1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (C) 2016 Namjae Jeon <namjae.jeon@protocolfreedom.org>
4 * Copyright (C) 2018 Samsung Electronics Co., Ltd.
5 */
6
7 #include <linux/mutex.h>
8 #include <linux/freezer.h>
9 #include <linux/module.h>
10
11 #include "server.h"
12 #include "smb_common.h"
13 #include "mgmt/ksmbd_ida.h"
14 #include "connection.h"
15 #include "transport_tcp.h"
16 #include "transport_rdma.h"
17
18 static DEFINE_MUTEX(init_lock);
19
20 static struct ksmbd_conn_ops default_conn_ops;
21
22 DEFINE_HASHTABLE(conn_list, CONN_HASH_BITS);
23 DECLARE_RWSEM(conn_list_lock);
24
25 /**
26 * ksmbd_conn_free() - free resources of the connection instance
27 *
28 * @conn: connection instance to be cleaned up
29 *
30 * During the thread termination, the corresponding conn instance
31 * resources(sock/memory) are released and finally the conn object is freed.
32 */
ksmbd_conn_free(struct ksmbd_conn * conn)33 void ksmbd_conn_free(struct ksmbd_conn *conn)
34 {
35 down_write(&conn_list_lock);
36 hash_del(&conn->hlist);
37 up_write(&conn_list_lock);
38
39 xa_destroy(&conn->sessions);
40 kvfree(conn->request_buf);
41 kfree(conn->preauth_info);
42 if (atomic_dec_and_test(&conn->refcnt)) {
43 conn->transport->ops->free_transport(conn->transport);
44 kfree(conn);
45 }
46 }
47
48 /**
49 * ksmbd_conn_alloc() - initialize a new connection instance
50 *
51 * Return: ksmbd_conn struct on success, otherwise NULL
52 */
ksmbd_conn_alloc(void)53 struct ksmbd_conn *ksmbd_conn_alloc(void)
54 {
55 struct ksmbd_conn *conn;
56
57 conn = kzalloc(sizeof(struct ksmbd_conn), KSMBD_DEFAULT_GFP);
58 if (!conn)
59 return NULL;
60
61 conn->need_neg = true;
62 ksmbd_conn_set_new(conn);
63 conn->local_nls = load_nls("utf8");
64 if (!conn->local_nls)
65 conn->local_nls = load_nls_default();
66 if (IS_ENABLED(CONFIG_UNICODE))
67 conn->um = utf8_load(UNICODE_AGE(12, 1, 0));
68 else
69 conn->um = ERR_PTR(-EOPNOTSUPP);
70 if (IS_ERR(conn->um))
71 conn->um = NULL;
72 atomic_set(&conn->req_running, 0);
73 atomic_set(&conn->r_count, 0);
74 atomic_set(&conn->refcnt, 1);
75 conn->total_credits = 1;
76 conn->outstanding_credits = 0;
77
78 init_waitqueue_head(&conn->req_running_q);
79 init_waitqueue_head(&conn->r_count_q);
80 INIT_LIST_HEAD(&conn->requests);
81 INIT_LIST_HEAD(&conn->async_requests);
82 spin_lock_init(&conn->request_lock);
83 spin_lock_init(&conn->credits_lock);
84 ida_init(&conn->async_ida);
85 xa_init(&conn->sessions);
86
87 spin_lock_init(&conn->llist_lock);
88 INIT_LIST_HEAD(&conn->lock_list);
89
90 init_rwsem(&conn->session_lock);
91
92 return conn;
93 }
94
ksmbd_conn_lookup_dialect(struct ksmbd_conn * c)95 bool ksmbd_conn_lookup_dialect(struct ksmbd_conn *c)
96 {
97 struct ksmbd_conn *t;
98 int bkt;
99 bool ret = false;
100
101 down_read(&conn_list_lock);
102 hash_for_each(conn_list, bkt, t, hlist) {
103 if (memcmp(t->ClientGUID, c->ClientGUID, SMB2_CLIENT_GUID_SIZE))
104 continue;
105
106 ret = true;
107 break;
108 }
109 up_read(&conn_list_lock);
110 return ret;
111 }
112
ksmbd_conn_enqueue_request(struct ksmbd_work * work)113 void ksmbd_conn_enqueue_request(struct ksmbd_work *work)
114 {
115 struct ksmbd_conn *conn = work->conn;
116 struct list_head *requests_queue = NULL;
117
118 if (conn->ops->get_cmd_val(work) != SMB2_CANCEL_HE)
119 requests_queue = &conn->requests;
120
121 atomic_inc(&conn->req_running);
122 if (requests_queue) {
123 spin_lock(&conn->request_lock);
124 list_add_tail(&work->request_entry, requests_queue);
125 spin_unlock(&conn->request_lock);
126 }
127 }
128
ksmbd_conn_try_dequeue_request(struct ksmbd_work * work)129 void ksmbd_conn_try_dequeue_request(struct ksmbd_work *work)
130 {
131 struct ksmbd_conn *conn = work->conn;
132
133 atomic_dec(&conn->req_running);
134 if (waitqueue_active(&conn->req_running_q))
135 wake_up(&conn->req_running_q);
136
137 if (list_empty(&work->request_entry) &&
138 list_empty(&work->async_request_entry))
139 return;
140
141 spin_lock(&conn->request_lock);
142 list_del_init(&work->request_entry);
143 spin_unlock(&conn->request_lock);
