]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - net/rxrpc/local_object.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
rxrpc: Fix lockup due to no error backoff after ack transmit error
[mirror_ubuntu-bionic-kernel.git] / net / rxrpc / local_object.c
1 /* Local endpoint object management
2 *
3 * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13
14 #include <linux/module.h>
15 #include <linux/net.h>
16 #include <linux/skbuff.h>
17 #include <linux/slab.h>
18 #include <linux/udp.h>
19 #include <linux/ip.h>
20 #include <linux/hashtable.h>
21 #include <net/sock.h>
22 #include <net/af_rxrpc.h>
23 #include "ar-internal.h"
24
25 static void rxrpc_local_processor(struct work_struct *);
26 static void rxrpc_local_rcu(struct rcu_head *);
27
28 /*
29 * Compare a local to an address. Return -ve, 0 or +ve to indicate less than,
30 * same or greater than.
31 *
32 * We explicitly don't compare the RxRPC service ID as we want to reject
33 * conflicting uses by differing services. Further, we don't want to share
34 * addresses with different options (IPv6), so we don't compare those bits
35 * either.
36 */
37 static long rxrpc_local_cmp_key(const struct rxrpc_local *local,
38 const struct sockaddr_rxrpc *srx)
39 {
40 long diff;
41
42 diff = ((local->srx.transport_type - srx->transport_type) ?:
43 (local->srx.transport_len - srx->transport_len) ?:
44 (local->srx.transport.family - srx->transport.family));
45 if (diff != 0)
46 return diff;
47
48 switch (srx->transport.family) {
49 case AF_INET:
50 /* If the choice of UDP port is left up to the transport, then
51 * the endpoint record doesn't match.
52 */
53 return ((u16 __force)local->srx.transport.sin.sin_port -
54 (u16 __force)srx->transport.sin.sin_port) ?:
55 memcmp(&local->srx.transport.sin.sin_addr,
56 &srx->transport.sin.sin_addr,
57 sizeof(struct in_addr));
58 #ifdef CONFIG_AF_RXRPC_IPV6
59 case AF_INET6:
60 /* If the choice of UDP6 port is left up to the transport, then
61 * the endpoint record doesn't match.
62 */
63 return ((u16 __force)local->srx.transport.sin6.sin6_port -
64 (u16 __force)srx->transport.sin6.sin6_port) ?:
65 memcmp(&local->srx.transport.sin6.sin6_addr,
66 &srx->transport.sin6.sin6_addr,
67 sizeof(struct in6_addr));
68 #endif
69 default:
70 BUG();
71 }
72 }
73
74 /*
75 * Allocate a new local endpoint.
76 */
77 static struct rxrpc_local *rxrpc_alloc_local(struct rxrpc_net *rxnet,
78 const struct sockaddr_rxrpc *srx)
79 {
80 struct rxrpc_local *local;
81
82 local = kzalloc(sizeof(struct rxrpc_local), GFP_KERNEL);
83 if (local) {
84 atomic_set(&local->usage, 1);
85 local->rxnet = rxnet;
86 INIT_LIST_HEAD(&local->link);
87 INIT_WORK(&local->processor, rxrpc_local_processor);
88 init_rwsem(&local->defrag_sem);
89 skb_queue_head_init(&local->reject_queue);
90 skb_queue_head_init(&local->event_queue);
91 local->client_conns = RB_ROOT;
92 spin_lock_init(&local->client_conns_lock);
93 spin_lock_init(&local->lock);
94 rwlock_init(&local->services_lock);
95 local->debug_id = atomic_inc_return(&rxrpc_debug_id);
96 memcpy(&local->srx, srx, sizeof(*srx));
97 local->srx.srx_service = 0;
98 }
99
100 _leave(" = %p", local);
101 return local;
102 }
103
104 /*
105 * create the local socket
106 * - must be called with rxrpc_local_mutex locked
107 */
108 static int rxrpc_open_socket(struct rxrpc_local *local, struct net *net)
109 {
110 struct sock *sock;
111 int ret, opt;
112
113 _enter("%p{%d,%d}",
114 local, local->srx.transport_type, local->srx.transport.family);
115
116 /* create a socket to represent the local endpoint */
117 ret = sock_create_kern(net, local->srx.transport.family,
118 local->srx.transport_type, 0, &local->socket);
119 if (ret < 0) {
120 _leave(" = %d [socket]", ret);
121 return ret;
122 }
123
124 /* if a local address was supplied then bind it */
125 if (local->srx.transport_len > sizeof(sa_family_t)) {
126 _debug("bind");
127 ret = kernel_bind(local->socket,
128 (struct sockaddr *)&local->srx.transport,
129 local->srx.transport_len);
130 if (ret < 0) {
131 _debug("bind failed %d", ret);
132 goto error;
133 }
134 }
135
136 switch (local->srx.transport.family) {
137 case AF_INET6:
138 /* we want to receive ICMPv6 errors */
139 opt = 1;
140 ret = kernel_setsockopt(local->socket, SOL_IPV6, IPV6_RECVERR,
141 (char *) &opt, sizeof(opt));
142 if (ret < 0) {
143 _debug("setsockopt failed");
144 goto error;
145 }
146
147 /* we want to set the don't fragment bit */
148 opt = IPV6_PMTUDISC_DO;
149 ret = kernel_setsockopt(local->socket, SOL_IPV6, IPV6_MTU_DISCOVER,
150 (char *) &opt, sizeof(opt));
151 if (ret < 0) {
152 _debug("setsockopt failed");
153 goto error;
154 }
155
156 /* Fall through and set IPv4 options too otherwise we don't get
157 * errors from IPv4 packets sent through the IPv6 socket.
