xref: /openbmc/linux/net/sunrpc/svcsock.c (revision ad4455c6)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * linux/net/sunrpc/svcsock.c
4  *
5  * These are the RPC server socket internals.
6  *
7  * The server scheduling algorithm does not always distribute the load
8  * evenly when servicing a single client. May need to modify the
9  * svc_xprt_enqueue procedure...
10  *
11  * TCP support is largely untested and may be a little slow. The problem
12  * is that we currently do two separate recvfrom's, one for the 4-byte
13  * record length, and the second for the actual record. This could possibly
14  * be improved by always reading a minimum size of around 100 bytes and
15  * tucking any superfluous bytes away in a temporary store. Still, that
16  * leaves write requests out in the rain. An alternative may be to peek at
17  * the first skb in the queue, and if it matches the next TCP sequence
18  * number, to extract the record marker. Yuck.
19  *
20  * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
21  */
22 
23 #include <linux/kernel.h>
24 #include <linux/sched.h>
25 #include <linux/module.h>
26 #include <linux/errno.h>
27 #include <linux/fcntl.h>
28 #include <linux/net.h>
29 #include <linux/in.h>
30 #include <linux/inet.h>
31 #include <linux/udp.h>
32 #include <linux/tcp.h>
33 #include <linux/unistd.h>
34 #include <linux/slab.h>
35 #include <linux/netdevice.h>
36 #include <linux/skbuff.h>
37 #include <linux/file.h>
38 #include <linux/freezer.h>
39 #include <net/sock.h>
40 #include <net/checksum.h>
41 #include <net/ip.h>
42 #include <net/ipv6.h>
43 #include <net/udp.h>
44 #include <net/tcp.h>
45 #include <net/tcp_states.h>
46 #include <net/tls.h>
47 #include <net/handshake.h>
48 #include <linux/uaccess.h>
49 #include <linux/highmem.h>
50 #include <asm/ioctls.h>
51 #include <linux/key.h>
52 
53 #include <linux/sunrpc/types.h>
54 #include <linux/sunrpc/clnt.h>
55 #include <linux/sunrpc/xdr.h>
56 #include <linux/sunrpc/msg_prot.h>
57 #include <linux/sunrpc/svcsock.h>
58 #include <linux/sunrpc/stats.h>
59 #include <linux/sunrpc/xprt.h>
60 
61 #include <trace/events/sock.h>
62 #include <trace/events/sunrpc.h>
63 
64 #include "socklib.h"
65 #include "sunrpc.h"
66 
67 #define RPCDBG_FACILITY	RPCDBG_SVCXPRT
68 
69 /* To-do: to avoid tying up an nfsd thread while waiting for a
70  * handshake request, the request could instead be deferred.
71  */
72 enum {
73 	SVC_HANDSHAKE_TO	= 5U * HZ
74 };
75 
76 static struct svc_sock *svc_setup_socket(struct svc_serv *, struct socket *,
77 					 int flags);
78 static int		svc_udp_recvfrom(struct svc_rqst *);
79 static int		svc_udp_sendto(struct svc_rqst *);
80 static void		svc_sock_detach(struct svc_xprt *);
81 static void		svc_tcp_sock_detach(struct svc_xprt *);
82 static void		svc_sock_free(struct svc_xprt *);
83 
84 static struct svc_xprt *svc_create_socket(struct svc_serv *, int,
85 					  struct net *, struct sockaddr *,
86 					  int, int);
87 #ifdef CONFIG_DEBUG_LOCK_ALLOC
88 static struct lock_class_key svc_key[2];
89 static struct lock_class_key svc_slock_key[2];
90 
91 static void svc_reclassify_socket(struct socket *sock)
92 {
93 	struct sock *sk = sock->sk;
94 
95 	if (WARN_ON_ONCE(!sock_allow_reclassification(sk)))
96 		return;
97 
98 	switch (sk->sk_family) {
99 	case AF_INET:
100 		sock_lock_init_class_and_name(sk, "slock-AF_INET-NFSD",
101 					      &svc_slock_key[0],
102 					      "sk_xprt.xpt_lock-AF_INET-NFSD",
103 					      &svc_key[0]);
104 		break;
105 
106 	case AF_INET6:
107 		sock_lock_init_class_and_name(sk, "slock-AF_INET6-NFSD",
108 					      &svc_slock_key[1],
109 					      "sk_xprt.xpt_lock-AF_INET6-NFSD",
110 					      &svc_key[1]);
111 		break;
112 
113 	default:
114 		BUG();
115 	}
116 }
117 #else
118 static void svc_reclassify_socket(struct socket *sock)
119 {
120 }
121 #endif
122 
123 /**
124  * svc_tcp_release_ctxt - Release transport-related resources
125  * @xprt: the transport which owned the context
126  * @ctxt: the context from rqstp->rq_xprt_ctxt or dr->xprt_ctxt
127  *
128  */
129 static void svc_tcp_release_ctxt(struct svc_xprt *xprt, void *ctxt)
130 {
131 }
132 
133 /**
134  * svc_udp_release_ctxt - Release transport-related resources
135  * @xprt: the transport which owned the context
136  * @ctxt: the context from rqstp->rq_xprt_ctxt or dr->xprt_ctxt
137  *
138  */
139 static void svc_udp_release_ctxt(struct svc_xprt *xprt, void *ctxt)
140 {
141 	struct sk_buff *skb = ctxt;
142 
143 	if (skb)
144 		consume_skb(skb);
145 }
146 
147 union svc_pktinfo_u {
148 	struct in_pktinfo pkti;
149 	struct in6_pktinfo pkti6;
150 };
151 #define SVC_PKTINFO_SPACE \
152 	CMSG_SPACE(sizeof(union svc_pktinfo_u))
153 
154 static void svc_set_cmsg_data(struct svc_rqst *rqstp, struct cmsghdr *cmh)
155 {
156 	struct svc_sock *svsk =
157 		container_of(rqstp->rq_xprt, struct svc_sock, sk_xprt);
158 	switch (svsk->sk_sk->sk_family) {
159 	case AF_INET: {
160 			struct in_pktinfo *pki = CMSG_DATA(cmh);
161 
162 			cmh->cmsg_level = SOL_IP;
163 			cmh->cmsg_type = IP_PKTINFO;
164 			pki->ipi_ifindex = 0;
165 			pki->ipi_spec_dst.s_addr =
166 				 svc_daddr_in(rqstp)->sin_addr.s_addr;
167 			cmh->cmsg_len = CMSG_LEN(sizeof(*pki));
168 		}
169 		break;
170 
171 	case AF_INET6: {
172 			struct in6_pktinfo *pki = CMSG_DATA(cmh);
173 			struct sockaddr_in6 *daddr = svc_daddr_in6(rqstp);
174 
175 			cmh->cmsg_level = SOL_IPV6;
176 			cmh->cmsg_type = IPV6_PKTINFO;
177 			pki->ipi6_ifindex = daddr->sin6_scope_id;
178 			pki->ipi6_addr = daddr->sin6_addr;
179 			cmh->cmsg_len = CMSG_LEN(sizeof(*pki));
180 		}
181 		break;
182 	}
183 }
184 
185 static int svc_sock_result_payload(struct svc_rqst *rqstp, unsigned int offset,
186 				   unsigned int length)
187 {
188 	return 0;
189 }
190 
191 /*
192  * Report socket names for nfsdfs
193  */
194 static int svc_one_sock_name(struct svc_sock *svsk, char *buf, int remaining)
195 {
196 	const struct sock *sk = svsk->sk_sk;
197 	const char *proto_name = sk->sk_protocol == IPPROTO_UDP ?
198 							"udp" : "tcp";
199 	int len;
200 
201 	switch (sk->sk_family) {
202 	case PF_INET:
203 		len = snprintf(buf, remaining, "ipv4 %s %pI4 %d\n",
204 				proto_name,
205 				&inet_sk(sk)->inet_rcv_saddr,
206 				inet_sk(sk)->inet_num);
207 		break;
208 #if IS_ENABLED(CONFIG_IPV6)
209 	case PF_INET6:
210 		len = snprintf(buf, remaining, "ipv6 %s %pI6 %d\n",
211 				proto_name,
212 				&sk->sk_v6_rcv_saddr,
213 				inet_sk(sk)->inet_num);
214 		break;
215 #endif
216 	default:
217 		len = snprintf(buf, remaining, "*unknown-%d*\n",
218 				sk->sk_family);
219 	}
220 
221 	if (len >= remaining) {
222 		*buf = '\0';
223 		return -ENAMETOOLONG;
224 	}
225 	return len;
226 }
227 
228 static int
229 svc_tcp_sock_process_cmsg(struct svc_sock *svsk, struct msghdr *msg,
230 			  struct cmsghdr *cmsg, int ret)
231 {
232 	if (cmsg->cmsg_level == SOL_TLS &&
233 	    cmsg->cmsg_type == TLS_GET_RECORD_TYPE) {
234 		u8 content_type = *((u8 *)CMSG_DATA(cmsg));
235 
236 		switch (content_type) {
237 		case TLS_RECORD_TYPE_DATA:
238 			/* TLS sets EOR at the end of each application data
239 			 * record, even though there might be more frames
240 			 * waiting to be decrypted.
