[linux-2.6-block.git] / net / rxrpc / conn_event.c

/* connection-level event handling
 *
 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version
 * 2 of the License, or (at your option) any later version.
 */

#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

#include <linux/module.h>
#include <linux/net.h>
#include <linux/skbuff.h>
#include <linux/errqueue.h>
#include <net/sock.h>
#include <net/af_rxrpc.h>
#include <net/ip.h>
#include "ar-internal.h"

/*
 * Retransmit terminal ACK or ABORT of the previous call.
 */
static void rxrpc_conn_retransmit_call(struct rxrpc_connection *conn,
				       struct sk_buff *skb,
				       unsigned int channel)
{
	struct rxrpc_skb_priv *sp = skb ? rxrpc_skb(skb) : NULL;
	struct rxrpc_channel *chan;
	struct msghdr msg;
	struct kvec iov;
	struct {
		struct rxrpc_wire_header whdr;
		union {
			struct {
				__be32 code;
			} abort;
			struct {
				struct rxrpc_ackpacket ack;
				u8 padding[3];
				struct rxrpc_ackinfo info;
			};
		};
	} __attribute__((packed)) pkt;
	size_t len;
	u32 serial, mtu, call_id;

	_enter("%d", conn->debug_id);

	chan = &conn->channels[channel];

	/* If the last call got moved on whilst we were waiting to run, just
	 * ignore this packet.
	 */
	call_id = READ_ONCE(chan->last_call);
	/* Sync with __rxrpc_disconnect_call() */
	smp_rmb();
	if (skb && call_id != sp->hdr.callNumber)
		return;

	msg.msg_name	= &conn->params.peer->srx.transport;
	msg.msg_namelen	= conn->params.peer->srx.transport_len;
	msg.msg_control	= NULL;
	msg.msg_controllen = 0;
	msg.msg_flags	= 0;

	pkt.whdr.epoch		= htonl(conn->proto.epoch);
	pkt.whdr.cid		= htonl(conn->proto.cid);
	pkt.whdr.callNumber	= htonl(call_id);
	pkt.whdr.seq		= 0;
	pkt.whdr.type		= chan->last_type;
	pkt.whdr.flags		= conn->out_clientflag;
	pkt.whdr.userStatus	= 0;
	pkt.whdr.securityIndex	= conn->security_ix;
	pkt.whdr._rsvd		= 0;
	pkt.whdr.serviceId	= htons(conn->service_id);

	len = sizeof(pkt.whdr);
	switch (chan->last_type) {
	case RXRPC_PACKET_TYPE_ABORT:
		pkt.abort.code	= htonl(chan->last_abort);
		len += sizeof(pkt.abort);
		break;

	case RXRPC_PACKET_TYPE_ACK:
		mtu = conn->params.peer->if_mtu;
		mtu -= conn->params.peer->hdrsize;
		pkt.ack.bufferSpace	= 0;
		pkt.ack.maxSkew		= htons(skb ? skb->priority : 0);
		pkt.ack.firstPacket	= htonl(chan->last_seq + 1);
		pkt.ack.previousPacket	= htonl(chan->last_seq);
		pkt.ack.serial		= htonl(skb ? sp->hdr.serial : 0);
		pkt.ack.reason		= skb ? RXRPC_ACK_DUPLICATE : RXRPC_ACK_IDLE;
		pkt.ack.nAcks		= 0;
		pkt.info.rxMTU		= htonl(rxrpc_rx_mtu);
		pkt.info.maxMTU		= htonl(mtu);
		pkt.info.rwind		= htonl(rxrpc_rx_window_size);
		pkt.info.jumbo_max	= htonl(rxrpc_rx_jumbo_max);
		pkt.whdr.flags		|= RXRPC_SLOW_START_OK;
		len += sizeof(pkt.ack) + sizeof(pkt.info);
		break;
	}

	/* Resync with __rxrpc_disconnect_call() and check that the last call
	 * didn't get advanced whilst we were filling out the packets.
	 */
	smp_rmb();
	if (READ_ONCE(chan->last_call) != call_id)
		return;

	iov.iov_base	= &pkt;
	iov.iov_len	= len;

	serial = atomic_inc_return(&conn->serial);
	pkt.whdr.serial = htonl(serial);

	switch (chan->last_type) {
	case RXRPC_PACKET_TYPE_ABORT:
		_proto("Tx ABORT %%%u { %d } [re]", serial, conn->local_abort);
		break;
	case RXRPC_PACKET_TYPE_ACK:
		trace_rxrpc_tx_ack(NULL, serial, chan->last_seq, 0,
				   RXRPC_ACK_DUPLICATE, 0);
		_proto("Tx ACK %%%u [re]", serial);
		break;
	}

	kernel_sendmsg(conn->params.local->socket, &msg, &iov, 1, len);
	_leave("");
	return;
}

