1// SPDX-License-Identifier: GPL-2.0-or-later
2/* RxRPC virtual connection handler, common bits.
3 *
4 * Copyright (C) 2007, 2016 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
6 */
7
8#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9
10#include <linux/module.h>
11#include <linux/slab.h>
12#include <linux/net.h>
13#include <linux/skbuff.h>
14#include "ar-internal.h"
15
16/*
17 * Time till a connection expires after last use (in seconds).
18 */
19unsigned int __read_mostly rxrpc_connection_expiry = 10 * 60;
20unsigned int __read_mostly rxrpc_closed_conn_expiry = 10;
21
22static void rxrpc_clean_up_connection(struct work_struct *work);
23static void rxrpc_set_service_reap_timer(struct rxrpc_net *rxnet,
24 unsigned long reap_at);
25
26void rxrpc_poke_conn(struct rxrpc_connection *conn, enum rxrpc_conn_trace why)
27{
28 struct rxrpc_local *local = conn->local;
29 bool busy;
30
31 if (WARN_ON_ONCE(!local))
32 return;
33
34 spin_lock_bh(lock: &local->lock);
35 busy = !list_empty(head: &conn->attend_link);
36 if (!busy) {
37 rxrpc_get_connection(conn, why);
38 list_add_tail(new: &conn->attend_link, head: &local->conn_attend_q);
39 }
40 spin_unlock_bh(lock: &local->lock);
41 rxrpc_wake_up_io_thread(local);
42}
43
44static void rxrpc_connection_timer(struct timer_list *timer)
45{
46 struct rxrpc_connection *conn =
47 container_of(timer, struct rxrpc_connection, timer);
48
49 rxrpc_poke_conn(conn, why: rxrpc_conn_get_poke_timer);
50}
51
52/*
53 * allocate a new connection
54 */
55struct rxrpc_connection *rxrpc_alloc_connection(struct rxrpc_net *rxnet,
56 gfp_t gfp)
57{
58 struct rxrpc_connection *conn;
59
60 _enter("");
61
62 conn = kzalloc(size: sizeof(struct rxrpc_connection), flags: gfp);
63 if (conn) {
64 INIT_LIST_HEAD(list: &conn->cache_link);
65 timer_setup(&conn->timer, &rxrpc_connection_timer, 0);
66 INIT_WORK(&conn->processor, rxrpc_process_connection);
67 INIT_WORK(&conn->destructor, rxrpc_clean_up_connection);
68 INIT_LIST_HEAD(list: &conn->proc_link);
69 INIT_LIST_HEAD(list: &conn->link);
70 mutex_init(&conn->security_lock);
71 skb_queue_head_init(list: &conn->rx_queue);
72 conn->rxnet = rxnet;
73 conn->security = &rxrpc_no_security;
74 spin_lock_init(&conn->state_lock);
75 conn->debug_id = atomic_inc_return(v: &rxrpc_debug_id);
76 conn->idle_timestamp = jiffies;
77 }
78
79 _leave(" = %p{%d}", conn, conn ? conn->debug_id : 0);
80 return conn;
81}
82
83/*
84 * Look up a connection in the cache by protocol parameters.
85 *
86 * If successful, a pointer to the connection is returned, but no ref is taken.
87 * NULL is returned if there is no match.
88 *
89 * When searching for a service call, if we find a peer but no connection, we
90 * return that through *_peer in case we need to create a new service call.
91 *
92 * The caller must be holding the RCU read lock.
93 */
94struct rxrpc_connection *rxrpc_find_client_connection_rcu(struct rxrpc_local *local,
95 struct sockaddr_rxrpc *srx,
96 struct sk_buff *skb)
97{
98 struct rxrpc_connection *conn;
99 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
100 struct rxrpc_peer *peer;
101
102 _enter(",%x", sp->hdr.cid & RXRPC_CIDMASK);
103
104 /* Look up client connections by connection ID alone as their
105 * IDs are unique for this machine.
