1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* RxRPC individual remote procedure call handling 3 * 4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 9 10 #include <linux/slab.h> 11 #include <linux/module.h> 12 #include <linux/circ_buf.h> 13 #include <linux/spinlock_types.h> 14 #include <net/sock.h> 15 #include <net/af_rxrpc.h> 16 #include "ar-internal.h" 17 18 const char *const rxrpc_call_states[NR__RXRPC_CALL_STATES] = { 19 [RXRPC_CALL_UNINITIALISED] = "Uninit ", 20 [RXRPC_CALL_CLIENT_AWAIT_CONN] = "ClWtConn", 21 [RXRPC_CALL_CLIENT_SEND_REQUEST] = "ClSndReq", 22 [RXRPC_CALL_CLIENT_AWAIT_REPLY] = "ClAwtRpl", 23 [RXRPC_CALL_CLIENT_RECV_REPLY] = "ClRcvRpl", 24 [RXRPC_CALL_SERVER_PREALLOC] = "SvPrealc", 25 [RXRPC_CALL_SERVER_SECURING] = "SvSecure", 26 [RXRPC_CALL_SERVER_RECV_REQUEST] = "SvRcvReq", 27 [RXRPC_CALL_SERVER_ACK_REQUEST] = "SvAckReq", 28 [RXRPC_CALL_SERVER_SEND_REPLY] = "SvSndRpl", 29 [RXRPC_CALL_SERVER_AWAIT_ACK] = "SvAwtACK", 30 [RXRPC_CALL_COMPLETE] = "Complete", 31 }; 32 33 const char *const rxrpc_call_completions[NR__RXRPC_CALL_COMPLETIONS] = { 34 [RXRPC_CALL_SUCCEEDED] = "Complete", 35 [RXRPC_CALL_REMOTELY_ABORTED] = "RmtAbort", 36 [RXRPC_CALL_LOCALLY_ABORTED] = "LocAbort", 37 [RXRPC_CALL_LOCAL_ERROR] = "LocError", 38 [RXRPC_CALL_NETWORK_ERROR] = "NetError", 39 }; 40 41 struct kmem_cache *rxrpc_call_jar; 42 43 static struct semaphore rxrpc_call_limiter = 44 __SEMAPHORE_INITIALIZER(rxrpc_call_limiter, 1000); 45 static struct semaphore rxrpc_kernel_call_limiter = 46 __SEMAPHORE_INITIALIZER(rxrpc_kernel_call_limiter, 1000); 47 rxrpc_call_timer_expired(struct timer_list * t)48 static void rxrpc_call_timer_expired(struct timer_list *t) 49 { 50 struct rxrpc_call *call = from_timer(call, t, timer); 51 52 _enter("%d", call->debug_id); 53 54 if (call->state < RXRPC_CALL_COMPLETE) { 55 trace_rxrpc_timer(call, rxrpc_timer_expired, jiffies); 56 __rxrpc_queue_call(call); 57 } else { 58 rxrpc_put_call(call, rxrpc_call_put); 59 } 60 } 61 rxrpc_reduce_call_timer(struct rxrpc_call * call,unsigned long expire_at,unsigned long now,enum rxrpc_timer_trace why)62 void rxrpc_reduce_call_timer(struct rxrpc_call *call, 63 unsigned long expire_at, 64 unsigned long now, 65 enum rxrpc_timer_trace why) 66 { 67 if (rxrpc_try_get_call(call, rxrpc_call_got_timer)) { 68 trace_rxrpc_timer(call, why, now); 69 if (timer_reduce(&call->timer, expire_at)) 70 rxrpc_put_call(call, rxrpc_call_put_notimer); 71 } 72 } 73 rxrpc_delete_call_timer(struct rxrpc_call * call)74 void rxrpc_delete_call_timer(struct rxrpc_call *call) 75 { 76 if (del_timer_sync(&call->timer)) 77 rxrpc_put_call(call, rxrpc_call_put_timer); 78 } 79 80 static struct lock_class_key rxrpc_call_user_mutex_lock_class_key; 81 82 /* 83 * find an extant server call 84 * - called in process context with IRQs enabled 85 */ rxrpc_find_call_by_user_ID(struct rxrpc_sock * rx,unsigned long user_call_ID)86 struct rxrpc_call *rxrpc_find_call_by_user_ID(struct rxrpc_sock *rx, 87 unsigned long user_call_ID) 88 { 89 struct rxrpc_call *call; 90 struct rb_node *p; 91 92 _enter("%p,%lx", rx, user_call_ID); 93 94 read_lock(&rx->call_lock); 95 96 p = rx->calls.rb_node; 97 while (p) { 98 call = rb_entry(p, struct rxrpc_call, sock_node); 99 100 if (user_call_ID < call->user_call_ID) 101 p = p->rb_left; 102 else if (user_call_ID > call->user_call_ID) 103 p = p->rb_right; 104 else 105 goto found_extant_call; 106 } 107 108 read_unlock(&rx->call_lock); 109 _leave(" = NULL"); 110 return NULL; 111 112 found_extant_call: 113 rxrpc_get_call(call, rxrpc_call_got); 114 read_unlock(&rx->call_lock); 115 _leave(" = %p [%d]", call, refcount_read(&call->ref)); 116 return call; 117 } 118 119 /* 120 * allocate a new call 121 */ rxrpc_alloc_call(struct rxrpc_sock * rx,gfp_t gfp,unsigned int debug_id)122 struct rxrpc_call *rxrpc_alloc_call(struct rxrpc_sock *rx, gfp_t gfp, 123 unsigned int debug_id) 124 { 125 struct rxrpc_call *call; 126 struct rxrpc_net *rxnet = rxrpc_net(sock_net(&rx->sk)); 127 128 call = kmem_cache_zalloc(rxrpc_call_jar, gfp); 129 if (!call) 130 return NULL; 131 132 call->rxtx_buffer = kcalloc(RXRPC_RXTX_BUFF_SIZE, 133 sizeof(struct sk_buff *), 134 gfp); 135 if (!call->rxtx_buffer) 136 goto nomem; 137 138 call->rxtx_annotations = kcalloc(RXRPC_RXTX_BUFF_SIZE, sizeof(u8), gfp); 139 if (!call->rxtx_annotations) 140 goto nomem_2; 141 142 mutex_init(&call->user_mutex); 143 144 /* Prevent lockdep reporting a deadlock false positive between the afs 145 * filesystem and sys_sendmsg() via the mmap sem. 146 */ 147 if (rx->sk.sk_kern_sock) 148 lockdep_set_class(&call->user_mutex, 149 &rxrpc_call_user_mutex_lock_class_key); 150 151 timer_setup(&call->timer, rxrpc_call_timer_expired, 0); 152 INIT_WORK(&call->processor, &rxrpc_process_call); 153 INIT_LIST_HEAD(&call->link); 154 INIT_LIST_HEAD(&call->chan_wait_link); 155 INIT_LIST_HEAD(&call->accept_link); 156 INIT_LIST_HEAD(&call->recvmsg_link); 157 INIT_LIST_HEAD(&call->sock_link); 158 init_waitqueue_head(&call->waitq); 159 spin_lock_init(&call->lock); 160 spin_lock_init(&call->notify_lock); 161 spin_lock_init(&call->input_lock); 162 rwlock_init(&call->state_lock); 163 refcount_set(&call->ref, 1); 164 call->debug_id = debug_id; 165 call->tx_total_len = -1; 166 call->next_rx_timo = 20 * HZ; 167 call->next_req_timo = 1 * HZ; 168 169 memset(&call->sock_node, 0xed, sizeof(call->sock_node)); 170 171 /* Leave space in the ring to handle a maxed-out jumbo packet */ 172 call->rx_winsize = rxrpc_rx_window_size; 173 call->tx_winsize = 16; 174 call->rx_expect_next = 1; 175 176 call->cong_cwnd = 2; 177 call->cong_ssthresh = RXRPC_RXTX_BUFF_SIZE - 1; 178 179 call->rxnet = rxnet; 180 call->rtt_avail = RXRPC_CALL_RTT_AVAIL_MASK; 181 atomic_inc(&rxnet->nr_calls); 182 return call; 183 184 nomem_2: 185 kfree(call->rxtx_buffer); 186 nomem: 187 kmem_cache_free(rxrpc_call_jar, call); 188 return NULL; 189 } 190 191 /* 192 * Allocate a new client call. 193 */ rxrpc_alloc_client_call(struct rxrpc_sock * rx,struct sockaddr_rxrpc * srx,gfp_t gfp,unsigned int debug_id)194 static struct rxrpc_call *rxrpc_alloc_client_call(struct rxrpc_sock *rx, 195 struct sockaddr_rxrpc *srx, 196 gfp_t gfp, 197 unsigned int debug_id) 198 { 199 struct rxrpc_call *call; 200 ktime_t now; 201 202 _enter(""); 203 204 call = rxrpc_alloc_call(rx, gfp, debug_id); 205 if (!call) 206 return ERR_PTR(-ENOMEM); 207 call->state = RXRPC_CALL_CLIENT_AWAIT_CONN; 208 call->service_id = srx->srx_service; 209 call->tx_phase = true; 210 now = ktime_get_real(); 211 call->acks_latest_ts = now; 212 call->cong_tstamp = now; 213 214 _leave(" = %p", call); 215 return call; 216 } 217 218 /* 219 * Initiate the call ack/resend/expiry timer. 