| blob | fc99ca89b32b89449dff082ee3f6bb5a99a52c61 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 * Copyright 2012 Milan Jurik. All rights reserved.
25 */
26 /* Copyright (c) 1990 Mentat Inc. */
28 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
29 /* All Rights Reserved */
31 /*
32 * Kernel RPC filtering module
33 */
35 #include <sys/param.h>
36 #include <sys/types.h>
37 #include <sys/stream.h>
38 #include <sys/stropts.h>
39 #include <sys/strsubr.h>
40 #include <sys/tihdr.h>
41 #include <sys/timod.h>
42 #include <sys/tiuser.h>
43 #include <sys/debug.h>
44 #include <sys/signal.h>
45 #include <sys/pcb.h>
46 #include <sys/user.h>
47 #include <sys/errno.h>
48 #include <sys/cred.h>
49 #include <sys/policy.h>
50 #include <sys/inline.h>
51 #include <sys/cmn_err.h>
52 #include <sys/kmem.h>
53 #include <sys/file.h>
54 #include <sys/sysmacros.h>
55 #include <sys/systm.h>
56 #include <sys/t_lock.h>
57 #include <sys/ddi.h>
58 #include <sys/vtrace.h>
59 #include <sys/callb.h>
60 #include <sys/strsun.h>
62 #include <sys/strlog.h>
63 #include <rpc/rpc_com.h>
64 #include <inet/common.h>
65 #include <rpc/types.h>
66 #include <sys/time.h>
67 #include <rpc/xdr.h>
68 #include <rpc/auth.h>
69 #include <rpc/clnt.h>
70 #include <rpc/rpc_msg.h>
71 #include <rpc/clnt.h>
72 #include <rpc/svc.h>
73 #include <rpc/rpcsys.h>
74 #include <rpc/rpc_rdma.h>
76 /*
77 * This is the loadable module wrapper.
78 */
79 #include <sys/conf.h>
80 #include <sys/modctl.h>
81 #include <sys/syscall.h>
89 };
91 /*
92 * Module linkage information for the kernel.
93 */
97 };
99 /*
100 * For the RPC system call.
101 */
105 rpcsys
106 };
111 &rpcsysent
112 };
114 #ifdef _SYSCALL32_IMPL
118 &rpcsysent
119 };
123 MODREV_1,
124 {
126 #ifdef _SYSCALL32_IMPL
128 #endif
130 NULL
131 }
132 };
134 int
136 {
138 callb_id_t cid;
146 /*
147 * Could not install module, cleanup previous
148 * initialization work.
149 */
155 }
157 /*
158 * Load up the RDMA plugins and initialize the stats. Even if the
159 * plugins loadup fails, but rpcmod was successfully installed the
160 * counters still get initialized.
161 */
170 /*
171 * Get our identification into ldi. This is used for loading
172 * other modules, e.g. rpcib.
173 */
178 }
181 }
183 /*
184 * The unload entry point fails, because we advertise entry points into
185 * rpcmod from the rest of kRPC: rpcmod_release().
186 */
187 int
189 {
191 }
193 int
195 {
197 }
201 #define RPCMOD_ID 2049
206 /*
207 * To save instructions, since STREAMS ignores the return value
208 * from these functions, they are defined as void here. Kind of icky, but...
209 */
234 /*
235 * Read side has no service procedure.
236 */
240 rmm_open,
241 rmm_close,
242 nulldev,
244 NULL
245 };
247 /*
248 * The write put procedure is simply putnext to conserve stack space.
249 * The write service procedure is not used to queue data, but instead to
250 * synchronize with flow control.
251 */
255 rmm_open,
256 rmm_close,
257 nulldev,
259 NULL
260 };
270 };
273 rpcmodopen,
274 rpcmodclose,
275 rpcmodwput,
276 rpcmodwsrv,
277 rpcmodrput,
278 NULL
279 };
282 mir_open,
283 mir_close,
284 mir_wput,
285 mir_wsrv,
286 mir_rput,
287 mir_rsrv
288 };
290 /*
291 * Per rpcmod "slot" data structure. q->q_ptr points to one of these.
292 */
303 };
310 kmutex_t lock;
311 kcondvar_t wait;
312 };
316 /* must be first in the structure. */
321 /*
322 * mir_head_mp points the first mblk being collected in
323 * the current RPC message. Record headers are removed
324 * before data is linked into mir_head_mp.
325 */
327 /*
328 * mir_tail_mp points to the last mblk in the message
329 * chain starting at mir_head_mp. It is only valid
330 * if mir_head_mp is non-NULL and is used to add new
331 * data blocks to the end of chain quickly.
332 */
335 /*
336 * mir_frag_len starts at -4 for beginning of each fragment.
337 * When this length is negative, it indicates the number of
338 * bytes that rpcmod needs to complete the record marker
339 * header. When it is positive or zero, it holds the number
340 * of bytes that have arrived for the current fragment and
341 * are held in mir_header_mp.
