Commit | Line | Data |
---|---|---|
17926a79 DH |
1 | /* RxRPC packet reception |
2 | * | |
248f219c | 3 | * Copyright (C) 2007, 2016 Red Hat, Inc. All Rights Reserved. |
17926a79 DH |
4 | * Written by David Howells (dhowells@redhat.com) |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public License | |
8 | * as published by the Free Software Foundation; either version | |
9 | * 2 of the License, or (at your option) any later version. | |
10 | */ | |
11 | ||
9b6d5398 JP |
12 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
13 | ||
17926a79 DH |
14 | #include <linux/module.h> |
15 | #include <linux/net.h> | |
16 | #include <linux/skbuff.h> | |
17 | #include <linux/errqueue.h> | |
18 | #include <linux/udp.h> | |
19 | #include <linux/in.h> | |
20 | #include <linux/in6.h> | |
21 | #include <linux/icmp.h> | |
5a0e3ad6 | 22 | #include <linux/gfp.h> |
17926a79 DH |
23 | #include <net/sock.h> |
24 | #include <net/af_rxrpc.h> | |
25 | #include <net/ip.h> | |
1781f7f5 | 26 | #include <net/udp.h> |
0283328e | 27 | #include <net/net_namespace.h> |
17926a79 DH |
28 | #include "ar-internal.h" |
29 | ||
248f219c DH |
30 | static void rxrpc_proto_abort(const char *why, |
31 | struct rxrpc_call *call, rxrpc_seq_t seq) | |
32 | { | |
33 | if (rxrpc_abort_call(why, call, seq, RX_PROTOCOL_ERROR, EBADMSG)) { | |
34 | set_bit(RXRPC_CALL_EV_ABORT, &call->events); | |
35 | rxrpc_queue_call(call); | |
36 | } | |
37 | } | |
38 | ||
17926a79 | 39 | /* |
248f219c | 40 | * Apply a hard ACK by advancing the Tx window. |
17926a79 | 41 | */ |
248f219c | 42 | static void rxrpc_rotate_tx_window(struct rxrpc_call *call, rxrpc_seq_t to) |
17926a79 | 43 | { |
248f219c DH |
44 | struct sk_buff *skb, *list = NULL; |
45 | int ix; | |
17926a79 | 46 | |
248f219c | 47 | spin_lock(&call->lock); |
17926a79 | 48 | |
248f219c DH |
49 | while (before(call->tx_hard_ack, to)) { |
50 | call->tx_hard_ack++; | |
51 | ix = call->tx_hard_ack & RXRPC_RXTX_BUFF_MASK; | |
52 | skb = call->rxtx_buffer[ix]; | |
53 | rxrpc_see_skb(skb); | |
54 | call->rxtx_buffer[ix] = NULL; | |
55 | call->rxtx_annotations[ix] = 0; | |
56 | skb->next = list; | |
57 | list = skb; | |
58 | } | |
17926a79 | 59 | |
248f219c | 60 | spin_unlock(&call->lock); |
17926a79 | 61 | |
248f219c DH |
62 | while (list) { |
63 | skb = list; | |
64 | list = skb->next; | |
65 | skb->next = NULL; | |
17926a79 | 66 | rxrpc_free_skb(skb); |
17926a79 | 67 | } |
248f219c | 68 | } |
17926a79 | 69 | |
248f219c DH |
70 | /* |
71 | * End the transmission phase of a call. | |
72 | * | |
73 | * This occurs when we get an ACKALL packet, the first DATA packet of a reply, | |
74 | * or a final ACK packet. | |
75 | */ | |
76 | static bool rxrpc_end_tx_phase(struct rxrpc_call *call, const char *abort_why) | |
77 | { | |
78 | _enter(""); | |
17926a79 | 79 | |
248f219c DH |
80 | switch (call->state) { |
81 | case RXRPC_CALL_CLIENT_RECV_REPLY: | |
82 | return true; | |
83 | case RXRPC_CALL_CLIENT_AWAIT_REPLY: | |
84 | case RXRPC_CALL_SERVER_AWAIT_ACK: | |
85 | break; | |
86 | default: | |
87 | rxrpc_proto_abort(abort_why, call, call->tx_top); | |
88 | return false; | |
17926a79 DH |
89 | } |
90 | ||
248f219c | 91 | rxrpc_rotate_tx_window(call, call->tx_top); |
17926a79 | 92 | |
248f219c | 93 | write_lock(&call->state_lock); |
651350d1 | 94 | |
248f219c DH |
95 | switch (call->state) { |
96 | default: | |
97 | break; | |
98 | case RXRPC_CALL_CLIENT_AWAIT_REPLY: | |
99 | call->state = RXRPC_CALL_CLIENT_RECV_REPLY; | |
100 | break; | |
101 | case RXRPC_CALL_SERVER_AWAIT_ACK: | |
102 | __rxrpc_call_completed(call); | |
103 | rxrpc_notify_socket(call); | |
104 | break; | |
17926a79 | 105 | } |
17926a79 | 106 | |
248f219c DH |
107 | write_unlock(&call->state_lock); |
108 | _leave(" = ok"); | |
109 | return true; | |
110 | } | |
111 | ||
112 | /* | |
113 | * Scan a jumbo packet to validate its structure and to work out how many | |
