1/* incoming call handling 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12#include <linux/module.h> 13#include <linux/net.h> 14#include <linux/skbuff.h> 15#include <linux/errqueue.h> 16#include <linux/udp.h> 17#include <linux/in.h> 18#include <linux/in6.h> 19#include <linux/icmp.h> 20#include <net/sock.h> 21#include <net/af_rxrpc.h> 22#include <net/ip.h> 23#include "ar-internal.h" 24 25/* 26 * generate a connection-level abort 27 */ 28static int rxrpc_busy(struct rxrpc_local *local, struct sockaddr_rxrpc *srx, 29 struct rxrpc_header *hdr) 30{ 31 struct msghdr msg; 32 struct kvec iov[1]; 33 size_t len; 34 int ret; 35 36 _enter("%d,,", local->debug_id); 37 38 msg.msg_name = &srx->transport.sin; 39 msg.msg_namelen = sizeof(srx->transport.sin); 40 msg.msg_control = NULL; 41 msg.msg_controllen = 0; 42 msg.msg_flags = 0; 43 44 hdr->seq = 0; 45 hdr->type = RXRPC_PACKET_TYPE_BUSY; 46 hdr->flags = 0; 47 hdr->userStatus = 0; 48 hdr->_rsvd = 0; 49 50 iov[0].iov_base = hdr; 51 iov[0].iov_len = sizeof(*hdr); 52 53 len = iov[0].iov_len; 54 55 hdr->serial = htonl(1); 56 _proto("Tx BUSY %%%u", ntohl(hdr->serial)); 57 58 ret = kernel_sendmsg(local->socket, &msg, iov, 1, len); 59 if (ret < 0) { 60 _leave(" = -EAGAIN [sendmsg failed: %d]", ret); 61 return -EAGAIN; 62 } 63 64 _leave(" = 0"); 65 return 0; 66} 67 68/* 69 * accept an incoming call that needs peer, transport and/or connection setting 70 * up 71 */ 72static int rxrpc_accept_incoming_call(struct rxrpc_local *local, 73 struct rxrpc_sock *rx, 74 struct sk_buff *skb, 75 struct sockaddr_rxrpc *srx) 76{ 77 struct rxrpc_connection *conn; 78 struct rxrpc_transport *trans; 79 struct rxrpc_skb_priv *sp, *nsp; 80 struct rxrpc_peer *peer; 81 struct rxrpc_call *call; 82 struct sk_buff *notification; 83 int ret; 84 85 _enter(""); 86 87 sp = rxrpc_skb(skb); 88 89 /* get a notification message to send to the server app */ 90 notification = alloc_skb(0, GFP_NOFS); 91 rxrpc_new_skb(notification); 92 notification->mark = RXRPC_SKB_MARK_NEW_CALL; 93 94 peer = rxrpc_get_peer(srx, GFP_NOIO); 95 if (IS_ERR(peer)) { 96 _debug("no peer"); 97 ret = -EBUSY; 98 goto error; 99 } 100 101 trans = rxrpc_get_transport(local, peer, GFP_NOIO); 102 rxrpc_put_peer(peer); 103 if (!trans) { 104 _debug("no trans"); 105 ret = -EBUSY; 106 goto error; 107 } 108 109 conn = rxrpc_incoming_connection(trans, &sp->hdr, GFP_NOIO); 110 rxrpc_put_transport(trans); 111 if (IS_ERR(conn)) { 112 _debug("no conn"); 113 ret = PTR_ERR(conn); 114 goto error; 115 } 116 117 call = rxrpc_incoming_call(rx, conn, &sp->hdr, GFP_NOIO); 118 rxrpc_put_connection(conn); 119 if (IS_ERR(call)) { 120 _debug("no call"); 121 ret = PTR_ERR(call); 122 goto error; 123 } 124 125 /* attach the call to the socket */ 126 read_lock_bh(&local->services_lock); 127 if (rx->sk.sk_state == RXRPC_CLOSE) 128 goto invalid_service; 129 130 write_lock(&rx->call_lock); 131 if (!test_and_set_bit(RXRPC_CALL_INIT_ACCEPT, &call->flags)) { 132 rxrpc_get_call(call); 133 134 spin_lock(&call->conn->state_lock); 135 if (sp->hdr.securityIndex > 0 && 136 call->conn->state == RXRPC_CONN_SERVER_UNSECURED) { 137 _debug("await conn sec"); 138 list_add_tail(&call->accept_link, &rx->secureq); 139 call->conn->state = RXRPC_CONN_SERVER_CHALLENGING; 140 atomic_inc(&call->conn->usage); 141 set_bit(RXRPC_CONN_CHALLENGE, &call->conn->events); 