/*
 * pass a connection-level abort onto all calls on that connection
 */
static void rxrpc_abort_calls(struct rxrpc_connection *conn,
			      enum rxrpc_call_completion compl,
			      u32 abort_code, int error)
{
	struct rxrpc_call *call;
	int i;

	_enter("{%d},%x", conn->debug_id, abort_code);

	spin_lock(&conn->channel_lock);

	for (i = 0; i < RXRPC_MAXCALLS; i++) {
		call = rcu_dereference_protected(
			conn->channels[i].call,
			lockdep_is_held(&conn->channel_lock));
		if (call) {
			if (compl == RXRPC_CALL_LOCALLY_ABORTED)
				trace_rxrpc_abort("CON", call->cid,
						  call->call_id, 0,
						  abort_code, error);
			if (rxrpc_set_call_completion(call, compl,
						      abort_code, error))
				rxrpc_notify_socket(call);
		}
	}

	spin_unlock(&conn->channel_lock);
	_leave("");
}

/*
 * generate a connection-level abort
 */
static int rxrpc_abort_connection(struct rxrpc_connection *conn,
				  int error, u32 abort_code)
{
	struct rxrpc_wire_header whdr;
	struct msghdr msg;
	struct kvec iov[2];
	__be32 word;
	size_t len;
	u32 serial;
	int ret;

	_enter("%d,,%u,%u", conn->debug_id, error, abort_code);

	/* generate a connection-level abort */
	spin_lock_bh(&conn->state_lock);
	if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
		spin_unlock_bh(&conn->state_lock);
		_leave(" = 0 [already dead]");
		return 0;
	}

	conn->state = RXRPC_CONN_LOCALLY_ABORTED;
	spin_unlock_bh(&conn->state_lock);

	rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, abort_code, error);

	msg.msg_name	= &conn->params.peer->srx.transport;
	msg.msg_namelen	= conn->params.peer->srx.transport_len;
	msg.msg_control	= NULL;
	msg.msg_controllen = 0;
	msg.msg_flags	= 0;

	whdr.epoch	= htonl(conn->proto.epoch);
	whdr.cid	= htonl(conn->proto.cid);
	whdr.callNumber	= 0;
	whdr.seq	= 0;
	whdr.type	= RXRPC_PACKET_TYPE_ABORT;
	whdr.flags	= conn->out_clientflag;
	whdr.userStatus	= 0;
	whdr.securityIndex = conn->security_ix;
	whdr._rsvd	= 0;
	whdr.serviceId	= htons(conn->service_id);

	word		= htonl(conn->local_abort);

	iov[0].iov_base	= &whdr;
	iov[0].iov_len	= sizeof(whdr);
	iov[1].iov_base	= &word;
	iov[1].iov_len	= sizeof(word);

	len = iov[0].iov_len + iov[1].iov_len;

	serial = atomic_inc_return(&conn->serial);
	whdr.serial = htonl(serial);
	_proto("Tx CONN ABORT %%%u { %d }", serial, conn->local_abort);

	ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len);
	if (ret < 0) {
		_debug("sendmsg failed: %d", ret);
		return -EAGAIN;
	}

	_leave(" = 0");
	return 0;
}

/*
 * mark a call as being on a now-secured channel
 * - must be called with BH's disabled.
 */
static void rxrpc_call_is_secure(struct rxrpc_call *call)
{
	_enter("%p", call);
	if (call) {
		write_lock_bh(&call->state_lock);
		if (call->state == RXRPC_CALL_SERVER_SECURING) {
			call->state = RXRPC_CALL_SERVER_ACCEPTING;
			rxrpc_notify_socket(call);
		}
		write_unlock_bh(&call->state_lock);
	}
}

/*
 * connection-level Rx packet processor
 */
static int rxrpc_process_event(struct rxrpc_connection *conn,
			       struct sk_buff *skb,
			       u32 *_abort_code)
{
	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
	__be32 wtmp;
	u32 abort_code;
	int loop, ret;

	if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
		_leave(" = -ECONNABORTED [%u]", conn->state);
		return -ECONNABORTED;
	}

