]> git.ipfire.org Git - thirdparty/linux.git/blob - fs/smb/client/transport.c
projects / thirdparty / linux.git / blob
? search:


d553b7a54621bc0c77d98d55e151805900b09ddd
[thirdparty/linux.git] / fs / smb / client / transport.c
1 // SPDX-License-Identifier: LGPL-2.1
2 /*
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 * Jeremy Allison (jra@samba.org) 2006.
7 *
8 */
9
10 #include <linux/fs.h>
11 #include <linux/list.h>
12 #include <linux/gfp.h>
13 #include <linux/wait.h>
14 #include <linux/net.h>
15 #include <linux/delay.h>
16 #include <linux/freezer.h>
17 #include <linux/tcp.h>
18 #include <linux/bvec.h>
19 #include <linux/highmem.h>
20 #include <linux/uaccess.h>
21 #include <linux/processor.h>
22 #include <linux/mempool.h>
23 #include <linux/sched/signal.h>
24 #include <linux/task_io_accounting_ops.h>
25 #include "cifspdu.h"
26 #include "cifsglob.h"
27 #include "cifsproto.h"
28 #include "cifs_debug.h"
29 #include "smb2proto.h"
30 #include "smbdirect.h"
31
32 /* Max number of iovectors we can use off the stack when sending requests. */
33 #define CIFS_MAX_IOV_SIZE 8
34
35 void
36 cifs_wake_up_task(struct mid_q_entry *mid)
37 {
38 if (mid->mid_state == MID_RESPONSE_RECEIVED)
39 mid->mid_state = MID_RESPONSE_READY;
40 wake_up_process(mid->callback_data);
41 }
42
43 static struct mid_q_entry *
44 alloc_mid(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server)
45 {
46 struct mid_q_entry *temp;
47
48 if (server == NULL) {
49 cifs_dbg(VFS, "%s: null TCP session\n", __func__);
50 return NULL;
51 }
52
53 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
54 memset(temp, 0, sizeof(struct mid_q_entry));
55 kref_init(&temp->refcount);
56 temp->mid = get_mid(smb_buffer);
57 temp->pid = current->pid;
58 temp->command = cpu_to_le16(smb_buffer->Command);
59 cifs_dbg(FYI, "For smb_command %d\n", smb_buffer->Command);
60 /* easier to use jiffies */
61 /* when mid allocated can be before when sent */
62 temp->when_alloc = jiffies;
63 temp->server = server;
64
65 /*
66 * The default is for the mid to be synchronous, so the
67 * default callback just wakes up the current task.
68 */
69 get_task_struct(current);
70 temp->creator = current;
71 temp->callback = cifs_wake_up_task;
72 temp->callback_data = current;
73
74 atomic_inc(&mid_count);
75 temp->mid_state = MID_REQUEST_ALLOCATED;
76 return temp;
77 }
78
79 void __release_mid(struct kref *refcount)
80 {
81 struct mid_q_entry *midEntry =
82 container_of(refcount, struct mid_q_entry, refcount);
83 #ifdef CONFIG_CIFS_STATS2
84 __le16 command = midEntry->server->vals->lock_cmd;
85 __u16 smb_cmd = le16_to_cpu(midEntry->command);
86 unsigned long now;
87 unsigned long roundtrip_time;
88 #endif
89 struct TCP_Server_Info *server = midEntry->server;
90
91 if (midEntry->resp_buf && (midEntry->mid_flags & MID_WAIT_CANCELLED) &&
92 (midEntry->mid_state == MID_RESPONSE_RECEIVED ||
93 midEntry->mid_state == MID_RESPONSE_READY) &&
94 server->ops->handle_cancelled_mid)
95 server->ops->handle_cancelled_mid(midEntry, server);
96
97 midEntry->mid_state = MID_FREE;
98 atomic_dec(&mid_count);
99 if (midEntry->large_buf)
100 cifs_buf_release(midEntry->resp_buf);
101 else
102 cifs_small_buf_release(midEntry->resp_buf);
103 #ifdef CONFIG_CIFS_STATS2
104 now = jiffies;
105 if (now < midEntry->when_alloc)
106 cifs_server_dbg(VFS, "Invalid mid allocation time\n");
107 roundtrip_time = now - midEntry->when_alloc;
108
109 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) {
110 if (atomic_read(&server->num_cmds[smb_cmd]) == 0) {
111 server->slowest_cmd[smb_cmd] = roundtrip_time;
112 server->fastest_cmd[smb_cmd] = roundtrip_time;
113 } else {
114 if (server->slowest_cmd[smb_cmd] < roundtrip_time)
115 server->slowest_cmd[smb_cmd] = roundtrip_time;
116 else if (server->fastest_cmd[smb_cmd] > roundtrip_time)
117 server->fastest_cmd[smb_cmd] = roundtrip_time;
118 }
119 cifs_stats_inc(&server->num_cmds[smb_cmd]);
120 server->time_per_cmd[smb_cmd] += roundtrip_time;
121 }
122 /*
123 * commands taking longer than one second (default) can be indications
124 * that something is wrong, unless it is quite a slow link or a very
125 * busy server. Note that this calc is unlikely or impossible to wrap
126 * as long as slow_rsp_threshold is not set way above recommended max
127 * value (32767 ie 9 hours) and is generally harmless even if wrong
128 * since only affects debug counters - so leaving the calc as simple
129 * comparison rather than doing multiple conversions and overflow
130 * checks
131 */
132 if ((slow_rsp_threshold != 0) &&
133 time_after(now, midEntry->when_alloc + (slow_rsp_threshold * HZ)) &&
134 (midEntry->command != command)) {
135 /*
136 * smb2slowcmd[NUMBER_OF_SMB2_COMMANDS] counts by command
137 * NB: le16_to_cpu returns unsigned so can not be negative below
138 */
139 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS)
140 cifs_stats_inc(&server->smb2slowcmd[smb_cmd]);
141
142 trace_smb3_slow_rsp(smb_cmd, midEntry->mid, midEntry->pid,
143 midEntry->when_sent, midEntry->when_received);
144 if (cifsFYI & CIFS_TIMER) {
145 pr_debug("slow rsp: cmd %d mid %llu",
146 midEntry->command, midEntry->mid);
147 cifs_info("A: 0x%lx S: 0x%lx R: 0x%lx\n",
148 now - midEntry->when_alloc,
149 now - midEntry->when_sent,
150 now - midEntry->when_received);
151 }
152 }
153 #endif
154 put_task_struct(midEntry->creator);
155
156 mempool_free(midEntry, cifs_mid_poolp);
157 }
158
159 void
160 delete_mid(struct mid_q_entry *mid)
161 {
162 spin_lock(&mid->server->mid_lock);
163 if (!(mid->mid_flags & MID_DELETED)) {
164 list_del_init(&mid->qhead);
165 mid->mid_flags |= MID_DELETED;
166 }
167 spin_unlock(&mid->server->mid_lock);
168
169 release_mid(mid);
170 }
171
172 /*
173 * smb_send_kvec - send an array of kvecs to the server
174 * @server: Server to send the data to
175 * @smb_msg: Message to send
176 * @sent: amount of data sent on socket is stored here
177 *
178 * Our basic "send data to server" function. Should be called with srv_mutex
179 * held. The caller is responsible for handling the results.
180 */
181 static int
182 smb_send_kvec(struct TCP_Server_Info *server, struct msghdr *smb_msg,
183 size_t *sent)
184 {
185 int rc = 0;
186 int retries = 0;
187 struct socket *ssocket = server->ssocket;
188
189 *sent = 0;
190
191 if (server->noblocksnd)
192 smb_msg->msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL;
193 else
194 smb_msg->msg_flags = MSG_NOSIGNAL;
195
196 while (msg_data_left(smb_msg)) {
197 /*
198 * If blocking send, we try 3 times, since each can block
199 * for 5 seconds. For nonblocking we have to try more
200 * but wait increasing amounts of time allowing time for
201 * socket to clear. The overall time we wait in either
202 * case to send on the socket is about 15 seconds.
