From: Ajaykumar Hotchandani <ajaykumar.hotchandani@oracle.com>
Date: Thu, 14 Apr 2016 21:20:08 +0000 (-0700)
Subject: RDS: add handshaking for ACL violation detection at passive
X-Git-Tag: v4.1.12-92~108^2~7
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=285e641dcf59cc5c2c599203b73c837d084ed1ae;p=users%2Fjedix%2Flinux-maple.git

RDS: add handshaking for ACL violation detection at passive

Offending connections with ACL violations should be cleaned up as
early as possible. When active detects ACL violation and sends reject;
it fills up private_data field. Passive checks for private_data
whenever it receives reject; and in case of ACL violation it destroys
connection.

Orabug: 23222944

Signed-off-by: Ajaykumar Hotchandani <ajaykumar.hotchandani@oracle.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
---

diff --git a/net/rds/ib_cm.c b/net/rds/ib_cm.c
index 0b91e62b77d5..4b3c9deb7266 100644
--- a/net/rds/ib_cm.c
+++ b/net/rds/ib_cm.c
@@ -890,8 +890,10 @@ int rds_ib_cm_handle_connect(struct rdma_cm_id *cm_id,
 
 	acl_ret = rds_ib_match_acl(cm_id, dp->dp_saddr);
 	if (acl_ret < 0) {
-		rdma_reject(cm_id, &acl_ret, sizeof(int));
-		rdsdebug("RDS: IB: rds_ib_match_acl failed\n");
+		int reject_reason = RDS_ACL_FAILURE;
+
+		rdma_reject(cm_id, &reject_reason, sizeof(int));
+		rdsdebug("RDS: IB: passive: rds_ib_match_acl failed\n");
 		goto out;
 	}
 
diff --git a/net/rds/rdma_transport.c b/net/rds/rdma_transport.c
index 646e1be25195..453e6dd99005 100644
--- a/net/rds/rdma_transport.c
+++ b/net/rds/rdma_transport.c
@@ -290,6 +290,14 @@ int rds_rdma_cm_event_handler(struct rdma_cm_id *cm_id,
 							&conn->c_reject_w,
 							msecs_to_jiffies(10));
 				}
+			} else if (event->status == RDS_REJ_CONSUMER_DEFINED &&
+				   (*err) == RDS_ACL_FAILURE) {
+				/* Rejection due to ACL violation */
+				pr_err("RDS: IB: conn=%p, <%u.%u.%u.%u,%u.%u.%u.%u,%d> destroyed due to ACL violation\n",
+						conn, NIPQUAD(conn->c_laddr),
+						NIPQUAD(conn->c_faddr),
+						conn->c_tos);
+				rds_ib_conn_destroy_init(conn);
 			} else {
 				rds_rtd(RDS_RTD_ERR,
 					"Rejected: *err %d status %d calling rds_conn_drop <%u.%u.%u.%u,%u.%u.%u.%u,%d>\n",
diff --git a/net/rds/rds.h b/net/rds/rds.h
index 3561ce863416..6737208fddf5 100644
--- a/net/rds/rds.h
+++ b/net/rds/rds.h
@@ -25,6 +25,13 @@
 #define RDS_PROTOCOL_MINOR(v)	((v) & 255)
 #define RDS_PROTOCOL(maj, min)	(((maj) << 8) | min)
 
+/* Reject reason codes.
+ * 0401 below indicates 4.1 version.
+ * 0020 indicates type of reject.
+ * Reserving earlier ones for version mismatch or other reasons.
+ */
+#define RDS_ACL_FAILURE		0x04010020
+
 /*
  * XXX randomly chosen, but at least seems to be unused:
  * #               18464-18768 Unassigned