1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org>
4 * Copyright (C) 2018 Samsung Electronics Co., Ltd.
5 */
6
7 #include <linux/freezer.h>
8
9 #include "smb_common.h"
10 #include "server.h"
11 #include "auth.h"
12 #include "connection.h"
13 #include "transport_tcp.h"
14
15 #define IFACE_STATE_DOWN BIT(0)
16 #define IFACE_STATE_CONFIGURED BIT(1)
17
18 static atomic_t active_num_conn;
19
20 struct interface {
21 struct task_struct *ksmbd_kthread;
22 struct socket *ksmbd_socket;
23 struct list_head entry;
24 char *name;
25 struct mutex sock_release_lock;
26 int state;
27 };
28
29 static LIST_HEAD(iface_list);
30
31 static int bind_additional_ifaces;
32
33 struct tcp_transport {
34 struct ksmbd_transport transport;
35 struct socket *sock;
36 struct kvec *iov;
37 unsigned int nr_iov;
38 };
39
40 static struct ksmbd_transport_ops ksmbd_tcp_transport_ops;
41
42 static void tcp_stop_kthread(struct task_struct *kthread);
43 static struct interface *alloc_iface(char *ifname);
44
45 #define KSMBD_TRANS(t) (&(t)->transport)
46 #define TCP_TRANS(t) ((struct tcp_transport *)container_of(t, \
47 struct tcp_transport, transport))
48
ksmbd_tcp_nodelay(struct socket * sock)49 static inline void ksmbd_tcp_nodelay(struct socket *sock)
50 {
51 tcp_sock_set_nodelay(sock->sk);
52 }
53
ksmbd_tcp_reuseaddr(struct socket * sock)54 static inline void ksmbd_tcp_reuseaddr(struct socket *sock)
55 {
56 sock_set_reuseaddr(sock->sk);
57 }
58
ksmbd_tcp_rcv_timeout(struct socket * sock,s64 secs)59 static inline void ksmbd_tcp_rcv_timeout(struct socket *sock, s64 secs)
60 {
61 lock_sock(sock->sk);
62 if (secs && secs < MAX_SCHEDULE_TIMEOUT / HZ - 1)
63 sock->sk->sk_rcvtimeo = secs * HZ;
64 else
65 sock->sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT;
66 release_sock(sock->sk);
67 }
68
ksmbd_tcp_snd_timeout(struct socket * sock,s64 secs)69 static inline void ksmbd_tcp_snd_timeout(struct socket *sock, s64 secs)
70 {
71 sock_set_sndtimeo(sock->sk, secs);
72 }
73
alloc_transport(struct socket * client_sk)74 static struct tcp_transport *alloc_transport(struct socket *client_sk)
75 {
76 struct tcp_transport *t;
77 struct ksmbd_conn *conn;
78
79 t = kzalloc(sizeof(*t), GFP_KERNEL);
80 if (!t)
81 return NULL;
82 t->sock = client_sk;
83
84 conn = ksmbd_conn_alloc();
85 if (!conn) {
86 kfree(t);
87 return NULL;
88 }
89
90 conn->transport = KSMBD_TRANS(t);
91 KSMBD_TRANS(t)->conn = conn;
92 KSMBD_TRANS(t)->ops = &ksmbd_tcp_transport_ops;
93 return t;
94 }
95
free_transport(struct tcp_transport * t)96 static void free_transport(struct tcp_transport *t)
97 {
98 kernel_sock_shutdown(t->sock, SHUT_RDWR);
99 sock_release(t->sock);
100 t->sock = NULL;
101
102 ksmbd_conn_free(KSMBD_TRANS(t)->conn);
103 kfree(t->iov);
104 kfree(t);
105 }
106
107 /**
108 * kvec_array_init() - initialize a IO vector segment
109 * @new: IO vector to be initialized
110 * @iov: base IO vector
111 * @nr_segs: number of segments in base iov
112 * @bytes: total iovec length so far for read
113 *
114 * Return: Number of IO segments
115 */
kvec_array_init(struct kvec * new,struct kvec * iov,unsigned int nr_segs,size_t bytes)116 static unsigned int kvec_array_init(struct kvec *new, struct kvec *iov,
117 unsigned int nr_segs, size_t bytes)
118 {
119 size_t base = 0;
120
121 while (bytes || !iov->iov_len) {
122 int copy = min(bytes, iov->iov_len);
123
124 bytes -= copy;
125 base += copy;
126 if (iov->iov_len == base) {
127 iov++;
128 nr_segs--;
129 base = 0;
130 }
131 }
132
133 memcpy(new, iov, sizeof(*iov) * nr_segs);
134 new->iov_base += base;
