• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* RxRPC virtual connection handler, common bits.
2  *
3  * Copyright (C) 2007, 2016 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  */
11 
12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13 
14 #include <linux/module.h>
15 #include <linux/slab.h>
16 #include <linux/net.h>
17 #include <linux/skbuff.h>
18 #include "ar-internal.h"
19 
20 /*
21  * Time till a connection expires after last use (in seconds).
22  */
23 unsigned int rxrpc_connection_expiry = 10 * 60;
24 
25 static void rxrpc_connection_reaper(struct work_struct *work);
26 
27 LIST_HEAD(rxrpc_connections);
28 LIST_HEAD(rxrpc_connection_proc_list);
29 DEFINE_RWLOCK(rxrpc_connection_lock);
30 static DECLARE_DELAYED_WORK(rxrpc_connection_reap, rxrpc_connection_reaper);
31 
32 static void rxrpc_destroy_connection(struct rcu_head *);
33 
34 /*
35  * allocate a new connection
36  */
rxrpc_alloc_connection(gfp_t gfp)37 struct rxrpc_connection *rxrpc_alloc_connection(gfp_t gfp)
38 {
39 	struct rxrpc_connection *conn;
40 
41 	_enter("");
42 
43 	conn = kzalloc(sizeof(struct rxrpc_connection), gfp);
44 	if (conn) {
45 		INIT_LIST_HEAD(&conn->cache_link);
46 		spin_lock_init(&conn->channel_lock);
47 		INIT_LIST_HEAD(&conn->waiting_calls);
48 		INIT_WORK(&conn->processor, &rxrpc_process_connection);
49 		INIT_LIST_HEAD(&conn->proc_link);
50 		INIT_LIST_HEAD(&conn->link);
51 		skb_queue_head_init(&conn->rx_queue);
52 		conn->security = &rxrpc_no_security;
53 		spin_lock_init(&conn->state_lock);
54 		conn->debug_id = atomic_inc_return(&rxrpc_debug_id);
55 		conn->size_align = 4;
56 		conn->idle_timestamp = jiffies;
57 	}
58 
59 	_leave(" = %p{%d}", conn, conn ? conn->debug_id : 0);
60 	return conn;
61 }
62 
63 /*
64  * Look up a connection in the cache by protocol parameters.
65  *
66  * If successful, a pointer to the connection is returned, but no ref is taken.
67  * NULL is returned if there is no match.
68  *
69  * The caller must be holding the RCU read lock.
70  */
rxrpc_find_connection_rcu(struct rxrpc_local * local,struct sk_buff * skb)71 struct rxrpc_connection *rxrpc_find_connection_rcu(struct rxrpc_local *local,
72 						   struct sk_buff *skb)
73 {
74 	struct rxrpc_connection *conn;
75 	struct rxrpc_conn_proto k;
76 	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
77 	struct sockaddr_rxrpc srx;
78 	struct rxrpc_peer *peer;
79 
80 	_enter(",%x", sp->hdr.cid & RXRPC_CIDMASK);
81 
82 	if (rxrpc_extract_addr_from_skb(&srx, skb) < 0)
83 		goto not_found;
84 
85 	k.epoch	= sp->hdr.epoch;
86 	k.cid	= sp->hdr.cid & RXRPC_CIDMASK;
87 
88 	/* We may have to handle mixing IPv4 and IPv6 */
89 	if (srx.transport.family != local->srx.transport.family) {
90 		pr_warn_ratelimited("AF_RXRPC: Protocol mismatch %u not %u\n",
91 				    srx.transport.family,
92 				    local->srx.transport.family);
93 		goto not_found;
94 	}
95 
96 	k.epoch	= sp->hdr.epoch;
97 	k.cid	= sp->hdr.cid & RXRPC_CIDMASK;
98 
99 	if (sp->hdr.flags & RXRPC_CLIENT_INITIATED) {
100 		/* We need to look up service connections by the full protocol
101 		 * parameter set.  We look up the peer first as an intermediate
102 		 * step and then the connection from the peer's tree.
103 		 */
104 		peer = rxrpc_lookup_peer_rcu(local, &srx);
105 		if (!peer)
106 			goto not_found;
107 		conn = rxrpc_find_service_conn_rcu(peer, skb);
108 		if (!conn || atomic_read(&conn->usage) == 0)
109 			goto not_found;
110 		_leave(" = %p", conn);
111 		return conn;
112 	} else {
113 		/* Look up client connections by connection ID alone as their
114 		 * IDs are unique for this machine.
