xref: /linux/net/sunrpc/svc_xprt.c (revision 2a52ca7c98960aafb0eca9ef96b2d0c932171357)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * linux/net/sunrpc/svc_xprt.c
4  *
5  * Author: Tom Tucker <tom@opengridcomputing.com>
6  */
7 
8 #include <linux/sched.h>
9 #include <linux/sched/mm.h>
10 #include <linux/errno.h>
11 #include <linux/freezer.h>
12 #include <linux/slab.h>
13 #include <net/sock.h>
14 #include <linux/sunrpc/addr.h>
15 #include <linux/sunrpc/stats.h>
16 #include <linux/sunrpc/svc_xprt.h>
17 #include <linux/sunrpc/svcsock.h>
18 #include <linux/sunrpc/xprt.h>
19 #include <linux/sunrpc/bc_xprt.h>
20 #include <linux/module.h>
21 #include <linux/netdevice.h>
22 #include <trace/events/sunrpc.h>
23 
24 #define RPCDBG_FACILITY	RPCDBG_SVCXPRT
25 
26 static unsigned int svc_rpc_per_connection_limit __read_mostly;
27 module_param(svc_rpc_per_connection_limit, uint, 0644);
28 
29 
30 static struct svc_deferred_req *svc_deferred_dequeue(struct svc_xprt *xprt);
31 static int svc_deferred_recv(struct svc_rqst *rqstp);
32 static struct cache_deferred_req *svc_defer(struct cache_req *req);
33 static void svc_age_temp_xprts(struct timer_list *t);
34 static void svc_delete_xprt(struct svc_xprt *xprt);
35 
36 /* apparently the "standard" is that clients close
37  * idle connections after 5 minutes, servers after
38  * 6 minutes
39  *   http://nfsv4bat.org/Documents/ConnectAThon/1996/nfstcp.pdf
40  */
41 static int svc_conn_age_period = 6*60;
42 
43 /* List of registered transport classes */
44 static DEFINE_SPINLOCK(svc_xprt_class_lock);
45 static LIST_HEAD(svc_xprt_class_list);
46 
47 /* SMP locking strategy:
48  *
49  *	svc_serv->sv_lock protects sv_tempsocks, sv_permsocks, sv_tmpcnt.
50  *	when both need to be taken (rare), svc_serv->sv_lock is first.
51  *	The "service mutex" protects svc_serv->sv_nrthread.
52  *	svc_sock->sk_lock protects the svc_sock->sk_deferred list
53  *             and the ->sk_info_authunix cache.
54  *
55  *	The XPT_BUSY bit in xprt->xpt_flags prevents a transport being
56  *	enqueued multiply. During normal transport processing this bit
57  *	is set by svc_xprt_enqueue and cleared by svc_xprt_received.
58  *	Providers should not manipulate this bit directly.
59  *
60  *	Some flags can be set to certain values at any time
61  *	providing that certain rules are followed:
62  *
63  *	XPT_CONN, XPT_DATA:
64  *		- Can be set or cleared at any time.
65  *		- After a set, svc_xprt_enqueue must be called to enqueue
66  *		  the transport for processing.
67  *		- After a clear, the transport must be read/accepted.
68  *		  If this succeeds, it must be set again.
69  *	XPT_CLOSE:
70  *		- Can set at any time. It is never cleared.
71  *      XPT_DEAD:
72  *		- Can only be set while XPT_BUSY is held which ensures
73  *		  that no other thread will be using the transport or will
74  *		  try to set XPT_DEAD.
75  */
76 
77 /**
78  * svc_reg_xprt_class - Register a server-side RPC transport class
79  * @xcl: New transport class to be registered
80  *
81  * Returns zero on success; otherwise a negative errno is returned.
82  */
83 int svc_reg_xprt_class(struct svc_xprt_class *xcl)
84 {
85 	struct svc_xprt_class *cl;
86 	int res = -EEXIST;
87 
88 	INIT_LIST_HEAD(&xcl->xcl_list);
89 	spin_lock(&svc_xprt_class_lock);
90 	/* Make sure there isn't already a class with the same name */
91 	list_for_each_entry(cl, &svc_xprt_class_list, xcl_list) {
92 		if (strcmp(xcl->xcl_name, cl->xcl_name) == 0)
93 			goto out;
94 	}
95 	list_add_tail(&xcl->xcl_list, &svc_xprt_class_list);
96 	res = 0;
97 out:
98 	spin_unlock(&svc_xprt_class_lock);
99 	return res;
100 }
101 EXPORT_SYMBOL_GPL(svc_reg_xprt_class);
102 
103 /**
104  * svc_unreg_xprt_class - Unregister a server-side RPC transport class
105  * @xcl: Transport class to be unregistered
106  *
107  */
108 void svc_unreg_xprt_class(struct svc_xprt_class *xcl)
109 {
110 	spin_lock(&svc_xprt_class_lock);
111 	list_del_init(&xcl->xcl_list);
112 	spin_unlock(&svc_xprt_class_lock);
113 }
114 EXPORT_SYMBOL_GPL(svc_unreg_xprt_class);
115 
116 /**
117  * svc_print_xprts - Format the transport list for printing
118  * @buf: target buffer for formatted address
119  * @maxlen: length of target buffer
120  *
121  * Fills in @buf with a string containing a list of transport names, each name
122  * terminated with '\n'. If the buffer is too small, some entries may be
123  * missing, but it is guaranteed that all lines in the output buffer are
124  * complete.
125  *
126  * Returns positive length of the filled-in string.
127  */
128 int svc_print_xprts(char *buf, int maxlen)
129 {
130 	struct svc_xprt_class *xcl;
131 	char tmpstr[80];
132 	int len = 0;
133 	buf[0] = '\0';
134 
135 	spin_lock(&svc_xprt_class_lock);
136 	list_for_each_entry(xcl, &svc_xprt_class_list, xcl_list) {
137 		int slen;
138 
139 		slen = snprintf(tmpstr, sizeof(tmpstr), "%s %d\n",
140 				xcl->xcl_name, xcl->xcl_max_payload);
141 		if (slen >= sizeof(tmpstr) || len + slen >= maxlen)
142 			break;
143 		len += slen;
144 		strcat(buf, tmpstr);
145 	}
146 	spin_unlock(&svc_xprt_class_lock);
147 
148 	return len;
149 }
150 
151 /**
152  * svc_xprt_deferred_close - Close a transport
153  * @xprt: transport instance
154  *
155  * Used in contexts that need to defer the work of shutting down
156  * the transport to an nfsd thread.
157  */
158 void svc_xprt_deferred_close(struct svc_xprt *xprt)
159 {
160 	if (!test_and_set_bit(XPT_CLOSE, &xprt->xpt_flags))
161 		svc_xprt_enqueue(xprt);
162 }
163 EXPORT_SYMBOL_GPL(svc_xprt_deferred_close);
164 
165 static void svc_xprt_free(struct kref *kref)
166 {
167 	struct svc_xprt *xprt =
168 		container_of(kref, struct svc_xprt, xpt_ref);
169 	struct module *owner = xprt->xpt_class->xcl_owner;
170 	if (test_bit(XPT_CACHE_AUTH, &xprt->xpt_flags))
171 		svcauth_unix_info_release(xprt);
172 	put_cred(xprt->xpt_cred);
173 	put_net_track(xprt->xpt_net, &xprt->ns_tracker);
174 	/* See comment on corresponding get in xs_setup_bc_tcp(): */
175 	if (xprt->xpt_bc_xprt)
176 		xprt_put(xprt->xpt_bc_xprt);
177 	if (xprt->xpt_bc_xps)
178 		xprt_switch_put(xprt->xpt_bc_xps);
179 	trace_svc_xprt_free(xprt);
180 	xprt->xpt_ops->xpo_free(xprt);
181 	module_put(owner);
182 }
183 
184 void svc_xprt_put(struct svc_xprt *xprt)
185 {
186 	kref_put(&xprt->xpt_ref, svc_xprt_free);
187 }
188 EXPORT_SYMBOL_GPL(svc_xprt_put);
189 
190 /*
191  * Called by transport drivers to initialize the transport independent
192  * portion of the transport instance.
