1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25 /*
26 * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
27 * Copyright (c) 2012 by Delphix. All rights reserved.
28 * Copyright 2020 Joyent, Inc.
29 */
30
31 /*
32 * Multithreaded STREAMS Local Transport Provider.
33 *
34 * OVERVIEW
35 * ========
36 *
37 * This driver provides TLI as well as socket semantics. It provides
38 * connectionless, connection oriented, and connection oriented with orderly
39 * release transports for TLI and sockets. Each transport type has separate name
40 * spaces (i.e. it is not possible to connect from a socket to a TLI endpoint) -
41 * this removes any name space conflicts when binding to socket style transport
42 * addresses.
43 *
44 * NOTE: There is one exception: Socket ticots and ticotsord transports share
45 * the same namespace. In fact, sockets always use ticotsord type transport.
46 *
47 * The driver mode is specified during open() by the minor number used for
48 * open.
49 *
50 * The sockets in addition have the following semantic differences:
51 * No support for passing up credentials (TL_SET[U]CRED).
52 *
53 * Options are passed through transparently on T_CONN_REQ to T_CONN_IND,
54 * from T_UNITDATA_REQ to T_UNIDATA_IND, and from T_OPTDATA_REQ to
55 * T_OPTDATA_IND.
56 *
57 * The T_CONN_CON is generated when processing the T_CONN_REQ i.e. before
58 * a T_CONN_RES is received from the acceptor. This means that a socket
59 * connect will complete before the peer has called accept.
60 *
61 *
62 * MULTITHREADING
63 * ==============
64 *
65 * The driver does not use STREAMS protection mechanisms. Instead it uses a
66 * generic "serializer" abstraction. Most of the operations are executed behind
67 * the serializer and are, essentially single-threaded. All functions executed
68 * behind the same serializer are strictly serialized. So if one thread calls
69 * serializer_enter(serializer, foo, mp1, arg1); and another thread calls
70 * serializer_enter(serializer, bar, mp2, arg1); then (depending on which one
71 * was called) the actual sequence will be foo(mp1, arg1); bar(mp1, arg2) or
72 * bar(mp1, arg2); foo(mp1, arg1); But foo() and bar() will never run at the
73 * same time.
74 *
75 * Connectionless transport use a single serializer per transport type (one for
76 * TLI and one for sockets. Connection-oriented transports use finer-grained
77 * serializers.
78 *
79 * All COTS-type endpoints start their life with private serializers. During
80 * connection request processing the endpoint serializer is switched to the
81 * listener's serializer and the rest of T_CONN_REQ processing is done on the
82 * listener serializer. During T_CONN_RES processing the eager serializer is
83 * switched from listener to acceptor serializer and after that point all
84 * processing for eager and acceptor happens on this serializer. To avoid races
85 * with endpoint closes while its serializer may be changing closes are blocked
86 * while serializers are manipulated.
87 *
88 * References accounting
89 * ---------------------
90 *
91 * Endpoints are reference counted and freed when the last reference is
92 * dropped. Functions within the serializer may access an endpoint state even
93 * after an endpoint closed. The te_closing being set on the endpoint indicates
94 * that the endpoint entered its close routine.
95 *
96 * One reference is held for each opened endpoint instance. The reference
97 * counter is incremented when the endpoint is linked to another endpoint and
98 * decremented when the link disappears. It is also incremented when the
99 * endpoint is found by the hash table lookup. This increment is atomic with the
100 * lookup itself and happens while the hash table read lock is held.
101 *
102 * Close synchronization
103 * ---------------------
104 *
105 * During close the endpoint as marked as closing using te_closing flag. It is
106 * usually enough to check for te_closing flag since all other state changes
107 * happen after this flag is set and the close entered serializer. Immediately
108 * after setting te_closing flag tl_close() enters serializer and waits until
109 * the callback finishes. This allows all functions called within serializer to
110 * simply check te_closing without any locks.
111 *
112 * Serializer management.
113 * ---------------------
114 *
115 * For COTS transports serializers are created when the endpoint is constructed
116 * and destroyed when the endpoint is destructed. CLTS transports use global
117 * serializers - one for sockets and one for TLI.
118 *
119 * COTS serializers have separate reference counts to deal with several
120 * endpoints sharing the same serializer. There is a subtle problem related to
121 * the serializer destruction. The serializer should never be destroyed by any
122 * function executed inside serializer. This means that close has to wait till
123 * all serializer activity for this endpoint is finished before it can drop the
124 * last reference on the endpoint (which may as well free the serializer). This
125 * is only relevant for COTS transports which manage serializers
126 * dynamically. For CLTS transports close may complete without waiting for all
127 * serializer activity to finish since serializer is only destroyed at driver
128 * detach time.
129 *
130 * COTS endpoints keep track of the number of outstanding requests on the
131 * serializer for the endpoint. The code handling accept() avoids changing
132 * client serializer if it has any pending messages on the serializer and
133 * instead moves acceptor to listener's serializer.
134 *
135 *
136 * Use of hash tables
137 * ------------------
138 *
139 * The driver uses modhash hash table implementation. Each transport uses two
140 * hash tables - one for finding endpoints by acceptor ID and another one for
141 * finding endpoints by address. For sockets TICOTS and TICOTSORD share the same
142 * pair of hash tables since sockets only use TICOTSORD.
143 *
144 * All hash tables lookups increment a reference count for returned endpoints,
145 * so we may safely check the endpoint state even when the endpoint is removed
146 * from the hash by another thread immediately after it is found.
147 *
148 *
149 * CLOSE processing
150 * ================
151 *
152 * The driver enters serializer twice on close(). The close sequence is the
153 * following:
154 *
155 * 1) Wait until closing is safe (te_closewait becomes zero)
156 * This step is needed to prevent close during serializer switches. In most
157 * cases (close happening after connection establishment) te_closewait is
158 * zero.
159 * 1) Set te_closing.
160 * 2) Call tl_close_ser() within serializer and wait for it to complete.
161 *
162 * te_close_ser simply marks endpoint and wakes up waiting tl_close().
163 * It also needs to clear write-side q_next pointers - this should be done
164 * before qprocsoff().
165 *
166 * This synchronous serializer entry during close is needed to ensure that
167 * the queue is valid everywhere inside the serializer.
168 *
169 * Note that in many cases close will execute tl_close_ser() synchronously,
170 * so it will not wait at all.
171 *
172 * 3) Calls qprocsoff().
173 * 4) Calls tl_close_finish_ser() within the serializer and waits for it to
174 * complete (for COTS transports). For CLTS transport there is no wait.
175 *
176 * tl_close_finish_ser() Finishes the close process and wakes up waiting
177 * close if there is any.
178 *
179 * Note that in most cases close will enter te_close_ser_finish()
180 * synchronously and will not wait at all.
181 *
182 *
183 * Flow Control
184 * ============
185 *
186 * The driver implements both read and write side service routines. No one calls
187 * putq() on the read queue. The read side service routine tl_rsrv() is called
188 * when the read side stream is back-enabled. It enters serializer synchronously
189 * (waits till serializer processing is complete). Within serializer it
190 * back-enables all endpoints blocked by the queue for connection-less
191 * transports and enables write side service processing for the peer for
192 * connection-oriented transports.
193 *
194 * Read and write side service routines use special mblk_sized space in the
195 * endpoint structure to enter perimeter.
196 *
197 * Write-side flow control
198 * -----------------------
199 *
200 * Write side flow control is a bit tricky. The driver needs to deal with two
201 * message queues - the explicit STREAMS message queue maintained by
202 * putq()/getq()/putbq() and the implicit queue within the serializer. These two
203 * queues should be synchronized to preserve message ordering and should
204 * maintain a single order determined by the order in which messages enter
205 * tl_wput(). In order to maintain the ordering between these two queues the
206 * STREAMS queue is only manipulated within the serializer, so the ordering is
207 * provided by the serializer.
208 *
209 * Functions called from the tl_wsrv() sometimes may call putbq(). To
210 * immediately stop any further processing of the STREAMS message queues the
211 * code calling putbq() also sets the te_nowsrv flag in the endpoint. The write
212 * side service processing stops when the flag is set.
213 *
214 * The tl_wsrv() function enters serializer synchronously and waits for it to
215 * complete. The serializer call-back tl_wsrv_ser() either drains all messages
216 * on the STREAMS queue or terminates when it notices the te_nowsrv flag
217 * set. Note that the maximum amount of messages processed by tl_wput_ser() is
218 * always bounded by the amount of messages on the STREAMS queue at the time
219 * tl_wsrv_ser() is entered. Any new messages may only appear on the STREAMS
220 * queue from another serialized entry which can't happen in parallel. This
221 * guarantees that tl_wput_ser() is complete in bounded time (there is no risk
222 * of it draining forever while writer places new messages on the STREAMS
223 * queue).
224 *
225 * Note that a closing endpoint never sets te_nowsrv and never calls putbq().
226 *
227 *
228 * Unix Domain Sockets
229 * ===================
230 *
231 * The driver knows the structure of Unix Domain sockets addresses and treats
232 * them differently from generic TLI addresses. For sockets implicit binds are
233 * requested by setting SOU_MAGIC_IMPLICIT in the soua_magic part of the address
234 * instead of using address length of zero. Explicit binds specify
235 * SOU_MAGIC_EXPLICIT as magic.
236 *
237 * For implicit binds we always use minor number as soua_vp part of the address
238 * and avoid any hash table lookups. This saves two hash tables lookups per
239 * anonymous bind.
240 *
241 * For explicit address we hash the vnode pointer instead of hashing the
242 * full-scale address+zone+length. Hashing by pointer is more efficient then
243 * hashing by the full address.
244 *
245 * For unix domain sockets the te_ap is always pointing to te_uxaddr part of the
246 * tep structure, so it should be never freed.
247 *
248 * Also for sockets the driver always uses minor number as acceptor id.
249 *
250 * TPI VIOLATIONS
251 * --------------
252 *
253 * This driver violates TPI in several respects for Unix Domain Sockets:
254 *
255 * 1) It treats O_T_BIND_REQ as T_BIND_REQ and refuses bind if an explicit bind
256 * is requested and the endpoint is already in use. There is no point in
257 * generating an unused address since this address will be rejected by
258 * sockfs anyway. For implicit binds it always generates a new address
259 * (sets soua_vp to its minor number).
260 *
261 * 2) It always uses minor number as acceptor ID and never uses queue
262 * pointer. It is ok since sockets get acceptor ID from T_CAPABILITY_REQ
263 * message and they do not use the queue pointer.
264 *
265 * 3) For Listener sockets the usual sequence is to issue bind() zero backlog
266 * followed by listen(). The listen() should be issued with non-zero
267 * backlog, so sotpi_listen() issues unbind request followed by bind
268 * request to the same address but with a non-zero qlen value. Both
269 * tl_bind() and tl_unbind() require write lock on the hash table to
270 * insert/remove the address. The driver does not remove the address from
271 * the hash for endpoints that are bound to the explicit address and have
272 * backlog of zero. During T_BIND_REQ processing if the address requested
273 * is equal to the address the endpoint already has it updates the backlog
274 * without reinserting the address in the hash table. This optimization
275 * avoids two hash table updates for each listener created. It always
276 * avoids the problem of a "stolen" address when another listener may use
277 * the same address between the unbind and bind and suddenly listen() fails
278 * because address is in use even though the bind() succeeded.
279 *
280 *
281 * CONNECTIONLESS TRANSPORTS
282 * =========================
283 *
284 * Connectionless transports all share the same serializer (one for TLI and one
285 * for Sockets). Functions executing behind serializer can check or modify state
286 * of any endpoint.
287 *
288 * When endpoint X talks to another endpoint Y it caches the pointer to Y in the
289 * te_lastep field. The next time X talks to some address A it checks whether A
290 * is the same as Y's address and if it is there is no need to lookup Y. If the
291 * address is different or the state of Y is not appropriate (e.g. closed or not
292 * idle) X does a lookup using tl_find_peer() and caches the new address.
293 * NOTE: tl_find_peer() never returns closing endpoint and it places a refhold
294 * on the endpoint found.
295 *
296 * During close of endpoint Y it doesn't try to remove itself from other
297 * endpoints caches. They will detect that Y is gone and will search the peer
298 * endpoint again.
299 *
300 * Flow Control Handling.
301 * ----------------------
302 *
303 * Each connectionless endpoint keeps a list of endpoints which are
304 * flow-controlled by its queue. It also keeps a pointer to the queue which
305 * flow-controls itself. Whenever flow control releases for endpoint X it
306 * enables all queues from the list. During close it also back-enables everyone
307 * in the list. If X is flow-controlled when it is closing it removes it from
308 * the peers list.
309 *
310 * DATA STRUCTURES
311 * ===============
312 *
313 * Each endpoint is represented by the tl_endpt_t structure which keeps all the
314 * endpoint state. For connection-oriented transports it has a keeps a list
315 * of pending connections (tl_icon_t). For connectionless transports it keeps a
316 * list of endpoints flow controlled by this one.
317 *
318 * Each transport type is represented by a per-transport data structure
319 * tl_transport_state_t. It contains a pointer to an acceptor ID hash and the
320 * endpoint address hash tables for each transport. It also contains pointer to
321 * transport serializer for connectionless transports.
322 *
323 * Each endpoint keeps a link to its transport structure, so the code can find
324 * all per-transport information quickly.
325 */
326
327 #include <sys/types.h>
328 #include <sys/inttypes.h>
329 #include <sys/stream.h>
330 #include <sys/stropts.h>
331 #define _SUN_TPI_VERSION 2
332 #include <sys/tihdr.h>
333 #include <sys/strlog.h>
334 #include <sys/debug.h>
335 #include <sys/cred.h>
336 #include <sys/errno.h>
337 #include <sys/kmem.h>
338 #include <sys/id_space.h>
339 #include <sys/modhash.h>
340 #include <sys/mkdev.h>
341 #include <sys/tl.h>
342 #include <sys/stat.h>
343 #include <sys/conf.h>
344 #include <sys/modctl.h>
345 #include <sys/strsun.h>
346 #include <sys/socket.h>
347 #include <sys/socketvar.h>
348 #include <sys/sysmacros.h>
349 #include <sys/xti_xtiopt.h>
350 #include <sys/ddi.h>
351 #include <sys/sunddi.h>
352 #include <sys/zone.h>
353 #include <inet/common.h> /* typedef int (*pfi_t)() for inet/optcom.h */
354 #include <inet/optcom.h>
355 #include <sys/strsubr.h>
356 #include <sys/ucred.h>
357 #include <sys/suntpi.h>
358 #include <sys/list.h>
359 #include <sys/serializer.h>
360
361 /*
362 * TBD List
363 * 14 Eliminate state changes through table
364 * 16. AF_UNIX socket options
365 * 17. connect() for ticlts
366 * 18. support for "netstat" to show AF_UNIX plus TLI local
367 * transport connections
368 * 21. sanity check to flushing on sending M_ERROR
369 */
370
371 /*
372 * CONSTANT DECLARATIONS
373 * --------------------
374 */
375
376 /*
377 * Local declarations
378 */
379 #define BADSEQNUM (-1) /* initial seq number used by T_DISCON_IND */
380 #define TL_BUFWAIT (10000) /* usecs to wait for allocb buffer timeout */
381 #define TL_TIDUSZ (64*1024) /* tidu size when "strmsgz" is unlimited (0) */
382 /*
383 * Hash tables size.
384 */
385 #define TL_HASH_SIZE 311
386
387 /*
388 * Definitions for module_info
389 */
390 #define TL_ID (104) /* module ID number */
391 #define TL_NAME "tl" /* module name */
392 #define TL_MINPSZ (0) /* min packet size */
393 #define TL_MAXPSZ INFPSZ /* max packet size ZZZ */
394 #define TL_HIWAT (16*1024) /* hi water mark */
395 #define TL_LOWAT (256) /* lo water mark */
396 /*
397 * Definition of minor numbers/modes for new transport provider modes.
398 * We view the socket use as a separate mode to get a separate name space.
399 */
400 #define TL_TICOTS 0 /* connection oriented transport */
401 #define TL_TICOTSORD 1 /* COTS w/ orderly release */
402 #define TL_TICLTS 2 /* connectionless transport */
403 #define TL_UNUSED 3
404 #define TL_SOCKET 4 /* Socket */
405 #define TL_SOCK_COTS (TL_SOCKET | TL_TICOTS)
406 #define TL_SOCK_COTSORD (TL_SOCKET | TL_TICOTSORD)
407 #define TL_SOCK_CLTS (TL_SOCKET | TL_TICLTS)
408
409 #define TL_MINOR_MASK 0x7
410 #define TL_MINOR_START (TL_TICLTS + 1)
411
412 /*
413 * LOCAL MACROS
414 */
415 #define T_ALIGN(p) P2ROUNDUP((p), sizeof (t_scalar_t))
416
417 /*
418 * STREAMS DRIVER ENTRY POINTS PROTOTYPES
419 */
420 static int tl_open(queue_t *, dev_t *, int, int, cred_t *);
421 static int tl_close(queue_t *, int, cred_t *);
422 static int tl_wput(queue_t *, mblk_t *);
423 static int tl_wsrv(queue_t *);
424 static int tl_rsrv(queue_t *);
425
426 static int tl_attach(dev_info_t *, ddi_attach_cmd_t);
427 static int tl_detach(dev_info_t *, ddi_detach_cmd_t);
428 static int tl_info(dev_info_t *, ddi_info_cmd_t, void *, void **);
429
430
431 /*
432 * GLOBAL DATA STRUCTURES AND VARIABLES
433 * -----------------------------------
434 */
435
436 /*
437 * Table representing database of all options managed by T_SVR4_OPTMGMT_REQ
438 * For now, we only manage the SO_RECVUCRED option but we also have
439 * harmless dummy options to make things work with some common code we access.
440 */
441 opdes_t tl_opt_arr[] = {
442 /* The SO_TYPE is needed for the hack below */
443 {
444 SO_TYPE,
445 SOL_SOCKET,
446 OA_R,
447 OA_R,
448 OP_NP,
449 0,
450 sizeof (t_scalar_t),
451 0
452 },
453 {
454 SO_RECVUCRED,
455 SOL_SOCKET,
456 OA_RW,
457 OA_RW,
458 OP_NP,
459 0,
460 sizeof (int),
461 0
462 }
463 };
464
465 /*
466 * Table of all supported levels
467 * Note: Some levels (e.g. XTI_GENERIC) may be valid but may not have
468 * any supported options so we need this info separately.
469 *
470 * This is needed only for topmost tpi providers.
471 */
472 optlevel_t tl_valid_levels_arr[] = {
473 XTI_GENERIC,
474 SOL_SOCKET,
475 TL_PROT_LEVEL
476 };
477
478 #define TL_VALID_LEVELS_CNT A_CNT(tl_valid_levels_arr)
479 /*
480 * Current upper bound on the amount of space needed to return all options.
481 * Additional options with data size of sizeof(long) are handled automatically.
482 * Others need hand job.
483 */
484 #define TL_MAX_OPT_BUF_LEN \
485 ((A_CNT(tl_opt_arr) << 2) + \
486 (A_CNT(tl_opt_arr) * sizeof (struct opthdr)) + \
487 + 64 + sizeof (struct T_optmgmt_ack))
488
489 #define TL_OPT_ARR_CNT A_CNT(tl_opt_arr)
490
491 /*
492 * transport addr structure
493 */
494 typedef struct tl_addr {
495 zoneid_t ta_zoneid; /* Zone scope of address */
496 t_scalar_t ta_alen; /* length of abuf */
497 void *ta_abuf; /* the addr itself */
498 } tl_addr_t;
499
500 /*
501 * Refcounted version of serializer.
502 */
503 typedef struct tl_serializer {
504 uint_t ts_refcnt;
505 serializer_t *ts_serializer;
506 } tl_serializer_t;
507
508 /*
509 * Each transport type has a separate state.
510 * Per-transport state.
511 */
512 typedef struct tl_transport_state {
513 char *tr_name;
514 minor_t tr_minor;
515 uint32_t tr_defaddr;
516 mod_hash_t *tr_ai_hash;
517 mod_hash_t *tr_addr_hash;
518 tl_serializer_t *tr_serializer;
519 } tl_transport_state_t;
520
521 #define TL_DFADDR 0x1000
522
523 static tl_transport_state_t tl_transports[] = {
524 { "ticots", TL_TICOTS, TL_DFADDR, NULL, NULL, NULL },
525 { "ticotsord", TL_TICOTSORD, TL_DFADDR, NULL, NULL, NULL },
526 { "ticlts", TL_TICLTS, TL_DFADDR, NULL, NULL, NULL },
527 { "undefined", TL_UNUSED, TL_DFADDR, NULL, NULL, NULL },
528 { "sticots", TL_SOCK_COTS, TL_DFADDR, NULL, NULL, NULL },
529 { "sticotsord", TL_SOCK_COTSORD, TL_DFADDR, NULL, NULL },
530 { "sticlts", TL_SOCK_CLTS, TL_DFADDR, NULL, NULL, NULL }
531 };
532
533 #define TL_MAXTRANSPORT A_CNT(tl_transports)
534
535 struct tl_endpt;
536 typedef struct tl_endpt tl_endpt_t;
537
538 typedef void (tlproc_t)(mblk_t *, tl_endpt_t *);
539
540 /*
541 * Data structure used to represent pending connects.
542 * Records enough information so that the connecting peer can close
543 * before the connection gets accepted.
544 */
545 typedef struct tl_icon {
546 list_node_t ti_node;
547 struct tl_endpt *ti_tep; /* NULL if peer has already closed */
548 mblk_t *ti_mp; /* b_next list of data + ordrel_ind */
549 t_scalar_t ti_seqno; /* Sequence number */
550 } tl_icon_t;
551
552 typedef struct so_ux_addr soux_addr_t;
553 #define TL_SOUX_ADDRLEN sizeof (soux_addr_t)
554
555 /*
556 * Maximum number of unaccepted connection indications allowed per listener.
557 */
558 #define TL_MAXQLEN 4096
559 int tl_maxqlen = TL_MAXQLEN;
560
561 /*
562 * transport endpoint structure
563 */
564 struct tl_endpt {
565 queue_t *te_rq; /* stream read queue */
566 queue_t *te_wq; /* stream write queue */
567 uint32_t te_refcnt;
568 int32_t te_state; /* TPI state of endpoint */
569 minor_t te_minor; /* minor number */
570 #define te_seqno te_minor
571 uint_t te_flag; /* flag field */
572 boolean_t te_nowsrv;
573 tl_serializer_t *te_ser; /* Serializer to use */
574 #define te_serializer te_ser->ts_serializer
575
576 soux_addr_t te_uxaddr; /* Socket address */
577 #define te_magic te_uxaddr.soua_magic
578 #define te_vp te_uxaddr.soua_vp
579 tl_addr_t te_ap; /* addr bound to this endpt */
580 #define te_zoneid te_ap.ta_zoneid
581 #define te_alen te_ap.ta_alen
582 #define te_abuf te_ap.ta_abuf
583
584 tl_transport_state_t *te_transport;
585 #define te_addrhash te_transport->tr_addr_hash
586 #define te_aihash te_transport->tr_ai_hash
587 #define te_defaddr te_transport->tr_defaddr
588 cred_t *te_credp; /* endpoint user credentials */
589 mod_hash_hndl_t te_hash_hndl; /* Handle for address hash */
590
591 /*
592 * State specific for connection-oriented and connectionless transports.
593 */
594 union {
595 /* Connection-oriented state. */
596 struct {
597 t_uscalar_t _te_nicon; /* count of conn requests */
598 t_uscalar_t _te_qlen; /* max conn requests */
599 tl_endpt_t *_te_oconp; /* conn request pending */
600 tl_endpt_t *_te_conp; /* connected endpt */
601 #ifndef _ILP32
602 void *_te_pad;
603 #endif
604 list_t _te_iconp; /* list of conn ind. pending */
605 } _te_cots_state;
606 /* Connection-less state. */
607 struct {
608 tl_endpt_t *_te_lastep; /* last dest. endpoint */
609 tl_endpt_t *_te_flowq; /* flow controlled on whom */
610 list_node_t _te_flows; /* lists of connections */
611 list_t _te_flowlist; /* Who flowcontrols on me */
612 } _te_clts_state;
613 } _te_transport_state;
614 #define te_nicon _te_transport_state._te_cots_state._te_nicon
615 #define te_qlen _te_transport_state._te_cots_state._te_qlen
616 #define te_oconp _te_transport_state._te_cots_state._te_oconp
617 #define te_conp _te_transport_state._te_cots_state._te_conp
618 #define te_iconp _te_transport_state._te_cots_state._te_iconp
619 #define te_lastep _te_transport_state._te_clts_state._te_lastep
620 #define te_flowq _te_transport_state._te_clts_state._te_flowq
621 #define te_flowlist _te_transport_state._te_clts_state._te_flowlist
622 #define te_flows _te_transport_state._te_clts_state._te_flows
623
624 bufcall_id_t te_bufcid; /* outstanding bufcall id */
625 timeout_id_t te_timoutid; /* outstanding timeout id */
626 pid_t te_cpid; /* cached pid of endpoint */
627 t_uscalar_t te_acceptor_id; /* acceptor id for T_CONN_RES */
628 /*
629 * Pieces of the endpoint state needed for closing.
630 */
631 kmutex_t te_closelock;
632 kcondvar_t te_closecv;
633 uint8_t te_closing; /* The endpoint started closing */
634 uint8_t te_closewait; /* Wait in close until zero */
635 mblk_t te_closemp; /* for entering serializer on close */
636 mblk_t te_rsrvmp; /* for entering serializer on rsrv */
637 mblk_t te_wsrvmp; /* for entering serializer on wsrv */
638 kmutex_t te_srv_lock;
639 kcondvar_t te_srv_cv;
640 uint8_t te_rsrv_active; /* Running in tl_rsrv() */
641 uint8_t te_wsrv_active; /* Running in tl_wsrv() */
642 /*
643 * Pieces of the endpoint state needed for serializer transitions.
644 */
645 kmutex_t te_ser_lock; /* Protects the count below */
646 uint_t te_ser_count; /* Number of messages on serializer */
647 };
648
649 /*
650 * Flag values. Lower 4 bits specify that transport used.
651 * TL_LISTENER, TL_ACCEPTOR, TL_ACCEPTED and TL_EAGER are for debugging only,
652 * they allow to identify the endpoint more easily.
653 */
654 #define TL_LISTENER 0x00010 /* the listener endpoint */
655 #define TL_ACCEPTOR 0x00020 /* the accepting endpoint */
656 #define TL_EAGER 0x00040 /* connecting endpoint */
657 #define TL_ACCEPTED 0x00080 /* accepted connection */
658 #define TL_SETCRED 0x00100 /* flag to indicate sending of credentials */
659 #define TL_SETUCRED 0x00200 /* flag to indicate sending of ucred */
660 #define TL_SOCKUCRED 0x00400 /* flag to indicate sending of SCM_UCRED */
661 #define TL_ADDRHASHED 0x01000 /* Endpoint address is stored in te_addrhash */
662 #define TL_CLOSE_SER 0x10000 /* Endpoint close has entered the serializer */
663 /*
664 * Boolean checks for the endpoint type.
665 */
666 #define IS_CLTS(x) (((x)->te_flag & TL_TICLTS) != 0)
667 #define IS_COTS(x) (((x)->te_flag & TL_TICLTS) == 0)
668 #define IS_COTSORD(x) (((x)->te_flag & TL_TICOTSORD) != 0)
669 #define IS_SOCKET(x) (((x)->te_flag & TL_SOCKET) != 0)
670
671 /*
672 * Certain operations are always used together. These macros reduce the chance
673 * of missing a part of a combination.
674 */
675 #define TL_UNCONNECT(x) { tl_refrele(x); x = NULL; }
676 #define TL_REMOVE_PEER(x) { if ((x) != NULL) TL_UNCONNECT(x) }
677
678 #define TL_PUTBQ(x, mp) { \
679 ASSERT(!((x)->te_flag & TL_CLOSE_SER)); \
680 (x)->te_nowsrv = B_TRUE; \
681 (void) putbq((x)->te_wq, mp); \
682 }
683
684 #define TL_QENABLE(x) { (x)->te_nowsrv = B_FALSE; qenable((x)->te_wq); }
685 #define TL_PUTQ(x, mp) { (x)->te_nowsrv = B_FALSE; (void)putq((x)->te_wq, mp); }
686
687 /*
688 * STREAMS driver glue data structures.
689 */
690 static struct module_info tl_minfo = {
691 TL_ID, /* mi_idnum */
692 TL_NAME, /* mi_idname */
693 TL_MINPSZ, /* mi_minpsz */
694 TL_MAXPSZ, /* mi_maxpsz */
695 TL_HIWAT, /* mi_hiwat */
696 TL_LOWAT /* mi_lowat */
697 };
698
699 static struct qinit tl_rinit = {
700 NULL, /* qi_putp */
701 tl_rsrv, /* qi_srvp */
702 tl_open, /* qi_qopen */
703 tl_close, /* qi_qclose */
704 NULL, /* qi_qadmin */
705 &tl_minfo, /* qi_minfo */
706 NULL /* qi_mstat */
707 };
708
709 static struct qinit tl_winit = {
710 tl_wput, /* qi_putp */
711 tl_wsrv, /* qi_srvp */
712 NULL, /* qi_qopen */
713 NULL, /* qi_qclose */
714 NULL, /* qi_qadmin */
715 &tl_minfo, /* qi_minfo */
716 NULL /* qi_mstat */
717 };
718
719 static struct streamtab tlinfo = {
720 &tl_rinit, /* st_rdinit */
721 &tl_winit, /* st_wrinit */
722 NULL, /* st_muxrinit */
723 NULL /* st_muxwrinit */
724 };
725
726 DDI_DEFINE_STREAM_OPS(tl_devops, nulldev, nulldev, tl_attach, tl_detach,
727 nulldev, tl_info, D_MP, &tlinfo, ddi_quiesce_not_supported);
728
729 static struct modldrv modldrv = {
730 &mod_driverops, /* Type of module -- pseudo driver here */
731 "TPI Local Transport (tl)",
732 &tl_devops, /* driver ops */
733 };
734
735 /*
736 * Module linkage information for the kernel.
737 */
738 static struct modlinkage modlinkage = {
739 MODREV_1,
740 &modldrv,
741 NULL
742 };
743
744 /*
745 * Templates for response to info request
746 * Check sanity of unlimited connect data etc.
