search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
NFSD: Prevent a buffer overflow in svc_xprt_names()
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / net / sunrpc / svc_xprt.c
blob6f33d33cc064e0f39f3232c910aff09fd53b3a67
1 /*
2 * linux/net/sunrpc/svc_xprt.c
3 *
4 * Author: Tom Tucker <tom@opengridcomputing.com>
5 */
6
7 #include <linux/sched.h>
8 #include <linux/errno.h>
9 #include <linux/freezer.h>
10 #include <linux/kthread.h>
11 #include <net/sock.h>
12 #include <linux/sunrpc/stats.h>
13 #include <linux/sunrpc/svc_xprt.h>
14 #include <linux/sunrpc/svcsock.h>
15
16 #define RPCDBG_FACILITY RPCDBG_SVCXPRT
17
18 #define SVC_MAX_WAKING 5
19
20 static struct svc_deferred_req *svc_deferred_dequeue(struct svc_xprt *xprt);
21 static int svc_deferred_recv(struct svc_rqst *rqstp);
22 static struct cache_deferred_req *svc_defer(struct cache_req *req);
23 static void svc_age_temp_xprts(unsigned long closure);
24
25 /* apparently the "standard" is that clients close
26 * idle connections after 5 minutes, servers after
27 * 6 minutes
28 * http://www.connectathon.org/talks96/nfstcp.pdf
29 */
30 static int svc_conn_age_period = 6*60;
31
32 /* List of registered transport classes */
33 static DEFINE_SPINLOCK(svc_xprt_class_lock);
34 static LIST_HEAD(svc_xprt_class_list);
35
36 /* SMP locking strategy:
37 *
38 * svc_pool->sp_lock protects most of the fields of that pool.
39 * svc_serv->sv_lock protects sv_tempsocks, sv_permsocks, sv_tmpcnt.
40 * when both need to be taken (rare), svc_serv->sv_lock is first.
41 * BKL protects svc_serv->sv_nrthread.
42 * svc_sock->sk_lock protects the svc_sock->sk_deferred list
43 * and the ->sk_info_authunix cache.
44 *
45 * The XPT_BUSY bit in xprt->xpt_flags prevents a transport being
46 * enqueued multiply. During normal transport processing this bit
47 * is set by svc_xprt_enqueue and cleared by svc_xprt_received.
48 * Providers should not manipulate this bit directly.
49 *
50 * Some flags can be set to certain values at any time
51 * providing that certain rules are followed:
52 *
53 * XPT_CONN, XPT_DATA:
54 * - Can be set or cleared at any time.
55 * - After a set, svc_xprt_enqueue must be called to enqueue
56 * the transport for processing.
57 * - After a clear, the transport must be read/accepted.
58 * If this succeeds, it must be set again.
59 * XPT_CLOSE:
60 * - Can set at any time. It is never cleared.
61 * XPT_DEAD:
62 * - Can only be set while XPT_BUSY is held which ensures
63 * that no other thread will be using the transport or will
64 * try to set XPT_DEAD.
65 */
66
67 int svc_reg_xprt_class(struct svc_xprt_class *xcl)
68 {
69 struct svc_xprt_class *cl;
70 int res = -EEXIST;
71
72 dprintk("svc: Adding svc transport class '%s'\n", xcl->xcl_name);
73
74 INIT_LIST_HEAD(&xcl->xcl_list);
75 spin_lock(&svc_xprt_class_lock);
76 /* Make sure there isn't already a class with the same name */
77 list_for_each_entry(cl, &svc_xprt_class_list, xcl_list) {
78 if (strcmp(xcl->xcl_name, cl->xcl_name) == 0)
79 goto out;
80 }
81 list_add_tail(&xcl->xcl_list, &svc_xprt_class_list);
82 res = 0;
83 out:
84 spin_unlock(&svc_xprt_class_lock);
85 return res;
86 }
87 EXPORT_SYMBOL_GPL(svc_reg_xprt_class);
88
89 void svc_unreg_xprt_class(struct svc_xprt_class *xcl)
90 {
91 dprintk("svc: Removing svc transport class '%s'\n", xcl->xcl_name);
92 spin_lock(&svc_xprt_class_lock);
93 list_del_init(&xcl->xcl_list);
94 spin_unlock(&svc_xprt_class_lock);
95 }
96 EXPORT_SYMBOL_GPL(svc_unreg_xprt_class);
97
98 /*
99 * Format the transport list for printing
100 */
101 int svc_print_xprts(char *buf, int maxlen)
102 {
103 struct list_head *le;
104 char tmpstr[80];
105 int len = 0;
106 buf[0] = '\0';
107
108 spin_lock(&svc_xprt_class_lock);
109 list_for_each(le, &svc_xprt_class_list) {
110 int slen;
111 struct svc_xprt_class *xcl =
112 list_entry(le, struct svc_xprt_class, xcl_list);
113
114 sprintf(tmpstr, "%s %d\n", xcl->xcl_name, xcl->xcl_max_payload);
115 slen = strlen(tmpstr);
116 if (len + slen > maxlen)
117 break;
118 len += slen;
119 strcat(buf, tmpstr);
120 }
121 spin_unlock(&svc_xprt_class_lock);
122
123 return len;
124 }
125
126 static void svc_xprt_free(struct kref *kref)
127 {
128 struct svc_xprt *xprt =
129 container_of(kref, struct svc_xprt, xpt_ref);
130 struct module *owner = xprt->xpt_class->xcl_owner;
131 if (test_bit(XPT_CACHE_AUTH, &xprt->xpt_flags)
132 && xprt->xpt_auth_cache != NULL)
133 svcauth_unix_info_release(xprt->xpt_auth_cache);
134 xprt->xpt_ops->xpo_free(xprt);
135 module_put(owner);
136 }
137
138 void svc_xprt_put(struct svc_xprt *xprt)
139 {
140 kref_put(&xprt->xpt_ref, svc_xprt_free);
141 }
142 EXPORT_SYMBOL_GPL(svc_xprt_put);
143
144 /*
145 * Called by transport drivers to initialize the transport independent
146 * portion of the transport instance.
