aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--fs/afs/rxrpc.c30
-rw-r--r--include/net/af_rxrpc.h4
-rw-r--r--include/rxrpc/packet.h2
-rw-r--r--net/rxrpc/Kconfig2
-rw-r--r--net/rxrpc/Makefile7
-rw-r--r--net/rxrpc/af_rxrpc.c9
-rw-r--r--net/rxrpc/ar-accept.c4
-rw-r--r--net/rxrpc/ar-ack.c81
-rw-r--r--net/rxrpc/ar-call.c11
-rw-r--r--net/rxrpc/ar-connection.c14
-rw-r--r--net/rxrpc/ar-connevent.c27
-rw-r--r--net/rxrpc/ar-input.c14
-rw-r--r--net/rxrpc/ar-internal.h70
-rw-r--r--net/rxrpc/ar-output.c6
-rw-r--r--net/rxrpc/ar-proc.c2
-rw-r--r--net/rxrpc/ar-recvmsg.c18
-rw-r--r--net/rxrpc/ar-security.c166
-rw-r--r--net/rxrpc/insecure.c83
-rw-r--r--net/rxrpc/misc.c89
-rw-r--r--net/rxrpc/rxkad.c61
20 files changed, 374 insertions, 326 deletions
diff --git a/fs/afs/rxrpc.c b/fs/afs/rxrpc.c
index b50642870a43..63cd9f939f19 100644
--- a/fs/afs/rxrpc.c
+++ b/fs/afs/rxrpc.c
@@ -65,6 +65,12 @@ static void afs_async_workfn(struct work_struct *work)
65 call->async_workfn(call); 65 call->async_workfn(call);
66} 66}
67 67
68static int afs_wait_atomic_t(atomic_t *p)
69{
70 schedule();
71 return 0;
72}
73
68/* 74/*
69 * open an RxRPC socket and bind it to be a server for callback notifications 75 * open an RxRPC socket and bind it to be a server for callback notifications
70 * - the socket is left in blocking mode and non-blocking ops use MSG_DONTWAIT 76 * - the socket is left in blocking mode and non-blocking ops use MSG_DONTWAIT
@@ -126,13 +132,16 @@ void afs_close_socket(void)
126{ 132{
127 _enter(""); 133 _enter("");
128 134
135 wait_on_atomic_t(&afs_outstanding_calls, afs_wait_atomic_t,
136 TASK_UNINTERRUPTIBLE);
137 _debug("no outstanding calls");
138
129 sock_release(afs_socket); 139 sock_release(afs_socket);
130 140
131 _debug("dework"); 141 _debug("dework");
132 destroy_workqueue(afs_async_calls); 142 destroy_workqueue(afs_async_calls);
133 143
134 ASSERTCMP(atomic_read(&afs_outstanding_skbs), ==, 0); 144 ASSERTCMP(atomic_read(&afs_outstanding_skbs), ==, 0);
135 ASSERTCMP(atomic_read(&afs_outstanding_calls), ==, 0);
136 _leave(""); 145 _leave("");
137} 146}
138 147
@@ -178,8 +187,6 @@ static void afs_free_call(struct afs_call *call)
178{ 187{
179 _debug("DONE %p{%s} [%d]", 188 _debug("DONE %p{%s} [%d]",
180 call, call->type->name, atomic_read(&afs_outstanding_calls)); 189 call, call->type->name, atomic_read(&afs_outstanding_calls));
181 if (atomic_dec_return(&afs_outstanding_calls) == -1)
182 BUG();
183 190
184 ASSERTCMP(call->rxcall, ==, NULL); 191 ASSERTCMP(call->rxcall, ==, NULL);
185 ASSERT(!work_pending(&call->async_work)); 192 ASSERT(!work_pending(&call->async_work));
@@ -188,6 +195,9 @@ static void afs_free_call(struct afs_call *call)
188 195
189 kfree(call->request); 196 kfree(call->request);
190 kfree(call); 197 kfree(call);
198
199 if (atomic_dec_and_test(&afs_outstanding_calls))
200 wake_up_atomic_t(&afs_outstanding_calls);
191} 201}
192 202
193/* 203/*
@@ -420,9 +430,11 @@ error_kill_call:
420} 430}
421 431
422/* 432/*
423 * handles intercepted messages that were arriving in the socket's Rx queue 433 * Handles intercepted messages that were arriving in the socket's Rx queue.
424 * - called with the socket receive queue lock held to ensure message ordering 434 *
425 * - called with softirqs disabled 435 * Called from the AF_RXRPC call processor in waitqueue process context. For
436 * each call, it is guaranteed this will be called in order of packet to be
437 * delivered.
426 */ 438 */
427static void afs_rx_interceptor(struct sock *sk, unsigned long user_call_ID, 439static void afs_rx_interceptor(struct sock *sk, unsigned long user_call_ID,
428 struct sk_buff *skb) 440 struct sk_buff *skb)
@@ -513,6 +525,12 @@ static void afs_deliver_to_call(struct afs_call *call)
513 call->state = AFS_CALL_ABORTED; 525 call->state = AFS_CALL_ABORTED;
514 _debug("Rcv ABORT %u -> %d", abort_code, call->error); 526 _debug("Rcv ABORT %u -> %d", abort_code, call->error);
515 break; 527 break;
528 case RXRPC_SKB_MARK_LOCAL_ABORT:
529 abort_code = rxrpc_kernel_get_abort_code(skb);
530 call->error = call->type->abort_to_error(abort_code);
531 call->state = AFS_CALL_ABORTED;
532 _debug("Loc ABORT %u -> %d", abort_code, call->error);
533 break;
516 case RXRPC_SKB_MARK_NET_ERROR: 534 case RXRPC_SKB_MARK_NET_ERROR:
517 call->error = -rxrpc_kernel_get_error_number(skb); 535 call->error = -rxrpc_kernel_get_error_number(skb);
518 call->state = AFS_CALL_ERROR; 536 call->state = AFS_CALL_ERROR;
diff --git a/include/net/af_rxrpc.h b/include/net/af_rxrpc.h
index e797d45a5ae6..ac1bc3c49fbd 100644
--- a/include/net/af_rxrpc.h
+++ b/include/net/af_rxrpc.h
@@ -12,6 +12,7 @@
12#ifndef _NET_RXRPC_H 12#ifndef _NET_RXRPC_H
13#define _NET_RXRPC_H 13#define _NET_RXRPC_H
14 14
15#include <linux/skbuff.h>
15#include <linux/rxrpc.h> 16#include <linux/rxrpc.h>
16 17
17struct rxrpc_call; 18struct rxrpc_call;
@@ -19,11 +20,12 @@ struct rxrpc_call;
19/* 20/*
20 * the mark applied to socket buffers that may be intercepted 21 * the mark applied to socket buffers that may be intercepted
21 */ 22 */
22enum { 23enum rxrpc_skb_mark {
23 RXRPC_SKB_MARK_DATA, /* data message */ 24 RXRPC_SKB_MARK_DATA, /* data message */
24 RXRPC_SKB_MARK_FINAL_ACK, /* final ACK received message */ 25 RXRPC_SKB_MARK_FINAL_ACK, /* final ACK received message */
25 RXRPC_SKB_MARK_BUSY, /* server busy message */ 26 RXRPC_SKB_MARK_BUSY, /* server busy message */
26 RXRPC_SKB_MARK_REMOTE_ABORT, /* remote abort message */ 27 RXRPC_SKB_MARK_REMOTE_ABORT, /* remote abort message */
28 RXRPC_SKB_MARK_LOCAL_ABORT, /* local abort message */
27 RXRPC_SKB_MARK_NET_ERROR, /* network error message */ 29 RXRPC_SKB_MARK_NET_ERROR, /* network error message */
28 RXRPC_SKB_MARK_LOCAL_ERROR, /* local error message */ 30 RXRPC_SKB_MARK_LOCAL_ERROR, /* local error message */
29 RXRPC_SKB_MARK_NEW_CALL, /* local error message */ 31 RXRPC_SKB_MARK_NEW_CALL, /* local error message */
diff --git a/include/rxrpc/packet.h b/include/rxrpc/packet.h