747 */
748
749 #define TL_CLTS_PROVIDER_FLAG (XPG4_1 | SENDZERO)
750 #define TL_COTS_PROVIDER_FLAG (XPG4_1 | SENDZERO)
751
752 static struct T_info_ack tl_cots_info_ack =
753 {
754 T_INFO_ACK, /* PRIM_type -always T_INFO_ACK */
755 T_INFINITE, /* TSDU size */
756 T_INFINITE, /* ETSDU size */
757 T_INFINITE, /* CDATA_size */
758 T_INFINITE, /* DDATA_size */
759 T_INFINITE, /* ADDR_size */
760 T_INFINITE, /* OPT_size */
761 0, /* TIDU_size - fill at run time */
762 T_COTS, /* SERV_type */
763 -1, /* CURRENT_state */
764 TL_COTS_PROVIDER_FLAG /* PROVIDER_flag */
765 };
766
767 static struct T_info_ack tl_clts_info_ack =
768 {
769 T_INFO_ACK, /* PRIM_type - always T_INFO_ACK */
770 0, /* TSDU_size - fill at run time */
771 -2, /* ETSDU_size -2 => not supported */
772 -2, /* CDATA_size -2 => not supported */
773 -2, /* DDATA_size -2 => not supported */
774 -1, /* ADDR_size -1 => infinite */
775 -1, /* OPT_size */
776 0, /* TIDU_size - fill at run time */
777 T_CLTS, /* SERV_type */
778 -1, /* CURRENT_state */
779 TL_CLTS_PROVIDER_FLAG /* PROVIDER_flag */
780 };
781
782 /*
783 * private copy of devinfo pointer used in tl_info
784 */
785 static dev_info_t *tl_dip;
786
787 /*
788 * Endpoints cache.
789 */
790 static kmem_cache_t *tl_cache;
791 /*
792 * Minor number space.
793 */
794 static id_space_t *tl_minors;
795
796 /*
797 * Default Data Unit size.
798 */
799 static t_scalar_t tl_tidusz;
800
801 /*
802 * Size of hash tables.
803 */
804 static size_t tl_hash_size = TL_HASH_SIZE;
805
806 /*
807 * Debug and test variable ONLY. Turn off T_CONN_IND queueing
808 * for sockets.
809 */
810 static int tl_disable_early_connect = 0;
811 static int tl_client_closing_when_accepting;
812
813 static int tl_serializer_noswitch;
814
815 #define nr 127 /* not reachable */
816
817 #define TE_NOEVENTS 28
818
819 static char nextstate[TE_NOEVENTS][TS_NOSTATES] = {
820 /* STATES */
821 /* 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 */
822
823 /* Initialization events */
824
825 #define TE_BIND_REQ 0 /* bind request */
826 { 1, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr},
827 #define TE_UNBIND_REQ 1 /* unbind request */
828 {nr, nr, nr, 2, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr},
829 #define TE_OPTMGMT_REQ 2 /* manage options req */
830 {nr, nr, nr, 4, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr},
831 #define TE_BIND_ACK 3 /* bind acknowledment */
832 {nr, 3, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr},
833 #define TE_OPTMGMT_ACK 4 /* manage options ack */
834 {nr, nr, nr, nr, 3, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr},
835 #define TE_ERROR_ACK 5 /* error acknowledgment */
836 {nr, 0, 3, nr, 3, 3, nr, nr, 7, nr, nr, nr, 6, 7, 9, 10, 11},
837 #define TE_OK_ACK1 6 /* ok ack seqcnt == 0 */
838 {nr, nr, 0, nr, nr, 6, nr, nr, nr, nr, nr, nr, 3, nr, 3, 3, 3},
839 #define TE_OK_ACK2 7 /* ok ack seqcnt == 1, q == resq */
840 {nr, nr, nr, nr, nr, nr, nr, nr, 9, nr, nr, nr, nr, 3, nr, nr, nr},
841 #define TE_OK_ACK3 8 /* ok ack seqcnt == 1, q != resq */
842 {nr, nr, nr, nr, nr, nr, nr, nr, 3, nr, nr, nr, nr, 3, nr, nr, nr},
843 #define TE_OK_ACK4 9 /* ok ack seqcnt > 1 */
844 {nr, nr, nr, nr, nr, nr, nr, nr, 7, nr, nr, nr, nr, 7, nr, nr, nr},
845
846 /* Connection oriented events */
847 #define TE_CONN_REQ 10 /* connection request */
848 {nr, nr, nr, 5, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr},
849 #define TE_CONN_RES 11 /* connection response */
850 {nr, nr, nr, nr, nr, nr, nr, 8, nr, nr, nr, nr, nr, nr, nr, nr, nr},
851 #define TE_DISCON_REQ 12 /* disconnect request */
852 {nr, nr, nr, nr, nr, nr, 12, 13, nr, 14, 15, 16, nr, nr, nr, nr, nr},
853 #define TE_DATA_REQ 13 /* data request */
854 {nr, nr, nr, nr, nr, nr, nr, nr, nr, 9, nr, 11, nr, nr, nr, nr, nr},
855 #define TE_EXDATA_REQ 14 /* expedited data request */
856 {nr, nr, nr, nr, nr, nr, nr, nr, nr, 9, nr, 11, nr, nr, nr, nr, nr},
857 #define TE_ORDREL_REQ 15 /* orderly release req */
858 {nr, nr, nr, nr, nr, nr, nr, nr, nr, 10, nr, 3, nr, nr, nr, nr, nr},
859 #define TE_CONN_IND 16 /* connection indication */
860 {nr, nr, nr, 7, nr, nr, nr, 7, nr, nr, nr, nr, nr, nr, nr, nr, nr},
861 #define TE_CONN_CON 17 /* connection confirmation */
862 {nr, nr, nr, nr, nr, nr, 9, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr},
863 #define TE_DATA_IND 18 /* data indication */
864 {nr, nr, nr, nr, nr, nr, nr, nr, nr, 9, 10, nr, nr, nr, nr, nr, nr},
865 #define TE_EXDATA_IND 19 /* expedited data indication */
866 {nr, nr, nr, nr, nr, nr, nr, nr, nr, 9, 10, nr, nr, nr, nr, nr, nr},
867 #define TE_ORDREL_IND 20 /* orderly release ind */
868 {nr, nr, nr, nr, nr, nr, nr, nr, nr, 11, 3, nr, nr, nr, nr, nr, nr},
869 #define TE_DISCON_IND1 21 /* disconnect indication seq == 0 */
870 {nr, nr, nr, nr, nr, nr, 3, nr, nr, 3, 3, 3, nr, nr, nr, nr, nr},
871 #define TE_DISCON_IND2 22 /* disconnect indication seq == 1 */
872 {nr, nr, nr, nr, nr, nr, nr, 3, nr, nr, nr, nr, nr, nr, nr, nr, nr},
873 #define TE_DISCON_IND3 23 /* disconnect indication seq > 1 */
874 {nr, nr, nr, nr, nr, nr, nr, 7, nr, nr, nr, nr, nr, nr, nr, nr, nr},
875 #define TE_PASS_CONN 24 /* pass connection */
876 {nr, nr, nr, 9, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr},
877
878
879 /* Unit data events */
880
881 #define TE_UNITDATA_REQ 25 /* unitdata request */
882 {nr, nr, nr, 3, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr},
883 #define TE_UNITDATA_IND 26 /* unitdata indication */
884 {nr, nr, nr, 3, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr},
885 #define TE_UDERROR_IND 27 /* unitdata error indication */
886 {nr, nr, nr, 3, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr, nr},
887 };
888
889
890
891 /*
892 * LOCAL FUNCTION PROTOTYPES
893 * -------------------------
894 */
895 static boolean_t tl_eqaddr(tl_addr_t *, tl_addr_t *);
896 static void tl_do_proto(mblk_t *, tl_endpt_t *);
897 static void tl_do_ioctl(mblk_t *, tl_endpt_t *);
898 static void tl_do_ioctl_ser(mblk_t *, tl_endpt_t *);
899 static void tl_error_ack(queue_t *, mblk_t *, t_scalar_t, t_scalar_t,
900 t_scalar_t);
901 static void tl_bind(mblk_t *, tl_endpt_t *);
902 static void tl_bind_ser(mblk_t *, tl_endpt_t *);
903 static void tl_ok_ack(queue_t *, mblk_t *mp, t_scalar_t);
904 static void tl_unbind(mblk_t *, tl_endpt_t *);
905 static void tl_optmgmt(queue_t *, mblk_t *);
906 static void tl_conn_req(queue_t *, mblk_t *);
907 static void tl_conn_req_ser(mblk_t *, tl_endpt_t *);
908 static void tl_conn_res(mblk_t *, tl_endpt_t *);
909 static void tl_discon_req(mblk_t *, tl_endpt_t *);
910 static void tl_capability_req(mblk_t *, tl_endpt_t *);
911 static void tl_info_req_ser(mblk_t *, tl_endpt_t *);
912 static void tl_addr_req_ser(mblk_t *, tl_endpt_t *);
913 static void tl_info_req(mblk_t *, tl_endpt_t *);
914 static void tl_addr_req(mblk_t *, tl_endpt_t *);
915 static void tl_connected_cots_addr_req(mblk_t *, tl_endpt_t *);
916 static void tl_data(mblk_t *, tl_endpt_t *);
917 static void tl_exdata(mblk_t *, tl_endpt_t *);
918 static void tl_ordrel(mblk_t *, tl_endpt_t *);
919 static void tl_unitdata(mblk_t *, tl_endpt_t *);
920 static void tl_unitdata_ser(mblk_t *, tl_endpt_t *);
921 static void tl_uderr(queue_t *, mblk_t *, t_scalar_t);
922 static tl_endpt_t *tl_find_peer(tl_endpt_t *, tl_addr_t *);
923 static tl_endpt_t *tl_sock_find_peer(tl_endpt_t *, struct so_ux_addr *);
924 static boolean_t tl_get_any_addr(tl_endpt_t *, tl_addr_t *);
925 static void tl_cl_backenable(tl_endpt_t *);
926 static void tl_co_unconnect(tl_endpt_t *);
927 static mblk_t *tl_resizemp(mblk_t *, ssize_t);
928 static void tl_discon_ind(tl_endpt_t *, uint32_t);
929 static mblk_t *tl_discon_ind_alloc(uint32_t, t_scalar_t);
930 static mblk_t *tl_ordrel_ind_alloc(void);
931 static tl_icon_t *tl_icon_find(tl_endpt_t *, t_scalar_t);
932 static void tl_icon_queuemsg(tl_endpt_t *, t_scalar_t, mblk_t *);
933 static boolean_t tl_icon_hasprim(tl_endpt_t *, t_scalar_t, t_scalar_t);
934 static void tl_icon_sendmsgs(tl_endpt_t *, mblk_t **);
935 static void tl_icon_freemsgs(mblk_t **);
936 static void tl_merror(queue_t *, mblk_t *, int);
937 static void tl_fill_option(uchar_t *, cred_t *, pid_t, int, cred_t *);
938 static int tl_default_opt(queue_t *, int, int, uchar_t *);
939 static int tl_get_opt(queue_t *, int, int, uchar_t *);
940 static int tl_set_opt(queue_t *, uint_t, int, int, uint_t, uchar_t *, uint_t *,
941 uchar_t *, void *, cred_t *);
942 static void tl_memrecover(queue_t *, mblk_t *, size_t);
943 static void tl_freetip(tl_endpt_t *, tl_icon_t *);
944 static void tl_free(tl_endpt_t *);
945 static int tl_constructor(void *, void *, int);
946 static void tl_destructor(void *, void *);
947 static void tl_find_callback(mod_hash_key_t, mod_hash_val_t);
948 static tl_serializer_t *tl_serializer_alloc(int);
949 static void tl_serializer_refhold(tl_serializer_t *);
950 static void tl_serializer_refrele(tl_serializer_t *);
951 static void tl_serializer_enter(tl_endpt_t *, tlproc_t, mblk_t *);
952 static void tl_serializer_exit(tl_endpt_t *);
953 static boolean_t tl_noclose(tl_endpt_t *);
954 static void tl_closeok(tl_endpt_t *);
955 static void tl_refhold(tl_endpt_t *);
956 static void tl_refrele(tl_endpt_t *);
957 static int tl_hash_cmp_addr(mod_hash_key_t, mod_hash_key_t);
958 static uint_t tl_hash_by_addr(void *, mod_hash_key_t);
959 static void tl_close_ser(mblk_t *, tl_endpt_t *);
960 static void tl_close_finish_ser(mblk_t *, tl_endpt_t *);
961 static void tl_wput_data_ser(mblk_t *, tl_endpt_t *);
962 static void tl_proto_ser(mblk_t *, tl_endpt_t *);
963 static void tl_putq_ser(mblk_t *, tl_endpt_t *);
964 static void tl_wput_common_ser(mblk_t *, tl_endpt_t *);
965 static void tl_wput_ser(mblk_t *, tl_endpt_t *);
966 static void tl_wsrv_ser(mblk_t *, tl_endpt_t *);
967 static void tl_rsrv_ser(mblk_t *, tl_endpt_t *);
968 static void tl_addr_unbind(tl_endpt_t *);
969
970 /*
971 * Intialize option database object for TL
972 */
973
974 optdb_obj_t tl_opt_obj = {
975 tl_default_opt, /* TL default value function pointer */
976 tl_get_opt, /* TL get function pointer */
977 tl_set_opt, /* TL set function pointer */
978 TL_OPT_ARR_CNT, /* TL option database count of entries */
979 tl_opt_arr, /* TL option database */
980 TL_VALID_LEVELS_CNT, /* TL valid level count of entries */
981 tl_valid_levels_arr /* TL valid level array */
982 };
983
984 /*
985 * LOCAL FUNCTIONS AND DRIVER ENTRY POINTS
986 * ---------------------------------------
987 */
988
989 /*
990 * Loadable module routines
991 */
992 int
993 _init(void)
994 {
995 return (mod_install(&modlinkage));
996 }
997
998 int
999 _fini(void)
1000 {
1001 return (mod_remove(&modlinkage));
1002 }
1003
1004 int
1005 _info(struct modinfo *modinfop)
1006 {
1007 return (mod_info(&modlinkage, modinfop));
1008 }
1009
1010 /*
1011 * Driver Entry Points and Other routines
1012 */
1013 static int
1014 tl_attach(dev_info_t *devi, ddi_attach_cmd_t cmd)
1015 {
1016 int i;
1017 char name[32];
1018
1019 /*
1020 * Resume from a checkpoint state.
1021 */
1022 if (cmd == DDI_RESUME)
1023 return (DDI_SUCCESS);
1024
1025 if (cmd != DDI_ATTACH)
1026 return (DDI_FAILURE);
1027
1028 /*
1029 * Deduce TIDU size to use. Note: "strmsgsz" being 0 has semantics that
1030 * streams message sizes can be unlimited. We use a defined constant
1031 * instead.
1032 */
1033 tl_tidusz = strmsgsz != 0 ? (t_scalar_t)strmsgsz : TL_TIDUSZ;
1034
1035 /*
1036 * Create subdevices for each transport.
1037 */
1038 for (i = 0; i < TL_UNUSED; i++) {
1039 if (ddi_create_minor_node(devi,
1040 tl_transports[i].tr_name,
1041 S_IFCHR, tl_transports[i].tr_minor,
1042 DDI_PSEUDO, 0) == DDI_FAILURE) {
1043 ddi_remove_minor_node(devi, NULL);
1044 return (DDI_FAILURE);
1045 }
1046 }
1047
1048 tl_cache = kmem_cache_create("tl_cache", sizeof (tl_endpt_t),
1049 0, tl_constructor, tl_destructor, NULL, NULL, NULL, 0);
1050
1051 if (tl_cache == NULL) {
1052 ddi_remove_minor_node(devi, NULL);
1053 return (DDI_FAILURE);
1054 }
1055
1056 tl_minors = id_space_create("tl_minor_space",
1057 TL_MINOR_START, MAXMIN32 - TL_MINOR_START + 1);
1058
1059 /*
1060 * Create ID space for minor numbers
1061 */
1062 for (i = 0; i < TL_MAXTRANSPORT; i++) {
1063 tl_transport_state_t *t = &tl_transports[i];
1064
1065 if (i == TL_UNUSED)
1066 continue;
1067
1068 /* Socket COTSORD shares namespace with COTS */
1069 if (i == TL_SOCK_COTSORD) {
1070 t->tr_ai_hash =
1071 tl_transports[TL_SOCK_COTS].tr_ai_hash;
1072 ASSERT(t->tr_ai_hash != NULL);
1073 t->tr_addr_hash =
1074 tl_transports[TL_SOCK_COTS].tr_addr_hash;
1075 ASSERT(t->tr_addr_hash != NULL);
1076 continue;
1077 }
1078
1079 /*
1080 * Create hash tables.
1081 */
1082 (void) snprintf(name, sizeof (name), "%s_ai_hash",
1083 t->tr_name);
1084 #ifdef _ILP32
1085 if (i & TL_SOCKET)
1086 t->tr_ai_hash =
1087 mod_hash_create_idhash(name, tl_hash_size - 1,
1088 mod_hash_null_valdtor);
1089 else
1090 t->tr_ai_hash =
1091 mod_hash_create_ptrhash(name, tl_hash_size,
1092 mod_hash_null_valdtor, sizeof (queue_t));
1093 #else
1094 t->tr_ai_hash =
1095 mod_hash_create_idhash(name, tl_hash_size - 1,
1096 mod_hash_null_valdtor);
1097 #endif /* _ILP32 */
1098
1099 if (i & TL_SOCKET) {
1100 (void) snprintf(name, sizeof (name), "%s_sockaddr_hash",
1101 t->tr_name);
1102 t->tr_addr_hash = mod_hash_create_ptrhash(name,
1103 tl_hash_size, mod_hash_null_valdtor,
1104 sizeof (uintptr_t));
1105 } else {
1106 (void) snprintf(name, sizeof (name), "%s_addr_hash",
1107 t->tr_name);
1108 t->tr_addr_hash = mod_hash_create_extended(name,
1109 tl_hash_size, mod_hash_null_keydtor,
1110 mod_hash_null_valdtor,
1111 tl_hash_by_addr, NULL, tl_hash_cmp_addr, KM_SLEEP);
1112 }
1113
1114 /* Create serializer for connectionless transports. */
1115 if (i & TL_TICLTS)
1116 t->tr_serializer = tl_serializer_alloc(KM_SLEEP);
1117 }
1118
1119 tl_dip = devi;
1120
1121 return (DDI_SUCCESS);
1122 }
1123
1124 static int
1125 tl_detach(dev_info_t *devi, ddi_detach_cmd_t cmd)
1126 {
1127 int i;
1128
1129 if (cmd == DDI_SUSPEND)
1130 return (DDI_SUCCESS);
1131
1132 if (cmd != DDI_DETACH)
1133 return (DDI_FAILURE);
1134
1135 /*
1136 * Destroy arenas and hash tables.
1137 */
1138 for (i = 0; i < TL_MAXTRANSPORT; i++) {
1139 tl_transport_state_t *t = &tl_transports[i];
1140
1141 if ((i == TL_UNUSED) || (i == TL_SOCK_COTSORD))
1142 continue;
1143
1144 EQUIV(i & TL_TICLTS, t->tr_serializer != NULL);
1145 if (t->tr_serializer != NULL) {
1146 tl_serializer_refrele(t->tr_serializer);
1147 t->tr_serializer = NULL;
1148 }
1149
1150 #ifdef _ILP32
1151 if (i & TL_SOCKET)
1152 mod_hash_destroy_idhash(t->tr_ai_hash);
1153 else
1154 mod_hash_destroy_ptrhash(t->tr_ai_hash);
1155 #else
1156 mod_hash_destroy_idhash(t->tr_ai_hash);
1157 #endif /* _ILP32 */
1158 t->tr_ai_hash = NULL;
1159 if (i & TL_SOCKET)
1160 mod_hash_destroy_ptrhash(t->tr_addr_hash);
1161 else
1162 mod_hash_destroy_hash(t->tr_addr_hash);
1163 t->tr_addr_hash = NULL;
1164 }
1165
1166 kmem_cache_destroy(tl_cache);
1167 tl_cache = NULL;
1168 id_space_destroy(tl_minors);
1169 tl_minors = NULL;
1170 ddi_remove_minor_node(devi, NULL);
1171 return (DDI_SUCCESS);
1172 }
1173
1174 /* ARGSUSED */
1175 static int
1176 tl_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
1177 {
1178
1179 int retcode = DDI_FAILURE;
1180
1181 switch (infocmd) {
1182
1183 case DDI_INFO_DEVT2DEVINFO:
1184 if (tl_dip != NULL) {
1185 *result = (void *)tl_dip;
1186 retcode = DDI_SUCCESS;
1187 }
1188 break;
1189
1190 case DDI_INFO_DEVT2INSTANCE:
1191 *result = NULL;
1192 retcode = DDI_SUCCESS;
1193 break;
1194
1195 default:
1196 break;
1197 }
1198 return (retcode);
1199 }
1200
1201 /*
1202 * Endpoint reference management.
1203 */
1204 static void
1205 tl_refhold(tl_endpt_t *tep)
1206 {
1207 atomic_inc_32(&tep->te_refcnt);
1208 }
1209
1210 static void
1211 tl_refrele(tl_endpt_t *tep)
1212 {
1213 ASSERT(tep->te_refcnt != 0);
1214
1215 if (atomic_dec_32_nv(&tep->te_refcnt) == 0)
1216 tl_free(tep);
1217 }
1218
1219 /*ARGSUSED*/
1220 static int
1221 tl_constructor(void *buf, void *cdrarg, int kmflags)
1222 {
1223 tl_endpt_t *tep = buf;
1224
1225 bzero(tep, sizeof (tl_endpt_t));
1226 mutex_init(&tep->te_closelock, NULL, MUTEX_DEFAULT, NULL);
1227 cv_init(&tep->te_closecv, NULL, CV_DEFAULT, NULL);
1228 mutex_init(&tep->te_srv_lock, NULL, MUTEX_DEFAULT, NULL);
1229 cv_init(&tep->te_srv_cv, NULL, CV_DEFAULT, NULL);
1230 mutex_init(&tep->te_ser_lock, NULL, MUTEX_DEFAULT, NULL);
1231
1232 return (0);
1233 }
1234
1235 /*ARGSUSED*/
1236 static void
1237 tl_destructor(void *buf, void *cdrarg)
1238 {
1239 tl_endpt_t *tep = buf;
1240
1241 mutex_destroy(&tep->te_closelock);
1242 cv_destroy(&tep->te_closecv);
1243 mutex_destroy(&tep->te_srv_lock);
1244 cv_destroy(&tep->te_srv_cv);
1245 mutex_destroy(&tep->te_ser_lock);
1246 }
1247
1248 static void
1249 tl_free(tl_endpt_t *tep)
1250 {
1251 ASSERT(tep->te_refcnt == 0);
1252 ASSERT(tep->te_transport != NULL);
1253 ASSERT(tep->te_rq == NULL);
1254 ASSERT(tep->te_wq == NULL);
1255 ASSERT(tep->te_ser != NULL);
1256 ASSERT(tep->te_ser_count == 0);
1257 ASSERT(!(tep->te_flag & TL_ADDRHASHED));
1258
1259 if (IS_SOCKET(tep)) {
1260 ASSERT(tep->te_alen == TL_SOUX_ADDRLEN);
1261 ASSERT(tep->te_abuf == &tep->te_uxaddr);
1262 ASSERT(tep->te_vp == (void *)(uintptr_t)tep->te_minor);
1263 ASSERT(tep->te_magic == SOU_MAGIC_IMPLICIT);
1264 } else if (tep->te_abuf != NULL) {
1265 kmem_free(tep->te_abuf, tep->te_alen);
1266 tep->te_alen = -1; /* uninitialized */
1267 tep->te_abuf = NULL;
1268 } else {
1269 ASSERT(tep->te_alen == -1);
1270 }
1271
1272 id_free(tl_minors, tep->te_minor);
1273 ASSERT(tep->te_credp == NULL);
1274
1275 if (tep->te_hash_hndl != NULL)
1276 mod_hash_cancel(tep->te_addrhash, &tep->te_hash_hndl);
1277
1278 if (IS_COTS(tep)) {
1279 TL_REMOVE_PEER(tep->te_conp);
1280 TL_REMOVE_PEER(tep->te_oconp);
1281 tl_serializer_refrele(tep->te_ser);
1282 tep->te_ser = NULL;
1283 ASSERT(tep->te_nicon == 0);
1284 ASSERT(list_head(&tep->te_iconp) == NULL);
1285 } else {
1286 ASSERT(tep->te_lastep == NULL);
1287 ASSERT(list_head(&tep->te_flowlist) == NULL);
1288 ASSERT(tep->te_flowq == NULL);
1289 }
1290
1291 ASSERT(tep->te_bufcid == 0);
1292 ASSERT(tep->te_timoutid == 0);
1293 bzero(&tep->te_ap, sizeof (tep->te_ap));
1294 tep->te_acceptor_id = 0;
1295
1296 ASSERT(tep->te_closewait == 0);
1297 ASSERT(!tep->te_rsrv_active);
1298 ASSERT(!tep->te_wsrv_active);
1299 tep->te_closing = 0;
1300 tep->te_nowsrv = B_FALSE;
1301 tep->te_flag = 0;
1302
1303 kmem_cache_free(tl_cache, tep);
1304 }
1305
1306 /*
1307 * Allocate/free reference-counted wrappers for serializers.
1308 */
1309 static tl_serializer_t *
1310 tl_serializer_alloc(int flags)
1311 {
1312 tl_serializer_t *s = kmem_alloc(sizeof (tl_serializer_t), flags);
1313 serializer_t *ser;
1314
1315 if (s == NULL)
1316 return (NULL);
1317
1318 ser = serializer_create(flags);
1319
1320 if (ser == NULL) {
1321 kmem_free(s, sizeof (tl_serializer_t));
1322 return (NULL);
1323 }
1324
1325 s->ts_refcnt = 1;
1326 s->ts_serializer = ser;
1327 return (s);
1328 }
1329
1330 static void
1331 tl_serializer_refhold(tl_serializer_t *s)
1332 {
1333 atomic_inc_32(&s->ts_refcnt);
1334 }
1335
1336 static void
1337 tl_serializer_refrele(tl_serializer_t *s)
1338 {
1339 if (atomic_dec_32_nv(&s->ts_refcnt) == 0) {
1340 serializer_destroy(s->ts_serializer);
1341 kmem_free(s, sizeof (tl_serializer_t));
1342 }
1343 }
1344
1345 /*
1346 * Post a request on the endpoint serializer. For COTS transports keep track of
1347 * the number of pending requests.
1348 */
1349 static void
1350 tl_serializer_enter(tl_endpt_t *tep, tlproc_t tlproc, mblk_t *mp)
1351 {
1352 if (IS_COTS(tep)) {
1353 mutex_enter(&tep->te_ser_lock);
1354 tep->te_ser_count++;
1355 mutex_exit(&tep->te_ser_lock);
1356 }
1357 serializer_enter(tep->te_serializer, (srproc_t *)tlproc, mp, tep);
1358 }
1359
1360 /*
1361 * Complete processing the request on the serializer. Decrement the counter for
1362 * pending requests for COTS transports.
1363 */
1364 static void
1365 tl_serializer_exit(tl_endpt_t *tep)
1366 {
1367 if (IS_COTS(tep)) {
1368 mutex_enter(&tep->te_ser_lock);
1369 ASSERT(tep->te_ser_count != 0);
1370 tep->te_ser_count--;
1371 mutex_exit(&tep->te_ser_lock);
1372 }
1373 }
1374
1375 /*
1376 * Hash management functions.
1377 */
1378
1379 /*
1380 * Return TRUE if two addresses are equal, false otherwise.
1381 */
1382 static boolean_t
1383 tl_eqaddr(tl_addr_t *ap1, tl_addr_t *ap2)
1384 {
1385 return ((ap1->ta_alen > 0) &&
1386 (ap1->ta_alen == ap2->ta_alen) &&
1387 (ap1->ta_zoneid == ap2->ta_zoneid) &&
1388 (bcmp(ap1->ta_abuf, ap2->ta_abuf, ap1->ta_alen) == 0));
1389 }
1390
1391 /*
1392 * This function is called whenever an endpoint is found in the hash table.
1393 */
1394 /* ARGSUSED0 */
1395 static void
1396 tl_find_callback(mod_hash_key_t key, mod_hash_val_t val)
1397 {
1398 tl_refhold((tl_endpt_t *)val);
1399 }
1400
1401 /*
1402 * Address hash function.
1403 */
1404 /* ARGSUSED */
1405 static uint_t
1406 tl_hash_by_addr(void *hash_data, mod_hash_key_t key)
1407 {
1408 tl_addr_t *ap = (tl_addr_t *)key;
1409 size_t len = ap->ta_alen;
1410 uchar_t *p = ap->ta_abuf;
1411 uint_t i, g;
1412
1413 ASSERT((len > 0) && (p != NULL));
1414
1415 for (i = ap->ta_zoneid; len -- != 0; p++) {
1416 i = (i << 4) + (*p);
1417 if ((g = (i & 0xf0000000U)) != 0) {
1418 i ^= (g >> 24);
1419 i ^= g;
1420 }
1421 }
1422 return (i);
1423 }
1424
1425 /*
1426 * This function is used by hash lookups. It compares two generic addresses.
1427 */
1428 static int
1429 tl_hash_cmp_addr(mod_hash_key_t key1, mod_hash_key_t key2)
1430 {
1431 #ifdef DEBUG
1432 tl_addr_t *ap1 = (tl_addr_t *)key1;
1433 tl_addr_t *ap2 = (tl_addr_t *)key2;
1434
1435 ASSERT(key1 != NULL);
1436 ASSERT(key2 != NULL);
1437
1438 ASSERT(ap1->ta_abuf != NULL);
1439 ASSERT(ap2->ta_abuf != NULL);
1440 ASSERT(ap1->ta_alen > 0);
1441 ASSERT(ap2->ta_alen > 0);
1442 #endif
1443
1444 return (!tl_eqaddr((tl_addr_t *)key1, (tl_addr_t *)key2));
1445 }
1446
1447 /*
1448 * Prevent endpoint from closing if possible.
1449 * Return B_TRUE on success, B_FALSE on failure.
1450 */
1451 static boolean_t
1452 tl_noclose(tl_endpt_t *tep)
1453 {
1454 boolean_t rc = B_FALSE;
1455
1456 mutex_enter(&tep->te_closelock);
1457 if (!tep->te_closing) {
1458 ASSERT(tep->te_closewait == 0);
1459 tep->te_closewait++;
1460 rc = B_TRUE;
1461 }
1462 mutex_exit(&tep->te_closelock);
1463 return (rc);
1464 }
1465
1466 /*
1467 * Allow endpoint to close if needed.
