1 /*
2 * net/tipc/server.c: TIPC server infrastructure
3 *
4 * Copyright (c) 2012-2013, Wind River Systems
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the names of the copyright holders nor the names of its
16 * contributors may be used to endorse or promote products derived from
17 * this software without specific prior written permission.
18 *
19 * Alternatively, this software may be distributed under the terms of the
20 * GNU General Public License ("GPL") version 2 as published by the Free
21 * Software Foundation.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
24 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGE.
34 */
35
36 #include "server.h"
37 #include "core.h"
38 #include "socket.h"
39 #include <net/sock.h>
40 #include <linux/module.h>
41
42 /* Number of messages to send before rescheduling */
43 #define MAX_SEND_MSG_COUNT 25
44 #define MAX_RECV_MSG_COUNT 25
45 #define CF_CONNECTED 1
46 #define CF_SERVER 2
47
48 #define sock2con(x) ((struct tipc_conn *)(x)->sk_user_data)
49
50 /**
51 * struct tipc_conn - TIPC connection structure
52 * @kref: reference counter to connection object
53 * @conid: connection identifier
54 * @sock: socket handler associated with connection
55 * @flags: indicates connection state
56 * @server: pointer to connected server
57 * @rwork: receive work item
58 * @usr_data: user-specified field
59 * @rx_action: what to do when connection socket is active
60 * @outqueue: pointer to first outbound message in queue
61 * @outqueue_lock: control access to the outqueue
62 * @outqueue: list of connection objects for its server
63 * @swork: send work item
64 */
65 struct tipc_conn {
66 struct kref kref;
67 int conid;
68 struct socket *sock;
69 unsigned long flags;
70 struct tipc_server *server;
71 struct work_struct rwork;
72 int (*rx_action) (struct tipc_conn *con);
73 void *usr_data;
74 struct list_head outqueue;
75 spinlock_t outqueue_lock;
76 struct work_struct swork;
77 };
78
79 /* An entry waiting to be sent */
80 struct outqueue_entry {
81 struct list_head list;
82 struct kvec iov;
83 struct sockaddr_tipc dest;
84 };
85
86 static void tipc_recv_work(struct work_struct *work);
87 static void tipc_send_work(struct work_struct *work);
88 static void tipc_clean_outqueues(struct tipc_conn *con);
89
tipc_conn_kref_release(struct kref * kref)90 static void tipc_conn_kref_release(struct kref *kref)
91 {
92 struct tipc_conn *con = container_of(kref, struct tipc_conn, kref);
93 struct sockaddr_tipc *saddr = con->server->saddr;
94 struct socket *sock = con->sock;
95 struct sock *sk;
96
97 if (sock) {
98 sk = sock->sk;
99 if (test_bit(CF_SERVER, &con->flags)) {
100 __module_get(sock->ops->owner);
101 __module_get(sk->sk_prot_creator->owner);
102 }
103 saddr->scope = -TIPC_NODE_SCOPE;
104 kernel_bind(sock, (struct sockaddr *)saddr, sizeof(*saddr));
105 sock_release(sock);
106 con->sock = NULL;
107 }
108
109 tipc_clean_outqueues(con);
110 kfree(con);
111 }
112
conn_put(struct tipc_conn * con)113 static void conn_put(struct tipc_conn *con)
114 {
115 kref_put(&con->kref, tipc_conn_kref_release);
116 }
117
conn_get(struct tipc_conn * con)118 static void conn_get(struct tipc_conn *con)
119 {
120 kref_get(&con->kref);
121 }
122
tipc_conn_lookup(struct tipc_server * s,int conid)123 static struct tipc_conn *tipc_conn_lookup(struct tipc_server *s, int conid)
124 {
125 struct tipc_conn *con;
126
127 spin_lock_bh(&s->idr_lock);
128 con = idr_find(&s->conn_idr, conid);
