12874c5fdSThomas Gleixner // SPDX-License-Identifier: GPL-2.0-or-later 277d8bf9cSArnaldo Carvalho de Melo /* 377d8bf9cSArnaldo Carvalho de Melo * INET An implementation of the TCP/IP protocol suite for the LINUX 477d8bf9cSArnaldo Carvalho de Melo * operating system. INET is implemented using the BSD Socket 577d8bf9cSArnaldo Carvalho de Melo * interface as the means of communication with the user level. 677d8bf9cSArnaldo Carvalho de Melo * 777d8bf9cSArnaldo Carvalho de Melo * Generic INET transport hashtables 877d8bf9cSArnaldo Carvalho de Melo * 977d8bf9cSArnaldo Carvalho de Melo * Authors: Lotsa people, from code originally in tcp 1077d8bf9cSArnaldo Carvalho de Melo */ 1177d8bf9cSArnaldo Carvalho de Melo 122d8c4ce5SArnaldo Carvalho de Melo #include <linux/module.h> 13a7f5e7f1SArnaldo Carvalho de Melo #include <linux/random.h> 14f3f05f70SArnaldo Carvalho de Melo #include <linux/sched.h> 1577d8bf9cSArnaldo Carvalho de Melo #include <linux/slab.h> 16f3f05f70SArnaldo Carvalho de Melo #include <linux/wait.h> 17095dc8e0SEric Dumazet #include <linux/vmalloc.h> 1857c8a661SMike Rapoport #include <linux/memblock.h> 1977d8bf9cSArnaldo Carvalho de Melo 20c125e80bSCraig Gallek #include <net/addrconf.h> 21463c84b9SArnaldo Carvalho de Melo #include <net/inet_connection_sock.h> 2277d8bf9cSArnaldo Carvalho de Melo #include <net/inet_hashtables.h> 2301770a16SRicardo Dias #if IS_ENABLED(CONFIG_IPV6) 2401770a16SRicardo Dias #include <net/inet6_hashtables.h> 2501770a16SRicardo Dias #endif 266e5714eaSDavid S. Miller #include <net/secure_seq.h> 27a7f5e7f1SArnaldo Carvalho de Melo #include <net/ip.h> 28a04a480dSDavid Ahern #include <net/tcp.h> 29c125e80bSCraig Gallek #include <net/sock_reuseport.h> 3077d8bf9cSArnaldo Carvalho de Melo 316eada011SEric Dumazet static u32 inet_ehashfn(const struct net *net, const __be32 laddr, 3265cd8033SHannes Frederic Sowa const __u16 lport, const __be32 faddr, 3365cd8033SHannes Frederic Sowa const __be16 fport) 3465cd8033SHannes Frederic Sowa { 351bbdceefSHannes Frederic Sowa static u32 inet_ehash_secret __read_mostly; 361bbdceefSHannes Frederic Sowa 371bbdceefSHannes Frederic Sowa net_get_random_once(&inet_ehash_secret, sizeof(inet_ehash_secret)); 381bbdceefSHannes Frederic Sowa 3965cd8033SHannes Frederic Sowa return __inet_ehashfn(laddr, lport, faddr, fport, 4065cd8033SHannes Frederic Sowa inet_ehash_secret + net_hash_mix(net)); 4165cd8033SHannes Frederic Sowa } 4265cd8033SHannes Frederic Sowa 43d1e559d0SEric Dumazet /* This function handles inet_sock, but also timewait and request sockets 44d1e559d0SEric Dumazet * for IPv4/IPv6. 45d1e559d0SEric Dumazet */ 46784c372aSEric Dumazet static u32 sk_ehashfn(const struct sock *sk) 4765cd8033SHannes Frederic Sowa { 48d1e559d0SEric Dumazet #if IS_ENABLED(CONFIG_IPV6) 49d1e559d0SEric Dumazet if (sk->sk_family == AF_INET6 && 50d1e559d0SEric Dumazet !ipv6_addr_v4mapped(&sk->sk_v6_daddr)) 51d1e559d0SEric Dumazet return inet6_ehashfn(sock_net(sk), 52d1e559d0SEric Dumazet &sk->sk_v6_rcv_saddr, sk->sk_num, 53d1e559d0SEric Dumazet &sk->sk_v6_daddr, sk->sk_dport); 54d1e559d0SEric Dumazet #endif 555b441f76SEric Dumazet return inet_ehashfn(sock_net(sk), 565b441f76SEric Dumazet sk->sk_rcv_saddr, sk->sk_num, 575b441f76SEric Dumazet sk->sk_daddr, sk->sk_dport); 5865cd8033SHannes Frederic Sowa } 5965cd8033SHannes Frederic Sowa 6077d8bf9cSArnaldo Carvalho de Melo /* 6177d8bf9cSArnaldo Carvalho de Melo * Allocate and initialize a new local port bind bucket. 6277d8bf9cSArnaldo Carvalho de Melo * The bindhash mutex for snum's hash chain must be held here. 6377d8bf9cSArnaldo Carvalho de Melo */ 64e18b890bSChristoph Lameter struct inet_bind_bucket *inet_bind_bucket_create(struct kmem_cache *cachep, 65941b1d22SPavel Emelyanov struct net *net, 6677d8bf9cSArnaldo Carvalho de Melo struct inet_bind_hashbucket *head, 673c82a21fSRobert Shearman const unsigned short snum, 683c82a21fSRobert Shearman int l3mdev) 6977d8bf9cSArnaldo Carvalho de Melo { 7054e6ecb2SChristoph Lameter struct inet_bind_bucket *tb = kmem_cache_alloc(cachep, GFP_ATOMIC); 7177d8bf9cSArnaldo Carvalho de Melo 7200db4124SIan Morris if (tb) { 73efd7ef1cSEric W. Biederman write_pnet(&tb->ib_net, net); 743c82a21fSRobert Shearman tb->l3mdev = l3mdev; 7577d8bf9cSArnaldo Carvalho de Melo tb->port = snum; 7677d8bf9cSArnaldo Carvalho de Melo tb->fastreuse = 0; 77da5e3630STom Herbert tb->fastreuseport = 0; 7877d8bf9cSArnaldo Carvalho de Melo INIT_HLIST_HEAD(&tb->owners); 7977d8bf9cSArnaldo Carvalho de Melo hlist_add_head(&tb->node, &head->chain); 8077d8bf9cSArnaldo Carvalho de Melo } 8177d8bf9cSArnaldo Carvalho de Melo return tb; 8277d8bf9cSArnaldo Carvalho de Melo } 8377d8bf9cSArnaldo Carvalho de Melo 8477d8bf9cSArnaldo Carvalho de Melo /* 8577d8bf9cSArnaldo Carvalho de Melo * Caller must hold hashbucket lock for this tb with local BH disabled 8677d8bf9cSArnaldo Carvalho de Melo */ 87e18b890bSChristoph Lameter void inet_bind_bucket_destroy(struct kmem_cache *cachep, struct inet_bind_bucket *tb) 8877d8bf9cSArnaldo Carvalho de Melo { 8977d8bf9cSArnaldo Carvalho de Melo if (hlist_empty(&tb->owners)) { 9077d8bf9cSArnaldo Carvalho de Melo __hlist_del(&tb->node); 9177d8bf9cSArnaldo Carvalho de Melo kmem_cache_free(cachep, tb); 9277d8bf9cSArnaldo Carvalho de Melo } 9377d8bf9cSArnaldo Carvalho de Melo } 942d8c4ce5SArnaldo Carvalho de Melo 9528044fc1SJoanne Koong bool inet_bind_bucket_match(const struct inet_bind_bucket *tb, const struct net *net, 9628044fc1SJoanne Koong unsigned short port, int l3mdev) 972d8c4ce5SArnaldo Carvalho de Melo { 9828044fc1SJoanne Koong return net_eq(ib_net(tb), net) && tb->port == port && 9928044fc1SJoanne Koong tb->l3mdev == l3mdev; 10028044fc1SJoanne Koong } 10128044fc1SJoanne Koong 10228044fc1SJoanne Koong static void inet_bind2_bucket_init(struct inet_bind2_bucket *tb, 10328044fc1SJoanne Koong struct net *net, 10428044fc1SJoanne Koong struct inet_bind_hashbucket *head, 10528044fc1SJoanne Koong unsigned short port, int l3mdev, 10628044fc1SJoanne Koong const struct sock *sk) 10728044fc1SJoanne Koong { 10828044fc1SJoanne Koong write_pnet(&tb->ib_net, net); 10928044fc1SJoanne Koong tb->l3mdev = l3mdev; 11028044fc1SJoanne Koong tb->port = port; 11128044fc1SJoanne Koong #if IS_ENABLED(CONFIG_IPV6) 1125456262dSMartin KaFai Lau tb->family = sk->sk_family; 11328044fc1SJoanne Koong if (sk->sk_family == AF_INET6) 11428044fc1SJoanne Koong tb->v6_rcv_saddr = sk->sk_v6_rcv_saddr; 11528044fc1SJoanne Koong else 11628044fc1SJoanne Koong #endif 11728044fc1SJoanne Koong tb->rcv_saddr = sk->sk_rcv_saddr; 11828044fc1SJoanne Koong INIT_HLIST_HEAD(&tb->owners); 119936a192fSKuniyuki Iwashima INIT_HLIST_HEAD(&tb->deathrow); 12028044fc1SJoanne Koong hlist_add_head(&tb->node, &head->chain); 12128044fc1SJoanne Koong } 12228044fc1SJoanne Koong 12328044fc1SJoanne Koong struct inet_bind2_bucket *inet_bind2_bucket_create(struct kmem_cache *cachep, 12428044fc1SJoanne Koong struct net *net, 12528044fc1SJoanne Koong struct inet_bind_hashbucket *head, 12628044fc1SJoanne Koong unsigned short port, 12728044fc1SJoanne Koong int l3mdev, 12828044fc1SJoanne Koong const struct sock *sk) 12928044fc1SJoanne Koong { 13028044fc1SJoanne Koong struct inet_bind2_bucket *tb = kmem_cache_alloc(cachep, GFP_ATOMIC); 13128044fc1SJoanne Koong 13228044fc1SJoanne Koong if (tb) 13328044fc1SJoanne Koong inet_bind2_bucket_init(tb, net, head, port, l3mdev, sk); 13428044fc1SJoanne Koong 13528044fc1SJoanne Koong return tb; 13628044fc1SJoanne Koong } 13728044fc1SJoanne Koong 13828044fc1SJoanne Koong /* Caller must hold hashbucket lock for this tb with local BH disabled */ 13928044fc1SJoanne Koong void inet_bind2_bucket_destroy(struct kmem_cache *cachep, struct inet_bind2_bucket *tb) 14028044fc1SJoanne Koong { 141936a192fSKuniyuki Iwashima if (hlist_empty(&tb->owners) && hlist_empty(&tb->deathrow)) { 14228044fc1SJoanne Koong __hlist_del(&tb->node); 14328044fc1SJoanne Koong kmem_cache_free(cachep, tb); 14428044fc1SJoanne Koong } 14528044fc1SJoanne Koong } 14628044fc1SJoanne Koong 14728044fc1SJoanne Koong static bool inet_bind2_bucket_addr_match(const struct inet_bind2_bucket *tb2, 14828044fc1SJoanne Koong const struct sock *sk) 14928044fc1SJoanne Koong { 15028044fc1SJoanne Koong #if IS_ENABLED(CONFIG_IPV6) 1515456262dSMartin KaFai Lau if (sk->sk_family != tb2->family) 1525456262dSMartin KaFai Lau return false; 1535456262dSMartin KaFai Lau 15428044fc1SJoanne Koong if (sk->sk_family == AF_INET6) 15528044fc1SJoanne Koong return