LXR linux/net/rxrpc/ar-input.c

   1/* RxRPC packet reception
   2 *
   3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
   4 * Written by David Howells (dhowells@redhat.com)
   5 *
   6 * This program is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU General Public License
   8 * as published by the Free Software Foundation; either version
   9 * 2 of the License, or (at your option) any later version.
  10 */
  11
  12#include <linux/module.h>
  13#include <linux/net.h>
  14#include <linux/skbuff.h>
  15#include <linux/errqueue.h>
  16#include <linux/udp.h>
  17#include <linux/in.h>
  18#include <linux/in6.h>
  19#include <linux/icmp.h>
  20#include <net/sock.h>
  21#include <net/af_rxrpc.h>
  22#include <net/ip.h>
  23#include <net/udp.h>
  24#include "ar-internal.h"
  25
  26unsigned long rxrpc_ack_timeout = 1;
  27
  28const char *rxrpc_pkts[] = {
  29        "?00",
  30        "DATA", "ACK", "BUSY", "ABORT", "ACKALL", "CHALL", "RESP", "DEBUG",
  31        "?09", "?10", "?11", "?12", "?13", "?14", "?15"
  32};
  33
  34/*
  35 * queue a packet for recvmsg to pass to userspace
  36 * - the caller must hold a lock on call->lock
  37 * - must not be called with interrupts disabled (sk_filter() disables BH's)
  38 * - eats the packet whether successful or not
  39 * - there must be just one reference to the packet, which the caller passes to
  40 *   this function
  41 */
  42int rxrpc_queue_rcv_skb(struct rxrpc_call *call, struct sk_buff *skb,
  43                        bool force, bool terminal)
  44{
  45        struct rxrpc_skb_priv *sp;
  46        struct rxrpc_sock *rx = call->socket;
  47        struct sock *sk;
  48        int skb_len, ret;
  49
  50        _enter(",,%d,%d", force, terminal);
  51
  52        ASSERT(!irqs_disabled());
  53
  54        sp = rxrpc_skb(skb);
  55        ASSERTCMP(sp->call, ==, call);
  56
  57        /* if we've already posted the terminal message for a call, then we
  58         * don't post any more */
  59        if (test_bit(RXRPC_CALL_TERMINAL_MSG, &call->flags)) {
  60                _debug("already terminated");
  61                ASSERTCMP(call->state, >=, RXRPC_CALL_COMPLETE);
  62                skb->destructor = NULL;
  63                sp->call = NULL;
  64                rxrpc_put_call(call);
  65                rxrpc_free_skb(skb);
  66                return 0;
  67        }
  68
  69        sk = &rx->sk;
  70
  71        if (!force) {
  72                /* cast skb->rcvbuf to unsigned...  It's pointless, but
  73                 * reduces number of warnings when compiling with -W
  74                 * --ANK */
  75//              ret = -ENOBUFS;
  76//              if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >=
  77//                  (unsigned) sk->sk_rcvbuf)
  78//                      goto out;
  79
  80                ret = sk_filter(sk, skb);
  81                if (ret < 0)
  82                        goto out;
  83        }
  84
  85        spin_lock_bh(&sk->sk_receive_queue.lock);
  86        if (!test_bit(RXRPC_CALL_TERMINAL_MSG, &call->flags) &&
  87            !test_bit(RXRPC_CALL_RELEASED, &call->flags) &&
  88            call->socket->sk.sk_state != RXRPC_CLOSE) {
  89                skb->destructor = rxrpc_packet_destructor;
  90                skb->dev = NULL;
  91                skb->sk = sk;
  92                atomic_add(skb->truesize, &sk->sk_rmem_alloc);
  93
  94                if (terminal) {
  95                        _debug("<<<< TERMINAL MESSAGE >>>>");
  96                        set_bit(RXRPC_CALL_TERMINAL_MSG, &call->flags);
  97                }
  98
  99                /* allow interception by a kernel service */
 100                if (rx->interceptor) {
