Loading...
Note: File does not exist in v5.9.
1/* connection-level event handling
2 *
3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#include <linux/module.h>
13#include <linux/net.h>
14#include <linux/skbuff.h>
15#include <linux/errqueue.h>
16#include <linux/udp.h>
17#include <linux/in.h>
18#include <linux/in6.h>
19#include <linux/icmp.h>
20#include <net/sock.h>
21#include <net/af_rxrpc.h>
22#include <net/ip.h>
23#include "ar-internal.h"
24
25/*
26 * pass a connection-level abort onto all calls on that connection
27 */
28static void rxrpc_abort_calls(struct rxrpc_connection *conn, int state,
29 u32 abort_code)
30{
31 struct rxrpc_call *call;
32 struct rb_node *p;
33
34 _enter("{%d},%x", conn->debug_id, abort_code);
35
36 read_lock_bh(&conn->lock);
37
38 for (p = rb_first(&conn->calls); p; p = rb_next(p)) {
39 call = rb_entry(p, struct rxrpc_call, conn_node);
40 write_lock(&call->state_lock);
41 if (call->state <= RXRPC_CALL_COMPLETE) {
42 call->state = state;
43 call->abort_code = abort_code;
44 if (state == RXRPC_CALL_LOCALLY_ABORTED)
45 set_bit(RXRPC_CALL_EV_CONN_ABORT, &call->events);
46 else
47 set_bit(RXRPC_CALL_EV_RCVD_ABORT, &call->events);
48 rxrpc_queue_call(call);
49 }
50 write_unlock(&call->state_lock);
51 }
52
53 read_unlock_bh(&conn->lock);
54 _leave("");
55}
56
57/*
58 * generate a connection-level abort
59 */
60static int rxrpc_abort_connection(struct rxrpc_connection *conn,
61 u32 error, u32 abort_code)
62{
63 struct rxrpc_wire_header whdr;
64 struct msghdr msg;
65 struct kvec iov[2];
66 __be32 word;
67 size_t len;
68 u32 serial;
69 int ret;
70
71 _enter("%d,,%u,%u", conn->debug_id, error, abort_code);
72
73 /* generate a connection-level abort */
74 spin_lock_bh(&conn->state_lock);
75 if (conn->state < RXRPC_CONN_REMOTELY_ABORTED) {
76 conn->state = RXRPC_CONN_LOCALLY_ABORTED;
77 conn->error = error;
78 spin_unlock_bh(&conn->state_lock);
79 } else {
80 spin_unlock_bh(&conn->state_lock);
81 _leave(" = 0 [already dead]");
82 return 0;
83 }
84
85 rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, abort_code);
86
87 msg.msg_name = &conn->trans->peer->srx.transport.sin;
88 msg.msg_namelen = sizeof(conn->trans->peer->srx.transport.sin);
89 msg.msg_control = NULL;
90 msg.msg_controllen = 0;
91 msg.msg_flags = 0;
92
93 whdr.epoch = htonl(conn->epoch);
94 whdr.cid = htonl(conn->cid);
95 whdr.callNumber = 0;
96 whdr.seq = 0;
97 whdr.type = RXRPC_PACKET_TYPE_ABORT;
98 whdr.flags = conn->out_clientflag;
99 whdr.userStatus = 0;
100 whdr.securityIndex = conn->security_ix;
101 whdr._rsvd = 0;
102 whdr.serviceId = htons(conn->service_id);
103
104 word = htonl(abort_code);
105
106 iov[0].iov_base = &whdr;
107 iov[0].iov_len = sizeof(whdr);
108 iov[1].iov_base = &word;
109 iov[1].iov_len = sizeof(word);
110
111 len = iov[0].iov_len + iov[1].iov_len;
112
113 serial = atomic_inc_return(&conn->serial);
114 whdr.serial = htonl(serial);
115 _proto("Tx CONN ABORT %%%u { %d }", serial, abort_code);
116
117 ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 2, len);
118 if (ret < 0) {
119 _debug("sendmsg failed: %d", ret);
120 return -EAGAIN;
121 }
122
123 _leave(" = 0");
124 return 0;
125}
126
127/*
128 * mark a call as being on a now-secured channel
129 * - must be called with softirqs disabled
130 */
131static void rxrpc_call_is_secure(struct rxrpc_call *call)
