xref: /openbmc/linux/net/sunrpc/svcsock.c (revision 6aeadf78)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * linux/net/sunrpc/svcsock.c
4  *
5  * These are the RPC server socket internals.
6  *
7  * The server scheduling algorithm does not always distribute the load
8  * evenly when servicing a single client. May need to modify the
9  * svc_xprt_enqueue procedure...
10  *
11  * TCP support is largely untested and may be a little slow. The problem
12  * is that we currently do two separate recvfrom's, one for the 4-byte
13  * record length, and the second for the actual record. This could possibly
14  * be improved by always reading a minimum size of around 100 bytes and
15  * tucking any superfluous bytes away in a temporary store. Still, that
16  * leaves write requests out in the rain. An alternative may be to peek at
17  * the first skb in the queue, and if it matches the next TCP sequence
18  * number, to extract the record marker. Yuck.
19  *
20  * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
21  */
22 
23 #include <linux/kernel.h>
24 #include <linux/sched.h>
25 #include <linux/module.h>
26 #include <linux/errno.h>
27 #include <linux/fcntl.h>
28 #include <linux/net.h>
29 #include <linux/in.h>
30 #include <linux/inet.h>
31 #include <linux/udp.h>
32 #include <linux/tcp.h>
33 #include <linux/unistd.h>
34 #include <linux/slab.h>
35 #include <linux/netdevice.h>
36 #include <linux/skbuff.h>
37 #include <linux/file.h>
38 #include <linux/freezer.h>
39 #include <net/sock.h>
40 #include <net/checksum.h>
41 #include <net/ip.h>
42 #include <net/ipv6.h>
43 #include <net/udp.h>
44 #include <net/tcp.h>
45 #include <net/tcp_states.h>
46 #include <net/tls.h>
47 #include <net/handshake.h>
48 #include <linux/uaccess.h>
49 #include <linux/highmem.h>
50 #include <asm/ioctls.h>
51 #include <linux/key.h>
52 
53 #include <linux/sunrpc/types.h>
54 #include <linux/sunrpc/clnt.h>
55 #include <linux/sunrpc/xdr.h>
56 #include <linux/sunrpc/msg_prot.h>
57 #include <linux/sunrpc/svcsock.h>
58 #include <linux/sunrpc/stats.h>
59 #include <linux/sunrpc/xprt.h>
60 
61 #include <trace/events/sock.h>
62 #include <trace/events/sunrpc.h>
63 
64 #include "socklib.h"
65 #include "sunrpc.h"
66 
67 #define RPCDBG_FACILITY	RPCDBG_SVCXPRT
68 
69 /* To-do: to avoid tying up an nfsd thread while waiting for a
70  * handshake request, the request could instead be deferred.
71  */
72 enum {
73 	SVC_HANDSHAKE_TO	= 5U * HZ
74 };
75 
76 static struct svc_sock *svc_setup_socket(struct svc_serv *, struct socket *,
77 					 int flags);
78 static int		svc_udp_recvfrom(struct svc_rqst *);
79 static int		svc_udp_sendto(struct svc_rqst *);
80 static void		svc_sock_detach(struct svc_xprt *);
81 static void		svc_tcp_sock_detach(struct svc_xprt *);
82 static void		svc_sock_free(struct svc_xprt *);
83 
84 static struct svc_xprt *svc_create_socket(struct svc_serv *, int,
85 					  struct net *, struct sockaddr *,
86 					  int, int);
87 #ifdef CONFIG_DEBUG_LOCK_ALLOC
88 static struct lock_class_key svc_key[2];
89 static struct lock_class_key svc_slock_key[2];
90 
91 static void svc_reclassify_socket(struct socket *sock)
92 {
93 	struct sock *sk = sock->sk;
94 
95 	if (WARN_ON_ONCE(!sock_allow_reclassification(sk)))
96 		return;
97 
98 	switch (sk->sk_family) {
99 	case AF_INET:
100 		sock_lock_init_class_and_name(sk, "slock-AF_INET-NFSD",
101 					      &svc_slock_key[0],
102 					      "sk_xprt.xpt_lock-AF_INET-NFSD",
103 					      &svc_key[0]);
104 		break;
105 
106 	case AF_INET6:
107 		sock_lock_init_class_and_name(sk, "slock-AF_INET6-NFSD",
108 					      &svc_slock_key[1],
109 					      "sk_xprt.xpt_lock-AF_INET6-NFSD",
110 					      &svc_key[1]);
111 		break;
112 
113 	default:
114 		BUG();
115 	}
116 }
117 #else
118 static void svc_reclassify_socket(struct socket *sock)
119 {
120 }
121 #endif
122 
123 /**
124  * svc_tcp_release_ctxt - Release transport-related resources
125  * @xprt: the transport which owned the context
126  * @ctxt: the context from rqstp->rq_xprt_ctxt or dr->xprt_ctxt
127  *
128  */
129 static void svc_tcp_release_ctxt(struct svc_xprt *xprt, void *ctxt)
130 {
131 }
132 
133 /**
134  * svc_udp_release_ctxt - Release transport-related resources
135  * @xprt: the transport which owned the context
136  * @ctxt: the context from rqstp->rq_xprt_ctxt or dr->xprt_ctxt
137  *
138  */
139 static void svc_udp_release_ctxt(struct svc_xprt *xprt, void *ctxt)
140 {
141 	struct sk_buff *skb = ctxt;
142 
143 	if (skb)
144 		consume_skb(skb);
145 }
146 
147 union svc_pktinfo_u {
148 	struct in_pktinfo pkti;
149 	struct in6_pktinfo pkti6;
150 };
151 #define SVC_PKTINFO_SPACE \
152 	CMSG_SPACE(sizeof(union svc_pktinfo_u))
153 
154 static void svc_set_cmsg_data(struct svc_rqst *rqstp, struct cmsghdr *cmh)
155 {
156 	struct svc_sock *svsk =
157 		container_of(rqstp->rq_xprt, struct svc_sock, sk_xprt);
158 	switch (svsk->sk_sk->sk_family) {
159 	case AF_INET: {
160 			struct in_pktinfo *pki = CMSG_DATA(cmh);
161 
162 			cmh->cmsg_level = SOL_IP;
163 			cmh->cmsg_type = IP_PKTINFO;
164 			pki->ipi_ifindex = 0;
165 			pki->ipi_spec_dst.s_addr =
166 				 svc_daddr_in(rqstp)->sin_addr.s_addr;
167 			cmh->cmsg_len = CMSG_LEN(sizeof(*pki));
168 		}
169 		break;
170 
171 	case AF_INET6: {
172 			struct in6_pktinfo *pki = CMSG_DATA(cmh);
173 			struct sockaddr_in6 *daddr = svc_daddr_in6(rqstp);
174 
175 			cmh->cmsg_level = SOL_IPV6;
176 			cmh->cmsg_type = IPV6_PKTINFO;
177 			pki->ipi6_ifindex = daddr->sin6_scope_id;
178 			pki->ipi6_addr = daddr->sin6_addr;
179 			cmh->cmsg_len = CMSG_LEN(sizeof(*pki));
180 		}
181 		break;
182 	}
183 }
184 
185 static int svc_sock_result_payload(struct svc_rqst *rqstp, unsigned int offset,
186 				   unsigned int length)
187 {
188 	return 0;
189 }
190 
191 /*
192  * Report socket names for nfsdfs
193  */
194 static int svc_one_sock_name(struct svc_sock *svsk, char *buf, int remaining)
195 {
196 	const struct sock *sk = svsk->sk_sk;
197 	const char *proto_name = sk->sk_protocol == IPPROTO_UDP ?
198 							"udp" : "tcp";
199 	int len;
200 
201 	switch (sk->sk_family) {
202 	case PF_INET:
203 		len = snprintf(buf, remaining, "ipv4 %s %pI4 %d\n",
204 				proto_name,
205 				&inet_sk(sk)->inet_rcv_saddr,
206 				inet_sk(sk)->inet_num);
207 		break;
208 #if IS_ENABLED(CONFIG_IPV6)
209 	case PF_INET6:
210 		len = snprintf(buf, remaining, "ipv6 %s %pI6 %d\n",
211 				proto_name,
212 				&sk->sk_v6_rcv_saddr,
213 				inet_sk(sk)->inet_num);
214 		break;
215 #endif
216 	default:
217 		len = snprintf(buf, remaining, "*unknown-%d*\n",
218 				sk->sk_family);
219 	}
220 
221 	if (len >= remaining) {
222 		*buf = '\0';
223 		return -ENAMETOOLONG;
224 	}
225 	return len;
226 }
227 
228 static int
229 svc_tcp_sock_process_cmsg(struct svc_sock *svsk, struct msghdr *msg,
230 			  struct cmsghdr *cmsg, int ret)
231 {
232 	if (cmsg->cmsg_level == SOL_TLS &&
233 	    cmsg->cmsg_type == TLS_GET_RECORD_TYPE) {
234 		u8 content_type = *((u8 *)CMSG_DATA(cmsg));
235 
236 		switch (content_type) {
237 		case TLS_RECORD_TYPE_DATA:
238 			/* TLS sets EOR at the end of each application data
239 			 * record, even though there might be more frames
240 			 * waiting to be decrypted.
