1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* connection-level event handling 3 * 4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 9 10 #include <linux/module.h> 11 #include <linux/net.h> 12 #include <linux/skbuff.h> 13 #include <linux/errqueue.h> 14 #include <net/sock.h> 15 #include <net/af_rxrpc.h> 16 #include <net/ip.h> 17 #include "ar-internal.h" 18 19 /* 20 * Set the completion state on an aborted connection. 21 */ 22 static bool rxrpc_set_conn_aborted(struct rxrpc_connection *conn, 23 s32 abort_code, int err, 24 enum rxrpc_call_completion compl) 25 { 26 bool aborted = false; 27 28 if (conn->state != RXRPC_CONN_ABORTED) { 29 spin_lock_irq(&conn->state_lock); 30 if (conn->state != RXRPC_CONN_ABORTED) { 31 conn->abort_code = abort_code; 32 conn->error = err; 33 conn->completion = compl; 34 /* Order the abort info before the state change. */ 35 smp_store_release(&conn->state, RXRPC_CONN_ABORTED); 36 set_bit(RXRPC_CONN_DONT_REUSE, &conn->flags); 37 set_bit(RXRPC_CONN_EV_ABORT_CALLS, &conn->events); 38 aborted = true; 39 } 40 spin_unlock_irq(&conn->state_lock); 41 } 42 43 return aborted; 44 } 45 46 /* 47 * Mark a socket buffer to indicate that the connection it's on should be aborted. 48 */ 49 int rxrpc_abort_conn(struct rxrpc_connection *conn, struct sk_buff *skb, 50 s32 abort_code, int err, enum rxrpc_abort_reason why) 51 { 52 53 u32 cid = conn->proto.cid, call = 0, seq = 0; 54 55 if (skb) { 56 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 57 58 cid = sp->hdr.cid; 59 call = sp->hdr.callNumber; 60 seq = sp->hdr.seq; 61 } 62 63 if (rxrpc_set_conn_aborted(conn, abort_code, err, 64 RXRPC_CALL_LOCALLY_ABORTED)) { 65 trace_rxrpc_abort(0, why, cid, call, seq, abort_code, err); 66 rxrpc_poke_conn(conn, rxrpc_conn_get_poke_abort); 67 } 68 return -EPROTO; 69 } 70 71 /* 72 * Mark a connection as being remotely aborted. 73 */ 74 static void rxrpc_input_conn_abort(struct rxrpc_connection *conn, 75 struct sk_buff *skb) 76 { 77 trace_rxrpc_rx_conn_abort(conn, skb); 78 rxrpc_set_conn_aborted(conn, skb->priority, -ECONNABORTED, 79 RXRPC_CALL_REMOTELY_ABORTED); 80 } 81 82 /* 83 * Retransmit terminal ACK or ABORT of the previous call. 84 */ 85 void rxrpc_conn_retransmit_call(struct rxrpc_connection *conn, 86 struct sk_buff *skb, 87 unsigned int channel) 88 { 89 struct rxrpc_skb_priv *sp = skb ? rxrpc_skb(skb) : NULL; 90 struct rxrpc_channel *chan; 91 struct msghdr msg; 92 struct kvec iov[3]; 93 struct { 94 struct rxrpc_wire_header whdr; 95 union { 96 __be32 abort_code; 97 struct rxrpc_ackpacket ack; 98 }; 99 } __attribute__((packed)) pkt; 100 struct rxrpc_acktrailer trailer; 101 size_t len; 102 int ret, ioc; 103 u32 serial, max_mtu, if_mtu, call_id, padding; 104 105 _enter("%d", conn->debug_id); 106 107 if (sp && sp->hdr.type == RXRPC_PACKET_TYPE_ACK) { 108 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header), 109 &pkt.ack, sizeof(pkt.ack)) < 0) 110 return; 111 if (pkt.ack.reason == RXRPC_ACK_PING_RESPONSE) 112 return; 113 } 114 115 chan = &conn->channels[channel]; 116 117 /* If the last call got moved on whilst we were waiting to run, just 118 * ignore this packet. 