1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org> 4 * Copyright (C) 2018 Samsung Electronics Co., Ltd. 5 */ 6 7 #include <linux/freezer.h> 8 9 #include "smb_common.h" 10 #include "server.h" 11 #include "auth.h" 12 #include "connection.h" 13 #include "transport_tcp.h" 14 15 #define IFACE_STATE_DOWN BIT(0) 16 #define IFACE_STATE_CONFIGURED BIT(1) 17 18 static atomic_t active_num_conn; 19 20 struct interface { 21 struct task_struct *ksmbd_kthread; 22 struct socket *ksmbd_socket; 23 struct list_head entry; 24 char *name; 25 struct mutex sock_release_lock; 26 int state; 27 }; 28 29 static LIST_HEAD(iface_list); 30 31 static int bind_additional_ifaces; 32 33 struct tcp_transport { 34 struct ksmbd_transport transport; 35 struct socket *sock; 36 struct kvec *iov; 37 unsigned int nr_iov; 38 }; 39 40 static const struct ksmbd_transport_ops ksmbd_tcp_transport_ops; 41 42 static void tcp_stop_kthread(struct task_struct *kthread); 43 static struct interface *alloc_iface(char *ifname); 44 45 #define KSMBD_TRANS(t) (&(t)->transport) 46 #define TCP_TRANS(t) ((struct tcp_transport *)container_of(t, \ 47 struct tcp_transport, transport)) 48 49 static inline void ksmbd_tcp_nodelay(struct socket *sock) 50 { 51 tcp_sock_set_nodelay(sock->sk); 52 } 53 54 static inline void ksmbd_tcp_reuseaddr(struct socket *sock) 55 { 56 sock_set_reuseaddr(sock->sk); 57 } 58 59 static inline void ksmbd_tcp_rcv_timeout(struct socket *sock, s64 secs) 60 { 61 if (secs && secs < MAX_SCHEDULE_TIMEOUT / HZ - 1) 62 WRITE_ONCE(sock->sk->sk_rcvtimeo, secs * HZ); 63 else 64 WRITE_ONCE(sock->sk->sk_rcvtimeo, MAX_SCHEDULE_TIMEOUT); 65 } 66 67 static inline void ksmbd_tcp_snd_timeout(struct socket *sock, s64 secs) 68 { 69 sock_set_sndtimeo(sock->sk, secs); 70 } 71 72 static struct tcp_transport *alloc_transport(struct socket *client_sk) 73 { 74 struct tcp_transport *t; 75 struct ksmbd_conn *conn; 76 77 t = kzalloc(sizeof(*t), KSMBD_DEFAULT_GFP); 78 if (!t) 79 return NULL; 80 t->sock = client_sk; 81 82 conn = ksmbd_conn_alloc(); 83 if (!conn) { 84 kfree(t); 85 return NULL; 86 } 87 88 #if IS_ENABLED(CONFIG_IPV6) 89 if (client_sk->sk->sk_family == AF_INET6) 90 memcpy(&conn->inet6_addr, &client_sk->sk->sk_v6_daddr, 16); 91 else 92 conn->inet_addr = inet_sk(client_sk->sk)->inet_daddr; 93 #else 94 conn->inet_addr = inet_sk(client_sk->sk)->inet_daddr; 95 #endif 96 conn->transport = KSMBD_TRANS(t); 97 KSMBD_TRANS(t)->conn = conn; 98 KSMBD_TRANS(t)->ops = &ksmbd_tcp_transport_ops; 99 return t; 100 } 101 102 static void ksmbd_tcp_free_transport(struct ksmbd_transport *kt) 103 { 104 struct tcp_transport *t = TCP_TRANS(kt); 105 106 sock_release(t->sock); 107 kfree(t->iov); 108 kfree(t); 109 } 110 111 static void free_transport(struct tcp_transport *t) 112 { 113 kernel_sock_shutdown(t->sock, SHUT_RDWR); 114 ksmbd_conn_free(KSMBD_TRANS(t)->conn); 115 } 116 117 /** 118 * kvec_array_init() - initialize a IO vector segment 119 * @new: IO vector to be initialized 120 * @iov: base IO vector 121 * @nr_segs: number of segments in base iov 122 * @bytes: total iovec length so far for read 123 * 124 * Return: Number of IO segments 125 */ 126 static unsigned int kvec_array_init(struct kvec *new, struct kvec *iov, 127 unsigned int nr_segs, size_t bytes) 128 { 129 size_t base = 0; 130 131 while (bytes || !iov->iov_len) { 132 int copy = min(bytes, iov->iov_len); 133 134 bytes -= copy; 135 base += copy; 136 if (iov->iov_len == base) { 137 iov++; 138 nr_segs--; 139 base = 0; 140 } 141 } 142 143 memcpy(new, iov, sizeof(*iov) * nr_segs); 144 new->iov_base += base; 145 new->iov_len -= base; 146 return