tcp: Fix a connect() race with timewait sockets
[linux-2.6.git] / net / ipv6 / inet6_hashtables.c
1 /*
2  * INET         An implementation of the TCP/IP protocol suite for the LINUX
3  *              operating system.  INET is implemented using the BSD Socket
4  *              interface as the means of communication with the user level.
5  *
6  *              Generic INET6 transport hashtables
7  *
8  * Authors:     Lotsa people, from code originally in tcp, generalised here
9  *              by Arnaldo Carvalho de Melo <acme@mandriva.com>
10  *
11  *      This program is free software; you can redistribute it and/or
12  *      modify it under the terms of the GNU General Public License
13  *      as published by the Free Software Foundation; either version
14  *      2 of the License, or (at your option) any later version.
15  */
16
17 #include <linux/module.h>
18 #include <linux/random.h>
19
20 #include <net/inet_connection_sock.h>
21 #include <net/inet_hashtables.h>
22 #include <net/inet6_hashtables.h>
23 #include <net/ip.h>
24
25 int __inet6_hash(struct sock *sk, struct inet_timewait_sock *tw)
26 {
27         struct inet_hashinfo *hashinfo = sk->sk_prot->h.hashinfo;
28         int twrefcnt = 0;
29
30         WARN_ON(!sk_unhashed(sk));
31
32         if (sk->sk_state == TCP_LISTEN) {
33                 struct inet_listen_hashbucket *ilb;
34
35                 ilb = &hashinfo->listening_hash[inet_sk_listen_hashfn(sk)];
36                 spin_lock(&ilb->lock);
37                 __sk_nulls_add_node_rcu(sk, &ilb->head);
38                 spin_unlock(&ilb->lock);
39         } else {
40                 unsigned int hash;
41                 struct hlist_nulls_head *list;
42                 spinlock_t *lock;
43
44                 sk->sk_hash = hash = inet6_sk_ehashfn(sk);
45                 list = &inet_ehash_bucket(hashinfo, hash)->chain;
46                 lock = inet_ehash_lockp(hashinfo, hash);
47                 spin_lock(lock);
48                 __sk_nulls_add_node_rcu(sk, list);
49                 if (tw) {
50                         WARN_ON(sk->sk_hash != tw->tw_hash);
51                         twrefcnt = inet_twsk_unhash(tw);
52                 }
53                 spin_unlock(lock);
54         }
55
56         sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
57         return twrefcnt;
58 }
59 EXPORT_SYMBOL(__inet6_hash);
60
61 /*
62  * Sockets in TCP_CLOSE state are _always_ taken out of the hash, so
63  * we need not check it for TCP lookups anymore, thanks Alexey. -DaveM
64  *
65  * The sockhash lock must be held as a reader here.
66  */
67 struct sock *__inet6_lookup_established(struct net *net,
68                                         struct inet_hashinfo *hashinfo,
69                                            const struct in6_addr *saddr,
70                                            const __be16 sport,
71                                            const struct in6_addr *daddr,
72                                            const u16 hnum,
73                                            const int dif)
74 {
75         struct sock *sk;
76         const struct hlist_nulls_node *node;
77         const __portpair ports = INET_COMBINED_PORTS(sport, hnum);
78         /* Optimize here for direct hit, only listening connections can
79          * have wildcards anyways.
