1/* incoming call handling 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12#include <linux/module.h> 13#include <linux/net.h> 14#include <linux/skbuff.h> 15#include <linux/errqueue.h> 16#include <linux/udp.h> 17#include <linux/in.h> 18#include <linux/in6.h> 19#include <linux/icmp.h> 20#include <linux/gfp.h> 21#include <net/sock.h> 22#include <net/af_rxrpc.h> 23#include <net/ip.h> 24#include "ar-internal.h" 25 26/* 27 * generate a connection-level abort 28 */ 29static int rxrpc_busy(struct rxrpc_local *local, struct sockaddr_rxrpc *srx, 30 struct rxrpc_header *hdr) 31{ 32 struct msghdr msg; 33 struct kvec iov[1]; 34 size_t len; 35 int ret; 36 37 _enter("%d,,", local->debug_id); 38 39 msg.msg_name = &srx->transport.sin; 40 msg.msg_namelen = sizeof(srx->transport.sin); 41 msg.msg_control = NULL; 42 msg.msg_controllen = 0; 43 msg.msg_flags = 0; 44 45 hdr->seq = 0; 46 hdr->type = RXRPC_PACKET_TYPE_BUSY; 47 hdr->flags = 0; 48 hdr->userStatus = 0; 49 hdr->_rsvd = 0; 50 51 iov[0].iov_base = hdr; 52 iov[0].iov_len = sizeof(*hdr); 53 54 len = iov[0].iov_len; 55 56 hdr->serial = htonl(1); 57 _proto("Tx BUSY %%%u", ntohl(hdr->serial)); 58 59 ret = kernel_sendmsg(local->socket, &msg, iov, 1, len); 60 if (ret < 0) { 61 _leave(" = -EAGAIN [sendmsg failed: %d]", ret); 62 return -EAGAIN; 63 } 64 65 _leave(" = 0"); 66 return 0; 67} 68 69/* 70 * accept an incoming call that needs peer, transport and/or connection setting 71 * up 72 */ 73static int rxrpc_accept_incoming_call(struct rxrpc_local *local, 74 struct rxrpc_sock *rx, 75 struct sk_buff *skb, 76 struct sockaddr_rxrpc *srx) 77{ 78 struct rxrpc_connection *conn; 79 struct rxrpc_transport *trans; 80 struct rxrpc_skb_priv *sp, *nsp; 81 struct rxrpc_peer *peer; 82 struct rxrpc_call *call; 83 struct sk_buff *notification; 84 int ret; 85 86 _enter(""); 87 88 sp = rxrpc_skb(skb); 89 90 /* get a notification message to send to the server app */ 91 notification = alloc_skb(0, GFP_NOFS); 92 if (!notification) { 93 _debug("no memory"); 94 ret = -ENOMEM; 95 goto error_nofree; 96 } 97 rxrpc_new_skb(notification); 98 notification->mark = RXRPC_SKB_MARK_NEW_CALL; 99 100 peer = rxrpc_get_peer(srx, GFP_NOIO); 101 if (IS_ERR(peer)) { 102 _debug("no peer"); 103 ret = -EBUSY; 104 goto error; 105 } 106 107 trans = rxrpc_get_transport(local, peer, GFP_NOIO); 108 rxrpc_put_peer(peer); 109 if (IS_ERR(trans)) { 110 _debug("no trans"); 111 ret = -EBUSY; 112 goto error; 113 } 114 115 conn = rxrpc_incoming_connection(trans, &sp->hdr, GFP_NOIO); 116 rxrpc_put_transport(trans); 117 if (IS_ERR(conn)) { 118 _debug("no conn"); 119 ret = PTR_ERR(conn); 120 goto error; 121 } 122 123 call = rxrpc_incoming_call(rx, conn, &sp->hdr, GFP_NOIO); 124 rxrpc_put_connection(conn); 125 if (IS_ERR(call)) { 126 _debug("no call"); 127 ret = PTR_ERR(call); 128 goto error; 129 } 130 131 /* attach the call to the socket */ 132 read_lock_bh(&local->services_lock); 133 if (rx->sk.sk_state == RXRPC_CLOSE) 134 goto invalid_service; 135 136 write_lock(&rx->call_lock); 137 if (!test_and_set_bit(RXRPC_CALL_INIT_ACCEPT, &call->flags)) { 138 rxrpc_get_call(call); 139 140 spin_lock(&call->conn->state_lock); 141 if (sp->hdr.securityIndex > 0 && 142 call->conn->state == RXRPC_CONN_SERVER_UNSECURED) { 143 _debug("await conn sec"); 144 list_add_tail(&call->accept_link, &rx->secureq); 145 call->conn->state = RXRPC_CONN_SERVER_CHALLENGING; 146 atomic_inc(&call->conn->usage); 147 set_bit(RXRPC_CONN_CHALLENGE, &call->conn->events); 148 rxrpc_queue_conn(call->conn); 149 } else { 150 _debug("conn ready"); 151 call->state = RXRPC_CALL_SERVER_ACCEPTING; 152 list_add_tail(&call->accept_link, &rx->acceptq); 153 rxrpc_get_call(call); 154 nsp = rxrpc_skb(notification); 155 nsp->call = call; 156 157 ASSERTCMP(atomic_read(&call->usage), >=, 3); 158 159 _debug("notify"); 160 spin_lock(&call->lock); 161 ret = rxrpc_queue_rcv_skb(call, notification, true, 162 false); 163 spin_unlock(&call->lock); 164 notification = NULL; 165 BUG_ON(ret < 0); 166 } 167 spin_unlock(&call->conn->state_lock); 168 169 _debug("queued"); 170 } 171 write_unlock(&rx->call_lock); 172 173 _debug("process"); 174 rxrpc_fast_process_packet(call, skb); 175 176 _debug("done"); 177 read_unlock_bh(&local->services_lock); 178 rxrpc_free_skb(notification); 179 rxrpc_put_call(call); 180 _leave(" = 0"); 181 return 0; 182 183invalid_service: 184 _debug("invalid"); 185 read_unlock_bh(&local->services_lock); 186 187 read_lock_bh(&call->state_lock); 188 if (!test_bit(RXRPC_CALL_RELEASE, &call->flags) && 189 !test_and_set_bit(RXRPC_CALL_RELEASE, &call->events)) { 190 rxrpc_get_call(call); 191 rxrpc_queue_call(call); 192 } 193 read_unlock_bh(&call->state_lock); 194 rxrpc_put_call(call); 195 ret = -ECONNREFUSED; 196error: 197 rxrpc_free_skb(notification); 198error_nofree: 199 _leave(" = %d", ret); 200 return ret; 201} 202 203/* 204 * accept incoming calls that need peer, transport and/or connection setting up 205 * - the packets we get are all incoming client DATA packets that have seq == 1 206 */ 207void rxrpc_accept_incoming_calls(struct work_struct *work) 208{ 209 struct rxrpc_local *local = 210 container_of(work, struct rxrpc_local, acceptor); 211 struct rxrpc_skb_priv *sp; 212 struct sockaddr_rxrpc srx; 213 struct rxrpc_sock *rx; 214 struct sk_buff *skb; 215 __be16 service_id; 216 int ret; 217 218 _enter("%d", local->debug_id); 219 220 read_lock_bh(&rxrpc_local_lock); 221 if (atomic_read(&local->usage) > 0) 222 rxrpc_get_local(local); 223 else 224 local = NULL; 225 read_unlock_bh(&rxrpc_local_lock); 226 if (!local) { 227 _leave(" [local dead]"); 228 return; 229 } 230 231process_next_packet: 232 skb = skb_dequeue(&local->accept_queue); 233 if (!skb) { 234 rxrpc_put_local(local); 235 _leave("\n"); 236 return; 237 } 238 239 _net("incoming call skb %p", skb); 240 241 sp = rxrpc_skb(skb); 242 243 /* determine the remote address */ 244 memset(&srx, 0, sizeof(srx)); 245 srx.srx_family = AF_RXRPC; 246 srx.transport.family = local->srx.transport.family; 247 srx.transport_type = local->srx.transport_type; 248 switch (srx.transport.family) { 249 case AF_INET: 250 srx.transport_len = sizeof(struct sockaddr_in); 251 srx.transport.sin.sin_port = udp_hdr(skb)->source; 252 srx.transport.sin.sin_addr.s_addr = ip_hdr(skb)->saddr; 253 break; 254 default: 255 goto busy; 256 } 257 258 /* get the socket providing the service */ 259 service_id = sp->hdr.serviceId; 260 read_lock_bh(&local->services_lock); 261 list_for_each_entry(rx, &local->services, listen_link) { 262 if (rx->service_id == service_id && 263 rx->sk.sk_state != RXRPC_CLOSE) 264 goto found_service; 265 } 266 read_unlock_bh(&local->services_lock); 267 goto invalid_service; 268 269found_service: 270 _debug("found service %hd", ntohs(rx->service_id)); 271 if (sk_acceptq_is_full(&rx->sk)) 272 goto backlog_full; 273 sk_acceptq_added(&rx->sk); 274 sock_hold(&rx->sk); 275 read_unlock_bh(&local->services_lock); 276 277 ret = rxrpc_accept_incoming_call(local, rx, skb, &srx); 278 if (ret < 0) 279 sk_acceptq_removed(&rx->sk); 280 sock_put(&rx->sk); 281 switch (ret) { 282 case -ECONNRESET: /* old calls are ignored */ 283 case -ECONNABORTED: /* aborted calls are reaborted or ignored */ 284 case 0: 285 goto process_next_packet; 286 case -ECONNREFUSED: 287 goto invalid_service; 288 case -EBUSY: 289 goto busy; 290 case -EKEYREJECTED: 291 goto security_mismatch; 292 default: 293 BUG(); 294 } 295 296backlog_full: 297 read_unlock_bh(&local->services_lock); 298busy: 299 rxrpc_busy(local, &srx, &sp->hdr); 300 rxrpc_free_skb(skb); 301 goto process_next_packet; 302 303invalid_service: 304 skb->priority = RX_INVALID_OPERATION; 305 rxrpc_reject_packet(local, skb); 306 goto process_next_packet; 307 308 /* can't change connection security type mid-flow */ 309security_mismatch: 310 skb->priority = RX_PROTOCOL_ERROR; 311 rxrpc_reject_packet(local, skb); 312 goto process_next_packet; 313} 314 315/* 316 * handle acceptance of a call by userspace 317 * - assign the user call ID to the call at the front of the queue 318 */ 319struct rxrpc_call *rxrpc_accept_call(struct rxrpc_sock *rx, 320 unsigned long user_call_ID) 321{ 322 struct rxrpc_call *call; 323 struct rb_node *parent, **pp; 324 int ret; 325 326 _enter(",%lx", user_call_ID); 327 328 ASSERT(!irqs_disabled()); 329 330 write_lock(&rx->call_lock); 331 332 ret = -ENODATA; 333 if (list_empty(&rx->acceptq)) 334 goto out; 335 336 /* check the user ID isn't already in use */ 337 ret = -EBADSLT; 338 pp = &rx->calls.rb_node; 339 parent = NULL; 340 while (*pp) { 341 parent = *pp; 342 call = rb_entry(parent, struct rxrpc_call, sock_node); 343 344 if (user_call_ID < call->user_call_ID) 345 pp = &(*pp)->rb_left; 346 else if (user_call_ID > call->user_call_ID) 347 pp = &(*pp)->rb_right; 348 else 349 goto out; 350 } 351 352 /* dequeue the first call and check it's still valid */ 353 call = list_entry(rx->acceptq.next, struct rxrpc_call, accept_link); 354 list_del_init(&call->accept_link); 355 sk_acceptq_removed(&rx->sk); 356 357 write_lock_bh(&call->state_lock); 358 switch (call->state) { 359 case RXRPC_CALL_SERVER_ACCEPTING: 360 call->state = RXRPC_CALL_SERVER_RECV_REQUEST; 361 break; 362 case RXRPC_CALL_REMOTELY_ABORTED: 363 case RXRPC_CALL_LOCALLY_ABORTED: 364 ret = -ECONNABORTED; 365 goto out_release; 366 case RXRPC_CALL_NETWORK_ERROR: 367 ret = call->conn->error; 368 goto out_release; 369 case RXRPC_CALL_DEAD: 370 ret = -ETIME; 371 goto out_discard; 372 default: 373 BUG(); 374 } 375 376 /* formalise the acceptance */ 377 call->user_call_ID = user_call_ID; 378 rb_link_node(&call->sock_node, parent, pp); 379 rb_insert_color(&call->sock_node, &rx->calls); 380 if (test_and_set_bit(RXRPC_CALL_HAS_USERID, &call->flags)) 381 BUG(); 382 if (test_and_set_bit(RXRPC_CALL_ACCEPTED, &call->events)) 383 BUG(); 384 rxrpc_queue_call(call); 385 386 rxrpc_get_call(call); 387 write_unlock_bh(&call->state_lock); 388 write_unlock(&rx->call_lock); 389 _leave(" = %p{%d}", call, call->debug_id); 390 return call; 391 392 /* if the call is already dying or dead, then we leave the socket's ref 393 * on it to be released