tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/* incoming call handling
2 *
3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#include <linux/module.h>
13#include <linux/net.h>
14#include <linux/skbuff.h>
15#include <linux/errqueue.h>
16#include <linux/udp.h>
17#include <linux/in.h>
18#include <linux/in6.h>
19#include <linux/icmp.h>
20#include <linux/gfp.h>
21#include <net/sock.h>
22#include <net/af_rxrpc.h>
23#include <net/ip.h>
24#include "ar-internal.h"
25
26/*
27 * generate a connection-level abort
28 */
29static int rxrpc_busy(struct rxrpc_local *local, struct sockaddr_rxrpc *srx,
30 struct rxrpc_wire_header *whdr)
31{
32 struct msghdr msg;
33 struct kvec iov[1];
34 size_t len;
35 int ret;
36
37 _enter("%d,,", local->debug_id);
38
39 whdr->type = RXRPC_PACKET_TYPE_BUSY;
40 whdr->serial = htonl(1);
41
42 msg.msg_name = &srx->transport.sin;
43 msg.msg_namelen = sizeof(srx->transport.sin);
44 msg.msg_control = NULL;
45 msg.msg_controllen = 0;
46 msg.msg_flags = 0;
47
48 iov[0].iov_base = whdr;
49 iov[0].iov_len = sizeof(*whdr);
50
51 len = iov[0].iov_len;
52
53 _proto("Tx BUSY %%1");
54
55 ret = kernel_sendmsg(local->socket, &msg, iov, 1, len);
56 if (ret < 0) {
57 _leave(" = -EAGAIN [sendmsg failed: %d]", ret);
58 return -EAGAIN;
59 }
60
61 _leave(" = 0");
62 return 0;
63}
64
65/*
66 * accept an incoming call that needs peer, transport and/or connection setting
67 * up
68 */
69static int rxrpc_accept_incoming_call(struct rxrpc_local *local,
70 struct rxrpc_sock *rx,
71 struct sk_buff *skb,
72 struct sockaddr_rxrpc *srx)
73{
74 struct rxrpc_connection *conn;
75 struct rxrpc_transport *trans;
76 struct rxrpc_skb_priv *sp, *nsp;
77 struct rxrpc_peer *peer;
78 struct rxrpc_call *call;
79 struct sk_buff *notification;
80 int ret;
81
82 _enter("");
83
84 sp = rxrpc_skb(skb);
85
86 /* get a notification message to send to the server app */
87 notification = alloc_skb(0, GFP_NOFS);
88 if (!notification) {
89 _debug("no memory");
90 ret = -ENOMEM;
91 goto error_nofree;
92 }
93 rxrpc_new_skb(notification);
94 notification->mark = RXRPC_SKB_MARK_NEW_CALL;
95
96 peer = rxrpc_get_peer(srx, GFP_NOIO);
97 if (IS_ERR(peer)) {
98 _debug("no peer");
99 ret = -EBUSY;
100 goto error;
101 }
102
103 trans = rxrpc_get_transport(local, peer, GFP_NOIO);
104 rxrpc_put_peer(peer);
105 if (IS_ERR(trans)) {
106 _debug("no trans");
107 ret = -EBUSY;
108 goto error;
109 }
110
111 conn = rxrpc_incoming_connection(trans, &sp->hdr);
112 rxrpc_put_transport(trans);
113 if (IS_ERR(conn)) {
114 _debug("no conn");
115 ret = PTR_ERR(conn);
116 goto error;
117 }
118
119 call = rxrpc_incoming_call(rx, conn, &sp->hdr);
120 rxrpc_put_connection(conn);
121 if (IS_ERR(call)) {
122 _debug("no call");
123 ret = PTR_ERR(call);
124 goto error;
125 }
126
127 /* attach the call to the socket */
128 read_lock_bh(&local->services_lock);
129 if (rx->sk.sk_state == RXRPC_CLOSE)
130 goto invalid_service;
131
132 write_lock(&rx->call_lock);
133 if (!test_and_set_bit(RXRPC_CALL_INIT_ACCEPT, &call->flags)) {
134 rxrpc_get_call(call);
135
136 spin_lock(&call->conn->state_lock);
137 if (sp->hdr.securityIndex > 0 &&
138 call->conn->state == RXRPC_CONN_SERVER_UNSECURED) {
139 _debug("await conn sec");
140 list_add_tail(&call->accept_link, &rx->secureq);
141 call->conn->state = RXRPC_CONN_SERVER_CHALLENGING;
142 atomic_inc(&call->conn->usage);
143 set_bit(RXRPC_CONN_CHALLENGE, &call->conn->events);
144 rxrpc_queue_conn(call->conn);
