drm/i915: fix ioremap of a user address for non-root (CVE-2008-3831)
[linux/fpc-iii.git] / net / sunrpc / svc.c
blob5a32cb7c4bb486267a03d15892adc7ce5db93c93
1 /*
2 * linux/net/sunrpc/svc.c
4 * High-level RPC service routines
6 * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
8 * Multiple threads pools and NUMAisation
9 * Copyright (c) 2006 Silicon Graphics, Inc.
10 * by Greg Banks <gnb@melbourne.sgi.com>
13 #include <linux/linkage.h>
14 #include <linux/sched.h>
15 #include <linux/errno.h>
16 #include <linux/net.h>
17 #include <linux/in.h>
18 #include <linux/mm.h>
19 #include <linux/interrupt.h>
20 #include <linux/module.h>
21 #include <linux/kthread.h>
23 #include <linux/sunrpc/types.h>
24 #include <linux/sunrpc/xdr.h>
25 #include <linux/sunrpc/stats.h>
26 #include <linux/sunrpc/svcsock.h>
27 #include <linux/sunrpc/clnt.h>
29 #define RPCDBG_FACILITY RPCDBG_SVCDSP
31 #define svc_serv_is_pooled(serv) ((serv)->sv_function)
34 * Mode for mapping cpus to pools.
36 enum {
37 SVC_POOL_AUTO = -1, /* choose one of the others */
38 SVC_POOL_GLOBAL, /* no mapping, just a single global pool
39 * (legacy & UP mode) */
40 SVC_POOL_PERCPU, /* one pool per cpu */
41 SVC_POOL_PERNODE /* one pool per numa node */
43 #define SVC_POOL_DEFAULT SVC_POOL_GLOBAL
46 * Structure for mapping cpus to pools and vice versa.
47 * Setup once during sunrpc initialisation.
49 static struct svc_pool_map {
50 int count; /* How many svc_servs use us */
51 int mode; /* Note: int not enum to avoid
52 * warnings about "enumeration value
53 * not handled in switch" */
54 unsigned int npools;
55 unsigned int *pool_to; /* maps pool id to cpu or node */
56 unsigned int *to_pool; /* maps cpu or node to pool id */
57 } svc_pool_map = {
58 .count = 0,
59 .mode = SVC_POOL_DEFAULT
61 static DEFINE_MUTEX(svc_pool_map_mutex);/* protects svc_pool_map.count only */
63 static int
64 param_set_pool_mode(const char *val, struct kernel_param *kp)
66 int *ip = (int *)kp->arg;
67 struct svc_pool_map *m = &svc_pool_map;
68 int err;
70 mutex_lock(&svc_pool_map_mutex);
72 err = -EBUSY;
73 if (m->count)
74 goto out;
76 err = 0;
77 if (!strncmp(val, "auto", 4))
78 *ip = SVC_POOL_AUTO;
79 else if (!strncmp(val, "global", 6))
80 *ip = SVC_POOL_GLOBAL;
81 else if (!strncmp(val, "percpu", 6))
82 *ip = SVC_POOL_PERCPU;
83 else if (!strncmp(val, "pernode", 7))
84 *ip = SVC_POOL_PERNODE;
85 else
86 err = -EINVAL;
88 out:
89 mutex_unlock(&svc_pool_map_mutex);
90 return err;
93 static int
94 param_get_pool_mode(char *buf, struct kernel_param *kp)
96 int *ip = (int *)kp->arg;
98 switch (*ip)
100 case SVC_POOL_AUTO:
101 return strlcpy(buf, "auto", 20);
102 case SVC_POOL_GLOBAL:
103 return strlcpy(buf, "global", 20);
104 case SVC_POOL_PERCPU:
105 return strlcpy(buf, "percpu", 20);
106 case SVC_POOL_PERNODE:
107 return strlcpy(buf, "pernode", 20);
108 default:
109 return sprintf(buf, "%d", *ip);
113 module_param_call(pool_mode, param_set_pool_mode, param_get_pool_mode,
114 &svc_pool_map.mode, 0644);
117 * Detect best pool mapping mode heuristically,
118 * according to the machine's topology.
