| blob | cf1b67cd012fda64c814631f017e10572061374a |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
22 /*
23 * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
24 */
26 /*
27 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
28 * Use is subject to license terms.
29 */
31 /*
32 * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
33 */
35 /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
36 /* All Rights Reserved */
38 /*
39 * Portions of this source code were derived from Berkeley 4.3 BSD
40 * under license from the Regents of the University of California.
41 */
43 /*
44 * Server-side remote procedure call interface.
45 *
46 * Master transport handle (SVCMASTERXPRT).
47 * The master transport handle structure is shared among service
48 * threads processing events on the transport. Some fields in the
49 * master structure are protected by locks
50 * - xp_req_lock protects the request queue:
51 * xp_req_head, xp_req_tail, xp_reqs, xp_size, xp_full, xp_enable
52 * - xp_thread_lock protects the thread (clone) counts
53 * xp_threads, xp_detached_threads, xp_wq
54 * Each master transport is registered to exactly one thread pool.
55 *
56 * Clone transport handle (SVCXPRT)
57 * The clone transport handle structure is a per-service-thread handle
58 * to the transport. The structure carries all the fields/buffers used
59 * for request processing. A service thread or, in other words, a clone
60 * structure, can be linked to an arbitrary master structure to process
61 * requests on this transport. The master handle keeps track of reference
62 * counts of threads (clones) linked to it. A service thread can switch
63 * to another transport by unlinking its clone handle from the current
64 * transport and linking to a new one. Switching is relatively inexpensive
65 * but it involves locking (master's xprt->xp_thread_lock).
66 *
67 * Pools.
68 * A pool represents a kernel RPC service (NFS, Lock Manager, etc.).
69 * Transports related to the service are registered to the service pool.
70 * Service threads can switch between different transports in the pool.
71 * Thus, each service has its own pool of service threads. The maximum
72 * number of threads in a pool is pool->p_maxthreads. This limit allows
73 * to restrict resource usage by the service. Some fields are protected
74 * by locks:
75 * - p_req_lock protects several counts and flags:
76 * p_reqs, p_size, p_walkers, p_asleep, p_drowsy, p_req_cv
77 * - p_thread_lock governs other thread counts:
78 * p_threads, p_detached_threads, p_reserved_threads, p_closing
79 *
80 * In addition, each pool contains a doubly-linked list of transports,
81 * an `xprt-ready' queue and a creator thread (see below). Threads in
82 * the pool share some other parameters such as stack size and
83 * polling timeout.
84 *
85 * Pools are initialized through the svc_pool_create() function called from
86 * the nfssys() system call. However, thread creation must be done by
87 * the userland agent. This is done by using SVCPOOL_WAIT and
88 * SVCPOOL_RUN arguments to nfssys(), which call svc_wait() and
89 * svc_do_run(), respectively. Once the pool has been initialized,
90 * the userland process must set up a 'creator' thread. This thread
91 * should park itself in the kernel by calling svc_wait(). If
92 * svc_wait() returns successfully, it should fork off a new worker
93 * thread, which then calls svc_do_run() in order to get work. When
94 * that thread is complete, svc_do_run() will return, and the user
95 * program should call thr_exit().
96 *
97 * When we try to register a new pool and there is an old pool with
98 * the same id in the doubly linked pool list (this happens when we kill
99 * and restart nfsd or lockd), then we unlink the old pool from the list
100 * and mark its state as `closing'. After that the transports can still
101 * process requests but new transports won't be registered. When all the
102 * transports and service threads associated with the pool are gone the
103 * creator thread (see below) will clean up the pool structure and exit.
104 *
105 * svc_queuereq() and svc_run().
106 * The kernel RPC server is interrupt driven. The svc_queuereq() interrupt
107 * routine is called to deliver an RPC request. The service threads
108 * loop in svc_run(). The interrupt function queues a request on the
109 * transport's queue and it makes sure that the request is serviced.
110 * It may either wake up one of sleeping threads, or ask for a new thread
111 * to be created, or, if the previous request is just being picked up, do
112 * nothing. In the last case the service thread that is picking up the
113 * previous request will wake up or create the next thread. After a service
114 * thread processes a request and sends a reply it returns to svc_run()
115 * and svc_run() calls svc_poll() to find new input.
116 *
117 * svc_poll().
118 * In order to avoid unnecessary locking, which causes performance
119 * problems, we always look for a pending request on the current transport.
120 * If there is none we take a hint from the pool's `xprt-ready' queue.
121 * If the queue had an overflow we switch to the `drain' mode checking
122 * each transport in the pool's transport list. Once we find a
123 * master transport handle with a pending request we latch the request
124 * lock on this transport and return to svc_run(). If the request
125 * belongs to a transport different than the one the service thread is
126 * linked to we need to unlink and link again.
127 *
128 * A service thread goes asleep when there are no pending
129 * requests on the transports registered on the pool's transports.
130 * All the pool's threads sleep on the same condition variable.
131 * If a thread has been sleeping for too long period of time
132 * (by default 5 seconds) it wakes up and exits. Also when a transport
133 * is closing sleeping threads wake up to unlink from this transport.
134 *
135 * The `xprt-ready' queue.
136 * If a service thread finds no request on a transport it is currently linked
137 * to it will find another transport with a pending request. To make
138 * this search more efficient each pool has an `xprt-ready' queue.
139 * The queue is a FIFO. When the interrupt routine queues a request it also
140 * inserts a pointer to the transport into the `xprt-ready' queue. A
141 * thread looking for a transport with a pending request can pop up a
142 * transport and check for a request. The request can be already gone
143 * since it could be taken by a thread linked to that transport. In such a
144 * case we try the next hint. The `xprt-ready' queue has fixed size (by
145 * default 256 nodes). If it overflows svc_poll() has to switch to the
146 * less efficient but safe `drain' mode and walk through the pool's
147 * transport list.
148 *
149 * Both the svc_poll() loop and the `xprt-ready' queue are optimized
150 * for the peak load case that is for the situation when the queue is not
151 * empty, there are all the time few pending requests, and a service
152 * thread which has just processed a request does not go asleep but picks
153 * up immediately the next request.