220 */ rxrpc_start_call_timer(struct rxrpc_call * call)221 static void rxrpc_start_call_timer(struct rxrpc_call *call) 222 { 223 unsigned long now = jiffies; 224 unsigned long j = now + MAX_JIFFY_OFFSET; 225 226 call->ack_at = j; 227 call->ack_lost_at = j; 228 call->resend_at = j; 229 call->ping_at = j; 230 call->expect_rx_by = j; 231 call->expect_req_by = j; 232 call->expect_term_by = j; 233 call->timer.expires = now; 234 } 235 236 /* 237 * Wait for a call slot to become available. 238 */ rxrpc_get_call_slot(struct rxrpc_call_params * p,gfp_t gfp)239 static struct semaphore *rxrpc_get_call_slot(struct rxrpc_call_params *p, gfp_t gfp) 240 { 241 struct semaphore *limiter = &rxrpc_call_limiter; 242 243 if (p->kernel) 244 limiter = &rxrpc_kernel_call_limiter; 245 if (p->interruptibility == RXRPC_UNINTERRUPTIBLE) { 246 down(limiter); 247 return limiter; 248 } 249 return down_interruptible(limiter) < 0 ? NULL : limiter; 250 } 251 252 /* 253 * Release a call slot. 254 */ rxrpc_put_call_slot(struct rxrpc_call * call)255 static void rxrpc_put_call_slot(struct rxrpc_call *call) 256 { 257 struct semaphore *limiter = &rxrpc_call_limiter; 258 259 if (test_bit(RXRPC_CALL_KERNEL, &call->flags)) 260 limiter = &rxrpc_kernel_call_limiter; 261 up(limiter); 262 } 263 264 /* 265 * Set up a call for the given parameters. 266 * - Called with the socket lock held, which it must release. 267 * - If it returns a call, the call's lock will need releasing by the caller. 268 */ rxrpc_new_client_call(struct rxrpc_sock * rx,struct rxrpc_conn_parameters * cp,struct sockaddr_rxrpc * srx,struct rxrpc_call_params * p,gfp_t gfp,unsigned int debug_id)269 struct rxrpc_call *rxrpc_new_client_call(struct rxrpc_sock *rx, 270 struct rxrpc_conn_parameters *cp, 271 struct sockaddr_rxrpc *srx, 272 struct rxrpc_call_params *p, 273 gfp_t gfp, 274 unsigned int debug_id) 275 __releases(&rx->sk.sk_lock.slock) 276 __acquires(&call->user_mutex) 277 { 278 struct rxrpc_call *call, *xcall; 279 struct rxrpc_net *rxnet; 280 struct semaphore *limiter; 281 struct rb_node *parent, **pp; 282 const void *here = __builtin_return_address(0); 283 int ret; 284 285 _enter("%p,%lx", rx, p->user_call_ID); 286 287 limiter = rxrpc_get_call_slot(p, gfp); 288 if (!limiter) { 289 release_sock(&rx->sk); 290 return ERR_PTR(-ERESTARTSYS); 291 } 292 293 call = rxrpc_alloc_client_call(rx, srx, gfp, debug_id); 294 if (IS_ERR(call)) { 295 release_sock(&rx->sk); 296 up(limiter); 297 _leave(" = %ld", PTR_ERR(call)); 298 return call; 299 } 300 301 call->interruptibility = p->interruptibility; 302 call->tx_total_len = p->tx_total_len; 303 trace_rxrpc_call(call->debug_id, rxrpc_call_new_client, 304 refcount_read(&call->ref), 305 here, (const void *)p->user_call_ID); 306 if (p->kernel) 307 __set_bit(RXRPC_CALL_KERNEL, &call->flags); 308 309 /* We need to protect a partially set up call against the user as we 310 * will be acting outside the socket lock. 311 */ 312 mutex_lock(&call->user_mutex); 313 314 /* Publish the call, even though it is incompletely set up as yet */ 315 write_lock(&rx->call_lock); 316 317 pp = &rx->calls.rb_node; 318 parent = NULL; 319 while (*pp) { 320 parent = *pp; 321 xcall = rb_entry(parent, struct