203 * Similarly we wait for 15 seconds for a response from
204 * the server in SendReceive[2] for the server to send
205 * a response back for most types of requests (except
206 * SMB Write past end of file which can be slow, and
207 * blocking lock operations). NFS waits slightly longer
208 * than CIFS, but this can make it take longer for
209 * nonresponsive servers to be detected and 15 seconds
210 * is more than enough time for modern networks to
211 * send a packet. In most cases if we fail to send
212 * after the retries we will kill the socket and
213 * reconnect which may clear the network problem.
214 */
215 rc = sock_sendmsg(ssocket, smb_msg);
216 if (rc == -EAGAIN) {
217 retries++;
218 if (retries >= 14 ||
219 (!server->noblocksnd && (retries > 2))) {
220 cifs_server_dbg(VFS, "sends on sock %p stuck for 15 seconds\n",
221 ssocket);
222 return -EAGAIN;
223 }
224 msleep(1 << retries);
225 continue;
226 }
227
228 if (rc < 0)
229 return rc;
230
231 if (rc == 0) {
232 /* should never happen, letting socket clear before
233 retrying is our only obvious option here */
234 cifs_server_dbg(VFS, "tcp sent no data\n");
235 msleep(500);
236 continue;
237 }
238
239 /* send was at least partially successful */
240 *sent += rc;
241 retries = 0; /* in case we get ENOSPC on the next send */
242 }
243 return 0;
244 }
245
246 unsigned long
247 smb_rqst_len(struct TCP_Server_Info *server, struct smb_rqst *rqst)
248 {
249 unsigned int i;
250 struct kvec *iov;
251 int nvec;
252 unsigned long buflen = 0;
253
254 if (!is_smb1(server) && rqst->rq_nvec >= 2 &&
255 rqst->rq_iov[0].iov_len == 4) {
256 iov = &rqst->rq_iov[1];
257 nvec = rqst->rq_nvec - 1;
258 } else {
259 iov = rqst->rq_iov;
260 nvec = rqst->rq_nvec;
261 }
262
263 /* total up iov array first */
264 for (i = 0; i < nvec; i++)
265 buflen += iov[i].iov_len;
266
267 buflen += iov_iter_count(&rqst->rq_iter);
268 return buflen;
269 }
270
271 static int
272 __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
273 struct smb_rqst *rqst)
274 {
275 int rc;
276 struct kvec *iov;
277 int n_vec;
278 unsigned int send_length = 0;
279 unsigned int i, j;
280 sigset_t mask, oldmask;
281 size_t total_len = 0, sent, size;
282 struct socket *ssocket = server->ssocket;
283 struct msghdr smb_msg = {};
284 __be32 rfc1002_marker;
285
286 cifs_in_send_inc(server);
287 if (cifs_rdma_enabled(server)) {
288 /* return -EAGAIN when connecting or reconnecting */
289 rc = -EAGAIN;
290 if (server->smbd_conn)
291 rc = smbd_send(server, num_rqst, rqst);
292 goto smbd_done;
293 }
294
295 rc = -EAGAIN;
296 if (ssocket == NULL)
297 goto out;
298
299 rc = -ERESTARTSYS;
300 if (fatal_signal_pending(current)) {
301 cifs_dbg(FYI, "signal pending before send request\n");
302 goto out;
303 }
304
305 rc = 0;
306 /* cork the socket */
307 tcp_sock_set_cork(ssocket->sk, true);
308
309 for (j = 0; j < num_rqst; j++)
310 send_length += smb_rqst_len(server, &rqst[j]);
311 rfc1002_marker = cpu_to_be32(send_length);
312
313 /*
314 * We should not allow signals to interrupt the network send because
315 * any partial send will cause session reconnects thus increasing
316 * latency of system calls and overload a server with unnecessary
317 * requests.
318 */
319
320 sigfillset(&mask);
321 sigprocmask(SIG_BLOCK, &mask, &oldmask);
322
323 /* Generate a rfc1002 marker for SMB2+ */
324 if (!is_smb1(server)) {
325 struct kvec hiov = {
326 .iov_base = &rfc1002_marker,
327 .iov_len = 4
328 };
329 iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, &hiov, 1, 4);
330 rc = smb_send_kvec(server, &smb_msg, &sent);
331 if (rc < 0)
332 goto unmask;
333
334 total_len += sent;
335 send_length += 4;
336 }
337
338 cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length);
339
340 for (j = 0; j < num_rqst; j++) {
341 iov = rqst[j].rq_iov;
342 n_vec = rqst[j].rq_nvec;
343
344 size = 0;
345 for (i = 0; i < n_vec; i++) {
346 dump_smb(iov[i].iov_base, iov[i].iov_len);
347 size += iov[i].iov_len;
348 }
349
350 iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, iov, n_vec, size);
351
352 rc = smb_send_kvec(server, &smb_msg, &sent);
353 if (rc < 0)
354 goto unmask;
355
356 total_len += sent;
357
358 if (iov_iter_count(&rqst[j].rq_iter) > 0) {
359 smb_msg.msg_iter = rqst[j].rq_iter;
360 rc = smb_send_kvec(server, &smb_msg, &sent);
361 if (rc < 0)
362 break;
363 total_len += sent;
364 }
365
366 }
367
368 unmask:
369 sigprocmask(SIG_SETMASK, &oldmask, NULL);
370
371 /*
372 * If signal is pending but we have already sent the whole packet to
373 * the server we need to return success status to allow a corresponding
374 * mid entry to be kept in the pending requests queue thus allowing
375 * to handle responses from the server by the client.
376 *
377 * If only part of the packet has been sent there is no need to hide
378 * interrupt because the session will be reconnected anyway, so there
379 * won't be any response from the server to handle.