132{
133 _enter("%p", call);
134 if (call) {
135 read_lock(&call->state_lock);
136 if (call->state < RXRPC_CALL_COMPLETE &&
137 !test_and_set_bit(RXRPC_CALL_EV_SECURED, &call->events))
138 rxrpc_queue_call(call);
139 read_unlock(&call->state_lock);
140 }
141}
142
143/*
144 * connection-level Rx packet processor
145 */
146static int rxrpc_process_event(struct rxrpc_connection *conn,
147 struct sk_buff *skb,
148 u32 *_abort_code)
149{
150 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
151 __be32 wtmp;
152 u32 abort_code;
153 int loop, ret;
154
155 if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
156 kleave(" = -ECONNABORTED [%u]", conn->state);
157 return -ECONNABORTED;
158 }
159
160 _enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial);
161
162 switch (sp->hdr.type) {
163 case RXRPC_PACKET_TYPE_ABORT:
164 if (skb_copy_bits(skb, 0, &wtmp, sizeof(wtmp)) < 0)
165 return -EPROTO;
166 abort_code = ntohl(wtmp);
167 _proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code);
168
169 conn->state = RXRPC_CONN_REMOTELY_ABORTED;
170 rxrpc_abort_calls(conn, RXRPC_CALL_REMOTELY_ABORTED,
171 abort_code);
172 return -ECONNABORTED;
173
174 case RXRPC_PACKET_TYPE_CHALLENGE:
175 if (conn->security)
176 return conn->security->respond_to_challenge(
177 conn, skb, _abort_code);
178 return -EPROTO;
179
180 case RXRPC_PACKET_TYPE_RESPONSE:
181 if (!conn->security)
182 return -EPROTO;
183
184 ret = conn->security->verify_response(conn, skb, _abort_code);
185 if (ret < 0)
186 return ret;
187
188 ret = conn->security->init_connection_security(conn);
189 if (ret < 0)
190 return ret;
191
192 conn->security->prime_packet_security(conn);
193 read_lock_bh(&conn->lock);
194 spin_lock(&conn->state_lock);
195
196 if (conn->state == RXRPC_CONN_SERVER_CHALLENGING) {
197 conn->state = RXRPC_CONN_SERVER;
198 for (loop = 0; loop < RXRPC_MAXCALLS; loop++)
199 rxrpc_call_is_secure(conn->channels[loop]);
200 }
201
202 spin_unlock(&conn->state_lock);
203 read_unlock_bh(&conn->lock);
204 return 0;
205
206 default:
207 _leave(" = -EPROTO [%u]", sp->hdr.type);
208 return -EPROTO;
209 }
210}
211
212/*
213 * set up security and issue a challenge
214 */
215static void rxrpc_secure_connection(struct rxrpc_connection *conn)
216{
217 u32 abort_code;
218 int ret;
219
220 _enter("{%d}", conn->debug_id);
221
222 ASSERT(conn->security_ix != 0);
223
224 if (!conn->key) {
225 _debug("set up security");
226 ret = rxrpc_init_server_conn_security(conn);
227 switch (ret) {
228 case 0:
229 break;
230 case -ENOENT:
231 abort_code = RX_CALL_DEAD;
232 goto abort;
233 default:
234 abort_code = RXKADNOAUTH;
235 goto abort;
236 }
237 }
238
239 ASSERT(conn->security != NULL);
240
241 if (conn->security->issue_challenge(conn) < 0) {
242 abort_code = RX_CALL_DEAD;
243 ret = -ENOMEM;
244 goto abort;
245 }
246
247 _leave("");
248 return;
249
250abort:
251 _debug("abort %d, %d", ret, abort_code);
252 rxrpc_abort_connection(conn, -ret, abort_code);
253 _leave(" [aborted]");
254}
255
256/*
257 * connection-level event processor
258 */
259void rxrpc_process_connection(struct work_struct *work)
260{
261 struct rxrpc_connection *conn =
262 container_of(work, struct rxrpc_connection, processor);
263 struct sk_buff *skb;
264 u32 abort_code = RX_PROTOCOL_ERROR;
265 int ret;
266
267 _enter("{%d}", conn->debug_id);
268
