1 /*
2  * net/tipc/server.c: TIPC server infrastructure
3  *
4  * Copyright (c) 2012-2013, Wind River Systems
5  * Copyright (c) 2017-2018, Ericsson AB
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions are met:
10  *
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 3. Neither the names of the copyright holders nor the names of its
17  *    contributors may be used to endorse or promote products derived from
18  *    this software without specific prior written permission.
19  *
20  * Alternatively, this software may be distributed under the terms of the
21  * GNU General Public License ("GPL") version 2 as published by the Free
22  * Software Foundation.
23  *
24  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
25  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
28  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
29  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
30  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
31  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
32  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
33  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
34  * POSSIBILITY OF SUCH DAMAGE.
35  */
36 
37 #include "subscr.h"
38 #include "topsrv.h"
39 #include "core.h"
40 #include "socket.h"
41 #include "addr.h"
42 #include "msg.h"
43 #include "bearer.h"
44 #include <net/sock.h>
45 #include <linux/module.h>
46 
47 /* Number of messages to send before rescheduling */
48 #define MAX_SEND_MSG_COUNT	25
49 #define MAX_RECV_MSG_COUNT	25
50 #define CF_CONNECTED		1
51 
52 #define TIPC_SERVER_NAME_LEN	32
53 
54 /**
55  * struct tipc_topsrv - TIPC server structure
56  * @conn_idr: identifier set of connection
57  * @idr_lock: protect the connection identifier set
58  * @idr_in_use: amount of allocated identifier entry
59  * @net: network namspace instance
60  * @awork: accept work item
61  * @rcv_wq: receive workqueue
62  * @send_wq: send workqueue
63  * @listener: topsrv listener socket
64  * @name: server name
65  */
66 struct tipc_topsrv {
67 	struct idr conn_idr;
68 	spinlock_t idr_lock; /* for idr list */
69 	int idr_in_use;
70 	struct net *net;
71 	struct work_struct awork;
72 	struct workqueue_struct *rcv_wq;
73 	struct workqueue_struct *send_wq;
74 	struct socket *listener;
75 	char name[TIPC_SERVER_NAME_LEN];
76 };
77 
78 /**
79  * struct tipc_conn - TIPC connection structure
80  * @kref: reference counter to connection object
81  * @conid: connection identifier
82  * @sock: socket handler associated with connection
83  * @flags: indicates connection state
84  * @server: pointer to connected server
85  * @sub_list: lsit to all pertaing subscriptions
86  * @sub_lock: lock protecting the subscription list
87  * @rwork: receive work item
88  * @outqueue: pointer to first outbound message in queue
89  * @outqueue_lock: control access to the outqueue
90  * @swork: send work item
91  */
92 struct tipc_conn {
93 	struct kref kref;
94 	int conid;
95 	struct socket *sock;
96 	unsigned long flags;
97 	struct tipc_topsrv *server;
98 	struct list_head sub_list;
99 	spinlock_t sub_lock; /* for subscription list */
100 	struct work_struct rwork;
101 	struct list_head outqueue;
102 	spinlock_t outqueue_lock; /* for outqueue */
103 	struct work_struct swork;
104 };
105 
106 /* An entry waiting to be sent */
107 struct outqueue_entry {
108 	bool inactive;
