1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org>
4 * Copyright (C) 2018 Samsung Electronics Co., Ltd.
5 */
6
7 #include <linux/freezer.h>
8
9 #include "smb_common.h"
10 #include "server.h"
11 #include "auth.h"
12 #include "connection.h"
13 #include "transport_tcp.h"
14
15 #define IFACE_STATE_DOWN BIT(0)
16 #define IFACE_STATE_CONFIGURED BIT(1)
17
18 static atomic_t active_num_conn;
19
20 struct interface {
21 struct task_struct *ksmbd_kthread;
22 struct socket *ksmbd_socket;
23 struct list_head entry;
24 char *name;
25 struct mutex sock_release_lock;
26 int state;
27 };
28
29 static LIST_HEAD(iface_list);
30
31 static int bind_additional_ifaces;
32
33 struct tcp_transport {
34 struct ksmbd_transport transport;
35 struct socket *sock;
36 struct kvec *iov;
37 unsigned int nr_iov;
38 };
39
40 static const struct ksmbd_transport_ops ksmbd_tcp_transport_ops;
41
42 static void tcp_stop_kthread(struct task_struct *kthread);
43 static struct interface *alloc_iface(char *ifname);
44
45 #define KSMBD_TRANS(t) (&(t)->transport)
46 #define TCP_TRANS(t) ((struct tcp_transport *)container_of(t, \
47 struct tcp_transport, transport))
48
ksmbd_tcp_nodelay(struct socket * sock)49 static inline void ksmbd_tcp_nodelay(struct socket *sock)
50 {
51 tcp_sock_set_nodelay(sock->sk);
52 }
53
ksmbd_tcp_reuseaddr(struct socket * sock)54 static inline void ksmbd_tcp_reuseaddr(struct socket *sock)
55 {
56 sock_set_reuseaddr(sock->sk);
57 }
58
ksmbd_tcp_rcv_timeout(struct socket * sock,s64 secs)59 static inline void ksmbd_tcp_rcv_timeout(struct socket *sock, s64 secs)
60 {
61 lock_sock(sock->sk);
62 if (secs && secs < MAX_SCHEDULE_TIMEOUT / HZ - 1)
63 sock->sk->sk_rcvtimeo = secs * HZ;
64 else
65 sock->sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT;
66 release_sock(sock->sk);
67 }
68
ksmbd_tcp_snd_timeout(struct socket * sock,s64 secs)69 static inline void ksmbd_tcp_snd_timeout(struct socket *sock, s64 secs)
70 {
71 sock_set_sndtimeo(sock->sk, secs);
72 }
73
alloc_transport(struct socket * client_sk)74 static struct tcp_transport *alloc_transport(struct socket *client_sk)
75 {
76 struct tcp_transport *t;
77 struct ksmbd_conn *conn;
78
79 t = kzalloc(sizeof(*t), KSMBD_DEFAULT_GFP);
80 if (!t)
81 return NULL;
82 t->sock = client_sk;
83
84 conn = ksmbd_conn_alloc();
85 if (!conn) {
86 kfree(t);
87 return NULL;
88 }
89
90 conn->transport = KSMBD_TRANS(t);
91 KSMBD_TRANS(t)->conn = conn;
92 KSMBD_TRANS(t)->ops = &ksmbd_tcp_transport_ops;
93 return t;
94 }
95
ksmbd_free_transport(struct ksmbd_transport * kt)96 void ksmbd_free_transport(struct ksmbd_transport *kt)
97 {
98 struct tcp_transport *t = TCP_TRANS(kt);
99
100 sock_release(t->sock);
101 kfree(t->iov);
102 kfree(t);
103 }
104
free_transport(struct tcp_transport * t)105 static void free_transport(struct tcp_transport *t)
106 {
107 kernel_sock_shutdown(t->sock, SHUT_RDWR);
108 ksmbd_conn_free(KSMBD_TRANS(t)->conn);
109 }
110
111 /**
112 * kvec_array_init() - initialize a IO vector segment
113 * @new: IO vector to be initialized
114 * @iov: base IO vector
115 * @nr_segs: number of segments in base iov
116 * @bytes: total iovec length so far for read
117 *
118 * Return: Number of IO segments
119 */
kvec_array_init(struct kvec * new,struct kvec * iov,unsigned int nr_segs,size_t bytes)120 static unsigned int kvec_array_init(struct kvec *new, struct kvec *iov,