154 *
155 * Thread creator.
156 * Each pool has a thread creator associated with it. The creator thread
157 * sleeps on a condition variable and waits for a signal to create a
158 * service thread. The actual thread creation is done in userland by
159 * the method described in "Pools" above.
160 *
161 * Signaling threads should turn on the `creator signaled' flag, and
162 * can avoid sending signals when the flag is on. The flag is cleared
163 * when the thread is created.
164 *
165 * When the pool is in closing state (ie it has been already unregistered
166 * from the pool list) the last thread on the last transport in the pool
167 * should turn the p_creator_exit flag on. The creator thread will
168 * clean up the pool structure and exit.
169 *
170 * Thread reservation; Detaching service threads.
171 * A service thread can detach itself to block for an extended amount
172 * of time. However, to keep the service active we need to guarantee
173 * at least pool->p_redline non-detached threads that can process incoming
174 * requests. This, the maximum number of detached and reserved threads is
175 * p->p_maxthreads - p->p_redline. A service thread should first acquire
176 * a reservation, and if the reservation was granted it can detach itself.
177 * If a reservation was granted but the thread does not detach itself
178 * it should cancel the reservation before it returns to svc_run().
179 */
181 #include <sys/param.h>
182 #include <sys/types.h>
183 #include <rpc/types.h>
184 #include <sys/socket.h>
185 #include <sys/time.h>
186 #include <sys/tiuser.h>
187 #include <sys/t_kuser.h>
188 #include <netinet/in.h>
189 #include <rpc/xdr.h>
190 #include <rpc/auth.h>
191 #include <rpc/clnt.h>
192 #include <rpc/rpc_msg.h>
193 #include <rpc/svc.h>
194 #include <sys/proc.h>
195 #include <sys/user.h>
196 #include <sys/stream.h>
197 #include <sys/strsubr.h>
198 #include <sys/strsun.h>
199 #include <sys/tihdr.h>
200 #include <sys/debug.h>
201 #include <sys/cmn_err.h>
202 #include <sys/file.h>
203 #include <sys/systm.h>
204 #include <sys/callb.h>
205 #include <sys/vtrace.h>
206 #include <sys/zone.h>
207 #include <nfs/nfs.h>
211 /*
212 * Defines for svc_poll()
213 */
218 /*
219 * Default stack size for service threads.
220 */
225 /*
226 * Default polling timeout for service threads.
227 * Multiplied by hz when used.
228 */
233 /*
234 * Size of the `xprt-ready' queue.
235 */
240 /*
241 * Default limit for the number of service threads.
242 */
243 #define DEFAULT_SVC_MAXTHREADS (INT16_MAX)
247 /*
248 * Maximum number of requests from the same transport (in `drain' mode).
249 */
250 #define DEFAULT_SVC_MAX_SAME_XPRT (8)
255 /*
256 * Default `Redline' of non-detached threads.
257 * Total number of detached and reserved threads in an RPC server
258 * thread pool is limited to pool->p_maxthreads - svc_redline.
259 */
260 #define DEFAULT_SVC_REDLINE (1)
264 /*
265 * A node for the `xprt-ready' queue.
266 * See below.
267 */
271 };
273 /*
274 * Global SVC variables (private).
275 */
278 kmutex_t svc_plock;
279 };
281 /*
282 * Debug variable to check for rdma based
283 * transport startup and cleanup. Contorlled
284 * through /etc/system. Off by default.
285 */
288 /*
289 * This allows disabling flow control in svc_queuereq().
290 */
293 /*
294 * Authentication parameters list.
295 */
299 /*
300 * Pointers to transport specific `rele' routines in rpcmod (set from rpcmod).
301 */
305 /* ARGSUSED */
306 void
308 {
309 }
313 /*
314 * This macro picks which `rele' routine to use, based on the transport type.
315 */
316 #define RELE_PROC(xprt) \
317 ((xprt)->xp_type == T_RDMA ? rdma_rele : \
318 (((xprt)->xp_type == T_CLTS) ? rpc_rele : mir_rele))
320 /*
321 * If true, then keep quiet about version mismatch.
322 * This macro is for broadcast RPC only. We have no broadcast RPC in
323 * kernel now but one may define a flag in the transport structure
324 * and redefine this macro.
325 */
326 #define version_keepquiet(xprt) (FALSE)
328 /*
329 * ZSD key used to retrieve zone-specific svc globals
330 */
342 /* ARGSUSED */
345 {
352 }
354 /* ARGSUSED */
355 static void
357 {
364 }
366 }
368 /* ARGSUSED */
369 static void
371 {
377 }
379 /*
380 * Global SVC init routine.
381 * Initialize global generic and transport type specific structures
382 * used by the kernel RPC server side. This routine is called only
383 * once when the module is being loaded.
384 */
385 void
387 {
389 svc_zonefini);
392 }
394 /*
395 * Destroy the SVCPOOL structure.
396 */
397 static void
399 {
404 /*
405 * Call the user supplied shutdown function. This is done
406 * here so the user of the pool will be able to cleanup
407 * service related resources.
408 */
412 /* Destroy `xprt-ready' queue */
415 /* Destroy transport list */
418 /* Destroy locks and condition variables */
423 /* Destroy creator's locks and condition variables */
429 /* Free pool structure */
431 }
433 /*
434 * If all the transports and service threads are already gone
435 * signal the creator thread to clean up and exit.
436 */
437 static bool_t
439 {
446 /*
447 * Release the locks before sending a signal.
448 */
452 /*
453 * Notify the creator thread to clean up and exit
454 *
455 * NOTICE: No references to the pool beyond this point!
456 * The pool is being destroyed.
457 */
462 }
464 }
468 }
470 /*
471 * Find a pool with a given id.
472 */
475 {
480 /*
481 * Search the list for a pool with a matching id
482 * and register the transport handle with that pool.
483 */
489 }
491 /*
492 * PSARC 2003/523 Contract Private Interface
493 * svc_do_run
494 * Changes must be reviewed by Solaris File Sharing
495 * Changes must be communicated to contract-2003-523@sun.com
496 */
497 int
499 {
514 /*
515 * Increment counter of pool threads now
516 * that a thread has been created.
