search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libc: Include <unistd.h> for ftell/ftruncate/truncate prototypes.
[dragonfly.git] / lib / libdmsg / msg.c
blobb15dfc93f3c1e367cc1059ca49edaac1a4527693
1 /*
2 * Copyright (c) 2011-2015 The DragonFly Project. All rights reserved.
3 *
4 * This code is derived from software contributed to The DragonFly Project
5 * by Matthew Dillon <dillon@dragonflybsd.org>
6 * by Venkatesh Srinivas <vsrinivas@dragonflybsd.org>
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 * 3. Neither the name of The DragonFly Project nor the names of its
19 * contributors may be used to endorse or promote products derived
20 * from this software without specific, prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
27 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
28 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
29 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
30 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
31 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
32 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include "dmsg_local.h"
37
38 #define DMSG_BLOCK_DEBUG
39
40 int DMsgDebugOpt;
41 int dmsg_state_count;
42 #ifdef DMSG_BLOCK_DEBUG
43 static int biocount;
44 #endif
45
46 static int dmsg_state_msgrx(dmsg_msg_t *msg, int mstate);
47 static void dmsg_state_cleanuptx(dmsg_iocom_t *iocom, dmsg_msg_t *msg);
48 static void dmsg_msg_free_locked(dmsg_msg_t *msg);
49 static void dmsg_state_free(dmsg_state_t *state);
50 static void dmsg_subq_delete(dmsg_state_t *state);
51 static void dmsg_simulate_failure(dmsg_state_t *state, int meto, int error);
52 static void dmsg_state_abort(dmsg_state_t *state);
53 static void dmsg_state_dying(dmsg_state_t *state);
54
55 RB_GENERATE(dmsg_state_tree, dmsg_state, rbnode, dmsg_state_cmp);
56
57 /*
58 * STATE TREE - Represents open transactions which are indexed by their
59 * { msgid } relative to the governing iocom.
60 */
61 int
62 dmsg_state_cmp(dmsg_state_t *state1, dmsg_state_t *state2)
63 {
64 if (state1->msgid < state2->msgid)
65 return(-1);
66 if (state1->msgid > state2->msgid)
67 return(1);
68 return(0);
69 }
70
71 /*
72 * Initialize a low-level ioq
73 */
74 void
75 dmsg_ioq_init(dmsg_iocom_t *iocom __unused, dmsg_ioq_t *ioq)
76 {
77 bzero(ioq, sizeof(*ioq));
78 ioq->state = DMSG_MSGQ_STATE_HEADER1;
79 TAILQ_INIT(&ioq->msgq);
80 }
81
82 /*
83 * Cleanup queue.
84 *
85 * caller holds iocom->mtx.
86 */
87 void
88 dmsg_ioq_done(dmsg_iocom_t *iocom __unused, dmsg_ioq_t *ioq)
89 {
90 dmsg_msg_t *msg;
91
92 while ((msg = TAILQ_FIRST(&ioq->msgq)) != NULL) {
93 assert(0); /* shouldn't happen */
94 TAILQ_REMOVE(&ioq->msgq, msg, qentry);
95 dmsg_msg_free(msg);
96 }
97 if ((msg = ioq->msg) != NULL) {
98 ioq->msg = NULL;
99 dmsg_msg_free(msg);
100 }
101 }
102
103 /*
104 * Initialize a low-level communications channel.
105 *
106 * NOTE: The signal_func() is called at least once from the loop and can be
107 * re-armed via dmsg_iocom_restate().
108 */
109 void
110 dmsg_iocom_init(dmsg_iocom_t *iocom, int sock_fd, int alt_fd,
111 void (*signal_func)(dmsg_iocom_t *iocom),
112 void (*rcvmsg_func)(dmsg_msg_t *msg),
113 void (*usrmsg_func)(dmsg_msg_t *msg, int unmanaged),
114 void (*altmsg_func)(dmsg_iocom_t *iocom))
115 {
116 struct stat st;
117
118 bzero(iocom, sizeof(*iocom));
119
120 asprintf(&iocom->label, "iocom-%p", iocom);
121 iocom->signal_callback = signal_func;
122 iocom->rcvmsg_callback = rcvmsg_func;
123 iocom->altmsg_callback = altmsg_func;
124 iocom->usrmsg_callback = usrmsg_func;
125
126 pthread_mutex_init(&iocom->mtx, NULL);
127 RB_INIT(&iocom->staterd_tree);
128 RB_INIT(&iocom->statewr_tree);
129 TAILQ_INIT(&iocom->txmsgq);
130 iocom->sock_fd = sock_fd;
131 iocom->alt_fd = alt_fd;
132 iocom->flags = DMSG_IOCOMF_RREQ | DMSG_IOCOMF_CLOSEALT;
133 if (signal_func)
134 iocom->flags |= DMSG_IOCOMF_SWORK;
135 dmsg_ioq_init(iocom, &iocom->ioq_rx);
136 dmsg_ioq_init(iocom, &iocom->ioq_tx);
137 iocom->state0.refs = 1; /* should never trigger a free */
138 iocom->state0.iocom = iocom;
139 iocom->state0.parent = &iocom->state0;
140 iocom->state0.flags = DMSG_STATE_ROOT;
141 TAILQ_INIT(&iocom->state0.subq);
142
143 if (pipe(iocom->wakeupfds) < 0)
144 assert(0);
145 fcntl(iocom->wakeupfds[0], F_SETFL, O_NONBLOCK);
146 fcntl(iocom->wakeupfds[1], F_SETFL, O_NONBLOCK);
147
148 /*
149 * Negotiate session crypto synchronously. This will mark the
150 * connection as error'd if it fails. If this is a pipe it's
151 * a linkage that we set up ourselves to the filesystem and there
152 * is no crypto.
153 */
154 if (fstat(sock_fd, &st) < 0)
155 assert(0);
156 if (S_ISSOCK(st.st_mode))
157 dmsg_crypto_negotiate(iocom);
158
159 /*
160 * Make sure our fds are set to non-blocking for the iocom core.
161 */
162 if (sock_fd >= 0)
163 fcntl(sock_fd, F_SETFL, O_NONBLOCK);
164 #if 0
165 /* if line buffered our single fgets() should be fine */
166 if (alt_fd >= 0)
167 fcntl(alt_fd, F_SETFL, O_NONBLOCK);
168 #endif
169 }
170
171 void
172 dmsg_iocom_label(dmsg_iocom_t *iocom, const char *ctl, ...)
173 {
174 va_list va;
175 char *optr;
176
177 va_start(va, ctl);
178 optr = iocom->label;
179 vasprintf(&iocom->label, ctl, va);
180 va_end(va);
181 if (optr)
182 free(optr);
183 }
184
185 /*
186 * May only be called from a callback from iocom_core.
187 *
188 * Adjust state machine functions, set flags to guarantee that both
189 * the recevmsg_func and the sendmsg_func is called at least once.
190 */
191 void
192 dmsg_iocom_restate(dmsg_iocom_t *iocom,
193 void (*signal_func)(dmsg_iocom_t *),
194 void (*rcvmsg_func)(dmsg_msg_t *msg))
195 {
196 pthread_mutex_lock(&iocom->mtx);
197 iocom->signal_callback = signal_func;
198 iocom->rcvmsg_callback = rcvmsg_func;
199 if (signal_func)
200 atomic_set_int(&iocom->flags, DMSG_IOCOMF_SWORK);
201 else
202 atomic_clear_int(&iocom->flags, DMSG_IOCOMF_SWORK);
203 pthread_mutex_unlock(&iocom->mtx);
204 }
205
206 void
207 dmsg_iocom_signal(dmsg_iocom_t *iocom)
208 {
209 pthread_mutex_lock(&iocom->mtx);
210 if (iocom->signal_callback)
211 atomic_set_int(&iocom->flags, DMSG_IOCOMF_SWORK);
212 pthread_mutex_unlock(&iocom->mtx);
213 }
214
215 /*
216 * Cleanup a terminating iocom.
217 *
218 * Caller should not hold iocom->mtx. The iocom has already been disconnected
219 * from all possible references to it.
220 */
221 void
222 dmsg_iocom_done(dmsg_iocom_t *iocom)
223 {
224 if (iocom->sock_fd >= 0) {
225 close(iocom->sock_fd);
226 iocom->sock_fd = -1;
227 }
228 if (iocom->alt_fd >= 0 && (iocom->flags & DMSG_IOCOMF_CLOSEALT)) {
229 close(iocom->alt_fd);
230 iocom->alt_fd = -1;
231 }
232 dmsg_ioq_done(iocom, &iocom->ioq_rx);
233 dmsg_ioq_done(iocom, &iocom->ioq_tx);
234 if (iocom->wakeupfds[0] >= 0) {
235 close(iocom->wakeupfds[0]);
236 iocom->wakeupfds[0] = -1;
237 }
238 if (iocom->wakeupfds[1] >= 0) {
239 close(iocom->wakeupfds[1]);
240 iocom->wakeupfds[1] = -1;
241 }
242 pthread_mutex_destroy(&iocom->mtx);
243 }
244
245 /*
246 * Allocate a new message using the specified transaction state.
247 *
248 * If CREATE is set a new transaction is allocated relative to the passed-in
249 * transaction (the 'state' argument becomes pstate).
250 *
251 * If CREATE is not set the message is associated with the passed-in
252 * transaction.
253 */
254 dmsg_msg_t *
255 dmsg_msg_alloc(dmsg_state_t *state,
256 size_t aux_size, uint32_t cmd,
257 void (*func)(dmsg_msg_t *), void *data)
258 {
259 dmsg_iocom_t *iocom = state->iocom;
260 dmsg_msg_t *msg;
261
262 pthread_mutex_lock(&iocom->mtx);
263 msg = dmsg_msg_alloc_locked(state, aux_size, cmd, func, data);
264 pthread_mutex_unlock(&iocom->mtx);
265
266 return msg;
267 }
268
269 dmsg_msg_t *
270 dmsg_msg_alloc_locked(dmsg_state_t *state,
271 size_t aux_size, uint32_t cmd,
272 void (*func)(dmsg_msg_t *), void *data)
273 {
274 dmsg_iocom_t *iocom = state->iocom;
275 dmsg_state_t *pstate;
276 dmsg_msg_t *msg;
277 int hbytes;
278 size_t aligned_size;
279
280 aligned_size = DMSG_DOALIGN(aux_size);
281 if ((cmd & (DMSGF_CREATE | DMSGF_REPLY)) == DMSGF_CREATE) {
282 /*
283 * When CREATE is set without REPLY the caller is
284 * initiating a new transaction stacked under the specified
285 * circuit.
286 *
287 * It is possible to race a circuit failure, inherit the
288 * parent's STATE_DYING flag to trigger an abort sequence
289 * in the transmit path. By not inheriting ABORTING the
290 * abort sequence can recurse.
291 *
292 * NOTE: CREATE in txcmd handled by dmsg_msg_write()
293 * NOTE: DELETE in txcmd handled by dmsg_state_cleanuptx()
294 */
295 pstate = state;
296 state = malloc(sizeof(*state));
297 bzero(state, sizeof(*state));
298 atomic_add_int(&dmsg_state_count, 1);
299
300 TAILQ_INIT(&state->subq);
301 state->parent = pstate;
302 state->iocom = iocom;
303 state->flags = DMSG_STATE_DYNAMIC;
304 state->msgid = (uint64_t)(uintptr_t)state;
305 state->txcmd = cmd & ~(DMSGF_CREATE | DMSGF_DELETE);
306 state->rxcmd = DMSGF_REPLY;
307 state->icmd = state->txcmd & DMSGF_BASECMDMASK;
308 state->func = func;
309 state->any.any = data;
310
311 state->flags |= DMSG_STATE_SUBINSERTED |
312 DMSG_STATE_RBINSERTED;
313 state->flags |= pstate->flags & DMSG_STATE_DYING;
314 if (TAILQ_EMPTY(&pstate->subq))
315 dmsg_state_hold(pstate);
316 RB_INSERT(dmsg_state_tree, &iocom->statewr_tree, state);
317 TAILQ_INSERT_TAIL(&pstate->subq, state, entry);
318 dmsg_state_hold(state); /* state on pstate->subq */
319 dmsg_state_hold(state); /* state on rbtree */
320 dmsg_state_hold(state); /* msg->state */
321 } else {
322 /*
323 * Otherwise the message is transmitted over the existing
324 * open transaction.
325 */
326 pstate = state->parent;
327 dmsg_state_hold(state); /* msg->state */
328 }
329
330 /* XXX SMP race for state */
331 hbytes = (cmd & DMSGF_SIZE) * DMSG_ALIGN;
332 assert((size_t)hbytes >= sizeof(struct dmsg_hdr));
333 msg = malloc(offsetof(struct dmsg_msg, any.head) + hbytes);
334 bzero(msg, offsetof(struct dmsg_msg, any.head));
335
336 /*
337 * [re]allocate the auxillary data buffer. The caller knows that
338 * a size-aligned buffer will be allocated but we do not want to
339 * force the caller to zero any tail piece, so we do that ourself.
