local_object.c - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
local_object.c (11504B)
      1// SPDX-License-Identifier: GPL-2.0-or-later
      2/* Local endpoint object management
      3 *
      4 * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
      5 * Written by David Howells (dhowells@redhat.com)
      6 */
      7
      8#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
      9
     10#include <linux/module.h>
     11#include <linux/net.h>
     12#include <linux/skbuff.h>
     13#include <linux/slab.h>
     14#include <linux/udp.h>
     15#include <linux/ip.h>
     16#include <linux/hashtable.h>
     17#include <net/sock.h>
     18#include <net/udp.h>
     19#include <net/udp_tunnel.h>
     20#include <net/af_rxrpc.h>
     21#include "ar-internal.h"
     22
     23static void rxrpc_local_processor(struct work_struct *);
     24static void rxrpc_local_rcu(struct rcu_head *);
     25
     26/*
     27 * Compare a local to an address.  Return -ve, 0 or +ve to indicate less than,
     28 * same or greater than.
     29 *
     30 * We explicitly don't compare the RxRPC service ID as we want to reject
     31 * conflicting uses by differing services.  Further, we don't want to share
     32 * addresses with different options (IPv6), so we don't compare those bits
     33 * either.
     34 */
     35static long rxrpc_local_cmp_key(const struct rxrpc_local *local,
     36				const struct sockaddr_rxrpc *srx)
     37{
     38	long diff;
     39
     40	diff = ((local->srx.transport_type - srx->transport_type) ?:
     41		(local->srx.transport_len - srx->transport_len) ?:
     42		(local->srx.transport.family - srx->transport.family));
     43	if (diff != 0)
     44		return diff;
     45
     46	switch (srx->transport.family) {
     47	case AF_INET:
     48		/* If the choice of UDP port is left up to the transport, then
     49		 * the endpoint record doesn't match.
     50		 */
     51		return ((u16 __force)local->srx.transport.sin.sin_port -
     52			(u16 __force)srx->transport.sin.sin_port) ?:
     53			memcmp(&local->srx.transport.sin.sin_addr,
     54			       &srx->transport.sin.sin_addr,
     55			       sizeof(struct in_addr));
     56#ifdef CONFIG_AF_RXRPC_IPV6
     57	case AF_INET6:
     58		/* If the choice of UDP6 port is left up to the transport, then
     59		 * the endpoint record doesn't match.
     60		 */
     61		return ((u16 __force)local->srx.transport.sin6.sin6_port -
     62			(u16 __force)srx->transport.sin6.sin6_port) ?:
     63			memcmp(&local->srx.transport.sin6.sin6_addr,
     64			       &srx->transport.sin6.sin6_addr,
     65			       sizeof(struct in6_addr));
     66#endif
     67	default:
     68		BUG();
     69	}
     70}
     71
     72/*
     73 * Allocate a new local endpoint.
     74 */
     75static struct rxrpc_local *rxrpc_alloc_local(struct rxrpc_net *rxnet,
     76					     const struct sockaddr_rxrpc *srx)
     77{
     78	struct rxrpc_local *local;
     79
     80	local = kzalloc(sizeof(struct rxrpc_local), GFP_KERNEL);
     81	if (local) {
     82		refcount_set(&local->ref, 1);
     83		atomic_set(&local->active_users, 1);
     84		local->rxnet = rxnet;
     85		INIT_HLIST_NODE(&local->link);
     86		INIT_WORK(&local->processor, rxrpc_local_processor);
     87		init_rwsem(&local->defrag_sem);
     88		skb_queue_head_init(&local->reject_queue);
     89		skb_queue_head_init(&local->event_queue);
     90		local->client_bundles = RB_ROOT;
     91		spin_lock_init(&local->client_bundles_lock);
     92		spin_lock_init(&local->lock);
     93		rwlock_init(&local->services_lock);
     94		local->debug_id = atomic_inc_return(&rxrpc_debug_id);
     95		memcpy(&local->srx, srx, sizeof(*srx));
     96		local->srx.srx_service = 0;
