search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'timers_urgent_for_v6.13_rc1' of git://git.kernel.org/pub/scm/linux/kernel...
[drm/drm-misc.git] / fs / smb / client / transport.c
blob0dc80959ce48852f58f7cd9204c151cfdf246591
1 // SPDX-License-Identifier: LGPL-2.1
2 /*
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 * Jeremy Allison (jra@samba.org) 2006.
7 *
8 */
9
10 #include <linux/fs.h>
11 #include <linux/list.h>
12 #include <linux/gfp.h>
13 #include <linux/wait.h>
14 #include <linux/net.h>
15 #include <linux/delay.h>
16 #include <linux/freezer.h>
17 #include <linux/tcp.h>
18 #include <linux/bvec.h>
19 #include <linux/highmem.h>
20 #include <linux/uaccess.h>
21 #include <linux/processor.h>
22 #include <linux/mempool.h>
23 #include <linux/sched/signal.h>
24 #include <linux/task_io_accounting_ops.h>
25 #include "cifspdu.h"
26 #include "cifsglob.h"
27 #include "cifsproto.h"
28 #include "cifs_debug.h"
29 #include "smb2proto.h"
30 #include "smbdirect.h"
31 #include "compress.h"
32
33 /* Max number of iovectors we can use off the stack when sending requests. */
34 #define CIFS_MAX_IOV_SIZE 8
35
36 void
37 cifs_wake_up_task(struct mid_q_entry *mid)
38 {
39 if (mid->mid_state == MID_RESPONSE_RECEIVED)
40 mid->mid_state = MID_RESPONSE_READY;
41 wake_up_process(mid->callback_data);
42 }
43
44 static struct mid_q_entry *
45 alloc_mid(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server)
46 {
47 struct mid_q_entry *temp;
48
49 if (server == NULL) {
50 cifs_dbg(VFS, "%s: null TCP session\n", __func__);
51 return NULL;
52 }
53
54 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
55 memset(temp, 0, sizeof(struct mid_q_entry));
56 kref_init(&temp->refcount);
57 temp->mid = get_mid(smb_buffer);
58 temp->pid = current->pid;
59 temp->command = cpu_to_le16(smb_buffer->Command);
60 cifs_dbg(FYI, "For smb_command %d\n", smb_buffer->Command);
61 /* easier to use jiffies */
62 /* when mid allocated can be before when sent */
63 temp->when_alloc = jiffies;
64 temp->server = server;
65
66 /*
67 * The default is for the mid to be synchronous, so the
68 * default callback just wakes up the current task.
69 */
70 get_task_struct(current);
71 temp->creator = current;
72 temp->callback = cifs_wake_up_task;
73 temp->callback_data = current;
74
75 atomic_inc(&mid_count);
76 temp->mid_state = MID_REQUEST_ALLOCATED;
77 return temp;
78 }
79
80 void __release_mid(struct kref *refcount)
81 {
82 struct mid_q_entry *midEntry =
83 container_of(refcount, struct mid_q_entry, refcount);
84 #ifdef CONFIG_CIFS_STATS2
85 __le16 command = midEntry->server->vals->lock_cmd;
86 __u16 smb_cmd = le16_to_cpu(midEntry->command);
87 unsigned long now;
88 unsigned long roundtrip_time;
89 #endif
90 struct TCP_Server_Info *server = midEntry->server;
91
92 if (midEntry->resp_buf && (midEntry->mid_flags & MID_WAIT_CANCELLED) &&
93 (midEntry->mid_state == MID_RESPONSE_RECEIVED ||
94 midEntry->mid_state == MID_RESPONSE_READY) &&
95 server->ops->handle_cancelled_mid)
96 server->ops->handle_cancelled_mid(midEntry, server);
97
98 midEntry->mid_state = MID_FREE;
99 atomic_dec(&mid_count);
100 if (midEntry->large_buf)
101 cifs_buf_release(midEntry->resp_buf);
102 else
103 cifs_small_buf_release(midEntry->resp_buf);
104 #ifdef CONFIG_CIFS_STATS2
105 now = jiffies;
106 if (now < midEntry->when_alloc)
107 cifs_server_dbg(VFS, "Invalid mid allocation time\n");
108 roundtrip_time = now - midEntry->when_alloc;
109
110 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) {
111 if (atomic_read(&server->num_cmds[smb_cmd]) == 0) {
112 server->slowest_cmd[smb_cmd] = roundtrip_time;
113 server->fastest_cmd[smb_cmd] = roundtrip_time;
114 } else {
115 if (server->slowest_cmd[smb_cmd] < roundtrip_time)
116 server->slowest_cmd[smb_cmd] = roundtrip_time;
117 else if (server->fastest_cmd[smb_cmd] > roundtrip_time)
118 server->fastest_cmd[smb_cmd] = roundtrip_time;
119 }
120 cifs_stats_inc(&server->num_cmds[smb_cmd]);
121 server->time_per_cmd[smb_cmd] += roundtrip_time;
122 }
123 /*
124 * commands taking longer than one second (default) can be indications
125 * that something is wrong, unless it is quite a slow link or a very
126 * busy server. Note that this calc is unlikely or impossible to wrap
127 * as long as slow_rsp_threshold is not set way above recommended max
128 * value (32767 ie 9 hours) and is generally harmless even if wrong
129 * since only affects debug counters - so leaving the calc as simple
130 * comparison rather than doing multiple conversions and overflow
131 * checks
132 */
133 if ((slow_rsp_threshold != 0) &&
134 time_after(now, midEntry->when_alloc + (slow_rsp_threshold * HZ)) &&
135 (midEntry->command != command)) {
136 /*
137 * smb2slowcmd[NUMBER_OF_SMB2_COMMANDS] counts by command
138 * NB: le16_to_cpu returns unsigned so can not be negative below
139 */
140 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS)
141 cifs_stats_inc(&server->smb2slowcmd[smb_cmd]);
142
143 trace_smb3_slow_rsp(smb_cmd, midEntry->mid, midEntry->pid,
144 midEntry->when_sent, midEntry->when_received);
145 if (cifsFYI & CIFS_TIMER) {
146 pr_debug("slow rsp: cmd %d mid %llu",
147 midEntry->command, midEntry->mid);
148 cifs_info("A: 0x%lx S: 0x%lx R: 0x%lx\n",
149 now - midEntry->when_alloc,
150 now - midEntry->when_sent,
151 now - midEntry->when_received);
152 }
153 }
154 #endif
155 put_task_struct(midEntry->creator);
156
157 mempool_free(midEntry, cifs_mid_poolp);
158 }
159
160 void
161 delete_mid(struct mid_q_entry *mid)
162 {
163 spin_lock(&mid->server->mid_lock);
164 if (!(mid->mid_flags & MID_DELETED)) {
165 list_del_init(&mid->qhead);
166 mid->mid_flags |= MID_DELETED;
167 }
168 spin_unlock(&mid->server->mid_lock);
169
170 release_mid(mid);
171 }
172
173 /*
174 * smb_send_kvec - send an array of kvecs to the server
175 * @server: Server to send the data to
176 * @smb_msg: Message to send
177 * @sent: amount of data sent on socket is stored here
178 *
179 * Our basic "send data to server" function. Should be called with srv_mutex
180 * held. The caller is responsible for handling the results.
181 */
182 static int
183 smb_send_kvec(struct TCP_Server_Info *server, struct msghdr *smb_msg,
184 size_t *sent)
185 {
186 int rc = 0;
187 int retries = 0;
188 struct socket *ssocket = server->ssocket;
189
190 *sent = 0;
191
192 if (server->noblocksnd)
193 smb_msg->msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL;
194 else
195 smb_msg->msg_flags = MSG_NOSIGNAL;
196
197 while (msg_data_left(smb_msg)) {
198 /*
199 * If blocking send, we try 3 times, since each can block
200 * for 5 seconds. For nonblocking we have to try more
201 * but wait increasing amounts of time allowing time for
202 * socket to clear. The overall time we wait in either
203 * case to send on the socket is about 15 seconds.
