1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org> 4 * Copyright (C) 2018 Samsung Electronics Co., Ltd. 5 */ 6 7 #include <linux/freezer.h> 8 9 #include "smb_common.h" 10 #include "server.h" 11 #include "auth.h" 12 #include "connection.h" 13 #include "transport_tcp.h" 14 15 #define IFACE_STATE_DOWN BIT(0) 16 #define IFACE_STATE_CONFIGURED BIT(1) 17 18 static atomic_t active_num_conn; 19 20 struct interface { 21 struct task_struct *ksmbd_kthread; 22 struct socket *ksmbd_socket; 23 struct list_head entry; 24 char *name; 25 int state; 26 }; 27 28 static LIST_HEAD(iface_list); 29 30 static int bind_additional_ifaces; 31 32 struct tcp_transport { 33 struct ksmbd_transport transport; 34 struct socket *sock; 35 struct kvec *iov; 36 unsigned int nr_iov; 37 }; 38 39 static const struct ksmbd_transport_ops ksmbd_tcp_transport_ops; 40 41 static void tcp_stop_kthread(struct task_struct *kthread); 42 static struct interface *alloc_iface(char *ifname); 43 44 #define KSMBD_TRANS(t) (&(t)->transport) 45 #define TCP_TRANS(t) ((struct tcp_transport *)container_of(t, \ 46 struct tcp_transport, transport)) 47 48 static inline void ksmbd_tcp_nodelay(struct socket *sock) 49 { 50 tcp_sock_set_nodelay(sock->sk); 51 } 52 53 static inline void ksmbd_tcp_reuseaddr(struct socket *sock) 54 { 55 sock_set_reuseaddr(sock->sk); 56 } 57 58 static struct tcp_transport *alloc_transport(struct socket *client_sk) 59 { 60 struct tcp_transport *t; 61 struct ksmbd_conn *conn; 62 63 t = kzalloc(sizeof(*t), KSMBD_DEFAULT_GFP); 64 if (!t) 65 return NULL; 66 t->sock = client_sk; 67 68 conn = ksmbd_conn_alloc(); 69 if (!conn) { 70 kfree(t); 71 return NULL; 72 } 73 74 #if IS_ENABLED(CONFIG_IPV6) 75 if (client_sk->sk->sk_family == AF_INET6) { 76 memcpy(&conn->inet6_addr, &client_sk->sk->sk_v6_daddr, 16); 77 conn->inet_hash = ipv6_addr_hash(&client_sk->sk->sk_v6_daddr); 78 } else { 79 conn->inet_addr = inet_sk(client_sk->sk)->inet_daddr; 80 conn->inet_hash = ipv4_addr_hash(inet_sk(client_sk->sk)->inet_daddr); 81 } 82 #else 83 conn->inet_addr = inet_sk(client_sk->sk)->inet_daddr; 84 conn->inet_hash = ipv4_addr_hash(inet_sk(client_sk->sk)->inet_daddr); 85 #endif 86 down_write(&conn_list_lock); 87 hash_add(conn_list, &conn->hlist, conn->inet_hash); 88 up_write(&conn_list_lock); 89 90 conn->transport = KSMBD_TRANS(t); 91 KSMBD_TRANS(t)->conn = conn; 92 KSMBD_TRANS(t)->ops = &ksmbd_tcp_transport_ops; 93 return t; 94 } 95 96 static void ksmbd_tcp_free_transport(struct ksmbd_transport *kt) 97 { 98 struct tcp_transport *t = TCP_TRANS(kt); 99 100 sock_release(t->sock); 101 kfree(t->iov); 102 kfree(t); 103 } 104 105 static void free_transport(struct tcp_transport *t) 106 { 107 kernel_sock_shutdown(t->sock, SHUT_RDWR); 108 ksmbd_conn_free(KSMBD_TRANS(t)->conn); 109 } 110 111 /** 112 * kvec_array_init() - initialize a IO vector segment 113 * @new: IO vector to be initialized 114 * @iov: base IO vector 115 * @nr_segs: number of segments in base iov 116 * @bytes: total iovec length so far