1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* AF_RXRPC implementation 3 * 4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 9 10 #include <linux/module.h> 11 #include <linux/kernel.h> 12 #include <linux/net.h> 13 #include <linux/slab.h> 14 #include <linux/skbuff.h> 15 #include <linux/random.h> 16 #include <linux/poll.h> 17 #include <linux/proc_fs.h> 18 #include <linux/key-type.h> 19 #include <linux/uio.h> 20 #include <net/net_namespace.h> 21 #include <net/sock.h> 22 #include <net/af_rxrpc.h> 23 #define CREATE_TRACE_POINTS 24 #include "ar-internal.h" 25 26 MODULE_DESCRIPTION("RxRPC network protocol"); 27 MODULE_AUTHOR("Red Hat, Inc."); 28 MODULE_LICENSE("GPL"); 29 MODULE_ALIAS_NETPROTO(PF_RXRPC); 30 31 unsigned int rxrpc_debug; // = RXRPC_DEBUG_KPROTO; 32 module_param_named(debug, rxrpc_debug, uint, 0644); 33 MODULE_PARM_DESC(debug, "RxRPC debugging mask"); 34 35 static struct proto rxrpc_proto; 36 static const struct proto_ops rxrpc_rpc_ops; 37 38 /* current debugging ID */ 39 atomic_t rxrpc_debug_id; 40 EXPORT_SYMBOL(rxrpc_debug_id); 41 42 /* count of skbs currently in use */ 43 atomic_t rxrpc_n_rx_skbs; 44 45 struct workqueue_struct *rxrpc_workqueue; 46 47 static void rxrpc_sock_destructor(struct sock *); 48 49 /* 50 * see if an RxRPC socket is currently writable 51 */ 52 static inline int rxrpc_writable(struct sock *sk) 53 { 54 return refcount_read(&sk->sk_wmem_alloc) < (size_t) sk->sk_sndbuf; 55 } 56 57 /* 58 * wait for write bufferage to become available 59 */ 60 static void rxrpc_write_space(struct sock *sk) 61 { 62 _enter("%p", sk); 63 rcu_read_lock(); 64 if (rxrpc_writable(sk)) { 65 struct socket_wq *wq = rcu_dereference(sk->sk_wq); 66 67 if (skwq_has_sleeper(wq)) 68 wake_up_interruptible(&wq->wait); 69 sk_wake_async_rcu(sk, SOCK_WAKE_SPACE, POLL_OUT); 70 } 71 rcu_read_unlock(); 72 } 73 74 /* 75 * validate an RxRPC address 76 */ 77 static int rxrpc_validate_address(struct rxrpc_sock *rx, 78 struct sockaddr_rxrpc *srx, 79 int len) 80 { 81 unsigned int tail; 82 83 if (len < sizeof(struct sockaddr_rxrpc)) 84 return -EINVAL; 85 86 if (srx->srx_family != AF_RXRPC) 87 return -EAFNOSUPPORT; 88 89 if (srx->transport_type != SOCK_DGRAM) 90 return -ESOCKTNOSUPPORT; 91 92 len -= offsetof(struct sockaddr_rxrpc, transport); 93 if (srx->transport_len < sizeof(sa_family_t) || 94 srx->transport_len > len) 95 return -EINVAL; 96 97 switch (srx->transport.family) { 98 case AF_INET: 99 if (rx->family != AF_INET && 100 rx->family != AF_INET6) 101 return -EAFNOSUPPORT; 102 if (srx->transport_len < sizeof(struct sockaddr_in)) 103 return -EINVAL; 104 tail = offsetof(struct sockaddr_rxrpc, transport.sin.__pad); 105 break; 106 107 #ifdef CONFIG_AF_RXRPC_IPV6 108 case AF_INET6: 109 if (rx->family != AF_INET6) 110 return -EAFNOSUPPORT; 111 if (srx->transport_len < sizeof(struct sockaddr_in6)) 112 return -EINVAL; 113 tail = offsetof(struct sockaddr_rxrpc, transport) + 114 sizeof(struct sockaddr_in6); 115 break; 116 #endif 117 118 default: 119 return -EAFNOSUPPORT; 120 } 121 122 if (tail < len) 123 memset((void *)srx + tail, 0, len - tail); 124 _debug("INET: %pISp", &srx->transport); 125 return 0; 126 } 127 128 /* 129 * bind a local address to an RxRPC socket 130 */ 131 static int rxrpc_bind(struct socket *sock, struct sockaddr_unsized *saddr, int len) 132 { 133 struct sockaddr_rxrpc *srx = (struct sockaddr_rxrpc *)saddr; 134 struct rxrpc_local *local; 135 struct rxrpc_sock *rx = rxrpc_sk(sock->sk); 136 u16 service_id; 137 int ret; 138 139 _enter("%p,%p,%d", rx, saddr, len); 140 141 ret = rxrpc_validate_address(rx, srx, len); 142 if (ret < 0) 143 goto error; 144 service_id = srx->srx_service; 145 146 lock_sock(&rx->sk); 147 148 switch (rx->sk.sk_state) { 149 case RXRPC_UNBOUND: 150 rx->srx = *srx; 151 local = rxrpc_lookup_local(sock_net(&rx->sk), &rx->srx); 