380 */
381
382 if (signal_pending(current) && (total_len != send_length)) {
383 cifs_dbg(FYI, "signal is pending after attempt to send\n");
384 rc = -ERESTARTSYS;
385 }
386
387 /* uncork it */
388 tcp_sock_set_cork(ssocket->sk, false);
389
390 if ((total_len > 0) && (total_len != send_length)) {
391 cifs_dbg(FYI, "partial send (wanted=%u sent=%zu): terminating session\n",
392 send_length, total_len);
393 /*
394 * If we have only sent part of an SMB then the next SMB could
395 * be taken as the remainder of this one. We need to kill the
396 * socket so the server throws away the partial SMB
397 */
398 cifs_signal_cifsd_for_reconnect(server, false);
399 trace_smb3_partial_send_reconnect(server->CurrentMid,
400 server->conn_id, server->hostname);
401 }
402 smbd_done:
403 if (rc < 0 && rc != -EINTR)
404 cifs_server_dbg(VFS, "Error %d sending data on socket to server\n",
405 rc);
406 else if (rc > 0)
407 rc = 0;
408 out:
409 cifs_in_send_dec(server);
410 return rc;
411 }
412
413 struct send_req_vars {
414 struct smb2_transform_hdr tr_hdr;
415 struct smb_rqst rqst[MAX_COMPOUND];
416 struct kvec iov;
417 };
418
419 static int
420 smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
421 struct smb_rqst *rqst, int flags)
422 {
423 struct send_req_vars *vars;
424 struct smb_rqst *cur_rqst;
425 struct kvec *iov;
426 int rc;
427
428 if (!(flags & CIFS_TRANSFORM_REQ))
429 return __smb_send_rqst(server, num_rqst, rqst);
430
431 if (num_rqst > MAX_COMPOUND - 1)
432 return -ENOMEM;
433
434 if (!server->ops->init_transform_rq) {
435 cifs_server_dbg(VFS, "Encryption requested but transform callback is missing\n");
436 return -EIO;
437 }
438
439 vars = kzalloc(sizeof(*vars), GFP_NOFS);
440 if (!vars)
441 return -ENOMEM;
442 cur_rqst = vars->rqst;
443 iov = &vars->iov;
444
445 iov->iov_base = &vars->tr_hdr;
446 iov->iov_len = sizeof(vars->tr_hdr);
447 cur_rqst[0].rq_iov = iov;
448 cur_rqst[0].rq_nvec = 1;
449
450 rc = server->ops->init_transform_rq(server, num_rqst + 1,
451 &cur_rqst[0], rqst);
452 if (rc)
453 goto out;
454
455 rc = __smb_send_rqst(server, num_rqst + 1, &cur_rqst[0]);
456 smb3_free_compound_rqst(num_rqst, &cur_rqst[1]);
457 out:
458 kfree(vars);
459 return rc;
460 }
461
462 int
463 smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer,
464 unsigned int smb_buf_length)
465 {
466 struct kvec iov[2];
467 struct smb_rqst rqst = { .rq_iov = iov,
468 .rq_nvec = 2 };
469
470 iov[0].iov_base = smb_buffer;
471 iov[0].iov_len = 4;
472 iov[1].iov_base = (char *)smb_buffer + 4;
473 iov[1].iov_len = smb_buf_length;
474
475 return __smb_send_rqst(server, 1, &rqst);
476 }
477
478 static int
479 wait_for_free_credits(struct TCP_Server_Info *server, const int num_credits,
480 const int timeout, const int flags,
481 unsigned int *instance)
482 {
483 long rc;
484 int *credits;
485 int optype;
486 long int t;
487 int scredits, in_flight;
488
489 if (timeout < 0)
490 t = MAX_JIFFY_OFFSET;
491 else
492 t = msecs_to_jiffies(timeout);
493
494 optype = flags & CIFS_OP_MASK;
495
496 *instance = 0;
497
498 credits = server->ops->get_credits_field(server, optype);
499 /* Since an echo is already inflight, no need to wait to send another */
500 if (*credits <= 0 && optype == CIFS_ECHO_OP)
501 return -EAGAIN;
502
503 spin_lock(&server->req_lock);
504 if ((flags & CIFS_TIMEOUT_MASK) == CIFS_NON_BLOCKING) {
505 /* oplock breaks must not be held up */
506 server->in_flight++;
507 if (server->in_flight > server->max_in_flight)
508 server->max_in_flight = server->in_flight;
509 *credits -= 1;
510 *instance = server->reconnect_instance;
511 scredits = *credits;
512 in_flight = server->in_flight;
513 spin_unlock(&server->req_lock);
514
515 trace_smb3_nblk_credits(server->CurrentMid,
516 server->conn_id, server->hostname, scredits, -1, in_flight);
517 cifs_dbg(FYI, "%s: remove %u credits total=%d\n",
518 __func__, 1, scredits);
519
520 return 0;
521 }
522
523 while (1) {
524 spin_unlock(&server->req_lock);
525
526 spin_lock(&server->srv_lock);
527 if (server->tcpStatus == CifsExiting) {
528 spin_unlock(&server->srv_lock);
529 return -ENOENT;
530 }
531 spin_unlock(&server->srv_lock);
532
533 spin_lock(&server->req_lock);
534 if (*credits < num_credits) {
535 scredits = *credits;
536 spin_unlock(&server->req_lock);
537
538 cifs_num_waiters_inc(server);
539 rc = wait_event_killable_timeout(server->request_q,
540 has_credits(server, credits, num_credits), t);
541 cifs_num_waiters_dec(server);
542 if (!rc) {
543 spin_lock(&server->req_lock);
544 scredits = *credits;
545 in_flight = server->in_flight;
546 spin_unlock(&server->req_lock);
547
548 trace_smb3_credit_timeout(server->CurrentMid,
549 server->conn_id, server->hostname, scredits,
550 num_credits, in_flight);
551 cifs_server_dbg(VFS, "wait timed out after %d ms\n",
552 timeout);
553 return -EBUSY;
554 }
555 if (rc == -ERESTARTSYS)
556 return -ERESTARTSYS;
557 spin_lock(&server->req_lock);
558 } else {
559 /*
560 * For normal commands, reserve the last MAX_COMPOUND
561 * credits to compound requests.
562 * Otherwise these compounds could be permanently
563 * starved for credits by single-credit requests.
564 *
565 * To prevent spinning CPU, block this thread until
566 * there are >MAX_COMPOUND credits available.
567 * But only do this is we already have a lot of
568 * credits in flight to avoid triggering this check
569 * for servers that are slow to hand out credits on
570 * new sessions.
571 */
572 if (!optype && num_credits == 1 &&
573 server->in_flight > 2 * MAX_COMPOUND &&
574 *credits <= MAX_COMPOUND) {
575 spin_unlock(&server->req_lock);
576
577 cifs_num_waiters_inc(server);
578 rc = wait_event_killable_timeout(
579 server->request_q,
580 has_credits(server, credits,
581 MAX_COMPOUND + 1),
582 t);
583 cifs_num_waiters_dec(server);
584 if (!rc) {
585 spin_lock(&server->req_lock);
586 scredits = *credits;
587 in_flight = server->in_flight;
588 spin_unlock(&server->req_lock);
589
590 trace_smb3_credit_timeout(
591 server->CurrentMid,
592 server->conn_id, server->hostname,
593 scredits, num_credits, in_flight);
594 cifs_server_dbg(VFS, "wait timed out after %d ms\n",
595 timeout);
596 return -EBUSY;
597 }
598 if (rc == -ERESTARTSYS)
599 return -ERESTARTSYS;
600 spin_lock(&server->req_lock);
601 continue;
602 }
603
604 /*
605 * Can not count locking commands against total
606 * as they are allowed to block on server.
607 */
608
609 /* update # of requests on the wire to server */
610 if ((flags & CIFS_TIMEOUT_MASK) != CIFS_BLOCKING_OP) {
611 *credits -= num_credits;
612 server->in_flight += num_credits;
613 if (server->in_flight > server->max_in_flight)
614 server->max_in_flight = server->in_flight;
615 *instance = server->reconnect_instance;
616 }
617 scredits = *credits;
618 in_flight = server->in_flight;
619 spin_unlock(&server->req_lock);
620
621 trace_smb3_waitff_credits(server->CurrentMid,
622 server->conn_id, server->hostname, scredits,
623 -(num_credits), in_flight);
624 cifs_dbg(FYI, "%s: remove %u credits total=%d\n",
625 __func__, num_credits, scredits);
626 break;
627 }
628 }
629 return 0;
630 }
631
632 static int
633 wait_for_free_request(struct TCP_Server_Info *server, const int flags,
634 unsigned int *instance)
635 {
636 return wait_for_free_credits(server, 1, -1, flags,
637 instance);
638 }
639
640 static int
641 wait_for_compound_request(struct TCP_Server_Info *server, int num,
642 const int flags, unsigned int *instance)
643 {
644 int *credits;
645 int scredits, in_flight;
646
647 credits = server->ops->get_credits_field(server, flags & CIFS_OP_MASK);
648
649 spin_lock(&server->req_lock);
650 scredits = *credits;
651 in_flight = server->in_flight;
652
653 if (*credits < num) {
654 /*
655 * If the server is tight on resources or just gives us less
656 * credits for other reasons (e.g. requests are coming out of
657 * order and the server delays granting more credits until it
658 * processes a missing mid) and we exhausted most available
659 * credits there may be situations when we try to send
660 * a compound request but we don't have enough credits. At this
661 * point the client needs to decide if it should wait for
662 * additional credits or fail the request. If at least one
663 * request is in flight there is a high probability that the
664 * server will return enough credits to satisfy this compound
665 * request.
666 *
667 * Return immediately if no requests in flight since we will be
668 * stuck on waiting for credits.