340 */
341 if (msg->aux_size != aux_size) {
342 if (msg->aux_data) {
343 free(msg->aux_data);
344 msg->aux_data = NULL;
345 msg->aux_size = 0;
346 }
347 if (aux_size) {
348 msg->aux_data = malloc(aligned_size);
349 msg->aux_size = aux_size;
350 if (aux_size != aligned_size) {
351 bzero(msg->aux_data + aux_size,
352 aligned_size - aux_size);
353 }
354 }
355 }
356
357 /*
358 * Set REVTRANS if the transaction was remotely initiated
359 * Set REVCIRC if the circuit was remotely initiated
360 */
361 if (state->flags & DMSG_STATE_OPPOSITE)
362 cmd |= DMSGF_REVTRANS;
363 if (pstate->flags & DMSG_STATE_OPPOSITE)
364 cmd |= DMSGF_REVCIRC;
365
366 /*
367 * Finish filling out the header.
368 */
369 bzero(&msg->any.head, hbytes);
370 msg->hdr_size = hbytes;
371 msg->any.head.magic = DMSG_HDR_MAGIC;
372 msg->any.head.cmd = cmd;
373 msg->any.head.aux_descr = 0;
374 msg->any.head.aux_crc = 0;
375 msg->any.head.msgid = state->msgid;
376 msg->any.head.circuit = pstate->msgid;
377 msg->state = state;
378
379 return (msg);
380 }
381
382 /*
383 * Free a message so it can be reused afresh.
384 *
385 * NOTE: aux_size can be 0 with a non-NULL aux_data.
386 */
387 static
388 void
389 dmsg_msg_free_locked(dmsg_msg_t *msg)
390 {
391 dmsg_state_t *state;
392
393 if ((state = msg->state) != NULL) {
394 dmsg_state_drop(state);
395 msg->state = NULL; /* safety */
396 }
397 if (msg->aux_data) {
398 free(msg->aux_data);
399 msg->aux_data = NULL; /* safety */
400 }
401 msg->aux_size = 0;
402 free (msg);
403 }
404
405 void
406 dmsg_msg_free(dmsg_msg_t *msg)
407 {
408 dmsg_iocom_t *iocom = msg->state->iocom;
409
410 pthread_mutex_lock(&iocom->mtx);
411 dmsg_msg_free_locked(msg);
412 pthread_mutex_unlock(&iocom->mtx);
413 }
414
415 /*
416 * I/O core loop for an iocom.
417 *
418 * Thread localized, iocom->mtx not held.
419 */
420 void
421 dmsg_iocom_core(dmsg_iocom_t *iocom)
422 {
423 struct pollfd fds[3];
424 char dummybuf[256];
425 dmsg_msg_t *msg;
426 int timeout;
427 int count;
428 int wi; /* wakeup pipe */
429 int si; /* socket */
430 int ai; /* alt bulk path socket */
431
432 while ((iocom->flags & DMSG_IOCOMF_EOF) == 0) {
433 /*
434 * These iocom->flags are only manipulated within the
435 * context of the current thread. However, modifications
436 * still require atomic ops.
437 */
438 dmio_printf(iocom, 5, "iocom %p %08x\n",
439 iocom, iocom->flags);
440 if ((iocom->flags & (DMSG_IOCOMF_RWORK |
441 DMSG_IOCOMF_WWORK |
442 DMSG_IOCOMF_PWORK |
443 DMSG_IOCOMF_SWORK |
444 DMSG_IOCOMF_ARWORK |
445 DMSG_IOCOMF_AWWORK)) == 0) {
446 /*
447 * Only poll if no immediate work is pending.
448 * Otherwise we are just wasting our time calling
449 * poll.
450 */
451 timeout = 5000;
452
453 count = 0;
454 wi = -1;
455 si = -1;
456 ai = -1;
457
458 /*
459 * Always check the inter-thread pipe, e.g.
460 * for iocom->txmsgq work.
461 */
462 wi = count++;
463 fds[wi].fd = iocom->wakeupfds[0];
464 fds[wi].events = POLLIN;
465 fds[wi].revents = 0;
466
467 /*
468 * Check the socket input/output direction as
469 * requested
470 */
471 if (iocom->flags & (DMSG_IOCOMF_RREQ |
472 DMSG_IOCOMF_WREQ)) {
473 si = count++;
474 fds[si].fd = iocom->sock_fd;
475 fds[si].events = 0;
476 fds[si].revents = 0;
477
478 if (iocom->flags & DMSG_IOCOMF_RREQ)
479 fds[si].events |= POLLIN;
480 if (iocom->flags & DMSG_IOCOMF_WREQ)
481 fds[si].events |= POLLOUT;
482 }
483
484 /*
485 * Check the alternative fd for work.
486 */
487 if (iocom->alt_fd >= 0) {
488 ai = count++;
489 fds[ai].fd = iocom->alt_fd;
490 fds[ai].events = POLLIN;
491 fds[ai].revents = 0;
492 }
493 poll(fds, count, timeout);
494
495 if (wi >= 0 && (fds[wi].revents & POLLIN))
496 atomic_set_int(&iocom->flags,
497 DMSG_IOCOMF_PWORK);
498 if (si >= 0 && (fds[si].revents & POLLIN))
499 atomic_set_int(&iocom->flags,
500 DMSG_IOCOMF_RWORK);
501 if (si >= 0 && (fds[si].revents & POLLOUT))
502 atomic_set_int(&iocom->flags,
503 DMSG_IOCOMF_WWORK);
504 if (wi >= 0 && (fds[wi].revents & POLLOUT))
505 atomic_set_int(&iocom->flags,
506 DMSG_IOCOMF_WWORK);
507 if (ai >= 0 && (fds[ai].revents & POLLIN))
508 atomic_set_int(&iocom->flags,
509 DMSG_IOCOMF_ARWORK);
510 } else {
511 /*
512 * Always check the pipe
513 */
514 atomic_set_int(&iocom->flags, DMSG_IOCOMF_PWORK);
515 }
516
517 if (iocom->flags & DMSG_IOCOMF_SWORK) {
518 atomic_clear_int(&iocom->flags, DMSG_IOCOMF_SWORK);
519 iocom->signal_callback(iocom);
520 }
521
522 /*
523 * Pending message queues from other threads wake us up
524 * with a write to the wakeupfds[] pipe. We have to clear
525 * the pipe with a dummy read.
526 */
527 if (iocom->flags & DMSG_IOCOMF_PWORK) {
528 atomic_clear_int(&iocom->flags, DMSG_IOCOMF_PWORK);
529 read(iocom->wakeupfds[0], dummybuf, sizeof(dummybuf));
530 atomic_set_int(&iocom->flags, DMSG_IOCOMF_RWORK);
531 atomic_set_int(&iocom->flags, DMSG_IOCOMF_WWORK);
532 }
533
534 /*
535 * Message write sequencing
536 */
537 if (iocom->flags & DMSG_IOCOMF_WWORK)
538 dmsg_iocom_flush1(iocom);
539
540 /*
541 * Message read sequencing. Run this after the write
542 * sequencing in case the write sequencing allowed another
543 * auto-DELETE to occur on the read side.
544 */
545 if (iocom->flags & DMSG_IOCOMF_RWORK) {
546 while ((iocom->flags & DMSG_IOCOMF_EOF) == 0 &&
547 (msg = dmsg_ioq_read(iocom)) != NULL) {
548 dmio_printf(iocom, 4, "receive %s\n",
549 dmsg_msg_str(msg));
550 iocom->rcvmsg_callback(msg);
551 pthread_mutex_lock(&iocom->mtx);
552 dmsg_state_cleanuprx(iocom, msg);
553 pthread_mutex_unlock(&iocom->mtx);
554 }
555 }
556
557 if (iocom->flags & DMSG_IOCOMF_ARWORK) {
558 atomic_clear_int(&iocom->flags, DMSG_IOCOMF_ARWORK);
559 iocom->altmsg_callback(iocom);
560 }
561 }
562 }
563
564 /*
565 * Make sure there's enough room in the FIFO to hold the
566 * needed data.
567 *
568 * Assume worst case encrypted form is 2x the size of the
569 * plaintext equivalent.
570 */
571 static
572 size_t
573 dmsg_ioq_makeroom(dmsg_ioq_t *ioq, size_t needed)
574 {
575 size_t bytes;
576 size_t nmax;
577
578 bytes = ioq->fifo_cdx - ioq->fifo_beg;
579 nmax = sizeof(ioq->buf) - ioq->fifo_end;
580 if (bytes + nmax / 2 < needed) {
581 if (bytes) {
582 bcopy(ioq->buf + ioq->fifo_beg,
583 ioq->buf,
584 bytes);
585 }
586 ioq->fifo_cdx -= ioq->fifo_beg;
587 ioq->fifo_beg = 0;
588 if (ioq->fifo_cdn < ioq->fifo_end) {
589 bcopy(ioq->buf + ioq->fifo_cdn,
590 ioq->buf + ioq->fifo_cdx,
591 ioq->fifo_end - ioq->fifo_cdn);
592 }
593 ioq->fifo_end -= ioq->fifo_cdn - ioq->fifo_cdx;
594 ioq->fifo_cdn = ioq->fifo_cdx;
595 nmax = sizeof(ioq->buf) - ioq->fifo_end;
596 }
597 return(nmax);
598 }
599
600 /*
601 * Read the next ready message from the ioq, issuing I/O if needed.
602 * Caller should retry on a read-event when NULL is returned.
603 *
604 * If an error occurs during reception a DMSG_LNK_ERROR msg will
605 * be returned for each open transaction, then the ioq and iocom
606 * will be errored out and a non-transactional DMSG_LNK_ERROR
607 * msg will be returned as the final message. The caller should not call
608 * us again after the final message is returned.
609 *
610 * Thread localized, iocom->mtx not held.
611 */
612 dmsg_msg_t *
613 dmsg_ioq_read(dmsg_iocom_t *iocom)
614 {
615 dmsg_ioq_t *ioq = &iocom->ioq_rx;
616 dmsg_msg_t *msg;
617 dmsg_hdr_t *head;
618 ssize_t n;
619 size_t bytes;
620 size_t nmax;
621 uint32_t aux_size;
622 uint32_t xcrc32;
623 int error;
624
625 again:
626 /*
627 * If a message is already pending we can just remove and
628 * return it. Message state has already been processed.
629 * (currently not implemented)
630 */
631 if ((msg = TAILQ_FIRST(&ioq->msgq)) != NULL) {
632 TAILQ_REMOVE(&ioq->msgq, msg, qentry);
633
634 if (msg->state == &iocom->state0) {
635 atomic_set_int(&iocom->flags, DMSG_IOCOMF_EOF);
636 dmio_printf(iocom, 1,
637 "EOF ON SOCKET %d\n",
638 iocom->sock_fd);
639 }
640 return (msg);
641 }
642 atomic_clear_int(&iocom->flags, DMSG_IOCOMF_RREQ | DMSG_IOCOMF_RWORK);
643
644 /*
645 * If the stream is errored out we stop processing it.
646 */
647 if (ioq->error)
648 goto skip;
649
650 /*
651 * Message read in-progress (msg is NULL at the moment). We don't
652 * allocate a msg until we have its core header.
653 */
654 nmax = sizeof(ioq->buf) - ioq->fifo_end;
655 bytes = ioq->fifo_cdx - ioq->fifo_beg; /* already decrypted */
656 msg = ioq->msg;
657
658 switch(ioq->state) {
659 case DMSG_MSGQ_STATE_HEADER1:
660 /*
661 * Load the primary header, fail on any non-trivial read
662 * error or on EOF. Since the primary header is the same
663 * size is the message alignment it will never straddle
664 * the end of the buffer.
665 */
666 nmax = dmsg_ioq_makeroom(ioq, sizeof(msg->any.head));
667 if (bytes < sizeof(msg->any.head)) {
668 n = read(iocom->sock_fd,
669 ioq->buf + ioq->fifo_end,
670 nmax);
671 if (n <= 0) {
672 if (n == 0) {
673 ioq->error = DMSG_IOQ_ERROR_EOF;
674 break;
675 }
676 if (errno != EINTR &&
677 errno != EINPROGRESS &&
678 errno != EAGAIN) {
679 ioq->error = DMSG_IOQ_ERROR_SOCK;
680 break;
681 }
682 n = 0;
683 /* fall through */
684 }
685 ioq->fifo_end += (size_t)n;
686 nmax -= (size_t)n;
687 }
688
689 /*
690 * Decrypt data received so far. Data will be decrypted
691 * in-place but might create gaps in the FIFO. Partial
692 * blocks are not immediately decrypted.
693 *
694 * WARNING! The header might be in the wrong endian, we
695 * do not fix it up until we get the entire
696 * extended header.
697 */
698 if (iocom->flags & DMSG_IOCOMF_CRYPTED) {
699 dmsg_crypto_decrypt(iocom, ioq);
700 } else {
701 ioq->fifo_cdx = ioq->fifo_end;
702 ioq->fifo_cdn = ioq->fifo_end;
703 }
704 bytes = ioq->fifo_cdx - ioq->fifo_beg;
705
706 /*
707 * Insufficient data accumulated (msg is NULL, caller will
708 * retry on event).
709 */
710 assert(msg == NULL);
711 if (bytes < sizeof(msg->any.head))
712 break;
713
714 /*
715 * Check and fixup the core header. Note that the icrc
716 * has to be calculated before any fixups, but the crc
717 * fields in the msg may have to be swapped like everything
718 * else.
