[linux-2.6-block.git] / net / rxrpc / local_object.c

// SPDX-License-Identifier: GPL-2.0-or-later
/* Local endpoint object management
 *
 * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 */

#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

#include <linux/module.h>
#include <linux/net.h>
#include <linux/skbuff.h>
#include <linux/slab.h>
#include <linux/udp.h>
#include <linux/ip.h>
#include <linux/hashtable.h>
#include <net/sock.h>
#include <net/udp.h>
#include <net/af_rxrpc.h>
#include "ar-internal.h"

static void rxrpc_local_processor(struct work_struct *);
static void rxrpc_local_rcu(struct rcu_head *);

/*
 * Compare a local to an address.  Return -ve, 0 or +ve to indicate less than,
 * same or greater than.
 *
 * We explicitly don't compare the RxRPC service ID as we want to reject
 * conflicting uses by differing services.  Further, we don't want to share
 * addresses with different options (IPv6), so we don't compare those bits
 * either.
 */
static long rxrpc_local_cmp_key(const struct rxrpc_local *local,
				const struct sockaddr_rxrpc *srx)
{
	long diff;

	diff = ((local->srx.transport_type - srx->transport_type) ?:
		(local->srx.transport_len - srx->transport_len) ?:
		(local->srx.transport.family - srx->transport.family));
	if (diff != 0)
		return diff;

	switch (srx->transport.family) {
	case AF_INET:
		/* If the choice of UDP port is left up to the transport, then
		 * the endpoint record doesn't match.
		 */
		return ((u16 __force)local->srx.transport.sin.sin_port -
			(u16 __force)srx->transport.sin.sin_port) ?:
			memcmp(&local->srx.transport.sin.sin_addr,
			       &srx->transport.sin.sin_addr,
			       sizeof(struct in_addr));
#ifdef CONFIG_AF_RXRPC_IPV6
	case AF_INET6:
		/* If the choice of UDP6 port is left up to the transport, then
		 * the endpoint record doesn't match.
		 */
		return ((u16 __force)local->srx.transport.sin6.sin6_port -
			(u16 __force)srx->transport.sin6.sin6_port) ?:
			memcmp(&local->srx.transport.sin6.sin6_addr,
			       &srx->transport.sin6.sin6_addr,
			       sizeof(struct in6_addr));
#endif
	default:
		BUG();
	}
}

/*
 * Allocate a new local endpoint.
 */
static struct rxrpc_local *rxrpc_alloc_local(struct rxrpc_net *rxnet,
					     const struct sockaddr_rxrpc *srx)
{
	struct rxrpc_local *local;

	local = kzalloc(sizeof(struct rxrpc_local), GFP_KERNEL);
	if (local) {
		atomic_set(&local->usage, 1);
		local->rxnet = rxnet;
		INIT_LIST_HEAD(&local->link);
		INIT_WORK(&local->processor, rxrpc_local_processor);
		init_rwsem(&local->defrag_sem);
		skb_queue_head_init(&local->reject_queue);
		skb_queue_head_init(&local->event_queue);
		local->client_conns = RB_ROOT;
		spin_lock_init(&local->client_conns_lock);
		spin_lock_init(&local->lock);
		rwlock_init(&local->services_lock);
		local->debug_id = atomic_inc_return(&rxrpc_debug_id);
		memcpy(&local->srx, srx, sizeof(*srx));
		local->srx.srx_service = 0;
		trace_rxrpc_local(local, rxrpc_local_new, 1, NULL);
	}

	_leave(" = %p", local);
	return local;
}

/*
 * create the local socket
 * - must be called with rxrpc_local_mutex locked
 */
static int rxrpc_open_socket(struct rxrpc_local *local, struct net *net)
{
	struct sock *usk;
	int ret, opt;

	_enter("%p{%d,%d}",
	       local, local->srx.transport_type, local->srx.transport.family);

	/* create a socket to represent the local endpoint */
	ret = sock_create_kern(net, local->srx.transport.family,
			       local->srx.transport_type, 0, &local->socket);
	if (ret < 0) {
		_leave(" = %d [socket]", ret);
		return ret;
	}

	/* set the socket up */
	usk = local->socket->sk;
	inet_sk(usk)->mc_loop = 0;