rxrpc_call, sock_node); 322 323 if (p->user_call_ID < xcall->user_call_ID) 324 pp = &(*pp)->rb_left; 325 else if (p->user_call_ID > xcall->user_call_ID) 326 pp = &(*pp)->rb_right; 327 else 328 goto error_dup_user_ID; 329 } 330 331 rcu_assign_pointer(call->socket, rx); 332 call->user_call_ID = p->user_call_ID; 333 __set_bit(RXRPC_CALL_HAS_USERID, &call->flags); 334 rxrpc_get_call(call, rxrpc_call_got_userid); 335 rb_link_node(&call->sock_node, parent, pp); 336 rb_insert_color(&call->sock_node, &rx->calls); 337 list_add(&call->sock_link, &rx->sock_calls); 338 339 write_unlock(&rx->call_lock); 340 341 rxnet = call->rxnet; 342 spin_lock_bh(&rxnet->call_lock); 343 list_add_tail_rcu(&call->link, &rxnet->calls); 344 spin_unlock_bh(&rxnet->call_lock); 345 346 /* From this point on, the call is protected by its own lock. */ 347 release_sock(&rx->sk); 348 349 /* Set up or get a connection record and set the protocol parameters, 350 * including channel number and call ID. 351 */ 352 ret = rxrpc_connect_call(rx, call, cp, srx, gfp); 353 if (ret < 0) 354 goto error_attached_to_socket; 355 356 trace_rxrpc_call(call->debug_id, rxrpc_call_connected, 357 refcount_read(&call->ref), here, NULL); 358 359 rxrpc_start_call_timer(call); 360 361 _net("CALL new %d on CONN %d", call->debug_id, call->conn->debug_id); 362 363 _leave(" = %p [new]", call); 364 return call; 365 366 /* We unexpectedly found the user ID in the list after taking 367 * the call_lock. This shouldn't happen unless the user races 368 * with itself and tries to add the same user ID twice at the 369 * same time in different threads. 370 */ 371 error_dup_user_ID: 372 write_unlock(&rx->call_lock); 373 release_sock(&rx->sk); 374 __rxrpc_set_call_completion(call, RXRPC_CALL_LOCAL_ERROR, 375 RX_CALL_DEAD, -EEXIST); 376 trace_rxrpc_call(call->debug_id, rxrpc_call_error, 377 refcount_read(&call->ref), here, ERR_PTR(-EEXIST)); 378 rxrpc_release_call(rx, call); 379 mutex_unlock(&call->user_mutex); 380 rxrpc_put_call(call, rxrpc_call_put); 381 _leave(" = -EEXIST"); 382 return ERR_PTR(-EEXIST); 383 384 /* We got an error, but the call is attached to the socket and is in 385 * need of release. However, we might now race with recvmsg() when 386 * completing the call queues it. Return 0 from sys_sendmsg() and 387 * leave the error to recvmsg() to deal with. 388 */ 389 error_attached_to_socket: 390 trace_rxrpc_call(call->debug_id, rxrpc_call_error, 391 refcount_read(&call->ref), here, ERR_PTR(ret)); 392 set_bit(RXRPC_CALL_DISCONNECTED, &call->flags); 393 __rxrpc_set_call_completion(call, RXRPC_CALL_LOCAL_ERROR, 394 RX_CALL_DEAD, ret); 395 _leave(" = c=%08x [err]", call->debug_id); 396 return call; 397 } 398 399 /* 400 * Set up an incoming call. call->conn points to the connection. 401 * This is called in BH context and isn't allowed to fail. 402 */ rxrpc_incoming_call(struct rxrpc_sock * rx,struct rxrpc_call * call,struct sk_buff * skb)403 void rxrpc_incoming_call(struct rxrpc_sock *rx, 404 struct rxrpc_call *call, 405 struct sk_buff *skb) 406 { 407 struct rxrpc_connection *conn = call->conn; 408 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 409 u32 chan; 410 411 _enter(",%d", call->conn->debug_id); 412 413 rcu_assign_pointer(call->socket, rx); 414 call->call_id = sp->hdr.callNumber; 415 call->service_id = sp->hdr.serviceId; 416 call->cid = sp->hdr.cid; 417 call->state = RXRPC_CALL_SERVER_SECURING; 418 call->cong_tstamp = skb->tstamp; 419 420 /* Set the channel for this call. We don't get channel_lock as we're 421 * only defending against the data_ready handler (which we're called 422 * from) and the RESPONSE packet parser (which is only really 423 * interested in call_counter and can cope with a disagreement with the 424 * call pointer). 