[mirror_ubuntu-bionic-kernel.git] / net / rxrpc / conn_event.c

/* connection-level event handling
 *
 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version
 * 2 of the License, or (at your option) any later version.
 */

#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

#include <linux/module.h>
#include <linux/net.h>
#include <linux/skbuff.h>
#include <linux/errqueue.h>
#include <linux/udp.h>
#include <linux/in.h>
#include <linux/in6.h>
#include <linux/icmp.h>
#include <net/sock.h>
#include <net/af_rxrpc.h>
#include <net/ip.h>
#include "ar-internal.h"

/*
 * Retransmit terminal ACK or ABORT of the previous call.
 */
static void rxrpc_conn_retransmit_call(struct rxrpc_connection *conn,
				       struct sk_buff *skb)
{
	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
	struct rxrpc_channel *chan;
	struct msghdr msg;
	struct kvec iov;
	struct {
		struct rxrpc_wire_header whdr;
		union {
			struct {
				__be32 code;
			} abort;
			struct {
				struct rxrpc_ackpacket ack;
				u8 padding[3];
				struct rxrpc_ackinfo info;
			};
		};
	} __attribute__((packed)) pkt;
	size_t len;
	u32 serial, mtu, call_id;

	_enter("%d", conn->debug_id);

	chan = &conn->channels[sp->hdr.cid & RXRPC_CHANNELMASK];

	/* If the last call got moved on whilst we were waiting to run, just
	 * ignore this packet.
	 */
	call_id = READ_ONCE(chan->last_call);
	/* Sync with __rxrpc_disconnect_call() */
	smp_rmb();
	if (call_id != sp->hdr.callNumber)
		return;

	msg.msg_name	= &conn->params.peer->srx.transport;
	msg.msg_namelen	= conn->params.peer->srx.transport_len;
	msg.msg_control	= NULL;
	msg.msg_controllen = 0;
	msg.msg_flags	= 0;

	pkt.whdr.epoch		= htonl(sp->hdr.epoch);
	pkt.whdr.cid		= htonl(sp->hdr.cid);
	pkt.whdr.callNumber	= htonl(sp->hdr.callNumber);
	pkt.whdr.seq		= 0;
	pkt.whdr.type		= chan->last_type;
	pkt.whdr.flags		= conn->out_clientflag;
	pkt.whdr.userStatus	= 0;
	pkt.whdr.securityIndex	= conn->security_ix;
	pkt.whdr._rsvd		= 0;
	pkt.whdr.serviceId	= htons(chan->last_service_id);

	len = sizeof(pkt.whdr);
	switch (chan->last_type) {
	case RXRPC_PACKET_TYPE_ABORT:
		pkt.abort.code	= htonl(chan->last_abort);
		len += sizeof(pkt.abort);
		break;

	case RXRPC_PACKET_TYPE_ACK:
		mtu = conn->params.peer->if_mtu;
		mtu -= conn->params.peer->hdrsize;
		pkt.ack.bufferSpace	= 0;
		pkt.ack.maxSkew		= htons(skb->priority);
		pkt.ack.firstPacket	= htonl(chan->last_seq);
		pkt.ack.previousPacket	= htonl(chan->last_seq - 1);
		pkt.ack.serial		= htonl(sp->hdr.serial);
		pkt.ack.reason		= RXRPC_ACK_DUPLICATE;
		pkt.ack.nAcks		= 0;
		pkt.info.rxMTU		= htonl(rxrpc_rx_mtu);
		pkt.info.maxMTU		= htonl(mtu);
		pkt.info.rwind		= htonl(rxrpc_rx_window_size);
		pkt.info.jumbo_max	= htonl(rxrpc_rx_jumbo_max);
		len += sizeof(pkt.ack) + sizeof(pkt.info);
		break;
	}

	/* Resync with __rxrpc_disconnect_call() and check that the last call
	 * didn't get advanced whilst we were filling out the packets.
	 */
	smp_rmb();
	if (READ_ONCE(chan->last_call) != call_id)
		return;

	iov.iov_base	= &pkt;
	iov.iov_len	= len;

	serial = atomic_inc_return(&conn->serial);
	pkt.whdr.serial = htonl(serial);

	switch (chan->last_type) {
	case RXRPC_PACKET_TYPE_ABORT:
		_proto("Tx ABORT %%%u { %d } [re]", serial, conn->local_abort);
		break;
	case RXRPC_PACKET_TYPE_ACK:
		_proto("Tx ACK %%%u [re]", serial);
		break;
	}

	kernel_sendmsg(conn->params.local->socket, &msg, &iov, 1, len);
	_leave("");
	return;
}

