LXR linux/net/ipv4/inet_connection

   1/*
   2 * INET         An implementation of the TCP/IP protocol suite for the LINUX
   3 *              operating system.  INET is implemented using the  BSD Socket
   4 *              interface as the means of communication with the user level.
   5 *
   6 *              Support for INET connection oriented protocols.
   7 *
   8 * Authors:     See the TCP sources
   9 *
  10 *              This program is free software; you can redistribute it and/or
  11 *              modify it under the terms of the GNU General Public License
  12 *              as published by the Free Software Foundation; either version
  13 *              2 of the License, or(at your option) any later version.
  14 */
  15
  16#include <linux/module.h>
  17#include <linux/jhash.h>
  18
  19#include <net/inet_connection_sock.h>
  20#include <net/inet_hashtables.h>
  21#include <net/inet_timewait_sock.h>
  22#include <net/ip.h>
  23#include <net/route.h>
  24#include <net/tcp_states.h>
  25#include <net/xfrm.h>
  26#include <net/tcp.h>
  27
  28#ifdef INET_CSK_DEBUG
  29const char inet_csk_timer_bug_msg[] = "inet_csk BUG: unknown timer value\n";
  30EXPORT_SYMBOL(inet_csk_timer_bug_msg);
  31#endif
  32
  33void inet_get_local_port_range(struct net *net, int *low, int *high)
  34{
  35        unsigned int seq;
  36
  37        do {
  38                seq = read_seqbegin(&net->ipv4.ip_local_ports.lock);
  39
  40                *low = net->ipv4.ip_local_ports.range[0];
  41                *high = net->ipv4.ip_local_ports.range[1];
  42        } while (read_seqretry(&net->ipv4.ip_local_ports.lock, seq));
  43}
  44EXPORT_SYMBOL(inet_get_local_port_range);
  45
  46int inet_csk_bind_conflict(const struct sock *sk,
  47                           const struct inet_bind_bucket *tb, bool relax)
  48{
  49        struct sock *sk2;
  50        int reuse = sk->sk_reuse;
  51        int reuseport = sk->sk_reuseport;
  52        kuid_t uid = sock_i_uid((struct sock *)sk);
  53
  54        /*
  55         * Unlike other sk lookup places we do not check
  56         * for sk_net here, since _all_ the socks listed
  57         * in tb->owners list belong to the same net - the
  58         * one this bucket belongs to.
  59         */
  60
  61        sk_for_each_bound(sk2, &tb->owners) {
  62                if (sk != sk2 &&
  63                    !inet_v6_ipv6only(sk2) &&
  64                    (!sk->sk_bound_dev_if ||
  65                     !sk2->sk_bound_dev_if ||
  66                     sk->sk_bound_dev_if == sk2->sk_bound_dev_if)) {
  67                        if ((!reuse || !sk2->sk_reuse ||
  68                            sk2->sk_state == TCP_LISTEN) &&
  69                            (!reuseport || !sk2->sk_reuseport ||
  70                            (sk2->sk_state != TCP_TIME_WAIT &&
  71                             !uid_eq(uid, sock_i_uid(sk2))))) {
  72
  73                                if (!sk2->sk_rcv_saddr || !sk->sk_rcv_saddr ||
  74                                    sk2->sk_rcv_saddr == sk->sk_rcv_saddr)
  75                                        break;
  76                        }
  77                        if (!relax && reuse && sk2->sk_reuse &&
  78                            sk2->sk_state != TCP_LISTEN) {
  79
  80                                if (!sk2->sk_rcv_saddr || !sk->sk_rcv_saddr ||
  81                                    sk2->sk_rcv_saddr == sk->sk_rcv_saddr)
  82                                        break;
  83                        }
  84                }
  85        }
  86        return sk2 != NULL;
  87}
  88EXPORT_SYMBOL_GPL(inet_csk_bind_conflict);
  89
  90/* Obtain a reference to a local port for the given sock,
  91 * if snum is zero it means select any available local port.