193  */
194 void svc_xprt_init(struct net *net, struct svc_xprt_class *xcl,
195 		   struct svc_xprt *xprt, struct svc_serv *serv)
196 {
197 	memset(xprt, 0, sizeof(*xprt));
198 	xprt->xpt_class = xcl;
199 	xprt->xpt_ops = xcl->xcl_ops;
200 	kref_init(&xprt->xpt_ref);
201 	xprt->xpt_server = serv;
202 	INIT_LIST_HEAD(&xprt->xpt_list);
203 	INIT_LIST_HEAD(&xprt->xpt_deferred);
204 	INIT_LIST_HEAD(&xprt->xpt_users);
205 	mutex_init(&xprt->xpt_mutex);
206 	spin_lock_init(&xprt->xpt_lock);
207 	set_bit(XPT_BUSY, &xprt->xpt_flags);
208 	xprt->xpt_net = get_net_track(net, &xprt->ns_tracker, GFP_ATOMIC);
209 	strcpy(xprt->xpt_remotebuf, "uninitialized");
210 }
211 EXPORT_SYMBOL_GPL(svc_xprt_init);
212 
213 /**
214  * svc_xprt_received - start next receiver thread
215  * @xprt: controlling transport
216  *
217  * The caller must hold the XPT_BUSY bit and must
218  * not thereafter touch transport data.
219  *
220  * Note: XPT_DATA only gets cleared when a read-attempt finds no (or
221  * insufficient) data.
222  */
223 void svc_xprt_received(struct svc_xprt *xprt)
224 {
225 	if (!test_bit(XPT_BUSY, &xprt->xpt_flags)) {
226 		WARN_ONCE(1, "xprt=0x%p already busy!", xprt);
227 		return;
228 	}
229 
230 	/* As soon as we clear busy, the xprt could be closed and
231 	 * 'put', so we need a reference to call svc_xprt_enqueue with:
232 	 */
233 	svc_xprt_get(xprt);
234 	smp_mb__before_atomic();
235 	clear_bit(XPT_BUSY, &xprt->xpt_flags);
236 	svc_xprt_enqueue(xprt);
237 	svc_xprt_put(xprt);
238 }
239 EXPORT_SYMBOL_GPL(svc_xprt_received);
240 
241 void svc_add_new_perm_xprt(struct svc_serv *serv, struct svc_xprt *new)
242 {
243 	clear_bit(XPT_TEMP, &new->xpt_flags);
244 	spin_lock_bh(&serv->sv_lock);
245 	list_add(&new->xpt_list, &serv->sv_permsocks);
246 	spin_unlock_bh(&serv->sv_lock);
247 	svc_xprt_received(new);
248 }
249 
250 static int _svc_xprt_create(struct svc_serv *serv, const char *xprt_name,
251 			    struct net *net, struct sockaddr *sap,
252 			    size_t len, int flags, const struct cred *cred)
253 {
254 	struct svc_xprt_class *xcl;
255 
256 	spin_lock(&svc_xprt_class_lock);
257 	list_for_each_entry(xcl, &svc_xprt_class_list, xcl_list) {
258 		struct svc_xprt *newxprt;
259 		unsigned short newport;
260 
261 		if (strcmp(xprt_name, xcl->xcl_name))
262 			continue;
263 
264 		if (!try_module_get(xcl->xcl_owner))
265 			goto err;
266 
267 		spin_unlock(&svc_xprt_class_lock);
268 		newxprt = xcl->xcl_ops->xpo_create(serv, net, sap, len, flags);
269 		if (IS_ERR(newxprt)) {
270 			trace_svc_xprt_create_err(serv->sv_program->pg_name,
271 						  xcl->xcl_name, sap, len,
272 						  newxprt);
273 			module_put(xcl->xcl_owner);
274 			return PTR_ERR(newxprt);
275 		}
276 		newxprt->xpt_cred = get_cred(cred);
277 		svc_add_new_perm_xprt(serv, newxprt);
278 		newport = svc_xprt_local_port(newxprt);
279 		return newport;
280 	}
281  err:
282 	spin_unlock(&svc_xprt_class_lock);
283 	/* This errno is exposed to user space.  Provide a reasonable
284 	 * perror msg for a bad transport. */
285 	return -EPROTONOSUPPORT;
286 }
287 
288 /**
289  * svc_xprt_create_from_sa - Add a new listener to @serv from socket address
290  * @serv: target RPC service
291  * @xprt_name: transport class name
292  * @net: network namespace
293  * @sap: socket address pointer
294  * @flags: SVC_SOCK flags
295  * @cred: credential to bind to this transport
296  *
297  * Return local xprt port on success or %-EPROTONOSUPPORT on failure
298  */
299 int svc_xprt_create_from_sa(struct svc_serv *serv, const char *xprt_name,
300 			    struct net *net, struct sockaddr *sap,
301 			    int flags, const struct cred *cred)
302 {
303 	size_t len;
304 	int err;
305 
306 	switch (sap->sa_family) {
307 	case AF_INET:
308 		len = sizeof(struct sockaddr_in);
309 		break;
310 #if IS_ENABLED(CONFIG_IPV6)
311 	case AF_INET6:
312 		len = sizeof(struct sockaddr_in6);
313 		break;
314 #endif
315 	default:
316 		return -EAFNOSUPPORT;
317 	}
318 
319 	err = _svc_xprt_create(serv, xprt_name, net, sap, len, flags, cred);
320 	if (err == -EPROTONOSUPPORT) {
321 		request_module("svc%s", xprt_name);
322 		err = _svc_xprt_create(serv, xprt_name, net, sap, len, flags,
323 				       cred);
324 	}
325 
326 	return err;
327 }
328 EXPORT_SYMBOL_GPL(svc_xprt_create_from_sa);
329 
330 /**
331  * svc_xprt_create - Add a new listener to @serv
332  * @serv: target RPC service
333  * @xprt_name: transport class name
334  * @net: network namespace
335  * @family: network address family
336  * @port: listener port
337  * @flags: SVC_SOCK flags
338  * @cred: credential to bind to this transport
339  *
340  * Return local xprt port on success or %-EPROTONOSUPPORT on failure
341  */
342 int svc_xprt_create(struct svc_serv *serv, const char *xprt_name,
343 		    struct net *net, const int family,
344 		    const unsigned short port, int flags,
345 		    const struct cred *cred)
346 {
347 	struct sockaddr_in sin = {
348 		.sin_family		= AF_INET,
349 		.sin_addr.s_addr	= htonl(INADDR_ANY),
350 		.sin_port		= htons(port),
351 	};
352 #if IS_ENABLED(CONFIG_IPV6)
353 	struct sockaddr_in6 sin6 = {
354 		.sin6_family		= AF_INET6,
355 		.sin6_addr		= IN6ADDR_ANY_INIT,
356 		.sin6_port		= htons(port),
357 	};
358 #endif
359 	struct sockaddr *sap;
360 
361 	switch (family) {
362 	case PF_INET:
363 		sap = (struct sockaddr *)&sin;
364 		break;
365 #if IS_ENABLED(CONFIG_IPV6)
366 	case PF_INET6:
367 		sap = (struct sockaddr *)&sin6;
368 		break;
369 #endif
370 	default:
371 		return -EAFNOSUPPORT;
372 	}
373 
374 	return svc_xprt_create_from_sa(serv, xprt_name, net, sap, flags, cred);
375 }
376 EXPORT_SYMBOL_GPL(svc_xprt_create);
377 
378 /*
379  * Copy the local and remote xprt addresses to the rqstp structure
380  */
381 void svc_xprt_copy_addrs(struct svc_rqst *rqstp, struct svc_xprt *xprt)
382 {
383 	memcpy(&rqstp->rq_addr, &xprt->xpt_remote, xprt->xpt_remotelen);
384 	rqstp->rq_addrlen = xprt->xpt_remotelen;
385 
386 	/*
387 	 * Destination address in request is needed for binding the
388 	 * source address in RPC replies/callbacks later.
