1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org> 4 * Copyright (C) 2018 Samsung Electronics Co., Ltd. 5 */ 6 7 #include <linux/freezer.h> 8 9 #include "smb_common.h" 10 #include "server.h" 11 #include "auth.h" 12 #include "connection.h" 13 #include "transport_tcp.h" 14 15 #define IFACE_STATE_DOWN BIT(0) 16 #define IFACE_STATE_CONFIGURED BIT(1) 17 18 static atomic_t active_num_conn; 19 20 struct interface { 21 struct task_struct *ksmbd_kthread; 22 struct socket *ksmbd_socket; 23 struct list_head entry; 24 char *name; 25 struct mutex sock_release_lock; 26 int state; 27 }; 28 29 static LIST_HEAD(iface_list); 30 31 static int bind_additional_ifaces; 32 33 struct tcp_transport { 34 struct ksmbd_transport transport; 35 struct socket *sock; 36 struct kvec *iov; 37 unsigned int nr_iov; 38 }; 39 40 static const struct ksmbd_transport_ops ksmbd_tcp_transport_ops; 41 42 static void tcp_stop_kthread(struct task_struct *kthread); 43 static struct interface *alloc_iface(char *ifname); 44 45 #define KSMBD_TRANS(t) (&(t)->transport) 46 #define TCP_TRANS(t) ((struct tcp_transport *)container_of(t, \ 47 struct tcp_transport, transport)) 48 49 static inline void ksmbd_tcp_nodelay(struct socket *sock) 50 { 51 tcp_sock_set_nodelay(sock->sk); 52 } 53 54 static inline void ksmbd_tcp_reuseaddr(struct socket *sock) 55 { 56 sock_set_reuseaddr(sock->sk); 57 } 58 59 static inline void ksmbd_tcp_rcv_timeout(struct socket *sock, s64 secs) 60 { 61 lock_sock(sock->sk); 62 if (secs && secs < MAX_SCHEDULE_TIMEOUT / HZ - 1) 63 sock->sk->sk_rcvtimeo = secs * HZ; 64 else 65 sock->sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT; 66 release_sock(sock->sk); 67 } 68 69 static inline void ksmbd_tcp_snd_timeout(struct socket *sock, s64 secs) 70 { 71 sock_set_sndtimeo(sock->sk, secs); 72 } 73 74 static struct tcp_transport *alloc_transport(struct socket *client_sk) 75 { 76 struct tcp_transport *t; 77 struct ksmbd_conn *conn; 78 79 t = kzalloc(sizeof(*t), KSMBD_DEFAULT_GFP); 80 if (!t) 81 return NULL; 82 t->sock = client_sk; 83 84 conn = ksmbd_conn_alloc(); 85 if (!conn) { 86 kfree(t); 87 return NULL; 88 } 89 90 conn->transport = KSMBD_TRANS(t); 91 KSMBD_TRANS(t)->conn = conn; 92 KSMBD_TRANS(t)->ops = &ksmbd_tcp_transport_ops; 93 return t; 94 } 95 96 void ksmbd_free_transport(struct ksmbd_transport *kt) 97 { 98 struct tcp_transport *t = TCP_TRANS(kt); 99 100 sock_release(t->sock); 101 kfree(t->iov); 102 kfree(t); 103 } 104 105 static void free_transport(struct tcp_transport *t) 106 { 107 kernel_sock_shutdown(t->sock, SHUT_RDWR); 108 ksmbd_conn_free(KSMBD_TRANS(t)->conn); 109 } 110 111 /** 112 * kvec_array_init() - initialize a IO vector segment 113 * @new: IO vector to be initialized 114 * @iov: base IO vector 115 * @nr_segs: number of segments in base iov 116 * @bytes: total iovec length so far for read 117 * 118 * Return: Number of IO segments 119 */ 120 static unsigned int kvec_array_init(struct kvec *new, struct kvec *iov, 121 unsigned int nr_segs, size_t bytes) 122 { 123 size_t base = 0; 124 125 while (bytes || !iov->iov_len) { 126 int copy = min(bytes, iov->iov_len); 127 128 bytes -= copy; 129 base += copy; 130 if (iov->iov_len == base) { 131 iov++; 132 nr_segs--; 133 base = 0; 134 } 135 } 136 137 memcpy(new, iov, sizeof(*iov) * nr_segs); 138 new->iov_base += base; 139 new->iov_len -= base; 140 return nr_segs; 141 } 142 143 /** 144 * get_conn_iovec() - get