1468 */
1469 static void
1470 tl_closeok(tl_endpt_t *tep)
1471 {
1472 ASSERT(tep->te_closewait > 0);
1473 mutex_enter(&tep->te_closelock);
1474 ASSERT(tep->te_closewait == 1);
1475 tep->te_closewait--;
1476 cv_signal(&tep->te_closecv);
1477 mutex_exit(&tep->te_closelock);
1478 }
1479
1480 /*
1481 * STREAMS open entry point.
1482 */
1483 /* ARGSUSED */
1484 static int
1485 tl_open(queue_t *rq, dev_t *devp, int oflag, int sflag, cred_t *credp)
1486 {
1487 tl_endpt_t *tep;
1488 minor_t minor = getminor(*devp);
1489
1490 /*
1491 * Driver is called directly. Both CLONEOPEN and MODOPEN
1492 * are illegal
1493 */
1494 if ((sflag == CLONEOPEN) || (sflag == MODOPEN))
1495 return (ENXIO);
1496
1497 if (rq->q_ptr != NULL)
1498 return (0);
1499
1500 /* Minor number should specify the mode used for the driver. */
1501 if ((minor >= TL_UNUSED))
1502 return (ENXIO);
1503
1504 if (oflag & SO_SOCKSTR) {
1505 minor |= TL_SOCKET;
1506 }
1507
1508 tep = kmem_cache_alloc(tl_cache, KM_SLEEP);
1509 tep->te_refcnt = 1;
1510 tep->te_cpid = curproc->p_pid;
1511 rq->q_ptr = WR(rq)->q_ptr = tep;
1512 tep->te_state = TS_UNBND;
1513 tep->te_credp = credp;
1514 crhold(credp);
1515 tep->te_zoneid = getzoneid();
1516
1517 tep->te_flag = minor & TL_MINOR_MASK;
1518 tep->te_transport = &tl_transports[minor];
1519
1520 /* Allocate a unique minor number for this instance. */
1521 tep->te_minor = (minor_t)id_alloc(tl_minors);
1522
1523 /* Reserve hash handle for bind(). */
1524 (void) mod_hash_reserve(tep->te_addrhash, &tep->te_hash_hndl);
1525
1526 /* Transport-specific initialization */
1527 if (IS_COTS(tep)) {
1528 /* Use private serializer */
1529 tep->te_ser = tl_serializer_alloc(KM_SLEEP);
1530
1531 /* Create list for pending connections */
1532 list_create(&tep->te_iconp, sizeof (tl_icon_t),
1533 offsetof(tl_icon_t, ti_node));
1534 tep->te_qlen = 0;
1535 tep->te_nicon = 0;
1536 tep->te_oconp = NULL;
1537 tep->te_conp = NULL;
1538 } else {
1539 /* Use shared serializer */
1540 tep->te_ser = tep->te_transport->tr_serializer;
1541 bzero(&tep->te_flows, sizeof (list_node_t));
1542 /* Create list for flow control */
1543 list_create(&tep->te_flowlist, sizeof (tl_endpt_t),
1544 offsetof(tl_endpt_t, te_flows));
1545 tep->te_flowq = NULL;
1546 tep->te_lastep = NULL;
1547
1548 }
1549
1550 /* Initialize endpoint address */
1551 if (IS_SOCKET(tep)) {
1552 /* Socket-specific address handling. */
1553 tep->te_alen = TL_SOUX_ADDRLEN;
1554 tep->te_abuf = &tep->te_uxaddr;
1555 tep->te_vp = (void *)(uintptr_t)tep->te_minor;
1556 tep->te_magic = SOU_MAGIC_IMPLICIT;
1557 } else {
1558 tep->te_alen = -1;
1559 tep->te_abuf = NULL;
1560 }
1561
1562 /* clone the driver */
1563 *devp = makedevice(getmajor(*devp), tep->te_minor);
1564
1565 tep->te_rq = rq;
1566 tep->te_wq = WR(rq);
1567
1568 #ifdef _ILP32
1569 if (IS_SOCKET(tep))
1570 tep->te_acceptor_id = tep->te_minor;
1571 else
1572 tep->te_acceptor_id = (t_uscalar_t)rq;
1573 #else
1574 tep->te_acceptor_id = tep->te_minor;
1575 #endif /* _ILP32 */
1576
1577
1578 qprocson(rq);
1579
1580 /*
1581 * Insert acceptor ID in the hash. The AI hash always sleeps on
1582 * insertion so insertion can't fail.
1583 */
1584 (void) mod_hash_insert(tep->te_transport->tr_ai_hash,
1585 (mod_hash_key_t)(uintptr_t)tep->te_acceptor_id,
1586 (mod_hash_val_t)tep);
1587
1588 return (0);
1589 }
1590
1591 /* ARGSUSED1 */
1592 static int
1593 tl_close(queue_t *rq, int flag, cred_t *credp)
1594 {
1595 tl_endpt_t *tep = (tl_endpt_t *)rq->q_ptr;
1596 tl_endpt_t *elp = NULL;
1597 queue_t *wq = tep->te_wq;
1598 int rc;
1599
1600 ASSERT(wq == WR(rq));
1601
1602 /*
1603 * Remove the endpoint from acceptor hash.
1604 */
1605 rc = mod_hash_remove(tep->te_transport->tr_ai_hash,
1606 (mod_hash_key_t)(uintptr_t)tep->te_acceptor_id,
1607 (mod_hash_val_t *)&elp);
1608 ASSERT(rc == 0 && tep == elp);
1609 if ((rc != 0) || (tep != elp)) {
1610 (void) (STRLOG(TL_ID, tep->te_minor, 1,
1611 SL_TRACE | SL_ERROR,
1612 "tl_close:inconsistency in AI hash"));
1613 }
1614
1615 /*
1616 * Wait till close is safe, then mark endpoint as closing.
1617 */
1618 mutex_enter(&tep->te_closelock);
1619 while (tep->te_closewait)
1620 cv_wait(&tep->te_closecv, &tep->te_closelock);
1621 tep->te_closing = B_TRUE;
1622 /*
1623 * Will wait for the serializer part of the close to finish, so set
1624 * te_closewait now.
1625 */
1626 tep->te_closewait = 1;
1627 tep->te_nowsrv = B_FALSE;
1628 mutex_exit(&tep->te_closelock);
1629
1630 /*
1631 * tl_close_ser doesn't drop reference, so no need to tl_refhold.
1632 * It is safe because close will wait for tl_close_ser to finish.
1633 */
1634 tl_serializer_enter(tep, tl_close_ser, &tep->te_closemp);
1635
1636 /*
1637 * Wait for the first phase of close to complete before qprocsoff().
1638 */
1639 mutex_enter(&tep->te_closelock);
1640 while (tep->te_closewait)
1641 cv_wait(&tep->te_closecv, &tep->te_closelock);
1642 mutex_exit(&tep->te_closelock);
1643
1644 qprocsoff(rq);
1645
1646 if (tep->te_bufcid) {
1647 qunbufcall(rq, tep->te_bufcid);
1648 tep->te_bufcid = 0;
1649 }
1650 if (tep->te_timoutid) {
1651 (void) quntimeout(rq, tep->te_timoutid);
1652 tep->te_timoutid = 0;
1653 }
1654
1655 /*
1656 * Finish close behind serializer.
1657 *
1658 * For a CLTS endpoint increase a refcount and continue close processing
1659 * with serializer protection. This processing may happen asynchronously
1660 * with the completion of tl_close().
1661 *
1662 * Fot a COTS endpoint wait before destroying tep since the serializer
1663 * may go away together with tep and we need to destroy serializer
1664 * outside of serializer context.
1665 */
1666 ASSERT(tep->te_closewait == 0);
1667 if (IS_COTS(tep))
1668 tep->te_closewait = 1;
1669 else
1670 tl_refhold(tep);
1671
1672 tl_serializer_enter(tep, tl_close_finish_ser, &tep->te_closemp);
1673
1674 /*
1675 * For connection-oriented transports wait for all serializer activity
1676 * to settle down.
1677 */
1678 if (IS_COTS(tep)) {
1679 mutex_enter(&tep->te_closelock);
1680 while (tep->te_closewait)
1681 cv_wait(&tep->te_closecv, &tep->te_closelock);
1682 mutex_exit(&tep->te_closelock);
1683 }
1684
1685 crfree(tep->te_credp);
1686 tep->te_credp = NULL;
1687 tep->te_wq = NULL;
1688 tl_refrele(tep);
1689 /*
1690 * tep is likely to be destroyed now, so can't reference it any more.
1691 */
1692
1693 rq->q_ptr = wq->q_ptr = NULL;
1694 return (0);
1695 }
1696
1697 /*
1698 * First phase of close processing done behind the serializer.
1699 *
1700 * Do not drop the reference in the end - tl_close() wants this reference to
1701 * stay.
1702 */
1703 /* ARGSUSED0 */
1704 static void
1705 tl_close_ser(mblk_t *mp, tl_endpt_t *tep)
1706 {
1707 ASSERT(tep->te_closing);
1708 ASSERT(tep->te_closewait == 1);
1709 ASSERT(!(tep->te_flag & TL_CLOSE_SER));
1710
1711 tep->te_flag |= TL_CLOSE_SER;
1712
1713 /*
1714 * Drain out all messages on queue except for TL_TICOTS where the
1715 * abortive release semantics permit discarding of data on close
1716 */
1717 if (tep->te_wq->q_first && (IS_CLTS(tep) || IS_COTSORD(tep))) {
1718 tl_wsrv_ser(NULL, tep);
1719 }
1720
1721 /* Remove address from hash table. */
1722 tl_addr_unbind(tep);
1723 /*
1724 * qprocsoff() gets confused when q->q_next is not NULL on the write
1725 * queue of the driver, so clear these before qprocsoff() is called.
1726 * Also clear q_next for the peer since this queue is going away.
1727 */
1728 if (IS_COTS(tep) && !IS_SOCKET(tep)) {
1729 tl_endpt_t *peer_tep = tep->te_conp;
1730
1731 tep->te_wq->q_next = NULL;
1732 if ((peer_tep != NULL) && !peer_tep->te_closing)
1733 peer_tep->te_wq->q_next = NULL;
1734 }
1735
1736 tep->te_rq = NULL;
1737
1738 /* wake up tl_close() */
1739 tl_closeok(tep);
1740 tl_serializer_exit(tep);
1741 }
1742
1743 /*
1744 * Second phase of tl_close(). Should wakeup tl_close() for COTS mode and drop
1745 * the reference for CLTS.
1746 *
1747 * Called from serializer. Should drop reference count for CLTS only.
1748 */
1749 /* ARGSUSED0 */
1750 static void
1751 tl_close_finish_ser(mblk_t *mp, tl_endpt_t *tep)
1752 {
1753 ASSERT(tep->te_closing);
1754 IMPLY(IS_CLTS(tep), tep->te_closewait == 0);
1755 IMPLY(IS_COTS(tep), tep->te_closewait == 1);
1756
1757 tep->te_state = -1; /* Uninitialized */
1758 if (IS_COTS(tep)) {
1759 tl_co_unconnect(tep);
1760 } else {
1761 /* Connectionless specific cleanup */
1762 TL_REMOVE_PEER(tep->te_lastep);
1763 /*
1764 * Backenable anybody that is flow controlled waiting for
1765 * this endpoint.
1766 */
1767 tl_cl_backenable(tep);
1768 if (tep->te_flowq != NULL) {
1769 list_remove(&(tep->te_flowq->te_flowlist), tep);
1770 tep->te_flowq = NULL;
1771 }
1772 }
1773
1774 tl_serializer_exit(tep);
1775 if (IS_COTS(tep))
1776 tl_closeok(tep);
1777 else
1778 tl_refrele(tep);
1779 }
1780
1781 /*
1782 * STREAMS write-side put procedure.
1783 * Enter serializer for most of the processing.
1784 *
1785 * The T_CONN_REQ is processed outside of serializer.
1786 */
1787 static int
1788 tl_wput(queue_t *wq, mblk_t *mp)
1789 {
1790 tl_endpt_t *tep = (tl_endpt_t *)wq->q_ptr;
1791 ssize_t msz = MBLKL(mp);
1792 union T_primitives *prim = (union T_primitives *)mp->b_rptr;
1793 tlproc_t *tl_proc = NULL;
1794
1795 switch (DB_TYPE(mp)) {
1796 case M_DATA:
1797 /* Only valid for connection-oriented transports */
1798 if (IS_CLTS(tep)) {
1799 (void) (STRLOG(TL_ID, tep->te_minor, 1,
1800 SL_TRACE | SL_ERROR,
1801 "tl_wput:M_DATA invalid for ticlts driver"));
1802 tl_merror(wq, mp, EPROTO);
1803 return (0);
1804 }
1805 tl_proc = tl_wput_data_ser;
1806 break;
1807
1808 case M_IOCTL:
1809 switch (((struct iocblk *)mp->b_rptr)->ioc_cmd) {
1810 case TL_IOC_CREDOPT:
1811 /* FALLTHROUGH */
1812 case TL_IOC_UCREDOPT:
1813 /*
1814 * Serialize endpoint state change.
1815 */
1816 tl_proc = tl_do_ioctl_ser;
1817 break;
1818
1819 default:
1820 miocnak(wq, mp, 0, EINVAL);
1821 return (0);
1822 }
1823 break;
1824
1825 case M_FLUSH:
1826 /*
1827 * do canonical M_FLUSH processing
1828 */
1829 if (*mp->b_rptr & FLUSHW) {
1830 flushq(wq, FLUSHALL);
1831 *mp->b_rptr &= ~FLUSHW;
1832 }
1833 if (*mp->b_rptr & FLUSHR) {
1834 flushq(RD(wq), FLUSHALL);
1835 qreply(wq, mp);
1836 } else {
1837 freemsg(mp);
1838 }
1839 return (0);
1840
1841 case M_PROTO:
1842 if (msz < sizeof (prim->type)) {
1843 (void) (STRLOG(TL_ID, tep->te_minor, 1,
1844 SL_TRACE | SL_ERROR,
1845 "tl_wput:M_PROTO data too short"));
1846 tl_merror(wq, mp, EPROTO);
1847 return (0);
1848 }
1849 switch (prim->type) {
1850 case T_OPTMGMT_REQ:
1851 case T_SVR4_OPTMGMT_REQ:
1852 /*
1853 * Process TPI option management requests immediately
1854 * in put procedure regardless of in-order processing
1855 * of already queued messages.
1856 * (Note: This driver supports AF_UNIX socket
1857 * implementation. Unless we implement this processing,
1858 * setsockopt() on socket endpoint will block on flow
1859 * controlled endpoints which it should not. That is
1860 * required for successful execution of VSU socket tests
1861 * and is consistent with BSD socket behavior).
1862 */
1863 tl_optmgmt(wq, mp);
1864 return (0);
1865 case O_T_BIND_REQ:
1866 case T_BIND_REQ:
1867 tl_proc = tl_bind_ser;
1868 break;
1869 case T_CONN_REQ:
1870 if (IS_CLTS(tep)) {
1871 tl_merror(wq, mp, EPROTO);
1872 return (0);
1873 }
1874 tl_conn_req(wq, mp);
1875 return (0);
1876 case T_DATA_REQ:
1877 case T_OPTDATA_REQ:
1878 case T_EXDATA_REQ:
1879 case T_ORDREL_REQ:
1880 tl_proc = tl_putq_ser;
1881 break;
1882 case T_UNITDATA_REQ:
1883 if (IS_COTS(tep) ||
1884 (msz < sizeof (struct T_unitdata_req))) {
1885 tl_merror(wq, mp, EPROTO);
1886 return (0);
1887 }
1888 if ((tep->te_state == TS_IDLE) && !wq->q_first) {
1889 tl_proc = tl_unitdata_ser;
1890 } else {
1891 tl_proc = tl_putq_ser;
1892 }
1893 break;
1894 default:
1895 /*
1896 * process in service procedure if message already
1897 * queued (maintain in-order processing)
1898 */
1899 if (wq->q_first != NULL) {
1900 tl_proc = tl_putq_ser;
1901 } else {
1902 tl_proc = tl_wput_ser;
1903 }
1904 break;
1905 }
1906 break;
1907
1908 case M_PCPROTO:
1909 /*
1910 * Check that the message has enough data to figure out TPI
1911 * primitive.
1912 */
1913 if (msz < sizeof (prim->type)) {
1914 (void) (STRLOG(TL_ID, tep->te_minor, 1,
1915 SL_TRACE | SL_ERROR,
1916 "tl_wput:M_PCROTO data too short"));
1917 tl_merror(wq, mp, EPROTO);
1918 return (0);
1919 }
1920 switch (prim->type) {
1921 case T_CAPABILITY_REQ:
1922 tl_capability_req(mp, tep);
1923 return (0);
1924 case T_INFO_REQ:
1925 tl_proc = tl_info_req_ser;
1926 break;
1927 case T_ADDR_REQ:
1928 tl_proc = tl_addr_req_ser;
1929 break;
1930
1931 default:
1932 (void) (STRLOG(TL_ID, tep->te_minor, 1,
1933 SL_TRACE | SL_ERROR,
1934 "tl_wput:unknown TPI msg primitive"));
1935 tl_merror(wq, mp, EPROTO);
1936 return (0);
1937 }
1938 break;
1939 default:
1940 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
1941 "tl_wput:default:unexpected Streams message"));
1942 freemsg(mp);
1943 return (0);
1944 }
1945
1946 /*
1947 * Continue processing via serializer.
1948 */
1949 ASSERT(tl_proc != NULL);
1950 tl_refhold(tep);
1951 tl_serializer_enter(tep, tl_proc, mp);
1952 return (0);
1953 }
1954
1955 /*
1956 * Place message on the queue while preserving order.
1957 */
1958 static void
1959 tl_putq_ser(mblk_t *mp, tl_endpt_t *tep)
1960 {
1961 if (tep->te_closing) {
1962 tl_wput_ser(mp, tep);
1963 } else {
1964 TL_PUTQ(tep, mp);
1965 tl_serializer_exit(tep);
1966 tl_refrele(tep);
1967 }
1968
1969 }
1970
1971 static void
1972 tl_wput_common_ser(mblk_t *mp, tl_endpt_t *tep)
1973 {
1974 ASSERT((DB_TYPE(mp) == M_DATA) || (DB_TYPE(mp) == M_PROTO));
1975
1976 switch (DB_TYPE(mp)) {
1977 case M_DATA:
1978 tl_data(mp, tep);
1979 break;
1980 case M_PROTO:
1981 tl_do_proto(mp, tep);
1982 break;
1983 default:
1984 freemsg(mp);
1985 break;
1986 }
1987 }
1988
1989 /*
1990 * Write side put procedure called from serializer.
1991 */
1992 static void
1993 tl_wput_ser(mblk_t *mp, tl_endpt_t *tep)
1994 {
1995 tl_wput_common_ser(mp, tep);
1996 tl_serializer_exit(tep);
1997 tl_refrele(tep);
1998 }
1999
2000 /*
2001 * M_DATA processing. Called from serializer.
2002 */
2003 static void
2004 tl_wput_data_ser(mblk_t *mp, tl_endpt_t *tep)
2005 {
2006 tl_endpt_t *peer_tep = tep->te_conp;
2007 queue_t *peer_rq;
2008
2009 ASSERT(DB_TYPE(mp) == M_DATA);
2010 ASSERT(IS_COTS(tep));
2011
2012 IMPLY(peer_tep, tep->te_serializer == peer_tep->te_serializer);
2013
2014 /*
2015 * fastpath for data. Ignore flow control if tep is closing.
2016 */
2017 if ((peer_tep != NULL) &&
2018 !peer_tep->te_closing &&
2019 ((tep->te_state == TS_DATA_XFER) ||
2020 (tep->te_state == TS_WREQ_ORDREL)) &&
2021 (tep->te_wq != NULL) &&
2022 (tep->te_wq->q_first == NULL) &&
2023 (peer_tep->te_state == TS_DATA_XFER ||
2024 peer_tep->te_state == TS_WIND_ORDREL ||
2025 peer_tep->te_state == TS_WREQ_ORDREL) &&
2026 ((peer_rq = peer_tep->te_rq) != NULL) &&
2027 (canputnext(peer_rq) || tep->te_closing)) {
2028 putnext(peer_rq, mp);
2029 } else if (tep->te_closing) {
2030 /*
2031 * It is possible that by the time we got here tep started to
2032 * close. If the write queue is not empty, and the state is
2033 * TS_DATA_XFER the data should be delivered in order, so we
2034 * call putq() instead of freeing the data.
2035 */
2036 if ((tep->te_wq != NULL) &&
2037 ((tep->te_state == TS_DATA_XFER) ||
2038 (tep->te_state == TS_WREQ_ORDREL))) {
2039 TL_PUTQ(tep, mp);
2040 } else {
2041 freemsg(mp);
2042 }
2043 } else {
2044 TL_PUTQ(tep, mp);
2045 }
2046
2047 tl_serializer_exit(tep);
2048 tl_refrele(tep);
2049 }
2050
2051 /*
2052 * Write side service routine.
2053 *
2054 * All actual processing happens within serializer which is entered
2055 * synchronously. It is possible that by the time tl_wsrv() wakes up, some new
2056 * messages that need processing may have arrived, so tl_wsrv repeats until
2057 * queue is empty or te_nowsrv is set.
2058 */
2059 static int
2060 tl_wsrv(queue_t *wq)
2061 {
2062 tl_endpt_t *tep = (tl_endpt_t *)wq->q_ptr;
2063
2064 while ((wq->q_first != NULL) && !tep->te_nowsrv) {
2065 mutex_enter(&tep->te_srv_lock);
2066 ASSERT(tep->te_wsrv_active == B_FALSE);
2067 tep->te_wsrv_active = B_TRUE;
2068 mutex_exit(&tep->te_srv_lock);
2069
2070 tl_serializer_enter(tep, tl_wsrv_ser, &tep->te_wsrvmp);
2071
2072 /*
2073 * Wait for serializer job to complete.
2074 */
2075 mutex_enter(&tep->te_srv_lock);
2076 while (tep->te_wsrv_active) {
2077 cv_wait(&tep->te_srv_cv, &tep->te_srv_lock);
2078 }
2079 cv_signal(&tep->te_srv_cv);
2080 mutex_exit(&tep->te_srv_lock);
2081 }
2082 return (0);
2083 }
2084
2085 /*
2086 * Serialized write side processing of the STREAMS queue.
2087 * May be called either from tl_wsrv() or from tl_close() in which case ser_mp
2088 * is NULL.
2089 */
2090 static void
2091 tl_wsrv_ser(mblk_t *ser_mp, tl_endpt_t *tep)
2092 {
2093 mblk_t *mp;
2094 queue_t *wq = tep->te_wq;
2095
2096 ASSERT(wq != NULL);
2097 while (!tep->te_nowsrv && (mp = getq(wq)) != NULL) {
2098 tl_wput_common_ser(mp, tep);
2099 }
2100
2101 /*
2102 * Wakeup service routine unless called from close.
2103 * If ser_mp is specified, the caller is tl_wsrv().
2104 * Otherwise, the caller is tl_close_ser(). Since tl_close_ser() doesn't
2105 * call tl_serializer_enter() before calling tl_wsrv_ser(), there should
2106 * be no matching tl_serializer_exit() in this case.
2107 * Also, there is no need to wakeup anyone since tl_close_ser() is not
2108 * waiting on te_srv_cv.
2109 */
2110 if (ser_mp != NULL) {
2111 /*
2112 * We are called from tl_wsrv.
2113 */
2114 mutex_enter(&tep->te_srv_lock);
2115 ASSERT(tep->te_wsrv_active);
2116 tep->te_wsrv_active = B_FALSE;
2117 cv_signal(&tep->te_srv_cv);
2118 mutex_exit(&tep->te_srv_lock);
2119 tl_serializer_exit(tep);
2120 }
2121 }
2122
2123 /*
2124 * Called when the stream is backenabled. Enter serializer and qenable everyone
2125 * flow controlled by tep.
2126 *
2127 * NOTE: The service routine should enter serializer synchronously. Otherwise it
2128 * is possible that two instances of tl_rsrv will be running reusing the same
2129 * rsrv mblk.
2130 */
2131 static int
2132 tl_rsrv(queue_t *rq)
2133 {
2134 tl_endpt_t *tep = (tl_endpt_t *)rq->q_ptr;
2135
2136 ASSERT(rq->q_first == NULL);
2137 ASSERT(tep->te_rsrv_active == 0);
2138
2139 tep->te_rsrv_active = B_TRUE;
2140 tl_serializer_enter(tep, tl_rsrv_ser, &tep->te_rsrvmp);
2141 /*
2142 * Wait for serializer job to complete.
2143 */
2144 mutex_enter(&tep->te_srv_lock);
2145 while (tep->te_rsrv_active) {
2146 cv_wait(&tep->te_srv_cv, &tep->te_srv_lock);
2147 }
2148 cv_signal(&tep->te_srv_cv);
2149 mutex_exit(&tep->te_srv_lock);
2150 return (0);
2151 }
2152
2153 /* ARGSUSED */
2154 static void
2155 tl_rsrv_ser(mblk_t *mp, tl_endpt_t *tep)
2156 {
2157 tl_endpt_t *peer_tep;
2158
2159 if (IS_CLTS(tep) && tep->te_state == TS_IDLE) {
2160 tl_cl_backenable(tep);
2161 } else if (
2162 IS_COTS(tep) &&
2163 ((peer_tep = tep->te_conp) != NULL) &&
2164 !peer_tep->te_closing &&
2165 ((tep->te_state == TS_DATA_XFER) ||
2166 (tep->te_state == TS_WIND_ORDREL)||
2167 (tep->te_state == TS_WREQ_ORDREL))) {
2168 TL_QENABLE(peer_tep);
2169 }
2170
2171 /*
2172 * Wakeup read side service routine.
2173 */
2174 mutex_enter(&tep->te_srv_lock);
2175 ASSERT(tep->te_rsrv_active);
2176 tep->te_rsrv_active = B_FALSE;
2177 cv_signal(&tep->te_srv_cv);
2178 mutex_exit(&tep->te_srv_lock);
2179 tl_serializer_exit(tep);
2180 }
2181
2182 /*
2183 * process M_PROTO messages. Always called from serializer.
2184 */
2185 static void
2186 tl_do_proto(mblk_t *mp, tl_endpt_t *tep)
2187 {
2188 ssize_t msz = MBLKL(mp);
2189 union T_primitives *prim = (union T_primitives *)mp->b_rptr;
2190
2191 /* Message size was validated by tl_wput(). */
2192 ASSERT(msz >= sizeof (prim->type));
2193
2194 switch (prim->type) {
2195 case T_UNBIND_REQ:
2196 tl_unbind(mp, tep);
2197 break;
2198
2199 case T_ADDR_REQ:
2200 tl_addr_req(mp, tep);
2201 break;
2202
2203 case O_T_CONN_RES:
2204 case T_CONN_RES:
2205 if (IS_CLTS(tep)) {
2206 tl_merror(tep->te_wq, mp, EPROTO);
2207 break;
2208 }
2209 tl_conn_res(mp, tep);
2210 break;
2211
2212 case T_DISCON_REQ:
2213 if (IS_CLTS(tep)) {
2214 tl_merror(tep->te_wq, mp, EPROTO);
2215 break;
2216 }
2217 tl_discon_req(mp, tep);
2218 break;
2219
2220 case T_DATA_REQ:
2221 if (IS_CLTS(tep)) {
2222 tl_merror(tep->te_wq, mp, EPROTO);
2223 break;
2224 }
2225 tl_data(mp, tep);
2226 break;
2227
2228 case T_OPTDATA_REQ:
2229 if (IS_CLTS(tep)) {
2230 tl_merror(tep->te_wq, mp, EPROTO);
2231 break;
2232 }
2233 tl_data(mp, tep);
2234 break;
2235
2236 case T_EXDATA_REQ:
2237 if (IS_CLTS(tep)) {
2238 tl_merror(tep->te_wq, mp, EPROTO);
2239 break;
2240 }
2241 tl_exdata(mp, tep);
2242 break;
2243
2244 case T_ORDREL_REQ:
2245 if (!IS_COTSORD(tep)) {
2246 tl_merror(tep->te_wq, mp, EPROTO);
2247 break;
2248 }
2249 tl_ordrel(mp, tep);
2250 break;
2251
2252 case T_UNITDATA_REQ:
2253 if (IS_COTS(tep)) {
2254 tl_merror(tep->te_wq, mp, EPROTO);
2255 break;
2256 }
2257 tl_unitdata(mp, tep);
2258 break;
2259
2260 default:
2261 tl_merror(tep->te_wq, mp, EPROTO);
2262 break;
2263 }
2264 }
2265
2266 /*
2267 * Process ioctl from serializer.
2268 * This is a wrapper around tl_do_ioctl().
2269 */
2270 static void
2271 tl_do_ioctl_ser(mblk_t *mp, tl_endpt_t *tep)
2272 {
2273 if (!tep->te_closing)
2274 tl_do_ioctl(mp, tep);
2275 else
2276 freemsg(mp);
2277
2278 tl_serializer_exit(tep);
2279 tl_refrele(tep);
2280 }
2281
2282 static void
2283 tl_do_ioctl(mblk_t *mp, tl_endpt_t *tep)
2284 {
2285 struct iocblk *iocbp = (struct iocblk *)mp->b_rptr;
2286 int cmd = iocbp->ioc_cmd;
2287 queue_t *wq = tep->te_wq;
2288 int error;
2289 int thisopt, otheropt;
2290
2291 ASSERT((cmd == TL_IOC_CREDOPT) || (cmd == TL_IOC_UCREDOPT));
2292
2293 switch (cmd) {
2294 case TL_IOC_CREDOPT:
2295 if (cmd == TL_IOC_CREDOPT) {
2296 thisopt = TL_SETCRED;
2297 otheropt = TL_SETUCRED;
2298 } else {
2299 /* FALLTHROUGH */
2300 case TL_IOC_UCREDOPT:
2301 thisopt = TL_SETUCRED;
2302 otheropt = TL_SETCRED;
2303 }
2304 /*
2305 * The credentials passing does not apply to sockets.
2306 * Only one of the cred options can be set at a given time.
2307 */
2308 if (IS_SOCKET(tep) || (tep->te_flag & otheropt)) {
2309 miocnak(wq, mp, 0, EINVAL);
2310 return;
2311 }
2312
2313 /*
2314 * Turn on generation of credential options for
2315 * T_conn_req, T_conn_con, T_unidata_ind.
