*srx)); 98 local->srx.srx_service = 0; 99 trace_rxrpc_local(local, rxrpc_local_new, 1, NULL); 100 } 101 102 _leave(" = %p", local); 103 return local; 104 } 105 106 /* 107 * create the local socket 108 * - must be called with rxrpc_local_mutex locked 109 */ 110 static int rxrpc_open_socket(struct rxrpc_local *local, struct net *net) 111 { 112 struct sock *usk; 113 int ret, opt; 114 115 _enter("%p{%d,%d}", 116 local, local->srx.transport_type, local->srx.transport.family); 117 118 /* create a socket to represent the local endpoint */ 119 ret = sock_create_kern(net, local->srx.transport.family, 120 local->srx.transport_type, 0, &local->socket); 121 if (ret < 0) { 122 _leave(" = %d [socket]", ret); 123 return ret; 124 } 125 126 /* set the socket up */ 127 usk = local->socket->sk; 128 inet_sk(usk)->mc_loop = 0; 129 130 /* Enable CHECKSUM_UNNECESSARY to CHECKSUM_COMPLETE conversion */ 131 inet_inc_convert_csum(usk); 132 133 rcu_assign_sk_user_data(usk, local); 134 135 udp_sk(usk)->encap_type = UDP_ENCAP_RXRPC; 136 udp_sk(usk)->encap_rcv = rxrpc_input_packet; 137 udp_sk(usk)->encap_destroy = NULL; 138 udp_sk(usk)->gro_receive = NULL; 139 udp_sk(usk)->gro_complete = NULL; 140 141 udp_encap_enable(); 142 #if IS_ENABLED(CONFIG_AF_RXRPC_IPV6) 143 if (local->srx.transport.family == AF_INET6) 144 udpv6_encap_enable(); 145 #endif 146 usk->sk_error_report = rxrpc_error_report; 147 148 /* if a local address was supplied then bind it */ 149 if (local->srx.transport_len > sizeof(sa_family_t)) { 150 _debug("bind"); 151 ret = kernel_bind(local->socket, 152 (struct sockaddr *)&local->srx.transport, 153 local->srx.transport_len); 154 if (ret < 0) { 155 _debug("bind failed %d", ret); 156 goto error; 157 } 158 } 159 160 switch (local->srx.transport.family) { 161 case AF_INET6: 162 /* we want to receive ICMPv6 errors */ 163 opt = 1; 164 ret = kernel_setsockopt(local->socket, SOL_IPV6, IPV6_RECVERR, 165 (char *) &opt, sizeof(opt)); 166 if (ret < 0) { 167 _debug("setsockopt failed"); 168 goto error; 169 } 170 171 /* we want to set the don't fragment bit */ 172 opt = IPV6_PMTUDISC_DO; 173 ret = kernel_setsockopt(local->socket, SOL_IPV6, IPV6_MTU_DISCOVER, 174 (char *) &opt, sizeof(opt)); 175 if (ret < 0) { 176 _debug("setsockopt failed"); 177 goto error; 178 } 179 180 /* Fall through and set IPv4 options too otherwise we don't get 181 * errors from IPv4 packets sent through the IPv6 socket. 182 */ 183 184 case AF_INET: 185 /* we want to receive ICMP errors */ 186 opt = 1; 187 ret = kernel_setsockopt(local->socket, SOL_IP, IP_RECVERR, 188 (char *) &opt, sizeof(opt)); 189 if (ret < 0) { 190 _debug("setsockopt failed"); 191 goto error; 192 } 193 194 /* we want to set the don't fragment bit */ 195 opt = IP_PMTUDISC_DO; 196 ret = kernel_setsockopt(local->socket, SOL_IP, IP_MTU_DISCOVER, 197 (char *) &opt, sizeof(opt)); 198 if (ret < 0) { 199 _debug("setsockopt failed"); 200 goto error; 201 } 202 203 /* We want receive timestamps. */ 204 opt = 1; 205 ret = kernel_setsockopt(local->socket, SOL_SOCKET, SO_TIMESTAMPNS_OLD, 206 (char *)&opt, sizeof(opt)); 207 if (ret < 0) { 208 _debug("setsockopt failed"); 209 goto error; 210 } 211 break; 212 213 default: 214 BUG(); 215 } 216 217 _leave(" = 0"); 218 return 0; 219 220 error: 221 kernel_sock_shutdown(local->socket, SHUT_RDWR); 222 local->socket->sk->sk_user_data = NULL; 223 sock_release(local->socket); 224 local->socket = NULL; 225 226 _leave(" = %d", ret); 227 return ret; 228 } 229 230 /* 231 * Look up or create a new local endpoint using the specified local address. 