connection iovec for reading from socket 145 * @t: TCP transport instance 146 * @nr_segs: number of segments in iov 147 * 148 * Return: return existing or newly allocate iovec 149 */ 150 static struct kvec *get_conn_iovec(struct tcp_transport *t, unsigned int nr_segs) 151 { 152 struct kvec *new_iov; 153 154 if (t->iov && nr_segs <= t->nr_iov) 155 return t->iov; 156 157 /* not big enough -- allocate a new one and release the old */ 158 new_iov = kmalloc_array(nr_segs, sizeof(*new_iov), KSMBD_DEFAULT_GFP); 159 if (new_iov) { 160 kfree(t->iov); 161 t->iov = new_iov; 162 t->nr_iov = nr_segs; 163 } 164 return new_iov; 165 } 166 167 static unsigned short ksmbd_tcp_get_port(const struct sockaddr *sa) 168 { 169 switch (sa->sa_family) { 170 case AF_INET: 171 return ntohs(((struct sockaddr_in *)sa)->sin_port); 172 case AF_INET6: 173 return ntohs(((struct sockaddr_in6 *)sa)->sin6_port); 174 } 175 return 0; 176 } 177 178 /** 179 * ksmbd_tcp_new_connection() - create a new tcp session on mount 180 * @client_sk: socket associated with new connection 181 * 182 * whenever a new connection is requested, create a conn thread 183 * (session thread) to handle new incoming smb requests from the connection 184 * 185 * Return: 0 on success, otherwise error 186 */ 187 static int ksmbd_tcp_new_connection(struct socket *client_sk) 188 { 189 struct sockaddr *csin; 190 int rc = 0; 191 struct tcp_transport *t; 192 struct task_struct *handler; 193 194 t = alloc_transport(client_sk); 195 if (!t) { 196 sock_release(client_sk); 197 return -ENOMEM; 198 } 199 200 csin = KSMBD_TCP_PEER_SOCKADDR(KSMBD_TRANS(t)->conn); 201 if (kernel_getpeername(client_sk, csin) < 0) { 202 pr_err("client ip resolution failed\n"); 203 rc = -EINVAL; 204 goto out_error; 205 } 206 207 handler = kthread_run(ksmbd_conn_handler_loop, 208 KSMBD_TRANS(t)->conn, 209 "ksmbd:%u", 210 ksmbd_tcp_get_port(csin)); 211 if (IS_ERR(handler)) { 212 pr_err("cannot start conn thread\n"); 213 rc = PTR_ERR(handler); 214 free_transport(t); 215 } 216 return rc; 217 218 out_error: 219 free_transport(t); 220 return rc; 221 } 222 223 /** 224 * ksmbd_kthread_fn() - listen to new SMB connections and callback server 225 * @p: arguments to forker thread 226 * 227 * Return: 0 on success, error number otherwise 228 */ 229 static int ksmbd_kthread_fn(void *p) 230 { 231 struct socket *client_sk = NULL; 232 struct interface *iface = (struct interface *)p; 233 int ret; 234 235 while (!kthread_should_stop()) { 236 mutex_lock(&iface->sock_release_lock); 237 if (!iface->ksmbd_socket) { 238 mutex_unlock(&iface->sock_release_lock); 239 break; 240 } 241 ret = kernel_accept(iface->ksmbd_socket, &client_sk, 242 SOCK_NONBLOCK); 243 mutex_unlock(&iface->sock_release_lock); 244 if (ret) { 245 if (ret == -EAGAIN) 246 /* check for new connections every 100 msecs */ 247 schedule_timeout_interruptible(HZ / 10); 248 continue; 249 } 250 251 if (server_conf.max_connections && 252 atomic_inc_return(&active_num_conn) >= server_conf.max_connections) { 253 pr_info_ratelimited("Limit the maximum number of connections(%u)\n", 254 atomic_read(&active_num_conn)); 255 atomic_dec(&active_num_conn); 256 sock_release(client_sk); 257 continue; 258 } 259 260 ksmbd_debug(CONN, "connect success: accepted new connection\n"); 261 client_sk->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT; 262 client_sk->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT; 