669 */
670 if (server->in_flight == 0) {
671 spin_unlock(&server->req_lock);
672 trace_smb3_insufficient_credits(server->CurrentMid,
673 server->conn_id, server->hostname, scredits,
674 num, in_flight);
675 cifs_dbg(FYI, "%s: %d requests in flight, needed %d total=%d\n",
676 __func__, in_flight, num, scredits);
677 return -EDEADLK;
678 }
679 }
680 spin_unlock(&server->req_lock);
681
682 return wait_for_free_credits(server, num, 60000, flags,
683 instance);
684 }
685
686 int
687 cifs_wait_mtu_credits(struct TCP_Server_Info *server, unsigned int size,
688 unsigned int *num, struct cifs_credits *credits)
689 {
690 *num = size;
691 credits->value = 0;
692 credits->instance = server->reconnect_instance;
693 return 0;
694 }
695
696 static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf,
697 struct mid_q_entry **ppmidQ)
698 {
699 spin_lock(&ses->ses_lock);
700 if (ses->ses_status == SES_NEW) {
701 if ((in_buf->Command != SMB_COM_SESSION_SETUP_ANDX) &&
702 (in_buf->Command != SMB_COM_NEGOTIATE)) {
703 spin_unlock(&ses->ses_lock);
704 return -EAGAIN;
705 }
706 /* else ok - we are setting up session */
707 }
708
709 if (ses->ses_status == SES_EXITING) {
710 /* check if SMB session is bad because we are setting it up */
711 if (in_buf->Command != SMB_COM_LOGOFF_ANDX) {
712 spin_unlock(&ses->ses_lock);
713 return -EAGAIN;
714 }
715 /* else ok - we are shutting down session */
716 }
717 spin_unlock(&ses->ses_lock);
718
719 *ppmidQ = alloc_mid(in_buf, ses->server);
720 if (*ppmidQ == NULL)
721 return -ENOMEM;
722 spin_lock(&ses->server->mid_lock);
723 list_add_tail(&(*ppmidQ)->qhead, &ses->server->pending_mid_q);
724 spin_unlock(&ses->server->mid_lock);
725 return 0;
726 }
727
728 static int
729 wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ)
730 {
731 int error;
732
733 error = wait_event_state(server->response_q,
734 midQ->mid_state != MID_REQUEST_SUBMITTED &&
735 midQ->mid_state != MID_RESPONSE_RECEIVED,
736 (TASK_KILLABLE|TASK_FREEZABLE_UNSAFE));
737 if (error < 0)
738 return -ERESTARTSYS;
739
740 return 0;
741 }
742
743 struct mid_q_entry *
744 cifs_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
745 {
746 int rc;
747 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
748 struct mid_q_entry *mid;
749
750 if (rqst->rq_iov[0].iov_len != 4 ||
751 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
752 return ERR_PTR(-EIO);
753
754 /* enable signing if server requires it */
755 if (server->sign)
756 hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
757
758 mid = alloc_mid(hdr, server);
759 if (mid == NULL)
760 return ERR_PTR(-ENOMEM);
761
762 rc = cifs_sign_rqst(rqst, server, &mid->sequence_number);
763 if (rc) {
764 release_mid(mid);
765 return ERR_PTR(rc);
766 }
767
768 return mid;
769 }
770
771 /*
772 * Send a SMB request and set the callback function in the mid to handle
773 * the result. Caller is responsible for dealing with timeouts.
774 */
775 int
776 cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst,
777 mid_receive_t *receive, mid_callback_t *callback,
778 mid_handle_t *handle, void *cbdata, const int flags,
779 const struct cifs_credits *exist_credits)
780 {
781 int rc;
782 struct mid_q_entry *mid;
783 struct cifs_credits credits = { .value = 0, .instance = 0 };
784 unsigned int instance;
785 int optype;
786
787 optype = flags & CIFS_OP_MASK;
788
789 if ((flags & CIFS_HAS_CREDITS) == 0) {
790 rc = wait_for_free_request(server, flags, &instance);
791 if (rc)
792 return rc;
793 credits.value = 1;
794 credits.instance = instance;
795 } else
796 instance = exist_credits->instance;
797
798 cifs_server_lock(server);
799
800 /*
801 * We can't use credits obtained from the previous session to send this
802 * request. Check if there were reconnects after we obtained credits and
803 * return -EAGAIN in such cases to let callers handle it.
804 */
805 if (instance != server->reconnect_instance) {
806 cifs_server_unlock(server);
807 add_credits_and_wake_if(server, &credits, optype);
808 return -EAGAIN;
809 }
810
811 mid = server->ops->setup_async_request(server, rqst);
812 if (IS_ERR(mid)) {
813 cifs_server_unlock(server);
814 add_credits_and_wake_if(server, &credits, optype);
815 return PTR_ERR(mid);
816 }
817
818 mid->receive = receive;
819 mid->callback = callback;
820 mid->callback_data = cbdata;
821 mid->handle = handle;
822 mid->mid_state = MID_REQUEST_SUBMITTED;
823
824 /* put it on the pending_mid_q */
825 spin_lock(&server->mid_lock);
826 list_add_tail(&mid->qhead, &server->pending_mid_q);
827 spin_unlock(&server->mid_lock);
828
829 /*
830 * Need to store the time in mid before calling I/O. For call_async,
831 * I/O response may come back and free the mid entry on another thread.
832 */
833 cifs_save_when_sent(mid);
834 rc = smb_send_rqst(server, 1, rqst, flags);
835
836 if (rc < 0) {
837 revert_current_mid(server, mid->credits);
838 server->sequence_number -= 2;
839 delete_mid(mid);
840 }
841
842 cifs_server_unlock(server);
843
844 if (rc == 0)
845 return 0;
846
847 add_credits_and_wake_if(server, &credits, optype);
848 return rc;
849 }
850
851 /*
852 *
853 * Send an SMB Request. No response info (other than return code)
854 * needs to be parsed.
855 *
856 * flags indicate the type of request buffer and how long to wait
857 * and whether to log NT STATUS code (error) before mapping it to POSIX error
858 *
859 */
860 int
861 SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses,
862 char *in_buf, int flags)
863 {
864 int rc;
865 struct kvec iov[1];
866 struct kvec rsp_iov;
867 int resp_buf_type;
868
869 iov[0].iov_base = in_buf;
870 iov[0].iov_len = get_rfc1002_length(in_buf) + 4;
871 flags |= CIFS_NO_RSP_BUF;
872 rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags, &rsp_iov);
873 cifs_dbg(NOISY, "SendRcvNoRsp flags %d rc %d\n", flags, rc);
874
875 return rc;
876 }
877
878 static int
879 cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server)
880 {
881 int rc = 0;
882
883 cifs_dbg(FYI, "%s: cmd=%d mid=%llu state=%d\n",
884 __func__, le16_to_cpu(mid->command), mid->mid, mid->mid_state);
885
886 spin_lock(&server->mid_lock);
887 switch (mid->mid_state) {
888 case MID_RESPONSE_READY:
889 spin_unlock(&server->mid_lock);
890 return rc;
891 case MID_RETRY_NEEDED:
892 rc = -EAGAIN;
893 break;
894 case MID_RESPONSE_MALFORMED:
895 rc = -EIO;
896 break;
897 case MID_SHUTDOWN:
898 rc = -EHOSTDOWN;
899 break;
900 default:
901 if (!(mid->mid_flags & MID_DELETED)) {
902 list_del_init(&mid->qhead);
903 mid->mid_flags |= MID_DELETED;
904 }
905 cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n",
906 __func__, mid->mid, mid->mid_state);
907 rc = -EIO;
908 }
909 spin_unlock(&server->mid_lock);
910
911 release_mid(mid);
912 return rc;
913 }
914
915 static inline int
916 send_cancel(struct TCP_Server_Info *server, struct smb_rqst *rqst,
917 struct mid_q_entry *mid)
918 {
919 return server->ops->send_cancel ?
