1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org> 4 * Copyright (C) 2018 Samsung Electronics Co., Ltd. 5 */ 6 7 #include <linux/freezer.h> 8 9 #include "smb_common.h" 10 #include "server.h" 11 #include "auth.h" 12 #include "connection.h" 13 #include "transport_tcp.h" 14 15 #define IFACE_STATE_DOWN BIT(0) 16 #define IFACE_STATE_CONFIGURED BIT(1) 17 18 static atomic_t active_num_conn; 19 20 struct interface { 21 struct task_struct *ksmbd_kthread; 22 struct socket *ksmbd_socket; 23 struct list_head entry; 24 char *name; 25 struct mutex sock_release_lock; 26 int state; 27 }; 28 29 static LIST_HEAD(iface_list); 30 31 static int bind_additional_ifaces; 32 33 struct tcp_transport { 34 struct ksmbd_transport transport; 35 struct socket *sock; 36 struct kvec *iov; 37 unsigned int nr_iov; 38 }; 39 40 static const struct ksmbd_transport_ops ksmbd_tcp_transport_ops; 41 42 static void tcp_stop_kthread(struct task_struct *kthread); 43 static struct interface *alloc_iface(char *ifname); 44 45 #define KSMBD_TRANS(t) (&(t)->transport) 46 #define TCP_TRANS(t) ((struct tcp_transport *)container_of(t, \ 47 struct tcp_transport, transport)) 48 49 static inline void ksmbd_tcp_nodelay(struct socket *sock) 50 { 51 tcp_sock_set_nodelay(sock->sk); 52 } 53 54 static inline void ksmbd_tcp_reuseaddr(struct socket *sock) 55 { 56 sock_set_reuseaddr(sock->sk); 57 } 58 59 static inline void ksmbd_tcp_rcv_timeout(struct socket *sock, s64 secs) 60 { 61 if (secs && secs < MAX_SCHEDULE_TIMEOUT / HZ - 1) 62 WRITE_ONCE(sock->sk->sk_rcvtimeo, secs * HZ); 63 else 64 WRITE_ONCE(sock->sk->sk_rcvtimeo, MAX_SCHEDULE_TIMEOUT); 65 } 66 67 static inline void ksmbd_tcp_snd_timeout(struct socket *sock, s64 secs) 68 { 69 sock_set_sndtimeo(sock->sk, secs); 70 } 71 72 static struct tcp_transport *alloc_transport(struct socket *client_sk) 73 { 74 struct tcp_transport *t; 75 struct ksmbd_conn *conn; 76 77 t = kzalloc(sizeof(*t), KSMBD_DEFAULT_GFP); 78 if (!t) 79 return NULL; 80 t->sock = client_sk; 81 82 conn = ksmbd_conn_alloc(); 83 if (!conn) { 84 kfree(t); 85 return NULL; 86 } 87 88 #if IS_ENABLED(CONFIG_IPV6) 89 if (client_sk->sk->sk_family == AF_INET6) { 90 memcpy(&conn->inet6_addr, &client_sk->sk->sk_v6_daddr, 16); 91 conn->inet_hash = ipv6_addr_hash(&client_sk->sk->sk_v6_daddr); 92 } else { 93 conn->inet_addr = inet_sk(client_sk->sk)->inet_daddr; 94 conn->inet_hash = ipv4_addr_hash(inet_sk(client_sk->sk)->inet_daddr); 95 } 96 #else 97 conn->inet_addr = inet_sk(client_sk->sk)->inet_daddr; 98 conn->inet_hash = ipv4_addr_hash(inet_sk(client_sk->sk)->inet_daddr); 99 #endif 100 down_write(&conn_list_lock); 101 hash_add(conn_list, &conn->hlist, conn->inet_hash); 102 up_write(&conn_list_lock); 103 104 conn->transport = KSMBD_TRANS(t); 105 KSMBD_TRANS(t)->conn = conn; 106 KSMBD_TRANS(t)->ops = &ksmbd_tcp_transport_ops; 107 return t; 108 } 109 110 static void ksmbd_tcp_free_transport(struct ksmbd_transport *kt) 111 { 112 struct tcp_transport *t = TCP_TRANS(kt); 113 114 sock_release(t->sock); 115 kfree(t->iov); 116 kfree(t); 117 } 118 119 static void free_transport(struct tcp_transport *t) 120 { 121 kernel_sock_shutdown(t->sock, SHUT_RDWR); 122 