| blob | 7cf92c4b9a70a1920cb0555b811885115c292209 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
22 /*
23 * Copyright 2012 Marcel Telka <marcel@telka.sk>
24 * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
25 * Copyright 2018 OmniOS Community Edition (OmniOSce) Association.
26 */
28 /*
29 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
30 * Use is subject to license terms.
31 */
33 /*
34 * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
35 */
37 /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
38 /* All Rights Reserved */
40 /*
41 * Portions of this source code were derived from Berkeley 4.3 BSD
42 * under license from the Regents of the University of California.
43 */
45 /*
46 * Server-side remote procedure call interface.
47 *
48 * Master transport handle (SVCMASTERXPRT).
49 * The master transport handle structure is shared among service
50 * threads processing events on the transport. Some fields in the
51 * master structure are protected by locks
52 * - xp_req_lock protects the request queue:
53 * xp_req_head, xp_req_tail, xp_reqs, xp_size, xp_full, xp_enable
54 * - xp_thread_lock protects the thread (clone) counts
55 * xp_threads, xp_detached_threads, xp_wq
56 * Each master transport is registered to exactly one thread pool.
57 *
58 * Clone transport handle (SVCXPRT)
59 * The clone transport handle structure is a per-service-thread handle
60 * to the transport. The structure carries all the fields/buffers used
61 * for request processing. A service thread or, in other words, a clone
62 * structure, can be linked to an arbitrary master structure to process
63 * requests on this transport. The master handle keeps track of reference
64 * counts of threads (clones) linked to it. A service thread can switch
65 * to another transport by unlinking its clone handle from the current
66 * transport and linking to a new one. Switching is relatively inexpensive
67 * but it involves locking (master's xprt->xp_thread_lock).
68 *
69 * Pools.
70 * A pool represents a kernel RPC service (NFS, Lock Manager, etc.).
71 * Transports related to the service are registered to the service pool.
72 * Service threads can switch between different transports in the pool.
73 * Thus, each service has its own pool of service threads. The maximum
74 * number of threads in a pool is pool->p_maxthreads. This limit allows
75 * to restrict resource usage by the service. Some fields are protected
76 * by locks:
77 * - p_req_lock protects several counts and flags:
78 * p_reqs, p_size, p_walkers, p_asleep, p_drowsy, p_req_cv
79 * - p_thread_lock governs other thread counts:
80 * p_threads, p_detached_threads, p_reserved_threads, p_closing
81 *
82 * In addition, each pool contains a doubly-linked list of transports,
83 * an `xprt-ready' queue and a creator thread (see below). Threads in
84 * the pool share some other parameters such as stack size and
85 * polling timeout.
86 *
87 * Pools are initialized through the svc_pool_create() function called from
88 * the nfssys() system call. However, thread creation must be done by
89 * the userland agent. This is done by using SVCPOOL_WAIT and
90 * SVCPOOL_RUN arguments to nfssys(), which call svc_wait() and
91 * svc_do_run(), respectively. Once the pool has been initialized,
92 * the userland process must set up a 'creator' thread. This thread
93 * should park itself in the kernel by calling svc_wait(). If
94 * svc_wait() returns successfully, it should fork off a new worker
95 * thread, which then calls svc_do_run() in order to get work. When
96 * that thread is complete, svc_do_run() will return, and the user
97 * program should call thr_exit().
98 *
99 * When we try to register a new pool and there is an old pool with
100 * the same id in the doubly linked pool list (this happens when we kill
101 * and restart nfsd or lockd), then we unlink the old pool from the list
102 * and mark its state as `closing'. After that the transports can still
103 * process requests but new transports won't be registered. When all the
104 * transports and service threads associated with the pool are gone the
105 * creator thread (see below) will clean up the pool structure and exit.
106 *
107 * svc_queuereq() and svc_run().
108 * The kernel RPC server is interrupt driven. The svc_queuereq() interrupt
109 * routine is called to deliver an RPC request. The service threads
110 * loop in svc_run(). The interrupt function queues a request on the
111 * transport's queue and it makes sure that the request is serviced.
112 * It may either wake up one of sleeping threads, or ask for a new thread
113 * to be created, or, if the previous request is just being picked up, do
114 * nothing. In the last case the service thread that is picking up the
115 * previous request will wake up or create the next thread. After a service
116 * thread processes a request and sends a reply it returns to svc_run()
117 * and svc_run() calls svc_poll() to find new input.
118 *
119 * svc_poll().
120 * In order to avoid unnecessary locking, which causes performance
121 * problems, we always look for a pending request on the current transport.
122 * If there is none we take a hint from the pool's `xprt-ready' queue.
123 * If the queue had an overflow we switch to the `drain' mode checking
124 * each transport in the pool's transport list. Once we find a
125 * master transport handle with a pending request we latch the request
126 * lock on this transport and return to svc_run(). If the request
127 * belongs to a transport different than the one the service thread is
128 * linked to we need to unlink and link again.
129 *
130 * A service thread goes asleep when there are no pending
131 * requests on the transports registered on the pool's transports.
132 * All the pool's threads sleep on the same condition variable.
133 * If a thread has been sleeping for too long period of time
134 * (by default 5 seconds) it wakes up and exits. Also when a transport
135 * is closing sleeping threads wake up to unlink from this transport.
136 *
137 * The `xprt-ready' queue.
138 * If a service thread finds no request on a transport it is currently linked
139 * to it will find another transport with a pending request. To make
140 * this search more efficient each pool has an `xprt-ready' queue.
141 * The queue is a FIFO. When the interrupt routine queues a request it also
142 * inserts a pointer to the transport into the `xprt-ready' queue. A
143 * thread looking for a transport with a pending request can pop up a
144 * transport and check for a request. The request can be already gone
145 * since it could be taken by a thread linked to that transport. In such a
146 * case we try the next hint. The `xprt-ready' queue has fixed size (by
147 * default 256 nodes). If it overflows svc_poll() has to switch to the
148 * less efficient but safe `drain' mode and walk through the pool's
149 * transport list.