109 	struct tipc_event evt;
110 	struct list_head list;
111 };
112 
113 static void tipc_conn_recv_work(struct work_struct *work);
114 static void tipc_conn_send_work(struct work_struct *work);
115 static void tipc_topsrv_kern_evt(struct net *net, struct tipc_event *evt);
116 static void tipc_conn_delete_sub(struct tipc_conn *con, struct tipc_subscr *s);
117 
connected(struct tipc_conn * con)118 static bool connected(struct tipc_conn *con)
119 {
120 	return con && test_bit(CF_CONNECTED, &con->flags);
121 }
122 
tipc_conn_kref_release(struct kref * kref)123 static void tipc_conn_kref_release(struct kref *kref)
124 {
125 	struct tipc_conn *con = container_of(kref, struct tipc_conn, kref);
126 	struct tipc_topsrv *s = con->server;
127 	struct outqueue_entry *e, *safe;
128 
129 	spin_lock_bh(&s->idr_lock);
130 	idr_remove(&s->conn_idr, con->conid);
131 	s->idr_in_use--;
132 	spin_unlock_bh(&s->idr_lock);
133 	if (con->sock)
134 		sock_release(con->sock);
135 
136 	spin_lock_bh(&con->outqueue_lock);
137 	list_for_each_entry_safe(e, safe, &con->outqueue, list) {
138 		list_del(&e->list);
139 		kfree(e);
140 	}
141 	spin_unlock_bh(&con->outqueue_lock);
142 	kfree(con);
143 }
144 
conn_put(struct tipc_conn * con)145 static void conn_put(struct tipc_conn *con)
146 {
147 	kref_put(&con->kref, tipc_conn_kref_release);
148 }
149 
conn_get(struct tipc_conn * con)150 static void conn_get(struct tipc_conn *con)
151 {
152 	kref_get(&con->kref);
153 }
154 
tipc_conn_close(struct tipc_conn * con)155 static void tipc_conn_close(struct tipc_conn *con)
156 {
157 	struct sock *sk = con->sock->sk;
158 	bool disconnect = false;
159 
160 	write_lock_bh(&sk->sk_callback_lock);
161 	disconnect = test_and_clear_bit(CF_CONNECTED, &con->flags);
162 
163 	if (disconnect) {
164 		sk->sk_user_data = NULL;
165 		tipc_conn_delete_sub(con, NULL);
166 	}
167 	write_unlock_bh(&sk->sk_callback_lock);
168 
169 	/* Handle concurrent calls from sending and receiving threads */
170 	if (!disconnect)
171 		return;
172 
173 	/* Don't flush pending works, -just let them expire */
174 	kernel_sock_shutdown(con->sock, SHUT_RDWR);
175 
176 	conn_put(con);
177 }
178 
tipc_conn_alloc(struct tipc_topsrv * s)179 static struct tipc_conn *tipc_conn_alloc(struct tipc_topsrv *s)
180 {
181 	struct tipc_conn *con;
182 	int ret;
183 
184 	con = kzalloc(sizeof(*con), GFP_ATOMIC);
185 	if (!con)
186 		return ERR_PTR(-ENOMEM);
187 
188 	kref_init(&con->kref);
189 	INIT_LIST_HEAD(&con->outqueue);
190 	INIT_LIST_HEAD(&con->sub_list);
191 	spin_lock_init(&con->outqueue_lock);
192 	spin_lock_init(&con->sub_lock);
193 	INIT_WORK(&con->swork, tipc_conn_send_work);
194 	INIT_WORK(&con->rwork, tipc_conn_recv_work);
195 
196 	spin_lock_bh(&s->idr_lock);
197 	ret = idr_alloc(&s->conn_idr, con, 0, 0, GFP_ATOMIC);
198 	if (ret < 0) {
199 		kfree(con);
200 		spin_unlock_bh(&s->idr_lock);
201 		return ERR_PTR(-ENOMEM);
202 	}
203 	con->conid = ret;
204 	s->idr_in_use++;
205 	spin_unlock_bh(&s->idr_lock);
206 
207 	set_bit(CF_CONNECTED, &con->flags);
208 	con->server = s;
209 
210 	return con;
211 }
212 
tipc_conn_lookup(struct tipc_topsrv * s,int conid)213 static struct tipc_conn *tipc_conn_lookup(struct tipc_topsrv *s, int conid)
214 {
215 	struct tipc_conn *con;
216 
217 	spin_lock_bh(&s->idr_lock);
218 	con = idr_find(&s->conn_idr, conid);
219 	if (!connected(con) || !kref_get_unless_zero(&con->kref))