  92 */
  93int inet_csk_get_port(struct sock *sk, unsigned short snum)
  94{
  95        struct inet_hashinfo *hashinfo = sk->sk_prot->h.hashinfo;
  96        struct inet_bind_hashbucket *head;
  97        struct inet_bind_bucket *tb;
  98        int ret, attempts = 5;
  99        struct net *net = sock_net(sk);
 100        int smallest_size = -1, smallest_rover;
 101        kuid_t uid = sock_i_uid(sk);
 102        int attempt_half = (sk->sk_reuse == SK_CAN_REUSE) ? 1 : 0;
 103
 104        local_bh_disable();
 105        if (!snum) {
 106                int remaining, rover, low, high;
 107
 108again:
 109                inet_get_local_port_range(net, &low, &high);
 110                if (attempt_half) {
 111                        int half = low + ((high - low) >> 1);
 112
 113                        if (attempt_half == 1)
 114                                high = half;
 115                        else
 116                                low = half;
 117                }
 118                remaining = (high - low) + 1;
 119                smallest_rover = rover = prandom_u32() % remaining + low;
 120
 121                smallest_size = -1;
 122                do {
 123                        if (inet_is_local_reserved_port(net, rover))
 124                                goto next_nolock;
 125                        head = &hashinfo->bhash[inet_bhashfn(net, rover,
 126                                        hashinfo->bhash_size)];
 127                        spin_lock(&head->lock);
 128                        inet_bind_bucket_for_each(tb, &head->chain)
 129                                if (net_eq(ib_net(tb), net) && tb->port == rover) {
 130                                        if (((tb->fastreuse > 0 &&
 131                                              sk->sk_reuse &&
 132                                              sk->sk_state != TCP_LISTEN) ||
 133                                             (tb->fastreuseport > 0 &&
 134                                              sk->sk_reuseport &&
 135                                              uid_eq(tb->fastuid, uid))) &&
 136                                            (tb->num_owners < smallest_size || smallest_size == -1)) {
 137                                                smallest_size = tb->num_owners;
 138                                                smallest_rover = rover;
 139                                        }
 140                                        if (!inet_csk(sk)->icsk_af_ops->bind_conflict(sk, tb, false)) {
 141                                                snum = rover;
 142                                                goto tb_found;
 143                                        }
 144                                        goto next;
 145                                }
 146                        break;
 147                next:
 148                        spin_unlock(&head->lock);
 149                next_nolock:
 150                        if (++rover > high)
 151                                rover = low;
 152                } while (--remaining > 0);
 153
 154                /* Exhausted local port range during search?  It is not
 155                 * possible for us to be holding one of the bind hash
 156                 * locks if this test triggers, because if 'remaining'
 157                 * drops to zero, we broke out of the do/while loop at
 158                 * the top level, not from the 'break;' statement.
 159                 */
 160                ret = 1;
 161                if (remaining <= 0) {
 162                        if (smallest_size != -1) {
 163                                snum = smallest_rover;
 164                                goto have_snum;
 165                        }
 166                        if (attempt_half == 1) {
 167                                /* OK we now try the upper half of the range */
 168                                attempt_half = 2;
 169                                goto again;
 170                        }
 171                        goto fail;
 172                }
 173                /* OK, here is the one we will use.  HEAD is
 174                 * non-NULL and we hold it's mutex.
 175                 */
 176                snum = rover;
 177        } else {
 178have_snum:
 179                head = &hashinfo->bhash[inet_bhashfn(net, snum,
 180                                hashinfo->bhash_size)];
 181                spin_lock(&head->lock);
 182                inet_bind_bucket_for_each(tb, &head->chain)
 183                        if (net_eq(ib_net(tb), net) && tb->port == snum)
 184                                goto tb_found;
 185        }
 186        tb = NULL;
 187        goto tb_not_found;
 188tb_found:
 189        if (!hlist_empty(&tb->owners)) {
 190                if (sk->sk_reuse == SK_FORCE_REUSE)
 191                        goto success;
 192
 193                if (((tb->fastreuse > 0 &&
 194                      sk->sk_reuse && sk->sk_state != TCP_LISTEN) ||
 195                     (tb->fastreuseport > 0 &&
 196                      sk->sk_reuseport && uid_eq(tb->fastuid, uid))) &&
 197                    smallest_size == -1) {
 198                        goto success;
 199                } else {
 200                        ret = 1;
 201                        if (inet_csk(sk)->icsk_af_ops->bind_conflict(sk, tb, true)) {
 202                                if (((sk->sk_reuse && sk->sk_state != TCP_LISTEN) ||
 203                                     (tb->fastreuseport > 0 &&
 204                                      sk->sk_reuseport && uid_eq(tb->fastuid, uid))) &&
 205                                    smallest_size != -1 && --attempts >= 0) {
 206                                        spin_unlock(&head->lock);
 207                                        goto again;
 208                                }
 209
 210                                goto fail_unlock;
 211                        }
 212                }
 213        }
 214tb_not_found:
 215        ret = 1;
 216        if (!tb && (tb = inet_bind_bucket_create(hashinfo->bind_bucket_cachep,
 217                                        net, head, snum)) == NULL)
 218                goto fail_unlock;
 219        if (hlist_empty(&tb->owners)) {
 220                if (sk->sk_reuse && sk->sk_state != TCP_LISTEN)
 221                        tb->fastreuse = 1;
 222                else
 223                        tb->fastreuse = 0;
 224                if (sk->sk_reuseport) {
 225                        tb->fastreuseport = 1;
 226                        tb->fastuid = uid;
 227                } else
 228                        tb->fastreuseport = 0;
 229        } else {
 230                if (tb->fastreuse &&
 231                    (!sk->sk_reuse || sk->sk_state == TCP_LISTEN))
 232                        tb->fastreuse = 0;
 233                if (tb->fastreuseport &&
 234                    (!sk->sk_reuseport || !uid_eq(tb->fastuid, uid)))
 235                        tb->fastreuseport = 0;
 236        }
 237success:
 238        if (!inet_csk(sk)->icsk_bind_hash)
 239                inet_bind_hash(sk, tb, snum);
 240        WARN_ON(inet_csk(sk)->icsk_bind_hash != tb);
 241        ret = 0;
 242
 243fail_unlock:
 244        spin_unlock(&head->lock);
 245fail:
 246        local_bh_enable();
 247        return ret;
 248}
 249EXPORT_SYMBOL_GPL(inet_csk_get_port);
 250
 251/*
 252 * Wait for an incoming connection, avoid race conditions. This must be called
 253 * with the socket locked.
