| blob | 6acf9bb76d3c98c1befca0eacafcf98f9a61afc7 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
22 /*
23 * Copyright 2012 Marcel Telka <marcel@telka.sk>
24 * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
25 * Copyright 2018 OmniOS Community Edition (OmniOSce) Association.
26 * Copyright 2021 Racktop Systems, Inc.
27 */
29 /*
30 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
31 * Use is subject to license terms.
32 */
34 /*
35 * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
36 */
38 /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
39 /* All Rights Reserved */
41 /*
42 * Portions of this source code were derived from Berkeley 4.3 BSD
43 * under license from the Regents of the University of California.
44 */
46 /*
47 * Server-side remote procedure call interface.
48 *
49 * Master transport handle (SVCMASTERXPRT).
50 * The master transport handle structure is shared among service
51 * threads processing events on the transport. Some fields in the
52 * master structure are protected by locks
53 * - xp_req_lock protects the request queue:
54 * xp_req_head, xp_req_tail, xp_reqs, xp_size, xp_full, xp_enable
55 * - xp_thread_lock protects the thread (clone) counts
56 * xp_threads, xp_detached_threads, xp_wq
57 * Each master transport is registered to exactly one thread pool.
58 *
59 * Clone transport handle (SVCXPRT)
60 * The clone transport handle structure is a per-service-thread handle
61 * to the transport. The structure carries all the fields/buffers used
62 * for request processing. A service thread or, in other words, a clone
63 * structure, can be linked to an arbitrary master structure to process
64 * requests on this transport. The master handle keeps track of reference
65 * counts of threads (clones) linked to it. A service thread can switch
66 * to another transport by unlinking its clone handle from the current
67 * transport and linking to a new one. Switching is relatively inexpensive
68 * but it involves locking (master's xprt->xp_thread_lock).
69 *
70 * Pools.
71 * A pool represents a kernel RPC service (NFS, Lock Manager, etc.).
72 * Transports related to the service are registered to the service pool.
73 * Service threads can switch between different transports in the pool.
74 * Thus, each service has its own pool of service threads. The maximum
75 * number of threads in a pool is pool->p_maxthreads. This limit allows
76 * to restrict resource usage by the service. Some fields are protected
77 * by locks:
78 * - p_req_lock protects several counts and flags:
79 * p_reqs, p_size, p_walkers, p_asleep, p_drowsy, p_req_cv
80 * - p_thread_lock governs other thread counts:
81 * p_threads, p_detached_threads, p_reserved_threads, p_closing
82 *
83 * In addition, each pool contains a doubly-linked list of transports,
84 * an `xprt-ready' queue and a creator thread (see below). Threads in
85 * the pool share some other parameters such as stack size and
86 * polling timeout.
87 *
88 * Pools are initialized through the svc_pool_create() function called from
89 * the nfssys() system call. However, thread creation must be done by
90 * the userland agent. This is done by using SVCPOOL_WAIT and
91 * SVCPOOL_RUN arguments to nfssys(), which call svc_wait() and
92 * svc_do_run(), respectively. Once the pool has been initialized,
93 * the userland process must set up a 'creator' thread. This thread
94 * should park itself in the kernel by calling svc_wait(). If
95 * svc_wait() returns successfully, it should fork off a new worker
96 * thread, which then calls svc_do_run() in order to get work. When
97 * that thread is complete, svc_do_run() will return, and the user
98 * program should call thr_exit().
99 *
100 * When we try to register a new pool and there is an old pool with
101 * the same id in the doubly linked pool list (this happens when we kill
102 * and restart nfsd or lockd), then we unlink the old pool from the list
103 * and mark its state as `closing'. After that the transports can still
104 * process requests but new transports won't be registered. When all the
105 * transports and service threads associated with the pool are gone the
106 * creator thread (see below) will clean up the pool structure and exit.
107 *
108 * svc_queuereq() and svc_run().
109 * The kernel RPC server is interrupt driven. The svc_queuereq() interrupt
110 * routine is called to deliver an RPC request. The service threads
111 * loop in svc_run(). The interrupt function queues a request on the
112 * transport's queue and it makes sure that the request is serviced.
113 * It may either wake up one of sleeping threads, or ask for a new thread
114 * to be created, or, if the previous request is just being picked up, do
115 * nothing. In the last case the service thread that is picking up the
116 * previous request will wake up or create the next thread. After a service
117 * thread processes a request and sends a reply it returns to svc_run()
118 * and svc_run() calls svc_poll() to find new input.
119 *
120 * svc_poll().
121 * In order to avoid unnecessary locking, which causes performance
122 * problems, we always look for a pending request on the current transport.
123 * If there is none we take a hint from the pool's `xprt-ready' queue.
124 * If the queue had an overflow we switch to the `drain' mode checking
125 * each transport in the pool's transport list. Once we find a
126 * master transport handle with a pending request we latch the request
127 * lock on this transport and return to svc_run(). If the request
128 * belongs to a transport different than the one the service thread is
129 * linked to we need to unlink and link again.
130 *
131 * A service thread goes asleep when there are no pending
132 * requests on the transports registered on the pool's transports.
133 * All the pool's threads sleep on the same condition variable.
134 * If a thread has been sleeping for too long period of time
135 * (by default 5 seconds) it wakes up and exits. Also when a transport
136 * is closing sleeping threads wake up to unlink from this transport.
137 *
138 * The `xprt-ready' queue.
139 * If a service thread finds no request on a transport it is currently linked
140 * to it will find another transport with a pending request. To make
141 * this search more efficient each pool has an `xprt-ready' queue.
142 * The queue is a FIFO. When the interrupt routine queues a request it also
143 * inserts a pointer to the transport into the `xprt-ready' queue. A
144 * thread looking for a transport with a pending request can pop up a
145 * transport and check for a request. The request can be already gone
146 * since it could be taken by a thread linked to that transport. In such a
147 * case we try the next hint. The `xprt-ready' queue has fixed size (by
148 * default 256 nodes). If it overflows svc_poll() has to switch to the
149 * less efficient but safe `drain' mode and walk through the pool's
150 * transport list.
