linux-imx

/* Service connection management

 *

 * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.

 * Written by David Howells (dhowells@redhat.com)

 *

 * This program is free software; you can redistribute it and/or

 * modify it under the terms of the GNU General Public Licence

 * as published by the Free Software Foundation; either version

 * 2 of the Licence, or (at your option) any later version.

 */

​

#include <linux/slab.h>

#include "ar-internal.h"

​

/*

 * Find a service connection under RCU conditions.

 *

 * We could use a hash table, but that is subject to bucket stuffing by an

 * attacker as the client gets to pick the epoch and cid values and would know

 * the hash function.  So, instead, we use a hash table for the peer and from

 * that an rbtree to find the service connection.  Under ordinary circumstances

 * it might be slower than a large hash table, but it is at least limited in

 * depth.

 */

struct rxrpc_connection *rxrpc_find_service_conn_rcu(struct rxrpc_peer *peer,

                             struct sk_buff *skb)

{

    struct rxrpc_connection *conn = NULL;

    struct rxrpc_conn_proto k;

    struct rxrpc_skb_priv *sp = rxrpc_skb(skb);

    struct rb_node *p;

    unsigned int seq = 0;

​

    k.epoch = sp->hdr.epoch;

    k.cid   = sp->hdr.cid & RXRPC_CIDMASK;

​

    do {

        /* Unfortunately, rbtree walking doesn't give reliable results

         * under just the RCU read lock, so we have to check for

         * changes.

         */

        read_seqbegin_or_lock(&peer->service_conn_lock, &seq);

​

        p = rcu_dereference_raw(peer->service_conns.rb_node);

        while (p) {

            conn = rb_entry(p, struct rxrpc_connection, service_node);

​

            if (conn->proto.index_key < k.index_key)

                p = rcu_dereference_raw(p->rb_left);

            else if (conn->proto.index_key > k.index_key)

                p = rcu_dereference_raw(p->rb_right);

            else

                break;

            conn = NULL;

        }

    } while (need_seqretry(&peer->service_conn_lock, seq));

​

    done_seqretry(&peer->service_conn_lock, seq);

    _leave(" = %d", conn ? conn->debug_id : -1);

    return conn;

}

​

/*

 * Insert a service connection into a peer's tree, thereby making it a target

 * for incoming packets.

 */

static void rxrpc_publish_service_conn(struct rxrpc_peer *peer,

                       struct rxrpc_connection *conn)

{

    struct rxrpc_connection *cursor = NULL;

    struct rxrpc_conn_proto k = conn->proto;

    struct rb_node **pp, *parent;

​

    write_seqlock_bh(&peer->service_conn_lock);

​

    pp = &peer->service_conns.rb_node;

    parent = NULL;

    while (*pp) {

        parent = *pp;

        cursor = rb_entry(parent,

                  struct rxrpc_connection, service_node);

​

        if (cursor->proto.index_key < k.index_key)

            pp = &(*pp)->rb_left;

        else if (cursor->proto.index_key > k.index_key)

            pp = &(*pp)->rb_right;

        else

            goto found_extant_conn;

    }

​

    rb_link_node_rcu(&conn->service_node, parent, pp);

    rb_insert_color(&conn->service_node, &peer->service_conns);