xref: /openbmc/linux/fs/ceph/mds_client.c (revision 781095f903f398148cd0b646d3984234a715f29e)
1 #include <linux/ceph/ceph_debug.h>
2 
3 #include <linux/fs.h>
4 #include <linux/wait.h>
5 #include <linux/slab.h>
6 #include <linux/gfp.h>
7 #include <linux/sched.h>
8 #include <linux/debugfs.h>
9 #include <linux/seq_file.h>
10 #include <linux/utsname.h>
11 #include <linux/ratelimit.h>
12 
13 #include "super.h"
14 #include "mds_client.h"
15 
16 #include <linux/ceph/ceph_features.h>
17 #include <linux/ceph/messenger.h>
18 #include <linux/ceph/decode.h>
19 #include <linux/ceph/pagelist.h>
20 #include <linux/ceph/auth.h>
21 #include <linux/ceph/debugfs.h>
22 
23 /*
24  * A cluster of MDS (metadata server) daemons is responsible for
25  * managing the file system namespace (the directory hierarchy and
26  * inodes) and for coordinating shared access to storage.  Metadata is
27  * partitioning hierarchically across a number of servers, and that
28  * partition varies over time as the cluster adjusts the distribution
29  * in order to balance load.
30  *
31  * The MDS client is primarily responsible to managing synchronous
32  * metadata requests for operations like open, unlink, and so forth.
33  * If there is a MDS failure, we find out about it when we (possibly
34  * request and) receive a new MDS map, and can resubmit affected
35  * requests.
36  *
37  * For the most part, though, we take advantage of a lossless
38  * communications channel to the MDS, and do not need to worry about
39  * timing out or resubmitting requests.
40  *
41  * We maintain a stateful "session" with each MDS we interact with.
42  * Within each session, we sent periodic heartbeat messages to ensure
43  * any capabilities or leases we have been issues remain valid.  If
44  * the session times out and goes stale, our leases and capabilities
45  * are no longer valid.
46  */
47 
48 struct ceph_reconnect_state {
49 	int nr_caps;
50 	struct ceph_pagelist *pagelist;
51 	bool flock;
52 };
53 
54 static void __wake_requests(struct ceph_mds_client *mdsc,
55 			    struct list_head *head);
56 
57 static const struct ceph_connection_operations mds_con_ops;
58 
59 
60 /*
61  * mds reply parsing
62  */
63 
64 /*
65  * parse individual inode info
66  */
67 static int parse_reply_info_in(void **p, void *end,
68 			       struct ceph_mds_reply_info_in *info,
69 			       u64 features)
70 {
71 	int err = -EIO;
72 
73 	info->in = *p;
74 	*p += sizeof(struct ceph_mds_reply_inode) +
75 		sizeof(*info->in->fragtree.splits) *
76 		le32_to_cpu(info->in->fragtree.nsplits);
77 
78 	ceph_decode_32_safe(p, end, info->symlink_len, bad);
79 	ceph_decode_need(p, end, info->symlink_len, bad);
80 	info->symlink = *p;
81 	*p += info->symlink_len;
82 
83 	if (features & CEPH_FEATURE_DIRLAYOUTHASH)
84 		ceph_decode_copy_safe(p, end, &info->dir_layout,
85 				      sizeof(info->dir_layout), bad);
86 	else
87 		memset(&info->dir_layout, 0, sizeof(info->dir_layout));
88 
89 	ceph_decode_32_safe(p, end, info->xattr_len, bad);
90 	ceph_decode_need(p, end, info->xattr_len, bad);
91 	info->xattr_data = *p;
92 	*p += info->xattr_len;
93 
94 	if (features & CEPH_FEATURE_MDS_INLINE_DATA) {
95 		ceph_decode_64_safe(p, end, info->inline_version, bad);
96 		ceph_decode_32_safe(p, end, info->inline_len, bad);
97 		ceph_decode_need(p, end, info->inline_len, bad);
98 		info->inline_data = *p;
99 		*p += info->inline_len;
100 	} else
101 		info->inline_version = CEPH_INLINE_NONE;
102 
103 	return 0;
104 bad:
105 	return err;
106 }
107 
108 /*
109  * parse a normal reply, which may contain a (dir+)dentry and/or a
110  * target inode.
111  */
112 static int parse_reply_info_trace(void **p, void *end,
113 				  struct ceph_mds_reply_info_parsed *info,
114 				  u64 features)
115 {
116 	int err;
117 
118 	if (info->head->is_dentry) {
119 		err = parse_reply_info_in(p, end, &info->diri, features);
120 		if (err < 0)
121 			goto out_bad;
122 
123 		if (unlikely(*p + sizeof(*info->dirfrag) > end))
124 			goto bad;
125 		info->dirfrag = *p;
126 		*p += sizeof(*info->dirfrag) +
127 			sizeof(u32)*le32_to_cpu(info->dirfrag->ndist);
128 		if (unlikely(*p > end))
129 			goto bad;
130 
131 		ceph_decode_32_safe(p, end, info->dname_len, bad);
132 		ceph_decode_need(p, end, info->dname_len, bad);
133 		info->dname = *p;
134 		*p += info->dname_len;
135 		info->dlease = *p;
136 		*p += sizeof(*info->dlease);
137 	}
138 
139 	if (info->head->is_target) {
140 		err = parse_reply_info_in(p, end, &info->targeti, features);
141 		if (err < 0)
142 			goto out_bad;
143 	}
144 
145 	if (unlikely(*p != end))
146 		goto bad;
147 	return 0;
148 
149 bad:
150 	err = -EIO;
151 out_bad:
152 	pr_err("problem parsing mds trace %d\n", err);
153 	return err;
154 }
155 
156 /*
157  * parse readdir results
158  */
159 static int parse_reply_info_dir(void **p, void *end,
160 				struct ceph_mds_reply_info_parsed *info,
161 				u64 features)
162 {
163 	u32 num, i = 0;
164 	int err;
165 
166 	info->dir_dir = *p;
167 	if (*p + sizeof(*info->dir_dir) > end)
168 		goto bad;
169 	*p += sizeof(*info->dir_dir) +
170 		sizeof(u32)*le32_to_cpu(info->dir_dir->ndist);
171 	if (*p > end)
172 		goto bad;
173 
174 	ceph_decode_need(p, end, sizeof(num) + 2, bad);
175 	num = ceph_decode_32(p);
176 	info->dir_end = ceph_decode_8(p);
177 	info->dir_complete = ceph_decode_8(p);
178 	if (num == 0)
179 		goto done;
180 
181 	BUG_ON(!info->dir_in);
182 	info->dir_dname = (void *)(info->dir_in + num);
183 	info->dir_dname_len = (void *)(info->dir_dname + num);
184 	info->dir_dlease = (void *)(info->dir_dname_len + num);
185 	if ((unsigned long)(info->dir_dlease + num) >
186 	    (unsigned long)info->dir_in + info->dir_buf_size) {
187 		pr_err("dir contents are larger than expected\n");
188 		WARN_ON(1);
189 		goto bad;
190 	}
191 
192 	info->dir_nr = num;
193 	while (num) {
194 		/* dentry */
195 		ceph_decode_need(p, end, sizeof(u32)*2, bad);
196 		info->dir_dname_len[i] = ceph_decode_32(p);
197 		ceph_decode_need(p, end, info->dir_dname_len[i], bad);
198 		info->dir_dname[i] = *p;
199 		*p += info->dir_dname_len[i];
200 		dout("parsed dir dname '%.*s'\n", info->dir_dname_len[i],
201 		     info->dir_dname[i]);
202 		info->dir_dlease[i] = *p;
203 		*p += sizeof(struct ceph_mds_reply_lease);
204 
205 		/* inode */
206 		err = parse_reply_info_in(p, end, &info->dir_in[i], features);
207 		if (err < 0)
208 			goto out_bad;
209 		i++;
210 		num--;
211 	}
212 
213 done:
214 	if (*p != end)
215 		goto bad;
216 	return 0;
217 
218 bad:
219 	err = -EIO;
220 out_bad:
221 	pr_err("problem parsing dir contents %d\n", err);
222 	return err;
223 }
224 
225 /*
226  * parse fcntl F_GETLK results
227  */
228 static int parse_reply_info_filelock(void **p, void *end,
229 				     struct ceph_mds_reply_info_parsed *info,
230 				     u64 features)
231 {
232 	if (*p + sizeof(*info->filelock_reply) > end)
233 		goto bad;
234 
235 	info->filelock_reply = *p;
236 	*p += sizeof(*info->filelock_reply);
237 
238 	if (unlikely(*p != end))
239 		goto bad;
240 	return 0;
241 
242 bad:
243 	return -EIO;
244 }
245 
246 /*
247  * parse create results
248  */
249 static int parse_reply_info_create(void **p, void *end,
250 				  struct ceph_mds_reply_info_parsed *info,
251 				  u64 features)
252 {
253 	if (features & CEPH_FEATURE_REPLY_CREATE_INODE) {
254 		if (*p == end) {
255 			info->has_create_ino = false;
256 		} else {
257 			info->has_create_ino = true;
258 			info->ino = ceph_decode_64(p);
259 		}
260 	}
261 
262 	if (unlikely(*p != end))
263 		goto bad;
264 	return 0;
265 
266 bad:
267 	return -EIO;
268 }
269 
270 /*
271  * parse extra results
272  */
273 static int parse_reply_info_extra(void **p, void *end,
274 				  struct ceph_mds_reply_info_parsed *info,
275 				  u64 features)
276 {
277 	if (info->head->op == CEPH_MDS_OP_GETFILELOCK)