151 *
152 * Both the svc_poll() loop and the `xprt-ready' queue are optimized
153 * for the peak load case that is for the situation when the queue is not
154 * empty, there are all the time few pending requests, and a service
155 * thread which has just processed a request does not go asleep but picks
156 * up immediately the next request.
157 *
158 * Thread creator.
159 * Each pool has a thread creator associated with it. The creator thread
160 * sleeps on a condition variable and waits for a signal to create a
161 * service thread. The actual thread creation is done in userland by
162 * the method described in "Pools" above.
163 *
164 * Signaling threads should turn on the `creator signaled' flag, and
165 * can avoid sending signals when the flag is on. The flag is cleared
166 * when the thread is created.
167 *
168 * When the pool is in closing state (ie it has been already unregistered
169 * from the pool list) the last thread on the last transport in the pool
170 * should turn the p_creator_exit flag on. The creator thread will
171 * clean up the pool structure and exit.
172 *
173 * Thread reservation; Detaching service threads.
174 * A service thread can detach itself to block for an extended amount
175 * of time. However, to keep the service active we need to guarantee
176 * at least pool->p_redline non-detached threads that can process incoming
177 * requests. This, the maximum number of detached and reserved threads is
178 * p->p_maxthreads - p->p_redline. A service thread should first acquire
179 * a reservation, and if the reservation was granted it can detach itself.
180 * If a reservation was granted but the thread does not detach itself
181 * it should cancel the reservation before it returns to svc_run().
182 */
184 #include <sys/param.h>
185 #include <sys/types.h>
186 #include <rpc/types.h>
187 #include <sys/socket.h>
188 #include <sys/time.h>
189 #include <sys/tiuser.h>
190 #include <sys/t_kuser.h>
191 #include <netinet/in.h>
192 #include <rpc/xdr.h>
193 #include <rpc/auth.h>
194 #include <rpc/clnt.h>
195 #include <rpc/rpc_msg.h>
196 #include <rpc/svc.h>
197 #include <sys/proc.h>
198 #include <sys/user.h>
199 #include <sys/stream.h>
200 #include <sys/strsubr.h>
201 #include <sys/strsun.h>
202 #include <sys/tihdr.h>
203 #include <sys/debug.h>
204 #include <sys/cmn_err.h>
205 #include <sys/file.h>
206 #include <sys/systm.h>
207 #include <sys/callb.h>
208 #include <sys/vtrace.h>
209 #include <sys/zone.h>
210 #include <nfs/nfs.h>
211 #include <sys/tsol/label_macro.h>
213 /*
214 * Defines for svc_poll()
215 */
220 /*
221 * Default stack size for service threads.
222 */
227 /*
228 * Default polling timeout for service threads.
229 * Multiplied by hz when used.
230 */
235 /*
236 * Size of the `xprt-ready' queue.
237 */
242 /*
243 * Default limit for the number of service threads.
244 */
245 #define DEFAULT_SVC_MAXTHREADS (INT16_MAX)
249 /*
250 * Maximum number of requests from the same transport (in `drain' mode).
251 */
252 #define DEFAULT_SVC_MAX_SAME_XPRT (8)
257 /*
258 * Default `Redline' of non-detached threads.
259 * Total number of detached and reserved threads in an RPC server
260 * thread pool is limited to pool->p_maxthreads - svc_redline.
261 */
262 #define DEFAULT_SVC_REDLINE (1)
266 /*
267 * A node for the `xprt-ready' queue.
268 * See below.
269 */
273 };
275 /*
276 * Global SVC variables (private).
277 */
280 kmutex_t svc_plock;
281 };
283 /*
284 * Debug variable to check for rdma based
285 * transport startup and cleanup. Contorlled
286 * through /etc/system. Off by default.
287 */
290 /*
291 * This allows disabling flow control in svc_queuereq().
292 */
295 /*
296 * Authentication parameters list.
297 */
301 /*
302 * If true, then keep quiet about version mismatch.
303 * This macro is for broadcast RPC only. We have no broadcast RPC in
304 * kernel now but one may define a flag in the transport structure
305 * and redefine this macro.
306 */
307 #define version_keepquiet(xprt) (FALSE)
309 /*
310 * ZSD key used to retrieve zone-specific svc globals
311 */
323 /* ARGSUSED */
326 {
333 }
335 /* ARGSUSED */
336 static void
338 {
345 }
347 }
349 /* ARGSUSED */
350 static void
352 {
358 }
360 /*
361 * Global SVC init routine.
362 * Initialize global generic and transport type specific structures
363 * used by the kernel RPC server side. This routine is called only
364 * once when the module is being loaded.
365 */
366 void
368 {
370 svc_zonefini);
373 }
375 /*
376 * Destroy the SVCPOOL structure.
377 */
378 static void
380 {
385 /*
386 * Call the user supplied shutdown function. This is done
387 * here so the user of the pool will be able to cleanup
388 * service related resources.
389 */
393 /* Destroy `xprt-ready' queue */
396 /* Destroy transport list */
399 /* Destroy locks and condition variables */
404 /* Destroy creator's locks and condition variables */
410 /* Free pool structure */
412 }
414 /*
415 * If all the transports and service threads are already gone
416 * signal the creator thread to clean up and exit.
417 */
418 static bool_t
420 {
427 /*
428 * Release the locks before sending a signal.
429 */
433 /*
434 * Notify the creator thread to clean up and exit
435 *
436 * NOTICE: No references to the pool beyond this point!
437 * The pool is being destroyed.
438 */
443 }
445 }
449 }
451 /*
452 * Find a pool with a given id.
453 */
456 {
461 /*
462 * Search the list for a pool with a matching id
463 * and register the transport handle with that pool.
464 */
470 }
472 /*
473 * PSARC 2003/523 Contract Private Interface
474 * svc_do_run
475 * Changes must be reviewed by Solaris File Sharing
476 * Changes must be communicated to contract-2003-523@sun.com
477 */
478 int
480 {
495 /*
496 * Increment counter of pool threads now
497 * that a thread has been created.
498 */
503 /* Give work to the new thread. */
507 }
509 /*
510 * Unregister a pool from the pool list.
511 * Set the closing state. If all the transports and service threads
512 * are already gone signal the creator thread to clean up and exit.
