Commit | Line | Data |
---|---|---|
17926a79 DH |
1 | /* connection-level event handling |
2 | * | |
3 | * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. | |
4 | * Written by David Howells (dhowells@redhat.com) | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public License | |
8 | * as published by the Free Software Foundation; either version | |
9 | * 2 of the License, or (at your option) any later version. | |
10 | */ | |
11 | ||
9b6d5398 JP |
12 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
13 | ||
17926a79 DH |
14 | #include <linux/module.h> |
15 | #include <linux/net.h> | |
16 | #include <linux/skbuff.h> | |
17 | #include <linux/errqueue.h> | |
18 | #include <linux/udp.h> | |
19 | #include <linux/in.h> | |
20 | #include <linux/in6.h> | |
21 | #include <linux/icmp.h> | |
22 | #include <net/sock.h> | |
23 | #include <net/af_rxrpc.h> | |
24 | #include <net/ip.h> | |
25 | #include "ar-internal.h" | |
26 | ||
27 | /* | |
28 | * pass a connection-level abort onto all calls on that connection | |
29 | */ | |
30 | static void rxrpc_abort_calls(struct rxrpc_connection *conn, int state, | |
31 | u32 abort_code) | |
32 | { | |
33 | struct rxrpc_call *call; | |
a1399f8b | 34 | int i; |
17926a79 DH |
35 | |
36 | _enter("{%d},%x", conn->debug_id, abort_code); | |
37 | ||
a1399f8b | 38 | spin_lock(&conn->channel_lock); |
17926a79 | 39 | |
a1399f8b DH |
40 | for (i = 0; i < RXRPC_MAXCALLS; i++) { |
41 | call = rcu_dereference_protected( | |
42 | conn->channels[i].call, | |
43 | lockdep_is_held(&conn->channel_lock)); | |
44 | write_lock_bh(&call->state_lock); | |
17926a79 DH |
45 | if (call->state <= RXRPC_CALL_COMPLETE) { |
46 | call->state = state; | |
dc44b3a0 DH |
47 | if (state == RXRPC_CALL_LOCALLY_ABORTED) { |
48 | call->local_abort = conn->local_abort; | |
4c198ad1 | 49 | set_bit(RXRPC_CALL_EV_CONN_ABORT, &call->events); |
dc44b3a0 DH |
50 | } else { |
51 | call->remote_abort = conn->remote_abort; | |
4c198ad1 | 52 | set_bit(RXRPC_CALL_EV_RCVD_ABORT, &call->events); |
dc44b3a0 | 53 | } |
651350d1 | 54 | rxrpc_queue_call(call); |
17926a79 | 55 | } |
a1399f8b | 56 | write_unlock_bh(&call->state_lock); |
17926a79 DH |
57 | } |
58 | ||
a1399f8b | 59 | spin_unlock(&conn->channel_lock); |
17926a79 DH |
60 | _leave(""); |
61 | } | |
62 | ||
63 | /* | |
64 | * generate a connection-level abort | |
65 | */ | |
66 | static int rxrpc_abort_connection(struct rxrpc_connection *conn, | |
67 | u32 error, u32 abort_code) | |
68 | { | |
0d12f8a4 | 69 | struct rxrpc_wire_header whdr; |
17926a79 DH |
70 | struct msghdr msg; |
71 | struct kvec iov[2]; | |
72 | __be32 word; | |
73 | size_t len; | |
0d12f8a4 | 74 | u32 serial; |
17926a79 DH |
75 | int ret; |
76 | ||
77 | _enter("%d,,%u,%u", conn->debug_id, error, abort_code); | |
78 | ||
79 | /* generate a connection-level abort */ | |
80 | spin_lock_bh(&conn->state_lock); | |
81 | if (conn->state < RXRPC_CONN_REMOTELY_ABORTED) { | |
82 | conn->state = RXRPC_CONN_LOCALLY_ABORTED; | |
83 | conn->error = error; | |
84 | spin_unlock_bh(&conn->state_lock); | |
85 | } else { | |
86 | spin_unlock_bh(&conn->state_lock); | |
87 | _leave(" = 0 [already dead]"); | |
88 | return 0; | |
89 | } | |
90 | ||
91 | rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, abort_code); | |
92 | ||
85f32278 DH |
93 | msg.msg_name = &conn->params.peer->srx.transport; |