920 server->ops->send_cancel(server, rqst, mid) : 0;
921 }
922
923 int
924 cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
925 bool log_error)
926 {
927 unsigned int len = get_rfc1002_length(mid->resp_buf) + 4;
928
929 dump_smb(mid->resp_buf, min_t(u32, 92, len));
930
931 /* convert the length into a more usable form */
932 if (server->sign) {
933 struct kvec iov[2];
934 int rc = 0;
935 struct smb_rqst rqst = { .rq_iov = iov,
936 .rq_nvec = 2 };
937
938 iov[0].iov_base = mid->resp_buf;
939 iov[0].iov_len = 4;
940 iov[1].iov_base = (char *)mid->resp_buf + 4;
941 iov[1].iov_len = len - 4;
942 /* FIXME: add code to kill session */
943 rc = cifs_verify_signature(&rqst, server,
944 mid->sequence_number);
945 if (rc)
946 cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n",
947 rc);
948 }
949
950 /* BB special case reconnect tid and uid here? */
951 return map_and_check_smb_error(mid, log_error);
952 }
953
954 struct mid_q_entry *
955 cifs_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *ignored,
956 struct smb_rqst *rqst)
957 {
958 int rc;
959 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
960 struct mid_q_entry *mid;
961
962 if (rqst->rq_iov[0].iov_len != 4 ||
963 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
964 return ERR_PTR(-EIO);
965
966 rc = allocate_mid(ses, hdr, &mid);
967 if (rc)
968 return ERR_PTR(rc);
969 rc = cifs_sign_rqst(rqst, ses->server, &mid->sequence_number);
970 if (rc) {
971 delete_mid(mid);
972 return ERR_PTR(rc);
973 }
974 return mid;
975 }
976
977 static void
978 cifs_compound_callback(struct mid_q_entry *mid)
979 {
980 struct TCP_Server_Info *server = mid->server;
981 struct cifs_credits credits;
982
983 credits.value = server->ops->get_credits(mid);
984 credits.instance = server->reconnect_instance;
985
986 add_credits(server, &credits, mid->optype);
987
988 if (mid->mid_state == MID_RESPONSE_RECEIVED)
989 mid->mid_state = MID_RESPONSE_READY;
990 }
991
992 static void
993 cifs_compound_last_callback(struct mid_q_entry *mid)
994 {
995 cifs_compound_callback(mid);
996 cifs_wake_up_task(mid);
997 }
998
999 static void
1000 cifs_cancelled_callback(struct mid_q_entry *mid)
1001 {
1002 cifs_compound_callback(mid);
1003 release_mid(mid);
1004 }
1005
1006 /*
1007 * Return a channel (master if none) of @ses that can be used to send
1008 * regular requests.
1009 *
1010 * If we are currently binding a new channel (negprot/sess.setup),
1011 * return the new incomplete channel.
1012 */
1013 struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses)
1014 {
1015 uint index = 0;
1016 unsigned int min_in_flight = UINT_MAX, max_in_flight = 0;
1017 struct TCP_Server_Info *server = NULL;
1018 int i;
1019
1020 if (!ses)
1021 return NULL;
1022
1023 spin_lock(&ses->chan_lock);
1024 for (i = 0; i < ses->chan_count; i++) {
1025 server = ses->chans[i].server;
1026 if (!server)
1027 continue;
1028
1029 /*
1030 * strictly speaking, we should pick up req_lock to read
1031 * server->in_flight. But it shouldn't matter much here if we
1032 * race while reading this data. The worst that can happen is
1033 * that we could use a channel that's not least loaded. Avoiding
1034 * taking the lock could help reduce wait time, which is
1035 * important for this function
1036 */
1037 if (server->in_flight < min_in_flight) {
1038 min_in_flight = server->in_flight;
1039 index = i;
1040 }
1041 if (server->in_flight > max_in_flight)
1042 max_in_flight = server->in_flight;
1043 }
1044
1045 /* if all channels are equally loaded, fall back to round-robin */
1046 if (min_in_flight == max_in_flight) {
1047 index = (uint)atomic_inc_return(&ses->chan_seq);
1048 index %= ses->chan_count;
1049 }
1050 spin_unlock(&ses->chan_lock);
1051
1052 return ses->chans[index].server;
1053 }
1054
1055 int
1056 compound_send_recv(const unsigned int xid, struct cifs_ses *ses,
1057 struct TCP_Server_Info *server,
1058 const int flags, const int num_rqst, struct smb_rqst *rqst,
1059 int *resp_buf_type, struct kvec *resp_iov)
1060 {
1061 int i, j, optype, rc = 0;
1062 struct mid_q_entry *midQ[MAX_COMPOUND];
1063 bool cancelled_mid[MAX_COMPOUND] = {false};
1064 struct cifs_credits credits[MAX_COMPOUND] = {
1065 { .value = 0, .instance = 0 }
1066 };
1067 unsigned int instance;
1068 char *buf;
1069
1070 optype = flags & CIFS_OP_MASK;
1071
1072 for (i = 0; i < num_rqst; i++)
1073 resp_buf_type[i] = CIFS_NO_BUFFER; /* no response buf yet */
1074
1075 if (!ses || !ses->server || !server) {
1076 cifs_dbg(VFS, "Null session\n");
1077 return -EIO;
1078 }
1079
1080 spin_lock(&server->srv_lock);
1081 if (server->tcpStatus == CifsExiting) {
1082 spin_unlock(&server->srv_lock);
1083 return -ENOENT;
1084 }
1085 spin_unlock(&server->srv_lock);
1086
1087 /*
1088 * Wait for all the requests to become available.
1089 * This approach still leaves the possibility to be stuck waiting for
1090 * credits if the server doesn't grant credits to the outstanding
1091 * requests and if the client is completely idle, not generating any
1092 * other requests.
1093 * This can be handled by the eventual session reconnect.
1094 */
1095 rc = wait_for_compound_request(server, num_rqst, flags,
1096 &instance);
1097 if (rc)
1098 return rc;
1099
1100 for (i = 0; i < num_rqst; i++) {
1101 credits[i].value = 1;
1102 credits[i].instance = instance;
1103 }
1104
1105 /*
1106 * Make sure that we sign in the same order that we send on this socket
1107 * and avoid races inside tcp sendmsg code that could cause corruption
1108 * of smb data.
1109 */
1110
1111 cifs_server_lock(server);
1112
1113 /*
1114 * All the parts of the compound chain belong obtained credits from the
1115 * same session. We can not use credits obtained from the previous
1116 * session to send this request. Check if there were reconnects after
1117 * we obtained credits and return -EAGAIN in such cases to let callers
1118 * handle it.
1119 */
1120 if (instance != server->reconnect_instance) {
1121 cifs_server_unlock(server);
1122 for (j = 0; j < num_rqst; j++)
1123 add_credits(server, &credits[j], optype);
1124 return -EAGAIN;
1125 }
1126
1127 for (i = 0; i < num_rqst; i++) {
1128 midQ[i] = server->ops->setup_request(ses, server, &rqst[i]);
1129 if (IS_ERR(midQ[i])) {
1130 revert_current_mid(server, i);
1131 for (j = 0; j < i; j++)
1132 delete_mid(midQ[j]);
1133 cifs_server_unlock(server);
1134
1135 /* Update # of requests on wire to server */
1136 for (j = 0; j < num_rqst; j++)
1137 add_credits(server, &credits[j], optype);
1138 return PTR_ERR(midQ[i]);
1139 }
1140
1141 midQ[i]->mid_state = MID_REQUEST_SUBMITTED;
1142 midQ[i]->optype = optype;
1143 /*
1144 * Invoke callback for every part of the compound chain
1145 * to calculate credits properly. Wake up this thread only when
1146 * the last element is received.
1147 */
1148 if (i < num_rqst - 1)
1149 midQ[i]->callback = cifs_compound_callback;
1150 else
1151 midQ[i]->callback = cifs_compound_last_callback;
1152 }
1153 rc = smb_send_rqst(server, num_rqst, rqst, flags);
1154
1155 for (i = 0; i < num_rqst; i++)
1156 cifs_save_when_sent(midQ[i]);
1157
1158 if (rc < 0) {
1159 revert_current_mid(server, num_rqst);
1160 server->sequence_number -= 2;
1161 }
1162
1163 cifs_server_unlock(server);
1164
1165 /*
1166 * If sending failed for some reason or it is an oplock break that we
1167 * will not receive a response to - return credits back
1168 */
1169 if (rc < 0 || (flags & CIFS_NO_SRV_RSP)) {
1170 for (i = 0; i < num_rqst; i++)
1171 add_credits(server, &credits[i], optype);
1172 goto out;
1173 }
1174
1175 /*
1176 * At this point the request is passed to the network stack - we assume
1177 * that any credits taken from the server structure on the client have
1178 * been spent and we can't return them back. Once we receive responses
1179 * we will collect credits granted by the server in the mid callbacks
1180 * and add those credits to the server structure.