342 */
345 /*
346 * Fragment header as collected for the current fragment.
347 * It holds the last-fragment indicator and the number
348 * of bytes in the fragment.
349 */
351 unsigned int
354 /* side until outbound flow control */
355 /* is relieved. */
360 /*
361 * On client streams, mir_clntreq is 0 or 1; it is set
362 * to 1 whenever a new request is sent out (mir_wput)
363 * and cleared when the timer fires (mir_timer). If
364 * the timer fires with this value equal to 0, then the
365 * stream is considered idle and KRPC is notified.
366 */
368 /*
369 * On server streams, stop accepting messages
370 */
380 /*
381 * This value is copied from clnt_idle_timeout or
382 * svc_idle_timeout during the appropriate ioctl.
383 * Kept in milliseconds
384 */
386 /*
387 * This value is set to lbolt
388 * every time a client stream sends or receives data.
389 * Even if the timer message arrives, we don't shutdown
390 * client unless:
391 * lbolt >= MSEC_TO_TICK(mir_idle_timeout)+mir_use_timestamp.
392 * This value is kept in HZ.
393 */
396 /*
397 * This pointer is set to &clnt_max_msg_size or
398 * &svc_max_msg_size during the appropriate ioctl.
399 */
401 /* Server-side fields. */
403 /* counts the number of references */
404 /* that a kernel RPC server thread */
405 /* (see svc_run()) has on this rpcmod */
406 /* slot. Effectively, it is the */
407 /* number * of unprocessed messages */
408 /* that have been passed up to the */
409 /* KRPC layer */
412 /* T_DISCON_IND */
414 /*
415 * these fields are for both client and server, but for debugging,
416 * it is easier to have these last in the structure.
417 */
426 NULL,
427 NULL,
428 putnext,
429 NULL,
430 tmp_rput,
431 NULL
432 };
434 void
436 {
452 }
455 }
457 /*
458 * Not an info-ack, so free it. This is ok because we should
459 * not be receiving data until the open finishes: rpcmod
460 * is pushed well before the end-point is bound to an address.
461 */
463 }
465 int
467 {
474 /*
475 * Check for re-opens.
476 */
481 }
488 /*
489 * Allocate the required messages upfront.
490 */
494 }
512 }
513 }
527 }
529 out:
538 }
540 void
542 {
544 }
546 void
548 {
550 }
552 void
554 {
556 }
558 void
560 {
562 }
564 int
566 {
568 }
571 /*
572 * rpcmodopen - open routine gets called when the module gets pushed
573 * onto the stream.
574 */
575 /*ARGSUSED*/
576 int
578 {
585 /*
586 * Initialize entry points to release a rpcmod slot (and an input
587 * message if supplied) and to send an output message to the module
588 * below rpcmod.
589 */
593 /*
594 * Only sufficiently privileged users can use this module, and it
595 * is assumed that they will use this module properly, and NOT send
596 * bulk data from downstream.
597 */
601 /*
602 * Allocate slot data structure.
603 */
609 /*
610 * slot type will be set by kRPC client and server ioctl's
611 */
619 }
621 /*
622 * rpcmodclose - This routine gets called when the module gets popped
623 * off of the stream.
624 */
625 /*ARGSUSED*/
626 int
628 {
634 /*
635 * Mark our state as closing.
636 */
640 /*
641 * Check and see if there are any messages on the queue. If so, send
642 * the messages, regardless whether the downstream module is ready to
643 * accept data.
644 */
652 /*
653 * call into SVC to clean the queue
654 */
658 /*
659 * Block while there are kRPC threads with a reference
660 * to this message.
661 */
664 }
668 /*
669 * It is now safe to remove this queue from the stream. No kRPC
670 * threads have a reference to the stream, and none ever will,
671 * because RM_CLOSING is set.
672 */
675 /* Notify kRPC that this stream is going away. */
680 }
688 }
690 #ifdef DEBUG
695 #endif
697 /*
698 * rpcmodrput - Module read put procedure. This is called from
699 * the module, driver, or stream head downstream.
700 */
701 void
703 {
716 }
718 #ifdef DEBUG
723 rpcmod_send_msg_up--;
724 }
725 }
749 }
756 }
761 rpcmod_send_uderr--;
762 }
763 }
764 }
765 #endif
776 /*
777 * Forward this message to krpc if it is data.
778 */
782 /*
783 * Check if the module is being popped.
784 */
790 }
797 /*
798 * Make sure the header is sane.
799 */
807 }
809 /*
810 * Call clnt_clts_dispatch_notify, so that it
811 * can pass the message to the proper caller.
812 * Don't discard the header just yet since the
813 * client may need the sender's address.
