1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* Local endpoint object management |
3 | * |
4 | * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved. |
5 | * Written by David Howells (dhowells@redhat.com) |
6 | */ |
7 | |
8 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
9 | |
10 | #include <linux/module.h> |
11 | #include <linux/net.h> |
12 | #include <linux/skbuff.h> |
13 | #include <linux/slab.h> |
14 | #include <linux/udp.h> |
15 | #include <linux/ip.h> |
16 | #include <linux/hashtable.h> |
17 | #include <net/sock.h> |
18 | #include <net/udp.h> |
19 | #include <net/udp_tunnel.h> |
20 | #include <net/af_rxrpc.h> |
21 | #include "ar-internal.h" |
22 | |
23 | static void rxrpc_local_rcu(struct rcu_head *); |
24 | |
25 | /* |
26 | * Handle an ICMP/ICMP6 error turning up at the tunnel. Push it through the |
27 | * usual mechanism so that it gets parsed and presented through the UDP |
28 | * socket's error_report(). |
29 | */ |
30 | static void rxrpc_encap_err_rcv(struct sock *sk, struct sk_buff *skb, int err, |
31 | __be16 port, u32 info, u8 *payload) |
32 | { |
33 | if (ip_hdr(skb)->version == IPVERSION) |
34 | return ip_icmp_error(sk, skb, err, port, info, payload); |
35 | if (IS_ENABLED(CONFIG_AF_RXRPC_IPV6)) |
36 | return ipv6_icmp_error(sk, skb, err, port, info, payload); |
37 | } |
38 | |
39 | /* |
40 | * Compare a local to an address. Return -ve, 0 or +ve to indicate less than, |
41 | * same or greater than. |
42 | * |
43 | * We explicitly don't compare the RxRPC service ID as we want to reject |
44 | * conflicting uses by differing services. Further, we don't want to share |
45 | * addresses with different options (IPv6), so we don't compare those bits |
46 | * either. |
47 | */ |
48 | static long rxrpc_local_cmp_key(const struct rxrpc_local *local, |
49 | const struct sockaddr_rxrpc *srx) |
50 | { |
51 | long diff; |
52 | |
53 | diff = ((local->srx.transport_type - srx->transport_type) ?: |
54 | (local->srx.transport_len - srx->transport_len) ?: |
55 | (local->srx.transport.family - srx->transport.family)); |
56 | if (diff != 0) |
57 | return diff; |
58 | |
59 | switch (srx->transport.family) { |
60 | case AF_INET: |
61 | /* If the choice of UDP port is left up to the transport, then |
62 | * the endpoint record doesn't match. |
63 | */ |
64 | return ((u16 __force)local->srx.transport.sin.sin_port - |
65 | (u16 __force)srx->transport.sin.sin_port) ?: |
66 | memcmp(p: &local->srx.transport.sin.sin_addr, |
67 | q: &srx->transport.sin.sin_addr, |
68 | size: sizeof(struct in_addr)); |
69 | #ifdef CONFIG_AF_RXRPC_IPV6 |
70 | case AF_INET6: |
71 | /* If the choice of UDP6 port is left up to the transport, then |
72 | * the endpoint record doesn't match. |
73 | */ |
74 | return ((u16 __force)local->srx.transport.sin6.sin6_port - |
75 | (u16 __force)srx->transport.sin6.sin6_port) ?: |
76 | memcmp(p: &local->srx.transport.sin6.sin6_addr, |
77 | q: &srx->transport.sin6.sin6_addr, |
78 | size: sizeof(struct in6_addr)); |
79 | #endif |
80 | default: |
81 | BUG(); |
82 | } |
83 | } |
84 | |
85 | static void rxrpc_client_conn_reap_timeout(struct timer_list *timer) |
86 | { |
87 | struct rxrpc_local *local = |
