1/*
2 * linux/fs/9p/trans_fd.c
3 *
4 * Fd transport layer.  Includes deprecated socket layer.
5 *
6 *  Copyright (C) 2006 by Russ Cox <rsc@swtch.com>
7 *  Copyright (C) 2004-2005 by Latchesar Ionkov <lucho@ionkov.net>
8 *  Copyright (C) 2004-2008 by Eric Van Hensbergen <ericvh@gmail.com>
9 *  Copyright (C) 1997-2002 by Ron Minnich <rminnich@sarnoff.com>
10 *
11 *  This program is free software; you can redistribute it and/or modify
12 *  it under the terms of the GNU General Public License version 2
13 *  as published by the Free Software Foundation.
14 *
15 *  This program is distributed in the hope that it will be useful,
16 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
17 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18 *  GNU General Public License for more details.
19 *
20 *  You should have received a copy of the GNU General Public License
21 *  along with this program; if not, write to:
22 *  Free Software Foundation
23 *  51 Franklin Street, Fifth Floor
24 *  Boston, MA  02111-1301  USA
25 *
26 */
27
28#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
29
30#include <linux/in.h>
31#include <linux/module.h>
32#include <linux/net.h>
33#include <linux/ipv6.h>
34#include <linux/kthread.h>
35#include <linux/errno.h>
36#include <linux/kernel.h>
37#include <linux/un.h>
38#include <linux/uaccess.h>
39#include <linux/inet.h>
40#include <linux/idr.h>
41#include <linux/file.h>
42#include <linux/parser.h>
43#include <linux/slab.h>
44#include <net/9p/9p.h>
45#include <net/9p/client.h>
46#include <net/9p/transport.h>
47
48#include <linux/syscalls.h> /* killme */
49
50#define P9_PORT 564
51#define MAX_SOCK_BUF (64*1024)
52#define MAXPOLLWADDR	2
53
54/**
55 * struct p9_fd_opts - per-transport options
56 * @rfd: file descriptor for reading (trans=fd)
57 * @wfd: file descriptor for writing (trans=fd)
58 * @port: port to connect to (trans=tcp)
59 *
60 */
61
62struct p9_fd_opts {
63	int rfd;
64	int wfd;
65	u16 port;
66	int privport;
67};
68
69/*
70  * Option Parsing (code inspired by NFS code)
71  *  - a little lazy - parse all fd-transport options
72  */
73
74enum {
75	/* Options that take integer arguments */
76	Opt_port, Opt_rfdno, Opt_wfdno, Opt_err,
77	/* Options that take no arguments */
78	Opt_privport,
79};
80
81static const match_table_t tokens = {
82	{Opt_port, "port=%u"},
83	{Opt_rfdno, "rfdno=%u"},
84	{Opt_wfdno, "wfdno=%u"},
85	{Opt_privport, "privport"},
86	{Opt_err, NULL},
87};
88
89enum {
90	Rworksched = 1,		/* read work scheduled or running */
91	Rpending = 2,		/* can read */
92	Wworksched = 4,		/* write work scheduled or running */
93	Wpending = 8,		/* can write */
94};
95
96struct p9_poll_wait {
97	struct p9_conn *conn;
98	wait_queue_t wait;
99	wait_queue_head_t *wait_addr;
100};
101
102/**
103 * struct p9_conn - fd mux connection state information
104 * @mux_list: list link for mux to manage multiple connections (?)
105 * @client: reference to client instance for this connection
106 * @err: error state
107 * @req_list: accounting for requests which have been sent
108 * @unsent_req_list: accounting for requests that haven't been sent
109 * @req: current request being processed (if any)
110 * @tmp_buf: temporary buffer to read in header
111 * @rsize: amount to read for current frame
112 * @rpos: read position in current frame
113 * @rbuf: current read buffer
114 * @wpos: write position for current frame
115 * @wsize: amount of data to write for current frame
116 * @wbuf: current write buffer
117 * @poll_pending_link: pending links to be polled per conn
118 * @poll_wait: array of wait_q's for various worker threads
119 * @pt: poll state
120 * @rq: current read work
121 * @wq: current write work
122 * @wsched: ????