719 */
720 head = (void *)(ioq->buf + ioq->fifo_beg);
721 if (head->magic != DMSG_HDR_MAGIC &&
722 head->magic != DMSG_HDR_MAGIC_REV) {
723 dmio_printf(iocom, 1,
724 "%s: head->magic is bad %02x\n",
725 iocom->label, head->magic);
726 if (iocom->flags & DMSG_IOCOMF_CRYPTED)
727 dmio_printf(iocom, 1, "%s\n",
728 "(on encrypted link)");
729 ioq->error = DMSG_IOQ_ERROR_SYNC;
730 break;
731 }
732
733 /*
734 * Calculate the full header size and aux data size
735 */
736 if (head->magic == DMSG_HDR_MAGIC_REV) {
737 ioq->hbytes = (bswap32(head->cmd) & DMSGF_SIZE) *
738 DMSG_ALIGN;
739 aux_size = bswap32(head->aux_bytes);
740 } else {
741 ioq->hbytes = (head->cmd & DMSGF_SIZE) *
742 DMSG_ALIGN;
743 aux_size = head->aux_bytes;
744 }
745 ioq->abytes = DMSG_DOALIGN(aux_size);
746 ioq->unaligned_aux_size = aux_size;
747 if (ioq->hbytes < sizeof(msg->any.head) ||
748 ioq->hbytes > sizeof(msg->any) ||
749 ioq->abytes > DMSG_AUX_MAX) {
750 ioq->error = DMSG_IOQ_ERROR_FIELD;
751 break;
752 }
753
754 /*
755 * Allocate the message, the next state will fill it in.
756 *
757 * NOTE: The aux_data buffer will be sized to an aligned
758 * value and the aligned remainder zero'd for
759 * convenience.
760 *
761 * NOTE: Supply dummy state and a degenerate cmd without
762 * CREATE set. The message will temporarily be
763 * associated with state0 until later post-processing.
764 */
765 msg = dmsg_msg_alloc(&iocom->state0, aux_size,
766 ioq->hbytes / DMSG_ALIGN,
767 NULL, NULL);
768 ioq->msg = msg;
769
770 /*
771 * Fall through to the next state. Make sure that the
772 * extended header does not straddle the end of the buffer.
773 * We still want to issue larger reads into our buffer,
774 * book-keeping is easier if we don't bcopy() yet.
775 *
776 * Make sure there is enough room for bloated encrypt data.
777 */
778 nmax = dmsg_ioq_makeroom(ioq, ioq->hbytes);
779 ioq->state = DMSG_MSGQ_STATE_HEADER2;
780 /* fall through */
781 case DMSG_MSGQ_STATE_HEADER2:
782 /*
783 * Fill out the extended header.
784 */
785 assert(msg != NULL);
786 if (bytes < ioq->hbytes) {
787 assert(nmax > 0);
788 n = read(iocom->sock_fd,
789 ioq->buf + ioq->fifo_end,
790 nmax);
791 if (n <= 0) {
792 if (n == 0) {
793 ioq->error = DMSG_IOQ_ERROR_EOF;
794 break;
795 }
796 if (errno != EINTR &&
797 errno != EINPROGRESS &&
798 errno != EAGAIN) {
799 ioq->error = DMSG_IOQ_ERROR_SOCK;
800 break;
801 }
802 n = 0;
803 /* fall through */
804 }
805 ioq->fifo_end += (size_t)n;
806 nmax -= (size_t)n;
807 }
808
809 if (iocom->flags & DMSG_IOCOMF_CRYPTED) {
810 dmsg_crypto_decrypt(iocom, ioq);
811 } else {
812 ioq->fifo_cdx = ioq->fifo_end;
813 ioq->fifo_cdn = ioq->fifo_end;
814 }
815 bytes = ioq->fifo_cdx - ioq->fifo_beg;
816
817 /*
818 * Insufficient data accumulated (set msg NULL so caller will
819 * retry on event).
820 */
821 if (bytes < ioq->hbytes) {
822 msg = NULL;
823 break;
824 }
825
826 /*
827 * Calculate the extended header, decrypt data received
828 * so far. Handle endian-conversion for the entire extended
829 * header.
830 */
831 head = (void *)(ioq->buf + ioq->fifo_beg);
832
833 /*
834 * Check the CRC.
835 */
836 if (head->magic == DMSG_HDR_MAGIC_REV)
837 xcrc32 = bswap32(head->hdr_crc);
838 else
839 xcrc32 = head->hdr_crc;
840 head->hdr_crc = 0;
841 if (dmsg_icrc32(head, ioq->hbytes) != xcrc32) {
842 ioq->error = DMSG_IOQ_ERROR_XCRC;
843 dmio_printf(iocom, 1, "BAD-XCRC(%08x,%08x) %s\n",
844 xcrc32, dmsg_icrc32(head, ioq->hbytes),
845 dmsg_msg_str(msg));
846 assert(0);
847 break;
848 }
849 head->hdr_crc = xcrc32;
850
851 if (head->magic == DMSG_HDR_MAGIC_REV) {
852 dmsg_bswap_head(head);
853 }
854
855 /*
856 * Copy the extended header into the msg and adjust the
857 * FIFO.
858 */
859 bcopy(head, &msg->any, ioq->hbytes);
860
861 /*
862 * We are either done or we fall-through.
863 */
864 if (ioq->abytes == 0) {
865 ioq->fifo_beg += ioq->hbytes;
866 break;
867 }
868
869 /*
870 * Must adjust bytes (and the state) when falling through.
871 * nmax doesn't change.
872 */
873 ioq->fifo_beg += ioq->hbytes;
874 bytes -= ioq->hbytes;
875 ioq->state = DMSG_MSGQ_STATE_AUXDATA1;
876 /* fall through */
877 case DMSG_MSGQ_STATE_AUXDATA1:
878 /*
879 * Copy the partial or complete [decrypted] payload from
880 * remaining bytes in the FIFO in order to optimize the
881 * makeroom call in the AUXDATA2 state. We have to
882 * fall-through either way so we can check the crc.
883 *
884 * msg->aux_size tracks our aux data.
885 *
886 * (Lets not complicate matters if the data is encrypted,
887 * since the data in-stream is not the same size as the
888 * data decrypted).
889 */
890 if (bytes >= ioq->abytes) {
891 bcopy(ioq->buf + ioq->fifo_beg, msg->aux_data,
892 ioq->abytes);
893 msg->aux_size = ioq->abytes;
894 ioq->fifo_beg += ioq->abytes;
895 assert(ioq->fifo_beg <= ioq->fifo_cdx);
896 assert(ioq->fifo_cdx <= ioq->fifo_cdn);
897 bytes -= ioq->abytes;
898 } else if (bytes) {
899 bcopy(ioq->buf + ioq->fifo_beg, msg->aux_data,
900 bytes);
901 msg->aux_size = bytes;
902 ioq->fifo_beg += bytes;
903 if (ioq->fifo_cdx < ioq->fifo_beg)
904 ioq->fifo_cdx = ioq->fifo_beg;
905 assert(ioq->fifo_beg <= ioq->fifo_cdx);
906 assert(ioq->fifo_cdx <= ioq->fifo_cdn);
907 bytes = 0;
908 } else {
909 msg->aux_size = 0;
910 }
911 ioq->state = DMSG_MSGQ_STATE_AUXDATA2;
912 /* fall through */
913 case DMSG_MSGQ_STATE_AUXDATA2:
914 /*
915 * Make sure there is enough room for more data.
916 */
917 assert(msg);
918 nmax = dmsg_ioq_makeroom(ioq, ioq->abytes - msg->aux_size);
919
920 /*
921 * Read and decrypt more of the payload.
922 */
923 if (msg->aux_size < ioq->abytes) {
924 assert(nmax > 0);
925 assert(bytes == 0);
926 n = read(iocom->sock_fd,
927 ioq->buf + ioq->fifo_end,
928 nmax);
929 if (n <= 0) {
930 if (n == 0) {
931 ioq->error = DMSG_IOQ_ERROR_EOF;
932 break;
933 }
934 if (errno != EINTR &&
935 errno != EINPROGRESS &&
936 errno != EAGAIN) {
937 ioq->error = DMSG_IOQ_ERROR_SOCK;
938 break;
939 }
940 n = 0;
941 /* fall through */
942 }
943 ioq->fifo_end += (size_t)n;
944 nmax -= (size_t)n;
945 }
946
947 if (iocom->flags & DMSG_IOCOMF_CRYPTED) {
948 dmsg_crypto_decrypt(iocom, ioq);
949 } else {
950 ioq->fifo_cdx = ioq->fifo_end;
951 ioq->fifo_cdn = ioq->fifo_end;
952 }
953 bytes = ioq->fifo_cdx - ioq->fifo_beg;
954
955 if (bytes > ioq->abytes - msg->aux_size)
956 bytes = ioq->abytes - msg->aux_size;
957
958 if (bytes) {
959 bcopy(ioq->buf + ioq->fifo_beg,
960 msg->aux_data + msg->aux_size,
961 bytes);
962 msg->aux_size += bytes;
963 ioq->fifo_beg += bytes;
964 }
965
966 /*
967 * Insufficient data accumulated (set msg NULL so caller will
968 * retry on event).
969 *
970 * Assert the auxillary data size is correct, then record the
971 * original unaligned size from the message header.
972 */
973 if (msg->aux_size < ioq->abytes) {
974 msg = NULL;
975 break;
976 }
977 assert(msg->aux_size == ioq->abytes);
978 msg->aux_size = ioq->unaligned_aux_size;
979
980 /*
981 * Check aux_crc, then we are done. Note that the crc
982 * is calculated over the aligned size, not the actual
983 * size.
984 */
985 xcrc32 = dmsg_icrc32(msg->aux_data, ioq->abytes);
986 if (xcrc32 != msg->any.head.aux_crc) {
987 ioq->error = DMSG_IOQ_ERROR_ACRC;
988 dmio_printf(iocom, 1,
989 "iocom: ACRC error %08x vs %08x "
990 "msgid %016jx msgcmd %08x auxsize %d\n",
991 xcrc32,
992 msg->any.head.aux_crc,
993 (intmax_t)msg->any.head.msgid,
994 msg->any.head.cmd,
995 msg->any.head.aux_bytes);
996 break;
997 }
998 break;
999 case DMSG_MSGQ_STATE_ERROR:
1000 /*
1001 * Continued calls to drain recorded transactions (returning
1002 * a LNK_ERROR for each one), before we return the final
1003 * LNK_ERROR.
1004 */
1005 assert(msg == NULL);
1006 break;
1007 default:
1008 /*
1009 * We don't double-return errors, the caller should not
1010 * have called us again after getting an error msg.
1011 */
1012 assert(0);
1013 break;
1014 }
1015
1016 /*
1017 * Check the message sequence. The iv[] should prevent any
1018 * possibility of a replay but we add this check anyway.
1019 */
1020 if (msg && ioq->error == 0) {
1021 if ((msg->any.head.salt & 255) != (ioq->seq & 255)) {
1022 ioq->error = DMSG_IOQ_ERROR_MSGSEQ;
1023 } else {
1024 ++ioq->seq;
1025 }
1026 }
1027
1028 /*
1029 * Handle error, RREQ, or completion
1030 *
1031 * NOTE: nmax and bytes are invalid at this point, we don't bother
1032 * to update them when breaking out.
1033 */
1034 if (ioq->error) {
1035 skip:
1036 /*
1037 * An unrecoverable error causes all active receive
1038 * transactions to be terminated with a LNK_ERROR message.
1039 *
1040 * Once all active transactions are exhausted we set the
1041 * iocom ERROR flag and return a non-transactional LNK_ERROR
1042 * message, which should cause master processing loops to
1043 * terminate.
1044 */
1045 dmio_printf(iocom, 1, "IOQ ERROR %d\n", ioq->error);
1046 assert(ioq->msg == msg);
1047 if (msg) {
1048 dmsg_msg_free(msg);
1049 ioq->msg = NULL;
1050 msg = NULL;
1051 }
1052
1053 /*
1054 * No more I/O read processing
1055 */
1056 ioq->state = DMSG_MSGQ_STATE_ERROR;
1057
1058 /*
1059 * Simulate a remote LNK_ERROR DELETE msg for any open
1060 * transactions, ending with a final non-transactional
1061 * LNK_ERROR (that the session can detect) when no
1062 * transactions remain.
1063 *
1064 * NOTE: Temporarily supply state0 and a degenerate cmd
1065 * without CREATE set. The real state will be
1066 * assigned in the loop.
1067 *
1068 * NOTE: We are simulating a received message using our
1069 * side of the state, so the DMSGF_REV* bits have
1070 * to be reversed.
1071 */
1072 pthread_mutex_lock(&iocom->mtx);
1073 dmsg_iocom_drain(iocom);
1074 dmsg_simulate_failure(&iocom->state0, 0, ioq->error);
1075 pthread_mutex_unlock(&iocom->mtx);
1076 if (TAILQ_FIRST(&ioq->msgq))
1077 goto again;
1078
1079 #if 0
1080 /*
1081 * For the iocom error case we want to set RWORK to indicate
1082 * that more messages might be pending.