     97		trace_rxrpc_local(local->debug_id, rxrpc_local_new, 1, NULL);
     98	}
     99
    100	_leave(" = %p", local);
    101	return local;
    102}
    103
    104/*
    105 * create the local socket
    106 * - must be called with rxrpc_local_mutex locked
    107 */
    108static int rxrpc_open_socket(struct rxrpc_local *local, struct net *net)
    109{
    110	struct udp_tunnel_sock_cfg tuncfg = {NULL};
    111	struct sockaddr_rxrpc *srx = &local->srx;
    112	struct udp_port_cfg udp_conf = {0};
    113	struct sock *usk;
    114	int ret;
    115
    116	_enter("%p{%d,%d}",
    117	       local, srx->transport_type, srx->transport.family);
    118
    119	udp_conf.family = srx->transport.family;
    120	udp_conf.use_udp_checksums = true;
    121	if (udp_conf.family == AF_INET) {
    122		udp_conf.local_ip = srx->transport.sin.sin_addr;
    123		udp_conf.local_udp_port = srx->transport.sin.sin_port;
    124#if IS_ENABLED(CONFIG_AF_RXRPC_IPV6)
    125	} else {
    126		udp_conf.local_ip6 = srx->transport.sin6.sin6_addr;
    127		udp_conf.local_udp_port = srx->transport.sin6.sin6_port;
    128		udp_conf.use_udp6_tx_checksums = true;
    129		udp_conf.use_udp6_rx_checksums = true;
    130#endif
    131	}
    132	ret = udp_sock_create(net, &udp_conf, &local->socket);
    133	if (ret < 0) {
    134		_leave(" = %d [socket]", ret);
    135		return ret;
    136	}
    137
    138	tuncfg.encap_type = UDP_ENCAP_RXRPC;
    139	tuncfg.encap_rcv = rxrpc_input_packet;
    140	tuncfg.sk_user_data = local;
    141	setup_udp_tunnel_sock(net, local->socket, &tuncfg);
    142
    143	/* set the socket up */
    144	usk = local->socket->sk;
    145	usk->sk_error_report = rxrpc_error_report;
    146
    147	switch (srx->transport.family) {
    148	case AF_INET6:
    149		/* we want to receive ICMPv6 errors */
    150		ip6_sock_set_recverr(usk);
    151
    152		/* Fall through and set IPv4 options too otherwise we don't get
    153		 * errors from IPv4 packets sent through the IPv6 socket.
    154		 */
    155		fallthrough;
    156	case AF_INET:
    157		/* we want to receive ICMP errors */
    158		ip_sock_set_recverr(usk);
    159
    160		/* we want to set the don't fragment bit */
    161		ip_sock_set_mtu_discover(usk, IP_PMTUDISC_DO);
    162
    163		/* We want receive timestamps. */
    164		sock_enable_timestamps(usk);
    165		break;
    166
    167	default:
    168		BUG();
    169	}
    170
    171	_leave(" = 0");
    172	return 0;
    173}
    174
    175/*
    176 * Look up or create a new local endpoint using the specified local address.
    177 */
    178struct rxrpc_local *rxrpc_lookup_local(struct net *net,
    179				       const struct sockaddr_rxrpc *srx)
    180{
    181	struct rxrpc_local *local;
    182	struct rxrpc_net *rxnet = rxrpc_net(net);
    183	struct hlist_node *cursor;
    184	const char *age;
    185	long diff;
    186	int ret;
    187
    188	_enter("{%d,%d,%pISp}",
    189	       srx->transport_type, srx->transport.family, &srx->transport);
    190
    191	mutex_lock(&rxnet->local_mutex);
    192
    193	hlist_for_each(cursor, &rxnet->local_endpoints) {
    194		local = hlist_entry(cursor, struct rxrpc_local, link);
    195
    196		diff = rxrpc_local_cmp_key(local, srx);
    197		if (diff != 0)
    198			continue;
    199
    200		/* Services aren't allowed to share transport sockets, so
    201		 * reject that here.  It is possible that the object is dying -
    202		 * but it may also still have the local transport address that
    203		 * we want bound.
    204		 */
    205		if (srx->srx_service) {
    206			local = NULL;
    207			goto addr_in_use;
    208		}
    209
    210		/* Found a match.  We want to replace a dying object.