425 */ 426 chan = sp->hdr.cid & RXRPC_CHANNELMASK; 427 conn->channels[chan].call_counter = call->call_id; 428 conn->channels[chan].call_id = call->call_id; 429 rcu_assign_pointer(conn->channels[chan].call, call); 430 431 spin_lock(&conn->params.peer->lock); 432 hlist_add_head_rcu(&call->error_link, &conn->params.peer->error_targets); 433 spin_unlock(&conn->params.peer->lock); 434 435 _net("CALL incoming %d on CONN %d", call->debug_id, call->conn->debug_id); 436 437 rxrpc_start_call_timer(call); 438 _leave(""); 439 } 440 441 /* 442 * Queue a call's work processor, getting a ref to pass to the work queue. 443 */ rxrpc_queue_call(struct rxrpc_call * call)444 bool rxrpc_queue_call(struct rxrpc_call *call) 445 { 446 const void *here = __builtin_return_address(0); 447 int n; 448 449 if (!__refcount_inc_not_zero(&call->ref, &n)) 450 return false; 451 if (rxrpc_queue_work(&call->processor)) 452 trace_rxrpc_call(call->debug_id, rxrpc_call_queued, n + 1, 453 here, NULL); 454 else 455 rxrpc_put_call(call, rxrpc_call_put_noqueue); 456 return true; 457 } 458 459 /* 460 * Queue a call's work processor, passing the callers ref to the work queue. 461 */ __rxrpc_queue_call(struct rxrpc_call * call)462 bool __rxrpc_queue_call(struct rxrpc_call *call) 463 { 464 const void *here = __builtin_return_address(0); 465 int n = refcount_read(&call->ref); 466 ASSERTCMP(n, >=, 1); 467 if (rxrpc_queue_work(&call->processor)) 468 trace_rxrpc_call(call->debug_id, rxrpc_call_queued_ref, n, 469 here, NULL); 470 else 471 rxrpc_put_call(call, rxrpc_call_put_noqueue); 472 return true; 473 } 474 475 /* 476 * Note the re-emergence of a call. 477 */ rxrpc_see_call(struct rxrpc_call * call)478 void rxrpc_see_call(struct rxrpc_call *call) 479 { 480 const void *here = __builtin_return_address(0); 481 if (call) { 482 int n = refcount_read(&call->ref); 483 484 trace_rxrpc_call(call->debug_id, rxrpc_call_seen, n, 485 here, NULL); 486 } 487 } 488 rxrpc_try_get_call(struct rxrpc_call * call,enum rxrpc_call_trace op)489 bool rxrpc_try_get_call(struct rxrpc_call *call, enum rxrpc_call_trace op) 490 { 491 const void *here = __builtin_return_address(0); 492 int n; 493 494 if (!__refcount_inc_not_zero(&call->ref, &n)) 495 return false; 496 trace_rxrpc_call(call->debug_id, op, n + 1, here, NULL); 497 return true; 498 } 499 500 /* 501 * Note the addition of a ref on a call. 502 */ rxrpc_get_call(struct rxrpc_call * call,enum rxrpc_call_trace op)503 void rxrpc_get_call(struct rxrpc_call *call, enum rxrpc_call_trace op) 504 { 505 const void *here = __builtin_return_address(0); 506 int n; 507 508 __refcount_inc(&call->ref, &n); 509 trace_rxrpc_call(call->debug_id, op, n + 1, here, NULL); 510 } 511 512 /* 513 * Clean up the RxTx skb ring. 514 */ rxrpc_cleanup_ring(struct rxrpc_call * call)515 static void rxrpc_cleanup_ring(struct rxrpc_call *call) 516 { 517 int i; 518 519 for (i = 0; i < RXRPC_RXTX_BUFF_SIZE; i++) { 520 rxrpc_free_skb(call->rxtx_buffer[i], rxrpc_skb_cleaned); 521 call->rxtx_buffer[i] = NULL; 522 } 523 } 524 525 /* 526 * Detach a call from its owning socket. 