RxRPC: Don't attempt to reuse aborted connections
[sfrench/cifs-2.6.git] / net / rxrpc / ar-connection.c
1 /* RxRPC virtual connection handler
2  *
3  * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  */
11
12 #include <linux/module.h>
13 #include <linux/net.h>
14 #include <linux/skbuff.h>
15 #include <linux/crypto.h>
16 #include <net/sock.h>
17 #include <net/af_rxrpc.h>
18 #include "ar-internal.h"
19
20 static void rxrpc_connection_reaper(struct work_struct *work);
21
22 LIST_HEAD(rxrpc_connections);
23 DEFINE_RWLOCK(rxrpc_connection_lock);
24 static unsigned long rxrpc_connection_timeout = 10 * 60;
25 static DECLARE_DELAYED_WORK(rxrpc_connection_reap, rxrpc_connection_reaper);
26
27 /*
28  * allocate a new client connection bundle
29  */
30 static struct rxrpc_conn_bundle *rxrpc_alloc_bundle(gfp_t gfp)
31 {
32         struct rxrpc_conn_bundle *bundle;
33
34         _enter("");
35
36         bundle = kzalloc(sizeof(struct rxrpc_conn_bundle), gfp);
37         if (bundle) {
38                 INIT_LIST_HEAD(&bundle->unused_conns);
39                 INIT_LIST_HEAD(&bundle->avail_conns);
40                 INIT_LIST_HEAD(&bundle->busy_conns);
41                 init_waitqueue_head(&bundle->chanwait);
42                 atomic_set(&bundle->usage, 1);
43         }
44
45         _leave(" = %p", bundle);
46         return bundle;
47 }
48
49 /*
50  * compare bundle parameters with what we're looking for
51  * - return -ve, 0 or +ve
52  */
53 static inline
54 int rxrpc_cmp_bundle(const struct rxrpc_conn_bundle *bundle,
55                      struct key *key, __be16 service_id)
56 {
57         return (bundle->service_id - service_id) ?:
58                 ((unsigned long) bundle->key - (unsigned long) key);
59 }
60
61 /*
62  * get bundle of client connections that a client socket can make use of
63  */
64 struct rxrpc_conn_bundle *rxrpc_get_bundle(struct rxrpc_sock *rx,
65                                            struct rxrpc_transport *trans,
66                                            struct key *key,
67                                            __be16 service_id,
68                                            gfp_t gfp)
69 {
70         struct rxrpc_conn_bundle *bundle, *candidate;
71         struct rb_node *p, *parent, **pp;
72
73         _enter("%p{%x},%x,%hx,",
74                rx, key_serial(key), trans->debug_id, ntohs(service_id));
75
76         if (rx->trans == trans && rx->bundle) {
77                 atomic_inc(&rx->bundle->usage);
78                 return rx->bundle;
79         }
80
81         /* search the extant bundles first for one that matches the specified
82          * user ID */
83         spin_lock(&trans->client_lock);
84
85         p = trans->bundles.rb_node;
86         while (p) {
87                 bundle = rb_entry(p, struct rxrpc_conn_bundle, node);
88
89                 if (rxrpc_cmp_bundle(bundle, key, service_id) < 0)
90                         p = p->rb_left;
91                 else if (rxrpc_cmp_bundle(bundle, key, service_id) > 0)
92                         p = p->rb_right;
93                 else
94                         goto found_extant_bundle;
95         }
96
97         spin_unlock(&trans->client_lock);
98
99         /* not yet present - create a candidate for a new record and then
100          * redo the search */
101         candidate = rxrpc_alloc_bundle(gfp);
102         if (!candidate) {
103                 _leave(" = -ENOMEM");
104                 return ERR_PTR(-ENOMEM);
105         }
106
107         candidate->key = key_get(key);
108         candidate->service_id = service_id;
109
110         spin_lock(&trans->client_lock);
111
112         pp = &trans->bundles.rb_node;
113         parent = NULL;
114         while (*pp) {
115                 parent = *pp;
116                 bundle = rb_entry(parent, struct rxrpc_conn_bundle, node);
117
118                 if (rxrpc_cmp_bundle(bundle, key, service_id) < 0)
119                         pp = &(*pp)->rb_left;
120                 else if (rxrpc_cmp_bundle(bundle, key, service_id) > 0)
121                         pp = &(*pp)->rb_right;
122                 else
123                         goto found_extant_second;
124         }
125
126         /* second search also failed; add the new bundle */
127         bundle = candidate;
128         candidate = NULL;
129
130         rb_link_node(&bundle->node, parent, pp);
131         rb_insert_color(&bundle->node, &trans->bundles);
132         spin_unlock(&trans->client_lock);
133         _net("BUNDLE new on trans %d", trans->debug_id);
134         if (!rx->bundle && rx->sk.sk_state == RXRPC_CLIENT_CONNECTED) {
135                 atomic_inc(&bundle->usage);
136                 rx->bundle = bundle;
137         }
138         _leave(" = %p [new]", bundle);
139         return bundle;
140
141         /* we found the bundle in the list immediately */
142 found_extant_bundle:
143         atomic_inc(&bundle->usage);
144         spin_unlock(&trans->client_lock);
145         _net("BUNDLE old on trans %d", trans->debug_id);
146         if (!rx->bundle && rx->sk.sk_state == RXRPC_CLIENT_CONNECTED) {
147                 atomic_inc(&bundle->usage);
148                 rx->bundle = bundle;
149         }
150         _leave(" = %p [extant %d]", bundle, atomic_read(&bundle->usage));
151         return bundle;
152
153         /* we found the bundle on the second time through the list */
154 found_extant_second:
155         atomic_inc(&bundle->usage);
156         spin_unlock(&trans->client_lock);
157         kfree(candidate);
158         _net("BUNDLE old2 on trans %d", trans->debug_id);
159         if (!rx->bundle && rx->sk.sk_state == RXRPC_CLIENT_CONNECTED) {
160                 atomic_inc(&bundle->usage);
161                 rx->bundle = bundle;
162         }
163         _leave(" = %p [second %d]", bundle, atomic_read(&bundle->usage));
164         return bundle;
165 }
166
167 /*
168  * release a bundle
169  */
170 void rxrpc_put_bundle(struct rxrpc_transport *trans,
171                       struct rxrpc_conn_bundle *bundle)
172 {
173         _enter("%p,%p{%d}",trans, bundle, atomic_read(&bundle->usage));
174
175         if (atomic_dec_and_lock(&bundle->usage, &trans->client_lock)) {
176                 _debug("Destroy bundle");
177                 rb_erase(&bundle->node, &trans->bundles);
178                 spin_unlock(&trans->client_lock);
179                 ASSERT(list_empty(&bundle->unused_conns));
180                 ASSERT(list_empty(&bundle->avail_conns));
181                 ASSERT(list_empty(&bundle->busy_conns));
182                 ASSERTCMP(bundle->num_conns, ==, 0);
183                 key_put(bundle->key);
184                 kfree(bundle);
185         }
186
187         _leave("");
188 }
189
190 /*
191  * allocate a new connection
192  */
193 static struct rxrpc_connection *rxrpc_alloc_connection(gfp_t gfp)
194 {
195         struct rxrpc_connection *conn;
196
197         _enter("");
198
199         conn = kzalloc(sizeof(struct rxrpc_connection), gfp);
200         if (conn) {
201                 INIT_WORK(&conn->processor, &rxrpc_process_connection);
202                 INIT_LIST_HEAD(&conn->bundle_link);
203                 conn->calls = RB_ROOT;
204                 skb_queue_head_init(&conn->rx_queue);
205                 rwlock_init(&conn->lock);
206                 spin_lock_init(&conn->state_lock);
207                 atomic_set(&conn->usage, 1);
208                 conn->debug_id = atomic_inc_return(&rxrpc_debug_id);
209                 conn->avail_calls = RXRPC_MAXCALLS;
210                 conn->size_align = 4;
211                 conn->header_size = sizeof(struct rxrpc_header);
212         }
213
214         _leave(" = %p{%d}", conn, conn ? conn->debug_id : 0);
215         return conn;
216 }
217
218 /*
219  * assign a connection ID to a connection and add it to the transport's
220  * connection lookup tree
221  * - called with transport client lock held
222  */
223 static void rxrpc_assign_connection_id(struct rxrpc_connection *conn)
224 {
225         struct rxrpc_connection *xconn;
226         struct rb_node *parent, **p;
227         __be32 epoch;
228         u32 real_conn_id;
229
230         _enter("");
231
232         epoch = conn->epoch;
233
234         write_lock_bh(&conn->trans->conn_lock);
235
236         conn->trans->conn_idcounter += RXRPC_CID_INC;
237         if (conn->trans->conn_idcounter < RXRPC_CID_INC)
238                 conn->trans->conn_idcounter = RXRPC_CID_INC;
239         real_conn_id = conn->trans->conn_idcounter;
240
241 attempt_insertion:
242         parent = NULL;
243         p = &conn->trans->client_conns.rb_node;
244
245         while (*p) {
246                 parent = *p;
247                 xconn = rb_entry(parent, struct rxrpc_connection, node);
248
249                 if (epoch < xconn->epoch)
250                         p = &(*p)->rb_left;
251                 else if (epoch > xconn->epoch)
252                         p = &(*p)->rb_right;
253                 else if (real_conn_id < xconn->real_conn_id)
254                         p = &(*p)->rb_left;
255                 else if (real_conn_id > xconn->real_conn_id)
256                         p = &(*p)->rb_right;
257                 else
258                         goto id_exists;
259         }
260
261         /* we've found a suitable hole - arrange for this connection to occupy
262          * it */
263         rb_link_node(&conn->node, parent, p);
264         rb_insert_color(&conn->node, &conn->trans->client_conns);
265
266         conn->real_conn_id = real_conn_id;
267         conn->cid = htonl(real_conn_id);
268         write_unlock_bh(&conn->trans->conn_lock);
269         _leave(" [CONNID %x CID %x]", real_conn_id, ntohl(conn->cid));
270         return;
271
272         /* we found a connection with the proposed ID - walk the tree from that
273          * point looking for the next unused ID */
274 id_exists:
275         for (;;) {
276                 real_conn_id += RXRPC_CID_INC;
277                 if (real_conn_id < RXRPC_CID_INC) {
278                         real_conn_id = RXRPC_CID_INC;
279                         conn->trans->conn_idcounter = real_conn_id;
280                         goto attempt_insertion;
281                 }
282
283                 parent = rb_next(parent);
284                 if (!parent)
285                         goto attempt_insertion;
286
287                 xconn = rb_entry(parent, struct rxrpc_connection, node);
288                 if (epoch < xconn->epoch ||
289                     real_conn_id < xconn->real_conn_id)
290                         goto attempt_insertion;
291         }
292 }
293
294 /*
295  * add a call to a connection's call-by-ID tree
296  */
297 static void rxrpc_add_call_ID_to_conn(struct rxrpc_connection *conn,
298                                       struct rxrpc_call *call)
299 {
300         struct rxrpc_call *xcall;
301         struct rb_node *parent, **p;
302         __be32 call_id;
303
304         write_lock_bh(&conn->lock);
305
306         call_id = call->call_id;
307         p = &conn->calls.rb_node;
308         parent = NULL;
309         while (*p) {
310                 parent = *p;
311                 xcall = rb_entry(parent, struct rxrpc_call, conn_node);
312
313                 if (call_id < xcall->call_id)
314                         p = &(*p)->rb_left;
315                 else if (call_id > xcall->call_id)
316                         p = &(*p)->rb_right;
317                 else
318                         BUG();
319         }
320
321         rb_link_node(&call->conn_node, parent, p);
322         rb_insert_color(&call->conn_node, &conn->calls);
323
324         write_unlock_bh(&conn->lock);
325 }
326
327 /*
328  * connect a call on an exclusive connection
329  */
330 static int rxrpc_connect_exclusive(struct rxrpc_sock *rx,
331                                    struct rxrpc_transport *trans,
332                                    __be16 service_id,
333                                    struct rxrpc_call *call,
334                                    gfp_t gfp)
335 {
336         struct rxrpc_connection *conn;
337         int chan, ret;
338
339         _enter("");
340
341         conn = rx->conn;
342         if (!conn) {
343                 /* not yet present - create a candidate for a new connection
344                  * and then redo the check */
345                 conn = rxrpc_alloc_connection(gfp);
346                 if (!conn) {
347                         _leave(" = -ENOMEM");
348                         return -ENOMEM;
349                 }
350
351                 conn->trans = trans;
352                 conn->bundle = NULL;
353                 conn->service_id = service_id;
354                 conn->epoch = rxrpc_epoch;
355                 conn->in_clientflag = 0;
356                 conn->out_clientflag = RXRPC_CLIENT_INITIATED;
357                 conn->cid = 0;
358                 conn->state = RXRPC_CONN_CLIENT;
359                 conn->avail_calls = RXRPC_MAXCALLS - 1;
360                 conn->security_level = rx->min_sec_level;
361                 conn->key = key_get(rx->key);
362
363                 ret = rxrpc_init_client_conn_security(conn);
364                 if (ret < 0) {
365                         key_put(conn->key);
366                         kfree(conn);
367                         _leave(" = %d [key]", ret);
368                         return ret;
369                 }
370
371                 write_lock_bh(&rxrpc_connection_lock);
372                 list_add_tail(&conn->link, &rxrpc_connections);
373                 write_unlock_bh(&rxrpc_connection_lock);
374
375                 spin_lock(&trans->client_lock);
376                 atomic_inc(&trans->usage);
377
378                 _net("CONNECT EXCL new %d on TRANS %d",
379                      conn->debug_id, conn->trans->debug_id);
380
381                 rxrpc_assign_connection_id(conn);
382                 rx->conn = conn;
383         }
384
385         /* we've got a connection with a free channel and we can now attach the
386          * call to it
387          * - we're holding the transport's client lock
388          * - we're holding a reference on the connection
389          */
390         for (chan = 0; chan < RXRPC_MAXCALLS; chan++)
391                 if (!conn->channels[chan])
392                         goto found_channel;
393         goto no_free_channels;
394
395 found_channel:
396         atomic_inc(&conn->usage);
397         conn->channels[chan] = call;
398         call->conn = conn;
399         call->channel = chan;
400         call->cid = conn->cid | htonl(chan);
401         call->call_id = htonl(++conn->call_counter);
402
403         _net("CONNECT client on conn %d chan %d as call %x",
404              conn->debug_id, chan, ntohl(call->call_id));
405
406         spin_unlock(&trans->client_lock);
407
408         rxrpc_add_call_ID_to_conn(conn, call);
409         _leave(" = 0");
410         return 0;
411
412 no_free_channels:
413         spin_unlock(&trans->client_lock);
414         _leave(" = -ENOSR");
415         return -ENOSR;
416 }
417
418 /*
419  * find a connection for a call
420  * - called in process context with IRQs enabled
421  */
422 int rxrpc_connect_call(struct rxrpc_sock *rx,
423                        struct rxrpc_transport *trans,
424                        struct rxrpc_conn_bundle *bundle,
425                        struct rxrpc_call *call,
426                        gfp_t gfp)
427 {
428         struct rxrpc_connection *conn, *candidate;
429         int chan, ret;
430
431         DECLARE_WAITQUEUE(myself, current);
432
433         _enter("%p,%lx,", rx, call->user_call_ID);
434
435         if (test_bit(RXRPC_SOCK_EXCLUSIVE_CONN, &rx->flags))
436                 return rxrpc_connect_exclusive(rx, trans, bundle->service_id,
437                                                call, gfp);
438
439         spin_lock(&trans->client_lock);
440         for (;;) {
441                 /* see if the bundle has a call slot available */
442                 if (!list_empty(&bundle->avail_conns)) {
443                         _debug("avail");
444                         conn = list_entry(bundle->avail_conns.next,
445                                           struct rxrpc_connection,
446                                           bundle_link);
447                         if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
448                                 list_del_init(&conn->bundle_link);
449                                 bundle->num_conns--;
450                                 continue;
451                         }
452                         if (--conn->avail_calls == 0)
453                                 list_move(&conn->bundle_link,
454                                           &bundle->busy_conns);
455                         ASSERTCMP(conn->avail_calls, <, RXRPC_MAXCALLS);
456                         ASSERT(conn->channels[0] == NULL ||
457                                conn->channels[1] == NULL ||
458                                conn->channels[2] == NULL ||
459                                conn->channels[3] == NULL);
460                         atomic_inc(&conn->usage);
461                         break;
462                 }
463
464                 if (!list_empty(&bundle->unused_conns)) {
465                         _debug("unused");
466                         conn = list_entry(bundle->unused_conns.next,
467                                           struct rxrpc_connection,
468                                           bundle_link);
469                         if (conn->state >= RXRPC_CONN_REMOTELY_ABORTED) {
470                                 list_del_init(&conn->bundle_link);
471                                 bundle->num_conns--;
472                                 continue;
473                         }
474                         ASSERTCMP(conn->avail_calls, ==, RXRPC_MAXCALLS);
475                         conn->avail_calls = RXRPC_MAXCALLS - 1;
476                         ASSERT(conn->channels[0] == NULL &&
477                                conn->channels[1] == NULL &&
478                                conn->channels[2] == NULL &&
479                                conn->channels[3] == NULL);
480                         atomic_inc(&conn->usage);
481                         list_move(&conn->bundle_link, &bundle->avail_conns);
482                         break;
483                 }
484
485                 /* need to allocate a new connection */
486                 _debug("get new conn [%d]", bundle->num_conns);
487
488                 spin_unlock(&trans->client_lock);
489
490                 if (signal_pending(current))
491                         goto interrupted;
492
493                 if (bundle->num_conns >= 20) {
494                         _debug("too many conns");
495
496                         if (!(gfp & __GFP_WAIT)) {
497                                 _leave(" = -EAGAIN");
498                                 return -EAGAIN;
499                         }
500
501                         add_wait_queue(&bundle->chanwait, &myself);
502                         for (;;) {
503                                 set_current_state(TASK_INTERRUPTIBLE);
504                                 if (bundle->num_conns < 20 ||
505                                     !list_empty(&bundle->unused_conns) ||
506                                     !list_empty(&bundle->avail_conns))
507                                         break;
508                                 if (signal_pending(current))
509                                         goto interrupted_dequeue;
510                                 schedule();
511                         }
512                         remove_wait_queue(&bundle->chanwait, &myself);
513                         __set_current_state(TASK_RUNNING);
514                         spin_lock(&trans->client_lock);
515                         continue;
516                 }
517
518                 /* not yet present - create a candidate for a new connection and then
519                  * redo the check */
520                 candidate = rxrpc_alloc_connection(gfp);
521                 if (!candidate) {
522                         _leave(" = -ENOMEM");
523                         return -ENOMEM;
524                 }
525
526                 candidate->trans = trans;
527                 candidate->bundle = bundle;
528                 candidate->service_id = bundle->service_id;
529                 candidate->epoch = rxrpc_epoch;
530                 candidate->in_clientflag = 0;
531                 candidate->out_clientflag = RXRPC_CLIENT_INITIATED;
532                 candidate->cid = 0;
533                 candidate->state = RXRPC_CONN_CLIENT;
534                 candidate->avail_calls = RXRPC_MAXCALLS;
535                 candidate->security_level = rx->min_sec_level;
536                 candidate->key = key_get(bundle->key);
537
538                 ret = rxrpc_init_client_conn_security(candidate);
539                 if (ret < 0) {
540                         key_put(candidate->key);
541                         kfree(candidate);
542                         _leave(" = %d [key]", ret);
543                         return ret;
544                 }
545
546                 write_lock_bh(&rxrpc_connection_lock);
547                 list_add_tail(&candidate->link, &rxrpc_connections);
548                 write_unlock_bh(&rxrpc_connection_lock);
549
550                 spin_lock(&trans->client_lock);
551
552                 list_add(&candidate->bundle_link, &bundle->unused_conns);
553                 bundle->num_conns++;
554                 atomic_inc(&bundle->usage);
555                 atomic_inc(&trans->usage);
556
557                 _net("CONNECT new %d on TRANS %d",
558                      candidate->debug_id, candidate->trans->debug_id);
559
560                 rxrpc_assign_connection_id(candidate);
561                 if (candidate->security)
562                         candidate->security->prime_packet_security(candidate);
563
564                 /* leave the candidate lurking in zombie mode attached to the
565                  * bundle until we're ready for it */
566                 rxrpc_put_connection(candidate);
567                 candidate = NULL;
568         }
569
570         /* we've got a connection with a free channel and we can now attach the
571          * call to it
572          * - we're holding the transport's client lock
573          * - we're holding a reference on the connection
574          * - we're holding a reference on the bundle
575          */
576         for (chan = 0; chan < RXRPC_MAXCALLS; chan++)
577                 if (!conn->channels[chan])
578                         goto found_channel;
579         ASSERT(conn->channels[0] == NULL ||
580                conn->channels[1] == NULL ||
581                conn->channels[2] == NULL ||
582                conn->channels[3] == NULL);
583         BUG();
584
585 found_channel:
586         conn->channels[chan] = call;
587         call->conn = conn;
588         call->channel = chan;
589         call->cid = conn->cid | htonl(chan);
590         call->call_id = htonl(++conn->call_counter);
591
592         _net("CONNECT client on conn %d chan %d as call %x",
593              conn->debug_id, chan, ntohl(call->call_id));
594
595         ASSERTCMP(conn->avail_calls, <, RXRPC_MAXCALLS);
596         spin_unlock(&trans->client_lock);
597
598         rxrpc_add_call_ID_to_conn(conn, call);
599
600         _leave(" = 0");
601         return 0;
602
603 interrupted_dequeue:
604         remove_wait_queue(&bundle->chanwait, &myself);
605         __set_current_state(TASK_RUNNING);
606 interrupted:
607         _leave(" = -ERESTARTSYS");
608         return -ERESTARTSYS;
609 }
610
611 /*
612  * get a record of an incoming connection
613  */
614 struct rxrpc_connection *
615 rxrpc_incoming_connection(struct rxrpc_transport *trans,
616                           struct rxrpc_header *hdr,
617                           gfp_t gfp)
618 {
619         struct rxrpc_connection *conn, *candidate = NULL;
620         struct rb_node *p, **pp;
621         const char *new = "old";
622         __be32 epoch;
623         u32 conn_id;
624
625         _enter("");
626
627         ASSERT(hdr->flags & RXRPC_CLIENT_INITIATED);
628
629         epoch = hdr->epoch;
630         conn_id = ntohl(hdr->cid) & RXRPC_CIDMASK;
631
632         /* search the connection list first */
633         read_lock_bh(&trans->conn_lock);
634
635         p = trans->server_conns.rb_node;
636         while (p) {
637                 conn = rb_entry(p, struct rxrpc_connection, node);
638
639                 _debug("maybe %x", conn->real_conn_id);
640
641                 if (epoch < conn->epoch)
642                         p = p->rb_left;
643                 else if (epoch > conn->epoch)
644                         p = p->rb_right;
645                 else if (conn_id < conn->real_conn_id)
646                         p = p->rb_left;
647                 else if (conn_id > conn->real_conn_id)
648                         p = p->rb_right;
649                 else
650                         goto found_extant_connection;
651         }
652         read_unlock_bh(&trans->conn_lock);
653
654         /* not yet present - create a candidate for a new record and then
655          * redo the search */
656         candidate = rxrpc_alloc_connection(gfp);
657         if (!candidate) {
658                 _leave(" = -ENOMEM");
659                 return ERR_PTR(-ENOMEM);
660         }
661
662         candidate->trans = trans;
663         candidate->epoch = hdr->epoch;
664         candidate->cid = hdr->cid & cpu_to_be32(RXRPC_CIDMASK);
665         candidate->service_id = hdr->serviceId;
666         candidate->security_ix = hdr->securityIndex;
667         candidate->in_clientflag = RXRPC_CLIENT_INITIATED;
668         candidate->out_clientflag = 0;
669         candidate->real_conn_id = conn_id;
670         candidate->state = RXRPC_CONN_SERVER;
671         if (candidate->service_id)
672                 candidate->state = RXRPC_CONN_SERVER_UNSECURED;
673
674         write_lock_bh(&trans->conn_lock);
675
676         pp = &trans->server_conns.rb_node;
677         p = NULL;
678         while (*pp) {
679                 p = *pp;
680                 conn = rb_entry(p, struct rxrpc_connection, node);
681
682                 if (epoch < conn->epoch)
683                         pp = &(*pp)->rb_left;
684                 else if (epoch > conn->epoch)
685                         pp = &(*pp)->rb_right;
686                 else if (conn_id < conn->real_conn_id)
687                         pp = &(*pp)->rb_left;
688                 else if (conn_id > conn->real_conn_id)
689                         pp = &(*pp)->rb_right;
690                 else
691                         goto found_extant_second;
692         }
693
694         /* we can now add the new candidate to the list */
695         conn = candidate;
696         candidate = NULL;
697         rb_link_node(&conn->node, p, pp);
698         rb_insert_color(&conn->node, &trans->server_conns);
699         atomic_inc(&conn->trans->usage);
700
701         write_unlock_bh(&trans->conn_lock);
702
703         write_lock_bh(&rxrpc_connection_lock);
704         list_add_tail(&conn->link, &rxrpc_connections);
705         write_unlock_bh(&rxrpc_connection_lock);
706
707         new = "new";
708
709 success:
710         _net("CONNECTION %s %d {%x}", new, conn->debug_id, conn->real_conn_id);
711
712         _leave(" = %p {u=%d}", conn, atomic_read(&conn->usage));
713         return conn;
714
715         /* we found the connection in the list immediately */
716 found_extant_connection:
717         if (hdr->securityIndex != conn->security_ix) {
718                 read_unlock_bh(&trans->conn_lock);
719                 goto security_mismatch;
720         }
721         atomic_inc(&conn->usage);
722         read_unlock_bh(&trans->conn_lock);
723         goto success;
724
725         /* we found the connection on the second time through the list */
726 found_extant_second:
727         if (hdr->securityIndex != conn->security_ix) {
728                 write_unlock_bh(&trans->conn_lock);
729                 goto security_mismatch;
730         }
731         atomic_inc(&conn->usage);
732         write_unlock_bh(&trans->conn_lock);
733         kfree(candidate);
734         goto success;
735
736 security_mismatch:
737         kfree(candidate);
738         _leave(" = -EKEYREJECTED");
739         return ERR_PTR(-EKEYREJECTED);
740 }
741
742 /*
743  * find a connection based on transport and RxRPC connection ID for an incoming
744  * packet
745  */
746 struct rxrpc_connection *rxrpc_find_connection(struct rxrpc_transport *trans,
747                                                struct rxrpc_header *hdr)
748 {
749         struct rxrpc_connection *conn;
750         struct rb_node *p;
751         __be32 epoch;
752         u32 conn_id;
753
754         _enter(",{%x,%x}", ntohl(hdr->cid), hdr->flags);
755
756         read_lock_bh(&trans->conn_lock);
757
758         conn_id = ntohl(hdr->cid) & RXRPC_CIDMASK;
759         epoch = hdr->epoch;
760
761         if (hdr->flags & RXRPC_CLIENT_INITIATED)
762                 p = trans->server_conns.rb_node;
763         else
764                 p = trans->client_conns.rb_node;
765
766         while (p) {
767                 conn = rb_entry(p, struct rxrpc_connection, node);
768
769                 _debug("maybe %x", conn->real_conn_id);
770
771                 if (epoch < conn->epoch)
772                         p = p->rb_left;
773                 else if (epoch > conn->epoch)
774                         p = p->rb_right;
775                 else if (conn_id < conn->real_conn_id)
776                         p = p->rb_left;
777                 else if (conn_id > conn->real_conn_id)
778                         p = p->rb_right;
779                 else
780                         goto found;
781         }
782
783         read_unlock_bh(&trans->conn_lock);
784         _leave(" = NULL");
785         return NULL;
786
787 found:
788         atomic_inc(&conn->usage);
789         read_unlock_bh(&trans->conn_lock);
790         _leave(" = %p", conn);
791         return conn;
792 }
793
794 /*
795  * release a virtual connection
796  */
797 void rxrpc_put_connection(struct rxrpc_connection *conn)