278 		return parse_reply_info_filelock(p, end, info, features);
279 	else if (info->head->op == CEPH_MDS_OP_READDIR ||
280 		 info->head->op == CEPH_MDS_OP_LSSNAP)
281 		return parse_reply_info_dir(p, end, info, features);
282 	else if (info->head->op == CEPH_MDS_OP_CREATE)
283 		return parse_reply_info_create(p, end, info, features);
284 	else
285 		return -EIO;
286 }
287 
288 /*
289  * parse entire mds reply
290  */
291 static int parse_reply_info(struct ceph_msg *msg,
292 			    struct ceph_mds_reply_info_parsed *info,
293 			    u64 features)
294 {
295 	void *p, *end;
296 	u32 len;
297 	int err;
298 
299 	info->head = msg->front.iov_base;
300 	p = msg->front.iov_base + sizeof(struct ceph_mds_reply_head);
301 	end = p + msg->front.iov_len - sizeof(struct ceph_mds_reply_head);
302 
303 	/* trace */
304 	ceph_decode_32_safe(&p, end, len, bad);
305 	if (len > 0) {
306 		ceph_decode_need(&p, end, len, bad);
307 		err = parse_reply_info_trace(&p, p+len, info, features);
308 		if (err < 0)
309 			goto out_bad;
310 	}
311 
312 	/* extra */
313 	ceph_decode_32_safe(&p, end, len, bad);
314 	if (len > 0) {
315 		ceph_decode_need(&p, end, len, bad);
316 		err = parse_reply_info_extra(&p, p+len, info, features);
317 		if (err < 0)
318 			goto out_bad;
319 	}
320 
321 	/* snap blob */
322 	ceph_decode_32_safe(&p, end, len, bad);
323 	info->snapblob_len = len;
324 	info->snapblob = p;
325 	p += len;
326 
327 	if (p != end)
328 		goto bad;
329 	return 0;
330 
331 bad:
332 	err = -EIO;
333 out_bad:
334 	pr_err("mds parse_reply err %d\n", err);
335 	return err;
336 }
337 
338 static void destroy_reply_info(struct ceph_mds_reply_info_parsed *info)
339 {
340 	if (!info->dir_in)
341 		return;
342 	free_pages((unsigned long)info->dir_in, get_order(info->dir_buf_size));
343 }
344 
345 
346 /*
347  * sessions
348  */
349 const char *ceph_session_state_name(int s)
350 {
351 	switch (s) {
352 	case CEPH_MDS_SESSION_NEW: return "new";
353 	case CEPH_MDS_SESSION_OPENING: return "opening";
354 	case CEPH_MDS_SESSION_OPEN: return "open";
355 	case CEPH_MDS_SESSION_HUNG: return "hung";
356 	case CEPH_MDS_SESSION_CLOSING: return "closing";
357 	case CEPH_MDS_SESSION_RESTARTING: return "restarting";
358 	case CEPH_MDS_SESSION_RECONNECTING: return "reconnecting";
359 	default: return "???";
360 	}
361 }
362 
363 static struct ceph_mds_session *get_session(struct ceph_mds_session *s)
364 {
365 	if (atomic_inc_not_zero(&s->s_ref)) {
366 		dout("mdsc get_session %p %d -> %d\n", s,
367 		     atomic_read(&s->s_ref)-1, atomic_read(&s->s_ref));
368 		return s;
369 	} else {
370 		dout("mdsc get_session %p 0 -- FAIL", s);
371 		return NULL;
372 	}
373 }
374 
375 void ceph_put_mds_session(struct ceph_mds_session *s)
376 {
377 	dout("mdsc put_session %p %d -> %d\n", s,
378 	     atomic_read(&s->s_ref), atomic_read(&s->s_ref)-1);
379 	if (atomic_dec_and_test(&s->s_ref)) {
380 		if (s->s_auth.authorizer)
381 			ceph_auth_destroy_authorizer(
382 				s->s_mdsc->fsc->client->monc.auth,
383 				s->s_auth.authorizer);
384 		kfree(s);
385 	}
386 }
387 
388 /*
389  * called under mdsc->mutex
390  */
391 struct ceph_mds_session *__ceph_lookup_mds_session(struct ceph_mds_client *mdsc,
392 						   int mds)
393 {
394 	struct ceph_mds_session *session;
395 
396 	if (mds >= mdsc->max_sessions || mdsc->sessions[mds] == NULL)
397 		return NULL;
398 	session = mdsc->sessions[mds];
399 	dout("lookup_mds_session %p %d\n", session,
400 	     atomic_read(&session->s_ref));
401 	get_session(session);
402 	return session;
403 }
404 
405 static bool __have_session(struct ceph_mds_client *mdsc, int mds)
406 {
407 	if (mds >= mdsc->max_sessions)
408 		return false;
409 	return mdsc->sessions[mds];
410 }
411 
412 static int __verify_registered_session(struct ceph_mds_client *mdsc,
413 				       struct ceph_mds_session *s)
414 {
415 	if (s->s_mds >= mdsc->max_sessions ||
416 	    mdsc->sessions[s->s_mds] != s)
417 		return -ENOENT;
418 	return 0;
419 }
420 
421 /*
422  * create+register a new session for given mds.
423  * called under mdsc->mutex.
424  */
425 static struct ceph_mds_session *register_session(struct ceph_mds_client *mdsc,
426 						 int mds)
427 {
428 	struct ceph_mds_session *s;
429 
430 	if (mds >= mdsc->mdsmap->m_max_mds)
431 		return ERR_PTR(-EINVAL);
432 
433 	s = kzalloc(sizeof(*s), GFP_NOFS);
434 	if (!s)
435 		return ERR_PTR(-ENOMEM);
436 	s->s_mdsc = mdsc;
437 	s->s_mds = mds;
438 	s->s_state = CEPH_MDS_SESSION_NEW;
439 	s->s_ttl = 0;
440 	s->s_seq = 0;
441 	mutex_init(&s->s_mutex);
442 
443 	ceph_con_init(&s->s_con, s, &mds_con_ops, &mdsc->fsc->client->msgr);
444 
445 	spin_lock_init(&s->s_gen_ttl_lock);
446 	s->s_cap_gen = 0;
447 	s->s_cap_ttl = jiffies - 1;
448 
449 	spin_lock_init(&s->s_cap_lock);
450 	s->s_renew_requested = 0;
451 	s->s_renew_seq = 0;
452 	INIT_LIST_HEAD(&s->s_caps);
453 	s->s_nr_caps = 0;
454 	s->s_trim_caps = 0;
455 	atomic_set(&s->s_ref, 1);
456 	INIT_LIST_HEAD(&s->s_waiting);
457 	INIT_LIST_HEAD(&s->s_unsafe);
458 	s->s_num_cap_releases = 0;
459 	s->s_cap_reconnect = 0;
460 	s->s_cap_iterator = NULL;
461 	INIT_LIST_HEAD(&s->s_cap_releases);
462 	INIT_LIST_HEAD(&s->s_cap_flushing);
463 	INIT_LIST_HEAD(&s->s_cap_snaps_flushing);
464 
465 	dout("register_session mds%d\n", mds);
466 	if (mds >= mdsc->max_sessions) {
467 		int newmax = 1 << get_count_order(mds+1);
468 		struct ceph_mds_session **sa;
469 
470 		dout("register_session realloc to %d\n", newmax);
471 		sa = kcalloc(newmax, sizeof(void *), GFP_NOFS);
472 		if (sa == NULL)
473 			goto fail_realloc;
474 		if (mdsc->sessions) {
475 			memcpy(sa, mdsc->sessions,
476 			       mdsc->max_sessions * sizeof(void *));
477 			kfree(mdsc->sessions);
478 		}
479 		mdsc->sessions = sa;
480 		mdsc->max_sessions = newmax;
481 	}
482 	mdsc->sessions[mds] = s;
483 	atomic_inc(&mdsc->num_sessions);
484 	atomic_inc(&s->s_ref);  /* one ref to sessions[], one to caller */
485 
486 	ceph_con_open(&s->s_con, CEPH_ENTITY_TYPE_MDS, mds,
487 		      ceph_mdsmap_get_addr(mdsc->mdsmap, mds));
488 
489 	return s;
490 
491 fail_realloc:
492 	kfree(s);
493 	return ERR_PTR(-ENOMEM);
494 }
495 
496 /*
497  * called under mdsc->mutex
498  */
499 static void __unregister_session(struct ceph_mds_client *mdsc,
500 			       struct ceph_mds_session *s)
501 {
502 	dout("__unregister_session mds%d %p\n", s->s_mds, s);
503 	BUG_ON(mdsc->sessions[s->s_mds] != s);
504 	mdsc->sessions[s->s_mds] = NULL;
505 	ceph_con_close(&s->s_con);
506 	ceph_put_mds_session(s);
507 	atomic_dec(&mdsc->num_sessions);
508 }
509 
510 /*
511  * drop session refs in request.
512  *
513  * should be last request ref, or hold mdsc->mutex
514  */
515 static void put_request_session(struct ceph_mds_request *req)
516 {
517 	if (req->r_session) {
518 		ceph_put_mds_session(req->r_session);
519 		req->r_session = NULL;
520 	}
521 }
522 
523 void ceph_mdsc_release_request(struct kref *kref)
524 {
525 	struct ceph_mds_request *req = container_of(kref,
526 						    struct ceph_mds_request,
527 						    r_kref);
528 	destroy_reply_info(&req->r_reply_info);
529 	if (req->r_request)
530 		ceph_msg_put(req->r_request);
531 	if (req->r_reply)
532 		ceph_msg_put(req->r_reply);
533 	if (req->r_inode) {
534 		ceph_put_cap_refs(ceph_inode(req->r_inode), CEPH_CAP_PIN);
535 		iput(req->r_inode);
536 	}
537 	if (req->r_locked_dir)
538 		ceph_put_cap_refs(ceph_inode(req->r_locked_dir), CEPH_CAP_PIN);
539 	iput(req->r_target_inode);
540 	if (req->r_dentry)
541 		dput(req->r_dentry);
542 	if (req->r_old_dentry)
543 		dput(req->r_old_dentry);
544 	if (req->r_old_dentry_dir) {
545 		/*
546 		 * track (and drop pins for) r_old_dentry_dir
547 		 * separately, since r_old_dentry's d_parent may have
548 		 * changed between the dir mutex being dropped and
549 		 * this request being freed.