241 			 */
242 			msg->msg_flags &= ~MSG_EOR;
243 			break;
244 		case TLS_RECORD_TYPE_ALERT:
245 			ret = -ENOTCONN;
246 			break;
247 		default:
248 			ret = -EAGAIN;
249 		}
250 	}
251 	return ret;
252 }
253 
254 static int
255 svc_tcp_sock_recv_cmsg(struct svc_sock *svsk, struct msghdr *msg)
256 {
257 	union {
258 		struct cmsghdr	cmsg;
259 		u8		buf[CMSG_SPACE(sizeof(u8))];
260 	} u;
261 	int ret;
262 
263 	msg->msg_control = &u;
264 	msg->msg_controllen = sizeof(u);
265 	ret = sock_recvmsg(svsk->sk_sock, msg, MSG_DONTWAIT);
266 	if (unlikely(msg->msg_controllen != sizeof(u)))
267 		ret = svc_tcp_sock_process_cmsg(svsk, msg, &u.cmsg, ret);
268 	return ret;
269 }
270 
271 #if ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE
272 static void svc_flush_bvec(const struct bio_vec *bvec, size_t size, size_t seek)
273 {
274 	struct bvec_iter bi = {
275 		.bi_size	= size + seek,
276 	};
277 	struct bio_vec bv;
278 
279 	bvec_iter_advance(bvec, &bi, seek & PAGE_MASK);
280 	for_each_bvec(bv, bvec, bi, bi)
281 		flush_dcache_page(bv.bv_page);
282 }
283 #else
284 static inline void svc_flush_bvec(const struct bio_vec *bvec, size_t size,
285 				  size_t seek)
286 {
287 }
288 #endif
289 
290 /*
291  * Read from @rqstp's transport socket. The incoming message fills whole
292  * pages in @rqstp's rq_pages array until the last page of the message
293  * has been received into a partial page.
294  */
295 static ssize_t svc_tcp_read_msg(struct svc_rqst *rqstp, size_t buflen,
296 				size_t seek)
297 {
298 	struct svc_sock *svsk =
299 		container_of(rqstp->rq_xprt, struct svc_sock, sk_xprt);
300 	struct bio_vec *bvec = rqstp->rq_bvec;
301 	struct msghdr msg = { NULL };
302 	unsigned int i;
303 	ssize_t len;
304 	size_t t;
305 
306 	clear_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags);
307 
308 	for (i = 0, t = 0; t < buflen; i++, t += PAGE_SIZE)
309 		bvec_set_page(&bvec[i], rqstp->rq_pages[i], PAGE_SIZE, 0);
310 	rqstp->rq_respages = &rqstp->rq_pages[i];
311 	rqstp->rq_next_page = rqstp->rq_respages + 1;
312 
313 	iov_iter_bvec(&msg.msg_iter, ITER_DEST, bvec, i, buflen);
314 	if (seek) {
315 		iov_iter_advance(&msg.msg_iter, seek);
316 		buflen -= seek;
317 	}
318 	len = svc_tcp_sock_recv_cmsg(svsk, &msg);
319 	if (len > 0)
320 		svc_flush_bvec(bvec, len, seek);
321 
322 	/* If we read a full record, then assume there may be more
323 	 * data to read (stream based sockets only!)
324 	 */
325 	if (len == buflen)
326 		set_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags);
327 
328 	return len;
329 }
330 
331 /*
332  * Set socket snd and rcv buffer lengths
333  */
334 static void svc_sock_setbufsize(struct svc_sock *svsk, unsigned int nreqs)
335 {
336 	unsigned int max_mesg = svsk->sk_xprt.xpt_server->sv_max_mesg;
337 	struct socket *sock = svsk->sk_sock;
338 
339 	nreqs = min(nreqs, INT_MAX / 2 / max_mesg);
340 
341 	lock_sock(sock->sk);
342 	sock->sk->sk_sndbuf = nreqs * max_mesg * 2;
343 	sock->sk->sk_rcvbuf = nreqs * max_mesg * 2;
344 	sock->sk->sk_write_space(sock->sk);
345 	release_sock(sock->sk);
346 }
347 
348 static void svc_sock_secure_port(struct svc_rqst *rqstp)
349 {
350 	if (svc_port_is_privileged(svc_addr(rqstp)))
351 		set_bit(RQ_SECURE, &rqstp->rq_flags);
352 	else
353 		clear_bit(RQ_SECURE, &rqstp->rq_flags);
354 }
355 
356 /*
357  * INET callback when data has been received on the socket.
358  */
359 static void svc_data_ready(struct sock *sk)
360 {
361 	struct svc_sock	*svsk = (struct svc_sock *)sk->sk_user_data;
362 
363 	trace_sk_data_ready(sk);
364 
365 	if (svsk) {
366 		/* Refer to svc_setup_socket() for details. */
367 		rmb();
368 		svsk->sk_odata(sk);
369 		trace_svcsock_data_ready(&svsk->sk_xprt, 0);
370 		if (test_bit(XPT_HANDSHAKE, &svsk->sk_xprt.xpt_flags))
371 			return;
372 		if (!test_and_set_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags))
373 			svc_xprt_enqueue(&svsk->sk_xprt);
374 	}
375 }
376 
377 /*
378  * INET callback when space is newly available on the socket.
379  */
380 static void svc_write_space(struct sock *sk)
381 {
382 	struct svc_sock	*svsk = (struct svc_sock *)(sk->sk_user_data);
383 
384 	if (svsk) {
385 		/* Refer to svc_setup_socket() for details. */
386 		rmb();
387 		trace_svcsock_write_space(&svsk->sk_xprt, 0);
388 		svsk->sk_owspace(sk);
389 		svc_xprt_enqueue(&svsk->sk_xprt);
390 	}
391 }
392 
393 static int svc_tcp_has_wspace(struct svc_xprt *xprt)
394 {
395 	struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt);
396 
397 	if (test_bit(XPT_LISTENER, &xprt->xpt_flags))
398 		return 1;
399 	return !test_bit(SOCK_NOSPACE, &svsk->sk_sock->flags);
400 }
401 
402 static void svc_tcp_kill_temp_xprt(struct svc_xprt *xprt)
403 {
404 	struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt);
405 
406 	sock_no_linger(svsk->sk_sock->sk);
407 }
408 
409 /**
410  * svc_tcp_handshake_done - Handshake completion handler
411  * @data: address of xprt to wake
412  * @status: status of handshake
413  * @peerid: serial number of key containing the remote peer's identity
414  *
415  * If a security policy is specified as an export option, we don't
416  * have a specific export here to check. So we set a "TLS session
417  * is present" flag on the xprt and let an upper layer enforce local
418  * security policy.
419  */
420 static void svc_tcp_handshake_done(void *data, int status, key_serial_t peerid)
421 {
422 	struct svc_xprt *xprt = data;
423 	struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt);
424 
425 	if (!status) {
426 		if (peerid != TLS_NO_PEERID)
427 			set_bit(XPT_PEER_AUTH, &xprt->xpt_flags);
428 		set_bit(XPT_TLS_SESSION, &xprt->xpt_flags);
429 	}
430 	clear_bit(XPT_HANDSHAKE, &xprt->xpt_flags);
431 	complete_all(&svsk->sk_handshake_done);
432 }
433 
434 /**
435  * svc_tcp_handshake - Perform a transport-layer security handshake
436  * @xprt: connected transport endpoint
437  *
438  */
439 static void svc_tcp_handshake(struct svc_xprt *xprt)
440 {
441 	struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt);
442 	struct sock *sk = svsk->sk_sock->sk;
443 	struct tls_handshake_args args = {
444 		.ta_sock	= svsk->sk_sock,
445 		.ta_done	= svc_tcp_handshake_done,
446 		.ta_data	= xprt,
447 	};
448 	int ret;
449 
450 	trace_svc_tls_upcall(xprt);
451 
452 	clear_bit(XPT_TLS_SESSION, &xprt->xpt_flags);
453 	init_completion(&svsk->sk_handshake_done);
454 
455 	ret = tls_server_hello_x509(&args, GFP_KERNEL);
456 	if (ret) {
457 		trace_svc_tls_not_started(xprt);
458 		goto out_failed;
459 	}
460 
461 	ret = wait_for_completion_interruptible_timeout(&svsk->sk_handshake_done,
462 							SVC_HANDSHAKE_TO);
463 	if (ret <= 0) {
464 		if (tls_handshake_cancel(sk)) {
465 			trace_svc_tls_timed_out(xprt);
466 			goto out_close;
467 		}
468 	}
469 
470 	if (!test_bit(XPT_TLS_SESSION, &xprt->xpt_flags)) {
471 		trace_svc_tls_unavailable(xprt);
472 		goto out_close;
473 	}
474 
475 	/* Mark the transport ready in case the remote sent RPC
476 	 * traffic before the kernel received the handshake
477 	 * completion downcall.
