]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/rxrpc/input.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
rxrpc: Fix accidental cancellation of scheduled resend by ACK parser
[mirror_ubuntu-zesty-kernel.git] / net / rxrpc / input.c
CommitLineData
17926a79
DH		 1/* RxRPC packet reception
2 *
248f219c 3 * Copyright (C) 2007, 2016 Red Hat, Inc. All Rights Reserved.
17926a79
DH		 4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
9b6d5398
JP		 12#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13
17926a79
DH		 14#include <linux/module.h>
15#include <linux/net.h>
16#include <linux/skbuff.h>
17#include <linux/errqueue.h>
18#include <linux/udp.h>
19#include <linux/in.h>
20#include <linux/in6.h>
21#include <linux/icmp.h>
5a0e3ad6 22#include <linux/gfp.h>
17926a79
DH		 23#include <net/sock.h>
24#include <net/af_rxrpc.h>
25#include <net/ip.h>
1781f7f5 26#include <net/udp.h>
0283328e 27#include <net/net_namespace.h>
17926a79
DH		 28#include "ar-internal.h"
29
248f219c
DH		 30static void rxrpc_proto_abort(const char *why,
31 struct rxrpc_call *call, rxrpc_seq_t seq)
32{
33 if (rxrpc_abort_call(why, call, seq, RX_PROTOCOL_ERROR, EBADMSG)) {
34 set_bit(RXRPC_CALL_EV_ABORT, &call->events);
35 rxrpc_queue_call(call);
36 }
37}
38
8e83134d
DH		 39/*
40 * Ping the other end to fill our RTT cache and to retrieve the rwind
41 * and MTU parameters.
42 */
43static void rxrpc_send_ping(struct rxrpc_call *call, struct sk_buff *skb,
44 int skew)
45{
46 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
fc943f67 47 ktime_t now = skb->tstamp;
8e83134d 48
fc943f67
DH		 49 if (call->peer->rtt_usage < 3 ||
50 ktime_before(ktime_add_ms(call->peer->rtt_last_req, 1000), now))
51 rxrpc_propose_ACK(call, RXRPC_ACK_PING, skew, sp->hdr.serial,
52 true, true);
8e83134d
DH		 53}
54
17926a79 55/*
248f219c 56 * Apply a hard ACK by advancing the Tx window.
17926a79 57 */
248f219c 58static void rxrpc_rotate_tx_window(struct rxrpc_call *call, rxrpc_seq_t to)
17926a79 59{
248f219c
DH		 60 struct sk_buff *skb, *list = NULL;
61 int ix;
17926a79 62
248f219c 63 spin_lock(&call->lock);
17926a79 64
248f219c
DH		 65 while (before(call->tx_hard_ack, to)) {
66 call->tx_hard_ack++;
67 ix = call->tx_hard_ack & RXRPC_RXTX_BUFF_MASK;
68 skb = call->rxtx_buffer[ix];
71f3ca40 69 rxrpc_see_skb(skb, rxrpc_skb_tx_rotated);
248f219c
DH		 70 call->rxtx_buffer[ix] = NULL;
71 call->rxtx_annotations[ix] = 0;
72 skb->next = list;
73 list = skb;
74 }
17926a79 75
248f219c 76 spin_unlock(&call->lock);
17926a79 77
a124fe3e 78 trace_rxrpc_transmit(call, rxrpc_transmit_rotate);
bc4abfcf
DH		 79 wake_up(&call->waitq);
80
248f219c
DH		 81 while (list) {
82 skb = list;
83 list = skb->next;
84 skb->next = NULL;
71f3ca40 85 rxrpc_free_skb(skb, rxrpc_skb_tx_freed);
17926a79 86 }
248f219c 87}
17926a79 88
248f219c
DH		 89/*
90 * End the transmission phase of a call.
91 *
92 * This occurs when we get an ACKALL packet, the first DATA packet of a reply,
93 * or a final ACK packet.
94 */
95static bool rxrpc_end_tx_phase(struct rxrpc_call *call, const char *abort_why)
96{
97 _enter("");
17926a79 98
248f219c
DH		 99 switch (call->state) {
100 case RXRPC_CALL_CLIENT_RECV_REPLY:
101 return true;
102 case RXRPC_CALL_CLIENT_AWAIT_REPLY:
103 case RXRPC_CALL_SERVER_AWAIT_ACK:
104 break;
105 default:
106 rxrpc_proto_abort(abort_why, call, call->tx_top);
107 return false;
17926a79
DH		 108 }
109
248f219c 110 rxrpc_rotate_tx_window(call, call->tx_top);
17926a79 111
248f219c 112 write_lock(&call->state_lock);
651350d1 113
248f219c
DH		 114 switch (call->state) {
115 default:
116 break;
117 case RXRPC_CALL_CLIENT_AWAIT_REPLY:
71f3ca40 118 call->tx_phase = false;
248f219c
DH		 119 call->state = RXRPC_CALL_CLIENT_RECV_REPLY;
120 break;
121 case RXRPC_CALL_SERVER_AWAIT_ACK:
122 __rxrpc_call_completed(call);
123 rxrpc_notify_socket(call);
124 break;
17926a79 125 }
17926a79 126
248f219c 127 write_unlock(&call->state_lock);
a124fe3e 128 trace_rxrpc_transmit(call, rxrpc_transmit_end);
248f219c
DH		 129 _leave(" = ok");
130 return true;
131}
132
133/*
134 * Scan a jumbo packet to validate its structure and to work out how many
135 * subpackets it contains.