232 */ 233 struct rxrpc_local *rxrpc_lookup_local(struct net *net, 234 const struct sockaddr_rxrpc *srx) 235 { 236 struct rxrpc_local *local; 237 struct rxrpc_net *rxnet = rxrpc_net(net); 238 struct list_head *cursor; 239 const char *age; 240 long diff; 241 int ret; 242 243 _enter("{%d,%d,%pISp}", 244 srx->transport_type, srx->transport.family, &srx->transport); 245 246 mutex_lock(&rxnet->local_mutex); 247 248 for (cursor = rxnet->local_endpoints.next; 249 cursor != &rxnet->local_endpoints; 250 cursor = cursor->next) { 251 local = list_entry(cursor, struct rxrpc_local, link); 252 253 diff = rxrpc_local_cmp_key(local, srx); 254 if (diff < 0) 255 continue; 256 if (diff > 0) 257 break; 258 259 /* Services aren't allowed to share transport sockets, so 260 * reject that here. It is possible that the object is dying - 261 * but it may also still have the local transport address that 262 * we want bound. 263 */ 264 if (srx->srx_service) { 265 local = NULL; 266 goto addr_in_use; 267 } 268 269 /* Found a match. We replace a dying object. Attempting to 270 * bind the transport socket may still fail if we're attempting 271 * to use a local address that the dying object is still using. 272 */ 273 if (!rxrpc_get_local_maybe(local)) { 274 cursor = cursor->next; 275 list_del_init(&local->link); 276 break; 277 } 278 279 age = "old"; 280 goto found; 281 } 282 283 local = rxrpc_alloc_local(rxnet, srx); 284 if (!local) 285 goto nomem; 286 287 ret = rxrpc_open_socket(local, net); 288 if (ret < 0) 289 goto sock_error; 290 291 list_add_tail(&local->link, cursor); 292 age = "new"; 293 294 found: 295 mutex_unlock(&rxnet->local_mutex); 296 297 _net("LOCAL %s %d {%pISp}", 298 age, local->debug_id, &local->srx.transport); 299 300 _leave(" = %p", local); 301 return local; 302 303 nomem: 304 ret = -ENOMEM; 305 sock_error: 306 mutex_unlock(&rxnet->local_mutex); 307 kfree(local); 308 _leave(" = %d", ret); 309 return ERR_PTR(ret); 310 311 addr_in_use: 312 mutex_unlock(&rxnet->local_mutex); 313 _leave(" = -EADDRINUSE"); 314 return ERR_PTR(-EADDRINUSE); 315 } 316 317 /* 318 * Get a ref on a local endpoint. 319 */ 320 struct rxrpc_local *rxrpc_get_local(struct rxrpc_local *local) 321 { 322 const void *here = __builtin_return_address(0); 323 int n; 324 325 n = atomic_inc_return(&local->usage); 326 trace_rxrpc_local(local, rxrpc_local_got, n, here); 327 return local; 328 } 329 330 /* 331 * Get a ref on a local endpoint unless its usage has already reached 0. 332 */ 333 struct rxrpc_local *rxrpc_get_local_maybe(struct rxrpc_local *local) 334 { 335 const void *here = __builtin_return_address(0); 336 337 if (local) { 338 int n = atomic_fetch_add_unless(&local->usage, 1, 0); 339 if (n > 0) 340 trace_rxrpc_local(local, rxrpc_local_got, n + 1, here); 341 else 342 local = NULL; 343 } 344 return local; 345 } 346 347 /* 348 * Queue a local endpoint. 349 */ 350 void rxrpc_queue_local(struct rxrpc_local *local) 351 { 352 const void *here = __builtin_return_address(0); 353 354 if (rxrpc_queue_work(&local->processor)) 355 trace_rxrpc_local(local, rxrpc_local_queued, 356 atomic_read(&local->usage), here); 357 } 358 359 /* 360 * A local endpoint reached its end of life. 361 */ 362 static void __rxrpc_put_local(struct rxrpc_local *local) 363 { 364 _enter("%d", local->debug_id); 365 rxrpc_queue_work(&local->processor); 366 } 367 368 /* 369 * Drop a ref on a local endpoint. 