814 */
819 /*
820 * rm_krpc_cell is exclusively used by the kRPC
821 * CLTS server
822 */
824 #ifdef DEBUG
825 /*
826 * Test duplicate request cache and
827 * rm_ref count handling by sending a
828 * duplicate every so often, if
829 * desired.
830 */
832 rpcmod_send_dup_cnt++ %
833 rpcmod_send_dup)
835 else
837 #endif
838 /*
839 * Raise the reference count on this
840 * module to prevent it from being
841 * popped before krpc generates the
842 * reply.
843 */
847 /*
848 * Submit the message to krpc.
849 */
851 #ifdef DEBUG
852 /*
853 * Send duplicate if we created one.
854 */
860 }
861 #endif
865 }
876 /*
877 * Make sure the header is sane
878 */
887 }
889 /*
890 * In the case where a unit data error has been
891 * received, all we need to do is clear the message from
892 * the queue.
893 */
907 /*
908 * Return codes are not looked at by the STREAMS framework.
909 */
910 }
912 /*
913 * write put procedure
914 */
915 void
917 {
929 }
931 /*
932 * Check to see if we can send the message downstream.
933 */
937 }
942 /*
943 * The first canputnext failed. Try again except this time with the
944 * lock held, so that we can check the state of the stream to see if
945 * it is closing. If either of these conditions evaluate to true
946 * then send the meesage.
947 */
953 /*
954 * canputnext failed again and the stream is not closing.
955 * Place the message on the queue and let the service
956 * procedure handle the message.
957 */
960 }
961 }
963 static void
965 {
986 /*
987 * pass the ioctl downstream and hope someone
988 * down there knows how to handle it.
989 */
992 }
995 }
996 /*
997 * This is something we definitely do not know how to handle, just
998 * pass the message downstream
999 */
1001 }
1003 /*
1004 * Module write service procedure. This is called by downstream modules
1005 * for back enabling during flow control.
1006 */
1007 void
1009 {
1016 /*
1017 * Get messages that may be queued and send them down stream
1018 */
1020 /*
1021 * Optimize the service procedure for the server-side, by
1022 * avoiding a call to canputnext().
1023 */
1027 }
1030 }
1031 }
1033 static void
1035 {
1038 /*
1039 * For now, just free the message.
1040 */
1050 }
1053 }
1055 /*
1056 * This part of rpcmod is pushed on a connection-oriented transport for use
1057 * by RPC. It serves to bypass the Stream head, implements
1058 * the record marking protocol, and dispatches incoming RPC messages.
1059 */
1061 /* Default idle timer values */
1067 #define MIR_SVC_QUIESCED(mir) \
1068 (mir->mir_ref_cnt == 0 && mir->mir_inrservice == 0)
1070 #define MIR_CLEAR_INRSRV(mir_ptr) { \
1071 (mir_ptr)->mir_inrservice = 0; \
1072 if ((mir_ptr)->mir_type == RPC_SERVER && \
1073 (mir_ptr)->mir_closing) \
1074 cv_signal(&(mir_ptr)->mir_condvar); \
1075 }
1077 /*
1078 * Don't block service procedure (and mir_close) if
1079 * we are in the process of closing.
1080 */
1081 #define MIR_WCANPUTNEXT(mir_ptr, write_q) \
1082 (canputnext(write_q) || ((mir_ptr)->mir_svc_no_more_msgs == 1))
1109 /*
1110 * Timeout for subsequent notifications of idle connection. This is
1111 * typically used to clean up after a wedged orderly release.
1112 */
1119 uint_t mir_krpc_cell_null;
1121 static void
1123 {
1124 timeout_id_t tid;
1128 /*
1129 * Since the mir_mutex lock needs to be released to call
1130 * untimeout(), we need to make sure that no other thread
1131 * can start/stop the timer (changing mir_timer_id) during
1132 * that time. The mir_timer_call bit and the mir_timer_cv
1133 * condition variable are used to synchronize this. Setting
1134 * mir_timer_call also tells mir_timer() (refer to the comments
1135 * in mir_timer()) that it does not need to do anything.
1136 */
1146 }
1149 }
1151 static void
1153 {
1154 timeout_id_t tid;
1166 }
1167 /* Only start the timer when it is not closing. */
1171 }
1174 }
1176 static int
1178 {
1185 /*
1186 * This loop is a bit tacky -- it walks the STREAMS list of
1187 * flow-controlled messages.
1188 */
1195 }
1197 }
1199 static int
1201 {
1213 }
1214 /*
1215 * Set mir_closing so we get notified when MIR_SVC_QUIESCED()
1216 * is TRUE. And mir_timer_start() won't start the timer again.
1217 */
1224 /*
1225 * This will prevent more requests from arriving and
1226 * will force rpcmod to ignore flow control.
