[PATCH] v9fs: fix for access to unitialized variables or freed memory
[linux-2.6] / fs / 9p / mux.c
1 /*
2  * linux/fs/9p/mux.c
3  *
4  * Protocol Multiplexer
5  *
6  *  Copyright (C) 2004 by Eric Van Hensbergen <ericvh@gmail.com>
7  *  Copyright (C) 2004-2005 by Latchesar Ionkov <lucho@ionkov.net>
8  *
9  *  This program is free software; you can redistribute it and/or modify
10  *  it under the terms of the GNU General Public License as published by
11  *  the Free Software Foundation; either version 2 of the License, or
12  *  (at your option) any later version.
13  *
14  *  This program is distributed in the hope that it will be useful,
15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  *  GNU General Public License for more details.
18  *
19  *  You should have received a copy of the GNU General Public License
20  *  along with this program; if not, write to:
21  *  Free Software Foundation
22  *  51 Franklin Street, Fifth Floor
23  *  Boston, MA  02111-1301  USA
24  *
25  */
26
27 #include <linux/config.h>
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/fs.h>
31 #include <linux/poll.h>
32 #include <linux/kthread.h>
33 #include <linux/idr.h>
34
35 #include "debug.h"
36 #include "v9fs.h"
37 #include "9p.h"
38 #include "conv.h"
39 #include "transport.h"
40 #include "mux.h"
41
42 #define ERREQFLUSH      1
43 #define SCHED_TIMEOUT   10
44 #define MAXPOLLWADDR    2
45
46 enum {
47         Rworksched = 1,         /* read work scheduled or running */
48         Rpending = 2,           /* can read */
49         Wworksched = 4,         /* write work scheduled or running */
50         Wpending = 8,           /* can write */
51 };
52
53 struct v9fs_mux_poll_task;
54
55 struct v9fs_req {
56         int tag;
57         struct v9fs_fcall *tcall;
58         struct v9fs_fcall *rcall;
59         int err;
60         v9fs_mux_req_callback cb;
61         void *cba;
62         struct list_head req_list;
63 };
64
65 struct v9fs_mux_data {
66         spinlock_t lock;
67         struct list_head mux_list;
68         struct v9fs_mux_poll_task *poll_task;
69         int msize;
70         unsigned char *extended;
71         struct v9fs_transport *trans;
72         struct v9fs_idpool tidpool;
73         int err;
74         wait_queue_head_t equeue;
75         struct list_head req_list;
76         struct list_head unsent_req_list;
77         struct v9fs_fcall *rcall;
78         int rpos;
79         char *rbuf;
80         int wpos;
81         int wsize;
82         char *wbuf;
83         wait_queue_t poll_wait[MAXPOLLWADDR];
84         wait_queue_head_t *poll_waddr[MAXPOLLWADDR];
85         poll_table pt;
86         struct work_struct rq;
87         struct work_struct wq;
88         unsigned long wsched;
89 };
90
91 struct v9fs_mux_poll_task {
92         struct task_struct *task;
93         struct list_head mux_list;
94         int muxnum;
95 };
96
97 struct v9fs_mux_rpc {
98         struct v9fs_mux_data *m;
99         struct v9fs_req *req;
100         int err;
101         struct v9fs_fcall *rcall;
102         wait_queue_head_t wqueue;
103 };
104
105 static int v9fs_poll_proc(void *);
106 static void v9fs_read_work(void *);
107 static void v9fs_write_work(void *);
108 static void v9fs_pollwait(struct file *filp, wait_queue_head_t * wait_address,
109                           poll_table * p);
110 static u16 v9fs_mux_get_tag(struct v9fs_mux_data *);
111 static void v9fs_mux_put_tag(struct v9fs_mux_data *, u16);
112
113 static DECLARE_MUTEX(v9fs_mux_task_lock);
114 static struct workqueue_struct *v9fs_mux_wq;
115
116 static int v9fs_mux_num;
117 static int v9fs_mux_poll_task_num;
118 static struct v9fs_mux_poll_task v9fs_mux_poll_tasks[100];
119
120 int v9fs_mux_global_init(void)
121 {
122         int i;
123
124         for (i = 0; i < ARRAY_SIZE(v9fs_mux_poll_tasks); i++)
125                 v9fs_mux_poll_tasks[i].task = NULL;
126
127         v9fs_mux_wq = create_workqueue("v9fs");
128         if (!v9fs_mux_wq)
129                 return -ENOMEM;
130
131         return 0;
132 }
133
134 void v9fs_mux_global_exit(void)
135 {
136         destroy_workqueue(v9fs_mux_wq);
137 }
138
139 /**
140  * v9fs_mux_calc_poll_procs - calculates the number of polling procs
141  * based on the number of mounted v9fs filesystems.