119 */ 120 call_id = chan->last_call; 121 if (skb && call_id != sp->hdr.callNumber) 122 return; 123 124 msg.msg_name = &conn->peer->srx.transport; 125 msg.msg_namelen = conn->peer->srx.transport_len; 126 msg.msg_control = NULL; 127 msg.msg_controllen = 0; 128 msg.msg_flags = 0; 129 130 iov[0].iov_base = &pkt; 131 iov[0].iov_len = sizeof(pkt.whdr); 132 iov[1].iov_base = &padding; 133 iov[1].iov_len = 3; 134 iov[2].iov_base = &trailer; 135 iov[2].iov_len = sizeof(trailer); 136 137 serial = rxrpc_get_next_serial(conn); 138 139 pkt.whdr.epoch = htonl(conn->proto.epoch); 140 pkt.whdr.cid = htonl(conn->proto.cid | channel); 141 pkt.whdr.callNumber = htonl(call_id); 142 pkt.whdr.serial = htonl(serial); 143 pkt.whdr.seq = 0; 144 pkt.whdr.type = chan->last_type; 145 pkt.whdr.flags = conn->out_clientflag; 146 pkt.whdr.userStatus = 0; 147 pkt.whdr.securityIndex = conn->security_ix; 148 pkt.whdr._rsvd = 0; 149 pkt.whdr.serviceId = htons(conn->service_id); 150 151 len = sizeof(pkt.whdr); 152 switch (chan->last_type) { 153 case RXRPC_PACKET_TYPE_ABORT: 154 pkt.abort_code = htonl(chan->last_abort); 155 iov[0].iov_len += sizeof(pkt.abort_code); 156 len += sizeof(pkt.abort_code); 157 ioc = 1; 158 break; 159 160 case RXRPC_PACKET_TYPE_ACK: 161 if_mtu = conn->peer->if_mtu - conn->peer->hdrsize; 162 if (conn->peer->ackr_adv_pmtud) { 163 max_mtu = umax(conn->peer->max_data, rxrpc_rx_mtu); 164 } else { 165 if_mtu = umin(1444, if_mtu); 166 max_mtu = if_mtu; 167 } 168 pkt.ack.bufferSpace = 0; 169 pkt.ack.maxSkew = htons(skb ? skb->priority : 0); 170 pkt.ack.firstPacket = htonl(chan->last_seq + 1); 171 pkt.ack.previousPacket = htonl(chan->last_seq); 172 pkt.ack.serial = htonl(skb ? sp->hdr.serial : 0); 173 pkt.ack.reason = skb ? RXRPC_ACK_DUPLICATE : RXRPC_ACK_IDLE; 174 pkt.ack.nAcks = 0; 175 trailer.maxMTU = htonl(max_mtu); 176 trailer.ifMTU = htonl(if_mtu); 177 trailer.rwind = htonl(rxrpc_rx_window_size); 178 trailer.jumbo_max = 0; 179 pkt.whdr.flags |= RXRPC_SLOW_START_OK; 180 padding = 0; 181 iov[0].iov_len += sizeof(pkt.ack); 182 len += sizeof(pkt.ack) + 3 + sizeof(trailer); 183 ioc = 3; 184 185 trace_rxrpc_tx_ack(chan->call_debug_id, serial, 186 ntohl(pkt.ack.firstPacket), 187 ntohl(pkt.ack.serial), 188 pkt.ack.reason, 0, rxrpc_rx_window_size, 189 rxrpc_propose_ack_retransmit); 190 break; 191 192 default: 193 return; 194 } 195 196 ret = kernel_sendmsg(conn->local->socket, &msg, iov, ioc, len); 197 conn->peer->last_tx_at = ktime_get_seconds(); 198 if (ret < 0) 199 trace_rxrpc_tx_fail(chan->call_debug_id, serial, ret, 200 rxrpc_tx_point_call_final_resend); 201 else 202 trace_rxrpc_tx_packet(chan->call_debug_id, &pkt.whdr, 203 rxrpc_tx_point_call_final_resend); 204 205 _leave(""); 206 } 207 208 /* 209 * pass a connection-level abort onto all calls on that connection 210 */ 211 static void rxrpc_abort_calls(struct rxrpc_connection *conn) 212 { 213 struct rxrpc_call *call; 214 int i; 215 216 _enter("{%d},%x", conn->debug_id, conn->abort_code); 217 218 for (i = 0; i < RXRPC_MAXCALLS; i++) { 219 call = conn->channels[i].call; 220 if (call) { 221 rxrpc_see_call(call, rxrpc_call_see_conn_abort); 222 rxrpc_set_call_completion(call, 223 conn->completion, 224 conn->abort_code, 225 conn->error); 226 rxrpc_poke_call(call, rxrpc_call_poke_conn_abort); 227 } 228 } 229 230 _leave(""); 231 } 232 233 /* 234 * mark a call as being on a now-secured channel 235 * - must be called with BH's disabled. 