    211		 * Attempting to bind the transport socket may still fail if
    212		 * we're attempting to use a local address that the dying
    213		 * object is still using.
    214		 */
    215		if (!rxrpc_use_local(local))
    216			break;
    217
    218		age = "old";
    219		goto found;
    220	}
    221
    222	local = rxrpc_alloc_local(rxnet, srx);
    223	if (!local)
    224		goto nomem;
    225
    226	ret = rxrpc_open_socket(local, net);
    227	if (ret < 0)
    228		goto sock_error;
    229
    230	if (cursor) {
    231		hlist_replace_rcu(cursor, &local->link);
    232		cursor->pprev = NULL;
    233	} else {
    234		hlist_add_head_rcu(&local->link, &rxnet->local_endpoints);
    235	}
    236	age = "new";
    237
    238found:
    239	mutex_unlock(&rxnet->local_mutex);
    240
    241	_net("LOCAL %s %d {%pISp}",
    242	     age, local->debug_id, &local->srx.transport);
    243
    244	_leave(" = %p", local);
    245	return local;
    246
    247nomem:
    248	ret = -ENOMEM;
    249sock_error:
    250	mutex_unlock(&rxnet->local_mutex);
    251	if (local)
    252		call_rcu(&local->rcu, rxrpc_local_rcu);
    253	_leave(" = %d", ret);
    254	return ERR_PTR(ret);
    255
    256addr_in_use:
    257	mutex_unlock(&rxnet->local_mutex);
    258	_leave(" = -EADDRINUSE");
    259	return ERR_PTR(-EADDRINUSE);
    260}
    261
    262/*
    263 * Get a ref on a local endpoint.
    264 */
    265struct rxrpc_local *rxrpc_get_local(struct rxrpc_local *local)
    266{
    267	const void *here = __builtin_return_address(0);
    268	int r;
    269
    270	__refcount_inc(&local->ref, &r);
    271	trace_rxrpc_local(local->debug_id, rxrpc_local_got, r + 1, here);
    272	return local;
    273}
    274
    275/*
    276 * Get a ref on a local endpoint unless its usage has already reached 0.
    277 */
    278struct rxrpc_local *rxrpc_get_local_maybe(struct rxrpc_local *local)
    279{
    280	const void *here = __builtin_return_address(0);
    281	int r;
    282
    283	if (local) {
    284		if (__refcount_inc_not_zero(&local->ref, &r))
    285			trace_rxrpc_local(local->debug_id, rxrpc_local_got,
    286					  r + 1, here);
    287		else
    288			local = NULL;
    289	}
    290	return local;
    291}
    292
    293/*
    294 * Queue a local endpoint and pass the caller's reference to the work item.
    295 */
    296void rxrpc_queue_local(struct rxrpc_local *local)
    297{
    298	const void *here = __builtin_return_address(0);
    299	unsigned int debug_id = local->debug_id;
    300	int r = refcount_read(&local->ref);
    301
    302	if (rxrpc_queue_work(&local->processor))
    303		trace_rxrpc_local(debug_id, rxrpc_local_queued, r + 1, here);
    304	else
    305		rxrpc_put_local(local);
    306}
    307
    308/*
    309 * Drop a ref on a local endpoint.
    310 */
    311void rxrpc_put_local(struct rxrpc_local *local)
    312{
    313	const void *here = __builtin_return_address(0);
    314	unsigned int debug_id;
    315	bool dead;
    316	int r;
    317
    318	if (local) {
    319		debug_id = local->debug_id;
    320
    321		dead = __refcount_dec_and_test(&local->ref, &r);
    322		trace_rxrpc_local(debug_id, rxrpc_local_put, r, here);
    323
    324		if (dead)
    325			call_rcu(&local->rcu, rxrpc_local_rcu);
    326	}
    327}
    328
    329/*
    330 * Start using a local endpoint.
    331 */
    332struct rxrpc_local *rxrpc_use_local(struct rxrpc_local *local)
    333{
    334	local = rxrpc_get_local_maybe(local);
    335	if (!local)
    336		return NULL;
    337
    338	if (!__rxrpc_use_local(local)) {
    339		rxrpc_put_local(local);
    340		return NULL;
    341	}
    342
    343	return local;
    344}
    345
    346/*
    347 * Cease using a local endpoint.  Once the number of active users reaches 0, we
    348 * start the closure of the transport in the work processor.
