1 /*
2 * net/tipc/server.c: TIPC server infrastructure
3 *
4 * Copyright (c) 2012-2013, Wind River Systems
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the names of the copyright holders nor the names of its
16 * contributors may be used to endorse or promote products derived from
17 * this software without specific prior written permission.
18 *
19 * Alternatively, this software may be distributed under the terms of the
20 * GNU General Public License ("GPL") version 2 as published by the Free
21 * Software Foundation.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
24 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGE.
34 */
35
36 #include "server.h"
37 #include "core.h"
38 #include "socket.h"
39 #include <net/sock.h>
40 #include <linux/module.h>
41
42 /* Number of messages to send before rescheduling */
43 #define MAX_SEND_MSG_COUNT 25
44 #define MAX_RECV_MSG_COUNT 25
45 #define CF_CONNECTED 1
46 #define CF_SERVER 2
47
48 #define sock2con(x) ((struct tipc_conn *)(x)->sk_user_data)
49
50 /**
51 * struct tipc_conn - TIPC connection structure
52 * @kref: reference counter to connection object
53 * @conid: connection identifier
54 * @sock: socket handler associated with connection
55 * @flags: indicates connection state
56 * @server: pointer to connected server
57 * @rwork: receive work item
58 * @usr_data: user-specified field
59 * @rx_action: what to do when connection socket is active
60 * @outqueue: pointer to first outbound message in queue
61 * @outqueue_lock: control access to the outqueue
62 * @outqueue: list of connection objects for its server
63 * @swork: send work item
64 */
65 struct tipc_conn {
66 struct kref kref;
67 int conid;
68 struct socket *sock;
69 unsigned long flags;
70 struct tipc_server *server;
71 struct work_struct rwork;
72 int (*rx_action) (struct tipc_conn *con);
73 void *usr_data;
74 struct list_head outqueue;
75 spinlock_t outqueue_lock;
76 struct work_struct swork;
77 };
78
79 /* An entry waiting to be sent */
80 struct outqueue_entry {
81 struct list_head list;
82 struct kvec iov;
83 struct sockaddr_tipc dest;
84 };
85
86 static void tipc_recv_work(struct work_struct *work);
87 static void tipc_send_work(struct work_struct *work);
88 static void tipc_clean_outqueues(struct tipc_conn *con);
89
tipc_conn_kref_release(struct kref * kref)90 static void tipc_conn_kref_release(struct kref *kref)
91 {
92 struct tipc_conn *con = container_of(kref, struct tipc_conn, kref);
93 struct tipc_server *s = con->server;
94 struct sockaddr_tipc *saddr = s->saddr;
95 struct socket *sock = con->sock;
96 struct sock *sk;
97
98 if (sock) {
99 sk = sock->sk;
100 if (test_bit(CF_SERVER, &con->flags)) {
101 __module_get(sock->ops->owner);
102 __module_get(sk->sk_prot_creator->owner);
103 }
104 saddr->scope = -TIPC_NODE_SCOPE;
105 kernel_bind(sock, (struct sockaddr *)saddr, sizeof(*saddr));
106 sock_release(sock);
107 con->sock = NULL;
108
109 spin_lock_bh(&s->idr_lock);
110 idr_remove(&s->conn_idr, con->conid);
111 s->idr_in_use--;
112 spin_unlock_bh(&s->idr_lock);
113 }
114
115 tipc_clean_outqueues(con);
116 kfree(con);
117 }
118
conn_put(struct tipc_conn * con)119 static void conn_put(struct tipc_conn *con)
120 {
121 kref_put(&con->kref, tipc_conn_kref_release);
122 }
123
conn_get(struct tipc_conn * con)124 static void conn_get(struct tipc_conn *con)
125 {
126 kref_get(&con->kref);
127 }
128
tipc_conn_lookup(struct tipc_server * s,int conid)129 static struct tipc_conn *tipc_conn_lookup(struct tipc_server *s, int conid)