115 		 */
116 		conn = idr_find(&rxrpc_client_conn_ids,
117 				sp->hdr.cid >> RXRPC_CIDSHIFT);
118 		if (!conn || atomic_read(&conn->usage) == 0) {
119 			_debug("no conn");
120 			goto not_found;
121 		}
122 
123 		if (conn->proto.epoch != k.epoch ||
124 		    conn->params.local != local)
125 			goto not_found;
126 
127 		peer = conn->params.peer;
128 		switch (srx.transport.family) {
129 		case AF_INET:
130 			if (peer->srx.transport.sin.sin_port !=
131 			    srx.transport.sin.sin_port ||
132 			    peer->srx.transport.sin.sin_addr.s_addr !=
133 			    srx.transport.sin.sin_addr.s_addr)
134 				goto not_found;
135 			break;
136 #ifdef CONFIG_AF_RXRPC_IPV6
137 		case AF_INET6:
138 			if (peer->srx.transport.sin6.sin6_port !=
139 			    srx.transport.sin6.sin6_port ||
140 			    memcmp(&peer->srx.transport.sin6.sin6_addr,
141 				   &srx.transport.sin6.sin6_addr,
142 				   sizeof(struct in6_addr)) != 0)
143 				goto not_found;
144 			break;
145 #endif
146 		default:
147 			BUG();
148 		}
149 
150 		_leave(" = %p", conn);
151 		return conn;
152 	}
153 
154 not_found:
155 	_leave(" = NULL");
156 	return NULL;
157 }
158 
159 /*
160  * Disconnect a call and clear any channel it occupies when that call
161  * terminates.  The caller must hold the channel_lock and must release the
162  * call's ref on the connection.
163  */
__rxrpc_disconnect_call(struct rxrpc_connection * conn,struct rxrpc_call * call)164 void __rxrpc_disconnect_call(struct rxrpc_connection *conn,
165 			     struct rxrpc_call *call)
166 {
167 	struct rxrpc_channel *chan =
168 		&conn->channels[call->cid & RXRPC_CHANNELMASK];
169 
170 	_enter("%d,%x", conn->debug_id, call->cid);
171 
172 	if (rcu_access_pointer(chan->call) == call) {
173 		/* Save the result of the call so that we can repeat it if necessary
174 		 * through the channel, whilst disposing of the actual call record.
175 		 */
176 		chan->last_service_id = call->service_id;
177 		if (call->abort_code) {
178 			chan->last_abort = call->abort_code;
179 			chan->last_type = RXRPC_PACKET_TYPE_ABORT;
180 		} else {
181 			chan->last_seq = call->rx_hard_ack;
182 			chan->last_type = RXRPC_PACKET_TYPE_ACK;
183 		}
184 		/* Sync with rxrpc_conn_retransmit(). */
185 		smp_wmb();
186 		chan->last_call = chan->call_id;
187 		chan->call_id = chan->call_counter;
188 
189 		rcu_assign_pointer(chan->call, NULL);
190 	}
191 
192 	_leave("");
193 }
194 
195 /*
196  * Disconnect a call and clear any channel it occupies when that call
197  * terminates.
198  */
rxrpc_disconnect_call(struct rxrpc_call * call)199 void rxrpc_disconnect_call(struct rxrpc_call *call)
200 {
201 	struct rxrpc_connection *conn = call->conn;
202 
203 	spin_lock_bh(&conn->params.peer->lock);
204 	hlist_del_init(&call->error_link);
205 	spin_unlock_bh(&conn->params.peer->lock);
206 
207 	if (rxrpc_is_client_call(call))
208 		return rxrpc_disconnect_client_call(call);
209 
210 	spin_lock(&conn->channel_lock);
211 	__rxrpc_disconnect_call(conn, call);
212 	spin_unlock(&conn->channel_lock);
213 
214 	call->conn = NULL;
215 	conn->idle_timestamp = jiffies;
216 	rxrpc_put_connection(conn);
217 }
218 
219 /*
220  * Kill off a connection.