152 if (IS_ERR(local)) { 153 ret = PTR_ERR(local); 154 goto error_unlock; 155 } 156 157 if (service_id) { 158 write_lock(&local->services_lock); 159 if (local->service) 160 goto service_in_use; 161 rx->local = local; 162 local->service = rx; 163 write_unlock(&local->services_lock); 164 165 rx->sk.sk_state = RXRPC_SERVER_BOUND; 166 } else { 167 rx->local = local; 168 rx->sk.sk_state = RXRPC_CLIENT_BOUND; 169 } 170 break; 171 172 case RXRPC_SERVER_BOUND: 173 ret = -EINVAL; 174 if (service_id == 0) 175 goto error_unlock; 176 ret = -EADDRINUSE; 177 if (service_id == rx->srx.srx_service) 178 goto error_unlock; 179 ret = -EINVAL; 180 srx->srx_service = rx->srx.srx_service; 181 if (memcmp(srx, &rx->srx, sizeof(*srx)) != 0) 182 goto error_unlock; 183 rx->second_service = service_id; 184 rx->sk.sk_state = RXRPC_SERVER_BOUND2; 185 break; 186 187 default: 188 ret = -EINVAL; 189 goto error_unlock; 190 } 191 192 release_sock(&rx->sk); 193 _leave(" = 0"); 194 return 0; 195 196 service_in_use: 197 write_unlock(&local->services_lock); 198 rxrpc_unuse_local(local, rxrpc_local_unuse_bind); 199 rxrpc_put_local(local, rxrpc_local_put_bind); 200 ret = -EADDRINUSE; 201 error_unlock: 202 release_sock(&rx->sk); 203 error: 204 _leave(" = %d", ret); 205 return ret; 206 } 207 208 /* 209 * set the number of pending calls permitted on a listening socket 210 */ 211 static int rxrpc_listen(struct socket *sock, int backlog) 212 { 213 struct sock *sk = sock->sk; 214 struct rxrpc_sock *rx = rxrpc_sk(sk); 215 unsigned int max, old; 216 int ret; 217 218 _enter("%p,%d", rx, backlog); 219 220 lock_sock(&rx->sk); 221 222 switch (rx->sk.sk_state) { 223 case RXRPC_UNBOUND: 224 ret = -EADDRNOTAVAIL; 225 break; 226 case RXRPC_SERVER_BOUND: 227 case RXRPC_SERVER_BOUND2: 228 ASSERT(rx->local != NULL); 229 max = READ_ONCE(rxrpc_max_backlog); 230 ret = -EINVAL; 231 if (backlog == INT_MAX) 232 backlog = max; 233 else if (backlog < 0 || backlog > max) 234 break; 235 old = sk->sk_max_ack_backlog; 236 sk->sk_max_ack_backlog = backlog; 237 ret = rxrpc_service_prealloc(rx, GFP_KERNEL); 238 if (ret == 0) 239 rx->sk.sk_state = RXRPC_SERVER_LISTENING; 240 else 241 sk->sk_max_ack_backlog = old; 242 break; 243 case RXRPC_SERVER_LISTENING: 244 if (backlog == 0) { 245 rx->sk.sk_state = RXRPC_SERVER_LISTEN_DISABLED; 246 sk->sk_max_ack_backlog = 0; 247 rxrpc_discard_prealloc(rx); 248 ret = 0; 249 break; 250 } 251 fallthrough; 252 default: 253 ret = -EBUSY; 254 break; 255 } 256 257 release_sock(&rx->sk); 258 _leave(" = %d", ret); 259 return ret; 260 } 261 262 /** 263 * rxrpc_kernel_lookup_peer - Obtain remote transport endpoint for an address 264 * @sock: The socket through which it will be accessed 265 * @srx: The network address 266 * @gfp: Allocation flags 267 * 268 * Lookup or create a remote transport endpoint record for the specified 269 * address. 270 * 271 * Return: The peer record found with a reference or a negative error code if 272 * the address is invalid or unsupported. 273 */ 274 struct rxrpc_peer *rxrpc_kernel_lookup_peer(struct socket *sock, 275 struct sockaddr_rxrpc *srx, gfp_t gfp) 276 { 277 struct rxrpc_peer *peer; 278 struct rxrpc_sock *rx = rxrpc_sk(sock->sk); 279 int ret; 280 281 ret = rxrpc_validate_address(rx, srx, sizeof(*srx)); 282 if (ret < 0) 283 return ERR_PTR(ret); 284 285 peer = rxrpc_lookup_peer(rx->local, srx, gfp); 286 return peer ?: ERR_PTR(-ENOMEM); 287 } 288 EXPORT_SYMBOL(rxrpc_kernel_lookup_peer); 289 290 /** 291 * rxrpc_kernel_get_peer - Get a reference on a peer 292 * @peer: The peer to get a reference on (may be NULL). 293 * 294 * Get a reference for a remote peer record (if not NULL). 295 * 296 * Return: The @peer argument. 