142  *
143  * The current implementation returns sqrt of the number of mounts.
144  */
145 inline int v9fs_mux_calc_poll_procs(int muxnum)
146 {
147         int n;
148
149         if (v9fs_mux_poll_task_num)
150                 n = muxnum / v9fs_mux_poll_task_num +
151                     (muxnum % v9fs_mux_poll_task_num ? 1 : 0);
152         else
153                 n = 1;
154
155         if (n > ARRAY_SIZE(v9fs_mux_poll_tasks))
156                 n = ARRAY_SIZE(v9fs_mux_poll_tasks);
157
158         return n;
159 }
160
161 static int v9fs_mux_poll_start(struct v9fs_mux_data *m)
162 {
163         int i, n;
164         struct v9fs_mux_poll_task *vpt, *vptlast;
165         struct task_struct *pproc;
166
167         dprintk(DEBUG_MUX, "mux %p muxnum %d procnum %d\n", m, v9fs_mux_num,
168                 v9fs_mux_poll_task_num);
169         up(&v9fs_mux_task_lock);
170
171         n = v9fs_mux_calc_poll_procs(v9fs_mux_num + 1);
172         if (n > v9fs_mux_poll_task_num) {
173                 for (i = 0; i < ARRAY_SIZE(v9fs_mux_poll_tasks); i++) {
174                         if (v9fs_mux_poll_tasks[i].task == NULL) {
175                                 vpt = &v9fs_mux_poll_tasks[i];
176                                 dprintk(DEBUG_MUX, "create proc %p\n", vpt);
177                                 pproc = kthread_create(v9fs_poll_proc, vpt,
178                                                    "v9fs-poll");
179
180                                 if (!IS_ERR(pproc)) {
181                                         vpt->task = pproc;
182                                         INIT_LIST_HEAD(&vpt->mux_list);
183                                         vpt->muxnum = 0;
184                                         v9fs_mux_poll_task_num++;
185                                         wake_up_process(vpt->task);
186                                 }
187                                 break;
188                         }
189                 }
190
191                 if (i >= ARRAY_SIZE(v9fs_mux_poll_tasks))
192                         dprintk(DEBUG_ERROR, "warning: no free poll slots\n");
193         }
194
195         n = (v9fs_mux_num + 1) / v9fs_mux_poll_task_num +
196             ((v9fs_mux_num + 1) % v9fs_mux_poll_task_num ? 1 : 0);
197
198         vptlast = NULL;
199         for (i = 0; i < ARRAY_SIZE(v9fs_mux_poll_tasks); i++) {
200                 vpt = &v9fs_mux_poll_tasks[i];
201                 if (vpt->task != NULL) {
202                         vptlast = vpt;
203                         if (vpt->muxnum < n) {
204                                 dprintk(DEBUG_MUX, "put in proc %d\n", i);
205                                 list_add(&m->mux_list, &vpt->mux_list);
206                                 vpt->muxnum++;
207                                 m->poll_task = vpt;
208                                 memset(&m->poll_waddr, 0, sizeof(m->poll_waddr));
209                                 init_poll_funcptr(&m->pt, v9fs_pollwait);
210                                 break;
211                         }
212                 }
213         }
214
215         if (i >= ARRAY_SIZE(v9fs_mux_poll_tasks)) {
216                 if (vptlast == NULL)
217                         return -ENOMEM;
218
219                 dprintk(DEBUG_MUX, "put in proc %d\n", i);
220                 list_add(&m->mux_list, &vptlast->mux_list);
221                 vptlast->muxnum++;
222                 m->poll_task = vptlast;
223                 memset(&m->poll_waddr, 0, sizeof(m->poll_waddr));
224                 init_poll_funcptr(&m->pt, v9fs_pollwait);
225         }
226
227         v9fs_mux_num++;
228         down(&v9fs_mux_task_lock);
229
230         return 0;
231 }
232
233 static void v9fs_mux_poll_stop(struct v9fs_mux_data *m)
234 {
235         int i;
236         struct v9fs_mux_poll_task *vpt;
237
238         up(&v9fs_mux_task_lock);
239         vpt = m->poll_task;
240         list_del(&m->mux_list);
241         for(i = 0; i < ARRAY_SIZE(m->poll_waddr); i++) {
242                 if (m->poll_waddr[i] != NULL) {
243                         remove_wait_queue(m->poll_waddr[i], &m->poll_wait[i]);
244                         m->poll_waddr[i] = NULL;
245                 }
246         }
247         vpt->muxnum--;
248         if (!vpt->muxnum) {
249                 dprintk(DEBUG_MUX, "destroy proc %p\n", vpt);
250                 send_sig(SIGKILL, vpt->task, 1);
251                 vpt->task = NULL;
252                 v9fs_mux_poll_task_num--;
253         }
254         v9fs_mux_num--;
255         down(&v9fs_mux_task_lock);
256 }
257
258 /**
259  * v9fs_mux_init - allocate and initialize the per-session mux data
260  * Creates the polling task if this is the first session.
