1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org>
4 * Copyright (C) 2018 Samsung Electronics Co., Ltd.
5 */
6
7 #include <linux/freezer.h>
8
9 #include "smb_common.h"
10 #include "server.h"
11 #include "auth.h"
12 #include "connection.h"
13 #include "transport_tcp.h"
14
15 #define IFACE_STATE_DOWN BIT(0)
16 #define IFACE_STATE_CONFIGURED BIT(1)
17
18 static atomic_t active_num_conn;
19
20 struct interface {
21 struct task_struct *ksmbd_kthread;
22 struct socket *ksmbd_socket;
23 struct list_head entry;
24 char *name;
25 struct mutex sock_release_lock;
26 int state;
27 };
28
29 static LIST_HEAD(iface_list);
30
31 static int bind_additional_ifaces;
32
33 struct tcp_transport {
34 struct ksmbd_transport transport;
35 struct socket *sock;
36 struct kvec *iov;
37 unsigned int nr_iov;
38 };
39
40 static const struct ksmbd_transport_ops ksmbd_tcp_transport_ops;
41
42 static void tcp_stop_kthread(struct task_struct *kthread);
43 static struct interface *alloc_iface(char *ifname);
44
45 #define KSMBD_TRANS(t) (&(t)->transport)
46 #define TCP_TRANS(t) ((struct tcp_transport *)container_of(t, \
47 struct tcp_transport, transport))
48
ksmbd_tcp_nodelay(struct socket * sock)49 static inline void ksmbd_tcp_nodelay(struct socket *sock)
50 {
51 tcp_sock_set_nodelay(sock->sk);
52 }
53
ksmbd_tcp_reuseaddr(struct socket * sock)54 static inline void ksmbd_tcp_reuseaddr(struct socket *sock)
55 {
56 sock_set_reuseaddr(sock->sk);
57 }
58
ksmbd_tcp_rcv_timeout(struct socket * sock,s64 secs)59 static inline void ksmbd_tcp_rcv_timeout(struct socket *sock, s64 secs)
60 {
61 if (secs && secs < MAX_SCHEDULE_TIMEOUT / HZ - 1)
62 WRITE_ONCE(sock->sk->sk_rcvtimeo, secs * HZ);
63 else
64 WRITE_ONCE(sock->sk->sk_rcvtimeo, MAX_SCHEDULE_TIMEOUT);
65 }
66
ksmbd_tcp_snd_timeout(struct socket * sock,s64 secs)67 static inline void ksmbd_tcp_snd_timeout(struct socket *sock, s64 secs)
68 {
69 sock_set_sndtimeo(sock->sk, secs);
70 }
71
alloc_transport(struct socket * client_sk)72 static struct tcp_transport *alloc_transport(struct socket *client_sk)
73 {
74 struct tcp_transport *t;
75 struct ksmbd_conn *conn;
76
77 t = kzalloc(sizeof(*t), KSMBD_DEFAULT_GFP);
78 if (!t)
79 return NULL;
80 t->sock = client_sk;
81
82 conn = ksmbd_conn_alloc();
83 if (!conn) {
84 kfree(t);
85 return NULL;
86 }
87
88 conn->inet_addr = inet_sk(client_sk->sk)->inet_daddr;
89 conn->transport = KSMBD_TRANS(t);
90 KSMBD_TRANS(t)->conn = conn;
91 KSMBD_TRANS(t)->ops = &ksmbd_tcp_transport_ops;
92 return t;
93 }
94
ksmbd_tcp_free_transport(struct ksmbd_transport * kt)95 static void ksmbd_tcp_free_transport(struct ksmbd_transport *kt)
96 {
97 struct tcp_transport *t = TCP_TRANS(kt);
98
99 sock_release(t->sock);
100 kfree(t->iov);
101 kfree(t);
102 }
103
free_transport(struct tcp_transport * t)104 static void free_transport(struct tcp_transport *t)
105 {
106 kernel_sock_shutdown(t->sock, SHUT_RDWR);
107 ksmbd_conn_free(KSMBD_TRANS(t)->conn);
108 }
109
110 /**
111 * kvec_array_init() - initialize a IO vector segment
112 * @new: IO vector to be initialized
113 * @iov: base IO vector
114 * @nr_segs: number of segments in base iov
115 * @bytes: total iovec length so far for read
116 *
117 * Return: Number of IO segments
118 */
kvec_array_init(struct kvec * new,struct kvec * iov,unsigned int nr_segs,size_t bytes)119 static unsigned int kvec_array_init(struct kvec *new, struct kvec *iov,
120 unsigned int nr_segs, size_t bytes)
121 {
122 size_t base = 0;
123
124 while (bytes || !iov->iov_len) {
125 int copy = min(bytes, iov->iov_len);