517 */
522 /* Give work to the new thread. */
526 }
528 /*
529 * Unregister a pool from the pool list.
530 * Set the closing state. If all the transports and service threads
531 * are already gone signal the creator thread to clean up and exit.
532 */
533 static void
535 {
541 /* Remove from the list */
550 /*
551 * Offline the pool. Mark the pool as closing.
552 * If there are no transports in this pool notify
553 * the creator thread to clean it up and exit.
554 */
562 }
564 /*
565 * Register a pool with a given id in the global doubly linked pool list.
566 * - if there is a pool with the same id in the list then unregister it
567 * - insert the new pool into the list.
568 */
569 static void
571 {
574 /*
575 * If there is a pool with the same id then remove it from
576 * the list and mark the pool as closing.
577 */
583 /* Insert into the doubly linked list */
592 }
594 /*
595 * Initialize a newly created pool structure
596 */
597 static int
600 {
621 /* Allocate and initialize the `xprt-ready' queue */
624 /* Initialize doubly-linked xprt list */
627 /*
628 * Setting lwp_childstksz on the current lwp so that
629 * descendants of this lwp get the modified stacksize, if
630 * it is defined. It is important that either this lwp or
631 * one of its descendants do the actual servicepool thread
632 * creation to maintain the stacksize inheritance.
633 */
637 /* Initialize thread limits, locks and condition variables */
647 /* Initialize userland creator */
654 /* Initialize the creator and start the creator thread */
663 }
665 /*
666 * PSARC 2003/523 Contract Private Interface
667 * svc_pool_create
668 * Changes must be reviewed by Solaris File Sharing
669 * Changes must be communicated to contract-2003-523@sun.com
670 *
671 * Create an kernel RPC server-side thread/transport pool.
672 *
673 * This is public interface for creation of a server RPC thread pool
674 * for a given service provider. Transports registered with the pool's id
675 * will be served by a pool's threads. This function is called from the
676 * nfssys() system call.
677 */
678 int
680 {
685 /*
686 * Caller should check credentials in a way appropriate
687 * in the context of the call.
688 */
691 /* Allocate a new pool */
694 /*
695 * Initialize the pool structure and create a creator thread.
696 */
703 }
705 /* Register the pool with the global pool list */
709 }
711 int
713 {
721 /*
722 * Search the list for a pool with a matching id
723 * and register the transport handle with that pool.
724 */
730 }
731 /*
732 * Grab the transport list lock before releasing the
733 * pool list lock
734 */
744 /*
745 * Search the list for a pool with a matching id
746 * and register the unregister callback handle with that pool.
747 */
753 }
754 /*
755 * Grab the transport list lock before releasing the
756 * pool list lock
757 */
768 }
769 }
771 /*
772 * Pool's transport list manipulation routines.
773 * - svc_xprt_register()
774 * - svc_xprt_unregister()
775 *
776 * svc_xprt_register() is called from svc_tli_kcreate() to
777 * insert a new master transport handle into the doubly linked
778 * list of server transport handles (one list per pool).
779 *
780 * The list is used by svc_poll(), when it operates in `drain'
781 * mode, to search for a next transport with a pending request.
782 */
784 int
786 {
792 /*
793 * Search the list for a pool with a matching id
794 * and register the transport handle with that pool.
795 */
801 }
803 /* Grab the transport list lock before releasing the pool list lock */
807 /* Don't register new transports when the pool is in closing state */
811 }
813 /*
814 * Initialize xp_pool to point to the pool.
815 * We don't want to go through the pool list every time.
816 */
819 /*
820 * Insert a transport handle into the list.
821 * The list head points to the most recently inserted transport.
822 */
833 }
835 /* Increment the transports count */
840 }
842 /*
843 * Called from svc_xprt_cleanup() to remove a master transport handle
844 * from the pool's list of server transports (when a transport is
845 * being destroyed).
846 */
847 void
849 {
852 /*
853 * Unlink xprt from the list.
854 * If the list head points to this xprt then move it
855 * to the next xprt or reset to NULL if this is the last
856 * xprt in the list.
857 */
871 }
875 /* Decrement list count */
879 }
881 static void
883 {
886 }
888 /*
889 * Initialize an `xprt-ready' queue for a given pool.
890 */
891 static void
893 {
898 KM_SLEEP);
908 }
910 /*
911 * Called from the svc_queuereq() interrupt routine to queue
912 * a hint for svc_poll() which transport has a pending request.
913 * - insert a pointer to xprt into the xprt-ready queue (FIFO)
914 * - if the xprt-ready queue is full turn the overflow flag on.
915 *
916 * NOTICE: pool->p_qtop is protected by the pool's request lock
917 * and the caller (svc_queuereq()) must hold the lock.
918 */
919 static void
921 {
924 /* If the overflow flag is on there is nothing we can do */
928 /* If the queue is full turn the overflow flag on and exit */
935 }
937 }
939 /* Insert a hint and move pool->p_qtop */
942 }
944 /*
945 * Called from svc_poll() to get a hint which transport has a
946 * pending request. Returns a pointer to a transport or NULL if the
947 * `xprt-ready' queue is empty.
948 *
949 * Since we do not acquire the pool's request lock while checking if
950 * the queue is empty we may miss a request that is just being delivered.
951 * However this is ok since svc_poll() will retry again until the
952 * count indicates that there are pending requests for this pool.
953 */
956 {
961 /*
962 * If the queue is empty return NULL.
963 * Since we do not acquire the pool's request lock which
964 * protects pool->p_qtop this is not exact check. However,
965 * this is safe - if we miss a request here svc_poll()
966 * will retry again.
967 */
971 }
973 /* Get a hint and move pool->p_qend */
977 /* Skip fields deleted by svc_xprt_qdelete() */
982 }
984 /*
985 * Delete all the references to a transport handle that
986 * is being destroyed from the xprt-ready queue.
987 * Deleted pointers are replaced with NULLs.
988 */
989 static void
991 {
998 }
1000 }
1002 /*
1003 * Destructor for a master server transport handle.
1004 * - if there are no more non-detached threads linked to this transport
1005 * then, if requested, call xp_closeproc (we don't wait for detached
1006 * threads linked to this transport to complete).