550 		 */
551 		ceph_put_cap_refs(ceph_inode(req->r_old_dentry_dir),
552 				  CEPH_CAP_PIN);
553 		iput(req->r_old_dentry_dir);
554 	}
555 	kfree(req->r_path1);
556 	kfree(req->r_path2);
557 	if (req->r_pagelist)
558 		ceph_pagelist_release(req->r_pagelist);
559 	put_request_session(req);
560 	ceph_unreserve_caps(req->r_mdsc, &req->r_caps_reservation);
561 	kfree(req);
562 }
563 
564 /*
565  * lookup session, bump ref if found.
566  *
567  * called under mdsc->mutex.
568  */
569 static struct ceph_mds_request *__lookup_request(struct ceph_mds_client *mdsc,
570 					     u64 tid)
571 {
572 	struct ceph_mds_request *req;
573 	struct rb_node *n = mdsc->request_tree.rb_node;
574 
575 	while (n) {
576 		req = rb_entry(n, struct ceph_mds_request, r_node);
577 		if (tid < req->r_tid)
578 			n = n->rb_left;
579 		else if (tid > req->r_tid)
580 			n = n->rb_right;
581 		else {
582 			ceph_mdsc_get_request(req);
583 			return req;
584 		}
585 	}
586 	return NULL;
587 }
588 
589 static void __insert_request(struct ceph_mds_client *mdsc,
590 			     struct ceph_mds_request *new)
591 {
592 	struct rb_node **p = &mdsc->request_tree.rb_node;
593 	struct rb_node *parent = NULL;
594 	struct ceph_mds_request *req = NULL;
595 
596 	while (*p) {
597 		parent = *p;
598 		req = rb_entry(parent, struct ceph_mds_request, r_node);
599 		if (new->r_tid < req->r_tid)
600 			p = &(*p)->rb_left;
601 		else if (new->r_tid > req->r_tid)
602 			p = &(*p)->rb_right;
603 		else
604 			BUG();
605 	}
606 
607 	rb_link_node(&new->r_node, parent, p);
608 	rb_insert_color(&new->r_node, &mdsc->request_tree);
609 }
610 
611 /*
612  * Register an in-flight request, and assign a tid.  Link to directory
613  * are modifying (if any).
614  *
615  * Called under mdsc->mutex.
616  */
617 static void __register_request(struct ceph_mds_client *mdsc,
618 			       struct ceph_mds_request *req,
619 			       struct inode *dir)
620 {
621 	req->r_tid = ++mdsc->last_tid;
622 	if (req->r_num_caps)
623 		ceph_reserve_caps(mdsc, &req->r_caps_reservation,
624 				  req->r_num_caps);
625 	dout("__register_request %p tid %lld\n", req, req->r_tid);
626 	ceph_mdsc_get_request(req);
627 	__insert_request(mdsc, req);
628 
629 	req->r_uid = current_fsuid();
630 	req->r_gid = current_fsgid();
631 
632 	if (mdsc->oldest_tid == 0 && req->r_op != CEPH_MDS_OP_SETFILELOCK)
633 		mdsc->oldest_tid = req->r_tid;
634 
635 	if (dir) {
636 		ihold(dir);
637 		req->r_unsafe_dir = dir;
638 	}
639 }
640 
641 static void __unregister_request(struct ceph_mds_client *mdsc,
642 				 struct ceph_mds_request *req)
643 {
644 	dout("__unregister_request %p tid %lld\n", req, req->r_tid);
645 
646 	if (req->r_tid == mdsc->oldest_tid) {
647 		struct rb_node *p = rb_next(&req->r_node);
648 		mdsc->oldest_tid = 0;
649 		while (p) {
650 			struct ceph_mds_request *next_req =
651 				rb_entry(p, struct ceph_mds_request, r_node);
652 			if (next_req->r_op != CEPH_MDS_OP_SETFILELOCK) {
653 				mdsc->oldest_tid = next_req->r_tid;
654 				break;
655 			}
656 			p = rb_next(p);
657 		}
658 	}
659 
660 	rb_erase(&req->r_node, &mdsc->request_tree);
661 	RB_CLEAR_NODE(&req->r_node);
662 
663 	if (req->r_unsafe_dir && req->r_got_unsafe) {
664 		struct ceph_inode_info *ci = ceph_inode(req->r_unsafe_dir);
665 		spin_lock(&ci->i_unsafe_lock);
666 		list_del_init(&req->r_unsafe_dir_item);
667 		spin_unlock(&ci->i_unsafe_lock);
668 	}
669 	if (req->r_target_inode && req->r_got_unsafe) {
670 		struct ceph_inode_info *ci = ceph_inode(req->r_target_inode);
671 		spin_lock(&ci->i_unsafe_lock);
672 		list_del_init(&req->r_unsafe_target_item);
673 		spin_unlock(&ci->i_unsafe_lock);
674 	}
675 
676 	if (req->r_unsafe_dir) {
677 		iput(req->r_unsafe_dir);
678 		req->r_unsafe_dir = NULL;
679 	}
680 
681 	complete_all(&req->r_safe_completion);
682 
683 	ceph_mdsc_put_request(req);
684 }
685 
686 /*
687  * Choose mds to send request to next.  If there is a hint set in the
688  * request (e.g., due to a prior forward hint from the mds), use that.
689  * Otherwise, consult frag tree and/or caps to identify the
690  * appropriate mds.  If all else fails, choose randomly.
691  *
692  * Called under mdsc->mutex.
693  */
694 static struct dentry *get_nonsnap_parent(struct dentry *dentry)
695 {
696 	/*
697 	 * we don't need to worry about protecting the d_parent access
698 	 * here because we never renaming inside the snapped namespace
699 	 * except to resplice to another snapdir, and either the old or new
700 	 * result is a valid result.
701 	 */
702 	while (!IS_ROOT(dentry) && ceph_snap(d_inode(dentry)) != CEPH_NOSNAP)
703 		dentry = dentry->d_parent;
704 	return dentry;
705 }
706 
707 static int __choose_mds(struct ceph_mds_client *mdsc,
708 			struct ceph_mds_request *req)
709 {
710 	struct inode *inode;
711 	struct ceph_inode_info *ci;
712 	struct ceph_cap *cap;
713 	int mode = req->r_direct_mode;
714 	int mds = -1;
715 	u32 hash = req->r_direct_hash;
716 	bool is_hash = req->r_direct_is_hash;
717 
718 	/*
719 	 * is there a specific mds we should try?  ignore hint if we have
720 	 * no session and the mds is not up (active or recovering).
721 	 */
722 	if (req->r_resend_mds >= 0 &&
723 	    (__have_session(mdsc, req->r_resend_mds) ||
724 	     ceph_mdsmap_get_state(mdsc->mdsmap, req->r_resend_mds) > 0)) {
725 		dout("choose_mds using resend_mds mds%d\n",
726 		     req->r_resend_mds);
727 		return req->r_resend_mds;
728 	}
729 
730 	if (mode == USE_RANDOM_MDS)
731 		goto random;
732 
733 	inode = NULL;
734 	if (req->r_inode) {
735 		inode = req->r_inode;
736 	} else if (req->r_dentry) {
737 		/* ignore race with rename; old or new d_parent is okay */
738 		struct dentry *parent = req->r_dentry->d_parent;
739 		struct inode *dir = d_inode(parent);
740 
741 		if (dir->i_sb != mdsc->fsc->sb) {
742 			/* not this fs! */
743 			inode = d_inode(req->r_dentry);
744 		} else if (ceph_snap(dir) != CEPH_NOSNAP) {
745 			/* direct snapped/virtual snapdir requests
746 			 * based on parent dir inode */
747 			struct dentry *dn = get_nonsnap_parent(parent);
748 			inode = d_inode(dn);
749 			dout("__choose_mds using nonsnap parent %p\n", inode);
750 		} else {
751 			/* dentry target */
752 			inode = d_inode(req->r_dentry);
753 			if (!inode || mode == USE_AUTH_MDS) {
754 				/* dir + name */
755 				inode = dir;
756 				hash = ceph_dentry_hash(dir, req->r_dentry);
757 				is_hash = true;
758 			}
759 		}
760 	}
761 
762 	dout("__choose_mds %p is_hash=%d (%d) mode %d\n", inode, (int)is_hash,
763 	     (int)hash, mode);
764 	if (!inode)
765 		goto random;
766 	ci = ceph_inode(inode);
767 
768 	if (is_hash && S_ISDIR(inode->i_mode)) {
769 		struct ceph_inode_frag frag;
770 		int found;
771 
772 		ceph_choose_frag(ci, hash, &frag, &found);
773 		if (found) {
774 			if (mode == USE_ANY_MDS && frag.ndist > 0) {
775 				u8 r;
776 
777 				/* choose a random replica */
778 				get_random_bytes(&r, 1);
779 				r %= frag.ndist;
780 				mds = frag.dist[r];
781 				dout("choose_mds %p %llx.%llx "
782 				     "frag %u mds%d (%d/%d)\n",
783 				     inode, ceph_vinop(inode),
784 				     frag.frag, mds,
785 				     (int)r, frag.ndist);
786 				if (ceph_mdsmap_get_state(mdsc->mdsmap, mds) >=
787 				    CEPH_MDS_STATE_ACTIVE)
788 					return mds;
789 			}
790 
791 			/* since this file/dir wasn't known to be
792 			 * replicated, then we want to look for the
793 			 * authoritative mds. */
794 			mode = USE_AUTH_MDS;
795 			if (frag.mds >= 0) {
796 				/* choose auth mds */
797 				mds = frag.mds;
798 				dout("choose_mds %p %llx.%llx "
799 				     "frag %u mds%d (auth)\n",
800 				     inode, ceph_vinop(inode), frag.frag, mds);
801 				if (ceph_mdsmap_get_state(mdsc->mdsmap, mds) >=
802 				    CEPH_MDS_STATE_ACTIVE)
803 					return mds;
804 			}
805 		}
806 	}
807 
808 	spin_lock(&ci->i_ceph_lock);
809 	cap = NULL;
810 	if (mode == USE_AUTH_MDS)
811 		cap = ci->i_auth_cap;
812 	if (!cap && !RB_EMPTY_ROOT(&ci->i_caps))
813 		cap = rb_entry(rb_first(&ci->i_caps), struct ceph_cap, ci_node);
814 	if (!cap) {
815 		spin_unlock(&ci->i_ceph_lock);
816 		goto random;
817 	}
818 	mds = cap->session->s_mds;
819 	dout("choose_mds %p %llx.%llx mds%d (%scap %p)\n",
820 	     inode, ceph_vinop(inode), mds,
821 	     cap == ci->i_auth_cap ? "auth " : "", cap);
822 	spin_unlock(&ci->i_ceph_lock);
823 	return mds;
824 
825 random:
826 	mds = ceph_mdsmap_get_random_mds(mdsc->mdsmap);
827 	dout("choose_mds chose random mds%d\n", mds);
828 	return mds;
829 }
830 
831 
832 /*
833  * session messages
834  */
835 static struct ceph_msg *create_session_msg(u32 op, u64 seq)
836 {
837 	struct ceph_msg *msg;
838 	struct ceph_mds_session_head *h;
839 
840 	msg = ceph_msg_new(CEPH_MSG_CLIENT_SESSION, sizeof(*h), GFP_NOFS,
841 			   false);
842 	if (!msg) {
843 		pr_err("create_session_msg ENOMEM creating msg\n");
844 		return NULL;
845 	}
846 	h = msg->front.iov_base;
847 	h->op = cpu_to_le32(op);
848 	h->seq = cpu_to_le64(seq);
849 
850 	return msg;
851 }
852 
853 /*
854  * session message, specialization for CEPH_SESSION_REQUEST_OPEN
855  * to include additional client metadata fields.
