1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* AFS cell and server record management 3 * 4 * Copyright (C) 2002, 2017 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8 #include <linux/slab.h> 9 #include <linux/key.h> 10 #include <linux/ctype.h> 11 #include <linux/dns_resolver.h> 12 #include <linux/sched.h> 13 #include <linux/inet.h> 14 #include <linux/namei.h> 15 #include <keys/rxrpc-type.h> 16 #include "internal.h" 17 18 static unsigned __read_mostly afs_cell_gc_delay = 10; 19 static unsigned __read_mostly afs_cell_min_ttl = 10 * 60; 20 static unsigned __read_mostly afs_cell_max_ttl = 24 * 60 * 60; 21 static atomic_t cell_debug_id; 22 23 static void afs_cell_timer(struct timer_list *timer); 24 static void afs_destroy_cell_work(struct work_struct *work); 25 static void afs_manage_cell_work(struct work_struct *work); 26 27 static void afs_dec_cells_outstanding(struct afs_net *net) 28 { 29 if (atomic_dec_and_test(&net->cells_outstanding)) 30 wake_up_var(&net->cells_outstanding); 31 } 32 33 static void afs_set_cell_state(struct afs_cell *cell, enum afs_cell_state state) 34 { 35 smp_store_release(&cell->state, state); /* Commit cell changes before state */ 36 smp_wmb(); /* Set cell state before task state */ 37 wake_up_var(&cell->state); 38 } 39 40 /* 41 * Look up and get an activation reference on a cell record. The caller must 42 * hold net->cells_lock at least read-locked. 43 */ 44 static struct afs_cell *afs_find_cell_locked(struct afs_net *net, 45 const char *name, unsigned int namesz, 46 enum afs_cell_trace reason) 47 { 48 struct afs_cell *cell = NULL; 49 struct rb_node *p; 50 int n; 51 52 _enter("%*.*s", namesz, namesz, name); 53 54 if (name && namesz == 0) 55 return ERR_PTR(-EINVAL); 56 if (namesz > AFS_MAXCELLNAME) 57 return ERR_PTR(-ENAMETOOLONG); 58 59 if (!name) { 60 cell = rcu_dereference_protected(net->ws_cell, 61 lockdep_is_held(&net->cells_lock)); 62 if (!cell) 63 return ERR_PTR(-EDESTADDRREQ); 64 goto found; 65 } 66 67 p = net->cells.rb_node; 68 while (p) { 69 cell = rb_entry(p, struct afs_cell, net_node); 70 71 n = strncasecmp(cell->name, name, 72 min_t(size_t, cell->name_len, namesz)); 73 if (n == 0) 74 n = cell->name_len - namesz; 75 if (n < 0) 76 p = p->rb_left; 77 else if (n > 0) 78 p = p->rb_right; 79 else 80 goto found; 81 } 82 83 return ERR_PTR(-ENOENT); 84 85 found: 86 return afs_use_cell(cell, reason); 87 } 88 89 /* 90 * Look up and get an activation reference on a cell record. 91 */ 92 struct afs_cell *afs_find_cell(struct afs_net *net, 93 const char *name, unsigned int namesz, 94 enum afs_cell_trace reason) 95 { 96 struct afs_cell *cell; 97 98 down_read(&net->cells_lock); 99 cell = afs_find_cell_locked(net, name, namesz, reason); 100 up_read(&net->cells_lock); 101 return cell; 102 } 103 104 /* 105 * Set up a cell record and fill in its name, VL server address list and 106 * allocate an anonymous key 107 */ 108 static struct afs_cell *afs_alloc_cell(struct afs_net *net, 109 const char *name, unsigned int namelen, 110 const char *addresses) 111 { 112 struct afs_vlserver_list *vllist = NULL; 113 struct afs_cell *cell; 114 int i, ret; 115 116 ASSERT(name); 117 if (namelen == 0) 118 return ERR_PTR(-EINVAL); 119 if (namelen > AFS_MAXCELLNAME) { 120 _leave(" = -ENAMETOOLONG"); 121 return ERR_PTR(-ENAMETOOLONG); 122 } 123 124 /* Prohibit cell names that contain unprintable chars, '/' and '@' or 125 * that begin with a dot. This also precludes "@cell". 