1007 * - if there are no more threads linked to this
1008 * transport then
1009 * a) remove references to this transport from the xprt-ready queue
1010 * b) remove a reference to this transport from the pool's transport list
1011 * c) call a transport specific `destroy' function
1012 * d) cancel remaining thread reservations.
1013 *
1014 * NOTICE: Caller must hold the transport's thread lock.
1015 */
1016 static void
1018 {
1022 /*
1023 * If called from the last non-detached thread
1024 * it should call the closeproc on this transport.
1025 */
1028 }
1033 /* Remove references to xprt from the `xprt-ready' queue */
1036 /* Unregister xprt from the pool's transport list */
1040 }
1041 }
1043 /*
1044 * Find a dispatch routine for a given prog/vers pair.
1045 * This function is called from svc_getreq() to search the callout
1046 * table for an entry with a matching RPC program number `prog'
1047 * and a version range that covers `vers'.
1048 * - if it finds a matching entry it returns pointer to the dispatch routine
1049 * - otherwise it returns NULL and, if `minp' or `maxp' are not NULL,
1050 * fills them with, respectively, lowest version and highest version
1051 * supported for the program `prog'
1052 */
1056 {
1074 }
1075 }
1078 }
1080 /*
1081 * Optionally free callout table allocated for this transport by
1082 * the service provider.
1083 */
1084 static void
1086 {
1092 }
1093 }
1095 /*
1096 * Send a reply to an RPC request
1097 *
1098 * PSARC 2003/523 Contract Private Interface
1099 * svc_sendreply
1100 * Changes must be reviewed by Solaris File Sharing
1101 * Changes must be communicated to contract-2003-523@sun.com
1102 */
1103 bool_t
1106 {
1117 }
1119 /*
1120 * No procedure error reply
1121 *
1122 * PSARC 2003/523 Contract Private Interface
1123 * svcerr_noproc
1124 * Changes must be reviewed by Solaris File Sharing
1125 * Changes must be communicated to contract-2003-523@sun.com
1126 */
1127 void
1129 {
1138 }
1140 /*
1141 * Can't decode arguments error reply
1142 *
1143 * PSARC 2003/523 Contract Private Interface
1144 * svcerr_decode
1145 * Changes must be reviewed by Solaris File Sharing
1146 * Changes must be communicated to contract-2003-523@sun.com
1147 */
1148 void
1150 {
1159 }
1161 /*
1162 * Some system error
1163 */
1164 void
1166 {
1175 }
1177 /*
1178 * Authentication error reply
1179 */
1180 void
1182 {
1191 }
1193 /*
1194 * Authentication too weak error reply
1195 */
1196 void
1198 {
1200 }
1202 /*
1203 * Authentication error; bad credentials
1204 */
1205 void
1207 {
1216 }
1218 /*
1219 * Program unavailable error reply
1220 *
1221 * PSARC 2003/523 Contract Private Interface
1222 * svcerr_noprog
1223 * Changes must be reviewed by Solaris File Sharing
1224 * Changes must be communicated to contract-2003-523@sun.com
1225 */
1226 void
1228 {
1237 }
1239 /*
1240 * Program version mismatch error reply
1241 *
1242 * PSARC 2003/523 Contract Private Interface
1243 * svcerr_progvers
1244 * Changes must be reviewed by Solaris File Sharing
1245 * Changes must be communicated to contract-2003-523@sun.com
1246 */
1247 void
1250 {
1261 }
1263 /*
1264 * Get server side input from some transport.
1265 *
1266 * Statement of authentication parameters management:
1267 * This function owns and manages all authentication parameters, specifically
1268 * the "raw" parameters (msg.rm_call.cb_cred and msg.rm_call.cb_verf) and
1269 * the "cooked" credentials (rqst->rq_clntcred).
1270 * However, this function does not know the structure of the cooked
1271 * credentials, so it make the following assumptions:
1272 * a) the structure is contiguous (no pointers), and
1273 * b) the cred structure size does not exceed RQCRED_SIZE bytes.
1274 * In all events, all three parameters are freed upon exit from this routine.
1275 * The storage is trivially managed on the call stack in user land, but
1276 * is malloced in kernel land.
1277 *
1278 * Note: the xprt's xp_svc_lock is not held while the service's dispatch
1279 * routine is running. If we decide to implement svc_unregister(), we'll
1280 * need to decide whether it's okay for a thread to unregister a service
1281 * while a request is being processed. If we decide that this is a
1282 * problem, we can probably use some sort of reference counting scheme to
1283 * keep the callout entry from going away until the request has completed.
1284 */
1285 static void
1289 {
1298 /*
1299 * Firstly, allocate the authentication parameters' storage
1300 */
1305 /* LINTED pointer alignment */
1311 KM_SLEEP);
1312 }
1317 /*
1318 * Now receive a message from the transport.
1319 */
1322 rpcvers_t vers_min;
1323 rpcvers_t vers_max;
1324 bool_t no_dispatch;
1327 /*
1328 * Find the registered program and call its
1329 * dispatch routine.
1330 */
1337 /*
1338 * First authenticate the message.
1339 */
1346 /*
1347 * Free the arguments.
1348 */
1351 /*
1352 * XXX - when bug id 4053736 is done, remove
1353 * the SVC_FREEARGS() call.
1354 */
1366 /*
1367 * If we got here, the program or version
1368 * is not served ...
1369 */
1373 else
1375 vers_max);
1377 /*
1378 * Free the arguments. For successful calls
1379 * this is done by the dispatch routine.
1380 */
1382 /* Fall through to ... */
1383 }
1384 /*
1385 * Call cleanup procedure for RPCSEC_GSS.
1386 * This is a hack since there is currently no
1387 * op, such as SVC_CLEANAUTH. rpc_gss_cleanup
1388 * should only be called for a non null proc.
1389 * Null procs in RPC GSS are overloaded to
1390 * provide context setup and control. The main
1391 * purpose of rpc_gss_cleanup is to decrement the
1392 * reference count associated with the cached
1393 * GSS security context. We should never get here
1394 * for an RPCSEC_GSS null proc since *no_dispatch
1395 * would have been set to true from sec_svc_msg above.