126
127 bytes -= copy;
128 base += copy;
129 if (iov->iov_len == base) {
130 iov++;
131 nr_segs--;
132 base = 0;
133 }
134 }
135
136 memcpy(new, iov, sizeof(*iov) * nr_segs);
137 new->iov_base += base;
138 new->iov_len -= base;
139 return nr_segs;
140 }
141
142 /**
143 * get_conn_iovec() - get connection iovec for reading from socket
144 * @t: TCP transport instance
145 * @nr_segs: number of segments in iov
146 *
147 * Return: return existing or newly allocate iovec
148 */
get_conn_iovec(struct tcp_transport * t,unsigned int nr_segs)149 static struct kvec *get_conn_iovec(struct tcp_transport *t, unsigned int nr_segs)
150 {
151 struct kvec *new_iov;
152
153 if (t->iov && nr_segs <= t->nr_iov)
154 return t->iov;
155
156 /* not big enough -- allocate a new one and release the old */
157 new_iov = kmalloc_array(nr_segs, sizeof(*new_iov), KSMBD_DEFAULT_GFP);
158 if (new_iov) {
159 kfree(t->iov);
160 t->iov = new_iov;
161 t->nr_iov = nr_segs;
162 }
163 return new_iov;
164 }
165
ksmbd_tcp_get_port(const struct sockaddr * sa)166 static unsigned short ksmbd_tcp_get_port(const struct sockaddr *sa)
167 {
168 switch (sa->sa_family) {
169 case AF_INET:
170 return ntohs(((struct sockaddr_in *)sa)->sin_port);
171 case AF_INET6:
172 return ntohs(((struct sockaddr_in6 *)sa)->sin6_port);
173 }
174 return 0;
175 }
176
177 /**
178 * ksmbd_tcp_new_connection() - create a new tcp session on mount
179 * @client_sk: socket associated with new connection
180 *
181 * whenever a new connection is requested, create a conn thread
182 * (session thread) to handle new incoming smb requests from the connection
183 *
184 * Return: 0 on success, otherwise error
185 */
ksmbd_tcp_new_connection(struct socket * client_sk)186 static int ksmbd_tcp_new_connection(struct socket *client_sk)
187 {
188 struct sockaddr *csin;
189 int rc = 0;
190 struct tcp_transport *t;
191 struct task_struct *handler;
192
193 t = alloc_transport(client_sk);
194 if (!t) {
195 sock_release(client_sk);
196 return -ENOMEM;
197 }
198
199 csin = KSMBD_TCP_PEER_SOCKADDR(KSMBD_TRANS(t)->conn);
200 if (kernel_getpeername(client_sk, csin) < 0) {
201 pr_err("client ip resolution failed\n");
202 rc = -EINVAL;
203 goto out_error;
204 }
205
206 handler = kthread_run(ksmbd_conn_handler_loop,
207 KSMBD_TRANS(t)->conn,
208 "ksmbd:%u",
209 ksmbd_tcp_get_port(csin));
210 if (IS_ERR(handler)) {
211 pr_err("cannot start conn thread\n");
212 rc = PTR_ERR(handler);
213 free_transport(t);
214 }
215 return rc;
216
217 out_error:
218 free_transport(t);
219 return rc;
220 }
221
222 /**
223 * ksmbd_kthread_fn() - listen to new SMB connections and callback server
224 * @p: arguments to forker thread
225 *
226 * Return: 0 on success, error number otherwise
227 */
ksmbd_kthread_fn(void * p)228 static int ksmbd_kthread_fn(void *p)
229 {
230 struct socket *client_sk = NULL;
231 struct interface *iface = (struct interface *)p;
232 struct inet_sock *csk_inet;
233 struct ksmbd_conn *conn;
234 int ret;
235
236 while (!kthread_should_stop()) {
237 mutex_lock(&iface->sock_release_lock);
238 if (!iface->ksmbd_socket) {
239 mutex_unlock(&iface->sock_release_lock);
240 break;
241 }
242 ret = kernel_accept(iface->ksmbd_socket, &client_sk,
243 SOCK_NONBLOCK);
244 mutex_unlock(&iface->sock_release_lock);
245 if (ret) {
246 if (ret == -EAGAIN)
247 /* check for new connections every 100 msecs */
248 schedule_timeout_interruptible(HZ / 10);
249 continue;
250 }
251
252 /*
253 * Limits repeated connections from clients with the same IP.
