search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
[linux/fpc-iii.git] / net / tipc / server.c
blobf351863076c23a518dca07c7a9c3b0e9592b09e2
1 /*
2 * net/tipc/server.c: TIPC server infrastructure
3 *
4 * Copyright (c) 2012-2013, Wind River Systems
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the names of the copyright holders nor the names of its
16 * contributors may be used to endorse or promote products derived from
17 * this software without specific prior written permission.
18 *
19 * Alternatively, this software may be distributed under the terms of the
20 * GNU General Public License ("GPL") version 2 as published by the Free
21 * Software Foundation.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
24 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGE.
34 */
35
36 #include "server.h"
37 #include "core.h"
38 #include "socket.h"
39 #include <net/sock.h>
40 #include <linux/module.h>
41
42 /* Number of messages to send before rescheduling */
43 #define MAX_SEND_MSG_COUNT 25
44 #define MAX_RECV_MSG_COUNT 25
45 #define CF_CONNECTED 1
46 #define CF_SERVER 2
47
48 #define sock2con(x) ((struct tipc_conn *)(x)->sk_user_data)
49
50 /**
51 * struct tipc_conn - TIPC connection structure
52 * @kref: reference counter to connection object
53 * @conid: connection identifier
54 * @sock: socket handler associated with connection
55 * @flags: indicates connection state
56 * @server: pointer to connected server
57 * @rwork: receive work item
58 * @usr_data: user-specified field
59 * @rx_action: what to do when connection socket is active
60 * @outqueue: pointer to first outbound message in queue
61 * @outqueue_lock: control access to the outqueue
62 * @outqueue: list of connection objects for its server
63 * @swork: send work item
64 */
65 struct tipc_conn {
66 struct kref kref;
67 int conid;
68 struct socket *sock;
69 unsigned long flags;
70 struct tipc_server *server;
71 struct work_struct rwork;
72 int (*rx_action) (struct tipc_conn *con);
73 void *usr_data;
74 struct list_head outqueue;
75 spinlock_t outqueue_lock;
76 struct work_struct swork;
77 };
78
79 /* An entry waiting to be sent */
80 struct outqueue_entry {
81 struct list_head list;
82 struct kvec iov;
83 struct sockaddr_tipc dest;
84 };
85
86 static void tipc_recv_work(struct work_struct *work);
87 static void tipc_send_work(struct work_struct *work);
88 static void tipc_clean_outqueues(struct tipc_conn *con);
89
90 static void tipc_conn_kref_release(struct kref *kref)
91 {
92 struct tipc_conn *con = container_of(kref, struct tipc_conn, kref);
93 struct sockaddr_tipc *saddr = con->server->saddr;
94 struct socket *sock = con->sock;
95 struct sock *sk;
96
97 if (sock) {
98 sk = sock->sk;
99 if (test_bit(CF_SERVER, &con->flags)) {
100 __module_get(sock->ops->owner);
101 __module_get(sk->sk_prot_creator->owner);
102 }
103 saddr->scope = -TIPC_NODE_SCOPE;
104 kernel_bind(sock, (struct sockaddr *)saddr, sizeof(*saddr));
105 sock_release(sock);
106 con->sock = NULL;
107 }
108
109 tipc_clean_outqueues(con);
110 kfree(con);
111 }
112
113 static void conn_put(struct tipc_conn *con)
114 {
115 kref_put(&con->kref, tipc_conn_kref_release);
116 }
117
118 static void conn_get(struct tipc_conn *con)
119 {
120 kref_get(&con->kref);
121 }
122
123 static struct tipc_conn *tipc_conn_lookup(struct tipc_server *s, int conid)
124 {
125 struct tipc_conn *con;