123 *
124 */
125
126struct p9_conn {
127	struct list_head mux_list;
128	struct p9_client *client;
129	int err;
130	struct list_head req_list;
131	struct list_head unsent_req_list;
132	struct p9_req_t *req;
133	char tmp_buf[7];
134	int rsize;
135	int rpos;
136	char *rbuf;
137	int wpos;
138	int wsize;
139	char *wbuf;
140	struct list_head poll_pending_link;
141	struct p9_poll_wait poll_wait[MAXPOLLWADDR];
142	poll_table pt;
143	struct work_struct rq;
144	struct work_struct wq;
145	unsigned long wsched;
146};
147
148/**
149 * struct p9_trans_fd - transport state
150 * @rd: reference to file to read from
151 * @wr: reference of file to write to
152 * @conn: connection state reference
153 *
154 */
155
156struct p9_trans_fd {
157	struct file *rd;
158	struct file *wr;
159	struct p9_conn conn;
160};
161
162static void p9_poll_workfn(struct work_struct *work);
163
164static DEFINE_SPINLOCK(p9_poll_lock);
165static LIST_HEAD(p9_poll_pending_list);
166static DECLARE_WORK(p9_poll_work, p9_poll_workfn);
167
168static unsigned int p9_ipport_resv_min = P9_DEF_MIN_RESVPORT;
169static unsigned int p9_ipport_resv_max = P9_DEF_MAX_RESVPORT;
170
171static void p9_mux_poll_stop(struct p9_conn *m)
172{
173	unsigned long flags;
174	int i;
175
176	for (i = 0; i < ARRAY_SIZE(m->poll_wait); i++) {
177		struct p9_poll_wait *pwait = &m->poll_wait[i];
178
179		if (pwait->wait_addr) {
180			remove_wait_queue(pwait->wait_addr, &pwait->wait);
181			pwait->wait_addr = NULL;
182		}
183	}
184
185	spin_lock_irqsave(&p9_poll_lock, flags);
186	list_del_init(&m->poll_pending_link);
187	spin_unlock_irqrestore(&p9_poll_lock, flags);
188}
189
190/**
191 * p9_conn_cancel - cancel all pending requests with error
192 * @m: mux data
193 * @err: error code
194 *
195 */
196
197static void p9_conn_cancel(struct p9_conn *m, int err)
198{
199	struct p9_req_t *req, *rtmp;
200	unsigned long flags;
201	LIST_HEAD(cancel_list);
202
203	p9_debug(P9_DEBUG_ERROR, "mux %p err %d\n", m, err);
204
205	spin_lock_irqsave(&m->client->lock, flags);
206
207	if (m->err) {
208		spin_unlock_irqrestore(&m->client->lock, flags);
209		return;
210	}
211
212	m->err = err;
213
214	list_for_each_entry_safe(req, rtmp, &m->req_list, req_list) {
215		list_move(&req->req_list, &cancel_list);
216	}
217	list_for_each_entry_safe(req, rtmp, &m->unsent_req_list, req_list) {
218		list_move(&req->req_list, &cancel_list);
219	}
220	spin_unlock_irqrestore(&m->client->lock, flags);
221
222	list_for_each_entry_safe(req, rtmp, &cancel_list, req_list) {
223		p9_debug(P9_DEBUG_ERROR, "call back req %p\n", req);
224		list_del(&req->req_list);
225		if (!req->t_err)
226			req->t_err = err;
227		p9_client_cb(m->client, req, REQ_STATUS_ERROR);
228	}
229}
230
231static int
232p9_fd_poll(struct p9_client *client, struct poll_table_struct *pt)
233{
234	int ret, n;
235	struct p9_trans_fd *ts = NULL;
236
237	if (client && client->status == Connected)
238		ts = client->trans;
239
240	if (!ts)
241		return -EREMOTEIO;
242
243	if (!ts->rd->f_op->poll)
244		return -EIO;
245
246	if (!ts->wr->f_op->poll)
247		return -EIO;
248
249	ret = ts->rd->f_op->poll(ts->rd, pt);
250	if (ret < 0)
251		return ret;
252
253	if (ts->rd != ts->wr) {
254		n = ts->wr->f_op->poll(ts->wr, pt);
255		if (n < 0)
256			return n;
257		ret = (ret & ~POLLOUT) | (n & ~POLLIN);
258	}
259
260	return ret;
261}
262
263/**
264 * p9_fd_read- read from a fd
265 * @client: client instance
266 * @v: buffer to receive data into
267 * @len: size of receive buffer
268 *
269 */
270
271static int p9_fd_read(struct p9_client *client, void *v, int len)
272{
273	int ret;
274	struct p9_trans_fd *ts = NULL;
275
276	if (client && client->status != Disconnected)
277		ts = client->trans;
278
279	if (!ts)
280		return -EREMOTEIO;
281
282	if (!(ts->rd->f_flags & O_NONBLOCK))
283		p9_debug(P9_DEBUG_ERROR, "blocking read ...\n");
284