/*
 * pass a connection-level abort onto all calls on that connection
 */
static void rxrpc_abort_calls(struct rxrpc_connection *conn,
			      enum rxrpc_call_completion compl,
			      u32 abort_code, int error)
{
	struct rxrpc_call *call;
	bool queue;
	int i, bit;

	_enter("{%d},%x", conn->debug_id, abort_code);

	if (compl == RXRPC_CALL_LOCALLY_ABORTED)
		bit = RXRPC_CALL_EV_CONN_ABORT;
	else
		bit = RXRPC_CALL_EV_RCVD_ABORT;

	spin_lock(&conn->channel_lock);

	for (i = 0; i < RXRPC_MAXCALLS; i++) {
		call = rcu_dereference_protected(
			conn->channels[i].call,
			lockdep_is_held(&conn->channel_lock));
		if (call) {
			rxrpc_see_call(call);
			if (compl == RXRPC_CALL_LOCALLY_ABORTED)
				trace_rxrpc_abort("CON", call->cid,
						  call->call_id, 0,
						  abort_code, error);

			write_lock_bh(&call->state_lock);
			if (rxrpc_set_call_completion(call, compl, abort_code,
						      error)) {
				set_bit(bit, &call->events);
				queue = true;
			}
			write_unlock_bh(&call->state_lock);
			if (queue)
				rxrpc_queue_call(call);

		}
	}

	spin_unlock(&conn->channel_lock);
	_leave("");
}

/*
 * generate a connection-level abort
 */
static int rxrpc_abort_connection(struct rxrpc_connection *conn,
				  u32 error, u32 abort_code)
{
	struct rxrpc_wire_header whdr;
	struct msghdr msg;
	struct kvec iov[2];
	__be32 word;
	size_t len;
	u32 serial;
	int ret;

	_enter("%d,,%u,%u", conn->debug_id, error, abort_code);

	/* generate a connection-level abort */
	spin_lock_bh(&conn->state_lock);
	if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
		spin_unlock_bh(&conn->state_lock);
		_leave(" = 0 [already dead]");
		return 0;
	}

	conn->state = RXRPC_CONN_LOCALLY_ABORTED;
	spin_unlock_bh(&conn->state_lock);

	rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, abort_code, error);

	msg.msg_name	= &conn->params.peer->srx.transport;
	msg.msg_namelen	= conn->params.peer->srx.transport_len;
	msg.msg_control	= NULL;
	msg.msg_controllen = 0;
	msg.msg_flags	= 0;

	whdr.epoch	= htonl(conn->proto.epoch);
	whdr.cid	= htonl(conn->proto.cid);
	whdr.callNumber	= 0;
	whdr.seq	= 0;
	whdr.type	= RXRPC_PACKET_TYPE_ABORT;
	whdr.flags	= conn->out_clientflag;
	whdr.userStatus	= 0;
	whdr.securityIndex = conn->security_ix;
	whdr._rsvd	= 0;
	whdr.serviceId	= htons(conn->params.service_id);

	word		= htonl(conn->local_abort);

	iov[0].iov_base	= &whdr;
	iov[0].iov_len	= sizeof(whdr);
	iov[1].iov_base	= &word;
	iov[1].iov_len	= sizeof(word);

	len = iov[0].iov_len + iov[1].iov_len;

	serial = atomic_inc_return(&conn->serial);
	whdr.serial = htonl(serial);
	_proto("Tx CONN ABORT %%%u { %d }", serial, conn->local_abort);

	ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len);
	if (ret < 0) {
		_debug("sendmsg failed: %d", ret);
		return -EAGAIN;
	}

	_leave(" = 0");
	return 0;
}

/*
 * mark a call as being on a now-secured channel
 * - must be called with softirqs disabled
 */
static void rxrpc_call_is_secure(struct rxrpc_call *call)
{
	_enter("%p", call);
	if (call) {
		read_lock(&call->state_lock);
		if (call->state < RXRPC_CALL_COMPLETE &&
		    !test_and_set_bit(RXRPC_CALL_EV_SECURED, &call->events))
			rxrpc_queue_call(call);
		read_unlock(&call->state_lock);
	}
}

/*
 * connection-level Rx packet processor
 */
static int rxrpc_process_event(struct rxrpc_connection *conn,
			       struct sk_buff *skb,
			       u32 *_abort_code)
{
	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
	__be32 wtmp;
	u32 abort_code;
	int loop, ret;

	if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
		kleave(" = -ECONNABORTED [%u]", conn->state);
		return -ECONNABORTED;
	}

