]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - net/rxrpc/input.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
rxrpc: Fix unexposed client conn release
[mirror_ubuntu-bionic-kernel.git] / net / rxrpc / input.c
CommitLineData
17926a79
DH		 1/* RxRPC packet reception
2 *
248f219c 3 * Copyright (C) 2007, 2016 Red Hat, Inc. All Rights Reserved.
17926a79
DH		 4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
9b6d5398
JP		 12#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13
17926a79
DH		 14#include <linux/module.h>
15#include <linux/net.h>
16#include <linux/skbuff.h>
17#include <linux/errqueue.h>
18#include <linux/udp.h>
19#include <linux/in.h>
20#include <linux/in6.h>
21#include <linux/icmp.h>
5a0e3ad6 22#include <linux/gfp.h>
17926a79
DH		 23#include <net/sock.h>
24#include <net/af_rxrpc.h>
25#include <net/ip.h>
1781f7f5 26#include <net/udp.h>
0283328e 27#include <net/net_namespace.h>
17926a79
DH		 28#include "ar-internal.h"
29
248f219c
DH		 30static void rxrpc_proto_abort(const char *why,
31 struct rxrpc_call *call, rxrpc_seq_t seq)
32{
33 if (rxrpc_abort_call(why, call, seq, RX_PROTOCOL_ERROR, EBADMSG)) {
34 set_bit(RXRPC_CALL_EV_ABORT, &call->events);
35 rxrpc_queue_call(call);
36 }
37}
38
17926a79 39/*
248f219c 40 * Apply a hard ACK by advancing the Tx window.
17926a79 41 */
248f219c 42static void rxrpc_rotate_tx_window(struct rxrpc_call *call, rxrpc_seq_t to)
17926a79 43{
248f219c
DH		 44 struct sk_buff *skb, *list = NULL;
45 int ix;
17926a79 46
248f219c 47 spin_lock(&call->lock);
17926a79 48
248f219c
DH		 49 while (before(call->tx_hard_ack, to)) {
50 call->tx_hard_ack++;
51 ix = call->tx_hard_ack & RXRPC_RXTX_BUFF_MASK;
52 skb = call->rxtx_buffer[ix];
53 rxrpc_see_skb(skb);
54 call->rxtx_buffer[ix] = NULL;
55 call->rxtx_annotations[ix] = 0;
56 skb->next = list;
57 list = skb;
58 }
17926a79 59
248f219c 60 spin_unlock(&call->lock);
17926a79 61
bc4abfcf
DH		 62 wake_up(&call->waitq);
63
248f219c
DH		 64 while (list) {
65 skb = list;
66 list = skb->next;
67 skb->next = NULL;
17926a79 68 rxrpc_free_skb(skb);
17926a79 69 }
248f219c 70}
17926a79 71
248f219c
DH		 72/*
73 * End the transmission phase of a call.
74 *
75 * This occurs when we get an ACKALL packet, the first DATA packet of a reply,
76 * or a final ACK packet.
77 */
78static bool rxrpc_end_tx_phase(struct rxrpc_call *call, const char *abort_why)
79{
80 _enter("");
17926a79 81
248f219c
DH		 82 switch (call->state) {
83 case RXRPC_CALL_CLIENT_RECV_REPLY:
84 return true;
85 case RXRPC_CALL_CLIENT_AWAIT_REPLY:
86 case RXRPC_CALL_SERVER_AWAIT_ACK:
87 break;
88 default:
89 rxrpc_proto_abort(abort_why, call, call->tx_top);
90 return false;
17926a79
DH		 91 }
92
248f219c 93 rxrpc_rotate_tx_window(call, call->tx_top);
17926a79 94
248f219c 95 write_lock(&call->state_lock);
651350d1 96
248f219c
DH		 97 switch (call->state) {
98 default:
99 break;
100 case RXRPC_CALL_CLIENT_AWAIT_REPLY:
101 call->state = RXRPC_CALL_CLIENT_RECV_REPLY;
102 break;
103 case RXRPC_CALL_SERVER_AWAIT_ACK:
104 __rxrpc_call_completed(call);
105 rxrpc_notify_socket(call);
106 break;
17926a79 107 }
17926a79 108
248f219c
DH		 109 write_unlock(&call->state_lock);
110 _leave(" = ok");
111 return true;
112}
113
114/*
115 * Scan a jumbo packet to validate its structure and to work out how many
116 * subpackets it contains.
117 *
118 * A jumbo packet is a collection of consecutive packets glued together with
119 * little headers between that indicate how to change the initial header for
120 * each subpacket.