147 */
148 void svc_xprt_init(struct svc_xprt_class *xcl, struct svc_xprt *xprt,
149 struct svc_serv *serv)
150 {
151 memset(xprt, 0, sizeof(*xprt));
152 xprt->xpt_class = xcl;
153 xprt->xpt_ops = xcl->xcl_ops;
154 kref_init(&xprt->xpt_ref);
155 xprt->xpt_server = serv;
156 INIT_LIST_HEAD(&xprt->xpt_list);
157 INIT_LIST_HEAD(&xprt->xpt_ready);
158 INIT_LIST_HEAD(&xprt->xpt_deferred);
159 mutex_init(&xprt->xpt_mutex);
160 spin_lock_init(&xprt->xpt_lock);
161 set_bit(XPT_BUSY, &xprt->xpt_flags);
162 }
163 EXPORT_SYMBOL_GPL(svc_xprt_init);
164
165 static struct svc_xprt *__svc_xpo_create(struct svc_xprt_class *xcl,
166 struct svc_serv *serv,
167 const int family,
168 const unsigned short port,
169 int flags)
170 {
171 struct sockaddr_in sin = {
172 .sin_family = AF_INET,
173 .sin_addr.s_addr = htonl(INADDR_ANY),
174 .sin_port = htons(port),
175 };
176 struct sockaddr_in6 sin6 = {
177 .sin6_family = AF_INET6,
178 .sin6_addr = IN6ADDR_ANY_INIT,
179 .sin6_port = htons(port),
180 };
181 struct sockaddr *sap;
182 size_t len;
183
184 switch (family) {
185 case PF_INET:
186 sap = (struct sockaddr *)&sin;
187 len = sizeof(sin);
188 break;
189 case PF_INET6:
190 sap = (struct sockaddr *)&sin6;
191 len = sizeof(sin6);
192 break;
193 default:
194 return ERR_PTR(-EAFNOSUPPORT);
195 }
196
197 return xcl->xcl_ops->xpo_create(serv, sap, len, flags);
198 }
199
200 int svc_create_xprt(struct svc_serv *serv, const char *xprt_name,
201 const int family, const unsigned short port,
202 int flags)
203 {
204 struct svc_xprt_class *xcl;
205
206 dprintk("svc: creating transport %s[%d]\n", xprt_name, port);
207 spin_lock(&svc_xprt_class_lock);
208 list_for_each_entry(xcl, &svc_xprt_class_list, xcl_list) {
209 struct svc_xprt *newxprt;
210
211 if (strcmp(xprt_name, xcl->xcl_name))
212 continue;
213
214 if (!try_module_get(xcl->xcl_owner))
215 goto err;
216
217 spin_unlock(&svc_xprt_class_lock);
218 newxprt = __svc_xpo_create(xcl, serv, family, port, flags);
219 if (IS_ERR(newxprt)) {
220 module_put(xcl->xcl_owner);
221 return PTR_ERR(newxprt);
222 }
223
224 clear_bit(XPT_TEMP, &newxprt->xpt_flags);
225 spin_lock_bh(&serv->sv_lock);
226 list_add(&newxprt->xpt_list, &serv->sv_permsocks);
227 spin_unlock_bh(&serv->sv_lock);
228 clear_bit(XPT_BUSY, &newxprt->xpt_flags);
229 return svc_xprt_local_port(newxprt);
230 }
231 err:
232 spin_unlock(&svc_xprt_class_lock);
233 dprintk("svc: transport %s not found\n", xprt_name);
234 return -ENOENT;
235 }
236 EXPORT_SYMBOL_GPL(svc_create_xprt);
237
238 /*
239 * Copy the local and remote xprt addresses to the rqstp structure
240 */
241 void svc_xprt_copy_addrs(struct svc_rqst *rqstp, struct svc_xprt *xprt)
242 {
243 struct sockaddr *sin;
244
245 memcpy(&rqstp->rq_addr, &xprt->xpt_remote, xprt->xpt_remotelen);
246 rqstp->rq_addrlen = xprt->xpt_remotelen;
247
248 /*
249 * Destination address in request is needed for binding the
250 * source address in RPC replies/callbacks later.
251 */
252 sin = (struct sockaddr *)&xprt->xpt_local;
253 switch (sin->sa_family) {
254 case AF_INET:
255 rqstp->rq_daddr.addr = ((struct sockaddr_in *)sin)->sin_addr;
256 break;
257 case AF_INET6:
258 rqstp->rq_daddr.addr6 = ((struct sockaddr_in6 *)sin)->sin6_addr;
259 break;
260 }
261 }
262 EXPORT_SYMBOL_GPL(svc_xprt_copy_addrs);
263
264 /**
265 * svc_print_addr - Format rq_addr field for printing
266 * @rqstp: svc_rqst struct containing address to print
267 * @buf: target buffer for formatted address
268 * @len: length of target buffer
269 *
270 */
271 char *svc_print_addr(struct svc_rqst *rqstp, char *buf, size_t len)
272 {
273 return __svc_print_addr(svc_addr(rqstp), buf, len);
274 }
275 EXPORT_SYMBOL_GPL(svc_print_addr);
276
277 /*
278 * Queue up an idle server thread. Must have pool->sp_lock held.
279 * Note: this is really a stack rather than a queue, so that we only
280 * use as many different threads as we need, and the rest don't pollute
281 * the cache.
282 */
283 static void svc_thread_enqueue(struct svc_pool *pool, struct svc_rqst *rqstp)
284 {
285 list_add(&rqstp->rq_list, &pool->sp_threads);
286 }
287
288 /*
289 * Dequeue an nfsd thread. Must have pool->sp_lock held.
290 */
291 static void svc_thread_dequeue(struct svc_pool *pool, struct svc_rqst *rqstp)
292 {
293 list_del(&rqstp->rq_list);
294 }
295
296 /*
297 * Queue up a transport with data pending. If there are idle nfsd
298 * processes, wake 'em up.
