1. 06 Jul, 2016 18 commits
    • David Howells's avatar
      rxrpc: Move data_ready peer lookup into rxrpc_find_connection() · 1291e9d1
      David Howells authored
      Move the peer lookup done in input.c by data_ready into
      rxrpc_find_connection().
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      1291e9d1
    • David Howells's avatar
      rxrpc: Prune the contents of the rxrpc_conn_proto struct · e8d70ce1
      David Howells authored
      Prune the contents of the rxrpc_conn_proto struct.  Most of the fields aren't
      used anymore.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      e8d70ce1
    • David Howells's avatar
      rxrpc: Maintain an extra ref on a conn for the cache list · 001c1122
      David Howells authored
      Overhaul the usage count accounting for the rxrpc_connection struct to make
      it easier to implement RCU access from the data_ready handler.
      
      The problem is that currently we're using a lock to prevent the garbage
      collector from trying to clean up a connection that we're contemplating
      unidling.  We could just stick incoming packets on the connection we find,
      but we've then got a problem that we may race when dispatching a work item
      to process it as we need to give that a ref to prevent the rxrpc_connection
      struct from disappearing in the meantime.
      
      Further, incoming packets may get discarded if attached to an
      rxrpc_connection struct that is going away.  Whilst this is not a total
      disaster - the client will presumably resend - it would delay processing of
      the call.  This would affect the AFS client filesystem's service manager
      operation.
      
      To this end:
      
       (1) We now maintain an extra count on the connection usage count whilst it
           is on the connection list.  This mean it is not in use when its
           refcount is 1.
      
       (2) When trying to reuse an old connection, we only increment the refcount
           if it is greater than 0.  If it is 0, we replace it in the tree with a
           new candidate connection.
      
       (3) Two connection flags are added to indicate whether or not a connection
           is in the local's client connection tree (used by sendmsg) or the
           peer's service connection tree (used by data_ready).  This makes sure
           that we don't try and remove a connection if it got replaced.
      
           The flags are tested under lock with the removal operation to prevent
           the reaper from killing the rxrpc_connection struct whilst someone
           else is trying to effect a replacement.
      
           This could probably be alleviated by using memory barriers between the
           flag set/test and the rb_tree ops.  The rb_tree op would still need to
           be under the lock, however.
      
       (4) When trying to reap an old connection, we try to flip the usage count
           from 1 to 0.  If it's not 1 at that point, then it must've come back
           to life temporarily and we ignore it.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      001c1122
    • David Howells's avatar
      rxrpc: Move peer lookup from call-accept to new-incoming-conn · d991b4a3
      David Howells authored
      Move the lookup of a peer from a call that's being accepted into the
      function that creates a new incoming connection.  This will allow us to
      avoid incrementing the peer's usage count in some cases in future.
      
      Note that I haven't bother to integrate rxrpc_get_addr_from_skb() with
      rxrpc_extract_addr_from_skb() as I'm going to delete the former in the very
      near future.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      d991b4a3
    • David Howells's avatar
      rxrpc: Split service connection code out into its own file · 7877a4a4
      David Howells authored
      Split the service-specific connection code out into into its own file.  The
      client-specific code has already been split out.  This will leave just the
      common code in the original file.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      7877a4a4
    • David Howells's avatar
      rxrpc: Split client connection code out into its own file · c6d2b8d7
      David Howells authored
      Split the client-specific connection code out into its own file.  It will
      behave somewhat differently from the service-specific connection code, so
      it makes sense to separate them.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      c6d2b8d7
    • David Howells's avatar
      rxrpc: Call channels should have separate call number spaces · a1399f8b
      David Howells authored
      Each channel on a connection has a separate, independent number space from
      which to allocate callNumber values.  It is entirely possible, for example,
      to have a connection with four active calls, each with call number 1.
      
      Note that the callNumber values for any particular channel don't have to
      start at 1, but they are supposed to increment monotonically for that
      channel from a client's perspective and may not be reused once the call
      number is transmitted (until the epoch cycles all the way back round).
      
      Currently, however, call numbers are allocated on a per-connection basis
      and, further, are held in an rb-tree.  The rb-tree is redundant as the four
      channel pointers in the rxrpc_connection struct are entirely capable of
      pointing to all the calls currently in progress on a connection.
      
      To this end, make the following changes:
      
       (1) Handle call number allocation independently per channel.
      
       (2) Get rid of the conn->calls rb-tree.  This is overkill as a connection
           may have a maximum of four calls in progress at any one time.  Use the
           pointers in the channels[] array instead, indexed by the channel
           number from the packet.
      
       (3) For each channel, save the result of the last call that was in
           progress on that channel in conn->channels[] so that the final ACK or
           ABORT packet can be replayed if necessary.  Any call earlier than that
           is just ignored.  If we've seen the next call number in a packet, the
           last one is most definitely defunct.
      
       (4) When generating a RESPONSE packet for a connection, the call number
           counter for each channel must be included in it.
      