130 {
131 struct tipc_conn *con;
132
133 spin_lock_bh(&s->idr_lock);
134 con = idr_find(&s->conn_idr, conid);
135 if (con && test_bit(CF_CONNECTED, &con->flags))
136 conn_get(con);
137 else
138 con = NULL;
139 spin_unlock_bh(&s->idr_lock);
140 return con;
141 }
142
sock_data_ready(struct sock * sk)143 static void sock_data_ready(struct sock *sk)
144 {
145 struct tipc_conn *con;
146
147 read_lock_bh(&sk->sk_callback_lock);
148 con = sock2con(sk);
149 if (con && test_bit(CF_CONNECTED, &con->flags)) {
150 conn_get(con);
151 if (!queue_work(con->server->rcv_wq, &con->rwork))
152 conn_put(con);
153 }
154 read_unlock_bh(&sk->sk_callback_lock);
155 }
156
sock_write_space(struct sock * sk)157 static void sock_write_space(struct sock *sk)
158 {
159 struct tipc_conn *con;
160
161 read_lock_bh(&sk->sk_callback_lock);
162 con = sock2con(sk);
163 if (con && test_bit(CF_CONNECTED, &con->flags)) {
164 conn_get(con);
165 if (!queue_work(con->server->send_wq, &con->swork))
166 conn_put(con);
167 }
168 read_unlock_bh(&sk->sk_callback_lock);
169 }
170
tipc_register_callbacks(struct socket * sock,struct tipc_conn * con)171 static void tipc_register_callbacks(struct socket *sock, struct tipc_conn *con)
172 {
173 struct sock *sk = sock->sk;
174
175 write_lock_bh(&sk->sk_callback_lock);
176
177 sk->sk_data_ready = sock_data_ready;
178 sk->sk_write_space = sock_write_space;
179 sk->sk_user_data = con;
180
181 con->sock = sock;
182
183 write_unlock_bh(&sk->sk_callback_lock);
184 }
185
tipc_unregister_callbacks(struct tipc_conn * con)186 static void tipc_unregister_callbacks(struct tipc_conn *con)
187 {
188 struct sock *sk = con->sock->sk;
189
190 write_lock_bh(&sk->sk_callback_lock);
191 sk->sk_user_data = NULL;
192 write_unlock_bh(&sk->sk_callback_lock);
193 }
194
tipc_close_conn(struct tipc_conn * con)195 static void tipc_close_conn(struct tipc_conn *con)
196 {
197 struct tipc_server *s = con->server;
198
199 if (test_and_clear_bit(CF_CONNECTED, &con->flags)) {
200 tipc_unregister_callbacks(con);
201
202 if (con->conid)
203 s->tipc_conn_release(con->conid, con->usr_data);
204
205 /* We shouldn't flush pending works as we may be in the
206 * thread. In fact the races with pending rx/tx work structs
207 * are harmless for us here as we have already deleted this
208 * connection from server connection list.
209 */
210 kernel_sock_shutdown(con->sock, SHUT_RDWR);
211
212 conn_put(con);
213 }
214 }
215
tipc_alloc_conn(struct tipc_server * s)216 static struct tipc_conn *tipc_alloc_conn(struct tipc_server *s)
217 {
218 struct tipc_conn *con;
219 int ret;
220
221 con = kzalloc(sizeof(struct tipc_conn), GFP_ATOMIC);
222 if (!con)
223 return ERR_PTR(-ENOMEM);
224
225 kref_init(&con->kref);
226 INIT_LIST_HEAD(&con->outqueue);
227 spin_lock_init(&con->outqueue_lock);
228 INIT_WORK(&con->swork, tipc_send_work);
229 INIT_WORK(&con->rwork, tipc_recv_work);
230
231 spin_lock_bh(&s->idr_lock);
232 ret = idr_alloc(&s->conn_idr, con, 0, 0, GFP_ATOMIC);
233 if (ret < 0) {
234 kfree(con);
235 spin_unlock_bh(&s->idr_lock);
236 return ERR_PTR(-ENOMEM);
237 }
238 con->conid = ret;
239 s->idr_in_use++;
240 spin_unlock_bh(&s->idr_lock);
241
242 set_bit(CF_CONNECTED, &con->flags);
243 con->server = s;
244
245 return con;
246 }
247
tipc_receive_from_sock(struct tipc_conn * con)248 static int tipc_receive_from_sock(struct tipc_conn *con)
249 {
250 struct msghdr msg = {};
251 struct tipc_server *s = con->server;
252 struct sockaddr_tipc addr;
253 struct kvec iov;
254 void *buf;
255 int ret;
256