94 | msg.msg_namelen = conn->params.peer->srx.transport_len; | |
17926a79 DH |
95 | msg.msg_control = NULL; |
96 | msg.msg_controllen = 0; | |
97 | msg.msg_flags = 0; | |
98 | ||
19ffa01c DH |
99 | whdr.epoch = htonl(conn->proto.epoch); |
100 | whdr.cid = htonl(conn->proto.cid); | |
0d12f8a4 DH |
101 | whdr.callNumber = 0; |
102 | whdr.seq = 0; | |
103 | whdr.type = RXRPC_PACKET_TYPE_ABORT; | |
104 | whdr.flags = conn->out_clientflag; | |
105 | whdr.userStatus = 0; | |
106 | whdr.securityIndex = conn->security_ix; | |
107 | whdr._rsvd = 0; | |
19ffa01c | 108 | whdr.serviceId = htons(conn->params.service_id); |
17926a79 | 109 | |
dc44b3a0 | 110 | word = htonl(conn->local_abort); |
17926a79 | 111 | |
0d12f8a4 DH |
112 | iov[0].iov_base = &whdr; |
113 | iov[0].iov_len = sizeof(whdr); | |
17926a79 DH |
114 | iov[1].iov_base = &word; |
115 | iov[1].iov_len = sizeof(word); | |
116 | ||
117 | len = iov[0].iov_len + iov[1].iov_len; | |
118 | ||
0d12f8a4 DH |
119 | serial = atomic_inc_return(&conn->serial); |
120 | whdr.serial = htonl(serial); | |
dc44b3a0 | 121 | _proto("Tx CONN ABORT %%%u { %d }", serial, conn->local_abort); |
17926a79 | 122 | |
85f32278 | 123 | ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len); |
17926a79 DH |
124 | if (ret < 0) { |
125 | _debug("sendmsg failed: %d", ret); | |
126 | return -EAGAIN; | |
127 | } | |
128 | ||
129 | _leave(" = 0"); | |
130 | return 0; | |
131 | } | |
132 | ||
133 | /* | |
134 | * mark a call as being on a now-secured channel | |
135 | * - must be called with softirqs disabled | |
136 | */ | |
5eaa65b2 | 137 | static void rxrpc_call_is_secure(struct rxrpc_call *call) |
17926a79 DH |
138 | { |
139 | _enter("%p", call); | |
140 | if (call) { | |
141 | read_lock(&call->state_lock); | |
142 | if (call->state < RXRPC_CALL_COMPLETE && | |
4c198ad1 | 143 | !test_and_set_bit(RXRPC_CALL_EV_SECURED, &call->events)) |
651350d1 | 144 | rxrpc_queue_call(call); |
17926a79 DH |
145 | read_unlock(&call->state_lock); |
146 | } | |
147 | } | |
148 | ||
149 | /* | |
150 | * connection-level Rx packet processor | |
151 | */ | |
152 | static int rxrpc_process_event(struct rxrpc_connection *conn, | |
153 | struct sk_buff *skb, | |
154 | u32 *_abort_code) | |
155 | { | |
156 | struct rxrpc_skb_priv *sp = rxrpc_skb(skb); | |
0d12f8a4 DH |
157 | __be32 wtmp; |
158 | u32 abort_code; | |
17926a79 DH |
159 | int loop, ret; |
160 | ||
519d2567 DH |
161 | if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) { |
162 | kleave(" = -ECONNABORTED [%u]", conn->state); | |
17926a79 | 163 | return -ECONNABORTED; |
519d2567 | 164 | } |
17926a79 | 165 | |
0d12f8a4 | 166 | _enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial); |
519d2567 | 167 | |
17926a79 DH |
168 | switch (sp->hdr.type) { |
169 | case RXRPC_PACKET_TYPE_ABORT: | |
0d12f8a4 | 170 | if (skb_copy_bits(skb, 0, &wtmp, sizeof(wtmp)) < 0) |
17926a79 | 171 | return -EPROTO; |
0d12f8a4 DH |
172 | abort_code = ntohl(wtmp); |
173 | _proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code); | |
17926a79 DH |
174 | |
175 | conn->state = RXRPC_CONN_REMOTELY_ABORTED; | |
176 | rxrpc_abort_calls(conn, RXRPC_CALL_REMOTELY_ABORTED, | |
0d12f8a4 | 177 | abort_code); |
17926a79 DH |
178 | return -ECONNABORTED; |
179 | ||
180 | case RXRPC_PACKET_TYPE_CHALLENGE: | |
e0e4d82f DH |
181 | return conn->security->respond_to_challenge(conn, skb, |