for read 117 * 118 * Return: Number of IO segments 119 */ 120 static unsigned int kvec_array_init(struct kvec *new, struct kvec *iov, 121 unsigned int nr_segs, size_t bytes) 122 { 123 size_t base = 0; 124 125 while (bytes || !iov->iov_len) { 126 int copy = min(bytes, iov->iov_len); 127 128 bytes -= copy; 129 base += copy; 130 if (iov->iov_len == base) { 131 iov++; 132 nr_segs--; 133 base = 0; 134 } 135 } 136 137 memcpy(new, iov, sizeof(*iov) * nr_segs); 138 new->iov_base += base; 139 new->iov_len -= base; 140 return nr_segs; 141 } 142 143 /** 144 * get_conn_iovec() - get connection iovec for reading from socket 145 * @t: TCP transport instance 146 * @nr_segs: number of segments in iov 147 * 148 * Return: return existing or newly allocate iovec 149 */ 150 static struct kvec *get_conn_iovec(struct tcp_transport *t, unsigned int nr_segs) 151 { 152 struct kvec *new_iov; 153 154 if (t->iov && nr_segs <= t->nr_iov) 155 return t->iov; 156 157 /* not big enough -- allocate a new one and release the old */ 158 new_iov = kmalloc_array(nr_segs, sizeof(*new_iov), KSMBD_DEFAULT_GFP); 159 if (new_iov) { 160 kfree(t->iov); 161 t->iov = new_iov; 162 t->nr_iov = nr_segs; 163 } 164 return new_iov; 165 } 166 167 /** 168 * ksmbd_tcp_new_connection() - create a new tcp session on mount 169 * @client_sk: socket associated with new connection 170 * 171 * whenever a new connection is requested, create a conn thread 172 * (session thread) to handle new incoming smb requests from the connection 173 * 174 * Return: 0 on success, otherwise error 175 */ 176 static int ksmbd_tcp_new_connection(struct socket *client_sk) 177 { 178 int rc = 0; 179 struct tcp_transport *t; 180 struct task_struct *handler; 181 182 t = alloc_transport(client_sk); 183 if (!t) { 184 sock_release(client_sk); 185 return -ENOMEM; 186 } 187 188 #if IS_ENABLED(CONFIG_IPV6) 189 if (client_sk->sk->sk_family == AF_INET6) 190 handler = kthread_run(ksmbd_conn_handler_loop, 191 KSMBD_TRANS(t)->conn, "ksmbd:%pI6c", 192 &KSMBD_TRANS(t)->conn->inet6_addr); 193 else 194 handler = kthread_run(ksmbd_conn_handler_loop, 195 KSMBD_TRANS(t)->conn, "ksmbd:%pI4", 196 &KSMBD_TRANS(t)->conn->inet_addr); 197 #else 198 handler = kthread_run(ksmbd_conn_handler_loop, 199 KSMBD_TRANS(t)->conn, "ksmbd:%pI4", 200 &KSMBD_TRANS(t)->conn->inet_addr); 201 #endif 202 if (IS_ERR(handler)) { 203 pr_err("cannot start conn thread\n"); 204 rc = PTR_ERR(handler); 205 free_transport(t); 206 } 207 return rc; 208 } 209 210 /** 211 * ksmbd_kthread_fn() - listen to new SMB connections and callback server 212 * @p: arguments to forker thread 213 * 214 * Return: 0 on success, error number otherwise 215 */ 216 static int ksmbd_kthread_fn(void *p) 217 { 218 struct socket *client_sk = NULL; 219 struct interface *iface = (struct interface *)p; 220 struct ksmbd_conn *conn; 221 int ret, inet_hash; 222 unsigned int max_ip_conns; 223 224 while (!kthread_should_stop()) { 225 if (!iface->ksmbd_socket) { 226 break; 227 } 228 ret = kernel_accept(iface->ksmbd_socket, &client_sk, 0); 229 if (ret == -EINVAL) 230 break; 231 if (ret) 232 continue; 233 234 if (!server_conf.max_ip_connections) 235 goto skip_max_ip_conns_limit; 236 237 /* 238 * Limits repeated connections from clients with the same IP. 239 */ 240 #if IS_ENABLED(CONFIG_IPV6) 241 if (client_sk->sk->sk_family == AF_INET6) 242 inet_hash = ipv6_addr_hash(&client_sk->sk->sk_v6_daddr); 243 else 244 inet_hash = ipv4_addr_hash(inet_sk(client_sk->sk)->inet_daddr); 245 #else 246 inet_hash = ipv4_addr_hash(inet_sk(client_sk->sk)->inet_daddr); 247 #endif 248 249 max_ip_conns = 0; 250 down_read(&conn_list_lock); 251 hash_for_each_possible(conn_list, conn, hlist, inet_hash) { 252 #if IS_ENABLED(CONFIG_IPV6) 253 if (client_sk->sk->sk_family == AF_INET6) { 254 if (memcmp(&client_sk->sk->sk_v6_daddr, 255 &conn->inet6_addr, 16) == 0) 256 max_ip_conns++; 257 } else if (inet_sk(client_sk->sk)->inet_daddr == 258 conn->inet_addr) 259 max_ip_conns++; 260 #else 261 if (inet_sk(client_sk->sk)->inet_daddr == 262 conn->inet_addr) 263 max_ip_conns++; 264 #endif 265 if (server_conf.max_ip_connections <= max_ip_conns) { 266 pr_info_ratelimited("Maximum IP connections exceeded (%u/%u)\n", 267 max_ip_conns, server_conf.max_ip_connections); 268 ret = -EAGAIN; 269 break; 270 } 271 } 272 up_read(&conn_list_lock); 273 if (ret == -EAGAIN) { 274 /* Per-IP limit hit: release the just-accepted socket. */ 275 sock_release(client_sk); 276 continue; 277 } 278 279 skip_max_ip_conns_limit: 280 if (server_conf.max_connections && 281 atomic_inc_return(&active_num_conn) >= server_conf.max_connections) { 282 pr_info_ratelimited("Limit the maximum number of connections(%u)\n", 283 atomic_read(&active_num_conn)); 284 atomic_dec(&active_num_conn); 285 sock_release(client_sk); 286 continue; 287 } 288 289 ksmbd_debug(CONN, "connect success: accepted new connection\n"); 290 client_sk->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT; 291 client_sk->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT; 292 293 ksmbd_tcp_new_connection(client_sk); 294 } 295 296 ksmbd_debug(CONN, "releasing socket\n"); 297 return 0; 298 } 299 300 /** 301 * ksmbd_tcp_run_kthread() - start forker thread 302 * @iface: pointer to struct interface 303 * 304 * start forker thread(ksmbd/0) at module init time to listen 305 * on port 445 for new SMB connection requests. It creates per connection 306 * server threads(ksmbd/x) 307 * 308 * Return: 0 on success or error number 309 */ 310 static int ksmbd_tcp_run_kthread(struct interface *iface) 311 { 312 int rc; 313 struct task_struct *kthread; 314 315 kthread = kthread_run(ksmbd_kthread_fn, (void *)iface, "ksmbd-%s", 316 iface->name); 317 if (IS_ERR(kthread)) { 318 rc = PTR_ERR(kthread); 319 return rc; 320 } 321 iface->ksmbd_kthread = kthread; 322 323 return 0; 324 } 325 326 /** 327 * ksmbd_tcp_readv() - read data from socket in given iovec 328 * @t: TCP transport instance 329 * @iov_orig: base IO vector 330 * @nr_segs: number of segments in