121 unsigned int nr_segs, size_t bytes)
122 {
123 size_t base = 0;
124
125 while (bytes || !iov->iov_len) {
126 int copy = min(bytes, iov->iov_len);
127
128 bytes -= copy;
129 base += copy;
130 if (iov->iov_len == base) {
131 iov++;
132 nr_segs--;
133 base = 0;
134 }
135 }
136
137 memcpy(new, iov, sizeof(*iov) * nr_segs);
138 new->iov_base += base;
139 new->iov_len -= base;
140 return nr_segs;
141 }
142
143 /**
144 * get_conn_iovec() - get connection iovec for reading from socket
145 * @t: TCP transport instance
146 * @nr_segs: number of segments in iov
147 *
148 * Return: return existing or newly allocate iovec
149 */
get_conn_iovec(struct tcp_transport * t,unsigned int nr_segs)150 static struct kvec *get_conn_iovec(struct tcp_transport *t, unsigned int nr_segs)
151 {
152 struct kvec *new_iov;
153
154 if (t->iov && nr_segs <= t->nr_iov)
155 return t->iov;
156
157 /* not big enough -- allocate a new one and release the old */
158 new_iov = kmalloc_array(nr_segs, sizeof(*new_iov), KSMBD_DEFAULT_GFP);
159 if (new_iov) {
160 kfree(t->iov);
161 t->iov = new_iov;
162 t->nr_iov = nr_segs;
163 }
164 return new_iov;
165 }
166
ksmbd_tcp_get_port(const struct sockaddr * sa)167 static unsigned short ksmbd_tcp_get_port(const struct sockaddr *sa)
168 {
169 switch (sa->sa_family) {
170 case AF_INET:
171 return ntohs(((struct sockaddr_in *)sa)->sin_port);
172 case AF_INET6:
173 return ntohs(((struct sockaddr_in6 *)sa)->sin6_port);
174 }
175 return 0;
176 }
177
178 /**
179 * ksmbd_tcp_new_connection() - create a new tcp session on mount
180 * @client_sk: socket associated with new connection
181 *
182 * whenever a new connection is requested, create a conn thread
183 * (session thread) to handle new incoming smb requests from the connection
184 *
185 * Return: 0 on success, otherwise error
186 */
ksmbd_tcp_new_connection(struct socket * client_sk)187 static int ksmbd_tcp_new_connection(struct socket *client_sk)
188 {
189 struct sockaddr *csin;
190 int rc = 0;
191 struct tcp_transport *t;
192 struct task_struct *handler;
193
194 t = alloc_transport(client_sk);
195 if (!t) {
196 sock_release(client_sk);
197 return -ENOMEM;
198 }
199
200 csin = KSMBD_TCP_PEER_SOCKADDR(KSMBD_TRANS(t)->conn);
201 if (kernel_getpeername(client_sk, csin) < 0) {
202 pr_err("client ip resolution failed\n");
203 rc = -EINVAL;
204 goto out_error;
205 }
206
207 handler = kthread_run(ksmbd_conn_handler_loop,
208 KSMBD_TRANS(t)->conn,
209 "ksmbd:%u",
210 ksmbd_tcp_get_port(csin));
211 if (IS_ERR(handler)) {
212 pr_err("cannot start conn thread\n");
213 rc = PTR_ERR(handler);
214 free_transport(t);
215 }
216 return rc;
217
218 out_error:
219 free_transport(t);
220 return rc;
221 }
222
223 /**
224 * ksmbd_kthread_fn() - listen to new SMB connections and callback server
225 * @p: arguments to forker thread
226 *
227 * Return: 0 on success, error number otherwise
228 */
ksmbd_kthread_fn(void * p)229 static int ksmbd_kthread_fn(void *p)
230 {
231 struct socket *client_sk = NULL;
232 struct interface *iface = (struct interface *)p;
233 int ret;
234
235 while (!kthread_should_stop()) {
236 mutex_lock(&iface->sock_release_lock);
237 if (!iface->ksmbd_socket) {
238 mutex_unlock(&iface->sock_release_lock);
239 break;
240 }