204 * Similarly we wait for 15 seconds for a response from
205 * the server in SendReceive[2] for the server to send
206 * a response back for most types of requests (except
207 * SMB Write past end of file which can be slow, and
208 * blocking lock operations). NFS waits slightly longer
209 * than CIFS, but this can make it take longer for
210 * nonresponsive servers to be detected and 15 seconds
211 * is more than enough time for modern networks to
212 * send a packet. In most cases if we fail to send
213 * after the retries we will kill the socket and
214 * reconnect which may clear the network problem.
215 */
216 rc = sock_sendmsg(ssocket, smb_msg);
217 if (rc == -EAGAIN) {
218 retries++;
219 if (retries >= 14 ||
220 (!server->noblocksnd && (retries > 2))) {
221 cifs_server_dbg(VFS, "sends on sock %p stuck for 15 seconds\n",
222 ssocket);
223 return -EAGAIN;
224 }
225 msleep(1 << retries);
226 continue;
227 }
228
229 if (rc < 0)
230 return rc;
231
232 if (rc == 0) {
233 /* should never happen, letting socket clear before
234 retrying is our only obvious option here */
235 cifs_server_dbg(VFS, "tcp sent no data\n");
236 msleep(500);
237 continue;
238 }
239
240 /* send was at least partially successful */
241 *sent += rc;
242 retries = 0; /* in case we get ENOSPC on the next send */
243 }
244 return 0;
245 }
246
247 unsigned long
248 smb_rqst_len(struct TCP_Server_Info *server, struct smb_rqst *rqst)
249 {
250 unsigned int i;
251 struct kvec *iov;
252 int nvec;
253 unsigned long buflen = 0;
254
255 if (!is_smb1(server) && rqst->rq_nvec >= 2 &&
256 rqst->rq_iov[0].iov_len == 4) {
257 iov = &rqst->rq_iov[1];
258 nvec = rqst->rq_nvec - 1;
259 } else {
260 iov = rqst->rq_iov;
261 nvec = rqst->rq_nvec;
262 }
263
264 /* total up iov array first */
265 for (i = 0; i < nvec; i++)
266 buflen += iov[i].iov_len;
267
268 buflen += iov_iter_count(&rqst->rq_iter);
269 return buflen;
270 }
271
272 static int
273 __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
274 struct smb_rqst *rqst)
275 {
276 int rc;
277 struct kvec *iov;
278 int n_vec;
279 unsigned int send_length = 0;
280 unsigned int i, j;
281 sigset_t mask, oldmask;
282 size_t total_len = 0, sent, size;
283 struct socket *ssocket = server->ssocket;
284 struct msghdr smb_msg = {};
285 __be32 rfc1002_marker;
286
287 cifs_in_send_inc(server);
288 if (cifs_rdma_enabled(server)) {
289 /* return -EAGAIN when connecting or reconnecting */
290 rc = -EAGAIN;
291 if (server->smbd_conn)
292 rc = smbd_send(server, num_rqst, rqst);
293 goto smbd_done;
294 }
295
296 rc = -EAGAIN;
297 if (ssocket == NULL)
298 goto out;
299
300 rc = -ERESTARTSYS;
301 if (fatal_signal_pending(current)) {
302 cifs_dbg(FYI, "signal pending before send request\n");
303 goto out;
304 }
305
306 rc = 0;
307 /* cork the socket */
308 tcp_sock_set_cork(ssocket->sk, true);
309
310 for (j = 0; j < num_rqst; j++)
311 send_length += smb_rqst_len(server, &rqst[j]);
312 rfc1002_marker = cpu_to_be32(send_length);
313
314 /*
315 * We should not allow signals to interrupt the network send because
316 * any partial send will cause session reconnects thus increasing
317 * latency of system calls and overload a server with unnecessary
318 * requests.
319 */
320
321 sigfillset(&mask);
322 sigprocmask(SIG_BLOCK, &mask, &oldmask);
323
324 /* Generate a rfc1002 marker for SMB2+ */
325 if (!is_smb1(server)) {
326 struct kvec hiov = {
327 .iov_base = &rfc1002_marker,
328 .iov_len = 4
329 };
330 iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, &hiov, 1, 4);
331 rc = smb_send_kvec(server, &smb_msg, &sent);
332 if (rc < 0)
333 goto unmask;
334
335 total_len += sent;
336 send_length += 4;
337 }
338
339 cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length);
340
341 for (j = 0; j < num_rqst; j++) {
342 iov = rqst[j].rq_iov;
343 n_vec = rqst[j].rq_nvec;
344
345 size = 0;
346 for (i = 0; i < n_vec; i++) {
347 dump_smb(iov[i].iov_base, iov[i].iov_len);
348 size += iov[i].iov_len;
349 }
350
351 iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, iov, n_vec, size);
352
353 rc = smb_send_kvec(server, &smb_msg, &sent);
354 if (rc < 0)
355 goto unmask;
356
357 total_len += sent;
358
359 if (iov_iter_count(&rqst[j].rq_iter) > 0) {
360 smb_msg.msg_iter = rqst[j].rq_iter;
361 rc = smb_send_kvec(server, &smb_msg, &sent);
362 if (rc < 0)
363 break;
364 total_len += sent;
365 }
366
367 }
368
369 unmask:
370 sigprocmask(SIG_SETMASK, &oldmask, NULL);
371
372 /*
373 * If signal is pending but we have already sent the whole packet to
374 * the server we need to return success status to allow a corresponding
375 * mid entry to be kept in the pending requests queue thus allowing
376 * to handle responses from the server by the client.
377 *
378 * If only part of the packet has been sent there is no need to hide
379 * interrupt because the session will be reconnected anyway, so there
380 * won't be any response from the server to handle.
381 */
382
383 if (signal_pending(current) && (total_len != send_length)) {
384 cifs_dbg(FYI, "signal is pending after attempt to send\n");
385 rc = -ERESTARTSYS;
386 }
387
388 /* uncork it */
389 tcp_sock_set_cork(ssocket->sk, false);
390
391 if ((total_len > 0) && (total_len != send_length)) {
392 cifs_dbg(FYI, "partial send (wanted=%u sent=%zu): terminating session\n",
393 send_length, total_len);
394 /*
395 * If we have only sent part of an SMB then the next SMB could
396 * be taken as the remainder of this one. We need to kill the
397 * socket so the server throws away the partial SMB
398 */
399 cifs_signal_cifsd_for_reconnect(server, false);
400 trace_smb3_partial_send_reconnect(server->CurrentMid,
401 server->conn_id, server->hostname);
402 }
403 smbd_done:
404 /*
405 * there's hardly any use for the layers above to know the
406 * actual error code here. All they should do at this point is
407 * to retry the connection and hope it goes away.