221  */
rxrpc_kill_connection(struct rxrpc_connection * conn)222 void rxrpc_kill_connection(struct rxrpc_connection *conn)
223 {
224 	ASSERT(!rcu_access_pointer(conn->channels[0].call) &&
225 	       !rcu_access_pointer(conn->channels[1].call) &&
226 	       !rcu_access_pointer(conn->channels[2].call) &&
227 	       !rcu_access_pointer(conn->channels[3].call));
228 	ASSERT(list_empty(&conn->cache_link));
229 
230 	write_lock(&rxrpc_connection_lock);
231 	list_del_init(&conn->proc_link);
232 	write_unlock(&rxrpc_connection_lock);
233 
234 	/* Drain the Rx queue.  Note that even though we've unpublished, an
235 	 * incoming packet could still be being added to our Rx queue, so we
236 	 * will need to drain it again in the RCU cleanup handler.
237 	 */
238 	rxrpc_purge_queue(&conn->rx_queue);
239 
240 	/* Leave final destruction to RCU.  The connection processor work item
241 	 * must carry a ref on the connection to prevent us getting here whilst
242 	 * it is queued or running.
243 	 */
244 	call_rcu(&conn->rcu, rxrpc_destroy_connection);
245 }
246 
247 /*
248  * Queue a connection's work processor, getting a ref to pass to the work
249  * queue.
250  */
rxrpc_queue_conn(struct rxrpc_connection * conn)251 bool rxrpc_queue_conn(struct rxrpc_connection *conn)
252 {
253 	const void *here = __builtin_return_address(0);
254 	int n = __atomic_add_unless(&conn->usage, 1, 0);
255 	if (n == 0)
256 		return false;
257 	if (rxrpc_queue_work(&conn->processor))
258 		trace_rxrpc_conn(conn, rxrpc_conn_queued, n + 1, here);
259 	else
260 		rxrpc_put_connection(conn);
261 	return true;
262 }
263 
264 /*
265  * Note the re-emergence of a connection.
266  */
rxrpc_see_connection(struct rxrpc_connection * conn)267 void rxrpc_see_connection(struct rxrpc_connection *conn)
268 {
269 	const void *here = __builtin_return_address(0);
270 	if (conn) {
271 		int n = atomic_read(&conn->usage);
272 
273 		trace_rxrpc_conn(conn, rxrpc_conn_seen, n, here);
274 	}
275 }
276 
277 /*
278  * Get a ref on a connection.
279  */
rxrpc_get_connection(struct rxrpc_connection * conn)280 void rxrpc_get_connection(struct rxrpc_connection *conn)
281 {
282 	const void *here = __builtin_return_address(0);
283 	int n = atomic_inc_return(&conn->usage);
284 
285 	trace_rxrpc_conn(conn, rxrpc_conn_got, n, here);
286 }
287 
288 /*
289  * Try to get a ref on a connection.
290  */
291 struct rxrpc_connection *
rxrpc_get_connection_maybe(struct rxrpc_connection * conn)292 rxrpc_get_connection_maybe(struct rxrpc_connection *conn)
293 {
294 	const void *here = __builtin_return_address(0);
295 
296 	if (conn) {
297 		int n = __atomic_add_unless(&conn->usage, 1, 0);
298 		if (n > 0)
299 			trace_rxrpc_conn(conn, rxrpc_conn_got, n + 1, here);
300 		else
301 			conn = NULL;
302 	}
303 	return conn;
304 }
305 
306 /*
307  * Release a service connection
308  */
rxrpc_put_service_conn(struct rxrpc_connection * conn)309 void rxrpc_put_service_conn(struct rxrpc_connection *conn)
310 {
311 	const void *here = __builtin_return_address(0);
312 	int n;
313 
314 	n = atomic_dec_return(&conn->usage);
315 	trace_rxrpc_conn(conn, rxrpc_conn_put_service, n, here);
316 	ASSERTCMP(n, >=, 0);
317 	if (n == 0)
318 		rxrpc_queue_delayed_work(&rxrpc_connection_reap, 0);
319 }
320 
321 /*
322  * destroy a virtual connection
323  */
rxrpc_destroy_connection(struct rcu_head * rcu)324 static void rxrpc_destroy_connection(struct rcu_head *rcu)
325 {
326 	struct rxrpc_connection *conn =
327 		container_of(rcu, struct rxrpc_connection, rcu);
328 
329 	_enter("{%d,u=%d}", conn->debug_id, atomic_read(&conn->usage));