129 if (con)
130 conn_get(con);
131 spin_unlock_bh(&s->idr_lock);
132 return con;
133 }
134
sock_data_ready(struct sock * sk)135 static void sock_data_ready(struct sock *sk)
136 {
137 struct tipc_conn *con;
138
139 read_lock(&sk->sk_callback_lock);
140 con = sock2con(sk);
141 if (con && test_bit(CF_CONNECTED, &con->flags)) {
142 conn_get(con);
143 if (!queue_work(con->server->rcv_wq, &con->rwork))
144 conn_put(con);
145 }
146 read_unlock(&sk->sk_callback_lock);
147 }
148
sock_write_space(struct sock * sk)149 static void sock_write_space(struct sock *sk)
150 {
151 struct tipc_conn *con;
152
153 read_lock(&sk->sk_callback_lock);
154 con = sock2con(sk);
155 if (con && test_bit(CF_CONNECTED, &con->flags)) {
156 conn_get(con);
157 if (!queue_work(con->server->send_wq, &con->swork))
158 conn_put(con);
159 }
160 read_unlock(&sk->sk_callback_lock);
161 }
162
tipc_register_callbacks(struct socket * sock,struct tipc_conn * con)163 static void tipc_register_callbacks(struct socket *sock, struct tipc_conn *con)
164 {
165 struct sock *sk = sock->sk;
166
167 write_lock_bh(&sk->sk_callback_lock);
168
169 sk->sk_data_ready = sock_data_ready;
170 sk->sk_write_space = sock_write_space;
171 sk->sk_user_data = con;
172
173 con->sock = sock;
174
175 write_unlock_bh(&sk->sk_callback_lock);
176 }
177
tipc_unregister_callbacks(struct tipc_conn * con)178 static void tipc_unregister_callbacks(struct tipc_conn *con)
179 {
180 struct sock *sk = con->sock->sk;
181
182 write_lock_bh(&sk->sk_callback_lock);
183 sk->sk_user_data = NULL;
184 write_unlock_bh(&sk->sk_callback_lock);
185 }
186
tipc_close_conn(struct tipc_conn * con)187 static void tipc_close_conn(struct tipc_conn *con)
188 {
189 struct tipc_server *s = con->server;
190
191 if (test_and_clear_bit(CF_CONNECTED, &con->flags)) {
192 if (con->conid)
193 s->tipc_conn_shutdown(con->conid, con->usr_data);
194
195 spin_lock_bh(&s->idr_lock);
196 idr_remove(&s->conn_idr, con->conid);
197 s->idr_in_use--;
198 spin_unlock_bh(&s->idr_lock);
199
200 tipc_unregister_callbacks(con);
201
202 /* We shouldn't flush pending works as we may be in the
203 * thread. In fact the races with pending rx/tx work structs
204 * are harmless for us here as we have already deleted this
205 * connection from server connection list and set
206 * sk->sk_user_data to 0 before releasing connection object.
207 */
208 kernel_sock_shutdown(con->sock, SHUT_RDWR);
209
210 conn_put(con);
211 }
212 }
213
tipc_alloc_conn(struct tipc_server * s)214 static struct tipc_conn *tipc_alloc_conn(struct tipc_server *s)
215 {
216 struct tipc_conn *con;
217 int ret;
218
219 con = kzalloc(sizeof(struct tipc_conn), GFP_ATOMIC);
220 if (!con)
221 return ERR_PTR(-ENOMEM);
222
223 kref_init(&con->kref);
224 INIT_LIST_HEAD(&con->outqueue);
225 spin_lock_init(&con->outqueue_lock);
226 INIT_WORK(&con->swork, tipc_send_work);
227 INIT_WORK(&con->rwork, tipc_recv_work);
228
229 spin_lock_bh(&s->idr_lock);
230 ret = idr_alloc(&s->conn_idr, con, 0, 0, GFP_ATOMIC);
231 if (ret < 0) {
232 kfree(con);
233 spin_unlock_bh(&s->idr_lock);
234 return ERR_PTR(-ENOMEM);
235 }
236 con->conid = ret;
237 s->idr_in_use++;
238 spin_unlock_bh(&s->idr_lock);
239
240 set_bit(CF_CONNECTED, &con->flags);
241 con->server = s;
242
243 return con;
244 }
245
tipc_receive_from_sock(struct tipc_conn * con)246 static int tipc_receive_from_sock(struct tipc_conn *con)
247 {
248 struct msghdr msg = {};
249 struct tipc_server *s = con->server;
250 struct sockaddr_tipc addr;