408 */
409 if (rc < 0 && rc != -EINTR && rc != -EAGAIN) {
410 cifs_server_dbg(VFS, "Error %d sending data on socket to server\n",
411 rc);
412 rc = -ECONNABORTED;
413 cifs_signal_cifsd_for_reconnect(server, false);
414 } else if (rc > 0)
415 rc = 0;
416 out:
417 cifs_in_send_dec(server);
418 return rc;
419 }
420
421 static int
422 smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
423 struct smb_rqst *rqst, int flags)
424 {
425 struct smb2_transform_hdr tr_hdr;
426 struct smb_rqst new_rqst[MAX_COMPOUND] = {};
427 struct kvec iov = {
428 .iov_base = &tr_hdr,
429 .iov_len = sizeof(tr_hdr),
430 };
431 int rc;
432
433 if (flags & CIFS_COMPRESS_REQ)
434 return smb_compress(server, &rqst[0], __smb_send_rqst);
435
436 if (!(flags & CIFS_TRANSFORM_REQ))
437 return __smb_send_rqst(server, num_rqst, rqst);
438
439 if (WARN_ON_ONCE(num_rqst > MAX_COMPOUND - 1))
440 return -EIO;
441
442 if (!server->ops->init_transform_rq) {
443 cifs_server_dbg(VFS, "Encryption requested but transform callback is missing\n");
444 return -EIO;
445 }
446
447 new_rqst[0].rq_iov = &iov;
448 new_rqst[0].rq_nvec = 1;
449
450 rc = server->ops->init_transform_rq(server, num_rqst + 1,
451 new_rqst, rqst);
452 if (!rc) {
453 rc = __smb_send_rqst(server, num_rqst + 1, new_rqst);
454 smb3_free_compound_rqst(num_rqst, &new_rqst[1]);
455 }
456 return rc;
457 }
458
459 int
460 smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer,
461 unsigned int smb_buf_length)
462 {
463 struct kvec iov[2];
464 struct smb_rqst rqst = { .rq_iov = iov,
465 .rq_nvec = 2 };
466
467 iov[0].iov_base = smb_buffer;
468 iov[0].iov_len = 4;
469 iov[1].iov_base = (char *)smb_buffer + 4;
470 iov[1].iov_len = smb_buf_length;
471
472 return __smb_send_rqst(server, 1, &rqst);
473 }
474
475 static int
476 wait_for_free_credits(struct TCP_Server_Info *server, const int num_credits,
477 const int timeout, const int flags,
478 unsigned int *instance)
479 {
480 long rc;
481 int *credits;
482 int optype;
483 long int t;
484 int scredits, in_flight;
485
486 if (timeout < 0)
487 t = MAX_JIFFY_OFFSET;
488 else
489 t = msecs_to_jiffies(timeout);
490
491 optype = flags & CIFS_OP_MASK;
492
493 *instance = 0;
494
495 credits = server->ops->get_credits_field(server, optype);
496 /* Since an echo is already inflight, no need to wait to send another */
497 if (*credits <= 0 && optype == CIFS_ECHO_OP)
498 return -EAGAIN;
499
500 spin_lock(&server->req_lock);
501 if ((flags & CIFS_TIMEOUT_MASK) == CIFS_NON_BLOCKING) {
502 /* oplock breaks must not be held up */
503 server->in_flight++;
504 if (server->in_flight > server->max_in_flight)
505 server->max_in_flight = server->in_flight;
506 *credits -= 1;
507 *instance = server->reconnect_instance;
508 scredits = *credits;
509 in_flight = server->in_flight;
510 spin_unlock(&server->req_lock);
511
512 trace_smb3_nblk_credits(server->CurrentMid,
513 server->conn_id, server->hostname, scredits, -1, in_flight);
514 cifs_dbg(FYI, "%s: remove %u credits total=%d\n",
515 __func__, 1, scredits);
516
517 return 0;
518 }
519
520 while (1) {
521 spin_unlock(&server->req_lock);
522
523 spin_lock(&server->srv_lock);
524 if (server->tcpStatus == CifsExiting) {
525 spin_unlock(&server->srv_lock);
526 return -ENOENT;
527 }
528 spin_unlock(&server->srv_lock);
529
530 spin_lock(&server->req_lock);
531 if (*credits < num_credits) {
532 scredits = *credits;
533 spin_unlock(&server->req_lock);
534
535 cifs_num_waiters_inc(server);
536 rc = wait_event_killable_timeout(server->request_q,
537 has_credits(server, credits, num_credits), t);
538 cifs_num_waiters_dec(server);
539 if (!rc) {
540 spin_lock(&server->req_lock);
541 scredits = *credits;
542 in_flight = server->in_flight;
543 spin_unlock(&server->req_lock);
544
545 trace_smb3_credit_timeout(server->CurrentMid,
546 server->conn_id, server->hostname, scredits,
547 num_credits, in_flight);
548 cifs_server_dbg(VFS, "wait timed out after %d ms\n",
549 timeout);
550 return -EBUSY;
551 }
552 if (rc == -ERESTARTSYS)
553 return -ERESTARTSYS;
554 spin_lock(&server->req_lock);
555 } else {
556 /*
557 * For normal commands, reserve the last MAX_COMPOUND
558 * credits to compound requests.
559 * Otherwise these compounds could be permanently
560 * starved for credits by single-credit requests.
561 *
562 * To prevent spinning CPU, block this thread until
563 * there are >MAX_COMPOUND credits available.
564 * But only do this is we already have a lot of
565 * credits in flight to avoid triggering this check
566 * for servers that are slow to hand out credits on
567 * new sessions.
568 */
569 if (!optype && num_credits == 1 &&
570 server->in_flight > 2 * MAX_COMPOUND &&
571 *credits <= MAX_COMPOUND) {
572 spin_unlock(&server->req_lock);
573
574 cifs_num_waiters_inc(server);
575 rc = wait_event_killable_timeout(
576 server->request_q,
577 has_credits(server, credits,
578 MAX_COMPOUND + 1),
579 t);
580 cifs_num_waiters_dec(server);
581 if (!rc) {
582 spin_lock(&server->req_lock);
583 scredits = *credits;
584 in_flight = server->in_flight;
585 spin_unlock(&server->req_lock);
586
587 trace_smb3_credit_timeout(
588 server->CurrentMid,
589 server->conn_id, server->hostname,
590 scredits, num_credits, in_flight);
591 cifs_server_dbg(VFS, "wait timed out after %d ms\n",
592 timeout);
593 return -EBUSY;
594 }
595 if (rc == -ERESTARTSYS)
596 return -ERESTARTSYS;
597 spin_lock(&server->req_lock);
598 continue;
599 }
600
601 /*
602 * Can not count locking commands against total
603 * as they are allowed to block on server.
604 */
605
606 /* update # of requests on the wire to server */
607 if ((flags & CIFS_TIMEOUT_MASK) != CIFS_BLOCKING_OP) {
608 *credits -= num_credits;
609 server->in_flight += num_credits;
610 if (server->in_flight > server->max_in_flight)
611 server->max_in_flight = server->in_flight;
612 *instance = server->reconnect_instance;
613 }
614 scredits = *credits;
615 in_flight = server->in_flight;
616 spin_unlock(&server->req_lock);
617
618 trace_smb3_waitff_credits(server->CurrentMid,
619 server->conn_id, server->hostname, scredits,
620 -(num_credits), in_flight);
621 cifs_dbg(FYI, "%s: remove %u credits total=%d\n",
622 __func__, num_credits, scredits);
623 break;
624 }
625 }
626 return 0;
627 }
628
629 static int
630 wait_for_free_request(struct TCP_Server_Info *server, const int flags,
631 unsigned int *instance)
632 {
633 return wait_for_free_credits(server, 1, -1, flags,
634 instance);
635 }
636
637 static int
638 wait_for_compound_request(struct TCP_Server_Info *server, int num,
639 const int flags, unsigned int *instance)
640 {
641 int *credits;
642 int scredits, in_flight;
643
644 credits = server->ops->get_credits_field(server, flags & CIFS_OP_MASK);
645
646 spin_lock(&server->req_lock);
647 scredits = *credits;
648 in_flight = server->in_flight;
649
650 if (*credits < num) {
651 /*
652 * If the server is tight on resources or just gives us less
653 * credits for other reasons (e.g. requests are coming out of
654 * order and the server delays granting more credits until it
655 * processes a missing mid) and we exhausted most available
656 * credits there may be situations when we try to send
657 * a compound request but we don't have enough credits. At this
658 * point the client needs to decide if it should wait for
659 * additional credits or fail the request. If at least one
660 * request is in flight there is a high probability that the
661 * server will return enough credits to satisfy this compound
662 * request.
663 *
664 * Return immediately if no requests in flight since we will be
665 * stuck on waiting for credits.
