]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/rxrpc/input.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
rxrpc: Add re-sent Tx annotation
[mirror_ubuntu-zesty-kernel.git] / net / rxrpc / input.c
CommitLineData
17926a79
DH		 1/* RxRPC packet reception
2 *
248f219c 3 * Copyright (C) 2007, 2016 Red Hat, Inc. All Rights Reserved.
17926a79
DH		 4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
9b6d5398
JP		 12#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13
17926a79
DH		 14#include <linux/module.h>
15#include <linux/net.h>
16#include <linux/skbuff.h>
17#include <linux/errqueue.h>
18#include <linux/udp.h>
19#include <linux/in.h>
20#include <linux/in6.h>
21#include <linux/icmp.h>
5a0e3ad6 22#include <linux/gfp.h>
17926a79
DH		 23#include <net/sock.h>
24#include <net/af_rxrpc.h>
25#include <net/ip.h>
1781f7f5 26#include <net/udp.h>
0283328e 27#include <net/net_namespace.h>
17926a79
DH		 28#include "ar-internal.h"
29
248f219c
DH		 30static void rxrpc_proto_abort(const char *why,
31 struct rxrpc_call *call, rxrpc_seq_t seq)
32{
33 if (rxrpc_abort_call(why, call, seq, RX_PROTOCOL_ERROR, EBADMSG)) {
34 set_bit(RXRPC_CALL_EV_ABORT, &call->events);
35 rxrpc_queue_call(call);
36 }
37}
38
17926a79 39/*
248f219c 40 * Apply a hard ACK by advancing the Tx window.
17926a79 41 */
248f219c 42static void rxrpc_rotate_tx_window(struct rxrpc_call *call, rxrpc_seq_t to)
17926a79 43{
248f219c
DH		 44 struct sk_buff *skb, *list = NULL;
45 int ix;
17926a79 46
248f219c 47 spin_lock(&call->lock);
17926a79 48
248f219c
DH		 49 while (before(call->tx_hard_ack, to)) {
50 call->tx_hard_ack++;
51 ix = call->tx_hard_ack & RXRPC_RXTX_BUFF_MASK;
52 skb = call->rxtx_buffer[ix];
71f3ca40 53 rxrpc_see_skb(skb, rxrpc_skb_tx_rotated);
248f219c
DH		 54 call->rxtx_buffer[ix] = NULL;
55 call->rxtx_annotations[ix] = 0;
56 skb->next = list;
57 list = skb;
58 }
17926a79 59
248f219c 60 spin_unlock(&call->lock);
17926a79 61
a124fe3e 62 trace_rxrpc_transmit(call, rxrpc_transmit_rotate);
bc4abfcf
DH		 63 wake_up(&call->waitq);
64
248f219c
DH		 65 while (list) {
66 skb = list;
67 list = skb->next;
68 skb->next = NULL;
71f3ca40 69 rxrpc_free_skb(skb, rxrpc_skb_tx_freed);
17926a79 70 }
248f219c 71}
17926a79 72
248f219c
DH		 73/*
74 * End the transmission phase of a call.
75 *
76 * This occurs when we get an ACKALL packet, the first DATA packet of a reply,
77 * or a final ACK packet.
78 */
79static bool rxrpc_end_tx_phase(struct rxrpc_call *call, const char *abort_why)
80{
81 _enter("");
17926a79 82
248f219c
DH		 83 switch (call->state) {
84 case RXRPC_CALL_CLIENT_RECV_REPLY:
85 return true;
86 case RXRPC_CALL_CLIENT_AWAIT_REPLY:
87 case RXRPC_CALL_SERVER_AWAIT_ACK:
88 break;
89 default:
90 rxrpc_proto_abort(abort_why, call, call->tx_top);
91 return false;
17926a79
DH		 92 }
93
248f219c 94 rxrpc_rotate_tx_window(call, call->tx_top);
17926a79 95
248f219c 96 write_lock(&call->state_lock);
651350d1 97
248f219c
DH		 98 switch (call->state) {
99 default:
100 break;
101 case RXRPC_CALL_CLIENT_AWAIT_REPLY:
71f3ca40 102 call->tx_phase = false;
248f219c
DH		 103 call->state = RXRPC_CALL_CLIENT_RECV_REPLY;
104 break;
105 case RXRPC_CALL_SERVER_AWAIT_ACK:
106 __rxrpc_call_completed(call);
107 rxrpc_notify_socket(call);
108 break;
17926a79 109 }
17926a79 110
248f219c 111 write_unlock(&call->state_lock);
a124fe3e 112 trace_rxrpc_transmit(call, rxrpc_transmit_end);
248f219c
DH		 113 _leave(" = ok");
114 return true;
115}
116
117/*
118 * Scan a jumbo packet to validate its structure and to work out how many
119 * subpackets it contains.