	_enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial);

	switch (sp->hdr.type) {
	case RXRPC_PACKET_TYPE_DATA:
	case RXRPC_PACKET_TYPE_ACK:
		rxrpc_conn_retransmit_call(conn, skb);
		return 0;

	case RXRPC_PACKET_TYPE_ABORT:
		if (skb_copy_bits(skb, 0, &wtmp, sizeof(wtmp)) < 0)
			return -EPROTO;
		abort_code = ntohl(wtmp);
		_proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code);

		conn->state = RXRPC_CONN_REMOTELY_ABORTED;
		rxrpc_abort_calls(conn, 0, RXRPC_CALL_REMOTELY_ABORTED,
				  abort_code);
		return -ECONNABORTED;

	case RXRPC_PACKET_TYPE_CHALLENGE:
		return conn->security->respond_to_challenge(conn, skb,
							    _abort_code);

	case RXRPC_PACKET_TYPE_RESPONSE:
		ret = conn->security->verify_response(conn, skb, _abort_code);
		if (ret < 0)
			return ret;

		ret = conn->security->init_connection_security(conn);
		if (ret < 0)
			return ret;

		ret = conn->security->prime_packet_security(conn);
		if (ret < 0)
			return ret;

		spin_lock(&conn->channel_lock);
		spin_lock(&conn->state_lock);

		if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) {
			conn->state = RXRPC_CONN_SERVICE;
			for (loop = 0; loop < RXRPC_MAXCALLS; loop++)
				rxrpc_call_is_secure(
					rcu_dereference_protected(
						conn->channels[loop].call,
						lockdep_is_held(&conn->channel_lock)));
		}

		spin_unlock(&conn->state_lock);
		spin_unlock(&conn->channel_lock);
		return 0;

	default:
		_leave(" = -EPROTO [%u]", sp->hdr.type);
		return -EPROTO;
	}
}

/*
 * set up security and issue a challenge
 */
static void rxrpc_secure_connection(struct rxrpc_connection *conn)
{
	u32 abort_code;
	int ret;

	_enter("{%d}", conn->debug_id);

	ASSERT(conn->security_ix != 0);

	if (!conn->params.key) {
		_debug("set up security");
		ret = rxrpc_init_server_conn_security(conn);
		switch (ret) {
		case 0:
			break;
		case -ENOENT:
			abort_code = RX_CALL_DEAD;
			goto abort;
		default:
			abort_code = RXKADNOAUTH;
			goto abort;
		}
	}

	if (conn->security->issue_challenge(conn) < 0) {
		abort_code = RX_CALL_DEAD;
		ret = -ENOMEM;
		goto abort;
	}

	_leave("");
	return;

abort:
	_debug("abort %d, %d", ret, abort_code);
	rxrpc_abort_connection(conn, -ret, abort_code);
	_leave(" [aborted]");
}

/*
 * connection-level event processor
 */
void rxrpc_process_connection(struct work_struct *work)
{
	struct rxrpc_connection *conn =
		container_of(work, struct rxrpc_connection, processor);
	struct sk_buff *skb;
	u32 abort_code = RX_PROTOCOL_ERROR;
	int ret;

	_enter("{%d}", conn->debug_id);

	if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events))
		rxrpc_secure_connection(conn);

	/* go through the conn-level event packets, releasing the ref on this
	 * connection that each one has when we've finished with it */
	while ((skb = skb_dequeue(&conn->rx_queue))) {
		rxrpc_see_skb(skb);
		ret = rxrpc_process_event(conn, skb, &abort_code);
		switch (ret) {
		case -EPROTO:
		case -EKEYEXPIRED:
		case -EKEYREJECTED:
			goto protocol_error;
		case -EAGAIN:
			goto requeue_and_leave;
		case -ECONNABORTED:
		default:
			rxrpc_free_skb(skb);
			break;
		}
	}

out:
	rxrpc_put_connection(conn);
	_leave("");
	return;

requeue_and_leave:
	skb_queue_head(&conn->rx_queue, skb);
	goto out;

protocol_error:
	if (rxrpc_abort_connection(conn, -ret, abort_code) < 0)
		goto requeue_and_leave;
	rxrpc_free_skb(skb);
	_leave(" [EPROTO]");
	goto out;
}

/*
 * put a packet up for transport-level abort
 */
void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb)
{
	CHECK_SLAB_OKAY(&local->usage);

	skb_queue_tail(&local->reject_queue, skb);
	rxrpc_queue_local(local);
}

/*
 * reject packets through the local endpoint
 */
void rxrpc_reject_packets(struct rxrpc_local *local)
{
	union {
		struct sockaddr sa;
		struct sockaddr_in sin;
	} sa;
	struct rxrpc_skb_priv *sp;
	struct rxrpc_wire_header whdr;
	struct sk_buff *skb;
	struct msghdr msg;
	struct kvec iov[2];
	size_t size;
	__be32 code;

