1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org>
4 * Copyright (C) 2018 Samsung Electronics Co., Ltd.
5 */
6
7 #include <linux/freezer.h>
8
9 #include "smb_common.h"
10 #include "server.h"
11 #include "auth.h"
12 #include "connection.h"
13 #include "transport_tcp.h"
14
15 #define IFACE_STATE_DOWN BIT(0)
16 #define IFACE_STATE_CONFIGURED BIT(1)
17
18 static atomic_t active_num_conn;
19
20 struct interface {
21 struct task_struct *ksmbd_kthread;
22 struct socket *ksmbd_socket;
23 struct list_head entry;
24 char *name;
25 int state;
26 };
27
28 static LIST_HEAD(iface_list);
29
30 static int bind_additional_ifaces;
31
32 struct tcp_transport {
33 struct ksmbd_transport transport;
34 struct socket *sock;
35 struct kvec *iov;
36 unsigned int nr_iov;
37 };
38
39 static const struct ksmbd_transport_ops ksmbd_tcp_transport_ops;
40
41 static void tcp_stop_kthread(struct task_struct *kthread);
42 static struct interface *alloc_iface(char *ifname);
43
44 #define KSMBD_TRANS(t) (&(t)->transport)
45 #define TCP_TRANS(t) ((struct tcp_transport *)container_of(t, \
46 struct tcp_transport, transport))
47
ksmbd_tcp_nodelay(struct socket * sock)48 static inline void ksmbd_tcp_nodelay(struct socket *sock)
49 {
50 tcp_sock_set_nodelay(sock->sk);
51 }
52
ksmbd_tcp_reuseaddr(struct socket * sock)53 static inline void ksmbd_tcp_reuseaddr(struct socket *sock)
54 {
55 sock_set_reuseaddr(sock->sk);
56 }
57
alloc_transport(struct socket * client_sk)58 static struct tcp_transport *alloc_transport(struct socket *client_sk)
59 {
60 struct tcp_transport *t;
61 struct ksmbd_conn *conn;
62
63 t = kzalloc(sizeof(*t), KSMBD_DEFAULT_GFP);
64 if (!t)
65 return NULL;
66 t->sock = client_sk;
67
68 conn = ksmbd_conn_alloc();
69 if (!conn) {
70 kfree(t);
71 return NULL;
72 }
73
74 #if IS_ENABLED(CONFIG_IPV6)
75 if (client_sk->sk->sk_family == AF_INET6) {
76 memcpy(&conn->inet6_addr, &client_sk->sk->sk_v6_daddr, 16);
77 conn->inet_hash = ipv6_addr_hash(&client_sk->sk->sk_v6_daddr);
78 } else {
79 conn->inet_addr = inet_sk(client_sk->sk)->inet_daddr;
80 conn->inet_hash = ipv4_addr_hash(inet_sk(client_sk->sk)->inet_daddr);
81 }
82 #else
83 conn->inet_addr = inet_sk(client_sk->sk)->inet_daddr;
84 conn->inet_hash = ipv4_addr_hash(inet_sk(client_sk->sk)->inet_daddr);
85 #endif
86 down_write(&conn_list_lock);
87 hash_add(conn_list, &conn->hlist, conn->inet_hash);
88 up_write(&conn_list_lock);
89
90 conn->transport = KSMBD_TRANS(t);
91 KSMBD_TRANS(t)->conn = conn;
92 KSMBD_TRANS(t)->ops = &ksmbd_tcp_transport_ops;
93 return t;
94 }
95
ksmbd_tcp_free_transport(struct ksmbd_transport * kt)96 static void ksmbd_tcp_free_transport(struct ksmbd_transport *kt)
97 {
98 struct tcp_transport *t = TCP_TRANS(kt);
99
100 sock_release(t->sock);
101 kfree(t->iov);
102 kfree(t);
103 }
104
free_transport(struct tcp_transport * t)105 static void free_transport(struct tcp_transport *t)
106 {
107 kernel_sock_shutdown(t->sock, SHUT_RDWR);
108 ksmbd_conn_free(KSMBD_TRANS(t)->conn);
109 }
110
111 /**
112 * kvec_array_init() - initialize a IO vector segment
113 * @new: IO vector to be initialized
114 * @iov: base IO vector
115 * @nr_segs: number of segments in base iov
116 * @bytes: total iovec length so far for read
117 *
118 * Return: Number of IO segments
119 */
