1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org> 4 * Copyright (C) 2018 Samsung Electronics Co., Ltd. 5 */ 6 7 #include <linux/freezer.h> 8 9 #include "smb_common.h" 10 #include "server.h" 11 #include "auth.h" 12 #include "connection.h" 13 #include "transport_tcp.h" 14 15 #define IFACE_STATE_DOWN BIT(0) 16 #define IFACE_STATE_CONFIGURED BIT(1) 17 18 static atomic_t active_num_conn; 19 20 struct interface { 21 struct task_struct *ksmbd_kthread; 22 struct socket *ksmbd_socket; 23 struct list_head entry; 24 char *name; 25 struct mutex sock_release_lock; 26 int state; 27 }; 28 29 static LIST_HEAD(iface_list); 30 31 static int bind_additional_ifaces; 32 33 struct tcp_transport { 34 struct ksmbd_transport transport; 35 struct socket *sock; 36 struct kvec *iov; 37 unsigned int nr_iov; 38 }; 39 40 static const struct ksmbd_transport_ops ksmbd_tcp_transport_ops; 41 42 static void tcp_stop_kthread(struct task_struct *kthread); 43 static struct interface *alloc_iface(char *ifname); 44 45 #define KSMBD_TRANS(t) (&(t)->transport) 46 #define TCP_TRANS(t) ((struct tcp_transport *)container_of(t, \ 47 struct tcp_transport, transport)) 48 49 static inline void ksmbd_tcp_nodelay(struct socket *sock) 50 { 51 tcp_sock_set_nodelay(sock->sk); 52 } 53 54 static inline void ksmbd_tcp_reuseaddr(struct socket *sock) 55 { 56 sock_set_reuseaddr(sock->sk); 57 } 58 59 static inline void ksmbd_tcp_rcv_timeout(struct socket *sock, s64 secs) 60 { 61 if (secs && secs < MAX_SCHEDULE_TIMEOUT / HZ - 1) 62 WRITE_ONCE(sock->sk->sk_rcvtimeo, secs * HZ); 63 else 64 WRITE_ONCE(sock->sk->sk_rcvtimeo, MAX_SCHEDULE_TIMEOUT); 65 } 66 67 static inline void ksmbd_tcp_snd_timeout(struct socket *sock, s64 secs) 68 { 69 sock_set_sndtimeo(sock->sk, secs); 70 } 71 72 static struct tcp_transport *alloc_transport(struct socket *client_sk) 73 { 74 struct tcp_transport *t; 75 struct ksmbd_conn *conn; 76 77 t = kzalloc(sizeof(*t), KSMBD_DEFAULT_GFP); 78 if (!t) 79 return NULL; 80 t->sock = client_sk; 81 82 conn = ksmbd_conn_alloc(); 83 if (!conn) { 84 kfree(t); 85 return NULL; 86 } 87 88 conn->inet_addr = inet_sk(client_sk->sk)->inet_daddr; 89 conn->transport = KSMBD_TRANS(t); 90 KSMBD_TRANS(t)->conn = conn; 91 KSMBD_TRANS(t)->ops = &ksmbd_tcp_transport_ops; 92 return t; 93 } 94 95 static void ksmbd_tcp_free_transport(struct ksmbd_transport *kt) 96 { 97 struct tcp_transport *t = TCP_TRANS(kt); 98 99 sock_release(t->sock); 100 kfree(t->iov); 101 kfree(t); 102 } 103 104 static void free_transport(struct tcp_transport *t) 105 { 106 kernel_sock_shutdown(t->sock, SHUT_RDWR); 107 ksmbd_conn_free(KSMBD_TRANS(t)->conn); 108 } 109 110 /** 111 * kvec_array_init() - initialize a IO vector segment 112 * @new: IO vector to be initialized 113 * @iov: base IO vector 114 * @nr_segs: number of segments in base iov 115 * @bytes: total iovec length so far for read 116 * 117 * Return: Number of IO segments 118 */ 119 static unsigned int kvec_array_init(struct kvec *new, struct kvec *iov, 120 unsigned int nr_segs, size_t bytes) 121 { 122 size_t base = 0; 123 124 while (bytes || !iov->iov_len) { 125 int copy = min(bytes, iov->iov_len); 126 127 bytes -= copy; 128 base += copy; 129 if (iov->iov_len == base) { 130 iov++; 131 nr_segs--; 132 base = 0; 133 } 134 } 135 136 memcpy(new, iov, sizeof(*iov) * nr_segs); 137 new->iov_base += base; 138 new->iov_len -= base; 139 return nr_segs; 140 } 141 142 /** 143 * get_conn_iovec() - get connection iovec for reading from socket 144 * @t: TCP transport instance 