370 */ 371 void rxrpc_put_local(struct rxrpc_local *local) 372 { 373 const void *here = __builtin_return_address(0); 374 int n; 375 376 if (local) { 377 n = atomic_dec_return(&local->usage); 378 trace_rxrpc_local(local, rxrpc_local_put, n, here); 379 380 if (n == 0) 381 __rxrpc_put_local(local); 382 } 383 } 384 385 /* 386 * Destroy a local endpoint's socket and then hand the record to RCU to dispose 387 * of. 388 * 389 * Closing the socket cannot be done from bottom half context or RCU callback 390 * context because it might sleep. 391 */ 392 static void rxrpc_local_destroyer(struct rxrpc_local *local) 393 { 394 struct socket *socket = local->socket; 395 struct rxrpc_net *rxnet = local->rxnet; 396 397 _enter("%d", local->debug_id); 398 399 /* We can get a race between an incoming call packet queueing the 400 * processor again and the work processor starting the destruction 401 * process which will shut down the UDP socket. 402 */ 403 if (local->dead) { 404 _leave(" [already dead]"); 405 return; 406 } 407 local->dead = true; 408 409 mutex_lock(&rxnet->local_mutex); 410 list_del_init(&local->link); 411 mutex_unlock(&rxnet->local_mutex); 412 413 ASSERT(RB_EMPTY_ROOT(&local->client_conns)); 414 ASSERT(!local->service); 415 416 if (socket) { 417 local->socket = NULL; 418 kernel_sock_shutdown(socket, SHUT_RDWR); 419 socket->sk->sk_user_data = NULL; 420 sock_release(socket); 421 } 422 423 /* At this point, there should be no more packets coming in to the 424 * local endpoint. 425 */ 426 rxrpc_purge_queue(&local->reject_queue); 427 rxrpc_purge_queue(&local->event_queue); 428 429 _debug("rcu local %d", local->debug_id); 430 call_rcu(&local->rcu, rxrpc_local_rcu); 431 } 432 433 /* 434 * Process events on an endpoint 435 */ 436 static void rxrpc_local_processor(struct work_struct *work) 437 { 438 struct rxrpc_local *local = 439 container_of(work, struct rxrpc_local, processor); 440 bool again; 441 442 trace_rxrpc_local(local, rxrpc_local_processing, 443 atomic_read(&local->usage), NULL); 444 445 do { 446 again = false; 447 if (atomic_read(&local->usage) == 0) 448 return rxrpc_local_destroyer(local); 449 450 if (!skb_queue_empty(&local->reject_queue)) { 451 rxrpc_reject_packets(local); 452 again = true; 453 } 454 455 if (!skb_queue_empty(&local->event_queue)) { 456 rxrpc_process_local_events(local); 457 again = true; 458 } 459 } while (again); 460 } 461 462 /* 463 * Destroy a local endpoint after the RCU grace period expires. 464 */ 465 static void rxrpc_local_rcu(struct rcu_head *rcu) 466 { 467 struct rxrpc_local *local = container_of(rcu, struct rxrpc_local, rcu); 468 469 _enter("%d", local->debug_id); 470 471 ASSERT(!work_pending(&local->processor)); 472 473 _net("DESTROY LOCAL %d", local->debug_id); 474 kfree(local); 475 _leave(""); 476 } 477 478 /* 479 * Verify the local endpoint list is empty by this point. 480 */ 481 void rxrpc_destroy_all_locals(struct rxrpc_net *rxnet) 482 { 483 struct rxrpc_local *local; 484 485 _enter(""); 486 487 flush_workqueue(rxrpc_workqueue); 488 489 if (!list_empty(&rxnet->local_endpoints)) { 490 mutex_lock(&rxnet->local_mutex); 491 list_for_each_entry(local, &rxnet->local_endpoints, link) { 492 pr_err("AF_RXRPC: Leaked local %p {%d}\n", 493 local, atomic_read(&local->usage)); 494 } 495 mutex_unlock(&rxnet->local_mutex); 496 BUG(); 497 } 498 } 499