projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
kcm: Add memory limit for receive message construction
[deliverable/linux.git] / net / kcm / kcmsock.c
1 #include <linux/bpf.h>
2 #include <linux/errno.h>
3 #include <linux/errqueue.h>
4 #include <linux/file.h>
5 #include <linux/in.h>
6 #include <linux/kernel.h>
7 #include <linux/module.h>
8 #include <linux/net.h>
9 #include <linux/netdevice.h>
10 #include <linux/poll.h>
11 #include <linux/rculist.h>
12 #include <linux/skbuff.h>
13 #include <linux/socket.h>
14 #include <linux/uaccess.h>
15 #include <linux/workqueue.h>
16 #include <net/kcm.h>
17 #include <net/netns/generic.h>
18 #include <net/sock.h>
19 #include <net/tcp.h>
20 #include <uapi/linux/kcm.h>
21
22 unsigned int kcm_net_id;
23
24 static struct kmem_cache *kcm_psockp __read_mostly;
25 static struct kmem_cache *kcm_muxp __read_mostly;
26 static struct workqueue_struct *kcm_wq;
27
28 static inline struct kcm_sock *kcm_sk(const struct sock *sk)
29 {
30 return (struct kcm_sock *)sk;
31 }
32
33 static inline struct kcm_tx_msg *kcm_tx_msg(struct sk_buff *skb)
34 {
35 return (struct kcm_tx_msg *)skb->cb;
36 }
37
38 static inline struct kcm_rx_msg *kcm_rx_msg(struct sk_buff *skb)
39 {
40 return (struct kcm_rx_msg *)((void *)skb->cb +
41 offsetof(struct qdisc_skb_cb, data));
42 }
43
44 static void report_csk_error(struct sock *csk, int err)
45 {
46 csk->sk_err = EPIPE;
47 csk->sk_error_report(csk);
48 }
49
50 /* Callback lock held */
51 static void kcm_abort_rx_psock(struct kcm_psock *psock, int err,
52 struct sk_buff *skb)
53 {
54 struct sock *csk = psock->sk;
55
56 /* Unrecoverable error in receive */
57
58 if (psock->rx_stopped)
59 return;
60
61 psock->rx_stopped = 1;
62 KCM_STATS_INCR(psock->stats.rx_aborts);
63
64 /* Report an error on the lower socket */
65 report_csk_error(csk, err);
66 }
67
68 static void kcm_abort_tx_psock(struct kcm_psock *psock, int err,
69 bool wakeup_kcm)
70 {
71 struct sock *csk = psock->sk;
72 struct kcm_mux *mux = psock->mux;
73
74 /* Unrecoverable error in transmit */
75
76 spin_lock_bh(&mux->lock);
77
78 if (psock->tx_stopped) {
79 spin_unlock_bh(&mux->lock);
80 return;
81 }
82
83 psock->tx_stopped = 1;
84 KCM_STATS_INCR(psock->stats.tx_aborts);
85
86 if (!psock->tx_kcm) {
87 /* Take off psocks_avail list */
88 list_del(&psock->psock_avail_list);
89 } else if (wakeup_kcm) {
90 /* In this case psock is being aborted while outside of
91 * write_msgs and psock is reserved. Schedule tx_work
92 * to handle the failure there. Need to commit tx_stopped
93 * before queuing work.
94 */
95 smp_mb();
96
97 queue_work(kcm_wq, &psock->tx_kcm->tx_work);
98 }
99
100 spin_unlock_bh(&mux->lock);
101
102 /* Report error on lower socket */
103 report_csk_error(csk, err);
104 }
105
106 /* RX mux lock held. */
107 static void kcm_update_rx_mux_stats(struct kcm_mux *mux,
108 struct kcm_psock *psock)
109 {
110 KCM_STATS_ADD(mux->stats.rx_bytes,
111 psock->stats.rx_bytes - psock->saved_rx_bytes);
112 mux->stats.rx_msgs +=
113 psock->stats.rx_msgs - psock->saved_rx_msgs;
114 psock->saved_rx_msgs = psock->stats.rx_msgs;
115 psock->saved_rx_bytes = psock->stats.rx_bytes;
116 }
117
118 static void kcm_update_tx_mux_stats(struct kcm_mux *mux,
119 struct kcm_psock *psock)
120 {
121 KCM_STATS_ADD(mux->stats.tx_bytes,
122 psock->stats.tx_bytes - psock->saved_tx_bytes);
123 mux->stats.tx_msgs +=
124 psock->stats.tx_msgs - psock->saved_tx_msgs;
125 psock->saved_tx_msgs = psock->stats.tx_msgs;
126 psock->saved_tx_bytes = psock->stats.tx_bytes;
127 }
128
129 static int kcm_queue_rcv_skb(struct sock *sk, struct sk_buff *skb);
130
131 /* KCM is ready to receive messages on its queue-- either the KCM is new or
132 * has become unblocked after being blocked on full socket buffer. Queue any
133 * pending ready messages on a psock. RX mux lock held.
134 */
135 static void kcm_rcv_ready(struct kcm_sock *kcm)
136 {
137 struct kcm_mux *mux = kcm->mux;
138 struct kcm_psock *psock;
139 struct sk_buff *skb;
140
141 if (unlikely(kcm->rx_wait || kcm->rx_psock || kcm->rx_disabled))
142 return;
143
144 while (unlikely((skb = __skb_dequeue(&mux->rx_hold_queue)))) {
145 if (kcm_queue_rcv_skb(&kcm->sk, skb)) {
146 /* Assuming buffer limit has been reached */
147 skb_queue_head(&mux->rx_hold_queue, skb);
148 WARN_ON(!sk_rmem_alloc_get(&kcm->sk));
149 return;
150 }
151 }
152
153 while (!list_empty(&mux->psocks_ready)) {
154 psock = list_first_entry(&mux->psocks_ready, struct kcm_psock,
155 psock_ready_list);
156
157 if (kcm_queue_rcv_skb(&kcm->sk, psock->ready_rx_msg)) {
158 /* Assuming buffer limit has been reached */
159 WARN_ON(!sk_rmem_alloc_get(&kcm->sk));
160 return;
161 }
162
163 /* Consumed the ready message on the psock. Schedule rx_work to
164 * get more messages.
165 */
166 list_del(&psock->psock_ready_list);
167 psock->ready_rx_msg = NULL;
168
169 /* Commit clearing of ready_rx_msg for queuing work */
170 smp_mb();
171
172 queue_work(kcm_wq, &psock->rx_work);
173 }
174
175 /* Buffer limit is okay now, add to ready list */
176 list_add_tail(&kcm->wait_rx_list,
177 &kcm->mux->kcm_rx_waiters);
178 kcm->rx_wait = true;
179 }
180
181 static void kcm_rfree(struct sk_buff *skb)
182 {
183 struct sock *sk = skb->sk;
184 struct kcm_sock *kcm = kcm_sk(sk);
185 struct kcm_mux *mux = kcm->mux;
186 unsigned int len = skb->truesize;
187
188 sk_mem_uncharge(sk, len);
189 atomic_sub(len, &sk->sk_rmem_alloc);
190
191 /* For reading rx_wait and rx_psock without holding lock */
192 smp_mb__after_atomic();
193
194 if (!kcm->rx_wait && !kcm->rx_psock &&
195 sk_rmem_alloc_get(sk) < sk->sk_rcvlowat) {
196 spin_lock_bh(&mux->rx_lock);
197 kcm_rcv_ready(kcm);
198 spin_unlock_bh(&mux->rx_lock);
199 }
200 }
201
202 static int kcm_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
203 {
204 struct sk_buff_head *list = &sk->sk_receive_queue;
205
206 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
207 return -ENOMEM;
208
209 if (!sk_rmem_schedule(sk, skb, skb->truesize))
210 return -ENOBUFS;
211
212 skb->dev = NULL;
213
214 skb_orphan(skb);
215 skb->sk = sk;
216 skb->destructor = kcm_rfree;
217 atomic_add(skb->truesize, &sk->sk_rmem_alloc);
218 sk_mem_charge(sk, skb->truesize);
219
220 skb_queue_tail(list, skb);
221
222 if (!sock_flag(sk, SOCK_DEAD))
223 sk->sk_data_ready(sk);
224
225 return 0;
226 }
227
228 /* Requeue received messages for a kcm socket to other kcm sockets. This is
229 * called with a kcm socket is receive disabled.
230 * RX mux lock held.