126
127 spin_lock_bh(&s->idr_lock);
128 con = idr_find(&s->conn_idr, conid);
129 if (con)
130 conn_get(con);
131 spin_unlock_bh(&s->idr_lock);
132 return con;
133 }
134
135 static void sock_data_ready(struct sock *sk)
136 {
137 struct tipc_conn *con;
138
139 read_lock(&sk->sk_callback_lock);
140 con = sock2con(sk);
141 if (con && test_bit(CF_CONNECTED, &con->flags)) {
142 conn_get(con);
143 if (!queue_work(con->server->rcv_wq, &con->rwork))
144 conn_put(con);
145 }
146 read_unlock(&sk->sk_callback_lock);
147 }
148
149 static void sock_write_space(struct sock *sk)
150 {
151 struct tipc_conn *con;
152
153 read_lock(&sk->sk_callback_lock);
154 con = sock2con(sk);
155 if (con && test_bit(CF_CONNECTED, &con->flags)) {
156 conn_get(con);
157 if (!queue_work(con->server->send_wq, &con->swork))
158 conn_put(con);
159 }
160 read_unlock(&sk->sk_callback_lock);
161 }
162
163 static void tipc_register_callbacks(struct socket *sock, struct tipc_conn *con)
164 {
165 struct sock *sk = sock->sk;
166
167 write_lock_bh(&sk->sk_callback_lock);
168
169 sk->sk_data_ready = sock_data_ready;
170 sk->sk_write_space = sock_write_space;
171 sk->sk_user_data = con;
172
173 con->sock = sock;
174
175 write_unlock_bh(&sk->sk_callback_lock);
176 }
177
178 static void tipc_unregister_callbacks(struct tipc_conn *con)
179 {
180 struct sock *sk = con->sock->sk;
181
182 write_lock_bh(&sk->sk_callback_lock);
183 sk->sk_user_data = NULL;
184 write_unlock_bh(&sk->sk_callback_lock);
185 }
186
187 static void tipc_close_conn(struct tipc_conn *con)
188 {
189 struct tipc_server *s = con->server;
190
191 if (test_and_clear_bit(CF_CONNECTED, &con->flags)) {
192 if (con->conid)
193 s->tipc_conn_shutdown(con->conid, con->usr_data);
194
195 spin_lock_bh(&s->idr_lock);
196 idr_remove(&s->conn_idr, con->conid);
197 s->idr_in_use--;
198 spin_unlock_bh(&s->idr_lock);
199
200 tipc_unregister_callbacks(con);
201
202 /* We shouldn't flush pending works as we may be in the
203 * thread. In fact the races with pending rx/tx work structs
204 * are harmless for us here as we have already deleted this
205 * connection from server connection list and set
206 * sk->sk_user_data to 0 before releasing connection object.
207 */
208 kernel_sock_shutdown(con->sock, SHUT_RDWR);
209
210 conn_put(con);
211 }
212 }
213
214 static struct tipc_conn *tipc_alloc_conn(struct tipc_server *s)
215 {
216 struct tipc_conn *con;
217 int ret;
218
219 con = kzalloc(sizeof(struct tipc_conn), GFP_ATOMIC);
220 if (!con)
221 return ERR_PTR(-ENOMEM);
222
223 kref_init(&con->kref);
224 INIT_LIST_HEAD(&con->outqueue);
225 spin_lock_init(&con->outqueue_lock);
226 INIT_WORK(&con->swork, tipc_send_work);
227 INIT_WORK(&con->rwork, tipc_recv_work);
228
229 spin_lock_bh(&s->idr_lock);
230 ret = idr_alloc(&s->conn_idr, con, 0, 0, GFP_ATOMIC);
231 if (ret < 0) {
232 kfree(con);
233 spin_unlock_bh(&s->idr_lock);
234 return ERR_PTR(-ENOMEM);
235 }
236 con->conid = ret;
237 s->idr_in_use++;
238 spin_unlock_bh(&s->idr_lock);
239
240 set_bit(CF_CONNECTED, &con->flags);
241 con->server = s;
242
243 return con;
244 }
245
246 static int tipc_receive_from_sock(struct tipc_conn *con)
247 {
248 struct msghdr msg = {};
249 struct tipc_server *s = con->server;
250 struct sockaddr_tipc addr;
251 struct kvec iov;
252 void *buf;
253 int ret;
254
255 buf = kmem_cache_alloc(s->rcvbuf_cache, GFP_ATOMIC);
