mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-28 04:08:46 +07:00
248f219cb8
Rewrite the data and ack handling code such that: (1) Parsing of received ACK and ABORT packets and the distribution and the filing of DATA packets happens entirely within the data_ready context called from the UDP socket. This allows us to process and discard ACK and ABORT packets much more quickly (they're no longer stashed on a queue for a background thread to process). (2) We avoid calling skb_clone(), pskb_pull() and pskb_trim(). We instead keep track of the offset and length of the content of each packet in the sk_buff metadata. This means we don't do any allocation in the receive path. (3) Jumbo DATA packet parsing is now done in data_ready context. Rather than cloning the packet once for each subpacket and pulling/trimming it, we file the packet multiple times with an annotation for each indicating which subpacket is there. From that we can directly calculate the offset and length. (4) A call's receive queue can be accessed without taking locks (memory barriers do have to be used, though). (5) Incoming calls are set up from preallocated resources and immediately made live. They can than have packets queued upon them and ACKs generated. If insufficient resources exist, DATA packet #1 is given a BUSY reply and other DATA packets are discarded). (6) sk_buffs no longer take a ref on their parent call. To make this work, the following changes are made: (1) Each call's receive buffer is now a circular buffer of sk_buff pointers (rxtx_buffer) rather than a number of sk_buff_heads spread between the call and the socket. This permits each sk_buff to be in the buffer multiple times. The receive buffer is reused for the transmit buffer. (2) A circular buffer of annotations (rxtx_annotations) is kept parallel to the data buffer. Transmission phase annotations indicate whether a buffered packet has been ACK'd or not and whether it needs retransmission. Receive phase annotations indicate whether a slot holds a whole packet or a jumbo subpacket and, if the latter, which subpacket. They also note whether the packet has been decrypted in place. (3) DATA packet window tracking is much simplified. Each phase has just two numbers representing the window (rx_hard_ack/rx_top and tx_hard_ack/tx_top). The hard_ack number is the sequence number before base of the window, representing the last packet the other side says it has consumed. hard_ack starts from 0 and the first packet is sequence number 1. The top number is the sequence number of the highest-numbered packet residing in the buffer. Packets between hard_ack+1 and top are soft-ACK'd to indicate they've been received, but not yet consumed. Four macros, before(), before_eq(), after() and after_eq() are added to compare sequence numbers within the window. This allows for the top of the window to wrap when the hard-ack sequence number gets close to the limit. Two flags, RXRPC_CALL_RX_LAST and RXRPC_CALL_TX_LAST, are added also to indicate when rx_top and tx_top point at the packets with the LAST_PACKET bit set, indicating the end of the phase. (4) Calls are queued on the socket 'receive queue' rather than packets. This means that we don't need have to invent dummy packets to queue to indicate abnormal/terminal states and we don't have to keep metadata packets (such as ABORTs) around (5) The offset and length of a (sub)packet's content are now passed to the verify_packet security op. This is currently expected to decrypt the packet in place and validate it. However, there's now nowhere to store the revised offset and length of the actual data within the decrypted blob (there may be a header and padding to skip) because an sk_buff may represent multiple packets, so a locate_data security op is added to retrieve these details from the sk_buff content when needed. (6) recvmsg() now has to handle jumbo subpackets, where each subpacket is individually secured and needs to be individually decrypted. The code to do this is broken out into rxrpc_recvmsg_data() and shared with the kernel API. It now iterates over the call's receive buffer rather than walking the socket receive queue. Additional changes: (1) The timers are condensed to a single timer that is set for the soonest of three timeouts (delayed ACK generation, DATA retransmission and call lifespan). (2) Transmission of ACK and ABORT packets is effected immediately from process-context socket ops/kernel API calls that cause them instead of them being punted off to a background work item. The data_ready handler still has to defer to the background, though. (3) A shutdown op is added to the AF_RXRPC socket so that the AFS filesystem can shut down the socket and flush its own work items before closing the socket to deal with any in-progress service calls. Future additional changes that will need to be considered: (1) Make sure that a call doesn't hog the front of the queue by receiving data from the network as fast as userspace is consuming it to the exclusion of other calls. (2) Transmit delayed ACKs from within recvmsg() when we've consumed sufficiently more packets to avoid the background work item needing to run. Signed-off-by: David Howells <dhowells@redhat.com>