80          */
81         unsigned int hash = inet6_ehashfn(net, daddr, hnum, saddr, sport);
82         unsigned int slot = hash & hashinfo->ehash_mask;
83         struct inet_ehash_bucket *head = &hashinfo->ehash[slot];
84
85
86         rcu_read_lock();
87 begin:
88         sk_nulls_for_each_rcu(sk, node, &head->chain) {
89                 /* For IPV6 do the cheaper port and family tests first. */
90                 if (INET6_MATCH(sk, net, hash, saddr, daddr, ports, dif)) {
91                         if (unlikely(!atomic_inc_not_zero(&sk->sk_refcnt)))
92                                 goto begintw;
93                         if (!INET6_MATCH(sk, net, hash, saddr, daddr, ports, dif)) {
94                                 sock_put(sk);
95                                 goto begin;
96                         }
97                 goto out;
98                 }
99         }
100         if (get_nulls_value(node) != slot)
101                 goto begin;
102
103 begintw:
104         /* Must check for a TIME_WAIT'er before going to listener hash. */
105         sk_nulls_for_each_rcu(sk, node, &head->twchain) {
106                 if (INET6_TW_MATCH(sk, net, hash, saddr, daddr, ports, dif)) {
107                         if (unlikely(!atomic_inc_not_zero(&sk->sk_refcnt))) {
108                                 sk = NULL;
109                                 goto out;
110                         }
111                         if (!INET6_TW_MATCH(sk, net, hash, saddr, daddr, ports, dif)) {
112                                 sock_put(sk);
113                                 goto begintw;
114                         }
115                         goto out;
116                 }
117         }
118         if (get_nulls_value(node) != slot)
119                 goto begintw;
120         sk = NULL;
121 out:
122         rcu_read_unlock();
123         return sk;
124 }
125 EXPORT_SYMBOL(__inet6_lookup_established);
126
127 static int inline compute_score(struct sock *sk, struct net *net,
128                                 const unsigned short hnum,
129                                 const struct in6_addr *daddr,
130                                 const int dif)
131 {
132         int score = -1;
133
134         if (net_eq(sock_net(sk), net) && inet_sk(sk)->inet_num == hnum &&
135             sk->sk_family == PF_INET6) {
136                 const struct ipv6_pinfo *np = inet6_sk(sk);
137
138                 score = 1;
139                 if (!ipv6_addr_any(&np->rcv_saddr)) {
140                         if (!ipv6_addr_equal(&np->rcv_saddr, daddr))
141                                 return -1;
142                         score++;
143                 }
144                 if (sk->sk_bound_dev_if) {
145                         if (sk->sk_bound_dev_if != dif)
146                                 return -1;
147                         score++;
148                 }
149         }
150         return score;
151 }
152
153 struct sock *inet6_lookup_listener(struct net *net,
154                 struct inet_hashinfo *hashinfo, const struct in6_addr *daddr,
155                 const unsigned short hnum, const int dif)
156 {
157         struct sock *sk;
158         const struct hlist_nulls_node *node;
159         struct sock *result;
160         int score, hiscore;
161         unsigned int hash = inet_lhashfn(net, hnum);
162         struct inet_listen_hashbucket *ilb = &hashinfo->listening_hash[hash];
163
164         rcu_read_lock();
165 begin:
166         result = NULL;
167         hiscore = -1;
168         sk_nulls_for_each(sk, node, &ilb->head) {
169                 score = compute_score(sk, net, hnum, daddr, dif);
170                 if (score > hiscore) {
171                         hiscore = score;
172                         result = sk;
173                 }
174         }
175         /*
176          * if the nulls value we got at the end of this lookup is
177          * not the expected one, we must restart lookup.
178          * We probably met an item that was moved to another chain.
