um: let signal_delivered() do SIGTRAP on singlestepping into handler
[platform/adaptation/renesas_rcar/renesas_kernel.git] / net / rxrpc / ar-connection.c
1 /* RxRPC virtual connection handler
2  *
3  * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  */
11
12 #include <linux/module.h>
13 #include <linux/slab.h>
14 #include <linux/net.h>
15 #include <linux/skbuff.h>
16 #include <linux/crypto.h>
17 #include <net/sock.h>
18 #include <net/af_rxrpc.h>
19 #include "ar-internal.h"
20
21 static void rxrpc_connection_reaper(struct work_struct *work);
22
23 LIST_HEAD(rxrpc_connections);
24 DEFINE_RWLOCK(rxrpc_connection_lock);
25 static unsigned long rxrpc_connection_timeout = 10 * 60;
26 static DECLARE_DELAYED_WORK(rxrpc_connection_reap, rxrpc_connection_reaper);
27
28 /*
29  * allocate a new client connection bundle
30  */
31 static struct rxrpc_conn_bundle *rxrpc_alloc_bundle(gfp_t gfp)
32 {
33         struct rxrpc_conn_bundle *bundle;
34
35         _enter("");
36
37         bundle = kzalloc(sizeof(struct rxrpc_conn_bundle), gfp);
38         if (bundle) {
39                 INIT_LIST_HEAD(&bundle->unused_conns);
40                 INIT_LIST_HEAD(&bundle->avail_conns);
41                 INIT_LIST_HEAD(&bundle->busy_conns);
42                 init_waitqueue_head(&bundle->chanwait);
43                 atomic_set(&bundle->usage, 1);
44         }
45
46         _leave(" = %p", bundle);
47         return bundle;
48 }
49
50 /*
51  * compare bundle parameters with what we're looking for
52  * - return -ve, 0 or +ve
53  */
54 static inline
55 int rxrpc_cmp_bundle(const struct rxrpc_conn_bundle *bundle,
56                      struct key *key, __be16 service_id)
57 {
58         return (bundle->service_id - service_id) ?:
59                 ((unsigned long) bundle->key - (unsigned long) key);
60 }
61
62 /*
63  * get bundle of client connections that a client socket can make use of
64  */
65 struct rxrpc_conn_bundle *rxrpc_get_bundle(struct rxrpc_sock *rx,
66                                            struct rxrpc_transport *trans,
67                                            struct key *key,
68                                            __be16 service_id,
69                                            gfp_t gfp)
70 {
71         struct rxrpc_conn_bundle *bundle, *candidate;
72         struct rb_node *p, *parent, **pp;
73
74         _enter("%p{%x},%x,%hx,",
75                rx, key_serial(key), trans->debug_id, ntohs(service_id));
76
77         if (rx->trans == trans && rx->bundle) {
78                 atomic_inc(&rx->bundle->usage);
79                 return rx->bundle;
80         }
81
82         /* search the extant bundles first for one that matches the specified
83          * user ID */
84         spin_lock(&trans->client_lock);
85
86         p = trans->bundles.rb_node;
87         while (p) {
88                 bundle = rb_entry(p, struct rxrpc_conn_bundle, node);
89
90                 if (rxrpc_cmp_bundle(bundle, key, service_id) < 0)
91                         p = p->rb_left;
92                 else if (rxrpc_cmp_bundle(bundle, key, service_id) > 0)
93                         p = p->rb_right;
94                 else
95                         goto found_extant_bundle;
96         }
97
98         spin_unlock(&trans->client_lock);
99
100         /* not yet present - create a candidate for a new record and then
101          * redo the search */
102         candidate = rxrpc_alloc_bundle(gfp);
103         if (!candidate) {
104                 _leave(" = -ENOMEM");
105                 return ERR_PTR(-ENOMEM);
106         }
107
108         candidate->key = key_get(key);
109         candidate->service_id = service_id;
110
111         spin_lock(&trans->client_lock);
112
113         pp = &trans->bundles.rb_node;
114         parent = NULL;
115         while (*pp) {
116                 parent = *pp;
117                 bundle = rb_entry(parent, struct rxrpc_conn_bundle, node);
118
119                 if (rxrpc_cmp_bundle(bundle, key, service_id) < 0)
120                         pp = &(*pp)->rb_left;
121                 else if (rxrpc_cmp_bundle(bundle, key, service_id) > 0)
122                         pp = &(*pp)->rb_right;
123                 else
124                         goto found_extant_second;
125         }
126
127         /* second search also failed; add the new bundle */