527 */ rxrpc_release_call(struct rxrpc_sock * rx,struct rxrpc_call * call)528 void rxrpc_release_call(struct rxrpc_sock *rx, struct rxrpc_call *call) 529 { 530 const void *here = __builtin_return_address(0); 531 struct rxrpc_connection *conn = call->conn; 532 bool put = false; 533 534 _enter("{%d,%d}", call->debug_id, refcount_read(&call->ref)); 535 536 trace_rxrpc_call(call->debug_id, rxrpc_call_release, 537 refcount_read(&call->ref), 538 here, (const void *)call->flags); 539 540 ASSERTCMP(call->state, ==, RXRPC_CALL_COMPLETE); 541 542 spin_lock_bh(&call->lock); 543 if (test_and_set_bit(RXRPC_CALL_RELEASED, &call->flags)) 544 BUG(); 545 spin_unlock_bh(&call->lock); 546 547 rxrpc_put_call_slot(call); 548 rxrpc_delete_call_timer(call); 549 550 /* Make sure we don't get any more notifications */ 551 write_lock_bh(&rx->recvmsg_lock); 552 553 if (!list_empty(&call->recvmsg_link)) { 554 _debug("unlinking once-pending call %p { e=%lx f=%lx }", 555 call, call->events, call->flags); 556 list_del(&call->recvmsg_link); 557 put = true; 558 } 559 560 /* list_empty() must return false in rxrpc_notify_socket() */ 561 call->recvmsg_link.next = NULL; 562 call->recvmsg_link.prev = NULL; 563 564 write_unlock_bh(&rx->recvmsg_lock); 565 if (put) 566 rxrpc_put_call(call, rxrpc_call_put); 567 568 write_lock(&rx->call_lock); 569 570 if (test_and_clear_bit(RXRPC_CALL_HAS_USERID, &call->flags)) { 571 rb_erase(&call->sock_node, &rx->calls); 572 memset(&call->sock_node, 0xdd, sizeof(call->sock_node)); 573 rxrpc_put_call(call, rxrpc_call_put_userid); 574 } 575 576 list_del(&call->sock_link); 577 write_unlock(&rx->call_lock); 578 579 _debug("RELEASE CALL %p (%d CONN %p)", call, call->debug_id, conn); 580 581 if (conn && !test_bit(RXRPC_CALL_DISCONNECTED, &call->flags)) 582 rxrpc_disconnect_call(call); 583 if (call->security) 584 call->security->free_call_crypto(call); 585 _leave(""); 586 } 587 588 /* 589 * release all the calls associated with a socket 590 */ rxrpc_release_calls_on_socket(struct rxrpc_sock * rx)591 void rxrpc_release_calls_on_socket(struct rxrpc_sock *rx) 592 { 593 struct rxrpc_call *call; 594 595 _enter("%p", rx); 596 597 while (!list_empty(&rx->to_be_accepted)) { 598 call = list_entry(rx->to_be_accepted.next, 599 struct rxrpc_call, accept_link); 600 list_del(&call->accept_link); 601 rxrpc_abort_call("SKR", call, 0, RX_CALL_DEAD, -ECONNRESET); 602 rxrpc_put_call(call, rxrpc_call_put); 603 } 604 605 while (!list_empty(&rx->sock_calls)) { 606 call = list_entry(rx->sock_calls.next, 607 struct rxrpc_call, sock_link); 608 rxrpc_get_call(call, rxrpc_call_got); 609 rxrpc_abort_call("SKT", call, 0, RX_CALL_DEAD, -ECONNRESET); 610 rxrpc_send_abort_packet(call); 611 rxrpc_release_call(rx, call); 612 rxrpc_put_call(call, rxrpc_call_put); 613 } 614 615 _leave(""); 616 } 617 618 /* 619 * release a call 620 */ rxrpc_put_call(struct rxrpc_call * call,enum rxrpc_call_trace op)621 void rxrpc_put_call(struct rxrpc_call *call, enum rxrpc_call_trace op) 622 { 623 struct rxrpc_net *rxnet = call->rxnet; 