2316 */
2317 error = miocpullup(mp, sizeof (uint32_t));
2318 if (error != 0) {
2319 miocnak(wq, mp, 0, error);
2320 return;
2321 }
2322 if (!IS_P2ALIGNED(mp->b_cont->b_rptr, sizeof (uint32_t))) {
2323 miocnak(wq, mp, 0, EINVAL);
2324 return;
2325 }
2326
2327 if (*(uint32_t *)mp->b_cont->b_rptr)
2328 tep->te_flag |= thisopt;
2329 else
2330 tep->te_flag &= ~thisopt;
2331
2332 miocack(wq, mp, 0, 0);
2333 break;
2334
2335 default:
2336 /* Should not be here */
2337 miocnak(wq, mp, 0, EINVAL);
2338 break;
2339 }
2340 }
2341
2342
2343 /*
2344 * send T_ERROR_ACK
2345 * Note: assumes enough memory or caller passed big enough mp
2346 * - no recovery from allocb failures
2347 */
2348
2349 static void
2350 tl_error_ack(queue_t *wq, mblk_t *mp, t_scalar_t tli_err,
2351 t_scalar_t unix_err, t_scalar_t type)
2352 {
2353 struct T_error_ack *err_ack;
2354 mblk_t *ackmp = tpi_ack_alloc(mp, sizeof (struct T_error_ack),
2355 M_PCPROTO, T_ERROR_ACK);
2356
2357 if (ackmp == NULL) {
2358 (void) (STRLOG(TL_ID, 0, 1, SL_TRACE | SL_ERROR,
2359 "tl_error_ack:out of mblk memory"));
2360 tl_merror(wq, NULL, ENOSR);
2361 return;
2362 }
2363 err_ack = (struct T_error_ack *)ackmp->b_rptr;
2364 err_ack->ERROR_prim = type;
2365 err_ack->TLI_error = tli_err;
2366 err_ack->UNIX_error = unix_err;
2367
2368 /*
2369 * send error ack message
2370 */
2371 qreply(wq, ackmp);
2372 }
2373
2374
2375
2376 /*
2377 * send T_OK_ACK
2378 * Note: assumes enough memory or caller passed big enough mp
2379 * - no recovery from allocb failures
2380 */
2381 static void
2382 tl_ok_ack(queue_t *wq, mblk_t *mp, t_scalar_t type)
2383 {
2384 struct T_ok_ack *ok_ack;
2385 mblk_t *ackmp = tpi_ack_alloc(mp, sizeof (struct T_ok_ack),
2386 M_PCPROTO, T_OK_ACK);
2387
2388 if (ackmp == NULL) {
2389 tl_merror(wq, NULL, ENOMEM);
2390 return;
2391 }
2392
2393 ok_ack = (struct T_ok_ack *)ackmp->b_rptr;
2394 ok_ack->CORRECT_prim = type;
2395
2396 (void) qreply(wq, ackmp);
2397 }
2398
2399 /*
2400 * Process T_BIND_REQ and O_T_BIND_REQ from serializer.
2401 * This is a wrapper around tl_bind().
2402 */
2403 static void
2404 tl_bind_ser(mblk_t *mp, tl_endpt_t *tep)
2405 {
2406 if (!tep->te_closing)
2407 tl_bind(mp, tep);
2408 else
2409 freemsg(mp);
2410
2411 tl_serializer_exit(tep);
2412 tl_refrele(tep);
2413 }
2414
2415 /*
2416 * Process T_BIND_REQ and O_T_BIND_REQ TPI requests.
2417 * Assumes that the endpoint is in the unbound.
2418 */
2419 static void
2420 tl_bind(mblk_t *mp, tl_endpt_t *tep)
2421 {
2422 queue_t *wq = tep->te_wq;
2423 struct T_bind_ack *b_ack;
2424 struct T_bind_req *bind = (struct T_bind_req *)mp->b_rptr;
2425 mblk_t *ackmp, *bamp;
2426 soux_addr_t ux_addr;
2427 t_uscalar_t qlen = 0;
2428 t_scalar_t alen, aoff;
2429 tl_addr_t addr_req;
2430 void *addr_startp;
2431 ssize_t msz = MBLKL(mp), basize;
2432 t_scalar_t tli_err = 0, unix_err = 0;
2433 t_scalar_t save_prim_type = bind->PRIM_type;
2434 t_scalar_t save_state = tep->te_state;
2435
2436 if (tep->te_state != TS_UNBND) {
2437 (void) (STRLOG(TL_ID, tep->te_minor, 1,
2438 SL_TRACE | SL_ERROR,
2439 "tl_wput:bind_request:out of state, state=%d",
2440 tep->te_state));
2441 tli_err = TOUTSTATE;
2442 goto error;
2443 }
2444
2445 if (msz < sizeof (struct T_bind_req)) {
2446 tli_err = TSYSERR;
2447 unix_err = EINVAL;
2448 goto error;
2449 }
2450
2451 tep->te_state = nextstate[TE_BIND_REQ][tep->te_state];
2452
2453 ASSERT((bind->PRIM_type == O_T_BIND_REQ) ||
2454 (bind->PRIM_type == T_BIND_REQ));
2455
2456 alen = bind->ADDR_length;
2457 aoff = bind->ADDR_offset;
2458
2459 /* negotiate max conn req pending */
2460 if (IS_COTS(tep)) {
2461 qlen = bind->CONIND_number;
2462 if (qlen > tl_maxqlen)
2463 qlen = tl_maxqlen;
2464 }
2465
2466 /*
2467 * Reserve hash handle. It can only be NULL if the endpoint is unbound
2468 * and bound again.
2469 */
2470 if ((tep->te_hash_hndl == NULL) &&
2471 ((tep->te_flag & TL_ADDRHASHED) == 0) &&
2472 mod_hash_reserve_nosleep(tep->te_addrhash,
2473 &tep->te_hash_hndl) != 0) {
2474 tli_err = TSYSERR;
2475 unix_err = ENOSR;
2476 goto error;
2477 }
2478
2479 /*
2480 * Verify address correctness.
2481 */
2482 if (IS_SOCKET(tep)) {
2483 ASSERT(bind->PRIM_type == O_T_BIND_REQ);
2484
2485 if ((alen != TL_SOUX_ADDRLEN) ||
2486 (aoff < 0) ||
2487 (aoff + alen > msz)) {
2488 (void) (STRLOG(TL_ID, tep->te_minor,
2489 1, SL_TRACE | SL_ERROR,
2490 "tl_bind: invalid socket addr"));
2491 tep->te_state = nextstate[TE_ERROR_ACK][tep->te_state];
2492 tli_err = TSYSERR;
2493 unix_err = EINVAL;
2494 goto error;
2495 }
2496 /* Copy address from message to local buffer. */
2497 bcopy(mp->b_rptr + aoff, &ux_addr, sizeof (ux_addr));
2498 /*
2499 * Check that we got correct address from sockets
2500 */
2501 if ((ux_addr.soua_magic != SOU_MAGIC_EXPLICIT) &&
2502 (ux_addr.soua_magic != SOU_MAGIC_IMPLICIT)) {
2503 (void) (STRLOG(TL_ID, tep->te_minor,
2504 1, SL_TRACE | SL_ERROR,
2505 "tl_bind: invalid socket magic"));
2506 tep->te_state = nextstate[TE_ERROR_ACK][tep->te_state];
2507 tli_err = TSYSERR;
2508 unix_err = EINVAL;
2509 goto error;
2510 }
2511 if ((ux_addr.soua_magic == SOU_MAGIC_IMPLICIT) &&
2512 (ux_addr.soua_vp != NULL)) {
2513 (void) (STRLOG(TL_ID, tep->te_minor,
2514 1, SL_TRACE | SL_ERROR,
2515 "tl_bind: implicit addr non-empty"));
2516 tep->te_state = nextstate[TE_ERROR_ACK][tep->te_state];
2517 tli_err = TSYSERR;
2518 unix_err = EINVAL;
2519 goto error;
2520 }
2521 if ((ux_addr.soua_magic == SOU_MAGIC_EXPLICIT) &&
2522 (ux_addr.soua_vp == NULL)) {
2523 (void) (STRLOG(TL_ID, tep->te_minor,
2524 1, SL_TRACE | SL_ERROR,
2525 "tl_bind: explicit addr empty"));
2526 tep->te_state = nextstate[TE_ERROR_ACK][tep->te_state];
2527 tli_err = TSYSERR;
2528 unix_err = EINVAL;
2529 goto error;
2530 }
2531 } else {
2532 if ((alen > 0) && ((aoff < 0) ||
2533 ((ssize_t)(aoff + alen) > msz) ||
2534 ((aoff + alen) < 0))) {
2535 (void) (STRLOG(TL_ID, tep->te_minor,
2536 1, SL_TRACE | SL_ERROR,
2537 "tl_bind: invalid message"));
2538 tep->te_state = nextstate[TE_ERROR_ACK][tep->te_state];
2539 tli_err = TSYSERR;
2540 unix_err = EINVAL;
2541 goto error;
2542 }
2543 if ((alen < 0) || (alen > (msz - sizeof (struct T_bind_req)))) {
2544 (void) (STRLOG(TL_ID, tep->te_minor,
2545 1, SL_TRACE | SL_ERROR,
2546 "tl_bind: bad addr in message"));
2547 tep->te_state = nextstate[TE_ERROR_ACK][tep->te_state];
2548 tli_err = TBADADDR;
2549 goto error;
2550 }
2551 #ifdef DEBUG
2552 /*
2553 * Mild form of ASSERT()ion to detect broken TPI apps.
2554 * if (!assertion)
2555 * log warning;
2556 */
2557 if (!((alen == 0 && aoff == 0) ||
2558 (aoff >= (t_scalar_t)(sizeof (struct T_bind_req))))) {
2559 (void) (STRLOG(TL_ID, tep->te_minor,
2560 3, SL_TRACE | SL_ERROR,
2561 "tl_bind: addr overlaps TPI message"));
2562 }
2563 #endif
2564 }
2565
2566 /*
2567 * Bind the address provided or allocate one if requested.
2568 * Allow rebinds with a new qlen value.
2569 */
2570 if (IS_SOCKET(tep)) {
2571 /*
2572 * For anonymous requests the te_ap is already set up properly
2573 * so use minor number as an address.
2574 * For explicit requests need to check whether the address is
2575 * already in use.
2576 */
2577 if (ux_addr.soua_magic == SOU_MAGIC_EXPLICIT) {
2578 int rc;
2579
2580 if (tep->te_flag & TL_ADDRHASHED) {
2581 ASSERT(IS_COTS(tep) && tep->te_qlen == 0);
2582 if (tep->te_vp == ux_addr.soua_vp)
2583 goto skip_addr_bind;
2584 else /* Rebind to a new address. */
2585 tl_addr_unbind(tep);
2586 }
2587 /*
2588 * Insert address in the hash if it is not already
2589 * there. Since we use preallocated handle, the insert
2590 * can fail only if the key is already present.
2591 */
2592 rc = mod_hash_insert_reserve(tep->te_addrhash,
2593 (mod_hash_key_t)ux_addr.soua_vp,
2594 (mod_hash_val_t)tep, tep->te_hash_hndl);
2595
2596 if (rc != 0) {
2597 ASSERT(rc == MH_ERR_DUPLICATE);
2598 /*
2599 * Violate O_T_BIND_REQ semantics and fail with
2600 * TADDRBUSY - sockets will not use any address
2601 * other than supplied one for explicit binds.
2602 */
2603 (void) (STRLOG(TL_ID, tep->te_minor, 1,
2604 SL_TRACE | SL_ERROR,
2605 "tl_bind:requested addr %p is busy",
2606 ux_addr.soua_vp));
2607 tli_err = TADDRBUSY;
2608 unix_err = 0;
2609 goto error;
2610 }
2611 tep->te_uxaddr = ux_addr;
2612 tep->te_flag |= TL_ADDRHASHED;
2613 tep->te_hash_hndl = NULL;
2614 }
2615 } else if (alen == 0) {
2616 /*
2617 * assign any free address
2618 */
2619 if (!tl_get_any_addr(tep, NULL)) {
2620 (void) (STRLOG(TL_ID, tep->te_minor,
2621 1, SL_TRACE | SL_ERROR,
2622 "tl_bind:failed to get buffer for any "
2623 "address"));
2624 tli_err = TSYSERR;
2625 unix_err = ENOSR;
2626 goto error;
2627 }
2628 } else {
2629 addr_req.ta_alen = alen;
2630 addr_req.ta_abuf = (mp->b_rptr + aoff);
2631 addr_req.ta_zoneid = tep->te_zoneid;
2632
2633 tep->te_abuf = kmem_zalloc((size_t)alen, KM_NOSLEEP);
2634 if (tep->te_abuf == NULL) {
2635 tli_err = TSYSERR;
2636 unix_err = ENOSR;
2637 goto error;
2638 }
2639 bcopy(addr_req.ta_abuf, tep->te_abuf, addr_req.ta_alen);
2640 tep->te_alen = alen;
2641
2642 if (mod_hash_insert_reserve(tep->te_addrhash,
2643 (mod_hash_key_t)&tep->te_ap, (mod_hash_val_t)tep,
2644 tep->te_hash_hndl) != 0) {
2645 if (save_prim_type == T_BIND_REQ) {
2646 /*
2647 * The bind semantics for this primitive
2648 * require a failure if the exact address
2649 * requested is busy
2650 */
2651 (void) (STRLOG(TL_ID, tep->te_minor, 1,
2652 SL_TRACE | SL_ERROR,
2653 "tl_bind:requested addr is busy"));
2654 tli_err = TADDRBUSY;
2655 unix_err = 0;
2656 goto error;
2657 }
2658
2659 /*
2660 * O_T_BIND_REQ semantics say if address if requested
2661 * address is busy, bind to any available free address
2662 */
2663 if (!tl_get_any_addr(tep, &addr_req)) {
2664 (void) (STRLOG(TL_ID, tep->te_minor, 1,
2665 SL_TRACE | SL_ERROR,
2666 "tl_bind:unable to get any addr buf"));
2667 tli_err = TSYSERR;
2668 unix_err = ENOMEM;
2669 goto error;
2670 }
2671 } else {
2672 tep->te_flag |= TL_ADDRHASHED;
2673 tep->te_hash_hndl = NULL;
2674 }
2675 }
2676
2677 ASSERT(tep->te_alen >= 0);
2678
2679 skip_addr_bind:
2680 /*
2681 * prepare T_BIND_ACK TPI message
2682 */
2683 basize = sizeof (struct T_bind_ack) + tep->te_alen;
2684 bamp = reallocb(mp, basize, 0);
2685 if (bamp == NULL) {
2686 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
2687 "tl_wput:tl_bind: allocb failed"));
2688 /*
2689 * roll back state changes
2690 */
2691 tl_addr_unbind(tep);
2692 tep->te_state = TS_UNBND;
2693 tl_memrecover(wq, mp, basize);
2694 return;
2695 }
2696
2697 DB_TYPE(bamp) = M_PCPROTO;
2698 bamp->b_wptr = bamp->b_rptr + basize;
2699 b_ack = (struct T_bind_ack *)bamp->b_rptr;
2700 b_ack->PRIM_type = T_BIND_ACK;
2701 b_ack->CONIND_number = qlen;
2702 b_ack->ADDR_length = tep->te_alen;
2703 b_ack->ADDR_offset = (t_scalar_t)sizeof (struct T_bind_ack);
2704 addr_startp = bamp->b_rptr + b_ack->ADDR_offset;
2705 bcopy(tep->te_abuf, addr_startp, tep->te_alen);
2706
2707 if (IS_COTS(tep)) {
2708 tep->te_qlen = qlen;
2709 if (qlen > 0)
2710 tep->te_flag |= TL_LISTENER;
2711 }
2712
2713 tep->te_state = nextstate[TE_BIND_ACK][tep->te_state];
2714 /*
2715 * send T_BIND_ACK message
2716 */
2717 (void) qreply(wq, bamp);
2718 return;
2719
2720 error:
2721 ackmp = reallocb(mp, sizeof (struct T_error_ack), 0);
2722 if (ackmp == NULL) {
2723 /*
2724 * roll back state changes
2725 */
2726 tep->te_state = save_state;
2727 tl_memrecover(wq, mp, sizeof (struct T_error_ack));
2728 return;
2729 }
2730 tep->te_state = nextstate[TE_ERROR_ACK][tep->te_state];
2731 tl_error_ack(wq, ackmp, tli_err, unix_err, save_prim_type);
2732 }
2733
2734 /*
2735 * Process T_UNBIND_REQ.
2736 * Called from serializer.
2737 */
2738 static void
2739 tl_unbind(mblk_t *mp, tl_endpt_t *tep)
2740 {
2741 queue_t *wq;
2742 mblk_t *ackmp;
2743
2744 if (tep->te_closing) {
2745 freemsg(mp);
2746 return;
2747 }
2748
2749 wq = tep->te_wq;
2750
2751 /*
2752 * preallocate memory for max of T_OK_ACK and T_ERROR_ACK
2753 * ==> allocate for T_ERROR_ACK (known max)
2754 */
2755 if ((ackmp = reallocb(mp, sizeof (struct T_error_ack), 0)) == NULL) {
2756 tl_memrecover(wq, mp, sizeof (struct T_error_ack));
2757 return;
2758 }
2759 /*
2760 * memory resources committed
2761 * Note: no message validation. T_UNBIND_REQ message is
2762 * same size as PRIM_type field so already verified earlier.
2763 */
2764
2765 /*
2766 * validate state
2767 */
2768 if (tep->te_state != TS_IDLE) {
2769 (void) (STRLOG(TL_ID, tep->te_minor, 1,
2770 SL_TRACE | SL_ERROR,
2771 "tl_wput:T_UNBIND_REQ:out of state, state=%d",
2772 tep->te_state));
2773 tl_error_ack(wq, ackmp, TOUTSTATE, 0, T_UNBIND_REQ);
2774 return;
2775 }
2776 tep->te_state = nextstate[TE_UNBIND_REQ][tep->te_state];
2777
2778 /*
2779 * TPI says on T_UNBIND_REQ:
2780 * send up a M_FLUSH to flush both
2781 * read and write queues
2782 */
2783 (void) putnextctl1(RD(wq), M_FLUSH, FLUSHRW);
2784
2785 if (!IS_SOCKET(tep) || !IS_CLTS(tep) || tep->te_qlen != 0 ||
2786 tep->te_magic != SOU_MAGIC_EXPLICIT) {
2787
2788 /*
2789 * Sockets use bind with qlen==0 followed by bind() to
2790 * the same address with qlen > 0 for listeners.
2791 * We allow rebind with a new qlen value.
2792 */
2793 tl_addr_unbind(tep);
2794 }
2795
2796 tep->te_state = nextstate[TE_OK_ACK1][tep->te_state];
2797 /*
2798 * send T_OK_ACK
2799 */
2800 tl_ok_ack(wq, ackmp, T_UNBIND_REQ);
2801 }
2802
2803
2804 /*
2805 * Option management code from drv/ip is used here
2806 * Note: TL_PROT_LEVEL/TL_IOC_CREDOPT option is not part of tl_opt_arr
2807 * database of options. So optcom_req() will fail T_SVR4_OPTMGMT_REQ.
2808 * However, that is what we want as that option is 'unorthodox'
2809 * and only valid in T_CONN_IND, T_CONN_CON and T_UNITDATA_IND
2810 * and not in T_SVR4_OPTMGMT_REQ/ACK
2811 * Note2: use of optcom_req means this routine is an exception to
2812 * recovery from allocb() failures.
2813 */
2814
2815 static void
2816 tl_optmgmt(queue_t *wq, mblk_t *mp)
2817 {
2818 tl_endpt_t *tep;
2819 mblk_t *ackmp;
2820 union T_primitives *prim;
2821 cred_t *cr;
2822
2823 tep = (tl_endpt_t *)wq->q_ptr;
2824 prim = (union T_primitives *)mp->b_rptr;
2825
2826 /*
2827 * All Solaris components should pass a db_credp
2828 * for this TPI message, hence we ASSERT.
2829 * But in case there is some other M_PROTO that looks
2830 * like a TPI message sent by some other kernel
2831 * component, we check and return an error.
2832 */
2833 cr = msg_getcred(mp, NULL);
2834 ASSERT(cr != NULL);
2835 if (cr == NULL) {
2836 tl_error_ack(wq, mp, TSYSERR, EINVAL, prim->type);
2837 return;
2838 }
2839
2840 /* all states OK for AF_UNIX options ? */
2841 if (!IS_SOCKET(tep) && tep->te_state != TS_IDLE &&
2842 prim->type == T_SVR4_OPTMGMT_REQ) {
2843 /*
2844 * Broken TLI semantics that options can only be managed
2845 * in TS_IDLE state. Needed for Sparc ABI test suite that
2846 * tests this TLI (mis)feature using this device driver.
2847 */
2848 (void) (STRLOG(TL_ID, tep->te_minor, 1,
2849 SL_TRACE | SL_ERROR,
2850 "tl_wput:T_SVR4_OPTMGMT_REQ:out of state, state=%d",
2851 tep->te_state));
2852 /*
2853 * preallocate memory for T_ERROR_ACK
2854 */
2855 ackmp = allocb(sizeof (struct T_error_ack), BPRI_MED);
2856 if (ackmp == NULL) {
2857 tl_memrecover(wq, mp, sizeof (struct T_error_ack));
2858 return;
2859 }
2860
2861 tl_error_ack(wq, ackmp, TOUTSTATE, 0, T_SVR4_OPTMGMT_REQ);
2862 freemsg(mp);
2863 return;
2864 }
2865
2866 /*
2867 * call common option management routine from drv/ip
2868 */
2869 if (prim->type == T_SVR4_OPTMGMT_REQ) {
2870 svr4_optcom_req(wq, mp, cr, &tl_opt_obj);
2871 } else {
2872 ASSERT(prim->type == T_OPTMGMT_REQ);
2873 tpi_optcom_req(wq, mp, cr, &tl_opt_obj);
2874 }
2875 }
2876
2877 /*
2878 * Handle T_conn_req - the driver part of accept().
2879 * If TL_SET[U]CRED generate the credentials options.
2880 * If this is a socket pass through options unmodified.
2881 * For sockets generate the T_CONN_CON here instead of
2882 * waiting for the T_CONN_RES.
2883 */
2884 static void
2885 tl_conn_req(queue_t *wq, mblk_t *mp)
2886 {
2887 tl_endpt_t *tep = (tl_endpt_t *)wq->q_ptr;
2888 struct T_conn_req *creq = (struct T_conn_req *)mp->b_rptr;
2889 ssize_t msz = MBLKL(mp);
2890 t_scalar_t alen, aoff, olen, ooff, err = 0;
2891 tl_endpt_t *peer_tep = NULL;
2892 mblk_t *ackmp;
2893 mblk_t *dimp;
2894 struct T_discon_ind *di;
2895 soux_addr_t ux_addr;
2896 tl_addr_t dst;
2897
2898 ASSERT(IS_COTS(tep));
2899
2900 if (tep->te_closing) {
2901 freemsg(mp);
2902 return;
2903 }
2904
2905 /*
2906 * preallocate memory for:
2907 * 1. max of T_ERROR_ACK and T_OK_ACK
2908 * ==> known max T_ERROR_ACK
2909 * 2. max of T_DISCON_IND and T_CONN_IND
2910 */
2911 ackmp = allocb(sizeof (struct T_error_ack), BPRI_MED);
2912 if (ackmp == NULL) {
2913 tl_memrecover(wq, mp, sizeof (struct T_error_ack));
2914 return;
2915 }
2916 /*
2917 * memory committed for T_OK_ACK/T_ERROR_ACK now
2918 * will be committed for T_DISCON_IND/T_CONN_IND later
2919 */
2920
2921 if (tep->te_state != TS_IDLE) {
2922 (void) (STRLOG(TL_ID, tep->te_minor, 1,
2923 SL_TRACE | SL_ERROR,
2924 "tl_wput:T_CONN_REQ:out of state, state=%d",
2925 tep->te_state));
2926 tl_error_ack(wq, ackmp, TOUTSTATE, 0, T_CONN_REQ);
2927 freemsg(mp);
2928 return;
2929 }
2930
2931 /*
2932 * validate the message
2933 * Note: dereference fields in struct inside message only
2934 * after validating the message length.
2935 */
2936 if (msz < sizeof (struct T_conn_req)) {
2937 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
2938 "tl_conn_req:invalid message length"));
2939 tl_error_ack(wq, ackmp, TSYSERR, EINVAL, T_CONN_REQ);
2940 freemsg(mp);
2941 return;
2942 }
2943 alen = creq->DEST_length;
2944 aoff = creq->DEST_offset;
2945 olen = creq->OPT_length;
2946 ooff = creq->OPT_offset;
2947 if (olen == 0)
2948 ooff = 0;
2949
2950 if (IS_SOCKET(tep)) {
2951 if ((alen != TL_SOUX_ADDRLEN) ||
2952 (aoff < 0) ||
2953 (aoff + alen > msz) ||
2954 (alen > msz - sizeof (struct T_conn_req))) {
2955 (void) (STRLOG(TL_ID, tep->te_minor,
2956 1, SL_TRACE | SL_ERROR,
2957 "tl_conn_req: invalid socket addr"));
2958 tl_error_ack(wq, ackmp, TSYSERR, EINVAL, T_CONN_REQ);
2959 freemsg(mp);
2960 return;
2961 }
2962 bcopy(mp->b_rptr + aoff, &ux_addr, TL_SOUX_ADDRLEN);
2963 if ((ux_addr.soua_magic != SOU_MAGIC_IMPLICIT) &&
2964 (ux_addr.soua_magic != SOU_MAGIC_EXPLICIT)) {
2965 (void) (STRLOG(TL_ID, tep->te_minor,
2966 1, SL_TRACE | SL_ERROR,
2967 "tl_conn_req: invalid socket magic"));
2968 tl_error_ack(wq, ackmp, TSYSERR, EINVAL, T_CONN_REQ);
2969 freemsg(mp);
2970 return;
2971 }
2972 } else {
2973 if ((alen > 0 && ((aoff + alen) > msz || aoff + alen < 0)) ||
2974 (olen > 0 && ((ssize_t)(ooff + olen) > msz ||
2975 ooff + olen < 0)) ||
2976 olen < 0 || ooff < 0) {
2977 (void) (STRLOG(TL_ID, tep->te_minor, 1,
2978 SL_TRACE | SL_ERROR,
2979 "tl_conn_req:invalid message"));
2980 tl_error_ack(wq, ackmp, TSYSERR, EINVAL, T_CONN_REQ);
2981 freemsg(mp);
2982 return;
2983 }
2984
2985 if (alen <= 0 || aoff < 0 ||
2986 (ssize_t)alen > msz - sizeof (struct T_conn_req)) {
2987 (void) (STRLOG(TL_ID, tep->te_minor, 1,
2988 SL_TRACE | SL_ERROR,
2989 "tl_conn_req:bad addr in message, "
2990 "alen=%d, msz=%ld",
2991 alen, msz));
2992 tl_error_ack(wq, ackmp, TBADADDR, 0, T_CONN_REQ);
2993 freemsg(mp);
2994 return;
2995 }
2996 #ifdef DEBUG
2997 /*
2998 * Mild form of ASSERT()ion to detect broken TPI apps.
2999 * if (!assertion)
3000 * log warning;
3001 */
3002 if (!(aoff >= (t_scalar_t)sizeof (struct T_conn_req))) {
3003 (void) (STRLOG(TL_ID, tep->te_minor, 3,
3004 SL_TRACE | SL_ERROR,
3005 "tl_conn_req: addr overlaps TPI message"));
3006 }
3007 #endif
3008 if (olen) {
3009 /*
3010 * no opts in connect req
3011 * supported in this provider except for sockets.
3012 */
3013 (void) (STRLOG(TL_ID, tep->te_minor, 1,
3014 SL_TRACE | SL_ERROR,
3015 "tl_conn_req:options not supported "
3016 "in message"));
3017 tl_error_ack(wq, ackmp, TBADOPT, 0, T_CONN_REQ);
3018 freemsg(mp);
3019 return;
3020 }
3021 }
3022
3023 /*
3024 * Prevent tep from closing on us.
3025 */
3026 if (!tl_noclose(tep)) {
3027 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
3028 "tl_conn_req:endpoint is closing"));
3029 tl_error_ack(wq, ackmp, TOUTSTATE, 0, T_CONN_REQ);
3030 freemsg(mp);
3031 return;
3032 }
3033
3034 tep->te_state = nextstate[TE_CONN_REQ][tep->te_state];
3035 /*
3036 * get endpoint to connect to
3037 * check that peer with DEST addr is bound to addr
3038 * and has CONIND_number > 0
3039 */
3040 dst.ta_alen = alen;
3041 dst.ta_abuf = mp->b_rptr + aoff;
3042 dst.ta_zoneid = tep->te_zoneid;
3043
3044 /*
3045 * Verify if remote addr is in use
3046 */
3047 peer_tep = (IS_SOCKET(tep) ?
3048 tl_sock_find_peer(tep, &ux_addr) :
3049 tl_find_peer(tep, &dst));
3050
3051 if (peer_tep == NULL) {
3052 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
3053 "tl_conn_req:no one at connect address"));
3054 err = ECONNREFUSED;
3055 } else if (peer_tep->te_nicon >= peer_tep->te_qlen) {
3056 /*
3057 * validate that number of incoming connection is
3058 * not to capacity on destination endpoint
3059 */
3060 (void) (STRLOG(TL_ID, tep->te_minor, 2, SL_TRACE,
3061 "tl_conn_req: qlen overflow connection refused"));
3062 err = ECONNREFUSED;
3063 }
3064
3065 /*
3066 * Send T_DISCON_IND in case of error
3067 */
3068 if (err != 0) {
3069 if (peer_tep != NULL)
3070 tl_refrele(peer_tep);
3071 /* We are still expected to send T_OK_ACK */
3072 tep->te_state = nextstate[TE_OK_ACK1][tep->te_state];
3073 tl_ok_ack(tep->te_wq, ackmp, T_CONN_REQ);
3074 tl_closeok(tep);
3075 dimp = tpi_ack_alloc(mp, sizeof (struct T_discon_ind),
3076 M_PROTO, T_DISCON_IND);
3077 if (dimp == NULL) {
3078 tl_merror(wq, NULL, ENOSR);
3079 return;
3080 }
3081 di = (struct T_discon_ind *)dimp->b_rptr;
3082 di->DISCON_reason = err;
3083 di->SEQ_number = BADSEQNUM;
3084
3085 tep->te_state = TS_IDLE;
3086 /*
3087 * send T_DISCON_IND message
3088 */
3089 putnext(tep->te_rq, dimp);
3090 return;
3091 }
3092
3093 ASSERT(IS_COTS(peer_tep));
3094
3095 /*
3096 * Found the listener. At this point processing will continue on
3097 * listener serializer. Close of the endpoint should be blocked while we
3098 * switch serializers.