106 */
107 conn = idr_find(&local->conn_ids, id: sp->hdr.cid >> RXRPC_CIDSHIFT);
108 if (!conn || refcount_read(r: &conn->ref) == 0) {
109 _debug("no conn");
110 goto not_found;
111 }
112
113 if (conn->proto.epoch != sp->hdr.epoch ||
114 conn->local != local)
115 goto not_found;
116
117 peer = conn->peer;
118 switch (srx->transport.family) {
119 case AF_INET:
120 if (peer->srx.transport.sin.sin_port !=
121 srx->transport.sin.sin_port ||
122 peer->srx.transport.sin.sin_addr.s_addr !=
123 srx->transport.sin.sin_addr.s_addr)
124 goto not_found;
125 break;
126#ifdef CONFIG_AF_RXRPC_IPV6
127 case AF_INET6:
128 if (peer->srx.transport.sin6.sin6_port !=
129 srx->transport.sin6.sin6_port ||
130 memcmp(p: &peer->srx.transport.sin6.sin6_addr,
131 q: &srx->transport.sin6.sin6_addr,
132 size: sizeof(struct in6_addr)) != 0)
133 goto not_found;
134 break;
135#endif
136 default:
137 BUG();
138 }
139
140 _leave(" = %p", conn);
141 return conn;
142
143not_found:
144 _leave(" = NULL");
145 return NULL;
146}
147
148/*
149 * Disconnect a call and clear any channel it occupies when that call
150 * terminates. The caller must hold the channel_lock and must release the
151 * call's ref on the connection.
152 */
153void __rxrpc_disconnect_call(struct rxrpc_connection *conn,
154 struct rxrpc_call *call)
155{
156 struct rxrpc_channel *chan =
157 &conn->channels[call->cid & RXRPC_CHANNELMASK];
158
159 _enter("%d,%x", conn->debug_id, call->cid);
160
161 if (chan->call == call) {
162 /* Save the result of the call so that we can repeat it if necessary
163 * through the channel, whilst disposing of the actual call record.
164 */
165 trace_rxrpc_disconnect_call(call);
166 switch (call->completion) {
167 case RXRPC_CALL_SUCCEEDED:
168 chan->last_seq = call->rx_highest_seq;
169 chan->last_type = RXRPC_PACKET_TYPE_ACK;
170 break;
171 case RXRPC_CALL_LOCALLY_ABORTED:
172 chan->last_abort = call->abort_code;
173 chan->last_type = RXRPC_PACKET_TYPE_ABORT;
174 break;
175 default:
176 chan->last_abort = RX_CALL_DEAD;
177 chan->last_type = RXRPC_PACKET_TYPE_ABORT;
178 break;
179 }
180
181 chan->last_call = chan->call_id;
182 chan->call_id = chan->call_counter;
183 chan->call = NULL;
184 }
185
186 _leave("");
187}
188
189/*
190 * Disconnect a call and clear any channel it occupies when that call
191 * terminates.
192 */
193void rxrpc_disconnect_call(struct rxrpc_call *call)
194{
195 struct rxrpc_connection *conn = call->conn;
196
197 set_bit(nr: RXRPC_CALL_DISCONNECTED, addr: &call->flags);
198 rxrpc_see_call(call, rxrpc_call_see_disconnected);
199
200 call->peer->cong_ssthresh = call->cong_ssthresh;
201
202 if (!hlist_unhashed(h: &call->error_link)) {
203 spin_lock(lock: &call->peer->lock);
204 hlist_del_init(n: &call->error_link);
205 spin_unlock(lock: &call->peer->lock);
206 }
207
208 if (rxrpc_is_client_call(call)) {
209 rxrpc_disconnect_client_call(call->bundle, call);
210 } else {
211 __rxrpc_disconnect_call(conn, call);
212 conn->idle_timestamp = jiffies;
213 if (atomic_dec_and_test(v: &conn->active))
214 rxrpc_set_service_reap_timer(rxnet: conn->rxnet,
215 reap_at: jiffies + rxrpc_connection_expiry);
216 }
217
218 rxrpc_put_call(call, rxrpc_call_put_io_thread);
219}
220
221/*
222 * Queue a connection's work processor, getting a ref to pass to the work
223 * queue.
224 */
225void rxrpc_queue_conn(struct rxrpc_connection *conn, enum rxrpc_conn_trace why)
226{
227 if (atomic_read(v: &conn->active) >= 0 &&
228 rxrpc_queue_work(&conn->processor))
229 rxrpc_see_connection(conn, why);
230}
231
232/*
233 * Note the re-emergence of a connection.
234 */
235void rxrpc_see_connection(struct rxrpc_connection *conn,
236 enum rxrpc_conn_trace why)
237{
238 if (conn) {
239 int r = refcount_read(r: &conn->ref);
240
241 trace_rxrpc_conn(conn_debug_id: conn->debug_id, ref: r, why);
242 }
243}
244
245/*
246 * Get a ref on a connection.
