Avoid beyond bounds copy while caching ACL
[zen-stable.git] / net / tipc / subscr.c
blob8c49566da8f3b2f4653b0a7be8bd47cdc2884eb6
1 /*
2 * net/tipc/subscr.c: TIPC network topology service
4 * Copyright (c) 2000-2006, Ericsson AB
5 * Copyright (c) 2005-2007, 2010-2011, Wind River Systems
6 * All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the names of the copyright holders nor the names of its
17 * contributors may be used to endorse or promote products derived from
18 * this software without specific prior written permission.
20 * Alternatively, this software may be distributed under the terms of the
21 * GNU General Public License ("GPL") version 2 as published by the Free
22 * Software Foundation.
24 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
25 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
34 * POSSIBILITY OF SUCH DAMAGE.
37 #include "core.h"
38 #include "name_table.h"
39 #include "port.h"
40 #include "subscr.h"
42 /**
43 * struct tipc_subscriber - TIPC network topology subscriber
44 * @port_ref: object reference to server port connecting to subscriber
45 * @lock: pointer to spinlock controlling access to subscriber's server port
46 * @subscriber_list: adjacent subscribers in top. server's list of subscribers
47 * @subscription_list: list of subscription objects for this subscriber
50 struct tipc_subscriber {
51 u32 port_ref;
52 spinlock_t *lock;
53 struct list_head subscriber_list;
54 struct list_head subscription_list;
57 /**
58 * struct top_srv - TIPC network topology subscription service
59 * @user_ref: TIPC userid of subscription service
60 * @setup_port: reference to TIPC port that handles subscription requests
61 * @subscription_count: number of active subscriptions (not subscribers!)
62 * @subscriber_list: list of ports subscribing to service
63 * @lock: spinlock govering access to subscriber list
66 struct top_srv {
67 u32 setup_port;
68 atomic_t subscription_count;
69 struct list_head subscriber_list;
70 spinlock_t lock;
73 static struct top_srv topsrv;
75 /**
76 * htohl - convert value to endianness used by destination
77 * @in: value to convert
78 * @swap: non-zero if endianness must be reversed
80 * Returns converted value
83 static u32 htohl(u32 in, int swap)
85 return swap ? swab32(in) : in;
88 /**
89 * subscr_send_event - send a message containing a tipc_event to the subscriber
91 * Note: Must not hold subscriber's server port lock, since tipc_send() will
92 * try to take the lock if the message is rejected and returned!
95 static void subscr_send_event(struct tipc_subscription *sub,
96 u32 found_lower,
97 u32 found_upper,
98 u32 event,
99 u32 port_ref,
100 u32 node)
102 struct iovec msg_sect;
104 msg_sect.iov_base = (void *)&sub->evt;
105 msg_sect.iov_len = sizeof(struct tipc_event);
107 sub->evt.event = htohl(event, sub->swap);
108 sub->evt.found_lower = htohl(found_lower, sub->swap);
109 sub->evt.found_upper = htohl(found_upper, sub->swap);
110 sub->evt.port.ref = htohl(port_ref, sub->swap);
111 sub->evt.port.node = htohl(node, sub->swap);
112 tipc_send(sub->server_ref, 1, &msg_sect, msg_sect.iov_len);
116 * tipc_subscr_overlap - test for subscription overlap with the given values
118 * Returns 1 if there is overlap, otherwise 0.