144 if (work->asynchronous)
145 release_async_work(work);
146
147 wake_up_all(&conn->req_running_q);
148 }
149
ksmbd_conn_lock(struct ksmbd_conn * conn)150 void ksmbd_conn_lock(struct ksmbd_conn *conn)
151 {
152 mutex_lock(&conn->srv_mutex);
153 }
154
ksmbd_conn_unlock(struct ksmbd_conn * conn)155 void ksmbd_conn_unlock(struct ksmbd_conn *conn)
156 {
157 mutex_unlock(&conn->srv_mutex);
158 }
159
ksmbd_all_conn_set_status(u64 sess_id,u32 status)160 void ksmbd_all_conn_set_status(u64 sess_id, u32 status)
161 {
162 struct ksmbd_conn *conn;
163 int bkt;
164
165 down_read(&conn_list_lock);
166 hash_for_each(conn_list, bkt, conn, hlist) {
167 if (conn->binding || xa_load(&conn->sessions, sess_id))
168 WRITE_ONCE(conn->status, status);
169 }
170 up_read(&conn_list_lock);
171 }
172
ksmbd_conn_wait_idle(struct ksmbd_conn * conn)173 void ksmbd_conn_wait_idle(struct ksmbd_conn *conn)
174 {
175 wait_event(conn->req_running_q, atomic_read(&conn->req_running) < 2);
176 }
177
ksmbd_conn_wait_idle_sess_id(struct ksmbd_conn * curr_conn,u64 sess_id)178 int ksmbd_conn_wait_idle_sess_id(struct ksmbd_conn *curr_conn, u64 sess_id)
179 {
180 struct ksmbd_conn *conn;
181 int rc, retry_count = 0, max_timeout = 120;
182 int rcount = 1, bkt;
183
184 retry_idle:
185 if (retry_count >= max_timeout)
186 return -EIO;
187
188 down_read(&conn_list_lock);
189 hash_for_each(conn_list, bkt, conn, hlist) {
190 if (conn->binding || xa_load(&conn->sessions, sess_id)) {
191 if (conn == curr_conn)
192 rcount = 2;
193 if (atomic_read(&conn->req_running) >= rcount) {
194 rc = wait_event_timeout(conn->req_running_q,
195 atomic_read(&conn->req_running) < rcount,
196 HZ);
197 if (!rc) {
198 up_read(&conn_list_lock);
199 retry_count++;
200 goto retry_idle;
201 }
202 }
203 }
204 }
205 up_read(&conn_list_lock);
206
207 return 0;
208 }
209
ksmbd_conn_write(struct ksmbd_work * work)210 int ksmbd_conn_write(struct ksmbd_work *work)
211 {
212 struct ksmbd_conn *conn = work->conn;
213 int sent;
214
215 if (!work->response_buf) {
216 pr_err("NULL response header\n");
217 return -EINVAL;
218 }
219
220 if (work->send_no_response)
221 return 0;
222
223 if (!work->iov_idx)
224 return -EINVAL;
225
226 ksmbd_conn_lock(conn);
227 sent = conn->transport->ops->writev(conn->transport, work->iov,
228 work->iov_cnt,
229 get_rfc1002_len(work->iov[0].iov_base) + 4,
230 work->need_invalidate_rkey,
231 work->remote_key);
232 ksmbd_conn_unlock(conn);
233
234 if (sent < 0) {
235 pr_err("Failed to send message: %d\n", sent);
236 return sent;
237 }
238
239 return 0;
240 }
241
ksmbd_conn_rdma_read(struct ksmbd_conn * conn,void * buf,unsigned int buflen,struct smbdirect_buffer_descriptor_v1 * desc,unsigned int desc_len)242 int ksmbd_conn_rdma_read(struct ksmbd_conn *conn,
243 void *buf, unsigned int buflen,
244 struct smbdirect_buffer_descriptor_v1 *desc,
245 unsigned int desc_len)
246 {
247 int ret = -EINVAL;
248
249 if (conn->transport->ops->rdma_read)
250 ret = conn->transport->ops->rdma_read(conn->transport,
251 buf, buflen,
252 desc, desc_len);
253 return ret;
254 }
255
ksmbd_conn_rdma_write(struct ksmbd_conn * conn,void * buf,unsigned int buflen,struct smbdirect_buffer_descriptor_v1 * desc,unsigned int desc_len)256 int ksmbd_conn_rdma_write(struct ksmbd_conn *conn,
257 void *buf, unsigned int buflen,
258 struct smbdirect_buffer_descriptor_v1 *desc,
259 unsigned int desc_len)
260 {
261 int ret = -EINVAL;
262
263 if (conn->transport->ops->rdma_write)
264 ret = conn->transport->ops->rdma_write(conn->transport,
265 buf, buflen,
266 desc, desc_len);
267 return ret;
268 }
269
ksmbd_conn_alive(struct ksmbd_conn * conn)270 bool ksmbd_conn_alive(struct ksmbd_conn *conn)
271 {
272 if (!ksmbd_server_running())
273 return false;
274
275 if (ksmbd_conn_exiting(conn))
276 return false;
277
278 if (kthread_should_stop())
279 return false;
280
281 if (atomic_read(&conn->stats.open_files_count) > 0)
282 return true;
283
284 /*
285 * Stop current session if the time that get last request from client
286 * is bigger than deadtime user configured and opening file count is
287 * zero.