169 lines
3.6 KiB
C
169 lines
3.6 KiB
C
/* RxRPC security handling
|
|
*
|
|
* Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
|
|
#include <linux/module.h>
|
|
#include <linux/net.h>
|
|
#include <linux/skbuff.h>
|
|
#include <linux/udp.h>
|
|
#include <linux/crypto.h>
|
|
#include <net/sock.h>
|
|
#include <net/af_rxrpc.h>
|
|
#include <keys/rxrpc-type.h>
|
|
#include "ar-internal.h"
|
|
|
|
static LIST_HEAD(rxrpc_security_methods);
|
|
static DECLARE_RWSEM(rxrpc_security_sem);
|
|
|
|
static const struct rxrpc_security *rxrpc_security_types[] = {
|
|
[RXRPC_SECURITY_NONE] = &rxrpc_no_security,
|
|
#ifdef CONFIG_RXKAD
|
|
[RXRPC_SECURITY_RXKAD] = &rxkad,
|
|
#endif
|
|
};
|
|
|
|
int __init rxrpc_init_security(void)
|
|
{
|
|
int i, ret;
|
|
|
|
for (i = 0; i < ARRAY_SIZE(rxrpc_security_types); i++) {
|
|
if (rxrpc_security_types[i]) {
|
|
ret = rxrpc_security_types[i]->init();
|
|
if (ret < 0)
|
|
goto failed;
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
|
|
failed:
|
|
for (i--; i >= 0; i--)
|
|
if (rxrpc_security_types[i])
|
|
rxrpc_security_types[i]->exit();
|
|
return ret;
|
|
}
|
|
|
|
void rxrpc_exit_security(void)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < ARRAY_SIZE(rxrpc_security_types); i++)
|
|
if (rxrpc_security_types[i])
|
|
rxrpc_security_types[i]->exit();
|
|
}
|
|
|
|
/*
|
|
* look up an rxrpc security module
|
|
*/
|
|
static const struct rxrpc_security *rxrpc_security_lookup(u8 security_index)
|
|
{
|
|
if (security_index >= ARRAY_SIZE(rxrpc_security_types))
|
|
return NULL;
|
|
return rxrpc_security_types[security_index];
|
|
}
|
|
|
|
/*
|
|
* initialise the security on a client connection
|
|
*/
|
|
int rxrpc_init_client_conn_security(struct rxrpc_connection *conn)
|
|
{
|
|
const struct rxrpc_security *sec;
|
|
struct rxrpc_key_token *token;
|
|
struct key *key = conn->params.key;
|
|
int ret;
|
|
|
|
_enter("{%d},{%x}", conn->debug_id, key_serial(key));
|
|
|
|
if (!key)
|
|
return 0;
|
|
|
|
ret = key_validate(key);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
token = key->payload.data[0];
|
|
if (!token)
|
|
return -EKEYREJECTED;
|
|
|
|
sec = rxrpc_security_lookup(token->security_index);
|
|
if (!sec)
|
|
return -EKEYREJECTED;
|
|
conn->security = sec;
|
|
|
|
ret = conn->security->init_connection_security(conn);
|
|
if (ret < 0) {
|
|
conn->security = &rxrpc_no_security;
|
|
return ret;
|
|
}
|
|
|
|
_leave(" = 0");
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* initialise the security on a server connection
|
|
*/
|
|
int rxrpc_init_server_conn_security(struct rxrpc_connection *conn)
|
|
{
|
|
const struct rxrpc_security *sec;
|
|
struct rxrpc_local *local = conn->params.local;
|
|
struct rxrpc_sock *rx;
|
|
struct key *key;
|
|
key_ref_t kref;
|
|
char kdesc[5 + 1 + 3 + 1];
|
|
|
|
_enter("");
|
|
|
|
sprintf(kdesc, "%u:%u", conn->params.service_id, conn->security_ix);
|
|
|
|
sec = rxrpc_security_lookup(conn->security_ix);
|
|
if (!sec) {
|
|
_leave(" = -ENOKEY [lookup]");
|
|
return -ENOKEY;
|
|
}
|
|
|
|
/* find the service */
|
|
read_lock(&local->services_lock);
|
|
hlist_for_each_entry(rx, &local->services, listen_link) {
|
|
if (rx->srx.srx_service == conn->params.service_id)
|
|
goto found_service;
|
|
}
|
|
|
|
/* the service appears to have died */
|
|
read_unlock(&local->services_lock);
|
|
_leave(" = -ENOENT");
|
|
return -ENOENT;
|
|
|
|
found_service:
|
|
if (!rx->securities) {
|
|
read_unlock(&local->services_lock);
|
|
_leave(" = -ENOKEY");
|
|
return -ENOKEY;
|
|
}
|
|
|
|
/* look through the service's keyring */
|
|
kref = keyring_search(make_key_ref(rx->securities, 1UL),
|
|
&key_type_rxrpc_s, kdesc);
|
|
if (IS_ERR(kref)) {
|
|
read_unlock(&local->services_lock);
|
|
_leave(" = %ld [search]", PTR_ERR(kref));
|
|
return PTR_ERR(kref);
|
|
}
|
|
|
|
key = key_ref_to_ptr(kref);
|
|
read_unlock(&local->services_lock);
|
|
|
|
conn->server_key = key;
|
|
conn->security = sec;
|
|
|
|
_leave(" = 0");
|
|
return 0;
|
|
}
|