0001
0002
0003
0004
0005
0006
0007
0008 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
0009
0010 #include <linux/module.h>
0011 #include <linux/net.h>
0012 #include <linux/skbuff.h>
0013 #include <linux/errqueue.h>
0014 #include <net/sock.h>
0015 #include <net/af_rxrpc.h>
0016 #include <net/ip.h>
0017 #include "ar-internal.h"
0018
0019
0020
0021
0022 static void rxrpc_conn_retransmit_call(struct rxrpc_connection *conn,
0023 struct sk_buff *skb,
0024 unsigned int channel)
0025 {
0026 struct rxrpc_skb_priv *sp = skb ? rxrpc_skb(skb) : NULL;
0027 struct rxrpc_channel *chan;
0028 struct msghdr msg;
0029 struct kvec iov[3];
0030 struct {
0031 struct rxrpc_wire_header whdr;
0032 union {
0033 __be32 abort_code;
0034 struct rxrpc_ackpacket ack;
0035 };
0036 } __attribute__((packed)) pkt;
0037 struct rxrpc_ackinfo ack_info;
0038 size_t len;
0039 int ret, ioc;
0040 u32 serial, mtu, call_id, padding;
0041
0042 _enter("%d", conn->debug_id);
0043
0044 chan = &conn->channels[channel];
0045
0046
0047
0048
0049 call_id = READ_ONCE(chan->last_call);
0050
0051 smp_rmb();
0052 if (skb && call_id != sp->hdr.callNumber)
0053 return;
0054
0055 msg.msg_name = &conn->params.peer->srx.transport;
0056 msg.msg_namelen = conn->params.peer->srx.transport_len;
0057 msg.msg_control = NULL;
0058 msg.msg_controllen = 0;
0059 msg.msg_flags = 0;
0060
0061 iov[0].iov_base = &pkt;
0062 iov[0].iov_len = sizeof(pkt.whdr);
0063 iov[1].iov_base = &padding;
0064 iov[1].iov_len = 3;
0065 iov[2].iov_base = &ack_info;
0066 iov[2].iov_len = sizeof(ack_info);
0067
0068 pkt.whdr.epoch = htonl(conn->proto.epoch);
0069 pkt.whdr.cid = htonl(conn->proto.cid | channel);
0070 pkt.whdr.callNumber = htonl(call_id);
0071 pkt.whdr.seq = 0;
0072 pkt.whdr.type = chan->last_type;
0073 pkt.whdr.flags = conn->out_clientflag;
0074 pkt.whdr.userStatus = 0;
0075 pkt.whdr.securityIndex = conn->security_ix;
0076 pkt.whdr._rsvd = 0;
0077 pkt.whdr.serviceId = htons(conn->service_id);
0078
0079 len = sizeof(pkt.whdr);
0080 switch (chan->last_type) {
0081 case RXRPC_PACKET_TYPE_ABORT:
0082 pkt.abort_code = htonl(chan->last_abort);
0083 iov[0].iov_len += sizeof(pkt.abort_code);
0084 len += sizeof(pkt.abort_code);
0085 ioc = 1;
0086 break;
0087
0088 case RXRPC_PACKET_TYPE_ACK:
0089 mtu = conn->params.peer->if_mtu;
0090 mtu -= conn->params.peer->hdrsize;
0091 pkt.ack.bufferSpace = 0;
0092 pkt.ack.maxSkew = htons(skb ? skb->priority : 0);
0093 pkt.ack.firstPacket = htonl(chan->last_seq + 1);
0094 pkt.ack.previousPacket = htonl(chan->last_seq);
0095 pkt.ack.serial = htonl(skb ? sp->hdr.serial : 0);
0096 pkt.ack.reason = skb ? RXRPC_ACK_DUPLICATE : RXRPC_ACK_IDLE;
0097 pkt.ack.nAcks = 0;
0098 ack_info.rxMTU = htonl(rxrpc_rx_mtu);
0099 ack_info.maxMTU = htonl(mtu);
0100 ack_info.rwind = htonl(rxrpc_rx_window_size);
0101 ack_info.jumbo_max = htonl(rxrpc_rx_jumbo_max);
0102 pkt.whdr.flags |= RXRPC_SLOW_START_OK;
0103 padding = 0;
0104 iov[0].iov_len += sizeof(pkt.ack);
0105 len += sizeof(pkt.ack) + 3 + sizeof(ack_info);
0106 ioc = 3;
0107 break;
0108
0109 default:
0110 return;
0111 }
0112
0113
0114
0115
0116 smp_rmb();
0117 if (READ_ONCE(chan->last_call) != call_id)
0118 return;
0119
0120 serial = atomic_inc_return(&conn->serial);
0121 pkt.whdr.serial = htonl(serial);
0122
0123 switch (chan->last_type) {
