peer_event.c - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
peer_event.c (10343B)
      1// SPDX-License-Identifier: GPL-2.0-or-later
      2/* Peer event handling, typically ICMP messages.
      3 *
      4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
      5 * Written by David Howells (dhowells@redhat.com)
      6 */
      7
      8#include <linux/module.h>
      9#include <linux/net.h>
     10#include <linux/skbuff.h>
     11#include <linux/errqueue.h>
     12#include <linux/udp.h>
     13#include <linux/in.h>
     14#include <linux/in6.h>
     15#include <linux/icmp.h>
     16#include <net/sock.h>
     17#include <net/af_rxrpc.h>
     18#include <net/ip.h>
     19#include "ar-internal.h"
     20
     21static void rxrpc_store_error(struct rxrpc_peer *, struct sock_exterr_skb *);
     22static void rxrpc_distribute_error(struct rxrpc_peer *, int,
     23				   enum rxrpc_call_completion);
     24
     25/*
     26 * Find the peer associated with an ICMP packet.
     27 */
     28static struct rxrpc_peer *rxrpc_lookup_peer_icmp_rcu(struct rxrpc_local *local,
     29						     const struct sk_buff *skb,
     30						     struct sockaddr_rxrpc *srx)
     31{
     32	struct sock_exterr_skb *serr = SKB_EXT_ERR(skb);
     33
     34	_enter("");
     35
     36	memset(srx, 0, sizeof(*srx));
     37	srx->transport_type = local->srx.transport_type;
     38	srx->transport_len = local->srx.transport_len;
     39	srx->transport.family = local->srx.transport.family;
     40
     41	/* Can we see an ICMP4 packet on an ICMP6 listening socket?  and vice
     42	 * versa?
     43	 */
     44	switch (srx->transport.family) {
     45	case AF_INET:
     46		srx->transport_len = sizeof(srx->transport.sin);
     47		srx->transport.family = AF_INET;
     48		srx->transport.sin.sin_port = serr->port;
     49		switch (serr->ee.ee_origin) {
     50		case SO_EE_ORIGIN_ICMP:
     51			_net("Rx ICMP");
     52			memcpy(&srx->transport.sin.sin_addr,
     53			       skb_network_header(skb) + serr->addr_offset,
     54			       sizeof(struct in_addr));
     55			break;
     56		case SO_EE_ORIGIN_ICMP6:
     57			_net("Rx ICMP6 on v4 sock");
     58			memcpy(&srx->transport.sin.sin_addr,
     59			       skb_network_header(skb) + serr->addr_offset + 12,
     60			       sizeof(struct in_addr));
     61			break;
     62		default:
     63			memcpy(&srx->transport.sin.sin_addr, &ip_hdr(skb)->saddr,
     64			       sizeof(struct in_addr));
     65			break;
     66		}
     67		break;
     68
     69#ifdef CONFIG_AF_RXRPC_IPV6
     70	case AF_INET6:
     71		switch (serr->ee.ee_origin) {
     72		case SO_EE_ORIGIN_ICMP6:
     73			_net("Rx ICMP6");
     74			srx->transport.sin6.sin6_port = serr->port;
     75			memcpy(&srx->transport.sin6.sin6_addr,
     76			       skb_network_header(skb) + serr->addr_offset,
     77			       sizeof(struct in6_addr));
     78			break;
     79		case SO_EE_ORIGIN_ICMP:
     80			_net("Rx ICMP on v6 sock");
     81			srx->transport_len = sizeof(srx->transport.sin);
     82			srx->transport.family = AF_INET;
     83			srx->transport.sin.sin_port = serr->port;
     84			memcpy(&srx->transport.sin.sin_addr,
     85			       skb_network_header(skb) + serr->addr_offset,
     86			       sizeof(struct in_addr));
     87			break;
     88		default:
     89			memcpy(&srx->transport.sin6.sin6_addr,
     90			       &ipv6_hdr(skb)->saddr,
     91			       sizeof(struct in6_addr));
     92			break;
     93		}
     94		break;
     95#endif
     96
     97	default:
     98		BUG();
     99	}
    100
    101	return rxrpc_lookup_peer_rcu(local, srx);
    102}
    103
    104/*
    105 * Handle an MTU/fragmentation problem.