1227 */
1234 /*
1235 * call into SVC to clean the queue
1236 */
1242 }
1244 /*
1245 * Bugid 1253810 - Force the write service
1246 * procedure to send its messages, regardless
1247 * whether the downstream module is ready
1248 * to accept data.
1249 */
1254 }
1259 /* Notify KRPC that this stream is going away. */
1264 }
1271 }
1273 /*
1274 * This is server side only (RPC_SERVER).
1275 *
1276 * Exit idle mode.
1277 */
1278 static void
1280 {
1287 }
1289 /*
1290 * This is server side only (RPC_SERVER).
1291 *
1292 * Start idle processing, which will include setting idle timer if the
1293 * stream is not being closed.
1294 */
1295 static void
1297 {
1303 /*
1304 * Don't re-start idle timer if we are closing queues.
1305 */
1310 /*
1311 * We will call mir_svc_idle_start() whenever MIR_SVC_QUIESCED()
1312 * is true. When it is true, and we are in the process of
1313 * closing the stream, signal any thread waiting in
1314 * mir_close().
1315 */
1322 /*
1323 * Normal condition, start the idle timer. If an orderly
1324 * release has been sent, set the timeout to wait for the
1325 * client to close its side of the connection. Otherwise,
1326 * use the normal idle timeout.
1327 */
1330 }
1331 }
1333 /* ARGSUSED */
1334 static int
1336 {
1340 /* Set variables used directly by KRPC. */
1352 /* Allocate a zero'ed out mir structure for this stream. */
1355 /*
1356 * We set hold inbound here so that incoming messages will
1357 * be held on the read-side queue until the stream is completely
1358 * initialized with a RPC_CLIENT or RPC_SERVER ioctl. During
1359 * the ioctl processing, the flag is cleared and any messages that
1360 * arrived between the open and the ioctl are delivered to KRPC.
1361 *
1362 * Early data should never arrive on a client stream since
1363 * servers only respond to our requests and we do not send any.
1364 * until after the stream is initialized. Early data is
1365 * very common on a server stream where the client will start
1366 * sending data as soon as the connection is made (and this
1367 * is especially true with TCP where the protocol accepts the
1368 * connection before nfsd or KRPC is notified about it).
1369 */
1373 /*
1374 * Start the record marker looking for a 4-byte header. When
1375 * this length is negative, it indicates that rpcmod is looking
1376 * for bytes to consume for the record marker header. When it
1377 * is positive, it holds the number of bytes that have arrived
1378 * for the current fragment and are being held in mir_header_mp.
1379 */
1391 /*
1392 * We noenable the read-side queue because we don't want it
1393 * automatically enabled by putq. We enable it explicitly
1394 * in mir_wsrv when appropriate. (See additional comments on
1395 * flow control at the beginning of mir_rsrv.)
1396 */
1401 }
1403 /*
1404 * Read-side put routine for both the client and server side. Does the
1405 * record marking for incoming RPC messages, and when complete, dispatches
1406 * the message to either the client or server.
1407 */
1408 static void
1410 {
1419 /*
1420 * If the stream has not been set up as a RPC_CLIENT or RPC_SERVER
1421 * with the corresponding ioctl, then don't accept
1422 * any inbound data. This should never happen for streams
1423 * created by nfsd or client-side KRPC because they are careful
1424 * to set the mode of the stream before doing anything else.
1425 */
1429 }
1443 }
1447 }
1449 /* Throw away the T_DATA_IND block and continue with data. */
1455 /*
1456 * If a module on the stream is trying set the Stream head's
1457 * high water mark, then set our hiwater to the requested
1458 * value. We are the "stream head" for all inbound
1459 * data messages since messages are passed directly to KRPC.
1460 */
1468 }
1469 }
1480 }
1484 /*
1485 * If this connection is closing, don't accept any new messages.
1486 */
1492 }
1494 /* Get local copies for quicker access. */
1500 /* Loop, processing each message block in the mp chain separately. */
1505 /*
1506 * Drop zero-length mblks to prevent unbounded kernel memory
1507 * consumption.
1508 */
1512 }
1514 /*
1515 * If frag_len is negative, we're still in the process of
1516 * building frag_header -- try to complete it with this mblk.
1517 */
1519 frag_len++;
1522 }
1525 /*
1526 * We consumed this mblk while trying to complete the
1527 * fragment header. Free it and move on.
1528 */
1531 }
1535 /*
1536 * Now frag_header has the number of bytes in this fragment
1537 * and we're just waiting to collect them all. Chain our
1538 * latest mblk onto the list and see if we now have enough
1539 * bytes to complete the fragment.
1540 */
1547 }
1552 /*
1553 * We still haven't received enough data to complete
1554 * the fragment, so continue on to the next mblk.
1555 */
1557 }
1559 /*
1560 * We've got a complete fragment. If there are excess bytes,
1561 * then they're part of the next fragment's header (of either
1562 * this RPC message or the next RPC message). Split that part
1563 * into its own mblk so that we can safely freeb() it when
1564 * building frag_header above.