114 | * subpackets it contains. | |
115 | * | |
116 | * A jumbo packet is a collection of consecutive packets glued together with | |
117 | * little headers between that indicate how to change the initial header for | |
118 | * each subpacket. | |
119 | * | |
120 | * RXRPC_JUMBO_PACKET must be set on all but the last subpacket - and all but | |
121 | * the last are RXRPC_JUMBO_DATALEN in size. The last subpacket may be of any | |
122 | * size. | |
123 | */ | |
124 | static bool rxrpc_validate_jumbo(struct sk_buff *skb) | |
125 | { | |
126 | struct rxrpc_skb_priv *sp = rxrpc_skb(skb); | |
127 | unsigned int offset = sp->offset; | |
128 | unsigned int len = skb->data_len; | |
129 | int nr_jumbo = 1; | |
130 | u8 flags = sp->hdr.flags; | |
131 | ||
132 | do { | |
133 | nr_jumbo++; | |
134 | if (len - offset < RXRPC_JUMBO_SUBPKTLEN) | |
135 | goto protocol_error; | |
136 | if (flags & RXRPC_LAST_PACKET) | |
137 | goto protocol_error; | |
138 | offset += RXRPC_JUMBO_DATALEN; | |
139 | if (skb_copy_bits(skb, offset, &flags, 1) < 0) | |
140 | goto protocol_error; | |
141 | offset += sizeof(struct rxrpc_jumbo_header); | |
142 | } while (flags & RXRPC_JUMBO_PACKET); | |
143 | ||
144 | sp->nr_jumbo = nr_jumbo; | |
145 | return true; | |
17926a79 | 146 | |
248f219c DH |
147 | protocol_error: |
148 | return false; | |
17926a79 DH |
149 | } |
150 | ||
151 | /* | |
248f219c DH |
152 | * Handle reception of a duplicate packet. |
153 | * | |
154 | * We have to take care to avoid an attack here whereby we're given a series of | |
155 | * jumbograms, each with a sequence number one before the preceding one and | |
156 | * filled up to maximum UDP size. If they never send us the first packet in | |
157 | * the sequence, they can cause us to have to hold on to around 2MiB of kernel | |
158 | * space until the call times out. | |
159 | * | |
160 | * We limit the space usage by only accepting three duplicate jumbo packets per | |
161 | * call. After that, we tell the other side we're no longer accepting jumbos | |
162 | * (that information is encoded in the ACK packet). | |
17926a79 | 163 | */ |
248f219c DH |
164 | static void rxrpc_input_dup_data(struct rxrpc_call *call, rxrpc_seq_t seq, |
165 | u8 annotation, bool *_jumbo_dup) | |
17926a79 | 166 | { |
248f219c DH |
167 | /* Discard normal packets that are duplicates. */ |
168 | if (annotation == 0) | |
169 | return; | |
17926a79 | 170 | |
248f219c DH |
171 | /* Skip jumbo subpackets that are duplicates. When we've had three or |
172 | * more partially duplicate jumbo packets, we refuse to take any more | |
173 | * jumbos for this call. | |
174 | */ | |
175 | if (!*_jumbo_dup) { | |
176 | call->nr_jumbo_dup++; | |
177 | *_jumbo_dup = true; | |
178 | } | |
179 | } | |
17926a79 | 180 | |
248f219c DH |
181 | /* |
182 | * Process a DATA packet, adding the packet to the Rx ring. | |
183 | */ | |
184 | static void rxrpc_input_data(struct rxrpc_call *call, struct sk_buff *skb, | |
185 | u16 skew) | |
186 | { | |
187 | struct rxrpc_skb_priv *sp = rxrpc_skb(skb); | |
188 | unsigned int offset = sp->offset; | |
189 | unsigned int ix; | |
190 | rxrpc_serial_t serial = sp->hdr.serial, ack_serial = 0; | |
191 | rxrpc_seq_t seq = sp->hdr.seq, hard_ack; | |
192 | bool immediate_ack = false, jumbo_dup = false, queued; | |
193 | u16 len; | |
194 | u8 ack = 0, flags, annotation = 0; | |
17926a79 | 195 | |
248f219c DH |
196 | _enter("{%u,%u},{%u,%u}", |
197 | call->rx_hard_ack, call->rx_top, skb->data_len, seq); | |
17926a79 | 198 | |
248f219c DH |
199 | _proto("Rx DATA %%%u { #%u f=%02x }", |
200 | sp->hdr.serial, seq, sp->hdr.flags); | |
17926a79 | 201 | |
248f219c DH |
202 | if (call->state >= RXRPC_CALL_COMPLETE) |
203 | return; | |
17926a79 | 204 | |
248f219c DH |
205 | /* Received data implicitly ACKs all of the request packets we sent |
206 | * when we're acting as a client. | |
207 | */ | |