231 */
232 static void requeue_rx_msgs(struct kcm_mux *mux, struct sk_buff_head *head)
233 {
234 struct sk_buff *skb;
235 struct kcm_sock *kcm;
236
237 while ((skb = __skb_dequeue(head))) {
238 /* Reset destructor to avoid calling kcm_rcv_ready */
239 skb->destructor = sock_rfree;
240 skb_orphan(skb);
241 try_again:
242 if (list_empty(&mux->kcm_rx_waiters)) {
243 skb_queue_tail(&mux->rx_hold_queue, skb);
244 continue;
245 }
246
247 kcm = list_first_entry(&mux->kcm_rx_waiters,
248 struct kcm_sock, wait_rx_list);
249
250 if (kcm_queue_rcv_skb(&kcm->sk, skb)) {
251 /* Should mean socket buffer full */
252 list_del(&kcm->wait_rx_list);
253 kcm->rx_wait = false;
254
255 /* Commit rx_wait to read in kcm_free */
256 smp_wmb();
257
258 goto try_again;
259 }
260 }
261 }
262
263 /* Lower sock lock held */
264 static struct kcm_sock *reserve_rx_kcm(struct kcm_psock *psock,
265 struct sk_buff *head)
266 {
267 struct kcm_mux *mux = psock->mux;
268 struct kcm_sock *kcm;
269
270 WARN_ON(psock->ready_rx_msg);
271
272 if (psock->rx_kcm)
273 return psock->rx_kcm;
274
275 spin_lock_bh(&mux->rx_lock);
276
277 if (psock->rx_kcm) {
278 spin_unlock_bh(&mux->rx_lock);
279 return psock->rx_kcm;
280 }
281
282 kcm_update_rx_mux_stats(mux, psock);
283
284 if (list_empty(&mux->kcm_rx_waiters)) {
285 psock->ready_rx_msg = head;
286 list_add_tail(&psock->psock_ready_list,
287 &mux->psocks_ready);
288 spin_unlock_bh(&mux->rx_lock);
289 return NULL;
290 }
291
292 kcm = list_first_entry(&mux->kcm_rx_waiters,
293 struct kcm_sock, wait_rx_list);
294 list_del(&kcm->wait_rx_list);
295 kcm->rx_wait = false;
296
297 psock->rx_kcm = kcm;
298 kcm->rx_psock = psock;
299
300 spin_unlock_bh(&mux->rx_lock);
301
302 return kcm;
303 }
304
305 static void kcm_done(struct kcm_sock *kcm);
306
307 static void kcm_done_work(struct work_struct *w)
308 {
309 kcm_done(container_of(w, struct kcm_sock, done_work));
310 }
311
312 /* Lower sock held */
313 static void unreserve_rx_kcm(struct kcm_psock *psock,
314 bool rcv_ready)
315 {
316 struct kcm_sock *kcm = psock->rx_kcm;
317 struct kcm_mux *mux = psock->mux;
318
319 if (!kcm)
320 return;
321
322 spin_lock_bh(&mux->rx_lock);
323
324 psock->rx_kcm = NULL;
325 kcm->rx_psock = NULL;
326
327 /* Commit kcm->rx_psock before sk_rmem_alloc_get to sync with
328 * kcm_rfree
329 */
330 smp_mb();
331
332 if (unlikely(kcm->done)) {
333 spin_unlock_bh(&mux->rx_lock);
334
335 /* Need to run kcm_done in a task since we need to qcquire
336 * callback locks which may already be held here.
337 */
338 INIT_WORK(&kcm->done_work, kcm_done_work);
339 schedule_work(&kcm->done_work);
340 return;
341 }
342
343 if (unlikely(kcm->rx_disabled)) {
344 requeue_rx_msgs(mux, &kcm->sk.sk_receive_queue);
345 } else if (rcv_ready || unlikely(!sk_rmem_alloc_get(&kcm->sk))) {
346 /* Check for degenerative race with rx_wait that all
347 * data was dequeued (accounted for in kcm_rfree).
348 */
349 kcm_rcv_ready(kcm);
350 }
351 spin_unlock_bh(&mux->rx_lock);
352 }
353
354 /* Macro to invoke filter function. */
355 #define KCM_RUN_FILTER(prog, ctx) \
356 (*prog->bpf_func)(ctx, prog->insnsi)
357
358 /* Lower socket lock held */
359 static int kcm_tcp_recv(read_descriptor_t *desc, struct sk_buff *orig_skb,
360 unsigned int orig_offset, size_t orig_len)
361 {
362 struct kcm_psock *psock = (struct kcm_psock *)desc->arg.data;
363 struct kcm_rx_msg *rxm;
364 struct kcm_sock *kcm;
365 struct sk_buff *head, *skb;
366 size_t eaten = 0, cand_len;
367 ssize_t extra;
368 int err;
369 bool cloned_orig = false;
370
371 if (psock->ready_rx_msg)
372 return 0;
373
374 head = psock->rx_skb_head;
375 if (head) {
376 /* Message already in progress */
377
378 rxm = kcm_rx_msg(head);
379 if (unlikely(rxm->early_eaten)) {
380 /* Already some number of bytes on the receive sock
381 * data saved in rx_skb_head, just indicate they
382 * are consumed.
383 */
384 eaten = orig_len <= rxm->early_eaten ?
385 orig_len : rxm->early_eaten;
386 rxm->early_eaten -= eaten;
387
388 return eaten;
389 }
390
391 if (unlikely(orig_offset)) {
392 /* Getting data with a non-zero offset when a message is
393 * in progress is not expected. If it does happen, we
394 * need to clone and pull since we can't deal with
395 * offsets in the skbs for a message expect in the head.
396 */
397 orig_skb = skb_clone(orig_skb, GFP_ATOMIC);
398 if (!orig_skb) {
399 KCM_STATS_INCR(psock->stats.rx_mem_fail);
400 desc->error = -ENOMEM;
401 return 0;
402 }
403 if (!pskb_pull(orig_skb, orig_offset)) {
404 KCM_STATS_INCR(psock->stats.rx_mem_fail);
405 kfree_skb(orig_skb);
406 desc->error = -ENOMEM;
407 return 0;
408 }
409 cloned_orig = true;
410 orig_offset = 0;
411 }
412
413 if (!psock->rx_skb_nextp) {
414 /* We are going to append to the frags_list of head.
415 * Need to unshare the frag_list.
416 */
417 err = skb_unclone(head, GFP_ATOMIC);
418 if (err) {
419 KCM_STATS_INCR(psock->stats.rx_mem_fail);
420 desc->error = err;
421 return 0;
422 }
423
424 if (unlikely(skb_shinfo(head)->frag_list)) {
425 /* We can't append to an sk_buff that already
426 * has a frag_list. We create a new head, point
427 * the frag_list of that to the old head, and
428 * then are able to use the old head->next for
429 * appending to the message.
430 */
431 if (WARN_ON(head->next)) {
432 desc->error = -EINVAL;
433 return 0;
434 }
435
436 skb = alloc_skb(0, GFP_ATOMIC);
437 if (!skb) {
438 KCM_STATS_INCR(psock->stats.rx_mem_fail);
439 desc->error = -ENOMEM;
440 return 0;
441 }
442 skb->len = head->len;
443 skb->data_len = head->len;
444 skb->truesize = head->truesize;
445 *kcm_rx_msg(skb) = *kcm_rx_msg(head);
446 psock->rx_skb_nextp = &head->next;
447 skb_shinfo(skb)->frag_list = head;
448 psock->rx_skb_head = skb;
449 head = skb;
450 } else {
451 psock->rx_skb_nextp =
452 &skb_shinfo(head)->frag_list;
453 }
454 }
455 }
456
457 while (eaten < orig_len) {
458 /* Always clone since we will consume something */
459 skb = skb_clone(orig_skb, GFP_ATOMIC);
460 if (!skb) {
461 KCM_STATS_INCR(psock->stats.rx_mem_fail);
462 desc->error = -ENOMEM;
463 break;
464 }
465
466 cand_len = orig_len - eaten;
467
468 head = psock->rx_skb_head;
469 if (!head) {
470 head = skb;
471 psock->rx_skb_head = head;
472 /* Will set rx_skb_nextp on next packet if needed */
473 psock->rx_skb_nextp = NULL;
474 rxm = kcm_rx_msg(head);
475 memset(rxm, 0, sizeof(*rxm));
476 rxm->offset = orig_offset + eaten;
477 } else {
478 /* Unclone since we may be appending to an skb that we
479 * already share a frag_list with.
480 */
481 err = skb_unclone(skb, GFP_ATOMIC);
482 if (err) {
483 KCM_STATS_INCR(psock->stats.rx_mem_fail);
484 desc->error = err;
485 break;
486 }
487
488 rxm = kcm_rx_msg(head);
489 *psock->rx_skb_nextp = skb;
490 psock->rx_skb_nextp = &skb->next;
491 head->data_len += skb->len;
492 head->len += skb->len;
493 head->truesize += skb->truesize;
494 }
495
496 if (!rxm->full_len) {
497 ssize_t len;
498
499 len = KCM_RUN_FILTER(psock->bpf_prog, head);
500
501 if (!len) {
502 /* Need more header to determine length */
503 rxm->accum_len += cand_len;
504 eaten += cand_len;
505 KCM_STATS_INCR(psock->stats.rx_need_more_hdr);
506 WARN_ON(eaten != orig_len);
507 break;
508 } else if (len > psock->sk->sk_rcvbuf) {
509 /* Message length exceeds maximum allowed */
510 KCM_STATS_INCR(psock->stats.rx_msg_too_big);
511 desc->error = -EMSGSIZE;
512 psock->rx_skb_head = NULL;
513 kcm_abort_rx_psock(psock, EMSGSIZE, head);
514 break;
515 } else if (len <= (ssize_t)head->len -
516 skb->len - rxm->offset) {
517 /* Length must be into new skb (and also
518 * greater than zero)
519 */
520 KCM_STATS_INCR(psock->stats.rx_bad_hdr_len);
521 desc->error = -EPROTO;
522 psock->rx_skb_head = NULL;
523 kcm_abort_rx_psock(psock, EPROTO, head);
524 break;
525 }
526
527 rxm->full_len = len;
528 }
529
530 extra = (ssize_t)(rxm->accum_len + cand_len) - rxm->full_len;
531
532 if (extra < 0) {
533 /* Message not complete yet. */
534 if (rxm->full_len - rxm->accum_len >
535 tcp_inq(psock->sk)) {
536 /* Don't have the whole messages in the socket
537 * buffer. Set psock->rx_need_bytes to wait for
538 * the rest of the message. Also, set "early
539 * eaten" since we've already buffered the skb
540 * but don't consume yet per tcp_read_sock.