241 			 */
242 			msg->msg_flags &= ~MSG_EOR;
243 			break;
244 		case TLS_RECORD_TYPE_ALERT:
245 			ret = -ENOTCONN;
246 			break;
247 		default:
248 			ret = -EAGAIN;
249 		}
250 	}
251 	return ret;
252 }
253 
254 static int
255 svc_tcp_sock_recv_cmsg(struct svc_sock *svsk, struct msghdr *msg)
256 {
257 	union {
258 		struct cmsghdr	cmsg;
259 		u8		buf[CMSG_SPACE(sizeof(u8))];
260 	} u;
261 	int ret;
262 
263 	msg->msg_control = &u;
264 	msg->msg_controllen = sizeof(u);
265 	ret = sock_recvmsg(svsk->sk_sock, msg, MSG_DONTWAIT);
266 	if (unlikely(msg->msg_controllen != sizeof(u)))
267 		ret = svc_tcp_sock_process_cmsg(svsk, msg, &u.cmsg, ret);
268 	return ret;
269 }
270 
271 #if ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE
272 static void svc_flush_bvec(const struct bio_vec *bvec, size_t size, size_t seek)
273 {
274 	struct bvec_iter bi = {
275 		.bi_size	= size + seek,
276 	};
277 	struct bio_vec bv;
278 
279 	bvec_iter_advance(bvec, &bi, seek & PAGE_MASK);
280 	for_each_bvec(bv, bvec, bi, bi)
281 		flush_dcache_page(bv.bv_page);
282 }
283 #else
284 static inline void svc_flush_bvec(const struct bio_vec *bvec, size_t size,
285 				  size_t seek)
286 {
287 }
288 #endif
289 
290 /*
291  * Read from @rqstp's transport socket. The incoming message fills whole
292  * pages in @rqstp's rq_pages array until the last page of the message
293  * has been received into a partial page.
294  */
295 static ssize_t svc_tcp_read_msg(struct svc_rqst *rqstp, size_t buflen,
296 				size_t seek)
297 {
298 	struct svc_sock *svsk =
299 		container_of(rqstp->rq_xprt, struct svc_sock, sk_xprt);
300 	struct bio_vec *bvec = rqstp->rq_bvec;
301 	struct msghdr msg = { NULL };
302 	unsigned int i;
303 	ssize_t len;
304 	size_t t;
305 
306 	clear_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags);
307 
308 	for (i = 0, t = 0; t < buflen; i++, t += PAGE_SIZE)
309 		bvec_set_page(&bvec[i], rqstp->rq_pages[i], PAGE_SIZE, 0);
310 	rqstp->rq_respages = &rqstp->rq_pages[i];
311 	rqstp->rq_next_page = rqstp->rq_respages + 1;
312 
313 	iov_iter_bvec(&msg.msg_iter, ITER_DEST, bvec, i, buflen);
314 	if (seek) {
315 		iov_iter_advance(&msg.msg_iter, seek);
316 		buflen -= seek;
317 	}
318 	len = svc_tcp_sock_recv_cmsg(svsk, &msg);
319 	if (len > 0)
320 		svc_flush_bvec(bvec, len, seek);
321 
322 	/* If we read a full record, then assume there may be more
323 	 * data to read (stream based sockets only!)
324 	 */
325 	if (len == buflen)
326 		set_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags);
327 
328 	return len;
329 }
330 
331 /*
332  * Set socket snd and rcv buffer lengths
333  */
334 static void svc_sock_setbufsize(struct svc_sock *svsk, unsigned int nreqs)
335 {
336 	unsigned int max_mesg = svsk->sk_xprt.xpt_server->sv_max_mesg;
337 	struct socket *sock = svsk->sk_sock;
338 
339 	nreqs = min(nreqs, INT_MAX / 2 / max_mesg);
340 
341 	lock_sock(sock->sk);
342 	sock->sk->sk_sndbuf = nreqs * max_mesg * 2;
343 	sock->sk->sk_rcvbuf = nreqs * max_mesg * 2;
344 	sock->sk->sk_write_space(sock->sk);
345 	release_sock(sock->sk);
346 }
347 
348 static void svc_sock_secure_port(struct svc_rqst *rqstp)
349 {
350 	if (svc_port_is_privileged(svc_addr(rqstp)))
351 		set_bit(RQ_SECURE, &rqstp->rq_flags);
352 	else
353 		clear_bit(RQ_SECURE, &rqstp->rq_flags);
354 }
355 
356 /*
357  * INET callback when data has been received on the socket.
358  */
359 static void svc_data_ready(struct sock *sk)
360 {
361 	struct svc_sock	*svsk = (struct svc_sock *)sk->sk_user_data;
362 
363 	trace_sk_data_ready(sk);
364 
365 	if (svsk) {
366 		/* Refer to svc_setup_socket() for details. */
367 		rmb();
368 		svsk->sk_odata(sk);
369 		trace_svcsock_data_ready(&svsk->sk_xprt, 0);
370 		if (test_bit(XPT_HANDSHAKE, &svsk->sk_xprt.xpt_flags))
371 			return;
372 		if (!test_and_set_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags))
373 			svc_xprt_enqueue(&svsk->sk_xprt);
374 	}
375 }
376 
377 /*
378  * INET callback when space is newly available on the socket.
379  */
380 static void svc_write_space(struct sock *sk)
381 {
382 	struct svc_sock	*svsk = (struct svc_sock *)(sk->sk_user_data);
383 
384 	if (svsk) {
385 		/* Refer to svc_setup_socket() for details. */
386 		rmb();
387 		trace_svcsock_write_space(&svsk->sk_xprt, 0);
388 		svsk->sk_owspace(sk);
389 		svc_xprt_enqueue(&svsk->sk_xprt);
390 	}
391 }
392 
393 static int svc_tcp_has_wspace(struct svc_xprt *xprt)
394 {
395 	struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt);
396 
397 	if (test_bit(XPT_LISTENER, &xprt->xpt_flags))
398 		return 1;
399 	return !test_bit(SOCK_NOSPACE, &svsk->sk_sock->flags);
400 }
401 
402 static void svc_tcp_kill_temp_xprt(struct svc_xprt *xprt)
403 {
404 	struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt);
405 
406 	sock_no_linger(svsk->sk_sock->sk);
407 }
408 
409 /**
410  * svc_tcp_handshake_done - Handshake completion handler
411  * @data: address of xprt to wake
412  * @status: status of handshake
413  * @peerid: serial number of key containing the remote peer's identity
414  *
415  * If a security policy is specified as an export option, we don't
416  * have a specific export here to check. So we set a "TLS session
417  * is present" flag on the xprt and let an upper layer enforce local
418  * security policy.
419  */
420 static void svc_tcp_handshake_done(void *data, int status, key_serial_t peerid)
421 {
422 	struct svc_xprt *xprt = data;
423 	struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt);
424 
425 	if (!status) {
426 		if (peerid != TLS_NO_PEERID)
427 			set_bit(XPT_PEER_AUTH, &xprt->xpt_flags);
428 		set_bit(XPT_TLS_SESSION, &xprt->xpt_flags);
429 	}
430 	clear_bit(XPT_HANDSHAKE, &xprt->xpt_flags);
431 	complete_all(&svsk->sk_handshake_done);
432 }
433 
434 /**
435  * svc_tcp_handshake - Perform a transport-layer security handshake
436  * @xprt: connected transport endpoint
437  *
438  */
439 static void svc_tcp_handshake(struct svc_xprt *xprt)
440 {
441 	struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt);
442 	struct sock *sk = svsk->sk_sock->sk;
443 	struct tls_handshake_args args = {
444 		.ta_sock	= svsk->sk_sock,
445 		.ta_done	= svc_tcp_handshake_done,
446 		.ta_data	= xprt,
447 	};
448 	int ret;
449 
450 	trace_svc_tls_upcall(xprt);
451 
452 	clear_bit(XPT_TLS_SESSION, &xprt->xpt_flags);
453 	init_completion(&svsk->sk_handshake_done);
454 
455 	ret = tls_server_hello_x509(&args, GFP_KERNEL);
456 	if (ret) {
457 		trace_svc_tls_not_started(xprt);
458 		goto out_failed;
459 	}
460 
461 	ret = wait_for_completion_interruptible_timeout(&svsk->sk_handshake_done,
462 							SVC_HANDSHAKE_TO);
463 	if (ret <= 0) {
464 		if (tls_handshake_cancel(sk)) {
465 			trace_svc_tls_timed_out(xprt);
466 			goto out_close;
467 		}
468 	}
469 
470 	if (!test_bit(XPT_TLS_SESSION, &xprt->xpt_flags)) {
471 		trace_svc_tls_unavailable(xprt);
472 		goto out_close;
473 	}
474 
475 	/* Mark the transport ready in case the remote sent RPC
476 	 * traffic before the kernel received the handshake
477 	 * completion downcall.