121 *
122 * RXRPC_JUMBO_PACKET must be set on all but the last subpacket - and all but
123 * the last are RXRPC_JUMBO_DATALEN in size. The last subpacket may be of any
124 * size.
125 */
126static bool rxrpc_validate_jumbo(struct sk_buff *skb)
127{
128 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
129 unsigned int offset = sp->offset;
89a80ed4 130 unsigned int len = skb->len;
248f219c
DH		 131 int nr_jumbo = 1;
132 u8 flags = sp->hdr.flags;
133
134 do {
135 nr_jumbo++;
136 if (len - offset < RXRPC_JUMBO_SUBPKTLEN)
137 goto protocol_error;
138 if (flags & RXRPC_LAST_PACKET)
139 goto protocol_error;
140 offset += RXRPC_JUMBO_DATALEN;
141 if (skb_copy_bits(skb, offset, &flags, 1) < 0)
142 goto protocol_error;
143 offset += sizeof(struct rxrpc_jumbo_header);
144 } while (flags & RXRPC_JUMBO_PACKET);
145
146 sp->nr_jumbo = nr_jumbo;
147 return true;
17926a79 148
248f219c
DH		 149protocol_error:
150 return false;
17926a79
DH		 151}
152
153/*
248f219c
DH		 154 * Handle reception of a duplicate packet.
155 *
156 * We have to take care to avoid an attack here whereby we're given a series of
157 * jumbograms, each with a sequence number one before the preceding one and
158 * filled up to maximum UDP size. If they never send us the first packet in
159 * the sequence, they can cause us to have to hold on to around 2MiB of kernel
160 * space until the call times out.
161 *
162 * We limit the space usage by only accepting three duplicate jumbo packets per
163 * call. After that, we tell the other side we're no longer accepting jumbos
164 * (that information is encoded in the ACK packet).
17926a79 165 */
248f219c 166static void rxrpc_input_dup_data(struct rxrpc_call *call, rxrpc_seq_t seq,
75e42126 167 u8 annotation, bool *_jumbo_bad)
17926a79 168{
248f219c
DH		 169 /* Discard normal packets that are duplicates. */
170 if (annotation == 0)
171 return;
17926a79 172
248f219c
DH		 173 /* Skip jumbo subpackets that are duplicates. When we've had three or
174 * more partially duplicate jumbo packets, we refuse to take any more
175 * jumbos for this call.
176 */
75e42126
DH		 177 if (!*_jumbo_bad) {
178 call->nr_jumbo_bad++;
179 *_jumbo_bad = true;
248f219c
DH		 180 }
181}
17926a79 182
248f219c
DH		 183/*
184 * Process a DATA packet, adding the packet to the Rx ring.
185 */
186static void rxrpc_input_data(struct rxrpc_call *call, struct sk_buff *skb,
187 u16 skew)
188{
189 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
190 unsigned int offset = sp->offset;
191 unsigned int ix;
192 rxrpc_serial_t serial = sp->hdr.serial, ack_serial = 0;
193 rxrpc_seq_t seq = sp->hdr.seq, hard_ack;
75e42126 194 bool immediate_ack = false, jumbo_bad = false, queued;
248f219c
DH		 195 u16 len;
196 u8 ack = 0, flags, annotation = 0;
17926a79 197
248f219c 198 _enter("{%u,%u},{%u,%u}",
89a80ed4 199 call->rx_hard_ack, call->rx_top, skb->len, seq);
17926a79 200
248f219c
DH		 201 _proto("Rx DATA %%%u { #%u f=%02x }",
202 sp->hdr.serial, seq, sp->hdr.flags);
17926a79 203
248f219c
DH		 204 if (call->state >= RXRPC_CALL_COMPLETE)
205 return;
17926a79 206
248f219c
DH		 207 /* Received data implicitly ACKs all of the request packets we sent
208 * when we're acting as a client.