541 */
542
543 psock->rx_need_bytes = rxm->full_len -
544 rxm->accum_len;
545 rxm->accum_len += cand_len;
546 rxm->early_eaten = cand_len;
547 KCM_STATS_ADD(psock->stats.rx_bytes, cand_len);
548 desc->count = 0; /* Stop reading socket */
549 break;
550 }
551 rxm->accum_len += cand_len;
552 eaten += cand_len;
553 WARN_ON(eaten != orig_len);
554 break;
555 }
556
557 /* Positive extra indicates ore bytes than needed for the
558 * message
559 */
560
561 WARN_ON(extra > cand_len);
562
563 eaten += (cand_len - extra);
564
565 /* Hurray, we have a new message! */
566 psock->rx_skb_head = NULL;
567 KCM_STATS_INCR(psock->stats.rx_msgs);
568
569 try_queue:
570 kcm = reserve_rx_kcm(psock, head);
571 if (!kcm) {
572 /* Unable to reserve a KCM, message is held in psock. */
573 break;
574 }
575
576 if (kcm_queue_rcv_skb(&kcm->sk, head)) {
577 /* Should mean socket buffer full */
578 unreserve_rx_kcm(psock, false);
579 goto try_queue;
580 }
581 }
582
583 if (cloned_orig)
584 kfree_skb(orig_skb);
585
586 KCM_STATS_ADD(psock->stats.rx_bytes, eaten);
587
588 return eaten;
589 }
590
591 /* Called with lock held on lower socket */
592 static int psock_tcp_read_sock(struct kcm_psock *psock)
593 {
594 read_descriptor_t desc;
595
596 desc.arg.data = psock;
597 desc.error = 0;
598 desc.count = 1; /* give more than one skb per call */
599
600 /* sk should be locked here, so okay to do tcp_read_sock */
601 tcp_read_sock(psock->sk, &desc, kcm_tcp_recv);
602
603 unreserve_rx_kcm(psock, true);
604
605 return desc.error;
606 }
607
608 /* Lower sock lock held */
609 static void psock_tcp_data_ready(struct sock *sk)
610 {
611 struct kcm_psock *psock;
612
613 read_lock_bh(&sk->sk_callback_lock);
614
615 psock = (struct kcm_psock *)sk->sk_user_data;
616 if (unlikely(!psock || psock->rx_stopped))
617 goto out;
618
619 if (psock->ready_rx_msg)
620 goto out;
621
622 if (psock->rx_need_bytes) {
623 if (tcp_inq(sk) >= psock->rx_need_bytes)
624 psock->rx_need_bytes = 0;
625 else
626 goto out;
627 }
628
629 if (psock_tcp_read_sock(psock) == -ENOMEM)
630 queue_delayed_work(kcm_wq, &psock->rx_delayed_work, 0);
631
632 out:
633 read_unlock_bh(&sk->sk_callback_lock);
634 }
635
636 static void do_psock_rx_work(struct kcm_psock *psock)
637 {
638 read_descriptor_t rd_desc;
639 struct sock *csk = psock->sk;
640
641 /* We need the read lock to synchronize with psock_tcp_data_ready. We
642 * need the socket lock for calling tcp_read_sock.
643 */
644 lock_sock(csk);
645 read_lock_bh(&csk->sk_callback_lock);
646
647 if (unlikely(csk->sk_user_data != psock))
648 goto out;
649
650 if (unlikely(psock->rx_stopped))
651 goto out;
652
653 if (psock->ready_rx_msg)
654 goto out;
655
656 rd_desc.arg.data = psock;
657
658 if (psock_tcp_read_sock(psock) == -ENOMEM)
659 queue_delayed_work(kcm_wq, &psock->rx_delayed_work, 0);
660
661 out:
662 read_unlock_bh(&csk->sk_callback_lock);
663 release_sock(csk);
664 }
665
666 static void psock_rx_work(struct work_struct *w)
667 {
668 do_psock_rx_work(container_of(w, struct kcm_psock, rx_work));
669 }
670
671 static void psock_rx_delayed_work(struct work_struct *w)
672 {
673 do_psock_rx_work(container_of(w, struct kcm_psock,
674 rx_delayed_work.work));
675 }
676
677 static void psock_tcp_state_change(struct sock *sk)
678 {
679 /* TCP only does a POLLIN for a half close. Do a POLLHUP here
680 * since application will normally not poll with POLLIN
681 * on the TCP sockets.
682 */
683
684 report_csk_error(sk, EPIPE);
685 }
686
687 static void psock_tcp_write_space(struct sock *sk)
688 {
689 struct kcm_psock *psock;
690 struct kcm_mux *mux;
691 struct kcm_sock *kcm;
692
693 read_lock_bh(&sk->sk_callback_lock);
694
695 psock = (struct kcm_psock *)sk->sk_user_data;
696 if (unlikely(!psock))
697 goto out;
698
699 mux = psock->mux;
700
701 spin_lock_bh(&mux->lock);
702
703 /* Check if the socket is reserved so someone is waiting for sending. */
704 kcm = psock->tx_kcm;
705 if (kcm)
706 queue_work(kcm_wq, &kcm->tx_work);
707
708 spin_unlock_bh(&mux->lock);
709 out:
710 read_unlock_bh(&sk->sk_callback_lock);
711 }
712
713 static void unreserve_psock(struct kcm_sock *kcm);
714
715 /* kcm sock is locked. */
716 static struct kcm_psock *reserve_psock(struct kcm_sock *kcm)
717 {
718 struct kcm_mux *mux = kcm->mux;
719 struct kcm_psock *psock;
720
721 psock = kcm->tx_psock;
722
723 smp_rmb(); /* Must read tx_psock before tx_wait */
724
725 if (psock) {
726 WARN_ON(kcm->tx_wait);
727 if (unlikely(psock->tx_stopped))
728 unreserve_psock(kcm);
729 else
730 return kcm->tx_psock;
731 }
732
733 spin_lock_bh(&mux->lock);
734
735 /* Check again under lock to see if psock was reserved for this
736 * psock via psock_unreserve.
737 */
738 psock = kcm->tx_psock;
739 if (unlikely(psock)) {
740 WARN_ON(kcm->tx_wait);
741 spin_unlock_bh(&mux->lock);
742 return kcm->tx_psock;
743 }
744
745 if (!list_empty(&mux->psocks_avail)) {
746 psock = list_first_entry(&mux->psocks_avail,
747 struct kcm_psock,
748 psock_avail_list);
749 list_del(&psock->psock_avail_list);
750 if (kcm->tx_wait) {
751 list_del(&kcm->wait_psock_list);
752 kcm->tx_wait = false;
753 }
754 kcm->tx_psock = psock;
755 psock->tx_kcm = kcm;
756 KCM_STATS_INCR(psock->stats.reserved);
757 } else if (!kcm->tx_wait) {
758 list_add_tail(&kcm->wait_psock_list,
759 &mux->kcm_tx_waiters);
760 kcm->tx_wait = true;
761 }
762
763 spin_unlock_bh(&mux->lock);
764
765 return psock;
766 }
767
768 /* mux lock held */
769 static void psock_now_avail(struct kcm_psock *psock)
770 {
771 struct kcm_mux *mux = psock->mux;
772 struct kcm_sock *kcm;
773
774 if (list_empty(&mux->kcm_tx_waiters)) {
775 list_add_tail(&psock->psock_avail_list,
776 &mux->psocks_avail);
777 } else {
778 kcm = list_first_entry(&mux->kcm_tx_waiters,
779 struct kcm_sock,
780 wait_psock_list);
781 list_del(&kcm->wait_psock_list);
782 kcm->tx_wait = false;
783 psock->tx_kcm = kcm;
784
785 /* Commit before changing tx_psock since that is read in
786 * reserve_psock before queuing work.
787 */
788 smp_mb();
789
790 kcm->tx_psock = psock;
791 KCM_STATS_INCR(psock->stats.reserved);
792 queue_work(kcm_wq, &kcm->tx_work);
793 }
794 }
795
796 /* kcm sock is locked. */
797 static void unreserve_psock(struct kcm_sock *kcm)
798 {
799 struct kcm_psock *psock;
800 struct kcm_mux *mux = kcm->mux;
801
802 spin_lock_bh(&mux->lock);
803
804 psock = kcm->tx_psock;
805
806 if (WARN_ON(!psock)) {
807 spin_unlock_bh(&mux->lock);
808 return;
809 }
810
811 smp_rmb(); /* Read tx_psock before tx_wait */
812
813 kcm_update_tx_mux_stats(mux, psock);
814
815 WARN_ON(kcm->tx_wait);
816
817 kcm->tx_psock = NULL;
818 psock->tx_kcm = NULL;
819 KCM_STATS_INCR(psock->stats.unreserved);
820
821 if (unlikely(psock->tx_stopped)) {
822 if (psock->done) {
823 /* Deferred free */
824 list_del(&psock->psock_list);
825 mux->psocks_cnt--;
826 sock_put(psock->sk);
827 fput(psock->sk->sk_socket->file);
828 kmem_cache_free(kcm_psockp, psock);
829 }
830
831 /* Don't put back on available list */
832
833 spin_unlock_bh(&mux->lock);
834
835 return;
836 }
837
838 psock_now_avail(psock);
839
840 spin_unlock_bh(&mux->lock);
841 }
842
843 static void kcm_report_tx_retry(struct kcm_sock *kcm)
844 {
845 struct kcm_mux *mux = kcm->mux;
846
847 spin_lock_bh(&mux->lock);
848 KCM_STATS_INCR(mux->stats.tx_retries);
849 spin_unlock_bh(&mux->lock);
850 }
851
852 /* Write any messages ready on the kcm socket. Called with kcm sock lock
853 * held. Return bytes actually sent or error.
854 */
855 static int kcm_write_msgs(struct kcm_sock *kcm)
856 {
857 struct sock *sk = &kcm->sk;
858 struct kcm_psock *psock;
859 struct sk_buff *skb, *head;
860 struct kcm_tx_msg *txm;
861 unsigned short fragidx, frag_offset;
862 unsigned int sent, total_sent = 0;
863 int ret = 0;
864
865 kcm->tx_wait_more = false;
866 psock = kcm->tx_psock;
867 if (unlikely(psock && psock->tx_stopped)) {
868 /* A reserved psock was aborted asynchronously. Unreserve
869 * it and we'll retry the message.
