in pvcalls-front.c [1000:1081]
int pvcalls_front_release(struct socket *sock)
{
struct pvcalls_bedata *bedata;
struct sock_mapping *map;
int req_id, notify, ret;
struct xen_pvcalls_request *req;
if (sock->sk == NULL)
return 0;
map = pvcalls_enter_sock(sock);
if (IS_ERR(map)) {
if (PTR_ERR(map) == -ENOTCONN)
return -EIO;
else
return 0;
}
bedata = dev_get_drvdata(&pvcalls_front_dev->dev);
spin_lock(&bedata->socket_lock);
ret = get_request(bedata, &req_id);
if (ret < 0) {
spin_unlock(&bedata->socket_lock);
pvcalls_exit_sock(sock);
return ret;
}
sock->sk->sk_send_head = NULL;
req = RING_GET_REQUEST(&bedata->ring, req_id);
req->req_id = req_id;
req->cmd = PVCALLS_RELEASE;
req->u.release.id = (uintptr_t)map;
bedata->ring.req_prod_pvt++;
RING_PUSH_REQUESTS_AND_CHECK_NOTIFY(&bedata->ring, notify);
spin_unlock(&bedata->socket_lock);
if (notify)
notify_remote_via_irq(bedata->irq);
wait_event(bedata->inflight_req,
READ_ONCE(bedata->rsp[req_id].req_id) == req_id);
if (map->active_socket) {
/*
* Set in_error and wake up inflight_conn_req to force
* recvmsg waiters to exit.
*/
map->active.ring->in_error = -EBADF;
wake_up_interruptible(&map->active.inflight_conn_req);
/*
* We need to make sure that sendmsg/recvmsg on this socket have
* not started before we've cleared sk_send_head here. The
* easiest way to guarantee this is to see that no pvcalls
* (other than us) is in progress on this socket.
*/
while (atomic_read(&map->refcount) > 1)
cpu_relax();
pvcalls_front_free_map(bedata, map);
} else {
wake_up(&bedata->inflight_req);
wake_up(&map->passive.inflight_accept_req);
while (atomic_read(&map->refcount) > 1)
cpu_relax();
spin_lock(&bedata->socket_lock);
list_del(&map->list);
spin_unlock(&bedata->socket_lock);
if (READ_ONCE(map->passive.inflight_req_id) != PVCALLS_INVALID_ID &&
READ_ONCE(map->passive.inflight_req_id) != 0) {
pvcalls_front_free_map(bedata,
map->passive.accept_map);
}
kfree(map);
}
WRITE_ONCE(bedata->rsp[req_id].req_id, PVCALLS_INVALID_ID);
pvcalls_exit();
return 0;
}