KEYS: add missing permission check for request_key() destination
[linux/fpc-iii.git] / net / tipc / server.c
bloba538a02f869b0745000ab117d80791e6d9262c69
1 /*
2 * net/tipc/server.c: TIPC server infrastructure
4 * Copyright (c) 2012-2013, Wind River Systems
5 * All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the names of the copyright holders nor the names of its
16 * contributors may be used to endorse or promote products derived from
17 * this software without specific prior written permission.
19 * Alternatively, this software may be distributed under the terms of the
20 * GNU General Public License ("GPL") version 2 as published by the Free
21 * Software Foundation.
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
24 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGE.
36 #include "server.h"
37 #include "core.h"
38 #include <net/sock.h>
40 /* Number of messages to send before rescheduling */
41 #define MAX_SEND_MSG_COUNT 25
42 #define MAX_RECV_MSG_COUNT 25
43 #define CF_CONNECTED 1
45 #define sock2con(x) ((struct tipc_conn *)(x)->sk_user_data)
47 /**
48 * struct tipc_conn - TIPC connection structure
49 * @kref: reference counter to connection object
50 * @conid: connection identifier
51 * @sock: socket handler associated with connection
52 * @flags: indicates connection state
53 * @server: pointer to connected server
54 * @rwork: receive work item
55 * @usr_data: user-specified field
56 * @rx_action: what to do when connection socket is active
57 * @outqueue: pointer to first outbound message in queue
58 * @outqueue_lock: control access to the outqueue
59 * @outqueue: list of connection objects for its server
60 * @swork: send work item
62 struct tipc_conn {
63 struct kref kref;
64 int conid;
65 struct socket *sock;
66 unsigned long flags;
67 struct tipc_server *server;
68 struct work_struct rwork;
69 int (*rx_action) (struct tipc_conn *con);
70 void *usr_data;
71 struct list_head outqueue;
72 spinlock_t outqueue_lock;
73 struct work_struct swork;
76 /* An entry waiting to be sent */
77 struct outqueue_entry {
78 struct list_head list;
79 struct kvec iov;
80 struct sockaddr_tipc dest;
83 static void tipc_recv_work(struct work_struct *work);
84 static void tipc_send_work(struct work_struct *work);
85 static void tipc_clean_outqueues(struct tipc_conn *con);
87 static void tipc_conn_kref_release(struct kref *kref)
89 struct tipc_conn *con = container_of(kref, struct tipc_conn, kref);
91 if (con->sock) {
92 tipc_sock_release_local(con->sock);
93 con->sock = NULL;
96 tipc_clean_outqueues(con);
97 kfree(con);
100 static void conn_put(struct tipc_conn *con)
102 kref_put(&con->kref, tipc_conn_kref_release);
105 static void conn_get(struct tipc_conn *con)
107 kref_get(&con->kref);
110 static struct tipc_conn *tipc_conn_lookup(struct tipc_server *s, int conid)
112 struct tipc_conn *con;
114 spin_lock_bh(&s->idr_lock);
115 con = idr_find(&s->conn_idr, conid);
116 if (con)
117 conn_get(con);
118 spin_unlock_bh(&s->idr_lock);
119 return con;
122 static void sock_data_ready(struct sock *sk)
124 struct tipc_conn *con;
126 read_lock(&sk->sk_callback_lock);
127 con = sock2con(sk);
128 if (con && test_bit(CF_CONNECTED, &con->flags)) {
129 conn_get(con);
130 if (!queue_work(con->server->rcv_wq, &con->rwork))
131 conn_put(con);
133 read_unlock(&sk->sk_callback_lock);
136 static void sock_write_space(struct sock *sk)
138 struct tipc_conn *con;
140 read_lock(&sk->sk_callback_lock);
141 con = sock2con(sk);
142 if (con && test_bit(CF_CONNECTED, &con->flags)) {
143 conn_get(con);
144 if (!queue_work(con->server->send_wq, &con->swork))
145 conn_put(con);
147 read_unlock(&sk->sk_callback_lock);
150 static void tipc_register_callbacks(struct socket *sock, struct tipc_conn *con)
152 struct sock *sk = sock->sk;
154 write_lock_bh(&sk->sk_callback_lock);
156 sk->sk_data_ready = sock_data_ready;
157 sk->sk_write_space = sock_write_space;
158 sk->sk_user_data = con;
160 con->sock = sock;
162 write_unlock_bh(&sk->sk_callback_lock);
165 static void tipc_unregister_callbacks(struct tipc_conn *con)
167 struct sock *sk = con->sock->sk;
169 write_lock_bh(&sk->sk_callback_lock);
170 sk->sk_user_data = NULL;
171 write_unlock_bh(&sk->sk_callback_lock);
174 static void tipc_close_conn(struct tipc_conn *con)
176 struct tipc_server *s = con->server;
178 if (test_and_clear_bit(CF_CONNECTED, &con->flags)) {
179 if (con->conid)
180 s->tipc_conn_shutdown(con->conid, con->usr_data);
182 spin_lock_bh(&s->idr_lock);
183 idr_remove(&s->conn_idr, con->conid);
184 s->idr_in_use--;
185 spin_unlock_bh(&s->idr_lock);
187 tipc_unregister_callbacks(con);
189 /* We shouldn't flush pending works as we may be in the
190 * thread. In fact the races with pending rx/tx work structs
191 * are harmless for us here as we have already deleted this
192 * connection from server connection list and set
193 * sk->sk_user_data to 0 before releasing connection object.