kvec_array_init(struct kvec * new,struct kvec * iov,unsigned int nr_segs,size_t bytes)120 static unsigned int kvec_array_init(struct kvec *new, struct kvec *iov,
121 unsigned int nr_segs, size_t bytes)
122 {
123 size_t base = 0;
124
125 while (bytes || !iov->iov_len) {
126 int copy = min(bytes, iov->iov_len);
127
128 bytes -= copy;
129 base += copy;
130 if (iov->iov_len == base) {
131 iov++;
132 nr_segs--;
133 base = 0;
134 }
135 }
136
137 memcpy(new, iov, sizeof(*iov) * nr_segs);
138 new->iov_base += base;
139 new->iov_len -= base;
140 return nr_segs;
141 }
142
143 /**
144 * get_conn_iovec() - get connection iovec for reading from socket
145 * @t: TCP transport instance
146 * @nr_segs: number of segments in iov
147 *
148 * Return: return existing or newly allocate iovec
149 */
get_conn_iovec(struct tcp_transport * t,unsigned int nr_segs)150 static struct kvec *get_conn_iovec(struct tcp_transport *t, unsigned int nr_segs)
151 {
152 struct kvec *new_iov;
153
154 if (t->iov && nr_segs <= t->nr_iov)
155 return t->iov;
156
157 /* not big enough -- allocate a new one and release the old */
158 new_iov = kmalloc_array(nr_segs, sizeof(*new_iov), KSMBD_DEFAULT_GFP);
159 if (new_iov) {
160 kfree(t->iov);
161 t->iov = new_iov;
162 t->nr_iov = nr_segs;
163 }
164 return new_iov;
165 }
166
167 /**
168 * ksmbd_tcp_new_connection() - create a new tcp session on mount
169 * @client_sk: socket associated with new connection
170 *
171 * whenever a new connection is requested, create a conn thread
172 * (session thread) to handle new incoming smb requests from the connection
173 *
174 * Return: 0 on success, otherwise error
175 */
ksmbd_tcp_new_connection(struct socket * client_sk)176 static int ksmbd_tcp_new_connection(struct socket *client_sk)
177 {
178 int rc = 0;
179 struct tcp_transport *t;
180 struct task_struct *handler;
181
182 t = alloc_transport(client_sk);
183 if (!t) {
184 sock_release(client_sk);
185 return -ENOMEM;
186 }
187
188 #if IS_ENABLED(CONFIG_IPV6)
189 if (client_sk->sk->sk_family == AF_INET6)
190 handler = kthread_run(ksmbd_conn_handler_loop,
191 KSMBD_TRANS(t)->conn, "ksmbd:%pI6c",
192 &KSMBD_TRANS(t)->conn->inet6_addr);
193 else
194 handler = kthread_run(ksmbd_conn_handler_loop,
195 KSMBD_TRANS(t)->conn, "ksmbd:%pI4",
196 &KSMBD_TRANS(t)->conn->inet_addr);
197 #else
198 handler = kthread_run(ksmbd_conn_handler_loop,
199 KSMBD_TRANS(t)->conn, "ksmbd:%pI4",
200 &KSMBD_TRANS(t)->conn->inet_addr);
201 #endif
202 if (IS_ERR(handler)) {
203 pr_err("cannot start conn thread\n");
204 rc = PTR_ERR(handler);
205 free_transport(t);
206 }
207 return rc;
208 }
209
210 /**
211 * ksmbd_kthread_fn() - listen to new SMB connections and callback server
212 * @p: arguments to forker thread
213 *
214 * Return: 0 on success, error number otherwise
215 */
ksmbd_kthread_fn(void * p)216 static int ksmbd_kthread_fn(void *p)
217 {
218 struct socket *client_sk = NULL;
219 struct interface *iface = (struct interface *)p;
220 struct ksmbd_conn *conn;
221 int ret, inet_hash;
222 unsigned int max_ip_conns;
223
224 while (!kthread_should_stop()) {
225 if (!iface->ksmbd_socket) {
226 break;
227 }
228 ret = kernel_accept(iface->ksmbd_socket, &client_sk, 0);
229 if (ret == -EINVAL)
230 break;
231 if (ret)
232 continue;
233
234 if (!server_conf.max_ip_connections)
235 goto skip_max_ip_conns_limit;
236
237 /*
238 * Limits repeated connections from clients with the same IP.