208 | if (call->state == RXRPC_CALL_CLIENT_AWAIT_REPLY && | |
209 | !rxrpc_end_tx_phase(call, "ETD")) | |
210 | return; | |
17926a79 | 211 | |
248f219c | 212 | call->ackr_prev_seq = seq; |
17926a79 | 213 | |
248f219c DH |
214 | hard_ack = READ_ONCE(call->rx_hard_ack); |
215 | if (after(seq, hard_ack + call->rx_winsize)) { | |
17926a79 | 216 | ack = RXRPC_ACK_EXCEEDS_WINDOW; |
248f219c DH |
217 | ack_serial = serial; |
218 | goto ack; | |
17926a79 DH |
219 | } |
220 | ||
248f219c DH |
221 | flags = sp->hdr.flags; |
222 | if (flags & RXRPC_JUMBO_PACKET) { | |
223 | if (call->nr_jumbo_dup > 3) { | |
224 | ack = RXRPC_ACK_NOSPACE; | |
225 | ack_serial = serial; | |
226 | goto ack; | |
17926a79 | 227 | } |
248f219c | 228 | annotation = 1; |
17926a79 DH |
229 | } |
230 | ||
248f219c DH |
231 | next_subpacket: |
232 | queued = false; | |
233 | ix = seq & RXRPC_RXTX_BUFF_MASK; | |
234 | len = skb->data_len; | |
235 | if (flags & RXRPC_JUMBO_PACKET) | |
236 | len = RXRPC_JUMBO_DATALEN; | |
237 | ||
238 | if (flags & RXRPC_LAST_PACKET) { | |
239 | if (test_and_set_bit(RXRPC_CALL_RX_LAST, &call->flags) && | |
240 | seq != call->rx_top) | |
241 | return rxrpc_proto_abort("LSN", call, seq); | |
242 | } else { | |
243 | if (test_bit(RXRPC_CALL_RX_LAST, &call->flags) && | |
244 | after_eq(seq, call->rx_top)) | |
245 | return rxrpc_proto_abort("LSA", call, seq); | |
17926a79 DH |
246 | } |
247 | ||
248f219c DH |
248 | if (before_eq(seq, hard_ack)) { |
249 | ack = RXRPC_ACK_DUPLICATE; | |
250 | ack_serial = serial; | |
251 | goto skip; | |
252 | } | |
253 | ||
254 | if (flags & RXRPC_REQUEST_ACK && !ack) { | |
255 | ack = RXRPC_ACK_REQUESTED; | |
256 | ack_serial = serial; | |
257 | } | |
258 | ||
259 | if (call->rxtx_buffer[ix]) { | |
260 | rxrpc_input_dup_data(call, seq, annotation, &jumbo_dup); | |
261 | if (ack != RXRPC_ACK_DUPLICATE) { | |
262 | ack = RXRPC_ACK_DUPLICATE; | |
263 | ack_serial = serial; | |
17926a79 | 264 | } |
248f219c DH |
265 | immediate_ack = true; |
266 | goto skip; | |
17926a79 DH |
267 | } |
268 | ||
248f219c DH |
269 | /* Queue the packet. We use a couple of memory barriers here as need |
270 | * to make sure that rx_top is perceived to be set after the buffer | |
271 | * pointer and that the buffer pointer is set after the annotation and | |
272 | * the skb data. | |
273 | * | |
274 | * Barriers against rxrpc_recvmsg_data() and rxrpc_rotate_rx_window() | |
275 | * and also rxrpc_fill_out_ack(). | |
276 | */ | |
277 | rxrpc_get_skb(skb); | |
278 | call->rxtx_annotations[ix] = annotation; | |
279 | smp_wmb(); | |
280 | call->rxtx_buffer[ix] = skb; | |
281 | if (after(seq, call->rx_top)) | |
282 | smp_store_release(&call->rx_top, seq); | |
283 | queued = true; | |
284 | ||
285 | if (after_eq(seq, call->rx_expect_next)) { | |
286 | if (after(seq, call->rx_expect_next)) { | |
287 | _net("OOS %u > %u", seq, call->rx_expect_next); | |
288 | ack = RXRPC_ACK_OUT_OF_SEQUENCE; | |
289 | ack_serial = serial; | |
290 | } | |
291 | call->rx_expect_next = seq + 1; | |
17926a79 DH |
292 | } |
293 | ||
248f219c DH |
294 | skip: |
295 | offset += len; | |
296 | if (flags & RXRPC_JUMBO_PACKET) { | |
297 | if (skb_copy_bits(skb, offset, &flags, 1) < 0) | |
298 | return rxrpc_proto_abort("XJF", call, seq); | |
299 | offset += sizeof(struct rxrpc_jumbo_header); | |
300 | seq++; | |
301 | serial++; | |
302 | annotation++; | |
303 | if (flags & RXRPC_JUMBO_PACKET) | |
304 | annotation |= RXRPC_RX_ANNO_JLAST; | |
305 | ||
306 | _proto("Rx DATA Jumbo %%%u", serial); | |
307 | goto next_subpacket; | |
308 | } | |
17926a79 | 309 | |
248f219c DH |
310 | if (queued && flags & RXRPC_LAST_PACKET && !ack) { |
311 | ack = RXRPC_ACK_DELAY; | |
312 | ack_serial = serial; | |
313 | } | |
17926a79 | 314 | |
248f219c DH |
315 | ack: |
316 | if (ack) | |
317 | rxrpc_propose_ACK(call, ack, skew, ack_serial, | |
318 | immediate_ack, true); | |