798 {
799         _enter("%p{u=%d,d=%d}",
800                conn, atomic_read(&conn->usage), conn->debug_id);
801
802         ASSERTCMP(atomic_read(&conn->usage), >, 0);
803
804         conn->put_time = get_seconds();
805         if (atomic_dec_and_test(&conn->usage)) {
806                 _debug("zombie");
807                 rxrpc_queue_delayed_work(&rxrpc_connection_reap, 0);
808         }
809
810         _leave("");
811 }
812
813 /*
814  * destroy a virtual connection
815  */
816 static void rxrpc_destroy_connection(struct rxrpc_connection *conn)
817 {
818         _enter("%p{%d}", conn, atomic_read(&conn->usage));
819
820         ASSERTCMP(atomic_read(&conn->usage), ==, 0);
821
822         _net("DESTROY CONN %d", conn->debug_id);
823
824         if (conn->bundle)
825                 rxrpc_put_bundle(conn->trans, conn->bundle);
826
827         ASSERT(RB_EMPTY_ROOT(&conn->calls));
828         rxrpc_purge_queue(&conn->rx_queue);
829
830         rxrpc_clear_conn_security(conn);
831         rxrpc_put_transport(conn->trans);
832         kfree(conn);
833         _leave("");
834 }
835
836 /*
837  * reap dead connections
838  */
839 static void rxrpc_connection_reaper(struct work_struct *work)
840 {
841         struct rxrpc_connection *conn, *_p;
842         unsigned long now, earliest, reap_time;
843
844         LIST_HEAD(graveyard);
845
846         _enter("");
847
848         now = get_seconds();
849         earliest = ULONG_MAX;
850
851         write_lock_bh(&rxrpc_connection_lock);
852         list_for_each_entry_safe(conn, _p, &rxrpc_connections, link) {
853                 _debug("reap CONN %d { u=%d,t=%ld }",
854                        conn->debug_id, atomic_read(&conn->usage),
855                        (long) now - (long) conn->put_time);
856
857                 if (likely(atomic_read(&conn->usage) > 0))
858                         continue;
859
860                 spin_lock(&conn->trans->client_lock);
861                 write_lock(&conn->trans->conn_lock);
862                 reap_time = conn->put_time + rxrpc_connection_timeout;
863
864                 if (atomic_read(&conn->usage) > 0) {
865                         ;
866                 } else if (reap_time <= now) {
867                         list_move_tail(&conn->link, &graveyard);
868                         if (conn->out_clientflag)
869                                 rb_erase(&conn->node,
870                                          &conn->trans->client_conns);
871                         else
872                                 rb_erase(&conn->node,
873                                          &conn->trans->server_conns);
874                         if (conn->bundle) {
875                                 list_del_init(&conn->bundle_link);
876                                 conn->bundle->num_conns--;
877                         }
878
879                 } else if (reap_time < earliest) {
880                         earliest = reap_time;
881                 }
882
883                 write_unlock(&conn->trans->conn_lock);
884                 spin_unlock(&conn->trans->client_lock);
885         }
886         write_unlock_bh(&rxrpc_connection_lock);
887
888         if (earliest != ULONG_MAX) {
889                 _debug("reschedule reaper %ld", (long) earliest - now);
890                 ASSERTCMP(earliest, >, now);
891                 rxrpc_queue_delayed_work(&rxrpc_connection_reap,
892                                          (earliest - now) * HZ);
893         }
894
895         /* then destroy all those pulled out */
896         while (!list_empty(&graveyard)) {
897                 conn = list_entry(graveyard.next, struct rxrpc_connection,
898                                   link);
899                 list_del_init(&conn->link);
900
901                 ASSERTCMP(atomic_read(&conn->usage), ==, 0);
902                 rxrpc_destroy_connection(conn);
903         }
904
905         _leave("");
906 }
907
908 /*
909  * preemptively destroy all the connection records rather than waiting for them
910  * to time out
911  */
912 void __exit rxrpc_destroy_all_connections(void)
913 {
914         _enter("");
915
916         rxrpc_connection_timeout = 0;
917         cancel_delayed_work(&rxrpc_connection_reap);
918         rxrpc_queue_delayed_work(&rxrpc_connection_reap, 0);
919
920         _leave("");
921 }