1083 *
1084 * It is possible to return NULL when there is more work to
1085 * do because each message has to be DELETEd in both
1086 * directions before we continue on with the next (though
1087 * this could be optimized). The transmit direction will
1088 * re-set RWORK.
1089 */
1090 if (msg)
1091 atomic_set_int(&iocom->flags, DMSG_IOCOMF_RWORK);
1092 #endif
1093 } else if (msg == NULL) {
1094 /*
1095 * Insufficient data received to finish building the message,
1096 * set RREQ and return NULL.
1097 *
1098 * Leave ioq->msg intact.
1099 * Leave the FIFO intact.
1100 */
1101 atomic_set_int(&iocom->flags, DMSG_IOCOMF_RREQ);
1102 } else {
1103 /*
1104 * Continue processing msg.
1105 *
1106 * The fifo has already been advanced past the message.
1107 * Trivially reset the FIFO indices if possible.
1108 *
1109 * clear the FIFO if it is now empty and set RREQ to wait
1110 * for more from the socket. If the FIFO is not empty set
1111 * TWORK to bypass the poll so we loop immediately.
1112 */
1113 if (ioq->fifo_beg == ioq->fifo_cdx &&
1114 ioq->fifo_cdn == ioq->fifo_end) {
1115 atomic_set_int(&iocom->flags, DMSG_IOCOMF_RREQ);
1116 ioq->fifo_cdx = 0;
1117 ioq->fifo_cdn = 0;
1118 ioq->fifo_beg = 0;
1119 ioq->fifo_end = 0;
1120 } else {
1121 atomic_set_int(&iocom->flags, DMSG_IOCOMF_RWORK);
1122 }
1123 ioq->state = DMSG_MSGQ_STATE_HEADER1;
1124 ioq->msg = NULL;
1125
1126 /*
1127 * Handle message routing. Validates non-zero sources
1128 * and routes message. Error will be 0 if the message is
1129 * destined for us.
1130 *
1131 * State processing only occurs for messages destined for us.
1132 */
1133 dmio_printf(iocom, 5,
1134 "rxmsg cmd=%08x circ=%016jx\n",
1135 msg->any.head.cmd,
1136 (intmax_t)msg->any.head.circuit);
1137
1138 error = dmsg_state_msgrx(msg, 0);
1139
1140 if (error) {
1141 /*
1142 * Abort-after-closure, throw message away and
1143 * start reading another.
1144 */
1145 if (error == DMSG_IOQ_ERROR_EALREADY) {
1146 dmsg_msg_free(msg);
1147 goto again;
1148 }
1149
1150 /*
1151 * Process real error and throw away message.
1152 */
1153 ioq->error = error;
1154 goto skip;
1155 }
1156
1157 /*
1158 * No error and not routed
1159 */
1160 /* no error, not routed. Fall through and return msg */
1161 }
1162 return (msg);
1163 }
1164
1165 /*
1166 * Calculate the header and data crc's and write a low-level message to
1167 * the connection. If aux_crc is non-zero the aux_data crc is already
1168 * assumed to have been set.
1169 *
1170 * A non-NULL msg is added to the queue but not necessarily flushed.
1171 * Calling this function with msg == NULL will get a flush going.
1172 *
1173 * (called from iocom_core only)
1174 */
1175 void
1176 dmsg_iocom_flush1(dmsg_iocom_t *iocom)
1177 {
1178 dmsg_ioq_t *ioq = &iocom->ioq_tx;
1179 dmsg_msg_t *msg;
1180 uint32_t xcrc32;
1181 size_t hbytes;
1182 size_t abytes;
1183 dmsg_msg_queue_t tmpq;
1184
1185 atomic_clear_int(&iocom->flags, DMSG_IOCOMF_WREQ | DMSG_IOCOMF_WWORK);
1186 TAILQ_INIT(&tmpq);
1187 pthread_mutex_lock(&iocom->mtx);
1188 while ((msg = TAILQ_FIRST(&iocom->txmsgq)) != NULL) {
1189 TAILQ_REMOVE(&iocom->txmsgq, msg, qentry);
1190 TAILQ_INSERT_TAIL(&tmpq, msg, qentry);
1191 }
1192 pthread_mutex_unlock(&iocom->mtx);
1193
1194 /*
1195 * Flush queue, doing all required encryption and CRC generation,
1196 * with the mutex unlocked.
1197 */
1198 while ((msg = TAILQ_FIRST(&tmpq)) != NULL) {
1199 /*
1200 * Process terminal connection errors.
1201 */
1202 TAILQ_REMOVE(&tmpq, msg, qentry);
1203 if (ioq->error) {
1204 TAILQ_INSERT_TAIL(&ioq->msgq, msg, qentry);
1205 ++ioq->msgcount;
1206 continue;
1207 }
1208
1209 /*
1210 * Finish populating the msg fields. The salt ensures that
1211 * the iv[] array is ridiculously randomized and we also
1212 * re-seed our PRNG every 32768 messages just to be sure.
1213 */
1214 msg->any.head.magic = DMSG_HDR_MAGIC;
1215 msg->any.head.salt = (random() << 8) | (ioq->seq & 255);
1216 ++ioq->seq;
1217 if ((ioq->seq & 32767) == 0) {
1218 pthread_mutex_lock(&iocom->mtx);
1219 srandomdev();
1220 pthread_mutex_unlock(&iocom->mtx);
1221 }
1222
1223 /*
1224 * Calculate aux_crc if 0, then calculate hdr_crc.
1225 */
1226 if (msg->aux_size && msg->any.head.aux_crc == 0) {
1227 abytes = DMSG_DOALIGN(msg->aux_size);
1228 xcrc32 = dmsg_icrc32(msg->aux_data, abytes);
1229 msg->any.head.aux_crc = xcrc32;
1230 }
1231 msg->any.head.aux_bytes = msg->aux_size;
1232
1233 hbytes = (msg->any.head.cmd & DMSGF_SIZE) *
1234 DMSG_ALIGN;
1235 msg->any.head.hdr_crc = 0;
1236 msg->any.head.hdr_crc = dmsg_icrc32(&msg->any.head, hbytes);
1237
1238 /*
1239 * Enqueue the message (the flush codes handles stream
1240 * encryption).
1241 */
1242 TAILQ_INSERT_TAIL(&ioq->msgq, msg, qentry);
1243 ++ioq->msgcount;
1244 }
1245 dmsg_iocom_flush2(iocom);
1246 }
1247
1248 /*
1249 * Thread localized, iocom->mtx not held by caller.
1250 *
1251 * (called from iocom_core via iocom_flush1 only)
1252 */
1253 void
1254 dmsg_iocom_flush2(dmsg_iocom_t *iocom)
1255 {
1256 dmsg_ioq_t *ioq = &iocom->ioq_tx;
1257 dmsg_msg_t *msg;
1258 ssize_t n;
1259 struct iovec iov[DMSG_IOQ_MAXIOVEC];
1260 size_t nact;
1261 size_t hbytes;
1262 size_t abytes;
1263 size_t hoff;
1264 size_t aoff;
1265 int iovcnt;
1266 int save_errno;
1267
1268 if (ioq->error) {
1269 dmsg_iocom_drain(iocom);
1270 return;
1271 }
1272
1273 /*
1274 * Pump messages out the connection by building an iovec.
1275 *
1276 * ioq->hbytes/ioq->abytes tracks how much of the first message
1277 * in the queue has been successfully written out, so we can
1278 * resume writing.
1279 */
1280 iovcnt = 0;
1281 nact = 0;
1282 hoff = ioq->hbytes;
1283 aoff = ioq->abytes;
1284
1285 TAILQ_FOREACH(msg, &ioq->msgq, qentry) {
1286 hbytes = (msg->any.head.cmd & DMSGF_SIZE) *
1287 DMSG_ALIGN;
1288 abytes = DMSG_DOALIGN(msg->aux_size);
1289 assert(hoff <= hbytes && aoff <= abytes);
1290
1291 if (hoff < hbytes) {
1292 size_t maxlen = hbytes - hoff;
1293 if (maxlen > sizeof(ioq->buf) / 2)
1294 maxlen = sizeof(ioq->buf) / 2;
1295 iov[iovcnt].iov_base = (char *)&msg->any.head + hoff;
1296 iov[iovcnt].iov_len = maxlen;
1297 nact += maxlen;
1298 ++iovcnt;
1299 if (iovcnt == DMSG_IOQ_MAXIOVEC ||
1300 maxlen != hbytes - hoff) {
1301 break;
1302 }
1303 }
1304 if (aoff < abytes) {
1305 size_t maxlen = abytes - aoff;
1306 if (maxlen > sizeof(ioq->buf) / 2)
1307 maxlen = sizeof(ioq->buf) / 2;
1308
1309 assert(msg->aux_data != NULL);
1310 iov[iovcnt].iov_base = (char *)msg->aux_data + aoff;
1311 iov[iovcnt].iov_len = maxlen;
1312 nact += maxlen;
1313 ++iovcnt;
1314 if (iovcnt == DMSG_IOQ_MAXIOVEC ||
1315 maxlen != abytes - aoff) {
1316 break;
1317 }
1318 }
1319 hoff = 0;
1320 aoff = 0;
1321 }
1322
1323 /*
1324 * Shortcut if no work to do. Be sure to check for old work still
1325 * pending in the FIFO.
1326 */
1327 if (iovcnt == 0 && ioq->fifo_beg == ioq->fifo_cdx)
1328 return;
1329
1330 /*
1331 * Encrypt and write the data. The crypto code will move the
1332 * data into the fifo and adjust the iov as necessary. If
1333 * encryption is disabled the iov is left alone.
1334 *
1335 * May return a smaller iov (thus a smaller n), with aggregated
1336 * chunks. May reduce nmax to what fits in the FIFO.
1337 *
1338 * This function sets nact to the number of original bytes now
1339 * encrypted, adding to the FIFO some number of bytes that might
1340 * be greater depending on the crypto mechanic. iov[] is adjusted
1341 * to point at the FIFO if necessary.
1342 *
1343 * NOTE: nact is the number of bytes eaten from the message. For
1344 * encrypted data this is the number of bytes processed for
1345 * encryption and not necessarily the number of bytes writable.
1346 * The return value from the writev() is the post-encrypted
1347 * byte count which might be larger.
1348 *
1349 * NOTE: For direct writes, nact is the return value from the writev().
1350 */
1351 if (iocom->flags & DMSG_IOCOMF_CRYPTED) {
1352 /*
1353 * Make sure the FIFO has a reasonable amount of space
1354 * left (if not completely full).
1355 *
1356 * In this situation we are staging the encrypted message
1357 * data in the FIFO. (nact) represents how much plaintext
1358 * has been staged, (n) represents how much encrypted data
1359 * has been flushed. The two are independent of each other.
1360 */
1361 if (ioq->fifo_beg > sizeof(ioq->buf) / 2 &&
1362 sizeof(ioq->buf) - ioq->fifo_end < DMSG_ALIGN * 2) {
1363 bcopy(ioq->buf + ioq->fifo_beg, ioq->buf,
1364 ioq->fifo_end - ioq->fifo_beg);
1365 ioq->fifo_cdx -= ioq->fifo_beg;
1366 ioq->fifo_cdn -= ioq->fifo_beg;
1367 ioq->fifo_end -= ioq->fifo_beg;
1368 ioq->fifo_beg = 0;
1369 }
1370
1371 /*
1372 * beg .... cdx ............ cdn ............. end
1373 * [WRITABLE] [PARTIALENCRYPT] [NOTYETENCRYPTED]
1374 *
1375 * Advance fifo_beg on a successful write.
1376 */
1377 iovcnt = dmsg_crypto_encrypt(iocom, ioq, iov, iovcnt, &nact);
1378 n = writev(iocom->sock_fd, iov, iovcnt);
1379 save_errno = errno;
1380 if (n > 0) {
1381 ioq->fifo_beg += n;
1382 if (ioq->fifo_beg == ioq->fifo_end) {
1383 ioq->fifo_beg = 0;
1384 ioq->fifo_cdn = 0;
1385 ioq->fifo_cdx = 0;
1386 ioq->fifo_end = 0;
1387 }
1388 }
1389
1390 /*
1391 * We don't mess with the nact returned by the crypto_encrypt
1392 * call, which represents the filling of the FIFO. (n) tells
1393 * us how much we were able to write from the FIFO. The two
1394 * are different beasts when encrypting.
1395 */
1396 } else {
1397 /*
1398 * In this situation we are not staging the messages to the
1399 * FIFO but instead writing them directly from the msg
1400 * structure(s) unencrypted, so (nact) is basically (n).
1401 */
1402 n = writev(iocom->sock_fd, iov, iovcnt);
1403 save_errno = errno;
1404 if (n > 0)
1405 nact = n;
1406 else
1407 nact = 0;
1408 }
1409
1410 /*
1411 * Clean out the transmit queue based on what we successfully
1412 * encrypted (nact is the plaintext count) and is now in the FIFO.
1413 * ioq->hbytes/abytes represents the portion of the first message
1414 * previously sent.