389 	 */
390 	memcpy(&rqstp->rq_daddr, &xprt->xpt_local, xprt->xpt_locallen);
391 	rqstp->rq_daddrlen = xprt->xpt_locallen;
392 }
393 EXPORT_SYMBOL_GPL(svc_xprt_copy_addrs);
394 
395 /**
396  * svc_print_addr - Format rq_addr field for printing
397  * @rqstp: svc_rqst struct containing address to print
398  * @buf: target buffer for formatted address
399  * @len: length of target buffer
400  *
401  */
402 char *svc_print_addr(struct svc_rqst *rqstp, char *buf, size_t len)
403 {
404 	return __svc_print_addr(svc_addr(rqstp), buf, len);
405 }
406 EXPORT_SYMBOL_GPL(svc_print_addr);
407 
408 static bool svc_xprt_slots_in_range(struct svc_xprt *xprt)
409 {
410 	unsigned int limit = svc_rpc_per_connection_limit;
411 	int nrqsts = atomic_read(&xprt->xpt_nr_rqsts);
412 
413 	return limit == 0 || (nrqsts >= 0 && nrqsts < limit);
414 }
415 
416 static bool svc_xprt_reserve_slot(struct svc_rqst *rqstp, struct svc_xprt *xprt)
417 {
418 	if (!test_bit(RQ_DATA, &rqstp->rq_flags)) {
419 		if (!svc_xprt_slots_in_range(xprt))
420 			return false;
421 		atomic_inc(&xprt->xpt_nr_rqsts);
422 		set_bit(RQ_DATA, &rqstp->rq_flags);
423 	}
424 	return true;
425 }
426 
427 static void svc_xprt_release_slot(struct svc_rqst *rqstp)
428 {
429 	struct svc_xprt	*xprt = rqstp->rq_xprt;
430 	if (test_and_clear_bit(RQ_DATA, &rqstp->rq_flags)) {
431 		atomic_dec(&xprt->xpt_nr_rqsts);
432 		smp_wmb(); /* See smp_rmb() in svc_xprt_ready() */
433 		svc_xprt_enqueue(xprt);
434 	}
435 }
436 
437 static bool svc_xprt_ready(struct svc_xprt *xprt)
438 {
439 	unsigned long xpt_flags;
440 
441 	/*
442 	 * If another cpu has recently updated xpt_flags,
443 	 * sk_sock->flags, xpt_reserved, or xpt_nr_rqsts, we need to
444 	 * know about it; otherwise it's possible that both that cpu and
445 	 * this one could call svc_xprt_enqueue() without either
446 	 * svc_xprt_enqueue() recognizing that the conditions below
447 	 * are satisfied, and we could stall indefinitely:
448 	 */
449 	smp_rmb();
450 	xpt_flags = READ_ONCE(xprt->xpt_flags);
451 
452 	trace_svc_xprt_enqueue(xprt, xpt_flags);
453 	if (xpt_flags & BIT(XPT_BUSY))
454 		return false;
455 	if (xpt_flags & (BIT(XPT_CONN) | BIT(XPT_CLOSE) | BIT(XPT_HANDSHAKE)))
456 		return true;
457 	if (xpt_flags & (BIT(XPT_DATA) | BIT(XPT_DEFERRED))) {
458 		if (xprt->xpt_ops->xpo_has_wspace(xprt) &&
459 		    svc_xprt_slots_in_range(xprt))
460 			return true;
461 		trace_svc_xprt_no_write_space(xprt);
462 		return false;
463 	}
464 	return false;
465 }
466 
467 /**
468  * svc_xprt_enqueue - Queue a transport on an idle nfsd thread
469  * @xprt: transport with data pending
470  *
471  */
472 void svc_xprt_enqueue(struct svc_xprt *xprt)
473 {
474 	struct svc_pool *pool;
475 
476 	if (!svc_xprt_ready(xprt))
477 		return;
478 
479 	/* Mark transport as busy. It will remain in this state until
480 	 * the provider calls svc_xprt_received. We update XPT_BUSY
481 	 * atomically because it also guards against trying to enqueue
482 	 * the transport twice.
483 	 */
484 	if (test_and_set_bit(XPT_BUSY, &xprt->xpt_flags))
485 		return;
486 
487 	pool = svc_pool_for_cpu(xprt->xpt_server);
488 
489 	percpu_counter_inc(&pool->sp_sockets_queued);
490 	lwq_enqueue(&xprt->xpt_ready, &pool->sp_xprts);
491 
492 	svc_pool_wake_idle_thread(pool);
493 }
494 EXPORT_SYMBOL_GPL(svc_xprt_enqueue);
495 
496 /*
497  * Dequeue the first transport, if there is one.
498  */
499 static struct svc_xprt *svc_xprt_dequeue(struct svc_pool *pool)
500 {
501 	struct svc_xprt	*xprt = NULL;
502 
503 	xprt = lwq_dequeue(&pool->sp_xprts, struct svc_xprt, xpt_ready);
504 	if (xprt)
505 		svc_xprt_get(xprt);
506 	return xprt;
507 }
508 
509 /**
510  * svc_reserve - change the space reserved for the reply to a request.
511  * @rqstp:  The request in question
512  * @space: new max space to reserve
513  *
514  * Each request reserves some space on the output queue of the transport
515  * to make sure the reply fits.  This function reduces that reserved
516  * space to be the amount of space used already, plus @space.
517  *
518  */
519 void svc_reserve(struct svc_rqst *rqstp, int space)
520 {
521 	struct svc_xprt *xprt = rqstp->rq_xprt;
522 
523 	space += rqstp->rq_res.head[0].iov_len;
524 
525 	if (xprt && space < rqstp->rq_reserved) {
526 		atomic_sub((rqstp->rq_reserved - space), &xprt->xpt_reserved);
527 		rqstp->rq_reserved = space;
528 		smp_wmb(); /* See smp_rmb() in svc_xprt_ready() */
529 		svc_xprt_enqueue(xprt);
530 	}
531 }
532 EXPORT_SYMBOL_GPL(svc_reserve);
533 
534 static void free_deferred(struct svc_xprt *xprt, struct svc_deferred_req *dr)
535 {
536 	if (!dr)
537 		return;
538 
539 	xprt->xpt_ops->xpo_release_ctxt(xprt, dr->xprt_ctxt);
540 	kfree(dr);
541 }
542 
543 static void svc_xprt_release(struct svc_rqst *rqstp)
544 {
545 	struct svc_xprt	*xprt = rqstp->rq_xprt;
546 
547 	xprt->xpt_ops->xpo_release_ctxt(xprt, rqstp->rq_xprt_ctxt);
548 	rqstp->rq_xprt_ctxt = NULL;
549 
550 	free_deferred(xprt, rqstp->rq_deferred);
551 	rqstp->rq_deferred = NULL;
552 
553 	svc_rqst_release_pages(rqstp);
554 	rqstp->rq_res.page_len = 0;
555 	rqstp->rq_res.page_base = 0;
556 
557 	/* Reset response buffer and release
558 	 * the reservation.
559 	 * But first, check that enough space was reserved
560 	 * for the reply, otherwise we have a bug!