ipv6_addr_equal(&tb2->v6_rcv_saddr, 15628044fc1SJoanne Koong &sk->sk_v6_rcv_saddr); 15728044fc1SJoanne Koong #endif 15828044fc1SJoanne Koong return tb2->rcv_saddr == sk->sk_rcv_saddr; 15928044fc1SJoanne Koong } 16028044fc1SJoanne Koong 16128044fc1SJoanne Koong void inet_bind_hash(struct sock *sk, struct inet_bind_bucket *tb, 16228044fc1SJoanne Koong struct inet_bind2_bucket *tb2, unsigned short port) 16328044fc1SJoanne Koong { 16428044fc1SJoanne Koong inet_sk(sk)->inet_num = port; 1652d8c4ce5SArnaldo Carvalho de Melo sk_add_bind_node(sk, &tb->owners); 166463c84b9SArnaldo Carvalho de Melo inet_csk(sk)->icsk_bind_hash = tb; 16728044fc1SJoanne Koong sk_add_bind2_node(sk, &tb2->owners); 16828044fc1SJoanne Koong inet_csk(sk)->icsk_bind2_hash = tb2; 1692d8c4ce5SArnaldo Carvalho de Melo } 1702d8c4ce5SArnaldo Carvalho de Melo 1712d8c4ce5SArnaldo Carvalho de Melo /* 1722d8c4ce5SArnaldo Carvalho de Melo * Get rid of any references to a local port held by the given sock. 1732d8c4ce5SArnaldo Carvalho de Melo */ 174ab1e0a13SArnaldo Carvalho de Melo static void __inet_put_port(struct sock *sk) 1752d8c4ce5SArnaldo Carvalho de Melo { 176429e42c1SKuniyuki Iwashima struct inet_hashinfo *hashinfo = tcp_or_dccp_get_hashinfo(sk); 17708eaef90SKuniyuki Iwashima struct inet_bind_hashbucket *head, *head2; 17808eaef90SKuniyuki Iwashima struct net *net = sock_net(sk); 1792d8c4ce5SArnaldo Carvalho de Melo struct inet_bind_bucket *tb; 18008eaef90SKuniyuki Iwashima int bhash; 18108eaef90SKuniyuki Iwashima 18208eaef90SKuniyuki Iwashima bhash = inet_bhashfn(net, inet_sk(sk)->inet_num, hashinfo->bhash_size); 18308eaef90SKuniyuki Iwashima head = &hashinfo->bhash[bhash]; 18408eaef90SKuniyuki Iwashima head2 = inet_bhashfn_portaddr(hashinfo, sk, net, inet_sk(sk)->inet_num); 1852d8c4ce5SArnaldo Carvalho de Melo 1862d8c4ce5SArnaldo Carvalho de Melo spin_lock(&head->lock); 187463c84b9SArnaldo Carvalho de Melo tb = inet_csk(sk)->icsk_bind_hash; 1882d8c4ce5SArnaldo Carvalho de Melo __sk_del_bind_node(sk); 189463c84b9SArnaldo Carvalho de Melo inet_csk(sk)->icsk_bind_hash = NULL; 190c720c7e8SEric Dumazet inet_sk(sk)->inet_num = 0; 1912d8c4ce5SArnaldo Carvalho de Melo inet_bind_bucket_destroy(hashinfo->bind_bucket_cachep, tb); 19228044fc1SJoanne Koong 19328044fc1SJoanne Koong spin_lock(&head2->lock); 19428044fc1SJoanne Koong if (inet_csk(sk)->icsk_bind2_hash) { 19528044fc1SJoanne Koong struct inet_bind2_bucket *tb2 = inet_csk(sk)->icsk_bind2_hash; 19628044fc1SJoanne Koong 19728044fc1SJoanne Koong __sk_del_bind2_node(sk); 19828044fc1SJoanne Koong inet_csk(sk)->icsk_bind2_hash = NULL; 19928044fc1SJoanne Koong inet_bind2_bucket_destroy(hashinfo->bind2_bucket_cachep, tb2); 20028044fc1SJoanne Koong } 20128044fc1SJoanne Koong spin_unlock(&head2->lock); 20228044fc1SJoanne Koong 2032d8c4ce5SArnaldo Carvalho de Melo spin_unlock(&head->lock); 2042d8c4ce5SArnaldo Carvalho de Melo } 2052d8c4ce5SArnaldo Carvalho de Melo 206ab1e0a13SArnaldo Carvalho de Melo void inet_put_port(struct sock *sk) 2072d8c4ce5SArnaldo Carvalho de Melo { 2082d8c4ce5SArnaldo Carvalho de Melo local_bh_disable(); 209ab1e0a13SArnaldo Carvalho de Melo __inet_put_port(sk); 2102d8c4ce5SArnaldo Carvalho de Melo local_bh_enable(); 2112d8c4ce5SArnaldo Carvalho de Melo } 2122d8c4ce5SArnaldo Carvalho de Melo EXPORT_SYMBOL(inet_put_port); 213f3f05f70SArnaldo Carvalho de Melo 2141ce31c9eSEric Dumazet int __inet_inherit_port(const struct sock *sk, struct sock *child) 21553083773SPavel Emelyanov { 216429e42c1SKuniyuki Iwashima struct inet_hashinfo *table = tcp_or_dccp_get_hashinfo(sk); 217093d2823SBalazs Scheidler unsigned short port = inet_sk(child)->inet_num; 21808eaef90SKuniyuki Iwashima struct inet_bind_hashbucket *head, *head2; 21928044fc1SJoanne Koong bool created_inet_bind_bucket = false; 22028044fc1SJoanne Koong struct net *net = sock_net(sk); 22108eaef90SKuniyuki Iwashima bool update_fastreuse = false; 22228044fc1SJoanne Koong struct inet_bind2_bucket *tb2; 22353083773SPavel Emelyanov struct inet_bind_bucket *tb; 22408eaef90SKuniyuki Iwashima int bhash, l3mdev; 22508eaef90SKuniyuki Iwashima 22608eaef90SKuniyuki Iwashima bhash = inet_bhashfn(net, port, table->bhash_size); 22708eaef90SKuniyuki Iwashima head = &table->bhash[bhash]; 22808eaef90SKuniyuki Iwashima head2 = inet_bhashfn_portaddr(table, child, net, port); 22953083773SPavel Emelyanov 23053083773SPavel Emelyanov spin_lock(&head->lock); 23128044fc1SJoanne Koong spin_lock(&head2->lock); 23253083773SPavel Emelyanov tb = inet_csk(sk)->icsk_bind_hash; 23328044fc1SJoanne Koong tb2 = inet_csk(sk)->icsk_bind2_hash; 23428044fc1SJoanne Koong if (unlikely(!tb || !tb2)) { 23528044fc1SJoanne Koong spin_unlock(&head2->lock); 236c2f34a65SEric Dumazet spin_unlock(&head->lock); 237c2f34a65SEric Dumazet return -ENOENT; 238c2f34a65SEric Dumazet } 239093d2823SBalazs Scheidler if (tb->port != port) { 2403c82a21fSRobert Shearman l3mdev = inet_sk_bound_l3mdev(sk); 2413c82a21fSRobert Shearman 242093d2823SBalazs Scheidler /* NOTE: using tproxy and redirecting skbs to a proxy 243093d2823SBalazs Scheidler * on a different listener port breaks the assumption 244093d2823SBalazs Scheidler * that the listener socket's icsk_bind_hash is the same 245093d2823SBalazs Scheidler * as that of the child socket. We have to look up or 246093d2823SBalazs Scheidler * create a new bind bucket for the child here. */ 247b67bfe0dSSasha Levin inet_bind_bucket_for_each(tb, &head->chain) { 24828044fc1SJoanne Koong if (inet_bind_bucket_match(tb, net, port, l3mdev)) 249093d2823SBalazs Scheidler break; 250093d2823SBalazs Scheidler } 251b67bfe0dSSasha Levin if (!tb) { 252093d2823SBalazs Scheidler tb = inet_bind_bucket_create(table->bind_bucket_cachep, 25328044fc1SJoanne Koong net, head, port, l3mdev); 254093d2823SBalazs Scheidler if (!tb) { 25528044fc1SJoanne Koong spin_unlock(&head2->lock); 256093d2823SBalazs Scheidler spin_unlock(&head->lock); 257093d2823SBalazs Scheidler return -ENOMEM; 258093d2823SBalazs Scheidler } 25928044fc1SJoanne Koong created_inet_bind_bucket = true; 260093d2823SBalazs Scheidler } 26128044fc1SJoanne Koong update_fastreuse = true; 26228044fc1SJoanne Koong 26328044fc1SJoanne Koong goto bhash2_find; 26428044fc1SJoanne Koong } else if (!inet_bind2_bucket_addr_match(tb2, child)) { 26528044fc1SJoanne Koong l3mdev = inet_sk_bound_l3mdev(sk); 26628044fc1SJoanne Koong 26728044fc1SJoanne Koong bhash2_find: 26828044fc1SJoanne Koong tb2 = inet_bind2_bucket_find(head2, net, port, l3mdev, child); 26928044fc1SJoanne Koong if (!tb2) { 27028044fc1SJoanne Koong tb2 = inet_bind2_bucket_create(table->bind2_bucket_cachep, 27128044fc1SJoanne Koong net, head2, port, 27228044fc1SJoanne Koong l3mdev, child); 27328044fc1SJoanne Koong if (!tb2) 27428044fc1SJoanne Koong goto error; 27528044fc1SJoanne Koong } 27628044fc1SJoanne Koong } 27728044fc1SJoanne Koong if (update_fastreuse) 278d76f3351STim Froidcoeur inet_csk_update_fastreuse(tb, child); 27928044fc1SJoanne Koong inet_bind_hash(child, tb, tb2, port); 28028044fc1SJoanne Koong spin_unlock(&head2->lock); 28153083773SPavel Emelyanov spin_unlock(&head->lock); 282093d2823SBalazs Scheidler 283093d2823SBalazs Scheidler return 0; 28428044fc1SJoanne Koong 28528044fc1SJoanne Koong error: 28628044fc1SJoanne Koong if (created_inet_bind_bucket) 28728044fc1SJoanne Koong inet_bind_bucket_destroy(table->bind_bucket_cachep, tb); 28828044fc1SJoanne Koong spin_unlock(&head2->lock); 28928044fc1SJoanne Koong spin_unlock(&head->lock); 29028044fc1SJoanne Koong return -ENOMEM; 29153083773SPavel Emelyanov } 29253083773SPavel Emelyanov EXPORT_SYMBOL_GPL(__inet_inherit_port); 29353083773SPavel Emelyanov 29461b7c691SMartin KaFai Lau static struct inet_listen_hashbucket * 29561b7c691SMartin KaFai Lau inet_lhash2_bucket_sk(struct inet_hashinfo *h, struct sock *sk) 29661b7c691SMartin KaFai Lau { 29761b7c691SMartin KaFai Lau u32 hash; 29861b7c691SMartin KaFai Lau 29961b7c691SMartin KaFai Lau #if IS_ENABLED(CONFIG_IPV6) 30061b7c691SMartin KaFai Lau if (sk->sk_family == AF_INET6) 30161b7c691SMartin KaFai Lau hash = ipv6_portaddr_hash(sock_net(sk), 30261b7c691SMartin KaFai Lau &sk->sk_v6_rcv_saddr, 30361b7c691SMartin KaFai Lau inet_sk(sk)->inet_num); 30461b7c691SMartin KaFai Lau else 30561b7c691SMartin KaFai Lau #endif 30661b7c691SMartin KaFai Lau hash = ipv4_portaddr_hash(sock_net(sk), 30761b7c691SMartin KaFai Lau inet_sk(sk)->inet_rcv_saddr, 30861b7c691SMartin KaFai Lau inet_sk(sk)->inet_num); 30961b7c691SMartin KaFai Lau return inet_lhash2_bucket(h, hash); 31061b7c691SMartin KaFai Lau } 31161b7c691SMartin KaFai Lau 312c25eb3bfSEric Dumazet static inline int compute_score(struct sock *sk, struct net *net, 313c25eb3bfSEric Dumazet const unsigned short hnum, const __be32 daddr, 31434e1ec31SMiaohe Lin const int dif, const int sdif) 315c25eb3bfSEric Dumazet { 316c25eb3bfSEric Dumazet int score = -1; 317c25eb3bfSEric Dumazet 318d9fbc7f6SPeter Oskolkov if (net_eq(sock_net(sk), net) && sk->sk_num == hnum && 319c25eb3bfSEric Dumazet !ipv6_only_sock(sk)) { 320d9fbc7f6SPeter Oskolkov if (sk->sk_rcv_saddr != daddr) 321c25eb3bfSEric Dumazet return -1; 322e7819058SMike Manning 323d9fbc7f6SPeter Oskolkov if (!inet_sk_bound_dev_eq(net, sk->sk_bound_dev_if, dif, sdif)) 324d9fbc7f6SPeter Oskolkov return -1; 3258d6c414cSMike Manning score = sk->sk_bound_dev_if ? 