247 */
248struct rxrpc_connection *rxrpc_get_connection(struct rxrpc_connection *conn,
249 enum rxrpc_conn_trace why)
250{
251 int r;
252
253 __refcount_inc(r: &conn->ref, oldp: &r);
254 trace_rxrpc_conn(conn_debug_id: conn->debug_id, ref: r + 1, why);
255 return conn;
256}
257
258/*
259 * Try to get a ref on a connection.
260 */
261struct rxrpc_connection *
262rxrpc_get_connection_maybe(struct rxrpc_connection *conn,
263 enum rxrpc_conn_trace why)
264{
265 int r;
266
267 if (conn) {
268 if (__refcount_inc_not_zero(r: &conn->ref, oldp: &r))
269 trace_rxrpc_conn(conn_debug_id: conn->debug_id, ref: r + 1, why);
270 else
271 conn = NULL;
272 }
273 return conn;
274}
275
276/*
277 * Set the service connection reap timer.
278 */
279static void rxrpc_set_service_reap_timer(struct rxrpc_net *rxnet,
280 unsigned long reap_at)
281{
282 if (rxnet->live)
283 timer_reduce(timer: &rxnet->service_conn_reap_timer, expires: reap_at);
284}
285
286/*
287 * destroy a virtual connection
288 */
289static void rxrpc_rcu_free_connection(struct rcu_head *rcu)
290{
291 struct rxrpc_connection *conn =
292 container_of(rcu, struct rxrpc_connection, rcu);
293 struct rxrpc_net *rxnet = conn->rxnet;
294
295 _enter("{%d,u=%d}", conn->debug_id, refcount_read(&conn->ref));
296
297 trace_rxrpc_conn(conn_debug_id: conn->debug_id, ref: refcount_read(r: &conn->ref),
298 why: rxrpc_conn_free);
299 kfree(objp: conn);
300
301 if (atomic_dec_and_test(v: &rxnet->nr_conns))
302 wake_up_var(var: &rxnet->nr_conns);
303}
304
305/*
306 * Clean up a dead connection.
307 */
308static void rxrpc_clean_up_connection(struct work_struct *work)
309{
310 struct rxrpc_connection *conn =
311 container_of(work, struct rxrpc_connection, destructor);
312 struct rxrpc_net *rxnet = conn->rxnet;
313
314 ASSERT(!conn->channels[0].call &&
315 !conn->channels[1].call &&
316 !conn->channels[2].call &&
317 !conn->channels[3].call);
318 ASSERT(list_empty(&conn->cache_link));
319
320 del_timer_sync(timer: &conn->timer);
321 cancel_work_sync(work: &conn->processor); /* Processing may restart the timer */
322 del_timer_sync(timer: &conn->timer);
323
324 write_lock(&rxnet->conn_lock);
325 list_del_init(entry: &conn->proc_link);
326 write_unlock(&rxnet->conn_lock);
327
328 rxrpc_purge_queue(&conn->rx_queue);
329
330 rxrpc_kill_client_conn(conn);
331
332 conn->security->clear(conn);
333 key_put(key: conn->key);
334 rxrpc_put_bundle(conn->bundle, rxrpc_bundle_put_conn);
335 rxrpc_put_peer(conn->peer, rxrpc_peer_put_conn);
336 rxrpc_put_local(conn->local, rxrpc_local_put_kill_conn);
337
338 /* Drain the Rx queue. Note that even though we've unpublished, an
339 * incoming packet could still be being added to our Rx queue, so we
340 * will need to drain it again in the RCU cleanup handler.
341 */
342 rxrpc_purge_queue(&conn->rx_queue);
343
344 call_rcu(head: &conn->rcu, func: rxrpc_rcu_free_connection);
345}
346
347/*
348 * Drop a ref on a connection.
349 */
350void rxrpc_put_connection(struct rxrpc_connection *conn,
351 enum rxrpc_conn_trace why)
352{
353 unsigned int debug_id;
354 bool dead;
355 int r;
356
357 if (!conn)
358 return;
359
360 debug_id = conn->debug_id;
361 dead = __refcount_dec_and_test(r: &conn->ref, oldp: &r);
362 trace_rxrpc_conn(conn_debug_id: debug_id, ref: r - 1, why);
363 if (dead) {
364 del_timer(timer: &conn->timer);
365 cancel_work(work: &conn->processor);
366
367 if (in_softirq() || work_busy(work: &conn->processor) ||
368 timer_pending(timer: &conn->timer))
369 /* Can't use the rxrpc workqueue as we need to cancel/flush
370 * something that may be running/waiting there.