	/* Enable CHECKSUM_UNNECESSARY to CHECKSUM_COMPLETE conversion */
	inet_inc_convert_csum(usk);

	rcu_assign_sk_user_data(usk, local);

	udp_sk(usk)->encap_type = UDP_ENCAP_RXRPC;
	udp_sk(usk)->encap_rcv = rxrpc_input_packet;
	udp_sk(usk)->encap_destroy = NULL;
	udp_sk(usk)->gro_receive = NULL;
	udp_sk(usk)->gro_complete = NULL;

	udp_encap_enable();
#if IS_ENABLED(CONFIG_AF_RXRPC_IPV6)
	if (local->srx.transport.family == AF_INET6)
		udpv6_encap_enable();
#endif
	usk->sk_error_report = rxrpc_error_report;

	/* if a local address was supplied then bind it */
	if (local->srx.transport_len > sizeof(sa_family_t)) {
		_debug("bind");
		ret = kernel_bind(local->socket,
				  (struct sockaddr *)&local->srx.transport,
				  local->srx.transport_len);
		if (ret < 0) {
			_debug("bind failed %d", ret);
			goto error;
		}
	}

	switch (local->srx.transport.family) {
	case AF_INET6:
		/* we want to receive ICMPv6 errors */
		opt = 1;
		ret = kernel_setsockopt(local->socket, SOL_IPV6, IPV6_RECVERR,
					(char *) &opt, sizeof(opt));
		if (ret < 0) {
			_debug("setsockopt failed");
			goto error;
		}

		/* we want to set the don't fragment bit */
		opt = IPV6_PMTUDISC_DO;
		ret = kernel_setsockopt(local->socket, SOL_IPV6, IPV6_MTU_DISCOVER,
					(char *) &opt, sizeof(opt));
		if (ret < 0) {
			_debug("setsockopt failed");
			goto error;
		}

		/* Fall through and set IPv4 options too otherwise we don't get
		 * errors from IPv4 packets sent through the IPv6 socket.
		 */
		/* Fall through */
	case AF_INET:
		/* we want to receive ICMP errors */
		opt = 1;
		ret = kernel_setsockopt(local->socket, SOL_IP, IP_RECVERR,
					(char *) &opt, sizeof(opt));
		if (ret < 0) {
			_debug("setsockopt failed");
			goto error;
		}

		/* we want to set the don't fragment bit */
		opt = IP_PMTUDISC_DO;
		ret = kernel_setsockopt(local->socket, SOL_IP, IP_MTU_DISCOVER,
					(char *) &opt, sizeof(opt));
		if (ret < 0) {
			_debug("setsockopt failed");
			goto error;
		}

		/* We want receive timestamps. */
		opt = 1;
		ret = kernel_setsockopt(local->socket, SOL_SOCKET, SO_TIMESTAMPNS_OLD,
					(char *)&opt, sizeof(opt));
		if (ret < 0) {
			_debug("setsockopt failed");
			goto error;
		}
		break;

	default:
		BUG();
	}

	_leave(" = 0");
	return 0;

error:
	kernel_sock_shutdown(local->socket, SHUT_RDWR);
	local->socket->sk->sk_user_data = NULL;
	sock_release(local->socket);
	local->socket = NULL;

	_leave(" = %d", ret);
	return ret;
}

/*
 * Look up or create a new local endpoint using the specified local address.
 */
struct rxrpc_local *rxrpc_lookup_local(struct net *net,
				       const struct sockaddr_rxrpc *srx)
{
	struct rxrpc_local *local;
	struct rxrpc_net *rxnet = rxrpc_net(net);
	struct list_head *cursor;
	const char *age;
	long diff;
	int ret;

	_enter("{%d,%d,%pISp}",
	       srx->transport_type, srx->transport.family, &srx->transport);

	mutex_lock(&rxnet->local_mutex);

	for (cursor = rxnet->local_endpoints.next;
	     cursor != &rxnet->local_endpoints;
	     cursor = cursor->next) {
		local = list_entry(cursor, struct rxrpc_local, link);

		diff = rxrpc_local_cmp_key(local, srx);
		if (diff < 0)
			continue;
		if (diff > 0)
			break;

		/* Services aren't allowed to share transport sockets, so
		 * reject that here.  It is possible that the object is dying -
		 * but it may also still have the local transport address that
		 * we want bound.
		 */
		if (srx->srx_service) {
			local = NULL;
			goto addr_in_use;
		}

		/* Found a match.  We replace a dying object.  Attempting to
		 * bind the transport socket may still fail if we're attempting
		 * to use a local address that the dying object is still using.
		 */
		if (!rxrpc_get_local_maybe(local)) {
			cursor = cursor->next;
			list_del_init(&local->link);
			break;
		}

		age = "old";
		goto found;
	}

	local = rxrpc_alloc_local(rxnet, srx);
	if (!local)
		goto nomem;

	ret = rxrpc_open_socket(local, net);
	if (ret < 0)
		goto sock_error;

	list_add_tail(&local->link, cursor);
	age = "new";

found:
	mutex_unlock(&rxnet->local_mutex);

