[linux-2.6-block.git] / net / tipc / server.c

/*
 * net/tipc/server.c: TIPC server infrastructure
 *
 * Copyright (c) 2012-2013, Wind River Systems
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the names of the copyright holders nor the names of its
 *    contributors may be used to endorse or promote products derived from
 *    this software without specific prior written permission.
 *
 * Alternatively, this software may be distributed under the terms of the
 * GNU General Public License ("GPL") version 2 as published by the Free
 * Software Foundation.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include "server.h"
#include "core.h"
#include "socket.h"
#include <net/sock.h>
#include <linux/module.h>

/* Number of messages to send before rescheduling */
#define MAX_SEND_MSG_COUNT	25
#define MAX_RECV_MSG_COUNT	25
#define CF_CONNECTED		1
#define CF_SERVER		2

#define sock2con(x) ((struct tipc_conn *)(x)->sk_user_data)

/**
 * struct tipc_conn - TIPC connection structure
 * @kref: reference counter to connection object
 * @conid: connection identifier
 * @sock: socket handler associated with connection
 * @flags: indicates connection state
 * @server: pointer to connected server
 * @rwork: receive work item
 * @usr_data: user-specified field
 * @rx_action: what to do when connection socket is active
 * @outqueue: pointer to first outbound message in queue
 * @outqueue_lock: control access to the outqueue
 * @outqueue: list of connection objects for its server
 * @swork: send work item
 */
struct tipc_conn {
	struct kref kref;
	int conid;
	struct socket *sock;
	unsigned long flags;
	struct tipc_server *server;
	struct work_struct rwork;
	int (*rx_action) (struct tipc_conn *con);
	void *usr_data;
	struct list_head outqueue;
	spinlock_t outqueue_lock;
	struct work_struct swork;
};

/* An entry waiting to be sent */
struct outqueue_entry {
	struct list_head list;
	struct kvec iov;
	struct sockaddr_tipc dest;
};

static void tipc_recv_work(struct work_struct *work);
static void tipc_send_work(struct work_struct *work);
static void tipc_clean_outqueues(struct tipc_conn *con);

static void tipc_conn_kref_release(struct kref *kref)
{
	struct tipc_conn *con = container_of(kref, struct tipc_conn, kref);
	struct tipc_server *s = con->server;
	struct sockaddr_tipc *saddr = s->saddr;
	struct socket *sock = con->sock;
	struct sock *sk;

	if (sock) {
		sk = sock->sk;
		if (test_bit(CF_SERVER, &con->flags)) {
			__module_get(sock->ops->owner);
			__module_get(sk->sk_prot_creator->owner);
		}
		saddr->scope = -TIPC_NODE_SCOPE;
		kernel_bind(sock, (struct sockaddr *)saddr, sizeof(*saddr));
		sock_release(sock);
		con->sock = NULL;

		spin_lock_bh(&s->idr_lock);
		idr_remove(&s->conn_idr, con->conid);
		s->idr_in_use--;
		spin_unlock_bh(&s->idr_lock);
	}

	tipc_clean_outqueues(con);
	kfree(con);
}

static void conn_put(struct tipc_conn *con)
{
	kref_put(&con->kref, tipc_conn_kref_release);
}

static void conn_get(struct tipc_conn *con)
{
	kref_get(&con->kref);
}

static struct tipc_conn *tipc_conn_lookup(struct tipc_server *s, int conid)
{
	struct tipc_conn *con;

	spin_lock_bh(&s->idr_lock);
	con = idr_find(&s->conn_idr, conid);
	if (con && test_bit(CF_CONNECTED, &con->flags))
		conn_get(con);
	else
		con = NULL;
	spin_unlock_bh(&s->idr_lock);
	return con;
}

static void sock_data_ready(struct sock *sk)
{
	struct tipc_conn *con;

	read_lock_bh(&sk->sk_callback_lock);
	con = sock2con(sk);
	if (con && test_bit(CF_CONNECTED, &con->flags)) {
		conn_get(con);
		if (!queue_work(con->server->rcv_wq, &con->rwork))
			conn_put(con);
	}
	read_unlock_bh(&sk->sk_callback_lock);
}

static void sock_write_space(struct sock *sk)
{
	struct tipc_conn *con;

	read_lock_bh(&sk->sk_callback_lock);
	con = sock2con(sk);
	if (con && test_bit(CF_CONNECTED, &con->flags)) {
		conn_get(con);
		if (!queue_work(con->server->send_wq, &con->swork))
			conn_put(con);
	}
	read_unlock_bh(&sk->sk_callback_lock);
}

static void tipc_register_callbacks(struct socket *sock, struct tipc_conn *con)
{
	struct sock *sk = sock->sk;

	write_lock_bh(&sk->sk_callback_lock);

	sk->sk_data_ready = sock_data_ready;
	sk->sk_write_space = sock_write_space;
	sk->sk_user_data = con;

	con->sock = sock;

	write_unlock_bh(&sk->sk_callback_lock);
}

static void tipc_unregister_callbacks(struct tipc_conn *con)
{
	struct sock *sk = con->sock->sk;

	write_lock_bh(&sk->sk_callback_lock);
	sk->sk_user_data = NULL;
	write_unlock_bh(&sk->sk_callback_lock);
}

static void tipc_close_conn(struct tipc_conn *con)
{
	struct tipc_server *s = con->server;

	if (test_and_clear_bit(CF_CONNECTED, &con->flags)) {
		tipc_unregister_callbacks(con);

		if (con->conid)
			s->tipc_conn_release(con->conid, con->usr_data);