330 
331 	ASSERTCMP(atomic_read(&conn->usage), ==, 0);
332 
333 	_net("DESTROY CONN %d", conn->debug_id);
334 
335 	rxrpc_purge_queue(&conn->rx_queue);
336 
337 	conn->security->clear(conn);
338 	key_put(conn->params.key);
339 	key_put(conn->server_key);
340 	rxrpc_put_peer(conn->params.peer);
341 	rxrpc_put_local(conn->params.local);
342 
343 	kfree(conn);
344 	_leave("");
345 }
346 
347 /*
348  * reap dead service connections
349  */
rxrpc_connection_reaper(struct work_struct * work)350 static void rxrpc_connection_reaper(struct work_struct *work)
351 {
352 	struct rxrpc_connection *conn, *_p;
353 	unsigned long reap_older_than, earliest, idle_timestamp, now;
354 
355 	LIST_HEAD(graveyard);
356 
357 	_enter("");
358 
359 	now = jiffies;
360 	reap_older_than = now - rxrpc_connection_expiry * HZ;
361 	earliest = ULONG_MAX;
362 
363 	write_lock(&rxrpc_connection_lock);
364 	list_for_each_entry_safe(conn, _p, &rxrpc_connections, link) {
365 		ASSERTCMP(atomic_read(&conn->usage), >, 0);
366 		if (likely(atomic_read(&conn->usage) > 1))
367 			continue;
368 		if (conn->state == RXRPC_CONN_SERVICE_PREALLOC)
369 			continue;
370 
371 		idle_timestamp = READ_ONCE(conn->idle_timestamp);
372 		_debug("reap CONN %d { u=%d,t=%ld }",
373 		       conn->debug_id, atomic_read(&conn->usage),
374 		       (long)reap_older_than - (long)idle_timestamp);
375 
376 		if (time_after(idle_timestamp, reap_older_than)) {
377 			if (time_before(idle_timestamp, earliest))
378 				earliest = idle_timestamp;
379 			continue;
380 		}
381 
382 		/* The usage count sits at 1 whilst the object is unused on the
383 		 * list; we reduce that to 0 to make the object unavailable.
384 		 */
385 		if (atomic_cmpxchg(&conn->usage, 1, 0) != 1)
386 			continue;
387 
388 		if (rxrpc_conn_is_client(conn))
389 			BUG();
390 		else
391 			rxrpc_unpublish_service_conn(conn);
392 
393 		list_move_tail(&conn->link, &graveyard);
394 	}
395 	write_unlock(&rxrpc_connection_lock);
396 
397 	if (earliest != ULONG_MAX) {
398 		_debug("reschedule reaper %ld", (long) earliest - now);
399 		ASSERT(time_after(earliest, now));
400 		rxrpc_queue_delayed_work(&rxrpc_connection_reap,
401 					 earliest - now);
402 	}
403 
404 	while (!list_empty(&graveyard)) {
405 		conn = list_entry(graveyard.next, struct rxrpc_connection,
406 				  link);
407 		list_del_init(&conn->link);
408 
409 		ASSERTCMP(atomic_read(&conn->usage), ==, 0);
410 		rxrpc_kill_connection(conn);
411 	}
412 
413 	_leave("");
414 }
415 
416 /*
417  * preemptively destroy all the service connection records rather than
418  * waiting for them to time out
419  */
rxrpc_destroy_all_connections(void)420 void __exit rxrpc_destroy_all_connections(void)
421 {
422 	struct rxrpc_connection *conn, *_p;
423 	bool leak = false;
424 
425 	_enter("");
426 
427 	rxrpc_destroy_all_client_connections();
428 
429 	rxrpc_connection_expiry = 0;
430 	cancel_delayed_work(&rxrpc_connection_reap);
431 	rxrpc_queue_delayed_work(&rxrpc_connection_reap, 0);
432 	flush_workqueue(rxrpc_workqueue);
433 
434 	write_lock(&rxrpc_connection_lock);
435 	list_for_each_entry_safe(conn, _p, &rxrpc_connections, link) {
436 		pr_err("AF_RXRPC: Leaked conn %p {%d}\n",
437 		       conn, atomic_read(&conn->usage));
438 		leak = true;
439 	}
440 	write_unlock(&rxrpc_connection_lock);
441 	BUG_ON(leak);
442 
443 	ASSERT(list_empty(&rxrpc_connection_proc_list));
444 
445 	/* Make sure the local and peer records pinned by any dying connections
446 	 * are released.
447 	 */
448 	rcu_barrier();
449 	rxrpc_destroy_client_conn_ids();
450 
451 	_leave("");
452 }
453