88 | container_of(timer, struct rxrpc_local, client_conn_reap_timer); |
89 | |
90 | if (local->kill_all_client_conns && |
91 | test_and_set_bit(RXRPC_CLIENT_CONN_REAP_TIMER, addr: &local->client_conn_flags)) |
92 | rxrpc_wake_up_io_thread(local); |
93 | } |
94 | |
95 | /* |
96 | * Allocate a new local endpoint. |
97 | */ |
98 | static struct rxrpc_local *rxrpc_alloc_local(struct net *net, |
99 | const struct sockaddr_rxrpc *srx) |
100 | { |
101 | struct rxrpc_local *local; |
102 | u32 tmp; |
103 | |
104 | local = kzalloc(size: sizeof(struct rxrpc_local), GFP_KERNEL); |
105 | if (local) { |
106 | refcount_set(r: &local->ref, n: 1); |
107 | atomic_set(v: &local->active_users, i: 1); |
108 | local->net = net; |
109 | local->rxnet = rxrpc_net(net); |
110 | INIT_HLIST_NODE(h: &local->link); |
111 | init_completion(x: &local->io_thread_ready); |
112 | #ifdef CONFIG_AF_RXRPC_INJECT_RX_DELAY |
113 | skb_queue_head_init(list: &local->rx_delay_queue); |
114 | #endif |
115 | skb_queue_head_init(list: &local->rx_queue); |
116 | INIT_LIST_HEAD(list: &local->conn_attend_q); |
117 | INIT_LIST_HEAD(list: &local->call_attend_q); |
118 | |
119 | local->client_bundles = RB_ROOT; |
120 | spin_lock_init(&local->client_bundles_lock); |
121 | local->kill_all_client_conns = false; |
122 | INIT_LIST_HEAD(list: &local->idle_client_conns); |
123 | timer_setup(&local->client_conn_reap_timer, |
124 | rxrpc_client_conn_reap_timeout, 0); |
125 | |
126 | spin_lock_init(&local->lock); |
127 | rwlock_init(&local->services_lock); |
128 | local->debug_id = atomic_inc_return(v: &rxrpc_debug_id); |
129 | memcpy(&local->srx, srx, sizeof(*srx)); |
130 | local->srx.srx_service = 0; |
131 | idr_init(idr: &local->conn_ids); |
132 | get_random_bytes(buf: &tmp, len: sizeof(tmp)); |
133 | tmp &= 0x3fffffff; |
134 | if (tmp == 0) |
135 | tmp = 1; |
136 | idr_set_cursor(idr: &local->conn_ids, val: tmp); |
137 | INIT_LIST_HEAD(list: &local->new_client_calls); |
138 | spin_lock_init(&local->client_call_lock); |
139 | |
140 | trace_rxrpc_local(local_debug_id: local->debug_id, op: rxrpc_local_new, ref: 1, usage: 1); |
141 | } |
142 | |
143 | _leave(" = %p" , local); |
144 | return local; |
145 | } |
146 | |
147 | /* |
148 | * create the local socket |
149 | * - must be called with rxrpc_local_mutex locked |
150 | */ |
151 | static int rxrpc_open_socket(struct rxrpc_local *local, struct net *net) |
152 | { |
153 | struct udp_tunnel_sock_cfg tuncfg = {NULL}; |
154 | struct sockaddr_rxrpc *srx = &local->srx; |
155 | struct udp_port_cfg udp_conf = {0}; |
156 | struct task_struct *io_thread; |
157 | struct sock *usk; |
158 | int ret; |
159 | |
160 | _enter("%p{%d,%d}" , |
161 | local, srx->transport_type, srx->transport.family); |
162 | |
163 | udp_conf.family = srx->transport.family; |
164 | udp_conf.use_udp_checksums = true; |
165 | if (udp_conf.family == AF_INET) { |
166 | udp_conf.local_ip = srx->transport.sin.sin_addr; |
167 | udp_conf.local_udp_port = srx->transport.sin.sin_port; |
168 | #if IS_ENABLED(CONFIG_AF_RXRPC_IPV6) |
169 | } else { |
170 | udp_conf.local_ip6 = srx->transport.sin6.sin6_addr; |
171 | udp_conf.local_udp_port = srx->transport.sin6.sin6_port; |