 254 */
 255static int inet_csk_wait_for_connect(struct sock *sk, long timeo)
 256{
 257        struct inet_connection_sock *icsk = inet_csk(sk);
 258        DEFINE_WAIT(wait);
 259        int err;
 260
 261        /*
 262         * True wake-one mechanism for incoming connections: only
 263         * one process gets woken up, not the 'whole herd'.
 264         * Since we do not 'race & poll' for established sockets
 265         * anymore, the common case will execute the loop only once.
 266         *
 267         * Subtle issue: "add_wait_queue_exclusive()" will be added
 268         * after any current non-exclusive waiters, and we know that
 269         * it will always _stay_ after any new non-exclusive waiters
 270         * because all non-exclusive waiters are added at the
 271         * beginning of the wait-queue. As such, it's ok to "drop"
 272         * our exclusiveness temporarily when we get woken up without
 273         * having to remove and re-insert us on the wait queue.
 274         */
 275        for (;;) {
 276                prepare_to_wait_exclusive(sk_sleep(sk), &wait,
 277                                          TASK_INTERRUPTIBLE);
 278                release_sock(sk);
 279                if (reqsk_queue_empty(&icsk->icsk_accept_queue))
 280                        timeo = schedule_timeout(timeo);
 281                sched_annotate_sleep();
 282                lock_sock(sk);
 283                err = 0;
 284                if (!reqsk_queue_empty(&icsk->icsk_accept_queue))
 285                        break;
 286                err = -EINVAL;
 287                if (sk->sk_state != TCP_LISTEN)
 288                        break;
 289                err = sock_intr_errno(timeo);
 290                if (signal_pending(current))
 291                        break;
 292                err = -EAGAIN;
 293                if (!timeo)
 294                        break;
 295        }
 296        finish_wait(sk_sleep(sk), &wait);
 297        return err;
 298}
 299
 300/*
 301 * This will accept the next outstanding connection.
 302 */
 303struct sock *inet_csk_accept(struct sock *sk, int flags, int *err)
 304{
 305        struct inet_connection_sock *icsk = inet_csk(sk);
 306        struct request_sock_queue *queue = &icsk->icsk_accept_queue;
 307        struct request_sock *req;
 308        struct sock *newsk;
 309        int error;
 310
 311        lock_sock(sk);
 312
 313        /* We need to make sure that this socket is listening,
 314         * and that it has something pending.
 315         */
 316        error = -EINVAL;
 317        if (sk->sk_state != TCP_LISTEN)
 318                goto out_err;
 319
 320        /* Find already established connection */
 321        if (reqsk_queue_empty(queue)) {
 322                long timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
 323
 324                /* If this is a non blocking socket don't sleep */
 325                error = -EAGAIN;
 326                if (!timeo)
 327                        goto out_err;
 328
 329                error = inet_csk_wait_for_connect(sk, timeo);
 330                if (error)
 331                        goto out_err;
 332        }
 333        req = reqsk_queue_remove(queue);
 334        newsk = req->sk;
 335
 336        sk_acceptq_removed(sk);
 337        if (sk->sk_protocol == IPPROTO_TCP &&
 338            tcp_rsk(req)->tfo_listener &&
 339            queue->fastopenq) {
 340                spin_lock_bh(&queue->fastopenq->lock);
 341                if (tcp_rsk(req)->tfo_listener) {
 342                        /* We are still waiting for the final ACK from 3WHS
 343                         * so can't free req now. Instead, we set req->sk to
 344                         * NULL to signify that the child socket is taken
 345                         * so reqsk_fastopen_remove() will free the req
 346                         * when 3WHS finishes (or is aborted).
 347                         */
 348                        req->sk = NULL;
 349                        req = NULL;
 350                }
 351                spin_unlock_bh(&queue->fastopenq->lock);
 352        }
 353out:
 354        release_sock(sk);
 355        if (req)
 356                reqsk_put(req);
 357        return newsk;
 358out_err:
 359        newsk = NULL;
 360        req = NULL;
 361        *err = error;
 362        goto out;
 363}
 364EXPORT_SYMBOL(inet_csk_accept);
 365
 366/*
 367 * Using different timers for retransmit, delayed acks and probes
 368 * We may wish use just one timer maintaining a list of expire jiffies
 369 * to optimize.