nr_segs; 147 } 148 149 /** 150 * get_conn_iovec() - get connection iovec for reading from socket 151 * @t: TCP transport instance 152 * @nr_segs: number of segments in iov 153 * 154 * Return: return existing or newly allocate iovec 155 */ 156 static struct kvec *get_conn_iovec(struct tcp_transport *t, unsigned int nr_segs) 157 { 158 struct kvec *new_iov; 159 160 if (t->iov && nr_segs <= t->nr_iov) 161 return t->iov; 162 163 /* not big enough -- allocate a new one and release the old */ 164 new_iov = kmalloc_array(nr_segs, sizeof(*new_iov), KSMBD_DEFAULT_GFP); 165 if (new_iov) { 166 kfree(t->iov); 167 t->iov = new_iov; 168 t->nr_iov = nr_segs; 169 } 170 return new_iov; 171 } 172 173 static unsigned short ksmbd_tcp_get_port(const struct sockaddr *sa) 174 { 175 switch (sa->sa_family) { 176 case AF_INET: 177 return ntohs(((struct sockaddr_in *)sa)->sin_port); 178 case AF_INET6: 179 return ntohs(((struct sockaddr_in6 *)sa)->sin6_port); 180 } 181 return 0; 182 } 183 184 /** 185 * ksmbd_tcp_new_connection() - create a new tcp session on mount 186 * @client_sk: socket associated with new connection 187 * 188 * whenever a new connection is requested, create a conn thread 189 * (session thread) to handle new incoming smb requests from the connection 190 * 191 * Return: 0 on success, otherwise error 192 */ 193 static int ksmbd_tcp_new_connection(struct socket *client_sk) 194 { 195 struct sockaddr *csin; 196 int rc = 0; 197 struct tcp_transport *t; 198 struct task_struct *handler; 199 200 t = alloc_transport(client_sk); 201 if (!t) { 202 sock_release(client_sk); 203 return -ENOMEM; 204 } 205 206 csin = KSMBD_TCP_PEER_SOCKADDR(KSMBD_TRANS(t)->conn); 207 if (kernel_getpeername(client_sk, csin) < 0) { 208 pr_err("client ip resolution failed\n"); 209 rc = -EINVAL; 210 goto out_error; 211 } 212 213 handler = kthread_run(ksmbd_conn_handler_loop, 214 KSMBD_TRANS(t)->conn, 215 "ksmbd:%u", 216 ksmbd_tcp_get_port(csin)); 217 if (IS_ERR(handler)) { 218 pr_err("cannot start conn thread\n"); 219 rc = PTR_ERR(handler); 220 free_transport(t); 221 } 222 return rc; 223 224 out_error: 225 free_transport(t); 226 return rc; 227 } 228 229 /** 230 * ksmbd_kthread_fn() - listen to new SMB connections and callback server 231 * @p: arguments to forker thread 232 * 233 * Return: 0 on success, error number otherwise 234 */ 235 static int ksmbd_kthread_fn(void *p) 236 { 237 struct socket *client_sk = NULL; 238 struct interface *iface = (struct interface *)p; 239 struct ksmbd_conn *conn; 240 int ret; 241 242 while (!kthread_should_stop()) { 243 mutex_lock(&iface->sock_release_lock); 244 if (!iface->ksmbd_socket) { 245 mutex_unlock(&iface->sock_release_lock); 246 break; 247 } 248 ret = kernel_accept(iface->ksmbd_socket, &client_sk, 249 SOCK_NONBLOCK); 250 mutex_unlock(&iface->sock_release_lock); 251 if (ret) { 252 if (ret == -EAGAIN) 253 /* check for new connections every 100 msecs */ 254 schedule_timeout_interruptible(HZ / 10); 255 continue; 256 } 257 258 /* 259 * Limits repeated connections from clients with the same IP. 260 */ 261 down_read(&conn_list_lock); 262 list_for_each_entry(conn, &conn_list, conns_list) 263 #if IS_ENABLED(CONFIG_IPV6) 264 if (client_sk->sk->sk_family == AF_INET6) { 265 if (memcmp(&client_sk->sk->sk_v6_daddr, 266 &conn->inet6_addr, 16) == 0) { 267 ret = -EAGAIN; 268 break; 269 } 270 } else if (inet_sk(client_sk->sk)->inet_daddr == 271 conn->inet_addr) { 272 ret = -EAGAIN; 273 break; 274 } 275 #else 276 if (inet_sk(client_sk->sk)->inet_daddr == 277 conn->inet_addr) { 278 ret = -EAGAIN; 279 break; 280 } 281 #endif 282 up_read(&conn_list_lock); 