2007-02-08 14:51:54 -07:00
|
|
|
/*
|
|
|
|
* IUCV protocol stack for Linux on zSeries
|
|
|
|
*
|
2009-06-16 02:30:44 -06:00
|
|
|
* Copyright IBM Corp. 2006, 2009
|
2007-02-08 14:51:54 -07:00
|
|
|
*
|
|
|
|
* Author(s): Jennifer Hunt <jenhunt@us.ibm.com>
|
2009-06-16 02:30:44 -06:00
|
|
|
* Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
|
|
|
|
* PM functions:
|
|
|
|
* Ursula Braun <ursula.braun@de.ibm.com>
|
2007-02-08 14:51:54 -07:00
|
|
|
*/
|
|
|
|
|
2008-12-25 05:39:47 -07:00
|
|
|
#define KMSG_COMPONENT "af_iucv"
|
|
|
|
#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
|
|
|
|
|
2007-02-08 14:51:54 -07:00
|
|
|
#include <linux/module.h>
|
|
|
|
#include <linux/types.h>
|
|
|
|
#include <linux/list.h>
|
|
|
|
#include <linux/errno.h>
|
|
|
|
#include <linux/kernel.h>
|
|
|
|
#include <linux/sched.h>
|
|
|
|
#include <linux/slab.h>
|
|
|
|
#include <linux/skbuff.h>
|
|
|
|
#include <linux/init.h>
|
|
|
|
#include <linux/poll.h>
|
|
|
|
#include <net/sock.h>
|
|
|
|
#include <asm/ebcdic.h>
|
|
|
|
#include <asm/cpcmd.h>
|
|
|
|
#include <linux/kmod.h>
|
|
|
|
|
|
|
|
#include <net/iucv/iucv.h>
|
|
|
|
#include <net/iucv/af_iucv.h>
|
|
|
|
|
2009-04-21 17:26:22 -06:00
|
|
|
#define VERSION "1.1"
|
2007-02-08 14:51:54 -07:00
|
|
|
|
|
|
|
static char iucv_userid[80];
|
|
|
|
|
2009-09-14 06:23:23 -06:00
|
|
|
static const struct proto_ops iucv_sock_ops;
|
2007-02-08 14:51:54 -07:00
|
|
|
|
|
|
|
static struct proto iucv_proto = {
|
|
|
|
.name = "AF_IUCV",
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
.obj_size = sizeof(struct iucv_sock),
|
|
|
|
};
|
|
|
|
|
2009-04-21 17:26:23 -06:00
|
|
|
/* special AF_IUCV IPRM messages */
|
|
|
|
static const u8 iprm_shutdown[8] =
|
|
|
|
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01};
|
|
|
|
|
2009-04-21 17:26:24 -06:00
|
|
|
#define TRGCLS_SIZE (sizeof(((struct iucv_message *)0)->class))
|
|
|
|
|
|
|
|
/* macros to set/get socket control buffer at correct offset */
|
|
|
|
#define CB_TAG(skb) ((skb)->cb) /* iucv message tag */
|
|
|
|
#define CB_TAG_LEN (sizeof(((struct iucv_message *) 0)->tag))
|
|
|
|
#define CB_TRGCLS(skb) ((skb)->cb + CB_TAG_LEN) /* iucv msg target class */
|
|
|
|
#define CB_TRGCLS_LEN (TRGCLS_SIZE)
|
|
|
|
|
2009-06-17 15:54:48 -06:00
|
|
|
#define __iucv_sock_wait(sk, condition, timeo, ret) \
|
|
|
|
do { \
|
|
|
|
DEFINE_WAIT(__wait); \
|
|
|
|
long __timeo = timeo; \
|
|
|
|
ret = 0; \
|
2009-09-15 22:37:25 -06:00
|
|
|
prepare_to_wait(sk->sk_sleep, &__wait, TASK_INTERRUPTIBLE); \
|
2009-06-17 15:54:48 -06:00
|
|
|
while (!(condition)) { \
|
|
|
|
if (!__timeo) { \
|
|
|
|
ret = -EAGAIN; \
|
|
|
|
break; \
|
|
|
|
} \
|
|
|
|
if (signal_pending(current)) { \
|
|
|
|
ret = sock_intr_errno(__timeo); \
|
|
|
|
break; \
|
|
|
|
} \
|
|
|
|
release_sock(sk); \
|
|
|
|
__timeo = schedule_timeout(__timeo); \
|
|
|
|
lock_sock(sk); \
|
|
|
|
ret = sock_error(sk); \
|
|
|
|
if (ret) \
|
|
|
|
break; \
|
|
|
|
} \
|
|
|
|
finish_wait(sk->sk_sleep, &__wait); \
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
#define iucv_sock_wait(sk, condition, timeo) \
|
|
|
|
({ \
|
|
|
|
int __ret = 0; \
|
|
|
|
if (!(condition)) \
|
|
|
|
__iucv_sock_wait(sk, condition, timeo, __ret); \
|
|
|
|
__ret; \
|
|
|
|
})
|
2009-04-21 17:26:24 -06:00
|
|
|
|
2007-10-08 03:02:52 -06:00
|
|
|
static void iucv_sock_kill(struct sock *sk);
|
|
|
|
static void iucv_sock_close(struct sock *sk);
|
|
|
|
|
2007-02-08 14:51:54 -07:00
|
|
|
/* Call Back functions */
|
|
|
|
static void iucv_callback_rx(struct iucv_path *, struct iucv_message *);
|
|
|
|
static void iucv_callback_txdone(struct iucv_path *, struct iucv_message *);
|
|
|
|
static void iucv_callback_connack(struct iucv_path *, u8 ipuser[16]);
|
2007-05-04 13:23:27 -06:00
|
|
|
static int iucv_callback_connreq(struct iucv_path *, u8 ipvmid[8],
|
|
|
|
u8 ipuser[16]);
|
2007-02-08 14:51:54 -07:00
|
|
|
static void iucv_callback_connrej(struct iucv_path *, u8 ipuser[16]);
|
2009-04-21 17:26:21 -06:00
|
|
|
static void iucv_callback_shutdown(struct iucv_path *, u8 ipuser[16]);
|
2007-02-08 14:51:54 -07:00
|
|
|
|
|
|
|
static struct iucv_sock_list iucv_sk_list = {
|
2008-04-10 03:11:24 -06:00
|
|
|
.lock = __RW_LOCK_UNLOCKED(iucv_sk_list.lock),
|
2007-02-08 14:51:54 -07:00
|
|
|
.autobind_name = ATOMIC_INIT(0)
|
|
|
|
};
|
|
|
|
|
|
|
|
static struct iucv_handler af_iucv_handler = {
|
|
|
|
.path_pending = iucv_callback_connreq,
|
|
|
|
.path_complete = iucv_callback_connack,
|
|
|
|
.path_severed = iucv_callback_connrej,
|
|
|
|
.message_pending = iucv_callback_rx,
|
2009-04-21 17:26:21 -06:00
|
|
|
.message_complete = iucv_callback_txdone,
|
|
|
|
.path_quiesced = iucv_callback_shutdown,
|
2007-02-08 14:51:54 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
static inline void high_nmcpy(unsigned char *dst, char *src)
|
|
|
|
{
|
|
|
|
memcpy(dst, src, 8);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void low_nmcpy(unsigned char *dst, char *src)
|
|
|
|
{
|
|
|
|
memcpy(&dst[8], src, 8);
|
|
|
|
}
|
|
|
|
|
2009-06-16 02:30:44 -06:00
|
|
|
static int afiucv_pm_prepare(struct device *dev)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_PM_DEBUG
|
|
|
|
printk(KERN_WARNING "afiucv_pm_prepare\n");
|
|
|
|
#endif
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void afiucv_pm_complete(struct device *dev)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_PM_DEBUG
|
|
|
|
printk(KERN_WARNING "afiucv_pm_complete\n");
|
|
|
|
#endif
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* afiucv_pm_freeze() - Freeze PM callback
|
|
|
|
* @dev: AFIUCV dummy device
|
|
|
|
*
|
|
|
|
* Sever all established IUCV communication pathes
|
|
|
|
*/
|
|
|
|
static int afiucv_pm_freeze(struct device *dev)
|
|
|
|
{
|
|
|
|
struct iucv_sock *iucv;
|
|
|
|
struct sock *sk;
|
|
|
|
struct hlist_node *node;
|
|
|
|
int err = 0;
|
|
|
|
|
|
|
|
#ifdef CONFIG_PM_DEBUG
|
|
|
|
printk(KERN_WARNING "afiucv_pm_freeze\n");
|
|
|
|
#endif
|
|
|
|
read_lock(&iucv_sk_list.lock);
|
|
|
|
sk_for_each(sk, node, &iucv_sk_list.head) {
|
|
|
|
iucv = iucv_sk(sk);
|
|
|
|
skb_queue_purge(&iucv->send_skb_q);
|
|
|
|
skb_queue_purge(&iucv->backlog_skb_q);
|
|
|
|
switch (sk->sk_state) {
|
|
|
|
case IUCV_SEVERED:
|
|
|
|
case IUCV_DISCONN:
|
|
|
|
case IUCV_CLOSING:
|
|
|
|
case IUCV_CONNECTED:
|
|
|
|
if (iucv->path) {
|
|
|
|
err = iucv_path_sever(iucv->path, NULL);
|
|
|
|
iucv_path_free(iucv->path);
|
|
|
|
iucv->path = NULL;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case IUCV_OPEN:
|
|
|
|
case IUCV_BOUND:
|
|
|
|
case IUCV_LISTEN:
|
|
|
|
case IUCV_CLOSED:
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
read_unlock(&iucv_sk_list.lock);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* afiucv_pm_restore_thaw() - Thaw and restore PM callback
|
|
|
|
* @dev: AFIUCV dummy device
|
|
|
|
*
|
|
|
|
* socket clean up after freeze
|
|
|
|
*/
|
|
|
|
static int afiucv_pm_restore_thaw(struct device *dev)
|
|
|
|
{
|
|
|
|
struct iucv_sock *iucv;
|
|
|
|
struct sock *sk;
|
|
|
|
struct hlist_node *node;
|
|
|
|
|
|
|
|
#ifdef CONFIG_PM_DEBUG
|
|
|
|
printk(KERN_WARNING "afiucv_pm_restore_thaw\n");
|
|
|
|
#endif
|
|
|
|
read_lock(&iucv_sk_list.lock);
|
|
|
|
sk_for_each(sk, node, &iucv_sk_list.head) {
|
|
|
|
iucv = iucv_sk(sk);
|
|
|
|
switch (sk->sk_state) {
|
|
|
|
case IUCV_CONNECTED:
|
|
|
|
sk->sk_err = EPIPE;
|
|
|
|
sk->sk_state = IUCV_DISCONN;
|
|
|
|
sk->sk_state_change(sk);
|
|
|
|
break;
|
|
|
|
case IUCV_DISCONN:
|
|
|
|
case IUCV_SEVERED:
|
|
|
|
case IUCV_CLOSING:
|
|
|
|
case IUCV_LISTEN:
|
|
|
|
case IUCV_BOUND:
|
|
|
|
case IUCV_OPEN:
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
read_unlock(&iucv_sk_list.lock);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static struct dev_pm_ops afiucv_pm_ops = {
|
|
|
|
.prepare = afiucv_pm_prepare,
|
|
|
|
.complete = afiucv_pm_complete,
|
|
|
|
.freeze = afiucv_pm_freeze,
|
|
|
|
.thaw = afiucv_pm_restore_thaw,
|
|
|
|
.restore = afiucv_pm_restore_thaw,
|
|
|
|
};
|
|
|
|
|
|
|
|
static struct device_driver af_iucv_driver = {
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
.name = "afiucv",
|
|
|
|
.bus = &iucv_bus,
|
|
|
|
.pm = &afiucv_pm_ops,
|
|
|
|
};
|
|
|
|
|
|
|
|
/* dummy device used as trigger for PM functions */
|
|
|
|
static struct device *af_iucv_dev;
|
|
|
|
|
2009-04-21 17:26:23 -06:00
|
|
|
/**
|
|
|
|
* iucv_msg_length() - Returns the length of an iucv message.
|
|
|
|
* @msg: Pointer to struct iucv_message, MUST NOT be NULL
|
|
|
|
*
|
|
|
|
* The function returns the length of the specified iucv message @msg of data
|
|
|
|
* stored in a buffer and of data stored in the parameter list (PRMDATA).
|
|
|
|
*
|
|
|
|
* For IUCV_IPRMDATA, AF_IUCV uses the following convention to transport socket
|
|
|
|
* data:
|
|
|
|
* PRMDATA[0..6] socket data (max 7 bytes);
|
|
|
|
* PRMDATA[7] socket data length value (len is 0xff - PRMDATA[7])
|
|
|
|
*
|
|
|
|
* The socket data length is computed by substracting the socket data length
|
|
|
|
* value from 0xFF.
|
|
|
|
* If the socket data len is greater 7, then PRMDATA can be used for special
|
|
|
|
* notifications (see iucv_sock_shutdown); and further,
|
|
|
|
* if the socket data len is > 7, the function returns 8.
|
|
|
|
*
|
|
|
|
* Use this function to allocate socket buffers to store iucv message data.
|
|
|
|
*/
|
|
|
|
static inline size_t iucv_msg_length(struct iucv_message *msg)
|
|
|
|
{
|
|
|
|
size_t datalen;
|
|
|
|
|
|
|
|
if (msg->flags & IUCV_IPRMDATA) {
|
|
|
|
datalen = 0xff - msg->rmmsg[7];
|
|
|
|
return (datalen < 8) ? datalen : 8;
|
|
|
|
}
|
|
|
|
return msg->length;
|
|
|
|
}
|
|
|
|
|
2009-06-17 15:54:48 -06:00
|
|
|
/**
|
|
|
|
* iucv_sock_in_state() - check for specific states
|
|
|
|
* @sk: sock structure
|
|
|
|
* @state: first iucv sk state
|
|
|
|
* @state: second iucv sk state
|
|
|
|
*
|
|
|
|
* Returns true if the socket in either in the first or second state.
|
|
|
|
*/
|
|
|
|
static int iucv_sock_in_state(struct sock *sk, int state, int state2)
|
|
|
|
{
|
|
|
|
return (sk->sk_state == state || sk->sk_state == state2);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* iucv_below_msglim() - function to check if messages can be sent
|
|
|
|
* @sk: sock structure
|
|
|
|
*
|
|
|
|
* Returns true if the send queue length is lower than the message limit.
|
|
|
|
* Always returns true if the socket is not connected (no iucv path for
|
|
|
|
* checking the message limit).