120 static int
121 svc_pool_map_choose_mode(void)
123 unsigned int node;
125 if (num_online_nodes() > 1) {
127 * Actually have multiple NUMA nodes,
128 * so split pools on NUMA node boundaries
130 return SVC_POOL_PERNODE;
133 node = any_online_node(node_online_map);
134 if (nr_cpus_node(node) > 2) {
136 * Non-trivial SMP, or CONFIG_NUMA on
137 * non-NUMA hardware, e.g. with a generic
138 * x86_64 kernel on Xeons. In this case we
139 * want to divide the pools on cpu boundaries.
141 return SVC_POOL_PERCPU;
144 /* default: one global pool */
145 return SVC_POOL_GLOBAL;
149 * Allocate the to_pool[] and pool_to[] arrays.
150 * Returns 0 on success or an errno.
152 static int
153 svc_pool_map_alloc_arrays(struct svc_pool_map *m, unsigned int maxpools)
155 m->to_pool = kcalloc(maxpools, sizeof(unsigned int), GFP_KERNEL);
156 if (!m->to_pool)
157 goto fail;
158 m->pool_to = kcalloc(maxpools, sizeof(unsigned int), GFP_KERNEL);
159 if (!m->pool_to)
160 goto fail_free;
162 return 0;
164 fail_free:
165 kfree(m->to_pool);
166 fail:
167 return -ENOMEM;
171 * Initialise the pool map for SVC_POOL_PERCPU mode.
172 * Returns number of pools or <0 on error.
174 static int
175 svc_pool_map_init_percpu(struct svc_pool_map *m)
177 unsigned int maxpools = nr_cpu_ids;
178 unsigned int pidx = 0;
179 unsigned int cpu;
180 int err;
182 err = svc_pool_map_alloc_arrays(m, maxpools);
183 if (err)
184 return err;
186 for_each_online_cpu(cpu) {
187 BUG_ON(pidx > maxpools);
188 m->to_pool[cpu] = pidx;
189 m->pool_to[pidx] = cpu;
190 pidx++;
192 /* cpus brought online later all get mapped to pool0, sorry */
194 return pidx;
199 * Initialise the pool map for SVC_POOL_PERNODE mode.
200 * Returns number of pools or <0 on error.
202 static int
203 svc_pool_map_init_pernode(struct svc_pool_map *m)
205 unsigned int maxpools = nr_node_ids;
206 unsigned int pidx = 0;
207 unsigned int node;
208 int err;
210 err = svc_pool_map_alloc_arrays(m, maxpools);
211 if (err)
212 return err;
214 for_each_node_with_cpus(node) {
215 /* some architectures (e.g. SN2) have cpuless nodes */
216 BUG_ON(pidx > maxpools);
217 m->to_pool[node] = pidx;
218 m->pool_to[pidx] = node;
219 pidx++;
221 /* nodes brought online later all get mapped to pool0, sorry */
223 return pidx;
228 * Add a reference to the global map of cpus to pools (and
229 * vice versa). Initialise the map if we're the first user.
230 * Returns the number of pools.
232 static unsigned int
233 svc_pool_map_get(void)
235 struct svc_pool_map *m = &svc_pool_map;
236 int npools = -1;
238 mutex_lock(&svc_pool_map_mutex);
240 if (m->count++) {
241 mutex_unlock(&svc_pool_map_mutex);
242 return m->npools;
245 if (m->mode == SVC_POOL_AUTO)
246 m->mode = svc_pool_map_choose_mode();
248 switch (m->mode) {
249 case SVC_POOL_PERCPU:
250 npools = svc_pool_map_init_percpu(m);
251 break;
252 case SVC_POOL_PERNODE:
253 npools = svc_pool_map_init_pernode(m);
254 break;
257 if (npools < 0) {
258 /* default, or memory allocation failure */
259 npools = 1;
260 m->mode = SVC_POOL_GLOBAL;
262 m->npools = npools;
264 mutex_unlock(&svc_pool_map_mutex);
265 return m->npools;
270 * Drop a reference to the global map of cpus to pools.
271 * When the last reference is dropped, the map data is
272 * freed; this allows the sysadmin to change the pool
273 * mode using the pool_mode module option without
274 * rebooting or re-loading sunrpc.ko.