	_net("LOCAL %s %d {%pISp}",
	     age, local->debug_id, &local->srx.transport);

	_leave(" = %p", local);
	return local;

nomem:
	ret = -ENOMEM;
sock_error:
	mutex_unlock(&rxnet->local_mutex);
	if (local)
		call_rcu(&local->rcu, rxrpc_local_rcu);
	_leave(" = %d", ret);
	return ERR_PTR(ret);

addr_in_use:
	mutex_unlock(&rxnet->local_mutex);
	_leave(" = -EADDRINUSE");
	return ERR_PTR(-EADDRINUSE);
}

/*
 * Get a ref on a local endpoint.
 */
struct rxrpc_local *rxrpc_get_local(struct rxrpc_local *local)
{
	const void *here = __builtin_return_address(0);
	int n;

	n = atomic_inc_return(&local->usage);
	trace_rxrpc_local(local, rxrpc_local_got, n, here);
	return local;
}

/*
 * Get a ref on a local endpoint unless its usage has already reached 0.
 */
struct rxrpc_local *rxrpc_get_local_maybe(struct rxrpc_local *local)
{
	const void *here = __builtin_return_address(0);

	if (local) {
		int n = atomic_fetch_add_unless(&local->usage, 1, 0);
		if (n > 0)
			trace_rxrpc_local(local, rxrpc_local_got, n + 1, here);
		else
			local = NULL;
	}
	return local;
}

/*
 * Queue a local endpoint.
 */
void rxrpc_queue_local(struct rxrpc_local *local)
{
	const void *here = __builtin_return_address(0);

	if (rxrpc_queue_work(&local->processor))
		trace_rxrpc_local(local, rxrpc_local_queued,
				  atomic_read(&local->usage), here);
}

/*
 * A local endpoint reached its end of life.
 */
static void __rxrpc_put_local(struct rxrpc_local *local)
{
	_enter("%d", local->debug_id);
	rxrpc_queue_work(&local->processor);
}

/*
 * Drop a ref on a local endpoint.
 */
void rxrpc_put_local(struct rxrpc_local *local)
{
	const void *here = __builtin_return_address(0);
	int n;

	if (local) {
		n = atomic_dec_return(&local->usage);
		trace_rxrpc_local(local, rxrpc_local_put, n, here);

		if (n == 0)
			__rxrpc_put_local(local);
	}
}

/*
 * Destroy a local endpoint's socket and then hand the record to RCU to dispose
 * of.
 *
 * Closing the socket cannot be done from bottom half context or RCU callback
 * context because it might sleep.
 */
static void rxrpc_local_destroyer(struct rxrpc_local *local)
{
	struct socket *socket = local->socket;
	struct rxrpc_net *rxnet = local->rxnet;

	_enter("%d", local->debug_id);

	/* We can get a race between an incoming call packet queueing the
	 * processor again and the work processor starting the destruction
	 * process which will shut down the UDP socket.
	 */
	if (local->dead) {
		_leave(" [already dead]");
		return;
	}
	local->dead = true;

	mutex_lock(&rxnet->local_mutex);
	list_del_init(&local->link);
	mutex_unlock(&rxnet->local_mutex);

	ASSERT(RB_EMPTY_ROOT(&local->client_conns));
	ASSERT(!local->service);

	if (socket) {
		local->socket = NULL;
		kernel_sock_shutdown(socket, SHUT_RDWR);
		socket->sk->sk_user_data = NULL;
		sock_release(socket);
	}

	/* At this point, there should be no more packets coming in to the
	 * local endpoint.
	 */
	rxrpc_purge_queue(&local->reject_queue);
	rxrpc_purge_queue(&local->event_queue);

	_debug("rcu local %d", local->debug_id);
	call_rcu(&local->rcu, rxrpc_local_rcu);
}

/*
 * Process events on an endpoint
 */
static void rxrpc_local_processor(struct work_struct *work)
{
	struct rxrpc_local *local =
		container_of(work, struct rxrpc_local, processor);
	bool again;

	trace_rxrpc_local(local, rxrpc_local_processing,
			  atomic_read(&local->usage), NULL);

	do {
		again = false;
		if (atomic_read(&local->usage) == 0)
			return rxrpc_local_destroyer(local);

		if (!skb_queue_empty(&local->reject_queue)) {
			rxrpc_reject_packets(local);
			again = true;
		}

		if (!skb_queue_empty(&local->event_queue)) {
			rxrpc_process_local_events(local);
			again = true;
		}
	} while (again);
}