297 */ 298 struct rxrpc_peer *rxrpc_kernel_get_peer(struct rxrpc_peer *peer) 299 { 300 return peer ? rxrpc_get_peer(peer, rxrpc_peer_get_application) : NULL; 301 } 302 EXPORT_SYMBOL(rxrpc_kernel_get_peer); 303 304 /** 305 * rxrpc_kernel_put_peer - Allow a kernel app to drop a peer reference 306 * @peer: The peer to drop a ref on 307 * 308 * Drop a reference on a peer record. 309 */ 310 void rxrpc_kernel_put_peer(struct rxrpc_peer *peer) 311 { 312 rxrpc_put_peer(peer, rxrpc_peer_put_application); 313 } 314 EXPORT_SYMBOL(rxrpc_kernel_put_peer); 315 316 /** 317 * rxrpc_kernel_begin_call - Allow a kernel service to begin a call 318 * @sock: The socket on which to make the call 319 * @peer: The peer to contact 320 * @key: The security context to use (defaults to socket setting) 321 * @user_call_ID: The ID to use 322 * @tx_total_len: Total length of data to transmit during the call (or -1) 323 * @hard_timeout: The maximum lifespan of the call in sec 324 * @gfp: The allocation constraints 325 * @notify_rx: Where to send notifications instead of socket queue 326 * @service_id: The ID of the service to contact 327 * @upgrade: Request service upgrade for call 328 * @interruptibility: The call is interruptible, or can be canceled. 329 * @debug_id: The debug ID for tracing to be assigned to the call 330 * 331 * Allow a kernel service to begin a call on the nominated socket. This just 332 * sets up all the internal tracking structures and allocates connection and 333 * call IDs as appropriate. 334 * 335 * The default socket destination address and security may be overridden by 336 * supplying @srx and @key. 337 * 338 * Return: The new call or an error code. 339 */ 340 struct rxrpc_call *rxrpc_kernel_begin_call(struct socket *sock, 341 struct rxrpc_peer *peer, 342 struct key *key, 343 unsigned long user_call_ID, 344 s64 tx_total_len, 345 u32 hard_timeout, 346 gfp_t gfp, 347 rxrpc_notify_rx_t notify_rx, 348 u16 service_id, 349 bool upgrade, 350 enum rxrpc_interruptibility interruptibility, 351 unsigned int debug_id) 352 { 353 struct rxrpc_conn_parameters cp; 354 struct rxrpc_call_params p; 355 struct rxrpc_call *call; 356 struct rxrpc_sock *rx = rxrpc_sk(sock->sk); 357 358 _enter(",,%x,%lx", key_serial(key), user_call_ID); 359 360 if (WARN_ON_ONCE(peer->local != rx->local)) 361 return ERR_PTR(-EIO); 362 363 lock_sock(&rx->sk); 364 365 if (!key) 366 key = rx->key; 367 if (key && !key->payload.data[0]) 368 key = NULL; /* a no-security key */ 369 370 memset(&p, 0, sizeof(p)); 371 p.user_call_ID = user_call_ID; 372 p.tx_total_len = tx_total_len; 373 p.interruptibility = interruptibility; 374 p.kernel = true; 375 p.timeouts.hard = hard_timeout; 376 377 memset(&cp, 0, sizeof(cp)); 378 cp.local = rx->local; 379 cp.peer = peer; 380 cp.key = key; 381 cp.security_level = rx->min_sec_level; 382 cp.exclusive = false; 383 cp.upgrade = upgrade; 384 cp.service_id = service_id; 385 call = rxrpc_new_client_call(rx, &cp, &p, gfp, debug_id); 386 /* The socket has been unlocked. */ 387 if (!IS_ERR(call)) { 388 call->notify_rx = notify_rx; 389 mutex_unlock(&call->user_mutex); 390 } 391 392 _leave(" = %p", call); 393 return call; 394 } 395 EXPORT_SYMBOL(rxrpc_kernel_begin_call); 396 397 /* 398 * Dummy function used to stop the notifier talking to recvmsg(). 399 */ 400 static void rxrpc_dummy_notify_rx(struct sock *sk, struct rxrpc_call *rxcall, 401 unsigned long call_user_ID) 402 { 403 } 404 405 /** 406 * rxrpc_kernel_shutdown_call - Allow a kernel service to shut down a call it was using 407 * @sock: The socket the call is on 408 * @call: The call to end 409 * 410 * Allow a kernel service to shut down a call it was using. The call must be 411 * complete before this is called (the call should be aborted if necessary). 