136 *
137 * A jumbo packet is a collection of consecutive packets glued together with
138 * little headers between that indicate how to change the initial header for
139 * each subpacket.
140 *
141 * RXRPC_JUMBO_PACKET must be set on all but the last subpacket - and all but
142 * the last are RXRPC_JUMBO_DATALEN in size. The last subpacket may be of any
143 * size.
144 */
145static bool rxrpc_validate_jumbo(struct sk_buff *skb)
146{
147 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
148 unsigned int offset = sp->offset;
89a80ed4 149 unsigned int len = skb->len;
248f219c
DH		 150 int nr_jumbo = 1;
151 u8 flags = sp->hdr.flags;
152
153 do {
154 nr_jumbo++;
155 if (len - offset < RXRPC_JUMBO_SUBPKTLEN)
156 goto protocol_error;
157 if (flags & RXRPC_LAST_PACKET)
158 goto protocol_error;
159 offset += RXRPC_JUMBO_DATALEN;
160 if (skb_copy_bits(skb, offset, &flags, 1) < 0)
161 goto protocol_error;
162 offset += sizeof(struct rxrpc_jumbo_header);
163 } while (flags & RXRPC_JUMBO_PACKET);
164
165 sp->nr_jumbo = nr_jumbo;
166 return true;
17926a79 167
248f219c
DH		 168protocol_error:
169 return false;
17926a79
DH		 170}
171
172/*
248f219c
DH		 173 * Handle reception of a duplicate packet.
174 *
175 * We have to take care to avoid an attack here whereby we're given a series of
176 * jumbograms, each with a sequence number one before the preceding one and
177 * filled up to maximum UDP size. If they never send us the first packet in
178 * the sequence, they can cause us to have to hold on to around 2MiB of kernel
179 * space until the call times out.
180 *
181 * We limit the space usage by only accepting three duplicate jumbo packets per
182 * call. After that, we tell the other side we're no longer accepting jumbos
183 * (that information is encoded in the ACK packet).
17926a79 184 */
248f219c 185static void rxrpc_input_dup_data(struct rxrpc_call *call, rxrpc_seq_t seq,
75e42126 186 u8 annotation, bool *_jumbo_bad)
17926a79 187{
248f219c
DH		 188 /* Discard normal packets that are duplicates. */
189 if (annotation == 0)
190 return;
17926a79 191
248f219c
DH		 192 /* Skip jumbo subpackets that are duplicates. When we've had three or
193 * more partially duplicate jumbo packets, we refuse to take any more
194 * jumbos for this call.
195 */
75e42126
DH		 196 if (!*_jumbo_bad) {
197 call->nr_jumbo_bad++;
198 *_jumbo_bad = true;
248f219c
DH		 199 }
200}
17926a79 201
248f219c
DH		 202/*
203 * Process a DATA packet, adding the packet to the Rx ring.
204 */
205static void rxrpc_input_data(struct rxrpc_call *call, struct sk_buff *skb,
206 u16 skew)
207{
208 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
209 unsigned int offset = sp->offset;
210 unsigned int ix;
211 rxrpc_serial_t serial = sp->hdr.serial, ack_serial = 0;
212 rxrpc_seq_t seq = sp->hdr.seq, hard_ack;
75e42126 213 bool immediate_ack = false, jumbo_bad = false, queued;
248f219c
DH		 214 u16 len;
215 u8 ack = 0, flags, annotation = 0;
17926a79 216
248f219c 217 _enter("{%u,%u},{%u,%u}",
89a80ed4 218 call->rx_hard_ack, call->rx_top, skb->len, seq);
17926a79 219
248f219c
DH		 220 _proto("Rx DATA %%%u { #%u f=%02x }",
221 sp->hdr.serial, seq, sp->hdr.flags);
17926a79 222
248f219c
DH		 223 if (call->state >= RXRPC_CALL_COMPLETE)
224 return;
17926a79 225
248f219c
DH		 226 /* Received data implicitly ACKs all of the request packets we sent
227 * when we're acting as a client.