2 : 1; 326d9fbc7f6SPeter Oskolkov 3278d6c414cSMike Manning if (sk->sk_family == PF_INET) 3288d6c414cSMike Manning score++; 3297170a977SEric Dumazet if (READ_ONCE(sk->sk_incoming_cpu) == raw_smp_processor_id()) 33070da268bSEric Dumazet score++; 331c25eb3bfSEric Dumazet } 332c25eb3bfSEric Dumazet return score; 333c25eb3bfSEric Dumazet } 334c25eb3bfSEric Dumazet 335*ce796e60SLorenz Bauer struct sock *inet_lookup_reuseport(struct net *net, struct sock *sk, 33680b373f7SJakub Sitnicki struct sk_buff *skb, int doff, 33780b373f7SJakub Sitnicki __be32 saddr, __be16 sport, 33880b373f7SJakub Sitnicki __be32 daddr, unsigned short hnum) 33980b373f7SJakub Sitnicki { 34080b373f7SJakub Sitnicki struct sock *reuse_sk = NULL; 34180b373f7SJakub Sitnicki u32 phash; 34280b373f7SJakub Sitnicki 34380b373f7SJakub Sitnicki if (sk->sk_reuseport) { 34480b373f7SJakub Sitnicki phash = inet_ehashfn(net, daddr, hnum, saddr, sport); 34580b373f7SJakub Sitnicki reuse_sk = reuseport_select_sock(sk, phash, skb, doff); 34680b373f7SJakub Sitnicki } 34780b373f7SJakub Sitnicki return reuse_sk; 34880b373f7SJakub Sitnicki } 349*ce796e60SLorenz Bauer EXPORT_SYMBOL_GPL(inet_lookup_reuseport); 35080b373f7SJakub Sitnicki 351f3f05f70SArnaldo Carvalho de Melo /* 3523b24d854SEric Dumazet * Here are some nice properties to exploit here. The BSD API 3533b24d854SEric Dumazet * does not allow a listening sock to specify the remote port nor the 35433b62231SArnaldo Carvalho de Melo * remote address for the connection. So always assume those are both 35533b62231SArnaldo Carvalho de Melo * wildcarded during the search since they can never be otherwise. 35633b62231SArnaldo Carvalho de Melo */ 35733b62231SArnaldo Carvalho de Melo 3583b24d854SEric Dumazet /* called with rcu_read_lock() : No refcount taken on the socket */ 35961b7c691SMartin KaFai Lau static struct sock *inet_lhash2_lookup(struct net *net, 36061b7c691SMartin KaFai Lau struct inet_listen_hashbucket *ilb2, 36161b7c691SMartin KaFai Lau struct sk_buff *skb, int doff, 36261b7c691SMartin KaFai Lau const __be32 saddr, __be16 sport, 36361b7c691SMartin KaFai Lau const __be32 daddr, const unsigned short hnum, 36461b7c691SMartin KaFai Lau const int dif, const int sdif) 36561b7c691SMartin KaFai Lau { 36661b7c691SMartin KaFai Lau struct sock *sk, *result = NULL; 367cae3873cSMartin KaFai Lau struct hlist_nulls_node *node; 36861b7c691SMartin KaFai Lau int score, hiscore = 0; 36961b7c691SMartin KaFai Lau 370cae3873cSMartin KaFai Lau sk_nulls_for_each_rcu(sk, node, &ilb2->nulls_head) { 37134e1ec31SMiaohe Lin score = compute_score(sk, net, hnum, daddr, dif, sdif); 37261b7c691SMartin KaFai Lau if (score > hiscore) { 373*ce796e60SLorenz Bauer result = inet_lookup_reuseport(net, sk, skb, doff, 37480b373f7SJakub Sitnicki saddr, sport, daddr, hnum); 37561b7c691SMartin KaFai Lau if (result) 37661b7c691SMartin KaFai Lau return result; 37780b373f7SJakub Sitnicki 37861b7c691SMartin KaFai Lau result = sk; 37961b7c691SMartin KaFai Lau hiscore = score; 38061b7c691SMartin KaFai Lau } 38161b7c691SMartin KaFai Lau } 38261b7c691SMartin KaFai Lau 38361b7c691SMartin KaFai Lau return result; 38461b7c691SMartin KaFai Lau } 38561b7c691SMartin KaFai Lau 3861559b4aaSJakub Sitnicki static inline struct sock *inet_lookup_run_bpf(struct net *net, 3871559b4aaSJakub Sitnicki struct inet_hashinfo *hashinfo, 3881559b4aaSJakub Sitnicki struct sk_buff *skb, int doff, 3891559b4aaSJakub Sitnicki __be32 saddr, __be16 sport, 390f8931565SMark Pashmfouroush __be32 daddr, u16 hnum, const int dif) 3911559b4aaSJakub Sitnicki { 3921559b4aaSJakub Sitnicki struct sock *sk, *reuse_sk; 3931559b4aaSJakub Sitnicki bool no_reuseport; 3941559b4aaSJakub Sitnicki 3954461568aSKuniyuki Iwashima if (hashinfo != net->ipv4.tcp_death_row.hashinfo) 3961559b4aaSJakub Sitnicki return NULL; /* only TCP is supported */ 3971559b4aaSJakub Sitnicki 398f8931565SMark Pashmfouroush no_reuseport = bpf_sk_lookup_run_v4(net, IPPROTO_TCP, saddr, sport, 399f8931565SMark Pashmfouroush daddr, hnum, dif, &sk); 4001559b4aaSJakub Sitnicki if (no_reuseport || IS_ERR_OR_NULL(sk)) 4011559b4aaSJakub Sitnicki return sk; 4021559b4aaSJakub Sitnicki 403*ce796e60SLorenz Bauer reuse_sk = inet_lookup_reuseport(net, sk, skb, doff, saddr, sport, daddr, hnum); 4041559b4aaSJakub Sitnicki if (reuse_sk) 4051559b4aaSJakub Sitnicki sk = reuse_sk; 4061559b4aaSJakub Sitnicki return sk; 4071559b4aaSJakub Sitnicki } 4081559b4aaSJakub Sitnicki 409c67499c0SPavel Emelyanov struct sock *__inet_lookup_listener(struct net *net, 410c67499c0SPavel Emelyanov struct inet_hashinfo *hashinfo, 411a583636aSCraig Gallek struct sk_buff *skb, int doff, 412da5e3630STom Herbert const __be32 saddr, __be16 sport, 413fb99c848SAl Viro const __be32 daddr, const unsigned short hnum, 4143fa6f616SDavid Ahern const int dif, const int sdif) 41599a92ff5SHerbert Xu { 41661b7c691SMartin KaFai Lau struct inet_listen_hashbucket *ilb2; 417d9fbc7f6SPeter Oskolkov struct sock *result = NULL; 41861b7c691SMartin KaFai Lau unsigned int hash2; 41961b7c691SMartin KaFai Lau 4201559b4aaSJakub Sitnicki /* Lookup redirect from BPF */ 4211559b4aaSJakub Sitnicki if (static_branch_unlikely(&bpf_sk_lookup_enabled)) { 4221559b4aaSJakub Sitnicki result = inet_lookup_run_bpf(net, hashinfo, skb, doff, 423f8931565SMark Pashmfouroush saddr, sport, daddr, hnum, dif); 4241559b4aaSJakub Sitnicki if (result) 4251559b4aaSJakub Sitnicki goto done; 4261559b4aaSJakub Sitnicki } 4271559b4aaSJakub Sitnicki 42861b7c691SMartin KaFai Lau hash2 = ipv4_portaddr_hash(net, daddr, hnum); 42961b7c691SMartin KaFai Lau ilb2 = inet_lhash2_bucket(hashinfo, hash2); 43061b7c691SMartin KaFai Lau 43161b7c691SMartin KaFai Lau result = inet_lhash2_lookup(net, ilb2, skb, doff, 43261b7c691SMartin KaFai Lau saddr, sport, daddr, hnum, 43361b7c691SMartin KaFai Lau dif, sdif); 43461b7c691SMartin KaFai Lau if (result) 4358217ca65SMartin KaFai Lau goto done; 43661b7c691SMartin KaFai Lau 43761b7c691SMartin KaFai Lau /* Lookup lhash2 with INADDR_ANY */ 43861b7c691SMartin KaFai Lau hash2 = ipv4_portaddr_hash(net, htonl(INADDR_ANY), hnum); 43961b7c691SMartin KaFai Lau ilb2 = inet_lhash2_bucket(hashinfo, hash2); 44061b7c691SMartin KaFai Lau 4418217ca65SMartin KaFai Lau result = inet_lhash2_lookup(net, ilb2, skb, doff, 442d9fbc7f6SPeter Oskolkov saddr, sport, htonl(INADDR_ANY), hnum, 44361b7c691SMartin KaFai Lau dif, sdif); 4448217ca65SMartin KaFai Lau done: 44588e235b8SEnrico Weigelt if (IS_ERR(result)) 4468217ca65SMartin KaFai Lau return NULL; 447c25eb3bfSEric Dumazet return result; 44899a92ff5SHerbert Xu } 4498f491069SHerbert Xu EXPORT_SYMBOL_GPL(__inet_lookup_listener); 450a7f5e7f1SArnaldo Carvalho de Melo 45105dbc7b5SEric Dumazet /* All sockets share common refcount, but have different destructors */ 45205dbc7b5SEric Dumazet void sock_gen_put(struct sock *sk) 45305dbc7b5SEric Dumazet { 45441c6d650SReshetova, Elena if (!refcount_dec_and_test(&sk->sk_refcnt)) 45505dbc7b5SEric Dumazet return; 45605dbc7b5SEric Dumazet 45705dbc7b5SEric Dumazet if (sk->sk_state == TCP_TIME_WAIT) 45805dbc7b5SEric Dumazet inet_twsk_free(inet_twsk(sk)); 45941b822c5SEric Dumazet else if (sk->sk_state == TCP_NEW_SYN_RECV) 46041b822c5SEric Dumazet reqsk_free(inet_reqsk(sk)); 46105dbc7b5SEric Dumazet else 46205dbc7b5SEric Dumazet sk_free(sk); 46305dbc7b5SEric Dumazet } 46405dbc7b5SEric Dumazet EXPORT_SYMBOL_GPL(sock_gen_put); 46505dbc7b5SEric Dumazet 4662c13270bSEric Dumazet void sock_edemux(struct sk_buff *skb) 4672c13270bSEric Dumazet { 4682c13270bSEric Dumazet sock_gen_put(skb->sk); 4692c13270bSEric Dumazet } 4702c13270bSEric Dumazet EXPORT_SYMBOL(sock_edemux); 4712c13270bSEric Dumazet 472c67499c0SPavel Emelyanov struct sock *__inet_lookup_established(struct net *net, 473c67499c0SPavel Emelyanov struct inet_hashinfo *hashinfo, 47477a5ba55SPavel Emelyanov const __be32 saddr, const __be16 sport, 47577a5ba55SPavel Emelyanov const __be32 daddr, const u16 hnum, 4763fa6f616SDavid Ahern const int dif, const int sdif) 47777a5ba55SPavel Emelyanov { 478c7228317SJoe Perches INET_ADDR_COOKIE(acookie, saddr, daddr); 47977a5ba55SPavel Emelyanov const __portpair ports = INET_COMBINED_PORTS(sport, hnum); 48077a5ba55SPavel Emelyanov struct sock *sk; 4813ab5aee7SEric Dumazet const struct hlist_nulls_node *node; 48277a5ba55SPavel Emelyanov /* Optimize here for direct hit, only listening connections can 48377a5ba55SPavel Emelyanov * have wildcards anyways. 