288 */
289 if (server_conf.deadtime > 0 &&
290 time_after(jiffies, conn->last_active + server_conf.deadtime)) {
291 ksmbd_debug(CONN, "No response from client in %lu minutes\n",
292 server_conf.deadtime / SMB_ECHO_INTERVAL);
293 return false;
294 }
295 return true;
296 }
297
298 /* "+2" for BCC field (ByteCount, 2 bytes) */
299 #define SMB1_MIN_SUPPORTED_PDU_SIZE (sizeof(struct smb_hdr) + 2)
300 #define SMB2_MIN_SUPPORTED_PDU_SIZE (sizeof(struct smb2_pdu))
301
302 /**
303 * ksmbd_conn_handler_loop() - session thread to listen on new smb requests
304 * @p: connection instance
305 *
306 * One thread each per connection
307 *
308 * Return: 0 on success
309 */
ksmbd_conn_handler_loop(void * p)310 int ksmbd_conn_handler_loop(void *p)
311 {
312 struct ksmbd_conn *conn = (struct ksmbd_conn *)p;
313 struct ksmbd_transport *t = conn->transport;
314 unsigned int pdu_size, max_allowed_pdu_size, max_req;
315 char hdr_buf[4] = {0,};
316 int size;
317
318 mutex_init(&conn->srv_mutex);
319 __module_get(THIS_MODULE);
320
321 if (t->ops->prepare && t->ops->prepare(t))
322 goto out;
323
324 max_req = server_conf.max_inflight_req;
325 conn->last_active = jiffies;
326 set_freezable();
327 while (ksmbd_conn_alive(conn)) {
328 if (try_to_freeze())
329 continue;
330
331 kvfree(conn->request_buf);
332 conn->request_buf = NULL;
333
334 recheck:
335 if (atomic_read(&conn->req_running) + 1 > max_req) {
336 wait_event_interruptible(conn->req_running_q,
337 atomic_read(&conn->req_running) < max_req);
338 goto recheck;
339 }
340
341 size = t->ops->read(t, hdr_buf, sizeof(hdr_buf), -1);
342 if (size != sizeof(hdr_buf))
343 break;
344
345 pdu_size = get_rfc1002_len(hdr_buf);
346 ksmbd_debug(CONN, "RFC1002 header %u bytes\n", pdu_size);
347
348 if (ksmbd_conn_good(conn))
349 max_allowed_pdu_size =
350 SMB3_MAX_MSGSIZE + conn->vals->max_write_size;
351 else
352 max_allowed_pdu_size = SMB3_MAX_MSGSIZE;
353
354 if (pdu_size > max_allowed_pdu_size) {
355 pr_err_ratelimited("PDU length(%u) exceeded maximum allowed pdu size(%u) on connection(%d)\n",
356 pdu_size, max_allowed_pdu_size,
357 READ_ONCE(conn->status));
358 break;
359 }
360
361 /*
362 * Check maximum pdu size(0x00FFFFFF).
