1
2
3
4
5
6
7
8
9
10
11
12#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13
14#include <linux/module.h>
15#include <linux/net.h>
16#include <linux/skbuff.h>
17#include <linux/errqueue.h>
18#include <net/sock.h>
19#include <net/af_rxrpc.h>
20#include <net/ip.h>
21#include "ar-internal.h"
22
23
24
25
26static void rxrpc_conn_retransmit_call(struct rxrpc_connection *conn,
27 struct sk_buff *skb)
28{
29 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
30 struct rxrpc_channel *chan;
31 struct msghdr msg;
32 struct kvec iov;
33 struct {
34 struct rxrpc_wire_header whdr;
35 union {
36 struct {
37 __be32 code;
38 } abort;
39 struct {
40 struct rxrpc_ackpacket ack;
41 u8 padding[3];
42 struct rxrpc_ackinfo info;
43 };
44 };
45 } __attribute__((packed)) pkt;
46 size_t len;
47 u32 serial, mtu, call_id;
48
49 _enter("%d", conn->debug_id);
50
51 chan = &conn->channels[sp->hdr.cid & RXRPC_CHANNELMASK];
52
53
54
55
56 call_id = READ_ONCE(chan->last_call);
57
58 smp_rmb();
59 if (call_id != sp->hdr.callNumber)
60 return;
61
62 msg.msg_name = &conn->params.peer->srx.transport;
63 msg.msg_namelen = conn->params.peer->srx.transport_len;
64 msg.msg_control = NULL;
65 msg.msg_controllen = 0;
66 msg.msg_flags = 0;
67
68 pkt.whdr.epoch = htonl(sp->hdr.epoch);
69 pkt.whdr.cid = htonl(sp->hdr.cid);
70 pkt.whdr.callNumber = htonl(sp->hdr.callNumber);
71 pkt.whdr.seq = 0;
72 pkt.whdr.type = chan->last_type;
73 pkt.whdr.flags = conn->out_clientflag;
74 pkt.whdr.userStatus = 0;
75 pkt.whdr.securityIndex = conn->security_ix;
76 pkt.whdr._rsvd = 0;
77 pkt.whdr.serviceId = htons(conn->service_id);
78
79 len = sizeof(pkt.whdr);
80 switch (chan->last_type) {
81 case RXRPC_PACKET_TYPE_ABORT:
82 pkt.abort.code = htonl(chan->last_abort);
83 len += sizeof(pkt.abort);
84 break;
85
86 case RXRPC_PACKET_TYPE_ACK:
87 mtu = conn->params.peer->if_mtu;
88 mtu -= conn->params.peer->hdrsize;
89 pkt.ack.bufferSpace = 0;
90 pkt.ack.maxSkew = htons(skb->priority);
91 pkt.ack.firstPacket = htonl(chan->last_seq);
92 pkt.ack.previousPacket = htonl(chan->last_seq - 1);
93 pkt.ack.serial = htonl(sp->hdr.serial);
94 pkt.ack.reason = RXRPC_ACK_DUPLICATE;
95 pkt.ack.nAcks = 0;
96 pkt.info.rxMTU = htonl(rxrpc_rx_mtu);
97 pkt.info.maxMTU = htonl(mtu);
98 pkt.info.rwind = htonl(rxrpc_rx_window_size);
99 pkt.info.jumbo_max = htonl(rxrpc_rx_jumbo_max);
100 pkt.whdr.flags |= RXRPC_SLOW_START_OK;
101 len += sizeof(pkt.ack) + sizeof(pkt.info);
102 break;
103 }
104
105
106
107
108 smp_rmb();
109 if (READ_ONCE(chan->last_call) != call_id)
110 return;
111
112 iov.iov_base = &pkt;
113 iov.iov_len = len;
114
115 serial = atomic_inc_return(&conn->serial);
116 pkt.whdr.serial = htonl(serial);
117
118 switch (chan->last_type) {
119 case RXRPC_PACKET_TYPE_ABORT:
120 _proto("Tx ABORT %%%u { %d } [re]", serial, conn->local_abort);
121 break;
122 case RXRPC_PACKET_TYPE_ACK:
123 trace_rxrpc_tx_ack(NULL, serial, chan->last_seq, 0,
124 RXRPC_ACK_DUPLICATE, 0);
125 _proto("Tx ACK %%%u [re]", serial);
126 break;
127 }
128
129 kernel_sendmsg(conn->params.local->socket, &msg, &iov, 1, len);
130 _leave("");
131 return;
132}
133
134
135
136
137static void rxrpc_abort_calls(struct rxrpc_connection *conn,
138 enum rxrpc_call_completion compl,
139 u32 abort_code, int error)
140{
141 struct rxrpc_call *call;
142 int i;
143
144 _enter("{%d},%x", conn->debug_id, abort_code);
145
146 spin_lock(&conn->channel_lock);
147
148 for (i = 0; i < RXRPC_MAXCALLS; i++) {