254 */
255 csk_inet = inet_sk(client_sk->sk);
256 down_read(&conn_list_lock);
257 list_for_each_entry(conn, &conn_list, conns_list)
258 if (csk_inet->inet_daddr == conn->inet_addr) {
259 ret = -EAGAIN;
260 break;
261 }
262 up_read(&conn_list_lock);
263 if (ret == -EAGAIN)
264 continue;
265
266 if (server_conf.max_connections &&
267 atomic_inc_return(&active_num_conn) >= server_conf.max_connections) {
268 pr_info_ratelimited("Limit the maximum number of connections(%u)\n",
269 atomic_read(&active_num_conn));
270 atomic_dec(&active_num_conn);
271 sock_release(client_sk);
272 continue;
273 }
274
275 ksmbd_debug(CONN, "connect success: accepted new connection\n");
276 client_sk->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT;
277 client_sk->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT;
278
279 ksmbd_tcp_new_connection(client_sk);
280 }
281
282 ksmbd_debug(CONN, "releasing socket\n");
283 return 0;
284 }
285
286 /**
287 * ksmbd_tcp_run_kthread() - start forker thread
288 * @iface: pointer to struct interface
289 *
290 * start forker thread(ksmbd/0) at module init time to listen
291 * on port 445 for new SMB connection requests. It creates per connection
292 * server threads(ksmbd/x)
293 *
294 * Return: 0 on success or error number
295 */
ksmbd_tcp_run_kthread(struct interface * iface)296 static int ksmbd_tcp_run_kthread(struct interface *iface)
297 {
298 int rc;
299 struct task_struct *kthread;
300
301 kthread = kthread_run(ksmbd_kthread_fn, (void *)iface, "ksmbd-%s",
302 iface->name);
303 if (IS_ERR(kthread)) {
304 rc = PTR_ERR(kthread);
305 return rc;
306 }
307 iface->ksmbd_kthread = kthread;
308
309 return 0;
310 }
311
312 /**
313 * ksmbd_tcp_readv() - read data from socket in given iovec
314 * @t: TCP transport instance
315 * @iov_orig: base IO vector
316 * @nr_segs: number of segments in base iov
317 * @to_read: number of bytes to read from socket
318 * @max_retries: maximum retry count
319 *
320 * Return: on success return number of bytes read from socket,
321 * otherwise return error number
322 */
ksmbd_tcp_readv(struct tcp_transport * t,struct kvec * iov_orig,unsigned int nr_segs,unsigned int to_read,int max_retries)323 static int ksmbd_tcp_readv(struct tcp_transport *t, struct kvec *iov_orig,
324 unsigned int nr_segs, unsigned int to_read,
325 int max_retries)
326 {
327 int length = 0;
328 int total_read;
329 unsigned int segs;
330 struct msghdr ksmbd_msg;
331 struct kvec *iov;
332 struct ksmbd_conn *conn = KSMBD_TRANS(t)->conn;
333
334 iov = get_conn_iovec(t, nr_segs);
335 if (!iov)
336 return -ENOMEM;
337
338 ksmbd_msg.msg_control = NULL;
339 ksmbd_msg.msg_controllen = 0;
340
341 for (total_read = 0; to_read; total_read += length, to_read -= length) {
342 try_to_freeze();
343
344 if (!ksmbd_conn_alive(conn)) {
345 total_read = -ESHUTDOWN;
346 break;
347 }
348 segs = kvec_array_init(iov, iov_orig, nr_segs, total_read);
349
350 length = kernel_recvmsg(t->sock, &ksmbd_msg,
351 iov, segs, to_read, 0);
352
353 if (length == -EINTR) {
354 total_read = -ESHUTDOWN;
355 break;
356 } else if (ksmbd_conn_need_reconnect(conn)) {
357 total_read = -EAGAIN;
358 break;
359 } else if (length == -ERESTARTSYS || length == -EAGAIN) {
360 /*
361 * If max_retries is negative, Allow unlimited
362 * retries to keep connection with inactive sessions.