126 */ 127 if (name[0] == '.') 128 return ERR_PTR(-EINVAL); 129 for (i = 0; i < namelen; i++) { 130 char ch = name[i]; 131 if (!isprint(ch) || ch == '/' || ch == '@') 132 return ERR_PTR(-EINVAL); 133 } 134 135 _enter("%*.*s,%s", namelen, namelen, name, addresses); 136 137 cell = kzalloc(sizeof(struct afs_cell), GFP_KERNEL); 138 if (!cell) { 139 _leave(" = -ENOMEM"); 140 return ERR_PTR(-ENOMEM); 141 } 142 143 cell->name = kmalloc(1 + namelen + 1, GFP_KERNEL); 144 if (!cell->name) { 145 kfree(cell); 146 return ERR_PTR(-ENOMEM); 147 } 148 149 cell->name[0] = '.'; 150 cell->name++; 151 cell->name_len = namelen; 152 for (i = 0; i < namelen; i++) 153 cell->name[i] = tolower(name[i]); 154 cell->name[i] = 0; 155 156 cell->net = net; 157 refcount_set(&cell->ref, 1); 158 atomic_set(&cell->active, 0); 159 INIT_WORK(&cell->destroyer, afs_destroy_cell_work); 160 INIT_WORK(&cell->manager, afs_manage_cell_work); 161 timer_setup(&cell->management_timer, afs_cell_timer, 0); 162 init_rwsem(&cell->vs_lock); 163 cell->volumes = RB_ROOT; 164 INIT_HLIST_HEAD(&cell->proc_volumes); 165 seqlock_init(&cell->volume_lock); 166 cell->fs_servers = RB_ROOT; 167 init_rwsem(&cell->fs_lock); 168 rwlock_init(&cell->vl_servers_lock); 169 cell->flags = (1 << AFS_CELL_FL_CHECK_ALIAS); 170 171 /* Provide a VL server list, filling it in if we were given a list of 172 * addresses to use. 173 */ 174 if (addresses) { 175 vllist = afs_parse_text_addrs(net, 176 addresses, strlen(addresses), ':', 177 VL_SERVICE, AFS_VL_PORT); 178 if (IS_ERR(vllist)) { 179 ret = PTR_ERR(vllist); 180 vllist = NULL; 181 goto parse_failed; 182 } 183 184 vllist->source = DNS_RECORD_FROM_CONFIG; 185 vllist->status = DNS_LOOKUP_NOT_DONE; 186 cell->dns_expiry = TIME64_MAX; 187 } else { 188 ret = -ENOMEM; 189 vllist = afs_alloc_vlserver_list(0); 190 if (!vllist) 191 goto error; 192 vllist->source = DNS_RECORD_UNAVAILABLE; 193 vllist->status = DNS_LOOKUP_NOT_DONE; 194 cell->dns_expiry = ktime_get_real_seconds(); 195 } 196 197 rcu_assign_pointer(cell->vl_servers, vllist); 198 199 cell->dns_source = vllist->source; 200 cell->dns_status = vllist->status; 201 smp_store_release(&cell->dns_lookup_count, 1); /* vs source/status */ 202 atomic_inc(&net->cells_outstanding); 203 ret = idr_alloc_cyclic(&net->cells_dyn_ino, cell, 204 2, INT_MAX / 2, GFP_KERNEL); 205 if (ret < 0) 206 goto error; 207 cell->dynroot_ino = ret; 208 cell->debug_id = atomic_inc_return(&cell_debug_id); 209 210 trace_afs_cell(cell->debug_id, 1, 0, afs_cell_trace_alloc); 211 212 _leave(" = %p", cell); 213 return cell; 214 215 parse_failed: 216 if (ret == -EINVAL) 217 printk(KERN_ERR "kAFS: bad VL server IP address\n"); 218 error: 219 afs_put_vlserverlist(cell->net, vllist); 220 kfree(cell->name - 1); 221 kfree(cell); 222 _leave(" = %d", ret); 223 return ERR_PTR(ret); 224 } 225 226 /* 227 * afs_lookup_cell - Look up or create a cell record. 228 * @net: The network namespace 229 * @name: The name of the cell. 230 * @namesz: The strlen of the cell name. 231 * @vllist: A colon/comma separated list of numeric IP addresses or NULL. 232 * @reason: The reason we're doing the lookup 233 * @trace: The reason to be logged if the lookup is successful. 