276 static void
277 svc_pool_map_put(void)
279 struct svc_pool_map *m = &svc_pool_map;
281 mutex_lock(&svc_pool_map_mutex);
283 if (!--m->count) {
284 m->mode = SVC_POOL_DEFAULT;
285 kfree(m->to_pool);
286 kfree(m->pool_to);
287 m->npools = 0;
290 mutex_unlock(&svc_pool_map_mutex);
295 * Set the given thread's cpus_allowed mask so that it
296 * will only run on cpus in the given pool.
298 static inline void
299 svc_pool_map_set_cpumask(struct task_struct *task, unsigned int pidx)
301 struct svc_pool_map *m = &svc_pool_map;
302 unsigned int node = m->pool_to[pidx];
305 * The caller checks for sv_nrpools > 1, which
306 * implies that we've been initialized.
308 BUG_ON(m->count == 0);
310 switch (m->mode) {
311 case SVC_POOL_PERCPU:
313 set_cpus_allowed_ptr(task, &cpumask_of_cpu(node));
314 break;
316 case SVC_POOL_PERNODE:
318 node_to_cpumask_ptr(nodecpumask, node);
319 set_cpus_allowed_ptr(task, nodecpumask);
320 break;
326 * Use the mapping mode to choose a pool for a given CPU.
327 * Used when enqueueing an incoming RPC. Always returns
328 * a non-NULL pool pointer.
330 struct svc_pool *
331 svc_pool_for_cpu(struct svc_serv *serv, int cpu)
333 struct svc_pool_map *m = &svc_pool_map;
334 unsigned int pidx = 0;
337 * An uninitialised map happens in a pure client when
338 * lockd is brought up, so silently treat it the
339 * same as SVC_POOL_GLOBAL.
341 if (svc_serv_is_pooled(serv)) {
342 switch (m->mode) {
343 case SVC_POOL_PERCPU:
344 pidx = m->to_pool[cpu];
345 break;
346 case SVC_POOL_PERNODE:
347 pidx = m->to_pool[cpu_to_node(cpu)];
348 break;
351 return &serv->sv_pools[pidx % serv->sv_nrpools];
356 * Create an RPC service
358 static struct svc_serv *
359 __svc_create(struct svc_program *prog, unsigned int bufsize, int npools,
360 void (*shutdown)(struct svc_serv *serv))
362 struct svc_serv *serv;
363 unsigned int vers;
364 unsigned int xdrsize;
365 unsigned int i;
367 if (!(serv = kzalloc(sizeof(*serv), GFP_KERNEL)))
368 return NULL;
369 serv->sv_name = prog->pg_name;
370 serv->sv_program = prog;
371 serv->sv_nrthreads = 1;
372 serv->sv_stats = prog->pg_stats;
373 if (bufsize > RPCSVC_MAXPAYLOAD)
374 bufsize = RPCSVC_MAXPAYLOAD;
375 serv->sv_max_payload = bufsize? bufsize : 4096;
376 serv->sv_max_mesg = roundup(serv->sv_max_payload + PAGE_SIZE, PAGE_SIZE);
377 serv->sv_shutdown = shutdown;
378 xdrsize = 0;
379 while (prog) {
380 prog->pg_lovers = prog->pg_nvers-1;
381 for (vers=0; vers<prog->pg_nvers ; vers++)
382 if (prog->pg_vers[vers]) {
383 prog->pg_hivers = vers;
384 if (prog->pg_lovers > vers)
385 prog->pg_lovers = vers;
386 if (prog->pg_vers[vers]->vs_xdrsize > xdrsize)
387 xdrsize = prog->pg_vers[vers]->vs_xdrsize;
389 prog = prog->pg_next;
391 serv->sv_xdrsize = xdrsize;
392 INIT_LIST_HEAD(&serv->sv_tempsocks);
393 INIT_LIST_HEAD(&serv->sv_permsocks);
394 init_timer(&serv->sv_temptimer);
395 spin_lock_init(&serv->sv_lock);
397 serv->sv_nrpools = npools;
398 serv->sv_pools =
399 kcalloc(serv->sv_nrpools, sizeof(struct svc_pool),
400 GFP_KERNEL);
401 if (!serv->sv_pools) {
402 kfree(serv);
403 return NULL;
406 for (i = 0; i < serv->sv_nrpools; i++) {
407 struct svc_pool *pool = &serv->sv_pools[i];
409 dprintk("svc: initialising pool %u for %s\n",
410 i, serv->sv_name);
412 pool->sp_id = i;
413 INIT_LIST_HEAD(&pool->sp_threads);
414 INIT_LIST_HEAD(&pool->sp_sockets);
415 INIT_LIST_HEAD(&pool->sp_all_threads);