856  */
857 static struct ceph_msg *create_session_open_msg(struct ceph_mds_client *mdsc, u64 seq)
858 {
859 	struct ceph_msg *msg;
860 	struct ceph_mds_session_head *h;
861 	int i = -1;
862 	int metadata_bytes = 0;
863 	int metadata_key_count = 0;
864 	struct ceph_options *opt = mdsc->fsc->client->options;
865 	void *p;
866 
867 	const char* metadata[][2] = {
868 		{"hostname", utsname()->nodename},
869 		{"kernel_version", utsname()->release},
870 		{"entity_id", opt->name ? opt->name : ""},
871 		{NULL, NULL}
872 	};
873 
874 	/* Calculate serialized length of metadata */
875 	metadata_bytes = 4;  /* map length */
876 	for (i = 0; metadata[i][0] != NULL; ++i) {
877 		metadata_bytes += 8 + strlen(metadata[i][0]) +
878 			strlen(metadata[i][1]);
879 		metadata_key_count++;
880 	}
881 
882 	/* Allocate the message */
883 	msg = ceph_msg_new(CEPH_MSG_CLIENT_SESSION, sizeof(*h) + metadata_bytes,
884 			   GFP_NOFS, false);
885 	if (!msg) {
886 		pr_err("create_session_msg ENOMEM creating msg\n");
887 		return NULL;
888 	}
889 	h = msg->front.iov_base;
890 	h->op = cpu_to_le32(CEPH_SESSION_REQUEST_OPEN);
891 	h->seq = cpu_to_le64(seq);
892 
893 	/*
894 	 * Serialize client metadata into waiting buffer space, using
895 	 * the format that userspace expects for map<string, string>
896 	 *
897 	 * ClientSession messages with metadata are v2
898 	 */
899 	msg->hdr.version = cpu_to_le16(2);
900 	msg->hdr.compat_version = cpu_to_le16(1);
901 
902 	/* The write pointer, following the session_head structure */
903 	p = msg->front.iov_base + sizeof(*h);
904 
905 	/* Number of entries in the map */
906 	ceph_encode_32(&p, metadata_key_count);
907 
908 	/* Two length-prefixed strings for each entry in the map */
909 	for (i = 0; metadata[i][0] != NULL; ++i) {
910 		size_t const key_len = strlen(metadata[i][0]);
911 		size_t const val_len = strlen(metadata[i][1]);
912 
913 		ceph_encode_32(&p, key_len);
914 		memcpy(p, metadata[i][0], key_len);
915 		p += key_len;
916 		ceph_encode_32(&p, val_len);
917 		memcpy(p, metadata[i][1], val_len);
918 		p += val_len;
919 	}
920 
921 	return msg;
922 }
923 
924 /*
925  * send session open request.
926  *
927  * called under mdsc->mutex
928  */
929 static int __open_session(struct ceph_mds_client *mdsc,
930 			  struct ceph_mds_session *session)
931 {
932 	struct ceph_msg *msg;
933 	int mstate;
934 	int mds = session->s_mds;
935 
936 	/* wait for mds to go active? */
937 	mstate = ceph_mdsmap_get_state(mdsc->mdsmap, mds);
938 	dout("open_session to mds%d (%s)\n", mds,
939 	     ceph_mds_state_name(mstate));
940 	session->s_state = CEPH_MDS_SESSION_OPENING;
941 	session->s_renew_requested = jiffies;
942 
943 	/* send connect message */
944 	msg = create_session_open_msg(mdsc, session->s_seq);
945 	if (!msg)
946 		return -ENOMEM;
947 	ceph_con_send(&session->s_con, msg);
948 	return 0;
949 }
950 
951 /*
952  * open sessions for any export targets for the given mds
953  *
954  * called under mdsc->mutex
955  */
956 static struct ceph_mds_session *
957 __open_export_target_session(struct ceph_mds_client *mdsc, int target)
958 {
959 	struct ceph_mds_session *session;
960 
961 	session = __ceph_lookup_mds_session(mdsc, target);
962 	if (!session) {
963 		session = register_session(mdsc, target);
964 		if (IS_ERR(session))
965 			return session;
966 	}
967 	if (session->s_state == CEPH_MDS_SESSION_NEW ||
968 	    session->s_state == CEPH_MDS_SESSION_CLOSING)
969 		__open_session(mdsc, session);
970 
971 	return session;
972 }
973 
974 struct ceph_mds_session *
975 ceph_mdsc_open_export_target_session(struct ceph_mds_client *mdsc, int target)
976 {
977 	struct ceph_mds_session *session;
978 
979 	dout("open_export_target_session to mds%d\n", target);
980 
981 	mutex_lock(&mdsc->mutex);
982 	session = __open_export_target_session(mdsc, target);
983 	mutex_unlock(&mdsc->mutex);
984 
985 	return session;
986 }
987 
988 static void __open_export_target_sessions(struct ceph_mds_client *mdsc,
989 					  struct ceph_mds_session *session)
990 {
991 	struct ceph_mds_info *mi;
992 	struct ceph_mds_session *ts;
993 	int i, mds = session->s_mds;
994 
995 	if (mds >= mdsc->mdsmap->m_max_mds)
996 		return;
997 
998 	mi = &mdsc->mdsmap->m_info[mds];
999 	dout("open_export_target_sessions for mds%d (%d targets)\n",
1000 	     session->s_mds, mi->num_export_targets);
1001 
1002 	for (i = 0; i < mi->num_export_targets; i++) {
1003 		ts = __open_export_target_session(mdsc, mi->export_targets[i]);
1004 		if (!IS_ERR(ts))
1005 			ceph_put_mds_session(ts);
1006 	}
1007 }
1008 
1009 void ceph_mdsc_open_export_target_sessions(struct ceph_mds_client *mdsc,
1010 					   struct ceph_mds_session *session)
1011 {
1012 	mutex_lock(&mdsc->mutex);
1013 	__open_export_target_sessions(mdsc, session);
1014 	mutex_unlock(&mdsc->mutex);
1015 }
1016 
1017 /*
1018  * session caps
1019  */
1020 
1021 /* caller holds s_cap_lock, we drop it */
1022 static void cleanup_cap_releases(struct ceph_mds_client *mdsc,
1023 				 struct ceph_mds_session *session)
1024 	__releases(session->s_cap_lock)
1025 {
1026 	LIST_HEAD(tmp_list);
1027 	list_splice_init(&session->s_cap_releases, &tmp_list);
1028 	session->s_num_cap_releases = 0;
1029 	spin_unlock(&session->s_cap_lock);
1030 
1031 	dout("cleanup_cap_releases mds%d\n", session->s_mds);
1032 	while (!list_empty(&tmp_list)) {
1033 		struct ceph_cap *cap;
1034 		/* zero out the in-progress message */
1035 		cap = list_first_entry(&tmp_list,
1036 					struct ceph_cap, session_caps);
1037 		list_del(&cap->session_caps);
1038 		ceph_put_cap(mdsc, cap);
1039 	}
1040 }
1041 
1042 static void cleanup_session_requests(struct ceph_mds_client *mdsc,
1043 				     struct ceph_mds_session *session)
1044 {
1045 	struct ceph_mds_request *req;
1046 	struct rb_node *p;
1047 
1048 	dout("cleanup_session_requests mds%d\n", session->s_mds);
1049 	mutex_lock(&mdsc->mutex);
1050 	while (!list_empty(&session->s_unsafe)) {
1051 		req = list_first_entry(&session->s_unsafe,
1052 				       struct ceph_mds_request, r_unsafe_item);
1053 		list_del_init(&req->r_unsafe_item);
1054 		pr_warn_ratelimited(" dropping unsafe request %llu\n",
1055 				    req->r_tid);
1056 		__unregister_request(mdsc, req);
1057 	}
1058 	/* zero r_attempts, so kick_requests() will re-send requests */
1059 	p = rb_first(&mdsc->request_tree);
1060 	while (p) {
1061 		req = rb_entry(p, struct ceph_mds_request, r_node);
1062 		p = rb_next(p);
1063 		if (req->r_session &&
1064 		    req->r_session->s_mds == session->s_mds)
1065 			req->r_attempts = 0;
1066 	}
1067 	mutex_unlock(&mdsc->mutex);
1068 }
1069 
1070 /*
1071  * Helper to safely iterate over all caps associated with a session, with
1072  * special care taken to handle a racing __ceph_remove_cap().