 101                        rx->interceptor(sk, call->user_call_ID, skb);
 102                        spin_unlock_bh(&sk->sk_receive_queue.lock);
 103                } else {
 104
 105                        /* Cache the SKB length before we tack it onto the
 106                         * receive queue.  Once it is added it no longer
 107                         * belongs to us and may be freed by other threads of
 108                         * control pulling packets from the queue */
 109                        skb_len = skb->len;
 110
 111                        _net("post skb %p", skb);
 112                        __skb_queue_tail(&sk->sk_receive_queue, skb);
 113                        spin_unlock_bh(&sk->sk_receive_queue.lock);
 114
 115                        if (!sock_flag(sk, SOCK_DEAD))
 116                                sk->sk_data_ready(sk, skb_len);
 117                }
 118                skb = NULL;
 119        } else {
 120                spin_unlock_bh(&sk->sk_receive_queue.lock);
 121        }
 122        ret = 0;
 123
 124out:
 125        /* release the socket buffer */
 126        if (skb) {
 127                skb->destructor = NULL;
 128                sp->call = NULL;
 129                rxrpc_put_call(call);
 130                rxrpc_free_skb(skb);
 131        }
 132
 133        _leave(" = %d", ret);
 134        return ret;
 135}
 136
 137/*
 138 * process a DATA packet, posting the packet to the appropriate queue
 139 * - eats the packet if successful
 140 */
 141static int rxrpc_fast_process_data(struct rxrpc_call *call,
 142                                   struct sk_buff *skb, u32 seq)
 143{
 144        struct rxrpc_skb_priv *sp;
 145        bool terminal;
 146        int ret, ackbit, ack;
 147
 148        _enter("{%u,%u},,{%u}", call->rx_data_post, call->rx_first_oos, seq);
 149
 150        sp = rxrpc_skb(skb);
 151        ASSERTCMP(sp->call, ==, NULL);
 152
 153        spin_lock(&call->lock);
 154
 155        if (call->state > RXRPC_CALL_COMPLETE)
 156                goto discard;
 157
 158        ASSERTCMP(call->rx_data_expect, >=, call->rx_data_post);
 159        ASSERTCMP(call->rx_data_post, >=, call->rx_data_recv);
 160        ASSERTCMP(call->rx_data_recv, >=, call->rx_data_eaten);
 161
 162        if (seq < call->rx_data_post) {
 163                _debug("dup #%u [-%u]", seq, call->rx_data_post);
 164                ack = RXRPC_ACK_DUPLICATE;
 165                ret = -ENOBUFS;
 166                goto discard_and_ack;
 167        }
 168
 169        /* we may already have the packet in the out of sequence queue */
 170        ackbit = seq - (call->rx_data_eaten + 1);
 171        ASSERTCMP(ackbit, >=, 0);
 172        if (__test_and_set_bit(ackbit, call->ackr_window)) {
 173                _debug("dup oos #%u [%u,%u]",
 174                       seq, call->rx_data_eaten, call->rx_data_post);
 175                ack = RXRPC_ACK_DUPLICATE;
 176                goto discard_and_ack;
 177        }
 178
 179        if (seq >= call->ackr_win_top) {
 180                _debug("exceed #%u [%u]", seq, call->ackr_win_top);
 181                __clear_bit(ackbit, call->ackr_window);
 182                ack = RXRPC_ACK_EXCEEDS_WINDOW;
 183                goto discard_and_ack;
 184        }
 185
 186        if (seq == call->rx_data_expect) {
 187                clear_bit(RXRPC_CALL_EXPECT_OOS, &call->flags);
 188                call->rx_data_expect++;
 189        } else if (seq > call->rx_data_expect) {
 190                _debug("oos #%u [%u]", seq, call->rx_data_expect);
 191                call->rx_data_expect = seq + 1;
 192                if (test_and_set_bit(RXRPC_CALL_EXPECT_OOS, &call->flags)) {
 193                        ack = RXRPC_ACK_OUT_OF_SEQUENCE;
