2006-01-02 21:04:38 +03:00
|
|
|
/*
|
2008-05-20 00:30:13 +04:00
|
|
|
* net/tipc/subscr.c: TIPC network topology service
|
2007-02-09 17:25:21 +03:00
|
|
|
*
|
tipc: eliminate struct tipc_subscriber
It is unnecessary to keep two structures, struct tipc_conn and struct
tipc_subscriber, with a one-to-one relationship and still with different
life cycles. The fact that the two often run in different contexts, and
still may access each other via direct pointers constitutes an additional
hazard, something we have experienced at several occasions, and still
see happening.
We have identified at least two remaining problems that are easier to
fix if we simplify the topology server data structure somewhat.
- When there is a race between a subscription up/down event and a
timeout event, it is fully possible that the former might be delivered
after the latter, leading to confusion for the receiver.
- The function tipc_subcrp_timeout() is executing in interrupt context,
while the following call chain is at least theoretically possible:
tipc_subscrp_timeout()
tipc_subscrp_send_event()
tipc_conn_sendmsg()
conn_put()
tipc_conn_kref_release()
sock_release(sock)
I.e., we end up calling a function that might try to sleep in
interrupt context. To eliminate this, we need to ensure that the
tipc_conn structure and the socket, as well as the subscription
instances, only are deleted in work queue context, i.e., after the
timeout event really has been sent out.
We now remove this unnecessary complexity, by merging data and
functionality of the subscriber structure into struct tipc_conn
and the associated file server.c. We thereafter add a spinlock and
a new 'inactive' state to the subscription structure. Using those,
both problems described above can be easily solved.
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-15 12:40:44 +03:00
|
|
|
* Copyright (c) 2000-2017, Ericsson AB
|
tipc: convert topology server to use new server facility
As the new TIPC server infrastructure has been introduced, we can
now convert the TIPC topology server to it. We get two benefits
from doing this:
1) It simplifies the topology server locking policy. In the
original locking policy, we placed one spin lock pointer in the
tipc_subscriber structure to reuse the lock of the subscriber's
server port, controlling access to members of tipc_subscriber
instance. That is, we only used one lock to ensure both
tipc_port and tipc_subscriber members were safely accessed.
Now we introduce another spin lock for tipc_subscriber structure
only protecting themselves, to get a finer granularity locking
policy. Moreover, the change will allow us to make the topology
server code more readable and maintainable.
2) It fixes a bug where sent subscription events may be lost when
the topology port is congested. Using the new service, the
topology server now queues sent events into an outgoing buffer,
and then wakes up a sender process which has been blocked in
workqueue context. The process will keep picking events from the
buffer and send them to their respective subscribers, using the
kernel socket interface, until the buffer is empty. Even if the
socket is congested during transmission there is no risk that
events may be dropped, since the sender process may block when
needed.
Some minor reordering of initialization is done, since we now
have a scenario where the topology server must be started after
socket initialization has taken place, as the former depends
on the latter. And overall, we see a simplification of the
TIPC subscriber code in making this changeover.
Signed-off-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-06-17 18:54:40 +04:00
|
|
|
* Copyright (c) 2005-2007, 2010-2013, Wind River Systems
|
2006-01-02 21:04:38 +03:00
|
|
|
* All rights reserved.
|
|
|
|
*
|
2006-01-11 15:30:43 +03:00
|
|
|
* Redistribution and use in source and binary forms, with or without
|
2006-01-02 21:04:38 +03:00
|
|
|
* modification, are permitted provided that the following conditions are met:
|
|
|
|
*
|
2006-01-11 15:30:43 +03:00
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. Neither the names of the copyright holders nor the names of its
|
|
|
|
* contributors may be used to endorse or promote products derived from
|
|
|
|
* this software without specific prior written permission.
|
2006-01-02 21:04:38 +03:00
|
|
|
*
|
2006-01-11 15:30:43 +03:00
|
|
|
* Alternatively, this software may be distributed under the terms of the
|
|
|
|
* GNU General Public License ("GPL") version 2 as published by the Free
|
|
|
|
* Software Foundation.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
|
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
|
|
|
|
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
2006-01-02 21:04:38 +03:00
|
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "core.h"
|
|
|
|
#include "name_table.h"
|
2008-05-20 00:30:13 +04:00
|
|
|
#include "subscr.h"
|
2006-01-02 21:04:38 +03:00
|
|
|
|
2018-02-15 12:40:48 +03:00
|
|
|
static void tipc_sub_send_event(struct tipc_subscription *sub,
|
|
|
|
u32 found_lower, u32 found_upper,
|
|
|
|
u32 event, u32 port, u32 node)
|
2006-01-02 21:04:38 +03:00
|
|
|
{
|
2018-02-15 12:40:45 +03:00
|
|
|
struct tipc_event *evt = &sub->evt;
|
2006-01-02 21:04:38 +03:00
|
|
|
|
tipc: eliminate struct tipc_subscriber
It is unnecessary to keep two structures, struct tipc_conn and struct
tipc_subscriber, with a one-to-one relationship and still with different
life cycles. The fact that the two often run in different contexts, and
still may access each other via direct pointers constitutes an additional
hazard, something we have experienced at several occasions, and still
see happening.
We have identified at least two remaining problems that are easier to
fix if we simplify the topology server data structure somewhat.
- When there is a race between a subscription up/down event and a
timeout event, it is fully possible that the former might be delivered
after the latter, leading to confusion for the receiver.
- The function tipc_subcrp_timeout() is executing in interrupt context,
while the following call chain is at least theoretically possible:
tipc_subscrp_timeout()
tipc_subscrp_send_event()
tipc_conn_sendmsg()
conn_put()
tipc_conn_kref_release()
sock_release(sock)
I.e., we end up calling a function that might try to sleep in
interrupt context. To eliminate this, we need to ensure that the
tipc_conn structure and the socket, as well as the subscription
instances, only are deleted in work queue context, i.e., after the
timeout event really has been sent out.
We now remove this unnecessary complexity, by merging data and
functionality of the subscriber structure into struct tipc_conn
and the associated file server.c. We thereafter add a spinlock and
a new 'inactive' state to the subscription structure. Using those,
both problems described above can be easily solved.
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-15 12:40:44 +03:00
|
|
|
if (sub->inactive)
|
|
|
|
return;
|
2018-02-15 12:40:46 +03:00
|
|
|
tipc_evt_write(evt, event, event);
|
|
|
|
tipc_evt_write(evt, found_lower, found_lower);
|
|
|
|
tipc_evt_write(evt, found_upper, found_upper);
|
|
|
|
tipc_evt_write(evt, port.ref, port);
|
|
|
|
tipc_evt_write(evt, port.node, node);
|
2018-02-15 12:40:51 +03:00
|
|
|
tipc_topsrv_queue_evt(sub->net, sub->conid, event, evt);
|
2006-01-02 21:04:38 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2018-02-15 12:40:48 +03:00
|
|
|
* tipc_sub_check_overlap - test for subscription overlap with the
|
2015-05-04 05:36:44 +03:00
|
|
|
* given values
|
2006-01-02 21:04:38 +03:00
|
|
|
*
|
|
|
|
* Returns 1 if there is overlap, otherwise 0.
|
|
|
|
*/
|
2018-02-15 12:40:48 +03:00
|
|
|
int tipc_sub_check_overlap(struct tipc_name_seq *seq, u32 found_lower,
|
|
|
|
u32 found_upper)
|
2006-01-02 21:04:38 +03:00
|
|
|
{
|
2016-02-02 12:52:10 +03:00
|
|
|
if (found_lower < seq->lower)
|
|
|
|
found_lower = seq->lower;
|
|
|
|
if (found_upper > seq->upper)
|
|
|
|
found_upper = seq->upper;
|
2006-01-02 21:04:38 +03:00
|
|
|
if (found_lower > found_upper)
|
|
|
|
return 0;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2018-02-15 12:40:48 +03:00
|
|
|
void tipc_sub_report_overlap(struct tipc_subscription *sub,
|
|
|
|
u32 found_lower, u32 found_upper,
|
|
|
|
u32 event, u32 port, u32 node,
|
|
|
|
u32 scope, int must)
|
2016-02-02 12:52:10 +03:00
|
|
|
{
|
2018-02-15 12:40:46 +03:00
|
|
|
struct tipc_subscr *s = &sub->evt.s;
|
|
|
|
u32 filter = tipc_sub_read(s, filter);
|
2018-02-15 12:40:48 +03:00
|
|
|
struct tipc_name_seq seq;
|
2018-02-15 12:40:46 +03:00
|
|
|
|
|
|
|
seq.type = tipc_sub_read(s, seq.type);
|
|
|
|
seq.lower = tipc_sub_read(s, seq.lower);
|
|
|
|
seq.upper = tipc_sub_read(s, seq.upper);
|
2016-02-02 12:52:10 +03:00
|
|
|
|
2018-02-15 12:40:48 +03:00
|
|
|
if (!tipc_sub_check_overlap(&seq, found_lower, found_upper))
|
2006-01-02 21:04:38 +03:00
|
|
|
return;
|
2018-02-15 12:40:46 +03:00
|
|
|
|
2018-01-08 23:03:30 +03:00
|
|
|
if (!must && !(filter & TIPC_SUB_PORTS))
|
|
|
|
return;
|
|
|
|
if (filter & TIPC_SUB_CLUSTER_SCOPE && scope == TIPC_NODE_SCOPE)
|
|
|
|
return;
|
|
|
|
if (filter & TIPC_SUB_NODE_SCOPE && scope != TIPC_NODE_SCOPE)
|
2006-01-02 21:04:38 +03:00
|
|
|
return;
|
tipc: eliminate struct tipc_subscriber
It is unnecessary to keep two structures, struct tipc_conn and struct
tipc_subscriber, with a one-to-one relationship and still with different
life cycles. The fact that the two often run in different contexts, and
still may access each other via direct pointers constitutes an additional
hazard, something we have experienced at several occasions, and still
see happening.
We have identified at least two remaining problems that are easier to
fix if we simplify the topology server data structure somewhat.
- When there is a race between a subscription up/down event and a
timeout event, it is fully possible that the former might be delivered
after the latter, leading to confusion for the receiver.
- The function tipc_subcrp_timeout() is executing in interrupt context,
while the following call chain is at least theoretically possible:
tipc_subscrp_timeout()
tipc_subscrp_send_event()
tipc_conn_sendmsg()
conn_put()
tipc_conn_kref_release()
sock_release(sock)
I.e., we end up calling a function that might try to sleep in
interrupt context. To eliminate this, we need to ensure that the
tipc_conn structure and the socket, as well as the subscription
instances, only are deleted in work queue context, i.e., after the
timeout event really has been sent out.
We now remove this unnecessary complexity, by merging data and
functionality of the subscriber structure into struct tipc_conn
and the associated file server.c. We thereafter add a spinlock and
a new 'inactive' state to the subscription structure. Using those,
both problems described above can be easily solved.
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-15 12:40:44 +03:00
|
|
|
spin_lock(&sub->lock);
|
2018-02-15 12:40:48 +03:00
|
|
|
tipc_sub_send_event(sub, found_lower, found_upper,
|
|
|
|
event, port, node);
|
tipc: eliminate struct tipc_subscriber
It is unnecessary to keep two structures, struct tipc_conn and struct
tipc_subscriber, with a one-to-one relationship and still with different
life cycles. The fact that the two often run in different contexts, and
still may access each other via direct pointers constitutes an additional
hazard, something we have experienced at several occasions, and still
see happening.
We have identified at least two remaining problems that are easier to
fix if we simplify the topology server data structure somewhat.
- When there is a race between a subscription up/down event and a
timeout event, it is fully possible that the former might be delivered
after the latter, leading to confusion for the receiver.
- The function tipc_subcrp_timeout() is executing in interrupt context,
while the following call chain is at least theoretically possible:
tipc_subscrp_timeout()
tipc_subscrp_send_event()
tipc_conn_sendmsg()
conn_put()
tipc_conn_kref_release()
sock_release(sock)
I.e., we end up calling a function that might try to sleep in
interrupt context. To eliminate this, we need to ensure that the
tipc_conn structure and the socket, as well as the subscription
instances, only are deleted in work queue context, i.e., after the
timeout event really has been sent out.
We now remove this unnecessary complexity, by merging data and
functionality of the subscriber structure into struct tipc_conn
and the associated file server.c. We thereafter add a spinlock and
a new 'inactive' state to the subscription structure. Using those,
both problems described above can be easily solved.
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-15 12:40:44 +03:00
|
|
|
spin_unlock(&sub->lock);
|
2006-01-02 21:04:38 +03:00
|
|
|
}
|
|
|
|
|
2018-02-15 12:40:48 +03:00
|
|
|
static void tipc_sub_timeout(struct timer_list *t)
|
2006-01-02 21:04:38 +03:00
|
|
|
{
|
2017-10-31 00:06:45 +03:00
|
|
|
struct tipc_subscription *sub = from_timer(sub, t, timer);
|
tipc: eliminate struct tipc_subscriber
It is unnecessary to keep two structures, struct tipc_conn and struct
tipc_subscriber, with a one-to-one relationship and still with different
life cycles. The fact that the two often run in different contexts, and
still may access each other via direct pointers constitutes an additional
hazard, something we have experienced at several occasions, and still
see happening.
We have identified at least two remaining problems that are easier to
fix if we simplify the topology server data structure somewhat.
- When there is a race between a subscription up/down event and a
timeout event, it is fully possible that the former might be delivered
after the latter, leading to confusion for the receiver.
- The function tipc_subcrp_timeout() is executing in interrupt context,
while the following call chain is at least theoretically possible:
tipc_subscrp_timeout()
tipc_subscrp_send_event()
tipc_conn_sendmsg()
conn_put()
tipc_conn_kref_release()
sock_release(sock)
I.e., we end up calling a function that might try to sleep in
interrupt context. To eliminate this, we need to ensure that the
tipc_conn structure and the socket, as well as the subscription
instances, only are deleted in work queue context, i.e., after the
timeout event really has been sent out.
We now remove this unnecessary complexity, by merging data and
functionality of the subscriber structure into struct tipc_conn
and the associated file server.c. We thereafter add a spinlock and
a new 'inactive' state to the subscription structure. Using those,
both problems described above can be easily solved.
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-15 12:40:44 +03:00
|
|
|
struct tipc_subscr *s = &sub->evt.s;
|
2008-05-20 00:29:47 +04:00
|
|
|
|
tipc: eliminate struct tipc_subscriber
It is unnecessary to keep two structures, struct tipc_conn and struct
tipc_subscriber, with a one-to-one relationship and still with different
life cycles. The fact that the two often run in different contexts, and
still may access each other via direct pointers constitutes an additional
hazard, something we have experienced at several occasions, and still
see happening.
We have identified at least two remaining problems that are easier to
fix if we simplify the topology server data structure somewhat.
- When there is a race between a subscription up/down event and a
timeout event, it is fully possible that the former might be delivered
after the latter, leading to confusion for the receiver.
- The function tipc_subcrp_timeout() is executing in interrupt context,
while the following call chain is at least theoretically possible:
tipc_subscrp_timeout()
tipc_subscrp_send_event()
tipc_conn_sendmsg()
conn_put()
tipc_conn_kref_release()
sock_release(sock)
I.e., we end up calling a function that might try to sleep in
interrupt context. To eliminate this, we need to ensure that the
tipc_conn structure and the socket, as well as the subscription
instances, only are deleted in work queue context, i.e., after the
timeout event really has been sent out.
We now remove this unnecessary complexity, by merging data and
functionality of the subscriber structure into struct tipc_conn
and the associated file server.c. We thereafter add a spinlock and
a new 'inactive' state to the subscription structure. Using those,
both problems described above can be easily solved.
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-15 12:40:44 +03:00
|
|
|
spin_lock(&sub->lock);
|
2018-02-15 12:40:48 +03:00
|
|
|
tipc_sub_send_event(sub, s->seq.lower, s->seq.upper,
|
|
|
|
TIPC_SUBSCR_TIMEOUT, 0, 0);
|
tipc: eliminate struct tipc_subscriber
It is unnecessary to keep two structures, struct tipc_conn and struct
tipc_subscriber, with a one-to-one relationship and still with different
life cycles. The fact that the two often run in different contexts, and
still may access each other via direct pointers constitutes an additional
hazard, something we have experienced at several occasions, and still
see happening.
We have identified at least two remaining problems that are easier to
fix if we simplify the topology server data structure somewhat.
- When there is a race between a subscription up/down event and a
timeout event, it is fully possible that the former might be delivered
after the latter, leading to confusion for the receiver.
- The function tipc_subcrp_timeout() is executing in interrupt context,
while the following call chain is at least theoretically possible:
tipc_subscrp_timeout()
tipc_subscrp_send_event()
tipc_conn_sendmsg()
conn_put()
tipc_conn_kref_release()
sock_release(sock)
I.e., we end up calling a function that might try to sleep in
interrupt context. To eliminate this, we need to ensure that the
tipc_conn structure and the socket, as well as the subscription
instances, only are deleted in work queue context, i.e., after the
timeout event really has been sent out.
We now remove this unnecessary complexity, by merging data and
functionality of the subscriber structure into struct tipc_conn
and the associated file server.c. We thereafter add a spinlock and
a new 'inactive' state to the subscription structure. Using those,
both problems described above can be easily solved.
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-15 12:40:44 +03:00
|
|
|
sub->inactive = true;
|
|
|
|
spin_unlock(&sub->lock);
|
2006-10-17 08:59:42 +04:00
|
|
|
}
|
|
|
|
|
2018-02-15 12:40:48 +03:00
|
|
|
static void tipc_sub_kref_release(struct kref *kref)
|
2017-01-24 15:00:44 +03:00
|
|
|
{
|
2018-02-15 12:40:49 +03:00
|
|
|
kfree(container_of(kref, struct tipc_subscription, kref));
|
2017-01-24 15:00:44 +03:00
|
|
|
}
|
|
|
|
|
2018-02-15 12:40:48 +03:00
|
|
|
void tipc_sub_put(struct tipc_subscription *subscription)
|
2017-01-24 15:00:44 +03:00
|
|
|
{
|
2018-02-15 12:40:48 +03:00
|
|
|
kref_put(&subscription->kref, tipc_sub_kref_release);
|
2017-01-24 15:00:44 +03:00
|
|
|
}
|
|
|
|
|
2018-02-15 12:40:48 +03:00
|
|
|
void tipc_sub_get(struct tipc_subscription *subscription)
|
2017-01-24 15:00:44 +03:00
|
|
|
{
|
|
|
|
kref_get(&subscription->kref);
|
|
|
|
}
|
|
|
|
|
2018-02-15 12:40:49 +03:00
|
|
|
struct tipc_subscription *tipc_sub_subscribe(struct net *net,
|
2018-02-15 12:40:47 +03:00
|
|
|
struct tipc_subscr *s,
|
|
|
|
int conid)
|
2015-01-09 10:27:11 +03:00
|
|
|
{
|
2018-02-15 12:40:46 +03:00
|
|
|
u32 filter = tipc_sub_read(s, filter);
|
2018-02-15 12:40:48 +03:00
|
|
|
struct tipc_subscription *sub;
|
2018-02-15 12:40:47 +03:00
|
|
|
u32 timeout;
|
2006-10-17 08:59:42 +04:00
|
|
|
|
2018-02-15 12:40:47 +03:00
|
|
|
if ((filter & TIPC_SUB_PORTS && filter & TIPC_SUB_SERVICE) ||
|
|
|
|
(tipc_sub_read(s, seq.lower) > tipc_sub_read(s, seq.upper))) {
|
|
|
|
pr_warn("Subscription rejected, illegal request\n");
|
2016-02-02 12:52:11 +03:00
|
|
|
return NULL;
|
2006-01-02 21:04:38 +03:00
|
|
|
}
|
2008-05-20 00:29:47 +04:00
|
|
|
sub = kmalloc(sizeof(*sub), GFP_ATOMIC);
|
2006-06-26 10:52:17 +04:00
|
|
|
if (!sub) {
|
2012-06-29 08:16:37 +04:00
|
|
|
pr_warn("Subscription rejected, no memory\n");
|
2016-02-02 12:52:11 +03:00
|
|
|
return NULL;
|
2006-01-02 21:04:38 +03:00
|
|
|
}
|
2018-04-03 20:11:19 +03:00
|
|
|
INIT_LIST_HEAD(&sub->service_list);
|
|
|
|
INIT_LIST_HEAD(&sub->sub_list);
|
2018-02-15 12:40:49 +03:00
|
|
|
sub->net = net;
|
tipc: eliminate struct tipc_subscriber
It is unnecessary to keep two structures, struct tipc_conn and struct
tipc_subscriber, with a one-to-one relationship and still with different
life cycles. The fact that the two often run in different contexts, and
still may access each other via direct pointers constitutes an additional
hazard, something we have experienced at several occasions, and still
see happening.
We have identified at least two remaining problems that are easier to
fix if we simplify the topology server data structure somewhat.
- When there is a race between a subscription up/down event and a
timeout event, it is fully possible that the former might be delivered
after the latter, leading to confusion for the receiver.
- The function tipc_subcrp_timeout() is executing in interrupt context,
while the following call chain is at least theoretically possible:
tipc_subscrp_timeout()
tipc_subscrp_send_event()
tipc_conn_sendmsg()
conn_put()
tipc_conn_kref_release()
sock_release(sock)
I.e., we end up calling a function that might try to sleep in
interrupt context. To eliminate this, we need to ensure that the
tipc_conn structure and the socket, as well as the subscription
instances, only are deleted in work queue context, i.e., after the
timeout event really has been sent out.
We now remove this unnecessary complexity, by merging data and
functionality of the subscriber structure into struct tipc_conn
and the associated file server.c. We thereafter add a spinlock and
a new 'inactive' state to the subscription structure. Using those,
both problems described above can be easily solved.
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-15 12:40:44 +03:00
|
|
|
sub->conid = conid;
|
|
|
|
sub->inactive = false;
|
2015-05-04 05:36:44 +03:00
|
|
|
memcpy(&sub->evt.s, s, sizeof(*s));
|
tipc: eliminate struct tipc_subscriber
It is unnecessary to keep two structures, struct tipc_conn and struct
tipc_subscriber, with a one-to-one relationship and still with different
life cycles. The fact that the two often run in different contexts, and
still may access each other via direct pointers constitutes an additional
hazard, something we have experienced at several occasions, and still
see happening.
We have identified at least two remaining problems that are easier to
fix if we simplify the topology server data structure somewhat.
- When there is a race between a subscription up/down event and a
timeout event, it is fully possible that the former might be delivered
after the latter, leading to confusion for the receiver.
- The function tipc_subcrp_timeout() is executing in interrupt context,
while the following call chain is at least theoretically possible:
tipc_subscrp_timeout()
tipc_subscrp_send_event()
tipc_conn_sendmsg()
conn_put()
tipc_conn_kref_release()
sock_release(sock)
I.e., we end up calling a function that might try to sleep in
interrupt context. To eliminate this, we need to ensure that the
tipc_conn structure and the socket, as well as the subscription
instances, only are deleted in work queue context, i.e., after the
timeout event really has been sent out.
We now remove this unnecessary complexity, by merging data and
functionality of the subscriber structure into struct tipc_conn
and the associated file server.c. We thereafter add a spinlock and
a new 'inactive' state to the subscription structure. Using those,
both problems described above can be easily solved.