234 * 235 * Look up a cell record by name and query the DNS for VL server addresses if 236 * needed. Note that that actual DNS query is punted off to the manager thread 237 * so that this function can return immediately if interrupted whilst allowing 238 * cell records to be shared even if not yet fully constructed. 239 */ 240 struct afs_cell *afs_lookup_cell(struct afs_net *net, 241 const char *name, unsigned int namesz, 242 const char *vllist, 243 enum afs_lookup_cell_for reason, 244 enum afs_cell_trace trace) 245 { 246 struct afs_cell *cell, *candidate, *cursor; 247 struct rb_node *parent, **pp; 248 enum afs_cell_state state; 249 int ret, n; 250 251 _enter("%s,%s,%u", name, vllist, reason); 252 253 if (reason != AFS_LOOKUP_CELL_PRELOAD) { 254 cell = afs_find_cell(net, name, namesz, trace); 255 if (!IS_ERR(cell)) { 256 if (reason == AFS_LOOKUP_CELL_DYNROOT) 257 goto no_wait; 258 if (cell->state == AFS_CELL_SETTING_UP || 259 cell->state == AFS_CELL_UNLOOKED) 260 goto lookup_cell; 261 goto wait_for_cell; 262 } 263 } 264 265 /* Assume we're probably going to create a cell and preallocate and 266 * mostly set up a candidate record. We can then use this to stash the 267 * name, the net namespace and VL server addresses. 268 * 269 * We also want to do this before we hold any locks as it may involve 270 * upcalling to userspace to make DNS queries. 271 */ 272 candidate = afs_alloc_cell(net, name, namesz, vllist); 273 if (IS_ERR(candidate)) { 274 _leave(" = %ld", PTR_ERR(candidate)); 275 return candidate; 276 } 277 278 /* Find the insertion point and check to see if someone else added a 279 * cell whilst we were allocating. 280 */ 281 down_write(&net->cells_lock); 282 283 pp = &net->cells.rb_node; 284 parent = NULL; 285 while (*pp) { 286 parent = *pp; 287 cursor = rb_entry(parent, struct afs_cell, net_node); 288 289 n = strncasecmp(cursor->name, name, 290 min_t(size_t, cursor->name_len, namesz)); 291 if (n == 0) 292 n = cursor->name_len - namesz; 293 if (n < 0) 294 pp = &(*pp)->rb_left; 295 else if (n > 0) 296 pp = &(*pp)->rb_right; 297 else 298 goto cell_already_exists; 299 } 300 301 cell = candidate; 302 candidate = NULL; 303 afs_use_cell(cell, trace); 304 rb_link_node_rcu(&cell->net_node, parent, pp); 305 rb_insert_color(&cell->net_node, &net->cells); 306 up_write(&net->cells_lock); 307 308 lookup_cell: 309 if (reason != AFS_LOOKUP_CELL_PRELOAD && 310 reason != AFS_LOOKUP_CELL_ROOTCELL) { 311 set_bit(AFS_CELL_FL_DO_LOOKUP, &cell->flags); 312 afs_queue_cell(cell, afs_cell_trace_queue_new); 313 } 314 315 wait_for_cell: 316 state = smp_load_acquire(&cell->state); /* vs error */ 317 switch (state) { 318 case AFS_CELL_ACTIVE: 319 case AFS_CELL_DEAD: 320 break; 321 case AFS_CELL_UNLOOKED: 322 default: 323 if (reason == AFS_LOOKUP_CELL_PRELOAD || 324 reason == AFS_LOOKUP_CELL_ROOTCELL) 325 break; 326 _debug("wait_for_cell"); 327 afs_see_cell(cell, afs_cell_trace_wait); 328 wait_var_event(&cell->state, 329 ({ 330 state = smp_load_acquire(&cell->state); /* vs error */ 331 state == AFS_CELL_ACTIVE || state == AFS_CELL_DEAD; 332 })); 333 _debug("waited_for_cell %d %d", cell->state, cell->error); 