478 	 */
479 	set_bit(XPT_DATA, &xprt->xpt_flags);
480 	svc_xprt_enqueue(xprt);
481 	return;
482 
483 out_close:
484 	set_bit(XPT_CLOSE, &xprt->xpt_flags);
485 out_failed:
486 	clear_bit(XPT_HANDSHAKE, &xprt->xpt_flags);
487 	set_bit(XPT_DATA, &xprt->xpt_flags);
488 	svc_xprt_enqueue(xprt);
489 }
490 
491 /*
492  * See net/ipv6/ip_sockglue.c : ip_cmsg_recv_pktinfo
493  */
494 static int svc_udp_get_dest_address4(struct svc_rqst *rqstp,
495 				     struct cmsghdr *cmh)
496 {
497 	struct in_pktinfo *pki = CMSG_DATA(cmh);
498 	struct sockaddr_in *daddr = svc_daddr_in(rqstp);
499 
500 	if (cmh->cmsg_type != IP_PKTINFO)
501 		return 0;
502 
503 	daddr->sin_family = AF_INET;
504 	daddr->sin_addr.s_addr = pki->ipi_spec_dst.s_addr;
505 	return 1;
506 }
507 
508 /*
509  * See net/ipv6/datagram.c : ip6_datagram_recv_ctl
510  */
511 static int svc_udp_get_dest_address6(struct svc_rqst *rqstp,
512 				     struct cmsghdr *cmh)
513 {
514 	struct in6_pktinfo *pki = CMSG_DATA(cmh);
515 	struct sockaddr_in6 *daddr = svc_daddr_in6(rqstp);
516 
517 	if (cmh->cmsg_type != IPV6_PKTINFO)
518 		return 0;
519 
520 	daddr->sin6_family = AF_INET6;
521 	daddr->sin6_addr = pki->ipi6_addr;
522 	daddr->sin6_scope_id = pki->ipi6_ifindex;
523 	return 1;
524 }
525 
526 /*
527  * Copy the UDP datagram's destination address to the rqstp structure.
528  * The 'destination' address in this case is the address to which the
529  * peer sent the datagram, i.e. our local address. For multihomed
530  * hosts, this can change from msg to msg. Note that only the IP
531  * address changes, the port number should remain the same.
532  */
533 static int svc_udp_get_dest_address(struct svc_rqst *rqstp,
534 				    struct cmsghdr *cmh)
535 {
536 	switch (cmh->cmsg_level) {
537 	case SOL_IP:
538 		return svc_udp_get_dest_address4(rqstp, cmh);
539 	case SOL_IPV6:
540 		return svc_udp_get_dest_address6(rqstp, cmh);
541 	}
542 
543 	return 0;
544 }
545 
546 /**
547  * svc_udp_recvfrom - Receive a datagram from a UDP socket.
548  * @rqstp: request structure into which to receive an RPC Call
549  *
550  * Called in a loop when XPT_DATA has been set.
551  *
552  * Returns:
553  *   On success, the number of bytes in a received RPC Call, or
554  *   %0 if a complete RPC Call message was not ready to return
555  */
556 static int svc_udp_recvfrom(struct svc_rqst *rqstp)
557 {
558 	struct svc_sock	*svsk =
559 		container_of(rqstp->rq_xprt, struct svc_sock, sk_xprt);
560 	struct svc_serv	*serv = svsk->sk_xprt.xpt_server;
561 	struct sk_buff	*skb;
562 	union {
563 		struct cmsghdr	hdr;
564 		long		all[SVC_PKTINFO_SPACE / sizeof(long)];
565 	} buffer;
566 	struct cmsghdr *cmh = &buffer.hdr;
567 	struct msghdr msg = {
568 		.msg_name = svc_addr(rqstp),
569 		.msg_control = cmh,
570 		.msg_controllen = sizeof(buffer),
571 		.msg_flags = MSG_DONTWAIT,
572 	};
573 	size_t len;
574 	int err;
575 
576 	if (test_and_clear_bit(XPT_CHNGBUF, &svsk->sk_xprt.xpt_flags))
577 	    /* udp sockets need large rcvbuf as all pending
578 	     * requests are still in that buffer.  sndbuf must
579 	     * also be large enough that there is enough space
580 	     * for one reply per thread.  We count all threads
581 	     * rather than threads in a particular pool, which
582 	     * provides an upper bound on the number of threads
583 	     * which will access the socket.
584 	     */
585 	    svc_sock_setbufsize(svsk, serv->sv_nrthreads + 3);
586 
587 	clear_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags);
588 	err = kernel_recvmsg(svsk->sk_sock, &msg, NULL,
589 			     0, 0, MSG_PEEK | MSG_DONTWAIT);
590 	if (err < 0)
591 		goto out_recv_err;
592 	skb = skb_recv_udp(svsk->sk_sk, MSG_DONTWAIT, &err);
593 	if (!skb)
594 		goto out_recv_err;
595 
596 	len = svc_addr_len(svc_addr(rqstp));
597 	rqstp->rq_addrlen = len;
598 	if (skb->tstamp == 0) {
599 		skb->tstamp = ktime_get_real();
600 		/* Don't enable netstamp, sunrpc doesn't
601 		   need that much accuracy */
602 	}
603 	sock_write_timestamp(svsk->sk_sk, skb->tstamp);
604 	set_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags); /* there may be more data... */
605 
606 	len = skb->len;
607 	rqstp->rq_arg.len = len;
608 	trace_svcsock_udp_recv(&svsk->sk_xprt, len);
609 
610 	rqstp->rq_prot = IPPROTO_UDP;
611 
612 	if (!svc_udp_get_dest_address(rqstp, cmh))
613 		goto out_cmsg_err;
614 	rqstp->rq_daddrlen = svc_addr_len(svc_daddr(rqstp));
615 
616 	if (skb_is_nonlinear(skb)) {
617 		/* we have to copy */
618 		local_bh_disable();
619 		if (csum_partial_copy_to_xdr(&rqstp->rq_arg, skb))
620 			goto out_bh_enable;
621 		local_bh_enable();
622 		consume_skb(skb);
623 	} else {
624 		/* we can use it in-place */
625 		rqstp->rq_arg.head[0].iov_base = skb->data;
626 		rqstp->rq_arg.head[0].iov_len = len;
627 		if (skb_checksum_complete(skb))
628 			goto out_free;
629 		rqstp->rq_xprt_ctxt = skb;
630 	}
631 
632 	rqstp->rq_arg.page_base = 0;
633 	if (len <= rqstp->rq_arg.head[0].iov_len) {
634 		rqstp->rq_arg.head[0].iov_len = len;
635 		rqstp->rq_arg.page_len = 0;
636 		rqstp->rq_respages = rqstp->rq_pages+1;
637 	} else {
638 		rqstp->rq_arg.page_len = len - rqstp->rq_arg.head[0].iov_len;
639 		rqstp->rq_respages = rqstp->rq_pages + 1 +
640 			DIV_ROUND_UP(rqstp->rq_arg.page_len, PAGE_SIZE);
641 	}
642 	rqstp->rq_next_page = rqstp->rq_respages+1;
643 
644 	if (serv->sv_stats)
645 		serv->sv_stats->netudpcnt++;
646 
647 	svc_sock_secure_port(rqstp);
648 	svc_xprt_received(rqstp->rq_xprt);
649 	return len;
650 
651 out_recv_err:
652 	if (err != -EAGAIN) {
653 		/* possibly an icmp error */
654 		set_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags);
655 	}
656 	trace_svcsock_udp_recv_err(&svsk->sk_xprt, err);
657 	goto out_clear_busy;
658 out_cmsg_err:
659 	net_warn_ratelimited("svc: received unknown control message %d/%d; dropping RPC reply datagram\n",
660 			     cmh->cmsg_level, cmh->cmsg_type);
661 	goto out_free;
662 out_bh_enable:
663 	local_bh_enable();
664 out_free:
665 	kfree_skb(skb);
666 out_clear_busy:
667 	svc_xprt_received(rqstp->rq_xprt);
668 	return 0;
669 }
670 
671 /**
672  * svc_udp_sendto - Send out a reply on a UDP socket
673  * @rqstp: completed svc_rqst
674  *
675  * xpt_mutex ensures @rqstp's whole message is written to the socket
676  * without interruption.