		/* We shouldn't flush pending works as we may be in the
		 * thread. In fact the races with pending rx/tx work structs
		 * are harmless for us here as we have already deleted this
		 * connection from server connection list.
		 */
		kernel_sock_shutdown(con->sock, SHUT_RDWR);

		conn_put(con);
	}
}

static struct tipc_conn *tipc_alloc_conn(struct tipc_server *s)
{
	struct tipc_conn *con;
	int ret;

	con = kzalloc(sizeof(struct tipc_conn), GFP_ATOMIC);
	if (!con)
		return ERR_PTR(-ENOMEM);

	kref_init(&con->kref);
	INIT_LIST_HEAD(&con->outqueue);
	spin_lock_init(&con->outqueue_lock);
	INIT_WORK(&con->swork, tipc_send_work);
	INIT_WORK(&con->rwork, tipc_recv_work);

	spin_lock_bh(&s->idr_lock);
	ret = idr_alloc(&s->conn_idr, con, 0, 0, GFP_ATOMIC);
	if (ret < 0) {
		kfree(con);
		spin_unlock_bh(&s->idr_lock);
		return ERR_PTR(-ENOMEM);
	}
	con->conid = ret;
	s->idr_in_use++;
	spin_unlock_bh(&s->idr_lock);

	set_bit(CF_CONNECTED, &con->flags);
	con->server = s;

	return con;
}

static int tipc_receive_from_sock(struct tipc_conn *con)
{
	struct msghdr msg = {};
	struct tipc_server *s = con->server;
	struct sockaddr_tipc addr;
	struct kvec iov;
	void *buf;
	int ret;

	buf = kmem_cache_alloc(s->rcvbuf_cache, GFP_ATOMIC);
	if (!buf) {
		ret = -ENOMEM;
		goto out_close;
	}

	iov.iov_base = buf;
	iov.iov_len = s->max_rcvbuf_size;
	msg.msg_name = &addr;
	ret = kernel_recvmsg(con->sock, &msg, &iov, 1, iov.iov_len,
			     MSG_DONTWAIT);
	if (ret <= 0) {
		kmem_cache_free(s->rcvbuf_cache, buf);
		goto out_close;
	}

	s->tipc_conn_recvmsg(sock_net(con->sock->sk), con->conid, &addr,
			     con->usr_data, buf, ret);

	kmem_cache_free(s->rcvbuf_cache, buf);

	return 0;

out_close:
	if (ret != -EWOULDBLOCK)
		tipc_close_conn(con);
	else if (ret == 0)
		/* Don't return success if we really got EOF */
		ret = -EAGAIN;

	return ret;
}

static int tipc_accept_from_sock(struct tipc_conn *con)
{
	struct tipc_server *s = con->server;
	struct socket *sock = con->sock;
	struct socket *newsock;
	struct tipc_conn *newcon;
	int ret;

	ret = kernel_accept(sock, &newsock, O_NONBLOCK);
	if (ret < 0)
		return ret;

	newcon = tipc_alloc_conn(con->server);
	if (IS_ERR(newcon)) {
		ret = PTR_ERR(newcon);
		sock_release(newsock);
		return ret;
	}

	newcon->rx_action = tipc_receive_from_sock;
	tipc_register_callbacks(newsock, newcon);

	/* Notify that new connection is incoming */
	newcon->usr_data = s->tipc_conn_new(newcon->conid);
	if (!newcon->usr_data) {
		sock_release(newsock);
		return -ENOMEM;
	}

	/* Wake up receive process in case of 'SYN+' message */
	newsock->sk->sk_data_ready(newsock->sk);
	return ret;
}

static struct socket *tipc_create_listen_sock(struct tipc_conn *con)
{
	struct tipc_server *s = con->server;
	struct socket *sock = NULL;
	int ret;

	ret = sock_create_kern(s->net, AF_TIPC, SOCK_SEQPACKET, 0, &sock);
	if (ret < 0)
		return NULL;
	ret = kernel_setsockopt(sock, SOL_TIPC, TIPC_IMPORTANCE,
				(char *)&s->imp, sizeof(s->imp));
	if (ret < 0)
		goto create_err;
	ret = kernel_bind(sock, (struct sockaddr *)s->saddr, sizeof(*s->saddr));
	if (ret < 0)
		goto create_err;

	switch (s->type) {
	case SOCK_STREAM:
	case SOCK_SEQPACKET:
		con->rx_action = tipc_accept_from_sock;

		ret = kernel_listen(sock, 0);
		if (ret < 0)
			goto create_err;
		break;
	case SOCK_DGRAM:
	case SOCK_RDM:
		con->rx_action = tipc_receive_from_sock;
		break;
	default:
		pr_err("Unknown socket type %d\n", s->type);
		goto create_err;
	}