251 struct kvec iov;
252 void *buf;
253 int ret;
254
255 buf = kmem_cache_alloc(s->rcvbuf_cache, GFP_ATOMIC);
256 if (!buf) {
257 ret = -ENOMEM;
258 goto out_close;
259 }
260
261 iov.iov_base = buf;
262 iov.iov_len = s->max_rcvbuf_size;
263 msg.msg_name = &addr;
264 ret = kernel_recvmsg(con->sock, &msg, &iov, 1, iov.iov_len,
265 MSG_DONTWAIT);
266 if (ret <= 0) {
267 kmem_cache_free(s->rcvbuf_cache, buf);
268 goto out_close;
269 }
270
271 s->tipc_conn_recvmsg(sock_net(con->sock->sk), con->conid, &addr,
272 con->usr_data, buf, ret);
273
274 kmem_cache_free(s->rcvbuf_cache, buf);
275
276 return 0;
277
278 out_close:
279 if (ret != -EWOULDBLOCK)
280 tipc_close_conn(con);
281 else if (ret == 0)
282 /* Don't return success if we really got EOF */
283 ret = -EAGAIN;
284
285 return ret;
286 }
287
tipc_accept_from_sock(struct tipc_conn * con)288 static int tipc_accept_from_sock(struct tipc_conn *con)
289 {
290 struct tipc_server *s = con->server;
291 struct socket *sock = con->sock;
292 struct socket *newsock;
293 struct tipc_conn *newcon;
294 int ret;
295
296 ret = kernel_accept(sock, &newsock, O_NONBLOCK);
297 if (ret < 0)
298 return ret;
299
300 newcon = tipc_alloc_conn(con->server);
301 if (IS_ERR(newcon)) {
302 ret = PTR_ERR(newcon);
303 sock_release(newsock);
304 return ret;
305 }
306
307 newcon->rx_action = tipc_receive_from_sock;
308 tipc_register_callbacks(newsock, newcon);
309
310 /* Notify that new connection is incoming */
311 newcon->usr_data = s->tipc_conn_new(newcon->conid);
312
313 /* Wake up receive process in case of 'SYN+' message */
314 newsock->sk->sk_data_ready(newsock->sk);
315 return ret;
316 }
317
tipc_create_listen_sock(struct tipc_conn * con)318 static struct socket *tipc_create_listen_sock(struct tipc_conn *con)
319 {
320 struct tipc_server *s = con->server;
321 struct socket *sock = NULL;
322 int ret;
323
324 ret = __sock_create(s->net, AF_TIPC, SOCK_SEQPACKET, 0, &sock, 1);
325 if (ret < 0)
326 return NULL;
327 ret = kernel_setsockopt(sock, SOL_TIPC, TIPC_IMPORTANCE,
328 (char *)&s->imp, sizeof(s->imp));
329 if (ret < 0)
330 goto create_err;
331 ret = kernel_bind(sock, (struct sockaddr *)s->saddr, sizeof(*s->saddr));
332 if (ret < 0)
333 goto create_err;
334
335 switch (s->type) {
336 case SOCK_STREAM:
337 case SOCK_SEQPACKET:
338 con->rx_action = tipc_accept_from_sock;
339
340 ret = kernel_listen(sock, 0);
341 if (ret < 0)
342 goto create_err;
343 break;
344 case SOCK_DGRAM:
345 case SOCK_RDM:
346 con->rx_action = tipc_receive_from_sock;
347 break;
348 default:
349 pr_err("Unknown socket type %d\n", s->type);
350 goto create_err;
351 }
352
353 /* As server's listening socket owner and creator is the same module,
354 * we have to decrease TIPC module reference count to guarantee that
355 * it remains zero after the server socket is created, otherwise,
356 * executing "rmmod" command is unable to make TIPC module deleted
357 * after TIPC module is inserted successfully.
358 *
359 * However, the reference count is ever increased twice in
360 * sock_create_kern(): one is to increase the reference count of owner
361 * of TIPC socket's proto_ops struct; another is to increment the
362 * reference count of owner of TIPC proto struct. Therefore, we must
363 * decrement the module reference count twice to ensure that it keeps
364 * zero after server's listening socket is created. Of course, we
365 * must bump the module reference count twice as well before the socket
366 * is closed.