236 */ 237 static void rxrpc_call_is_secure(struct rxrpc_call *call) 238 { 239 if (call && __test_and_clear_bit(RXRPC_CALL_CONN_CHALLENGING, &call->flags)) 240 rxrpc_notify_socket(call); 241 } 242 243 /* 244 * connection-level Rx packet processor 245 */ 246 static int rxrpc_process_event(struct rxrpc_connection *conn, 247 struct sk_buff *skb) 248 { 249 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 250 int ret; 251 252 if (conn->state == RXRPC_CONN_ABORTED) 253 return -ECONNABORTED; 254 255 _enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial); 256 257 switch (sp->hdr.type) { 258 case RXRPC_PACKET_TYPE_CHALLENGE: 259 ret = conn->security->respond_to_challenge(conn, skb); 260 sp->chall.conn = NULL; 261 rxrpc_put_connection(conn, rxrpc_conn_put_challenge_input); 262 return ret; 263 264 case RXRPC_PACKET_TYPE_RESPONSE: 265 ret = conn->security->verify_response(conn, skb); 266 if (ret < 0) 267 return ret; 268 269 ret = conn->security->init_connection_security( 270 conn, conn->key->payload.data[0]); 271 if (ret < 0) 272 return ret; 273 274 spin_lock_irq(&conn->state_lock); 275 if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) 276 conn->state = RXRPC_CONN_SERVICE; 277 spin_unlock_irq(&conn->state_lock); 278 279 if (conn->state == RXRPC_CONN_SERVICE) { 280 /* Offload call state flipping to the I/O thread. As 281 * we've already received the packet, put it on the 282 * front of the queue. 283 */ 284 sp->poke_conn = rxrpc_get_connection( 285 conn, rxrpc_conn_get_poke_secured); 286 skb->mark = RXRPC_SKB_MARK_SERVICE_CONN_SECURED; 287 rxrpc_get_skb(skb, rxrpc_skb_get_conn_secured); 288 skb_queue_head(&conn->local->rx_queue, skb); 289 rxrpc_wake_up_io_thread(conn->local); 290 } 291 return 0; 292 293 default: 294 WARN_ON_ONCE(1); 295 return -EPROTO; 296 } 297 } 298 299 /* 300 * set up security and issue a challenge 301 */ 302 static void rxrpc_secure_connection(struct rxrpc_connection *conn) 303 { 304 if (conn->security->issue_challenge(conn) < 0) 305 rxrpc_abort_conn(conn, NULL, RX_CALL_DEAD, -ENOMEM, 306 rxrpc_abort_nomem); 307 } 308 309 /* 310 * Process delayed final ACKs that we haven't subsumed into a subsequent call. 311 */ 312 void rxrpc_process_delayed_final_acks(struct rxrpc_connection *conn, bool force) 313 { 314 unsigned long j = jiffies, next_j; 315 unsigned int channel; 316 bool set; 317 318 again: 319 next_j = j + LONG_MAX; 320 set = false; 321 for (channel = 0; channel < RXRPC_MAXCALLS; channel++) { 322 struct rxrpc_channel *chan = &conn->channels[channel]; 323 unsigned long ack_at; 324 325 if (!test_bit(RXRPC_CONN_FINAL_ACK_0 + channel, &conn->flags)) 326 continue; 327 328 ack_at = chan->final_ack_at; 329 if (time_before(j, ack_at) && !force) { 330 if (time_before(ack_at, next_j)) { 331 next_j = ack_at; 332 set = true; 333 } 334 continue; 335 } 336 337 if (test_and_clear_bit(RXRPC_CONN_FINAL_ACK_0 + channel, 338 &conn->flags)) 