	_enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial);

	switch (sp->hdr.type) {
	case RXRPC_PACKET_TYPE_DATA:
	case RXRPC_PACKET_TYPE_ACK:
		rxrpc_conn_retransmit_call(conn, skb,
					   sp->hdr.cid & RXRPC_CHANNELMASK);
		return 0;

	case RXRPC_PACKET_TYPE_BUSY:
		/* Just ignore BUSY packets for now. */
		return 0;

	case RXRPC_PACKET_TYPE_ABORT:
		if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header),
				  &wtmp, sizeof(wtmp)) < 0) {
			trace_rxrpc_rx_eproto(NULL, sp->hdr.serial,
					      tracepoint_string("bad_abort"));
			return -EPROTO;
		}
		abort_code = ntohl(wtmp);
		_proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code);

		conn->state = RXRPC_CONN_REMOTELY_ABORTED;
		rxrpc_abort_calls(conn, RXRPC_CALL_REMOTELY_ABORTED,
				  abort_code, -ECONNABORTED);
		return -ECONNABORTED;

	case RXRPC_PACKET_TYPE_CHALLENGE:
		return conn->security->respond_to_challenge(conn, skb,
							    _abort_code);

	case RXRPC_PACKET_TYPE_RESPONSE:
		ret = conn->security->verify_response(conn, skb, _abort_code);
		if (ret < 0)
			return ret;

		ret = conn->security->init_connection_security(conn);
		if (ret < 0)
			return ret;

		ret = conn->security->prime_packet_security(conn);
		if (ret < 0)
			return ret;

		spin_lock(&conn->channel_lock);
		spin_lock(&conn->state_lock);

		if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) {
			conn->state = RXRPC_CONN_SERVICE;
			spin_unlock(&conn->state_lock);
			for (loop = 0; loop < RXRPC_MAXCALLS; loop++)
				rxrpc_call_is_secure(
					rcu_dereference_protected(
						conn->channels[loop].call,
						lockdep_is_held(&conn->channel_lock)));
		} else {
			spin_unlock(&conn->state_lock);
		}

		spin_unlock(&conn->channel_lock);
		return 0;

	default:
		trace_rxrpc_rx_eproto(NULL, sp->hdr.serial,
				      tracepoint_string("bad_conn_pkt"));
		return -EPROTO;
	}
}

/*
 * set up security and issue a challenge
 */
static void rxrpc_secure_connection(struct rxrpc_connection *conn)
{
	u32 abort_code;
	int ret;

	_enter("{%d}", conn->debug_id);

	ASSERT(conn->security_ix != 0);

	if (!conn->params.key) {
		_debug("set up security");
		ret = rxrpc_init_server_conn_security(conn);
		switch (ret) {
		case 0:
			break;
		case -ENOENT:
			abort_code = RX_CALL_DEAD;
			goto abort;
		default:
			abort_code = RXKADNOAUTH;
			goto abort;
		}
	}

	if (conn->security->issue_challenge(conn) < 0) {
		abort_code = RX_CALL_DEAD;
		ret = -ENOMEM;
		goto abort;
	}

	_leave("");
	return;

abort:
	_debug("abort %d, %d", ret, abort_code);
	rxrpc_abort_connection(conn, ret, abort_code);
	_leave(" [aborted]");
}

/*
 * Process delayed final ACKs that we haven't subsumed into a subsequent call.
 */
static void rxrpc_process_delayed_final_acks(struct rxrpc_connection *conn)
{
	unsigned long j = jiffies, next_j;
	unsigned int channel;
	bool set;

again:
	next_j = j + LONG_MAX;
	set = false;
	for (channel = 0; channel < RXRPC_MAXCALLS; channel++) {
		struct rxrpc_channel *chan = &conn->channels[channel];
		unsigned long ack_at;

		if (!test_bit(RXRPC_CONN_FINAL_ACK_0 + channel, &conn->flags))
			continue;

		smp_rmb(); /* vs rxrpc_disconnect_client_call */
		ack_at = READ_ONCE(chan->final_ack_at);

		if (time_before(j, ack_at)) {
			if (time_before(ack_at, next_j)) {
				next_j = ack_at;
				set = true;
			}
			continue;
		}

		if (test_and_clear_bit(RXRPC_CONN_FINAL_ACK_0 + channel,
				       &conn->flags))
			rxrpc_conn_retransmit_call(conn, NULL, channel);
	}

	j = jiffies;
	if (time_before_eq(next_j, j))
		goto again;
	if (set)
		rxrpc_reduce_conn_timer(conn, next_j);
}