195 kernel_sock_shutdown(con->sock, SHUT_RDWR);
197 conn_put(con);
201 static struct tipc_conn *tipc_alloc_conn(struct tipc_server *s)
203 struct tipc_conn *con;
204 int ret;
206 con = kzalloc(sizeof(struct tipc_conn), GFP_ATOMIC);
207 if (!con)
208 return ERR_PTR(-ENOMEM);
210 kref_init(&con->kref);
211 INIT_LIST_HEAD(&con->outqueue);
212 spin_lock_init(&con->outqueue_lock);
213 INIT_WORK(&con->swork, tipc_send_work);
214 INIT_WORK(&con->rwork, tipc_recv_work);
216 spin_lock_bh(&s->idr_lock);
217 ret = idr_alloc(&s->conn_idr, con, 0, 0, GFP_ATOMIC);
218 if (ret < 0) {
219 kfree(con);
220 spin_unlock_bh(&s->idr_lock);
221 return ERR_PTR(-ENOMEM);
223 con->conid = ret;
224 s->idr_in_use++;
225 spin_unlock_bh(&s->idr_lock);
227 set_bit(CF_CONNECTED, &con->flags);
228 con->server = s;
230 return con;
233 static int tipc_receive_from_sock(struct tipc_conn *con)
235 struct msghdr msg = {};
236 struct tipc_server *s = con->server;
237 struct sockaddr_tipc addr;
238 struct kvec iov;
239 void *buf;
240 int ret;
242 buf = kmem_cache_alloc(s->rcvbuf_cache, GFP_ATOMIC);
243 if (!buf) {
244 ret = -ENOMEM;
245 goto out_close;
248 iov.iov_base = buf;
249 iov.iov_len = s->max_rcvbuf_size;
250 msg.msg_name = &addr;
251 ret = kernel_recvmsg(con->sock, &msg, &iov, 1, iov.iov_len,
252 MSG_DONTWAIT);
253 if (ret <= 0) {
254 kmem_cache_free(s->rcvbuf_cache, buf);
255 goto out_close;
258 s->tipc_conn_recvmsg(con->conid, &addr, con->usr_data, buf, ret);
260 kmem_cache_free(s->rcvbuf_cache, buf);
262 return 0;
264 out_close:
265 if (ret != -EWOULDBLOCK)
266 tipc_close_conn(con);
267 else if (ret == 0)
268 /* Don't return success if we really got EOF */
269 ret = -EAGAIN;
271 return ret;
274 static int tipc_accept_from_sock(struct tipc_conn *con)
276 struct tipc_server *s = con->server;
277 struct socket *sock = con->sock;
278 struct socket *newsock;
279 struct tipc_conn *newcon;
280 int ret;
282 ret = tipc_sock_accept_local(sock, &newsock, O_NONBLOCK);
283 if (ret < 0)
284 return ret;
286 newcon = tipc_alloc_conn(con->server);
287 if (IS_ERR(newcon)) {
288 ret = PTR_ERR(newcon);
289 sock_release(newsock);
290 return ret;
293 newcon->rx_action = tipc_receive_from_sock;
294 tipc_register_callbacks(newsock, newcon);
296 /* Notify that new connection is incoming */
297 newcon->usr_data = s->tipc_conn_new(newcon->conid);
299 /* Wake up receive process in case of 'SYN+' message */
300 newsock->sk->sk_data_ready(newsock->sk);
301 return ret;
304 static struct socket *tipc_create_listen_sock(struct tipc_conn *con)
306 struct tipc_server *s = con->server;
307 struct socket *sock = NULL;
308 int ret;
310 ret = tipc_sock_create_local(s->type, &sock);
311 if (ret < 0)
312 return NULL;
313 ret = kernel_setsockopt(sock, SOL_TIPC, TIPC_IMPORTANCE,
314 (char *)&s->imp, sizeof(s->imp));
315 if (ret < 0)
316 goto create_err;
317 ret = kernel_bind(sock, (struct sockaddr *)s->saddr, sizeof(*s->saddr));
318 if (ret < 0)