299 *
300 */
301 void svc_xprt_enqueue(struct svc_xprt *xprt)
302 {
303 struct svc_serv *serv = xprt->xpt_server;
304 struct svc_pool *pool;
305 struct svc_rqst *rqstp;
306 int cpu;
307 int thread_avail;
308
309 if (!(xprt->xpt_flags &
310 ((1<<XPT_CONN)|(1<<XPT_DATA)|(1<<XPT_CLOSE)|(1<<XPT_DEFERRED))))
311 return;
312
313 cpu = get_cpu();
314 pool = svc_pool_for_cpu(xprt->xpt_server, cpu);
315 put_cpu();
316
317 spin_lock_bh(&pool->sp_lock);
318
319 if (test_bit(XPT_DEAD, &xprt->xpt_flags)) {
320 /* Don't enqueue dead transports */
321 dprintk("svc: transport %p is dead, not enqueued\n", xprt);
322 goto out_unlock;
323 }
324
325 pool->sp_stats.packets++;
326
327 /* Mark transport as busy. It will remain in this state until
328 * the provider calls svc_xprt_received. We update XPT_BUSY
329 * atomically because it also guards against trying to enqueue
330 * the transport twice.
331 */
332 if (test_and_set_bit(XPT_BUSY, &xprt->xpt_flags)) {
333 /* Don't enqueue transport while already enqueued */
334 dprintk("svc: transport %p busy, not enqueued\n", xprt);
335 goto out_unlock;
336 }
337 BUG_ON(xprt->xpt_pool != NULL);
338 xprt->xpt_pool = pool;
339
340 /* Handle pending connection */
341 if (test_bit(XPT_CONN, &xprt->xpt_flags))
342 goto process;
343
344 /* Handle close in-progress */
345 if (test_bit(XPT_CLOSE, &xprt->xpt_flags))
346 goto process;
347
348 /* Check if we have space to reply to a request */
349 if (!xprt->xpt_ops->xpo_has_wspace(xprt)) {
350 /* Don't enqueue while not enough space for reply */
351 dprintk("svc: no write space, transport %p not enqueued\n",
352 xprt);
353 xprt->xpt_pool = NULL;
354 clear_bit(XPT_BUSY, &xprt->xpt_flags);
355 goto out_unlock;
356 }
357
358 process:
359 /* Work out whether threads are available */
360 thread_avail = !list_empty(&pool->sp_threads); /* threads are asleep */
361 if (pool->sp_nwaking >= SVC_MAX_WAKING) {
362 /* too many threads are runnable and trying to wake up */
363 thread_avail = 0;
364 pool->sp_stats.overloads_avoided++;
365 }
366
367 if (thread_avail) {
368 rqstp = list_entry(pool->sp_threads.next,
369 struct svc_rqst,
370 rq_list);
371 dprintk("svc: transport %p served by daemon %p\n",
372 xprt, rqstp);
373 svc_thread_dequeue(pool, rqstp);
374 if (rqstp->rq_xprt)
375 printk(KERN_ERR
376 "svc_xprt_enqueue: server %p, rq_xprt=%p!\n",
377 rqstp, rqstp->rq_xprt);
378 rqstp->rq_xprt = xprt;
379 svc_xprt_get(xprt);
380 rqstp->rq_reserved = serv->sv_max_mesg;
381 atomic_add(rqstp->rq_reserved, &xprt->xpt_reserved);
382 rqstp->rq_waking = 1;
383 pool->sp_nwaking++;
384 pool->sp_stats.threads_woken++;
385 BUG_ON(xprt->xpt_pool != pool);
386 wake_up(&rqstp->rq_wait);
387 } else {
388 dprintk("svc: transport %p put into queue\n", xprt);
389 list_add_tail(&xprt->xpt_ready, &pool->sp_sockets);
390 pool->sp_stats.sockets_queued++;
391 BUG_ON(xprt->xpt_pool != pool);
392 }
393
394 out_unlock:
395 spin_unlock_bh(&pool->sp_lock);
396 }
397 EXPORT_SYMBOL_GPL(svc_xprt_enqueue);
398
399 /*
400 * Dequeue the first transport. Must be called with the pool->sp_lock held.
401 */
402 static struct svc_xprt *svc_xprt_dequeue(struct svc_pool *pool)
403 {
404 struct svc_xprt *xprt;
405
406 if (list_empty(&pool->sp_sockets))
407 return NULL;
408
409 xprt = list_entry(pool->sp_sockets.next,
410 struct svc_xprt, xpt_ready);
411 list_del_init(&xprt->xpt_ready);
412
413 dprintk("svc: transport %p dequeued, inuse=%d\n",
414 xprt, atomic_read(&xprt->xpt_ref.refcount));
415
416 return xprt;
417 }
418
419 /*
420 * svc_xprt_received conditionally queues the transport for processing
421 * by another thread. The caller must hold the XPT_BUSY bit and must
422 * not thereafter touch transport data.
423 *
424 * Note: XPT_DATA only gets cleared when a read-attempt finds no (or
425 * insufficient) data.
426 */
427 void svc_xprt_received(struct svc_xprt *xprt)
428 {
429 BUG_ON(!test_bit(XPT_BUSY, &xprt->xpt_flags));
430 xprt->xpt_pool = NULL;
431 clear_bit(XPT_BUSY, &xprt->xpt_flags);
432 svc_xprt_enqueue(xprt);
433 }
434 EXPORT_SYMBOL_GPL(svc_xprt_received);
435
436 /**
437 * svc_reserve - change the space reserved for the reply to a request.
438 * @rqstp: The request in question
439 * @space: new max space to reserve
440 *
441 * Each request reserves some space on the output queue of the transport
442 * to make sure the reply fits. This function reduces that reserved
443 * space to be the amount of space used already, plus @space.