|
|
|
|
*/
|
|
|
|
static inline int iucv_below_msglim(struct sock *sk)
|
|
|
|
{
|
|
|
|
struct iucv_sock *iucv = iucv_sk(sk);
|
|
|
|
|
|
|
|
if (sk->sk_state != IUCV_CONNECTED)
|
|
|
|
return 1;
|
|
|
|
return (skb_queue_len(&iucv->send_skb_q) < iucv->path->msglim);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* iucv_sock_wake_msglim() - Wake up thread waiting on msg limit
|
|
|
|
*/
|
|
|
|
static void iucv_sock_wake_msglim(struct sock *sk)
|
|
|
|
{
|
|
|
|
read_lock(&sk->sk_callback_lock);
|
2009-07-08 06:09:13 -06:00
|
|
|
if (sk_has_sleeper(sk))
|
2009-06-17 15:54:48 -06:00
|
|
|
wake_up_interruptible_all(sk->sk_sleep);
|
|
|
|
sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
|
|
|
|
read_unlock(&sk->sk_callback_lock);
|
|
|
|
}
|
|
|
|
|
2007-02-08 14:51:54 -07:00
|
|
|
/* Timers */
|
|
|
|
static void iucv_sock_timeout(unsigned long arg)
|
|
|
|
{
|
|
|
|
struct sock *sk = (struct sock *)arg;
|
|
|
|
|
|
|
|
bh_lock_sock(sk);
|
|
|
|
sk->sk_err = ETIMEDOUT;
|
|
|
|
sk->sk_state_change(sk);
|
|
|
|
bh_unlock_sock(sk);
|
|
|
|
|
|
|
|
iucv_sock_kill(sk);
|
|
|
|
sock_put(sk);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void iucv_sock_clear_timer(struct sock *sk)
|
|
|
|
{
|
|
|
|
sk_stop_timer(sk, &sk->sk_timer);
|
|
|
|
}
|
|
|
|
|
|
|
|
static struct sock *__iucv_get_sock_by_name(char *nm)
|
|
|
|
{
|
|
|
|
struct sock *sk;
|
|
|
|
struct hlist_node *node;
|
|
|
|
|
|
|
|
sk_for_each(sk, node, &iucv_sk_list.head)
|
|
|
|
if (!memcmp(&iucv_sk(sk)->src_name, nm, 8))
|
|
|
|
return sk;
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void iucv_sock_destruct(struct sock *sk)
|
|
|
|
{
|
|
|
|
skb_queue_purge(&sk->sk_receive_queue);
|
|
|
|
skb_queue_purge(&sk->sk_write_queue);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Cleanup Listen */
|
|
|
|
static void iucv_sock_cleanup_listen(struct sock *parent)
|
|
|
|
{
|
|
|
|
struct sock *sk;
|
|
|
|
|
|
|
|
/* Close non-accepted connections */
|
|
|
|
while ((sk = iucv_accept_dequeue(parent, NULL))) {
|
|
|
|
iucv_sock_close(sk);
|
|
|
|
iucv_sock_kill(sk);
|
|
|
|
}
|
|
|
|
|
|
|
|
parent->sk_state = IUCV_CLOSED;
|
|
|
|
}
|
|
|
|
|
af_iucv: do not call iucv_sock_kill() twice
For non-accepted sockets on the accept queue, iucv_sock_kill()
is called twice (in iucv_sock_close() and iucv_sock_cleanup_listen()).
This typically results in a kernel oops as shown below.
Remove the duplicate call to iucv_sock_kill() and set the SOCK_ZAPPED
flag in iucv_sock_close() only.
The iucv_sock_kill() function frees a socket only if the socket is zapped
and orphaned (sk->sk_socket == NULL):
- Non-accepted sockets are always orphaned and, thus, iucv_sock_kill()
frees the socket twice.
- For accepted sockets or sockets created with iucv_sock_create(),
sk->sk_socket is initialized. This caused the first call to
iucv_sock_kill() to return immediately. To free these sockets,
iucv_sock_release() uses sock_orphan() before calling iucv_sock_kill().
<1>Unable to handle kernel pointer dereference at virtual kernel address 000000003edd3000
<4>Oops: 0011 [#1] PREEMPT SMP DEBUG_PAGEALLOC
<4>Modules linked in: af_iucv sunrpc qeth_l3 dm_multipath dm_mod qeth vmur ccwgroup
<4>CPU: 0 Not tainted 2.6.30 #4
<4>Process iucv_sock_close (pid: 2486, task: 000000003aea4340, ksp: 000000003b75bc68)
<4>Krnl PSW : 0704200180000000 000003e00168e23a (iucv_sock_kill+0x2e/0xcc [af_iucv])
<4> R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:2 PM:0 EA:3
<4>Krnl GPRS: 0000000000000000 000000003b75c000 000000003edd37f0 0000000000000001
<4> 000003e00168ec62 000000003988d960 0000000000000000 000003e0016b0608
<4> 000000003fe81b20 000000003839bb58 00000000399977f0 000000003edd37f0
<4> 000003e00168b000 000003e00168f138 000000003b75bcd0 000000003b75bc98
<4>Krnl Code: 000003e00168e22a: c0c0ffffe6eb larl %r12,3e00168b000
<4> 000003e00168e230: b90400b2 lgr %r11,%r2
<4> 000003e00168e234: e3e0f0980024 stg %r14,152(%r15)
<4> >000003e00168e23a: e310225e0090 llgc %r1,606(%r2)
<4> 000003e00168e240: a7110001 tmll %r1,1
<4> 000003e00168e244: a7840007 brc 8,3e00168e252
<4> 000003e00168e248: d507d00023c8 clc 0(8,%r13),968(%r2)
<4> 000003e00168e24e: a7840009 brc 8,3e00168e260
<4>Call Trace:
<4>([<000003e0016b0608>] afiucv_dbf+0x0/0xfffffffffffdea20 [af_iucv])
<4> [<000003e00168ec6c>] iucv_sock_close+0x130/0x368 [af_iucv]
<4> [<000003e00168ef02>] iucv_sock_release+0x5e/0xe4 [af_iucv]
<4> [<0000000000438e6c>] sock_release+0x44/0x104
<4> [<0000000000438f5e>] sock_close+0x32/0x50
<4> [<0000000000207898>] __fput+0xf4/0x250
<4> [<00000000002038aa>] filp_close+0x7a/0xa8
<4> [<00000000002039ba>] SyS_close+0xe2/0x148
<4> [<0000000000117c8e>] sysc_noemu+0x10/0x16
<4> [<00000042ff8deeac>] 0x42ff8deeac
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-09-15 22:37:27 -06:00
|
|
|
/* Kill socket (only if zapped and orphaned) */
|
2007-02-08 14:51:54 -07:00
|
|
|
static void iucv_sock_kill(struct sock *sk)
|
|
|
|
{
|
|
|
|
if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
|
|
|
|
return;
|
|
|
|
|
|
|
|
iucv_sock_unlink(&iucv_sk_list, sk);
|
|
|
|
sock_set_flag(sk, SOCK_DEAD);
|
|
|
|
sock_put(sk);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Close an IUCV socket */
|
|
|
|
static void iucv_sock_close(struct sock *sk)
|
|
|
|
{
|
|
|
|
unsigned char user_data[16];
|
|
|
|
struct iucv_sock *iucv = iucv_sk(sk);
|
|
|
|
int err;
|
2007-05-04 13:22:07 -06:00
|
|
|
unsigned long timeo;
|
2007-02-08 14:51:54 -07:00
|
|
|
|
|
|
|
iucv_sock_clear_timer(sk);
|
|
|
|
lock_sock(sk);
|
|
|
|
|
2007-05-04 13:23:27 -06:00
|
|
|
switch (sk->sk_state) {
|
2007-02-08 14:51:54 -07:00
|
|
|
case IUCV_LISTEN:
|
|
|
|
iucv_sock_cleanup_listen(sk);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case IUCV_CONNECTED:
|
|
|
|
case IUCV_DISCONN:
|
|
|
|
err = 0;
|
2007-05-04 13:22:07 -06:00
|
|
|
|
|
|
|
sk->sk_state = IUCV_CLOSING;
|
|
|
|
sk->sk_state_change(sk);
|
|
|
|
|
2007-05-04 13:23:27 -06:00
|
|
|
if (!skb_queue_empty(&iucv->send_skb_q)) {
|
2007-05-04 13:22:07 -06:00
|
|
|
if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
|
|
|
|
timeo = sk->sk_lingertime;
|
|
|
|
else
|
|
|
|
timeo = IUCV_DISCONN_TIMEOUT;
|
2009-06-17 15:54:48 -06:00
|
|
|
err = iucv_sock_wait(sk,
|
|
|
|
iucv_sock_in_state(sk, IUCV_CLOSED, 0),
|
|
|
|
timeo);
|
2007-05-04 13:22:07 -06:00
|
|
|
}
|
|
|
|
|
2009-04-21 00:04:20 -06:00
|
|
|
case IUCV_CLOSING: /* fall through */
|
2007-05-04 13:22:07 -06:00
|
|
|
sk->sk_state = IUCV_CLOSED;
|
|
|
|
sk->sk_state_change(sk);
|
|
|
|
|
2007-02-08 14:51:54 -07:00
|
|
|
if (iucv->path) {
|
|
|
|
low_nmcpy(user_data, iucv->src_name);
|
|
|
|
high_nmcpy(user_data, iucv->dst_name);
|
|
|
|
ASCEBC(user_data, sizeof(user_data));
|
|
|
|
err = iucv_path_sever(iucv->path, user_data);
|
|
|
|
iucv_path_free(iucv->path);
|
|
|
|
iucv->path = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
sk->sk_err = ECONNRESET;
|
|
|
|
sk->sk_state_change(sk);
|
|
|
|
|
|
|
|
skb_queue_purge(&iucv->send_skb_q);
|
2007-05-04 13:22:07 -06:00
|
|
|
skb_queue_purge(&iucv->backlog_skb_q);
|
2007-02-08 14:51:54 -07:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
sock_set_flag(sk, SOCK_ZAPPED);
|
af_iucv: do not call iucv_sock_kill() twice
For non-accepted sockets on the accept queue, iucv_sock_kill()
is called twice (in iucv_sock_close() and iucv_sock_cleanup_listen()).
This typically results in a kernel oops as shown below.
Remove the duplicate call to iucv_sock_kill() and set the SOCK_ZAPPED
flag in iucv_sock_close() only.
The iucv_sock_kill() function frees a socket only if the socket is zapped
and orphaned (sk->sk_socket == NULL):
- Non-accepted sockets are always orphaned and, thus, iucv_sock_kill()
frees the socket twice.
- For accepted sockets or sockets created with iucv_sock_create(),
sk->sk_socket is initialized. This caused the first call to
iucv_sock_kill() to return immediately. To free these sockets,
iucv_sock_release() uses sock_orphan() before calling iucv_sock_kill().
<1>Unable to handle kernel pointer dereference at virtual kernel address 000000003edd3000
<4>Oops: 0011 [#1] PREEMPT SMP DEBUG_PAGEALLOC
<4>Modules linked in: af_iucv sunrpc qeth_l3 dm_multipath dm_mod qeth vmur ccwgroup
<4>CPU: 0 Not tainted 2.6.30 #4
<4>Process iucv_sock_close (pid: 2486, task: 000000003aea4340, ksp: 000000003b75bc68)
<4>Krnl PSW : 0704200180000000 000003e00168e23a (iucv_sock_kill+0x2e/0xcc [af_iucv])
<4> R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:2 PM:0 EA:3
<4>Krnl GPRS: 0000000000000000 000000003b75c000 000000003edd37f0 0000000000000001
<4> 000003e00168ec62 000000003988d960 0000000000000000 000003e0016b0608
<4> 000000003fe81b20 000000003839bb58 00000000399977f0 000000003edd37f0
<4> 000003e00168b000 000003e00168f138 000000003b75bcd0 000000003b75bc98
<4>Krnl Code: 000003e00168e22a: c0c0ffffe6eb larl %r12,3e00168b000
<4> 000003e00168e230: b90400b2 lgr %r11,%r2
<4> 000003e00168e234: e3e0f0980024 stg %r14,152(%r15)
<4> >000003e00168e23a: e310225e0090 llgc %r1,606(%r2)
<4> 000003e00168e240: a7110001 tmll %r1,1
<4> 000003e00168e244: a7840007 brc 8,3e00168e252
<4> 000003e00168e248: d507d00023c8 clc 0(8,%r13),968(%r2)
<4> 000003e00168e24e: a7840009 brc 8,3e00168e260
<4>Call Trace:
<4>([<000003e0016b0608>] afiucv_dbf+0x0/0xfffffffffffdea20 [af_iucv])
<4> [<000003e00168ec6c>] iucv_sock_close+0x130/0x368 [af_iucv]
<4> [<000003e00168ef02>] iucv_sock_release+0x5e/0xe4 [af_iucv]
<4> [<0000000000438e6c>] sock_release+0x44/0x104
<4> [<0000000000438f5e>] sock_close+0x32/0x50
<4> [<0000000000207898>] __fput+0xf4/0x250
<4> [<00000000002038aa>] filp_close+0x7a/0xa8
<4> [<00000000002039ba>] SyS_close+0xe2/0x148
<4> [<0000000000117c8e>] sysc_noemu+0x10/0x16
<4> [<00000042ff8deeac>] 0x42ff8deeac
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-09-15 22:37:27 -06:00
|
|
|
/* nothing to do here */
|
2007-02-08 14:51:54 -07:00
|
|
|
break;
|
2007-04-20 18:09:22 -06:00
|
|
|
}
|
2007-02-08 14:51:54 -07:00
|
|
|
|
af_iucv: do not call iucv_sock_kill() twice
For non-accepted sockets on the accept queue, iucv_sock_kill()
is called twice (in iucv_sock_close() and iucv_sock_cleanup_listen()).
This typically results in a kernel oops as shown below.
Remove the duplicate call to iucv_sock_kill() and set the SOCK_ZAPPED
flag in iucv_sock_close() only.
The iucv_sock_kill() function frees a socket only if the socket is zapped
and orphaned (sk->sk_socket == NULL):
- Non-accepted sockets are always orphaned and, thus, iucv_sock_kill()
frees the socket twice.
- For accepted sockets or sockets created with iucv_sock_create(),
sk->sk_socket is initialized. This caused the first call to
iucv_sock_kill() to return immediately. To free these sockets,
iucv_sock_release() uses sock_orphan() before calling iucv_sock_kill().