	/* As server's listening socket owner and creator is the same module,
	 * we have to decrease TIPC module reference count to guarantee that
	 * it remains zero after the server socket is created, otherwise,
	 * executing "rmmod" command is unable to make TIPC module deleted
	 * after TIPC module is inserted successfully.
	 *
	 * However, the reference count is ever increased twice in
	 * sock_create_kern(): one is to increase the reference count of owner
	 * of TIPC socket's proto_ops struct; another is to increment the
	 * reference count of owner of TIPC proto struct. Therefore, we must
	 * decrement the module reference count twice to ensure that it keeps
	 * zero after server's listening socket is created. Of course, we
	 * must bump the module reference count twice as well before the socket
	 * is closed.
	 */
	module_put(sock->ops->owner);
	module_put(sock->sk->sk_prot_creator->owner);
	set_bit(CF_SERVER, &con->flags);

	return sock;

create_err:
	kernel_sock_shutdown(sock, SHUT_RDWR);
	sock_release(sock);
	return NULL;
}

static int tipc_open_listening_sock(struct tipc_server *s)
{
	struct socket *sock;
	struct tipc_conn *con;

	con = tipc_alloc_conn(s);
	if (IS_ERR(con))
		return PTR_ERR(con);

	sock = tipc_create_listen_sock(con);
	if (!sock) {
		idr_remove(&s->conn_idr, con->conid);
		s->idr_in_use--;
		kfree(con);
		return -EINVAL;
	}

	tipc_register_callbacks(sock, con);
	return 0;
}

static struct outqueue_entry *tipc_alloc_entry(void *data, int len)
{
	struct outqueue_entry *entry;
	void *buf;

	entry = kmalloc(sizeof(struct outqueue_entry), GFP_ATOMIC);
	if (!entry)
		return NULL;

	buf = kmemdup(data, len, GFP_ATOMIC);
	if (!buf) {
		kfree(entry);
		return NULL;
	}

	entry->iov.iov_base = buf;
	entry->iov.iov_len = len;

	return entry;
}

static void tipc_free_entry(struct outqueue_entry *e)
{
	kfree(e->iov.iov_base);
	kfree(e);
}

static void tipc_clean_outqueues(struct tipc_conn *con)
{
	struct outqueue_entry *e, *safe;

	spin_lock_bh(&con->outqueue_lock);
	list_for_each_entry_safe(e, safe, &con->outqueue, list) {
		list_del(&e->list);
		tipc_free_entry(e);
	}
	spin_unlock_bh(&con->outqueue_lock);
}

int tipc_conn_sendmsg(struct tipc_server *s, int conid,
		      struct sockaddr_tipc *addr, void *data, size_t len)
{
	struct outqueue_entry *e;
	struct tipc_conn *con;

	con = tipc_conn_lookup(s, conid);
	if (!con)
		return -EINVAL;

	e = tipc_alloc_entry(data, len);
	if (!e) {
		conn_put(con);
		return -ENOMEM;
	}

	if (addr)
		memcpy(&e->dest, addr, sizeof(struct sockaddr_tipc));

	spin_lock_bh(&con->outqueue_lock);
	list_add_tail(&e->list, &con->outqueue);
	spin_unlock_bh(&con->outqueue_lock);

	if (test_bit(CF_CONNECTED, &con->flags)) {
		if (!queue_work(s->send_wq, &con->swork))
			conn_put(con);
	} else {
		conn_put(con);
	}
	return 0;
}

void tipc_conn_terminate(struct tipc_server *s, int conid)
{
	struct tipc_conn *con;

	con = tipc_conn_lookup(s, conid);
	if (con) {
		tipc_close_conn(con);
		conn_put(con);
	}
}

static void tipc_send_to_sock(struct tipc_conn *con)
{
	int count = 0;
	struct tipc_server *s = con->server;
	struct outqueue_entry *e;
	struct msghdr msg;
	int ret;

	spin_lock_bh(&con->outqueue_lock);
	while (1) {
		e = list_entry(con->outqueue.next, struct outqueue_entry,
			       list);
		if ((struct list_head *) e == &con->outqueue)
			break;
		spin_unlock_bh(&con->outqueue_lock);

		memset(&msg, 0, sizeof(msg));
		msg.msg_flags = MSG_DONTWAIT;

		if (s->type == SOCK_DGRAM || s->type == SOCK_RDM) {
			msg.msg_name = &e->dest;
			msg.msg_namelen = sizeof(struct sockaddr_tipc);
		}
		ret = kernel_sendmsg(con->sock, &msg, &e->iov, 1,
				     e->iov.iov_len);
		if (ret == -EWOULDBLOCK || ret == 0) {
			cond_resched();
			goto out;
		} else if (ret < 0) {
			goto send_err;
		}

		/* Don't starve users filling buffers */
		if (++count >= MAX_SEND_MSG_COUNT) {
			cond_resched();
			count = 0;
		}

		spin_lock_bh(&con->outqueue_lock);
		list_del(&e->list);
		tipc_free_entry(e);
	}
	spin_unlock_bh(&con->outqueue_lock);
out:
	return;

send_err:
	tipc_close_conn(con);
}

static void tipc_recv_work(struct work_struct *work)
{
	struct tipc_conn *con = container_of(work, struct tipc_conn, rwork);
	int count = 0;

	while (test_bit(CF_CONNECTED, &con->flags)) {
		if (con->rx_action(con))
			break;