256 if (!buf) {
257 ret = -ENOMEM;
258 goto out_close;
259 }
260
261 iov.iov_base = buf;
262 iov.iov_len = s->max_rcvbuf_size;
263 msg.msg_name = &addr;
264 ret = kernel_recvmsg(con->sock, &msg, &iov, 1, iov.iov_len,
265 MSG_DONTWAIT);
266 if (ret <= 0) {
267 kmem_cache_free(s->rcvbuf_cache, buf);
268 goto out_close;
269 }
270
271 s->tipc_conn_recvmsg(sock_net(con->sock->sk), con->conid, &addr,
272 con->usr_data, buf, ret);
273
274 kmem_cache_free(s->rcvbuf_cache, buf);
275
276 return 0;
277
278 out_close:
279 if (ret != -EWOULDBLOCK)
280 tipc_close_conn(con);
281 else if (ret == 0)
282 /* Don't return success if we really got EOF */
283 ret = -EAGAIN;
284
285 return ret;
286 }
287
288 static int tipc_accept_from_sock(struct tipc_conn *con)
289 {
290 struct tipc_server *s = con->server;
291 struct socket *sock = con->sock;
292 struct socket *newsock;
293 struct tipc_conn *newcon;
294 int ret;
295
296 ret = kernel_accept(sock, &newsock, O_NONBLOCK);
297 if (ret < 0)
298 return ret;
299
300 newcon = tipc_alloc_conn(con->server);
301 if (IS_ERR(newcon)) {
302 ret = PTR_ERR(newcon);
303 sock_release(newsock);
304 return ret;
305 }
306
307 newcon->rx_action = tipc_receive_from_sock;
308 tipc_register_callbacks(newsock, newcon);
309
310 /* Notify that new connection is incoming */
311 newcon->usr_data = s->tipc_conn_new(newcon->conid);
312 if (!newcon->usr_data) {
313 sock_release(newsock);
314 conn_put(newcon);
315 return -ENOMEM;
316 }
317
318 /* Wake up receive process in case of 'SYN+' message */
319 newsock->sk->sk_data_ready(newsock->sk);
320 return ret;
321 }
322
323 static struct socket *tipc_create_listen_sock(struct tipc_conn *con)
324 {
325 struct tipc_server *s = con->server;
326 struct socket *sock = NULL;
327 int ret;
328
329 ret = sock_create_kern(s->net, AF_TIPC, SOCK_SEQPACKET, 0, &sock);
330 if (ret < 0)
331 return NULL;
332 ret = kernel_setsockopt(sock, SOL_TIPC, TIPC_IMPORTANCE,
333 (char *)&s->imp, sizeof(s->imp));
334 if (ret < 0)
335 goto create_err;
336 ret = kernel_bind(sock, (struct sockaddr *)s->saddr, sizeof(*s->saddr));
337 if (ret < 0)
338 goto create_err;
339
340 switch (s->type) {
341 case SOCK_STREAM:
342 case SOCK_SEQPACKET:
343 con->rx_action = tipc_accept_from_sock;
344
345 ret = kernel_listen(sock, 0);
346 if (ret < 0)
347 goto create_err;
348 break;
349 case SOCK_DGRAM:
350 case SOCK_RDM:
351 con->rx_action = tipc_receive_from_sock;
352 break;
353 default:
354 pr_err("Unknown socket type %d\n", s->type);
355 goto create_err;
356 }
357
358 /* As server's listening socket owner and creator is the same module,
359 * we have to decrease TIPC module reference count to guarantee that
360 * it remains zero after the server socket is created, otherwise,
361 * executing "rmmod" command is unable to make TIPC module deleted
362 * after TIPC module is inserted successfully.
363 *
364 * However, the reference count is ever increased twice in
365 * sock_create_kern(): one is to increase the reference count of owner
366 * of TIPC socket's proto_ops struct; another is to increment the
367 * reference count of owner of TIPC proto struct. Therefore, we must
368 * decrement the module reference count twice to ensure that it keeps
369 * zero after server's listening socket is created. Of course, we
370 * must bump the module reference count twice as well before the socket
371 * is closed.
