1 /* Local endpoint object management 2 * 3 * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public Licence 8 * as published by the Free Software Foundation; either version 9 * 2 of the Licence, or (at your option) any later version. 10 */ 11 12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13 14 #include <linux/module.h> 15 #include <linux/net.h> 16 #include <linux/skbuff.h> 17 #include <linux/slab.h> 18 #include <linux/udp.h> 19 #include <linux/ip.h> 20 #include <linux/hashtable.h> 21 #include <net/sock.h> 22 #include <net/af_rxrpc.h> 23 #include "ar-internal.h" 24 25 static void rxrpc_local_processor(struct work_struct *); 26 static void rxrpc_local_rcu(struct rcu_head *); 27 28 /* 29 * Compare a local to an address. Return -ve, 0 or +ve to indicate less than, 30 * same or greater than. 31 * 32 * We explicitly don't compare the RxRPC service ID as we want to reject 33 * conflicting uses by differing services. Further, we don't want to share 34 * addresses with different options (IPv6), so we don't compare those bits 35 * either. 36 */ 37 static long rxrpc_local_cmp_key(const struct rxrpc_local *local, 38 const struct sockaddr_rxrpc *srx) 39 { 40 long diff; 41 42 diff = ((local->srx.transport_type - srx->transport_type) ?: 43 (local->srx.transport_len - srx->transport_len) ?: 44 (local->srx.transport.family - srx->transport.family)); 45 if (diff != 0) 46 return diff; 47 48 switch (srx->transport.family) { 49 case AF_INET: 50 /* If the choice of UDP port is left up to the transport, then 51 * the endpoint record doesn't match. 52 */ 53 return ((u16 __force)local->srx.transport.sin.sin_port - 54 (u16 __force)srx->transport.sin.sin_port) ?: 55 memcmp(&local->srx.transport.sin.sin_addr, 56 &srx->transport.sin.sin_addr, 57 sizeof(struct in_addr)); 58 #ifdef CONFIG_AF_RXRPC_IPV6 59 case AF_INET6: 60 /* If the choice of UDP6 port is left up to the transport, then 61 * the endpoint record doesn't match. 62 */ 63 return ((u16 __force)local->srx.transport.sin6.sin6_port - 64 (u16 __force)srx->transport.sin6.sin6_port) ?: 65 memcmp(&local->srx.transport.sin6.sin6_addr, 66 &srx->transport.sin6.sin6_addr, 67 sizeof(struct in6_addr)); 68 #endif 69 default: 70 BUG(); 71 } 72 } 73 74 /* 75 * Allocate a new local endpoint. 76 */ 77 static struct rxrpc_local *rxrpc_alloc_local(struct rxrpc_net *rxnet, 78 const struct sockaddr_rxrpc *srx) 79 { 80 struct rxrpc_local *local; 81 82 local = kzalloc(sizeof(struct rxrpc_local), GFP_KERNEL); 83 if (local) { 84 atomic_set(&local->usage, 1); 85 local->rxnet = rxnet; 86 INIT_LIST_HEAD(&local->link); 87 INIT_WORK(&local->processor, rxrpc_local_processor); 88 init_rwsem(&local->defrag_sem); 89 skb_queue_head_init(&local->reject_queue); 90 skb_queue_head_init(&local->event_queue); 91 local->client_conns = RB_ROOT; 92 spin_lock_init(&local->client_conns_lock); 93 spin_lock_init(&local->lock); 94 rwlock_init(&local->services_lock); 95 local->debug_id = atomic_inc_return(&rxrpc_debug_id); 96 memcpy(&local->srx, srx, sizeof(*srx)); 97 local->srx.srx_service = 0; 98 } 99 100 _leave(" = %p", local); 101 return local; 102 } 103 104 /* 105 * create the local socket 106 * - must be called with rxrpc_local_mutex locked 107 */ 108 static int rxrpc_open_socket(struct rxrpc_local *local, struct net *net) 109 { 110 struct sock *sock; 111 int ret, opt; 112 113 _enter("%p{%d,%d}", 114 local, local->srx.transport_type, local->srx.transport.family); 