261  *
262  * @trans - transport structure
263  * @msize - maximum message size
264  * @extended - pointer to the extended flag
265  */
266 struct v9fs_mux_data *v9fs_mux_init(struct v9fs_transport *trans, int msize,
267                                     unsigned char *extended)
268 {
269         int i, n;
270         struct v9fs_mux_data *m, *mtmp;
271
272         dprintk(DEBUG_MUX, "transport %p msize %d\n", trans, msize);
273         m = kmalloc(sizeof(struct v9fs_mux_data), GFP_KERNEL);
274         if (!m)
275                 return ERR_PTR(-ENOMEM);
276
277         spin_lock_init(&m->lock);
278         INIT_LIST_HEAD(&m->mux_list);
279         m->msize = msize;
280         m->extended = extended;
281         m->trans = trans;
282         idr_init(&m->tidpool.pool);
283         init_MUTEX(&m->tidpool.lock);
284         m->err = 0;
285         init_waitqueue_head(&m->equeue);
286         INIT_LIST_HEAD(&m->req_list);
287         INIT_LIST_HEAD(&m->unsent_req_list);
288         m->rcall = NULL;
289         m->rpos = 0;
290         m->rbuf = NULL;
291         m->wpos = m->wsize = 0;
292         m->wbuf = NULL;
293         INIT_WORK(&m->rq, v9fs_read_work, m);
294         INIT_WORK(&m->wq, v9fs_write_work, m);
295         m->wsched = 0;
296         memset(&m->poll_waddr, 0, sizeof(m->poll_waddr));
297         m->poll_task = NULL;
298         n = v9fs_mux_poll_start(m);
299         if (n)
300                 return ERR_PTR(n);
301
302         n = trans->poll(trans, &m->pt);
303         if (n & POLLIN) {
304                 dprintk(DEBUG_MUX, "mux %p can read\n", m);
305                 set_bit(Rpending, &m->wsched);
306         }
307
308         if (n & POLLOUT) {
309                 dprintk(DEBUG_MUX, "mux %p can write\n", m);
310                 set_bit(Wpending, &m->wsched);
311         }
312
313         for(i = 0; i < ARRAY_SIZE(m->poll_waddr); i++) {
314                 if (IS_ERR(m->poll_waddr[i])) {
315                         v9fs_mux_poll_stop(m);
316                         mtmp = (void *)m->poll_waddr;   /* the error code */
317                         kfree(m);
318                         m = mtmp;
319                         break;
320                 }
321         }
322
323         return m;
324 }
325
326 /**
327  * v9fs_mux_destroy - cancels all pending requests and frees mux resources
328  */
329 void v9fs_mux_destroy(struct v9fs_mux_data *m)
330 {
331         dprintk(DEBUG_MUX, "mux %p prev %p next %p\n", m,
332                 m->mux_list.prev, m->mux_list.next);
333         v9fs_mux_cancel(m, -ECONNRESET);
334
335         if (!list_empty(&m->req_list)) {
336                 /* wait until all processes waiting on this session exit */
337                 dprintk(DEBUG_MUX, "mux %p waiting for empty request queue\n",
338                         m);
339                 wait_event_timeout(m->equeue, (list_empty(&m->req_list)), 5000);
340                 dprintk(DEBUG_MUX, "mux %p request queue empty: %d\n", m,
341                         list_empty(&m->req_list));
342         }
343
344         v9fs_mux_poll_stop(m);
345         m->trans = NULL;
346
347         kfree(m);
348 }
349
350 /**
351  * v9fs_pollwait - called by files poll operation to add v9fs-poll task
352  *      to files wait queue
353  */
354 static void
355 v9fs_pollwait(struct file *filp, wait_queue_head_t * wait_address,
356               poll_table * p)
357 {
358         int i;
359         struct v9fs_mux_data *m;
360
361         m = container_of(p, struct v9fs_mux_data, pt);
362         for(i = 0; i < ARRAY_SIZE(m->poll_waddr); i++)
363                 if (m->poll_waddr[i] == NULL)
364                         break;
365
366         if (i >= ARRAY_SIZE(m->poll_waddr)) {
367                 dprintk(DEBUG_ERROR, "not enough wait_address slots\n");
368                 return;
369         }
370
371         m->poll_waddr[i] = wait_address;
372
373         if (!wait_address) {
374                 dprintk(DEBUG_ERROR, "no wait_address\n");
375                 m->poll_waddr[i] = ERR_PTR(-EIO);