/*
 * connection-level event processor
 */
void rxrpc_process_connection(struct work_struct *work)
{
	struct rxrpc_connection *conn =
		container_of(work, struct rxrpc_connection, processor);
	struct sk_buff *skb;
	u32 abort_code = RX_PROTOCOL_ERROR;
	int ret;

	rxrpc_see_connection(conn);

	if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events))
		rxrpc_secure_connection(conn);

	/* Process delayed ACKs whose time has come. */
	if (conn->flags & RXRPC_CONN_FINAL_ACK_MASK)
		rxrpc_process_delayed_final_acks(conn);

	/* go through the conn-level event packets, releasing the ref on this
	 * connection that each one has when we've finished with it */
	while ((skb = skb_dequeue(&conn->rx_queue))) {
		rxrpc_see_skb(skb, rxrpc_skb_rx_seen);
		ret = rxrpc_process_event(conn, skb, &abort_code);
		switch (ret) {
		case -EPROTO:
		case -EKEYEXPIRED:
		case -EKEYREJECTED:
			goto protocol_error;
		case -EAGAIN:
			goto requeue_and_leave;
		case -ECONNABORTED:
		default:
			rxrpc_free_skb(skb, rxrpc_skb_rx_freed);
			break;
		}
	}

out:
	rxrpc_put_connection(conn);
	_leave("");
	return;

requeue_and_leave:
	skb_queue_head(&conn->rx_queue, skb);
	goto out;

