Use alloc_skb_with_frags for skb allocation to keep it uniform
throughout the rx path.
Change-Id: Id38eeea0a7d422b50c1ad6a90b9b569f26c45917
Signed-off-by: Jay Jayanna <jayanna@codeaurora.org>
Add a pool of SKBs that can be used when the system is in low memory
conditions. This pool will be shared between all nodes and replenished
by a worker function.
Change-Id: I639a9ac76db726dc8ad46b12d3b3d560c674939c
Signed-off-by: Chris Lew <clew@codeaurora.org>
Signed-off-by: Vivek Golani <vgolani@codeaurora.org>
[ Upstream commit d28ea1fbbf437054ef339afec241019f2c4e2bb6 ]
Once the traversal of the list is completed with list_for_each_entry(),
the iterator (node) will point to an invalid object. So passing this to
qrtr_local_enqueue() which is outside of the iterator block is erroneous
eventhough the object is not used.
So fix this by passing NULL to qrtr_local_enqueue().
Fixes: bdabad3e36 ("net: Add Qualcomm IPC router")
Reported-by: kbuild test robot <lkp@intel.com>
Reported-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 6dbf02acef69b0742c238574583b3068afbd227c ]
If the local node id(qrtr_local_nid) is not modified after its
initialization, it equals to the broadcast node id(QRTR_NODE_BCAST).
So the messages from local node should not be taken as broadcast
and keep the process going to send them out anyway.
The definitions are as follow:
static unsigned int qrtr_local_nid = NUMA_NO_NODE;
Fixes: fdf5fd397566 ("net: qrtr: Broadcast messages only from control port")
Signed-off-by: Wang Wenhu <wenhu.wang@vivo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Converting DEL_PROC control command to BYE command to
cleanup service/client details of MSM.
Change-Id: I08d22d47b092e0124f5e9a58451f1dbcaaf14ed1
Signed-off-by: Arun Prakash <app@codeaurora.org>
The current QRTR transport feature set does not support fragmented skbs
which is a problem for packets that are forwarded from the rx path.
In order to linearize the skb, skb_put_padto() and skb_linearize() try
to allocate enough memory with GFP_ATOMIC but are prone to failure.
Pre-allocate enough headroom with GFP_KERNEL on forwarded packets. If
there are still problems with allocation, then continue and drop the
packet in qrtr_node_enqueue().
Change-Id: I7de6620bba26746698237d913ce064ea5725f921
Signed-off-by: Chris Lew <clew@codeaurora.org>
skb_put_padto() will free the skb if it fails to add the requested
padding to the skb. Drop the packet if we are unable to allocate a new
skb with the requested padding.
Change-Id: I5503c99679c7e6ecf767d3f632d72da5315988f1
Signed-off-by: Chris Lew <clew@codeaurora.org>
This reverts commit 088f93d00b.
This is a preparation change for merging android-4.14-q.147 into
msm-4.14 branch. Equivalent logic is already committed via:
31df2523b3 net: qrtr: Move rx worker to separate worker thread
05cc454885 net: qrtr: Flush work during release
Change-Id: Icdc4dbbe647c92251d67dbe140391bd1317235d1
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
net_dev_alloc() fails for high order allocations in system where memory
is fragmented and cause communication stall due to packet drops.
Use alloc_skb_with_frag() to avoid packet drops in memory fragmented case.
Change-Id: If6de7857deb82e080281ad8ca76fc17a13ce6dca
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
[ Upstream commit 73f0c11d11329a0d6d205d4312b6e5d2512af7c5 ]
As the endpoint is unregistered there might still be work pending to
handle incoming messages, which will result in a use after free
scenario. The plan is to remove the rx_worker, but until then (and for
stable@) ensure that the work is stopped before the node is freed.
Fixes: bdabad3e36 ("net: Add Qualcomm IPC router")
Cc: stable@vger.kernel.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Hello message is currently sent in response to a hello message received
by the ns. When two procs operate in this slave model, then neither of
them exchange the Hello message. This will halt further communication
from happening. Update QRTR to send a hello message once a new endpoint
is registered.
Prevent duplicate Hello messages from reaching the NS because NS will
echo the packet back. On two systems running QRTR, this will loopback
infinitely.