220 		con = NULL;
221 	spin_unlock_bh(&s->idr_lock);
222 	return con;
223 }
224 
225 /* tipc_conn_delete_sub - delete a specific or all subscriptions
226  * for a given subscriber
227  */
tipc_conn_delete_sub(struct tipc_conn * con,struct tipc_subscr * s)228 static void tipc_conn_delete_sub(struct tipc_conn *con, struct tipc_subscr *s)
229 {
230 	struct tipc_net *tn = tipc_net(con->server->net);
231 	struct list_head *sub_list = &con->sub_list;
232 	struct tipc_subscription *sub, *tmp;
233 
234 	spin_lock_bh(&con->sub_lock);
235 	list_for_each_entry_safe(sub, tmp, sub_list, sub_list) {
236 		if (!s || !memcmp(s, &sub->evt.s, sizeof(*s))) {
237 			tipc_sub_unsubscribe(sub);
238 			atomic_dec(&tn->subscription_count);
239 			if (s)
240 				break;
241 		}
242 	}
243 	spin_unlock_bh(&con->sub_lock);
244 }
245 
tipc_conn_send_to_sock(struct tipc_conn * con)246 static void tipc_conn_send_to_sock(struct tipc_conn *con)
247 {
248 	struct list_head *queue = &con->outqueue;
249 	struct tipc_topsrv *srv = con->server;
250 	struct outqueue_entry *e;
251 	struct tipc_event *evt;
252 	struct msghdr msg;
253 	struct kvec iov;
254 	int count = 0;
255 	int ret;
256 
257 	spin_lock_bh(&con->outqueue_lock);
258 
259 	while (!list_empty(queue)) {
260 		e = list_first_entry(queue, struct outqueue_entry, list);
261 		evt = &e->evt;
262 		spin_unlock_bh(&con->outqueue_lock);
263 
264 		if (e->inactive)
265 			tipc_conn_delete_sub(con, &evt->s);
266 
267 		memset(&msg, 0, sizeof(msg));
268 		msg.msg_flags = MSG_DONTWAIT;
269 		iov.iov_base = evt;
270 		iov.iov_len = sizeof(*evt);
271 		msg.msg_name = NULL;
272 
273 		if (con->sock) {
274 			ret = kernel_sendmsg(con->sock, &msg, &iov,
275 					     1, sizeof(*evt));
276 			if (ret == -EWOULDBLOCK || ret == 0) {
277 				cond_resched();
278 				return;
279 			} else if (ret < 0) {
280 				return tipc_conn_close(con);
281 			}
282 		} else {
283 			tipc_topsrv_kern_evt(srv->net, evt);
284 		}
285 
286 		/* Don't starve users filling buffers */
287 		if (++count >= MAX_SEND_MSG_COUNT) {
288 			cond_resched();
289 			count = 0;
290 		}
291 		spin_lock_bh(&con->outqueue_lock);
292 		list_del(&e->list);
293 		kfree(e);
294 	}
295 	spin_unlock_bh(&con->outqueue_lock);
296 }
297 
tipc_conn_send_work(struct work_struct * work)298 static void tipc_conn_send_work(struct work_struct *work)
299 {
300 	struct tipc_conn *con = container_of(work, struct tipc_conn, swork);
301 
302 	if (connected(con))
303 		tipc_conn_send_to_sock(con);
304 
305 	conn_put(con);
306 }
307 
308 /* tipc_topsrv_queue_evt() - interrupt level call from a subscription instance
309  * The queued work is launched into tipc_conn_send_work()->tipc_conn_send_to_sock()
310  */
tipc_topsrv_queue_evt(struct net * net,int conid,u32 event,struct tipc_event * evt)311 void tipc_topsrv_queue_evt(struct net *net, int conid,
312 			   u32 event, struct tipc_event *evt)
313 {
314 	struct tipc_topsrv *srv = tipc_topsrv(net);
315 	struct outqueue_entry *e;
316 	struct tipc_conn *con;
317 
318 	con = tipc_conn_lookup(srv, conid);
319 	if (!con)
320 		return;
321 
322 	if (!connected(con))
323 		goto err;
324 
325 	e = kmalloc(sizeof(*e), GFP_ATOMIC);
326 	if (!e)
327 		goto err;
328 	e->inactive = (event == TIPC_SUBSCR_TIMEOUT);
329 	memcpy(&e->evt, evt, sizeof(*evt));
330 	spin_lock_bh(&con->outqueue_lock);