228 */
229 if (call->state == RXRPC_CALL_CLIENT_AWAIT_REPLY &&
230 !rxrpc_end_tx_phase(call, "ETD"))
231 return;
17926a79 232
248f219c 233 call->ackr_prev_seq = seq;
17926a79 234
248f219c
DH		 235 hard_ack = READ_ONCE(call->rx_hard_ack);
236 if (after(seq, hard_ack + call->rx_winsize)) {
17926a79 237 ack = RXRPC_ACK_EXCEEDS_WINDOW;
248f219c
DH		 238 ack_serial = serial;
239 goto ack;
17926a79
DH		 240 }
241
248f219c
DH		 242 flags = sp->hdr.flags;
243 if (flags & RXRPC_JUMBO_PACKET) {
75e42126 244 if (call->nr_jumbo_bad > 3) {
248f219c
DH		 245 ack = RXRPC_ACK_NOSPACE;
246 ack_serial = serial;
247 goto ack;
17926a79 248 }
248f219c 249 annotation = 1;
17926a79
DH		 250 }
251
248f219c
DH		 252next_subpacket:
253 queued = false;
254 ix = seq & RXRPC_RXTX_BUFF_MASK;
89a80ed4 255 len = skb->len;
248f219c
DH		 256 if (flags & RXRPC_JUMBO_PACKET)
257 len = RXRPC_JUMBO_DATALEN;
258
259 if (flags & RXRPC_LAST_PACKET) {
816c9fce 260 if (test_bit(RXRPC_CALL_RX_LAST, &call->flags) &&
248f219c
DH		 261 seq != call->rx_top)
262 return rxrpc_proto_abort("LSN", call, seq);
263 } else {
264 if (test_bit(RXRPC_CALL_RX_LAST, &call->flags) &&
265 after_eq(seq, call->rx_top))
266 return rxrpc_proto_abort("LSA", call, seq);
17926a79
DH		 267 }
268
248f219c
DH		 269 if (before_eq(seq, hard_ack)) {
270 ack = RXRPC_ACK_DUPLICATE;
271 ack_serial = serial;
272 goto skip;
273 }
274
275 if (flags & RXRPC_REQUEST_ACK && !ack) {
276 ack = RXRPC_ACK_REQUESTED;
277 ack_serial = serial;
278 }
279
280 if (call->rxtx_buffer[ix]) {
75e42126 281 rxrpc_input_dup_data(call, seq, annotation, &jumbo_bad);
248f219c
DH		 282 if (ack != RXRPC_ACK_DUPLICATE) {
283 ack = RXRPC_ACK_DUPLICATE;
284 ack_serial = serial;
17926a79 285 }
248f219c
DH		 286 immediate_ack = true;
287 goto skip;
17926a79
DH		 288 }
289
248f219c
DH		 290 /* Queue the packet. We use a couple of memory barriers here as need
291 * to make sure that rx_top is perceived to be set after the buffer
292 * pointer and that the buffer pointer is set after the annotation and
293 * the skb data.
294 *
295 * Barriers against rxrpc_recvmsg_data() and rxrpc_rotate_rx_window()
296 * and also rxrpc_fill_out_ack().
297 */
71f3ca40 298 rxrpc_get_skb(skb, rxrpc_skb_rx_got);
248f219c
DH		 299 call->rxtx_annotations[ix] = annotation;
300 smp_wmb();
301 call->rxtx_buffer[ix] = skb;
302 if (after(seq, call->rx_top))
303 smp_store_release(&call->rx_top, seq);
58dc63c9 304 if (flags & RXRPC_LAST_PACKET) {
816c9fce 305 set_bit(RXRPC_CALL_RX_LAST, &call->flags);
58dc63c9
DH		 306 trace_rxrpc_receive(call, rxrpc_receive_queue_last, serial, seq);
307 } else {
308 trace_rxrpc_receive(call, rxrpc_receive_queue, serial, seq);
309 }
248f219c
DH		 310 queued = true;
311
312 if (after_eq(seq, call->rx_expect_next)) {
313 if (after(seq, call->rx_expect_next)) {
314 _net("OOS %u > %u", seq, call->rx_expect_next);
315 ack = RXRPC_ACK_OUT_OF_SEQUENCE;
316 ack_serial = serial;
317 }
318 call->rx_expect_next = seq + 1;
17926a79
DH		 319 }
320
248f219c
DH		 321skip:
322 offset += len;
323 if (flags & RXRPC_JUMBO_PACKET) {
324 if (skb_copy_bits(skb, offset, &flags, 1) < 0)
325 return rxrpc_proto_abort("XJF", call, seq);
326 offset += sizeof(struct rxrpc_jumbo_header);
327 seq++;
328 serial++;
329 annotation++;
330 if (flags & RXRPC_JUMBO_PACKET)
331 annotation |= RXRPC_RX_ANNO_JLAST;
75e42126
DH		 332 if (after(seq, hard_ack + call->rx_winsize)) {
333 ack = RXRPC_ACK_EXCEEDS_WINDOW;
334 ack_serial = serial;
335 if (!jumbo_bad) {
336 call->nr_jumbo_bad++;
337 jumbo_bad = true;
338 }
339 goto ack;
340 }
248f219c
DH		 341
342 _proto("Rx DATA Jumbo %%%u", serial);
343 goto next_subpacket;
344 }
17926a79 345
248f219c
DH		 346 if (queued && flags & RXRPC_LAST_PACKET && !ack) {
347 ack = RXRPC_ACK_DELAY;
348 ack_serial = serial;
349 }
17926a79 350
248f219c
DH		 351ack:
352 if (ack)
353 rxrpc_propose_ACK(call, ack, skew, ack_serial,
354 immediate_ack, true);
17926a79 355
248f219c
DH		 356 if (sp->hdr.seq == READ_ONCE(call->rx_hard_ack) + 1)
357 rxrpc_notify_socket(call);
358 _leave(" [queued]");
17926a79
DH		 359}
360
50235c4b
DH		 361/*
362 * Process a requested ACK.