513 */
514 static void
516 {
522 /* Remove from the list */
531 /*
532 * Offline the pool. Mark the pool as closing.
533 * If there are no transports in this pool notify
534 * the creator thread to clean it up and exit.
535 */
543 }
545 /*
546 * Register a pool with a given id in the global doubly linked pool list.
547 * - if there is a pool with the same id in the list then unregister it
548 * - insert the new pool into the list.
549 */
550 static void
552 {
555 /*
556 * If there is a pool with the same id then remove it from
557 * the list and mark the pool as closing.
558 */
564 /* Insert into the doubly linked list */
573 }
575 /*
576 * Initialize a newly created pool structure
577 */
578 static int
581 {
602 /* Allocate and initialize the `xprt-ready' queue */
605 /* Initialize doubly-linked xprt list */
608 /*
609 * Setting lwp_childstksz on the current lwp so that
610 * descendants of this lwp get the modified stacksize, if
611 * it is defined. It is important that either this lwp or
612 * one of its descendants do the actual servicepool thread
613 * creation to maintain the stacksize inheritance.
614 */
618 /* Initialize thread limits, locks and condition variables */
628 /* Initialize userland creator */
635 /* Initialize the creator and start the creator thread */
644 }
646 /*
647 * PSARC 2003/523 Contract Private Interface
648 * svc_pool_create
649 * Changes must be reviewed by Solaris File Sharing
650 * Changes must be communicated to contract-2003-523@sun.com
651 *
652 * Create an kernel RPC server-side thread/transport pool.
653 *
654 * This is public interface for creation of a server RPC thread pool
655 * for a given service provider. Transports registered with the pool's id
656 * will be served by a pool's threads. This function is called from the
657 * nfssys() system call.
658 */
659 int
661 {
666 /*
667 * Caller should check credentials in a way appropriate
668 * in the context of the call.
669 */
672 /* Allocate a new pool */
675 /*
676 * Initialize the pool structure and create a creator thread.
677 */
684 }
686 /* Register the pool with the global pool list */
690 }
692 int
694 {
702 /*
703 * Search the list for a pool with a matching id
704 * and register the transport handle with that pool.
705 */
711 }
712 /*
713 * Grab the transport list lock before releasing the
714 * pool list lock
715 */
725 /*
726 * Search the list for a pool with a matching id
727 * and register the unregister callback handle with that pool.
728 */
734 }
735 /*
736 * Grab the transport list lock before releasing the
737 * pool list lock
738 */
749 }
750 }
752 /*
753 * Pool's transport list manipulation routines.
754 * - svc_xprt_register()
755 * - svc_xprt_unregister()
756 *
757 * svc_xprt_register() is called from svc_tli_kcreate() to
758 * insert a new master transport handle into the doubly linked
759 * list of server transport handles (one list per pool).
760 *
761 * The list is used by svc_poll(), when it operates in `drain'
762 * mode, to search for a next transport with a pending request.
763 */
765 int
767 {
773 /*
774 * Search the list for a pool with a matching id
775 * and register the transport handle with that pool.
776 */
782 }
784 /* Grab the transport list lock before releasing the pool list lock */
788 /* Don't register new transports when the pool is in closing state */
792 }
794 /*
795 * Initialize xp_pool to point to the pool.
796 * We don't want to go through the pool list every time.
797 */
800 /*
801 * Insert a transport handle into the list.
802 * The list head points to the most recently inserted transport.
803 */
814 }
816 /* Increment the transports count */
821 }
823 /*
824 * Called from svc_xprt_cleanup() to remove a master transport handle
825 * from the pool's list of server transports (when a transport is
826 * being destroyed).
827 */
828 void
830 {
833 /*
834 * Unlink xprt from the list.
835 * If the list head points to this xprt then move it
836 * to the next xprt or reset to NULL if this is the last
837 * xprt in the list.
838 */
852 }
856 /* Decrement list count */
860 }
862 static void
864 {
867 }
869 /*
870 * Initialize an `xprt-ready' queue for a given pool.
871 */
872 static void
874 {
879 KM_SLEEP);
889 }
891 /*
892 * Called from the svc_queuereq() interrupt routine to queue
893 * a hint for svc_poll() which transport has a pending request.
894 * - insert a pointer to xprt into the xprt-ready queue (FIFO)
895 * - if the xprt-ready queue is full turn the overflow flag on.
896 *
897 * NOTICE: pool->p_qtop is protected by the pool's request lock
898 * and the caller (svc_queuereq()) must hold the lock.
899 */
900 static void
902 {
905 /* If the overflow flag is on there is nothing we can do */
909 /* If the queue is full turn the overflow flag on and exit */
916 }
918 }
920 /* Insert a hint and move pool->p_qtop */
923 }
925 /*
926 * Called from svc_poll() to get a hint which transport has a
927 * pending request. Returns a pointer to a transport or NULL if the
928 * `xprt-ready' queue is empty.
929 *
930 * Since we do not acquire the pool's request lock while checking if
931 * the queue is empty we may miss a request that is just being delivered.
932 * However this is ok since svc_poll() will retry again until the
933 * count indicates that there are pending requests for this pool.
934 */
937 {
942 /*
943 * If the queue is empty return NULL.
944 * Since we do not acquire the pool's request lock which
945 * protects pool->p_qtop this is not exact check. However,
946 * this is safe - if we miss a request here svc_poll()
947 * will retry again.
948 */
952 }
954 /* Get a hint and move pool->p_qend */
958 /* Skip fields deleted by svc_xprt_qdelete() */
963 }
965 /*
966 * Delete all the references to a transport handle that
967 * is being destroyed from the xprt-ready queue.
968 * Deleted pointers are replaced with NULLs.
969 */
970 static void
972 {
979 }
981 }
983 /*
984 * Destructor for a master server transport handle.
985 * - if there are no more non-detached threads linked to this transport
986 * then, if requested, call xp_closeproc (we don't wait for detached
987 * threads linked to this transport to complete).
988 * - if there are no more threads linked to this
989 * transport then
990 * a) remove references to this transport from the xprt-ready queue
991 * b) remove a reference to this transport from the pool's transport list
992 * c) call a transport specific `destroy' function
993 * d) cancel remaining thread reservations.