 370 */
 371void inet_csk_init_xmit_timers(struct sock *sk,
 372                               void (*retransmit_handler)(unsigned long),
 373                               void (*delack_handler)(unsigned long),
 374                               void (*keepalive_handler)(unsigned long))
 375{
 376        struct inet_connection_sock *icsk = inet_csk(sk);
 377
 378        setup_timer(&icsk->icsk_retransmit_timer, retransmit_handler,
 379                        (unsigned long)sk);
 380        setup_timer(&icsk->icsk_delack_timer, delack_handler,
 381                        (unsigned long)sk);
 382        setup_timer(&sk->sk_timer, keepalive_handler, (unsigned long)sk);
 383        icsk->icsk_pending = icsk->icsk_ack.pending = 0;
 384}
 385EXPORT_SYMBOL(inet_csk_init_xmit_timers);
 386
 387void inet_csk_clear_xmit_timers(struct sock *sk)
 388{
 389        struct inet_connection_sock *icsk = inet_csk(sk);
 390
 391        icsk->icsk_pending = icsk->icsk_ack.pending = icsk->icsk_ack.blocked = 0;
 392
 393        sk_stop_timer(sk, &icsk->icsk_retransmit_timer);
 394        sk_stop_timer(sk, &icsk->icsk_delack_timer);
 395        sk_stop_timer(sk, &sk->sk_timer);
 396}
 397EXPORT_SYMBOL(inet_csk_clear_xmit_timers);
 398
 399void inet_csk_delete_keepalive_timer(struct sock *sk)
 400{
 401        sk_stop_timer(sk, &sk->sk_timer);
 402}
 403EXPORT_SYMBOL(inet_csk_delete_keepalive_timer);
 404
 405void inet_csk_reset_keepalive_timer(struct sock *sk, unsigned long len)
 406{
 407        sk_reset_timer(sk, &sk->sk_timer, jiffies + len);
 408}
 409EXPORT_SYMBOL(inet_csk_reset_keepalive_timer);
 410
 411struct dst_entry *inet_csk_route_req(struct sock *sk,
 412                                     struct flowi4 *fl4,
 413                                     const struct request_sock *req)
 414{
 415        const struct inet_request_sock *ireq = inet_rsk(req);
 416        struct net *net = read_pnet(&ireq->ireq_net);
 417        struct ip_options_rcu *opt = ireq->opt;
 418        struct rtable *rt;
 419
 420        flowi4_init_output(fl4, ireq->ir_iif, ireq->ir_mark,
 421                           RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE,
 422                           sk->sk_protocol, inet_sk_flowi_flags(sk),
 423                           (opt && opt->opt.srr) ? opt->opt.faddr : ireq->ir_rmt_addr,
 424                           ireq->ir_loc_addr, ireq->ir_rmt_port,
 425                           htons(ireq->ir_num));
 426        security_req_classify_flow(req, flowi4_to_flowi(fl4));
 427        rt = ip_route_output_flow(net, fl4, sk);
 428        if (IS_ERR(rt))
 429                goto no_route;
 430        if (opt && opt->opt.is_strictroute && rt->rt_uses_gateway)
 431                goto route_err;
 432        return &rt->dst;
 433
 434route_err:
 435        ip_rt_put(rt);
 436no_route:
 437        IP_INC_STATS_BH(net, IPSTATS_MIB_OUTNOROUTES);
 438        return NULL;
 439}
 440EXPORT_SYMBOL_GPL(inet_csk_route_req);
 441
 442struct dst_entry *inet_csk_route_child_sock(struct sock *sk,
 443                                            struct sock *newsk,
 444                                            const struct request_sock *req)
 445{
 446        const struct inet_request_sock *ireq = inet_rsk(req);
 447        struct net *net = read_pnet(&ireq->ireq_net);
 448        struct inet_sock *newinet = inet_sk(newsk);
 449        struct ip_options_rcu *opt;
 450        struct flowi4 *fl4;
 451        struct rtable *rt;
 452
 453        fl4 = &newinet->cork.fl.u.ip4;
 454
 455        rcu_read_lock();
 456        opt = rcu_dereference(newinet->inet_opt);
 457        flowi4_init_output(fl4, ireq->ir_iif, ireq->ir_mark,
 458                           RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE,
 459                           sk->sk_protocol, inet_sk_flowi_flags(sk),
 460                           (opt && opt->opt.srr) ? opt->opt.faddr : ireq->ir_rmt_addr,
 461                           ireq->ir_loc_addr, ireq->ir_rmt_port,
 462                           htons(ireq->ir_num));
 463        security_req_classify_flow(req, flowi4_to_flowi(fl4));
 464        rt = ip_route_output_flow(net, fl4, sk);
 465        if (IS_ERR(rt))
 466                goto no_route;
 467        if (opt && opt->opt.is_strictroute && rt->rt_uses_gateway)
 468                goto route_err;
 469        rcu_read_unlock();
 470        return &rt->dst;
 471
 472route_err:
 473        ip_rt_put(rt);
 474no_route:
 475        rcu_read_unlock();
 476        IP_INC_STATS_BH(net, IPSTATS_MIB_OUTNOROUTES);
 477        return NULL;
 478}
 479EXPORT_SYMBOL_GPL(inet_csk_route_child_sock);
 480
 481static inline u32 inet_synq_hash(const __be32 raddr, const __be16 rport,
 482                                 const u32 rnd, const u32 synq_hsize)
 483{
 484        return jhash_2words((__force u32)raddr, (__force u32)rport, rnd) & (synq_hsize - 1);
 485}
 486
 487#if IS_ENABLED(CONFIG_IPV6)
 488#define AF_INET_FAMILY(fam) ((fam) == AF_INET)
 489#else
 490#define AF_INET_FAMILY(fam) true
 491#endif
 492
 493/* Note: this is temporary :
 494 * req sock will no longer be in listener hash table
 495*/
 496struct request_sock *inet_csk_search_req(struct sock *sk,
 497                                         const __be16 rport,
 498                                         const __be32 raddr,
 499                                         const __be32 laddr)