285	ret = kernel_read(ts->rd, ts->rd->f_pos, v, len);
286	if (ret <= 0 && ret != -ERESTARTSYS && ret != -EAGAIN)
287		client->status = Disconnected;
288	return ret;
289}
290
291/**
292 * p9_read_work - called when there is some data to be read from a transport
293 * @work: container of work to be done
294 *
295 */
296
297static void p9_read_work(struct work_struct *work)
298{
299	int n, err;
300	struct p9_conn *m;
301	int status = REQ_STATUS_ERROR;
302
303	m = container_of(work, struct p9_conn, rq);
304
305	if (m->err < 0)
306		return;
307
308	p9_debug(P9_DEBUG_TRANS, "start mux %p pos %d\n", m, m->rpos);
309
310	if (!m->rbuf) {
311		m->rbuf = m->tmp_buf;
312		m->rpos = 0;
313		m->rsize = 7; /* start by reading header */
314	}
315
316	clear_bit(Rpending, &m->wsched);
317	p9_debug(P9_DEBUG_TRANS, "read mux %p pos %d size: %d = %d\n",
318		 m, m->rpos, m->rsize, m->rsize-m->rpos);
319	err = p9_fd_read(m->client, m->rbuf + m->rpos,
320						m->rsize - m->rpos);
321	p9_debug(P9_DEBUG_TRANS, "mux %p got %d bytes\n", m, err);
322	if (err == -EAGAIN) {
323		goto end_clear;
324	}
325
326	if (err <= 0)
327		goto error;
328
329	m->rpos += err;
330
331	if ((!m->req) && (m->rpos == m->rsize)) { /* header read in */
332		u16 tag;
333		p9_debug(P9_DEBUG_TRANS, "got new header\n");
334
335		n = le32_to_cpu(*(__le32 *) m->rbuf); /* read packet size */
336		if (n >= m->client->msize) {
337			p9_debug(P9_DEBUG_ERROR,
338				 "requested packet size too big: %d\n", n);
339			err = -EIO;
340			goto error;
341		}
342
343		tag = le16_to_cpu(*(__le16 *) (m->rbuf+5)); /* read tag */
344		p9_debug(P9_DEBUG_TRANS,
345			 "mux %p pkt: size: %d bytes tag: %d\n", m, n, tag);
346
347		m->req = p9_tag_lookup(m->client, tag);
348		if (!m->req || (m->req->status != REQ_STATUS_SENT)) {
349			p9_debug(P9_DEBUG_ERROR, "Unexpected packet tag %d\n",
350				 tag);
351			err = -EIO;
352			goto error;
353		}
354
355		if (m->req->rc == NULL) {
356			m->req->rc = kmalloc(sizeof(struct p9_fcall) +
357						m->client->msize, GFP_NOFS);
358			if (!m->req->rc) {
359				m->req = NULL;
360				err = -ENOMEM;
361				goto error;
362			}
363		}
364		m->rbuf = (char *)m->req->rc + sizeof(struct p9_fcall);
365		memcpy(m->rbuf, m->tmp_buf, m->rsize);
366		m->rsize = n;
367	}
368
369	/* not an else because some packets (like clunk) have no payload */
370	if ((m->req) && (m->rpos == m->rsize)) { /* packet is read in */
371		p9_debug(P9_DEBUG_TRANS, "got new packet\n");
372		spin_lock(&m->client->lock);
373		if (m->req->status != REQ_STATUS_ERROR)
374			status = REQ_STATUS_RCVD;
375		list_del(&m->req->req_list);
376		spin_unlock(&m->client->lock);
377		p9_client_cb(m->client, m->req, status);
378		m->rbuf = NULL;
379		m->rpos = 0;
380		m->rsize = 0;
381		m->req = NULL;
382	}
383
384end_clear:
385	clear_bit(Rworksched, &m->wsched);
386
387	if (!list_empty(&m->req_list)) {
388		if (test_and_clear_bit(Rpending, &m->wsched))
389			n = POLLIN;
390		else
391			n = p9_fd_poll(m->client, NULL);
392
393		if ((n & POLLIN) && !test_and_set_bit(Rworksched, &m->wsched)) {
394			p9_debug(P9_DEBUG_TRANS, "sched read work %p\n", m);
395			schedule_work(&m->rq);
396		}
397	}
398
399	return;
400error:
401	p9_conn_cancel(m, err);
402	clear_bit(Rworksched, &m->wsched);
403}
404
405/**
406 * p9_fd_write - write to a socket
407 * @client: client instance
408 * @v: buffer to send data from
409 * @len: size of send buffer
410 *
411 */
412
413static int p9_fd_write(struct p9_client *client, void *v, int len)
414{
415	int ret;
416	mm_segment_t oldfs;
417	struct p9_trans_fd *ts = NULL;
418
419	if (client && client->status != Disconnected)
420		ts = client->trans;
421
422	if (!ts)
423		return -EREMOTEIO;
424
425	if (!(ts->wr->f_flags & O_NONBLOCK))
426		p9_debug(P9_DEBUG_ERROR, "blocking write ...\n");
427
428	oldfs = get_fs();
429	set_fs(get_ds());