base iov 331 * @to_read: number of bytes to read from socket 332 * @max_retries: maximum retry count 333 * 334 * Return: on success return number of bytes read from socket, 335 * otherwise return error number 336 */ 337 static int ksmbd_tcp_readv(struct tcp_transport *t, struct kvec *iov_orig, 338 unsigned int nr_segs, unsigned int to_read, 339 int max_retries) 340 { 341 int length = 0; 342 int total_read; 343 unsigned int segs; 344 struct msghdr ksmbd_msg; 345 struct kvec *iov; 346 struct ksmbd_conn *conn = KSMBD_TRANS(t)->conn; 347 348 iov = get_conn_iovec(t, nr_segs); 349 if (!iov) 350 return -ENOMEM; 351 352 ksmbd_msg.msg_control = NULL; 353 ksmbd_msg.msg_controllen = 0; 354 355 for (total_read = 0; to_read; total_read += length, to_read -= length) { 356 try_to_freeze(); 357 358 if (!ksmbd_conn_alive(conn)) { 359 total_read = -ESHUTDOWN; 360 break; 361 } 362 segs = kvec_array_init(iov, iov_orig, nr_segs, total_read); 363 364 length = kernel_recvmsg(t->sock, &ksmbd_msg, 365 iov, segs, to_read, 0); 366 367 if (length == -EINTR) { 368 total_read = -ESHUTDOWN; 369 break; 370 } else if (ksmbd_conn_need_reconnect(conn)) { 371 total_read = -EAGAIN; 372 break; 373 } else if (length == -ERESTARTSYS || length == -EAGAIN) { 374 /* 375 * If max_retries is negative, Allow unlimited 376 * retries to keep connection with inactive sessions. 377 */ 378 if (max_retries == 0) { 379 total_read = length; 380 break; 381 } else if (max_retries > 0) { 382 max_retries--; 383 } 384 385 usleep_range(1000, 2000); 386 length = 0; 387 continue; 388 } else if (length <= 0) { 389 total_read = length; 390 break; 391 } 392 } 393 return total_read; 394 } 395 396 /** 397 * ksmbd_tcp_read() - read data from socket in given buffer 398 * @t: TCP transport instance 399 * @buf: buffer to store read data from socket 400 * @to_read: number of bytes to read from socket 401 * @max_retries: number of retries if reading from socket fails 402 * 403 * Return: on success return number of bytes read from socket, 404 * otherwise return error number 405 */ 406 static int ksmbd_tcp_read(struct ksmbd_transport *t, char *buf, 407 unsigned int to_read, int max_retries) 408 { 409 struct kvec iov; 410 411 iov.iov_base = buf; 412 iov.iov_len = to_read; 413 414 return ksmbd_tcp_readv(TCP_TRANS(t), &iov, 1, to_read, max_retries); 415 } 416 417 static int ksmbd_tcp_writev(struct ksmbd_transport *t, struct kvec *iov, 418 int nvecs, int size, bool need_invalidate, 419 unsigned int remote_key) 420 421 { 422 struct msghdr smb_msg = {.msg_flags = MSG_NOSIGNAL}; 423 424 return kernel_sendmsg(TCP_TRANS(t)->sock, &smb_msg, iov, nvecs, size); 425 } 426 427 static void ksmbd_tcp_disconnect(struct ksmbd_transport *t) 428 { 429 free_transport(TCP_TRANS(t)); 430 if (server_conf.max_connections) 431 atomic_dec(&active_num_conn); 432 } 433 434 static void tcp_destroy_socket(struct socket *ksmbd_socket) 435 { 436 int ret; 437 438 if (!ksmbd_socket) 439 return; 440 441 ret = kernel_sock_shutdown(ksmbd_socket, SHUT_RDWR); 