1// SPDX-License-Identifier: GPL-2.0-or-later 2/* AF_RXRPC sendmsg() implementation. 3 * 4 * Copyright (C) 2007, 2016 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 9 10#include <linux/net.h> 11#include <linux/gfp.h> 12#include <linux/skbuff.h> 13#include <linux/export.h> 14#include <linux/sched/signal.h> 15 16#include <net/sock.h> 17#include <net/af_rxrpc.h> 18#include "ar-internal.h" 19 20/* 21 * Return true if there's sufficient Tx queue space. 22 */ 23static bool rxrpc_check_tx_space(struct rxrpc_call *call, rxrpc_seq_t *_tx_win) 24{ 25 unsigned int win_size = 26 min_t(unsigned int, call->tx_winsize, 27 call->cong_cwnd + call->cong_extra); 28 rxrpc_seq_t tx_win = READ_ONCE(call->tx_hard_ack); 29 30 if (_tx_win) 31 *_tx_win = tx_win; 32 return call->tx_top - tx_win < win_size; 33} 34 35/* 36 * Wait for space to appear in the Tx queue or a signal to occur. 37 */ 38static int rxrpc_wait_for_tx_window_intr(struct rxrpc_sock *rx, 39 struct rxrpc_call *call, 40 long *timeo) 41{ 42 for (;;) { 43 set_current_state(TASK_INTERRUPTIBLE); 44 if (rxrpc_check_tx_space(call, NULL)) 45 return 0; 46 47 if (call->state >= RXRPC_CALL_COMPLETE) 48 return call->error; 49 50 if (signal_pending(current)) 51 return sock_intr_errno(*timeo); 52 53 trace_rxrpc_transmit(call, rxrpc_transmit_wait); 54 *timeo = schedule_timeout(*timeo); 55 } 56} 57 58/* 59 * Wait for space to appear in the Tx queue uninterruptibly, but with 60 * a timeout of 2*RTT if no progress was made and a signal occurred. 61 */ 62static int rxrpc_wait_for_tx_window_waitall(struct rxrpc_sock *rx, 63 struct rxrpc_call *call) 64{ 65 rxrpc_seq_t tx_start, tx_win; 66 signed long rtt, timeout; 67 68 rtt = READ_ONCE(call->peer->srtt_us) >> 3; 69 rtt = usecs_to_jiffies(rtt) * 2; 70 if (rtt < 2) 71 rtt = 2; 72 73 timeout = rtt; 74 tx_start = READ_ONCE(call->tx_hard_ack); 75 76 for (;;) { 77 set_current_state(TASK_UNINTERRUPTIBLE); 78 79 tx_win = READ_ONCE(call->tx_hard_ack); 80 if (rxrpc_check_tx_space(call, &tx_win)) 81 return 0; 82 83 if (call->state >= RXRPC_CALL_COMPLETE) 84 return call->error; 85 86 if (timeout == 0 && 87 tx_win == tx_start && signal_pending(current)) 88 return -EINTR; 89 90 if (tx_win != tx_start) { 91 timeout = rtt; 92 tx_start = tx_win; 93 } 94 95 trace_rxrpc_transmit(call, rxrpc_transmit_wait); 96 timeout = schedule_timeout(timeout); 97 } 98} 99 100/* 101 * Wait for space to appear in the Tx queue uninterruptibly. 102 */ 103static int rxrpc_wait_for_tx_window_nonintr(struct rxrpc_sock *rx, 104 struct rxrpc_call *call, 105 long *timeo) 106{ 107 for (;;) { 108 set_current_state(TASK_UNINTERRUPTIBLE); 109 if (rxrpc_check_tx_space(call, NULL)) 110 return 0; 111 112 if (call->state >= RXRPC_CALL_COMPLETE) 113 return call->error; 114 115 trace_rxrpc_transmit(call, rxrpc_transmit_wait); 116 *timeo = schedule_timeout(*timeo); 117 } 118} 119 120/* 121 * wait for space to appear in the transmit/ACK window 122 * - caller holds the socket locked 123 */ 124static int rxrpc_wait_for_tx_window(struct rxrpc_sock *rx, 125 struct rxrpc_call *call, 126 long *timeo, 127 bool