416 spin_lock_init(&pool->sp_lock);
420 /* Remove any stale portmap registrations */
421 svc_register(serv, 0, 0);
423 return serv;
426 struct svc_serv *
427 svc_create(struct svc_program *prog, unsigned int bufsize,
428 void (*shutdown)(struct svc_serv *serv))
430 return __svc_create(prog, bufsize, /*npools*/1, shutdown);
432 EXPORT_SYMBOL(svc_create);
434 struct svc_serv *
435 svc_create_pooled(struct svc_program *prog, unsigned int bufsize,
436 void (*shutdown)(struct svc_serv *serv),
437 svc_thread_fn func, struct module *mod)
439 struct svc_serv *serv;
440 unsigned int npools = svc_pool_map_get();
442 serv = __svc_create(prog, bufsize, npools, shutdown);
444 if (serv != NULL) {
445 serv->sv_function = func;
446 serv->sv_module = mod;
449 return serv;
451 EXPORT_SYMBOL(svc_create_pooled);
454 * Destroy an RPC service. Should be called with appropriate locking to
455 * protect the sv_nrthreads, sv_permsocks and sv_tempsocks.
457 void
458 svc_destroy(struct svc_serv *serv)
460 dprintk("svc: svc_destroy(%s, %d)\n",
461 serv->sv_program->pg_name,
462 serv->sv_nrthreads);
464 if (serv->sv_nrthreads) {
465 if (--(serv->sv_nrthreads) != 0) {
466 svc_sock_update_bufs(serv);
467 return;
469 } else
470 printk("svc_destroy: no threads for serv=%p!\n", serv);
472 del_timer_sync(&serv->sv_temptimer);
474 svc_close_all(&serv->sv_tempsocks);
476 if (serv->sv_shutdown)
477 serv->sv_shutdown(serv);
479 svc_close_all(&serv->sv_permsocks);
481 BUG_ON(!list_empty(&serv->sv_permsocks));
482 BUG_ON(!list_empty(&serv->sv_tempsocks));
484 cache_clean_deferred(serv);
486 if (svc_serv_is_pooled(serv))
487 svc_pool_map_put();
489 /* Unregister service with the portmapper */
490 svc_register(serv, 0, 0);
491 kfree(serv->sv_pools);
492 kfree(serv);
494 EXPORT_SYMBOL(svc_destroy);
497 * Allocate an RPC server's buffer space.
498 * We allocate pages and place them in rq_argpages.
500 static int
501 svc_init_buffer(struct svc_rqst *rqstp, unsigned int size)
503 unsigned int pages, arghi;
505 pages = size / PAGE_SIZE + 1; /* extra page as we hold both request and reply.
506 * We assume one is at most one page
508 arghi = 0;
509 BUG_ON(pages > RPCSVC_MAXPAGES);
510 while (pages) {
511 struct page *p = alloc_page(GFP_KERNEL);
512 if (!p)
513 break;
514 rqstp->rq_pages[arghi++] = p;
515 pages--;
517 return pages == 0;
521 * Release an RPC server buffer
523 static void
524 svc_release_buffer(struct svc_rqst *rqstp)
526 unsigned int i;
528 for (i = 0; i < ARRAY_SIZE(rqstp->rq_pages); i++)
529 if (rqstp->rq_pages[i])
530 put_page(rqstp->rq_pages[i]);
533 struct svc_rqst *
534 svc_prepare_thread(struct svc_serv *serv, struct svc_pool *pool)
536 struct svc_rqst *rqstp;
538 rqstp = kzalloc(sizeof(*rqstp), GFP_KERNEL);
539 if (!rqstp)
540 goto out_enomem;
542 init_waitqueue_head(&rqstp->rq_wait);
544 serv->sv_nrthreads++;
545 spin_lock_bh(&pool->sp_lock);
546 pool->sp_nrthreads++;
547 list_add(&rqstp->rq_all, &pool->sp_all_threads);
548 spin_unlock_bh(&pool->sp_lock);
549 rqstp->rq_server = serv;
550 rqstp->rq_pool = pool;
552 rqstp->rq_argp = kmalloc(serv->sv_xdrsize, GFP_KERNEL);
553 if (!rqstp->rq_argp)
554 goto out_thread;
556 rqstp->rq_resp = kmalloc(serv->sv_xdrsize, GFP_KERNEL);
557 if (!rqstp->rq_resp)
558 goto out_thread;
560 if (!svc_init_buffer(rqstp, serv->sv_max_mesg))
561 goto out_thread;
563 return rqstp;
564 out_thread:
565 svc_exit_thread(rqstp);
566 out_enomem:
