[LSM-IPSec]: Security association restriction.
[linux-2.6.git] / net / core / flow.c
1 /* flow.c: Generic flow cache.
2  *
3  * Copyright (C) 2003 Alexey N. Kuznetsov (kuznet@ms2.inr.ac.ru)
4  * Copyright (C) 2003 David S. Miller (davem@redhat.com)
5  */
6
7 #include <linux/kernel.h>
8 #include <linux/module.h>
9 #include <linux/list.h>
10 #include <linux/jhash.h>
11 #include <linux/interrupt.h>
12 #include <linux/mm.h>
13 #include <linux/random.h>
14 #include <linux/init.h>
15 #include <linux/slab.h>
16 #include <linux/smp.h>
17 #include <linux/completion.h>
18 #include <linux/percpu.h>
19 #include <linux/bitops.h>
20 #include <linux/notifier.h>
21 #include <linux/cpu.h>
22 #include <linux/cpumask.h>
23 #include <net/flow.h>
24 #include <asm/atomic.h>
25 #include <asm/semaphore.h>
26 #include <linux/security.h>
27
28 struct flow_cache_entry {
29         struct flow_cache_entry *next;
30         u16                     family;
31         u8                      dir;
32         struct flowi            key;
33         u32                     genid;
34         u32                     sk_sid;
35         void                    *object;
36         atomic_t                *object_ref;
37 };
38
39 atomic_t flow_cache_genid = ATOMIC_INIT(0);
40
41 static u32 flow_hash_shift;
42 #define flow_hash_size  (1 << flow_hash_shift)
43 static DEFINE_PER_CPU(struct flow_cache_entry **, flow_tables) = { NULL };
44
45 #define flow_table(cpu) (per_cpu(flow_tables, cpu))
46
47 static kmem_cache_t *flow_cachep __read_mostly;
48
49 static int flow_lwm, flow_hwm;
50
51 struct flow_percpu_info {
52         int hash_rnd_recalc;
53         u32 hash_rnd;
54         int count;
55 } ____cacheline_aligned;
56 static DEFINE_PER_CPU(struct flow_percpu_info, flow_hash_info) = { 0 };
57
58 #define flow_hash_rnd_recalc(cpu) \
59         (per_cpu(flow_hash_info, cpu).hash_rnd_recalc)
60 #define flow_hash_rnd(cpu) \
61         (per_cpu(flow_hash_info, cpu).hash_rnd)
62 #define flow_count(cpu) \
63         (per_cpu(flow_hash_info, cpu).count)
64
65 static struct timer_list flow_hash_rnd_timer;
66
67 #define FLOW_HASH_RND_PERIOD    (10 * 60 * HZ)
68
69 struct flow_flush_info {
70         atomic_t cpuleft;
71         struct completion completion;
72 };
73 static DEFINE_PER_CPU(struct tasklet_struct, flow_flush_tasklets) = { NULL };
74
75 #define flow_flush_tasklet(cpu) (&per_cpu(flow_flush_tasklets, cpu))
76
77 static void flow_cache_new_hashrnd(unsigned long arg)
78 {
79         int i;
80
81         for_each_cpu(i)
82                 flow_hash_rnd_recalc(i) = 1;
83
84         flow_hash_rnd_timer.expires = jiffies + FLOW_HASH_RND_PERIOD;
85         add_timer(&flow_hash_rnd_timer);
86 }
87
88 static void __flow_cache_shrink(int cpu, int shrink_to)
89 {
90         struct flow_cache_entry *fle, **flp;
91         int i;
92
93         for (i = 0; i < flow_hash_size; i++) {
94                 int k = 0;
95
96                 flp = &flow_table(cpu)[i];
97                 while ((fle = *flp) != NULL && k < shrink_to) {
98                         k++;
99                         flp = &fle->next;
100                 }
101                 while ((fle = *flp) != NULL) {
102                         *flp = fle->next;
103                         if (fle->object)
104                                 atomic_dec(fle->object_ref);
105                         kmem_cache_free(flow_cachep, fle);
106                         flow_count(cpu)--;
107                 }
108         }
109 }
110
111 static void flow_cache_shrink(int cpu)
112 {
113         int shrink_to = flow_lwm / flow_hash_size;
114
115         __flow_cache_shrink(cpu, shrink_to);
116 }
117
118 static void flow_new_hash_rnd(int cpu)
119 {
120         get_random_bytes(&flow_hash_rnd(cpu), sizeof(u32));
121         flow_hash_rnd_recalc(cpu) = 0;
122
123         __flow_cache_shrink(cpu, 0);
124 }
125
126 static u32 flow_hash_code(struct flowi *key, int cpu)
127 {
128         u32 *k = (u32 *) key;
129
130         return (jhash2(k, (sizeof(*key) / sizeof(u32)), flow_hash_rnd(cpu)) &
131                 (flow_hash_size - 1));
132 }
133
134 #if (BITS_PER_LONG == 64)
135 typedef u64 flow_compare_t;
136 #else
137 typedef u32 flow_compare_t;
138 #endif
139
140 extern void flowi_is_missized(void);
141
142 /* I hear what you're saying, use memcmp.  But memcmp cannot make
143  * important assumptions that we can here, such as alignment and
144  * constant size.