444 *
445 */
446 void svc_reserve(struct svc_rqst *rqstp, int space)
447 {
448 space += rqstp->rq_res.head[0].iov_len;
449
450 if (space < rqstp->rq_reserved) {
451 struct svc_xprt *xprt = rqstp->rq_xprt;
452 atomic_sub((rqstp->rq_reserved - space), &xprt->xpt_reserved);
453 rqstp->rq_reserved = space;
454
455 svc_xprt_enqueue(xprt);
456 }
457 }
458 EXPORT_SYMBOL_GPL(svc_reserve);
459
460 static void svc_xprt_release(struct svc_rqst *rqstp)
461 {
462 struct svc_xprt *xprt = rqstp->rq_xprt;
463
464 rqstp->rq_xprt->xpt_ops->xpo_release_rqst(rqstp);
465
466 kfree(rqstp->rq_deferred);
467 rqstp->rq_deferred = NULL;
468
469 svc_free_res_pages(rqstp);
470 rqstp->rq_res.page_len = 0;
471 rqstp->rq_res.page_base = 0;
472
473 /* Reset response buffer and release
474 * the reservation.
475 * But first, check that enough space was reserved
476 * for the reply, otherwise we have a bug!
477 */
478 if ((rqstp->rq_res.len) > rqstp->rq_reserved)
479 printk(KERN_ERR "RPC request reserved %d but used %d\n",
480 rqstp->rq_reserved,
481 rqstp->rq_res.len);
482
483 rqstp->rq_res.head[0].iov_len = 0;
484 svc_reserve(rqstp, 0);
485 rqstp->rq_xprt = NULL;
486
487 svc_xprt_put(xprt);
488 }
489
490 /*
491 * External function to wake up a server waiting for data
492 * This really only makes sense for services like lockd
493 * which have exactly one thread anyway.
494 */
495 void svc_wake_up(struct svc_serv *serv)
496 {
497 struct svc_rqst *rqstp;
498 unsigned int i;
499 struct svc_pool *pool;
500
501 for (i = 0; i < serv->sv_nrpools; i++) {
502 pool = &serv->sv_pools[i];
503
504 spin_lock_bh(&pool->sp_lock);
505 if (!list_empty(&pool->sp_threads)) {
506 rqstp = list_entry(pool->sp_threads.next,
507 struct svc_rqst,
508 rq_list);
509 dprintk("svc: daemon %p woken up.\n", rqstp);
510 /*
511 svc_thread_dequeue(pool, rqstp);
512 rqstp->rq_xprt = NULL;
513 */
514 wake_up(&rqstp->rq_wait);
515 }
516 spin_unlock_bh(&pool->sp_lock);
517 }
518 }
519 EXPORT_SYMBOL_GPL(svc_wake_up);
520
521 int svc_port_is_privileged(struct sockaddr *sin)
522 {
523 switch (sin->sa_family) {
524 case AF_INET:
525 return ntohs(((struct sockaddr_in *)sin)->sin_port)
526 < PROT_SOCK;
527 case AF_INET6:
528 return ntohs(((struct sockaddr_in6 *)sin)->sin6_port)
529 < PROT_SOCK;
530 default:
531 return 0;
532 }
533 }
534
535 /*
536 * Make sure that we don't have too many active connections. If we have,
537 * something must be dropped. It's not clear what will happen if we allow
538 * "too many" connections, but when dealing with network-facing software,
539 * we have to code defensively. Here we do that by imposing hard limits.
540 *
541 * There's no point in trying to do random drop here for DoS
542 * prevention. The NFS clients does 1 reconnect in 15 seconds. An
543 * attacker can easily beat that.
544 *
545 * The only somewhat efficient mechanism would be if drop old
546 * connections from the same IP first. But right now we don't even
547 * record the client IP in svc_sock.
548 *
549 * single-threaded services that expect a lot of clients will probably
550 * need to set sv_maxconn to override the default value which is based
551 * on the number of threads
552 */
553 static void svc_check_conn_limits(struct svc_serv *serv)
554 {
555 unsigned int limit = serv->sv_maxconn ? serv->sv_maxconn :
556 (serv->sv_nrthreads+3) * 20;
557
558 if (serv->sv_tmpcnt > limit) {
559 struct svc_xprt *xprt = NULL;
560 spin_lock_bh(&serv->sv_lock);
561 if (!list_empty(&serv->sv_tempsocks)) {
562 if (net_ratelimit()) {
563 /* Try to help the admin */
564 printk(KERN_NOTICE "%s: too many open "
565 "connections, consider increasing %s\n",
566 serv->sv_name, serv->sv_maxconn ?
567 "the max number of connections." :
568 "the number of threads.");
569 }
570 /*
571 * Always select the oldest connection. It's not fair,
572 * but so is life
573 */
574 xprt = list_entry(serv->sv_tempsocks.prev,
575 struct svc_xprt,
576 xpt_list);
577 set_bit(XPT_CLOSE, &xprt->xpt_flags);
578 svc_xprt_get(xprt);
579 }
580 spin_unlock_bh(&serv->sv_lock);
581
582 if (xprt) {
583 svc_xprt_enqueue(xprt);
584 svc_xprt_put(xprt);
585 }
586 }
587 }
588
589 /*
590 * Receive the next request on any transport. This code is carefully
591 * organised not to touch any cachelines in the shared svc_serv
592 * structure, only cachelines in the local svc_pool.