1181 */
1182
1183 /*
1184 * Compounding is never used during session establish.
1185 */
1186 spin_lock(&ses->ses_lock);
1187 if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) {
1188 spin_unlock(&ses->ses_lock);
1189
1190 cifs_server_lock(server);
1191 smb311_update_preauth_hash(ses, server, rqst[0].rq_iov, rqst[0].rq_nvec);
1192 cifs_server_unlock(server);
1193
1194 spin_lock(&ses->ses_lock);
1195 }
1196 spin_unlock(&ses->ses_lock);
1197
1198 for (i = 0; i < num_rqst; i++) {
1199 rc = wait_for_response(server, midQ[i]);
1200 if (rc != 0)
1201 break;
1202 }
1203 if (rc != 0) {
1204 for (; i < num_rqst; i++) {
1205 cifs_server_dbg(FYI, "Cancelling wait for mid %llu cmd: %d\n",
1206 midQ[i]->mid, le16_to_cpu(midQ[i]->command));
1207 send_cancel(server, &rqst[i], midQ[i]);
1208 spin_lock(&server->mid_lock);
1209 midQ[i]->mid_flags |= MID_WAIT_CANCELLED;
1210 if (midQ[i]->mid_state == MID_REQUEST_SUBMITTED ||
1211 midQ[i]->mid_state == MID_RESPONSE_RECEIVED) {
1212 midQ[i]->callback = cifs_cancelled_callback;
1213 cancelled_mid[i] = true;
1214 credits[i].value = 0;
1215 }
1216 spin_unlock(&server->mid_lock);
1217 }
1218 }
1219
1220 for (i = 0; i < num_rqst; i++) {
1221 if (rc < 0)
1222 goto out;
1223
1224 rc = cifs_sync_mid_result(midQ[i], server);
1225 if (rc != 0) {
1226 /* mark this mid as cancelled to not free it below */
1227 cancelled_mid[i] = true;
1228 goto out;
1229 }
1230
1231 if (!midQ[i]->resp_buf ||
1232 midQ[i]->mid_state != MID_RESPONSE_READY) {
1233 rc = -EIO;
1234 cifs_dbg(FYI, "Bad MID state?\n");
1235 goto out;
1236 }
1237
1238 buf = (char *)midQ[i]->resp_buf;
1239 resp_iov[i].iov_base = buf;
1240 resp_iov[i].iov_len = midQ[i]->resp_buf_size +
1241 HEADER_PREAMBLE_SIZE(server);
1242
1243 if (midQ[i]->large_buf)
1244 resp_buf_type[i] = CIFS_LARGE_BUFFER;
1245 else
1246 resp_buf_type[i] = CIFS_SMALL_BUFFER;
1247
1248 rc = server->ops->check_receive(midQ[i], server,
1249 flags & CIFS_LOG_ERROR);
1250
1251 /* mark it so buf will not be freed by delete_mid */
1252 if ((flags & CIFS_NO_RSP_BUF) == 0)
1253 midQ[i]->resp_buf = NULL;
1254
1255 }
1256
1257 /*
1258 * Compounding is never used during session establish.
1259 */
1260 spin_lock(&ses->ses_lock);
1261 if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) {
1262 struct kvec iov = {
1263 .iov_base = resp_iov[0].iov_base,
1264 .iov_len = resp_iov[0].iov_len
1265 };
1266 spin_unlock(&ses->ses_lock);
1267 cifs_server_lock(server);
1268 smb311_update_preauth_hash(ses, server, &iov, 1);
1269 cifs_server_unlock(server);
1270 spin_lock(&ses->ses_lock);
1271 }
1272 spin_unlock(&ses->ses_lock);
1273
1274 out:
1275 /*
1276 * This will dequeue all mids. After this it is important that the
1277 * demultiplex_thread will not process any of these mids any futher.
1278 * This is prevented above by using a noop callback that will not
1279 * wake this thread except for the very last PDU.
1280 */
1281 for (i = 0; i < num_rqst; i++) {
1282 if (!cancelled_mid[i])
1283 delete_mid(midQ[i]);
1284 }
1285
1286 return rc;
1287 }
1288
1289 int
1290 cifs_send_recv(const unsigned int xid, struct cifs_ses *ses,
1291 struct TCP_Server_Info *server,
1292 struct smb_rqst *rqst, int *resp_buf_type, const int flags,
1293 struct kvec *resp_iov)
1294 {
1295 return compound_send_recv(xid, ses, server, flags, 1,
1296 rqst, resp_buf_type, resp_iov);
1297 }
1298
1299 int
1300 SendReceive2(const unsigned int xid, struct cifs_ses *ses,
1301 struct kvec *iov, int n_vec, int *resp_buf_type /* ret */,
1302 const int flags, struct kvec *resp_iov)
1303 {
1304 struct smb_rqst rqst;
1305 struct kvec s_iov[CIFS_MAX_IOV_SIZE], *new_iov;
1306 int rc;
1307
1308 if (n_vec + 1 > CIFS_MAX_IOV_SIZE) {
1309 new_iov = kmalloc_array(n_vec + 1, sizeof(struct kvec),
1310 GFP_KERNEL);
1311 if (!new_iov) {
1312 /* otherwise cifs_send_recv below sets resp_buf_type */
1313 *resp_buf_type = CIFS_NO_BUFFER;
1314 return -ENOMEM;
1315 }
1316 } else
1317 new_iov = s_iov;
1318
1319 /* 1st iov is a RFC1001 length followed by the rest of the packet */
1320 memcpy(new_iov + 1, iov, (sizeof(struct kvec) * n_vec));
1321
1322 new_iov[0].iov_base = new_iov[1].iov_base;
1323 new_iov[0].iov_len = 4;
1324 new_iov[1].iov_base += 4;
1325 new_iov[1].iov_len -= 4;
1326
1327 memset(&rqst, 0, sizeof(struct smb_rqst));
1328 rqst.rq_iov = new_iov;
1329 rqst.rq_nvec = n_vec + 1;
1330
1331 rc = cifs_send_recv(xid, ses, ses->server,
1332 &rqst, resp_buf_type, flags, resp_iov);
1333 if (n_vec + 1 > CIFS_MAX_IOV_SIZE)
1334 kfree(new_iov);
1335 return rc;
1336 }
1337
1338 int
1339 SendReceive(const unsigned int xid, struct cifs_ses *ses,
1340 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
1341 int *pbytes_returned, const int flags)
1342 {
1343 int rc = 0;
1344 struct mid_q_entry *midQ;
1345 unsigned int len = be32_to_cpu(in_buf->smb_buf_length);
1346 struct kvec iov = { .iov_base = in_buf, .iov_len = len };
1347 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 };
1348 struct cifs_credits credits = { .value = 1, .instance = 0 };
1349 struct TCP_Server_Info *server;
1350
1351 if (ses == NULL) {
1352 cifs_dbg(VFS, "Null smb session\n");
1353 return -EIO;
1354 }
1355 server = ses->server;
1356 if (server == NULL) {
1357 cifs_dbg(VFS, "Null tcp session\n");
1358 return -EIO;
1359 }
1360
1361 spin_lock(&server->srv_lock);
1362 if (server->tcpStatus == CifsExiting) {
1363 spin_unlock(&server->srv_lock);
1364 return -ENOENT;
1365 }
1366 spin_unlock(&server->srv_lock);
1367
1368 /* Ensure that we do not send more than 50 overlapping requests
1369 to the same server. We may make this configurable later or
1370 use ses->maxReq */
1371
1372 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
1373 cifs_server_dbg(VFS, "Invalid length, greater than maximum frame, %d\n",
1374 len);
1375 return -EIO;
1376 }
1377
1378 rc = wait_for_free_request(server, flags, &credits.instance);
1379 if (rc)
1380 return rc;
1381
1382 /* make sure that we sign in the same order that we send on this socket
1383 and avoid races inside tcp sendmsg code that could cause corruption
1384 of smb data */
1385
1386 cifs_server_lock(server);
1387
1388 rc = allocate_mid(ses, in_buf, &midQ);
1389 if (rc) {
1390 cifs_server_unlock(server);
1391 /* Update # of requests on wire to server */
1392 add_credits(server, &credits, 0);
1393 return rc;
1394 }
1395
1396 rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number);
1397 if (rc) {
1398 cifs_server_unlock(server);
1399 goto out;
1400 }
1401
1402 midQ->mid_state = MID_REQUEST_SUBMITTED;
1403
1404 rc = smb_send(server, in_buf, len);
1405 cifs_save_when_sent(midQ);
1406
1407 if (rc < 0)