442 if (ret) 443 pr_err("Failed to shutdown socket: %d\n", ret); 444 sock_release(ksmbd_socket); 445 } 446 447 /** 448 * create_socket - create socket for ksmbd/0 449 * @iface: interface to bind the created socket to 450 * 451 * Return: 0 on success, error number otherwise 452 */ 453 static int create_socket(struct interface *iface) 454 { 455 int ret; 456 struct sockaddr_in6 sin6; 457 struct sockaddr_in sin; 458 struct socket *ksmbd_socket; 459 bool ipv4 = false; 460 461 ret = sock_create_kern(current->nsproxy->net_ns, PF_INET6, SOCK_STREAM, 462 IPPROTO_TCP, &ksmbd_socket); 463 if (ret) { 464 if (ret != -EAFNOSUPPORT) 465 pr_err("Can't create socket for ipv6, fallback to ipv4: %d\n", ret); 466 ret = sock_create_kern(current->nsproxy->net_ns, PF_INET, 467 SOCK_STREAM, IPPROTO_TCP, &ksmbd_socket); 468 if (ret) { 469 pr_err("Can't create socket for ipv4: %d\n", ret); 470 goto out_clear; 471 } 472 473 sin.sin_family = PF_INET; 474 sin.sin_addr.s_addr = htonl(INADDR_ANY); 475 sin.sin_port = htons(server_conf.tcp_port); 476 ipv4 = true; 477 } else { 478 sin6.sin6_family = PF_INET6; 479 sin6.sin6_addr = in6addr_any; 480 sin6.sin6_port = htons(server_conf.tcp_port); 481 482 lock_sock(ksmbd_socket->sk); 483 ksmbd_socket->sk->sk_ipv6only = false; 484 release_sock(ksmbd_socket->sk); 485 } 486 487 ksmbd_tcp_nodelay(ksmbd_socket); 488 ksmbd_tcp_reuseaddr(ksmbd_socket); 489 490 ret = sock_setsockopt(ksmbd_socket, 491 SOL_SOCKET, 492 SO_BINDTODEVICE, 493 KERNEL_SOCKPTR(iface->name), 494 strlen(iface->name)); 495 if (ret != -ENODEV && ret < 0) { 496 pr_err("Failed to set SO_BINDTODEVICE: %d\n", ret); 497 goto out_error; 498 } 499 500 if (ipv4) 501 ret = kernel_bind(ksmbd_socket, (struct sockaddr_unsized *)&sin, 502 sizeof(sin)); 503 else 504 ret = kernel_bind(ksmbd_socket, (struct sockaddr_unsized *)&sin6, 505 sizeof(sin6)); 506 if (ret) { 507 pr_err("Failed to bind socket: %d\n", ret); 508 goto out_error; 509 } 510 511 ret = kernel_listen(ksmbd_socket, KSMBD_SOCKET_BACKLOG); 512 if (ret) { 513 pr_err("Port listen() error: %d\n", ret); 514 goto out_error; 515 } 516 517 iface->ksmbd_socket = ksmbd_socket; 518 ret = ksmbd_tcp_run_kthread(iface); 519 if (ret) { 520 pr_err("Can't start ksmbd main kthread: %d\n", ret); 521 goto out_error; 522 } 523 iface->state = IFACE_STATE_CONFIGURED; 524 525 return 0; 526 527 out_error: 528 tcp_destroy_socket(ksmbd_socket); 529 out_clear: 530 iface->ksmbd_socket = NULL; 531 return ret; 532 } 533 534 struct interface *ksmbd_find_netdev_name_iface_list(char *netdev_name) 535 { 536 struct interface *iface; 537 538 list_for_each_entry(iface, &iface_list, entry) 539 if (!strcmp(iface->name, netdev_name)) 540 return iface; 541 return NULL; 542 } 543 544 static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event, 545 void *ptr) 546 { 547 struct net_device *netdev = netdev_notifier_info_to_dev(ptr); 548 struct interface *iface; 549 int ret; 550 551 switch (event) { 552 case NETDEV_UP: 553 if (netif_is_bridge_port(netdev)) 