239 */
240 #if IS_ENABLED(CONFIG_IPV6)
241 if (client_sk->sk->sk_family == AF_INET6)
242 inet_hash = ipv6_addr_hash(&client_sk->sk->sk_v6_daddr);
243 else
244 inet_hash = ipv4_addr_hash(inet_sk(client_sk->sk)->inet_daddr);
245 #else
246 inet_hash = ipv4_addr_hash(inet_sk(client_sk->sk)->inet_daddr);
247 #endif
248
249 max_ip_conns = 0;
250 down_read(&conn_list_lock);
251 hash_for_each_possible(conn_list, conn, hlist, inet_hash) {
252 #if IS_ENABLED(CONFIG_IPV6)
253 if (client_sk->sk->sk_family == AF_INET6) {
254 if (memcmp(&client_sk->sk->sk_v6_daddr,
255 &conn->inet6_addr, 16) == 0)
256 max_ip_conns++;
257 } else if (inet_sk(client_sk->sk)->inet_daddr ==
258 conn->inet_addr)
259 max_ip_conns++;
260 #else
261 if (inet_sk(client_sk->sk)->inet_daddr ==
262 conn->inet_addr)
263 max_ip_conns++;
264 #endif
265 if (server_conf.max_ip_connections <= max_ip_conns) {
266 pr_info_ratelimited("Maximum IP connections exceeded (%u/%u)\n",
267 max_ip_conns, server_conf.max_ip_connections);
268 ret = -EAGAIN;
269 break;
270 }
271 }
272 up_read(&conn_list_lock);
273 if (ret == -EAGAIN) {
274 /* Per-IP limit hit: release the just-accepted socket. */
275 sock_release(client_sk);
276 continue;
277 }
278
279 skip_max_ip_conns_limit:
280 if (server_conf.max_connections &&
281 atomic_inc_return(&active_num_conn) >= server_conf.max_connections) {
282 pr_info_ratelimited("Limit the maximum number of connections(%u)\n",
283 atomic_read(&active_num_conn));
284 atomic_dec(&active_num_conn);
285 sock_release(client_sk);
286 continue;
287 }
288
289 ksmbd_debug(CONN, "connect success: accepted new connection\n");
290 client_sk->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT;
291 client_sk->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT;
292
293 ksmbd_tcp_new_connection(client_sk);
294 }
295
296 ksmbd_debug(CONN, "releasing socket\n");
297 return 0;
298 }
299
300 /**
301 * ksmbd_tcp_run_kthread() - start forker thread
302 * @iface: pointer to struct interface
303 *
304 * start forker thread(ksmbd/0) at module init time to listen
305 * on port 445 for new SMB connection requests. It creates per connection
306 * server threads(ksmbd/x)
307 *
308 * Return: 0 on success or error number
309 */
ksmbd_tcp_run_kthread(struct interface * iface)310 static int ksmbd_tcp_run_kthread(struct interface *iface)
311 {
312 int rc;
313 struct task_struct *kthread;
314
315 kthread = kthread_run(ksmbd_kthread_fn, (void *)iface, "ksmbd-%s",
316 iface->name);
317 if (IS_ERR(kthread)) {
318 rc = PTR_ERR(kthread);
319 return rc;
320 }
321 iface->ksmbd_kthread = kthread;
322
323 return 0;
324 }
325
326 /**
327 * ksmbd_tcp_readv() - read data from socket in given iovec
328 * @t: TCP transport instance
329 * @iov_orig: base IO vector
330 * @nr_segs: number of segments in base iov
331 * @to_read: number of bytes to read from socket
332 * @max_retries: maximum retry count
333 *
334 * Return: on success return number of bytes read from socket,
335 * otherwise return error number
336 */
ksmbd_tcp_readv(struct tcp_transport * t,struct kvec * iov_orig,unsigned int nr_segs,unsigned int to_read,int max_retries)337 static int ksmbd_tcp_readv(struct tcp_transport *t, struct kvec *iov_orig,