430	/* The cast to a user pointer is valid due to the set_fs() */
431	ret = vfs_write(ts->wr, (__force void __user *)v, len, &ts->wr->f_pos);
432	set_fs(oldfs);
433
434	if (ret <= 0 && ret != -ERESTARTSYS && ret != -EAGAIN)
435		client->status = Disconnected;
436	return ret;
437}
438
439/**
440 * p9_write_work - called when a transport can send some data
441 * @work: container for work to be done
442 *
443 */
444
445static void p9_write_work(struct work_struct *work)
446{
447	int n, err;
448	struct p9_conn *m;
449	struct p9_req_t *req;
450
451	m = container_of(work, struct p9_conn, wq);
452
453	if (m->err < 0) {
454		clear_bit(Wworksched, &m->wsched);
455		return;
456	}
457
458	if (!m->wsize) {
459		spin_lock(&m->client->lock);
460		if (list_empty(&m->unsent_req_list)) {
461			clear_bit(Wworksched, &m->wsched);
462			spin_unlock(&m->client->lock);
463			return;
464		}
465
466		req = list_entry(m->unsent_req_list.next, struct p9_req_t,
467			       req_list);
468		req->status = REQ_STATUS_SENT;
469		p9_debug(P9_DEBUG_TRANS, "move req %p\n", req);
470		list_move_tail(&req->req_list, &m->req_list);
471
472		m->wbuf = req->tc->sdata;
473		m->wsize = req->tc->size;
474		m->wpos = 0;
475		spin_unlock(&m->client->lock);
476	}
477
478	p9_debug(P9_DEBUG_TRANS, "mux %p pos %d size %d\n",
479		 m, m->wpos, m->wsize);
480	clear_bit(Wpending, &m->wsched);
481	err = p9_fd_write(m->client, m->wbuf + m->wpos, m->wsize - m->wpos);
482	p9_debug(P9_DEBUG_TRANS, "mux %p sent %d bytes\n", m, err);
483	if (err == -EAGAIN)
484		goto end_clear;
485
486
487	if (err < 0)
488		goto error;
489	else if (err == 0) {
490		err = -EREMOTEIO;
491		goto error;
492	}
493
494	m->wpos += err;
495	if (m->wpos == m->wsize)
496		m->wpos = m->wsize = 0;
497
498end_clear:
499	clear_bit(Wworksched, &m->wsched);
500
501	if (m->wsize || !list_empty(&m->unsent_req_list)) {
502		if (test_and_clear_bit(Wpending, &m->wsched))
503			n = POLLOUT;
504		else
505			n = p9_fd_poll(m->client, NULL);
506
507		if ((n & POLLOUT) &&
508		   !test_and_set_bit(Wworksched, &m->wsched)) {
509			p9_debug(P9_DEBUG_TRANS, "sched write work %p\n", m);
510			schedule_work(&m->wq);
511		}
512	}
513
514	return;
515
516error:
517	p9_conn_cancel(m, err);
518	clear_bit(Wworksched, &m->wsched);
519}
520
521static int p9_pollwake(wait_queue_t *wait, unsigned int mode, int sync, void *key)
522{
523	struct p9_poll_wait *pwait =
524		container_of(wait, struct p9_poll_wait, wait);
525	struct p9_conn *m = pwait->conn;
526	unsigned long flags;
527
528	spin_lock_irqsave(&p9_poll_lock, flags);
529	if (list_empty(&m->poll_pending_link))
530		list_add_tail(&m->poll_pending_link, &p9_poll_pending_list);
531	spin_unlock_irqrestore(&p9_poll_lock, flags);
532
533	schedule_work(&p9_poll_work);
534	return 1;
535}
536
537/**
538 * p9_pollwait - add poll task to the wait queue
539 * @filp: file pointer being polled
540 * @wait_address: wait_q to block on
541 * @p: poll state
542 *
543 * called by files poll operation to add v9fs-poll task to files wait queue
544 */
545
546static void
547p9_pollwait(struct file *filp, wait_queue_head_t *wait_address, poll_table *p)
548{
549	struct p9_conn *m = container_of(p, struct p9_conn, pt);
550	struct p9_poll_wait *pwait = NULL;
551	int i;
552
553	for (i = 0; i < ARRAY_SIZE(m->poll_wait); i++) {
554		if (m->poll_wait[i].wait_addr == NULL) {
555			pwait = &m->poll_wait[i];
556			break;
557		}
558	}
559
560	if (!pwait) {
561		p9_debug(P9_DEBUG_ERROR, "not enough wait_address slots\n");
562		return;
563	}
564
565	pwait->conn = m;
566	pwait->wait_addr = wait_address;
567	init_waitqueue_func_entry(&pwait->wait, p9_pollwake);
568	add_wait_queue(wait_address, &pwait->wait);
569}
570
571/**
572 * p9_conn_create - initialize the per-session mux data
573 * @client: client instance
574 *
575 * Note: Creates the polling task if this is the first session.