593 */
594 int svc_recv(struct svc_rqst *rqstp, long timeout)
595 {
596 struct svc_xprt *xprt = NULL;
597 struct svc_serv *serv = rqstp->rq_server;
598 struct svc_pool *pool = rqstp->rq_pool;
599 int len, i;
600 int pages;
601 struct xdr_buf *arg;
602 DECLARE_WAITQUEUE(wait, current);
603 long time_left;
604
605 dprintk("svc: server %p waiting for data (to = %ld)\n",
606 rqstp, timeout);
607
608 if (rqstp->rq_xprt)
609 printk(KERN_ERR
610 "svc_recv: service %p, transport not NULL!\n",
611 rqstp);
612 if (waitqueue_active(&rqstp->rq_wait))
613 printk(KERN_ERR
614 "svc_recv: service %p, wait queue active!\n",
615 rqstp);
616
617 /* now allocate needed pages. If we get a failure, sleep briefly */
618 pages = (serv->sv_max_mesg + PAGE_SIZE) / PAGE_SIZE;
619 for (i = 0; i < pages ; i++)
620 while (rqstp->rq_pages[i] == NULL) {
621 struct page *p = alloc_page(GFP_KERNEL);
622 if (!p) {
623 set_current_state(TASK_INTERRUPTIBLE);
624 if (signalled() || kthread_should_stop()) {
625 set_current_state(TASK_RUNNING);
626 return -EINTR;
627 }
628 schedule_timeout(msecs_to_jiffies(500));
629 }
630 rqstp->rq_pages[i] = p;
631 }
632 rqstp->rq_pages[i++] = NULL; /* this might be seen in nfs_read_actor */
633 BUG_ON(pages >= RPCSVC_MAXPAGES);
634
635 /* Make arg->head point to first page and arg->pages point to rest */
636 arg = &rqstp->rq_arg;
637 arg->head[0].iov_base = page_address(rqstp->rq_pages[0]);
638 arg->head[0].iov_len = PAGE_SIZE;
639 arg->pages = rqstp->rq_pages + 1;
640 arg->page_base = 0;
641 /* save at least one page for response */
642 arg->page_len = (pages-2)*PAGE_SIZE;
643 arg->len = (pages-1)*PAGE_SIZE;
644 arg->tail[0].iov_len = 0;
645
646 try_to_freeze();
647 cond_resched();
648 if (signalled() || kthread_should_stop())
649 return -EINTR;
650
651 spin_lock_bh(&pool->sp_lock);
652 if (rqstp->rq_waking) {
653 rqstp->rq_waking = 0;
654 pool->sp_nwaking--;
655 BUG_ON(pool->sp_nwaking < 0);
656 }
657 xprt = svc_xprt_dequeue(pool);
658 if (xprt) {
659 rqstp->rq_xprt = xprt;
660 svc_xprt_get(xprt);
661 rqstp->rq_reserved = serv->sv_max_mesg;
662 atomic_add(rqstp->rq_reserved, &xprt->xpt_reserved);
663 } else {
664 /* No data pending. Go to sleep */
665 svc_thread_enqueue(pool, rqstp);
666
667 /*
668 * We have to be able to interrupt this wait
669 * to bring down the daemons ...
670 */
671 set_current_state(TASK_INTERRUPTIBLE);
672
673 /*
674 * checking kthread_should_stop() here allows us to avoid
675 * locking and signalling when stopping kthreads that call
676 * svc_recv. If the thread has already been woken up, then
677 * we can exit here without sleeping. If not, then it
678 * it'll be woken up quickly during the schedule_timeout
679 */
680 if (kthread_should_stop()) {
681 set_current_state(TASK_RUNNING);
682 spin_unlock_bh(&pool->sp_lock);
683 return -EINTR;
684 }
685
686 add_wait_queue(&rqstp->rq_wait, &wait);
687 spin_unlock_bh(&pool->sp_lock);
688
689 time_left = schedule_timeout(timeout);
690
691 try_to_freeze();
692
693 spin_lock_bh(&pool->sp_lock);
694 remove_wait_queue(&rqstp->rq_wait, &wait);
695 if (!time_left)
696 pool->sp_stats.threads_timedout++;
697
698 xprt = rqstp->rq_xprt;
699 if (!xprt) {
700 svc_thread_dequeue(pool, rqstp);
701 spin_unlock_bh(&pool->sp_lock);
702 dprintk("svc: server %p, no data yet\n", rqstp);
703 if (signalled() || kthread_should_stop())
704 return -EINTR;
705 else
706 return -EAGAIN;
707 }
708 }
709 spin_unlock_bh(&pool->sp_lock);
710
711 len = 0;
712 if (test_bit(XPT_CLOSE, &xprt->xpt_flags)) {
713 dprintk("svc_recv: found XPT_CLOSE\n");
714 svc_delete_xprt(xprt);
715 } else if (test_bit(XPT_LISTENER, &xprt->xpt_flags)) {
716 struct svc_xprt *newxpt;
717 newxpt = xprt->xpt_ops->xpo_accept(xprt);
718 if (newxpt) {
719 /*
720 * We know this module_get will succeed because the
721 * listener holds a reference too
722 */
723 __module_get(newxpt->xpt_class->xcl_owner);
724 svc_check_conn_limits(xprt->xpt_server);
725 spin_lock_bh(&serv->sv_lock);
726 set_bit(XPT_TEMP, &newxpt->xpt_flags);
727 list_add(&newxpt->xpt_list, &serv->sv_tempsocks);
728 serv->sv_tmpcnt++;
729 if (serv->sv_temptimer.function == NULL) {
730 /* setup timer to age temp transports */
731 setup_timer(&serv->sv_temptimer,
732 svc_age_temp_xprts,
733 (unsigned long)serv);
734 mod_timer(&serv->sv_temptimer,
735 jiffies + svc_conn_age_period * HZ);
736 }
737 spin_unlock_bh(&serv->sv_lock);
738 svc_xprt_received(newxpt);
739 }
740 svc_xprt_received(xprt);
741 } else {
742 dprintk("svc: server %p, pool %u, transport %p, inuse=%d\n",
743 rqstp, pool->sp_id, xprt,
744 atomic_read(&xprt->xpt_ref.refcount));
745 rqstp->rq_deferred = svc_deferred_dequeue(xprt);
746 if (rqstp->rq_deferred) {
747 svc_xprt_received(xprt);
748 len = svc_deferred_recv(rqstp);
749 } else
750 len = xprt->xpt_ops->xpo_recvfrom(rqstp);
751 dprintk("svc: got len=%d\n", len);
752 }
753
754 /* No data, incomplete (TCP) read, or accept() */
755 if (len == 0 || len == -EAGAIN) {
756 rqstp->rq_res.len = 0;
757 svc_xprt_release(rqstp);
758 return -EAGAIN;
759 }
760 clear_bit(XPT_OLD, &xprt->xpt_flags);
761
762 rqstp->rq_secure = svc_port_is_privileged(svc_addr(rqstp));
763 rqstp->rq_chandle.defer = svc_defer;
764
765 if (serv->sv_stats)
766 serv->sv_stats->netcnt++;
767 return len;
768 }
769 EXPORT_SYMBOL_GPL(svc_recv);
770
771 /*
772 * Drop request
773 */
774 void svc_drop(struct svc_rqst *rqstp)
775 {
776 dprintk("svc: xprt %p dropped request\n", rqstp->rq_xprt);
777 svc_xprt_release(rqstp);
778 }
779 EXPORT_SYMBOL_GPL(svc_drop);
780
781 /*
782 * Return reply to client.