567 return ERR_PTR(-ENOMEM);
569 EXPORT_SYMBOL(svc_prepare_thread);
572 * Choose a pool in which to create a new thread, for svc_set_num_threads
574 static inline struct svc_pool *
575 choose_pool(struct svc_serv *serv, struct svc_pool *pool, unsigned int *state)
577 if (pool != NULL)
578 return pool;
580 return &serv->sv_pools[(*state)++ % serv->sv_nrpools];
584 * Choose a thread to kill, for svc_set_num_threads
586 static inline struct task_struct *
587 choose_victim(struct svc_serv *serv, struct svc_pool *pool, unsigned int *state)
589 unsigned int i;
590 struct task_struct *task = NULL;
592 if (pool != NULL) {
593 spin_lock_bh(&pool->sp_lock);
594 } else {
595 /* choose a pool in round-robin fashion */
596 for (i = 0; i < serv->sv_nrpools; i++) {
597 pool = &serv->sv_pools[--(*state) % serv->sv_nrpools];
598 spin_lock_bh(&pool->sp_lock);
599 if (!list_empty(&pool->sp_all_threads))
600 goto found_pool;
601 spin_unlock_bh(&pool->sp_lock);
603 return NULL;
606 found_pool:
607 if (!list_empty(&pool->sp_all_threads)) {
608 struct svc_rqst *rqstp;
611 * Remove from the pool->sp_all_threads list
612 * so we don't try to kill it again.
614 rqstp = list_entry(pool->sp_all_threads.next, struct svc_rqst, rq_all);
615 list_del_init(&rqstp->rq_all);
616 task = rqstp->rq_task;
618 spin_unlock_bh(&pool->sp_lock);
620 return task;
624 * Create or destroy enough new threads to make the number
625 * of threads the given number. If `pool' is non-NULL, applies
626 * only to threads in that pool, otherwise round-robins between
627 * all pools. Must be called with a svc_get() reference and
628 * the BKL or another lock to protect access to svc_serv fields.
630 * Destroying threads relies on the service threads filling in
631 * rqstp->rq_task, which only the nfs ones do. Assumes the serv
632 * has been created using svc_create_pooled().
634 * Based on code that used to be in nfsd_svc() but tweaked
635 * to be pool-aware.
638 svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
640 struct svc_rqst *rqstp;
641 struct task_struct *task;
642 struct svc_pool *chosen_pool;
643 int error = 0;
644 unsigned int state = serv->sv_nrthreads-1;
646 if (pool == NULL) {
647 /* The -1 assumes caller has done a svc_get() */
648 nrservs -= (serv->sv_nrthreads-1);
649 } else {
650 spin_lock_bh(&pool->sp_lock);
651 nrservs -= pool->sp_nrthreads;
652 spin_unlock_bh(&pool->sp_lock);
655 /* create new threads */
656 while (nrservs > 0) {
657 nrservs--;
658 chosen_pool = choose_pool(serv, pool, &state);
660 rqstp = svc_prepare_thread(serv, chosen_pool);
661 if (IS_ERR(rqstp)) {
662 error = PTR_ERR(rqstp);
663 break;
666 __module_get(serv->sv_module);
667 task = kthread_create(serv->sv_function, rqstp, serv->sv_name);
668 if (IS_ERR(task)) {
669 error = PTR_ERR(task);
670 module_put(serv->sv_module);
671 svc_exit_thread(rqstp);
672 break;
675 rqstp->rq_task = task;
676 if (serv->sv_nrpools > 1)
677 svc_pool_map_set_cpumask(task, chosen_pool->sp_id);
679 svc_sock_update_bufs(serv);
680 wake_up_process(task);
682 /* destroy old threads */
683 while (nrservs < 0 &&
684 (task = choose_victim(serv, pool, &state)) != NULL) {
685 send_sig(SIGINT, task, 1);
686 nrservs++;
689 return error;
691 EXPORT_SYMBOL(svc_set_num_threads);
694 * Called from a server thread as it's exiting. Caller must hold the BKL or
695 * the "service mutex", whichever is appropriate for the service.