       (5) When parsing a RESPONSE packet for a connection, the call number
           counters contained therein should be used to set the minimum expected
           call numbers on each channel.
      
      To do in future commits:
      
       (1) Replay terminal packets based on the last call stored in
           conn->channels[].
      
       (2) Connections should be retired before the callNumber space on any
           channel runs out.
      
       (3) A server is expected to disregard or reject any new incoming call that
           has a call number less than the current call number counter.  The call
           number counter for that channel must be advanced to the new call
           number.
      
           Note that the server cannot just require that the next call that it
           sees on a channel be exactly the call number counter + 1 because then
           there's a scenario that could cause a problem: The client transmits a
           packet to initiate a connection, the network goes out, the server
           sends an ACK (which gets lost), the client sends an ABORT (which also
           gets lost); the network then reconnects, the client then reuses the
           call number for the next call (it doesn't know the server already saw
           the call number), but the server thinks it already has the first
           packet of this call (it doesn't know that the client doesn't know that
           it saw the call number the first time).
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      a1399f8b
    • David Howells's avatar
      rxrpc: Access socket accept queue under right lock · 30b515f4
      David Howells authored
      The socket's accept queue (socket->acceptq) should be accessed under
      socket->call_lock, not under the connection lock.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      30b515f4
    • David Howells's avatar
      rxrpc: Add RCU destruction for connections and calls · dee46364
      David Howells authored
      Add RCU destruction for connections and calls as the RCU lookup from the
      transport socket data_ready handler is going to come along shortly.
      
      Whilst we're at it, move the cleanup workqueue flushing and RCU barrierage
      into the destruction code for the objects that need it (locals and
      connections) and add the extra RCU barrier required for connection cleanup.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      dee46364
    • David Howells's avatar
      rxrpc: Release a call's connection ref on call disconnection · e653cfe4
      David Howells authored
      When a call is disconnected, clear the call's pointer to the connection and
      release the associated ref on that connection.  This means that the call no
      longer pins the connection and the connection can be discarded even before
      the call is.
      
      As the code currently stands, the call struct is effectively pinned by
      userspace until userspace has enacted a recvmsg() to retrieve the final
      call state as sk_buffs on the receive queue pin the call to which they're
      related because:
      
       (1) The rxrpc_call struct contains the userspace ID that recvmsg() has to
           include in the control message buffer to indicate which call is being
           referred to.  This ID must remain valid until the terminal packet is
           completely read and must be invalidated immediately at that point as
           userspace is entitled to immediately reuse it.
      
       (2) The final ACK to the reply to a client call isn't sent until the last
           data packet is entirely read (it's probably worth altering this in
           future to be send the ACK as soon as all the data has been received).
      
      
      This change requires a bit of rearrangement to make sure that the call
      isn't going to try and access the connection again after protocol
      completion:
      
       (1) Delete the error link earlier when we're releasing the call.  Possibly
           network errors should be distributed via connections at the cost of
           adding in an access to the rxrpc_connection struct.
      
       (2) Remove the call from the connection's call tree before disconnecting
           the call.  The call tree needs to be removed anyway and incoming
           packets delivered by channel pointer instead.
      
       (3) The release call event should be considered last after all other
           events have been processed so that we don't need access to the
           connection again.
      
       (4) Move the channel_lock taking from rxrpc_release_call() to
           rxrpc_disconnect_call() where it will be required in future.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      e653cfe4
    • David Howells's avatar
      rxrpc: Fix handling of connection failure in client call creation · d1e858c5
      David Howells authored
      If rxrpc_connect_call() fails during the creation of a client connection,
      there are two bugs that we can hit that need fixing:
      
       (1) The call state should be moved to RXRPC_CALL_DEAD before the call
           cleanup phase is invoked.  If not, this can cause an assertion failure
           later.
      
       (2) call->link should be reinitialised after being deleted in
           rxrpc_new_client_call() - which otherwise leads to a failure later
           when the call cleanup attempts to delete the link again.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      d1e858c5
    • David Howells's avatar
      rxrpc: Move usage count getting into rxrpc_queue_conn() · 2c4579e4
      David Howells authored
      Rather than calling rxrpc_get_connection() manually before calling
      rxrpc_queue_conn(), do it inside the queue wrapper.
      
      This allows us to do some important fixes:
      
       (1) If the usage count is 0, do nothing.  This prevents connections from
           being reanimated once they're dead.
      
       (2) If rxrpc_queue_work() fails because the work item is already queued,
           retract the usage count increment which would otherwise be lost.
      
       (3) Don't take a ref on the connection in the work function.  By passing
           the ref through the work item, this is unnecessary.  Doing it in the
           work function is too late anyway.  Previously, connection-directed
           packets held a ref on the connection, but that's not really the best
           idea.
      