    106 */
    107static void rxrpc_adjust_mtu(struct rxrpc_peer *peer, struct sock_exterr_skb *serr)
    108{
    109	u32 mtu = serr->ee.ee_info;
    110
    111	_net("Rx ICMP Fragmentation Needed (%d)", mtu);
    112
    113	/* wind down the local interface MTU */
    114	if (mtu > 0 && peer->if_mtu == 65535 && mtu < peer->if_mtu) {
    115		peer->if_mtu = mtu;
    116		_net("I/F MTU %u", mtu);
    117	}
    118
    119	if (mtu == 0) {
    120		/* they didn't give us a size, estimate one */
    121		mtu = peer->if_mtu;
    122		if (mtu > 1500) {
    123			mtu >>= 1;
    124			if (mtu < 1500)
    125				mtu = 1500;
    126		} else {
    127			mtu -= 100;
    128			if (mtu < peer->hdrsize)
    129				mtu = peer->hdrsize + 4;
    130		}
    131	}
    132
    133	if (mtu < peer->mtu) {
    134		spin_lock_bh(&peer->lock);
    135		peer->mtu = mtu;
    136		peer->maxdata = peer->mtu - peer->hdrsize;
    137		spin_unlock_bh(&peer->lock);
    138		_net("Net MTU %u (maxdata %u)",
    139		     peer->mtu, peer->maxdata);
    140	}
    141}
    142
    143/*
    144 * Handle an error received on the local endpoint.
    145 */
    146void rxrpc_error_report(struct sock *sk)
    147{
    148	struct sock_exterr_skb *serr;
    149	struct sockaddr_rxrpc srx;
    150	struct rxrpc_local *local;
    151	struct rxrpc_peer *peer;
    152	struct sk_buff *skb;
    153
    154	rcu_read_lock();
    155	local = rcu_dereference_sk_user_data(sk);
    156	if (unlikely(!local)) {
    157		rcu_read_unlock();
    158		return;
    159	}
    160	_enter("%p{%d}", sk, local->debug_id);
    161
    162	/* Clear the outstanding error value on the socket so that it doesn't
    163	 * cause kernel_sendmsg() to return it later.
    164	 */
    165	sock_error(sk);
    166
    167	skb = sock_dequeue_err_skb(sk);
    168	if (!skb) {
    169		rcu_read_unlock();
    170		_leave("UDP socket errqueue empty");
    171		return;
    172	}
    173	rxrpc_new_skb(skb, rxrpc_skb_received);
    174	serr = SKB_EXT_ERR(skb);
    175	if (!skb->len && serr->ee.ee_origin == SO_EE_ORIGIN_TIMESTAMPING) {
    176		_leave("UDP empty message");
    177		rcu_read_unlock();
    178		rxrpc_free_skb(skb, rxrpc_skb_freed);
    179		return;
    180	}
    181
    182	peer = rxrpc_lookup_peer_icmp_rcu(local, skb, &srx);
    183	if (peer && !rxrpc_get_peer_maybe(peer))
    184		peer = NULL;
    185	if (!peer) {
    186		rcu_read_unlock();
    187		rxrpc_free_skb(skb, rxrpc_skb_freed);
    188		_leave(" [no peer]");
    189		return;
    190	}
    191
    192	trace_rxrpc_rx_icmp(peer, &serr->ee, &srx);
    193
    194	if ((serr->ee.ee_origin == SO_EE_ORIGIN_ICMP &&
    195	     serr->ee.ee_type == ICMP_DEST_UNREACH &&
    196	     serr->ee.ee_code == ICMP_FRAG_NEEDED)) {
    197		rxrpc_adjust_mtu(peer, serr);
    198		rcu_read_unlock();
    199		rxrpc_free_skb(skb, rxrpc_skb_freed);
    200		rxrpc_put_peer(peer);
    201		_leave(" [MTU update]");
    202		return;
    203	}
    204
    205	rxrpc_store_error(peer, serr);
    206	rcu_read_unlock();
    207	rxrpc_free_skb(skb, rxrpc_skb_freed);
    208	rxrpc_put_peer(peer);
    209
    210	_leave("");
    211}
    212
    213/*
    214 * Map an error report to error codes on the peer record.