    349 */
    350void rxrpc_unuse_local(struct rxrpc_local *local)
    351{
    352	if (local) {
    353		if (__rxrpc_unuse_local(local)) {
    354			rxrpc_get_local(local);
    355			rxrpc_queue_local(local);
    356		}
    357	}
    358}
    359
    360/*
    361 * Destroy a local endpoint's socket and then hand the record to RCU to dispose
    362 * of.
    363 *
    364 * Closing the socket cannot be done from bottom half context or RCU callback
    365 * context because it might sleep.
    366 */
    367static void rxrpc_local_destroyer(struct rxrpc_local *local)
    368{
    369	struct socket *socket = local->socket;
    370	struct rxrpc_net *rxnet = local->rxnet;
    371
    372	_enter("%d", local->debug_id);
    373
    374	local->dead = true;
    375
    376	mutex_lock(&rxnet->local_mutex);
    377	hlist_del_init_rcu(&local->link);
    378	mutex_unlock(&rxnet->local_mutex);
    379
    380	rxrpc_clean_up_local_conns(local);
    381	rxrpc_service_connection_reaper(&rxnet->service_conn_reaper);
    382	ASSERT(!local->service);
    383
    384	if (socket) {
    385		local->socket = NULL;
    386		kernel_sock_shutdown(socket, SHUT_RDWR);
    387		socket->sk->sk_user_data = NULL;
    388		sock_release(socket);
    389	}
    390
    391	/* At this point, there should be no more packets coming in to the
    392	 * local endpoint.
    393	 */
    394	rxrpc_purge_queue(&local->reject_queue);
    395	rxrpc_purge_queue(&local->event_queue);
    396}
    397
    398/*
    399 * Process events on an endpoint.  The work item carries a ref which
    400 * we must release.
    401 */
    402static void rxrpc_local_processor(struct work_struct *work)
    403{
    404	struct rxrpc_local *local =
    405		container_of(work, struct rxrpc_local, processor);
    406	bool again;
    407
    408	trace_rxrpc_local(local->debug_id, rxrpc_local_processing,
    409			  refcount_read(&local->ref), NULL);
    410
    411	do {
    412		again = false;
    413		if (!__rxrpc_use_local(local)) {
    414			rxrpc_local_destroyer(local);
    415			break;
    416		}
    417
    418		if (!skb_queue_empty(&local->reject_queue)) {
    419			rxrpc_reject_packets(local);
    420			again = true;
    421		}
    422
    423		if (!skb_queue_empty(&local->event_queue)) {
    424			rxrpc_process_local_events(local);
    425			again = true;
    426		}
    427
    428		__rxrpc_unuse_local(local);
    429	} while (again);
    430
    431	rxrpc_put_local(local);
    432}
    433
    434/*
    435 * Destroy a local endpoint after the RCU grace period expires.
    436 */
    437static void rxrpc_local_rcu(struct rcu_head *rcu)
    438{
    439	struct rxrpc_local *local = container_of(rcu, struct rxrpc_local, rcu);
    440
    441	_enter("%d", local->debug_id);
    442
    443	ASSERT(!work_pending(&local->processor));
    444
    445	_net("DESTROY LOCAL %d", local->debug_id);
    446	kfree(local);
    447	_leave("");
    448}
    449
    450/*
    451 * Verify the local endpoint list is empty by this point.
    452 */
    453void rxrpc_destroy_all_locals(struct rxrpc_net *rxnet)
    454{
    455	struct rxrpc_local *local;
    456
    457	_enter("");
    458
    459	flush_workqueue(rxrpc_workqueue);
    460
    461	if (!hlist_empty(&rxnet->local_endpoints)) {
    462		mutex_lock(&rxnet->local_mutex);
    463		hlist_for_each_entry(local, &rxnet->local_endpoints, link) {
    464			pr_err("AF_RXRPC: Leaked local %p {%d}\n",
    465			       local, refcount_read(&local->ref));
    466		}
    467		mutex_unlock(&rxnet->local_mutex);
    468		BUG();
    469	}
    470}