0124 case RXRPC_PACKET_TYPE_ABORT:
0125 _proto("Tx ABORT %%%u { %d } [re]", serial, conn->abort_code);
0126 break;
0127 case RXRPC_PACKET_TYPE_ACK:
0128 trace_rxrpc_tx_ack(chan->call_debug_id, serial,
0129 ntohl(pkt.ack.firstPacket),
0130 ntohl(pkt.ack.serial),
0131 pkt.ack.reason, 0);
0132 _proto("Tx ACK %%%u [re]", serial);
0133 break;
0134 }
0135
0136 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, ioc, len);
0137 conn->params.peer->last_tx_at = ktime_get_seconds();
0138 if (ret < 0)
0139 trace_rxrpc_tx_fail(chan->call_debug_id, serial, ret,
0140 rxrpc_tx_point_call_final_resend);
0141 else
0142 trace_rxrpc_tx_packet(chan->call_debug_id, &pkt.whdr,
0143 rxrpc_tx_point_call_final_resend);
0144
0145 _leave("");
0146 }
0147
0148
0149
0150
0151 static void rxrpc_abort_calls(struct rxrpc_connection *conn,
0152 enum rxrpc_call_completion compl,
0153 rxrpc_serial_t serial)
0154 {
0155 struct rxrpc_call *call;
0156 int i;
0157
0158 _enter("{%d},%x", conn->debug_id, conn->abort_code);
0159
0160 spin_lock(&conn->bundle->channel_lock);
0161
0162 for (i = 0; i < RXRPC_MAXCALLS; i++) {
0163 call = rcu_dereference_protected(
0164 conn->channels[i].call,
0165 lockdep_is_held(&conn->bundle->channel_lock));
0166 if (call) {
0167 if (compl == RXRPC_CALL_LOCALLY_ABORTED)
0168 trace_rxrpc_abort(call->debug_id,
0169 "CON", call->cid,
0170 call->call_id, 0,
0171 conn->abort_code,
0172 conn->error);
0173 else
0174 trace_rxrpc_rx_abort(call, serial,
0175 conn->abort_code);
0176 rxrpc_set_call_completion(call, compl,
0177 conn->abort_code,
0178 conn->error);
0179 }
0180 }
0181
0182 spin_unlock(&conn->bundle->channel_lock);
0183 _leave("");
0184 }
0185
0186
0187
0188
0189 static int rxrpc_abort_connection(struct rxrpc_connection *conn,
0190 int error, u32 abort_code)
0191 {
0192 struct rxrpc_wire_header whdr;
0193 struct msghdr msg;
0194 struct kvec iov[2];
0195 __be32 word;
0196 size_t len;
0197 u32 serial;
0198 int ret;
0199
0200 _enter("%d,,%u,%u", conn->debug_id, error, abort_code);
0201
0202
0203 spin_lock_bh(&conn->state_lock);
0204 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
0205 spin_unlock_bh(&conn->state_lock);
0206 _leave(" = 0 [already dead]");
0207 return 0;
0208 }
0209
0210 conn->error = error;
0211 conn->abort_code = abort_code;
0212 conn->state = RXRPC_CONN_LOCALLY_ABORTED;
0213 set_bit(RXRPC_CONN_DONT_REUSE, &conn->flags);
0214 spin_unlock_bh(&conn->state_lock);
0215
0216 msg.msg_name = &conn->params.peer->srx.transport;
0217 msg.msg_namelen = conn->params.peer->srx.transport_len;
0218 msg.msg_control = NULL;
0219 msg.msg_controllen = 0;
0220 msg.msg_flags = 0;
0221
0222 whdr.epoch = htonl(conn->proto.epoch);
0223 whdr.cid = htonl(conn->proto.cid);
0224 whdr.callNumber = 0;
0225 whdr.seq = 0;
0226 whdr.type = RXRPC_PACKET_TYPE_ABORT;
0227 whdr.flags = conn->out_clientflag;
0228 whdr.userStatus = 0;
0229 whdr.securityIndex = conn->security_ix;
0230 whdr._rsvd = 0;
0231 whdr.serviceId = htons(conn->service_id);
0232
0233 word = htonl(conn->abort_code);
0234
0235 iov[0].iov_base = &whdr;
0236 iov[0].iov_len = sizeof(whdr);
0237 iov[1].iov_base = &word;
0238 iov[1].iov_len = sizeof(word);
0239
0240 len = iov[0].iov_len + iov[1].iov_len;
0241
0242 serial = atomic_inc_return(&conn->serial);