1396 */
1399 }
1400 }
1402 /*
1403 * Free authentication parameters' storage
1404 */
1406 /* LINTED pointer alignment */
1410 }
1412 /*
1413 * Allocate new clone transport handle.
1414 */
1415 SVCXPRT *
1417 {
1423 }
1425 /*
1426 * Free memory allocated by svc_clone_init.
1427 */
1428 void
1430 {
1431 /* Fre credentials from crget() */
1435 }
1437 /*
1438 * Link a per-thread clone transport handle to a master
1439 * - increment a thread reference count on the master
1440 * - copy some of the master's fields to the clone
1441 * - call a transport specific clone routine.
1442 */
1443 void
1445 {
1450 /*
1451 * Bump up master's thread count.
1452 * Linking a per-thread clone transport handle to a master
1453 * associates a service thread with the master.
1454 */
1459 /* Clear everything */
1462 /* Set pointer to the master transport stucture */
1465 /* Structure copy of all the common fields */
1468 /* Restore per-thread fields (xp_cred) */
1473 }
1475 /*
1476 * Unlink a non-detached clone transport handle from a master
1477 * - decrement a thread reference count on the master
1478 * - if the transport is closing (xp_wq is NULL) call svc_xprt_cleanup();
1479 * if this is the last non-detached/absolute thread on this transport
1480 * then it will close/destroy the transport
1481 * - call transport specific function to destroy the clone handle
1482 * - clear xp_master to avoid recursion.
1483 */
1484 void
1486 {
1489 /* This cannot be a detached thread */
1493 /* Decrement a reference count on the transport */
1497 /* svc_xprt_cleanup() unlocks xp_thread_lock or destroys xprt */
1500 else
1503 /* Call a transport specific clone `destroy' function */
1506 /* Clear xp_master */
1508 }
1510 /*
1511 * Unlink a detached clone transport handle from a master
1512 * - decrement the thread count on the master
1513 * - if the transport is closing (xp_wq is NULL) call svc_xprt_cleanup();
1514 * if this is the last thread on this transport then it will destroy
1515 * the transport.
1516 * - call a transport specific function to destroy the clone handle
1517 * - clear xp_master to avoid recursion.
1518 */
1519 static void
1521 {
1524 /* This must be a detached thread */
1529 /* Grab xprt->xp_thread_lock and decrement link counts */
1533 /* svc_xprt_cleanup() unlocks xp_thread_lock or destroys xprt */
1536 else
1539 /* Call transport specific clone `destroy' function */
1542 /* Clear xp_master */
1544 }
1546 /*
1547 * Try to exit a non-detached service thread
1548 * - check if there are enough threads left
1549 * - if this thread (ie its clone transport handle) are linked
1550 * to a master transport then unlink it
1551 * - free the clone structure
1552 * - return to userland for thread exit
1553 *
1554 * If this is the last non-detached or the last thread on this
1555 * transport then the call to svc_clone_unlink() will, respectively,
1556 * close and/or destroy the transport.
1557 */
1558 static void
1560 {
1568 /* return - thread exit will be handled at user level */
1572 /* return - thread exit will be handled at user level */
1573 }
1575 /*
1576 * Exit a detached service thread that returned to svc_run
1577 * - decrement the `detached thread' count for the pool
1578 * - unlink the detached clone transport handle from the master
1579 * - free the clone structure
1580 * - return to userland for thread exit
1581 *
1582 * If this is the last thread on this transport then the call
1583 * to svc_clone_unlinkdetached() will destroy the transport.
1584 */
1585 static void
1587 {
1588 /* This must be a detached thread */
1603 /* return - thread exit will be handled at user level */
1607 /* return - thread exit will be handled at user level */
1608 }
1610 /*
1611 * PSARC 2003/523 Contract Private Interface
1612 * svc_wait
1613 * Changes must be reviewed by Solaris File Sharing
1614 * Changes must be communicated to contract-2003-523@sun.com
1615 */
1616 int
1618 {
1633 /* Check if there's already a user thread waiting on this pool */
1637 }
1641 /* Go to sleep, waiting for the signaled flag. */
1644 /* Interrupted, return to handle exit or signal */
1649 /*
1650 * Thread has been interrupted and therefore
1651 * the service daemon is leaving as well so
1652 * let's go ahead and remove the service
1653 * pool at this time.
1654 */
1660 }
1661 }
1666 /*
1667 * About to exit the service pool. Set return value
1668 * to let the userland code know our intent. Signal
1669 * svc_thread_creator() so that it can clean up the
1670 * pool structure.
1671 */
1675 }
1679 /* Return to userland with error code, for possible thread creation. */
1681 }
1683 /*
1684 * `Service threads' creator thread.
1685 * The creator thread waits for a signal to create new thread.
1686 */
1687 static void
1689 {
1698 /* Check if someone set the exit flag */
1702 /* Clear the `signaled' flag and go asleep */
1709 /* Check if someone signaled to exit */
1717 /*
1718 * When the pool is in closing state and all the transports
1719 * are gone the creator should not create any new threads.
1720 */
1727 }
1729 }
1731 /*
1732 * Create a new service thread now.
1733 */
1739 /*
1740 * Signal the service pool wait thread
1741 * only if it hasn't already been signaled.
1742 */
1747 }
1750 }
1753 }
1755 /*
1756 * Pool is closed. Cleanup and exit.
1757 */
1759 /* Signal userland creator thread that it can stop now. */
1765 /* Wait for svc_wait() to be done with the pool */
1771 }
1777 }
1779 /*
1780 * If the creator thread is idle signal it to create
1781 * a new service thread.
1782 */
1783 static void
1785 {
1790 }
1792 }
1794 /*
1795 * Notify the creator thread to clean up and exit.
1796 */
1797 static void
1799 {
1804 }
1806 /*
1807 * Polling part of the svc_run().
1808 * - search for a transport with a pending request
1809 * - when one is found then latch the request lock and return to svc_run()
1810 * - if there is no request go asleep and wait for a signal
1811 * - handle two exceptions:
1812 * a) current transport is closing
1813 * b) timeout waiting for a new request
1814 * in both cases return to svc_run()
1815 */
1818 {
1819 /*
1820 * Main loop iterates until
1821 * a) we find a pending request,
1822 * b) detect that the current transport is closing
1823 * c) time out waiting for a new request.