339 rxrpc_conn_retransmit_call(conn, NULL, channel); 340 } 341 342 j = jiffies; 343 if (time_before_eq(next_j, j)) 344 goto again; 345 if (set) 346 rxrpc_reduce_conn_timer(conn, next_j); 347 } 348 349 /* 350 * connection-level event processor 351 */ 352 static void rxrpc_do_process_connection(struct rxrpc_connection *conn) 353 { 354 struct sk_buff *skb; 355 int ret; 356 357 if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events)) 358 rxrpc_secure_connection(conn); 359 360 /* go through the conn-level event packets, releasing the ref on this 361 * connection that each one has when we've finished with it */ 362 while ((skb = skb_dequeue(&conn->rx_queue))) { 363 rxrpc_see_skb(skb, rxrpc_skb_see_conn_work); 364 ret = rxrpc_process_event(conn, skb); 365 switch (ret) { 366 case -ENOMEM: 367 case -EAGAIN: 368 skb_queue_head(&conn->rx_queue, skb); 369 rxrpc_queue_conn(conn, rxrpc_conn_queue_retry_work); 370 break; 371 default: 372 rxrpc_free_skb(skb, rxrpc_skb_put_conn_work); 373 break; 374 } 375 } 376 } 377 378 void rxrpc_process_connection(struct work_struct *work) 379 { 380 struct rxrpc_connection *conn = 381 container_of(work, struct rxrpc_connection, processor); 382 383 rxrpc_see_connection(conn, rxrpc_conn_see_work); 384 385 if (__rxrpc_use_local(conn->local, rxrpc_local_use_conn_work)) { 386 rxrpc_do_process_connection(conn); 387 rxrpc_unuse_local(conn->local, rxrpc_local_unuse_conn_work); 388 } 389 } 390 391 /* 392 * post connection-level events to the connection 393 * - this includes challenges, responses, some aborts and call terminal packet 394 * retransmission. 395 */ 396 static void rxrpc_post_packet_to_conn(struct rxrpc_connection *conn, 397 struct sk_buff *skb) 398 { 399 _enter("%p,%p", conn, skb); 400 401 rxrpc_get_skb(skb, rxrpc_skb_get_conn_work); 402 skb_queue_tail(&conn->rx_queue, skb); 403 rxrpc_queue_conn(conn, rxrpc_conn_queue_rx_work); 404 } 405 406 /* 407 * Post a CHALLENGE packet to the socket of one of a connection's calls so that 408 * it can get application data to include in the packet, possibly querying 409 * userspace. 410 */ 411 static bool rxrpc_post_challenge(struct rxrpc_connection *conn, 412 struct sk_buff *skb) 413 { 414 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 415 struct rxrpc_call *call = NULL; 416 struct rxrpc_sock *rx; 417 bool respond = false; 418 419 sp->chall.conn = 420 rxrpc_get_connection(conn, rxrpc_conn_get_challenge_input); 421 422 if (!conn->security->challenge_to_recvmsg) { 423 rxrpc_post_packet_to_conn(conn, skb); 424 return true; 425 } 426 427 rcu_read_lock(); 428 429 for (int i = 0; i < ARRAY_SIZE(conn->channels); i++) { 430 if (conn->channels[i].call) { 431 call = conn->channels[i].call; 432 rx = rcu_dereference(call->socket); 433 if (!rx) { 434 call = NULL; 435 continue; 436 } 437 438 respond = true; 439 if (test_bit(RXRPC_SOCK_MANAGE_RESPONSE, &rx->flags)) 440 break; 441 call = NULL; 442 } 443 } 444 445 if (!respond) { 446 rcu_read_unlock(); 447 rxrpc_put_connection(conn, rxrpc_conn_put_challenge_input); 448 sp->chall.conn = NULL; 449 return false; 450 } 451 452 if (call) 453 rxrpc_notify_socket_oob(call, skb); 454 rcu_read_unlock(); 455 456 if (!call) 457 rxrpc_post_packet_to_conn(conn, skb); 458 return true; 459 } 460 461 /* 462 * Input a connection-level packet. 