412 */ 413 void rxrpc_kernel_shutdown_call(struct socket *sock, struct rxrpc_call *call) 414 { 415 _enter("%d{%d}", call->debug_id, refcount_read(&call->ref)); 416 417 mutex_lock(&call->user_mutex); 418 if (!test_bit(RXRPC_CALL_RELEASED, &call->flags)) { 419 rxrpc_release_call(rxrpc_sk(sock->sk), call); 420 421 /* Make sure we're not going to call back into a kernel service */ 422 if (call->notify_rx) { 423 spin_lock_irq(&call->notify_lock); 424 call->notify_rx = rxrpc_dummy_notify_rx; 425 spin_unlock_irq(&call->notify_lock); 426 } 427 } 428 mutex_unlock(&call->user_mutex); 429 } 430 EXPORT_SYMBOL(rxrpc_kernel_shutdown_call); 431 432 /** 433 * rxrpc_kernel_put_call - Release a reference to a call 434 * @sock: The socket the call is on 435 * @call: The call to put 436 * 437 * Drop the application's ref on an rxrpc call. 438 */ 439 void rxrpc_kernel_put_call(struct socket *sock, struct rxrpc_call *call) 440 { 441 rxrpc_put_call(call, rxrpc_call_put_kernel); 442 } 443 EXPORT_SYMBOL(rxrpc_kernel_put_call); 444 445 /** 446 * rxrpc_kernel_check_life - Check to see whether a call is still alive 447 * @sock: The socket the call is on 448 * @call: The call to check 449 * 450 * Allow a kernel service to find out whether a call is still alive - whether 451 * it has completed successfully and all received data has been consumed. 452 * 453 * Return: %true if the call is still ongoing and %false if it has completed. 454 */ 455 bool rxrpc_kernel_check_life(const struct socket *sock, 456 const struct rxrpc_call *call) 457 { 458 if (!rxrpc_call_is_complete(call)) 459 return true; 460 if (call->completion != RXRPC_CALL_SUCCEEDED) 461 return false; 462 return !skb_queue_empty(&call->recvmsg_queue); 463 } 464 EXPORT_SYMBOL(rxrpc_kernel_check_life); 465 466 /** 467 * rxrpc_kernel_set_notifications - Set table of callback operations 468 * @sock: The socket to install table upon 469 * @app_ops: Callback operation table to set 470 * 471 * Allow a kernel service to set a table of event notifications on a socket. 472 */ 473 void rxrpc_kernel_set_notifications(struct socket *sock, 474 const struct rxrpc_kernel_ops *app_ops) 475 { 476 struct rxrpc_sock *rx = rxrpc_sk(sock->sk); 477 478 rx->app_ops = app_ops; 479 } 480 EXPORT_SYMBOL(rxrpc_kernel_set_notifications); 481 482 /* 483 * connect an RxRPC socket 484 * - this just targets it at a specific destination; no actual connection 485 * negotiation takes place 486 */ 487 static int rxrpc_connect(struct socket *sock, struct sockaddr_unsized *addr, 488 int addr_len, int flags) 489 { 490 struct sockaddr_rxrpc *srx = (struct sockaddr_rxrpc *)addr; 491 struct rxrpc_sock *rx = rxrpc_sk(sock->sk); 492 int ret; 493 494 _enter("%p,%p,%d,%d", rx, addr, addr_len, flags); 495 496 ret = rxrpc_validate_address(rx, srx, addr_len); 497 if (ret < 0) { 498 _leave(" = %d [bad addr]", ret); 499 return ret; 500 } 501 502 lock_sock(&rx->sk); 503 504 ret = -EISCONN; 505 if (test_bit(RXRPC_SOCK_CONNECTED, &rx->flags)) 506 goto error; 507 508 switch (rx->sk.sk_state) { 509 case RXRPC_UNBOUND: 510 rx->sk.sk_state = RXRPC_CLIENT_UNBOUND; 511 break; 512 case RXRPC_CLIENT_UNBOUND: 513 case RXRPC_CLIENT_BOUND: 514 break; 515 default: 516 ret = -EBUSY; 517 goto error; 518 } 519 520 rx->connect_srx = *srx; 521 set_bit(RXRPC_SOCK_CONNECTED, &rx->flags); 522 ret = 0; 523 524 error: 525 release_sock(&rx->sk); 526 return ret; 527 } 528 529 /* 530 * send a message through an RxRPC socket 531 * - in a client this does a number of things: 532 * - finds/sets up a connection for the security specified (if any) 533 * - initiates a call (ID in control data) 534 * - ends the request phase of a call (if MSG_MORE is not set) 535 * - sends a call data packet 536 * - may send an abort (abort code in control data) 537 */ 538 static int rxrpc_sendmsg(struct socket *sock, struct msghdr *m, size_t len) 539 { 540 struct rxrpc_local *local; 541 struct rxrpc_sock *rx = rxrpc_sk(sock->sk); 542 int ret; 543 544 _enter(",{%d},,%zu", rx->sk.sk_state, len); 