index 9ebab3a8cf0a..b2017440b765 100644
--- a/include/rxrpc/packet.h
+++ b/include/rxrpc/packet.h
@@ -68,8 +68,6 @@ struct rxrpc_wire_header {
68 68
69} __packed; 69} __packed;
70 70
71extern const char *rxrpc_pkts[];
72
73#define RXRPC_SUPPORTED_PACKET_TYPES ( \ 71#define RXRPC_SUPPORTED_PACKET_TYPES ( \
74 (1 << RXRPC_PACKET_TYPE_DATA) | \ 72 (1 << RXRPC_PACKET_TYPE_DATA) | \
75 (1 << RXRPC_PACKET_TYPE_ACK) | \ 73 (1 << RXRPC_PACKET_TYPE_ACK) | \
diff --git a/net/rxrpc/Kconfig b/net/rxrpc/Kconfig
index 23dcef12b986..784c53163b7b 100644
--- a/net/rxrpc/Kconfig
+++ b/net/rxrpc/Kconfig
@@ -30,7 +30,7 @@ config AF_RXRPC_DEBUG
30 30
31 31
32config RXKAD 32config RXKAD
33 tristate "RxRPC Kerberos security" 33 bool "RxRPC Kerberos security"
34 depends on AF_RXRPC 34 depends on AF_RXRPC
35 select CRYPTO 35 select CRYPTO
36 select CRYPTO_MANAGER 36 select CRYPTO_MANAGER
diff --git a/net/rxrpc/Makefile b/net/rxrpc/Makefile
index ec126f91276b..e05a06ef2254 100644
--- a/net/rxrpc/Makefile
+++ b/net/rxrpc/Makefile
@@ -18,11 +18,12 @@ af-rxrpc-y := \
18 ar-recvmsg.o \ 18 ar-recvmsg.o \
19 ar-security.o \ 19 ar-security.o \
20 ar-skbuff.o \ 20 ar-skbuff.o \
21 ar-transport.o 21 ar-transport.o \
22 insecure.o \
23 misc.o
22 24
23af-rxrpc-$(CONFIG_PROC_FS) += ar-proc.o 25af-rxrpc-$(CONFIG_PROC_FS) += ar-proc.o
26af-rxrpc-$(CONFIG_RXKAD) += rxkad.o
24af-rxrpc-$(CONFIG_SYSCTL) += sysctl.o 27af-rxrpc-$(CONFIG_SYSCTL) += sysctl.o
25 28
26obj-$(CONFIG_AF_RXRPC) += af-rxrpc.o 29obj-$(CONFIG_AF_RXRPC) += af-rxrpc.o
27
28obj-$(CONFIG_RXKAD) += rxkad.o
diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c
index 9d935fa5a2a9..e45e94ca030f 100644
--- a/net/rxrpc/af_rxrpc.c
+++ b/net/rxrpc/af_rxrpc.c
@@ -806,6 +806,12 @@ static int __init af_rxrpc_init(void)
806 goto error_work_queue; 806 goto error_work_queue;
807 } 807 }
808 808
809 ret = rxrpc_init_security();
810 if (ret < 0) {
811 printk(KERN_CRIT "RxRPC: Cannot initialise security\n");
812 goto error_security;
813 }
814
809 ret = proto_register(&rxrpc_proto, 1); 815 ret = proto_register(&rxrpc_proto, 1);
810 if (ret < 0) { 816 if (ret < 0) {
811 printk(KERN_CRIT "RxRPC: Cannot register protocol\n"); 817 printk(KERN_CRIT "RxRPC: Cannot register protocol\n");
@@ -853,6 +859,8 @@ error_sock:
853 proto_unregister(&rxrpc_proto); 859 proto_unregister(&rxrpc_proto);
854error_proto: 860error_proto:
855 destroy_workqueue(rxrpc_workqueue); 861 destroy_workqueue(rxrpc_workqueue);
862error_security:
863 rxrpc_exit_security();
856error_work_queue: 864error_work_queue:
857 kmem_cache_destroy(rxrpc_call_jar); 865 kmem_cache_destroy(rxrpc_call_jar);
858error_call_jar: 866error_call_jar:
@@ -883,6 +891,7 @@ static void __exit af_rxrpc_exit(void)
883 remove_proc_entry("rxrpc_conns", init_net.proc_net); 891 remove_proc_entry("rxrpc_conns", init_net.proc_net);
884 remove_proc_entry("rxrpc_calls", init_net.proc_net); 892 remove_proc_entry("rxrpc_calls", init_net.proc_net);
885 destroy_workqueue(rxrpc_workqueue); 893 destroy_workqueue(rxrpc_workqueue);
894 rxrpc_exit_security();
886 kmem_cache_destroy(rxrpc_call_jar); 895 kmem_cache_destroy(rxrpc_call_jar);
887 _leave(""); 896 _leave("");
888} 897}
diff --git a/net/rxrpc/ar-accept.c b/net/rxrpc/ar-accept.c
index 277731a5e67a..e7a7f05f13e2 100644
--- a/net/rxrpc/ar-accept.c
+++ b/net/rxrpc/ar-accept.c
@@ -108,7 +108,7 @@ static int rxrpc_accept_incoming_call(struct rxrpc_local *local,
108 goto error; 108 goto error;
109 } 109 }
110 110
111 conn = rxrpc_incoming_connection(trans, &sp->hdr, GFP_NOIO); 111 conn = rxrpc_incoming_connection(trans, &sp->hdr);
112 rxrpc_put_transport(trans); 112 rxrpc_put_transport(trans);
113 if (IS_ERR(conn)) { 113 if (IS_ERR(conn)) {
114 _debug("no conn"); 114 _debug("no conn");
@@ -116,7 +116,7 @@ static int rxrpc_accept_incoming_call(struct rxrpc_local *local,
116 goto error; 116 goto error;
117 } 117 }
118 118
119 call = rxrpc_incoming_call(rx, conn, &sp->hdr, GFP_NOIO); 119 call = rxrpc_incoming_call(rx, conn, &sp->hdr);
120 rxrpc_put_connection(conn); 120 rxrpc_put_connection(conn);
121 if (IS_ERR(call)) { 121 if (IS_ERR(call)) {
122 _debug("no call"); 122 _debug("no call");
diff --git a/net/rxrpc/ar-ack.c b/net/rxrpc/ar-ack.c
index 16d967075eaf..374478e006e7 100644
--- a/net/rxrpc/ar-ack.c
+++ b/net/rxrpc/ar-ack.c
@@ -20,74 +20,6 @@
20#include "ar-internal.h" 20#include "ar-internal.h"
21 21
22/* 22/*
23 * How long to wait before scheduling ACK generation after seeing a
24 * packet with RXRPC_REQUEST_ACK set (in jiffies).
25 */
26unsigned int rxrpc_requested_ack_delay = 1;
27
28/*
29 * How long to wait before scheduling an ACK with subtype DELAY (in jiffies).
30 *
31 * We use this when we've received new data packets. If those packets aren't
32 * all consumed within this time we will send a DELAY ACK if an ACK was not
33 * requested to let the sender know it doesn't need to resend.
34 */
35unsigned int rxrpc_soft_ack_delay = 1 * HZ;
36
37/*
38 * How long to wait before scheduling an ACK with subtype IDLE (in jiffies).
39 *
40 * We use this when we've consumed some previously soft-ACK'd packets when
41 * further packets aren't immediately received to decide when to send an IDLE
42 * ACK let the other end know that it can free up its Tx buffer space.
43 */
44unsigned int rxrpc_idle_ack_delay = 0.5 * HZ;
45
46/*
47 * Receive window size in packets. This indicates the maximum number of
48 * unconsumed received packets we're willing to retain in memory. Once this
49 * limit is hit, we should generate an EXCEEDS_WINDOW ACK and discard further
50 * packets.
51 */
52unsigned int rxrpc_rx_window_size = 32;
53
54/*
55 * Maximum Rx MTU size. This indicates to the sender the size of jumbo packet
56 * made by gluing normal packets together that we're willing to handle.
57 */
58unsigned int rxrpc_rx_mtu = 5692;
59
60/*
61 * The maximum number of fragments in a received jumbo packet that we tell the
62 * sender that we're willing to handle.
