mirror of
https://github.com/torvalds/linux.git
synced 2024-11-28 23:21:31 +00:00
4722974d90
Implement AuriStor's service upgrade facility. There are three problems
that this is meant to deal with:
(1) Various of the standard AFS RPC calls have IPv4 addresses in their
requests and/or replies - but there's no room for including IPv6
addresses.
(2) Definition of IPv6-specific RPC operations in the standard operation
sets has not yet been achieved.
(3) One could envision the creation a new service on the same port that as
the original service. The new service could implement improved
operations - and the client could try this first, falling back to the
original service if it's not there.
Unfortunately, certain servers ignore packets addressed to a service
they don't implement and don't respond in any way - not even with an
ABORT. This means that the client must then wait for the call timeout
to occur.
What service upgrade does is to see if the connection is marked as being
'upgradeable' and if so, change the service ID in the server and thus the
request and reply formats. Note that the upgrade isn't mandatory - a
server that supports only the original call set will ignore the upgrade
request.
In the protocol, the procedure is then as follows:
(1) To request an upgrade, the first DATA packet in a new connection must
have the userStatus set to 1 (this is normally 0). The userStatus
value is normally ignored by the server.
(2) If the server doesn't support upgrading, the reply packets will
contain the same service ID as for the first request packet.
(3) If the server does support upgrading, all future reply packets on that
connection will contain the new service ID and the new service ID will
be applied to *all* further calls on that connection as well.
(4) The RPC op used to probe the upgrade must take the same request data
as the shadow call in the upgrade set (but may return a different
reply). GetCapability RPC ops were added to all standard sets for
just this purpose. Ops where the request formats differ cannot be
used for probing.
(5) The client must wait for completion of the probe before sending any
further RPC ops to the same destination. It should then use the
service ID that recvmsg() reported back in all future calls.
(6) The shadow service must have call definitions for all the operation
IDs defined by the original service.
To support service upgrading, a server should:
(1) Call bind() twice on its AF_RXRPC socket before calling listen().
Each bind() should supply a different service ID, but the transport
addresses must be the same. This allows the server to receive
requests with either service ID.
(2) Enable automatic upgrading by calling setsockopt(), specifying
RXRPC_UPGRADEABLE_SERVICE and passing in a two-member array of
unsigned shorts as the argument:
unsigned short optval[2];
This specifies a pair of service IDs. They must be different and must
match the service IDs bound to the socket. Member 0 is the service ID
to upgrade from and member 1 is the service ID to upgrade to.
Signed-off-by: David Howells <dhowells@redhat.com>
199 lines
5.9 KiB
C
199 lines
5.9 KiB
C
/* Service connection management
|
|
*
|
|
* Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public Licence
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the Licence, or (at your option) any later version.
|
|
*/
|
|
|
|
#include <linux/slab.h>
|
|
#include "ar-internal.h"
|
|
|
|
/*
|
|
* Find a service connection under RCU conditions.
|
|
*
|
|
* We could use a hash table, but that is subject to bucket stuffing by an
|
|
* attacker as the client gets to pick the epoch and cid values and would know
|
|
* the hash function. So, instead, we use a hash table for the peer and from
|
|
* that an rbtree to find the service connection. Under ordinary circumstances
|
|
* it might be slower than a large hash table, but it is at least limited in
|
|
* depth.
|
|
*/
|
|
struct rxrpc_connection *rxrpc_find_service_conn_rcu(struct rxrpc_peer *peer,
|
|
struct sk_buff *skb)
|
|
{
|
|
struct rxrpc_connection *conn = NULL;
|
|
struct rxrpc_conn_proto k;
|
|
struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
|
|
struct rb_node *p;
|
|
unsigned int seq = 0;
|
|
|
|
k.epoch = sp->hdr.epoch;
|
|
k.cid = sp->hdr.cid & RXRPC_CIDMASK;
|
|
|
|
do {
|
|
/* Unfortunately, rbtree walking doesn't give reliable results
|
|
* under just the RCU read lock, so we have to check for
|
|
* changes.
|
|
*/
|
|
read_seqbegin_or_lock(&peer->service_conn_lock, &seq);
|
|
|
|
p = rcu_dereference_raw(peer->service_conns.rb_node);
|
|
while (p) {
|
|
conn = rb_entry(p, struct rxrpc_connection, service_node);
|
|
|
|
if (conn->proto.index_key < k.index_key)
|
|
p = rcu_dereference_raw(p->rb_left);
|
|
else if (conn->proto.index_key > k.index_key)
|
|
p = rcu_dereference_raw(p->rb_right);
|
|
else
|
|
goto done;
|
|
conn = NULL;
|
|
}
|
|
} while (need_seqretry(&peer->service_conn_lock, seq));
|
|
|
|
done:
|
|
done_seqretry(&peer->service_conn_lock, seq);
|
|
_leave(" = %d", conn ? conn->debug_id : -1);
|
|
return conn;
|
|
}
|
|
|
|
/*
|
|
* Insert a service connection into a peer's tree, thereby making it a target
|
|
* for incoming packets.