376                 return;
377         }
378
379         init_waitqueue_entry(&m->poll_wait[i], m->poll_task->task);
380         add_wait_queue(wait_address, &m->poll_wait[i]);
381 }
382
383 /**
384  * v9fs_poll_mux - polls a mux and schedules read or write works if necessary
385  */
386 static inline void v9fs_poll_mux(struct v9fs_mux_data *m)
387 {
388         int n;
389
390         if (m->err < 0)
391                 return;
392
393         n = m->trans->poll(m->trans, NULL);
394         if (n < 0 || n & (POLLERR | POLLHUP | POLLNVAL)) {
395                 dprintk(DEBUG_MUX, "error mux %p err %d\n", m, n);
396                 if (n >= 0)
397                         n = -ECONNRESET;
398                 v9fs_mux_cancel(m, n);
399         }
400
401         if (n & POLLIN) {
402                 set_bit(Rpending, &m->wsched);
403                 dprintk(DEBUG_MUX, "mux %p can read\n", m);
404                 if (!test_and_set_bit(Rworksched, &m->wsched)) {
405                         dprintk(DEBUG_MUX, "schedule read work mux %p\n", m);
406                         queue_work(v9fs_mux_wq, &m->rq);
407                 }
408         }
409
410         if (n & POLLOUT) {
411                 set_bit(Wpending, &m->wsched);
412                 dprintk(DEBUG_MUX, "mux %p can write\n", m);
413                 if ((m->wsize || !list_empty(&m->unsent_req_list))
414                     && !test_and_set_bit(Wworksched, &m->wsched)) {
415                         dprintk(DEBUG_MUX, "schedule write work mux %p\n", m);
416                         queue_work(v9fs_mux_wq, &m->wq);
417                 }
418         }
419 }
420
421 /**
422  * v9fs_poll_proc - polls all v9fs transports for new events and queues
423  *      the appropriate work to the work queue
424  */
425 static int v9fs_poll_proc(void *a)
426 {
427         struct v9fs_mux_data *m, *mtmp;
428         struct v9fs_mux_poll_task *vpt;
429
430         vpt = a;
431         dprintk(DEBUG_MUX, "start %p %p\n", current, vpt);
432         allow_signal(SIGKILL);
433         while (!kthread_should_stop()) {
434                 set_current_state(TASK_INTERRUPTIBLE);
435                 if (signal_pending(current))
436                         break;
437
438                 list_for_each_entry_safe(m, mtmp, &vpt->mux_list, mux_list) {
439                         v9fs_poll_mux(m);
440                 }
441
442                 dprintk(DEBUG_MUX, "sleeping...\n");
443                 schedule_timeout(SCHED_TIMEOUT * HZ);
444         }
445
446         __set_current_state(TASK_RUNNING);
447         dprintk(DEBUG_MUX, "finish\n");
448         return 0;
449 }
450
451 /**
452  * v9fs_write_work - called when a transport can send some data
453  */
454 static void v9fs_write_work(void *a)
455 {
456         int n, err;
457         struct v9fs_mux_data *m;
458         struct v9fs_req *req;
459
460         m = a;
461
462         if (m->err < 0) {
463                 clear_bit(Wworksched, &m->wsched);
464                 return;
465         }
466
467         if (!m->wsize) {
468                 if (list_empty(&m->unsent_req_list)) {
469                         clear_bit(Wworksched, &m->wsched);
470                         return;
471                 }
472
473                 spin_lock(&m->lock);
474 again:
475                 req = list_entry(m->unsent_req_list.next, struct v9fs_req,
476                                req_list);
477                 list_move_tail(&req->req_list, &m->req_list);
478                 if (req->err == ERREQFLUSH)
479                         goto again;
480
481                 m->wbuf = req->tcall->sdata;
482                 m->wsize = req->tcall->size;
483                 m->wpos = 0;
484                 dump_data(m->wbuf, m->wsize);
485                 spin_unlock(&m->lock);
486         }
487
488         dprintk(DEBUG_MUX, "mux %p pos %d size %d\n", m, m->wpos, m->wsize);
489         clear_bit(Wpending, &m->wsched);
490         err = m->trans->write(m->trans, m->wbuf + m->wpos, m->wsize - m->wpos);
