Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: b5036cd4ed
Branches Tags
linux_kernel
/
net
/
rxrpc
/
conn_service.c

conn_service.c 6.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230 
  1. /* Service connection management
    2. 

  2.  *
    3. 

  3.  * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
    4. 

  4.  * Written by David Howells (dhowells@redhat.com)
    5. 

  5.  *
    6. 

  6.  * This program is free software; you can redistribute it and/or
    7. 

  7.  * modify it under the terms of the GNU General Public Licence
    8. 

  8.  * as published by the Free Software Foundation; either version
    9. 

  9.  * 2 of the Licence, or (at your option) any later version.
    10. 

  10.  */
    11. 

  11. 

  12. #include <linux/slab.h>
    13. 

  13. #include "ar-internal.h"
    14. 

  14. 

  15. /*
    16. 

  16.  * Find a service connection under RCU conditions.
    17. 

  17.  *
    18. 

  18.  * We could use a hash table, but that is subject to bucket stuffing by an
    19. 

  19.  * attacker as the client gets to pick the epoch and cid values and would know
    20. 

  20.  * the hash function.  So, instead, we use a hash table for the peer and from
    21. 

  21.  * that an rbtree to find the service connection.  Under ordinary circumstances
    22. 

  22.  * it might be slower than a large hash table, but it is at least limited in
    23. 

  23.  * depth.
    24. 

  24.  */
    25. 

  25. struct rxrpc_connection *rxrpc_find_service_conn_rcu(struct rxrpc_peer *peer,
    26. 

  26. 						     struct sk_buff *skb)
    27. 

  27. {
    28. 

  28. 	struct rxrpc_connection *conn = NULL;
    29. 

  29. 	struct rxrpc_conn_proto k;
    30. 

  30. 	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
    31. 

  31. 	struct rb_node *p;
    32. 

  32. 	unsigned int seq = 0;
    33. 

  33. 

  34. 	k.epoch	= sp->hdr.epoch;
    35. 

  35. 	k.cid	= sp->hdr.cid & RXRPC_CIDMASK;
    36. 

  36. 

  37. 	do {
    38. 

  38. 		/* Unfortunately, rbtree walking doesn't give reliable results
    39. 

  39. 		 * under just the RCU read lock, so we have to check for
    40. 

  40. 		 * changes.
    41. 

  41. 		 */
    42. 

  42. 		read_seqbegin_or_lock(&peer->service_conn_lock, &seq);
    43. 

  43. 

  44. 		p = rcu_dereference_raw(peer->service_conns.rb_node);
    45. 

  45. 		while (p) {
    46. 

  46. 			conn = rb_entry(p, struct rxrpc_connection, service_node);
    47. 

  47. 

  48. 			if (conn->proto.index_key < k.index_key)
    49. 

  49. 				p = rcu_dereference_raw(p->rb_left);
    50. 

  50. 			else if (conn->proto.index_key > k.index_key)
    51. 

  51. 				p = rcu_dereference_raw(p->rb_right);
    52. 

  52. 			else
    53. 

  53. 				goto done;
    54. 

  54. 			conn = NULL;
    55. 

  55. 		}
    56. 

  56. 	} while (need_seqretry(&peer->service_conn_lock, seq));
    57. 

  57. 

  58. done:
    59. 

  59. 	done_seqretry(&peer->service_conn_lock, seq);
    60. 

  60. 	_leave(" = %d", conn ? conn->debug_id : -1);
    61. 

  61. 	return conn;
    62. 

  62. }
    63. 

  63. 

  64. /*
    65. 

  65.  * Insert a service connection into a peer's tree, thereby making it a target
    66. 

  66.  * for incoming packets.
    67. 

  67.  */
    68. 

  68. static struct rxrpc_connection *
    69. 

  69. rxrpc_publish_service_conn(struct rxrpc_peer *peer,
    70. 

  70. 			   struct rxrpc_connection *conn)
    71. 

  71. {
    72. 

  72. 	struct rxrpc_connection *cursor = NULL;
    73. 

  73. 	struct rxrpc_conn_proto k = conn->proto;
    74. 

  74. 	struct rb_node **pp, *parent;
    75. 

  75. 