783 */
784 int svc_send(struct svc_rqst *rqstp)
785 {
786 struct svc_xprt *xprt;
787 int len;
788 struct xdr_buf *xb;
789
790 xprt = rqstp->rq_xprt;
791 if (!xprt)
792 return -EFAULT;
793
794 /* release the receive skb before sending the reply */
795 rqstp->rq_xprt->xpt_ops->xpo_release_rqst(rqstp);
796
797 /* calculate over-all length */
798 xb = &rqstp->rq_res;
799 xb->len = xb->head[0].iov_len +
800 xb->page_len +
801 xb->tail[0].iov_len;
802
803 /* Grab mutex to serialize outgoing data. */
804 mutex_lock(&xprt->xpt_mutex);
805 if (test_bit(XPT_DEAD, &xprt->xpt_flags))
806 len = -ENOTCONN;
807 else
808 len = xprt->xpt_ops->xpo_sendto(rqstp);
809 mutex_unlock(&xprt->xpt_mutex);
810 svc_xprt_release(rqstp);
811
812 if (len == -ECONNREFUSED || len == -ENOTCONN || len == -EAGAIN)
813 return 0;
814 return len;
815 }
816
817 /*
818 * Timer function to close old temporary transports, using
819 * a mark-and-sweep algorithm.
820 */
821 static void svc_age_temp_xprts(unsigned long closure)
822 {
823 struct svc_serv *serv = (struct svc_serv *)closure;
824 struct svc_xprt *xprt;
825 struct list_head *le, *next;
826 LIST_HEAD(to_be_aged);
827
828 dprintk("svc_age_temp_xprts\n");
829
830 if (!spin_trylock_bh(&serv->sv_lock)) {
831 /* busy, try again 1 sec later */
832 dprintk("svc_age_temp_xprts: busy\n");
833 mod_timer(&serv->sv_temptimer, jiffies + HZ);
834 return;
835 }
836
837 list_for_each_safe(le, next, &serv->sv_tempsocks) {
838 xprt = list_entry(le, struct svc_xprt, xpt_list);
839
840 /* First time through, just mark it OLD. Second time
841 * through, close it. */
842 if (!test_and_set_bit(XPT_OLD, &xprt->xpt_flags))
843 continue;
844 if (atomic_read(&xprt->xpt_ref.refcount) > 1
845 || test_bit(XPT_BUSY, &xprt->xpt_flags))
846 continue;
847 svc_xprt_get(xprt);
848 list_move(le, &to_be_aged);
849 set_bit(XPT_CLOSE, &xprt->xpt_flags);
850 set_bit(XPT_DETACHED, &xprt->xpt_flags);
851 }
852 spin_unlock_bh(&serv->sv_lock);
853
854 while (!list_empty(&to_be_aged)) {
855 le = to_be_aged.next;
856 /* fiddling the xpt_list node is safe 'cos we're XPT_DETACHED */
857 list_del_init(le);
858 xprt = list_entry(le, struct svc_xprt, xpt_list);
859
860 dprintk("queuing xprt %p for closing\n", xprt);
861
862 /* a thread will dequeue and close it soon */
863 svc_xprt_enqueue(xprt);
864 svc_xprt_put(xprt);
865 }
866
867 mod_timer(&serv->sv_temptimer, jiffies + svc_conn_age_period * HZ);
868 }
869
870 /*
871 * Remove a dead transport
872 */
873 void svc_delete_xprt(struct svc_xprt *xprt)
874 {
875 struct svc_serv *serv = xprt->xpt_server;
876 struct svc_deferred_req *dr;
877
878 /* Only do this once */
879 if (test_and_set_bit(XPT_DEAD, &xprt->xpt_flags))
880 return;
881
882 dprintk("svc: svc_delete_xprt(%p)\n", xprt);
883 xprt->xpt_ops->xpo_detach(xprt);
884
885 spin_lock_bh(&serv->sv_lock);
886 if (!test_and_set_bit(XPT_DETACHED, &xprt->xpt_flags))
887 list_del_init(&xprt->xpt_list);
888 /*
889 * We used to delete the transport from whichever list
890 * it's sk_xprt.xpt_ready node was on, but we don't actually
891 * need to. This is because the only time we're called
892 * while still attached to a queue, the queue itself
893 * is about to be destroyed (in svc_destroy).
894 */
895 if (test_bit(XPT_TEMP, &xprt->xpt_flags))
896 serv->sv_tmpcnt--;
897
898 for (dr = svc_deferred_dequeue(xprt); dr;
899 dr = svc_deferred_dequeue(xprt)) {
900 svc_xprt_put(xprt);
901 kfree(dr);
902 }
903
904 svc_xprt_put(xprt);
905 spin_unlock_bh(&serv->sv_lock);
906 }
907
908 void svc_close_xprt(struct svc_xprt *xprt)
909 {
910 set_bit(XPT_CLOSE, &xprt->xpt_flags);
911 if (test_and_set_bit(XPT_BUSY, &xprt->xpt_flags))
912 /* someone else will have to effect the close */
913 return;
914
915 svc_xprt_get(xprt);
916 svc_delete_xprt(xprt);
917 clear_bit(XPT_BUSY, &xprt->xpt_flags);
918 svc_xprt_put(xprt);
919 }
920 EXPORT_SYMBOL_GPL(svc_close_xprt);
921
922 void svc_close_all(struct list_head *xprt_list)
923 {
924 struct svc_xprt *xprt;
925 struct svc_xprt *tmp;
926
927 list_for_each_entry_safe(xprt, tmp, xprt_list, xpt_list) {
928 set_bit(XPT_CLOSE, &xprt->xpt_flags);
929 if (test_bit(XPT_BUSY, &xprt->xpt_flags)) {
930 /* Waiting to be processed, but no threads left,
931 * So just remove it from the waiting list
932 */
933 list_del_init(&xprt->xpt_ready);
934 clear_bit(XPT_BUSY, &xprt->xpt_flags);
935 }
936 svc_close_xprt(xprt);
937 }
938 }
939
940 /*
941 * Handle defer and revisit of requests
942 */
943
944 static void svc_revisit(struct cache_deferred_req *dreq, int too_many)
945 {
946 struct svc_deferred_req *dr =
947 container_of(dreq, struct svc_deferred_req, handle);
948 struct svc_xprt *xprt = dr->xprt;
949
950 spin_lock(&xprt->xpt_lock);
951 set_bit(XPT_DEFERRED, &xprt->xpt_flags);
952 if (too_many || test_bit(XPT_DEAD, &xprt->xpt_flags)) {
953 spin_unlock(&xprt->xpt_lock);
954 dprintk("revisit canceled\n");
955 svc_xprt_put(xprt);
956 kfree(dr);
957 return;
958 }
959 dprintk("revisit queued\n");
960 dr->xprt = NULL;
961 list_add(&dr->handle.recent, &xprt->xpt_deferred);
962 spin_unlock(&xprt->xpt_lock);
963 svc_xprt_enqueue(xprt);
964 svc_xprt_put(xprt);
965 }
966
967 /*
968 * Save the request off for later processing. The request buffer looks
969 * like this:
970 *
971 * <xprt-header><rpc-header><rpc-pagelist><rpc-tail>
972 *
973 * This code can only handle requests that consist of an xprt-header
974 * and rpc-header.