319 goto create_err;
321 switch (s->type) {
322 case SOCK_STREAM:
323 case SOCK_SEQPACKET:
324 con->rx_action = tipc_accept_from_sock;
326 ret = kernel_listen(sock, 0);
327 if (ret < 0)
328 goto create_err;
329 break;
330 case SOCK_DGRAM:
331 case SOCK_RDM:
332 con->rx_action = tipc_receive_from_sock;
333 break;
334 default:
335 pr_err("Unknown socket type %d\n", s->type);
336 goto create_err;
338 return sock;
340 create_err:
341 sock_release(sock);
342 con->sock = NULL;
343 return NULL;
346 static int tipc_open_listening_sock(struct tipc_server *s)
348 struct socket *sock;
349 struct tipc_conn *con;
351 con = tipc_alloc_conn(s);
352 if (IS_ERR(con))
353 return PTR_ERR(con);
355 sock = tipc_create_listen_sock(con);
356 if (!sock) {
357 idr_remove(&s->conn_idr, con->conid);
358 s->idr_in_use--;
359 kfree(con);
360 return -EINVAL;
363 tipc_register_callbacks(sock, con);
364 return 0;
367 static struct outqueue_entry *tipc_alloc_entry(void *data, int len)
369 struct outqueue_entry *entry;
370 void *buf;
372 entry = kmalloc(sizeof(struct outqueue_entry), GFP_ATOMIC);
373 if (!entry)
374 return NULL;
376 buf = kmalloc(len, GFP_ATOMIC);
377 if (!buf) {
378 kfree(entry);
379 return NULL;
382 memcpy(buf, data, len);
383 entry->iov.iov_base = buf;
384 entry->iov.iov_len = len;
386 return entry;
389 static void tipc_free_entry(struct outqueue_entry *e)
391 kfree(e->iov.iov_base);
392 kfree(e);
395 static void tipc_clean_outqueues(struct tipc_conn *con)
397 struct outqueue_entry *e, *safe;
399 spin_lock_bh(&con->outqueue_lock);
400 list_for_each_entry_safe(e, safe, &con->outqueue, list) {
401 list_del(&e->list);
402 tipc_free_entry(e);
404 spin_unlock_bh(&con->outqueue_lock);
407 int tipc_conn_sendmsg(struct tipc_server *s, int conid,
408 struct sockaddr_tipc *addr, void *data, size_t len)
410 struct outqueue_entry *e;
411 struct tipc_conn *con;
413 con = tipc_conn_lookup(s, conid);
414 if (!con)
415 return -EINVAL;
417 e = tipc_alloc_entry(data, len);
418 if (!e) {
419 conn_put(con);
420 return -ENOMEM;
423 if (addr)
424 memcpy(&e->dest, addr, sizeof(struct sockaddr_tipc));
426 spin_lock_bh(&con->outqueue_lock);
427 list_add_tail(&e->list, &con->outqueue);
428 spin_unlock_bh(&con->outqueue_lock);
430 if (test_bit(CF_CONNECTED, &con->flags)) {
431 if (!queue_work(s->send_wq, &con->swork))
432 conn_put(con);
433 } else {
434 conn_put(con);
436 return 0;
439 void tipc_conn_terminate(struct tipc_server *s, int conid)
441 struct tipc_conn *con;
443 con = tipc_conn_lookup(s, conid);
444 if (con) {
445 tipc_close_conn(con);
446 conn_put(con);
450 static void tipc_send_to_sock(struct tipc_conn *con)
452 int count = 0;
453 struct tipc_server *s = con->server;
454 struct outqueue_entry *e;
455 struct msghdr msg;
456 int ret;
458 spin_lock_bh(&con->outqueue_lock);
459 while (1) {
460 e = list_entry(con->outqueue.next, struct outqueue_entry,
461 list);
462 if ((struct list_head *) e == &con->outqueue)