666 */
667 if (server->in_flight == 0) {
668 spin_unlock(&server->req_lock);
669 trace_smb3_insufficient_credits(server->CurrentMid,
670 server->conn_id, server->hostname, scredits,
671 num, in_flight);
672 cifs_dbg(FYI, "%s: %d requests in flight, needed %d total=%d\n",
673 __func__, in_flight, num, scredits);
674 return -EDEADLK;
675 }
676 }
677 spin_unlock(&server->req_lock);
678
679 return wait_for_free_credits(server, num, 60000, flags,
680 instance);
681 }
682
683 int
684 cifs_wait_mtu_credits(struct TCP_Server_Info *server, size_t size,
685 size_t *num, struct cifs_credits *credits)
686 {
687 *num = size;
688 credits->value = 0;
689 credits->instance = server->reconnect_instance;
690 return 0;
691 }
692
693 static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf,
694 struct mid_q_entry **ppmidQ)
695 {
696 spin_lock(&ses->ses_lock);
697 if (ses->ses_status == SES_NEW) {
698 if ((in_buf->Command != SMB_COM_SESSION_SETUP_ANDX) &&
699 (in_buf->Command != SMB_COM_NEGOTIATE)) {
700 spin_unlock(&ses->ses_lock);
701 return -EAGAIN;
702 }
703 /* else ok - we are setting up session */
704 }
705
706 if (ses->ses_status == SES_EXITING) {
707 /* check if SMB session is bad because we are setting it up */
708 if (in_buf->Command != SMB_COM_LOGOFF_ANDX) {
709 spin_unlock(&ses->ses_lock);
710 return -EAGAIN;
711 }
712 /* else ok - we are shutting down session */
713 }
714 spin_unlock(&ses->ses_lock);
715
716 *ppmidQ = alloc_mid(in_buf, ses->server);
717 if (*ppmidQ == NULL)
718 return -ENOMEM;
719 spin_lock(&ses->server->mid_lock);
720 list_add_tail(&(*ppmidQ)->qhead, &ses->server->pending_mid_q);
721 spin_unlock(&ses->server->mid_lock);
722 return 0;
723 }
724
725 static int
726 wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ)
727 {
728 int error;
729
730 error = wait_event_state(server->response_q,
731 midQ->mid_state != MID_REQUEST_SUBMITTED &&
732 midQ->mid_state != MID_RESPONSE_RECEIVED,
733 (TASK_KILLABLE|TASK_FREEZABLE_UNSAFE));
734 if (error < 0)
735 return -ERESTARTSYS;
736
737 return 0;
738 }
739
740 struct mid_q_entry *
741 cifs_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
742 {
743 int rc;
744 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
745 struct mid_q_entry *mid;
746
747 if (rqst->rq_iov[0].iov_len != 4 ||
748 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
749 return ERR_PTR(-EIO);
750
751 /* enable signing if server requires it */
752 if (server->sign)
753 hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
754
755 mid = alloc_mid(hdr, server);
756 if (mid == NULL)
757 return ERR_PTR(-ENOMEM);
758
759 rc = cifs_sign_rqst(rqst, server, &mid->sequence_number);
760 if (rc) {
761 release_mid(mid);
762 return ERR_PTR(rc);
763 }
764
765 return mid;
766 }
767
768 /*
769 * Send a SMB request and set the callback function in the mid to handle
770 * the result. Caller is responsible for dealing with timeouts.
771 */
772 int
773 cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst,
774 mid_receive_t *receive, mid_callback_t *callback,
775 mid_handle_t *handle, void *cbdata, const int flags,
776 const struct cifs_credits *exist_credits)
777 {
778 int rc;
779 struct mid_q_entry *mid;
780 struct cifs_credits credits = { .value = 0, .instance = 0 };
781 unsigned int instance;
782 int optype;
783
784 optype = flags & CIFS_OP_MASK;
785
786 if ((flags & CIFS_HAS_CREDITS) == 0) {
787 rc = wait_for_free_request(server, flags, &instance);
788 if (rc)
789 return rc;
790 credits.value = 1;
791 credits.instance = instance;
792 } else
793 instance = exist_credits->instance;
794
795 cifs_server_lock(server);
796
797 /*
798 * We can't use credits obtained from the previous session to send this
799 * request. Check if there were reconnects after we obtained credits and
800 * return -EAGAIN in such cases to let callers handle it.
801 */
802 if (instance != server->reconnect_instance) {
803 cifs_server_unlock(server);
804 add_credits_and_wake_if(server, &credits, optype);
805 return -EAGAIN;
806 }
807
808 mid = server->ops->setup_async_request(server, rqst);
809 if (IS_ERR(mid)) {
810 cifs_server_unlock(server);
811 add_credits_and_wake_if(server, &credits, optype);
812 return PTR_ERR(mid);
813 }
814
815 mid->receive = receive;
816 mid->callback = callback;
817 mid->callback_data = cbdata;
818 mid->handle = handle;
819 mid->mid_state = MID_REQUEST_SUBMITTED;
820
821 /* put it on the pending_mid_q */
822 spin_lock(&server->mid_lock);
823 list_add_tail(&mid->qhead, &server->pending_mid_q);
824 spin_unlock(&server->mid_lock);
825
826 /*
827 * Need to store the time in mid before calling I/O. For call_async,
828 * I/O response may come back and free the mid entry on another thread.
829 */
830 cifs_save_when_sent(mid);
831 rc = smb_send_rqst(server, 1, rqst, flags);
832
833 if (rc < 0) {
834 revert_current_mid(server, mid->credits);
835 server->sequence_number -= 2;
836 delete_mid(mid);
837 }
838
839 cifs_server_unlock(server);
840
841 if (rc == 0)
842 return 0;
843
844 add_credits_and_wake_if(server, &credits, optype);
845 return rc;
846 }
847
848 /*
849 *
850 * Send an SMB Request. No response info (other than return code)
851 * needs to be parsed.
852 *
853 * flags indicate the type of request buffer and how long to wait
854 * and whether to log NT STATUS code (error) before mapping it to POSIX error
855 *
856 */
857 int
858 SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses,
859 char *in_buf, int flags)
860 {
861 int rc;
862 struct kvec iov[1];
863 struct kvec rsp_iov;
864 int resp_buf_type;
865
866 iov[0].iov_base = in_buf;
867 iov[0].iov_len = get_rfc1002_length(in_buf) + 4;
868 flags |= CIFS_NO_RSP_BUF;
869 rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags, &rsp_iov);
870 cifs_dbg(NOISY, "SendRcvNoRsp flags %d rc %d\n", flags, rc);
871
872 return rc;
873 }
874
875 static int
876 cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server)
877 {
878 int rc = 0;
879
880 cifs_dbg(FYI, "%s: cmd=%d mid=%llu state=%d\n",
881 __func__, le16_to_cpu(mid->command), mid->mid, mid->mid_state);
882
883 spin_lock(&server->mid_lock);
884 switch (mid->mid_state) {
885 case MID_RESPONSE_READY:
886 spin_unlock(&server->mid_lock);
887 return rc;
888 case MID_RETRY_NEEDED:
889 rc = -EAGAIN;
890 break;
891 case MID_RESPONSE_MALFORMED:
892 rc = -EIO;
893 break;
894 case MID_SHUTDOWN:
895 rc = -EHOSTDOWN;
896 break;
897 default:
898 if (!(mid->mid_flags & MID_DELETED)) {
899 list_del_init(&mid->qhead);
900 mid->mid_flags |= MID_DELETED;
901 }
902 spin_unlock(&server->mid_lock);
903 cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n",
904 __func__, mid->mid, mid->mid_state);
905 rc = -EIO;
906 goto sync_mid_done;
907 }
908 spin_unlock(&server->mid_lock);
909
910 sync_mid_done:
911 release_mid(mid);
912 return rc;
913 }
914
915 static inline int
916 send_cancel(struct TCP_Server_Info *server, struct smb_rqst *rqst,
917 struct mid_q_entry *mid)
918 {
919 return server->ops->send_cancel ?