 194                        goto enqueue_and_ack;
 195                }
 196                goto enqueue_packet;
 197        }
 198
 199        if (seq != call->rx_data_post) {
 200                _debug("ahead #%u [%u]", seq, call->rx_data_post);
 201                goto enqueue_packet;
 202        }
 203
 204        if (test_bit(RXRPC_CALL_RCVD_LAST, &call->flags))
 205                goto protocol_error;
 206
 207        /* if the packet need security things doing to it, then it goes down
 208         * the slow path */
 209        if (call->conn->security)
 210                goto enqueue_packet;
 211
 212        sp->call = call;
 213        rxrpc_get_call(call);
 214        terminal = ((sp->hdr.flags & RXRPC_LAST_PACKET) &&
 215                    !(sp->hdr.flags & RXRPC_CLIENT_INITIATED));
 216        ret = rxrpc_queue_rcv_skb(call, skb, false, terminal);
 217        if (ret < 0) {
 218                if (ret == -ENOMEM || ret == -ENOBUFS) {
 219                        __clear_bit(ackbit, call->ackr_window);
 220                        ack = RXRPC_ACK_NOSPACE;
 221                        goto discard_and_ack;
 222                }
 223                goto out;
 224        }
 225
 226        skb = NULL;
 227
 228        _debug("post #%u", seq);
 229        ASSERTCMP(call->rx_data_post, ==, seq);
 230        call->rx_data_post++;
 231
 232        if (sp->hdr.flags & RXRPC_LAST_PACKET)
 233                set_bit(RXRPC_CALL_RCVD_LAST, &call->flags);
 234
 235        /* if we've reached an out of sequence packet then we need to drain
 236         * that queue into the socket Rx queue now */
 237        if (call->rx_data_post == call->rx_first_oos) {
 238                _debug("drain rx oos now");
 239                read_lock(&call->state_lock);
 240                if (call->state < RXRPC_CALL_COMPLETE &&
 241                    !test_and_set_bit(RXRPC_CALL_DRAIN_RX_OOS, &call->events))
 242                        rxrpc_queue_call(call);
 243                read_unlock(&call->state_lock);
 244        }
 245
 246        spin_unlock(&call->lock);
 247        atomic_inc(&call->ackr_not_idle);
 248        rxrpc_propose_ACK(call, RXRPC_ACK_DELAY, sp->hdr.serial, false);
 249        _leave(" = 0 [posted]");
 250        return 0;
 251
 252protocol_error:
 253        ret = -EBADMSG;
 254out:
 255        spin_unlock(&call->lock);
 256        _leave(" = %d", ret);
 257        return ret;
 258
 259discard_and_ack:
 260        _debug("discard and ACK packet %p", skb);
 261        __rxrpc_propose_ACK(call, ack, sp->hdr.serial, true);
 262discard:
 263        spin_unlock(&call->lock);
 264        rxrpc_free_skb(skb);
 265        _leave(" = 0 [discarded]");
 266        return 0;
 267
 268enqueue_and_ack:
 269        __rxrpc_propose_ACK(call, ack, sp->hdr.serial, true);
 270enqueue_packet:
 271        _net("defer skb %p", skb);
 272        spin_unlock(&call->lock);
 273        skb_queue_tail(&call->rx_queue, skb);
 274        atomic_inc(&call->ackr_not_idle);
 275        read_lock(&call->state_lock);
 276        if (call->state < RXRPC_CALL_DEAD)
 277                rxrpc_queue_call(call);
 278        read_unlock(&call->state_lock);
 279        _leave(" = 0 [queued]");
 280        return 0;
 281}
 282
 283/*
 284 * assume an implicit ACKALL of the transmission phase of a client socket upon
 285 * reception of the first reply packet
 286 */
 287static void rxrpc_assume_implicit_ackall(struct rxrpc_call *call, u32 serial)
 288{
 289        write_lock_bh(&call->state_lock);
 290
 291        switch (call->state) {
 292        case RXRPC_CALL_CLIENT_AWAIT_REPLY:
 293                call->state = RXRPC_CALL_CLIENT_RECV_REPLY;
 294                call->acks_latest = serial;
 295