331 	list_add_tail(&e->list, &con->outqueue);
332 	spin_unlock_bh(&con->outqueue_lock);
333 
334 	if (queue_work(srv->send_wq, &con->swork))
335 		return;
336 err:
337 	conn_put(con);
338 }
339 
340 /* tipc_conn_write_space - interrupt callback after a sendmsg EAGAIN
341  * Indicates that there now is more space in the send buffer
342  * The queued work is launched into tipc_send_work()->tipc_conn_send_to_sock()
343  */
tipc_conn_write_space(struct sock * sk)344 static void tipc_conn_write_space(struct sock *sk)
345 {
346 	struct tipc_conn *con;
347 
348 	read_lock_bh(&sk->sk_callback_lock);
349 	con = sk->sk_user_data;
350 	if (connected(con)) {
351 		conn_get(con);
352 		if (!queue_work(con->server->send_wq, &con->swork))
353 			conn_put(con);
354 	}
355 	read_unlock_bh(&sk->sk_callback_lock);
356 }
357 
tipc_conn_rcv_sub(struct tipc_topsrv * srv,struct tipc_conn * con,struct tipc_subscr * s)358 static int tipc_conn_rcv_sub(struct tipc_topsrv *srv,
359 			     struct tipc_conn *con,
360 			     struct tipc_subscr *s)
361 {
362 	struct tipc_net *tn = tipc_net(srv->net);
363 	struct tipc_subscription *sub;
364 	u32 s_filter = tipc_sub_read(s, filter);
365 
366 	if (s_filter & TIPC_SUB_CANCEL) {
367 		tipc_sub_write(s, filter, s_filter & ~TIPC_SUB_CANCEL);
368 		tipc_conn_delete_sub(con, s);
369 		return 0;
370 	}
371 	if (atomic_read(&tn->subscription_count) >= TIPC_MAX_SUBSCR) {
372 		pr_warn("Subscription rejected, max (%u)\n", TIPC_MAX_SUBSCR);
373 		return -1;
374 	}
375 	sub = tipc_sub_subscribe(srv->net, s, con->conid);
376 	if (!sub)
377 		return -1;
378 	atomic_inc(&tn->subscription_count);
379 	spin_lock_bh(&con->sub_lock);
380 	list_add(&sub->sub_list, &con->sub_list);
381 	spin_unlock_bh(&con->sub_lock);
382 	return 0;
383 }
384 
tipc_conn_rcv_from_sock(struct tipc_conn * con)385 static int tipc_conn_rcv_from_sock(struct tipc_conn *con)
386 {
387 	struct tipc_topsrv *srv = con->server;
388 	struct sock *sk = con->sock->sk;
389 	struct msghdr msg = {};
390 	struct tipc_subscr s;
391 	struct kvec iov;
392 	int ret;
393 
394 	iov.iov_base = &s;
395 	iov.iov_len = sizeof(s);
396 	msg.msg_name = NULL;
397 	iov_iter_kvec(&msg.msg_iter, READ, &iov, 1, iov.iov_len);
398 	ret = sock_recvmsg(con->sock, &msg, MSG_DONTWAIT);
399 	if (ret == -EWOULDBLOCK)
400 		return -EWOULDBLOCK;
401 	if (ret == sizeof(s)) {
402 		read_lock_bh(&sk->sk_callback_lock);
403 		/* RACE: the connection can be closed in the meantime */
404 		if (likely(connected(con)))
405 			ret = tipc_conn_rcv_sub(srv, con, &s);
406 		read_unlock_bh(&sk->sk_callback_lock);
407 		if (!ret)
408 			return 0;
409 	}
410 
411 	tipc_conn_close(con);
412 	return ret;
413 }
414 
tipc_conn_recv_work(struct work_struct * work)415 static void tipc_conn_recv_work(struct work_struct *work)
416 {
417 	struct tipc_conn *con = container_of(work, struct tipc_conn, rwork);
418 	int count = 0;
419 
420 	while (connected(con)) {
421 		if (tipc_conn_rcv_from_sock(con))
422 			break;
423 
424 		/* Don't flood Rx machine */
425 		if (++count >= MAX_RECV_MSG_COUNT) {
426 			cond_resched();
427 			count = 0;
428 		}
429 	}
430 	conn_put(con);
431 }
432 
433 /* tipc_conn_data_ready - interrupt callback indicating the socket has data
434  * The queued work is launched into tipc_recv_work()->tipc_conn_rcv_from_sock()
435  */
tipc_conn_data_ready(struct sock * sk)436 static void tipc_conn_data_ready(struct sock *sk)