<1>Unable to handle kernel pointer dereference at virtual kernel address 000000003edd3000
<4>Oops: 0011 [#1] PREEMPT SMP DEBUG_PAGEALLOC
<4>Modules linked in: af_iucv sunrpc qeth_l3 dm_multipath dm_mod qeth vmur ccwgroup
<4>CPU: 0 Not tainted 2.6.30 #4
<4>Process iucv_sock_close (pid: 2486, task: 000000003aea4340, ksp: 000000003b75bc68)
<4>Krnl PSW : 0704200180000000 000003e00168e23a (iucv_sock_kill+0x2e/0xcc [af_iucv])
<4> R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:2 PM:0 EA:3
<4>Krnl GPRS: 0000000000000000 000000003b75c000 000000003edd37f0 0000000000000001
<4> 000003e00168ec62 000000003988d960 0000000000000000 000003e0016b0608
<4> 000000003fe81b20 000000003839bb58 00000000399977f0 000000003edd37f0
<4> 000003e00168b000 000003e00168f138 000000003b75bcd0 000000003b75bc98
<4>Krnl Code: 000003e00168e22a: c0c0ffffe6eb larl %r12,3e00168b000
<4> 000003e00168e230: b90400b2 lgr %r11,%r2
<4> 000003e00168e234: e3e0f0980024 stg %r14,152(%r15)
<4> >000003e00168e23a: e310225e0090 llgc %r1,606(%r2)
<4> 000003e00168e240: a7110001 tmll %r1,1
<4> 000003e00168e244: a7840007 brc 8,3e00168e252
<4> 000003e00168e248: d507d00023c8 clc 0(8,%r13),968(%r2)
<4> 000003e00168e24e: a7840009 brc 8,3e00168e260
<4>Call Trace:
<4>([<000003e0016b0608>] afiucv_dbf+0x0/0xfffffffffffdea20 [af_iucv])
<4> [<000003e00168ec6c>] iucv_sock_close+0x130/0x368 [af_iucv]
<4> [<000003e00168ef02>] iucv_sock_release+0x5e/0xe4 [af_iucv]
<4> [<0000000000438e6c>] sock_release+0x44/0x104
<4> [<0000000000438f5e>] sock_close+0x32/0x50
<4> [<0000000000207898>] __fput+0xf4/0x250
<4> [<00000000002038aa>] filp_close+0x7a/0xa8
<4> [<00000000002039ba>] SyS_close+0xe2/0x148
<4> [<0000000000117c8e>] sysc_noemu+0x10/0x16
<4> [<00000042ff8deeac>] 0x42ff8deeac
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-09-15 22:37:27 -06:00
|
|
|
/* mark socket for deletion by iucv_sock_kill() */
|
|
|
|
sock_set_flag(sk, SOCK_ZAPPED);
|
|
|
|
|
2007-02-08 14:51:54 -07:00
|
|
|
release_sock(sk);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void iucv_sock_init(struct sock *sk, struct sock *parent)
|
|
|
|
{
|
|
|
|
if (parent)
|
|
|
|
sk->sk_type = parent->sk_type;
|
|
|
|
}
|
|
|
|
|
|
|
|
static struct sock *iucv_sock_alloc(struct socket *sock, int proto, gfp_t prio)
|
|
|
|
{
|
|
|
|
struct sock *sk;
|
|
|
|
|
2007-11-01 01:39:31 -06:00
|
|
|
sk = sk_alloc(&init_net, PF_IUCV, prio, &iucv_proto);
|
2007-02-08 14:51:54 -07:00
|
|
|
if (!sk)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
sock_init_data(sock, sk);
|
|
|
|
INIT_LIST_HEAD(&iucv_sk(sk)->accept_q);
|
2007-07-14 20:04:25 -06:00
|
|
|
spin_lock_init(&iucv_sk(sk)->accept_q_lock);
|
2007-02-08 14:51:54 -07:00
|
|
|
skb_queue_head_init(&iucv_sk(sk)->send_skb_q);
|
2007-10-08 03:03:31 -06:00
|
|
|
INIT_LIST_HEAD(&iucv_sk(sk)->message_q.list);
|
|
|
|
spin_lock_init(&iucv_sk(sk)->message_q.lock);
|
2007-05-04 13:22:07 -06:00
|
|
|
skb_queue_head_init(&iucv_sk(sk)->backlog_skb_q);
|
2007-02-08 14:51:54 -07:00
|
|
|
iucv_sk(sk)->send_tag = 0;
|
2009-04-21 17:26:22 -06:00
|
|
|
iucv_sk(sk)->flags = 0;
|
2009-04-21 17:26:27 -06:00
|
|
|
iucv_sk(sk)->msglimit = IUCV_QUEUELEN_DEFAULT;
|
2009-04-21 00:04:20 -06:00
|
|
|
iucv_sk(sk)->path = NULL;
|
|
|
|
memset(&iucv_sk(sk)->src_user_id , 0, 32);
|
2007-02-08 14:51:54 -07:00
|
|
|
|
|
|
|
sk->sk_destruct = iucv_sock_destruct;
|
|
|
|
sk->sk_sndtimeo = IUCV_CONN_TIMEOUT;
|
|
|
|
sk->sk_allocation = GFP_DMA;
|
|
|
|
|
|
|
|
sock_reset_flag(sk, SOCK_ZAPPED);
|
|
|
|
|
|
|
|
sk->sk_protocol = proto;
|
|
|
|
sk->sk_state = IUCV_OPEN;
|
|
|
|
|
2008-01-23 22:20:07 -07:00
|
|
|
setup_timer(&sk->sk_timer, iucv_sock_timeout, (unsigned long)sk);
|
2007-02-08 14:51:54 -07:00
|
|
|
|
|
|
|
iucv_sock_link(&iucv_sk_list, sk);
|
|
|
|
return sk;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Create an IUCV socket */
|
2007-10-09 00:24:22 -06:00
|
|
|
static int iucv_sock_create(struct net *net, struct socket *sock, int protocol)
|
2007-02-08 14:51:54 -07:00
|
|
|
{
|
|
|
|
struct sock *sk;
|
|
|
|
|
2009-04-21 17:26:25 -06:00
|
|
|
if (protocol && protocol != PF_IUCV)
|
|
|
|
return -EPROTONOSUPPORT;
|
2007-02-08 14:51:54 -07:00
|
|
|
|
|
|
|
sock->state = SS_UNCONNECTED;
|
2009-04-21 17:26:25 -06:00
|
|
|
|
|
|
|
switch (sock->type) {
|
|
|
|
case SOCK_STREAM:
|
|
|
|
sock->ops = &iucv_sock_ops;
|
|
|
|
break;
|
|
|
|
case SOCK_SEQPACKET:
|
|
|
|
/* currently, proto ops can handle both sk types */
|
|
|
|
sock->ops = &iucv_sock_ops;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
return -ESOCKTNOSUPPORT;
|
|
|
|
}
|
2007-02-08 14:51:54 -07:00
|
|
|
|
|
|
|
sk = iucv_sock_alloc(sock, protocol, GFP_KERNEL);
|
|
|
|
if (!sk)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
iucv_sock_init(sk, NULL);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
void iucv_sock_link(struct iucv_sock_list *l, struct sock *sk)
|
|
|
|
{
|
|
|
|
write_lock_bh(&l->lock);
|
|
|
|
sk_add_node(sk, &l->head);
|
|
|
|
write_unlock_bh(&l->lock);
|
|
|
|
}
|
|
|
|
|
|
|
|
void iucv_sock_unlink(struct iucv_sock_list *l, struct sock *sk)
|
|
|
|
{
|
|
|
|
write_lock_bh(&l->lock);
|
|
|
|
sk_del_node_init(sk);
|
|
|
|
write_unlock_bh(&l->lock);
|
|
|
|
}
|
|
|
|
|
|
|
|
void iucv_accept_enqueue(struct sock *parent, struct sock *sk)
|
|
|
|
{
|
2007-07-14 20:04:25 -06:00
|
|
|
unsigned long flags;
|
|
|
|
struct iucv_sock *par = iucv_sk(parent);
|
|
|
|
|
2007-02-08 14:51:54 -07:00
|
|
|
sock_hold(sk);
|
2007-07-14 20:04:25 -06:00
|
|
|
spin_lock_irqsave(&par->accept_q_lock, flags);
|
|
|
|
list_add_tail(&iucv_sk(sk)->accept_q, &par->accept_q);
|
|
|
|
spin_unlock_irqrestore(&par->accept_q_lock, flags);
|
2007-02-08 14:51:54 -07:00
|
|
|
iucv_sk(sk)->parent = parent;
|
|
|
|
parent->sk_ack_backlog++;
|
|
|
|
}
|
|
|
|
|
|
|
|
void iucv_accept_unlink(struct sock *sk)
|
|
|
|
{
|
2007-07-14 20:04:25 -06:00
|
|
|
unsigned long flags;
|
|
|
|
struct iucv_sock *par = iucv_sk(iucv_sk(sk)->parent);
|
|
|
|
|
|
|
|
spin_lock_irqsave(&par->accept_q_lock, flags);
|
2007-02-08 14:51:54 -07:00
|
|
|
list_del_init(&iucv_sk(sk)->accept_q);
|
2007-07-14 20:04:25 -06:00
|
|
|
spin_unlock_irqrestore(&par->accept_q_lock, flags);
|
2007-02-08 14:51:54 -07:00
|
|
|
iucv_sk(sk)->parent->sk_ack_backlog--;
|
|
|
|
iucv_sk(sk)->parent = NULL;
|
|
|
|
sock_put(sk);
|
|
|
|
}
|
|
|
|
|
|
|
|
struct sock *iucv_accept_dequeue(struct sock *parent, struct socket *newsock)
|
|
|
|
{
|
|
|
|
struct iucv_sock *isk, *n;
|
|
|
|
struct sock *sk;
|
|
|
|
|
2007-05-04 13:23:27 -06:00
|
|
|
list_for_each_entry_safe(isk, n, &iucv_sk(parent)->accept_q, accept_q) {
|
2007-02-08 14:51:54 -07:00
|
|
|
sk = (struct sock *) isk;
|
|
|
|
lock_sock(sk);
|
|
|
|
|
|
|
|
if (sk->sk_state == IUCV_CLOSED) {
|
|
|
|
iucv_accept_unlink(sk);
|
2007-07-14 20:04:25 -06:00
|
|
|
release_sock(sk);
|
2007-02-08 14:51:54 -07:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sk->sk_state == IUCV_CONNECTED ||
|
|
|
|
sk->sk_state == IUCV_SEVERED ||
|
2009-09-15 22:37:26 -06:00
|
|
|
sk->sk_state == IUCV_DISCONN || /* due to PM restore */
|
2007-02-08 14:51:54 -07:00
|
|
|
!newsock) {
|
|
|
|
iucv_accept_unlink(sk);
|
|
|
|
if (newsock)
|
|
|
|
sock_graft(sk, newsock);
|
|
|
|
|
|
|
|
if (sk->sk_state == IUCV_SEVERED)
|
|
|
|
sk->sk_state = IUCV_DISCONN;
|
|
|
|
|
|
|
|
release_sock(sk);
|
|
|
|
return sk;
|
|
|
|
}
|
|
|
|
|
|
|
|
release_sock(sk);
|
|
|
|
}
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Bind an unbound socket */
|
|
|
|
static int iucv_sock_bind(struct socket *sock, struct sockaddr *addr,
|
|
|
|
int addr_len)
|
|
|
|
{
|
|
|
|
struct sockaddr_iucv *sa = (struct sockaddr_iucv *) addr;
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct iucv_sock *iucv;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
/* Verify the input sockaddr */
|
|
|
|
if (!addr || addr->sa_family != AF_IUCV)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
lock_sock(sk);
|
|
|
|
if (sk->sk_state != IUCV_OPEN) {
|
|
|
|
err = -EBADFD;
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
|
|
|
write_lock_bh(&iucv_sk_list.lock);
|
|
|
|
|
|
|
|
iucv = iucv_sk(sk);
|
|
|
|
if (__iucv_get_sock_by_name(sa->siucv_name)) {
|
|
|
|
err = -EADDRINUSE;
|
|
|
|
goto done_unlock;
|
|
|
|
}
|
|
|
|
if (iucv->path) {
|
|
|
|
err = 0;
|
|
|
|
goto done_unlock;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Bind the socket */
|
|
|
|
memcpy(iucv->src_name, sa->siucv_name, 8);
|
|
|
|
|
|
|
|
/* Copy the user id */
|
|
|
|
memcpy(iucv->src_user_id, iucv_userid, 8);
|
|
|
|
sk->sk_state = IUCV_BOUND;
|
|
|
|
err = 0;
|
|
|
|
|
|
|
|
done_unlock:
|
|
|
|
/* Release the socket list lock */
|
|
|
|
write_unlock_bh(&iucv_sk_list.lock);
|
|
|
|
done:
|
|
|
|
release_sock(sk);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Automatically bind an unbound socket */
|
|
|
|
static int iucv_sock_autobind(struct sock *sk)
|
|
|
|
{
|
|
|
|
struct iucv_sock *iucv = iucv_sk(sk);
|
|
|
|
char query_buffer[80];
|
|
|
|
char name[12];
|
|
|
|
int err = 0;
|
|
|
|
|
|
|
|
/* Set the userid and name */
|
|
|
|
cpcmd("QUERY USERID", query_buffer, sizeof(query_buffer), &err);
|
|
|
|
if (unlikely(err))
|
|
|
|
return -EPROTO;
|
|
|
|
|
|
|
|
memcpy(iucv->src_user_id, query_buffer, 8);
|
|
|
|
|
|
|
|
write_lock_bh(&iucv_sk_list.lock);
|
|
|
|
|
|
|
|
sprintf(name, "%08x", atomic_inc_return(&iucv_sk_list.autobind_name));
|
|
|
|
while (__iucv_get_sock_by_name(name)) {
|
|
|
|
sprintf(name, "%08x",
|
|
|
|
atomic_inc_return(&iucv_sk_list.autobind_name));
|
|
|
|
}
|
|
|
|
|
|
|
|
write_unlock_bh(&iucv_sk_list.lock);
|
|
|
|
|
|
|
|
memcpy(&iucv->src_name, name, 8);
|
|
|
|
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Connect an unconnected socket */
|
|
|
|
static int iucv_sock_connect(struct socket *sock, struct sockaddr *addr,
|
|
|
|
int alen, int flags)
|
|
|
|
{
|
|
|
|
struct sockaddr_iucv *sa = (struct sockaddr_iucv *) addr;
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct iucv_sock *iucv;
|
|
|
|
unsigned char user_data[16];
|
|
|
|
int err;
|
|
|
|
|
|
|
|
if (addr->sa_family != AF_IUCV || alen < sizeof(struct sockaddr_iucv))
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
if (sk->sk_state != IUCV_OPEN && sk->sk_state != IUCV_BOUND)
|
|
|
|
return -EBADFD;
|
|
|
|
|
2009-04-21 17:26:25 -06:00
|
|
|
if (sk->sk_type != SOCK_STREAM && sk->sk_type != SOCK_SEQPACKET)
|
2007-02-08 14:51:54 -07:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
if (sk->sk_state == IUCV_OPEN) {
|
|
|
|
err = iucv_sock_autobind(sk);
|
|
|
|
if (unlikely(err))
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
lock_sock(sk);
|
|
|
|
|
|
|
|
/* Set the destination information */
|
|
|
|
memcpy(iucv_sk(sk)->dst_user_id, sa->siucv_user_id, 8);
|
|
|
|
memcpy(iucv_sk(sk)->dst_name, sa->siucv_name, 8);
|
|
|
|
|
|
|
|
high_nmcpy(user_data, sa->siucv_name);
|
|
|
|
low_nmcpy(user_data, iucv_sk(sk)->src_name);
|
|
|
|
ASCEBC(user_data, sizeof(user_data));
|
|
|
|
|
|
|
|
iucv = iucv_sk(sk);
|
|
|
|
/* Create path. */
|
2009-04-21 17:26:27 -06:00
|
|
|
iucv->path = iucv_path_alloc(iucv->msglimit,
|
2009-04-21 17:26:23 -06:00
|
|
|
IUCV_IPRMDATA, GFP_KERNEL);
|
2008-02-07 19:07:19 -07:00
|
|
|
if (!iucv->path) {
|
|
|
|
err = -ENOMEM;
|
|
|
|
goto done;
|
|
|
|
}
|
2007-02-08 14:51:54 -07:00
|
|
|
err = iucv_path_connect(iucv->path, &af_iucv_handler,
|
|
|
|
sa->siucv_user_id, NULL, user_data, sk);
|
|
|
|
if (err) {
|
|
|
|
iucv_path_free(iucv->path);
|
|
|
|
iucv->path = NULL;
|
2009-01-05 19:07:07 -07:00
|
|
|
switch (err) {
|
|
|
|
case 0x0b: /* Target communicator is not logged on */
|
|
|
|