1408 server->sequence_number -= 2;
1409
1410 cifs_server_unlock(server);
1411
1412 if (rc < 0)
1413 goto out;
1414
1415 rc = wait_for_response(server, midQ);
1416 if (rc != 0) {
1417 send_cancel(server, &rqst, midQ);
1418 spin_lock(&server->mid_lock);
1419 if (midQ->mid_state == MID_REQUEST_SUBMITTED ||
1420 midQ->mid_state == MID_RESPONSE_RECEIVED) {
1421 /* no longer considered to be "in-flight" */
1422 midQ->callback = release_mid;
1423 spin_unlock(&server->mid_lock);
1424 add_credits(server, &credits, 0);
1425 return rc;
1426 }
1427 spin_unlock(&server->mid_lock);
1428 }
1429
1430 rc = cifs_sync_mid_result(midQ, server);
1431 if (rc != 0) {
1432 add_credits(server, &credits, 0);
1433 return rc;
1434 }
1435
1436 if (!midQ->resp_buf || !out_buf ||
1437 midQ->mid_state != MID_RESPONSE_READY) {
1438 rc = -EIO;
1439 cifs_server_dbg(VFS, "Bad MID state?\n");
1440 goto out;
1441 }
1442
1443 *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
1444 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1445 rc = cifs_check_receive(midQ, server, 0);
1446 out:
1447 delete_mid(midQ);
1448 add_credits(server, &credits, 0);
1449
1450 return rc;
1451 }
1452
1453 /* We send a LOCKINGX_CANCEL_LOCK to cause the Windows
1454 blocking lock to return. */
1455
1456 static int
1457 send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon,
1458 struct smb_hdr *in_buf,
1459 struct smb_hdr *out_buf)
1460 {
1461 int bytes_returned;
1462 struct cifs_ses *ses = tcon->ses;
1463 LOCK_REQ *pSMB = (LOCK_REQ *)in_buf;
1464
1465 /* We just modify the current in_buf to change
1466 the type of lock from LOCKING_ANDX_SHARED_LOCK
1467 or LOCKING_ANDX_EXCLUSIVE_LOCK to
1468 LOCKING_ANDX_CANCEL_LOCK. */
1469
1470 pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES;
1471 pSMB->Timeout = 0;
1472 pSMB->hdr.Mid = get_next_mid(ses->server);
1473
1474 return SendReceive(xid, ses, in_buf, out_buf,
1475 &bytes_returned, 0);
1476 }
1477
1478 int
1479 SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon,
1480 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
1481 int *pbytes_returned)
1482 {
1483 int rc = 0;
1484 int rstart = 0;
1485 struct mid_q_entry *midQ;
1486 struct cifs_ses *ses;
1487 unsigned int len = be32_to_cpu(in_buf->smb_buf_length);
1488 struct kvec iov = { .iov_base = in_buf, .iov_len = len };
1489 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 };
1490 unsigned int instance;
1491 struct TCP_Server_Info *server;
1492
1493 if (tcon == NULL || tcon->ses == NULL) {
1494 cifs_dbg(VFS, "Null smb session\n");
1495 return -EIO;
1496 }
1497 ses = tcon->ses;
1498 server = ses->server;
1499
1500 if (server == NULL) {
1501 cifs_dbg(VFS, "Null tcp session\n");
1502 return -EIO;
1503 }
1504
1505 spin_lock(&server->srv_lock);
1506 if (server->tcpStatus == CifsExiting) {
1507 spin_unlock(&server->srv_lock);
1508 return -ENOENT;
1509 }
1510 spin_unlock(&server->srv_lock);
1511
1512 /* Ensure that we do not send more than 50 overlapping requests
1513 to the same server. We may make this configurable later or
1514 use ses->maxReq */
1515
1516 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
1517 cifs_tcon_dbg(VFS, "Invalid length, greater than maximum frame, %d\n",
1518 len);
1519 return -EIO;
1520 }
1521
1522 rc = wait_for_free_request(server, CIFS_BLOCKING_OP, &instance);
1523 if (rc)
1524 return rc;
1525
1526 /* make sure that we sign in the same order that we send on this socket
1527 and avoid races inside tcp sendmsg code that could cause corruption
1528 of smb data */
1529
1530 cifs_server_lock(server);
1531
1532 rc = allocate_mid(ses, in_buf, &midQ);
1533 if (rc) {
1534 cifs_server_unlock(server);
1535 return rc;
1536 }
1537
1538 rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number);
1539 if (rc) {
1540 delete_mid(midQ);
1541 cifs_server_unlock(server);
1542 return rc;
1543 }
1544
1545 midQ->mid_state = MID_REQUEST_SUBMITTED;
1546 rc = smb_send(server, in_buf, len);
1547 cifs_save_when_sent(midQ);
1548
1549 if (rc < 0)
1550 server->sequence_number -= 2;
1551
1552 cifs_server_unlock(server);
1553
1554 if (rc < 0) {
1555 delete_mid(midQ);
1556 return rc;
1557 }
1558
1559 /* Wait for a reply - allow signals to interrupt. */
1560 rc = wait_event_interruptible(server->response_q,
1561 (!(midQ->mid_state == MID_REQUEST_SUBMITTED ||
1562 midQ->mid_state == MID_RESPONSE_RECEIVED)) ||
1563 ((server->tcpStatus != CifsGood) &&
1564 (server->tcpStatus != CifsNew)));
1565
1566 /* Were we interrupted by a signal ? */
1567 spin_lock(&server->srv_lock);
1568 if ((rc == -ERESTARTSYS) &&
1569 (midQ->mid_state == MID_REQUEST_SUBMITTED ||
1570 midQ->mid_state == MID_RESPONSE_RECEIVED) &&
1571 ((server->tcpStatus == CifsGood) ||
1572 (server->tcpStatus == CifsNew))) {
1573 spin_unlock(&server->srv_lock);
1574
1575 if (in_buf->Command == SMB_COM_TRANSACTION2) {
1576 /* POSIX lock. We send a NT_CANCEL SMB to cause the
1577 blocking lock to return. */
1578 rc = send_cancel(server, &rqst, midQ);
1579 if (rc) {
1580 delete_mid(midQ);
1581 return rc;
1582 }
1583 } else {
1584 /* Windows lock. We send a LOCKINGX_CANCEL_LOCK
1585 to cause the blocking lock to return. */
1586
1587 rc = send_lock_cancel(xid, tcon, in_buf, out_buf);
1588
1589 /* If we get -ENOLCK back the lock may have
1590 already been removed. Don't exit in this case. */
1591 if (rc && rc != -ENOLCK) {
1592 delete_mid(midQ);
1593 return rc;
1594 }
1595 }
1596
1597 rc = wait_for_response(server, midQ);
1598 if (rc) {
1599 send_cancel(server, &rqst, midQ);
1600 spin_lock(&server->mid_lock);
1601 if (midQ->mid_state == MID_REQUEST_SUBMITTED ||
1602 midQ->mid_state == MID_RESPONSE_RECEIVED) {
1603 /* no longer considered to be "in-flight" */
1604 midQ->callback = release_mid;
1605 spin_unlock(&server->mid_lock);
1606 return rc;
1607 }
1608 spin_unlock(&server->mid_lock);
1609 }
1610
1611 /* We got the response - restart system call. */
1612 rstart = 1;
1613 spin_lock(&server->srv_lock);
1614 }
1615 spin_unlock(&server->srv_lock);
1616
1617 rc = cifs_sync_mid_result(midQ, server);
1618 if (rc != 0)
1619 return rc;
1620
1621 /* rcvd frame is ok */
1622 if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_READY) {
1623 rc = -EIO;
1624 cifs_tcon_dbg(VFS, "Bad MID state?\n");
1625 goto out;
1626 }
1627
1628 *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
1629 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1630 rc = cifs_check_receive(midQ, server, 0);
1631 out:
1632 delete_mid(midQ);
1633 if (rstart && rc == -EACCES)
1634 return -ERESTARTSYS;
1635 return rc;
1636 }
1637
1638 /*
1639 * Discard any remaining data in the current SMB. To do this, we borrow the
1640 * current bigbuf.