145  */
146 static int flow_key_compare(struct flowi *key1, struct flowi *key2)
147 {
148         flow_compare_t *k1, *k1_lim, *k2;
149         const int n_elem = sizeof(struct flowi) / sizeof(flow_compare_t);
150
151         if (sizeof(struct flowi) % sizeof(flow_compare_t))
152                 flowi_is_missized();
153
154         k1 = (flow_compare_t *) key1;
155         k1_lim = k1 + n_elem;
156
157         k2 = (flow_compare_t *) key2;
158
159         do {
160                 if (*k1++ != *k2++)
161                         return 1;
162         } while (k1 < k1_lim);
163
164         return 0;
165 }
166
167 void *flow_cache_lookup(struct flowi *key, u32 sk_sid, u16 family, u8 dir,
168                         flow_resolve_t resolver)
169 {
170         struct flow_cache_entry *fle, **head;
171         unsigned int hash;
172         int cpu;
173
174         local_bh_disable();
175         cpu = smp_processor_id();
176
177         fle = NULL;
178         /* Packet really early in init?  Making flow_cache_init a
179          * pre-smp initcall would solve this.  --RR */
180         if (!flow_table(cpu))
181                 goto nocache;
182
183         if (flow_hash_rnd_recalc(cpu))
184                 flow_new_hash_rnd(cpu);
185         hash = flow_hash_code(key, cpu);
186
187         head = &flow_table(cpu)[hash];
188         for (fle = *head; fle; fle = fle->next) {
189                 if (fle->family == family &&
190                     fle->dir == dir &&
191                     fle->sk_sid == sk_sid &&
192                     flow_key_compare(key, &fle->key) == 0) {
193                         if (fle->genid == atomic_read(&flow_cache_genid)) {
194                                 void *ret = fle->object;
195
196                                 if (ret)
197                                         atomic_inc(fle->object_ref);
198                                 local_bh_enable();
199
200                                 return ret;
201                         }
202                         break;
203                 }
204         }
205
206         if (!fle) {
207                 if (flow_count(cpu) > flow_hwm)
208                         flow_cache_shrink(cpu);
209
210                 fle = kmem_cache_alloc(flow_cachep, SLAB_ATOMIC);
211                 if (fle) {
212                         fle->next = *head;
213                         *head = fle;
214                         fle->family = family;
215                         fle->dir = dir;
216                         fle->sk_sid = sk_sid;
217                         memcpy(&fle->key, key, sizeof(*key));
218                         fle->object = NULL;
219                         flow_count(cpu)++;
220                 }
221         }
222
223 nocache:
224         {
225                 void *obj;
226                 atomic_t *obj_ref;
227
228                 resolver(key, sk_sid, family, dir, &obj, &obj_ref);
229
230                 if (fle) {
231                         fle->genid = atomic_read(&flow_cache_genid);
232
233                         if (fle->object)
234                                 atomic_dec(fle->object_ref);
235
236                         fle->object = obj;
237                         fle->object_ref = obj_ref;
238                         if (obj)
239                                 atomic_inc(fle->object_ref);
240                 }
241                 local_bh_enable();
242
243                 return obj;
244         }
245 }
246
247 static void flow_cache_flush_tasklet(unsigned long data)
248 {
249         struct flow_flush_info *info = (void *)data;
250         int i;
251         int cpu;
252
253         cpu = smp_processor_id();
254         for (i = 0; i < flow_hash_size; i++) {
255                 struct flow_cache_entry *fle;
256
257                 fle = flow_table(cpu)[i];
258                 for (; fle; fle = fle->next) {