145 } else {
146 _debug("conn ready");
147 call->state = RXRPC_CALL_SERVER_ACCEPTING;
148 list_add_tail(&call->accept_link, &rx->acceptq);
149 rxrpc_get_call(call);
150 nsp = rxrpc_skb(notification);
151 nsp->call = call;
152
153 ASSERTCMP(atomic_read(&call->usage), >=, 3);
154
155 _debug("notify");
156 spin_lock(&call->lock);
157 ret = rxrpc_queue_rcv_skb(call, notification, true,
158 false);
159 spin_unlock(&call->lock);
160 notification = NULL;
161 BUG_ON(ret < 0);
162 }
163 spin_unlock(&call->conn->state_lock);
164
165 _debug("queued");
166 }
167 write_unlock(&rx->call_lock);
168
169 _debug("process");
170 rxrpc_fast_process_packet(call, skb);
171
172 _debug("done");
173 read_unlock_bh(&local->services_lock);
174 rxrpc_free_skb(notification);
175 rxrpc_put_call(call);
176 _leave(" = 0");
177 return 0;
178
179invalid_service:
180 _debug("invalid");
181 read_unlock_bh(&local->services_lock);
182
183 read_lock_bh(&call->state_lock);
184 if (!test_bit(RXRPC_CALL_RELEASED, &call->flags) &&
185 !test_and_set_bit(RXRPC_CALL_EV_RELEASE, &call->events)) {
186 rxrpc_get_call(call);
187 rxrpc_queue_call(call);
188 }
189 read_unlock_bh(&call->state_lock);
190 rxrpc_put_call(call);
191 ret = -ECONNREFUSED;
192error:
193 rxrpc_free_skb(notification);
194error_nofree:
195 _leave(" = %d", ret);
196 return ret;
197}
198
199/*
200 * accept incoming calls that need peer, transport and/or connection setting up
201 * - the packets we get are all incoming client DATA packets that have seq == 1
202 */
203void rxrpc_accept_incoming_calls(struct work_struct *work)
204{
205 struct rxrpc_local *local =
206 container_of(work, struct rxrpc_local, acceptor);
207 struct rxrpc_skb_priv *sp;
208 struct sockaddr_rxrpc srx;
209 struct rxrpc_sock *rx;
210 struct rxrpc_wire_header whdr;
211 struct sk_buff *skb;
212 int ret;
213
214 _enter("%d", local->debug_id);
215
216 read_lock_bh(&rxrpc_local_lock);
217 if (atomic_read(&local->usage) > 0)
218 rxrpc_get_local(local);
219 else
220 local = NULL;
221 read_unlock_bh(&rxrpc_local_lock);
222 if (!local) {
223 _leave(" [local dead]");
224 return;
225 }
226
227process_next_packet:
228 skb = skb_dequeue(&local->accept_queue);
229 if (!skb) {
230 rxrpc_put_local(local);
231 _leave("\n");
232 return;
233 }
234
235 _net("incoming call skb %p", skb);
236
237 sp = rxrpc_skb(skb);
238
239 /* Set up a response packet header in case we need it */
240 whdr.epoch = htonl(sp->hdr.epoch);
241 whdr.cid = htonl(sp->hdr.cid);
242 whdr.callNumber = htonl(sp->hdr.callNumber);
243 whdr.seq = htonl(sp->hdr.seq);
244 whdr.serial = 0;
245 whdr.flags = 0;
246 whdr.type = 0;
247 whdr.userStatus = 0;
248 whdr.securityIndex = sp->hdr.securityIndex;
249 whdr._rsvd = 0;
250 whdr.serviceId = htons(sp->hdr.serviceId);
251
252 /* determine the remote address */
253 memset(&srx, 0, sizeof(srx));
254 srx.srx_family = AF_RXRPC;
255 srx.transport.family = local->srx.transport.family;
256 srx.transport_type = local->srx.transport_type;
257 switch (srx.transport.family) {
258 case AF_INET:
259 srx.transport_len = sizeof(struct sockaddr_in);
260 srx.transport.sin.sin_port = udp_hdr(skb)->source;
261 srx.transport.sin.sin_addr.s_addr = ip_hdr(skb)->saddr;
262 break;
263 default:
264 goto busy;
265 }
266
267 /* get the socket providing the service */
268 read_lock_bh(&local->services_lock);
269 list_for_each_entry(rx, &local->services, listen_link) {
270 if (rx->srx.srx_service == sp->hdr.serviceId &&