1641 */
1642 int
1643 cifs_discard_remaining_data(struct TCP_Server_Info *server)
1644 {
1645 unsigned int rfclen = server->pdu_size;
1646 size_t remaining = rfclen + HEADER_PREAMBLE_SIZE(server) -
1647 server->total_read;
1648
1649 while (remaining > 0) {
1650 ssize_t length;
1651
1652 length = cifs_discard_from_socket(server,
1653 min_t(size_t, remaining,
1654 CIFSMaxBufSize + MAX_HEADER_SIZE(server)));
1655 if (length < 0)
1656 return length;
1657 server->total_read += length;
1658 remaining -= length;
1659 }
1660
1661 return 0;
1662 }
1663
1664 static int
1665 __cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid,
1666 bool malformed)
1667 {
1668 int length;
1669
1670 length = cifs_discard_remaining_data(server);
1671 dequeue_mid(mid, malformed);
1672 mid->resp_buf = server->smallbuf;
1673 server->smallbuf = NULL;
1674 return length;
1675 }
1676
1677 static int
1678 cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid)
1679 {
1680 struct cifs_readdata *rdata = mid->callback_data;
1681
1682 return __cifs_readv_discard(server, mid, rdata->result);
1683 }
1684
1685 int
1686 cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid)
1687 {
1688 int length, len;
1689 unsigned int data_offset, data_len;
1690 struct cifs_readdata *rdata = mid->callback_data;
1691 char *buf = server->smallbuf;
1692 unsigned int buflen = server->pdu_size + HEADER_PREAMBLE_SIZE(server);
1693 bool use_rdma_mr = false;
1694
1695 cifs_dbg(FYI, "%s: mid=%llu offset=%llu bytes=%u\n",
1696 __func__, mid->mid, rdata->offset, rdata->bytes);
1697
1698 /*
1699 * read the rest of READ_RSP header (sans Data array), or whatever we
1700 * can if there's not enough data. At this point, we've read down to
1701 * the Mid.
1702 */
1703 len = min_t(unsigned int, buflen, server->vals->read_rsp_size) -
1704 HEADER_SIZE(server) + 1;
1705
1706 length = cifs_read_from_socket(server,
1707 buf + HEADER_SIZE(server) - 1, len);
1708 if (length < 0)
1709 return length;
1710 server->total_read += length;
1711
1712 if (server->ops->is_session_expired &&
1713 server->ops->is_session_expired(buf)) {
1714 cifs_reconnect(server, true);
1715 return -1;
1716 }
1717
1718 if (server->ops->is_status_pending &&
1719 server->ops->is_status_pending(buf, server)) {
1720 cifs_discard_remaining_data(server);
1721 return -1;
1722 }
1723
1724 /* set up first two iov for signature check and to get credits */
1725 rdata->iov[0].iov_base = buf;
1726 rdata->iov[0].iov_len = HEADER_PREAMBLE_SIZE(server);
1727 rdata->iov[1].iov_base = buf + HEADER_PREAMBLE_SIZE(server);
1728 rdata->iov[1].iov_len =
1729 server->total_read - HEADER_PREAMBLE_SIZE(server);
1730 cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu\n",
1731 rdata->iov[0].iov_base, rdata->iov[0].iov_len);
1732 cifs_dbg(FYI, "1: iov_base=%p iov_len=%zu\n",
1733 rdata->iov[1].iov_base, rdata->iov[1].iov_len);
1734
1735 /* Was the SMB read successful? */
1736 rdata->result = server->ops->map_error(buf, false);
1737 if (rdata->result != 0) {
1738 cifs_dbg(FYI, "%s: server returned error %d\n",
1739 __func__, rdata->result);
1740 /* normal error on read response */
1741 return __cifs_readv_discard(server, mid, false);
1742 }
1743
1744 /* Is there enough to get to the rest of the READ_RSP header? */
1745 if (server->total_read < server->vals->read_rsp_size) {
1746 cifs_dbg(FYI, "%s: server returned short header. got=%u expected=%zu\n",
1747 __func__, server->total_read,
1748 server->vals->read_rsp_size);
1749 rdata->result = -EIO;
1750 return cifs_readv_discard(server, mid);
1751 }
1752
1753 data_offset = server->ops->read_data_offset(buf) +
1754 HEADER_PREAMBLE_SIZE(server);
1755 if (data_offset < server->total_read) {
1756 /*
1757 * win2k8 sometimes sends an offset of 0 when the read
1758 * is beyond the EOF. Treat it as if the data starts just after
1759 * the header.
1760 */
1761 cifs_dbg(FYI, "%s: data offset (%u) inside read response header\n",
1762 __func__, data_offset);
1763 data_offset = server->total_read;
1764 } else if (data_offset > MAX_CIFS_SMALL_BUFFER_SIZE) {
1765 /* data_offset is beyond the end of smallbuf */
1766 cifs_dbg(FYI, "%s: data offset (%u) beyond end of smallbuf\n",
1767 __func__, data_offset);
1768 rdata->result = -EIO;
1769 return cifs_readv_discard(server, mid);
1770 }
1771
1772 cifs_dbg(FYI, "%s: total_read=%u data_offset=%u\n",
1773 __func__, server->total_read, data_offset);
1774
1775 len = data_offset - server->total_read;
1776 if (len > 0) {
1777 /* read any junk before data into the rest of smallbuf */
1778 length = cifs_read_from_socket(server,
1779 buf + server->total_read, len);
1780 if (length < 0)
1781 return length;
1782 server->total_read += length;
1783 }
1784
1785 /* how much data is in the response? */
1786 #ifdef CONFIG_CIFS_SMB_DIRECT
1787 use_rdma_mr = rdata->mr;
1788 #endif
1789 data_len = server->ops->read_data_length(buf, use_rdma_mr);
1790 if (!use_rdma_mr && (data_offset + data_len > buflen)) {
1791 /* data_len is corrupt -- discard frame */
1792 rdata->result = -EIO;
1793 return cifs_readv_discard(server, mid);
1794 }
1795
1796 #ifdef CONFIG_CIFS_SMB_DIRECT
1797 if (rdata->mr)
1798 length = data_len; /* An RDMA read is already done. */
1799 else
1800 #endif
1801 length = cifs_read_iter_from_socket(server, &rdata->iter,
1802 data_len);
1803 if (length > 0)
1804 rdata->got_bytes += length;
1805 server->total_read += length;
1806
1807 cifs_dbg(FYI, "total_read=%u buflen=%u remaining=%u\n",
1808 server->total_read, buflen, data_len);
1809
1810 /* discard anything left over */
1811 if (server->total_read < buflen)
1812 return cifs_readv_discard(server, mid);
1813
1814 dequeue_mid(mid, false);
1815 mid->resp_buf = server->smallbuf;
1816 server->smallbuf = NULL;
1817 return length;
1818 }
A mirror of Linus' kernel repository