372 */
373 module_put(sock->ops->owner);
374 module_put(sock->sk->sk_prot_creator->owner);
375 set_bit(CF_SERVER, &con->flags);
376
377 return sock;
378
379 create_err:
380 kernel_sock_shutdown(sock, SHUT_RDWR);
381 sock_release(sock);
382 return NULL;
383 }
384
385 static int tipc_open_listening_sock(struct tipc_server *s)
386 {
387 struct socket *sock;
388 struct tipc_conn *con;
389
390 con = tipc_alloc_conn(s);
391 if (IS_ERR(con))
392 return PTR_ERR(con);
393
394 sock = tipc_create_listen_sock(con);
395 if (!sock) {
396 idr_remove(&s->conn_idr, con->conid);
397 s->idr_in_use--;
398 kfree(con);
399 return -EINVAL;
400 }
401
402 tipc_register_callbacks(sock, con);
403 return 0;
404 }
405
406 static struct outqueue_entry *tipc_alloc_entry(void *data, int len)
407 {
408 struct outqueue_entry *entry;
409 void *buf;
410
411 entry = kmalloc(sizeof(struct outqueue_entry), GFP_ATOMIC);
412 if (!entry)
413 return NULL;
414
415 buf = kmalloc(len, GFP_ATOMIC);
416 if (!buf) {
417 kfree(entry);
418 return NULL;
419 }
420
421 memcpy(buf, data, len);
422 entry->iov.iov_base = buf;
423 entry->iov.iov_len = len;
424
425 return entry;
426 }
427
428 static void tipc_free_entry(struct outqueue_entry *e)
429 {
430 kfree(e->iov.iov_base);
431 kfree(e);
432 }
433
434 static void tipc_clean_outqueues(struct tipc_conn *con)
435 {
436 struct outqueue_entry *e, *safe;
437
438 spin_lock_bh(&con->outqueue_lock);
439 list_for_each_entry_safe(e, safe, &con->outqueue, list) {
440 list_del(&e->list);
441 tipc_free_entry(e);
442 }
443 spin_unlock_bh(&con->outqueue_lock);
444 }
445
446 int tipc_conn_sendmsg(struct tipc_server *s, int conid,
447 struct sockaddr_tipc *addr, void *data, size_t len)
448 {
449 struct outqueue_entry *e;
450 struct tipc_conn *con;
451
452 con = tipc_conn_lookup(s, conid);
453 if (!con)
454 return -EINVAL;
455
456 if (!test_bit(CF_CONNECTED, &con->flags)) {
457 conn_put(con);
458 return 0;
459 }
460
461 e = tipc_alloc_entry(data, len);
462 if (!e) {
463 conn_put(con);
464 return -ENOMEM;
465 }
466
467 if (addr)
468 memcpy(&e->dest, addr, sizeof(struct sockaddr_tipc));
469
470 spin_lock_bh(&con->outqueue_lock);
471 list_add_tail(&e->list, &con->outqueue);
472 spin_unlock_bh(&con->outqueue_lock);
473
474 if (!queue_work(s->send_wq, &con->swork))
475 conn_put(con);
476 return 0;
477 }
478
479 void tipc_conn_terminate(struct tipc_server *s, int conid)
480 {
481 struct tipc_conn *con;
482
483 con = tipc_conn_lookup(s, conid);
484 if (con) {
485 tipc_close_conn(con);
486 conn_put(con);
487 }
488 }
489
490 static void tipc_send_to_sock(struct tipc_conn *con)
491 {
492 int count = 0;
493 struct tipc_server *s = con->server;
494 struct outqueue_entry *e;
495 struct msghdr msg;
496 int ret;
497
498 spin_lock_bh(&con->outqueue_lock);
499 while (test_bit(CF_CONNECTED, &con->flags)) {
500 e = list_entry(con->outqueue.next, struct outqueue_entry,
501 list);
502 if ((struct list_head *) e == &con->outqueue)
503 break;
504 spin_unlock_bh(&con->outqueue_lock);
505
506 memset(&msg, 0, sizeof(msg));