121 int tipc_subscr_overlap(struct tipc_subscription *sub,
122 u32 found_lower,
123 u32 found_upper)
126 if (found_lower < sub->seq.lower)
127 found_lower = sub->seq.lower;
128 if (found_upper > sub->seq.upper)
129 found_upper = sub->seq.upper;
130 if (found_lower > found_upper)
131 return 0;
132 return 1;
136 * tipc_subscr_report_overlap - issue event if there is subscription overlap
138 * Protected by nameseq.lock in name_table.c
141 void tipc_subscr_report_overlap(struct tipc_subscription *sub,
142 u32 found_lower,
143 u32 found_upper,
144 u32 event,
145 u32 port_ref,
146 u32 node,
147 int must)
149 if (!tipc_subscr_overlap(sub, found_lower, found_upper))
150 return;
151 if (!must && !(sub->filter & TIPC_SUB_PORTS))
152 return;
154 subscr_send_event(sub, found_lower, found_upper, event, port_ref, node);
158 * subscr_timeout - subscription timeout has occurred
161 static void subscr_timeout(struct tipc_subscription *sub)
163 struct tipc_port *server_port;
165 /* Validate server port reference (in case subscriber is terminating) */
167 server_port = tipc_port_lock(sub->server_ref);
168 if (server_port == NULL)
169 return;
171 /* Validate timeout (in case subscription is being cancelled) */
173 if (sub->timeout == TIPC_WAIT_FOREVER) {
174 tipc_port_unlock(server_port);
175 return;
178 /* Unlink subscription from name table */
180 tipc_nametbl_unsubscribe(sub);
182 /* Unlink subscription from subscriber */
184 list_del(&sub->subscription_list);
186 /* Release subscriber's server port */
188 tipc_port_unlock(server_port);
190 /* Notify subscriber of timeout */
192 subscr_send_event(sub, sub->evt.s.seq.lower, sub->evt.s.seq.upper,
193 TIPC_SUBSCR_TIMEOUT, 0, 0);
195 /* Now destroy subscription */
197 k_term_timer(&sub->timer);
198 kfree(sub);
199 atomic_dec(&topsrv.subscription_count);
203 * subscr_del - delete a subscription within a subscription list
205 * Called with subscriber port locked.
208 static void subscr_del(struct tipc_subscription *sub)
210 tipc_nametbl_unsubscribe(sub);
211 list_del(&sub->subscription_list);
212 kfree(sub);
213 atomic_dec(&topsrv.subscription_count);
217 * subscr_terminate - terminate communication with a subscriber
219 * Called with subscriber port locked. Routine must temporarily release lock
220 * to enable subscription timeout routine(s) to finish without deadlocking;
221 * the lock is then reclaimed to allow caller to release it upon return.
222 * (This should work even in the unlikely event some other thread creates
223 * a new object reference in the interim that uses this lock; this routine will
224 * simply wait for it to be released, then claim it.)
227 static void subscr_terminate(struct tipc_subscriber *subscriber)
229 u32 port_ref;
230 struct tipc_subscription *sub;
231 struct tipc_subscription *sub_temp;
233 /* Invalidate subscriber reference */
235 port_ref = subscriber->port_ref;
236 subscriber->port_ref = 0;
237 spin_unlock_bh(subscriber->lock);
239 /* Sever connection to subscriber */
241 tipc_shutdown(port_ref);
242 tipc_deleteport(port_ref);
244 /* Destroy any existing subscriptions for subscriber */
246 list_for_each_entry_safe(sub, sub_temp, &subscriber->subscription_list,
247 subscription_list) {
248 if (sub->timeout != TIPC_WAIT_FOREVER) {
249 k_cancel_timer(&sub->timer);
250 k_term_timer(&sub->timer);
252 subscr_del(sub);
255 /* Remove subscriber from topology server's subscriber list */
257 spin_lock_bh(&topsrv.lock);
258 list_del(&subscriber->subscriber_list);
259 spin_unlock_bh(&topsrv.lock);
261 /* Reclaim subscriber lock */
263 spin_lock_bh(subscriber->lock);
265 /* Now destroy subscriber */
267 kfree(subscriber);
271 * subscr_cancel - handle subscription cancellation request
273 * Called with subscriber port locked. Routine must temporarily release lock
274 * to enable the subscription timeout routine to finish without deadlocking;
275 * the lock is then reclaimed to allow caller to release it upon return.
277 * Note that fields of 's' use subscriber's endianness!
280 static void subscr_cancel(struct tipc_subscr *s,
281 struct tipc_subscriber *subscriber)
283 struct tipc_subscription *sub;
284 struct tipc_subscription *sub_temp;
285 int found = 0;
287 /* Find first matching subscription, exit if not found */
289 list_for_each_entry_safe(sub, sub_temp, &subscriber->subscription_list,
290 subscription_list) {
291 if (!memcmp(s, &sub->evt.s, sizeof(struct tipc_subscr))) {
292 found = 1;
293 break;
296 if (!found)
297 return;
299 /* Cancel subscription timer (if used), then delete subscription */
301 if (sub->timeout != TIPC_WAIT_FOREVER) {
302 sub->timeout = TIPC_WAIT_FOREVER;
303 spin_unlock_bh(subscriber->lock);
304 k_cancel_timer(&sub->timer);
305 k_term_timer(&sub->timer);
306 spin_lock_bh(subscriber->lock);
308 subscr_del(sub);
312 * subscr_subscribe - create subscription for subscriber
314 * Called with subscriber port locked.
