1
2
3
4
5
6
7
8#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9
10#include <linux/module.h>
11#include <linux/net.h>
12#include <linux/skbuff.h>
13#include <linux/errqueue.h>
14#include <net/sock.h>
15#include <net/af_rxrpc.h>
16#include <net/ip.h>
17#include "ar-internal.h"
18
19
20
21
22static void rxrpc_conn_retransmit_call(struct rxrpc_connection *conn,
23 struct sk_buff *skb,
24 unsigned int channel)
25{
26 struct rxrpc_skb_priv *sp = skb ? rxrpc_skb(skb) : NULL;
27 struct rxrpc_channel *chan;
28 struct msghdr msg;
29 struct kvec iov[3];
30 struct {
31 struct rxrpc_wire_header whdr;
32 union {
33 __be32 abort_code;
34 struct rxrpc_ackpacket ack;
35 };
36 } __attribute__((packed)) pkt;
37 struct rxrpc_ackinfo ack_info;
38 size_t len;
39 int ret, ioc;
40 u32 serial, mtu, call_id, padding;
41
42 _enter("%d", conn->debug_id);
43
44 chan = &conn->channels[channel];
45
46
47
48
49 call_id = READ_ONCE(chan->last_call);
50
51 smp_rmb();
52 if (skb && call_id != sp->hdr.callNumber)
53 return;
54
55 msg.msg_name = &conn->params.peer->srx.transport;
56 msg.msg_namelen = conn->params.peer->srx.transport_len;
57 msg.msg_control = NULL;
58 msg.msg_controllen = 0;
59 msg.msg_flags = 0;
60
61 iov[0].iov_base = &pkt;
62 iov[0].iov_len = sizeof(pkt.whdr);
63 iov[1].iov_base = &padding;
64 iov[1].iov_len = 3;
65 iov[2].iov_base = &ack_info;
66 iov[2].iov_len = sizeof(ack_info);
67
68 pkt.whdr.epoch = htonl(conn->proto.epoch);
69 pkt.whdr.cid = htonl(conn->proto.cid | channel);
70 pkt.whdr.callNumber = htonl(call_id);
71 pkt.whdr.seq = 0;
72 pkt.whdr.type = chan->last_type;
73 pkt.whdr.flags = conn->out_clientflag;
74 pkt.whdr.userStatus = 0;
75 pkt.whdr.securityIndex = conn->security_ix;
76 pkt.whdr._rsvd = 0;
77 pkt.whdr.serviceId = htons(conn->service_id);
78
79 len = sizeof(pkt.whdr);
80 switch (chan->last_type) {
81 case RXRPC_PACKET_TYPE_ABORT:
82 pkt.abort_code = htonl(chan->last_abort);
83 iov[0].iov_len += sizeof(pkt.abort_code);
84 len += sizeof(pkt.abort_code);
85 ioc = 1;
86 break;
87
88 case RXRPC_PACKET_TYPE_ACK:
89 mtu = conn->params.peer->if_mtu;
90 mtu -= conn->params.peer->hdrsize;
91 pkt.ack.bufferSpace = 0;
92 pkt.ack.maxSkew = htons(skb ? skb->priority : 0);
93 pkt.ack.firstPacket = htonl(chan->last_seq + 1);
94 pkt.ack.previousPacket = htonl(chan->last_seq);
95 pkt.ack.serial = htonl(skb ? sp->hdr.serial : 0);
96 pkt.ack.reason = skb ? RXRPC_ACK_DUPLICATE : RXRPC_ACK_IDLE;
97 pkt.ack.nAcks = 0;
98 ack_info.rxMTU = htonl(rxrpc_rx_mtu);
99 ack_info.maxMTU = htonl(mtu);
100 ack_info.rwind = htonl(rxrpc_rx_window_size);
101 ack_info.jumbo_max = htonl(rxrpc_rx_jumbo_max);
102 pkt.whdr.flags |= RXRPC_SLOW_START_OK;
103 padding = 0;
104 iov[0].iov_len += sizeof(pkt.ack);
105 len += sizeof(pkt.ack) + 3 + sizeof(ack_info);
106 ioc = 3;
107 break;
108
109 default:
110 return;
111 }
112
113
114
115
116 smp_rmb();
117 if (READ_ONCE(chan->last_call) != call_id)
118 return;
119
120 serial = atomic_inc_return(&conn->serial);
121 pkt.whdr.serial = htonl(serial);
122
123 switch (chan->last_type) {
124 case RXRPC_PACKET_TYPE_ABORT:
125 _proto("Tx ABORT %%%u { %d } [re]", serial, conn->abort_code);
126 break;
127 case RXRPC_PACKET_TYPE_ACK:
128 trace_rxrpc_tx_ack(chan->call_debug_id, serial,
129 ntohl(pkt.ack.firstPacket),
130 ntohl(pkt.ack.serial),
131 pkt.ack.reason, 0);
132 _proto("Tx ACK %%%u [re]", serial);
133 break;
134 }
135
136 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, ioc, len);
137 conn->params.peer->last_tx_at = ktime_get_seconds();
138 if (ret < 0)
139 trace_rxrpc_tx_fail(chan->call_debug_id, serial, ret,
140 rxrpc_tx_point_call_final_resend);
141 else
142 trace_rxrpc_tx_packet(chan->call_debug_id, &pkt.whdr,
143 rxrpc_tx_point_call_final_resend);
144
145 _leave("");
146}
147
148
149
150
151static void rxrpc_abort_calls(struct rxrpc_connection *conn,
152 enum rxrpc_call_completion compl,
153 rxrpc_serial_t serial)
154{
155 struct rxrpc_call *call;
156 int i;
157
158 _enter("{%d},%x", conn->debug_id, conn->abort_code);
159
160 spin_lock(&conn->bundle->channel_lock);
161
162 for (i = 0; i < RXRPC_MAXCALLS; i++) {
163 call = rcu_dereference_protected(
164 conn->channels[i].call,
165 lockdep_is_held(&conn->bundle->channel_lock));
166 if (call) {
167 if (compl == RXRPC_CALL_LOCALLY_ABORTED)
168 trace_rxrpc_abort(call->debug_id,
169 "CON", call->cid,
170 call->call_id, 0,
171 conn->abort_code,
172 conn->error);
173 else
174 trace_rxrpc_rx_abort(call, serial,
175 conn->abort_code);
176 rxrpc_set_call_completion(call, compl,
177 conn->abort_code,
178 conn->error);
179 }
180 }
181
182 spin_unlock(&conn->bundle->channel_lock);
183 _leave("");
184}
185
186
187
188
189static int rxrpc_abort_connection(struct rxrpc_connection *conn,
190 int error, u32 abort_code)
191{
192 struct rxrpc_wire_header whdr;
193 struct msghdr msg;
194 struct kvec iov[2];
195 __be32 word;
196 size_t len;
197 u32 serial;
198 int ret;
199
200 _enter("%d,,%u,%u", conn->debug_id, error, abort_code);
201
202
203 spin_lock_bh(&conn->state_lock);
204 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
205 spin_unlock_bh(&conn->state_lock);
206 _leave(" = 0 [already dead]");
207 return 0;
208 }
209
210 conn->error = error;
211 conn->abort_code = abort_code;
212 conn->state = RXRPC_CONN_LOCALLY_ABORTED;
213 set_bit(RXRPC_CONN_DONT_REUSE, &conn->flags);
214 spin_unlock_bh(&conn->state_lock);
215
216 msg.msg_name = &conn->params.peer->srx.transport;
217 msg.msg_namelen = conn->params.peer->srx.transport_len;
218 msg.msg_control = NULL;
219 msg.msg_controllen = 0;
220 msg.msg_flags = 0;
221
222 whdr.epoch = htonl(conn->proto.epoch);
223 whdr.cid = htonl(conn->proto.cid);
224 whdr.callNumber = 0;
225 whdr.seq = 0;
226 whdr.type = RXRPC_PACKET_TYPE_ABORT;
227 whdr.flags = conn->out_clientflag;
228 whdr.userStatus = 0;
229 whdr.securityIndex = conn->security_ix;
230 whdr._rsvd = 0;
231 whdr.serviceId = htons(conn->service_id);
232
233 word = htonl(conn->abort_code);
234
235 iov[0].iov_base = &whdr;
236 iov[0].iov_len = sizeof(whdr);
237 iov[1].iov_base = &word;
238 iov[1].iov_len = sizeof(word);
239
240 len = iov[0].iov_len + iov[1].iov_len;
241
242 serial = atomic_inc_return(&conn->serial);
243 rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, serial);
244 whdr.serial = htonl(serial);
245 _proto("Tx CONN ABORT %%%u { %d }", serial, conn->abort_code);
246
247 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len);
248 if (ret < 0) {
249 trace_rxrpc_tx_fail(conn->debug_id, serial, ret,
250 rxrpc_tx_point_conn_abort);
251 _debug("sendmsg failed: %d", ret);
252 return -EAGAIN;
253 }
254
255 trace_rxrpc_tx_packet(conn->debug_id, &whdr, rxrpc_tx_point_conn_abort);
256
257 conn->params.peer->last_tx_at = ktime_get_seconds();
258
259 _leave(" = 0");
260 return 0;
261}
262
263
264
265
266
267static void rxrpc_call_is_secure(struct rxrpc_call *call)
268{
269 _enter("%p", call);
270 if (call) {
271 write_lock_bh(&call->state_lock);
272 if (call->state == RXRPC_CALL_SERVER_SECURING) {
273 call->state = RXRPC_CALL_SERVER_RECV_REQUEST;
274 rxrpc_notify_socket(call);
275 }
276 write_unlock_bh(&call->state_lock);
277 }
278}
279
280
281
282
283static int rxrpc_process_event(struct rxrpc_connection *conn,
284 struct sk_buff *skb,
285 u32 *_abort_code)
286{
287 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
288 __be32 wtmp;
289 u32 abort_code;
290 int loop, ret;
291
292 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
293 _leave(" = -ECONNABORTED [%u]", conn->state);
294 return -ECONNABORTED;
295 }
296
297 _enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial);
298
299 switch (sp->hdr.type) {
300 case RXRPC_PACKET_TYPE_DATA:
301 case RXRPC_PACKET_TYPE_ACK:
302 rxrpc_conn_retransmit_call(conn, skb,
303 sp->hdr.cid & RXRPC_CHANNELMASK);
304 return 0;
305
306 case RXRPC_PACKET_TYPE_BUSY:
307
308 return 0;
309
310 case RXRPC_PACKET_TYPE_ABORT:
311 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header),
312 &wtmp, sizeof(wtmp)) < 0) {
313 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial,
314 tracepoint_string("bad_abort"));
315 return -EPROTO;
316 }
317 abort_code = ntohl(wtmp);
318 _proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code);
319
320 conn->error = -ECONNABORTED;
321 conn->abort_code = abort_code;
322 conn->state = RXRPC_CONN_REMOTELY_ABORTED;
323 set_bit(RXRPC_CONN_DONT_REUSE, &conn->flags);
324 rxrpc_abort_calls(conn, RXRPC_CALL_REMOTELY_ABORTED, sp->hdr.serial);
325 return -ECONNABORTED;
326
327 case RXRPC_PACKET_TYPE_CHALLENGE:
328 return conn->security->respond_to_challenge(conn, skb,
329 _abort_code);
330
331 case RXRPC_PACKET_TYPE_RESPONSE:
332 ret = conn->security->verify_response(conn, skb, _abort_code);
333 if (ret < 0)
334 return ret;
335
336 ret = conn->security->init_connection_security(
337 conn, conn->params.key->payload.data[0]);
338 if (ret < 0)
339 return ret;
340
341 spin_lock(&conn->bundle->channel_lock);
342 spin_lock_bh(&conn->state_lock);
343
344 if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) {
345 conn->state = RXRPC_CONN_SERVICE;
346 spin_unlock_bh(&conn->state_lock);
347 for (loop = 0; loop < RXRPC_MAXCALLS; loop++)
348 rxrpc_call_is_secure(
349 rcu_dereference_protected(
350 conn->channels[loop].call,
351 lockdep_is_held(&conn->bundle->channel_lock)));
352 } else {
353 spin_unlock_bh(&conn->state_lock);
354 }
355
356 spin_unlock(&conn->bundle->channel_lock);
357 return 0;
358
359 default:
360 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial,
361 tracepoint_string("bad_conn_pkt"));
362 return -EPROTO;
363 }
364}
365
366
367
368
369static void rxrpc_secure_connection(struct rxrpc_connection *conn)
370{
371 u32 abort_code;
372 int ret;
373
374 _enter("{%d}", conn->debug_id);
375
376 ASSERT(conn->security_ix != 0);
377
378 if (conn->security->issue_challenge(conn) < 0) {
379 abort_code = RX_CALL_DEAD;
380 ret = -ENOMEM;
381 goto abort;
382 }
383
384 _leave("");
385 return;
386
387abort:
388 _debug("abort %d, %d", ret, abort_code);
389 rxrpc_abort_connection(conn, ret, abort_code);
390 _leave(" [aborted]");
391}
392
393
394
395
396void rxrpc_process_delayed_final_acks(struct rxrpc_connection *conn, bool force)
397{
398 unsigned long j = jiffies, next_j;
399 unsigned int channel;
400 bool set;
401
402again:
403 next_j = j + LONG_MAX;
404 set = false;
405 for (channel = 0; channel < RXRPC_MAXCALLS; channel++) {
406 struct rxrpc_channel *chan = &conn->channels[channel];
407 unsigned long ack_at;
408
409 if (!test_bit(RXRPC_CONN_FINAL_ACK_0 + channel, &conn->flags))
410 continue;
411
412 smp_rmb();
413 ack_at = READ_ONCE(chan->final_ack_at);
414
415 if (time_before(j, ack_at) && !force) {
416 if (time_before(ack_at, next_j)) {
417 next_j = ack_at;
418 set = true;
419 }
420 continue;
421 }
422
423 if (test_and_clear_bit(RXRPC_CONN_FINAL_ACK_0 + channel,
424 &conn->flags))
425 rxrpc_conn_retransmit_call(conn, NULL, channel);
426 }
427
428 j = jiffies;
429 if (time_before_eq(next_j, j))
430 goto again;
431 if (set)
432 rxrpc_reduce_conn_timer(conn, next_j);
433}
434
435
436
437
438static void rxrpc_do_process_connection(struct rxrpc_connection *conn)
439{
440 struct sk_buff *skb;
441 u32 abort_code = RX_PROTOCOL_ERROR;
442 int ret;
443
444 if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events))
445 rxrpc_secure_connection(conn);
446
447
448 if (conn->flags & RXRPC_CONN_FINAL_ACK_MASK)
449 rxrpc_process_delayed_final_acks(conn, false);
450
451
452
453 while ((skb = skb_dequeue(&conn->rx_queue))) {
454 rxrpc_see_skb(skb, rxrpc_skb_seen);
455 ret = rxrpc_process_event(conn, skb, &abort_code);
456 switch (ret) {
457 case -EPROTO:
458 case -EKEYEXPIRED:
459 case -EKEYREJECTED:
460 goto protocol_error;
461 case -ENOMEM:
462 case -EAGAIN:
463 goto requeue_and_leave;
464 case -ECONNABORTED:
465 default:
466 rxrpc_free_skb(skb, rxrpc_skb_freed);
467 break;
468 }
469 }
470
471 return;
472
473requeue_and_leave:
474 skb_queue_head(&conn->rx_queue, skb);
475 return;
476
477protocol_error:
478 if (rxrpc_abort_connection(conn, ret, abort_code) < 0)
479 goto requeue_and_leave;
480 rxrpc_free_skb(skb, rxrpc_skb_freed);
481 return;
482}
483
484void rxrpc_process_connection(struct work_struct *work)
485{
486 struct rxrpc_connection *conn =
487 container_of(work, struct rxrpc_connection, processor);
488
489 rxrpc_see_connection(conn);
490
491 if (__rxrpc_use_local(conn->params.local)) {
492 rxrpc_do_process_connection(conn);
493 rxrpc_unuse_local(conn->params.local);
494 }
495
496 rxrpc_put_connection(conn);
497 _leave("");
498 return;
499}
500