		/* Don't flood Rx machine */
		if (++count >= MAX_RECV_MSG_COUNT) {
			cond_resched();
			count = 0;
		}
	}
	conn_put(con);
}

static void tipc_send_work(struct work_struct *work)
{
	struct tipc_conn *con = container_of(work, struct tipc_conn, swork);

	if (test_bit(CF_CONNECTED, &con->flags))
		tipc_send_to_sock(con);

	conn_put(con);
}

static void tipc_work_stop(struct tipc_server *s)
{
	destroy_workqueue(s->rcv_wq);
	destroy_workqueue(s->send_wq);
}

static int tipc_work_start(struct tipc_server *s)
{
	s->rcv_wq = alloc_ordered_workqueue("tipc_rcv", 0);
	if (!s->rcv_wq) {
		pr_err("can't start tipc receive workqueue\n");
		return -ENOMEM;
	}

	s->send_wq = alloc_ordered_workqueue("tipc_send", 0);
	if (!s->send_wq) {
		pr_err("can't start tipc send workqueue\n");
		destroy_workqueue(s->rcv_wq);
		return -ENOMEM;
	}

	return 0;
}

int tipc_server_start(struct tipc_server *s)
{
	int ret;

	spin_lock_init(&s->idr_lock);
	idr_init(&s->conn_idr);
	s->idr_in_use = 0;

	s->rcvbuf_cache = kmem_cache_create(s->name, s->max_rcvbuf_size,
					    0, SLAB_HWCACHE_ALIGN, NULL);
	if (!s->rcvbuf_cache)
		return -ENOMEM;

	ret = tipc_work_start(s);
	if (ret < 0) {
		kmem_cache_destroy(s->rcvbuf_cache);
		return ret;
	}
	ret = tipc_open_listening_sock(s);
	if (ret < 0) {
		tipc_work_stop(s);
		kmem_cache_destroy(s->rcvbuf_cache);
		return ret;
	}
	return ret;
}

void tipc_server_stop(struct tipc_server *s)
{
	struct tipc_conn *con;
	int total = 0;
	int id;

	spin_lock_bh(&s->idr_lock);
	for (id = 0; total < s->idr_in_use; id++) {
		con = idr_find(&s->conn_idr, id);
		if (con) {
			total++;
			spin_unlock_bh(&s->idr_lock);
			tipc_close_conn(con);
			spin_lock_bh(&s->idr_lock);
		}
	}
	spin_unlock_bh(&s->idr_lock);

