1
2
3
4
5
6
7
8#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9
10#include <linux/module.h>
11#include <linux/net.h>
12#include <linux/skbuff.h>
13#include <linux/errqueue.h>
14#include <net/sock.h>
15#include <net/af_rxrpc.h>
16#include <net/ip.h>
17#include "ar-internal.h"
18
19
20
21
22static void rxrpc_conn_retransmit_call(struct rxrpc_connection *conn,
23 struct sk_buff *skb,
24 unsigned int channel)
25{
26 struct rxrpc_skb_priv *sp = skb ? rxrpc_skb(skb) : NULL;
27 struct rxrpc_channel *chan;
28 struct msghdr msg;
29 struct kvec iov[3];
30 struct {
31 struct rxrpc_wire_header whdr;
32 union {
33 __be32 abort_code;
34 struct rxrpc_ackpacket ack;
35 };
36 } __attribute__((packed)) pkt;
37 struct rxrpc_ackinfo ack_info;
38 size_t len;
39 int ret, ioc;
40 u32 serial, mtu, call_id, padding;
41
42 _enter("%d", conn->debug_id);
43
44 chan = &conn->channels[channel];
45
46
47
48
49 call_id = READ_ONCE(chan->last_call);
50
51 smp_rmb();
52 if (skb && call_id != sp->hdr.callNumber)
53 return;
54
55 msg.msg_name = &conn->params.peer->srx.transport;
56 msg.msg_namelen = conn->params.peer->srx.transport_len;
57 msg.msg_control = NULL;
58 msg.msg_controllen = 0;
59 msg.msg_flags = 0;
60
61 iov[0].iov_base = &pkt;
62 iov[0].iov_len = sizeof(pkt.whdr);
63 iov[1].iov_base = &padding;
64 iov[1].iov_len = 3;
65 iov[2].iov_base = &ack_info;
66 iov[2].iov_len = sizeof(ack_info);
67
68 pkt.whdr.epoch = htonl(conn->proto.epoch);
69 pkt.whdr.cid = htonl(conn->proto.cid | channel);
70 pkt.whdr.callNumber = htonl(call_id);
71 pkt.whdr.seq = 0;
72 pkt.whdr.type = chan->last_type;
73 pkt.whdr.flags = conn->out_clientflag;
74 pkt.whdr.userStatus = 0;
75 pkt.whdr.securityIndex = conn->security_ix;
76 pkt.whdr._rsvd = 0;
77 pkt.whdr.serviceId = htons(conn->service_id);
78
79 len = sizeof(pkt.whdr);
80 switch (chan->last_type) {
81 case RXRPC_PACKET_TYPE_ABORT:
82 pkt.abort_code = htonl(chan->last_abort);
83 iov[0].iov_len += sizeof(pkt.abort_code);
84 len += sizeof(pkt.abort_code);
85 ioc = 1;
86 break;
87
88 case RXRPC_PACKET_TYPE_ACK:
89 mtu = conn->params.peer->if_mtu;
90 mtu -= conn->params.peer->hdrsize;
91 pkt.ack.bufferSpace = 0;
92 pkt.ack.maxSkew = htons(skb ? skb->priority : 0);
93 pkt.ack.firstPacket = htonl(chan->last_seq + 1);
94 pkt.ack.previousPacket = htonl(chan->last_seq);
95 pkt.ack.serial = htonl(skb ? sp->hdr.serial : 0);
96 pkt.ack.reason = skb ? RXRPC_ACK_DUPLICATE : RXRPC_ACK_IDLE;
97 pkt.ack.nAcks = 0;
98 ack_info.rxMTU = htonl(rxrpc_rx_mtu);
99 ack_info.maxMTU = htonl(mtu);
100 ack_info.rwind = htonl(rxrpc_rx_window_size);
101 ack_info.jumbo_max = htonl(rxrpc_rx_jumbo_max);
102 pkt.whdr.flags |= RXRPC_SLOW_START_OK;
103 padding = 0;
104 iov[0].iov_len += sizeof(pkt.ack);
105 len += sizeof(pkt.ack) + 3 + sizeof(ack_info);
106 ioc = 3;
107 break;
108
109 default:
110 return;
111 }
112
113
114
115
116 smp_rmb();
117 if (READ_ONCE(chan->last_call) != call_id)
118 return;
119
120 serial = atomic_inc_return(&conn->serial);
121 pkt.whdr.serial = htonl(serial);
122
123 switch (chan->last_type) {
124 case RXRPC_PACKET_TYPE_ABORT:
125 _proto("Tx ABORT %%%u { %d } [re]", serial, conn->abort_code);