158 */
159
160 case AF_INET:
161 /* we want to receive ICMP errors */
162 opt = 1;
163 ret = kernel_setsockopt(local->socket, SOL_IP, IP_RECVERR,
164 (char *) &opt, sizeof(opt));
165 if (ret < 0) {
166 _debug("setsockopt failed");
167 goto error;
168 }
169
170 /* we want to set the don't fragment bit */
171 opt = IP_PMTUDISC_DO;
172 ret = kernel_setsockopt(local->socket, SOL_IP, IP_MTU_DISCOVER,
173 (char *) &opt, sizeof(opt));
174 if (ret < 0) {
175 _debug("setsockopt failed");
176 goto error;
177 }
178 break;
179
180 default:
181 BUG();
182 }
183
184 /* set the socket up */
185 sock = local->socket->sk;
186 sock->sk_user_data = local;
187 sock->sk_data_ready = rxrpc_data_ready;
188 sock->sk_error_report = rxrpc_error_report;
189 _leave(" = 0");
190 return 0;
191
192 error:
193 kernel_sock_shutdown(local->socket, SHUT_RDWR);
194 local->socket->sk->sk_user_data = NULL;
195 sock_release(local->socket);
196 local->socket = NULL;
197
198 _leave(" = %d", ret);
199 return ret;
200 }
201
202 /*
203 * Look up or create a new local endpoint using the specified local address.
204 */
205 struct rxrpc_local *rxrpc_lookup_local(struct net *net,
206 const struct sockaddr_rxrpc *srx)
207 {
208 struct rxrpc_local *local;
209 struct rxrpc_net *rxnet = rxrpc_net(net);
210 struct list_head *cursor;
211 const char *age;
212 long diff;
213 int ret;
214
215 _enter("{%d,%d,%pISp}",
216 srx->transport_type, srx->transport.family, &srx->transport);
217
218 mutex_lock(&rxnet->local_mutex);
219
220 for (cursor = rxnet->local_endpoints.next;
221 cursor != &rxnet->local_endpoints;
222 cursor = cursor->next) {
223 local = list_entry(cursor, struct rxrpc_local, link);
224
225 diff = rxrpc_local_cmp_key(local, srx);
226 if (diff < 0)
227 continue;
228 if (diff > 0)
229 break;
230
231 /* Services aren't allowed to share transport sockets, so
232 * reject that here. It is possible that the object is dying -
233 * but it may also still have the local transport address that
234 * we want bound.
235 */
236 if (srx->srx_service) {
237 local = NULL;
238 goto addr_in_use;
239 }
240
241 /* Found a match. We replace a dying object. Attempting to
242 * bind the transport socket may still fail if we're attempting
243 * to use a local address that the dying object is still using.