334 } 335 336 no_wait: 337 /* Check the state obtained from the wait check. */ 338 state = smp_load_acquire(&cell->state); /* vs error */ 339 if (state == AFS_CELL_DEAD) { 340 ret = cell->error; 341 goto error; 342 } 343 if (state == AFS_CELL_ACTIVE) { 344 switch (cell->dns_status) { 345 case DNS_LOOKUP_NOT_DONE: 346 if (cell->dns_source == DNS_RECORD_FROM_CONFIG) { 347 ret = 0; 348 break; 349 } 350 fallthrough; 351 default: 352 ret = -EIO; 353 goto error; 354 case DNS_LOOKUP_GOOD: 355 case DNS_LOOKUP_GOOD_WITH_BAD: 356 ret = 0; 357 break; 358 case DNS_LOOKUP_GOT_NOT_FOUND: 359 ret = -ENOENT; 360 goto error; 361 case DNS_LOOKUP_BAD: 362 ret = -EREMOTEIO; 363 goto error; 364 case DNS_LOOKUP_GOT_LOCAL_FAILURE: 365 case DNS_LOOKUP_GOT_TEMP_FAILURE: 366 case DNS_LOOKUP_GOT_NS_FAILURE: 367 ret = -EDESTADDRREQ; 368 goto error; 369 } 370 } 371 372 _leave(" = %p [cell]", cell); 373 return cell; 374 375 cell_already_exists: 376 _debug("cell exists"); 377 cell = cursor; 378 if (reason == AFS_LOOKUP_CELL_PRELOAD) { 379 ret = -EEXIST; 380 } else { 381 afs_use_cell(cursor, trace); 382 ret = 0; 383 } 384 up_write(&net->cells_lock); 385 if (candidate) 386 afs_put_cell(candidate, afs_cell_trace_put_candidate); 387 if (ret == 0) 388 goto wait_for_cell; 389 goto error_noput; 390 error: 391 afs_unuse_cell(cell, afs_cell_trace_unuse_lookup_error); 392 error_noput: 393 _leave(" = %d [error]", ret); 394 return ERR_PTR(ret); 395 } 396 397 /* 398 * set the root cell information 399 * - can be called with a module parameter string 400 * - can be called from a write to /proc/fs/afs/rootcell 401 */ 402 int afs_cell_init(struct afs_net *net, const char *rootcell) 403 { 404 struct afs_cell *old_root, *new_root; 405 const char *cp, *vllist; 406 size_t len; 407 408 _enter(""); 409 410 if (!rootcell) { 411 /* module is loaded with no parameters, or built statically. 412 * - in the future we might initialize cell DB here. 413 */ 414 _leave(" = 0 [no root]"); 415 return 0; 416 } 417 418 cp = strchr(rootcell, ':'); 419 if (!cp) { 420 _debug("kAFS: no VL server IP addresses specified"); 421 vllist = NULL; 422 len = strlen(rootcell); 423 } else { 424 vllist = cp + 1; 425 len = cp - rootcell; 426 } 427 428 if (len == 0 || !rootcell[0] || rootcell[0] == '.' || rootcell[len - 1] == '.') 429 return -EINVAL; 430 if (memchr(rootcell, '/', len)) 431 return -EINVAL; 432 cp = strstr(rootcell, ".."); 433 if (cp && cp < rootcell + len) 434 return -EINVAL; 435 436 /* allocate a cell record for the root/workstation cell */ 437 new_root = afs_lookup_cell(net, rootcell, len, vllist, 438 AFS_LOOKUP_CELL_ROOTCELL, 439 afs_cell_trace_use_lookup_ws); 440 if (IS_ERR(new_root)) { 441 _leave(" = %ld", PTR_ERR(new_root)); 442 return PTR_ERR(new_root); 443 } 444 445 if (!test_and_set_bit(AFS_CELL_FL_NO_GC, &new_root->flags)) 446 afs_use_cell(new_root, afs_cell_trace_use_pin); 447 448 /* install the new cell */ 449 down_write(&net->cells_lock); 450 old_root = rcu_replace_pointer(net->ws_cell, new_root, 451 lockdep_is_held(&net->cells_lock)); 452 up_write(&net->cells_lock); 453 454 afs_unuse_cell(old_root, afs_cell_trace_unuse_ws); 455 _leave(" = 0"); 456 return 0; 457 } 458 459 /* 460 * Update a cell's VL server address list from the DNS. 