259                         unsigned genid = atomic_read(&flow_cache_genid);
260
261                         if (!fle->object || fle->genid == genid)
262                                 continue;
263
264                         fle->object = NULL;
265                         atomic_dec(fle->object_ref);
266                 }
267         }
268
269         if (atomic_dec_and_test(&info->cpuleft))
270                 complete(&info->completion);
271 }
272
273 static void flow_cache_flush_per_cpu(void *) __attribute__((__unused__));
274 static void flow_cache_flush_per_cpu(void *data)
275 {
276         struct flow_flush_info *info = data;
277         int cpu;
278         struct tasklet_struct *tasklet;
279
280         cpu = smp_processor_id();
281
282         tasklet = flow_flush_tasklet(cpu);
283         tasklet->data = (unsigned long)info;
284         tasklet_schedule(tasklet);
285 }
286
287 void flow_cache_flush(void)
288 {
289         struct flow_flush_info info;
290         static DECLARE_MUTEX(flow_flush_sem);
291
292         /* Don't want cpus going down or up during this. */
293         lock_cpu_hotplug();
294         down(&flow_flush_sem);
295         atomic_set(&info.cpuleft, num_online_cpus());
296         init_completion(&info.completion);
297
298         local_bh_disable();
299         smp_call_function(flow_cache_flush_per_cpu, &info, 1, 0);
300         flow_cache_flush_tasklet((unsigned long)&info);
301         local_bh_enable();
302
303         wait_for_completion(&info.completion);
304         up(&flow_flush_sem);
305         unlock_cpu_hotplug();
306 }
307
308 static void __devinit flow_cache_cpu_prepare(int cpu)
309 {
310         struct tasklet_struct *tasklet;
311         unsigned long order;
312
313         for (order = 0;
314              (PAGE_SIZE << order) <
315                      (sizeof(struct flow_cache_entry *)*flow_hash_size);
316              order++)
317                 /* NOTHING */;
318
319         flow_table(cpu) = (struct flow_cache_entry **)
320                 __get_free_pages(GFP_KERNEL, order);
321         if (!flow_table(cpu))
322                 panic("NET: failed to allocate flow cache order %lu\n", order);
323
324         memset(flow_table(cpu), 0, PAGE_SIZE << order);
325
326         flow_hash_rnd_recalc(cpu) = 1;
327         flow_count(cpu) = 0;
328
329         tasklet = flow_flush_tasklet(cpu);
330         tasklet_init(tasklet, flow_cache_flush_tasklet, 0);
331 }
332
333 #ifdef CONFIG_HOTPLUG_CPU
334 static int flow_cache_cpu(struct notifier_block *nfb,
335                           unsigned long action,
336                           void *hcpu)
337 {
338         if (action == CPU_DEAD)
339                 __flow_cache_shrink((unsigned long)hcpu, 0);
340         return NOTIFY_OK;
341 }
342 #endif /* CONFIG_HOTPLUG_CPU */
343
344 static int __init flow_cache_init(void)
345 {
346         int i;
347
348         flow_cachep = kmem_cache_create("flow_cache",
349                                         sizeof(struct flow_cache_entry),
350                                         0, SLAB_HWCACHE_ALIGN,
351                                         NULL, NULL);
352
353         if (!flow_cachep)
354                 panic("NET: failed to allocate flow cache slab\n");
355
356         flow_hash_shift = 10;
357         flow_lwm = 2 * flow_hash_size;
358         flow_hwm = 4 * flow_hash_size;
359
360         init_timer(&flow_hash_rnd_timer);
361         flow_hash_rnd_timer.function = flow_cache_new_hashrnd;
362         flow_hash_rnd_timer.expires = jiffies + FLOW_HASH_RND_PERIOD;
363         add_timer(&flow_hash_rnd_timer);
364
365         for_each_cpu(i)
366                 flow_cache_cpu_prepare(i);
367
368         hotcpu_notifier(flow_cache_cpu, 0);
369         return 0;
370 }
371
372 module_init(flow_cache_init);
373
374 EXPORT_SYMBOL(flow_cache_genid);
375 EXPORT_SYMBOL(flow_cache_lookup);