561 	 */
562 	if ((rqstp->rq_res.len) >  rqstp->rq_reserved)
563 		printk(KERN_ERR "RPC request reserved %d but used %d\n",
564 		       rqstp->rq_reserved,
565 		       rqstp->rq_res.len);
566 
567 	rqstp->rq_res.head[0].iov_len = 0;
568 	svc_reserve(rqstp, 0);
569 	svc_xprt_release_slot(rqstp);
570 	rqstp->rq_xprt = NULL;
571 	svc_xprt_put(xprt);
572 }
573 
574 /**
575  * svc_wake_up - Wake up a service thread for non-transport work
576  * @serv: RPC service
577  *
578  * Some svc_serv's will have occasional work to do, even when a xprt is not
579  * waiting to be serviced. This function is there to "kick" a task in one of
580  * those services so that it can wake up and do that work. Note that we only
581  * bother with pool 0 as we don't need to wake up more than one thread for
582  * this purpose.
583  */
584 void svc_wake_up(struct svc_serv *serv)
585 {
586 	struct svc_pool *pool = &serv->sv_pools[0];
587 
588 	set_bit(SP_TASK_PENDING, &pool->sp_flags);
589 	svc_pool_wake_idle_thread(pool);
590 }
591 EXPORT_SYMBOL_GPL(svc_wake_up);
592 
593 int svc_port_is_privileged(struct sockaddr *sin)
594 {
595 	switch (sin->sa_family) {
596 	case AF_INET:
597 		return ntohs(((struct sockaddr_in *)sin)->sin_port)
598 			< PROT_SOCK;
599 	case AF_INET6:
600 		return ntohs(((struct sockaddr_in6 *)sin)->sin6_port)
601 			< PROT_SOCK;
602 	default:
603 		return 0;
604 	}
605 }
606 
607 /*
608  * Make sure that we don't have too many active connections. If we have,
609  * something must be dropped. It's not clear what will happen if we allow
610  * "too many" connections, but when dealing with network-facing software,
611  * we have to code defensively. Here we do that by imposing hard limits.
612  *
613  * There's no point in trying to do random drop here for DoS
614  * prevention. The NFS clients does 1 reconnect in 15 seconds. An
615  * attacker can easily beat that.
616  *
617  * The only somewhat efficient mechanism would be if drop old
618  * connections from the same IP first. But right now we don't even
619  * record the client IP in svc_sock.
620  *
621  * single-threaded services that expect a lot of clients will probably
622  * need to set sv_maxconn to override the default value which is based
623  * on the number of threads
624  */
625 static void svc_check_conn_limits(struct svc_serv *serv)
626 {
627 	unsigned int limit = serv->sv_maxconn ? serv->sv_maxconn :
628 				(serv->sv_nrthreads+3) * 20;
629 
630 	if (serv->sv_tmpcnt > limit) {
631 		struct svc_xprt *xprt = NULL;
632 		spin_lock_bh(&serv->sv_lock);
633 		if (!list_empty(&serv->sv_tempsocks)) {
634 			/* Try to help the admin */
635 			net_notice_ratelimited("%s: too many open connections, consider increasing the %s\n",
636 					       serv->sv_name, serv->sv_maxconn ?
637 					       "max number of connections" :
638 					       "number of threads");
639 			/*
640 			 * Always select the oldest connection. It's not fair,
641 			 * but so is life
642 			 */
643 			xprt = list_entry(serv->sv_tempsocks.prev,
644 					  struct svc_xprt,
645 					  xpt_list);
646 			set_bit(XPT_CLOSE, &xprt->xpt_flags);
647 			svc_xprt_get(xprt);
648 		}
649 		spin_unlock_bh(&serv->sv_lock);
650 
651 		if (xprt) {
652 			svc_xprt_enqueue(xprt);
653 			svc_xprt_put(xprt);
654 		}
655 	}
656 }
657 
658 static bool svc_alloc_arg(struct svc_rqst *rqstp)
659 {
660 	struct svc_serv *serv = rqstp->rq_server;
661 	struct xdr_buf *arg = &rqstp->rq_arg;
662 	unsigned long pages, filled, ret;
663 
664 	pages = (serv->sv_max_mesg + 2 * PAGE_SIZE) >> PAGE_SHIFT;
665 	if (pages > RPCSVC_MAXPAGES) {
666 		pr_warn_once("svc: warning: pages=%lu > RPCSVC_MAXPAGES=%lu\n",
667 			     pages, RPCSVC_MAXPAGES);
668 		/* use as many pages as possible */
669 		pages = RPCSVC_MAXPAGES;
670 	}
671 
672 	for (filled = 0; filled < pages; filled = ret) {
673 		ret = alloc_pages_bulk_array(GFP_KERNEL, pages,
674 					     rqstp->rq_pages);
675 		if (ret > filled)
676 			/* Made progress, don't sleep yet */
677 			continue;
678 
679 		set_current_state(TASK_IDLE);
680 		if (svc_thread_should_stop(rqstp)) {
681 			set_current_state(TASK_RUNNING);
682 			return false;
683 		}
684 		trace_svc_alloc_arg_err(pages, ret);
685 		memalloc_retry_wait(GFP_KERNEL);
686 	}
687 	rqstp->rq_page_end = &rqstp->rq_pages[pages];
688 	rqstp->rq_pages[pages] = NULL; /* this might be seen in nfsd_splice_actor() */
689 
690 	/* Make arg->head point to first page and arg->pages point to rest */
691 	arg->head[0].iov_base = page_address(rqstp->rq_pages[0]);
692 	arg->head[0].iov_len = PAGE_SIZE;
693 	arg->pages = rqstp->rq_pages + 1;
694 	arg->page_base = 0;
695 	/* save at least one page for response */
696 	arg->page_len = (pages-2)*PAGE_SIZE;
697 	arg->len = (pages-1)*PAGE_SIZE;
698 	arg->tail[0].iov_len = 0;
699 
700 	rqstp->rq_xid = xdr_zero;
701 	return true;
702 }
703 
704 static bool
705 svc_thread_should_sleep(struct svc_rqst *rqstp)
706 {
707 	struct svc_pool		*pool = rqstp->rq_pool;
708 
709 	/* did someone call svc_wake_up? */
710 	if (test_bit(SP_TASK_PENDING, &pool->sp_flags))
711 		return false;
712 
713 	/* was a socket queued? */
714 	if (!lwq_empty(&pool->sp_xprts))
715 		return false;
716 
717 	/* are we shutting down? */
718 	if (svc_thread_should_stop(rqstp))
719 		return false;
720 
721 #if defined(CONFIG_SUNRPC_BACKCHANNEL)
722 	if (svc_is_backchannel(rqstp)) {
723 		if (!lwq_empty(&rqstp->rq_server->sv_cb_list))
724 			return false;
725 	}
726 #endif
727 
728 	return true;
729 }
730 
731 static void svc_thread_wait_for_work(struct svc_rqst *rqstp)
732 {
733 	struct svc_pool *pool = rqstp->rq_pool;
734 
735 	if (svc_thread_should_sleep(rqstp)) {
736 		set_current_state(TASK_IDLE | TASK_FREEZABLE);
737 		llist_add(&rqstp->rq_idle, &pool->sp_idle_threads);
738 		if (likely(svc_thread_should_sleep(rqstp)))
739 			schedule();
740 
741 		while (!llist_del_first_this(&pool->sp_idle_threads,
742 					     &rqstp->rq_idle)) {
743 			/* Work just became available.  This thread can only
744 			 * handle it after removing rqstp from the idle
745 			 * list. If that attempt failed, some other thread
746 			 * must have queued itself after finding no
747 			 * work to do, so that thread has taken responsibly
748 			 * for this new work.  This thread can safely sleep
749 			 * until woken again.