576 */
577
578static void p9_conn_create(struct p9_client *client)
579{
580	int n;
581	struct p9_trans_fd *ts = client->trans;
582	struct p9_conn *m = &ts->conn;
583
584	p9_debug(P9_DEBUG_TRANS, "client %p msize %d\n", client, client->msize);
585
586	INIT_LIST_HEAD(&m->mux_list);
587	m->client = client;
588
589	INIT_LIST_HEAD(&m->req_list);
590	INIT_LIST_HEAD(&m->unsent_req_list);
591	INIT_WORK(&m->rq, p9_read_work);
592	INIT_WORK(&m->wq, p9_write_work);
593	INIT_LIST_HEAD(&m->poll_pending_link);
594	init_poll_funcptr(&m->pt, p9_pollwait);
595
596	n = p9_fd_poll(client, &m->pt);
597	if (n & POLLIN) {
598		p9_debug(P9_DEBUG_TRANS, "mux %p can read\n", m);
599		set_bit(Rpending, &m->wsched);
600	}
601
602	if (n & POLLOUT) {
603		p9_debug(P9_DEBUG_TRANS, "mux %p can write\n", m);
604		set_bit(Wpending, &m->wsched);
605	}
606}
607
608/**
609 * p9_poll_mux - polls a mux and schedules read or write works if necessary
610 * @m: connection to poll
611 *
612 */
613
614static void p9_poll_mux(struct p9_conn *m)
615{
616	int n;
617
618	if (m->err < 0)
619		return;
620
621	n = p9_fd_poll(m->client, NULL);
622	if (n < 0 || n & (POLLERR | POLLHUP | POLLNVAL)) {
623		p9_debug(P9_DEBUG_TRANS, "error mux %p err %d\n", m, n);
624		if (n >= 0)
625			n = -ECONNRESET;
626		p9_conn_cancel(m, n);
627	}
628
629	if (n & POLLIN) {
630		set_bit(Rpending, &m->wsched);
631		p9_debug(P9_DEBUG_TRANS, "mux %p can read\n", m);
632		if (!test_and_set_bit(Rworksched, &m->wsched)) {
633			p9_debug(P9_DEBUG_TRANS, "sched read work %p\n", m);
634			schedule_work(&m->rq);
635		}
636	}
637
638	if (n & POLLOUT) {
639		set_bit(Wpending, &m->wsched);
640		p9_debug(P9_DEBUG_TRANS, "mux %p can write\n", m);
641		if ((m->wsize || !list_empty(&m->unsent_req_list)) &&
642		    !test_and_set_bit(Wworksched, &m->wsched)) {
643			p9_debug(P9_DEBUG_TRANS, "sched write work %p\n", m);
644			schedule_work(&m->wq);
645		}
646	}
647}
648
649/**
650 * p9_fd_request - send 9P request
651 * The function can sleep until the request is scheduled for sending.
652 * The function can be interrupted. Return from the function is not
653 * a guarantee that the request is sent successfully.