17926a79 | 319 | |
248f219c DH |
320 | if (sp->hdr.seq == READ_ONCE(call->rx_hard_ack) + 1) |
321 | rxrpc_notify_socket(call); | |
322 | _leave(" [queued]"); | |
17926a79 DH |
323 | } |
324 | ||
325 | /* | |
248f219c | 326 | * Process the extra information that may be appended to an ACK packet |
17926a79 | 327 | */ |
248f219c DH |
328 | static void rxrpc_input_ackinfo(struct rxrpc_call *call, struct sk_buff *skb, |
329 | struct rxrpc_ackinfo *ackinfo) | |
17926a79 | 330 | { |
248f219c DH |
331 | struct rxrpc_skb_priv *sp = rxrpc_skb(skb); |
332 | struct rxrpc_peer *peer; | |
333 | unsigned int mtu; | |
334 | ||
335 | _proto("Rx ACK %%%u Info { rx=%u max=%u rwin=%u jm=%u }", | |
336 | sp->hdr.serial, | |
337 | ntohl(ackinfo->rxMTU), ntohl(ackinfo->maxMTU), | |
338 | ntohl(ackinfo->rwind), ntohl(ackinfo->jumbo_max)); | |
339 | ||
340 | if (call->tx_winsize > ntohl(ackinfo->rwind)) | |
341 | call->tx_winsize = ntohl(ackinfo->rwind); | |
342 | ||
343 | mtu = min(ntohl(ackinfo->rxMTU), ntohl(ackinfo->maxMTU)); | |
344 | ||
345 | peer = call->peer; | |
346 | if (mtu < peer->maxdata) { | |
347 | spin_lock_bh(&peer->lock); | |
348 | peer->maxdata = mtu; | |
349 | peer->mtu = mtu + peer->hdrsize; | |
350 | spin_unlock_bh(&peer->lock); | |
351 | _net("Net MTU %u (maxdata %u)", peer->mtu, peer->maxdata); | |
352 | } | |
353 | } | |
17926a79 | 354 | |
248f219c DH |
355 | /* |
356 | * Process individual soft ACKs. | |
357 | * | |
358 | * Each ACK in the array corresponds to one packet and can be either an ACK or | |
359 | * a NAK. If we get find an explicitly NAK'd packet we resend immediately; | |
360 | * packets that lie beyond the end of the ACK list are scheduled for resend by | |
361 | * the timer on the basis that the peer might just not have processed them at | |
362 | * the time the ACK was sent. | |
363 | */ | |
364 | static void rxrpc_input_soft_acks(struct rxrpc_call *call, u8 *acks, | |
365 | rxrpc_seq_t seq, int nr_acks) | |
366 | { | |
367 | bool resend = false; | |
368 | int ix; | |
369 | ||
370 | for (; nr_acks > 0; nr_acks--, seq++) { | |
371 | ix = seq & RXRPC_RXTX_BUFF_MASK; | |
372 | switch (*acks) { | |
373 | case RXRPC_ACK_TYPE_ACK: | |
374 | call->rxtx_annotations[ix] = RXRPC_TX_ANNO_ACK; | |
375 | break; | |
376 | case RXRPC_ACK_TYPE_NACK: | |
377 | if (call->rxtx_annotations[ix] == RXRPC_TX_ANNO_NAK) | |
378 | continue; | |
379 | call->rxtx_annotations[ix] = RXRPC_TX_ANNO_NAK; | |
380 | resend = true; | |
381 | break; | |
382 | default: | |
383 | return rxrpc_proto_abort("SFT", call, 0); | |
17926a79 | 384 | } |
17926a79 | 385 | } |
248f219c DH |
386 | |
387 | if (resend && | |
388 | !test_and_set_bit(RXRPC_CALL_EV_RESEND, &call->events)) | |
389 | rxrpc_queue_call(call); | |
17926a79 DH |
390 | } |
391 | ||
392 | /* | |
248f219c DH |
393 | * Process an ACK packet. |
394 | * | |
395 | * ack.firstPacket is the sequence number of the first soft-ACK'd/NAK'd packet | |
396 | * in the ACK array. Anything before that is hard-ACK'd and may be discarded. | |
397 | * | |
398 | * A hard-ACK means that a packet has been processed and may be discarded; a | |
399 | * soft-ACK means that the packet may be discarded and retransmission | |
400 | * requested. A phase is complete when all packets are hard-ACK'd. | |
17926a79 | 401 | */ |
248f219c DH |
402 | static void rxrpc_input_ack(struct rxrpc_call *call, struct sk_buff *skb, |
403 | u16 skew) | |
17926a79 DH |
404 | { |
405 | struct rxrpc_skb_priv *sp = rxrpc_skb(skb); | |
248f219c DH |
406 | union { |
407 | struct rxrpc_ackpacket ack; | |
408 | struct rxrpc_ackinfo info; | |
409 | u8 acks[RXRPC_MAXACKS]; | |
410 | } buf; | |
411 | rxrpc_seq_t first_soft_ack, hard_ack; | |
412 | int nr_acks, offset; | |
413 | ||
414 | _enter(""); | |
415 | ||
416 | if (skb_copy_bits(skb, sp->offset, &buf.ack, sizeof(buf.ack)) < 0) { | |
417 | _debug("extraction failure"); | |