461 */ 462 static int afs_update_cell(struct afs_cell *cell) 463 { 464 struct afs_vlserver_list *vllist, *old = NULL, *p; 465 unsigned int min_ttl = READ_ONCE(afs_cell_min_ttl); 466 unsigned int max_ttl = READ_ONCE(afs_cell_max_ttl); 467 time64_t now, expiry = 0; 468 int ret = 0; 469 470 _enter("%s", cell->name); 471 472 vllist = afs_dns_query(cell, &expiry); 473 if (IS_ERR(vllist)) { 474 ret = PTR_ERR(vllist); 475 476 _debug("%s: fail %d", cell->name, ret); 477 if (ret == -ENOMEM) 478 goto out_wake; 479 480 vllist = afs_alloc_vlserver_list(0); 481 if (!vllist) { 482 if (ret >= 0) 483 ret = -ENOMEM; 484 goto out_wake; 485 } 486 487 switch (ret) { 488 case -ENODATA: 489 case -EDESTADDRREQ: 490 vllist->status = DNS_LOOKUP_GOT_NOT_FOUND; 491 break; 492 case -EAGAIN: 493 case -ECONNREFUSED: 494 vllist->status = DNS_LOOKUP_GOT_TEMP_FAILURE; 495 break; 496 default: 497 vllist->status = DNS_LOOKUP_GOT_LOCAL_FAILURE; 498 break; 499 } 500 } 501 502 _debug("%s: got list %d %d", cell->name, vllist->source, vllist->status); 503 cell->dns_status = vllist->status; 504 505 now = ktime_get_real_seconds(); 506 if (min_ttl > max_ttl) 507 max_ttl = min_ttl; 508 if (expiry < now + min_ttl) 509 expiry = now + min_ttl; 510 else if (expiry > now + max_ttl) 511 expiry = now + max_ttl; 512 513 _debug("%s: status %d", cell->name, vllist->status); 514 if (vllist->source == DNS_RECORD_UNAVAILABLE) { 515 switch (vllist->status) { 516 case DNS_LOOKUP_GOT_NOT_FOUND: 517 /* The DNS said that the cell does not exist or there 518 * weren't any addresses to be had. 519 */ 520 cell->dns_expiry = expiry; 521 break; 522 523 case DNS_LOOKUP_BAD: 524 case DNS_LOOKUP_GOT_LOCAL_FAILURE: 525 case DNS_LOOKUP_GOT_TEMP_FAILURE: 526 case DNS_LOOKUP_GOT_NS_FAILURE: 527 default: 528 cell->dns_expiry = now + 10; 529 break; 530 } 531 } else { 532 cell->dns_expiry = expiry; 533 } 534 535 /* Replace the VL server list if the new record has servers or the old 536 * record doesn't. 537 */ 538 write_lock(&cell->vl_servers_lock); 539 p = rcu_dereference_protected(cell->vl_servers, true); 540 if (vllist->nr_servers > 0 || p->nr_servers == 0) { 541 rcu_assign_pointer(cell->vl_servers, vllist); 542 cell->dns_source = vllist->source; 543 old = p; 544 } 545 write_unlock(&cell->vl_servers_lock); 546 afs_put_vlserverlist(cell->net, old); 547 548 out_wake: 549 smp_store_release(&cell->dns_lookup_count, 550 cell->dns_lookup_count + 1); /* vs source/status */ 551 wake_up_var(&cell->dns_lookup_count); 552 _leave(" = %d", ret); 553 return ret; 554 } 555 556 /* 557 * Destroy a cell record 558 */ 559 static void afs_cell_destroy(struct rcu_head *rcu) 560 { 561 struct afs_cell *cell = container_of(rcu, struct afs_cell, rcu); 562 struct afs_net *net = cell->net; 563 int r; 564 565 _enter("%p{%s}", cell, cell->name); 566 567 r = refcount_read(&cell->ref); 568 ASSERTCMP(r, ==, 0); 569 trace_afs_cell(cell->debug_id, r, atomic_read(&cell->active), afs_cell_trace_free); 570 571 afs_put_vlserverlist(net, rcu_access_pointer(cell->vl_servers)); 572 afs_unuse_cell(cell->alias_of, afs_cell_trace_unuse_alias); 573 key_put(cell->anonymous_key); 574 idr_remove(&net->cells_dyn_ino, cell->dynroot_ino); 575 kfree(cell->name - 1); 576 kfree(cell); 577 578 afs_dec_cells_outstanding(net); 579 _leave(" [destroyed]"); 580 } 581 582 static void afs_destroy_cell_work(struct work_struct *work) 583 { 584 struct afs_cell *cell = container_of(work, struct afs_cell, destroyer); 585 586 afs_see_cell(cell, afs_cell_trace_destroy); 587 timer_delete_sync(&cell->management_timer); 588 cancel_work_sync(&cell->manager); 589 call_rcu(&cell->rcu, afs_cell_destroy); 590 } 591 592 /* 593 * Get a reference on a cell record. 