115 116 /* create a socket to represent the local endpoint */ 117 ret = sock_create_kern(net, local->srx.transport.family, 118 local->srx.transport_type, 0, &local->socket); 119 if (ret < 0) { 120 _leave(" = %d [socket]", ret); 121 return ret; 122 } 123 124 /* if a local address was supplied then bind it */ 125 if (local->srx.transport_len > sizeof(sa_family_t)) { 126 _debug("bind"); 127 ret = kernel_bind(local->socket, 128 (struct sockaddr *)&local->srx.transport, 129 local->srx.transport_len); 130 if (ret < 0) { 131 _debug("bind failed %d", ret); 132 goto error; 133 } 134 } 135 136 /* we want to receive ICMP errors */ 137 opt = 1; 138 ret = kernel_setsockopt(local->socket, SOL_IP, IP_RECVERR, 139 (char *) &opt, sizeof(opt)); 140 if (ret < 0) { 141 _debug("setsockopt failed"); 142 goto error; 143 } 144 145 /* we want to set the don't fragment bit */ 146 opt = IP_PMTUDISC_DO; 147 ret = kernel_setsockopt(local->socket, SOL_IP, IP_MTU_DISCOVER, 148 (char *) &opt, sizeof(opt)); 149 if (ret < 0) { 150 _debug("setsockopt failed"); 151 goto error; 152 } 153 154 /* set the socket up */ 155 sock = local->socket->sk; 156 sock->sk_user_data = local; 157 sock->sk_data_ready = rxrpc_data_ready; 158 sock->sk_error_report = rxrpc_error_report; 159 _leave(" = 0"); 160 return 0; 161 162 error: 163 kernel_sock_shutdown(local->socket, SHUT_RDWR); 164 local->socket->sk->sk_user_data = NULL; 165 sock_release(local->socket); 166 local->socket = NULL; 167 168 _leave(" = %d", ret); 169 return ret; 170 } 171 172 /* 173 * Look up or create a new local endpoint using the specified local address. 174 */ 175 struct rxrpc_local *rxrpc_lookup_local(struct net *net, 176 const struct sockaddr_rxrpc *srx) 177 { 178 struct rxrpc_local *local; 179 struct rxrpc_net *rxnet = rxrpc_net(net); 180 struct list_head *cursor; 181 const char *age; 182 long diff; 183 int ret; 184 185 _enter("{%d,%d,%pISp}", 186 srx->transport_type, srx->transport.family, &srx->transport); 187 188 mutex_lock(&rxnet->local_mutex); 189 190 for (cursor = rxnet->local_endpoints.next; 191 cursor != &rxnet->local_endpoints; 192 cursor = cursor->next) { 193 local = list_entry(cursor, struct rxrpc_local, link); 194 195 diff = rxrpc_local_cmp_key(local, srx); 196 if (diff < 0) 197 continue; 198 if (diff > 0) 199 break; 200 201 /* Services aren't allowed to share transport sockets, so 202 * reject that here. It is possible that the object is dying - 203 * but it may also still have the local transport address that 204 * we want bound. 205 */ 206 if (srx->srx_service) { 207 local = NULL; 208 goto addr_in_use; 209 } 210 211 /* Found a match. We replace a dying object. Attempting to 212 * bind the transport socket may still fail if we're attempting 213 * to use a local address that the dying object is still using. 214 */ 215 if (!rxrpc_get_local_maybe(local)) { 216 cursor = cursor->next; 217 list_del_init(&local->link); 218 break; 219 } 220 221 age = "old"; 222 goto found; 223 } 224 225 local = rxrpc_alloc_local(rxnet, srx); 226 if (!local) 227 goto nomem; 228 229 ret = rxrpc_open_socket(local, net); 230 if (ret < 0) 231 goto sock_error; 232 233 list_add_tail(&local->link, cursor); 234 age = "new"; 235 236 found: 237 mutex_unlock(&rxnet->local_mutex); 238 239 _net("LOCAL %s %d {%pISp}", 240 age, local->debug_id, &local->srx.transport); 241 242 _leave(" = %p", local); 243 return local; 244 245 nomem: 246 ret = -ENOMEM; 247 