545 546 if (m->msg_flags & MSG_OOB) 547 return -EOPNOTSUPP; 548 549 if (m->msg_name) { 550 ret = rxrpc_validate_address(rx, m->msg_name, m->msg_namelen); 551 if (ret < 0) { 552 _leave(" = %d [bad addr]", ret); 553 return ret; 554 } 555 } 556 557 lock_sock(&rx->sk); 558 559 switch (rx->sk.sk_state) { 560 case RXRPC_UNBOUND: 561 case RXRPC_CLIENT_UNBOUND: 562 rx->srx.srx_family = AF_RXRPC; 563 rx->srx.srx_service = 0; 564 rx->srx.transport_type = SOCK_DGRAM; 565 rx->srx.transport.family = rx->family; 566 switch (rx->family) { 567 case AF_INET: 568 rx->srx.transport_len = sizeof(struct sockaddr_in); 569 break; 570 #ifdef CONFIG_AF_RXRPC_IPV6 571 case AF_INET6: 572 rx->srx.transport_len = sizeof(struct sockaddr_in6); 573 break; 574 #endif 575 default: 576 ret = -EAFNOSUPPORT; 577 goto error_unlock; 578 } 579 local = rxrpc_lookup_local(sock_net(sock->sk), &rx->srx); 580 if (IS_ERR(local)) { 581 ret = PTR_ERR(local); 582 goto error_unlock; 583 } 584 585 rx->local = local; 586 rx->sk.sk_state = RXRPC_CLIENT_BOUND; 587 fallthrough; 588 589 case RXRPC_CLIENT_BOUND: 590 if (!m->msg_name && 591 test_bit(RXRPC_SOCK_CONNECTED, &rx->flags)) { 592 m->msg_name = &rx->connect_srx; 593 m->msg_namelen = sizeof(rx->connect_srx); 594 } 595 fallthrough; 596 case RXRPC_SERVER_BOUND: 597 case RXRPC_SERVER_LISTENING: 598 if (m->msg_flags & MSG_OOB) 599 ret = rxrpc_sendmsg_oob(rx, m, len); 600 else 601 ret = rxrpc_do_sendmsg(rx, m, len); 602 /* The socket has been unlocked */ 603 goto out; 604 default: 605 ret = -EINVAL; 606 goto error_unlock; 607 } 608 609 error_unlock: 610 release_sock(&rx->sk); 611 out: 612 _leave(" = %d", ret); 613 return ret; 614 } 615 616 int rxrpc_sock_set_min_security_level(struct sock *sk, unsigned int val) 617 { 618 if (sk->sk_state != RXRPC_UNBOUND) 619 return -EISCONN; 620 if (val > RXRPC_SECURITY_MAX) 621 return -EINVAL; 622 lock_sock(sk); 623 rxrpc_sk(sk)->min_sec_level = val; 624 release_sock(sk); 625 return 0; 626 } 627 EXPORT_SYMBOL(rxrpc_sock_set_min_security_level); 628 629 /* 630 * set RxRPC socket options 631 */ 632 static int rxrpc_setsockopt(struct socket *sock, int level, int optname, 633 sockptr_t optval, unsigned int optlen) 634 { 635 struct rxrpc_sock *rx = rxrpc_sk(sock->sk); 636 unsigned int min_sec_level, val; 637 u16 service_upgrade[2]; 638 int ret; 639 640 _enter(",%d,%d,,%d", level, optname, optlen); 641 642 lock_sock(&rx->sk); 643 ret = -EOPNOTSUPP; 644 645 if (level == SOL_RXRPC) { 646 switch (optname) { 647 case RXRPC_EXCLUSIVE_CONNECTION: 648 ret = -EINVAL; 649 if (optlen != 0) 650 goto error; 651 ret = -EISCONN; 652 if (rx->sk.sk_state != RXRPC_UNBOUND) 653 goto error; 654 rx->exclusive = true; 655 goto success; 656 657 case RXRPC_SECURITY_KEY: 658 ret = -EISCONN; 659 if (rx->sk.sk_state != RXRPC_UNBOUND) 660 goto error; 661 ret = rxrpc_request_key(rx, optval, optlen); 662 goto error; 663 664 case RXRPC_SECURITY_KEYRING: 665 ret = -EISCONN; 666 if (rx->sk.sk_state != RXRPC_UNBOUND) 667 goto error; 668 ret = rxrpc_server_keyring(rx, optval, optlen); 669 goto error; 670 671 case RXRPC_MIN_SECURITY_LEVEL: 672 ret = -EINVAL; 673 if (optlen != sizeof(unsigned int)) 674 goto error; 675 ret = -EISCONN; 676 if (rx->sk.sk_state != RXRPC_UNBOUND) 677 goto error; 678 ret = copy_safe_from_sockptr(&min_sec_level, 679 sizeof(min_sec_level), 680 optval, optlen); 681 if (ret) 682 goto error; 683 ret = -EINVAL; 684 if (min_sec_level > RXRPC_SECURITY_MAX) 685 goto error; 686 rx->min_sec_level = min_sec_level; 687 goto success; 688 689 case RXRPC_UPGRADEABLE_SERVICE: 690 ret = -EINVAL; 691 if (optlen != sizeof(service_upgrade) || 692 rx->service_upgrade.from != 0) 693 goto error; 694 ret = -EISCONN; 695 if (rx->sk.sk_state != RXRPC_SERVER_BOUND2) 696 goto error; 697 ret = -EFAULT; 698 if (copy_from_sockptr(service_upgrade, optval, 