	_enter("%d", local->debug_id);

	iov[0].iov_base = &whdr;
	iov[0].iov_len = sizeof(whdr);
	iov[1].iov_base = &code;
	iov[1].iov_len = sizeof(code);
	size = sizeof(whdr) + sizeof(code);

	msg.msg_name = &sa;
	msg.msg_control = NULL;
	msg.msg_controllen = 0;
	msg.msg_flags = 0;

	memset(&sa, 0, sizeof(sa));
	sa.sa.sa_family = local->srx.transport.family;
	switch (sa.sa.sa_family) {
	case AF_INET:
		msg.msg_namelen = sizeof(sa.sin);
		break;
	default:
		msg.msg_namelen = 0;
		break;
	}

	memset(&whdr, 0, sizeof(whdr));
	whdr.type = RXRPC_PACKET_TYPE_ABORT;

	while ((skb = skb_dequeue(&local->reject_queue))) {
		rxrpc_see_skb(skb);
		sp = rxrpc_skb(skb);
		switch (sa.sa.sa_family) {
		case AF_INET:
			sa.sin.sin_port = udp_hdr(skb)->source;
			sa.sin.sin_addr.s_addr = ip_hdr(skb)->saddr;
			code = htonl(skb->priority);

			whdr.epoch	= htonl(sp->hdr.epoch);
			whdr.cid	= htonl(sp->hdr.cid);
			whdr.callNumber	= htonl(sp->hdr.callNumber);
			whdr.serviceId	= htons(sp->hdr.serviceId);
			whdr.flags	= sp->hdr.flags;
			whdr.flags	^= RXRPC_CLIENT_INITIATED;
			whdr.flags	&= RXRPC_CLIENT_INITIATED;

			kernel_sendmsg(local->socket, &msg, iov, 2, size);
			break;