sock_error: 248 mutex_unlock(&rxnet->local_mutex); 249 kfree(local); 250 _leave(" = %d", ret); 251 return ERR_PTR(ret); 252 253 addr_in_use: 254 mutex_unlock(&rxnet->local_mutex); 255 _leave(" = -EADDRINUSE"); 256 return ERR_PTR(-EADDRINUSE); 257 } 258 259 /* 260 * A local endpoint reached its end of life. 261 */ 262 void __rxrpc_put_local(struct rxrpc_local *local) 263 { 264 _enter("%d", local->debug_id); 265 rxrpc_queue_work(&local->processor); 266 } 267 268 /* 269 * Destroy a local endpoint's socket and then hand the record to RCU to dispose 270 * of. 271 * 272 * Closing the socket cannot be done from bottom half context or RCU callback 273 * context because it might sleep. 274 */ 275 static void rxrpc_local_destroyer(struct rxrpc_local *local) 276 { 277 struct socket *socket = local->socket; 278 struct rxrpc_net *rxnet = local->rxnet; 279 280 _enter("%d", local->debug_id); 281 282 /* We can get a race between an incoming call packet queueing the 283 * processor again and the work processor starting the destruction 284 * process which will shut down the UDP socket. 285 */ 286 if (local->dead) { 287 _leave(" [already dead]"); 288 return; 289 } 290 local->dead = true; 291 292 mutex_lock(&rxnet->local_mutex); 293 list_del_init(&local->link); 294 mutex_unlock(&rxnet->local_mutex); 295 296 ASSERT(RB_EMPTY_ROOT(&local->client_conns)); 297 ASSERT(!local->service); 298 299 if (socket) { 300 local->socket = NULL; 301 kernel_sock_shutdown(socket, SHUT_RDWR); 302 socket->sk->sk_user_data = NULL; 303 sock_release(socket); 304 } 305 306 /* At this point, there should be no more packets coming in to the 307 * local endpoint. 308 */ 309 rxrpc_purge_queue(&local->reject_queue); 310 rxrpc_purge_queue(&local->event_queue); 311 312 _debug("rcu local %d", local->debug_id); 313 call_rcu(&local->rcu, rxrpc_local_rcu); 314 } 315 316 /* 317 * Process events on an endpoint 318 */ 319 static void rxrpc_local_processor(struct work_struct *work) 320 { 321 struct rxrpc_local *local = 322 container_of(work, struct rxrpc_local, processor); 323 bool again; 324 325 _enter("%d", local->debug_id); 326 327 do { 328 again = false; 329 if (atomic_read(&local->usage) == 0) 330 return rxrpc_local_destroyer(local); 331 332 if (!skb_queue_empty(&local->reject_queue)) { 333 rxrpc_reject_packets(local); 334 again = true; 335 } 336 337 if (!skb_queue_empty(&local->event_queue)) { 338 rxrpc_process_local_events(local); 339 again = true; 340 } 341 } while (again); 342 } 343 344 /* 345 * Destroy a local endpoint after the RCU grace period expires. 346 */ 347 static void rxrpc_local_rcu(struct rcu_head *rcu) 348 { 349 struct rxrpc_local *local = container_of(rcu, struct rxrpc_local, rcu); 350 351 _enter("%d", local->debug_id); 352 353 ASSERT(!work_pending(&local->processor)); 354 355 _net("DESTROY LOCAL %d", local->debug_id); 356 kfree(local); 357 _leave(""); 358 } 359 360 /* 361 * Verify the local endpoint list is empty by this point. 362 */ 363 void rxrpc_destroy_all_locals(struct rxrpc_net *rxnet) 364 { 365 struct rxrpc_local *local; 366 367 _enter(""); 368 369 flush_workqueue(rxrpc_workqueue); 370 371 if (!list_empty(&rxnet->local_endpoints)) { 372 mutex_lock(&rxnet->local_mutex); 373 list_for_each_entry(local, &rxnet->local_endpoints, link) { 374 pr_err("AF_RXRPC: Leaked local %p {%d}\n", 375 local, atomic_read(&local->usage)); 376 } 377 mutex_unlock(&rxnet->local_mutex); 378 BUG(); 379 } 380 } 381