 500{
 501        struct inet_connection_sock *icsk = inet_csk(sk);
 502        struct listen_sock *lopt = icsk->icsk_accept_queue.listen_opt;
 503        struct request_sock *req;
 504        u32 hash = inet_synq_hash(raddr, rport, lopt->hash_rnd,
 505                                  lopt->nr_table_entries);
 506
 507        spin_lock(&icsk->icsk_accept_queue.syn_wait_lock);
 508        for (req = lopt->syn_table[hash]; req != NULL; req = req->dl_next) {
 509                const struct inet_request_sock *ireq = inet_rsk(req);
 510
 511                if (ireq->ir_rmt_port == rport &&
 512                    ireq->ir_rmt_addr == raddr &&
 513                    ireq->ir_loc_addr == laddr &&
 514                    AF_INET_FAMILY(req->rsk_ops->family)) {
 515                        atomic_inc(&req->rsk_refcnt);
 516                        WARN_ON(req->sk);
 517                        break;
 518                }
 519        }
 520        spin_unlock(&icsk->icsk_accept_queue.syn_wait_lock);
 521
 522        return req;
 523}
 524EXPORT_SYMBOL_GPL(inet_csk_search_req);
 525
 526void inet_csk_reqsk_queue_hash_add(struct sock *sk, struct request_sock *req,
 527                                   unsigned long timeout)
 528{
 529        struct inet_connection_sock *icsk = inet_csk(sk);
 530        struct listen_sock *lopt = icsk->icsk_accept_queue.listen_opt;
 531        const u32 h = inet_synq_hash(inet_rsk(req)->ir_rmt_addr,
 532                                     inet_rsk(req)->ir_rmt_port,
 533                                     lopt->hash_rnd, lopt->nr_table_entries);
 534
 535        reqsk_queue_hash_req(&icsk->icsk_accept_queue, h, req, timeout);
 536        inet_csk_reqsk_queue_added(sk, timeout);
 537}
 538EXPORT_SYMBOL_GPL(inet_csk_reqsk_queue_hash_add);
 539
 540/* Only thing we need from tcp.h */
 541extern int sysctl_tcp_synack_retries;
 542
 543
 544/* Decide when to expire the request and when to resend SYN-ACK */
 545static inline void syn_ack_recalc(struct request_sock *req, const int thresh,
 546                                  const int max_retries,
 547                                  const u8 rskq_defer_accept,
 548                                  int *expire, int *resend)
 549{
 550        if (!rskq_defer_accept) {
 551                *expire = req->num_timeout >= thresh;
 552                *resend = 1;
 553                return;
 554        }
 555        *expire = req->num_timeout >= thresh &&
 556                  (!inet_rsk(req)->acked || req->num_timeout >= max_retries);
 557        /*
 558         * Do not resend while waiting for data after ACK,
 559         * start to resend on end of deferring period to give
 560         * last chance for data or ACK to create established socket.
 561         */
 562        *resend = !inet_rsk(req)->acked ||
 563                  req->num_timeout >= rskq_defer_accept - 1;
 564}
 565
 566int inet_rtx_syn_ack(struct sock *parent, struct request_sock *req)
 567{
 568        int err = req->rsk_ops->rtx_syn_ack(parent, req);
 569
 570        if (!err)
 571                req->num_retrans++;
 572        return err;
 573}
 574EXPORT_SYMBOL(inet_rtx_syn_ack);
 575
 576/* return true if req was found in the syn_table[] */
 577static bool reqsk_queue_unlink(struct request_sock_queue *queue,
 578                               struct request_sock *req)
 579{
 580        struct listen_sock *lopt = queue->listen_opt;
 581        struct request_sock **prev;
 582        bool found = false;
 583
 584        spin_lock(&queue->syn_wait_lock);
 585
 586        for (prev = &lopt->syn_table[req->rsk_hash]; *prev != NULL;
 587             prev = &(*prev)->dl_next) {
 588                if (*prev == req) {
 589                        *prev = req->dl_next;
 590                        found = true;
 591                        break;
 592                }
 593        }
 594
 595        spin_unlock(&queue->syn_wait_lock);
 596        if (timer_pending(&req->rsk_timer) && del_timer_sync(&req->rsk_timer))
 597                reqsk_put(req);
 598        return found;
 599}
 600
 601void inet_csk_reqsk_queue_drop(struct sock *sk, struct request_sock *req)
 602{
 603        if (reqsk_queue_unlink(&inet_csk(sk)->icsk_accept_queue, req)) {
 604                reqsk_queue_removed(&inet_csk(sk)->icsk_accept_queue, req);
 605                reqsk_put(req);
 606        }
 607}
 608EXPORT_SYMBOL(inet_csk_reqsk_queue_drop);
 609
 610static void reqsk_timer_handler(unsigned long data)
 611{
 612        struct request_sock *req = (struct request_sock *)data;
 613        struct sock *sk_listener = req->rsk_listener;
 614        struct inet_connection_sock *icsk = inet_csk(sk_listener);
 615        struct request_sock_queue *queue = &icsk->icsk_accept_queue;
 616        struct listen_sock *lopt = queue->listen_opt;
 617        int qlen, expire = 0, resend = 0;
 618        int max_retries, thresh;
 619        u8 defer_accept;
 620
 621        if (sk_listener->sk_state != TCP_LISTEN || !lopt) {
 622                reqsk_put(req);
 623                return;
 624        }
 625
 626        max_retries = icsk->icsk_syn_retries ? : sysctl_tcp_synack_retries;
 627        thresh = max_retries;
 628        /* Normally all the openreqs are young and become mature
 629         * (i.e. converted to established socket) for first timeout.