      And another useful changes:
      
       (*) Don't need to take a refcount on the connection in the data_ready
           handler unless we invoke the connection's work item.  We're using RCU
           there so that's otherwise redundant.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      2c4579e4
    • David Howells's avatar
      rxrpc: Check that the client conns cache is empty before module removal · eb9b9d22
      David Howells authored
      Check that the client conns cache is empty before module removal and bug if
      not, listing any offending connections that are still present.  Unfortunately,
      if there are connections still around, then the transport socket is still
      unexpectedly open and active, so we can't just unallocate the connections.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      eb9b9d22
    • David Howells's avatar
      rxrpc: Turn connection #defines into enums and put outside struct def · bba304db
      David Howells authored
      Turn the connection event and state #define lists into enums and move
      outside of the struct definition.
      
      Whilst we're at it, change _SERVER to _SERVICE in those identifiers and add
      EV_ into the event name to distinguish them from flags and states.
      
      Also add a symbol indicating the number of states and use that in the state
      text array.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      bba304db
    • David Howells's avatar
      rxrpc: Provide queuing helper functions · 5acbee46
      David Howells authored
      Provide queueing helper functions so that the queueing of local and
      connection objects can be fixed later.
      
      The issue is that a ref on the object needs to be passed to the work queue,
      but the act of queueing the object may fail because the object is already
      queued.  Testing the queuedness of an object before hand doesn't work
      because there can be a race with someone else trying to queue it.  What
      will have to be done is to adjust the refcount depending on the result of
      the queue operation.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      5acbee46
    • Herbert Xu's avatar
      rxrpc: Avoid using stack memory in SG lists in rxkad · a263629d
      Herbert Xu authored
      rxkad uses stack memory in SG lists which would not work if stacks were
      allocated from vmalloc memory.  In fact, in most cases this isn't even
      necessary as the stack memory ends up getting copied over to kmalloc
      memory.
      
      This patch eliminates all the unnecessary stack memory uses by supplying
      the final destination directly to the crypto API.  In two instances where a
      temporary buffer is actually needed we also switch use a scratch area in
      the rxrpc_call struct (only one DATA packet will be being secured or
      verified at a time).
      
      Finally there is no need to split a split-page buffer into two SG entries
      so code dealing with that has been removed.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarAndy Lutomirski <luto@kernel.org>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      a263629d
    • David Howells's avatar
      rxrpc: Check the source of a packet to a client conn · 689f4c64
      David Howells authored
      When looking up a client connection to which to route a packet, we need to
      check that the packet came from the correct source so that a peer can't try
      to muck around with another peer's connection.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      689f4c64
    • David Howells's avatar
      rxrpc: Fix some sparse errors · 88b99d0b
      David Howells authored
      Fix the following sparse errors:
      
      ../net/rxrpc/conn_object.c:77:17: warning: incorrect type in assignment (different base types)
      ../net/rxrpc/conn_object.c:77:17:    expected restricted __be32 [usertype] call_id
      ../net/rxrpc/conn_object.c:77:17:    got unsigned int [unsigned] [usertype] call_id
      ../net/rxrpc/conn_object.c:84:21: warning: restricted __be32 degrades to integer
      ../net/rxrpc/conn_object.c:86:26: warning: restricted __be32 degrades to integer
      ../net/rxrpc/conn_object.c:357:15: warning: incorrect type in assignment (different base types)
      ../net/rxrpc/conn_object.c:357:15:    expected restricted __be32 [usertype] epoch
      ../net/rxrpc/conn_object.c:357:15:    got unsigned int [unsigned] [usertype] epoch
      ../net/rxrpc/conn_object.c:369:21: warning: restricted __be32 degrades to integer
      ../net/rxrpc/conn_object.c:371:26: warning: restricted __be32 degrades to integer
      ../net/rxrpc/conn_object.c:411:21: warning: restricted __be32 degrades to integer
      ../net/rxrpc/conn_object.c:413:26: warning: restricted __be32 degrades to integer
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      88b99d0b
  2. 01 Jul, 2016 1 commit
    • David Howells's avatar
      rxrpc: Fix processing of authenticated/encrypted jumbo packets · ac5d2683
      David Howells authored
      When a jumbo packet is being split up and processed, the crypto checksum
      for each split-out packet is in the jumbo header and needs placing in the
      reconstructed packet header.
      
      When the code was changed to keep the stored copy of the packet header in
      host byte order, this reconstruction was missed.
      
      Found with sparse with CF=-D__CHECK_ENDIAN__:
      
          ../net/rxrpc/input.c:479:33: warning: incorrect type in assignment (different base types)
          ../net/rxrpc/input.c:479:33:    expected unsigned short [unsigned] [usertype] _rsvd
          ../net/rxrpc/input.c:479:33:    got restricted __be16 [addressable] [usertype] _rsvd
      
      Fixes: 0d12f8a4 ("rxrpc: Keep the skb private record of the Rx header in host byte order")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      ac5d2683
  3. 27 Jun, 2016 21 commits