]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - net/rxrpc/conn_event.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
rxrpc: Fix connection-level abort handling
[mirror_ubuntu-bionic-kernel.git] / net / rxrpc / conn_event.c
1 /* connection-level event handling
2 *
3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13
14 #include <linux/module.h>
15 #include <linux/net.h>
16 #include <linux/skbuff.h>
17 #include <linux/errqueue.h>
18 #include <net/sock.h>
19 #include <net/af_rxrpc.h>
20 #include <net/ip.h>
21 #include "ar-internal.h"
22
23 /*
24 * Retransmit terminal ACK or ABORT of the previous call.
25 */
26 static void rxrpc_conn_retransmit_call(struct rxrpc_connection *conn,
27 struct sk_buff *skb,
28 unsigned int channel)
29 {
30 struct rxrpc_skb_priv *sp = skb ? rxrpc_skb(skb) : NULL;
31 struct rxrpc_channel *chan;
32 struct msghdr msg;
33 struct kvec iov[3];
34 struct {
35 struct rxrpc_wire_header whdr;
36 union {
37 __be32 abort_code;
38 struct rxrpc_ackpacket ack;
39 };
40 } __attribute__((packed)) pkt;
41 struct rxrpc_ackinfo ack_info;
42 size_t len;
43 int ioc;
44 u32 serial, mtu, call_id, padding;
45
46 _enter("%d", conn->debug_id);
47
48 chan = &conn->channels[channel];
49
50 /* If the last call got moved on whilst we were waiting to run, just
51 * ignore this packet.
52 */
53 call_id = READ_ONCE(chan->last_call);
54 /* Sync with __rxrpc_disconnect_call() */
55 smp_rmb();
56 if (skb && call_id != sp->hdr.callNumber)
57 return;
58
59 msg.msg_name = &conn->params.peer->srx.transport;
60 msg.msg_namelen = conn->params.peer->srx.transport_len;
61 msg.msg_control = NULL;
62 msg.msg_controllen = 0;
63 msg.msg_flags = 0;
64
65 iov[0].iov_base = &pkt;
66 iov[0].iov_len = sizeof(pkt.whdr);
67 iov[1].iov_base = &padding;
68 iov[1].iov_len = 3;
69 iov[2].iov_base = &ack_info;
70 iov[2].iov_len = sizeof(ack_info);
71
72 pkt.whdr.epoch = htonl(conn->proto.epoch);
73 pkt.whdr.cid = htonl(conn->proto.cid | channel);
74 pkt.whdr.callNumber = htonl(call_id);
75 pkt.whdr.seq = 0;
76 pkt.whdr.type = chan->last_type;
77 pkt.whdr.flags = conn->out_clientflag;
78 pkt.whdr.userStatus = 0;
79 pkt.whdr.securityIndex = conn->security_ix;
80 pkt.whdr._rsvd = 0;
81 pkt.whdr.serviceId = htons(conn->service_id);
82
83 len = sizeof(pkt.whdr);
84 switch (chan->last_type) {
85 case RXRPC_PACKET_TYPE_ABORT:
86 pkt.abort_code = htonl(chan->last_abort);
87 iov[0].iov_len += sizeof(pkt.abort_code);
88 len += sizeof(pkt.abort_code);
89 ioc = 1;
90 break;
91
92 case RXRPC_PACKET_TYPE_ACK:
93 mtu = conn->params.peer->if_mtu;
94 mtu -= conn->params.peer->hdrsize;
95 pkt.ack.bufferSpace = 0;
96 pkt.ack.maxSkew = htons(skb ? skb->priority : 0);
97 pkt.ack.firstPacket = htonl(chan->last_seq + 1);
98 pkt.ack.previousPacket = htonl(chan->last_seq);
99 pkt.ack.serial = htonl(skb ? sp->hdr.serial : 0);
100 pkt.ack.reason = skb ? RXRPC_ACK_DUPLICATE : RXRPC_ACK_IDLE;
101 pkt.ack.nAcks = 0;
102 ack_info.rxMTU = htonl(rxrpc_rx_mtu);
103 ack_info.maxMTU = htonl(mtu);
104 ack_info.rwind = htonl(rxrpc_rx_window_size);
105 ack_info.jumbo_max = htonl(rxrpc_rx_jumbo_max);
106 pkt.whdr.flags |= RXRPC_SLOW_START_OK;
107 padding = 0;
108 iov[0].iov_len += sizeof(pkt.ack);
109 len += sizeof(pkt.ack) + 3 + sizeof(ack_info);
110 ioc = 3;
111 break;
112
113 default:
114 return;
115 }
116
117 /* Resync with __rxrpc_disconnect_call() and check that the last call
118 * didn't get advanced whilst we were filling out the packets.