750 			 */
751 			schedule();
752 			set_current_state(TASK_IDLE | TASK_FREEZABLE);
753 		}
754 		__set_current_state(TASK_RUNNING);
755 	} else {
756 		cond_resched();
757 	}
758 	try_to_freeze();
759 }
760 
761 static void svc_add_new_temp_xprt(struct svc_serv *serv, struct svc_xprt *newxpt)
762 {
763 	spin_lock_bh(&serv->sv_lock);
764 	set_bit(XPT_TEMP, &newxpt->xpt_flags);
765 	list_add(&newxpt->xpt_list, &serv->sv_tempsocks);
766 	serv->sv_tmpcnt++;
767 	if (serv->sv_temptimer.function == NULL) {
768 		/* setup timer to age temp transports */
769 		serv->sv_temptimer.function = svc_age_temp_xprts;
770 		mod_timer(&serv->sv_temptimer,
771 			  jiffies + svc_conn_age_period * HZ);
772 	}
773 	spin_unlock_bh(&serv->sv_lock);
774 	svc_xprt_received(newxpt);
775 }
776 
777 static void svc_handle_xprt(struct svc_rqst *rqstp, struct svc_xprt *xprt)
778 {
779 	struct svc_serv *serv = rqstp->rq_server;
780 	int len = 0;
781 
782 	if (test_bit(XPT_CLOSE, &xprt->xpt_flags)) {
783 		if (test_and_clear_bit(XPT_KILL_TEMP, &xprt->xpt_flags))
784 			xprt->xpt_ops->xpo_kill_temp_xprt(xprt);
785 		svc_delete_xprt(xprt);
786 		/* Leave XPT_BUSY set on the dead xprt: */
787 		goto out;
788 	}
789 	if (test_bit(XPT_LISTENER, &xprt->xpt_flags)) {
790 		struct svc_xprt *newxpt;
791 		/*
792 		 * We know this module_get will succeed because the
793 		 * listener holds a reference too
794 		 */
795 		__module_get(xprt->xpt_class->xcl_owner);
796 		svc_check_conn_limits(xprt->xpt_server);
797 		newxpt = xprt->xpt_ops->xpo_accept(xprt);
798 		if (newxpt) {
799 			newxpt->xpt_cred = get_cred(xprt->xpt_cred);
800 			svc_add_new_temp_xprt(serv, newxpt);
801 			trace_svc_xprt_accept(newxpt, serv->sv_name);
802 		} else {
803 			module_put(xprt->xpt_class->xcl_owner);
804 		}
805 		svc_xprt_received(xprt);
806 	} else if (test_bit(XPT_HANDSHAKE, &xprt->xpt_flags)) {
807 		xprt->xpt_ops->xpo_handshake(xprt);
808 		svc_xprt_received(xprt);
809 	} else if (svc_xprt_reserve_slot(rqstp, xprt)) {
810 		/* XPT_DATA|XPT_DEFERRED case: */
811 		rqstp->rq_deferred = svc_deferred_dequeue(xprt);
812 		if (rqstp->rq_deferred)
813 			len = svc_deferred_recv(rqstp);
814 		else
815 			len = xprt->xpt_ops->xpo_recvfrom(rqstp);
816 		rqstp->rq_reserved = serv->sv_max_mesg;
817 		atomic_add(rqstp->rq_reserved, &xprt->xpt_reserved);
818 		if (len <= 0)
819 			goto out;
820 
821 		trace_svc_xdr_recvfrom(&rqstp->rq_arg);
822 
823 		clear_bit(XPT_OLD, &xprt->xpt_flags);
824 
825 		rqstp->rq_chandle.defer = svc_defer;
826 
827 		if (serv->sv_stats)
828 			serv->sv_stats->netcnt++;
829 		percpu_counter_inc(&rqstp->rq_pool->sp_messages_arrived);
830 		rqstp->rq_stime = ktime_get();
831 		svc_process(rqstp);
832 	} else
833 		svc_xprt_received(xprt);
834 
835 out:
836 	rqstp->rq_res.len = 0;
837 	svc_xprt_release(rqstp);
838 }
839 
840 static void svc_thread_wake_next(struct svc_rqst *rqstp)
841 {
842 	if (!svc_thread_should_sleep(rqstp))
843 		/* More work pending after I dequeued some,
844 		 * wake another worker
845 		 */
846 		svc_pool_wake_idle_thread(rqstp->rq_pool);
847 }
848 
849 /**
850  * svc_recv - Receive and process the next request on any transport
851  * @rqstp: an idle RPC service thread
852  *
853  * This code is carefully organised not to touch any cachelines in
854  * the shared svc_serv structure, only cachelines in the local
855  * svc_pool.
856  */
857 void svc_recv(struct svc_rqst *rqstp)
858 {
859 	struct svc_pool *pool = rqstp->rq_pool;
860 
861 	if (!svc_alloc_arg(rqstp))
862 		return;
863 
864 	svc_thread_wait_for_work(rqstp);
865 
866 	clear_bit(SP_TASK_PENDING, &pool->sp_flags);
867 
868 	if (svc_thread_should_stop(rqstp)) {
869 		svc_thread_wake_next(rqstp);
870 		return;
871 	}
872 
873 	rqstp->rq_xprt = svc_xprt_dequeue(pool);
874 	if (rqstp->rq_xprt) {
875 		struct svc_xprt *xprt = rqstp->rq_xprt;
876 
877 		svc_thread_wake_next(rqstp);
878 		/* Normally we will wait up to 5 seconds for any required
879 		 * cache information to be provided.  When there are no
880 		 * idle threads, we reduce the wait time.
881 		 */
882 		if (pool->sp_idle_threads.first)
883 			rqstp->rq_chandle.thread_wait = 5 * HZ;
884 		else
885 			rqstp->rq_chandle.thread_wait = 1 * HZ;
886 
887 		trace_svc_xprt_dequeue(rqstp);
888 		svc_handle_xprt(rqstp, xprt);
889 	}
890 
891 #if defined(CONFIG_SUNRPC_BACKCHANNEL)
892 	if (svc_is_backchannel(rqstp)) {
893 		struct svc_serv *serv = rqstp->rq_server;
894 		struct rpc_rqst *req;
895 
896 		req = lwq_dequeue(&serv->sv_cb_list,
897 				  struct rpc_rqst, rq_bc_list);
898 		if (req) {
899 			svc_thread_wake_next(rqstp);
900 			svc_process_bc(req, rqstp);
901 		}
902 	}
903 #endif
904 }
905 EXPORT_SYMBOL_GPL(svc_recv);
906 
907 /*
908  * Drop request
909  */
910 void svc_drop(struct svc_rqst *rqstp)
911 {
912 	trace_svc_drop(rqstp);
913 }
914 EXPORT_SYMBOL_GPL(svc_drop);
915 
916 /**
917  * svc_send - Return reply to client
918  * @rqstp: RPC transaction context
919  *
920  */
921 void svc_send(struct svc_rqst *rqstp)
922 {
923 	struct svc_xprt	*xprt;
924 	struct xdr_buf	*xb;
925 	int status;
926 
927 	xprt = rqstp->rq_xprt;
928 
929 	/* calculate over-all length */
930 	xb = &rqstp->rq_res;
931 	xb->len = xb->head[0].iov_len +
932 		xb->page_len +
933 		xb->tail[0].iov_len;
934 	trace_svc_xdr_sendto(rqstp->rq_xid, xb);
935 	trace_svc_stats_latency(rqstp);
936 
937 	status = xprt->xpt_ops->xpo_sendto(rqstp);
938 
939 	trace_svc_send(rqstp, status);
940 }
941 
942 /*
943  * Timer function to close old temporary transports, using
944  * a mark-and-sweep algorithm.
