1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org> 4 * Copyright (C) 2018 Samsung Electronics Co., Ltd. 5 */ 6 7 #include <linux/freezer.h> 8 9 #include "smb_common.h" 10 #include "server.h" 11 #include "auth.h" 12 #include "connection.h" 13 #include "transport_tcp.h" 14 15 #define IFACE_STATE_DOWN BIT(0) 16 #define IFACE_STATE_CONFIGURED BIT(1) 17 18 static atomic_t active_num_conn; 19 20 struct interface { 21 struct task_struct *ksmbd_kthread; 22 struct socket *ksmbd_socket; 23 struct list_head entry; 24 char *name; 25 struct mutex sock_release_lock; 26 int state; 27 }; 28 29 static LIST_HEAD(iface_list); 30 31 static int bind_additional_ifaces; 32 33 struct tcp_transport { 34 struct ksmbd_transport transport; 35 struct socket *sock; 36 struct kvec *iov; 37 unsigned int nr_iov; 38 }; 39 40 static const struct ksmbd_transport_ops ksmbd_tcp_transport_ops; 41 42 static void tcp_stop_kthread(struct task_struct *kthread); 43 static struct interface *alloc_iface(char *ifname); 44 45 #define KSMBD_TRANS(t) (&(t)->transport) 46 #define TCP_TRANS(t) ((struct tcp_transport *)container_of(t, \ 47 struct tcp_transport, transport)) 48 49 static inline void ksmbd_tcp_nodelay(struct socket *sock) 50 { 51 tcp_sock_set_nodelay(sock->sk); 52 } 53 54 static inline void ksmbd_tcp_reuseaddr(struct socket *sock) 55 { 56 sock_set_reuseaddr(sock->sk); 57 } 58 59 static inline void ksmbd_tcp_rcv_timeout(struct socket *sock, s64 secs) 60 { 61 if (secs && secs < MAX_SCHEDULE_TIMEOUT / HZ - 1) 62 WRITE_ONCE(sock->sk->sk_rcvtimeo, secs * HZ); 63 else 64 WRITE_ONCE(sock->sk->sk_rcvtimeo, MAX_SCHEDULE_TIMEOUT); 65 } 66 67 static inline void ksmbd_tcp_snd_timeout(struct socket *sock, s64 secs) 68 { 69 sock_set_sndtimeo(sock->sk, secs); 70 } 71 72 static struct tcp_transport *alloc_transport(struct socket *client_sk) 73 { 74 struct tcp_transport *t; 75 struct ksmbd_conn *conn; 76 77 t = kzalloc(sizeof(*t), KSMBD_DEFAULT_GFP); 78 if (!t) 79 return NULL; 80 t->sock = client_sk; 81 82 conn = ksmbd_conn_alloc(); 83 if (!conn) { 84 kfree(t); 85 return NULL; 86 } 87 88 #if IS_ENABLED(CONFIG_IPV6) 89 if (client_sk->sk->sk_family == AF_INET6) { 90 memcpy(&conn->inet6_addr, &client_sk->sk->sk_v6_daddr, 16); 91 conn->inet_hash = ipv6_addr_hash(&client_sk->sk->sk_v6_daddr); 92 } else { 93 conn->inet_addr = inet_sk(client_sk->sk)->inet_daddr; 94 conn->inet_hash = ipv4_addr_hash(inet_sk(client_sk->sk)->inet_daddr); 95 } 96 #else 97 conn->inet_addr = inet_sk(client_sk->sk)->inet_daddr; 98 conn->inet_hash = ipv4_addr_hash(inet_sk(client_sk->sk)->inet_daddr); 99 #endif 100 down_write(&conn_list_lock); 101 hash_add(conn_list, &conn->hlist, conn->inet_hash); 102 up_write(&conn_list_lock); 103 104 conn->transport = KSMBD_TRANS(t); 105 KSMBD_TRANS(t)->conn = conn; 106 KSMBD_TRANS(t)->ops = &ksmbd_tcp_transport_ops; 107 return t; 108 } 109 110 static void ksmbd_tcp_free_transport(struct ksmbd_transport *kt) 111 { 112 struct tcp_transport *t = TCP_TRANS(kt); 113 114 sock_release(t->sock); 115 kfree(t->iov); 116 kfree(t); 117 } 118 119 static void free_transport(struct tcp_transport *t) 120 { 121 kernel_sock_shutdown(t->sock, SHUT_RDWR); 