err = -ENETUNREACH;
|
|
|
|
break;
|
|
|
|
case 0x0d: /* Max connections for this guest exceeded */
|
|
|
|
case 0x0e: /* Max connections for target guest exceeded */
|
|
|
|
err = -EAGAIN;
|
|
|
|
break;
|
|
|
|
case 0x0f: /* Missing IUCV authorization */
|
|
|
|
err = -EACCES;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
err = -ECONNREFUSED;
|
|
|
|
break;
|
|
|
|
}
|
2007-02-08 14:51:54 -07:00
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sk->sk_state != IUCV_CONNECTED) {
|
2009-06-17 15:54:48 -06:00
|
|
|
err = iucv_sock_wait(sk, iucv_sock_in_state(sk, IUCV_CONNECTED,
|
|
|
|
IUCV_DISCONN),
|
|
|
|
sock_sndtimeo(sk, flags & O_NONBLOCK));
|
2007-02-08 14:51:54 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
if (sk->sk_state == IUCV_DISCONN) {
|
2009-04-21 17:26:23 -06:00
|
|
|
err = -ECONNREFUSED;
|
2007-02-08 14:51:54 -07:00
|
|
|
}
|
2009-01-05 19:07:46 -07:00
|
|
|
|
|
|
|
if (err) {
|
|
|
|
iucv_path_sever(iucv->path, NULL);
|
|
|
|
iucv_path_free(iucv->path);
|
|
|
|
iucv->path = NULL;
|
|
|
|
}
|
|
|
|
|
2007-02-08 14:51:54 -07:00
|
|
|
done:
|
|
|
|
release_sock(sk);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Move a socket into listening state. */
|
|
|
|
static int iucv_sock_listen(struct socket *sock, int backlog)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
lock_sock(sk);
|
|
|
|
|
|
|
|
err = -EINVAL;
|
2009-04-21 17:26:25 -06:00
|
|
|
if (sk->sk_state != IUCV_BOUND)
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
if (sock->type != SOCK_STREAM && sock->type != SOCK_SEQPACKET)
|
2007-02-08 14:51:54 -07:00
|
|
|
goto done;
|
|
|
|
|
|
|
|
sk->sk_max_ack_backlog = backlog;
|
|
|
|
sk->sk_ack_backlog = 0;
|
|
|
|
sk->sk_state = IUCV_LISTEN;
|
|
|
|
err = 0;
|
|
|
|
|
|
|
|
done:
|
|
|
|
release_sock(sk);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Accept a pending connection */
|
|
|
|
static int iucv_sock_accept(struct socket *sock, struct socket *newsock,
|
|
|
|
int flags)
|
|
|
|
{
|
|
|
|
DECLARE_WAITQUEUE(wait, current);
|
|
|
|
struct sock *sk = sock->sk, *nsk;
|
|
|
|
long timeo;
|
|
|
|
int err = 0;
|
|
|
|
|
2007-05-04 13:22:07 -06:00
|
|
|
lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
|
2007-02-08 14:51:54 -07:00
|
|
|
|
|
|
|
if (sk->sk_state != IUCV_LISTEN) {
|
|
|
|
err = -EBADFD;
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
|
|
|
timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
|
|
|
|
|
|
|
|
/* Wait for an incoming connection */
|
|
|
|
add_wait_queue_exclusive(sk->sk_sleep, &wait);
|
2007-05-04 13:23:27 -06:00
|
|
|
while (!(nsk = iucv_accept_dequeue(sk, newsock))) {
|
2007-02-08 14:51:54 -07:00
|
|
|
set_current_state(TASK_INTERRUPTIBLE);
|
|
|
|
if (!timeo) {
|
|
|
|
err = -EAGAIN;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
release_sock(sk);
|
|
|
|
timeo = schedule_timeout(timeo);
|
2007-05-04 13:22:07 -06:00
|
|
|
lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
|
2007-02-08 14:51:54 -07:00
|
|
|
|
|
|
|
if (sk->sk_state != IUCV_LISTEN) {
|
|
|
|
err = -EBADFD;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (signal_pending(current)) {
|
|
|
|
err = sock_intr_errno(timeo);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
set_current_state(TASK_RUNNING);
|
|
|
|
remove_wait_queue(sk->sk_sleep, &wait);
|
|
|
|
|
|
|
|
if (err)
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
newsock->state = SS_CONNECTED;
|
|
|
|
|
|
|
|
done:
|
|
|
|
release_sock(sk);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int iucv_sock_getname(struct socket *sock, struct sockaddr *addr,
|
|
|
|
int *len, int peer)
|
|
|
|
{
|
|
|
|
struct sockaddr_iucv *siucv = (struct sockaddr_iucv *) addr;
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
|
|
|
|
addr->sa_family = AF_IUCV;
|
|
|
|
*len = sizeof(struct sockaddr_iucv);
|
|
|
|
|
|
|
|
if (peer) {
|
|
|
|
memcpy(siucv->siucv_user_id, iucv_sk(sk)->dst_user_id, 8);
|
|
|
|
memcpy(siucv->siucv_name, &iucv_sk(sk)->dst_name, 8);
|
|
|
|
} else {
|
|
|
|
memcpy(siucv->siucv_user_id, iucv_sk(sk)->src_user_id, 8);
|
|
|
|
memcpy(siucv->siucv_name, iucv_sk(sk)->src_name, 8);
|
|
|
|
}
|
|
|
|
memset(&siucv->siucv_port, 0, sizeof(siucv->siucv_port));
|
|
|
|
memset(&siucv->siucv_addr, 0, sizeof(siucv->siucv_addr));
|
|
|
|
memset(siucv->siucv_nodeid, 0, sizeof(siucv->siucv_nodeid));
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2009-04-21 17:26:23 -06:00
|
|
|
/**
|
|
|
|
* iucv_send_iprm() - Send socket data in parameter list of an iucv message.
|
|
|
|
* @path: IUCV path
|
|
|
|
* @msg: Pointer to a struct iucv_message
|
|
|
|
* @skb: The socket data to send, skb->len MUST BE <= 7
|
|
|
|
*
|
|
|
|
* Send the socket data in the parameter list in the iucv message
|
|
|
|
* (IUCV_IPRMDATA). The socket data is stored at index 0 to 6 in the parameter
|
|
|
|
* list and the socket data len at index 7 (last byte).
|
|
|
|
* See also iucv_msg_length().
|
|
|
|
*
|
|
|
|
* Returns the error code from the iucv_message_send() call.
|
|
|
|
*/
|
|
|
|
static int iucv_send_iprm(struct iucv_path *path, struct iucv_message *msg,
|
|
|
|
struct sk_buff *skb)
|
|
|
|
{
|
|
|
|
u8 prmdata[8];
|
|
|
|
|
|
|
|
memcpy(prmdata, (void *) skb->data, skb->len);
|
|
|
|
prmdata[7] = 0xff - (u8) skb->len;
|
|
|
|
return iucv_message_send(path, msg, IUCV_IPRMDATA, 0,
|
|
|
|
(void *) prmdata, 8);
|
|
|
|
}
|
|
|
|
|
2007-02-08 14:51:54 -07:00
|
|
|
static int iucv_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
|
|
|
|
struct msghdr *msg, size_t len)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct iucv_sock *iucv = iucv_sk(sk);
|
|
|
|
struct sk_buff *skb;
|
|
|
|
struct iucv_message txmsg;
|
2009-04-21 17:26:24 -06:00
|
|
|
struct cmsghdr *cmsg;
|
|
|
|
int cmsg_done;
|
2009-06-17 15:54:48 -06:00
|
|
|
long timeo;
|
2008-12-25 05:39:47 -07:00
|
|
|
char user_id[9];
|
|
|
|
char appl_id[9];
|
2007-02-08 14:51:54 -07:00
|
|
|
int err;
|
2009-06-17 15:54:48 -06:00
|
|
|
int noblock = msg->msg_flags & MSG_DONTWAIT;
|
2007-02-08 14:51:54 -07:00
|
|
|
|
|
|
|
err = sock_error(sk);
|
|
|
|
if (err)
|
|
|
|
return err;
|
|
|
|
|
|
|
|
if (msg->msg_flags & MSG_OOB)
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
2009-04-21 17:26:25 -06:00
|
|
|
/* SOCK_SEQPACKET: we do not support segmented records */
|
|
|
|
if (sk->sk_type == SOCK_SEQPACKET && !(msg->msg_flags & MSG_EOR))
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
2007-02-08 14:51:54 -07:00
|
|
|
lock_sock(sk);
|
|
|
|
|
|
|
|
if (sk->sk_shutdown & SEND_SHUTDOWN) {
|
|
|
|
err = -EPIPE;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2009-06-17 15:54:47 -06:00
|
|
|
/* Return if the socket is not in connected state */
|
|
|
|
if (sk->sk_state != IUCV_CONNECTED) {
|
|
|
|
err = -ENOTCONN;
|
|
|
|
goto out;
|
|
|
|
}
|
2009-04-21 17:26:24 -06:00
|
|
|
|
2009-06-17 15:54:47 -06:00
|
|
|
/* initialize defaults */
|
|
|
|
cmsg_done = 0; /* check for duplicate headers */
|
|
|
|
txmsg.class = 0;
|
2009-04-21 17:26:24 -06:00
|
|
|
|
2009-06-17 15:54:47 -06:00
|
|
|
/* iterate over control messages */
|
|
|
|
for (cmsg = CMSG_FIRSTHDR(msg); cmsg;
|
|
|
|
cmsg = CMSG_NXTHDR(msg, cmsg)) {
|
2009-04-21 17:26:24 -06:00
|
|
|
|
2009-06-17 15:54:47 -06:00
|
|
|
if (!CMSG_OK(msg, cmsg)) {
|
|
|
|
err = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
2009-04-21 17:26:24 -06:00
|
|
|
|
2009-06-17 15:54:47 -06:00
|
|
|
if (cmsg->cmsg_level != SOL_IUCV)
|
|
|
|
continue;
|
2009-04-21 17:26:24 -06:00
|
|
|
|
2009-06-17 15:54:47 -06:00
|
|
|
if (cmsg->cmsg_type & cmsg_done) {
|
|
|
|
err = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
cmsg_done |= cmsg->cmsg_type;
|
2009-04-21 17:26:24 -06:00
|
|
|
|
2009-06-17 15:54:47 -06:00
|
|
|
switch (cmsg->cmsg_type) {
|
|
|
|
case SCM_IUCV_TRGCLS:
|
|
|
|
if (cmsg->cmsg_len != CMSG_LEN(TRGCLS_SIZE)) {
|
2009-04-21 17:26:24 -06:00
|
|
|
err = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2009-06-17 15:54:47 -06:00
|
|
|
/* set iucv message target class */
|
|
|
|
memcpy(&txmsg.class,
|
|
|
|
(void *) CMSG_DATA(cmsg), TRGCLS_SIZE);
|
2009-04-21 17:26:24 -06:00
|
|
|
|
2009-06-17 15:54:47 -06:00
|
|
|
break;
|
2009-04-21 17:26:24 -06:00
|
|
|
|
2009-06-17 15:54:47 -06:00
|
|
|
default:
|
|
|
|
err = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
break;
|
2009-04-21 17:26:24 -06:00
|
|
|
}
|
2009-06-17 15:54:47 -06:00
|
|
|
}
|
2009-04-21 17:26:24 -06:00
|
|
|
|
2009-06-17 15:54:47 -06:00
|
|
|
/* allocate one skb for each iucv message:
|
|
|
|
* this is fine for SOCK_SEQPACKET (unless we want to support
|
|
|
|
* segmented records using the MSG_EOR flag), but
|
|
|
|
* for SOCK_STREAM we might want to improve it in future */
|
2009-06-17 15:54:48 -06:00
|
|
|
skb = sock_alloc_send_skb(sk, len, noblock, &err);
|
2009-06-17 15:54:47 -06:00
|
|
|
if (!skb)
|
|
|
|
goto out;
|
|
|
|
if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
|
|
|
|
err = -EFAULT;
|
|
|
|
goto fail;
|
|
|
|
}
|
2007-02-08 14:51:54 -07:00
|
|
|
|
2009-06-17 15:54:48 -06:00
|
|
|
/* wait if outstanding messages for iucv path has reached */
|
|
|
|
timeo = sock_sndtimeo(sk, noblock);
|
|
|
|
err = iucv_sock_wait(sk, iucv_below_msglim(sk), timeo);
|
|
|
|
if (err)
|
|
|
|
goto fail;
|
2007-02-08 14:51:54 -07:00
|
|
|
|
2009-06-17 15:54:48 -06:00
|
|
|
/* return -ECONNRESET if the socket is no longer connected */
|
|
|
|
if (sk->sk_state != IUCV_CONNECTED) {
|
|
|
|
err = -ECONNRESET;
|
|
|
|
goto fail;
|
|
|
|
}
|
2009-04-21 17:26:23 -06:00
|
|
|
|
2009-06-17 15:54:47 -06:00
|
|
|
/* increment and save iucv message tag for msg_completion cbk */
|
|
|
|
txmsg.tag = iucv->send_tag++;
|
|
|
|
memcpy(CB_TAG(skb), &txmsg.tag, CB_TAG_LEN);
|
|
|
|
skb_queue_tail(&iucv->send_skb_q, skb);
|
2009-04-21 17:26:23 -06:00
|
|
|
|
2009-06-17 15:54:47 -06:00
|
|
|
if (((iucv->path->flags & IUCV_IPRMDATA) & iucv->flags)
|
|
|
|
&& skb->len <= 7) {
|
|
|
|
err = iucv_send_iprm(iucv->path, &txmsg, skb);
|
2009-04-21 17:26:23 -06:00
|
|
|
|
2009-06-17 15:54:47 -06:00
|
|
|
/* on success: there is no message_complete callback
|
|
|
|
* for an IPRMDATA msg; remove skb from send queue */
|
|
|
|
if (err == 0) {
|
|
|
|
skb_unlink(skb, &iucv->send_skb_q);
|
|
|
|
kfree_skb(skb);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* this error should never happen since the
|
|
|
|
* IUCV_IPRMDATA path flag is set... sever path */
|
|
|
|
if (err == 0x15) {
|
|
|
|
iucv_path_sever(iucv->path, NULL);
|
2007-02-08 14:51:54 -07:00
|
|
|
skb_unlink(skb, &iucv->send_skb_q);
|
|
|
|
err = -EPIPE;
|
|
|
|
goto fail;
|
|
|
|
}
|
2009-06-17 15:54:47 -06:00
|
|
|
} else
|
|
|
|
err = iucv_message_send(iucv->path, &txmsg, 0, 0,
|
|
|
|
(void *) skb->data, skb->len);
|
|
|
|
if (err) {
|
|
|
|
if (err == 3) {
|
|
|
|
user_id[8] = 0;
|
|
|
|
memcpy(user_id, iucv->dst_user_id, 8);
|
|
|
|
appl_id[8] = 0;
|
|
|
|
memcpy(appl_id, iucv->dst_name, 8);
|
|
|
|
pr_err("Application %s on z/VM guest %s"
|
|
|
|
" exceeds message limit\n",
|
|
|
|
appl_id, user_id);
|
2009-06-17 15:54:48 -06:00
|
|
|
err = -EAGAIN;
|
|
|
|
} else
|
|
|
|
err = -EPIPE;
|
2009-06-17 15:54:47 -06:00
|
|
|
skb_unlink(skb, &iucv->send_skb_q);
|
|
|
|
goto fail;
|
2007-02-08 14:51:54 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
release_sock(sk);
|
|
|
|
return len;
|
|
|
|
|
|
|
|
fail:
|
|
|
|
kfree_skb(skb);
|
|
|
|
out:
|
|
|
|
release_sock(sk);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
af_iucv: fix race when queueing skbs on the backlog queue
iucv_sock_recvmsg() and iucv_process_message()/iucv_fragment_skb race
for dequeuing an skb from the backlog queue.