 296                _debug("implicit ACKALL %%%u", call->acks_latest);
 297                set_bit(RXRPC_CALL_RCVD_ACKALL, &call->events);
 298                write_unlock_bh(&call->state_lock);
 299
 300                if (try_to_del_timer_sync(&call->resend_timer) >= 0) {
 301                        clear_bit(RXRPC_CALL_RESEND_TIMER, &call->events);
 302                        clear_bit(RXRPC_CALL_RESEND, &call->events);
 303                        clear_bit(RXRPC_CALL_RUN_RTIMER, &call->flags);
 304                }
 305                break;
 306
 307        default:
 308                write_unlock_bh(&call->state_lock);
 309                break;
 310        }
 311}
 312
 313/*
 314 * post an incoming packet to the nominated call to deal with
 315 * - must get rid of the sk_buff, either by freeing it or by queuing it
 316 */
 317void rxrpc_fast_process_packet(struct rxrpc_call *call, struct sk_buff *skb)
 318{
 319        struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
 320        __be32 _abort_code;
 321        u32 serial, hi_serial, seq, abort_code;
 322
 323        _enter("%p,%p", call, skb);
 324
 325        ASSERT(!irqs_disabled());
 326
 327#if 0 // INJECT RX ERROR
 328        if (sp->hdr.type == RXRPC_PACKET_TYPE_DATA) {
 329                static int skip = 0;
 330                if (++skip == 3) {
 331                        printk("DROPPED 3RD PACKET!!!!!!!!!!!!!\n");
 332                        skip = 0;
 333                        goto free_packet;
 334                }
 335        }
 336#endif
 337
 338        /* track the latest serial number on this connection for ACK packet
 339         * information */
 340        serial = ntohl(sp->hdr.serial);
 341        hi_serial = atomic_read(&call->conn->hi_serial);
 342        while (serial > hi_serial)
 343                hi_serial = atomic_cmpxchg(&call->conn->hi_serial, hi_serial,
 344                                           serial);
 345
 346        /* request ACK generation for any ACK or DATA packet that requests
 347         * it */
 348        if (sp->hdr.flags & RXRPC_REQUEST_ACK) {
 349                _proto("ACK Requested on %%%u", serial);
 350                rxrpc_propose_ACK(call, RXRPC_ACK_REQUESTED, sp->hdr.serial,
 351                                  !(sp->hdr.flags & RXRPC_MORE_PACKETS));
 352        }
 353
 354        switch (sp->hdr.type) {
 355        case RXRPC_PACKET_TYPE_ABORT:
 356                _debug("abort");
 357
 358                if (skb_copy_bits(skb, 0, &_abort_code,
 359                                  sizeof(_abort_code)) < 0)
 360                        goto protocol_error;
 361
 362                abort_code = ntohl(_abort_code);
 363                _proto("Rx ABORT %%%u { %x }", serial, abort_code);
 364
 365                write_lock_bh(&call->state_lock);
 366                if (call->state < RXRPC_CALL_COMPLETE) {
 367                        call->state = RXRPC_CALL_REMOTELY_ABORTED;
 368                        call->abort_code = abort_code;
 369                        set_bit(RXRPC_CALL_RCVD_ABORT, &call->events);
 370                        rxrpc_queue_call(call);
 371                }
 372                goto free_packet_unlock;
 373
 374        case RXRPC_PACKET_TYPE_BUSY:
 375                _proto("Rx BUSY %%%u", serial);
 376
 377                if (call->conn->out_clientflag)
 378                        goto protocol_error;
 379
 380                write_lock_bh(&call->state_lock);
 381                switch (call->state) {
 382                case RXRPC_CALL_CLIENT_SEND_REQUEST:
 383                        call->state = RXRPC_CALL_SERVER_BUSY;
 384                        set_bit(RXRPC_CALL_RCVD_BUSY, &call->events);
 385                        rxrpc_queue_call(call);