63 */
64unsigned int rxrpc_rx_jumbo_max = 4;
65
66static const char *rxrpc_acks(u8 reason)
67{
68 static const char *const str[] = {
69 "---", "REQ", "DUP", "OOS", "WIN", "MEM", "PNG", "PNR", "DLY",
70 "IDL", "-?-"
71 };
72
73 if (reason >= ARRAY_SIZE(str))
74 reason = ARRAY_SIZE(str) - 1;
75 return str[reason];
76}
77
78static const s8 rxrpc_ack_priority[] = {
79 [0] = 0,
80 [RXRPC_ACK_DELAY] = 1,
81 [RXRPC_ACK_REQUESTED] = 2,
82 [RXRPC_ACK_IDLE] = 3,
83 [RXRPC_ACK_PING_RESPONSE] = 4,
84 [RXRPC_ACK_DUPLICATE] = 5,
85 [RXRPC_ACK_OUT_OF_SEQUENCE] = 6,
86 [RXRPC_ACK_EXCEEDS_WINDOW] = 7,
87 [RXRPC_ACK_NOSPACE] = 8,
88};
89
90/*
91 * propose an ACK be sent 23 * propose an ACK be sent
92 */ 24 */
93void __rxrpc_propose_ACK(struct rxrpc_call *call, u8 ack_reason, 25void __rxrpc_propose_ACK(struct rxrpc_call *call, u8 ack_reason,
@@ -426,7 +358,7 @@ static void rxrpc_rotate_tx_window(struct rxrpc_call *call, u32 hard)
426 int tail = call->acks_tail, old_tail; 358 int tail = call->acks_tail, old_tail;
427 int win = CIRC_CNT(call->acks_head, tail, call->acks_winsz); 359 int win = CIRC_CNT(call->acks_head, tail, call->acks_winsz);
428 360
429 kenter("{%u,%u},%u", call->acks_hard, win, hard); 361 _enter("{%u,%u},%u", call->acks_hard, win, hard);
430 362
431 ASSERTCMP(hard - call->acks_hard, <=, win); 363 ASSERTCMP(hard - call->acks_hard, <=, win);
432 364
@@ -656,7 +588,8 @@ process_further:
656 _proto("OOSQ DATA %%%u { #%u }", sp->hdr.serial, sp->hdr.seq); 588 _proto("OOSQ DATA %%%u { #%u }", sp->hdr.serial, sp->hdr.seq);
657 589
658 /* secured packets must be verified and possibly decrypted */ 590 /* secured packets must be verified and possibly decrypted */
659 if (rxrpc_verify_packet(call, skb, _abort_code) < 0) 591 if (call->conn->security->verify_packet(call, skb,
592 _abort_code) < 0)
660 goto protocol_error; 593 goto protocol_error;
661 594
662 rxrpc_insert_oos_packet(call, skb); 595 rxrpc_insert_oos_packet(call, skb);
@@ -901,8 +834,8 @@ void rxrpc_process_call(struct work_struct *work)
901 834
902 /* there's a good chance we're going to have to send a message, so set 835 /* there's a good chance we're going to have to send a message, so set
903 * one up in advance */ 836 * one up in advance */
904 msg.msg_name = &call->conn->trans->peer->srx.transport.sin; 837 msg.msg_name = &call->conn->trans->peer->srx.transport;
905 msg.msg_namelen = sizeof(call->conn->trans->peer->srx.transport.sin); 838 msg.msg_namelen = call->conn->trans->peer->srx.transport_len;
906 msg.msg_control = NULL; 839 msg.msg_control = NULL;
907 msg.msg_controllen = 0; 840 msg.msg_controllen = 0;
908 msg.msg_flags = 0; 841 msg.msg_flags = 0;
@@ -973,7 +906,7 @@ void rxrpc_process_call(struct work_struct *work)
973 ECONNABORTED, true) < 0) 906 ECONNABORTED, true) < 0)
974 goto no_mem; 907 goto no_mem;
975 whdr.type = RXRPC_PACKET_TYPE_ABORT; 908 whdr.type = RXRPC_PACKET_TYPE_ABORT;
976 data = htonl(call->abort_code); 909 data = htonl(call->local_abort);
977 iov[1].iov_base = &data; 910 iov[1].iov_base = &data;
978 iov[1].iov_len = sizeof(data); 911 iov[1].iov_len = sizeof(data);
979 genbit = RXRPC_CALL_EV_ABORT; 912 genbit = RXRPC_CALL_EV_ABORT;
@@ -1036,7 +969,7 @@ void rxrpc_process_call(struct work_struct *work)
1036 write_lock_bh(&call->state_lock); 969 write_lock_bh(&call->state_lock);
1037 if (call->state <= RXRPC_CALL_COMPLETE) { 970 if (call->state <= RXRPC_CALL_COMPLETE) {
1038 call->state = RXRPC_CALL_LOCALLY_ABORTED; 971 call->state = RXRPC_CALL_LOCALLY_ABORTED;
1039 call->abort_code = RX_CALL_TIMEOUT; 972 call->local_abort = RX_CALL_TIMEOUT;
1040 set_bit(RXRPC_CALL_EV_ABORT, &call->events); 973 set_bit(RXRPC_CALL_EV_ABORT, &call->events);
1041 } 974 }
1042 write_unlock_bh(&call->state_lock); 975 write_unlock_bh(&call->state_lock);
diff --git a/net/rxrpc/ar-call.c b/net/rxrpc/ar-call.c
index 7c8d300ade9b..571a41fd5a32 100644
--- a/net/rxrpc/ar-call.c
+++ b/net/rxrpc/ar-call.c
@@ -411,18 +411,17 @@ found_extant_second:
411 */ 411 */
412struct rxrpc_call *rxrpc_incoming_call(struct rxrpc_sock *rx, 412struct rxrpc_call *rxrpc_incoming_call(struct rxrpc_sock *rx,
413 struct rxrpc_connection *conn, 413 struct rxrpc_connection *conn,
414 struct rxrpc_host_header *hdr, 414 struct rxrpc_host_header *hdr)
415 gfp_t gfp)
416{ 415{
417 struct rxrpc_call *call, *candidate; 416 struct rxrpc_call *call, *candidate;
418 struct rb_node **p, *parent; 417 struct rb_node **p, *parent;
419 u32 call_id; 418 u32 call_id;
420 419
421 _enter(",%d,,%x", conn->debug_id, gfp); 420 _enter(",%d", conn->debug_id);
422 421
423 ASSERT(rx != NULL); 422 ASSERT(rx != NULL);
424 423
425 candidate = rxrpc_alloc_call(gfp); 424 candidate = rxrpc_alloc_call(GFP_NOIO);
426 if (!candidate) 425 if (!candidate)
427 return ERR_PTR(-EBUSY); 426 return ERR_PTR(-EBUSY);
428 427
@@ -682,7 +681,7 @@ void rxrpc_release_call(struct rxrpc_call *call)
682 call->state != RXRPC_CALL_CLIENT_FINAL_ACK) { 681 call->state != RXRPC_CALL_CLIENT_FINAL_ACK) {
683 _debug("+++ ABORTING STATE %d +++\n", call->state); 682 _debug("+++ ABORTING STATE %d +++\n", call->state);
684 call->state = RXRPC_CALL_LOCALLY_ABORTED; 683 call->state = RXRPC_CALL_LOCALLY_ABORTED;
685 call->abort_code = RX_CALL_DEAD; 684 call->local_abort = RX_CALL_DEAD;
686 set_bit(RXRPC_CALL_EV_ABORT, &call->events); 685 set_bit(RXRPC_CALL_EV_ABORT, &call->events);
687 rxrpc_queue_call(call); 686 rxrpc_queue_call(call);
688 } 687 }
@@ -758,7 +757,7 @@ static void rxrpc_mark_call_released(struct rxrpc_call *call)
758 if (call->state < RXRPC_CALL_COMPLETE) { 757 if (call->state < RXRPC_CALL_COMPLETE) {
759 _debug("abort call %p", call); 758 _debug("abort call %p", call);
760 call->state = RXRPC_CALL_LOCALLY_ABORTED; 759 call->state = RXRPC_CALL_LOCALLY_ABORTED;
761 call->abort_code = RX_CALL_DEAD; 760 call->local_abort = RX_CALL_DEAD;
762 if (!test_and_set_bit(RXRPC_CALL_EV_ABORT, &call->events)) 761 if (!test_and_set_bit(RXRPC_CALL_EV_ABORT, &call->events))
763 sched = true; 762 sched = true;
764 } 763 }
diff --git a/net/rxrpc/ar-connection.c b/net/rxrpc/ar-connection.c
index 9942da1edbf6..97f4fae74bca 100644
--- a/net/rxrpc/ar-connection.c
+++ b/net/rxrpc/ar-connection.c
@@ -207,6 +207,7 @@ static struct rxrpc_connection *rxrpc_alloc_connection(gfp_t gfp)
207 INIT_LIST_HEAD(&conn->bundle_link); 207 INIT_LIST_HEAD(&conn->bundle_link);
208 conn->calls = RB_ROOT; 208 conn->calls = RB_ROOT;
209 skb_queue_head_init(&conn->rx_queue); 209 skb_queue_head_init(&conn->rx_queue);
210 conn->security = &rxrpc_no_security;
210 rwlock_init(&conn->lock); 211 rwlock_init(&conn->lock);
211 spin_lock_init(&conn->state_lock); 212 spin_lock_init(&conn->state_lock);
212 atomic_set(&conn->usage, 1); 213 atomic_set(&conn->usage, 1);
@@ -564,8 +565,7 @@ int rxrpc_connect_call(struct rxrpc_sock *rx,
564 candidate->debug_id, candidate->trans->debug_id); 565 candidate->debug_id, candidate->trans->debug_id);
565 566
566 rxrpc_assign_connection_id(candidate); 567 rxrpc_assign_connection_id(candidate);
567 if (candidate->security) 568 candidate->security->prime_packet_security(candidate);
568 candidate->security->prime_packet_security(candidate);
569 569
570 /* leave the candidate lurking in zombie mode attached to the 570 /* leave the candidate lurking in zombie mode attached to the
571 * bundle until we're ready for it */ 571 * bundle until we're ready for it */
@@ -619,8 +619,7 @@ interrupted:
619 */ 619 */
620struct rxrpc_connection * 620struct rxrpc_connection *
621rxrpc_incoming_connection(struct rxrpc_transport *trans, 621rxrpc_incoming_connection(struct rxrpc_transport *trans,
622 struct rxrpc_host_header *hdr, 622 struct rxrpc_host_header *hdr)
623 gfp_t gfp)
624{ 623{
625 struct rxrpc_connection *conn, *candidate = NULL; 624 struct rxrpc_connection *conn, *candidate = NULL;
626 struct rb_node *p, **pp; 625 struct rb_node *p, **pp;