209 */
210 if (call->state == RXRPC_CALL_CLIENT_AWAIT_REPLY &&
211 !rxrpc_end_tx_phase(call, "ETD"))
212 return;
17926a79 213
248f219c 214 call->ackr_prev_seq = seq;
17926a79 215
248f219c
DH		 216 hard_ack = READ_ONCE(call->rx_hard_ack);
217 if (after(seq, hard_ack + call->rx_winsize)) {
17926a79 218 ack = RXRPC_ACK_EXCEEDS_WINDOW;
248f219c
DH		 219 ack_serial = serial;
220 goto ack;
17926a79
DH		 221 }
222
248f219c
DH		 223 flags = sp->hdr.flags;
224 if (flags & RXRPC_JUMBO_PACKET) {
75e42126 225 if (call->nr_jumbo_bad > 3) {
248f219c
DH		 226 ack = RXRPC_ACK_NOSPACE;
227 ack_serial = serial;
228 goto ack;
17926a79 229 }
248f219c 230 annotation = 1;
17926a79
DH		 231 }
232
248f219c
DH		 233next_subpacket:
234 queued = false;
235 ix = seq & RXRPC_RXTX_BUFF_MASK;
89a80ed4 236 len = skb->len;
248f219c
DH		 237 if (flags & RXRPC_JUMBO_PACKET)
238 len = RXRPC_JUMBO_DATALEN;
239
240 if (flags & RXRPC_LAST_PACKET) {
816c9fce 241 if (test_bit(RXRPC_CALL_RX_LAST, &call->flags) &&
248f219c
DH		 242 seq != call->rx_top)
243 return rxrpc_proto_abort("LSN", call, seq);
244 } else {
245 if (test_bit(RXRPC_CALL_RX_LAST, &call->flags) &&
246 after_eq(seq, call->rx_top))
247 return rxrpc_proto_abort("LSA", call, seq);
17926a79
DH		 248 }
249
248f219c
DH		 250 if (before_eq(seq, hard_ack)) {
251 ack = RXRPC_ACK_DUPLICATE;
252 ack_serial = serial;
253 goto skip;
254 }
255
256 if (flags & RXRPC_REQUEST_ACK && !ack) {
257 ack = RXRPC_ACK_REQUESTED;
258 ack_serial = serial;
259 }
260
261 if (call->rxtx_buffer[ix]) {
75e42126 262 rxrpc_input_dup_data(call, seq, annotation, &jumbo_bad);
248f219c
DH		 263 if (ack != RXRPC_ACK_DUPLICATE) {
264 ack = RXRPC_ACK_DUPLICATE;
265 ack_serial = serial;
17926a79 266 }
248f219c
DH		 267 immediate_ack = true;
268 goto skip;
17926a79
DH		 269 }
270
248f219c
DH		 271 /* Queue the packet. We use a couple of memory barriers here as need
272 * to make sure that rx_top is perceived to be set after the buffer
273 * pointer and that the buffer pointer is set after the annotation and
274 * the skb data.
275 *
276 * Barriers against rxrpc_recvmsg_data() and rxrpc_rotate_rx_window()
277 * and also rxrpc_fill_out_ack().
278 */
279 rxrpc_get_skb(skb);
280 call->rxtx_annotations[ix] = annotation;
281 smp_wmb();
282 call->rxtx_buffer[ix] = skb;
283 if (after(seq, call->rx_top))
284 smp_store_release(&call->rx_top, seq);
816c9fce
DH		 285 if (flags & RXRPC_LAST_PACKET)
286 set_bit(RXRPC_CALL_RX_LAST, &call->flags);
248f219c
DH		 287 queued = true;
288
289 if (after_eq(seq, call->rx_expect_next)) {
290 if (after(seq, call->rx_expect_next)) {
291 _net("OOS %u > %u", seq, call->rx_expect_next);
292 ack = RXRPC_ACK_OUT_OF_SEQUENCE;
293 ack_serial = serial;
294 }
295 call->rx_expect_next = seq + 1;
17926a79
DH		 296 }
297
248f219c
DH		 298skip:
299 offset += len;
300 if (flags & RXRPC_JUMBO_PACKET) {
301 if (skb_copy_bits(skb, offset, &flags, 1) < 0)
302 return rxrpc_proto_abort("XJF", call, seq);
303 offset += sizeof(struct rxrpc_jumbo_header);
304 seq++;
305 serial++;
306 annotation++;
307 if (flags & RXRPC_JUMBO_PACKET)
308 annotation |= RXRPC_RX_ANNO_JLAST;
75e42126
DH		 309 if (after(seq, hard_ack + call->rx_winsize)) {
310 ack = RXRPC_ACK_EXCEEDS_WINDOW;
311 ack_serial = serial;
312 if (!jumbo_bad) {
313 call->nr_jumbo_bad++;
314 jumbo_bad = true;
315 }
316 goto ack;
317 }
248f219c
DH		 318
319 _proto("Rx DATA Jumbo %%%u", serial);
320 goto next_subpacket;
321 }
17926a79 322
248f219c
DH		 323 if (queued && flags & RXRPC_LAST_PACKET && !ack) {
324 ack = RXRPC_ACK_DELAY;
325 ack_serial = serial;
326 }
17926a79 327
248f219c
DH		 328ack:
329 if (ack)
330 rxrpc_propose_ACK(call, ack, skew, ack_serial,
331 immediate_ack, true);
17926a79 332
248f219c
DH		 333 if (sp->hdr.seq == READ_ONCE(call->rx_hard_ack) + 1)
334 rxrpc_notify_socket(call);
335 _leave(" [queued]");
17926a79
DH		 336}
337
338/*
248f219c 339 * Process the extra information that may be appended to an ACK packet
17926a79 340 */
248f219c
DH		 341static void rxrpc_input_ackinfo(struct rxrpc_call *call, struct sk_buff *skb,
342 struct rxrpc_ackinfo *ackinfo)
17926a79 343{
248f219c
DH		 344 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
345 struct rxrpc_peer *peer;
346 unsigned int mtu;
01fd0742 347 u32 rwind = ntohl(ackinfo->rwind);
248f219c
DH		 348
349 _proto("Rx ACK %%%u Info { rx=%u max=%u rwin=%u jm=%u }",
350 sp->hdr.serial,
351 ntohl(ackinfo->rxMTU), ntohl(ackinfo->maxMTU),
01fd0742 352 rwind, ntohl(ackinfo->jumbo_max));
248f219c 353
01fd0742
DH		 354 if (rwind > RXRPC_RXTX_BUFF_SIZE - 1)
355 rwind = RXRPC_RXTX_BUFF_SIZE - 1;
356 call->tx_winsize = rwind;
248f219c
DH		 357
358 mtu = min(ntohl(ackinfo->rxMTU), ntohl(ackinfo->maxMTU));
359
360 peer = call->peer;
361 if (mtu < peer->maxdata) {
362 spin_lock_bh(&peer->lock);
363 peer->maxdata = mtu;
364 peer->mtu = mtu + peer->hdrsize;
365 spin_unlock_bh(&peer->lock);
366 _net("Net MTU %u (maxdata %u)", peer->mtu, peer->maxdata);
367 }
368}
17926a79 369
248f219c
DH		 370/*
371 * Process individual soft ACKs.
372 *
373 * Each ACK in the array corresponds to one packet and can be either an ACK or
374 * a NAK. If we get find an explicitly NAK'd packet we resend immediately;
375 * packets that lie beyond the end of the ACK list are scheduled for resend by
376 * the timer on the basis that the peer might just not have processed them at
377 * the time the ACK was sent.
378 */
379static void rxrpc_input_soft_acks(struct rxrpc_call *call, u8 *acks,
380 rxrpc_seq_t seq, int nr_acks)
381{
382 bool resend = false;
383 int ix;
384
385 for (; nr_acks > 0; nr_acks--, seq++) {
386 ix = seq & RXRPC_RXTX_BUFF_MASK;
387 switch (*acks) {
388 case RXRPC_ACK_TYPE_ACK:
389 call->rxtx_annotations[ix] = RXRPC_TX_ANNO_ACK;
390 break;
391 case RXRPC_ACK_TYPE_NACK:
392 if (call->rxtx_annotations[ix] == RXRPC_TX_ANNO_NAK)
393 continue;
394 call->rxtx_annotations[ix] = RXRPC_TX_ANNO_NAK;
395 resend = true;
396 break;
397 default:
398 return rxrpc_proto_abort("SFT", call, 0);
17926a79 399 }
17926a79 400 }
248f219c
DH		 401
402 if (resend &&
403 !test_and_set_bit(RXRPC_CALL_EV_RESEND, &call->events))
404 rxrpc_queue_call(call);
17926a79
DH		 405}
406
407/*
248f219c
DH		 408 * Process an ACK packet.
409 *
410 * ack.firstPacket is the sequence number of the first soft-ACK'd/NAK'd packet
411 * in the ACK array. Anything before that is hard-ACK'd and may be discarded.
412 *
413 * A hard-ACK means that a packet has been processed and may be discarded; a
414 * soft-ACK means that the packet may be discarded and retransmission
415 * requested. A phase is complete when all packets are hard-ACK'd.
17926a79 416 */
248f219c
DH		 417static void rxrpc_input_ack(struct rxrpc_call *call, struct sk_buff *skb,
418 u16 skew)
17926a79
DH		 419{
420 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
248f219c
DH		 421 union {
422 struct rxrpc_ackpacket ack;
423 struct rxrpc_ackinfo info;
424 u8 acks[RXRPC_MAXACKS];
425 } buf;
426 rxrpc_seq_t first_soft_ack, hard_ack;
427 int nr_acks, offset;
428
429 _enter("");
430
431 if (skb_copy_bits(skb, sp->offset, &buf.ack, sizeof(buf.ack)) < 0) {
432 _debug("extraction failure");
433 return rxrpc_proto_abort("XAK", call, 0);
17926a79 434 }
248f219c
DH		 435 sp->offset += sizeof(buf.ack);
436
437 first_soft_ack = ntohl(buf.ack.firstPacket);
438 hard_ack = first_soft_ack - 1;
439 nr_acks = buf.ack.nAcks;
440
441 _proto("Rx ACK %%%u { m=%hu f=#%u p=#%u s=%%%u r=%s n=%u }",
442 sp->hdr.serial,
443 ntohs(buf.ack.maxSkew),
444 first_soft_ack,
445 ntohl(buf.ack.previousPacket),
446 ntohl(buf.ack.serial),
447 rxrpc_acks(buf.ack.reason),
448 buf.ack.nAcks);
449
450 if (buf.ack.reason == RXRPC_ACK_PING) {
451 _proto("Rx ACK %%%u PING Request", sp->hdr.serial);
452 rxrpc_propose_ACK(call, RXRPC_ACK_PING_RESPONSE,
453 skew, sp->hdr.serial, true, true);
454 } else if (sp->hdr.flags & RXRPC_REQUEST_ACK) {
563ea7d5 455 rxrpc_propose_ACK(call, RXRPC_ACK_REQUESTED,
248f219c 456 skew, sp->hdr.serial, true, true);
17926a79
DH		 457 }
458
248f219c 459 offset = sp->offset + nr_acks + 3;
89a80ed4 460 if (skb->len >= offset + sizeof(buf.info)) {
248f219c
DH		 461 if (skb_copy_bits(skb, offset, &buf.info, sizeof(buf.info)) < 0)
462 return rxrpc_proto_abort("XAI", call, 0);
463 rxrpc_input_ackinfo(call, skb, &buf.info);
464 }
17926a79 465
248f219c
DH		 466 if (first_soft_ack == 0)
467 return rxrpc_proto_abort("AK0", call, 0);
17926a79 468
248f219c
DH		 469 /* Ignore ACKs unless we are or have just been transmitting. */
470 switch (call->state) {
471 case RXRPC_CALL_CLIENT_SEND_REQUEST:
472 case RXRPC_CALL_CLIENT_AWAIT_REPLY:
473 case RXRPC_CALL_SERVER_SEND_REPLY:
474 case RXRPC_CALL_SERVER_AWAIT_ACK:
475 break;
17926a79 476 default:
248f219c
DH		 477 return;
478 }
17926a79 479
248f219c
DH		 480 /* Discard any out-of-order or duplicate ACKs. */
481 if ((int)sp->hdr.serial - (int)call->acks_latest <= 0) {
482 _debug("discard ACK %d <= %d",
483 sp->hdr.serial, call->acks_latest);
484 return;
485 }
486 call->acks_latest = sp->hdr.serial;
17926a79 487
248f219c
DH		 488 if (test_bit(RXRPC_CALL_TX_LAST, &call->flags) &&
489 hard_ack == call->tx_top) {
490 rxrpc_end_tx_phase(call, "ETA");
491 return;
492 }
17926a79 493
248f219c
DH		 494 if (before(hard_ack, call->tx_hard_ack) ||
495 after(hard_ack, call->tx_top))
496 return rxrpc_proto_abort("AKW", call, 0);
17926a79 497
248f219c
DH		 498 if (after(hard_ack, call->tx_hard_ack))
499 rxrpc_rotate_tx_window(call, hard_ack);
17926a79 500
248f219c
DH		 501 if (after(first_soft_ack, call->tx_top))
502 return;
17926a79 503
248f219c
DH		 504 if (nr_acks > call->tx_top - first_soft_ack + 1)
505 nr_acks = first_soft_ack - call->tx_top + 1;
506 if (skb_copy_bits(skb, sp->offset, buf.acks, nr_acks) < 0)
507 return rxrpc_proto_abort("XSA", call, 0);
508 rxrpc_input_soft_acks(call, buf.acks, first_soft_ack, nr_acks);
17926a79
DH		 509}
510
511/*
248f219c 512 * Process an ACKALL packet.
17926a79 513 */
248f219c 514static void rxrpc_input_ackall(struct rxrpc_call *call, struct sk_buff *skb)
17926a79 515{
248f219c 516 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
17926a79 517
248f219c 518 _proto("Rx ACKALL %%%u", sp->hdr.serial);
17926a79 519
248f219c
DH		 520 rxrpc_end_tx_phase(call, "ETL");
521}
17926a79 522
248f219c
DH		 523/*
524 * Process an ABORT packet.
525 */
526static void rxrpc_input_abort(struct rxrpc_call *call, struct sk_buff *skb)
527{
528 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
529 __be32 wtmp;
530 u32 abort_code = RX_CALL_DEAD;
17926a79 531
248f219c 532 _enter("");
17926a79 533
248f219c
DH		 534 if (skb->len >= 4 &&
535 skb_copy_bits(skb, sp->offset, &wtmp, sizeof(wtmp)) >= 0)
536 abort_code = ntohl(wtmp);
17926a79 537
248f219c 538 _proto("Rx ABORT %%%u { %x }", sp->hdr.serial, abort_code);
17926a79 539
248f219c
DH		 540 if (rxrpc_set_call_completion(call, RXRPC_CALL_REMOTELY_ABORTED,
541 abort_code, ECONNABORTED))
542 rxrpc_notify_socket(call);
17926a79
DH		 543}
544
545/*
248f219c 546 * Process an incoming call packet.
17926a79 547 */
248f219c
DH		 548static void rxrpc_input_call_packet(struct rxrpc_call *call,
549 struct sk_buff *skb, u16 skew)
17926a79 550{
248f219c 551 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
17926a79 552
7727640c 553 _enter("%p,%p", call, skb);
17926a79 554
248f219c
DH		 555 switch (sp->hdr.type) {
556 case RXRPC_PACKET_TYPE_DATA:
557 rxrpc_input_data(call, skb, skew);
558 break;
f5c17aae 559
248f219c
DH		 560 case RXRPC_PACKET_TYPE_ACK:
561 rxrpc_input_ack(call, skb, skew);
17926a79 562 break;
17926a79 563
248f219c
DH		 564 case RXRPC_PACKET_TYPE_BUSY:
565 _proto("Rx BUSY %%%u", sp->hdr.serial);
17926a79 566
248f219c
DH		 567 /* Just ignore BUSY packets from the server; the retry and
568 * lifespan timers will take care of business. BUSY packets
569 * from the client don't make sense.
570 */
571 break;
17926a79 572
248f219c
DH		 573 case RXRPC_PACKET_TYPE_ABORT:
574 rxrpc_input_abort(call, skb);
575 break;
17926a79 576
248f219c
DH		 577 case RXRPC_PACKET_TYPE_ACKALL:
578 rxrpc_input_ackall(call, skb);
579 break;
f5c17aae 580
248f219c
DH		 581 default:
582 _proto("Rx %s %%%u", rxrpc_pkts[sp->hdr.type], sp->hdr.serial);
583 break;
17926a79 584 }
248f219c 585
17926a79
DH		 586 _leave("");
587}
588
589/*
590 * post connection-level events to the connection
18bfeba5
DH		 591 * - this includes challenges, responses, some aborts and call terminal packet
592 * retransmission.
17926a79 593 */
2e7e9758 594static void rxrpc_post_packet_to_conn(struct rxrpc_connection *conn,
17926a79
DH		 595 struct sk_buff *skb)
596{
597 _enter("%p,%p", conn, skb);
598
17926a79 599 skb_queue_tail(&conn->rx_queue, skb);
2e7e9758 600 rxrpc_queue_conn(conn);
17926a79
DH		 601}
602
44ba0698
DH		 603/*
604 * post endpoint-level events to the local endpoint
605 * - this includes debug and version messages
606 */
607static void rxrpc_post_packet_to_local(struct rxrpc_local *local,
608 struct sk_buff *skb)
609{
610 _enter("%p,%p", local, skb);
611
44ba0698 612 skb_queue_tail(&local->event_queue, skb);
5acbee46 613 rxrpc_queue_local(local);
44ba0698
DH		 614}
615
248f219c
DH		 616/*
617 * put a packet up for transport-level abort
618 */
619static void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb)
620{
621 CHECK_SLAB_OKAY(&local->usage);
622
623 skb_queue_tail(&local->reject_queue, skb);
624 rxrpc_queue_local(local);
625}
626
0d12f8a4
DH		 627/*
628 * Extract the wire header from a packet and translate the byte order.
629 */
630static noinline
631int rxrpc_extract_header(struct rxrpc_skb_priv *sp, struct sk_buff *skb)
632{
633 struct rxrpc_wire_header whdr;
634
635 /* dig out the RxRPC connection details */
4d0fc73e 636 if (skb_copy_bits(skb, 0, &whdr, sizeof(whdr)) < 0)
0d12f8a4 637 return -EBADMSG;
0d12f8a4
DH		 638
639 memset(sp, 0, sizeof(*sp));
640 sp->hdr.epoch = ntohl(whdr.epoch);
641 sp->hdr.cid = ntohl(whdr.cid);
642 sp->hdr.callNumber = ntohl(whdr.callNumber);
643 sp->hdr.seq = ntohl(whdr.seq);
644 sp->hdr.serial = ntohl(whdr.serial);
645 sp->hdr.flags = whdr.flags;
646 sp->hdr.type = whdr.type;
647 sp->hdr.userStatus = whdr.userStatus;
648 sp->hdr.securityIndex = whdr.securityIndex;
649 sp->hdr._rsvd = ntohs(whdr._rsvd);
650 sp->hdr.serviceId = ntohs(whdr.serviceId);
248f219c 651 sp->offset = sizeof(whdr);
0d12f8a4
DH		 652 return 0;
653}
654
17926a79
DH		 655/*
656 * handle data received on the local endpoint
657 * - may be called in interrupt context
4f95dd78
DH		 658 *
659 * The socket is locked by the caller and this prevents the socket from being
660 * shut down and the local endpoint from going away, thus sk_user_data will not
661 * be cleared until this function returns.
17926a79 662 */
248f219c 663void rxrpc_data_ready(struct sock *udp_sk)
17926a79 664{
8496af50 665 struct rxrpc_connection *conn;
248f219c
DH		 666 struct rxrpc_channel *chan;
667 struct rxrpc_call *call;
17926a79 668 struct rxrpc_skb_priv *sp;
248f219c 669 struct rxrpc_local *local = udp_sk->sk_user_data;
17926a79 670 struct sk_buff *skb;
248f219c 671 unsigned int channel;
563ea7d5 672 int ret, skew;
17926a79 673
248f219c 674 _enter("%p", udp_sk);
17926a79
DH		 675
676 ASSERT(!irqs_disabled());
677
248f219c 678 skb = skb_recv_datagram(udp_sk, 0, 1, &ret);
17926a79 679 if (!skb) {
17926a79
DH		 680 if (ret == -EAGAIN)
681 return;
682 _debug("UDP socket error %d", ret);
683 return;
684 }
685
686 rxrpc_new_skb(skb);
687
688 _net("recv skb %p", skb);
689
690 /* we'll probably need to checksum it (didn't call sock_recvmsg) */
691 if (skb_checksum_complete(skb)) {
692 rxrpc_free_skb(skb);
02c22347 693 __UDP_INC_STATS(&init_net, UDP_MIB_INERRORS, 0);
17926a79
DH		 694 _leave(" [CSUM failed]");
695 return;
696 }
697
02c22347 698 __UDP_INC_STATS(&init_net, UDP_MIB_INDATAGRAMS, 0);
1781f7f5 699
0d12f8a4
DH		 700 /* The socket buffer we have is owned by UDP, with UDP's data all over
701 * it, but we really want our own data there.
702 */
17926a79
DH		 703 skb_orphan(skb);
704 sp = rxrpc_skb(skb);
17926a79
DH		 705
706 _net("Rx UDP packet from %08x:%04hu",
707 ntohl(ip_hdr(skb)->saddr), ntohs(udp_hdr(skb)->source));
708
709 /* dig out the RxRPC connection details */
0d12f8a4 710 if (rxrpc_extract_header(sp, skb) < 0)
17926a79 711 goto bad_message;
49e19ec7 712 trace_rxrpc_rx_packet(sp);
17926a79
DH		 713
714 _net("Rx RxRPC %s ep=%x call=%x:%x",
715 sp->hdr.flags & RXRPC_CLIENT_INITIATED ? "ToServer" : "ToClient",
0d12f8a4 716 sp->hdr.epoch, sp->hdr.cid, sp->hdr.callNumber);
17926a79 717
351c1e64
DH		 718 if (sp->hdr.type >= RXRPC_N_PACKET_TYPES ||
719 !((RXRPC_SUPPORTED_PACKET_TYPES >> sp->hdr.type) & 1)) {
17926a79
DH		 720 _proto("Rx Bad Packet Type %u", sp->hdr.type);
721 goto bad_message;
722 }
723
248f219c
DH		 724 switch (sp->hdr.type) {
725 case RXRPC_PACKET_TYPE_VERSION:
44ba0698
DH		 726 rxrpc_post_packet_to_local(local, skb);
727 goto out;
bc6e1ea3 728
248f219c
DH		 729 case RXRPC_PACKET_TYPE_BUSY:
730 if (sp->hdr.flags & RXRPC_CLIENT_INITIATED)
731 goto discard;
732
733 case RXRPC_PACKET_TYPE_DATA:
734 if (sp->hdr.callNumber == 0)
735 goto bad_message;
736 if (sp->hdr.flags & RXRPC_JUMBO_PACKET &&
737 !rxrpc_validate_jumbo(skb))
738 goto bad_message;
739 break;
740 }
17926a79 741
8496af50
DH		 742 rcu_read_lock();
743
8496af50 744 conn = rxrpc_find_connection_rcu(local, skb);
248f219c
DH		 745 if (conn) {
746 if (sp->hdr.securityIndex != conn->security_ix)
747 goto wrong_security;
563ea7d5 748
248f219c
DH		 749 if (sp->hdr.callNumber == 0) {
750 /* Connection-level packet */
751 _debug("CONN %p {%d}", conn, conn->debug_id);
752 rxrpc_post_packet_to_conn(conn, skb);
753 goto out_unlock;
754 }
755
756 /* Note the serial number skew here */
757 skew = (int)sp->hdr.serial - (int)conn->hi_serial;
758 if (skew >= 0) {
759 if (skew > 0)
760 conn->hi_serial = sp->hdr.serial;
761 } else {
762 skew = -skew;
763 skew = min(skew, 65535);
764 }
17926a79 765
8496af50 766 /* Call-bound packets are routed by connection channel. */
248f219c
DH		 767 channel = sp->hdr.cid & RXRPC_CHANNELMASK;
768 chan = &conn->channels[channel];
18bfeba5
DH		 769
770 /* Ignore really old calls */
771 if (sp->hdr.callNumber < chan->last_call)
772 goto discard_unlock;
773
774 if (sp->hdr.callNumber == chan->last_call) {
248f219c
DH		 775 /* For the previous service call, if completed successfully, we
776 * discard all further packets.
18bfeba5 777 */
2266ffde 778 if (rxrpc_conn_is_service(conn) &&
18bfeba5
DH		 779 (chan->last_type == RXRPC_PACKET_TYPE_ACK ||
780 sp->hdr.type == RXRPC_PACKET_TYPE_ABORT))
781 goto discard_unlock;
782
248f219c
DH		 783 /* But otherwise we need to retransmit the final packet from
784 * data cached in the connection record.
18bfeba5
DH		 785 */
786 rxrpc_post_packet_to_conn(conn, skb);
787 goto out_unlock;
788 }
0d12f8a4 789
18bfeba5 790 call = rcu_dereference(chan->call);
248f219c
DH		 791 } else {
792 skew = 0;
793 call = NULL;
794 }
8496af50 795
248f219c
DH		 796 if (!call || atomic_read(&call->usage) == 0) {
797 if (!(sp->hdr.type & RXRPC_CLIENT_INITIATED) ||
798 sp->hdr.callNumber == 0 ||
799 sp->hdr.type != RXRPC_PACKET_TYPE_DATA)
800 goto bad_message_unlock;
801 if (sp->hdr.seq != 1)
802 goto discard_unlock;
803 call = rxrpc_new_incoming_call(local, conn, skb);
804 if (!call) {
805 rcu_read_unlock();
806 goto reject_packet;
807 }
7727640c 808 }
44ba0698 809
248f219c
DH		 810 rxrpc_input_call_packet(call, skb, skew);
811 goto discard_unlock;
812
18bfeba5 813discard_unlock:
8496af50 814 rcu_read_unlock();
248f219c
DH		 815discard:
816 rxrpc_free_skb(skb);
44ba0698 817out:
49e19ec7 818 trace_rxrpc_rx_done(0, 0);
17926a79
DH		 819 return;
820
248f219c 821out_unlock:
8496af50 822 rcu_read_unlock();
248f219c 823 goto out;
8496af50 824
248f219c
DH		 825wrong_security:
826 rcu_read_unlock();
827 trace_rxrpc_abort("SEC", sp->hdr.cid, sp->hdr.callNumber, sp->hdr.seq,
828 RXKADINCONSISTENCY, EBADMSG);
829 skb->priority = RXKADINCONSISTENCY;
830 goto post_abort;
17926a79 831
248f219c
DH		 832bad_message_unlock:
833 rcu_read_unlock();
17926a79 834bad_message:
248f219c
DH		 835 trace_rxrpc_abort("BAD", sp->hdr.cid, sp->hdr.callNumber, sp->hdr.seq,
836 RX_PROTOCOL_ERROR, EBADMSG);
17926a79 837 skb->priority = RX_PROTOCOL_ERROR;
248f219c
DH		 838post_abort:
839 skb->mark = RXRPC_SKB_MARK_LOCAL_ABORT;
49e19ec7
DH		 840reject_packet:
841 trace_rxrpc_rx_done(skb->mark, skb->priority);
17926a79 842 rxrpc_reject_packet(local, skb);
17926a79
DH		 843 _leave(" [badmsg]");
844}
ubuntu-bionic-kernel mirror