1824 */
1829 /*
1830 * Step 1.
1831 * Check if there is a pending request on the current
1832 * transport handle so that we can avoid cloning.
1833 * If so then decrement the `pending-request' count for
1834 * the pool and return to svc_run().
1835 *
1836 * We need to prevent a potential starvation. When
1837 * a selected transport has all pending requests coming in
1838 * all the time then the service threads will never switch to
1839 * another transport. With a limited number of service
1840 * threads some transports may be never serviced.
1841 * To prevent such a scenario we pick up at most
1842 * pool->p_max_same_xprt requests from the same transport
1843 * and then take a hint from the xprt-ready queue or walk
1844 * the transport list.
1845 */
1852 }
1855 /*
1856 * Step 2.
1857 * If there is no request on the current transport try to
1858 * find another transport with a pending request.
1859 */
1864 /*
1865 * Make sure that transports will not be destroyed just
1866 * while we are checking them.
1867 */
1873 /*
1874 * Get the next transport from the xprt-ready queue.
1875 * This is a hint. There is no guarantee that the
1876 * transport still has a pending request since it
1877 * could be picked up by another thread in step 1.
1878 *
1879 * If the transport has a pending request then keep
1880 * it locked. Decrement the `pending-requests' for
1881 * the pool and `walking-threads' counts, and return
1882 * to svc_run().
1883 */
1896 }
1898 }
1900 /*
1901 * If there was no hint in the xprt-ready queue then
1902 * - if there is less pending requests than polling
1903 * threads go asleep
1904 * - otherwise check if there was an overflow in the
1905 * xprt-ready queue; if so, then we need to break
1906 * the `drain' mode
1907 */
1914 }
1917 }
1918 }
1919 }
1921 /*
1922 * If there was an overflow in the xprt-ready queue then we
1923 * need to switch to the `drain' mode, i.e. walk through the
1924 * pool's transport list and search for a transport with a
1925 * pending request. If we manage to drain all the pending
1926 * requests then we can clear the overflow flag. This will
1927 * switch svc_poll() back to taking hints from the xprt-ready
1928 * queue (which is generally more efficient).
1929 *
1930 * If there are no registered transports simply go asleep.
1931 */
1935 }
1937 /*
1938 * `Walk' through the pool's list of master server
1939 * transport handles. Continue to loop until there are less
1940 * looping threads then pending requests.
1941 */
1945 /*
1946 * Check if there is a request on this transport.
1947 *
1948 * Since blocking on a locked mutex is very expensive
1949 * check for a request without a lock first. If we miss
1950 * a request that is just being delivered but this will
1951 * cost at most one full walk through the list.
1952 */
1954 /*
1955 * Check again, now with a lock.
1956 */
1966 }
1968 }
1970 /*
1971 * Continue to `walk' through the pool's
1972 * transport list until there is less requests
1973 * than walkers. Check this condition without
1974 * a lock first to avoid contention on a mutex.
1975 */
1977 /* Check again, now with the lock. */
1982 }
1985 }
1987 sleep:
1988 /*
1989 * No work to do. Stop the `walk' and go asleep.
1990 * Decrement the `walking-threads' count for the pool.
1991 */
1995 /*
1996 * Count us as asleep, mark this thread as safe
1997 * for suspend and wait for a request.
1998 */
2003 /*
2004 * If the drowsy flag is on this means that
2005 * someone has signaled a wakeup. In such a case
2006 * the `asleep-threads' count has already updated
2007 * so just clear the flag.
2008 *
2009 * If the drowsy flag is off then we need to update
2010 * the `asleep-threads' count.
2011 */
2014 /*
2015 * If the thread is here because it timedout,
2016 * instead of returning SVC_ETIMEDOUT, it is
2017 * time to do some more work.
2018 */
2023 }
2026 /*
2027 * If we received a signal while waiting for a
2028 * request, inform svc_run(), so that we can return
2029 * to user level and exit.
2030 */
2034 /*
2035 * If the current transport is gone then notify
2036 * svc_run() to unlink from it.
2037 */
2041 /*
2042 * If we have timed out waiting for a request inform
2043 * svc_run() that we probably don't need this thread.
2044 */
2047 }
2048 }
2050 /*
2051 * calculate memory space used by message
2052 */
2053 static size_t
2055 {
2062 }
2064 /*
2065 * svc_flowcontrol() attempts to turn the flow control on or off for the
2066 * transport.
2067 *
2068 * On input the xprt->xp_full determines whether the flow control is currently
2069 * off (FALSE) or on (TRUE). If it is off we do tests to see whether we should
2070 * turn it on, and vice versa.
2071 *
2072 * There are two conditions considered for the flow control. Both conditions
2073 * have the low and the high watermark. Once the high watermark is reached in
2074 * EITHER condition the flow control is turned on. For turning the flow
2075 * control off BOTH conditions must be below the low watermark.
2076 *
2077 * Condition #1 - Number of requests queued:
2078 *
2079 * The max number of threads working on the pool is roughly pool->p_maxthreads.
2080 * Every thread could handle up to pool->p_max_same_xprt requests from one
2081 * transport before it moves to another transport. See svc_poll() for details.
2082 * In case all threads in the pool are working on a transport they will handle
2083 * no more than enough_reqs (pool->p_maxthreads * pool->p_max_same_xprt)
2084 * requests in one shot from that transport. We are turning the flow control
2085 * on once the high watermark is reached for a transport so that the underlying
2086 * queue knows the rate of incoming requests is higher than we are able to
2087 * handle.