 630         * If synack was not acknowledged for 1 second, it means
 631         * one of the following things: synack was lost, ack was lost,
 632         * rtt is high or nobody planned to ack (i.e. synflood).
 633         * When server is a bit loaded, queue is populated with old
 634         * open requests, reducing effective size of queue.
 635         * When server is well loaded, queue size reduces to zero
 636         * after several minutes of work. It is not synflood,
 637         * it is normal operation. The solution is pruning
 638         * too old entries overriding normal timeout, when
 639         * situation becomes dangerous.
 640         *
 641         * Essentially, we reserve half of room for young
 642         * embrions; and abort old ones without pity, if old
 643         * ones are about to clog our table.
 644         */
 645        qlen = listen_sock_qlen(lopt);
 646        if (qlen >> (lopt->max_qlen_log - 1)) {
 647                int young = listen_sock_young(lopt) << 1;
 648
 649                while (thresh > 2) {
 650                        if (qlen < young)
 651                                break;
 652                        thresh--;
 653                        young <<= 1;
 654                }
 655        }
 656        defer_accept = READ_ONCE(queue->rskq_defer_accept);
 657        if (defer_accept)
 658                max_retries = defer_accept;
 659        syn_ack_recalc(req, thresh, max_retries, defer_accept,
 660                       &expire, &resend);
 661        req->rsk_ops->syn_ack_timeout(req);
 662        if (!expire &&
 663            (!resend ||
 664             !inet_rtx_syn_ack(sk_listener, req) ||
 665             inet_rsk(req)->acked)) {
 666                unsigned long timeo;
 667
 668                if (req->num_timeout++ == 0)
 669                        atomic_inc(&lopt->young_dec);
 670                timeo = min(TCP_TIMEOUT_INIT << req->num_timeout, TCP_RTO_MAX);
 671                mod_timer_pinned(&req->rsk_timer, jiffies + timeo);
 672                return;
 673        }
 674        inet_csk_reqsk_queue_drop(sk_listener, req);
 675        reqsk_put(req);
 676}
 677
 678void reqsk_queue_hash_req(struct request_sock_queue *queue,
 679                          u32 hash, struct request_sock *req,
 680                          unsigned long timeout)
 681{
 682        struct listen_sock *lopt = queue->listen_opt;
 683
 684        req->num_retrans = 0;
 685        req->num_timeout = 0;
 686        req->sk = NULL;
 687
 688        /* before letting lookups find us, make sure all req fields
 689         * are committed to memory and refcnt initialized.
 690         */
 691        smp_wmb();
 692        atomic_set(&req->rsk_refcnt, 2);
 693        setup_timer(&req->rsk_timer, reqsk_timer_handler, (unsigned long)req);
 694        req->rsk_hash = hash;
 695
 696        spin_lock(&queue->syn_wait_lock);
 697        req->dl_next = lopt->syn_table[hash];
 698        lopt->syn_table[hash] = req;
 699        spin_unlock(&queue->syn_wait_lock);
 700
 701        mod_timer_pinned(&req->rsk_timer, jiffies + timeout);
 702}
 703EXPORT_SYMBOL(reqsk_queue_hash_req);
 704
 705/**
 706 *      inet_csk_clone_lock - clone an inet socket, and lock its clone
 707 *      @sk: the socket to clone
 708 *      @req: request_sock
 709 *      @priority: for allocation (%GFP_KERNEL, %GFP_ATOMIC, etc)
 710 *
 711 *      Caller must unlock socket even in error path (bh_unlock_sock(newsk))
 712 */
 713struct sock *inet_csk_clone_lock(const struct sock *sk,
 714                                 const struct request_sock *req,
 715                                 const gfp_t priority)
 716{
 717        struct sock *newsk = sk_clone_lock(sk, priority);
 718
 719        if (newsk) {
 720                struct inet_connection_sock *newicsk = inet_csk(newsk);
 721
 722                newsk->sk_state = TCP_SYN_RECV;
 723                newicsk->icsk_bind_hash = NULL;
 724
 725                inet_sk(newsk)->inet_dport = inet_rsk(req)->ir_rmt_port;
 726                inet_sk(newsk)->inet_num = inet_rsk(req)->ir_num;
 727                inet_sk(newsk)->inet_sport = htons(inet_rsk(req)->ir_num);
 728                newsk->sk_write_space = sk_stream_write_space;
 729
 730                newsk->sk_mark = inet_rsk(req)->ir_mark;
 731                atomic64_set(&newsk->sk_cookie,
 732                             atomic64_read(&inet_rsk(req)->ir_cookie));
 733
 734                newicsk->icsk_retransmits = 0;
 735                newicsk->icsk_backoff     = 0;
 736                newicsk->icsk_probes_out  = 0;
 737
 738                /* Deinitialize accept_queue to trap illegal accesses. */
 739                memset(&newicsk->icsk_accept_queue, 0, sizeof(newicsk->icsk_accept_queue));
 740
 741                security_inet_csk_clone(newsk, req);
 742        }
 743        return newsk;
 744}
 745EXPORT_SYMBOL_GPL(inet_csk_clone_lock);
 746
 747/*
 748 * At this point, there should be no process reference to this
 749 * socket, and thus no user references at all.  Therefore we
 750 * can assume the socket waitqueue is inactive and nobody will
 751 * try to jump onto it.