waitall) 128{ 129 DECLARE_WAITQUEUE(myself, current); 130 int ret; 131 132 _enter(",{%u,%u,%u}", 133 call->tx_hard_ack, call->tx_top, call->tx_winsize); 134 135 add_wait_queue(&call->waitq, &myself); 136 137 switch (call->interruptibility) { 138 case RXRPC_INTERRUPTIBLE: 139 if (waitall) 140 ret = rxrpc_wait_for_tx_window_waitall(rx, call); 141 else 142 ret = rxrpc_wait_for_tx_window_intr(rx, call, timeo); 143 break; 144 case RXRPC_PREINTERRUPTIBLE: 145 case RXRPC_UNINTERRUPTIBLE: 146 default: 147 ret = rxrpc_wait_for_tx_window_nonintr(rx, call, timeo); 148 break; 149 } 150 151 remove_wait_queue(&call->waitq, &myself); 152 set_current_state(TASK_RUNNING); 153 _leave(" = %d", ret); 154 return ret; 155} 156 157/* 158 * Schedule an instant Tx resend. 159 */ 160static inline void rxrpc_instant_resend(struct rxrpc_call *call, int ix) 161{ 162 spin_lock_bh(&call->lock); 163 164 if (call->state < RXRPC_CALL_COMPLETE) { 165 call->rxtx_annotations[ix] = 166 (call->rxtx_annotations[ix] & RXRPC_TX_ANNO_LAST) | 167 RXRPC_TX_ANNO_RETRANS; 168 if (!test_and_set_bit(RXRPC_CALL_EV_RESEND, &call->events)) 169 rxrpc_queue_call(call); 170 } 171 172 spin_unlock_bh(&call->lock); 173} 174 175/* 176 * Notify the owner of the call that the transmit phase is ended and the last 177 * packet has been queued. 178 */ 179static void rxrpc_notify_end_tx(struct rxrpc_sock *rx, struct rxrpc_call *call, 180 rxrpc_notify_end_tx_t notify_end_tx) 181{ 182 if (notify_end_tx) 183 notify_end_tx(&rx->sk, call, call->user_call_ID); 184} 185 186/* 187 * Queue a DATA packet for transmission, set the resend timeout and send 188 * the packet immediately. Returns the error from rxrpc_send_data_packet() 189 * in case the caller wants to do something with it. 190 */ 191static int rxrpc_queue_packet(struct rxrpc_sock *rx, struct rxrpc_call *call, 192 struct sk_buff *skb, bool last, 193 rxrpc_notify_end_tx_t notify_end_tx) 194{ 195 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 196 unsigned long now; 197 rxrpc_seq_t seq = sp->hdr.seq; 198 int ret, ix; 199 u8 annotation = RXRPC_TX_ANNO_UNACK; 200 201 _net("queue skb %p [%d]", skb, seq); 202 203 ASSERTCMP(seq, ==, call->tx_top + 1); 204 205 if (last) 206 annotation |= RXRPC_TX_ANNO_LAST; 207 208 /* We have to set the timestamp before queueing as the retransmit 209 * algorithm can see the packet as soon as we queue it. 210 */ 211 skb->tstamp = ktime_get_real(); 212 213 ix = seq & RXRPC_RXTX_BUFF_MASK; 214 rxrpc_get_skb(skb, rxrpc_skb_got); 215 call->rxtx_annotations[ix] = annotation; 216 smp_wmb(); 217 call->rxtx_buffer[ix] = skb; 218 call->tx_top = seq; 219 if (last) 220 trace_rxrpc_transmit(call, rxrpc_transmit_queue_last); 221 else 222 trace_rxrpc_transmit(call, rxrpc_transmit_queue); 223 224 if (last || call->state == RXRPC_CALL_SERVER_ACK_REQUEST) { 225 _debug("________awaiting reply/ACK__________"); 226 write_lock_bh(&call->state_lock); 227 switch (call->state) { 228 case RXRPC_CALL_CLIENT_SEND_REQUEST: 229 call->state = RXRPC_CALL_CLIENT_AWAIT_REPLY; 230 rxrpc_notify_end_tx(rx, call, notify_end_tx); 231 break; 