If iucv_sock_recvmsg() dequeues first, iucv_process_message() calls
sock_queue_rcv_skb() with an skb that is NULL.
This results in the following kernel panic:
<1>Unable to handle kernel pointer dereference at virtual kernel address (null)
<4>Oops: 0004 [#1] PREEMPT SMP DEBUG_PAGEALLOC
<4>Modules linked in: af_iucv sunrpc qeth_l3 dm_multipath dm_mod vmur qeth ccwgroup
<4>CPU: 0 Not tainted 2.6.30 #4
<4>Process client-iucv (pid: 4787, task: 0000000034e75940, ksp: 00000000353e3710)
<4>Krnl PSW : 0704000180000000 000000000043ebca (sock_queue_rcv_skb+0x7a/0x138)
<4> R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:0 PM:0 EA:3
<4>Krnl GPRS: 0052900000000000 000003e0016e0fe8 0000000000000000 0000000000000000
<4> 000000000043eba8 0000000000000002 0000000000000001 00000000341aa7f0
<4> 0000000000000000 0000000000007800 0000000000000000 0000000000000000
<4> 00000000341aa7f0 0000000000594650 000000000043eba8 000000003fc2fb28
<4>Krnl Code: 000000000043ebbe: a7840006 brc 8,43ebca
<4> 000000000043ebc2: 5930c23c c %r3,572(%r12)
<4> 000000000043ebc6: a724004c brc 2,43ec5e
<4> >000000000043ebca: e3c0b0100024 stg %r12,16(%r11)
<4> 000000000043ebd0: a7190000 lghi %r1,0
<4> 000000000043ebd4: e310b0200024 stg %r1,32(%r11)
<4> 000000000043ebda: c010ffffdce9 larl %r1,43a5ac
<4> 000000000043ebe0: e310b0800024 stg %r1,128(%r11)
<4>Call Trace:
<4>([<000000000043eba8>] sock_queue_rcv_skb+0x58/0x138)
<4> [<000003e0016bcf2a>] iucv_process_message+0x112/0x3cc [af_iucv]
<4> [<000003e0016bd3d4>] iucv_callback_rx+0x1f0/0x274 [af_iucv]
<4> [<000000000053a21a>] iucv_message_pending+0xa2/0x120
<4> [<000000000053b5a6>] iucv_tasklet_fn+0x176/0x1b8
<4> [<000000000014fa82>] tasklet_action+0xfe/0x1f4
<4> [<0000000000150a56>] __do_softirq+0x116/0x284
<4> [<0000000000111058>] do_softirq+0xe4/0xe8
<4> [<00000000001504ba>] irq_exit+0xba/0xd8
<4> [<000000000010e0b2>] do_extint+0x146/0x190
<4> [<00000000001184b6>] ext_no_vtime+0x1e/0x22
<4> [<00000000001fbf4e>] kfree+0x202/0x28c
<4>([<00000000001fbf44>] kfree+0x1f8/0x28c)
<4> [<000000000044205a>] __kfree_skb+0x32/0x124
<4> [<000003e0016bd8b2>] iucv_sock_recvmsg+0x236/0x41c [af_iucv]
<4> [<0000000000437042>] sock_aio_read+0x136/0x160
<4> [<0000000000205e50>] do_sync_read+0xe4/0x13c
<4> [<0000000000206dce>] vfs_read+0x152/0x15c
<4> [<0000000000206ed0>] SyS_read+0x54/0xac
<4> [<0000000000117c8e>] sysc_noemu+0x10/0x16
<4> [<00000042ff8def3c>] 0x42ff8def3c
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-09-15 22:37:28 -06:00
|
|
|
/* iucv_fragment_skb() - Fragment a single IUCV message into multiple skb's
|
|
|
|
*
|
|
|
|
* Locking: must be called with message_q.lock held
|
|
|
|
*/
|
2007-10-08 03:03:31 -06:00
|
|
|
static int iucv_fragment_skb(struct sock *sk, struct sk_buff *skb, int len)
|
|
|
|
{
|
|
|
|
int dataleft, size, copied = 0;
|
|
|
|
struct sk_buff *nskb;
|
|
|
|
|
|
|
|
dataleft = len;
|
|
|
|
while (dataleft) {
|
|
|
|
if (dataleft >= sk->sk_rcvbuf / 4)
|
|
|
|
size = sk->sk_rcvbuf / 4;
|
|
|
|
else
|
|
|
|
size = dataleft;
|
|
|
|
|
|
|
|
nskb = alloc_skb(size, GFP_ATOMIC | GFP_DMA);
|
|
|
|
if (!nskb)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
2009-04-21 17:26:24 -06:00
|
|
|
/* copy target class to control buffer of new skb */
|
|
|
|
memcpy(CB_TRGCLS(nskb), CB_TRGCLS(skb), CB_TRGCLS_LEN);
|
|
|
|
|
|
|
|
/* copy data fragment */
|
2007-10-08 03:03:31 -06:00
|
|
|
memcpy(nskb->data, skb->data + copied, size);
|
|
|
|
copied += size;
|
|
|
|
dataleft -= size;
|
|
|
|
|
|
|
|
skb_reset_transport_header(nskb);
|
|
|
|
skb_reset_network_header(nskb);
|
|
|
|
nskb->len = size;
|
|
|
|
|
|
|
|
skb_queue_tail(&iucv_sk(sk)->backlog_skb_q, nskb);
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
af_iucv: fix race when queueing skbs on the backlog queue
iucv_sock_recvmsg() and iucv_process_message()/iucv_fragment_skb race
for dequeuing an skb from the backlog queue.
If iucv_sock_recvmsg() dequeues first, iucv_process_message() calls
sock_queue_rcv_skb() with an skb that is NULL.
This results in the following kernel panic:
<1>Unable to handle kernel pointer dereference at virtual kernel address (null)
<4>Oops: 0004 [#1] PREEMPT SMP DEBUG_PAGEALLOC
<4>Modules linked in: af_iucv sunrpc qeth_l3 dm_multipath dm_mod vmur qeth ccwgroup
<4>CPU: 0 Not tainted 2.6.30 #4
<4>Process client-iucv (pid: 4787, task: 0000000034e75940, ksp: 00000000353e3710)
<4>Krnl PSW : 0704000180000000 000000000043ebca (sock_queue_rcv_skb+0x7a/0x138)
<4> R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:0 PM:0 EA:3
<4>Krnl GPRS: 0052900000000000 000003e0016e0fe8 0000000000000000 0000000000000000
<4> 000000000043eba8 0000000000000002 0000000000000001 00000000341aa7f0
<4> 0000000000000000 0000000000007800 0000000000000000 0000000000000000
<4> 00000000341aa7f0 0000000000594650 000000000043eba8 000000003fc2fb28
<4>Krnl Code: 000000000043ebbe: a7840006 brc 8,43ebca
<4> 000000000043ebc2: 5930c23c c %r3,572(%r12)
<4> 000000000043ebc6: a724004c brc 2,43ec5e
<4> >000000000043ebca: e3c0b0100024 stg %r12,16(%r11)
<4> 000000000043ebd0: a7190000 lghi %r1,0
<4> 000000000043ebd4: e310b0200024 stg %r1,32(%r11)
<4> 000000000043ebda: c010ffffdce9 larl %r1,43a5ac
<4> 000000000043ebe0: e310b0800024 stg %r1,128(%r11)
<4>Call Trace:
<4>([<000000000043eba8>] sock_queue_rcv_skb+0x58/0x138)
<4> [<000003e0016bcf2a>] iucv_process_message+0x112/0x3cc [af_iucv]
<4> [<000003e0016bd3d4>] iucv_callback_rx+0x1f0/0x274 [af_iucv]
<4> [<000000000053a21a>] iucv_message_pending+0xa2/0x120
<4> [<000000000053b5a6>] iucv_tasklet_fn+0x176/0x1b8
<4> [<000000000014fa82>] tasklet_action+0xfe/0x1f4
<4> [<0000000000150a56>] __do_softirq+0x116/0x284
<4> [<0000000000111058>] do_softirq+0xe4/0xe8
<4> [<00000000001504ba>] irq_exit+0xba/0xd8
<4> [<000000000010e0b2>] do_extint+0x146/0x190
<4> [<00000000001184b6>] ext_no_vtime+0x1e/0x22
<4> [<00000000001fbf4e>] kfree+0x202/0x28c
<4>([<00000000001fbf44>] kfree+0x1f8/0x28c)
<4> [<000000000044205a>] __kfree_skb+0x32/0x124
<4> [<000003e0016bd8b2>] iucv_sock_recvmsg+0x236/0x41c [af_iucv]
<4> [<0000000000437042>] sock_aio_read+0x136/0x160
<4> [<0000000000205e50>] do_sync_read+0xe4/0x13c
<4> [<0000000000206dce>] vfs_read+0x152/0x15c
<4> [<0000000000206ed0>] SyS_read+0x54/0xac
<4> [<0000000000117c8e>] sysc_noemu+0x10/0x16
<4> [<00000042ff8def3c>] 0x42ff8def3c
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-09-15 22:37:28 -06:00
|
|
|
/* iucv_process_message() - Receive a single outstanding IUCV message
|
|
|
|
*
|
|
|
|
* Locking: must be called with message_q.lock held
|
|
|
|
*/
|
2007-10-08 03:03:31 -06:00
|
|
|
static void iucv_process_message(struct sock *sk, struct sk_buff *skb,
|
|
|
|
struct iucv_path *path,
|
|
|
|
struct iucv_message *msg)
|
|
|
|
{
|
|
|
|
int rc;
|
2009-04-21 17:26:23 -06:00
|
|
|
unsigned int len;
|
|
|
|
|
|
|
|
len = iucv_msg_length(msg);
|
2007-10-08 03:03:31 -06:00
|
|
|
|
2009-04-21 17:26:24 -06:00
|
|
|
/* store msg target class in the second 4 bytes of skb ctrl buffer */
|
|
|
|
/* Note: the first 4 bytes are reserved for msg tag */
|
|
|
|
memcpy(CB_TRGCLS(skb), &msg->class, CB_TRGCLS_LEN);
|
|
|
|
|
2009-04-21 17:26:23 -06:00
|
|
|
/* check for special IPRM messages (e.g. iucv_sock_shutdown) */
|
|
|
|
if ((msg->flags & IUCV_IPRMDATA) && len > 7) {
|
|
|
|
if (memcmp(msg->rmmsg, iprm_shutdown, 8) == 0) {
|
|
|
|
skb->data = NULL;
|
|
|
|
skb->len = 0;
|
|
|
|
}
|
2007-10-08 03:03:31 -06:00
|
|
|
} else {
|
2009-04-21 17:26:23 -06:00
|
|
|
rc = iucv_message_receive(path, msg, msg->flags & IUCV_IPRMDATA,
|
|
|
|
skb->data, len, NULL);
|
2007-10-08 03:03:31 -06:00
|
|
|
if (rc) {
|
|
|
|
kfree_skb(skb);
|
|
|
|
return;
|
|
|
|
}
|
2009-04-21 17:26:25 -06:00
|
|
|
/* we need to fragment iucv messages for SOCK_STREAM only;
|
|
|
|
* for SOCK_SEQPACKET, it is only relevant if we support
|
|
|
|
* record segmentation using MSG_EOR (see also recvmsg()) */
|
|
|
|
if (sk->sk_type == SOCK_STREAM &&
|
|
|
|
skb->truesize >= sk->sk_rcvbuf / 4) {
|
2009-04-21 17:26:23 -06:00
|
|
|
rc = iucv_fragment_skb(sk, skb, len);
|
2007-10-08 03:03:31 -06:00
|
|
|
kfree_skb(skb);
|
|
|
|
skb = NULL;
|
|
|
|
if (rc) {
|
|
|
|
iucv_path_sever(path, NULL);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
skb = skb_dequeue(&iucv_sk(sk)->backlog_skb_q);
|
|
|
|
} else {
|
|
|
|
skb_reset_transport_header(skb);
|
|
|
|
skb_reset_network_header(skb);
|
2009-04-21 17:26:23 -06:00
|
|
|
skb->len = len;
|
2007-10-08 03:03:31 -06:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sock_queue_rcv_skb(sk, skb))
|
|
|
|
skb_queue_head(&iucv_sk(sk)->backlog_skb_q, skb);
|
|
|
|
}
|
|
|
|
|
af_iucv: fix race when queueing skbs on the backlog queue
iucv_sock_recvmsg() and iucv_process_message()/iucv_fragment_skb race
for dequeuing an skb from the backlog queue.
If iucv_sock_recvmsg() dequeues first, iucv_process_message() calls
sock_queue_rcv_skb() with an skb that is NULL.