179          */
180         if (get_nulls_value(node) != hash + LISTENING_NULLS_BASE)
181                 goto begin;
182         if (result) {
183                 if (unlikely(!atomic_inc_not_zero(&result->sk_refcnt)))
184                         result = NULL;
185                 else if (unlikely(compute_score(result, net, hnum, daddr,
186                                   dif) < hiscore)) {
187                         sock_put(result);
188                         goto begin;
189                 }
190         }
191         rcu_read_unlock();
192         return result;
193 }
194
195 EXPORT_SYMBOL_GPL(inet6_lookup_listener);
196
197 struct sock *inet6_lookup(struct net *net, struct inet_hashinfo *hashinfo,
198                           const struct in6_addr *saddr, const __be16 sport,
199                           const struct in6_addr *daddr, const __be16 dport,
200                           const int dif)
201 {
202         struct sock *sk;
203
204         local_bh_disable();
205         sk = __inet6_lookup(net, hashinfo, saddr, sport, daddr, ntohs(dport), dif);
206         local_bh_enable();
207
208         return sk;
209 }
210
211 EXPORT_SYMBOL_GPL(inet6_lookup);
212
213 static int __inet6_check_established(struct inet_timewait_death_row *death_row,
214                                      struct sock *sk, const __u16 lport,
215                                      struct inet_timewait_sock **twp)
216 {
217         struct inet_hashinfo *hinfo = death_row->hashinfo;
218         struct inet_sock *inet = inet_sk(sk);
219         const struct ipv6_pinfo *np = inet6_sk(sk);
220         const struct in6_addr *daddr = &np->rcv_saddr;
221         const struct in6_addr *saddr = &np->daddr;
222         const int dif = sk->sk_bound_dev_if;
223         const __portpair ports = INET_COMBINED_PORTS(inet->inet_dport, lport);
224         struct net *net = sock_net(sk);
225         const unsigned int hash = inet6_ehashfn(net, daddr, lport, saddr,
226                                                 inet->inet_dport);
227         struct inet_ehash_bucket *head = inet_ehash_bucket(hinfo, hash);
228         spinlock_t *lock = inet_ehash_lockp(hinfo, hash);
229         struct sock *sk2;
230         const struct hlist_nulls_node *node;
231         struct inet_timewait_sock *tw;
232         int twrefcnt = 0;
233
234         spin_lock(lock);
235
236         /* Check TIME-WAIT sockets first. */
237         sk_nulls_for_each(sk2, node, &head->twchain) {
238                 tw = inet_twsk(sk2);
239
240                 if (INET6_TW_MATCH(sk2, net, hash, saddr, daddr, ports, dif)) {
241                         if (twsk_unique(sk, sk2, twp))
242                                 goto unique;
243                         else
244                                 goto not_unique;
245                 }
246         }
247         tw = NULL;
248
249         /* And established part... */
250         sk_nulls_for_each(sk2, node, &head->chain) {
251                 if (INET6_MATCH(sk2, net, hash, saddr, daddr, ports, dif))
252                         goto not_unique;
253         }
254
255 unique:
256         /* Must record num and sport now. Otherwise we will see
257          * in hash table socket with a funny identity. */
258         inet->inet_num = lport;
259         inet->inet_sport = htons(lport);
260         sk->sk_hash = hash;
261         WARN_ON(!sk_unhashed(sk));
262         __sk_nulls_add_node_rcu(sk, &head->chain);
263         if (tw) {
264                 twrefcnt = inet_twsk_unhash(tw);
265                 NET_INC_STATS_BH(net, LINUX_MIB_TIMEWAITRECYCLED);
266         }
267         spin_unlock(lock);
268         if (twrefcnt)
269                 inet_twsk_put(tw);
270         sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
271
272         if (twp) {
273                 *twp = tw;
274         } else if (tw) {
275                 /* Silly. Should hash-dance instead... */
276                 inet_twsk_deschedule(tw, death_row);
277
278                 inet_twsk_put(tw);
279         }
280         return 0;
281
282 not_unique:
283         spin_unlock(lock);
284         return -EADDRNOTAVAIL;
285 }
286
287 static inline u32 inet6_sk_port_offset(const struct sock *sk)
288 {
289         const struct inet_sock *inet = inet_sk(sk);
290         const struct ipv6_pinfo *np = inet6_sk(sk);
291         return secure_ipv6_port_ephemeral(np->rcv_saddr.s6_addr32,
292                                           np->daddr.s6_addr32,
293                                           inet->inet_dport);
294 }
295
296 int inet6_hash_connect(struct inet_timewait_death_row *death_row,
297                        struct sock *sk)
298 {
299         return __inet_hash_connect(death_row, sk, inet6_sk_port_offset(sk),
300                         __inet6_check_established, __inet6_hash);
301 }
302
303 EXPORT_SYMBOL_GPL(inet6_hash_connect);