699 sizeof(service_upgrade)) != 0) 700 goto error; 701 ret = -EINVAL; 702 if ((service_upgrade[0] != rx->srx.srx_service || 703 service_upgrade[1] != rx->second_service) && 704 (service_upgrade[0] != rx->second_service || 705 service_upgrade[1] != rx->srx.srx_service)) 706 goto error; 707 rx->service_upgrade.from = service_upgrade[0]; 708 rx->service_upgrade.to = service_upgrade[1]; 709 goto success; 710 711 case RXRPC_MANAGE_RESPONSE: 712 ret = -EINVAL; 713 if (optlen != sizeof(unsigned int)) 714 goto error; 715 ret = -EISCONN; 716 if (rx->sk.sk_state != RXRPC_UNBOUND) 717 goto error; 718 ret = copy_safe_from_sockptr(&val, sizeof(val), 719 optval, optlen); 720 if (ret) 721 goto error; 722 ret = -EINVAL; 723 if (val > 1) 724 goto error; 725 if (val) 726 set_bit(RXRPC_SOCK_MANAGE_RESPONSE, &rx->flags); 727 else 728 clear_bit(RXRPC_SOCK_MANAGE_RESPONSE, &rx->flags); 729 goto success; 730 731 default: 732 break; 733 } 734 } 735 736 success: 737 ret = 0; 738 error: 739 release_sock(&rx->sk); 740 return ret; 741 } 742 743 /* 744 * Get socket options. 745 */ 746 static int rxrpc_getsockopt(struct socket *sock, int level, int optname, 747 sockopt_t *opt) 748 { 749 int optlen, val; 750 751 if (level != SOL_RXRPC) 752 return -EOPNOTSUPP; 753 754 optlen = opt->optlen; 755 756 switch (optname) { 757 case RXRPC_SUPPORTED_CMSG: 758 if (optlen < sizeof(int)) 759 return -ETOOSMALL; 760 val = RXRPC__SUPPORTED - 1; 761 if (copy_to_iter(&val, sizeof(val), &opt->iter_out) != 762 sizeof(val)) 763 return -EFAULT; 764 opt->optlen = sizeof(val); 765 return 0; 766 767 default: 768 return -EOPNOTSUPP; 769 } 770 } 771 772 /* 773 * permit an RxRPC socket to be polled 774 */ 775 static __poll_t rxrpc_poll(struct file *file, struct socket *sock, 776 poll_table *wait) 777 { 778 struct sock *sk = sock->sk; 779 struct rxrpc_sock *rx = rxrpc_sk(sk); 780 __poll_t mask; 781 782 sock_poll_wait(file, sock, wait); 783 mask = 0; 784 785 /* the socket is readable if there are any messages waiting on the Rx 786 * queue */ 787 if (!list_empty(&rx->recvmsg_q)) 788 mask |= EPOLLIN | EPOLLRDNORM; 789 790 /* the socket is writable if there is space to add new data to the 791 * socket; there is no guarantee that any particular call in progress 792 * on the socket may have space in the Tx ACK window */ 793 if (rxrpc_writable(sk)) 794 mask |= EPOLLOUT | EPOLLWRNORM; 795 796 return mask; 797 } 798 799 /* 800 * create an RxRPC socket 801 */ 802 static int rxrpc_create(struct net *net, struct socket *sock, int protocol, 803 int kern) 804 { 805 struct rxrpc_net *rxnet; 806 struct rxrpc_sock *rx; 807 struct sock *sk; 808 809 _enter("%p,%d", sock, protocol); 810 811 /* we support transport protocol UDP/UDP6 only */ 812 if (protocol != PF_INET && 813 IS_ENABLED(CONFIG_AF_RXRPC_IPV6) && protocol != PF_INET6) 814 return -EPROTONOSUPPORT; 815 816 if (sock->type != SOCK_DGRAM) 817 return -ESOCKTNOSUPPORT; 818 819 sock->ops = &rxrpc_rpc_ops; 820 sock->state = SS_UNCONNECTED; 821 822 sk = sk_alloc(net, PF_RXRPC, GFP_KERNEL, &rxrpc_proto, kern); 823 if (!sk) 824 return -ENOMEM; 825 826 sock_init_data(sock, sk); 827 sock_set_flag(sk, SOCK_RCU_FREE); 828 sk->sk_state = RXRPC_UNBOUND; 829 sk->sk_write_space = rxrpc_write_space; 830 sk->sk_max_ack_backlog = 0; 831 sk->sk_destruct = rxrpc_sock_destructor; 832 833 rx = rxrpc_sk(sk); 834 rx->family = protocol; 835 rx->calls = RB_ROOT; 836 837 spin_lock_init(&rx->incoming_lock); 838 skb_queue_head_init(&rx->recvmsg_oobq); 839 rx->pending_oobq = RB_ROOT; 840 INIT_LIST_HEAD(&rx->sock_calls); 841 INIT_LIST_HEAD(&rx->to_be_accepted); 842 INIT_LIST_HEAD(&rx->recvmsg_q); 843 spin_lock_init(&rx->recvmsg_lock); 844 rwlock_init(&rx->call_lock); 845 memset(&rx->srx, 0, sizeof(rx->srx)); 846 847 rxnet = rxrpc_net(sock_net(&rx->sk)); 848 