protocol_error:
	if (rxrpc_abort_connection(conn, ret, abort_code) < 0)
		goto requeue_and_leave;
	rxrpc_free_skb(skb, rxrpc_skb_rx_freed);
	goto out;
}
Commit	Line	Data
17926a79 DH	1	/* connection-level event handling
	2	*
	3	* Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
	4	* Written by David Howells (dhowells@redhat.com)
	5	*
	6	* This program is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU General Public License
	8	* as published by the Free Software Foundation; either version
	9	* 2 of the License, or (at your option) any later version.
	10	*/
	11
9b6d5398 JP	12	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9b6d5398 JP	13
17926a79 DH	14	#include <linux/module.h>
	15	#include <linux/net.h>
	16	#include <linux/skbuff.h>
	17	#include <linux/errqueue.h>
17926a79 DH	18	#include <net/sock.h>
	19	#include <net/af_rxrpc.h>
	20	#include <net/ip.h>
	21	#include "ar-internal.h"
	22
18bfeba5 DH	23	/*
	24	* Retransmit terminal ACK or ABORT of the previous call.
	25	*/
f5c17aae	26	static void rxrpc_conn_retransmit_call(struct rxrpc_connection *conn,
3136ef49 DH	27	struct sk_buff *skb,
3136ef49 DH	28	unsigned int channel)
18bfeba5	29	{
3136ef49	30	struct rxrpc_skb_priv *sp = skb ? rxrpc_skb(skb) : NULL;
18bfeba5 DH	31	struct rxrpc_channel *chan;
	32	struct msghdr msg;
	33	struct kvec iov;
	34	struct {
	35	struct rxrpc_wire_header whdr;
	36	union {
	37	struct {
	38	__be32 code;
	39	} abort;
	40	struct {
	41	struct rxrpc_ackpacket ack;
2266ffde	42	u8 padding[3];
18bfeba5 DH	43	struct rxrpc_ackinfo info;
	44	};
	45	};
	46	} __attribute__((packed)) pkt;
	47	size_t len;
	48	u32 serial, mtu, call_id;
	49
	50	_enter("%d", conn->debug_id);
	51
3136ef49	52	chan = &conn->channels[channel];
18bfeba5 DH	53
	54	/* If the last call got moved on whilst we were waiting to run, just
	55	* ignore this packet.
	56	*/
	57	call_id = READ_ONCE(chan->last_call);
	58	/* Sync with __rxrpc_disconnect_call() */
	59	smp_rmb();
3136ef49	60	if (skb && call_id != sp->hdr.callNumber)
18bfeba5 DH	61	return;
	62
	63	msg.msg_name = &conn->params.peer->srx.transport;
	64	msg.msg_namelen = conn->params.peer->srx.transport_len;
	65	msg.msg_control = NULL;
	66	msg.msg_controllen = 0;
	67	msg.msg_flags = 0;
	68
3136ef49 DH	69	pkt.whdr.epoch = htonl(conn->proto.epoch);
	70	pkt.whdr.cid = htonl(conn->proto.cid);
	71	pkt.whdr.callNumber = htonl(call_id);
18bfeba5 DH	72	pkt.whdr.seq = 0;
	73	pkt.whdr.type = chan->last_type;
	74	pkt.whdr.flags = conn->out_clientflag;
	75	pkt.whdr.userStatus = 0;
	76	pkt.whdr.securityIndex = conn->security_ix;
	77	pkt.whdr._rsvd = 0;
68d6d1ae	78	pkt.whdr.serviceId = htons(conn->service_id);
18bfeba5 DH	79
	80	len = sizeof(pkt.whdr);
	81	switch (chan->last_type) {
	82	case RXRPC_PACKET_TYPE_ABORT:
	83	pkt.abort.code = htonl(chan->last_abort);
	84	len += sizeof(pkt.abort);
	85	break;
	86
	87	case RXRPC_PACKET_TYPE_ACK:
	88	mtu = conn->params.peer->if_mtu;
	89	mtu -= conn->params.peer->hdrsize;
	90	pkt.ack.bufferSpace = 0;
3136ef49 DH	91	pkt.ack.maxSkew = htons(skb ? skb->priority : 0);
	92	pkt.ack.firstPacket = htonl(chan->last_seq + 1);
	93	pkt.ack.previousPacket = htonl(chan->last_seq);
	94	pkt.ack.serial = htonl(skb ? sp->hdr.serial : 0);
	95	pkt.ack.reason = skb ? RXRPC_ACK_DUPLICATE : RXRPC_ACK_IDLE;
18bfeba5 DH	96	pkt.ack.nAcks = 0;
	97	pkt.info.rxMTU = htonl(rxrpc_rx_mtu);
	98	pkt.info.maxMTU = htonl(mtu);
	99	pkt.info.rwind = htonl(rxrpc_rx_window_size);
	100	pkt.info.jumbo_max = htonl(rxrpc_rx_jumbo_max);
57494343	101	pkt.whdr.flags \|= RXRPC_SLOW_START_OK;
18bfeba5 DH	102	len += sizeof(pkt.ack) + sizeof(pkt.info);
	103	break;
	104	}
	105
	106	/* Resync with __rxrpc_disconnect_call() and check that the last call
	107	* didn't get advanced whilst we were filling out the packets.
	108	*/
	109	smp_rmb();