119 */
120 smp_rmb();
121 if (READ_ONCE(chan->last_call) != call_id)
122 return;
123
124 serial = atomic_inc_return(&conn->serial);
125 pkt.whdr.serial = htonl(serial);
126
127 switch (chan->last_type) {
128 case RXRPC_PACKET_TYPE_ABORT:
129 _proto("Tx ABORT %%%u { %d } [re]", serial, conn->abort_code);
130 break;
131 case RXRPC_PACKET_TYPE_ACK:
132 trace_rxrpc_tx_ack(NULL, serial, chan->last_seq, 0,
133 RXRPC_ACK_DUPLICATE, 0);
134 _proto("Tx ACK %%%u [re]", serial);
135 break;
136 }
137
138 kernel_sendmsg(conn->params.local->socket, &msg, iov, ioc, len);
139 _leave("");
140 return;
141 }
142
143 /*
144 * pass a connection-level abort onto all calls on that connection
145 */
146 static void rxrpc_abort_calls(struct rxrpc_connection *conn,
147 enum rxrpc_call_completion compl)
148 {
149 struct rxrpc_call *call;
150 int i;
151
152 _enter("{%d},%x", conn->debug_id, conn->abort_code);
153
154 spin_lock(&conn->channel_lock);
155
156 for (i = 0; i < RXRPC_MAXCALLS; i++) {
157 call = rcu_dereference_protected(
158 conn->channels[i].call,
159 lockdep_is_held(&conn->channel_lock));
160 if (call) {
161 if (compl == RXRPC_CALL_LOCALLY_ABORTED)
162 trace_rxrpc_abort("CON", call->cid,
163 call->call_id, 0,
164 conn->abort_code,
165 conn->error);
166 if (rxrpc_set_call_completion(call, compl,
167 conn->abort_code,
168 conn->error))
169 rxrpc_notify_socket(call);
170 }
171 }
172
173 spin_unlock(&conn->channel_lock);
174 _leave("");
175 }
176
177 /*
178 * generate a connection-level abort
179 */
180 static int rxrpc_abort_connection(struct rxrpc_connection *conn,
181 int error, u32 abort_code)
182 {
183 struct rxrpc_wire_header whdr;
184 struct msghdr msg;
185 struct kvec iov[2];
186 __be32 word;
187 size_t len;
188 u32 serial;
189 int ret;
190
191 _enter("%d,,%u,%u", conn->debug_id, error, abort_code);
192
193 /* generate a connection-level abort */
194 spin_lock_bh(&conn->state_lock);
195 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
196 spin_unlock_bh(&conn->state_lock);
197 _leave(" = 0 [already dead]");
198 return 0;
199 }
200
201 conn->error = error;
202 conn->abort_code = abort_code;
203 conn->state = RXRPC_CONN_LOCALLY_ABORTED;
204 spin_unlock_bh(&conn->state_lock);
205
206 rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED);
207
208 msg.msg_name = &conn->params.peer->srx.transport;
209 msg.msg_namelen = conn->params.peer->srx.transport_len;
210 msg.msg_control = NULL;
211 msg.msg_controllen = 0;
212 msg.msg_flags = 0;
213
214 whdr.epoch = htonl(conn->proto.epoch);
215 whdr.cid = htonl(conn->proto.cid);
216 whdr.callNumber = 0;
217 whdr.seq = 0;
218 whdr.type = RXRPC_PACKET_TYPE_ABORT;
219 whdr.flags = conn->out_clientflag;
220 whdr.userStatus = 0;
221 whdr.securityIndex = conn->security_ix;
222 whdr._rsvd = 0;
223 whdr.serviceId = htons(conn->service_id);
224
225 word = htonl(conn->abort_code);
226
227 iov[0].iov_base = &whdr;
228 iov[0].iov_len = sizeof(whdr);
229 iov[1].iov_base = &word;
230 iov[1].iov_len = sizeof(word);
231
232 len = iov[0].iov_len + iov[1].iov_len;
233
234 serial = atomic_inc_return(&conn->serial);
235 whdr.serial = htonl(serial);
236 _proto("Tx CONN ABORT %%%u { %d }", serial, conn->abort_code);
237
238 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len);
239 if (ret < 0) {
240 _debug("sendmsg failed: %d", ret);
241 return -EAGAIN;
242 }
243
244 _leave(" = 0");
245 return 0;
246 }
247
248 /*
249 * mark a call as being on a now-secured channel
250 * - must be called with BH's disabled.