3099 */
3100 tl_serializer_refhold(peer_tep->te_ser);
3101 tl_serializer_refrele(tep->te_ser);
3102 tep->te_ser = peer_tep->te_ser;
3103 ASSERT(tep->te_oconp == NULL);
3104 tep->te_oconp = peer_tep;
3105
3106 /*
3107 * It is safe to close now. Close may continue on listener serializer.
3108 */
3109 tl_closeok(tep);
3110
3111 /*
3112 * Pass ackmp to tl_conn_req_ser. Note that mp->b_cont may contain user
3113 * data, so we link mp to ackmp.
3114 */
3115 ackmp->b_cont = mp;
3116 mp = ackmp;
3117
3118 tl_refhold(tep);
3119 tl_serializer_enter(tep, tl_conn_req_ser, mp);
3120 }
3121
3122 /*
3123 * Finish T_CONN_REQ processing on listener serializer.
3124 */
3125 static void
3126 tl_conn_req_ser(mblk_t *mp, tl_endpt_t *tep)
3127 {
3128 queue_t *wq;
3129 tl_endpt_t *peer_tep = tep->te_oconp;
3130 mblk_t *confmp, *cimp, *indmp;
3131 void *opts = NULL;
3132 mblk_t *ackmp = mp;
3133 struct T_conn_req *creq = (struct T_conn_req *)mp->b_cont->b_rptr;
3134 struct T_conn_ind *ci;
3135 tl_icon_t *tip;
3136 void *addr_startp;
3137 t_scalar_t olen = creq->OPT_length;
3138 t_scalar_t ooff = creq->OPT_offset;
3139 size_t ci_msz;
3140 size_t size;
3141 cred_t *cr = NULL;
3142 pid_t cpid;
3143
3144 if (tep->te_closing) {
3145 TL_UNCONNECT(tep->te_oconp);
3146 tl_serializer_exit(tep);
3147 tl_refrele(tep);
3148 freemsg(mp);
3149 return;
3150 }
3151
3152 wq = tep->te_wq;
3153 tep->te_flag |= TL_EAGER;
3154
3155 /*
3156 * Extract preallocated ackmp from mp.
3157 */
3158 mp = mp->b_cont;
3159 ackmp->b_cont = NULL;
3160
3161 if (olen == 0)
3162 ooff = 0;
3163
3164 if (peer_tep->te_closing ||
3165 !((peer_tep->te_state == TS_IDLE) ||
3166 (peer_tep->te_state == TS_WRES_CIND))) {
3167 (void) (STRLOG(TL_ID, tep->te_minor, 2, SL_TRACE | SL_ERROR,
3168 "tl_conn_req:peer in bad state (%d)",
3169 peer_tep->te_state));
3170 TL_UNCONNECT(tep->te_oconp);
3171 tl_error_ack(wq, mp, TSYSERR, ECONNREFUSED, T_CONN_REQ);
3172 freemsg(ackmp);
3173 tl_serializer_exit(tep);
3174 tl_refrele(tep);
3175 return;
3176 }
3177
3178 /*
3179 * preallocate now for T_DISCON_IND or T_CONN_IND
3180 */
3181 /*
3182 * calculate length of T_CONN_IND message
3183 */
3184 if (peer_tep->te_flag & (TL_SETCRED | TL_SETUCRED)) {
3185 cr = msg_getcred(mp, &cpid);
3186 ASSERT(cr != NULL);
3187 if (peer_tep->te_flag & TL_SETCRED) {
3188 ooff = 0;
3189 olen = (t_scalar_t) sizeof (struct opthdr) +
3190 OPTLEN(sizeof (tl_credopt_t));
3191 /* 1 option only */
3192 } else {
3193 ooff = 0;
3194 olen = (t_scalar_t)sizeof (struct opthdr) +
3195 OPTLEN(ucredminsize(cr));
3196 /* 1 option only */
3197 }
3198 }
3199 ci_msz = sizeof (struct T_conn_ind) + tep->te_alen;
3200 ci_msz = T_ALIGN(ci_msz) + olen;
3201 size = max(ci_msz, sizeof (struct T_discon_ind));
3202
3203 /*
3204 * Save options from mp - we'll need them for T_CONN_IND.
3205 */
3206 if (ooff != 0) {
3207 opts = kmem_alloc(olen, KM_NOSLEEP);
3208 if (opts == NULL) {
3209 /*
3210 * roll back state changes
3211 */
3212 tep->te_state = TS_IDLE;
3213 tl_memrecover(wq, mp, size);
3214 freemsg(ackmp);
3215 TL_UNCONNECT(tep->te_oconp);
3216 tl_serializer_exit(tep);
3217 tl_refrele(tep);
3218 return;
3219 }
3220 /* Copy options to a temp buffer */
3221 bcopy(mp->b_rptr + ooff, opts, olen);
3222 }
3223
3224 if (IS_SOCKET(tep) && !tl_disable_early_connect) {
3225 /*
3226 * Generate a T_CONN_CON that has the identical address
3227 * (and options) as the T_CONN_REQ.
3228 * NOTE: assumes that the T_conn_req and T_conn_con structures
3229 * are isomorphic.
3230 */
3231 confmp = copyb(mp);
3232 if (confmp == NULL) {
3233 /*
3234 * roll back state changes
3235 */
3236 tep->te_state = TS_IDLE;
3237 tl_memrecover(wq, mp, mp->b_wptr - mp->b_rptr);
3238 freemsg(ackmp);
3239 if (opts != NULL)
3240 kmem_free(opts, olen);
3241 TL_UNCONNECT(tep->te_oconp);
3242 tl_serializer_exit(tep);
3243 tl_refrele(tep);
3244 return;
3245 }
3246 ((struct T_conn_con *)(confmp->b_rptr))->PRIM_type =
3247 T_CONN_CON;
3248 } else {
3249 confmp = NULL;
3250 }
3251 if ((indmp = reallocb(mp, size, 0)) == NULL) {
3252 /*
3253 * roll back state changes
3254 */
3255 tep->te_state = TS_IDLE;
3256 tl_memrecover(wq, mp, size);
3257 freemsg(ackmp);
3258 if (opts != NULL)
3259 kmem_free(opts, olen);
3260 freemsg(confmp);
3261 TL_UNCONNECT(tep->te_oconp);
3262 tl_serializer_exit(tep);
3263 tl_refrele(tep);
3264 return;
3265 }
3266
3267 tip = kmem_zalloc(sizeof (*tip), KM_NOSLEEP);
3268 if (tip == NULL) {
3269 /*
3270 * roll back state changes
3271 */
3272 tep->te_state = TS_IDLE;
3273 tl_memrecover(wq, indmp, sizeof (*tip));
3274 freemsg(ackmp);
3275 if (opts != NULL)
3276 kmem_free(opts, olen);
3277 freemsg(confmp);
3278 TL_UNCONNECT(tep->te_oconp);
3279 tl_serializer_exit(tep);
3280 tl_refrele(tep);
3281 return;
3282 }
3283 tip->ti_mp = NULL;
3284
3285 /*
3286 * memory is now committed for T_DISCON_IND/T_CONN_IND/T_CONN_CON
3287 * and tl_icon_t cell.
3288 */
3289
3290 /*
3291 * ack validity of request and send the peer credential in the ACK.
3292 */
3293 tep->te_state = nextstate[TE_OK_ACK1][tep->te_state];
3294
3295 if (peer_tep != NULL && peer_tep->te_credp != NULL &&
3296 confmp != NULL) {
3297 mblk_setcred(confmp, peer_tep->te_credp, peer_tep->te_cpid);
3298 }
3299
3300 tl_ok_ack(wq, ackmp, T_CONN_REQ);
3301
3302 /*
3303 * prepare message to send T_CONN_IND
3304 */
3305 /*
3306 * allocate the message - original data blocks retained
3307 * in the returned mblk
3308 */
3309 cimp = tl_resizemp(indmp, size);
3310 if (cimp == NULL) {
3311 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE | SL_ERROR,
3312 "tl_conn_req:con_ind:allocb failure"));
3313 tl_merror(wq, indmp, ENOMEM);
3314 TL_UNCONNECT(tep->te_oconp);
3315 tl_serializer_exit(tep);
3316 tl_refrele(tep);
3317 if (opts != NULL)
3318 kmem_free(opts, olen);
3319 freemsg(confmp);
3320 ASSERT(tip->ti_mp == NULL);
3321 kmem_free(tip, sizeof (*tip));
3322 return;
3323 }
3324
3325 DB_TYPE(cimp) = M_PROTO;
3326 ci = (struct T_conn_ind *)cimp->b_rptr;
3327 ci->PRIM_type = T_CONN_IND;
3328 ci->SRC_offset = (t_scalar_t)sizeof (struct T_conn_ind);
3329 ci->SRC_length = tep->te_alen;
3330 ci->SEQ_number = tep->te_seqno;
3331
3332 addr_startp = cimp->b_rptr + ci->SRC_offset;
3333 bcopy(tep->te_abuf, addr_startp, tep->te_alen);
3334 if (peer_tep->te_flag & (TL_SETCRED|TL_SETUCRED)) {
3335
3336 ci->OPT_offset = (t_scalar_t)T_ALIGN(ci->SRC_offset +
3337 ci->SRC_length);
3338 ci->OPT_length = olen; /* because only 1 option */
3339 tl_fill_option(cimp->b_rptr + ci->OPT_offset,
3340 cr, cpid,
3341 peer_tep->te_flag, peer_tep->te_credp);
3342 } else if (ooff != 0) {
3343 /* Copy option from T_CONN_REQ */
3344 ci->OPT_offset = (t_scalar_t)T_ALIGN(ci->SRC_offset +
3345 ci->SRC_length);
3346 ci->OPT_length = olen;
3347 ASSERT(opts != NULL);
3348 bcopy(opts, (void *)((uintptr_t)ci + ci->OPT_offset), olen);
3349 } else {
3350 ci->OPT_offset = 0;
3351 ci->OPT_length = 0;
3352 }
3353 if (opts != NULL)
3354 kmem_free(opts, olen);
3355
3356 /*
3357 * register connection request with server peer
3358 * append to list of incoming connections
3359 * increment references for both peer_tep and tep: peer_tep is placed on
3360 * te_oconp and tep is placed on listeners queue.
3361 */
3362 tip->ti_tep = tep;
3363 tip->ti_seqno = tep->te_seqno;
3364 list_insert_tail(&peer_tep->te_iconp, tip);
3365 peer_tep->te_nicon++;
3366
3367 peer_tep->te_state = nextstate[TE_CONN_IND][peer_tep->te_state];
3368 /*
3369 * send the T_CONN_IND message
3370 */
3371 putnext(peer_tep->te_rq, cimp);
3372
3373 /*
3374 * Send a T_CONN_CON message for sockets.
3375 * Disable the queues until we have reached the correct state!
3376 */
3377 if (confmp != NULL) {
3378 tep->te_state = nextstate[TE_CONN_CON][tep->te_state];
3379 noenable(wq);
3380 putnext(tep->te_rq, confmp);
3381 }
3382 /*
3383 * Now we need to increment tep reference because tep is referenced by
3384 * server list of pending connections. We also need to decrement
3385 * reference before exiting serializer. Two operations void each other
3386 * so we don't modify reference at all.
3387 */
3388 ASSERT(tep->te_refcnt >= 2);
3389 ASSERT(peer_tep->te_refcnt >= 2);
3390 tl_serializer_exit(tep);
3391 }
3392
3393
3394
3395 /*
3396 * Handle T_conn_res on listener stream. Called on listener serializer.
3397 * tl_conn_req has already generated the T_CONN_CON.
3398 * tl_conn_res is called on listener serializer.
3399 * No one accesses acceptor at this point, so it is safe to modify acceptor.
3400 * Switch eager serializer to acceptor's.
3401 *
3402 * If TL_SET[U]CRED generate the credentials options.
3403 * For sockets tl_conn_req has already generated the T_CONN_CON.
3404 */
3405 static void
3406 tl_conn_res(mblk_t *mp, tl_endpt_t *tep)
3407 {
3408 queue_t *wq;
3409 struct T_conn_res *cres = (struct T_conn_res *)mp->b_rptr;
3410 ssize_t msz = MBLKL(mp);
3411 t_scalar_t olen, ooff, err = 0;
3412 t_scalar_t prim = cres->PRIM_type;
3413 uchar_t *addr_startp;
3414 tl_endpt_t *acc_ep = NULL, *cl_ep = NULL;
3415 tl_icon_t *tip;
3416 size_t size;
3417 mblk_t *ackmp, *respmp;
3418 mblk_t *dimp, *ccmp = NULL;
3419 struct T_discon_ind *di;
3420 struct T_conn_con *cc;
3421 boolean_t client_noclose_set = B_FALSE;
3422 boolean_t switch_client_serializer = B_TRUE;
3423
3424 ASSERT(IS_COTS(tep));
3425
3426 if (tep->te_closing) {
3427 freemsg(mp);
3428 return;
3429 }
3430
3431 wq = tep->te_wq;
3432
3433 /*
3434 * preallocate memory for:
3435 * 1. max of T_ERROR_ACK and T_OK_ACK
3436 * ==> known max T_ERROR_ACK
3437 * 2. max of T_DISCON_IND and T_CONN_CON
3438 */
3439 ackmp = allocb(sizeof (struct T_error_ack), BPRI_MED);
3440 if (ackmp == NULL) {
3441 tl_memrecover(wq, mp, sizeof (struct T_error_ack));
3442 return;
3443 }
3444 /*
3445 * memory committed for T_OK_ACK/T_ERROR_ACK now
3446 * will be committed for T_DISCON_IND/T_CONN_CON later
3447 */
3448
3449
3450 ASSERT(prim == T_CONN_RES || prim == O_T_CONN_RES);
3451
3452 /*
3453 * validate state
3454 */
3455 if (tep->te_state != TS_WRES_CIND) {
3456 (void) (STRLOG(TL_ID, tep->te_minor, 1,
3457 SL_TRACE | SL_ERROR,
3458 "tl_wput:T_CONN_RES:out of state, state=%d",
3459 tep->te_state));
3460 tl_error_ack(wq, ackmp, TOUTSTATE, 0, prim);
3461 freemsg(mp);
3462 return;
3463 }
3464
3465 /*
3466 * validate the message
3467 * Note: dereference fields in struct inside message only
3468 * after validating the message length.
3469 */
3470 if (msz < sizeof (struct T_conn_res)) {
3471 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
3472 "tl_conn_res:invalid message length"));
3473 tl_error_ack(wq, ackmp, TSYSERR, EINVAL, prim);
3474 freemsg(mp);
3475 return;
3476 }
3477 olen = cres->OPT_length;
3478 ooff = cres->OPT_offset;
3479 if (((olen > 0) && ((ooff + olen) > msz))) {
3480 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
3481 "tl_conn_res:invalid message"));
3482 tl_error_ack(wq, ackmp, TSYSERR, EINVAL, prim);
3483 freemsg(mp);
3484 return;
3485 }
3486 if (olen) {
3487 /*
3488 * no opts in connect res
3489 * supported in this provider
3490 */
3491 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
3492 "tl_conn_res:options not supported in message"));
3493 tl_error_ack(wq, ackmp, TBADOPT, 0, prim);
3494 freemsg(mp);
3495 return;
3496 }
3497
3498 tep->te_state = nextstate[TE_CONN_RES][tep->te_state];
3499 ASSERT(tep->te_state == TS_WACK_CRES);
3500
3501 if (cres->SEQ_number < TL_MINOR_START &&
3502 cres->SEQ_number >= BADSEQNUM) {
3503 (void) (STRLOG(TL_ID, tep->te_minor, 2, SL_TRACE | SL_ERROR,
3504 "tl_conn_res:remote endpoint sequence number bad"));
3505 tep->te_state = nextstate[TE_ERROR_ACK][tep->te_state];
3506 tl_error_ack(wq, ackmp, TBADSEQ, 0, prim);
3507 freemsg(mp);
3508 return;
3509 }
3510
3511 /*
3512 * find accepting endpoint. Will have extra reference if found.
3513 */
3514 if (mod_hash_find_cb(tep->te_transport->tr_ai_hash,
3515 (mod_hash_key_t)(uintptr_t)cres->ACCEPTOR_id,
3516 (mod_hash_val_t *)&acc_ep, tl_find_callback) != 0) {
3517 (void) (STRLOG(TL_ID, tep->te_minor, 2, SL_TRACE | SL_ERROR,
3518 "tl_conn_res:bad accepting endpoint"));
3519 tep->te_state = nextstate[TE_ERROR_ACK][tep->te_state];
3520 tl_error_ack(wq, ackmp, TBADF, 0, prim);
3521 freemsg(mp);
3522 return;
3523 }
3524
3525 /*
3526 * Prevent acceptor from closing.
3527 */
3528 if (!tl_noclose(acc_ep)) {
3529 (void) (STRLOG(TL_ID, tep->te_minor, 2, SL_TRACE | SL_ERROR,
3530 "tl_conn_res:bad accepting endpoint"));
3531 tep->te_state = nextstate[TE_ERROR_ACK][tep->te_state];
3532 tl_error_ack(wq, ackmp, TBADF, 0, prim);
3533 tl_refrele(acc_ep);
3534 freemsg(mp);
3535 return;
3536 }
3537
3538 acc_ep->te_flag |= TL_ACCEPTOR;
3539
3540 /*
3541 * validate that accepting endpoint, if different from listening
3542 * has address bound => state is TS_IDLE
3543 * TROUBLE in XPG4 !!?
3544 */
3545 if ((tep != acc_ep) && (acc_ep->te_state != TS_IDLE)) {
3546 (void) (STRLOG(TL_ID, tep->te_minor, 2, SL_TRACE | SL_ERROR,
3547 "tl_conn_res:accepting endpoint has no address bound,"
3548 "state=%d", acc_ep->te_state));
3549 tep->te_state = nextstate[TE_ERROR_ACK][tep->te_state];
3550 tl_error_ack(wq, ackmp, TOUTSTATE, 0, prim);
3551 freemsg(mp);
3552 tl_closeok(acc_ep);
3553 tl_refrele(acc_ep);
3554 return;
3555 }
3556
3557 /*
3558 * validate if accepting endpt same as listening, then
3559 * no other incoming connection should be on the queue
3560 */
3561
3562 if ((tep == acc_ep) && (tep->te_nicon > 1)) {
3563 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE | SL_ERROR,
3564 "tl_conn_res: > 1 conn_ind on listener-acceptor"));
3565 tep->te_state = nextstate[TE_ERROR_ACK][tep->te_state];
3566 tl_error_ack(wq, ackmp, TBADF, 0, prim);
3567 freemsg(mp);
3568 tl_closeok(acc_ep);
3569 tl_refrele(acc_ep);
3570 return;
3571 }
3572
3573 /*
3574 * Mark for deletion, the entry corresponding to client
3575 * on list of pending connections made by the listener
3576 * search list to see if client is one of the
3577 * recorded as a listener.
3578 */
3579 tip = tl_icon_find(tep, cres->SEQ_number);
3580 if (tip == NULL) {
3581 (void) (STRLOG(TL_ID, tep->te_minor, 2, SL_TRACE | SL_ERROR,
3582 "tl_conn_res:no client in listener list"));
3583 tep->te_state = nextstate[TE_ERROR_ACK][tep->te_state];
3584 tl_error_ack(wq, ackmp, TBADSEQ, 0, prim);
3585 freemsg(mp);
3586 tl_closeok(acc_ep);
3587 tl_refrele(acc_ep);
3588 return;
3589 }
3590
3591 /*
3592 * If ti_tep is NULL the client has already closed. In this case
3593 * the code below will avoid any action on the client side
3594 * but complete the server and acceptor state transitions.
3595 */
3596 ASSERT(tip->ti_tep == NULL ||
3597 tip->ti_tep->te_seqno == cres->SEQ_number);
3598 cl_ep = tip->ti_tep;
3599
3600 /*
3601 * If the client is present it is switched from listener's to acceptor's
3602 * serializer. We should block client closes while serializers are
3603 * being switched.
3604 *
3605 * It is possible that the client is present but is currently being
3606 * closed. There are two possible cases:
3607 *
3608 * 1) The client has already entered tl_close_finish_ser() and sent
3609 * T_ORDREL_IND. In this case we can just ignore the client (but we
3610 * still need to send all messages from tip->ti_mp to the acceptor).
3611 *
3612 * 2) The client started the close but has not entered
3613 * tl_close_finish_ser() yet. In this case, the client is already
3614 * proceeding asynchronously on the listener's serializer, so we're
3615 * forced to change the acceptor to use the listener's serializer to
3616 * ensure that any operations on the acceptor are serialized with
3617 * respect to the close that's in-progress.
3618 */
3619 if (cl_ep != NULL) {
3620 if (tl_noclose(cl_ep)) {
3621 client_noclose_set = B_TRUE;
3622 } else {
3623 /*
3624 * Client is closing. If it it has sent the
3625 * T_ORDREL_IND, we can simply ignore it - otherwise,
3626 * we have to let let the client continue until it is
3627 * sent.
3628 *
3629 * If we do continue using the client, acceptor will
3630 * switch to client's serializer which is used by client
3631 * for its close.
3632 */
3633 tl_client_closing_when_accepting++;
3634 switch_client_serializer = B_FALSE;
3635 if (!IS_SOCKET(cl_ep) || tl_disable_early_connect ||
3636 cl_ep->te_state == -1)
3637 cl_ep = NULL;
3638 }
3639 }
3640
3641 if (cl_ep != NULL) {
3642 /*
3643 * validate client state to be TS_WCON_CREQ or TS_DATA_XFER
3644 * (latter for sockets only)
3645 */
3646 if (cl_ep->te_state != TS_WCON_CREQ &&
3647 (cl_ep->te_state != TS_DATA_XFER &&
3648 IS_SOCKET(cl_ep))) {
3649 err = ECONNREFUSED;
3650 /*
3651 * T_DISCON_IND sent later after committing memory
3652 * and acking validity of request
3653 */
3654 (void) (STRLOG(TL_ID, tep->te_minor, 2, SL_TRACE,
3655 "tl_conn_res:peer in bad state"));
3656 }
3657
3658 /*
3659 * preallocate now for T_DISCON_IND or T_CONN_CONN
3660 * ack validity of request (T_OK_ACK) after memory committed
3661 */
3662
3663 if (err) {
3664 size = sizeof (struct T_discon_ind);
3665 } else {
3666 /*
3667 * calculate length of T_CONN_CON message
3668 */
3669 olen = 0;
3670 if (cl_ep->te_flag & TL_SETCRED) {
3671 olen = (t_scalar_t)sizeof (struct opthdr) +
3672 OPTLEN(sizeof (tl_credopt_t));
3673 } else if (cl_ep->te_flag & TL_SETUCRED) {
3674 olen = (t_scalar_t)sizeof (struct opthdr) +
3675 OPTLEN(ucredminsize(acc_ep->te_credp));
3676 }
3677 size = T_ALIGN(sizeof (struct T_conn_con) +
3678 acc_ep->te_alen) + olen;
3679 }
3680 if ((respmp = reallocb(mp, size, 0)) == NULL) {
3681 /*
3682 * roll back state changes
3683 */
3684 tep->te_state = TS_WRES_CIND;
3685 tl_memrecover(wq, mp, size);
3686 freemsg(ackmp);
3687 if (client_noclose_set)
3688 tl_closeok(cl_ep);
3689 tl_closeok(acc_ep);
3690 tl_refrele(acc_ep);
3691 return;
3692 }
3693 mp = NULL;
3694 }
3695
3696 /*
3697 * Now ack validity of request
3698 */
3699 if (tep->te_nicon == 1) {
3700 if (tep == acc_ep)
3701 tep->te_state = nextstate[TE_OK_ACK2][tep->te_state];
3702 else
3703 tep->te_state = nextstate[TE_OK_ACK3][tep->te_state];
3704 } else {
3705 tep->te_state = nextstate[TE_OK_ACK4][tep->te_state];
3706 }
3707
3708 /*
3709 * send T_DISCON_IND now if client state validation failed earlier
3710 */
3711 if (err) {
3712 tl_ok_ack(wq, ackmp, prim);
3713 /*
3714 * flush the queues - why always ?
3715 */
3716 (void) putnextctl1(acc_ep->te_rq, M_FLUSH, FLUSHR);
3717
3718 dimp = tl_resizemp(respmp, size);
3719 if (dimp == NULL) {
3720 (void) (STRLOG(TL_ID, tep->te_minor, 3,
3721 SL_TRACE | SL_ERROR,
3722 "tl_conn_res:con_ind:allocb failure"));
3723 tl_merror(wq, respmp, ENOMEM);
3724 tl_closeok(acc_ep);
3725 if (client_noclose_set)
3726 tl_closeok(cl_ep);
3727 tl_refrele(acc_ep);
3728 return;
3729 }
3730 if (dimp->b_cont) {
3731 /* no user data in provider generated discon ind */
3732 freemsg(dimp->b_cont);
3733 dimp->b_cont = NULL;
3734 }
3735
3736 DB_TYPE(dimp) = M_PROTO;
3737 di = (struct T_discon_ind *)dimp->b_rptr;
3738 di->PRIM_type = T_DISCON_IND;
3739 di->DISCON_reason = err;
3740 di->SEQ_number = BADSEQNUM;
3741
3742 tep->te_state = TS_IDLE;
3743 /*
3744 * send T_DISCON_IND message
3745 */
3746 putnext(acc_ep->te_rq, dimp);
3747 if (client_noclose_set)
3748 tl_closeok(cl_ep);
3749 tl_closeok(acc_ep);
3750 tl_refrele(acc_ep);
3751 return;
3752 }
3753
3754 /*
3755 * now start connecting the accepting endpoint
3756 */
3757 if (tep != acc_ep)
3758 acc_ep->te_state = nextstate[TE_PASS_CONN][acc_ep->te_state];
3759
3760 if (cl_ep == NULL) {
3761 /*
3762 * The client has already closed. Send up any queued messages
3763 * and change the state accordingly.
3764 */
3765 tl_ok_ack(wq, ackmp, prim);
3766 tl_icon_sendmsgs(acc_ep, &tip->ti_mp);
3767
3768 /*
3769 * remove endpoint from incoming connection
3770 * delete client from list of incoming connections
3771 */
3772 tl_freetip(tep, tip);
3773 freemsg(mp);
3774 tl_closeok(acc_ep);
3775 tl_refrele(acc_ep);
3776 return;
3777 } else if (tip->ti_mp != NULL) {
3778 /*
3779 * The client could have queued a T_DISCON_IND which needs
3780 * to be sent up.
3781 * Note that t_discon_req can not operate the same as
3782 * t_data_req since it is not possible for it to putbq
3783 * the message and return -1 due to the use of qwriter.
3784 */
3785 tl_icon_sendmsgs(acc_ep, &tip->ti_mp);
3786 }
3787
3788 /*
3789 * prepare connect confirm T_CONN_CON message
3790 */
3791
3792 /*
3793 * allocate the message - original data blocks
3794 * retained in the returned mblk
3795 */
3796 if (!IS_SOCKET(cl_ep) || tl_disable_early_connect) {
3797 ccmp = tl_resizemp(respmp, size);
3798 if (ccmp == NULL) {
3799 tl_ok_ack(wq, ackmp, prim);
3800 (void) (STRLOG(TL_ID, tep->te_minor, 3,
3801 SL_TRACE | SL_ERROR,
3802 "tl_conn_res:conn_con:allocb failure"));
3803 tl_merror(wq, respmp, ENOMEM);
3804 tl_closeok(acc_ep);
3805 if (client_noclose_set)
3806 tl_closeok(cl_ep);
3807 tl_refrele(acc_ep);
3808 return;
3809 }
3810
3811 DB_TYPE(ccmp) = M_PROTO;
3812 cc = (struct T_conn_con *)ccmp->b_rptr;
3813 cc->PRIM_type = T_CONN_CON;
3814 cc->RES_offset = (t_scalar_t)sizeof (struct T_conn_con);
3815 cc->RES_length = acc_ep->te_alen;
3816 addr_startp = ccmp->b_rptr + cc->RES_offset;
3817 bcopy(acc_ep->te_abuf, addr_startp, acc_ep->te_alen);
3818 if (cl_ep->te_flag & (TL_SETCRED | TL_SETUCRED)) {
3819 cc->OPT_offset = (t_scalar_t)T_ALIGN(cc->RES_offset +
3820 cc->RES_length);
3821 cc->OPT_length = olen;
3822 tl_fill_option(ccmp->b_rptr + cc->OPT_offset,
3823 acc_ep->te_credp, acc_ep->te_cpid, cl_ep->te_flag,
3824 cl_ep->te_credp);
3825 } else {
3826 cc->OPT_offset = 0;
3827 cc->OPT_length = 0;
3828 }
3829 /*
3830 * Forward the credential in the packet so it can be picked up
3831 * at the higher layers for more complete credential processing
3832 */
3833 mblk_setcred(ccmp, acc_ep->te_credp, acc_ep->te_cpid);
3834 } else {
3835 freemsg(respmp);
3836 respmp = NULL;
3837 }
3838
3839 /*
3840 * make connection linking
3841 * accepting and client endpoints
3842 * No need to increment references:
3843 * on client: it should already have one from tip->ti_tep linkage.
3844 * on acceptor is should already have one from the table lookup.
3845 *
3846 * At this point both client and acceptor can't close. Set client
3847 * serializer to acceptor's.
3848 */
3849 ASSERT(cl_ep->te_refcnt >= 2);
3850 ASSERT(acc_ep->te_refcnt >= 2);
3851 ASSERT(cl_ep->te_conp == NULL);
3852 ASSERT(acc_ep->te_conp == NULL);
3853 cl_ep->te_conp = acc_ep;
3854 acc_ep->te_conp = cl_ep;
3855 ASSERT(cl_ep->te_ser == tep->te_ser);
3856 if (switch_client_serializer) {
3857 mutex_enter(&cl_ep->te_ser_lock);
3858 if (cl_ep->te_ser_count > 0) {
3859 switch_client_serializer = B_FALSE;
3860 tl_serializer_noswitch++;
3861 } else {
3862 /*
3863 * Move client to the acceptor's serializer.