994 *
995 * NOTICE: Caller must hold the transport's thread lock.
996 */
997 static void
999 {
1003 /*
1004 * If called from the last non-detached thread
1005 * it should call the closeproc on this transport.
1006 */
1009 }
1014 /* Remove references to xprt from the `xprt-ready' queue */
1017 /* Unregister xprt from the pool's transport list */
1021 }
1022 }
1024 /*
1025 * Find a dispatch routine for a given prog/vers pair.
1026 * This function is called from svc_getreq() to search the callout
1027 * table for an entry with a matching RPC program number `prog'
1028 * and a version range that covers `vers'.
1029 * - if it finds a matching entry it returns pointer to the dispatch routine
1030 * - otherwise it returns NULL and fills both vers_min and vers_max
1031 * with, respectively, lowest version and highest version
1032 * supported for the program `prog'
1033 */
1037 {
1055 }
1056 }
1059 }
1061 /*
1062 * Optionally free callout table allocated for this transport by
1063 * the service provider.
1064 */
1065 static void
1067 {
1073 }
1074 }
1076 /*
1077 * Send a reply to an RPC request
1078 *
1079 * PSARC 2003/523 Contract Private Interface
1080 * svc_sendreply
1081 * Changes must be reviewed by Solaris File Sharing
1082 * Changes must be communicated to contract-2003-523@sun.com
1083 */
1084 bool_t
1087 {
1098 }
1100 /*
1101 * No procedure error reply
1102 *
1103 * PSARC 2003/523 Contract Private Interface
1104 * svcerr_noproc
1105 * Changes must be reviewed by Solaris File Sharing
1106 * Changes must be communicated to contract-2003-523@sun.com
1107 */
1108 void
1110 {
1119 }
1121 /*
1122 * Can't decode arguments error reply
1123 *
1124 * PSARC 2003/523 Contract Private Interface
1125 * svcerr_decode
1126 * Changes must be reviewed by Solaris File Sharing
1127 * Changes must be communicated to contract-2003-523@sun.com
1128 */
1129 void
1131 {
1140 }
1142 /*
1143 * Some system error
1144 */
1145 void
1147 {
1156 }
1158 /*
1159 * Authentication error reply
1160 */
1161 void
1163 {
1172 }
1174 /*
1175 * Authentication too weak error reply
1176 */
1177 void
1179 {
1181 }
1183 /*
1184 * Authentication error; bad credentials
1185 */
1186 void
1188 {
1197 }
1199 /*
1200 * Program unavailable error reply
1201 *
1202 * PSARC 2003/523 Contract Private Interface
1203 * svcerr_noprog
1204 * Changes must be reviewed by Solaris File Sharing
1205 * Changes must be communicated to contract-2003-523@sun.com
1206 */
1207 void
1209 {
1218 }
1220 /*
1221 * Program version mismatch error reply
1222 *
1223 * PSARC 2003/523 Contract Private Interface
1224 * svcerr_progvers
1225 * Changes must be reviewed by Solaris File Sharing
1226 * Changes must be communicated to contract-2003-523@sun.com
1227 */
1228 void
1231 {
1242 }
1244 /*
1245 * Get server side input from some transport.
1246 *
1247 * Statement of authentication parameters management:
1248 * This function owns and manages all authentication parameters, specifically
1249 * the "raw" parameters (msg.rm_call.cb_cred and msg.rm_call.cb_verf) and
1250 * the "cooked" credentials (rqst->rq_clntcred).
1251 * However, this function does not know the structure of the cooked
1252 * credentials, so it make the following assumptions:
1253 * a) the structure is contiguous (no pointers), and
1254 * b) the cred structure size does not exceed RQCRED_SIZE bytes.
1255 * In all events, all three parameters are freed upon exit from this routine.
1256 * The storage is trivially managed on the call stack in user land, but
1257 * is malloced in kernel land.
1258 *
1259 * Note: the xprt's xp_svc_lock is not held while the service's dispatch
1260 * routine is running. If we decide to implement svc_unregister(), we'll
1261 * need to decide whether it's okay for a thread to unregister a service
1262 * while a request is being processed. If we decide that this is a
1263 * problem, we can probably use some sort of reference counting scheme to
1264 * keep the callout entry from going away until the request has completed.
1265 */
1266 static void
1270 {
1282 /*
1283 * Firstly, allocate the authentication parameters' storage
1284 */
1289 /* LINTED pointer alignment */
1295 KM_SLEEP);
1296 }
1301 /*
1302 * underlying transport recv routine may modify mblk data
1303 * and make it difficult to extract label afterwards. So
1304 * get the label from the raw mblk data now.
1305 */
1317 }
1319 /*
1320 * Now receive a message from the transport.
1321 */
1324 rpcvers_t vers_min;
1325 rpcvers_t vers_max;
1326 bool_t no_dispatch;
1329 /*
1330 * Find the registered program and call its
1331 * dispatch routine.
1332 */
1339 /*
1340 * First authenticate the message.
1341 */
1348 /*
1349 * Free the arguments.
1350 */
1353 /*
1354 * XXX - when bug id 4053736 is done, remove
1355 * the SVC_FREEARGS() call.
1356 */
1368 /*
1369 * If we got here, the program or version
1370 * is not served ...
1371 */
1375 else
1377 vers_max);
1379 /*
1380 * Free the arguments. For successful calls
1381 * this is done by the dispatch routine.
1382 */
1384 /* Fall through to ... */
1385 }
1386 /*
1387 * Call cleanup procedure for RPCSEC_GSS.
1388 * This is a hack since there is currently no
1389 * op, such as SVC_CLEANAUTH. rpc_gss_cleanup
1390 * should only be called for a non null proc.
1391 * Null procs in RPC GSS are overloaded to
1392 * provide context setup and control. The main
1393 * purpose of rpc_gss_cleanup is to decrement the
1394 * reference count associated with the cached
1395 * GSS security context. We should never get here
1396 * for an RPCSEC_GSS null proc since *no_dispatch
1397 * would have been set to true from sec_svc_msg above.