251 */
252 static void rxrpc_call_is_secure(struct rxrpc_call *call)
253 {
254 _enter("%p", call);
255 if (call) {
256 write_lock_bh(&call->state_lock);
257 if (call->state == RXRPC_CALL_SERVER_SECURING) {
258 call->state = RXRPC_CALL_SERVER_ACCEPTING;
259 rxrpc_notify_socket(call);
260 }
261 write_unlock_bh(&call->state_lock);
262 }
263 }
264
265 /*
266 * connection-level Rx packet processor
267 */
268 static int rxrpc_process_event(struct rxrpc_connection *conn,
269 struct sk_buff *skb,
270 u32 *_abort_code)
271 {
272 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
273 __be32 wtmp;
274 u32 abort_code;
275 int loop, ret;
276
277 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
278 _leave(" = -ECONNABORTED [%u]", conn->state);
279 return -ECONNABORTED;
280 }
281
282 _enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial);
283
284 switch (sp->hdr.type) {
285 case RXRPC_PACKET_TYPE_DATA:
286 case RXRPC_PACKET_TYPE_ACK:
287 rxrpc_conn_retransmit_call(conn, skb,
288 sp->hdr.cid & RXRPC_CHANNELMASK);
289 return 0;
290
291 case RXRPC_PACKET_TYPE_BUSY:
292 /* Just ignore BUSY packets for now. */
293 return 0;
294
295 case RXRPC_PACKET_TYPE_ABORT:
296 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header),
297 &wtmp, sizeof(wtmp)) < 0) {
298 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial,
299 tracepoint_string("bad_abort"));
300 return -EPROTO;
301 }
302 abort_code = ntohl(wtmp);
303 _proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code);
304
305 conn->error = -ECONNABORTED;
306 conn->abort_code = abort_code;
307 conn->state = RXRPC_CONN_REMOTELY_ABORTED;
308 rxrpc_abort_calls(conn, RXRPC_CALL_REMOTELY_ABORTED);
309 return -ECONNABORTED;
310
311 case RXRPC_PACKET_TYPE_CHALLENGE:
312 return conn->security->respond_to_challenge(conn, skb,
313 _abort_code);
314
315 case RXRPC_PACKET_TYPE_RESPONSE:
316 ret = conn->security->verify_response(conn, skb, _abort_code);
317 if (ret < 0)
318 return ret;
319
320 ret = conn->security->init_connection_security(conn);
321 if (ret < 0)
322 return ret;
323
324 ret = conn->security->prime_packet_security(conn);
325 if (ret < 0)
326 return ret;
327
328 spin_lock(&conn->channel_lock);
329 spin_lock(&conn->state_lock);
330
331 if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) {
332 conn->state = RXRPC_CONN_SERVICE;
333 spin_unlock(&conn->state_lock);
334 for (loop = 0; loop < RXRPC_MAXCALLS; loop++)
335 rxrpc_call_is_secure(
336 rcu_dereference_protected(
337 conn->channels[loop].call,
338 lockdep_is_held(&conn->channel_lock)));
339 } else {
340 spin_unlock(&conn->state_lock);
341 }
342
343 spin_unlock(&conn->channel_lock);
344 return 0;
345
346 default:
347 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial,
348 tracepoint_string("bad_conn_pkt"));
349 return -EPROTO;
350 }
351 }
352
353 /*
354 * set up security and issue a challenge
355 */
356 static void rxrpc_secure_connection(struct rxrpc_connection *conn)
357 {
358 u32 abort_code;
359 int ret;
360
361 _enter("{%d}", conn->debug_id);
362
363 ASSERT(conn->security_ix != 0);
364
365 if (!conn->params.key) {
366 _debug("set up security");
367 ret = rxrpc_init_server_conn_security(conn);
368 switch (ret) {
369 case 0:
370 break;
371 case -ENOENT:
372 abort_code = RX_CALL_DEAD;
373 goto abort;
374 default:
375 abort_code = RXKADNOAUTH;
376 goto abort;
377 }
378 }
379
380 if (conn->security->issue_challenge(conn) < 0) {
381 abort_code = RX_CALL_DEAD;
382 ret = -ENOMEM;
383 goto abort;
384 }
385
386 _leave("");
387 return;
388
389 abort:
390 _debug("abort %d, %d", ret, abort_code);
391 rxrpc_abort_connection(conn, ret, abort_code);
392 _leave(" [aborted]");
393 }
394
395 /*
396 * Process delayed final ACKs that we haven't subsumed into a subsequent call.