	tipc_work_stop(s);
	kmem_cache_destroy(s->rcvbuf_cache);
	idr_destroy(&s->conn_idr);
}
Commit	Line	Data
c5fa7b3c YX	1	/*
	2	* net/tipc/server.c: TIPC server infrastructure
	3	*
	4	* Copyright (c) 2012-2013, Wind River Systems
	5	* All rights reserved.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions are met:
	9	*
	10	* 1. Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	* 2. Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in the
	14	* documentation and/or other materials provided with the distribution.
	15	* 3. Neither the names of the copyright holders nor the names of its
	16	* contributors may be used to endorse or promote products derived from
	17	* this software without specific prior written permission.
	18	*
	19	* Alternatively, this software may be distributed under the terms of the
	20	* GNU General Public License ("GPL") version 2 as published by the Free
	21	* Software Foundation.
	22	*
	23	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
	24	* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	25	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	26	* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
	27	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	28	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	29	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	30	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	31	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	32	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	33	* POSSIBILITY OF SUCH DAMAGE.
	34	*/
	35
	36	#include "server.h"
	37	#include "core.h"
859fc7c0	38	#include "socket.h"
c5fa7b3c	39	#include <net/sock.h>
76100a8a	40	#include <linux/module.h>
c5fa7b3c YX	41
	42	/* Number of messages to send before rescheduling */
	43	#define MAX_SEND_MSG_COUNT 25
	44	#define MAX_RECV_MSG_COUNT 25
	45	#define CF_CONNECTED 1
76100a8a	46	#define CF_SERVER 2
c5fa7b3c YX	47
	48	#define sock2con(x) ((struct tipc_conn *)(x)->sk_user_data)
	49
	50	/**
	51	* struct tipc_conn - TIPC connection structure
	52	* @kref: reference counter to connection object
	53	* @conid: connection identifier
	54	* @sock: socket handler associated with connection
	55	* @flags: indicates connection state
	56	* @server: pointer to connected server
	57	* @rwork: receive work item
	58	* @usr_data: user-specified field
	59	* @rx_action: what to do when connection socket is active
	60	* @outqueue: pointer to first outbound message in queue
963a1855	61	* @outqueue_lock: control access to the outqueue
c5fa7b3c YX	62	* @outqueue: list of connection objects for its server
	63	* @swork: send work item
	64	*/
	65	struct tipc_conn {
	66	struct kref kref;
	67	int conid;
	68	struct socket *sock;
	69	unsigned long flags;
	70	struct tipc_server *server;
	71	struct work_struct rwork;
	72	int (rx_action) (struct tipc_conn con);
	73	void *usr_data;
	74	struct list_head outqueue;
	75	spinlock_t outqueue_lock;
	76	struct work_struct swork;
	77	};
	78
	79	/* An entry waiting to be sent */
	80	struct outqueue_entry {
	81	struct list_head list;
	82	struct kvec iov;
	83	struct sockaddr_tipc dest;
	84	};
	85
	86	static void tipc_recv_work(struct work_struct *work);
	87	static void tipc_send_work(struct work_struct *work);
	88	static void tipc_clean_outqueues(struct tipc_conn *con);
	89
	90	static void tipc_conn_kref_release(struct kref *kref)
	91	{
	92	struct tipc_conn *con = container_of(kref, struct tipc_conn, kref);
fc0adfc8 PB	93	struct tipc_server *s = con->server;
fc0adfc8 PB	94	struct sockaddr_tipc *saddr = s->saddr;
76100a8a YX	95	struct socket *sock = con->sock;
	96	struct sock *sk;
	97
	98	if (sock) {
	99	sk = sock->sk;
	100	if (test_bit(CF_SERVER, &con->flags)) {
	101	__module_get(sock->ops->owner);
	102	__module_get(sk->sk_prot_creator->owner);
	103	}
2b9bb7f3 YX	104	saddr->scope = -TIPC_NODE_SCOPE;
2b9bb7f3 YX	105	kernel_bind(sock, (struct sockaddr )saddr, sizeof(saddr));
def81f69	106	sock_release(sock);
c5fa7b3c	107	con->sock = NULL;
fc0adfc8 PB	108
	109	spin_lock_bh(&s->idr_lock);
	110	idr_remove(&s->conn_idr, con->conid);
	111	s->idr_in_use--;
	112	spin_unlock_bh(&s->idr_lock);
c5fa7b3c YX	113	}
	114
	115	tipc_clean_outqueues(con);
c5fa7b3c YX	116	kfree(con);
	117	}
	118
	119	static void conn_put(struct tipc_conn *con)
	120	{
	121	kref_put(&con->kref, tipc_conn_kref_release);
	122	}
	123
	124	static void conn_get(struct tipc_conn *con)
	125	{
	126	kref_get(&con->kref);
	127	}
	128
	129	static struct tipc_conn tipc_conn_lookup(struct tipc_server s, int conid)
	130	{
	131	struct tipc_conn *con;