594 */ 595 struct afs_cell *afs_get_cell(struct afs_cell *cell, enum afs_cell_trace reason) 596 { 597 int r; 598 599 __refcount_inc(&cell->ref, &r); 600 trace_afs_cell(cell->debug_id, r + 1, atomic_read(&cell->active), reason); 601 return cell; 602 } 603 604 /* 605 * Drop a reference on a cell record. 606 */ 607 void afs_put_cell(struct afs_cell *cell, enum afs_cell_trace reason) 608 { 609 if (cell) { 610 unsigned int debug_id = cell->debug_id; 611 unsigned int a; 612 bool zero; 613 int r; 614 615 a = atomic_read(&cell->active); 616 zero = __refcount_dec_and_test(&cell->ref, &r); 617 trace_afs_cell(debug_id, r - 1, a, reason); 618 if (zero) { 619 a = atomic_read(&cell->active); 620 WARN(a != 0, "Cell active count %u > 0\n", a); 621 WARN_ON(!queue_work(afs_wq, &cell->destroyer)); 622 } 623 } 624 } 625 626 /* 627 * Note a cell becoming more active. 628 */ 629 struct afs_cell *afs_use_cell(struct afs_cell *cell, enum afs_cell_trace reason) 630 { 631 int r, a; 632 633 __refcount_inc(&cell->ref, &r); 634 a = atomic_inc_return(&cell->active); 635 trace_afs_cell(cell->debug_id, r + 1, a, reason); 636 return cell; 637 } 638 639 /* 640 * Record a cell becoming less active. When the active counter reaches 1, it 641 * is scheduled for destruction, but may get reactivated. 642 */ 643 void afs_unuse_cell(struct afs_cell *cell, enum afs_cell_trace reason) 644 { 645 unsigned int debug_id; 646 time64_t now, expire_delay; 647 bool zero; 648 int r, a; 649 650 if (!cell) 651 return; 652 653 _enter("%s", cell->name); 654 655 now = ktime_get_real_seconds(); 656 cell->last_inactive = now; 657 expire_delay = 0; 658 if (cell->vl_servers->nr_servers) 659 expire_delay = afs_cell_gc_delay; 660 661 debug_id = cell->debug_id; 662 a = atomic_dec_return(&cell->active); 663 if (!a) 664 /* 'cell' may now be garbage collected. */ 665 afs_set_cell_timer(cell, expire_delay); 666 667 zero = __refcount_dec_and_test(&cell->ref, &r); 668 trace_afs_cell(debug_id, r - 1, a, reason); 669 if (zero) 670 WARN_ON(!queue_work(afs_wq, &cell->destroyer)); 671 } 672 673 /* 674 * Note that a cell has been seen. 675 */ 676 void afs_see_cell(struct afs_cell *cell, enum afs_cell_trace reason) 677 { 678 int r, a; 679 680 r = refcount_read(&cell->ref); 681 a = atomic_read(&cell->active); 682 trace_afs_cell(cell->debug_id, r, a, reason); 683 } 684 685 /* 686 * Queue a cell for management, giving the workqueue a ref to hold. 687 */ 688 void afs_queue_cell(struct afs_cell *cell, enum afs_cell_trace reason) 689 { 690 queue_work(afs_wq, &cell->manager); 691 } 692 693 /* 694 * Cell-specific management timer. 695 */ 696 static void afs_cell_timer(struct timer_list *timer) 697 { 698 struct afs_cell *cell = container_of(timer, struct afs_cell, management_timer); 699 700 afs_see_cell(cell, afs_cell_trace_see_mgmt_timer); 701 if (refcount_read(&cell->ref) > 0 && cell->net->live) 702 queue_work(afs_wq, &cell->manager); 703 } 704 705 /* 706 * Set/reduce the cell timer. 