677  *
678  * Returns the number of bytes sent, or a negative errno.
679  */
680 static int svc_udp_sendto(struct svc_rqst *rqstp)
681 {
682 	struct svc_xprt *xprt = rqstp->rq_xprt;
683 	struct svc_sock	*svsk = container_of(xprt, struct svc_sock, sk_xprt);
684 	struct xdr_buf *xdr = &rqstp->rq_res;
685 	union {
686 		struct cmsghdr	hdr;
687 		long		all[SVC_PKTINFO_SPACE / sizeof(long)];
688 	} buffer;
689 	struct cmsghdr *cmh = &buffer.hdr;
690 	struct msghdr msg = {
691 		.msg_name	= &rqstp->rq_addr,
692 		.msg_namelen	= rqstp->rq_addrlen,
693 		.msg_control	= cmh,
694 		.msg_controllen	= sizeof(buffer),
695 	};
696 	unsigned int sent;
697 	int err;
698 
699 	svc_udp_release_ctxt(xprt, rqstp->rq_xprt_ctxt);
700 	rqstp->rq_xprt_ctxt = NULL;
701 
702 	svc_set_cmsg_data(rqstp, cmh);
703 
704 	mutex_lock(&xprt->xpt_mutex);
705 
706 	if (svc_xprt_is_dead(xprt))
707 		goto out_notconn;
708 
709 	err = xdr_alloc_bvec(xdr, GFP_KERNEL);
710 	if (err < 0)
711 		goto out_unlock;
712 
713 	err = xprt_sock_sendmsg(svsk->sk_sock, &msg, xdr, 0, 0, &sent);
714 	if (err == -ECONNREFUSED) {
715 		/* ICMP error on earlier request. */
716 		err = xprt_sock_sendmsg(svsk->sk_sock, &msg, xdr, 0, 0, &sent);
717 	}
718 	xdr_free_bvec(xdr);
719 	trace_svcsock_udp_send(xprt, err);
720 out_unlock:
721 	mutex_unlock(&xprt->xpt_mutex);
722 	if (err < 0)
723 		return err;
724 	return sent;
725 
726 out_notconn:
727 	mutex_unlock(&xprt->xpt_mutex);
728 	return -ENOTCONN;
729 }
730 
731 static int svc_udp_has_wspace(struct svc_xprt *xprt)
732 {
733 	struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt);
734 	struct svc_serv	*serv = xprt->xpt_server;
735 	unsigned long required;
736 
737 	/*
738 	 * Set the SOCK_NOSPACE flag before checking the available
739 	 * sock space.
740 	 */
741 	set_bit(SOCK_NOSPACE, &svsk->sk_sock->flags);
742 	required = atomic_read(&svsk->sk_xprt.xpt_reserved) + serv->sv_max_mesg;
743 	if (required*2 > sock_wspace(svsk->sk_sk))
744 		return 0;
745 	clear_bit(SOCK_NOSPACE, &svsk->sk_sock->flags);
746 	return 1;
747 }
748 
749 static struct svc_xprt *svc_udp_accept(struct svc_xprt *xprt)
750 {
751 	BUG();
752 	return NULL;
753 }
754 
755 static void svc_udp_kill_temp_xprt(struct svc_xprt *xprt)
756 {
757 }
758 
759 static struct svc_xprt *svc_udp_create(struct svc_serv *serv,
760 				       struct net *net,
761 				       struct sockaddr *sa, int salen,
762 				       int flags)
763 {
764 	return svc_create_socket(serv, IPPROTO_UDP, net, sa, salen, flags);
765 }
766 
767 static const struct svc_xprt_ops svc_udp_ops = {
768 	.xpo_create = svc_udp_create,
769 	.xpo_recvfrom = svc_udp_recvfrom,
770 	.xpo_sendto = svc_udp_sendto,
771 	.xpo_result_payload = svc_sock_result_payload,
772 	.xpo_release_ctxt = svc_udp_release_ctxt,
773 	.xpo_detach = svc_sock_detach,
774 	.xpo_free = svc_sock_free,
775 	.xpo_has_wspace = svc_udp_has_wspace,
776 	.xpo_accept = svc_udp_accept,
777 	.xpo_kill_temp_xprt = svc_udp_kill_temp_xprt,
778 };
779 
780 static struct svc_xprt_class svc_udp_class = {
781 	.xcl_name = "udp",
782 	.xcl_owner = THIS_MODULE,
783 	.xcl_ops = &svc_udp_ops,
784 	.xcl_max_payload = RPCSVC_MAXPAYLOAD_UDP,
785 	.xcl_ident = XPRT_TRANSPORT_UDP,
786 };
787 
788 static void svc_udp_init(struct svc_sock *svsk, struct svc_serv *serv)
789 {
790 	svc_xprt_init(sock_net(svsk->sk_sock->sk), &svc_udp_class,
791 		      &svsk->sk_xprt, serv);
792 	clear_bit(XPT_CACHE_AUTH, &svsk->sk_xprt.xpt_flags);
793 	svsk->sk_sk->sk_data_ready = svc_data_ready;
794 	svsk->sk_sk->sk_write_space = svc_write_space;
795 
796 	/* initialise setting must have enough space to
797 	 * receive and respond to one request.
798 	 * svc_udp_recvfrom will re-adjust if necessary
799 	 */
800 	svc_sock_setbufsize(svsk, 3);
801 
802 	/* data might have come in before data_ready set up */
803 	set_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags);
804 	set_bit(XPT_CHNGBUF, &svsk->sk_xprt.xpt_flags);
805 
806 	/* make sure we get destination address info */
807 	switch (svsk->sk_sk->sk_family) {
808 	case AF_INET:
809 		ip_sock_set_pktinfo(svsk->sk_sock->sk);
810 		break;
811 	case AF_INET6:
812 		ip6_sock_set_recvpktinfo(svsk->sk_sock->sk);
813 		break;
814 	default:
815 		BUG();
816 	}
817 }
818 
819 /*
820  * A data_ready event on a listening socket means there's a connection
821  * pending. Do not use state_change as a substitute for it.
822  */
823 static void svc_tcp_listen_data_ready(struct sock *sk)
824 {
825 	struct svc_sock	*svsk = (struct svc_sock *)sk->sk_user_data;
826 
827 	trace_sk_data_ready(sk);
828 
829 	/*
830 	 * This callback may called twice when a new connection
831 	 * is established as a child socket inherits everything
832 	 * from a parent LISTEN socket.
833 	 * 1) data_ready method of the parent socket will be called
834 	 *    when one of child sockets become ESTABLISHED.
835 	 * 2) data_ready method of the child socket may be called
836 	 *    when it receives data before the socket is accepted.
837 	 * In case of 2, we should ignore it silently and DO NOT
838 	 * dereference svsk.
839 	 */
840 	if (sk->sk_state != TCP_LISTEN)
841 		return;
842 
843 	if (svsk) {
844 		/* Refer to svc_setup_socket() for details. */
845 		rmb();
846 		svsk->sk_odata(sk);
847 		set_bit(XPT_CONN, &svsk->sk_xprt.xpt_flags);
848 		svc_xprt_enqueue(&svsk->sk_xprt);
849 	}
850 }
851 
852 /*
853  * A state change on a connected socket means it's dying or dead.