48477a5ba55SPavel Emelyanov */ 4859f26b3adSPavel Emelyanov unsigned int hash = inet_ehashfn(net, daddr, hnum, saddr, sport); 486f373b53bSEric Dumazet unsigned int slot = hash & hashinfo->ehash_mask; 4873ab5aee7SEric Dumazet struct inet_ehash_bucket *head = &hashinfo->ehash[slot]; 48877a5ba55SPavel Emelyanov 4893ab5aee7SEric Dumazet begin: 4903ab5aee7SEric Dumazet sk_nulls_for_each_rcu(sk, node, &head->chain) { 491ce43b03eSEric Dumazet if (sk->sk_hash != hash) 492ce43b03eSEric Dumazet continue; 493eda090c3SEric Dumazet if (likely(inet_match(net, sk, acookie, ports, dif, sdif))) { 49441c6d650SReshetova, Elena if (unlikely(!refcount_inc_not_zero(&sk->sk_refcnt))) 49505dbc7b5SEric Dumazet goto out; 496eda090c3SEric Dumazet if (unlikely(!inet_match(net, sk, acookie, 4974915d50eSEric Dumazet ports, dif, sdif))) { 49805dbc7b5SEric Dumazet sock_gen_put(sk); 4993ab5aee7SEric Dumazet goto begin; 50077a5ba55SPavel Emelyanov } 50105dbc7b5SEric Dumazet goto found; 5023ab5aee7SEric Dumazet } 5033ab5aee7SEric Dumazet } 5043ab5aee7SEric Dumazet /* 5053ab5aee7SEric Dumazet * if the nulls value we got at the end of this lookup is 5063ab5aee7SEric Dumazet * not the expected one, we must restart lookup. 5073ab5aee7SEric Dumazet * We probably met an item that was moved to another chain. 5083ab5aee7SEric Dumazet */ 5093ab5aee7SEric Dumazet if (get_nulls_value(node) != slot) 5103ab5aee7SEric Dumazet goto begin; 51177a5ba55SPavel Emelyanov out: 51205dbc7b5SEric Dumazet sk = NULL; 51305dbc7b5SEric Dumazet found: 51477a5ba55SPavel Emelyanov return sk; 51577a5ba55SPavel Emelyanov } 51677a5ba55SPavel Emelyanov EXPORT_SYMBOL_GPL(__inet_lookup_established); 51777a5ba55SPavel Emelyanov 518a7f5e7f1SArnaldo Carvalho de Melo /* called with local bh disabled */ 519a7f5e7f1SArnaldo Carvalho de Melo static int __inet_check_established(struct inet_timewait_death_row *death_row, 520a7f5e7f1SArnaldo Carvalho de Melo struct sock *sk, __u16 lport, 521a7f5e7f1SArnaldo Carvalho de Melo struct inet_timewait_sock **twp) 522a7f5e7f1SArnaldo Carvalho de Melo { 523a7f5e7f1SArnaldo Carvalho de Melo struct inet_hashinfo *hinfo = death_row->hashinfo; 524a7f5e7f1SArnaldo Carvalho de Melo struct inet_sock *inet = inet_sk(sk); 525c720c7e8SEric Dumazet __be32 daddr = inet->inet_rcv_saddr; 526c720c7e8SEric Dumazet __be32 saddr = inet->inet_daddr; 527a7f5e7f1SArnaldo Carvalho de Melo int dif = sk->sk_bound_dev_if; 5283fa6f616SDavid Ahern struct net *net = sock_net(sk); 5293fa6f616SDavid Ahern int sdif = l3mdev_master_ifindex_by_index(net, dif); 530c7228317SJoe Perches INET_ADDR_COOKIE(acookie, saddr, daddr); 531c720c7e8SEric Dumazet const __portpair ports = INET_COMBINED_PORTS(inet->inet_dport, lport); 532c720c7e8SEric Dumazet unsigned int hash = inet_ehashfn(net, daddr, lport, 533c720c7e8SEric Dumazet saddr, inet->inet_dport); 534a7f5e7f1SArnaldo Carvalho de Melo struct inet_ehash_bucket *head = inet_ehash_bucket(hinfo, hash); 5359db66bdcSEric Dumazet spinlock_t *lock = inet_ehash_lockp(hinfo, hash); 536a7f5e7f1SArnaldo Carvalho de Melo struct sock *sk2; 5373ab5aee7SEric Dumazet const struct hlist_nulls_node *node; 53805dbc7b5SEric Dumazet struct inet_timewait_sock *tw = NULL; 539a7f5e7f1SArnaldo Carvalho de Melo 5409db66bdcSEric Dumazet spin_lock(lock); 541a7f5e7f1SArnaldo Carvalho de Melo 5423ab5aee7SEric Dumazet sk_nulls_for_each(sk2, node, &head->chain) { 543ce43b03eSEric Dumazet if (sk2->sk_hash != hash) 544ce43b03eSEric Dumazet continue; 54505dbc7b5SEric Dumazet 546eda090c3SEric Dumazet if (likely(inet_match(net, sk2, acookie, ports, dif, sdif))) { 54705dbc7b5SEric Dumazet if (sk2->sk_state == TCP_TIME_WAIT) { 54805dbc7b5SEric Dumazet tw = inet_twsk(sk2); 54905dbc7b5SEric Dumazet if (twsk_unique(sk, sk2, twp)) 55005dbc7b5SEric Dumazet break; 55105dbc7b5SEric Dumazet } 552a7f5e7f1SArnaldo Carvalho de Melo goto not_unique; 553a7f5e7f1SArnaldo Carvalho de Melo } 55405dbc7b5SEric Dumazet } 555a7f5e7f1SArnaldo Carvalho de Melo 556a7f5e7f1SArnaldo Carvalho de Melo /* Must record num and sport now. Otherwise we will see 55705dbc7b5SEric Dumazet * in hash table socket with a funny identity. 55805dbc7b5SEric Dumazet */ 559c720c7e8SEric Dumazet inet->inet_num = lport; 560c720c7e8SEric Dumazet inet->inet_sport = htons(lport); 561a7f5e7f1SArnaldo Carvalho de Melo sk->sk_hash = hash; 562547b792cSIlpo Järvinen WARN_ON(!sk_unhashed(sk)); 5633ab5aee7SEric Dumazet __sk_nulls_add_node_rcu(sk, &head->chain); 56413475a30SEric Dumazet if (tw) { 565fc01538fSEric Dumazet sk_nulls_del_node_init_rcu((struct sock *)tw); 56602a1d6e7SEric Dumazet __NET_INC_STATS(net, LINUX_MIB_TIMEWAITRECYCLED); 56713475a30SEric Dumazet } 5689db66bdcSEric Dumazet spin_unlock(lock); 569c29a0bc4SPavel Emelyanov sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); 570a7f5e7f1SArnaldo Carvalho de Melo 571a7f5e7f1SArnaldo Carvalho de Melo if (twp) { 572a7f5e7f1SArnaldo Carvalho de Melo *twp = tw; 573a7f5e7f1SArnaldo Carvalho de Melo } else if (tw) { 574a7f5e7f1SArnaldo Carvalho de Melo /* Silly. Should hash-dance instead... */ 575dbe7faa4SEric Dumazet inet_twsk_deschedule_put(tw); 576a7f5e7f1SArnaldo Carvalho de Melo } 577a7f5e7f1SArnaldo Carvalho de Melo return 0; 578a7f5e7f1SArnaldo Carvalho de Melo 579a7f5e7f1SArnaldo Carvalho de Melo not_unique: 5809db66bdcSEric Dumazet spin_unlock(lock); 581a7f5e7f1SArnaldo Carvalho de Melo return -EADDRNOTAVAIL; 582a7f5e7f1SArnaldo Carvalho de Melo } 583a7f5e7f1SArnaldo Carvalho de Melo 584b2d05756SWilly Tarreau static u64 inet_sk_port_offset(const struct sock *sk) 585a7f5e7f1SArnaldo Carvalho de Melo { 586a7f5e7f1SArnaldo Carvalho de Melo const struct inet_sock *inet = inet_sk(sk); 587e2baad9eSEric Dumazet 588c720c7e8SEric Dumazet return secure_ipv4_port_ephemeral(inet->inet_rcv_saddr, 589c720c7e8SEric Dumazet inet->inet_daddr, 590c720c7e8SEric Dumazet inet->inet_dport); 591a7f5e7f1SArnaldo Carvalho de Melo } 592a7f5e7f1SArnaldo Carvalho de Melo 59301770a16SRicardo Dias /* Searches for an exsiting socket in the ehash bucket list. 59401770a16SRicardo Dias * Returns true if found, false otherwise. 595079096f1SEric Dumazet */ 59601770a16SRicardo Dias static bool inet_ehash_lookup_by_sk(struct sock *sk, 59701770a16SRicardo Dias struct hlist_nulls_head *list) 59801770a16SRicardo Dias { 59901770a16SRicardo Dias const __portpair ports = INET_COMBINED_PORTS(sk->sk_dport, sk->sk_num); 60001770a16SRicardo Dias const int sdif = sk->sk_bound_dev_if; 60101770a16SRicardo Dias const int dif = sk->sk_bound_dev_if; 60201770a16SRicardo Dias const struct hlist_nulls_node *node; 60301770a16SRicardo Dias struct net *net = sock_net(sk); 60401770a16SRicardo Dias struct sock *esk; 60501770a16SRicardo Dias 60601770a16SRicardo Dias INET_ADDR_COOKIE(acookie, sk->sk_daddr, sk->sk_rcv_saddr); 60701770a16SRicardo Dias 60801770a16SRicardo Dias sk_nulls_for_each_rcu(esk, node, list) { 60901770a16SRicardo Dias if (esk->sk_hash != sk->sk_hash) 61001770a16SRicardo Dias continue; 61101770a16SRicardo Dias if (sk->sk_family == AF_INET) { 612eda090c3SEric Dumazet if (unlikely(inet_match(net, esk, acookie, 61301770a16SRicardo Dias ports, dif, sdif))) { 61401770a16SRicardo Dias return true; 61501770a16SRicardo Dias } 61601770a16SRicardo Dias } 61701770a16SRicardo Dias #if IS_ENABLED(CONFIG_IPV6) 61801770a16SRicardo Dias else if (sk->sk_family == AF_INET6) { 6195d368f03SEric Dumazet if (unlikely(inet6_match(net, esk, 62001770a16SRicardo Dias &sk->sk_v6_daddr, 62101770a16SRicardo Dias &sk->sk_v6_rcv_saddr, 62201770a16SRicardo Dias ports, dif, sdif))) { 62301770a16SRicardo Dias return true; 62401770a16SRicardo Dias } 62501770a16SRicardo Dias } 62601770a16SRicardo Dias #endif 62701770a16SRicardo Dias } 62801770a16SRicardo