/*
 * Destroy a local endpoint after the RCU grace period expires.
 */
static void rxrpc_local_rcu(struct rcu_head *rcu)
{
	struct rxrpc_local *local = container_of(rcu, struct rxrpc_local, rcu);

	_enter("%d", local->debug_id);

	ASSERT(!work_pending(&local->processor));

	_net("DESTROY LOCAL %d", local->debug_id);
	kfree(local);
	_leave("");
}

/*
 * Verify the local endpoint list is empty by this point.
 */
void rxrpc_destroy_all_locals(struct rxrpc_net *rxnet)
{
	struct rxrpc_local *local;

	_enter("");

	flush_workqueue(rxrpc_workqueue);

	if (!list_empty(&rxnet->local_endpoints)) {
		mutex_lock(&rxnet->local_mutex);
		list_for_each_entry(local, &rxnet->local_endpoints, link) {
			pr_err("AF_RXRPC: Leaked local %p {%d}\n",
			       local, atomic_read(&local->usage));
		}
		mutex_unlock(&rxnet->local_mutex);
		BUG();
	}
}
Commit	Line	Data
b4d0d230	1	// SPDX-License-Identifier: GPL-2.0-or-later
87563616	2	/* Local endpoint object management
17926a79	3	*
4f95dd78	4	* Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
17926a79	5	* Written by David Howells (dhowells@redhat.com)
17926a79 DH	6	*/
17926a79 DH	7
9b6d5398 JP	8	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9b6d5398 JP	9
17926a79 DH	10	#include <linux/module.h>
	11	#include <linux/net.h>
	12	#include <linux/skbuff.h>
5a0e3ad6	13	#include <linux/slab.h>
44ba0698 DH	14	#include <linux/udp.h>
44ba0698 DH	15	#include <linux/ip.h>
4f95dd78	16	#include <linux/hashtable.h>
17926a79	17	#include <net/sock.h>
5271953c	18	#include <net/udp.h>
17926a79 DH	19	#include <net/af_rxrpc.h>
	20	#include "ar-internal.h"
	21
4f95dd78 DH	22	static void rxrpc_local_processor(struct work_struct *);
4f95dd78 DH	23	static void rxrpc_local_rcu(struct rcu_head *);
17926a79	24
17926a79	25	/*
4f95dd78 DH	26	* Compare a local to an address. Return -ve, 0 or +ve to indicate less than,
	27	* same or greater than.
	28	*
	29	* We explicitly don't compare the RxRPC service ID as we want to reject
	30	* conflicting uses by differing services. Further, we don't want to share
	31	* addresses with different options (IPv6), so we don't compare those bits
	32	* either.
17926a79	33	*/
4f95dd78 DH	34	static long rxrpc_local_cmp_key(const struct rxrpc_local *local,
	35	const struct sockaddr_rxrpc *srx)
	36	{
	37	long diff;
	38
	39	diff = ((local->srx.transport_type - srx->transport_type) ?:
	40	(local->srx.transport_len - srx->transport_len) ?:
	41	(local->srx.transport.family - srx->transport.family));
	42	if (diff != 0)
	43	return diff;
	44
	45	switch (srx->transport.family) {
	46	case AF_INET:
	47	/* If the choice of UDP port is left up to the transport, then
	48	* the endpoint record doesn't match.
	49	*/
	50	return ((u16 __force)local->srx.transport.sin.sin_port -
	51	(u16 __force)srx->transport.sin.sin_port) ?:
	52	memcmp(&local->srx.transport.sin.sin_addr,
	53	&srx->transport.sin.sin_addr,
	54	sizeof(struct in_addr));
d1912747	55	#ifdef CONFIG_AF_RXRPC_IPV6
75b54cb5 DH	56	case AF_INET6:
	57	/* If the choice of UDP6 port is left up to the transport, then
	58	* the endpoint record doesn't match.
	59	*/
	60	return ((u16 __force)local->srx.transport.sin6.sin6_port -
	61	(u16 __force)srx->transport.sin6.sin6_port) ?:
	62	memcmp(&local->srx.transport.sin6.sin6_addr,
	63	&srx->transport.sin6.sin6_addr,
	64	sizeof(struct in6_addr));
d1912747	65	#endif
4f95dd78 DH	66	default:
	67	BUG();