150 *
151 * Both the svc_poll() loop and the `xprt-ready' queue are optimized
152 * for the peak load case that is for the situation when the queue is not
153 * empty, there are all the time few pending requests, and a service
154 * thread which has just processed a request does not go asleep but picks
155 * up immediately the next request.
156 *
157 * Thread creator.
158 * Each pool has a thread creator associated with it. The creator thread
159 * sleeps on a condition variable and waits for a signal to create a
160 * service thread. The actual thread creation is done in userland by
161 * the method described in "Pools" above.
162 *
163 * Signaling threads should turn on the `creator signaled' flag, and
164 * can avoid sending signals when the flag is on. The flag is cleared
165 * when the thread is created.
166 *
167 * When the pool is in closing state (ie it has been already unregistered
168 * from the pool list) the last thread on the last transport in the pool
169 * should turn the p_creator_exit flag on. The creator thread will
170 * clean up the pool structure and exit.
171 *
172 * Thread reservation; Detaching service threads.
173 * A service thread can detach itself to block for an extended amount
174 * of time. However, to keep the service active we need to guarantee
175 * at least pool->p_redline non-detached threads that can process incoming
176 * requests. This, the maximum number of detached and reserved threads is
177 * p->p_maxthreads - p->p_redline. A service thread should first acquire
178 * a reservation, and if the reservation was granted it can detach itself.
179 * If a reservation was granted but the thread does not detach itself
180 * it should cancel the reservation before it returns to svc_run().
181 */
183 #include <sys/param.h>
184 #include <sys/types.h>
185 #include <rpc/types.h>
186 #include <sys/socket.h>
187 #include <sys/time.h>
188 #include <sys/tiuser.h>
189 #include <sys/t_kuser.h>
190 #include <netinet/in.h>
191 #include <rpc/xdr.h>
192 #include <rpc/auth.h>
193 #include <rpc/clnt.h>
194 #include <rpc/rpc_msg.h>
195 #include <rpc/svc.h>
196 #include <sys/proc.h>
197 #include <sys/user.h>
198 #include <sys/stream.h>
199 #include <sys/strsubr.h>
200 #include <sys/strsun.h>
201 #include <sys/tihdr.h>
202 #include <sys/debug.h>
203 #include <sys/cmn_err.h>
204 #include <sys/file.h>
205 #include <sys/systm.h>
206 #include <sys/callb.h>
207 #include <sys/vtrace.h>
208 #include <sys/zone.h>
209 #include <nfs/nfs.h>
211 /*
212 * Defines for svc_poll()
213 */
218 /*
219 * Default stack size for service threads.
220 */
225 /*
226 * Default polling timeout for service threads.
227 * Multiplied by hz when used.
228 */
233 /*
234 * Size of the `xprt-ready' queue.
235 */
240 /*
241 * Default limit for the number of service threads.
242 */
243 #define DEFAULT_SVC_MAXTHREADS (INT16_MAX)
247 /*
248 * Maximum number of requests from the same transport (in `drain' mode).
249 */
250 #define DEFAULT_SVC_MAX_SAME_XPRT (8)
255 /*
256 * Default `Redline' of non-detached threads.
257 * Total number of detached and reserved threads in an RPC server
258 * thread pool is limited to pool->p_maxthreads - svc_redline.
259 */
260 #define DEFAULT_SVC_REDLINE (1)
264 /*
265 * A node for the `xprt-ready' queue.
266 * See below.
267 */
271 };
273 /*
274 * Global SVC variables (private).
275 */
278 kmutex_t svc_plock;
279 };
281 /*
282 * Debug variable to check for rdma based
283 * transport startup and cleanup. Contorlled
284 * through /etc/system. Off by default.
285 */
288 /*
289 * This allows disabling flow control in svc_queuereq().
290 */
293 /*
294 * Authentication parameters list.
295 */
299 /*
300 * If true, then keep quiet about version mismatch.
301 * This macro is for broadcast RPC only. We have no broadcast RPC in
302 * kernel now but one may define a flag in the transport structure
303 * and redefine this macro.
304 */
305 #define version_keepquiet(xprt) (FALSE)
307 /*
308 * ZSD key used to retrieve zone-specific svc globals
309 */
321 /* ARGSUSED */
324 {
331 }
333 /* ARGSUSED */
334 static void
336 {
343 }
345 }
347 /* ARGSUSED */
348 static void
350 {
356 }
358 /*
359 * Global SVC init routine.
360 * Initialize global generic and transport type specific structures
361 * used by the kernel RPC server side. This routine is called only
362 * once when the module is being loaded.
363 */
364 void
366 {
368 svc_zonefini);
371 }
373 /*
374 * Destroy the SVCPOOL structure.
375 */
376 static void
378 {
383 /*
384 * Call the user supplied shutdown function. This is done
385 * here so the user of the pool will be able to cleanup
386 * service related resources.
387 */
391 /* Destroy `xprt-ready' queue */
394 /* Destroy transport list */
397 /* Destroy locks and condition variables */
402 /* Destroy creator's locks and condition variables */
408 /* Free pool structure */
410 }
412 /*
413 * If all the transports and service threads are already gone
414 * signal the creator thread to clean up and exit.
415 */
416 static bool_t
418 {
425 /*
426 * Release the locks before sending a signal.
427 */
431 /*
432 * Notify the creator thread to clean up and exit
433 *
434 * NOTICE: No references to the pool beyond this point!
435 * The pool is being destroyed.
436 */
441 }
443 }
447 }
449 /*
450 * Find a pool with a given id.
451 */
454 {
459 /*
460 * Search the list for a pool with a matching id
461 * and register the transport handle with that pool.
462 */
468 }
470 /*
471 * PSARC 2003/523 Contract Private Interface
472 * svc_do_run
473 * Changes must be reviewed by Solaris File Sharing
474 * Changes must be communicated to contract-2003-523@sun.com
475 */
476 int
478 {
493 /*
494 * Increment counter of pool threads now
495 * that a thread has been created.
496 */
501 /* Give work to the new thread. */
505 }
507 /*
508 * Unregister a pool from the pool list.
509 * Set the closing state. If all the transports and service threads
510 * are already gone signal the creator thread to clean up and exit.