654 *
655 * @client: client instance
656 * @req: request to be sent
657 *
658 */
659
660static int p9_fd_request(struct p9_client *client, struct p9_req_t *req)
661{
662	int n;
663	struct p9_trans_fd *ts = client->trans;
664	struct p9_conn *m = &ts->conn;
665
666	p9_debug(P9_DEBUG_TRANS, "mux %p task %p tcall %p id %d\n",
667		 m, current, req->tc, req->tc->id);
668	if (m->err < 0)
669		return m->err;
670
671	spin_lock(&client->lock);
672	req->status = REQ_STATUS_UNSENT;
673	list_add_tail(&req->req_list, &m->unsent_req_list);
674	spin_unlock(&client->lock);
675
676	if (test_and_clear_bit(Wpending, &m->wsched))
677		n = POLLOUT;
678	else
679		n = p9_fd_poll(m->client, NULL);
680
681	if (n & POLLOUT && !test_and_set_bit(Wworksched, &m->wsched))
682		schedule_work(&m->wq);
683
684	return 0;
685}
686
687static int p9_fd_cancel(struct p9_client *client, struct p9_req_t *req)
688{
689	int ret = 1;
690
691	p9_debug(P9_DEBUG_TRANS, "client %p req %p\n", client, req);
692
693	spin_lock(&client->lock);
694
695	if (req->status == REQ_STATUS_UNSENT) {
696		list_del(&req->req_list);
697		req->status = REQ_STATUS_FLSHD;
698		ret = 0;
699	}
700	spin_unlock(&client->lock);
701
702	return ret;
703}
704
705static int p9_fd_cancelled(struct p9_client *client, struct p9_req_t *req)
706{
707	p9_debug(P9_DEBUG_TRANS, "client %p req %p\n", client, req);
708
709	/* we haven't received a response for oldreq,
710	 * remove it from the list.
711	 */
712	spin_lock(&client->lock);
713	list_del(&req->req_list);
714	spin_unlock(&client->lock);
715
716	return 0;
717}
718
719/**
720 * parse_opts - parse mount options into p9_fd_opts structure
721 * @params: options string passed from mount
722 * @opts: fd transport-specific structure to parse options into
723 *
724 * Returns 0 upon success, -ERRNO upon failure
725 */
726
727static int parse_opts(char *params, struct p9_fd_opts *opts)
728{
729	char *p;
730	substring_t args[MAX_OPT_ARGS];
731	int option;
732	char *options, *tmp_options;
733
734	opts->port = P9_PORT;
735	opts->rfd = ~0;
736	opts->wfd = ~0;
737	opts->privport = 0;
738
739	if (!params)
740		return 0;
741
742	tmp_options = kstrdup(params, GFP_KERNEL);
743	if (!tmp_options) {
744		p9_debug(P9_DEBUG_ERROR,
745			 "failed to allocate copy of option string\n");
746		return -ENOMEM;
747	}
748	options = tmp_options;
749
750	while ((p = strsep(&options, ",")) != NULL) {
751		int token;
752		int r;
753		if (!*p)
754			continue;
755		token = match_token(p, tokens, args);
756		if ((token != Opt_err) && (token != Opt_privport)) {
757			r = match_int(&args[0], &option);
758			if (r < 0) {
759				p9_debug(P9_DEBUG_ERROR,
760					 "integer field, but no integer?\n");
761				continue;
762			}
763		}
764		switch (token) {
765		case Opt_port:
766			opts->port = option;
767			break;
768		case Opt_rfdno:
769			opts->rfd = option;
770			break;
771		case Opt_wfdno:
772			opts->wfd = option;
773			break;
774		case Opt_privport:
775			opts->privport = 1;
776			break;
777		default:
778			continue;
779		}
780	}
781
782	kfree(tmp_options);
783	return 0;
784}
785
786static int p9_fd_open(struct p9_client *client, int rfd, int wfd)
787{
788	struct p9_trans_fd *ts = kzalloc(sizeof(struct p9_trans_fd),
789					   GFP_KERNEL);
790	if (!ts)
791		return -ENOMEM;
792
793	ts->rd = fget(rfd);
794	ts->wr = fget(wfd);
795	if (!ts->rd || !ts->wr) {
796		if (ts->rd)
797			fput(ts->rd);
798		if (ts->wr)
799			fput(ts->wr);
800		kfree(ts);
801		return -EIO;
802	}
803
804	client->trans = ts;
805	client->status = Connected;
806
807	return 0;
808}
809
810static int p9_socket_open(struct p9_client *client, struct socket *csocket)
811{
812	struct p9_trans_fd *p;
813	struct file *file;
814