363 */
364 if (max_retries == 0) {
365 total_read = length;
366 break;
367 } else if (max_retries > 0) {
368 max_retries--;
369 }
370
371 usleep_range(1000, 2000);
372 length = 0;
373 continue;
374 } else if (length <= 0) {
375 total_read = length;
376 break;
377 }
378 }
379 return total_read;
380 }
381
382 /**
383 * ksmbd_tcp_read() - read data from socket in given buffer
384 * @t: TCP transport instance
385 * @buf: buffer to store read data from socket
386 * @to_read: number of bytes to read from socket
387 * @max_retries: number of retries if reading from socket fails
388 *
389 * Return: on success return number of bytes read from socket,
390 * otherwise return error number
391 */
ksmbd_tcp_read(struct ksmbd_transport * t,char * buf,unsigned int to_read,int max_retries)392 static int ksmbd_tcp_read(struct ksmbd_transport *t, char *buf,
393 unsigned int to_read, int max_retries)
394 {
395 struct kvec iov;
396
397 iov.iov_base = buf;
398 iov.iov_len = to_read;
399
400 return ksmbd_tcp_readv(TCP_TRANS(t), &iov, 1, to_read, max_retries);
401 }
402
ksmbd_tcp_writev(struct ksmbd_transport * t,struct kvec * iov,int nvecs,int size,bool need_invalidate,unsigned int remote_key)403 static int ksmbd_tcp_writev(struct ksmbd_transport *t, struct kvec *iov,
404 int nvecs, int size, bool need_invalidate,
405 unsigned int remote_key)
406
407 {
408 struct msghdr smb_msg = {.msg_flags = MSG_NOSIGNAL};
409
410 return kernel_sendmsg(TCP_TRANS(t)->sock, &smb_msg, iov, nvecs, size);
411 }
412
ksmbd_tcp_disconnect(struct ksmbd_transport * t)413 static void ksmbd_tcp_disconnect(struct ksmbd_transport *t)
414 {
415 free_transport(TCP_TRANS(t));
416 if (server_conf.max_connections)
417 atomic_dec(&active_num_conn);
418 }
419
tcp_destroy_socket(struct socket * ksmbd_socket)420 static void tcp_destroy_socket(struct socket *ksmbd_socket)
421 {
422 int ret;
423
424 if (!ksmbd_socket)
425 return;
426
427 /* set zero to timeout */
428 ksmbd_tcp_rcv_timeout(ksmbd_socket, 0);
429 ksmbd_tcp_snd_timeout(ksmbd_socket, 0);
430
431 ret = kernel_sock_shutdown(ksmbd_socket, SHUT_RDWR);
432 if (ret)
433 pr_err("Failed to shutdown socket: %d\n", ret);
434 sock_release(ksmbd_socket);
435 }
436
437 /**
438 * create_socket - create socket for ksmbd/0
439 * @iface: interface to bind the created socket to
440 *
441 * Return: 0 on success, error number otherwise
442 */
create_socket(struct interface * iface)443 static int create_socket(struct interface *iface)
444 {
445 int ret;
446 struct sockaddr_in6 sin6;
447 struct sockaddr_in sin;
448 struct socket *ksmbd_socket;
449 bool ipv4 = false;
450
451 ret = sock_create(PF_INET6, SOCK_STREAM, IPPROTO_TCP, &ksmbd_socket);
452 if (ret) {
453 if (ret != -EAFNOSUPPORT)
454 pr_err("Can't create socket for ipv6, fallback to ipv4: %d\n", ret);
455 ret = sock_create(PF_INET, SOCK_STREAM, IPPROTO_TCP,