232 case RXRPC_CALL_SERVER_ACK_REQUEST: 233 call->state = RXRPC_CALL_SERVER_SEND_REPLY; 234 now = jiffies; 235 WRITE_ONCE(call->ack_at, now + MAX_JIFFY_OFFSET); 236 if (call->ackr_reason == RXRPC_ACK_DELAY) 237 call->ackr_reason = 0; 238 trace_rxrpc_timer(call, rxrpc_timer_init_for_send_reply, now); 239 if (!last) 240 break; 241 fallthrough; 242 case RXRPC_CALL_SERVER_SEND_REPLY: 243 call->state = RXRPC_CALL_SERVER_AWAIT_ACK; 244 rxrpc_notify_end_tx(rx, call, notify_end_tx); 245 break; 246 default: 247 break; 248 } 249 write_unlock_bh(&call->state_lock); 250 } 251 252 if (seq == 1 && rxrpc_is_client_call(call)) 253 rxrpc_expose_client_call(call); 254 255 ret = rxrpc_send_data_packet(call, skb, false); 256 if (ret < 0) { 257 switch (ret) { 258 case -ENETUNREACH: 259 case -EHOSTUNREACH: 260 case -ECONNREFUSED: 261 rxrpc_set_call_completion(call, RXRPC_CALL_LOCAL_ERROR, 262 0, ret); 263 goto out; 264 } 265 _debug("need instant resend %d", ret); 266 rxrpc_instant_resend(call, ix); 267 } else { 268 unsigned long now = jiffies; 269 unsigned long resend_at = now + call->peer->rto_j; 270 271 WRITE_ONCE(call->resend_at, resend_at); 272 rxrpc_reduce_call_timer(call, resend_at, now, 273 rxrpc_timer_set_for_send); 274 } 275 276out: 277 rxrpc_free_skb(skb, rxrpc_skb_freed); 278 _leave(" = %d", ret); 279 return ret; 280} 281 282/* 283 * send data through a socket 284 * - must be called in process context 285 * - The caller holds the call user access mutex, but not the socket lock. 286 */ 287static int rxrpc_send_data(struct rxrpc_sock *rx, 288 struct rxrpc_call *call, 289 struct msghdr *msg, size_t len, 290 rxrpc_notify_end_tx_t notify_end_tx, 291 bool *_dropped_lock) 292{ 293 struct rxrpc_skb_priv *sp; 294 struct sk_buff *skb; 295 struct sock *sk = &rx->sk; 296 enum rxrpc_call_state state; 297 long timeo; 298 bool more = msg->msg_flags & MSG_MORE; 299 int ret, copied = 0; 300 301 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); 302 303 /* this should be in poll */ 304 sk_clear_bit(SOCKWQ_ASYNC_NOSPACE, sk); 305 306reload: 307 ret = -EPIPE; 308 if (sk->sk_shutdown & SEND_SHUTDOWN) 309 goto maybe_error; 310 state = READ_ONCE(call->state); 311 ret = -ESHUTDOWN; 312 if (state >= RXRPC_CALL_COMPLETE) 313 goto maybe_error; 314 ret = -EPROTO; 315 if (state != RXRPC_CALL_CLIENT_SEND_REQUEST && 316 state != RXRPC_CALL_SERVER_ACK_REQUEST && 317 state != RXRPC_CALL_SERVER_SEND_REPLY) 318 goto maybe_error; 319 320 ret = -EMSGSIZE; 321 if (call->tx_total_len != -1) { 322 if (len - copied > call->tx_total_len) 323 goto maybe_error; 324 if (!more && len - copied != call->tx_total_len) 325 goto maybe_error; 326 } 327 328 skb = call->tx_pending; 329 call->tx_pending = NULL; 330 rxrpc_see_skb(skb, rxrpc_skb_seen); 331 332 do { 333 /* Check to see if there's a ping ACK to reply to. */ 334 if (call->ackr_reason == RXRPC_ACK_PING_RESPONSE) 335 rxrpc_send_ack_packet(call, false, NULL); 336 337 if (!skb) { 338 size_t size, chunk, max, space; 339 340 _debug("alloc"); 341 342 if (!rxrpc_check_tx_space(call, NULL)) 343 goto wait_for_space; 344 345 max = RXRPC_JUMBO_DATALEN; 346 max -= call->conn->security_size; 347 max &= ~(call->conn->size_align - 1UL); 348 349 chunk = max; 350 if (chunk > msg_data_left(msg) && !more) 351 chunk = msg_data_left(msg); 352 353 space = chunk + call->conn->size_align; 354 space &= ~(call->conn->size_align - 1UL); 355 356 size = space + call->conn->security_size; 357 358 _debug("SIZE: %zu/%zu/%zu", chunk, space, size); 359 360 /* create a buffer that we can retain until it's ACK'd */ 361 skb = sock_alloc_send_skb( 362 sk, size, msg->msg_flags & MSG_DONTWAIT, &ret); 363 if (!skb) 364 goto maybe_error; 365 366 sp = rxrpc_skb(skb); 367 sp->rx_flags |= RXRPC_SKB_TX_BUFFER; 368 rxrpc_new_skb(skb, rxrpc_skb_new); 369 370 _debug("ALLOC SEND %p", skb); 371 372 ASSERTCMP(skb->mark, ==, 0); 373 374 _debug("HS: %u", call->conn->security_size); 375 skb_reserve(skb, call->conn->security_size); 376 skb->len += call->conn->security_size; 377 378 sp->remain = chunk; 379 if (sp->remain > skb_tailroom(skb)) 380 sp->remain = skb_tailroom(skb); 381 382 _net("skb: hr %d, tr %d, hl %d, rm %d", 383 skb_headroom(skb), 384 skb_tailroom(skb), 385 skb_headlen(skb), 386 sp->remain); 387 388 skb->ip_summed = CHECKSUM_UNNECESSARY; 389 } 390 391 _debug("append"); 392 sp = rxrpc_skb(skb); 393 394 /* append next segment of data to the current buffer */ 395 if (msg_data_left(msg) > 0) { 396 int copy = skb_tailroom(skb); 397 ASSERTCMP(copy, >, 0); 398 if (copy > msg_data_left(msg)) 399 copy = msg_data_left(msg); 400 if (copy > sp->remain) 401 copy = sp->remain; 402 403 _debug("add"); 404 ret = skb_add_data(skb, &msg->msg_iter, copy); 405 _debug("added"); 406 if (ret < 0) 407 goto efault; 408 sp->remain -= copy; 409 skb->mark += copy; 410 copied += copy; 411 if (call->tx_total_len != -1) 412 call->tx_total_len -= copy; 413 } 414 415 /* check for the far side aborting the call or a network error 416 * occurring */ 417 if (call->state == RXRPC_CALL_COMPLETE) 418 goto call_terminated; 419 420 /* add the packet to the send queue if it's now full */ 421 if (sp->remain <= 0 || 422 (msg_data_left(msg) == 0 && !more)) { 423 struct rxrpc_connection *conn = call->conn; 424 uint32_t seq; 425 size_t pad; 426 427 /* pad out if we're using security */ 428 if (conn->security_ix) { 429 pad = conn->security_size + skb->mark; 430 pad = conn->size_align - pad; 431 pad &= conn->size_align - 1; 432 _debug("pad %zu", pad); 433 if (pad) 434 skb_put_zero(skb, pad); 435 } 436 437 seq = call->tx_top + 1; 438 439 sp->hdr.seq = seq; 440 sp->hdr._rsvd = 0; 441 sp->hdr.flags = conn->out_clientflag; 442 443 if (msg_data_left(msg) == 0 && !more) 444 sp->hdr.flags |= RXRPC_LAST_PACKET; 445 else if (call->tx_top - call->tx_hard_ack < 446 call->tx_winsize) 447 sp->hdr.flags |= RXRPC_MORE_PACKETS; 448 449 ret = call->security->secure_packet( 450 call, skb, skb->mark, skb->head); 451 if (ret < 0) 452 goto out; 453 454 ret = rxrpc_queue_packet(rx, call, skb, 455 !msg_data_left(msg) && !more, 456 notify_end_tx); 457 /* Should check for failure here */ 458 skb = NULL; 459 } 460 } while (msg_data_left(msg) > 0); 461 462success: 