by rxrpc_dead_call_expired() as induced by 394 * rxrpc_release_call() */ 395out_release: 396 _debug("release %p", call); 397 if (!test_bit(RXRPC_CALL_RELEASED, &call->flags) && 398 !test_and_set_bit(RXRPC_CALL_RELEASE, &call->events)) 399 rxrpc_queue_call(call); 400out_discard: 401 write_unlock_bh(&call->state_lock); 402 _debug("discard %p", call); 403out: 404 write_unlock(&rx->call_lock); 405 _leave(" = %d", ret); 406 return ERR_PTR(ret); 407} 408 409/* 410 * handle rejectance of a call by userspace 411 * - reject the call at the front of the queue 412 */ 413int rxrpc_reject_call(struct rxrpc_sock *rx) 414{ 415 struct rxrpc_call *call; 416 int ret; 417 418 _enter(""); 419 420 ASSERT(!irqs_disabled()); 421 422 write_lock(&rx->call_lock); 423 424 ret = -ENODATA; 425 if (list_empty(&rx->acceptq)) 426 goto out; 427 428 /* dequeue the first call and check it's still valid */ 429 call = list_entry(rx->acceptq.next, struct rxrpc_call, accept_link); 430 list_del_init(&call->accept_link); 431 sk_acceptq_removed(&rx->sk); 432 433 write_lock_bh(&call->state_lock); 434 switch (call->state) { 435 case RXRPC_CALL_SERVER_ACCEPTING: 436 call->state = RXRPC_CALL_SERVER_BUSY; 437 if (test_and_set_bit(RXRPC_CALL_REJECT_BUSY, &call->events)) 438 rxrpc_queue_call(call); 439 ret = 0; 440 goto out_release; 441 case RXRPC_CALL_REMOTELY_ABORTED: 442 case RXRPC_CALL_LOCALLY_ABORTED: 443 ret = -ECONNABORTED; 444 goto out_release; 445 case RXRPC_CALL_NETWORK_ERROR: 446 ret = call->conn->error; 447 goto out_release; 448 case RXRPC_CALL_DEAD: 449 ret = -ETIME; 450 goto out_discard; 451 default: 452 BUG(); 453 } 454 455 /* if the call is already dying or dead, then we leave the socket's ref 456 * on it to be released by rxrpc_dead_call_expired() as induced by 457 * rxrpc_release_call() */ 458out_release: 459 _debug("release %p", call); 460 if (!test_bit(RXRPC_CALL_RELEASED, &call->flags) && 461 !test_and_set_bit(RXRPC_CALL_RELEASE, &call->events)) 462 rxrpc_queue_call(call); 463out_discard: 464 write_unlock_bh(&call->state_lock); 465 _debug("discard %p", call); 466out: 467 write_unlock(&rx->call_lock); 468 _leave(" = %d", ret); 469 return ret; 470} 471 472/** 473 * rxrpc_kernel_accept_call - Allow a kernel service to accept an incoming call 474 * @sock: The socket on which the impending call is waiting 475 * @user_call_ID: The tag to attach to the call 476 * 477 * Allow a kernel service to accept an incoming call, assuming the incoming 478 * call is still valid. 479 */ 480struct rxrpc_call *rxrpc_kernel_accept_call(struct socket *sock, 481 unsigned long user_call_ID) 482{ 483 struct rxrpc_call *call; 484 485 _enter(",%lx", user_call_ID); 486 call = rxrpc_accept_call(rxrpc_sk(sock->sk), user_call_ID); 487 _leave(" = %p", call); 488 return call; 489} 490 491EXPORT_SYMBOL(rxrpc_kernel_accept_call); 492 493/** 494 * rxrpc_kernel_reject_call - Allow a kernel service to reject an incoming call 495 * @sock: The socket on which the impending call is waiting 496 * 497 * Allow a kernel service to reject an incoming call with a BUSY message, 498 * assuming the incoming call is still valid. 499 */ 500int rxrpc_kernel_reject_call(struct socket *sock) 501{ 502 int ret; 503 504 _enter(""); 505 ret = rxrpc_reject_call(rxrpc_sk(sock->sk)); 506 _leave(" = %d", ret); 507 return ret; 508} 509 510EXPORT_SYMBOL(rxrpc_kernel_reject_call); 511