241 ret = kernel_accept(iface->ksmbd_socket, &client_sk,
242 SOCK_NONBLOCK);
243 mutex_unlock(&iface->sock_release_lock);
244 if (ret) {
245 if (ret == -EAGAIN)
246 /* check for new connections every 100 msecs */
247 schedule_timeout_interruptible(HZ / 10);
248 continue;
249 }
250
251 if (server_conf.max_connections &&
252 atomic_inc_return(&active_num_conn) >= server_conf.max_connections) {
253 pr_info_ratelimited("Limit the maximum number of connections(%u)\n",
254 atomic_read(&active_num_conn));
255 atomic_dec(&active_num_conn);
256 sock_release(client_sk);
257 continue;
258 }
259
260 ksmbd_debug(CONN, "connect success: accepted new connection\n");
261 client_sk->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT;
262 client_sk->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT;
263
264 ksmbd_tcp_new_connection(client_sk);
265 }
266
267 ksmbd_debug(CONN, "releasing socket\n");
268 return 0;
269 }
270
271 /**
272 * ksmbd_tcp_run_kthread() - start forker thread
273 * @iface: pointer to struct interface
274 *
275 * start forker thread(ksmbd/0) at module init time to listen
276 * on port 445 for new SMB connection requests. It creates per connection
277 * server threads(ksmbd/x)
278 *
279 * Return: 0 on success or error number
280 */
ksmbd_tcp_run_kthread(struct interface * iface)281 static int ksmbd_tcp_run_kthread(struct interface *iface)
282 {
283 int rc;
284 struct task_struct *kthread;
285
286 kthread = kthread_run(ksmbd_kthread_fn, (void *)iface, "ksmbd-%s",
287 iface->name);
288 if (IS_ERR(kthread)) {
289 rc = PTR_ERR(kthread);
290 return rc;
291 }
292 iface->ksmbd_kthread = kthread;
293
294 return 0;
295 }
296
297 /**
298 * ksmbd_tcp_readv() - read data from socket in given iovec
299 * @t: TCP transport instance
300 * @iov_orig: base IO vector
301 * @nr_segs: number of segments in base iov
302 * @to_read: number of bytes to read from socket
303 * @max_retries: maximum retry count
304 *
305 * Return: on success return number of bytes read from socket,
306 * otherwise return error number
307 */
ksmbd_tcp_readv(struct tcp_transport * t,struct kvec * iov_orig,unsigned int nr_segs,unsigned int to_read,int max_retries)308 static int ksmbd_tcp_readv(struct tcp_transport *t, struct kvec *iov_orig,
309 unsigned int nr_segs, unsigned int to_read,
310 int max_retries)
311 {
312 int length = 0;
313 int total_read;
314 unsigned int segs;
315 struct msghdr ksmbd_msg;
316 struct kvec *iov;
317 struct ksmbd_conn *conn = KSMBD_TRANS(t)->conn;
318
319 iov = get_conn_iovec(t, nr_segs);
320 if (!iov)
321 return -ENOMEM;
322
323 ksmbd_msg.msg_control = NULL;
324 ksmbd_msg.msg_controllen = 0;
325
326 for (total_read = 0; to_read; total_read += length, to_read -= length) {
327 try_to_freeze();
328
329 if (!ksmbd_conn_alive(conn)) {
330 total_read = -ESHUTDOWN;
331 break;
332 }
333 segs = kvec_array_init(iov, iov_orig, nr_segs, total_read);
334
335 length = kernel_recvmsg(t->sock, &ksmbd_msg,
336 iov, segs, to_read, 0);
337
338 if (length == -EINTR) {
339 total_read = -ESHUTDOWN;
340 break;
341 } else if (ksmbd_conn_need_reconnect(conn)) {
342 total_read = -EAGAIN;
343 break;
344 } else if (length == -ERESTARTSYS || length == -EAGAIN) {
345 /*
346 * If max_retries is negative, Allow unlimited
347 * retries to keep connection with inactive sessions.