142 rxrpc_queue_conn(call->conn); 143 } else { 144 _debug("conn ready"); 145 call->state = RXRPC_CALL_SERVER_ACCEPTING; 146 list_add_tail(&call->accept_link, &rx->acceptq); 147 rxrpc_get_call(call); 148 nsp = rxrpc_skb(notification); 149 nsp->call = call; 150 151 ASSERTCMP(atomic_read(&call->usage), >=, 3); 152 153 _debug("notify"); 154 spin_lock(&call->lock); 155 ret = rxrpc_queue_rcv_skb(call, notification, true, 156 false); 157 spin_unlock(&call->lock); 158 notification = NULL; 159 if (ret < 0) 160 BUG(); 161 } 162 spin_unlock(&call->conn->state_lock); 163 164 _debug("queued"); 165 } 166 write_unlock(&rx->call_lock); 167 168 _debug("process"); 169 rxrpc_fast_process_packet(call, skb); 170 171 _debug("done"); 172 read_unlock_bh(&local->services_lock); 173 rxrpc_free_skb(notification); 174 rxrpc_put_call(call); 175 _leave(" = 0"); 176 return 0; 177 178invalid_service: 179 _debug("invalid"); 180 read_unlock_bh(&local->services_lock); 181 182 read_lock_bh(&call->state_lock); 183 if (!test_bit(RXRPC_CALL_RELEASE, &call->flags) && 184 !test_and_set_bit(RXRPC_CALL_RELEASE, &call->events)) { 185 rxrpc_get_call(call); 186 rxrpc_queue_call(call); 187 } 188 read_unlock_bh(&call->state_lock); 189 rxrpc_put_call(call); 190 ret = -ECONNREFUSED; 191error: 192 rxrpc_free_skb(notification); 193 _leave(" = %d", ret); 194 return ret; 195} 196 197/* 198 * accept incoming calls that need peer, transport and/or connection setting up 199 * - the packets we get are all incoming client DATA packets that have seq == 1 200 */ 201void rxrpc_accept_incoming_calls(struct work_struct *work) 202{ 203 struct rxrpc_local *local = 204 container_of(work, struct rxrpc_local, acceptor); 205 struct rxrpc_skb_priv *sp; 206 struct sockaddr_rxrpc srx; 207 struct rxrpc_sock *rx; 208 struct sk_buff *skb; 209 __be16 service_id; 210 int ret; 211 212 _enter("%d", local->debug_id); 213 214 read_lock_bh(&rxrpc_local_lock); 215 if (atomic_read(&local->usage) > 0) 216 rxrpc_get_local(local); 217 else 218 local = NULL; 219 read_unlock_bh(&rxrpc_local_lock); 220 if (!local) { 221 _leave(" [local dead]"); 222 return; 223 } 224 225process_next_packet: 226 skb = skb_dequeue(&local->accept_queue); 227 if (!skb) { 228 rxrpc_put_local(local); 229 _leave("\n"); 230 return; 231 } 232 233 _net("incoming call skb %p", skb); 234 235 sp = rxrpc_skb(skb); 236 237 /* determine the remote address */ 238 memset(&srx, 0, sizeof(srx)); 239 srx.srx_family = AF_RXRPC; 240 srx.transport.family = local->srx.transport.family; 241 srx.transport_type = local->srx.transport_type; 242 switch (srx.transport.family) { 243 case AF_INET: 244 srx.transport_len = sizeof(struct sockaddr_in); 245 srx.transport.sin.sin_port = udp_hdr(skb)->source; 246 srx.transport.sin.sin_addr.s_addr = ip_hdr(skb)->saddr; 247 break; 248 default: 249 goto busy; 250 } 251 252 /* get the socket providing the service */ 253 service_id = sp->hdr.serviceId; 254 read_lock_bh(&local->services_lock); 255 list_for_each_entry(rx, &local->services, listen_link) { 256 if (rx->service_id == service_id && 257 rx->sk.sk_state != RXRPC_CLOSE) 258 goto found_service; 259 } 260 read_unlock_bh(&local->services_lock); 261 goto invalid_service; 262 263found_service: 264 _debug("found service %hd", ntohs(rx->service_id)); 265 if (sk_acceptq_is_full(&rx->sk)) 