    215 */
    216static void rxrpc_store_error(struct rxrpc_peer *peer,
    217			      struct sock_exterr_skb *serr)
    218{
    219	enum rxrpc_call_completion compl = RXRPC_CALL_NETWORK_ERROR;
    220	struct sock_extended_err *ee;
    221	int err;
    222
    223	_enter("");
    224
    225	ee = &serr->ee;
    226
    227	err = ee->ee_errno;
    228
    229	switch (ee->ee_origin) {
    230	case SO_EE_ORIGIN_ICMP:
    231		switch (ee->ee_type) {
    232		case ICMP_DEST_UNREACH:
    233			switch (ee->ee_code) {
    234			case ICMP_NET_UNREACH:
    235				_net("Rx Received ICMP Network Unreachable");
    236				break;
    237			case ICMP_HOST_UNREACH:
    238				_net("Rx Received ICMP Host Unreachable");
    239				break;
    240			case ICMP_PORT_UNREACH:
    241				_net("Rx Received ICMP Port Unreachable");
    242				break;
    243			case ICMP_NET_UNKNOWN:
    244				_net("Rx Received ICMP Unknown Network");
    245				break;
    246			case ICMP_HOST_UNKNOWN:
    247				_net("Rx Received ICMP Unknown Host");
    248				break;
    249			default:
    250				_net("Rx Received ICMP DestUnreach code=%u",
    251				     ee->ee_code);
    252				break;
    253			}
    254			break;
    255
    256		case ICMP_TIME_EXCEEDED:
    257			_net("Rx Received ICMP TTL Exceeded");
    258			break;
    259
    260		default:
    261			_proto("Rx Received ICMP error { type=%u code=%u }",
    262			       ee->ee_type, ee->ee_code);
    263			break;
    264		}
    265		break;
    266
    267	case SO_EE_ORIGIN_NONE:
    268	case SO_EE_ORIGIN_LOCAL:
    269		_proto("Rx Received local error { error=%d }", err);
    270		compl = RXRPC_CALL_LOCAL_ERROR;
    271		break;
    272
    273	case SO_EE_ORIGIN_ICMP6:
    274		if (err == EACCES)
    275			err = EHOSTUNREACH;
    276		fallthrough;
    277	default:
    278		_proto("Rx Received error report { orig=%u }", ee->ee_origin);
    279		break;
    280	}
    281
    282	rxrpc_distribute_error(peer, err, compl);
    283}
    284
    285/*
    286 * Distribute an error that occurred on a peer.
    287 */
    288static void rxrpc_distribute_error(struct rxrpc_peer *peer, int error,
    289				   enum rxrpc_call_completion compl)
    290{
    291	struct rxrpc_call *call;
    292
    293	hlist_for_each_entry_rcu(call, &peer->error_targets, error_link) {
    294		rxrpc_see_call(call);
    295		rxrpc_set_call_completion(call, compl, 0, -error);
    296	}
    297}
    298
    299/*
    300 * Perform keep-alive pings.