456 &ksmbd_socket);
457 if (ret) {
458 pr_err("Can't create socket for ipv4: %d\n", ret);
459 goto out_clear;
460 }
461
462 sin.sin_family = PF_INET;
463 sin.sin_addr.s_addr = htonl(INADDR_ANY);
464 sin.sin_port = htons(server_conf.tcp_port);
465 ipv4 = true;
466 } else {
467 sin6.sin6_family = PF_INET6;
468 sin6.sin6_addr = in6addr_any;
469 sin6.sin6_port = htons(server_conf.tcp_port);
470
471 lock_sock(ksmbd_socket->sk);
472 ksmbd_socket->sk->sk_ipv6only = false;
473 release_sock(ksmbd_socket->sk);
474 }
475
476 ksmbd_tcp_nodelay(ksmbd_socket);
477 ksmbd_tcp_reuseaddr(ksmbd_socket);
478
479 ret = sock_setsockopt(ksmbd_socket,
480 SOL_SOCKET,
481 SO_BINDTODEVICE,
482 KERNEL_SOCKPTR(iface->name),
483 strlen(iface->name));
484 if (ret != -ENODEV && ret < 0) {
485 pr_err("Failed to set SO_BINDTODEVICE: %d\n", ret);
486 goto out_error;
487 }
488
489 if (ipv4)
490 ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin,
491 sizeof(sin));
492 else
493 ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin6,
494 sizeof(sin6));
495 if (ret) {
496 pr_err("Failed to bind socket: %d\n", ret);
497 goto out_error;
498 }
499
500 ksmbd_socket->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT;
501 ksmbd_socket->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT;
502
503 ret = kernel_listen(ksmbd_socket, KSMBD_SOCKET_BACKLOG);
504 if (ret) {
505 pr_err("Port listen() error: %d\n", ret);
506 goto out_error;
507 }
508
509 iface->ksmbd_socket = ksmbd_socket;
510 ret = ksmbd_tcp_run_kthread(iface);
511 if (ret) {
512 pr_err("Can't start ksmbd main kthread: %d\n", ret);
513 goto out_error;
514 }
515 iface->state = IFACE_STATE_CONFIGURED;
516
517 return 0;
518
519 out_error:
520 tcp_destroy_socket(ksmbd_socket);
521 out_clear:
522 iface->ksmbd_socket = NULL;
523 return ret;
524 }
525
ksmbd_find_netdev_name_iface_list(char * netdev_name)526 struct interface *ksmbd_find_netdev_name_iface_list(char *netdev_name)
527 {
528 struct interface *iface;
529
530 list_for_each_entry(iface, &iface_list, entry)
531 if (!strcmp(iface->name, netdev_name))
532 return iface;
533 return NULL;
534 }
535
ksmbd_netdev_event(struct notifier_block * nb,unsigned long event,void * ptr)536 static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event,
537 void *ptr)
538 {
539 struct net_device *netdev = netdev_notifier_info_to_dev(ptr);
540 struct interface *iface;
541 int ret;
542
543 switch (event) {
544 case NETDEV_UP:
545 if (netif_is_bridge_port(netdev))
546 return NOTIFY_OK;
547
548 iface = ksmbd_find_netdev_name_iface_list(netdev->name);
549 if (iface && iface->state == IFACE_STATE_DOWN) {
550 ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n",
551 iface->name);
552 ret = create_socket(iface);
553 if (ret)
554 return NOTIFY_OK;
555 }
556 if (!iface && bind_additional_ifaces) {
557 iface = alloc_iface(kstrdup(netdev->name, KSMBD_DEFAULT_GFP));