491         dprintk(DEBUG_MUX, "mux %p sent %d bytes\n", m, err);
492         if (err == -EAGAIN) {
493                 clear_bit(Wworksched, &m->wsched);
494                 return;
495         }
496
497         if (err <= 0)
498                 goto error;
499
500         m->wpos += err;
501         if (m->wpos == m->wsize)
502                 m->wpos = m->wsize = 0;
503
504         if (m->wsize == 0 && !list_empty(&m->unsent_req_list)) {
505                 if (test_and_clear_bit(Wpending, &m->wsched))
506                         n = POLLOUT;
507                 else
508                         n = m->trans->poll(m->trans, NULL);
509
510                 if (n & POLLOUT) {
511                         dprintk(DEBUG_MUX, "schedule write work mux %p\n", m);
512                         queue_work(v9fs_mux_wq, &m->wq);
513                 } else
514                         clear_bit(Wworksched, &m->wsched);
515         } else
516                 clear_bit(Wworksched, &m->wsched);
517
518         return;
519
520       error:
521         v9fs_mux_cancel(m, err);
522         clear_bit(Wworksched, &m->wsched);
523 }
524
525 static void process_request(struct v9fs_mux_data *m, struct v9fs_req *req)
526 {
527         int ecode, tag;
528         struct v9fs_str *ename;
529
530         tag = req->tag;
531         if (!req->err && req->rcall->id == RERROR) {
532                 ecode = req->rcall->params.rerror.errno;
533                 ename = &req->rcall->params.rerror.error;
534
535                 dprintk(DEBUG_MUX, "Rerror %.*s\n", ename->len, ename->str);
536
537                 if (*m->extended)
538                         req->err = -ecode;
539
540                 if (!req->err) {
541                         req->err = v9fs_errstr2errno(ename->str, ename->len);
542
543                         if (!req->err) {        /* string match failed */
544                                 PRINT_FCALL_ERROR("unknown error", req->rcall);
545                         }
546
547                         if (!req->err)
548                                 req->err = -ESERVERFAULT;
549                 }
550         } else if (req->tcall && req->rcall->id != req->tcall->id + 1) {
551                 dprintk(DEBUG_ERROR, "fcall mismatch: expected %d, got %d\n",
552                         req->tcall->id + 1, req->rcall->id);
553                 if (!req->err)
554                         req->err = -EIO;
555         }
556
557         if (req->err == ERREQFLUSH)
558                 return;
559
560         if (req->cb) {
561                 dprintk(DEBUG_MUX, "calling callback tcall %p rcall %p\n",
562                         req->tcall, req->rcall);
563
564                 (*req->cb) (req->cba, req->tcall, req->rcall, req->err);
565                 req->cb = NULL;
566         } else
567                 kfree(req->rcall);
568
569         v9fs_mux_put_tag(m, tag);
570
571         wake_up(&m->equeue);
572         kfree(req);
573 }
574
575 /**
576  * v9fs_read_work - called when there is some data to be read from a transport
577  */
578 static void v9fs_read_work(void *a)
579 {
580         int n, err;
581         struct v9fs_mux_data *m;
582         struct v9fs_req *req, *rptr, *rreq;
583         struct v9fs_fcall *rcall;
584         char *rbuf;
585
586         m = a;
587
588         if (m->err < 0)
589                 return;
590
591         rcall = NULL;
592         dprintk(DEBUG_MUX, "start mux %p pos %d\n", m, m->rpos);
593
594         if (!m->rcall) {
595                 m->rcall =
596                     kmalloc(sizeof(struct v9fs_fcall) + m->msize, GFP_KERNEL);
597                 if (!m->rcall) {
598                         err = -ENOMEM;
599                         goto error;
600                 }
601
602                 m->rbuf = (char *)m->rcall + sizeof(struct v9fs_fcall);
603                 m->rpos = 0;
604         }
605
606         clear_bit(Rpending, &m->wsched);
607         err = m->trans->read(m->trans, m->rbuf + m->rpos, m->msize - m->rpos);