269 atomic_inc(&conn->usage);
270
271 if (test_and_clear_bit(RXRPC_CONN_CHALLENGE, &conn->events)) {
272 rxrpc_secure_connection(conn);
273 rxrpc_put_connection(conn);
274 }
275
276 /* go through the conn-level event packets, releasing the ref on this
277 * connection that each one has when we've finished with it */
278 while ((skb = skb_dequeue(&conn->rx_queue))) {
279 ret = rxrpc_process_event(conn, skb, &abort_code);
280 switch (ret) {
281 case -EPROTO:
282 case -EKEYEXPIRED:
283 case -EKEYREJECTED:
284 goto protocol_error;
285 case -EAGAIN:
286 goto requeue_and_leave;
287 case -ECONNABORTED:
288 default:
289 rxrpc_put_connection(conn);
290 rxrpc_free_skb(skb);
291 break;
292 }
293 }
294
295out:
296 rxrpc_put_connection(conn);
297 _leave("");
298 return;
299
300requeue_and_leave:
301 skb_queue_head(&conn->rx_queue, skb);
302 goto out;
303
304protocol_error:
305 if (rxrpc_abort_connection(conn, -ret, abort_code) < 0)
306 goto requeue_and_leave;
307 rxrpc_put_connection(conn);
308 rxrpc_free_skb(skb);
309 _leave(" [EPROTO]");
310 goto out;
311}
312
313/*
314 * put a packet up for transport-level abort
315 */
316void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb)
317{
318 CHECK_SLAB_OKAY(&local->usage);
319
320 if (!atomic_inc_not_zero(&local->usage)) {
321 printk("resurrected on reject\n");
322 BUG();
323 }
324
325 skb_queue_tail(&local->reject_queue, skb);
326 rxrpc_queue_work(&local->rejecter);
327}
328
329/*
330 * reject packets through the local endpoint
331 */
332void rxrpc_reject_packets(struct work_struct *work)
333{
334 union {
335 struct sockaddr sa;
336 struct sockaddr_in sin;
337 } sa;
338 struct rxrpc_skb_priv *sp;
339 struct rxrpc_wire_header whdr;
340 struct rxrpc_local *local;
341 struct sk_buff *skb;
342 struct msghdr msg;
343 struct kvec iov[2];
344 size_t size;
345 __be32 code;
346
347 local = container_of(work, struct rxrpc_local, rejecter);
348 rxrpc_get_local(local);
349
350 _enter("%d", local->debug_id);
351
352 iov[0].iov_base = &whdr;
353 iov[0].iov_len = sizeof(whdr);
354 iov[1].iov_base = &code;
355 iov[1].iov_len = sizeof(code);
356 size = sizeof(whdr) + sizeof(code);
357
358 msg.msg_name = &sa;
359 msg.msg_control = NULL;
360 msg.msg_controllen = 0;
361 msg.msg_flags = 0;
362
363 memset(&sa, 0, sizeof(sa));
364 sa.sa.sa_family = local->srx.transport.family;
365 switch (sa.sa.sa_family) {
366 case AF_INET:
367 msg.msg_namelen = sizeof(sa.sin);
368 break;
369 default:
370 msg.msg_namelen = 0;
371 break;
372 }
373
374 memset(&whdr, 0, sizeof(whdr));
375 whdr.type = RXRPC_PACKET_TYPE_ABORT;
376
377 while ((skb = skb_dequeue(&local->reject_queue))) {
378 sp = rxrpc_skb(skb);
379 switch (sa.sa.sa_family) {
380 case AF_INET:
381 sa.sin.sin_port = udp_hdr(skb)->source;
382 sa.sin.sin_addr.s_addr = ip_hdr(skb)->saddr;
383 code = htonl(skb->priority);
384
385 whdr.epoch = htonl(sp->hdr.epoch);
386 whdr.cid = htonl(sp->hdr.cid);
387 whdr.callNumber = htonl(sp->hdr.callNumber);
388 whdr.serviceId = htons(sp->hdr.serviceId);
389 whdr.flags = sp->hdr.flags;
390 whdr.flags ^= RXRPC_CLIENT_INITIATED;
391 whdr.flags &= RXRPC_CLIENT_INITIATED;
392
393 kernel_sendmsg(local->socket, &msg, iov, 2, size);
394 break;
395
396 default:
397 break;
398 }
399
400 rxrpc_free_skb(skb);
401 rxrpc_put_local(local);
402 }
403
404 rxrpc_put_local(local);
405 _leave("");
406}