317 static struct tipc_subscription *subscr_subscribe(struct tipc_subscr *s,
318 struct tipc_subscriber *subscriber)
320 struct tipc_subscription *sub;
321 int swap;
323 /* Determine subscriber's endianness */
325 swap = !(s->filter & (TIPC_SUB_PORTS | TIPC_SUB_SERVICE));
327 /* Detect & process a subscription cancellation request */
329 if (s->filter & htohl(TIPC_SUB_CANCEL, swap)) {
330 s->filter &= ~htohl(TIPC_SUB_CANCEL, swap);
331 subscr_cancel(s, subscriber);
332 return NULL;
335 /* Refuse subscription if global limit exceeded */
337 if (atomic_read(&topsrv.subscription_count) >= tipc_max_subscriptions) {
338 warn("Subscription rejected, subscription limit reached (%u)\n",
339 tipc_max_subscriptions);
340 subscr_terminate(subscriber);
341 return NULL;
344 /* Allocate subscription object */
346 sub = kmalloc(sizeof(*sub), GFP_ATOMIC);
347 if (!sub) {
348 warn("Subscription rejected, no memory\n");
349 subscr_terminate(subscriber);
350 return NULL;
353 /* Initialize subscription object */
355 sub->seq.type = htohl(s->seq.type, swap);
356 sub->seq.lower = htohl(s->seq.lower, swap);
357 sub->seq.upper = htohl(s->seq.upper, swap);
358 sub->timeout = htohl(s->timeout, swap);
359 sub->filter = htohl(s->filter, swap);
360 if ((!(sub->filter & TIPC_SUB_PORTS) ==
361 !(sub->filter & TIPC_SUB_SERVICE)) ||
362 (sub->seq.lower > sub->seq.upper)) {
363 warn("Subscription rejected, illegal request\n");
364 kfree(sub);
365 subscr_terminate(subscriber);
366 return NULL;
368 INIT_LIST_HEAD(&sub->nameseq_list);
369 list_add(&sub->subscription_list, &subscriber->subscription_list);
370 sub->server_ref = subscriber->port_ref;
371 sub->swap = swap;
372 memcpy(&sub->evt.s, s, sizeof(struct tipc_subscr));
373 atomic_inc(&topsrv.subscription_count);
374 if (sub->timeout != TIPC_WAIT_FOREVER) {
375 k_init_timer(&sub->timer,
376 (Handler)subscr_timeout, (unsigned long)sub);
377 k_start_timer(&sub->timer, sub->timeout);
380 return sub;
384 * subscr_conn_shutdown_event - handle termination request from subscriber
386 * Called with subscriber's server port unlocked.
389 static void subscr_conn_shutdown_event(void *usr_handle,
390 u32 port_ref,
391 struct sk_buff **buf,
392 unsigned char const *data,
393 unsigned int size,
394 int reason)
396 struct tipc_subscriber *subscriber = usr_handle;
397 spinlock_t *subscriber_lock;
399 if (tipc_port_lock(port_ref) == NULL)
400 return;
402 subscriber_lock = subscriber->lock;
403 subscr_terminate(subscriber);
404 spin_unlock_bh(subscriber_lock);
408 * subscr_conn_msg_event - handle new subscription request from subscriber
410 * Called with subscriber's server port unlocked.
413 static void subscr_conn_msg_event(void *usr_handle,
414 u32 port_ref,
415 struct sk_buff **buf,
416 const unchar *data,
417 u32 size)
419 struct tipc_subscriber *subscriber = usr_handle;
420 spinlock_t *subscriber_lock;
421 struct tipc_subscription *sub;
424 * Lock subscriber's server port (& make a local copy of lock pointer,
425 * in case subscriber is deleted while processing subscription request)
428 if (tipc_port_lock(port_ref) == NULL)
429 return;
431 subscriber_lock = subscriber->lock;
433 if (size != sizeof(struct tipc_subscr)) {
434 subscr_terminate(subscriber);
435 spin_unlock_bh(subscriber_lock);
436 } else {
437 sub = subscr_subscribe((struct tipc_subscr *)data, subscriber);
438 spin_unlock_bh(subscriber_lock);
439 if (sub != NULL) {
442 * We must release the server port lock before adding a
443 * subscription to the name table since TIPC needs to be
444 * able to (re)acquire the port lock if an event message
445 * issued by the subscription process is rejected and
446 * returned. The subscription cannot be deleted while
447 * it is being added to the name table because:
448 * a) the single-threading of the native API port code
449 * ensures the subscription cannot be cancelled and
450 * the subscriber connection cannot be broken, and
451 * b) the name table lock ensures the subscription
452 * timeout code cannot delete the subscription,
453 * so the subscription object is still protected.