511 */
512 static void
514 {
520 /* Remove from the list */
529 /*
530 * Offline the pool. Mark the pool as closing.
531 * If there are no transports in this pool notify
532 * the creator thread to clean it up and exit.
533 */
541 }
543 /*
544 * Register a pool with a given id in the global doubly linked pool list.
545 * - if there is a pool with the same id in the list then unregister it
546 * - insert the new pool into the list.
547 */
548 static void
550 {
553 /*
554 * If there is a pool with the same id then remove it from
555 * the list and mark the pool as closing.
556 */
562 /* Insert into the doubly linked list */
571 }
573 /*
574 * Initialize a newly created pool structure
575 */
576 static int
579 {
600 /* Allocate and initialize the `xprt-ready' queue */
603 /* Initialize doubly-linked xprt list */
606 /*
607 * Setting lwp_childstksz on the current lwp so that
608 * descendants of this lwp get the modified stacksize, if
609 * it is defined. It is important that either this lwp or
610 * one of its descendants do the actual servicepool thread
611 * creation to maintain the stacksize inheritance.
612 */
616 /* Initialize thread limits, locks and condition variables */
626 /* Initialize userland creator */
633 /* Initialize the creator and start the creator thread */
642 }
644 /*
645 * PSARC 2003/523 Contract Private Interface
646 * svc_pool_create
647 * Changes must be reviewed by Solaris File Sharing
648 * Changes must be communicated to contract-2003-523@sun.com
649 *
650 * Create an kernel RPC server-side thread/transport pool.
651 *
652 * This is public interface for creation of a server RPC thread pool
653 * for a given service provider. Transports registered with the pool's id
654 * will be served by a pool's threads. This function is called from the
655 * nfssys() system call.
656 */
657 int
659 {
664 /*
665 * Caller should check credentials in a way appropriate
666 * in the context of the call.
667 */
670 /* Allocate a new pool */
673 /*
674 * Initialize the pool structure and create a creator thread.
675 */
682 }
684 /* Register the pool with the global pool list */
688 }
690 int
692 {
700 /*
701 * Search the list for a pool with a matching id
702 * and register the transport handle with that pool.
703 */
709 }
710 /*
711 * Grab the transport list lock before releasing the
712 * pool list lock
713 */
723 /*
724 * Search the list for a pool with a matching id
725 * and register the unregister callback handle with that pool.
726 */
732 }
733 /*
734 * Grab the transport list lock before releasing the
735 * pool list lock
736 */
747 }
748 }
750 /*
751 * Pool's transport list manipulation routines.
752 * - svc_xprt_register()
753 * - svc_xprt_unregister()
754 *
755 * svc_xprt_register() is called from svc_tli_kcreate() to
756 * insert a new master transport handle into the doubly linked
757 * list of server transport handles (one list per pool).
758 *
759 * The list is used by svc_poll(), when it operates in `drain'
760 * mode, to search for a next transport with a pending request.
761 */
763 int
765 {
771 /*
772 * Search the list for a pool with a matching id
773 * and register the transport handle with that pool.
774 */
780 }
782 /* Grab the transport list lock before releasing the pool list lock */
786 /* Don't register new transports when the pool is in closing state */
790 }
792 /*
793 * Initialize xp_pool to point to the pool.
794 * We don't want to go through the pool list every time.
795 */
798 /*
799 * Insert a transport handle into the list.
800 * The list head points to the most recently inserted transport.
801 */
812 }
814 /* Increment the transports count */
819 }
821 /*
822 * Called from svc_xprt_cleanup() to remove a master transport handle
823 * from the pool's list of server transports (when a transport is
824 * being destroyed).
825 */
826 void
828 {
831 /*
832 * Unlink xprt from the list.
833 * If the list head points to this xprt then move it
834 * to the next xprt or reset to NULL if this is the last
835 * xprt in the list.
836 */
850 }
854 /* Decrement list count */
858 }
860 static void
862 {
865 }
867 /*
868 * Initialize an `xprt-ready' queue for a given pool.
869 */
870 static void
872 {
877 KM_SLEEP);
887 }
889 /*
890 * Called from the svc_queuereq() interrupt routine to queue
891 * a hint for svc_poll() which transport has a pending request.
892 * - insert a pointer to xprt into the xprt-ready queue (FIFO)
893 * - if the xprt-ready queue is full turn the overflow flag on.
894 *
895 * NOTICE: pool->p_qtop is protected by the pool's request lock
896 * and the caller (svc_queuereq()) must hold the lock.
897 */
898 static void
900 {
903 /* If the overflow flag is on there is nothing we can do */
907 /* If the queue is full turn the overflow flag on and exit */
914 }
916 }
918 /* Insert a hint and move pool->p_qtop */
921 }
923 /*
924 * Called from svc_poll() to get a hint which transport has a
925 * pending request. Returns a pointer to a transport or NULL if the
926 * `xprt-ready' queue is empty.
927 *
928 * Since we do not acquire the pool's request lock while checking if
929 * the queue is empty we may miss a request that is just being delivered.
930 * However this is ok since svc_poll() will retry again until the
931 * count indicates that there are pending requests for this pool.
932 */
935 {
940 /*
941 * If the queue is empty return NULL.
942 * Since we do not acquire the pool's request lock which
943 * protects pool->p_qtop this is not exact check. However,
944 * this is safe - if we miss a request here svc_poll()
945 * will retry again.
946 */
950 }
952 /* Get a hint and move pool->p_qend */
956 /* Skip fields deleted by svc_xprt_qdelete() */
961 }
963 /*
964 * Delete all the references to a transport handle that
965 * is being destroyed from the xprt-ready queue.
966 * Deleted pointers are replaced with NULLs.
967 */
968 static void
970 {
977 }
979 }
981 /*
982 * Destructor for a master server transport handle.
983 * - if there are no more non-detached threads linked to this transport
984 * then, if requested, call xp_closeproc (we don't wait for detached
985 * threads linked to this transport to complete).
986 * - if there are no more threads linked to this
987 * transport then
988 * a) remove references to this transport from the xprt-ready queue
989 * b) remove a reference to this transport from the pool's transport list
990 * c) call a transport specific `destroy' function
991 * d) cancel remaining thread reservations.