854  */
855 static void svc_tcp_state_change(struct sock *sk)
856 {
857 	struct svc_sock	*svsk = (struct svc_sock *)sk->sk_user_data;
858 
859 	if (svsk) {
860 		/* Refer to svc_setup_socket() for details. */
861 		rmb();
862 		svsk->sk_ostate(sk);
863 		trace_svcsock_tcp_state(&svsk->sk_xprt, svsk->sk_sock);
864 		if (sk->sk_state != TCP_ESTABLISHED)
865 			svc_xprt_deferred_close(&svsk->sk_xprt);
866 	}
867 }
868 
869 /*
870  * Accept a TCP connection
871  */
872 static struct svc_xprt *svc_tcp_accept(struct svc_xprt *xprt)
873 {
874 	struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt);
875 	struct sockaddr_storage addr;
876 	struct sockaddr	*sin = (struct sockaddr *) &addr;
877 	struct svc_serv	*serv = svsk->sk_xprt.xpt_server;
878 	struct socket	*sock = svsk->sk_sock;
879 	struct socket	*newsock;
880 	struct svc_sock	*newsvsk;
881 	int		err, slen;
882 
883 	if (!sock)
884 		return NULL;
885 
886 	clear_bit(XPT_CONN, &svsk->sk_xprt.xpt_flags);
887 	err = kernel_accept(sock, &newsock, O_NONBLOCK);
888 	if (err < 0) {
889 		if (err != -EAGAIN)
890 			trace_svcsock_accept_err(xprt, serv->sv_name, err);
891 		return NULL;
892 	}
893 	if (IS_ERR(sock_alloc_file(newsock, O_NONBLOCK, NULL)))
894 		return NULL;
895 
896 	set_bit(XPT_CONN, &svsk->sk_xprt.xpt_flags);
897 
898 	err = kernel_getpeername(newsock, sin);
899 	if (err < 0) {
900 		trace_svcsock_getpeername_err(xprt, serv->sv_name, err);
901 		goto failed;		/* aborted connection or whatever */
902 	}
903 	slen = err;
904 
905 	/* Reset the inherited callbacks before calling svc_setup_socket */
906 	newsock->sk->sk_state_change = svsk->sk_ostate;
907 	newsock->sk->sk_data_ready = svsk->sk_odata;
908 	newsock->sk->sk_write_space = svsk->sk_owspace;
909 
910 	/* make sure that a write doesn't block forever when
911 	 * low on memory
912 	 */
913 	newsock->sk->sk_sndtimeo = HZ*30;
914 
915 	newsvsk = svc_setup_socket(serv, newsock,
916 				 (SVC_SOCK_ANONYMOUS | SVC_SOCK_TEMPORARY));
917 	if (IS_ERR(newsvsk))
918 		goto failed;
919 	svc_xprt_set_remote(&newsvsk->sk_xprt, sin, slen);
920 	err = kernel_getsockname(newsock, sin);
921 	slen = err;
922 	if (unlikely(err < 0))
923 		slen = offsetof(struct sockaddr, sa_data);
924 	svc_xprt_set_local(&newsvsk->sk_xprt, sin, slen);
925 
926 	if (sock_is_loopback(newsock->sk))
927 		set_bit(XPT_LOCAL, &newsvsk->sk_xprt.xpt_flags);
928 	else
929 		clear_bit(XPT_LOCAL, &newsvsk->sk_xprt.xpt_flags);
930 	if (serv->sv_stats)
931 		serv->sv_stats->nettcpconn++;
932 
933 	return &newsvsk->sk_xprt;
934 
935 failed:
936 	sockfd_put(newsock);
937 	return NULL;
938 }
939 
940 static size_t svc_tcp_restore_pages(struct svc_sock *svsk,
941 				    struct svc_rqst *rqstp)
942 {
943 	size_t len = svsk->sk_datalen;
944 	unsigned int i, npages;
945 
946 	if (!len)
947 		return 0;
948 	npages = (len + PAGE_SIZE - 1) >> PAGE_SHIFT;
949 	for (i = 0; i < npages; i++) {
950 		if (rqstp->rq_pages[i] != NULL)
951 			put_page(rqstp->rq_pages[i]);
952 		BUG_ON(svsk->sk_pages[i] == NULL);
953 		rqstp->rq_pages[i] = svsk->sk_pages[i];
954 		svsk->sk_pages[i] = NULL;
955 	}
956 	rqstp->rq_arg.head[0].iov_base = page_address(rqstp->rq_pages[0]);
957 	return len;
958 }
959 
960 static void svc_tcp_save_pages(struct svc_sock *svsk, struct svc_rqst *rqstp)
961 {
962 	unsigned int i, len, npages;
963 
964 	if (svsk->sk_datalen == 0)
965 		return;
966 	len = svsk->sk_datalen;
967 	npages = (len + PAGE_SIZE - 1) >> PAGE_SHIFT;
968 	for (i = 0; i < npages; i++) {
969 		svsk->sk_pages[i] = rqstp->rq_pages[i];
970 		rqstp->rq_pages[i] = NULL;
971 	}
972 }
973 
974 static void svc_tcp_clear_pages(struct svc_sock *svsk)
975 {
976 	unsigned int i, len, npages;
977 
978 	if (svsk->sk_datalen == 0)
979 		goto out;
980 	len = svsk->sk_datalen;
981 	npages = (len + PAGE_SIZE - 1) >> PAGE_SHIFT;
982 	for (i = 0; i < npages; i++) {
983 		if (svsk->sk_pages[i] == NULL) {
984 			WARN_ON_ONCE(1);
985 			continue;
986 		}
987 		put_page(svsk->sk_pages[i]);
988 		svsk->sk_pages[i] = NULL;
989 	}
990 out:
991 	svsk->sk_tcplen = 0;
992 	svsk->sk_datalen = 0;
993 }
994 
995 /*
996  * Receive fragment record header into sk_marker.
997  */
998 static ssize_t svc_tcp_read_marker(struct svc_sock *svsk,
999 				   struct svc_rqst *rqstp)
1000 {
1001 	ssize_t want, len;
1002 
1003 	/* If we haven't gotten the record length yet,
1004 	 * get the next four bytes.
1005 	 */
1006 	if (svsk->sk_tcplen < sizeof(rpc_fraghdr)) {
1007 		struct msghdr	msg = { NULL };
1008 		struct kvec	iov;
1009 
1010 		want = sizeof(rpc_fraghdr) - svsk->sk_tcplen;
1011 		iov.iov_base = ((char *)&svsk->sk_marker) + svsk->sk_tcplen;
1012 		iov.iov_len  = want;
1013 		iov_iter_kvec(&msg.msg_iter, ITER_DEST, &iov, 1, want);
1014 		len = svc_tcp_sock_recv_cmsg(svsk, &msg);
1015 		if (len < 0)
1016 			return len;
1017 		svsk->sk_tcplen += len;
1018 		if (len < want) {
1019 			/* call again to read the remaining bytes */
1020 			goto err_short;
1021 		}
1022 		trace_svcsock_marker(&svsk->sk_xprt, svsk->sk_marker);
1023 		if (svc_sock_reclen(svsk) + svsk->sk_datalen >
1024 		    svsk->sk_xprt.xpt_server->sv_max_mesg)
1025 			goto err_too_large;
1026 	}
1027 	return svc_sock_reclen(svsk);
1028 
1029 err_too_large:
1030 	net_notice_ratelimited("svc: %s %s RPC fragment too large: %d\n",
1031 			       __func__, svsk->sk_xprt.xpt_server->sv_name,
1032 			       svc_sock_reclen(svsk));
1033 	svc_xprt_deferred_close(&svsk->sk_xprt);
1034 err_short:
1035 	return -EAGAIN;
1036 }
1037 
1038 static int receive_cb_reply(struct svc_sock *svsk, struct svc_rqst *rqstp)
1039 {
1040 	struct rpc_xprt *bc_xprt = svsk->sk_xprt.xpt_bc_xprt;
1041 	struct rpc_rqst *req = NULL;
1042 	struct kvec *src, *dst;
1043 	__be32 *p = (__be32 *)rqstp->rq_arg.head[0].iov_base;
1044 	__be32 xid;
1045 	__be32 calldir;
1046 
1047 	xid = *p++;
1048 	calldir = *p;
1049 
1050 	if (!bc_xprt)
1051 		return -EAGAIN;
1052 	spin_lock(&bc_xprt->queue_lock);
1053 	req = xprt_lookup_rqst(bc_xprt, xid);
1054 	if (!req)
1055 		goto unlock_notfound;
1056 
1057 	memcpy(&req->rq_private_buf, &req->rq_rcv_buf, sizeof(struct xdr_buf));
1058 	/*
1059 	 * XXX!: cheating for now!  Only copying HEAD.
1060 	 * But we know this is good enough for now (in fact, for any
1061 	 * callback reply in the forseeable future).