367 */
368 module_put(sock->ops->owner);
369 module_put(sock->sk->sk_prot_creator->owner);
370 set_bit(CF_SERVER, &con->flags);
371
372 return sock;
373
374 create_err:
375 kernel_sock_shutdown(sock, SHUT_RDWR);
376 sock_release(sock);
377 return NULL;
378 }
379
tipc_open_listening_sock(struct tipc_server * s)380 static int tipc_open_listening_sock(struct tipc_server *s)
381 {
382 struct socket *sock;
383 struct tipc_conn *con;
384
385 con = tipc_alloc_conn(s);
386 if (IS_ERR(con))
387 return PTR_ERR(con);
388
389 sock = tipc_create_listen_sock(con);
390 if (!sock) {
391 idr_remove(&s->conn_idr, con->conid);
392 s->idr_in_use--;
393 kfree(con);
394 return -EINVAL;
395 }
396
397 tipc_register_callbacks(sock, con);
398 return 0;
399 }
400
tipc_alloc_entry(void * data,int len)401 static struct outqueue_entry *tipc_alloc_entry(void *data, int len)
402 {
403 struct outqueue_entry *entry;
404 void *buf;
405
406 entry = kmalloc(sizeof(struct outqueue_entry), GFP_ATOMIC);
407 if (!entry)
408 return NULL;
409
410 buf = kmalloc(len, GFP_ATOMIC);
411 if (!buf) {
412 kfree(entry);
413 return NULL;
414 }
415
416 memcpy(buf, data, len);
417 entry->iov.iov_base = buf;
418 entry->iov.iov_len = len;
419
420 return entry;
421 }
422
tipc_free_entry(struct outqueue_entry * e)423 static void tipc_free_entry(struct outqueue_entry *e)
424 {
425 kfree(e->iov.iov_base);
426 kfree(e);
427 }
428
tipc_clean_outqueues(struct tipc_conn * con)429 static void tipc_clean_outqueues(struct tipc_conn *con)
430 {
431 struct outqueue_entry *e, *safe;
432
433 spin_lock_bh(&con->outqueue_lock);
434 list_for_each_entry_safe(e, safe, &con->outqueue, list) {
435 list_del(&e->list);
436 tipc_free_entry(e);
437 }
438 spin_unlock_bh(&con->outqueue_lock);
439 }
440
tipc_conn_sendmsg(struct tipc_server * s,int conid,struct sockaddr_tipc * addr,void * data,size_t len)441 int tipc_conn_sendmsg(struct tipc_server *s, int conid,
442 struct sockaddr_tipc *addr, void *data, size_t len)
443 {
444 struct outqueue_entry *e;
445 struct tipc_conn *con;
446
447 con = tipc_conn_lookup(s, conid);
448 if (!con)
449 return -EINVAL;
450
451 e = tipc_alloc_entry(data, len);
452 if (!e) {
453 conn_put(con);
454 return -ENOMEM;
455 }
456
457 if (addr)
458 memcpy(&e->dest, addr, sizeof(struct sockaddr_tipc));
459
460 spin_lock_bh(&con->outqueue_lock);
461 list_add_tail(&e->list, &con->outqueue);
462 spin_unlock_bh(&con->outqueue_lock);
463
464 if (test_bit(CF_CONNECTED, &con->flags)) {
465 if (!queue_work(s->send_wq, &con->swork))
466 conn_put(con);
467 } else {
468 conn_put(con);
469 }
470 return 0;
471 }
472
tipc_conn_terminate(struct tipc_server * s,int conid)473 void tipc_conn_terminate(struct tipc_server *s, int conid)
474 {
475 struct tipc_conn *con;
476
477 con = tipc_conn_lookup(s, conid);
478 if (con) {
479 tipc_close_conn(con);
480 conn_put(con);
481 }
482 }
483
tipc_send_to_sock(struct tipc_conn * con)484 static void tipc_send_to_sock(struct tipc_conn *con)
485 {
486 int count = 0;
487 struct tipc_server *s = con->server;
488 struct outqueue_entry *e;
489 struct msghdr msg;
490 int ret;
491
492 spin_lock_bh(&con->outqueue_lock);
493 while (1) {
494 e = list_entry(con->outqueue.next, struct outqueue_entry,
495 list);
496 if ((struct list_head *) e == &con->outqueue)
497 break;
498 spin_unlock_bh(&con->outqueue_lock);
499