  76. 	write_seqlock_bh(&peer->service_conn_lock);
    77. 

  77. 

  78. 	pp = &peer->service_conns.rb_node;
    79. 

  79. 	parent = NULL;
    80. 

  80. 	while (*pp) {
    81. 

  81. 		parent = *pp;
    82. 

  82. 		cursor = rb_entry(parent,
    83. 

  83. 				  struct rxrpc_connection, service_node);
    84. 

  84. 

  85. 		if (cursor->proto.index_key < k.index_key)
    86. 

  86. 			pp = &(*pp)->rb_left;
    87. 

  87. 		else if (cursor->proto.index_key > k.index_key)
    88. 

  88. 			pp = &(*pp)->rb_right;
    89. 

  89. 		else
    90. 

  90. 			goto found_extant_conn;
    91. 

  91. 	}
    92. 

  92. 

  93. 	rb_link_node_rcu(&conn->service_node, parent, pp);
    94. 

  94. 	rb_insert_color(&conn->service_node, &peer->service_conns);
    95. 

  95. conn_published:
    96. 

  96. 	set_bit(RXRPC_CONN_IN_SERVICE_CONNS, &conn->flags);
    97. 

  97. 	write_sequnlock_bh(&peer->service_conn_lock);
    98. 

  98. 	_leave(" = %d [new]", conn->debug_id);
    99. 

  99. 	return conn;
    100. 

  100. 

  101. found_extant_conn:
    102. 

  102. 	if (atomic_read(&cursor->usage) == 0)
    103. 

  103. 		goto replace_old_connection;
    104. 

  104. 	write_sequnlock_bh(&peer->service_conn_lock);
    105. 

  105. 	/* We should not be able to get here.  rxrpc_incoming_connection() is
    106. 

  106. 	 * called in a non-reentrant context, so there can't be a race to
    107. 

  107. 	 * insert a new connection.
    108. 

  108. 	 */
    109. 

  109. 	BUG();
    110. 

  110. 

  111. replace_old_connection:
    112. 

  112. 	/* The old connection is from an outdated epoch. */
    113. 

  113. 	_debug("replace conn");
    114. 

  114. 	rb_replace_node_rcu(&cursor->service_node,
    115. 

  115. 			    &conn->service_node,
    116. 

  116. 			    &peer->service_conns);
    117. 

  117. 	clear_bit(RXRPC_CONN_IN_SERVICE_CONNS, &cursor->flags);
    118. 

  118. 	goto conn_published;
    119. 

  119. }
    120. 

  120. 

  121. /*
    122. 

  122.  * get a record of an incoming connection
    123. 

  123.  */
    124. 

  124. struct rxrpc_connection *rxrpc_incoming_connection(struct rxrpc_local *local,
    125. 

  125. 						   struct sockaddr_rxrpc *srx,
    126. 

  126. 						   struct sk_buff *skb)
    127. 

  127. {
    128. 

  128. 	struct rxrpc_connection *conn;
    129. 

  129. 	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
    130. 

  130. 	struct rxrpc_peer *peer;
    131. 

  131. 	const char *new = "old";
    132. 

  132. 

  133. 	_enter("");
    134. 

  134. 

  135. 	peer = rxrpc_lookup_peer(local, srx, GFP_NOIO);
    136. 

  136. 	if (!peer) {
    137. 

  137. 		_debug("no peer");
    138. 

  138. 		return ERR_PTR(-EBUSY);
    139. 

  139. 	}
    140. 

  140. 

  141. 	ASSERT(sp->hdr.flags & RXRPC_CLIENT_INITIATED);
    142. 

  142. 

  143. 	rcu_read_lock();
    144. 

  144. 	peer = rxrpc_lookup_peer_rcu(local, srx);
    145. 

  145. 	if (peer) {
    146. 

  146. 		conn = rxrpc_find_service_conn_rcu(peer, skb);
    147. 

  147. 		if (conn) {
    148. 

  148. 			if (sp->hdr.securityIndex != conn->security_ix)
    149. 

  149. 				goto security_mismatch_rcu;
    150. 

  150. 			if (rxrpc_get_connection_maybe(conn))
    151. 

  151. 				goto found_extant_connection_rcu;
    152. 

  152. 