1565 */
1578 }
1580 /*
1581 * Relink the message chain so that the next mblk is
1582 * the next fragment header, followed by the rest of
1583 * the message chain.
1584 */
1588 /*
1589 * Data in the new mblk begins at the next fragment,
1590 * and data in the old mblk ends at the next fragment.
1591 */
1594 }
1596 /*
1597 * Reset frag_len and frag_header for the next fragment.
1598 */
1601 /*
1602 * The current fragment is complete, but more
1603 * fragments need to be processed before we can
1604 * pass along the RPC message headed at head_mp.
1605 */
1608 }
1611 /*
1612 * We've got a complete RPC message; pass it to the
1613 * appropriate consumer.
1614 */
1618 /*
1619 * Mark this stream as active. This marker
1620 * is used in mir_timer().
1621 */
1626 }
1630 /*
1631 * Check for flow control before passing the
1632 * message to KRPC.
1633 */
1636 /*
1637 * If the reference count is 0
1638 * (not including this request),
1639 * then the stream is transitioning
1640 * from idle to non-idle. In this case,
1641 * we cancel the idle timer.
1642 */
1650 /*
1651 * Count # of times this happens. Should
1652 * be never, but experience shows
1653 * otherwise.
1654 */
1655 mir_krpc_cell_null++;
1657 }
1659 /*
1660 * If the outbound side of the stream is
1661 * flow controlled, then hold this message
1662 * until client catches up. mir_hold_inbound
1663 * is set in mir_wput and cleared in mir_wsrv.
1664 */
1667 }
1674 }
1676 /*
1677 * Reset the chain since we're starting on a new RPC message.
1678 */
1682 /*
1683 * Sanity check the message length; if it's too large mir_check_len()
1684 * will shutdown the connection, drop mir_mutex, and return non-zero.
1685 */
1690 /* Save our local copies back in the mir structure. */
1696 /*
1697 * The timer is stopped after the whole message chain is processed.
1698 * The reason is that stopping the timer releases the mir_mutex
1699 * lock temporarily. This means that the request can be serviced
1700 * while we are still processing the message chain. This is not
1701 * good. So we stop the timer here instead.
1702 *
1703 * Note that if the timer fires before we stop it, it will not
1704 * do any harm as MIR_SVC_QUIESCED() is false and mir_timer()
1705 * will just return.
1706 */
1711 }
1713 }
1715 static void
1717 {
1731 /*FALLTHROUGH*/
1738 }
1739 /*
1740 * We are disconnecting, but not necessarily
1741 * closing. By not closing, we will fail to
1742 * pick up a possibly changed global timeout value,
1743 * unless we store it now.
1744 */
1748 /*
1749 * Even though we are unconnected, we still
1750 * leave the idle timer going on the client. The
1751 * reason for is that if we've disconnected due
1752 * to a server-side disconnect, reset, or connection
1753 * timeout, there is a possibility the client may
1754 * retry the RPC request. This retry needs to done on
1755 * the same bound address for the server to interpret
1756 * it as such. However, we don't want
1757 * to wait forever for that possibility. If the
1758 * end-point stays unconnected for mir_idle_timeout
1759 * units of time, then that is a signal to the
1760 * connection manager to give up waiting for the
1761 * application (eg. NFS) to send a retry.
1762 */
1769 {
1787 }
1789 }
1791 {
1801 }
1803 }
1817 }
1823 {
1826 /*
1827 * If this is a listening stream, then shut
1828 * off the idle timer.
1829 */
1835 /*
1836 * mark this as a listen endpoint
1837 * for special handling.
1838 */
1842 }
1844 }
1851 /*
1852 * For listen endpoint just pass
1853 * on the message.
1854 */
1861 /*
1862 * If client wants to break off connection, record
1863 * that fact.
1864 */
1867 /*
1868 * If we are idle, then send the orderly release
1869 * or disconnect indication to nfsd.
1870 */
1874 }
1877 "disconnect/ord rel indication not passed "
1880 /*
1881 * Hold the indication until we get idle
1882 * If there already is an indication stored,
1883 * replace it if the new one is a disconnect. The
1884 * reasoning is that disconnection takes less time
1885 * to process, and once a client decides to
1886 * disconnect, we should do that.
1887 */
1891 " held disconnect/ord rel"
1892 " indication with disconnect on"
1899 "held a disconnect/ord rel "
1900 "indication. freeing ord rel "
1903 }
1911 /* nfsd handles server-side non-data messages. */
1913 }
1918 }
1921 }
1923 /*
1924 * The server-side read queues are used to hold inbound messages while
1925 * outbound flow control is exerted. When outbound flow control is
1926 * relieved, mir_wsrv qenables the read-side queue. Read-side queues
1927 * are not enabled by STREAMS and are explicitly noenable'ed in mir_open.