920 server->ops->send_cancel(server, rqst, mid) : 0;
921 }
922
923 int
924 cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
925 bool log_error)
926 {
927 unsigned int len = get_rfc1002_length(mid->resp_buf) + 4;
928
929 dump_smb(mid->resp_buf, min_t(u32, 92, len));
930
931 /* convert the length into a more usable form */
932 if (server->sign) {
933 struct kvec iov[2];
934 int rc = 0;
935 struct smb_rqst rqst = { .rq_iov = iov,
936 .rq_nvec = 2 };
937
938 iov[0].iov_base = mid->resp_buf;
939 iov[0].iov_len = 4;
940 iov[1].iov_base = (char *)mid->resp_buf + 4;
941 iov[1].iov_len = len - 4;
942 /* FIXME: add code to kill session */
943 rc = cifs_verify_signature(&rqst, server,
944 mid->sequence_number);
945 if (rc)
946 cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n",
947 rc);
948 }
949
950 /* BB special case reconnect tid and uid here? */
951 return map_and_check_smb_error(mid, log_error);
952 }
953
954 struct mid_q_entry *
955 cifs_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *ignored,
956 struct smb_rqst *rqst)
957 {
958 int rc;
959 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
960 struct mid_q_entry *mid;
961
962 if (rqst->rq_iov[0].iov_len != 4 ||
963 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
964 return ERR_PTR(-EIO);
965
966 rc = allocate_mid(ses, hdr, &mid);
967 if (rc)
968 return ERR_PTR(rc);
969 rc = cifs_sign_rqst(rqst, ses->server, &mid->sequence_number);
970 if (rc) {
971 delete_mid(mid);
972 return ERR_PTR(rc);
973 }
974 return mid;
975 }
976
977 static void
978 cifs_compound_callback(struct mid_q_entry *mid)
979 {
980 struct TCP_Server_Info *server = mid->server;
981 struct cifs_credits credits = {
982 .value = server->ops->get_credits(mid),
983 .instance = server->reconnect_instance,
984 };
985
986 add_credits(server, &credits, mid->optype);
987
988 if (mid->mid_state == MID_RESPONSE_RECEIVED)
989 mid->mid_state = MID_RESPONSE_READY;
990 }
991
992 static void
993 cifs_compound_last_callback(struct mid_q_entry *mid)
994 {
995 cifs_compound_callback(mid);
996 cifs_wake_up_task(mid);
997 }
998
999 static void
1000 cifs_cancelled_callback(struct mid_q_entry *mid)
1001 {
1002 cifs_compound_callback(mid);
1003 release_mid(mid);
1004 }
1005
1006 /*
1007 * Return a channel (master if none) of @ses that can be used to send
1008 * regular requests.
1009 *
1010 * If we are currently binding a new channel (negprot/sess.setup),
1011 * return the new incomplete channel.
1012 */
1013 struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses)
1014 {
1015 uint index = 0;
1016 unsigned int min_in_flight = UINT_MAX, max_in_flight = 0;
1017 struct TCP_Server_Info *server = NULL;
1018 int i;
1019
1020 if (!ses)
1021 return NULL;
1022
1023 spin_lock(&ses->chan_lock);
1024 for (i = 0; i < ses->chan_count; i++) {
1025 server = ses->chans[i].server;
1026 if (!server || server->terminate)
1027 continue;
1028
1029 if (CIFS_CHAN_NEEDS_RECONNECT(ses, i))
1030 continue;
1031
1032 /*
1033 * strictly speaking, we should pick up req_lock to read
1034 * server->in_flight. But it shouldn't matter much here if we
1035 * race while reading this data. The worst that can happen is
1036 * that we could use a channel that's not least loaded. Avoiding
1037 * taking the lock could help reduce wait time, which is
1038 * important for this function
1039 */
1040 if (server->in_flight < min_in_flight) {
1041 min_in_flight = server->in_flight;
1042 index = i;
1043 }
1044 if (server->in_flight > max_in_flight)
1045 max_in_flight = server->in_flight;
1046 }
1047
1048 /* if all channels are equally loaded, fall back to round-robin */
1049 if (min_in_flight == max_in_flight) {
1050 index = (uint)atomic_inc_return(&ses->chan_seq);
1051 index %= ses->chan_count;
1052 }
1053
1054 server = ses->chans[index].server;
1055 spin_unlock(&ses->chan_lock);
1056
1057 return server;
1058 }
1059
1060 int
1061 compound_send_recv(const unsigned int xid, struct cifs_ses *ses,
1062 struct TCP_Server_Info *server,
1063 const int flags, const int num_rqst, struct smb_rqst *rqst,
1064 int *resp_buf_type, struct kvec *resp_iov)
1065 {
1066 int i, j, optype, rc = 0;
1067 struct mid_q_entry *midQ[MAX_COMPOUND];
1068 bool cancelled_mid[MAX_COMPOUND] = {false};
1069 struct cifs_credits credits[MAX_COMPOUND] = {
1070 { .value = 0, .instance = 0 }
1071 };
1072 unsigned int instance;
1073 char *buf;
1074
1075 optype = flags & CIFS_OP_MASK;
1076
1077 for (i = 0; i < num_rqst; i++)
1078 resp_buf_type[i] = CIFS_NO_BUFFER; /* no response buf yet */
1079
1080 if (!ses || !ses->server || !server) {
1081 cifs_dbg(VFS, "Null session\n");
1082 return -EIO;
1083 }
1084
1085 spin_lock(&server->srv_lock);
1086 if (server->tcpStatus == CifsExiting) {
1087 spin_unlock(&server->srv_lock);
1088 return -ENOENT;
1089 }
1090 spin_unlock(&server->srv_lock);
1091
1092 /*
1093 * Wait for all the requests to become available.
1094 * This approach still leaves the possibility to be stuck waiting for
1095 * credits if the server doesn't grant credits to the outstanding
1096 * requests and if the client is completely idle, not generating any
1097 * other requests.
1098 * This can be handled by the eventual session reconnect.
1099 */
1100 rc = wait_for_compound_request(server, num_rqst, flags,
1101 &instance);
1102 if (rc)
1103 return rc;
1104
1105 for (i = 0; i < num_rqst; i++) {
1106 credits[i].value = 1;
1107 credits[i].instance = instance;
1108 }
1109
1110 /*
1111 * Make sure that we sign in the same order that we send on this socket
1112 * and avoid races inside tcp sendmsg code that could cause corruption
1113 * of smb data.
1114 */
1115
1116 cifs_server_lock(server);
1117
1118 /*
1119 * All the parts of the compound chain belong obtained credits from the
1120 * same session. We can not use credits obtained from the previous
1121 * session to send this request. Check if there were reconnects after
1122 * we obtained credits and return -EAGAIN in such cases to let callers
1123 * handle it.
1124 */
1125 if (instance != server->reconnect_instance) {
1126 cifs_server_unlock(server);
1127 for (j = 0; j < num_rqst; j++)
1128 add_credits(server, &credits[j], optype);
1129 return -EAGAIN;
1130 }
1131
1132 for (i = 0; i < num_rqst; i++) {
1133 midQ[i] = server->ops->setup_request(ses, server, &rqst[i]);
1134 if (IS_ERR(midQ[i])) {
1135 revert_current_mid(server, i);
1136 for (j = 0; j < i; j++)
1137 delete_mid(midQ[j]);
1138 cifs_server_unlock(server);
1139
1140 /* Update # of requests on wire to server */
1141 for (j = 0; j < num_rqst; j++)
1142 add_credits(server, &credits[j], optype);
1143 return PTR_ERR(midQ[i]);
1144 }
1145
1146 midQ[i]->mid_state = MID_REQUEST_SUBMITTED;
1147 midQ[i]->optype = optype;
1148 /*
1149 * Invoke callback for every part of the compound chain
1150 * to calculate credits properly. Wake up this thread only when
1151 * the last element is received.
1152 */
1153 if (i < num_rqst - 1)
1154 midQ[i]->callback = cifs_compound_callback;
1155 else
1156 midQ[i]->callback = cifs_compound_last_callback;
1157 }
1158 rc = smb_send_rqst(server, num_rqst, rqst, flags);
1159
1160 for (i = 0; i < num_rqst; i++)
1161 cifs_save_when_sent(midQ[i]);
1162
1163 if (rc < 0) {
1164 revert_current_mid(server, num_rqst);
1165 server->sequence_number -= 2;
1166 }
1167
1168 cifs_server_unlock(server);
1169
1170 /*
1171 * If sending failed for some reason or it is an oplock break that we
1172 * will not receive a response to - return credits back
1173 */
1174 if (rc < 0 || (flags & CIFS_NO_SRV_RSP)) {
1175 for (i = 0; i < num_rqst; i++)
1176 add_credits(server, &credits[i], optype);
1177 goto out;
1178 }
1179
1180 /*
1181 * At this point the request is passed to the network stack - we assume
1182 * that any credits taken from the server structure on the client have
1183 * been spent and we can't return them back. Once we receive responses
1184 * we will collect credits granted by the server in the mid callbacks
1185 * and add those credits to the server structure.