363 */
364 if (pdu_size > MAX_STREAM_PROT_LEN)
365 break;
366
367 if (pdu_size < SMB1_MIN_SUPPORTED_PDU_SIZE)
368 break;
369
370 /* 4 for rfc1002 length field */
371 /* 1 for implied bcc[0] */
372 size = pdu_size + 4 + 1;
373 conn->request_buf = kvmalloc(size, KSMBD_DEFAULT_GFP);
374 if (!conn->request_buf)
375 break;
376
377 memcpy(conn->request_buf, hdr_buf, sizeof(hdr_buf));
378
379 /*
380 * We already read 4 bytes to find out PDU size, now
381 * read in PDU
382 */
383 size = t->ops->read(t, conn->request_buf + 4, pdu_size, 2);
384 if (size < 0) {
385 pr_err("sock_read failed: %d\n", size);
386 break;
387 }
388
389 if (size != pdu_size) {
390 pr_err("PDU error. Read: %d, Expected: %d\n",
391 size, pdu_size);
392 continue;
393 }
394
395 if (!ksmbd_smb_request(conn))
396 break;
397
398 if (((struct smb2_hdr *)smb_get_msg(conn->request_buf))->ProtocolId ==
399 SMB2_PROTO_NUMBER) {
400 if (pdu_size < SMB2_MIN_SUPPORTED_PDU_SIZE)
401 break;
402 }
403
404 if (!default_conn_ops.process_fn) {
405 pr_err("No connection request callback\n");
406 break;
407 }
408
409 if (default_conn_ops.process_fn(conn)) {
410 pr_err("Cannot handle request\n");
411 break;
412 }
413 }
414
415 out:
416 ksmbd_conn_set_releasing(conn);
417 /* Wait till all reference dropped to the Server object*/
418 ksmbd_debug(CONN, "Wait for all pending requests(%d)\n", atomic_read(&conn->r_count));
419 wait_event(conn->r_count_q, atomic_read(&conn->r_count) == 0);
420
421 if (IS_ENABLED(CONFIG_UNICODE))
422 utf8_unload(conn->um);
423 unload_nls(conn->local_nls);
424 if (default_conn_ops.terminate_fn)
425 default_conn_ops.terminate_fn(conn);
426 t->ops->disconnect(t);
427 module_put(THIS_MODULE);
428 return 0;
429 }
430
ksmbd_conn_init_server_callbacks(struct ksmbd_conn_ops * ops)431 void ksmbd_conn_init_server_callbacks(struct ksmbd_conn_ops *ops)
432 {
433 default_conn_ops.process_fn = ops->process_fn;
434 default_conn_ops.terminate_fn = ops->terminate_fn;
435 }
436
ksmbd_conn_r_count_inc(struct ksmbd_conn * conn)437 void ksmbd_conn_r_count_inc(struct ksmbd_conn *conn)
438 {
439 atomic_inc(&conn->r_count);
440 }
441
ksmbd_conn_r_count_dec(struct ksmbd_conn * conn)442 void ksmbd_conn_r_count_dec(struct ksmbd_conn *conn)
443 {
444 /*
445 * Checking waitqueue to dropping pending requests on
446 * disconnection. waitqueue_active is safe because it
447 * uses atomic operation for condition.
448 */
449 atomic_inc(&conn->refcnt);
450 if (!atomic_dec_return(&conn->r_count) && waitqueue_active(&conn->r_count_q))
451 wake_up(&conn->r_count_q);
452
453 if (atomic_dec_and_test(&conn->refcnt))
454 kfree(conn);
455 }
456
ksmbd_conn_transport_init(void)457 int ksmbd_conn_transport_init(void)
458 {
459 int ret;
460
461 mutex_lock(&init_lock);
462 ret = ksmbd_tcp_init();
463 if (ret) {
464 pr_err("Failed to init TCP subsystem: %d\n", ret);
465 goto out;
466 }
467
468 ret = ksmbd_rdma_init();
469 if (ret) {
470 pr_err("Failed to init RDMA subsystem: %d\n", ret);
471 goto out;
472 }
473 out:
474 mutex_unlock(&init_lock);
475 return ret;
476 }
477
stop_sessions(void)478 static void stop_sessions(void)
479 {
480 struct ksmbd_conn *conn;
481 struct ksmbd_transport *t;
482 int bkt;
483
484 again:
485 down_read(&conn_list_lock);
486 hash_for_each(conn_list, bkt, conn, hlist) {
487 t = conn->transport;
488 ksmbd_conn_set_exiting(conn);
489 if (t->ops->shutdown) {
490 up_read(&conn_list_lock);
491 t->ops->shutdown(t);
492 down_read(&conn_list_lock);
493 }
494 }
495 up_read(&conn_list_lock);
496
497 if (!hash_empty(conn_list)) {
498 msleep(100);
499 goto again;
500 }
501 }
502
ksmbd_conn_transport_destroy(void)503 void ksmbd_conn_transport_destroy(void)
504 {
505 mutex_lock(&init_lock);
506 ksmbd_tcp_destroy();
507 ksmbd_rdma_stop_listening();
508 stop_sessions();
509 ksmbd_rdma_destroy();
510 mutex_unlock(&init_lock);
511 }
512