815	p = kzalloc(sizeof(struct p9_trans_fd), GFP_KERNEL);
816	if (!p)
817		return -ENOMEM;
818
819	csocket->sk->sk_allocation = GFP_NOIO;
820	file = sock_alloc_file(csocket, 0, NULL);
821	if (IS_ERR(file)) {
822		pr_err("%s (%d): failed to map fd\n",
823		       __func__, task_pid_nr(current));
824		sock_release(csocket);
825		kfree(p);
826		return PTR_ERR(file);
827	}
828
829	get_file(file);
830	p->wr = p->rd = file;
831	client->trans = p;
832	client->status = Connected;
833
834	p->rd->f_flags |= O_NONBLOCK;
835
836	p9_conn_create(client);
837	return 0;
838}
839
840/**
841 * p9_mux_destroy - cancels all pending requests of mux
842 * @m: mux to destroy
843 *
844 */
845
846static void p9_conn_destroy(struct p9_conn *m)
847{
848	p9_debug(P9_DEBUG_TRANS, "mux %p prev %p next %p\n",
849		 m, m->mux_list.prev, m->mux_list.next);
850
851	p9_mux_poll_stop(m);
852	cancel_work_sync(&m->rq);
853	cancel_work_sync(&m->wq);
854
855	p9_conn_cancel(m, -ECONNRESET);
856
857	m->client = NULL;
858}
859
860/**
861 * p9_fd_close - shutdown file descriptor transport
862 * @client: client instance
863 *
864 */
865
866static void p9_fd_close(struct p9_client *client)
867{
868	struct p9_trans_fd *ts;
869
870	if (!client)
871		return;
872
873	ts = client->trans;
874	if (!ts)
875		return;
876
877	client->status = Disconnected;
878
879	p9_conn_destroy(&ts->conn);
880
881	if (ts->rd)
882		fput(ts->rd);
883	if (ts->wr)
884		fput(ts->wr);
885
886	kfree(ts);
887}
888
889/*
890 * stolen from NFS - maybe should be made a generic function?
891 */
892static inline int valid_ipaddr4(const char *buf)
893{
894	int rc, count, in[4];
895
896	rc = sscanf(buf, "%d.%d.%d.%d", &in[0], &in[1], &in[2], &in[3]);
897	if (rc != 4)
898		return -EINVAL;
899	for (count = 0; count < 4; count++) {
900		if (in[count] > 255)
901			return -EINVAL;
902	}
903	return 0;
904}
905
906static int p9_bind_privport(struct socket *sock)
907{
908	struct sockaddr_in cl;
909	int port, err = -EINVAL;
910
911	memset(&cl, 0, sizeof(cl));
912	cl.sin_family = AF_INET;
913	cl.sin_addr.s_addr = INADDR_ANY;
914	for (port = p9_ipport_resv_max; port >= p9_ipport_resv_min; port--) {
915		cl.sin_port = htons((ushort)port);
916		err = kernel_bind(sock, (struct sockaddr *)&cl, sizeof(cl));
917		if (err != -EADDRINUSE)
918			break;
919	}
920	return err;
921}
922
923
924static int
925p9_fd_create_tcp(struct p9_client *client, const char *addr, char *args)
926{
927	int err;
928	struct socket *csocket;
929	struct sockaddr_in sin_server;
930	struct p9_fd_opts opts;
931
932	err = parse_opts(args, &opts);
933	if (err < 0)
934		return err;
935
936	if (valid_ipaddr4(addr) < 0)
937		return -EINVAL;
938
939	csocket = NULL;
940
941	sin_server.sin_family = AF_INET;
942	sin_server.sin_addr.s_addr = in_aton(addr);
943	sin_server.sin_port = htons(opts.port);
944	err = __sock_create(current->nsproxy->net_ns, PF_INET,
945			    SOCK_STREAM, IPPROTO_TCP, &csocket, 1);
946	if (err) {
947		pr_err("%s (%d): problem creating socket\n",
948		       __func__, task_pid_nr(current));
949		return err;
950	}
951
952	if (opts.privport) {
953		err = p9_bind_privport(csocket);
954		if (err < 0) {
955			pr_err("%s (%d): problem binding to privport\n",
956			       __func__, task_pid_nr(current));
957			sock_release(csocket);
958			return err;
959		}
960	}
961
962	err = csocket->ops->connect(csocket,
963				    (struct sockaddr *)&sin_server,
964				    sizeof(struct sockaddr_in), 0);
965	if (err < 0) {
966		pr_err("%s (%d): problem connecting socket to %s\n",
967		       __func__, task_pid_nr(current), addr);
968		sock_release(csocket);
969		return err;
970	}
971
972	return p9_socket_open(client, csocket);
973}
974
975static int