1073  *
1074  * Caller must hold session s_mutex.
1075  */
1076 static int iterate_session_caps(struct ceph_mds_session *session,
1077 				 int (*cb)(struct inode *, struct ceph_cap *,
1078 					    void *), void *arg)
1079 {
1080 	struct list_head *p;
1081 	struct ceph_cap *cap;
1082 	struct inode *inode, *last_inode = NULL;
1083 	struct ceph_cap *old_cap = NULL;
1084 	int ret;
1085 
1086 	dout("iterate_session_caps %p mds%d\n", session, session->s_mds);
1087 	spin_lock(&session->s_cap_lock);
1088 	p = session->s_caps.next;
1089 	while (p != &session->s_caps) {
1090 		cap = list_entry(p, struct ceph_cap, session_caps);
1091 		inode = igrab(&cap->ci->vfs_inode);
1092 		if (!inode) {
1093 			p = p->next;
1094 			continue;
1095 		}
1096 		session->s_cap_iterator = cap;
1097 		spin_unlock(&session->s_cap_lock);
1098 
1099 		if (last_inode) {
1100 			iput(last_inode);
1101 			last_inode = NULL;
1102 		}
1103 		if (old_cap) {
1104 			ceph_put_cap(session->s_mdsc, old_cap);
1105 			old_cap = NULL;
1106 		}
1107 
1108 		ret = cb(inode, cap, arg);
1109 		last_inode = inode;
1110 
1111 		spin_lock(&session->s_cap_lock);
1112 		p = p->next;
1113 		if (cap->ci == NULL) {
1114 			dout("iterate_session_caps  finishing cap %p removal\n",
1115 			     cap);
1116 			BUG_ON(cap->session != session);
1117 			cap->session = NULL;
1118 			list_del_init(&cap->session_caps);
1119 			session->s_nr_caps--;
1120 			if (cap->queue_release) {
1121 				list_add_tail(&cap->session_caps,
1122 					      &session->s_cap_releases);
1123 				session->s_num_cap_releases++;
1124 			} else {
1125 				old_cap = cap;  /* put_cap it w/o locks held */
1126 			}
1127 		}
1128 		if (ret < 0)
1129 			goto out;
1130 	}
1131 	ret = 0;
1132 out:
1133 	session->s_cap_iterator = NULL;
1134 	spin_unlock(&session->s_cap_lock);
1135 
1136 	iput(last_inode);
1137 	if (old_cap)
1138 		ceph_put_cap(session->s_mdsc, old_cap);
1139 
1140 	return ret;
1141 }
1142 
1143 static int remove_session_caps_cb(struct inode *inode, struct ceph_cap *cap,
1144 				  void *arg)
1145 {
1146 	struct ceph_inode_info *ci = ceph_inode(inode);
1147 	LIST_HEAD(to_remove);
1148 	int drop = 0;
1149 
1150 	dout("removing cap %p, ci is %p, inode is %p\n",
1151 	     cap, ci, &ci->vfs_inode);
1152 	spin_lock(&ci->i_ceph_lock);
1153 	__ceph_remove_cap(cap, false);
1154 	if (!ci->i_auth_cap) {
1155 		struct ceph_cap_flush *cf;
1156 		struct ceph_mds_client *mdsc =
1157 			ceph_sb_to_client(inode->i_sb)->mdsc;
1158 
1159 		while (true) {
1160 			struct rb_node *n = rb_first(&ci->i_cap_flush_tree);
1161 			if (!n)
1162 				break;
1163 			cf = rb_entry(n, struct ceph_cap_flush, i_node);
1164 			rb_erase(&cf->i_node, &ci->i_cap_flush_tree);
1165 			list_add(&cf->list, &to_remove);
1166 		}
1167 
1168 		spin_lock(&mdsc->cap_dirty_lock);
1169 
1170 		list_for_each_entry(cf, &to_remove, list)
1171 			rb_erase(&cf->g_node, &mdsc->cap_flush_tree);
1172 
1173 		if (!list_empty(&ci->i_dirty_item)) {
1174 			pr_warn_ratelimited(
1175 				" dropping dirty %s state for %p %lld\n",
1176 				ceph_cap_string(ci->i_dirty_caps),
1177 				inode, ceph_ino(inode));
1178 			ci->i_dirty_caps = 0;
1179 			list_del_init(&ci->i_dirty_item);
1180 			drop = 1;
1181 		}
1182 		if (!list_empty(&ci->i_flushing_item)) {
1183 			pr_warn_ratelimited(
1184 				" dropping dirty+flushing %s state for %p %lld\n",
1185 				ceph_cap_string(ci->i_flushing_caps),
1186 				inode, ceph_ino(inode));
1187 			ci->i_flushing_caps = 0;
1188 			list_del_init(&ci->i_flushing_item);
1189 			mdsc->num_cap_flushing--;
1190 			drop = 1;
1191 		}
1192 		spin_unlock(&mdsc->cap_dirty_lock);
1193 
1194 		if (!ci->i_dirty_caps && ci->i_prealloc_cap_flush) {
1195 			list_add(&ci->i_prealloc_cap_flush->list, &to_remove);
1196 			ci->i_prealloc_cap_flush = NULL;
1197 		}
1198 	}
1199 	spin_unlock(&ci->i_ceph_lock);
1200 	while (!list_empty(&to_remove)) {
1201 		struct ceph_cap_flush *cf;
1202 		cf = list_first_entry(&to_remove,
1203 				      struct ceph_cap_flush, list);
1204 		list_del(&cf->list);
1205 		ceph_free_cap_flush(cf);
1206 	}
1207 	while (drop--)
1208 		iput(inode);
1209 	return 0;
1210 }
1211 
1212 /*
1213  * caller must hold session s_mutex
1214  */
1215 static void remove_session_caps(struct ceph_mds_session *session)
1216 {
1217 	dout("remove_session_caps on %p\n", session);
1218 	iterate_session_caps(session, remove_session_caps_cb, NULL);
1219 
1220 	spin_lock(&session->s_cap_lock);
1221 	if (session->s_nr_caps > 0) {
1222 		struct super_block *sb = session->s_mdsc->fsc->sb;
1223 		struct inode *inode;
1224 		struct ceph_cap *cap, *prev = NULL;
1225 		struct ceph_vino vino;
1226 		/*
1227 		 * iterate_session_caps() skips inodes that are being
1228 		 * deleted, we need to wait until deletions are complete.
1229 		 * __wait_on_freeing_inode() is designed for the job,
1230 		 * but it is not exported, so use lookup inode function
1231 		 * to access it.
1232 		 */
1233 		while (!list_empty(&session->s_caps)) {
1234 			cap = list_entry(session->s_caps.next,
1235 					 struct ceph_cap, session_caps);
1236 			if (cap == prev)
1237 				break;
1238 			prev = cap;
1239 			vino = cap->ci->i_vino;
1240 			spin_unlock(&session->s_cap_lock);
1241 
1242 			inode = ceph_find_inode(sb, vino);
1243 			iput(inode);
1244 
1245 			spin_lock(&session->s_cap_lock);
1246 		}
1247 	}
1248 
1249 	// drop cap expires and unlock s_cap_lock
1250 	cleanup_cap_releases(session->s_mdsc, session);
1251 
1252 	BUG_ON(session->s_nr_caps > 0);
1253 	BUG_ON(!list_empty(&session->s_cap_flushing));
1254 }
1255 
1256 /*
1257  * wake up any threads waiting on this session's caps.  if the cap is
1258  * old (didn't get renewed on the client reconnect), remove it now.
1259  *
1260  * caller must hold s_mutex.
1261  */
1262 static int wake_up_session_cb(struct inode *inode, struct ceph_cap *cap,
1263 			      void *arg)
1264 {
1265 	struct ceph_inode_info *ci = ceph_inode(inode);
1266 
1267 	wake_up_all(&ci->i_cap_wq);
1268 	if (arg) {
1269 		spin_lock(&ci->i_ceph_lock);
1270 		ci->i_wanted_max_size = 0;
1271 		ci->i_requested_max_size = 0;
1272 		spin_unlock(&ci->i_ceph_lock);
1273 	}
1274 	return 0;
1275 }
1276 
1277 static void wake_up_session_caps(struct ceph_mds_session *session,
1278 				 int reconnect)
1279 {
1280 	dout("wake_up_session_caps %p mds%d\n", session, session->s_mds);
1281 	iterate_session_caps(session, wake_up_session_cb,
1282 			     (void *)(unsigned long)reconnect);
1283 }
1284 
1285 /*
1286  * Send periodic message to MDS renewing all currently held caps.  The
1287  * ack will reset the expiration for all caps from this session.