145 * @nr_segs: number of segments in iov 146 * 147 * Return: return existing or newly allocate iovec 148 */ 149 static struct kvec *get_conn_iovec(struct tcp_transport *t, unsigned int nr_segs) 150 { 151 struct kvec *new_iov; 152 153 if (t->iov && nr_segs <= t->nr_iov) 154 return t->iov; 155 156 /* not big enough -- allocate a new one and release the old */ 157 new_iov = kmalloc_array(nr_segs, sizeof(*new_iov), KSMBD_DEFAULT_GFP); 158 if (new_iov) { 159 kfree(t->iov); 160 t->iov = new_iov; 161 t->nr_iov = nr_segs; 162 } 163 return new_iov; 164 } 165 166 static unsigned short ksmbd_tcp_get_port(const struct sockaddr *sa) 167 { 168 switch (sa->sa_family) { 169 case AF_INET: 170 return ntohs(((struct sockaddr_in *)sa)->sin_port); 171 case AF_INET6: 172 return ntohs(((struct sockaddr_in6 *)sa)->sin6_port); 173 } 174 return 0; 175 } 176 177 /** 178 * ksmbd_tcp_new_connection() - create a new tcp session on mount 179 * @client_sk: socket associated with new connection 180 * 181 * whenever a new connection is requested, create a conn thread 182 * (session thread) to handle new incoming smb requests from the connection 183 * 184 * Return: 0 on success, otherwise error 185 */ 186 static int ksmbd_tcp_new_connection(struct socket *client_sk) 187 { 188 struct sockaddr *csin; 189 int rc = 0; 190 struct tcp_transport *t; 191 struct task_struct *handler; 192 193 t = alloc_transport(client_sk); 194 if (!t) { 195 sock_release(client_sk); 196 return -ENOMEM; 197 } 198 199 csin = KSMBD_TCP_PEER_SOCKADDR(KSMBD_TRANS(t)->conn); 200 if (kernel_getpeername(client_sk, csin) < 0) { 201 pr_err("client ip resolution failed\n"); 202 rc = -EINVAL; 203 goto out_error; 204 } 205 206 handler = kthread_run(ksmbd_conn_handler_loop, 207 KSMBD_TRANS(t)->conn, 208 "ksmbd:%u", 209 ksmbd_tcp_get_port(csin)); 210 if (IS_ERR(handler)) { 211 pr_err("cannot start conn thread\n"); 212 rc = PTR_ERR(handler); 213 free_transport(t); 214 } 215 return rc; 216 217 out_error: 218 free_transport(t); 219 return rc; 220 } 221 222 /** 223 * ksmbd_kthread_fn() - listen to new SMB connections and callback server 224 * @p: arguments to forker thread 225 * 226 * Return: 0 on success, error number otherwise 227 */ 228 static int ksmbd_kthread_fn(void *p) 229 { 230 struct socket *client_sk = NULL; 231 struct interface *iface = (struct interface *)p; 232 struct inet_sock *csk_inet; 233 struct ksmbd_conn *conn; 234 int ret; 235 236 while (!kthread_should_stop()) { 237 mutex_lock(&iface->sock_release_lock); 238 if (!iface->ksmbd_socket) { 239 mutex_unlock(&iface->sock_release_lock); 240 break; 241 } 242 ret = kernel_accept(iface->ksmbd_socket, &client_sk, 243 SOCK_NONBLOCK); 244 mutex_unlock(&iface->sock_release_lock); 245 if (ret) { 246 if (ret == -EAGAIN) 247 /* check for new connections every 100 msecs */ 248 schedule_timeout_interruptible(HZ / 10); 249 continue; 250 } 251 252 /* 253 * Limits repeated connections from clients with the same IP. 254 */ 255 csk_inet = inet_sk(client_sk->sk); 256 down_read(&conn_list_lock); 257 list_for_each_entry(conn, &conn_list, conns_list) 258 if (csk_inet->inet_daddr == conn->inet_addr) { 259 ret = -EAGAIN; 260 break; 261 } 262 up_read(&conn_list_lock); 263 if (ret == -EAGAIN) 264 continue; 265 266 if (server_conf.max_connections && 267 atomic_inc_return(&active_num_conn) >= server_conf.max_connections) { 268 pr_info_ratelimited("Limit the maximum number of connections(%u)\n", 269 atomic_read(&active_num_conn)); 270 atomic_dec(&active_num_conn); 271 