608         dprintk(DEBUG_MUX, "mux %p got %d bytes\n", m, err);
609         if (err == -EAGAIN) {
610                 clear_bit(Rworksched, &m->wsched);
611                 return;
612         }
613
614         if (err <= 0)
615                 goto error;
616
617         m->rpos += err;
618         while (m->rpos > 4) {
619                 n = le32_to_cpu(*(__le32 *) m->rbuf);
620                 if (n >= m->msize) {
621                         dprintk(DEBUG_ERROR,
622                                 "requested packet size too big: %d\n", n);
623                         err = -EIO;
624                         goto error;
625                 }
626
627                 if (m->rpos < n)
628                         break;
629
630                 dump_data(m->rbuf, n);
631                 err =
632                     v9fs_deserialize_fcall(m->rbuf, n, m->rcall, *m->extended);
633                 if (err < 0) {
634                         goto error;
635                 }
636
637                 rcall = m->rcall;
638                 rbuf = m->rbuf;
639                 if (m->rpos > n) {
640                         m->rcall = kmalloc(sizeof(struct v9fs_fcall) + m->msize,
641                                            GFP_KERNEL);
642                         if (!m->rcall) {
643                                 err = -ENOMEM;
644                                 goto error;
645                         }
646
647                         m->rbuf = (char *)m->rcall + sizeof(struct v9fs_fcall);
648                         memmove(m->rbuf, rbuf + n, m->rpos - n);
649                         m->rpos -= n;
650                 } else {
651                         m->rcall = NULL;
652                         m->rbuf = NULL;
653                         m->rpos = 0;
654                 }
655
656                 dprintk(DEBUG_MUX, "mux %p fcall id %d tag %d\n", m, rcall->id,
657                         rcall->tag);
658
659                 req = NULL;
660                 spin_lock(&m->lock);
661                 list_for_each_entry_safe(rreq, rptr, &m->req_list, req_list) {
662                         if (rreq->tag == rcall->tag) {
663                                 req = rreq;
664                                 req->rcall = rcall;
665                                 list_del(&req->req_list);
666                                 spin_unlock(&m->lock);
667                                 process_request(m, req);
668                                 break;
669                         }
670
671                 }
672
673                 if (!req) {
674                         spin_unlock(&m->lock);
675                         if (err >= 0 && rcall->id != RFLUSH)
676                                 dprintk(DEBUG_ERROR,
677                                         "unexpected response mux %p id %d tag %d\n",
678                                         m, rcall->id, rcall->tag);
679                         kfree(rcall);
680                 }
681         }
682
683         if (!list_empty(&m->req_list)) {
684                 if (test_and_clear_bit(Rpending, &m->wsched))
685                         n = POLLIN;
686                 else
687                         n = m->trans->poll(m->trans, NULL);
688
689                 if (n & POLLIN) {
690                         dprintk(DEBUG_MUX, "schedule read work mux %p\n", m);
691                         queue_work(v9fs_mux_wq, &m->rq);
692                 } else
693                         clear_bit(Rworksched, &m->wsched);
694         } else
695                 clear_bit(Rworksched, &m->wsched);
696
697         return;
698
699       error:
700         v9fs_mux_cancel(m, err);
701         clear_bit(Rworksched, &m->wsched);
702 }
703
704 /**
705  * v9fs_send_request - send 9P request
706  * The function can sleep until the request is scheduled for sending.
707  * The function can be interrupted. Return from the function is not
708  * a guarantee that the request is sent succesfully. Can return errors
709  * that can be retrieved by PTR_ERR macros.