	110	if (READ_ONCE(chan->last_call) != call_id)
	111	return;
	112
	113	iov.iov_base = &pkt;
	114	iov.iov_len = len;
	115
	116	serial = atomic_inc_return(&conn->serial);
	117	pkt.whdr.serial = htonl(serial);
	118
	119	switch (chan->last_type) {
	120	case RXRPC_PACKET_TYPE_ABORT:
	121	_proto("Tx ABORT %%%u { %d } [re]", serial, conn->local_abort);
	122	break;
	123	case RXRPC_PACKET_TYPE_ACK:
be832aec DH	124	trace_rxrpc_tx_ack(NULL, serial, chan->last_seq, 0,
be832aec DH	125	RXRPC_ACK_DUPLICATE, 0);
18bfeba5 DH	126	_proto("Tx ACK %%%u [re]", serial);
	127	break;
	128	}
	129
	130	kernel_sendmsg(conn->params.local->socket, &msg, &iov, 1, len);
	131	_leave("");
	132	return;
	133	}
	134
17926a79 DH	135	/*
	136	* pass a connection-level abort onto all calls on that connection
	137	*/
f5c17aae DH	138	static void rxrpc_abort_calls(struct rxrpc_connection *conn,
	139	enum rxrpc_call_completion compl,
	140	u32 abort_code, int error)
17926a79 DH	141	{
17926a79 DH	142	struct rxrpc_call *call;
248f219c	143	int i;
17926a79 DH	144
	145	_enter("{%d},%x", conn->debug_id, abort_code);
	146
a1399f8b	147	spin_lock(&conn->channel_lock);
17926a79	148
a1399f8b DH	149	for (i = 0; i < RXRPC_MAXCALLS; i++) {
	150	call = rcu_dereference_protected(
	151	conn->channels[i].call,
	152	lockdep_is_held(&conn->channel_lock));
ccbd3dbe	153	if (call) {
5a42976d DH	154	if (compl == RXRPC_CALL_LOCALLY_ABORTED)
	155	trace_rxrpc_abort("CON", call->cid,
	156	call->call_id, 0,
	157	abort_code, error);
248f219c DH	158	if (rxrpc_set_call_completion(call, compl,
	159	abort_code, error))
	160	rxrpc_notify_socket(call);
17926a79	161	}
17926a79 DH	162	}
17926a79 DH	163
a1399f8b	164	spin_unlock(&conn->channel_lock);
17926a79 DH	165	_leave("");
	166	}
	167
	168	/*
	169	* generate a connection-level abort
	170	*/
	171	static int rxrpc_abort_connection(struct rxrpc_connection *conn,
3a92789a	172	int error, u32 abort_code)
17926a79	173	{
0d12f8a4	174	struct rxrpc_wire_header whdr;
17926a79 DH	175	struct msghdr msg;
	176	struct kvec iov[2];
	177	__be32 word;
	178	size_t len;
0d12f8a4	179	u32 serial;
17926a79 DH	180	int ret;
	181
	182	_enter("%d,,%u,%u", conn->debug_id, error, abort_code);
	183
	184	/* generate a connection-level abort */
	185	spin_lock_bh(&conn->state_lock);
f5c17aae	186	if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
17926a79 DH	187	spin_unlock_bh(&conn->state_lock);
	188	_leave(" = 0 [already dead]");
	189	return 0;
	190	}
	191
f5c17aae DH	192	conn->state = RXRPC_CONN_LOCALLY_ABORTED;
	193	spin_unlock_bh(&conn->state_lock);
	194
	195	rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, abort_code, error);
17926a79	196
85f32278 DH	197	msg.msg_name = &conn->params.peer->srx.transport;
85f32278 DH	198	msg.msg_namelen = conn->params.peer->srx.transport_len;
17926a79 DH	199	msg.msg_control = NULL;
	200	msg.msg_controllen = 0;
	201	msg.msg_flags = 0;
	202
19ffa01c DH	203	whdr.epoch = htonl(conn->proto.epoch);
19ffa01c DH	204	whdr.cid = htonl(conn->proto.cid);
0d12f8a4 DH	205	whdr.callNumber = 0;
	206	whdr.seq = 0;
	207	whdr.type = RXRPC_PACKET_TYPE_ABORT;
	208	whdr.flags = conn->out_clientflag;
	209	whdr.userStatus = 0;
	210	whdr.securityIndex = conn->security_ix;
	211	whdr._rsvd = 0;
68d6d1ae	212	whdr.serviceId = htons(conn->service_id);
17926a79	213
dc44b3a0	214	word = htonl(conn->local_abort);
17926a79	215
0d12f8a4 DH	216	iov[0].iov_base = &whdr;
0d12f8a4 DH	217	iov[0].iov_len = sizeof(whdr);
17926a79 DH	218	iov[1].iov_base = &word;
	219	iov[1].iov_len = sizeof(word);
	220
	221	len = iov[0].iov_len + iov[1].iov_len;
	222
0d12f8a4 DH	223	serial = atomic_inc_return(&conn->serial);
0d12f8a4 DH	224	whdr.serial = htonl(serial);
dc44b3a0	225	_proto("Tx CONN ABORT %%%u { %d }", serial, conn->local_abort);
17926a79	226