870 */
871 unreserve_psock(kcm);
872 kcm_report_tx_retry(kcm);
873 if (skb_queue_empty(&sk->sk_write_queue))
874 return 0;
875
876 kcm_tx_msg(skb_peek(&sk->sk_write_queue))->sent = 0;
877
878 } else if (skb_queue_empty(&sk->sk_write_queue)) {
879 return 0;
880 }
881
882 head = skb_peek(&sk->sk_write_queue);
883 txm = kcm_tx_msg(head);
884
885 if (txm->sent) {
886 /* Send of first skbuff in queue already in progress */
887 if (WARN_ON(!psock)) {
888 ret = -EINVAL;
889 goto out;
890 }
891 sent = txm->sent;
892 frag_offset = txm->frag_offset;
893 fragidx = txm->fragidx;
894 skb = txm->frag_skb;
895
896 goto do_frag;
897 }
898
899 try_again:
900 psock = reserve_psock(kcm);
901 if (!psock)
902 goto out;
903
904 do {
905 skb = head;
906 txm = kcm_tx_msg(head);
907 sent = 0;
908
909 do_frag_list:
910 if (WARN_ON(!skb_shinfo(skb)->nr_frags)) {
911 ret = -EINVAL;
912 goto out;
913 }
914
915 for (fragidx = 0; fragidx < skb_shinfo(skb)->nr_frags;
916 fragidx++) {
917 skb_frag_t *frag;
918
919 frag_offset = 0;
920 do_frag:
921 frag = &skb_shinfo(skb)->frags[fragidx];
922 if (WARN_ON(!frag->size)) {
923 ret = -EINVAL;
924 goto out;
925 }
926
927 ret = kernel_sendpage(psock->sk->sk_socket,
928 frag->page.p,
929 frag->page_offset + frag_offset,
930 frag->size - frag_offset,
931 MSG_DONTWAIT);
932 if (ret <= 0) {
933 if (ret == -EAGAIN) {
934 /* Save state to try again when there's
935 * write space on the socket
936 */
937 txm->sent = sent;
938 txm->frag_offset = frag_offset;
939 txm->fragidx = fragidx;
940 txm->frag_skb = skb;
941
942 ret = 0;
943 goto out;
944 }
945
946 /* Hard failure in sending message, abort this
947 * psock since it has lost framing
948 * synchonization and retry sending the
949 * message from the beginning.
950 */
951 kcm_abort_tx_psock(psock, ret ? -ret : EPIPE,
952 true);
953 unreserve_psock(kcm);
954
955 txm->sent = 0;
956 kcm_report_tx_retry(kcm);
957 ret = 0;
958
959 goto try_again;
960 }
961
962 sent += ret;
963 frag_offset += ret;
964 KCM_STATS_ADD(psock->stats.tx_bytes, ret);
965 if (frag_offset < frag->size) {
966 /* Not finished with this frag */
967 goto do_frag;
968 }
969 }
970
971 if (skb == head) {
972 if (skb_has_frag_list(skb)) {
973 skb = skb_shinfo(skb)->frag_list;
974 goto do_frag_list;
975 }
976 } else if (skb->next) {
977 skb = skb->next;
978 goto do_frag_list;
979 }
980
981 /* Successfully sent the whole packet, account for it. */
982 skb_dequeue(&sk->sk_write_queue);
983 kfree_skb(head);
984 sk->sk_wmem_queued -= sent;
985 total_sent += sent;
986 KCM_STATS_INCR(psock->stats.tx_msgs);
987 } while ((head = skb_peek(&sk->sk_write_queue)));
988 out:
989 if (!head) {
990 /* Done with all queued messages. */
991 WARN_ON(!skb_queue_empty(&sk->sk_write_queue));
992 unreserve_psock(kcm);
993 }
994
995 /* Check if write space is available */
996 sk->sk_write_space(sk);
997
998 return total_sent ? : ret;
999 }
1000
1001 static void kcm_tx_work(struct work_struct *w)
1002 {
1003 struct kcm_sock *kcm = container_of(w, struct kcm_sock, tx_work);
1004 struct sock *sk = &kcm->sk;
1005 int err;
1006
1007 lock_sock(sk);
1008
1009 /* Primarily for SOCK_DGRAM sockets, also handle asynchronous tx
1010 * aborts
1011 */
1012 err = kcm_write_msgs(kcm);
1013 if (err < 0) {
1014 /* Hard failure in write, report error on KCM socket */
1015 pr_warn("KCM: Hard failure on kcm_write_msgs %d\n", err);
1016 report_csk_error(&kcm->sk, -err);
1017 goto out;
1018 }
1019
1020 /* Primarily for SOCK_SEQPACKET sockets */
1021 if (likely(sk->sk_socket) &&
1022 test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) {
1023 clear_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
1024 sk->sk_write_space(sk);
1025 }
1026
1027 out:
1028 release_sock(sk);
1029 }
1030
1031 static void kcm_push(struct kcm_sock *kcm)
1032 {
1033 if (kcm->tx_wait_more)
1034 kcm_write_msgs(kcm);
1035 }
1036
1037 static ssize_t kcm_sendpage(struct socket *sock, struct page *page,
1038 int offset, size_t size, int flags)
1039
1040 {
1041 struct sock *sk = sock->sk;
1042 struct kcm_sock *kcm = kcm_sk(sk);
1043 struct sk_buff *skb = NULL, *head = NULL;
1044 long timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT);
1045 bool eor;
1046 int err = 0;
1047 int i;
1048
1049 if (flags & MSG_SENDPAGE_NOTLAST)
1050 flags |= MSG_MORE;
1051
1052 /* No MSG_EOR from splice, only look at MSG_MORE */
1053 eor = !(flags & MSG_MORE);
1054
1055 lock_sock(sk);
1056
1057 sk_clear_bit(SOCKWQ_ASYNC_NOSPACE, sk);
1058
1059 err = -EPIPE;
1060 if (sk->sk_err)
1061 goto out_error;
1062
1063 if (kcm->seq_skb) {
1064 /* Previously opened message */
1065 head = kcm->seq_skb;
1066 skb = kcm_tx_msg(head)->last_skb;
1067 i = skb_shinfo(skb)->nr_frags;
1068
1069 if (skb_can_coalesce(skb, i, page, offset)) {
1070 skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], size);
1071 skb_shinfo(skb)->tx_flags |= SKBTX_SHARED_FRAG;
1072 goto coalesced;
1073 }
1074
1075 if (i >= MAX_SKB_FRAGS) {
1076 struct sk_buff *tskb;
1077
1078 tskb = alloc_skb(0, sk->sk_allocation);
1079 while (!tskb) {
1080 kcm_push(kcm);
1081 err = sk_stream_wait_memory(sk, &timeo);
1082 if (err)
1083 goto out_error;
1084 }
1085
1086 if (head == skb)
1087 skb_shinfo(head)->frag_list = tskb;
1088 else
1089 skb->next = tskb;
1090
1091 skb = tskb;
1092 skb->ip_summed = CHECKSUM_UNNECESSARY;
1093 i = 0;
1094 }
1095 } else {
1096 /* Call the sk_stream functions to manage the sndbuf mem. */
1097 if (!sk_stream_memory_free(sk)) {
1098 kcm_push(kcm);
1099 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
1100 err = sk_stream_wait_memory(sk, &timeo);
1101 if (err)
1102 goto out_error;
1103 }
1104
1105 head = alloc_skb(0, sk->sk_allocation);
1106 while (!head) {
1107 kcm_push(kcm);
1108 err = sk_stream_wait_memory(sk, &timeo);
1109 if (err)
1110 goto out_error;
1111 }
1112
1113 skb = head;
1114 i = 0;
1115 }
1116
1117 get_page(page);
1118 skb_fill_page_desc(skb, i, page, offset, size);
1119 skb_shinfo(skb)->tx_flags |= SKBTX_SHARED_FRAG;
1120
1121 coalesced:
1122 skb->len += size;
1123 skb->data_len += size;
1124 skb->truesize += size;
1125 sk->sk_wmem_queued += size;
1126 sk_mem_charge(sk, size);
1127
1128 if (head != skb) {
1129 head->len += size;
1130 head->data_len += size;
1131 head->truesize += size;
1132 }
1133
1134 if (eor) {
1135 bool not_busy = skb_queue_empty(&sk->sk_write_queue);
1136
1137 /* Message complete, queue it on send buffer */
1138 __skb_queue_tail(&sk->sk_write_queue, head);
1139 kcm->seq_skb = NULL;
1140 KCM_STATS_INCR(kcm->stats.tx_msgs);
1141
1142 if (flags & MSG_BATCH) {
1143 kcm->tx_wait_more = true;
1144 } else if (kcm->tx_wait_more || not_busy) {
1145 err = kcm_write_msgs(kcm);
1146 if (err < 0) {
1147 /* We got a hard error in write_msgs but have
1148 * already queued this message. Report an error
1149 * in the socket, but don't affect return value
1150 * from sendmsg
1151 */
1152 pr_warn("KCM: Hard failure on kcm_write_msgs\n");
1153 report_csk_error(&kcm->sk, -err);
1154 }
1155 }
1156 } else {
1157 /* Message not complete, save state */
1158 kcm->seq_skb = head;
1159 kcm_tx_msg(head)->last_skb = skb;
1160 }
1161
1162 KCM_STATS_ADD(kcm->stats.tx_bytes, size);
1163
1164 release_sock(sk);
1165 return size;
1166
1167 out_error:
1168 kcm_push(kcm);
1169
1170 err = sk_stream_error(sk, flags, err);
1171
1172 /* make sure we wake any epoll edge trigger waiter */
1173 if (unlikely(skb_queue_len(&sk->sk_write_queue) == 0 && err == -EAGAIN))
1174 sk->sk_write_space(sk);
1175
1176 release_sock(sk);
1177 return err;
1178 }
1179
1180 static int kcm_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
1181 {
1182 struct sock *sk = sock->sk;
1183 struct kcm_sock *kcm = kcm_sk(sk);
1184 struct sk_buff *skb = NULL, *head = NULL;
1185 size_t copy, copied = 0;
1186 long timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1187 int eor = (sock->type == SOCK_DGRAM) ?