478 	 */
479 	set_bit(XPT_DATA, &xprt->xpt_flags);
480 	svc_xprt_enqueue(xprt);
481 	return;
482 
483 out_close:
484 	set_bit(XPT_CLOSE, &xprt->xpt_flags);
485 out_failed:
486 	clear_bit(XPT_HANDSHAKE, &xprt->xpt_flags);
487 	set_bit(XPT_DATA, &xprt->xpt_flags);
488 	svc_xprt_enqueue(xprt);
489 }
490 
491 /*
492  * See net/ipv6/ip_sockglue.c : ip_cmsg_recv_pktinfo
493  */
494 static int svc_udp_get_dest_address4(struct svc_rqst *rqstp,
495 				     struct cmsghdr *cmh)
496 {
497 	struct in_pktinfo *pki = CMSG_DATA(cmh);
498 	struct sockaddr_in *daddr = svc_daddr_in(rqstp);
499 
500 	if (cmh->cmsg_type != IP_PKTINFO)
501 		return 0;
502 
503 	daddr->sin_family = AF_INET;
504 	daddr->sin_addr.s_addr = pki->ipi_spec_dst.s_addr;
505 	return 1;
506 }
507 
508 /*
509  * See net/ipv6/datagram.c : ip6_datagram_recv_ctl
510  */
511 static int svc_udp_get_dest_address6(struct svc_rqst *rqstp,
512 				     struct cmsghdr *cmh)
513 {
514 	struct in6_pktinfo *pki = CMSG_DATA(cmh);
515 	struct sockaddr_in6 *daddr = svc_daddr_in6(rqstp);
516 
517 	if (cmh->cmsg_type != IPV6_PKTINFO)
518 		return 0;
519 
520 	daddr->sin6_family = AF_INET6;
521 	daddr->sin6_addr = pki->ipi6_addr;
522 	daddr->sin6_scope_id = pki->ipi6_ifindex;
523 	return 1;
524 }
525 
526 /*
527  * Copy the UDP datagram's destination address to the rqstp structure.
528  * The 'destination' address in this case is the address to which the
529  * peer sent the datagram, i.e. our local address. For multihomed
530  * hosts, this can change from msg to msg. Note that only the IP
531  * address changes, the port number should remain the same.
532  */
533 static int svc_udp_get_dest_address(struct svc_rqst *rqstp,
534 				    struct cmsghdr *cmh)
535 {
536 	switch (cmh->cmsg_level) {
537 	case SOL_IP:
538 		return svc_udp_get_dest_address4(rqstp, cmh);
539 	case SOL_IPV6:
540 		return svc_udp_get_dest_address6(rqstp, cmh);
541 	}
542 
543 	return 0;
544 }
545 
546 /**
547  * svc_udp_recvfrom - Receive a datagram from a UDP socket.
548  * @rqstp: request structure into which to receive an RPC Call
549  *
550  * Called in a loop when XPT_DATA has been set.
551  *
552  * Returns:
553  *   On success, the number of bytes in a received RPC Call, or
554  *   %0 if a complete RPC Call message was not ready to return
555  */
556 static int svc_udp_recvfrom(struct svc_rqst *rqstp)
557 {
558 	struct svc_sock	*svsk =
559 		container_of(rqstp->rq_xprt, struct svc_sock, sk_xprt);
560 	struct svc_serv	*serv = svsk->sk_xprt.xpt_server;
561 	struct sk_buff	*skb;
562 	union {
563 		struct cmsghdr	hdr;
564 		long		all[SVC_PKTINFO_SPACE / sizeof(long)];
565 	} buffer;
566 	struct cmsghdr *cmh = &buffer.hdr;
567 	struct msghdr msg = {
568 		.msg_name = svc_addr(rqstp),
569 		.msg_control = cmh,
570 		.msg_controllen = sizeof(buffer),
571 		.msg_flags = MSG_DONTWAIT,
572 	};
573 	size_t len;
574 	int err;
575 
576 	if (test_and_clear_bit(XPT_CHNGBUF, &svsk->sk_xprt.xpt_flags))
577 	    /* udp sockets need large rcvbuf as all pending
578 	     * requests are still in that buffer.  sndbuf must
579 	     * also be large enough that there is enough space
580 	     * for one reply per thread.  We count all threads
581 	     * rather than threads in a particular pool, which
582 	     * provides an upper bound on the number of threads
583 	     * which will access the socket.
584 	     */
585 	    svc_sock_setbufsize(svsk, serv->sv_nrthreads + 3);
586 
587 	clear_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags);
588 	err = kernel_recvmsg(svsk->sk_sock, &msg, NULL,
589 			     0, 0, MSG_PEEK | MSG_DONTWAIT);
590 	if (err < 0)
591 		goto out_recv_err;
592 	skb = skb_recv_udp(svsk->sk_sk, MSG_DONTWAIT, &err);
593 	if (!skb)
594 		goto out_recv_err;
595 
596 	len = svc_addr_len(svc_addr(rqstp));
597 	rqstp->rq_addrlen = len;
598 	if (skb->tstamp == 0) {
599 		skb->tstamp = ktime_get_real();
600 		/* Don't enable netstamp, sunrpc doesn't
601 		   need that much accuracy */
602 	}
603 	sock_write_timestamp(svsk->sk_sk, skb->tstamp);
604 	set_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags); /* there may be more data... */
605 
606 	len = skb->len;
607 	rqstp->rq_arg.len = len;
608 	trace_svcsock_udp_recv(&svsk->sk_xprt, len);
609 
610 	rqstp->rq_prot = IPPROTO_UDP;
611 
612 	if (!svc_udp_get_dest_address(rqstp, cmh))
613 		goto out_cmsg_err;
614 	rqstp->rq_daddrlen = svc_addr_len(svc_daddr(rqstp));
615 
616 	if (skb_is_nonlinear(skb)) {
617 		/* we have to copy */
618 		local_bh_disable();
619 		if (csum_partial_copy_to_xdr(&rqstp->rq_arg, skb))
620 			goto out_bh_enable;
621 		local_bh_enable();
622 		consume_skb(skb);
623 	} else {
624 		/* we can use it in-place */
625 		rqstp->rq_arg.head[0].iov_base = skb->data;
626 		rqstp->rq_arg.head[0].iov_len = len;
627 		if (skb_checksum_complete(skb))
628 			goto out_free;
629 		rqstp->rq_xprt_ctxt = skb;
630 	}
631 
632 	rqstp->rq_arg.page_base = 0;
633 	if (len <= rqstp->rq_arg.head[0].iov_len) {
634 		rqstp->rq_arg.head[0].iov_len = len;
635 		rqstp->rq_arg.page_len = 0;
636 		rqstp->rq_respages = rqstp->rq_pages+1;
637 	} else {
638 		rqstp->rq_arg.page_len = len - rqstp->rq_arg.head[0].iov_len;
639 		rqstp->rq_respages = rqstp->rq_pages + 1 +
640 			DIV_ROUND_UP(rqstp->rq_arg.page_len, PAGE_SIZE);
641 	}
642 	rqstp->rq_next_page = rqstp->rq_respages+1;
643 
644 	if (serv->sv_stats)
645 		serv->sv_stats->netudpcnt++;
646 
647 	svc_sock_secure_port(rqstp);
648 	svc_xprt_received(rqstp->rq_xprt);
649 	return len;
650 
651 out_recv_err:
652 	if (err != -EAGAIN) {
653 		/* possibly an icmp error */
654 		set_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags);
655 	}
656 	trace_svcsock_udp_recv_err(&svsk->sk_xprt, err);
657 	goto out_clear_busy;
658 out_cmsg_err:
659 	net_warn_ratelimited("svc: received unknown control message %d/%d; dropping RPC reply datagram\n",
660 			     cmh->cmsg_level, cmh->cmsg_type);
661 	goto out_free;
662 out_bh_enable:
663 	local_bh_enable();
664 out_free:
665 	kfree_skb(skb);
666 out_clear_busy:
667 	svc_xprt_received(rqstp->rq_xprt);
668 	return 0;
669 }
670 
671 /**
672  * svc_udp_sendto - Send out a reply on a UDP socket
673  * @rqstp: completed svc_rqst
674  *
675  * xpt_mutex ensures @rqstp's whole message is written to the socket
676  * without interruption.