363 */
364static void rxrpc_input_requested_ack(struct rxrpc_call *call,
365 ktime_t resp_time,
366 rxrpc_serial_t orig_serial,
367 rxrpc_serial_t ack_serial)
368{
369 struct rxrpc_skb_priv *sp;
370 struct sk_buff *skb;
371 ktime_t sent_at;
372 int ix;
373
374 for (ix = 0; ix < RXRPC_RXTX_BUFF_SIZE; ix++) {
375 skb = call->rxtx_buffer[ix];
376 if (!skb)
377 continue;
378
379 sp = rxrpc_skb(skb);
380 if (sp->hdr.serial != orig_serial)
381 continue;
382 smp_rmb();
383 sent_at = skb->tstamp;
384 goto found;
385 }
386 return;
387
388found:
389 rxrpc_peer_add_rtt(call, rxrpc_rtt_rx_requested_ack,
390 orig_serial, ack_serial, sent_at, resp_time);
391}
392
8e83134d
DH		 393/*
394 * Process a ping response.
395 */
396static void rxrpc_input_ping_response(struct rxrpc_call *call,
397 ktime_t resp_time,
398 rxrpc_serial_t orig_serial,
399 rxrpc_serial_t ack_serial)
400{
401 rxrpc_serial_t ping_serial;
402 ktime_t ping_time;
403
404 ping_time = call->ackr_ping_time;
405 smp_rmb();
406 ping_serial = call->ackr_ping;
407
408 if (!test_bit(RXRPC_CALL_PINGING, &call->flags) ||
409 before(orig_serial, ping_serial))
410 return;
411 clear_bit(RXRPC_CALL_PINGING, &call->flags);
412 if (after(orig_serial, ping_serial))
413 return;
414
415 rxrpc_peer_add_rtt(call, rxrpc_rtt_rx_ping_response,
416 orig_serial, ack_serial, ping_time, resp_time);
417}
418
17926a79 419/*
248f219c 420 * Process the extra information that may be appended to an ACK packet
17926a79 421 */
248f219c
DH		 422static void rxrpc_input_ackinfo(struct rxrpc_call *call, struct sk_buff *skb,
423 struct rxrpc_ackinfo *ackinfo)
17926a79 424{
248f219c
DH		 425 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
426 struct rxrpc_peer *peer;
427 unsigned int mtu;
01fd0742 428 u32 rwind = ntohl(ackinfo->rwind);
248f219c
DH		 429
430 _proto("Rx ACK %%%u Info { rx=%u max=%u rwin=%u jm=%u }",
431 sp->hdr.serial,
432 ntohl(ackinfo->rxMTU), ntohl(ackinfo->maxMTU),
01fd0742 433 rwind, ntohl(ackinfo->jumbo_max));
248f219c 434
01fd0742
DH		 435 if (rwind > RXRPC_RXTX_BUFF_SIZE - 1)
436 rwind = RXRPC_RXTX_BUFF_SIZE - 1;
437 call->tx_winsize = rwind;
248f219c
DH		 438
439 mtu = min(ntohl(ackinfo->rxMTU), ntohl(ackinfo->maxMTU));
440
441 peer = call->peer;
442 if (mtu < peer->maxdata) {
443 spin_lock_bh(&peer->lock);
444 peer->maxdata = mtu;
445 peer->mtu = mtu + peer->hdrsize;
446 spin_unlock_bh(&peer->lock);
447 _net("Net MTU %u (maxdata %u)", peer->mtu, peer->maxdata);
448 }
449}
17926a79 450
248f219c
DH		 451/*
452 * Process individual soft ACKs.
453 *
454 * Each ACK in the array corresponds to one packet and can be either an ACK or
455 * a NAK. If we get find an explicitly NAK'd packet we resend immediately;
456 * packets that lie beyond the end of the ACK list are scheduled for resend by
457 * the timer on the basis that the peer might just not have processed them at
458 * the time the ACK was sent.
459 */
460static void rxrpc_input_soft_acks(struct rxrpc_call *call, u8 *acks,
461 rxrpc_seq_t seq, int nr_acks)
462{
463 bool resend = false;
464 int ix;
f07373ea 465 u8 annotation, anno_type;
248f219c
DH		 466
467 for (; nr_acks > 0; nr_acks--, seq++) {
468 ix = seq & RXRPC_RXTX_BUFF_MASK;
f07373ea
DH		 469 annotation = call->rxtx_annotations[ix];
470 anno_type = annotation & RXRPC_TX_ANNO_MASK;
471 annotation &= ~RXRPC_TX_ANNO_MASK;
d01dc4c3 472 switch (*acks++) {
248f219c 473 case RXRPC_ACK_TYPE_ACK:
f07373ea
DH		 474 if (anno_type == RXRPC_TX_ANNO_ACK)
475 continue;
476 call->rxtx_annotations[ix] =
477 RXRPC_TX_ANNO_ACK | annotation;
248f219c
DH		 478 break;
479 case RXRPC_ACK_TYPE_NACK:
f07373ea 480 if (anno_type == RXRPC_TX_ANNO_NAK)
248f219c 481 continue;
be8aa338
DH		 482 if (anno_type == RXRPC_TX_ANNO_RETRANS)
483 continue;
f07373ea
DH		 484 call->rxtx_annotations[ix] =
485 RXRPC_TX_ANNO_NAK | annotation;
248f219c
DH		 486 resend = true;
487 break;
488 default:
489 return rxrpc_proto_abort("SFT", call, 0);
17926a79 490 }
17926a79 491 }
248f219c
DH		 492
493 if (resend &&
494 !test_and_set_bit(RXRPC_CALL_EV_RESEND, &call->events))
495 rxrpc_queue_call(call);
17926a79
DH		 496}
497
498/*
248f219c
DH		 499 * Process an ACK packet.