 752 */
 753void inet_csk_destroy_sock(struct sock *sk)
 754{
 755        WARN_ON(sk->sk_state != TCP_CLOSE);
 756        WARN_ON(!sock_flag(sk, SOCK_DEAD));
 757
 758        /* It cannot be in hash table! */
 759        WARN_ON(!sk_unhashed(sk));
 760
 761        /* If it has not 0 inet_sk(sk)->inet_num, it must be bound */
 762        WARN_ON(inet_sk(sk)->inet_num && !inet_csk(sk)->icsk_bind_hash);
 763
 764        sk->sk_prot->destroy(sk);
 765
 766        sk_stream_kill_queues(sk);
 767
 768        xfrm_sk_free_policy(sk);
 769
 770        sk_refcnt_debug_release(sk);
 771
 772        percpu_counter_dec(sk->sk_prot->orphan_count);
 773        sock_put(sk);
 774}
 775EXPORT_SYMBOL(inet_csk_destroy_sock);
 776
 777/* This function allows to force a closure of a socket after the call to
 778 * tcp/dccp_create_openreq_child().
 779 */
 780void inet_csk_prepare_forced_close(struct sock *sk)
 781        __releases(&sk->sk_lock.slock)
 782{
 783        /* sk_clone_lock locked the socket and set refcnt to 2 */
 784        bh_unlock_sock(sk);
 785        sock_put(sk);
 786
 787        /* The below has to be done to allow calling inet_csk_destroy_sock */
 788        sock_set_flag(sk, SOCK_DEAD);
 789        percpu_counter_inc(sk->sk_prot->orphan_count);
 790        inet_sk(sk)->inet_num = 0;
 791}
 792EXPORT_SYMBOL(inet_csk_prepare_forced_close);
 793
 794int inet_csk_listen_start(struct sock *sk, const int nr_table_entries)
 795{
 796        struct inet_sock *inet = inet_sk(sk);
 797        struct inet_connection_sock *icsk = inet_csk(sk);
 798        int rc = reqsk_queue_alloc(&icsk->icsk_accept_queue, nr_table_entries);
 799
 800        if (rc != 0)
 801                return rc;
 802
 803        sk->sk_max_ack_backlog = 0;
 804        sk->sk_ack_backlog = 0;
 805        inet_csk_delack_init(sk);
 806
 807        /* There is race window here: we announce ourselves listening,
 808         * but this transition is still not validated by get_port().
 809         * It is OK, because this socket enters to hash table only
 810         * after validation is complete.
 811         */
 812        sk->sk_state = TCP_LISTEN;
 813        if (!sk->sk_prot->get_port(sk, inet->inet_num)) {
 814                inet->inet_sport = htons(inet->inet_num);
 815
 816                sk_dst_reset(sk);
 817                sk->sk_prot->hash(sk);
 818
 819                return 0;
 820        }
 821
 822        sk->sk_state = TCP_CLOSE;
 823        __reqsk_queue_destroy(&icsk->icsk_accept_queue);
 824        return -EADDRINUSE;
 825}
 826EXPORT_SYMBOL_GPL(inet_csk_listen_start);
 827
 828/*
 829 *      This routine closes sockets which have been at least partially
 830 *      opened, but not yet accepted.
 831 */
 832void inet_csk_listen_stop(struct sock *sk)
 833{
 834        struct inet_connection_sock *icsk = inet_csk(sk);
 835        struct request_sock_queue *queue = &icsk->icsk_accept_queue;
 836        struct request_sock *acc_req;
 837        struct request_sock *req;
 838
 839        /* make all the listen_opt local to us */
 840        acc_req = reqsk_queue_yank_acceptq(queue);
 841
 842        /* Following specs, it would be better either to send FIN
 843         * (and enter FIN-WAIT-1, it is normal close)
 844         * or to send active reset (abort).
 845         * Certainly, it is pretty dangerous while synflood, but it is
 846         * bad justification for our negligence 8)
 847         * To be honest, we are not able to make either
 848         * of the variants now.                 --ANK
 849         */
 850        reqsk_queue_destroy(queue);
 851
 852        while ((req = acc_req) != NULL) {
 853                struct sock *child = req->sk;
 854
 855                acc_req = req->dl_next;
 856
 857                local_bh_disable();
 858                bh_lock_sock(child);
 859                WARN_ON(sock_owned_by_user(child));
 860                sock_hold(child);
 861
 862                sk->sk_prot->disconnect(child, O_NONBLOCK);
 863
 864                sock_orphan(child);
 865
 866                percpu_counter_inc(sk->sk_prot->orphan_count);
 867
 868                if (sk->sk_protocol == IPPROTO_TCP && tcp_rsk(req)->tfo_listener) {
 869                        BUG_ON(tcp_sk(child)->fastopen_rsk != req);
 870                        BUG_ON(sk != req->rsk_listener);
 871
 872                        /* Paranoid, to prevent race condition if
 873                         * an inbound pkt destined for child is
 874                         * blocked by sock lock in tcp_v4_rcv().