1062 	 */
1063 	dst = &req->rq_private_buf.head[0];
1064 	src = &rqstp->rq_arg.head[0];
1065 	if (dst->iov_len < src->iov_len)
1066 		goto unlock_eagain; /* whatever; just giving up. */
1067 	memcpy(dst->iov_base, src->iov_base, src->iov_len);
1068 	xprt_complete_rqst(req->rq_task, rqstp->rq_arg.len);
1069 	rqstp->rq_arg.len = 0;
1070 	spin_unlock(&bc_xprt->queue_lock);
1071 	return 0;
1072 unlock_notfound:
1073 	printk(KERN_NOTICE
1074 		"%s: Got unrecognized reply: "
1075 		"calldir 0x%x xpt_bc_xprt %p xid %08x\n",
1076 		__func__, ntohl(calldir),
1077 		bc_xprt, ntohl(xid));
1078 unlock_eagain:
1079 	spin_unlock(&bc_xprt->queue_lock);
1080 	return -EAGAIN;
1081 }
1082 
1083 static void svc_tcp_fragment_received(struct svc_sock *svsk)
1084 {
1085 	/* If we have more data, signal svc_xprt_enqueue() to try again */
1086 	svsk->sk_tcplen = 0;
1087 	svsk->sk_marker = xdr_zero;
1088 }
1089 
1090 /**
1091  * svc_tcp_recvfrom - Receive data from a TCP socket
1092  * @rqstp: request structure into which to receive an RPC Call
1093  *
1094  * Called in a loop when XPT_DATA has been set.
1095  *
1096  * Read the 4-byte stream record marker, then use the record length
1097  * in that marker to set up exactly the resources needed to receive
1098  * the next RPC message into @rqstp.
1099  *
1100  * Returns:
1101  *   On success, the number of bytes in a received RPC Call, or
1102  *   %0 if a complete RPC Call message was not ready to return
1103  *
1104  * The zero return case handles partial receives and callback Replies.
1105  * The state of a partial receive is preserved in the svc_sock for
1106  * the next call to svc_tcp_recvfrom.
1107  */
1108 static int svc_tcp_recvfrom(struct svc_rqst *rqstp)
1109 {
1110 	struct svc_sock	*svsk =
1111 		container_of(rqstp->rq_xprt, struct svc_sock, sk_xprt);
1112 	struct svc_serv	*serv = svsk->sk_xprt.xpt_server;
1113 	size_t want, base;
1114 	ssize_t len;
1115 	__be32 *p;
1116 	__be32 calldir;
1117 
1118 	clear_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags);
1119 	len = svc_tcp_read_marker(svsk, rqstp);
1120 	if (len < 0)
1121 		goto error;
1122 
1123 	base = svc_tcp_restore_pages(svsk, rqstp);
1124 	want = len - (svsk->sk_tcplen - sizeof(rpc_fraghdr));
1125 	len = svc_tcp_read_msg(rqstp, base + want, base);
1126 	if (len >= 0) {
1127 		trace_svcsock_tcp_recv(&svsk->sk_xprt, len);
1128 		svsk->sk_tcplen += len;
1129 		svsk->sk_datalen += len;
1130 	}
1131 	if (len != want || !svc_sock_final_rec(svsk))
1132 		goto err_incomplete;
1133 	if (svsk->sk_datalen < 8)
1134 		goto err_nuts;
1135 
1136 	rqstp->rq_arg.len = svsk->sk_datalen;
1137 	rqstp->rq_arg.page_base = 0;
1138 	if (rqstp->rq_arg.len <= rqstp->rq_arg.head[0].iov_len) {
1139 		rqstp->rq_arg.head[0].iov_len = rqstp->rq_arg.len;
1140 		rqstp->rq_arg.page_len = 0;
1141 	} else
1142 		rqstp->rq_arg.page_len = rqstp->rq_arg.len - rqstp->rq_arg.head[0].iov_len;
1143 
1144 	rqstp->rq_xprt_ctxt   = NULL;
1145 	rqstp->rq_prot	      = IPPROTO_TCP;
1146 	if (test_bit(XPT_LOCAL, &svsk->sk_xprt.xpt_flags))
1147 		set_bit(RQ_LOCAL, &rqstp->rq_flags);
1148 	else
1149 		clear_bit(RQ_LOCAL, &rqstp->rq_flags);
1150 
1151 	p = (__be32 *)rqstp->rq_arg.head[0].iov_base;
1152 	calldir = p[1];
1153 	if (calldir)
1154 		len = receive_cb_reply(svsk, rqstp);
1155 
1156 	/* Reset TCP read info */
1157 	svsk->sk_datalen = 0;
1158 	svc_tcp_fragment_received(svsk);
1159 
1160 	if (len < 0)
1161 		goto error;
1162 
1163 	svc_xprt_copy_addrs(rqstp, &svsk->sk_xprt);
1164 	if (serv->sv_stats)
1165 		serv->sv_stats->nettcpcnt++;
1166 
1167 	svc_sock_secure_port(rqstp);
1168 	svc_xprt_received(rqstp->rq_xprt);
1169 	return rqstp->rq_arg.len;
1170 
1171 err_incomplete:
1172 	svc_tcp_save_pages(svsk, rqstp);
1173 	if (len < 0 && len != -EAGAIN)
1174 		goto err_delete;
1175 	if (len == want)
1176 		svc_tcp_fragment_received(svsk);
1177 	else
1178 		trace_svcsock_tcp_recv_short(&svsk->sk_xprt,
1179 				svc_sock_reclen(svsk),
1180 				svsk->sk_tcplen - sizeof(rpc_fraghdr));
1181 	goto err_noclose;
1182 error:
1183 	if (len != -EAGAIN)
1184 		goto err_delete;
1185 	trace_svcsock_tcp_recv_eagain(&svsk->sk_xprt, 0);
1186 	goto err_noclose;
1187 err_nuts:
1188 	svsk->sk_datalen = 0;
1189 err_delete:
1190 	trace_svcsock_tcp_recv_err(&svsk->sk_xprt, len);
1191 	svc_xprt_deferred_close(&svsk->sk_xprt);
1192 err_noclose:
1193 	svc_xprt_received(rqstp->rq_xprt);
1194 	return 0;	/* record not complete */
1195 }
1196 
1197 static int svc_tcp_send_kvec(struct socket *sock, const struct kvec *vec,
1198 			      int flags)
1199 {
1200 	return kernel_sendpage(sock, virt_to_page(vec->iov_base),
1201 			       offset_in_page(vec->iov_base),
1202 			       vec->iov_len, flags);
1203 }
1204 
1205 /*
1206  * kernel_sendpage() is used exclusively to reduce the number of
1207  * copy operations in this path. Therefore the caller must ensure
1208  * that the pages backing @xdr are unchanging.
1209  *
1210  * In addition, the logic assumes that * .bv_len is never larger
1211  * than PAGE_SIZE.
1212  */
1213 static int svc_tcp_sendmsg(struct socket *sock, struct xdr_buf *xdr,
1214 			   rpc_fraghdr marker, unsigned int *sentp)
1215 {
1216 	const struct kvec *head = xdr->head;
1217 	const struct kvec *tail = xdr->tail;
1218 	struct kvec rm = {
1219 		.iov_base	= &marker,
1220 		.iov_len	= sizeof(marker),
1221 	};
1222 	struct msghdr msg = {
1223 		.msg_flags	= 0,
1224 	};
1225 	int ret;
1226 
1227 	*sentp = 0;
1228 	ret = xdr_alloc_bvec(xdr, GFP_KERNEL);
1229 	if (ret < 0)
1230 		return ret;
1231 
1232 	ret = kernel_sendmsg(sock, &msg, &rm, 1, rm.iov_len);
1233 	if (ret < 0)
1234 		return ret;
1235 	*sentp += ret;
1236 	if (ret != rm.iov_len)
1237 		return -EAGAIN;
1238 
1239 	ret = svc_tcp_send_kvec(sock, head, 0);
1240 	if (ret < 0)
1241 		return ret;
1242 	*sentp += ret;
1243 	if (ret != head->iov_len)
1244 		goto out;
1245 
1246 	if (xdr->page_len) {
1247 		unsigned int offset, len, remaining;
1248 		struct bio_vec *bvec;
1249 
1250 		bvec = xdr->bvec + (xdr->page_base >> PAGE_SHIFT);
1251 		offset = offset_in_page(xdr->page_base);
1252 		remaining = xdr->page_len;
1253 		while (remaining > 0) {
1254 			len = min(remaining, bvec->bv_len - offset);
1255 			ret = kernel_sendpage(sock, bvec->bv_page,
1256 					      bvec->bv_offset + offset,
1257 					      len, 0);
1258 			if (ret < 0)
1259 				return ret;
1260 			*sentp += ret;
1261 			if (ret != len)
1262 				goto out;
1263 			remaining -= len;
1264 			offset = 0;
1265 			bvec++;
1266 		}
1267 	}
1268 
1269 	if (tail->iov_len) {
1270 		ret = svc_tcp_send_kvec(sock, tail, 0);
1271 		if (ret < 0)
1272 			return ret;
1273 		*sentp += ret;
1274 	}
1275 
1276 out:
1277 	return 0;
1278 }
1279 
1280 /**
1281  * svc_tcp_sendto - Send out a reply on a TCP socket
1282  * @rqstp: completed svc_rqst
1283  *
1284  * xpt_mutex ensures @rqstp's whole message is written to the socket
1285  * without interruption.