975 */
976 static struct cache_deferred_req *svc_defer(struct cache_req *req)
977 {
978 struct svc_rqst *rqstp = container_of(req, struct svc_rqst, rq_chandle);
979 struct svc_deferred_req *dr;
980
981 if (rqstp->rq_arg.page_len || !rqstp->rq_usedeferral)
982 return NULL; /* if more than a page, give up FIXME */
983 if (rqstp->rq_deferred) {
984 dr = rqstp->rq_deferred;
985 rqstp->rq_deferred = NULL;
986 } else {
987 size_t skip;
988 size_t size;
989 /* FIXME maybe discard if size too large */
990 size = sizeof(struct svc_deferred_req) + rqstp->rq_arg.len;
991 dr = kmalloc(size, GFP_KERNEL);
992 if (dr == NULL)
993 return NULL;
994
995 dr->handle.owner = rqstp->rq_server;
996 dr->prot = rqstp->rq_prot;
997 memcpy(&dr->addr, &rqstp->rq_addr, rqstp->rq_addrlen);
998 dr->addrlen = rqstp->rq_addrlen;
999 dr->daddr = rqstp->rq_daddr;
1000 dr->argslen = rqstp->rq_arg.len >> 2;
1001 dr->xprt_hlen = rqstp->rq_xprt_hlen;
1002
1003 /* back up head to the start of the buffer and copy */
1004 skip = rqstp->rq_arg.len - rqstp->rq_arg.head[0].iov_len;
1005 memcpy(dr->args, rqstp->rq_arg.head[0].iov_base - skip,
1006 dr->argslen << 2);
1007 }
1008 svc_xprt_get(rqstp->rq_xprt);
1009 dr->xprt = rqstp->rq_xprt;
1010
1011 dr->handle.revisit = svc_revisit;
1012 return &dr->handle;
1013 }
1014
1015 /*
1016 * recv data from a deferred request into an active one
1017 */
1018 static int svc_deferred_recv(struct svc_rqst *rqstp)
1019 {
1020 struct svc_deferred_req *dr = rqstp->rq_deferred;
1021
1022 /* setup iov_base past transport header */
1023 rqstp->rq_arg.head[0].iov_base = dr->args + (dr->xprt_hlen>>2);
1024 /* The iov_len does not include the transport header bytes */
1025 rqstp->rq_arg.head[0].iov_len = (dr->argslen<<2) - dr->xprt_hlen;
1026 rqstp->rq_arg.page_len = 0;
1027 /* The rq_arg.len includes the transport header bytes */
1028 rqstp->rq_arg.len = dr->argslen<<2;
1029 rqstp->rq_prot = dr->prot;
1030 memcpy(&rqstp->rq_addr, &dr->addr, dr->addrlen);
1031 rqstp->rq_addrlen = dr->addrlen;
1032 /* Save off transport header len in case we get deferred again */
1033 rqstp->rq_xprt_hlen = dr->xprt_hlen;
1034 rqstp->rq_daddr = dr->daddr;
1035 rqstp->rq_respages = rqstp->rq_pages;
1036 return (dr->argslen<<2) - dr->xprt_hlen;
1037 }
1038
1039
1040 static struct svc_deferred_req *svc_deferred_dequeue(struct svc_xprt *xprt)
1041 {
1042 struct svc_deferred_req *dr = NULL;
1043
1044 if (!test_bit(XPT_DEFERRED, &xprt->xpt_flags))
1045 return NULL;
1046 spin_lock(&xprt->xpt_lock);
1047 clear_bit(XPT_DEFERRED, &xprt->xpt_flags);
1048 if (!list_empty(&xprt->xpt_deferred)) {
1049 dr = list_entry(xprt->xpt_deferred.next,
1050 struct svc_deferred_req,
1051 handle.recent);
1052 list_del_init(&dr->handle.recent);
1053 set_bit(XPT_DEFERRED, &xprt->xpt_flags);
1054 }
1055 spin_unlock(&xprt->xpt_lock);
1056 return dr;
1057 }
1058
1059 /**
1060 * svc_find_xprt - find an RPC transport instance
1061 * @serv: pointer to svc_serv to search
1062 * @xcl_name: C string containing transport's class name
1063 * @af: Address family of transport's local address
1064 * @port: transport's IP port number
1065 *
1066 * Return the transport instance pointer for the endpoint accepting
1067 * connections/peer traffic from the specified transport class,
1068 * address family and port.
1069 *
1070 * Specifying 0 for the address family or port is effectively a
1071 * wild-card, and will result in matching the first transport in the
1072 * service's list that has a matching class name.