 386                case RXRPC_CALL_SERVER_BUSY:
 387                        goto free_packet_unlock;
 388                default:
 389                        goto protocol_error_locked;
 390                }
 391
 392        default:
 393                _proto("Rx %s %%%u", rxrpc_pkts[sp->hdr.type], serial);
 394                goto protocol_error;
 395
 396        case RXRPC_PACKET_TYPE_DATA:
 397                seq = ntohl(sp->hdr.seq);
 398
 399                _proto("Rx DATA %%%u { #%u }", serial, seq);
 400
 401                if (seq == 0)
 402                        goto protocol_error;
 403
 404                call->ackr_prev_seq = sp->hdr.seq;
 405
 406                /* received data implicitly ACKs all of the request packets we
 407                 * sent when we're acting as a client */
 408                if (call->state == RXRPC_CALL_CLIENT_AWAIT_REPLY)
 409                        rxrpc_assume_implicit_ackall(call, serial);
 410
 411                switch (rxrpc_fast_process_data(call, skb, seq)) {
 412                case 0:
 413                        skb = NULL;
 414                        goto done;
 415
 416                default:
 417                        BUG();
 418
 419                        /* data packet received beyond the last packet */
 420                case -EBADMSG:
 421                        goto protocol_error;
 422                }
 423
 424        case RXRPC_PACKET_TYPE_ACK:
 425                /* ACK processing is done in process context */
 426                read_lock_bh(&call->state_lock);
 427                if (call->state < RXRPC_CALL_DEAD) {
 428                        skb_queue_tail(&call->rx_queue, skb);
 429                        rxrpc_queue_call(call);
 430                        skb = NULL;
 431                }
 432                read_unlock_bh(&call->state_lock);
 433                goto free_packet;
 434        }
 435
 436protocol_error:
 437        _debug("protocol error");
 438        write_lock_bh(&call->state_lock);
 439protocol_error_locked:
 440        if (call->state <= RXRPC_CALL_COMPLETE) {
 441                call->state = RXRPC_CALL_LOCALLY_ABORTED;
 442                call->abort_code = RX_PROTOCOL_ERROR;
 443                set_bit(RXRPC_CALL_ABORT, &call->events);
 444                rxrpc_queue_call(call);
 445        }
 446free_packet_unlock:
 447        write_unlock_bh(&call->state_lock);
 448free_packet:
 449        rxrpc_free_skb(skb);
 450done:
 451        _leave("");
 452}
 453
 454/*
 455 * split up a jumbo data packet
 456 */
 457static void rxrpc_process_jumbo_packet(struct rxrpc_call *call,
 458                                       struct sk_buff *jumbo)
 459{
 460        struct rxrpc_jumbo_header jhdr;
 461        struct rxrpc_skb_priv *sp;
 462        struct sk_buff *part;
 463
 464        _enter(",{%u,%u}", jumbo->data_len, jumbo->len);
 465
 466        sp = rxrpc_skb(jumbo);
 467
 468        do {
 469                sp->hdr.flags &= ~RXRPC_JUMBO_PACKET;
 470
 471                /* make a clone to represent the first subpacket in what's left
 472                 * of the jumbo packet */
 473                part = skb_clone(jumbo, GFP_ATOMIC);
 474                if (!part) {
 475                        /* simply ditch the tail in the event of ENOMEM */
 476                        pskb_trim(jumbo, RXRPC_JUMBO_DATALEN);
 477                        break;
 478                }
 479                rxrpc_new_skb(part);
 480
 481                pskb_trim(part, RXRPC_JUMBO_DATALEN);
 482
 483                if (!pskb_pull(jumbo, RXRPC_JUMBO_DATALEN))
 484                        goto protocol_error;
 485
 486                if (skb_copy_bits(jumbo, 0, &jhdr, sizeof(jhdr)) < 0)