Change-Id: Ibc84fc46658e8c6cedb0d6e84bb1a56d739d5a30
Signed-off-by: Chris Lew <clew@codeaurora.org>
This reverts commit d33025a786.
Originally MHI Host API's assumed the client would not send until it
first received a packet from the device. This assumption is broken with
the change to queue hello work.
The MHI driver should split the channel initialization so that probe
occurs after the UL channel is started. This will allow the QRTR driver
to send immediately after probe. Revert this change until the channel
initialization change from MHI is ready.
Change-Id: I174d8c204eb1c36b0519005f15d79080fed8139f
Signed-off-by: Chris Lew <clew@codeaurora.org>
Hello message is currently sent in response to a hello message received
by the ns. When two procs operate in this slave model, then neither of
them exchange the Hello message. This will halt further communication
from happening. Update QRTR to send a hello message once a new endpoint
is registered.
Prevent duplicate Hello messages from reaching the NS because NS will
echo the packet back. On two systems running QRTR, this will loopback
infinitely.
Change-Id: Id8483341717ed3075b426b142b21e018cefbd580
Signed-off-by: Chris Lew <clew@codeaurora.org>
Add support to configure the node id through defconfig. This is useful
for targets that are unable to configure the node id through qrtr-ns
because of security reasons. The local node id can still be overridden
by the ns if it is capable.
Change-Id: Ie9fec2ae276948340f4f5a7e0374d554502a0ee1
Signed-off-by: Chris Lew <clew@codeaurora.org>
While forwarding a packet, if the node lookup fails, qrtr_fwd_pkt returns
without freeing the socket buffer. This results in memory leak. Make sure
this memory is freed to prevent this memory leak.
Change-Id: Ia17ceaaa8da7ec7b08ea0982928502c52316e8c0
Signed-off-by: Jay Jayanna <jayanna@codeaurora.org>
In system with fragmented memory allocation of bigger RX buffers
are failed and results in packet drop issue.
In failure cases use skb allocations with fragmented pages to avoid
packet drops and serve the use case.
CRs-Fixed: 2455559
Change-Id: Iac507bfa9b17ae0278e8cddafdfa5ec87fd7f80c
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
In some cases system enters into suspend state before handling
incoming packets and cause delay in communication.
Add pm_wakup_event() to abort the suspend when a packet is received.
CRs-Fixed: 2432846
Change-Id: I5cec4f9273362e8e2c1df1dae159a6bb5e54d16d
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
To support high priority clients like sensor use cases in all system
conditions elevating the router reader threads to RT priorities based
on configuration.
Change-Id: I6f46097f6678f2e00c3ec8872b208d773c377224
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Forwarding of control packets are not reaching the destination because
of replacing all control packets node id with node_id instead of
packet destination node_id.
Replace dst_node_id only when node id is broadcast node ID.
Change-Id: I544f52613fbf8b0973f3188d2acc03f5487d6bac
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
If a node_enqueue is called on a node that has not finished the hello
packet negotiation, the packet to be enqueued will be dropped. Make
sure to free this dropped packet.
Change-Id: I52a6f5d6b07fff272e3912d85221e7f6540cfa33
Signed-off-by: Chris Lew <clew@codeaurora.org>
Qrtr node list lock can be taken recursively by a thread and
in between other thread can contend the same lock for write,
this marks the lock as write biased and results in deadlock.
Changed qrtr code to avoid taking node list lock recursively
and prevent possible deadlock scenario.
CR-Fixed: 2384092
Change-Id: Idcdd1b3dbc8c19867c8afcde40ae4dcf08d87d66
Signed-off-by: Deepak Kumar Singh <deesin@codeaurora.org>
Add the DEL_PROC control message for forwarding usecases. If this proc
acts as a gateway between two procs then they need a notification to
clean up servers and client ports when either goes down. This message
acts as notification to clean up all resources associated with the node
in the message.
Change-Id: I3514f54aa0221e104196e2120e929cc9f351847d
Signed-off-by: Chris Lew <clew@codeaurora.org>
Add support for QRTR to forward messages between network clusters. The
network subnet id's are attached to the QRTR subnodes in the MHI and
RPMSG/GLINK nodes.