244 */
245 if (!rxrpc_get_local_maybe(local)) {
246 cursor = cursor->next;
247 list_del_init(&local->link);
248 break;
249 }
250
251 age = "old";
252 goto found;
253 }
254
255 local = rxrpc_alloc_local(rxnet, srx);
256 if (!local)
257 goto nomem;
258
259 ret = rxrpc_open_socket(local, net);
260 if (ret < 0)
261 goto sock_error;
262
263 list_add_tail(&local->link, cursor);
264 age = "new";
265
266 found:
267 mutex_unlock(&rxnet->local_mutex);
268
269 _net("LOCAL %s %d {%pISp}",
270 age, local->debug_id, &local->srx.transport);
271
272 _leave(" = %p", local);
273 return local;
274
275 nomem:
276 ret = -ENOMEM;
277 sock_error:
278 mutex_unlock(&rxnet->local_mutex);
279 kfree(local);
280 _leave(" = %d", ret);
281 return ERR_PTR(ret);
282
283 addr_in_use:
284 mutex_unlock(&rxnet->local_mutex);
285 _leave(" = -EADDRINUSE");
286 return ERR_PTR(-EADDRINUSE);
287 }
288
289 /*
290 * A local endpoint reached its end of life.
291 */
292 void __rxrpc_put_local(struct rxrpc_local *local)
293 {
294 _enter("%d", local->debug_id);
295 rxrpc_queue_work(&local->processor);
296 }
297
298 /*
299 * Destroy a local endpoint's socket and then hand the record to RCU to dispose
300 * of.
301 *
302 * Closing the socket cannot be done from bottom half context or RCU callback
303 * context because it might sleep.
304 */
305 static void rxrpc_local_destroyer(struct rxrpc_local *local)
306 {
307 struct socket *socket = local->socket;
308 struct rxrpc_net *rxnet = local->rxnet;
309
310 _enter("%d", local->debug_id);
311
312 /* We can get a race between an incoming call packet queueing the
313 * processor again and the work processor starting the destruction
314 * process which will shut down the UDP socket.
315 */
316 if (local->dead) {
317 _leave(" [already dead]");
318 return;
319 }
320 local->dead = true;
321
322 mutex_lock(&rxnet->local_mutex);
323 list_del_init(&local->link);
324 mutex_unlock(&rxnet->local_mutex);
325
326 ASSERT(RB_EMPTY_ROOT(&local->client_conns));
327 ASSERT(!local->service);
328
329 if (socket) {
330 local->socket = NULL;
331 kernel_sock_shutdown(socket, SHUT_RDWR);
332 socket->sk->sk_user_data = NULL;
333 sock_release(socket);
334 }
335
336 /* At this point, there should be no more packets coming in to the
337 * local endpoint.
338 */
339 rxrpc_purge_queue(&local->reject_queue);
340 rxrpc_purge_queue(&local->event_queue);
341
342 _debug("rcu local %d", local->debug_id);
343 call_rcu(&local->rcu, rxrpc_local_rcu);
344 }
345
346 /*
347 * Process events on an endpoint
348 */
349 static void rxrpc_local_processor(struct work_struct *work)
350 {
351 struct rxrpc_local *local =
352 container_of(work, struct rxrpc_local, processor);
353 bool again;
354
355 _enter("%d", local->debug_id);
356
357 do {
358 again = false;
359 if (atomic_read(&local->usage) == 0)
360 return rxrpc_local_destroyer(local);
361
362 if (!skb_queue_empty(&local->reject_queue)) {
363 rxrpc_reject_packets(local);
364 again = true;
365 }
366
367 if (!skb_queue_empty(&local->event_queue)) {
368 rxrpc_process_local_events(local);
369 again = true;
370 }
371 } while (again);
372 }
373
374 /*
375 * Destroy a local endpoint after the RCU grace period expires.
376 */
377 static void rxrpc_local_rcu(struct rcu_head *rcu)
378 {
379 struct rxrpc_local *local = container_of(rcu, struct rxrpc_local, rcu);
380
381 _enter("%d", local->debug_id);
382
383 ASSERT(!work_pending(&local->processor));
384
385 _net("DESTROY LOCAL %d", local->debug_id);
386 kfree(local);
387 _leave("");
388 }
389
390 /*
391 * Verify the local endpoint list is empty by this point.
392 */
393 void rxrpc_destroy_all_locals(struct rxrpc_net *rxnet)
394 {
395 struct rxrpc_local *local;
396
397 _enter("");
398
399 flush_workqueue(rxrpc_workqueue);
400
401 if (!list_empty(&rxnet->local_endpoints)) {
402 mutex_lock(&rxnet->local_mutex);
403 list_for_each_entry(local, &rxnet->local_endpoints, link) {
404 pr_err("AF_RXRPC: Leaked local %p {%d}\n",
405 local, atomic_read(&local->usage));
406 }
407 mutex_unlock(&rxnet->local_mutex);
408 BUG();
409 }
410 }
ubuntu-bionic-kernel mirror