677  *
678  * Returns the number of bytes sent, or a negative errno.
679  */
680 static int svc_udp_sendto(struct svc_rqst *rqstp)
681 {
682 	struct svc_xprt *xprt = rqstp->rq_xprt;
683 	struct svc_sock	*svsk = container_of(xprt, struct svc_sock, sk_xprt);
684 	struct xdr_buf *xdr = &rqstp->rq_res;
685 	union {
686 		struct cmsghdr	hdr;
687 		long		all[SVC_PKTINFO_SPACE / sizeof(long)];
688 	} buffer;
689 	struct cmsghdr *cmh = &buffer.hdr;
690 	struct msghdr msg = {
691 		.msg_name	= &rqstp->rq_addr,
692 		.msg_namelen	= rqstp->rq_addrlen,
693 		.msg_control	= cmh,
694 		.msg_controllen	= sizeof(buffer),
695 	};
696 	unsigned int sent;
697 	int err;
698 
699 	svc_udp_release_ctxt(xprt, rqstp->rq_xprt_ctxt);
700 	rqstp->rq_xprt_ctxt = NULL;
701 
702 	svc_set_cmsg_data(rqstp, cmh);
703 
704 	mutex_lock(&xprt->xpt_mutex);
705 
706 	if (svc_xprt_is_dead(xprt))
707 		goto out_notconn;
708 
709 	err = xdr_alloc_bvec(xdr, GFP_KERNEL);
710 	if (err < 0)
711 		goto out_unlock;
712 
713 	err = xprt_sock_sendmsg(svsk->sk_sock, &msg, xdr, 0, 0, &sent);
714 	if (err == -ECONNREFUSED) {
715 		/* ICMP error on earlier request. */
716 		err = xprt_sock_sendmsg(svsk->sk_sock, &msg, xdr, 0, 0, &sent);
717 	}
718 	xdr_free_bvec(xdr);
719 	trace_svcsock_udp_send(xprt, err);
720 out_unlock:
721 	mutex_unlock(&xprt->xpt_mutex);
722 	if (err < 0)
723 		return err;
724 	return sent;
725 
726 out_notconn:
727 	mutex_unlock(&xprt->xpt_mutex);
728 	return -ENOTCONN;
729 }
730 
731 static int svc_udp_has_wspace(struct svc_xprt *xprt)
732 {
733 	struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt);
734 	struct svc_serv	*serv = xprt->xpt_server;
735 	unsigned long required;
736 
737 	/*
738 	 * Set the SOCK_NOSPACE flag before checking the available
739 	 * sock space.
740 	 */
741 	set_bit(SOCK_NOSPACE, &svsk->sk_sock->flags);
742 	required = atomic_read(&svsk->sk_xprt.xpt_reserved) + serv->sv_max_mesg;
743 	if (required*2 > sock_wspace(svsk->sk_sk))
744 		return 0;
745 	clear_bit(SOCK_NOSPACE, &svsk->sk_sock->flags);
746 	return 1;
747 }
748 
749 static struct svc_xprt *svc_udp_accept(struct svc_xprt *xprt)
750 {
751 	BUG();
752 	return NULL;
753 }
754 
755 static void svc_udp_kill_temp_xprt(struct svc_xprt *xprt)
756 {
757 }
758 
759 static struct svc_xprt *svc_udp_create(struct svc_serv *serv,
760 				       struct net *net,
761 				       struct sockaddr *sa, int salen,
762 				       int flags)
763 {
764 	return svc_create_socket(serv, IPPROTO_UDP, net, sa, salen, flags);
765 }
766 
767 static const struct svc_xprt_ops svc_udp_ops = {
768 	.xpo_create = svc_udp_create,
769 	.xpo_recvfrom = svc_udp_recvfrom,
770 	.xpo_sendto = svc_udp_sendto,
771 	.xpo_result_payload = svc_sock_result_payload,
772 	.xpo_release_ctxt = svc_udp_release_ctxt,
773 	.xpo_detach = svc_sock_detach,
774 	.xpo_free = svc_sock_free,
775 	.xpo_has_wspace = svc_udp_has_wspace,
776 	.xpo_accept = svc_udp_accept,
777 	.xpo_kill_temp_xprt = svc_udp_kill_temp_xprt,
778 };
779 
780 static struct svc_xprt_class svc_udp_class = {
781 	.xcl_name = "udp",
782 	.xcl_owner = THIS_MODULE,
783 	.xcl_ops = &svc_udp_ops,
784 	.xcl_max_payload = RPCSVC_MAXPAYLOAD_UDP,
785 	.xcl_ident = XPRT_TRANSPORT_UDP,
786 };
787 
788 static void svc_udp_init(struct svc_sock *svsk, struct svc_serv *serv)
789 {
790 	svc_xprt_init(sock_net(svsk->sk_sock->sk), &svc_udp_class,
791 		      &svsk->sk_xprt, serv);
792 	clear_bit(XPT_CACHE_AUTH, &svsk->sk_xprt.xpt_flags);
793 	svsk->sk_sk->sk_data_ready = svc_data_ready;
794 	svsk->sk_sk->sk_write_space = svc_write_space;
795 
796 	/* initialise setting must have enough space to
797 	 * receive and respond to one request.
798 	 * svc_udp_recvfrom will re-adjust if necessary
799 	 */
800 	svc_sock_setbufsize(svsk, 3);
801 
802 	/* data might have come in before data_ready set up */
803 	set_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags);
804 	set_bit(XPT_CHNGBUF, &svsk->sk_xprt.xpt_flags);
805 
806 	/* make sure we get destination address info */
807 	switch (svsk->sk_sk->sk_family) {
808 	case AF_INET:
809 		ip_sock_set_pktinfo(svsk->sk_sock->sk);
810 		break;
811 	case AF_INET6:
812 		ip6_sock_set_recvpktinfo(svsk->sk_sock->sk);
813 		break;
814 	default:
815 		BUG();
816 	}
817 }
818 
819 /*
820  * A data_ready event on a listening socket means there's a connection
821  * pending. Do not use state_change as a substitute for it.
822  */
823 static void svc_tcp_listen_data_ready(struct sock *sk)
824 {
825 	struct svc_sock	*svsk = (struct svc_sock *)sk->sk_user_data;
826 
827 	trace_sk_data_ready(sk);
828 
829 	if (svsk) {
830 		/* Refer to svc_setup_socket() for details. */
831 		rmb();
832 		svsk->sk_odata(sk);
833 	}
834 
835 	/*
836 	 * This callback may called twice when a new connection
837 	 * is established as a child socket inherits everything
838 	 * from a parent LISTEN socket.
839 	 * 1) data_ready method of the parent socket will be called
840 	 *    when one of child sockets become ESTABLISHED.
841 	 * 2) data_ready method of the child socket may be called
842 	 *    when it receives data before the socket is accepted.
843 	 * In case of 2, we should ignore it silently.
844 	 */
845 	if (sk->sk_state == TCP_LISTEN) {
846 		if (svsk) {
847 			set_bit(XPT_CONN, &svsk->sk_xprt.xpt_flags);
848 			svc_xprt_enqueue(&svsk->sk_xprt);
849 		}
850 	}
851 }
852 
853 /*
854  * A state change on a connected socket means it's dying or dead.