348 */
349 if (max_retries == 0) {
350 total_read = length;
351 break;
352 } else if (max_retries > 0) {
353 max_retries--;
354 }
355
356 usleep_range(1000, 2000);
357 length = 0;
358 continue;
359 } else if (length <= 0) {
360 total_read = length;
361 break;
362 }
363 }
364 return total_read;
365 }
366
367 /**
368 * ksmbd_tcp_read() - read data from socket in given buffer
369 * @t: TCP transport instance
370 * @buf: buffer to store read data from socket
371 * @to_read: number of bytes to read from socket
372 * @max_retries: number of retries if reading from socket fails
373 *
374 * Return: on success return number of bytes read from socket,
375 * otherwise return error number
376 */
ksmbd_tcp_read(struct ksmbd_transport * t,char * buf,unsigned int to_read,int max_retries)377 static int ksmbd_tcp_read(struct ksmbd_transport *t, char *buf,
378 unsigned int to_read, int max_retries)
379 {
380 struct kvec iov;
381
382 iov.iov_base = buf;
383 iov.iov_len = to_read;
384
385 return ksmbd_tcp_readv(TCP_TRANS(t), &iov, 1, to_read, max_retries);
386 }
387
ksmbd_tcp_writev(struct ksmbd_transport * t,struct kvec * iov,int nvecs,int size,bool need_invalidate,unsigned int remote_key)388 static int ksmbd_tcp_writev(struct ksmbd_transport *t, struct kvec *iov,
389 int nvecs, int size, bool need_invalidate,
390 unsigned int remote_key)
391
392 {
393 struct msghdr smb_msg = {.msg_flags = MSG_NOSIGNAL};
394
395 return kernel_sendmsg(TCP_TRANS(t)->sock, &smb_msg, iov, nvecs, size);
396 }
397
ksmbd_tcp_disconnect(struct ksmbd_transport * t)398 static void ksmbd_tcp_disconnect(struct ksmbd_transport *t)
399 {
400 free_transport(TCP_TRANS(t));
401 if (server_conf.max_connections)
402 atomic_dec(&active_num_conn);
403 }
404
tcp_destroy_socket(struct socket * ksmbd_socket)405 static void tcp_destroy_socket(struct socket *ksmbd_socket)
406 {
407 int ret;
408
409 if (!ksmbd_socket)
410 return;
411
412 /* set zero to timeout */
413 ksmbd_tcp_rcv_timeout(ksmbd_socket, 0);
414 ksmbd_tcp_snd_timeout(ksmbd_socket, 0);
415
416 ret = kernel_sock_shutdown(ksmbd_socket, SHUT_RDWR);
417 if (ret)
418 pr_err("Failed to shutdown socket: %d\n", ret);
419 sock_release(ksmbd_socket);
420 }
421
422 /**
423 * create_socket - create socket for ksmbd/0
424 * @iface: interface to bind the created socket to
425 *
426 * Return: 0 on success, error number otherwise
427 */
create_socket(struct interface * iface)428 static int create_socket(struct interface *iface)
429 {
430 int ret;
431 struct sockaddr_in6 sin6;
432 struct sockaddr_in sin;
433 struct socket *ksmbd_socket;
434 bool ipv4 = false;
435
436 ret = sock_create(PF_INET6, SOCK_STREAM, IPPROTO_TCP, &ksmbd_socket);
437 if (ret) {
438 if (ret != -EAFNOSUPPORT)
439 pr_err("Can't create socket for ipv6, fallback to ipv4: %d\n", ret);
440 ret = sock_create(PF_INET, SOCK_STREAM, IPPROTO_TCP,