182 | _abort_code); | |
17926a79 DH |
183 | |
184 | case RXRPC_PACKET_TYPE_RESPONSE: | |
17926a79 DH |
185 | ret = conn->security->verify_response(conn, skb, _abort_code); |
186 | if (ret < 0) | |
187 | return ret; | |
188 | ||
189 | ret = conn->security->init_connection_security(conn); | |
190 | if (ret < 0) | |
191 | return ret; | |
192 | ||
a263629d HX |
193 | ret = conn->security->prime_packet_security(conn); |
194 | if (ret < 0) | |
195 | return ret; | |
196 | ||
a1399f8b | 197 | spin_lock(&conn->channel_lock); |
17926a79 DH |
198 | spin_lock(&conn->state_lock); |
199 | ||
bba304db DH |
200 | if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) { |
201 | conn->state = RXRPC_CONN_SERVICE; | |
17926a79 | 202 | for (loop = 0; loop < RXRPC_MAXCALLS; loop++) |
dee46364 DH |
203 | rxrpc_call_is_secure( |
204 | rcu_dereference_protected( | |
a1399f8b DH |
205 | conn->channels[loop].call, |
206 | lockdep_is_held(&conn->channel_lock))); | |
17926a79 DH |
207 | } |
208 | ||
209 | spin_unlock(&conn->state_lock); | |
a1399f8b | 210 | spin_unlock(&conn->channel_lock); |
17926a79 DH |
211 | return 0; |
212 | ||
213 | default: | |
519d2567 | 214 | _leave(" = -EPROTO [%u]", sp->hdr.type); |
17926a79 DH |
215 | return -EPROTO; |
216 | } | |
217 | } | |
218 | ||
219 | /* | |
220 | * set up security and issue a challenge | |
221 | */ | |
222 | static void rxrpc_secure_connection(struct rxrpc_connection *conn) | |
223 | { | |
224 | u32 abort_code; | |
225 | int ret; | |
226 | ||
227 | _enter("{%d}", conn->debug_id); | |
228 | ||
229 | ASSERT(conn->security_ix != 0); | |
230 | ||
19ffa01c | 231 | if (!conn->params.key) { |
17926a79 DH |
232 | _debug("set up security"); |
233 | ret = rxrpc_init_server_conn_security(conn); | |
234 | switch (ret) { | |
235 | case 0: | |
236 | break; | |
237 | case -ENOENT: | |
238 | abort_code = RX_CALL_DEAD; | |
239 | goto abort; | |
240 | default: | |
241 | abort_code = RXKADNOAUTH; | |
242 | goto abort; | |
243 | } | |
244 | } | |
245 | ||
17926a79 DH |
246 | if (conn->security->issue_challenge(conn) < 0) { |
247 | abort_code = RX_CALL_DEAD; | |
248 | ret = -ENOMEM; | |
249 | goto abort; | |
250 | } | |
251 | ||
252 | _leave(""); | |
253 | return; | |
254 | ||
255 | abort: | |
256 | _debug("abort %d, %d", ret, abort_code); | |
257 | rxrpc_abort_connection(conn, -ret, abort_code); | |
258 | _leave(" [aborted]"); | |
259 | } | |
260 | ||
261 | /* | |
262 | * connection-level event processor | |
263 | */ | |
264 | void rxrpc_process_connection(struct work_struct *work) | |
265 | { | |
266 | struct rxrpc_connection *conn = | |
267 | container_of(work, struct rxrpc_connection, processor); | |
17926a79 DH |
268 | struct sk_buff *skb; |
269 | u32 abort_code = RX_PROTOCOL_ERROR; | |
270 | int ret; | |
271 | ||
272 | _enter("{%d}", conn->debug_id); | |
273 | ||
2c4579e4 | 274 | if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events)) |
17926a79 | 275 | rxrpc_secure_connection(conn); |
17926a79 DH |
276 | |
277 | /* go through the conn-level event packets, releasing the ref on this | |
278 | * connection that each one has when we've finished with it */ | |
279 | while ((skb = skb_dequeue(&conn->rx_queue))) { | |
17926a79 DH |
280 | ret = rxrpc_process_event(conn, skb, &abort_code); |
281 | switch (ret) { | |
282 | case -EPROTO: | |
283 | case -EKEYEXPIRED: | |
284 | case -EKEYREJECTED: | |