Dias return false; 62901770a16SRicardo Dias } 63001770a16SRicardo Dias 63101770a16SRicardo Dias /* Insert a socket into ehash, and eventually remove another one 63201770a16SRicardo Dias * (The another one can be a SYN_RECV or TIMEWAIT) 63301770a16SRicardo Dias * If an existing socket already exists, socket sk is not inserted, 63401770a16SRicardo Dias * and sets found_dup_sk parameter to true. 63501770a16SRicardo Dias */ 63601770a16SRicardo Dias bool inet_ehash_insert(struct sock *sk, struct sock *osk, bool *found_dup_sk) 637152da81dSPavel Emelyanov { 638429e42c1SKuniyuki Iwashima struct inet_hashinfo *hashinfo = tcp_or_dccp_get_hashinfo(sk); 639152da81dSPavel Emelyanov struct inet_ehash_bucket *head; 64008eaef90SKuniyuki Iwashima struct hlist_nulls_head *list; 6415b441f76SEric Dumazet spinlock_t *lock; 6425e0724d0SEric Dumazet bool ret = true; 643152da81dSPavel Emelyanov 644079096f1SEric Dumazet WARN_ON_ONCE(!sk_unhashed(sk)); 645152da81dSPavel Emelyanov 6465b441f76SEric Dumazet sk->sk_hash = sk_ehashfn(sk); 647152da81dSPavel Emelyanov head = inet_ehash_bucket(hashinfo, sk->sk_hash); 648152da81dSPavel Emelyanov list = &head->chain; 649152da81dSPavel Emelyanov lock = inet_ehash_lockp(hashinfo, sk->sk_hash); 650152da81dSPavel Emelyanov 6519db66bdcSEric Dumazet spin_lock(lock); 652fc01538fSEric Dumazet if (osk) { 6535e0724d0SEric Dumazet WARN_ON_ONCE(sk->sk_hash != osk->sk_hash); 65481b3ade5SKuniyuki Iwashima ret = sk_nulls_del_node_init_rcu(osk); 65581b3ade5SKuniyuki Iwashima } else if (found_dup_sk) { 65601770a16SRicardo Dias *found_dup_sk = inet_ehash_lookup_by_sk(sk, list); 65701770a16SRicardo Dias if (*found_dup_sk) 65801770a16SRicardo Dias ret = false; 6599327f705SEric Dumazet } 66001770a16SRicardo Dias 6615e0724d0SEric Dumazet if (ret) 6625e0724d0SEric Dumazet __sk_nulls_add_node_rcu(sk, list); 66301770a16SRicardo Dias 6649db66bdcSEric Dumazet spin_unlock(lock); 66501770a16SRicardo Dias 666079096f1SEric Dumazet return ret; 667079096f1SEric Dumazet } 668079096f1SEric Dumazet 66901770a16SRicardo Dias bool inet_ehash_nolisten(struct sock *sk, struct sock *osk, bool *found_dup_sk) 670079096f1SEric Dumazet { 67101770a16SRicardo Dias bool ok = inet_ehash_insert(sk, osk, found_dup_sk); 6725e0724d0SEric Dumazet 6735e0724d0SEric Dumazet if (ok) { 674c29a0bc4SPavel Emelyanov sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); 6755e0724d0SEric Dumazet } else { 67619757cebSEric Dumazet this_cpu_inc(*sk->sk_prot->orphan_count); 677563e0bb0SYafang Shao inet_sk_set_state(sk, TCP_CLOSE); 6785e0724d0SEric Dumazet sock_set_flag(sk, SOCK_DEAD); 6795e0724d0SEric Dumazet inet_csk_destroy_sock(sk); 680152da81dSPavel Emelyanov } 6815e0724d0SEric Dumazet return ok; 6825e0724d0SEric Dumazet } 6835e0724d0SEric Dumazet EXPORT_SYMBOL_GPL(inet_ehash_nolisten); 684152da81dSPavel Emelyanov 685c125e80bSCraig Gallek static int inet_reuseport_add_sock(struct sock *sk, 686fe38d2a1SJosef Bacik struct inet_listen_hashbucket *ilb) 687c125e80bSCraig Gallek { 68890e5d0dbSCraig Gallek struct inet_bind_bucket *tb = inet_csk(sk)->icsk_bind_hash; 6898dbd76e7SEric Dumazet const struct hlist_nulls_node *node; 690c125e80bSCraig Gallek struct sock *sk2; 691c125e80bSCraig Gallek kuid_t uid = sock_i_uid(sk); 692c125e80bSCraig Gallek 6938dbd76e7SEric Dumazet sk_nulls_for_each_rcu(sk2, node, &ilb->nulls_head) { 694c125e80bSCraig Gallek if (sk2 != sk && 695c125e80bSCraig Gallek sk2->sk_family == sk->sk_family && 696c125e80bSCraig Gallek ipv6_only_sock(sk2) == ipv6_only_sock(sk) && 697c125e80bSCraig Gallek sk2->sk_bound_dev_if == sk->sk_bound_dev_if && 69890e5d0dbSCraig Gallek inet_csk(sk2)->icsk_bind_hash == tb && 699c125e80bSCraig Gallek sk2->sk_reuseport && uid_eq(uid, sock_i_uid(sk2)) && 700fe38d2a1SJosef Bacik inet_rcv_saddr_equal(sk, sk2, false)) 7012dbb9b9eSMartin KaFai Lau return reuseport_add_sock(sk, sk2, 7022dbb9b9eSMartin KaFai Lau inet_rcv_saddr_any(sk)); 703c125e80bSCraig Gallek } 704c125e80bSCraig Gallek 7052dbb9b9eSMartin KaFai Lau return reuseport_alloc(sk, inet_rcv_saddr_any(sk)); 706c125e80bSCraig Gallek } 707c125e80bSCraig Gallek 708fe38d2a1SJosef Bacik int __inet_hash(struct sock *sk, struct sock *osk) 709152da81dSPavel Emelyanov { 710429e42c1SKuniyuki Iwashima struct inet_hashinfo *hashinfo = tcp_or_dccp_get_hashinfo(sk); 711e8d00590SMartin KaFai Lau struct inet_listen_hashbucket *ilb2; 712c125e80bSCraig Gallek int err = 0; 713152da81dSPavel Emelyanov 7145e0724d0SEric Dumazet if (sk->sk_state != TCP_LISTEN) { 7154f9bf2a2SSebastian Andrzej Siewior local_bh_disable(); 71601770a16SRicardo Dias inet_ehash_nolisten(sk, osk, NULL); 7174f9bf2a2SSebastian Andrzej Siewior local_bh_enable(); 718c125e80bSCraig Gallek return 0; 7195e0724d0SEric Dumazet } 720547b792cSIlpo Järvinen WARN_ON(!sk_unhashed(sk)); 721e8d00590SMartin KaFai Lau ilb2 = inet_lhash2_bucket_sk(hashinfo, sk); 722152da81dSPavel Emelyanov 723e8d00590SMartin KaFai Lau spin_lock(&ilb2->lock); 724c125e80bSCraig Gallek if (sk->sk_reuseport) { 725cae3873cSMartin KaFai Lau err = inet_reuseport_add_sock(sk, ilb2); 726c125e80bSCraig Gallek if (err) 727c125e80bSCraig Gallek goto unlock; 728c125e80bSCraig Gallek } 729d296ba60SCraig Gallek if (IS_ENABLED(CONFIG_IPV6) && sk->sk_reuseport && 730cae3873cSMartin KaFai Lau sk->sk_family == AF_INET6) 731cae3873cSMartin KaFai Lau __sk_nulls_add_node_tail_rcu(sk, &ilb2->nulls_head); 732cae3873cSMartin KaFai Lau else 733cae3873cSMartin KaFai Lau __sk_nulls_add_node_rcu(sk, &ilb2->nulls_head); 7343b24d854SEric Dumazet sock_set_flag(sk, SOCK_RCU_FREE); 735c29a0bc4SPavel Emelyanov sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); 736c125e80bSCraig Gallek unlock: 737e8d00590SMartin KaFai Lau spin_unlock(&ilb2->lock); 738c125e80bSCraig Gallek 739c125e80bSCraig Gallek return err; 740152da81dSPavel Emelyanov } 74177a6a471SEric Dumazet EXPORT_SYMBOL(__inet_hash); 742ab1e0a13SArnaldo Carvalho de Melo 743086c653fSCraig Gallek int inet_hash(struct sock *sk) 744ab1e0a13SArnaldo Carvalho de Melo { 745c125e80bSCraig Gallek int err = 0; 746c125e80bSCraig Gallek 7474f9bf2a2SSebastian Andrzej Siewior if (sk->sk_state != TCP_CLOSE) 748fe38d2a1SJosef Bacik err = __inet_hash(sk, NULL); 749086c653fSCraig Gallek 750c125e80bSCraig Gallek return err; 751ab1e0a13SArnaldo Carvalho de Melo } 752ab1e0a13SArnaldo Carvalho de Melo EXPORT_SYMBOL_GPL(inet_hash); 753ab1e0a13SArnaldo Carvalho de Melo 7544f9bf2a2SSebastian Andrzej Siewior void inet_unhash(struct sock *sk) 7554f9bf2a2SSebastian Andrzej Siewior { 756429e42c1SKuniyuki Iwashima struct inet_hashinfo *hashinfo = tcp_or_dccp_get_hashinfo(sk); 7574f9bf2a2SSebastian Andrzej Siewior 7584f9bf2a2SSebastian Andrzej Siewior if (sk_unhashed(sk)) 7594f9bf2a2SSebastian Andrzej Siewior return; 7604f9bf2a2SSebastian Andrzej Siewior 7614f9bf2a2SSebastian Andrzej Siewior if (sk->sk_state == TCP_LISTEN) { 762e8d00590SMartin KaFai Lau struct inet_listen_hashbucket *ilb2; 7634f9bf2a2SSebastian Andrzej Siewior 764e8d00590SMartin KaFai Lau ilb2 = inet_lhash2_bucket_sk(hashinfo, sk); 7654f9bf2a2SSebastian Andrzej Siewior /* Don't disable bottom halves while acquiring the lock to 7664f9bf2a2SSebastian Andrzej Siewior * avoid circular locking dependency on PREEMPT_RT. 7674f9bf2a2SSebastian Andrzej Siewior */ 768e8d00590SMartin KaFai Lau spin_lock(&ilb2->lock); 769e8d00590SMartin KaFai Lau if (sk_unhashed(sk)) { 770e8d00590SMartin KaFai Lau spin_unlock(&ilb2->lock); 771e8d00590SMartin KaFai Lau return; 772e8d00590SMartin KaFai Lau } 773e8d00590SMartin KaFai Lau 774e8d00590SMartin KaFai Lau if (rcu_access_pointer(sk->sk_reuseport_cb)) 775e8d00590SMartin KaFai Lau reuseport_stop_listen_sock(sk); 776e8d00590SMartin KaFai Lau 777e8d00590SMartin KaFai Lau __sk_nulls_del_node_init_rcu(sk); 778e8d00590SMartin KaFai Lau sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); 779e8d00590SMartin KaFai Lau spin_unlock(&ilb2->lock); 7804f9bf2a2SSebastian Andrzej Siewior } else { 7814f9bf2a2SSebastian Andrzej Siewior spinlock_t *lock = inet_ehash_lockp(hashinfo, sk->sk_hash); 7824f9bf2a2SSebastian Andrzej Siewior 7834f9bf2a2SSebastian Andrzej Siewior spin_lock_bh(lock); 784e8d00590SMartin KaFai Lau if (sk_unhashed(sk)) { 785e8d00590SMartin KaFai Lau spin_unlock_bh(lock); 786e8d00590SMartin KaFai Lau return; 787e8d00590SMartin KaFai Lau } 788e8d00590SMartin KaFai Lau __sk_nulls_del_node_init_rcu(sk); 789e8d00590SMartin KaFai Lau sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); 790920de804SEric Dumazet