1415 */
1416 while ((msg = TAILQ_FIRST(&ioq->msgq)) != NULL) {
1417 hbytes = (msg->any.head.cmd & DMSGF_SIZE) *
1418 DMSG_ALIGN;
1419 abytes = DMSG_DOALIGN(msg->aux_size);
1420
1421 if ((size_t)nact < hbytes - ioq->hbytes) {
1422 ioq->hbytes += nact;
1423 nact = 0;
1424 break;
1425 }
1426 nact -= hbytes - ioq->hbytes;
1427 ioq->hbytes = hbytes;
1428 if ((size_t)nact < abytes - ioq->abytes) {
1429 ioq->abytes += nact;
1430 nact = 0;
1431 break;
1432 }
1433 nact -= abytes - ioq->abytes;
1434 /* ioq->abytes = abytes; optimized out */
1435
1436 dmio_printf(iocom, 5,
1437 "txmsg cmd=%08x circ=%016jx\n",
1438 msg->any.head.cmd,
1439 (intmax_t)msg->any.head.circuit);
1440
1441 #ifdef DMSG_BLOCK_DEBUG
1442 uint32_t tcmd;
1443
1444 if (msg->any.head.cmd & (DMSGF_CREATE | DMSGF_DELETE)) {
1445 if ((msg->state->flags & DMSG_STATE_ROOT) == 0) {
1446 tcmd = (msg->state->icmd & DMSGF_BASECMDMASK) |
1447 (msg->any.head.cmd & (DMSGF_CREATE |
1448 DMSGF_DELETE |
1449 DMSGF_REPLY));
1450 } else {
1451 tcmd = 0;
1452 }
1453 } else {
1454 tcmd = msg->any.head.cmd & DMSGF_CMDSWMASK;
1455 }
1456
1457 switch (tcmd) {
1458 case DMSG_BLK_READ | DMSGF_CREATE | DMSGF_DELETE:
1459 case DMSG_BLK_WRITE | DMSGF_CREATE | DMSGF_DELETE:
1460 dmio_printf(iocom, 4,
1461 "write BIO %-3d %016jx %d@%016jx\n",
1462 biocount, msg->any.head.msgid,
1463 msg->any.blk_read.bytes,
1464 msg->any.blk_read.offset);
1465 break;
1466 case DMSG_BLK_READ | DMSGF_CREATE | DMSGF_DELETE | DMSGF_REPLY:
1467 case DMSG_BLK_WRITE | DMSGF_CREATE | DMSGF_DELETE | DMSGF_REPLY:
1468 dmio_printf(iocom, 4,
1469 "wretr BIO %-3d %016jx %d@%016jx\n",
1470 biocount, msg->any.head.msgid,
1471 msg->any.blk_read.bytes,
1472 msg->any.blk_read.offset);
1473 break;
1474 default:
1475 break;
1476 }
1477 #endif
1478
1479 TAILQ_REMOVE(&ioq->msgq, msg, qentry);
1480 --ioq->msgcount;
1481 ioq->hbytes = 0;
1482 ioq->abytes = 0;
1483 dmsg_msg_free(msg);
1484 }
1485 assert(nact == 0);
1486
1487 /*
1488 * Process the return value from the write w/regards to blocking.
1489 */
1490 if (n < 0) {
1491 if (save_errno != EINTR &&
1492 save_errno != EINPROGRESS &&
1493 save_errno != EAGAIN) {
1494 /*
1495 * Fatal write error
1496 */
1497 ioq->error = DMSG_IOQ_ERROR_SOCK;
1498 dmsg_iocom_drain(iocom);
1499 } else {
1500 /*
1501 * Wait for socket buffer space, do not try to
1502 * process more packets for transmit until space
1503 * is available.
1504 */
1505 atomic_set_int(&iocom->flags, DMSG_IOCOMF_WREQ);
1506 }
1507 } else if (TAILQ_FIRST(&ioq->msgq) ||
1508 TAILQ_FIRST(&iocom->txmsgq) ||
1509 ioq->fifo_beg != ioq->fifo_cdx) {
1510 /*
1511 * If the write succeeded and more messages are pending
1512 * in either msgq, or the FIFO WWORK must remain set.
1513 */
1514 atomic_set_int(&iocom->flags, DMSG_IOCOMF_WWORK);
1515 }
1516 /* else no transmit-side work remains */
1517
1518 if (ioq->error) {
1519 dmsg_iocom_drain(iocom);
1520 }
1521 }
1522
1523 /*
1524 * Kill pending msgs on ioq_tx and adjust the flags such that no more
1525 * write events will occur. We don't kill read msgs because we want
1526 * the caller to pull off our contrived terminal error msg to detect
1527 * the connection failure.
1528 *
1529 * Localized to iocom_core thread, iocom->mtx not held by caller.
1530 */
1531 void
1532 dmsg_iocom_drain(dmsg_iocom_t *iocom)
1533 {
1534 dmsg_ioq_t *ioq = &iocom->ioq_tx;
1535 dmsg_msg_t *msg;
1536
1537 atomic_clear_int(&iocom->flags, DMSG_IOCOMF_WREQ | DMSG_IOCOMF_WWORK);
1538 ioq->hbytes = 0;
1539 ioq->abytes = 0;
1540
1541 while ((msg = TAILQ_FIRST(&ioq->msgq)) != NULL) {
1542 TAILQ_REMOVE(&ioq->msgq, msg, qentry);
1543 --ioq->msgcount;
1544 dmsg_msg_free(msg);
1545 }
1546 }
1547
1548 /*
1549 * Write a message to an iocom, with additional state processing.
1550 */
1551 void
1552 dmsg_msg_write(dmsg_msg_t *msg)
1553 {
1554 dmsg_iocom_t *iocom = msg->state->iocom;
1555 dmsg_state_t *state;
1556 char dummy;
1557
1558 pthread_mutex_lock(&iocom->mtx);
1559 state = msg->state;
1560
1561 dmio_printf(iocom, 5,
1562 "msgtx: cmd=%08x msgid=%016jx "
1563 "state %p(%08x) error=%d\n",
1564 msg->any.head.cmd, msg->any.head.msgid,
1565 state, (state ? state->icmd : 0),
1566 msg->any.head.error);
1567
1568
1569 #if 0
1570 /*
1571 * Make sure the parent transaction is still open in the transmit
1572 * direction. If it isn't the message is dead and we have to
1573 * potentially simulate a rxmsg terminating the transaction.
1574 */
1575 if ((state->parent->txcmd & DMSGF_DELETE) ||
1576 (state->parent->rxcmd & DMSGF_DELETE)) {
1577 dmio_printf(iocom, 4, "dmsg_msg_write: EARLY TERMINATION\n");
1578 dmsg_simulate_failure(state, DMSG_ERR_LOSTLINK);
1579 dmsg_state_cleanuptx(iocom, msg);
1580 dmsg_msg_free(msg);
1581 pthread_mutex_unlock(&iocom->mtx);
1582 return;
1583 }
1584 #endif
1585 /*
1586 * Process state data into the message as needed, then update the
1587 * state based on the message.
1588 */
1589 if ((state->flags & DMSG_STATE_ROOT) == 0) {
1590 /*
1591 * Existing transaction (could be reply). It is also
1592 * possible for this to be the first reply (CREATE is set),
1593 * in which case we populate state->txcmd.
1594 *
1595 * state->txcmd is adjusted to hold the final message cmd,
1596 * and we also be sure to set the CREATE bit here. We did
1597 * not set it in dmsg_msg_alloc() because that would have
1598 * not been serialized (state could have gotten ripped out
1599 * from under the message prior to it being transmitted).
1600 */
1601 if ((msg->any.head.cmd & (DMSGF_CREATE | DMSGF_REPLY)) ==
1602 DMSGF_CREATE) {
1603 state->txcmd = msg->any.head.cmd & ~DMSGF_DELETE;
1604 state->icmd = state->txcmd & DMSGF_BASECMDMASK;
1605 state->flags &= ~DMSG_STATE_NEW;
1606 }
1607 msg->any.head.msgid = state->msgid;
1608
1609 if (msg->any.head.cmd & DMSGF_CREATE) {
1610 state->txcmd = msg->any.head.cmd & ~DMSGF_DELETE;
1611 }
1612 }
1613
1614 /*
1615 * Discard messages sent to transactions which are already dead.
1616 */
1617 if (state && (state->txcmd & DMSGF_DELETE)) {
1618 dmio_printf(iocom, 4,
1619 "dmsg_msg_write: drop msg %08x to dead "
1620 "circuit state=%p\n",
1621 msg->any.head.cmd, state);
1622 dmsg_msg_free(msg);
1623 return;
1624 }
1625
1626 /*
1627 * Normally we queue the msg for output. However, if the circuit is
1628 * dead or dying we must simulate a failure in the return direction
1629 * and throw the message away. The other end is not expecting any
1630 * further messages from us on this state.
1631 *
1632 * Note that the I/O thread is responsible for generating the CRCs
1633 * and encryption.
1634 */
1635 if (state->flags & DMSG_STATE_DYING) {
1636 #if 0
1637 if ((state->parent->txcmd & DMSGF_DELETE) ||
1638 (state->parent->flags & DMSG_STATE_DYING) ||
1639 (state->flags & DMSG_STATE_DYING)) {
1640 #endif
1641 /*
1642 * Illegal message, kill state and related sub-state.
1643 * Cannot transmit if state is already dying.
1644 */
1645 dmio_printf(iocom, 4,
1646 "dmsg_msg_write: Write to dying circuit "
1647 "ptxcmd=%08x prxcmd=%08x flags=%08x\n",
1648 state->parent->rxcmd,
1649 state->parent->txcmd,
1650 state->parent->flags);
1651 dmsg_state_hold(state);
1652 dmsg_state_cleanuptx(iocom, msg);
1653 if ((state->flags & DMSG_STATE_ABORTING) == 0) {
1654 dmsg_simulate_failure(state, 1, DMSG_ERR_LOSTLINK);
1655 }
1656 dmsg_state_drop(state);
1657 dmsg_msg_free(msg);
1658 } else {
1659 /*
1660 * Queue the message, clean up transmit state prior to queueing
1661 * to avoid SMP races.
1662 */
1663 dmio_printf(iocom, 5,
1664 "dmsg_msg_write: commit msg state=%p to txkmsgq\n",
1665 state);
1666 dmsg_state_cleanuptx(iocom, msg);
1667 TAILQ_INSERT_TAIL(&iocom->txmsgq, msg, qentry);
1668 dummy = 0;
1669 write(iocom->wakeupfds[1], &dummy, 1); /* XXX optimize me */
1670 }
1671 pthread_mutex_unlock(&iocom->mtx);
1672 }
1673
1674 /*
1675 * Remove state from its parent's subq. This can wind up recursively
1676 * dropping the parent upward.
1677 *
1678 * NOTE: iocom must be locked.
1679 *
1680 * NOTE: Once we drop the parent, our pstate pointer may become invalid.
1681 */
1682 static
1683 void
1684 dmsg_subq_delete(dmsg_state_t *state)
1685 {
1686 dmsg_state_t *pstate;
1687
1688 if (state->flags & DMSG_STATE_SUBINSERTED) {
1689 pstate = state->parent;
1690 assert(pstate);
1691 if (pstate->scan == state)
1692 pstate->scan = NULL;
1693 TAILQ_REMOVE(&pstate->subq, state, entry);
1694 state->flags &= ~DMSG_STATE_SUBINSERTED;
1695 state->parent = NULL;
1696 if (TAILQ_EMPTY(&pstate->subq))
1697 dmsg_state_drop(pstate);/* pstate->subq */
1698 pstate = NULL; /* safety */
1699 dmsg_state_drop(state); /* pstate->subq */
1700 } else {
1701 assert(state->parent == NULL);
1702 }
1703 }
1704
1705 /*
1706 * Simulate reception of a transaction DELETE message when the link goes
1707 * bad. This routine must recurse through state->subq and generate messages
1708 * and callbacks bottom-up.
1709 *
1710 * iocom->mtx must be held by caller.
1711 */
1712 static
1713 void
1714 dmsg_simulate_failure(dmsg_state_t *state, int meto, int error)
1715 {
1716 dmsg_state_t *substate;
1717
1718 dmsg_state_hold(state);
1719 if (meto)
1720 dmsg_state_abort(state);
1721
1722 /*
1723 * Recurse through sub-states.
1724 */
1725 again:
1726 TAILQ_FOREACH(substate, &state->subq, entry) {
1727 if (substate->flags & DMSG_STATE_ABORTING)
1728 continue;
1729 state->scan = substate;
1730 dmsg_simulate_failure(substate, 1, error);
1731 if (state->scan != substate)
1732 goto again;
1733 }
1734
1735 dmsg_state_drop(state);
1736 }
1737
1738 static
1739 void
1740 dmsg_state_abort(dmsg_state_t *state)
1741 {
1742 dmsg_iocom_t *iocom;
1743 dmsg_msg_t *msg;
1744
1745 /*
1746 * Set ABORTING and DYING, return if already set. If the state was
1747 * just allocated we defer the abort operation until the related
1748 * message is processed.