855  */
856 static void svc_tcp_state_change(struct sock *sk)
857 {
858 	struct svc_sock	*svsk = (struct svc_sock *)sk->sk_user_data;
859 
860 	if (svsk) {
861 		/* Refer to svc_setup_socket() for details. */
862 		rmb();
863 		svsk->sk_ostate(sk);
864 		trace_svcsock_tcp_state(&svsk->sk_xprt, svsk->sk_sock);
865 		if (sk->sk_state != TCP_ESTABLISHED)
866 			svc_xprt_deferred_close(&svsk->sk_xprt);
867 	}
868 }
869 
870 /*
871  * Accept a TCP connection
872  */
873 static struct svc_xprt *svc_tcp_accept(struct svc_xprt *xprt)
874 {
875 	struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt);
876 	struct sockaddr_storage addr;
877 	struct sockaddr	*sin = (struct sockaddr *) &addr;
878 	struct svc_serv	*serv = svsk->sk_xprt.xpt_server;
879 	struct socket	*sock = svsk->sk_sock;
880 	struct socket	*newsock;
881 	struct svc_sock	*newsvsk;
882 	int		err, slen;
883 
884 	if (!sock)
885 		return NULL;
886 
887 	clear_bit(XPT_CONN, &svsk->sk_xprt.xpt_flags);
888 	err = kernel_accept(sock, &newsock, O_NONBLOCK);
889 	if (err < 0) {
890 		if (err == -ENOMEM)
891 			printk(KERN_WARNING "%s: no more sockets!\n",
892 			       serv->sv_name);
893 		else if (err != -EAGAIN)
894 			net_warn_ratelimited("%s: accept failed (err %d)!\n",
895 					     serv->sv_name, -err);
896 		trace_svcsock_accept_err(xprt, serv->sv_name, err);
897 		return NULL;
898 	}
899 	if (IS_ERR(sock_alloc_file(newsock, O_NONBLOCK, NULL)))
900 		return NULL;
901 
902 	set_bit(XPT_CONN, &svsk->sk_xprt.xpt_flags);
903 
904 	err = kernel_getpeername(newsock, sin);
905 	if (err < 0) {
906 		trace_svcsock_getpeername_err(xprt, serv->sv_name, err);
907 		goto failed;		/* aborted connection or whatever */
908 	}
909 	slen = err;
910 
911 	/* Reset the inherited callbacks before calling svc_setup_socket */
912 	newsock->sk->sk_state_change = svsk->sk_ostate;
913 	newsock->sk->sk_data_ready = svsk->sk_odata;
914 	newsock->sk->sk_write_space = svsk->sk_owspace;
915 
916 	/* make sure that a write doesn't block forever when
917 	 * low on memory
918 	 */
919 	newsock->sk->sk_sndtimeo = HZ*30;
920 
921 	newsvsk = svc_setup_socket(serv, newsock,
922 				 (SVC_SOCK_ANONYMOUS | SVC_SOCK_TEMPORARY));
923 	if (IS_ERR(newsvsk))
924 		goto failed;
925 	svc_xprt_set_remote(&newsvsk->sk_xprt, sin, slen);
926 	err = kernel_getsockname(newsock, sin);
927 	slen = err;
928 	if (unlikely(err < 0))
929 		slen = offsetof(struct sockaddr, sa_data);
930 	svc_xprt_set_local(&newsvsk->sk_xprt, sin, slen);
931 
932 	if (sock_is_loopback(newsock->sk))
933 		set_bit(XPT_LOCAL, &newsvsk->sk_xprt.xpt_flags);
934 	else
935 		clear_bit(XPT_LOCAL, &newsvsk->sk_xprt.xpt_flags);
936 	if (serv->sv_stats)
937 		serv->sv_stats->nettcpconn++;
938 
939 	return &newsvsk->sk_xprt;
940 
941 failed:
942 	sockfd_put(newsock);
943 	return NULL;
944 }
945 
946 static size_t svc_tcp_restore_pages(struct svc_sock *svsk,
947 				    struct svc_rqst *rqstp)
948 {
949 	size_t len = svsk->sk_datalen;
950 	unsigned int i, npages;
951 
952 	if (!len)
953 		return 0;
954 	npages = (len + PAGE_SIZE - 1) >> PAGE_SHIFT;
955 	for (i = 0; i < npages; i++) {
956 		if (rqstp->rq_pages[i] != NULL)
957 			put_page(rqstp->rq_pages[i]);
958 		BUG_ON(svsk->sk_pages[i] == NULL);
959 		rqstp->rq_pages[i] = svsk->sk_pages[i];
960 		svsk->sk_pages[i] = NULL;
961 	}
962 	rqstp->rq_arg.head[0].iov_base = page_address(rqstp->rq_pages[0]);
963 	return len;
964 }
965 
966 static void svc_tcp_save_pages(struct svc_sock *svsk, struct svc_rqst *rqstp)
967 {
968 	unsigned int i, len, npages;
969 
970 	if (svsk->sk_datalen == 0)
971 		return;
972 	len = svsk->sk_datalen;
973 	npages = (len + PAGE_SIZE - 1) >> PAGE_SHIFT;
974 	for (i = 0; i < npages; i++) {
975 		svsk->sk_pages[i] = rqstp->rq_pages[i];
976 		rqstp->rq_pages[i] = NULL;
977 	}
978 }
979 
980 static void svc_tcp_clear_pages(struct svc_sock *svsk)
981 {
982 	unsigned int i, len, npages;
983 
984 	if (svsk->sk_datalen == 0)
985 		goto out;
986 	len = svsk->sk_datalen;
987 	npages = (len + PAGE_SIZE - 1) >> PAGE_SHIFT;
988 	for (i = 0; i < npages; i++) {
989 		if (svsk->sk_pages[i] == NULL) {
990 			WARN_ON_ONCE(1);
991 			continue;
992 		}
993 		put_page(svsk->sk_pages[i]);
994 		svsk->sk_pages[i] = NULL;
995 	}
996 out:
997 	svsk->sk_tcplen = 0;
998 	svsk->sk_datalen = 0;
999 }
1000 
1001 /*
1002  * Receive fragment record header into sk_marker.
1003  */
1004 static ssize_t svc_tcp_read_marker(struct svc_sock *svsk,
1005 				   struct svc_rqst *rqstp)
1006 {
1007 	ssize_t want, len;
1008 
1009 	/* If we haven't gotten the record length yet,
1010 	 * get the next four bytes.
1011 	 */
1012 	if (svsk->sk_tcplen < sizeof(rpc_fraghdr)) {
1013 		struct msghdr	msg = { NULL };
1014 		struct kvec	iov;
1015 
1016 		want = sizeof(rpc_fraghdr) - svsk->sk_tcplen;
1017 		iov.iov_base = ((char *)&svsk->sk_marker) + svsk->sk_tcplen;
1018 		iov.iov_len  = want;
1019 		iov_iter_kvec(&msg.msg_iter, ITER_DEST, &iov, 1, want);
1020 		len = svc_tcp_sock_recv_cmsg(svsk, &msg);
1021 		if (len < 0)
1022 			return len;
1023 		svsk->sk_tcplen += len;
1024 		if (len < want) {
1025 			/* call again to read the remaining bytes */
1026 			goto err_short;
1027 		}
1028 		trace_svcsock_marker(&svsk->sk_xprt, svsk->sk_marker);
1029 		if (svc_sock_reclen(svsk) + svsk->sk_datalen >
1030 		    svsk->sk_xprt.xpt_server->sv_max_mesg)
1031 			goto err_too_large;
1032 	}
1033 	return svc_sock_reclen(svsk);
1034 
1035 err_too_large:
1036 	net_notice_ratelimited("svc: %s %s RPC fragment too large: %d\n",
1037 			       __func__, svsk->sk_xprt.xpt_server->sv_name,
1038 			       svc_sock_reclen(svsk));
1039 	svc_xprt_deferred_close(&svsk->sk_xprt);
1040 err_short:
1041 	return -EAGAIN;
1042 }
1043 
1044 static int receive_cb_reply(struct svc_sock *svsk, struct svc_rqst *rqstp)
1045 {
1046 	struct rpc_xprt *bc_xprt = svsk->sk_xprt.xpt_bc_xprt;
1047 	struct rpc_rqst *req = NULL;
1048 	struct kvec *src, *dst;
1049 	__be32 *p = (__be32 *)rqstp->rq_arg.head[0].iov_base;
1050 	__be32 xid;
1051 	__be32 calldir;
1052 
1053 	xid = *p++;
1054 	calldir = *p;
1055 
1056 	if (!bc_xprt)
1057 		return -EAGAIN;
1058 	spin_lock(&bc_xprt->queue_lock);
1059 	req = xprt_lookup_rqst(bc_xprt, xid);
1060 	if (!req)
1061 		goto unlock_notfound;
1062 
1063 	memcpy(&req->rq_private_buf, &req->rq_rcv_buf, sizeof(struct xdr_buf));
1064 	/*
1065 	 * XXX!: cheating for now!  Only copying HEAD.
1066 	 * But we know this is good enough for now (in fact, for any
1067 	 * callback reply in the forseeable future).