122 ksmbd_conn_free(KSMBD_TRANS(t)->conn); 123 } 124 125 /** 126 * kvec_array_init() - initialize a IO vector segment 127 * @new: IO vector to be initialized 128 * @iov: base IO vector 129 * @nr_segs: number of segments in base iov 130 * @bytes: total iovec length so far for read 131 * 132 * Return: Number of IO segments 133 */ 134 static unsigned int kvec_array_init(struct kvec *new, struct kvec *iov, 135 unsigned int nr_segs, size_t bytes) 136 { 137 size_t base = 0; 138 139 while (bytes || !iov->iov_len) { 140 int copy = min(bytes, iov->iov_len); 141 142 bytes -= copy; 143 base += copy; 144 if (iov->iov_len == base) { 145 iov++; 146 nr_segs--; 147 base = 0; 148 } 149 } 150 151 memcpy(new, iov, sizeof(*iov) * nr_segs); 152 new->iov_base += base; 153 new->iov_len -= base; 154 return nr_segs; 155 } 156 157 /** 158 * get_conn_iovec() - get connection iovec for reading from socket 159 * @t: TCP transport instance 160 * @nr_segs: number of segments in iov 161 * 162 * Return: return existing or newly allocate iovec 163 */ 164 static struct kvec *get_conn_iovec(struct tcp_transport *t, unsigned int nr_segs) 165 { 166 struct kvec *new_iov; 167 168 if (t->iov && nr_segs <= t->nr_iov) 169 return t->iov; 170 171 /* not big enough -- allocate a new one and release the old */ 172 new_iov = kmalloc_array(nr_segs, sizeof(*new_iov), KSMBD_DEFAULT_GFP); 173 if (new_iov) { 174 kfree(t->iov); 175 t->iov = new_iov; 176 t->nr_iov = nr_segs; 177 } 178 return new_iov; 179 } 180 181 /** 182 * ksmbd_tcp_new_connection() - create a new tcp session on mount 183 * @client_sk: socket associated with new connection 184 * 185 * whenever a new connection is requested, create a conn thread 186 * (session thread) to handle new incoming smb requests from the connection 187 * 188 * Return: 0 on success, otherwise error 189 */ 190 static int ksmbd_tcp_new_connection(struct socket *client_sk) 191 { 192 int rc = 0; 193 struct tcp_transport *t; 194 struct task_struct *handler; 195 196 t = alloc_transport(client_sk); 197 if (!t) { 198 sock_release(client_sk); 199 return -ENOMEM; 200 } 201 202 #if IS_ENABLED(CONFIG_IPV6) 203 if (client_sk->sk->sk_family == AF_INET6) 204 handler = kthread_run(ksmbd_conn_handler_loop, 205 KSMBD_TRANS(t)->conn, "ksmbd:%pI6c", 206 &KSMBD_TRANS(t)->conn->inet6_addr); 207 else 208 handler = kthread_run(ksmbd_conn_handler_loop, 209 KSMBD_TRANS(t)->conn, "ksmbd:%pI4", 210 &KSMBD_TRANS(t)->conn->inet_addr); 211 #else 212 handler = kthread_run(ksmbd_conn_handler_loop, 213 KSMBD_TRANS(t)->conn, "ksmbd:%pI4", 214 &KSMBD_TRANS(t)->conn->inet_addr); 215 #endif 216 if (IS_ERR(handler)) { 217 pr_err("cannot start conn thread\n"); 218 rc = PTR_ERR(handler); 219 free_transport(t); 220 } 221 return rc; 222 } 223 224 /** 225 * ksmbd_kthread_fn() - listen to new SMB connections and callback server 226 * @p: arguments to forker thread 227 * 228 * Return: 0 on success, error number otherwise 229 */ 230 static int ksmbd_kthread_fn(void *p) 231 { 232 struct socket *client_sk = NULL; 233 struct interface *iface = (struct interface *)p; 234 struct ksmbd_conn *conn; 235 int ret, inet_hash; 236 unsigned int