945  */
946 static void svc_age_temp_xprts(struct timer_list *t)
947 {
948 	struct svc_serv *serv = from_timer(serv, t, sv_temptimer);
949 	struct svc_xprt *xprt;
950 	struct list_head *le, *next;
951 
952 	dprintk("svc_age_temp_xprts\n");
953 
954 	if (!spin_trylock_bh(&serv->sv_lock)) {
955 		/* busy, try again 1 sec later */
956 		dprintk("svc_age_temp_xprts: busy\n");
957 		mod_timer(&serv->sv_temptimer, jiffies + HZ);
958 		return;
959 	}
960 
961 	list_for_each_safe(le, next, &serv->sv_tempsocks) {
962 		xprt = list_entry(le, struct svc_xprt, xpt_list);
963 
964 		/* First time through, just mark it OLD. Second time
965 		 * through, close it. */
966 		if (!test_and_set_bit(XPT_OLD, &xprt->xpt_flags))
967 			continue;
968 		if (kref_read(&xprt->xpt_ref) > 1 ||
969 		    test_bit(XPT_BUSY, &xprt->xpt_flags))
970 			continue;
971 		list_del_init(le);
972 		set_bit(XPT_CLOSE, &xprt->xpt_flags);
973 		dprintk("queuing xprt %p for closing\n", xprt);
974 
975 		/* a thread will dequeue and close it soon */
976 		svc_xprt_enqueue(xprt);
977 	}
978 	spin_unlock_bh(&serv->sv_lock);
979 
980 	mod_timer(&serv->sv_temptimer, jiffies + svc_conn_age_period * HZ);
981 }
982 
983 /* Close temporary transports whose xpt_local matches server_addr immediately
984  * instead of waiting for them to be picked up by the timer.
985  *
986  * This is meant to be called from a notifier_block that runs when an ip
987  * address is deleted.
988  */
989 void svc_age_temp_xprts_now(struct svc_serv *serv, struct sockaddr *server_addr)
990 {
991 	struct svc_xprt *xprt;
992 	struct list_head *le, *next;
993 	LIST_HEAD(to_be_closed);
994 
995 	spin_lock_bh(&serv->sv_lock);
996 	list_for_each_safe(le, next, &serv->sv_tempsocks) {
997 		xprt = list_entry(le, struct svc_xprt, xpt_list);
998 		if (rpc_cmp_addr(server_addr, (struct sockaddr *)
999 				&xprt->xpt_local)) {
1000 			dprintk("svc_age_temp_xprts_now: found %p\n", xprt);
1001 			list_move(le, &to_be_closed);
1002 		}
1003 	}
1004 	spin_unlock_bh(&serv->sv_lock);
1005 
1006 	while (!list_empty(&to_be_closed)) {
1007 		le = to_be_closed.next;
1008 		list_del_init(le);
1009 		xprt = list_entry(le, struct svc_xprt, xpt_list);
1010 		set_bit(XPT_CLOSE, &xprt->xpt_flags);
1011 		set_bit(XPT_KILL_TEMP, &xprt->xpt_flags);
1012 		dprintk("svc_age_temp_xprts_now: queuing xprt %p for closing\n",
1013 				xprt);
1014 		svc_xprt_enqueue(xprt);
1015 	}
1016 }
1017 EXPORT_SYMBOL_GPL(svc_age_temp_xprts_now);
1018 
1019 static void call_xpt_users(struct svc_xprt *xprt)
1020 {
1021 	struct svc_xpt_user *u;
1022 
1023 	spin_lock(&xprt->xpt_lock);
1024 	while (!list_empty(&xprt->xpt_users)) {
1025 		u = list_first_entry(&xprt->xpt_users, struct svc_xpt_user, list);
1026 		list_del_init(&u->list);
1027 		u->callback(u);
1028 	}
1029 	spin_unlock(&xprt->xpt_lock);
1030 }
1031 
1032 /*
1033  * Remove a dead transport
1034  */
1035 static void svc_delete_xprt(struct svc_xprt *xprt)
1036 {
1037 	struct svc_serv	*serv = xprt->xpt_server;
1038 	struct svc_deferred_req *dr;
1039 
1040 	if (test_and_set_bit(XPT_DEAD, &xprt->xpt_flags))
1041 		return;
1042 
1043 	trace_svc_xprt_detach(xprt);
1044 	xprt->xpt_ops->xpo_detach(xprt);
1045 	if (xprt->xpt_bc_xprt)
1046 		xprt->xpt_bc_xprt->ops->close(xprt->xpt_bc_xprt);
1047 
1048 	spin_lock_bh(&serv->sv_lock);
1049 	list_del_init(&xprt->xpt_list);
1050 	if (test_bit(XPT_TEMP, &xprt->xpt_flags))
1051 		serv->sv_tmpcnt--;
1052 	spin_unlock_bh(&serv->sv_lock);
1053 
1054 	while ((dr = svc_deferred_dequeue(xprt)) != NULL)
1055 		free_deferred(xprt, dr);
1056 
1057 	call_xpt_users(xprt);
1058 	svc_xprt_put(xprt);
1059 }
1060 
1061 /**
1062  * svc_xprt_close - Close a client connection
1063  * @xprt: transport to disconnect
1064  *
1065  */
1066 void svc_xprt_close(struct svc_xprt *xprt)
1067 {
1068 	trace_svc_xprt_close(xprt);
1069 	set_bit(XPT_CLOSE, &xprt->xpt_flags);
1070 	if (test_and_set_bit(XPT_BUSY, &xprt->xpt_flags))
1071 		/* someone else will have to effect the close */
1072 		return;
1073 	/*
1074 	 * We expect svc_close_xprt() to work even when no threads are
1075 	 * running (e.g., while configuring the server before starting
1076 	 * any threads), so if the transport isn't busy, we delete
1077 	 * it ourself:
1078 	 */
1079 	svc_delete_xprt(xprt);
1080 }
1081 EXPORT_SYMBOL_GPL(svc_xprt_close);
1082 
1083 static int svc_close_list(struct svc_serv *serv, struct list_head *xprt_list, struct net *net)
1084 {
1085 	struct svc_xprt *xprt;
1086 	int ret = 0;
1087 
1088 	spin_lock_bh(&serv->sv_lock);
1089 	list_for_each_entry(xprt, xprt_list, xpt_list) {
1090 		if (xprt->xpt_net != net)
1091 			continue;
1092 		ret++;
1093 		set_bit(XPT_CLOSE, &xprt->xpt_flags);
1094 		svc_xprt_enqueue(xprt);
1095 	}
1096 	spin_unlock_bh(&serv->sv_lock);
1097 	return ret;
1098 }
1099 
1100 static void svc_clean_up_xprts(struct svc_serv *serv, struct net *net)
1101 {
1102 	struct svc_xprt *xprt;
1103 	int i;
1104 
1105 	for (i = 0; i < serv->sv_nrpools; i++) {
1106 		struct svc_pool *pool = &serv->sv_pools[i];
1107 		struct llist_node *q, **t1, *t2;
1108 
1109 		q = lwq_dequeue_all(&pool->sp_xprts);
1110 		lwq_for_each_safe(xprt, t1, t2, &q, xpt_ready) {
1111 			if (xprt->xpt_net == net) {
1112 				set_bit(XPT_CLOSE, &xprt->xpt_flags);
1113 				svc_delete_xprt(xprt);
1114 				xprt = NULL;
1115 			}
1116 		}
1117 
1118 		if (q)
1119 			lwq_enqueue_batch(q, &pool->sp_xprts);
1120 	}
1121 }
1122 
1123 /**
1124  * svc_xprt_destroy_all - Destroy transports associated with @serv
1125  * @serv: RPC service to be shut down
1126  * @net: target network namespace
1127  *
1128  * Server threads may still be running (especially in the case where the
1129  * service is still running in other network namespaces).