sock_release(client_sk); 272 continue; 273 } 274 275 ksmbd_debug(CONN, "connect success: accepted new connection\n"); 276 client_sk->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT; 277 client_sk->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT; 278 279 ksmbd_tcp_new_connection(client_sk); 280 } 281 282 ksmbd_debug(CONN, "releasing socket\n"); 283 return 0; 284 } 285 286 /** 287 * ksmbd_tcp_run_kthread() - start forker thread 288 * @iface: pointer to struct interface 289 * 290 * start forker thread(ksmbd/0) at module init time to listen 291 * on port 445 for new SMB connection requests. It creates per connection 292 * server threads(ksmbd/x) 293 * 294 * Return: 0 on success or error number 295 */ 296 static int ksmbd_tcp_run_kthread(struct interface *iface) 297 { 298 int rc; 299 struct task_struct *kthread; 300 301 kthread = kthread_run(ksmbd_kthread_fn, (void *)iface, "ksmbd-%s", 302 iface->name); 303 if (IS_ERR(kthread)) { 304 rc = PTR_ERR(kthread); 305 return rc; 306 } 307 iface->ksmbd_kthread = kthread; 308 309 return 0; 310 } 311 312 /** 313 * ksmbd_tcp_readv() - read data from socket in given iovec 314 * @t: TCP transport instance 315 * @iov_orig: base IO vector 316 * @nr_segs: number of segments in base iov 317 * @to_read: number of bytes to read from socket 318 * @max_retries: maximum retry count 319 * 320 * Return: on success return number of bytes read from socket, 321 * otherwise return error number 322 */ 323 static int ksmbd_tcp_readv(struct tcp_transport *t, struct kvec *iov_orig, 324 unsigned int nr_segs, unsigned int to_read, 325 int max_retries) 326 { 327 int length = 0; 328 int total_read; 329 unsigned int segs; 330 struct msghdr ksmbd_msg; 331 struct kvec *iov; 332 struct ksmbd_conn *conn = KSMBD_TRANS(t)->conn; 333 334 iov = get_conn_iovec(t, nr_segs); 335 if (!iov) 336 return -ENOMEM; 337 338 ksmbd_msg.msg_control = NULL; 339 ksmbd_msg.msg_controllen = 0; 340 341 for (total_read = 0; to_read; total_read += length, to_read -= length) { 342 try_to_freeze(); 343 344 if (!ksmbd_conn_alive(conn)) { 345 total_read = -ESHUTDOWN; 346 break; 347 } 348 segs = kvec_array_init(iov, iov_orig, nr_segs, total_read); 349 350 length = kernel_recvmsg(t->sock, &ksmbd_msg, 351 iov, segs, to_read, 0); 352 353 if (length == -EINTR) { 354 total_read = -ESHUTDOWN; 355 break; 356 } else if (ksmbd_conn_need_reconnect(conn)) { 357 total_read = -EAGAIN; 358 break; 359 } else if (length == -ERESTARTSYS || length == -EAGAIN) { 360 /* 361 * If max_retries is negative, Allow unlimited 362 * retries to keep connection with inactive sessions. 363 */ 364 if (max_retries == 0) { 365 total_read = length; 366 break; 367 } else if (max_retries > 0) { 368 max_retries--; 369 } 370 371 usleep_range(1000, 2000); 372 length = 0; 373 continue; 374 } else if (length <= 0) { 375 total_read = length; 376 break; 377 } 378 } 379 return total_read; 380 } 381 382 /** 383 * ksmbd_tcp_read() - read data from socket in given buffer 384 * @t: TCP transport instance 385 * @buf: buffer to store read data from socket 386 * @to_read: number of bytes to read from socket 387 * @max_retries: number of retries if reading from socket fails 388 * 389 * Return: on success return number of bytes read from socket, 390 * otherwise return error number 391 */ 392 static int ksmbd_tcp_read(struct ksmbd_transport *t, char *buf, 393 unsigned int to_read, int max_retries) 394 { 395 struct kvec iov; 396 397 iov.iov_base = buf; 398 iov.iov_len = to_read; 399 400 return