    301 */
    302static void rxrpc_peer_keepalive_dispatch(struct rxrpc_net *rxnet,
    303					  struct list_head *collector,
    304					  time64_t base,
    305					  u8 cursor)
    306{
    307	struct rxrpc_peer *peer;
    308	const u8 mask = ARRAY_SIZE(rxnet->peer_keepalive) - 1;
    309	time64_t keepalive_at;
    310	int slot;
    311
    312	spin_lock_bh(&rxnet->peer_hash_lock);
    313
    314	while (!list_empty(collector)) {
    315		peer = list_entry(collector->next,
    316				  struct rxrpc_peer, keepalive_link);
    317
    318		list_del_init(&peer->keepalive_link);
    319		if (!rxrpc_get_peer_maybe(peer))
    320			continue;
    321
    322		if (__rxrpc_use_local(peer->local)) {
    323			spin_unlock_bh(&rxnet->peer_hash_lock);
    324
    325			keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME;
    326			slot = keepalive_at - base;
    327			_debug("%02x peer %u t=%d {%pISp}",
    328			       cursor, peer->debug_id, slot, &peer->srx.transport);
    329
    330			if (keepalive_at <= base ||
    331			    keepalive_at > base + RXRPC_KEEPALIVE_TIME) {
    332				rxrpc_send_keepalive(peer);
    333				slot = RXRPC_KEEPALIVE_TIME;
    334			}
    335
    336			/* A transmission to this peer occurred since last we
    337			 * examined it so put it into the appropriate future
    338			 * bucket.
    339			 */
    340			slot += cursor;
    341			slot &= mask;
    342			spin_lock_bh(&rxnet->peer_hash_lock);
    343			list_add_tail(&peer->keepalive_link,
    344				      &rxnet->peer_keepalive[slot & mask]);
    345			rxrpc_unuse_local(peer->local);
    346		}
    347		rxrpc_put_peer_locked(peer);
    348	}
    349
    350	spin_unlock_bh(&rxnet->peer_hash_lock);
    351}
    352
    353/*
    354 * Perform keep-alive pings with VERSION packets to keep any NAT alive.
    355 */
    356void rxrpc_peer_keepalive_worker(struct work_struct *work)
    357{
    358	struct rxrpc_net *rxnet =
    359		container_of(work, struct rxrpc_net, peer_keepalive_work);
    360	const u8 mask = ARRAY_SIZE(rxnet->peer_keepalive) - 1;
    361	time64_t base, now, delay;
    362	u8 cursor, stop;
    363	LIST_HEAD(collector);
    364
    365	now = ktime_get_seconds();
    366	base = rxnet->peer_keepalive_base;
    367	cursor = rxnet->peer_keepalive_cursor;
    368	_enter("%lld,%u", base - now, cursor);
    369
    370	if (!rxnet->live)
    371		return;
    372
    373	/* Remove to a temporary list all the peers that are currently lodged
    374	 * in expired buckets plus all new peers.
    375	 *
    376	 * Everything in the bucket at the cursor is processed this
    377	 * second; the bucket at cursor + 1 goes at now + 1s and so
    378	 * on...
    379	 */
    380	spin_lock_bh(&rxnet->peer_hash_lock);
    381	list_splice_init(&rxnet->peer_keepalive_new, &collector);
    382
    383	stop = cursor + ARRAY_SIZE(rxnet->peer_keepalive);
    384	while (base <= now && (s8)(cursor - stop) < 0) {
    385		list_splice_tail_init(&rxnet->peer_keepalive[cursor & mask],
    386				      &collector);
    387		base++;
    388		cursor++;
    389	}
    390
    391	base = now;
    392	spin_unlock_bh(&rxnet->peer_hash_lock);
    393
    394	rxnet->peer_keepalive_base = base;
    395	rxnet->peer_keepalive_cursor = cursor;
    396	rxrpc_peer_keepalive_dispatch(rxnet, &collector, base, cursor);
    397	ASSERT(list_empty(&collector));
    398
    399	/* Schedule the timer for the next occupied timeslot. */
    400	cursor = rxnet->peer_keepalive_cursor;
    401	stop = cursor + RXRPC_KEEPALIVE_TIME - 1;
    402	for (; (s8)(cursor - stop) < 0; cursor++) {
    403		if (!list_empty(&rxnet->peer_keepalive[cursor & mask]))
    404			break;
    405		base++;
    406	}
    407
    408	now = ktime_get_seconds();
    409	delay = base - now;
    410	if (delay < 1)
    411		delay = 1;
    412	delay *= HZ;
    413	if (rxnet->live)
    414		timer_reduce(&rxnet->peer_keepalive_timer, jiffies + delay);
    415
    416	_leave("");
    417}