timer_reduce(&rxnet->peer_keepalive_timer, jiffies + 1); 849 850 _leave(" = 0 [%p]", rx); 851 return 0; 852 } 853 854 /* 855 * Kill all the calls on a socket and shut it down. 856 */ 857 static int rxrpc_shutdown(struct socket *sock, int flags) 858 { 859 struct sock *sk = sock->sk; 860 struct rxrpc_sock *rx = rxrpc_sk(sk); 861 int ret = 0; 862 863 _enter("%p,%d", sk, flags); 864 865 if (flags != SHUT_RDWR) 866 return -EOPNOTSUPP; 867 if (sk->sk_state == RXRPC_CLOSE) 868 return -ESHUTDOWN; 869 870 lock_sock(sk); 871 872 if (sk->sk_state < RXRPC_CLOSE) { 873 spin_lock_irq(&rx->recvmsg_lock); 874 sk->sk_state = RXRPC_CLOSE; 875 sk->sk_shutdown = SHUTDOWN_MASK; 876 spin_unlock_irq(&rx->recvmsg_lock); 877 } else { 878 ret = -ESHUTDOWN; 879 } 880 881 rxrpc_discard_prealloc(rx); 882 883 release_sock(sk); 884 return ret; 885 } 886 887 /* 888 * Purge the out-of-band queue. 889 */ 890 static void rxrpc_purge_oob_queue(struct sock *sk) 891 { 892 struct rxrpc_sock *rx = rxrpc_sk(sk); 893 struct sk_buff *skb; 894 895 while ((skb = skb_dequeue(&rx->recvmsg_oobq))) 896 rxrpc_kernel_free_oob(skb); 897 while (!RB_EMPTY_ROOT(&rx->pending_oobq)) { 898 skb = rb_entry(rx->pending_oobq.rb_node, struct sk_buff, rbnode); 899 rb_erase(&skb->rbnode, &rx->pending_oobq); 900 rxrpc_kernel_free_oob(skb); 901 } 902 } 903 904 /* 905 * RxRPC socket destructor 906 */ 907 static void rxrpc_sock_destructor(struct sock *sk) 908 { 909 _enter("%p", sk); 910 911 rxrpc_purge_oob_queue(sk); 912 rxrpc_purge_queue(&sk->sk_receive_queue); 913 914 WARN_ON(refcount_read(&sk->sk_wmem_alloc)); 915 WARN_ON(!sk_unhashed(sk)); 916 WARN_ON(sk->sk_socket); 917 918 if (!sock_flag(sk, SOCK_DEAD)) { 919 printk("Attempt to release alive rxrpc socket: %p\n", sk); 920 return; 921 } 922 } 923 924 /* 925 * release an RxRPC socket 926 */ 927 static int rxrpc_release_sock(struct sock *sk) 928 { 929 struct rxrpc_sock *rx = rxrpc_sk(sk); 930 931 _enter("%p{%d,%d}", sk, sk->sk_state, refcount_read(&sk->sk_refcnt)); 932 933 /* declare the socket closed for business */ 934 sock_orphan(sk); 935 sk->sk_shutdown = SHUTDOWN_MASK; 936 937 /* We want to kill off all connections from a service socket 938 * as fast as possible because we can't share these; client 939 * sockets, on the other hand, can share an endpoint. 940 */ 941 switch (sk->sk_state) { 942 case RXRPC_SERVER_BOUND: 943 case RXRPC_SERVER_BOUND2: 944 case RXRPC_SERVER_LISTENING: 945 case RXRPC_SERVER_LISTEN_DISABLED: 946 rx->local->service_closed = true; 947 break; 948 } 949 950 spin_lock_irq(&rx->recvmsg_lock); 951 sk->sk_state = RXRPC_CLOSE; 952 spin_unlock_irq(&rx->recvmsg_lock); 953 954 if (rx->local && rx->local->service == rx) { 955 write_lock(&rx->local->services_lock); 956 rx->local->service = NULL; 957 write_unlock(&rx->local->services_lock); 958 } 959 960 /* try to flush out this socket */ 961 rxrpc_discard_prealloc(rx); 962 rxrpc_release_calls_on_socket(rx); 963 flush_workqueue(rxrpc_workqueue); 964 rxrpc_purge_oob_queue(sk); 965 rxrpc_purge_queue(&sk->sk_receive_queue); 966 967 rxrpc_unuse_local(rx->local, rxrpc_local_unuse_release_sock); 968 rxrpc_put_local(rx->local, rxrpc_local_put_release_sock); 969 rx->local = NULL; 970 key_put(rx->key); 971 rx->key = NULL; 972 key_put(rx->securities); 973 rx->securities = NULL; 974 sock_put(sk); 975 976 _leave(" = 0"); 977 return 0; 978 } 979 980 /* 981 * release an RxRPC BSD socket on close() or equivalent 982 */ 983 static int rxrpc_release(struct socket *sock) 984 { 985 struct sock *sk = sock->sk; 986 987 _enter("%p{%p}", sock, sk); 988 989 if (!sk) 990 return 0; 991 992 sock->sk = NULL; 993 994 return rxrpc_release_sock(sk); 995 } 996 997 /* 998 * RxRPC network protocol 999 */ 1000 static const struct proto_ops rxrpc_rpc_ops = { 1001 .family = PF_RXRPC, 1002 .owner = THIS_MODULE, 1003 .release = rxrpc_release, 1004 .bind = rxrpc_bind, 1005 .connect = rxrpc_connect, 1006 .socketpair = sock_no_socketpair, 1007 .accept = sock_no_accept, 1008 .getname = sock_no_getname, 1009 .poll = rxrpc_poll, 1010 .ioctl = sock_no_ioctl, 1011 .listen = rxrpc_listen, 1012 .shutdown = rxrpc_shutdown, 1013 .setsockopt = rxrpc_setsockopt, 1014 .getsockopt_iter = rxrpc_getsockopt, 1015 .sendmsg = rxrpc_sendmsg, 1016 .recvmsg = rxrpc_recvmsg, 1017 .mmap = sock_no_mmap, 1018 }; 1019 1020 static struct proto rxrpc_proto = { 1021 .name = "RXRPC", 1022 .owner = THIS_MODULE, 1023 .obj_size = sizeof(struct rxrpc_sock), 1024 .max_header = sizeof(struct rxrpc_wire_header), 1025 }; 1026 1027 static const struct net_proto_family rxrpc_family_ops = { 1028 .family = PF_RXRPC, 1029 .create = rxrpc_create, 1030 .owner = THIS_MODULE, 1031 }; 1032 1033 /* 1034 * initialise and register the RxRPC protocol 1035 */ 1036 static int __init af_rxrpc_init(void) 1037 { 1038 int ret = -1; 1039 1040 BUILD_BUG_ON(sizeof(struct rxrpc_skb_priv) > sizeof_field(struct sk_buff, cb)); 1041 1042 ret = -ENOMEM; 1043 rxrpc_gen_version_string(); 1044 rxrpc_call_jar = kmem_cache_create( 1045 "rxrpc_call_jar", sizeof(struct rxrpc_call), 0, 1046 SLAB_HWCACHE_ALIGN, NULL); 1047 if (!rxrpc_call_jar) { 1048 pr_notice("Failed to allocate call jar\n"); 1049 goto error_call_jar; 1050 } 1051 1052 rxrpc_workqueue = alloc_ordered_workqueue("krxrpcd", WQ_HIGHPRI | WQ_MEM_RECLAIM); 1053 if (!rxrpc_workqueue) { 1054 pr_notice("Failed to allocate work queue\n"); 1055 goto error_work_queue; 1056 } 1057 1058 ret = rxrpc_init_security(); 1059 if (ret < 0) { 1060 pr_crit("Cannot initialise security\n"); 1061 goto error_security; 1062 } 1063 1064 ret = register_pernet_device(&rxrpc_net_ops); 1065 if (ret) 1066 goto error_pernet; 1067 1068 ret = proto_register(&rxrpc_proto, 1); 1069 if (ret < 0) { 1070 pr_crit("Cannot register protocol\n"); 1071 goto error_proto; 1072 } 1073 1074 ret = sock_register(&rxrpc_family_ops); 1075 if (ret < 0) { 1076 pr_crit("Cannot register socket family\n"); 1077 goto error_sock; 1078 } 1079 1080 ret = register_key_type(&key_type_rxrpc); 1081 if (ret < 0) { 1082 pr_crit("Cannot register client key type\n"); 1083 goto error_key_type; 1084 } 1085 1086 ret = register_key_type(&key_type_rxrpc_s); 1087 if (ret < 0) { 1088 pr_crit("Cannot register server key type\n"); 1089 goto error_key_type_s; 1090 } 1091 1092 ret = rxrpc_sysctl_init(); 1093 if (ret < 0) { 1094 pr_crit("Cannot register sysctls\n"); 1095 goto error_sysctls; 1096 } 1097 1098 return 0; 1099 1100 error_sysctls: 1101 unregister_key_type(&key_type_rxrpc_s); 1102 error_key_type_s: 1103 unregister_key_type(&key_type_rxrpc); 1104 error_key_type: 1105 sock_unregister(PF_RXRPC); 1106 error_sock: 1107 proto_unregister(&rxrpc_proto); 1108 error_proto: 1109 unregister_pernet_device(&rxrpc_net_ops); 1110 error_pernet: 1111 rxrpc_exit_security(); 1112 error_security: 1113 destroy_workqueue(rxrpc_workqueue); 1114 error_work_queue: 1115 kmem_cache_destroy(rxrpc_call_jar); 1116 error_call_jar: 1117 return ret; 1118 } 1119 1120 /* 1121 * unregister the RxRPC protocol 1122 */ 1123 static void __exit af_rxrpc_exit(void) 1124 { 1125 _enter(""); 1126 rxrpc_sysctl_exit(); 1127 unregister_key_type(&key_type_rxrpc_s); 1128 unregister_key_type(&key_type_rxrpc); 1129 sock_unregister(PF_RXRPC); 1130 proto_unregister(&rxrpc_proto); 1131 unregister_pernet_device(&rxrpc_net_ops); 1132 ASSERTCMP(atomic_read(&rxrpc_n_rx_skbs), ==, 0); 1133 1134 /* Make sure the local and peer records pinned by any dying connections 1135 * are released. 1136 */ 1137 rcu_barrier(); 1138 1139 destroy_workqueue(rxrpc_workqueue); 1140 rxrpc_exit_security(); 1141 kmem_cache_destroy(rxrpc_call_jar); 1142 _leave(""); 1143 } 1144 1145 module_init(af_rxrpc_init); 1146 module_exit(af_rxrpc_exit); 1147