Djalal Harouni tixxdz

## 0001-endpoint-policy-revert-commits-48aa398-and-513e096-t
From b95cb21647c7b2fb1083bded8095b88e78f74269 Mon Sep 17 00:00:00 2001
From: Djalal Harouni <tixxdz@opendz.org>
Date: Wed, 19 Nov 2014 08:27:12 +0100
Subject: [PATCH 1/2] endpoint, policy: revert commits 48aa398 and 513e096 the
 locking was correct

Locking conn->lock first, then db->entries_rwlock may deadlock with:
kdbus_cmd_name_list()
  => down_read(&policy_db->entries_rwlock);
  => kdbus_name_list_all()

## gist:56281aa5592632eb32f9
diff --git a/connection.c b/connection.c
index 5879833..345d155 100644
--- a/connection.c
+++ b/connection.c
@@ -517,21 +517,28 @@ static int kdbus_conn_entry_sync_attach(struct kdbus_conn *conn_dst,

 	mutex_lock(&conn_dst->lock);

+	if (conn_dst->queue.msg_count >= KDBUS_CONN_MAX_MSGS) {
+		ret = -ENOBUFS;

## gist:093ef83ff97652512614
diff --git a/kdbus.txt b/kdbus.txt
index c7a233e..708cb0b 100644
--- a/kdbus.txt
+++ b/kdbus.txt
@@ -1940,8 +1940,8 @@ For KDBUS_CMD_SEND:
                file descriptors are either kdbus handles or unix domain
                sockets. Both are currently unsupported
   -EINVAL      The submitted payload type is KDBUS_PAYLOAD_KERNEL,
-               KDBUS_MSG_EXPECT_REPLY was set without a timeout value,
-               KDBUS_MSG_SYNC_REPLY was set without

## gist:0061a3861f6167250db9
kdbus git head commit e7ddfb1da4ad1

date: Thu Jan 22 13:38:08 CET 2015

repo: http://code.google.com/p/d-bus/  - kernel 3.19.0-rc3+

gcov stats after "make stt" only kdbus selftest results:

File '/home/tixxdz/code/d-bus-new-clean/bus.c'
Lines executed:89.01% of 191

## gist:4c19d73bdd5c2a636397
From bdfa45b91f20d7b7e8d8880e0ca01df5a1d9226c Mon Sep 17 00:00:00 2001
From: Djalal Harouni <tixxdz@opendz.org>
Date: Fri, 6 Feb 2015 21:01:51 +0100
Subject: [PATCH 1/2] pool: make kdbus_pool_slice_alloc() only for slice
 allocation

Make kdbus_pool_slice_alloc() only for allocation. Distinguish between
slice allocation and kvec or iovec copying, the latter should be called
outside of this function, especially if the current use do not force or
really make use of kvec or iovec at the same time.

## gist:79d035d51ac2b7abf8ee
diff --git a/connection.c b/connection.c
index ec0f6b0..c135419 100644
--- a/connection.c
+++ b/connection.c
@@ -640,7 +640,9 @@ static int kdbus_conn_quota(struct kdbus_conn *c, struct kdbus_user *u,

 	/* per user-accounting is expensive, so we keep state small */
 	BUILD_BUG_ON(sizeof(quota->memory) != 4);
+	BUILD_BUG_ON(sizeof(quota->msgs) != 1);
 	BUILD_BUG_ON(sizeof(quota->fds) != 1);

## gist:ee7ce12e79459516c35c
diff --git a/connection.c b/connection.c
index ec0f6b0..c135419 100644
--- a/connection.c
+++ b/connection.c
@@ -640,7 +640,9 @@ static int kdbus_conn_quota(struct kdbus_conn *c, struct kdbus_user *u,

 	/* per user-accounting is expensive, so we keep state small */
 	BUILD_BUG_ON(sizeof(quota->memory) != 4);
+	BUILD_BUG_ON(sizeof(quota->msgs) != 1);
 	BUILD_BUG_ON(sizeof(quota->fds) != 1);