710  *
711  * @m: mux data
712  * @tc: request to be sent
713  * @cb: callback function to call when response is received
714  * @cba: parameter to pass to the callback function
715  */
716 static struct v9fs_req *v9fs_send_request(struct v9fs_mux_data *m,
717                                           struct v9fs_fcall *tc,
718                                           v9fs_mux_req_callback cb, void *cba)
719 {
720         int n;
721         struct v9fs_req *req;
722
723         dprintk(DEBUG_MUX, "mux %p task %p tcall %p id %d\n", m, current,
724                 tc, tc->id);
725         if (m->err < 0)
726                 return ERR_PTR(m->err);
727
728         req = kmalloc(sizeof(struct v9fs_req), GFP_KERNEL);
729         if (!req)
730                 return ERR_PTR(-ENOMEM);
731
732         if (tc->id == TVERSION)
733                 n = V9FS_NOTAG;
734         else
735                 n = v9fs_mux_get_tag(m);
736
737         if (n < 0)
738                 return ERR_PTR(-ENOMEM);
739
740         v9fs_set_tag(tc, n);
741
742         req->tag = n;
743         req->tcall = tc;
744         req->rcall = NULL;
745         req->err = 0;
746         req->cb = cb;
747         req->cba = cba;
748
749         spin_lock(&m->lock);
750         list_add_tail(&req->req_list, &m->unsent_req_list);
751         spin_unlock(&m->lock);
752
753         if (test_and_clear_bit(Wpending, &m->wsched))
754                 n = POLLOUT;
755         else
756                 n = m->trans->poll(m->trans, NULL);
757
758         if (n & POLLOUT && !test_and_set_bit(Wworksched, &m->wsched))
759                 queue_work(v9fs_mux_wq, &m->wq);
760
761         return req;
762 }
763
764 static inline void
765 v9fs_mux_flush_cb(void *a, struct v9fs_fcall *tc, struct v9fs_fcall *rc,
766                   int err)
767 {
768         v9fs_mux_req_callback cb;
769         int tag;
770         struct v9fs_mux_data *m;
771         struct v9fs_req *req, *rptr;
772
773         m = a;
774         dprintk(DEBUG_MUX, "mux %p tc %p rc %p err %d oldtag %d\n", m, tc,
775                 rc, err, tc->params.tflush.oldtag);
776
777         spin_lock(&m->lock);
778         cb = NULL;
779         tag = tc->params.tflush.oldtag;
780         list_for_each_entry_safe(req, rptr, &m->req_list, req_list) {
781                 if (req->tag == tag) {
782                         list_del(&req->req_list);
783                         if (req->cb) {
784                                 cb = req->cb;
785                                 req->cb = NULL;
786                                 spin_unlock(&m->lock);
787                                 (*cb) (req->cba, req->tcall, req->rcall,
788                                        req->err);
789                         }
790                         kfree(req);
791                         wake_up(&m->equeue);
792                         break;
793                 }
794         }
795
796         if (!cb)
797                 spin_unlock(&m->lock);
798
799         v9fs_mux_put_tag(m, tag);
800         kfree(tc);
801         kfree(rc);
802 }
803
804 static void
805 v9fs_mux_flush_request(struct v9fs_mux_data *m, struct v9fs_req *req)
806 {
807         struct v9fs_fcall *fc;
808
809         dprintk(DEBUG_MUX, "mux %p req %p tag %d\n", m, req, req->tag);
810
811         fc = v9fs_create_tflush(req->tag);
812         v9fs_send_request(m, fc, v9fs_mux_flush_cb, m);
813 }
814
815 static void
816 v9fs_mux_rpc_cb(void *a, struct v9fs_fcall *tc, struct v9fs_fcall *rc, int err)
817 {
818         struct v9fs_mux_rpc *r;
819
820         if (err == ERREQFLUSH) {
821                 kfree(rc);
822                 dprintk(DEBUG_MUX, "err req flush\n");
823                 return;
824         }
825
826         r = a;
827         dprintk(DEBUG_MUX, "mux %p req %p tc %p rc %p err %d\n", r->m, r->req,
828                 tc, rc, err);
829         r->rcall = rc;
830         r->err = err;
831         wake_up(&r->wqueue);
832 }
833
834 /**
835  * v9fs_mux_rpc - sends 9P request and waits until a response is available.
836  *      The function can be interrupted.