	68	}
	69	}
	70
	71	/*
	72	* Allocate a new local endpoint.
	73	*/
2baec2c3 DH	74	static struct rxrpc_local rxrpc_alloc_local(struct rxrpc_net rxnet,
2baec2c3 DH	75	const struct sockaddr_rxrpc *srx)
17926a79 DH	76	{
	77	struct rxrpc_local *local;
	78
	79	local = kzalloc(sizeof(struct rxrpc_local), GFP_KERNEL);
	80	if (local) {
4f95dd78	81	atomic_set(&local->usage, 1);
2baec2c3	82	local->rxnet = rxnet;
17926a79	83	INIT_LIST_HEAD(&local->link);
4f95dd78	84	INIT_WORK(&local->processor, rxrpc_local_processor);
17926a79	85	init_rwsem(&local->defrag_sem);
17926a79	86	skb_queue_head_init(&local->reject_queue);
44ba0698	87	skb_queue_head_init(&local->event_queue);
999b69f8 DH	88	local->client_conns = RB_ROOT;
999b69f8 DH	89	spin_lock_init(&local->client_conns_lock);
17926a79 DH	90	spin_lock_init(&local->lock);
17926a79 DH	91	rwlock_init(&local->services_lock);
17926a79 DH	92	local->debug_id = atomic_inc_return(&rxrpc_debug_id);
17926a79 DH	93	memcpy(&local->srx, srx, sizeof(*srx));
28036f44	94	local->srx.srx_service = 0;
09d2bf59	95	trace_rxrpc_local(local, rxrpc_local_new, 1, NULL);
17926a79 DH	96	}
	97
	98	_leave(" = %p", local);
	99	return local;
	100	}
	101
	102	/*
	103	* create the local socket
4f95dd78	104	* - must be called with rxrpc_local_mutex locked
17926a79	105	*/
2baec2c3	106	static int rxrpc_open_socket(struct rxrpc_local local, struct net net)
17926a79	107	{
5271953c	108	struct sock *usk;
17926a79 DH	109	int ret, opt;
17926a79 DH	110
75b54cb5 DH	111	_enter("%p{%d,%d}",
75b54cb5 DH	112	local, local->srx.transport_type, local->srx.transport.family);
17926a79 DH	113
17926a79 DH	114	/* create a socket to represent the local endpoint */
2baec2c3	115	ret = sock_create_kern(net, local->srx.transport.family,
aaa31cbc	116	local->srx.transport_type, 0, &local->socket);
17926a79 DH	117	if (ret < 0) {
	118	_leave(" = %d [socket]", ret);
	119	return ret;
	120	}
	121
2cfa2271	122	/* set the socket up */
5271953c DH	123	usk = local->socket->sk;
	124	inet_sk(usk)->mc_loop = 0;
	125
	126	/* Enable CHECKSUM_UNNECESSARY to CHECKSUM_COMPLETE conversion */
	127	inet_inc_convert_csum(usk);
	128
	129	rcu_assign_sk_user_data(usk, local);
	130
	131	udp_sk(usk)->encap_type = UDP_ENCAP_RXRPC;
	132	udp_sk(usk)->encap_rcv = rxrpc_input_packet;
	133	udp_sk(usk)->encap_destroy = NULL;
	134	udp_sk(usk)->gro_receive = NULL;
	135	udp_sk(usk)->gro_complete = NULL;
	136
	137	udp_encap_enable();
7ec8dc96	138	#if IS_ENABLED(CONFIG_AF_RXRPC_IPV6)
5271953c DH	139	if (local->srx.transport.family == AF_INET6)
	140	udpv6_encap_enable();
	141	#endif
	142	usk->sk_error_report = rxrpc_error_report;
2cfa2271	143
17926a79 DH	144	/* if a local address was supplied then bind it */
	145	if (local->srx.transport_len > sizeof(sa_family_t)) {
	146	_debug("bind");
	147	ret = kernel_bind(local->socket,
4f95dd78	148	(struct sockaddr *)&local->srx.transport,
17926a79 DH	149	local->srx.transport_len);
17926a79 DH	150	if (ret < 0) {
4f95dd78	151	_debug("bind failed %d", ret);
17926a79 DH	152	goto error;
	153	}
	154	}
	155
f2aeed3a	156	switch (local->srx.transport.family) {
37a675e7 DH	157	case AF_INET6:
37a675e7 DH	158	/* we want to receive ICMPv6 errors */
f2aeed3a	159	opt = 1;
37a675e7	160	ret = kernel_setsockopt(local->socket, SOL_IPV6, IPV6_RECVERR,
f2aeed3a DH	161	(char *) &opt, sizeof(opt));
	162	if (ret < 0) {
	163	_debug("setsockopt failed");