1188 !(msg->msg_flags & MSG_MORE) : !!(msg->msg_flags & MSG_EOR);
1189 int err = -EPIPE;
1190
1191 lock_sock(sk);
1192
1193 /* Per tcp_sendmsg this should be in poll */
1194 sk_clear_bit(SOCKWQ_ASYNC_NOSPACE, sk);
1195
1196 if (sk->sk_err)
1197 goto out_error;
1198
1199 if (kcm->seq_skb) {
1200 /* Previously opened message */
1201 head = kcm->seq_skb;
1202 skb = kcm_tx_msg(head)->last_skb;
1203 goto start;
1204 }
1205
1206 /* Call the sk_stream functions to manage the sndbuf mem. */
1207 if (!sk_stream_memory_free(sk)) {
1208 kcm_push(kcm);
1209 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
1210 err = sk_stream_wait_memory(sk, &timeo);
1211 if (err)
1212 goto out_error;
1213 }
1214
1215 /* New message, alloc head skb */
1216 head = alloc_skb(0, sk->sk_allocation);
1217 while (!head) {
1218 kcm_push(kcm);
1219 err = sk_stream_wait_memory(sk, &timeo);
1220 if (err)
1221 goto out_error;
1222
1223 head = alloc_skb(0, sk->sk_allocation);
1224 }
1225
1226 skb = head;
1227
1228 /* Set ip_summed to CHECKSUM_UNNECESSARY to avoid calling
1229 * csum_and_copy_from_iter from skb_do_copy_data_nocache.
1230 */
1231 skb->ip_summed = CHECKSUM_UNNECESSARY;
1232
1233 start:
1234 while (msg_data_left(msg)) {
1235 bool merge = true;
1236 int i = skb_shinfo(skb)->nr_frags;
1237 struct page_frag *pfrag = sk_page_frag(sk);
1238
1239 if (!sk_page_frag_refill(sk, pfrag))
1240 goto wait_for_memory;
1241
1242 if (!skb_can_coalesce(skb, i, pfrag->page,
1243 pfrag->offset)) {
1244 if (i == MAX_SKB_FRAGS) {
1245 struct sk_buff *tskb;
1246
1247 tskb = alloc_skb(0, sk->sk_allocation);
1248 if (!tskb)
1249 goto wait_for_memory;
1250
1251 if (head == skb)
1252 skb_shinfo(head)->frag_list = tskb;
1253 else
1254 skb->next = tskb;
1255
1256 skb = tskb;
1257 skb->ip_summed = CHECKSUM_UNNECESSARY;
1258 continue;
1259 }
1260 merge = false;
1261 }
1262
1263 copy = min_t(int, msg_data_left(msg),
1264 pfrag->size - pfrag->offset);
1265
1266 if (!sk_wmem_schedule(sk, copy))
1267 goto wait_for_memory;
1268
1269 err = skb_copy_to_page_nocache(sk, &msg->msg_iter, skb,
1270 pfrag->page,
1271 pfrag->offset,
1272 copy);
1273 if (err)
1274 goto out_error;
1275
1276 /* Update the skb. */
1277 if (merge) {
1278 skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
1279 } else {
1280 skb_fill_page_desc(skb, i, pfrag->page,
1281 pfrag->offset, copy);
1282 get_page(pfrag->page);
1283 }
1284
1285 pfrag->offset += copy;
1286 copied += copy;
1287 if (head != skb) {
1288 head->len += copy;
1289 head->data_len += copy;
1290 }
1291
1292 continue;
1293
1294 wait_for_memory:
1295 kcm_push(kcm);
1296 err = sk_stream_wait_memory(sk, &timeo);
1297 if (err)
1298 goto out_error;
1299 }
1300
1301 if (eor) {
1302 bool not_busy = skb_queue_empty(&sk->sk_write_queue);
1303
1304 /* Message complete, queue it on send buffer */
1305 __skb_queue_tail(&sk->sk_write_queue, head);
1306 kcm->seq_skb = NULL;
1307 KCM_STATS_INCR(kcm->stats.tx_msgs);
1308
1309 if (msg->msg_flags & MSG_BATCH) {
1310 kcm->tx_wait_more = true;
1311 } else if (kcm->tx_wait_more || not_busy) {
1312 err = kcm_write_msgs(kcm);
1313 if (err < 0) {
1314 /* We got a hard error in write_msgs but have
1315 * already queued this message. Report an error
1316 * in the socket, but don't affect return value
1317 * from sendmsg
1318 */
1319 pr_warn("KCM: Hard failure on kcm_write_msgs\n");
1320 report_csk_error(&kcm->sk, -err);
1321 }
1322 }
1323 } else {
1324 /* Message not complete, save state */
1325 partial_message:
1326 kcm->seq_skb = head;
1327 kcm_tx_msg(head)->last_skb = skb;
1328 }
1329
1330 KCM_STATS_ADD(kcm->stats.tx_bytes, copied);
1331
1332 release_sock(sk);
1333 return copied;
1334
1335 out_error:
1336 kcm_push(kcm);
1337
1338 if (copied && sock->type == SOCK_SEQPACKET) {
1339 /* Wrote some bytes before encountering an
1340 * error, return partial success.
1341 */
1342 goto partial_message;
1343 }
1344
1345 if (head != kcm->seq_skb)
1346 kfree_skb(head);
1347
1348 err = sk_stream_error(sk, msg->msg_flags, err);
1349
1350 /* make sure we wake any epoll edge trigger waiter */
1351 if (unlikely(skb_queue_len(&sk->sk_write_queue) == 0 && err == -EAGAIN))
1352 sk->sk_write_space(sk);
1353
1354 release_sock(sk);
1355 return err;
1356 }
1357
1358 static struct sk_buff *kcm_wait_data(struct sock *sk, int flags,
1359 long timeo, int *err)
1360 {
1361 struct sk_buff *skb;
1362
1363 while (!(skb = skb_peek(&sk->sk_receive_queue))) {
1364 if (sk->sk_err) {
1365 *err = sock_error(sk);
1366 return NULL;
1367 }
1368
1369 if (sock_flag(sk, SOCK_DONE))
1370 return NULL;
1371
1372 if ((flags & MSG_DONTWAIT) || !timeo) {
1373 *err = -EAGAIN;
1374 return NULL;
1375 }
1376
1377 sk_wait_data(sk, &timeo, NULL);
1378
1379 /* Handle signals */
1380 if (signal_pending(current)) {
1381 *err = sock_intr_errno(timeo);
1382 return NULL;
1383 }
1384 }
1385
1386 return skb;
1387 }
1388
1389 static int kcm_recvmsg(struct socket *sock, struct msghdr *msg,
1390 size_t len, int flags)
1391 {
1392 struct sock *sk = sock->sk;
1393 struct kcm_sock *kcm = kcm_sk(sk);
1394 int err = 0;
1395 long timeo;
1396 struct kcm_rx_msg *rxm;
1397 int copied = 0;
1398 struct sk_buff *skb;
1399
1400 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
1401
1402 lock_sock(sk);
1403
1404 skb = kcm_wait_data(sk, flags, timeo, &err);
1405 if (!skb)
1406 goto out;
1407
1408 /* Okay, have a message on the receive queue */
1409
1410 rxm = kcm_rx_msg(skb);
1411
1412 if (len > rxm->full_len)
1413 len = rxm->full_len;
1414
1415 err = skb_copy_datagram_msg(skb, rxm->offset, msg, len);
1416 if (err < 0)
1417 goto out;
1418
1419 copied = len;
1420 if (likely(!(flags & MSG_PEEK))) {
1421 KCM_STATS_ADD(kcm->stats.rx_bytes, copied);
1422 if (copied < rxm->full_len) {
1423 if (sock->type == SOCK_DGRAM) {
1424 /* Truncated message */
1425 msg->msg_flags |= MSG_TRUNC;
1426 goto msg_finished;
1427 }
1428 rxm->offset += copied;
1429 rxm->full_len -= copied;
1430 } else {
1431 msg_finished:
1432 /* Finished with message */
1433 msg->msg_flags |= MSG_EOR;
1434 KCM_STATS_INCR(kcm->stats.rx_msgs);
1435 skb_unlink(skb, &sk->sk_receive_queue);
1436 kfree_skb(skb);
1437 }
1438 }
1439
1440 out:
1441 release_sock(sk);
1442
1443 return copied ? : err;
1444 }
1445
1446 static ssize_t kcm_sock_splice(struct sock *sk,
1447 struct pipe_inode_info *pipe,
1448 struct splice_pipe_desc *spd)
1449 {
1450 int ret;
1451
1452 release_sock(sk);
1453 ret = splice_to_pipe(pipe, spd);
1454 lock_sock(sk);
1455
1456 return ret;
1457 }
1458
1459 static ssize_t kcm_splice_read(struct socket *sock, loff_t *ppos,
1460 struct pipe_inode_info *pipe, size_t len,
1461 unsigned int flags)
1462 {
1463 struct sock *sk = sock->sk;
1464 struct kcm_sock *kcm = kcm_sk(sk);
1465 long timeo;
1466 struct kcm_rx_msg *rxm;
1467 int err = 0;
1468 size_t copied;
1469 struct sk_buff *skb;
1470
1471 /* Only support splice for SOCKSEQPACKET */
1472
1473 timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
1474
1475 lock_sock(sk);
1476
1477 skb = kcm_wait_data(sk, flags, timeo, &err);
1478 if (!skb)
1479 goto err_out;
1480
1481 /* Okay, have a message on the receive queue */
1482
1483 rxm = kcm_rx_msg(skb);
1484
1485 if (len > rxm->full_len)
1486 len = rxm->full_len;
1487
1488 copied = skb_splice_bits(skb, sk, rxm->offset, pipe, len, flags,
1489 kcm_sock_splice);
1490 if (copied < 0) {
1491 err = copied;
1492 goto err_out;
1493 }
1494
1495 KCM_STATS_ADD(kcm->stats.rx_bytes, copied);
1496
1497 rxm->offset += copied;
1498 rxm->full_len -= copied;
1499
1500 /* We have no way to return MSG_EOR. If all the bytes have been
1501 * read we still leave the message in the receive socket buffer.