500 *
501 * ack.firstPacket is the sequence number of the first soft-ACK'd/NAK'd packet
502 * in the ACK array. Anything before that is hard-ACK'd and may be discarded.
503 *
504 * A hard-ACK means that a packet has been processed and may be discarded; a
505 * soft-ACK means that the packet may be discarded and retransmission
506 * requested. A phase is complete when all packets are hard-ACK'd.
17926a79 507 */
248f219c
DH		 508static void rxrpc_input_ack(struct rxrpc_call *call, struct sk_buff *skb,
509 u16 skew)
17926a79
DH		 510{
511 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
248f219c
DH		 512 union {
513 struct rxrpc_ackpacket ack;
514 struct rxrpc_ackinfo info;
515 u8 acks[RXRPC_MAXACKS];
516 } buf;
8e83134d 517 rxrpc_serial_t acked_serial;
248f219c
DH		 518 rxrpc_seq_t first_soft_ack, hard_ack;
519 int nr_acks, offset;
520
521 _enter("");
522
523 if (skb_copy_bits(skb, sp->offset, &buf.ack, sizeof(buf.ack)) < 0) {
524 _debug("extraction failure");
525 return rxrpc_proto_abort("XAK", call, 0);
17926a79 526 }
248f219c
DH		 527 sp->offset += sizeof(buf.ack);
528
8e83134d 529 acked_serial = ntohl(buf.ack.serial);
248f219c
DH		 530 first_soft_ack = ntohl(buf.ack.firstPacket);
531 hard_ack = first_soft_ack - 1;
532 nr_acks = buf.ack.nAcks;
533
ec71eb9a
DH		 534 trace_rxrpc_rx_ack(call, first_soft_ack, buf.ack.reason, nr_acks);
535
248f219c
DH		 536 _proto("Rx ACK %%%u { m=%hu f=#%u p=#%u s=%%%u r=%s n=%u }",
537 sp->hdr.serial,
538 ntohs(buf.ack.maxSkew),
539 first_soft_ack,
540 ntohl(buf.ack.previousPacket),
8e83134d 541 acked_serial,
248f219c
DH		 542 rxrpc_acks(buf.ack.reason),
543 buf.ack.nAcks);
544
8e83134d
DH		 545 if (buf.ack.reason == RXRPC_ACK_PING_RESPONSE)
546 rxrpc_input_ping_response(call, skb->tstamp, acked_serial,
547 sp->hdr.serial);
50235c4b
DH		 548 if (buf.ack.reason == RXRPC_ACK_REQUESTED)
549 rxrpc_input_requested_ack(call, skb->tstamp, acked_serial,
550 sp->hdr.serial);
8e83134d 551
248f219c
DH		 552 if (buf.ack.reason == RXRPC_ACK_PING) {
553 _proto("Rx ACK %%%u PING Request", sp->hdr.serial);
554 rxrpc_propose_ACK(call, RXRPC_ACK_PING_RESPONSE,
555 skew, sp->hdr.serial, true, true);
556 } else if (sp->hdr.flags & RXRPC_REQUEST_ACK) {
563ea7d5 557 rxrpc_propose_ACK(call, RXRPC_ACK_REQUESTED,
248f219c 558 skew, sp->hdr.serial, true, true);
17926a79
DH		 559 }
560
248f219c 561 offset = sp->offset + nr_acks + 3;
89a80ed4 562 if (skb->len >= offset + sizeof(buf.info)) {
248f219c
DH		 563 if (skb_copy_bits(skb, offset, &buf.info, sizeof(buf.info)) < 0)
564 return rxrpc_proto_abort("XAI", call, 0);
565 rxrpc_input_ackinfo(call, skb, &buf.info);
566 }
17926a79 567
248f219c
DH		 568 if (first_soft_ack == 0)
569 return rxrpc_proto_abort("AK0", call, 0);
17926a79 570
248f219c
DH		 571 /* Ignore ACKs unless we are or have just been transmitting. */
572 switch (call->state) {
573 case RXRPC_CALL_CLIENT_SEND_REQUEST:
574 case RXRPC_CALL_CLIENT_AWAIT_REPLY:
575 case RXRPC_CALL_SERVER_SEND_REPLY:
576 case RXRPC_CALL_SERVER_AWAIT_ACK:
577 break;
17926a79 578 default:
248f219c
DH		 579 return;
580 }
17926a79 581
248f219c 582 /* Discard any out-of-order or duplicate ACKs. */
98dafac5 583 if (before_eq(sp->hdr.serial, call->acks_latest)) {
248f219c
DH		 584 _debug("discard ACK %d <= %d",
585 sp->hdr.serial, call->acks_latest);
586 return;
587 }
588 call->acks_latest = sp->hdr.serial;
17926a79 589
248f219c
DH		 590 if (test_bit(RXRPC_CALL_TX_LAST, &call->flags) &&
591 hard_ack == call->tx_top) {
592 rxrpc_end_tx_phase(call, "ETA");
593 return;
594 }
17926a79 595
248f219c
DH		 596 if (before(hard_ack, call->tx_hard_ack) ||
597 after(hard_ack, call->tx_top))
598 return rxrpc_proto_abort("AKW", call, 0);
17926a79 599
248f219c
DH		 600 if (after(hard_ack, call->tx_hard_ack))
601 rxrpc_rotate_tx_window(call, hard_ack);
17926a79 602
248f219c
DH		 603 if (after(first_soft_ack, call->tx_top))
604 return;
17926a79 605
248f219c
DH		 606 if (nr_acks > call->tx_top - first_soft_ack + 1)
607 nr_acks = first_soft_ack - call->tx_top + 1;
608 if (skb_copy_bits(skb, sp->offset, buf.acks, nr_acks) < 0)
609 return rxrpc_proto_abort("XSA", call, 0);
610 rxrpc_input_soft_acks(call, buf.acks, first_soft_ack, nr_acks);
17926a79
DH		 611}
612
613/*
248f219c 614 * Process an ACKALL packet.