500 memset(&msg, 0, sizeof(msg));
501 msg.msg_flags = MSG_DONTWAIT;
502
503 if (s->type == SOCK_DGRAM || s->type == SOCK_RDM) {
504 msg.msg_name = &e->dest;
505 msg.msg_namelen = sizeof(struct sockaddr_tipc);
506 }
507 ret = kernel_sendmsg(con->sock, &msg, &e->iov, 1,
508 e->iov.iov_len);
509 if (ret == -EWOULDBLOCK || ret == 0) {
510 cond_resched();
511 goto out;
512 } else if (ret < 0) {
513 goto send_err;
514 }
515
516 /* Don't starve users filling buffers */
517 if (++count >= MAX_SEND_MSG_COUNT) {
518 cond_resched();
519 count = 0;
520 }
521
522 spin_lock_bh(&con->outqueue_lock);
523 list_del(&e->list);
524 tipc_free_entry(e);
525 }
526 spin_unlock_bh(&con->outqueue_lock);
527 out:
528 return;
529
530 send_err:
531 tipc_close_conn(con);
532 }
533
tipc_recv_work(struct work_struct * work)534 static void tipc_recv_work(struct work_struct *work)
535 {
536 struct tipc_conn *con = container_of(work, struct tipc_conn, rwork);
537 int count = 0;
538
539 while (test_bit(CF_CONNECTED, &con->flags)) {
540 if (con->rx_action(con))
541 break;
542
543 /* Don't flood Rx machine */
544 if (++count >= MAX_RECV_MSG_COUNT) {
545 cond_resched();
546 count = 0;
547 }
548 }
549 conn_put(con);
550 }
551
tipc_send_work(struct work_struct * work)552 static void tipc_send_work(struct work_struct *work)
553 {
554 struct tipc_conn *con = container_of(work, struct tipc_conn, swork);
555
556 if (test_bit(CF_CONNECTED, &con->flags))
557 tipc_send_to_sock(con);
558
559 conn_put(con);
560 }
561
tipc_work_stop(struct tipc_server * s)562 static void tipc_work_stop(struct tipc_server *s)
563 {
564 destroy_workqueue(s->rcv_wq);
565 destroy_workqueue(s->send_wq);
566 }
567
tipc_work_start(struct tipc_server * s)568 static int tipc_work_start(struct tipc_server *s)
569 {
570 s->rcv_wq = alloc_workqueue("tipc_rcv", WQ_UNBOUND, 1);
571 if (!s->rcv_wq) {
572 pr_err("can't start tipc receive workqueue\n");
573 return -ENOMEM;
574 }
575
576 s->send_wq = alloc_workqueue("tipc_send", WQ_UNBOUND, 1);
577 if (!s->send_wq) {
578 pr_err("can't start tipc send workqueue\n");
579 destroy_workqueue(s->rcv_wq);
580 return -ENOMEM;
581 }
582
583 return 0;
584 }
585
tipc_server_start(struct tipc_server * s)586 int tipc_server_start(struct tipc_server *s)
587 {
588 int ret;
589
590 spin_lock_init(&s->idr_lock);
591 idr_init(&s->conn_idr);
592 s->idr_in_use = 0;
593
594 s->rcvbuf_cache = kmem_cache_create(s->name, s->max_rcvbuf_size,
595 0, SLAB_HWCACHE_ALIGN, NULL);
596 if (!s->rcvbuf_cache)
597 return -ENOMEM;
598
599 ret = tipc_work_start(s);
600 if (ret < 0) {
601 kmem_cache_destroy(s->rcvbuf_cache);
602 return ret;
603 }
604 ret = tipc_open_listening_sock(s);
605 if (ret < 0) {
606 tipc_work_stop(s);
607 kmem_cache_destroy(s->rcvbuf_cache);
608 return ret;
609 }
610 return ret;
611 }
612
tipc_server_stop(struct tipc_server * s)613 void tipc_server_stop(struct tipc_server *s)
614 {
615 struct tipc_conn *con;
616 int total = 0;
617 int id;
618
619 spin_lock_bh(&s->idr_lock);
620 for (id = 0; total < s->idr_in_use; id++) {
621 con = idr_find(&s->conn_idr, id);
622 if (con) {
623 total++;
624 spin_unlock_bh(&s->idr_lock);
625 tipc_close_conn(con);
626 spin_lock_bh(&s->idr_lock);
627 }
628 }
629 spin_unlock_bh(&s->idr_lock);
630
631 tipc_work_stop(s);
632 kmem_cache_destroy(s->rcvbuf_cache);
633 idr_destroy(&s->conn_idr);
634 }
635