257 buf = kmem_cache_alloc(s->rcvbuf_cache, GFP_ATOMIC);
258 if (!buf) {
259 ret = -ENOMEM;
260 goto out_close;
261 }
262
263 iov.iov_base = buf;
264 iov.iov_len = s->max_rcvbuf_size;
265 msg.msg_name = &addr;
266 ret = kernel_recvmsg(con->sock, &msg, &iov, 1, iov.iov_len,
267 MSG_DONTWAIT);
268 if (ret <= 0) {
269 kmem_cache_free(s->rcvbuf_cache, buf);
270 goto out_close;
271 }
272
273 s->tipc_conn_recvmsg(sock_net(con->sock->sk), con->conid, &addr,
274 con->usr_data, buf, ret);
275
276 kmem_cache_free(s->rcvbuf_cache, buf);
277
278 return 0;
279
280 out_close:
281 if (ret != -EWOULDBLOCK)
282 tipc_close_conn(con);
283 else if (ret == 0)
284 /* Don't return success if we really got EOF */
285 ret = -EAGAIN;
286
287 return ret;
288 }
289
tipc_accept_from_sock(struct tipc_conn * con)290 static int tipc_accept_from_sock(struct tipc_conn *con)
291 {
292 struct tipc_server *s = con->server;
293 struct socket *sock = con->sock;
294 struct socket *newsock;
295 struct tipc_conn *newcon;
296 int ret;
297
298 ret = kernel_accept(sock, &newsock, O_NONBLOCK);
299 if (ret < 0)
300 return ret;
301
302 newcon = tipc_alloc_conn(con->server);
303 if (IS_ERR(newcon)) {
304 ret = PTR_ERR(newcon);
305 sock_release(newsock);
306 return ret;
307 }
308
309 newcon->rx_action = tipc_receive_from_sock;
310 tipc_register_callbacks(newsock, newcon);
311
312 /* Notify that new connection is incoming */
313 newcon->usr_data = s->tipc_conn_new(newcon->conid);
314 if (!newcon->usr_data) {
315 sock_release(newsock);
316 conn_put(newcon);
317 return -ENOMEM;
318 }
319
320 /* Wake up receive process in case of 'SYN+' message */
321 newsock->sk->sk_data_ready(newsock->sk);
322 return ret;
323 }
324
tipc_create_listen_sock(struct tipc_conn * con)325 static struct socket *tipc_create_listen_sock(struct tipc_conn *con)
326 {
327 struct tipc_server *s = con->server;
328 struct socket *sock = NULL;
329 int ret;
330
331 ret = sock_create_kern(s->net, AF_TIPC, SOCK_SEQPACKET, 0, &sock);
332 if (ret < 0)
333 return NULL;
334 ret = kernel_setsockopt(sock, SOL_TIPC, TIPC_IMPORTANCE,
335 (char *)&s->imp, sizeof(s->imp));
336 if (ret < 0)
337 goto create_err;
338 ret = kernel_bind(sock, (struct sockaddr *)s->saddr, sizeof(*s->saddr));
339 if (ret < 0)
340 goto create_err;
341
342 switch (s->type) {
343 case SOCK_STREAM:
344 case SOCK_SEQPACKET:
345 con->rx_action = tipc_accept_from_sock;
346
347 ret = kernel_listen(sock, 0);
348 if (ret < 0)
349 goto create_err;
350 break;
351 case SOCK_DGRAM:
352 case SOCK_RDM:
353 con->rx_action = tipc_receive_from_sock;
354 break;
355 default:
356 pr_err("Unknown socket type %d\n", s->type);
357 goto create_err;
358 }
359
360 /* As server's listening socket owner and creator is the same module,
361 * we have to decrease TIPC module reference count to guarantee that
362 * it remains zero after the server socket is created, otherwise,
363 * executing "rmmod" command is unable to make TIPC module deleted
364 * after TIPC module is inserted successfully.
365 *
366 * However, the reference count is ever increased twice in
367 * sock_create_kern(): one is to increase the reference count of owner
368 * of TIPC socket's proto_ops struct; another is to increment the
369 * reference count of owner of TIPC proto struct. Therefore, we must
370 * decrement the module reference count twice to ensure that it keeps
371 * zero after server's listening socket is created. Of course, we
372 * must bump the module reference count twice as well before the socket
373 * is closed.