1288  *
1289  * caller holds s_mutex
1290  */
1291 static int send_renew_caps(struct ceph_mds_client *mdsc,
1292 			   struct ceph_mds_session *session)
1293 {
1294 	struct ceph_msg *msg;
1295 	int state;
1296 
1297 	if (time_after_eq(jiffies, session->s_cap_ttl) &&
1298 	    time_after_eq(session->s_cap_ttl, session->s_renew_requested))
1299 		pr_info("mds%d caps stale\n", session->s_mds);
1300 	session->s_renew_requested = jiffies;
1301 
1302 	/* do not try to renew caps until a recovering mds has reconnected
1303 	 * with its clients. */
1304 	state = ceph_mdsmap_get_state(mdsc->mdsmap, session->s_mds);
1305 	if (state < CEPH_MDS_STATE_RECONNECT) {
1306 		dout("send_renew_caps ignoring mds%d (%s)\n",
1307 		     session->s_mds, ceph_mds_state_name(state));
1308 		return 0;
1309 	}
1310 
1311 	dout("send_renew_caps to mds%d (%s)\n", session->s_mds,
1312 		ceph_mds_state_name(state));
1313 	msg = create_session_msg(CEPH_SESSION_REQUEST_RENEWCAPS,
1314 				 ++session->s_renew_seq);
1315 	if (!msg)
1316 		return -ENOMEM;
1317 	ceph_con_send(&session->s_con, msg);
1318 	return 0;
1319 }
1320 
1321 static int send_flushmsg_ack(struct ceph_mds_client *mdsc,
1322 			     struct ceph_mds_session *session, u64 seq)
1323 {
1324 	struct ceph_msg *msg;
1325 
1326 	dout("send_flushmsg_ack to mds%d (%s)s seq %lld\n",
1327 	     session->s_mds, ceph_session_state_name(session->s_state), seq);
1328 	msg = create_session_msg(CEPH_SESSION_FLUSHMSG_ACK, seq);
1329 	if (!msg)
1330 		return -ENOMEM;
1331 	ceph_con_send(&session->s_con, msg);
1332 	return 0;
1333 }
1334 
1335 
1336 /*
1337  * Note new cap ttl, and any transition from stale -> not stale (fresh?).
1338  *
1339  * Called under session->s_mutex
1340  */
1341 static void renewed_caps(struct ceph_mds_client *mdsc,
1342 			 struct ceph_mds_session *session, int is_renew)
1343 {
1344 	int was_stale;
1345 	int wake = 0;
1346 
1347 	spin_lock(&session->s_cap_lock);
1348 	was_stale = is_renew && time_after_eq(jiffies, session->s_cap_ttl);
1349 
1350 	session->s_cap_ttl = session->s_renew_requested +
1351 		mdsc->mdsmap->m_session_timeout*HZ;
1352 
1353 	if (was_stale) {
1354 		if (time_before(jiffies, session->s_cap_ttl)) {
1355 			pr_info("mds%d caps renewed\n", session->s_mds);
1356 			wake = 1;
1357 		} else {
1358 			pr_info("mds%d caps still stale\n", session->s_mds);
1359 		}
1360 	}
1361 	dout("renewed_caps mds%d ttl now %lu, was %s, now %s\n",
1362 	     session->s_mds, session->s_cap_ttl, was_stale ? "stale" : "fresh",
1363 	     time_before(jiffies, session->s_cap_ttl) ? "stale" : "fresh");
1364 	spin_unlock(&session->s_cap_lock);
1365 
1366 	if (wake)
1367 		wake_up_session_caps(session, 0);
1368 }
1369 
1370 /*
1371  * send a session close request
1372  */
1373 static int request_close_session(struct ceph_mds_client *mdsc,
1374 				 struct ceph_mds_session *session)
1375 {
1376 	struct ceph_msg *msg;
1377 
1378 	dout("request_close_session mds%d state %s seq %lld\n",
1379 	     session->s_mds, ceph_session_state_name(session->s_state),
1380 	     session->s_seq);
1381 	msg = create_session_msg(CEPH_SESSION_REQUEST_CLOSE, session->s_seq);
1382 	if (!msg)
1383 		return -ENOMEM;
1384 	ceph_con_send(&session->s_con, msg);
1385 	return 0;
1386 }
1387 
1388 /*
1389  * Called with s_mutex held.
1390  */
1391 static int __close_session(struct ceph_mds_client *mdsc,
1392 			 struct ceph_mds_session *session)
1393 {
1394 	if (session->s_state >= CEPH_MDS_SESSION_CLOSING)
1395 		return 0;
1396 	session->s_state = CEPH_MDS_SESSION_CLOSING;
1397 	return request_close_session(mdsc, session);
1398 }
1399 
1400 /*
1401  * Trim old(er) caps.
1402  *
1403  * Because we can't cache an inode without one or more caps, we do
1404  * this indirectly: if a cap is unused, we prune its aliases, at which
1405  * point the inode will hopefully get dropped to.
1406  *
1407  * Yes, this is a bit sloppy.  Our only real goal here is to respond to
1408  * memory pressure from the MDS, though, so it needn't be perfect.
1409  */
1410 static int trim_caps_cb(struct inode *inode, struct ceph_cap *cap, void *arg)
1411 {
1412 	struct ceph_mds_session *session = arg;
1413 	struct ceph_inode_info *ci = ceph_inode(inode);
1414 	int used, wanted, oissued, mine;
1415 
1416 	if (session->s_trim_caps <= 0)
1417 		return -1;
1418 
1419 	spin_lock(&ci->i_ceph_lock);
1420 	mine = cap->issued | cap->implemented;
1421 	used = __ceph_caps_used(ci);
1422 	wanted = __ceph_caps_file_wanted(ci);
1423 	oissued = __ceph_caps_issued_other(ci, cap);
1424 
1425 	dout("trim_caps_cb %p cap %p mine %s oissued %s used %s wanted %s\n",
1426 	     inode, cap, ceph_cap_string(mine), ceph_cap_string(oissued),
1427 	     ceph_cap_string(used), ceph_cap_string(wanted));
1428 	if (cap == ci->i_auth_cap) {
1429 		if (ci->i_dirty_caps || ci->i_flushing_caps ||
1430 		    !list_empty(&ci->i_cap_snaps))
1431 			goto out;
1432 		if ((used | wanted) & CEPH_CAP_ANY_WR)
1433 			goto out;
1434 	}
1435 	/* The inode has cached pages, but it's no longer used.
1436 	 * we can safely drop it */
1437 	if (wanted == 0 && used == CEPH_CAP_FILE_CACHE &&
1438 	    !(oissued & CEPH_CAP_FILE_CACHE)) {
1439 	  used = 0;
1440 	  oissued = 0;
1441 	}
1442 	if ((used | wanted) & ~oissued & mine)
1443 		goto out;   /* we need these caps */
1444 
1445 	session->s_trim_caps--;
1446 	if (oissued) {
1447 		/* we aren't the only cap.. just remove us */
1448 		__ceph_remove_cap(cap, true);
1449 	} else {
1450 		/* try dropping referring dentries */
1451 		spin_unlock(&ci->i_ceph_lock);
1452 		d_prune_aliases(inode);
1453 		dout("trim_caps_cb %p cap %p  pruned, count now %d\n",
1454 		     inode, cap, atomic_read(&inode->i_count));
1455 		return 0;
1456 	}
1457 
1458 out:
1459 	spin_unlock(&ci->i_ceph_lock);
1460 	return 0;
1461 }
1462 
1463 /*
1464  * Trim session cap count down to some max number.
1465  */
1466 static int trim_caps(struct ceph_mds_client *mdsc,
1467 		     struct ceph_mds_session *session,
1468 		     int max_caps)
1469 {
1470 	int trim_caps = session->s_nr_caps - max_caps;
1471 
1472 	dout("trim_caps mds%d start: %d / %d, trim %d\n",
1473 	     session->s_mds, session->s_nr_caps, max_caps, trim_caps);
1474 	if (trim_caps > 0) {
1475 		session->s_trim_caps = trim_caps;
1476 		iterate_session_caps(session, trim_caps_cb, session);
1477 		dout("trim_caps mds%d done: %d / %d, trimmed %d\n",
1478 		     session->s_mds, session->s_nr_caps, max_caps,
1479 			trim_caps - session->s_trim_caps);
1480 		session->s_trim_caps = 0;
1481 	}
1482 
1483 	ceph_send_cap_releases(mdsc, session);
1484 	return 0;
1485 }
1486 
1487 static int check_capsnap_flush(struct ceph_inode_info *ci,
1488 			       u64 want_snap_seq)
1489 {
1490 	int ret = 1;
1491 	spin_lock(&ci->i_ceph_lock);
1492 	if (want_snap_seq > 0 && !list_empty(&ci->i_cap_snaps)) {
1493 		struct ceph_cap_snap *capsnap =
1494 			list_first_entry(&ci->i_cap_snaps,
1495 					 struct ceph_cap_snap, ci_item);
1496 		ret = capsnap->follows >= want_snap_seq;
1497 	}
1498 	spin_unlock(&ci->i_ceph_lock);
1499 	return ret;
1500 }
1501 
1502 static int check_caps_flush(struct ceph_mds_client *mdsc,
1503 			    u64 want_flush_tid)
1504 {
1505 	struct rb_node *n;
1506 	struct ceph_cap_flush *cf;
1507 	int ret = 1;
1508 
1509 	spin_lock(&mdsc->cap_dirty_lock);
1510 	n = rb_first(&mdsc->cap_flush_tree);
1511 	cf = n ? rb_entry(n, struct ceph_cap_flush, g_node) : NULL;
1512 	if (cf && cf->tid <= want_flush_tid) {
1513 		dout("check_caps_flush still flushing tid %llu <= %llu\n",
1514 		     cf->tid, want_flush_tid);
1515 		ret = 0;
1516 	}
1517 	spin_unlock(&mdsc->cap_dirty_lock);
1518 	return ret;
1519 }
1520 
1521 /*
1522  * flush all dirty inode data to disk.