1130  *
1131  * So we shut down sockets the same way we would on a running server, by
1132  * setting XPT_CLOSE, enqueuing, and letting a thread pick it up to do
1133  * the close.  In the case there are no such other threads,
1134  * threads running, svc_clean_up_xprts() does a simple version of a
1135  * server's main event loop, and in the case where there are other
1136  * threads, we may need to wait a little while and then check again to
1137  * see if they're done.
1138  */
1139 void svc_xprt_destroy_all(struct svc_serv *serv, struct net *net)
1140 {
1141 	int delay = 0;
1142 
1143 	while (svc_close_list(serv, &serv->sv_permsocks, net) +
1144 	       svc_close_list(serv, &serv->sv_tempsocks, net)) {
1145 
1146 		svc_clean_up_xprts(serv, net);
1147 		msleep(delay++);
1148 	}
1149 }
1150 EXPORT_SYMBOL_GPL(svc_xprt_destroy_all);
1151 
1152 /*
1153  * Handle defer and revisit of requests
1154  */
1155 
1156 static void svc_revisit(struct cache_deferred_req *dreq, int too_many)
1157 {
1158 	struct svc_deferred_req *dr =
1159 		container_of(dreq, struct svc_deferred_req, handle);
1160 	struct svc_xprt *xprt = dr->xprt;
1161 
1162 	spin_lock(&xprt->xpt_lock);
1163 	set_bit(XPT_DEFERRED, &xprt->xpt_flags);
1164 	if (too_many || test_bit(XPT_DEAD, &xprt->xpt_flags)) {
1165 		spin_unlock(&xprt->xpt_lock);
1166 		trace_svc_defer_drop(dr);
1167 		free_deferred(xprt, dr);
1168 		svc_xprt_put(xprt);
1169 		return;
1170 	}
1171 	dr->xprt = NULL;
1172 	list_add(&dr->handle.recent, &xprt->xpt_deferred);
1173 	spin_unlock(&xprt->xpt_lock);
1174 	trace_svc_defer_queue(dr);
1175 	svc_xprt_enqueue(xprt);
1176 	svc_xprt_put(xprt);
1177 }
1178 
1179 /*
1180  * Save the request off for later processing. The request buffer looks
1181  * like this:
1182  *
1183  * <xprt-header><rpc-header><rpc-pagelist><rpc-tail>
1184  *
1185  * This code can only handle requests that consist of an xprt-header
1186  * and rpc-header.
1187  */
1188 static struct cache_deferred_req *svc_defer(struct cache_req *req)
1189 {
1190 	struct svc_rqst *rqstp = container_of(req, struct svc_rqst, rq_chandle);
1191 	struct svc_deferred_req *dr;
1192 
1193 	if (rqstp->rq_arg.page_len || !test_bit(RQ_USEDEFERRAL, &rqstp->rq_flags))
1194 		return NULL; /* if more than a page, give up FIXME */
1195 	if (rqstp->rq_deferred) {
1196 		dr = rqstp->rq_deferred;
1197 		rqstp->rq_deferred = NULL;
1198 	} else {
1199 		size_t skip;
1200 		size_t size;
1201 		/* FIXME maybe discard if size too large */
1202 		size = sizeof(struct svc_deferred_req) + rqstp->rq_arg.len;
1203 		dr = kmalloc(size, GFP_KERNEL);
1204 		if (dr == NULL)
1205 			return NULL;
1206 
1207 		dr->handle.owner = rqstp->rq_server;
1208 		dr->prot = rqstp->rq_prot;
1209 		memcpy(&dr->addr, &rqstp->rq_addr, rqstp->rq_addrlen);
1210 		dr->addrlen = rqstp->rq_addrlen;
1211 		dr->daddr = rqstp->rq_daddr;
1212 		dr->argslen = rqstp->rq_arg.len >> 2;
1213 
1214 		/* back up head to the start of the buffer and copy */
1215 		skip = rqstp->rq_arg.len - rqstp->rq_arg.head[0].iov_len;
1216 		memcpy(dr->args, rqstp->rq_arg.head[0].iov_base - skip,
1217 		       dr->argslen << 2);
1218 	}
1219 	dr->xprt_ctxt = rqstp->rq_xprt_ctxt;
1220 	rqstp->rq_xprt_ctxt = NULL;
1221 	trace_svc_defer(rqstp);
1222 	svc_xprt_get(rqstp->rq_xprt);
1223 	dr->xprt = rqstp->rq_xprt;
1224 	set_bit(RQ_DROPME, &rqstp->rq_flags);
1225 
1226 	dr->handle.revisit = svc_revisit;
1227 	return &dr->handle;
1228 }
1229 
1230 /*
1231  * recv data from a deferred request into an active one
1232  */
1233 static noinline int svc_deferred_recv(struct svc_rqst *rqstp)
1234 {
1235 	struct svc_deferred_req *dr = rqstp->rq_deferred;
1236 
1237 	trace_svc_defer_recv(dr);
1238 
1239 	/* setup iov_base past transport header */
1240 	rqstp->rq_arg.head[0].iov_base = dr->args;
1241 	/* The iov_len does not include the transport header bytes */
1242 	rqstp->rq_arg.head[0].iov_len = dr->argslen << 2;
1243 	rqstp->rq_arg.page_len = 0;
1244 	/* The rq_arg.len includes the transport header bytes */
1245 	rqstp->rq_arg.len     = dr->argslen << 2;
1246 	rqstp->rq_prot        = dr->prot;
1247 	memcpy(&rqstp->rq_addr, &dr->addr, dr->addrlen);
1248 	rqstp->rq_addrlen     = dr->addrlen;
1249 	/* Save off transport header len in case we get deferred again */
1250 	rqstp->rq_daddr       = dr->daddr;
1251 	rqstp->rq_respages    = rqstp->rq_pages;
1252 	rqstp->rq_xprt_ctxt   = dr->xprt_ctxt;
1253 
1254 	dr->xprt_ctxt = NULL;
1255 	svc_xprt_received(rqstp->rq_xprt);
1256 	return dr->argslen << 2;
1257 }
1258 
1259 
1260 static struct svc_deferred_req *svc_deferred_dequeue(struct svc_xprt *xprt)
1261 {
1262 	struct svc_deferred_req *dr = NULL;
1263 
1264 	if (!test_bit(XPT_DEFERRED, &xprt->xpt_flags))
1265 		return NULL;
1266 	spin_lock(&xprt->xpt_lock);
1267 	if (!list_empty(&xprt->xpt_deferred)) {
1268 		dr = list_entry(xprt->xpt_deferred.next,
1269 				struct svc_deferred_req,
1270 				handle.recent);
1271 		list_del_init(&dr->handle.recent);
1272 	} else
1273 		clear_bit(XPT_DEFERRED, &xprt->xpt_flags);
1274 	spin_unlock(&xprt->xpt_lock);
1275 	return dr;
1276 }
1277 
1278 /**
1279  * svc_find_listener - find an RPC transport instance
1280  * @serv: pointer to svc_serv to search
1281  * @xcl_name: C string containing transport's class name
1282  * @net: owner net pointer
1283  * @sa: sockaddr containing address
1284  *
1285  * Return the transport instance pointer for the endpoint accepting
1286  * connections/peer traffic from the specified transport class,
1287  * and matching sockaddr.