441 &ksmbd_socket);
442 if (ret) {
443 pr_err("Can't create socket for ipv4: %d\n", ret);
444 goto out_clear;
445 }
446
447 sin.sin_family = PF_INET;
448 sin.sin_addr.s_addr = htonl(INADDR_ANY);
449 sin.sin_port = htons(server_conf.tcp_port);
450 ipv4 = true;
451 } else {
452 sin6.sin6_family = PF_INET6;
453 sin6.sin6_addr = in6addr_any;
454 sin6.sin6_port = htons(server_conf.tcp_port);
455
456 lock_sock(ksmbd_socket->sk);
457 ksmbd_socket->sk->sk_ipv6only = false;
458 release_sock(ksmbd_socket->sk);
459 }
460
461 ksmbd_tcp_nodelay(ksmbd_socket);
462 ksmbd_tcp_reuseaddr(ksmbd_socket);
463
464 ret = sock_setsockopt(ksmbd_socket,
465 SOL_SOCKET,
466 SO_BINDTODEVICE,
467 KERNEL_SOCKPTR(iface->name),
468 strlen(iface->name));
469 if (ret != -ENODEV && ret < 0) {
470 pr_err("Failed to set SO_BINDTODEVICE: %d\n", ret);
471 goto out_error;
472 }
473
474 if (ipv4)
475 ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin,
476 sizeof(sin));
477 else
478 ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin6,
479 sizeof(sin6));
480 if (ret) {
481 pr_err("Failed to bind socket: %d\n", ret);
482 goto out_error;
483 }
484
485 ksmbd_socket->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT;
486 ksmbd_socket->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT;
487
488 ret = kernel_listen(ksmbd_socket, KSMBD_SOCKET_BACKLOG);
489 if (ret) {
490 pr_err("Port listen() error: %d\n", ret);
491 goto out_error;
492 }
493
494 iface->ksmbd_socket = ksmbd_socket;
495 ret = ksmbd_tcp_run_kthread(iface);
496 if (ret) {
497 pr_err("Can't start ksmbd main kthread: %d\n", ret);
498 goto out_error;
499 }
500 iface->state = IFACE_STATE_CONFIGURED;
501
502 return 0;
503
504 out_error:
505 tcp_destroy_socket(ksmbd_socket);
506 out_clear:
507 iface->ksmbd_socket = NULL;
508 return ret;
509 }
510
ksmbd_find_netdev_name_iface_list(char * netdev_name)511 struct interface *ksmbd_find_netdev_name_iface_list(char *netdev_name)
512 {
513 struct interface *iface;
514
515 list_for_each_entry(iface, &iface_list, entry)
516 if (!strcmp(iface->name, netdev_name))
517 return iface;
518 return NULL;
519 }
520
ksmbd_netdev_event(struct notifier_block * nb,unsigned long event,void * ptr)521 static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event,
522 void *ptr)
523 {
524 struct net_device *netdev = netdev_notifier_info_to_dev(ptr);
525 struct interface *iface;
526 int ret;
527
528 switch (event) {
529 case NETDEV_UP:
530 if (netif_is_bridge_port(netdev))
531 return NOTIFY_OK;
532
533 iface = ksmbd_find_netdev_name_iface_list(netdev->name);
534 if (iface && iface->state == IFACE_STATE_DOWN) {
535 ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n",
536 iface->name);
537 ret = create_socket(iface);
538 if (ret)
539 return NOTIFY_OK;
540 }
541 if (!iface && bind_additional_ifaces) {