1186 */
1187
1188 /*
1189 * Compounding is never used during session establish.
1190 */
1191 spin_lock(&ses->ses_lock);
1192 if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) {
1193 spin_unlock(&ses->ses_lock);
1194
1195 cifs_server_lock(server);
1196 smb311_update_preauth_hash(ses, server, rqst[0].rq_iov, rqst[0].rq_nvec);
1197 cifs_server_unlock(server);
1198
1199 spin_lock(&ses->ses_lock);
1200 }
1201 spin_unlock(&ses->ses_lock);
1202
1203 for (i = 0; i < num_rqst; i++) {
1204 rc = wait_for_response(server, midQ[i]);
1205 if (rc != 0)
1206 break;
1207 }
1208 if (rc != 0) {
1209 for (; i < num_rqst; i++) {
1210 cifs_server_dbg(FYI, "Cancelling wait for mid %llu cmd: %d\n",
1211 midQ[i]->mid, le16_to_cpu(midQ[i]->command));
1212 send_cancel(server, &rqst[i], midQ[i]);
1213 spin_lock(&server->mid_lock);
1214 midQ[i]->mid_flags |= MID_WAIT_CANCELLED;
1215 if (midQ[i]->mid_state == MID_REQUEST_SUBMITTED ||
1216 midQ[i]->mid_state == MID_RESPONSE_RECEIVED) {
1217 midQ[i]->callback = cifs_cancelled_callback;
1218 cancelled_mid[i] = true;
1219 credits[i].value = 0;
1220 }
1221 spin_unlock(&server->mid_lock);
1222 }
1223 }
1224
1225 for (i = 0; i < num_rqst; i++) {
1226 if (rc < 0)
1227 goto out;
1228
1229 rc = cifs_sync_mid_result(midQ[i], server);
1230 if (rc != 0) {
1231 /* mark this mid as cancelled to not free it below */
1232 cancelled_mid[i] = true;
1233 goto out;
1234 }
1235
1236 if (!midQ[i]->resp_buf ||
1237 midQ[i]->mid_state != MID_RESPONSE_READY) {
1238 rc = -EIO;
1239 cifs_dbg(FYI, "Bad MID state?\n");
1240 goto out;
1241 }
1242
1243 buf = (char *)midQ[i]->resp_buf;
1244 resp_iov[i].iov_base = buf;
1245 resp_iov[i].iov_len = midQ[i]->resp_buf_size +
1246 HEADER_PREAMBLE_SIZE(server);
1247
1248 if (midQ[i]->large_buf)
1249 resp_buf_type[i] = CIFS_LARGE_BUFFER;
1250 else
1251 resp_buf_type[i] = CIFS_SMALL_BUFFER;
1252
1253 rc = server->ops->check_receive(midQ[i], server,
1254 flags & CIFS_LOG_ERROR);
1255
1256 /* mark it so buf will not be freed by delete_mid */
1257 if ((flags & CIFS_NO_RSP_BUF) == 0)
1258 midQ[i]->resp_buf = NULL;
1259
1260 }
1261
1262 /*
1263 * Compounding is never used during session establish.
1264 */
1265 spin_lock(&ses->ses_lock);
1266 if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) {
1267 struct kvec iov = {
1268 .iov_base = resp_iov[0].iov_base,
1269 .iov_len = resp_iov[0].iov_len
1270 };
1271 spin_unlock(&ses->ses_lock);
1272 cifs_server_lock(server);
1273 smb311_update_preauth_hash(ses, server, &iov, 1);
1274 cifs_server_unlock(server);
1275 spin_lock(&ses->ses_lock);
1276 }
1277 spin_unlock(&ses->ses_lock);
1278
1279 out:
1280 /*
1281 * This will dequeue all mids. After this it is important that the
1282 * demultiplex_thread will not process any of these mids any further.
1283 * This is prevented above by using a noop callback that will not
1284 * wake this thread except for the very last PDU.
1285 */
1286 for (i = 0; i < num_rqst; i++) {
1287 if (!cancelled_mid[i])
1288 delete_mid(midQ[i]);
1289 }
1290
1291 return rc;
1292 }
1293
1294 int
1295 cifs_send_recv(const unsigned int xid, struct cifs_ses *ses,
1296 struct TCP_Server_Info *server,
1297 struct smb_rqst *rqst, int *resp_buf_type, const int flags,
1298 struct kvec *resp_iov)
1299 {
1300 return compound_send_recv(xid, ses, server, flags, 1,
1301 rqst, resp_buf_type, resp_iov);
1302 }
1303
1304 int
1305 SendReceive2(const unsigned int xid, struct cifs_ses *ses,
1306 struct kvec *iov, int n_vec, int *resp_buf_type /* ret */,
1307 const int flags, struct kvec *resp_iov)
1308 {
1309 struct smb_rqst rqst;
1310 struct kvec s_iov[CIFS_MAX_IOV_SIZE], *new_iov;
1311 int rc;
1312
1313 if (n_vec + 1 > CIFS_MAX_IOV_SIZE) {
1314 new_iov = kmalloc_array(n_vec + 1, sizeof(struct kvec),
1315 GFP_KERNEL);
1316 if (!new_iov) {
1317 /* otherwise cifs_send_recv below sets resp_buf_type */
1318 *resp_buf_type = CIFS_NO_BUFFER;
1319 return -ENOMEM;
1320 }
1321 } else
1322 new_iov = s_iov;
1323
1324 /* 1st iov is a RFC1001 length followed by the rest of the packet */
1325 memcpy(new_iov + 1, iov, (sizeof(struct kvec) * n_vec));
1326
1327 new_iov[0].iov_base = new_iov[1].iov_base;
1328 new_iov[0].iov_len = 4;
1329 new_iov[1].iov_base += 4;
1330 new_iov[1].iov_len -= 4;
1331
1332 memset(&rqst, 0, sizeof(struct smb_rqst));
1333 rqst.rq_iov = new_iov;
1334 rqst.rq_nvec = n_vec + 1;
1335
1336 rc = cifs_send_recv(xid, ses, ses->server,
1337 &rqst, resp_buf_type, flags, resp_iov);
1338 if (n_vec + 1 > CIFS_MAX_IOV_SIZE)
1339 kfree(new_iov);
1340 return rc;
1341 }
1342
1343 int
1344 SendReceive(const unsigned int xid, struct cifs_ses *ses,
1345 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
1346 int *pbytes_returned, const int flags)
1347 {
1348 int rc = 0;
1349 struct mid_q_entry *midQ;
1350 unsigned int len = be32_to_cpu(in_buf->smb_buf_length);
1351 struct kvec iov = { .iov_base = in_buf, .iov_len = len };
1352 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 };
1353 struct cifs_credits credits = { .value = 1, .instance = 0 };
1354 struct TCP_Server_Info *server;
1355
1356 if (ses == NULL) {
1357 cifs_dbg(VFS, "Null smb session\n");
1358 return -EIO;
1359 }
1360 server = ses->server;
1361 if (server == NULL) {
1362 cifs_dbg(VFS, "Null tcp session\n");
1363 return -EIO;
1364 }
1365
1366 spin_lock(&server->srv_lock);
1367 if (server->tcpStatus == CifsExiting) {
1368 spin_unlock(&server->srv_lock);
1369 return -ENOENT;
1370 }
1371 spin_unlock(&server->srv_lock);
1372
1373 /* Ensure that we do not send more than 50 overlapping requests
1374 to the same server. We may make this configurable later or
1375 use ses->maxReq */
1376
1377 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
1378 cifs_server_dbg(VFS, "Invalid length, greater than maximum frame, %d\n",
1379 len);
1380 return -EIO;
1381 }
1382
1383 rc = wait_for_free_request(server, flags, &credits.instance);
1384 if (rc)
1385 return rc;
1386
1387 /* make sure that we sign in the same order that we send on this socket
1388 and avoid races inside tcp sendmsg code that could cause corruption
1389 of smb data */
1390
1391 cifs_server_lock(server);
1392
1393 rc = allocate_mid(ses, in_buf, &midQ);
1394 if (rc) {
1395 cifs_server_unlock(server);
1396 /* Update # of requests on wire to server */
1397 add_credits(server, &credits, 0);
1398 return rc;
1399 }
1400
1401 rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number);
1402 if (rc) {
1403 cifs_server_unlock(server);
1404 goto out;
1405 }
1406
1407 midQ->mid_state = MID_REQUEST_SUBMITTED;
1408
1409 rc = smb_send(server, in_buf, len);
1410 cifs_save_when_sent(midQ);
1411
1412 if (rc < 0)