371 */
372 schedule_work(work: &conn->destructor);
373 else
374 rxrpc_clean_up_connection(work: &conn->destructor);
375 }
376}
377
378/*
379 * reap dead service connections
380 */
381void rxrpc_service_connection_reaper(struct work_struct *work)
382{
383 struct rxrpc_connection *conn, *_p;
384 struct rxrpc_net *rxnet =
385 container_of(work, struct rxrpc_net, service_conn_reaper);
386 unsigned long expire_at, earliest, idle_timestamp, now;
387 int active;
388
389 LIST_HEAD(graveyard);
390
391 _enter("");
392
393 now = jiffies;
394 earliest = now + MAX_JIFFY_OFFSET;
395
396 write_lock(&rxnet->conn_lock);
397 list_for_each_entry_safe(conn, _p, &rxnet->service_conns, link) {
398 ASSERTCMP(atomic_read(&conn->active), >=, 0);
399 if (likely(atomic_read(&conn->active) > 0))
400 continue;
401 if (conn->state == RXRPC_CONN_SERVICE_PREALLOC)
402 continue;
403
404 if (rxnet->live && !conn->local->dead) {
405 idle_timestamp = READ_ONCE(conn->idle_timestamp);
406 expire_at = idle_timestamp + rxrpc_connection_expiry * HZ;
407 if (conn->local->service_closed)
408 expire_at = idle_timestamp + rxrpc_closed_conn_expiry * HZ;
409
410 _debug("reap CONN %d { a=%d,t=%ld }",
411 conn->debug_id, atomic_read(&conn->active),
412 (long)expire_at - (long)now);
413
414 if (time_before(now, expire_at)) {
415 if (time_before(expire_at, earliest))
416 earliest = expire_at;
417 continue;
418 }
419 }
420
421 /* The activity count sits at 0 whilst the conn is unused on
422 * the list; we reduce that to -1 to make the conn unavailable.
423 */
424 active = 0;
425 if (!atomic_try_cmpxchg(v: &conn->active, old: &active, new: -1))
426 continue;
427 rxrpc_see_connection(conn, why: rxrpc_conn_see_reap_service);
428
429 if (rxrpc_conn_is_client(conn))
430 BUG();
431 else
432 rxrpc_unpublish_service_conn(conn);
433
434 list_move_tail(list: &conn->link, head: &graveyard);
435 }
436 write_unlock(&rxnet->conn_lock);
437
438 if (earliest != now + MAX_JIFFY_OFFSET) {
439 _debug("reschedule reaper %ld", (long)earliest - (long)now);
440 ASSERT(time_after(earliest, now));
441 rxrpc_set_service_reap_timer(rxnet, reap_at: earliest);
442 }
443
444 while (!list_empty(head: &graveyard)) {
445 conn = list_entry(graveyard.next, struct rxrpc_connection,
446 link);
447 list_del_init(entry: &conn->link);
448
449 ASSERTCMP(atomic_read(&conn->active), ==, -1);
450 rxrpc_put_connection(conn, why: rxrpc_conn_put_service_reaped);
451 }
452
453 _leave("");
454}
455
456/*
457 * preemptively destroy all the service connection records rather than
458 * waiting for them to time out
459 */
460void rxrpc_destroy_all_connections(struct rxrpc_net *rxnet)
461{
462 struct rxrpc_connection *conn, *_p;
463 bool leak = false;
464
465 _enter("");
466
467 atomic_dec(v: &rxnet->nr_conns);
468
469 del_timer_sync(timer: &rxnet->service_conn_reap_timer);
470 rxrpc_queue_work(&rxnet->service_conn_reaper);
471 flush_workqueue(rxrpc_workqueue);
472
473 write_lock(&rxnet->conn_lock);
474 list_for_each_entry_safe(conn, _p, &rxnet->service_conns, link) {
475 pr_err("AF_RXRPC: Leaked conn %p {%d}\n",
476 conn, refcount_read(&conn->ref));
477 leak = true;
478 }
479 write_unlock(&rxnet->conn_lock);
480 BUG_ON(leak);
481
482 ASSERT(list_empty(&rxnet->conn_proc_list));
483
484 /* We need to wait for the connections to be destroyed by RCU as they
485 * pin things that we still need to get rid of.
486 */
487 wait_var_event(&rxnet->nr_conns, !atomic_read(&rxnet->nr_conns));
488 _leave("");
489}
490

source code of linux/net/rxrpc/conn_object.c