374 */
375 module_put(sock->ops->owner);
376 module_put(sock->sk->sk_prot_creator->owner);
377 set_bit(CF_SERVER, &con->flags);
378
379 return sock;
380
381 create_err:
382 kernel_sock_shutdown(sock, SHUT_RDWR);
383 sock_release(sock);
384 return NULL;
385 }
386
tipc_open_listening_sock(struct tipc_server * s)387 static int tipc_open_listening_sock(struct tipc_server *s)
388 {
389 struct socket *sock;
390 struct tipc_conn *con;
391
392 con = tipc_alloc_conn(s);
393 if (IS_ERR(con))
394 return PTR_ERR(con);
395
396 sock = tipc_create_listen_sock(con);
397 if (!sock) {
398 idr_remove(&s->conn_idr, con->conid);
399 s->idr_in_use--;
400 kfree(con);
401 return -EINVAL;
402 }
403
404 tipc_register_callbacks(sock, con);
405 return 0;
406 }
407
tipc_alloc_entry(void * data,int len)408 static struct outqueue_entry *tipc_alloc_entry(void *data, int len)
409 {
410 struct outqueue_entry *entry;
411 void *buf;
412
413 entry = kmalloc(sizeof(struct outqueue_entry), GFP_ATOMIC);
414 if (!entry)
415 return NULL;
416
417 buf = kmemdup(data, len, GFP_ATOMIC);
418 if (!buf) {
419 kfree(entry);
420 return NULL;
421 }
422
423 entry->iov.iov_base = buf;
424 entry->iov.iov_len = len;
425
426 return entry;
427 }
428
tipc_free_entry(struct outqueue_entry * e)429 static void tipc_free_entry(struct outqueue_entry *e)
430 {
431 kfree(e->iov.iov_base);
432 kfree(e);
433 }
434
tipc_clean_outqueues(struct tipc_conn * con)435 static void tipc_clean_outqueues(struct tipc_conn *con)
436 {
437 struct outqueue_entry *e, *safe;
438
439 spin_lock_bh(&con->outqueue_lock);
440 list_for_each_entry_safe(e, safe, &con->outqueue, list) {
441 list_del(&e->list);
442 tipc_free_entry(e);
443 }
444 spin_unlock_bh(&con->outqueue_lock);
445 }
446
tipc_conn_sendmsg(struct tipc_server * s,int conid,struct sockaddr_tipc * addr,void * data,size_t len)447 int tipc_conn_sendmsg(struct tipc_server *s, int conid,
448 struct sockaddr_tipc *addr, void *data, size_t len)
449 {
450 struct outqueue_entry *e;
451 struct tipc_conn *con;
452
453 con = tipc_conn_lookup(s, conid);
454 if (!con)
455 return -EINVAL;
456
457 if (!test_bit(CF_CONNECTED, &con->flags)) {
458 conn_put(con);
459 return 0;
460 }
461
462 e = tipc_alloc_entry(data, len);
463 if (!e) {
464 conn_put(con);
465 return -ENOMEM;
466 }
467
468 if (addr)
469 memcpy(&e->dest, addr, sizeof(struct sockaddr_tipc));
470
471 spin_lock_bh(&con->outqueue_lock);
472 list_add_tail(&e->list, &con->outqueue);
473 spin_unlock_bh(&con->outqueue_lock);
474
475 if (!queue_work(s->send_wq, &con->swork))
476 conn_put(con);
477 return 0;
478 }
479
tipc_conn_terminate(struct tipc_server * s,int conid)480 void tipc_conn_terminate(struct tipc_server *s, int conid)
481 {
482 struct tipc_conn *con;
483
484 con = tipc_conn_lookup(s, conid);
485 if (con) {
486 tipc_close_conn(con);
487 conn_put(con);
488 }
489 }
490
tipc_send_to_sock(struct tipc_conn * con)491 static void tipc_send_to_sock(struct tipc_conn *con)
492 {
493 int count = 0;
494 struct tipc_server *s = con->server;
495 struct outqueue_entry *e;
496 struct msghdr msg;
497 int ret;
498
499 spin_lock_bh(&con->outqueue_lock);
500 while (test_bit(CF_CONNECTED, &con->flags)) {
501 e = list_entry(con->outqueue.next, struct outqueue_entry,
502 list);
503 if ((struct list_head *) e == &con->outqueue)
504 break;