135 new->iov_len -= base;
136 return nr_segs;
137 }
138
139 /**
140 * get_conn_iovec() - get connection iovec for reading from socket
141 * @t: TCP transport instance
142 * @nr_segs: number of segments in iov
143 *
144 * Return: return existing or newly allocate iovec
145 */
get_conn_iovec(struct tcp_transport * t,unsigned int nr_segs)146 static struct kvec *get_conn_iovec(struct tcp_transport *t, unsigned int nr_segs)
147 {
148 struct kvec *new_iov;
149
150 if (t->iov && nr_segs <= t->nr_iov)
151 return t->iov;
152
153 /* not big enough -- allocate a new one and release the old */
154 new_iov = kmalloc_array(nr_segs, sizeof(*new_iov), GFP_KERNEL);
155 if (new_iov) {
156 kfree(t->iov);
157 t->iov = new_iov;
158 t->nr_iov = nr_segs;
159 }
160 return new_iov;
161 }
162
ksmbd_tcp_get_port(const struct sockaddr * sa)163 static unsigned short ksmbd_tcp_get_port(const struct sockaddr *sa)
164 {
165 switch (sa->sa_family) {
166 case AF_INET:
167 return ntohs(((struct sockaddr_in *)sa)->sin_port);
168 case AF_INET6:
169 return ntohs(((struct sockaddr_in6 *)sa)->sin6_port);
170 }
171 return 0;
172 }
173
174 /**
175 * ksmbd_tcp_new_connection() - create a new tcp session on mount
176 * @client_sk: socket associated with new connection
177 *
178 * whenever a new connection is requested, create a conn thread
179 * (session thread) to handle new incoming smb requests from the connection
180 *
181 * Return: 0 on success, otherwise error
182 */
ksmbd_tcp_new_connection(struct socket * client_sk)183 static int ksmbd_tcp_new_connection(struct socket *client_sk)
184 {
185 struct sockaddr *csin;
186 int rc = 0;
187 struct tcp_transport *t;
188 struct task_struct *handler;
189
190 t = alloc_transport(client_sk);
191 if (!t) {
192 sock_release(client_sk);
193 return -ENOMEM;
194 }
195
196 csin = KSMBD_TCP_PEER_SOCKADDR(KSMBD_TRANS(t)->conn);
197 if (kernel_getpeername(client_sk, csin) < 0) {
198 pr_err("client ip resolution failed\n");
199 rc = -EINVAL;
200 goto out_error;
201 }
202
203 handler = kthread_run(ksmbd_conn_handler_loop,
204 KSMBD_TRANS(t)->conn,
205 "ksmbd:%u",
206 ksmbd_tcp_get_port(csin));
207 if (IS_ERR(handler)) {
208 pr_err("cannot start conn thread\n");
209 rc = PTR_ERR(handler);
210 free_transport(t);
211 }
212 return rc;
213
214 out_error:
215 free_transport(t);
216 return rc;
217 }
218
219 /**
220 * ksmbd_kthread_fn() - listen to new SMB connections and callback server
221 * @p: arguments to forker thread
222 *
223 * Return: 0 on success, error number otherwise
224 */
ksmbd_kthread_fn(void * p)225 static int ksmbd_kthread_fn(void *p)
226 {
227 struct socket *client_sk = NULL;
228 struct interface *iface = (struct interface *)p;
229 int ret;
230
231 while (!kthread_should_stop()) {
232 mutex_lock(&iface->sock_release_lock);
233 if (!iface->ksmbd_socket) {
234 mutex_unlock(&iface->sock_release_lock);
235 break;
236 }
237 ret = kernel_accept(iface->ksmbd_socket, &client_sk,
238 SOCK_NONBLOCK);
239 mutex_unlock(&iface->sock_release_lock);
240 if (ret) {
241 if (ret == -EAGAIN)
242 /* check for new connections every 100 msecs */
243 schedule_timeout_interruptible(HZ / 10);
244 continue;
245 }
246
247 if (server_conf.max_connections &&
248 atomic_inc_return(&active_num_conn) >= server_conf.max_connections) {
249 pr_info_ratelimited("Limit the maximum number of connections(%u)\n",
250 atomic_read(&active_num_conn));
251 atomic_dec(&active_num_conn);
252 sock_release(client_sk);
253 continue;
254 }
255
256 ksmbd_debug(CONN, "connect success: accepted new connection\n");