		default:
			break;
		}

		rxrpc_free_skb(skb);
	}

	_leave("");
}
Commit	Line	Data
17926a79 DH	1	/* connection-level event handling
	2	*
	3	* Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
	4	* Written by David Howells (dhowells@redhat.com)
	5	*
	6	* This program is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU General Public License
	8	* as published by the Free Software Foundation; either version
	9	* 2 of the License, or (at your option) any later version.
	10	*/
	11
9b6d5398 JP	12	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9b6d5398 JP	13
17926a79 DH	14	#include <linux/module.h>
	15	#include <linux/net.h>
	16	#include <linux/skbuff.h>
	17	#include <linux/errqueue.h>
	18	#include <linux/udp.h>
	19	#include <linux/in.h>
	20	#include <linux/in6.h>
	21	#include <linux/icmp.h>
	22	#include <net/sock.h>
	23	#include <net/af_rxrpc.h>
	24	#include <net/ip.h>
	25	#include "ar-internal.h"
	26
18bfeba5 DH	27	/*
	28	* Retransmit terminal ACK or ABORT of the previous call.
	29	*/
f5c17aae DH	30	static void rxrpc_conn_retransmit_call(struct rxrpc_connection *conn,
f5c17aae DH	31	struct sk_buff *skb)
18bfeba5 DH	32	{
	33	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
	34	struct rxrpc_channel *chan;
	35	struct msghdr msg;
	36	struct kvec iov;
	37	struct {
	38	struct rxrpc_wire_header whdr;
	39	union {
	40	struct {
	41	__be32 code;
	42	} abort;
	43	struct {
	44	struct rxrpc_ackpacket ack;
2266ffde	45	u8 padding[3];
18bfeba5 DH	46	struct rxrpc_ackinfo info;
	47	};
	48	};
	49	} __attribute__((packed)) pkt;
	50	size_t len;
	51	u32 serial, mtu, call_id;
	52
	53	_enter("%d", conn->debug_id);
	54
	55	chan = &conn->channels[sp->hdr.cid & RXRPC_CHANNELMASK];
	56
	57	/* If the last call got moved on whilst we were waiting to run, just
	58	* ignore this packet.
	59	*/
	60	call_id = READ_ONCE(chan->last_call);
	61	/* Sync with __rxrpc_disconnect_call() */
	62	smp_rmb();
	63	if (call_id != sp->hdr.callNumber)
	64	return;
	65
	66	msg.msg_name = &conn->params.peer->srx.transport;
	67	msg.msg_namelen = conn->params.peer->srx.transport_len;
	68	msg.msg_control = NULL;
	69	msg.msg_controllen = 0;
	70	msg.msg_flags = 0;
	71
	72	pkt.whdr.epoch = htonl(sp->hdr.epoch);
	73	pkt.whdr.cid = htonl(sp->hdr.cid);
	74	pkt.whdr.callNumber = htonl(sp->hdr.callNumber);
	75	pkt.whdr.seq = 0;
	76	pkt.whdr.type = chan->last_type;
	77	pkt.whdr.flags = conn->out_clientflag;
	78	pkt.whdr.userStatus = 0;
	79	pkt.whdr.securityIndex = conn->security_ix;
	80	pkt.whdr._rsvd = 0;
	81	pkt.whdr.serviceId = htons(chan->last_service_id);
	82
	83	len = sizeof(pkt.whdr);
	84	switch (chan->last_type) {
	85	case RXRPC_PACKET_TYPE_ABORT:
	86	pkt.abort.code = htonl(chan->last_abort);
	87	len += sizeof(pkt.abort);
	88	break;
	89
	90	case RXRPC_PACKET_TYPE_ACK:
	91	mtu = conn->params.peer->if_mtu;
	92	mtu -= conn->params.peer->hdrsize;
	93	pkt.ack.bufferSpace = 0;
	94	pkt.ack.maxSkew = htons(skb->priority);
	95	pkt.ack.firstPacket = htonl(chan->last_seq);
	96	pkt.ack.previousPacket = htonl(chan->last_seq - 1);
	97	pkt.ack.serial = htonl(sp->hdr.serial);
	98	pkt.ack.reason = RXRPC_ACK_DUPLICATE;
	99	pkt.ack.nAcks = 0;
	100	pkt.info.rxMTU = htonl(rxrpc_rx_mtu);
	101	pkt.info.maxMTU = htonl(mtu);
	102	pkt.info.rwind = htonl(rxrpc_rx_window_size);
	103	pkt.info.jumbo_max = htonl(rxrpc_rx_jumbo_max);
	104	len += sizeof(pkt.ack) + sizeof(pkt.info);
	105	break;
	106	}
	107
	108	/* Resync with __rxrpc_disconnect_call() and check that the last call
	109	* didn't get advanced whilst we were filling out the packets.
110	*/
111	smp_rmb();
112	if (READ_ONCE(chan->last_call) != call_id)
113	return;
114
115	iov.iov_base = &pkt;
116	iov.iov_len = len;
117
118	serial = atomic_inc_return(&conn->serial);
119	pkt.whdr.serial = htonl(serial);
120
121	switch (chan->last_type) {
122	case RXRPC_PACKET_TYPE_ABORT:
123	_proto("Tx ABORT %%%u { %d } [re]", serial, conn->local_abort);
124	break;