1286  *
1287  * Returns the number of bytes sent, or a negative errno.
1288  */
1289 static int svc_tcp_sendto(struct svc_rqst *rqstp)
1290 {
1291 	struct svc_xprt *xprt = rqstp->rq_xprt;
1292 	struct svc_sock	*svsk = container_of(xprt, struct svc_sock, sk_xprt);
1293 	struct xdr_buf *xdr = &rqstp->rq_res;
1294 	rpc_fraghdr marker = cpu_to_be32(RPC_LAST_STREAM_FRAGMENT |
1295 					 (u32)xdr->len);
1296 	unsigned int sent;
1297 	int err;
1298 
1299 	svc_tcp_release_ctxt(xprt, rqstp->rq_xprt_ctxt);
1300 	rqstp->rq_xprt_ctxt = NULL;
1301 
1302 	atomic_inc(&svsk->sk_sendqlen);
1303 	mutex_lock(&xprt->xpt_mutex);
1304 	if (svc_xprt_is_dead(xprt))
1305 		goto out_notconn;
1306 	tcp_sock_set_cork(svsk->sk_sk, true);
1307 	err = svc_tcp_sendmsg(svsk->sk_sock, xdr, marker, &sent);
1308 	xdr_free_bvec(xdr);
1309 	trace_svcsock_tcp_send(xprt, err < 0 ? (long)err : sent);
1310 	if (err < 0 || sent != (xdr->len + sizeof(marker)))
1311 		goto out_close;
1312 	if (atomic_dec_and_test(&svsk->sk_sendqlen))
1313 		tcp_sock_set_cork(svsk->sk_sk, false);
1314 	mutex_unlock(&xprt->xpt_mutex);
1315 	return sent;
1316 
1317 out_notconn:
1318 	atomic_dec(&svsk->sk_sendqlen);
1319 	mutex_unlock(&xprt->xpt_mutex);
1320 	return -ENOTCONN;
1321 out_close:
1322 	pr_notice("rpc-srv/tcp: %s: %s %d when sending %d bytes - shutting down socket\n",
1323 		  xprt->xpt_server->sv_name,
1324 		  (err < 0) ? "got error" : "sent",
1325 		  (err < 0) ? err : sent, xdr->len);
1326 	svc_xprt_deferred_close(xprt);
1327 	atomic_dec(&svsk->sk_sendqlen);
1328 	mutex_unlock(&xprt->xpt_mutex);
1329 	return -EAGAIN;
1330 }
1331 
1332 static struct svc_xprt *svc_tcp_create(struct svc_serv *serv,
1333 				       struct net *net,
1334 				       struct sockaddr *sa, int salen,
1335 				       int flags)
1336 {
1337 	return svc_create_socket(serv, IPPROTO_TCP, net, sa, salen, flags);
1338 }
1339 
1340 static const struct svc_xprt_ops svc_tcp_ops = {
1341 	.xpo_create = svc_tcp_create,
1342 	.xpo_recvfrom = svc_tcp_recvfrom,
1343 	.xpo_sendto = svc_tcp_sendto,
1344 	.xpo_result_payload = svc_sock_result_payload,
1345 	.xpo_release_ctxt = svc_tcp_release_ctxt,
1346 	.xpo_detach = svc_tcp_sock_detach,
1347 	.xpo_free = svc_sock_free,
1348 	.xpo_has_wspace = svc_tcp_has_wspace,
1349 	.xpo_accept = svc_tcp_accept,
1350 	.xpo_kill_temp_xprt = svc_tcp_kill_temp_xprt,
1351 	.xpo_handshake = svc_tcp_handshake,
1352 };
1353 
1354 static struct svc_xprt_class svc_tcp_class = {
1355 	.xcl_name = "tcp",
1356 	.xcl_owner = THIS_MODULE,
1357 	.xcl_ops = &svc_tcp_ops,
1358 	.xcl_max_payload = RPCSVC_MAXPAYLOAD_TCP,
1359 	.xcl_ident = XPRT_TRANSPORT_TCP,
1360 };
1361 
1362 void svc_init_xprt_sock(void)
1363 {
1364 	svc_reg_xprt_class(&svc_tcp_class);
1365 	svc_reg_xprt_class(&svc_udp_class);
1366 }
1367 
1368 void svc_cleanup_xprt_sock(void)
1369 {
1370 	svc_unreg_xprt_class(&svc_tcp_class);
1371 	svc_unreg_xprt_class(&svc_udp_class);
1372 }
1373 
1374 static void svc_tcp_init(struct svc_sock *svsk, struct svc_serv *serv)
1375 {
1376 	struct sock	*sk = svsk->sk_sk;
1377 
1378 	svc_xprt_init(sock_net(svsk->sk_sock->sk), &svc_tcp_class,
1379 		      &svsk->sk_xprt, serv);
1380 	set_bit(XPT_CACHE_AUTH, &svsk->sk_xprt.xpt_flags);
1381 	set_bit(XPT_CONG_CTRL, &svsk->sk_xprt.xpt_flags);
1382 	if (sk->sk_state == TCP_LISTEN) {
1383 		strcpy(svsk->sk_xprt.xpt_remotebuf, "listener");
1384 		set_bit(XPT_LISTENER, &svsk->sk_xprt.xpt_flags);
1385 		sk->sk_data_ready = svc_tcp_listen_data_ready;
1386 		set_bit(XPT_CONN, &svsk->sk_xprt.xpt_flags);
1387 	} else {
1388 		sk->sk_state_change = svc_tcp_state_change;
1389 		sk->sk_data_ready = svc_data_ready;
1390 		sk->sk_write_space = svc_write_space;
1391 
1392 		svsk->sk_marker = xdr_zero;
1393 		svsk->sk_tcplen = 0;
1394 		svsk->sk_datalen = 0;
1395 		memset(&svsk->sk_pages[0], 0, sizeof(svsk->sk_pages));
1396 
1397 		tcp_sock_set_nodelay(sk);
1398 
1399 		set_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags);
1400 		switch (sk->sk_state) {
1401 		case TCP_SYN_RECV:
1402 		case TCP_ESTABLISHED:
1403 			break;
1404 		default:
1405 			svc_xprt_deferred_close(&svsk->sk_xprt);
1406 		}
1407 	}
1408 }
1409 
1410 void svc_sock_update_bufs(struct svc_serv *serv)
1411 {
1412 	/*
1413 	 * The number of server threads has changed. Update
1414 	 * rcvbuf and sndbuf accordingly on all sockets
1415 	 */
1416 	struct svc_sock *svsk;
1417 
1418 	spin_lock_bh(&serv->sv_lock);
1419 	list_for_each_entry(svsk, &serv->sv_permsocks, sk_xprt.xpt_list)
1420 		set_bit(XPT_CHNGBUF, &svsk->sk_xprt.xpt_flags);
1421 	spin_unlock_bh(&serv->sv_lock);
1422 }
1423 EXPORT_SYMBOL_GPL(svc_sock_update_bufs);
1424 
1425 /*
1426  * Initialize socket for RPC use and create svc_sock struct
1427  */
1428 static struct svc_sock *svc_setup_socket(struct svc_serv *serv,
1429 						struct socket *sock,
1430 						int flags)
1431 {
1432 	struct svc_sock	*svsk;
1433 	struct sock	*inet;
1434 	int		pmap_register = !(flags & SVC_SOCK_ANONYMOUS);
1435 
1436 	svsk = kzalloc(sizeof(*svsk), GFP_KERNEL);
1437 	if (!svsk)
1438 		return ERR_PTR(-ENOMEM);
1439 
1440 	inet = sock->sk;
1441 
1442 	if (pmap_register) {
1443 		int err;
1444 
1445 		err = svc_register(serv, sock_net(sock->sk), inet->sk_family,
1446 				     inet->sk_protocol,
1447 				     ntohs(inet_sk(inet)->inet_sport));
1448 		if (err < 0) {
1449 			kfree(svsk);
1450 			return ERR_PTR(err);
1451 		}
1452 	}
1453 
1454 	svsk->sk_sock = sock;
1455 	svsk->sk_sk = inet;
1456 	svsk->sk_ostate = inet->sk_state_change;
1457 	svsk->sk_odata = inet->sk_data_ready;
1458 	svsk->sk_owspace = inet->sk_write_space;
1459 	/*
1460 	 * This barrier is necessary in order to prevent race condition
1461 	 * with svc_data_ready(), svc_tcp_listen_data_ready(), and others
1462 	 * when calling callbacks above.