1398 */
1401 }
1402 }
1407 /*
1408 * Free authentication parameters' storage
1409 */
1411 /* LINTED pointer alignment */
1415 }
1417 /*
1418 * Allocate new clone transport handle.
1419 */
1420 SVCXPRT *
1422 {
1428 }
1430 /*
1431 * Free memory allocated by svc_clone_init.
1432 */
1433 void
1435 {
1436 /* Fre credentials from crget() */
1440 }
1442 /*
1443 * Link a per-thread clone transport handle to a master
1444 * - increment a thread reference count on the master
1445 * - copy some of the master's fields to the clone
1446 * - call a transport specific clone routine.
1447 */
1448 void
1450 {
1455 /*
1456 * Bump up master's thread count.
1457 * Linking a per-thread clone transport handle to a master
1458 * associates a service thread with the master.
1459 */
1464 /* Clear everything */
1467 /* Set pointer to the master transport stucture */
1470 /* Structure copy of all the common fields */
1473 /* Restore per-thread fields (xp_cred) */
1478 }
1480 /*
1481 * Unlink a non-detached clone transport handle from a master
1482 * - decrement a thread reference count on the master
1483 * - if the transport is closing (xp_wq is NULL) call svc_xprt_cleanup();
1484 * if this is the last non-detached/absolute thread on this transport
1485 * then it will close/destroy the transport
1486 * - call transport specific function to destroy the clone handle
1487 * - clear xp_master to avoid recursion.
1488 */
1489 void
1491 {
1494 /* This cannot be a detached thread */
1498 /* Decrement a reference count on the transport */
1502 /* svc_xprt_cleanup() unlocks xp_thread_lock or destroys xprt */
1505 else
1508 /* Call a transport specific clone `destroy' function */
1511 /* Clear xp_master */
1513 }
1515 /*
1516 * Unlink a detached clone transport handle from a master
1517 * - decrement the thread count on the master
1518 * - if the transport is closing (xp_wq is NULL) call svc_xprt_cleanup();
1519 * if this is the last thread on this transport then it will destroy
1520 * the transport.
1521 * - call a transport specific function to destroy the clone handle
1522 * - clear xp_master to avoid recursion.
1523 */
1524 static void
1526 {
1529 /* This must be a detached thread */
1534 /* Grab xprt->xp_thread_lock and decrement link counts */
1538 /* svc_xprt_cleanup() unlocks xp_thread_lock or destroys xprt */
1541 else
1544 /* Call transport specific clone `destroy' function */
1547 /* Clear xp_master */
1549 }
1551 /*
1552 * Try to exit a non-detached service thread
1553 * - check if there are enough threads left
1554 * - if this thread (ie its clone transport handle) are linked
1555 * to a master transport then unlink it
1556 * - free the clone structure
1557 * - return to userland for thread exit
1558 *
1559 * If this is the last non-detached or the last thread on this
1560 * transport then the call to svc_clone_unlink() will, respectively,
1561 * close and/or destroy the transport.
1562 */
1563 static void
1565 {
1573 /* return - thread exit will be handled at user level */
1577 /* return - thread exit will be handled at user level */
1578 }
1580 /*
1581 * Exit a detached service thread that returned to svc_run
1582 * - decrement the `detached thread' count for the pool
1583 * - unlink the detached clone transport handle from the master
1584 * - free the clone structure
1585 * - return to userland for thread exit
1586 *
1587 * If this is the last thread on this transport then the call
1588 * to svc_clone_unlinkdetached() will destroy the transport.
1589 */
1590 static void
1592 {
1593 /* This must be a detached thread */
1608 /* return - thread exit will be handled at user level */
1612 /* return - thread exit will be handled at user level */
1613 }
1615 /*
1616 * PSARC 2003/523 Contract Private Interface
1617 * svc_wait
1618 * Changes must be reviewed by Solaris File Sharing
1619 * Changes must be communicated to contract-2003-523@sun.com
1620 */
1621 int
1623 {
1638 /* Check if there's already a user thread waiting on this pool */
1642 }
1646 /* Go to sleep, waiting for the signaled flag. */
1649 /* Interrupted, return to handle exit or signal */
1654 /*
1655 * Thread has been interrupted and therefore
1656 * the service daemon is leaving as well so
1657 * let's go ahead and remove the service
1658 * pool at this time.
1659 */
1665 }
1666 }
1671 /*
1672 * About to exit the service pool. Set return value
1673 * to let the userland code know our intent. Signal
1674 * svc_thread_creator() so that it can clean up the
1675 * pool structure.
1676 */
1680 }
1684 /* Return to userland with error code, for possible thread creation. */
1686 }
1688 /*
1689 * `Service threads' creator thread.
1690 * The creator thread waits for a signal to create new thread.
1691 */
1692 static void
1694 {
1703 /* Check if someone set the exit flag */
1707 /* Clear the `signaled' flag and go asleep */
1714 /* Check if someone signaled to exit */
1722 /*
1723 * When the pool is in closing state and all the transports
1724 * are gone the creator should not create any new threads.
1725 */
1732 }
1734 }
1736 /*
1737 * Create a new service thread now.
1738 */
1744 /*
1745 * Signal the service pool wait thread
1746 * only if it hasn't already been signaled.
1747 */
1752 }
1755 }
1758 }
1760 /*
1761 * Pool is closed. Cleanup and exit.
1762 */
1764 /* Signal userland creator thread that it can stop now. */
1770 /* Wait for svc_wait() to be done with the pool */
1776 }
1782 }
1784 /*
1785 * If the creator thread is idle signal it to create
1786 * a new service thread.
1787 */
1788 static void
1790 {
1795 }
1797 }
1799 /*
1800 * Notify the creator thread to clean up and exit.
1801 */
1802 static void
1804 {
1809 }
1811 /*
1812 * Polling part of the svc_run().
1813 * - search for a transport with a pending request
1814 * - when one is found then latch the request lock and return to svc_run()
1815 * - if there is no request go asleep and wait for a signal
1816 * - handle two exceptions:
1817 * a) current transport is closing
1818 * b) timeout waiting for a new request
1819 * in both cases return to svc_run()
1820 */
1823 {
1824 /*
1825 * Main loop iterates until
1826 * a) we find a pending request,
1827 * b) detect that the current transport is closing
1828 * c) time out waiting for a new request.