	132
	133	spin_lock_bh(&s->idr_lock);
	134	con = idr_find(&s->conn_idr, conid);
fc0adfc8	135	if (con && test_bit(CF_CONNECTED, &con->flags))
c5fa7b3c	136	conn_get(con);
fc0adfc8 PB	137	else
fc0adfc8 PB	138	con = NULL;
c5fa7b3c YX	139	spin_unlock_bh(&s->idr_lock);
	140	return con;
	141	}
	142
676d2369	143	static void sock_data_ready(struct sock *sk)
c5fa7b3c YX	144	{
	145	struct tipc_conn *con;
	146
b91083a4	147	read_lock_bh(&sk->sk_callback_lock);
c5fa7b3c YX	148	con = sock2con(sk);
	149	if (con && test_bit(CF_CONNECTED, &con->flags)) {
	150	conn_get(con);
	151	if (!queue_work(con->server->rcv_wq, &con->rwork))
	152	conn_put(con);
	153	}
b91083a4	154	read_unlock_bh(&sk->sk_callback_lock);
c5fa7b3c YX	155	}
	156
	157	static void sock_write_space(struct sock *sk)
	158	{
	159	struct tipc_conn *con;
	160
b91083a4	161	read_lock_bh(&sk->sk_callback_lock);
c5fa7b3c YX	162	con = sock2con(sk);
	163	if (con && test_bit(CF_CONNECTED, &con->flags)) {
	164	conn_get(con);
	165	if (!queue_work(con->server->send_wq, &con->swork))
	166	conn_put(con);
	167	}
b91083a4	168	read_unlock_bh(&sk->sk_callback_lock);
c5fa7b3c YX	169	}
	170
	171	static void tipc_register_callbacks(struct socket sock, struct tipc_conn con)
	172	{
	173	struct sock *sk = sock->sk;
	174
	175	write_lock_bh(&sk->sk_callback_lock);
	176
	177	sk->sk_data_ready = sock_data_ready;
	178	sk->sk_write_space = sock_write_space;
	179	sk->sk_user_data = con;
	180
	181	con->sock = sock;
	182
	183	write_unlock_bh(&sk->sk_callback_lock);
	184	}
	185
	186	static void tipc_unregister_callbacks(struct tipc_conn *con)
	187	{
	188	struct sock *sk = con->sock->sk;
	189
	190	write_lock_bh(&sk->sk_callback_lock);
	191	sk->sk_user_data = NULL;
	192	write_unlock_bh(&sk->sk_callback_lock);
	193	}
	194
9dc3abdd	195	static void tipc_close_conn(struct tipc_conn *con)
333f7962 PB	196	{
	197	struct tipc_server *s = con->server;
	198
c5fa7b3c	199	if (test_and_clear_bit(CF_CONNECTED, &con->flags)) {
9dc3abdd PB	200	tipc_unregister_callbacks(con);
	201
	202	if (con->conid)
	203	s->tipc_conn_release(con->conid, con->usr_data);
6d4ebeb4	204
c5fa7b3c YX	205	/* We shouldn't flush pending works as we may be in the
	206	* thread. In fact the races with pending rx/tx work structs
	207	* are harmless for us here as we have already deleted this
333f7962	208	* connection from server connection list.
c5fa7b3c YX	209	*/
	210	kernel_sock_shutdown(con->sock, SHUT_RDWR);
	211
	212	conn_put(con);
	213	}
	214	}
	215
	216	static struct tipc_conn tipc_alloc_conn(struct tipc_server s)
	217	{
	218	struct tipc_conn *con;
	219	int ret;
	220
	221	con = kzalloc(sizeof(struct tipc_conn), GFP_ATOMIC);
	222	if (!con)
	223	return ERR_PTR(-ENOMEM);
	224
	225	kref_init(&con->kref);
	226	INIT_LIST_HEAD(&con->outqueue);
	227	spin_lock_init(&con->outqueue_lock);
	228	INIT_WORK(&con->swork, tipc_send_work);
	229	INIT_WORK(&con->rwork, tipc_recv_work);
	230
	231	spin_lock_bh(&s->idr_lock);
	232	ret = idr_alloc(&s->conn_idr, con, 0, 0, GFP_ATOMIC);
	233	if (ret < 0) {
	234	kfree(con);
	235	spin_unlock_bh(&s->idr_lock);
	236	return ERR_PTR(-ENOMEM);
	237	}
	238	con->conid = ret;
	239	s->idr_in_use++;
	240	spin_unlock_bh(&s->idr_lock);
	241
	242	set_bit(CF_CONNECTED, &con->flags);
	243	con->server = s;
	244
	245	return con;
	246	}
	247
	248	static int tipc_receive_from_sock(struct tipc_conn *con)
	249	{
	250	struct msghdr msg = {};
	251	struct tipc_server *s = con->server;
	252	struct sockaddr_tipc addr;
	253	struct kvec iov;
	254	void *buf;
	255	int ret;
	256
	257	buf = kmem_cache_alloc(s->rcvbuf_cache, GFP_ATOMIC);
	258	if (!buf) {
	259	ret = -ENOMEM;
	260	goto out_close;
	261	}
	262
	263	iov.iov_base = buf;
	264	iov.iov_len = s->max_rcvbuf_size;
	265	msg.msg_name = &addr;
	266	ret = kernel_recvmsg(con->sock, &msg, &iov, 1, iov.iov_len,
	267	MSG_DONTWAIT);
	268	if (ret <= 0) {
	269	kmem_cache_free(s->rcvbuf_cache, buf);
	270	goto out_close;
	271	}
	272
4ac1c8d0 YX	273	s->tipc_conn_recvmsg(sock_net(con->sock->sk), con->conid, &addr,
4ac1c8d0 YX	274	con->usr_data, buf, ret);
c5fa7b3c YX	275
	276	kmem_cache_free(s->rcvbuf_cache, buf);
	277
	278	return 0;
	279
	280	out_close:
	281	if (ret != -EWOULDBLOCK)
	282	tipc_close_conn(con);
	283	else if (ret == 0)
	284	/* Don't return success if we really got EOF */
	285	ret = -EAGAIN;
	286
	287	return ret;
	288	}
	289
	290	static int tipc_accept_from_sock(struct tipc_conn *con)
	291	{
	292	struct tipc_server *s = con->server;
	293	struct socket *sock = con->sock;
	294	struct socket *newsock;
	295	struct tipc_conn *newcon;
	296	int ret;
	297