1413 server->sequence_number -= 2;
1414
1415 cifs_server_unlock(server);
1416
1417 if (rc < 0)
1418 goto out;
1419
1420 rc = wait_for_response(server, midQ);
1421 if (rc != 0) {
1422 send_cancel(server, &rqst, midQ);
1423 spin_lock(&server->mid_lock);
1424 if (midQ->mid_state == MID_REQUEST_SUBMITTED ||
1425 midQ->mid_state == MID_RESPONSE_RECEIVED) {
1426 /* no longer considered to be "in-flight" */
1427 midQ->callback = release_mid;
1428 spin_unlock(&server->mid_lock);
1429 add_credits(server, &credits, 0);
1430 return rc;
1431 }
1432 spin_unlock(&server->mid_lock);
1433 }
1434
1435 rc = cifs_sync_mid_result(midQ, server);
1436 if (rc != 0) {
1437 add_credits(server, &credits, 0);
1438 return rc;
1439 }
1440
1441 if (!midQ->resp_buf || !out_buf ||
1442 midQ->mid_state != MID_RESPONSE_READY) {
1443 rc = -EIO;
1444 cifs_server_dbg(VFS, "Bad MID state?\n");
1445 goto out;
1446 }
1447
1448 *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
1449 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1450 rc = cifs_check_receive(midQ, server, 0);
1451 out:
1452 delete_mid(midQ);
1453 add_credits(server, &credits, 0);
1454
1455 return rc;
1456 }
1457
1458 /* We send a LOCKINGX_CANCEL_LOCK to cause the Windows
1459 blocking lock to return. */
1460
1461 static int
1462 send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon,
1463 struct smb_hdr *in_buf,
1464 struct smb_hdr *out_buf)
1465 {
1466 int bytes_returned;
1467 struct cifs_ses *ses = tcon->ses;
1468 LOCK_REQ *pSMB = (LOCK_REQ *)in_buf;
1469
1470 /* We just modify the current in_buf to change
1471 the type of lock from LOCKING_ANDX_SHARED_LOCK
1472 or LOCKING_ANDX_EXCLUSIVE_LOCK to
1473 LOCKING_ANDX_CANCEL_LOCK. */
1474
1475 pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES;
1476 pSMB->Timeout = 0;
1477 pSMB->hdr.Mid = get_next_mid(ses->server);
1478
1479 return SendReceive(xid, ses, in_buf, out_buf,
1480 &bytes_returned, 0);
1481 }
1482
1483 int
1484 SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon,
1485 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
1486 int *pbytes_returned)
1487 {
1488 int rc = 0;
1489 int rstart = 0;
1490 struct mid_q_entry *midQ;
1491 struct cifs_ses *ses;
1492 unsigned int len = be32_to_cpu(in_buf->smb_buf_length);
1493 struct kvec iov = { .iov_base = in_buf, .iov_len = len };
1494 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 };
1495 unsigned int instance;
1496 struct TCP_Server_Info *server;
1497
1498 if (tcon == NULL || tcon->ses == NULL) {
1499 cifs_dbg(VFS, "Null smb session\n");
1500 return -EIO;
1501 }
1502 ses = tcon->ses;
1503 server = ses->server;
1504
1505 if (server == NULL) {
1506 cifs_dbg(VFS, "Null tcp session\n");
1507 return -EIO;
1508 }
1509
1510 spin_lock(&server->srv_lock);
1511 if (server->tcpStatus == CifsExiting) {
1512 spin_unlock(&server->srv_lock);
1513 return -ENOENT;
1514 }
1515 spin_unlock(&server->srv_lock);
1516
1517 /* Ensure that we do not send more than 50 overlapping requests
1518 to the same server. We may make this configurable later or
1519 use ses->maxReq */
1520
1521 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
1522 cifs_tcon_dbg(VFS, "Invalid length, greater than maximum frame, %d\n",
1523 len);
1524 return -EIO;
1525 }
1526
1527 rc = wait_for_free_request(server, CIFS_BLOCKING_OP, &instance);
1528 if (rc)
1529 return rc;
1530
1531 /* make sure that we sign in the same order that we send on this socket
1532 and avoid races inside tcp sendmsg code that could cause corruption
1533 of smb data */
1534
1535 cifs_server_lock(server);
1536
1537 rc = allocate_mid(ses, in_buf, &midQ);
1538 if (rc) {
1539 cifs_server_unlock(server);
1540 return rc;
1541 }
1542
1543 rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number);
1544 if (rc) {
1545 delete_mid(midQ);
1546 cifs_server_unlock(server);
1547 return rc;
1548 }
1549
1550 midQ->mid_state = MID_REQUEST_SUBMITTED;
1551 rc = smb_send(server, in_buf, len);
1552 cifs_save_when_sent(midQ);
1553
1554 if (rc < 0)
1555 server->sequence_number -= 2;
1556
1557 cifs_server_unlock(server);
1558
1559 if (rc < 0) {
1560 delete_mid(midQ);
1561 return rc;
1562 }
1563
1564 /* Wait for a reply - allow signals to interrupt. */
1565 rc = wait_event_interruptible(server->response_q,
1566 (!(midQ->mid_state == MID_REQUEST_SUBMITTED ||
1567 midQ->mid_state == MID_RESPONSE_RECEIVED)) ||
1568 ((server->tcpStatus != CifsGood) &&
1569 (server->tcpStatus != CifsNew)));
1570
1571 /* Were we interrupted by a signal ? */
1572 spin_lock(&server->srv_lock);
1573 if ((rc == -ERESTARTSYS) &&
1574 (midQ->mid_state == MID_REQUEST_SUBMITTED ||
1575 midQ->mid_state == MID_RESPONSE_RECEIVED) &&
1576 ((server->tcpStatus == CifsGood) ||
1577 (server->tcpStatus == CifsNew))) {
1578 spin_unlock(&server->srv_lock);
1579
1580 if (in_buf->Command == SMB_COM_TRANSACTION2) {
1581 /* POSIX lock. We send a NT_CANCEL SMB to cause the
1582 blocking lock to return. */
1583 rc = send_cancel(server, &rqst, midQ);
1584 if (rc) {
1585 delete_mid(midQ);
1586 return rc;
1587 }
1588 } else {
1589 /* Windows lock. We send a LOCKINGX_CANCEL_LOCK
1590 to cause the blocking lock to return. */
1591
1592 rc = send_lock_cancel(xid, tcon, in_buf, out_buf);
1593
1594 /* If we get -ENOLCK back the lock may have
1595 already been removed. Don't exit in this case. */
1596 if (rc && rc != -ENOLCK) {
1597 delete_mid(midQ);
1598 return rc;
1599 }
1600 }
1601
1602 rc = wait_for_response(server, midQ);
1603 if (rc) {
1604 send_cancel(server, &rqst, midQ);
1605 spin_lock(&server->mid_lock);
1606 if (midQ->mid_state == MID_REQUEST_SUBMITTED ||
1607 midQ->mid_state == MID_RESPONSE_RECEIVED) {
1608 /* no longer considered to be "in-flight" */
1609 midQ->callback = release_mid;
1610 spin_unlock(&server->mid_lock);
1611 return rc;
1612 }
1613 spin_unlock(&server->mid_lock);
1614 }
1615
1616 /* We got the response - restart system call. */
1617 rstart = 1;
1618 spin_lock(&server->srv_lock);
1619 }
1620 spin_unlock(&server->srv_lock);
1621
1622 rc = cifs_sync_mid_result(midQ, server);
1623 if (rc != 0)
1624 return rc;
1625
1626 /* rcvd frame is ok */
1627 if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_READY) {
1628 rc = -EIO;
1629 cifs_tcon_dbg(VFS, "Bad MID state?\n");
1630 goto out;
1631 }
1632
1633 *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
1634 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1635 rc = cifs_check_receive(midQ, server, 0);
1636 out:
1637 delete_mid(midQ);
1638 if (rstart && rc == -EACCES)
1639 return -ERESTARTSYS;
1640 return rc;
1641 }
1642
1643 /*
1644 * Discard any remaining data in the current SMB. To do this, we borrow the
1645 * current bigbuf.