418 | return rxrpc_proto_abort("XAK", call, 0); | |
17926a79 | 419 | } |
248f219c DH |
420 | sp->offset += sizeof(buf.ack); |
421 | ||
422 | first_soft_ack = ntohl(buf.ack.firstPacket); | |
423 | hard_ack = first_soft_ack - 1; | |
424 | nr_acks = buf.ack.nAcks; | |
425 | ||
426 | _proto("Rx ACK %%%u { m=%hu f=#%u p=#%u s=%%%u r=%s n=%u }", | |
427 | sp->hdr.serial, | |
428 | ntohs(buf.ack.maxSkew), | |
429 | first_soft_ack, | |
430 | ntohl(buf.ack.previousPacket), | |
431 | ntohl(buf.ack.serial), | |
432 | rxrpc_acks(buf.ack.reason), | |
433 | buf.ack.nAcks); | |
434 | ||
435 | if (buf.ack.reason == RXRPC_ACK_PING) { | |
436 | _proto("Rx ACK %%%u PING Request", sp->hdr.serial); | |
437 | rxrpc_propose_ACK(call, RXRPC_ACK_PING_RESPONSE, | |
438 | skew, sp->hdr.serial, true, true); | |
439 | } else if (sp->hdr.flags & RXRPC_REQUEST_ACK) { | |
563ea7d5 | 440 | rxrpc_propose_ACK(call, RXRPC_ACK_REQUESTED, |
248f219c | 441 | skew, sp->hdr.serial, true, true); |
17926a79 DH |
442 | } |
443 | ||
248f219c DH |
444 | offset = sp->offset + nr_acks + 3; |
445 | if (skb->data_len >= offset + sizeof(buf.info)) { | |
446 | if (skb_copy_bits(skb, offset, &buf.info, sizeof(buf.info)) < 0) | |
447 | return rxrpc_proto_abort("XAI", call, 0); | |
448 | rxrpc_input_ackinfo(call, skb, &buf.info); | |
449 | } | |
17926a79 | 450 | |
248f219c DH |
451 | if (first_soft_ack == 0) |
452 | return rxrpc_proto_abort("AK0", call, 0); | |
17926a79 | 453 | |
248f219c DH |
454 | /* Ignore ACKs unless we are or have just been transmitting. */ |
455 | switch (call->state) { | |
456 | case RXRPC_CALL_CLIENT_SEND_REQUEST: | |
457 | case RXRPC_CALL_CLIENT_AWAIT_REPLY: | |
458 | case RXRPC_CALL_SERVER_SEND_REPLY: | |
459 | case RXRPC_CALL_SERVER_AWAIT_ACK: | |
460 | break; | |
17926a79 | 461 | default: |
248f219c DH |
462 | return; |
463 | } | |
17926a79 | 464 | |
248f219c DH |
465 | /* Discard any out-of-order or duplicate ACKs. */ |
466 | if ((int)sp->hdr.serial - (int)call->acks_latest <= 0) { | |
467 | _debug("discard ACK %d <= %d", | |
468 | sp->hdr.serial, call->acks_latest); | |
469 | return; | |
470 | } | |
471 | call->acks_latest = sp->hdr.serial; | |
17926a79 | 472 | |
248f219c DH |
473 | if (test_bit(RXRPC_CALL_TX_LAST, &call->flags) && |
474 | hard_ack == call->tx_top) { | |
475 | rxrpc_end_tx_phase(call, "ETA"); | |
476 | return; | |
477 | } | |
17926a79 | 478 | |
248f219c DH |
479 | if (before(hard_ack, call->tx_hard_ack) || |
480 | after(hard_ack, call->tx_top)) | |
481 | return rxrpc_proto_abort("AKW", call, 0); | |
17926a79 | 482 | |
248f219c DH |
483 | if (after(hard_ack, call->tx_hard_ack)) |
484 | rxrpc_rotate_tx_window(call, hard_ack); | |
17926a79 | 485 | |
248f219c DH |
486 | if (after(first_soft_ack, call->tx_top)) |
487 | return; | |
17926a79 | 488 | |
248f219c DH |
489 | if (nr_acks > call->tx_top - first_soft_ack + 1) |
490 | nr_acks = first_soft_ack - call->tx_top + 1; | |
491 | if (skb_copy_bits(skb, sp->offset, buf.acks, nr_acks) < 0) | |
492 | return rxrpc_proto_abort("XSA", call, 0); | |
493 | rxrpc_input_soft_acks(call, buf.acks, first_soft_ack, nr_acks); | |
17926a79 DH |
494 | } |
495 | ||
496 | /* | |
248f219c | 497 | * Process an ACKALL packet. |
17926a79 | 498 | */ |
248f219c | 499 | static void rxrpc_input_ackall(struct rxrpc_call *call, struct sk_buff *skb) |
17926a79 | 500 | { |
248f219c | 501 | struct rxrpc_skb_priv *sp = rxrpc_skb(skb); |
17926a79 | 502 | |
248f219c | 503 | _proto("Rx ACKALL %%%u", sp->hdr.serial); |
17926a79 | 504 | |
248f219c DH |
505 | rxrpc_end_tx_phase(call, "ETL"); |
506 | } | |
17926a79 | 507 | |
248f219c DH |
508 | /* |
509 | * Process an ABORT packet. | |
510 | */ | |
511 | static void rxrpc_input_abort(struct rxrpc_call *call, struct sk_buff *skb) | |
512 | { | |
513 | struct rxrpc_skb_priv *sp = rxrpc_skb(skb); | |
514 | __be32 wtmp; | |
515 | u32 abort_code = RX_CALL_DEAD; | |
17926a79 | 516 | |