338 unsigned int nr_segs, unsigned int to_read,
339 int max_retries)
340 {
341 int length = 0;
342 int total_read;
343 unsigned int segs;
344 struct msghdr ksmbd_msg;
345 struct kvec *iov;
346 struct ksmbd_conn *conn = KSMBD_TRANS(t)->conn;
347
348 iov = get_conn_iovec(t, nr_segs);
349 if (!iov)
350 return -ENOMEM;
351
352 ksmbd_msg.msg_control = NULL;
353 ksmbd_msg.msg_controllen = 0;
354
355 for (total_read = 0; to_read; total_read += length, to_read -= length) {
356 try_to_freeze();
357
358 if (!ksmbd_conn_alive(conn)) {
359 total_read = -ESHUTDOWN;
360 break;
361 }
362 segs = kvec_array_init(iov, iov_orig, nr_segs, total_read);
363
364 length = kernel_recvmsg(t->sock, &ksmbd_msg,
365 iov, segs, to_read, 0);
366
367 if (length == -EINTR) {
368 total_read = -ESHUTDOWN;
369 break;
370 } else if (ksmbd_conn_need_reconnect(conn)) {
371 total_read = -EAGAIN;
372 break;
373 } else if (length == -ERESTARTSYS || length == -EAGAIN) {
374 /*
375 * If max_retries is negative, Allow unlimited
376 * retries to keep connection with inactive sessions.
377 */
378 if (max_retries == 0) {
379 total_read = length;
380 break;
381 } else if (max_retries > 0) {
382 max_retries--;
383 }
384
385 usleep_range(1000, 2000);
386 length = 0;
387 continue;
388 } else if (length <= 0) {
389 total_read = length;
390 break;
391 }
392 }
393 return total_read;
394 }
395
396 /**
397 * ksmbd_tcp_read() - read data from socket in given buffer
398 * @t: TCP transport instance
399 * @buf: buffer to store read data from socket
400 * @to_read: number of bytes to read from socket
401 * @max_retries: number of retries if reading from socket fails
402 *
403 * Return: on success return number of bytes read from socket,
404 * otherwise return error number
405 */
ksmbd_tcp_read(struct ksmbd_transport * t,char * buf,unsigned int to_read,int max_retries)406 static int ksmbd_tcp_read(struct ksmbd_transport *t, char *buf,
407 unsigned int to_read, int max_retries)
408 {
409 struct kvec iov;
410
411 iov.iov_base = buf;
412 iov.iov_len = to_read;
413
414 return ksmbd_tcp_readv(TCP_TRANS(t), &iov, 1, to_read, max_retries);
415 }
416
ksmbd_tcp_writev(struct ksmbd_transport * t,struct kvec * iov,int nvecs,int size,bool need_invalidate,unsigned int remote_key)417 static int ksmbd_tcp_writev(struct ksmbd_transport *t, struct kvec *iov,
418 int nvecs, int size, bool need_invalidate,
419 unsigned int remote_key)
420
421 {
422 struct msghdr smb_msg = {.msg_flags = MSG_NOSIGNAL};
423
424 return kernel_sendmsg(TCP_TRANS(t)->sock, &smb_msg, iov, nvecs, size);
425 }
426
ksmbd_tcp_disconnect(struct ksmbd_transport * t)427 static void ksmbd_tcp_disconnect(struct ksmbd_transport *t)
428 {
429 free_transport(TCP_TRANS(t));
430 if (server_conf.max_connections)
431 atomic_dec(&active_num_conn);
432 }
433
tcp_destroy_socket(struct socket * ksmbd_socket)434 static void tcp_destroy_socket(struct socket *ksmbd_socket)
435 {
436 int ret;
437
438 if (!ksmbd_socket)
439 return;
440
441 ret = kernel_sock_shutdown(ksmbd_socket, SHUT_RDWR);
442 if (ret)
443 pr_err("Failed to shutdown socket: %d\n", ret);