992 *
993 * NOTICE: Caller must hold the transport's thread lock.
994 */
995 static void
997 {
1001 /*
1002 * If called from the last non-detached thread
1003 * it should call the closeproc on this transport.
1004 */
1007 }
1012 /* Remove references to xprt from the `xprt-ready' queue */
1015 /* Unregister xprt from the pool's transport list */
1019 }
1020 }
1022 /*
1023 * Find a dispatch routine for a given prog/vers pair.
1024 * This function is called from svc_getreq() to search the callout
1025 * table for an entry with a matching RPC program number `prog'
1026 * and a version range that covers `vers'.
1027 * - if it finds a matching entry it returns pointer to the dispatch routine
1028 * - otherwise it returns NULL and, if `minp' or `maxp' are not NULL,
1029 * fills them with, respectively, lowest version and highest version
1030 * supported for the program `prog'
1031 */
1035 {
1053 }
1054 }
1057 }
1059 /*
1060 * Optionally free callout table allocated for this transport by
1061 * the service provider.
1062 */
1063 static void
1065 {
1071 }
1072 }
1074 /*
1075 * Send a reply to an RPC request
1076 *
1077 * PSARC 2003/523 Contract Private Interface
1078 * svc_sendreply
1079 * Changes must be reviewed by Solaris File Sharing
1080 * Changes must be communicated to contract-2003-523@sun.com
1081 */
1082 bool_t
1085 {
1096 }
1098 /*
1099 * No procedure error reply
1100 *
1101 * PSARC 2003/523 Contract Private Interface
1102 * svcerr_noproc
1103 * Changes must be reviewed by Solaris File Sharing
1104 * Changes must be communicated to contract-2003-523@sun.com
1105 */
1106 void
1108 {
1117 }
1119 /*
1120 * Can't decode arguments error reply
1121 *
1122 * PSARC 2003/523 Contract Private Interface
1123 * svcerr_decode
1124 * Changes must be reviewed by Solaris File Sharing
1125 * Changes must be communicated to contract-2003-523@sun.com
1126 */
1127 void
1129 {
1138 }
1140 /*
1141 * Some system error
1142 */
1143 void
1145 {
1154 }
1156 /*
1157 * Authentication error reply
1158 */
1159 void
1161 {
1170 }
1172 /*
1173 * Authentication too weak error reply
1174 */
1175 void
1177 {
1179 }
1181 /*
1182 * Authentication error; bad credentials
1183 */
1184 void
1186 {
1195 }
1197 /*
1198 * Program unavailable error reply
1199 *
1200 * PSARC 2003/523 Contract Private Interface
1201 * svcerr_noprog
1202 * Changes must be reviewed by Solaris File Sharing
1203 * Changes must be communicated to contract-2003-523@sun.com
1204 */
1205 void
1207 {
1216 }
1218 /*
1219 * Program version mismatch error reply
1220 *
1221 * PSARC 2003/523 Contract Private Interface
1222 * svcerr_progvers
1223 * Changes must be reviewed by Solaris File Sharing
1224 * Changes must be communicated to contract-2003-523@sun.com
1225 */
1226 void
1229 {
1240 }
1242 /*
1243 * Get server side input from some transport.
1244 *
1245 * Statement of authentication parameters management:
1246 * This function owns and manages all authentication parameters, specifically
1247 * the "raw" parameters (msg.rm_call.cb_cred and msg.rm_call.cb_verf) and
1248 * the "cooked" credentials (rqst->rq_clntcred).
1249 * However, this function does not know the structure of the cooked
1250 * credentials, so it make the following assumptions:
1251 * a) the structure is contiguous (no pointers), and
1252 * b) the cred structure size does not exceed RQCRED_SIZE bytes.
1253 * In all events, all three parameters are freed upon exit from this routine.
1254 * The storage is trivially managed on the call stack in user land, but
1255 * is malloced in kernel land.
1256 *
1257 * Note: the xprt's xp_svc_lock is not held while the service's dispatch
1258 * routine is running. If we decide to implement svc_unregister(), we'll
1259 * need to decide whether it's okay for a thread to unregister a service
1260 * while a request is being processed. If we decide that this is a
1261 * problem, we can probably use some sort of reference counting scheme to
1262 * keep the callout entry from going away until the request has completed.
1263 */
1264 static void
1268 {
1277 /*
1278 * Firstly, allocate the authentication parameters' storage
1279 */
1284 /* LINTED pointer alignment */
1290 KM_SLEEP);
1291 }
1296 /*
1297 * Now receive a message from the transport.
1298 */
1301 rpcvers_t vers_min;
1302 rpcvers_t vers_max;
1303 bool_t no_dispatch;
1306 /*
1307 * Find the registered program and call its
1308 * dispatch routine.
1309 */
1316 /*
1317 * First authenticate the message.
1318 */
1325 /*
1326 * Free the arguments.
1327 */
1330 /*
1331 * XXX - when bug id 4053736 is done, remove
1332 * the SVC_FREEARGS() call.
1333 */
1345 /*
1346 * If we got here, the program or version
1347 * is not served ...
1348 */
1352 else
1354 vers_max);
1356 /*
1357 * Free the arguments. For successful calls
1358 * this is done by the dispatch routine.
1359 */
1361 /* Fall through to ... */
1362 }
1363 /*
1364 * Call cleanup procedure for RPCSEC_GSS.
1365 * This is a hack since there is currently no
1366 * op, such as SVC_CLEANAUTH. rpc_gss_cleanup
1367 * should only be called for a non null proc.
1368 * Null procs in RPC GSS are overloaded to
1369 * provide context setup and control. The main
1370 * purpose of rpc_gss_cleanup is to decrement the
1371 * reference count associated with the cached
1372 * GSS security context. We should never get here
1373 * for an RPCSEC_GSS null proc since *no_dispatch
1374 * would have been set to true from sec_svc_msg above.
1375 */
1378 }
1379 }
1381 /*
1382 * Free authentication parameters' storage
1383 */
1385 /* LINTED pointer alignment */
1389 }
1391 /*
1392 * Allocate new clone transport handle.