697 void
698 svc_exit_thread(struct svc_rqst *rqstp)
700 struct svc_serv *serv = rqstp->rq_server;
701 struct svc_pool *pool = rqstp->rq_pool;
703 svc_release_buffer(rqstp);
704 kfree(rqstp->rq_resp);
705 kfree(rqstp->rq_argp);
706 kfree(rqstp->rq_auth_data);
708 spin_lock_bh(&pool->sp_lock);
709 pool->sp_nrthreads--;
710 list_del(&rqstp->rq_all);
711 spin_unlock_bh(&pool->sp_lock);
713 kfree(rqstp);
715 /* Release the server */
716 if (serv)
717 svc_destroy(serv);
719 EXPORT_SYMBOL(svc_exit_thread);
722 * Register an RPC service with the local portmapper.
723 * To unregister a service, call this routine with
724 * proto and port == 0.
727 svc_register(struct svc_serv *serv, int proto, unsigned short port)
729 struct svc_program *progp;
730 unsigned long flags;
731 unsigned int i;
732 int error = 0, dummy;
734 if (!port)
735 clear_thread_flag(TIF_SIGPENDING);
737 for (progp = serv->sv_program; progp; progp = progp->pg_next) {
738 for (i = 0; i < progp->pg_nvers; i++) {
739 if (progp->pg_vers[i] == NULL)
740 continue;
742 dprintk("svc: svc_register(%s, %s, %d, %d)%s\n",
743 progp->pg_name,
744 proto == IPPROTO_UDP? "udp" : "tcp",
745 port,
747 progp->pg_vers[i]->vs_hidden?
748 " (but not telling portmap)" : "");
750 if (progp->pg_vers[i]->vs_hidden)
751 continue;
753 error = rpcb_register(progp->pg_prog, i, proto, port, &dummy);
754 if (error < 0)
755 break;
756 if (port && !dummy) {
757 error = -EACCES;
758 break;
763 if (!port) {
764 spin_lock_irqsave(&current->sighand->siglock, flags);
765 recalc_sigpending();
766 spin_unlock_irqrestore(&current->sighand->siglock, flags);
769 return error;
773 * Printk the given error with the address of the client that caused it.
775 static int
776 __attribute__ ((format (printf, 2, 3)))
777 svc_printk(struct svc_rqst *rqstp, const char *fmt, ...)
779 va_list args;
780 int r;
781 char buf[RPC_MAX_ADDRBUFLEN];
783 if (!net_ratelimit())
784 return 0;
786 printk(KERN_WARNING "svc: %s: ",
787 svc_print_addr(rqstp, buf, sizeof(buf)));
789 va_start(args, fmt);
790 r = vprintk(fmt, args);
791 va_end(args);
793 return r;
797 * Process the RPC request.
800 svc_process(struct svc_rqst *rqstp)
802 struct svc_program *progp;
803 struct svc_version *versp = NULL; /* compiler food */
804 struct svc_procedure *procp = NULL;
805 struct kvec * argv = &rqstp->rq_arg.head[0];
806 struct kvec * resv = &rqstp->rq_res.head[0];
807 struct svc_serv *serv = rqstp->rq_server;
808 kxdrproc_t xdr;
809 __be32 *statp;
810 u32 dir, prog, vers, proc;
811 __be32 auth_stat, rpc_stat;
812 int auth_res;
813 __be32 *reply_statp;
815 rpc_stat = rpc_success;
817 if (argv->iov_len < 6*4)
818 goto err_short_len;
820 /* setup response xdr_buf.