1749 */
1750 if (state->flags & DMSG_STATE_ABORTING)
1751 return;
1752 state->flags |= DMSG_STATE_ABORTING;
1753 dmsg_state_dying(state);
1754 if (state->flags & DMSG_STATE_NEW) {
1755 dmio_printf(iocom, 4,
1756 "dmsg_state_abort(0): state %p rxcmd %08x "
1757 "txcmd %08x flags %08x - in NEW state\n",
1758 state, state->rxcmd,
1759 state->txcmd, state->flags);
1760 return;
1761 }
1762
1763 /*
1764 * Simulate parent state failure before child states. Device
1765 * drivers need to understand this and flag the situation but might
1766 * have asynchronous operations in progress that they cannot stop.
1767 * To make things easier, parent states will not actually disappear
1768 * until the children are all gone.
1769 */
1770 if ((state->rxcmd & DMSGF_DELETE) == 0) {
1771 dmio_printf(iocom, 5,
1772 "dmsg_state_abort() on state %p\n",
1773 state);
1774 msg = dmsg_msg_alloc_locked(state, 0, DMSG_LNK_ERROR,
1775 NULL, NULL);
1776 if ((state->rxcmd & DMSGF_CREATE) == 0)
1777 msg->any.head.cmd |= DMSGF_CREATE;
1778 msg->any.head.cmd |= DMSGF_DELETE |
1779 (state->rxcmd & DMSGF_REPLY);
1780 msg->any.head.cmd ^= (DMSGF_REVTRANS | DMSGF_REVCIRC);
1781 msg->any.head.error = DMSG_ERR_LOSTLINK;
1782 msg->any.head.cmd |= DMSGF_ABORT;
1783
1784 /*
1785 * Issue callback synchronously even though this isn't
1786 * the receiver thread. We need to issue the callback
1787 * before removing state from the subq in order to allow
1788 * the callback to reply.
1789 */
1790 iocom = state->iocom;
1791 dmsg_state_msgrx(msg, 1);
1792 pthread_mutex_unlock(&iocom->mtx);
1793 iocom->rcvmsg_callback(msg);
1794 pthread_mutex_lock(&iocom->mtx);
1795 dmsg_state_cleanuprx(iocom, msg);
1796 #if 0
1797 TAILQ_INSERT_TAIL(&iocom->ioq_rx.msgq, msg, qentry);
1798 atomic_set_int(&iocom->flags, DMSG_IOCOMF_RWORK);
1799 #endif
1800 }
1801 }
1802
1803
1804 /*
1805 * Recursively sets DMSG_STATE_DYING on state and all sub-states, preventing
1806 * the transmission of any new messages on these states. This is done
1807 * atomically when parent state is terminating, whereas setting ABORTING is
1808 * not atomic and can leak races.
1809 */
1810 static
1811 void
1812 dmsg_state_dying(dmsg_state_t *state)
1813 {
1814 dmsg_state_t *scan;
1815
1816 if ((state->flags & DMSG_STATE_DYING) == 0) {
1817 state->flags |= DMSG_STATE_DYING;
1818 TAILQ_FOREACH(scan, &state->subq, entry)
1819 dmsg_state_dying(scan);
1820 }
1821 }
1822
1823 /*
1824 * This is a shortcut to formulate a reply to msg with a simple error code,
1825 * It can reply to and terminate a transaction, or it can reply to a one-way
1826 * messages. A DMSG_LNK_ERROR command code is utilized to encode
1827 * the error code (which can be 0). Not all transactions are terminated
1828 * with DMSG_LNK_ERROR status (the low level only cares about the
1829 * MSGF_DELETE flag), but most are.
1830 *
1831 * Replies to one-way messages are a bit of an oxymoron but the feature
1832 * is used by the debug (DBG) protocol.
1833 *
1834 * The reply contains no extended data.
1835 */
1836 void
1837 dmsg_msg_reply(dmsg_msg_t *msg, uint32_t error)
1838 {
1839 dmsg_state_t *state = msg->state;
1840 dmsg_msg_t *nmsg;
1841 uint32_t cmd;
1842
1843 /*
1844 * Reply with a simple error code and terminate the transaction.
1845 */
1846 cmd = DMSG_LNK_ERROR;
1847
1848 /*
1849 * Check if our direction has even been initiated yet, set CREATE.
1850 *
1851 * Check what direction this is (command or reply direction). Note
1852 * that txcmd might not have been initiated yet.
1853 *
1854 * If our direction has already been closed we just return without
1855 * doing anything.
1856 */
1857 if ((state->flags & DMSG_STATE_ROOT) == 0) {
1858 if (state->txcmd & DMSGF_DELETE)
1859 return;
1860 if (state->txcmd & DMSGF_REPLY)
1861 cmd |= DMSGF_REPLY;
1862 cmd |= DMSGF_DELETE;
1863 } else {
1864 if ((msg->any.head.cmd & DMSGF_REPLY) == 0)
1865 cmd |= DMSGF_REPLY;
1866 }
1867
1868 /*
1869 * Allocate the message and associate it with the existing state.
1870 * We cannot pass DMSGF_CREATE to msg_alloc() because that may
1871 * allocate new state. We have our state already.
1872 */
1873 nmsg = dmsg_msg_alloc(state, 0, cmd, NULL, NULL);
1874 if ((state->flags & DMSG_STATE_ROOT) == 0) {
1875 if ((state->txcmd & DMSGF_CREATE) == 0)
1876 nmsg->any.head.cmd |= DMSGF_CREATE;
1877 }
1878 nmsg->any.head.error = error;
1879
1880 dmsg_msg_write(nmsg);
1881 }
1882
1883 /*
1884 * Similar to dmsg_msg_reply() but leave the transaction open. That is,
1885 * we are generating a streaming reply or an intermediate acknowledgement
1886 * of some sort as part of the higher level protocol, with more to come
1887 * later.
1888 */
1889 void
1890 dmsg_msg_result(dmsg_msg_t *msg, uint32_t error)
1891 {
1892 dmsg_state_t *state = msg->state;
1893 dmsg_msg_t *nmsg;
1894 uint32_t cmd;
1895
1896
1897 /*
1898 * Reply with a simple error code and terminate the transaction.
1899 */
1900 cmd = DMSG_LNK_ERROR;
1901
1902 /*
1903 * Check if our direction has even been initiated yet, set CREATE.
1904 *
1905 * Check what direction this is (command or reply direction). Note
1906 * that txcmd might not have been initiated yet.
1907 *
1908 * If our direction has already been closed we just return without
1909 * doing anything.
1910 */
1911 if ((state->flags & DMSG_STATE_ROOT) == 0) {
1912 if (state->txcmd & DMSGF_DELETE)
1913 return;
1914 if (state->txcmd & DMSGF_REPLY)
1915 cmd |= DMSGF_REPLY;
1916 /* continuing transaction, do not set MSGF_DELETE */
1917 } else {
1918 if ((msg->any.head.cmd & DMSGF_REPLY) == 0)
1919 cmd |= DMSGF_REPLY;
1920 }
1921 nmsg = dmsg_msg_alloc(state, 0, cmd, NULL, NULL);
1922 if ((state->flags & DMSG_STATE_ROOT) == 0) {
1923 if ((state->txcmd & DMSGF_CREATE) == 0)
1924 nmsg->any.head.cmd |= DMSGF_CREATE;
1925 }
1926 nmsg->any.head.error = error;
1927
1928 dmsg_msg_write(nmsg);
1929 }
1930
1931 /*
1932 * Terminate a transaction given a state structure by issuing a DELETE.
1933 * (the state structure must not be &iocom->state0)
1934 */
1935 void
1936 dmsg_state_reply(dmsg_state_t *state, uint32_t error)
1937 {
1938 dmsg_msg_t *nmsg;
1939 uint32_t cmd = DMSG_LNK_ERROR | DMSGF_DELETE;
1940
1941 /*
1942 * Nothing to do if we already transmitted a delete
1943 */
1944 if (state->txcmd & DMSGF_DELETE)
1945 return;
1946
1947 /*
1948 * Set REPLY if the other end initiated the command. Otherwise
1949 * we are the command direction.
1950 */
1951 if (state->txcmd & DMSGF_REPLY)
1952 cmd |= DMSGF_REPLY;
1953
1954 nmsg = dmsg_msg_alloc(state, 0, cmd, NULL, NULL);
1955 if ((state->flags & DMSG_STATE_ROOT) == 0) {
1956 if ((state->txcmd & DMSGF_CREATE) == 0)
1957 nmsg->any.head.cmd |= DMSGF_CREATE;
1958 }
1959 nmsg->any.head.error = error;
1960 dmsg_msg_write(nmsg);
1961 }
1962
1963 /*
1964 * Terminate a transaction given a state structure by issuing a DELETE.
1965 * (the state structure must not be &iocom->state0)
1966 */
1967 void
1968 dmsg_state_result(dmsg_state_t *state, uint32_t error)
1969 {
1970 dmsg_msg_t *nmsg;
1971 uint32_t cmd = DMSG_LNK_ERROR;
1972
1973 /*
1974 * Nothing to do if we already transmitted a delete
1975 */
1976 if (state->txcmd & DMSGF_DELETE)
1977 return;
1978
1979 /*
1980 * Set REPLY if the other end initiated the command. Otherwise
1981 * we are the command direction.
1982 */
1983 if (state->txcmd & DMSGF_REPLY)
1984 cmd |= DMSGF_REPLY;
1985
1986 nmsg = dmsg_msg_alloc(state, 0, cmd, NULL, NULL);
1987 if ((state->flags & DMSG_STATE_ROOT) == 0) {
1988 if ((state->txcmd & DMSGF_CREATE) == 0)
1989 nmsg->any.head.cmd |= DMSGF_CREATE;
1990 }
1991 nmsg->any.head.error = error;
1992 dmsg_msg_write(nmsg);
1993 }
1994
1995 /************************************************************************
1996 * TRANSACTION STATE HANDLING *
1997 ************************************************************************
1998 *
1999 */
2000
2001 /*
2002 * Process state tracking for a message after reception, prior to execution.
2003 * Possibly route the message (consuming it).
2004 *
2005 * Called with msglk held and the msg dequeued.
2006 *
2007 * All messages are called with dummy state and return actual state.
2008 * (One-off messages often just return the same dummy state).
2009 *
2010 * May request that caller discard the message by setting *discardp to 1.
2011 * The returned state is not used in this case and is allowed to be NULL.
2012 *
2013 * --
2014 *
2015 * These routines handle persistent and command/reply message state via the
2016 * CREATE and DELETE flags. The first message in a command or reply sequence
2017 * sets CREATE, the last message in a command or reply sequence sets DELETE.
2018 *
2019 * There can be any number of intermediate messages belonging to the same
2020 * sequence sent inbetween the CREATE message and the DELETE message,
2021 * which set neither flag. This represents a streaming command or reply.
2022 *
2023 * Any command message received with CREATE set expects a reply sequence to
2024 * be returned. Reply sequences work the same as command sequences except the
2025 * REPLY bit is also sent. Both the command side and reply side can
2026 * degenerate into a single message with both CREATE and DELETE set. Note
2027 * that one side can be streaming and the other side not, or neither, or both.
2028 *
2029 * The msgid is unique for the initiator. That is, two sides sending a new
2030 * message can use the same msgid without colliding.
2031 *
2032 * --
2033 *
2034 * The message may be running over a circuit. If the circuit is half-deleted
2035 * The message is typically racing against a link failure and must be thrown
2036 * out. As the circuit deletion propagates the library will automatically
2037 * generate terminations for sub states.
2038 *
2039 * --
2040 *
2041 * ABORT sequences work by setting the ABORT flag along with normal message
2042 * state. However, ABORTs can also be sent on half-closed messages, that is
2043 * even if the command or reply side has already sent a DELETE, as long as
2044 * the message has not been fully closed it can still send an ABORT+DELETE
2045 * to terminate the half-closed message state.
2046 *
2047 * Since ABORT+DELETEs can race we silently discard ABORT's for message
2048 * state which has already been fully closed. REPLY+ABORT+DELETEs can
2049 * also race, and in this situation the other side might have already
2050 * initiated a new unrelated command with the same message id. Since
2051 * the abort has not set the CREATE flag the situation can be detected
2052 * and the message will also be discarded.
2053 *
2054 * Non-blocking requests can be initiated with ABORT+CREATE[+DELETE].
2055 * The ABORT request is essentially integrated into the command instead
2056 * of being sent later on. In this situation the command implementation
2057 * detects that CREATE and ABORT are both set (vs ABORT alone) and can
2058 * special-case non-blocking operation for the command.
2059 *
2060 * NOTE! Messages with ABORT set without CREATE or DELETE are considered
2061 * to be mid-stream aborts for command/reply sequences. ABORTs on
2062 * one-way messages are not supported.
2063 *
2064 * NOTE! If a command sequence does not support aborts the ABORT flag is
2065 * simply ignored.
2066 *
2067 * --
2068 *
2069 * One-off messages (no reply expected) are sent without an established
2070 * transaction. CREATE and DELETE are left clear and the msgid is usually 0.
2071 * For one-off messages sent over circuits msgid generally MUST be 0.
2072 *
2073 * One-off messages cannot be aborted and typically aren't processed
2074 * by these routines. Order is still guaranteed for messages sent over
2075 * the same circuit. The REPLY bit can be used to distinguish whether
2076 * a one-off message is a command or reply. For example, one-off replies
2077 * will typically just contain status updates.