266 goto backlog_full; 267 sk_acceptq_added(&rx->sk); 268 sock_hold(&rx->sk); 269 read_unlock_bh(&local->services_lock); 270 271 ret = rxrpc_accept_incoming_call(local, rx, skb, &srx); 272 if (ret < 0) 273 sk_acceptq_removed(&rx->sk); 274 sock_put(&rx->sk); 275 switch (ret) { 276 case -ECONNRESET: /* old calls are ignored */ 277 case -ECONNABORTED: /* aborted calls are reaborted or ignored */ 278 case 0: 279 goto process_next_packet; 280 case -ECONNREFUSED: 281 goto invalid_service; 282 case -EBUSY: 283 goto busy; 284 case -EKEYREJECTED: 285 goto security_mismatch; 286 default: 287 BUG(); 288 } 289 290backlog_full: 291 read_unlock_bh(&local->services_lock); 292busy: 293 rxrpc_busy(local, &srx, &sp->hdr); 294 rxrpc_free_skb(skb); 295 goto process_next_packet; 296 297invalid_service: 298 skb->priority = RX_INVALID_OPERATION; 299 rxrpc_reject_packet(local, skb); 300 goto process_next_packet; 301 302 /* can't change connection security type mid-flow */ 303security_mismatch: 304 skb->priority = RX_PROTOCOL_ERROR; 305 rxrpc_reject_packet(local, skb); 306 goto process_next_packet; 307} 308 309/* 310 * handle acceptance of a call by userspace 311 * - assign the user call ID to the call at the front of the queue 312 */ 313struct rxrpc_call *rxrpc_accept_call(struct rxrpc_sock *rx, 314 unsigned long user_call_ID) 315{ 316 struct rxrpc_call *call; 317 struct rb_node *parent, **pp; 318 int ret; 319 320 _enter(",%lx", user_call_ID); 321 322 ASSERT(!irqs_disabled()); 323 324 write_lock(&rx->call_lock); 325 326 ret = -ENODATA; 327 if (list_empty(&rx->acceptq)) 328 goto out; 329 330 /* check the user ID isn't already in use */ 331 ret = -EBADSLT; 332 pp = &rx->calls.rb_node; 333 parent = NULL; 334 while (*pp) { 335 parent = *pp; 336 call = rb_entry(parent, struct rxrpc_call, sock_node); 337 338 if (user_call_ID < call->user_call_ID) 339 pp = &(*pp)->rb_left; 340 else if (user_call_ID > call->user_call_ID) 341 pp = &(*pp)->rb_right; 342 else 343 goto out; 344 } 345 346 /* dequeue the first call and check it's still valid */ 347 call = list_entry(rx->acceptq.next, struct rxrpc_call, accept_link); 348 list_del_init(&call->accept_link); 349 sk_acceptq_removed(&rx->sk); 350 351 write_lock_bh(&call->state_lock); 352 switch (call->state) { 353 case RXRPC_CALL_SERVER_ACCEPTING: 354 call->state = RXRPC_CALL_SERVER_RECV_REQUEST; 355 break; 356 case RXRPC_CALL_REMOTELY_ABORTED: 357 case RXRPC_CALL_LOCALLY_ABORTED: 358 ret = -ECONNABORTED; 359 goto out_release; 360 case RXRPC_CALL_NETWORK_ERROR: 361 ret = call->conn->error; 362 goto out_release; 363 case RXRPC_CALL_DEAD: 364 ret = -ETIME; 365 goto out_discard; 366 default: 367 BUG(); 368 } 369 370 /* formalise the acceptance */ 371 call->user_call_ID = user_call_ID; 372 rb_link_node(&call->sock_node, parent, pp); 373 rb_insert_color(&call->sock_node, &rx->calls); 374 if (test_and_set_bit(RXRPC_CALL_HAS_USERID, &call->flags)) 375 BUG(); 376 if (test_and_set_bit(RXRPC_CALL_ACCEPTED, &call->events)) 377 BUG(); 378 rxrpc_queue_call(call); 379 380 rxrpc_get_call(call); 381 write_unlock_bh(&call->state_lock); 382 write_unlock(&rx->call_lock); 383 _leave(" = %p{%d}", call, call->debug_id); 384 return call; 385 386 /* if the call is already dying or dead, then we leave the socket's ref 387 * on it to be released by rxrpc_dead_call_expired() as