149 call = rcu_dereference_protected(
150 conn->channels[i].call,
151 lockdep_is_held(&conn->channel_lock));
152 if (call) {
153 if (compl == RXRPC_CALL_LOCALLY_ABORTED)
154 trace_rxrpc_abort("CON", call->cid,
155 call->call_id, 0,
156 abort_code, error);
157 if (rxrpc_set_call_completion(call, compl,
158 abort_code, error))
159 rxrpc_notify_socket(call);
160 }
161 }
162
163 spin_unlock(&conn->channel_lock);
164 _leave("");
165}
166
167
168
169
170static int rxrpc_abort_connection(struct rxrpc_connection *conn,
171 int error, u32 abort_code)
172{
173 struct rxrpc_wire_header whdr;
174 struct msghdr msg;
175 struct kvec iov[2];
176 __be32 word;
177 size_t len;
178 u32 serial;
179 int ret;
180
181 _enter("%d,,%u,%u", conn->debug_id, error, abort_code);
182
183
184 spin_lock_bh(&conn->state_lock);
185 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
186 spin_unlock_bh(&conn->state_lock);
187 _leave(" = 0 [already dead]");
188 return 0;
189 }
190
191 conn->state = RXRPC_CONN_LOCALLY_ABORTED;
192 spin_unlock_bh(&conn->state_lock);
193
194 rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, abort_code, error);
195
196 msg.msg_name = &conn->params.peer->srx.transport;
197 msg.msg_namelen = conn->params.peer->srx.transport_len;
198 msg.msg_control = NULL;
199 msg.msg_controllen = 0;
200 msg.msg_flags = 0;
201
202 whdr.epoch = htonl(conn->proto.epoch);
203 whdr.cid = htonl(conn->proto.cid);
204 whdr.callNumber = 0;
205 whdr.seq = 0;
206 whdr.type = RXRPC_PACKET_TYPE_ABORT;
207 whdr.flags = conn->out_clientflag;
208 whdr.userStatus = 0;
209 whdr.securityIndex = conn->security_ix;
210 whdr._rsvd = 0;
211 whdr.serviceId = htons(conn->service_id);
212
213 word = htonl(conn->local_abort);
214
215 iov[0].iov_base = &whdr;
216 iov[0].iov_len = sizeof(whdr);
217 iov[1].iov_base = &word;
218 iov[1].iov_len = sizeof(word);
219
220 len = iov[0].iov_len + iov[1].iov_len;
221
222 serial = atomic_inc_return(&conn->serial);
223 whdr.serial = htonl(serial);
224 _proto("Tx CONN ABORT %%%u { %d }", serial, conn->local_abort);
225
226 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len);
227 if (ret < 0) {
228 _debug("sendmsg failed: %d", ret);
229 return -EAGAIN;
230 }
231
232 _leave(" = 0");
233 return 0;
234}
235
236
237
238
239
240static void rxrpc_call_is_secure(struct rxrpc_call *call)
241{
242 _enter("%p", call);
243 if (call) {
244 write_lock_bh(&call->state_lock);
245 if (call->state == RXRPC_CALL_SERVER_SECURING) {
246 call->state = RXRPC_CALL_SERVER_ACCEPTING;
247 rxrpc_notify_socket(call);
248 }
249 write_unlock_bh(&call->state_lock);
250 }
251}
252
253
254
255
256static int rxrpc_process_event(struct rxrpc_connection *conn,
257 struct sk_buff *skb,
258 u32 *_abort_code)
259{
260 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
261 __be32 wtmp;
262 u32 abort_code;
263 int loop, ret;
264
265 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
266 _leave(" = -ECONNABORTED [%u]", conn->state);
267 return -ECONNABORTED;
268 }
269
270 _enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial);
271
272 switch (sp->hdr.type) {
273 case RXRPC_PACKET_TYPE_DATA:
274 case RXRPC_PACKET_TYPE_ACK:
275 rxrpc_conn_retransmit_call(conn, skb);
276 return 0;
277
278 case RXRPC_PACKET_TYPE_BUSY:
279
280 return 0;
281
282 case RXRPC_PACKET_TYPE_ABORT:
283 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header),
284 &wtmp, sizeof(wtmp)) < 0) {