 487                        goto protocol_error;
 488                if (!pskb_pull(jumbo, sizeof(jhdr)))
 489                        BUG();
 490
 491                sp->hdr.seq     = htonl(ntohl(sp->hdr.seq) + 1);
 492                sp->hdr.serial  = htonl(ntohl(sp->hdr.serial) + 1);
 493                sp->hdr.flags   = jhdr.flags;
 494                sp->hdr._rsvd   = jhdr._rsvd;
 495
 496                _proto("Rx DATA Jumbo %%%u", ntohl(sp->hdr.serial) - 1);
 497
 498                rxrpc_fast_process_packet(call, part);
 499                part = NULL;
 500
 501        } while (sp->hdr.flags & RXRPC_JUMBO_PACKET);
 502
 503        rxrpc_fast_process_packet(call, jumbo);
 504        _leave("");
 505        return;
 506
 507protocol_error:
 508        _debug("protocol error");
 509        rxrpc_free_skb(part);
 510        rxrpc_free_skb(jumbo);
 511        write_lock_bh(&call->state_lock);
 512        if (call->state <= RXRPC_CALL_COMPLETE) {
 513                call->state = RXRPC_CALL_LOCALLY_ABORTED;
 514                call->abort_code = RX_PROTOCOL_ERROR;
 515                set_bit(RXRPC_CALL_ABORT, &call->events);
 516                rxrpc_queue_call(call);
 517        }
 518        write_unlock_bh(&call->state_lock);
 519        _leave("");
 520}
 521
 522/*
 523 * post an incoming packet to the appropriate call/socket to deal with
 524 * - must get rid of the sk_buff, either by freeing it or by queuing it
 525 */
 526static void rxrpc_post_packet_to_call(struct rxrpc_connection *conn,
 527                                      struct sk_buff *skb)
 528{
 529        struct rxrpc_skb_priv *sp;
 530        struct rxrpc_call *call;
 531        struct rb_node *p;
 532        __be32 call_id;
 533
 534        _enter("%p,%p", conn, skb);
 535
 536        read_lock_bh(&conn->lock);
 537
 538        sp = rxrpc_skb(skb);
 539
 540        /* look at extant calls by channel number first */
 541        call = conn->channels[ntohl(sp->hdr.cid) & RXRPC_CHANNELMASK];
 542        if (!call || call->call_id != sp->hdr.callNumber)
 543                goto call_not_extant;
 544
 545        _debug("extant call [%d]", call->state);
 546        ASSERTCMP(call->conn, ==, conn);
 547
 548        read_lock(&call->state_lock);
 549        switch (call->state) {
 550        case RXRPC_CALL_LOCALLY_ABORTED:
 551                if (!test_and_set_bit(RXRPC_CALL_ABORT, &call->events))
 552                        rxrpc_queue_call(call);
 553        case RXRPC_CALL_REMOTELY_ABORTED:
 554        case RXRPC_CALL_NETWORK_ERROR:
 555        case RXRPC_CALL_DEAD:
 556                goto free_unlock;
 557        default:
 558                break;
 559        }
 560
 561        read_unlock(&call->state_lock);
 562        rxrpc_get_call(call);
 563        read_unlock_bh(&conn->lock);
 564
 565        if (sp->hdr.type == RXRPC_PACKET_TYPE_DATA &&
 566            sp->hdr.flags & RXRPC_JUMBO_PACKET)
 567                rxrpc_process_jumbo_packet(call, skb);
 568        else
 569                rxrpc_fast_process_packet(call, skb);
 570
 571        rxrpc_put_call(call);
 572        goto done;
 573
 574call_not_extant:
 575        /* search the completed calls in case what we're dealing with is
 576         * there */
 577        _debug("call not extant");
 578
 579        call_id = sp->hdr.callNumber;
 580        p = conn->calls.rb_node;
 581        while (p) {
 582                call = rb_entry(p, struct rxrpc_call, conn_node);
 583
 584                if (call_id < call->call_id)
 585                        p = p->rb_left;
 586                else if (call_id > call->call_id)
 587                        p = p->rb_right;
 588                else
 589                        goto found_completed_call;
 590        }