837  * @m: mux data
838  * @tc: request to be sent
839  * @rc: pointer where a pointer to the response is stored
840  */
841 int
842 v9fs_mux_rpc(struct v9fs_mux_data *m, struct v9fs_fcall *tc,
843              struct v9fs_fcall **rc)
844 {
845         int err;
846         unsigned long flags;
847         struct v9fs_req *req;
848         struct v9fs_mux_rpc r;
849
850         r.err = 0;
851         r.rcall = NULL;
852         r.m = m;
853         init_waitqueue_head(&r.wqueue);
854
855         if (rc)
856                 *rc = NULL;
857
858         req = v9fs_send_request(m, tc, v9fs_mux_rpc_cb, &r);
859         if (IS_ERR(req)) {
860                 err = PTR_ERR(req);
861                 dprintk(DEBUG_MUX, "error %d\n", err);
862                 return PTR_ERR(req);
863         }
864
865         r.req = req;
866         dprintk(DEBUG_MUX, "mux %p tc %p tag %d rpc %p req %p\n", m, tc,
867                 req->tag, &r, req);
868         err = wait_event_interruptible(r.wqueue, r.rcall != NULL || r.err < 0);
869         if (r.err < 0)
870                 err = r.err;
871
872         if (err == -ERESTARTSYS && m->trans->status == Connected && m->err == 0) {
873                 spin_lock(&m->lock);
874                 req->tcall = NULL;
875                 req->err = ERREQFLUSH;
876                 spin_unlock(&m->lock);
877
878                 clear_thread_flag(TIF_SIGPENDING);
879                 v9fs_mux_flush_request(m, req);
880                 spin_lock_irqsave(&current->sighand->siglock, flags);
881                 recalc_sigpending();
882                 spin_unlock_irqrestore(&current->sighand->siglock, flags);
883         }
884
885         if (!err) {
886                 if (r.rcall)
887                         dprintk(DEBUG_MUX, "got response id %d tag %d\n",
888                                 r.rcall->id, r.rcall->tag);
889
890                 if (rc)
891                         *rc = r.rcall;
892                 else
893                         kfree(r.rcall);
894         } else {
895                 kfree(r.rcall);
896                 dprintk(DEBUG_MUX, "got error %d\n", err);
897                 if (err > 0)
898                         err = -EIO;
899         }
900
901         return err;
902 }
903
904 /**
905  * v9fs_mux_rpcnb - sends 9P request without waiting for response.
906  * @m: mux data
907  * @tc: request to be sent
908  * @cb: callback function to be called when response arrives
909  * @cba: value to pass to the callback function
910  */
911 int v9fs_mux_rpcnb(struct v9fs_mux_data *m, struct v9fs_fcall *tc,
912                    v9fs_mux_req_callback cb, void *a)
913 {
914         int err;
915         struct v9fs_req *req;
916
917         req = v9fs_send_request(m, tc, cb, a);
918         if (IS_ERR(req)) {
919                 err = PTR_ERR(req);
920                 dprintk(DEBUG_MUX, "error %d\n", err);
921                 return PTR_ERR(req);
922         }
923
924         dprintk(DEBUG_MUX, "mux %p tc %p tag %d\n", m, tc, req->tag);
925         return 0;
926 }
927
928 /**
929  * v9fs_mux_cancel - cancel all pending requests with error
930  * @m: mux data
931  * @err: error code
932  */
933 void v9fs_mux_cancel(struct v9fs_mux_data *m, int err)
934 {
935         struct v9fs_req *req, *rtmp;
936         LIST_HEAD(cancel_list);
937
938         dprintk(DEBUG_MUX, "mux %p err %d\n", m, err);
939         m->err = err;
940         spin_lock(&m->lock);
941         list_for_each_entry_safe(req, rtmp, &m->req_list, req_list) {
942                 list_move(&req->req_list, &cancel_list);
943         }
944         spin_unlock(&m->lock);
945
946         list_for_each_entry_safe(req, rtmp, &cancel_list, req_list) {
947                 list_del(&req->req_list);
948                 if (!req->err)
949                         req->err = err;
950
951                 if (req->cb)
952                         (*req->cb) (req->cba, req->tcall, req->rcall, req->err);
953                 else
954                         kfree(req->rcall);
955
956                 kfree(req);
957         }
958
959         wake_up(&m->equeue);
960 }
961
962 static u16 v9fs_mux_get_tag(struct v9fs_mux_data *m)
963 {
964         int tag;
965
966         tag = v9fs_get_idpool(&m->tidpool);
967         if (tag < 0)
968                 return V9FS_NOTAG;
969         else
970                 return (u16) tag;
971 }
972
973 static void v9fs_mux_put_tag(struct v9fs_mux_data *m, u16 tag)
974 {
975         if (tag != V9FS_NOTAG && v9fs_check_idpool(tag, &m->tidpool))
976                 v9fs_put_idpool(tag, &m->tidpool);
977 }