463 break;
464 spin_unlock_bh(&con->outqueue_lock);
466 memset(&msg, 0, sizeof(msg));
467 msg.msg_flags = MSG_DONTWAIT;
469 if (s->type == SOCK_DGRAM || s->type == SOCK_RDM) {
470 msg.msg_name = &e->dest;
471 msg.msg_namelen = sizeof(struct sockaddr_tipc);
473 ret = kernel_sendmsg(con->sock, &msg, &e->iov, 1,
474 e->iov.iov_len);
475 if (ret == -EWOULDBLOCK || ret == 0) {
476 cond_resched();
477 goto out;
478 } else if (ret < 0) {
479 goto send_err;
482 /* Don't starve users filling buffers */
483 if (++count >= MAX_SEND_MSG_COUNT) {
484 cond_resched();
485 count = 0;
488 spin_lock_bh(&con->outqueue_lock);
489 list_del(&e->list);
490 tipc_free_entry(e);
492 spin_unlock_bh(&con->outqueue_lock);
493 out:
494 return;
496 send_err:
497 tipc_close_conn(con);
500 static void tipc_recv_work(struct work_struct *work)
502 struct tipc_conn *con = container_of(work, struct tipc_conn, rwork);
503 int count = 0;
505 while (test_bit(CF_CONNECTED, &con->flags)) {
506 if (con->rx_action(con))
507 break;
509 /* Don't flood Rx machine */
510 if (++count >= MAX_RECV_MSG_COUNT) {
511 cond_resched();
512 count = 0;
515 conn_put(con);
518 static void tipc_send_work(struct work_struct *work)
520 struct tipc_conn *con = container_of(work, struct tipc_conn, swork);
522 if (test_bit(CF_CONNECTED, &con->flags))
523 tipc_send_to_sock(con);
525 conn_put(con);
528 static void tipc_work_stop(struct tipc_server *s)
530 destroy_workqueue(s->rcv_wq);
531 destroy_workqueue(s->send_wq);
534 static int tipc_work_start(struct tipc_server *s)
536 s->rcv_wq = alloc_workqueue("tipc_rcv", WQ_UNBOUND, 1);
537 if (!s->rcv_wq) {
538 pr_err("can't start tipc receive workqueue\n");
539 return -ENOMEM;
542 s->send_wq = alloc_workqueue("tipc_send", WQ_UNBOUND, 1);
543 if (!s->send_wq) {
544 pr_err("can't start tipc send workqueue\n");
545 destroy_workqueue(s->rcv_wq);
546 return -ENOMEM;
549 return 0;
552 int tipc_server_start(struct tipc_server *s)
554 int ret;
556 spin_lock_init(&s->idr_lock);
557 idr_init(&s->conn_idr);
558 s->idr_in_use = 0;
560 s->rcvbuf_cache = kmem_cache_create(s->name, s->max_rcvbuf_size,
561 0, SLAB_HWCACHE_ALIGN, NULL);
562 if (!s->rcvbuf_cache)
563 return -ENOMEM;
565 ret = tipc_work_start(s);
566 if (ret < 0) {
567 kmem_cache_destroy(s->rcvbuf_cache);
568 return ret;
570 ret = tipc_open_listening_sock(s);
571 if (ret < 0) {
572 tipc_work_stop(s);
573 kmem_cache_destroy(s->rcvbuf_cache);
574 return ret;
576 return ret;
579 void tipc_server_stop(struct tipc_server *s)
581 struct tipc_conn *con;
582 int total = 0;
583 int id;
585 spin_lock_bh(&s->idr_lock);
586 for (id = 0; total < s->idr_in_use; id++) {
587 con = idr_find(&s->conn_idr, id);
588 if (con) {
589 total++;
590 spin_unlock_bh(&s->idr_lock);
591 tipc_close_conn(con);
592 spin_lock_bh(&s->idr_lock);
595 spin_unlock_bh(&s->idr_lock);
597 tipc_work_stop(s);
598 kmem_cache_destroy(s->rcvbuf_cache);
599 idr_destroy(&s->conn_idr);