max_ip_conns; 237 238 while (!kthread_should_stop()) { 239 mutex_lock(&iface->sock_release_lock); 240 if (!iface->ksmbd_socket) { 241 mutex_unlock(&iface->sock_release_lock); 242 break; 243 } 244 ret = kernel_accept(iface->ksmbd_socket, &client_sk, 245 SOCK_NONBLOCK); 246 mutex_unlock(&iface->sock_release_lock); 247 if (ret) { 248 if (ret == -EAGAIN) 249 /* check for new connections every 100 msecs */ 250 schedule_timeout_interruptible(HZ / 10); 251 continue; 252 } 253 254 if (!server_conf.max_ip_connections) 255 goto skip_max_ip_conns_limit; 256 257 /* 258 * Limits repeated connections from clients with the same IP. 259 */ 260 #if IS_ENABLED(CONFIG_IPV6) 261 if (client_sk->sk->sk_family == AF_INET6) 262 inet_hash = ipv6_addr_hash(&client_sk->sk->sk_v6_daddr); 263 else 264 inet_hash = ipv4_addr_hash(inet_sk(client_sk->sk)->inet_daddr); 265 #else 266 inet_hash = ipv4_addr_hash(inet_sk(client_sk->sk)->inet_daddr); 267 #endif 268 269 max_ip_conns = 0; 270 down_read(&conn_list_lock); 271 hash_for_each_possible(conn_list, conn, hlist, inet_hash) { 272 #if IS_ENABLED(CONFIG_IPV6) 273 if (client_sk->sk->sk_family == AF_INET6) { 274 if (memcmp(&client_sk->sk->sk_v6_daddr, 275 &conn->inet6_addr, 16) == 0) 276 max_ip_conns++; 277 } else if (inet_sk(client_sk->sk)->inet_daddr == 278 conn->inet_addr) 279 max_ip_conns++; 280 #else 281 if (inet_sk(client_sk->sk)->inet_daddr == 282 conn->inet_addr) 283 max_ip_conns++; 284 #endif 285 if (server_conf.max_ip_connections <= max_ip_conns) { 286 pr_info_ratelimited("Maximum IP connections exceeded (%u/%u)\n", 287 max_ip_conns, server_conf.max_ip_connections); 288 ret = -EAGAIN; 289 break; 290 } 291 } 292 up_read(&conn_list_lock); 293 if (ret == -EAGAIN) 294 continue; 295 296 skip_max_ip_conns_limit: 297 if (server_conf.max_connections && 298 atomic_inc_return(&active_num_conn) >= server_conf.max_connections) { 299 pr_info_ratelimited("Limit the maximum number of connections(%u)\n", 300 atomic_read(&active_num_conn)); 301 atomic_dec(&active_num_conn); 302 sock_release(client_sk); 303 continue; 304 } 305 306 ksmbd_debug(CONN, "connect success: accepted new connection\n"); 307 client_sk->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT; 308 client_sk->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT; 309 310 ksmbd_tcp_new_connection(client_sk); 311 } 312 313 ksmbd_debug(CONN, "releasing socket\n"); 314 return 0; 315 } 316 317 /** 318 * ksmbd_tcp_run_kthread() - start forker thread 319 * @iface: pointer to struct interface 320 * 321 * start forker thread(ksmbd/0) at module init time to listen 322 * on port 445 for new SMB connection requests. It creates per connection 323 * server threads(ksmbd/x) 324 * 325 * Return: 0 on success or error number 326 */ 327 static int ksmbd_tcp_run_kthread(struct interface *iface) 328 { 329 int rc; 330 struct task_struct *kthread; 331 332 kthread = kthread_run(ksmbd_kthread_fn, (void *)iface, "ksmbd-%s", 333 iface->name); 334 if (IS_ERR(kthread)) { 335 rc = PTR_ERR(kthread); 336 return rc; 337 } 338 iface->ksmbd_kthread = kthread; 339 340 return 0; 341 } 342 343 /** 344 * ksmbd_tcp_readv() - read data from socket