## gist:f4324fafa5f4445a3b9b
From 93007c444d761e9d1f4498fbe8fc6d59570ab3e5 Mon Sep 17 00:00:00 2001
From: Djalal Harouni <tixxdz@opendz.org>
Date: Mon, 23 Feb 2015 18:13:41 +0100
Subject: [PATCH] connection: more improvements on the quota accounting

Currently the quota accounting is per pool-memory usage. Each user should
have its share of the target pool memory if there is still space.
However users sending small or empty messages will be able to queue lot
of messages, and hit the KDBUS_CONN_MAX_MSGS==256 limit, this will make
the remote peer to lose further messages since the maximum number of

## gist:b32d0976822da54cf8be
kdbus_pool_slice_move() is called by kdbus_name_release_unlocked() when we want to release a name and hand it back to an activator, in this case we must check if the connection releasing its name is pushing to the activator a slice that will consume more than the half of the remaining space... otherwise the activator want have pool space to handle its own operations.

This may cause bugs, if connections accumulate lot of messages then move them, however we increment the lost_count, so perhaps just document the fact moving messages from/to activator may cause messages to be lost, connections may check the dropped_msgs field...

diff --git a/pool.c b/pool.c
index bed2e34..194636b 100644
--- a/pool.c
+++ b/pool.c
@@ -718,8 +718,17 @@ int kdbus_pool_slice_move(struct kdbus_pool *pool_dst,
 {

## gist:a8569ea84498626a53ae
[  376.338853] ------------[ cut here ]------------
[  376.339772] WARNING: CPU: 3 PID: 1681 at lib/list_debug.c:33 __list_add+0xa0/0xd0()
[  376.341223] list_add corruption. prev->next should be next (ffff880035e036c8), but was           (null). (prev=ffff88006a50db40).
[  376.343545] Modules linked in: kdbus(OE) ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack cfg80211 rfkill ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_mangle iptable_security iptable_raw ppdev parport_pc parport i2c_piix4 serio_raw 8139too microcode bochs_drm drm_kms_helper ttm drm 8139cp mii ata_generic i2c_core pata_acpi
[  376.360830] CPU: 3 PID: 1681 Comm: kdbus-test Tainted: G        W  OE   3.19.0+ #8
[  376.362397] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  376.363667]  0000000000000000 00000000857e4f97 ffff880068c63b88 ffffffff81840da2
[  376.365165]  000000000000000
	From b95cb21647c7b2fb1083bded8095b88e78f74269 Mon Sep 17 00:00:00 2001
	From: Djalal Harouni <tixxdz@opendz.org>
	Date: Wed, 19 Nov 2014 08:27:12 +0100
	Subject: [PATCH 1/2] endpoint, policy: revert commits 48aa398 and 513e096 the
	locking was correct

	Locking conn->lock first, then db->entries_rwlock may deadlock with:
	kdbus_cmd_name_list()
	=> down_read(&policy_db->entries_rwlock);
	=> kdbus_name_list_all()
	diff --git a/connection.c b/connection.c
	index 5879833..345d155 100644
	--- a/connection.c
	+++ b/connection.c
	@@ -517,21 +517,28 @@ static int kdbus_conn_entry_sync_attach(struct kdbus_conn *conn_dst,

	mutex_lock(&conn_dst->lock);

	+ if (conn_dst->queue.msg_count >= KDBUS_CONN_MAX_MSGS) {
	+ ret = -ENOBUFS;
	diff --git a/kdbus.txt b/kdbus.txt
	index c7a233e..708cb0b 100644
	--- a/kdbus.txt
	+++ b/kdbus.txt
	@@ -1940,8 +1940,8 @@ For KDBUS_CMD_SEND:
	file descriptors are either kdbus handles or unix domain
	sockets. Both are currently unsupported
	-EINVAL The submitted payload type is KDBUS_PAYLOAD_KERNEL,
	- KDBUS_MSG_EXPECT_REPLY was set without a timeout value,
	- KDBUS_MSG_SYNC_REPLY was set without
	kdbus git head commit e7ddfb1da4ad1

	date: Thu Jan 22 13:38:08 CET 2015

	repo: http://code.google.com/p/d-bus/ - kernel 3.19.0-rc3+

	gcov stats after "make stt" only kdbus selftest results:

	File '/home/tixxdz/code/d-bus-new-clean/bus.c'
	Lines executed:89.01% of 191
	From bdfa45b91f20d7b7e8d8880e0ca01df5a1d9226c Mon Sep 17 00:00:00 2001
	From: Djalal Harouni <tixxdz@opendz.org>
	Date: Fri, 6 Feb 2015 21:01:51 +0100
	Subject: [PATCH 1/2] pool: make kdbus_pool_slice_alloc() only for slice
	allocation

	Make kdbus_pool_slice_alloc() only for allocation. Distinguish between
	slice allocation and kvec or iovec copying, the latter should be called
	outside of this function, especially if the current use do not force or
	really make use of kvec or iovec at the same time.
	diff --git a/connection.c b/connection.c
	index ec0f6b0..c135419 100644
	--- a/connection.c
	+++ b/connection.c
	@@ -640,7 +640,9 @@ static int kdbus_conn_quota(struct kdbus_conn c, struct kdbus_user u,

	/* per user-accounting is expensive, so we keep state small */
	BUILD_BUG_ON(sizeof(quota->memory) != 4);
	+ BUILD_BUG_ON(sizeof(quota->msgs) != 1);
	BUILD_BUG_ON(sizeof(quota->fds) != 1);
	From 93007c444d761e9d1f4498fbe8fc6d59570ab3e5 Mon Sep 17 00:00:00 2001
	From: Djalal Harouni <tixxdz@opendz.org>
	Date: Mon, 23 Feb 2015 18:13:41 +0100
	Subject: [PATCH] connection: more improvements on the quota accounting

	Currently the quota accounting is per pool-memory usage. Each user should
	have its share of the target pool memory if there is still space.
	However users sending small or empty messages will be able to queue lot
	of messages, and hit the KDBUS_CONN_MAX_MSGS==256 limit, this will make
	the remote peer to lose further messages since the maximum number of
	kdbus_pool_slice_move() is called by kdbus_name_release_unlocked() when we want to release a name and hand it back to an activator, in this case we must check if the connection releasing its name is pushing to the activator a slice that will consume more than the half of the remaining space... otherwise the activator want have pool space to handle its own operations.

	This may cause bugs, if connections accumulate lot of messages then move them, however we increment the lost_count, so perhaps just document the fact moving messages from/to activator may cause messages to be lost, connections may check the dropped_msgs field...

	diff --git a/pool.c b/pool.c
	index bed2e34..194636b 100644
	--- a/pool.c
	+++ b/pool.c
	@@ -718,8 +718,17 @@ int kdbus_pool_slice_move(struct kdbus_pool *pool_dst,
	{
	[ 376.338853] ------------[ cut here ]------------
	[ 376.339772] WARNING: CPU: 3 PID: 1681 at lib/list_debug.c:33 __list_add+0xa0/0xd0()
	[ 376.341223] list_add corruption. prev->next should be next (ffff880035e036c8), but was (null). (prev=ffff88006a50db40).
	[ 376.343545] Modules linked in: kdbus(OE) ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack cfg80211 rfkill ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_mangle iptable_security iptable_raw ppdev parport_pc parport i2c_piix4 serio_raw 8139too microcode bochs_drm drm_kms_helper ttm drm 8139cp mii ata_generic i2c_core pata_acpi
	[ 376.360830] CPU: 3 PID: 1681 Comm: kdbus-test Tainted: G W OE 3.19.0+ #8
	[ 376.362397] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
	[ 376.363667] 0000000000000000 00000000857e4f97 ffff880068c63b88 ffffffff81840da2
	[ 376.365165] 000000000000000