505 spin_unlock_bh(&con->outqueue_lock);
506
507 memset(&msg, 0, sizeof(msg));
508 msg.msg_flags = MSG_DONTWAIT;
509
510 if (s->type == SOCK_DGRAM || s->type == SOCK_RDM) {
511 msg.msg_name = &e->dest;
512 msg.msg_namelen = sizeof(struct sockaddr_tipc);
513 }
514 ret = kernel_sendmsg(con->sock, &msg, &e->iov, 1,
515 e->iov.iov_len);
516 if (ret == -EWOULDBLOCK || ret == 0) {
517 cond_resched();
518 goto out;
519 } else if (ret < 0) {
520 goto send_err;
521 }
522
523 /* Don't starve users filling buffers */
524 if (++count >= MAX_SEND_MSG_COUNT) {
525 cond_resched();
526 count = 0;
527 }
528
529 spin_lock_bh(&con->outqueue_lock);
530 list_del(&e->list);
531 tipc_free_entry(e);
532 }
533 spin_unlock_bh(&con->outqueue_lock);
534 out:
535 return;
536
537 send_err:
538 tipc_close_conn(con);
539 }
540
tipc_recv_work(struct work_struct * work)541 static void tipc_recv_work(struct work_struct *work)
542 {
543 struct tipc_conn *con = container_of(work, struct tipc_conn, rwork);
544 int count = 0;
545
546 while (test_bit(CF_CONNECTED, &con->flags)) {
547 if (con->rx_action(con))
548 break;
549
550 /* Don't flood Rx machine */
551 if (++count >= MAX_RECV_MSG_COUNT) {
552 cond_resched();
553 count = 0;
554 }
555 }
556 conn_put(con);
557 }
558
tipc_send_work(struct work_struct * work)559 static void tipc_send_work(struct work_struct *work)
560 {
561 struct tipc_conn *con = container_of(work, struct tipc_conn, swork);
562
563 if (test_bit(CF_CONNECTED, &con->flags))
564 tipc_send_to_sock(con);
565
566 conn_put(con);
567 }
568
tipc_work_stop(struct tipc_server * s)569 static void tipc_work_stop(struct tipc_server *s)
570 {
571 destroy_workqueue(s->rcv_wq);
572 destroy_workqueue(s->send_wq);
573 }
574
tipc_work_start(struct tipc_server * s)575 static int tipc_work_start(struct tipc_server *s)
576 {
577 s->rcv_wq = alloc_ordered_workqueue("tipc_rcv", 0);
578 if (!s->rcv_wq) {
579 pr_err("can't start tipc receive workqueue\n");
580 return -ENOMEM;
581 }
582
583 s->send_wq = alloc_ordered_workqueue("tipc_send", 0);
584 if (!s->send_wq) {
585 pr_err("can't start tipc send workqueue\n");
586 destroy_workqueue(s->rcv_wq);
587 return -ENOMEM;
588 }
589
590 return 0;
591 }
592
tipc_server_start(struct tipc_server * s)593 int tipc_server_start(struct tipc_server *s)
594 {
595 int ret;
596
597 spin_lock_init(&s->idr_lock);
598 idr_init(&s->conn_idr);
599 s->idr_in_use = 0;
600
601 s->rcvbuf_cache = kmem_cache_create(s->name, s->max_rcvbuf_size,
602 0, SLAB_HWCACHE_ALIGN, NULL);
603 if (!s->rcvbuf_cache)
604 return -ENOMEM;
605
606 ret = tipc_work_start(s);
607 if (ret < 0) {
608 kmem_cache_destroy(s->rcvbuf_cache);
609 return ret;
610 }
611 ret = tipc_open_listening_sock(s);
612 if (ret < 0) {
613 tipc_work_stop(s);
614 kmem_cache_destroy(s->rcvbuf_cache);
615 return ret;
616 }
617 return ret;
618 }
619
tipc_server_stop(struct tipc_server * s)620 void tipc_server_stop(struct tipc_server *s)
621 {
622 struct tipc_conn *con;
623 int id;
624
625 spin_lock_bh(&s->idr_lock);
626 for (id = 0; s->idr_in_use; id++) {
627 con = idr_find(&s->conn_idr, id);
628 if (con) {
629 spin_unlock_bh(&s->idr_lock);
630 tipc_close_conn(con);
631 spin_lock_bh(&s->idr_lock);
632 }
633 }
634 spin_unlock_bh(&s->idr_lock);
635
636 tipc_work_stop(s);
637 kmem_cache_destroy(s->rcvbuf_cache);
638 idr_destroy(&s->conn_idr);
639 }
640