120 *
121 * A jumbo packet is a collection of consecutive packets glued together with
122 * little headers between that indicate how to change the initial header for
123 * each subpacket.
124 *
125 * RXRPC_JUMBO_PACKET must be set on all but the last subpacket - and all but
126 * the last are RXRPC_JUMBO_DATALEN in size. The last subpacket may be of any
127 * size.
128 */
129static bool rxrpc_validate_jumbo(struct sk_buff *skb)
130{
131 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
132 unsigned int offset = sp->offset;
89a80ed4 133 unsigned int len = skb->len;
248f219c
DH		 134 int nr_jumbo = 1;
135 u8 flags = sp->hdr.flags;
136
137 do {
138 nr_jumbo++;
139 if (len - offset < RXRPC_JUMBO_SUBPKTLEN)
140 goto protocol_error;
141 if (flags & RXRPC_LAST_PACKET)
142 goto protocol_error;
143 offset += RXRPC_JUMBO_DATALEN;
144 if (skb_copy_bits(skb, offset, &flags, 1) < 0)
145 goto protocol_error;
146 offset += sizeof(struct rxrpc_jumbo_header);
147 } while (flags & RXRPC_JUMBO_PACKET);
148
149 sp->nr_jumbo = nr_jumbo;
150 return true;
17926a79 151
248f219c
DH		 152protocol_error:
153 return false;
17926a79
DH		 154}
155
156/*
248f219c
DH		 157 * Handle reception of a duplicate packet.
158 *
159 * We have to take care to avoid an attack here whereby we're given a series of
160 * jumbograms, each with a sequence number one before the preceding one and
161 * filled up to maximum UDP size. If they never send us the first packet in
162 * the sequence, they can cause us to have to hold on to around 2MiB of kernel
163 * space until the call times out.
164 *
165 * We limit the space usage by only accepting three duplicate jumbo packets per
166 * call. After that, we tell the other side we're no longer accepting jumbos
167 * (that information is encoded in the ACK packet).
17926a79 168 */
248f219c 169static void rxrpc_input_dup_data(struct rxrpc_call *call, rxrpc_seq_t seq,
75e42126 170 u8 annotation, bool *_jumbo_bad)
17926a79 171{
248f219c
DH		 172 /* Discard normal packets that are duplicates. */
173 if (annotation == 0)
174 return;
17926a79 175
248f219c
DH		 176 /* Skip jumbo subpackets that are duplicates. When we've had three or
177 * more partially duplicate jumbo packets, we refuse to take any more
178 * jumbos for this call.
179 */
75e42126
DH		 180 if (!*_jumbo_bad) {
181 call->nr_jumbo_bad++;
182 *_jumbo_bad = true;
248f219c
DH		 183 }
184}
17926a79 185
248f219c
DH		 186/*
187 * Process a DATA packet, adding the packet to the Rx ring.
188 */
189static void rxrpc_input_data(struct rxrpc_call *call, struct sk_buff *skb,
190 u16 skew)
191{
192 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
193 unsigned int offset = sp->offset;
194 unsigned int ix;
195 rxrpc_serial_t serial = sp->hdr.serial, ack_serial = 0;
196 rxrpc_seq_t seq = sp->hdr.seq, hard_ack;
75e42126 197 bool immediate_ack = false, jumbo_bad = false, queued;
248f219c
DH		 198 u16 len;
199 u8 ack = 0, flags, annotation = 0;
17926a79 200
248f219c 201 _enter("{%u,%u},{%u,%u}",
89a80ed4 202 call->rx_hard_ack, call->rx_top, skb->len, seq);
17926a79 203
248f219c
DH		 204 _proto("Rx DATA %%%u { #%u f=%02x }",
205 sp->hdr.serial, seq, sp->hdr.flags);
17926a79 206
248f219c
DH		 207 if (call->state >= RXRPC_CALL_COMPLETE)
208 return;
17926a79 209
248f219c
DH		 210 /* Received data implicitly ACKs all of the request packets we sent
211 * when we're acting as a client.