456 tipc_nametbl_subscribe(sub);
462 * subscr_named_msg_event - handle request to establish a new subscriber
465 static void subscr_named_msg_event(void *usr_handle,
466 u32 port_ref,
467 struct sk_buff **buf,
468 const unchar *data,
469 u32 size,
470 u32 importance,
471 struct tipc_portid const *orig,
472 struct tipc_name_seq const *dest)
474 struct tipc_subscriber *subscriber;
475 u32 server_port_ref;
477 /* Create subscriber object */
479 subscriber = kzalloc(sizeof(struct tipc_subscriber), GFP_ATOMIC);
480 if (subscriber == NULL) {
481 warn("Subscriber rejected, no memory\n");
482 return;
484 INIT_LIST_HEAD(&subscriber->subscription_list);
485 INIT_LIST_HEAD(&subscriber->subscriber_list);
487 /* Create server port & establish connection to subscriber */
489 tipc_createport(subscriber,
490 importance,
491 NULL,
492 NULL,
493 subscr_conn_shutdown_event,
494 NULL,
495 NULL,
496 subscr_conn_msg_event,
497 NULL,
498 &subscriber->port_ref);
499 if (subscriber->port_ref == 0) {
500 warn("Subscriber rejected, unable to create port\n");
501 kfree(subscriber);
502 return;
504 tipc_connect2port(subscriber->port_ref, orig);
506 /* Lock server port (& save lock address for future use) */
508 subscriber->lock = tipc_port_lock(subscriber->port_ref)->lock;
510 /* Add subscriber to topology server's subscriber list */
512 spin_lock_bh(&topsrv.lock);
513 list_add(&subscriber->subscriber_list, &topsrv.subscriber_list);
514 spin_unlock_bh(&topsrv.lock);
516 /* Unlock server port */
518 server_port_ref = subscriber->port_ref;
519 spin_unlock_bh(subscriber->lock);
521 /* Send an ACK- to complete connection handshaking */
523 tipc_send(server_port_ref, 0, NULL, 0);
525 /* Handle optional subscription request */
527 if (size != 0) {
528 subscr_conn_msg_event(subscriber, server_port_ref,
529 buf, data, size);
533 int tipc_subscr_start(void)
535 struct tipc_name_seq seq = {TIPC_TOP_SRV, TIPC_TOP_SRV, TIPC_TOP_SRV};
536 int res;
538 memset(&topsrv, 0, sizeof(topsrv));
539 spin_lock_init(&topsrv.lock);
540 INIT_LIST_HEAD(&topsrv.subscriber_list);
542 res = tipc_createport(NULL,
543 TIPC_CRITICAL_IMPORTANCE,
544 NULL,
545 NULL,
546 NULL,
547 NULL,
548 subscr_named_msg_event,
549 NULL,
550 NULL,
551 &topsrv.setup_port);
552 if (res)
553 goto failed;
555 res = tipc_nametbl_publish_rsv(topsrv.setup_port, TIPC_NODE_SCOPE, &seq);
556 if (res) {
557 tipc_deleteport(topsrv.setup_port);
558 topsrv.setup_port = 0;
559 goto failed;
562 return 0;
564 failed:
565 err("Failed to create subscription service\n");
566 return res;
569 void tipc_subscr_stop(void)
571 struct tipc_subscriber *subscriber;
572 struct tipc_subscriber *subscriber_temp;
573 spinlock_t *subscriber_lock;
575 if (topsrv.setup_port) {
576 tipc_deleteport(topsrv.setup_port);
577 topsrv.setup_port = 0;
579 list_for_each_entry_safe(subscriber, subscriber_temp,
580 &topsrv.subscriber_list,
581 subscriber_list) {
582 subscriber_lock = subscriber->lock;
583 spin_lock_bh(subscriber_lock);
584 subscr_terminate(subscriber);
585 spin_unlock_bh(subscriber_lock);