This results in the following kernel panic:
<1>Unable to handle kernel pointer dereference at virtual kernel address (null)
<4>Oops: 0004 [#1] PREEMPT SMP DEBUG_PAGEALLOC
<4>Modules linked in: af_iucv sunrpc qeth_l3 dm_multipath dm_mod vmur qeth ccwgroup
<4>CPU: 0 Not tainted 2.6.30 #4
<4>Process client-iucv (pid: 4787, task: 0000000034e75940, ksp: 00000000353e3710)
<4>Krnl PSW : 0704000180000000 000000000043ebca (sock_queue_rcv_skb+0x7a/0x138)
<4> R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:0 PM:0 EA:3
<4>Krnl GPRS: 0052900000000000 000003e0016e0fe8 0000000000000000 0000000000000000
<4> 000000000043eba8 0000000000000002 0000000000000001 00000000341aa7f0
<4> 0000000000000000 0000000000007800 0000000000000000 0000000000000000
<4> 00000000341aa7f0 0000000000594650 000000000043eba8 000000003fc2fb28
<4>Krnl Code: 000000000043ebbe: a7840006 brc 8,43ebca
<4> 000000000043ebc2: 5930c23c c %r3,572(%r12)
<4> 000000000043ebc6: a724004c brc 2,43ec5e
<4> >000000000043ebca: e3c0b0100024 stg %r12,16(%r11)
<4> 000000000043ebd0: a7190000 lghi %r1,0
<4> 000000000043ebd4: e310b0200024 stg %r1,32(%r11)
<4> 000000000043ebda: c010ffffdce9 larl %r1,43a5ac
<4> 000000000043ebe0: e310b0800024 stg %r1,128(%r11)
<4>Call Trace:
<4>([<000000000043eba8>] sock_queue_rcv_skb+0x58/0x138)
<4> [<000003e0016bcf2a>] iucv_process_message+0x112/0x3cc [af_iucv]
<4> [<000003e0016bd3d4>] iucv_callback_rx+0x1f0/0x274 [af_iucv]
<4> [<000000000053a21a>] iucv_message_pending+0xa2/0x120
<4> [<000000000053b5a6>] iucv_tasklet_fn+0x176/0x1b8
<4> [<000000000014fa82>] tasklet_action+0xfe/0x1f4
<4> [<0000000000150a56>] __do_softirq+0x116/0x284
<4> [<0000000000111058>] do_softirq+0xe4/0xe8
<4> [<00000000001504ba>] irq_exit+0xba/0xd8
<4> [<000000000010e0b2>] do_extint+0x146/0x190
<4> [<00000000001184b6>] ext_no_vtime+0x1e/0x22
<4> [<00000000001fbf4e>] kfree+0x202/0x28c
<4>([<00000000001fbf44>] kfree+0x1f8/0x28c)
<4> [<000000000044205a>] __kfree_skb+0x32/0x124
<4> [<000003e0016bd8b2>] iucv_sock_recvmsg+0x236/0x41c [af_iucv]
<4> [<0000000000437042>] sock_aio_read+0x136/0x160
<4> [<0000000000205e50>] do_sync_read+0xe4/0x13c
<4> [<0000000000206dce>] vfs_read+0x152/0x15c
<4> [<0000000000206ed0>] SyS_read+0x54/0xac
<4> [<0000000000117c8e>] sysc_noemu+0x10/0x16
<4> [<00000042ff8def3c>] 0x42ff8def3c
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-09-15 22:37:28 -06:00
|
|
|
/* iucv_process_message_q() - Process outstanding IUCV messages
|
|
|
|
*
|
|
|
|
* Locking: must be called with message_q.lock held
|
|
|
|
*/
|
2007-10-08 03:03:31 -06:00
|
|
|
static void iucv_process_message_q(struct sock *sk)
|
|
|
|
{
|
|
|
|
struct iucv_sock *iucv = iucv_sk(sk);
|
|
|
|
struct sk_buff *skb;
|
|
|
|
struct sock_msg_q *p, *n;
|
|
|
|
|
|
|
|
list_for_each_entry_safe(p, n, &iucv->message_q.list, list) {
|
2009-04-21 17:26:23 -06:00
|
|
|
skb = alloc_skb(iucv_msg_length(&p->msg), GFP_ATOMIC | GFP_DMA);
|
2007-10-08 03:03:31 -06:00
|
|
|
if (!skb)
|
|
|
|
break;
|
|
|
|
iucv_process_message(sk, skb, p->path, &p->msg);
|
|
|
|
list_del(&p->list);
|
|
|
|
kfree(p);
|
|
|
|
if (!skb_queue_empty(&iucv->backlog_skb_q))
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-02-08 14:51:54 -07:00
|
|
|
static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
|
|
|
|
struct msghdr *msg, size_t len, int flags)
|
|
|
|
{
|
|
|
|
int noblock = flags & MSG_DONTWAIT;
|
|
|
|
struct sock *sk = sock->sk;
|
2007-05-04 13:22:07 -06:00
|
|
|
struct iucv_sock *iucv = iucv_sk(sk);
|
2009-04-21 17:26:25 -06:00
|
|
|
unsigned int copied, rlen;
|
2007-05-04 13:22:07 -06:00
|
|
|
struct sk_buff *skb, *rskb, *cskb;
|
2007-02-08 14:51:54 -07:00
|
|
|
int err = 0;
|
|
|
|
|
2007-05-04 13:22:07 -06:00
|
|
|
if ((sk->sk_state == IUCV_DISCONN || sk->sk_state == IUCV_SEVERED) &&
|
2007-10-08 03:03:31 -06:00
|
|
|
skb_queue_empty(&iucv->backlog_skb_q) &&
|
|
|
|
skb_queue_empty(&sk->sk_receive_queue) &&
|
|
|
|
list_empty(&iucv->message_q.list))
|
2007-05-04 13:22:07 -06:00
|
|
|
return 0;
|
|
|
|
|
2007-02-08 14:51:54 -07:00
|
|
|
if (flags & (MSG_OOB))
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
2009-04-21 00:04:21 -06:00
|
|
|
/* receive/dequeue next skb:
|
|
|
|
* the function understands MSG_PEEK and, thus, does not dequeue skb */
|
2007-02-08 14:51:54 -07:00
|
|
|
skb = skb_recv_datagram(sk, flags, noblock, &err);
|
|
|
|
if (!skb) {
|
|
|
|
if (sk->sk_shutdown & RCV_SHUTDOWN)
|
|
|
|
return 0;
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2009-04-21 17:26:25 -06:00
|
|
|
rlen = skb->len; /* real length of skb */
|
|
|
|
copied = min_t(unsigned int, rlen, len);
|
2007-02-08 14:51:54 -07:00
|
|
|
|
2007-05-04 13:22:07 -06:00
|
|
|
cskb = skb;
|
|
|
|
if (memcpy_toiovec(msg->msg_iov, cskb->data, copied)) {
|
2009-04-21 17:26:26 -06:00
|
|
|
if (!(flags & MSG_PEEK))
|
|
|
|
skb_queue_head(&sk->sk_receive_queue, skb);
|
|
|
|
return -EFAULT;
|
2007-02-08 14:51:54 -07:00
|
|
|
}
|
|
|
|
|
2009-04-21 17:26:25 -06:00
|
|
|
/* SOCK_SEQPACKET: set MSG_TRUNC if recv buf size is too small */
|
|
|
|
if (sk->sk_type == SOCK_SEQPACKET) {
|
|
|
|
if (copied < rlen)
|
|
|
|
msg->msg_flags |= MSG_TRUNC;
|
|
|
|
/* each iucv message contains a complete record */
|
|
|
|
msg->msg_flags |= MSG_EOR;
|
|
|
|
}
|
2007-02-08 14:51:54 -07:00
|
|
|
|
2009-04-21 17:26:24 -06:00
|
|
|
/* create control message to store iucv msg target class:
|
|
|
|
* get the trgcls from the control buffer of the skb due to
|
|
|
|
* fragmentation of original iucv message. */
|
|
|
|
err = put_cmsg(msg, SOL_IUCV, SCM_IUCV_TRGCLS,
|
|
|
|
CB_TRGCLS_LEN, CB_TRGCLS(skb));
|
|
|
|
if (err) {
|
|
|
|
if (!(flags & MSG_PEEK))
|
|
|
|
skb_queue_head(&sk->sk_receive_queue, skb);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2007-02-08 14:51:54 -07:00
|
|
|
/* Mark read part of skb as used */
|
|
|
|
if (!(flags & MSG_PEEK)) {
|
|
|
|
|
2009-04-21 17:26:25 -06:00
|
|
|
/* SOCK_STREAM: re-queue skb if it contains unreceived data */
|
|
|
|
if (sk->sk_type == SOCK_STREAM) {
|
|
|
|
skb_pull(skb, copied);
|
|
|
|
if (skb->len) {
|
|
|
|
skb_queue_head(&sk->sk_receive_queue, skb);
|
|
|
|
goto done;
|
|
|
|
}
|
2007-02-08 14:51:54 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
kfree_skb(skb);
|
2007-05-04 13:22:07 -06:00
|
|
|
|
|
|
|
/* Queue backlog skbs */
|
af_iucv: fix race when queueing skbs on the backlog queue
iucv_sock_recvmsg() and iucv_process_message()/iucv_fragment_skb race
for dequeuing an skb from the backlog queue.
If iucv_sock_recvmsg() dequeues first, iucv_process_message() calls
sock_queue_rcv_skb() with an skb that is NULL.
This results in the following kernel panic:
<1>Unable to handle kernel pointer dereference at virtual kernel address (null)
<4>Oops: 0004 [#1] PREEMPT SMP DEBUG_PAGEALLOC
<4>Modules linked in: af_iucv sunrpc qeth_l3 dm_multipath dm_mod vmur qeth ccwgroup
<4>CPU: 0 Not tainted 2.6.30 #4
<4>Process client-iucv (pid: 4787, task: 0000000034e75940, ksp: 00000000353e3710)
<4>Krnl PSW : 0704000180000000 000000000043ebca (sock_queue_rcv_skb+0x7a/0x138)
<4> R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:0 PM:0 EA:3
<4>Krnl GPRS: 0052900000000000 000003e0016e0fe8 0000000000000000 0000000000000000
<4> 000000000043eba8 0000000000000002 0000000000000001 00000000341aa7f0
<4> 0000000000000000 0000000000007800 0000000000000000 0000000000000000
<4> 00000000341aa7f0 0000000000594650 000000000043eba8 000000003fc2fb28
<4>Krnl Code: 000000000043ebbe: a7840006 brc 8,43ebca
<4> 000000000043ebc2: 5930c23c c %r3,572(%r12)
<4> 000000000043ebc6: a724004c brc 2,43ec5e
<4> >000000000043ebca: e3c0b0100024 stg %r12,16(%r11)
<4> 000000000043ebd0: a7190000 lghi %r1,0
<4> 000000000043ebd4: e310b0200024 stg %r1,32(%r11)
<4> 000000000043ebda: c010ffffdce9 larl %r1,43a5ac
<4> 000000000043ebe0: e310b0800024 stg %r1,128(%r11)
<4>Call Trace:
<4>([<000000000043eba8>] sock_queue_rcv_skb+0x58/0x138)
<4> [<000003e0016bcf2a>] iucv_process_message+0x112/0x3cc [af_iucv]
<4> [<000003e0016bd3d4>] iucv_callback_rx+0x1f0/0x274 [af_iucv]
<4> [<000000000053a21a>] iucv_message_pending+0xa2/0x120
<4> [<000000000053b5a6>] iucv_tasklet_fn+0x176/0x1b8
<4> [<000000000014fa82>] tasklet_action+0xfe/0x1f4
<4> [<0000000000150a56>] __do_softirq+0x116/0x284
<4> [<0000000000111058>] do_softirq+0xe4/0xe8
<4> [<00000000001504ba>] irq_exit+0xba/0xd8
<4> [<000000000010e0b2>] do_extint+0x146/0x190
<4> [<00000000001184b6>] ext_no_vtime+0x1e/0x22
<4> [<00000000001fbf4e>] kfree+0x202/0x28c
<4>([<00000000001fbf44>] kfree+0x1f8/0x28c)
<4> [<000000000044205a>] __kfree_skb+0x32/0x124
<4> [<000003e0016bd8b2>] iucv_sock_recvmsg+0x236/0x41c [af_iucv]
<4> [<0000000000437042>] sock_aio_read+0x136/0x160
<4> [<0000000000205e50>] do_sync_read+0xe4/0x13c
<4> [<0000000000206dce>] vfs_read+0x152/0x15c
<4> [<0000000000206ed0>] SyS_read+0x54/0xac
<4> [<0000000000117c8e>] sysc_noemu+0x10/0x16
<4> [<00000042ff8def3c>] 0x42ff8def3c
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-09-15 22:37:28 -06:00
|
|
|
spin_lock_bh(&iucv->message_q.lock);
|
2007-10-08 03:03:31 -06:00
|
|
|
rskb = skb_dequeue(&iucv->backlog_skb_q);
|
2007-05-04 13:23:27 -06:00
|
|
|
while (rskb) {
|
2007-05-04 13:22:07 -06:00
|
|
|
if (sock_queue_rcv_skb(sk, rskb)) {
|
2007-10-08 03:03:31 -06:00
|
|
|
skb_queue_head(&iucv->backlog_skb_q,
|
2007-05-04 13:22:07 -06:00
|
|
|
rskb);
|
|
|
|
break;
|
|
|
|
} else {
|
2007-10-08 03:03:31 -06:00
|
|
|
rskb = skb_dequeue(&iucv->backlog_skb_q);
|
2007-05-04 13:22:07 -06:00
|
|
|
}
|
|
|
|
}
|
2007-10-08 03:03:31 -06:00
|
|
|
if (skb_queue_empty(&iucv->backlog_skb_q)) {
|
|
|
|
if (!list_empty(&iucv->message_q.list))
|
|
|
|
iucv_process_message_q(sk);
|
|
|
|
}
|
af_iucv: fix race when queueing skbs on the backlog queue
iucv_sock_recvmsg() and iucv_process_message()/iucv_fragment_skb race
for dequeuing an skb from the backlog queue.
If iucv_sock_recvmsg() dequeues first, iucv_process_message() calls
sock_queue_rcv_skb() with an skb that is NULL.