507 msg.msg_flags = MSG_DONTWAIT;
508
509 if (s->type == SOCK_DGRAM || s->type == SOCK_RDM) {
510 msg.msg_name = &e->dest;
511 msg.msg_namelen = sizeof(struct sockaddr_tipc);
512 }
513 ret = kernel_sendmsg(con->sock, &msg, &e->iov, 1,
514 e->iov.iov_len);
515 if (ret == -EWOULDBLOCK || ret == 0) {
516 cond_resched();
517 goto out;
518 } else if (ret < 0) {
519 goto send_err;
520 }
521
522 /* Don't starve users filling buffers */
523 if (++count >= MAX_SEND_MSG_COUNT) {
524 cond_resched();
525 count = 0;
526 }
527
528 spin_lock_bh(&con->outqueue_lock);
529 list_del(&e->list);
530 tipc_free_entry(e);
531 }
532 spin_unlock_bh(&con->outqueue_lock);
533 out:
534 return;
535
536 send_err:
537 tipc_close_conn(con);
538 }
539
540 static void tipc_recv_work(struct work_struct *work)
541 {
542 struct tipc_conn *con = container_of(work, struct tipc_conn, rwork);
543 int count = 0;
544
545 while (test_bit(CF_CONNECTED, &con->flags)) {
546 if (con->rx_action(con))
547 break;
548
549 /* Don't flood Rx machine */
550 if (++count >= MAX_RECV_MSG_COUNT) {
551 cond_resched();
552 count = 0;
553 }
554 }
555 conn_put(con);
556 }
557
558 static void tipc_send_work(struct work_struct *work)
559 {
560 struct tipc_conn *con = container_of(work, struct tipc_conn, swork);
561
562 if (test_bit(CF_CONNECTED, &con->flags))
563 tipc_send_to_sock(con);
564
565 conn_put(con);
566 }
567
568 static void tipc_work_stop(struct tipc_server *s)
569 {
570 destroy_workqueue(s->rcv_wq);
571 destroy_workqueue(s->send_wq);
572 }
573
574 static int tipc_work_start(struct tipc_server *s)
575 {
576 s->rcv_wq = alloc_workqueue("tipc_rcv", WQ_UNBOUND, 1);
577 if (!s->rcv_wq) {
578 pr_err("can't start tipc receive workqueue\n");
579 return -ENOMEM;
580 }
581
582 s->send_wq = alloc_workqueue("tipc_send", WQ_UNBOUND, 1);
583 if (!s->send_wq) {
584 pr_err("can't start tipc send workqueue\n");
585 destroy_workqueue(s->rcv_wq);
586 return -ENOMEM;
587 }
588
589 return 0;
590 }
591
592 int tipc_server_start(struct tipc_server *s)
593 {
594 int ret;
595
596 spin_lock_init(&s->idr_lock);
597 idr_init(&s->conn_idr);
598 s->idr_in_use = 0;
599
600 s->rcvbuf_cache = kmem_cache_create(s->name, s->max_rcvbuf_size,
601 0, SLAB_HWCACHE_ALIGN, NULL);
602 if (!s->rcvbuf_cache)
603 return -ENOMEM;
604
605 ret = tipc_work_start(s);
606 if (ret < 0) {
607 kmem_cache_destroy(s->rcvbuf_cache);
608 return ret;
609 }
610 ret = tipc_open_listening_sock(s);
611 if (ret < 0) {
612 tipc_work_stop(s);
613 kmem_cache_destroy(s->rcvbuf_cache);
614 return ret;
615 }
616 return ret;
617 }
618
619 void tipc_server_stop(struct tipc_server *s)
620 {
621 struct tipc_conn *con;
622 int id;
623
624 spin_lock_bh(&s->idr_lock);
625 for (id = 0; s->idr_in_use; id++) {
626 con = idr_find(&s->conn_idr, id);
627 if (con) {
628 spin_unlock_bh(&s->idr_lock);
629 tipc_close_conn(con);
630 spin_lock_bh(&s->idr_lock);
631 }
632 }
633 spin_unlock_bh(&s->idr_lock);
634
635 tipc_work_stop(s);
636 kmem_cache_destroy(s->rcvbuf_cache);
637 idr_destroy(&s->conn_idr);
638 }
Linux with added FPC-III support