283 if (ret == -EAGAIN) 284 continue; 285 286 if (server_conf.max_connections && 287 atomic_inc_return(&active_num_conn) >= server_conf.max_connections) { 288 pr_info_ratelimited("Limit the maximum number of connections(%u)\n", 289 atomic_read(&active_num_conn)); 290 atomic_dec(&active_num_conn); 291 sock_release(client_sk); 292 continue; 293 } 294 295 ksmbd_debug(CONN, "connect success: accepted new connection\n"); 296 client_sk->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT; 297 client_sk->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT; 298 299 ksmbd_tcp_new_connection(client_sk); 300 } 301 302 ksmbd_debug(CONN, "releasing socket\n"); 303 return 0; 304 } 305 306 /** 307 * ksmbd_tcp_run_kthread() - start forker thread 308 * @iface: pointer to struct interface 309 * 310 * start forker thread(ksmbd/0) at module init time to listen 311 * on port 445 for new SMB connection requests. It creates per connection 312 * server threads(ksmbd/x) 313 * 314 * Return: 0 on success or error number 315 */ 316 static int ksmbd_tcp_run_kthread(struct interface *iface) 317 { 318 int rc; 319 struct task_struct *kthread; 320 321 kthread = kthread_run(ksmbd_kthread_fn, (void *)iface, "ksmbd-%s", 322 iface->name); 323 if (IS_ERR(kthread)) { 324 rc = PTR_ERR(kthread); 325 return rc; 326 } 327 iface->ksmbd_kthread = kthread; 328 329 return 0; 330 } 331 332 /** 333 * ksmbd_tcp_readv() - read data from socket in given iovec 334 * @t: TCP transport instance 335 * @iov_orig: base IO vector 336 * @nr_segs: number of segments in base iov 337 * @to_read: number of bytes to read from socket 338 * @max_retries: maximum retry count 339 * 340 * Return: on success return number of bytes read from socket, 341 * otherwise return error number 342 */ 343 static int ksmbd_tcp_readv(struct tcp_transport *t, struct kvec *iov_orig, 344 unsigned int nr_segs, unsigned int to_read, 345 int max_retries) 346 { 347 int length = 0; 348 int total_read; 349 unsigned int segs; 350 struct msghdr ksmbd_msg; 351 struct kvec *iov; 352 struct ksmbd_conn *conn = KSMBD_TRANS(t)->conn; 353 354 iov = get_conn_iovec(t, nr_segs); 355 if (!iov) 356 return -ENOMEM; 357 358 ksmbd_msg.msg_control = NULL; 359 ksmbd_msg.msg_controllen = 0; 360 361 for (total_read = 0; to_read; total_read += length, to_read -= length) { 362 try_to_freeze(); 363 364 if (!ksmbd_conn_alive(conn)) { 365 total_read = -ESHUTDOWN; 366 break; 367 } 368 segs = kvec_array_init(iov, iov_orig, nr_segs, total_read); 369 370 length = kernel_recvmsg(t->sock, &ksmbd_msg, 371 iov, segs, to_read, 0); 372 373 if (length == -EINTR) { 374 total_read = -ESHUTDOWN; 375 break; 376 } else if (ksmbd_conn_need_reconnect(conn)) { 377 total_read = -EAGAIN; 378 break; 379 } else if (length == -ERESTARTSYS || length == -EAGAIN) { 380 /* 381 * If max_retries is negative, Allow unlimited 382 * retries to keep connection with inactive sessions. 383 */ 384 if (max_retries == 0) { 385 total_read = length; 386 break; 387 } else if (max_retries > 0) { 388 max_retries--; 389 } 390 391 usleep_range(1000, 2000); 392 length = 0; 393 continue; 394 } else if (length <= 0) { 395 total_read = length; 396 break; 397 } 398 } 399 return total_read; 400 } 401 402 /** 403 * ksmbd_tcp_read() - read data from socket in given buffer 404 * @t: TCP transport instance 405 * @buf: buffer to store read data from socket 406 * @to_read: number of bytes to read from socket 407 * @max_retries: number of retries if reading from socket fails 408 * 409 * Return: on success return number of bytes read from socket, 410 * otherwise return error number 411 */ 412 static int ksmbd_tcp_read(struct ksmbd_transport *t, char *buf, 413 unsigned int to_read, int max_retries) 414 { 415 struct kvec iov; 416 417 iov.iov_base = buf; 418 iov.iov_len = to_read; 419 420 return ksmbd_tcp_readv(TCP_TRANS(t), &iov, 1, to_read, max_retries); 421 } 422 423 static int ksmbd_tcp_writev(struct ksmbd_transport *t, struct kvec *iov, 424 int nvecs, int size, bool need_invalidate, 425 unsigned int remote_key) 426 427 { 428 struct msghdr smb_msg = {.msg_flags = MSG_NOSIGNAL}; 429 430 return kernel_sendmsg(TCP_TRANS(t)->sock, &smb_msg, iov, nvecs, size); 431 } 432 433 static void ksmbd_tcp_disconnect(struct ksmbd_transport *t) 434 { 435 free_transport(TCP_TRANS(t)); 436 if (server_conf.max_connections) 437 atomic_dec(&active_num_conn); 438 } 439 440 static void tcp_destroy_socket(struct socket *ksmbd_socket) 441 { 442 int ret; 443 444 if (!ksmbd_socket) 445 return; 446 447 /* set zero to timeout */ 448 ksmbd_tcp_rcv_timeout(ksmbd_socket, 0); 449 ksmbd_tcp_snd_timeout(ksmbd_socket, 0); 450 451 ret = kernel_sock_shutdown(ksmbd_socket, SHUT_RDWR); 452 if (ret) 453 pr_err("Failed to shutdown socket: %d\n", ret); 454 sock_release(ksmbd_socket); 455 } 456 457 /** 458 * create_socket - create socket for ksmbd/0 459 * @iface: interface to bind the created socket to 460 * 461 * Return: 0 on success, error number otherwise 462 */ 463 static int create_socket(struct interface *iface) 464 { 465 int ret; 466 struct sockaddr_in6 sin6; 467 struct sockaddr_in sin; 468 struct socket *ksmbd_socket; 469 bool ipv4 = false; 470 471 ret = sock_create(PF_INET6, SOCK_STREAM, IPPROTO_TCP, &ksmbd_socket); 472 if (ret) { 473 if (ret != -EAFNOSUPPORT) 474 pr_err("Can't create socket for ipv6, fallback to ipv4: %d\n", ret); 475 ret = sock_create(PF_INET, SOCK_STREAM, IPPROTO_TCP, 476 &ksmbd_socket); 477 if (ret) { 478 pr_err("Can't create socket for ipv4: %d\n", ret); 479 goto out_clear; 480 } 481 482 sin.sin_family = PF_INET; 483 sin.sin_addr.s_addr = htonl(INADDR_ANY); 484 sin.sin_port = htons(server_conf.tcp_port); 485 ipv4 = true; 486 } else { 487 sin6.sin6_family = PF_INET6; 488 sin6.sin6_addr = in6addr_any; 489 sin6.sin6_port = htons(server_conf.tcp_port); 490 491 lock_sock(ksmbd_socket->sk); 492 ksmbd_socket->sk->sk_ipv6only = false; 493 release_sock(ksmbd_socket->sk); 494 } 495 496 ksmbd_tcp_nodelay(ksmbd_socket); 497 ksmbd_tcp_reuseaddr(ksmbd_socket); 498 499 ret = sock_setsockopt(ksmbd_socket, 500 SOL_SOCKET, 501 SO_BINDTODEVICE, 502 KERNEL_SOCKPTR(iface->name), 503 strlen(iface->name)); 504 if (ret != -ENODEV && ret < 0) { 505 pr_err("Failed to set SO_BINDTODEVICE: %d\n", ret); 506 goto out_error; 507 } 508 509 if (ipv4) 510 ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin, 511 sizeof(sin)); 512 else 513 ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin6, 514 sizeof(sin6)); 515 if (ret) { 516 pr_err("Failed to bind socket: %d\n", ret); 517 goto out_error; 518 } 519 520 ksmbd_socket->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT; 521 ksmbd_socket->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT; 522 523 ret = kernel_listen(ksmbd_socket, KSMBD_SOCKET_BACKLOG); 524 if (ret) { 525 pr_err("Port listen() error: %d\n", ret); 526 goto out_error; 527 } 528 529 iface->ksmbd_socket = ksmbd_socket; 530 ret = ksmbd_tcp_run_kthread(iface); 531 if (ret) { 532 pr_err("Can't start ksmbd main kthread: %d\n", ret); 533 goto out_error; 534 } 535 iface->state = IFACE_STATE_CONFIGURED; 536 537 return 0; 538 539 out_error: 540 tcp_destroy_socket(ksmbd_socket); 541 out_clear: 542 iface->ksmbd_socket = NULL; 543 return ret; 544 } 545 546 struct interface *ksmbd_find_netdev_name_iface_list(char *netdev_name) 547 { 548 struct interface *iface; 549 550 list_for_each_entry(iface, &iface_list, entry) 551 if (!strcmp(iface->name, netdev_name)) 552 return iface; 553 return NULL; 554 } 555 556 static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event, 557 void *ptr) 558 { 559 struct net_device *netdev = netdev_notifier_info_to_dev(ptr); 560 struct interface *iface; 561 int ret; 562 563 switch (event) { 564 case NETDEV_UP: 565 if (netif_is_bridge_port(netdev)) 566 return NOTIFY_OK; 567 568 iface = ksmbd_find_netdev_name_iface_list(netdev->name); 569 if (iface && iface->state == IFACE_STATE_DOWN) { 570 ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n", 571 iface->name); 572 ret = create_socket(iface); 573 if (ret) 574 return NOTIFY_OK; 575 } 576 if (!iface && bind_additional_ifaces) { 577 iface = alloc_iface(kstrdup(netdev->name, KSMBD_DEFAULT_GFP)); 578 if (!iface) 579 return NOTIFY_OK; 580 ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n", 581 iface->name); 582 ret = create_socket(iface); 583 if (ret) 584 break; 585 } 586 break; 587 case NETDEV_DOWN: 588 iface = ksmbd_find_netdev_name_iface_list(netdev->name); 589 if (iface && iface->state == IFACE_STATE_CONFIGURED) { 590 ksmbd_debug(CONN, "netdev-down event: netdev(%s) is going down\n", 591 iface->name); 592 tcp_stop_kthread(iface->ksmbd_kthread); 593 iface->ksmbd_kthread = NULL; 594 mutex_lock(&iface->sock_release_lock); 595 tcp_destroy_socket(iface->ksmbd_socket); 596 iface->ksmbd_socket = NULL; 597 mutex_unlock(&iface->sock_release_lock); 598 599 iface->state = IFACE_STATE_DOWN; 600 break; 601 } 602 break; 603 } 604 605 return NOTIFY_DONE; 606 } 607 608 static struct notifier_block ksmbd_netdev_notifier = { 609 .notifier_call = ksmbd_netdev_event, 610 }; 611 612 int ksmbd_tcp_init(void) 613 { 614 register_netdevice_notifier(&ksmbd_netdev_notifier); 615 616 return 0; 617 } 618 619 static void tcp_stop_kthread(struct task_struct *kthread) 620 { 621 int ret; 622 623 if (!kthread) 624 return; 625 626 ret = kthread_stop(kthread); 627 if (ret) 628 pr_err("failed to stop forker thread\n"); 629 } 630 631 void ksmbd_tcp_destroy(void) 632 { 633 struct interface *iface, *tmp; 634 635 unregister_netdevice_notifier(&ksmbd_netdev_notifier); 636 637 list_for_each_entry_safe(iface, tmp, &iface_list, entry) { 638 list_del(&iface->entry); 639 kfree(iface->name); 640 kfree(iface); 641 } 642 } 643 644 static struct interface *alloc_iface(char *ifname) 645 { 646 struct interface *iface; 647 648 if (!ifname) 649 return NULL; 650 651 iface = kzalloc(sizeof(struct interface), KSMBD_DEFAULT_GFP); 652 if (!iface) { 653 kfree(ifname); 654 return NULL; 655 } 656 657 iface->name = ifname; 658 iface->state = IFACE_STATE_DOWN; 659 list_add(&iface->entry, &iface_list); 660 mutex_init(&iface->sock_release_lock); 661 return iface; 662 } 663 664 int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz) 665 { 666 int sz = 0; 667 668 if (!ifc_list_sz) { 669 bind_additional_ifaces = 1; 670 return 0; 671 } 672 673 while (ifc_list_sz > 0) { 674 if (!alloc_iface(kstrdup(ifc_list, KSMBD_DEFAULT_GFP))) 675 return -ENOMEM; 676 677 sz = strlen(ifc_list); 678 if (!sz) 679 break; 680 681 ifc_list += sz + 1; 682 ifc_list_sz -= (sz + 1); 683 } 684 685 bind_additional_ifaces = 0; 686 687 return 0; 688 } 689 690 static const struct ksmbd_transport_ops ksmbd_tcp_transport_ops = { 691 .read = ksmbd_tcp_read, 692 .writev = ksmbd_tcp_writev, 693 .disconnect = ksmbd_tcp_disconnect, 694 .free_transport = ksmbd_tcp_free_transport, 695 }; 696