125	case RXRPC_PACKET_TYPE_ACK:
126	_proto("Tx ACK %%%u [re]", serial);
127	break;
128	}
129
130	kernel_sendmsg(conn->params.local->socket, &msg, &iov, 1, len);
131	_leave("");
132	return;
133	}
134
17926a79 DH	135	/*
	136	* pass a connection-level abort onto all calls on that connection
	137	*/
f5c17aae DH	138	static void rxrpc_abort_calls(struct rxrpc_connection *conn,
	139	enum rxrpc_call_completion compl,
	140	u32 abort_code, int error)
17926a79 DH	141	{
17926a79 DH	142	struct rxrpc_call *call;
f5c17aae DH	143	bool queue;
f5c17aae DH	144	int i, bit;
17926a79 DH	145
	146	_enter("{%d},%x", conn->debug_id, abort_code);
	147
f5c17aae DH	148	if (compl == RXRPC_CALL_LOCALLY_ABORTED)
	149	bit = RXRPC_CALL_EV_CONN_ABORT;
	150	else
	151	bit = RXRPC_CALL_EV_RCVD_ABORT;
	152
a1399f8b	153	spin_lock(&conn->channel_lock);
17926a79	154
a1399f8b DH	155	for (i = 0; i < RXRPC_MAXCALLS; i++) {
	156	call = rcu_dereference_protected(
	157	conn->channels[i].call,
	158	lockdep_is_held(&conn->channel_lock));
ccbd3dbe	159	if (call) {
e34d4234	160	rxrpc_see_call(call);
5a42976d DH	161	if (compl == RXRPC_CALL_LOCALLY_ABORTED)
	162	trace_rxrpc_abort("CON", call->cid,
	163	call->call_id, 0,
	164	abort_code, error);
	165
ccbd3dbe	166	write_lock_bh(&call->state_lock);
f5c17aae DH	167	if (rxrpc_set_call_completion(call, compl, abort_code,
	168	error)) {
	169	set_bit(bit, &call->events);
	170	queue = true;
dc44b3a0	171	}
ccbd3dbe	172	write_unlock_bh(&call->state_lock);
f5c17aae DH	173	if (queue)
f5c17aae DH	174	rxrpc_queue_call(call);
5a42976d	175
17926a79	176	}
17926a79 DH	177	}
17926a79 DH	178
a1399f8b	179	spin_unlock(&conn->channel_lock);
17926a79 DH	180	_leave("");
	181	}
	182
	183	/*
	184	* generate a connection-level abort
	185	*/
	186	static int rxrpc_abort_connection(struct rxrpc_connection *conn,
	187	u32 error, u32 abort_code)
	188	{
0d12f8a4	189	struct rxrpc_wire_header whdr;
17926a79 DH	190	struct msghdr msg;
	191	struct kvec iov[2];
	192	__be32 word;
	193	size_t len;
0d12f8a4	194	u32 serial;
17926a79 DH	195	int ret;
	196
	197	_enter("%d,,%u,%u", conn->debug_id, error, abort_code);
	198
	199	/* generate a connection-level abort */
	200	spin_lock_bh(&conn->state_lock);
f5c17aae	201	if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
17926a79 DH	202	spin_unlock_bh(&conn->state_lock);
	203	_leave(" = 0 [already dead]");
	204	return 0;
	205	}
	206
f5c17aae DH	207	conn->state = RXRPC_CONN_LOCALLY_ABORTED;
	208	spin_unlock_bh(&conn->state_lock);
	209
	210	rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, abort_code, error);
17926a79	211
85f32278 DH	212	msg.msg_name = &conn->params.peer->srx.transport;
85f32278 DH	213	msg.msg_namelen = conn->params.peer->srx.transport_len;
17926a79 DH	214	msg.msg_control = NULL;
	215	msg.msg_controllen = 0;
	216	msg.msg_flags = 0;
	217
19ffa01c DH	218	whdr.epoch = htonl(conn->proto.epoch);
19ffa01c DH	219	whdr.cid = htonl(conn->proto.cid);
0d12f8a4 DH	220	whdr.callNumber = 0;
	221	whdr.seq = 0;
	222	whdr.type = RXRPC_PACKET_TYPE_ABORT;
	223	whdr.flags = conn->out_clientflag;
	224	whdr.userStatus = 0;
	225	whdr.securityIndex = conn->security_ix;
	226	whdr._rsvd = 0;
19ffa01c	227	whdr.serviceId = htons(conn->params.service_id);
17926a79	228
dc44b3a0	229	word = htonl(conn->local_abort);
17926a79	230
0d12f8a4 DH	231	iov[0].iov_base = &whdr;
0d12f8a4 DH	232	iov[0].iov_len = sizeof(whdr);
17926a79 DH	233	iov[1].iov_base = &word;
	234	iov[1].iov_len = sizeof(word);
	235
	236	len = iov[0].iov_len + iov[1].iov_len;
	237
0d12f8a4 DH	238	serial = atomic_inc_return(&conn->serial);
0d12f8a4 DH	239	whdr.serial = htonl(serial);
dc44b3a0	240	_proto("Tx CONN ABORT %%%u { %d }", serial, conn->local_abort);
17926a79	241
85f32278	242	ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len);
17926a79 DH	243	if (ret < 0) {
	244	_debug("sendmsg failed: %d", ret);
	245	return -EAGAIN;
	246	}
	247
	248	_leave(" = 0");
	249	return 0;
	250	}
	251
	252	/*