554 return NOTIFY_OK; 555 556 iface = ksmbd_find_netdev_name_iface_list(netdev->name); 557 if (iface && iface->state == IFACE_STATE_DOWN) { 558 ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n", 559 iface->name); 560 ret = create_socket(iface); 561 if (ret) 562 return NOTIFY_OK; 563 } 564 if (!iface && bind_additional_ifaces) { 565 iface = alloc_iface(kstrdup(netdev->name, KSMBD_DEFAULT_GFP)); 566 if (!iface) 567 return NOTIFY_OK; 568 ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n", 569 iface->name); 570 ret = create_socket(iface); 571 if (ret) 572 break; 573 } 574 break; 575 case NETDEV_DOWN: 576 iface = ksmbd_find_netdev_name_iface_list(netdev->name); 577 if (iface && iface->state == IFACE_STATE_CONFIGURED) { 578 ksmbd_debug(CONN, "netdev-down event: netdev(%s) is going down\n", 579 iface->name); 580 kernel_sock_shutdown(iface->ksmbd_socket, SHUT_RDWR); 581 tcp_stop_kthread(iface->ksmbd_kthread); 582 iface->ksmbd_kthread = NULL; 583 sock_release(iface->ksmbd_socket); 584 iface->ksmbd_socket = NULL; 585 586 iface->state = IFACE_STATE_DOWN; 587 break; 588 } 589 break; 590 } 591 592 return NOTIFY_DONE; 593 } 594 595 static struct notifier_block ksmbd_netdev_notifier = { 596 .notifier_call = ksmbd_netdev_event, 597 }; 598 599 int ksmbd_tcp_init(void) 600 { 601 register_netdevice_notifier(&ksmbd_netdev_notifier); 602 603 return 0; 604 } 605 606 static void tcp_stop_kthread(struct task_struct *kthread) 607 { 608 int ret; 609 610 if (!kthread) 611 return; 612 613 ret = kthread_stop(kthread); 614 if (ret) 615 pr_err("failed to stop forker thread\n"); 616 } 617 618 void ksmbd_tcp_destroy(void) 619 { 620 struct interface *iface, *tmp; 621 622 unregister_netdevice_notifier(&ksmbd_netdev_notifier); 623 624 list_for_each_entry_safe(iface, tmp, &iface_list, entry) { 625 list_del(&iface->entry); 626 kfree(iface->name); 627 kfree(iface); 628 } 629 } 630 631 static struct interface *alloc_iface(char *ifname) 632 { 633 struct interface *iface; 634 635 if (!ifname) 636 return NULL; 637 638 iface = kzalloc(sizeof(struct interface), KSMBD_DEFAULT_GFP); 639 if (!iface) { 640 kfree(ifname); 641 return NULL; 642 } 643 644 iface->name = ifname; 645 iface->state = IFACE_STATE_DOWN; 646 list_add(&iface->entry, &iface_list); 647 return iface; 648 } 649 650 int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz) 651 { 652 int sz = 0; 653 654 if (!ifc_list_sz) { 655 bind_additional_ifaces = 1; 656 return 0; 657 } 658 659 while (ifc_list_sz > 0) { 660 if (!alloc_iface(kstrdup(ifc_list, KSMBD_DEFAULT_GFP))) 661 return -ENOMEM; 662 663 sz = strlen(ifc_list); 664 if (!sz) 665 break; 666 667 ifc_list += sz + 1; 668 ifc_list_sz -= (sz + 1); 669 } 670 671 bind_additional_ifaces = 0; 672 673 return 0; 674 } 675 676 static const struct ksmbd_transport_ops ksmbd_tcp_transport_ops = { 677 .read = ksmbd_tcp_read, 678 .writev = ksmbd_tcp_writev, 679 .disconnect = ksmbd_tcp_disconnect, 680 .free_transport = ksmbd_tcp_free_transport, 681 }; 682