976p9_fd_create_unix(struct p9_client *client, const char *addr, char *args)
977{
978	int err;
979	struct socket *csocket;
980	struct sockaddr_un sun_server;
981
982	csocket = NULL;
983
984	if (strlen(addr) >= UNIX_PATH_MAX) {
985		pr_err("%s (%d): address too long: %s\n",
986		       __func__, task_pid_nr(current), addr);
987		return -ENAMETOOLONG;
988	}
989
990	sun_server.sun_family = PF_UNIX;
991	strcpy(sun_server.sun_path, addr);
992	err = __sock_create(current->nsproxy->net_ns, PF_UNIX,
993			    SOCK_STREAM, 0, &csocket, 1);
994	if (err < 0) {
995		pr_err("%s (%d): problem creating socket\n",
996		       __func__, task_pid_nr(current));
997
998		return err;
999	}
1000	err = csocket->ops->connect(csocket, (struct sockaddr *)&sun_server,
1001			sizeof(struct sockaddr_un) - 1, 0);
1002	if (err < 0) {
1003		pr_err("%s (%d): problem connecting socket: %s: %d\n",
1004		       __func__, task_pid_nr(current), addr, err);
1005		sock_release(csocket);
1006		return err;
1007	}
1008
1009	return p9_socket_open(client, csocket);
1010}
1011
1012static int
1013p9_fd_create(struct p9_client *client, const char *addr, char *args)
1014{
1015	int err;
1016	struct p9_fd_opts opts;
1017
1018	parse_opts(args, &opts);
1019
1020	if (opts.rfd == ~0 || opts.wfd == ~0) {
1021		pr_err("Insufficient options for proto=fd\n");
1022		return -ENOPROTOOPT;
1023	}
1024
1025	err = p9_fd_open(client, opts.rfd, opts.wfd);
1026	if (err < 0)
1027		return err;
1028
1029	p9_conn_create(client);
1030
1031	return 0;
1032}
1033
1034static struct p9_trans_module p9_tcp_trans = {
1035	.name = "tcp",
1036	.maxsize = MAX_SOCK_BUF,
1037	.def = 0,
1038	.create = p9_fd_create_tcp,
1039	.close = p9_fd_close,
1040	.request = p9_fd_request,
1041	.cancel = p9_fd_cancel,
1042	.cancelled = p9_fd_cancelled,
1043	.owner = THIS_MODULE,
1044};
1045
1046static struct p9_trans_module p9_unix_trans = {
1047	.name = "unix",
1048	.maxsize = MAX_SOCK_BUF,
1049	.def = 0,
1050	.create = p9_fd_create_unix,
1051	.close = p9_fd_close,
1052	.request = p9_fd_request,
1053	.cancel = p9_fd_cancel,
1054	.cancelled = p9_fd_cancelled,
1055	.owner = THIS_MODULE,
1056};
1057
1058static struct p9_trans_module p9_fd_trans = {
1059	.name = "fd",
1060	.maxsize = MAX_SOCK_BUF,
1061	.def = 0,
1062	.create = p9_fd_create,
1063	.close = p9_fd_close,
1064	.request = p9_fd_request,
1065	.cancel = p9_fd_cancel,
1066	.cancelled = p9_fd_cancelled,
1067	.owner = THIS_MODULE,
1068};
1069
1070/**
1071 * p9_poll_proc - poll worker thread
1072 * @a: thread state and arguments
1073 *
1074 * polls all v9fs transports for new events and queues the appropriate
1075 * work to the work queue
1076 *
1077 */
1078
1079static void p9_poll_workfn(struct work_struct *work)
1080{
1081	unsigned long flags;
1082
1083	p9_debug(P9_DEBUG_TRANS, "start %p\n", current);
1084
1085	spin_lock_irqsave(&p9_poll_lock, flags);
1086	while (!list_empty(&p9_poll_pending_list)) {
1087		struct p9_conn *conn = list_first_entry(&p9_poll_pending_list,
1088							struct p9_conn,
1089							poll_pending_link);
1090		list_del_init(&conn->poll_pending_link);
1091		spin_unlock_irqrestore(&p9_poll_lock, flags);
1092
1093		p9_poll_mux(conn);
1094
1095		spin_lock_irqsave(&p9_poll_lock, flags);
1096	}
1097	spin_unlock_irqrestore(&p9_poll_lock, flags);
1098
1099	p9_debug(P9_DEBUG_TRANS, "finish\n");
1100}
1101
1102int p9_trans_fd_init(void)
1103{
1104	v9fs_register_trans(&p9_tcp_trans);
1105	v9fs_register_trans(&p9_unix_trans);
1106	v9fs_register_trans(&p9_fd_trans);
1107
1108	return 0;
1109}
1110
1111void p9_trans_fd_exit(void)
1112{
1113	flush_work(&p9_poll_work);
1114	v9fs_unregister_trans(&p9_tcp_trans);
1115	v9fs_unregister_trans(&p9_unix_trans);
1116	v9fs_unregister_trans(&p9_fd_trans);
1117}
1118