17926a79 615 */
248f219c 616static void rxrpc_input_ackall(struct rxrpc_call *call, struct sk_buff *skb)
17926a79 617{
248f219c 618 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
17926a79 619
248f219c 620 _proto("Rx ACKALL %%%u", sp->hdr.serial);
17926a79 621
248f219c
DH		 622 rxrpc_end_tx_phase(call, "ETL");
623}
17926a79 624
248f219c
DH		 625/*
626 * Process an ABORT packet.
627 */
628static void rxrpc_input_abort(struct rxrpc_call *call, struct sk_buff *skb)
629{
630 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
631 __be32 wtmp;
632 u32 abort_code = RX_CALL_DEAD;
17926a79 633
248f219c 634 _enter("");
17926a79 635
248f219c
DH		 636 if (skb->len >= 4 &&
637 skb_copy_bits(skb, sp->offset, &wtmp, sizeof(wtmp)) >= 0)
638 abort_code = ntohl(wtmp);
17926a79 639
248f219c 640 _proto("Rx ABORT %%%u { %x }", sp->hdr.serial, abort_code);
17926a79 641
248f219c
DH		 642 if (rxrpc_set_call_completion(call, RXRPC_CALL_REMOTELY_ABORTED,
643 abort_code, ECONNABORTED))
644 rxrpc_notify_socket(call);
17926a79
DH		 645}
646
647/*
248f219c 648 * Process an incoming call packet.
17926a79 649 */
248f219c
DH		 650static void rxrpc_input_call_packet(struct rxrpc_call *call,
651 struct sk_buff *skb, u16 skew)
17926a79 652{
248f219c 653 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
17926a79 654
7727640c 655 _enter("%p,%p", call, skb);
17926a79 656
248f219c
DH		 657 switch (sp->hdr.type) {
658 case RXRPC_PACKET_TYPE_DATA:
659 rxrpc_input_data(call, skb, skew);
660 break;
f5c17aae 661
248f219c
DH		 662 case RXRPC_PACKET_TYPE_ACK:
663 rxrpc_input_ack(call, skb, skew);
17926a79 664 break;
17926a79 665
248f219c
DH		 666 case RXRPC_PACKET_TYPE_BUSY:
667 _proto("Rx BUSY %%%u", sp->hdr.serial);
17926a79 668
248f219c
DH		 669 /* Just ignore BUSY packets from the server; the retry and
670 * lifespan timers will take care of business. BUSY packets
671 * from the client don't make sense.
672 */
673 break;
17926a79 674
248f219c
DH		 675 case RXRPC_PACKET_TYPE_ABORT:
676 rxrpc_input_abort(call, skb);
677 break;
17926a79 678
248f219c
DH		 679 case RXRPC_PACKET_TYPE_ACKALL:
680 rxrpc_input_ackall(call, skb);
681 break;
f5c17aae 682
248f219c
DH		 683 default:
684 _proto("Rx %s %%%u", rxrpc_pkts[sp->hdr.type], sp->hdr.serial);
685 break;
17926a79 686 }
248f219c 687
17926a79
DH		 688 _leave("");
689}
690
691/*
692 * post connection-level events to the connection
18bfeba5
DH		 693 * - this includes challenges, responses, some aborts and call terminal packet
694 * retransmission.
17926a79 695 */
2e7e9758 696static void rxrpc_post_packet_to_conn(struct rxrpc_connection *conn,
17926a79
DH		 697 struct sk_buff *skb)
698{
699 _enter("%p,%p", conn, skb);
700
17926a79 701 skb_queue_tail(&conn->rx_queue, skb);
2e7e9758 702 rxrpc_queue_conn(conn);
17926a79
DH		 703}
704
44ba0698
DH		 705/*
706 * post endpoint-level events to the local endpoint
707 * - this includes debug and version messages
708 */
709static void rxrpc_post_packet_to_local(struct rxrpc_local *local,
710 struct sk_buff *skb)
711{
712 _enter("%p,%p", local, skb);
713
44ba0698 714 skb_queue_tail(&local->event_queue, skb);
5acbee46 715 rxrpc_queue_local(local);
44ba0698
DH		 716}
717
248f219c
DH		 718/*
719 * put a packet up for transport-level abort
720 */
721static void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb)
722{
723 CHECK_SLAB_OKAY(&local->usage);
724
725 skb_queue_tail(&local->reject_queue, skb);
726 rxrpc_queue_local(local);
727}
728
0d12f8a4
DH		 729/*
730 * Extract the wire header from a packet and translate the byte order.