ksmbd_conn_free(KSMBD_TRANS(t)->conn); 123 } 124 125 /** 126 * kvec_array_init() - initialize a IO vector segment 127 * @new: IO vector to be initialized 128 * @iov: base IO vector 129 * @nr_segs: number of segments in base iov 130 * @bytes: total iovec length so far for read 131 * 132 * Return: Number of IO segments 133 */ 134 static unsigned int kvec_array_init(struct kvec *new, struct kvec *iov, 135 unsigned int nr_segs, size_t bytes) 136 { 137 size_t base = 0; 138 139 while (bytes || !iov->iov_len) { 140 int copy = min(bytes, iov->iov_len); 141 142 bytes -= copy; 143 base += copy; 144 if (iov->iov_len == base) { 145 iov++; 146 nr_segs--; 147 base = 0; 148 } 149 } 150 151 memcpy(new, iov, sizeof(*iov) * nr_segs); 152 new->iov_base += base; 153 new->iov_len -= base; 154 return nr_segs; 155 } 156 157 /** 158 * get_conn_iovec() - get connection iovec for reading from socket 159 * @t: TCP transport instance 160 * @nr_segs: number of segments in iov 161 * 162 * Return: return existing or newly allocate iovec 163 */ 164 static struct kvec *get_conn_iovec(struct tcp_transport *t, unsigned int nr_segs) 165 { 166 struct kvec *new_iov; 167 168 if (t->iov && nr_segs <= t->nr_iov) 169 return t->iov; 170 171 /* not big enough -- allocate a new one and release the old */ 172 new_iov = kmalloc_array(nr_segs, sizeof(*new_iov), KSMBD_DEFAULT_GFP); 173 if (new_iov) { 174 kfree(t->iov); 175 t->iov = new_iov; 176 t->nr_iov = nr_segs; 177 } 178 return new_iov; 179 } 180 181 /** 182 * ksmbd_tcp_new_connection() - create a new tcp session on mount 183 * @client_sk: socket associated with new connection 184 * 185 * whenever a new connection is requested, create a conn thread 186 * (session thread) to handle new incoming smb requests from the connection 187 * 188 * Return: 0 on success, otherwise error 189 */ 190 static int ksmbd_tcp_new_connection(struct socket *client_sk) 191 { 192 int rc = 0; 193 struct tcp_transport *t; 194 struct task_struct *handler; 195 196 t = alloc_transport(client_sk); 197 if (!t) { 198 sock_release(client_sk); 199 return -ENOMEM; 200 } 201 202 #if IS_ENABLED(CONFIG_IPV6) 203 if (client_sk->sk->sk_family == AF_INET6) 204 handler = kthread_run(ksmbd_conn_handler_loop, 205 KSMBD_TRANS(t)->conn, "ksmbd:%pI6c", 206 &KSMBD_TRANS(t)->conn->inet6_addr); 207 else 208 handler = kthread_run(ksmbd_conn_handler_loop, 209 KSMBD_TRANS(t)->conn, "ksmbd:%pI4", 210 &KSMBD_TRANS(t)->conn->inet_addr); 211 #else 212 handler = kthread_run(ksmbd_conn_handler_loop, 213 KSMBD_TRANS(t)->conn, "ksmbd:%pI4", 214 &KSMBD_TRANS(t)->conn->inet_addr); 215 #endif 216 if (IS_ERR(handler)) { 217 pr_err("cannot start conn thread\n"); 218 rc = PTR_ERR(handler); 219 free_transport(t); 220 } 221 return rc; 222 } 223 224 /** 225 * ksmbd_kthread_fn() - listen to new SMB connections and callback server 226 * @p: arguments to forker thread 227 * 228 * Return: 0 on success, error number otherwise 229 */ 230 static int ksmbd_kthread_fn(void *p) 231 { 232 struct socket *client_sk = NULL; 233 struct interface *iface = (struct interface *)p; 234 struct ksmbd_conn *conn; 235 int ret, inet_hash; 236 unsigned int max_ip_conns; 237 238 while (!kthread_should_stop()) { 239 mutex_lock(&iface->sock_release_lock); 240 if (!iface->ksmbd_socket) { 241 mutex_unlock(&iface->sock_release_lock); 242 break; 243 } 244 ret = kernel_accept(iface->ksmbd_socket, &client_sk, 245 SOCK_NONBLOCK); 246 mutex_unlock(&iface->sock_release_lock); 247 if (ret) { 248 if (ret == -EAGAIN) 249 /* check for new connections every 100 msecs */ 250 schedule_timeout_interruptible(HZ / 10); 251 continue; 252 } 253 254 if (!server_conf.max_ip_connections) 255 goto skip_max_ip_conns_limit; 256 257 /* 258 * Limits repeated connections from clients with the same IP. 259 */ 260 #if IS_ENABLED(CONFIG_IPV6) 261 if (client_sk->sk->sk_family == AF_INET6) 262 inet_hash = ipv6_addr_hash(&client_sk->sk->sk_v6_daddr); 263 else 264 inet_hash = ipv4_addr_hash(inet_sk(client_sk->sk)->inet_daddr); 265 #else 266 inet_hash = ipv4_addr_hash(inet_sk(client_sk->sk)->inet_daddr); 267 #endif 268 269 max_ip_conns = 0; 270 down_read(&conn_list_lock); 271 hash_for_each_possible(conn_list, conn, hlist, inet_hash) { 272 #if IS_ENABLED(CONFIG_IPV6) 273 if (client_sk->sk->sk_family == AF_INET6) { 274 if (memcmp(&client_sk->sk->sk_v6_daddr, 275 &conn->inet6_addr, 16) == 0) 276 max_ip_conns++; 277 } else if (inet_sk(client_sk->sk)->inet_daddr == 278 conn->inet_addr) 279 max_ip_conns++; 280 #else 281 if (inet_sk(client_sk->sk)->inet_daddr == 282 conn->inet_addr) 283 max_ip_conns++; 284 #endif 285 if (server_conf.max_ip_connections <= max_ip_conns) { 286 pr_info_ratelimited("Maximum IP connections exceeded (%u/%u)\n", 287 max_ip_conns, server_conf.max_ip_connections); 288 ret = -EAGAIN; 289 break; 290 } 291 } 292 up_read(&conn_list_lock); 293 if (ret == -EAGAIN) { 294 /* Per-IP limit hit: release the just-accepted socket. */ 295 sock_release(client_sk); 296 continue; 297 } 298 299 skip_max_ip_conns_limit: 300 if (server_conf.max_connections && 301 atomic_inc_return(&active_num_conn) >= server_conf.max_connections) { 302 pr_info_ratelimited("Limit the maximum number of connections(%u)\n", 303 atomic_read(&active_num_conn)); 304 atomic_dec(&active_num_conn); 305 sock_release(client_sk); 306 continue; 307 } 308 309 ksmbd_debug(CONN, "connect success: accepted new connection\n"); 310 client_sk->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT; 311 client_sk->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT; 312 313 ksmbd_tcp_new_connection(client_sk); 314 } 315 316 ksmbd_debug(CONN, "releasing socket\n"); 317 return 0; 318 } 319 320 /** 321 * ksmbd_tcp_run_kthread() - start forker thread 322 * @iface: pointer to struct interface 323 * 324 * start forker thread(ksmbd/0) at module init time to listen 325 * on port 445 for new SMB connection requests. It creates per connection 326 * server threads(ksmbd/x) 327 * 328 * Return: 0 on success or error number 329 */ 330 static int ksmbd_tcp_run_kthread(struct interface *iface) 331 { 332 int rc; 333 struct task_struct *kthread; 334 335 kthread = kthread_run(ksmbd_kthread_fn, (void *)iface, "ksmbd-%s", 336 iface->name); 337 if (IS_ERR(kthread)) { 338 rc = PTR_ERR(kthread); 339 return rc; 340 } 341 iface->ksmbd_kthread = kthread; 342 343 return 0; 344 } 345 346 /** 347 * ksmbd_tcp_readv() - read data from socket in given iovec 348 * @t: TCP transport instance 349 * @iov_orig: base IO vector 350 * @nr_segs: number of segments in base iov 351 * @to_read: number of bytes to read from socket 352 * @max_retries: maximum retry count 353 * 354 * Return: on success return number of bytes read from socket, 355 * otherwise return error number 356 */ 357 static int ksmbd_tcp_readv(struct tcp_transport *t, struct kvec *iov_orig, 358 unsigned int nr_segs, unsigned int to_read, 359 int max_retries) 360 { 361 int length = 0; 362 int total_read; 363 unsigned int segs; 364 struct msghdr ksmbd_msg; 365 struct kvec *iov; 366 struct ksmbd_conn *conn = KSMBD_TRANS(t)->conn; 367 368 iov = get_conn_iovec(t, nr_segs); 369 if (!iov) 370 return -ENOMEM; 371 372 ksmbd_msg.msg_control = NULL; 373 ksmbd_msg.msg_controllen = 0; 374 375 for (total_read = 0; to_read; total_read += length, to_read -= length) { 376 try_to_freeze(); 377 378 if (!ksmbd_conn_alive(conn)) { 379 total_read = -ESHUTDOWN; 380 break; 381 } 382 segs = kvec_array_init(iov, iov_orig, nr_segs, total_read); 383 384 length = kernel_recvmsg(t->sock, &ksmbd_msg, 385 iov, segs, to_read, 0); 386 387 if (length == -EINTR) { 388 total_read = -ESHUTDOWN; 389 break; 390 } else if (ksmbd_conn_need_reconnect(conn)) { 391 total_read = -EAGAIN; 392 break; 393 } else if (length == -ERESTARTSYS || length == -EAGAIN) { 394 /* 395 * If max_retries is negative, Allow unlimited 396 * retries to keep connection with inactive sessions. 397 */ 398 if (max_retries == 0) { 399 total_read = length; 400 break; 401 } else if (max_retries > 0) { 402 max_retries--; 403 } 404 405 usleep_range(1000, 2000); 406 length = 0; 407 continue; 408 } else if (length <= 0) { 409 total_read = length; 410 break; 411 } 412 } 413 return total_read; 414 } 415 416 /** 417 * ksmbd_tcp_read() - read data from socket in given buffer 418 * @t: TCP transport instance 419 * @buf: buffer to store read data from socket 420 * @to_read: number of bytes to read from socket 421 * @max_retries: number of retries if reading from socket fails 422 * 423 * Return: on success return number of bytes read from socket, 424 * otherwise return error number 425 */ 426 static int ksmbd_tcp_read(struct ksmbd_transport *t, char *buf, 427 unsigned int to_read, int max_retries) 428 { 429 struct kvec iov; 430 431 iov.iov_base = buf; 432 iov.iov_len = to_read; 433 434 return ksmbd_tcp_readv(TCP_TRANS(t), &iov, 1, to_read, max_retries); 435 } 436 437 static int ksmbd_tcp_writev(struct ksmbd_transport *t, struct kvec *iov, 438 int nvecs, int size, bool need_invalidate, 439 unsigned int remote_key) 440 441 { 442 struct msghdr smb_msg = {.msg_flags = MSG_NOSIGNAL}; 443 444 return kernel_sendmsg(TCP_TRANS(t)->sock, &smb_msg, iov, nvecs, size); 445 } 446 447 static void ksmbd_tcp_disconnect(struct ksmbd_transport *t) 448 { 449 free_transport(TCP_TRANS(t)); 450 if (server_conf.max_connections) 451 atomic_dec(&active_num_conn); 452 } 453 454 static void tcp_destroy_socket(struct socket *ksmbd_socket) 455 { 456 int ret; 457 458 if (!ksmbd_socket) 459 return; 460 461 /* set zero to timeout */ 462 