212 */
213 if (call->state == RXRPC_CALL_CLIENT_AWAIT_REPLY &&
214 !rxrpc_end_tx_phase(call, "ETD"))
215 return;
17926a79 216
248f219c 217 call->ackr_prev_seq = seq;
17926a79 218
248f219c
DH		 219 hard_ack = READ_ONCE(call->rx_hard_ack);
220 if (after(seq, hard_ack + call->rx_winsize)) {
17926a79 221 ack = RXRPC_ACK_EXCEEDS_WINDOW;
248f219c
DH		 222 ack_serial = serial;
223 goto ack;
17926a79
DH		 224 }
225
248f219c
DH		 226 flags = sp->hdr.flags;
227 if (flags & RXRPC_JUMBO_PACKET) {
75e42126 228 if (call->nr_jumbo_bad > 3) {
248f219c
DH		 229 ack = RXRPC_ACK_NOSPACE;
230 ack_serial = serial;
231 goto ack;
17926a79 232 }
248f219c 233 annotation = 1;
17926a79
DH		 234 }
235
248f219c
DH		 236next_subpacket:
237 queued = false;
238 ix = seq & RXRPC_RXTX_BUFF_MASK;
89a80ed4 239 len = skb->len;
248f219c
DH		 240 if (flags & RXRPC_JUMBO_PACKET)
241 len = RXRPC_JUMBO_DATALEN;
242
243 if (flags & RXRPC_LAST_PACKET) {
816c9fce 244 if (test_bit(RXRPC_CALL_RX_LAST, &call->flags) &&
248f219c
DH		 245 seq != call->rx_top)
246 return rxrpc_proto_abort("LSN", call, seq);
247 } else {
248 if (test_bit(RXRPC_CALL_RX_LAST, &call->flags) &&
249 after_eq(seq, call->rx_top))
250 return rxrpc_proto_abort("LSA", call, seq);
17926a79
DH		 251 }
252
248f219c
DH		 253 if (before_eq(seq, hard_ack)) {
254 ack = RXRPC_ACK_DUPLICATE;
255 ack_serial = serial;
256 goto skip;
257 }
258
259 if (flags & RXRPC_REQUEST_ACK && !ack) {
260 ack = RXRPC_ACK_REQUESTED;
261 ack_serial = serial;
262 }
263
264 if (call->rxtx_buffer[ix]) {
75e42126 265 rxrpc_input_dup_data(call, seq, annotation, &jumbo_bad);
248f219c
DH		 266 if (ack != RXRPC_ACK_DUPLICATE) {
267 ack = RXRPC_ACK_DUPLICATE;
268 ack_serial = serial;
17926a79 269 }
248f219c
DH		 270 immediate_ack = true;
271 goto skip;
17926a79
DH		 272 }
273
248f219c
DH		 274 /* Queue the packet. We use a couple of memory barriers here as need
275 * to make sure that rx_top is perceived to be set after the buffer
276 * pointer and that the buffer pointer is set after the annotation and
277 * the skb data.
278 *
279 * Barriers against rxrpc_recvmsg_data() and rxrpc_rotate_rx_window()
280 * and also rxrpc_fill_out_ack().
281 */
71f3ca40 282 rxrpc_get_skb(skb, rxrpc_skb_rx_got);
248f219c
DH		 283 call->rxtx_annotations[ix] = annotation;
284 smp_wmb();
285 call->rxtx_buffer[ix] = skb;
286 if (after(seq, call->rx_top))
287 smp_store_release(&call->rx_top, seq);
58dc63c9 288 if (flags & RXRPC_LAST_PACKET) {
816c9fce 289 set_bit(RXRPC_CALL_RX_LAST, &call->flags);
58dc63c9
DH		 290 trace_rxrpc_receive(call, rxrpc_receive_queue_last, serial, seq);
291 } else {
292 trace_rxrpc_receive(call, rxrpc_receive_queue, serial, seq);
293 }
248f219c
DH		 294 queued = true;
295
296 if (after_eq(seq, call->rx_expect_next)) {
297 if (after(seq, call->rx_expect_next)) {
298 _net("OOS %u > %u", seq, call->rx_expect_next);
299 ack = RXRPC_ACK_OUT_OF_SEQUENCE;
300 ack_serial = serial;
301 }
302 call->rx_expect_next = seq + 1;
17926a79
DH		 303 }
304
248f219c
DH		 305skip:
306 offset += len;
307 if (flags & RXRPC_JUMBO_PACKET) {
308 if (skb_copy_bits(skb, offset, &flags, 1) < 0)
309 return rxrpc_proto_abort("XJF", call, seq);
310 offset += sizeof(struct rxrpc_jumbo_header);
311 seq++;
312 serial++;
313 annotation++;
314 if (flags & RXRPC_JUMBO_PACKET)
315 annotation |= RXRPC_RX_ANNO_JLAST;
75e42126
DH		 316 if (after(seq, hard_ack + call->rx_winsize)) {
317 ack = RXRPC_ACK_EXCEEDS_WINDOW;
318 ack_serial = serial;
319 if (!jumbo_bad) {
320 call->nr_jumbo_bad++;
321 jumbo_bad = true;
322 }
323 goto ack;
324 }
248f219c
DH		 325
326 _proto("Rx DATA Jumbo %%%u", serial);