	164	goto error;
	165	}
17926a79	166
f2aeed3a	167	/* we want to set the don't fragment bit */
37a675e7 DH	168	opt = IPV6_PMTUDISC_DO;
37a675e7 DH	169	ret = kernel_setsockopt(local->socket, SOL_IPV6, IPV6_MTU_DISCOVER,
f2aeed3a DH	170	(char *) &opt, sizeof(opt));
	171	if (ret < 0) {
	172	_debug("setsockopt failed");
	173	goto error;
	174	}
f2aeed3a	175
37a675e7 DH	176	/* Fall through and set IPv4 options too otherwise we don't get
	177	* errors from IPv4 packets sent through the IPv6 socket.
	178	*/
936ee65f	179	/* Fall through */
37a675e7	180	case AF_INET:
f2aeed3a DH	181	/* we want to receive ICMP errors */
f2aeed3a DH	182	opt = 1;
37a675e7	183	ret = kernel_setsockopt(local->socket, SOL_IP, IP_RECVERR,
f2aeed3a DH	184	(char *) &opt, sizeof(opt));
	185	if (ret < 0) {
	186	_debug("setsockopt failed");
	187	goto error;
	188	}
	189
	190	/* we want to set the don't fragment bit */
37a675e7 DH	191	opt = IP_PMTUDISC_DO;
37a675e7 DH	192	ret = kernel_setsockopt(local->socket, SOL_IP, IP_MTU_DISCOVER,
f2aeed3a DH	193	(char *) &opt, sizeof(opt));
	194	if (ret < 0) {
	195	_debug("setsockopt failed");
	196	goto error;
	197	}
b604dd98 DH	198
	199	/* We want receive timestamps. */
	200	opt = 1;
7f1bc6e9	201	ret = kernel_setsockopt(local->socket, SOL_SOCKET, SO_TIMESTAMPNS_OLD,
b604dd98 DH	202	(char *)&opt, sizeof(opt));
	203	if (ret < 0) {
	204	_debug("setsockopt failed");
	205	goto error;
	206	}
f2aeed3a DH	207	break;
	208
	209	default:
	210	BUG();
17926a79 DH	211	}
17926a79 DH	212
17926a79 DH	213	_leave(" = 0");
	214	return 0;
	215
	216	error:
91cf45f0	217	kernel_sock_shutdown(local->socket, SHUT_RDWR);
17926a79 DH	218	local->socket->sk->sk_user_data = NULL;
	219	sock_release(local->socket);
	220	local->socket = NULL;
	221
	222	_leave(" = %d", ret);
	223	return ret;
	224	}
	225
	226	/*
4f95dd78	227	* Look up or create a new local endpoint using the specified local address.
17926a79	228	*/
2baec2c3 DH	229	struct rxrpc_local rxrpc_lookup_local(struct net net,
2baec2c3 DH	230	const struct sockaddr_rxrpc *srx)
17926a79 DH	231	{
17926a79 DH	232	struct rxrpc_local *local;
2baec2c3	233	struct rxrpc_net *rxnet = rxrpc_net(net);
4f95dd78 DH	234	struct list_head *cursor;
	235	const char *age;
	236	long diff;
17926a79 DH	237	int ret;
17926a79 DH	238
75b54cb5 DH	239	_enter("{%d,%d,%pISp}",
75b54cb5 DH	240	srx->transport_type, srx->transport.family, &srx->transport);
17926a79	241
2baec2c3	242	mutex_lock(&rxnet->local_mutex);
17926a79	243
2baec2c3 DH	244	for (cursor = rxnet->local_endpoints.next;
2baec2c3 DH	245	cursor != &rxnet->local_endpoints;
4f95dd78 DH	246	cursor = cursor->next) {
4f95dd78 DH	247	local = list_entry(cursor, struct rxrpc_local, link);
17926a79	248
4f95dd78 DH	249	diff = rxrpc_local_cmp_key(local, srx);
4f95dd78 DH	250	if (diff < 0)
17926a79	251	continue;
4f95dd78 DH	252	if (diff > 0)
	253	break;
	254
	255	/* Services aren't allowed to share transport sockets, so
	256	* reject that here. It is possible that the object is dying -
	257	* but it may also still have the local transport address that
	258	* we want bound.
	259	*/
	260	if (srx->srx_service) {
	261	local = NULL;
	262	goto addr_in_use;
	263	}
17926a79	264
4f95dd78 DH	265	/* Found a match. We replace a dying object. Attempting to
	266	* bind the transport socket may still fail if we're attempting
	267	* to use a local address that the dying object is still using.