248f219c | 517 | _enter(""); |
17926a79 | 518 | |
248f219c DH |
519 | if (skb->len >= 4 && |
520 | skb_copy_bits(skb, sp->offset, &wtmp, sizeof(wtmp)) >= 0) | |
521 | abort_code = ntohl(wtmp); | |
17926a79 | 522 | |
248f219c | 523 | _proto("Rx ABORT %%%u { %x }", sp->hdr.serial, abort_code); |
17926a79 | 524 | |
248f219c DH |
525 | if (rxrpc_set_call_completion(call, RXRPC_CALL_REMOTELY_ABORTED, |
526 | abort_code, ECONNABORTED)) | |
527 | rxrpc_notify_socket(call); | |
17926a79 DH |
528 | } |
529 | ||
530 | /* | |
248f219c | 531 | * Process an incoming call packet. |
17926a79 | 532 | */ |
248f219c DH |
533 | static void rxrpc_input_call_packet(struct rxrpc_call *call, |
534 | struct sk_buff *skb, u16 skew) | |
17926a79 | 535 | { |
248f219c | 536 | struct rxrpc_skb_priv *sp = rxrpc_skb(skb); |
17926a79 | 537 | |
7727640c | 538 | _enter("%p,%p", call, skb); |
17926a79 | 539 | |
248f219c DH |
540 | switch (sp->hdr.type) { |
541 | case RXRPC_PACKET_TYPE_DATA: | |
542 | rxrpc_input_data(call, skb, skew); | |
543 | break; | |
f5c17aae | 544 | |
248f219c DH |
545 | case RXRPC_PACKET_TYPE_ACK: |
546 | rxrpc_input_ack(call, skb, skew); | |
17926a79 | 547 | break; |
17926a79 | 548 | |
248f219c DH |
549 | case RXRPC_PACKET_TYPE_BUSY: |
550 | _proto("Rx BUSY %%%u", sp->hdr.serial); | |
17926a79 | 551 | |
248f219c DH |
552 | /* Just ignore BUSY packets from the server; the retry and |
553 | * lifespan timers will take care of business. BUSY packets | |
554 | * from the client don't make sense. | |
555 | */ | |
556 | break; | |
17926a79 | 557 | |
248f219c DH |
558 | case RXRPC_PACKET_TYPE_ABORT: |
559 | rxrpc_input_abort(call, skb); | |
560 | break; | |
17926a79 | 561 | |
248f219c DH |
562 | case RXRPC_PACKET_TYPE_ACKALL: |
563 | rxrpc_input_ackall(call, skb); | |
564 | break; | |
f5c17aae | 565 | |
248f219c DH |
566 | default: |
567 | _proto("Rx %s %%%u", rxrpc_pkts[sp->hdr.type], sp->hdr.serial); | |
568 | break; | |
17926a79 | 569 | } |
248f219c | 570 | |
17926a79 DH |
571 | _leave(""); |
572 | } | |
573 | ||
574 | /* | |
575 | * post connection-level events to the connection | |
18bfeba5 DH |
576 | * - this includes challenges, responses, some aborts and call terminal packet |
577 | * retransmission. | |
17926a79 | 578 | */ |
2e7e9758 | 579 | static void rxrpc_post_packet_to_conn(struct rxrpc_connection *conn, |
17926a79 DH |
580 | struct sk_buff *skb) |
581 | { | |
582 | _enter("%p,%p", conn, skb); | |
583 | ||
17926a79 | 584 | skb_queue_tail(&conn->rx_queue, skb); |
2e7e9758 | 585 | rxrpc_queue_conn(conn); |
17926a79 DH |
586 | } |
587 | ||
44ba0698 DH |
588 | /* |
589 | * post endpoint-level events to the local endpoint | |
590 | * - this includes debug and version messages | |
591 | */ | |
592 | static void rxrpc_post_packet_to_local(struct rxrpc_local *local, | |
593 | struct sk_buff *skb) | |
594 | { | |
595 | _enter("%p,%p", local, skb); | |
596 | ||
44ba0698 | 597 | skb_queue_tail(&local->event_queue, skb); |
5acbee46 | 598 | rxrpc_queue_local(local); |
44ba0698 DH |
599 | } |
600 | ||
248f219c DH |
601 | /* |
602 | * put a packet up for transport-level abort | |
603 | */ | |
604 | static void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb) | |
605 | { | |
606 | CHECK_SLAB_OKAY(&local->usage); | |
607 | ||
608 | skb_queue_tail(&local->reject_queue, skb); | |
609 | rxrpc_queue_local(local); | |
610 | } | |
611 | ||
0d12f8a4 DH |
612 | /* |
613 | * Extract the wire header from a packet and translate the byte order. | |
614 | */ | |
615 | static noinline | |
616 | int rxrpc_extract_header(struct rxrpc_skb_priv *sp, struct sk_buff *skb) | |
617 | { | |
618 | struct rxrpc_wire_header whdr; | |
619 | ||
620 | /* dig out the RxRPC connection details */ | |
4d0fc73e | 621 | if (skb_copy_bits(skb, 0, &whdr, sizeof(whdr)) < 0) |
0d12f8a4 | 622 | return -EBADMSG; |
0d12f8a4 DH |
623 | |
624 | memset(sp, 0, sizeof(*sp)); | |