85f32278	227	ret = kernel_sendmsg(conn->params.local->socket, &msg, iov, 2, len);
17926a79 DH	228	if (ret < 0) {
	229	_debug("sendmsg failed: %d", ret);
	230	return -EAGAIN;
	231	}
	232
	233	_leave(" = 0");
	234	return 0;
	235	}
	236
	237	/*
	238	* mark a call as being on a now-secured channel
248f219c	239	* - must be called with BH's disabled.
17926a79	240	*/
5eaa65b2	241	static void rxrpc_call_is_secure(struct rxrpc_call *call)
17926a79 DH	242	{
	243	_enter("%p", call);
	244	if (call) {
248f219c DH	245	write_lock_bh(&call->state_lock);
	246	if (call->state == RXRPC_CALL_SERVER_SECURING) {
	247	call->state = RXRPC_CALL_SERVER_ACCEPTING;
	248	rxrpc_notify_socket(call);
	249	}
	250	write_unlock_bh(&call->state_lock);
17926a79 DH	251	}
	252	}
	253
	254	/*
	255	* connection-level Rx packet processor
	256	*/
	257	static int rxrpc_process_event(struct rxrpc_connection *conn,
	258	struct sk_buff *skb,
	259	u32 *_abort_code)
	260	{
	261	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
0d12f8a4 DH	262	__be32 wtmp;
0d12f8a4 DH	263	u32 abort_code;
17926a79 DH	264	int loop, ret;
17926a79 DH	265
519d2567	266	if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
248f219c	267	_leave(" = -ECONNABORTED [%u]", conn->state);
17926a79	268	return -ECONNABORTED;
519d2567	269	}
17926a79	270
0d12f8a4	271	_enter("{%d},{%u,%%%u},", conn->debug_id, sp->hdr.type, sp->hdr.serial);
519d2567	272
17926a79	273	switch (sp->hdr.type) {
18bfeba5 DH	274	case RXRPC_PACKET_TYPE_DATA:
18bfeba5 DH	275	case RXRPC_PACKET_TYPE_ACK:
3136ef49 DH	276	rxrpc_conn_retransmit_call(conn, skb,
3136ef49 DH	277	sp->hdr.cid & RXRPC_CHANNELMASK);
18bfeba5 DH	278	return 0;
18bfeba5 DH	279
4d4a6ac7 DH	280	case RXRPC_PACKET_TYPE_BUSY:
	281	/* Just ignore BUSY packets for now. */
	282	return 0;
	283
17926a79	284	case RXRPC_PACKET_TYPE_ABORT:
775e5b71	285	if (skb_copy_bits(skb, sizeof(struct rxrpc_wire_header),
fb46f6ee DH	286	&wtmp, sizeof(wtmp)) < 0) {
	287	trace_rxrpc_rx_eproto(NULL, sp->hdr.serial,
	288	tracepoint_string("bad_abort"));
17926a79	289	return -EPROTO;
fb46f6ee	290	}
0d12f8a4 DH	291	abort_code = ntohl(wtmp);
0d12f8a4 DH	292	_proto("Rx ABORT %%%u { ac=%d }", sp->hdr.serial, abort_code);
17926a79 DH	293
17926a79 DH	294	conn->state = RXRPC_CONN_REMOTELY_ABORTED;
248f219c	295	rxrpc_abort_calls(conn, RXRPC_CALL_REMOTELY_ABORTED,
3a92789a	296	abort_code, -ECONNABORTED);
17926a79 DH	297	return -ECONNABORTED;
	298
	299	case RXRPC_PACKET_TYPE_CHALLENGE:
e0e4d82f DH	300	return conn->security->respond_to_challenge(conn, skb,
e0e4d82f DH	301	_abort_code);
17926a79 DH	302
17926a79 DH	303	case RXRPC_PACKET_TYPE_RESPONSE:
17926a79 DH	304	ret = conn->security->verify_response(conn, skb, _abort_code);
	305	if (ret < 0)
	306	return ret;
	307
	308	ret = conn->security->init_connection_security(conn);
	309	if (ret < 0)
	310	return ret;
	311
a263629d HX	312	ret = conn->security->prime_packet_security(conn);
	313	if (ret < 0)
	314	return ret;
	315
a1399f8b	316	spin_lock(&conn->channel_lock);
17926a79 DH	317	spin_lock(&conn->state_lock);
17926a79 DH	318
bba304db DH	319	if (conn->state == RXRPC_CONN_SERVICE_CHALLENGING) {
bba304db DH	320	conn->state = RXRPC_CONN_SERVICE;
248f219c	321	spin_unlock(&conn->state_lock);
17926a79	322	for (loop = 0; loop < RXRPC_MAXCALLS; loop++)
dee46364 DH	323	rxrpc_call_is_secure(
dee46364 DH	324	rcu_dereference_protected(
a1399f8b DH	325	conn->channels[loop].call,
a1399f8b DH	326	lockdep_is_held(&conn->channel_lock)));
248f219c DH	327	} else {
248f219c DH	328	spin_unlock(&conn->state_lock);
17926a79 DH	329	}
17926a79 DH	330
a1399f8b	331	spin_unlock(&conn->channel_lock);
17926a79 DH	332	return 0;
	333
	334	default:
fb46f6ee DH	335	trace_rxrpc_rx_eproto(NULL, sp->hdr.serial,
fb46f6ee DH	336	tracepoint_string("bad_conn_pkt"));
17926a79 DH	337	return -EPROTO;