327 goto next_subpacket;
328 }
17926a79 329
248f219c
DH		 330 if (queued && flags & RXRPC_LAST_PACKET && !ack) {
331 ack = RXRPC_ACK_DELAY;
332 ack_serial = serial;
333 }
17926a79 334
248f219c
DH		 335ack:
336 if (ack)
337 rxrpc_propose_ACK(call, ack, skew, ack_serial,
338 immediate_ack, true);
17926a79 339
248f219c
DH		 340 if (sp->hdr.seq == READ_ONCE(call->rx_hard_ack) + 1)
341 rxrpc_notify_socket(call);
342 _leave(" [queued]");
17926a79
DH		 343}
344
345/*
248f219c 346 * Process the extra information that may be appended to an ACK packet
17926a79 347 */
248f219c
DH		 348static void rxrpc_input_ackinfo(struct rxrpc_call *call, struct sk_buff *skb,
349 struct rxrpc_ackinfo *ackinfo)
17926a79 350{
248f219c
DH		 351 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
352 struct rxrpc_peer *peer;
353 unsigned int mtu;
01fd0742 354 u32 rwind = ntohl(ackinfo->rwind);
248f219c
DH		 355
356 _proto("Rx ACK %%%u Info { rx=%u max=%u rwin=%u jm=%u }",
357 sp->hdr.serial,
358 ntohl(ackinfo->rxMTU), ntohl(ackinfo->maxMTU),
01fd0742 359 rwind, ntohl(ackinfo->jumbo_max));
248f219c 360
01fd0742
DH		 361 if (rwind > RXRPC_RXTX_BUFF_SIZE - 1)
362 rwind = RXRPC_RXTX_BUFF_SIZE - 1;
363 call->tx_winsize = rwind;
248f219c
DH		 364
365 mtu = min(ntohl(ackinfo->rxMTU), ntohl(ackinfo->maxMTU));
366
367 peer = call->peer;
368 if (mtu < peer->maxdata) {
369 spin_lock_bh(&peer->lock);
370 peer->maxdata = mtu;
371 peer->mtu = mtu + peer->hdrsize;
372 spin_unlock_bh(&peer->lock);
373 _net("Net MTU %u (maxdata %u)", peer->mtu, peer->maxdata);
374 }
375}
17926a79 376
248f219c
DH		 377/*
378 * Process individual soft ACKs.
379 *
380 * Each ACK in the array corresponds to one packet and can be either an ACK or
381 * a NAK. If we get find an explicitly NAK'd packet we resend immediately;
382 * packets that lie beyond the end of the ACK list are scheduled for resend by
383 * the timer on the basis that the peer might just not have processed them at
384 * the time the ACK was sent.
385 */
386static void rxrpc_input_soft_acks(struct rxrpc_call *call, u8 *acks,
387 rxrpc_seq_t seq, int nr_acks)
388{
389 bool resend = false;
390 int ix;
f07373ea 391 u8 annotation, anno_type;
248f219c
DH		 392
393 for (; nr_acks > 0; nr_acks--, seq++) {
394 ix = seq & RXRPC_RXTX_BUFF_MASK;
f07373ea
DH		 395 annotation = call->rxtx_annotations[ix];
396 anno_type = annotation & RXRPC_TX_ANNO_MASK;
397 annotation &= ~RXRPC_TX_ANNO_MASK;
d01dc4c3 398 switch (*acks++) {
248f219c 399 case RXRPC_ACK_TYPE_ACK:
f07373ea
DH		 400 if (anno_type == RXRPC_TX_ANNO_ACK)
401 continue;
402 call->rxtx_annotations[ix] =
403 RXRPC_TX_ANNO_ACK | annotation;
248f219c
DH		 404 break;
405 case RXRPC_ACK_TYPE_NACK:
f07373ea 406 if (anno_type == RXRPC_TX_ANNO_NAK)
248f219c 407 continue;
f07373ea
DH		 408 call->rxtx_annotations[ix] =
409 RXRPC_TX_ANNO_NAK | annotation;
248f219c
DH		 410 resend = true;
411 break;
412 default:
413 return rxrpc_proto_abort("SFT", call, 0);
17926a79 414 }
17926a79 415 }
248f219c
DH		 416
417 if (resend &&
418 !test_and_set_bit(RXRPC_CALL_EV_RESEND, &call->events))
419 rxrpc_queue_call(call);
17926a79
DH		 420}
421
422/*
248f219c
DH		 423 * Process an ACK packet.
424 *
425 * ack.firstPacket is the sequence number of the first soft-ACK'd/NAK'd packet
426 * in the ACK array. Anything before that is hard-ACK'd and may be discarded.
427 *
428 * A hard-ACK means that a packet has been processed and may be discarded; a
429 * soft-ACK means that the packet may be discarded and retransmission
430 * requested. A phase is complete when all packets are hard-ACK'd.