	268	*/
5627cc8b	269	if (!rxrpc_get_local_maybe(local)) {
4f95dd78 DH	270	cursor = cursor->next;
	271	list_del_init(&local->link);
	272	break;
17926a79	273	}
17926a79	274
4f95dd78 DH	275	age = "old";
	276	goto found;
	277	}
17926a79	278
2baec2c3	279	local = rxrpc_alloc_local(rxnet, srx);
4f95dd78 DH	280	if (!local)
4f95dd78 DH	281	goto nomem;
17926a79	282
2baec2c3	283	ret = rxrpc_open_socket(local, net);
4f95dd78 DH	284	if (ret < 0)
	285	goto sock_error;
	286
	287	list_add_tail(&local->link, cursor);
	288	age = "new";
17926a79	289
4f95dd78	290	found:
2baec2c3	291	mutex_unlock(&rxnet->local_mutex);
17926a79	292
75b54cb5 DH	293	_net("LOCAL %s %d {%pISp}",
75b54cb5 DH	294	age, local->debug_id, &local->srx.transport);
17926a79	295
4f95dd78	296	_leave(" = %p", local);
17926a79 DH	297	return local;
17926a79 DH	298
4f95dd78 DH	299	nomem:
	300	ret = -ENOMEM;
	301	sock_error:
2baec2c3	302	mutex_unlock(&rxnet->local_mutex);
032be5f1 ED	303	if (local)
032be5f1 ED	304	call_rcu(&local->rcu, rxrpc_local_rcu);
4f95dd78 DH	305	_leave(" = %d", ret);
4f95dd78 DH	306	return ERR_PTR(ret);
17926a79	307
4f95dd78	308	addr_in_use:
2baec2c3	309	mutex_unlock(&rxnet->local_mutex);
4f95dd78 DH	310	_leave(" = -EADDRINUSE");
	311	return ERR_PTR(-EADDRINUSE);
	312	}
17926a79	313
09d2bf59 DH	314	/*
	315	* Get a ref on a local endpoint.
	316	*/
	317	struct rxrpc_local rxrpc_get_local(struct rxrpc_local local)
	318	{
	319	const void *here = __builtin_return_address(0);
	320	int n;
	321
	322	n = atomic_inc_return(&local->usage);
	323	trace_rxrpc_local(local, rxrpc_local_got, n, here);
	324	return local;
	325	}
	326
	327	/*
	328	* Get a ref on a local endpoint unless its usage has already reached 0.
	329	*/
	330	struct rxrpc_local rxrpc_get_local_maybe(struct rxrpc_local local)
	331	{
	332	const void *here = __builtin_return_address(0);
	333
	334	if (local) {
bfc18e38	335	int n = atomic_fetch_add_unless(&local->usage, 1, 0);
09d2bf59 DH	336	if (n > 0)
	337	trace_rxrpc_local(local, rxrpc_local_got, n + 1, here);
	338	else
	339	local = NULL;
	340	}
	341	return local;
	342	}
	343
	344	/*
	345	* Queue a local endpoint.
	346	*/
	347	void rxrpc_queue_local(struct rxrpc_local *local)
	348	{
	349	const void *here = __builtin_return_address(0);
	350
	351	if (rxrpc_queue_work(&local->processor))
	352	trace_rxrpc_local(local, rxrpc_local_queued,
	353	atomic_read(&local->usage), here);
	354	}
	355
4f95dd78 DH	356	/*
	357	* A local endpoint reached its end of life.
	358	*/
09d2bf59	359	static void __rxrpc_put_local(struct rxrpc_local *local)
4f95dd78 DH	360	{
	361	_enter("%d", local->debug_id);
	362	rxrpc_queue_work(&local->processor);
17926a79 DH	363	}
17926a79 DH	364
09d2bf59 DH	365	/*
	366	* Drop a ref on a local endpoint.
	367	*/
	368	void rxrpc_put_local(struct rxrpc_local *local)
	369	{
	370	const void *here = __builtin_return_address(0);
	371	int n;
	372
	373	if (local) {
	374	n = atomic_dec_return(&local->usage);
	375	trace_rxrpc_local(local, rxrpc_local_put, n, here);
	376
	377	if (n == 0)
	378	__rxrpc_put_local(local);
	379	}
	380	}
	381
17926a79	382	/*
4f95dd78 DH	383	* Destroy a local endpoint's socket and then hand the record to RCU to dispose
	384	* of.
	385	*
	386	* Closing the socket cannot be done from bottom half context or RCU callback
	387	* context because it might sleep.
17926a79	388	*/
4f95dd78	389	static void rxrpc_local_destroyer(struct rxrpc_local *local)