1829 */
1834 /*
1835 * Step 1.
1836 * Check if there is a pending request on the current
1837 * transport handle so that we can avoid cloning.
1838 * If so then decrement the `pending-request' count for
1839 * the pool and return to svc_run().
1840 *
1841 * We need to prevent a potential starvation. When
1842 * a selected transport has all pending requests coming in
1843 * all the time then the service threads will never switch to
1844 * another transport. With a limited number of service
1845 * threads some transports may be never serviced.
1846 * To prevent such a scenario we pick up at most
1847 * pool->p_max_same_xprt requests from the same transport
1848 * and then take a hint from the xprt-ready queue or walk
1849 * the transport list.
1850 */
1857 }
1860 /*
1861 * Step 2.
1862 * If there is no request on the current transport try to
1863 * find another transport with a pending request.
1864 */
1869 /*
1870 * Make sure that transports will not be destroyed just
1871 * while we are checking them.
1872 */
1878 /*
1879 * Get the next transport from the xprt-ready queue.
1880 * This is a hint. There is no guarantee that the
1881 * transport still has a pending request since it
1882 * could be picked up by another thread in step 1.
1883 *
1884 * If the transport has a pending request then keep
1885 * it locked. Decrement the `pending-requests' for
1886 * the pool and `walking-threads' counts, and return
1887 * to svc_run().
1888 */
1901 }
1903 }
1905 /*
1906 * If there was no hint in the xprt-ready queue then
1907 * - if there is less pending requests than polling
1908 * threads go asleep
1909 * - otherwise check if there was an overflow in the
1910 * xprt-ready queue; if so, then we need to break
1911 * the `drain' mode
1912 */
1919 }
1922 }
1923 }
1924 }
1926 /*
1927 * If there was an overflow in the xprt-ready queue then we
1928 * need to switch to the `drain' mode, i.e. walk through the
1929 * pool's transport list and search for a transport with a
1930 * pending request. If we manage to drain all the pending
1931 * requests then we can clear the overflow flag. This will
1932 * switch svc_poll() back to taking hints from the xprt-ready
1933 * queue (which is generally more efficient).
1934 *
1935 * If there are no registered transports simply go asleep.
1936 */
1940 }
1942 /*
1943 * `Walk' through the pool's list of master server
1944 * transport handles. Continue to loop until there are less
1945 * looping threads then pending requests.
1946 */
1950 /*
1951 * Check if there is a request on this transport.
1952 *
1953 * Since blocking on a locked mutex is very expensive
1954 * check for a request without a lock first. If we miss
1955 * a request that is just being delivered but this will
1956 * cost at most one full walk through the list.
1957 */
1959 /*
1960 * Check again, now with a lock.
1961 */
1971 }
1973 }
1975 /*
1976 * Continue to `walk' through the pool's
1977 * transport list until there is less requests
1978 * than walkers. Check this condition without
1979 * a lock first to avoid contention on a mutex.
1980 */
1982 /* Check again, now with the lock. */
1987 }
1990 }
1992 sleep:
1993 /*
1994 * No work to do. Stop the `walk' and go asleep.
1995 * Decrement the `walking-threads' count for the pool.
1996 */
2000 /*
2001 * Count us as asleep, mark this thread as safe
2002 * for suspend and wait for a request.
2003 */
2008 /*
2009 * If the drowsy flag is on this means that
2010 * someone has signaled a wakeup. In such a case
2011 * the `asleep-threads' count has already updated
2012 * so just clear the flag.
2013 *
2014 * If the drowsy flag is off then we need to update
2015 * the `asleep-threads' count.
2016 */
2019 /*
2020 * If the thread is here because it timedout,
2021 * instead of returning SVC_ETIMEDOUT, it is
2022 * time to do some more work.
2023 */
2028 }
2031 /*
2032 * If we received a signal while waiting for a
2033 * request, inform svc_run(), so that we can return
2034 * to user level and exit.
2035 */
2039 /*
2040 * If the current transport is gone then notify
2041 * svc_run() to unlink from it.
2042 */
2046 /*
2047 * If we have timed out waiting for a request inform
2048 * svc_run() that we probably don't need this thread.
2049 */
2052 }
2053 }
2055 /*
2056 * calculate memory space used by message
2057 */
2058 static size_t
2060 {
2067 }
2069 /*
2070 * svc_flowcontrol() attempts to turn the flow control on or off for the
2071 * transport.
2072 *
2073 * On input the xprt->xp_full determines whether the flow control is currently
2074 * off (FALSE) or on (TRUE). If it is off we do tests to see whether we should
2075 * turn it on, and vice versa.
2076 *
2077 * There are two conditions considered for the flow control. Both conditions
2078 * have the low and the high watermark. Once the high watermark is reached in
2079 * EITHER condition the flow control is turned on. For turning the flow
2080 * control off BOTH conditions must be below the low watermark.
2081 *
2082 * Condition #1 - Number of requests queued:
2083 *
2084 * The max number of threads working on the pool is roughly pool->p_maxthreads.
2085 * Every thread could handle up to pool->p_max_same_xprt requests from one
2086 * transport before it moves to another transport. See svc_poll() for details.
2087 * In case all threads in the pool are working on a transport they will handle
2088 * no more than enough_reqs (pool->p_maxthreads * pool->p_max_same_xprt)
2089 * requests in one shot from that transport. We are turning the flow control
2090 * on once the high watermark is reached for a transport so that the underlying
2091 * queue knows the rate of incoming requests is higher than we are able to
2092 * handle.
2093 *
2094 * The high watermark: 2 * enough_reqs
2095 * The low watermark: enough_reqs
2096 *
2097 * Condition #2 - Length of the data payload for the queued messages/requests:
2098 *
2099 * We want to prevent a particular pool exhausting the memory, so once the
2100 * total length of queued requests for the whole pool reaches the high
2101 * watermark we start to turn on the flow control for significant memory
2102 * consumers (individual transports). To keep the implementation simple
2103 * enough, this condition is not exact, because we count only the data part of
2104 * the queued requests and we ignore the overhead. For our purposes this
2105 * should be enough. We should also consider that up to pool->p_maxthreads
2106 * threads for the pool might work on large requests (this is not counted for
2107 * this condition). We need to leave some space for rest of the system and for
2108 * other big memory consumers (like ZFS). Also, after the flow control is
2109 * turned on (on cots transports) we can start to accumulate a few megabytes in
2110 * queues for each transport.