624 const void *here = __builtin_return_address(0); 625 unsigned int debug_id = call->debug_id; 626 bool dead; 627 int n; 628 629 ASSERT(call != NULL); 630 631 dead = __refcount_dec_and_test(&call->ref, &n); 632 trace_rxrpc_call(debug_id, op, n, here, NULL); 633 if (dead) { 634 _debug("call %d dead", call->debug_id); 635 ASSERTCMP(call->state, ==, RXRPC_CALL_COMPLETE); 636 637 if (!list_empty(&call->link)) { 638 spin_lock_bh(&rxnet->call_lock); 639 list_del_init(&call->link); 640 spin_unlock_bh(&rxnet->call_lock); 641 } 642 643 rxrpc_cleanup_call(call); 644 } 645 } 646 647 /* 648 * Final call destruction - but must be done in process context. 649 */ rxrpc_destroy_call(struct work_struct * work)650 static void rxrpc_destroy_call(struct work_struct *work) 651 { 652 struct rxrpc_call *call = container_of(work, struct rxrpc_call, processor); 653 struct rxrpc_net *rxnet = call->rxnet; 654 655 rxrpc_delete_call_timer(call); 656 657 rxrpc_put_connection(call->conn); 658 rxrpc_put_peer(call->peer); 659 kfree(call->rxtx_buffer); 660 kfree(call->rxtx_annotations); 661 kmem_cache_free(rxrpc_call_jar, call); 662 if (atomic_dec_and_test(&rxnet->nr_calls)) 663 wake_up_var(&rxnet->nr_calls); 664 } 665 666 /* 667 * Final call destruction under RCU. 668 */ rxrpc_rcu_destroy_call(struct rcu_head * rcu)669 static void rxrpc_rcu_destroy_call(struct rcu_head *rcu) 670 { 671 struct rxrpc_call *call = container_of(rcu, struct rxrpc_call, rcu); 672 673 if (in_softirq()) { 674 INIT_WORK(&call->processor, rxrpc_destroy_call); 675 if (!rxrpc_queue_work(&call->processor)) 676 BUG(); 677 } else { 678 rxrpc_destroy_call(&call->processor); 679 } 680 } 681 682 /* 683 * clean up a call 684 */ rxrpc_cleanup_call(struct rxrpc_call * call)685 void rxrpc_cleanup_call(struct rxrpc_call *call) 686 { 687 _net("DESTROY CALL %d", call->debug_id); 688 689 memset(&call->sock_node, 0xcd, sizeof(call->sock_node)); 690 691 ASSERTCMP(call->state, ==, RXRPC_CALL_COMPLETE); 692 ASSERT(test_bit(RXRPC_CALL_RELEASED, &call->flags)); 693 694 rxrpc_cleanup_ring(call); 695 rxrpc_free_skb(call->tx_pending, rxrpc_skb_cleaned); 696 697 call_rcu(&call->rcu, rxrpc_rcu_destroy_call); 698 } 699 700 /* 701 * Make sure that all calls are gone from a network namespace. To reach this 702 * point, any open UDP sockets in that namespace must have been closed, so any 703 * outstanding calls cannot be doing I/O. 704 */ rxrpc_destroy_all_calls(struct rxrpc_net * rxnet)705 void rxrpc_destroy_all_calls(struct rxrpc_net *rxnet) 706 { 707 struct rxrpc_call *call; 708 709 _enter(""); 710 711 if (!list_empty(&rxnet->calls)) { 712 spin_lock_bh(&rxnet->call_lock); 713 714 while (!list_empty(&rxnet->calls)) { 715 call = list_entry(rxnet->calls.next, 716 struct rxrpc_call, link); 717 _debug("Zapping call %p", call); 718 719 rxrpc_see_call(call); 720 list_del_init(&call->link); 721 722 pr_err("Call %p still in use (%d,%s,%lx,%lx)!\n", 723 call, refcount_read(&call->ref), 724 rxrpc_call_states[call->state], 725 call->flags, call->events); 726 727 spin_unlock_bh(&rxnet->call_lock); 728 cond_resched(); 729 spin_lock_bh(&rxnet->call_lock); 730 } 731 732 spin_unlock_bh(&rxnet->call_lock); 733 } 734 735 atomic_dec(&rxnet->nr_calls); 736 wait_var_event(&rxnet->nr_calls, !atomic_read(&rxnet->nr_calls)); 737 } 738