257 client_sk->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT;
258 client_sk->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT;
259
260 ksmbd_tcp_new_connection(client_sk);
261 }
262
263 ksmbd_debug(CONN, "releasing socket\n");
264 return 0;
265 }
266
267 /**
268 * ksmbd_tcp_run_kthread() - start forker thread
269 * @iface: pointer to struct interface
270 *
271 * start forker thread(ksmbd/0) at module init time to listen
272 * on port 445 for new SMB connection requests. It creates per connection
273 * server threads(ksmbd/x)
274 *
275 * Return: 0 on success or error number
276 */
ksmbd_tcp_run_kthread(struct interface * iface)277 static int ksmbd_tcp_run_kthread(struct interface *iface)
278 {
279 int rc;
280 struct task_struct *kthread;
281
282 kthread = kthread_run(ksmbd_kthread_fn, (void *)iface, "ksmbd-%s",
283 iface->name);
284 if (IS_ERR(kthread)) {
285 rc = PTR_ERR(kthread);
286 return rc;
287 }
288 iface->ksmbd_kthread = kthread;
289
290 return 0;
291 }
292
293 /**
294 * ksmbd_tcp_readv() - read data from socket in given iovec
295 * @t: TCP transport instance
296 * @iov_orig: base IO vector
297 * @nr_segs: number of segments in base iov
298 * @to_read: number of bytes to read from socket
299 * @max_retries: maximum retry count
300 *
301 * Return: on success return number of bytes read from socket,
302 * otherwise return error number
303 */
ksmbd_tcp_readv(struct tcp_transport * t,struct kvec * iov_orig,unsigned int nr_segs,unsigned int to_read,int max_retries)304 static int ksmbd_tcp_readv(struct tcp_transport *t, struct kvec *iov_orig,
305 unsigned int nr_segs, unsigned int to_read,
306 int max_retries)
307 {
308 int length = 0;
309 int total_read;
310 unsigned int segs;
311 struct msghdr ksmbd_msg;
312 struct kvec *iov;
313 struct ksmbd_conn *conn = KSMBD_TRANS(t)->conn;
314
315 iov = get_conn_iovec(t, nr_segs);
316 if (!iov)
317 return -ENOMEM;
318
319 ksmbd_msg.msg_control = NULL;
320 ksmbd_msg.msg_controllen = 0;
321
322 for (total_read = 0; to_read; total_read += length, to_read -= length) {
323 try_to_freeze();
324
325 if (!ksmbd_conn_alive(conn)) {
326 total_read = -ESHUTDOWN;
327 break;
328 }
329 segs = kvec_array_init(iov, iov_orig, nr_segs, total_read);
330
331 length = kernel_recvmsg(t->sock, &ksmbd_msg,
332 iov, segs, to_read, 0);
333
334 if (length == -EINTR) {
335 total_read = -ESHUTDOWN;
336 break;
337 } else if (ksmbd_conn_need_reconnect(conn)) {
338 total_read = -EAGAIN;
339 break;
340 } else if (length == -ERESTARTSYS || length == -EAGAIN) {
341 /*
342 * If max_retries is negative, Allow unlimited
343 * retries to keep connection with inactive sessions.
344 */
345 if (max_retries == 0) {
346 total_read = length;
347 break;
348 } else if (max_retries > 0) {
349 max_retries--;
350 }
351
352 usleep_range(1000, 2000);
353 length = 0;
354 continue;
355 } else if (length <= 0) {
356 total_read = length;
357 break;
358 }
359 }
360 return total_read;
361 }
362
363 /**
364 * ksmbd_tcp_read() - read data from socket in given buffer
365 * @t: TCP transport instance
366 * @buf: buffer to store read data from socket
367 * @to_read: number of bytes to read from socket
368 *
369 * Return: on success return number of bytes read from socket,
370 * otherwise return error number
371 */
ksmbd_tcp_read(struct ksmbd_transport * t,char * buf,unsigned int to_read,int max_retries)372 static int ksmbd_tcp_read(struct ksmbd_transport *t, char *buf,
373 unsigned int to_read, int max_retries)
374 {
375 struct kvec iov;
376
377 iov.iov_base = buf;
378 iov.iov_len = to_read;
379