128         bundle = candidate;
129         candidate = NULL;
130
131         rb_link_node(&bundle->node, parent, pp);
132         rb_insert_color(&bundle->node, &trans->bundles);
133         spin_unlock(&trans->client_lock);
134         _net("BUNDLE new on trans %d", trans->debug_id);
135         if (!rx->bundle && rx->sk.sk_state == RXRPC_CLIENT_CONNECTED) {
136                 atomic_inc(&bundle->usage);
137                 rx->bundle = bundle;
138         }
139         _leave(" = %p [new]", bundle);
140         return bundle;
141
142         /* we found the bundle in the list immediately */
143 found_extant_bundle:
144         atomic_inc(&bundle->usage);
145         spin_unlock(&trans->client_lock);
146         _net("BUNDLE old on trans %d", trans->debug_id);
147         if (!rx->bundle && rx->sk.sk_state == RXRPC_CLIENT_CONNECTED) {
148                 atomic_inc(&bundle->usage);
149                 rx->bundle = bundle;
150         }
151         _leave(" = %p [extant %d]", bundle, atomic_read(&bundle->usage));
152         return bundle;
153
154         /* we found the bundle on the second time through the list */
155 found_extant_second:
156         atomic_inc(&bundle->usage);
157         spin_unlock(&trans->client_lock);
158         kfree(candidate);
159         _net("BUNDLE old2 on trans %d", trans->debug_id);
160         if (!rx->bundle && rx->sk.sk_state == RXRPC_CLIENT_CONNECTED) {
161                 atomic_inc(&bundle->usage);
162                 rx->bundle = bundle;
163         }
164         _leave(" = %p [second %d]", bundle, atomic_read(&bundle->usage));
165         return bundle;
166 }
167
168 /*
169  * release a bundle
170  */
171 void rxrpc_put_bundle(struct rxrpc_transport *trans,
172                       struct rxrpc_conn_bundle *bundle)
173 {
174         _enter("%p,%p{%d}",trans, bundle, atomic_read(&bundle->usage));
175
176         if (atomic_dec_and_lock(&bundle->usage, &trans->client_lock)) {
177                 _debug("Destroy bundle");
178                 rb_erase(&bundle->node, &trans->bundles);
179                 spin_unlock(&trans->client_lock);
180                 ASSERT(list_empty(&bundle->unused_conns));
181                 ASSERT(list_empty(&bundle->avail_conns));
182                 ASSERT(list_empty(&bundle->busy_conns));
183                 ASSERTCMP(bundle->num_conns, ==, 0);
184                 key_put(bundle->key);
185                 kfree(bundle);
186         }
187
188         _leave("");
189 }
190
191 /*
192  * allocate a new connection
193  */
194 static struct rxrpc_connection *rxrpc_alloc_connection(gfp_t gfp)
195 {
196         struct rxrpc_connection *conn;
197
198         _enter("");
199
200         conn = kzalloc(sizeof(struct rxrpc_connection), gfp);
201         if (conn) {
202                 INIT_WORK(&conn->processor, &rxrpc_process_connection);
203                 INIT_LIST_HEAD(&conn->bundle_link);
204                 conn->calls = RB_ROOT;
205                 skb_queue_head_init(&conn->rx_queue);
206                 rwlock_init(&conn->lock);
207                 spin_lock_init(&conn->state_lock);
208                 atomic_set(&conn->usage, 1);
209                 conn->debug_id = atomic_inc_return(&rxrpc_debug_id);
210                 conn->avail_calls = RXRPC_MAXCALLS;
211                 conn->size_align = 4;
212                 conn->header_size = sizeof(struct rxrpc_header);
213         }
214
215         _leave(" = %p{%d}", conn, conn ? conn->debug_id : 0);
216         return conn;
217 }
218
219 /*
220  * assign a connection ID to a connection and add it to the transport's
221  * connection lookup tree
222  * - called with transport client lock held
223  */
224 static void rxrpc_assign_connection_id(struct rxrpc_connection *conn)
225 {
226         struct rxrpc_connection *xconn;
227         struct rb_node *parent, **p;
228         __be32 epoch;
229         u32 real_conn_id;
230
231         _enter("");
232
233         epoch = conn->epoch;
234
235         write_lock_bh(&conn->trans->conn_lock);
236
237         conn->trans->conn_idcounter += RXRPC_CID_INC;
238         if (conn->trans->conn_idcounter < RXRPC_CID_INC)
239                 conn->trans->conn_idcounter = RXRPC_CID_INC;
240         real_conn_id = conn->trans->conn_idcounter;
241
242 attempt_insertion:
243         parent = NULL;
244         p = &conn->trans->client_conns.rb_node;
245
246         while (*p) {
247                 parent = *p;
248                 xconn = rb_entry(parent, struct rxrpc_connection, node);
249
250                 if (epoch < xconn->epoch)
251                         p = &(*p)->rb_left;
252                 else if (epoch > xconn->epoch)
253                         p = &(*p)->rb_right;
254                 else if (real_conn_id < xconn->real_conn_id)
255                         p = &(*p)->rb_left;
256                 else if (real_conn_id > xconn->real_conn_id)
257                         p = &(*p)->rb_right;
258                 else
259                         goto id_exists;
260         }
261
262         /* we've found a suitable hole - arrange for this connection to occupy
263          * it */
264         rb_link_node(&conn->node, parent, p);
265         rb_insert_color(&conn->node, &conn->trans->client_conns);
266
267         conn->real_conn_id = real_conn_id;
268         conn->cid = htonl(real_conn_id);
269         write_unlock_bh(&conn->trans->conn_lock);
270         _leave(" [CONNID %x CID %x]", real_conn_id, ntohl(conn->cid));
271         return;
272
273         /* we found a connection with the proposed ID - walk the tree from that
274          * point looking for the next unused ID */
275 id_exists:
276         for (;;) {
277                 real_conn_id += RXRPC_CID_INC;
278                 if (real_conn_id < RXRPC_CID_INC) {
279                         real_conn_id = RXRPC_CID_INC;
280                         conn->trans->conn_idcounter = real_conn_id;
281                         goto attempt_insertion;
282                 }
283
284                 parent = rb_next(parent);
285                 if (!parent)
286                         goto attempt_insertion;
287
288                 xconn = rb_entry(parent, struct rxrpc_connection, node);
289                 if (epoch < xconn->epoch ||
290                     real_conn_id < xconn->real_conn_id)
291                         goto attempt_insertion;
292         }
293 }
294
295 /*
296  * add a call to a connection's call-by-ID tree
297  */
298 static void rxrpc_add_call_ID_to_conn(struct rxrpc_connection *conn,
299                                       struct rxrpc_call *call)
300 {
301         struct rxrpc_call *xcall;
302         struct rb_node *parent, **p;
303         __be32 call_id;
304
305         write_lock_bh(&conn->lock);
306
307         call_id = call->call_id;
308         p = &conn->calls.rb_node;
309         parent = NULL;
310         while (*p) {
311                 parent = *p;
312                 xcall = rb_entry(parent, struct rxrpc_call, conn_node);
313
314                 if (call_id < xcall->call_id)
315                         p = &(*p)->rb_left;
316                 else if (call_id > xcall->call_id)
317                         p = &(*p)->rb_right;
318                 else
319                         BUG();
320         }
321
322         rb_link_node(&call->conn_node, parent, p);
323         rb_insert_color(&call->conn_node, &conn->calls);
324
325         write_unlock_bh(&conn->lock);
326 }
327
328 /*
329  * connect a call on an exclusive connection
330  */
331 static int rxrpc_connect_exclusive(struct rxrpc_sock *rx,
332                                    struct rxrpc_transport *trans,
333                                    __be16 service_id,
334                                    struct rxrpc_call *call,
335                                    gfp_t gfp)
336 {
337         struct rxrpc_connection *conn;
338         int chan, ret;
339
340         _enter("");
341
342         conn = rx->conn;
343         if (!conn) {
344                 /* not yet present - create a candidate for a new connection
345                  * and then redo the check */
346                 conn = rxrpc_alloc_connection(gfp);
347                 if (!conn) {
348                         _leave(" = -ENOMEM");
349                         return -ENOMEM;
350                 }
351
352                 conn->trans = trans;
353                 conn->bundle = NULL;
354                 conn->service_id = service_id;
355                 conn->epoch = rxrpc_epoch;
356                 conn->in_clientflag = 0;
357                 conn->out_clientflag = RXRPC_CLIENT_INITIATED;
358                 conn->cid = 0;
359                 conn->state = RXRPC_CONN_CLIENT;
360                 conn->avail_calls = RXRPC_MAXCALLS - 1;
361                 conn->security_level = rx->min_sec_level;
362                 conn->key = key_get(rx->key);
363
364                 ret = rxrpc_init_client_conn_security(conn);
365                 if (ret < 0) {
366                         key_put(conn->key);
367                         kfree(conn);
368                         _leave(" = %d [key]", ret);
369                         return ret;
370                 }
371
372                 write_lock_bh(&rxrpc_connection_lock);
373                 list_add_tail(&conn->link, &rxrpc_connections);
374                 write_unlock_bh(&rxrpc_connection_lock);
375
376                 spin_lock(&trans->client_lock);
377                 atomic_inc(&trans->usage);
378
379                 _net("CONNECT EXCL new %d on TRANS %d",
380                      conn->debug_id, conn->trans->debug_id);
381
382                 rxrpc_assign_connection_id(conn);
383                 rx->conn = conn;
384         }
385
386         /* we've got a connection with a free channel and we can now attach the
387          * call to it
388          * - we're holding the transport's client lock
389          * - we're holding a reference on the connection
390          */
391         for (chan = 0; chan < RXRPC_MAXCALLS; chan++)
392                 if (!conn->channels[chan])
393                         goto found_channel;
394         goto no_free_channels;
395
396 found_channel:
397         atomic_inc(&conn->usage);
398         conn->channels[chan] = call;
399         call->conn = conn;
400         call->channel = chan;
401         call->cid = conn->cid | htonl(chan);
402         call->call_id = htonl(++conn->call_counter);
403
404         _net("CONNECT client on conn %d chan %d as call %x",
405              conn->debug_id, chan, ntohl(call->call_id));
406
407         spin_unlock(&trans->client_lock);
408
409         rxrpc_add_call_ID_to_conn(conn, call);
410         _leave(" = 0");
411         return 0;
412
413 no_free_channels:
414         spin_unlock(&trans->client_lock);
415         _leave(" = -ENOSR");
416         return -ENOSR;
417 }
418
419 /*
420  * find a connection for a call
421  * - called in process context with IRQs enabled
422  */
423 int rxrpc_connect_call(struct rxrpc_sock *rx,
424                        struct rxrpc_transport *trans,
425                        struct rxrpc_conn_bundle *bundle,
426                        struct rxrpc_call *call,
427                        gfp_t gfp)
428 {
429         struct rxrpc_connection *conn, *candidate;
430         int chan, ret;
431
432         DECLARE_WAITQUEUE(myself, current);
433
434         _enter("%p,%lx,", rx, call->user_call_ID);
435
436         if (test_bit(RXRPC_SOCK_EXCLUSIVE_CONN, &rx->flags))
437                 return rxrpc_connect_exclusive(rx, trans, bundle->service_id,
438                                                call, gfp);
439
440         spin_lock(&trans->client_lock);
441         for (;;) {
442                 /* see if the bundle has a call slot available */
443                 if (!list_empty(&bundle->avail_conns)) {
444                         _debug("avail");
445                         conn = list_entry(bundle->avail_conns.next,
446                                           struct rxrpc_connection,
447                                           bundle_link);
448                         if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
449                                 list_del_init(&conn->bundle_link);
450                                 bundle->num_conns--;
451                                 continue;
452                         }
453                         if (--conn->avail_calls == 0)
454                                 list_move(&conn->bundle_link,
455                                           &bundle->busy_conns);
456                         ASSERTCMP(conn->avail_calls, <, RXRPC_MAXCALLS);
457                         ASSERT(conn->channels[0] == NULL ||
458                                conn->channels[1] == NULL ||
459                                conn->channels[2] == NULL ||
460                                conn->channels[3] == NULL);
461                         atomic_inc(&conn->usage);
462                         break;
463                 }
464
465                 if (!list_empty(&bundle->unused_conns)) {
466                         _debug("unused");
467                         conn = list_entry(bundle->unused_conns.next,
468                                           struct rxrpc_connection,
469                                           bundle_link);
470                         if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
471                                 list_del_init(&conn->bundle_link);
472                                 bundle->num_conns--;
473                                 continue;
474                         }
475                         ASSERTCMP(conn->avail_calls, ==, RXRPC_MAXCALLS);
476                         conn->avail_calls = RXRPC_MAXCALLS - 1;
477                         ASSERT(conn->channels[0] == NULL &&
478                                conn->channels[1] == NULL &&
479                                conn->channels[2] == NULL &&
480                                conn->channels[3] == NULL);
481                         atomic_inc(&conn->usage);
482                         list_move(&conn->bundle_link, &bundle->avail_conns);
483                         break;
484                 }
485
486                 /* need to allocate a new connection */
487                 _debug("get new conn [%d]", bundle->num_conns);
488
489                 spin_unlock(&trans->client_lock);
490
491                 if (signal_pending(current))
492                         goto interrupted;
493
494                 if (bundle->num_conns >= 20) {
495                         _debug("too many conns");
496
497                         if (!(gfp & __GFP_WAIT)) {
498                                 _leave(" = -EAGAIN");
499                                 return -EAGAIN;
500                         }
501
502                         add_wait_queue(&bundle->chanwait, &myself);
503                         for (;;) {
504                                 set_current_state(TASK_INTERRUPTIBLE);
505                                 if (bundle->num_conns < 20 ||
506                                     !list_empty(&bundle->unused_conns) ||
507                                     !list_empty(&bundle->avail_conns))
508                                         break;
509                                 if (signal_pending(current))
510                                         goto interrupted_dequeue;
511                                 schedule();
512                         }
513                         remove_wait_queue(&bundle->chanwait, &myself);
514                         __set_current_state(TASK_RUNNING);
515                         spin_lock(&trans->client_lock);
516                         continue;
517                 }
518
519                 /* not yet present - create a candidate for a new connection and then
520                  * redo the check */
521                 candidate = rxrpc_alloc_connection(gfp);
522                 if (!candidate) {
523                         _leave(" = -ENOMEM");
524                         return -ENOMEM;
525                 }
526
527                 candidate->trans = trans;
528                 candidate->bundle = bundle;
529                 candidate->service_id = bundle->service_id;
530                 candidate->epoch = rxrpc_epoch;
531                 candidate->in_clientflag = 0;
532                 candidate->out_clientflag = RXRPC_CLIENT_INITIATED;
533                 candidate->cid = 0;
534                 candidate->state = RXRPC_CONN_CLIENT;
535                 candidate->avail_calls = RXRPC_MAXCALLS;
536                 candidate->security_level = rx->min_sec_level;
537                 candidate->key = key_get(bundle->key);
538
539                 ret = rxrpc_init_client_conn_security(candidate);
540                 if (ret < 0) {
541                         key_put(candidate->key);
542                         kfree(candidate);
543                         _leave(" = %d [key]", ret);
544                         return ret;
545                 }
546
547                 write_lock_bh(&rxrpc_connection_lock);
548                 list_add_tail(&candidate->link, &rxrpc_connections);
549                 write_unlock_bh(&rxrpc_connection_lock);
550
551                 spin_lock(&trans->client_lock);
552
553                 list_add(&candidate->bundle_link, &bundle->unused_conns);
554                 bundle->num_conns++;
555                 atomic_inc(&bundle->usage);
556                 atomic_inc(&trans->usage);
557
558                 _net("CONNECT new %d on TRANS %d",
559                      candidate->debug_id, candidate->trans->debug_id);
560
561                 rxrpc_assign_connection_id(candidate);
562                 if (candidate->security)
563                         candidate->security->prime_packet_security(candidate);
564
565                 /* leave the candidate lurking in zombie mode attached to the
566                  * bundle until we're ready for it */
567                 rxrpc_put_connection(candidate);
568                 candidate = NULL;
569         }
570
571         /* we've got a connection with a free channel and we can now attach the
572          * call to it
573          * - we're holding the transport's client lock
574          * - we're holding a reference on the connection
575          * - we're holding a reference on the bundle
576          */
577         for (chan = 0; chan < RXRPC_MAXCALLS; chan++)
578                 if (!conn->channels[chan])
579                         goto found_channel;
580         ASSERT(conn->channels[0] == NULL ||
581                conn->channels[1] == NULL ||
582                conn->channels[2] == NULL ||
583                conn->channels[3] == NULL);
584         BUG();
585
586 found_channel:
587         conn->channels[chan] = call;
588         call->conn = conn;
589         call->channel = chan;
590         call->cid = conn->cid | htonl(chan);
591         call->call_id = htonl(++conn->call_counter);
592
593         _net("CONNECT client on conn %d chan %d as call %x",
594              conn->debug_id, chan, ntohl(call->call_id));
595
596         ASSERTCMP(conn->avail_calls, <, RXRPC_MAXCALLS);
597         spin_unlock(&trans->client_lock);
598
599         rxrpc_add_call_ID_to_conn(conn, call);
600
601         _leave(" = 0");
602         return 0;
603
604 interrupted_dequeue:
605         remove_wait_queue(&bundle->chanwait, &myself);
606         __set_current_state(TASK_RUNNING);
607 interrupted:
608         _leave(" = -ERESTARTSYS");
609         return -ERESTARTSYS;
610 }
611
612 /*
613  * get a record of an incoming connection
614  */
615 struct rxrpc_connection *
616 rxrpc_incoming_connection(struct rxrpc_transport *trans,
617                           struct rxrpc_header *hdr,
618                           gfp_t gfp)
619 {
620         struct rxrpc_connection *conn, *candidate = NULL;
621         struct rb_node *p, **pp;
622         const char *new = "old";
623         __be32 epoch;
624         u32 conn_id;
625
626         _enter("");
627
628         ASSERT(hdr->flags & RXRPC_CLIENT_INITIATED);
629
630         epoch = hdr->epoch;
631         conn_id = ntohl(hdr->cid) & RXRPC_CIDMASK;
632
633         /* search the connection list first */
634         read_lock_bh(&trans->conn_lock);
635
636         p = trans->server_conns.rb_node;
637         while (p) {
638                 conn = rb_entry(p, struct rxrpc_connection, node);
639
640                 _debug("maybe %x", conn->real_conn_id);
641
642                 if (epoch < conn->epoch)
643                         p = p->rb_left;
644                 else if (epoch > conn->epoch)
645                         p = p->rb_right;
646                 else if (conn_id < conn->real_conn_id)
647                         p = p->rb_left;
648                 else if (conn_id > conn->real_conn_id)
649                         p = p->rb_right;
650                 else
651                         goto found_extant_connection;
652         }
653         read_unlock_bh(&trans->conn_lock);
654
655         /* not yet present - create a candidate for a new record and then
656          * redo the search */
657         candidate = rxrpc_alloc_connection(gfp);
658         if (!candidate) {
659                 _leave(" = -ENOMEM");
660                 return ERR_PTR(-ENOMEM);
661         }
662
663         candidate->trans = trans;
664         candidate->epoch = hdr->epoch;
665         candidate->cid = hdr->cid & cpu_to_be32(RXRPC_CIDMASK);
666         candidate->service_id = hdr->serviceId;
667         candidate->security_ix = hdr->securityIndex;
668         candidate->in_clientflag = RXRPC_CLIENT_INITIATED;
669         candidate->out_clientflag = 0;
670         candidate->real_conn_id = conn_id;
671         candidate->state = RXRPC_CONN_SERVER;
672         if (candidate->service_id)
673                 candidate->state = RXRPC_CONN_SERVER_UNSECURED;
674
675         write_lock_bh(&trans->conn_lock);
676
677         pp = &trans->server_conns.rb_node;
678         p = NULL;
679         while (*pp) {
680                 p = *pp;
681                 conn = rb_entry(p, struct rxrpc_connection, node);
682
683                 if (epoch < conn->epoch)
684                         pp = &(*pp)->rb_left;
685                 else if (epoch > conn->epoch)
686                         pp = &(*pp)->rb_right;
687                 else if (conn_id < conn->real_conn_id)
688                         pp = &(*pp)->rb_left;
689                 else if (conn_id > conn->real_conn_id)
690                         pp = &(*pp)->rb_right;
691                 else
692                         goto found_extant_second;
693         }
694
695         /* we can now add the new candidate to the list */
696         conn = candidate;
697         candidate = NULL;
698         rb_link_node(&conn->node, p, pp);
699         rb_insert_color(&conn->node, &trans->server_conns);
700         atomic_inc(&conn->trans->usage);
701
702         write_unlock_bh(&trans->conn_lock);
703
704         write_lock_bh(&rxrpc_connection_lock);
705         list_add_tail(&conn->link, &rxrpc_connections);
706         write_unlock_bh(&rxrpc_connection_lock);
707
708         new = "new";
709
710 success:
711         _net("CONNECTION %s %d {%x}", new, conn->debug_id, conn->real_conn_id);
712
713         _leave(" = %p {u=%d}", conn, atomic_read(&conn->usage));
714         return conn;
715
716         /* we found the connection in the list immediately */
717 found_extant_connection:
718         if (hdr->securityIndex != conn->security_ix) {
719                 read_unlock_bh(&trans->conn_lock);
720                 goto security_mismatch;
721         }
722         atomic_inc(&conn->usage);
723         read_unlock_bh(&trans->conn_lock);
724         goto success;
725
726         /* we found the connection on the second time through the list */
727 found_extant_second:
728         if (hdr->securityIndex != conn->security_ix) {
729                 write_unlock_bh(&trans->conn_lock);
730                 goto security_mismatch;
731         }
732         atomic_inc(&conn->usage);
733         write_unlock_bh(&trans->conn_lock);
734         kfree(candidate);
735         goto success;
736
737 security_mismatch:
738         kfree(candidate);
739         _leave(" = -EKEYREJECTED");
740         return ERR_PTR(-EKEYREJECTED);
741 }
742
743 /*
744  * find a connection based on transport and RxRPC connection ID for an incoming
745  * packet
746  */
747 struct rxrpc_connection *rxrpc_find_connection(struct rxrpc_transport *trans,
748                                                struct rxrpc_header *hdr)
749 {
750         struct rxrpc_connection *conn;
751         struct rb_node *p;
752         __be32 epoch;
753         u32 conn_id;
754
755         _enter(",{%x,%x}", ntohl(hdr->cid), hdr->flags);
756
757         read_lock_bh(&trans->conn_lock);
758
759         conn_id = ntohl(hdr->cid) & RXRPC_CIDMASK;
760         epoch = hdr->epoch;
761
762         if (hdr->flags & RXRPC_CLIENT_INITIATED)
763                 p = trans->server_conns.rb_node;
764         else
765                 p = trans->client_conns.rb_node;
766
767         while (p) {
768                 conn = rb_entry(p, struct rxrpc_connection, node);
769
770                 _debug("maybe %x", conn->real_conn_id);
771
772                 if (epoch < conn->epoch)
773                         p = p->rb_left;
774                 else if (epoch > conn->epoch)
775                         p = p->rb_right;
776                 else if (conn_id < conn->real_conn_id)
777                         p = p->rb_left;
778                 else if (conn_id > conn->real_conn_id)
779                         p = p->rb_right;
780                 else
781                         goto found;
782         }
783
784         read_unlock_bh(&trans->conn_lock);
785         _leave(" = NULL");
786         return NULL;
787
788 found:
789         atomic_inc(&conn->usage);
790         read_unlock_bh(&trans->conn_lock);
791         _leave(" = %p", conn);
792         return conn;
793 }
794
795 /*
796  * release a virtual connection
797  */
798 void rxrpc_put_connection(struct rxrpc_connection *conn)
799 {
800         _enter("%p{u=%d,d=%d}",
801                conn, atomic_read(&conn->usage), conn->debug_id);
802
803         ASSERTCMP(atomic_read(&conn->usage), >, 0);
804
805         conn->put_time = get_seconds();
806         if (atomic_dec_and_test(&conn->usage)) {
807                 _debug("zombie");
808                 rxrpc_queue_delayed_work(&rxrpc_connection_reap, 0);
809         }
810
811         _leave("");
812 }
813
814 /*
815  * destroy a virtual connection
816  */
817 static void rxrpc_destroy_connection(struct rxrpc_connection *conn)
818 {
819         _enter("%p{%d}", conn, atomic_read(&conn->usage));
820
821         ASSERTCMP(atomic_read(&conn->usage), ==, 0);
822
823         _net("DESTROY CONN %d", conn->debug_id);
824
825         if (conn->bundle)
826                 rxrpc_put_bundle(conn->trans, conn->bundle);
827
828         ASSERT(RB_EMPTY_ROOT(&conn->calls));
829         rxrpc_purge_queue(&conn->rx_queue);
830
831         rxrpc_clear_conn_security(conn);
832         rxrpc_put_transport(conn->trans);
833         kfree(conn);
834         _leave("");
835 }
836
837 /*
838  * reap dead connections
839  */
840 static void rxrpc_connection_reaper(struct work_struct *work)
841 {
842         struct rxrpc_connection *conn, *_p;
843         unsigned long now, earliest, reap_time;
844
845         LIST_HEAD(graveyard);
846
847         _enter("");
848
849         now = get_seconds();
850         earliest = ULONG_MAX;
851
852         write_lock_bh(&rxrpc_connection_lock);
853         list_for_each_entry_safe(conn, _p, &rxrpc_connections, link) {
854                 _debug("reap CONN %d { u=%d,t=%ld }",
855                        conn->debug_id, atomic_read(&conn->usage),
856                        (long) now - (long) conn->put_time);
857
858                 if (likely(atomic_read(&conn->usage) > 0))
859                         continue;
860
861                 spin_lock(&conn->trans->client_lock);
862                 write_lock(&conn->trans->conn_lock);
863                 reap_time = conn->put_time + rxrpc_connection_timeout;
864
865                 if (atomic_read(&conn->usage) > 0) {
866                         ;
867                 } else if (reap_time <= now) {
868                         list_move_tail(&conn->link, &graveyard);
869                         if (conn->out_clientflag)
870                                 rb_erase(&conn->node,
871                                          &conn->trans->client_conns);
872                         else
873                                 rb_erase(&conn->node,
874                                          &conn->trans->server_conns);
875                         if (conn->bundle) {
876                                 list_del_init(&conn->bundle_link);
877                                 conn->bundle->num_conns--;
878                         }
879
880                 } else if (reap_time < earliest) {
881                         earliest = reap_time;
882                 }
883
884                 write_unlock(&conn->trans->conn_lock);
885                 spin_unlock(&conn->trans->client_lock);
886         }
887         write_unlock_bh(&rxrpc_connection_lock);
888
889         if (earliest != ULONG_MAX) {
890                 _debug("reschedule reaper %ld", (long) earliest - now);
891                 ASSERTCMP(earliest, >, now);
892                 rxrpc_queue_delayed_work(&rxrpc_connection_reap,
893                                          (earliest - now) * HZ);
894         }
895
896         /* then destroy all those pulled out */
897         while (!list_empty(&graveyard)) {
898                 conn = list_entry(graveyard.next, struct rxrpc_connection,
899                                   link);
900                 list_del_init(&conn->link);
901
902                 ASSERTCMP(atomic_read(&conn->usage), ==, 0);
903                 rxrpc_destroy_connection(conn);
904         }
905
906         _leave("");
907 }
908
909 /*
910  * preemptively destroy all the connection records rather than waiting for them
911  * to time out
912  */
913 void __exit rxrpc_destroy_all_connections(void)
914 {
915         _enter("");
916
917         rxrpc_connection_timeout = 0;
918         cancel_delayed_work(&rxrpc_connection_reap);
919         rxrpc_queue_delayed_work(&rxrpc_connection_reap, 0);
920
921         _leave("");
922 }