126 break;
127 case RXRPC_PACKET_TYPE_ACK:
128 trace_rxrpc_tx_ack(chan->call_debug_id, serial,
129 ntohl(pkt.ack.firstPacket),
130 ntohl(pkt.ack.serial),
131 pkt.ack.reason, 0);
132 _proto("Tx ACK %%%u [re]", serial);
133 break;
134 }
135
136 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, ioc, len);
137 conn->params.peer->last_tx_at = ktime_get_seconds();
138 if (ret < 0)
139 trace_rxrpc_tx_fail(chan->call_debug_id, serial, ret,
140 rxrpc_tx_point_call_final_resend);
141 else
142 trace_rxrpc_tx_packet(chan->call_debug_id, &pkt.whdr,
143 rxrpc_tx_point_call_final_resend);
144
145 _leave("");
146}
147
148
149
150
151static void rxrpc_abort_calls(struct rxrpc_connection *conn,
152 enum rxrpc_call_completion compl,
153 rxrpc_serial_t serial)
154{
155 struct rxrpc_call *call;
156 int i;
157
158 _enter("{%d},%x", conn->debug_id, conn->abort_code);
159
160 spin_lock(&conn->channel_lock);
161
162 for (i = 0; i < RXRPC_MAXCALLS; i++) {
163 call = rcu_dereference_protected(
164 conn->channels[i].call,
165 lockdep_is_held(&conn->channel_lock));
166 if (call) {
167 if (compl == RXRPC_CALL_LOCALLY_ABORTED)
168 trace_rxrpc_abort(call->debug_id,
169 "CON", call->cid,
170 call->call_id, 0,
171 conn->abort_code,
172 conn->error);
173 else
174 trace_rxrpc_rx_abort(call, serial,
175 conn->abort_code);
176 if (rxrpc_set_call_completion(call, compl,
177 conn->abort_code,
178 conn->error))
179 rxrpc_notify_socket(call);
180 }
181 }
182
183 spin_unlock(&conn->channel_lock);
184 _leave("");
185}
186
187
188
189
190static int rxrpc_abort_connection(struct rxrpc_connection *conn,
191 int error, u32 abort_code)
192{
193 struct rxrpc_wire_header whdr;
194 struct msghdr msg;
195 struct kvec iov[2];
196 __be32 word;
197 size_t len;
198 u32 serial;
199 int ret;
200
201 _enter("%d,,%u,%u", conn->debug_id, error, abort_code);
202
203
204 spin_lock_bh(&conn->state_lock);
205 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
206 spin_unlock_bh(&conn->state_lock);
207 _leave(" = 0 [already dead]");
208 return 0;
209 }
210
211 conn->error = error;
212 conn->abort_code = abort_code;
213 conn->state = RXRPC_CONN_LOCALLY_ABORTED;
214 spin_unlock_bh(&conn->state_lock);
215
216 msg.msg_name = &conn->params.peer->srx.transport;
217 msg.msg_namelen = conn->params.peer->srx.transport_len;
218 msg.msg_control = NULL;
219 msg.msg_controllen = 0;
220 msg.msg_flags = 0;
221
222 whdr.epoch = htonl(conn->proto.epoch);
223 whdr.cid = htonl(conn->proto.cid);
224 whdr.callNumber = 0;
225 whdr.seq = 0;
226 whdr.type = RXRPC_PACKET_TYPE_ABORT;
227 whdr.flags = conn->out_clientflag;
228 whdr.userStatus = 0;
229 whdr.securityIndex = conn->security_ix;
230 whdr._rsvd = 0;
231 whdr.serviceId = htons(conn->service_id);
232
233 word = htonl(conn->abort_code);
234
235 iov[0].iov_base = &whdr;
236 iov[0].iov_len = sizeof(whdr);
237 iov[1].iov_base = &word;
238 iov[1].iov_len = sizeof(word);
239
240 len = iov[0].iov_len + iov[1].iov_len;
241
242 serial = atomic_inc_return(&conn->serial);
243 rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, serial);
244 whdr.serial = htonl(serial);