1068 	 */
1069 	dst = &req->rq_private_buf.head[0];
1070 	src = &rqstp->rq_arg.head[0];
1071 	if (dst->iov_len < src->iov_len)
1072 		goto unlock_eagain; /* whatever; just giving up. */
1073 	memcpy(dst->iov_base, src->iov_base, src->iov_len);
1074 	xprt_complete_rqst(req->rq_task, rqstp->rq_arg.len);
1075 	rqstp->rq_arg.len = 0;
1076 	spin_unlock(&bc_xprt->queue_lock);
1077 	return 0;
1078 unlock_notfound:
1079 	printk(KERN_NOTICE
1080 		"%s: Got unrecognized reply: "
1081 		"calldir 0x%x xpt_bc_xprt %p xid %08x\n",
1082 		__func__, ntohl(calldir),
1083 		bc_xprt, ntohl(xid));
1084 unlock_eagain:
1085 	spin_unlock(&bc_xprt->queue_lock);
1086 	return -EAGAIN;
1087 }
1088 
1089 static void svc_tcp_fragment_received(struct svc_sock *svsk)
1090 {
1091 	/* If we have more data, signal svc_xprt_enqueue() to try again */
1092 	svsk->sk_tcplen = 0;
1093 	svsk->sk_marker = xdr_zero;
1094 }
1095 
1096 /**
1097  * svc_tcp_recvfrom - Receive data from a TCP socket
1098  * @rqstp: request structure into which to receive an RPC Call
1099  *
1100  * Called in a loop when XPT_DATA has been set.
1101  *
1102  * Read the 4-byte stream record marker, then use the record length
1103  * in that marker to set up exactly the resources needed to receive
1104  * the next RPC message into @rqstp.
1105  *
1106  * Returns:
1107  *   On success, the number of bytes in a received RPC Call, or
1108  *   %0 if a complete RPC Call message was not ready to return
1109  *
1110  * The zero return case handles partial receives and callback Replies.
1111  * The state of a partial receive is preserved in the svc_sock for
1112  * the next call to svc_tcp_recvfrom.
1113  */
1114 static int svc_tcp_recvfrom(struct svc_rqst *rqstp)
1115 {
1116 	struct svc_sock	*svsk =
1117 		container_of(rqstp->rq_xprt, struct svc_sock, sk_xprt);
1118 	struct svc_serv	*serv = svsk->sk_xprt.xpt_server;
1119 	size_t want, base;
1120 	ssize_t len;
1121 	__be32 *p;
1122 	__be32 calldir;
1123 
1124 	clear_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags);
1125 	len = svc_tcp_read_marker(svsk, rqstp);
1126 	if (len < 0)
1127 		goto error;
1128 
1129 	base = svc_tcp_restore_pages(svsk, rqstp);
1130 	want = len - (svsk->sk_tcplen - sizeof(rpc_fraghdr));
1131 	len = svc_tcp_read_msg(rqstp, base + want, base);
1132 	if (len >= 0) {
1133 		trace_svcsock_tcp_recv(&svsk->sk_xprt, len);
1134 		svsk->sk_tcplen += len;
1135 		svsk->sk_datalen += len;
1136 	}
1137 	if (len != want || !svc_sock_final_rec(svsk))
1138 		goto err_incomplete;
1139 	if (svsk->sk_datalen < 8)
1140 		goto err_nuts;
1141 
1142 	rqstp->rq_arg.len = svsk->sk_datalen;
1143 	rqstp->rq_arg.page_base = 0;
1144 	if (rqstp->rq_arg.len <= rqstp->rq_arg.head[0].iov_len) {
1145 		rqstp->rq_arg.head[0].iov_len = rqstp->rq_arg.len;
1146 		rqstp->rq_arg.page_len = 0;
1147 	} else
1148 		rqstp->rq_arg.page_len = rqstp->rq_arg.len - rqstp->rq_arg.head[0].iov_len;
1149 
1150 	rqstp->rq_xprt_ctxt   = NULL;
1151 	rqstp->rq_prot	      = IPPROTO_TCP;
1152 	if (test_bit(XPT_LOCAL, &svsk->sk_xprt.xpt_flags))
1153 		set_bit(RQ_LOCAL, &rqstp->rq_flags);
1154 	else
1155 		clear_bit(RQ_LOCAL, &rqstp->rq_flags);
1156 
1157 	p = (__be32 *)rqstp->rq_arg.head[0].iov_base;
1158 	calldir = p[1];
1159 	if (calldir)
1160 		len = receive_cb_reply(svsk, rqstp);
1161 
1162 	/* Reset TCP read info */
1163 	svsk->sk_datalen = 0;
1164 	svc_tcp_fragment_received(svsk);
1165 
1166 	if (len < 0)
1167 		goto error;
1168 
1169 	svc_xprt_copy_addrs(rqstp, &svsk->sk_xprt);
1170 	if (serv->sv_stats)
1171 		serv->sv_stats->nettcpcnt++;
1172 
1173 	svc_sock_secure_port(rqstp);
1174 	svc_xprt_received(rqstp->rq_xprt);
1175 	return rqstp->rq_arg.len;
1176 
1177 err_incomplete:
1178 	svc_tcp_save_pages(svsk, rqstp);
1179 	if (len < 0 && len != -EAGAIN)
1180 		goto err_delete;
1181 	if (len == want)
1182 		svc_tcp_fragment_received(svsk);
1183 	else
1184 		trace_svcsock_tcp_recv_short(&svsk->sk_xprt,
1185 				svc_sock_reclen(svsk),
1186 				svsk->sk_tcplen - sizeof(rpc_fraghdr));
1187 	goto err_noclose;
1188 error:
1189 	if (len != -EAGAIN)
1190 		goto err_delete;
1191 	trace_svcsock_tcp_recv_eagain(&svsk->sk_xprt, 0);
1192 	goto err_noclose;
1193 err_nuts:
1194 	svsk->sk_datalen = 0;
1195 err_delete:
1196 	trace_svcsock_tcp_recv_err(&svsk->sk_xprt, len);
1197 	svc_xprt_deferred_close(&svsk->sk_xprt);
1198 err_noclose:
1199 	svc_xprt_received(rqstp->rq_xprt);
1200 	return 0;	/* record not complete */
1201 }
1202 
1203 static int svc_tcp_send_kvec(struct socket *sock, const struct kvec *vec,
1204 			      int flags)
1205 {
1206 	return kernel_sendpage(sock, virt_to_page(vec->iov_base),
1207 			       offset_in_page(vec->iov_base),
1208 			       vec->iov_len, flags);
1209 }
1210 
1211 /*
1212  * kernel_sendpage() is used exclusively to reduce the number of
1213  * copy operations in this path. Therefore the caller must ensure
1214  * that the pages backing @xdr are unchanging.
1215  *
1216  * In addition, the logic assumes that * .bv_len is never larger
1217  * than PAGE_SIZE.
1218  */
1219 static int svc_tcp_sendmsg(struct socket *sock, struct xdr_buf *xdr,
1220 			   rpc_fraghdr marker, unsigned int *sentp)
1221 {
1222 	const struct kvec *head = xdr->head;
1223 	const struct kvec *tail = xdr->tail;
1224 	struct kvec rm = {
1225 		.iov_base	= &marker,
1226 		.iov_len	= sizeof(marker),
1227 	};
1228 	struct msghdr msg = {
1229 		.msg_flags	= 0,
1230 	};
1231 	int ret;
1232 
1233 	*sentp = 0;
1234 	ret = xdr_alloc_bvec(xdr, GFP_KERNEL);
1235 	if (ret < 0)
1236 		return ret;
1237 
1238 	ret = kernel_sendmsg(sock, &msg, &rm, 1, rm.iov_len);
1239 	if (ret < 0)
1240 		return ret;
1241 	*sentp += ret;
1242 	if (ret != rm.iov_len)
1243 		return -EAGAIN;
1244 
1245 	ret = svc_tcp_send_kvec(sock, head, 0);
1246 	if (ret < 0)
1247 		return ret;
1248 	*sentp += ret;
1249 	if (ret != head->iov_len)
1250 		goto out;
1251 
1252 	if (xdr->page_len) {
1253 		unsigned int offset, len, remaining;
1254 		struct bio_vec *bvec;
1255 
1256 		bvec = xdr->bvec + (xdr->page_base >> PAGE_SHIFT);
1257 		offset = offset_in_page(xdr->page_base);
1258 		remaining = xdr->page_len;
1259 		while (remaining > 0) {
1260 			len = min(remaining, bvec->bv_len - offset);
1261 			ret = kernel_sendpage(sock, bvec->bv_page,
1262 					      bvec->bv_offset + offset,
1263 					      len, 0);
1264 			if (ret < 0)
1265 				return ret;
1266 			*sentp += ret;
1267 			if (ret != len)
1268 				goto out;
1269 			remaining -= len;
1270 			offset = 0;
1271 			bvec++;
1272 		}
1273 	}
1274 
1275 	if (tail->iov_len) {
1276 		ret = svc_tcp_send_kvec(sock, tail, 0);
1277 		if (ret < 0)
1278 			return ret;
1279 		*sentp += ret;
1280 	}
1281 
1282 out:
1283 	return 0;
1284 }
1285 
1286 /**
1287  * svc_tcp_sendto - Send out a reply on a TCP socket
1288  * @rqstp: completed svc_rqst
1289  *
1290  * xpt_mutex ensures @rqstp's whole message is written to the socket
1291  * without interruption.