2078 */
2079 static int
2080 dmsg_state_msgrx(dmsg_msg_t *msg, int mstate)
2081 {
2082 dmsg_iocom_t *iocom = msg->state->iocom;
2083 dmsg_state_t *state;
2084 dmsg_state_t *pstate;
2085 dmsg_state_t sdummy;
2086 int error;
2087
2088 pthread_mutex_lock(&iocom->mtx);
2089
2090 if (DMsgDebugOpt) {
2091 dmio_printf(iocom, 5,
2092 "msgrx: cmd=%08x msgid=%016jx "
2093 "circuit=%016jx error=%d\n",
2094 msg->any.head.cmd,
2095 msg->any.head.msgid,
2096 msg->any.head.circuit,
2097 msg->any.head.error);
2098 }
2099
2100 /*
2101 * Lookup the circuit (pstate). The circuit will be an open
2102 * transaction. The REVCIRC bit in the message tells us which side
2103 * initiated it.
2104 *
2105 * If mstate is non-zero the state has already been incorporated
2106 * into the message as part of a simulated abort. Note that in this
2107 * situation the parent state may have already been removed from
2108 * the RBTREE.
2109 */
2110 if (mstate) {
2111 pstate = msg->state->parent;
2112 } else if (msg->any.head.circuit) {
2113 sdummy.msgid = msg->any.head.circuit;
2114
2115 if (msg->any.head.cmd & DMSGF_REVCIRC) {
2116 pstate = RB_FIND(dmsg_state_tree,
2117 &iocom->statewr_tree,
2118 &sdummy);
2119 } else {
2120 pstate = RB_FIND(dmsg_state_tree,
2121 &iocom->staterd_tree,
2122 &sdummy);
2123 }
2124
2125 /*
2126 * If we cannot find the circuit throw the message away.
2127 * The state will have already been taken care of by
2128 * the simulated failure code. This case can occur due
2129 * to a failure propagating in one direction crossing a
2130 * request on the failed circuit propagating in the other
2131 * direction.
2132 */
2133 if (pstate == NULL) {
2134 dmio_printf(iocom, 4,
2135 "missing parent in stacked trans %s\n",
2136 dmsg_msg_str(msg));
2137 pthread_mutex_unlock(&iocom->mtx);
2138 error = DMSG_IOQ_ERROR_EALREADY;
2139
2140 return error;
2141 }
2142 } else {
2143 pstate = &iocom->state0;
2144 }
2145 /* WARNING: pstate not (yet) refd */
2146
2147 /*
2148 * Lookup the msgid.
2149 *
2150 * If mstate is non-zero the state has already been incorporated
2151 * into the message as part of a simulated abort. Note that in this
2152 * situation the state may have already been removed from the RBTREE.
2153 *
2154 * If received msg is a command state is on staterd_tree.
2155 * If received msg is a reply state is on statewr_tree.
2156 * Otherwise there is no state (retain &iocom->state0)
2157 */
2158 if (mstate) {
2159 state = msg->state;
2160 } else {
2161 sdummy.msgid = msg->any.head.msgid;
2162 if (msg->any.head.cmd & DMSGF_REVTRANS) {
2163 state = RB_FIND(dmsg_state_tree,
2164 &iocom->statewr_tree, &sdummy);
2165 } else {
2166 state = RB_FIND(dmsg_state_tree,
2167 &iocom->staterd_tree, &sdummy);
2168 }
2169 }
2170
2171 if (DMsgDebugOpt) {
2172 dmio_printf(iocom, 5, "msgrx:\tstate %p(%08x)",
2173 state, (state ? state->icmd : 0));
2174 if (pstate != &iocom->state0) {
2175 dmio_printf(iocom, 5,
2176 " pstate %p(%08x)",
2177 pstate, pstate->icmd);
2178 }
2179 dmio_printf(iocom, 5, "%s\n", "");
2180 }
2181
2182 if (mstate) {
2183 /* state already assigned to msg */
2184 } else if (state) {
2185 /*
2186 * Message over an existing transaction (CREATE should not
2187 * be set).
2188 */
2189 dmsg_state_drop(msg->state);
2190 dmsg_state_hold(state);
2191 msg->state = state;
2192 assert(pstate == state->parent);
2193 } else {
2194 /*
2195 * Either a new transaction (if CREATE set) or a one-off.
2196 */
2197 state = pstate;
2198 }
2199
2200 /*
2201 * Switch on CREATE, DELETE, REPLY, and also handle ABORT from
2202 * inside the case statements.
2203 *
2204 * Construct new state as necessary.
2205 */
2206 switch(msg->any.head.cmd & (DMSGF_CREATE | DMSGF_DELETE |
2207 DMSGF_REPLY)) {
2208 case DMSGF_CREATE:
2209 case DMSGF_CREATE | DMSGF_DELETE:
2210 /*
2211 * Create new sub-transaction under pstate.
2212 * (any DELETE is handled in post-processing of msg).
2213 *
2214 * (During routing the msgid was made unique for this
2215 * direction over the comlink, so our RB trees can be
2216 * iocom-based instead of state-based).
2217 */
2218 if (state != pstate) {
2219 dmio_printf(iocom, 2,
2220 "duplicate transaction %s\n",
2221 dmsg_msg_str(msg));
2222 error = DMSG_IOQ_ERROR_TRANS;
2223 assert(0);
2224 break;
2225 }
2226
2227 /*
2228 * Allocate the new state.
2229 */
2230 state = malloc(sizeof(*state));
2231 bzero(state, sizeof(*state));
2232 atomic_add_int(&dmsg_state_count, 1);
2233
2234 TAILQ_INIT(&state->subq);
2235 dmsg_state_hold(pstate);
2236 state->parent = pstate;
2237 state->iocom = iocom;
2238 state->flags = DMSG_STATE_DYNAMIC |
2239 DMSG_STATE_OPPOSITE;
2240 state->msgid = msg->any.head.msgid;
2241 state->txcmd = DMSGF_REPLY;
2242 state->rxcmd = msg->any.head.cmd & ~DMSGF_DELETE;
2243 state->icmd = state->rxcmd & DMSGF_BASECMDMASK;
2244 state->flags &= ~DMSG_STATE_NEW;
2245 msg->state = state;
2246
2247 RB_INSERT(dmsg_state_tree, &iocom->staterd_tree, state);
2248 if (TAILQ_EMPTY(&pstate->subq))
2249 dmsg_state_hold(pstate);/* pstate->subq */
2250 TAILQ_INSERT_TAIL(&pstate->subq, state, entry);
2251 state->flags |= DMSG_STATE_SUBINSERTED |
2252 DMSG_STATE_RBINSERTED;
2253 dmsg_state_hold(state); /* pstate->subq */
2254 dmsg_state_hold(state); /* state on rbtree */
2255 dmsg_state_hold(state); /* msg->state */
2256
2257 /*
2258 * If the parent is a relay set up the state handler to
2259 * automatically route the message. Local processing will
2260 * not occur if set.
2261 *
2262 * (state relays are seeded by SPAN processing)
2263 */
2264 if (pstate->relay)
2265 state->func = dmsg_state_relay;
2266 error = 0;
2267 break;
2268 case DMSGF_DELETE:
2269 /*
2270 * Persistent state is expected but might not exist if an
2271 * ABORT+DELETE races the close.
2272 *
2273 * (any DELETE is handled in post-processing of msg).
2274 */
2275 if (state == pstate) {
2276 if (msg->any.head.cmd & DMSGF_ABORT) {
2277 error = DMSG_IOQ_ERROR_EALREADY;
2278 } else {
2279 dmio_printf(iocom, 2,
2280 "missing-state %s\n",
2281 dmsg_msg_str(msg));
2282 error = DMSG_IOQ_ERROR_TRANS;
2283 assert(0);
2284 }
2285 break;
2286 }
2287
2288 /*
2289 * Handle another ABORT+DELETE case if the msgid has already
2290 * been reused.
2291 */
2292 if ((state->rxcmd & DMSGF_CREATE) == 0) {
2293 if (msg->any.head.cmd & DMSGF_ABORT) {
2294 error = DMSG_IOQ_ERROR_EALREADY;
2295 } else {
2296 dmio_printf(iocom, 2,
2297 "reused-state %s\n",
2298 dmsg_msg_str(msg));
2299 error = DMSG_IOQ_ERROR_TRANS;
2300 assert(0);
2301 }
2302 break;
2303 }
2304 error = 0;
2305 break;
2306 default:
2307 /*
2308 * Check for mid-stream ABORT command received, otherwise
2309 * allow.
2310 */
2311 if (msg->any.head.cmd & DMSGF_ABORT) {
2312 if ((state == pstate) ||
2313 (state->rxcmd & DMSGF_CREATE) == 0) {
2314 error = DMSG_IOQ_ERROR_EALREADY;
2315 break;
2316 }
2317 }
2318 error = 0;
2319 break;
2320 case DMSGF_REPLY | DMSGF_CREATE:
2321 case DMSGF_REPLY | DMSGF_CREATE | DMSGF_DELETE:
2322 /*
2323 * When receiving a reply with CREATE set the original
2324 * persistent state message should already exist.
2325 */
2326 if (state == pstate) {
2327 dmio_printf(iocom, 2, "no-state(r) %s\n",
2328 dmsg_msg_str(msg));
2329 error = DMSG_IOQ_ERROR_TRANS;
2330 assert(0);
2331 break;
2332 }
2333 assert(((state->rxcmd ^ msg->any.head.cmd) & DMSGF_REPLY) == 0);
2334 state->rxcmd = msg->any.head.cmd & ~DMSGF_DELETE;
2335 error = 0;
2336 break;
2337 case DMSGF_REPLY | DMSGF_DELETE:
2338 /*
2339 * Received REPLY+ABORT+DELETE in case where msgid has
2340 * already been fully closed, ignore the message.
2341 */
2342 if (state == pstate) {
2343 if (msg->any.head.cmd & DMSGF_ABORT) {
2344 error = DMSG_IOQ_ERROR_EALREADY;
2345 } else {
2346 dmio_printf(iocom, 2,
2347 "no-state(r,d) %s\n",
2348 dmsg_msg_str(msg));
2349 error = DMSG_IOQ_ERROR_TRANS;
2350 assert(0);
2351 }
2352 break;
2353 }
2354
2355 /*
2356 * Received REPLY+ABORT+DELETE in case where msgid has
2357 * already been reused for an unrelated message,
2358 * ignore the message.
2359 */
2360 if ((state->rxcmd & DMSGF_CREATE) == 0) {
2361 if (msg->any.head.cmd & DMSGF_ABORT) {
2362 error = DMSG_IOQ_ERROR_EALREADY;
2363 } else {
2364 dmio_printf(iocom, 2,
2365 "reused-state(r,d) %s\n",
2366 dmsg_msg_str(msg));
2367 error = DMSG_IOQ_ERROR_TRANS;
2368 assert(0);
2369 }
2370 break;
2371 }
2372 error = 0;
2373 break;
2374 case DMSGF_REPLY:
2375 /*
2376 * Check for mid-stream ABORT reply received to sent command.
2377 */
2378 if (msg->any.head.cmd & DMSGF_ABORT) {
2379 if (state == pstate ||
2380 (state->rxcmd & DMSGF_CREATE) == 0) {
2381 error = DMSG_IOQ_ERROR_EALREADY;
2382 break;
2383 }
2384 }
2385 error = 0;
2386 break;
2387 }
2388
2389 /*
2390 * Calculate the easy-switch() transactional command. Represents
2391 * the outer-transaction command for any transaction-create or
2392 * transaction-delete, and the inner message command for any
2393 * non-transaction or inside-transaction command. tcmd will be
2394 * set to 0 for any messaging error condition.
2395 *
2396 * The two can be told apart because outer-transaction commands
2397 * always have a DMSGF_CREATE and/or DMSGF_DELETE flag.
2398 */
2399 if (msg->any.head.cmd & (DMSGF_CREATE | DMSGF_DELETE)) {
2400 if ((msg->state->flags & DMSG_STATE_ROOT) == 0) {
2401 msg->tcmd = (state->icmd & DMSGF_BASECMDMASK) |
2402 (msg->any.head.cmd & (DMSGF_CREATE |
2403 DMSGF_DELETE |
2404 DMSGF_REPLY));
2405 } else {
2406 msg->tcmd = 0;
2407 }
2408 } else {
2409 msg->tcmd = msg->any.head.cmd & DMSGF_CMDSWMASK;
2410 }
2411
2412 #ifdef DMSG_BLOCK_DEBUG
2413 switch (msg->tcmd) {
2414 case DMSG_BLK_READ | DMSGF_CREATE | DMSGF_DELETE:
2415 case DMSG_BLK_WRITE | DMSGF_CREATE | DMSGF_DELETE:
2416 dmio_printf(iocom, 4,
2417 "read BIO %-3d %016jx %d@%016jx\n",
2418 biocount, msg->any.head.msgid,
2419 msg->any.blk_read.bytes,
2420 msg->any.blk_read.offset);
2421 break;
2422 case DMSG_BLK_READ | DMSGF_CREATE | DMSGF_DELETE | DMSGF_REPLY:
2423 case DMSG_BLK_WRITE | DMSGF_CREATE | DMSGF_DELETE | DMSGF_REPLY:
2424 dmio_printf(iocom, 4,
2425 "rread BIO %-3d %016jx %d@%016jx\n",
2426 biocount, msg->any.head.msgid,
2427 msg->any.blk_read.bytes,
2428 msg->any.blk_read.offset);
2429 break;
2430 default:
2431 break;
2432 }
2433 #endif
2434
2435 /*
2436 * Adjust state, mark receive side as DELETED if appropriate and
2437 * adjust RB tree if both sides are DELETED. cleanuprx handles
2438 * the rest after the state callback returns.