707 */ 708 void afs_set_cell_timer(struct afs_cell *cell, unsigned int delay_secs) 709 { 710 timer_reduce(&cell->management_timer, jiffies + delay_secs * HZ); 711 } 712 713 /* 714 * Allocate a key to use as a placeholder for anonymous user security. 715 */ 716 static int afs_alloc_anon_key(struct afs_cell *cell) 717 { 718 struct key *key; 719 char keyname[4 + AFS_MAXCELLNAME + 1], *cp, *dp; 720 721 /* Create a key to represent an anonymous user. */ 722 memcpy(keyname, "afs@", 4); 723 dp = keyname + 4; 724 cp = cell->name; 725 do { 726 *dp++ = tolower(*cp); 727 } while (*cp++); 728 729 key = rxrpc_get_null_key(keyname); 730 if (IS_ERR(key)) 731 return PTR_ERR(key); 732 733 cell->anonymous_key = key; 734 735 _debug("anon key %p{%x}", 736 cell->anonymous_key, key_serial(cell->anonymous_key)); 737 return 0; 738 } 739 740 /* 741 * Activate a cell. 742 */ 743 static int afs_activate_cell(struct afs_net *net, struct afs_cell *cell) 744 { 745 struct hlist_node **p; 746 struct afs_cell *pcell; 747 int ret; 748 749 if (!cell->anonymous_key) { 750 ret = afs_alloc_anon_key(cell); 751 if (ret < 0) 752 return ret; 753 } 754 755 ret = afs_proc_cell_setup(cell); 756 if (ret < 0) 757 return ret; 758 759 mutex_lock(&net->proc_cells_lock); 760 for (p = &net->proc_cells.first; *p; p = &(*p)->next) { 761 pcell = hlist_entry(*p, struct afs_cell, proc_link); 762 if (strcmp(cell->name, pcell->name) < 0) 763 break; 764 } 765 766 cell->proc_link.pprev = p; 767 cell->proc_link.next = *p; 768 rcu_assign_pointer(*p, &cell->proc_link.next); 769 if (cell->proc_link.next) 770 cell->proc_link.next->pprev = &cell->proc_link.next; 771 772 mutex_unlock(&net->proc_cells_lock); 773 return 0; 774 } 775 776 /* 777 * Deactivate a cell. 778 */ 779 static void afs_deactivate_cell(struct afs_net *net, struct afs_cell *cell) 780 { 781 _enter("%s", cell->name); 782 783 afs_proc_cell_remove(cell); 784 785 mutex_lock(&net->proc_cells_lock); 786 if (!hlist_unhashed(&cell->proc_link)) 787 hlist_del_rcu(&cell->proc_link); 788 mutex_unlock(&net->proc_cells_lock); 789 790 _leave(""); 791 } 792 793 static bool afs_has_cell_expired(struct afs_cell *cell, time64_t *_next_manage) 794 { 795 const struct afs_vlserver_list *vllist; 796 time64_t expire_at = cell->last_inactive; 797 time64_t now = ktime_get_real_seconds(); 798 799 if (atomic_read(&cell->active)) 800 return false; 801 if (!cell->net->live) 802 return true; 803 804 vllist = rcu_dereference_protected(cell->vl_servers, true); 805 if (vllist && vllist->nr_servers > 0) 806 expire_at += afs_cell_gc_delay; 807 808 if (expire_at <= now) 809 return true; 810 if (expire_at < *_next_manage) 811 *_next_manage = expire_at; 812 return false; 813 } 814 815 /* 816 * Manage a cell record, initialising and destroying it, maintaining its DNS 817 * records. 