1292  *
1293  * Returns the number of bytes sent, or a negative errno.
1294  */
1295 static int svc_tcp_sendto(struct svc_rqst *rqstp)
1296 {
1297 	struct svc_xprt *xprt = rqstp->rq_xprt;
1298 	struct svc_sock	*svsk = container_of(xprt, struct svc_sock, sk_xprt);
1299 	struct xdr_buf *xdr = &rqstp->rq_res;
1300 	rpc_fraghdr marker = cpu_to_be32(RPC_LAST_STREAM_FRAGMENT |
1301 					 (u32)xdr->len);
1302 	unsigned int sent;
1303 	int err;
1304 
1305 	svc_tcp_release_ctxt(xprt, rqstp->rq_xprt_ctxt);
1306 	rqstp->rq_xprt_ctxt = NULL;
1307 
1308 	atomic_inc(&svsk->sk_sendqlen);
1309 	mutex_lock(&xprt->xpt_mutex);
1310 	if (svc_xprt_is_dead(xprt))
1311 		goto out_notconn;
1312 	tcp_sock_set_cork(svsk->sk_sk, true);
1313 	err = svc_tcp_sendmsg(svsk->sk_sock, xdr, marker, &sent);
1314 	xdr_free_bvec(xdr);
1315 	trace_svcsock_tcp_send(xprt, err < 0 ? (long)err : sent);
1316 	if (err < 0 || sent != (xdr->len + sizeof(marker)))
1317 		goto out_close;
1318 	if (atomic_dec_and_test(&svsk->sk_sendqlen))
1319 		tcp_sock_set_cork(svsk->sk_sk, false);
1320 	mutex_unlock(&xprt->xpt_mutex);
1321 	return sent;
1322 
1323 out_notconn:
1324 	atomic_dec(&svsk->sk_sendqlen);
1325 	mutex_unlock(&xprt->xpt_mutex);
1326 	return -ENOTCONN;
1327 out_close:
1328 	pr_notice("rpc-srv/tcp: %s: %s %d when sending %d bytes - shutting down socket\n",
1329 		  xprt->xpt_server->sv_name,
1330 		  (err < 0) ? "got error" : "sent",
1331 		  (err < 0) ? err : sent, xdr->len);
1332 	svc_xprt_deferred_close(xprt);
1333 	atomic_dec(&svsk->sk_sendqlen);
1334 	mutex_unlock(&xprt->xpt_mutex);
1335 	return -EAGAIN;
1336 }
1337 
1338 static struct svc_xprt *svc_tcp_create(struct svc_serv *serv,
1339 				       struct net *net,
1340 				       struct sockaddr *sa, int salen,
1341 				       int flags)
1342 {
1343 	return svc_create_socket(serv, IPPROTO_TCP, net, sa, salen, flags);
1344 }
1345 
1346 static const struct svc_xprt_ops svc_tcp_ops = {
1347 	.xpo_create = svc_tcp_create,
1348 	.xpo_recvfrom = svc_tcp_recvfrom,
1349 	.xpo_sendto = svc_tcp_sendto,
1350 	.xpo_result_payload = svc_sock_result_payload,
1351 	.xpo_release_ctxt = svc_tcp_release_ctxt,
1352 	.xpo_detach = svc_tcp_sock_detach,
1353 	.xpo_free = svc_sock_free,
1354 	.xpo_has_wspace = svc_tcp_has_wspace,
1355 	.xpo_accept = svc_tcp_accept,
1356 	.xpo_kill_temp_xprt = svc_tcp_kill_temp_xprt,
1357 	.xpo_handshake = svc_tcp_handshake,
1358 };
1359 
1360 static struct svc_xprt_class svc_tcp_class = {
1361 	.xcl_name = "tcp",
1362 	.xcl_owner = THIS_MODULE,
1363 	.xcl_ops = &svc_tcp_ops,
1364 	.xcl_max_payload = RPCSVC_MAXPAYLOAD_TCP,
1365 	.xcl_ident = XPRT_TRANSPORT_TCP,
1366 };
1367 
1368 void svc_init_xprt_sock(void)
1369 {
1370 	svc_reg_xprt_class(&svc_tcp_class);
1371 	svc_reg_xprt_class(&svc_udp_class);
1372 }
1373 
1374 void svc_cleanup_xprt_sock(void)
1375 {
1376 	svc_unreg_xprt_class(&svc_tcp_class);
1377 	svc_unreg_xprt_class(&svc_udp_class);
1378 }
1379 
1380 static void svc_tcp_init(struct svc_sock *svsk, struct svc_serv *serv)
1381 {
1382 	struct sock	*sk = svsk->sk_sk;
1383 
1384 	svc_xprt_init(sock_net(svsk->sk_sock->sk), &svc_tcp_class,
1385 		      &svsk->sk_xprt, serv);
1386 	set_bit(XPT_CACHE_AUTH, &svsk->sk_xprt.xpt_flags);
1387 	set_bit(XPT_CONG_CTRL, &svsk->sk_xprt.xpt_flags);
1388 	if (sk->sk_state == TCP_LISTEN) {
1389 		strcpy(svsk->sk_xprt.xpt_remotebuf, "listener");
1390 		set_bit(XPT_LISTENER, &svsk->sk_xprt.xpt_flags);
1391 		sk->sk_data_ready = svc_tcp_listen_data_ready;
1392 		set_bit(XPT_CONN, &svsk->sk_xprt.xpt_flags);
1393 	} else {
1394 		sk->sk_state_change = svc_tcp_state_change;
1395 		sk->sk_data_ready = svc_data_ready;
1396 		sk->sk_write_space = svc_write_space;
1397 
1398 		svsk->sk_marker = xdr_zero;
1399 		svsk->sk_tcplen = 0;
1400 		svsk->sk_datalen = 0;
1401 		memset(&svsk->sk_pages[0], 0, sizeof(svsk->sk_pages));
1402 
1403 		tcp_sock_set_nodelay(sk);
1404 
1405 		set_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags);
1406 		switch (sk->sk_state) {
1407 		case TCP_SYN_RECV:
1408 		case TCP_ESTABLISHED:
1409 			break;
1410 		default:
1411 			svc_xprt_deferred_close(&svsk->sk_xprt);
1412 		}
1413 	}
1414 }
1415 
1416 void svc_sock_update_bufs(struct svc_serv *serv)
1417 {
1418 	/*
1419 	 * The number of server threads has changed. Update
1420 	 * rcvbuf and sndbuf accordingly on all sockets
1421 	 */
1422 	struct svc_sock *svsk;
1423 
1424 	spin_lock_bh(&serv->sv_lock);
1425 	list_for_each_entry(svsk, &serv->sv_permsocks, sk_xprt.xpt_list)
1426 		set_bit(XPT_CHNGBUF, &svsk->sk_xprt.xpt_flags);
1427 	spin_unlock_bh(&serv->sv_lock);
1428 }
1429 EXPORT_SYMBOL_GPL(svc_sock_update_bufs);
1430 
1431 /*
1432  * Initialize socket for RPC use and create svc_sock struct
1433  */
1434 static struct svc_sock *svc_setup_socket(struct svc_serv *serv,
1435 						struct socket *sock,
1436 						int flags)
1437 {
1438 	struct svc_sock	*svsk;
1439 	struct sock	*inet;
1440 	int		pmap_register = !(flags & SVC_SOCK_ANONYMOUS);
1441 
1442 	svsk = kzalloc(sizeof(*svsk), GFP_KERNEL);
1443 	if (!svsk)
1444 		return ERR_PTR(-ENOMEM);
1445 
1446 	inet = sock->sk;
1447 
1448 	if (pmap_register) {
1449 		int err;
1450 
1451 		err = svc_register(serv, sock_net(sock->sk), inet->sk_family,
1452 				     inet->sk_protocol,
1453 				     ntohs(inet_sk(inet)->inet_sport));
1454 		if (err < 0) {
1455 			kfree(svsk);
1456 			return ERR_PTR(err);
1457 		}
1458 	}
1459 
1460 	svsk->sk_sock = sock;
1461 	svsk->sk_sk = inet;
1462 	svsk->sk_ostate = inet->sk_state_change;
1463 	svsk->sk_odata = inet->sk_data_ready;
1464 	svsk->sk_owspace = inet->sk_write_space;
1465 	/*
1466 	 * This barrier is necessary in order to prevent race condition
1467 	 * with svc_data_ready(), svc_listen_data_ready() and others
1468 	 * when calling callbacks above.