1463 	 */
1464 	wmb();
1465 	inet->sk_user_data = svsk;
1466 
1467 	/* Initialize the socket */
1468 	if (sock->type == SOCK_DGRAM)
1469 		svc_udp_init(svsk, serv);
1470 	else
1471 		svc_tcp_init(svsk, serv);
1472 
1473 	trace_svcsock_new(svsk, sock);
1474 	return svsk;
1475 }
1476 
1477 /**
1478  * svc_addsock - add a listener socket to an RPC service
1479  * @serv: pointer to RPC service to which to add a new listener
1480  * @net: caller's network namespace
1481  * @fd: file descriptor of the new listener
1482  * @name_return: pointer to buffer to fill in with name of listener
1483  * @len: size of the buffer
1484  * @cred: credential
1485  *
1486  * Fills in socket name and returns positive length of name if successful.
1487  * Name is terminated with '\n'.  On error, returns a negative errno
1488  * value.
1489  */
1490 int svc_addsock(struct svc_serv *serv, struct net *net, const int fd,
1491 		char *name_return, const size_t len, const struct cred *cred)
1492 {
1493 	int err = 0;
1494 	struct socket *so = sockfd_lookup(fd, &err);
1495 	struct svc_sock *svsk = NULL;
1496 	struct sockaddr_storage addr;
1497 	struct sockaddr *sin = (struct sockaddr *)&addr;
1498 	int salen;
1499 
1500 	if (!so)
1501 		return err;
1502 	err = -EINVAL;
1503 	if (sock_net(so->sk) != net)
1504 		goto out;
1505 	err = -EAFNOSUPPORT;
1506 	if ((so->sk->sk_family != PF_INET) && (so->sk->sk_family != PF_INET6))
1507 		goto out;
1508 	err =  -EPROTONOSUPPORT;
1509 	if (so->sk->sk_protocol != IPPROTO_TCP &&
1510 	    so->sk->sk_protocol != IPPROTO_UDP)
1511 		goto out;
1512 	err = -EISCONN;
1513 	if (so->state > SS_UNCONNECTED)
1514 		goto out;
1515 	err = -ENOENT;
1516 	if (!try_module_get(THIS_MODULE))
1517 		goto out;
1518 	svsk = svc_setup_socket(serv, so, SVC_SOCK_DEFAULTS);
1519 	if (IS_ERR(svsk)) {
1520 		module_put(THIS_MODULE);
1521 		err = PTR_ERR(svsk);
1522 		goto out;
1523 	}
1524 	salen = kernel_getsockname(svsk->sk_sock, sin);
1525 	if (salen >= 0)
1526 		svc_xprt_set_local(&svsk->sk_xprt, sin, salen);
1527 	svsk->sk_xprt.xpt_cred = get_cred(cred);
1528 	svc_add_new_perm_xprt(serv, &svsk->sk_xprt);
1529 	return svc_one_sock_name(svsk, name_return, len);
1530 out:
1531 	sockfd_put(so);
1532 	return err;
1533 }
1534 EXPORT_SYMBOL_GPL(svc_addsock);
1535 
1536 /*
1537  * Create socket for RPC service.
1538  */
1539 static struct svc_xprt *svc_create_socket(struct svc_serv *serv,
1540 					  int protocol,
1541 					  struct net *net,
1542 					  struct sockaddr *sin, int len,
1543 					  int flags)
1544 {
1545 	struct svc_sock	*svsk;
1546 	struct socket	*sock;
1547 	int		error;
1548 	int		type;
1549 	struct sockaddr_storage addr;
1550 	struct sockaddr *newsin = (struct sockaddr *)&addr;
1551 	int		newlen;
1552 	int		family;
1553 
1554 	if (protocol != IPPROTO_UDP && protocol != IPPROTO_TCP) {
1555 		printk(KERN_WARNING "svc: only UDP and TCP "
1556 				"sockets supported\n");
1557 		return ERR_PTR(-EINVAL);
1558 	}
1559 
1560 	type = (protocol == IPPROTO_UDP)? SOCK_DGRAM : SOCK_STREAM;
1561 	switch (sin->sa_family) {
1562 	case AF_INET6:
1563 		family = PF_INET6;
1564 		break;
1565 	case AF_INET:
1566 		family = PF_INET;
1567 		break;
1568 	default:
1569 		return ERR_PTR(-EINVAL);
1570 	}
1571 
1572 	error = __sock_create(net, family, type, protocol, &sock, 1);
1573 	if (error < 0)
1574 		return ERR_PTR(error);
1575 
1576 	svc_reclassify_socket(sock);
1577 
1578 	/*
1579 	 * If this is an PF_INET6 listener, we want to avoid
1580 	 * getting requests from IPv4 remotes.  Those should
1581 	 * be shunted to a PF_INET listener via rpcbind.
1582 	 */
1583 	if (family == PF_INET6)
1584 		ip6_sock_set_v6only(sock->sk);
1585 	if (type == SOCK_STREAM)
1586 		sock->sk->sk_reuse = SK_CAN_REUSE; /* allow address reuse */
1587 	error = kernel_bind(sock, sin, len);
1588 	if (error < 0)
1589 		goto bummer;
1590 
1591 	error = kernel_getsockname(sock, newsin);
1592 	if (error < 0)
1593 		goto bummer;
1594 	newlen = error;
1595 
1596 	if (protocol == IPPROTO_TCP) {
1597 		if ((error = kernel_listen(sock, 64)) < 0)
1598 			goto bummer;
1599 	}
1600 
1601 	svsk = svc_setup_socket(serv, sock, flags);
1602 	if (IS_ERR(svsk)) {
1603 		error = PTR_ERR(svsk);
1604 		goto bummer;
1605 	}
1606 	svc_xprt_set_local(&svsk->sk_xprt, newsin, newlen);
1607 	return (struct svc_xprt *)svsk;
1608 bummer:
1609 	sock_release(sock);
1610 	return ERR_PTR(error);
1611 }
1612 
1613 /*
1614  * Detach the svc_sock from the socket so that no
1615  * more callbacks occur.
1616  */
1617 static void svc_sock_detach(struct svc_xprt *xprt)
1618 {
1619 	struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt);
1620 	struct sock *sk = svsk->sk_sk;
1621 
1622 	/* put back the old socket callbacks */
1623 	lock_sock(sk);
1624 	sk->sk_state_change = svsk->sk_ostate;
1625 	sk->sk_data_ready = svsk->sk_odata;
1626 	sk->sk_write_space = svsk->sk_owspace;
1627 	sk->sk_user_data = NULL;
1628 	release_sock(sk);
1629 }
1630 
1631 /*
1632  * Disconnect the socket, and reset the callbacks
1633  */
1634 static void svc_tcp_sock_detach(struct svc_xprt *xprt)
1635 {
1636 	struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt);
1637 
1638 	svc_sock_detach(xprt);
1639 
1640 	if (!test_bit(XPT_LISTENER, &xprt->xpt_flags)) {
1641 		svc_tcp_clear_pages(svsk);
1642 		kernel_sock_shutdown(svsk->sk_sock, SHUT_RDWR);
1643 	}
1644 }
1645 
1646 /*
1647  * Free the svc_sock's socket resources and the svc_sock itself.
1648  */
1649 static void svc_sock_free(struct svc_xprt *xprt)
1650 {
1651 	struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt);
1652 	struct socket *sock = svsk->sk_sock;
1653 
1654 	trace_svcsock_free(svsk, sock);
1655 
1656 	tls_handshake_cancel(sock->sk);
1657 	if (sock->file)
1658 		sockfd_put(sock);
1659 	else
1660 		sock_release(sock);
1661 	kfree(svsk);
1662 }
1663