3864 */
3865 tl_serializer_refhold(acc_ep->te_ser);
3866 tl_serializer_refrele(cl_ep->te_ser);
3867 cl_ep->te_ser = acc_ep->te_ser;
3868 }
3869 mutex_exit(&cl_ep->te_ser_lock);
3870 }
3871 if (!switch_client_serializer) {
3872 /*
3873 * It is not possible to switch client to use acceptor's.
3874 * Move acceptor to client's serializer (which is the same as
3875 * listener's).
3876 */
3877 tl_serializer_refhold(cl_ep->te_ser);
3878 tl_serializer_refrele(acc_ep->te_ser);
3879 acc_ep->te_ser = cl_ep->te_ser;
3880 }
3881
3882 TL_REMOVE_PEER(cl_ep->te_oconp);
3883 TL_REMOVE_PEER(acc_ep->te_oconp);
3884
3885 /*
3886 * remove endpoint from incoming connection
3887 * delete client from list of incoming connections
3888 */
3889 tip->ti_tep = NULL;
3890 tl_freetip(tep, tip);
3891 tl_ok_ack(wq, ackmp, prim);
3892
3893 /*
3894 * data blocks already linked in reallocb()
3895 */
3896
3897 /*
3898 * link queues so that I_SENDFD will work
3899 */
3900 if (!IS_SOCKET(tep)) {
3901 acc_ep->te_wq->q_next = cl_ep->te_rq;
3902 cl_ep->te_wq->q_next = acc_ep->te_rq;
3903 }
3904
3905 /*
3906 * send T_CONN_CON up on client side unless it was already
3907 * done (for a socket). In cases any data or ordrel req has been
3908 * queued make sure that the service procedure runs.
3909 */
3910 if (IS_SOCKET(cl_ep) && !tl_disable_early_connect) {
3911 enableok(cl_ep->te_wq);
3912 TL_QENABLE(cl_ep);
3913 if (ccmp != NULL)
3914 freemsg(ccmp);
3915 } else {
3916 /*
3917 * change client state on TE_CONN_CON event
3918 */
3919 cl_ep->te_state = nextstate[TE_CONN_CON][cl_ep->te_state];
3920 putnext(cl_ep->te_rq, ccmp);
3921 }
3922
3923 /* Mark the both endpoints as accepted */
3924 cl_ep->te_flag |= TL_ACCEPTED;
3925 acc_ep->te_flag |= TL_ACCEPTED;
3926
3927 /*
3928 * Allow client and acceptor to close.
3929 */
3930 tl_closeok(acc_ep);
3931 if (client_noclose_set)
3932 tl_closeok(cl_ep);
3933 }
3934
3935
3936
3937
3938 static void
3939 tl_discon_req(mblk_t *mp, tl_endpt_t *tep)
3940 {
3941 queue_t *wq;
3942 struct T_discon_req *dr;
3943 ssize_t msz;
3944 tl_endpt_t *peer_tep = tep->te_conp;
3945 tl_endpt_t *srv_tep = tep->te_oconp;
3946 tl_icon_t *tip;
3947 size_t size;
3948 mblk_t *ackmp, *dimp, *respmp;
3949 struct T_discon_ind *di;
3950 t_scalar_t save_state, new_state;
3951
3952 if (tep->te_closing) {
3953 freemsg(mp);
3954 return;
3955 }
3956
3957 if ((peer_tep != NULL) && peer_tep->te_closing) {
3958 TL_UNCONNECT(tep->te_conp);
3959 peer_tep = NULL;
3960 }
3961 if ((srv_tep != NULL) && srv_tep->te_closing) {
3962 TL_UNCONNECT(tep->te_oconp);
3963 srv_tep = NULL;
3964 }
3965
3966 wq = tep->te_wq;
3967
3968 /*
3969 * preallocate memory for:
3970 * 1. max of T_ERROR_ACK and T_OK_ACK
3971 * ==> known max T_ERROR_ACK
3972 * 2. for T_DISCON_IND
3973 */
3974 ackmp = allocb(sizeof (struct T_error_ack), BPRI_MED);
3975 if (ackmp == NULL) {
3976 tl_memrecover(wq, mp, sizeof (struct T_error_ack));
3977 return;
3978 }
3979 /*
3980 * memory committed for T_OK_ACK/T_ERROR_ACK now
3981 * will be committed for T_DISCON_IND later
3982 */
3983
3984 dr = (struct T_discon_req *)mp->b_rptr;
3985 msz = MBLKL(mp);
3986
3987 /*
3988 * validate the state
3989 */
3990 save_state = new_state = tep->te_state;
3991 if (!(save_state >= TS_WCON_CREQ && save_state <= TS_WRES_CIND) &&
3992 !(save_state >= TS_DATA_XFER && save_state <= TS_WREQ_ORDREL)) {
3993 (void) (STRLOG(TL_ID, tep->te_minor, 1,
3994 SL_TRACE | SL_ERROR,
3995 "tl_wput:T_DISCON_REQ:out of state, state=%d",
3996 tep->te_state));
3997 tl_error_ack(wq, ackmp, TOUTSTATE, 0, T_DISCON_REQ);
3998 freemsg(mp);
3999 return;
4000 }
4001 /*
4002 * Defer committing the state change until it is determined if
4003 * the message will be queued with the tl_icon or not.
4004 */
4005 new_state = nextstate[TE_DISCON_REQ][tep->te_state];
4006
4007 /* validate the message */
4008 if (msz < sizeof (struct T_discon_req)) {
4009 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
4010 "tl_discon_req:invalid message"));
4011 tep->te_state = nextstate[TE_ERROR_ACK][new_state];
4012 tl_error_ack(wq, ackmp, TSYSERR, EINVAL, T_DISCON_REQ);
4013 freemsg(mp);
4014 return;
4015 }
4016
4017 /*
4018 * if server, then validate that client exists
4019 * by connection sequence number etc.
4020 */
4021 if (tep->te_nicon > 0) { /* server */
4022
4023 /*
4024 * search server list for disconnect client
4025 */
4026 tip = tl_icon_find(tep, dr->SEQ_number);
4027 if (tip == NULL) {
4028 (void) (STRLOG(TL_ID, tep->te_minor, 2,
4029 SL_TRACE | SL_ERROR,
4030 "tl_discon_req:no disconnect endpoint"));
4031 tep->te_state = nextstate[TE_ERROR_ACK][new_state];
4032 tl_error_ack(wq, ackmp, TBADSEQ, 0, T_DISCON_REQ);
4033 freemsg(mp);
4034 return;
4035 }
4036 /*
4037 * If ti_tep is NULL the client has already closed. In this case
4038 * the code below will avoid any action on the client side.
4039 */
4040
4041 IMPLY(tip->ti_tep != NULL,
4042 tip->ti_tep->te_seqno == dr->SEQ_number);
4043 peer_tep = tip->ti_tep;
4044 }
4045
4046 /*
4047 * preallocate now for T_DISCON_IND
4048 * ack validity of request (T_OK_ACK) after memory committed
4049 */
4050 size = sizeof (struct T_discon_ind);
4051 if ((respmp = reallocb(mp, size, 0)) == NULL) {
4052 tl_memrecover(wq, mp, size);
4053 freemsg(ackmp);
4054 return;
4055 }
4056
4057 /*
4058 * prepare message to ack validity of request
4059 */
4060 if (tep->te_nicon == 0) {
4061 new_state = nextstate[TE_OK_ACK1][new_state];
4062 } else {
4063 if (tep->te_nicon == 1)
4064 new_state = nextstate[TE_OK_ACK2][new_state];
4065 else
4066 new_state = nextstate[TE_OK_ACK4][new_state];
4067 }
4068
4069 /*
4070 * Flushing queues according to TPI. Using the old state.
4071 */
4072 if ((tep->te_nicon <= 1) &&
4073 ((save_state == TS_DATA_XFER) ||
4074 (save_state == TS_WIND_ORDREL) ||
4075 (save_state == TS_WREQ_ORDREL)))
4076 (void) putnextctl1(RD(wq), M_FLUSH, FLUSHRW);
4077
4078 /* send T_OK_ACK up */
4079 tl_ok_ack(wq, ackmp, T_DISCON_REQ);
4080
4081 /*
4082 * now do disconnect business
4083 */
4084 if (tep->te_nicon > 0) { /* listener */
4085 if (peer_tep != NULL && !peer_tep->te_closing) {
4086 /*
4087 * disconnect incoming connect request pending to tep
4088 */
4089 if ((dimp = tl_resizemp(respmp, size)) == NULL) {
4090 (void) (STRLOG(TL_ID, tep->te_minor, 2,
4091 SL_TRACE | SL_ERROR,
4092 "tl_discon_req: reallocb failed"));
4093 tep->te_state = new_state;
4094 tl_merror(wq, respmp, ENOMEM);
4095 return;
4096 }
4097 di = (struct T_discon_ind *)dimp->b_rptr;
4098 di->SEQ_number = BADSEQNUM;
4099 save_state = peer_tep->te_state;
4100 peer_tep->te_state = TS_IDLE;
4101
4102 TL_REMOVE_PEER(peer_tep->te_oconp);
4103 enableok(peer_tep->te_wq);
4104 TL_QENABLE(peer_tep);
4105 } else {
4106 freemsg(respmp);
4107 dimp = NULL;
4108 }
4109
4110 /*
4111 * remove endpoint from incoming connection list
4112 * - remove disconnect client from list on server
4113 */
4114 tl_freetip(tep, tip);
4115 } else if ((peer_tep = tep->te_oconp) != NULL) { /* client */
4116 /*
4117 * disconnect an outgoing request pending from tep
4118 */
4119
4120 if ((dimp = tl_resizemp(respmp, size)) == NULL) {
4121 (void) (STRLOG(TL_ID, tep->te_minor, 2,
4122 SL_TRACE | SL_ERROR,
4123 "tl_discon_req: reallocb failed"));
4124 tep->te_state = new_state;
4125 tl_merror(wq, respmp, ENOMEM);
4126 return;
4127 }
4128 di = (struct T_discon_ind *)dimp->b_rptr;
4129 DB_TYPE(dimp) = M_PROTO;
4130 di->PRIM_type = T_DISCON_IND;
4131 di->DISCON_reason = ECONNRESET;
4132 di->SEQ_number = tep->te_seqno;
4133
4134 /*
4135 * If this is a socket the T_DISCON_IND is queued with
4136 * the T_CONN_IND. Otherwise the T_CONN_IND is removed
4137 * from the list of pending connections.
4138 * Note that when te_oconp is set the peer better have
4139 * a t_connind_t for the client.
4140 */
4141 if (IS_SOCKET(tep) && !tl_disable_early_connect) {
4142 /*
4143 * No need to check that
4144 * ti_tep == NULL since the T_DISCON_IND
4145 * takes precedence over other queued
4146 * messages.
4147 */
4148 tl_icon_queuemsg(peer_tep, tep->te_seqno, dimp);
4149 peer_tep = NULL;
4150 dimp = NULL;
4151 /*
4152 * Can't clear te_oconp since tl_co_unconnect needs
4153 * it as a hint not to free the tep.
4154 * Keep the state unchanged since tl_conn_res inspects
4155 * it.
4156 */
4157 new_state = tep->te_state;
4158 } else {
4159 /* Found - delete it */
4160 tip = tl_icon_find(peer_tep, tep->te_seqno);
4161 if (tip != NULL) {
4162 ASSERT(tep == tip->ti_tep);
4163 save_state = peer_tep->te_state;
4164 if (peer_tep->te_nicon == 1)
4165 peer_tep->te_state =
4166 nextstate[TE_DISCON_IND2]
4167 [peer_tep->te_state];
4168 else
4169 peer_tep->te_state =
4170 nextstate[TE_DISCON_IND3]
4171 [peer_tep->te_state];
4172 tl_freetip(peer_tep, tip);
4173 }
4174 ASSERT(tep->te_oconp != NULL);
4175 TL_UNCONNECT(tep->te_oconp);
4176 }
4177 } else if ((peer_tep = tep->te_conp) != NULL) { /* connected! */
4178 if ((dimp = tl_resizemp(respmp, size)) == NULL) {
4179 (void) (STRLOG(TL_ID, tep->te_minor, 2,
4180 SL_TRACE | SL_ERROR,
4181 "tl_discon_req: reallocb failed"));
4182 tep->te_state = new_state;
4183 tl_merror(wq, respmp, ENOMEM);
4184 return;
4185 }
4186 di = (struct T_discon_ind *)dimp->b_rptr;
4187 di->SEQ_number = BADSEQNUM;
4188
4189 save_state = peer_tep->te_state;
4190 peer_tep->te_state = TS_IDLE;
4191 } else {
4192 /* Not connected */
4193 tep->te_state = new_state;
4194 freemsg(respmp);
4195 return;
4196 }
4197
4198 /* Commit state changes */
4199 tep->te_state = new_state;
4200
4201 if (peer_tep == NULL) {
4202 ASSERT(dimp == NULL);
4203 goto done;
4204 }
4205 /*
4206 * Flush queues on peer before sending up
4207 * T_DISCON_IND according to TPI
4208 */
4209
4210 if ((save_state == TS_DATA_XFER) ||
4211 (save_state == TS_WIND_ORDREL) ||
4212 (save_state == TS_WREQ_ORDREL))
4213 (void) putnextctl1(peer_tep->te_rq, M_FLUSH, FLUSHRW);
4214
4215 DB_TYPE(dimp) = M_PROTO;
4216 di->PRIM_type = T_DISCON_IND;
4217 di->DISCON_reason = ECONNRESET;
4218
4219 /*
4220 * data blocks already linked into dimp by reallocb()
4221 */
4222 /*
4223 * send indication message to peer user module
4224 */
4225 ASSERT(dimp != NULL);
4226 putnext(peer_tep->te_rq, dimp);
4227 done:
4228 if (tep->te_conp) { /* disconnect pointers if connected */
4229 ASSERT(!peer_tep->te_closing);
4230
4231 /*
4232 * Messages may be queued on peer's write queue
4233 * waiting to be processed by its write service
4234 * procedure. Before the pointer to the peer transport
4235 * structure is set to NULL, qenable the peer's write
4236 * queue so that the queued up messages are processed.
4237 */
4238 if ((save_state == TS_DATA_XFER) ||
4239 (save_state == TS_WIND_ORDREL) ||
4240 (save_state == TS_WREQ_ORDREL))
4241 TL_QENABLE(peer_tep);
4242 ASSERT(peer_tep != NULL && peer_tep->te_conp != NULL);
4243 TL_UNCONNECT(peer_tep->te_conp);
4244 if (!IS_SOCKET(tep)) {
4245 /*
4246 * unlink the streams
4247 */
4248 tep->te_wq->q_next = NULL;
4249 peer_tep->te_wq->q_next = NULL;
4250 }
4251 TL_UNCONNECT(tep->te_conp);
4252 }
4253 }
4254
4255 static void
4256 tl_addr_req_ser(mblk_t *mp, tl_endpt_t *tep)
4257 {
4258 if (!tep->te_closing)
4259 tl_addr_req(mp, tep);
4260 else
4261 freemsg(mp);
4262
4263 tl_serializer_exit(tep);
4264 tl_refrele(tep);
4265 }
4266
4267 static void
4268 tl_addr_req(mblk_t *mp, tl_endpt_t *tep)
4269 {
4270 queue_t *wq;
4271 size_t ack_sz;
4272 mblk_t *ackmp;
4273 struct T_addr_ack *taa;
4274
4275 if (tep->te_closing) {
4276 freemsg(mp);
4277 return;
4278 }
4279
4280 wq = tep->te_wq;
4281
4282 /*
4283 * Note: T_ADDR_REQ message has only PRIM_type field
4284 * so it is already validated earlier.
4285 */
4286
4287 if (IS_CLTS(tep) ||
4288 (tep->te_state > TS_WREQ_ORDREL) ||
4289 (tep->te_state < TS_DATA_XFER)) {
4290 /*
4291 * Either connectionless or connection oriented but not
4292 * in connected data transfer state or half-closed states.
4293 */
4294 ack_sz = sizeof (struct T_addr_ack);
4295 if (tep->te_state >= TS_IDLE)
4296 /* is bound */
4297 ack_sz += tep->te_alen;
4298 ackmp = reallocb(mp, ack_sz, 0);
4299 if (ackmp == NULL) {
4300 (void) (STRLOG(TL_ID, tep->te_minor, 1,
4301 SL_TRACE | SL_ERROR,
4302 "tl_addr_req: reallocb failed"));
4303 tl_memrecover(wq, mp, ack_sz);
4304 return;
4305 }
4306
4307 taa = (struct T_addr_ack *)ackmp->b_rptr;
4308
4309 bzero(taa, sizeof (struct T_addr_ack));
4310
4311 taa->PRIM_type = T_ADDR_ACK;
4312 ackmp->b_datap->db_type = M_PCPROTO;
4313 ackmp->b_wptr = (uchar_t *)&taa[1];
4314
4315 if (tep->te_state >= TS_IDLE) {
4316 /* endpoint is bound */
4317 taa->LOCADDR_length = tep->te_alen;
4318 taa->LOCADDR_offset = (t_scalar_t)sizeof (*taa);
4319
4320 bcopy(tep->te_abuf, ackmp->b_wptr,
4321 tep->te_alen);
4322 ackmp->b_wptr += tep->te_alen;
4323 ASSERT(ackmp->b_wptr <= ackmp->b_datap->db_lim);
4324 }
4325
4326 (void) qreply(wq, ackmp);
4327 } else {
4328 ASSERT(tep->te_state == TS_DATA_XFER ||
4329 tep->te_state == TS_WIND_ORDREL ||
4330 tep->te_state == TS_WREQ_ORDREL);
4331 /* connection oriented in data transfer */
4332 tl_connected_cots_addr_req(mp, tep);
4333 }
4334 }
4335
4336
4337 static void
4338 tl_connected_cots_addr_req(mblk_t *mp, tl_endpt_t *tep)
4339 {
4340 tl_endpt_t *peer_tep = tep->te_conp;
4341 size_t ack_sz;
4342 mblk_t *ackmp;
4343 struct T_addr_ack *taa;
4344 uchar_t *addr_startp;
4345
4346 if (tep->te_closing) {
4347 freemsg(mp);
4348 return;
4349 }
4350
4351 if (peer_tep == NULL || peer_tep->te_closing) {
4352 tl_error_ack(tep->te_wq, mp, TSYSERR, ECONNRESET, T_ADDR_REQ);
4353 return;
4354 }
4355
4356 ASSERT(tep->te_state >= TS_IDLE);
4357
4358 ack_sz = sizeof (struct T_addr_ack);
4359 ack_sz += T_ALIGN(tep->te_alen);
4360 ack_sz += peer_tep->te_alen;
4361
4362 ackmp = tpi_ack_alloc(mp, ack_sz, M_PCPROTO, T_ADDR_ACK);
4363 if (ackmp == NULL) {
4364 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
4365 "tl_connected_cots_addr_req: reallocb failed"));
4366 tl_memrecover(tep->te_wq, mp, ack_sz);
4367 return;
4368 }
4369
4370 taa = (struct T_addr_ack *)ackmp->b_rptr;
4371
4372 /* endpoint is bound */
4373 taa->LOCADDR_length = tep->te_alen;
4374 taa->LOCADDR_offset = (t_scalar_t)sizeof (*taa);
4375
4376 addr_startp = (uchar_t *)&taa[1];
4377
4378 bcopy(tep->te_abuf, addr_startp,
4379 tep->te_alen);
4380
4381 taa->REMADDR_length = peer_tep->te_alen;
4382 taa->REMADDR_offset = (t_scalar_t)T_ALIGN(taa->LOCADDR_offset +
4383 taa->LOCADDR_length);
4384 addr_startp = ackmp->b_rptr + taa->REMADDR_offset;
4385 bcopy(peer_tep->te_abuf, addr_startp,
4386 peer_tep->te_alen);
4387 ackmp->b_wptr = (uchar_t *)ackmp->b_rptr +
4388 taa->REMADDR_offset + peer_tep->te_alen;
4389 ASSERT(ackmp->b_wptr <= ackmp->b_datap->db_lim);
4390
4391 putnext(tep->te_rq, ackmp);
4392 }
4393
4394 static void
4395 tl_copy_info(struct T_info_ack *ia, tl_endpt_t *tep)
4396 {
4397 if (IS_CLTS(tep)) {
4398 *ia = tl_clts_info_ack;
4399 ia->TSDU_size = tl_tidusz; /* TSDU and TIDU size are same */
4400 } else {
4401 *ia = tl_cots_info_ack;
4402 if (IS_COTSORD(tep))
4403 ia->SERV_type = T_COTS_ORD;
4404 }
4405 ia->TIDU_size = tl_tidusz;
4406 ia->CURRENT_state = tep->te_state;
4407 }
4408
4409 /*
4410 * This routine responds to T_CAPABILITY_REQ messages. It is called by
4411 * tl_wput.
4412 */
4413 static void
4414 tl_capability_req(mblk_t *mp, tl_endpt_t *tep)
4415 {
4416 mblk_t *ackmp;
4417 t_uscalar_t cap_bits1;
4418 struct T_capability_ack *tcap;
4419
4420 if (tep->te_closing) {
4421 freemsg(mp);
4422 return;
4423 }
4424
4425 cap_bits1 = ((struct T_capability_req *)mp->b_rptr)->CAP_bits1;
4426
4427 ackmp = tpi_ack_alloc(mp, sizeof (struct T_capability_ack),
4428 M_PCPROTO, T_CAPABILITY_ACK);
4429 if (ackmp == NULL) {
4430 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
4431 "tl_capability_req: reallocb failed"));
4432 tl_memrecover(tep->te_wq, mp,
4433 sizeof (struct T_capability_ack));
4434 return;
4435 }
4436
4437 tcap = (struct T_capability_ack *)ackmp->b_rptr;
4438 tcap->CAP_bits1 = 0;
4439
4440 if (cap_bits1 & TC1_INFO) {
4441 tl_copy_info(&tcap->INFO_ack, tep);
4442 tcap->CAP_bits1 |= TC1_INFO;
4443 }
4444
4445 if (cap_bits1 & TC1_ACCEPTOR_ID) {
4446 tcap->ACCEPTOR_id = tep->te_acceptor_id;
4447 tcap->CAP_bits1 |= TC1_ACCEPTOR_ID;
4448 }
4449
4450 putnext(tep->te_rq, ackmp);
4451 }
4452
4453 static void
4454 tl_info_req_ser(mblk_t *mp, tl_endpt_t *tep)
4455 {
4456 if (!tep->te_closing)
4457 tl_info_req(mp, tep);
4458 else
4459 freemsg(mp);
4460
4461 tl_serializer_exit(tep);
4462 tl_refrele(tep);
4463 }
4464
4465 static void
4466 tl_info_req(mblk_t *mp, tl_endpt_t *tep)
4467 {
4468 mblk_t *ackmp;
4469
4470 ackmp = tpi_ack_alloc(mp, sizeof (struct T_info_ack),
4471 M_PCPROTO, T_INFO_ACK);
4472 if (ackmp == NULL) {
4473 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
4474 "tl_info_req: reallocb failed"));
4475 tl_memrecover(tep->te_wq, mp, sizeof (struct T_info_ack));
4476 return;
4477 }
4478
4479 /*
4480 * fill in T_INFO_ACK contents
4481 */
4482 tl_copy_info((struct T_info_ack *)ackmp->b_rptr, tep);
4483
4484 /*
4485 * send ack message
4486 */
4487 putnext(tep->te_rq, ackmp);
4488 }
4489
4490 /*
4491 * Handle M_DATA, T_data_req and T_optdata_req.
4492 * If this is a socket pass through T_optdata_req options unmodified.
4493 */
4494 static void
4495 tl_data(mblk_t *mp, tl_endpt_t *tep)
4496 {
4497 queue_t *wq = tep->te_wq;
4498 union T_primitives *prim = (union T_primitives *)mp->b_rptr;
4499 ssize_t msz = MBLKL(mp);
4500 tl_endpt_t *peer_tep;
4501 queue_t *peer_rq;
4502 boolean_t closing = tep->te_closing;
4503
4504 if (IS_CLTS(tep)) {
4505 (void) (STRLOG(TL_ID, tep->te_minor, 2,
4506 SL_TRACE | SL_ERROR,
4507 "tl_wput:clts:unattached M_DATA"));
4508 if (!closing) {
4509 tl_merror(wq, mp, EPROTO);
4510 } else {
4511 freemsg(mp);
4512 }
4513 return;
4514 }
4515
4516 /*
4517 * If the endpoint is closing it should still forward any data to the
4518 * peer (if it has one). If it is not allowed to forward it can just
4519 * free the message.
4520 */
4521 if (closing &&
4522 (tep->te_state != TS_DATA_XFER) &&
4523 (tep->te_state != TS_WREQ_ORDREL)) {
4524 freemsg(mp);
4525 return;
4526 }
4527
4528 if (DB_TYPE(mp) == M_PROTO) {
4529 if (prim->type == T_DATA_REQ &&
4530 msz < sizeof (struct T_data_req)) {
4531 (void) (STRLOG(TL_ID, tep->te_minor, 1,
4532 SL_TRACE | SL_ERROR,
4533 "tl_data:T_DATA_REQ:invalid message"));
4534 if (!closing) {
4535 tl_merror(wq, mp, EPROTO);
4536 } else {
4537 freemsg(mp);
4538 }
4539 return;
4540 } else if (prim->type == T_OPTDATA_REQ &&
4541 (msz < sizeof (struct T_optdata_req) || !IS_SOCKET(tep))) {
4542 (void) (STRLOG(TL_ID, tep->te_minor, 1,
4543 SL_TRACE | SL_ERROR,
4544 "tl_data:T_OPTDATA_REQ:invalid message"));
4545 if (!closing) {
4546 tl_merror(wq, mp, EPROTO);
4547 } else {
4548 freemsg(mp);
4549 }
4550 return;
4551 }
4552 }
4553
4554 /*
4555 * connection oriented provider
4556 */
4557 switch (tep->te_state) {
4558 case TS_IDLE:
4559 /*
4560 * Other end not here - do nothing.
4561 */
4562 freemsg(mp);
4563 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE | SL_ERROR,
4564 "tl_data:cots with endpoint idle"));
4565 return;
4566
4567 case TS_DATA_XFER:
4568 /* valid states */
4569 if (tep->te_conp != NULL)
4570 break;
4571
4572 if (tep->te_oconp == NULL) {
4573 if (!closing) {
4574 tl_merror(wq, mp, EPROTO);
4575 } else {
4576 freemsg(mp);
4577 }
4578 return;
4579 }
4580 /*
4581 * For a socket the T_CONN_CON is sent early thus
4582 * the peer might not yet have accepted the connection.
4583 * If we are closing queue the packet with the T_CONN_IND.
4584 * Otherwise defer processing the packet until the peer
4585 * accepts the connection.
4586 * Note that the queue is noenabled when we go into this
4587 * state.
4588 */
4589 if (!closing) {
4590 (void) (STRLOG(TL_ID, tep->te_minor, 1,
4591 SL_TRACE | SL_ERROR,
4592 "tl_data: ocon"));
4593 TL_PUTBQ(tep, mp);
4594 return;
4595 }
4596 if (DB_TYPE(mp) == M_PROTO) {
4597 if (msz < sizeof (t_scalar_t)) {
4598 freemsg(mp);
4599 return;
4600 }
4601 /* reuse message block - just change REQ to IND */
4602 if (prim->type == T_DATA_REQ)
4603 prim->type = T_DATA_IND;
4604 else
4605 prim->type = T_OPTDATA_IND;
4606 }
4607 tl_icon_queuemsg(tep->te_oconp, tep->te_seqno, mp);
4608 return;
4609
4610 case TS_WREQ_ORDREL:
4611 if (tep->te_conp == NULL) {
4612 /*
4613 * Other end closed - generate discon_ind
4614 * with reason 0 to cause an EPIPE but no
4615 * read side error on AF_UNIX sockets.
4616 */
4617 freemsg(mp);
4618 (void) (STRLOG(TL_ID, tep->te_minor, 3,
4619 SL_TRACE | SL_ERROR,
4620 "tl_data: WREQ_ORDREL and no peer"));
4621 tl_discon_ind(tep, 0);
4622 return;
4623 }
4624 break;
4625
4626 default:
4627 /* invalid state for event TE_DATA_REQ */
4628 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
4629 "tl_data:cots:out of state"));
4630 tl_merror(wq, mp, EPROTO);
4631 return;
4632 }
4633 /*
4634 * tep->te_state = nextstate[TE_DATA_REQ][tep->te_state];
4635 * (State stays same on this event)
4636 */
4637
4638 /*
4639 * get connected endpoint
4640 */
4641 if (((peer_tep = tep->te_conp) == NULL) || peer_tep->te_closing) {
4642 freemsg(mp);
4643 /* Peer closed */
4644 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE,
4645 "tl_data: peer gone"));
4646 return;
4647 }
4648
4649 ASSERT(tep->te_serializer == peer_tep->te_serializer);
4650 peer_rq = peer_tep->te_rq;
4651
4652 /*
4653 * Put it back if flow controlled
4654 * Note: Messages already on queue when we are closing is bounded
4655 * so we can ignore flow control.
4656 */
4657 if (!canputnext(peer_rq) && !closing) {
4658 TL_PUTBQ(tep, mp);
4659 return;
4660 }
4661
4662 /*
4663 * validate peer state
4664 */
4665 switch (peer_tep->te_state) {
4666 case TS_DATA_XFER:
4667 case TS_WIND_ORDREL:
4668 /* valid states */
4669 break;
4670 default:
4671 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
4672 "tl_data:rx side:invalid state"));
4673 tl_merror(peer_tep->te_wq, mp, EPROTO);
4674 return;
4675 }
4676 if (DB_TYPE(mp) == M_PROTO) {
4677 /* reuse message block - just change REQ to IND */
4678 if (prim->type == T_DATA_REQ)
4679 prim->type = T_DATA_IND;
4680 else
4681 prim->type = T_OPTDATA_IND;
4682 }
4683 /*
4684 * peer_tep->te_state = nextstate[TE_DATA_IND][peer_tep->te_state];
4685 * (peer state stays same on this event)
4686 */
4687 /*
4688 * send data to connected peer
4689 */
4690 putnext(peer_rq, mp);
4691 }
4692
4693
4694
4695 static void
4696 tl_exdata(mblk_t *mp, tl_endpt_t *tep)
4697 {
4698 queue_t *wq = tep->te_wq;
4699 union T_primitives *prim = (union T_primitives *)mp->b_rptr;
4700 ssize_t msz = MBLKL(mp);
4701 tl_endpt_t *peer_tep;
4702 queue_t *peer_rq;
4703 boolean_t closing = tep->te_closing;
4704
4705 if (msz < sizeof (struct T_exdata_req)) {
4706 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
4707 "tl_exdata:invalid message"));
4708 if (!closing) {
4709 tl_merror(wq, mp, EPROTO);
4710 } else {
4711 freemsg(mp);
4712 }
4713 return;
4714 }
4715
4716 /*
4717 * If the endpoint is closing it should still forward any data to the
4718 * peer (if it has one). If it is not allowed to forward it can just
4719 * free the message.