263 264 ksmbd_tcp_new_connection(client_sk); 265 } 266 267 ksmbd_debug(CONN, "releasing socket\n"); 268 return 0; 269 } 270 271 /** 272 * ksmbd_tcp_run_kthread() - start forker thread 273 * @iface: pointer to struct interface 274 * 275 * start forker thread(ksmbd/0) at module init time to listen 276 * on port 445 for new SMB connection requests. It creates per connection 277 * server threads(ksmbd/x) 278 * 279 * Return: 0 on success or error number 280 */ 281 static int ksmbd_tcp_run_kthread(struct interface *iface) 282 { 283 int rc; 284 struct task_struct *kthread; 285 286 kthread = kthread_run(ksmbd_kthread_fn, (void *)iface, "ksmbd-%s", 287 iface->name); 288 if (IS_ERR(kthread)) { 289 rc = PTR_ERR(kthread); 290 return rc; 291 } 292 iface->ksmbd_kthread = kthread; 293 294 return 0; 295 } 296 297 /** 298 * ksmbd_tcp_readv() - read data from socket in given iovec 299 * @t: TCP transport instance 300 * @iov_orig: base IO vector 301 * @nr_segs: number of segments in base iov 302 * @to_read: number of bytes to read from socket 303 * @max_retries: maximum retry count 304 * 305 * Return: on success return number of bytes read from socket, 306 * otherwise return error number 307 */ 308 static int ksmbd_tcp_readv(struct tcp_transport *t, struct kvec *iov_orig, 309 unsigned int nr_segs, unsigned int to_read, 310 int max_retries) 311 { 312 int length = 0; 313 int total_read; 314 unsigned int segs; 315 struct msghdr ksmbd_msg; 316 struct kvec *iov; 317 struct ksmbd_conn *conn = KSMBD_TRANS(t)->conn; 318 319 iov = get_conn_iovec(t, nr_segs); 320 if (!iov) 321 return -ENOMEM; 322 323 ksmbd_msg.msg_control = NULL; 324 ksmbd_msg.msg_controllen = 0; 325 326 for (total_read = 0; to_read; total_read += length, to_read -= length) { 327 try_to_freeze(); 328 329 if (!ksmbd_conn_alive(conn)) { 330 total_read = -ESHUTDOWN; 331 break; 332 } 333 segs = kvec_array_init(iov, iov_orig, nr_segs, total_read); 334 335 length = kernel_recvmsg(t->sock, &ksmbd_msg, 336 iov, segs, to_read, 0); 337 338 if (length == -EINTR) { 339 total_read = -ESHUTDOWN; 340 break; 341 } else if (ksmbd_conn_need_reconnect(conn)) { 342 total_read = -EAGAIN; 343 break; 344 } else if (length == -ERESTARTSYS || length == -EAGAIN) { 345 /* 346 * If max_retries is negative, Allow unlimited 347 * retries to keep connection with inactive sessions. 348 */ 349 if (max_retries == 0) { 350 total_read = length; 351 break; 352 } else if (max_retries > 0) { 353 max_retries--; 354 } 355 356 usleep_range(1000, 2000); 357 length = 0; 358 continue; 359 } else if (length <= 0) { 360 total_read = length; 361 break; 362 } 363 } 364 return total_read; 365 } 366 367 /** 368 * ksmbd_tcp_read() - read data from socket in given buffer 369 * @t: TCP transport instance 370 * @buf: buffer to store read data from socket 371 * @to_read: number of bytes to read from socket 372 * @max_retries: number of retries if reading from socket fails 373 * 374 * Return: on success return number of bytes read from socket, 375 * otherwise return error number 376 */ 377 static int ksmbd_tcp_read(struct ksmbd_transport *t, char *buf, 378 unsigned int to_read, int max_retries) 379 { 380 struct kvec iov; 381 382 iov.iov_base = buf; 383 iov.iov_len = to_read; 384 385 return ksmbd_tcp_readv(TCP_TRANS(t), &iov, 1, to_read, max_retries); 386 } 387 388 static int ksmbd_tcp_writev(struct ksmbd_transport *t, struct kvec *iov, 