1288  */
1289 struct svc_xprt *svc_find_listener(struct svc_serv *serv, const char *xcl_name,
1290 				   struct net *net, const struct sockaddr *sa)
1291 {
1292 	struct svc_xprt *xprt;
1293 	struct svc_xprt *found = NULL;
1294 
1295 	spin_lock_bh(&serv->sv_lock);
1296 	list_for_each_entry(xprt, &serv->sv_permsocks, xpt_list) {
1297 		if (xprt->xpt_net != net)
1298 			continue;
1299 		if (strcmp(xprt->xpt_class->xcl_name, xcl_name))
1300 			continue;
1301 		if (!rpc_cmp_addr_port(sa, (struct sockaddr *)&xprt->xpt_local))
1302 			continue;
1303 		found = xprt;
1304 		svc_xprt_get(xprt);
1305 		break;
1306 	}
1307 	spin_unlock_bh(&serv->sv_lock);
1308 	return found;
1309 }
1310 EXPORT_SYMBOL_GPL(svc_find_listener);
1311 
1312 /**
1313  * svc_find_xprt - find an RPC transport instance
1314  * @serv: pointer to svc_serv to search
1315  * @xcl_name: C string containing transport's class name
1316  * @net: owner net pointer
1317  * @af: Address family of transport's local address
1318  * @port: transport's IP port number
1319  *
1320  * Return the transport instance pointer for the endpoint accepting
1321  * connections/peer traffic from the specified transport class,
1322  * address family and port.
1323  *
1324  * Specifying 0 for the address family or port is effectively a
1325  * wild-card, and will result in matching the first transport in the
1326  * service's list that has a matching class name.
1327  */
1328 struct svc_xprt *svc_find_xprt(struct svc_serv *serv, const char *xcl_name,
1329 			       struct net *net, const sa_family_t af,
1330 			       const unsigned short port)
1331 {
1332 	struct svc_xprt *xprt;
1333 	struct svc_xprt *found = NULL;
1334 
1335 	/* Sanity check the args */
1336 	if (serv == NULL || xcl_name == NULL)
1337 		return found;
1338 
1339 	spin_lock_bh(&serv->sv_lock);
1340 	list_for_each_entry(xprt, &serv->sv_permsocks, xpt_list) {
1341 		if (xprt->xpt_net != net)
1342 			continue;
1343 		if (strcmp(xprt->xpt_class->xcl_name, xcl_name))
1344 			continue;
1345 		if (af != AF_UNSPEC && af != xprt->xpt_local.ss_family)
1346 			continue;
1347 		if (port != 0 && port != svc_xprt_local_port(xprt))
1348 			continue;
1349 		found = xprt;
1350 		svc_xprt_get(xprt);
1351 		break;
1352 	}
1353 	spin_unlock_bh(&serv->sv_lock);
1354 	return found;
1355 }
1356 EXPORT_SYMBOL_GPL(svc_find_xprt);
1357 
1358 static int svc_one_xprt_name(const struct svc_xprt *xprt,
1359 			     char *pos, int remaining)
1360 {
1361 	int len;
1362 
1363 	len = snprintf(pos, remaining, "%s %u\n",
1364 			xprt->xpt_class->xcl_name,
1365 			svc_xprt_local_port(xprt));
1366 	if (len >= remaining)
1367 		return -ENAMETOOLONG;
1368 	return len;
1369 }
1370 
1371 /**
1372  * svc_xprt_names - format a buffer with a list of transport names
1373  * @serv: pointer to an RPC service
1374  * @buf: pointer to a buffer to be filled in
1375  * @buflen: length of buffer to be filled in
1376  *
1377  * Fills in @buf with a string containing a list of transport names,
1378  * each name terminated with '\n'.
1379  *
1380  * Returns positive length of the filled-in string on success; otherwise
1381  * a negative errno value is returned if an error occurs.
1382  */
1383 int svc_xprt_names(struct svc_serv *serv, char *buf, const int buflen)
1384 {
1385 	struct svc_xprt *xprt;
1386 	int len, totlen;
1387 	char *pos;
1388 
1389 	/* Sanity check args */
1390 	if (!serv)
1391 		return 0;
1392 
1393 	spin_lock_bh(&serv->sv_lock);
1394 
1395 	pos = buf;
1396 	totlen = 0;
1397 	list_for_each_entry(xprt, &serv->sv_permsocks, xpt_list) {
1398 		len = svc_one_xprt_name(xprt, pos, buflen - totlen);
1399 		if (len < 0) {
1400 			*buf = '\0';
1401 			totlen = len;
1402 		}
1403 		if (len <= 0)
1404 			break;
1405 
1406 		pos += len;
1407 		totlen += len;
1408 	}
1409 
1410 	spin_unlock_bh(&serv->sv_lock);
1411 	return totlen;
1412 }
1413 EXPORT_SYMBOL_GPL(svc_xprt_names);
1414 
1415 /*----------------------------------------------------------------------------*/
1416 
1417 static void *svc_pool_stats_start(struct seq_file *m, loff_t *pos)
1418 {
1419 	unsigned int pidx = (unsigned int)*pos;
1420 	struct svc_info *si = m->private;
1421 
1422 	dprintk("svc_pool_stats_start, *pidx=%u\n", pidx);
1423 
1424 	mutex_lock(si->mutex);
1425 
1426 	if (!pidx)
1427 		return SEQ_START_TOKEN;
1428 	if (!si->serv)
1429 		return NULL;
1430 	return pidx > si->serv->sv_nrpools ? NULL
1431 		: &si->serv->sv_pools[pidx - 1];
1432 }
1433 
1434 static void *svc_pool_stats_next(struct seq_file *m, void *p, loff_t *pos)
1435 {
1436 	struct svc_pool *pool = p;
1437 	struct svc_info *si = m->private;
1438 	struct svc_serv *serv = si->serv;
1439 
1440 	dprintk("svc_pool_stats_next, *pos=%llu\n", *pos);
1441 
1442 	if (!serv) {
1443 		pool = NULL;
1444 	} else if (p == SEQ_START_TOKEN) {
1445 		pool = &serv->sv_pools[0];
1446 	} else {
1447 		unsigned int pidx = (pool - &serv->sv_pools[0]);
1448 		if (pidx < serv->sv_nrpools-1)
1449 			pool = &serv->sv_pools[pidx+1];
1450 		else
1451 			pool = NULL;
1452 	}
1453 	++*pos;
1454 	return pool;
1455 }
1456 
1457 static void svc_pool_stats_stop(struct seq_file *m, void *p)
1458 {
1459 	struct svc_info *si = m->private;
1460 
1461 	mutex_unlock(si->mutex);
1462 }
1463 
1464 static int svc_pool_stats_show(struct seq_file *m, void *p)
1465 {
1466 	struct svc_pool *pool = p;
1467 
1468 	if (p == SEQ_START_TOKEN) {
1469 		seq_puts(m, "# pool packets-arrived sockets-enqueued threads-woken threads-timedout\n");
1470 		return 0;
1471 	}
1472 
1473 	seq_printf(m, "%u %llu %llu %llu 0\n",
1474 		   pool->sp_id,
1475 		   percpu_counter_sum_positive(&pool->sp_messages_arrived),
1476 		   percpu_counter_sum_positive(&pool->sp_sockets_queued),
1477 		   percpu_counter_sum_positive(&pool->sp_threads_woken));
1478 
1479 	return 0;
1480 }
1481 
1482 static const struct seq_operations svc_pool_stats_seq_ops = {
1483 	.start	= svc_pool_stats_start,
1484 	.next	= svc_pool_stats_next,
1485 	.stop	= svc_pool_stats_stop,
1486 	.show	= svc_pool_stats_show,
1487 };
1488 
1489 int svc_pool_stats_open(struct svc_info *info, struct file *file)
1490 {
1491 	struct seq_file *seq;
1492 	int err;
1493 
1494 	err = seq_open(file, &svc_pool_stats_seq_ops);
1495 	if (err)
1496 		return err;
1497 	seq = file->private_data;
1498 	seq->private = info;
1499 
1500 	return 0;
1501 }
1502 EXPORT_SYMBOL(svc_pool_stats_open);
1503 
1504 /*----------------------------------------------------------------------------*/
1505