463 ret = copied; 464 if (READ_ONCE(call->state) == RXRPC_CALL_COMPLETE) { 465 read_lock_bh(&call->state_lock); 466 if (call->error < 0) 467 ret = call->error; 468 read_unlock_bh(&call->state_lock); 469 } 470out: 471 call->tx_pending = skb; 472 _leave(" = %d", ret); 473 return ret; 474 475call_terminated: 476 rxrpc_free_skb(skb, rxrpc_skb_freed); 477 _leave(" = %d", call->error); 478 return call->error; 479 480maybe_error: 481 if (copied) 482 goto success; 483 goto out; 484 485efault: 486 ret = -EFAULT; 487 goto out; 488 489wait_for_space: 490 ret = -EAGAIN; 491 if (msg->msg_flags & MSG_DONTWAIT) 492 goto maybe_error; 493 mutex_unlock(&call->user_mutex); 494 *_dropped_lock = true; 495 ret = rxrpc_wait_for_tx_window(rx, call, &timeo, 496 msg->msg_flags & MSG_WAITALL); 497 if (ret < 0) 498 goto maybe_error; 499 if (call->interruptibility == RXRPC_INTERRUPTIBLE) { 500 if (mutex_lock_interruptible(&call->user_mutex) < 0) { 501 ret = sock_intr_errno(timeo); 502 goto maybe_error; 503 } 504 } else { 505 mutex_lock(&call->user_mutex); 506 } 507 *_dropped_lock = false; 508 goto reload; 509} 510 511/* 512 * extract control messages from the sendmsg() control buffer 513 */ 514static int rxrpc_sendmsg_cmsg(struct msghdr *msg, struct rxrpc_send_params *p) 515{ 516 struct cmsghdr *cmsg; 517 bool got_user_ID = false; 518 int len; 519 520 if (msg->msg_controllen == 0) 521 return -EINVAL; 522 523 for_each_cmsghdr(cmsg, msg) { 524 if (!CMSG_OK(msg, cmsg)) 525 return -EINVAL; 526 527 len = cmsg->cmsg_len - sizeof(struct cmsghdr); 528 _debug("CMSG %d, %d, %d", 529 cmsg->cmsg_level, cmsg->cmsg_type, len); 530 531 if (cmsg->cmsg_level != SOL_RXRPC) 532 continue; 533 534 switch (cmsg->cmsg_type) { 535 case RXRPC_USER_CALL_ID: 536 if (msg->msg_flags & MSG_CMSG_COMPAT) { 537 if (len != sizeof(u32)) 538 return -EINVAL; 539 p->call.user_call_ID = *(u32 *)CMSG_DATA(cmsg); 540 } else { 541 if (len != sizeof(unsigned long)) 542 return -EINVAL; 543 p->call.user_call_ID = *(unsigned long *) 544 CMSG_DATA(cmsg); 545 } 546 got_user_ID = true; 547 break; 548 549 case RXRPC_ABORT: 550 if (p->command != RXRPC_CMD_SEND_DATA) 551 return -EINVAL; 552 p->command = RXRPC_CMD_SEND_ABORT; 553 if (len != sizeof(p->abort_code)) 554 return -EINVAL; 555 p->abort_code = *(unsigned int *)CMSG_DATA(cmsg); 556 if (p->abort_code == 0) 557 return -EINVAL; 558 break; 559 560 case RXRPC_CHARGE_ACCEPT: 561 if (p->command != RXRPC_CMD_SEND_DATA) 562 return -EINVAL; 563 p->command = RXRPC_CMD_CHARGE_ACCEPT; 564 if (len != 0) 565 return -EINVAL; 566 break; 567 568 case RXRPC_EXCLUSIVE_CALL: 569 p->exclusive = true; 570 if (len != 0) 571 return -EINVAL; 572 break; 573 574 case RXRPC_UPGRADE_SERVICE: 575 p->upgrade = true; 576 if (len != 0) 577 return -EINVAL; 578 break; 579 580 case RXRPC_TX_LENGTH: 581 if (p->call.tx_total_len != -1 || len != sizeof(__s64)) 582 return -EINVAL; 583 p->call.tx_total_len = *(__s64 *)CMSG_DATA(cmsg); 584 if (p->call.tx_total_len < 0) 585 return -EINVAL; 586 break; 587 588 case RXRPC_SET_CALL_TIMEOUT: 589 if (len & 3 || len < 4 || len > 12) 590 return -EINVAL; 591 memcpy(&p->call.timeouts, CMSG_DATA(cmsg), len); 592 p->call.nr_timeouts = len / 4; 593 if (p->call.timeouts.hard > INT_MAX / HZ) 594 return -ERANGE; 595 if (p->call.nr_timeouts >= 2 && p->call.timeouts.idle > 60 * 60 * 1000) 596 return -ERANGE; 597 if (p->call.nr_timeouts >= 3 && p->call.timeouts.normal > 60 * 60 * 1000) 598 return -ERANGE; 599 break; 600 601 default: 602 return -EINVAL; 603 } 604 } 605 606 if (!got_user_ID) 607 return -EINVAL; 608 if (p->call.tx_total_len != -1 && p->command != RXRPC_CMD_SEND_DATA) 609 return -EINVAL; 610 _leave(" = 0"); 611 return 0; 612} 613 614/* 615 * Create a new client call for sendmsg(). 616 * - Called with the socket lock held, which it must release. 617 * - If it returns a call, the call's lock will need releasing by the caller. 618 */ 619static struct rxrpc_call * 620rxrpc_new_client_call_for_sendmsg(struct rxrpc_sock *rx, struct msghdr *msg, 621 struct rxrpc_send_params *p) 622 __releases(&rx->sk.sk_lock.slock) 623 __acquires(&call->user_mutex) 624{ 625 struct rxrpc_conn_parameters cp; 626 struct rxrpc_call *call; 627 struct key *key; 628 629 DECLARE_SOCKADDR(struct sockaddr_rxrpc *, srx, msg->msg_name); 630 631 _enter(""); 632 633 if (!msg->msg_name) { 634 release_sock(&rx->sk); 635 return ERR_PTR(-EDESTADDRREQ); 636 } 637 638 key = rx->key; 639 if (key && !rx->key->payload.data[0]) 640 key = NULL; 641 642 memset(&cp, 0, sizeof(cp)); 643 cp.local = rx->local; 644 cp.key = rx->key; 645 cp.security_level = rx->min_sec_level; 646 cp.exclusive = rx->exclusive | p->exclusive; 647 cp.upgrade = p->upgrade; 648 cp.service_id = srx->srx_service; 649 call = rxrpc_new_client_call(rx, &cp, srx, &p->call, GFP_KERNEL, 650 atomic_inc_return(&rxrpc_debug_id)); 651 /* The socket is now unlocked */ 652 653 rxrpc_put_peer(cp.peer); 654 _leave(" = %p\n", call); 655 return call; 656} 657 658/* 659 * send a message forming part of a client call through an RxRPC socket 660 * - caller holds the socket locked 661 * - the socket may be either a client socket or a server socket 662 */ 663int rxrpc_do_sendmsg(struct rxrpc_sock *rx, struct msghdr *msg, size_t len) 664 __releases(&rx->sk.sk_lock.slock) 665 __releases(&call->user_mutex) 666{ 667 enum rxrpc_call_state state; 668 struct rxrpc_call *call; 669 unsigned long now, j; 670 bool dropped_lock = false; 671 int ret; 672 673 struct rxrpc_send_params p = { 674 .call.tx_total_len = -1, 675 .call.user_call_ID = 0, 676 .call.nr_timeouts = 0, 677 .call.interruptibility = RXRPC_INTERRUPTIBLE, 678 .abort_code = 0, 679 .command = RXRPC_CMD_SEND_DATA, 680 .exclusive = false, 681 .upgrade = false, 682 }; 683 684 _enter(""); 685 686 ret = rxrpc_sendmsg_cmsg(msg, &p); 687 if (ret < 0) 688 goto error_release_sock; 689 690 if (p.command == RXRPC_CMD_CHARGE_ACCEPT) { 691 ret = -EINVAL; 692 if (rx->sk.sk_state != RXRPC_SERVER_LISTENING) 693 goto error_release_sock; 694 ret = rxrpc_user_charge_accept(rx, p.call.user_call_ID); 695 goto error_release_sock; 696 } 697 698 call = rxrpc_find_call_by_user_ID(rx, p.call.user_call_ID); 699 if (!call) { 700 ret = -EBADSLT; 701 if (p.command != RXRPC_CMD_SEND_DATA) 702 goto error_release_sock; 703 call = rxrpc_new_client_call_for_sendmsg(rx, msg, &p); 704 /* The socket is now unlocked... */ 705 if (IS_ERR(call)) 706 return PTR_ERR(call); 707 /* ... and we have the call lock. */ 708 ret = 0; 709 if (READ_ONCE(call->state) == RXRPC_CALL_COMPLETE) 710 goto out_put_unlock; 711 } else { 712 switch (READ_ONCE(call->state)) { 713 case RXRPC_CALL_UNINITIALISED: 714 case RXRPC_CALL_CLIENT_AWAIT_CONN: 715 case RXRPC_CALL_SERVER_PREALLOC: 716 case RXRPC_CALL_SERVER_SECURING: 717 rxrpc_put_call(call, rxrpc_call_put); 718 ret = -EBUSY; 719 goto error_release_sock; 720 default: 721 break; 722 } 723 724 ret = mutex_lock_interruptible(&call->user_mutex); 725 release_sock(&rx->sk); 726 if (ret < 0) { 727 ret = -ERESTARTSYS; 728 goto error_put; 729 } 730 731 if (p.call.tx_total_len != -1) { 732 ret = -EINVAL; 733 if (call->tx_total_len != -1 || 734 call->tx_pending || 735 call->tx_top != 0) 736 goto out_put_unlock; 737 call->tx_total_len = p.call.tx_total_len; 738 } 739 } 740 741 switch (p.call.nr_timeouts) { 742 case 3: 743 j = msecs_to_jiffies(p.call.timeouts.normal); 744 if (p.call.timeouts.normal > 0 && j == 0) 745 j = 1; 746 WRITE_ONCE(call->next_rx_timo, j); 747 fallthrough; 748 case 2: 749 j = msecs_to_jiffies(p.call.timeouts.idle); 750 if (p.call.timeouts.idle > 0 && j == 0) 751 j = 1; 752 WRITE_ONCE(call->next_req_timo, j); 753 fallthrough; 754 case 1: 755 if (p.call.timeouts.hard > 0) { 756 j = p.call.timeouts.hard * HZ; 757 now = jiffies; 758 j += now; 759 WRITE_ONCE(call->expect_term_by, j); 760 rxrpc_reduce_call_timer(call, j, now, 761 rxrpc_timer_set_for_hard); 762 } 763 break; 764 } 765 766 state = READ_ONCE(call->state); 767 _debug("CALL %d USR %lx ST %d on CONN %p", 768 call->debug_id, call->user_call_ID, state, call->conn); 769 770 if (state >= RXRPC_CALL_COMPLETE) { 771 /* it's too late for this call */ 772 ret = -ESHUTDOWN; 773 } else if (p.command == RXRPC_CMD_SEND_ABORT) { 774 ret = 0; 775 if (rxrpc_abort_call("CMD", call, 0, p.abort_code, -ECONNABORTED)) 776 ret = rxrpc_send_abort_packet(call); 777 } else if (p.command != RXRPC_CMD_SEND_DATA) { 778 ret = -EINVAL; 779 } else { 780 ret = rxrpc_send_data(rx, call, msg, len, NULL, &dropped_lock); 781 } 782 783out_put_unlock: 784 if (!dropped_lock) 785 mutex_unlock(&call->user_mutex); 786error_put: 787 rxrpc_put_call(call, rxrpc_call_put); 788 _leave(" = %d", ret); 789 return ret; 790 791error_release_sock: 792 release_sock(&rx->sk); 793 return ret; 794} 795 796/** 797 * rxrpc_kernel_send_data - Allow a kernel service to send data on a call 798 * @sock: The socket the call is on 799 * @call: The call to send data through 800 * @msg: The data to send 801 * @len: The amount of data to send 802 * @notify_end_tx: Notification that the last packet is queued. 803 * 804 * Allow a kernel service to send data on a call. The call must be in an state 805 * appropriate to sending data. No control data should be supplied in @msg, 806 * nor should an address be supplied. MSG_MORE should be flagged if there's 807 * more data to come, otherwise this data will end the transmission phase. 