This results in the following kernel panic:
<1>Unable to handle kernel pointer dereference at virtual kernel address (null)
<4>Oops: 0004 [#1] PREEMPT SMP DEBUG_PAGEALLOC
<4>Modules linked in: af_iucv sunrpc qeth_l3 dm_multipath dm_mod vmur qeth ccwgroup
<4>CPU: 0 Not tainted 2.6.30 #4
<4>Process client-iucv (pid: 4787, task: 0000000034e75940, ksp: 00000000353e3710)
<4>Krnl PSW : 0704000180000000 000000000043ebca (sock_queue_rcv_skb+0x7a/0x138)
<4> R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:0 PM:0 EA:3
<4>Krnl GPRS: 0052900000000000 000003e0016e0fe8 0000000000000000 0000000000000000
<4> 000000000043eba8 0000000000000002 0000000000000001 00000000341aa7f0
<4> 0000000000000000 0000000000007800 0000000000000000 0000000000000000
<4> 00000000341aa7f0 0000000000594650 000000000043eba8 000000003fc2fb28
<4>Krnl Code: 000000000043ebbe: a7840006 brc 8,43ebca
<4> 000000000043ebc2: 5930c23c c %r3,572(%r12)
<4> 000000000043ebc6: a724004c brc 2,43ec5e
<4> >000000000043ebca: e3c0b0100024 stg %r12,16(%r11)
<4> 000000000043ebd0: a7190000 lghi %r1,0
<4> 000000000043ebd4: e310b0200024 stg %r1,32(%r11)
<4> 000000000043ebda: c010ffffdce9 larl %r1,43a5ac
<4> 000000000043ebe0: e310b0800024 stg %r1,128(%r11)
<4>Call Trace:
<4>([<000000000043eba8>] sock_queue_rcv_skb+0x58/0x138)
<4> [<000003e0016bcf2a>] iucv_process_message+0x112/0x3cc [af_iucv]
<4> [<000003e0016bd3d4>] iucv_callback_rx+0x1f0/0x274 [af_iucv]
<4> [<000000000053a21a>] iucv_message_pending+0xa2/0x120
<4> [<000000000053b5a6>] iucv_tasklet_fn+0x176/0x1b8
<4> [<000000000014fa82>] tasklet_action+0xfe/0x1f4
<4> [<0000000000150a56>] __do_softirq+0x116/0x284
<4> [<0000000000111058>] do_softirq+0xe4/0xe8
<4> [<00000000001504ba>] irq_exit+0xba/0xd8
<4> [<000000000010e0b2>] do_extint+0x146/0x190
<4> [<00000000001184b6>] ext_no_vtime+0x1e/0x22
<4> [<00000000001fbf4e>] kfree+0x202/0x28c
<4>([<00000000001fbf44>] kfree+0x1f8/0x28c)
<4> [<000000000044205a>] __kfree_skb+0x32/0x124
<4> [<000003e0016bd8b2>] iucv_sock_recvmsg+0x236/0x41c [af_iucv]
<4> [<0000000000437042>] sock_aio_read+0x136/0x160
<4> [<0000000000205e50>] do_sync_read+0xe4/0x13c
<4> [<0000000000206dce>] vfs_read+0x152/0x15c
<4> [<0000000000206ed0>] SyS_read+0x54/0xac
<4> [<0000000000117c8e>] sysc_noemu+0x10/0x16
<4> [<00000042ff8def3c>] 0x42ff8def3c
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-09-15 22:37:28 -06:00
|
|
|
spin_unlock_bh(&iucv->message_q.lock);
|
2009-04-21 00:04:21 -06:00
|
|
|
}
|
2007-02-08 14:51:54 -07:00
|
|
|
|
|
|
|
done:
|
2009-04-21 17:26:25 -06:00
|
|
|
/* SOCK_SEQPACKET: return real length if MSG_TRUNC is set */
|
|
|
|
if (sk->sk_type == SOCK_SEQPACKET && (flags & MSG_TRUNC))
|
|
|
|
copied = rlen;
|
|
|
|
|
|
|
|
return copied;
|
2007-02-08 14:51:54 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static inline unsigned int iucv_accept_poll(struct sock *parent)
|
|
|
|
{
|
|
|
|
struct iucv_sock *isk, *n;
|
|
|
|
struct sock *sk;
|
|
|
|
|
2007-05-04 13:23:27 -06:00
|
|
|
list_for_each_entry_safe(isk, n, &iucv_sk(parent)->accept_q, accept_q) {
|
2007-02-08 14:51:54 -07:00
|
|
|
sk = (struct sock *) isk;
|
|
|
|
|
|
|
|
if (sk->sk_state == IUCV_CONNECTED)
|
|
|
|
return POLLIN | POLLRDNORM;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
unsigned int iucv_sock_poll(struct file *file, struct socket *sock,
|
|
|
|
poll_table *wait)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
unsigned int mask = 0;
|
|
|
|
|
2009-07-08 06:09:13 -06:00
|
|
|
sock_poll_wait(file, sk->sk_sleep, wait);
|
2007-02-08 14:51:54 -07:00
|
|
|
|
|
|
|
if (sk->sk_state == IUCV_LISTEN)
|
|
|
|
return iucv_accept_poll(sk);
|
|
|
|
|
|
|
|
if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
|
|
|
|
mask |= POLLERR;
|
|
|
|
|
|
|
|
if (sk->sk_shutdown & RCV_SHUTDOWN)
|
|
|
|
mask |= POLLRDHUP;
|
|
|
|
|
|
|
|
if (sk->sk_shutdown == SHUTDOWN_MASK)
|
|
|
|
mask |= POLLHUP;
|
|
|
|
|
|
|
|
if (!skb_queue_empty(&sk->sk_receive_queue) ||
|
2007-05-04 13:23:27 -06:00
|
|
|
(sk->sk_shutdown & RCV_SHUTDOWN))
|
2007-02-08 14:51:54 -07:00
|
|
|
mask |= POLLIN | POLLRDNORM;
|
|
|
|
|
|
|
|
if (sk->sk_state == IUCV_CLOSED)
|
|
|
|
mask |= POLLHUP;
|
|
|
|
|
2007-05-04 13:22:07 -06:00
|
|
|
if (sk->sk_state == IUCV_DISCONN || sk->sk_state == IUCV_SEVERED)
|
|
|
|
mask |= POLLIN;
|
|
|
|
|
2007-02-08 14:51:54 -07:00
|
|
|
if (sock_writeable(sk))
|
|
|
|
mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
|
|
|
|
else
|
|
|
|
set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
|
|
|
|
|
|
|
|
return mask;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int iucv_sock_shutdown(struct socket *sock, int how)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct iucv_sock *iucv = iucv_sk(sk);
|
|
|
|
struct iucv_message txmsg;
|
|
|
|
int err = 0;
|
|
|
|
|
|
|
|
how++;
|
|
|
|
|
|
|
|
if ((how & ~SHUTDOWN_MASK) || !how)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
lock_sock(sk);
|
2007-05-04 13:23:27 -06:00
|
|
|
switch (sk->sk_state) {
|
2009-04-21 00:04:23 -06:00
|
|
|
case IUCV_DISCONN:
|
|
|
|
case IUCV_CLOSING:
|
|
|
|
case IUCV_SEVERED:
|
2007-02-08 14:51:54 -07:00
|
|
|
case IUCV_CLOSED:
|
|
|
|
err = -ENOTCONN;
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
default:
|
|
|
|
sk->sk_shutdown |= how;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (how == SEND_SHUTDOWN || how == SHUTDOWN_MASK) {
|
|
|
|
txmsg.class = 0;
|
|
|
|
txmsg.tag = 0;
|
|
|
|
err = iucv_message_send(iucv->path, &txmsg, IUCV_IPRMDATA, 0,
|
2009-04-21 17:26:23 -06:00
|
|
|
(void *) iprm_shutdown, 8);
|
2007-02-08 14:51:54 -07:00
|
|
|
if (err) {
|
2007-05-04 13:23:27 -06:00
|
|
|
switch (err) {
|
2007-02-08 14:51:54 -07:00
|
|
|
case 1:
|
|
|
|
err = -ENOTCONN;
|
|
|
|
break;
|
|
|
|
case 2:
|
|
|
|
err = -ECONNRESET;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
err = -ENOTCONN;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (how == RCV_SHUTDOWN || how == SHUTDOWN_MASK) {
|
|
|
|
err = iucv_path_quiesce(iucv_sk(sk)->path, NULL);
|
|
|
|
if (err)
|
|
|
|
err = -ENOTCONN;
|
|
|
|
|
|
|
|
skb_queue_purge(&sk->sk_receive_queue);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Wake up anyone sleeping in poll */
|
|
|
|
sk->sk_state_change(sk);
|
|
|
|
|
|
|
|
fail:
|
|
|
|
release_sock(sk);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int iucv_sock_release(struct socket *sock)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
int err = 0;
|
|
|
|
|
|
|
|
if (!sk)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
iucv_sock_close(sk);
|
|
|
|
|
|
|
|
/* Unregister with IUCV base support */
|
|
|
|
if (iucv_sk(sk)->path) {
|
|
|
|
iucv_path_sever(iucv_sk(sk)->path, NULL);
|
|
|
|
iucv_path_free(iucv_sk(sk)->path);
|
|
|
|
iucv_sk(sk)->path = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
sock_orphan(sk);
|
|
|
|
iucv_sock_kill(sk);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2009-04-21 17:26:22 -06:00
|
|
|
/* getsockopt and setsockopt */
|
|
|
|
static int iucv_sock_setsockopt(struct socket *sock, int level, int optname,
|
2009-09-30 17:12:20 -06:00
|
|
|
char __user *optval, unsigned int optlen)
|
2009-04-21 17:26:22 -06:00
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct iucv_sock *iucv = iucv_sk(sk);
|
|
|
|
int val;
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
if (level != SOL_IUCV)
|
|
|
|
return -ENOPROTOOPT;
|
|
|
|
|
|
|
|
if (optlen < sizeof(int))
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
if (get_user(val, (int __user *) optval))
|
|
|
|
return -EFAULT;
|
|
|
|
|
|
|
|
rc = 0;
|
|
|
|
|
|
|
|
lock_sock(sk);
|
|
|
|
switch (optname) {
|
|
|
|
case SO_IPRMDATA_MSG:
|
|
|
|
if (val)
|
|
|
|
iucv->flags |= IUCV_IPRMDATA;
|
|
|
|
else
|
|
|
|
iucv->flags &= ~IUCV_IPRMDATA;
|
|
|
|
break;
|
2009-04-21 17:26:27 -06:00
|
|
|
case SO_MSGLIMIT:
|
|
|
|
switch (sk->sk_state) {
|
|
|
|
case IUCV_OPEN:
|
|
|
|
case IUCV_BOUND:
|
|
|
|
if (val < 1 || val > (u16)(~0))
|
|
|
|
rc = -EINVAL;
|
|
|
|
else
|
|
|
|
iucv->msglimit = val;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
rc = -EINVAL;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
break;
|
2009-04-21 17:26:22 -06:00
|
|
|
default:
|
|
|
|
rc = -ENOPROTOOPT;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
release_sock(sk);
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int iucv_sock_getsockopt(struct socket *sock, int level, int optname,
|
|
|
|
char __user *optval, int __user *optlen)
|
|
|
|
{
|
|
|
|
struct sock *sk = sock->sk;
|
|
|
|
struct iucv_sock *iucv = iucv_sk(sk);
|
|
|
|
int val, len;
|
|
|
|
|
|
|
|
if (level != SOL_IUCV)
|
|
|
|
return -ENOPROTOOPT;
|
|
|
|
|
|
|
|
if (get_user(len, optlen))
|
|
|
|
return -EFAULT;
|
|
|
|
|
|
|
|
if (len < 0)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
len = min_t(unsigned int, len, sizeof(int));
|
|
|
|
|
|
|
|
switch (optname) {
|
|
|
|
case SO_IPRMDATA_MSG:
|
|
|
|
val = (iucv->flags & IUCV_IPRMDATA) ? 1 : 0;
|
|
|
|
break;
|
2009-04-21 17:26:27 -06:00
|
|
|
case SO_MSGLIMIT:
|
|
|
|
lock_sock(sk);
|
|
|
|
val = (iucv->path != NULL) ? iucv->path->msglim /* connected */
|
|
|
|
: iucv->msglimit; /* default */
|
|
|
|
release_sock(sk);
|
|
|
|
break;
|
2009-04-21 17:26:22 -06:00
|
|
|
default:
|
|
|
|
return -ENOPROTOOPT;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (put_user(len, optlen))
|
|
|
|
return -EFAULT;
|
|
|
|
if (copy_to_user(optval, &val, len))
|
|
|
|
return -EFAULT;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2007-02-08 14:51:54 -07:00
|
|
|
/* Callback wrappers - called from iucv base support */
|
|
|
|
static int iucv_callback_connreq(struct iucv_path *path,
|
|
|
|
u8 ipvmid[8], u8 ipuser[16])
|
|
|
|
{
|
|
|
|
unsigned char user_data[16];
|
|
|
|
unsigned char nuser_data[16];
|
|
|
|
unsigned char src_name[8];
|
|
|
|
struct hlist_node *node;
|
|
|
|
struct sock *sk, *nsk;
|
|
|
|
struct iucv_sock *iucv, *niucv;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
memcpy(src_name, ipuser, 8);
|
|
|
|
EBCASC(src_name, 8);
|
|
|
|
/* Find out if this path belongs to af_iucv. */
|
|
|
|
read_lock(&iucv_sk_list.lock);
|
|
|
|
iucv = NULL;
|
2007-07-14 20:04:25 -06:00
|
|
|
sk = NULL;
|
2007-02-08 14:51:54 -07:00
|
|
|
sk_for_each(sk, node, &iucv_sk_list.head)
|
|
|
|
if (sk->sk_state == IUCV_LISTEN &&
|
|
|
|
!memcmp(&iucv_sk(sk)->src_name, src_name, 8)) {
|
|
|
|
/*
|
|
|
|
* Found a listening socket with
|
|
|
|
* src_name == ipuser[0-7].