76100a8a	298	ret = kernel_accept(sock, &newsock, O_NONBLOCK);
c5fa7b3c YX	299	if (ret < 0)
	300	return ret;
	301
	302	newcon = tipc_alloc_conn(con->server);
	303	if (IS_ERR(newcon)) {
	304	ret = PTR_ERR(newcon);
	305	sock_release(newsock);
	306	return ret;
	307	}
	308
	309	newcon->rx_action = tipc_receive_from_sock;
	310	tipc_register_callbacks(newsock, newcon);
	311
	312	/* Notify that new connection is incoming */
	313	newcon->usr_data = s->tipc_conn_new(newcon->conid);
90bdfcb7 YX	314	if (!newcon->usr_data) {
	315	sock_release(newsock);
	316	return -ENOMEM;
	317	}
c5fa7b3c YX	318
c5fa7b3c YX	319	/* Wake up receive process in case of 'SYN+' message */
676d2369	320	newsock->sk->sk_data_ready(newsock->sk);
c5fa7b3c YX	321	return ret;
	322	}
	323
	324	static struct socket tipc_create_listen_sock(struct tipc_conn con)
	325	{
	326	struct tipc_server *s = con->server;
	327	struct socket *sock = NULL;
	328	int ret;
	329
fa787ae0	330	ret = sock_create_kern(s->net, AF_TIPC, SOCK_SEQPACKET, 0, &sock);
c5fa7b3c YX	331	if (ret < 0)
	332	return NULL;
	333	ret = kernel_setsockopt(sock, SOL_TIPC, TIPC_IMPORTANCE,
	334	(char *)&s->imp, sizeof(s->imp));
	335	if (ret < 0)
	336	goto create_err;
	337	ret = kernel_bind(sock, (struct sockaddr )s->saddr, sizeof(s->saddr));
	338	if (ret < 0)
	339	goto create_err;
	340
	341	switch (s->type) {
	342	case SOCK_STREAM:
	343	case SOCK_SEQPACKET:
	344	con->rx_action = tipc_accept_from_sock;
	345
	346	ret = kernel_listen(sock, 0);
	347	if (ret < 0)
	348	goto create_err;
	349	break;
	350	case SOCK_DGRAM:
	351	case SOCK_RDM:
	352	con->rx_action = tipc_receive_from_sock;
	353	break;
	354	default:
	355	pr_err("Unknown socket type %d\n", s->type);
	356	goto create_err;
	357	}
76100a8a YX	358
	359	/* As server's listening socket owner and creator is the same module,
	360	* we have to decrease TIPC module reference count to guarantee that
	361	* it remains zero after the server socket is created, otherwise,
	362	* executing "rmmod" command is unable to make TIPC module deleted
	363	* after TIPC module is inserted successfully.
	364	*
	365	* However, the reference count is ever increased twice in
	366	* sock_create_kern(): one is to increase the reference count of owner
	367	* of TIPC socket's proto_ops struct; another is to increment the
	368	* reference count of owner of TIPC proto struct. Therefore, we must
	369	* decrement the module reference count twice to ensure that it keeps
	370	* zero after server's listening socket is created. Of course, we
	371	* must bump the module reference count twice as well before the socket
	372	* is closed.
	373	*/
	374	module_put(sock->ops->owner);
	375	module_put(sock->sk->sk_prot_creator->owner);
	376	set_bit(CF_SERVER, &con->flags);
	377
c5fa7b3c YX	378	return sock;
	379
	380	create_err:
76100a8a	381	kernel_sock_shutdown(sock, SHUT_RDWR);
def81f69	382	sock_release(sock);
c5fa7b3c YX	383	return NULL;
	384	}
	385
	386	static int tipc_open_listening_sock(struct tipc_server *s)
	387	{
	388	struct socket *sock;
	389	struct tipc_conn *con;
	390
	391	con = tipc_alloc_conn(s);
	392	if (IS_ERR(con))
	393	return PTR_ERR(con);
	394
	395	sock = tipc_create_listen_sock(con);
c756891a YX	396	if (!sock) {
	397	idr_remove(&s->conn_idr, con->conid);
	398	s->idr_in_use--;
	399	kfree(con);
c5fa7b3c	400	return -EINVAL;
c756891a	401	}
c5fa7b3c YX	402
	403	tipc_register_callbacks(sock, con);
	404	return 0;
	405	}
	406
	407	static struct outqueue_entry tipc_alloc_entry(void data, int len)
	408	{
	409	struct outqueue_entry *entry;
	410	void *buf;
	411
	412	entry = kmalloc(sizeof(struct outqueue_entry), GFP_ATOMIC);
	413	if (!entry)
	414	return NULL;
	415
810bf110	416	buf = kmemdup(data, len, GFP_ATOMIC);
c5fa7b3c YX	417	if (!buf) {
	418	kfree(entry);
	419	return NULL;
	420	}
	421
c5fa7b3c YX	422	entry->iov.iov_base = buf;
	423	entry->iov.iov_len = len;
	424
	425	return entry;
	426	}
	427
	428	static void tipc_free_entry(struct outqueue_entry *e)
	429	{
	430	kfree(e->iov.iov_base);
	431	kfree(e);
	432	}
	433
	434	static void tipc_clean_outqueues(struct tipc_conn *con)
	435	{
	436	struct outqueue_entry e, safe;
	437
	438	spin_lock_bh(&con->outqueue_lock);
	439	list_for_each_entry_safe(e, safe, &con->outqueue, list) {
	440	list_del(&e->list);
	441	tipc_free_entry(e);
	442	}
	443	spin_unlock_bh(&con->outqueue_lock);
	444	}
	445
	446	int tipc_conn_sendmsg(struct tipc_server *s, int conid,
	447	struct sockaddr_tipc addr, void data, size_t len)
	448	{
	449	struct outqueue_entry *e;
	450	struct tipc_conn *con;
	451
	452	con = tipc_conn_lookup(s, conid);