in given iovec 345 * @t: TCP transport instance 346 * @iov_orig: base IO vector 347 * @nr_segs: number of segments in base iov 348 * @to_read: number of bytes to read from socket 349 * @max_retries: maximum retry count 350 * 351 * Return: on success return number of bytes read from socket, 352 * otherwise return error number 353 */ 354 static int ksmbd_tcp_readv(struct tcp_transport *t, struct kvec *iov_orig, 355 unsigned int nr_segs, unsigned int to_read, 356 int max_retries) 357 { 358 int length = 0; 359 int total_read; 360 unsigned int segs; 361 struct msghdr ksmbd_msg; 362 struct kvec *iov; 363 struct ksmbd_conn *conn = KSMBD_TRANS(t)->conn; 364 365 iov = get_conn_iovec(t, nr_segs); 366 if (!iov) 367 return -ENOMEM; 368 369 ksmbd_msg.msg_control = NULL; 370 ksmbd_msg.msg_controllen = 0; 371 372 for (total_read = 0; to_read; total_read += length, to_read -= length) { 373 try_to_freeze(); 374 375 if (!ksmbd_conn_alive(conn)) { 376 total_read = -ESHUTDOWN; 377 break; 378 } 379 segs = kvec_array_init(iov, iov_orig, nr_segs, total_read); 380 381 length = kernel_recvmsg(t->sock, &ksmbd_msg, 382 iov, segs, to_read, 0); 383 384 if (length == -EINTR) { 385 total_read = -ESHUTDOWN; 386 break; 387 } else if (ksmbd_conn_need_reconnect(conn)) { 388 total_read = -EAGAIN; 389 break; 390 } else if (length == -ERESTARTSYS || length == -EAGAIN) { 391 /* 392 * If max_retries is negative, Allow unlimited 393 * retries to keep connection with inactive sessions. 394 */ 395 if (max_retries == 0) { 396 total_read = length; 397 break; 398 } else if (max_retries > 0) { 399 max_retries--; 400 } 401 402 usleep_range(1000, 2000); 403 length = 0; 404 continue; 405 } else if (length <= 0) { 406 total_read = length; 407 break; 408 } 409 } 410 return total_read; 411 } 412 413 /** 414 * ksmbd_tcp_read() - read data from socket in given buffer 415 * @t: TCP transport instance 416 * @buf: buffer to store read data from socket 417 * @to_read: number of bytes to read from socket 418 * @max_retries: number of retries if reading from socket fails 419 * 420 * Return: on success return number of bytes read from socket, 421 * otherwise return error number 422 */ 423 static int ksmbd_tcp_read(struct ksmbd_transport *t, char *buf, 424 unsigned int to_read, int max_retries) 425 { 426 struct kvec iov; 427 428 iov.iov_base = buf; 429 iov.iov_len = to_read; 430 431 return ksmbd_tcp_readv(TCP_TRANS(t), &iov, 1, to_read, max_retries); 432 } 433 434 static int ksmbd_tcp_writev(struct ksmbd_transport *t, struct kvec *iov, 435 int nvecs, int size, bool need_invalidate, 436 unsigned int remote_key) 437 438 { 439 struct msghdr smb_msg = {.msg_flags = MSG_NOSIGNAL}; 440 441 return kernel_sendmsg(TCP_TRANS(t)->sock, &smb_msg, iov, nvecs, size); 442 } 443 444 static void ksmbd_tcp_disconnect(struct ksmbd_transport *t) 445 { 446 free_transport(TCP_TRANS(t)); 447 if (server_conf.max_connections) 448 atomic_dec(&active_num_conn); 449 } 450 451 static void tcp_destroy_socket(struct socket *ksmbd_socket) 452 { 453 int ret; 454 455 if (!ksmbd_socket) 456 return; 457 458 /* set zero to timeout */ 459 ksmbd_tcp_rcv_timeout(ksmbd_socket, 0); 460 