271 rx->sk.sk_state != RXRPC_CLOSE)
272 goto found_service;
273 }
274 read_unlock_bh(&local->services_lock);
275 goto invalid_service;
276
277found_service:
278 _debug("found service %hd", rx->srx.srx_service);
279 if (sk_acceptq_is_full(&rx->sk))
280 goto backlog_full;
281 sk_acceptq_added(&rx->sk);
282 sock_hold(&rx->sk);
283 read_unlock_bh(&local->services_lock);
284
285 ret = rxrpc_accept_incoming_call(local, rx, skb, &srx);
286 if (ret < 0)
287 sk_acceptq_removed(&rx->sk);
288 sock_put(&rx->sk);
289 switch (ret) {
290 case -ECONNRESET: /* old calls are ignored */
291 case -ECONNABORTED: /* aborted calls are reaborted or ignored */
292 case 0:
293 goto process_next_packet;
294 case -ECONNREFUSED:
295 goto invalid_service;
296 case -EBUSY:
297 goto busy;
298 case -EKEYREJECTED:
299 goto security_mismatch;
300 default:
301 BUG();
302 }
303
304backlog_full:
305 read_unlock_bh(&local->services_lock);
306busy:
307 rxrpc_busy(local, &srx, &whdr);
308 rxrpc_free_skb(skb);
309 goto process_next_packet;
310
311invalid_service:
312 skb->priority = RX_INVALID_OPERATION;
313 rxrpc_reject_packet(local, skb);
314 goto process_next_packet;
315
316 /* can't change connection security type mid-flow */
317security_mismatch:
318 skb->priority = RX_PROTOCOL_ERROR;
319 rxrpc_reject_packet(local, skb);
320 goto process_next_packet;
321}
322
323/*
324 * handle acceptance of a call by userspace
325 * - assign the user call ID to the call at the front of the queue
326 */
327struct rxrpc_call *rxrpc_accept_call(struct rxrpc_sock *rx,
328 unsigned long user_call_ID)
329{
330 struct rxrpc_call *call;
331 struct rb_node *parent, **pp;
332 int ret;
333
334 _enter(",%lx", user_call_ID);
335
336 ASSERT(!irqs_disabled());
337
338 write_lock(&rx->call_lock);
339
340 ret = -ENODATA;
341 if (list_empty(&rx->acceptq))
342 goto out;
343
344 /* check the user ID isn't already in use */
345 ret = -EBADSLT;
346 pp = &rx->calls.rb_node;
347 parent = NULL;
348 while (*pp) {
349 parent = *pp;
350 call = rb_entry(parent, struct rxrpc_call, sock_node);
351
352 if (user_call_ID < call->user_call_ID)
353 pp = &(*pp)->rb_left;
354 else if (user_call_ID > call->user_call_ID)
355 pp = &(*pp)->rb_right;
356 else
357 goto out;
358 }
359
360 /* dequeue the first call and check it's still valid */
361 call = list_entry(rx->acceptq.next, struct rxrpc_call, accept_link);
362 list_del_init(&call->accept_link);
363 sk_acceptq_removed(&rx->sk);
364
365 write_lock_bh(&call->state_lock);
366 switch (call->state) {
367 case RXRPC_CALL_SERVER_ACCEPTING:
368 call->state = RXRPC_CALL_SERVER_RECV_REQUEST;
369 break;
370 case RXRPC_CALL_REMOTELY_ABORTED:
371 case RXRPC_CALL_LOCALLY_ABORTED:
372 ret = -ECONNABORTED;
373 goto out_release;
374 case RXRPC_CALL_NETWORK_ERROR:
375 ret = call->conn->error;
376 goto out_release;
377 case RXRPC_CALL_DEAD:
378 ret = -ETIME;
379 goto out_discard;
380 default:
381 BUG();
382 }
383
384 /* formalise the acceptance */
385 call->user_call_ID = user_call_ID;
386 rb_link_node(&call->sock_node, parent, pp);
387 rb_insert_color(&call->sock_node, &rx->calls);
388 if (test_and_set_bit(RXRPC_CALL_HAS_USERID, &call->flags))
389 BUG();
390 if (test_and_set_bit(RXRPC_CALL_EV_ACCEPTED, &call->events))
391 BUG();
392 rxrpc_queue_call(call);
393
394 rxrpc_get_call(call);
395 write_unlock_bh(&call->state_lock);
396 write_unlock(&rx->call_lock);
397 _leave(" = %p{%d}", call, call->debug_id);
398 return call;
399