0243 rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, serial);
0244 whdr.serial = htonl(serial);
0245 _proto("Tx CONN ABORT %%%u { %d }", serial, conn->abort_code);
0246
0247 ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len);
0248 if (ret < 0) {
0249 trace_rxrpc_tx_fail(conn->debug_id, serial, ret,
0250 rxrpc_tx_point_conn_abort);
0251 _debug("sendmsg failed: %d", ret);
0252 return -EAGAIN;
0253 }
0254
0255 trace_rxrpc_tx_packet(conn->debug_id, &whdr, rxrpc_tx_point_conn_abort);
0256
0257 conn->params.peer->last_tx_at = ktime_get_seconds();
0258
0259 _leave(" = 0");
0260 return 0;
0261 }
0262
0263
0264
0265
0266
0267 static void rxrpc_call_is_secure(struct rxrpc_call *call)
0268 {
0269 _enter("%p", call);
0270 if (call) {
0271 write_lock_bh(&call->state_lock);
0272 if (call->state == RXRPC_CALL_SERVER_SECURING) {
0273 call->state = RXRPC_CALL_SERVER_RECV_REQUEST;
0274 rxrpc_notify_socket(call);
0275 }
0276 write_unlock_bh(&call->state_lock);
0277 }
0278 }
0279
0280
0281
0282
0283 static int rxrpc_process_event(struct rxrpc_connection *conn,
0284 struct sk_buff *skb,
0285 u32 *_abort_code)
0286 {
0287 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
0288 __be32 wtmp;
0289 u32 abort_code;
0290 int loop, ret;
0291
0292 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
0293 _leave(" = -ECONNABORTED [%u]", conn->state);
0294 return -ECONNABORTED;
0295 }
0296
0297 _enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial);
0298
0299 switch (sp->hdr.type) {
0300 case RXRPC_PACKET_TYPE_DATA:
0301 case RXRPC_PACKET_TYPE_ACK:
0302 rxrpc_conn_retransmit_call(conn, skb,
0303 sp->hdr.cid & RXRPC_CHANNELMASK);
0304 return 0;
0305
0306 case RXRPC_PACKET_TYPE_BUSY:
0307
0308 return 0;
0309
0310 case RXRPC_PACKET_TYPE_ABORT:
0311 if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header),
0312 &wtmp, sizeof(wtmp)) < 0) {
0313 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial,
0314 tracepoint_string("bad_abort"));
0315 return -EPROTO;
0316 }
0317 abort_code = ntohl(wtmp);
0318 _proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code);
0319
0320 conn->error = -ECONNABORTED;
0321 conn->abort_code = abort_code;
0322 conn->state = RXRPC_CONN_REMOTELY_ABORTED;
0323 set_bit(RXRPC_CONN_DONT_REUSE, &conn->flags);
0324 rxrpc_abort_calls(conn, RXRPC_CALL_REMOTELY_ABORTED, sp->hdr.serial);
0325 return -ECONNABORTED;
0326
0327 case RXRPC_PACKET_TYPE_CHALLENGE:
0328 return conn->security->respond_to_challenge(conn, skb,
0329 _abort_code);
0330
0331 case RXRPC_PACKET_TYPE_RESPONSE:
0332 ret = conn->security->verify_response(conn, skb, _abort_code);
0333 if (ret < 0)
0334 return ret;
0335
0336 ret = conn->security->init_connection_security(
0337 conn, conn->params.key->payload.data[0]);
0338 if (ret < 0)
0339 return ret;
0340
0341 spin_lock(&conn->bundle->channel_lock);
0342 spin_lock_bh(&conn->state_lock);
0343
0344 if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) {
0345 conn->state = RXRPC_CONN_SERVICE;
0346 spin_unlock_bh(&conn->state_lock);
0347 for (loop = 0; loop < RXRPC_MAXCALLS; loop++)
0348 rxrpc_call_is_secure(
0349 rcu_dereference_protected(
0350 conn->channels[loop].call,
0351 lockdep_is_held(&conn->bundle->channel_lock)));
0352 } else {
0353 spin_unlock_bh(&conn->state_lock);
0354 }
0355
0356 spin_unlock(&conn->bundle->channel_lock);