|
|
*/
|
|
static void rxrpc_publish_service_conn(struct rxrpc_peer *peer,
|
|
struct rxrpc_connection *conn)
|
|
{
|
|
struct rxrpc_connection *cursor = NULL;
|
|
struct rxrpc_conn_proto k = conn->proto;
|
|
struct rb_node **pp, *parent;
|
|
|
|
write_seqlock_bh(&peer->service_conn_lock);
|
|
|
|
pp = &peer->service_conns.rb_node;
|
|
parent = NULL;
|
|
while (*pp) {
|
|
parent = *pp;
|
|
cursor = rb_entry(parent,
|
|
struct rxrpc_connection, service_node);
|
|
|
|
if (cursor->proto.index_key < k.index_key)
|
|
pp = &(*pp)->rb_left;
|
|
else if (cursor->proto.index_key > k.index_key)
|
|
pp = &(*pp)->rb_right;
|
|
else
|
|
goto found_extant_conn;
|
|
}
|
|
|
|
rb_link_node_rcu(&conn->service_node, parent, pp);
|
|
rb_insert_color(&conn->service_node, &peer->service_conns);
|
|
conn_published:
|
|
set_bit(RXRPC_CONN_IN_SERVICE_CONNS, &conn->flags);
|
|
write_sequnlock_bh(&peer->service_conn_lock);
|
|
_leave(" = %d [new]", conn->debug_id);
|
|
return;
|
|
|
|
found_extant_conn:
|
|
if (atomic_read(&cursor->usage) == 0)
|
|
goto replace_old_connection;
|
|
write_sequnlock_bh(&peer->service_conn_lock);
|
|
/* We should not be able to get here. rxrpc_incoming_connection() is
|
|
* called in a non-reentrant context, so there can't be a race to
|
|
* insert a new connection.
|
|
*/
|
|
BUG();
|
|
|
|
replace_old_connection:
|
|
/* The old connection is from an outdated epoch. */
|
|
_debug("replace conn");
|
|
rb_replace_node_rcu(&cursor->service_node,
|
|
&conn->service_node,
|
|
&peer->service_conns);
|
|
clear_bit(RXRPC_CONN_IN_SERVICE_CONNS, &cursor->flags);
|
|
goto conn_published;
|
|
}
|
|
|
|
/*
|
|
* Preallocate a service connection. The connection is placed on the proc and
|
|
* reap lists so that we don't have to get the lock from BH context.
|
|
*/
|
|
struct rxrpc_connection *rxrpc_prealloc_service_connection(struct rxrpc_net *rxnet,
|
|
gfp_t gfp)
|
|
{
|
|
struct rxrpc_connection *conn = rxrpc_alloc_connection(gfp);
|
|
|
|
if (conn) {
|
|
/* We maintain an extra ref on the connection whilst it is on
|
|
* the rxrpc_connections list.
|
|
*/
|
|
conn->state = RXRPC_CONN_SERVICE_PREALLOC;
|
|
atomic_set(&conn->usage, 2);
|
|
|
|
write_lock(&rxnet->conn_lock);
|
|
list_add_tail(&conn->link, &rxnet->service_conns);
|
|
list_add_tail(&conn->proc_link, &rxnet->conn_proc_list);
|
|
write_unlock(&rxnet->conn_lock);
|
|
|
|
trace_rxrpc_conn(conn, rxrpc_conn_new_service,
|
|
atomic_read(&conn->usage),
|
|
__builtin_return_address(0));
|
|
}
|
|
|
|
return conn;
|
|
}
|
|
|
|
/*
|
|
* Set up an incoming connection. This is called in BH context with the RCU
|
|
* read lock held.
|
|
*/
|
|
void rxrpc_new_incoming_connection(struct rxrpc_sock *rx,
|
|
struct rxrpc_connection *conn,
|
|
struct sk_buff *skb)
|
|
{
|
|
struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
|
|
|
|
_enter("");
|
|
|
|
conn->proto.epoch = sp->hdr.epoch;
|
|
conn->proto.cid = sp->hdr.cid & RXRPC_CIDMASK;
|
|
conn->params.service_id = sp->hdr.serviceId;
|
|
conn->service_id = sp->hdr.serviceId;
|
|
conn->security_ix = sp->hdr.securityIndex;
|
|
conn->out_clientflag = 0;
|
|
if (conn->security_ix)
|
|
conn->state = RXRPC_CONN_SERVICE_UNSECURED;
|
|
else
|
|
conn->state = RXRPC_CONN_SERVICE;
|
|
|
|
/* See if we should upgrade the service. This can only happen on the
|
|
* first packet on a new connection. Once done, it applies to all
|
|
* subsequent calls on that connection.
|
|
*/
|
|
if (sp->hdr.userStatus == RXRPC_USERSTATUS_SERVICE_UPGRADE &&
|
|
conn->service_id == rx->service_upgrade.from)
|
|
conn->service_id = rx->service_upgrade.to;
|
|
|
|
/* Make the connection a target for incoming packets. */
|
|
rxrpc_publish_service_conn(conn->params.peer, conn);
|
|
|
|
_net("CONNECTION new %d {%x}", conn->debug_id, conn->proto.cid);
|
|
}
|
|
|
|
/*
|
|
* Remove the service connection from the peer's tree, thereby removing it as a
|
|
* target for incoming packets.
|
|
*/
|
|
void rxrpc_unpublish_service_conn(struct rxrpc_connection *conn)
|
|
{
|
|
struct rxrpc_peer *peer = conn->params.peer;
|
|
|
|
write_seqlock_bh(&peer->service_conn_lock);
|
|
if (test_and_clear_bit(RXRPC_CONN_IN_SERVICE_CONNS, &conn->flags))
|
|
rb_erase(&conn->service_node, &peer->service_conns);
|
|
write_sequnlock_bh(&peer->service_conn_lock);
|
|
}
|