ksmbd_tcp_rcv_timeout(ksmbd_socket, 0); 463 ksmbd_tcp_snd_timeout(ksmbd_socket, 0); 464 465 ret = kernel_sock_shutdown(ksmbd_socket, SHUT_RDWR); 466 if (ret) 467 pr_err("Failed to shutdown socket: %d\n", ret); 468 sock_release(ksmbd_socket); 469 } 470 471 /** 472 * create_socket - create socket for ksmbd/0 473 * @iface: interface to bind the created socket to 474 * 475 * Return: 0 on success, error number otherwise 476 */ 477 static int create_socket(struct interface *iface) 478 { 479 int ret; 480 struct sockaddr_in6 sin6; 481 struct sockaddr_in sin; 482 struct socket *ksmbd_socket; 483 bool ipv4 = false; 484 485 ret = sock_create_kern(current->nsproxy->net_ns, PF_INET6, SOCK_STREAM, 486 IPPROTO_TCP, &ksmbd_socket); 487 if (ret) { 488 if (ret != -EAFNOSUPPORT) 489 pr_err("Can't create socket for ipv6, fallback to ipv4: %d\n", ret); 490 ret = sock_create_kern(current->nsproxy->net_ns, PF_INET, 491 SOCK_STREAM, IPPROTO_TCP, &ksmbd_socket); 492 if (ret) { 493 pr_err("Can't create socket for ipv4: %d\n", ret); 494 goto out_clear; 495 } 496 497 sin.sin_family = PF_INET; 498 sin.sin_addr.s_addr = htonl(INADDR_ANY); 499 sin.sin_port = htons(server_conf.tcp_port); 500 ipv4 = true; 501 } else { 502 sin6.sin6_family = PF_INET6; 503 sin6.sin6_addr = in6addr_any; 504 sin6.sin6_port = htons(server_conf.tcp_port); 505 506 lock_sock(ksmbd_socket->sk); 507 ksmbd_socket->sk->sk_ipv6only = false; 508 release_sock(ksmbd_socket->sk); 509 } 510 511 ksmbd_tcp_nodelay(ksmbd_socket); 512 ksmbd_tcp_reuseaddr(ksmbd_socket); 513 514 ret = sock_setsockopt(ksmbd_socket, 515 SOL_SOCKET, 516 SO_BINDTODEVICE, 517 KERNEL_SOCKPTR(iface->name), 518 strlen(iface->name)); 519 if (ret != -ENODEV && ret < 0) { 520 pr_err("Failed to set SO_BINDTODEVICE: %d\n", ret); 521 goto out_error; 522 } 523 524 if (ipv4) 525 ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin, 526 sizeof(sin)); 527 else 528 ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin6, 529 sizeof(sin6)); 530 if (ret) { 531 pr_err("Failed to bind socket: %d\n", ret); 532 goto out_error; 533 } 534 535 ksmbd_socket->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT; 536 ksmbd_socket->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT; 537 538 ret = kernel_listen(ksmbd_socket, KSMBD_SOCKET_BACKLOG); 539 if (ret) { 540 pr_err("Port listen() error: %d\n", ret); 541 goto out_error; 542 } 543 544 iface->ksmbd_socket = ksmbd_socket; 545 ret = ksmbd_tcp_run_kthread(iface); 546 if (ret) { 547 pr_err("Can't start ksmbd main kthread: %d\n", ret); 548 goto out_error; 549 } 550 iface->state = IFACE_STATE_CONFIGURED; 551 552 return 0; 553 554 out_error: 555 tcp_destroy_socket(ksmbd_socket); 556 out_clear: 557 iface->ksmbd_socket = NULL; 558 return ret; 559 } 560 561 struct interface *ksmbd_find_netdev_name_iface_list(char *netdev_name) 562 { 563 struct interface *iface; 564 565 list_for_each_entry(iface, &iface_list, entry) 566 if (!strcmp(iface->name, netdev_name)) 567 return iface; 568 return NULL; 569 } 570 571 static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event, 572 void *ptr) 573 { 574 struct net_device *netdev = netdev_notifier_info_to_dev(ptr); 575 struct interface *iface; 576 int ret; 577 578 switch (event) { 579 case NETDEV_UP: 580 if (netif_is_bridge_port(netdev)) 581 return NOTIFY_OK; 582 583 iface = ksmbd_find_netdev_name_iface_list(netdev->name); 584 if (iface && iface->state == IFACE_STATE_DOWN) { 585 ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n", 586 iface->name); 587 ret = create_socket(iface); 588 if (ret) 589 return NOTIFY_OK; 590 } 591 if (!iface && bind_additional_ifaces) { 592 iface = alloc_iface(kstrdup(netdev->name, KSMBD_DEFAULT_GFP)); 593 if (!iface) 594 return NOTIFY_OK; 595 ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n", 596 iface->name); 597 ret = create_socket(iface); 598 if (ret) 599 break; 600 } 601 break; 602 case NETDEV_DOWN: 603 iface = ksmbd_find_netdev_name_iface_list(netdev->name); 604 if (iface && iface->state == IFACE_STATE_CONFIGURED) { 605 ksmbd_debug(CONN, "netdev-down event: netdev(%s) is going down\n", 606 iface->name); 607 tcp_stop_kthread(iface->ksmbd_kthread); 608 iface->ksmbd_kthread = NULL; 609 mutex_lock(&iface->sock_release_lock); 610 tcp_destroy_socket(iface->ksmbd_socket); 611 iface->ksmbd_socket = NULL; 612 mutex_unlock(&iface->sock_release_lock); 613 614 iface->state = IFACE_STATE_DOWN; 615 break; 616 } 617 break; 618 } 619 620 return NOTIFY_DONE; 621 } 622 623 static struct notifier_block ksmbd_netdev_notifier = { 624 .notifier_call = ksmbd_netdev_event, 625 }; 626 627 int ksmbd_tcp_init(void) 628 { 629 register_netdevice_notifier(&ksmbd_netdev_notifier); 630 631 return 0; 632 } 633 634 static void tcp_stop_kthread(struct task_struct *kthread) 635 { 636 int ret; 637 638 if (!kthread) 639 return; 640 641 ret = kthread_stop(kthread); 642 if (ret) 643 pr_err("failed to stop forker thread\n"); 644 } 645 646 void ksmbd_tcp_destroy(void) 647 { 648 struct interface *iface, *tmp; 649 650 unregister_netdevice_notifier(&ksmbd_netdev_notifier); 651 652 list_for_each_entry_safe(iface, tmp, &iface_list, entry) { 653 list_del(&iface->entry); 654 kfree(iface->name); 655 kfree(iface); 656 } 657 } 658 659 static struct interface *alloc_iface(char *ifname) 660 { 661 struct interface *iface; 662 663 if (!ifname) 664 return NULL; 665 666 iface = kzalloc(sizeof(struct interface), KSMBD_DEFAULT_GFP); 667 if (!iface) { 668 kfree(ifname); 669 return NULL; 670 } 671 672 iface->name = ifname; 673 iface->state = IFACE_STATE_DOWN; 674 list_add(&iface->entry, &iface_list); 675 mutex_init(&iface->sock_release_lock); 676 return iface; 677 } 678 679 int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz) 680 { 681 int sz = 0; 682 683 if (!ifc_list_sz) { 684 bind_additional_ifaces = 1; 685 return 0; 686 } 687 688 while (ifc_list_sz > 0) { 689 if (!alloc_iface(kstrdup(ifc_list, KSMBD_DEFAULT_GFP))) 690 return -ENOMEM; 691 692 sz = strlen(ifc_list); 693 if (!sz) 694 break; 695 696 ifc_list += sz + 1; 697 ifc_list_sz -= (sz + 1); 698 } 699 700 bind_additional_ifaces = 0; 701 702 return 0; 703 } 704 705 static const struct ksmbd_transport_ops ksmbd_tcp_transport_ops = { 706 .read = ksmbd_tcp_read, 707 .writev = ksmbd_tcp_writev, 708 .disconnect = ksmbd_tcp_disconnect, 709 .free_transport = ksmbd_tcp_free_transport, 710 }; 711