1928 *
1929 * For the server side, we have two types of messages queued. The first type
1930 * are messages that are ready to be XDR decoded and and then sent to the
1931 * RPC program's dispatch routine. The second type are "raw" messages that
1932 * haven't been processed, i.e. assembled from rpc record fragements into
1933 * full requests. The only time we will see the second type of message
1934 * queued is if we have a memory allocation failure while processing a
1935 * a raw message. The field mir_first_non_processed_mblk will mark the
1936 * first such raw message. So the flow for server side is:
1937 *
1938 * - send processed queued messages to kRPC until we run out or find
1939 * one that needs additional processing because we were short on memory
1940 * earlier
1941 * - process a message that was deferred because of lack of
1942 * memory
1943 * - continue processing messages until the queue empties or we
1944 * have to stop because of lack of memory
1945 * - during each of the above phase, if the queue is empty and
1946 * there are no pending messages that were passed to the RPC
1947 * layer, send upstream the pending disconnect/ordrel indication if
1948 * there is one
1949 *
1950 * The read-side queue is also enabled by a bufcall callback if dupmsg
1951 * fails in mir_rput.
1952 */
1953 static void
1955 {
1979 }
1980 }
1987 __LINE__);
1989 }
1992 }
1996 /*
1997 * If we were idle, turn off idle timer since
1998 * we aren't idle any more.
1999 */
2007 /*
2008 * Count # of times this happens. Should be
2009 * never, but experience shows otherwise.
2010 */
2012 mir_krpc_cell_null++;
2014 }
2015 }
2028 }
2030 /*
2031 * The timer is stopped after all the messages are processed.
2032 * The reason is that stopping the timer releases the mir_mutex
2033 * lock temporarily. This means that the request can be serviced
2034 * while we are still processing the message queue. This is not
2035 * good. So we stop the timer here instead.
2036 */
2041 }
2051 }
2058 __LINE__);
2060 }
2063 }
2065 }
2069 /*
2070 * Called to send an event code to nfsd/lockd so that it initiates
2071 * connection close.
2072 */
2073 static int
2075 {
2077 #ifdef DEBUG
2080 #endif
2083 /*
2084 * Create an M_DATA message with the event code and pass it to the
2085 * Stream head (nfsd or whoever created the stream will consume it).
2086 */
2091 mir_svc_policy_fails++;
2095 }
2101 }
2103 /*
2104 * Server side: start the close phase. We want to get this rpcmod slot in an
2105 * idle state before mir_close() is called.
2106 */
2107 static void
2109 {
2115 /*
2116 * Do not accept any more messages.
2117 */
2120 /*
2121 * Next two statements will make the read service procedure invoke
2122 * svc_queuereq() on everything stuck in the streams read queue.
2123 * It's not necessary because enabling the write queue will
2124 * have the same effect, but why not speed the process along?
2125 */
2129 /*
2130 * Meanwhile force the write service procedure to send the
2131 * responses downstream, regardless of flow control.
2132 */
2134 }
2136 /*
2137 * This routine is called directly by KRPC after a request is completed,
2138 * whether a reply was sent or the request was dropped.
2139 */
2140 static void
2142 {
2152 /*
2153 * Start idle processing if this is the last reference.
2154 */
2158 }
2170 }
2172 /*
2173 * Start idle processing if this is the last reference.
2174 */
2181 }
2186 /*
2187 * Wake up the thread waiting to close.
2188 */
2194 }
2196 /*
2197 * This routine is called by server-side KRPC when it is ready to
2198 * handle inbound messages on the stream.
2199 */
2200 static void
2202 {
2205 /*
2206 * no longer need to take the mir_mutex because the
2207 * mir_setup_complete field has been moved out of
2208 * the binary field protected by the mir_mutex.
2209 */
2213 }
2215 /*
2216 * client side wrapper for stopping timer with normal idle timeout.
2217 */
2218 static void
2220 {
2226 }
2228 /*
2229 * client side wrapper for stopping timer with normal idle timeout.
2230 */
2231 static void
2233 {
2239 }
2241 /*
2242 * client side only. Forces rpcmod to stop sending T_ORDREL_REQs on
2243 * end-points that aren't connected.
2244 */
2245 static void
2247 {
2255 }
2257 /*
2258 * Timer handler. It handles idle timeout and memory shortage problem.
2259 */
2260 static void
2262 {
2265 boolean_t notify;
2270 /*
2271 * mir_timer_call is set only when either mir_timer_[start|stop]
2272 * is progressing. And mir_timer() can only be run while they
2273 * are progressing if the timer is being stopped. So just
2274 * return.