444 sock_release(ksmbd_socket);
445 }
446
447 /**
448 * create_socket - create socket for ksmbd/0
449 * @iface: interface to bind the created socket to
450 *
451 * Return: 0 on success, error number otherwise
452 */
create_socket(struct interface * iface)453 static int create_socket(struct interface *iface)
454 {
455 int ret;
456 struct sockaddr_in6 sin6;
457 struct sockaddr_in sin;
458 struct socket *ksmbd_socket;
459 bool ipv4 = false;
460
461 ret = sock_create_kern(current->nsproxy->net_ns, PF_INET6, SOCK_STREAM,
462 IPPROTO_TCP, &ksmbd_socket);
463 if (ret) {
464 if (ret != -EAFNOSUPPORT)
465 pr_err("Can't create socket for ipv6, fallback to ipv4: %d\n", ret);
466 ret = sock_create_kern(current->nsproxy->net_ns, PF_INET,
467 SOCK_STREAM, IPPROTO_TCP, &ksmbd_socket);
468 if (ret) {
469 pr_err("Can't create socket for ipv4: %d\n", ret);
470 goto out_clear;
471 }
472
473 sin.sin_family = PF_INET;
474 sin.sin_addr.s_addr = htonl(INADDR_ANY);
475 sin.sin_port = htons(server_conf.tcp_port);
476 ipv4 = true;
477 } else {
478 sin6.sin6_family = PF_INET6;
479 sin6.sin6_addr = in6addr_any;
480 sin6.sin6_port = htons(server_conf.tcp_port);
481
482 lock_sock(ksmbd_socket->sk);
483 ksmbd_socket->sk->sk_ipv6only = false;
484 release_sock(ksmbd_socket->sk);
485 }
486
487 ksmbd_tcp_nodelay(ksmbd_socket);
488 ksmbd_tcp_reuseaddr(ksmbd_socket);
489
490 ret = sock_setsockopt(ksmbd_socket,
491 SOL_SOCKET,
492 SO_BINDTODEVICE,
493 KERNEL_SOCKPTR(iface->name),
494 strlen(iface->name));
495 if (ret != -ENODEV && ret < 0) {
496 pr_err("Failed to set SO_BINDTODEVICE: %d\n", ret);
497 goto out_error;
498 }
499
500 if (ipv4)
501 ret = kernel_bind(ksmbd_socket, (struct sockaddr_unsized *)&sin,
502 sizeof(sin));
503 else
504 ret = kernel_bind(ksmbd_socket, (struct sockaddr_unsized *)&sin6,
505 sizeof(sin6));
506 if (ret) {
507 pr_err("Failed to bind socket: %d\n", ret);
508 goto out_error;
509 }
510
511 ret = kernel_listen(ksmbd_socket, KSMBD_SOCKET_BACKLOG);
512 if (ret) {
513 pr_err("Port listen() error: %d\n", ret);
514 goto out_error;
515 }
516
517 iface->ksmbd_socket = ksmbd_socket;
518 ret = ksmbd_tcp_run_kthread(iface);
519 if (ret) {
520 pr_err("Can't start ksmbd main kthread: %d\n", ret);
521 goto out_error;
522 }
523 iface->state = IFACE_STATE_CONFIGURED;
524
525 return 0;
526
527 out_error:
528 tcp_destroy_socket(ksmbd_socket);
529 out_clear:
530 iface->ksmbd_socket = NULL;
531 return ret;
532 }
533
ksmbd_find_netdev_name_iface_list(char * netdev_name)534 struct interface *ksmbd_find_netdev_name_iface_list(char *netdev_name)
535 {
536 struct interface *iface;
537
538 list_for_each_entry(iface, &iface_list, entry)
539 if (!strcmp(iface->name, netdev_name))
540 return iface;
541 return NULL;
542 }
543
ksmbd_netdev_event(struct notifier_block * nb,unsigned long event,void * ptr)544 static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event,
545 void *ptr)
546 {
547 struct net_device *netdev = netdev_notifier_info_to_dev(ptr);
548 struct interface *iface;
549 int ret;
550
551 switch (event) {
552 case NETDEV_UP:
553 if (netif_is_bridge_port(netdev))
554 return NOTIFY_OK;