437 {
438 	struct tipc_conn *con;
439 
440 	read_lock_bh(&sk->sk_callback_lock);
441 	con = sk->sk_user_data;
442 	if (connected(con)) {
443 		conn_get(con);
444 		if (!queue_work(con->server->rcv_wq, &con->rwork))
445 			conn_put(con);
446 	}
447 	read_unlock_bh(&sk->sk_callback_lock);
448 }
449 
tipc_topsrv_accept(struct work_struct * work)450 static void tipc_topsrv_accept(struct work_struct *work)
451 {
452 	struct tipc_topsrv *srv = container_of(work, struct tipc_topsrv, awork);
453 	struct socket *lsock = srv->listener;
454 	struct socket *newsock;
455 	struct tipc_conn *con;
456 	struct sock *newsk;
457 	int ret;
458 
459 	while (1) {
460 		ret = kernel_accept(lsock, &newsock, O_NONBLOCK);
461 		if (ret < 0)
462 			return;
463 		con = tipc_conn_alloc(srv);
464 		if (IS_ERR(con)) {
465 			ret = PTR_ERR(con);
466 			sock_release(newsock);
467 			return;
468 		}
469 		/* Register callbacks */
470 		newsk = newsock->sk;
471 		write_lock_bh(&newsk->sk_callback_lock);
472 		newsk->sk_data_ready = tipc_conn_data_ready;
473 		newsk->sk_write_space = tipc_conn_write_space;
474 		newsk->sk_user_data = con;
475 		con->sock = newsock;
476 		write_unlock_bh(&newsk->sk_callback_lock);
477 
478 		/* Wake up receive process in case of 'SYN+' message */
479 		newsk->sk_data_ready(newsk);
480 	}
481 }
482 
483 /* tipc_topsrv_listener_data_ready - interrupt callback with connection request
484  * The queued job is launched into tipc_topsrv_accept()
485  */
tipc_topsrv_listener_data_ready(struct sock * sk)486 static void tipc_topsrv_listener_data_ready(struct sock *sk)
487 {
488 	struct tipc_topsrv *srv;
489 
490 	read_lock_bh(&sk->sk_callback_lock);
491 	srv = sk->sk_user_data;
492 	if (srv->listener)
493 		queue_work(srv->rcv_wq, &srv->awork);
494 	read_unlock_bh(&sk->sk_callback_lock);
495 }
496 
tipc_topsrv_create_listener(struct tipc_topsrv * srv)497 static int tipc_topsrv_create_listener(struct tipc_topsrv *srv)
498 {
499 	struct socket *lsock = NULL;
500 	struct sockaddr_tipc saddr;
501 	struct sock *sk;
502 	int rc;
503 
504 	rc = sock_create_kern(srv->net, AF_TIPC, SOCK_SEQPACKET, 0, &lsock);
505 	if (rc < 0)
506 		return rc;
507 
508 	srv->listener = lsock;
509 	sk = lsock->sk;
510 	write_lock_bh(&sk->sk_callback_lock);
511 	sk->sk_data_ready = tipc_topsrv_listener_data_ready;
512 	sk->sk_user_data = srv;
513 	write_unlock_bh(&sk->sk_callback_lock);
514 
515 	lock_sock(sk);
516 	rc = tsk_set_importance(sk, TIPC_CRITICAL_IMPORTANCE);
517 	release_sock(sk);
518 	if (rc < 0)
519 		goto err;
520 
521 	saddr.family	                = AF_TIPC;
522 	saddr.addrtype		        = TIPC_SERVICE_RANGE;
523 	saddr.addr.nameseq.type	= TIPC_TOP_SRV;
524 	saddr.addr.nameseq.lower	= TIPC_TOP_SRV;
525 	saddr.addr.nameseq.upper	= TIPC_TOP_SRV;
526 	saddr.scope			= TIPC_NODE_SCOPE;
527 
528 	rc = tipc_sk_bind(lsock, (struct sockaddr *)&saddr, sizeof(saddr));
529 	if (rc < 0)
530 		goto err;
531 	rc = kernel_listen(lsock, 0);
532 	if (rc < 0)
533 		goto err;
534 
535 	/* As server's listening socket owner and creator is the same module,
536 	 * we have to decrease TIPC module reference count to guarantee that
537 	 * it remains zero after the server socket is created, otherwise,
538 	 * executing "rmmod" command is unable to make TIPC module deleted
539 	 * after TIPC module is inserted successfully.