|
|
|
|
*/
|
|
|
|
iucv = iucv_sk(sk);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
read_unlock(&iucv_sk_list.lock);
|
|
|
|
if (!iucv)
|
|
|
|
/* No socket found, not one of our paths. */
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
bh_lock_sock(sk);
|
|
|
|
|
|
|
|
/* Check if parent socket is listening */
|
|
|
|
low_nmcpy(user_data, iucv->src_name);
|
|
|
|
high_nmcpy(user_data, iucv->dst_name);
|
|
|
|
ASCEBC(user_data, sizeof(user_data));
|
|
|
|
if (sk->sk_state != IUCV_LISTEN) {
|
|
|
|
err = iucv_path_sever(path, user_data);
|
2009-01-05 19:08:23 -07:00
|
|
|
iucv_path_free(path);
|
2007-02-08 14:51:54 -07:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Check for backlog size */
|
|
|
|
if (sk_acceptq_is_full(sk)) {
|
|
|
|
err = iucv_path_sever(path, user_data);
|
2009-01-05 19:08:23 -07:00
|
|
|
iucv_path_free(path);
|
2007-02-08 14:51:54 -07:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Create the new socket */
|
2009-04-21 17:26:25 -06:00
|
|
|
nsk = iucv_sock_alloc(NULL, sk->sk_type, GFP_ATOMIC);
|
2007-05-04 13:23:27 -06:00
|
|
|
if (!nsk) {
|
2007-02-08 14:51:54 -07:00
|
|
|
err = iucv_path_sever(path, user_data);
|
2009-01-05 19:08:23 -07:00
|
|
|
iucv_path_free(path);
|
2007-02-08 14:51:54 -07:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
niucv = iucv_sk(nsk);
|
|
|
|
iucv_sock_init(nsk, sk);
|
|
|
|
|
|
|
|
/* Set the new iucv_sock */
|
|
|
|
memcpy(niucv->dst_name, ipuser + 8, 8);
|
|
|
|
EBCASC(niucv->dst_name, 8);
|
|
|
|
memcpy(niucv->dst_user_id, ipvmid, 8);
|
|
|
|
memcpy(niucv->src_name, iucv->src_name, 8);
|
|
|
|
memcpy(niucv->src_user_id, iucv->src_user_id, 8);
|
|
|
|
niucv->path = path;
|
|
|
|
|
|
|
|
/* Call iucv_accept */
|
|
|
|
high_nmcpy(nuser_data, ipuser + 8);
|
|
|
|
memcpy(nuser_data + 8, niucv->src_name, 8);
|
|
|
|
ASCEBC(nuser_data + 8, 8);
|
|
|
|
|
2009-04-21 17:26:27 -06:00
|
|
|
/* set message limit for path based on msglimit of accepting socket */
|
|
|
|
niucv->msglimit = iucv->msglimit;
|
|
|
|
path->msglim = iucv->msglimit;
|
2007-02-08 14:51:54 -07:00
|
|
|
err = iucv_path_accept(path, &af_iucv_handler, nuser_data, nsk);
|
2007-05-04 13:23:27 -06:00
|
|
|
if (err) {
|
2007-02-08 14:51:54 -07:00
|
|
|
err = iucv_path_sever(path, user_data);
|
2009-01-05 19:08:23 -07:00
|
|
|
iucv_path_free(path);
|
|
|
|
iucv_sock_kill(nsk);
|
2007-02-08 14:51:54 -07:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
iucv_accept_enqueue(sk, nsk);
|
|
|
|
|
|
|
|
/* Wake up accept */
|
|
|
|
nsk->sk_state = IUCV_CONNECTED;
|
|
|
|
sk->sk_data_ready(sk, 1);
|
|
|
|
err = 0;
|
|
|
|
fail:
|
|
|
|
bh_unlock_sock(sk);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void iucv_callback_connack(struct iucv_path *path, u8 ipuser[16])
|
|
|
|
{
|
|
|
|
struct sock *sk = path->private;
|
|
|
|
|
|
|
|
sk->sk_state = IUCV_CONNECTED;
|
|
|
|
sk->sk_state_change(sk);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void iucv_callback_rx(struct iucv_path *path, struct iucv_message *msg)
|
|
|
|
{
|
|
|
|
struct sock *sk = path->private;
|
2007-05-04 13:22:07 -06:00
|
|
|
struct iucv_sock *iucv = iucv_sk(sk);
|
2007-10-08 03:03:31 -06:00
|
|
|
struct sk_buff *skb;
|
|
|
|
struct sock_msg_q *save_msg;
|
|
|
|
int len;
|
2007-05-04 13:22:07 -06:00
|
|
|
|
2009-04-21 00:04:22 -06:00
|
|
|
if (sk->sk_shutdown & RCV_SHUTDOWN) {
|
|
|
|
iucv_message_reject(path, msg);
|
2007-02-08 14:51:54 -07:00
|
|
|
return;
|
2009-04-21 00:04:22 -06:00
|
|
|
}
|
2007-02-08 14:51:54 -07:00
|
|
|
|
2009-04-21 00:04:24 -06:00
|
|
|
spin_lock(&iucv->message_q.lock);
|
2007-02-08 14:51:54 -07:00
|
|
|
|
2007-10-08 03:03:31 -06:00
|
|
|
if (!list_empty(&iucv->message_q.list) ||
|
|
|
|
!skb_queue_empty(&iucv->backlog_skb_q))
|
|
|
|
goto save_message;
|
|
|
|
|
|
|
|
len = atomic_read(&sk->sk_rmem_alloc);
|
2009-04-21 17:26:23 -06:00
|
|
|
len += iucv_msg_length(msg) + sizeof(struct sk_buff);
|
2007-10-08 03:03:31 -06:00
|
|
|
if (len > sk->sk_rcvbuf)
|
|
|
|
goto save_message;
|
|
|
|
|
2009-04-21 17:26:23 -06:00
|
|
|
skb = alloc_skb(iucv_msg_length(msg), GFP_ATOMIC | GFP_DMA);
|
2007-10-08 03:03:31 -06:00
|
|
|
if (!skb)
|
|
|
|
goto save_message;
|
2007-02-08 14:51:54 -07:00
|
|
|
|
2007-10-08 03:03:31 -06:00
|
|
|
iucv_process_message(sk, skb, path, msg);
|
2009-04-21 00:04:24 -06:00
|
|
|
goto out_unlock;
|
2007-02-08 14:51:54 -07:00
|
|
|
|
2007-10-08 03:03:31 -06:00
|
|
|
save_message:
|
|
|
|
save_msg = kzalloc(sizeof(struct sock_msg_q), GFP_ATOMIC | GFP_DMA);
|
2008-02-07 19:07:19 -07:00
|
|
|
if (!save_msg)
|
|
|
|
return;
|
2007-10-08 03:03:31 -06:00
|
|
|
save_msg->path = path;
|
|
|
|
save_msg->msg = *msg;
|
2007-02-08 14:51:54 -07:00
|
|
|
|
2007-10-08 03:03:31 -06:00
|
|
|
list_add_tail(&save_msg->list, &iucv->message_q.list);
|
2009-04-21 00:04:24 -06:00
|
|
|
|
|
|
|
out_unlock:
|
2007-10-08 03:03:31 -06:00
|
|
|
spin_unlock(&iucv->message_q.lock);
|
2007-02-08 14:51:54 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static void iucv_callback_txdone(struct iucv_path *path,
|
|
|
|
struct iucv_message *msg)
|
|
|
|
{
|
|
|
|
struct sock *sk = path->private;
|
2008-02-07 19:07:44 -07:00
|
|
|
struct sk_buff *this = NULL;
|
2007-02-08 14:51:54 -07:00
|
|
|
struct sk_buff_head *list = &iucv_sk(sk)->send_skb_q;
|
|
|
|
struct sk_buff *list_skb = list->next;
|
|
|
|
unsigned long flags;
|
|
|
|
|
2008-02-07 19:07:44 -07:00
|
|
|
if (!skb_queue_empty(list)) {
|
2007-05-04 13:22:07 -06:00
|
|
|
spin_lock_irqsave(&list->lock, flags);
|
|
|
|
|
2008-02-07 19:07:44 -07:00
|
|
|
while (list_skb != (struct sk_buff *)list) {
|
2009-04-21 17:26:24 -06:00
|
|
|
if (!memcmp(&msg->tag, CB_TAG(list_skb), CB_TAG_LEN)) {
|
2008-02-07 19:07:44 -07:00
|
|
|
this = list_skb;
|
|
|
|
break;
|
|
|
|
}
|
2007-05-04 13:22:07 -06:00
|
|
|
list_skb = list_skb->next;
|
2008-02-07 19:07:44 -07:00
|
|
|
}
|
|
|
|
if (this)
|
|
|
|
__skb_unlink(this, list);
|
2007-05-04 13:22:07 -06:00
|
|
|
|
|
|
|
spin_unlock_irqrestore(&list->lock, flags);
|
2007-02-08 14:51:54 -07:00
|
|
|
|
2009-06-17 15:54:48 -06:00
|
|
|
if (this) {
|
|
|
|
kfree_skb(this);
|
|
|
|
/* wake up any process waiting for sending */
|
|
|
|
iucv_sock_wake_msglim(sk);
|
|
|
|
}
|
2007-05-04 13:22:07 -06:00
|
|
|
}
|
2008-07-14 01:59:29 -06:00
|
|
|
BUG_ON(!this);
|
2007-02-08 14:51:54 -07:00
|
|
|
|
2007-05-04 13:23:27 -06:00
|
|
|
if (sk->sk_state == IUCV_CLOSING) {
|
2007-05-04 13:22:07 -06:00
|
|
|
if (skb_queue_empty(&iucv_sk(sk)->send_skb_q)) {
|
|
|
|
sk->sk_state = IUCV_CLOSED;
|
|
|
|
sk->sk_state_change(sk);
|
|
|
|
}
|
|
|
|
}
|
2007-02-08 14:51:54 -07:00
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
static void iucv_callback_connrej(struct iucv_path *path, u8 ipuser[16])
|
|
|
|
{
|
|
|
|
struct sock *sk = path->private;
|
|
|
|
|
|
|
|
if (!list_empty(&iucv_sk(sk)->accept_q))
|
|
|
|
sk->sk_state = IUCV_SEVERED;
|
|
|
|
else
|
|
|
|
sk->sk_state = IUCV_DISCONN;
|
|
|
|
|
|
|
|
sk->sk_state_change(sk);
|
|
|
|
}
|
|
|
|
|
2009-04-21 17:26:21 -06:00
|
|
|
/* called if the other communication side shuts down its RECV direction;
|
|
|
|
* in turn, the callback sets SEND_SHUTDOWN to disable sending of data.
|
|
|
|
*/
|
|
|
|
static void iucv_callback_shutdown(struct iucv_path *path, u8 ipuser[16])
|
|
|
|
{
|
|
|
|
struct sock *sk = path->private;
|
|
|
|
|
|
|
|
bh_lock_sock(sk);
|
|
|
|
if (sk->sk_state != IUCV_CLOSED) {
|
|
|
|
sk->sk_shutdown |= SEND_SHUTDOWN;
|
|
|
|
sk->sk_state_change(sk);
|
|
|
|
}
|
|
|
|
bh_unlock_sock(sk);
|
|
|
|
}
|
|
|
|
|
2009-09-14 06:23:23 -06:00
|
|
|
static const struct proto_ops iucv_sock_ops = {
|
2007-02-08 14:51:54 -07:00
|
|
|
.family = PF_IUCV,
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
.release = iucv_sock_release,
|
|
|
|
.bind = iucv_sock_bind,
|
|
|
|
.connect = iucv_sock_connect,
|
|
|
|
.listen = iucv_sock_listen,
|
|
|
|
.accept = iucv_sock_accept,
|
|
|
|
.getname = iucv_sock_getname,
|
|
|
|
.sendmsg = iucv_sock_sendmsg,
|
|
|
|
.recvmsg = iucv_sock_recvmsg,
|
|
|
|
.poll = iucv_sock_poll,
|
|
|
|
.ioctl = sock_no_ioctl,
|
|
|
|
.mmap = sock_no_mmap,
|
|
|
|
.socketpair = sock_no_socketpair,
|
|
|
|
.shutdown = iucv_sock_shutdown,
|
2009-04-21 17:26:22 -06:00
|
|
|
.setsockopt = iucv_sock_setsockopt,
|
|
|
|
.getsockopt = iucv_sock_getsockopt,
|
2007-02-08 14:51:54 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
static struct net_proto_family iucv_sock_family_ops = {
|
|
|
|
.family = AF_IUCV,
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
.create = iucv_sock_create,
|
|
|
|
};
|
|
|
|
|
2007-05-04 13:23:27 -06:00
|
|
|
static int __init afiucv_init(void)
|
2007-02-08 14:51:54 -07:00
|
|
|
{
|
|
|
|
int err;
|
|
|
|
|
|
|
|
if (!MACHINE_IS_VM) {
|
2008-12-25 05:39:47 -07:00
|
|
|
pr_err("The af_iucv module cannot be loaded"
|
|
|
|
" without z/VM\n");
|
2007-02-08 14:51:54 -07:00
|
|
|
err = -EPROTONOSUPPORT;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
cpcmd("QUERY USERID", iucv_userid, sizeof(iucv_userid), &err);
|
|
|
|
if (unlikely(err)) {
|
2008-07-14 01:59:29 -06:00
|
|
|
WARN_ON(err);
|
2007-02-08 14:51:54 -07:00
|
|
|
err = -EPROTONOSUPPORT;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
err = iucv_register(&af_iucv_handler, 0);
|
|
|
|
if (err)
|
|
|
|
goto out;
|
|
|
|
err = proto_register(&iucv_proto, 0);
|
|
|
|
if (err)
|
|
|
|
goto out_iucv;
|
|
|
|
err = sock_register(&iucv_sock_family_ops);
|
|
|
|
if (err)
|
|
|
|
goto out_proto;
|
2009-06-16 02:30:44 -06:00
|
|
|
/* establish dummy device */
|
|
|
|
err = driver_register(&af_iucv_driver);
|
|
|
|
if (err)
|
|
|
|
goto out_sock;
|
|
|
|
af_iucv_dev = kzalloc(sizeof(struct device), GFP_KERNEL);
|
|
|
|
if (!af_iucv_dev) {
|
|
|
|
err = -ENOMEM;
|
|
|
|
goto out_driver;
|
|
|
|
}
|
|
|
|
dev_set_name(af_iucv_dev, "af_iucv");
|
|
|
|
af_iucv_dev->bus = &iucv_bus;
|
|
|
|
af_iucv_dev->parent = iucv_root;
|
|
|
|
af_iucv_dev->release = (void (*)(struct device *))kfree;
|
|
|
|
af_iucv_dev->driver = &af_iucv_driver;
|
|
|
|
err = device_register(af_iucv_dev);
|
|
|
|
if (err)
|
|
|
|
goto out_driver;
|
|
|
|
|
2007-02-08 14:51:54 -07:00
|
|
|
return 0;
|
|
|
|
|
2009-06-16 02:30:44 -06:00
|
|
|
out_driver:
|
|
|
|
driver_unregister(&af_iucv_driver);
|
|
|
|
out_sock:
|
|
|
|
sock_unregister(PF_IUCV);
|
2007-02-08 14:51:54 -07:00
|
|
|
out_proto:
|
|
|
|
proto_unregister(&iucv_proto);
|
|
|
|
out_iucv:
|
|
|
|
iucv_unregister(&af_iucv_handler, 0);
|
|
|
|
out:
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void __exit afiucv_exit(void)
|
|
|
|
{
|
2009-06-16 02:30:44 -06:00
|
|
|
device_unregister(af_iucv_dev);
|
|
|
|
driver_unregister(&af_iucv_driver);
|
2007-02-08 14:51:54 -07:00
|
|
|
sock_unregister(PF_IUCV);
|
|
|
|
proto_unregister(&iucv_proto);
|
|
|
|
iucv_unregister(&af_iucv_handler, 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
module_init(afiucv_init);
|
|
|
|
module_exit(afiucv_exit);
|
|
|
|
|
|
|
|
MODULE_AUTHOR("Jennifer Hunt <jenhunt@us.ibm.com>");
|
|
|
|
MODULE_DESCRIPTION("IUCV Sockets ver " VERSION);
|
|
|
|
MODULE_VERSION(VERSION);
|
|
|
|
MODULE_LICENSE("GPL");
|
|
|
|
MODULE_ALIAS_NETPROTO(PF_IUCV);
|