@@ -659,7 +658,7 @@ rxrpc_incoming_connection(struct rxrpc_transport *trans,
659 658
660 /* not yet present - create a candidate for a new record and then 659 /* not yet present - create a candidate for a new record and then
661 * redo the search */ 660 * redo the search */
662 candidate = rxrpc_alloc_connection(gfp); 661 candidate = rxrpc_alloc_connection(GFP_NOIO);
663 if (!candidate) { 662 if (!candidate) {
664 _leave(" = -ENOMEM"); 663 _leave(" = -ENOMEM");
665 return ERR_PTR(-ENOMEM); 664 return ERR_PTR(-ENOMEM);
@@ -831,7 +830,10 @@ static void rxrpc_destroy_connection(struct rxrpc_connection *conn)
831 ASSERT(RB_EMPTY_ROOT(&conn->calls)); 830 ASSERT(RB_EMPTY_ROOT(&conn->calls));
832 rxrpc_purge_queue(&conn->rx_queue); 831 rxrpc_purge_queue(&conn->rx_queue);
833 832
834 rxrpc_clear_conn_security(conn); 833 conn->security->clear(conn);
834 key_put(conn->key);
835 key_put(conn->server_key);
836
835 rxrpc_put_transport(conn->trans); 837 rxrpc_put_transport(conn->trans);
836 kfree(conn); 838 kfree(conn);
837 _leave(""); 839 _leave("");
diff --git a/net/rxrpc/ar-connevent.c b/net/rxrpc/ar-connevent.c
index 1bdaaed8cdc4..5f9563968a5b 100644
--- a/net/rxrpc/ar-connevent.c
+++ b/net/rxrpc/ar-connevent.c
@@ -40,11 +40,13 @@ static void rxrpc_abort_calls(struct rxrpc_connection *conn, int state,
40 write_lock(&call->state_lock); 40 write_lock(&call->state_lock);
41 if (call->state <= RXRPC_CALL_COMPLETE) { 41 if (call->state <= RXRPC_CALL_COMPLETE) {
42 call->state = state; 42 call->state = state;
43 call->abort_code = abort_code; 43 if (state == RXRPC_CALL_LOCALLY_ABORTED) {
44 if (state == RXRPC_CALL_LOCALLY_ABORTED) 44 call->local_abort = conn->local_abort;
45 set_bit(RXRPC_CALL_EV_CONN_ABORT, &call->events); 45 set_bit(RXRPC_CALL_EV_CONN_ABORT, &call->events);
46 else 46 } else {
47 call->remote_abort = conn->remote_abort;
47 set_bit(RXRPC_CALL_EV_RCVD_ABORT, &call->events); 48 set_bit(RXRPC_CALL_EV_RCVD_ABORT, &call->events);
49 }
48 rxrpc_queue_call(call); 50 rxrpc_queue_call(call);
49 } 51 }
50 write_unlock(&call->state_lock); 52 write_unlock(&call->state_lock);
@@ -84,8 +86,8 @@ static int rxrpc_abort_connection(struct rxrpc_connection *conn,
84 86
85 rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, abort_code); 87 rxrpc_abort_calls(conn, RXRPC_CALL_LOCALLY_ABORTED, abort_code);
86 88
87 msg.msg_name = &conn->trans->peer->srx.transport.sin; 89 msg.msg_name = &conn->trans->peer->srx.transport;
88 msg.msg_namelen = sizeof(conn->trans->peer->srx.transport.sin); 90 msg.msg_namelen = conn->trans->peer->srx.transport_len;
89 msg.msg_control = NULL; 91 msg.msg_control = NULL;
90 msg.msg_controllen = 0; 92 msg.msg_controllen = 0;
91 msg.msg_flags = 0; 93 msg.msg_flags = 0;
@@ -101,7 +103,7 @@ static int rxrpc_abort_connection(struct rxrpc_connection *conn,
101 whdr._rsvd = 0; 103 whdr._rsvd = 0;
102 whdr.serviceId = htons(conn->service_id); 104 whdr.serviceId = htons(conn->service_id);
103 105
104 word = htonl(abort_code); 106 word = htonl(conn->local_abort);
105 107
106 iov[0].iov_base = &whdr; 108 iov[0].iov_base = &whdr;
107 iov[0].iov_len = sizeof(whdr); 109 iov[0].iov_len = sizeof(whdr);
@@ -112,7 +114,7 @@ static int rxrpc_abort_connection(struct rxrpc_connection *conn,
112 114
113 serial = atomic_inc_return(&conn->serial); 115 serial = atomic_inc_return(&conn->serial);
114 whdr.serial = htonl(serial); 116 whdr.serial = htonl(serial);
115 _proto("Tx CONN ABORT %%%u { %d }", serial, abort_code); 117 _proto("Tx CONN ABORT %%%u { %d }", serial, conn->local_abort);
116 118
117 ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 2, len); 119 ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 2, len);
118 if (ret < 0) { 120 if (ret < 0) {
@@ -172,15 +174,10 @@ static int rxrpc_process_event(struct rxrpc_connection *conn,
172 return -ECONNABORTED; 174 return -ECONNABORTED;
173 175
174 case RXRPC_PACKET_TYPE_CHALLENGE: 176 case RXRPC_PACKET_TYPE_CHALLENGE:
175 if (conn->security) 177 return conn->security->respond_to_challenge(conn, skb,
176 return conn->security->respond_to_challenge( 178 _abort_code);
177 conn, skb, _abort_code);
178 return -EPROTO;
179 179
180 case RXRPC_PACKET_TYPE_RESPONSE: 180 case RXRPC_PACKET_TYPE_RESPONSE:
181 if (!conn->security)
182 return -EPROTO;
183
184 ret = conn->security->verify_response(conn, skb, _abort_code); 181 ret = conn->security->verify_response(conn, skb, _abort_code);
185 if (ret < 0) 182 if (ret < 0)
186 return ret; 183 return ret;
@@ -236,8 +233,6 @@ static void rxrpc_secure_connection(struct rxrpc_connection *conn)
236 } 233 }
237 } 234 }
238 235
239 ASSERT(conn->security != NULL);
240
241 if (conn->security->issue_challenge(conn) < 0) { 236 if (conn->security->issue_challenge(conn) < 0) {
242 abort_code = RX_CALL_DEAD; 237 abort_code = RX_CALL_DEAD;
243 ret = -ENOMEM; 238 ret = -ENOMEM;
diff --git a/net/rxrpc/ar-input.c b/net/rxrpc/ar-input.c
index 4824a827d10d..01e038146b7c 100644
--- a/net/rxrpc/ar-input.c
+++ b/net/rxrpc/ar-input.c
@@ -25,12 +25,6 @@
25#include <net/net_namespace.h> 25#include <net/net_namespace.h>
26#include "ar-internal.h" 26#include "ar-internal.h"
27 27
28const char *rxrpc_pkts[] = {
29 "?00",
30 "DATA", "ACK", "BUSY", "ABORT", "ACKALL", "CHALL", "RESP", "DEBUG",
31 "?09", "?10", "?11", "?12", "VERSION", "?14", "?15"
32};
33
34/* 28/*
35 * queue a packet for recvmsg to pass to userspace 29 * queue a packet for recvmsg to pass to userspace
36 * - the caller must hold a lock on call->lock 30 * - the caller must hold a lock on call->lock
@@ -199,7 +193,7 @@ static int rxrpc_fast_process_data(struct rxrpc_call *call,
199 193
200 /* if the packet need security things doing to it, then it goes down 194 /* if the packet need security things doing to it, then it goes down
201 * the slow path */ 195 * the slow path */
202 if (call->conn->security) 196 if (call->conn->security_ix)
203 goto enqueue_packet; 197 goto enqueue_packet;
204 198
205 sp->call = call; 199 sp->call = call;
@@ -355,7 +349,7 @@ void rxrpc_fast_process_packet(struct rxrpc_call *call, struct sk_buff *skb)
355 write_lock_bh(&call->state_lock); 349 write_lock_bh(&call->state_lock);
356 if (call->state < RXRPC_CALL_COMPLETE) { 350 if (call->state < RXRPC_CALL_COMPLETE) {
357 call->state = RXRPC_CALL_REMOTELY_ABORTED; 351 call->state = RXRPC_CALL_REMOTELY_ABORTED;
358 call->abort_code = abort_code; 352 call->remote_abort = abort_code;
359 set_bit(RXRPC_CALL_EV_RCVD_ABORT, &call->events); 353 set_bit(RXRPC_CALL_EV_RCVD_ABORT, &call->events);
360 rxrpc_queue_call(call); 354 rxrpc_queue_call(call);
361 } 355 }
@@ -428,7 +422,7 @@ protocol_error:
428protocol_error_locked: 422protocol_error_locked:
429 if (call->state <= RXRPC_CALL_COMPLETE) { 423 if (call->state <= RXRPC_CALL_COMPLETE) {
430 call->state = RXRPC_CALL_LOCALLY_ABORTED; 424 call->state = RXRPC_CALL_LOCALLY_ABORTED;
431 call->abort_code = RX_PROTOCOL_ERROR; 425 call->local_abort = RX_PROTOCOL_ERROR;
432 set_bit(RXRPC_CALL_EV_ABORT, &call->events); 426 set_bit(RXRPC_CALL_EV_ABORT, &call->events);
433 rxrpc_queue_call(call); 427 rxrpc_queue_call(call);
434 } 428 }
@@ -500,7 +494,7 @@ protocol_error:
500 write_lock_bh(&call->state_lock); 494 write_lock_bh(&call->state_lock);
501 if (call->state <= RXRPC_CALL_COMPLETE) { 495 if (call->state <= RXRPC_CALL_COMPLETE) {
502 call->state = RXRPC_CALL_LOCALLY_ABORTED; 496 call->state = RXRPC_CALL_LOCALLY_ABORTED;
503 call->abort_code = RX_PROTOCOL_ERROR; 497 call->local_abort = RX_PROTOCOL_ERROR;
504 set_bit(RXRPC_CALL_EV_ABORT, &call->events); 498 set_bit(RXRPC_CALL_EV_ABORT, &call->events);
505 rxrpc_queue_call(call); 499 rxrpc_queue_call(call);
506 } 500 }
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index cd6cdbe87125..f0b807a163fa 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -9,6 +9,7 @@
9 * 2 of the License, or (at your option) any later version. 9 * 2 of the License, or (at your option) any later version.