397 */
398 static void rxrpc_process_delayed_final_acks(struct rxrpc_connection *conn)
399 {
400 unsigned long j = jiffies, next_j;
401 unsigned int channel;
402 bool set;
403
404 again:
405 next_j = j + LONG_MAX;
406 set = false;
407 for (channel = 0; channel < RXRPC_MAXCALLS; channel++) {
408 struct rxrpc_channel *chan = &conn->channels[channel];
409 unsigned long ack_at;
410
411 if (!test_bit(RXRPC_CONN_FINAL_ACK_0 + channel, &conn->flags))
412 continue;
413
414 smp_rmb(); /* vs rxrpc_disconnect_client_call */
415 ack_at = READ_ONCE(chan->final_ack_at);
416
417 if (time_before(j, ack_at)) {
418 if (time_before(ack_at, next_j)) {
419 next_j = ack_at;
420 set = true;
421 }
422 continue;
423 }
424
425 if (test_and_clear_bit(RXRPC_CONN_FINAL_ACK_0 + channel,
426 &conn->flags))
427 rxrpc_conn_retransmit_call(conn, NULL, channel);
428 }
429
430 j = jiffies;
431 if (time_before_eq(next_j, j))
432 goto again;
433 if (set)
434 rxrpc_reduce_conn_timer(conn, next_j);
435 }
436
437 /*
438 * connection-level event processor
439 */
440 void rxrpc_process_connection(struct work_struct *work)
441 {
442 struct rxrpc_connection *conn =
443 container_of(work, struct rxrpc_connection, processor);
444 struct sk_buff *skb;
445 u32 abort_code = RX_PROTOCOL_ERROR;
446 int ret;
447
448 rxrpc_see_connection(conn);
449
450 if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events))
451 rxrpc_secure_connection(conn);
452
453 /* Process delayed ACKs whose time has come. */
454 if (conn->flags & RXRPC_CONN_FINAL_ACK_MASK)
455 rxrpc_process_delayed_final_acks(conn);
456
457 /* go through the conn-level event packets, releasing the ref on this
458 * connection that each one has when we've finished with it */
459 while ((skb = skb_dequeue(&conn->rx_queue))) {
460 rxrpc_see_skb(skb, rxrpc_skb_rx_seen);
461 ret = rxrpc_process_event(conn, skb, &abort_code);
462 switch (ret) {
463 case -EPROTO:
464 case -EKEYEXPIRED:
465 case -EKEYREJECTED:
466 goto protocol_error;
467 case -ENOMEM:
468 case -EAGAIN:
469 goto requeue_and_leave;
470 case -ECONNABORTED:
471 default:
472 rxrpc_free_skb(skb, rxrpc_skb_rx_freed);
473 break;
474 }
475 }
476
477 out:
478 rxrpc_put_connection(conn);
479 _leave("");
480 return;
481
482 requeue_and_leave:
483 skb_queue_head(&conn->rx_queue, skb);
484 goto out;
485
486 protocol_error:
487 if (rxrpc_abort_connection(conn, ret, abort_code) < 0)
488 goto requeue_and_leave;
489 rxrpc_free_skb(skb, rxrpc_skb_rx_freed);
490 goto out;
491 }
ubuntu-bionic-kernel mirror