	253	* mark a call as being on a now-secured channel
	254	* - must be called with softirqs disabled
	255	*/
5eaa65b2	256	static void rxrpc_call_is_secure(struct rxrpc_call *call)
17926a79 DH	257	{
	258	_enter("%p", call);
	259	if (call) {
	260	read_lock(&call->state_lock);
	261	if (call->state < RXRPC_CALL_COMPLETE &&
4c198ad1	262	!test_and_set_bit(RXRPC_CALL_EV_SECURED, &call->events))
651350d1	263	rxrpc_queue_call(call);
17926a79 DH	264	read_unlock(&call->state_lock);
	265	}
	266	}
	267
	268	/*
	269	* connection-level Rx packet processor
	270	*/
	271	static int rxrpc_process_event(struct rxrpc_connection *conn,
	272	struct sk_buff *skb,
	273	u32 *_abort_code)
	274	{
	275	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
0d12f8a4 DH	276	__be32 wtmp;
0d12f8a4 DH	277	u32 abort_code;
17926a79 DH	278	int loop, ret;
17926a79 DH	279
519d2567 DH	280	if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
519d2567 DH	281	kleave(" = -ECONNABORTED [%u]", conn->state);
17926a79	282	return -ECONNABORTED;
519d2567	283	}
17926a79	284
0d12f8a4	285	_enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial);
519d2567	286
17926a79	287	switch (sp->hdr.type) {
18bfeba5 DH	288	case RXRPC_PACKET_TYPE_DATA:
18bfeba5 DH	289	case RXRPC_PACKET_TYPE_ACK:
f5c17aae	290	rxrpc_conn_retransmit_call(conn, skb);
18bfeba5 DH	291	return 0;
18bfeba5 DH	292
17926a79	293	case RXRPC_PACKET_TYPE_ABORT:
0d12f8a4	294	if (skb_copy_bits(skb, 0, &wtmp, sizeof(wtmp)) < 0)
17926a79	295	return -EPROTO;
0d12f8a4 DH	296	abort_code = ntohl(wtmp);
0d12f8a4 DH	297	_proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code);
17926a79 DH	298
17926a79 DH	299	conn->state = RXRPC_CONN_REMOTELY_ABORTED;
f5c17aae	300	rxrpc_abort_calls(conn, 0, RXRPC_CALL_REMOTELY_ABORTED,
0d12f8a4	301	abort_code);
17926a79 DH	302	return -ECONNABORTED;
	303
	304	case RXRPC_PACKET_TYPE_CHALLENGE:
e0e4d82f DH	305	return conn->security->respond_to_challenge(conn, skb,
e0e4d82f DH	306	_abort_code);
17926a79 DH	307
17926a79 DH	308	case RXRPC_PACKET_TYPE_RESPONSE:
17926a79 DH	309	ret = conn->security->verify_response(conn, skb, _abort_code);
	310	if (ret < 0)
	311	return ret;
	312
	313	ret = conn->security->init_connection_security(conn);
	314	if (ret < 0)
	315	return ret;
	316
a263629d HX	317	ret = conn->security->prime_packet_security(conn);
	318	if (ret < 0)
	319	return ret;
	320
a1399f8b	321	spin_lock(&conn->channel_lock);
17926a79 DH	322	spin_lock(&conn->state_lock);
17926a79 DH	323
bba304db DH	324	if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) {
bba304db DH	325	conn->state = RXRPC_CONN_SERVICE;
17926a79	326	for (loop = 0; loop < RXRPC_MAXCALLS; loop++)
dee46364 DH	327	rxrpc_call_is_secure(
dee46364 DH	328	rcu_dereference_protected(
a1399f8b DH	329	conn->channels[loop].call,
a1399f8b DH	330	lockdep_is_held(&conn->channel_lock)));
17926a79 DH	331	}
	332
	333	spin_unlock(&conn->state_lock);
a1399f8b	334	spin_unlock(&conn->channel_lock);
17926a79 DH	335	return 0;
	336
	337	default:
519d2567	338	_leave(" = -EPROTO [%u]", sp->hdr.type);
17926a79 DH	339	return -EPROTO;
	340	}
	341	}
	342
	343	/*
	344	* set up security and issue a challenge
	345	*/
	346	static void rxrpc_secure_connection(struct rxrpc_connection *conn)
	347	{
	348	u32 abort_code;
	349	int ret;
	350
	351	_enter("{%d}", conn->debug_id);
	352
	353	ASSERT(conn->security_ix != 0);
	354
19ffa01c	355	if (!conn->params.key) {
17926a79 DH	356	_debug("set up security");
	357	ret = rxrpc_init_server_conn_security(conn);
	358	switch (ret) {
	359	case 0:
	360	break;
	361	case -ENOENT:
	362	abort_code = RX_CALL_DEAD;
	363	goto abort;
	364	default:
	365	abort_code = RXKADNOAUTH;
	366	goto abort;
	367	}
	368	}
	369
17926a79 DH	370	if (conn->security->issue_challenge(conn) < 0) {
	371	abort_code = RX_CALL_DEAD;
	372	ret = -ENOMEM;
	373	goto abort;
	374	}
	375
	376	_leave("");
	377	return;
	378
	379	abort:
	380	_debug("abort %d, %d", ret, abort_code);