821 * Initially it has just one page
823 rqstp->rq_resused = 1;
824 resv->iov_base = page_address(rqstp->rq_respages[0]);
825 resv->iov_len = 0;
826 rqstp->rq_res.pages = rqstp->rq_respages + 1;
827 rqstp->rq_res.len = 0;
828 rqstp->rq_res.page_base = 0;
829 rqstp->rq_res.page_len = 0;
830 rqstp->rq_res.buflen = PAGE_SIZE;
831 rqstp->rq_res.tail[0].iov_base = NULL;
832 rqstp->rq_res.tail[0].iov_len = 0;
833 /* Will be turned off only in gss privacy case: */
834 rqstp->rq_splice_ok = 1;
836 /* Setup reply header */
837 rqstp->rq_xprt->xpt_ops->xpo_prep_reply_hdr(rqstp);
839 rqstp->rq_xid = svc_getu32(argv);
840 svc_putu32(resv, rqstp->rq_xid);
842 dir = svc_getnl(argv);
843 vers = svc_getnl(argv);
845 /* First words of reply: */
846 svc_putnl(resv, 1); /* REPLY */
848 if (dir != 0) /* direction != CALL */
849 goto err_bad_dir;
850 if (vers != 2) /* RPC version number */
851 goto err_bad_rpc;
853 /* Save position in case we later decide to reject: */
854 reply_statp = resv->iov_base + resv->iov_len;
856 svc_putnl(resv, 0); /* ACCEPT */
858 rqstp->rq_prog = prog = svc_getnl(argv); /* program number */
859 rqstp->rq_vers = vers = svc_getnl(argv); /* version number */
860 rqstp->rq_proc = proc = svc_getnl(argv); /* procedure number */
862 progp = serv->sv_program;
864 for (progp = serv->sv_program; progp; progp = progp->pg_next)
865 if (prog == progp->pg_prog)
866 break;
869 * Decode auth data, and add verifier to reply buffer.
870 * We do this before anything else in order to get a decent
871 * auth verifier.
873 auth_res = svc_authenticate(rqstp, &auth_stat);
874 /* Also give the program a chance to reject this call: */
875 if (auth_res == SVC_OK && progp) {
876 auth_stat = rpc_autherr_badcred;
877 auth_res = progp->pg_authenticate(rqstp);
879 switch (auth_res) {
880 case SVC_OK:
881 break;
882 case SVC_GARBAGE:
883 goto err_garbage;
884 case SVC_SYSERR:
885 rpc_stat = rpc_system_err;
886 goto err_bad;
887 case SVC_DENIED:
888 goto err_bad_auth;
889 case SVC_DROP:
890 goto dropit;
891 case SVC_COMPLETE:
892 goto sendit;
895 if (progp == NULL)
896 goto err_bad_prog;
898 if (vers >= progp->pg_nvers ||
899 !(versp = progp->pg_vers[vers]))
900 goto err_bad_vers;
902 procp = versp->vs_proc + proc;
903 if (proc >= versp->vs_nproc || !procp->pc_func)
904 goto err_bad_proc;
905 rqstp->rq_server = serv;
906 rqstp->rq_procinfo = procp;
908 /* Syntactic check complete */
909 serv->sv_stats->rpccnt++;
911 /* Build the reply header. */
912 statp = resv->iov_base +resv->iov_len;
913 svc_putnl(resv, RPC_SUCCESS);
915 /* Bump per-procedure stats counter */
916 procp->pc_count++;
918 /* Initialize storage for argp and resp */
919 memset(rqstp->rq_argp, 0, procp->pc_argsize);
920 memset(rqstp->rq_resp, 0, procp->pc_ressize);
922 /* un-reserve some of the out-queue now that we have a
923 * better idea of reply size
925 if (procp->pc_xdrressize)
926 svc_reserve_auth(rqstp, procp->pc_xdrressize<<2);
928 /* Call the function that processes the request. */
929 if (!versp->vs_dispatch) {
930 /* Decode arguments */
931 xdr = procp->pc_decode;
932 if (xdr && !xdr(rqstp, argv->iov_base, rqstp->rq_argp))
933 goto err_garbage;
935 *statp = procp->pc_func(rqstp, rqstp->rq_argp, rqstp->rq_resp);