induced by 388 * rxrpc_release_call() */ 389out_release: 390 _debug("release %p", call); 391 if (!test_bit(RXRPC_CALL_RELEASED, &call->flags) && 392 !test_and_set_bit(RXRPC_CALL_RELEASE, &call->events)) 393 rxrpc_queue_call(call); 394out_discard: 395 write_unlock_bh(&call->state_lock); 396 _debug("discard %p", call); 397out: 398 write_unlock(&rx->call_lock); 399 _leave(" = %d", ret); 400 return ERR_PTR(ret); 401} 402 403/* 404 * handle rejectance of a call by userspace 405 * - reject the call at the front of the queue 406 */ 407int rxrpc_reject_call(struct rxrpc_sock *rx) 408{ 409 struct rxrpc_call *call; 410 int ret; 411 412 _enter(""); 413 414 ASSERT(!irqs_disabled()); 415 416 write_lock(&rx->call_lock); 417 418 ret = -ENODATA; 419 if (list_empty(&rx->acceptq)) 420 goto out; 421 422 /* dequeue the first call and check it's still valid */ 423 call = list_entry(rx->acceptq.next, struct rxrpc_call, accept_link); 424 list_del_init(&call->accept_link); 425 sk_acceptq_removed(&rx->sk); 426 427 write_lock_bh(&call->state_lock); 428 switch (call->state) { 429 case RXRPC_CALL_SERVER_ACCEPTING: 430 call->state = RXRPC_CALL_SERVER_BUSY; 431 if (test_and_set_bit(RXRPC_CALL_REJECT_BUSY, &call->events)) 432 rxrpc_queue_call(call); 433 ret = 0; 434 goto out_release; 435 case RXRPC_CALL_REMOTELY_ABORTED: 436 case RXRPC_CALL_LOCALLY_ABORTED: 437 ret = -ECONNABORTED; 438 goto out_release; 439 case RXRPC_CALL_NETWORK_ERROR: 440 ret = call->conn->error; 441 goto out_release; 442 case RXRPC_CALL_DEAD: 443 ret = -ETIME; 444 goto out_discard; 445 default: 446 BUG(); 447 } 448 449 /* if the call is already dying or dead, then we leave the socket's ref 450 * on it to be released by rxrpc_dead_call_expired() as induced by 451 * rxrpc_release_call() */ 452out_release: 453 _debug("release %p", call); 454 if (!test_bit(RXRPC_CALL_RELEASED, &call->flags) && 455 !test_and_set_bit(RXRPC_CALL_RELEASE, &call->events)) 456 rxrpc_queue_call(call); 457out_discard: 458 write_unlock_bh(&call->state_lock); 459 _debug("discard %p", call); 460out: 461 write_unlock(&rx->call_lock); 462 _leave(" = %d", ret); 463 return ret; 464} 465 466/** 467 * rxrpc_kernel_accept_call - Allow a kernel service to accept an incoming call 468 * @sock: The socket on which the impending call is waiting 469 * @user_call_ID: The tag to attach to the call 470 * 471 * Allow a kernel service to accept an incoming call, assuming the incoming 472 * call is still valid. 473 */ 474struct rxrpc_call *rxrpc_kernel_accept_call(struct socket *sock, 475 unsigned long user_call_ID) 476{ 477 struct rxrpc_call *call; 478 479 _enter(",%lx", user_call_ID); 480 call = rxrpc_accept_call(rxrpc_sk(sock->sk), user_call_ID); 481 _leave(" = %p", call); 482 return call; 483} 484 485EXPORT_SYMBOL(rxrpc_kernel_accept_call); 486 487/** 488 * rxrpc_kernel_reject_call - Allow a kernel service to reject an incoming call 489 * @sock: The socket on which the impending call is waiting 490 * 491 * Allow a kernel service to reject an incoming call with a BUSY message, 492 * assuming the incoming call is still valid. 493 */ 494int rxrpc_kernel_reject_call(struct socket *sock) 495{ 496 int ret; 497 498 _enter(""); 499 ret = rxrpc_reject_call(rxrpc_sk(sock->sk)); 500 _leave(" = %d", ret); 501 return ret; 502} 503 504EXPORT_SYMBOL(rxrpc_kernel_reject_call); 505