1523  *
1524  * returns true if we've flushed through want_flush_tid
1525  */
1526 static void wait_caps_flush(struct ceph_mds_client *mdsc,
1527 			    u64 want_flush_tid, u64 want_snap_seq)
1528 {
1529 	int mds;
1530 
1531 	dout("check_caps_flush want %llu snap want %llu\n",
1532 	     want_flush_tid, want_snap_seq);
1533 	mutex_lock(&mdsc->mutex);
1534 	for (mds = 0; mds < mdsc->max_sessions; ) {
1535 		struct ceph_mds_session *session = mdsc->sessions[mds];
1536 		struct inode *inode = NULL;
1537 
1538 		if (!session) {
1539 			mds++;
1540 			continue;
1541 		}
1542 		get_session(session);
1543 		mutex_unlock(&mdsc->mutex);
1544 
1545 		mutex_lock(&session->s_mutex);
1546 		if (!list_empty(&session->s_cap_snaps_flushing)) {
1547 			struct ceph_cap_snap *capsnap =
1548 				list_first_entry(&session->s_cap_snaps_flushing,
1549 						 struct ceph_cap_snap,
1550 						 flushing_item);
1551 			struct ceph_inode_info *ci = capsnap->ci;
1552 			if (!check_capsnap_flush(ci, want_snap_seq)) {
1553 				dout("check_cap_flush still flushing snap %p "
1554 				     "follows %lld <= %lld to mds%d\n",
1555 				     &ci->vfs_inode, capsnap->follows,
1556 				     want_snap_seq, mds);
1557 				inode = igrab(&ci->vfs_inode);
1558 			}
1559 		}
1560 		mutex_unlock(&session->s_mutex);
1561 		ceph_put_mds_session(session);
1562 
1563 		if (inode) {
1564 			wait_event(mdsc->cap_flushing_wq,
1565 				   check_capsnap_flush(ceph_inode(inode),
1566 						       want_snap_seq));
1567 			iput(inode);
1568 		} else {
1569 			mds++;
1570 		}
1571 
1572 		mutex_lock(&mdsc->mutex);
1573 	}
1574 	mutex_unlock(&mdsc->mutex);
1575 
1576 	wait_event(mdsc->cap_flushing_wq,
1577 		   check_caps_flush(mdsc, want_flush_tid));
1578 
1579 	dout("check_caps_flush ok, flushed thru %llu\n", want_flush_tid);
1580 }
1581 
1582 /*
1583  * called under s_mutex
1584  */
1585 void ceph_send_cap_releases(struct ceph_mds_client *mdsc,
1586 			    struct ceph_mds_session *session)
1587 {
1588 	struct ceph_msg *msg = NULL;
1589 	struct ceph_mds_cap_release *head;
1590 	struct ceph_mds_cap_item *item;
1591 	struct ceph_cap *cap;
1592 	LIST_HEAD(tmp_list);
1593 	int num_cap_releases;
1594 
1595 	spin_lock(&session->s_cap_lock);
1596 again:
1597 	list_splice_init(&session->s_cap_releases, &tmp_list);
1598 	num_cap_releases = session->s_num_cap_releases;
1599 	session->s_num_cap_releases = 0;
1600 	spin_unlock(&session->s_cap_lock);
1601 
1602 	while (!list_empty(&tmp_list)) {
1603 		if (!msg) {
1604 			msg = ceph_msg_new(CEPH_MSG_CLIENT_CAPRELEASE,
1605 					PAGE_CACHE_SIZE, GFP_NOFS, false);
1606 			if (!msg)
1607 				goto out_err;
1608 			head = msg->front.iov_base;
1609 			head->num = cpu_to_le32(0);
1610 			msg->front.iov_len = sizeof(*head);
1611 		}
1612 		cap = list_first_entry(&tmp_list, struct ceph_cap,
1613 					session_caps);
1614 		list_del(&cap->session_caps);
1615 		num_cap_releases--;
1616 
1617 		head = msg->front.iov_base;
1618 		le32_add_cpu(&head->num, 1);
1619 		item = msg->front.iov_base + msg->front.iov_len;
1620 		item->ino = cpu_to_le64(cap->cap_ino);
1621 		item->cap_id = cpu_to_le64(cap->cap_id);
1622 		item->migrate_seq = cpu_to_le32(cap->mseq);
1623 		item->seq = cpu_to_le32(cap->issue_seq);
1624 		msg->front.iov_len += sizeof(*item);
1625 
1626 		ceph_put_cap(mdsc, cap);
1627 
1628 		if (le32_to_cpu(head->num) == CEPH_CAPS_PER_RELEASE) {
1629 			msg->hdr.front_len = cpu_to_le32(msg->front.iov_len);
1630 			dout("send_cap_releases mds%d %p\n", session->s_mds, msg);
1631 			ceph_con_send(&session->s_con, msg);
1632 			msg = NULL;
1633 		}
1634 	}
1635 
1636 	BUG_ON(num_cap_releases != 0);
1637 
1638 	spin_lock(&session->s_cap_lock);
1639 	if (!list_empty(&session->s_cap_releases))
1640 		goto again;
1641 	spin_unlock(&session->s_cap_lock);
1642 
1643 	if (msg) {
1644 		msg->hdr.front_len = cpu_to_le32(msg->front.iov_len);
1645 		dout("send_cap_releases mds%d %p\n", session->s_mds, msg);
1646 		ceph_con_send(&session->s_con, msg);
1647 	}
1648 	return;
1649 out_err:
1650 	pr_err("send_cap_releases mds%d, failed to allocate message\n",
1651 		session->s_mds);
1652 	spin_lock(&session->s_cap_lock);
1653 	list_splice(&tmp_list, &session->s_cap_releases);
1654 	session->s_num_cap_releases += num_cap_releases;
1655 	spin_unlock(&session->s_cap_lock);
1656 }
1657 
1658 /*
1659  * requests
1660  */
1661 
1662 int ceph_alloc_readdir_reply_buffer(struct ceph_mds_request *req,
1663 				    struct inode *dir)
1664 {
1665 	struct ceph_inode_info *ci = ceph_inode(dir);
1666 	struct ceph_mds_reply_info_parsed *rinfo = &req->r_reply_info;
1667 	struct ceph_mount_options *opt = req->r_mdsc->fsc->mount_options;
1668 	size_t size = sizeof(*rinfo->dir_in) + sizeof(*rinfo->dir_dname_len) +
1669 		      sizeof(*rinfo->dir_dname) + sizeof(*rinfo->dir_dlease);
1670 	int order, num_entries;
1671 
1672 	spin_lock(&ci->i_ceph_lock);
1673 	num_entries = ci->i_files + ci->i_subdirs;
1674 	spin_unlock(&ci->i_ceph_lock);
1675 	num_entries = max(num_entries, 1);
1676 	num_entries = min(num_entries, opt->max_readdir);
1677 
1678 	order = get_order(size * num_entries);
1679 	while (order >= 0) {
1680 		rinfo->dir_in = (void*)__get_free_pages(GFP_KERNEL |
1681 							__GFP_NOWARN,
1682 							order);
1683 		if (rinfo->dir_in)
1684 			break;
1685 		order--;
1686 	}
1687 	if (!rinfo->dir_in)
1688 		return -ENOMEM;
1689 
1690 	num_entries = (PAGE_SIZE << order) / size;
1691 	num_entries = min(num_entries, opt->max_readdir);
1692 
1693 	rinfo->dir_buf_size = PAGE_SIZE << order;
1694 	req->r_num_caps = num_entries + 1;
1695 	req->r_args.readdir.max_entries = cpu_to_le32(num_entries);
1696 	req->r_args.readdir.max_bytes = cpu_to_le32(opt->max_readdir_bytes);
1697 	return 0;
1698 }
1699 
1700 /*
1701  * Create an mds request.
1702  */
1703 struct ceph_mds_request *
1704 ceph_mdsc_create_request(struct ceph_mds_client *mdsc, int op, int mode)
1705 {
1706 	struct ceph_mds_request *req = kzalloc(sizeof(*req), GFP_NOFS);
1707 
1708 	if (!req)
1709 		return ERR_PTR(-ENOMEM);
1710 
1711 	mutex_init(&req->r_fill_mutex);
1712 	req->r_mdsc = mdsc;
1713 	req->r_started = jiffies;
1714 	req->r_resend_mds = -1;
1715 	INIT_LIST_HEAD(&req->r_unsafe_dir_item);
1716 	INIT_LIST_HEAD(&req->r_unsafe_target_item);
1717 	req->r_fmode = -1;
1718 	kref_init(&req->r_kref);
1719 	INIT_LIST_HEAD(&req->r_wait);
1720 	init_completion(&req->r_completion);
1721 	init_completion(&req->r_safe_completion);
1722 	INIT_LIST_HEAD(&req->r_unsafe_item);
1723 
1724 	req->r_stamp = CURRENT_TIME;
1725 
1726 	req->r_op = op;
1727 	req->r_direct_mode = mode;
1728 	return req;
1729 }
1730 
1731 /*
1732  * return oldest (lowest) request, tid in request tree, 0 if none.
1733  *
1734  * called under mdsc->mutex.
1735  */
1736 static struct ceph_mds_request *__get_oldest_req(struct ceph_mds_client *mdsc)
1737 {
1738 	if (RB_EMPTY_ROOT(&mdsc->request_tree))
1739 		return NULL;
1740 	return rb_entry(rb_first(&mdsc->request_tree),
1741 			struct ceph_mds_request, r_node);
1742 }
1743 
1744 static inline  u64 __get_oldest_tid(struct ceph_mds_client *mdsc)
1745 {
1746 	return mdsc->oldest_tid;
1747 }
1748 
1749 /*
1750  * Build a dentry's path.  Allocate on heap; caller must kfree.  Based
1751  * on build_path_from_dentry in fs/cifs/dir.c.
1752  *
1753  * If @stop_on_nosnap, generate path relative to the first non-snapped
1754  * inode.
1755  *
1756  * Encode hidden .snap dirs as a double /, i.e.