	453	if (!con)
	454	return -EINVAL;
	455
	456	e = tipc_alloc_entry(data, len);
	457	if (!e) {
	458	conn_put(con);
	459	return -ENOMEM;
	460	}
	461
	462	if (addr)
	463	memcpy(&e->dest, addr, sizeof(struct sockaddr_tipc));
	464
	465	spin_lock_bh(&con->outqueue_lock);
	466	list_add_tail(&e->list, &con->outqueue);
	467	spin_unlock_bh(&con->outqueue_lock);
	468
4652edb7	469	if (test_bit(CF_CONNECTED, &con->flags)) {
c5fa7b3c YX	470	if (!queue_work(s->send_wq, &con->swork))
c5fa7b3c YX	471	conn_put(con);
4652edb7 YX	472	} else {
	473	conn_put(con);
	474	}
c5fa7b3c YX	475	return 0;
	476	}
	477
	478	void tipc_conn_terminate(struct tipc_server *s, int conid)
	479	{
	480	struct tipc_conn *con;
	481
	482	con = tipc_conn_lookup(s, conid);
	483	if (con) {
	484	tipc_close_conn(con);
	485	conn_put(con);
	486	}
	487	}
	488
	489	static void tipc_send_to_sock(struct tipc_conn *con)
	490	{
	491	int count = 0;
	492	struct tipc_server *s = con->server;
	493	struct outqueue_entry *e;
	494	struct msghdr msg;
	495	int ret;
	496
	497	spin_lock_bh(&con->outqueue_lock);
	498	while (1) {
	499	e = list_entry(con->outqueue.next, struct outqueue_entry,
	500	list);
	501	if ((struct list_head *) e == &con->outqueue)
	502	break;
	503	spin_unlock_bh(&con->outqueue_lock);
	504
	505	memset(&msg, 0, sizeof(msg));
	506	msg.msg_flags = MSG_DONTWAIT;
	507
	508	if (s->type == SOCK_DGRAM \|\| s->type == SOCK_RDM) {
	509	msg.msg_name = &e->dest;
	510	msg.msg_namelen = sizeof(struct sockaddr_tipc);
	511	}
	512	ret = kernel_sendmsg(con->sock, &msg, &e->iov, 1,
	513	e->iov.iov_len);
	514	if (ret == -EWOULDBLOCK \|\| ret == 0) {
	515	cond_resched();
	516	goto out;
	517	} else if (ret < 0) {
	518	goto send_err;
	519	}
	520
	521	/* Don't starve users filling buffers */
	522	if (++count >= MAX_SEND_MSG_COUNT) {
	523	cond_resched();
	524	count = 0;
	525	}
	526
	527	spin_lock_bh(&con->outqueue_lock);
	528	list_del(&e->list);
	529	tipc_free_entry(e);
	530	}
	531	spin_unlock_bh(&con->outqueue_lock);
	532	out:
	533	return;
	534
	535	send_err:
	536	tipc_close_conn(con);
	537	}
	538
539	static void tipc_recv_work(struct work_struct *work)
540	{
541	struct tipc_conn *con = container_of(work, struct tipc_conn, rwork);
542	int count = 0;
543
544	while (test_bit(CF_CONNECTED, &con->flags)) {
545	if (con->rx_action(con))
546	break;
547
548	/* Don't flood Rx machine */
549	if (++count >= MAX_RECV_MSG_COUNT) {
550	cond_resched();
551	count = 0;
552	}
553	}
554	conn_put(con);
555	}
556
557	static void tipc_send_work(struct work_struct *work)
558	{
559	struct tipc_conn *con = container_of(work, struct tipc_conn, swork);
560
561	if (test_bit(CF_CONNECTED, &con->flags))
562	tipc_send_to_sock(con);
563
564	conn_put(con);
565	}
566
567	static void tipc_work_stop(struct tipc_server *s)
568	{
569	destroy_workqueue(s->rcv_wq);
570	destroy_workqueue(s->send_wq);
571	}
572
573	static int tipc_work_start(struct tipc_server *s)
574	{
06c8581f	575	s->rcv_wq = alloc_ordered_workqueue("tipc_rcv", 0);
c5fa7b3c YX	576	if (!s->rcv_wq) {
	577	pr_err("can't start tipc receive workqueue\n");
	578	return -ENOMEM;
	579	}
	580
06c8581f	581	s->send_wq = alloc_ordered_workqueue("tipc_send", 0);
c5fa7b3c YX	582	if (!s->send_wq) {
	583	pr_err("can't start tipc send workqueue\n");
	584	destroy_workqueue(s->rcv_wq);
	585	return -ENOMEM;
	586	}
	587
	588	return 0;
	589	}
	590
	591	int tipc_server_start(struct tipc_server *s)
	592	{
	593	int ret;
	594
	595	spin_lock_init(&s->idr_lock);
	596	idr_init(&s->conn_idr);
	597	s->idr_in_use = 0;
	598
	599	s->rcvbuf_cache = kmem_cache_create(s->name, s->max_rcvbuf_size,
	600	0, SLAB_HWCACHE_ALIGN, NULL);
	601	if (!s->rcvbuf_cache)
	602	return -ENOMEM;
	603
	604	ret = tipc_work_start(s);
	605	if (ret < 0) {
	606	kmem_cache_destroy(s->rcvbuf_cache);
	607	return ret;
	608	}
c756891a YX	609	ret = tipc_open_listening_sock(s);
	610	if (ret < 0) {
	611	tipc_work_stop(s);
	612	kmem_cache_destroy(s->rcvbuf_cache);
	613	return ret;
	614	}
c756891a	615	return ret;
c5fa7b3c YX	616	}
	617
	618	void tipc_server_stop(struct tipc_server *s)
	619	{
	620	struct tipc_conn *con;
	621	int total = 0;
	622	int id;
	623
c5fa7b3c YX	624	spin_lock_bh(&s->idr_lock);
	625	for (id = 0; total < s->idr_in_use; id++) {
	626	con = idr_find(&s->conn_idr, id);
	627	if (con) {
	628	total++;
	629	spin_unlock_bh(&s->idr_lock);
	630	tipc_close_conn(con);
	631	spin_lock_bh(&s->idr_lock);
	632	}
	633	}
	634	spin_unlock_bh(&s->idr_lock);
	635
	636	tipc_work_stop(s);
	637	kmem_cache_destroy(s->rcvbuf_cache);
	638	idr_destroy(&s->conn_idr);
	639	}