463 */ 464 bool rxrpc_input_conn_packet(struct rxrpc_connection *conn, struct sk_buff *skb) 465 { 466 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 467 468 switch (sp->hdr.type) { 469 case RXRPC_PACKET_TYPE_BUSY: 470 /* Just ignore BUSY packets for now. */ 471 return true; 472 473 case RXRPC_PACKET_TYPE_ABORT: 474 if (rxrpc_is_conn_aborted(conn)) 475 return true; 476 rxrpc_input_conn_abort(conn, skb); 477 rxrpc_abort_calls(conn); 478 return true; 479 480 case RXRPC_PACKET_TYPE_CHALLENGE: 481 rxrpc_see_skb(skb, rxrpc_skb_see_oob_challenge); 482 if (rxrpc_is_conn_aborted(conn)) { 483 if (conn->completion == RXRPC_CALL_LOCALLY_ABORTED) 484 rxrpc_send_conn_abort(conn); 485 return true; 486 } 487 if (!conn->security->validate_challenge(conn, skb)) 488 return false; 489 return rxrpc_post_challenge(conn, skb); 490 491 case RXRPC_PACKET_TYPE_RESPONSE: 492 if (rxrpc_is_conn_aborted(conn)) { 493 if (conn->completion == RXRPC_CALL_LOCALLY_ABORTED) 494 rxrpc_send_conn_abort(conn); 495 return true; 496 } 497 rxrpc_post_packet_to_conn(conn, skb); 498 return true; 499 500 default: 501 WARN_ON_ONCE(1); 502 return true; 503 } 504 } 505 506 /* 507 * Input a connection event. 508 */ 509 void rxrpc_input_conn_event(struct rxrpc_connection *conn, struct sk_buff *skb) 510 { 511 unsigned int loop; 512 513 if (test_and_clear_bit(RXRPC_CONN_EV_ABORT_CALLS, &conn->events)) 514 rxrpc_abort_calls(conn); 515 516 if (conn->tx_response) { 517 struct sk_buff *skb; 518 519 spin_lock_irq(&conn->local->lock); 520 skb = conn->tx_response; 521 conn->tx_response = NULL; 522 spin_unlock_irq(&conn->local->lock); 523 524 if (conn->state != RXRPC_CONN_ABORTED) 525 rxrpc_send_response(conn, skb); 526 rxrpc_free_skb(skb, rxrpc_skb_put_response); 527 } 528 529 if (skb) { 530 switch (skb->mark) { 531 case RXRPC_SKB_MARK_SERVICE_CONN_SECURED: 532 if (conn->state != RXRPC_CONN_SERVICE) 533 break; 534 535 for (loop = 0; loop < RXRPC_MAXCALLS; loop++) 536 rxrpc_call_is_secure(conn->channels[loop].call); 537 break; 538 } 539 } 540 541 /* Process delayed ACKs whose time has come. */ 542 if (conn->flags & RXRPC_CONN_FINAL_ACK_MASK) 543 rxrpc_process_delayed_final_acks(conn, false); 544 } 545 546 /* 547 * Post a RESPONSE message to the I/O thread for transmission. 548 */ 549 void rxrpc_post_response(struct rxrpc_connection *conn, struct sk_buff *skb) 550 { 551 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 552 struct rxrpc_local *local = conn->local; 553 struct sk_buff *old; 554 555 _enter("%x", sp->resp.challenge_serial); 556 557 spin_lock_irq(&local->lock); 558 old = conn->tx_response; 559 if (old) { 560 struct rxrpc_skb_priv *osp = rxrpc_skb(skb); 561 562 /* Always go with the response to the most recent challenge. */ 563 if (after(sp->resp.challenge_serial, osp->resp.challenge_serial)) 564 conn->tx_response = old; 565 else 566 old = skb; 567 } else { 568 conn->tx_response = skb; 569 } 570 spin_unlock_irq(&local->lock); 571 rxrpc_poke_conn(conn, rxrpc_conn_get_poke_response); 572 } 573