17926a79 431 */
248f219c
DH		 432static void rxrpc_input_ack(struct rxrpc_call *call, struct sk_buff *skb,
433 u16 skew)
17926a79
DH		 434{
435 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
248f219c
DH		 436 union {
437 struct rxrpc_ackpacket ack;
438 struct rxrpc_ackinfo info;
439 u8 acks[RXRPC_MAXACKS];
440 } buf;
441 rxrpc_seq_t first_soft_ack, hard_ack;
442 int nr_acks, offset;
443
444 _enter("");
445
446 if (skb_copy_bits(skb, sp->offset, &buf.ack, sizeof(buf.ack)) < 0) {
447 _debug("extraction failure");
448 return rxrpc_proto_abort("XAK", call, 0);
17926a79 449 }
248f219c
DH		 450 sp->offset += sizeof(buf.ack);
451
452 first_soft_ack = ntohl(buf.ack.firstPacket);
453 hard_ack = first_soft_ack - 1;
454 nr_acks = buf.ack.nAcks;
455
ec71eb9a
DH		 456 trace_rxrpc_rx_ack(call, first_soft_ack, buf.ack.reason, nr_acks);
457
248f219c
DH		 458 _proto("Rx ACK %%%u { m=%hu f=#%u p=#%u s=%%%u r=%s n=%u }",
459 sp->hdr.serial,
460 ntohs(buf.ack.maxSkew),
461 first_soft_ack,
462 ntohl(buf.ack.previousPacket),
463 ntohl(buf.ack.serial),
464 rxrpc_acks(buf.ack.reason),
465 buf.ack.nAcks);
466
467 if (buf.ack.reason == RXRPC_ACK_PING) {
468 _proto("Rx ACK %%%u PING Request", sp->hdr.serial);
469 rxrpc_propose_ACK(call, RXRPC_ACK_PING_RESPONSE,
470 skew, sp->hdr.serial, true, true);
471 } else if (sp->hdr.flags & RXRPC_REQUEST_ACK) {
563ea7d5 472 rxrpc_propose_ACK(call, RXRPC_ACK_REQUESTED,
248f219c 473 skew, sp->hdr.serial, true, true);
17926a79
DH		 474 }
475
248f219c 476 offset = sp->offset + nr_acks + 3;
89a80ed4 477 if (skb->len >= offset + sizeof(buf.info)) {
248f219c
DH		 478 if (skb_copy_bits(skb, offset, &buf.info, sizeof(buf.info)) < 0)
479 return rxrpc_proto_abort("XAI", call, 0);
480 rxrpc_input_ackinfo(call, skb, &buf.info);
481 }
17926a79 482
248f219c
DH		 483 if (first_soft_ack == 0)
484 return rxrpc_proto_abort("AK0", call, 0);
17926a79 485
248f219c
DH		 486 /* Ignore ACKs unless we are or have just been transmitting. */
487 switch (call->state) {
488 case RXRPC_CALL_CLIENT_SEND_REQUEST:
489 case RXRPC_CALL_CLIENT_AWAIT_REPLY:
490 case RXRPC_CALL_SERVER_SEND_REPLY:
491 case RXRPC_CALL_SERVER_AWAIT_ACK:
492 break;
17926a79 493 default:
248f219c
DH		 494 return;
495 }
17926a79 496
248f219c
DH		 497 /* Discard any out-of-order or duplicate ACKs. */
498 if ((int)sp->hdr.serial - (int)call->acks_latest <= 0) {
499 _debug("discard ACK %d <= %d",
500 sp->hdr.serial, call->acks_latest);
501 return;
502 }
503 call->acks_latest = sp->hdr.serial;
17926a79 504
248f219c
DH		 505 if (test_bit(RXRPC_CALL_TX_LAST, &call->flags) &&
506 hard_ack == call->tx_top) {
507 rxrpc_end_tx_phase(call, "ETA");
508 return;
509 }
17926a79 510
248f219c
DH		 511 if (before(hard_ack, call->tx_hard_ack) ||
512 after(hard_ack, call->tx_top))
513 return rxrpc_proto_abort("AKW", call, 0);
17926a79 514
248f219c
DH		 515 if (after(hard_ack, call->tx_hard_ack))
516 rxrpc_rotate_tx_window(call, hard_ack);
17926a79 517
248f219c
DH		 518 if (after(first_soft_ack, call->tx_top))
519 return;
17926a79 520
248f219c
DH		 521 if (nr_acks > call->tx_top - first_soft_ack + 1)
522 nr_acks = first_soft_ack - call->tx_top + 1;
523 if (skb_copy_bits(skb, sp->offset, buf.acks, nr_acks) < 0)
524 return rxrpc_proto_abort("XSA", call, 0);
525 rxrpc_input_soft_acks(call, buf.acks, first_soft_ack, nr_acks);
17926a79
DH		 526}
527
528/*
248f219c 529 * Process an ACKALL packet.
17926a79 530 */
248f219c 531static void rxrpc_input_ackall(struct rxrpc_call *call, struct sk_buff *skb)
17926a79 532{
248f219c 533 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
17926a79 534
248f219c 535 _proto("Rx ACKALL %%%u", sp->hdr.serial);
17926a79 536
248f219c
DH		 537 rxrpc_end_tx_phase(call, "ETL");
538}
17926a79 539
248f219c
DH		 540/*
541 * Process an ABORT packet.