	381	rxrpc_abort_connection(conn, -ret, abort_code);
	382	_leave(" [aborted]");
	383	}
	384
	385	/*
	386	* connection-level event processor
	387	*/
	388	void rxrpc_process_connection(struct work_struct *work)
	389	{
	390	struct rxrpc_connection *conn =
	391	container_of(work, struct rxrpc_connection, processor);
17926a79 DH	392	struct sk_buff *skb;
	393	u32 abort_code = RX_PROTOCOL_ERROR;
	394	int ret;
	395
	396	_enter("{%d}", conn->debug_id);
	397
2c4579e4	398	if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events))
17926a79	399	rxrpc_secure_connection(conn);
17926a79 DH	400
	401	/* go through the conn-level event packets, releasing the ref on this
	402	* connection that each one has when we've finished with it */
	403	while ((skb = skb_dequeue(&conn->rx_queue))) {
df844fd4	404	rxrpc_see_skb(skb);
17926a79 DH	405	ret = rxrpc_process_event(conn, skb, &abort_code);
	406	switch (ret) {
	407	case -EPROTO:
	408	case -EKEYEXPIRED:
	409	case -EKEYREJECTED:
	410	goto protocol_error;
	411	case -EAGAIN:
	412	goto requeue_and_leave;
	413	case -ECONNABORTED:
	414	default:
17926a79 DH	415	rxrpc_free_skb(skb);
	416	break;
	417	}
	418	}
	419
	420	out:
	421	rxrpc_put_connection(conn);
	422	_leave("");
	423	return;
	424
	425	requeue_and_leave:
	426	skb_queue_head(&conn->rx_queue, skb);
	427	goto out;
	428
	429	protocol_error:
	430	if (rxrpc_abort_connection(conn, -ret, abort_code) < 0)
	431	goto requeue_and_leave;
17926a79 DH	432	rxrpc_free_skb(skb);
	433	_leave(" [EPROTO]");
	434	goto out;
	435	}
	436
651350d1 DH	437	/*
	438	* put a packet up for transport-level abort
	439	*/
	440	void rxrpc_reject_packet(struct rxrpc_local local, struct sk_buff skb)
	441	{
	442	CHECK_SLAB_OKAY(&local->usage);
	443
651350d1	444	skb_queue_tail(&local->reject_queue, skb);
5acbee46	445	rxrpc_queue_local(local);
651350d1 DH	446	}
651350d1 DH	447
17926a79 DH	448	/*
	449	* reject packets through the local endpoint
	450	*/
4f95dd78	451	void rxrpc_reject_packets(struct rxrpc_local *local)
17926a79 DH	452	{
	453	union {
	454	struct sockaddr sa;
	455	struct sockaddr_in sin;
	456	} sa;
	457	struct rxrpc_skb_priv *sp;
0d12f8a4	458	struct rxrpc_wire_header whdr;
17926a79 DH	459	struct sk_buff *skb;
	460	struct msghdr msg;
	461	struct kvec iov[2];
	462	size_t size;
	463	__be32 code;
	464
17926a79 DH	465	_enter("%d", local->debug_id);
17926a79 DH	466
0d12f8a4 DH	467	iov[0].iov_base = &whdr;
0d12f8a4 DH	468	iov[0].iov_len = sizeof(whdr);
17926a79 DH	469	iov[1].iov_base = &code;
17926a79 DH	470	iov[1].iov_len = sizeof(code);
0d12f8a4	471	size = sizeof(whdr) + sizeof(code);
17926a79 DH	472
	473	msg.msg_name = &sa;
	474	msg.msg_control = NULL;
	475	msg.msg_controllen = 0;
	476	msg.msg_flags = 0;
	477
	478	memset(&sa, 0, sizeof(sa));
	479	sa.sa.sa_family = local->srx.transport.family;
	480	switch (sa.sa.sa_family) {
	481	case AF_INET:
	482	msg.msg_namelen = sizeof(sa.sin);
	483	break;
	484	default:
	485	msg.msg_namelen = 0;
	486	break;
	487	}
	488
0d12f8a4 DH	489	memset(&whdr, 0, sizeof(whdr));
0d12f8a4 DH	490	whdr.type = RXRPC_PACKET_TYPE_ABORT;
17926a79 DH	491
17926a79 DH	492	while ((skb = skb_dequeue(&local->reject_queue))) {
df844fd4	493	rxrpc_see_skb(skb);
17926a79 DH	494	sp = rxrpc_skb(skb);
	495	switch (sa.sa.sa_family) {
	496	case AF_INET:
	497	sa.sin.sin_port = udp_hdr(skb)->source;
	498	sa.sin.sin_addr.s_addr = ip_hdr(skb)->saddr;
	499	code = htonl(skb->priority);
	500
0d12f8a4 DH	501	whdr.epoch = htonl(sp->hdr.epoch);
	502	whdr.cid = htonl(sp->hdr.cid);
	503	whdr.callNumber = htonl(sp->hdr.callNumber);
	504	whdr.serviceId = htons(sp->hdr.serviceId);
	505	whdr.flags = sp->hdr.flags;
	506	whdr.flags ^= RXRPC_CLIENT_INITIATED;
	507	whdr.flags &= RXRPC_CLIENT_INITIATED;
17926a79 DH	508
	509	kernel_sendmsg(local->socket, &msg, iov, 2, size);
	510	break;
	511
	512	default:
	513	break;
	514	}
	515
	516	rxrpc_free_skb(skb);
17926a79 DH	517	}
17926a79 DH	518
17926a79 DH	519	_leave("");
17926a79 DH	520	}