1393 */
1394 SVCXPRT *
1396 {
1402 }
1404 /*
1405 * Free memory allocated by svc_clone_init.
1406 */
1407 void
1409 {
1410 /* Fre credentials from crget() */
1414 }
1416 /*
1417 * Link a per-thread clone transport handle to a master
1418 * - increment a thread reference count on the master
1419 * - copy some of the master's fields to the clone
1420 * - call a transport specific clone routine.
1421 */
1422 void
1424 {
1429 /*
1430 * Bump up master's thread count.
1431 * Linking a per-thread clone transport handle to a master
1432 * associates a service thread with the master.
1433 */
1438 /* Clear everything */
1441 /* Set pointer to the master transport stucture */
1444 /* Structure copy of all the common fields */
1447 /* Restore per-thread fields (xp_cred) */
1452 }
1454 /*
1455 * Unlink a non-detached clone transport handle from a master
1456 * - decrement a thread reference count on the master
1457 * - if the transport is closing (xp_wq is NULL) call svc_xprt_cleanup();
1458 * if this is the last non-detached/absolute thread on this transport
1459 * then it will close/destroy the transport
1460 * - call transport specific function to destroy the clone handle
1461 * - clear xp_master to avoid recursion.
1462 */
1463 void
1465 {
1468 /* This cannot be a detached thread */
1472 /* Decrement a reference count on the transport */
1476 /* svc_xprt_cleanup() unlocks xp_thread_lock or destroys xprt */
1479 else
1482 /* Call a transport specific clone `destroy' function */
1485 /* Clear xp_master */
1487 }
1489 /*
1490 * Unlink a detached clone transport handle from a master
1491 * - decrement the thread count on the master
1492 * - if the transport is closing (xp_wq is NULL) call svc_xprt_cleanup();
1493 * if this is the last thread on this transport then it will destroy
1494 * the transport.
1495 * - call a transport specific function to destroy the clone handle
1496 * - clear xp_master to avoid recursion.
1497 */
1498 static void
1500 {
1503 /* This must be a detached thread */
1508 /* Grab xprt->xp_thread_lock and decrement link counts */
1512 /* svc_xprt_cleanup() unlocks xp_thread_lock or destroys xprt */
1515 else
1518 /* Call transport specific clone `destroy' function */
1521 /* Clear xp_master */
1523 }
1525 /*
1526 * Try to exit a non-detached service thread
1527 * - check if there are enough threads left
1528 * - if this thread (ie its clone transport handle) are linked
1529 * to a master transport then unlink it
1530 * - free the clone structure
1531 * - return to userland for thread exit
1532 *
1533 * If this is the last non-detached or the last thread on this
1534 * transport then the call to svc_clone_unlink() will, respectively,
1535 * close and/or destroy the transport.
1536 */
1537 static void
1539 {
1547 /* return - thread exit will be handled at user level */
1551 /* return - thread exit will be handled at user level */
1552 }
1554 /*
1555 * Exit a detached service thread that returned to svc_run
1556 * - decrement the `detached thread' count for the pool
1557 * - unlink the detached clone transport handle from the master
1558 * - free the clone structure
1559 * - return to userland for thread exit
1560 *
1561 * If this is the last thread on this transport then the call
1562 * to svc_clone_unlinkdetached() will destroy the transport.
1563 */
1564 static void
1566 {
1567 /* This must be a detached thread */
1582 /* return - thread exit will be handled at user level */
1586 /* return - thread exit will be handled at user level */
1587 }
1589 /*
1590 * PSARC 2003/523 Contract Private Interface
1591 * svc_wait
1592 * Changes must be reviewed by Solaris File Sharing
1593 * Changes must be communicated to contract-2003-523@sun.com
1594 */
1595 int
1597 {
1612 /* Check if there's already a user thread waiting on this pool */
1616 }
1620 /* Go to sleep, waiting for the signaled flag. */
1623 /* Interrupted, return to handle exit or signal */
1628 /*
1629 * Thread has been interrupted and therefore
1630 * the service daemon is leaving as well so
1631 * let's go ahead and remove the service
1632 * pool at this time.
1633 */
1639 }
1640 }
1645 /*
1646 * About to exit the service pool. Set return value
1647 * to let the userland code know our intent. Signal
1648 * svc_thread_creator() so that it can clean up the
1649 * pool structure.
1650 */
1654 }
1658 /* Return to userland with error code, for possible thread creation. */
1660 }
1662 /*
1663 * `Service threads' creator thread.
1664 * The creator thread waits for a signal to create new thread.
1665 */
1666 static void
1668 {
1677 /* Check if someone set the exit flag */
1681 /* Clear the `signaled' flag and go asleep */
1688 /* Check if someone signaled to exit */
1696 /*
1697 * When the pool is in closing state and all the transports
1698 * are gone the creator should not create any new threads.
1699 */
1706 }
1708 }
1710 /*
1711 * Create a new service thread now.
1712 */
1718 /*
1719 * Signal the service pool wait thread
1720 * only if it hasn't already been signaled.
1721 */
1726 }
1729 }
1732 }
1734 /*
1735 * Pool is closed. Cleanup and exit.
1736 */
1738 /* Signal userland creator thread that it can stop now. */
1744 /* Wait for svc_wait() to be done with the pool */
1750 }
1756 }
1758 /*
1759 * If the creator thread is idle signal it to create
1760 * a new service thread.
1761 */
1762 static void
1764 {
1769 }
1771 }
1773 /*
1774 * Notify the creator thread to clean up and exit.
1775 */
1776 static void
1778 {
1783 }
1785 /*
1786 * Polling part of the svc_run().
1787 * - search for a transport with a pending request
1788 * - when one is found then latch the request lock and return to svc_run()
1789 * - if there is no request go asleep and wait for a signal
1790 * - handle two exceptions:
1791 * a) current transport is closing
1792 * b) timeout waiting for a new request
1793 * in both cases return to svc_run()
1794 */
1797 {
1798 /*
1799 * Main loop iterates until
1800 * a) we find a pending request,
1801 * b) detect that the current transport is closing
1802 * c) time out waiting for a new request.