1646 */
1647 int
1648 cifs_discard_remaining_data(struct TCP_Server_Info *server)
1649 {
1650 unsigned int rfclen = server->pdu_size;
1651 size_t remaining = rfclen + HEADER_PREAMBLE_SIZE(server) -
1652 server->total_read;
1653
1654 while (remaining > 0) {
1655 ssize_t length;
1656
1657 length = cifs_discard_from_socket(server,
1658 min_t(size_t, remaining,
1659 CIFSMaxBufSize + MAX_HEADER_SIZE(server)));
1660 if (length < 0)
1661 return length;
1662 server->total_read += length;
1663 remaining -= length;
1664 }
1665
1666 return 0;
1667 }
1668
1669 static int
1670 __cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid,
1671 bool malformed)
1672 {
1673 int length;
1674
1675 length = cifs_discard_remaining_data(server);
1676 dequeue_mid(mid, malformed);
1677 mid->resp_buf = server->smallbuf;
1678 server->smallbuf = NULL;
1679 return length;
1680 }
1681
1682 static int
1683 cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid)
1684 {
1685 struct cifs_io_subrequest *rdata = mid->callback_data;
1686
1687 return __cifs_readv_discard(server, mid, rdata->result);
1688 }
1689
1690 int
1691 cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid)
1692 {
1693 int length, len;
1694 unsigned int data_offset, data_len;
1695 struct cifs_io_subrequest *rdata = mid->callback_data;
1696 char *buf = server->smallbuf;
1697 unsigned int buflen = server->pdu_size + HEADER_PREAMBLE_SIZE(server);
1698 bool use_rdma_mr = false;
1699
1700 cifs_dbg(FYI, "%s: mid=%llu offset=%llu bytes=%zu\n",
1701 __func__, mid->mid, rdata->subreq.start, rdata->subreq.len);
1702
1703 /*
1704 * read the rest of READ_RSP header (sans Data array), or whatever we
1705 * can if there's not enough data. At this point, we've read down to
1706 * the Mid.
1707 */
1708 len = min_t(unsigned int, buflen, server->vals->read_rsp_size) -
1709 HEADER_SIZE(server) + 1;
1710
1711 length = cifs_read_from_socket(server,
1712 buf + HEADER_SIZE(server) - 1, len);
1713 if (length < 0)
1714 return length;
1715 server->total_read += length;
1716
1717 if (server->ops->is_session_expired &&
1718 server->ops->is_session_expired(buf)) {
1719 cifs_reconnect(server, true);
1720 return -1;
1721 }
1722
1723 if (server->ops->is_status_pending &&
1724 server->ops->is_status_pending(buf, server)) {
1725 cifs_discard_remaining_data(server);
1726 return -1;
1727 }
1728
1729 /* set up first two iov for signature check and to get credits */
1730 rdata->iov[0].iov_base = buf;
1731 rdata->iov[0].iov_len = HEADER_PREAMBLE_SIZE(server);
1732 rdata->iov[1].iov_base = buf + HEADER_PREAMBLE_SIZE(server);
1733 rdata->iov[1].iov_len =
1734 server->total_read - HEADER_PREAMBLE_SIZE(server);
1735 cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu\n",
1736 rdata->iov[0].iov_base, rdata->iov[0].iov_len);
1737 cifs_dbg(FYI, "1: iov_base=%p iov_len=%zu\n",
1738 rdata->iov[1].iov_base, rdata->iov[1].iov_len);
1739
1740 /* Was the SMB read successful? */
1741 rdata->result = server->ops->map_error(buf, false);
1742 if (rdata->result != 0) {
1743 cifs_dbg(FYI, "%s: server returned error %d\n",
1744 __func__, rdata->result);
1745 /* normal error on read response */
1746 return __cifs_readv_discard(server, mid, false);
1747 }
1748
1749 /* Is there enough to get to the rest of the READ_RSP header? */
1750 if (server->total_read < server->vals->read_rsp_size) {
1751 cifs_dbg(FYI, "%s: server returned short header. got=%u expected=%zu\n",
1752 __func__, server->total_read,
1753 server->vals->read_rsp_size);
1754 rdata->result = -EIO;
1755 return cifs_readv_discard(server, mid);
1756 }
1757
1758 data_offset = server->ops->read_data_offset(buf) +
1759 HEADER_PREAMBLE_SIZE(server);
1760 if (data_offset < server->total_read) {
1761 /*
1762 * win2k8 sometimes sends an offset of 0 when the read
1763 * is beyond the EOF. Treat it as if the data starts just after
1764 * the header.
1765 */
1766 cifs_dbg(FYI, "%s: data offset (%u) inside read response header\n",
1767 __func__, data_offset);
1768 data_offset = server->total_read;
1769 } else if (data_offset > MAX_CIFS_SMALL_BUFFER_SIZE) {
1770 /* data_offset is beyond the end of smallbuf */
1771 cifs_dbg(FYI, "%s: data offset (%u) beyond end of smallbuf\n",
1772 __func__, data_offset);
1773 rdata->result = -EIO;
1774 return cifs_readv_discard(server, mid);
1775 }
1776
1777 cifs_dbg(FYI, "%s: total_read=%u data_offset=%u\n",
1778 __func__, server->total_read, data_offset);
1779
1780 len = data_offset - server->total_read;
1781 if (len > 0) {
1782 /* read any junk before data into the rest of smallbuf */
1783 length = cifs_read_from_socket(server,
1784 buf + server->total_read, len);
1785 if (length < 0)
1786 return length;
1787 server->total_read += length;
1788 }
1789
1790 /* how much data is in the response? */
1791 #ifdef CONFIG_CIFS_SMB_DIRECT
1792 use_rdma_mr = rdata->mr;
1793 #endif
1794 data_len = server->ops->read_data_length(buf, use_rdma_mr);
1795 if (!use_rdma_mr && (data_offset + data_len > buflen)) {
1796 /* data_len is corrupt -- discard frame */
1797 rdata->result = -EIO;
1798 return cifs_readv_discard(server, mid);
1799 }
1800
1801 #ifdef CONFIG_CIFS_SMB_DIRECT
1802 if (rdata->mr)
1803 length = data_len; /* An RDMA read is already done. */
1804 else
1805 #endif
1806 length = cifs_read_iter_from_socket(server, &rdata->subreq.io_iter,
1807 data_len);
1808 if (length > 0)
1809 rdata->got_bytes += length;
1810 server->total_read += length;
1811
1812 cifs_dbg(FYI, "total_read=%u buflen=%u remaining=%u\n",
1813 server->total_read, buflen, data_len);
1814
1815 /* discard anything left over */
1816 if (server->total_read < buflen)
1817 return cifs_readv_discard(server, mid);
1818
1819 dequeue_mid(mid, false);
1820 mid->resp_buf = server->smallbuf;
1821 server->smallbuf = NULL;
1822 return length;
1823 }
Kernel DRM miscellaneous fixes and cross-tree changes