380 return ksmbd_tcp_readv(TCP_TRANS(t), &iov, 1, to_read, max_retries);
381 }
382
ksmbd_tcp_writev(struct ksmbd_transport * t,struct kvec * iov,int nvecs,int size,bool need_invalidate,unsigned int remote_key)383 static int ksmbd_tcp_writev(struct ksmbd_transport *t, struct kvec *iov,
384 int nvecs, int size, bool need_invalidate,
385 unsigned int remote_key)
386
387 {
388 struct msghdr smb_msg = {.msg_flags = MSG_NOSIGNAL};
389
390 return kernel_sendmsg(TCP_TRANS(t)->sock, &smb_msg, iov, nvecs, size);
391 }
392
ksmbd_tcp_disconnect(struct ksmbd_transport * t)393 static void ksmbd_tcp_disconnect(struct ksmbd_transport *t)
394 {
395 free_transport(TCP_TRANS(t));
396 if (server_conf.max_connections)
397 atomic_dec(&active_num_conn);
398 }
399
tcp_destroy_socket(struct socket * ksmbd_socket)400 static void tcp_destroy_socket(struct socket *ksmbd_socket)
401 {
402 int ret;
403
404 if (!ksmbd_socket)
405 return;
406
407 /* set zero to timeout */
408 ksmbd_tcp_rcv_timeout(ksmbd_socket, 0);
409 ksmbd_tcp_snd_timeout(ksmbd_socket, 0);
410
411 ret = kernel_sock_shutdown(ksmbd_socket, SHUT_RDWR);
412 if (ret)
413 pr_err("Failed to shutdown socket: %d\n", ret);
414 sock_release(ksmbd_socket);
415 }
416
417 /**
418 * create_socket - create socket for ksmbd/0
419 *
420 * Return: 0 on success, error number otherwise
421 */
create_socket(struct interface * iface)422 static int create_socket(struct interface *iface)
423 {
424 int ret;
425 struct sockaddr_in6 sin6;
426 struct sockaddr_in sin;
427 struct socket *ksmbd_socket;
428 bool ipv4 = false;
429
430 ret = sock_create(PF_INET6, SOCK_STREAM, IPPROTO_TCP, &ksmbd_socket);
431 if (ret) {
432 if (ret != -EAFNOSUPPORT)
433 pr_err("Can't create socket for ipv6, fallback to ipv4: %d\n", ret);
434 ret = sock_create(PF_INET, SOCK_STREAM, IPPROTO_TCP,
435 &ksmbd_socket);
436 if (ret) {
437 pr_err("Can't create socket for ipv4: %d\n", ret);
438 goto out_clear;
439 }
440
441 sin.sin_family = PF_INET;
442 sin.sin_addr.s_addr = htonl(INADDR_ANY);
443 sin.sin_port = htons(server_conf.tcp_port);
444 ipv4 = true;
445 } else {
446 sin6.sin6_family = PF_INET6;
447 sin6.sin6_addr = in6addr_any;
448 sin6.sin6_port = htons(server_conf.tcp_port);
449 }
450
451 ksmbd_tcp_nodelay(ksmbd_socket);
452 ksmbd_tcp_reuseaddr(ksmbd_socket);
453
454 ret = sock_setsockopt(ksmbd_socket,
455 SOL_SOCKET,
456 SO_BINDTODEVICE,
457 KERNEL_SOCKPTR(iface->name),
458 strlen(iface->name));
459 if (ret != -ENODEV && ret < 0) {
460 pr_err("Failed to set SO_BINDTODEVICE: %d\n", ret);
461 goto out_error;
462 }
463
464 if (ipv4)
465 ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin,
466 sizeof(sin));
467 else
468 ret = kernel_bind(ksmbd_socket, (struct sockaddr *)&sin6,
469 sizeof(sin6));
470 if (ret) {
471 pr_err("Failed to bind socket: %d\n", ret);
472 goto out_error;
473 }
474
475 ksmbd_socket->sk->sk_rcvtimeo = KSMBD_TCP_RECV_TIMEOUT;
476 ksmbd_socket->sk->sk_sndtimeo = KSMBD_TCP_SEND_TIMEOUT;
477
478 ret = kernel_listen(ksmbd_socket, KSMBD_SOCKET_BACKLOG);
479 if (ret) {
480 pr_err("Port listen() error: %d\n", ret);
481 goto out_error;
482 }
483
484 iface->ksmbd_socket = ksmbd_socket;
485 ret = ksmbd_tcp_run_kthread(iface);
486 if (ret) {
487 pr_err("Can't start ksmbd main kthread: %d\n", ret);
488 goto out_error;
489 }
490 iface->state = IFACE_STATE_CONFIGURED;
491
492 return 0;
493
494 out_error:
495 tcp_destroy_socket(ksmbd_socket);
496 out_clear:
497 iface->ksmbd_socket = NULL;
498 return ret;
499 }
500
ksmbd_netdev_event(struct notifier_block * nb,unsigned long event,void * ptr)501 static int ksmbd_netdev_event(struct notifier_block *nb, unsigned long event,