17926a79	390	{
4f95dd78	391	struct socket *socket = local->socket;
2baec2c3	392	struct rxrpc_net *rxnet = local->rxnet;
17926a79	393
4f95dd78	394	_enter("%d", local->debug_id);
17926a79	395
4f95dd78 DH	396	/* We can get a race between an incoming call packet queueing the
	397	* processor again and the work processor starting the destruction
	398	* process which will shut down the UDP socket.
	399	*/
	400	if (local->dead) {
	401	_leave(" [already dead]");
	402	return;
17926a79	403	}
4f95dd78 DH	404	local->dead = true;
4f95dd78 DH	405
2baec2c3	406	mutex_lock(&rxnet->local_mutex);
4f95dd78	407	list_del_init(&local->link);
2baec2c3	408	mutex_unlock(&rxnet->local_mutex);
4f95dd78	409
999b69f8	410	ASSERT(RB_EMPTY_ROOT(&local->client_conns));
1e9e5c95	411	ASSERT(!local->service);
4f95dd78 DH	412
	413	if (socket) {
	414	local->socket = NULL;
	415	kernel_sock_shutdown(socket, SHUT_RDWR);
	416	socket->sk->sk_user_data = NULL;
	417	sock_release(socket);
	418	}
	419
	420	/* At this point, there should be no more packets coming in to the
	421	* local endpoint.
	422	*/
4f95dd78 DH	423	rxrpc_purge_queue(&local->reject_queue);
	424	rxrpc_purge_queue(&local->event_queue);
	425
	426	_debug("rcu local %d", local->debug_id);
	427	call_rcu(&local->rcu, rxrpc_local_rcu);
17926a79 DH	428	}
	429
	430	/*
4f95dd78	431	* Process events on an endpoint
17926a79	432	*/
4f95dd78	433	static void rxrpc_local_processor(struct work_struct *work)
17926a79 DH	434	{
17926a79 DH	435	struct rxrpc_local *local =
4f95dd78 DH	436	container_of(work, struct rxrpc_local, processor);
4f95dd78 DH	437	bool again;
17926a79	438
09d2bf59 DH	439	trace_rxrpc_local(local, rxrpc_local_processing,
09d2bf59 DH	440	atomic_read(&local->usage), NULL);
17926a79	441
4f95dd78 DH	442	do {
	443	again = false;
	444	if (atomic_read(&local->usage) == 0)
	445	return rxrpc_local_destroyer(local);
17926a79	446
4f95dd78 DH	447	if (!skb_queue_empty(&local->reject_queue)) {
	448	rxrpc_reject_packets(local);
	449	again = true;
	450	}
17926a79	451
4f95dd78 DH	452	if (!skb_queue_empty(&local->event_queue)) {
	453	rxrpc_process_local_events(local);
	454	again = true;
	455	}
	456	} while (again);
	457	}
17926a79	458
4f95dd78 DH	459	/*
	460	* Destroy a local endpoint after the RCU grace period expires.
	461	*/
	462	static void rxrpc_local_rcu(struct rcu_head *rcu)
	463	{
	464	struct rxrpc_local *local = container_of(rcu, struct rxrpc_local, rcu);
17926a79	465
4f95dd78	466	_enter("%d", local->debug_id);
17926a79	467
4f95dd78	468	ASSERT(!work_pending(&local->processor));
17926a79 DH	469
	470	_net("DESTROY LOCAL %d", local->debug_id);
	471	kfree(local);
17926a79 DH	472	_leave("");
	473	}
	474
	475	/*
4f95dd78	476	* Verify the local endpoint list is empty by this point.
17926a79	477	*/
2baec2c3	478	void rxrpc_destroy_all_locals(struct rxrpc_net *rxnet)
17926a79	479	{
4f95dd78	480	struct rxrpc_local *local;
17926a79 DH	481
	482	_enter("");
	483
dee46364	484	flush_workqueue(rxrpc_workqueue);
17926a79	485
2baec2c3 DH	486	if (!list_empty(&rxnet->local_endpoints)) {
	487	mutex_lock(&rxnet->local_mutex);
	488	list_for_each_entry(local, &rxnet->local_endpoints, link) {
dee46364 DH	489	pr_err("AF_RXRPC: Leaked local %p {%d}\n",
	490	local, atomic_read(&local->usage));
	491	}
2baec2c3	492	mutex_unlock(&rxnet->local_mutex);
dee46364	493	BUG();
17926a79	494	}
17926a79	495	}