spin_unlock_bh(lock); 791ab1e0a13SArnaldo Carvalho de Melo } 7924f9bf2a2SSebastian Andrzej Siewior } 793ab1e0a13SArnaldo Carvalho de Melo EXPORT_SYMBOL_GPL(inet_unhash); 794152da81dSPavel Emelyanov 79528044fc1SJoanne Koong static bool inet_bind2_bucket_match(const struct inet_bind2_bucket *tb, 79628044fc1SJoanne Koong const struct net *net, unsigned short port, 79728044fc1SJoanne Koong int l3mdev, const struct sock *sk) 79828044fc1SJoanne Koong { 79928044fc1SJoanne Koong #if IS_ENABLED(CONFIG_IPV6) 8005456262dSMartin KaFai Lau if (sk->sk_family != tb->family) 8015456262dSMartin KaFai Lau return false; 8025456262dSMartin KaFai Lau 80328044fc1SJoanne Koong if (sk->sk_family == AF_INET6) 80428044fc1SJoanne Koong return net_eq(ib2_net(tb), net) && tb->port == port && 80528044fc1SJoanne Koong tb->l3mdev == l3mdev && 80628044fc1SJoanne Koong ipv6_addr_equal(&tb->v6_rcv_saddr, &sk->sk_v6_rcv_saddr); 80728044fc1SJoanne Koong else 80828044fc1SJoanne Koong #endif 80928044fc1SJoanne Koong return net_eq(ib2_net(tb), net) && tb->port == port && 81028044fc1SJoanne Koong tb->l3mdev == l3mdev && tb->rcv_saddr == sk->sk_rcv_saddr; 81128044fc1SJoanne Koong } 81228044fc1SJoanne Koong 81328044fc1SJoanne Koong bool inet_bind2_bucket_match_addr_any(const struct inet_bind2_bucket *tb, const struct net *net, 81428044fc1SJoanne Koong unsigned short port, int l3mdev, const struct sock *sk) 81528044fc1SJoanne Koong { 81628044fc1SJoanne Koong #if IS_ENABLED(CONFIG_IPV6) 817d9ba9934SKuniyuki Iwashima if (sk->sk_family != tb->family) { 818d9ba9934SKuniyuki Iwashima if (sk->sk_family == AF_INET) 819d9ba9934SKuniyuki Iwashima return net_eq(ib2_net(tb), net) && tb->port == port && 820d9ba9934SKuniyuki Iwashima tb->l3mdev == l3mdev && 8218cdc3223SKuniyuki Iwashima ipv6_addr_any(&tb->v6_rcv_saddr); 822d9ba9934SKuniyuki Iwashima 8235456262dSMartin KaFai Lau return false; 824d9ba9934SKuniyuki Iwashima } 8255456262dSMartin KaFai Lau 82628044fc1SJoanne Koong if (sk->sk_family == AF_INET6) 82728044fc1SJoanne Koong return net_eq(ib2_net(tb), net) && tb->port == port && 82828044fc1SJoanne Koong tb->l3mdev == l3mdev && 8298cdc3223SKuniyuki Iwashima ipv6_addr_any(&tb->v6_rcv_saddr); 83028044fc1SJoanne Koong else 83128044fc1SJoanne Koong #endif 83228044fc1SJoanne Koong return net_eq(ib2_net(tb), net) && tb->port == port && 83328044fc1SJoanne Koong tb->l3mdev == l3mdev && tb->rcv_saddr == 0; 83428044fc1SJoanne Koong } 83528044fc1SJoanne Koong 83628044fc1SJoanne Koong /* The socket's bhash2 hashbucket spinlock must be held when this is called */ 83728044fc1SJoanne Koong struct inet_bind2_bucket * 83828044fc1SJoanne Koong inet_bind2_bucket_find(const struct inet_bind_hashbucket *head, const struct net *net, 83928044fc1SJoanne Koong unsigned short port, int l3mdev, const struct sock *sk) 84028044fc1SJoanne Koong { 84128044fc1SJoanne Koong struct inet_bind2_bucket *bhash2 = NULL; 84228044fc1SJoanne Koong 84328044fc1SJoanne Koong inet_bind_bucket_for_each(bhash2, &head->chain) 84428044fc1SJoanne Koong if (inet_bind2_bucket_match(bhash2, net, port, l3mdev, sk)) 84528044fc1SJoanne Koong break; 84628044fc1SJoanne Koong 84728044fc1SJoanne Koong return bhash2; 84828044fc1SJoanne Koong } 84928044fc1SJoanne Koong 85028044fc1SJoanne Koong struct inet_bind_hashbucket * 85128044fc1SJoanne Koong inet_bhash2_addr_any_hashbucket(const struct sock *sk, const struct net *net, int port) 85228044fc1SJoanne Koong { 853429e42c1SKuniyuki Iwashima struct inet_hashinfo *hinfo = tcp_or_dccp_get_hashinfo(sk); 85428044fc1SJoanne Koong u32 hash; 85528044fc1SJoanne Koong 8568cdc3223SKuniyuki Iwashima #if IS_ENABLED(CONFIG_IPV6) 85728044fc1SJoanne Koong if (sk->sk_family == AF_INET6) 8588cdc3223SKuniyuki Iwashima hash = ipv6_portaddr_hash(net, &in6addr_any, port); 85928044fc1SJoanne Koong else 86028044fc1SJoanne Koong #endif 86128044fc1SJoanne Koong hash = ipv4_portaddr_hash(net, 0, port); 86228044fc1SJoanne Koong 86328044fc1SJoanne Koong return &hinfo->bhash2[hash & (hinfo->bhash_size - 1)]; 86428044fc1SJoanne Koong } 86528044fc1SJoanne Koong 8668c5dae4cSKuniyuki Iwashima static void inet_update_saddr(struct sock *sk, void *saddr, int family) 8678c5dae4cSKuniyuki Iwashima { 8688c5dae4cSKuniyuki Iwashima if (family == AF_INET) { 8698c5dae4cSKuniyuki Iwashima inet_sk(sk)->inet_saddr = *(__be32 *)saddr; 8708c5dae4cSKuniyuki Iwashima sk_rcv_saddr_set(sk, inet_sk(sk)->inet_saddr); 8718c5dae4cSKuniyuki Iwashima } 8728c5dae4cSKuniyuki Iwashima #if IS_ENABLED(CONFIG_IPV6) 8738c5dae4cSKuniyuki Iwashima else { 8748c5dae4cSKuniyuki Iwashima sk->sk_v6_rcv_saddr = *(struct in6_addr *)saddr; 8758c5dae4cSKuniyuki Iwashima } 8768c5dae4cSKuniyuki Iwashima #endif 8778c5dae4cSKuniyuki Iwashima } 8788c5dae4cSKuniyuki Iwashima 879e0833d1fSKuniyuki Iwashima static int __inet_bhash2_update_saddr(struct sock *sk, void *saddr, int family, bool reset) 88028044fc1SJoanne Koong { 881429e42c1SKuniyuki Iwashima struct inet_hashinfo *hinfo = tcp_or_dccp_get_hashinfo(sk); 8828c5dae4cSKuniyuki Iwashima struct inet_bind_hashbucket *head, *head2; 88328044fc1SJoanne Koong struct inet_bind2_bucket *tb2, *new_tb2; 88428044fc1SJoanne Koong int l3mdev = inet_sk_bound_l3mdev(sk); 88528044fc1SJoanne Koong int port = inet_sk(sk)->inet_num; 88628044fc1SJoanne Koong struct net *net = sock_net(sk); 8878c5dae4cSKuniyuki Iwashima int bhash; 8888c5dae4cSKuniyuki Iwashima 8898c5dae4cSKuniyuki Iwashima if (!inet_csk(sk)->icsk_bind2_hash) { 8908c5dae4cSKuniyuki Iwashima /* Not bind()ed before. */ 891e0833d1fSKuniyuki Iwashima if (reset) 892e0833d1fSKuniyuki Iwashima inet_reset_saddr(sk); 893e0833d1fSKuniyuki Iwashima else 8948c5dae4cSKuniyuki Iwashima inet_update_saddr(sk, saddr, family); 895e0833d1fSKuniyuki Iwashima 8968c5dae4cSKuniyuki Iwashima return 0; 8978c5dae4cSKuniyuki Iwashima } 89828044fc1SJoanne Koong 89928044fc1SJoanne Koong /* Allocate a bind2 bucket ahead of time to avoid permanently putting 90028044fc1SJoanne Koong * the bhash2 table in an inconsistent state if a new tb2 bucket 90128044fc1SJoanne Koong * allocation fails. 90228044fc1SJoanne Koong */ 90328044fc1SJoanne Koong new_tb2 = kmem_cache_alloc(hinfo->bind2_bucket_cachep, GFP_ATOMIC); 904e0833d1fSKuniyuki Iwashima if (!new_tb2) { 905e0833d1fSKuniyuki Iwashima if (reset) { 906e0833d1fSKuniyuki Iwashima /* The (INADDR_ANY, port) bucket might have already 907e0833d1fSKuniyuki Iwashima * been freed, then we cannot fixup icsk_bind2_hash, 908e0833d1fSKuniyuki Iwashima * so we give up and unlink sk from bhash/bhash2 not 909e0833d1fSKuniyuki Iwashima * to leave inconsistency in bhash2. 910e0833d1fSKuniyuki Iwashima */ 911e0833d1fSKuniyuki Iwashima inet_put_port(sk); 912e0833d1fSKuniyuki Iwashima inet_reset_saddr(sk); 913e0833d1fSKuniyuki Iwashima } 914e0833d1fSKuniyuki Iwashima 91528044fc1SJoanne Koong return -ENOMEM; 916e0833d1fSKuniyuki Iwashima } 91728044fc1SJoanne Koong 9188c5dae4cSKuniyuki Iwashima bhash = inet_bhashfn(net, port, hinfo->bhash_size); 9198c5dae4cSKuniyuki Iwashima head = &hinfo->bhash[bhash]; 92028044fc1SJoanne Koong head2 = inet_bhashfn_portaddr(hinfo, sk, net, port); 92128044fc1SJoanne Koong 9228c5dae4cSKuniyuki Iwashima /* If we change saddr locklessly, another thread 9238c5dae4cSKuniyuki Iwashima * iterating over bhash might see corrupted address. 