2275 */
2279 }
2285 /*
2286 * For clients, the timer fires at clnt_idle_timeout
2287 * intervals. If the activity marker (mir_clntreq) is
2288 * zero, then the stream has been idle since the last
2289 * timer event and we notify KRPC. If mir_clntreq is
2290 * non-zero, then the stream is active and we just
2291 * restart the timer for another interval. mir_clntreq
2292 * is set to 1 in mir_wput for every request passed
2293 * downstream.
2294 *
2295 * If this was a memory shortage timer reset the idle
2296 * timeout regardless; the mir_clntreq will not be a
2297 * valid indicator.
2298 *
2299 * The timer is initially started in mir_wput during
2300 * RPC_CLIENT ioctl processing.
2301 *
2302 * The timer interval can be changed for individual
2303 * streams with the ND variable "mir_idle_timeout".
2304 */
2314 #if 0
2319 #endif
2324 }
2325 #if 0
2327 #endif
2328 /*
2329 * We are disconnecting, but not necessarily
2330 * closing. By not closing, we will fail to
2331 * pick up a possibly changed global timeout value,
2332 * unless we store it now.
2333 */
2338 /*
2339 * We pass T_ORDREL_REQ as an integer value
2340 * to KRPC as the indication that the stream
2341 * is idle. This is not a T_ORDREL_REQ message,
2342 * it is just a convenient value since we call
2343 * the same KRPC routine for T_ORDREL_INDs and
2344 * T_DISCON_INDs.
2345 */
2351 /*
2352 * For servers, the timer is only running when the stream
2353 * is really idle or memory is short. The timer is started
2354 * by mir_wput when mir_type is set to RPC_SERVER and
2355 * by mir_svc_idle_start whenever the stream goes idle
2356 * (mir_ref_cnt == 0). The timer is cancelled in
2357 * mir_rput whenever a new inbound request is passed to KRPC
2358 * and the stream was previously idle.
2359 *
2360 * The timer interval can be changed for individual
2361 * streams with the ND variable "mir_idle_timeout".
2362 *
2363 * If the stream is not idle do nothing.
2364 */
2368 }
2373 /*
2374 * If there is no packet queued up in read queue, the stream
2375 * is really idle so notify nfsd to close it.
2376 */
2381 }
2388 }
2389 }
2391 /*
2392 * Called by the RPC package to send either a call or a return, or a
2393 * transport connection request. Adds the record marking header.
2394 */
2395 static void
2397 {
2398 uint_t frag_header;
2405 }
2410 }
2417 }
2422 /* Stick in the 4 byte record marking header. */
2425 /*
2426 * Since we know that M_DATA messages are created exclusively
2427 * by KRPC, we expect that KRPC will leave room for our header
2428 * and 4 byte align which is normal for XDR.
2429 * If KRPC (or someone else) does not cooperate, then we
2430 * just throw away the message.
2431 */
2437 }
2444 /*
2445 * For the client, set mir_clntreq to indicate that the
2446 * connection is active.
2447 */
2450 }
2452 /*
2453 * If we haven't already queued some data and the downstream module
2454 * can accept more data, send it on, otherwise we queue the message
2455 * and take other actions depending on mir_type.
2456 */
2460 /*
2461 * Now we pass the RPC message downstream.
2462 */
2465 }
2469 /*
2470 * Check for a previous duplicate request on the
2471 * queue. If there is one, then we throw away
2472 * the current message and let the previous one
2473 * go through. If we can't find a duplicate, then
2474 * send this one. This tap dance is an effort
2475 * to reduce traffic and processing requirements
2476 * under load conditions.
2477 */
2482 }
2485 /*
2486 * Set mir_hold_inbound so that new inbound RPC
2487 * messages will be held until the client catches
2488 * up on the earlier replies. This flag is cleared
2489 * in mir_wsrv after flow control is relieved;
2490 * the read-side queue is also enabled at that time.
2491 */
2497 }
2501 }
2503 static void
2505 {
2520 ioc_eperm:
2527 }
2531 /*
2532 * Clear mir_hold_inbound which was set to 1 by
2533 * mir_open. This flag is not used on client
2534 * streams.
2535 */
2539 /*
2540 * Start the idle timer. See mir_timer() for more
2541 * information on how client timers work.
2542 */
2556 /*
2557 * We don't clear mir_hold_inbound here because
2558 * mir_hold_inbound is used in the flow control
2559 * model. If we cleared it here, then we'd commit
2560 * a small violation to the model where the transport
2561 * might immediately block downstream flow.
2562 */
2567 /*
2568 * Start the idle timer. See mir_timer() for more
2569 * information on how server timers work.
2570 *
2571 * Note that it is important to start the idle timer
2572 * here so that connections time out even if we
2573 * never receive any data on them.
2574 */
2586 }
2591 /*
2592 * We are likely being called from the context of a
2593 * service procedure. So we need to enqueue. However
2594 * enqueing may put our message behind data messages.
2595 * So flush the data first.