1502 * A subsequent recvmsg needs to be done to return MSG_EOR and
1503 * finish reading the message.
1504 */
1505
1506 release_sock(sk);
1507
1508 return copied;
1509
1510 err_out:
1511 release_sock(sk);
1512
1513 return err;
1514 }
1515
1516 /* kcm sock lock held */
1517 static void kcm_recv_disable(struct kcm_sock *kcm)
1518 {
1519 struct kcm_mux *mux = kcm->mux;
1520
1521 if (kcm->rx_disabled)
1522 return;
1523
1524 spin_lock_bh(&mux->rx_lock);
1525
1526 kcm->rx_disabled = 1;
1527
1528 /* If a psock is reserved we'll do cleanup in unreserve */
1529 if (!kcm->rx_psock) {
1530 if (kcm->rx_wait) {
1531 list_del(&kcm->wait_rx_list);
1532 kcm->rx_wait = false;
1533 }
1534
1535 requeue_rx_msgs(mux, &kcm->sk.sk_receive_queue);
1536 }
1537
1538 spin_unlock_bh(&mux->rx_lock);
1539 }
1540
1541 /* kcm sock lock held */
1542 static void kcm_recv_enable(struct kcm_sock *kcm)
1543 {
1544 struct kcm_mux *mux = kcm->mux;
1545
1546 if (!kcm->rx_disabled)
1547 return;
1548
1549 spin_lock_bh(&mux->rx_lock);
1550
1551 kcm->rx_disabled = 0;
1552 kcm_rcv_ready(kcm);
1553
1554 spin_unlock_bh(&mux->rx_lock);
1555 }
1556
1557 static int kcm_setsockopt(struct socket *sock, int level, int optname,
1558 char __user *optval, unsigned int optlen)
1559 {
1560 struct kcm_sock *kcm = kcm_sk(sock->sk);
1561 int val, valbool;
1562 int err = 0;
1563
1564 if (level != SOL_KCM)
1565 return -ENOPROTOOPT;
1566
1567 if (optlen < sizeof(int))
1568 return -EINVAL;
1569
1570 if (get_user(val, (int __user *)optval))
1571 return -EINVAL;
1572
1573 valbool = val ? 1 : 0;
1574
1575 switch (optname) {
1576 case KCM_RECV_DISABLE:
1577 lock_sock(&kcm->sk);
1578 if (valbool)
1579 kcm_recv_disable(kcm);
1580 else
1581 kcm_recv_enable(kcm);
1582 release_sock(&kcm->sk);
1583 break;
1584 default:
1585 err = -ENOPROTOOPT;
1586 }
1587
1588 return err;
1589 }
1590
1591 static int kcm_getsockopt(struct socket *sock, int level, int optname,
1592 char __user *optval, int __user *optlen)
1593 {
1594 struct kcm_sock *kcm = kcm_sk(sock->sk);
1595 int val, len;
1596
1597 if (level != SOL_KCM)
1598 return -ENOPROTOOPT;
1599
1600 if (get_user(len, optlen))
1601 return -EFAULT;
1602
1603 len = min_t(unsigned int, len, sizeof(int));
1604 if (len < 0)
1605 return -EINVAL;
1606
1607 switch (optname) {
1608 case KCM_RECV_DISABLE:
1609 val = kcm->rx_disabled;
1610 break;
1611 default:
1612 return -ENOPROTOOPT;
1613 }
1614
1615 if (put_user(len, optlen))
1616 return -EFAULT;
1617 if (copy_to_user(optval, &val, len))
1618 return -EFAULT;
1619 return 0;
1620 }
1621
1622 static void init_kcm_sock(struct kcm_sock *kcm, struct kcm_mux *mux)
1623 {
1624 struct kcm_sock *tkcm;
1625 struct list_head *head;
1626 int index = 0;
1627
1628 /* For SOCK_SEQPACKET sock type, datagram_poll checks the sk_state, so
1629 * we set sk_state, otherwise epoll_wait always returns right away with
1630 * POLLHUP
1631 */
1632 kcm->sk.sk_state = TCP_ESTABLISHED;
1633
1634 /* Add to mux's kcm sockets list */
1635 kcm->mux = mux;
1636 spin_lock_bh(&mux->lock);
1637
1638 head = &mux->kcm_socks;
1639 list_for_each_entry(tkcm, &mux->kcm_socks, kcm_sock_list) {
1640 if (tkcm->index != index)
1641 break;
1642 head = &tkcm->kcm_sock_list;
1643 index++;
1644 }
1645
1646 list_add(&kcm->kcm_sock_list, head);
1647 kcm->index = index;
1648
1649 mux->kcm_socks_cnt++;
1650 spin_unlock_bh(&mux->lock);
1651
1652 INIT_WORK(&kcm->tx_work, kcm_tx_work);
1653
1654 spin_lock_bh(&mux->rx_lock);
1655 kcm_rcv_ready(kcm);
1656 spin_unlock_bh(&mux->rx_lock);
1657 }
1658
1659 static int kcm_attach(struct socket *sock, struct socket *csock,
1660 struct bpf_prog *prog)
1661 {
1662 struct kcm_sock *kcm = kcm_sk(sock->sk);
1663 struct kcm_mux *mux = kcm->mux;
1664 struct sock *csk;
1665 struct kcm_psock *psock = NULL, *tpsock;
1666 struct list_head *head;
1667 int index = 0;
1668
1669 if (csock->ops->family != PF_INET &&
1670 csock->ops->family != PF_INET6)
1671 return -EINVAL;
1672
1673 csk = csock->sk;
1674 if (!csk)
1675 return -EINVAL;
1676
1677 /* Only support TCP for now */
1678 if (csk->sk_protocol != IPPROTO_TCP)
1679 return -EINVAL;
1680
1681 psock = kmem_cache_zalloc(kcm_psockp, GFP_KERNEL);
1682 if (!psock)
1683 return -ENOMEM;
1684
1685 psock->mux = mux;
1686 psock->sk = csk;
1687 psock->bpf_prog = prog;
1688 INIT_WORK(&psock->rx_work, psock_rx_work);
1689 INIT_DELAYED_WORK(&psock->rx_delayed_work, psock_rx_delayed_work);
1690
1691 sock_hold(csk);
1692
1693 write_lock_bh(&csk->sk_callback_lock);
1694 psock->save_data_ready = csk->sk_data_ready;
1695 psock->save_write_space = csk->sk_write_space;
1696 psock->save_state_change = csk->sk_state_change;
1697 csk->sk_user_data = psock;
1698 csk->sk_data_ready = psock_tcp_data_ready;
1699 csk->sk_write_space = psock_tcp_write_space;
1700 csk->sk_state_change = psock_tcp_state_change;
1701 write_unlock_bh(&csk->sk_callback_lock);
1702
1703 /* Finished initialization, now add the psock to the MUX. */
1704 spin_lock_bh(&mux->lock);
1705 head = &mux->psocks;
1706 list_for_each_entry(tpsock, &mux->psocks, psock_list) {
1707 if (tpsock->index != index)
1708 break;
1709 head = &tpsock->psock_list;
1710 index++;
1711 }
1712
1713 list_add(&psock->psock_list, head);
1714 psock->index = index;
1715
1716 KCM_STATS_INCR(mux->stats.psock_attach);
1717 mux->psocks_cnt++;
1718 psock_now_avail(psock);
1719 spin_unlock_bh(&mux->lock);
1720
1721 /* Schedule RX work in case there are already bytes queued */
1722 queue_work(kcm_wq, &psock->rx_work);
1723
1724 return 0;
1725 }
1726
1727 static int kcm_attach_ioctl(struct socket *sock, struct kcm_attach *info)
1728 {
1729 struct socket *csock;
1730 struct bpf_prog *prog;
1731 int err;
1732
1733 csock = sockfd_lookup(info->fd, &err);
1734 if (!csock)
1735 return -ENOENT;
1736
1737 prog = bpf_prog_get(info->bpf_fd);
1738 if (IS_ERR(prog)) {
1739 err = PTR_ERR(prog);
1740 goto out;
1741 }
1742
1743 if (prog->type != BPF_PROG_TYPE_SOCKET_FILTER) {
1744 bpf_prog_put(prog);
1745 err = -EINVAL;
1746 goto out;
1747 }
1748
1749 err = kcm_attach(sock, csock, prog);
1750 if (err) {
1751 bpf_prog_put(prog);
1752 goto out;
1753 }
1754
1755 /* Keep reference on file also */
1756
1757 return 0;
1758 out:
1759 fput(csock->file);
1760 return err;
1761 }
1762
1763 static void kcm_unattach(struct kcm_psock *psock)
1764 {
1765 struct sock *csk = psock->sk;
1766 struct kcm_mux *mux = psock->mux;
1767
1768 /* Stop getting callbacks from TCP socket. After this there should
1769 * be no way to reserve a kcm for this psock.
1770 */
1771 write_lock_bh(&csk->sk_callback_lock);
1772 csk->sk_user_data = NULL;
1773 csk->sk_data_ready = psock->save_data_ready;
1774 csk->sk_write_space = psock->save_write_space;
1775 csk->sk_state_change = psock->save_state_change;
1776 psock->rx_stopped = 1;
1777
1778 if (WARN_ON(psock->rx_kcm)) {
1779 write_unlock_bh(&csk->sk_callback_lock);
1780 return;
1781 }
1782
1783 spin_lock_bh(&mux->rx_lock);
1784
1785 /* Stop receiver activities. After this point psock should not be
1786 * able to get onto ready list either through callbacks or work.