285 | goto protocol_error; | |
286 | case -EAGAIN: | |
287 | goto requeue_and_leave; | |
288 | case -ECONNABORTED: | |
289 | default: | |
17926a79 DH |
290 | rxrpc_free_skb(skb); |
291 | break; | |
292 | } | |
293 | } | |
294 | ||
295 | out: | |
296 | rxrpc_put_connection(conn); | |
297 | _leave(""); | |
298 | return; | |
299 | ||
300 | requeue_and_leave: | |
301 | skb_queue_head(&conn->rx_queue, skb); | |
302 | goto out; | |
303 | ||
304 | protocol_error: | |
305 | if (rxrpc_abort_connection(conn, -ret, abort_code) < 0) | |
306 | goto requeue_and_leave; | |
17926a79 DH |
307 | rxrpc_free_skb(skb); |
308 | _leave(" [EPROTO]"); | |
309 | goto out; | |
310 | } | |
311 | ||
651350d1 DH |
312 | /* |
313 | * put a packet up for transport-level abort | |
314 | */ | |
315 | void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb) | |
316 | { | |
317 | CHECK_SLAB_OKAY(&local->usage); | |
318 | ||
651350d1 | 319 | skb_queue_tail(&local->reject_queue, skb); |
5acbee46 | 320 | rxrpc_queue_local(local); |
651350d1 DH |
321 | } |
322 | ||
17926a79 DH |
323 | /* |
324 | * reject packets through the local endpoint | |
325 | */ | |
4f95dd78 | 326 | void rxrpc_reject_packets(struct rxrpc_local *local) |
17926a79 DH |
327 | { |
328 | union { | |
329 | struct sockaddr sa; | |
330 | struct sockaddr_in sin; | |
331 | } sa; | |
332 | struct rxrpc_skb_priv *sp; | |
0d12f8a4 | 333 | struct rxrpc_wire_header whdr; |
17926a79 DH |
334 | struct sk_buff *skb; |
335 | struct msghdr msg; | |
336 | struct kvec iov[2]; | |
337 | size_t size; | |
338 | __be32 code; | |
339 | ||
17926a79 DH |
340 | _enter("%d", local->debug_id); |
341 | ||
0d12f8a4 DH |
342 | iov[0].iov_base = &whdr; |
343 | iov[0].iov_len = sizeof(whdr); | |
17926a79 DH |
344 | iov[1].iov_base = &code; |
345 | iov[1].iov_len = sizeof(code); | |
0d12f8a4 | 346 | size = sizeof(whdr) + sizeof(code); |
17926a79 DH |
347 | |
348 | msg.msg_name = &sa; | |
349 | msg.msg_control = NULL; | |
350 | msg.msg_controllen = 0; | |
351 | msg.msg_flags = 0; | |
352 | ||
353 | memset(&sa, 0, sizeof(sa)); | |
354 | sa.sa.sa_family = local->srx.transport.family; | |
355 | switch (sa.sa.sa_family) { | |
356 | case AF_INET: | |
357 | msg.msg_namelen = sizeof(sa.sin); | |
358 | break; | |
359 | default: | |
360 | msg.msg_namelen = 0; | |
361 | break; | |
362 | } | |
363 | ||
0d12f8a4 DH |
364 | memset(&whdr, 0, sizeof(whdr)); |
365 | whdr.type = RXRPC_PACKET_TYPE_ABORT; | |
17926a79 DH |
366 | |
367 | while ((skb = skb_dequeue(&local->reject_queue))) { | |
368 | sp = rxrpc_skb(skb); | |
369 | switch (sa.sa.sa_family) { | |
370 | case AF_INET: | |
371 | sa.sin.sin_port = udp_hdr(skb)->source; | |
372 | sa.sin.sin_addr.s_addr = ip_hdr(skb)->saddr; | |
373 | code = htonl(skb->priority); | |
374 | ||
0d12f8a4 DH |
375 | whdr.epoch = htonl(sp->hdr.epoch); |
376 | whdr.cid = htonl(sp->hdr.cid); | |
377 | whdr.callNumber = htonl(sp->hdr.callNumber); | |
378 | whdr.serviceId = htons(sp->hdr.serviceId); | |
379 | whdr.flags = sp->hdr.flags; | |
380 | whdr.flags ^= RXRPC_CLIENT_INITIATED; | |
381 | whdr.flags &= RXRPC_CLIENT_INITIATED; | |
17926a79 DH |
382 | |
383 | kernel_sendmsg(local->socket, &msg, iov, 2, size); | |
384 | break; | |
385 | ||
386 | default: | |
387 | break; | |
388 | } | |
389 | ||
390 | rxrpc_free_skb(skb); | |
17926a79 DH |
391 | } |
392 | ||
17926a79 DH |
393 | _leave(""); |
394 | } |