2439 */
2440 assert(msg->state->iocom == iocom);
2441 assert(msg->state == state);
2442
2443 if (state->flags & DMSG_STATE_ROOT) {
2444 /*
2445 * Nothing to do for non-transactional messages.
2446 */
2447 } else if (msg->any.head.cmd & DMSGF_DELETE) {
2448 /*
2449 * Message terminating transaction, remove the state from
2450 * the RB tree if the full transaction is now complete.
2451 * The related state, subq, and parent link is retained
2452 * until after the state callback is complete.
2453 */
2454 assert((state->rxcmd & DMSGF_DELETE) == 0);
2455 state->rxcmd |= DMSGF_DELETE;
2456 if (state->txcmd & DMSGF_DELETE) {
2457 assert(state->flags & DMSG_STATE_RBINSERTED);
2458 if (state->rxcmd & DMSGF_REPLY) {
2459 assert(msg->any.head.cmd & DMSGF_REPLY);
2460 RB_REMOVE(dmsg_state_tree,
2461 &iocom->statewr_tree, state);
2462 } else {
2463 assert((msg->any.head.cmd & DMSGF_REPLY) == 0);
2464 RB_REMOVE(dmsg_state_tree,
2465 &iocom->staterd_tree, state);
2466 }
2467 state->flags &= ~DMSG_STATE_RBINSERTED;
2468 dmsg_state_drop(state);
2469 }
2470 }
2471
2472 pthread_mutex_unlock(&iocom->mtx);
2473
2474 if (DMsgDebugOpt && error)
2475 dmio_printf(iocom, 1, "msgrx: error %d\n", error);
2476
2477 return (error);
2478 }
2479
2480 /*
2481 * Route the message and handle pair-state processing.
2482 */
2483 void
2484 dmsg_state_relay(dmsg_msg_t *lmsg)
2485 {
2486 dmsg_state_t *lpstate;
2487 dmsg_state_t *rpstate;
2488 dmsg_state_t *lstate;
2489 dmsg_state_t *rstate;
2490 dmsg_msg_t *rmsg;
2491
2492 #ifdef DMSG_BLOCK_DEBUG
2493 switch (lmsg->tcmd) {
2494 case DMSG_BLK_OPEN | DMSGF_CREATE:
2495 dmio_printf(iocom, 4, "%s\n",
2496 "relay BIO_OPEN (CREATE)");
2497 break;
2498 case DMSG_BLK_OPEN | DMSGF_DELETE:
2499 dmio_printf(iocom, 4, "%s\n",
2500 "relay BIO_OPEN (DELETE)");
2501 break;
2502 case DMSG_BLK_READ | DMSGF_CREATE | DMSGF_DELETE:
2503 case DMSG_BLK_WRITE | DMSGF_CREATE | DMSGF_DELETE:
2504 atomic_add_int(&biocount, 1);
2505 dmio_printf(iocom, 4,
2506 "relay BIO %-3d %016jx %d@%016jx\n",
2507 biocount, lmsg->any.head.msgid,
2508 lmsg->any.blk_read.bytes,
2509 lmsg->any.blk_read.offset);
2510 break;
2511 case DMSG_BLK_READ | DMSGF_CREATE | DMSGF_DELETE | DMSGF_REPLY:
2512 case DMSG_BLK_WRITE | DMSGF_CREATE | DMSGF_DELETE | DMSGF_REPLY:
2513 dmio_printf(iocom, 4,
2514 "retrn BIO %-3d %016jx %d@%016jx\n",
2515 biocount, lmsg->any.head.msgid,
2516 lmsg->any.blk_read.bytes,
2517 lmsg->any.blk_read.offset);
2518 atomic_add_int(&biocount, -1);
2519 break;
2520 default:
2521 break;
2522 }
2523 #endif
2524
2525 if ((lmsg->any.head.cmd & (DMSGF_CREATE | DMSGF_REPLY)) ==
2526 DMSGF_CREATE) {
2527 /*
2528 * New sub-transaction, establish new state and relay.
2529 */
2530 lstate = lmsg->state;
2531 lpstate = lstate->parent;
2532 rpstate = lpstate->relay;
2533 assert(lstate->relay == NULL);
2534 assert(rpstate != NULL);
2535
2536 rmsg = dmsg_msg_alloc(rpstate, 0,
2537 lmsg->any.head.cmd,
2538 dmsg_state_relay, NULL);
2539 rstate = rmsg->state;
2540 rstate->relay = lstate;
2541 lstate->relay = rstate;
2542 dmsg_state_hold(lstate);
2543 dmsg_state_hold(rstate);
2544 } else {
2545 /*
2546 * State & relay already established
2547 */
2548 lstate = lmsg->state;
2549 rstate = lstate->relay;
2550 assert(rstate != NULL);
2551
2552 assert((rstate->txcmd & DMSGF_DELETE) == 0);
2553
2554 #if 0
2555 if (lstate->flags & DMSG_STATE_ABORTING) {
2556 dmio_printf(iocom, 4,
2557 "relay: relay lost link l=%p r=%p\n",
2558 lstate, rstate);
2559 dmsg_simulate_failure(rstate, 0, DMSG_ERR_LOSTLINK);
2560 }
2561 #endif
2562
2563 rmsg = dmsg_msg_alloc(rstate, 0,
2564 lmsg->any.head.cmd,
2565 dmsg_state_relay, NULL);
2566 }
2567 if (lmsg->hdr_size > sizeof(lmsg->any.head)) {
2568 bcopy(&lmsg->any.head + 1, &rmsg->any.head + 1,
2569 lmsg->hdr_size - sizeof(lmsg->any.head));
2570 }
2571 rmsg->any.head.error = lmsg->any.head.error;
2572 rmsg->any.head.reserved02 = lmsg->any.head.reserved02;
2573 rmsg->any.head.reserved18 = lmsg->any.head.reserved18;
2574 rmsg->aux_size = lmsg->aux_size;
2575 rmsg->aux_data = lmsg->aux_data;
2576 lmsg->aux_data = NULL;
2577
2578 dmsg_msg_write(rmsg);
2579 }
2580
2581 /*
2582 * Cleanup and retire msg after issuing the state callback. The state
2583 * has already been removed from the RB tree. The subq and msg must be
2584 * cleaned up.
2585 *
2586 * Called with the iocom mutex held (to handle subq disconnection).
2587 */
2588 void
2589 dmsg_state_cleanuprx(dmsg_iocom_t *iocom, dmsg_msg_t *msg)
2590 {
2591 dmsg_state_t *state;
2592
2593 assert(msg->state->iocom == iocom);
2594 state = msg->state;
2595 if (state->flags & DMSG_STATE_ROOT) {
2596 /*
2597 * Free a non-transactional message, there is no state
2598 * to worry about.
2599 */
2600 dmsg_msg_free(msg);
2601 } else if ((state->flags & DMSG_STATE_SUBINSERTED) &&
2602 (state->rxcmd & DMSGF_DELETE) &&
2603 (state->txcmd & DMSGF_DELETE)) {
2604 /*
2605 * Must disconnect from parent and drop relay.
2606 */
2607 dmsg_subq_delete(state);
2608 if (state->relay) {
2609 dmsg_state_drop(state->relay);
2610 state->relay = NULL;
2611 }
2612 dmsg_msg_free(msg);
2613 } else {
2614 /*
2615 * Message not terminating transaction, leave state intact
2616 * and free message if it isn't the CREATE message.
2617 */
2618 dmsg_msg_free(msg);
2619 }
2620 }
2621
2622 /*
2623 * Clean up the state after pulling out needed fields and queueing the
2624 * message for transmission. This occurs in dmsg_msg_write().
2625 *
2626 * Called with the mutex locked.
2627 */
2628 static void
2629 dmsg_state_cleanuptx(dmsg_iocom_t *iocom, dmsg_msg_t *msg)
2630 {
2631 dmsg_state_t *state;
2632
2633 assert(iocom == msg->state->iocom);
2634 state = msg->state;
2635
2636 dmsg_state_hold(state);
2637
2638 if (state->flags & DMSG_STATE_ROOT) {
2639 ;
2640 } else if (msg->any.head.cmd & DMSGF_DELETE) {
2641 /*
2642 * Message terminating transaction, destroy the related
2643 * state, the original message, and this message (if it
2644 * isn't the original message due to a CREATE|DELETE).
2645 *
2646 * It's possible for governing state to terminate while
2647 * sub-transactions still exist. This is allowed but
2648 * will cause sub-transactions to recursively fail.
2649 * Further reception of sub-transaction messages will be
2650 * impossible because the circuit will no longer exist.
2651 * (XXX need code to make sure that happens properly).
2652 *
2653 * NOTE: It is possible for a fafilure to terminate the
2654 * state after we have written the message but before
2655 * we are able to call cleanuptx, so txcmd might already
2656 * have DMSGF_DELETE set.
2657 */
2658 if ((state->txcmd & DMSGF_DELETE) == 0 &&
2659 (state->rxcmd & DMSGF_DELETE)) {
2660 state->txcmd |= DMSGF_DELETE;
2661 assert(state->flags & DMSG_STATE_RBINSERTED);
2662 if (state->txcmd & DMSGF_REPLY) {
2663 assert(msg->any.head.cmd & DMSGF_REPLY);
2664 RB_REMOVE(dmsg_state_tree,
2665 &iocom->staterd_tree, state);
2666 } else {
2667 assert((msg->any.head.cmd & DMSGF_REPLY) == 0);
2668 RB_REMOVE(dmsg_state_tree,
2669 &iocom->statewr_tree, state);
2670 }
2671 state->flags &= ~DMSG_STATE_RBINSERTED;
2672 dmsg_subq_delete(state);
2673
2674 if (state->relay) {
2675 dmsg_state_drop(state->relay);
2676 state->relay = NULL;
2677 }
2678 dmsg_state_drop(state); /* state->rbtree */
2679 } else if ((state->txcmd & DMSGF_DELETE) == 0) {
2680 state->txcmd |= DMSGF_DELETE;
2681 }
2682 }
2683
2684 /*
2685 * Deferred abort after transmission.
2686 */
2687 if ((state->flags & (DMSG_STATE_ABORTING | DMSG_STATE_DYING)) &&
2688 (state->rxcmd & DMSGF_DELETE) == 0) {
2689 dmio_printf(iocom, 4,
2690 "cleanuptx: state=%p "
2691 "executing deferred abort\n",
2692 state);
2693 state->flags &= ~DMSG_STATE_ABORTING;
2694 dmsg_simulate_failure(state, 1, DMSG_ERR_LOSTLINK);
2695 }
2696
2697 dmsg_state_drop(state);
2698 }
2699
2700 /*
2701 * Called with or without locks
2702 */
2703 void
2704 dmsg_state_hold(dmsg_state_t *state)
2705 {
2706 atomic_add_int(&state->refs, 1);
2707 }
2708
2709 void
2710 dmsg_state_drop(dmsg_state_t *state)
2711 {
2712 assert(state->refs > 0);
2713 if (atomic_fetchadd_int(&state->refs, -1) == 1)
2714 dmsg_state_free(state);
2715 }
2716
2717 /*
2718 * Called with iocom locked
2719 */
2720 static void
2721 dmsg_state_free(dmsg_state_t *state)
2722 {
2723 atomic_add_int(&dmsg_state_count, -1);
2724 dmio_printf(state->iocom, 5, "terminate state %p\n", state);
2725 assert((state->flags & (DMSG_STATE_ROOT |
2726 DMSG_STATE_SUBINSERTED |
2727 DMSG_STATE_RBINSERTED)) == 0);
2728 assert(TAILQ_EMPTY(&state->subq));
2729 assert(state->refs == 0);
2730 if (state->any.any != NULL) /* XXX avoid deadlock w/exit & kernel */
2731 closefrom(3);
2732 assert(state->any.any == NULL);
2733 free(state);
2734 }
2735
2736 /*
2737 * This swaps endian for a hammer2_msg_hdr. Note that the extended
2738 * header is not adjusted, just the core header.
2739 */
2740 void
2741 dmsg_bswap_head(dmsg_hdr_t *head)
2742 {
2743 head->magic = bswap16(head->magic);
2744 head->reserved02 = bswap16(head->reserved02);
2745 head->salt = bswap32(head->salt);
2746
2747 head->msgid = bswap64(head->msgid);
2748 head->circuit = bswap64(head->circuit);
2749 head->reserved18= bswap64(head->reserved18);
2750
2751 head->cmd = bswap32(head->cmd);
2752 head->aux_crc = bswap32(head->aux_crc);
2753 head->aux_bytes = bswap32(head->aux_bytes);
2754 head->error = bswap32(head->error);
2755 head->aux_descr = bswap64(head->aux_descr);
2756 head->reserved38= bswap32(head->reserved38);
2757 head->hdr_crc = bswap32(head->hdr_crc);
2758 }
DragonFly BSD