10 */ 10 */
11 11
12#include <net/sock.h>
12#include <rxrpc/packet.h> 13#include <rxrpc/packet.h>
13 14
14#if 0 15#if 0
@@ -124,11 +125,15 @@ enum rxrpc_command {
124 * RxRPC security module interface 125 * RxRPC security module interface
125 */ 126 */
126struct rxrpc_security { 127struct rxrpc_security {
127 struct module *owner; /* providing module */
128 struct list_head link; /* link in master list */
129 const char *name; /* name of this service */ 128 const char *name; /* name of this service */
130 u8 security_index; /* security type provided */ 129 u8 security_index; /* security type provided */
131 130
131 /* Initialise a security service */
132 int (*init)(void);
133
134 /* Clean up a security service */
135 void (*exit)(void);
136
132 /* initialise a connection's security */ 137 /* initialise a connection's security */
133 int (*init_connection_security)(struct rxrpc_connection *); 138 int (*init_connection_security)(struct rxrpc_connection *);
134 139
@@ -268,7 +273,7 @@ struct rxrpc_connection {
268 struct rb_root calls; /* calls on this connection */ 273 struct rb_root calls; /* calls on this connection */
269 struct sk_buff_head rx_queue; /* received conn-level packets */ 274 struct sk_buff_head rx_queue; /* received conn-level packets */
270 struct rxrpc_call *channels[RXRPC_MAXCALLS]; /* channels (active calls) */ 275 struct rxrpc_call *channels[RXRPC_MAXCALLS]; /* channels (active calls) */
271 struct rxrpc_security *security; /* applied security module */ 276 const struct rxrpc_security *security; /* applied security module */
272 struct key *key; /* security for this connection (client) */ 277 struct key *key; /* security for this connection (client) */
273 struct key *server_key; /* security for this service */ 278 struct key *server_key; /* security for this service */
274 struct crypto_skcipher *cipher; /* encryption handle */ 279 struct crypto_skcipher *cipher; /* encryption handle */
@@ -289,7 +294,9 @@ struct rxrpc_connection {
289 RXRPC_CONN_LOCALLY_ABORTED, /* - conn aborted locally */ 294 RXRPC_CONN_LOCALLY_ABORTED, /* - conn aborted locally */
290 RXRPC_CONN_NETWORK_ERROR, /* - conn terminated by network error */ 295 RXRPC_CONN_NETWORK_ERROR, /* - conn terminated by network error */
291 } state; 296 } state;
292 int error; /* error code for local abort */ 297 u32 local_abort; /* local abort code */
298 u32 remote_abort; /* remote abort code */
299 int error; /* local error incurred */
293 int debug_id; /* debug ID for printks */ 300 int debug_id; /* debug ID for printks */
294 unsigned int call_counter; /* call ID counter */ 301 unsigned int call_counter; /* call ID counter */
295 atomic_t serial; /* packet serial number counter */ 302 atomic_t serial; /* packet serial number counter */
@@ -399,7 +406,9 @@ struct rxrpc_call {
399 rwlock_t state_lock; /* lock for state transition */ 406 rwlock_t state_lock; /* lock for state transition */
400 atomic_t usage; 407 atomic_t usage;
401 atomic_t sequence; /* Tx data packet sequence counter */ 408 atomic_t sequence; /* Tx data packet sequence counter */
402 u32 abort_code; /* local/remote abort code */ 409 u32 local_abort; /* local abort code */
410 u32 remote_abort; /* remote abort code */
411 int error; /* local error incurred */
403 enum rxrpc_call_state state : 8; /* current state of call */ 412 enum rxrpc_call_state state : 8; /* current state of call */
404 int debug_id; /* debug ID for printks */ 413 int debug_id; /* debug ID for printks */
405 u8 channel; /* connection channel occupied by this call */ 414 u8 channel; /* connection channel occupied by this call */
@@ -453,7 +462,7 @@ static inline void rxrpc_abort_call(struct rxrpc_call *call, u32 abort_code)
453{ 462{
454 write_lock_bh(&call->state_lock); 463 write_lock_bh(&call->state_lock);
455 if (call->state < RXRPC_CALL_COMPLETE) { 464 if (call->state < RXRPC_CALL_COMPLETE) {
456 call->abort_code = abort_code; 465 call->local_abort = abort_code;
457 call->state = RXRPC_CALL_LOCALLY_ABORTED; 466 call->state = RXRPC_CALL_LOCALLY_ABORTED;
458 set_bit(RXRPC_CALL_EV_ABORT, &call->events); 467 set_bit(RXRPC_CALL_EV_ABORT, &call->events);
459 } 468 }
@@ -478,13 +487,6 @@ int rxrpc_reject_call(struct rxrpc_sock *);
478/* 487/*
479 * ar-ack.c 488 * ar-ack.c
480 */ 489 */
481extern unsigned int rxrpc_requested_ack_delay;
482extern unsigned int rxrpc_soft_ack_delay;
483extern unsigned int rxrpc_idle_ack_delay;
484extern unsigned int rxrpc_rx_window_size;
485extern unsigned int rxrpc_rx_mtu;
486extern unsigned int rxrpc_rx_jumbo_max;
487
488void __rxrpc_propose_ACK(struct rxrpc_call *, u8, u32, bool); 490void __rxrpc_propose_ACK(struct rxrpc_call *, u8, u32, bool);
489void rxrpc_propose_ACK(struct rxrpc_call *, u8, u32, bool); 491void rxrpc_propose_ACK(struct rxrpc_call *, u8, u32, bool);
490void rxrpc_process_call(struct work_struct *); 492void rxrpc_process_call(struct work_struct *);
@@ -506,7 +508,7 @@ struct rxrpc_call *rxrpc_get_client_call(struct rxrpc_sock *,
506 unsigned long, int, gfp_t); 508 unsigned long, int, gfp_t);
507struct rxrpc_call *rxrpc_incoming_call(struct rxrpc_sock *, 509struct rxrpc_call *rxrpc_incoming_call(struct rxrpc_sock *,
508 struct rxrpc_connection *, 510 struct rxrpc_connection *,
509 struct rxrpc_host_header *, gfp_t); 511 struct rxrpc_host_header *);
510struct rxrpc_call *rxrpc_find_server_call(struct rxrpc_sock *, unsigned long); 512struct rxrpc_call *rxrpc_find_server_call(struct rxrpc_sock *, unsigned long);
511void rxrpc_release_call(struct rxrpc_call *); 513void rxrpc_release_call(struct rxrpc_call *);
512void rxrpc_release_calls_on_socket(struct rxrpc_sock *); 514void rxrpc_release_calls_on_socket(struct rxrpc_sock *);
@@ -531,8 +533,7 @@ void __exit rxrpc_destroy_all_connections(void);
531struct rxrpc_connection *rxrpc_find_connection(struct rxrpc_transport *, 533struct rxrpc_connection *rxrpc_find_connection(struct rxrpc_transport *,
532 struct rxrpc_host_header *); 534 struct rxrpc_host_header *);
533extern struct rxrpc_connection * 535extern struct rxrpc_connection *
534rxrpc_incoming_connection(struct rxrpc_transport *, struct rxrpc_host_header *, 536rxrpc_incoming_connection(struct rxrpc_transport *, struct rxrpc_host_header *);
535 gfp_t);
536 537
537/* 538/*
538 * ar-connevent.c 539 * ar-connevent.c
@@ -550,8 +551,6 @@ void rxrpc_UDP_error_handler(struct work_struct *);
550/* 551/*
551 * ar-input.c 552 * ar-input.c
552 */ 553 */
553extern const char *rxrpc_pkts[];
554
555void rxrpc_data_ready(struct sock *); 554void rxrpc_data_ready(struct sock *);
556int rxrpc_queue_rcv_skb(struct rxrpc_call *, struct sk_buff *, bool, bool); 555int rxrpc_queue_rcv_skb(struct rxrpc_call *, struct sk_buff *, bool, bool);