540 	 *
541 	 * However, the reference count is ever increased twice in
542 	 * sock_create_kern(): one is to increase the reference count of owner
543 	 * of TIPC socket's proto_ops struct; another is to increment the
544 	 * reference count of owner of TIPC proto struct. Therefore, we must
545 	 * decrement the module reference count twice to ensure that it keeps
546 	 * zero after server's listening socket is created. Of course, we
547 	 * must bump the module reference count twice as well before the socket
548 	 * is closed.
549 	 */
550 	module_put(lsock->ops->owner);
551 	module_put(sk->sk_prot_creator->owner);
552 
553 	return 0;
554 err:
555 	sock_release(lsock);
556 	return -EINVAL;
557 }
558 
tipc_topsrv_kern_subscr(struct net * net,u32 port,u32 type,u32 lower,u32 upper,u32 filter,int * conid)559 bool tipc_topsrv_kern_subscr(struct net *net, u32 port, u32 type, u32 lower,
560 			     u32 upper, u32 filter, int *conid)
561 {
562 	struct tipc_subscr sub;
563 	struct tipc_conn *con;
564 	int rc;
565 
566 	sub.seq.type = type;
567 	sub.seq.lower = lower;
568 	sub.seq.upper = upper;
569 	sub.timeout = TIPC_WAIT_FOREVER;
570 	sub.filter = filter;
571 	*(u32 *)&sub.usr_handle = port;
572 
573 	con = tipc_conn_alloc(tipc_topsrv(net));
574 	if (IS_ERR(con))
575 		return false;
576 
577 	*conid = con->conid;
578 	con->sock = NULL;
579 	rc = tipc_conn_rcv_sub(tipc_topsrv(net), con, &sub);
580 	if (rc >= 0)
581 		return true;
582 	conn_put(con);
583 	return false;
584 }
585 
tipc_topsrv_kern_unsubscr(struct net * net,int conid)586 void tipc_topsrv_kern_unsubscr(struct net *net, int conid)
587 {
588 	struct tipc_conn *con;
589 
590 	con = tipc_conn_lookup(tipc_topsrv(net), conid);
591 	if (!con)
592 		return;
593 
594 	test_and_clear_bit(CF_CONNECTED, &con->flags);
595 	tipc_conn_delete_sub(con, NULL);
596 	conn_put(con);
597 	conn_put(con);
598 }
599 
tipc_topsrv_kern_evt(struct net * net,struct tipc_event * evt)600 static void tipc_topsrv_kern_evt(struct net *net, struct tipc_event *evt)
601 {
602 	u32 port = *(u32 *)&evt->s.usr_handle;
603 	u32 self = tipc_own_addr(net);
604 	struct sk_buff_head evtq;
605 	struct sk_buff *skb;
606 
607 	skb = tipc_msg_create(TOP_SRV, 0, INT_H_SIZE, sizeof(*evt),
608 			      self, self, port, port, 0);
609 	if (!skb)
610 		return;
611 	msg_set_dest_droppable(buf_msg(skb), true);
612 	memcpy(msg_data(buf_msg(skb)), evt, sizeof(*evt));
613 	skb_queue_head_init(&evtq);
614 	__skb_queue_tail(&evtq, skb);
615 	tipc_loopback_trace(net, &evtq);
616 	tipc_sk_rcv(net, &evtq);
617 }
618 
tipc_topsrv_work_start(struct tipc_topsrv * s)619 static int tipc_topsrv_work_start(struct tipc_topsrv *s)