1787 */
1788 if (psock->ready_rx_msg) {
1789 list_del(&psock->psock_ready_list);
1790 kfree_skb(psock->ready_rx_msg);
1791 psock->ready_rx_msg = NULL;
1792 KCM_STATS_INCR(mux->stats.rx_ready_drops);
1793 }
1794
1795 spin_unlock_bh(&mux->rx_lock);
1796
1797 write_unlock_bh(&csk->sk_callback_lock);
1798
1799 cancel_work_sync(&psock->rx_work);
1800 cancel_delayed_work_sync(&psock->rx_delayed_work);
1801
1802 bpf_prog_put(psock->bpf_prog);
1803
1804 kfree_skb(psock->rx_skb_head);
1805 psock->rx_skb_head = NULL;
1806
1807 spin_lock_bh(&mux->lock);
1808
1809 aggregate_psock_stats(&psock->stats, &mux->aggregate_psock_stats);
1810
1811 KCM_STATS_INCR(mux->stats.psock_unattach);
1812
1813 if (psock->tx_kcm) {
1814 /* psock was reserved. Just mark it finished and we will clean
1815 * up in the kcm paths, we need kcm lock which can not be
1816 * acquired here.
1817 */
1818 KCM_STATS_INCR(mux->stats.psock_unattach_rsvd);
1819 spin_unlock_bh(&mux->lock);
1820
1821 /* We are unattaching a socket that is reserved. Abort the
1822 * socket since we may be out of sync in sending on it. We need
1823 * to do this without the mux lock.
1824 */
1825 kcm_abort_tx_psock(psock, EPIPE, false);
1826
1827 spin_lock_bh(&mux->lock);
1828 if (!psock->tx_kcm) {
1829 /* psock now unreserved in window mux was unlocked */
1830 goto no_reserved;
1831 }
1832 psock->done = 1;
1833
1834 /* Commit done before queuing work to process it */
1835 smp_mb();
1836
1837 /* Queue tx work to make sure psock->done is handled */
1838 queue_work(kcm_wq, &psock->tx_kcm->tx_work);
1839 spin_unlock_bh(&mux->lock);
1840 } else {
1841 no_reserved:
1842 if (!psock->tx_stopped)
1843 list_del(&psock->psock_avail_list);
1844 list_del(&psock->psock_list);
1845 mux->psocks_cnt--;
1846 spin_unlock_bh(&mux->lock);
1847
1848 sock_put(csk);
1849 fput(csk->sk_socket->file);
1850 kmem_cache_free(kcm_psockp, psock);
1851 }
1852 }
1853
1854 static int kcm_unattach_ioctl(struct socket *sock, struct kcm_unattach *info)
1855 {
1856 struct kcm_sock *kcm = kcm_sk(sock->sk);
1857 struct kcm_mux *mux = kcm->mux;
1858 struct kcm_psock *psock;
1859 struct socket *csock;
1860 struct sock *csk;
1861 int err;
1862
1863 csock = sockfd_lookup(info->fd, &err);
1864 if (!csock)
1865 return -ENOENT;
1866
1867 csk = csock->sk;
1868 if (!csk) {
1869 err = -EINVAL;
1870 goto out;
1871 }
1872
1873 err = -ENOENT;
1874
1875 spin_lock_bh(&mux->lock);
1876
1877 list_for_each_entry(psock, &mux->psocks, psock_list) {
1878 if (psock->sk != csk)
1879 continue;
1880
1881 /* Found the matching psock */
1882
1883 if (psock->unattaching || WARN_ON(psock->done)) {
1884 err = -EALREADY;
1885 break;
1886 }
1887
1888 psock->unattaching = 1;
1889
1890 spin_unlock_bh(&mux->lock);
1891
1892 kcm_unattach(psock);
1893
1894 err = 0;
1895 goto out;
1896 }
1897
1898 spin_unlock_bh(&mux->lock);
1899
1900 out:
1901 fput(csock->file);
1902 return err;
1903 }
1904
1905 static struct proto kcm_proto = {
1906 .name = "KCM",
1907 .owner = THIS_MODULE,
1908 .obj_size = sizeof(struct kcm_sock),
1909 };
1910
1911 /* Clone a kcm socket. */
1912 static int kcm_clone(struct socket *osock, struct kcm_clone *info,
1913 struct socket **newsockp)
1914 {
1915 struct socket *newsock;
1916 struct sock *newsk;
1917 struct file *newfile;
1918 int err, newfd;
1919
1920 err = -ENFILE;
1921 newsock = sock_alloc();
1922 if (!newsock)
1923 goto out;
1924
1925 newsock->type = osock->type;
1926 newsock->ops = osock->ops;
1927
1928 __module_get(newsock->ops->owner);
1929
1930 newfd = get_unused_fd_flags(0);
1931 if (unlikely(newfd < 0)) {
1932 err = newfd;
1933 goto out_fd_fail;
1934 }
1935
1936 newfile = sock_alloc_file(newsock, 0, osock->sk->sk_prot_creator->name);
1937 if (unlikely(IS_ERR(newfile))) {
1938 err = PTR_ERR(newfile);
1939 goto out_sock_alloc_fail;
1940 }
1941
1942 newsk = sk_alloc(sock_net(osock->sk), PF_KCM, GFP_KERNEL,
1943 &kcm_proto, true);
1944 if (!newsk) {
1945 err = -ENOMEM;
1946 goto out_sk_alloc_fail;
1947 }
1948
1949 sock_init_data(newsock, newsk);
1950 init_kcm_sock(kcm_sk(newsk), kcm_sk(osock->sk)->mux);
1951
1952 fd_install(newfd, newfile);
1953 *newsockp = newsock;
1954 info->fd = newfd;
1955
1956 return 0;
1957
1958 out_sk_alloc_fail:
1959 fput(newfile);
1960 out_sock_alloc_fail:
1961 put_unused_fd(newfd);
1962 out_fd_fail:
1963 sock_release(newsock);
1964 out:
1965 return err;
1966 }
1967
1968 static int kcm_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
1969 {
1970 int err;
1971
1972 switch (cmd) {
1973 case SIOCKCMATTACH: {
1974 struct kcm_attach info;
1975
1976 if (copy_from_user(&info, (void __user *)arg, sizeof(info)))
1977 err = -EFAULT;
1978
1979 err = kcm_attach_ioctl(sock, &info);
1980
1981 break;
1982 }
1983 case SIOCKCMUNATTACH: {
1984 struct kcm_unattach info;
1985
1986 if (copy_from_user(&info, (void __user *)arg, sizeof(info)))
1987 err = -EFAULT;
1988
1989 err = kcm_unattach_ioctl(sock, &info);
1990
1991 break;
1992 }
1993 case SIOCKCMCLONE: {
1994 struct kcm_clone info;
1995 struct socket *newsock = NULL;
1996
1997 if (copy_from_user(&info, (void __user *)arg, sizeof(info)))
1998 err = -EFAULT;
1999
2000 err = kcm_clone(sock, &info, &newsock);
2001
2002 if (!err) {
2003 if (copy_to_user((void __user *)arg, &info,
2004 sizeof(info))) {
2005 err = -EFAULT;
2006 sock_release(newsock);
2007 }
2008 }
2009
2010 break;
2011 }
2012 default:
2013 err = -ENOIOCTLCMD;
2014 break;
2015 }
2016
2017 return err;
2018 }
2019
2020 static void free_mux(struct rcu_head *rcu)
2021 {
2022 struct kcm_mux *mux = container_of(rcu,
2023 struct kcm_mux, rcu);
2024
2025 kmem_cache_free(kcm_muxp, mux);
2026 }
2027
2028 static void release_mux(struct kcm_mux *mux)
2029 {
2030 struct kcm_net *knet = mux->knet;
2031 struct kcm_psock *psock, *tmp_psock;
2032
2033 /* Release psocks */
2034 list_for_each_entry_safe(psock, tmp_psock,
2035 &mux->psocks, psock_list) {
2036 if (!WARN_ON(psock->unattaching))
2037 kcm_unattach(psock);
2038 }
2039
2040 if (WARN_ON(mux->psocks_cnt))
2041 return;
2042
2043 __skb_queue_purge(&mux->rx_hold_queue);
2044
2045 mutex_lock(&knet->mutex);
2046 aggregate_mux_stats(&mux->stats, &knet->aggregate_mux_stats);
2047 aggregate_psock_stats(&mux->aggregate_psock_stats,
2048 &knet->aggregate_psock_stats);
2049 list_del_rcu(&mux->kcm_mux_list);
2050 knet->count--;
2051 mutex_unlock(&knet->mutex);
2052
2053 call_rcu(&mux->rcu, free_mux);
2054 }
2055
2056 static void kcm_done(struct kcm_sock *kcm)
2057 {
2058 struct kcm_mux *mux = kcm->mux;
2059 struct sock *sk = &kcm->sk;
2060 int socks_cnt;
2061
2062 spin_lock_bh(&mux->rx_lock);
2063 if (kcm->rx_psock) {
2064 /* Cleanup in unreserve_rx_kcm */
2065 WARN_ON(kcm->done);
2066 kcm->rx_disabled = 1;
2067 kcm->done = 1;
2068 spin_unlock_bh(&mux->rx_lock);
2069 return;
2070 }
2071
2072 if (kcm->rx_wait) {
2073 list_del(&kcm->wait_rx_list);
2074 kcm->rx_wait = false;
2075 }
2076 /* Move any pending receive messages to other kcm sockets */
2077 requeue_rx_msgs(mux, &sk->sk_receive_queue);
2078
2079 spin_unlock_bh(&mux->rx_lock);
2080
2081 if (WARN_ON(sk_rmem_alloc_get(sk)))
2082 return;
2083
2084 /* Detach from MUX */
2085 spin_lock_bh(&mux->lock);
2086
2087 list_del(&kcm->kcm_sock_list);
2088 mux->kcm_socks_cnt--;
2089 socks_cnt = mux->kcm_socks_cnt;
2090
2091 spin_unlock_bh(&mux->lock);
2092
2093 if (!socks_cnt) {
2094 /* We are done with the mux now. */
2095 release_mux(mux);
2096 }
2097
2098 WARN_ON(kcm->rx_wait);
2099
2100 sock_put(&kcm->sk);
2101 }
2102
2103 /* Called by kcm_release to close a KCM socket.