557void rxrpc_fast_process_packet(struct rxrpc_call *, struct sk_buff *); 556void rxrpc_fast_process_packet(struct rxrpc_call *, struct sk_buff *);
@@ -610,14 +609,10 @@ int rxrpc_recvmsg(struct socket *, struct msghdr *, size_t, int);
610/* 609/*
611 * ar-security.c 610 * ar-security.c
612 */ 611 */
613int rxrpc_register_security(struct rxrpc_security *); 612int __init rxrpc_init_security(void);
614void rxrpc_unregister_security(struct rxrpc_security *); 613void rxrpc_exit_security(void);
615int rxrpc_init_client_conn_security(struct rxrpc_connection *); 614int rxrpc_init_client_conn_security(struct rxrpc_connection *);
616int rxrpc_init_server_conn_security(struct rxrpc_connection *); 615int rxrpc_init_server_conn_security(struct rxrpc_connection *);
617int rxrpc_secure_packet(const struct rxrpc_call *, struct sk_buff *, size_t,
618 void *);
619int rxrpc_verify_packet(const struct rxrpc_call *, struct sk_buff *, u32 *);
620void rxrpc_clear_conn_security(struct rxrpc_connection *);
621 616
622/* 617/*
623 * ar-skbuff.c 618 * ar-skbuff.c
@@ -637,6 +632,33 @@ struct rxrpc_transport *rxrpc_find_transport(struct rxrpc_local *,
637 struct rxrpc_peer *); 632 struct rxrpc_peer *);
638 633
639/* 634/*
635 * insecure.c
636 */
637extern const struct rxrpc_security rxrpc_no_security;
638
639/*
640 * misc.c
641 */
642extern unsigned int rxrpc_requested_ack_delay;
643extern unsigned int rxrpc_soft_ack_delay;
644extern unsigned int rxrpc_idle_ack_delay;
645extern unsigned int rxrpc_rx_window_size;
646extern unsigned int rxrpc_rx_mtu;
647extern unsigned int rxrpc_rx_jumbo_max;
648
649extern const char *const rxrpc_pkts[];
650extern const s8 rxrpc_ack_priority[];
651
652extern const char *rxrpc_acks(u8 reason);
653
654/*
655 * rxkad.c
656 */
657#ifdef CONFIG_RXKAD
658extern const struct rxrpc_security rxkad;
659#endif
660
661/*
640 * sysctl.c 662 * sysctl.c
641 */ 663 */
642#ifdef CONFIG_SYSCTL 664#ifdef CONFIG_SYSCTL
diff --git a/net/rxrpc/ar-output.c b/net/rxrpc/ar-output.c
index d36fb6e1a29c..51cb10062a8d 100644
--- a/net/rxrpc/ar-output.c
+++ b/net/rxrpc/ar-output.c
@@ -110,7 +110,7 @@ static void rxrpc_send_abort(struct rxrpc_call *call, u32 abort_code)
110 110
111 if (call->state <= RXRPC_CALL_COMPLETE) { 111 if (call->state <= RXRPC_CALL_COMPLETE) {
112 call->state = RXRPC_CALL_LOCALLY_ABORTED; 112 call->state = RXRPC_CALL_LOCALLY_ABORTED;
113 call->abort_code = abort_code; 113 call->local_abort = abort_code;
114 set_bit(RXRPC_CALL_EV_ABORT, &call->events); 114 set_bit(RXRPC_CALL_EV_ABORT, &call->events);
115 del_timer_sync(&call->resend_timer); 115 del_timer_sync(&call->resend_timer);
116 del_timer_sync(&call->ack_timer); 116 del_timer_sync(&call->ack_timer);
@@ -663,7 +663,7 @@ static int rxrpc_send_data(struct rxrpc_sock *rx,
663 size_t pad; 663 size_t pad;
664 664
665 /* pad out if we're using security */ 665 /* pad out if we're using security */
666 if (conn->security) { 666 if (conn->security_ix) {
667 pad = conn->security_size + skb->mark; 667 pad = conn->security_size + skb->mark;
668 pad = conn->size_align - pad; 668 pad = conn->size_align - pad;
669 pad &= conn->size_align - 1; 669 pad &= conn->size_align - 1;
@@ -695,7 +695,7 @@ static int rxrpc_send_data(struct rxrpc_sock *rx,
695 if (more && seq & 1) 695 if (more && seq & 1)
696 sp->hdr.flags |= RXRPC_REQUEST_ACK; 696 sp->hdr.flags |= RXRPC_REQUEST_ACK;
697 697
698 ret = rxrpc_secure_packet( 698 ret = conn->security->secure_packet(
699 call, skb, skb->mark, 699 call, skb, skb->mark,
700 skb->head + sizeof(struct rxrpc_wire_header)); 700 skb->head + sizeof(struct rxrpc_wire_header));
701 if (ret < 0) 701 if (ret < 0)
diff --git a/net/rxrpc/ar-proc.c b/net/rxrpc/ar-proc.c
index 525b2ba5a8f4..225163bc658d 100644
--- a/net/rxrpc/ar-proc.c
+++ b/net/rxrpc/ar-proc.c
@@ -80,7 +80,7 @@ static int rxrpc_call_seq_show(struct seq_file *seq, void *v)
80 call->conn->in_clientflag ? "Svc" : "Clt", 80 call->conn->in_clientflag ? "Svc" : "Clt",
81 atomic_read(&call->usage), 81 atomic_read(&call->usage),
82 rxrpc_call_states[call->state], 82 rxrpc_call_states[call->state],
83 call->abort_code, 83 call->remote_abort ?: call->local_abort,
84 call->user_call_ID); 84 call->user_call_ID);
85 85
86 return 0; 86 return 0;
diff --git a/net/rxrpc/ar-recvmsg.c b/net/rxrpc/ar-recvmsg.c
index 64facba24a45..160f0927aa3e 100644
--- a/net/rxrpc/ar-recvmsg.c
+++ b/net/rxrpc/ar-recvmsg.c
@@ -288,7 +288,11 @@ receive_non_data_message:
288 ret = put_cmsg(msg, SOL_RXRPC, RXRPC_BUSY, 0, &abort_code); 288 ret = put_cmsg(msg, SOL_RXRPC, RXRPC_BUSY, 0, &abort_code);
289 break; 289 break;
290 case RXRPC_SKB_MARK_REMOTE_ABORT: 290 case RXRPC_SKB_MARK_REMOTE_ABORT:
291 abort_code = call->abort_code; 291 abort_code = call->remote_abort;
292 ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ABORT, 4, &abort_code);
293 break;
294 case RXRPC_SKB_MARK_LOCAL_ABORT:
295 abort_code = call->local_abort;
292 ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ABORT, 4, &abort_code); 296 ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ABORT, 4, &abort_code);
293 break; 297 break;
294 case RXRPC_SKB_MARK_NET_ERROR: 298 case RXRPC_SKB_MARK_NET_ERROR:
@@ -303,6 +307,7 @@ receive_non_data_message:
303 &abort_code); 307 &abort_code);
304 break; 308 break;
305 default: 309 default:
310 pr_err("RxRPC: Unknown packet mark %u\n", skb->mark);
306 BUG(); 311 BUG();
307 break; 312 break;
308 } 313 }
@@ -401,9 +406,14 @@ u32 rxrpc_kernel_get_abort_code(struct sk_buff *skb)
401{ 406{
402 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 407 struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
403 408
404 ASSERTCMP(skb->mark, ==, RXRPC_SKB_MARK_REMOTE_ABORT); 409 switch (skb->mark) {
405 410 case RXRPC_SKB_MARK_REMOTE_ABORT:
406 return sp->call->abort_code; 411 return sp->call->remote_abort;
412 case RXRPC_SKB_MARK_LOCAL_ABORT:
413 return sp->call->local_abort;
414 default:
415 BUG();
416 }
407} 417}
408 418
409EXPORT_SYMBOL(rxrpc_kernel_get_abort_code); 419EXPORT_SYMBOL(rxrpc_kernel_get_abort_code);
diff --git a/net/rxrpc/ar-security.c b/net/rxrpc/ar-security.c
index ceff6394a65f..d223253b22fa 100644
--- a/net/rxrpc/ar-security.c
+++ b/net/rxrpc/ar-security.c
@@ -22,109 +22,60 @@
22static LIST_HEAD(rxrpc_security_methods); 22static LIST_HEAD(rxrpc_security_methods);
23static DECLARE_RWSEM(rxrpc_security_sem); 23static DECLARE_RWSEM(rxrpc_security_sem);
24 24
25/* 25static const struct rxrpc_security *rxrpc_security_types[] = {
26 * get an RxRPC security module 26 [RXRPC_SECURITY_NONE] = &rxrpc_no_security,
27 */ 27#ifdef CONFIG_RXKAD
28static struct rxrpc_security *rxrpc_security_get(struct rxrpc_security *sec) 28 [RXRPC_SECURITY_RXKAD] = &rxkad,
29{ 29#endif
30 return try_module_get(sec->owner) ? sec : NULL; 30};