542 iface = alloc_iface(kstrdup(netdev->name, KSMBD_DEFAULT_GFP));
543 if (!iface)
544 return NOTIFY_OK;
545 ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n",
546 iface->name);
547 ret = create_socket(iface);
548 if (ret)
549 break;
550 }
551 break;
552 case NETDEV_DOWN:
553 iface = ksmbd_find_netdev_name_iface_list(netdev->name);
554 if (iface && iface->state == IFACE_STATE_CONFIGURED) {
555 ksmbd_debug(CONN, "netdev-down event: netdev(%s) is going down\n",
556 iface->name);
557 tcp_stop_kthread(iface->ksmbd_kthread);
558 iface->ksmbd_kthread = NULL;
559 mutex_lock(&iface->sock_release_lock);
560 tcp_destroy_socket(iface->ksmbd_socket);
561 iface->ksmbd_socket = NULL;
562 mutex_unlock(&iface->sock_release_lock);
563
564 iface->state = IFACE_STATE_DOWN;
565 break;
566 }
567 break;
568 }
569
570 return NOTIFY_DONE;
571 }
572
573 static struct notifier_block ksmbd_netdev_notifier = {
574 .notifier_call = ksmbd_netdev_event,
575 };
576
ksmbd_tcp_init(void)577 int ksmbd_tcp_init(void)
578 {
579 register_netdevice_notifier(&ksmbd_netdev_notifier);
580
581 return 0;
582 }
583
tcp_stop_kthread(struct task_struct * kthread)584 static void tcp_stop_kthread(struct task_struct *kthread)
585 {
586 int ret;
587
588 if (!kthread)
589 return;
590
591 ret = kthread_stop(kthread);
592 if (ret)
593 pr_err("failed to stop forker thread\n");
594 }
595
ksmbd_tcp_destroy(void)596 void ksmbd_tcp_destroy(void)
597 {
598 struct interface *iface, *tmp;
599
600 unregister_netdevice_notifier(&ksmbd_netdev_notifier);
601
602 list_for_each_entry_safe(iface, tmp, &iface_list, entry) {
603 list_del(&iface->entry);
604 kfree(iface->name);
605 kfree(iface);
606 }
607 }
608
alloc_iface(char * ifname)609 static struct interface *alloc_iface(char *ifname)
610 {
611 struct interface *iface;
612
613 if (!ifname)
614 return NULL;
615
616 iface = kzalloc(sizeof(struct interface), KSMBD_DEFAULT_GFP);
617 if (!iface) {
618 kfree(ifname);
619 return NULL;
620 }
621
622 iface->name = ifname;
623 iface->state = IFACE_STATE_DOWN;
624 list_add(&iface->entry, &iface_list);
625 mutex_init(&iface->sock_release_lock);
626 return iface;
627 }
628
ksmbd_tcp_set_interfaces(char * ifc_list,int ifc_list_sz)629 int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz)
630 {
631 int sz = 0;
632
633 if (!ifc_list_sz) {
634 bind_additional_ifaces = 1;
635 return 0;
636 }
637
638 while (ifc_list_sz > 0) {
639 if (!alloc_iface(kstrdup(ifc_list, KSMBD_DEFAULT_GFP)))
640 return -ENOMEM;
641
642 sz = strlen(ifc_list);
643 if (!sz)
644 break;
645
646 ifc_list += sz + 1;
647 ifc_list_sz -= (sz + 1);
648 }
649
650 bind_additional_ifaces = 0;
651
652 return 0;
653 }
654
655 static const struct ksmbd_transport_ops ksmbd_tcp_transport_ops = {
656 .read = ksmbd_tcp_read,
657 .writev = ksmbd_tcp_writev,
658 .disconnect = ksmbd_tcp_disconnect,
659 };
660