The current forwarding decisions are done based on the net ids and are
wrapped in a single function for easier maintenance of forwarding
decisions later on. The function will return true once it determines
a subnet has no connection to another subnet.
The NEW_SERVER, DEL_SERVER, and DEL_CLIENT control messages should be
forwarded while the DATA and RESUME_TX commands should be passed along
to their destination node.
The nameservice is expected to send NEW_SERVER commands for it's entire
database instead of just the local service database with these changes.
This is to make sure new nodes get service notifications that came
earlier and were meant to be forwarded to the new node.
Change-Id: Ia6a1e952430f7d63bf361bc3f2427d492e982d96
Signed-off-by: Chris Lew <clew@codeaurora.org>
sk_error_report callback function called without validating cause the NULL
pointer dereference.
Validate function pointer before using for error report.
Change-Id: I19d04f85a5457f3857623088f8e0578514f0c395
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Some transports need to know qrtr packet to read complete packet
from underlying transport.
Add API support to get the incoming packet size form qrtr header.
Change-Id: I4e4e4ab2e4c1fe0e1e1261af85a8b8618ce65bb3
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
The destination port value in the IPCR control buffer on older
targets is 0xFFFF. Handle the same by updating the dst_port to
QRTR_PORT_CTRL.
Change-Id: Ia70ce1c078ea84f0de47240f6fc3e764f4ae7a6f
Signed-off-by: Ajay Agarwal <ajaya@codeaurora.org>
Some transports need to know qrtr packet to read complete packet
from underlying transport.
Add API support to get the incoming packet size form qrtr header.
Change-Id: I4e4e4ab2e4c1fe0e1e1261af85a8b8618ce65bb3
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
The destination port value in the IPCR control buffer on older
targets is 0xFFFF. Handle the same by updating the dst_port to
QRTR_PORT_CTRL.
Change-Id: Ia70ce1c078ea84f0de47240f6fc3e764f4ae7a6f
Signed-off-by: Ajay Agarwal <ajaya@codeaurora.org>
In recovery mode qrtr-ns is running with root guid only. allow
qrtr-ns to bind the control port to support QRTR communication
in recovery mode.
CRs-Fixed: 2350005
Change-Id: I946ddef70373afca75af31ec56968185eb93733f
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
In system heavy load cases the rx work queued in global worker queue is
getting delayed and causing clients request timeouts.
Create and use separate worker thread to process qrtr rx packets.
Change-Id: I56793a463820340666288bae6111e160d3fc85b9
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Check tx wait conditions before entering wait. This helps threads with
pending signals finish their tx's instead of returning ERESTARTSYS.
Make checking the flow count and subsequent waiter operations an atomic
operation. The waiter list and flow count are modified on the tx and rx
threads which opens it to race conditions.
Change-Id: I7cba0e70d8e1760ed2d8cece6404b995721bdcc9
Signed-off-by: Chris Lew <clew@codeaurora.org>
Server state changes should be broadcast throughout the system. Change
the ipc state of a port when it sends a NEW SERVER control packet. This
ensures the DEL CLIENT control packet is propagated correctly for
servers.
Change-Id: I0e4e536b0976e76853531baaf98ffe5237897d9a
Signed-off-by: Chris Lew <clew@codeaurora.org>
The current implementation of the control port bind releases and
reacquires the port lock between allocating the port idr and resetting
the existing sockets. This creates a race condition where sockets
can send to the control port during the control port bind. Hold the
lock for the duration of the control port bind to prevent this.
In order to prevent messages from stale sockets being sent, check if
ENETRESET has been set on the socket and drop the packet.
Change-Id: Ie9abc6c51139e82d3c9ebd4d546d1acd7269875e
Signed-off-by: Chris Lew <clew@codeaurora.org>
If the transport fails to send a message, remove the flow ref count
that this msg took in qrtr_tx_wait. This alleviates the pressure during
SSR cleanup and all sends are failing.
Change-Id: Ifdd4470ddff86f7848344ab6b84b7ee77ee4f634
Signed-off-by: Chris Lew <clew@codeaurora.org>
There is a race between releasing a socket and a sock structure. Skbs
still in flight may hold references to the sock structure, preventing
it from being freed when the socket is released. Detach the socket in
the release call to prevent references to that sockets resources.