1803 */
1808 /*
1809 * Step 1.
1810 * Check if there is a pending request on the current
1811 * transport handle so that we can avoid cloning.
1812 * If so then decrement the `pending-request' count for
1813 * the pool and return to svc_run().
1814 *
1815 * We need to prevent a potential starvation. When
1816 * a selected transport has all pending requests coming in
1817 * all the time then the service threads will never switch to
1818 * another transport. With a limited number of service
1819 * threads some transports may be never serviced.
1820 * To prevent such a scenario we pick up at most
1821 * pool->p_max_same_xprt requests from the same transport
1822 * and then take a hint from the xprt-ready queue or walk
1823 * the transport list.
1824 */
1831 }
1834 /*
1835 * Step 2.
1836 * If there is no request on the current transport try to
1837 * find another transport with a pending request.
1838 */
1843 /*
1844 * Make sure that transports will not be destroyed just
1845 * while we are checking them.
1846 */
1852 /*
1853 * Get the next transport from the xprt-ready queue.
1854 * This is a hint. There is no guarantee that the
1855 * transport still has a pending request since it
1856 * could be picked up by another thread in step 1.
1857 *
1858 * If the transport has a pending request then keep
1859 * it locked. Decrement the `pending-requests' for
1860 * the pool and `walking-threads' counts, and return
1861 * to svc_run().
1862 */
1875 }
1877 }
1879 /*
1880 * If there was no hint in the xprt-ready queue then
1881 * - if there is less pending requests than polling
1882 * threads go asleep
1883 * - otherwise check if there was an overflow in the
1884 * xprt-ready queue; if so, then we need to break
1885 * the `drain' mode
1886 */
1893 }
1896 }
1897 }
1898 }
1900 /*
1901 * If there was an overflow in the xprt-ready queue then we
1902 * need to switch to the `drain' mode, i.e. walk through the
1903 * pool's transport list and search for a transport with a
1904 * pending request. If we manage to drain all the pending
1905 * requests then we can clear the overflow flag. This will
1906 * switch svc_poll() back to taking hints from the xprt-ready
1907 * queue (which is generally more efficient).
1908 *
1909 * If there are no registered transports simply go asleep.
1910 */
1914 }
1916 /*
1917 * `Walk' through the pool's list of master server
1918 * transport handles. Continue to loop until there are less
1919 * looping threads then pending requests.
1920 */
1924 /*
1925 * Check if there is a request on this transport.
1926 *
1927 * Since blocking on a locked mutex is very expensive
1928 * check for a request without a lock first. If we miss
1929 * a request that is just being delivered but this will
1930 * cost at most one full walk through the list.
1931 */
1933 /*
1934 * Check again, now with a lock.
1935 */
1945 }
1947 }
1949 /*
1950 * Continue to `walk' through the pool's
1951 * transport list until there is less requests
1952 * than walkers. Check this condition without
1953 * a lock first to avoid contention on a mutex.
1954 */
1956 /* Check again, now with the lock. */
1961 }
1964 }
1966 sleep:
1967 /*
1968 * No work to do. Stop the `walk' and go asleep.
1969 * Decrement the `walking-threads' count for the pool.
1970 */
1974 /*
1975 * Count us as asleep, mark this thread as safe
1976 * for suspend and wait for a request.
1977 */
1982 /*
1983 * If the drowsy flag is on this means that
1984 * someone has signaled a wakeup. In such a case
1985 * the `asleep-threads' count has already updated
1986 * so just clear the flag.
1987 *
1988 * If the drowsy flag is off then we need to update
1989 * the `asleep-threads' count.
1990 */
1993 /*
1994 * If the thread is here because it timedout,
1995 * instead of returning SVC_ETIMEDOUT, it is
1996 * time to do some more work.
1997 */
2002 }
2005 /*
2006 * If we received a signal while waiting for a
2007 * request, inform svc_run(), so that we can return
2008 * to user level and exit.
2009 */
2013 /*
2014 * If the current transport is gone then notify
2015 * svc_run() to unlink from it.
2016 */
2020 /*
2021 * If we have timed out waiting for a request inform
2022 * svc_run() that we probably don't need this thread.
2023 */
2026 }
2027 }
2029 /*
2030 * calculate memory space used by message
2031 */
2032 static size_t
2034 {
2041 }
2043 /*
2044 * svc_flowcontrol() attempts to turn the flow control on or off for the
2045 * transport.
2046 *
2047 * On input the xprt->xp_full determines whether the flow control is currently
2048 * off (FALSE) or on (TRUE). If it is off we do tests to see whether we should
2049 * turn it on, and vice versa.
2050 *
2051 * There are two conditions considered for the flow control. Both conditions
2052 * have the low and the high watermark. Once the high watermark is reached in
2053 * EITHER condition the flow control is turned on. For turning the flow
2054 * control off BOTH conditions must be below the low watermark.
2055 *
2056 * Condition #1 - Number of requests queued:
2057 *
2058 * The max number of threads working on the pool is roughly pool->p_maxthreads.
2059 * Every thread could handle up to pool->p_max_same_xprt requests from one
2060 * transport before it moves to another transport. See svc_poll() for details.
2061 * In case all threads in the pool are working on a transport they will handle
2062 * no more than enough_reqs (pool->p_maxthreads * pool->p_max_same_xprt)
2063 * requests in one shot from that transport. We are turning the flow control
2064 * on once the high watermark is reached for a transport so that the underlying
2065 * queue knows the rate of incoming requests is higher than we are able to
2066 * handle.
2067 *
2068 * The high watermark: 2 * enough_reqs
2069 * The low watermark: enough_reqs
2070 *
2071 * Condition #2 - Length of the data payload for the queued messages/requests:
2072 *
2073 * We want to prevent a particular pool exhausting the memory, so once the
2074 * total length of queued requests for the whole pool reaches the high
2075 * watermark we start to turn on the flow control for significant memory
2076 * consumers (individual transports). To keep the implementation simple
2077 * enough, this condition is not exact, because we count only the data part of
2078 * the queued requests and we ignore the overhead. For our purposes this
2079 * should be enough. We should also consider that up to pool->p_maxthreads
2080 * threads for the pool might work on large requests (this is not counted for
2081 * this condition). We need to leave some space for rest of the system and for
2082 * other big memory consumers (like ZFS). Also, after the flow control is
2083 * turned on (on cots transports) we can start to accumulate a few megabytes in
2084 * queues for each transport.