9248c5dae4cSKuniyuki Iwashima */ 9258c5dae4cSKuniyuki Iwashima spin_lock_bh(&head->lock); 9268c5dae4cSKuniyuki Iwashima 9278c5dae4cSKuniyuki Iwashima spin_lock(&head2->lock); 92828044fc1SJoanne Koong __sk_del_bind2_node(sk); 9298acdad37SKuniyuki Iwashima inet_bind2_bucket_destroy(hinfo->bind2_bucket_cachep, inet_csk(sk)->icsk_bind2_hash); 9308c5dae4cSKuniyuki Iwashima spin_unlock(&head2->lock); 93128044fc1SJoanne Koong 932e0833d1fSKuniyuki Iwashima if (reset) 933e0833d1fSKuniyuki Iwashima inet_reset_saddr(sk); 934e0833d1fSKuniyuki Iwashima else 9358c5dae4cSKuniyuki Iwashima inet_update_saddr(sk, saddr, family); 9368c5dae4cSKuniyuki Iwashima 9378c5dae4cSKuniyuki Iwashima head2 = inet_bhashfn_portaddr(hinfo, sk, net, port); 9388c5dae4cSKuniyuki Iwashima 9398c5dae4cSKuniyuki Iwashima spin_lock(&head2->lock); 94028044fc1SJoanne Koong tb2 = inet_bind2_bucket_find(head2, net, port, l3mdev, sk); 94128044fc1SJoanne Koong if (!tb2) { 94228044fc1SJoanne Koong tb2 = new_tb2; 94328044fc1SJoanne Koong inet_bind2_bucket_init(tb2, net, head2, port, l3mdev, sk); 94428044fc1SJoanne Koong } 94528044fc1SJoanne Koong sk_add_bind2_node(sk, &tb2->owners); 94628044fc1SJoanne Koong inet_csk(sk)->icsk_bind2_hash = tb2; 9478c5dae4cSKuniyuki Iwashima spin_unlock(&head2->lock); 9488c5dae4cSKuniyuki Iwashima 9498c5dae4cSKuniyuki Iwashima spin_unlock_bh(&head->lock); 95028044fc1SJoanne Koong 95128044fc1SJoanne Koong if (tb2 != new_tb2) 95228044fc1SJoanne Koong kmem_cache_free(hinfo->bind2_bucket_cachep, new_tb2); 95328044fc1SJoanne Koong 95428044fc1SJoanne Koong return 0; 95528044fc1SJoanne Koong } 956e0833d1fSKuniyuki Iwashima 957e0833d1fSKuniyuki Iwashima int inet_bhash2_update_saddr(struct sock *sk, void *saddr, int family) 958e0833d1fSKuniyuki Iwashima { 959e0833d1fSKuniyuki Iwashima return __inet_bhash2_update_saddr(sk, saddr, family, false); 960e0833d1fSKuniyuki Iwashima } 96128044fc1SJoanne Koong EXPORT_SYMBOL_GPL(inet_bhash2_update_saddr); 96228044fc1SJoanne Koong 963e0833d1fSKuniyuki Iwashima void inet_bhash2_reset_saddr(struct sock *sk) 964e0833d1fSKuniyuki Iwashima { 965e0833d1fSKuniyuki Iwashima if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK)) 966e0833d1fSKuniyuki Iwashima __inet_bhash2_update_saddr(sk, NULL, 0, true); 967e0833d1fSKuniyuki Iwashima } 968e0833d1fSKuniyuki Iwashima EXPORT_SYMBOL_GPL(inet_bhash2_reset_saddr); 969e0833d1fSKuniyuki Iwashima 970190cc824SEric Dumazet /* RFC 6056 3.3.4. Algorithm 4: Double-Hash Port Selection Algorithm 971190cc824SEric Dumazet * Note that we use 32bit integers (vs RFC 'short integers') 972190cc824SEric Dumazet * because 2^16 is not a multiple of num_ephemeral and this 973190cc824SEric Dumazet * property might be used by clever attacker. 974aeac4ec8SGleb Mazovetskiy * 9754c2c8f03SWilly Tarreau * RFC claims using TABLE_LENGTH=10 buckets gives an improvement, though 976aeac4ec8SGleb Mazovetskiy * attacks were since demonstrated, thus we use 65536 by default instead 977aeac4ec8SGleb Mazovetskiy * to really give more isolation and privacy, at the expense of 256kB 978aeac4ec8SGleb Mazovetskiy * of kernel memory. 979190cc824SEric Dumazet */ 980aeac4ec8SGleb Mazovetskiy #define INET_TABLE_PERTURB_SIZE (1 << CONFIG_INET_TABLE_PERTURB_ORDER) 981e9261476SWilly Tarreau static u32 *table_perturb; 982190cc824SEric Dumazet 9835ee31fc1SPavel Emelyanov int __inet_hash_connect(struct inet_timewait_death_row *death_row, 984b2d05756SWilly Tarreau struct sock *sk, u64 port_offset, 9855ee31fc1SPavel Emelyanov int (*check_established)(struct inet_timewait_death_row *, 986b4d6444eSEric Dumazet struct sock *, __u16, struct inet_timewait_sock **)) 987a7f5e7f1SArnaldo Carvalho de Melo { 988a7f5e7f1SArnaldo Carvalho de Melo struct inet_hashinfo *hinfo = death_row->hashinfo; 98928044fc1SJoanne Koong struct inet_bind_hashbucket *head, *head2; 990a7f5e7f1SArnaldo Carvalho de Melo struct inet_timewait_sock *tw = NULL; 9911580ab63SEric Dumazet int port = inet_sk(sk)->inet_num; 9921580ab63SEric Dumazet struct net *net = sock_net(sk); 99328044fc1SJoanne Koong struct inet_bind2_bucket *tb2; 9941580ab63SEric Dumazet struct inet_bind_bucket *tb; 99528044fc1SJoanne Koong bool tb_created = false; 9961580ab63SEric Dumazet u32 remaining, offset; 9971580ab63SEric Dumazet int ret, i, low, high; 9983c82a21fSRobert Shearman int l3mdev; 999190cc824SEric Dumazet u32 index; 10001580ab63SEric Dumazet 10011580ab63SEric Dumazet if (port) { 100221cbd90aSPietro Borrello local_bh_disable(); 10031580ab63SEric Dumazet ret = check_established(death_row, sk, port, NULL); 10041580ab63SEric Dumazet local_bh_enable(); 10051580ab63SEric Dumazet return ret; 10061580ab63SEric Dumazet } 1007a7f5e7f1SArnaldo Carvalho de Melo 10083c82a21fSRobert Shearman l3mdev = inet_sk_bound_l3mdev(sk); 10093c82a21fSRobert Shearman 101091d0b78cSJakub Sitnicki inet_sk_get_local_port_range(sk, &low, &high); 10111580ab63SEric Dumazet high++; /* [32768, 60999] -> [32768, 61000[ */ 10121580ab63SEric Dumazet remaining = high - low; 10131580ab63SEric Dumazet if (likely(remaining > 1)) 10141580ab63SEric Dumazet remaining &= ~1U; 1015227b60f5SStephen Hemminger 10162a4187f4SJason A. Donenfeld get_random_sleepable_once(table_perturb, 1017e9261476SWilly Tarreau INET_TABLE_PERTURB_SIZE * sizeof(*table_perturb)); 1018e8161345SWilly Tarreau index = port_offset & (INET_TABLE_PERTURB_SIZE - 1); 1019190cc824SEric Dumazet 10209e9b70aeSWilly Tarreau offset = READ_ONCE(table_perturb[index]) + (port_offset >> 32); 1021b2d05756SWilly Tarreau offset %= remaining; 1022b2d05756SWilly Tarreau 10231580ab63SEric Dumazet /* In first pass we try ports of @low parity. 10241580ab63SEric Dumazet * inet_csk_get_port() does the opposite choice. 102507f4c900SEric Dumazet */ 10261580ab63SEric Dumazet offset &= ~1U; 10271580ab63SEric Dumazet other_parity_scan: 10281580ab63SEric Dumazet port = low + offset; 10291580ab63SEric Dumazet for (i = 0; i < remaining; i += 2, port += 2) { 10301580ab63SEric Dumazet if (unlikely(port >= high)) 10311580ab63SEric Dumazet port -= remaining; 1032122ff243SWANG Cong if (inet_is_local_reserved_port(net, port)) 1033e3826f1eSAmerigo Wang continue; 10347f635ab7SPavel Emelyanov head = &hinfo->bhash[inet_bhashfn(net, port, 10357f635ab7SPavel Emelyanov hinfo->bhash_size)]; 10361580ab63SEric Dumazet spin_lock_bh(&head->lock); 1037a7f5e7f1SArnaldo Carvalho de Melo 10381580ab63SEric Dumazet /* Does not bother with rcv_saddr checks, because 10391580ab63SEric Dumazet * the established check is already unique enough. 1040a7f5e7f1SArnaldo Carvalho de Melo */ 1041b67bfe0dSSasha Levin inet_bind_bucket_for_each(tb, &head->chain) { 104228044fc1SJoanne Koong if (inet_bind_bucket_match(tb, net, port, l3mdev)) { 1043da5e3630STom Herbert if (tb->fastreuse >= 0 || 1044da5e3630STom Herbert tb->fastreuseport >= 0) 1045a7f5e7f1SArnaldo Carvalho de Melo goto next_port; 1046a9d8f911SEvgeniy Polyakov WARN_ON(hlist_empty(&tb->owners)); 10475ee31fc1SPavel Emelyanov if (!check_established(death_row, sk, 10485ee31fc1SPavel Emelyanov port, &tw)) 1049a7f5e7f1SArnaldo Carvalho de Melo goto ok; 1050a7f5e7f1SArnaldo Carvalho de Melo goto next_port; 1051a7f5e7f1SArnaldo Carvalho de Melo } 1052a7f5e7f1SArnaldo Carvalho de Melo } 1053a7f5e7f1SArnaldo Carvalho de Melo 1054941b1d22SPavel Emelyanov tb = inet_bind_bucket_create(hinfo->bind_bucket_cachep, 10553c82a21fSRobert Shearman net, head, port, l3mdev); 1056a7f5e7f1SArnaldo Carvalho de Melo if (!tb) { 10571580ab63SEric Dumazet spin_unlock_bh(&head->lock); 10581580ab63SEric Dumazet return -ENOMEM; 1059a7f5e7f1SArnaldo Carvalho de Melo } 106028044fc1SJoanne Koong tb_created = true; 1061a7f5e7f1SArnaldo Carvalho de Melo tb->fastreuse = -1; 1062da5e3630STom Herbert tb->fastreuseport = -1; 1063a7f5e7f1SArnaldo Carvalho de Melo goto ok; 1064a7f5e7f1SArnaldo Carvalho de Melo next_port: 10651580ab63SEric Dumazet spin_unlock_bh(&head->lock); 10661580ab63SEric Dumazet cond_resched(); 1067a7f5e7f1SArnaldo Carvalho de Melo } 10681580ab63SEric Dumazet 10691580ab63SEric Dumazet offset++; 10701580ab63SEric Dumazet if ((offset & 1) && remaining > 1) 10711580ab63SEric Dumazet goto other_parity_scan; 1072a7f5e7f1SArnaldo Carvalho de Melo 1073a7f5e7f1SArnaldo Carvalho de Melo return -EADDRNOTAVAIL; 1074a7f5e7f1SArnaldo Carvalho de Melo 1075a7f5e7f1SArnaldo Carvalho de Melo ok: 107628044fc1SJoanne Koong /* Find the corresponding tb2 bucket since we need to 107728044fc1SJoanne Koong * add the socket to the bhash2 table as well 107828044fc1SJoanne Koong */ 107928044fc1SJoanne Koong head2 = inet_bhashfn_portaddr(hinfo, sk, net, port); 108028044fc1SJoanne Koong spin_lock(&head2->lock); 108128044fc1SJoanne Koong 108228044fc1SJoanne Koong tb2 = inet_bind2_bucket_find(head2, net, port, l3mdev, sk); 108328044fc1SJoanne Koong if (!tb2) { 108428044fc1SJoanne Koong tb2 = inet_bind2_bucket_create(hinfo->bind2_bucket_cachep, net, 108528044fc1SJoanne Koong head2, port, l3mdev, sk); 108628044fc1SJoanne Koong if (!tb2) 108728044fc1SJoanne Koong goto error; 108828044fc1SJoanne Koong } 108928044fc1SJoanne Koong 1090ca7af040SWilly Tarreau /* Here we want to add a little bit of randomness to the next source 1091ca7af040SWilly Tarreau * port that will be chosen. We use a max() with a random here so that 1092ca7af040SWilly Tarreau * on low contention the randomness is maximal and on high contention 1093ca7af040SWilly Tarreau * it may be inexistent. 