2111 *
2112 * Usually, the big memory consumers are NFS WRITE requests, so we do not
2113 * expect to see this condition met for other than NFS pools.
2114 *
2115 * The high watermark: 1/5 of available memory
2116 * The low watermark: 1/6 of available memory
2117 *
2118 * Once the high watermark is reached we turn the flow control on only for
2119 * transports exceeding a per-transport memory limit. The per-transport
2120 * fraction of memory is calculated as:
2121 *
2122 * the high watermark / number of transports
2123 *
2124 * For transports with less than the per-transport fraction of memory consumed,
2125 * the flow control is not turned on, so they are not blocked by a few "hungry"
2126 * transports. Because of this, the total memory consumption for the
2127 * particular pool might grow up to 2 * the high watermark.
2128 *
2129 * The individual transports are unblocked once their consumption is below:
2130 *
2131 * per-transport fraction of memory / 2
2132 *
2133 * or once the total memory consumption for the whole pool falls below the low
2134 * watermark.
2135 *
2136 */
2137 static void
2139 {
2146 /* Should we turn the flow control on? */
2148 /* Is flow control disabled? */
2152 /* Is there enough requests queued? */
2156 }
2158 /*
2159 * If this pool uses over 20% of memory and this transport is
2160 * significant memory consumer then we are full
2161 */
2167 }
2169 /* We might want to turn the flow control off */
2171 /* Do we still have enough requests? */
2175 /*
2176 * If this pool still uses over 16% of memory and this transport is
2177 * still significant memory consumer then we are still full
2178 */
2183 /* Turn the flow control off and make sure rpcmod is notified */
2186 }
2188 /*
2189 * Main loop of the kernel RPC server
2190 * - wait for input (find a transport with a pending request).
2191 * - dequeue the request
2192 * - call a registered server routine to process the requests
2193 *
2194 * There can many threads running concurrently in this loop
2195 * on the same or on different transports.
2196 */
2197 static int
2199 {
2204 /* Allocate a clone transport handle for this thread */
2207 /*
2208 * The loop iterates until the thread becomes
2209 * idle too long or the transport is gone.
2210 */
2214 bool_t enable;
2219 /*
2220 * If the process is exiting/killed, return
2221 * immediately without processing any more
2222 * requests.
2223 */
2227 }
2229 /* Find a transport with a pending request */
2232 /*
2233 * If svc_poll() finds a transport with a request
2234 * it latches xp_req_lock on it. Therefore we need
2235 * to dequeue the request and release the lock as
2236 * soon as possible.
2237 */
2244 /* Ooops! Current transport is closing. Unlink now */
2249 }
2251 /* Ooops! Timeout while waiting for a request. Exit */
2255 }
2257 /*
2258 * Interrupted by a signal while waiting for a
2259 * request. Return to userspace and exit.
2260 */
2264 }
2266 /*
2267 * De-queue the request and release the request lock
2268 * on this transport (latched by svc_poll()).
2269 */
2292 /*
2293 * If this is a new request on a current transport then
2294 * the clone structure is already properly initialized.
2295 * Otherwise, if the request is on a different transport,
2296 * unlink from the current master and link to
2297 * the one we got a request on.
2298 */
2304 }
2306 /*
2307 * If there are more requests and req_cv hasn't
2308 * been signaled yet then wake up one more thread now.
2309 *
2310 * We avoid signaling req_cv until the most recently
2311 * signaled thread wakes up and gets CPU to clear
2312 * the `drowsy' flag.
2313 */
2327 }
2328 }
2330 /*
2331 * If there are no asleep/signaled threads, we are
2332 * still below pool->p_maxthreads limit, and no thread is
2333 * currently being created then signal the creator
2334 * for one more service thread.
2335 *
2336 * The asleep and drowsy checks are not protected
2337 * by a lock since it hurts performance and a wrong
2338 * decision is not essential.
2339 */
2345 /*
2346 * Process the request.
2347 */
2350 /* If thread had a reservation it should have been canceled */
2353 /*
2354 * If the clone is marked detached then exit.
2355 * The rpcmod slot has already been released
2356 * when we detached this thread.
2357 */
2361 }
2363 /*
2364 * Release our reference on the rpcmod
2365 * slot attached to xp_wq->q_ptr.
2366 */
2373 }
2374 /* NOTREACHED */
2375 }
2377 /*
2378 * Flush any pending requests for the queue and
2379 * free the associated mblks.
2380 */
2381 void
2383 {
2388 /*
2389 * clean up the requests
2390 */
2394 /* remove the request from the list */
2398 }
2410 }
2412 /*
2413 * This routine is called by rpcmod to inform kernel RPC that a
2414 * queue is closing. It is called after all the requests have been
2415 * picked up (that is after all the slots on the queue have
2416 * been released by kernel RPC). It is also guaranteed that no more
2417 * request will be delivered on this transport.
2418 *
2419 * - clear xp_wq to mark the master server transport handle as closing
2420 * - if there are no more threads on this transport close/destroy it
2421 * - otherwise, leave the linked threads to close/destroy the transport
2422 * later.
2423 */
2424 void
2426 {
2430 /*
2431 * If there is no master xprt associated with this stream,
2432 * then there is nothing to do. This happens regularly
2433 * with connection-oriented listening streams created by
2434 * nfsd.
2435 */
2437 }
2449 /*
2450 * svc_xprt_cleanup() destroys the transport
2451 * or releases the transport thread lock
2452 */
2457 /*
2458 * If the pool is in closing state and this was
2459 * the last transport in the pool then signal the creator
2460 * thread to clean up and exit.
2461 */
2464 }
2467 /*
2468 * There are still some threads linked to the transport. They
2469 * are very likely sleeping in svc_poll(). We could wake up
2470 * them by broadcasting on the p_req_cv condition variable, but
2471 * that might give us a performance penalty if there are too
2472 * many sleeping threads.