2085 *
2086 * Usually, the big memory consumers are NFS WRITE requests, so we do not
2087 * expect to see this condition met for other than NFS pools.
2088 *
2089 * The high watermark: 1/5 of available memory
2090 * The low watermark: 1/6 of available memory
2091 *
2092 * Once the high watermark is reached we turn the flow control on only for
2093 * transports exceeding a per-transport memory limit. The per-transport
2094 * fraction of memory is calculated as:
2095 *
2096 * the high watermark / number of transports
2097 *
2098 * For transports with less than the per-transport fraction of memory consumed,
2099 * the flow control is not turned on, so they are not blocked by a few "hungry"
2100 * transports. Because of this, the total memory consumption for the
2101 * particular pool might grow up to 2 * the high watermark.
2102 *
2103 * The individual transports are unblocked once their consumption is below:
2104 *
2105 * per-transport fraction of memory / 2
2106 *
2107 * or once the total memory consumption for the whole pool falls below the low
2108 * watermark.
2109 *
2110 */
2111 static void
2113 {
2120 /* Should we turn the flow control on? */
2122 /* Is flow control disabled? */
2126 /* Is there enough requests queued? */
2130 }
2132 /*
2133 * If this pool uses over 20% of memory and this transport is
2134 * significant memory consumer then we are full
2135 */
2141 }
2143 /* We might want to turn the flow control off */
2145 /* Do we still have enough requests? */
2149 /*
2150 * If this pool still uses over 16% of memory and this transport is
2151 * still significant memory consumer then we are still full
2152 */
2157 /* Turn the flow control off and make sure rpcmod is notified */
2160 }
2162 /*
2163 * Main loop of the kernel RPC server
2164 * - wait for input (find a transport with a pending request).
2165 * - dequeue the request
2166 * - call a registered server routine to process the requests
2167 *
2168 * There can many threads running concurrently in this loop
2169 * on the same or on different transports.
2170 */
2171 static int
2173 {
2178 /* Allocate a clone transport handle for this thread */
2181 /*
2182 * The loop iterates until the thread becomes
2183 * idle too long or the transport is gone.
2184 */
2188 bool_t enable;
2193 /*
2194 * If the process is exiting/killed, return
2195 * immediately without processing any more
2196 * requests.
2197 */
2201 }
2203 /* Find a transport with a pending request */
2206 /*
2207 * If svc_poll() finds a transport with a request
2208 * it latches xp_req_lock on it. Therefore we need
2209 * to dequeue the request and release the lock as
2210 * soon as possible.
2211 */
2218 /* Ooops! Current transport is closing. Unlink now */
2223 }
2225 /* Ooops! Timeout while waiting for a request. Exit */
2229 }
2231 /*
2232 * Interrupted by a signal while waiting for a
2233 * request. Return to userspace and exit.
2234 */
2238 }
2240 /*
2241 * De-queue the request and release the request lock
2242 * on this transport (latched by svc_poll()).
2243 */
2266 /*
2267 * If this is a new request on a current transport then
2268 * the clone structure is already properly initialized.
2269 * Otherwise, if the request is on a different transport,
2270 * unlink from the current master and link to
2271 * the one we got a request on.
2272 */
2278 }
2280 /*
2281 * If there are more requests and req_cv hasn't
2282 * been signaled yet then wake up one more thread now.
2283 *
2284 * We avoid signaling req_cv until the most recently
2285 * signaled thread wakes up and gets CPU to clear
2286 * the `drowsy' flag.
2287 */
2301 }
2302 }
2304 /*
2305 * If there are no asleep/signaled threads, we are
2306 * still below pool->p_maxthreads limit, and no thread is
2307 * currently being created then signal the creator
2308 * for one more service thread.
2309 *
2310 * The asleep and drowsy checks are not protected
2311 * by a lock since it hurts performance and a wrong
2312 * decision is not essential.
2313 */
2319 /*
2320 * Process the request.
2321 */
2324 /* If thread had a reservation it should have been canceled */
2327 /*
2328 * If the clone is marked detached then exit.
2329 * The rpcmod slot has already been released
2330 * when we detached this thread.
2331 */
2335 }
2337 /*
2338 * Release our reference on the rpcmod
2339 * slot attached to xp_wq->q_ptr.
2340 */
2347 }
2348 /* NOTREACHED */
2349 }
2351 /*
2352 * Flush any pending requests for the queue and
2353 * free the associated mblks.
2354 */
2355 void
2357 {
2362 /*
2363 * clean up the requests
2364 */
2368 /* remove the request from the list */
2372 }
2384 }
2386 /*
2387 * This routine is called by rpcmod to inform kernel RPC that a
2388 * queue is closing. It is called after all the requests have been
2389 * picked up (that is after all the slots on the queue have
2390 * been released by kernel RPC). It is also guaranteed that no more
2391 * request will be delivered on this transport.
2392 *
2393 * - clear xp_wq to mark the master server transport handle as closing
2394 * - if there are no more threads on this transport close/destroy it
2395 * - otherwise, leave the linked threads to close/destroy the transport
2396 * later.
2397 */
2398 void
2400 {
2404 /*
2405 * If there is no master xprt associated with this stream,
2406 * then there is nothing to do. This happens regularly
2407 * with connection-oriented listening streams created by
2408 * nfsd.
2409 */
2411 }
2423 /*
2424 * svc_xprt_cleanup() destroys the transport
2425 * or releases the transport thread lock
2426 */
2431 /*
2432 * If the pool is in closing state and this was
2433 * the last transport in the pool then signal the creator
2434 * thread to clean up and exit.