1094c579bd1bSEric Dumazet */ 10958032bf12SJason A. Donenfeld i = max_t(int, i, get_random_u32_below(8) * 2); 1096190cc824SEric Dumazet WRITE_ONCE(table_perturb[index], READ_ONCE(table_perturb[index]) + i + 2); 1097a7f5e7f1SArnaldo Carvalho de Melo 1098a7f5e7f1SArnaldo Carvalho de Melo /* Head lock still held and bh's disabled */ 109928044fc1SJoanne Koong inet_bind_hash(sk, tb, tb2, port); 110028044fc1SJoanne Koong 1101a7f5e7f1SArnaldo Carvalho de Melo if (sk_unhashed(sk)) { 1102c720c7e8SEric Dumazet inet_sk(sk)->inet_sport = htons(port); 110301770a16SRicardo Dias inet_ehash_nolisten(sk, (struct sock *)tw, NULL); 1104a7f5e7f1SArnaldo Carvalho de Melo } 11053cdaedaeSEric Dumazet if (tw) 1106fc01538fSEric Dumazet inet_twsk_bind_unhash(tw, hinfo); 1107936a192fSKuniyuki Iwashima 1108936a192fSKuniyuki Iwashima spin_unlock(&head2->lock); 1109a7f5e7f1SArnaldo Carvalho de Melo spin_unlock(&head->lock); 1110936a192fSKuniyuki Iwashima 1111dbe7faa4SEric Dumazet if (tw) 1112dbe7faa4SEric Dumazet inet_twsk_deschedule_put(tw); 1113a7f5e7f1SArnaldo Carvalho de Melo local_bh_enable(); 11141580ab63SEric Dumazet return 0; 111528044fc1SJoanne Koong 111628044fc1SJoanne Koong error: 111728044fc1SJoanne Koong spin_unlock(&head2->lock); 111828044fc1SJoanne Koong if (tb_created) 111928044fc1SJoanne Koong inet_bind_bucket_destroy(hinfo->bind_bucket_cachep, tb); 112028044fc1SJoanne Koong spin_unlock_bh(&head->lock); 112128044fc1SJoanne Koong return -ENOMEM; 1122a7f5e7f1SArnaldo Carvalho de Melo } 11235ee31fc1SPavel Emelyanov 11245ee31fc1SPavel Emelyanov /* 11255ee31fc1SPavel Emelyanov * Bind a port for a connect operation and hash it. 11265ee31fc1SPavel Emelyanov */ 11275ee31fc1SPavel Emelyanov int inet_hash_connect(struct inet_timewait_death_row *death_row, 11285ee31fc1SPavel Emelyanov struct sock *sk) 11295ee31fc1SPavel Emelyanov { 1130b2d05756SWilly Tarreau u64 port_offset = 0; 1131e2baad9eSEric Dumazet 1132e2baad9eSEric Dumazet if (!inet_sk(sk)->inet_num) 1133e2baad9eSEric Dumazet port_offset = inet_sk_port_offset(sk); 1134e2baad9eSEric Dumazet return __inet_hash_connect(death_row, sk, port_offset, 1135b4d6444eSEric Dumazet __inet_check_established); 11365ee31fc1SPavel Emelyanov } 1137a7f5e7f1SArnaldo Carvalho de Melo EXPORT_SYMBOL_GPL(inet_hash_connect); 11385caea4eaSEric Dumazet 1139c92c81dfSPeter Oskolkov static void init_hashinfo_lhash2(struct inet_hashinfo *h) 1140c92c81dfSPeter Oskolkov { 1141c92c81dfSPeter Oskolkov int i; 1142c92c81dfSPeter Oskolkov 1143c92c81dfSPeter Oskolkov for (i = 0; i <= h->lhash2_mask; i++) { 1144c92c81dfSPeter Oskolkov spin_lock_init(&h->lhash2[i].lock); 1145cae3873cSMartin KaFai Lau INIT_HLIST_NULLS_HEAD(&h->lhash2[i].nulls_head, 1146cae3873cSMartin KaFai Lau i + LISTENING_NULLS_BASE); 1147c92c81dfSPeter Oskolkov } 1148c92c81dfSPeter Oskolkov } 1149c92c81dfSPeter Oskolkov 115061b7c691SMartin KaFai Lau void __init inet_hashinfo2_init(struct inet_hashinfo *h, const char *name, 115161b7c691SMartin KaFai Lau unsigned long numentries, int scale, 115261b7c691SMartin KaFai Lau unsigned long low_limit, 115361b7c691SMartin KaFai Lau unsigned long high_limit) 115461b7c691SMartin KaFai Lau { 115561b7c691SMartin KaFai Lau h->lhash2 = alloc_large_system_hash(name, 115661b7c691SMartin KaFai Lau sizeof(*h->lhash2), 115761b7c691SMartin KaFai Lau numentries, 115861b7c691SMartin KaFai Lau scale, 115961b7c691SMartin KaFai Lau 0, 116061b7c691SMartin KaFai Lau NULL, 116161b7c691SMartin KaFai Lau &h->lhash2_mask, 116261b7c691SMartin KaFai Lau low_limit, 116361b7c691SMartin KaFai Lau high_limit); 1164c92c81dfSPeter Oskolkov init_hashinfo_lhash2(h); 1165e9261476SWilly Tarreau 1166e9261476SWilly Tarreau /* this one is used for source ports of outgoing connections */ 1167e67b72b9SMuchun Song table_perturb = alloc_large_system_hash("Table-perturb", 1168e67b72b9SMuchun Song sizeof(*table_perturb), 1169e67b72b9SMuchun Song INET_TABLE_PERTURB_SIZE, 1170e67b72b9SMuchun Song 0, 0, NULL, NULL, 1171e67b72b9SMuchun Song INET_TABLE_PERTURB_SIZE, 1172e67b72b9SMuchun Song INET_TABLE_PERTURB_SIZE); 1173c92c81dfSPeter Oskolkov } 117461b7c691SMartin KaFai Lau 1175c92c81dfSPeter Oskolkov int inet_hashinfo2_init_mod(struct inet_hashinfo *h) 1176c92c81dfSPeter Oskolkov { 1177c92c81dfSPeter Oskolkov h->lhash2 = kmalloc_array(INET_LHTABLE_SIZE, sizeof(*h->lhash2), GFP_KERNEL); 1178c92c81dfSPeter Oskolkov if (!h->lhash2) 1179c92c81dfSPeter Oskolkov return -ENOMEM; 1180c92c81dfSPeter Oskolkov 1181c92c81dfSPeter Oskolkov h->lhash2_mask = INET_LHTABLE_SIZE - 1; 1182c92c81dfSPeter Oskolkov /* INET_LHTABLE_SIZE must be a power of 2 */ 1183c92c81dfSPeter Oskolkov BUG_ON(INET_LHTABLE_SIZE & h->lhash2_mask); 1184c92c81dfSPeter Oskolkov 1185c92c81dfSPeter Oskolkov init_hashinfo_lhash2(h); 1186c92c81dfSPeter Oskolkov return 0; 118761b7c691SMartin KaFai Lau } 1188c92c81dfSPeter Oskolkov EXPORT_SYMBOL_GPL(inet_hashinfo2_init_mod); 118961b7c691SMartin KaFai Lau 1190095dc8e0SEric Dumazet int inet_ehash_locks_alloc(struct inet_hashinfo *hashinfo) 1191095dc8e0SEric Dumazet { 119289e478a2SEric Dumazet unsigned int locksz = sizeof(spinlock_t); 1193095dc8e0SEric Dumazet unsigned int i, nblocks = 1; 1194095dc8e0SEric Dumazet 119589e478a2SEric Dumazet if (locksz != 0) { 1196095dc8e0SEric Dumazet /* allocate 2 cache lines or at least one spinlock per cpu */ 119789e478a2SEric Dumazet nblocks = max(2U * L1_CACHE_BYTES / locksz, 1U); 1198095dc8e0SEric Dumazet nblocks = roundup_pow_of_two(nblocks * num_possible_cpus()); 1199095dc8e0SEric Dumazet 1200095dc8e0SEric Dumazet /* no more locks than number of hash buckets */ 1201095dc8e0SEric Dumazet nblocks = min(nblocks, hashinfo->ehash_mask + 1); 1202095dc8e0SEric Dumazet 1203752ade68SMichal Hocko hashinfo->ehash_locks = kvmalloc_array(nblocks, locksz, GFP_KERNEL); 1204095dc8e0SEric Dumazet if (!hashinfo->ehash_locks) 1205095dc8e0SEric Dumazet return -ENOMEM; 1206095dc8e0SEric Dumazet 1207095dc8e0SEric Dumazet for (i = 0; i < nblocks; i++) 1208095dc8e0SEric Dumazet spin_lock_init(&hashinfo->ehash_locks[i]); 1209095dc8e0SEric Dumazet } 1210095dc8e0SEric Dumazet hashinfo->ehash_locks_mask = nblocks - 1; 1211095dc8e0SEric Dumazet return 0; 1212095dc8e0SEric Dumazet } 1213095dc8e0SEric Dumazet EXPORT_SYMBOL_GPL(inet_ehash_locks_alloc); 1214d1e5e640SKuniyuki Iwashima 1215d1e5e640SKuniyuki Iwashima struct inet_hashinfo *inet_pernet_hashinfo_alloc(struct inet_hashinfo *hashinfo, 1216d1e5e640SKuniyuki Iwashima unsigned int ehash_entries) 1217d1e5e640SKuniyuki Iwashima { 1218d1e5e640SKuniyuki Iwashima struct inet_hashinfo *new_hashinfo; 1219d1e5e640SKuniyuki Iwashima int i; 1220d1e5e640SKuniyuki Iwashima 1221d1e5e640SKuniyuki Iwashima new_hashinfo = kmemdup(hashinfo, sizeof(*hashinfo), GFP_KERNEL); 1222d1e5e640SKuniyuki Iwashima if (!new_hashinfo) 1223d1e5e640SKuniyuki Iwashima goto err; 1224d1e5e640SKuniyuki Iwashima 1225d1e5e640SKuniyuki Iwashima new_hashinfo->ehash = vmalloc_huge(ehash_entries * sizeof(struct inet_ehash_bucket), 1226d1e5e640SKuniyuki Iwashima GFP_KERNEL_ACCOUNT); 1227d1e5e640SKuniyuki Iwashima if (!new_hashinfo->ehash) 1228d1e5e640SKuniyuki Iwashima goto free_hashinfo; 1229d1e5e640SKuniyuki Iwashima 1230d1e5e640SKuniyuki Iwashima new_hashinfo->ehash_mask = ehash_entries - 1; 1231d1e5e640SKuniyuki Iwashima 1232d1e5e640SKuniyuki Iwashima if (inet_ehash_locks_alloc(new_hashinfo)) 1233d1e5e640SKuniyuki Iwashima goto free_ehash; 1234d1e5e640SKuniyuki Iwashima 1235d1e5e640SKuniyuki Iwashima for (i = 0; i < ehash_entries; i++) 1236d1e5e640SKuniyuki Iwashima INIT_HLIST_NULLS_HEAD(&new_hashinfo->ehash[i].chain, i); 1237d1e5e640SKuniyuki Iwashima 1238d1e5e640SKuniyuki Iwashima new_hashinfo->pernet = true; 1239d1e5e640SKuniyuki Iwashima 1240d1e5e640SKuniyuki Iwashima return new_hashinfo; 1241d1e5e640SKuniyuki Iwashima 1242d1e5e640SKuniyuki Iwashima free_ehash: 1243d1e5e640SKuniyuki Iwashima vfree(new_hashinfo->ehash); 1244d1e5e640SKuniyuki Iwashima free_hashinfo: 1245d1e5e640SKuniyuki Iwashima kfree(new_hashinfo); 1246d1e5e640SKuniyuki Iwashima err: 1247d1e5e640SKuniyuki Iwashima return NULL; 1248d1e5e640SKuniyuki Iwashima } 1249d1e5e640SKuniyuki Iwashima EXPORT_SYMBOL_GPL(inet_pernet_hashinfo_alloc); 1250d1e5e640SKuniyuki Iwashima 1251d1e5e640SKuniyuki Iwashima void inet_pernet_hashinfo_free(struct inet_hashinfo *hashinfo) 1252d1e5e640SKuniyuki Iwashima { 1253d1e5e640SKuniyuki Iwashima if (!hashinfo->pernet) 1254d1e5e640SKuniyuki Iwashima return; 1255d1e5e640SKuniyuki Iwashima 1256d1e5e640SKuniyuki Iwashima inet_ehash_locks_free(hashinfo); 1257d1e5e640SKuniyuki Iwashima vfree(hashinfo->ehash); 1258d1e5e640SKuniyuki Iwashima kfree(hashinfo); 1259d1e5e640SKuniyuki Iwashima } 1260d1e5e640SKuniyuki Iwashima EXPORT_SYMBOL_GPL(inet_pernet_hashinfo_free); 1261