2088 *
2089 * The high watermark: 2 * enough_reqs
2090 * The low watermark: enough_reqs
2091 *
2092 * Condition #2 - Length of the data payload for the queued messages/requests:
2093 *
2094 * We want to prevent a particular pool exhausting the memory, so once the
2095 * total length of queued requests for the whole pool reaches the high
2096 * watermark we start to turn on the flow control for significant memory
2097 * consumers (individual transports). To keep the implementation simple
2098 * enough, this condition is not exact, because we count only the data part of
2099 * the queued requests and we ignore the overhead. For our purposes this
2100 * should be enough. We should also consider that up to pool->p_maxthreads
2101 * threads for the pool might work on large requests (this is not counted for
2102 * this condition). We need to leave some space for rest of the system and for
2103 * other big memory consumers (like ZFS). Also, after the flow control is
2104 * turned on (on cots transports) we can start to accumulate a few megabytes in
2105 * queues for each transport.
2106 *
2107 * Usually, the big memory consumers are NFS WRITE requests, so we do not
2108 * expect to see this condition met for other than NFS pools.
2109 *
2110 * The high watermark: 1/5 of available memory
2111 * The low watermark: 1/6 of available memory
2112 *
2113 * Once the high watermark is reached we turn the flow control on only for
2114 * transports exceeding a per-transport memory limit. The per-transport
2115 * fraction of memory is calculated as:
2116 *
2117 * the high watermark / number of transports
2118 *
2119 * For transports with less than the per-transport fraction of memory consumed,
2120 * the flow control is not turned on, so they are not blocked by a few "hungry"
2121 * transports. Because of this, the total memory consumption for the
2122 * particular pool might grow up to 2 * the high watermark.
2123 *
2124 * The individual transports are unblocked once their consumption is below:
2125 *
2126 * per-transport fraction of memory / 2
2127 *
2128 * or once the total memory consumption for the whole pool falls below the low
2129 * watermark.
2130 *
2131 */
2132 static void
2134 {
2141 /* Should we turn the flow control on? */
2143 /* Is flow control disabled? */
2147 /* Is there enough requests queued? */
2151 }
2153 /*
2154 * If this pool uses over 20% of memory and this transport is
2155 * significant memory consumer then we are full
2156 */
2162 }
2164 /* We might want to turn the flow control off */
2166 /* Do we still have enough requests? */
2170 /*
2171 * If this pool still uses over 16% of memory and this transport is
2172 * still significant memory consumer then we are still full
2173 */
2178 /* Turn the flow control off and make sure rpcmod is notified */
2181 }
2183 /*
2184 * Main loop of the kernel RPC server
2185 * - wait for input (find a transport with a pending request).
2186 * - dequeue the request
2187 * - call a registered server routine to process the requests
2188 *
2189 * There can many threads running concurrently in this loop
2190 * on the same or on different transports.
2191 */
2192 static int
2194 {
2199 /* Allocate a clone transport handle for this thread */
2202 /*
2203 * The loop iterates until the thread becomes
2204 * idle too long or the transport is gone.
2205 */
2209 bool_t enable;
2214 /*
2215 * If the process is exiting/killed, return
2216 * immediately without processing any more
2217 * requests.
2218 */
2222 }
2224 /* Find a transport with a pending request */
2227 /*
2228 * If svc_poll() finds a transport with a request
2229 * it latches xp_req_lock on it. Therefore we need
2230 * to dequeue the request and release the lock as
2231 * soon as possible.
2232 */
2239 /* Ooops! Current transport is closing. Unlink now */
2244 }
2246 /* Ooops! Timeout while waiting for a request. Exit */
2250 }
2252 /*
2253 * Interrupted by a signal while waiting for a
2254 * request. Return to userspace and exit.
2255 */
2259 }
2261 /*
2262 * De-queue the request and release the request lock
2263 * on this transport (latched by svc_poll()).
2264 */
2287 /*
2288 * If this is a new request on a current transport then
2289 * the clone structure is already properly initialized.
2290 * Otherwise, if the request is on a different transport,
2291 * unlink from the current master and link to
2292 * the one we got a request on.
2293 */
2299 }
2301 /*
2302 * If there are more requests and req_cv hasn't
2303 * been signaled yet then wake up one more thread now.
2304 *
2305 * We avoid signaling req_cv until the most recently
2306 * signaled thread wakes up and gets CPU to clear
2307 * the `drowsy' flag.
2308 */
2322 }
2323 }
2325 /*
2326 * If there are no asleep/signaled threads, we are
2327 * still below pool->p_maxthreads limit, and no thread is
2328 * currently being created then signal the creator
2329 * for one more service thread.
2330 *
2331 * The asleep and drowsy checks are not protected
2332 * by a lock since it hurts performance and a wrong
2333 * decision is not essential.
2334 */
2340 /*
2341 * Process the request.
2342 */
2345 /* If thread had a reservation it should have been canceled */
2348 /*
2349 * If the clone is marked detached then exit.
2350 * The rpcmod slot has already been released
2351 * when we detached this thread.
2352 */
2356 }
2358 /*
2359 * Release our reference on the rpcmod
2360 * slot attached to xp_wq->q_ptr.
2361 */
2368 }
2369 /* NOTREACHED */
2370 }
2372 /*
2373 * Flush any pending requests for the queue and
2374 * free the associated mblks.
2375 */
2376 void
2378 {
2383 /*
2384 * clean up the requests
2385 */
2389 /* remove the request from the list */
2393 }
2405 }
2407 /*
2408 * This routine is called by rpcmod to inform kernel RPC that a
2409 * queue is closing. It is called after all the requests have been
2410 * picked up (that is after all the slots on the queue have
2411 * been released by kernel RPC). It is also guaranteed that no more
2412 * request will be delivered on this transport.
2413 *
2414 * - clear xp_wq to mark the master server transport handle as closing
2415 * - if there are no more threads on this transport close/destroy it
2416 * - otherwise, leave the linked threads to close/destroy the transport
2417 * later.
2418 */
2419 void
2421 {
2425 /*
2426 * If there is no master xprt associated with this stream,
2427 * then there is nothing to do. This happens regularly
2428 * with connection-oriented listening streams created by
2429 * nfsd.
2430 */
2432 }
2444 /*
2445 * svc_xprt_cleanup() destroys the transport
2446 * or releases the transport thread lock
2447 */
2452 /*
2453 * If the pool is in closing state and this was
2454 * the last transport in the pool then signal the creator
2455 * thread to clean up and exit.