ksmbd_tcp_readv(TCP_TRANS(t), &iov, 1, to_read, max_retries); 401 } 402 403 static int ksmbd_tcp_writev(struct ksmbd_transport *t, struct kvec *iov, 404 int nvecs, int size, bool need_invalidate, 405 unsigned int remote_key) 406 407 { 408 struct msghdr smb_msg = {.msg_flags = MSG_NOSIGNAL}; 409 410 return kernel_sendmsg(TCP_TRANS(t)->sock, &smb_msg, iov, nvecs, size); 411 } 412 413 static void ksmbd_tcp_disconnect(struct ksmbd_transport *t) 414 { 415 free_transport(TCP_TRANS(t)); 416 if (server_conf.max_connections) 417 atomic_dec(&active_num_conn); 418 } 419 420 static void tcp_destroy_socket(struct socket *ksmbd_socket) 421 { 422 int ret; 423 424 if (!ksmbd_socket) 425 return; 426 427 /* set zero to timeout */ 428 ksmbd_tcp_rcv_timeout(ksmbd_socket, 0); 429 ksmbd_tcp_snd_timeout(ksmbd_socket, 0); 430 431 ret = kernel_sock_shutdown(ksmbd_socket, SHUT_RDWR); 432 if (ret) 433 pr_err("Failed to shutdown socket: %d\n", ret); 434 sock_release(ksmbd_socket); 435 } 436 437 /** 438 * create_socket - create socket for ksmbd/0 439 * @iface: interface to bind the created socket to 440 * 441 * Return: 0 on success, error number otherwise 442 */ 443 static int create_socket(struct interface *iface) 444 { 445 int ret; 446 struct sockaddr_in6 sin6; 447 struct sockaddr_in sin; 448 struct socket *ksmbd_socket; 449 bool ipv4 = false; 450 451 ret = sock_create(PF_INET6, SOCK_STREAM, IPPROTO_TCP, &ksmbd_socket); 452 if (ret) { 453 if (ret != -EAFNOSUPPORT) 454 pr_err("Can't create socket for ipv6, fallback to ipv4: %d\n", ret); 455 ret = sock_create(PF_INET, SOCK_STREAM, IPPROTO_TCP, 456 &ksmbd_socket); 457 if (ret) { 458 pr_err("Can't create socket for ipv4: %d\n", ret); 459 goto out_clear; 460 } 461 462 sin.sin_family = PF_INET; 463 sin.sin_addr.s_addr = htonl(INADDR_ANY); 464 sin.sin_port = htons(server_conf.tcp_port); 465 ipv4 = true; 466 } else { 467 sin6.sin6_family = PF_INET6; 468 sin6.sin6_addr = in6addr_any; 469 sin6.sin6_port = htons(server_conf.tcp_port); 470 471 lock_sock(ksmbd_socket->sk); 472 ksmbd_socket->sk->sk_ipv6only = false; 473 release_sock(ksmbd_socket->sk); 474 } 475 476 ksmbd_tcp_nodelay(ksmbd_socket); 477 ksmbd_tcp_reuseaddr(ksmbd_socket); 478 479 ret = sock_setsockopt(ksmbd_socket, 480 SOL_SOCKET, 481 SO_BINDTODEVICE, 482 KERNEL_SOCKPTR(iface->name), 483 strlen(iface->name)); 484 if (ret != -ENODEV && ret < 0) { 485 pr_err("Failed to set SO_BINDTODEVICE: %d\n", ret); 486 goto out_error; 487 } 488 489 if (ipv4) 490 ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin, 491 sizeof(sin)); 492 else 493 ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin6, 494 sizeof(sin6)); 495 if (ret) { 496 pr_err("Failed to bind socket: %d\n", ret); 497 goto out_error; 498 } 499 500 ksmbd_socket->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT; 501 ksmbd_socket->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT; 502 503 ret = kernel_listen(ksmbd_socket, KSMBD_SOCKET_BACKLOG); 504 if (ret) { 505 pr_err("Port listen() error: %d\n", ret); 506 goto out_error; 507 } 508 509 iface->ksmbd_socket = ksmbd_socket; 510 ret = ksmbd_tcp_run_kthread(iface); 511 if (ret) { 512 pr_err("Can't start ksmbd main kthread: %d\n", ret); 513 goto out_error; 514 } 515 iface->state = IFACE_STATE_CONFIGURED; 516 517 return 0; 518 519 out_error: 520 tcp_destroy_socket(ksmbd_socket); 521 out_clear: 522 iface->ksmbd_socket = NULL; 523 return ret; 524 } 525 526 struct interface *ksmbd_find_netdev_name_iface_list(char *netdev_name) 527 { 528 struct