542 */
543static void rxrpc_input_abort(struct rxrpc_call *call, struct sk_buff *skb)
544{
545 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
546 __be32 wtmp;
547 u32 abort_code = RX_CALL_DEAD;
17926a79 548
248f219c 549 _enter("");
17926a79 550
248f219c
DH		 551 if (skb->len >= 4 &&
552 skb_copy_bits(skb, sp->offset, &wtmp, sizeof(wtmp)) >= 0)
553 abort_code = ntohl(wtmp);
17926a79 554
248f219c 555 _proto("Rx ABORT %%%u { %x }", sp->hdr.serial, abort_code);
17926a79 556
248f219c
DH		 557 if (rxrpc_set_call_completion(call, RXRPC_CALL_REMOTELY_ABORTED,
558 abort_code, ECONNABORTED))
559 rxrpc_notify_socket(call);
17926a79
DH		 560}
561
562/*
248f219c 563 * Process an incoming call packet.
17926a79 564 */
248f219c
DH		 565static void rxrpc_input_call_packet(struct rxrpc_call *call,
566 struct sk_buff *skb, u16 skew)
17926a79 567{
248f219c 568 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
17926a79 569
7727640c 570 _enter("%p,%p", call, skb);
17926a79 571
248f219c
DH		 572 switch (sp->hdr.type) {
573 case RXRPC_PACKET_TYPE_DATA:
574 rxrpc_input_data(call, skb, skew);
575 break;
f5c17aae 576
248f219c
DH		 577 case RXRPC_PACKET_TYPE_ACK:
578 rxrpc_input_ack(call, skb, skew);
17926a79 579 break;
17926a79 580
248f219c
DH		 581 case RXRPC_PACKET_TYPE_BUSY:
582 _proto("Rx BUSY %%%u", sp->hdr.serial);
17926a79 583
248f219c
DH		 584 /* Just ignore BUSY packets from the server; the retry and
585 * lifespan timers will take care of business. BUSY packets
586 * from the client don't make sense.
587 */
588 break;
17926a79 589
248f219c
DH		 590 case RXRPC_PACKET_TYPE_ABORT:
591 rxrpc_input_abort(call, skb);
592 break;
17926a79 593
248f219c
DH		 594 case RXRPC_PACKET_TYPE_ACKALL:
595 rxrpc_input_ackall(call, skb);
596 break;
f5c17aae 597
248f219c
DH		 598 default:
599 _proto("Rx %s %%%u", rxrpc_pkts[sp->hdr.type], sp->hdr.serial);
600 break;
17926a79 601 }
248f219c 602
17926a79
DH		 603 _leave("");
604}
605
606/*
607 * post connection-level events to the connection
18bfeba5
DH		 608 * - this includes challenges, responses, some aborts and call terminal packet
609 * retransmission.
17926a79 610 */
2e7e9758 611static void rxrpc_post_packet_to_conn(struct rxrpc_connection *conn,
17926a79
DH		 612 struct sk_buff *skb)
613{
614 _enter("%p,%p", conn, skb);
615
17926a79 616 skb_queue_tail(&conn->rx_queue, skb);
2e7e9758 617 rxrpc_queue_conn(conn);
17926a79
DH		 618}
619
44ba0698
DH		 620/*
621 * post endpoint-level events to the local endpoint
622 * - this includes debug and version messages
623 */
624static void rxrpc_post_packet_to_local(struct rxrpc_local *local,
625 struct sk_buff *skb)
626{
627 _enter("%p,%p", local, skb);
628
44ba0698 629 skb_queue_tail(&local->event_queue, skb);
5acbee46 630 rxrpc_queue_local(local);
44ba0698
DH		 631}
632
248f219c
DH		 633/*
634 * put a packet up for transport-level abort
635 */
636static void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb)
637{
638 CHECK_SLAB_OKAY(&local->usage);
639
640 skb_queue_tail(&local->reject_queue, skb);
641 rxrpc_queue_local(local);
642}
643
0d12f8a4
DH		 644/*
645 * Extract the wire header from a packet and translate the byte order.