ksmbd_tcp_snd_timeout(ksmbd_socket, 0); 461 462 ret = kernel_sock_shutdown(ksmbd_socket, SHUT_RDWR); 463 if (ret) 464 pr_err("Failed to shutdown socket: %d\n", ret); 465 sock_release(ksmbd_socket); 466 } 467 468 /** 469 * create_socket - create socket for ksmbd/0 470 * @iface: interface to bind the created socket to 471 * 472 * Return: 0 on success, error number otherwise 473 */ 474 static int create_socket(struct interface *iface) 475 { 476 int ret; 477 struct sockaddr_in6 sin6; 478 struct sockaddr_in sin; 479 struct socket *ksmbd_socket; 480 bool ipv4 = false; 481 482 ret = sock_create_kern(current->nsproxy->net_ns, PF_INET6, SOCK_STREAM, 483 IPPROTO_TCP, &ksmbd_socket); 484 if (ret) { 485 if (ret != -EAFNOSUPPORT) 486 pr_err("Can't create socket for ipv6, fallback to ipv4: %d\n", ret); 487 ret = sock_create_kern(current->nsproxy->net_ns, PF_INET, 488 SOCK_STREAM, IPPROTO_TCP, &ksmbd_socket); 489 if (ret) { 490 pr_err("Can't create socket for ipv4: %d\n", ret); 491 goto out_clear; 492 } 493 494 sin.sin_family = PF_INET; 495 sin.sin_addr.s_addr = htonl(INADDR_ANY); 496 sin.sin_port = htons(server_conf.tcp_port); 497 ipv4 = true; 498 } else { 499 sin6.sin6_family = PF_INET6; 500 sin6.sin6_addr = in6addr_any; 501 sin6.sin6_port = htons(server_conf.tcp_port); 502 503 lock_sock(ksmbd_socket->sk); 504 ksmbd_socket->sk->sk_ipv6only = false; 505 release_sock(ksmbd_socket->sk); 506 } 507 508 ksmbd_tcp_nodelay(ksmbd_socket); 509 ksmbd_tcp_reuseaddr(ksmbd_socket); 510 511 ret = sock_setsockopt(ksmbd_socket, 512 SOL_SOCKET, 513 SO_BINDTODEVICE, 514 KERNEL_SOCKPTR(iface->name), 515 strlen(iface->name)); 516 if (ret != -ENODEV && ret < 0) { 517 pr_err("Failed to set SO_BINDTODEVICE: %d\n", ret); 518 goto out_error; 519 } 520 521 if (ipv4) 522 ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin, 523 sizeof(sin)); 524 else 525 ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin6, 526 sizeof(sin6)); 527 if (ret) { 528 pr_err("Failed to bind socket: %d\n", ret); 529 goto out_error; 530 } 531 532 ksmbd_socket->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT; 533 ksmbd_socket->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT; 534 535 ret = kernel_listen(ksmbd_socket, KSMBD_SOCKET_BACKLOG); 536 if (ret) { 537 pr_err("Port listen() error: %d\n", ret); 538 goto out_error; 539 } 540 541 iface->ksmbd_socket = ksmbd_socket; 542 ret = ksmbd_tcp_run_kthread(iface); 543 if (ret) { 544 pr_err("Can't start ksmbd main kthread: %d\n", ret); 545 goto out_error; 546 } 547 iface->state = IFACE_STATE_CONFIGURED; 548 549 return 0; 550 551 out_error: 552 tcp_destroy_socket(ksmbd_socket); 553 out_clear: 554 iface->ksmbd_socket = NULL; 555 return ret; 556 } 557 558 struct interface *ksmbd_find_netdev_name_iface_list(char *netdev_name) 559 { 560 struct interface *iface; 561 562 list_for_each_entry(iface, &iface_list, entry) 563 if (!strcmp(iface->name, netdev_name)) 564 return iface; 565 return NULL; 566 } 567 568 static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event, 569 void *ptr) 570 { 571 struct net_device *netdev = netdev_notifier_info_to_dev(ptr); 572 struct interface *iface; 573 int