 591
 592dead_call:
 593        /* it's a either a really old call that we no longer remember or its a
 594         * new incoming call */
 595        read_unlock_bh(&conn->lock);
 596
 597        if (sp->hdr.flags & RXRPC_CLIENT_INITIATED &&
 598            sp->hdr.seq == cpu_to_be32(1)) {
 599                _debug("incoming call");
 600                skb_queue_tail(&conn->trans->local->accept_queue, skb);
 601                rxrpc_queue_work(&conn->trans->local->acceptor);
 602                goto done;
 603        }
 604
 605        _debug("dead call");
 606        skb->priority = RX_CALL_DEAD;
 607        rxrpc_reject_packet(conn->trans->local, skb);
 608        goto done;
 609
 610        /* resend last packet of a completed call
 611         * - client calls may have been aborted or ACK'd
 612         * - server calls may have been aborted
 613         */
 614found_completed_call:
 615        _debug("completed call");
 616
 617        if (atomic_read(&call->usage) == 0)
 618                goto dead_call;
 619
 620        /* synchronise any state changes */
 621        read_lock(&call->state_lock);
 622        ASSERTIFCMP(call->state != RXRPC_CALL_CLIENT_FINAL_ACK,
 623                    call->state, >=, RXRPC_CALL_COMPLETE);
 624
 625        if (call->state == RXRPC_CALL_LOCALLY_ABORTED ||
 626            call->state == RXRPC_CALL_REMOTELY_ABORTED ||
 627            call->state == RXRPC_CALL_DEAD) {
 628                read_unlock(&call->state_lock);
 629                goto dead_call;
 630        }
 631
 632        if (call->conn->in_clientflag) {
 633                read_unlock(&call->state_lock);
 634                goto dead_call; /* complete server call */
 635        }
 636
 637        _debug("final ack again");
 638        rxrpc_get_call(call);
 639        set_bit(RXRPC_CALL_ACK_FINAL, &call->events);
 640        rxrpc_queue_call(call);
 641
 642free_unlock:
 643        read_unlock(&call->state_lock);
 644        read_unlock_bh(&conn->lock);
 645        rxrpc_free_skb(skb);
 646done:
 647        _leave("");
 648}
 649
 650/*
 651 * post connection-level events to the connection
 652 * - this includes challenges, responses and some aborts
 653 */
 654static void rxrpc_post_packet_to_conn(struct rxrpc_connection *conn,
 655                                      struct sk_buff *skb)
 656{
 657        _enter("%p,%p", conn, skb);
 658
 659        atomic_inc(&conn->usage);
 660        skb_queue_tail(&conn->rx_queue, skb);
 661        rxrpc_queue_conn(conn);
 662}
 663
 664/*
 665 * handle data received on the local endpoint
 666 * - may be called in interrupt context
 667 */
 668void rxrpc_data_ready(struct sock *sk, int count)
 669{
 670        struct rxrpc_connection *conn;
 671        struct rxrpc_transport *trans;
 672        struct rxrpc_skb_priv *sp;
 673        struct rxrpc_local *local;
 674        struct rxrpc_peer *peer;
 675        struct sk_buff *skb;
 676        int ret;
 677
 678        _enter("%p, %d", sk, count);
 679
 680        ASSERT(!irqs_disabled());
 681
 682        read_lock_bh(&rxrpc_local_lock);
 683        local = sk->sk_user_data;
 684        if (local && atomic_read(&local->usage) > 0)
 685                rxrpc_get_local(local);
 686        else
 687                local = NULL;
 688        read_unlock_bh(&rxrpc_local_lock);
 689        if (!local) {
 690                _leave(" [local dead]");
 691                return;
 692        }
 693
 694        skb = skb_recv_datagram(sk, 0, 1, &ret);
 695        if (!skb) {
 696                rxrpc_put_local(local);
 697                if (ret == -EAGAIN)
 698                        return;
 699                _debug("UDP socket error %d", ret);
 700                return;
 701        }
 702