646 */
647static noinline
648int rxrpc_extract_header(struct rxrpc_skb_priv *sp, struct sk_buff *skb)
649{
650 struct rxrpc_wire_header whdr;
651
652 /* dig out the RxRPC connection details */
4d0fc73e 653 if (skb_copy_bits(skb, 0, &whdr, sizeof(whdr)) < 0)
0d12f8a4 654 return -EBADMSG;
0d12f8a4
DH		 655
656 memset(sp, 0, sizeof(*sp));
657 sp->hdr.epoch = ntohl(whdr.epoch);
658 sp->hdr.cid = ntohl(whdr.cid);
659 sp->hdr.callNumber = ntohl(whdr.callNumber);
660 sp->hdr.seq = ntohl(whdr.seq);
661 sp->hdr.serial = ntohl(whdr.serial);
662 sp->hdr.flags = whdr.flags;
663 sp->hdr.type = whdr.type;
664 sp->hdr.userStatus = whdr.userStatus;
665 sp->hdr.securityIndex = whdr.securityIndex;
666 sp->hdr._rsvd = ntohs(whdr._rsvd);
667 sp->hdr.serviceId = ntohs(whdr.serviceId);
248f219c 668 sp->offset = sizeof(whdr);
0d12f8a4
DH		 669 return 0;
670}
671
17926a79
DH		 672/*
673 * handle data received on the local endpoint
674 * - may be called in interrupt context
4f95dd78
DH		 675 *
676 * The socket is locked by the caller and this prevents the socket from being
677 * shut down and the local endpoint from going away, thus sk_user_data will not
678 * be cleared until this function returns.
17926a79 679 */
248f219c 680void rxrpc_data_ready(struct sock *udp_sk)
17926a79 681{
8496af50 682 struct rxrpc_connection *conn;
248f219c
DH		 683 struct rxrpc_channel *chan;
684 struct rxrpc_call *call;
17926a79 685 struct rxrpc_skb_priv *sp;
248f219c 686 struct rxrpc_local *local = udp_sk->sk_user_data;
17926a79 687 struct sk_buff *skb;
248f219c 688 unsigned int channel;
563ea7d5 689 int ret, skew;
17926a79 690
248f219c 691 _enter("%p", udp_sk);
17926a79
DH		 692
693 ASSERT(!irqs_disabled());
694
248f219c 695 skb = skb_recv_datagram(udp_sk, 0, 1, &ret);
17926a79 696 if (!skb) {
17926a79
DH		 697 if (ret == -EAGAIN)
698 return;
699 _debug("UDP socket error %d", ret);
700 return;
701 }
702
71f3ca40 703 rxrpc_new_skb(skb, rxrpc_skb_rx_received);
17926a79
DH		 704
705 _net("recv skb %p", skb);
706
707 /* we'll probably need to checksum it (didn't call sock_recvmsg) */
708 if (skb_checksum_complete(skb)) {
71f3ca40 709 rxrpc_free_skb(skb, rxrpc_skb_rx_freed);
02c22347 710 __UDP_INC_STATS(&init_net, UDP_MIB_INERRORS, 0);
17926a79
DH		 711 _leave(" [CSUM failed]");
712 return;
713 }
714
02c22347 715 __UDP_INC_STATS(&init_net, UDP_MIB_INDATAGRAMS, 0);
1781f7f5 716
0d12f8a4
DH		 717 /* The socket buffer we have is owned by UDP, with UDP's data all over
718 * it, but we really want our own data there.
719 */
17926a79
DH		 720 skb_orphan(skb);
721 sp = rxrpc_skb(skb);
17926a79 722
8a681c36
DH		 723 if (IS_ENABLED(CONFIG_AF_RXRPC_INJECT_LOSS)) {
724 static int lose;
725 if ((lose++ & 7) == 7) {
726 rxrpc_lose_skb(skb, rxrpc_skb_rx_lost);
727 return;
728 }
729 }
730
17926a79
DH		 731 _net("Rx UDP packet from %08x:%04hu",
732 ntohl(ip_hdr(skb)->saddr), ntohs(udp_hdr(skb)->source));
733
734 /* dig out the RxRPC connection details */
0d12f8a4 735 if (rxrpc_extract_header(sp, skb) < 0)
17926a79 736 goto bad_message;
49e19ec7 737 trace_rxrpc_rx_packet(sp);
17926a79
DH		 738
739 _net("Rx RxRPC %s ep=%x call=%x:%x",
740 sp->hdr.flags & RXRPC_CLIENT_INITIATED ? "ToServer" : "ToClient",
0d12f8a4 741 sp->hdr.epoch, sp->hdr.cid, sp->hdr.callNumber);
17926a79 742
351c1e64
DH		 743 if (sp->hdr.type >= RXRPC_N_PACKET_TYPES ||
744 !((RXRPC_SUPPORTED_PACKET_TYPES >> sp->hdr.type) & 1)) {
17926a79
DH		 745 _proto("Rx Bad Packet Type %u", sp->hdr.type);
746 goto bad_message;
747 }
748
248f219c
DH		 749 switch (sp->hdr.type) {
750 case RXRPC_PACKET_TYPE_VERSION:
44ba0698
DH		 751 rxrpc_post_packet_to_local(local, skb);
752 goto out;