2473 *
2474 * Instead, we do nothing here. The linked threads will unlink
2475 * themselves and destroy the transport once they are woken up
2476 * on timeout, or by new request. There is no reason to hurry
2477 * up now with the thread wake up.
2478 */
2480 /*
2481 * NOTICE: No references to the master transport structure
2482 * beyond this point!
2483 */
2485 }
2486 }
2488 /*
2489 * Interrupt `request delivery' routine called from rpcmod
2490 * - put a request at the tail of the transport request queue
2491 * - insert a hint for svc_poll() into the xprt-ready queue
2492 * - increment the `pending-requests' count for the pool
2493 * - handle flow control
2494 * - wake up a thread sleeping in svc_poll() if necessary
2495 * - if all the threads are running ask the creator for a new one.
2496 */
2497 bool_t
2499 {
2509 /*
2510 * Step 1.
2511 * Grab the transport's request lock and the
2512 * pool's request lock so that when we put
2513 * the request at the tail of the transport's
2514 * request queue, possibly put the request on
2515 * the xprt ready queue and increment the
2516 * pending request count it looks atomic.
2517 */
2523 }
2528 else
2532 /*
2533 * Step 2.
2534 * Insert a hint into the xprt-ready queue, increment
2535 * counters, handle flow control, and wake up
2536 * a thread sleeping in svc_poll() if necessary.
2537 */
2539 /* Insert pointer to this transport into the xprt-ready queue */
2542 /* Increment counters */
2550 /* Handle flow control */
2557 /*
2558 * If there are more requests and req_cv hasn't
2559 * been signaled yet then wake up one more thread now.
2560 *
2561 * We avoid signaling req_cv until the most recently
2562 * signaled thread wakes up and gets CPU to clear
2563 * the `drowsy' flag.
2564 */
2572 /*
2573 * Signal wakeup and drop the request lock.
2574 */
2577 }
2580 /*
2581 * Step 3.
2582 * If there are no asleep/signaled threads, we are
2583 * still below pool->p_maxthreads limit, and no thread is
2584 * currently being created then signal the creator
2585 * for one more service thread.
2586 *
2587 * The asleep and drowsy checks are not not protected
2588 * by a lock since it hurts performance and a wrong
2589 * decision is not essential.
2590 */
2599 }
2601 /*
2602 * Reserve a service thread so that it can be detached later.
2603 * This reservation is required to make sure that when it tries to
2604 * detach itself the total number of detached threads does not exceed
2605 * pool->p_maxthreads - pool->p_redline (i.e. that we can have
2606 * up to pool->p_redline non-detached threads).
2607 *
2608 * If the thread does not detach itself later, it should cancel the
2609 * reservation before returning to svc_run().
2610 *
2611 * - check if there is room for more reserved/detached threads
2612 * - if so, then increment the `reserved threads' count for the pool
2613 * - mark the thread as reserved (setting the flag in the clone transport
2614 * handle for this thread
2615 * - returns 1 if the reservation succeeded, 0 if it failed.
2616 */
2617 int
2619 {
2622 /* Recursive reservations are not allowed */
2626 /* Check pool counts if there is room for reservation */
2632 }
2636 /* Mark the thread (clone handle) as reserved */
2640 }
2642 /*
2643 * Cancel a reservation for a thread.
2644 * - decrement the `reserved threads' count for the pool
2645 * - clear the flag in the clone transport handle for this thread.
2646 */
2647 void
2649 {
2652 /* Thread must have a reservation */
2656 /* Decrement global count */
2661 /* Clear reservation flag */
2663 }
2665 /*
2666 * Detach a thread from its transport, so that it can block for an
2667 * extended time. Because the transport can be closed after the thread is
2668 * detached, the thread should have already sent off a reply if it was
2669 * going to send one.
2670 *
2671 * - decrement `non-detached threads' count and increment `detached threads'
2672 * counts for the transport
2673 * - decrement the `non-detached threads' and `reserved threads'
2674 * counts and increment the `detached threads' count for the pool
2675 * - release the rpcmod slot
2676 * - mark the clone (thread) as detached.
2677 *
2678 * No need to return a pointer to the thread's CPR information, since
2679 * the thread has a userland identity.
2680 *
2681 * NOTICE: a thread must not detach itself without making a prior reservation
2682 * through svc_thread_reserve().
2683 */
2684 callb_cpr_t *
2686 {
2689 bool_t enable;
2691 /* Thread must have a reservation */
2695 /* Bookkeeping for this transport */
2701 /* Bookkeeping for the pool */
2708 /* Release an rpcmod slot for this request */
2716 /* Mark the clone (thread) as detached */
2721 }
2723 /*
2724 * This routine is responsible for extracting RDMA plugin master XPRT,
2725 * unregister from the SVCPOOL and initiate plugin specific cleanup.
2726 * It is passed a list/group of rdma transports as records which are
2727 * active in a given registered or unregistered kRPC thread pool. Its shuts
2728 * all active rdma transports in that pool. If the thread active on the trasport
2729 * happens to be last thread for that pool, it will signal the creater thread
2730 * to cleanup the pool and destroy the xprt in svc_queueclose()
2731 */
2732 void
2734 {
2761 /* remove the request from the list */
2768 }
2779 #ifdef DEBUG
2782 #endif
2783 /*
2784 * Free the rdma transport record for the expunged rdma
2785 * based master transport handle.
2786 */
2790 }
2791 }
2794 /*
2795 * rpc_msg_dup/rpc_msg_free
2796 * Currently only used by svc_rpcsec_gss.c but put in this file as it
2797 * may be useful to others in the future.
2798 * But future consumers should be careful cuz so far
2799 * - only tested/used for call msgs (not reply)
2800 * - only tested/used with call verf oa_length==0
2801 */
2804 {
2818 /* dup opaque auth call body cred */
2829 /* dup or just alloc opaque auth call body verifier */
2847 }
2850 error:
2854 }
2856 void
2858 {
2871 }
2873 /*
2874 * Generally 'cr_ref' should be 1, otherwise reference is kept
2875 * in underlying calls, so reset it.
2876 */
2877 cred_t *
2879 {
2888 }
2890 }