31} 31
32 32int __init rxrpc_init_security(void)
33/*
34 * release an RxRPC security module
35 */
36static void rxrpc_security_put(struct rxrpc_security *sec)
37{ 33{
38 module_put(sec->owner); 34 int i, ret;
39}
40
41/*
42 * look up an rxrpc security module
43 */
44static struct rxrpc_security *rxrpc_security_lookup(u8 security_index)
45{
46 struct rxrpc_security *sec = NULL;
47
48 _enter("");
49 35
50 down_read(&rxrpc_security_sem); 36 for (i = 0; i < ARRAY_SIZE(rxrpc_security_types); i++) {
51 37 if (rxrpc_security_types[i]) {
52 list_for_each_entry(sec, &rxrpc_security_methods, link) { 38 ret = rxrpc_security_types[i]->init();
53 if (sec->security_index == security_index) { 39 if (ret < 0)
54 if (unlikely(!rxrpc_security_get(sec))) 40 goto failed;
55 break;
56 goto out;
57 } 41 }
58 } 42 }
59 43
60 sec = NULL; 44 return 0;
61out: 45
62 up_read(&rxrpc_security_sem); 46failed:
63 _leave(" = %p [%s]", sec, sec ? sec->name : ""); 47 for (i--; i >= 0; i--)
64 return sec; 48 if (rxrpc_security_types[i])
49 rxrpc_security_types[i]->exit();
50 return ret;
65} 51}
66 52
67/** 53void rxrpc_exit_security(void)
68 * rxrpc_register_security - register an RxRPC security handler
69 * @sec: security module
70 *
71 * register an RxRPC security handler for use by RxRPC
72 */
73int rxrpc_register_security(struct rxrpc_security *sec)
74{ 54{
75 struct rxrpc_security *psec; 55 int i;
76 int ret;
77 56
78 _enter(""); 57 for (i = 0; i < ARRAY_SIZE(rxrpc_security_types); i++)
79 down_write(&rxrpc_security_sem); 58 if (rxrpc_security_types[i])
80 59 rxrpc_security_types[i]->exit();
81 ret = -EEXIST;
82 list_for_each_entry(psec, &rxrpc_security_methods, link) {
83 if (psec->security_index == sec->security_index)
84 goto out;
85 }
86
87 list_add(&sec->link, &rxrpc_security_methods);
88
89 printk(KERN_NOTICE "RxRPC: Registered security type %d '%s'\n",
90 sec->security_index, sec->name);
91 ret = 0;
92
93out:
94 up_write(&rxrpc_security_sem);
95 _leave(" = %d", ret);
96 return ret;
97} 60}
98 61
99EXPORT_SYMBOL_GPL(rxrpc_register_security); 62/*
100 63 * look up an rxrpc security module
101/**
102 * rxrpc_unregister_security - unregister an RxRPC security handler
103 * @sec: security module
104 *
105 * unregister an RxRPC security handler
106 */ 64 */
107void rxrpc_unregister_security(struct rxrpc_security *sec) 65static const struct rxrpc_security *rxrpc_security_lookup(u8 security_index)
108{ 66{
109 67 if (security_index >= ARRAY_SIZE(rxrpc_security_types))
110 _enter(""); 68 return NULL;
111 down_write(&rxrpc_security_sem); 69 return rxrpc_security_types[security_index];
112 list_del_init(&sec->link);
113 up_write(&rxrpc_security_sem);
114
115 printk(KERN_NOTICE "RxRPC: Unregistered security type %d '%s'\n",
116 sec->security_index, sec->name);
117} 70}
118 71
119EXPORT_SYMBOL_GPL(rxrpc_unregister_security);
120
121/* 72/*
122 * initialise the security on a client connection 73 * initialise the security on a client connection
123 */ 74 */
124int rxrpc_init_client_conn_security(struct rxrpc_connection *conn) 75int rxrpc_init_client_conn_security(struct rxrpc_connection *conn)
125{ 76{
77 const struct rxrpc_security *sec;
126 struct rxrpc_key_token *token; 78 struct rxrpc_key_token *token;
127 struct rxrpc_security *sec;
128 struct key *key = conn->key; 79 struct key *key = conn->key;
129 int ret; 80 int ret;
130 81
@@ -148,8 +99,7 @@ int rxrpc_init_client_conn_security(struct rxrpc_connection *conn)
148 99
149 ret = conn->security->init_connection_security(conn); 100 ret = conn->security->init_connection_security(conn);
150 if (ret < 0) { 101 if (ret < 0) {
151 rxrpc_security_put(conn->security); 102 conn->security = &rxrpc_no_security;
152 conn->security = NULL;
153 return ret; 103 return ret;
154 } 104 }
155 105
@@ -162,7 +112,7 @@ int rxrpc_init_client_conn_security(struct rxrpc_connection *conn)
162 */ 112 */
163int rxrpc_init_server_conn_security(struct rxrpc_connection *conn) 113int rxrpc_init_server_conn_security(struct rxrpc_connection *conn)
164{ 114{
165 struct rxrpc_security *sec; 115 const struct rxrpc_security *sec;
166 struct rxrpc_local *local = conn->trans->local; 116 struct rxrpc_local *local = conn->trans->local;
167 struct rxrpc_sock *rx; 117 struct rxrpc_sock *rx;
168 struct key *key; 118 struct key *key;
@@ -188,14 +138,12 @@ int rxrpc_init_server_conn_security(struct rxrpc_connection *conn)
188 138
189 /* the service appears to have died */ 139 /* the service appears to have died */
190 read_unlock_bh(&local->services_lock); 140 read_unlock_bh(&local->services_lock);
191 rxrpc_security_put(sec);
192 _leave(" = -ENOENT"); 141 _leave(" = -ENOENT");
193 return -ENOENT; 142 return -ENOENT;
194 143
195found_service: 144found_service:
196 if (!rx->securities) { 145 if (!rx->securities) {
197 read_unlock_bh(&local->services_lock); 146 read_unlock_bh(&local->services_lock);
198 rxrpc_security_put(sec);
199 _leave(" = -ENOKEY"); 147 _leave(" = -ENOKEY");
200 return -ENOKEY; 148 return -ENOKEY;
201 } 149 }
@@ -205,7 +153,6 @@ found_service:
205 &key_type_rxrpc_s, kdesc); 153 &key_type_rxrpc_s, kdesc);
206 if (IS_ERR(kref)) { 154 if (IS_ERR(kref)) {
207 read_unlock_bh(&local->services_lock); 155 read_unlock_bh(&local->services_lock);
208 rxrpc_security_put(sec);
209 _leave(" = %ld [search]", PTR_ERR(kref)); 156 _leave(" = %ld [search]", PTR_ERR(kref));
210 return PTR_ERR(kref); 157 return PTR_ERR(kref);
211 } 158 }
@@ -219,46 +166,3 @@ found_service:
219 _leave(" = 0"); 166 _leave(" = 0");
220 return 0; 167 return 0;
221} 168}
222
223/*
224 * secure a packet prior to transmission
225 */
226int rxrpc_secure_packet(const struct rxrpc_call *call,
227 struct sk_buff *skb,
228 size_t data_size,
229 void *sechdr)
230{
231 if (call->conn->security)
232 return call->conn->security->secure_packet(
233 call, skb, data_size, sechdr);
234 return 0;
235}
236
237/*
238 * secure a packet prior to transmission
239 */
240int rxrpc_verify_packet(const struct rxrpc_call *call, struct sk_buff *skb,
241 u32 *_abort_code)
242{
243 if (call->conn->security)
244 return call->conn->security->verify_packet(
245 call, skb, _abort_code);
246 return 0;
247}
248
249/*
250 * clear connection security
251 */
252void rxrpc_clear_conn_security(struct rxrpc_connection *conn)
253{
254 _enter("{%d}", conn->debug_id);
255
256 if (conn->security) {
257 conn->security->clear(conn);
258 rxrpc_security_put(conn->security);
259 conn->security = NULL;
260 }
261
262 key_put(conn->key);
263 key_put(conn->server_key);
264}
diff --git a/net/rxrpc/insecure.c b/net/rxrpc/insecure.c
new file mode 100644
index 000000000000..e571403613c1
--- /dev/null
+++ b/net/rxrpc/insecure.c
@@ -0,0 +1,83 @@
1/* Null security operations.