ret; 574 575 switch (event) { 576 case NETDEV_UP: 577 if (netif_is_bridge_port(netdev)) 578 return NOTIFY_OK; 579 580 iface = ksmbd_find_netdev_name_iface_list(netdev->name); 581 if (iface && iface->state == IFACE_STATE_DOWN) { 582 ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n", 583 iface->name); 584 ret = create_socket(iface); 585 if (ret) 586 return NOTIFY_OK; 587 } 588 if (!iface && bind_additional_ifaces) { 589 iface = alloc_iface(kstrdup(netdev->name, KSMBD_DEFAULT_GFP)); 590 if (!iface) 591 return NOTIFY_OK; 592 ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n", 593 iface->name); 594 ret = create_socket(iface); 595 if (ret) 596 break; 597 } 598 break; 599 case NETDEV_DOWN: 600 iface = ksmbd_find_netdev_name_iface_list(netdev->name); 601 if (iface && iface->state == IFACE_STATE_CONFIGURED) { 602 ksmbd_debug(CONN, "netdev-down event: netdev(%s) is going down\n", 603 iface->name); 604 tcp_stop_kthread(iface->ksmbd_kthread); 605 iface->ksmbd_kthread = NULL; 606 mutex_lock(&iface->sock_release_lock); 607 tcp_destroy_socket(iface->ksmbd_socket); 608 iface->ksmbd_socket = NULL; 609 mutex_unlock(&iface->sock_release_lock); 610 611 iface->state = IFACE_STATE_DOWN; 612 break; 613 } 614 break; 615 } 616 617 return NOTIFY_DONE; 618 } 619 620 static struct notifier_block ksmbd_netdev_notifier = { 621 .notifier_call = ksmbd_netdev_event, 622 }; 623 624 int ksmbd_tcp_init(void) 625 { 626 register_netdevice_notifier(&ksmbd_netdev_notifier); 627 628 return 0; 629 } 630 631 static void tcp_stop_kthread(struct task_struct *kthread) 632 { 633 int ret; 634 635 if (!kthread) 636 return; 637 638 ret = kthread_stop(kthread); 639 if (ret) 640 pr_err("failed to stop forker thread\n"); 641 } 642 643 void ksmbd_tcp_destroy(void) 644 { 645 struct interface *iface, *tmp; 646 647 unregister_netdevice_notifier(&ksmbd_netdev_notifier); 648 649 list_for_each_entry_safe(iface, tmp, &iface_list, entry) { 650 list_del(&iface->entry); 651 kfree(iface->name); 652 kfree(iface); 653 } 654 } 655 656 static struct interface *alloc_iface(char *ifname) 657 { 658 struct interface *iface; 659 660 if (!ifname) 661 return NULL; 662 663 iface = kzalloc(sizeof(struct interface), KSMBD_DEFAULT_GFP); 664 if (!iface) { 665 kfree(ifname); 666 return NULL; 667 } 668 669 iface->name = ifname; 670 iface->state = IFACE_STATE_DOWN; 671 list_add(&iface->entry, &iface_list); 672 mutex_init(&iface->sock_release_lock); 673 return iface; 674 } 675 676 int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz) 677 { 678 int sz = 0; 679 680 if (!ifc_list_sz) { 681 bind_additional_ifaces = 1; 682 return 0; 683 } 684 685 while (ifc_list_sz > 0) { 686 if (!alloc_iface(kstrdup(ifc_list, KSMBD_DEFAULT_GFP))) 687 return -ENOMEM; 688 689 sz = strlen(ifc_list); 690 if (!sz) 691 break; 692 693 ifc_list += sz + 1; 694 ifc_list_sz -= (sz + 1); 695 } 696 697 bind_additional_ifaces = 0; 698 699 return 0; 700 } 701 702 static const struct ksmbd_transport_ops ksmbd_tcp_transport_ops = { 703 .read = ksmbd_tcp_read, 704 .writev = ksmbd_tcp_writev, 705 .disconnect = ksmbd_tcp_disconnect, 706 .free_transport = ksmbd_tcp_free_transport, 707 }; 708