	338	}
	339	}
	340
	341	/*
	342	* set up security and issue a challenge
	343	*/
	344	static void rxrpc_secure_connection(struct rxrpc_connection *conn)
	345	{
	346	u32 abort_code;
	347	int ret;
	348
	349	_enter("{%d}", conn->debug_id);
	350
	351	ASSERT(conn->security_ix != 0);
	352
19ffa01c	353	if (!conn->params.key) {
17926a79 DH	354	_debug("set up security");
	355	ret = rxrpc_init_server_conn_security(conn);
	356	switch (ret) {
	357	case 0:
	358	break;
	359	case -ENOENT:
	360	abort_code = RX_CALL_DEAD;
	361	goto abort;
	362	default:
	363	abort_code = RXKADNOAUTH;
	364	goto abort;
	365	}
	366	}
	367
17926a79 DH	368	if (conn->security->issue_challenge(conn) < 0) {
	369	abort_code = RX_CALL_DEAD;
	370	ret = -ENOMEM;
	371	goto abort;
	372	}
	373
	374	_leave("");
	375	return;
	376
	377	abort:
	378	_debug("abort %d, %d", ret, abort_code);
3a92789a	379	rxrpc_abort_connection(conn, ret, abort_code);
17926a79 DH	380	_leave(" [aborted]");
	381	}
	382
3136ef49 DH	383	/*
	384	* Process delayed final ACKs that we haven't subsumed into a subsequent call.
	385	*/
	386	static void rxrpc_process_delayed_final_acks(struct rxrpc_connection *conn)
	387	{
	388	unsigned long j = jiffies, next_j;
	389	unsigned int channel;
	390	bool set;
	391
	392	again:
	393	next_j = j + LONG_MAX;
	394	set = false;
	395	for (channel = 0; channel < RXRPC_MAXCALLS; channel++) {
	396	struct rxrpc_channel *chan = &conn->channels[channel];
	397	unsigned long ack_at;
	398
	399	if (!test_bit(RXRPC_CONN_FINAL_ACK_0 + channel, &conn->flags))
	400	continue;
	401
	402	smp_rmb(); /* vs rxrpc_disconnect_client_call */
	403	ack_at = READ_ONCE(chan->final_ack_at);
	404
	405	if (time_before(j, ack_at)) {
	406	if (time_before(ack_at, next_j)) {
	407	next_j = ack_at;
	408	set = true;
	409	}
	410	continue;
	411	}
	412
	413	if (test_and_clear_bit(RXRPC_CONN_FINAL_ACK_0 + channel,
	414	&conn->flags))
	415	rxrpc_conn_retransmit_call(conn, NULL, channel);
	416	}
	417
	418	j = jiffies;
	419	if (time_before_eq(next_j, j))
	420	goto again;
	421	if (set)
	422	rxrpc_reduce_conn_timer(conn, next_j);
	423	}
	424
17926a79 DH	425	/*
	426	* connection-level event processor
	427	*/
	428	void rxrpc_process_connection(struct work_struct *work)
	429	{
	430	struct rxrpc_connection *conn =
	431	container_of(work, struct rxrpc_connection, processor);
17926a79 DH	432	struct sk_buff *skb;
	433	u32 abort_code = RX_PROTOCOL_ERROR;
	434	int ret;
	435
363deeab	436	rxrpc_see_connection(conn);
17926a79	437
2c4579e4	438	if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events))
17926a79	439	rxrpc_secure_connection(conn);
17926a79	440
3136ef49 DH	441	/* Process delayed ACKs whose time has come. */
	442	if (conn->flags & RXRPC_CONN_FINAL_ACK_MASK)
	443	rxrpc_process_delayed_final_acks(conn);
	444
17926a79 DH	445	/* go through the conn-level event packets, releasing the ref on this
	446	* connection that each one has when we've finished with it */
	447	while ((skb = skb_dequeue(&conn->rx_queue))) {
71f3ca40	448	rxrpc_see_skb(skb, rxrpc_skb_rx_seen);
17926a79 DH	449	ret = rxrpc_process_event(conn, skb, &abort_code);
	450	switch (ret) {
	451	case -EPROTO:
	452	case -EKEYEXPIRED:
	453	case -EKEYREJECTED:
	454	goto protocol_error;
	455	case -EAGAIN:
	456	goto requeue_and_leave;
	457	case -ECONNABORTED:
	458	default:
71f3ca40	459	rxrpc_free_skb(skb, rxrpc_skb_rx_freed);
17926a79 DH	460	break;
	461	}
	462	}
	463
	464	out:
	465	rxrpc_put_connection(conn);
	466	_leave("");
	467	return;
	468
	469	requeue_and_leave:
	470	skb_queue_head(&conn->rx_queue, skb);
	471	goto out;
	472
	473	protocol_error:
3a92789a	474	if (rxrpc_abort_connection(conn, ret, abort_code) < 0)
17926a79	475	goto requeue_and_leave;
71f3ca40	476	rxrpc_free_skb(skb, rxrpc_skb_rx_freed);
17926a79 DH	477	goto out;
17926a79 DH	478	}