558 if (!iface)
559 return NOTIFY_OK;
560 ksmbd_debug(CONN, "netdev-up event: netdev(%s) is going up\n",
561 iface->name);
562 ret = create_socket(iface);
563 if (ret)
564 break;
565 }
566 break;
567 case NETDEV_DOWN:
568 iface = ksmbd_find_netdev_name_iface_list(netdev->name);
569 if (iface && iface->state == IFACE_STATE_CONFIGURED) {
570 ksmbd_debug(CONN, "netdev-down event: netdev(%s) is going down\n",
571 iface->name);
572 tcp_stop_kthread(iface->ksmbd_kthread);
573 iface->ksmbd_kthread = NULL;
574 mutex_lock(&iface->sock_release_lock);
575 tcp_destroy_socket(iface->ksmbd_socket);
576 iface->ksmbd_socket = NULL;
577 mutex_unlock(&iface->sock_release_lock);
578
579 iface->state = IFACE_STATE_DOWN;
580 break;
581 }
582 break;
583 }
584
585 return NOTIFY_DONE;
586 }
587
588 static struct notifier_block ksmbd_netdev_notifier = {
589 .notifier_call = ksmbd_netdev_event,
590 };
591
ksmbd_tcp_init(void)592 int ksmbd_tcp_init(void)
593 {
594 register_netdevice_notifier(&ksmbd_netdev_notifier);
595
596 return 0;
597 }
598
tcp_stop_kthread(struct task_struct * kthread)599 static void tcp_stop_kthread(struct task_struct *kthread)
600 {
601 int ret;
602
603 if (!kthread)
604 return;
605
606 ret = kthread_stop(kthread);
607 if (ret)
608 pr_err("failed to stop forker thread\n");
609 }
610
ksmbd_tcp_destroy(void)611 void ksmbd_tcp_destroy(void)
612 {
613 struct interface *iface, *tmp;
614
615 unregister_netdevice_notifier(&ksmbd_netdev_notifier);
616
617 list_for_each_entry_safe(iface, tmp, &iface_list, entry) {
618 list_del(&iface->entry);
619 kfree(iface->name);
620 kfree(iface);
621 }
622 }
623
alloc_iface(char * ifname)624 static struct interface *alloc_iface(char *ifname)
625 {
626 struct interface *iface;
627
628 if (!ifname)
629 return NULL;
630
631 iface = kzalloc(sizeof(struct interface), KSMBD_DEFAULT_GFP);
632 if (!iface) {
633 kfree(ifname);
634 return NULL;
635 }
636
637 iface->name = ifname;
638 iface->state = IFACE_STATE_DOWN;
639 list_add(&iface->entry, &iface_list);
640 mutex_init(&iface->sock_release_lock);
641 return iface;
642 }
643
ksmbd_tcp_set_interfaces(char * ifc_list,int ifc_list_sz)644 int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz)
645 {
646 int sz = 0;
647
648 if (!ifc_list_sz) {
649 bind_additional_ifaces = 1;
650 return 0;
651 }
652
653 while (ifc_list_sz > 0) {
654 if (!alloc_iface(kstrdup(ifc_list, KSMBD_DEFAULT_GFP)))
655 return -ENOMEM;
656
657 sz = strlen(ifc_list);
658 if (!sz)
659 break;
660
661 ifc_list += sz + 1;
662 ifc_list_sz -= (sz + 1);
663 }
664
665 bind_additional_ifaces = 0;
666
667 return 0;
668 }
669
670 static const struct ksmbd_transport_ops ksmbd_tcp_transport_ops = {
671 .read = ksmbd_tcp_read,
672 .writev = ksmbd_tcp_writev,
673 .disconnect = ksmbd_tcp_disconnect,
674 .free_transport = ksmbd_tcp_free_transport,
675 };
676