 703        rxrpc_new_skb(skb);
 704
 705        _net("recv skb %p", skb);
 706
 707        /* we'll probably need to checksum it (didn't call sock_recvmsg) */
 708        if (skb_checksum_complete(skb)) {
 709                rxrpc_free_skb(skb);
 710                rxrpc_put_local(local);
 711                UDP_INC_STATS_BH(UDP_MIB_INERRORS, 0);
 712                _leave(" [CSUM failed]");
 713                return;
 714        }
 715
 716        UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, 0);
 717
 718        /* the socket buffer we have is owned by UDP, with UDP's data all over
 719         * it, but we really want our own */
 720        skb_orphan(skb);
 721        sp = rxrpc_skb(skb);
 722        memset(sp, 0, sizeof(*sp));
 723
 724        _net("Rx UDP packet from %08x:%04hu",
 725             ntohl(ip_hdr(skb)->saddr), ntohs(udp_hdr(skb)->source));
 726
 727        /* dig out the RxRPC connection details */
 728        if (skb_copy_bits(skb, sizeof(struct udphdr), &sp->hdr,
 729                          sizeof(sp->hdr)) < 0)
 730                goto bad_message;
 731        if (!pskb_pull(skb, sizeof(struct udphdr) + sizeof(sp->hdr)))
 732                BUG();
 733
 734        _net("Rx RxRPC %s ep=%x call=%x:%x",
 735             sp->hdr.flags & RXRPC_CLIENT_INITIATED ? "ToServer" : "ToClient",
 736             ntohl(sp->hdr.epoch),
 737             ntohl(sp->hdr.cid),
 738             ntohl(sp->hdr.callNumber));
 739
 740        if (sp->hdr.type == 0 || sp->hdr.type >= RXRPC_N_PACKET_TYPES) {
 741                _proto("Rx Bad Packet Type %u", sp->hdr.type);
 742                goto bad_message;
 743        }
 744
 745        if (sp->hdr.type == RXRPC_PACKET_TYPE_DATA &&
 746            (sp->hdr.callNumber == 0 || sp->hdr.seq == 0))
 747                goto bad_message;
 748
 749        peer = rxrpc_find_peer(local, ip_hdr(skb)->saddr, udp_hdr(skb)->source);
 750        if (IS_ERR(peer))
 751                goto cant_route_call;
 752
 753        trans = rxrpc_find_transport(local, peer);
 754        rxrpc_put_peer(peer);
 755        if (!trans)
 756                goto cant_route_call;
 757
 758        conn = rxrpc_find_connection(trans, &sp->hdr);
 759        rxrpc_put_transport(trans);
 760        if (!conn)
 761                goto cant_route_call;
 762
 763        _debug("CONN %p {%d}", conn, conn->debug_id);
 764
 765        if (sp->hdr.callNumber == 0)
 766                rxrpc_post_packet_to_conn(conn, skb);
 767        else
 768                rxrpc_post_packet_to_call(conn, skb);
 769        rxrpc_put_connection(conn);
 770        rxrpc_put_local(local);
 771        return;
 772
 773cant_route_call:
 774        _debug("can't route call");
 775        if (sp->hdr.flags & RXRPC_CLIENT_INITIATED &&
 776            sp->hdr.type == RXRPC_PACKET_TYPE_DATA) {
 777                if (sp->hdr.seq == cpu_to_be32(1)) {
 778                        _debug("first packet");
 779                        skb_queue_tail(&local->accept_queue, skb);
 780                        rxrpc_queue_work(&local->acceptor);
 781                        rxrpc_put_local(local);
 782                        _leave(" [incoming]");
 783                        return;
 784                }
 785                skb->priority = RX_INVALID_OPERATION;
 786        } else {
 787                skb->priority = RX_CALL_DEAD;
 788        }
 789
 790        _debug("reject");
 791        rxrpc_reject_packet(local, skb);
 792        rxrpc_put_local(local);
 793        _leave(" [no call]");
 794        return;
 795
 796bad_message:
 797        skb->priority = RX_PROTOCOL_ERROR;
 798        rxrpc_reject_packet(local, skb);
 799        rxrpc_put_local(local);
 800        _leave(" [badmsg]");
 801}
 802