620 {
621 	s->rcv_wq = alloc_ordered_workqueue("tipc_rcv", 0);
622 	if (!s->rcv_wq) {
623 		pr_err("can't start tipc receive workqueue\n");
624 		return -ENOMEM;
625 	}
626 
627 	s->send_wq = alloc_ordered_workqueue("tipc_send", 0);
628 	if (!s->send_wq) {
629 		pr_err("can't start tipc send workqueue\n");
630 		destroy_workqueue(s->rcv_wq);
631 		return -ENOMEM;
632 	}
633 
634 	return 0;
635 }
636 
tipc_topsrv_work_stop(struct tipc_topsrv * s)637 static void tipc_topsrv_work_stop(struct tipc_topsrv *s)
638 {
639 	destroy_workqueue(s->rcv_wq);
640 	destroy_workqueue(s->send_wq);
641 }
642 
tipc_topsrv_start(struct net * net)643 static int tipc_topsrv_start(struct net *net)
644 {
645 	struct tipc_net *tn = tipc_net(net);
646 	const char name[] = "topology_server";
647 	struct tipc_topsrv *srv;
648 	int ret;
649 
650 	srv = kzalloc(sizeof(*srv), GFP_ATOMIC);
651 	if (!srv)
652 		return -ENOMEM;
653 
654 	srv->net = net;
655 	INIT_WORK(&srv->awork, tipc_topsrv_accept);
656 
657 	strscpy(srv->name, name, sizeof(srv->name));
658 	tn->topsrv = srv;
659 	atomic_set(&tn->subscription_count, 0);
660 
661 	spin_lock_init(&srv->idr_lock);
662 	idr_init(&srv->conn_idr);
663 	srv->idr_in_use = 0;
664 
665 	ret = tipc_topsrv_work_start(srv);
666 	if (ret < 0)
667 		goto err_start;
668 
669 	ret = tipc_topsrv_create_listener(srv);
670 	if (ret < 0)
671 		goto err_create;
672 
673 	return 0;
674 
675 err_create:
676 	tipc_topsrv_work_stop(srv);
677 err_start:
678 	kfree(srv);
679 	return ret;
680 }
681 
tipc_topsrv_stop(struct net * net)682 static void tipc_topsrv_stop(struct net *net)
683 {
684 	struct tipc_topsrv *srv = tipc_topsrv(net);
685 	struct socket *lsock = srv->listener;
686 	struct tipc_conn *con;
687 	int id;
688 
689 	spin_lock_bh(&srv->idr_lock);
690 	for (id = 0; srv->idr_in_use; id++) {
691 		con = idr_find(&srv->conn_idr, id);
692 		if (con) {
693 			spin_unlock_bh(&srv->idr_lock);
694 			tipc_conn_close(con);
695 			spin_lock_bh(&srv->idr_lock);
696 		}
697 	}
698 	__module_get(lsock->ops->owner);
699 	__module_get(lsock->sk->sk_prot_creator->owner);
700 	srv->listener = NULL;
701 	spin_unlock_bh(&srv->idr_lock);
702 	sock_release(lsock);
703 	tipc_topsrv_work_stop(srv);
704 	idr_destroy(&srv->conn_idr);
705 	kfree(srv);
706 }
707 
tipc_topsrv_init_net(struct net * net)708 int __net_init tipc_topsrv_init_net(struct net *net)
709 {
710 	return tipc_topsrv_start(net);
711 }
712 
tipc_topsrv_exit_net(struct net * net)713 void __net_exit tipc_topsrv_exit_net(struct net *net)
714 {
715 	tipc_topsrv_stop(net);
716 }
717