937 /* Encode reply */
938 if (*statp == rpc_drop_reply) {
939 if (procp->pc_release)
940 procp->pc_release(rqstp, NULL, rqstp->rq_resp);
941 goto dropit;
943 if (*statp == rpc_success && (xdr = procp->pc_encode)
944 && !xdr(rqstp, resv->iov_base+resv->iov_len, rqstp->rq_resp)) {
945 dprintk("svc: failed to encode reply\n");
946 /* serv->sv_stats->rpcsystemerr++; */
947 *statp = rpc_system_err;
949 } else {
950 dprintk("svc: calling dispatcher\n");
951 if (!versp->vs_dispatch(rqstp, statp)) {
952 /* Release reply info */
953 if (procp->pc_release)
954 procp->pc_release(rqstp, NULL, rqstp->rq_resp);
955 goto dropit;
959 /* Check RPC status result */
960 if (*statp != rpc_success)
961 resv->iov_len = ((void*)statp) - resv->iov_base + 4;
963 /* Release reply info */
964 if (procp->pc_release)
965 procp->pc_release(rqstp, NULL, rqstp->rq_resp);
967 if (procp->pc_encode == NULL)
968 goto dropit;
970 sendit:
971 if (svc_authorise(rqstp))
972 goto dropit;
973 return svc_send(rqstp);
975 dropit:
976 svc_authorise(rqstp); /* doesn't hurt to call this twice */
977 dprintk("svc: svc_process dropit\n");
978 svc_drop(rqstp);
979 return 0;
981 err_short_len:
982 svc_printk(rqstp, "short len %Zd, dropping request\n",
983 argv->iov_len);
985 goto dropit; /* drop request */
987 err_bad_dir:
988 svc_printk(rqstp, "bad direction %d, dropping request\n", dir);
990 serv->sv_stats->rpcbadfmt++;
991 goto dropit; /* drop request */
993 err_bad_rpc:
994 serv->sv_stats->rpcbadfmt++;
995 svc_putnl(resv, 1); /* REJECT */
996 svc_putnl(resv, 0); /* RPC_MISMATCH */
997 svc_putnl(resv, 2); /* Only RPCv2 supported */
998 svc_putnl(resv, 2);
999 goto sendit;
1001 err_bad_auth:
1002 dprintk("svc: authentication failed (%d)\n", ntohl(auth_stat));
1003 serv->sv_stats->rpcbadauth++;
1004 /* Restore write pointer to location of accept status: */
1005 xdr_ressize_check(rqstp, reply_statp);
1006 svc_putnl(resv, 1); /* REJECT */
1007 svc_putnl(resv, 1); /* AUTH_ERROR */
1008 svc_putnl(resv, ntohl(auth_stat)); /* status */
1009 goto sendit;
1011 err_bad_prog:
1012 dprintk("svc: unknown program %d\n", prog);
1013 serv->sv_stats->rpcbadfmt++;
1014 svc_putnl(resv, RPC_PROG_UNAVAIL);
1015 goto sendit;
1017 err_bad_vers:
1018 svc_printk(rqstp, "unknown version (%d for prog %d, %s)\n",
1019 vers, prog, progp->pg_name);
1021 serv->sv_stats->rpcbadfmt++;
1022 svc_putnl(resv, RPC_PROG_MISMATCH);
1023 svc_putnl(resv, progp->pg_lovers);
1024 svc_putnl(resv, progp->pg_hivers);
1025 goto sendit;
1027 err_bad_proc:
1028 svc_printk(rqstp, "unknown procedure (%d)\n", proc);
1030 serv->sv_stats->rpcbadfmt++;
1031 svc_putnl(resv, RPC_PROC_UNAVAIL);
1032 goto sendit;
1034 err_garbage:
1035 svc_printk(rqstp, "failed to decode args\n");
1037 rpc_stat = rpc_garbage_args;
1038 err_bad:
1039 serv->sv_stats->rpcbadfmt++;
1040 svc_putnl(resv, ntohl(rpc_stat));
1041 goto sendit;
1043 EXPORT_SYMBOL(svc_process);
1046 * Return (transport-specific) limit on the rpc payload.
1048 u32 svc_max_payload(const struct svc_rqst *rqstp)
1050 u32 max = rqstp->rq_xprt->xpt_class->xcl_max_payload;
1052 if (rqstp->rq_server->sv_max_payload < max)
1053 max = rqstp->rq_server->sv_max_payload;
1054 return max;
1056 EXPORT_SYMBOL_GPL(svc_max_payload);