818 */ 819 static bool afs_manage_cell(struct afs_cell *cell) 820 { 821 struct afs_net *net = cell->net; 822 time64_t next_manage = TIME64_MAX; 823 int ret; 824 825 _enter("%s", cell->name); 826 827 _debug("state %u", cell->state); 828 switch (cell->state) { 829 case AFS_CELL_SETTING_UP: 830 goto set_up_cell; 831 case AFS_CELL_UNLOOKED: 832 case AFS_CELL_ACTIVE: 833 goto cell_is_active; 834 case AFS_CELL_REMOVING: 835 WARN_ON_ONCE(1); 836 return false; 837 case AFS_CELL_DEAD: 838 return false; 839 default: 840 _debug("bad state %u", cell->state); 841 WARN_ON_ONCE(1); /* Unhandled state */ 842 return false; 843 } 844 845 set_up_cell: 846 ret = afs_activate_cell(net, cell); 847 if (ret < 0) { 848 cell->error = ret; 849 goto remove_cell; 850 } 851 852 afs_set_cell_state(cell, AFS_CELL_UNLOOKED); 853 854 cell_is_active: 855 if (afs_has_cell_expired(cell, &next_manage)) 856 goto remove_cell; 857 858 if (test_and_clear_bit(AFS_CELL_FL_DO_LOOKUP, &cell->flags)) { 859 ret = afs_update_cell(cell); 860 if (ret < 0) 861 cell->error = ret; 862 if (cell->state == AFS_CELL_UNLOOKED) 863 afs_set_cell_state(cell, AFS_CELL_ACTIVE); 864 } 865 866 if (next_manage < TIME64_MAX && cell->net->live) { 867 time64_t now = ktime_get_real_seconds(); 868 869 if (next_manage - now <= 0) 870 afs_queue_cell(cell, afs_cell_trace_queue_again); 871 else 872 afs_set_cell_timer(cell, next_manage - now); 873 } 874 _leave(" [done %u]", cell->state); 875 return false; 876 877 remove_cell: 878 down_write(&net->cells_lock); 879 880 if (atomic_read(&cell->active)) { 881 up_write(&net->cells_lock); 882 goto cell_is_active; 883 } 884 885 /* Make sure that the expiring server records are going to see the fact 886 * that the cell is caput. 887 */ 888 afs_set_cell_state(cell, AFS_CELL_REMOVING); 889 890 afs_deactivate_cell(net, cell); 891 afs_purge_servers(cell); 892 893 rb_erase(&cell->net_node, &net->cells); 894 afs_see_cell(cell, afs_cell_trace_unuse_delete); 895 up_write(&net->cells_lock); 896 897 /* The root volume is pinning the cell */ 898 afs_put_volume(cell->root_volume, afs_volume_trace_put_cell_root); 899 cell->root_volume = NULL; 900 901 afs_set_cell_state(cell, AFS_CELL_DEAD); 902 return true; 903 } 904 905 static void afs_manage_cell_work(struct work_struct *work) 906 { 907 struct afs_cell *cell = container_of(work, struct afs_cell, manager); 908 bool final_put; 909 910 afs_see_cell(cell, afs_cell_trace_manage); 911 final_put = afs_manage_cell(cell); 912 afs_see_cell(cell, afs_cell_trace_managed); 913 if (final_put) 914 afs_put_cell(cell, afs_cell_trace_put_final); 915 } 916 917 /* 918 * Purge in-memory cell database. 919 */ 920 void afs_cell_purge(struct afs_net *net) 921 { 922 struct afs_cell *ws; 923 struct rb_node *cursor; 924 925 _enter(""); 926 927 down_write(&net->cells_lock); 928 ws = rcu_replace_pointer(net->ws_cell, NULL, 929 lockdep_is_held(&net->cells_lock)); 930 up_write(&net->cells_lock); 931 afs_unuse_cell(ws, afs_cell_trace_unuse_ws); 932 933 _debug("kick cells"); 934 down_read(&net->cells_lock); 935 for (cursor = rb_first(&net->cells); cursor; cursor = rb_next(cursor)) { 936 struct afs_cell *cell = rb_entry(cursor, struct afs_cell, net_node); 937 938 afs_see_cell(cell, afs_cell_trace_purge); 939 940 if (test_and_clear_bit(AFS_CELL_FL_NO_GC, &cell->flags)) 941 afs_unuse_cell(cell, afs_cell_trace_unuse_pin); 942 943 afs_queue_cell(cell, afs_cell_trace_queue_purge); 944 } 945 up_read(&net->cells_lock); 946 947 _debug("wait"); 948 wait_var_event(&net->cells_outstanding, 949 !atomic_read(&net->cells_outstanding)); 950 _leave(""); 951 } 952