389 int nvecs, int size, bool need_invalidate, 390 unsigned int remote_key) 391 392 { 393 struct msghdr smb_msg = {.msg_flags = MSG_NOSIGNAL}; 394 395 return kernel_sendmsg(TCP_TRANS(t)->sock, &smb_msg, iov, nvecs, size); 396 } 397 398 static void ksmbd_tcp_disconnect(struct ksmbd_transport *t) 399 { 400 free_transport(TCP_TRANS(t)); 401 if (server_conf.max_connections) 402 atomic_dec(&active_num_conn); 403 } 404 405 static void tcp_destroy_socket(struct socket *ksmbd_socket) 406 { 407 int ret; 408 409 if (!ksmbd_socket) 410 return; 411 412 /* set zero to timeout */ 413 ksmbd_tcp_rcv_timeout(ksmbd_socket, 0); 414 ksmbd_tcp_snd_timeout(ksmbd_socket, 0); 415 416 ret = kernel_sock_shutdown(ksmbd_socket, SHUT_RDWR); 417 if (ret) 418 pr_err("Failed to shutdown socket: %d\n", ret); 419 sock_release(ksmbd_socket); 420 } 421 422 /** 423 * create_socket - create socket for ksmbd/0 424 * @iface: interface to bind the created socket to 425 * 426 * Return: 0 on success, error number otherwise 427 */ 428 static int create_socket(struct interface *iface) 429 { 430 int ret; 431 struct sockaddr_in6 sin6; 432 struct sockaddr_in sin; 433 struct socket *ksmbd_socket; 434 bool ipv4 = false; 435 436 ret = sock_create(PF_INET6, SOCK_STREAM, IPPROTO_TCP, &ksmbd_socket); 437 if (ret) { 438 if (ret != -EAFNOSUPPORT) 439 pr_err("Can't create socket for ipv6, fallback to ipv4: %d\n", ret); 440 ret = sock_create(PF_INET, SOCK_STREAM, IPPROTO_TCP, 441 &ksmbd_socket); 442 if (ret) { 443 pr_err("Can't create socket for ipv4: %d\n", ret); 444 goto out_clear; 445 } 446 447 sin.sin_family = PF_INET; 448 sin.sin_addr.s_addr = htonl(INADDR_ANY); 449 sin.sin_port = htons(server_conf.tcp_port); 450 ipv4 = true; 451 } else { 452 sin6.sin6_family = PF_INET6; 453 sin6.sin6_addr = in6addr_any; 454 sin6.sin6_port = htons(server_conf.tcp_port); 455 456 lock_sock(ksmbd_socket->sk); 457 ksmbd_socket->sk->sk_ipv6only = false; 458 release_sock(ksmbd_socket->sk); 459 } 460 461 ksmbd_tcp_nodelay(ksmbd_socket); 462 ksmbd_tcp_reuseaddr(ksmbd_socket); 463 464 ret = sock_setsockopt(ksmbd_socket, 465 SOL_SOCKET, 466 SO_BINDTODEVICE, 467 KERNEL_SOCKPTR(iface->name), 468 strlen(iface->name)); 469 if (ret != -ENODEV && ret < 0) { 470 pr_err("Failed to set SO_BINDTODEVICE: %d\n", ret); 471 goto out_error; 472 } 473 474 if (ipv4) 475 ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin, 476 sizeof(sin)); 477 else 478 ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin6, 479 sizeof(sin6)); 480 if (ret) { 481 pr_err("Failed to bind socket: %d\n", ret); 482 goto out_error; 483 } 484 485 ksmbd_socket->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT; 486 ksmbd_socket->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT; 487 488 ret = kernel_listen(ksmbd_socket, KSMBD_SOCKET_BACKLOG); 489 if (ret) { 490 pr_err("Port listen() error: %d\n", ret); 491 goto out_error; 492 } 493 494 iface->ksmbd_socket = ksmbd_socket; 495 ret = ksmbd_tcp_run_kthread(iface); 496 if (ret) { 497 pr_err("Can't start ksmbd main kthread: %d\n", ret); 498 goto out_error; 499 } 500 iface->state = IFACE_STATE_CONFIGURED; 501 502 return 0; 503 504 out_error: 505 tcp_destroy_socket(ksmbd_socket); 506 out_clear: 507 iface->ksmbd_socket = NULL; 508 return ret; 509 } 510 511 struct interface *ksmbd_find_netdev_name_iface_list(char *netdev_name) 512 { 513 struct interface *iface; 514 515 list_for_each_entry(iface, &iface_list, entry) 