Change-Id: I44ac553cf73b3a2148ce50d7552c39b08f5e0f91
Signed-off-by: Chris Lew <clew@codeaurora.org>
Race between qrtr_tx_resume() handling rx_resume and qrtr_tx_wait()
adding the waiter to waitqueue causes qmi client to miss the resume_tx.
Add waiter while sending confirm_rx to avoid the race condition.
Change-Id: I628a8460f1a2a0a671e1006177c36257286f8746
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Only allow processes to bind to the control port if they are in the
AID_VENDOR_QRTR group or have NET_ADMIN capabilities. This GID is
reserved for QRTR control applications only.
Remove NET_BIND_SERVICE check from netlink socket callback. This is a
redundant check since NET_ADMIN is a more priveleged capability.
Change-Id: I70961418314c391017709cab6408e5c58cf6d848
Signed-off-by: Chris Lew <clew@codeaurora.org>
There is a race for clients that open sockets before the control port
is bound. If a client gets an idr that was allocated before the control
port is bound, there is a chance the previous address owner sent lookup
packets to the control port. The new address owner will get residual
responses to this the lookup packets.
Change the idr_alloc to idr_alloc_cyclic so new idr's are allocated
instead of trying to reuse the freed idrs.
Change-Id: Ie1bda7a818309503f80542e739bac646327296f7
Signed-off-by: Chris Lew <clew@codeaurora.org>
For every rx packet acquiring qrtr_node write lock to lookup
the node id can cause the write lock contention and prone to
add the stale node pointer into list while releasing the node.
Add required node id checks and use read lock while lookup.
Change-Id: I768c19f3192263a2eb113c6366b0d68e43bde4f6
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
There is a race where broadcast packets can be sent to a node that has
not sent the hello message to the remote processor. This breaks the
protocol expectation. Add a status variable to track when the hello
packet has been sent.
An alternative solution attempted was to remove the nodes from the
broadcast list until the hello packet is sent. This is not a valid
solution because hello messages are broadcasted if the ns is restarted
or started late. There needs to be a status variable separate from the
broadcast list.
Change-Id: I62d2a0241f1e33ef8849164a3334fe213bc0f8c8
Signed-off-by: Chris Lew <clew@codeaurora.org>
[ Upstream commit fdf5fd3975666804118e62c69de25dc85cc0909c ]
The broadcast node id should only be sent with the control port id.
Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
QRTR should support asynchronous sends even with the tx flow control
enabled. Add a timeout to the tx_wait and send a zero size packet to
nonblocking sockets after the remote port is no longer flow controlled.
This zero size packet will act as a notification for clients to start
sending again.
Change-Id: I3deab3960ce9e06f59f6a2b4998b32e0076ab70a
Signed-off-by: Chris Lew <clew@codeaurora.org>
An ept can represent multiple nodes in a system. If an ept unregisters,
qrtr should send a BYE control message for all the nodes that it
represents. Iterate through the node tree to find all the nodes that
belong to the ept.
Change-Id: Ia0b1573274e07d2f94092bd464105bc6ebca5ef8
Signed-off-by: Chris Lew <clew@codeaurora.org>
Discover nodes through QRTR_TYPE_NEW_SERVER messages as
well in order to find remote hosts which require more than
one hop to reach it.
Change-Id: Ia79df1fa2730250786d221fb847029046a53bea4
Signed-off-by: Gustavo Solaira <gustavos@codeaurora.org>
Signed-off-by: Chris Lew <clew@codeaurora.org>
The work struct to route packets to the appropriate port may sbe active
when the endpoint unregister occurs. Flush the work struct before
freeing the node structure. This change assumes that data will not be
posted on the endpointed after getting an unregister call.
Change-Id: Ia44dff6ca339dffa3e793d1545594da960240f8e
Signed-off-by: Chris Lew <clew@codeaurora.org>
There is a chance for a remote processor to become unresponsive while
QRTR is trying to broadcast a control message. This results in the node
lock being held for an extended period of time and prevents node lookup
which is needed to send messages.
Change the mutex to a rw_semaphore to allow concurrency during node
lookups and broadcasts.
Change-Id: I2e3fdde22edaac64f164cf08900e9d09b16c380d
Signed-off-by: Chris Lew <clew@codeaurora.org>
Simon1511