  153. 			/* The conn has expired but we can't remove it without
    154. 

  154. 			 * the appropriate lock, so we attempt to replace it
    155. 

  155. 			 * when we have a new candidate.
    156. 

  156. 			 */
    157. 

  157. 		}
    158. 

  158. 

  159. 		if (!rxrpc_get_peer_maybe(peer))
    160. 

  160. 			peer = NULL;
    161. 

  161. 	}
    162. 

  162. 	rcu_read_unlock();
    163. 

  163. 

  164. 	if (!peer) {
    165. 

  165. 		peer = rxrpc_lookup_peer(local, srx, GFP_NOIO);
    166. 

  166. 		if (!peer)
    167. 

  167. 			goto enomem;
    168. 

  168. 	}
    169. 

  169. 

  170. 	/* We don't have a matching record yet. */
    171. 

  171. 	conn = rxrpc_alloc_connection(GFP_NOIO);
    172. 

  172. 	if (!conn)
    173. 

  173. 		goto enomem_peer;
    174. 

  174. 

  175. 	conn->proto.epoch	= sp->hdr.epoch;
    176. 

  176. 	conn->proto.cid		= sp->hdr.cid & RXRPC_CIDMASK;
    177. 

  177. 	conn->params.local	= local;
    178. 

  178. 	conn->params.peer	= peer;
    179. 

  179. 	conn->params.service_id	= sp->hdr.serviceId;
    180. 

  180. 	conn->security_ix	= sp->hdr.securityIndex;
    181. 

  181. 	conn->out_clientflag	= 0;
    182. 

  182. 	conn->state		= RXRPC_CONN_SERVICE;
    183. 

  183. 	if (conn->params.service_id)
    184. 

  184. 		conn->state	= RXRPC_CONN_SERVICE_UNSECURED;
    185. 

  185. 

  186. 	rxrpc_get_local(local);
    187. 

  187. 

  188. 	write_lock(&rxrpc_connection_lock);
    189. 

  189. 	list_add_tail(&conn->link, &rxrpc_connections);
    190. 

  190. 	write_unlock(&rxrpc_connection_lock);
    191. 

  191. 

  192. 	/* Make the connection a target for incoming packets. */
    193. 

  193. 	rxrpc_publish_service_conn(peer, conn);
    194. 

  194. 

  195. 	new = "new";
    196. 

  196. 

  197. success:
    198. 

  198. 	_net("CONNECTION %s %d {%x}", new, conn->debug_id, conn->proto.cid);
    199. 

  199. 	_leave(" = %p {u=%d}", conn, atomic_read(&conn->usage));
    200. 

  200. 	return conn;
    201. 

  201. 

  202. found_extant_connection_rcu:
    203. 

  203. 	rcu_read_unlock();
    204. 

  204. 	goto success;
    205. 

  205. 

  206. security_mismatch_rcu:
    207. 

  207. 	rcu_read_unlock();
    208. 

  208. 	_leave(" = -EKEYREJECTED");
    209. 

  209. 	return ERR_PTR(-EKEYREJECTED);
    210. 

  210. 

  211. enomem_peer:
    212. 

  212. 	rxrpc_put_peer(peer);
    213. 

  213. enomem:
    214. 

  214. 	_leave(" = -ENOMEM");
    215. 

  215. 	return ERR_PTR(-ENOMEM);
    216. 

  216. }
    217. 

  217. 

  218. /*
    219. 

  219.  * Remove the service connection from the peer's tree, thereby removing it as a
    220. 

  220.  * target for incoming packets.
    221. 

  221.  */
    222. 

  222. void rxrpc_unpublish_service_conn(struct rxrpc_connection *conn)
    223. 

  223. {
    224. 

  224. 	struct rxrpc_peer *peer = conn->params.peer;
    225. 

  225. 

  226. 	write_seqlock_bh(&peer->service_conn_lock);
    227. 

  227. 	if (test_and_clear_bit(RXRPC_CONN_IN_SERVICE_CONNS, &conn->flags))
    228. 

  228. 		rb_erase(&conn->service_node, &peer->service_conns);
    229. 

  229. 	write_sequnlock_bh(&peer->service_conn_lock);
    230. 

  230. }
    231.