285 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial,
286 tracepoint_string("bad_abort"));
287 return -EPROTO;
288 }
289 abort_code = ntohl(wtmp);
290 _proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code);
291
292 conn->state = RXRPC_CONN_REMOTELY_ABORTED;
293 rxrpc_abort_calls(conn, RXRPC_CALL_REMOTELY_ABORTED,
294 abort_code, -ECONNABORTED);
295 return -ECONNABORTED;
296
297 case RXRPC_PACKET_TYPE_CHALLENGE:
298 return conn->security->respond_to_challenge(conn, skb,
299 _abort_code);
300
301 case RXRPC_PACKET_TYPE_RESPONSE:
302 ret = conn->security->verify_response(conn, skb, _abort_code);
303 if (ret < 0)
304 return ret;
305
306 ret = conn->security->init_connection_security(conn);
307 if (ret < 0)
308 return ret;
309
310 ret = conn->security->prime_packet_security(conn);
311 if (ret < 0)
312 return ret;
313
314 spin_lock(&conn->channel_lock);
315 spin_lock(&conn->state_lock);
316
317 if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) {
318 conn->state = RXRPC_CONN_SERVICE;
319 spin_unlock(&conn->state_lock);
320 for (loop = 0; loop < RXRPC_MAXCALLS; loop++)
321 rxrpc_call_is_secure(
322 rcu_dereference_protected(
323 conn->channels[loop].call,
324 lockdep_is_held(&conn->channel_lock)));
325 } else {
326 spin_unlock(&conn->state_lock);
327 }
328
329 spin_unlock(&conn->channel_lock);
330 return 0;
331
332 default:
333 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial,
334 tracepoint_string("bad_conn_pkt"));
335 return -EPROTO;
336 }
337}
338
339
340
341
342static void rxrpc_secure_connection(struct rxrpc_connection *conn)
343{
344 u32 abort_code;
345 int ret;
346
347 _enter("{%d}", conn->debug_id);
348
349 ASSERT(conn->security_ix != 0);
350
351 if (!conn->params.key) {
352 _debug("set up security");
353 ret = rxrpc_init_server_conn_security(conn);
354 switch (ret) {
355 case 0:
356 break;
357 case -ENOENT:
358 abort_code = RX_CALL_DEAD;
359 goto abort;
360 default:
361 abort_code = RXKADNOAUTH;
362 goto abort;
363 }
364 }
365
366 if (conn->security->issue_challenge(conn) < 0) {
367 abort_code = RX_CALL_DEAD;
368 ret = -ENOMEM;
369 goto abort;
370 }
371
372 _leave("");
373 return;
374
375abort:
376 _debug("abort %d, %d", ret, abort_code);
377 rxrpc_abort_connection(conn, ret, abort_code);
378 _leave(" [aborted]");
379}
380
381
382
383
384void rxrpc_process_connection(struct work_struct *work)
385{
386 struct rxrpc_connection *conn =
387 container_of(work, struct rxrpc_connection, processor);
388 struct sk_buff *skb;
389 u32 abort_code = RX_PROTOCOL_ERROR;
390 int ret;
391
392 rxrpc_see_connection(conn);
393
394 if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events))
395 rxrpc_secure_connection(conn);
396
397
398
399 while ((skb = skb_dequeue(&conn->rx_queue))) {
400 rxrpc_see_skb(skb, rxrpc_skb_rx_seen);
401 ret = rxrpc_process_event(conn, skb, &abort_code);
402 switch (ret) {
403 case -EPROTO:
404 case -EKEYEXPIRED:
405 case -EKEYREJECTED:
406 goto protocol_error;
407 case -EAGAIN:
408 goto requeue_and_leave;
409 case -ECONNABORTED:
410 default:
411 rxrpc_free_skb(skb, rxrpc_skb_rx_freed);
412 break;
413 }
414 }
415
416out:
417 rxrpc_put_connection(conn);
418 _leave("");
419 return;
420
421requeue_and_leave:
422 skb_queue_head(&conn->rx_queue, skb);
423 goto out;
424
425protocol_error:
426 if (rxrpc_abort_connection(conn, ret, abort_code) < 0)
427 goto requeue_and_leave;
428 rxrpc_free_skb(skb, rxrpc_skb_rx_freed);
429 goto out;
430}
431