2596 */
2598 }
2605 /* Don't pass T_DATA_REQ messages downstream. */
2613 /*
2614 * We are likely being called from
2615 * clnt_dispatch_notifyall(). Sending
2616 * a T_ORDREL_REQ will result in
2617 * a some kind of _IND message being sent,
2618 * will be another call to
2619 * clnt_dispatch_notifyall(). To keep the stack
2620 * lean, queue this message.
2621 */
2626 }
2628 /*
2629 * Mark the structure such that we don't accept any
2630 * more requests from client. We could defer this
2631 * until we actually send the orderly release
2632 * request downstream, but all that does is delay
2633 * the closing of this stream.
2634 */
2640 /*
2641 * If we have sent down a T_ORDREL_REQ, don't send
2642 * any more.
2643 */
2648 }
2650 /*
2651 * If the stream is not idle, then we hold the
2652 * orderly release until it becomes idle. This
2653 * ensures that KRPC will be able to reply to
2654 * all requests that we have passed to it.
2655 *
2656 * We also queue the request if there is data already
2657 * queued, because we cannot allow the T_ORDREL_REQ
2658 * to go before data. When we had a separate reply
2659 * count, this was not a problem, because the
2660 * reply count was reconciled when mir_wsrv()
2661 * completed.
2662 */
2673 }
2675 /*
2676 * Mark the structure so that we know we sent
2677 * an orderly release request, and reset the idle timer.
2678 */
2688 /*
2689 * When we break, we will putnext the T_ORDREL_REQ.
2690 */
2699 }
2701 /*
2702 * Restart timer in case mir_clnt_idle_do_stop() was
2703 * called.
2704 */
2712 /*
2713 * T_DISCON_REQ is one of the interesting default
2714 * cases here. Ideally, an M_FLUSH is done before
2715 * T_DISCON_REQ is done. However, that is somewhat
2716 * cumbersome for clnt_cots.c to do. So we queue
2717 * T_DISCON_REQ, and let the service procedure
2718 * flush all M_DATA.
2719 */
2721 }
2732 FLUSHDATA);
2735 }
2739 }
2740 }
2742 }
2748 }
2756 }
2758 }
2760 static void
2762 {
2765 bool_t flushdata;
2775 /*
2776 * Do not send any more data if we have sent
2777 * a T_ORDREL_REQ.
2778 */
2782 }
2784 /*
2785 * Make sure that the stream can really handle more
2786 * data.
2787 */
2792 }
2794 /*
2795 * Now we pass the RPC message downstream.
2796 */
2801 }
2803 /*
2804 * This is not an RPC message, pass it downstream
2805 * (ignoring flow control) if the server side is not sending a
2806 * T_ORDREL_REQ downstream.
2807 */
2810 T_ORDREL_REQ) {
2815 }
2818 /*
2819 * Don't send two T_ORDRELs
2820 */
2823 }
2825 /*
2826 * Mark the structure so that we know we sent an orderly
2827 * release request. We will check to see slot is idle at the
2828 * end of this routine, and if so, reset the idle timer to
2829 * handle orderly release timeouts.
2830 */
2834 /*
2835 * Send the orderly release downstream. If there are other
2836 * pending replies we won't be able to send them. However,
2837 * the only reason we should send the orderly release is if
2838 * we were idle, or if an unusual event occurred.
2839 */
2843 }
2846 /*
2847 * If we call mir_svc_idle_start() below, then
2848 * clearing mir_inwservice here will also result in
2849 * any thread waiting in mir_close() to be signaled.
2850 */
2856 }
2858 /*
2859 * If idle we call mir_svc_idle_start to start the timer (or wakeup
2860 * a close). Also make sure not to start the idle timer on the
2861 * listener stream. This can cause nfsd to send an orderly release
2862 * command on the listener stream.
2863 */
2868 }
2870 /*
2871 * If outbound flow control has been relieved, then allow new
2872 * inbound requests to be processed.
2873 */
2877 }
2879 }
2881 static void
2883 {
2888 /*
2889 * We are disconnecting, but not necessarily
2890 * closing. By not closing, we will fail to
2891 * pick up a possibly changed global timeout value,
2892 * unless we store it now.
2893 */
2898 /*
2899 * T_DISCON_REQ is passed to KRPC as an integer value
2900 * (this is not a TPI message). It is used as a
2901 * convenient value to indicate a sanity check
2902 * failure -- the same KRPC routine is also called
2903 * for T_DISCON_INDs and T_ORDREL_INDs.
2904 */
2913 "stream head listener to disconnect stream "
2921 }
2922 }
2924 /*
2925 * Sanity check the message length, and if it's too large, shutdown the
2926 * connection. Returns 1 if the connection is shutdown; 0 otherwise.
2927 */
2928 static int
2930 {
2947 "KRPC: record fragment from %s of size(%d) exceeds "
2952 }
2956 }