731 */
732static noinline
733int rxrpc_extract_header(struct rxrpc_skb_priv *sp, struct sk_buff *skb)
734{
735 struct rxrpc_wire_header whdr;
736
737 /* dig out the RxRPC connection details */
4d0fc73e 738 if (skb_copy_bits(skb, 0, &whdr, sizeof(whdr)) < 0)
0d12f8a4 739 return -EBADMSG;
0d12f8a4
DH		 740
741 memset(sp, 0, sizeof(*sp));
742 sp->hdr.epoch = ntohl(whdr.epoch);
743 sp->hdr.cid = ntohl(whdr.cid);
744 sp->hdr.callNumber = ntohl(whdr.callNumber);
745 sp->hdr.seq = ntohl(whdr.seq);
746 sp->hdr.serial = ntohl(whdr.serial);
747 sp->hdr.flags = whdr.flags;
748 sp->hdr.type = whdr.type;
749 sp->hdr.userStatus = whdr.userStatus;
750 sp->hdr.securityIndex = whdr.securityIndex;
751 sp->hdr._rsvd = ntohs(whdr._rsvd);
752 sp->hdr.serviceId = ntohs(whdr.serviceId);
248f219c 753 sp->offset = sizeof(whdr);
0d12f8a4
DH		 754 return 0;
755}
756
17926a79
DH		 757/*
758 * handle data received on the local endpoint
759 * - may be called in interrupt context
4f95dd78
DH		 760 *
761 * The socket is locked by the caller and this prevents the socket from being
762 * shut down and the local endpoint from going away, thus sk_user_data will not
763 * be cleared until this function returns.
17926a79 764 */
248f219c 765void rxrpc_data_ready(struct sock *udp_sk)
17926a79 766{
8496af50 767 struct rxrpc_connection *conn;
248f219c
DH		 768 struct rxrpc_channel *chan;
769 struct rxrpc_call *call;
17926a79 770 struct rxrpc_skb_priv *sp;
248f219c 771 struct rxrpc_local *local = udp_sk->sk_user_data;
17926a79 772 struct sk_buff *skb;
248f219c 773 unsigned int channel;
563ea7d5 774 int ret, skew;
17926a79 775
248f219c 776 _enter("%p", udp_sk);
17926a79
DH		 777
778 ASSERT(!irqs_disabled());
779
248f219c 780 skb = skb_recv_datagram(udp_sk, 0, 1, &ret);
17926a79 781 if (!skb) {
17926a79
DH		 782 if (ret == -EAGAIN)
783 return;
784 _debug("UDP socket error %d", ret);
785 return;
786 }
787
71f3ca40 788 rxrpc_new_skb(skb, rxrpc_skb_rx_received);
17926a79
DH		 789
790 _net("recv skb %p", skb);
791
792 /* we'll probably need to checksum it (didn't call sock_recvmsg) */
793 if (skb_checksum_complete(skb)) {
71f3ca40 794 rxrpc_free_skb(skb, rxrpc_skb_rx_freed);
02c22347 795 __UDP_INC_STATS(&init_net, UDP_MIB_INERRORS, 0);
17926a79
DH		 796 _leave(" [CSUM failed]");
797 return;
798 }
799
02c22347 800 __UDP_INC_STATS(&init_net, UDP_MIB_INDATAGRAMS, 0);
1781f7f5 801
0d12f8a4
DH		 802 /* The socket buffer we have is owned by UDP, with UDP's data all over
803 * it, but we really want our own data there.
804 */
17926a79
DH		 805 skb_orphan(skb);
806 sp = rxrpc_skb(skb);
17926a79 807
8a681c36
DH		 808 if (IS_ENABLED(CONFIG_AF_RXRPC_INJECT_LOSS)) {
809 static int lose;
810 if ((lose++ & 7) == 7) {
811 rxrpc_lose_skb(skb, rxrpc_skb_rx_lost);
812 return;
813 }
814 }
815
17926a79
DH		 816 _net("Rx UDP packet from %08x:%04hu",
817 ntohl(ip_hdr(skb)->saddr), ntohs(udp_hdr(skb)->source));
818
819 /* dig out the RxRPC connection details */
0d12f8a4 820 if (rxrpc_extract_header(sp, skb) < 0)
17926a79 821 goto bad_message;
49e19ec7 822 trace_rxrpc_rx_packet(sp);
17926a79
DH		 823
824 _net("Rx RxRPC %s ep=%x call=%x:%x",
825 sp->hdr.flags & RXRPC_CLIENT_INITIATED ? "ToServer" : "ToClient",
0d12f8a4 826 sp->hdr.epoch, sp->hdr.cid, sp->hdr.callNumber);
17926a79 827
351c1e64
DH		 828 if (sp->hdr.type >= RXRPC_N_PACKET_TYPES ||
829 !((RXRPC_SUPPORTED_PACKET_TYPES >> sp->hdr.type) & 1)) {
17926a79
DH		 830 _proto("Rx Bad Packet Type %u", sp->hdr.type);
831 goto bad_message;
832 }
833
248f219c
DH		 834 switch (sp->hdr.type) {
835 case RXRPC_PACKET_TYPE_VERSION:
44ba0698
DH		 836 rxrpc_post_packet_to_local(local, skb);
837 goto out;
bc6e1ea3 838
248f219c