1073 */
1074 struct svc_xprt *svc_find_xprt(struct svc_serv *serv, const char *xcl_name,
1075 const sa_family_t af, const unsigned short port)
1076 {
1077 struct svc_xprt *xprt;
1078 struct svc_xprt *found = NULL;
1079
1080 /* Sanity check the args */
1081 if (serv == NULL || xcl_name == NULL)
1082 return found;
1083
1084 spin_lock_bh(&serv->sv_lock);
1085 list_for_each_entry(xprt, &serv->sv_permsocks, xpt_list) {
1086 if (strcmp(xprt->xpt_class->xcl_name, xcl_name))
1087 continue;
1088 if (af != AF_UNSPEC && af != xprt->xpt_local.ss_family)
1089 continue;
1090 if (port != 0 && port != svc_xprt_local_port(xprt))
1091 continue;
1092 found = xprt;
1093 svc_xprt_get(xprt);
1094 break;
1095 }
1096 spin_unlock_bh(&serv->sv_lock);
1097 return found;
1098 }
1099 EXPORT_SYMBOL_GPL(svc_find_xprt);
1100
1101 static int svc_one_xprt_name(const struct svc_xprt *xprt,
1102 char *pos, int remaining)
1103 {
1104 int len;
1105
1106 len = snprintf(pos, remaining, "%s %u\n",
1107 xprt->xpt_class->xcl_name,
1108 svc_xprt_local_port(xprt));
1109 if (len >= remaining)
1110 return -ENAMETOOLONG;
1111 return len;
1112 }
1113
1114 /**
1115 * svc_xprt_names - format a buffer with a list of transport names
1116 * @serv: pointer to an RPC service
1117 * @buf: pointer to a buffer to be filled in
1118 * @buflen: length of buffer to be filled in
1119 *
1120 * Fills in @buf with a string containing a list of transport names,
1121 * each name terminated with '\n'.
1122 *
1123 * Returns positive length of the filled-in string on success; otherwise
1124 * a negative errno value is returned if an error occurs.
1125 */
1126 int svc_xprt_names(struct svc_serv *serv, char *buf, const int buflen)
1127 {
1128 struct svc_xprt *xprt;
1129 int len, totlen;
1130 char *pos;
1131
1132 /* Sanity check args */
1133 if (!serv)
1134 return 0;
1135
1136 spin_lock_bh(&serv->sv_lock);
1137
1138 pos = buf;
1139 totlen = 0;
1140 list_for_each_entry(xprt, &serv->sv_permsocks, xpt_list) {
1141 len = svc_one_xprt_name(xprt, pos, buflen - totlen);
1142 if (len < 0) {
1143 *buf = '\0';
1144 totlen = len;
1145 }
1146 if (len <= 0)
1147 break;
1148
1149 pos += len;
1150 totlen += len;
1151 }
1152
1153 spin_unlock_bh(&serv->sv_lock);
1154 return totlen;
1155 }
1156 EXPORT_SYMBOL_GPL(svc_xprt_names);
1157
1158
1159 /*----------------------------------------------------------------------------*/
1160
1161 static void *svc_pool_stats_start(struct seq_file *m, loff_t *pos)
1162 {
1163 unsigned int pidx = (unsigned int)*pos;
1164 struct svc_serv *serv = m->private;
1165
1166 dprintk("svc_pool_stats_start, *pidx=%u\n", pidx);
1167
1168 lock_kernel();
1169 /* bump up the pseudo refcount while traversing */
1170 svc_get(serv);
1171 unlock_kernel();
1172
1173 if (!pidx)
1174 return SEQ_START_TOKEN;
1175 return (pidx > serv->sv_nrpools ? NULL : &serv->sv_pools[pidx-1]);
1176 }
1177
1178 static void *svc_pool_stats_next(struct seq_file *m, void *p, loff_t *pos)
1179 {
1180 struct svc_pool *pool = p;
1181 struct svc_serv *serv = m->private;
1182
1183 dprintk("svc_pool_stats_next, *pos=%llu\n", *pos);
1184
1185 if (p == SEQ_START_TOKEN) {
1186 pool = &serv->sv_pools[0];
1187 } else {
1188 unsigned int pidx = (pool - &serv->sv_pools[0]);
1189 if (pidx < serv->sv_nrpools-1)
1190 pool = &serv->sv_pools[pidx+1];
1191 else
1192 pool = NULL;
1193 }
1194 ++*pos;
1195 return pool;
1196 }
1197
1198 static void svc_pool_stats_stop(struct seq_file *m, void *p)
1199 {
1200 struct svc_serv *serv = m->private;
1201
1202 lock_kernel();
1203 /* this function really, really should have been called svc_put() */
1204 svc_destroy(serv);
1205 unlock_kernel();
1206 }
1207
1208 static int svc_pool_stats_show(struct seq_file *m, void *p)
1209 {
1210 struct svc_pool *pool = p;
1211
1212 if (p == SEQ_START_TOKEN) {
1213 seq_puts(m, "# pool packets-arrived sockets-enqueued threads-woken overloads-avoided threads-timedout\n");
1214 return 0;
1215 }
1216
1217 seq_printf(m, "%u %lu %lu %lu %lu %lu\n",
1218 pool->sp_id,
1219 pool->sp_stats.packets,
1220 pool->sp_stats.sockets_queued,
1221 pool->sp_stats.threads_woken,
1222 pool->sp_stats.overloads_avoided,
1223 pool->sp_stats.threads_timedout);
1224
1225 return 0;
1226 }
1227
1228 static const struct seq_operations svc_pool_stats_seq_ops = {
1229 .start = svc_pool_stats_start,
1230 .next = svc_pool_stats_next,
1231 .stop = svc_pool_stats_stop,
1232 .show = svc_pool_stats_show,
1233 };
1234
1235 int svc_pool_stats_open(struct svc_serv *serv, struct file *file)
1236 {
1237 int err;
1238
1239 err = seq_open(file, &svc_pool_stats_seq_ops);
1240 if (!err)
1241 ((struct seq_file *) file->private_data)->private = serv;
1242 return err;
1243 }
1244 EXPORT_SYMBOL(svc_pool_stats_open);
1245
1246 /*----------------------------------------------------------------------------*/
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree