1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 /* 26 * Copyright 2011 Nexenta Systems, Inc. All rights reserved. 27 */ 28 29 /* 30 * Multithreaded STREAMS Local Transport Provider. 31 * 32 * OVERVIEW 33 * ======== 34 * 35 * This driver provides TLI as well as socket semantics. It provides 36 * connectionless, connection oriented, and connection oriented with orderly 37 * release transports for TLI and sockets. Each transport type has separate name 38 * spaces (i.e. it is not possible to connect from a socket to a TLI endpoint) - 39 * this removes any name space conflicts when binding to socket style transport 40 * addresses. 41 * 42 * NOTE: There is one exception: Socket ticots and ticotsord transports share 43 * the same namespace. In fact, sockets always use ticotsord type transport. 44 * 45 * The driver mode is specified during open() by the minor number used for 46 * open. 47 * 48 * The sockets in addition have the following semantic differences: 49 * No support for passing up credentials (TL_SET[U]CRED). 50 * 51 * Options are passed through transparently on T_CONN_REQ to T_CONN_IND, 52 * from T_UNITDATA_REQ to T_UNIDATA_IND, and from T_OPTDATA_REQ to 53 * T_OPTDATA_IND. 54 * 55 * The T_CONN_CON is generated when processing the T_CONN_REQ i.e. before 56 * a T_CONN_RES is received from the acceptor. This means that a socket 57 * connect will complete before the peer has called accept. 58 * 59 * 60 * MULTITHREADING 61 * ============== 62 * 63 * The driver does not use STREAMS protection mechanisms. Instead it uses a 64 * generic "serializer" abstraction. Most of the operations are executed behind 65 * the serializer and are, essentially single-threaded. All functions executed 66 * behind the same serializer are strictly serialized. So if one thread calls 67 * serializer_enter(serializer, foo, mp1, arg1); and another thread calls 68 * serializer_enter(serializer, bar, mp2, arg1); then (depending on which one 69 * was called) the actual sequence will be foo(mp1, arg1); bar(mp1, arg2) or 70 * bar(mp1, arg2); foo(mp1, arg1); But foo() and bar() will never run at the 71 * same time. 72 * 73 * Connectionless transport use a single serializer per transport type (one for 74 * TLI and one for sockets. Connection-oriented transports use finer-grained 75 * serializers. 76 * 77 * All COTS-type endpoints start their life with private serializers. During 78 * connection request processing the endpoint serializer is switched to the 79 * listener's serializer and the rest of T_CONN_REQ processing is done on the 80 * listener serializer. During T_CONN_RES processing the eager serializer is 81 * switched from listener to acceptor serializer and after that point all 82 * processing for eager and acceptor happens on this serializer. To avoid races 83 * with endpoint closes while its serializer may be changing closes are blocked 84 * while serializers are manipulated. 85 * 86 * References accounting 87 * --------------------- 88 * 89 * Endpoints are reference counted and freed when the last reference is 90 * dropped. Functions within the serializer may access an endpoint state even 91 * after an endpoint closed. The te_closing being set on the endpoint indicates 92 * that the endpoint entered its close routine. 93 * 94 * One reference is held for each opened endpoint instance. The reference 95 * counter is incremented when the endpoint is linked to another endpoint and 96 * decremented when the link disappears. It is also incremented when the 97 * endpoint is found by the hash table lookup. This increment is atomic with the 98 * lookup itself and happens while the hash table read lock is held. 99 * 100 * Close synchronization 101 * --------------------- 102 * 103 * During close the endpoint as marked as closing using te_closing flag. It is 104 * usually enough to check for te_closing flag since all other state changes 105 * happen after this flag is set and the close entered serializer. Immediately 106 * after setting te_closing flag tl_close() enters serializer and waits until 107 * the callback finishes. This allows all functions called within serializer to 108 * simply check te_closing without any locks. 109 * 110 * Serializer management. 111 * --------------------- 112 * 113 * For COTS transports serializers are created when the endpoint is constructed 114 * and destroyed when the endpoint is destructed. CLTS transports use global 115 * serializers - one for sockets and one for TLI. 116 * 117 * COTS serializers have separate reference counts to deal with several 118 * endpoints sharing the same serializer. There is a subtle problem related to 119 * the serializer destruction. The serializer should never be destroyed by any 120 * function executed inside serializer. This means that close has to wait till 121 * all serializer activity for this endpoint is finished before it can drop the 122 * last reference on the endpoint (which may as well free the serializer). This 123 * is only relevant for COTS transports which manage serializers 124 * dynamically. For CLTS transports close may complete without waiting for all 125 * serializer activity to finish since serializer is only destroyed at driver 126 * detach time. 127 * 128 * COTS endpoints keep track of the number of outstanding requests on the 129 * serializer for the endpoint. The code handling accept() avoids changing 130 * client serializer if it has any pending messages on the serializer and 131 * instead moves acceptor to listener's serializer. 132 * 133 * 134 * Use of hash tables 135 * ------------------ 136 * 137 * The driver uses modhash hash table implementation. Each transport uses two 138 * hash tables - one for finding endpoints by acceptor ID and another one for 139 * finding endpoints by address. For sockets TICOTS and TICOTSORD share the same 140 * pair of hash tables since sockets only use TICOTSORD. 141 * 142 * All hash tables lookups increment a reference count for returned endpoints, 143 * so we may safely check the endpoint state even when the endpoint is removed 144 * from the hash by another thread immediately after it is found. 145 * 146 * 147 * CLOSE processing 148 * ================ 149 * 150 * The driver enters serializer twice on close(). The close sequence is the 151 * following: 152 * 153 * 1) Wait until closing is safe (te_closewait becomes zero) 154 * This step is needed to prevent close during serializer switches. In most 155 * cases (close happening after connection establishment) te_closewait is 156 * zero. 157 * 1) Set te_closing. 158 * 2) Call tl_close_ser() within serializer and wait for it to complete. 159 * 160 * te_close_ser simply marks endpoint and wakes up waiting tl_close(). 161 * It also needs to clear write-side q_next pointers - this should be done 162 * before qprocsoff(). 163 * 164 * This synchronous serializer entry during close is needed to ensure that 165 * the queue is valid everywhere inside the serializer. 166 * 167 * Note that in many cases close will execute tl_close_ser() synchronously, 168 * so it will not wait at all. 169 * 170 * 3) Calls qprocsoff(). 171 * 4) Calls tl_close_finish_ser() within the serializer and waits for it to 172 * complete (for COTS transports). For CLTS transport there is no wait. 173 * 174 * tl_close_finish_ser() Finishes the close process and wakes up waiting 175 * close if there is any. 176 * 177 * Note that in most cases close will enter te_close_ser_finish() 178 * synchronously and will not wait at all. 179 * 180 * 181 * Flow Control 182 * ============ 183 * 184 * The driver implements both read and write side service routines. No one calls 185 * putq() on the read queue. The read side service routine tl_rsrv() is called 186 * when the read side stream is back-enabled. It enters serializer synchronously 187 * (waits till serializer processing is complete). Within serializer it 188 * back-enables all endpoints blocked by the queue for connection-less 189 * transports and enables write side service processing for the peer for 190 * connection-oriented transports. 191 * 192 * Read and write side service routines use special mblk_sized space in the 193 * endpoint structure to enter perimeter. 194 * 195 * Write-side flow control 196 * ----------------------- 197 * 198 * Write side flow control is a bit tricky. The driver needs to deal with two 199 * message queues - the explicit STREAMS message queue maintained by 200 * putq()/getq()/putbq() and the implicit queue within the serializer. These two 201 * queues should be synchronized to preserve message ordering and should 202 * maintain a single order determined by the order in which messages enter 203 * tl_wput(). In order to maintain the ordering between these two queues the 204 * STREAMS queue is only manipulated within the serializer, so the ordering is 205 * provided by the serializer. 206 * 207 * Functions called from the tl_wsrv() sometimes may call putbq(). To 208 * immediately stop any further processing of the STREAMS message queues the 209 * code calling putbq() also sets the te_nowsrv flag in the endpoint. The write 210 * side service processing stops when the flag is set. 211 * 212 * The tl_wsrv() function enters serializer synchronously and waits for it to 213 * complete. The serializer call-back tl_wsrv_ser() either drains all messages 214 * on the STREAMS queue or terminates when it notices the te_nowsrv flag 215 * set. Note that the maximum amount of messages processed by tl_wput_ser() is 216 * always bounded by the amount of messages on the STREAMS queue at the time 217 * tl_wsrv_ser() is entered. Any new messages may only appear on the STREAMS 218 * queue from another serialized entry which can't happen in parallel. This 219 * guarantees that tl_wput_ser() is complete in bounded time (there is no risk 220 * of it draining forever while writer places new messages on the STREAMS 221 * queue). 222 * 223 * Note that a closing endpoint never sets te_nowsrv and never calls putbq(). 224 * 225 * 226 * Unix Domain Sockets 227 * =================== 228 * 229 * The driver knows the structure of Unix Domain sockets addresses and treats 230 * them differently from generic TLI addresses. For sockets implicit binds are 231 * requested by setting SOU_MAGIC_IMPLICIT in the soua_magic part of the address 232 * instead of using address length of zero. Explicit binds specify 233 * SOU_MAGIC_EXPLICIT as magic. 234 * 235 * For implicit binds we always use minor number as soua_vp part of the address 236 * and avoid any hash table lookups. This saves two hash tables lookups per 237 * anonymous bind. 238 * 239 * For explicit address we hash the vnode pointer instead of hashing the 240 * full-scale address+zone+length. Hashing by pointer is more efficient then 241 * hashing by the full address. 242 * 243 * For unix domain sockets the te_ap is always pointing to te_uxaddr part of the 244 * tep structure, so it should be never freed. 245 * 246 * Also for sockets the driver always uses minor number as acceptor id. 247 * 248 * TPI VIOLATIONS 249 * -------------- 250 * 251 * This driver violates TPI in several respects for Unix Domain Sockets: 252 * 253 * 1) It treats O_T_BIND_REQ as T_BIND_REQ and refuses bind if an explicit bind 254 * is requested and the endpoint is already in use. There is no point in 255 * generating an unused address since this address will be rejected by 256 * sockfs anyway. For implicit binds it always generates a new address 257 * (sets soua_vp to its minor number). 258 * 259 * 2) It always uses minor number as acceptor ID and never uses queue 260 * pointer. It is ok since sockets get acceptor ID from T_CAPABILITY_REQ 261 * message and they do not use the queue pointer. 262 * 263 * 3) For Listener sockets the usual sequence is to issue bind() zero backlog 264 * followed by listen(). The listen() should be issued with non-zero 265 * backlog, so sotpi_listen() issues unbind request followed by bind 266 * request to the same address but with a non-zero qlen value. Both 267 * tl_bind() and tl_unbind() require write lock on the hash table to 268 * insert/remove the address. The driver does not remove the address from 269 * the hash for endpoints that are bound to the explicit address and have 270 * backlog of zero. During T_BIND_REQ processing if the address requested 271 * is equal to the address the endpoint already has it updates the backlog 272 * without reinserting the address in the hash table. This optimization 273 * avoids two hash table updates for each listener created. It always 274 * avoids the problem of a "stolen" address when another listener may use 275 * the same address between the unbind and bind and suddenly listen() fails 276 * because address is in use even though the bind() succeeded. 277 * 278 * 279 * CONNECTIONLESS TRANSPORTS 280 * ========================= 281 * 282 * Connectionless transports all share the same serializer (one for TLI and one 283 * for Sockets). Functions executing behind serializer can check or modify state 284 * of any endpoint. 285 * 286 * When endpoint X talks to another endpoint Y it caches the pointer to Y in the 287 * te_lastep field. The next time X talks to some address A it checks whether A 288 * is the same as Y's address and if it is there is no need to lookup Y. If the 289 * address is different or the state of Y is not appropriate (e.g. closed or not 290 * idle) X does a lookup using tl_find_peer() and caches the new address. 291 * NOTE: tl_find_peer() never returns closing endpoint and it places a refhold 292 * on the endpoint found. 293 * 294 * During close of endpoint Y it doesn't try to remove itself from other 295 * endpoints caches. They will detect that Y is gone and will search the peer 296 * endpoint again. 297 * 298 * Flow Control Handling. 299 * ---------------------- 300 * 301 * Each connectionless endpoint keeps a list of endpoints which are 302 * flow-controlled by its queue. It also keeps a pointer to the queue which 303 * flow-controls itself. Whenever flow control releases for endpoint X it 304 * enables all queues from the list. During close it also back-enables everyone 305 * in the list. If X is flow-controlled when it is closing it removes it from 306 * the peers list. 307 * 308 * DATA STRUCTURES 309 * =============== 310 * 311 * Each endpoint is represented by the tl_endpt_t structure which keeps all the 312 * endpoint state. For connection-oriented transports it has a keeps a list 313 * of pending connections (tl_icon_t). For connectionless transports it keeps a 314 * list of endpoints flow controlled by this one. 315 * 316 * Each transport type is represented by a per-transport data structure 317 * tl_transport_state_t. It contains a pointer to an acceptor ID hash and the 318 * endpoint address hash tables for each transport. It also contains pointer to 319 * transport serializer for connectionless transports. 320 * 321 * Each endpoint keeps a link to its transport structure, so the code can find 322 * all per-transport information quickly. 323 */ 324 325 #include <sys/types.h> 326 #include <sys/inttypes.h> 327 #include <sys/stream.h> 328 #include <sys/stropts.h> 329 #define _SUN_TPI_VERSION 2 330 #include <sys/tihdr.h> 331 #include <sys/strlog.h> 332 #include <sys/debug.h> 333 #include <sys/cred.h> 334 #include <sys/errno.h> 335 #include <sys/kmem.h> 336 #include <sys/id_space.h> 337 #include <sys/modhash.h> 338 #include <sys/mkdev.h> 339 #include <sys/tl.h> 340 #include <sys/stat.h> 341 #include <sys/conf.h> 342 #include <sys/modctl.h> 343 #include <sys/strsun.h> 344 #include <sys/socket.h> 345 #include <sys/socketvar.h> 346 #include <sys/sysmacros.h> 347 #include <sys/xti_xtiopt.h> 348 #include <sys/ddi.h> 349 #include <sys/sunddi.h> 350 #include <sys/zone.h> 351 #include <inet/common.h> /* typedef int (*pfi_t)() for inet/optcom.h */ 352 #include <inet/optcom.h> 353 #include <sys/strsubr.h> 354 #include <sys/ucred.h> 355 #include <sys/suntpi.h> 356 #include <sys/list.h> 357 #include <sys/serializer.h> 358 359 /* 360 * TBD List 361 * 14 Eliminate state changes through table 362 * 16. AF_UNIX socket options 363 * 17. connect() for ticlts 364 * 18. support for "netstat" to show AF_UNIX plus TLI local 365 * transport connections 366 * 21. sanity check to flushing on sending M_ERROR 367 */ 368 369 /* 370 * CONSTANT DECLARATIONS 371 * -------------------- 372 */ 373 374 /* 375 * Local declarations 376 */ 377 #define NEXTSTATE(EV, ST) ti_statetbl[EV][ST] 378 379 #define BADSEQNUM (-1) /* initial seq number used by T_DISCON_IND */ 380 #define TL_BUFWAIT (10000) /* usecs to wait for allocb buffer timeout */ 381 #define TL_TIDUSZ (64*1024) /* tidu size when "strmsgz" is unlimited (0) */ 382 /* 383 * Hash tables size. 384 */ 385 #define TL_HASH_SIZE 311 386 387 /* 388 * Definitions for module_info 389 */ 390 #define TL_ID (104) /* module ID number */ 391 #define TL_NAME "tl" /* module name */ 392 #define TL_MINPSZ (0) /* min packet size */ 393 #define TL_MAXPSZ INFPSZ /* max packet size ZZZ */ 394 #define TL_HIWAT (16*1024) /* hi water mark */ 395 #define TL_LOWAT (256) /* lo water mark */ 396 /* 397 * Definition of minor numbers/modes for new transport provider modes. 398 * We view the socket use as a separate mode to get a separate name space. 399 */ 400 #define TL_TICOTS 0 /* connection oriented transport */ 401 #define TL_TICOTSORD 1 /* COTS w/ orderly release */ 402 #define TL_TICLTS 2 /* connectionless transport */ 403 #define TL_UNUSED 3 404 #define TL_SOCKET 4 /* Socket */ 405 #define TL_SOCK_COTS (TL_SOCKET|TL_TICOTS) 406 #define TL_SOCK_COTSORD (TL_SOCKET|TL_TICOTSORD) 407 #define TL_SOCK_CLTS (TL_SOCKET|TL_TICLTS) 408 409 #define TL_MINOR_MASK 0x7 410 #define TL_MINOR_START (TL_TICLTS + 1) 411 412 /* 413 * LOCAL MACROS 414 */ 415 #define T_ALIGN(p) P2ROUNDUP((p), sizeof (t_scalar_t)) 416 417 /* 418 * EXTERNAL VARIABLE DECLARATIONS 419 * ----------------------------- 420 */ 421 /* 422 * state table defined in the OS space.c 423 */ 424 extern char ti_statetbl[TE_NOEVENTS][TS_NOSTATES]; 425 426 /* 427 * STREAMS DRIVER ENTRY POINTS PROTOTYPES 428 */ 429 static int tl_open(queue_t *, dev_t *, int, int, cred_t *); 430 static int tl_close(queue_t *, int, cred_t *); 431 static void tl_wput(queue_t *, mblk_t *); 432 static void tl_wsrv(queue_t *); 433 static void tl_rsrv(queue_t *); 434 435 static int tl_attach(dev_info_t *, ddi_attach_cmd_t); 436 static int tl_detach(dev_info_t *, ddi_detach_cmd_t); 437 static int tl_info(dev_info_t *, ddi_info_cmd_t, void *, void **); 438 439 440 /* 441 * GLOBAL DATA STRUCTURES AND VARIABLES 442 * ----------------------------------- 443 */ 444 445 /* 446 * Table representing database of all options managed by T_SVR4_OPTMGMT_REQ 447 * For now, we only manage the SO_RECVUCRED option but we also have 448 * harmless dummy options to make things work with some common code we access. 449 */ 450 opdes_t tl_opt_arr[] = { 451 /* The SO_TYPE is needed for the hack below */ 452 { 453 SO_TYPE, 454 SOL_SOCKET, 455 OA_R, 456 OA_R, 457 OP_NP, 458 0, 459 sizeof (t_scalar_t), 460 0 461 }, 462 { 463 SO_RECVUCRED, 464 SOL_SOCKET, 465 OA_RW, 466 OA_RW, 467 OP_NP, 468 0, 469 sizeof (int), 470 0 471 } 472 }; 473 474 /* 475 * Table of all supported levels 476 * Note: Some levels (e.g. XTI_GENERIC) may be valid but may not have 477 * any supported options so we need this info separately. 478 * 479 * This is needed only for topmost tpi providers. 480 */ 481 optlevel_t tl_valid_levels_arr[] = { 482 XTI_GENERIC, 483 SOL_SOCKET, 484 TL_PROT_LEVEL 485 }; 486 487 #define TL_VALID_LEVELS_CNT A_CNT(tl_valid_levels_arr) 488 /* 489 * Current upper bound on the amount of space needed to return all options. 490 * Additional options with data size of sizeof(long) are handled automatically. 491 * Others need hand job. 492 */ 493 #define TL_MAX_OPT_BUF_LEN \ 494 ((A_CNT(tl_opt_arr) << 2) + \ 495 (A_CNT(tl_opt_arr) * sizeof (struct opthdr)) + \ 496 + 64 + sizeof (struct T_optmgmt_ack)) 497 498 #define TL_OPT_ARR_CNT A_CNT(tl_opt_arr) 499 500 /* 501 * transport addr structure 502 */ 503 typedef struct tl_addr { 504 zoneid_t ta_zoneid; /* Zone scope of address */ 505 t_scalar_t ta_alen; /* length of abuf */ 506 void *ta_abuf; /* the addr itself */ 507 } tl_addr_t; 508 509 /* 510 * Refcounted version of serializer. 511 */ 512 typedef struct tl_serializer { 513 uint_t ts_refcnt; 514 serializer_t *ts_serializer; 515 } tl_serializer_t; 516 517 /* 518 * Each transport type has a separate state. 519 * Per-transport state. 520 */ 521 typedef struct tl_transport_state { 522 char *tr_name; 523 minor_t tr_minor; 524 uint32_t tr_defaddr; 525 mod_hash_t *tr_ai_hash; 526 mod_hash_t *tr_addr_hash; 527 tl_serializer_t *tr_serializer; 528 } tl_transport_state_t; 529 530 #define TL_DFADDR 0x1000 531 532 static tl_transport_state_t tl_transports[] = { 533 { "ticots", TL_TICOTS, TL_DFADDR, NULL, NULL, NULL }, 534 { "ticotsord", TL_TICOTSORD, TL_DFADDR, NULL, NULL, NULL }, 535 { "ticlts", TL_TICLTS, TL_DFADDR, NULL, NULL, NULL }, 536 { "undefined", TL_UNUSED, TL_DFADDR, NULL, NULL, NULL }, 537 { "sticots", TL_SOCK_COTS, TL_DFADDR, NULL, NULL, NULL }, 538 { "sticotsord", TL_SOCK_COTSORD, TL_DFADDR, NULL, NULL }, 539 { "sticlts", TL_SOCK_CLTS, TL_DFADDR, NULL, NULL, NULL } 540 }; 541 542 #define TL_MAXTRANSPORT A_CNT(tl_transports) 543 544 struct tl_endpt; 545 typedef struct tl_endpt tl_endpt_t; 546 547 typedef void (tlproc_t)(mblk_t *, tl_endpt_t *); 548 549 /* 550 * Data structure used to represent pending connects. 551 * Records enough information so that the connecting peer can close 552 * before the connection gets accepted. 553 */ 554 typedef struct tl_icon { 555 list_node_t ti_node; 556 struct tl_endpt *ti_tep; /* NULL if peer has already closed */ 557 mblk_t *ti_mp; /* b_next list of data + ordrel_ind */ 558 t_scalar_t ti_seqno; /* Sequence number */ 559 } tl_icon_t; 560 561 typedef struct so_ux_addr soux_addr_t; 562 #define TL_SOUX_ADDRLEN sizeof (soux_addr_t) 563 564 /* 565 * Maximum number of unaccepted connection indications allowed per listener. 566 */ 567 #define TL_MAXQLEN 4096 568 int tl_maxqlen = TL_MAXQLEN; 569 570 /* 571 * transport endpoint structure 572 */ 573 struct tl_endpt { 574 queue_t *te_rq; /* stream read queue */ 575 queue_t *te_wq; /* stream write queue */ 576 uint32_t te_refcnt; 577 int32_t te_state; /* TPI state of endpoint */ 578 minor_t te_minor; /* minor number */ 579 #define te_seqno te_minor 580 uint_t te_flag; /* flag field */ 581 boolean_t te_nowsrv; 582 tl_serializer_t *te_ser; /* Serializer to use */ 583 #define te_serializer te_ser->ts_serializer 584 585 soux_addr_t te_uxaddr; /* Socket address */ 586 #define te_magic te_uxaddr.soua_magic 587 #define te_vp te_uxaddr.soua_vp 588 tl_addr_t te_ap; /* addr bound to this endpt */ 589 #define te_zoneid te_ap.ta_zoneid 590 #define te_alen te_ap.ta_alen 591 #define te_abuf te_ap.ta_abuf 592 593 tl_transport_state_t *te_transport; 594 #define te_addrhash te_transport->tr_addr_hash 595 #define te_aihash te_transport->tr_ai_hash 596 #define te_defaddr te_transport->tr_defaddr 597 cred_t *te_credp; /* endpoint user credentials */ 598 mod_hash_hndl_t te_hash_hndl; /* Handle for address hash */ 599 600 /* 601 * State specific for connection-oriented and connectionless transports. 602 */ 603 union { 604 /* Connection-oriented state. */ 605 struct { 606 t_uscalar_t _te_nicon; /* count of conn requests */ 607 t_uscalar_t _te_qlen; /* max conn requests */ 608 tl_endpt_t *_te_oconp; /* conn request pending */ 609 tl_endpt_t *_te_conp; /* connected endpt */ 610 #ifndef _ILP32 611 void *_te_pad; 612 #endif 613 list_t _te_iconp; /* list of conn ind. pending */ 614 } _te_cots_state; 615 /* Connection-less state. */ 616 struct { 617 tl_endpt_t *_te_lastep; /* last dest. endpoint */ 618 tl_endpt_t *_te_flowq; /* flow controlled on whom */ 619 list_node_t _te_flows; /* lists of connections */ 620 list_t _te_flowlist; /* Who flowcontrols on me */ 621 } _te_clts_state; 622 } _te_transport_state; 623 #define te_nicon _te_transport_state._te_cots_state._te_nicon 624 #define te_qlen _te_transport_state._te_cots_state._te_qlen 625 #define te_oconp _te_transport_state._te_cots_state._te_oconp 626 #define te_conp _te_transport_state._te_cots_state._te_conp 627 #define te_iconp _te_transport_state._te_cots_state._te_iconp 628 #define te_lastep _te_transport_state._te_clts_state._te_lastep 629 #define te_flowq _te_transport_state._te_clts_state._te_flowq 630 #define te_flowlist _te_transport_state._te_clts_state._te_flowlist 631 #define te_flows _te_transport_state._te_clts_state._te_flows 632 633 bufcall_id_t te_bufcid; /* outstanding bufcall id */ 634 timeout_id_t te_timoutid; /* outstanding timeout id */ 635 pid_t te_cpid; /* cached pid of endpoint */ 636 t_uscalar_t te_acceptor_id; /* acceptor id for T_CONN_RES */ 637 /* 638 * Pieces of the endpoint state needed for closing. 639 */ 640 kmutex_t te_closelock; 641 kcondvar_t te_closecv; 642 uint8_t te_closing; /* The endpoint started closing */ 643 uint8_t te_closewait; /* Wait in close until zero */ 644 mblk_t te_closemp; /* for entering serializer on close */ 645 mblk_t te_rsrvmp; /* for entering serializer on rsrv */ 646 mblk_t te_wsrvmp; /* for entering serializer on wsrv */ 647 kmutex_t te_srv_lock; 648 kcondvar_t te_srv_cv; 649 uint8_t te_rsrv_active; /* Running in tl_rsrv() */ 650 uint8_t te_wsrv_active; /* Running in tl_wsrv() */ 651 /* 652 * Pieces of the endpoint state needed for serializer transitions. 653 */ 654 kmutex_t te_ser_lock; /* Protects the count below */ 655 uint_t te_ser_count; /* Number of messages on serializer */ 656 }; 657 658 /* 659 * Flag values. Lower 4 bits specify that transport used. 660 * TL_LISTENER, TL_ACCEPTOR, TL_ACCEPTED and TL_EAGER are for debugging only, 661 * they allow to identify the endpoint more easily. 662 */ 663 #define TL_LISTENER 0x00010 /* the listener endpoint */ 664 #define TL_ACCEPTOR 0x00020 /* the accepting endpoint */ 665 #define TL_EAGER 0x00040 /* connecting endpoint */ 666 #define TL_ACCEPTED 0x00080 /* accepted connection */ 667 #define TL_SETCRED 0x00100 /* flag to indicate sending of credentials */ 668 #define TL_SETUCRED 0x00200 /* flag to indicate sending of ucred */ 669 #define TL_SOCKUCRED 0x00400 /* flag to indicate sending of SCM_UCRED */ 670 #define TL_ADDRHASHED 0x01000 /* Endpoint address is stored in te_addrhash */ 671 #define TL_CLOSE_SER 0x10000 /* Endpoint close has entered the serializer */ 672 /* 673 * Boolean checks for the endpoint type. 674 */ 675 #define IS_CLTS(x) (((x)->te_flag & TL_TICLTS) != 0) 676 #define IS_COTS(x) (((x)->te_flag & TL_TICLTS) == 0) 677 #define IS_COTSORD(x) (((x)->te_flag & TL_TICOTSORD) != 0) 678 #define IS_SOCKET(x) (((x)->te_flag & TL_SOCKET) != 0) 679 680 /* 681 * Certain operations are always used together. These macros reduce the chance 682 * of missing a part of a combination. 683 */ 684 #define TL_UNCONNECT(x) { tl_refrele(x); x = NULL; } 685 #define TL_REMOVE_PEER(x) { if ((x) != NULL) TL_UNCONNECT(x) } 686 687 #define TL_PUTBQ(x, mp) { \ 688 ASSERT(!((x)->te_flag & TL_CLOSE_SER)); \ 689 (x)->te_nowsrv = B_TRUE; \ 690 (void) putbq((x)->te_wq, mp); \ 691 } 692 693 #define TL_QENABLE(x) { (x)->te_nowsrv = B_FALSE; qenable((x)->te_wq); } 694 #define TL_PUTQ(x, mp) { (x)->te_nowsrv = B_FALSE; (void)putq((x)->te_wq, mp); } 695 696 /* 697 * STREAMS driver glue data structures. 698 */ 699 static struct module_info tl_minfo = { 700 TL_ID, /* mi_idnum */ 701 TL_NAME, /* mi_idname */ 702 TL_MINPSZ, /* mi_minpsz */ 703 TL_MAXPSZ, /* mi_maxpsz */ 704 TL_HIWAT, /* mi_hiwat */ 705 TL_LOWAT /* mi_lowat */ 706 }; 707 708 static struct qinit tl_rinit = { 709 NULL, /* qi_putp */ 710 (int (*)())tl_rsrv, /* qi_srvp */ 711 tl_open, /* qi_qopen */ 712 tl_close, /* qi_qclose */ 713 NULL, /* qi_qadmin */ 714 &tl_minfo, /* qi_minfo */ 715 NULL /* qi_mstat */ 716 }; 717 718 static struct qinit tl_winit = { 719 (int (*)())tl_wput, /* qi_putp */ 720 (int (*)())tl_wsrv, /* qi_srvp */ 721 NULL, /* qi_qopen */ 722 NULL, /* qi_qclose */ 723 NULL, /* qi_qadmin */ 724 &tl_minfo, /* qi_minfo */ 725 NULL /* qi_mstat */ 726 }; 727 728 static struct streamtab tlinfo = { 729 &tl_rinit, /* st_rdinit */ 730 &tl_winit, /* st_wrinit */ 731 NULL, /* st_muxrinit */ 732 NULL /* st_muxwrinit */ 733 }; 734 735 DDI_DEFINE_STREAM_OPS(tl_devops, nulldev, nulldev, tl_attach, tl_detach, 736 nulldev, tl_info, D_MP, &tlinfo, ddi_quiesce_not_supported); 737 738 static struct modldrv modldrv = { 739 &mod_driverops, /* Type of module -- pseudo driver here */ 740 "TPI Local Transport (tl)", 741 &tl_devops, /* driver ops */ 742 }; 743 744 /* 745 * Module linkage information for the kernel. 746 */ 747 static struct modlinkage modlinkage = { 748 MODREV_1, 749 &modldrv, 750 NULL 751 }; 752 753 /* 754 * Templates for response to info request 755 * Check sanity of unlimited connect data etc. 756 */ 757 758 #define TL_CLTS_PROVIDER_FLAG (XPG4_1|SENDZERO) 759 #define TL_COTS_PROVIDER_FLAG (XPG4_1|SENDZERO) 760 761 static struct T_info_ack tl_cots_info_ack = 762 { 763 T_INFO_ACK, /* PRIM_type -always T_INFO_ACK */ 764 T_INFINITE, /* TSDU size */ 765 T_INFINITE, /* ETSDU size */ 766 T_INFINITE, /* CDATA_size */ 767 T_INFINITE, /* DDATA_size */ 768 T_INFINITE, /* ADDR_size */ 769 T_INFINITE, /* OPT_size */ 770 0, /* TIDU_size - fill at run time */ 771 T_COTS, /* SERV_type */ 772 -1, /* CURRENT_state */ 773 TL_COTS_PROVIDER_FLAG /* PROVIDER_flag */ 774 }; 775 776 static struct T_info_ack tl_clts_info_ack = 777 { 778 T_INFO_ACK, /* PRIM_type - always T_INFO_ACK */ 779 0, /* TSDU_size - fill at run time */ 780 -2, /* ETSDU_size -2 => not supported */ 781 -2, /* CDATA_size -2 => not supported */ 782 -2, /* DDATA_size -2 => not supported */ 783 -1, /* ADDR_size -1 => infinite */ 784 -1, /* OPT_size */ 785 0, /* TIDU_size - fill at run time */ 786 T_CLTS, /* SERV_type */ 787 -1, /* CURRENT_state */ 788 TL_CLTS_PROVIDER_FLAG /* PROVIDER_flag */ 789 }; 790 791 /* 792 * private copy of devinfo pointer used in tl_info 793 */ 794 static dev_info_t *tl_dip; 795 796 /* 797 * Endpoints cache. 798 */ 799 static kmem_cache_t *tl_cache; 800 /* 801 * Minor number space. 802 */ 803 static id_space_t *tl_minors; 804 805 /* 806 * Default Data Unit size. 807 */ 808 static t_scalar_t tl_tidusz; 809 810 /* 811 * Size of hash tables. 812 */ 813 static size_t tl_hash_size = TL_HASH_SIZE; 814 815 /* 816 * Debug and test variable ONLY. Turn off T_CONN_IND queueing 817 * for sockets. 818 */ 819 static int tl_disable_early_connect = 0; 820 static int tl_client_closing_when_accepting; 821 822 static int tl_serializer_noswitch; 823 824 /* 825 * LOCAL FUNCTION PROTOTYPES 826 * ------------------------- 827 */ 828 static boolean_t tl_eqaddr(tl_addr_t *, tl_addr_t *); 829 static void tl_do_proto(mblk_t *, tl_endpt_t *); 830 static void tl_do_ioctl(mblk_t *, tl_endpt_t *); 831 static void tl_do_ioctl_ser(mblk_t *, tl_endpt_t *); 832 static void tl_error_ack(queue_t *, mblk_t *, t_scalar_t, t_scalar_t, 833 t_scalar_t); 834 static void tl_bind(mblk_t *, tl_endpt_t *); 835 static void tl_bind_ser(mblk_t *, tl_endpt_t *); 836 static void tl_ok_ack(queue_t *, mblk_t *mp, t_scalar_t); 837 static void tl_unbind(mblk_t *, tl_endpt_t *); 838 static void tl_optmgmt(queue_t *, mblk_t *); 839 static void tl_conn_req(queue_t *, mblk_t *); 840 static void tl_conn_req_ser(mblk_t *, tl_endpt_t *); 841 static void tl_conn_res(mblk_t *, tl_endpt_t *); 842 static void tl_discon_req(mblk_t *, tl_endpt_t *); 843 static void tl_capability_req(mblk_t *, tl_endpt_t *); 844 static void tl_info_req_ser(mblk_t *, tl_endpt_t *); 845 static void tl_addr_req_ser(mblk_t *, tl_endpt_t *); 846 static void tl_info_req(mblk_t *, tl_endpt_t *); 847 static void tl_addr_req(mblk_t *, tl_endpt_t *); 848 static void tl_connected_cots_addr_req(mblk_t *, tl_endpt_t *); 849 static void tl_data(mblk_t *, tl_endpt_t *); 850 static void tl_exdata(mblk_t *, tl_endpt_t *); 851 static void tl_ordrel(mblk_t *, tl_endpt_t *); 852 static void tl_unitdata(mblk_t *, tl_endpt_t *); 853 static void tl_unitdata_ser(mblk_t *, tl_endpt_t *); 854 static void tl_uderr(queue_t *, mblk_t *, t_scalar_t); 855 static tl_endpt_t *tl_find_peer(tl_endpt_t *, tl_addr_t *); 856 static tl_endpt_t *tl_sock_find_peer(tl_endpt_t *, struct so_ux_addr *); 857 static boolean_t tl_get_any_addr(tl_endpt_t *, tl_addr_t *); 858 static void tl_cl_backenable(tl_endpt_t *); 859 static void tl_co_unconnect(tl_endpt_t *); 860 static mblk_t *tl_resizemp(mblk_t *, ssize_t); 861 static void tl_discon_ind(tl_endpt_t *, uint32_t); 862 static mblk_t *tl_discon_ind_alloc(uint32_t, t_scalar_t); 863 static mblk_t *tl_ordrel_ind_alloc(void); 864 static tl_icon_t *tl_icon_find(tl_endpt_t *, t_scalar_t); 865 static void tl_icon_queuemsg(tl_endpt_t *, t_scalar_t, mblk_t *); 866 static boolean_t tl_icon_hasprim(tl_endpt_t *, t_scalar_t, t_scalar_t); 867 static void tl_icon_sendmsgs(tl_endpt_t *, mblk_t **); 868 static void tl_icon_freemsgs(mblk_t **); 869 static void tl_merror(queue_t *, mblk_t *, int); 870 static void tl_fill_option(uchar_t *, cred_t *, pid_t, int, cred_t *); 871 static int tl_default_opt(queue_t *, int, int, uchar_t *); 872 static int tl_get_opt(queue_t *, int, int, uchar_t *); 873 static int tl_set_opt(queue_t *, uint_t, int, int, uint_t, uchar_t *, uint_t *, 874 uchar_t *, void *, cred_t *); 875 static void tl_memrecover(queue_t *, mblk_t *, size_t); 876 static void tl_freetip(tl_endpt_t *, tl_icon_t *); 877 static void tl_free(tl_endpt_t *); 878 static int tl_constructor(void *, void *, int); 879 static void tl_destructor(void *, void *); 880 static void tl_find_callback(mod_hash_key_t, mod_hash_val_t); 881 static tl_serializer_t *tl_serializer_alloc(int); 882 static void tl_serializer_refhold(tl_serializer_t *); 883 static void tl_serializer_refrele(tl_serializer_t *); 884 static void tl_serializer_enter(tl_endpt_t *, tlproc_t, mblk_t *); 885 static void tl_serializer_exit(tl_endpt_t *); 886 static boolean_t tl_noclose(tl_endpt_t *); 887 static void tl_closeok(tl_endpt_t *); 888 static void tl_refhold(tl_endpt_t *); 889 static void tl_refrele(tl_endpt_t *); 890 static int tl_hash_cmp_addr(mod_hash_key_t, mod_hash_key_t); 891 static uint_t tl_hash_by_addr(void *, mod_hash_key_t); 892 static void tl_close_ser(mblk_t *, tl_endpt_t *); 893 static void tl_close_finish_ser(mblk_t *, tl_endpt_t *); 894 static void tl_wput_data_ser(mblk_t *, tl_endpt_t *); 895 static void tl_proto_ser(mblk_t *, tl_endpt_t *); 896 static void tl_putq_ser(mblk_t *, tl_endpt_t *); 897 static void tl_wput_common_ser(mblk_t *, tl_endpt_t *); 898 static void tl_wput_ser(mblk_t *, tl_endpt_t *); 899 static void tl_wsrv_ser(mblk_t *, tl_endpt_t *); 900 static void tl_rsrv_ser(mblk_t *, tl_endpt_t *); 901 static void tl_addr_unbind(tl_endpt_t *); 902 903 /* 904 * Intialize option database object for TL 905 */ 906 907 optdb_obj_t tl_opt_obj = { 908 tl_default_opt, /* TL default value function pointer */ 909 tl_get_opt, /* TL get function pointer */ 910 tl_set_opt, /* TL set function pointer */ 911 TL_OPT_ARR_CNT, /* TL option database count of entries */ 912 tl_opt_arr, /* TL option database */ 913 TL_VALID_LEVELS_CNT, /* TL valid level count of entries */ 914 tl_valid_levels_arr /* TL valid level array */ 915 }; 916 917 /* 918 * LOCAL FUNCTIONS AND DRIVER ENTRY POINTS 919 * --------------------------------------- 920 */ 921 922 /* 923 * Loadable module routines 924 */ 925 int 926 _init(void) 927 { 928 return (mod_install(&modlinkage)); 929 } 930 931 int 932 _fini(void) 933 { 934 return (mod_remove(&modlinkage)); 935 } 936 937 int 938 _info(struct modinfo *modinfop) 939 { 940 return (mod_info(&modlinkage, modinfop)); 941 } 942 943 /* 944 * Driver Entry Points and Other routines 945 */ 946 static int 947 tl_attach(dev_info_t *devi, ddi_attach_cmd_t cmd) 948 { 949 int i; 950 char name[32]; 951 952 /* 953 * Resume from a checkpoint state. 954 */ 955 if (cmd == DDI_RESUME) 956 return (DDI_SUCCESS); 957 958 if (cmd != DDI_ATTACH) 959 return (DDI_FAILURE); 960 961 /* 962 * Deduce TIDU size to use. Note: "strmsgsz" being 0 has semantics that 963 * streams message sizes can be unlimited. We use a defined constant 964 * instead. 965 */ 966 tl_tidusz = strmsgsz != 0 ? (t_scalar_t)strmsgsz : TL_TIDUSZ; 967 968 /* 969 * Create subdevices for each transport. 970 */ 971 for (i = 0; i < TL_UNUSED; i++) { 972 if (ddi_create_minor_node(devi, 973 tl_transports[i].tr_name, 974 S_IFCHR, tl_transports[i].tr_minor, 975 DDI_PSEUDO, NULL) == DDI_FAILURE) { 976 ddi_remove_minor_node(devi, NULL); 977 return (DDI_FAILURE); 978 } 979 } 980 981 tl_cache = kmem_cache_create("tl_cache", sizeof (tl_endpt_t), 982 0, tl_constructor, tl_destructor, NULL, NULL, NULL, 0); 983 984 if (tl_cache == NULL) { 985 ddi_remove_minor_node(devi, NULL); 986 return (DDI_FAILURE); 987 } 988 989 tl_minors = id_space_create("tl_minor_space", 990 TL_MINOR_START, MAXMIN32 - TL_MINOR_START + 1); 991 992 /* 993 * Create ID space for minor numbers 994 */ 995 for (i = 0; i < TL_MAXTRANSPORT; i++) { 996 tl_transport_state_t *t = &tl_transports[i]; 997 998 if (i == TL_UNUSED) 999 continue; 1000 1001 /* Socket COTSORD shares namespace with COTS */ 1002 if (i == TL_SOCK_COTSORD) { 1003 t->tr_ai_hash = 1004 tl_transports[TL_SOCK_COTS].tr_ai_hash; 1005 ASSERT(t->tr_ai_hash != NULL); 1006 t->tr_addr_hash = 1007 tl_transports[TL_SOCK_COTS].tr_addr_hash; 1008 ASSERT(t->tr_addr_hash != NULL); 1009 continue; 1010 } 1011 1012 /* 1013 * Create hash tables. 1014 */ 1015 (void) snprintf(name, sizeof (name), "%s_ai_hash", 1016 t->tr_name); 1017 #ifdef _ILP32 1018 if (i & TL_SOCKET) 1019 t->tr_ai_hash = 1020 mod_hash_create_idhash(name, tl_hash_size - 1, 1021 mod_hash_null_valdtor); 1022 else 1023 t->tr_ai_hash = 1024 mod_hash_create_ptrhash(name, tl_hash_size, 1025 mod_hash_null_valdtor, sizeof (queue_t)); 1026 #else 1027 t->tr_ai_hash = 1028 mod_hash_create_idhash(name, tl_hash_size - 1, 1029 mod_hash_null_valdtor); 1030 #endif /* _ILP32 */ 1031 1032 if (i & TL_SOCKET) { 1033 (void) snprintf(name, sizeof (name), "%s_sockaddr_hash", 1034 t->tr_name); 1035 t->tr_addr_hash = mod_hash_create_ptrhash(name, 1036 tl_hash_size, mod_hash_null_valdtor, 1037 sizeof (uintptr_t)); 1038 } else { 1039 (void) snprintf(name, sizeof (name), "%s_addr_hash", 1040 t->tr_name); 1041 t->tr_addr_hash = mod_hash_create_extended(name, 1042 tl_hash_size, mod_hash_null_keydtor, 1043 mod_hash_null_valdtor, 1044 tl_hash_by_addr, NULL, tl_hash_cmp_addr, KM_SLEEP); 1045 } 1046 1047 /* Create serializer for connectionless transports. */ 1048 if (i & TL_TICLTS) 1049 t->tr_serializer = tl_serializer_alloc(KM_SLEEP); 1050 } 1051 1052 tl_dip = devi; 1053 1054 return (DDI_SUCCESS); 1055 } 1056 1057 static int 1058 tl_detach(dev_info_t *devi, ddi_detach_cmd_t cmd) 1059 { 1060 int i; 1061 1062 if (cmd == DDI_SUSPEND) 1063 return (DDI_SUCCESS); 1064 1065 if (cmd != DDI_DETACH) 1066 return (DDI_FAILURE); 1067 1068 /* 1069 * Destroy arenas and hash tables. 1070 */ 1071 for (i = 0; i < TL_MAXTRANSPORT; i++) { 1072 tl_transport_state_t *t = &tl_transports[i]; 1073 1074 if ((i == TL_UNUSED) || (i == TL_SOCK_COTSORD)) 1075 continue; 1076 1077 EQUIV(i & TL_TICLTS, t->tr_serializer != NULL); 1078 if (t->tr_serializer != NULL) { 1079 tl_serializer_refrele(t->tr_serializer); 1080 t->tr_serializer = NULL; 1081 } 1082 1083 #ifdef _ILP32 1084 if (i & TL_SOCKET) 1085 mod_hash_destroy_idhash(t->tr_ai_hash); 1086 else 1087 mod_hash_destroy_ptrhash(t->tr_ai_hash); 1088 #else 1089 mod_hash_destroy_idhash(t->tr_ai_hash); 1090 #endif /* _ILP32 */ 1091 t->tr_ai_hash = NULL; 1092 if (i & TL_SOCKET) 1093 mod_hash_destroy_ptrhash(t->tr_addr_hash); 1094 else 1095 mod_hash_destroy_hash(t->tr_addr_hash); 1096 t->tr_addr_hash = NULL; 1097 } 1098 1099 kmem_cache_destroy(tl_cache); 1100 tl_cache = NULL; 1101 id_space_destroy(tl_minors); 1102 tl_minors = NULL; 1103 ddi_remove_minor_node(devi, NULL); 1104 return (DDI_SUCCESS); 1105 } 1106 1107 /* ARGSUSED */ 1108 static int 1109 tl_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result) 1110 { 1111 1112 int retcode = DDI_FAILURE; 1113 1114 switch (infocmd) { 1115 1116 case DDI_INFO_DEVT2DEVINFO: 1117 if (tl_dip != NULL) { 1118 *result = (void *)tl_dip; 1119 retcode = DDI_SUCCESS; 1120 } 1121 break; 1122 1123 case DDI_INFO_DEVT2INSTANCE: 1124 *result = (void *)0; 1125 retcode = DDI_SUCCESS; 1126 break; 1127 1128 default: 1129 break; 1130 } 1131 return (retcode); 1132 } 1133 1134 /* 1135 * Endpoint reference management. 1136 */ 1137 static void 1138 tl_refhold(tl_endpt_t *tep) 1139 { 1140 atomic_add_32(&tep->te_refcnt, 1); 1141 } 1142 1143 static void 1144 tl_refrele(tl_endpt_t *tep) 1145 { 1146 ASSERT(tep->te_refcnt != 0); 1147 1148 if (atomic_add_32_nv(&tep->te_refcnt, -1) == 0) 1149 tl_free(tep); 1150 } 1151 1152 /*ARGSUSED*/ 1153 static int 1154 tl_constructor(void *buf, void *cdrarg, int kmflags) 1155 { 1156 tl_endpt_t *tep = buf; 1157 1158 bzero(tep, sizeof (tl_endpt_t)); 1159 mutex_init(&tep->te_closelock, NULL, MUTEX_DEFAULT, NULL); 1160 cv_init(&tep->te_closecv, NULL, CV_DEFAULT, NULL); 1161 mutex_init(&tep->te_srv_lock, NULL, MUTEX_DEFAULT, NULL); 1162 cv_init(&tep->te_srv_cv, NULL, CV_DEFAULT, NULL); 1163 mutex_init(&tep->te_ser_lock, NULL, MUTEX_DEFAULT, NULL); 1164 1165 return (0); 1166 } 1167 1168 /*ARGSUSED*/ 1169 static void 1170 tl_destructor(void *buf, void *cdrarg) 1171 { 1172 tl_endpt_t *tep = buf; 1173 1174 mutex_destroy(&tep->te_closelock); 1175 cv_destroy(&tep->te_closecv); 1176 mutex_destroy(&tep->te_srv_lock); 1177 cv_destroy(&tep->te_srv_cv); 1178 mutex_destroy(&tep->te_ser_lock); 1179 } 1180 1181 static void 1182 tl_free(tl_endpt_t *tep) 1183 { 1184 ASSERT(tep->te_refcnt == 0); 1185 ASSERT(tep->te_transport != NULL); 1186 ASSERT(tep->te_rq == NULL); 1187 ASSERT(tep->te_wq == NULL); 1188 ASSERT(tep->te_ser != NULL); 1189 ASSERT(tep->te_ser_count == 0); 1190 ASSERT(! (tep->te_flag & TL_ADDRHASHED)); 1191 1192 if (IS_SOCKET(tep)) { 1193 ASSERT(tep->te_alen == TL_SOUX_ADDRLEN); 1194 ASSERT(tep->te_abuf == &tep->te_uxaddr); 1195 ASSERT(tep->te_vp == (void *)(uintptr_t)tep->te_minor); 1196 ASSERT(tep->te_magic == SOU_MAGIC_IMPLICIT); 1197 } else if (tep->te_abuf != NULL) { 1198 kmem_free(tep->te_abuf, tep->te_alen); 1199 tep->te_alen = -1; /* uninitialized */ 1200 tep->te_abuf = NULL; 1201 } else { 1202 ASSERT(tep->te_alen == -1); 1203 } 1204 1205 id_free(tl_minors, tep->te_minor); 1206 ASSERT(tep->te_credp == NULL); 1207 1208 if (tep->te_hash_hndl != NULL) 1209 mod_hash_cancel(tep->te_addrhash, &tep->te_hash_hndl); 1210 1211 if (IS_COTS(tep)) { 1212 TL_REMOVE_PEER(tep->te_conp); 1213 TL_REMOVE_PEER(tep->te_oconp); 1214 tl_serializer_refrele(tep->te_ser); 1215 tep->te_ser = NULL; 1216 ASSERT(tep->te_nicon == 0); 1217 ASSERT(list_head(&tep->te_iconp) == NULL); 1218 } else { 1219 ASSERT(tep->te_lastep == NULL); 1220 ASSERT(list_head(&tep->te_flowlist) == NULL); 1221 ASSERT(tep->te_flowq == NULL); 1222 } 1223 1224 ASSERT(tep->te_bufcid == 0); 1225 ASSERT(tep->te_timoutid == 0); 1226 bzero(&tep->te_ap, sizeof (tep->te_ap)); 1227 tep->te_acceptor_id = 0; 1228 1229 ASSERT(tep->te_closewait == 0); 1230 ASSERT(!tep->te_rsrv_active); 1231 ASSERT(!tep->te_wsrv_active); 1232 tep->te_closing = 0; 1233 tep->te_nowsrv = B_FALSE; 1234 tep->te_flag = 0; 1235 1236 kmem_cache_free(tl_cache, tep); 1237 } 1238 1239 /* 1240 * Allocate/free reference-counted wrappers for serializers. 1241 */ 1242 static tl_serializer_t * 1243 tl_serializer_alloc(int flags) 1244 { 1245 tl_serializer_t *s = kmem_alloc(sizeof (tl_serializer_t), flags); 1246 serializer_t *ser; 1247 1248 if (s == NULL) 1249 return (NULL); 1250 1251 ser = serializer_create(flags); 1252 1253 if (ser == NULL) { 1254 kmem_free(s, sizeof (tl_serializer_t)); 1255 return (NULL); 1256 } 1257 1258 s->ts_refcnt = 1; 1259 s->ts_serializer = ser; 1260 return (s); 1261 } 1262 1263 static void 1264 tl_serializer_refhold(tl_serializer_t *s) 1265 { 1266 atomic_add_32(&s->ts_refcnt, 1); 1267 } 1268 1269 static void 1270 tl_serializer_refrele(tl_serializer_t *s) 1271 { 1272 if (atomic_add_32_nv(&s->ts_refcnt, -1) == 0) { 1273 serializer_destroy(s->ts_serializer); 1274 kmem_free(s, sizeof (tl_serializer_t)); 1275 } 1276 } 1277 1278 /* 1279 * Post a request on the endpoint serializer. For COTS transports keep track of 1280 * the number of pending requests. 1281 */ 1282 static void 1283 tl_serializer_enter(tl_endpt_t *tep, tlproc_t tlproc, mblk_t *mp) 1284 { 1285 if (IS_COTS(tep)) { 1286 mutex_enter(&tep->te_ser_lock); 1287 tep->te_ser_count++; 1288 mutex_exit(&tep->te_ser_lock); 1289 } 1290 serializer_enter(tep->te_serializer, (srproc_t *)tlproc, mp, tep); 1291 } 1292 1293 /* 1294 * Complete processing the request on the serializer. Decrement the counter for 1295 * pending requests for COTS transports. 1296 */ 1297 static void 1298 tl_serializer_exit(tl_endpt_t *tep) 1299 { 1300 if (IS_COTS(tep)) { 1301 mutex_enter(&tep->te_ser_lock); 1302 ASSERT(tep->te_ser_count != 0); 1303 tep->te_ser_count--; 1304 mutex_exit(&tep->te_ser_lock); 1305 } 1306 } 1307 1308 /* 1309 * Hash management functions. 1310 */ 1311 1312 /* 1313 * Return TRUE if two addresses are equal, false otherwise. 1314 */ 1315 static boolean_t 1316 tl_eqaddr(tl_addr_t *ap1, tl_addr_t *ap2) 1317 { 1318 return ((ap1->ta_alen > 0) && 1319 (ap1->ta_alen == ap2->ta_alen) && 1320 (ap1->ta_zoneid == ap2->ta_zoneid) && 1321 (bcmp(ap1->ta_abuf, ap2->ta_abuf, ap1->ta_alen) == 0)); 1322 } 1323 1324 /* 1325 * This function is called whenever an endpoint is found in the hash table. 1326 */ 1327 /* ARGSUSED0 */ 1328 static void 1329 tl_find_callback(mod_hash_key_t key, mod_hash_val_t val) 1330 { 1331 tl_refhold((tl_endpt_t *)val); 1332 } 1333 1334 /* 1335 * Address hash function. 1336 */ 1337 /* ARGSUSED */ 1338 static uint_t 1339 tl_hash_by_addr(void *hash_data, mod_hash_key_t key) 1340 { 1341 tl_addr_t *ap = (tl_addr_t *)key; 1342 size_t len = ap->ta_alen; 1343 uchar_t *p = ap->ta_abuf; 1344 uint_t i, g; 1345 1346 ASSERT((len > 0) && (p != NULL)); 1347 1348 for (i = ap->ta_zoneid; len -- != 0; p++) { 1349 i = (i << 4) + (*p); 1350 if ((g = (i & 0xf0000000U)) != 0) { 1351 i ^= (g >> 24); 1352 i ^= g; 1353 } 1354 } 1355 return (i); 1356 } 1357 1358 /* 1359 * This function is used by hash lookups. It compares two generic addresses. 1360 */ 1361 static int 1362 tl_hash_cmp_addr(mod_hash_key_t key1, mod_hash_key_t key2) 1363 { 1364 #ifdef DEBUG 1365 tl_addr_t *ap1 = (tl_addr_t *)key1; 1366 tl_addr_t *ap2 = (tl_addr_t *)key2; 1367 1368 ASSERT(key1 != NULL); 1369 ASSERT(key2 != NULL); 1370 1371 ASSERT(ap1->ta_abuf != NULL); 1372 ASSERT(ap2->ta_abuf != NULL); 1373 ASSERT(ap1->ta_alen > 0); 1374 ASSERT(ap2->ta_alen > 0); 1375 #endif 1376 1377 return (! tl_eqaddr((tl_addr_t *)key1, (tl_addr_t *)key2)); 1378 } 1379 1380 /* 1381 * Prevent endpoint from closing if possible. 1382 * Return B_TRUE on success, B_FALSE on failure. 1383 */ 1384 static boolean_t 1385 tl_noclose(tl_endpt_t *tep) 1386 { 1387 boolean_t rc = B_FALSE; 1388 1389 mutex_enter(&tep->te_closelock); 1390 if (! tep->te_closing) { 1391 ASSERT(tep->te_closewait == 0); 1392 tep->te_closewait++; 1393 rc = B_TRUE; 1394 } 1395 mutex_exit(&tep->te_closelock); 1396 return (rc); 1397 } 1398 1399 /* 1400 * Allow endpoint to close if needed. 1401 */ 1402 static void 1403 tl_closeok(tl_endpt_t *tep) 1404 { 1405 ASSERT(tep->te_closewait > 0); 1406 mutex_enter(&tep->te_closelock); 1407 ASSERT(tep->te_closewait == 1); 1408 tep->te_closewait--; 1409 cv_signal(&tep->te_closecv); 1410 mutex_exit(&tep->te_closelock); 1411 } 1412 1413 /* 1414 * STREAMS open entry point. 1415 */ 1416 /* ARGSUSED */ 1417 static int 1418 tl_open(queue_t *rq, dev_t *devp, int oflag, int sflag, cred_t *credp) 1419 { 1420 tl_endpt_t *tep; 1421 minor_t minor = getminor(*devp); 1422 1423 /* 1424 * Driver is called directly. Both CLONEOPEN and MODOPEN 1425 * are illegal 1426 */ 1427 if ((sflag == CLONEOPEN) || (sflag == MODOPEN)) 1428 return (ENXIO); 1429 1430 if (rq->q_ptr != NULL) 1431 return (0); 1432 1433 /* Minor number should specify the mode used for the driver. */ 1434 if ((minor >= TL_UNUSED)) 1435 return (ENXIO); 1436 1437 if (oflag & SO_SOCKSTR) { 1438 minor |= TL_SOCKET; 1439 } 1440 1441 tep = kmem_cache_alloc(tl_cache, KM_SLEEP); 1442 tep->te_refcnt = 1; 1443 tep->te_cpid = curproc->p_pid; 1444 rq->q_ptr = WR(rq)->q_ptr = tep; 1445 tep->te_state = TS_UNBND; 1446 tep->te_credp = credp; 1447 crhold(credp); 1448 tep->te_zoneid = getzoneid(); 1449 1450 tep->te_flag = minor & TL_MINOR_MASK; 1451 tep->te_transport = &tl_transports[minor]; 1452 1453 /* Allocate a unique minor number for this instance. */ 1454 tep->te_minor = (minor_t)id_alloc(tl_minors); 1455 1456 /* Reserve hash handle for bind(). */ 1457 (void) mod_hash_reserve(tep->te_addrhash, &tep->te_hash_hndl); 1458 1459 /* Transport-specific initialization */ 1460 if (IS_COTS(tep)) { 1461 /* Use private serializer */ 1462 tep->te_ser = tl_serializer_alloc(KM_SLEEP); 1463 1464 /* Create list for pending connections */ 1465 list_create(&tep->te_iconp, sizeof (tl_icon_t), 1466 offsetof(tl_icon_t, ti_node)); 1467 tep->te_qlen = 0; 1468 tep->te_nicon = 0; 1469 tep->te_oconp = NULL; 1470 tep->te_conp = NULL; 1471 } else { 1472 /* Use shared serializer */ 1473 tep->te_ser = tep->te_transport->tr_serializer; 1474 bzero(&tep->te_flows, sizeof (list_node_t)); 1475 /* Create list for flow control */ 1476 list_create(&tep->te_flowlist, sizeof (tl_endpt_t), 1477 offsetof(tl_endpt_t, te_flows)); 1478 tep->te_flowq = NULL; 1479 tep->te_lastep = NULL; 1480 1481 } 1482 1483 /* Initialize endpoint address */ 1484 if (IS_SOCKET(tep)) { 1485 /* Socket-specific address handling. */ 1486 tep->te_alen = TL_SOUX_ADDRLEN; 1487 tep->te_abuf = &tep->te_uxaddr; 1488 tep->te_vp = (void *)(uintptr_t)tep->te_minor; 1489 tep->te_magic = SOU_MAGIC_IMPLICIT; 1490 } else { 1491 tep->te_alen = -1; 1492 tep->te_abuf = NULL; 1493 } 1494 1495 /* clone the driver */ 1496 *devp = makedevice(getmajor(*devp), tep->te_minor); 1497 1498 tep->te_rq = rq; 1499 tep->te_wq = WR(rq); 1500 1501 #ifdef _ILP32 1502 if (IS_SOCKET(tep)) 1503 tep->te_acceptor_id = tep->te_minor; 1504 else 1505 tep->te_acceptor_id = (t_uscalar_t)rq; 1506 #else 1507 tep->te_acceptor_id = tep->te_minor; 1508 #endif /* _ILP32 */ 1509 1510 1511 qprocson(rq); 1512 1513 /* 1514 * Insert acceptor ID in the hash. The AI hash always sleeps on 1515 * insertion so insertion can't fail. 1516 */ 1517 (void) mod_hash_insert(tep->te_transport->tr_ai_hash, 1518 (mod_hash_key_t)(uintptr_t)tep->te_acceptor_id, 1519 (mod_hash_val_t)tep); 1520 1521 return (0); 1522 } 1523 1524 /* ARGSUSED1 */ 1525 static int 1526 tl_close(queue_t *rq, int flag, cred_t *credp) 1527 { 1528 tl_endpt_t *tep = (tl_endpt_t *)rq->q_ptr; 1529 tl_endpt_t *elp = NULL; 1530 queue_t *wq = tep->te_wq; 1531 int rc; 1532 1533 ASSERT(wq == WR(rq)); 1534 1535 /* 1536 * Remove the endpoint from acceptor hash. 1537 */ 1538 rc = mod_hash_remove(tep->te_transport->tr_ai_hash, 1539 (mod_hash_key_t)(uintptr_t)tep->te_acceptor_id, 1540 (mod_hash_val_t *)&elp); 1541 ASSERT(rc == 0 && tep == elp); 1542 if ((rc != 0) || (tep != elp)) { 1543 (void) (STRLOG(TL_ID, tep->te_minor, 1, 1544 SL_TRACE|SL_ERROR, 1545 "tl_close:inconsistency in AI hash")); 1546 } 1547 1548 /* 1549 * Wait till close is safe, then mark endpoint as closing. 1550 */ 1551 mutex_enter(&tep->te_closelock); 1552 while (tep->te_closewait) 1553 cv_wait(&tep->te_closecv, &tep->te_closelock); 1554 tep->te_closing = B_TRUE; 1555 /* 1556 * Will wait for the serializer part of the close to finish, so set 1557 * te_closewait now. 1558 */ 1559 tep->te_closewait = 1; 1560 tep->te_nowsrv = B_FALSE; 1561 mutex_exit(&tep->te_closelock); 1562 1563 /* 1564 * tl_close_ser doesn't drop reference, so no need to tl_refhold. 1565 * It is safe because close will wait for tl_close_ser to finish. 1566 */ 1567 tl_serializer_enter(tep, tl_close_ser, &tep->te_closemp); 1568 1569 /* 1570 * Wait for the first phase of close to complete before qprocsoff(). 1571 */ 1572 mutex_enter(&tep->te_closelock); 1573 while (tep->te_closewait) 1574 cv_wait(&tep->te_closecv, &tep->te_closelock); 1575 mutex_exit(&tep->te_closelock); 1576 1577 qprocsoff(rq); 1578 1579 if (tep->te_bufcid) { 1580 qunbufcall(rq, tep->te_bufcid); 1581 tep->te_bufcid = 0; 1582 } 1583 if (tep->te_timoutid) { 1584 (void) quntimeout(rq, tep->te_timoutid); 1585 tep->te_timoutid = 0; 1586 } 1587 1588 /* 1589 * Finish close behind serializer. 1590 * 1591 * For a CLTS endpoint increase a refcount and continue close processing 1592 * with serializer protection. This processing may happen asynchronously 1593 * with the completion of tl_close(). 1594 * 1595 * Fot a COTS endpoint wait before destroying tep since the serializer 1596 * may go away together with tep and we need to destroy serializer 1597 * outside of serializer context. 1598 */ 1599 ASSERT(tep->te_closewait == 0); 1600 if (IS_COTS(tep)) 1601 tep->te_closewait = 1; 1602 else 1603 tl_refhold(tep); 1604 1605 tl_serializer_enter(tep, tl_close_finish_ser, &tep->te_closemp); 1606 1607 /* 1608 * For connection-oriented transports wait for all serializer activity 1609 * to settle down. 1610 */ 1611 if (IS_COTS(tep)) { 1612 mutex_enter(&tep->te_closelock); 1613 while (tep->te_closewait) 1614 cv_wait(&tep->te_closecv, &tep->te_closelock); 1615 mutex_exit(&tep->te_closelock); 1616 } 1617 1618 crfree(tep->te_credp); 1619 tep->te_credp = NULL; 1620 tep->te_wq = NULL; 1621 tl_refrele(tep); 1622 /* 1623 * tep is likely to be destroyed now, so can't reference it any more. 1624 */ 1625 1626 rq->q_ptr = wq->q_ptr = NULL; 1627 return (0); 1628 } 1629 1630 /* 1631 * First phase of close processing done behind the serializer. 1632 * 1633 * Do not drop the reference in the end - tl_close() wants this reference to 1634 * stay. 1635 */ 1636 /* ARGSUSED0 */ 1637 static void 1638 tl_close_ser(mblk_t *mp, tl_endpt_t *tep) 1639 { 1640 ASSERT(tep->te_closing); 1641 ASSERT(tep->te_closewait == 1); 1642 ASSERT(!(tep->te_flag & TL_CLOSE_SER)); 1643 1644 tep->te_flag |= TL_CLOSE_SER; 1645 1646 /* 1647 * Drain out all messages on queue except for TL_TICOTS where the 1648 * abortive release semantics permit discarding of data on close 1649 */ 1650 if (tep->te_wq->q_first && (IS_CLTS(tep) || IS_COTSORD(tep))) { 1651 tl_wsrv_ser(NULL, tep); 1652 } 1653 1654 /* Remove address from hash table. */ 1655 tl_addr_unbind(tep); 1656 /* 1657 * qprocsoff() gets confused when q->q_next is not NULL on the write 1658 * queue of the driver, so clear these before qprocsoff() is called. 1659 * Also clear q_next for the peer since this queue is going away. 1660 */ 1661 if (IS_COTS(tep) && !IS_SOCKET(tep)) { 1662 tl_endpt_t *peer_tep = tep->te_conp; 1663 1664 tep->te_wq->q_next = NULL; 1665 if ((peer_tep != NULL) && !peer_tep->te_closing) 1666 peer_tep->te_wq->q_next = NULL; 1667 } 1668 1669 tep->te_rq = NULL; 1670 1671 /* wake up tl_close() */ 1672 tl_closeok(tep); 1673 tl_serializer_exit(tep); 1674 } 1675 1676 /* 1677 * Second phase of tl_close(). Should wakeup tl_close() for COTS mode and drop 1678 * the reference for CLTS. 1679 * 1680 * Called from serializer. Should drop reference count for CLTS only. 1681 */ 1682 /* ARGSUSED0 */ 1683 static void 1684 tl_close_finish_ser(mblk_t *mp, tl_endpt_t *tep) 1685 { 1686 ASSERT(tep->te_closing); 1687 IMPLY(IS_CLTS(tep), tep->te_closewait == 0); 1688 IMPLY(IS_COTS(tep), tep->te_closewait == 1); 1689 1690 tep->te_state = -1; /* Uninitialized */ 1691 if (IS_COTS(tep)) { 1692 tl_co_unconnect(tep); 1693 } else { 1694 /* Connectionless specific cleanup */ 1695 TL_REMOVE_PEER(tep->te_lastep); 1696 /* 1697 * Backenable anybody that is flow controlled waiting for 1698 * this endpoint. 1699 */ 1700 tl_cl_backenable(tep); 1701 if (tep->te_flowq != NULL) { 1702 list_remove(&(tep->te_flowq->te_flowlist), tep); 1703 tep->te_flowq = NULL; 1704 } 1705 } 1706 1707 tl_serializer_exit(tep); 1708 if (IS_COTS(tep)) 1709 tl_closeok(tep); 1710 else 1711 tl_refrele(tep); 1712 } 1713 1714 /* 1715 * STREAMS write-side put procedure. 1716 * Enter serializer for most of the processing. 1717 * 1718 * The T_CONN_REQ is processed outside of serializer. 1719 */ 1720 static void 1721 tl_wput(queue_t *wq, mblk_t *mp) 1722 { 1723 tl_endpt_t *tep = (tl_endpt_t *)wq->q_ptr; 1724 ssize_t msz = MBLKL(mp); 1725 union T_primitives *prim = (union T_primitives *)mp->b_rptr; 1726 tlproc_t *tl_proc = NULL; 1727 1728 switch (DB_TYPE(mp)) { 1729 case M_DATA: 1730 /* Only valid for connection-oriented transports */ 1731 if (IS_CLTS(tep)) { 1732 (void) (STRLOG(TL_ID, tep->te_minor, 1, 1733 SL_TRACE|SL_ERROR, 1734 "tl_wput:M_DATA invalid for ticlts driver")); 1735 tl_merror(wq, mp, EPROTO); 1736 return; 1737 } 1738 tl_proc = tl_wput_data_ser; 1739 break; 1740 1741 case M_IOCTL: 1742 switch (((struct iocblk *)mp->b_rptr)->ioc_cmd) { 1743 case TL_IOC_CREDOPT: 1744 /* FALLTHROUGH */ 1745 case TL_IOC_UCREDOPT: 1746 /* 1747 * Serialize endpoint state change. 1748 */ 1749 tl_proc = tl_do_ioctl_ser; 1750 break; 1751 1752 default: 1753 miocnak(wq, mp, 0, EINVAL); 1754 return; 1755 } 1756 break; 1757 1758 case M_FLUSH: 1759 /* 1760 * do canonical M_FLUSH processing 1761 */ 1762 if (*mp->b_rptr & FLUSHW) { 1763 flushq(wq, FLUSHALL); 1764 *mp->b_rptr &= ~FLUSHW; 1765 } 1766 if (*mp->b_rptr & FLUSHR) { 1767 flushq(RD(wq), FLUSHALL); 1768 qreply(wq, mp); 1769 } else { 1770 freemsg(mp); 1771 } 1772 return; 1773 1774 case M_PROTO: 1775 if (msz < sizeof (prim->type)) { 1776 (void) (STRLOG(TL_ID, tep->te_minor, 1, 1777 SL_TRACE|SL_ERROR, 1778 "tl_wput:M_PROTO data too short")); 1779 tl_merror(wq, mp, EPROTO); 1780 return; 1781 } 1782 switch (prim->type) { 1783 case T_OPTMGMT_REQ: 1784 case T_SVR4_OPTMGMT_REQ: 1785 /* 1786 * Process TPI option management requests immediately 1787 * in put procedure regardless of in-order processing 1788 * of already queued messages. 1789 * (Note: This driver supports AF_UNIX socket 1790 * implementation. Unless we implement this processing, 1791 * setsockopt() on socket endpoint will block on flow 1792 * controlled endpoints which it should not. That is 1793 * required for successful execution of VSU socket tests 1794 * and is consistent with BSD socket behavior). 1795 */ 1796 tl_optmgmt(wq, mp); 1797 return; 1798 case O_T_BIND_REQ: 1799 case T_BIND_REQ: 1800 tl_proc = tl_bind_ser; 1801 break; 1802 case T_CONN_REQ: 1803 if (IS_CLTS(tep)) { 1804 tl_merror(wq, mp, EPROTO); 1805 return; 1806 } 1807 tl_conn_req(wq, mp); 1808 return; 1809 case T_DATA_REQ: 1810 case T_OPTDATA_REQ: 1811 case T_EXDATA_REQ: 1812 case T_ORDREL_REQ: 1813 tl_proc = tl_putq_ser; 1814 break; 1815 case T_UNITDATA_REQ: 1816 if (IS_COTS(tep) || 1817 (msz < sizeof (struct T_unitdata_req))) { 1818 tl_merror(wq, mp, EPROTO); 1819 return; 1820 } 1821 if ((tep->te_state == TS_IDLE) && !wq->q_first) { 1822 tl_proc = tl_unitdata_ser; 1823 } else { 1824 tl_proc = tl_putq_ser; 1825 } 1826 break; 1827 default: 1828 /* 1829 * process in service procedure if message already 1830 * queued (maintain in-order processing) 1831 */ 1832 if (wq->q_first != NULL) { 1833 tl_proc = tl_putq_ser; 1834 } else { 1835 tl_proc = tl_wput_ser; 1836 } 1837 break; 1838 } 1839 break; 1840 1841 case M_PCPROTO: 1842 /* 1843 * Check that the message has enough data to figure out TPI 1844 * primitive. 1845 */ 1846 if (msz < sizeof (prim->type)) { 1847 (void) (STRLOG(TL_ID, tep->te_minor, 1, 1848 SL_TRACE|SL_ERROR, 1849 "tl_wput:M_PCROTO data too short")); 1850 tl_merror(wq, mp, EPROTO); 1851 return; 1852 } 1853 switch (prim->type) { 1854 case T_CAPABILITY_REQ: 1855 tl_capability_req(mp, tep); 1856 return; 1857 case T_INFO_REQ: 1858 tl_proc = tl_info_req_ser; 1859 break; 1860 case T_ADDR_REQ: 1861 tl_proc = tl_addr_req_ser; 1862 break; 1863 1864 default: 1865 (void) (STRLOG(TL_ID, tep->te_minor, 1, 1866 SL_TRACE|SL_ERROR, 1867 "tl_wput:unknown TPI msg primitive")); 1868 tl_merror(wq, mp, EPROTO); 1869 return; 1870 } 1871 break; 1872 default: 1873 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 1874 "tl_wput:default:unexpected Streams message")); 1875 freemsg(mp); 1876 return; 1877 } 1878 1879 /* 1880 * Continue processing via serializer. 1881 */ 1882 ASSERT(tl_proc != NULL); 1883 tl_refhold(tep); 1884 tl_serializer_enter(tep, tl_proc, mp); 1885 } 1886 1887 /* 1888 * Place message on the queue while preserving order. 1889 */ 1890 static void 1891 tl_putq_ser(mblk_t *mp, tl_endpt_t *tep) 1892 { 1893 if (tep->te_closing) { 1894 tl_wput_ser(mp, tep); 1895 } else { 1896 TL_PUTQ(tep, mp); 1897 tl_serializer_exit(tep); 1898 tl_refrele(tep); 1899 } 1900 1901 } 1902 1903 static void 1904 tl_wput_common_ser(mblk_t *mp, tl_endpt_t *tep) 1905 { 1906 ASSERT((DB_TYPE(mp) == M_DATA) || (DB_TYPE(mp) == M_PROTO)); 1907 1908 switch (DB_TYPE(mp)) { 1909 case M_DATA: 1910 tl_data(mp, tep); 1911 break; 1912 case M_PROTO: 1913 tl_do_proto(mp, tep); 1914 break; 1915 default: 1916 freemsg(mp); 1917 break; 1918 } 1919 } 1920 1921 /* 1922 * Write side put procedure called from serializer. 1923 */ 1924 static void 1925 tl_wput_ser(mblk_t *mp, tl_endpt_t *tep) 1926 { 1927 tl_wput_common_ser(mp, tep); 1928 tl_serializer_exit(tep); 1929 tl_refrele(tep); 1930 } 1931 1932 /* 1933 * M_DATA processing. Called from serializer. 1934 */ 1935 static void 1936 tl_wput_data_ser(mblk_t *mp, tl_endpt_t *tep) 1937 { 1938 tl_endpt_t *peer_tep = tep->te_conp; 1939 queue_t *peer_rq; 1940 1941 ASSERT(DB_TYPE(mp) == M_DATA); 1942 ASSERT(IS_COTS(tep)); 1943 1944 IMPLY(peer_tep, tep->te_serializer == peer_tep->te_serializer); 1945 1946 /* 1947 * fastpath for data. Ignore flow control if tep is closing. 1948 */ 1949 if ((peer_tep != NULL) && 1950 !peer_tep->te_closing && 1951 ((tep->te_state == TS_DATA_XFER) || 1952 (tep->te_state == TS_WREQ_ORDREL)) && 1953 (tep->te_wq != NULL) && 1954 (tep->te_wq->q_first == NULL) && 1955 ((peer_tep->te_state == TS_DATA_XFER) || 1956 (peer_tep->te_state == TS_WREQ_ORDREL)) && 1957 ((peer_rq = peer_tep->te_rq) != NULL) && 1958 (canputnext(peer_rq) || tep->te_closing)) { 1959 putnext(peer_rq, mp); 1960 } else if (tep->te_closing) { 1961 /* 1962 * It is possible that by the time we got here tep started to 1963 * close. If the write queue is not empty, and the state is 1964 * TS_DATA_XFER the data should be delivered in order, so we 1965 * call putq() instead of freeing the data. 1966 */ 1967 if ((tep->te_wq != NULL) && 1968 ((tep->te_state == TS_DATA_XFER) || 1969 (tep->te_state == TS_WREQ_ORDREL))) { 1970 TL_PUTQ(tep, mp); 1971 } else { 1972 freemsg(mp); 1973 } 1974 } else { 1975 TL_PUTQ(tep, mp); 1976 } 1977 1978 tl_serializer_exit(tep); 1979 tl_refrele(tep); 1980 } 1981 1982 /* 1983 * Write side service routine. 1984 * 1985 * All actual processing happens within serializer which is entered 1986 * synchronously. It is possible that by the time tl_wsrv() wakes up, some new 1987 * messages that need processing may have arrived, so tl_wsrv repeats until 1988 * queue is empty or te_nowsrv is set. 1989 */ 1990 static void 1991 tl_wsrv(queue_t *wq) 1992 { 1993 tl_endpt_t *tep = (tl_endpt_t *)wq->q_ptr; 1994 1995 while ((wq->q_first != NULL) && !tep->te_nowsrv) { 1996 mutex_enter(&tep->te_srv_lock); 1997 ASSERT(tep->te_wsrv_active == B_FALSE); 1998 tep->te_wsrv_active = B_TRUE; 1999 mutex_exit(&tep->te_srv_lock); 2000 2001 tl_serializer_enter(tep, tl_wsrv_ser, &tep->te_wsrvmp); 2002 2003 /* 2004 * Wait for serializer job to complete. 2005 */ 2006 mutex_enter(&tep->te_srv_lock); 2007 while (tep->te_wsrv_active) { 2008 cv_wait(&tep->te_srv_cv, &tep->te_srv_lock); 2009 } 2010 cv_signal(&tep->te_srv_cv); 2011 mutex_exit(&tep->te_srv_lock); 2012 } 2013 } 2014 2015 /* 2016 * Serialized write side processing of the STREAMS queue. 2017 * May be called either from tl_wsrv() or from tl_close() in which case ser_mp 2018 * is NULL. 2019 */ 2020 static void 2021 tl_wsrv_ser(mblk_t *ser_mp, tl_endpt_t *tep) 2022 { 2023 mblk_t *mp; 2024 queue_t *wq = tep->te_wq; 2025 2026 ASSERT(wq != NULL); 2027 while (!tep->te_nowsrv && (mp = getq(wq)) != NULL) { 2028 tl_wput_common_ser(mp, tep); 2029 } 2030 2031 /* 2032 * Wakeup service routine unless called from close. 2033 * If ser_mp is specified, the caller is tl_wsrv(). 2034 * Otherwise, the caller is tl_close_ser(). Since tl_close_ser() doesn't 2035 * call tl_serializer_enter() before calling tl_wsrv_ser(), there should 2036 * be no matching tl_serializer_exit() in this case. 2037 * Also, there is no need to wakeup anyone since tl_close_ser() is not 2038 * waiting on te_srv_cv. 2039 */ 2040 if (ser_mp != NULL) { 2041 /* 2042 * We are called from tl_wsrv. 2043 */ 2044 mutex_enter(&tep->te_srv_lock); 2045 ASSERT(tep->te_wsrv_active); 2046 tep->te_wsrv_active = B_FALSE; 2047 cv_signal(&tep->te_srv_cv); 2048 mutex_exit(&tep->te_srv_lock); 2049 tl_serializer_exit(tep); 2050 } 2051 } 2052 2053 /* 2054 * Called when the stream is backenabled. Enter serializer and qenable everyone 2055 * flow controlled by tep. 2056 * 2057 * NOTE: The service routine should enter serializer synchronously. Otherwise it 2058 * is possible that two instances of tl_rsrv will be running reusing the same 2059 * rsrv mblk. 2060 */ 2061 static void 2062 tl_rsrv(queue_t *rq) 2063 { 2064 tl_endpt_t *tep = (tl_endpt_t *)rq->q_ptr; 2065 2066 ASSERT(rq->q_first == NULL); 2067 ASSERT(tep->te_rsrv_active == 0); 2068 2069 tep->te_rsrv_active = B_TRUE; 2070 tl_serializer_enter(tep, tl_rsrv_ser, &tep->te_rsrvmp); 2071 /* 2072 * Wait for serializer job to complete. 2073 */ 2074 mutex_enter(&tep->te_srv_lock); 2075 while (tep->te_rsrv_active) { 2076 cv_wait(&tep->te_srv_cv, &tep->te_srv_lock); 2077 } 2078 cv_signal(&tep->te_srv_cv); 2079 mutex_exit(&tep->te_srv_lock); 2080 } 2081 2082 /* ARGSUSED */ 2083 static void 2084 tl_rsrv_ser(mblk_t *mp, tl_endpt_t *tep) 2085 { 2086 tl_endpt_t *peer_tep; 2087 2088 if (IS_CLTS(tep) && tep->te_state == TS_IDLE) { 2089 tl_cl_backenable(tep); 2090 } else if ( 2091 IS_COTS(tep) && 2092 ((peer_tep = tep->te_conp) != NULL) && 2093 !peer_tep->te_closing && 2094 ((tep->te_state == TS_DATA_XFER) || 2095 (tep->te_state == TS_WIND_ORDREL)|| 2096 (tep->te_state == TS_WREQ_ORDREL))) { 2097 TL_QENABLE(peer_tep); 2098 } 2099 2100 /* 2101 * Wakeup read side service routine. 2102 */ 2103 mutex_enter(&tep->te_srv_lock); 2104 ASSERT(tep->te_rsrv_active); 2105 tep->te_rsrv_active = B_FALSE; 2106 cv_signal(&tep->te_srv_cv); 2107 mutex_exit(&tep->te_srv_lock); 2108 tl_serializer_exit(tep); 2109 } 2110 2111 /* 2112 * process M_PROTO messages. Always called from serializer. 2113 */ 2114 static void 2115 tl_do_proto(mblk_t *mp, tl_endpt_t *tep) 2116 { 2117 ssize_t msz = MBLKL(mp); 2118 union T_primitives *prim = (union T_primitives *)mp->b_rptr; 2119 2120 /* Message size was validated by tl_wput(). */ 2121 ASSERT(msz >= sizeof (prim->type)); 2122 2123 switch (prim->type) { 2124 case T_UNBIND_REQ: 2125 tl_unbind(mp, tep); 2126 break; 2127 2128 case T_ADDR_REQ: 2129 tl_addr_req(mp, tep); 2130 break; 2131 2132 case O_T_CONN_RES: 2133 case T_CONN_RES: 2134 if (IS_CLTS(tep)) { 2135 tl_merror(tep->te_wq, mp, EPROTO); 2136 break; 2137 } 2138 tl_conn_res(mp, tep); 2139 break; 2140 2141 case T_DISCON_REQ: 2142 if (IS_CLTS(tep)) { 2143 tl_merror(tep->te_wq, mp, EPROTO); 2144 break; 2145 } 2146 tl_discon_req(mp, tep); 2147 break; 2148 2149 case T_DATA_REQ: 2150 if (IS_CLTS(tep)) { 2151 tl_merror(tep->te_wq, mp, EPROTO); 2152 break; 2153 } 2154 tl_data(mp, tep); 2155 break; 2156 2157 case T_OPTDATA_REQ: 2158 if (IS_CLTS(tep)) { 2159 tl_merror(tep->te_wq, mp, EPROTO); 2160 break; 2161 } 2162 tl_data(mp, tep); 2163 break; 2164 2165 case T_EXDATA_REQ: 2166 if (IS_CLTS(tep)) { 2167 tl_merror(tep->te_wq, mp, EPROTO); 2168 break; 2169 } 2170 tl_exdata(mp, tep); 2171 break; 2172 2173 case T_ORDREL_REQ: 2174 if (! IS_COTSORD(tep)) { 2175 tl_merror(tep->te_wq, mp, EPROTO); 2176 break; 2177 } 2178 tl_ordrel(mp, tep); 2179 break; 2180 2181 case T_UNITDATA_REQ: 2182 if (IS_COTS(tep)) { 2183 tl_merror(tep->te_wq, mp, EPROTO); 2184 break; 2185 } 2186 tl_unitdata(mp, tep); 2187 break; 2188 2189 default: 2190 tl_merror(tep->te_wq, mp, EPROTO); 2191 break; 2192 } 2193 } 2194 2195 /* 2196 * Process ioctl from serializer. 2197 * This is a wrapper around tl_do_ioctl(). 2198 */ 2199 static void 2200 tl_do_ioctl_ser(mblk_t *mp, tl_endpt_t *tep) 2201 { 2202 if (! tep->te_closing) 2203 tl_do_ioctl(mp, tep); 2204 else 2205 freemsg(mp); 2206 2207 tl_serializer_exit(tep); 2208 tl_refrele(tep); 2209 } 2210 2211 static void 2212 tl_do_ioctl(mblk_t *mp, tl_endpt_t *tep) 2213 { 2214 struct iocblk *iocbp = (struct iocblk *)mp->b_rptr; 2215 int cmd = iocbp->ioc_cmd; 2216 queue_t *wq = tep->te_wq; 2217 int error; 2218 int thisopt, otheropt; 2219 2220 ASSERT((cmd == TL_IOC_CREDOPT) || (cmd == TL_IOC_UCREDOPT)); 2221 2222 switch (cmd) { 2223 case TL_IOC_CREDOPT: 2224 if (cmd == TL_IOC_CREDOPT) { 2225 thisopt = TL_SETCRED; 2226 otheropt = TL_SETUCRED; 2227 } else { 2228 /* FALLTHROUGH */ 2229 case TL_IOC_UCREDOPT: 2230 thisopt = TL_SETUCRED; 2231 otheropt = TL_SETCRED; 2232 } 2233 /* 2234 * The credentials passing does not apply to sockets. 2235 * Only one of the cred options can be set at a given time. 2236 */ 2237 if (IS_SOCKET(tep) || (tep->te_flag & otheropt)) { 2238 miocnak(wq, mp, 0, EINVAL); 2239 return; 2240 } 2241 2242 /* 2243 * Turn on generation of credential options for 2244 * T_conn_req, T_conn_con, T_unidata_ind. 2245 */ 2246 error = miocpullup(mp, sizeof (uint32_t)); 2247 if (error != 0) { 2248 miocnak(wq, mp, 0, error); 2249 return; 2250 } 2251 if (!IS_P2ALIGNED(mp->b_cont->b_rptr, sizeof (uint32_t))) { 2252 miocnak(wq, mp, 0, EINVAL); 2253 return; 2254 } 2255 2256 if (*(uint32_t *)mp->b_cont->b_rptr) 2257 tep->te_flag |= thisopt; 2258 else 2259 tep->te_flag &= ~thisopt; 2260 2261 miocack(wq, mp, 0, 0); 2262 break; 2263 2264 default: 2265 /* Should not be here */ 2266 miocnak(wq, mp, 0, EINVAL); 2267 break; 2268 } 2269 } 2270 2271 2272 /* 2273 * send T_ERROR_ACK 2274 * Note: assumes enough memory or caller passed big enough mp 2275 * - no recovery from allocb failures 2276 */ 2277 2278 static void 2279 tl_error_ack(queue_t *wq, mblk_t *mp, t_scalar_t tli_err, 2280 t_scalar_t unix_err, t_scalar_t type) 2281 { 2282 struct T_error_ack *err_ack; 2283 mblk_t *ackmp = tpi_ack_alloc(mp, sizeof (struct T_error_ack), 2284 M_PCPROTO, T_ERROR_ACK); 2285 2286 if (ackmp == NULL) { 2287 (void) (STRLOG(TL_ID, 0, 1, SL_TRACE|SL_ERROR, 2288 "tl_error_ack:out of mblk memory")); 2289 tl_merror(wq, NULL, ENOSR); 2290 return; 2291 } 2292 err_ack = (struct T_error_ack *)ackmp->b_rptr; 2293 err_ack->ERROR_prim = type; 2294 err_ack->TLI_error = tli_err; 2295 err_ack->UNIX_error = unix_err; 2296 2297 /* 2298 * send error ack message 2299 */ 2300 qreply(wq, ackmp); 2301 } 2302 2303 2304 2305 /* 2306 * send T_OK_ACK 2307 * Note: assumes enough memory or caller passed big enough mp 2308 * - no recovery from allocb failures 2309 */ 2310 static void 2311 tl_ok_ack(queue_t *wq, mblk_t *mp, t_scalar_t type) 2312 { 2313 struct T_ok_ack *ok_ack; 2314 mblk_t *ackmp = tpi_ack_alloc(mp, sizeof (struct T_ok_ack), 2315 M_PCPROTO, T_OK_ACK); 2316 2317 if (ackmp == NULL) { 2318 tl_merror(wq, NULL, ENOMEM); 2319 return; 2320 } 2321 2322 ok_ack = (struct T_ok_ack *)ackmp->b_rptr; 2323 ok_ack->CORRECT_prim = type; 2324 2325 (void) qreply(wq, ackmp); 2326 } 2327 2328 /* 2329 * Process T_BIND_REQ and O_T_BIND_REQ from serializer. 2330 * This is a wrapper around tl_bind(). 2331 */ 2332 static void 2333 tl_bind_ser(mblk_t *mp, tl_endpt_t *tep) 2334 { 2335 if (! tep->te_closing) 2336 tl_bind(mp, tep); 2337 else 2338 freemsg(mp); 2339 2340 tl_serializer_exit(tep); 2341 tl_refrele(tep); 2342 } 2343 2344 /* 2345 * Process T_BIND_REQ and O_T_BIND_REQ TPI requests. 2346 * Assumes that the endpoint is in the unbound. 2347 */ 2348 static void 2349 tl_bind(mblk_t *mp, tl_endpt_t *tep) 2350 { 2351 queue_t *wq = tep->te_wq; 2352 struct T_bind_ack *b_ack; 2353 struct T_bind_req *bind = (struct T_bind_req *)mp->b_rptr; 2354 mblk_t *ackmp, *bamp; 2355 soux_addr_t ux_addr; 2356 t_uscalar_t qlen = 0; 2357 t_scalar_t alen, aoff; 2358 tl_addr_t addr_req; 2359 void *addr_startp; 2360 ssize_t msz = MBLKL(mp), basize; 2361 t_scalar_t tli_err = 0, unix_err = 0; 2362 t_scalar_t save_prim_type = bind->PRIM_type; 2363 t_scalar_t save_state = tep->te_state; 2364 2365 if (tep->te_state != TS_UNBND) { 2366 (void) (STRLOG(TL_ID, tep->te_minor, 1, 2367 SL_TRACE|SL_ERROR, 2368 "tl_wput:bind_request:out of state, state=%d", 2369 tep->te_state)); 2370 tli_err = TOUTSTATE; 2371 goto error; 2372 } 2373 2374 if (msz < sizeof (struct T_bind_req)) { 2375 tli_err = TSYSERR; unix_err = EINVAL; 2376 goto error; 2377 } 2378 2379 tep->te_state = NEXTSTATE(TE_BIND_REQ, tep->te_state); 2380 2381 ASSERT((bind->PRIM_type == O_T_BIND_REQ) || 2382 (bind->PRIM_type == T_BIND_REQ)); 2383 2384 alen = bind->ADDR_length; 2385 aoff = bind->ADDR_offset; 2386 2387 /* negotiate max conn req pending */ 2388 if (IS_COTS(tep)) { 2389 qlen = bind->CONIND_number; 2390 if (qlen > tl_maxqlen) 2391 qlen = tl_maxqlen; 2392 } 2393 2394 /* 2395 * Reserve hash handle. It can only be NULL if the endpoint is unbound 2396 * and bound again. 2397 */ 2398 if ((tep->te_hash_hndl == NULL) && 2399 ((tep->te_flag & TL_ADDRHASHED) == 0) && 2400 mod_hash_reserve_nosleep(tep->te_addrhash, 2401 &tep->te_hash_hndl) != 0) { 2402 tli_err = TSYSERR; unix_err = ENOSR; 2403 goto error; 2404 } 2405 2406 /* 2407 * Verify address correctness. 2408 */ 2409 if (IS_SOCKET(tep)) { 2410 ASSERT(bind->PRIM_type == O_T_BIND_REQ); 2411 2412 if ((alen != TL_SOUX_ADDRLEN) || 2413 (aoff < 0) || 2414 (aoff + alen > msz)) { 2415 (void) (STRLOG(TL_ID, tep->te_minor, 2416 1, SL_TRACE|SL_ERROR, 2417 "tl_bind: invalid socket addr")); 2418 tep->te_state = NEXTSTATE(TE_ERROR_ACK, tep->te_state); 2419 tli_err = TSYSERR; unix_err = EINVAL; 2420 goto error; 2421 } 2422 /* Copy address from message to local buffer. */ 2423 bcopy(mp->b_rptr + aoff, &ux_addr, sizeof (ux_addr)); 2424 /* 2425 * Check that we got correct address from sockets 2426 */ 2427 if ((ux_addr.soua_magic != SOU_MAGIC_EXPLICIT) && 2428 (ux_addr.soua_magic != SOU_MAGIC_IMPLICIT)) { 2429 (void) (STRLOG(TL_ID, tep->te_minor, 2430 1, SL_TRACE|SL_ERROR, 2431 "tl_bind: invalid socket magic")); 2432 tep->te_state = NEXTSTATE(TE_ERROR_ACK, tep->te_state); 2433 tli_err = TSYSERR; unix_err = EINVAL; 2434 goto error; 2435 } 2436 if ((ux_addr.soua_magic == SOU_MAGIC_IMPLICIT) && 2437 (ux_addr.soua_vp != NULL)) { 2438 (void) (STRLOG(TL_ID, tep->te_minor, 2439 1, SL_TRACE|SL_ERROR, 2440 "tl_bind: implicit addr non-empty")); 2441 tep->te_state = NEXTSTATE(TE_ERROR_ACK, tep->te_state); 2442 tli_err = TSYSERR; unix_err = EINVAL; 2443 goto error; 2444 } 2445 if ((ux_addr.soua_magic == SOU_MAGIC_EXPLICIT) && 2446 (ux_addr.soua_vp == NULL)) { 2447 (void) (STRLOG(TL_ID, tep->te_minor, 2448 1, SL_TRACE|SL_ERROR, 2449 "tl_bind: explicit addr empty")); 2450 tep->te_state = NEXTSTATE(TE_ERROR_ACK, tep->te_state); 2451 tli_err = TSYSERR; unix_err = EINVAL; 2452 goto error; 2453 } 2454 } else { 2455 if ((alen > 0) && ((aoff < 0) || 2456 ((ssize_t)(aoff + alen) > msz) || 2457 ((aoff + alen) < 0))) { 2458 (void) (STRLOG(TL_ID, tep->te_minor, 2459 1, SL_TRACE|SL_ERROR, 2460 "tl_bind: invalid message")); 2461 tep->te_state = NEXTSTATE(TE_ERROR_ACK, tep->te_state); 2462 tli_err = TSYSERR; unix_err = EINVAL; 2463 goto error; 2464 } 2465 if ((alen < 0) || (alen > (msz - sizeof (struct T_bind_req)))) { 2466 (void) (STRLOG(TL_ID, tep->te_minor, 2467 1, SL_TRACE|SL_ERROR, 2468 "tl_bind: bad addr in message")); 2469 tep->te_state = NEXTSTATE(TE_ERROR_ACK, tep->te_state); 2470 tli_err = TBADADDR; 2471 goto error; 2472 } 2473 #ifdef DEBUG 2474 /* 2475 * Mild form of ASSERT()ion to detect broken TPI apps. 2476 * if (! assertion) 2477 * log warning; 2478 */ 2479 if (! ((alen == 0 && aoff == 0) || 2480 (aoff >= (t_scalar_t)(sizeof (struct T_bind_req))))) { 2481 (void) (STRLOG(TL_ID, tep->te_minor, 2482 3, SL_TRACE|SL_ERROR, 2483 "tl_bind: addr overlaps TPI message")); 2484 } 2485 #endif 2486 } 2487 2488 /* 2489 * Bind the address provided or allocate one if requested. 2490 * Allow rebinds with a new qlen value. 2491 */ 2492 if (IS_SOCKET(tep)) { 2493 /* 2494 * For anonymous requests the te_ap is already set up properly 2495 * so use minor number as an address. 2496 * For explicit requests need to check whether the address is 2497 * already in use. 2498 */ 2499 if (ux_addr.soua_magic == SOU_MAGIC_EXPLICIT) { 2500 int rc; 2501 2502 if (tep->te_flag & TL_ADDRHASHED) { 2503 ASSERT(IS_COTS(tep) && tep->te_qlen == 0); 2504 if (tep->te_vp == ux_addr.soua_vp) 2505 goto skip_addr_bind; 2506 else /* Rebind to a new address. */ 2507 tl_addr_unbind(tep); 2508 } 2509 /* 2510 * Insert address in the hash if it is not already 2511 * there. Since we use preallocated handle, the insert 2512 * can fail only if the key is already present. 2513 */ 2514 rc = mod_hash_insert_reserve(tep->te_addrhash, 2515 (mod_hash_key_t)ux_addr.soua_vp, 2516 (mod_hash_val_t)tep, tep->te_hash_hndl); 2517 2518 if (rc != 0) { 2519 ASSERT(rc == MH_ERR_DUPLICATE); 2520 /* 2521 * Violate O_T_BIND_REQ semantics and fail with 2522 * TADDRBUSY - sockets will not use any address 2523 * other than supplied one for explicit binds. 2524 */ 2525 (void) (STRLOG(TL_ID, tep->te_minor, 1, 2526 SL_TRACE|SL_ERROR, 2527 "tl_bind:requested addr %p is busy", 2528 ux_addr.soua_vp)); 2529 tli_err = TADDRBUSY; unix_err = 0; 2530 goto error; 2531 } 2532 tep->te_uxaddr = ux_addr; 2533 tep->te_flag |= TL_ADDRHASHED; 2534 tep->te_hash_hndl = NULL; 2535 } 2536 } else if (alen == 0) { 2537 /* 2538 * assign any free address 2539 */ 2540 if (! tl_get_any_addr(tep, NULL)) { 2541 (void) (STRLOG(TL_ID, tep->te_minor, 2542 1, SL_TRACE|SL_ERROR, 2543 "tl_bind:failed to get buffer for any " 2544 "address")); 2545 tli_err = TSYSERR; unix_err = ENOSR; 2546 goto error; 2547 } 2548 } else { 2549 addr_req.ta_alen = alen; 2550 addr_req.ta_abuf = (mp->b_rptr + aoff); 2551 addr_req.ta_zoneid = tep->te_zoneid; 2552 2553 tep->te_abuf = kmem_zalloc((size_t)alen, KM_NOSLEEP); 2554 if (tep->te_abuf == NULL) { 2555 tli_err = TSYSERR; unix_err = ENOSR; 2556 goto error; 2557 } 2558 bcopy(addr_req.ta_abuf, tep->te_abuf, addr_req.ta_alen); 2559 tep->te_alen = alen; 2560 2561 if (mod_hash_insert_reserve(tep->te_addrhash, 2562 (mod_hash_key_t)&tep->te_ap, (mod_hash_val_t)tep, 2563 tep->te_hash_hndl) != 0) { 2564 if (save_prim_type == T_BIND_REQ) { 2565 /* 2566 * The bind semantics for this primitive 2567 * require a failure if the exact address 2568 * requested is busy 2569 */ 2570 (void) (STRLOG(TL_ID, tep->te_minor, 1, 2571 SL_TRACE|SL_ERROR, 2572 "tl_bind:requested addr is busy")); 2573 tli_err = TADDRBUSY; unix_err = 0; 2574 goto error; 2575 } 2576 2577 /* 2578 * O_T_BIND_REQ semantics say if address if requested 2579 * address is busy, bind to any available free address 2580 */ 2581 if (! tl_get_any_addr(tep, &addr_req)) { 2582 (void) (STRLOG(TL_ID, tep->te_minor, 1, 2583 SL_TRACE|SL_ERROR, 2584 "tl_bind:unable to get any addr buf")); 2585 tli_err = TSYSERR; unix_err = ENOMEM; 2586 goto error; 2587 } 2588 } else { 2589 tep->te_flag |= TL_ADDRHASHED; 2590 tep->te_hash_hndl = NULL; 2591 } 2592 } 2593 2594 ASSERT(tep->te_alen >= 0); 2595 2596 skip_addr_bind: 2597 /* 2598 * prepare T_BIND_ACK TPI message 2599 */ 2600 basize = sizeof (struct T_bind_ack) + tep->te_alen; 2601 bamp = reallocb(mp, basize, 0); 2602 if (bamp == NULL) { 2603 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 2604 "tl_wput:tl_bind: allocb failed")); 2605 /* 2606 * roll back state changes 2607 */ 2608 tl_addr_unbind(tep); 2609 tep->te_state = TS_UNBND; 2610 tl_memrecover(wq, mp, basize); 2611 return; 2612 } 2613 2614 DB_TYPE(bamp) = M_PCPROTO; 2615 bamp->b_wptr = bamp->b_rptr + basize; 2616 b_ack = (struct T_bind_ack *)bamp->b_rptr; 2617 b_ack->PRIM_type = T_BIND_ACK; 2618 b_ack->CONIND_number = qlen; 2619 b_ack->ADDR_length = tep->te_alen; 2620 b_ack->ADDR_offset = (t_scalar_t)sizeof (struct T_bind_ack); 2621 addr_startp = bamp->b_rptr + b_ack->ADDR_offset; 2622 bcopy(tep->te_abuf, addr_startp, tep->te_alen); 2623 2624 if (IS_COTS(tep)) { 2625 tep->te_qlen = qlen; 2626 if (qlen > 0) 2627 tep->te_flag |= TL_LISTENER; 2628 } 2629 2630 tep->te_state = NEXTSTATE(TE_BIND_ACK, tep->te_state); 2631 /* 2632 * send T_BIND_ACK message 2633 */ 2634 (void) qreply(wq, bamp); 2635 return; 2636 2637 error: 2638 ackmp = reallocb(mp, sizeof (struct T_error_ack), 0); 2639 if (ackmp == NULL) { 2640 /* 2641 * roll back state changes 2642 */ 2643 tep->te_state = save_state; 2644 tl_memrecover(wq, mp, sizeof (struct T_error_ack)); 2645 return; 2646 } 2647 tep->te_state = NEXTSTATE(TE_ERROR_ACK, tep->te_state); 2648 tl_error_ack(wq, ackmp, tli_err, unix_err, save_prim_type); 2649 } 2650 2651 /* 2652 * Process T_UNBIND_REQ. 2653 * Called from serializer. 2654 */ 2655 static void 2656 tl_unbind(mblk_t *mp, tl_endpt_t *tep) 2657 { 2658 queue_t *wq; 2659 mblk_t *ackmp; 2660 2661 if (tep->te_closing) { 2662 freemsg(mp); 2663 return; 2664 } 2665 2666 wq = tep->te_wq; 2667 2668 /* 2669 * preallocate memory for max of T_OK_ACK and T_ERROR_ACK 2670 * ==> allocate for T_ERROR_ACK (known max) 2671 */ 2672 if ((ackmp = reallocb(mp, sizeof (struct T_error_ack), 0)) == NULL) { 2673 tl_memrecover(wq, mp, sizeof (struct T_error_ack)); 2674 return; 2675 } 2676 /* 2677 * memory resources committed 2678 * Note: no message validation. T_UNBIND_REQ message is 2679 * same size as PRIM_type field so already verified earlier. 2680 */ 2681 2682 /* 2683 * validate state 2684 */ 2685 if (tep->te_state != TS_IDLE) { 2686 (void) (STRLOG(TL_ID, tep->te_minor, 1, 2687 SL_TRACE|SL_ERROR, 2688 "tl_wput:T_UNBIND_REQ:out of state, state=%d", 2689 tep->te_state)); 2690 tl_error_ack(wq, ackmp, TOUTSTATE, 0, T_UNBIND_REQ); 2691 return; 2692 } 2693 tep->te_state = NEXTSTATE(TE_UNBIND_REQ, tep->te_state); 2694 2695 /* 2696 * TPI says on T_UNBIND_REQ: 2697 * send up a M_FLUSH to flush both 2698 * read and write queues 2699 */ 2700 (void) putnextctl1(RD(wq), M_FLUSH, FLUSHRW); 2701 2702 if (! IS_SOCKET(tep) || !IS_CLTS(tep) || tep->te_qlen != 0 || 2703 tep->te_magic != SOU_MAGIC_EXPLICIT) { 2704 2705 /* 2706 * Sockets use bind with qlen==0 followed by bind() to 2707 * the same address with qlen > 0 for listeners. 2708 * We allow rebind with a new qlen value. 2709 */ 2710 tl_addr_unbind(tep); 2711 } 2712 2713 tep->te_state = NEXTSTATE(TE_OK_ACK1, tep->te_state); 2714 /* 2715 * send T_OK_ACK 2716 */ 2717 tl_ok_ack(wq, ackmp, T_UNBIND_REQ); 2718 } 2719 2720 2721 /* 2722 * Option management code from drv/ip is used here 2723 * Note: TL_PROT_LEVEL/TL_IOC_CREDOPT option is not part of tl_opt_arr 2724 * database of options. So optcom_req() will fail T_SVR4_OPTMGMT_REQ. 2725 * However, that is what we want as that option is 'unorthodox' 2726 * and only valid in T_CONN_IND, T_CONN_CON and T_UNITDATA_IND 2727 * and not in T_SVR4_OPTMGMT_REQ/ACK 2728 * Note2: use of optcom_req means this routine is an exception to 2729 * recovery from allocb() failures. 2730 */ 2731 2732 static void 2733 tl_optmgmt(queue_t *wq, mblk_t *mp) 2734 { 2735 tl_endpt_t *tep; 2736 mblk_t *ackmp; 2737 union T_primitives *prim; 2738 cred_t *cr; 2739 2740 tep = (tl_endpt_t *)wq->q_ptr; 2741 prim = (union T_primitives *)mp->b_rptr; 2742 2743 /* 2744 * All Solaris components should pass a db_credp 2745 * for this TPI message, hence we ASSERT. 2746 * But in case there is some other M_PROTO that looks 2747 * like a TPI message sent by some other kernel 2748 * component, we check and return an error. 2749 */ 2750 cr = msg_getcred(mp, NULL); 2751 ASSERT(cr != NULL); 2752 if (cr == NULL) { 2753 tl_error_ack(wq, mp, TSYSERR, EINVAL, prim->type); 2754 return; 2755 } 2756 2757 /* all states OK for AF_UNIX options ? */ 2758 if (!IS_SOCKET(tep) && tep->te_state != TS_IDLE && 2759 prim->type == T_SVR4_OPTMGMT_REQ) { 2760 /* 2761 * Broken TLI semantics that options can only be managed 2762 * in TS_IDLE state. Needed for Sparc ABI test suite that 2763 * tests this TLI (mis)feature using this device driver. 2764 */ 2765 (void) (STRLOG(TL_ID, tep->te_minor, 1, 2766 SL_TRACE|SL_ERROR, 2767 "tl_wput:T_SVR4_OPTMGMT_REQ:out of state, state=%d", 2768 tep->te_state)); 2769 /* 2770 * preallocate memory for T_ERROR_ACK 2771 */ 2772 ackmp = allocb(sizeof (struct T_error_ack), BPRI_MED); 2773 if (! ackmp) { 2774 tl_memrecover(wq, mp, sizeof (struct T_error_ack)); 2775 return; 2776 } 2777 2778 tl_error_ack(wq, ackmp, TOUTSTATE, 0, T_SVR4_OPTMGMT_REQ); 2779 freemsg(mp); 2780 return; 2781 } 2782 2783 /* 2784 * call common option management routine from drv/ip 2785 */ 2786 if (prim->type == T_SVR4_OPTMGMT_REQ) { 2787 svr4_optcom_req(wq, mp, cr, &tl_opt_obj); 2788 } else { 2789 ASSERT(prim->type == T_OPTMGMT_REQ); 2790 tpi_optcom_req(wq, mp, cr, &tl_opt_obj); 2791 } 2792 } 2793 2794 /* 2795 * Handle T_conn_req - the driver part of accept(). 2796 * If TL_SET[U]CRED generate the credentials options. 2797 * If this is a socket pass through options unmodified. 2798 * For sockets generate the T_CONN_CON here instead of 2799 * waiting for the T_CONN_RES. 2800 */ 2801 static void 2802 tl_conn_req(queue_t *wq, mblk_t *mp) 2803 { 2804 tl_endpt_t *tep = (tl_endpt_t *)wq->q_ptr; 2805 struct T_conn_req *creq = (struct T_conn_req *)mp->b_rptr; 2806 ssize_t msz = MBLKL(mp); 2807 t_scalar_t alen, aoff, olen, ooff, err = 0; 2808 tl_endpt_t *peer_tep = NULL; 2809 mblk_t *ackmp; 2810 mblk_t *dimp; 2811 struct T_discon_ind *di; 2812 soux_addr_t ux_addr; 2813 tl_addr_t dst; 2814 2815 ASSERT(IS_COTS(tep)); 2816 2817 if (tep->te_closing) { 2818 freemsg(mp); 2819 return; 2820 } 2821 2822 /* 2823 * preallocate memory for: 2824 * 1. max of T_ERROR_ACK and T_OK_ACK 2825 * ==> known max T_ERROR_ACK 2826 * 2. max of T_DISCON_IND and T_CONN_IND 2827 */ 2828 ackmp = allocb(sizeof (struct T_error_ack), BPRI_MED); 2829 if (! ackmp) { 2830 tl_memrecover(wq, mp, sizeof (struct T_error_ack)); 2831 return; 2832 } 2833 /* 2834 * memory committed for T_OK_ACK/T_ERROR_ACK now 2835 * will be committed for T_DISCON_IND/T_CONN_IND later 2836 */ 2837 2838 if (tep->te_state != TS_IDLE) { 2839 (void) (STRLOG(TL_ID, tep->te_minor, 1, 2840 SL_TRACE|SL_ERROR, 2841 "tl_wput:T_CONN_REQ:out of state, state=%d", 2842 tep->te_state)); 2843 tl_error_ack(wq, ackmp, TOUTSTATE, 0, T_CONN_REQ); 2844 freemsg(mp); 2845 return; 2846 } 2847 2848 /* 2849 * validate the message 2850 * Note: dereference fields in struct inside message only 2851 * after validating the message length. 2852 */ 2853 if (msz < sizeof (struct T_conn_req)) { 2854 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 2855 "tl_conn_req:invalid message length")); 2856 tl_error_ack(wq, ackmp, TSYSERR, EINVAL, T_CONN_REQ); 2857 freemsg(mp); 2858 return; 2859 } 2860 alen = creq->DEST_length; 2861 aoff = creq->DEST_offset; 2862 olen = creq->OPT_length; 2863 ooff = creq->OPT_offset; 2864 if (olen == 0) 2865 ooff = 0; 2866 2867 if (IS_SOCKET(tep)) { 2868 if ((alen != TL_SOUX_ADDRLEN) || 2869 (aoff < 0) || 2870 (aoff + alen > msz) || 2871 (alen > msz - sizeof (struct T_conn_req))) { 2872 (void) (STRLOG(TL_ID, tep->te_minor, 2873 1, SL_TRACE|SL_ERROR, 2874 "tl_conn_req: invalid socket addr")); 2875 tl_error_ack(wq, ackmp, TSYSERR, EINVAL, T_CONN_REQ); 2876 freemsg(mp); 2877 return; 2878 } 2879 bcopy(mp->b_rptr + aoff, &ux_addr, TL_SOUX_ADDRLEN); 2880 if ((ux_addr.soua_magic != SOU_MAGIC_IMPLICIT) && 2881 (ux_addr.soua_magic != SOU_MAGIC_EXPLICIT)) { 2882 (void) (STRLOG(TL_ID, tep->te_minor, 2883 1, SL_TRACE|SL_ERROR, 2884 "tl_conn_req: invalid socket magic")); 2885 tl_error_ack(wq, ackmp, TSYSERR, EINVAL, T_CONN_REQ); 2886 freemsg(mp); 2887 return; 2888 } 2889 } else { 2890 if ((alen > 0 && ((aoff + alen) > msz || aoff + alen < 0)) || 2891 (olen > 0 && ((ssize_t)(ooff + olen) > msz || 2892 ooff + olen < 0)) || 2893 olen < 0 || ooff < 0) { 2894 (void) (STRLOG(TL_ID, tep->te_minor, 1, 2895 SL_TRACE|SL_ERROR, 2896 "tl_conn_req:invalid message")); 2897 tl_error_ack(wq, ackmp, TSYSERR, EINVAL, T_CONN_REQ); 2898 freemsg(mp); 2899 return; 2900 } 2901 2902 if (alen <= 0 || aoff < 0 || 2903 (ssize_t)alen > msz - sizeof (struct T_conn_req)) { 2904 (void) (STRLOG(TL_ID, tep->te_minor, 1, 2905 SL_TRACE|SL_ERROR, 2906 "tl_conn_req:bad addr in message, " 2907 "alen=%d, msz=%ld", 2908 alen, msz)); 2909 tl_error_ack(wq, ackmp, TBADADDR, 0, T_CONN_REQ); 2910 freemsg(mp); 2911 return; 2912 } 2913 #ifdef DEBUG 2914 /* 2915 * Mild form of ASSERT()ion to detect broken TPI apps. 2916 * if (! assertion) 2917 * log warning; 2918 */ 2919 if (! (aoff >= (t_scalar_t)sizeof (struct T_conn_req))) { 2920 (void) (STRLOG(TL_ID, tep->te_minor, 3, 2921 SL_TRACE|SL_ERROR, 2922 "tl_conn_req: addr overlaps TPI message")); 2923 } 2924 #endif 2925 if (olen) { 2926 /* 2927 * no opts in connect req 2928 * supported in this provider except for sockets. 2929 */ 2930 (void) (STRLOG(TL_ID, tep->te_minor, 1, 2931 SL_TRACE|SL_ERROR, 2932 "tl_conn_req:options not supported " 2933 "in message")); 2934 tl_error_ack(wq, ackmp, TBADOPT, 0, T_CONN_REQ); 2935 freemsg(mp); 2936 return; 2937 } 2938 } 2939 2940 /* 2941 * Prevent tep from closing on us. 2942 */ 2943 if (! tl_noclose(tep)) { 2944 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 2945 "tl_conn_req:endpoint is closing")); 2946 tl_error_ack(wq, ackmp, TOUTSTATE, 0, T_CONN_REQ); 2947 freemsg(mp); 2948 return; 2949 } 2950 2951 tep->te_state = NEXTSTATE(TE_CONN_REQ, tep->te_state); 2952 /* 2953 * get endpoint to connect to 2954 * check that peer with DEST addr is bound to addr 2955 * and has CONIND_number > 0 2956 */ 2957 dst.ta_alen = alen; 2958 dst.ta_abuf = mp->b_rptr + aoff; 2959 dst.ta_zoneid = tep->te_zoneid; 2960 2961 /* 2962 * Verify if remote addr is in use 2963 */ 2964 peer_tep = (IS_SOCKET(tep) ? 2965 tl_sock_find_peer(tep, &ux_addr) : 2966 tl_find_peer(tep, &dst)); 2967 2968 if (peer_tep == NULL) { 2969 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 2970 "tl_conn_req:no one at connect address")); 2971 err = ECONNREFUSED; 2972 } else if (peer_tep->te_nicon >= peer_tep->te_qlen) { 2973 /* 2974 * validate that number of incoming connection is 2975 * not to capacity on destination endpoint 2976 */ 2977 (void) (STRLOG(TL_ID, tep->te_minor, 2, SL_TRACE, 2978 "tl_conn_req: qlen overflow connection refused")); 2979 err = ECONNREFUSED; 2980 } 2981 2982 /* 2983 * Send T_DISCON_IND in case of error 2984 */ 2985 if (err != 0) { 2986 if (peer_tep != NULL) 2987 tl_refrele(peer_tep); 2988 /* We are still expected to send T_OK_ACK */ 2989 tep->te_state = NEXTSTATE(TE_OK_ACK1, tep->te_state); 2990 tl_ok_ack(tep->te_wq, ackmp, T_CONN_REQ); 2991 tl_closeok(tep); 2992 dimp = tpi_ack_alloc(mp, sizeof (struct T_discon_ind), 2993 M_PROTO, T_DISCON_IND); 2994 if (dimp == NULL) { 2995 tl_merror(wq, NULL, ENOSR); 2996 return; 2997 } 2998 di = (struct T_discon_ind *)dimp->b_rptr; 2999 di->DISCON_reason = err; 3000 di->SEQ_number = BADSEQNUM; 3001 3002 tep->te_state = TS_IDLE; 3003 /* 3004 * send T_DISCON_IND message 3005 */ 3006 putnext(tep->te_rq, dimp); 3007 return; 3008 } 3009 3010 ASSERT(IS_COTS(peer_tep)); 3011 3012 /* 3013 * Found the listener. At this point processing will continue on 3014 * listener serializer. Close of the endpoint should be blocked while we 3015 * switch serializers. 3016 */ 3017 tl_serializer_refhold(peer_tep->te_ser); 3018 tl_serializer_refrele(tep->te_ser); 3019 tep->te_ser = peer_tep->te_ser; 3020 ASSERT(tep->te_oconp == NULL); 3021 tep->te_oconp = peer_tep; 3022 3023 /* 3024 * It is safe to close now. Close may continue on listener serializer. 3025 */ 3026 tl_closeok(tep); 3027 3028 /* 3029 * Pass ackmp to tl_conn_req_ser. Note that mp->b_cont may contain user 3030 * data, so we link mp to ackmp. 3031 */ 3032 ackmp->b_cont = mp; 3033 mp = ackmp; 3034 3035 tl_refhold(tep); 3036 tl_serializer_enter(tep, tl_conn_req_ser, mp); 3037 } 3038 3039 /* 3040 * Finish T_CONN_REQ processing on listener serializer. 3041 */ 3042 static void 3043 tl_conn_req_ser(mblk_t *mp, tl_endpt_t *tep) 3044 { 3045 queue_t *wq; 3046 tl_endpt_t *peer_tep = tep->te_oconp; 3047 mblk_t *confmp, *cimp, *indmp; 3048 void *opts = NULL; 3049 mblk_t *ackmp = mp; 3050 struct T_conn_req *creq = (struct T_conn_req *)mp->b_cont->b_rptr; 3051 struct T_conn_ind *ci; 3052 tl_icon_t *tip; 3053 void *addr_startp; 3054 t_scalar_t olen = creq->OPT_length; 3055 t_scalar_t ooff = creq->OPT_offset; 3056 size_t ci_msz; 3057 size_t size; 3058 cred_t *cr = NULL; 3059 pid_t cpid; 3060 3061 if (tep->te_closing) { 3062 TL_UNCONNECT(tep->te_oconp); 3063 tl_serializer_exit(tep); 3064 tl_refrele(tep); 3065 freemsg(mp); 3066 return; 3067 } 3068 3069 wq = tep->te_wq; 3070 tep->te_flag |= TL_EAGER; 3071 3072 /* 3073 * Extract preallocated ackmp from mp. 3074 */ 3075 mp = mp->b_cont; 3076 ackmp->b_cont = NULL; 3077 3078 if (olen == 0) 3079 ooff = 0; 3080 3081 if (peer_tep->te_closing || 3082 !((peer_tep->te_state == TS_IDLE) || 3083 (peer_tep->te_state == TS_WRES_CIND))) { 3084 (void) (STRLOG(TL_ID, tep->te_minor, 2, SL_TRACE | SL_ERROR, 3085 "tl_conn_req:peer in bad state (%d)", 3086 peer_tep->te_state)); 3087 TL_UNCONNECT(tep->te_oconp); 3088 tl_error_ack(wq, mp, TSYSERR, ECONNREFUSED, T_CONN_REQ); 3089 freemsg(ackmp); 3090 tl_serializer_exit(tep); 3091 tl_refrele(tep); 3092 return; 3093 } 3094 3095 /* 3096 * preallocate now for T_DISCON_IND or T_CONN_IND 3097 */ 3098 /* 3099 * calculate length of T_CONN_IND message 3100 */ 3101 if (peer_tep->te_flag & (TL_SETCRED|TL_SETUCRED)) { 3102 cr = msg_getcred(mp, &cpid); 3103 ASSERT(cr != NULL); 3104 if (peer_tep->te_flag & TL_SETCRED) { 3105 ooff = 0; 3106 olen = (t_scalar_t) sizeof (struct opthdr) + 3107 OPTLEN(sizeof (tl_credopt_t)); 3108 /* 1 option only */ 3109 } else { 3110 ooff = 0; 3111 olen = (t_scalar_t)sizeof (struct opthdr) + 3112 OPTLEN(ucredminsize(cr)); 3113 /* 1 option only */ 3114 } 3115 } 3116 ci_msz = sizeof (struct T_conn_ind) + tep->te_alen; 3117 ci_msz = T_ALIGN(ci_msz) + olen; 3118 size = max(ci_msz, sizeof (struct T_discon_ind)); 3119 3120 /* 3121 * Save options from mp - we'll need them for T_CONN_IND. 3122 */ 3123 if (ooff != 0) { 3124 opts = kmem_alloc(olen, KM_NOSLEEP); 3125 if (opts == NULL) { 3126 /* 3127 * roll back state changes 3128 */ 3129 tep->te_state = TS_IDLE; 3130 tl_memrecover(wq, mp, size); 3131 freemsg(ackmp); 3132 TL_UNCONNECT(tep->te_oconp); 3133 tl_serializer_exit(tep); 3134 tl_refrele(tep); 3135 return; 3136 } 3137 /* Copy options to a temp buffer */ 3138 bcopy(mp->b_rptr + ooff, opts, olen); 3139 } 3140 3141 if (IS_SOCKET(tep) && !tl_disable_early_connect) { 3142 /* 3143 * Generate a T_CONN_CON that has the identical address 3144 * (and options) as the T_CONN_REQ. 3145 * NOTE: assumes that the T_conn_req and T_conn_con structures 3146 * are isomorphic. 3147 */ 3148 confmp = copyb(mp); 3149 if (! confmp) { 3150 /* 3151 * roll back state changes 3152 */ 3153 tep->te_state = TS_IDLE; 3154 tl_memrecover(wq, mp, mp->b_wptr - mp->b_rptr); 3155 freemsg(ackmp); 3156 if (opts != NULL) 3157 kmem_free(opts, olen); 3158 TL_UNCONNECT(tep->te_oconp); 3159 tl_serializer_exit(tep); 3160 tl_refrele(tep); 3161 return; 3162 } 3163 ((struct T_conn_con *)(confmp->b_rptr))->PRIM_type = 3164 T_CONN_CON; 3165 } else { 3166 confmp = NULL; 3167 } 3168 if ((indmp = reallocb(mp, size, 0)) == NULL) { 3169 /* 3170 * roll back state changes 3171 */ 3172 tep->te_state = TS_IDLE; 3173 tl_memrecover(wq, mp, size); 3174 freemsg(ackmp); 3175 if (opts != NULL) 3176 kmem_free(opts, olen); 3177 freemsg(confmp); 3178 TL_UNCONNECT(tep->te_oconp); 3179 tl_serializer_exit(tep); 3180 tl_refrele(tep); 3181 return; 3182 } 3183 3184 tip = kmem_zalloc(sizeof (*tip), KM_NOSLEEP); 3185 if (tip == NULL) { 3186 /* 3187 * roll back state changes 3188 */ 3189 tep->te_state = TS_IDLE; 3190 tl_memrecover(wq, indmp, sizeof (*tip)); 3191 freemsg(ackmp); 3192 if (opts != NULL) 3193 kmem_free(opts, olen); 3194 freemsg(confmp); 3195 TL_UNCONNECT(tep->te_oconp); 3196 tl_serializer_exit(tep); 3197 tl_refrele(tep); 3198 return; 3199 } 3200 tip->ti_mp = NULL; 3201 3202 /* 3203 * memory is now committed for T_DISCON_IND/T_CONN_IND/T_CONN_CON 3204 * and tl_icon_t cell. 3205 */ 3206 3207 /* 3208 * ack validity of request and send the peer credential in the ACK. 3209 */ 3210 tep->te_state = NEXTSTATE(TE_OK_ACK1, tep->te_state); 3211 3212 if (peer_tep != NULL && peer_tep->te_credp != NULL && 3213 confmp != NULL) { 3214 mblk_setcred(confmp, peer_tep->te_credp, peer_tep->te_cpid); 3215 } 3216 3217 tl_ok_ack(wq, ackmp, T_CONN_REQ); 3218 3219 /* 3220 * prepare message to send T_CONN_IND 3221 */ 3222 /* 3223 * allocate the message - original data blocks retained 3224 * in the returned mblk 3225 */ 3226 cimp = tl_resizemp(indmp, size); 3227 if (! cimp) { 3228 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE|SL_ERROR, 3229 "tl_conn_req:con_ind:allocb failure")); 3230 tl_merror(wq, indmp, ENOMEM); 3231 TL_UNCONNECT(tep->te_oconp); 3232 tl_serializer_exit(tep); 3233 tl_refrele(tep); 3234 if (opts != NULL) 3235 kmem_free(opts, olen); 3236 freemsg(confmp); 3237 ASSERT(tip->ti_mp == NULL); 3238 kmem_free(tip, sizeof (*tip)); 3239 return; 3240 } 3241 3242 DB_TYPE(cimp) = M_PROTO; 3243 ci = (struct T_conn_ind *)cimp->b_rptr; 3244 ci->PRIM_type = T_CONN_IND; 3245 ci->SRC_offset = (t_scalar_t)sizeof (struct T_conn_ind); 3246 ci->SRC_length = tep->te_alen; 3247 ci->SEQ_number = tep->te_seqno; 3248 3249 addr_startp = cimp->b_rptr + ci->SRC_offset; 3250 bcopy(tep->te_abuf, addr_startp, tep->te_alen); 3251 if (peer_tep->te_flag & (TL_SETCRED|TL_SETUCRED)) { 3252 3253 ci->OPT_offset = (t_scalar_t)T_ALIGN(ci->SRC_offset + 3254 ci->SRC_length); 3255 ci->OPT_length = olen; /* because only 1 option */ 3256 tl_fill_option(cimp->b_rptr + ci->OPT_offset, 3257 cr, cpid, 3258 peer_tep->te_flag, peer_tep->te_credp); 3259 } else if (ooff != 0) { 3260 /* Copy option from T_CONN_REQ */ 3261 ci->OPT_offset = (t_scalar_t)T_ALIGN(ci->SRC_offset + 3262 ci->SRC_length); 3263 ci->OPT_length = olen; 3264 ASSERT(opts != NULL); 3265 bcopy(opts, (void *)((uintptr_t)ci + ci->OPT_offset), olen); 3266 } else { 3267 ci->OPT_offset = 0; 3268 ci->OPT_length = 0; 3269 } 3270 if (opts != NULL) 3271 kmem_free(opts, olen); 3272 3273 /* 3274 * register connection request with server peer 3275 * append to list of incoming connections 3276 * increment references for both peer_tep and tep: peer_tep is placed on 3277 * te_oconp and tep is placed on listeners queue. 3278 */ 3279 tip->ti_tep = tep; 3280 tip->ti_seqno = tep->te_seqno; 3281 list_insert_tail(&peer_tep->te_iconp, tip); 3282 peer_tep->te_nicon++; 3283 3284 peer_tep->te_state = NEXTSTATE(TE_CONN_IND, peer_tep->te_state); 3285 /* 3286 * send the T_CONN_IND message 3287 */ 3288 putnext(peer_tep->te_rq, cimp); 3289 3290 /* 3291 * Send a T_CONN_CON message for sockets. 3292 * Disable the queues until we have reached the correct state! 3293 */ 3294 if (confmp != NULL) { 3295 tep->te_state = NEXTSTATE(TE_CONN_CON, tep->te_state); 3296 noenable(wq); 3297 putnext(tep->te_rq, confmp); 3298 } 3299 /* 3300 * Now we need to increment tep reference because tep is referenced by 3301 * server list of pending connections. We also need to decrement 3302 * reference before exiting serializer. Two operations void each other 3303 * so we don't modify reference at all. 3304 */ 3305 ASSERT(tep->te_refcnt >= 2); 3306 ASSERT(peer_tep->te_refcnt >= 2); 3307 tl_serializer_exit(tep); 3308 } 3309 3310 3311 3312 /* 3313 * Handle T_conn_res on listener stream. Called on listener serializer. 3314 * tl_conn_req has already generated the T_CONN_CON. 3315 * tl_conn_res is called on listener serializer. 3316 * No one accesses acceptor at this point, so it is safe to modify acceptor. 3317 * Switch eager serializer to acceptor's. 3318 * 3319 * If TL_SET[U]CRED generate the credentials options. 3320 * For sockets tl_conn_req has already generated the T_CONN_CON. 3321 */ 3322 static void 3323 tl_conn_res(mblk_t *mp, tl_endpt_t *tep) 3324 { 3325 queue_t *wq; 3326 struct T_conn_res *cres = (struct T_conn_res *)mp->b_rptr; 3327 ssize_t msz = MBLKL(mp); 3328 t_scalar_t olen, ooff, err = 0; 3329 t_scalar_t prim = cres->PRIM_type; 3330 uchar_t *addr_startp; 3331 tl_endpt_t *acc_ep = NULL, *cl_ep = NULL; 3332 tl_icon_t *tip; 3333 size_t size; 3334 mblk_t *ackmp, *respmp; 3335 mblk_t *dimp, *ccmp = NULL; 3336 struct T_discon_ind *di; 3337 struct T_conn_con *cc; 3338 boolean_t client_noclose_set = B_FALSE; 3339 boolean_t switch_client_serializer = B_TRUE; 3340 3341 ASSERT(IS_COTS(tep)); 3342 3343 if (tep->te_closing) { 3344 freemsg(mp); 3345 return; 3346 } 3347 3348 wq = tep->te_wq; 3349 3350 /* 3351 * preallocate memory for: 3352 * 1. max of T_ERROR_ACK and T_OK_ACK 3353 * ==> known max T_ERROR_ACK 3354 * 2. max of T_DISCON_IND and T_CONN_CON 3355 */ 3356 ackmp = allocb(sizeof (struct T_error_ack), BPRI_MED); 3357 if (! ackmp) { 3358 tl_memrecover(wq, mp, sizeof (struct T_error_ack)); 3359 return; 3360 } 3361 /* 3362 * memory committed for T_OK_ACK/T_ERROR_ACK now 3363 * will be committed for T_DISCON_IND/T_CONN_CON later 3364 */ 3365 3366 3367 ASSERT(prim == T_CONN_RES || prim == O_T_CONN_RES); 3368 3369 /* 3370 * validate state 3371 */ 3372 if (tep->te_state != TS_WRES_CIND) { 3373 (void) (STRLOG(TL_ID, tep->te_minor, 1, 3374 SL_TRACE|SL_ERROR, 3375 "tl_wput:T_CONN_RES:out of state, state=%d", 3376 tep->te_state)); 3377 tl_error_ack(wq, ackmp, TOUTSTATE, 0, prim); 3378 freemsg(mp); 3379 return; 3380 } 3381 3382 /* 3383 * validate the message 3384 * Note: dereference fields in struct inside message only 3385 * after validating the message length. 3386 */ 3387 if (msz < sizeof (struct T_conn_res)) { 3388 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 3389 "tl_conn_res:invalid message length")); 3390 tl_error_ack(wq, ackmp, TSYSERR, EINVAL, prim); 3391 freemsg(mp); 3392 return; 3393 } 3394 olen = cres->OPT_length; 3395 ooff = cres->OPT_offset; 3396 if (((olen > 0) && ((ooff + olen) > msz))) { 3397 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 3398 "tl_conn_res:invalid message")); 3399 tl_error_ack(wq, ackmp, TSYSERR, EINVAL, prim); 3400 freemsg(mp); 3401 return; 3402 } 3403 if (olen) { 3404 /* 3405 * no opts in connect res 3406 * supported in this provider 3407 */ 3408 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 3409 "tl_conn_res:options not supported in message")); 3410 tl_error_ack(wq, ackmp, TBADOPT, 0, prim); 3411 freemsg(mp); 3412 return; 3413 } 3414 3415 tep->te_state = NEXTSTATE(TE_CONN_RES, tep->te_state); 3416 ASSERT(tep->te_state == TS_WACK_CRES); 3417 3418 if (cres->SEQ_number < TL_MINOR_START && 3419 cres->SEQ_number >= BADSEQNUM) { 3420 (void) (STRLOG(TL_ID, tep->te_minor, 2, SL_TRACE|SL_ERROR, 3421 "tl_conn_res:remote endpoint sequence number bad")); 3422 tep->te_state = NEXTSTATE(TE_ERROR_ACK, tep->te_state); 3423 tl_error_ack(wq, ackmp, TBADSEQ, 0, prim); 3424 freemsg(mp); 3425 return; 3426 } 3427 3428 /* 3429 * find accepting endpoint. Will have extra reference if found. 3430 */ 3431 if (mod_hash_find_cb(tep->te_transport->tr_ai_hash, 3432 (mod_hash_key_t)(uintptr_t)cres->ACCEPTOR_id, 3433 (mod_hash_val_t *)&acc_ep, tl_find_callback) != 0) { 3434 (void) (STRLOG(TL_ID, tep->te_minor, 2, SL_TRACE|SL_ERROR, 3435 "tl_conn_res:bad accepting endpoint")); 3436 tep->te_state = NEXTSTATE(TE_ERROR_ACK, tep->te_state); 3437 tl_error_ack(wq, ackmp, TBADF, 0, prim); 3438 freemsg(mp); 3439 return; 3440 } 3441 3442 /* 3443 * Prevent acceptor from closing. 3444 */ 3445 if (! tl_noclose(acc_ep)) { 3446 (void) (STRLOG(TL_ID, tep->te_minor, 2, SL_TRACE|SL_ERROR, 3447 "tl_conn_res:bad accepting endpoint")); 3448 tep->te_state = NEXTSTATE(TE_ERROR_ACK, tep->te_state); 3449 tl_error_ack(wq, ackmp, TBADF, 0, prim); 3450 tl_refrele(acc_ep); 3451 freemsg(mp); 3452 return; 3453 } 3454 3455 acc_ep->te_flag |= TL_ACCEPTOR; 3456 3457 /* 3458 * validate that accepting endpoint, if different from listening 3459 * has address bound => state is TS_IDLE 3460 * TROUBLE in XPG4 !!? 3461 */ 3462 if ((tep != acc_ep) && (acc_ep->te_state != TS_IDLE)) { 3463 (void) (STRLOG(TL_ID, tep->te_minor, 2, SL_TRACE|SL_ERROR, 3464 "tl_conn_res:accepting endpoint has no address bound," 3465 "state=%d", acc_ep->te_state)); 3466 tep->te_state = NEXTSTATE(TE_ERROR_ACK, tep->te_state); 3467 tl_error_ack(wq, ackmp, TOUTSTATE, 0, prim); 3468 freemsg(mp); 3469 tl_closeok(acc_ep); 3470 tl_refrele(acc_ep); 3471 return; 3472 } 3473 3474 /* 3475 * validate if accepting endpt same as listening, then 3476 * no other incoming connection should be on the queue 3477 */ 3478 3479 if ((tep == acc_ep) && (tep->te_nicon > 1)) { 3480 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE|SL_ERROR, 3481 "tl_conn_res: > 1 conn_ind on listener-acceptor")); 3482 tep->te_state = NEXTSTATE(TE_ERROR_ACK, tep->te_state); 3483 tl_error_ack(wq, ackmp, TBADF, 0, prim); 3484 freemsg(mp); 3485 tl_closeok(acc_ep); 3486 tl_refrele(acc_ep); 3487 return; 3488 } 3489 3490 /* 3491 * Mark for deletion, the entry corresponding to client 3492 * on list of pending connections made by the listener 3493 * search list to see if client is one of the 3494 * recorded as a listener. 3495 */ 3496 tip = tl_icon_find(tep, cres->SEQ_number); 3497 if (tip == NULL) { 3498 (void) (STRLOG(TL_ID, tep->te_minor, 2, SL_TRACE|SL_ERROR, 3499 "tl_conn_res:no client in listener list")); 3500 tep->te_state = NEXTSTATE(TE_ERROR_ACK, tep->te_state); 3501 tl_error_ack(wq, ackmp, TBADSEQ, 0, prim); 3502 freemsg(mp); 3503 tl_closeok(acc_ep); 3504 tl_refrele(acc_ep); 3505 return; 3506 } 3507 3508 /* 3509 * If ti_tep is NULL the client has already closed. In this case 3510 * the code below will avoid any action on the client side 3511 * but complete the server and acceptor state transitions. 3512 */ 3513 ASSERT(tip->ti_tep == NULL || 3514 tip->ti_tep->te_seqno == cres->SEQ_number); 3515 cl_ep = tip->ti_tep; 3516 3517 /* 3518 * If the client is present it is switched from listener's to acceptor's 3519 * serializer. We should block client closes while serializers are 3520 * being switched. 3521 * 3522 * It is possible that the client is present but is currently being 3523 * closed. There are two possible cases: 3524 * 3525 * 1) The client has already entered tl_close_finish_ser() and sent 3526 * T_ORDREL_IND. In this case we can just ignore the client (but we 3527 * still need to send all messages from tip->ti_mp to the acceptor). 3528 * 3529 * 2) The client started the close but has not entered 3530 * tl_close_finish_ser() yet. In this case, the client is already 3531 * proceeding asynchronously on the listener's serializer, so we're 3532 * forced to change the acceptor to use the listener's serializer to 3533 * ensure that any operations on the acceptor are serialized with 3534 * respect to the close that's in-progress. 3535 */ 3536 if (cl_ep != NULL) { 3537 if (tl_noclose(cl_ep)) { 3538 client_noclose_set = B_TRUE; 3539 } else { 3540 /* 3541 * Client is closing. If it it has sent the 3542 * T_ORDREL_IND, we can simply ignore it - otherwise, 3543 * we have to let let the client continue until it is 3544 * sent. 3545 * 3546 * If we do continue using the client, acceptor will 3547 * switch to client's serializer which is used by client 3548 * for its close. 3549 */ 3550 tl_client_closing_when_accepting++; 3551 switch_client_serializer = B_FALSE; 3552 if (!IS_SOCKET(cl_ep) || tl_disable_early_connect || 3553 cl_ep->te_state == -1) 3554 cl_ep = NULL; 3555 } 3556 } 3557 3558 if (cl_ep != NULL) { 3559 /* 3560 * validate client state to be TS_WCON_CREQ or TS_DATA_XFER 3561 * (latter for sockets only) 3562 */ 3563 if (cl_ep->te_state != TS_WCON_CREQ && 3564 (cl_ep->te_state != TS_DATA_XFER && 3565 IS_SOCKET(cl_ep))) { 3566 err = ECONNREFUSED; 3567 /* 3568 * T_DISCON_IND sent later after committing memory 3569 * and acking validity of request 3570 */ 3571 (void) (STRLOG(TL_ID, tep->te_minor, 2, SL_TRACE, 3572 "tl_conn_res:peer in bad state")); 3573 } 3574 3575 /* 3576 * preallocate now for T_DISCON_IND or T_CONN_CONN 3577 * ack validity of request (T_OK_ACK) after memory committed 3578 */ 3579 3580 if (err) 3581 size = sizeof (struct T_discon_ind); 3582 else { 3583 /* 3584 * calculate length of T_CONN_CON message 3585 */ 3586 olen = 0; 3587 if (cl_ep->te_flag & TL_SETCRED) { 3588 olen = (t_scalar_t)sizeof (struct opthdr) + 3589 OPTLEN(sizeof (tl_credopt_t)); 3590 } else if (cl_ep->te_flag & TL_SETUCRED) { 3591 olen = (t_scalar_t)sizeof (struct opthdr) + 3592 OPTLEN(ucredminsize(acc_ep->te_credp)); 3593 } 3594 size = T_ALIGN(sizeof (struct T_conn_con) + 3595 acc_ep->te_alen) + olen; 3596 } 3597 if ((respmp = reallocb(mp, size, 0)) == NULL) { 3598 /* 3599 * roll back state changes 3600 */ 3601 tep->te_state = TS_WRES_CIND; 3602 tl_memrecover(wq, mp, size); 3603 freemsg(ackmp); 3604 if (client_noclose_set) 3605 tl_closeok(cl_ep); 3606 tl_closeok(acc_ep); 3607 tl_refrele(acc_ep); 3608 return; 3609 } 3610 mp = NULL; 3611 } 3612 3613 /* 3614 * Now ack validity of request 3615 */ 3616 if (tep->te_nicon == 1) { 3617 if (tep == acc_ep) 3618 tep->te_state = NEXTSTATE(TE_OK_ACK2, tep->te_state); 3619 else 3620 tep->te_state = NEXTSTATE(TE_OK_ACK3, tep->te_state); 3621 } else 3622 tep->te_state = NEXTSTATE(TE_OK_ACK4, tep->te_state); 3623 3624 /* 3625 * send T_DISCON_IND now if client state validation failed earlier 3626 */ 3627 if (err) { 3628 tl_ok_ack(wq, ackmp, prim); 3629 /* 3630 * flush the queues - why always ? 3631 */ 3632 (void) putnextctl1(acc_ep->te_rq, M_FLUSH, FLUSHR); 3633 3634 dimp = tl_resizemp(respmp, size); 3635 if (! dimp) { 3636 (void) (STRLOG(TL_ID, tep->te_minor, 3, 3637 SL_TRACE|SL_ERROR, 3638 "tl_conn_res:con_ind:allocb failure")); 3639 tl_merror(wq, respmp, ENOMEM); 3640 tl_closeok(acc_ep); 3641 if (client_noclose_set) 3642 tl_closeok(cl_ep); 3643 tl_refrele(acc_ep); 3644 return; 3645 } 3646 if (dimp->b_cont) { 3647 /* no user data in provider generated discon ind */ 3648 freemsg(dimp->b_cont); 3649 dimp->b_cont = NULL; 3650 } 3651 3652 DB_TYPE(dimp) = M_PROTO; 3653 di = (struct T_discon_ind *)dimp->b_rptr; 3654 di->PRIM_type = T_DISCON_IND; 3655 di->DISCON_reason = err; 3656 di->SEQ_number = BADSEQNUM; 3657 3658 tep->te_state = TS_IDLE; 3659 /* 3660 * send T_DISCON_IND message 3661 */ 3662 putnext(acc_ep->te_rq, dimp); 3663 if (client_noclose_set) 3664 tl_closeok(cl_ep); 3665 tl_closeok(acc_ep); 3666 tl_refrele(acc_ep); 3667 return; 3668 } 3669 3670 /* 3671 * now start connecting the accepting endpoint 3672 */ 3673 if (tep != acc_ep) 3674 acc_ep->te_state = NEXTSTATE(TE_PASS_CONN, acc_ep->te_state); 3675 3676 if (cl_ep == NULL) { 3677 /* 3678 * The client has already closed. Send up any queued messages 3679 * and change the state accordingly. 3680 */ 3681 tl_ok_ack(wq, ackmp, prim); 3682 tl_icon_sendmsgs(acc_ep, &tip->ti_mp); 3683 3684 /* 3685 * remove endpoint from incoming connection 3686 * delete client from list of incoming connections 3687 */ 3688 tl_freetip(tep, tip); 3689 freemsg(mp); 3690 tl_closeok(acc_ep); 3691 tl_refrele(acc_ep); 3692 return; 3693 } else if (tip->ti_mp != NULL) { 3694 /* 3695 * The client could have queued a T_DISCON_IND which needs 3696 * to be sent up. 3697 * Note that t_discon_req can not operate the same as 3698 * t_data_req since it is not possible for it to putbq 3699 * the message and return -1 due to the use of qwriter. 3700 */ 3701 tl_icon_sendmsgs(acc_ep, &tip->ti_mp); 3702 } 3703 3704 /* 3705 * prepare connect confirm T_CONN_CON message 3706 */ 3707 3708 /* 3709 * allocate the message - original data blocks 3710 * retained in the returned mblk 3711 */ 3712 if (! IS_SOCKET(cl_ep) || tl_disable_early_connect) { 3713 ccmp = tl_resizemp(respmp, size); 3714 if (ccmp == NULL) { 3715 tl_ok_ack(wq, ackmp, prim); 3716 (void) (STRLOG(TL_ID, tep->te_minor, 3, 3717 SL_TRACE|SL_ERROR, 3718 "tl_conn_res:conn_con:allocb failure")); 3719 tl_merror(wq, respmp, ENOMEM); 3720 tl_closeok(acc_ep); 3721 if (client_noclose_set) 3722 tl_closeok(cl_ep); 3723 tl_refrele(acc_ep); 3724 return; 3725 } 3726 3727 DB_TYPE(ccmp) = M_PROTO; 3728 cc = (struct T_conn_con *)ccmp->b_rptr; 3729 cc->PRIM_type = T_CONN_CON; 3730 cc->RES_offset = (t_scalar_t)sizeof (struct T_conn_con); 3731 cc->RES_length = acc_ep->te_alen; 3732 addr_startp = ccmp->b_rptr + cc->RES_offset; 3733 bcopy(acc_ep->te_abuf, addr_startp, acc_ep->te_alen); 3734 if (cl_ep->te_flag & (TL_SETCRED|TL_SETUCRED)) { 3735 cc->OPT_offset = (t_scalar_t)T_ALIGN(cc->RES_offset + 3736 cc->RES_length); 3737 cc->OPT_length = olen; 3738 tl_fill_option(ccmp->b_rptr + cc->OPT_offset, 3739 acc_ep->te_credp, acc_ep->te_cpid, cl_ep->te_flag, 3740 cl_ep->te_credp); 3741 } else { 3742 cc->OPT_offset = 0; 3743 cc->OPT_length = 0; 3744 } 3745 /* 3746 * Forward the credential in the packet so it can be picked up 3747 * at the higher layers for more complete credential processing 3748 */ 3749 mblk_setcred(ccmp, acc_ep->te_credp, acc_ep->te_cpid); 3750 } else { 3751 freemsg(respmp); 3752 respmp = NULL; 3753 } 3754 3755 /* 3756 * make connection linking 3757 * accepting and client endpoints 3758 * No need to increment references: 3759 * on client: it should already have one from tip->ti_tep linkage. 3760 * on acceptor is should already have one from the table lookup. 3761 * 3762 * At this point both client and acceptor can't close. Set client 3763 * serializer to acceptor's. 3764 */ 3765 ASSERT(cl_ep->te_refcnt >= 2); 3766 ASSERT(acc_ep->te_refcnt >= 2); 3767 ASSERT(cl_ep->te_conp == NULL); 3768 ASSERT(acc_ep->te_conp == NULL); 3769 cl_ep->te_conp = acc_ep; 3770 acc_ep->te_conp = cl_ep; 3771 ASSERT(cl_ep->te_ser == tep->te_ser); 3772 if (switch_client_serializer) { 3773 mutex_enter(&cl_ep->te_ser_lock); 3774 if (cl_ep->te_ser_count > 0) { 3775 switch_client_serializer = B_FALSE; 3776 tl_serializer_noswitch++; 3777 } else { 3778 /* 3779 * Move client to the acceptor's serializer. 3780 */ 3781 tl_serializer_refhold(acc_ep->te_ser); 3782 tl_serializer_refrele(cl_ep->te_ser); 3783 cl_ep->te_ser = acc_ep->te_ser; 3784 } 3785 mutex_exit(&cl_ep->te_ser_lock); 3786 } 3787 if (!switch_client_serializer) { 3788 /* 3789 * It is not possible to switch client to use acceptor's. 3790 * Move acceptor to client's serializer (which is the same as 3791 * listener's). 3792 */ 3793 tl_serializer_refhold(cl_ep->te_ser); 3794 tl_serializer_refrele(acc_ep->te_ser); 3795 acc_ep->te_ser = cl_ep->te_ser; 3796 } 3797 3798 TL_REMOVE_PEER(cl_ep->te_oconp); 3799 TL_REMOVE_PEER(acc_ep->te_oconp); 3800 3801 /* 3802 * remove endpoint from incoming connection 3803 * delete client from list of incoming connections 3804 */ 3805 tip->ti_tep = NULL; 3806 tl_freetip(tep, tip); 3807 tl_ok_ack(wq, ackmp, prim); 3808 3809 /* 3810 * data blocks already linked in reallocb() 3811 */ 3812 3813 /* 3814 * link queues so that I_SENDFD will work 3815 */ 3816 if (! IS_SOCKET(tep)) { 3817 acc_ep->te_wq->q_next = cl_ep->te_rq; 3818 cl_ep->te_wq->q_next = acc_ep->te_rq; 3819 } 3820 3821 /* 3822 * send T_CONN_CON up on client side unless it was already 3823 * done (for a socket). In cases any data or ordrel req has been 3824 * queued make sure that the service procedure runs. 3825 */ 3826 if (IS_SOCKET(cl_ep) && !tl_disable_early_connect) { 3827 enableok(cl_ep->te_wq); 3828 TL_QENABLE(cl_ep); 3829 if (ccmp != NULL) 3830 freemsg(ccmp); 3831 } else { 3832 /* 3833 * change client state on TE_CONN_CON event 3834 */ 3835 cl_ep->te_state = NEXTSTATE(TE_CONN_CON, cl_ep->te_state); 3836 putnext(cl_ep->te_rq, ccmp); 3837 } 3838 3839 /* Mark the both endpoints as accepted */ 3840 cl_ep->te_flag |= TL_ACCEPTED; 3841 acc_ep->te_flag |= TL_ACCEPTED; 3842 3843 /* 3844 * Allow client and acceptor to close. 3845 */ 3846 tl_closeok(acc_ep); 3847 if (client_noclose_set) 3848 tl_closeok(cl_ep); 3849 } 3850 3851 3852 3853 3854 static void 3855 tl_discon_req(mblk_t *mp, tl_endpt_t *tep) 3856 { 3857 queue_t *wq; 3858 struct T_discon_req *dr; 3859 ssize_t msz; 3860 tl_endpt_t *peer_tep = tep->te_conp; 3861 tl_endpt_t *srv_tep = tep->te_oconp; 3862 tl_icon_t *tip; 3863 size_t size; 3864 mblk_t *ackmp, *dimp, *respmp; 3865 struct T_discon_ind *di; 3866 t_scalar_t save_state, new_state; 3867 3868 if (tep->te_closing) { 3869 freemsg(mp); 3870 return; 3871 } 3872 3873 if ((peer_tep != NULL) && peer_tep->te_closing) { 3874 TL_UNCONNECT(tep->te_conp); 3875 peer_tep = NULL; 3876 } 3877 if ((srv_tep != NULL) && srv_tep->te_closing) { 3878 TL_UNCONNECT(tep->te_oconp); 3879 srv_tep = NULL; 3880 } 3881 3882 wq = tep->te_wq; 3883 3884 /* 3885 * preallocate memory for: 3886 * 1. max of T_ERROR_ACK and T_OK_ACK 3887 * ==> known max T_ERROR_ACK 3888 * 2. for T_DISCON_IND 3889 */ 3890 ackmp = allocb(sizeof (struct T_error_ack), BPRI_MED); 3891 if (! ackmp) { 3892 tl_memrecover(wq, mp, sizeof (struct T_error_ack)); 3893 return; 3894 } 3895 /* 3896 * memory committed for T_OK_ACK/T_ERROR_ACK now 3897 * will be committed for T_DISCON_IND later 3898 */ 3899 3900 dr = (struct T_discon_req *)mp->b_rptr; 3901 msz = MBLKL(mp); 3902 3903 /* 3904 * validate the state 3905 */ 3906 save_state = new_state = tep->te_state; 3907 if (! (save_state >= TS_WCON_CREQ && save_state <= TS_WRES_CIND) && 3908 ! (save_state >= TS_DATA_XFER && save_state <= TS_WREQ_ORDREL)) { 3909 (void) (STRLOG(TL_ID, tep->te_minor, 1, 3910 SL_TRACE|SL_ERROR, 3911 "tl_wput:T_DISCON_REQ:out of state, state=%d", 3912 tep->te_state)); 3913 tl_error_ack(wq, ackmp, TOUTSTATE, 0, T_DISCON_REQ); 3914 freemsg(mp); 3915 return; 3916 } 3917 /* 3918 * Defer committing the state change until it is determined if 3919 * the message will be queued with the tl_icon or not. 3920 */ 3921 new_state = NEXTSTATE(TE_DISCON_REQ, tep->te_state); 3922 3923 /* validate the message */ 3924 if (msz < sizeof (struct T_discon_req)) { 3925 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 3926 "tl_discon_req:invalid message")); 3927 tep->te_state = NEXTSTATE(TE_ERROR_ACK, new_state); 3928 tl_error_ack(wq, ackmp, TSYSERR, EINVAL, T_DISCON_REQ); 3929 freemsg(mp); 3930 return; 3931 } 3932 3933 /* 3934 * if server, then validate that client exists 3935 * by connection sequence number etc. 3936 */ 3937 if (tep->te_nicon > 0) { /* server */ 3938 3939 /* 3940 * search server list for disconnect client 3941 */ 3942 tip = tl_icon_find(tep, dr->SEQ_number); 3943 if (tip == NULL) { 3944 (void) (STRLOG(TL_ID, tep->te_minor, 2, 3945 SL_TRACE|SL_ERROR, 3946 "tl_discon_req:no disconnect endpoint")); 3947 tep->te_state = NEXTSTATE(TE_ERROR_ACK, new_state); 3948 tl_error_ack(wq, ackmp, TBADSEQ, 0, T_DISCON_REQ); 3949 freemsg(mp); 3950 return; 3951 } 3952 /* 3953 * If ti_tep is NULL the client has already closed. In this case 3954 * the code below will avoid any action on the client side. 3955 */ 3956 3957 IMPLY(tip->ti_tep != NULL, 3958 tip->ti_tep->te_seqno == dr->SEQ_number); 3959 peer_tep = tip->ti_tep; 3960 } 3961 3962 /* 3963 * preallocate now for T_DISCON_IND 3964 * ack validity of request (T_OK_ACK) after memory committed 3965 */ 3966 size = sizeof (struct T_discon_ind); 3967 if ((respmp = reallocb(mp, size, 0)) == NULL) { 3968 tl_memrecover(wq, mp, size); 3969 freemsg(ackmp); 3970 return; 3971 } 3972 3973 /* 3974 * prepare message to ack validity of request 3975 */ 3976 if (tep->te_nicon == 0) 3977 new_state = NEXTSTATE(TE_OK_ACK1, new_state); 3978 else 3979 if (tep->te_nicon == 1) 3980 new_state = NEXTSTATE(TE_OK_ACK2, new_state); 3981 else 3982 new_state = NEXTSTATE(TE_OK_ACK4, new_state); 3983 3984 /* 3985 * Flushing queues according to TPI. Using the old state. 3986 */ 3987 if ((tep->te_nicon <= 1) && 3988 ((save_state == TS_DATA_XFER) || 3989 (save_state == TS_WIND_ORDREL) || 3990 (save_state == TS_WREQ_ORDREL))) 3991 (void) putnextctl1(RD(wq), M_FLUSH, FLUSHRW); 3992 3993 /* send T_OK_ACK up */ 3994 tl_ok_ack(wq, ackmp, T_DISCON_REQ); 3995 3996 /* 3997 * now do disconnect business 3998 */ 3999 if (tep->te_nicon > 0) { /* listener */ 4000 if (peer_tep != NULL && !peer_tep->te_closing) { 4001 /* 4002 * disconnect incoming connect request pending to tep 4003 */ 4004 if ((dimp = tl_resizemp(respmp, size)) == NULL) { 4005 (void) (STRLOG(TL_ID, tep->te_minor, 2, 4006 SL_TRACE|SL_ERROR, 4007 "tl_discon_req: reallocb failed")); 4008 tep->te_state = new_state; 4009 tl_merror(wq, respmp, ENOMEM); 4010 return; 4011 } 4012 di = (struct T_discon_ind *)dimp->b_rptr; 4013 di->SEQ_number = BADSEQNUM; 4014 save_state = peer_tep->te_state; 4015 peer_tep->te_state = TS_IDLE; 4016 4017 TL_REMOVE_PEER(peer_tep->te_oconp); 4018 enableok(peer_tep->te_wq); 4019 TL_QENABLE(peer_tep); 4020 } else { 4021 freemsg(respmp); 4022 dimp = NULL; 4023 } 4024 4025 /* 4026 * remove endpoint from incoming connection list 4027 * - remove disconnect client from list on server 4028 */ 4029 tl_freetip(tep, tip); 4030 } else if ((peer_tep = tep->te_oconp) != NULL) { /* client */ 4031 /* 4032 * disconnect an outgoing request pending from tep 4033 */ 4034 4035 if ((dimp = tl_resizemp(respmp, size)) == NULL) { 4036 (void) (STRLOG(TL_ID, tep->te_minor, 2, 4037 SL_TRACE|SL_ERROR, 4038 "tl_discon_req: reallocb failed")); 4039 tep->te_state = new_state; 4040 tl_merror(wq, respmp, ENOMEM); 4041 return; 4042 } 4043 di = (struct T_discon_ind *)dimp->b_rptr; 4044 DB_TYPE(dimp) = M_PROTO; 4045 di->PRIM_type = T_DISCON_IND; 4046 di->DISCON_reason = ECONNRESET; 4047 di->SEQ_number = tep->te_seqno; 4048 4049 /* 4050 * If this is a socket the T_DISCON_IND is queued with 4051 * the T_CONN_IND. Otherwise the T_CONN_IND is removed 4052 * from the list of pending connections. 4053 * Note that when te_oconp is set the peer better have 4054 * a t_connind_t for the client. 4055 */ 4056 if (IS_SOCKET(tep) && !tl_disable_early_connect) { 4057 /* 4058 * No need to check that 4059 * ti_tep == NULL since the T_DISCON_IND 4060 * takes precedence over other queued 4061 * messages. 4062 */ 4063 tl_icon_queuemsg(peer_tep, tep->te_seqno, dimp); 4064 peer_tep = NULL; 4065 dimp = NULL; 4066 /* 4067 * Can't clear te_oconp since tl_co_unconnect needs 4068 * it as a hint not to free the tep. 4069 * Keep the state unchanged since tl_conn_res inspects 4070 * it. 4071 */ 4072 new_state = tep->te_state; 4073 } else { 4074 /* Found - delete it */ 4075 tip = tl_icon_find(peer_tep, tep->te_seqno); 4076 if (tip != NULL) { 4077 ASSERT(tep == tip->ti_tep); 4078 save_state = peer_tep->te_state; 4079 if (peer_tep->te_nicon == 1) 4080 peer_tep->te_state = 4081 NEXTSTATE(TE_DISCON_IND2, 4082 peer_tep->te_state); 4083 else 4084 peer_tep->te_state = 4085 NEXTSTATE(TE_DISCON_IND3, 4086 peer_tep->te_state); 4087 tl_freetip(peer_tep, tip); 4088 } 4089 ASSERT(tep->te_oconp != NULL); 4090 TL_UNCONNECT(tep->te_oconp); 4091 } 4092 } else if ((peer_tep = tep->te_conp) != NULL) { /* connected! */ 4093 if ((dimp = tl_resizemp(respmp, size)) == NULL) { 4094 (void) (STRLOG(TL_ID, tep->te_minor, 2, 4095 SL_TRACE|SL_ERROR, 4096 "tl_discon_req: reallocb failed")); 4097 tep->te_state = new_state; 4098 tl_merror(wq, respmp, ENOMEM); 4099 return; 4100 } 4101 di = (struct T_discon_ind *)dimp->b_rptr; 4102 di->SEQ_number = BADSEQNUM; 4103 4104 save_state = peer_tep->te_state; 4105 peer_tep->te_state = TS_IDLE; 4106 } else { 4107 /* Not connected */ 4108 tep->te_state = new_state; 4109 freemsg(respmp); 4110 return; 4111 } 4112 4113 /* Commit state changes */ 4114 tep->te_state = new_state; 4115 4116 if (peer_tep == NULL) { 4117 ASSERT(dimp == NULL); 4118 goto done; 4119 } 4120 /* 4121 * Flush queues on peer before sending up 4122 * T_DISCON_IND according to TPI 4123 */ 4124 4125 if ((save_state == TS_DATA_XFER) || 4126 (save_state == TS_WIND_ORDREL) || 4127 (save_state == TS_WREQ_ORDREL)) 4128 (void) putnextctl1(peer_tep->te_rq, M_FLUSH, FLUSHRW); 4129 4130 DB_TYPE(dimp) = M_PROTO; 4131 di->PRIM_type = T_DISCON_IND; 4132 di->DISCON_reason = ECONNRESET; 4133 4134 /* 4135 * data blocks already linked into dimp by reallocb() 4136 */ 4137 /* 4138 * send indication message to peer user module 4139 */ 4140 ASSERT(dimp != NULL); 4141 putnext(peer_tep->te_rq, dimp); 4142 done: 4143 if (tep->te_conp) { /* disconnect pointers if connected */ 4144 ASSERT(! peer_tep->te_closing); 4145 4146 /* 4147 * Messages may be queued on peer's write queue 4148 * waiting to be processed by its write service 4149 * procedure. Before the pointer to the peer transport 4150 * structure is set to NULL, qenable the peer's write 4151 * queue so that the queued up messages are processed. 4152 */ 4153 if ((save_state == TS_DATA_XFER) || 4154 (save_state == TS_WIND_ORDREL) || 4155 (save_state == TS_WREQ_ORDREL)) 4156 TL_QENABLE(peer_tep); 4157 ASSERT(peer_tep != NULL && peer_tep->te_conp != NULL); 4158 TL_UNCONNECT(peer_tep->te_conp); 4159 if (! IS_SOCKET(tep)) { 4160 /* 4161 * unlink the streams 4162 */ 4163 tep->te_wq->q_next = NULL; 4164 peer_tep->te_wq->q_next = NULL; 4165 } 4166 TL_UNCONNECT(tep->te_conp); 4167 } 4168 } 4169 4170 static void 4171 tl_addr_req_ser(mblk_t *mp, tl_endpt_t *tep) 4172 { 4173 if (!tep->te_closing) 4174 tl_addr_req(mp, tep); 4175 else 4176 freemsg(mp); 4177 4178 tl_serializer_exit(tep); 4179 tl_refrele(tep); 4180 } 4181 4182 static void 4183 tl_addr_req(mblk_t *mp, tl_endpt_t *tep) 4184 { 4185 queue_t *wq; 4186 size_t ack_sz; 4187 mblk_t *ackmp; 4188 struct T_addr_ack *taa; 4189 4190 if (tep->te_closing) { 4191 freemsg(mp); 4192 return; 4193 } 4194 4195 wq = tep->te_wq; 4196 4197 /* 4198 * Note: T_ADDR_REQ message has only PRIM_type field 4199 * so it is already validated earlier. 4200 */ 4201 4202 if (IS_CLTS(tep) || 4203 (tep->te_state > TS_WREQ_ORDREL) || 4204 (tep->te_state < TS_DATA_XFER)) { 4205 /* 4206 * Either connectionless or connection oriented but not 4207 * in connected data transfer state or half-closed states. 4208 */ 4209 ack_sz = sizeof (struct T_addr_ack); 4210 if (tep->te_state >= TS_IDLE) 4211 /* is bound */ 4212 ack_sz += tep->te_alen; 4213 ackmp = reallocb(mp, ack_sz, 0); 4214 if (ackmp == NULL) { 4215 (void) (STRLOG(TL_ID, tep->te_minor, 1, 4216 SL_TRACE|SL_ERROR, 4217 "tl_addr_req: reallocb failed")); 4218 tl_memrecover(wq, mp, ack_sz); 4219 return; 4220 } 4221 4222 taa = (struct T_addr_ack *)ackmp->b_rptr; 4223 4224 bzero(taa, sizeof (struct T_addr_ack)); 4225 4226 taa->PRIM_type = T_ADDR_ACK; 4227 ackmp->b_datap->db_type = M_PCPROTO; 4228 ackmp->b_wptr = (uchar_t *)&taa[1]; 4229 4230 if (tep->te_state >= TS_IDLE) { 4231 /* endpoint is bound */ 4232 taa->LOCADDR_length = tep->te_alen; 4233 taa->LOCADDR_offset = (t_scalar_t)sizeof (*taa); 4234 4235 bcopy(tep->te_abuf, ackmp->b_wptr, 4236 tep->te_alen); 4237 ackmp->b_wptr += tep->te_alen; 4238 ASSERT(ackmp->b_wptr <= ackmp->b_datap->db_lim); 4239 } 4240 4241 (void) qreply(wq, ackmp); 4242 } else { 4243 ASSERT(tep->te_state == TS_DATA_XFER || 4244 tep->te_state == TS_WIND_ORDREL || 4245 tep->te_state == TS_WREQ_ORDREL); 4246 /* connection oriented in data transfer */ 4247 tl_connected_cots_addr_req(mp, tep); 4248 } 4249 } 4250 4251 4252 static void 4253 tl_connected_cots_addr_req(mblk_t *mp, tl_endpt_t *tep) 4254 { 4255 tl_endpt_t *peer_tep; 4256 size_t ack_sz; 4257 mblk_t *ackmp; 4258 struct T_addr_ack *taa; 4259 uchar_t *addr_startp; 4260 4261 if (tep->te_closing) { 4262 freemsg(mp); 4263 return; 4264 } 4265 4266 ASSERT(tep->te_state >= TS_IDLE); 4267 4268 ack_sz = sizeof (struct T_addr_ack); 4269 ack_sz += T_ALIGN(tep->te_alen); 4270 peer_tep = tep->te_conp; 4271 ack_sz += peer_tep->te_alen; 4272 4273 ackmp = tpi_ack_alloc(mp, ack_sz, M_PCPROTO, T_ADDR_ACK); 4274 if (ackmp == NULL) { 4275 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 4276 "tl_connected_cots_addr_req: reallocb failed")); 4277 tl_memrecover(tep->te_wq, mp, ack_sz); 4278 return; 4279 } 4280 4281 taa = (struct T_addr_ack *)ackmp->b_rptr; 4282 4283 /* endpoint is bound */ 4284 taa->LOCADDR_length = tep->te_alen; 4285 taa->LOCADDR_offset = (t_scalar_t)sizeof (*taa); 4286 4287 addr_startp = (uchar_t *)&taa[1]; 4288 4289 bcopy(tep->te_abuf, addr_startp, 4290 tep->te_alen); 4291 4292 taa->REMADDR_length = peer_tep->te_alen; 4293 taa->REMADDR_offset = (t_scalar_t)T_ALIGN(taa->LOCADDR_offset + 4294 taa->LOCADDR_length); 4295 addr_startp = ackmp->b_rptr + taa->REMADDR_offset; 4296 bcopy(peer_tep->te_abuf, addr_startp, 4297 peer_tep->te_alen); 4298 ackmp->b_wptr = (uchar_t *)ackmp->b_rptr + 4299 taa->REMADDR_offset + peer_tep->te_alen; 4300 ASSERT(ackmp->b_wptr <= ackmp->b_datap->db_lim); 4301 4302 putnext(tep->te_rq, ackmp); 4303 } 4304 4305 static void 4306 tl_copy_info(struct T_info_ack *ia, tl_endpt_t *tep) 4307 { 4308 if (IS_CLTS(tep)) { 4309 *ia = tl_clts_info_ack; 4310 ia->TSDU_size = tl_tidusz; /* TSDU and TIDU size are same */ 4311 } else { 4312 *ia = tl_cots_info_ack; 4313 if (IS_COTSORD(tep)) 4314 ia->SERV_type = T_COTS_ORD; 4315 } 4316 ia->TIDU_size = tl_tidusz; 4317 ia->CURRENT_state = tep->te_state; 4318 } 4319 4320 /* 4321 * This routine responds to T_CAPABILITY_REQ messages. It is called by 4322 * tl_wput. 4323 */ 4324 static void 4325 tl_capability_req(mblk_t *mp, tl_endpt_t *tep) 4326 { 4327 mblk_t *ackmp; 4328 t_uscalar_t cap_bits1; 4329 struct T_capability_ack *tcap; 4330 4331 if (tep->te_closing) { 4332 freemsg(mp); 4333 return; 4334 } 4335 4336 cap_bits1 = ((struct T_capability_req *)mp->b_rptr)->CAP_bits1; 4337 4338 ackmp = tpi_ack_alloc(mp, sizeof (struct T_capability_ack), 4339 M_PCPROTO, T_CAPABILITY_ACK); 4340 if (ackmp == NULL) { 4341 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 4342 "tl_capability_req: reallocb failed")); 4343 tl_memrecover(tep->te_wq, mp, 4344 sizeof (struct T_capability_ack)); 4345 return; 4346 } 4347 4348 tcap = (struct T_capability_ack *)ackmp->b_rptr; 4349 tcap->CAP_bits1 = 0; 4350 4351 if (cap_bits1 & TC1_INFO) { 4352 tl_copy_info(&tcap->INFO_ack, tep); 4353 tcap->CAP_bits1 |= TC1_INFO; 4354 } 4355 4356 if (cap_bits1 & TC1_ACCEPTOR_ID) { 4357 tcap->ACCEPTOR_id = tep->te_acceptor_id; 4358 tcap->CAP_bits1 |= TC1_ACCEPTOR_ID; 4359 } 4360 4361 putnext(tep->te_rq, ackmp); 4362 } 4363 4364 static void 4365 tl_info_req_ser(mblk_t *mp, tl_endpt_t *tep) 4366 { 4367 if (! tep->te_closing) 4368 tl_info_req(mp, tep); 4369 else 4370 freemsg(mp); 4371 4372 tl_serializer_exit(tep); 4373 tl_refrele(tep); 4374 } 4375 4376 static void 4377 tl_info_req(mblk_t *mp, tl_endpt_t *tep) 4378 { 4379 mblk_t *ackmp; 4380 4381 ackmp = tpi_ack_alloc(mp, sizeof (struct T_info_ack), 4382 M_PCPROTO, T_INFO_ACK); 4383 if (ackmp == NULL) { 4384 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 4385 "tl_info_req: reallocb failed")); 4386 tl_memrecover(tep->te_wq, mp, sizeof (struct T_info_ack)); 4387 return; 4388 } 4389 4390 /* 4391 * fill in T_INFO_ACK contents 4392 */ 4393 tl_copy_info((struct T_info_ack *)ackmp->b_rptr, tep); 4394 4395 /* 4396 * send ack message 4397 */ 4398 putnext(tep->te_rq, ackmp); 4399 } 4400 4401 /* 4402 * Handle M_DATA, T_data_req and T_optdata_req. 4403 * If this is a socket pass through T_optdata_req options unmodified. 4404 */ 4405 static void 4406 tl_data(mblk_t *mp, tl_endpt_t *tep) 4407 { 4408 queue_t *wq = tep->te_wq; 4409 union T_primitives *prim = (union T_primitives *)mp->b_rptr; 4410 ssize_t msz = MBLKL(mp); 4411 tl_endpt_t *peer_tep; 4412 queue_t *peer_rq; 4413 boolean_t closing = tep->te_closing; 4414 4415 if (IS_CLTS(tep)) { 4416 (void) (STRLOG(TL_ID, tep->te_minor, 2, 4417 SL_TRACE|SL_ERROR, 4418 "tl_wput:clts:unattached M_DATA")); 4419 if (!closing) { 4420 tl_merror(wq, mp, EPROTO); 4421 } else { 4422 freemsg(mp); 4423 } 4424 return; 4425 } 4426 4427 /* 4428 * If the endpoint is closing it should still forward any data to the 4429 * peer (if it has one). If it is not allowed to forward it can just 4430 * free the message. 4431 */ 4432 if (closing && 4433 (tep->te_state != TS_DATA_XFER) && 4434 (tep->te_state != TS_WREQ_ORDREL)) { 4435 freemsg(mp); 4436 return; 4437 } 4438 4439 if (DB_TYPE(mp) == M_PROTO) { 4440 if (prim->type == T_DATA_REQ && 4441 msz < sizeof (struct T_data_req)) { 4442 (void) (STRLOG(TL_ID, tep->te_minor, 1, 4443 SL_TRACE|SL_ERROR, 4444 "tl_data:T_DATA_REQ:invalid message")); 4445 if (!closing) { 4446 tl_merror(wq, mp, EPROTO); 4447 } else { 4448 freemsg(mp); 4449 } 4450 return; 4451 } else if (prim->type == T_OPTDATA_REQ && 4452 (msz < sizeof (struct T_optdata_req) || !IS_SOCKET(tep))) { 4453 (void) (STRLOG(TL_ID, tep->te_minor, 1, 4454 SL_TRACE|SL_ERROR, 4455 "tl_data:T_OPTDATA_REQ:invalid message")); 4456 if (!closing) { 4457 tl_merror(wq, mp, EPROTO); 4458 } else { 4459 freemsg(mp); 4460 } 4461 return; 4462 } 4463 } 4464 4465 /* 4466 * connection oriented provider 4467 */ 4468 switch (tep->te_state) { 4469 case TS_IDLE: 4470 /* 4471 * Other end not here - do nothing. 4472 */ 4473 freemsg(mp); 4474 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE|SL_ERROR, 4475 "tl_data:cots with endpoint idle")); 4476 return; 4477 4478 case TS_DATA_XFER: 4479 /* valid states */ 4480 if (tep->te_conp != NULL) 4481 break; 4482 4483 if (tep->te_oconp == NULL) { 4484 if (!closing) { 4485 tl_merror(wq, mp, EPROTO); 4486 } else { 4487 freemsg(mp); 4488 } 4489 return; 4490 } 4491 /* 4492 * For a socket the T_CONN_CON is sent early thus 4493 * the peer might not yet have accepted the connection. 4494 * If we are closing queue the packet with the T_CONN_IND. 4495 * Otherwise defer processing the packet until the peer 4496 * accepts the connection. 4497 * Note that the queue is noenabled when we go into this 4498 * state. 4499 */ 4500 if (!closing) { 4501 (void) (STRLOG(TL_ID, tep->te_minor, 1, 4502 SL_TRACE|SL_ERROR, 4503 "tl_data: ocon")); 4504 TL_PUTBQ(tep, mp); 4505 return; 4506 } 4507 if (DB_TYPE(mp) == M_PROTO) { 4508 if (msz < sizeof (t_scalar_t)) { 4509 freemsg(mp); 4510 return; 4511 } 4512 /* reuse message block - just change REQ to IND */ 4513 if (prim->type == T_DATA_REQ) 4514 prim->type = T_DATA_IND; 4515 else 4516 prim->type = T_OPTDATA_IND; 4517 } 4518 tl_icon_queuemsg(tep->te_oconp, tep->te_seqno, mp); 4519 return; 4520 4521 case TS_WREQ_ORDREL: 4522 if (tep->te_conp == NULL) { 4523 /* 4524 * Other end closed - generate discon_ind 4525 * with reason 0 to cause an EPIPE but no 4526 * read side error on AF_UNIX sockets. 4527 */ 4528 freemsg(mp); 4529 (void) (STRLOG(TL_ID, tep->te_minor, 3, 4530 SL_TRACE|SL_ERROR, 4531 "tl_data: WREQ_ORDREL and no peer")); 4532 tl_discon_ind(tep, 0); 4533 return; 4534 } 4535 break; 4536 4537 default: 4538 /* invalid state for event TE_DATA_REQ */ 4539 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 4540 "tl_data:cots:out of state")); 4541 tl_merror(wq, mp, EPROTO); 4542 return; 4543 } 4544 /* 4545 * tep->te_state = NEXTSTATE(TE_DATA_REQ, tep->te_state); 4546 * (State stays same on this event) 4547 */ 4548 4549 /* 4550 * get connected endpoint 4551 */ 4552 if (((peer_tep = tep->te_conp) == NULL) || peer_tep->te_closing) { 4553 freemsg(mp); 4554 /* Peer closed */ 4555 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE, 4556 "tl_data: peer gone")); 4557 return; 4558 } 4559 4560 ASSERT(tep->te_serializer == peer_tep->te_serializer); 4561 peer_rq = peer_tep->te_rq; 4562 4563 /* 4564 * Put it back if flow controlled 4565 * Note: Messages already on queue when we are closing is bounded 4566 * so we can ignore flow control. 4567 */ 4568 if (!canputnext(peer_rq) && !closing) { 4569 TL_PUTBQ(tep, mp); 4570 return; 4571 } 4572 4573 /* 4574 * validate peer state 4575 */ 4576 switch (peer_tep->te_state) { 4577 case TS_DATA_XFER: 4578 case TS_WIND_ORDREL: 4579 /* valid states */ 4580 break; 4581 default: 4582 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 4583 "tl_data:rx side:invalid state")); 4584 tl_merror(peer_tep->te_wq, mp, EPROTO); 4585 return; 4586 } 4587 if (DB_TYPE(mp) == M_PROTO) { 4588 /* reuse message block - just change REQ to IND */ 4589 if (prim->type == T_DATA_REQ) 4590 prim->type = T_DATA_IND; 4591 else 4592 prim->type = T_OPTDATA_IND; 4593 } 4594 /* 4595 * peer_tep->te_state = NEXTSTATE(TE_DATA_IND, peer_tep->te_state); 4596 * (peer state stays same on this event) 4597 */ 4598 /* 4599 * send data to connected peer 4600 */ 4601 putnext(peer_rq, mp); 4602 } 4603 4604 4605 4606 static void 4607 tl_exdata(mblk_t *mp, tl_endpt_t *tep) 4608 { 4609 queue_t *wq = tep->te_wq; 4610 union T_primitives *prim = (union T_primitives *)mp->b_rptr; 4611 ssize_t msz = MBLKL(mp); 4612 tl_endpt_t *peer_tep; 4613 queue_t *peer_rq; 4614 boolean_t closing = tep->te_closing; 4615 4616 if (msz < sizeof (struct T_exdata_req)) { 4617 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 4618 "tl_exdata:invalid message")); 4619 if (!closing) { 4620 tl_merror(wq, mp, EPROTO); 4621 } else { 4622 freemsg(mp); 4623 } 4624 return; 4625 } 4626 4627 /* 4628 * If the endpoint is closing it should still forward any data to the 4629 * peer (if it has one). If it is not allowed to forward it can just 4630 * free the message. 4631 */ 4632 if (closing && 4633 (tep->te_state != TS_DATA_XFER) && 4634 (tep->te_state != TS_WREQ_ORDREL)) { 4635 freemsg(mp); 4636 return; 4637 } 4638 4639 /* 4640 * validate state 4641 */ 4642 switch (tep->te_state) { 4643 case TS_IDLE: 4644 /* 4645 * Other end not here - do nothing. 4646 */ 4647 freemsg(mp); 4648 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE|SL_ERROR, 4649 "tl_exdata:cots with endpoint idle")); 4650 return; 4651 4652 case TS_DATA_XFER: 4653 /* valid states */ 4654 if (tep->te_conp != NULL) 4655 break; 4656 4657 if (tep->te_oconp == NULL) { 4658 if (!closing) { 4659 tl_merror(wq, mp, EPROTO); 4660 } else { 4661 freemsg(mp); 4662 } 4663 return; 4664 } 4665 /* 4666 * For a socket the T_CONN_CON is sent early thus 4667 * the peer might not yet have accepted the connection. 4668 * If we are closing queue the packet with the T_CONN_IND. 4669 * Otherwise defer processing the packet until the peer 4670 * accepts the connection. 4671 * Note that the queue is noenabled when we go into this 4672 * state. 4673 */ 4674 if (!closing) { 4675 (void) (STRLOG(TL_ID, tep->te_minor, 1, 4676 SL_TRACE|SL_ERROR, 4677 "tl_exdata: ocon")); 4678 TL_PUTBQ(tep, mp); 4679 return; 4680 } 4681 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 4682 "tl_exdata: closing socket ocon")); 4683 prim->type = T_EXDATA_IND; 4684 tl_icon_queuemsg(tep->te_oconp, tep->te_seqno, mp); 4685 return; 4686 4687 case TS_WREQ_ORDREL: 4688 if (tep->te_conp == NULL) { 4689 /* 4690 * Other end closed - generate discon_ind 4691 * with reason 0 to cause an EPIPE but no 4692 * read side error on AF_UNIX sockets. 4693 */ 4694 freemsg(mp); 4695 (void) (STRLOG(TL_ID, tep->te_minor, 3, 4696 SL_TRACE|SL_ERROR, 4697 "tl_exdata: WREQ_ORDREL and no peer")); 4698 tl_discon_ind(tep, 0); 4699 return; 4700 } 4701 break; 4702 4703 default: 4704 (void) (STRLOG(TL_ID, tep->te_minor, 1, 4705 SL_TRACE|SL_ERROR, 4706 "tl_wput:T_EXDATA_REQ:out of state, state=%d", 4707 tep->te_state)); 4708 tl_merror(wq, mp, EPROTO); 4709 return; 4710 } 4711 /* 4712 * tep->te_state = NEXTSTATE(TE_EXDATA_REQ, tep->te_state); 4713 * (state stays same on this event) 4714 */ 4715 4716 /* 4717 * get connected endpoint 4718 */ 4719 if (((peer_tep = tep->te_conp) == NULL) || peer_tep->te_closing) { 4720 freemsg(mp); 4721 /* Peer closed */ 4722 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE, 4723 "tl_exdata: peer gone")); 4724 return; 4725 } 4726 4727 peer_rq = peer_tep->te_rq; 4728 4729 /* 4730 * Put it back if flow controlled 4731 * Note: Messages already on queue when we are closing is bounded 4732 * so we can ignore flow control. 4733 */ 4734 if (!canputnext(peer_rq) && !closing) { 4735 TL_PUTBQ(tep, mp); 4736 return; 4737 } 4738 4739 /* 4740 * validate state on peer 4741 */ 4742 switch (peer_tep->te_state) { 4743 case TS_DATA_XFER: 4744 case TS_WIND_ORDREL: 4745 /* valid states */ 4746 break; 4747 default: 4748 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 4749 "tl_exdata:rx side:invalid state")); 4750 tl_merror(peer_tep->te_wq, mp, EPROTO); 4751 return; 4752 } 4753 /* 4754 * peer_tep->te_state = NEXTSTATE(TE_DATA_IND, peer_tep->te_state); 4755 * (peer state stays same on this event) 4756 */ 4757 /* 4758 * reuse message block 4759 */ 4760 prim->type = T_EXDATA_IND; 4761 4762 /* 4763 * send data to connected peer 4764 */ 4765 putnext(peer_rq, mp); 4766 } 4767 4768 4769 4770 static void 4771 tl_ordrel(mblk_t *mp, tl_endpt_t *tep) 4772 { 4773 queue_t *wq = tep->te_wq; 4774 union T_primitives *prim = (union T_primitives *)mp->b_rptr; 4775 ssize_t msz = MBLKL(mp); 4776 tl_endpt_t *peer_tep; 4777 queue_t *peer_rq; 4778 boolean_t closing = tep->te_closing; 4779 4780 if (msz < sizeof (struct T_ordrel_req)) { 4781 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 4782 "tl_ordrel:invalid message")); 4783 if (!closing) { 4784 tl_merror(wq, mp, EPROTO); 4785 } else { 4786 freemsg(mp); 4787 } 4788 return; 4789 } 4790 4791 /* 4792 * validate state 4793 */ 4794 switch (tep->te_state) { 4795 case TS_DATA_XFER: 4796 case TS_WREQ_ORDREL: 4797 /* valid states */ 4798 if (tep->te_conp != NULL) 4799 break; 4800 4801 if (tep->te_oconp == NULL) 4802 break; 4803 4804 /* 4805 * For a socket the T_CONN_CON is sent early thus 4806 * the peer might not yet have accepted the connection. 4807 * If we are closing queue the packet with the T_CONN_IND. 4808 * Otherwise defer processing the packet until the peer 4809 * accepts the connection. 4810 * Note that the queue is noenabled when we go into this 4811 * state. 4812 */ 4813 if (!closing) { 4814 (void) (STRLOG(TL_ID, tep->te_minor, 1, 4815 SL_TRACE|SL_ERROR, 4816 "tl_ordlrel: ocon")); 4817 TL_PUTBQ(tep, mp); 4818 return; 4819 } 4820 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 4821 "tl_ordlrel: closing socket ocon")); 4822 prim->type = T_ORDREL_IND; 4823 (void) tl_icon_queuemsg(tep->te_oconp, tep->te_seqno, mp); 4824 return; 4825 4826 default: 4827 (void) (STRLOG(TL_ID, tep->te_minor, 1, 4828 SL_TRACE|SL_ERROR, 4829 "tl_wput:T_ORDREL_REQ:out of state, state=%d", 4830 tep->te_state)); 4831 if (!closing) { 4832 tl_merror(wq, mp, EPROTO); 4833 } else { 4834 freemsg(mp); 4835 } 4836 return; 4837 } 4838 tep->te_state = NEXTSTATE(TE_ORDREL_REQ, tep->te_state); 4839 4840 /* 4841 * get connected endpoint 4842 */ 4843 if (((peer_tep = tep->te_conp) == NULL) || peer_tep->te_closing) { 4844 /* Peer closed */ 4845 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE, 4846 "tl_ordrel: peer gone")); 4847 freemsg(mp); 4848 return; 4849 } 4850 4851 peer_rq = peer_tep->te_rq; 4852 4853 /* 4854 * Put it back if flow controlled except when we are closing. 4855 * Note: Messages already on queue when we are closing is bounded 4856 * so we can ignore flow control. 4857 */ 4858 if (! canputnext(peer_rq) && !closing) { 4859 TL_PUTBQ(tep, mp); 4860 return; 4861 } 4862 4863 /* 4864 * validate state on peer 4865 */ 4866 switch (peer_tep->te_state) { 4867 case TS_DATA_XFER: 4868 case TS_WIND_ORDREL: 4869 /* valid states */ 4870 break; 4871 default: 4872 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 4873 "tl_ordrel:rx side:invalid state")); 4874 tl_merror(peer_tep->te_wq, mp, EPROTO); 4875 return; 4876 } 4877 peer_tep->te_state = NEXTSTATE(TE_ORDREL_IND, peer_tep->te_state); 4878 4879 /* 4880 * reuse message block 4881 */ 4882 prim->type = T_ORDREL_IND; 4883 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE, 4884 "tl_ordrel: send ordrel_ind")); 4885 4886 /* 4887 * send data to connected peer 4888 */ 4889 putnext(peer_rq, mp); 4890 } 4891 4892 4893 /* 4894 * Send T_UDERROR_IND. The error should be from the <sys/errno.h> space. 4895 */ 4896 static void 4897 tl_uderr(queue_t *wq, mblk_t *mp, t_scalar_t err) 4898 { 4899 size_t err_sz; 4900 tl_endpt_t *tep; 4901 struct T_unitdata_req *udreq; 4902 mblk_t *err_mp; 4903 t_scalar_t alen; 4904 t_scalar_t olen; 4905 struct T_uderror_ind *uderr; 4906 uchar_t *addr_startp; 4907 4908 err_sz = sizeof (struct T_uderror_ind); 4909 tep = (tl_endpt_t *)wq->q_ptr; 4910 udreq = (struct T_unitdata_req *)mp->b_rptr; 4911 alen = udreq->DEST_length; 4912 olen = udreq->OPT_length; 4913 4914 if (alen > 0) 4915 err_sz = T_ALIGN(err_sz + alen); 4916 if (olen > 0) 4917 err_sz += olen; 4918 4919 err_mp = allocb(err_sz, BPRI_MED); 4920 if (! err_mp) { 4921 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE|SL_ERROR, 4922 "tl_uderr:allocb failure")); 4923 /* 4924 * Note: no rollback of state needed as it does 4925 * not change in connectionless transport 4926 */ 4927 tl_memrecover(wq, mp, err_sz); 4928 return; 4929 } 4930 4931 DB_TYPE(err_mp) = M_PROTO; 4932 err_mp->b_wptr = err_mp->b_rptr + err_sz; 4933 uderr = (struct T_uderror_ind *)err_mp->b_rptr; 4934 uderr->PRIM_type = T_UDERROR_IND; 4935 uderr->ERROR_type = err; 4936 uderr->DEST_length = alen; 4937 uderr->OPT_length = olen; 4938 if (alen <= 0) { 4939 uderr->DEST_offset = 0; 4940 } else { 4941 uderr->DEST_offset = 4942 (t_scalar_t)sizeof (struct T_uderror_ind); 4943 addr_startp = mp->b_rptr + udreq->DEST_offset; 4944 bcopy(addr_startp, err_mp->b_rptr + uderr->DEST_offset, 4945 (size_t)alen); 4946 } 4947 if (olen <= 0) { 4948 uderr->OPT_offset = 0; 4949 } else { 4950 uderr->OPT_offset = 4951 (t_scalar_t)T_ALIGN(sizeof (struct T_uderror_ind) + 4952 uderr->DEST_length); 4953 addr_startp = mp->b_rptr + udreq->OPT_offset; 4954 bcopy(addr_startp, err_mp->b_rptr+uderr->OPT_offset, 4955 (size_t)olen); 4956 } 4957 freemsg(mp); 4958 4959 /* 4960 * send indication message 4961 */ 4962 tep->te_state = NEXTSTATE(TE_UDERROR_IND, tep->te_state); 4963 4964 qreply(wq, err_mp); 4965 } 4966 4967 static void 4968 tl_unitdata_ser(mblk_t *mp, tl_endpt_t *tep) 4969 { 4970 queue_t *wq = tep->te_wq; 4971 4972 if (!tep->te_closing && (wq->q_first != NULL)) { 4973 TL_PUTQ(tep, mp); 4974 } else if (tep->te_rq != NULL) 4975 tl_unitdata(mp, tep); 4976 else 4977 freemsg(mp); 4978 4979 tl_serializer_exit(tep); 4980 tl_refrele(tep); 4981 } 4982 4983 /* 4984 * Handle T_unitdata_req. 4985 * If TL_SET[U]CRED or TL_SOCKUCRED generate the credentials options. 4986 * If this is a socket pass through options unmodified. 4987 */ 4988 static void 4989 tl_unitdata(mblk_t *mp, tl_endpt_t *tep) 4990 { 4991 queue_t *wq = tep->te_wq; 4992 soux_addr_t ux_addr; 4993 tl_addr_t destaddr; 4994 uchar_t *addr_startp; 4995 tl_endpt_t *peer_tep; 4996 struct T_unitdata_ind *udind; 4997 struct T_unitdata_req *udreq; 4998 ssize_t msz, ui_sz; 4999 t_scalar_t alen, aoff, olen, ooff; 5000 t_scalar_t oldolen = 0; 5001 cred_t *cr = NULL; 5002 pid_t cpid; 5003 5004 udreq = (struct T_unitdata_req *)mp->b_rptr; 5005 msz = MBLKL(mp); 5006 5007 /* 5008 * validate the state 5009 */ 5010 if (tep->te_state != TS_IDLE) { 5011 (void) (STRLOG(TL_ID, tep->te_minor, 1, 5012 SL_TRACE|SL_ERROR, 5013 "tl_wput:T_CONN_REQ:out of state")); 5014 tl_merror(wq, mp, EPROTO); 5015 return; 5016 } 5017 /* 5018 * tep->te_state = NEXTSTATE(TE_UNITDATA_REQ, tep->te_state); 5019 * (state does not change on this event) 5020 */ 5021 5022 /* 5023 * validate the message 5024 * Note: dereference fields in struct inside message only 5025 * after validating the message length. 5026 */ 5027 if (msz < sizeof (struct T_unitdata_req)) { 5028 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 5029 "tl_unitdata:invalid message length")); 5030 tl_merror(wq, mp, EINVAL); 5031 return; 5032 } 5033 alen = udreq->DEST_length; 5034 aoff = udreq->DEST_offset; 5035 oldolen = olen = udreq->OPT_length; 5036 ooff = udreq->OPT_offset; 5037 if (olen == 0) 5038 ooff = 0; 5039 5040 if (IS_SOCKET(tep)) { 5041 if ((alen != TL_SOUX_ADDRLEN) || 5042 (aoff < 0) || 5043 (aoff + alen > msz) || 5044 (olen < 0) || (ooff < 0) || 5045 ((olen > 0) && ((ooff + olen) > msz))) { 5046 (void) (STRLOG(TL_ID, tep->te_minor, 5047 1, SL_TRACE|SL_ERROR, 5048 "tl_unitdata_req: invalid socket addr " 5049 "(msz=%d, al=%d, ao=%d, ol=%d, oo = %d)", 5050 (int)msz, alen, aoff, olen, ooff)); 5051 tl_error_ack(wq, mp, TSYSERR, EINVAL, T_UNITDATA_REQ); 5052 return; 5053 } 5054 bcopy(mp->b_rptr + aoff, &ux_addr, TL_SOUX_ADDRLEN); 5055 5056 if ((ux_addr.soua_magic != SOU_MAGIC_IMPLICIT) && 5057 (ux_addr.soua_magic != SOU_MAGIC_EXPLICIT)) { 5058 (void) (STRLOG(TL_ID, tep->te_minor, 5059 1, SL_TRACE|SL_ERROR, 5060 "tl_conn_req: invalid socket magic")); 5061 tl_error_ack(wq, mp, TSYSERR, EINVAL, T_UNITDATA_REQ); 5062 return; 5063 } 5064 } else { 5065 if ((alen < 0) || 5066 (aoff < 0) || 5067 ((alen > 0) && ((aoff + alen) > msz)) || 5068 ((ssize_t)alen > (msz - sizeof (struct T_unitdata_req))) || 5069 ((aoff + alen) < 0) || 5070 ((olen > 0) && ((ooff + olen) > msz)) || 5071 (olen < 0) || 5072 (ooff < 0) || 5073 ((ssize_t)olen > (msz - sizeof (struct T_unitdata_req)))) { 5074 (void) (STRLOG(TL_ID, tep->te_minor, 1, 5075 SL_TRACE|SL_ERROR, 5076 "tl_unitdata:invalid unit data message")); 5077 tl_merror(wq, mp, EINVAL); 5078 return; 5079 } 5080 } 5081 5082 /* Options not supported unless it's a socket */ 5083 if (alen == 0 || (olen != 0 && !IS_SOCKET(tep))) { 5084 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE|SL_ERROR, 5085 "tl_unitdata:option use(unsupported) or zero len addr")); 5086 tl_uderr(wq, mp, EPROTO); 5087 return; 5088 } 5089 #ifdef DEBUG 5090 /* 5091 * Mild form of ASSERT()ion to detect broken TPI apps. 5092 * if (! assertion) 5093 * log warning; 5094 */ 5095 if (! (aoff >= (t_scalar_t)sizeof (struct T_unitdata_req))) { 5096 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE|SL_ERROR, 5097 "tl_unitdata:addr overlaps TPI message")); 5098 } 5099 #endif 5100 /* 5101 * get destination endpoint 5102 */ 5103 destaddr.ta_alen = alen; 5104 destaddr.ta_abuf = mp->b_rptr + aoff; 5105 destaddr.ta_zoneid = tep->te_zoneid; 5106 5107 /* 5108 * Check whether the destination is the same that was used previously 5109 * and the destination endpoint is in the right state. If something is 5110 * wrong, find destination again and cache it. 5111 */ 5112 peer_tep = tep->te_lastep; 5113 5114 if ((peer_tep == NULL) || peer_tep->te_closing || 5115 (peer_tep->te_state != TS_IDLE) || 5116 !tl_eqaddr(&destaddr, &peer_tep->te_ap)) { 5117 /* 5118 * Not the same as cached destination , need to find the right 5119 * destination. 5120 */ 5121 peer_tep = (IS_SOCKET(tep) ? 5122 tl_sock_find_peer(tep, &ux_addr) : 5123 tl_find_peer(tep, &destaddr)); 5124 5125 if (peer_tep == NULL) { 5126 (void) (STRLOG(TL_ID, tep->te_minor, 3, 5127 SL_TRACE|SL_ERROR, 5128 "tl_unitdata:no one at destination address")); 5129 tl_uderr(wq, mp, ECONNRESET); 5130 return; 5131 } 5132 5133 /* 5134 * Cache the new peer. 5135 */ 5136 if (tep->te_lastep != NULL) 5137 tl_refrele(tep->te_lastep); 5138 5139 tep->te_lastep = peer_tep; 5140 } 5141 5142 if (peer_tep->te_state != TS_IDLE) { 5143 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 5144 "tl_unitdata:provider in invalid state")); 5145 tl_uderr(wq, mp, EPROTO); 5146 return; 5147 } 5148 5149 ASSERT(peer_tep->te_rq != NULL); 5150 5151 /* 5152 * Put it back if flow controlled except when we are closing. 5153 * Note: Messages already on queue when we are closing is bounded 5154 * so we can ignore flow control. 5155 */ 5156 if (!canputnext(peer_tep->te_rq) && !(tep->te_closing)) { 5157 /* record what we are flow controlled on */ 5158 if (tep->te_flowq != NULL) { 5159 list_remove(&tep->te_flowq->te_flowlist, tep); 5160 } 5161 list_insert_head(&peer_tep->te_flowlist, tep); 5162 tep->te_flowq = peer_tep; 5163 TL_PUTBQ(tep, mp); 5164 return; 5165 } 5166 /* 5167 * prepare indication message 5168 */ 5169 5170 /* 5171 * calculate length of message 5172 */ 5173 if (peer_tep->te_flag & (TL_SETCRED|TL_SETUCRED|TL_SOCKUCRED)) { 5174 cr = msg_getcred(mp, &cpid); 5175 ASSERT(cr != NULL); 5176 5177 if (peer_tep->te_flag & TL_SETCRED) { 5178 ASSERT(olen == 0); 5179 olen = (t_scalar_t)sizeof (struct opthdr) + 5180 OPTLEN(sizeof (tl_credopt_t)); 5181 /* 1 option only */ 5182 } else if (peer_tep->te_flag & TL_SETUCRED) { 5183 ASSERT(olen == 0); 5184 olen = (t_scalar_t)sizeof (struct opthdr) + 5185 OPTLEN(ucredminsize(cr)); 5186 /* 1 option only */ 5187 } else { 5188 /* Possibly more than one option */ 5189 olen += (t_scalar_t)sizeof (struct T_opthdr) + 5190 OPTLEN(ucredminsize(cr)); 5191 } 5192 } 5193 5194 ui_sz = T_ALIGN(sizeof (struct T_unitdata_ind) + tep->te_alen) + 5195 olen; 5196 /* 5197 * If the unitdata_ind fits and we are not adding options 5198 * reuse the udreq mblk. 5199 */ 5200 if (msz >= ui_sz && alen >= tep->te_alen && 5201 !(peer_tep->te_flag & (TL_SETCRED|TL_SETUCRED|TL_SOCKUCRED))) { 5202 /* 5203 * Reuse the original mblk. Leave options in place. 5204 */ 5205 udind = (struct T_unitdata_ind *)mp->b_rptr; 5206 udind->PRIM_type = T_UNITDATA_IND; 5207 udind->SRC_length = tep->te_alen; 5208 addr_startp = mp->b_rptr + udind->SRC_offset; 5209 bcopy(tep->te_abuf, addr_startp, tep->te_alen); 5210 } else { 5211 /* Allocate a new T_unidata_ind message */ 5212 mblk_t *ui_mp; 5213 5214 ui_mp = allocb(ui_sz, BPRI_MED); 5215 if (! ui_mp) { 5216 (void) (STRLOG(TL_ID, tep->te_minor, 4, SL_TRACE, 5217 "tl_unitdata:allocb failure:message queued")); 5218 tl_memrecover(wq, mp, ui_sz); 5219 return; 5220 } 5221 5222 /* 5223 * fill in T_UNITDATA_IND contents 5224 */ 5225 DB_TYPE(ui_mp) = M_PROTO; 5226 ui_mp->b_wptr = ui_mp->b_rptr + ui_sz; 5227 udind = (struct T_unitdata_ind *)ui_mp->b_rptr; 5228 udind->PRIM_type = T_UNITDATA_IND; 5229 udind->SRC_offset = (t_scalar_t)sizeof (struct T_unitdata_ind); 5230 udind->SRC_length = tep->te_alen; 5231 addr_startp = ui_mp->b_rptr + udind->SRC_offset; 5232 bcopy(tep->te_abuf, addr_startp, tep->te_alen); 5233 udind->OPT_offset = 5234 (t_scalar_t)T_ALIGN(udind->SRC_offset + udind->SRC_length); 5235 udind->OPT_length = olen; 5236 if (peer_tep->te_flag & (TL_SETCRED|TL_SETUCRED|TL_SOCKUCRED)) { 5237 5238 if (oldolen != 0) { 5239 bcopy((void *)((uintptr_t)udreq + ooff), 5240 (void *)((uintptr_t)udind + 5241 udind->OPT_offset), 5242 oldolen); 5243 } 5244 ASSERT(cr != NULL); 5245 5246 tl_fill_option(ui_mp->b_rptr + udind->OPT_offset + 5247 oldolen, cr, cpid, 5248 peer_tep->te_flag, peer_tep->te_credp); 5249 } else { 5250 bcopy((void *)((uintptr_t)udreq + ooff), 5251 (void *)((uintptr_t)udind + udind->OPT_offset), 5252 olen); 5253 } 5254 5255 /* 5256 * relink data blocks from mp to ui_mp 5257 */ 5258 ui_mp->b_cont = mp->b_cont; 5259 freeb(mp); 5260 mp = ui_mp; 5261 } 5262 /* 5263 * send indication message 5264 */ 5265 peer_tep->te_state = NEXTSTATE(TE_UNITDATA_IND, peer_tep->te_state); 5266 putnext(peer_tep->te_rq, mp); 5267 } 5268 5269 5270 5271 /* 5272 * Check if a given addr is in use. 5273 * Endpoint ptr returned or NULL if not found. 5274 * The name space is separate for each mode. This implies that 5275 * sockets get their own name space. 5276 */ 5277 static tl_endpt_t * 5278 tl_find_peer(tl_endpt_t *tep, tl_addr_t *ap) 5279 { 5280 tl_endpt_t *peer_tep = NULL; 5281 int rc = mod_hash_find_cb(tep->te_addrhash, (mod_hash_key_t)ap, 5282 (mod_hash_val_t *)&peer_tep, tl_find_callback); 5283 5284 ASSERT(! IS_SOCKET(tep)); 5285 5286 ASSERT(ap != NULL && ap->ta_alen > 0); 5287 ASSERT(ap->ta_zoneid == tep->te_zoneid); 5288 ASSERT(ap->ta_abuf != NULL); 5289 EQUIV(rc == 0, peer_tep != NULL); 5290 IMPLY(rc == 0, 5291 (tep->te_zoneid == peer_tep->te_zoneid) && 5292 (tep->te_transport == peer_tep->te_transport)); 5293 5294 if ((rc == 0) && (peer_tep->te_closing)) { 5295 tl_refrele(peer_tep); 5296 peer_tep = NULL; 5297 } 5298 5299 return (peer_tep); 5300 } 5301 5302 /* 5303 * Find peer for a socket based on unix domain address. 5304 * For implicit addresses our peer can be found by minor number in ai hash. For 5305 * explicit binds we look vnode address at addr_hash. 5306 */ 5307 static tl_endpt_t * 5308 tl_sock_find_peer(tl_endpt_t *tep, soux_addr_t *ux_addr) 5309 { 5310 tl_endpt_t *peer_tep = NULL; 5311 mod_hash_t *hash = ux_addr->soua_magic == SOU_MAGIC_IMPLICIT ? 5312 tep->te_aihash : tep->te_addrhash; 5313 int rc = mod_hash_find_cb(hash, (mod_hash_key_t)ux_addr->soua_vp, 5314 (mod_hash_val_t *)&peer_tep, tl_find_callback); 5315 5316 ASSERT(IS_SOCKET(tep)); 5317 EQUIV(rc == 0, peer_tep != NULL); 5318 IMPLY(rc == 0, (tep->te_transport == peer_tep->te_transport)); 5319 5320 if (peer_tep != NULL) { 5321 /* Don't attempt to use closing peer. */ 5322 if (peer_tep->te_closing) 5323 goto errout; 5324 5325 /* 5326 * Cross-zone unix sockets are permitted, but for Trusted 5327 * Extensions only, the "server" for these must be in the 5328 * global zone. 5329 */ 5330 if ((peer_tep->te_zoneid != tep->te_zoneid) && 5331 is_system_labeled() && 5332 (peer_tep->te_zoneid != GLOBAL_ZONEID)) 5333 goto errout; 5334 } 5335 5336 return (peer_tep); 5337 5338 errout: 5339 tl_refrele(peer_tep); 5340 return (NULL); 5341 } 5342 5343 /* 5344 * Generate a free addr and return it in struct pointed by ap 5345 * but allocating space for address buffer. 5346 * The generated address will be at least 4 bytes long and, if req->ta_alen 5347 * exceeds 4 bytes, be req->ta_alen bytes long. 5348 * 5349 * If address is found it will be inserted in the hash. 5350 * 5351 * If req->ta_alen is larger than the default alen (4 bytes) the last 5352 * alen-4 bytes will always be the same as in req. 5353 * 5354 * Return 0 for failure. 5355 * Return non-zero for success. 5356 */ 5357 static boolean_t 5358 tl_get_any_addr(tl_endpt_t *tep, tl_addr_t *req) 5359 { 5360 t_scalar_t alen; 5361 uint32_t loopcnt; /* Limit loop to 2^32 */ 5362 5363 ASSERT(tep->te_hash_hndl != NULL); 5364 ASSERT(! IS_SOCKET(tep)); 5365 5366 if (tep->te_hash_hndl == NULL) 5367 return (B_FALSE); 5368 5369 /* 5370 * check if default addr is in use 5371 * if it is - bump it and try again 5372 */ 5373 if (req == NULL) { 5374 alen = sizeof (uint32_t); 5375 } else { 5376 alen = max(req->ta_alen, sizeof (uint32_t)); 5377 ASSERT(tep->te_zoneid == req->ta_zoneid); 5378 } 5379 5380 if (tep->te_alen < alen) { 5381 void *abuf = kmem_zalloc((size_t)alen, KM_NOSLEEP); 5382 5383 /* 5384 * Not enough space in tep->ta_ap to hold the address, 5385 * allocate a bigger space. 5386 */ 5387 if (abuf == NULL) 5388 return (B_FALSE); 5389 5390 if (tep->te_alen > 0) 5391 kmem_free(tep->te_abuf, tep->te_alen); 5392 5393 tep->te_alen = alen; 5394 tep->te_abuf = abuf; 5395 } 5396 5397 /* Copy in the address in req */ 5398 if (req != NULL) { 5399 ASSERT(alen >= req->ta_alen); 5400 bcopy(req->ta_abuf, tep->te_abuf, (size_t)req->ta_alen); 5401 } 5402 5403 /* 5404 * First try minor number then try default addresses. 5405 */ 5406 bcopy(&tep->te_minor, tep->te_abuf, sizeof (uint32_t)); 5407 5408 for (loopcnt = 0; loopcnt < UINT32_MAX; loopcnt++) { 5409 if (mod_hash_insert_reserve(tep->te_addrhash, 5410 (mod_hash_key_t)&tep->te_ap, (mod_hash_val_t)tep, 5411 tep->te_hash_hndl) == 0) { 5412 /* 5413 * found free address 5414 */ 5415 tep->te_flag |= TL_ADDRHASHED; 5416 tep->te_hash_hndl = NULL; 5417 5418 return (B_TRUE); /* successful return */ 5419 } 5420 /* 5421 * Use default address. 5422 */ 5423 bcopy(&tep->te_defaddr, tep->te_abuf, sizeof (uint32_t)); 5424 atomic_add_32(&tep->te_defaddr, 1); 5425 } 5426 5427 /* 5428 * Failed to find anything. 5429 */ 5430 (void) (STRLOG(TL_ID, -1, 1, SL_ERROR, 5431 "tl_get_any_addr:looped 2^32 times")); 5432 return (B_FALSE); 5433 } 5434 5435 /* 5436 * reallocb + set r/w ptrs to reflect size. 5437 */ 5438 static mblk_t * 5439 tl_resizemp(mblk_t *mp, ssize_t new_size) 5440 { 5441 if ((mp = reallocb(mp, new_size, 0)) == NULL) 5442 return (NULL); 5443 5444 mp->b_rptr = DB_BASE(mp); 5445 mp->b_wptr = mp->b_rptr + new_size; 5446 return (mp); 5447 } 5448 5449 static void 5450 tl_cl_backenable(tl_endpt_t *tep) 5451 { 5452 list_t *l = &tep->te_flowlist; 5453 tl_endpt_t *elp; 5454 5455 ASSERT(IS_CLTS(tep)); 5456 5457 for (elp = list_head(l); elp != NULL; elp = list_head(l)) { 5458 ASSERT(tep->te_ser == elp->te_ser); 5459 ASSERT(elp->te_flowq == tep); 5460 if (! elp->te_closing) 5461 TL_QENABLE(elp); 5462 elp->te_flowq = NULL; 5463 list_remove(l, elp); 5464 } 5465 } 5466 5467 /* 5468 * Unconnect endpoints. 5469 */ 5470 static void 5471 tl_co_unconnect(tl_endpt_t *tep) 5472 { 5473 tl_endpt_t *peer_tep = tep->te_conp; 5474 tl_endpt_t *srv_tep = tep->te_oconp; 5475 list_t *l; 5476 tl_icon_t *tip; 5477 tl_endpt_t *cl_tep; 5478 mblk_t *d_mp; 5479 5480 ASSERT(IS_COTS(tep)); 5481 /* 5482 * If our peer is closing, don't use it. 5483 */ 5484 if ((peer_tep != NULL) && peer_tep->te_closing) { 5485 TL_UNCONNECT(tep->te_conp); 5486 peer_tep = NULL; 5487 } 5488 if ((srv_tep != NULL) && srv_tep->te_closing) { 5489 TL_UNCONNECT(tep->te_oconp); 5490 srv_tep = NULL; 5491 } 5492 5493 if (tep->te_nicon > 0) { 5494 l = &tep->te_iconp; 5495 /* 5496 * If incoming requests pending, change state 5497 * of clients on disconnect ind event and send 5498 * discon_ind pdu to modules above them 5499 * for server: all clients get disconnect 5500 */ 5501 5502 while (tep->te_nicon > 0) { 5503 tip = list_head(l); 5504 cl_tep = tip->ti_tep; 5505 5506 if (cl_tep == NULL) { 5507 tl_freetip(tep, tip); 5508 continue; 5509 } 5510 5511 if (cl_tep->te_oconp != NULL) { 5512 ASSERT(cl_tep != cl_tep->te_oconp); 5513 TL_UNCONNECT(cl_tep->te_oconp); 5514 } 5515 5516 if (cl_tep->te_closing) { 5517 tl_freetip(tep, tip); 5518 continue; 5519 } 5520 5521 enableok(cl_tep->te_wq); 5522 TL_QENABLE(cl_tep); 5523 d_mp = tl_discon_ind_alloc(ECONNREFUSED, BADSEQNUM); 5524 if (d_mp != NULL) { 5525 cl_tep->te_state = TS_IDLE; 5526 putnext(cl_tep->te_rq, d_mp); 5527 } else { 5528 (void) (STRLOG(TL_ID, tep->te_minor, 3, 5529 SL_TRACE|SL_ERROR, 5530 "tl_co_unconnect:icmng: " 5531 "allocb failure")); 5532 } 5533 tl_freetip(tep, tip); 5534 } 5535 } else if (srv_tep != NULL) { 5536 /* 5537 * If outgoing request pending, change state 5538 * of server on discon ind event 5539 */ 5540 5541 if (IS_SOCKET(tep) && !tl_disable_early_connect && 5542 IS_COTSORD(srv_tep) && 5543 !tl_icon_hasprim(srv_tep, tep->te_seqno, T_ORDREL_IND)) { 5544 /* 5545 * Queue ordrel_ind for server to be picked up 5546 * when the connection is accepted. 5547 */ 5548 d_mp = tl_ordrel_ind_alloc(); 5549 } else { 5550 /* 5551 * send discon_ind to server 5552 */ 5553 d_mp = tl_discon_ind_alloc(ECONNRESET, tep->te_seqno); 5554 } 5555 if (d_mp == NULL) { 5556 (void) (STRLOG(TL_ID, tep->te_minor, 3, 5557 SL_TRACE|SL_ERROR, 5558 "tl_co_unconnect:outgoing:allocb failure")); 5559 TL_UNCONNECT(tep->te_oconp); 5560 goto discon_peer; 5561 } 5562 5563 /* 5564 * If this is a socket the T_DISCON_IND is queued with 5565 * the T_CONN_IND. Otherwise the T_CONN_IND is removed 5566 * from the list of pending connections. 5567 * Note that when te_oconp is set the peer better have 5568 * a t_connind_t for the client. 5569 */ 5570 if (IS_SOCKET(tep) && !tl_disable_early_connect) { 5571 /* 5572 * Queue the disconnection message. 5573 */ 5574 tl_icon_queuemsg(srv_tep, tep->te_seqno, d_mp); 5575 } else { 5576 tip = tl_icon_find(srv_tep, tep->te_seqno); 5577 if (tip == NULL) { 5578 freemsg(d_mp); 5579 } else { 5580 ASSERT(tep == tip->ti_tep); 5581 ASSERT(tep->te_ser == srv_tep->te_ser); 5582 /* 5583 * Delete tip from the server list. 5584 */ 5585 if (srv_tep->te_nicon == 1) { 5586 srv_tep->te_state = 5587 NEXTSTATE(TE_DISCON_IND2, 5588 srv_tep->te_state); 5589 } else { 5590 srv_tep->te_state = 5591 NEXTSTATE(TE_DISCON_IND3, 5592 srv_tep->te_state); 5593 } 5594 ASSERT(*(uint32_t *)(d_mp->b_rptr) == 5595 T_DISCON_IND); 5596 putnext(srv_tep->te_rq, d_mp); 5597 tl_freetip(srv_tep, tip); 5598 } 5599 TL_UNCONNECT(tep->te_oconp); 5600 srv_tep = NULL; 5601 } 5602 } else if (peer_tep != NULL) { 5603 /* 5604 * unconnect existing connection 5605 * If connected, change state of peer on 5606 * discon ind event and send discon ind pdu 5607 * to module above it 5608 */ 5609 5610 ASSERT(tep->te_ser == peer_tep->te_ser); 5611 if (IS_COTSORD(peer_tep) && 5612 (peer_tep->te_state == TS_WIND_ORDREL || 5613 peer_tep->te_state == TS_DATA_XFER)) { 5614 /* 5615 * send ordrel ind 5616 */ 5617 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE, 5618 "tl_co_unconnect:connected: ordrel_ind state %d->%d", 5619 peer_tep->te_state, 5620 NEXTSTATE(TE_ORDREL_IND, peer_tep->te_state))); 5621 d_mp = tl_ordrel_ind_alloc(); 5622 if (! d_mp) { 5623 (void) (STRLOG(TL_ID, tep->te_minor, 3, 5624 SL_TRACE|SL_ERROR, 5625 "tl_co_unconnect:connected:" 5626 "allocb failure")); 5627 /* 5628 * Continue with cleaning up peer as 5629 * this side may go away with the close 5630 */ 5631 TL_QENABLE(peer_tep); 5632 goto discon_peer; 5633 } 5634 peer_tep->te_state = 5635 NEXTSTATE(TE_ORDREL_IND, peer_tep->te_state); 5636 5637 putnext(peer_tep->te_rq, d_mp); 5638 /* 5639 * Handle flow control case. This will generate 5640 * a t_discon_ind message with reason 0 if there 5641 * is data queued on the write side. 5642 */ 5643 TL_QENABLE(peer_tep); 5644 } else if (IS_COTSORD(peer_tep) && 5645 peer_tep->te_state == TS_WREQ_ORDREL) { 5646 /* 5647 * Sent an ordrel_ind. We send a discon with 5648 * with error 0 to inform that the peer is gone. 5649 */ 5650 (void) (STRLOG(TL_ID, tep->te_minor, 3, 5651 SL_TRACE|SL_ERROR, 5652 "tl_co_unconnect: discon in state %d", 5653 tep->te_state)); 5654 tl_discon_ind(peer_tep, 0); 5655 } else { 5656 (void) (STRLOG(TL_ID, tep->te_minor, 3, 5657 SL_TRACE|SL_ERROR, 5658 "tl_co_unconnect: state %d", tep->te_state)); 5659 tl_discon_ind(peer_tep, ECONNRESET); 5660 } 5661 5662 discon_peer: 5663 /* 5664 * Disconnect cross-pointers only for close 5665 */ 5666 if (tep->te_closing) { 5667 peer_tep = tep->te_conp; 5668 TL_REMOVE_PEER(peer_tep->te_conp); 5669 TL_REMOVE_PEER(tep->te_conp); 5670 } 5671 } 5672 } 5673 5674 /* 5675 * Note: The following routine does not recover from allocb() 5676 * failures 5677 * The reason should be from the <sys/errno.h> space. 5678 */ 5679 static void 5680 tl_discon_ind(tl_endpt_t *tep, uint32_t reason) 5681 { 5682 mblk_t *d_mp; 5683 5684 if (tep->te_closing) 5685 return; 5686 5687 /* 5688 * flush the queues. 5689 */ 5690 flushq(tep->te_rq, FLUSHDATA); 5691 (void) putnextctl1(tep->te_rq, M_FLUSH, FLUSHRW); 5692 5693 /* 5694 * send discon ind 5695 */ 5696 d_mp = tl_discon_ind_alloc(reason, tep->te_seqno); 5697 if (! d_mp) { 5698 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE|SL_ERROR, 5699 "tl_discon_ind:allocb failure")); 5700 return; 5701 } 5702 tep->te_state = TS_IDLE; 5703 putnext(tep->te_rq, d_mp); 5704 } 5705 5706 /* 5707 * Note: The following routine does not recover from allocb() 5708 * failures 5709 * The reason should be from the <sys/errno.h> space. 5710 */ 5711 static mblk_t * 5712 tl_discon_ind_alloc(uint32_t reason, t_scalar_t seqnum) 5713 { 5714 mblk_t *mp; 5715 struct T_discon_ind *tdi; 5716 5717 if (mp = allocb(sizeof (struct T_discon_ind), BPRI_MED)) { 5718 DB_TYPE(mp) = M_PROTO; 5719 mp->b_wptr = mp->b_rptr + sizeof (struct T_discon_ind); 5720 tdi = (struct T_discon_ind *)mp->b_rptr; 5721 tdi->PRIM_type = T_DISCON_IND; 5722 tdi->DISCON_reason = reason; 5723 tdi->SEQ_number = seqnum; 5724 } 5725 return (mp); 5726 } 5727 5728 5729 /* 5730 * Note: The following routine does not recover from allocb() 5731 * failures 5732 */ 5733 static mblk_t * 5734 tl_ordrel_ind_alloc(void) 5735 { 5736 mblk_t *mp; 5737 struct T_ordrel_ind *toi; 5738 5739 if (mp = allocb(sizeof (struct T_ordrel_ind), BPRI_MED)) { 5740 DB_TYPE(mp) = M_PROTO; 5741 mp->b_wptr = mp->b_rptr + sizeof (struct T_ordrel_ind); 5742 toi = (struct T_ordrel_ind *)mp->b_rptr; 5743 toi->PRIM_type = T_ORDREL_IND; 5744 } 5745 return (mp); 5746 } 5747 5748 5749 /* 5750 * Lookup the seqno in the list of queued connections. 5751 */ 5752 static tl_icon_t * 5753 tl_icon_find(tl_endpt_t *tep, t_scalar_t seqno) 5754 { 5755 list_t *l = &tep->te_iconp; 5756 tl_icon_t *tip = list_head(l); 5757 5758 ASSERT(seqno != 0); 5759 5760 for (; tip != NULL && (tip->ti_seqno != seqno); tip = list_next(l, tip)) 5761 ; 5762 5763 return (tip); 5764 } 5765 5766 /* 5767 * Queue data for a given T_CONN_IND while verifying that redundant 5768 * messages, such as a T_ORDREL_IND after a T_DISCON_IND, are not queued. 5769 * Used when the originator of the connection closes. 5770 */ 5771 static void 5772 tl_icon_queuemsg(tl_endpt_t *tep, t_scalar_t seqno, mblk_t *nmp) 5773 { 5774 tl_icon_t *tip; 5775 mblk_t **mpp, *mp; 5776 int prim, nprim; 5777 5778 if (nmp->b_datap->db_type == M_PROTO) 5779 nprim = ((union T_primitives *)nmp->b_rptr)->type; 5780 else 5781 nprim = -1; /* M_DATA */ 5782 5783 tip = tl_icon_find(tep, seqno); 5784 if (tip == NULL) { 5785 freemsg(nmp); 5786 return; 5787 } 5788 5789 ASSERT(tip->ti_seqno != 0); 5790 mpp = &tip->ti_mp; 5791 while (*mpp != NULL) { 5792 mp = *mpp; 5793 5794 if (mp->b_datap->db_type == M_PROTO) 5795 prim = ((union T_primitives *)mp->b_rptr)->type; 5796 else 5797 prim = -1; /* M_DATA */ 5798 5799 /* 5800 * Allow nothing after a T_DISCON_IND 5801 */ 5802 if (prim == T_DISCON_IND) { 5803 freemsg(nmp); 5804 return; 5805 } 5806 /* 5807 * Only allow a T_DISCON_IND after an T_ORDREL_IND 5808 */ 5809 if (prim == T_ORDREL_IND && nprim != T_DISCON_IND) { 5810 freemsg(nmp); 5811 return; 5812 } 5813 mpp = &(mp->b_next); 5814 } 5815 *mpp = nmp; 5816 } 5817 5818 /* 5819 * Verify if a certain TPI primitive exists on the connind queue. 5820 * Use prim -1 for M_DATA. 5821 * Return non-zero if found. 5822 */ 5823 static boolean_t 5824 tl_icon_hasprim(tl_endpt_t *tep, t_scalar_t seqno, t_scalar_t prim) 5825 { 5826 tl_icon_t *tip = tl_icon_find(tep, seqno); 5827 boolean_t found = B_FALSE; 5828 5829 if (tip != NULL) { 5830 mblk_t *mp; 5831 for (mp = tip->ti_mp; !found && mp != NULL; mp = mp->b_next) { 5832 found = (DB_TYPE(mp) == M_PROTO && 5833 ((union T_primitives *)mp->b_rptr)->type == prim); 5834 } 5835 } 5836 return (found); 5837 } 5838 5839 /* 5840 * Send the b_next mblk chain that has accumulated before the connection 5841 * was accepted. Perform the necessary state transitions. 5842 */ 5843 static void 5844 tl_icon_sendmsgs(tl_endpt_t *tep, mblk_t **mpp) 5845 { 5846 mblk_t *mp; 5847 union T_primitives *primp; 5848 5849 if (tep->te_closing) { 5850 tl_icon_freemsgs(mpp); 5851 return; 5852 } 5853 5854 ASSERT(tep->te_state == TS_DATA_XFER); 5855 ASSERT(tep->te_rq->q_first == NULL); 5856 5857 while ((mp = *mpp) != NULL) { 5858 *mpp = mp->b_next; 5859 mp->b_next = NULL; 5860 5861 ASSERT((DB_TYPE(mp) == M_DATA) || (DB_TYPE(mp) == M_PROTO)); 5862 switch (DB_TYPE(mp)) { 5863 default: 5864 freemsg(mp); 5865 break; 5866 case M_DATA: 5867 putnext(tep->te_rq, mp); 5868 break; 5869 case M_PROTO: 5870 primp = (union T_primitives *)mp->b_rptr; 5871 switch (primp->type) { 5872 case T_UNITDATA_IND: 5873 case T_DATA_IND: 5874 case T_OPTDATA_IND: 5875 case T_EXDATA_IND: 5876 putnext(tep->te_rq, mp); 5877 break; 5878 case T_ORDREL_IND: 5879 tep->te_state = NEXTSTATE(TE_ORDREL_IND, 5880 tep->te_state); 5881 putnext(tep->te_rq, mp); 5882 break; 5883 case T_DISCON_IND: 5884 tep->te_state = TS_IDLE; 5885 putnext(tep->te_rq, mp); 5886 break; 5887 default: 5888 #ifdef DEBUG 5889 cmn_err(CE_PANIC, 5890 "tl_icon_sendmsgs: unknown primitive"); 5891 #endif /* DEBUG */ 5892 freemsg(mp); 5893 break; 5894 } 5895 break; 5896 } 5897 } 5898 } 5899 5900 /* 5901 * Free the b_next mblk chain that has accumulated before the connection 5902 * was accepted. 5903 */ 5904 static void 5905 tl_icon_freemsgs(mblk_t **mpp) 5906 { 5907 mblk_t *mp; 5908 5909 while ((mp = *mpp) != NULL) { 5910 *mpp = mp->b_next; 5911 mp->b_next = NULL; 5912 freemsg(mp); 5913 } 5914 } 5915 5916 /* 5917 * Send M_ERROR 5918 * Note: assumes caller ensured enough space in mp or enough 5919 * memory available. Does not attempt recovery from allocb() 5920 * failures 5921 */ 5922 5923 static void 5924 tl_merror(queue_t *wq, mblk_t *mp, int error) 5925 { 5926 tl_endpt_t *tep = (tl_endpt_t *)wq->q_ptr; 5927 5928 if (tep->te_closing) { 5929 freemsg(mp); 5930 return; 5931 } 5932 5933 (void) (STRLOG(TL_ID, tep->te_minor, 1, 5934 SL_TRACE|SL_ERROR, 5935 "tl_merror: tep=%p, err=%d", (void *)tep, error)); 5936 5937 /* 5938 * flush all messages on queue. we are shutting 5939 * the stream down on fatal error 5940 */ 5941 flushq(wq, FLUSHALL); 5942 if (IS_COTS(tep)) { 5943 /* connection oriented - unconnect endpoints */ 5944 tl_co_unconnect(tep); 5945 } 5946 if (mp->b_cont) { 5947 freemsg(mp->b_cont); 5948 mp->b_cont = NULL; 5949 } 5950 5951 if ((MBLKSIZE(mp) < 1) || (DB_REF(mp) > 1)) { 5952 freemsg(mp); 5953 mp = allocb(1, BPRI_HI); 5954 if (!mp) { 5955 (void) (STRLOG(TL_ID, tep->te_minor, 1, 5956 SL_TRACE|SL_ERROR, 5957 "tl_merror:M_PROTO: out of memory")); 5958 return; 5959 } 5960 } 5961 if (mp) { 5962 DB_TYPE(mp) = M_ERROR; 5963 mp->b_rptr = DB_BASE(mp); 5964 *mp->b_rptr = (char)error; 5965 mp->b_wptr = mp->b_rptr + sizeof (char); 5966 qreply(wq, mp); 5967 } else { 5968 (void) putnextctl1(tep->te_rq, M_ERROR, error); 5969 } 5970 } 5971 5972 static void 5973 tl_fill_option(uchar_t *buf, cred_t *cr, pid_t cpid, int flag, cred_t *pcr) 5974 { 5975 ASSERT(cr != NULL); 5976 5977 if (flag & TL_SETCRED) { 5978 struct opthdr *opt = (struct opthdr *)buf; 5979 tl_credopt_t *tlcred; 5980 5981 opt->level = TL_PROT_LEVEL; 5982 opt->name = TL_OPT_PEER_CRED; 5983 opt->len = (t_uscalar_t)OPTLEN(sizeof (tl_credopt_t)); 5984 5985 tlcred = (tl_credopt_t *)(opt + 1); 5986 tlcred->tc_uid = crgetuid(cr); 5987 tlcred->tc_gid = crgetgid(cr); 5988 tlcred->tc_ruid = crgetruid(cr); 5989 tlcred->tc_rgid = crgetrgid(cr); 5990 tlcred->tc_suid = crgetsuid(cr); 5991 tlcred->tc_sgid = crgetsgid(cr); 5992 tlcred->tc_ngroups = crgetngroups(cr); 5993 } else if (flag & TL_SETUCRED) { 5994 struct opthdr *opt = (struct opthdr *)buf; 5995 5996 opt->level = TL_PROT_LEVEL; 5997 opt->name = TL_OPT_PEER_UCRED; 5998 opt->len = (t_uscalar_t)OPTLEN(ucredminsize(cr)); 5999 6000 (void) cred2ucred(cr, cpid, (void *)(opt + 1), pcr); 6001 } else { 6002 struct T_opthdr *topt = (struct T_opthdr *)buf; 6003 ASSERT(flag & TL_SOCKUCRED); 6004 6005 topt->level = SOL_SOCKET; 6006 topt->name = SCM_UCRED; 6007 topt->len = ucredminsize(cr) + sizeof (*topt); 6008 topt->status = 0; 6009 (void) cred2ucred(cr, cpid, (void *)(topt + 1), pcr); 6010 } 6011 } 6012 6013 /* ARGSUSED */ 6014 static int 6015 tl_default_opt(queue_t *wq, int level, int name, uchar_t *ptr) 6016 { 6017 /* no default value processed in protocol specific code currently */ 6018 return (-1); 6019 } 6020 6021 /* ARGSUSED */ 6022 static int 6023 tl_get_opt(queue_t *wq, int level, int name, uchar_t *ptr) 6024 { 6025 int len; 6026 tl_endpt_t *tep; 6027 int *valp; 6028 6029 tep = (tl_endpt_t *)wq->q_ptr; 6030 6031 len = 0; 6032 6033 /* 6034 * Assumes: option level and name sanity check done elsewhere 6035 */ 6036 6037 switch (level) { 6038 case SOL_SOCKET: 6039 if (! IS_SOCKET(tep)) 6040 break; 6041 switch (name) { 6042 case SO_RECVUCRED: 6043 len = sizeof (int); 6044 valp = (int *)ptr; 6045 *valp = (tep->te_flag & TL_SOCKUCRED) != 0; 6046 break; 6047 default: 6048 break; 6049 } 6050 break; 6051 case TL_PROT_LEVEL: 6052 switch (name) { 6053 case TL_OPT_PEER_CRED: 6054 case TL_OPT_PEER_UCRED: 6055 /* 6056 * option not supposed to retrieved directly 6057 * Only sent in T_CON_{IND,CON}, T_UNITDATA_IND 6058 * when some internal flags set by other options 6059 * Direct retrieval always designed to fail(ignored) 6060 * for this option. 6061 */ 6062 break; 6063 } 6064 } 6065 return (len); 6066 } 6067 6068 /* ARGSUSED */ 6069 static int 6070 tl_set_opt( 6071 queue_t *wq, 6072 uint_t mgmt_flags, 6073 int level, 6074 int name, 6075 uint_t inlen, 6076 uchar_t *invalp, 6077 uint_t *outlenp, 6078 uchar_t *outvalp, 6079 void *thisdg_attrs, 6080 cred_t *cr) 6081 { 6082 int error; 6083 tl_endpt_t *tep; 6084 6085 tep = (tl_endpt_t *)wq->q_ptr; 6086 6087 error = 0; /* NOERROR */ 6088 6089 /* 6090 * Assumes: option level and name sanity checks done elsewhere 6091 */ 6092 6093 switch (level) { 6094 case SOL_SOCKET: 6095 if (! IS_SOCKET(tep)) { 6096 error = EINVAL; 6097 break; 6098 } 6099 /* 6100 * TBD: fill in other AF_UNIX socket options and then stop 6101 * returning error. 6102 */ 6103 switch (name) { 6104 case SO_RECVUCRED: 6105 /* 6106 * We only support this for datagram sockets; 6107 * getpeerucred handles the connection oriented 6108 * transports. 6109 */ 6110 if (! IS_CLTS(tep)) { 6111 error = EINVAL; 6112 break; 6113 } 6114 if (*(int *)invalp == 0) 6115 tep->te_flag &= ~TL_SOCKUCRED; 6116 else 6117 tep->te_flag |= TL_SOCKUCRED; 6118 break; 6119 default: 6120 error = EINVAL; 6121 break; 6122 } 6123 break; 6124 case TL_PROT_LEVEL: 6125 switch (name) { 6126 case TL_OPT_PEER_CRED: 6127 case TL_OPT_PEER_UCRED: 6128 /* 6129 * option not supposed to be set directly 6130 * Its value in initialized for each endpoint at 6131 * driver open time. 6132 * Direct setting always designed to fail for this 6133 * option. 6134 */ 6135 (void) (STRLOG(TL_ID, tep->te_minor, 1, 6136 SL_TRACE|SL_ERROR, 6137 "tl_set_opt: option is not supported")); 6138 error = EPROTO; 6139 break; 6140 } 6141 } 6142 return (error); 6143 } 6144 6145 6146 static void 6147 tl_timer(void *arg) 6148 { 6149 queue_t *wq = arg; 6150 tl_endpt_t *tep = (tl_endpt_t *)wq->q_ptr; 6151 6152 ASSERT(tep); 6153 6154 tep->te_timoutid = 0; 6155 6156 enableok(wq); 6157 /* 6158 * Note: can call wsrv directly here and save context switch 6159 * Consider change when qtimeout (not timeout) is active 6160 */ 6161 qenable(wq); 6162 } 6163 6164 static void 6165 tl_buffer(void *arg) 6166 { 6167 queue_t *wq = arg; 6168 tl_endpt_t *tep = (tl_endpt_t *)wq->q_ptr; 6169 6170 ASSERT(tep); 6171 6172 tep->te_bufcid = 0; 6173 tep->te_nowsrv = B_FALSE; 6174 6175 enableok(wq); 6176 /* 6177 * Note: can call wsrv directly here and save context switch 6178 * Consider change when qbufcall (not bufcall) is active 6179 */ 6180 qenable(wq); 6181 } 6182 6183 static void 6184 tl_memrecover(queue_t *wq, mblk_t *mp, size_t size) 6185 { 6186 tl_endpt_t *tep; 6187 6188 tep = (tl_endpt_t *)wq->q_ptr; 6189 6190 if (tep->te_closing) { 6191 freemsg(mp); 6192 return; 6193 } 6194 noenable(wq); 6195 6196 (void) insq(wq, wq->q_first, mp); 6197 6198 if (tep->te_bufcid || tep->te_timoutid) { 6199 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE|SL_ERROR, 6200 "tl_memrecover:recover %p pending", (void *)wq)); 6201 return; 6202 } 6203 6204 if (!(tep->te_bufcid = qbufcall(wq, size, BPRI_MED, tl_buffer, wq))) { 6205 tep->te_timoutid = qtimeout(wq, tl_timer, wq, 6206 drv_usectohz(TL_BUFWAIT)); 6207 } 6208 } 6209 6210 static void 6211 tl_freetip(tl_endpt_t *tep, tl_icon_t *tip) 6212 { 6213 ASSERT(tip->ti_seqno != 0); 6214 6215 if (tip->ti_mp != NULL) { 6216 tl_icon_freemsgs(&tip->ti_mp); 6217 tip->ti_mp = NULL; 6218 } 6219 if (tip->ti_tep != NULL) { 6220 tl_refrele(tip->ti_tep); 6221 tip->ti_tep = NULL; 6222 } 6223 list_remove(&tep->te_iconp, tip); 6224 kmem_free(tip, sizeof (tl_icon_t)); 6225 tep->te_nicon--; 6226 } 6227 6228 /* 6229 * Remove address from address hash. 6230 */ 6231 static void 6232 tl_addr_unbind(tl_endpt_t *tep) 6233 { 6234 tl_endpt_t *elp; 6235 6236 if (tep->te_flag & TL_ADDRHASHED) { 6237 if (IS_SOCKET(tep)) { 6238 (void) mod_hash_remove(tep->te_addrhash, 6239 (mod_hash_key_t)tep->te_vp, 6240 (mod_hash_val_t *)&elp); 6241 tep->te_vp = (void *)(uintptr_t)tep->te_minor; 6242 tep->te_magic = SOU_MAGIC_IMPLICIT; 6243 } else { 6244 (void) mod_hash_remove(tep->te_addrhash, 6245 (mod_hash_key_t)&tep->te_ap, 6246 (mod_hash_val_t *)&elp); 6247 (void) kmem_free(tep->te_abuf, tep->te_alen); 6248 tep->te_alen = -1; 6249 tep->te_abuf = NULL; 6250 } 6251 tep->te_flag &= ~TL_ADDRHASHED; 6252 } 6253 }