172 | udp_conf.use_udp6_tx_checksums = true; |
173 | udp_conf.use_udp6_rx_checksums = true; |
174 | #endif |
175 | } |
176 | ret = udp_sock_create(net, cfg: &udp_conf, sockp: &local->socket); |
177 | if (ret < 0) { |
178 | _leave(" = %d [socket]" , ret); |
179 | return ret; |
180 | } |
181 | |
182 | tuncfg.encap_type = UDP_ENCAP_RXRPC; |
183 | tuncfg.encap_rcv = rxrpc_encap_rcv; |
184 | tuncfg.encap_err_rcv = rxrpc_encap_err_rcv; |
185 | tuncfg.sk_user_data = local; |
186 | setup_udp_tunnel_sock(net, sock: local->socket, sock_cfg: &tuncfg); |
187 | |
188 | /* set the socket up */ |
189 | usk = local->socket->sk; |
190 | usk->sk_error_report = rxrpc_error_report; |
191 | |
192 | switch (srx->transport.family) { |
193 | case AF_INET6: |
194 | /* we want to receive ICMPv6 errors */ |
195 | ip6_sock_set_recverr(sk: usk); |
196 | |
197 | /* Fall through and set IPv4 options too otherwise we don't get |
198 | * errors from IPv4 packets sent through the IPv6 socket. |
199 | */ |
200 | fallthrough; |
201 | case AF_INET: |
202 | /* we want to receive ICMP errors */ |
203 | ip_sock_set_recverr(sk: usk); |
204 | |
205 | /* we want to set the don't fragment bit */ |
206 | ip_sock_set_mtu_discover(sk: usk, IP_PMTUDISC_DO); |
207 | |
208 | /* We want receive timestamps. */ |
209 | sock_enable_timestamps(sk: usk); |
210 | break; |
211 | |
212 | default: |
213 | BUG(); |
214 | } |
215 | |
216 | io_thread = kthread_run(rxrpc_io_thread, local, |
217 | "krxrpcio/%u" , ntohs(udp_conf.local_udp_port)); |
218 | if (IS_ERR(ptr: io_thread)) { |
219 | ret = PTR_ERR(ptr: io_thread); |
220 | goto error_sock; |
221 | } |
222 | |
223 | wait_for_completion(&local->io_thread_ready); |
224 | local->io_thread = io_thread; |
225 | _leave(" = 0" ); |
226 | return 0; |
227 | |
228 | error_sock: |
229 | kernel_sock_shutdown(sock: local->socket, how: SHUT_RDWR); |
230 | local->socket->sk->sk_user_data = NULL; |
231 | sock_release(sock: local->socket); |
232 | local->socket = NULL; |
233 | return ret; |
234 | } |
235 | |
236 | /* |
237 | * Look up or create a new local endpoint using the specified local address. |
238 | */ |
239 | struct rxrpc_local *rxrpc_lookup_local(struct net *net, |
240 | const struct sockaddr_rxrpc *srx) |
241 | { |
242 | struct rxrpc_local *local; |
243 | struct rxrpc_net *rxnet = rxrpc_net(net); |
244 | struct hlist_node *cursor; |
245 | long diff; |
246 | int ret; |
247 | |
248 | _enter("{%d,%d,%pISp}" , |
249 | srx->transport_type, srx->transport.family, &srx->transport); |
250 | |
251 | mutex_lock(&rxnet->local_mutex); |
252 | |
253 | hlist_for_each(cursor, &rxnet->local_endpoints) { |
254 | local = hlist_entry(cursor, struct rxrpc_local, link); |
255 | |
256 | diff = rxrpc_local_cmp_key(local, srx); |
257 | if (diff != 0) |
258 | continue; |
259 | |
260 | /* Services aren't allowed to share transport sockets, so |
261 | * reject that here. It is possible that the object is dying - |
262 | * but it may also still have the local transport address that |
263 | * we want bound. |
264 | */ |
265 | if (srx->srx_service) { |
266 | local = NULL; |
267 | goto addr_in_use; |
268 | } |
269 | |
270 | /* Found a match. We want to replace a dying object. |
271 | * Attempting to bind the transport socket may still fail if |
272 | * we're attempting to use a local address that the dying |
273 | * object is still using. |
274 | */ |
275 | if (!rxrpc_use_local(local, rxrpc_local_use_lookup)) |
276 | break; |
277 | |
278 | goto found; |
279 | } |
280 | |
281 | local = rxrpc_alloc_local(net, srx); |
282 | if (!local) |
283 | goto nomem; |
284 | |
285 | ret = rxrpc_open_socket(local, net); |
286 | if (ret < 0) |
287 | goto sock_error; |
288 | |
289 | if (cursor) { |
290 | hlist_replace_rcu(old: cursor, new: &local->link); |
291 | cursor->pprev = NULL; |
292 | } else { |
293 | hlist_add_head_rcu(n: &local->link, h: &rxnet->local_endpoints); |
294 | } |
295 | |
296 | found: |
297 | mutex_unlock(lock: &rxnet->local_mutex); |
298 | _leave(" = %p" , local); |
299 | return local; |
300 | |
301 | nomem: |
302 | ret = -ENOMEM; |
303 | sock_error: |
304 | mutex_unlock(lock: &rxnet->local_mutex); |
305 | if (local) |
306 | call_rcu(head: &local->rcu, func: rxrpc_local_rcu); |
307 | _leave(" = %d" , ret); |
308 | return ERR_PTR(error: ret); |
309 | |
310 | addr_in_use: |
311 | mutex_unlock(lock: &rxnet->local_mutex); |
312 | _leave(" = -EADDRINUSE" ); |
313 | return ERR_PTR(error: -EADDRINUSE); |
314 | } |
315 | |
316 | /* |
317 | * Get a ref on a local endpoint. |
318 | */ |
319 | struct rxrpc_local *rxrpc_get_local(struct rxrpc_local *local, |
320 | enum rxrpc_local_trace why) |
321 | { |
322 | int r, u; |
323 | |
324 | u = atomic_read(v: &local->active_users); |
325 | __refcount_inc(r: &local->ref, oldp: &r); |
326 | trace_rxrpc_local(local_debug_id: local->debug_id, op: why, ref: r + 1, usage: u); |
327 | return local; |
328 | } |
329 | |
330 | /* |
331 | * Get a ref on a local endpoint unless its usage has already reached 0. |
332 | */ |
333 | struct rxrpc_local *rxrpc_get_local_maybe(struct rxrpc_local *local, |
334 | enum rxrpc_local_trace why) |
335 | { |
336 | int r, u; |
337 | |
338 | if (local && __refcount_inc_not_zero(r: &local->ref, oldp: &r)) { |
339 | u = atomic_read(v: &local->active_users); |
340 | trace_rxrpc_local(local_debug_id: local->debug_id, op: why, ref: r + 1, usage: u); |
341 | return local; |
342 | } |
343 | |
344 | return NULL; |
345 | } |
346 | |
347 | /* |
348 | * Drop a ref on a local endpoint. |
349 | */ |
350 | void rxrpc_put_local(struct rxrpc_local *local, enum rxrpc_local_trace why) |
351 | { |
352 | unsigned int debug_id; |
353 | bool dead; |
354 | int r, u; |
355 | |
356 | if (local) { |
357 | debug_id = local->debug_id; |
358 | |
359 | u = atomic_read(v: &local->active_users); |
360 | dead = __refcount_dec_and_test(r: &local->ref, oldp: &r); |
361 | trace_rxrpc_local(local_debug_id: debug_id, op: why, ref: r, usage: u); |
362 | |
363 | if (dead) |
364 | call_rcu(head: &local->rcu, func: rxrpc_local_rcu); |
365 | } |
366 | } |
367 | |
368 | /* |
369 | * Start using a local endpoint. |
370 | */ |
371 | struct rxrpc_local *rxrpc_use_local(struct rxrpc_local *local, |
372 | enum rxrpc_local_trace why) |
373 | { |
374 | local = rxrpc_get_local_maybe(local, why: rxrpc_local_get_for_use); |
375 | if (!local) |
376 | return NULL; |
377 | |
378 | if (!__rxrpc_use_local(local, why)) { |
379 | rxrpc_put_local(local, why: rxrpc_local_put_for_use); |
380 | return NULL; |
381 | } |
382 | |
383 | return local; |
384 | } |
385 | |
386 | /* |
387 | * Cease using a local endpoint. Once the number of active users reaches 0, we |
388 | * start the closure of the transport in the I/O thread.. |
389 | */ |
390 | void rxrpc_unuse_local(struct rxrpc_local *local, enum rxrpc_local_trace why) |
391 | { |
392 | unsigned int debug_id; |
393 | int r, u; |
394 | |
395 | if (local) { |
396 | debug_id = local->debug_id; |
397 | r = refcount_read(r: &local->ref); |
398 | u = atomic_dec_return(v: &local->active_users); |
399 | trace_rxrpc_local(local_debug_id: debug_id, op: why, ref: r, usage: u); |
400 | if (u == 0) |
401 | kthread_stop(k: local->io_thread); |
402 | } |
403 | } |
404 | |
405 | /* |
406 | * Destroy a local endpoint's socket and then hand the record to RCU to dispose |
407 | * of. |
408 | * |
409 | * Closing the socket cannot be done from bottom half context or RCU callback |
410 | * context because it might sleep. |
411 | */ |
412 | void rxrpc_destroy_local(struct rxrpc_local *local) |
413 | { |
414 | struct socket *socket = local->socket; |
415 | struct rxrpc_net *rxnet = local->rxnet; |
416 | |
417 | _enter("%d" , local->debug_id); |
418 | |
419 | local->dead = true; |
420 | |
421 | mutex_lock(&rxnet->local_mutex); |
422 | hlist_del_init_rcu(n: &local->link); |
423 | mutex_unlock(lock: &rxnet->local_mutex); |
424 | |
425 | rxrpc_clean_up_local_conns(local); |
426 | rxrpc_service_connection_reaper(&rxnet->service_conn_reaper); |
427 | ASSERT(!local->service); |
428 | |
429 | if (socket) { |
430 | local->socket = NULL; |
431 | kernel_sock_shutdown(sock: socket, how: SHUT_RDWR); |
432 | socket->sk->sk_user_data = NULL; |
433 | sock_release(sock: socket); |
434 | } |
435 | |
436 | /* At this point, there should be no more packets coming in to the |
437 | * local endpoint. |
438 | */ |
439 | #ifdef CONFIG_AF_RXRPC_INJECT_RX_DELAY |
440 | rxrpc_purge_queue(&local->rx_delay_queue); |
441 | #endif |
442 | rxrpc_purge_queue(&local->rx_queue); |
443 | rxrpc_purge_client_connections(local); |
444 | } |
445 | |
446 | /* |
447 | * Destroy a local endpoint after the RCU grace period expires. |
448 | */ |
449 | static void rxrpc_local_rcu(struct rcu_head *rcu) |
450 | { |
451 | struct rxrpc_local *local = container_of(rcu, struct rxrpc_local, rcu); |
452 | |
453 | rxrpc_see_local(local, why: rxrpc_local_free); |
454 | kfree(objp: local); |
455 | } |
456 | |
457 | /* |
458 | * Verify the local endpoint list is empty by this point. |
459 | */ |
460 | void rxrpc_destroy_all_locals(struct rxrpc_net *rxnet) |
461 | { |
462 | struct rxrpc_local *local; |
463 | |
464 | _enter("" ); |
465 | |
466 | flush_workqueue(rxrpc_workqueue); |
467 | |
468 | if (!hlist_empty(h: &rxnet->local_endpoints)) { |
469 | mutex_lock(&rxnet->local_mutex); |
470 | hlist_for_each_entry(local, &rxnet->local_endpoints, link) { |
471 | pr_err("AF_RXRPC: Leaked local %p {%d}\n" , |
472 | local, refcount_read(&local->ref)); |
473 | } |
474 | mutex_unlock(lock: &rxnet->local_mutex); |
475 | BUG(); |
476 | } |
477 | } |
478 | |