4720 */
4721 if (closing &&
4722 (tep->te_state != TS_DATA_XFER) &&
4723 (tep->te_state != TS_WREQ_ORDREL)) {
4724 freemsg(mp);
4725 return;
4726 }
4727
4728 /*
4729 * validate state
4730 */
4731 switch (tep->te_state) {
4732 case TS_IDLE:
4733 /*
4734 * Other end not here - do nothing.
4735 */
4736 freemsg(mp);
4737 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE | SL_ERROR,
4738 "tl_exdata:cots with endpoint idle"));
4739 return;
4740
4741 case TS_DATA_XFER:
4742 /* valid states */
4743 if (tep->te_conp != NULL)
4744 break;
4745
4746 if (tep->te_oconp == NULL) {
4747 if (!closing) {
4748 tl_merror(wq, mp, EPROTO);
4749 } else {
4750 freemsg(mp);
4751 }
4752 return;
4753 }
4754 /*
4755 * For a socket the T_CONN_CON is sent early thus
4756 * the peer might not yet have accepted the connection.
4757 * If we are closing queue the packet with the T_CONN_IND.
4758 * Otherwise defer processing the packet until the peer
4759 * accepts the connection.
4760 * Note that the queue is noenabled when we go into this
4761 * state.
4762 */
4763 if (!closing) {
4764 (void) (STRLOG(TL_ID, tep->te_minor, 1,
4765 SL_TRACE | SL_ERROR,
4766 "tl_exdata: ocon"));
4767 TL_PUTBQ(tep, mp);
4768 return;
4769 }
4770 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
4771 "tl_exdata: closing socket ocon"));
4772 prim->type = T_EXDATA_IND;
4773 tl_icon_queuemsg(tep->te_oconp, tep->te_seqno, mp);
4774 return;
4775
4776 case TS_WREQ_ORDREL:
4777 if (tep->te_conp == NULL) {
4778 /*
4779 * Other end closed - generate discon_ind
4780 * with reason 0 to cause an EPIPE but no
4781 * read side error on AF_UNIX sockets.
4782 */
4783 freemsg(mp);
4784 (void) (STRLOG(TL_ID, tep->te_minor, 3,
4785 SL_TRACE | SL_ERROR,
4786 "tl_exdata: WREQ_ORDREL and no peer"));
4787 tl_discon_ind(tep, 0);
4788 return;
4789 }
4790 break;
4791
4792 default:
4793 (void) (STRLOG(TL_ID, tep->te_minor, 1,
4794 SL_TRACE | SL_ERROR,
4795 "tl_wput:T_EXDATA_REQ:out of state, state=%d",
4796 tep->te_state));
4797 tl_merror(wq, mp, EPROTO);
4798 return;
4799 }
4800 /*
4801 * tep->te_state = nextstate[TE_EXDATA_REQ][tep->te_state];
4802 * (state stays same on this event)
4803 */
4804
4805 /*
4806 * get connected endpoint
4807 */
4808 if (((peer_tep = tep->te_conp) == NULL) || peer_tep->te_closing) {
4809 freemsg(mp);
4810 /* Peer closed */
4811 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE,
4812 "tl_exdata: peer gone"));
4813 return;
4814 }
4815
4816 peer_rq = peer_tep->te_rq;
4817
4818 /*
4819 * Put it back if flow controlled
4820 * Note: Messages already on queue when we are closing is bounded
4821 * so we can ignore flow control.
4822 */
4823 if (!canputnext(peer_rq) && !closing) {
4824 TL_PUTBQ(tep, mp);
4825 return;
4826 }
4827
4828 /*
4829 * validate state on peer
4830 */
4831 switch (peer_tep->te_state) {
4832 case TS_DATA_XFER:
4833 case TS_WIND_ORDREL:
4834 /* valid states */
4835 break;
4836 default:
4837 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
4838 "tl_exdata:rx side:invalid state"));
4839 tl_merror(peer_tep->te_wq, mp, EPROTO);
4840 return;
4841 }
4842 /*
4843 * peer_tep->te_state = nextstate[TE_DATA_IND][peer_tep->te_state];
4844 * (peer state stays same on this event)
4845 */
4846 /*
4847 * reuse message block
4848 */
4849 prim->type = T_EXDATA_IND;
4850
4851 /*
4852 * send data to connected peer
4853 */
4854 putnext(peer_rq, mp);
4855 }
4856
4857
4858
4859 static void
4860 tl_ordrel(mblk_t *mp, tl_endpt_t *tep)
4861 {
4862 queue_t *wq = tep->te_wq;
4863 union T_primitives *prim = (union T_primitives *)mp->b_rptr;
4864 ssize_t msz = MBLKL(mp);
4865 tl_endpt_t *peer_tep;
4866 queue_t *peer_rq;
4867 boolean_t closing = tep->te_closing;
4868
4869 if (msz < sizeof (struct T_ordrel_req)) {
4870 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
4871 "tl_ordrel:invalid message"));
4872 if (!closing) {
4873 tl_merror(wq, mp, EPROTO);
4874 } else {
4875 freemsg(mp);
4876 }
4877 return;
4878 }
4879
4880 /*
4881 * validate state
4882 */
4883 switch (tep->te_state) {
4884 case TS_DATA_XFER:
4885 case TS_WREQ_ORDREL:
4886 /* valid states */
4887 if (tep->te_conp != NULL)
4888 break;
4889
4890 if (tep->te_oconp == NULL)
4891 break;
4892
4893 /*
4894 * For a socket the T_CONN_CON is sent early thus
4895 * the peer might not yet have accepted the connection.
4896 * If we are closing queue the packet with the T_CONN_IND.
4897 * Otherwise defer processing the packet until the peer
4898 * accepts the connection.
4899 * Note that the queue is noenabled when we go into this
4900 * state.
4901 */
4902 if (!closing) {
4903 (void) (STRLOG(TL_ID, tep->te_minor, 1,
4904 SL_TRACE | SL_ERROR,
4905 "tl_ordlrel: ocon"));
4906 TL_PUTBQ(tep, mp);
4907 return;
4908 }
4909 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
4910 "tl_ordlrel: closing socket ocon"));
4911 prim->type = T_ORDREL_IND;
4912 (void) tl_icon_queuemsg(tep->te_oconp, tep->te_seqno, mp);
4913 return;
4914
4915 default:
4916 (void) (STRLOG(TL_ID, tep->te_minor, 1,
4917 SL_TRACE | SL_ERROR,
4918 "tl_wput:T_ORDREL_REQ:out of state, state=%d",
4919 tep->te_state));
4920 if (!closing) {
4921 tl_merror(wq, mp, EPROTO);
4922 } else {
4923 freemsg(mp);
4924 }
4925 return;
4926 }
4927 tep->te_state = nextstate[TE_ORDREL_REQ][tep->te_state];
4928
4929 /*
4930 * get connected endpoint
4931 */
4932 if (((peer_tep = tep->te_conp) == NULL) || peer_tep->te_closing) {
4933 /* Peer closed */
4934 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE,
4935 "tl_ordrel: peer gone"));
4936 freemsg(mp);
4937 return;
4938 }
4939
4940 peer_rq = peer_tep->te_rq;
4941
4942 /*
4943 * Put it back if flow controlled except when we are closing.
4944 * Note: Messages already on queue when we are closing is bounded
4945 * so we can ignore flow control.
4946 */
4947 if (!canputnext(peer_rq) && !closing) {
4948 TL_PUTBQ(tep, mp);
4949 return;
4950 }
4951
4952 /*
4953 * validate state on peer
4954 */
4955 switch (peer_tep->te_state) {
4956 case TS_DATA_XFER:
4957 case TS_WIND_ORDREL:
4958 /* valid states */
4959 break;
4960 default:
4961 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
4962 "tl_ordrel:rx side:invalid state"));
4963 tl_merror(peer_tep->te_wq, mp, EPROTO);
4964 return;
4965 }
4966 peer_tep->te_state = nextstate[TE_ORDREL_IND][peer_tep->te_state];
4967
4968 /*
4969 * reuse message block
4970 */
4971 prim->type = T_ORDREL_IND;
4972 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE,
4973 "tl_ordrel: send ordrel_ind"));
4974
4975 /*
4976 * send data to connected peer
4977 */
4978 putnext(peer_rq, mp);
4979 }
4980
4981
4982 /*
4983 * Send T_UDERROR_IND. The error should be from the <sys/errno.h> space.
4984 */
4985 static void
4986 tl_uderr(queue_t *wq, mblk_t *mp, t_scalar_t err)
4987 {
4988 size_t err_sz;
4989 tl_endpt_t *tep;
4990 struct T_unitdata_req *udreq;
4991 mblk_t *err_mp;
4992 t_scalar_t alen;
4993 t_scalar_t olen;
4994 struct T_uderror_ind *uderr;
4995 uchar_t *addr_startp;
4996
4997 err_sz = sizeof (struct T_uderror_ind);
4998 tep = (tl_endpt_t *)wq->q_ptr;
4999 udreq = (struct T_unitdata_req *)mp->b_rptr;
5000 alen = udreq->DEST_length;
5001 olen = udreq->OPT_length;
5002
5003 if (alen > 0)
5004 err_sz = T_ALIGN(err_sz + alen);
5005 if (olen > 0)
5006 err_sz += olen;
5007
5008 err_mp = allocb(err_sz, BPRI_MED);
5009 if (err_mp == NULL) {
5010 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE | SL_ERROR,
5011 "tl_uderr:allocb failure"));
5012 /*
5013 * Note: no rollback of state needed as it does
5014 * not change in connectionless transport
5015 */
5016 tl_memrecover(wq, mp, err_sz);
5017 return;
5018 }
5019
5020 DB_TYPE(err_mp) = M_PROTO;
5021 err_mp->b_wptr = err_mp->b_rptr + err_sz;
5022 uderr = (struct T_uderror_ind *)err_mp->b_rptr;
5023 uderr->PRIM_type = T_UDERROR_IND;
5024 uderr->ERROR_type = err;
5025 uderr->DEST_length = alen;
5026 uderr->OPT_length = olen;
5027 if (alen <= 0) {
5028 uderr->DEST_offset = 0;
5029 } else {
5030 uderr->DEST_offset =
5031 (t_scalar_t)sizeof (struct T_uderror_ind);
5032 addr_startp = mp->b_rptr + udreq->DEST_offset;
5033 bcopy(addr_startp, err_mp->b_rptr + uderr->DEST_offset,
5034 (size_t)alen);
5035 }
5036 if (olen <= 0) {
5037 uderr->OPT_offset = 0;
5038 } else {
5039 uderr->OPT_offset =
5040 (t_scalar_t)T_ALIGN(sizeof (struct T_uderror_ind) +
5041 uderr->DEST_length);
5042 addr_startp = mp->b_rptr + udreq->OPT_offset;
5043 bcopy(addr_startp, err_mp->b_rptr+uderr->OPT_offset,
5044 (size_t)olen);
5045 }
5046 freemsg(mp);
5047
5048 /*
5049 * send indication message
5050 */
5051 tep->te_state = nextstate[TE_UDERROR_IND][tep->te_state];
5052
5053 qreply(wq, err_mp);
5054 }
5055
5056 static void
5057 tl_unitdata_ser(mblk_t *mp, tl_endpt_t *tep)
5058 {
5059 queue_t *wq = tep->te_wq;
5060
5061 if (!tep->te_closing && (wq->q_first != NULL)) {
5062 TL_PUTQ(tep, mp);
5063 } else {
5064 if (tep->te_rq != NULL)
5065 tl_unitdata(mp, tep);
5066 else
5067 freemsg(mp);
5068 }
5069
5070 tl_serializer_exit(tep);
5071 tl_refrele(tep);
5072 }
5073
5074 /*
5075 * Handle T_unitdata_req.
5076 * If TL_SET[U]CRED or TL_SOCKUCRED generate the credentials options.
5077 * If this is a socket pass through options unmodified.
5078 */
5079 static void
5080 tl_unitdata(mblk_t *mp, tl_endpt_t *tep)
5081 {
5082 queue_t *wq = tep->te_wq;
5083 soux_addr_t ux_addr;
5084 tl_addr_t destaddr;
5085 uchar_t *addr_startp;
5086 tl_endpt_t *peer_tep;
5087 struct T_unitdata_ind *udind;
5088 struct T_unitdata_req *udreq;
5089 ssize_t msz, ui_sz, reuse_mb_sz;
5090 t_scalar_t alen, aoff, olen, ooff;
5091 t_scalar_t oldolen = 0;
5092 cred_t *cr = NULL;
5093 pid_t cpid;
5094
5095 udreq = (struct T_unitdata_req *)mp->b_rptr;
5096 msz = MBLKL(mp);
5097
5098 /*
5099 * validate the state
5100 */
5101 if (tep->te_state != TS_IDLE) {
5102 (void) (STRLOG(TL_ID, tep->te_minor, 1,
5103 SL_TRACE | SL_ERROR,
5104 "tl_wput:T_CONN_REQ:out of state"));
5105 tl_merror(wq, mp, EPROTO);
5106 return;
5107 }
5108 /*
5109 * tep->te_state = nextstate[TE_UNITDATA_REQ][tep->te_state];
5110 * (state does not change on this event)
5111 */
5112
5113 /*
5114 * validate the message
5115 * Note: dereference fields in struct inside message only
5116 * after validating the message length.
5117 */
5118 if (msz < sizeof (struct T_unitdata_req)) {
5119 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
5120 "tl_unitdata:invalid message length"));
5121 tl_merror(wq, mp, EINVAL);
5122 return;
5123 }
5124 alen = udreq->DEST_length;
5125 aoff = udreq->DEST_offset;
5126 oldolen = olen = udreq->OPT_length;
5127 ooff = udreq->OPT_offset;
5128 if (olen == 0)
5129 ooff = 0;
5130
5131 if (IS_SOCKET(tep)) {
5132 if ((alen != TL_SOUX_ADDRLEN) ||
5133 (aoff < 0) ||
5134 (aoff + alen > msz) ||
5135 (olen < 0) || (ooff < 0) ||
5136 ((olen > 0) && ((ooff + olen) > msz))) {
5137 (void) (STRLOG(TL_ID, tep->te_minor,
5138 1, SL_TRACE | SL_ERROR,
5139 "tl_unitdata_req: invalid socket addr "
5140 "(msz=%d, al=%d, ao=%d, ol=%d, oo = %d)",
5141 (int)msz, alen, aoff, olen, ooff));
5142 tl_error_ack(wq, mp, TSYSERR, EINVAL, T_UNITDATA_REQ);
5143 return;
5144 }
5145 bcopy(mp->b_rptr + aoff, &ux_addr, TL_SOUX_ADDRLEN);
5146
5147 if ((ux_addr.soua_magic != SOU_MAGIC_IMPLICIT) &&
5148 (ux_addr.soua_magic != SOU_MAGIC_EXPLICIT)) {
5149 (void) (STRLOG(TL_ID, tep->te_minor,
5150 1, SL_TRACE | SL_ERROR,
5151 "tl_conn_req: invalid socket magic"));
5152 tl_error_ack(wq, mp, TSYSERR, EINVAL, T_UNITDATA_REQ);
5153 return;
5154 }
5155 } else {
5156 if ((alen < 0) ||
5157 (aoff < 0) ||
5158 ((alen > 0) && ((aoff + alen) > msz)) ||
5159 ((ssize_t)alen > (msz - sizeof (struct T_unitdata_req))) ||
5160 ((aoff + alen) < 0) ||
5161 ((olen > 0) && ((ooff + olen) > msz)) ||
5162 (olen < 0) ||
5163 (ooff < 0) ||
5164 ((ssize_t)olen > (msz - sizeof (struct T_unitdata_req)))) {
5165 (void) (STRLOG(TL_ID, tep->te_minor, 1,
5166 SL_TRACE | SL_ERROR,
5167 "tl_unitdata:invalid unit data message"));
5168 tl_merror(wq, mp, EINVAL);
5169 return;
5170 }
5171 }
5172
5173 /* Options not supported unless it's a socket */
5174 if (alen == 0 || (olen != 0 && !IS_SOCKET(tep))) {
5175 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE | SL_ERROR,
5176 "tl_unitdata:option use(unsupported) or zero len addr"));
5177 tl_uderr(wq, mp, EPROTO);
5178 return;
5179 }
5180 #ifdef DEBUG
5181 /*
5182 * Mild form of ASSERT()ion to detect broken TPI apps.
5183 * if (!assertion)
5184 * log warning;
5185 */
5186 if (!(aoff >= (t_scalar_t)sizeof (struct T_unitdata_req))) {
5187 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE | SL_ERROR,
5188 "tl_unitdata:addr overlaps TPI message"));
5189 }
5190 #endif
5191 /*
5192 * get destination endpoint
5193 */
5194 destaddr.ta_alen = alen;
5195 destaddr.ta_abuf = mp->b_rptr + aoff;
5196 destaddr.ta_zoneid = tep->te_zoneid;
5197
5198 /*
5199 * Check whether the destination is the same that was used previously
5200 * and the destination endpoint is in the right state. If something is
5201 * wrong, find destination again and cache it.
5202 */
5203 peer_tep = tep->te_lastep;
5204
5205 if ((peer_tep == NULL) || peer_tep->te_closing ||
5206 (peer_tep->te_state != TS_IDLE) ||
5207 !tl_eqaddr(&destaddr, &peer_tep->te_ap)) {
5208 /*
5209 * Not the same as cached destination , need to find the right
5210 * destination.
5211 */
5212 peer_tep = (IS_SOCKET(tep) ?
5213 tl_sock_find_peer(tep, &ux_addr) :
5214 tl_find_peer(tep, &destaddr));
5215
5216 if (peer_tep == NULL) {
5217 (void) (STRLOG(TL_ID, tep->te_minor, 3,
5218 SL_TRACE | SL_ERROR,
5219 "tl_unitdata:no one at destination address"));
5220 tl_uderr(wq, mp, ECONNRESET);
5221 return;
5222 }
5223
5224 /*
5225 * Cache the new peer.
5226 */
5227 if (tep->te_lastep != NULL)
5228 tl_refrele(tep->te_lastep);
5229
5230 tep->te_lastep = peer_tep;
5231 }
5232
5233 if (peer_tep->te_state != TS_IDLE) {
5234 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
5235 "tl_unitdata:provider in invalid state"));
5236 tl_uderr(wq, mp, EPROTO);
5237 return;
5238 }
5239
5240 ASSERT(peer_tep->te_rq != NULL);
5241
5242 /*
5243 * Put it back if flow controlled except when we are closing.
5244 * Note: Messages already on queue when we are closing is bounded
5245 * so we can ignore flow control.
5246 */
5247 if (!canputnext(peer_tep->te_rq) && !(tep->te_closing)) {
5248 /* record what we are flow controlled on */
5249 if (tep->te_flowq != NULL) {
5250 list_remove(&tep->te_flowq->te_flowlist, tep);
5251 }
5252 list_insert_head(&peer_tep->te_flowlist, tep);
5253 tep->te_flowq = peer_tep;
5254 TL_PUTBQ(tep, mp);
5255 return;
5256 }
5257 /*
5258 * prepare indication message
5259 */
5260
5261 /*
5262 * calculate length of message
5263 */
5264 if (peer_tep->te_flag & (TL_SETCRED | TL_SETUCRED | TL_SOCKUCRED)) {
5265 cr = msg_getcred(mp, &cpid);
5266 ASSERT(cr != NULL);
5267
5268 if (peer_tep->te_flag & TL_SETCRED) {
5269 ASSERT(olen == 0);
5270 olen = (t_scalar_t)sizeof (struct opthdr) +
5271 OPTLEN(sizeof (tl_credopt_t));
5272 /* 1 option only */
5273 } else if (peer_tep->te_flag & TL_SETUCRED) {
5274 ASSERT(olen == 0);
5275 olen = (t_scalar_t)sizeof (struct opthdr) +
5276 OPTLEN(ucredminsize(cr));
5277 /* 1 option only */
5278 } else {
5279 /* Possibly more than one option */
5280 olen += (t_scalar_t)sizeof (struct T_opthdr) +
5281 OPTLEN(ucredminsize(cr));
5282 }
5283 }
5284
5285 ui_sz = T_ALIGN(sizeof (struct T_unitdata_ind) + tep->te_alen) + olen;
5286 reuse_mb_sz = T_ALIGN(sizeof (struct T_unitdata_ind) + alen) + olen;
5287
5288 /*
5289 * If the unitdata_ind fits and we are not adding options
5290 * reuse the udreq mblk.
5291 *
5292 * Otherwise, it is possible we need to append an option if one of the
5293 * te_flag bits is set. This requires extra space in the data block for
5294 * the additional option but the traditional technique used below to
5295 * allocate a new block and copy into it will not work when there is a
5296 * message block with a free pointer (since we don't know anything
5297 * about the layout of the data, pointers referencing or within the
5298 * data, etc.). To handle this possibility the upper layers may have
5299 * preallocated some space to use for appending an option. We check the
5300 * overall mblock size against the size we need ('reuse_mb_sz' with the
5301 * original address length [alen] to ensure we won't overrun the
5302 * current mblk data size) to see if there is free space and thus
5303 * avoid allocating a new message block.
5304 */
5305 if (msz >= ui_sz && alen >= tep->te_alen &&
5306 !(peer_tep->te_flag & (TL_SETCRED | TL_SETUCRED | TL_SOCKUCRED))) {
5307 /*
5308 * Reuse the original mblk. Leave options in place.
5309 */
5310 udind = (struct T_unitdata_ind *)mp->b_rptr;
5311 udind->PRIM_type = T_UNITDATA_IND;
5312 udind->SRC_length = tep->te_alen;
5313 addr_startp = mp->b_rptr + udind->SRC_offset;
5314 bcopy(tep->te_abuf, addr_startp, tep->te_alen);
5315
5316 } else if (MBLKSIZE(mp) >= reuse_mb_sz && alen >= tep->te_alen &&
5317 mp->b_datap->db_frtnp != NULL) {
5318 /*
5319 * We have a message block with a free pointer, but extra space
5320 * has been pre-allocated for us in case we need to append an
5321 * option. Reuse the original mblk, leaving existing options in
5322 * place.
5323 */
5324 udind = (struct T_unitdata_ind *)mp->b_rptr;
5325 udind->PRIM_type = T_UNITDATA_IND;
5326 udind->SRC_length = tep->te_alen;
5327 addr_startp = mp->b_rptr + udind->SRC_offset;
5328 bcopy(tep->te_abuf, addr_startp, tep->te_alen);
5329
5330 if (peer_tep->te_flag &
5331 (TL_SETCRED | TL_SETUCRED | TL_SOCKUCRED)) {
5332 ASSERT(cr != NULL);
5333 /*
5334 * We're appending one new option here after the
5335 * original ones.
5336 */
5337 tl_fill_option(mp->b_rptr + udind->OPT_offset + oldolen,
5338 cr, cpid, peer_tep->te_flag, peer_tep->te_credp);
5339 }
5340
5341 } else if (mp->b_datap->db_frtnp != NULL) {
5342 /*
5343 * The next block creates a new mp and tries to copy the data
5344 * block into it, but that cannot handle a message with a free
5345 * pointer (for more details see the comment in kstrputmsg()
5346 * where dupmsg() is called). Since we can never properly
5347 * duplicate the mp while also extending the data, just error
5348 * out now.
5349 */
5350 tl_uderr(wq, mp, EPROTO);
5351 return;
5352 } else {
5353 /* Allocate a new T_unitdata_ind message */
5354 mblk_t *ui_mp;
5355
5356 ui_mp = allocb(ui_sz, BPRI_MED);
5357 if (ui_mp == NULL) {
5358 (void) (STRLOG(TL_ID, tep->te_minor, 4, SL_TRACE,
5359 "tl_unitdata:allocb failure:message queued"));
5360 tl_memrecover(wq, mp, ui_sz);
5361 return;
5362 }
5363
5364 /*
5365 * fill in T_UNITDATA_IND contents
5366 */
5367 DB_TYPE(ui_mp) = M_PROTO;
5368 ui_mp->b_wptr = ui_mp->b_rptr + ui_sz;
5369 udind = (struct T_unitdata_ind *)ui_mp->b_rptr;
5370 udind->PRIM_type = T_UNITDATA_IND;
5371 udind->SRC_offset = (t_scalar_t)sizeof (struct T_unitdata_ind);
5372 udind->SRC_length = tep->te_alen;
5373 addr_startp = ui_mp->b_rptr + udind->SRC_offset;
5374 bcopy(tep->te_abuf, addr_startp, tep->te_alen);
5375 udind->OPT_offset =
5376 (t_scalar_t)T_ALIGN(udind->SRC_offset + udind->SRC_length);
5377 udind->OPT_length = olen;
5378 if (peer_tep->te_flag &
5379 (TL_SETCRED | TL_SETUCRED | TL_SOCKUCRED)) {
5380
5381 if (oldolen != 0) {
5382 bcopy((void *)((uintptr_t)udreq + ooff),
5383 (void *)((uintptr_t)udind +
5384 udind->OPT_offset),
5385 oldolen);
5386 }
5387 ASSERT(cr != NULL);
5388
5389 tl_fill_option(ui_mp->b_rptr + udind->OPT_offset +
5390 oldolen, cr, cpid,
5391 peer_tep->te_flag, peer_tep->te_credp);
5392 } else {
5393 bcopy((void *)((uintptr_t)udreq + ooff),
5394 (void *)((uintptr_t)udind + udind->OPT_offset),
5395 olen);
5396 }
5397
5398 /*
5399 * relink data blocks from mp to ui_mp
5400 */
5401 ui_mp->b_cont = mp->b_cont;
5402 freeb(mp);
5403 mp = ui_mp;
5404 }
5405 /*
5406 * send indication message
5407 */
5408 peer_tep->te_state = nextstate[TE_UNITDATA_IND][peer_tep->te_state];
5409 putnext(peer_tep->te_rq, mp);
5410 }
5411
5412
5413
5414 /*
5415 * Check if a given addr is in use.
5416 * Endpoint ptr returned or NULL if not found.
5417 * The name space is separate for each mode. This implies that
5418 * sockets get their own name space.
5419 */
5420 static tl_endpt_t *
5421 tl_find_peer(tl_endpt_t *tep, tl_addr_t *ap)
5422 {
5423 tl_endpt_t *peer_tep = NULL;
5424 int rc = mod_hash_find_cb(tep->te_addrhash, (mod_hash_key_t)ap,
5425 (mod_hash_val_t *)&peer_tep, tl_find_callback);
5426
5427 ASSERT(!IS_SOCKET(tep));
5428
5429 ASSERT(ap != NULL && ap->ta_alen > 0);
5430 ASSERT(ap->ta_zoneid == tep->te_zoneid);
5431 ASSERT(ap->ta_abuf != NULL);
5432 EQUIV(rc == 0, peer_tep != NULL);
5433 IMPLY(rc == 0,
5434 (tep->te_zoneid == peer_tep->te_zoneid) &&
5435 (tep->te_transport == peer_tep->te_transport));
5436
5437 if ((rc == 0) && (peer_tep->te_closing)) {
5438 tl_refrele(peer_tep);
5439 peer_tep = NULL;
5440 }
5441
5442 return (peer_tep);
5443 }
5444
5445 /*
5446 * Find peer for a socket based on unix domain address.
5447 * For implicit addresses our peer can be found by minor number in ai hash. For
5448 * explicit binds we look vnode address at addr_hash.
5449 */
5450 static tl_endpt_t *
5451 tl_sock_find_peer(tl_endpt_t *tep, soux_addr_t *ux_addr)
5452 {
5453 tl_endpt_t *peer_tep = NULL;
5454 mod_hash_t *hash = ux_addr->soua_magic == SOU_MAGIC_IMPLICIT ?
5455 tep->te_aihash : tep->te_addrhash;
5456 int rc = mod_hash_find_cb(hash, (mod_hash_key_t)ux_addr->soua_vp,
5457 (mod_hash_val_t *)&peer_tep, tl_find_callback);
5458
5459 ASSERT(IS_SOCKET(tep));
5460 EQUIV(rc == 0, peer_tep != NULL);
5461 IMPLY(rc == 0, (tep->te_transport == peer_tep->te_transport));
5462
5463 if (peer_tep != NULL) {
5464 /* Don't attempt to use closing peer. */
5465 if (peer_tep->te_closing)
5466 goto errout;
5467
5468 /*
5469 * Cross-zone unix sockets are permitted, but for Trusted
5470 * Extensions only, the "server" for these must be in the
5471 * global zone.
5472 */
5473 if ((peer_tep->te_zoneid != tep->te_zoneid) &&
5474 is_system_labeled() &&
5475 (peer_tep->te_zoneid != GLOBAL_ZONEID))
5476 goto errout;
5477 }
5478
5479 return (peer_tep);
5480
5481 errout:
5482 tl_refrele(peer_tep);
5483 return (NULL);
5484 }
5485
5486 /*
5487 * Generate a free addr and return it in struct pointed by ap
5488 * but allocating space for address buffer.
5489 * The generated address will be at least 4 bytes long and, if req->ta_alen
5490 * exceeds 4 bytes, be req->ta_alen bytes long.
5491 *
5492 * If address is found it will be inserted in the hash.
5493 *
5494 * If req->ta_alen is larger than the default alen (4 bytes) the last
5495 * alen-4 bytes will always be the same as in req.
5496 *
5497 * Return 0 for failure.
5498 * Return non-zero for success.
5499 */
5500 static boolean_t
5501 tl_get_any_addr(tl_endpt_t *tep, tl_addr_t *req)
5502 {
5503 t_scalar_t alen;
5504 uint32_t loopcnt; /* Limit loop to 2^32 */
5505
5506 ASSERT(tep->te_hash_hndl != NULL);
5507 ASSERT(!IS_SOCKET(tep));
5508
5509 if (tep->te_hash_hndl == NULL)
5510 return (B_FALSE);
5511
5512 /*
5513 * check if default addr is in use
5514 * if it is - bump it and try again
5515 */
5516 if (req == NULL) {
5517 alen = sizeof (uint32_t);
5518 } else {
5519 alen = max(req->ta_alen, sizeof (uint32_t));
5520 ASSERT(tep->te_zoneid == req->ta_zoneid);
5521 }
5522
5523 if (tep->te_alen < alen) {
5524 void *abuf = kmem_zalloc((size_t)alen, KM_NOSLEEP);
5525
5526 /*
5527 * Not enough space in tep->ta_ap to hold the address,
5528 * allocate a bigger space.