2435 */
2438 }
2441 /*
2442 * There are still some threads linked to the transport. They
2443 * are very likely sleeping in svc_poll(). We could wake up
2444 * them by broadcasting on the p_req_cv condition variable, but
2445 * that might give us a performance penalty if there are too
2446 * many sleeping threads.
2447 *
2448 * Instead, we do nothing here. The linked threads will unlink
2449 * themselves and destroy the transport once they are woken up
2450 * on timeout, or by new request. There is no reason to hurry
2451 * up now with the thread wake up.
2452 */
2454 /*
2455 * NOTICE: No references to the master transport structure
2456 * beyond this point!
2457 */
2459 }
2460 }
2462 /*
2463 * Interrupt `request delivery' routine called from rpcmod
2464 * - put a request at the tail of the transport request queue
2465 * - insert a hint for svc_poll() into the xprt-ready queue
2466 * - increment the `pending-requests' count for the pool
2467 * - handle flow control
2468 * - wake up a thread sleeping in svc_poll() if necessary
2469 * - if all the threads are running ask the creator for a new one.
2470 */
2471 bool_t
2473 {
2480 /*
2481 * Step 1.
2482 * Grab the transport's request lock and the
2483 * pool's request lock so that when we put
2484 * the request at the tail of the transport's
2485 * request queue, possibly put the request on
2486 * the xprt ready queue and increment the
2487 * pending request count it looks atomic.
2488 */
2494 }
2499 else
2503 /*
2504 * Step 2.
2505 * Insert a hint into the xprt-ready queue, increment
2506 * counters, handle flow control, and wake up
2507 * a thread sleeping in svc_poll() if necessary.
2508 */
2510 /* Insert pointer to this transport into the xprt-ready queue */
2513 /* Increment counters */
2521 /* Handle flow control */
2528 /*
2529 * If there are more requests and req_cv hasn't
2530 * been signaled yet then wake up one more thread now.
2531 *
2532 * We avoid signaling req_cv until the most recently
2533 * signaled thread wakes up and gets CPU to clear
2534 * the `drowsy' flag.
2535 */
2543 /*
2544 * Signal wakeup and drop the request lock.
2545 */
2548 }
2551 /*
2552 * Step 3.
2553 * If there are no asleep/signaled threads, we are
2554 * still below pool->p_maxthreads limit, and no thread is
2555 * currently being created then signal the creator
2556 * for one more service thread.
2557 *
2558 * The asleep and drowsy checks are not not protected
2559 * by a lock since it hurts performance and a wrong
2560 * decision is not essential.
2561 */
2570 }
2572 /*
2573 * Reserve a service thread so that it can be detached later.
2574 * This reservation is required to make sure that when it tries to
2575 * detach itself the total number of detached threads does not exceed
2576 * pool->p_maxthreads - pool->p_redline (i.e. that we can have
2577 * up to pool->p_redline non-detached threads).
2578 *
2579 * If the thread does not detach itself later, it should cancel the
2580 * reservation before returning to svc_run().
2581 *
2582 * - check if there is room for more reserved/detached threads
2583 * - if so, then increment the `reserved threads' count for the pool
2584 * - mark the thread as reserved (setting the flag in the clone transport
2585 * handle for this thread
2586 * - returns 1 if the reservation succeeded, 0 if it failed.
2587 */
2588 int
2590 {
2593 /* Recursive reservations are not allowed */
2597 /* Check pool counts if there is room for reservation */
2603 }
2607 /* Mark the thread (clone handle) as reserved */
2611 }
2613 /*
2614 * Cancel a reservation for a thread.
2615 * - decrement the `reserved threads' count for the pool
2616 * - clear the flag in the clone transport handle for this thread.
2617 */
2618 void
2620 {
2623 /* Thread must have a reservation */
2627 /* Decrement global count */
2632 /* Clear reservation flag */
2634 }
2636 /*
2637 * Detach a thread from its transport, so that it can block for an
2638 * extended time. Because the transport can be closed after the thread is
2639 * detached, the thread should have already sent off a reply if it was
2640 * going to send one.
2641 *
2642 * - decrement `non-detached threads' count and increment `detached threads'
2643 * counts for the transport
2644 * - decrement the `non-detached threads' and `reserved threads'
2645 * counts and increment the `detached threads' count for the pool
2646 * - release the rpcmod slot
2647 * - mark the clone (thread) as detached.
2648 *
2649 * No need to return a pointer to the thread's CPR information, since
2650 * the thread has a userland identity.
2651 *
2652 * NOTICE: a thread must not detach itself without making a prior reservation
2653 * through svc_thread_reserve().
2654 */
2655 callb_cpr_t *
2657 {
2660 bool_t enable;
2662 /* Thread must have a reservation */
2666 /* Bookkeeping for this transport */
2672 /* Bookkeeping for the pool */
2679 /* Release an rpcmod slot for this request */
2687 /* Mark the clone (thread) as detached */
2692 }
2694 /*
2695 * This routine is responsible for extracting RDMA plugin master XPRT,
2696 * unregister from the SVCPOOL and initiate plugin specific cleanup.
2697 * It is passed a list/group of rdma transports as records which are
2698 * active in a given registered or unregistered kRPC thread pool. Its shuts
2699 * all active rdma transports in that pool. If the thread active on the trasport
2700 * happens to be last thread for that pool, it will signal the creater thread
2701 * to cleanup the pool and destroy the xprt in svc_queueclose()
2702 */
2703 void
2705 {
2732 /* remove the request from the list */
2739 }
2750 #ifdef DEBUG
2753 #endif
2754 /*
2755 * Free the rdma transport record for the expunged rdma
2756 * based master transport handle.
2757 */
2761 }
2762 }
2765 /*
2766 * rpc_msg_dup/rpc_msg_free
2767 * Currently only used by svc_rpcsec_gss.c but put in this file as it
2768 * may be useful to others in the future.
2769 * But future consumers should be careful cuz so far
2770 * - only tested/used for call msgs (not reply)
2771 * - only tested/used with call verf oa_length==0
2772 */
2775 {
2789 /* dup opaque auth call body cred */
2800 /* dup or just alloc opaque auth call body verifier */
2818 }
2821 error:
2825 }
2827 void
2829 {
2842 }