2456 */
2459 }
2462 /*
2463 * There are still some threads linked to the transport. They
2464 * are very likely sleeping in svc_poll(). We could wake up
2465 * them by broadcasting on the p_req_cv condition variable, but
2466 * that might give us a performance penalty if there are too
2467 * many sleeping threads.
2468 *
2469 * Instead, we do nothing here. The linked threads will unlink
2470 * themselves and destroy the transport once they are woken up
2471 * on timeout, or by new request. There is no reason to hurry
2472 * up now with the thread wake up.
2473 */
2475 /*
2476 * NOTICE: No references to the master transport structure
2477 * beyond this point!
2478 */
2480 }
2481 }
2483 /*
2484 * Interrupt `request delivery' routine called from rpcmod
2485 * - put a request at the tail of the transport request queue
2486 * - insert a hint for svc_poll() into the xprt-ready queue
2487 * - increment the `pending-requests' count for the pool
2488 * - handle flow control
2489 * - wake up a thread sleeping in svc_poll() if necessary
2490 * - if all the threads are running ask the creator for a new one.
2491 */
2492 bool_t
2494 {
2501 /*
2502 * Step 1.
2503 * Grab the transport's request lock and the
2504 * pool's request lock so that when we put
2505 * the request at the tail of the transport's
2506 * request queue, possibly put the request on
2507 * the xprt ready queue and increment the
2508 * pending request count it looks atomic.
2509 */
2515 }
2520 else
2524 /*
2525 * Step 2.
2526 * Insert a hint into the xprt-ready queue, increment
2527 * counters, handle flow control, and wake up
2528 * a thread sleeping in svc_poll() if necessary.
2529 */
2531 /* Insert pointer to this transport into the xprt-ready queue */
2534 /* Increment counters */
2542 /* Handle flow control */
2549 /*
2550 * If there are more requests and req_cv hasn't
2551 * been signaled yet then wake up one more thread now.
2552 *
2553 * We avoid signaling req_cv until the most recently
2554 * signaled thread wakes up and gets CPU to clear
2555 * the `drowsy' flag.
2556 */
2564 /*
2565 * Signal wakeup and drop the request lock.
2566 */
2569 }
2572 /*
2573 * Step 3.
2574 * If there are no asleep/signaled threads, we are
2575 * still below pool->p_maxthreads limit, and no thread is
2576 * currently being created then signal the creator
2577 * for one more service thread.
2578 *
2579 * The asleep and drowsy checks are not not protected
2580 * by a lock since it hurts performance and a wrong
2581 * decision is not essential.
2582 */
2591 }
2593 /*
2594 * Reserve a service thread so that it can be detached later.
2595 * This reservation is required to make sure that when it tries to
2596 * detach itself the total number of detached threads does not exceed
2597 * pool->p_maxthreads - pool->p_redline (i.e. that we can have
2598 * up to pool->p_redline non-detached threads).
2599 *
2600 * If the thread does not detach itself later, it should cancel the
2601 * reservation before returning to svc_run().
2602 *
2603 * - check if there is room for more reserved/detached threads
2604 * - if so, then increment the `reserved threads' count for the pool
2605 * - mark the thread as reserved (setting the flag in the clone transport
2606 * handle for this thread
2607 * - returns 1 if the reservation succeeded, 0 if it failed.
2608 */
2609 int
2611 {
2614 /* Recursive reservations are not allowed */
2618 /* Check pool counts if there is room for reservation */
2624 }
2628 /* Mark the thread (clone handle) as reserved */
2632 }
2634 /*
2635 * Cancel a reservation for a thread.
2636 * - decrement the `reserved threads' count for the pool
2637 * - clear the flag in the clone transport handle for this thread.
2638 */
2639 void
2641 {
2644 /* Thread must have a reservation */
2648 /* Decrement global count */
2653 /* Clear reservation flag */
2655 }
2657 /*
2658 * Detach a thread from its transport, so that it can block for an
2659 * extended time. Because the transport can be closed after the thread is
2660 * detached, the thread should have already sent off a reply if it was
2661 * going to send one.
2662 *
2663 * - decrement `non-detached threads' count and increment `detached threads'
2664 * counts for the transport
2665 * - decrement the `non-detached threads' and `reserved threads'
2666 * counts and increment the `detached threads' count for the pool
2667 * - release the rpcmod slot
2668 * - mark the clone (thread) as detached.
2669 *
2670 * No need to return a pointer to the thread's CPR information, since
2671 * the thread has a userland identity.
2672 *
2673 * NOTICE: a thread must not detach itself without making a prior reservation
2674 * through svc_thread_reserve().
2675 */
2676 callb_cpr_t *
2678 {
2681 bool_t enable;
2683 /* Thread must have a reservation */
2687 /* Bookkeeping for this transport */
2693 /* Bookkeeping for the pool */
2700 /* Release an rpcmod slot for this request */
2708 /* Mark the clone (thread) as detached */
2713 }
2715 /*
2716 * This routine is responsible for extracting RDMA plugin master XPRT,
2717 * unregister from the SVCPOOL and initiate plugin specific cleanup.
2718 * It is passed a list/group of rdma transports as records which are
2719 * active in a given registered or unregistered kRPC thread pool. Its shuts
2720 * all active rdma transports in that pool. If the thread active on the trasport
2721 * happens to be last thread for that pool, it will signal the creater thread
2722 * to cleanup the pool and destroy the xprt in svc_queueclose()
2723 */
2724 void
2726 {
2753 /* remove the request from the list */
2760 }
2771 #ifdef DEBUG
2774 #endif
2775 /*
2776 * Free the rdma transport record for the expunged rdma
2777 * based master transport handle.
2778 */
2782 }
2783 }
2786 /*
2787 * rpc_msg_dup/rpc_msg_free
2788 * Currently only used by svc_rpcsec_gss.c but put in this file as it
2789 * may be useful to others in the future.
2790 * But future consumers should be careful cuz so far
2791 * - only tested/used for call msgs (not reply)
2792 * - only tested/used with call verf oa_length==0
2793 */
2796 {
2810 /* dup opaque auth call body cred */
2821 /* dup or just alloc opaque auth call body verifier */
2839 }
2842 error:
2846 }
2848 void
2850 {
2863 }