5529 */
5530 if (abuf == NULL)
5531 return (B_FALSE);
5532
5533 if (tep->te_alen > 0)
5534 kmem_free(tep->te_abuf, tep->te_alen);
5535
5536 tep->te_alen = alen;
5537 tep->te_abuf = abuf;
5538 }
5539
5540 /* Copy in the address in req */
5541 if (req != NULL) {
5542 ASSERT(alen >= req->ta_alen);
5543 bcopy(req->ta_abuf, tep->te_abuf, (size_t)req->ta_alen);
5544 }
5545
5546 /*
5547 * First try minor number then try default addresses.
5548 */
5549 bcopy(&tep->te_minor, tep->te_abuf, sizeof (uint32_t));
5550
5551 for (loopcnt = 0; loopcnt < UINT32_MAX; loopcnt++) {
5552 if (mod_hash_insert_reserve(tep->te_addrhash,
5553 (mod_hash_key_t)&tep->te_ap, (mod_hash_val_t)tep,
5554 tep->te_hash_hndl) == 0) {
5555 /*
5556 * found free address
5557 */
5558 tep->te_flag |= TL_ADDRHASHED;
5559 tep->te_hash_hndl = NULL;
5560
5561 return (B_TRUE); /* successful return */
5562 }
5563 /*
5564 * Use default address.
5565 */
5566 bcopy(&tep->te_defaddr, tep->te_abuf, sizeof (uint32_t));
5567 atomic_inc_32(&tep->te_defaddr);
5568 }
5569
5570 /*
5571 * Failed to find anything.
5572 */
5573 (void) (STRLOG(TL_ID, -1, 1, SL_ERROR,
5574 "tl_get_any_addr:looped 2^32 times"));
5575 return (B_FALSE);
5576 }
5577
5578 /*
5579 * reallocb + set r/w ptrs to reflect size.
5580 */
5581 static mblk_t *
5582 tl_resizemp(mblk_t *mp, ssize_t new_size)
5583 {
5584 if ((mp = reallocb(mp, new_size, 0)) == NULL)
5585 return (NULL);
5586
5587 mp->b_rptr = DB_BASE(mp);
5588 mp->b_wptr = mp->b_rptr + new_size;
5589 return (mp);
5590 }
5591
5592 static void
5593 tl_cl_backenable(tl_endpt_t *tep)
5594 {
5595 list_t *l = &tep->te_flowlist;
5596 tl_endpt_t *elp;
5597
5598 ASSERT(IS_CLTS(tep));
5599
5600 for (elp = list_head(l); elp != NULL; elp = list_head(l)) {
5601 ASSERT(tep->te_ser == elp->te_ser);
5602 ASSERT(elp->te_flowq == tep);
5603 if (!elp->te_closing)
5604 TL_QENABLE(elp);
5605 elp->te_flowq = NULL;
5606 list_remove(l, elp);
5607 }
5608 }
5609
5610 /*
5611 * Unconnect endpoints.
5612 */
5613 static void
5614 tl_co_unconnect(tl_endpt_t *tep)
5615 {
5616 tl_endpt_t *peer_tep = tep->te_conp;
5617 tl_endpt_t *srv_tep = tep->te_oconp;
5618 list_t *l;
5619 tl_icon_t *tip;
5620 tl_endpt_t *cl_tep;
5621 mblk_t *d_mp;
5622
5623 ASSERT(IS_COTS(tep));
5624 /*
5625 * If our peer is closing, don't use it.
5626 */
5627 if ((peer_tep != NULL) && peer_tep->te_closing) {
5628 TL_UNCONNECT(tep->te_conp);
5629 peer_tep = NULL;
5630 }
5631 if ((srv_tep != NULL) && srv_tep->te_closing) {
5632 TL_UNCONNECT(tep->te_oconp);
5633 srv_tep = NULL;
5634 }
5635
5636 if (tep->te_nicon > 0) {
5637 l = &tep->te_iconp;
5638 /*
5639 * If incoming requests pending, change state
5640 * of clients on disconnect ind event and send
5641 * discon_ind pdu to modules above them
5642 * for server: all clients get disconnect
5643 */
5644
5645 while (tep->te_nicon > 0) {
5646 tip = list_head(l);
5647 cl_tep = tip->ti_tep;
5648
5649 if (cl_tep == NULL) {
5650 tl_freetip(tep, tip);
5651 continue;
5652 }
5653
5654 if (cl_tep->te_oconp != NULL) {
5655 ASSERT(cl_tep != cl_tep->te_oconp);
5656 TL_UNCONNECT(cl_tep->te_oconp);
5657 }
5658
5659 if (cl_tep->te_closing) {
5660 tl_freetip(tep, tip);
5661 continue;
5662 }
5663
5664 enableok(cl_tep->te_wq);
5665 TL_QENABLE(cl_tep);
5666 d_mp = tl_discon_ind_alloc(ECONNREFUSED, BADSEQNUM);
5667 if (d_mp != NULL) {
5668 cl_tep->te_state = TS_IDLE;
5669 putnext(cl_tep->te_rq, d_mp);
5670 } else {
5671 (void) (STRLOG(TL_ID, tep->te_minor, 3,
5672 SL_TRACE | SL_ERROR,
5673 "tl_co_unconnect:icmng: "
5674 "allocb failure"));
5675 }
5676 tl_freetip(tep, tip);
5677 }
5678 } else if (srv_tep != NULL) {
5679 /*
5680 * If outgoing request pending, change state
5681 * of server on discon ind event
5682 */
5683
5684 if (IS_SOCKET(tep) && !tl_disable_early_connect &&
5685 IS_COTSORD(srv_tep) &&
5686 !tl_icon_hasprim(srv_tep, tep->te_seqno, T_ORDREL_IND)) {
5687 /*
5688 * Queue ordrel_ind for server to be picked up
5689 * when the connection is accepted.
5690 */
5691 d_mp = tl_ordrel_ind_alloc();
5692 } else {
5693 /*
5694 * send discon_ind to server
5695 */
5696 d_mp = tl_discon_ind_alloc(ECONNRESET, tep->te_seqno);
5697 }
5698 if (d_mp == NULL) {
5699 (void) (STRLOG(TL_ID, tep->te_minor, 3,
5700 SL_TRACE | SL_ERROR,
5701 "tl_co_unconnect:outgoing:allocb failure"));
5702 TL_UNCONNECT(tep->te_oconp);
5703 goto discon_peer;
5704 }
5705
5706 /*
5707 * If this is a socket the T_DISCON_IND is queued with
5708 * the T_CONN_IND. Otherwise the T_CONN_IND is removed
5709 * from the list of pending connections.
5710 * Note that when te_oconp is set the peer better have
5711 * a t_connind_t for the client.
5712 */
5713 if (IS_SOCKET(tep) && !tl_disable_early_connect) {
5714 /*
5715 * Queue the disconnection message.
5716 */
5717 tl_icon_queuemsg(srv_tep, tep->te_seqno, d_mp);
5718 } else {
5719 tip = tl_icon_find(srv_tep, tep->te_seqno);
5720 if (tip == NULL) {
5721 freemsg(d_mp);
5722 } else {
5723 ASSERT(tep == tip->ti_tep);
5724 ASSERT(tep->te_ser == srv_tep->te_ser);
5725 /*
5726 * Delete tip from the server list.
5727 */
5728 if (srv_tep->te_nicon == 1) {
5729 srv_tep->te_state =
5730 nextstate[TE_DISCON_IND2]
5731 [srv_tep->te_state];
5732 } else {
5733 srv_tep->te_state =
5734 nextstate[TE_DISCON_IND3]
5735 [srv_tep->te_state];
5736 }
5737 ASSERT(*(uint32_t *)(d_mp->b_rptr) ==
5738 T_DISCON_IND);
5739 putnext(srv_tep->te_rq, d_mp);
5740 tl_freetip(srv_tep, tip);
5741 }
5742 TL_UNCONNECT(tep->te_oconp);
5743 srv_tep = NULL;
5744 }
5745 } else if (peer_tep != NULL) {
5746 /*
5747 * unconnect existing connection
5748 * If connected, change state of peer on
5749 * discon ind event and send discon ind pdu
5750 * to module above it
5751 */
5752
5753 ASSERT(tep->te_ser == peer_tep->te_ser);
5754 if (IS_COTSORD(peer_tep) &&
5755 (peer_tep->te_state == TS_WIND_ORDREL ||
5756 peer_tep->te_state == TS_DATA_XFER)) {
5757 /*
5758 * send ordrel ind
5759 */
5760 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE,
5761 "tl_co_unconnect:connected: ordrel_ind state %d->%d",
5762 peer_tep->te_state,
5763 nextstate[TE_ORDREL_IND][peer_tep->te_state]));
5764 d_mp = tl_ordrel_ind_alloc();
5765 if (d_mp == NULL) {
5766 (void) (STRLOG(TL_ID, tep->te_minor, 3,
5767 SL_TRACE | SL_ERROR,
5768 "tl_co_unconnect:connected:"
5769 "allocb failure"));
5770 /*
5771 * Continue with cleaning up peer as
5772 * this side may go away with the close
5773 */
5774 TL_QENABLE(peer_tep);
5775 goto discon_peer;
5776 }
5777 peer_tep->te_state =
5778 nextstate[TE_ORDREL_IND][peer_tep->te_state];
5779
5780 putnext(peer_tep->te_rq, d_mp);
5781 /*
5782 * Handle flow control case. This will generate
5783 * a t_discon_ind message with reason 0 if there
5784 * is data queued on the write side.
5785 */
5786 TL_QENABLE(peer_tep);
5787 } else if (IS_COTSORD(peer_tep) &&
5788 peer_tep->te_state == TS_WREQ_ORDREL) {
5789 /*
5790 * Sent an ordrel_ind. We send a discon with
5791 * with error 0 to inform that the peer is gone.
5792 */
5793 (void) (STRLOG(TL_ID, tep->te_minor, 3,
5794 SL_TRACE | SL_ERROR,
5795 "tl_co_unconnect: discon in state %d",
5796 tep->te_state));
5797 tl_discon_ind(peer_tep, 0);
5798 } else {
5799 (void) (STRLOG(TL_ID, tep->te_minor, 3,
5800 SL_TRACE | SL_ERROR,
5801 "tl_co_unconnect: state %d", tep->te_state));
5802 tl_discon_ind(peer_tep, ECONNRESET);
5803 }
5804
5805 discon_peer:
5806 /*
5807 * Disconnect cross-pointers only for close
5808 */
5809 if (tep->te_closing) {
5810 peer_tep = tep->te_conp;
5811 TL_REMOVE_PEER(peer_tep->te_conp);
5812 TL_REMOVE_PEER(tep->te_conp);
5813 }
5814 }
5815 }
5816
5817 /*
5818 * Note: The following routine does not recover from allocb()
5819 * failures
5820 * The reason should be from the <sys/errno.h> space.
5821 */
5822 static void
5823 tl_discon_ind(tl_endpt_t *tep, uint32_t reason)
5824 {
5825 mblk_t *d_mp;
5826
5827 if (tep->te_closing)
5828 return;
5829
5830 /*
5831 * flush the queues.
5832 */
5833 flushq(tep->te_rq, FLUSHDATA);
5834 (void) putnextctl1(tep->te_rq, M_FLUSH, FLUSHRW);
5835
5836 /*
5837 * send discon ind
5838 */
5839 d_mp = tl_discon_ind_alloc(reason, tep->te_seqno);
5840 if (d_mp == NULL) {
5841 (void) (STRLOG(TL_ID, tep->te_minor, 3, SL_TRACE | SL_ERROR,
5842 "tl_discon_ind:allocb failure"));
5843 return;
5844 }
5845 tep->te_state = TS_IDLE;
5846 putnext(tep->te_rq, d_mp);
5847 }
5848
5849 /*
5850 * Note: The following routine does not recover from allocb()
5851 * failures
5852 * The reason should be from the <sys/errno.h> space.
5853 */
5854 static mblk_t *
5855 tl_discon_ind_alloc(uint32_t reason, t_scalar_t seqnum)
5856 {
5857 mblk_t *mp;
5858 struct T_discon_ind *tdi;
5859
5860 if (mp = allocb(sizeof (struct T_discon_ind), BPRI_MED)) {
5861 DB_TYPE(mp) = M_PROTO;
5862 mp->b_wptr = mp->b_rptr + sizeof (struct T_discon_ind);
5863 tdi = (struct T_discon_ind *)mp->b_rptr;
5864 tdi->PRIM_type = T_DISCON_IND;
5865 tdi->DISCON_reason = reason;
5866 tdi->SEQ_number = seqnum;
5867 }
5868 return (mp);
5869 }
5870
5871
5872 /*
5873 * Note: The following routine does not recover from allocb()
5874 * failures
5875 */
5876 static mblk_t *
5877 tl_ordrel_ind_alloc(void)
5878 {
5879 mblk_t *mp;
5880 struct T_ordrel_ind *toi;
5881
5882 if (mp = allocb(sizeof (struct T_ordrel_ind), BPRI_MED)) {
5883 DB_TYPE(mp) = M_PROTO;
5884 mp->b_wptr = mp->b_rptr + sizeof (struct T_ordrel_ind);
5885 toi = (struct T_ordrel_ind *)mp->b_rptr;
5886 toi->PRIM_type = T_ORDREL_IND;
5887 }
5888 return (mp);
5889 }
5890
5891
5892 /*
5893 * Lookup the seqno in the list of queued connections.
5894 */
5895 static tl_icon_t *
5896 tl_icon_find(tl_endpt_t *tep, t_scalar_t seqno)
5897 {
5898 list_t *l = &tep->te_iconp;
5899 tl_icon_t *tip = list_head(l);
5900
5901 ASSERT(seqno != 0);
5902
5903 for (; tip != NULL && (tip->ti_seqno != seqno); tip = list_next(l, tip))
5904 ;
5905
5906 return (tip);
5907 }
5908
5909 /*
5910 * Queue data for a given T_CONN_IND while verifying that redundant
5911 * messages, such as a T_ORDREL_IND after a T_DISCON_IND, are not queued.
5912 * Used when the originator of the connection closes.
5913 */
5914 static void
5915 tl_icon_queuemsg(tl_endpt_t *tep, t_scalar_t seqno, mblk_t *nmp)
5916 {
5917 tl_icon_t *tip;
5918 mblk_t **mpp, *mp;
5919 int prim, nprim;
5920
5921 if (nmp->b_datap->db_type == M_PROTO)
5922 nprim = ((union T_primitives *)nmp->b_rptr)->type;
5923 else
5924 nprim = -1; /* M_DATA */
5925
5926 tip = tl_icon_find(tep, seqno);
5927 if (tip == NULL) {
5928 freemsg(nmp);
5929 return;
5930 }
5931
5932 ASSERT(tip->ti_seqno != 0);
5933 mpp = &tip->ti_mp;
5934 while (*mpp != NULL) {
5935 mp = *mpp;
5936
5937 if (mp->b_datap->db_type == M_PROTO)
5938 prim = ((union T_primitives *)mp->b_rptr)->type;
5939 else
5940 prim = -1; /* M_DATA */
5941
5942 /*
5943 * Allow nothing after a T_DISCON_IND
5944 */
5945 if (prim == T_DISCON_IND) {
5946 freemsg(nmp);
5947 return;
5948 }
5949 /*
5950 * Only allow a T_DISCON_IND after an T_ORDREL_IND
5951 */
5952 if (prim == T_ORDREL_IND && nprim != T_DISCON_IND) {
5953 freemsg(nmp);
5954 return;
5955 }
5956 mpp = &(mp->b_next);
5957 }
5958 *mpp = nmp;
5959 }
5960
5961 /*
5962 * Verify if a certain TPI primitive exists on the connind queue.
5963 * Use prim -1 for M_DATA.
5964 * Return non-zero if found.
5965 */
5966 static boolean_t
5967 tl_icon_hasprim(tl_endpt_t *tep, t_scalar_t seqno, t_scalar_t prim)
5968 {
5969 tl_icon_t *tip = tl_icon_find(tep, seqno);
5970 boolean_t found = B_FALSE;
5971
5972 if (tip != NULL) {
5973 mblk_t *mp;
5974 for (mp = tip->ti_mp; !found && mp != NULL; mp = mp->b_next) {
5975 found = (DB_TYPE(mp) == M_PROTO &&
5976 ((union T_primitives *)mp->b_rptr)->type == prim);
5977 }
5978 }
5979 return (found);
5980 }
5981
5982 /*
5983 * Send the b_next mblk chain that has accumulated before the connection
5984 * was accepted. Perform the necessary state transitions.
5985 */
5986 static void
5987 tl_icon_sendmsgs(tl_endpt_t *tep, mblk_t **mpp)
5988 {
5989 mblk_t *mp;
5990 union T_primitives *primp;
5991
5992 if (tep->te_closing) {
5993 tl_icon_freemsgs(mpp);
5994 return;
5995 }
5996
5997 ASSERT(tep->te_state == TS_DATA_XFER);
5998 ASSERT(tep->te_rq->q_first == NULL);
5999
6000 while ((mp = *mpp) != NULL) {
6001 *mpp = mp->b_next;
6002 mp->b_next = NULL;
6003
6004 ASSERT((DB_TYPE(mp) == M_DATA) || (DB_TYPE(mp) == M_PROTO));
6005 switch (DB_TYPE(mp)) {
6006 default:
6007 freemsg(mp);
6008 break;
6009 case M_DATA:
6010 putnext(tep->te_rq, mp);
6011 break;
6012 case M_PROTO:
6013 primp = (union T_primitives *)mp->b_rptr;
6014 switch (primp->type) {
6015 case T_UNITDATA_IND:
6016 case T_DATA_IND:
6017 case T_OPTDATA_IND:
6018 case T_EXDATA_IND:
6019 putnext(tep->te_rq, mp);
6020 break;
6021 case T_ORDREL_IND:
6022 tep->te_state = nextstate[TE_ORDREL_IND]
6023 [tep->te_state];
6024 putnext(tep->te_rq, mp);
6025 break;
6026 case T_DISCON_IND:
6027 tep->te_state = TS_IDLE;
6028 putnext(tep->te_rq, mp);
6029 break;
6030 default:
6031 #ifdef DEBUG
6032 cmn_err(CE_PANIC,
6033 "tl_icon_sendmsgs: unknown primitive");
6034 #endif /* DEBUG */
6035 freemsg(mp);
6036 break;
6037 }
6038 break;
6039 }
6040 }
6041 }
6042
6043 /*
6044 * Free the b_next mblk chain that has accumulated before the connection
6045 * was accepted.
6046 */
6047 static void
6048 tl_icon_freemsgs(mblk_t **mpp)
6049 {
6050 mblk_t *mp;
6051
6052 while ((mp = *mpp) != NULL) {
6053 *mpp = mp->b_next;
6054 mp->b_next = NULL;
6055 freemsg(mp);
6056 }
6057 }
6058
6059 /*
6060 * Send M_ERROR
6061 * Note: assumes caller ensured enough space in mp or enough
6062 * memory available. Does not attempt recovery from allocb()
6063 * failures
6064 */
6065
6066 static void
6067 tl_merror(queue_t *wq, mblk_t *mp, int error)
6068 {
6069 tl_endpt_t *tep = (tl_endpt_t *)wq->q_ptr;
6070
6071 if (tep->te_closing) {
6072 freemsg(mp);
6073 return;
6074 }
6075
6076 (void) (STRLOG(TL_ID, tep->te_minor, 1,
6077 SL_TRACE | SL_ERROR,
6078 "tl_merror: tep=%p, err=%d", (void *)tep, error));
6079
6080 /*
6081 * flush all messages on queue. we are shutting
6082 * the stream down on fatal error
6083 */
6084 flushq(wq, FLUSHALL);
6085 if (IS_COTS(tep)) {
6086 /* connection oriented - unconnect endpoints */
6087 tl_co_unconnect(tep);
6088 }
6089 if (mp->b_cont) {
6090 freemsg(mp->b_cont);
6091 mp->b_cont = NULL;
6092 }
6093
6094 if ((MBLKSIZE(mp) < 1) || (DB_REF(mp) > 1)) {
6095 freemsg(mp);
6096 mp = allocb(1, BPRI_HI);
6097 if (mp == NULL) {
6098 (void) (STRLOG(TL_ID, tep->te_minor, 1,
6099 SL_TRACE | SL_ERROR,
6100 "tl_merror:M_PROTO: out of memory"));
6101 return;
6102 }
6103 }
6104 if (mp) {
6105 DB_TYPE(mp) = M_ERROR;
6106 mp->b_rptr = DB_BASE(mp);
6107 *mp->b_rptr = (char)error;
6108 mp->b_wptr = mp->b_rptr + sizeof (char);
6109 qreply(wq, mp);
6110 } else {
6111 (void) putnextctl1(tep->te_rq, M_ERROR, error);
6112 }
6113 }
6114
6115 static void
6116 tl_fill_option(uchar_t *buf, cred_t *cr, pid_t cpid, int flag, cred_t *pcr)
6117 {
6118 ASSERT(cr != NULL);
6119
6120 if (flag & TL_SETCRED) {
6121 struct opthdr *opt = (struct opthdr *)buf;
6122 tl_credopt_t *tlcred;
6123
6124 opt->level = TL_PROT_LEVEL;
6125 opt->name = TL_OPT_PEER_CRED;
6126 opt->len = (t_uscalar_t)OPTLEN(sizeof (tl_credopt_t));
6127
6128 tlcred = (tl_credopt_t *)(opt + 1);
6129 tlcred->tc_uid = crgetuid(cr);
6130 tlcred->tc_gid = crgetgid(cr);
6131 tlcred->tc_ruid = crgetruid(cr);
6132 tlcred->tc_rgid = crgetrgid(cr);
6133 tlcred->tc_suid = crgetsuid(cr);
6134 tlcred->tc_sgid = crgetsgid(cr);
6135 tlcred->tc_ngroups = crgetngroups(cr);
6136 } else if (flag & TL_SETUCRED) {
6137 struct opthdr *opt = (struct opthdr *)buf;
6138
6139 opt->level = TL_PROT_LEVEL;
6140 opt->name = TL_OPT_PEER_UCRED;
6141 opt->len = (t_uscalar_t)OPTLEN(ucredminsize(cr));
6142
6143 (void) cred2ucred(cr, cpid, (void *)(opt + 1), pcr);
6144 } else {
6145 struct T_opthdr *topt = (struct T_opthdr *)buf;
6146 ASSERT(flag & TL_SOCKUCRED);
6147
6148 topt->level = SOL_SOCKET;
6149 topt->name = SCM_UCRED;
6150 topt->len = ucredminsize(cr) + sizeof (*topt);
6151 topt->status = 0;
6152 (void) cred2ucred(cr, cpid, (void *)(topt + 1), pcr);
6153 }
6154 }
6155
6156 /* ARGSUSED */
6157 static int
6158 tl_default_opt(queue_t *wq, int level, int name, uchar_t *ptr)
6159 {
6160 /* no default value processed in protocol specific code currently */
6161 return (-1);
6162 }
6163
6164 /* ARGSUSED */
6165 static int
6166 tl_get_opt(queue_t *wq, int level, int name, uchar_t *ptr)
6167 {
6168 int len;
6169 tl_endpt_t *tep;
6170 int *valp;
6171
6172 tep = (tl_endpt_t *)wq->q_ptr;
6173
6174 len = 0;
6175
6176 /*
6177 * Assumes: option level and name sanity check done elsewhere
6178 */
6179
6180 switch (level) {
6181 case SOL_SOCKET:
6182 if (!IS_SOCKET(tep))
6183 break;
6184 switch (name) {
6185 case SO_RECVUCRED:
6186 len = sizeof (int);
6187 valp = (int *)ptr;
6188 *valp = (tep->te_flag & TL_SOCKUCRED) != 0;
6189 break;
6190 default:
6191 break;
6192 }
6193 break;
6194 case TL_PROT_LEVEL:
6195 switch (name) {
6196 case TL_OPT_PEER_CRED:
6197 case TL_OPT_PEER_UCRED:
6198 /*
6199 * option not supposed to retrieved directly
6200 * Only sent in T_CON_{IND,CON}, T_UNITDATA_IND
6201 * when some internal flags set by other options
6202 * Direct retrieval always designed to fail(ignored)
6203 * for this option.
6204 */
6205 break;
6206 }
6207 }
6208 return (len);
6209 }
6210
6211 /* ARGSUSED */
6212 static int
6213 tl_set_opt(queue_t *wq, uint_t mgmt_flags, int level, int name, uint_t inlen,
6214 uchar_t *invalp, uint_t *outlenp, uchar_t *outvalp, void *thisdg_attrs,
6215 cred_t *cr)
6216 {
6217 int error;
6218 tl_endpt_t *tep;
6219
6220 tep = (tl_endpt_t *)wq->q_ptr;
6221
6222 error = 0; /* NOERROR */
6223
6224 /*
6225 * Assumes: option level and name sanity checks done elsewhere
6226 */
6227
6228 switch (level) {
6229 case SOL_SOCKET:
6230 if (!IS_SOCKET(tep)) {
6231 error = EINVAL;
6232 break;
6233 }
6234 /*
6235 * TBD: fill in other AF_UNIX socket options and then stop
6236 * returning error.
6237 */
6238 switch (name) {
6239 case SO_RECVUCRED:
6240 /*
6241 * We only support this for datagram sockets;
6242 * getpeerucred handles the connection oriented
6243 * transports.
6244 */
6245 if (!IS_CLTS(tep)) {
6246 error = EINVAL;
6247 break;
6248 }
6249 if (*(int *)invalp == 0)
6250 tep->te_flag &= ~TL_SOCKUCRED;
6251 else
6252 tep->te_flag |= TL_SOCKUCRED;
6253 break;
6254 default:
6255 error = EINVAL;
6256 break;
6257 }
6258 break;
6259 case TL_PROT_LEVEL:
6260 switch (name) {
6261 case TL_OPT_PEER_CRED:
6262 case TL_OPT_PEER_UCRED:
6263 /*
6264 * option not supposed to be set directly
6265 * Its value in initialized for each endpoint at
6266 * driver open time.
6267 * Direct setting always designed to fail for this
6268 * option.
6269 */
6270 (void) (STRLOG(TL_ID, tep->te_minor, 1,
6271 SL_TRACE | SL_ERROR,
6272 "tl_set_opt: option is not supported"));
6273 error = EPROTO;
6274 break;
6275 }
6276 }
6277 return (error);
6278 }
6279
6280
6281 static void
6282 tl_timer(void *arg)
6283 {
6284 queue_t *wq = arg;
6285 tl_endpt_t *tep = (tl_endpt_t *)wq->q_ptr;
6286
6287 ASSERT(tep);
6288
6289 tep->te_timoutid = 0;
6290
6291 enableok(wq);
6292 /*
6293 * Note: can call wsrv directly here and save context switch
6294 * Consider change when qtimeout (not timeout) is active
6295 */
6296 qenable(wq);
6297 }
6298
6299 static void
6300 tl_buffer(void *arg)
6301 {
6302 queue_t *wq = arg;
6303 tl_endpt_t *tep = (tl_endpt_t *)wq->q_ptr;
6304
6305 ASSERT(tep);
6306
6307 tep->te_bufcid = 0;
6308 tep->te_nowsrv = B_FALSE;
6309
6310 enableok(wq);
6311 /*
6312 * Note: can call wsrv directly here and save context switch
6313 * Consider change when qbufcall (not bufcall) is active
6314 */
6315 qenable(wq);
6316 }
6317
6318 static void
6319 tl_memrecover(queue_t *wq, mblk_t *mp, size_t size)
6320 {
6321 tl_endpt_t *tep;
6322
6323 tep = (tl_endpt_t *)wq->q_ptr;
6324
6325 if (tep->te_closing) {
6326 freemsg(mp);
6327 return;
6328 }
6329 noenable(wq);
6330
6331 (void) insq(wq, wq->q_first, mp);
6332
6333 if (tep->te_bufcid || tep->te_timoutid) {
6334 (void) (STRLOG(TL_ID, tep->te_minor, 1, SL_TRACE | SL_ERROR,
6335 "tl_memrecover:recover %p pending", (void *)wq));
6336 return;
6337 }
6338
6339 tep->te_bufcid = qbufcall(wq, size, BPRI_MED, tl_buffer, wq);
6340 if (tep->te_bufcid == NULL) {
6341 tep->te_timoutid = qtimeout(wq, tl_timer, wq,
6342 drv_usectohz(TL_BUFWAIT));
6343 }
6344 }
6345
6346 static void
6347 tl_freetip(tl_endpt_t *tep, tl_icon_t *tip)
6348 {
6349 ASSERT(tip->ti_seqno != 0);
6350
6351 if (tip->ti_mp != NULL) {
6352 tl_icon_freemsgs(&tip->ti_mp);
6353 tip->ti_mp = NULL;
6354 }
6355 if (tip->ti_tep != NULL) {
6356 tl_refrele(tip->ti_tep);
6357 tip->ti_tep = NULL;
6358 }
6359 list_remove(&tep->te_iconp, tip);
6360 kmem_free(tip, sizeof (tl_icon_t));
6361 tep->te_nicon--;
6362 }
6363
6364 /*
6365 * Remove address from address hash.
6366 */
6367 static void
6368 tl_addr_unbind(tl_endpt_t *tep)
6369 {
6370 tl_endpt_t *elp;
6371
6372 if (tep->te_flag & TL_ADDRHASHED) {
6373 if (IS_SOCKET(tep)) {
6374 (void) mod_hash_remove(tep->te_addrhash,
6375 (mod_hash_key_t)tep->te_vp,
6376 (mod_hash_val_t *)&elp);
6377 tep->te_vp = (void *)(uintptr_t)tep->te_minor;
6378 tep->te_magic = SOU_MAGIC_IMPLICIT;
6379 } else {
6380 (void) mod_hash_remove(tep->te_addrhash,
6381 (mod_hash_key_t)&tep->te_ap,
6382 (mod_hash_val_t *)&elp);
6383 (void) kmem_free(tep->te_abuf, tep->te_alen);
6384 tep->te_alen = -1;
6385 tep->te_abuf = NULL;
6386 }
6387 tep->te_flag &= ~TL_ADDRHASHED;
6388 }
6389 }