245 _proto("Tx CONN ABORT %%%u { %d }", serial, conn->abort_code);
246
247 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len);
248 if (ret < 0) {
249 trace_rxrpc_tx_fail(conn->debug_id, serial, ret,
250 rxrpc_tx_point_conn_abort);
251 _debug("sendmsg failed: %d", ret);
252 return -EAGAIN;
253 }
254
255 trace_rxrpc_tx_packet(conn->debug_id, &whdr, rxrpc_tx_point_conn_abort);
256
257 conn->params.peer->last_tx_at = ktime_get_seconds();
258
259 _leave(" = 0");
260 return 0;
261}
262
263
264
265
266
267static void rxrpc_call_is_secure(struct rxrpc_call *call)
268{
269 _enter("%p", call);
270 if (call) {
271 write_lock_bh(&call->state_lock);
272 if (call->state == RXRPC_CALL_SERVER_SECURING) {
273 call->state = RXRPC_CALL_SERVER_ACCEPTING;
274 rxrpc_notify_socket(call);
275 }
276 write_unlock_bh(&call->state_lock);
277 }
278}
279
280
281
282
283static int rxrpc_process_event(struct rxrpc_connection *conn,
284 struct sk_buff *skb,
285 u32 *_abort_code)
286{
287 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
288 __be32 wtmp;
289 u32 abort_code;
290 int loop, ret;
291
292 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
293 _leave(" = -ECONNABORTED [%u]", conn->state);
294 return -ECONNABORTED;
295 }
296
297 _enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial);
298
299 switch (sp->hdr.type) {
300 case RXRPC_PACKET_TYPE_DATA:
301 case RXRPC_PACKET_TYPE_ACK:
302 rxrpc_conn_retransmit_call(conn, skb,
303 sp->hdr.cid & RXRPC_CHANNELMASK);
304 return 0;
305
306 case RXRPC_PACKET_TYPE_BUSY:
307
308 return 0;
309
310 case RXRPC_PACKET_TYPE_ABORT:
311 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header),
312 &wtmp, sizeof(wtmp)) < 0) {
313 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial,
314 tracepoint_string("bad_abort"));
315 return -EPROTO;
316 }
317 abort_code = ntohl(wtmp);
318 _proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code);
319
320 conn->error = -ECONNABORTED;
321 conn->abort_code = abort_code;
322 conn->state = RXRPC_CONN_REMOTELY_ABORTED;
323 rxrpc_abort_calls(conn, RXRPC_CALL_REMOTELY_ABORTED, sp->hdr.serial);
324 return -ECONNABORTED;
325
326 case RXRPC_PACKET_TYPE_CHALLENGE:
327 return conn->security->respond_to_challenge(conn, skb,
328 _abort_code);
329
330 case RXRPC_PACKET_TYPE_RESPONSE:
331 ret = conn->security->verify_response(conn, skb, _abort_code);
332 if (ret < 0)
333 return ret;
334
335 ret = conn->security->init_connection_security(conn);
336 if (ret < 0)
337 return ret;
338
339 ret = conn->security->prime_packet_security(conn);
340 if (ret < 0)
341 return ret;
342
343 spin_lock(&conn->channel_lock);
344 spin_lock(&conn->state_lock);
345
346 if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) {
347 conn->state = RXRPC_CONN_SERVICE;
348 spin_unlock(&conn->state_lock);
349 for (loop = 0; loop < RXRPC_MAXCALLS; loop++)
350 rxrpc_call_is_secure(
351 rcu_dereference_protected(
352 conn->channels[loop].call,
353 lockdep_is_held(&conn->channel_lock)));
354 } else {
355 spin_unlock(&conn->state_lock);
356 }
357
358 spin_unlock(&conn->channel_lock);
359 return 0;
360
361 default:
362 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial,
363 tracepoint_string("bad_conn_pkt"));
364 return -EPROTO;
365 }
366}
367
368
369
370
371static void rxrpc_secure_connection(struct rxrpc_connection *conn)
372{
373 u32 abort_code;
374 int ret;
375
376 _enter("{%d}", conn->debug_id);
377
378 ASSERT(conn->security_ix != 0);
379
380 if (!conn->params.key) {
381 _debug("set up security");
382 ret = rxrpc_init_server_conn_security(conn);
383 switch (ret) {
384 case 0:
385 break;
386 case -ENOENT:
387 abort_code = RX_CALL_DEAD;
388 goto abort;
389 default:
390 abort_code = RXKADNOAUTH;
391 goto abort;
392 }
393 }
394
395 if (conn->security->issue_challenge(conn) < 0) {
396 abort_code = RX_CALL_DEAD;
397 ret = -ENOMEM;
398 goto abort;
399 }
400
401 _leave("");
402 return;
403
404abort:
405 _debug("abort %d, %d", ret, abort_code);
406 rxrpc_abort_connection(conn, ret, abort_code);
407 _leave(" [aborted]");
408}
409
410
411
412
413static void rxrpc_process_delayed_final_acks(struct rxrpc_connection *conn)
414{
415 unsigned long j = jiffies, next_j;
416 unsigned int channel;
417 bool set;
418
419again:
420 next_j = j + LONG_MAX;
421 set = false;
422 for (channel = 0; channel < RXRPC_MAXCALLS; channel++) {
423 struct rxrpc_channel *chan = &conn->channels[channel];
424 unsigned long ack_at;
425
426 if (!test_bit(RXRPC_CONN_FINAL_ACK_0 + channel, &conn->flags))
427 continue;
428
429 smp_rmb();
430 ack_at = READ_ONCE(chan->final_ack_at);
431
432 if (time_before(j, ack_at)) {
433 if (time_before(ack_at, next_j)) {
434 next_j = ack_at;
435 set = true;
436 }
437 continue;
438 }
439
440 if (test_and_clear_bit(RXRPC_CONN_FINAL_ACK_0 + channel,
441 &conn->flags))
442 rxrpc_conn_retransmit_call(conn, NULL, channel);
443 }
444
445 j = jiffies;
446 if (time_before_eq(next_j, j))
447 goto again;
448 if (set)
449 rxrpc_reduce_conn_timer(conn, next_j);
450}
451
452
453
454
455void rxrpc_process_connection(struct work_struct *work)
456{
457 struct rxrpc_connection *conn =
458 container_of(work, struct rxrpc_connection, processor);
459 struct sk_buff *skb;
460 u32 abort_code = RX_PROTOCOL_ERROR;
461 int ret;
462
463 rxrpc_see_connection(conn);
464
465 if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events))
466 rxrpc_secure_connection(conn);
467
468
469 if (conn->flags & RXRPC_CONN_FINAL_ACK_MASK)
470 rxrpc_process_delayed_final_acks(conn);
471
472
473
474 while ((skb = skb_dequeue(&conn->rx_queue))) {
475 rxrpc_see_skb(skb, rxrpc_skb_seen);
476 ret = rxrpc_process_event(conn, skb, &abort_code);
477 switch (ret) {
478 case -EPROTO:
479 case -EKEYEXPIRED:
480 case -EKEYREJECTED:
481 goto protocol_error;
482 case -ENOMEM:
483 case -EAGAIN:
484 goto requeue_and_leave;
485 case -ECONNABORTED:
486 default:
487 rxrpc_free_skb(skb, rxrpc_skb_freed);
488 break;
489 }
490 }
491
492out:
493 rxrpc_put_connection(conn);
494 _leave("");
495 return;
496
497requeue_and_leave:
498 skb_queue_head(&conn->rx_queue, skb);
499 goto out;
500
501protocol_error:
502 if (rxrpc_abort_connection(conn, ret, abort_code) < 0)
503 goto requeue_and_leave;
504 rxrpc_free_skb(skb, rxrpc_skb_freed);
505 goto out;
506}
507