516 if (!strcmp(iface->name, netdev_name)) 517 return iface; 518 return NULL; 519 } 520 521 static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event, 522 void *ptr) 523 { 524 struct net_device *netdev = netdev_notifier_info_to_dev(ptr); 525 struct interface *iface; 526 int ret; 527 528 switch (event) { 529 case NETDEV_UP: 530 if (netif_is_bridge_port(netdev)) 531 return NOTIFY_OK; 532 533 iface = ksmbd_find_netdev_name_iface_list(netdev->name); 534 if (iface && iface->state == IFACE_STATE_DOWN) { 535 ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n", 536 iface->name); 537 ret = create_socket(iface); 538 if (ret) 539 return NOTIFY_OK; 540 } 541 if (!iface && bind_additional_ifaces) { 542 iface = alloc_iface(kstrdup(netdev->name, KSMBD_DEFAULT_GFP)); 543 if (!iface) 544 return NOTIFY_OK; 545 ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n", 546 iface->name); 547 ret = create_socket(iface); 548 if (ret) 549 break; 550 } 551 break; 552 case NETDEV_DOWN: 553 iface = ksmbd_find_netdev_name_iface_list(netdev->name); 554 if (iface && iface->state == IFACE_STATE_CONFIGURED) { 555 ksmbd_debug(CONN, "netdev-down event: netdev(%s) is going down\n", 556 iface->name); 557 tcp_stop_kthread(iface->ksmbd_kthread); 558 iface->ksmbd_kthread = NULL; 559 mutex_lock(&iface->sock_release_lock); 560 tcp_destroy_socket(iface->ksmbd_socket); 561 iface->ksmbd_socket = NULL; 562 mutex_unlock(&iface->sock_release_lock); 563 564 iface->state = IFACE_STATE_DOWN; 565 break; 566 } 567 break; 568 } 569 570 return NOTIFY_DONE; 571 } 572 573 static struct notifier_block ksmbd_netdev_notifier = { 574 .notifier_call = ksmbd_netdev_event, 575 }; 576 577 int ksmbd_tcp_init(void) 578 { 579 register_netdevice_notifier(&ksmbd_netdev_notifier); 580 581 return 0; 582 } 583 584 static void tcp_stop_kthread(struct task_struct *kthread) 585 { 586 int ret; 587 588 if (!kthread) 589 return; 590 591 ret = kthread_stop(kthread); 592 if (ret) 593 pr_err("failed to stop forker thread\n"); 594 } 595 596 void ksmbd_tcp_destroy(void) 597 { 598 struct interface *iface, *tmp; 599 600 unregister_netdevice_notifier(&ksmbd_netdev_notifier); 601 602 list_for_each_entry_safe(iface, tmp, &iface_list, entry) { 603 list_del(&iface->entry); 604 kfree(iface->name); 605 kfree(iface); 606 } 607 } 608 609 static struct interface *alloc_iface(char *ifname) 610 { 611 struct interface *iface; 612 613 if (!ifname) 614 return NULL; 615 616 iface = kzalloc(sizeof(struct interface), KSMBD_DEFAULT_GFP); 617 if (!iface) { 618 kfree(ifname); 619 return NULL; 620 } 621 622 iface->name = ifname; 623 iface->state = IFACE_STATE_DOWN; 624 list_add(&iface->entry, &iface_list); 625 mutex_init(&iface->sock_release_lock); 626 return iface; 627 } 628 629 int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz) 630 { 631 int sz = 0; 632 633 if (!ifc_list_sz) { 634 bind_additional_ifaces = 1; 635 return 0; 636 } 637 638 while (ifc_list_sz > 0) { 639 if (!alloc_iface(kstrdup(ifc_list, KSMBD_DEFAULT_GFP))) 640 return -ENOMEM; 641 642 sz = strlen(ifc_list); 643 if (!sz) 644 break; 645 646 ifc_list += sz + 1; 647 ifc_list_sz -= (sz + 1); 648 } 649 650 bind_additional_ifaces = 0; 651 652 return 0; 653 } 654 655 static const struct ksmbd_transport_ops ksmbd_tcp_transport_ops = { 656 .read = ksmbd_tcp_read, 657 .writev = ksmbd_tcp_writev, 658 .disconnect = ksmbd_tcp_disconnect, 659 }; 660