DH		 839 case RXRPC_PACKET_TYPE_BUSY:
840 if (sp->hdr.flags & RXRPC_CLIENT_INITIATED)
841 goto discard;
842
843 case RXRPC_PACKET_TYPE_DATA:
844 if (sp->hdr.callNumber == 0)
845 goto bad_message;
846 if (sp->hdr.flags & RXRPC_JUMBO_PACKET &&
847 !rxrpc_validate_jumbo(skb))
848 goto bad_message;
849 break;
850 }
17926a79 851
8496af50
DH		 852 rcu_read_lock();
853
8496af50 854 conn = rxrpc_find_connection_rcu(local, skb);
248f219c
DH		 855 if (conn) {
856 if (sp->hdr.securityIndex != conn->security_ix)
857 goto wrong_security;
563ea7d5 858
248f219c
DH		 859 if (sp->hdr.callNumber == 0) {
860 /* Connection-level packet */
861 _debug("CONN %p {%d}", conn, conn->debug_id);
862 rxrpc_post_packet_to_conn(conn, skb);
863 goto out_unlock;
864 }
865
866 /* Note the serial number skew here */
867 skew = (int)sp->hdr.serial - (int)conn->hi_serial;
868 if (skew >= 0) {
869 if (skew > 0)
870 conn->hi_serial = sp->hdr.serial;
871 } else {
872 skew = -skew;
873 skew = min(skew, 65535);
874 }
17926a79 875
8496af50 876 /* Call-bound packets are routed by connection channel. */
248f219c
DH		 877 channel = sp->hdr.cid & RXRPC_CHANNELMASK;
878 chan = &conn->channels[channel];
18bfeba5
DH		 879
880 /* Ignore really old calls */
881 if (sp->hdr.callNumber < chan->last_call)
882 goto discard_unlock;
883
884 if (sp->hdr.callNumber == chan->last_call) {
248f219c
DH		 885 /* For the previous service call, if completed successfully, we
886 * discard all further packets.
18bfeba5 887 */
2266ffde 888 if (rxrpc_conn_is_service(conn) &&
18bfeba5
DH		 889 (chan->last_type == RXRPC_PACKET_TYPE_ACK ||
890 sp->hdr.type == RXRPC_PACKET_TYPE_ABORT))
891 goto discard_unlock;
892
248f219c
DH		 893 /* But otherwise we need to retransmit the final packet from
894 * data cached in the connection record.
18bfeba5
DH		 895 */
896 rxrpc_post_packet_to_conn(conn, skb);
897 goto out_unlock;
898 }
0d12f8a4 899
18bfeba5 900 call = rcu_dereference(chan->call);
248f219c
DH		 901 } else {
902 skew = 0;
903 call = NULL;
904 }
8496af50 905
248f219c
DH		 906 if (!call || atomic_read(&call->usage) == 0) {
907 if (!(sp->hdr.type & RXRPC_CLIENT_INITIATED) ||
908 sp->hdr.callNumber == 0 ||
909 sp->hdr.type != RXRPC_PACKET_TYPE_DATA)
910 goto bad_message_unlock;
911 if (sp->hdr.seq != 1)
912 goto discard_unlock;
913 call = rxrpc_new_incoming_call(local, conn, skb);
914 if (!call) {
915 rcu_read_unlock();
916 goto reject_packet;
917 }
8e83134d 918 rxrpc_send_ping(call, skb, skew);
7727640c 919 }
44ba0698 920
248f219c
DH		 921 rxrpc_input_call_packet(call, skb, skew);
922 goto discard_unlock;
923
18bfeba5 924discard_unlock:
8496af50 925 rcu_read_unlock();
248f219c 926discard:
71f3ca40 927 rxrpc_free_skb(skb, rxrpc_skb_rx_freed);
44ba0698 928out:
49e19ec7 929 trace_rxrpc_rx_done(0, 0);
17926a79
DH		 930 return;
931
248f219c 932out_unlock:
8496af50 933 rcu_read_unlock();
248f219c 934 goto out;
8496af50 935
248f219c
DH		 936wrong_security:
937 rcu_read_unlock();
938 trace_rxrpc_abort("SEC", sp->hdr.cid, sp->hdr.callNumber, sp->hdr.seq,
939 RXKADINCONSISTENCY, EBADMSG);
940 skb->priority = RXKADINCONSISTENCY;
941 goto post_abort;
17926a79 942
248f219c
DH		 943bad_message_unlock:
944 rcu_read_unlock();
17926a79 945bad_message:
248f219c
DH		 946 trace_rxrpc_abort("BAD", sp->hdr.cid, sp->hdr.callNumber, sp->hdr.seq,
947 RX_PROTOCOL_ERROR, EBADMSG);
17926a79 948 skb->priority = RX_PROTOCOL_ERROR;
248f219c
DH		 949post_abort:
950 skb->mark = RXRPC_SKB_MARK_LOCAL_ABORT;
49e19ec7
DH		 951reject_packet:
952 trace_rxrpc_rx_done(skb->mark, skb->priority);
17926a79 953 rxrpc_reject_packet(local, skb);
17926a79
DH		 954 _leave(" [badmsg]");
955}
ubuntu-zesty-kernel mirror