625 | sp->hdr.epoch = ntohl(whdr.epoch); | |
626 | sp->hdr.cid = ntohl(whdr.cid); | |
627 | sp->hdr.callNumber = ntohl(whdr.callNumber); | |
628 | sp->hdr.seq = ntohl(whdr.seq); | |
629 | sp->hdr.serial = ntohl(whdr.serial); | |
630 | sp->hdr.flags = whdr.flags; | |
631 | sp->hdr.type = whdr.type; | |
632 | sp->hdr.userStatus = whdr.userStatus; | |
633 | sp->hdr.securityIndex = whdr.securityIndex; | |
634 | sp->hdr._rsvd = ntohs(whdr._rsvd); | |
635 | sp->hdr.serviceId = ntohs(whdr.serviceId); | |
248f219c | 636 | sp->offset = sizeof(whdr); |
0d12f8a4 DH |
637 | return 0; |
638 | } | |
639 | ||
17926a79 DH |
640 | /* |
641 | * handle data received on the local endpoint | |
642 | * - may be called in interrupt context | |
4f95dd78 DH |
643 | * |
644 | * The socket is locked by the caller and this prevents the socket from being | |
645 | * shut down and the local endpoint from going away, thus sk_user_data will not | |
646 | * be cleared until this function returns. | |
17926a79 | 647 | */ |
248f219c | 648 | void rxrpc_data_ready(struct sock *udp_sk) |
17926a79 | 649 | { |
8496af50 | 650 | struct rxrpc_connection *conn; |
248f219c DH |
651 | struct rxrpc_channel *chan; |
652 | struct rxrpc_call *call; | |
17926a79 | 653 | struct rxrpc_skb_priv *sp; |
248f219c | 654 | struct rxrpc_local *local = udp_sk->sk_user_data; |
17926a79 | 655 | struct sk_buff *skb; |
248f219c | 656 | unsigned int channel; |
563ea7d5 | 657 | int ret, skew; |
17926a79 | 658 | |
248f219c | 659 | _enter("%p", udp_sk); |
17926a79 DH |
660 | |
661 | ASSERT(!irqs_disabled()); | |
662 | ||
248f219c | 663 | skb = skb_recv_datagram(udp_sk, 0, 1, &ret); |
17926a79 | 664 | if (!skb) { |
17926a79 DH |
665 | if (ret == -EAGAIN) |
666 | return; | |
667 | _debug("UDP socket error %d", ret); | |
668 | return; | |
669 | } | |
670 | ||
671 | rxrpc_new_skb(skb); | |
672 | ||
673 | _net("recv skb %p", skb); | |
674 | ||
675 | /* we'll probably need to checksum it (didn't call sock_recvmsg) */ | |
676 | if (skb_checksum_complete(skb)) { | |
677 | rxrpc_free_skb(skb); | |
02c22347 | 678 | __UDP_INC_STATS(&init_net, UDP_MIB_INERRORS, 0); |
17926a79 DH |
679 | _leave(" [CSUM failed]"); |
680 | return; | |
681 | } | |
682 | ||
02c22347 | 683 | __UDP_INC_STATS(&init_net, UDP_MIB_INDATAGRAMS, 0); |
1781f7f5 | 684 | |
0d12f8a4 DH |
685 | /* The socket buffer we have is owned by UDP, with UDP's data all over |
686 | * it, but we really want our own data there. | |
687 | */ | |
17926a79 DH |
688 | skb_orphan(skb); |
689 | sp = rxrpc_skb(skb); | |
17926a79 DH |
690 | |
691 | _net("Rx UDP packet from %08x:%04hu", | |
692 | ntohl(ip_hdr(skb)->saddr), ntohs(udp_hdr(skb)->source)); | |
693 | ||
694 | /* dig out the RxRPC connection details */ | |
0d12f8a4 | 695 | if (rxrpc_extract_header(sp, skb) < 0) |
17926a79 | 696 | goto bad_message; |
49e19ec7 | 697 | trace_rxrpc_rx_packet(sp); |
17926a79 DH |
698 | |
699 | _net("Rx RxRPC %s ep=%x call=%x:%x", | |
700 | sp->hdr.flags & RXRPC_CLIENT_INITIATED ? "ToServer" : "ToClient", | |
0d12f8a4 | 701 | sp->hdr.epoch, sp->hdr.cid, sp->hdr.callNumber); |
17926a79 | 702 | |
351c1e64 DH |
703 | if (sp->hdr.type >= RXRPC_N_PACKET_TYPES || |
704 | !((RXRPC_SUPPORTED_PACKET_TYPES >> sp->hdr.type) & 1)) { | |
17926a79 DH |
705 | _proto("Rx Bad Packet Type %u", sp->hdr.type); |
706 | goto bad_message; | |
707 | } | |
708 | ||
248f219c DH |
709 | switch (sp->hdr.type) { |
710 | case RXRPC_PACKET_TYPE_VERSION: | |
44ba0698 DH |
711 | rxrpc_post_packet_to_local(local, skb); |
712 | goto out; | |
bc6e1ea3 | 713 | |
248f219c DH |
714 | case RXRPC_PACKET_TYPE_BUSY: |
715 | if (sp->hdr.flags & RXRPC_CLIENT_INITIATED) | |
716 | goto discard; | |
717 | ||
718 | case RXRPC_PACKET_TYPE_DATA: | |
719 | if (sp->hdr.callNumber == 0) | |
720 | goto bad_message; | |
721 | if (sp->hdr.flags & RXRPC_JUMBO_PACKET && | |
722 | !rxrpc_validate_jumbo(skb)) | |