interface *iface; 529 530 list_for_each_entry(iface, &iface_list, entry) 531 if (!strcmp(iface->name, netdev_name)) 532 return iface; 533 return NULL; 534 } 535 536 static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event, 537 void *ptr) 538 { 539 struct net_device *netdev = netdev_notifier_info_to_dev(ptr); 540 struct interface *iface; 541 int ret; 542 543 switch (event) { 544 case NETDEV_UP: 545 if (netif_is_bridge_port(netdev)) 546 return NOTIFY_OK; 547 548 iface = ksmbd_find_netdev_name_iface_list(netdev->name); 549 if (iface && iface->state == IFACE_STATE_DOWN) { 550 ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n", 551 iface->name); 552 ret = create_socket(iface); 553 if (ret) 554 return NOTIFY_OK; 555 } 556 if (!iface && bind_additional_ifaces) { 557 iface = alloc_iface(kstrdup(netdev->name, KSMBD_DEFAULT_GFP)); 558 if (!iface) 559 return NOTIFY_OK; 560 ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n", 561 iface->name); 562 ret = create_socket(iface); 563 if (ret) 564 break; 565 } 566 break; 567 case NETDEV_DOWN: 568 iface = ksmbd_find_netdev_name_iface_list(netdev->name); 569 if (iface && iface->state == IFACE_STATE_CONFIGURED) { 570 ksmbd_debug(CONN, "netdev-down event: netdev(%s) is going down\n", 571 iface->name); 572 tcp_stop_kthread(iface->ksmbd_kthread); 573 iface->ksmbd_kthread = NULL; 574 mutex_lock(&iface->sock_release_lock); 575 tcp_destroy_socket(iface->ksmbd_socket); 576 iface->ksmbd_socket = NULL; 577 mutex_unlock(&iface->sock_release_lock); 578 579 iface->state = IFACE_STATE_DOWN; 580 break; 581 } 582 break; 583 } 584 585 return NOTIFY_DONE; 586 } 587 588 static struct notifier_block ksmbd_netdev_notifier = { 589 .notifier_call = ksmbd_netdev_event, 590 }; 591 592 int ksmbd_tcp_init(void) 593 { 594 register_netdevice_notifier(&ksmbd_netdev_notifier); 595 596 return 0; 597 } 598 599 static void tcp_stop_kthread(struct task_struct *kthread) 600 { 601 int ret; 602 603 if (!kthread) 604 return; 605 606 ret = kthread_stop(kthread); 607 if (ret) 608 pr_err("failed to stop forker thread\n"); 609 } 610 611 void ksmbd_tcp_destroy(void) 612 { 613 struct interface *iface, *tmp; 614 615 unregister_netdevice_notifier(&ksmbd_netdev_notifier); 616 617 list_for_each_entry_safe(iface, tmp, &iface_list, entry) { 618 list_del(&iface->entry); 619 kfree(iface->name); 620 kfree(iface); 621 } 622 } 623 624 static struct interface *alloc_iface(char *ifname) 625 { 626 struct interface *iface; 627 628 if (!ifname) 629 return NULL; 630 631 iface = kzalloc(sizeof(struct interface), KSMBD_DEFAULT_GFP); 632 if (!iface) { 633 kfree(ifname); 634 return NULL; 635 } 636 637 iface->name = ifname; 638 iface->state = IFACE_STATE_DOWN; 639 list_add(&iface->entry, &iface_list); 640 mutex_init(&iface->sock_release_lock); 641 return iface; 642 } 643 644 int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz) 645 { 646 int sz = 0; 647 648 if (!ifc_list_sz) { 649 bind_additional_ifaces = 1; 650 return 0; 651 } 652 653 while (ifc_list_sz > 0) { 654 if (!alloc_iface(kstrdup(ifc_list, KSMBD_DEFAULT_GFP))) 655 return -ENOMEM; 656 657 sz = strlen(ifc_list); 658 if (!sz) 659 break; 660 661 ifc_list += sz + 1; 662 ifc_list_sz -= (sz + 1); 663 } 664 665 bind_additional_ifaces = 0; 666 667 return 0; 668 } 669 670 static const struct ksmbd_transport_ops ksmbd_tcp_transport_ops = { 671 .read = ksmbd_tcp_read, 672 .writev = ksmbd_tcp_writev, 673 .disconnect = ksmbd_tcp_disconnect, 674 .free_transport = ksmbd_tcp_free_transport, 675 }; 676