400 /* if the call is already dying or dead, then we leave the socket's ref
401 * on it to be released by rxrpc_dead_call_expired() as induced by
402 * rxrpc_release_call() */
403out_release:
404 _debug("release %p", call);
405 if (!test_bit(RXRPC_CALL_RELEASED, &call->flags) &&
406 !test_and_set_bit(RXRPC_CALL_EV_RELEASE, &call->events))
407 rxrpc_queue_call(call);
408out_discard:
409 write_unlock_bh(&call->state_lock);
410 _debug("discard %p", call);
411out:
412 write_unlock(&rx->call_lock);
413 _leave(" = %d", ret);
414 return ERR_PTR(ret);
415}
416
417/*
418 * Handle rejection of a call by userspace
419 * - reject the call at the front of the queue
420 */
421int rxrpc_reject_call(struct rxrpc_sock *rx)
422{
423 struct rxrpc_call *call;
424 int ret;
425
426 _enter("");
427
428 ASSERT(!irqs_disabled());
429
430 write_lock(&rx->call_lock);
431
432 ret = -ENODATA;
433 if (list_empty(&rx->acceptq))
434 goto out;
435
436 /* dequeue the first call and check it's still valid */
437 call = list_entry(rx->acceptq.next, struct rxrpc_call, accept_link);
438 list_del_init(&call->accept_link);
439 sk_acceptq_removed(&rx->sk);
440
441 write_lock_bh(&call->state_lock);
442 switch (call->state) {
443 case RXRPC_CALL_SERVER_ACCEPTING:
444 call->state = RXRPC_CALL_SERVER_BUSY;
445 if (test_and_set_bit(RXRPC_CALL_EV_REJECT_BUSY, &call->events))
446 rxrpc_queue_call(call);
447 ret = 0;
448 goto out_release;
449 case RXRPC_CALL_REMOTELY_ABORTED:
450 case RXRPC_CALL_LOCALLY_ABORTED:
451 ret = -ECONNABORTED;
452 goto out_release;
453 case RXRPC_CALL_NETWORK_ERROR:
454 ret = call->conn->error;
455 goto out_release;
456 case RXRPC_CALL_DEAD:
457 ret = -ETIME;
458 goto out_discard;
459 default:
460 BUG();
461 }
462
463 /* if the call is already dying or dead, then we leave the socket's ref
464 * on it to be released by rxrpc_dead_call_expired() as induced by
465 * rxrpc_release_call() */
466out_release:
467 _debug("release %p", call);
468 if (!test_bit(RXRPC_CALL_RELEASED, &call->flags) &&
469 !test_and_set_bit(RXRPC_CALL_EV_RELEASE, &call->events))
470 rxrpc_queue_call(call);
471out_discard:
472 write_unlock_bh(&call->state_lock);
473 _debug("discard %p", call);
474out:
475 write_unlock(&rx->call_lock);
476 _leave(" = %d", ret);
477 return ret;
478}
479
480/**
481 * rxrpc_kernel_accept_call - Allow a kernel service to accept an incoming call
482 * @sock: The socket on which the impending call is waiting
483 * @user_call_ID: The tag to attach to the call
484 *
485 * Allow a kernel service to accept an incoming call, assuming the incoming
486 * call is still valid.
487 */
488struct rxrpc_call *rxrpc_kernel_accept_call(struct socket *sock,
489 unsigned long user_call_ID)
490{
491 struct rxrpc_call *call;
492
493 _enter(",%lx", user_call_ID);
494 call = rxrpc_accept_call(rxrpc_sk(sock->sk), user_call_ID);
495 _leave(" = %p", call);
496 return call;
497}
498EXPORT_SYMBOL(rxrpc_kernel_accept_call);
499
500/**
501 * rxrpc_kernel_reject_call - Allow a kernel service to reject an incoming call
502 * @sock: The socket on which the impending call is waiting
503 *
504 * Allow a kernel service to reject an incoming call with a BUSY message,
505 * assuming the incoming call is still valid.
506 */
507int rxrpc_kernel_reject_call(struct socket *sock)
508{
509 int ret;
510
511 _enter("");
512 ret = rxrpc_reject_call(rxrpc_sk(sock->sk));
513 _leave(" = %d", ret);
514 return ret;
515}
516EXPORT_SYMBOL(rxrpc_kernel_reject_call);