808 */ 809int rxrpc_kernel_send_data(struct socket *sock, struct rxrpc_call *call, 810 struct msghdr *msg, size_t len, 811 rxrpc_notify_end_tx_t notify_end_tx) 812{ 813 bool dropped_lock = false; 814 int ret; 815 816 _enter("{%d,%s},", call->debug_id, rxrpc_call_states[call->state]); 817 818 ASSERTCMP(msg->msg_name, ==, NULL); 819 ASSERTCMP(msg->msg_control, ==, NULL); 820 821 mutex_lock(&call->user_mutex); 822 823 _debug("CALL %d USR %lx ST %d on CONN %p", 824 call->debug_id, call->user_call_ID, call->state, call->conn); 825 826 switch (READ_ONCE(call->state)) { 827 case RXRPC_CALL_CLIENT_SEND_REQUEST: 828 case RXRPC_CALL_SERVER_ACK_REQUEST: 829 case RXRPC_CALL_SERVER_SEND_REPLY: 830 ret = rxrpc_send_data(rxrpc_sk(sock->sk), call, msg, len, 831 notify_end_tx, &dropped_lock); 832 break; 833 case RXRPC_CALL_COMPLETE: 834 read_lock_bh(&call->state_lock); 835 ret = call->error; 836 read_unlock_bh(&call->state_lock); 837 break; 838 default: 839 /* Request phase complete for this client call */ 840 trace_rxrpc_rx_eproto(call, 0, tracepoint_string("late_send")); 841 ret = -EPROTO; 842 break; 843 } 844 845 if (!dropped_lock) 846 mutex_unlock(&call->user_mutex); 847 _leave(" = %d", ret); 848 return ret; 849} 850EXPORT_SYMBOL(rxrpc_kernel_send_data); 851 852/** 853 * rxrpc_kernel_abort_call - Allow a kernel service to abort a call 854 * @sock: The socket the call is on 855 * @call: The call to be aborted 856 * @abort_code: The abort code to stick into the ABORT packet 857 * @error: Local error value 858 * @why: 3-char string indicating why. 859 * 860 * Allow a kernel service to abort a call, if it's still in an abortable state 861 * and return true if the call was aborted, false if it was already complete. 862 */ 863bool rxrpc_kernel_abort_call(struct socket *sock, struct rxrpc_call *call, 864 u32 abort_code, int error, const char *why) 865{ 866 bool aborted; 867 868 _enter("{%d},%d,%d,%s", call->debug_id, abort_code, error, why); 869 870 mutex_lock(&call->user_mutex); 871 872 aborted = rxrpc_abort_call(why, call, 0, abort_code, error); 873 if (aborted) 874 rxrpc_send_abort_packet(call); 875 876 mutex_unlock(&call->user_mutex); 877 return aborted; 878} 879EXPORT_SYMBOL(rxrpc_kernel_abort_call); 880 881/** 882 * rxrpc_kernel_set_tx_length - Set the total Tx length on a call 883 * @sock: The socket the call is on 884 * @call: The call to be informed 885 * @tx_total_len: The amount of data to be transmitted for this call 886 * 887 * Allow a kernel service to set the total transmit length on a call. This 888 * allows buffer-to-packet encrypt-and-copy to be performed. 889 * 890 * This function is primarily for use for setting the reply length since the 891 * request length can be set when beginning the call. 892 */ 893void rxrpc_kernel_set_tx_length(struct socket *sock, struct rxrpc_call *call, 894 s64 tx_total_len) 895{ 896 WARN_ON(call->tx_total_len != -1); 897 call->tx_total_len = tx_total_len; 898} 899EXPORT_SYMBOL(rxrpc_kernel_set_tx_length); 900