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-15 12:40:44 +03:00
|
|
|
spin_lock_init(&sub->lock);
|
2017-01-24 15:00:44 +03:00
|
|
|
kref_init(&sub->kref);
|
2018-04-11 23:52:09 +03:00
|
|
|
if (!tipc_nametbl_subscribe(sub)) {
|
|
|
|
kfree(sub);
|
|
|
|
return NULL;
|
|
|
|
}
|
2018-02-15 12:40:48 +03:00
|
|
|
timer_setup(&sub->timer, tipc_sub_timeout, 0);
|
2018-02-15 12:40:46 +03:00
|
|
|
timeout = tipc_sub_read(&sub->evt.s, timeout);
|
2017-01-24 15:00:44 +03:00
|
|
|
if (timeout != TIPC_WAIT_FOREVER)
|
|
|
|
mod_timer(&sub->timer, jiffies + msecs_to_jiffies(timeout));
|
tipc: eliminate struct tipc_subscriber
It is unnecessary to keep two structures, struct tipc_conn and struct
tipc_subscriber, with a one-to-one relationship and still with different
life cycles. The fact that the two often run in different contexts, and
still may access each other via direct pointers constitutes an additional
hazard, something we have experienced at several occasions, and still
see happening.
We have identified at least two remaining problems that are easier to
fix if we simplify the topology server data structure somewhat.
- When there is a race between a subscription up/down event and a
timeout event, it is fully possible that the former might be delivered
after the latter, leading to confusion for the receiver.
- The function tipc_subcrp_timeout() is executing in interrupt context,
while the following call chain is at least theoretically possible:
tipc_subscrp_timeout()
tipc_subscrp_send_event()
tipc_conn_sendmsg()
conn_put()
tipc_conn_kref_release()
sock_release(sock)
I.e., we end up calling a function that might try to sleep in
interrupt context. To eliminate this, we need to ensure that the
tipc_conn structure and the socket, as well as the subscription
instances, only are deleted in work queue context, i.e., after the
timeout event really has been sent out.
We now remove this unnecessary complexity, by merging data and
functionality of the subscriber structure into struct tipc_conn
and the associated file server.c. We thereafter add a spinlock and
a new 'inactive' state to the subscription structure. Using those,
both problems described above can be easily solved.
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-15 12:40:44 +03:00
|
|
|
return sub;
|
2006-01-02 21:04:38 +03:00
|
|
|
}
|
|
|
|
|
2018-02-15 12:40:47 +03:00
|
|
|
void tipc_sub_unsubscribe(struct tipc_subscription *sub)
|
2006-01-02 21:04:38 +03:00
|
|
|
{
|
tipc: eliminate struct tipc_subscriber
It is unnecessary to keep two structures, struct tipc_conn and struct
tipc_subscriber, with a one-to-one relationship and still with different
life cycles. The fact that the two often run in different contexts, and
still may access each other via direct pointers constitutes an additional
hazard, something we have experienced at several occasions, and still
see happening.
We have identified at least two remaining problems that are easier to
fix if we simplify the topology server data structure somewhat.
- When there is a race between a subscription up/down event and a
timeout event, it is fully possible that the former might be delivered
after the latter, leading to confusion for the receiver.
- The function tipc_subcrp_timeout() is executing in interrupt context,
while the following call chain is at least theoretically possible:
tipc_subscrp_timeout()
tipc_subscrp_send_event()
tipc_conn_sendmsg()
conn_put()
tipc_conn_kref_release()
sock_release(sock)
I.e., we end up calling a function that might try to sleep in
interrupt context. To eliminate this, we need to ensure that the
tipc_conn structure and the socket, as well as the subscription
instances, only are deleted in work queue context, i.e., after the
timeout event really has been sent out.
We now remove this unnecessary complexity, by merging data and
functionality of the subscriber structure into struct tipc_conn
and the associated file server.c. We thereafter add a spinlock and
a new 'inactive' state to the subscription structure. Using those,
both problems described above can be easily solved.
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-15 12:40:44 +03:00
|
|
|
tipc_nametbl_unsubscribe(sub);
|
|
|
|
if (sub->evt.s.timeout != TIPC_WAIT_FOREVER)
|
|
|
|
del_timer_sync(&sub->timer);
|
2018-02-15 12:40:48 +03:00
|
|
|
list_del(&sub->sub_list);
|
|
|
|
tipc_sub_put(sub);
|
2006-01-02 21:04:38 +03:00
|
|
|
}
|