723 | goto bad_message; | |
724 | break; | |
725 | } | |
17926a79 | 726 | |
8496af50 DH |
727 | rcu_read_lock(); |
728 | ||
8496af50 | 729 | conn = rxrpc_find_connection_rcu(local, skb); |
248f219c DH |
730 | if (conn) { |
731 | if (sp->hdr.securityIndex != conn->security_ix) | |
732 | goto wrong_security; | |
563ea7d5 | 733 | |
248f219c DH |
734 | if (sp->hdr.callNumber == 0) { |
735 | /* Connection-level packet */ | |
736 | _debug("CONN %p {%d}", conn, conn->debug_id); | |
737 | rxrpc_post_packet_to_conn(conn, skb); | |
738 | goto out_unlock; | |
739 | } | |
740 | ||
741 | /* Note the serial number skew here */ | |
742 | skew = (int)sp->hdr.serial - (int)conn->hi_serial; | |
743 | if (skew >= 0) { | |
744 | if (skew > 0) | |
745 | conn->hi_serial = sp->hdr.serial; | |
746 | } else { | |
747 | skew = -skew; | |
748 | skew = min(skew, 65535); | |
749 | } | |
17926a79 | 750 | |
8496af50 | 751 | /* Call-bound packets are routed by connection channel. */ |
248f219c DH |
752 | channel = sp->hdr.cid & RXRPC_CHANNELMASK; |
753 | chan = &conn->channels[channel]; | |
18bfeba5 DH |
754 | |
755 | /* Ignore really old calls */ | |
756 | if (sp->hdr.callNumber < chan->last_call) | |
757 | goto discard_unlock; | |
758 | ||
759 | if (sp->hdr.callNumber == chan->last_call) { | |
248f219c DH |
760 | /* For the previous service call, if completed successfully, we |
761 | * discard all further packets. | |
18bfeba5 | 762 | */ |
2266ffde | 763 | if (rxrpc_conn_is_service(conn) && |
18bfeba5 DH |
764 | (chan->last_type == RXRPC_PACKET_TYPE_ACK || |
765 | sp->hdr.type == RXRPC_PACKET_TYPE_ABORT)) | |
766 | goto discard_unlock; | |
767 | ||
248f219c DH |
768 | /* But otherwise we need to retransmit the final packet from |
769 | * data cached in the connection record. | |
18bfeba5 DH |
770 | */ |
771 | rxrpc_post_packet_to_conn(conn, skb); | |
772 | goto out_unlock; | |
773 | } | |
0d12f8a4 | 774 | |
18bfeba5 | 775 | call = rcu_dereference(chan->call); |
248f219c DH |
776 | } else { |
777 | skew = 0; | |
778 | call = NULL; | |
779 | } | |
8496af50 | 780 | |
248f219c DH |
781 | if (!call || atomic_read(&call->usage) == 0) { |
782 | if (!(sp->hdr.type & RXRPC_CLIENT_INITIATED) || | |
783 | sp->hdr.callNumber == 0 || | |
784 | sp->hdr.type != RXRPC_PACKET_TYPE_DATA) | |
785 | goto bad_message_unlock; | |
786 | if (sp->hdr.seq != 1) | |
787 | goto discard_unlock; | |
788 | call = rxrpc_new_incoming_call(local, conn, skb); | |
789 | if (!call) { | |
790 | rcu_read_unlock(); | |
791 | goto reject_packet; | |
792 | } | |
7727640c | 793 | } |
44ba0698 | 794 | |
248f219c DH |
795 | rxrpc_input_call_packet(call, skb, skew); |
796 | goto discard_unlock; | |
797 | ||
18bfeba5 | 798 | discard_unlock: |
8496af50 | 799 | rcu_read_unlock(); |
248f219c DH |
800 | discard: |
801 | rxrpc_free_skb(skb); | |
44ba0698 | 802 | out: |
49e19ec7 | 803 | trace_rxrpc_rx_done(0, 0); |
17926a79 DH |
804 | return; |
805 | ||
248f219c | 806 | out_unlock: |
8496af50 | 807 | rcu_read_unlock(); |
248f219c | 808 | goto out; |
8496af50 | 809 | |
248f219c DH |
810 | wrong_security: |
811 | rcu_read_unlock(); | |
812 | trace_rxrpc_abort("SEC", sp->hdr.cid, sp->hdr.callNumber, sp->hdr.seq, | |
813 | RXKADINCONSISTENCY, EBADMSG); | |
814 | skb->priority = RXKADINCONSISTENCY; | |
815 | goto post_abort; | |
17926a79 | 816 | |
248f219c DH |
817 | bad_message_unlock: |
818 | rcu_read_unlock(); | |
17926a79 | 819 | bad_message: |
248f219c DH |
820 | trace_rxrpc_abort("BAD", sp->hdr.cid, sp->hdr.callNumber, sp->hdr.seq, |
821 | RX_PROTOCOL_ERROR, EBADMSG); | |
17926a79 | 822 | skb->priority = RX_PROTOCOL_ERROR; |
248f219c DH |
823 | post_abort: |
824 | skb->mark = RXRPC_SKB_MARK_LOCAL_ABORT; | |
49e19ec7 DH |
825 | reject_packet: |
826 | trace_rxrpc_rx_done(skb->mark, skb->priority); | |
17926a79 | 827 | rxrpc_reject_packet(local, skb); |
17926a79 DH |
828 | _leave(" [badmsg]"); |
829 | } |