1469 	 */
1470 	wmb();
1471 	inet->sk_user_data = svsk;
1472 
1473 	/* Initialize the socket */
1474 	if (sock->type == SOCK_DGRAM)
1475 		svc_udp_init(svsk, serv);
1476 	else
1477 		svc_tcp_init(svsk, serv);
1478 
1479 	trace_svcsock_new_socket(sock);
1480 	return svsk;
1481 }
1482 
1483 /**
1484  * svc_addsock - add a listener socket to an RPC service
1485  * @serv: pointer to RPC service to which to add a new listener
1486  * @net: caller's network namespace
1487  * @fd: file descriptor of the new listener
1488  * @name_return: pointer to buffer to fill in with name of listener
1489  * @len: size of the buffer
1490  * @cred: credential
1491  *
1492  * Fills in socket name and returns positive length of name if successful.
1493  * Name is terminated with '\n'.  On error, returns a negative errno
1494  * value.
1495  */
1496 int svc_addsock(struct svc_serv *serv, struct net *net, const int fd,
1497 		char *name_return, const size_t len, const struct cred *cred)
1498 {
1499 	int err = 0;
1500 	struct socket *so = sockfd_lookup(fd, &err);
1501 	struct svc_sock *svsk = NULL;
1502 	struct sockaddr_storage addr;
1503 	struct sockaddr *sin = (struct sockaddr *)&addr;
1504 	int salen;
1505 
1506 	if (!so)
1507 		return err;
1508 	err = -EINVAL;
1509 	if (sock_net(so->sk) != net)
1510 		goto out;
1511 	err = -EAFNOSUPPORT;
1512 	if ((so->sk->sk_family != PF_INET) && (so->sk->sk_family != PF_INET6))
1513 		goto out;
1514 	err =  -EPROTONOSUPPORT;
1515 	if (so->sk->sk_protocol != IPPROTO_TCP &&
1516 	    so->sk->sk_protocol != IPPROTO_UDP)
1517 		goto out;
1518 	err = -EISCONN;
1519 	if (so->state > SS_UNCONNECTED)
1520 		goto out;
1521 	err = -ENOENT;
1522 	if (!try_module_get(THIS_MODULE))
1523 		goto out;
1524 	svsk = svc_setup_socket(serv, so, SVC_SOCK_DEFAULTS);
1525 	if (IS_ERR(svsk)) {
1526 		module_put(THIS_MODULE);
1527 		err = PTR_ERR(svsk);
1528 		goto out;
1529 	}
1530 	salen = kernel_getsockname(svsk->sk_sock, sin);
1531 	if (salen >= 0)
1532 		svc_xprt_set_local(&svsk->sk_xprt, sin, salen);
1533 	svsk->sk_xprt.xpt_cred = get_cred(cred);
1534 	svc_add_new_perm_xprt(serv, &svsk->sk_xprt);
1535 	return svc_one_sock_name(svsk, name_return, len);
1536 out:
1537 	sockfd_put(so);
1538 	return err;
1539 }
1540 EXPORT_SYMBOL_GPL(svc_addsock);
1541 
1542 /*
1543  * Create socket for RPC service.
1544  */
1545 static struct svc_xprt *svc_create_socket(struct svc_serv *serv,
1546 					  int protocol,
1547 					  struct net *net,
1548 					  struct sockaddr *sin, int len,
1549 					  int flags)
1550 {
1551 	struct svc_sock	*svsk;
1552 	struct socket	*sock;
1553 	int		error;
1554 	int		type;
1555 	struct sockaddr_storage addr;
1556 	struct sockaddr *newsin = (struct sockaddr *)&addr;
1557 	int		newlen;
1558 	int		family;
1559 
1560 	if (protocol != IPPROTO_UDP && protocol != IPPROTO_TCP) {
1561 		printk(KERN_WARNING "svc: only UDP and TCP "
1562 				"sockets supported\n");
1563 		return ERR_PTR(-EINVAL);
1564 	}
1565 
1566 	type = (protocol == IPPROTO_UDP)? SOCK_DGRAM : SOCK_STREAM;
1567 	switch (sin->sa_family) {
1568 	case AF_INET6:
1569 		family = PF_INET6;
1570 		break;
1571 	case AF_INET:
1572 		family = PF_INET;
1573 		break;
1574 	default:
1575 		return ERR_PTR(-EINVAL);
1576 	}
1577 
1578 	error = __sock_create(net, family, type, protocol, &sock, 1);
1579 	if (error < 0)
1580 		return ERR_PTR(error);
1581 
1582 	svc_reclassify_socket(sock);
1583 
1584 	/*
1585 	 * If this is an PF_INET6 listener, we want to avoid
1586 	 * getting requests from IPv4 remotes.  Those should
1587 	 * be shunted to a PF_INET listener via rpcbind.
1588 	 */
1589 	if (family == PF_INET6)
1590 		ip6_sock_set_v6only(sock->sk);
1591 	if (type == SOCK_STREAM)
1592 		sock->sk->sk_reuse = SK_CAN_REUSE; /* allow address reuse */
1593 	error = kernel_bind(sock, sin, len);
1594 	if (error < 0)
1595 		goto bummer;
1596 
1597 	error = kernel_getsockname(sock, newsin);
1598 	if (error < 0)
1599 		goto bummer;
1600 	newlen = error;
1601 
1602 	if (protocol == IPPROTO_TCP) {
1603 		if ((error = kernel_listen(sock, 64)) < 0)
1604 			goto bummer;
1605 	}
1606 
1607 	svsk = svc_setup_socket(serv, sock, flags);
1608 	if (IS_ERR(svsk)) {
1609 		error = PTR_ERR(svsk);
1610 		goto bummer;
1611 	}
1612 	svc_xprt_set_local(&svsk->sk_xprt, newsin, newlen);
1613 	return (struct svc_xprt *)svsk;
1614 bummer:
1615 	sock_release(sock);
1616 	return ERR_PTR(error);
1617 }
1618 
1619 /*
1620  * Detach the svc_sock from the socket so that no
1621  * more callbacks occur.
1622  */
1623 static void svc_sock_detach(struct svc_xprt *xprt)
1624 {
1625 	struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt);
1626 	struct sock *sk = svsk->sk_sk;
1627 
1628 	/* put back the old socket callbacks */
1629 	lock_sock(sk);
1630 	sk->sk_state_change = svsk->sk_ostate;
1631 	sk->sk_data_ready = svsk->sk_odata;
1632 	sk->sk_write_space = svsk->sk_owspace;
1633 	sk->sk_user_data = NULL;
1634 	release_sock(sk);
1635 }
1636 
1637 /*
1638  * Disconnect the socket, and reset the callbacks
1639  */
1640 static void svc_tcp_sock_detach(struct svc_xprt *xprt)
1641 {
1642 	struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt);
1643 
1644 	svc_sock_detach(xprt);
1645 
1646 	if (!test_bit(XPT_LISTENER, &xprt->xpt_flags)) {
1647 		svc_tcp_clear_pages(svsk);
1648 		kernel_sock_shutdown(svsk->sk_sock, SHUT_RDWR);
1649 	}
1650 }
1651 
1652 /*
1653  * Free the svc_sock's socket resources and the svc_sock itself.
1654  */
1655 static void svc_sock_free(struct svc_xprt *xprt)
1656 {
1657 	struct svc_sock *svsk = container_of(xprt, struct svc_sock, sk_xprt);
1658 	struct socket *sock = svsk->sk_sock;
1659 
1660 	tls_handshake_cancel(sock->sk);
1661 	if (sock->file)
1662 		sockfd_put(sock);
1663 	else
1664 		sock_release(sock);
1665 	kfree(svsk);
1666 }
1667