2104 * If this is the last KCM socket on the MUX, destroy the MUX.
2105 */
2106 static int kcm_release(struct socket *sock)
2107 {
2108 struct sock *sk = sock->sk;
2109 struct kcm_sock *kcm;
2110 struct kcm_mux *mux;
2111 struct kcm_psock *psock;
2112
2113 if (!sk)
2114 return 0;
2115
2116 kcm = kcm_sk(sk);
2117 mux = kcm->mux;
2118
2119 sock_orphan(sk);
2120 kfree_skb(kcm->seq_skb);
2121
2122 lock_sock(sk);
2123 /* Purge queue under lock to avoid race condition with tx_work trying
2124 * to act when queue is nonempty. If tx_work runs after this point
2125 * it will just return.
2126 */
2127 __skb_queue_purge(&sk->sk_write_queue);
2128 release_sock(sk);
2129
2130 spin_lock_bh(&mux->lock);
2131 if (kcm->tx_wait) {
2132 /* Take of tx_wait list, after this point there should be no way
2133 * that a psock will be assigned to this kcm.
2134 */
2135 list_del(&kcm->wait_psock_list);
2136 kcm->tx_wait = false;
2137 }
2138 spin_unlock_bh(&mux->lock);
2139
2140 /* Cancel work. After this point there should be no outside references
2141 * to the kcm socket.
2142 */
2143 cancel_work_sync(&kcm->tx_work);
2144
2145 lock_sock(sk);
2146 psock = kcm->tx_psock;
2147 if (psock) {
2148 /* A psock was reserved, so we need to kill it since it
2149 * may already have some bytes queued from a message. We
2150 * need to do this after removing kcm from tx_wait list.
2151 */
2152 kcm_abort_tx_psock(psock, EPIPE, false);
2153 unreserve_psock(kcm);
2154 }
2155 release_sock(sk);
2156
2157 WARN_ON(kcm->tx_wait);
2158 WARN_ON(kcm->tx_psock);
2159
2160 sock->sk = NULL;
2161
2162 kcm_done(kcm);
2163
2164 return 0;
2165 }
2166
2167 static const struct proto_ops kcm_dgram_ops = {
2168 .family = PF_KCM,
2169 .owner = THIS_MODULE,
2170 .release = kcm_release,
2171 .bind = sock_no_bind,
2172 .connect = sock_no_connect,
2173 .socketpair = sock_no_socketpair,
2174 .accept = sock_no_accept,
2175 .getname = sock_no_getname,
2176 .poll = datagram_poll,
2177 .ioctl = kcm_ioctl,
2178 .listen = sock_no_listen,
2179 .shutdown = sock_no_shutdown,
2180 .setsockopt = kcm_setsockopt,
2181 .getsockopt = kcm_getsockopt,
2182 .sendmsg = kcm_sendmsg,
2183 .recvmsg = kcm_recvmsg,
2184 .mmap = sock_no_mmap,
2185 .sendpage = kcm_sendpage,
2186 };
2187
2188 static const struct proto_ops kcm_seqpacket_ops = {
2189 .family = PF_KCM,
2190 .owner = THIS_MODULE,
2191 .release = kcm_release,
2192 .bind = sock_no_bind,
2193 .connect = sock_no_connect,
2194 .socketpair = sock_no_socketpair,
2195 .accept = sock_no_accept,
2196 .getname = sock_no_getname,
2197 .poll = datagram_poll,
2198 .ioctl = kcm_ioctl,
2199 .listen = sock_no_listen,
2200 .shutdown = sock_no_shutdown,
2201 .setsockopt = kcm_setsockopt,
2202 .getsockopt = kcm_getsockopt,
2203 .sendmsg = kcm_sendmsg,
2204 .recvmsg = kcm_recvmsg,
2205 .mmap = sock_no_mmap,
2206 .sendpage = kcm_sendpage,
2207 .splice_read = kcm_splice_read,
2208 };
2209
2210 /* Create proto operation for kcm sockets */
2211 static int kcm_create(struct net *net, struct socket *sock,
2212 int protocol, int kern)
2213 {
2214 struct kcm_net *knet = net_generic(net, kcm_net_id);
2215 struct sock *sk;
2216 struct kcm_mux *mux;
2217
2218 switch (sock->type) {
2219 case SOCK_DGRAM:
2220 sock->ops = &kcm_dgram_ops;
2221 break;
2222 case SOCK_SEQPACKET:
2223 sock->ops = &kcm_seqpacket_ops;
2224 break;
2225 default:
2226 return -ESOCKTNOSUPPORT;
2227 }
2228
2229 if (protocol != KCMPROTO_CONNECTED)
2230 return -EPROTONOSUPPORT;
2231
2232 sk = sk_alloc(net, PF_KCM, GFP_KERNEL, &kcm_proto, kern);
2233 if (!sk)
2234 return -ENOMEM;
2235
2236 /* Allocate a kcm mux, shared between KCM sockets */
2237 mux = kmem_cache_zalloc(kcm_muxp, GFP_KERNEL);
2238 if (!mux) {
2239 sk_free(sk);
2240 return -ENOMEM;
2241 }
2242
2243 spin_lock_init(&mux->lock);
2244 spin_lock_init(&mux->rx_lock);
2245 INIT_LIST_HEAD(&mux->kcm_socks);
2246 INIT_LIST_HEAD(&mux->kcm_rx_waiters);
2247 INIT_LIST_HEAD(&mux->kcm_tx_waiters);
2248
2249 INIT_LIST_HEAD(&mux->psocks);
2250 INIT_LIST_HEAD(&mux->psocks_ready);
2251 INIT_LIST_HEAD(&mux->psocks_avail);
2252
2253 mux->knet = knet;
2254
2255 /* Add new MUX to list */
2256 mutex_lock(&knet->mutex);
2257 list_add_rcu(&mux->kcm_mux_list, &knet->mux_list);
2258 knet->count++;
2259 mutex_unlock(&knet->mutex);
2260
2261 skb_queue_head_init(&mux->rx_hold_queue);
2262
2263 /* Init KCM socket */
2264 sock_init_data(sock, sk);
2265 init_kcm_sock(kcm_sk(sk), mux);
2266
2267 return 0;
2268 }
2269
2270 static struct net_proto_family kcm_family_ops = {
2271 .family = PF_KCM,
2272 .create = kcm_create,
2273 .owner = THIS_MODULE,
2274 };
2275
2276 static __net_init int kcm_init_net(struct net *net)
2277 {
2278 struct kcm_net *knet = net_generic(net, kcm_net_id);
2279
2280 INIT_LIST_HEAD_RCU(&knet->mux_list);
2281 mutex_init(&knet->mutex);
2282
2283 return 0;
2284 }
2285
2286 static __net_exit void kcm_exit_net(struct net *net)
2287 {
2288 struct kcm_net *knet = net_generic(net, kcm_net_id);
2289
2290 /* All KCM sockets should be closed at this point, which should mean
2291 * that all multiplexors and psocks have been destroyed.
2292 */
2293 WARN_ON(!list_empty(&knet->mux_list));
2294 }
2295
2296 static struct pernet_operations kcm_net_ops = {
2297 .init = kcm_init_net,
2298 .exit = kcm_exit_net,
2299 .id = &kcm_net_id,
2300 .size = sizeof(struct kcm_net),
2301 };
2302
2303 static int __init kcm_init(void)
2304 {
2305 int err = -ENOMEM;
2306
2307 kcm_muxp = kmem_cache_create("kcm_mux_cache",
2308 sizeof(struct kcm_mux), 0,
2309 SLAB_HWCACHE_ALIGN | SLAB_PANIC, NULL);
2310 if (!kcm_muxp)
2311 goto fail;
2312
2313 kcm_psockp = kmem_cache_create("kcm_psock_cache",
2314 sizeof(struct kcm_psock), 0,
2315 SLAB_HWCACHE_ALIGN | SLAB_PANIC, NULL);
2316 if (!kcm_psockp)
2317 goto fail;
2318
2319 kcm_wq = create_singlethread_workqueue("kkcmd");
2320 if (!kcm_wq)
2321 goto fail;
2322
2323 err = proto_register(&kcm_proto, 1);
2324 if (err)
2325 goto fail;
2326
2327 err = sock_register(&kcm_family_ops);
2328 if (err)
2329 goto sock_register_fail;
2330
2331 err = register_pernet_device(&kcm_net_ops);
2332 if (err)
2333 goto net_ops_fail;
2334
2335 err = kcm_proc_init();
2336 if (err)
2337 goto proc_init_fail;
2338
2339 return 0;
2340
2341 proc_init_fail:
2342 unregister_pernet_device(&kcm_net_ops);
2343
2344 net_ops_fail:
2345 sock_unregister(PF_KCM);
2346
2347 sock_register_fail:
2348 proto_unregister(&kcm_proto);
2349
2350 fail:
2351 kmem_cache_destroy(kcm_muxp);
2352 kmem_cache_destroy(kcm_psockp);
2353
2354 if (kcm_wq)
2355 destroy_workqueue(kcm_wq);
2356
2357 return err;
2358 }
2359
2360 static void __exit kcm_exit(void)
2361 {
2362 kcm_proc_exit();
2363 unregister_pernet_device(&kcm_net_ops);
2364 sock_unregister(PF_KCM);
2365 proto_unregister(&kcm_proto);
2366 destroy_workqueue(kcm_wq);
2367
2368 kmem_cache_destroy(kcm_muxp);
2369 kmem_cache_destroy(kcm_psockp);
2370 }
2371
2372 module_init(kcm_init);
2373 module_exit(kcm_exit);
2374
2375 MODULE_LICENSE("GPL");
2376 MODULE_ALIAS_NETPROTO(PF_KCM);
2377
Linux kernel - Deliverables
This page took 0.140548 seconds and 6 git commands to generate.