net/rxrpc/conn_service.c

   1 /* Service connection management
   2  *
   3  * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
   4  * Written by David Howells (dhowells@redhat.com)
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU General Public Licence
   8  * as published by the Free Software Foundation; either version
   9  * 2 of the Licence, or (at your option) any later version.
  10  */
  11
  12 #include <linux/slab.h>
  13 #include "ar-internal.h"
  14
  15 /*
  16  * Find a service connection under RCU conditions.
  17  *
  18  * We could use a hash table, but that is subject to bucket stuffing by an
  19  * attacker as the client gets to pick the epoch and cid values and would know
  20  * the hash function.  So, instead, we use a hash table for the peer and from
  21  * that an rbtree to find the service connection.  Under ordinary circumstances
  22  * it might be slower than a large hash table, but it is at least limited in
  23  * depth.
  24  */
  25 struct rxrpc_connection *rxrpc_find_service_conn_rcu(struct rxrpc_peer *peer,
  26                                                      struct sk_buff *skb)
  27 {
  28         struct rxrpc_connection *conn = NULL;
  29         struct rxrpc_conn_proto k;
  30         struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
  31         struct rb_node *p;
  32         unsigned int seq = 0;
  33
  34         k.epoch = sp->hdr.epoch;
  35         k.cid   = sp->hdr.cid & RXRPC_CIDMASK;
  36
  37         do {
  38                 /* Unfortunately, rbtree walking doesn't give reliable results
  39                  * under just the RCU read lock, so we have to check for
  40                  * changes.
  41                  */
  42                 read_seqbegin_or_lock(&peer->service_conn_lock, &seq);
  43
  44                 p = rcu_dereference_raw(peer->service_conns.rb_node);
  45                 while (p) {
  46                         conn = rb_entry(p, struct rxrpc_connection, service_node);
  47
  48                         if (conn->proto.index_key < k.index_key)
  49                                 p = rcu_dereference_raw(p->rb_left);
  50                         else if (conn->proto.index_key > k.index_key)
  51                                 p = rcu_dereference_raw(p->rb_right);
  52                         else
  53                                 goto done;
  54                         conn = NULL;
  55                 }
  56         } while (need_seqretry(&peer->service_conn_lock, seq));
  57
  58 done:
  59         done_seqretry(&peer->service_conn_lock, seq);
  60         _leave(" = %d", conn ? conn->debug_id : -1);
  61         return conn;
  62 }
  63
  64 /*
  65  * Insert a service connection into a peer's tree, thereby making it a target
  66  * for incoming packets.
  67  */
  68 static void rxrpc_publish_service_conn(struct rxrpc_peer *peer,
  69                                        struct rxrpc_connection *conn)
  70 {
  71         struct rxrpc_connection *cursor = NULL;
  72         struct rxrpc_conn_proto k = conn->proto;
  73         struct rb_node **pp, *parent;
  74
  75         write_seqlock_bh(&peer->service_conn_lock);
  76
  77         pp = &peer->service_conns.rb_node;
  78         parent = NULL;
  79         while (*pp) {
  80                 parent = *pp;
  81                 cursor = rb_entry(parent,
  82                                   struct rxrpc_connection, service_node);
  83
  84                 if (cursor->proto.index_key < k.index_key)
  85                         pp = &(*pp)->rb_left;
  86                 else if (cursor->proto.index_key > k.index_key)
  87                         pp = &(*pp)->rb_right;
  88                 else
  89                         goto found_extant_conn;
  90         }
  91
  92         rb_link_node_rcu(&conn->service_node, parent, pp);
  93         rb_insert_color(&conn->service_node, &peer->service_conns);
  94 conn_published:
  95         set_bit(RXRPC_CONN_IN_SERVICE_CONNS, &conn->flags);
  96         write_sequnlock_bh(&peer->service_conn_lock);
  97         _leave(" = %d [new]", conn->debug_id);
  98         return;
  99
 100 found_extant_conn:
 101         if (atomic_read(&cursor->usage) == 0)
 102                 goto replace_old_connection;
 103         write_sequnlock_bh(&peer->service_conn_lock);
 104         /* We should not be able to get here.  rxrpc_incoming_connection() is
 105          * called in a non-reentrant context, so there can't be a race to
 106          * insert a new connection.
 107          */
 108         BUG();
 109
 110 replace_old_connection:
 111         /* The old connection is from an outdated epoch. */
 112         _debug("replace conn");
 113         rb_replace_node_rcu(&cursor->service_node,
 114                             &conn->service_node,
 115                             &peer->service_conns);
 116         clear_bit(RXRPC_CONN_IN_SERVICE_CONNS, &cursor->flags);
 117         goto conn_published;
 118 }
 119
 120 /*
 121  * Preallocate a service connection.  The connection is placed on the proc and
 122  * reap lists so that we don't have to get the lock from BH context.
 123  */
 124 struct rxrpc_connection *rxrpc_prealloc_service_connection(gfp_t gfp)
 125 {
 126         struct rxrpc_connection *conn = rxrpc_alloc_connection(gfp);
 127
 128         if (conn) {
 129                 /* We maintain an extra ref on the connection whilst it is on
 130                  * the rxrpc_connections list.
 131                  */
 132                 conn->state = RXRPC_CONN_SERVICE_PREALLOC;
 133                 atomic_set(&conn->usage, 2);
 134
 135                 write_lock(&rxrpc_connection_lock);
 136                 list_add_tail(&conn->link, &rxrpc_connections);
 137                 list_add_tail(&conn->proc_link, &rxrpc_connection_proc_list);
 138                 write_unlock(&rxrpc_connection_lock);
 139
 140                 trace_rxrpc_conn(conn, rxrpc_conn_new_service,
 141                                  atomic_read(&conn->usage),
 142                                  __builtin_return_address(0));
 143         }
 144
 145         return conn;
 146 }
 147
 148 /*
 149  * Set up an incoming connection.  This is called in BH context with the RCU
 150  * read lock held.
 151  */
 152 void rxrpc_new_incoming_connection(struct rxrpc_connection *conn,
 153                                    struct sk_buff *skb)
 154 {
 155         struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
 156
 157         _enter("");
 158
 159         conn->proto.epoch       = sp->hdr.epoch;
 160         conn->proto.cid         = sp->hdr.cid & RXRPC_CIDMASK;
 161         conn->params.service_id = sp->hdr.serviceId;
 162         conn->security_ix       = sp->hdr.securityIndex;
 163         conn->out_clientflag    = 0;
 164         if (conn->security_ix)
 165                 conn->state     = RXRPC_CONN_SERVICE_UNSECURED;
 166         else
 167                 conn->state     = RXRPC_CONN_SERVICE;
 168
 169         /* Make the connection a target for incoming packets. */
 170         rxrpc_publish_service_conn(conn->params.peer, conn);
 171
 172         _net("CONNECTION new %d {%x}", conn->debug_id, conn->proto.cid);
 173 }
 174
 175 /*
 176  * Remove the service connection from the peer's tree, thereby removing it as a
 177  * target for incoming packets.
 178  */
 179 void rxrpc_unpublish_service_conn(struct rxrpc_connection *conn)
 180 {
 181         struct rxrpc_peer *peer = conn->params.peer;
 182
 183         write_seqlock_bh(&peer->service_conn_lock);
 184         if (test_and_clear_bit(RXRPC_CONN_IN_SERVICE_CONNS, &conn->flags))
 185                 rb_erase(&conn->service_node, &peer->service_conns);
 186         write_sequnlock_bh(&peer->service_conn_lock);
 187 }