0357 return 0;
0358
0359 default:
0360 trace_rxrpc_rx_eproto(NULL, sp->hdr.serial,
0361 tracepoint_string("bad_conn_pkt"));
0362 return -EPROTO;
0363 }
0364 }
0365
0366
0367
0368
0369 static void rxrpc_secure_connection(struct rxrpc_connection *conn)
0370 {
0371 u32 abort_code;
0372 int ret;
0373
0374 _enter("{%d}", conn->debug_id);
0375
0376 ASSERT(conn->security_ix != 0);
0377
0378 if (conn->security->issue_challenge(conn) < 0) {
0379 abort_code = RX_CALL_DEAD;
0380 ret = -ENOMEM;
0381 goto abort;
0382 }
0383
0384 _leave("");
0385 return;
0386
0387 abort:
0388 _debug("abort %d, %d", ret, abort_code);
0389 rxrpc_abort_connection(conn, ret, abort_code);
0390 _leave(" [aborted]");
0391 }
0392
0393
0394
0395
0396 void rxrpc_process_delayed_final_acks(struct rxrpc_connection *conn, bool force)
0397 {
0398 unsigned long j = jiffies, next_j;
0399 unsigned int channel;
0400 bool set;
0401
0402 again:
0403 next_j = j + LONG_MAX;
0404 set = false;
0405 for (channel = 0; channel < RXRPC_MAXCALLS; channel++) {
0406 struct rxrpc_channel *chan = &conn->channels[channel];
0407 unsigned long ack_at;
0408
0409 if (!test_bit(RXRPC_CONN_FINAL_ACK_0 + channel, &conn->flags))
0410 continue;
0411
0412 smp_rmb();
0413 ack_at = READ_ONCE(chan->final_ack_at);
0414
0415 if (time_before(j, ack_at) && !force) {
0416 if (time_before(ack_at, next_j)) {
0417 next_j = ack_at;
0418 set = true;
0419 }
0420 continue;
0421 }
0422
0423 if (test_and_clear_bit(RXRPC_CONN_FINAL_ACK_0 + channel,
0424 &conn->flags))
0425 rxrpc_conn_retransmit_call(conn, NULL, channel);
0426 }
0427
0428 j = jiffies;
0429 if (time_before_eq(next_j, j))
0430 goto again;
0431 if (set)
0432 rxrpc_reduce_conn_timer(conn, next_j);
0433 }
0434
0435
0436
0437
0438 static void rxrpc_do_process_connection(struct rxrpc_connection *conn)
0439 {
0440 struct sk_buff *skb;
0441 u32 abort_code = RX_PROTOCOL_ERROR;
0442 int ret;
0443
0444 if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events))
0445 rxrpc_secure_connection(conn);
0446
0447
0448 if (conn->flags & RXRPC_CONN_FINAL_ACK_MASK)
0449 rxrpc_process_delayed_final_acks(conn, false);
0450
0451
0452
0453 while ((skb = skb_dequeue(&conn->rx_queue))) {
0454 rxrpc_see_skb(skb, rxrpc_skb_seen);
0455 ret = rxrpc_process_event(conn, skb, &abort_code);
0456 switch (ret) {
0457 case -EPROTO:
0458 case -EKEYEXPIRED:
0459 case -EKEYREJECTED:
0460 goto protocol_error;
0461 case -ENOMEM:
0462 case -EAGAIN:
0463 goto requeue_and_leave;
0464 case -ECONNABORTED:
0465 default:
0466 rxrpc_free_skb(skb, rxrpc_skb_freed);
0467 break;
0468 }
0469 }
0470
0471 return;
0472
0473 requeue_and_leave:
0474 skb_queue_head(&conn->rx_queue, skb);
0475 return;
0476
0477 protocol_error:
0478 if (rxrpc_abort_connection(conn, ret, abort_code) < 0)
0479 goto requeue_and_leave;
0480 rxrpc_free_skb(skb, rxrpc_skb_freed);
0481 return;
0482 }
0483
0484 void rxrpc_process_connection(struct work_struct *work)
0485 {
0486 struct rxrpc_connection *conn =
0487 container_of(work, struct rxrpc_connection, processor);
0488
0489 rxrpc_see_connection(conn);
0490
0491 if (__rxrpc_use_local(conn->params.local)) {
0492 rxrpc_do_process_connection(conn);
0493 rxrpc_unuse_local(conn->params.local);
0494 }
0495
0496 rxrpc_put_connection(conn);
0497 _leave("");
0498 return;
0499 }