555
556 iface = ksmbd_find_netdev_name_iface_list(netdev->name);
557 if (iface && iface->state == IFACE_STATE_DOWN) {
558 ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n",
559 iface->name);
560 ret = create_socket(iface);
561 if (ret)
562 return NOTIFY_OK;
563 }
564 if (!iface && bind_additional_ifaces) {
565 iface = alloc_iface(kstrdup(netdev->name, KSMBD_DEFAULT_GFP));
566 if (!iface)
567 return NOTIFY_OK;
568 ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n",
569 iface->name);
570 ret = create_socket(iface);
571 if (ret)
572 break;
573 }
574 break;
575 case NETDEV_DOWN:
576 iface = ksmbd_find_netdev_name_iface_list(netdev->name);
577 if (iface && iface->state == IFACE_STATE_CONFIGURED) {
578 ksmbd_debug(CONN, "netdev-down event: netdev(%s) is going down\n",
579 iface->name);
580 kernel_sock_shutdown(iface->ksmbd_socket, SHUT_RDWR);
581 tcp_stop_kthread(iface->ksmbd_kthread);
582 iface->ksmbd_kthread = NULL;
583 sock_release(iface->ksmbd_socket);
584 iface->ksmbd_socket = NULL;
585
586 iface->state = IFACE_STATE_DOWN;
587 break;
588 }
589 break;
590 }
591
592 return NOTIFY_DONE;
593 }
594
595 static struct notifier_block ksmbd_netdev_notifier = {
596 .notifier_call = ksmbd_netdev_event,
597 };
598
ksmbd_tcp_init(void)599 int ksmbd_tcp_init(void)
600 {
601 register_netdevice_notifier(&ksmbd_netdev_notifier);
602
603 return 0;
604 }
605
tcp_stop_kthread(struct task_struct * kthread)606 static void tcp_stop_kthread(struct task_struct *kthread)
607 {
608 int ret;
609
610 if (!kthread)
611 return;
612
613 ret = kthread_stop(kthread);
614 if (ret)
615 pr_err("failed to stop forker thread\n");
616 }
617
ksmbd_tcp_destroy(void)618 void ksmbd_tcp_destroy(void)
619 {
620 struct interface *iface, *tmp;
621
622 unregister_netdevice_notifier(&ksmbd_netdev_notifier);
623
624 list_for_each_entry_safe(iface, tmp, &iface_list, entry) {
625 list_del(&iface->entry);
626 kfree(iface->name);
627 kfree(iface);
628 }
629 }
630
alloc_iface(char * ifname)631 static struct interface *alloc_iface(char *ifname)
632 {
633 struct interface *iface;
634
635 if (!ifname)
636 return NULL;
637
638 iface = kzalloc(sizeof(struct interface), KSMBD_DEFAULT_GFP);
639 if (!iface) {
640 kfree(ifname);
641 return NULL;
642 }
643
644 iface->name = ifname;
645 iface->state = IFACE_STATE_DOWN;
646 list_add(&iface->entry, &iface_list);
647 return iface;
648 }
649
ksmbd_tcp_set_interfaces(char * ifc_list,int ifc_list_sz)650 int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz)
651 {
652 int sz = 0;
653
654 if (!ifc_list_sz) {
655 bind_additional_ifaces = 1;
656 return 0;
657 }
658
659 while (ifc_list_sz > 0) {
660 if (!alloc_iface(kstrdup(ifc_list, KSMBD_DEFAULT_GFP)))
661 return -ENOMEM;
662
663 sz = strlen(ifc_list);
664 if (!sz)
665 break;
666
667 ifc_list += sz + 1;
668 ifc_list_sz -= (sz + 1);
669 }
670
671 bind_additional_ifaces = 0;
672
673 return 0;
674 }
675
676 static const struct ksmbd_transport_ops ksmbd_tcp_transport_ops = {
677 .read = ksmbd_tcp_read,
678 .writev = ksmbd_tcp_writev,
679 .disconnect = ksmbd_tcp_disconnect,
680 .free_transport = ksmbd_tcp_free_transport,
681 };
682