bc6e1ea3 753
248f219c
DH		 754 case RXRPC_PACKET_TYPE_BUSY:
755 if (sp->hdr.flags & RXRPC_CLIENT_INITIATED)
756 goto discard;
757
758 case RXRPC_PACKET_TYPE_DATA:
759 if (sp->hdr.callNumber == 0)
760 goto bad_message;
761 if (sp->hdr.flags & RXRPC_JUMBO_PACKET &&
762 !rxrpc_validate_jumbo(skb))
763 goto bad_message;
764 break;
765 }
17926a79 766
8496af50
DH		 767 rcu_read_lock();
768
8496af50 769 conn = rxrpc_find_connection_rcu(local, skb);
248f219c
DH		 770 if (conn) {
771 if (sp->hdr.securityIndex != conn->security_ix)
772 goto wrong_security;
563ea7d5 773
248f219c
DH		 774 if (sp->hdr.callNumber == 0) {
775 /* Connection-level packet */
776 _debug("CONN %p {%d}", conn, conn->debug_id);
777 rxrpc_post_packet_to_conn(conn, skb);
778 goto out_unlock;
779 }
780
781 /* Note the serial number skew here */
782 skew = (int)sp->hdr.serial - (int)conn->hi_serial;
783 if (skew >= 0) {
784 if (skew > 0)
785 conn->hi_serial = sp->hdr.serial;
786 } else {
787 skew = -skew;
788 skew = min(skew, 65535);
789 }
17926a79 790
8496af50 791 /* Call-bound packets are routed by connection channel. */
248f219c
DH		 792 channel = sp->hdr.cid & RXRPC_CHANNELMASK;
793 chan = &conn->channels[channel];
18bfeba5
DH		 794
795 /* Ignore really old calls */
796 if (sp->hdr.callNumber < chan->last_call)
797 goto discard_unlock;
798
799 if (sp->hdr.callNumber == chan->last_call) {
248f219c
DH		 800 /* For the previous service call, if completed successfully, we
801 * discard all further packets.
18bfeba5 802 */
2266ffde 803 if (rxrpc_conn_is_service(conn) &&
18bfeba5
DH		 804 (chan->last_type == RXRPC_PACKET_TYPE_ACK ||
805 sp->hdr.type == RXRPC_PACKET_TYPE_ABORT))
806 goto discard_unlock;
807
248f219c
DH		 808 /* But otherwise we need to retransmit the final packet from
809 * data cached in the connection record.
18bfeba5
DH		 810 */
811 rxrpc_post_packet_to_conn(conn, skb);
812 goto out_unlock;
813 }
0d12f8a4 814
18bfeba5 815 call = rcu_dereference(chan->call);
248f219c
DH		 816 } else {
817 skew = 0;
818 call = NULL;
819 }
8496af50 820
248f219c
DH		 821 if (!call || atomic_read(&call->usage) == 0) {
822 if (!(sp->hdr.type & RXRPC_CLIENT_INITIATED) ||
823 sp->hdr.callNumber == 0 ||
824 sp->hdr.type != RXRPC_PACKET_TYPE_DATA)
825 goto bad_message_unlock;
826 if (sp->hdr.seq != 1)
827 goto discard_unlock;
828 call = rxrpc_new_incoming_call(local, conn, skb);
829 if (!call) {
830 rcu_read_unlock();
831 goto reject_packet;
832 }
7727640c 833 }
44ba0698 834
248f219c
DH		 835 rxrpc_input_call_packet(call, skb, skew);
836 goto discard_unlock;
837
18bfeba5 838discard_unlock:
8496af50 839 rcu_read_unlock();
248f219c 840discard:
71f3ca40 841 rxrpc_free_skb(skb, rxrpc_skb_rx_freed);
44ba0698 842out:
49e19ec7 843 trace_rxrpc_rx_done(0, 0);
17926a79
DH		 844 return;
845
248f219c 846out_unlock:
8496af50 847 rcu_read_unlock();
248f219c 848 goto out;
8496af50 849
248f219c
DH		 850wrong_security:
851 rcu_read_unlock();
852 trace_rxrpc_abort("SEC", sp->hdr.cid, sp->hdr.callNumber, sp->hdr.seq,
853 RXKADINCONSISTENCY, EBADMSG);
854 skb->priority = RXKADINCONSISTENCY;
855 goto post_abort;
17926a79 856
248f219c
DH		 857bad_message_unlock:
858 rcu_read_unlock();
17926a79 859bad_message:
248f219c
DH		 860 trace_rxrpc_abort("BAD", sp->hdr.cid, sp->hdr.callNumber, sp->hdr.seq,
861 RX_PROTOCOL_ERROR, EBADMSG);
17926a79 862 skb->priority = RX_PROTOCOL_ERROR;
248f219c
DH		 863post_abort:
864 skb->mark = RXRPC_SKB_MARK_LOCAL_ABORT;
49e19ec7
DH		 865reject_packet:
866 trace_rxrpc_rx_done(skb->mark, skb->priority);
17926a79 867 rxrpc_reject_packet(local, skb);
17926a79
DH		 868 _leave(" [badmsg]");
869}
ubuntu-zesty-kernel mirror