502 void *ptr)
503 {
504 struct net_device *netdev = netdev_notifier_info_to_dev(ptr);
505 struct interface *iface;
506 int ret, found = 0;
507
508 switch (event) {
509 case NETDEV_UP:
510 if (netif_is_bridge_port(netdev))
511 return NOTIFY_OK;
512
513 list_for_each_entry(iface, &iface_list, entry) {
514 if (!strcmp(iface->name, netdev->name)) {
515 found = 1;
516 if (iface->state != IFACE_STATE_DOWN)
517 break;
518 ret = create_socket(iface);
519 if (ret)
520 return NOTIFY_OK;
521 break;
522 }
523 }
524 if (!found && bind_additional_ifaces) {
525 iface = alloc_iface(kstrdup(netdev->name, GFP_KERNEL));
526 if (!iface)
527 return NOTIFY_OK;
528 ret = create_socket(iface);
529 if (ret)
530 break;
531 }
532 break;
533 case NETDEV_DOWN:
534 list_for_each_entry(iface, &iface_list, entry) {
535 if (!strcmp(iface->name, netdev->name) &&
536 iface->state == IFACE_STATE_CONFIGURED) {
537 tcp_stop_kthread(iface->ksmbd_kthread);
538 iface->ksmbd_kthread = NULL;
539 mutex_lock(&iface->sock_release_lock);
540 tcp_destroy_socket(iface->ksmbd_socket);
541 iface->ksmbd_socket = NULL;
542 mutex_unlock(&iface->sock_release_lock);
543
544 iface->state = IFACE_STATE_DOWN;
545 break;
546 }
547 }
548 break;
549 }
550
551 return NOTIFY_DONE;
552 }
553
554 static struct notifier_block ksmbd_netdev_notifier = {
555 .notifier_call = ksmbd_netdev_event,
556 };
557
ksmbd_tcp_init(void)558 int ksmbd_tcp_init(void)
559 {
560 register_netdevice_notifier(&ksmbd_netdev_notifier);
561
562 return 0;
563 }
564
tcp_stop_kthread(struct task_struct * kthread)565 static void tcp_stop_kthread(struct task_struct *kthread)
566 {
567 int ret;
568
569 if (!kthread)
570 return;
571
572 ret = kthread_stop(kthread);
573 if (ret)
574 pr_err("failed to stop forker thread\n");
575 }
576
ksmbd_tcp_destroy(void)577 void ksmbd_tcp_destroy(void)
578 {
579 struct interface *iface, *tmp;
580
581 unregister_netdevice_notifier(&ksmbd_netdev_notifier);
582
583 list_for_each_entry_safe(iface, tmp, &iface_list, entry) {
584 list_del(&iface->entry);
585 kfree(iface->name);
586 kfree(iface);
587 }
588 }
589
alloc_iface(char * ifname)590 static struct interface *alloc_iface(char *ifname)
591 {
592 struct interface *iface;
593
594 if (!ifname)
595 return NULL;
596
597 iface = kzalloc(sizeof(struct interface), GFP_KERNEL);
598 if (!iface) {
599 kfree(ifname);
600 return NULL;
601 }
602
603 iface->name = ifname;
604 iface->state = IFACE_STATE_DOWN;
605 list_add(&iface->entry, &iface_list);
606 mutex_init(&iface->sock_release_lock);
607 return iface;
608 }
609
ksmbd_tcp_set_interfaces(char * ifc_list,int ifc_list_sz)610 int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz)
611 {
612 int sz = 0;
613
614 if (!ifc_list_sz) {
615 struct net_device *netdev;
616
617 rtnl_lock();
618 for_each_netdev(&init_net, netdev) {
619 if (netif_is_bridge_port(netdev))
620 continue;
621 if (!alloc_iface(kstrdup(netdev->name, GFP_KERNEL)))
622 return -ENOMEM;
623 }
624 rtnl_unlock();
625 bind_additional_ifaces = 1;
626 return 0;
627 }
628
629 while (ifc_list_sz > 0) {
630 if (!alloc_iface(kstrdup(ifc_list, GFP_KERNEL)))
631 return -ENOMEM;
632
633 sz = strlen(ifc_list);
634 if (!sz)
635 break;
636
637 ifc_list += sz + 1;
638 ifc_list_sz -= (sz + 1);
639 }
640
641 bind_additional_ifaces = 0;
642
643 return 0;
644 }
645
646 static struct ksmbd_transport_ops ksmbd_tcp_transport_ops = {
647 .read = ksmbd_tcp_read,
648 .writev = ksmbd_tcp_writev,
649 .disconnect = ksmbd_tcp_disconnect,
650 };
651