 875                         * Also to satisfy an assertion in
 876                         * tcp_v4_destroy_sock().
 877                         */
 878                        tcp_sk(child)->fastopen_rsk = NULL;
 879                }
 880                inet_csk_destroy_sock(child);
 881
 882                bh_unlock_sock(child);
 883                local_bh_enable();
 884                sock_put(child);
 885
 886                sk_acceptq_removed(sk);
 887                reqsk_put(req);
 888        }
 889        if (queue->fastopenq) {
 890                /* Free all the reqs queued in rskq_rst_head. */
 891                spin_lock_bh(&queue->fastopenq->lock);
 892                acc_req = queue->fastopenq->rskq_rst_head;
 893                queue->fastopenq->rskq_rst_head = NULL;
 894                spin_unlock_bh(&queue->fastopenq->lock);
 895                while ((req = acc_req) != NULL) {
 896                        acc_req = req->dl_next;
 897                        reqsk_put(req);
 898                }
 899        }
 900        WARN_ON(sk->sk_ack_backlog);
 901}
 902EXPORT_SYMBOL_GPL(inet_csk_listen_stop);
 903
 904void inet_csk_addr2sockaddr(struct sock *sk, struct sockaddr *uaddr)
 905{
 906        struct sockaddr_in *sin = (struct sockaddr_in *)uaddr;
 907        const struct inet_sock *inet = inet_sk(sk);
 908
 909        sin->sin_family         = AF_INET;
 910        sin->sin_addr.s_addr    = inet->inet_daddr;
 911        sin->sin_port           = inet->inet_dport;
 912}
 913EXPORT_SYMBOL_GPL(inet_csk_addr2sockaddr);
 914
 915#ifdef CONFIG_COMPAT
 916int inet_csk_compat_getsockopt(struct sock *sk, int level, int optname,
 917                               char __user *optval, int __user *optlen)
 918{
 919        const struct inet_connection_sock *icsk = inet_csk(sk);
 920
 921        if (icsk->icsk_af_ops->compat_getsockopt)
 922                return icsk->icsk_af_ops->compat_getsockopt(sk, level, optname,
 923                                                            optval, optlen);
 924        return icsk->icsk_af_ops->getsockopt(sk, level, optname,
 925                                             optval, optlen);
 926}
 927EXPORT_SYMBOL_GPL(inet_csk_compat_getsockopt);
 928
 929int inet_csk_compat_setsockopt(struct sock *sk, int level, int optname,
 930                               char __user *optval, unsigned int optlen)
 931{
 932        const struct inet_connection_sock *icsk = inet_csk(sk);
 933
 934        if (icsk->icsk_af_ops->compat_setsockopt)
 935                return icsk->icsk_af_ops->compat_setsockopt(sk, level, optname,
 936                                                            optval, optlen);
 937        return icsk->icsk_af_ops->setsockopt(sk, level, optname,
 938                                             optval, optlen);
 939}
 940EXPORT_SYMBOL_GPL(inet_csk_compat_setsockopt);
 941#endif
 942
 943static struct dst_entry *inet_csk_rebuild_route(struct sock *sk, struct flowi *fl)
 944{
 945        const struct inet_sock *inet = inet_sk(sk);
 946        const struct ip_options_rcu *inet_opt;
 947        __be32 daddr = inet->inet_daddr;
 948        struct flowi4 *fl4;
 949        struct rtable *rt;
 950
 951        rcu_read_lock();
 952        inet_opt = rcu_dereference(inet->inet_opt);
 953        if (inet_opt && inet_opt->opt.srr)
 954                daddr = inet_opt->opt.faddr;
 955        fl4 = &fl->u.ip4;
 956        rt = ip_route_output_ports(sock_net(sk), fl4, sk, daddr,
 957                                   inet->inet_saddr, inet->inet_dport,
 958                                   inet->inet_sport, sk->sk_protocol,
 959                                   RT_CONN_FLAGS(sk), sk->sk_bound_dev_if);
 960        if (IS_ERR(rt))
 961                rt = NULL;
 962        if (rt)
 963                sk_setup_caps(sk, &rt->dst);
 964        rcu_read_unlock();
 965
 966        return &rt->dst;
 967}
 968
 969struct dst_entry *inet_csk_update_pmtu(struct sock *sk, u32 mtu)
 970{
 971        struct dst_entry *dst = __sk_dst_check(sk, 0);
 972        struct inet_sock *inet = inet_sk(sk);
 973
 974        if (!dst) {
 975                dst = inet_csk_rebuild_route(sk, &inet->cork.fl);
 976                if (!dst)
 977                        goto out;
 978        }
 979        dst->ops->update_pmtu(dst, sk, NULL, mtu);
 980
 981        dst = __sk_dst_check(sk, 0);
 982        if (!dst)
 983                dst = inet_csk_rebuild_route(sk, &inet->cork.fl);
 984out:
 985        return dst;
 986}
 987EXPORT_SYMBOL_GPL(inet_csk_update_pmtu);
 988