2 *
3 * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#include <net/af_rxrpc.h>
13#include "ar-internal.h"
14
15static int none_init_connection_security(struct rxrpc_connection *conn)
16{
17 return 0;
18}
19
20static void none_prime_packet_security(struct rxrpc_connection *conn)
21{
22}
23
24static int none_secure_packet(const struct rxrpc_call *call,
25 struct sk_buff *skb,
26 size_t data_size,
27 void *sechdr)
28{
29 return 0;
30}
31
32static int none_verify_packet(const struct rxrpc_call *call,
33 struct sk_buff *skb,
34 u32 *_abort_code)
35{
36 return 0;
37}
38
39static int none_respond_to_challenge(struct rxrpc_connection *conn,
40 struct sk_buff *skb,
41 u32 *_abort_code)
42{
43 *_abort_code = RX_PROTOCOL_ERROR;
44 return -EPROTO;
45}
46
47static int none_verify_response(struct rxrpc_connection *conn,
48 struct sk_buff *skb,
49 u32 *_abort_code)
50{
51 *_abort_code = RX_PROTOCOL_ERROR;
52 return -EPROTO;
53}
54
55static void none_clear(struct rxrpc_connection *conn)
56{
57}
58
59static int none_init(void)
60{
61 return 0;
62}
63
64static void none_exit(void)
65{
66}
67
68/*
69 * RxRPC Kerberos-based security
70 */
71const struct rxrpc_security rxrpc_no_security = {
72 .name = "none",
73 .security_index = RXRPC_SECURITY_NONE,
74 .init = none_init,
75 .exit = none_exit,
76 .init_connection_security = none_init_connection_security,
77 .prime_packet_security = none_prime_packet_security,
78 .secure_packet = none_secure_packet,
79 .verify_packet = none_verify_packet,
80 .respond_to_challenge = none_respond_to_challenge,
81 .verify_response = none_verify_response,
82 .clear = none_clear,
83};
diff --git a/net/rxrpc/misc.c b/net/rxrpc/misc.c
new file mode 100644
index 000000000000..1afe9876e79f
--- /dev/null
+++ b/net/rxrpc/misc.c
@@ -0,0 +1,89 @@
1/* Miscellaneous bits
2 *
3 * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#include <linux/kernel.h>
13#include <net/sock.h>
14#include <net/af_rxrpc.h>
15#include "ar-internal.h"
16
17/*
18 * How long to wait before scheduling ACK generation after seeing a
19 * packet with RXRPC_REQUEST_ACK set (in jiffies).
20 */
21unsigned int rxrpc_requested_ack_delay = 1;
22
23/*
24 * How long to wait before scheduling an ACK with subtype DELAY (in jiffies).
25 *
26 * We use this when we've received new data packets. If those packets aren't
27 * all consumed within this time we will send a DELAY ACK if an ACK was not
28 * requested to let the sender know it doesn't need to resend.
29 */
30unsigned int rxrpc_soft_ack_delay = 1 * HZ;
31
32/*
33 * How long to wait before scheduling an ACK with subtype IDLE (in jiffies).
34 *
35 * We use this when we've consumed some previously soft-ACK'd packets when
36 * further packets aren't immediately received to decide when to send an IDLE
37 * ACK let the other end know that it can free up its Tx buffer space.
38 */
39unsigned int rxrpc_idle_ack_delay = 0.5 * HZ;
40
41/*
42 * Receive window size in packets. This indicates the maximum number of
43 * unconsumed received packets we're willing to retain in memory. Once this
44 * limit is hit, we should generate an EXCEEDS_WINDOW ACK and discard further
45 * packets.
46 */
47unsigned int rxrpc_rx_window_size = 32;
48
49/*
50 * Maximum Rx MTU size. This indicates to the sender the size of jumbo packet
51 * made by gluing normal packets together that we're willing to handle.
52 */
53unsigned int rxrpc_rx_mtu = 5692;
54
55/*
56 * The maximum number of fragments in a received jumbo packet that we tell the
57 * sender that we're willing to handle.
58 */
59unsigned int rxrpc_rx_jumbo_max = 4;
60
61const char *const rxrpc_pkts[] = {
62 "?00",
63 "DATA", "ACK", "BUSY", "ABORT", "ACKALL", "CHALL", "RESP", "DEBUG",
64 "?09", "?10", "?11", "?12", "VERSION", "?14", "?15"
65};
66
67const s8 rxrpc_ack_priority[] = {
68 [0] = 0,
69 [RXRPC_ACK_DELAY] = 1,
70 [RXRPC_ACK_REQUESTED] = 2,
71 [RXRPC_ACK_IDLE] = 3,
72 [RXRPC_ACK_PING_RESPONSE] = 4,
73 [RXRPC_ACK_DUPLICATE] = 5,
74 [RXRPC_ACK_OUT_OF_SEQUENCE] = 6,
75 [RXRPC_ACK_EXCEEDS_WINDOW] = 7,
76 [RXRPC_ACK_NOSPACE] = 8,
77};
78
79const char *rxrpc_acks(u8 reason)
80{
81 static const char *const str[] = {
82 "---", "REQ", "DUP", "OOS", "WIN", "MEM", "PNG", "PNR", "DLY",
83 "IDL", "-?-"
84 };
85
86 if (reason >= ARRAY_SIZE(str))
87 reason = ARRAY_SIZE(str) - 1;
88 return str[reason];
89}
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index f0aeb8163688..6b726a046a7d 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -20,7 +20,6 @@
20#include <net/sock.h> 20#include <net/sock.h>
21#include <net/af_rxrpc.h> 21#include <net/af_rxrpc.h>
22#include <keys/rxrpc-type.h> 22#include <keys/rxrpc-type.h>
23#define rxrpc_debug rxkad_debug
24#include "ar-internal.h" 23#include "ar-internal.h"
25 24
26#define RXKAD_VERSION 2 25#define RXKAD_VERSION 2
@@ -31,10 +30,6 @@
31#define REALM_SZ 40 /* size of principal's auth domain */ 30#define REALM_SZ 40 /* size of principal's auth domain */
32#define SNAME_SZ 40 /* size of service name */ 31#define SNAME_SZ 40 /* size of service name */
33 32
34unsigned int rxrpc_debug;
35module_param_named(debug, rxrpc_debug, uint, S_IWUSR | S_IRUGO);
36MODULE_PARM_DESC(debug, "rxkad debugging mask");
37
38struct rxkad_level1_hdr { 33struct rxkad_level1_hdr {
39 __be32 data_size; /* true data size (excluding padding) */ 34 __be32 data_size; /* true data size (excluding padding) */
40}; 35};
@@ -44,10 +39,6 @@ struct rxkad_level2_hdr {
44 __be32 checksum; /* decrypted data checksum */ 39 __be32 checksum; /* decrypted data checksum */
45}; 40};
46 41
47MODULE_DESCRIPTION("RxRPC network protocol type-2 security (Kerberos 4)");
48MODULE_AUTHOR("Red Hat, Inc.");
49MODULE_LICENSE("GPL");
50
51/* 42/*
52 * this holds a pinned cipher so that keventd doesn't get called by the cipher 43 * this holds a pinned cipher so that keventd doesn't get called by the cipher
53 * alloc routine, but since we have it to hand, we use it to decrypt RESPONSE 44 * alloc routine, but since we have it to hand, we use it to decrypt RESPONSE
@@ -1164,12 +1155,35 @@ static void rxkad_clear(struct rxrpc_connection *conn)
1164} 1155}
1165 1156
1166/* 1157/*
1158 * Initialise the rxkad security service.
1159 */
1160static int rxkad_init(void)
1161{
1162 /* pin the cipher we need so that the crypto layer doesn't invoke
1163 * keventd to go get it */
1164 rxkad_ci = crypto_alloc_skcipher("pcbc(fcrypt)", 0, CRYPTO_ALG_ASYNC);
1165 if (IS_ERR(rxkad_ci))
1166 return PTR_ERR(rxkad_ci);
1167 return 0;
1168}
1169
1170/*
1171 * Clean up the rxkad security service.
1172 */
1173static void rxkad_exit(void)
1174{
1175 if (rxkad_ci)
1176 crypto_free_skcipher(rxkad_ci);
1177}
1178
1179/*
1167 * RxRPC Kerberos-based security 1180 * RxRPC Kerberos-based security
1168 */ 1181 */
1169static struct rxrpc_security rxkad = { 1182const struct rxrpc_security rxkad = {
1170 .owner = THIS_MODULE,
1171 .name = "rxkad", 1183 .name = "rxkad",
1172 .security_index = RXRPC_SECURITY_RXKAD, 1184 .security_index = RXRPC_SECURITY_RXKAD,
1185 .init = rxkad_init,
1186 .exit = rxkad_exit,
1173 .init_connection_security = rxkad_init_connection_security, 1187 .init_connection_security = rxkad_init_connection_security,
1174 .prime_packet_security = rxkad_prime_packet_security, 1188 .prime_packet_security = rxkad_prime_packet_security,
1175 .secure_packet = rxkad_secure_packet, 1189 .secure_packet = rxkad_secure_packet,
@@ -1179,28 +1193,3 @@ static struct rxrpc_security rxkad = {
1179 .verify_response = rxkad_verify_response, 1193 .verify_response = rxkad_verify_response,
1180 .clear = rxkad_clear, 1194 .clear = rxkad_clear,
1181}; 1195};
1182
1183static __init int rxkad_init(void)
1184{
1185 _enter("");
1186
1187 /* pin the cipher we need so that the crypto layer doesn't invoke
1188 * keventd to go get it */
1189 rxkad_ci = crypto_alloc_skcipher("pcbc(fcrypt)", 0, CRYPTO_ALG_ASYNC);
1190 if (IS_ERR(rxkad_ci))
1191 return PTR_ERR(rxkad_ci);
1192
1193 return rxrpc_register_security(&rxkad);
1194}
1195
1196module_init(rxkad_init);
1197
1198static __exit void rxkad_exit(void)
1199{
1200 _enter("");
1201
1202 rxrpc_unregister_security(&rxkad);
1203 crypto_free_skcipher(rxkad_ci);
1204}
1205
1206module_exit(rxkad_exit);
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-30 23:33:01 -0400