1757  *   foo/.snap/bar -> foo//bar
1758  */
1759 char *ceph_mdsc_build_path(struct dentry *dentry, int *plen, u64 *base,
1760 			   int stop_on_nosnap)
1761 {
1762 	struct dentry *temp;
1763 	char *path;
1764 	int len, pos;
1765 	unsigned seq;
1766 
1767 	if (dentry == NULL)
1768 		return ERR_PTR(-EINVAL);
1769 
1770 retry:
1771 	len = 0;
1772 	seq = read_seqbegin(&rename_lock);
1773 	rcu_read_lock();
1774 	for (temp = dentry; !IS_ROOT(temp);) {
1775 		struct inode *inode = d_inode(temp);
1776 		if (inode && ceph_snap(inode) == CEPH_SNAPDIR)
1777 			len++;  /* slash only */
1778 		else if (stop_on_nosnap && inode &&
1779 			 ceph_snap(inode) == CEPH_NOSNAP)
1780 			break;
1781 		else
1782 			len += 1 + temp->d_name.len;
1783 		temp = temp->d_parent;
1784 	}
1785 	rcu_read_unlock();
1786 	if (len)
1787 		len--;  /* no leading '/' */
1788 
1789 	path = kmalloc(len+1, GFP_NOFS);
1790 	if (path == NULL)
1791 		return ERR_PTR(-ENOMEM);
1792 	pos = len;
1793 	path[pos] = 0;	/* trailing null */
1794 	rcu_read_lock();
1795 	for (temp = dentry; !IS_ROOT(temp) && pos != 0; ) {
1796 		struct inode *inode;
1797 
1798 		spin_lock(&temp->d_lock);
1799 		inode = d_inode(temp);
1800 		if (inode && ceph_snap(inode) == CEPH_SNAPDIR) {
1801 			dout("build_path path+%d: %p SNAPDIR\n",
1802 			     pos, temp);
1803 		} else if (stop_on_nosnap && inode &&
1804 			   ceph_snap(inode) == CEPH_NOSNAP) {
1805 			spin_unlock(&temp->d_lock);
1806 			break;
1807 		} else {
1808 			pos -= temp->d_name.len;
1809 			if (pos < 0) {
1810 				spin_unlock(&temp->d_lock);
1811 				break;
1812 			}
1813 			strncpy(path + pos, temp->d_name.name,
1814 				temp->d_name.len);
1815 		}
1816 		spin_unlock(&temp->d_lock);
1817 		if (pos)
1818 			path[--pos] = '/';
1819 		temp = temp->d_parent;
1820 	}
1821 	rcu_read_unlock();
1822 	if (pos != 0 || read_seqretry(&rename_lock, seq)) {
1823 		pr_err("build_path did not end path lookup where "
1824 		       "expected, namelen is %d, pos is %d\n", len, pos);
1825 		/* presumably this is only possible if racing with a
1826 		   rename of one of the parent directories (we can not
1827 		   lock the dentries above us to prevent this, but
1828 		   retrying should be harmless) */
1829 		kfree(path);
1830 		goto retry;
1831 	}
1832 
1833 	*base = ceph_ino(d_inode(temp));
1834 	*plen = len;
1835 	dout("build_path on %p %d built %llx '%.*s'\n",
1836 	     dentry, d_count(dentry), *base, len, path);
1837 	return path;
1838 }
1839 
1840 static int build_dentry_path(struct dentry *dentry,
1841 			     const char **ppath, int *ppathlen, u64 *pino,
1842 			     int *pfreepath)
1843 {
1844 	char *path;
1845 
1846 	if (ceph_snap(d_inode(dentry->d_parent)) == CEPH_NOSNAP) {
1847 		*pino = ceph_ino(d_inode(dentry->d_parent));
1848 		*ppath = dentry->d_name.name;
1849 		*ppathlen = dentry->d_name.len;
1850 		return 0;
1851 	}
1852 	path = ceph_mdsc_build_path(dentry, ppathlen, pino, 1);
1853 	if (IS_ERR(path))
1854 		return PTR_ERR(path);
1855 	*ppath = path;
1856 	*pfreepath = 1;
1857 	return 0;
1858 }
1859 
1860 static int build_inode_path(struct inode *inode,
1861 			    const char **ppath, int *ppathlen, u64 *pino,
1862 			    int *pfreepath)
1863 {
1864 	struct dentry *dentry;
1865 	char *path;
1866 
1867 	if (ceph_snap(inode) == CEPH_NOSNAP) {
1868 		*pino = ceph_ino(inode);
1869 		*ppathlen = 0;
1870 		return 0;
1871 	}
1872 	dentry = d_find_alias(inode);
1873 	path = ceph_mdsc_build_path(dentry, ppathlen, pino, 1);
1874 	dput(dentry);
1875 	if (IS_ERR(path))
1876 		return PTR_ERR(path);
1877 	*ppath = path;
1878 	*pfreepath = 1;
1879 	return 0;
1880 }
1881 
1882 /*
1883  * request arguments may be specified via an inode *, a dentry *, or
1884  * an explicit ino+path.
1885  */
1886 static int set_request_path_attr(struct inode *rinode, struct dentry *rdentry,
1887 				  const char *rpath, u64 rino,
1888 				  const char **ppath, int *pathlen,
1889 				  u64 *ino, int *freepath)
1890 {
1891 	int r = 0;
1892 
1893 	if (rinode) {
1894 		r = build_inode_path(rinode, ppath, pathlen, ino, freepath);
1895 		dout(" inode %p %llx.%llx\n", rinode, ceph_ino(rinode),
1896 		     ceph_snap(rinode));
1897 	} else if (rdentry) {
1898 		r = build_dentry_path(rdentry, ppath, pathlen, ino, freepath);
1899 		dout(" dentry %p %llx/%.*s\n", rdentry, *ino, *pathlen,
1900 		     *ppath);
1901 	} else if (rpath || rino) {
1902 		*ino = rino;
1903 		*ppath = rpath;
1904 		*pathlen = rpath ? strlen(rpath) : 0;
1905 		dout(" path %.*s\n", *pathlen, rpath);
1906 	}
1907 
1908 	return r;
1909 }
1910 
1911 /*
1912  * called under mdsc->mutex
1913  */
1914 static struct ceph_msg *create_request_message(struct ceph_mds_client *mdsc,
1915 					       struct ceph_mds_request *req,
1916 					       int mds, bool drop_cap_releases)
1917 {
1918 	struct ceph_msg *msg;
1919 	struct ceph_mds_request_head *head;
1920 	const char *path1 = NULL;
1921 	const char *path2 = NULL;
1922 	u64 ino1 = 0, ino2 = 0;
1923 	int pathlen1 = 0, pathlen2 = 0;
1924 	int freepath1 = 0, freepath2 = 0;
1925 	int len;
1926 	u16 releases;
1927 	void *p, *end;
1928 	int ret;
1929 
1930 	ret = set_request_path_attr(req->r_inode, req->r_dentry,
1931 			      req->r_path1, req->r_ino1.ino,
1932 			      &path1, &pathlen1, &ino1, &freepath1);
1933 	if (ret < 0) {
1934 		msg = ERR_PTR(ret);
1935 		goto out;
1936 	}
1937 
1938 	ret = set_request_path_attr(NULL, req->r_old_dentry,
1939 			      req->r_path2, req->r_ino2.ino,
1940 			      &path2, &pathlen2, &ino2, &freepath2);
1941 	if (ret < 0) {
1942 		msg = ERR_PTR(ret);
1943 		goto out_free1;
1944 	}
1945 
1946 	len = sizeof(*head) +
1947 		pathlen1 + pathlen2 + 2*(1 + sizeof(u32) + sizeof(u64)) +
1948 		sizeof(struct ceph_timespec);
1949 
1950 	/* calculate (max) length for cap releases */
1951 	len += sizeof(struct ceph_mds_request_release) *
1952 		(!!req->r_inode_drop + !!req->r_dentry_drop +
1953 		 !!req->r_old_inode_drop + !!req->r_old_dentry_drop);
1954 	if (req->r_dentry_drop)
1955 		len += req->r_dentry->d_name.len;
1956 	if (req->r_old_dentry_drop)
1957 		len += req->r_old_dentry->d_name.len;
1958 
1959 	msg = ceph_msg_new(CEPH_MSG_CLIENT_REQUEST, len, GFP_NOFS, false);
1960 	if (!msg) {
1961 		msg = ERR_PTR(-ENOMEM);
1962 		goto out_free2;
1963 	}
1964 
1965 	msg->hdr.version = cpu_to_le16(2);
1966 	msg->hdr.tid = cpu_to_le64(req->r_tid);
1967 
1968 	head = msg->front.iov_base;
1969 	p = msg->front.iov_base + sizeof(*head);
1970 	end = msg->front.iov_base + msg->front.iov_len;
1971 
1972 	head->mdsmap_epoch = cpu_to_le32(mdsc->mdsmap->m_epoch);
1973 	head->op = cpu_to_le32(req->r_op);
1974 	head->caller_uid = cpu_to_le32(from_kuid(&init_user_ns, req->r_uid));
1975 	head->caller_gid = cpu_to_le32(from_kgid(&init_user_ns, req->r_gid));
1976 	head->args = req->r_args;
1977 
1978 	ceph_encode_filepath(&p, end, ino1, path1);
1979 	ceph_encode_filepath(&p, end, ino2, path2);
1980 
1981 	/* make note of release offset, in case we need to replay */
1982 	req->r_request_release_offset = p - msg->front.iov_base;
1983 
1984 	/* cap releases */
1985 	releases = 0;
1986 	if (req->r_inode_drop)
1987 		releases += ceph_encode_inode_release(&p,
1988 		      req->r_inode ? req->r_inode : d_inode(req->r_dentry),
1989 		      mds, req->r_inode_drop, req->r_inode_unless, 0);
1990 	if (req->r_dentry_drop)
1991 		releases += ceph_encode_dentry_release(&p, req->r_dentry,
1992 		       mds, req->r_dentry_drop, req->r_dentry_unless);
1993 	if (req->r_old_dentry_drop)
1994 		releases += ceph_encode_dentry_release(&p, req->r_old_dentry,
1995 		       mds, req->r_old_dentry_drop, req->r_old_dentry_unless);
1996 	if (req->r_old_inode_drop)
1997 		releases += ceph_encode_inode_release(&p,
1998 		      d_inode(req->r_old_dentry),
1999 		      mds, req->r_old_inode_drop, req->r_old_inode_unless, 0);
2000 
2001 	if (drop_cap_releases) {
2002 		releases = 0;
2003 		p = msg->front.iov_base + req->r_request_release_offset;
2004 	}
2005 
2006 	head->num_releases = cpu_to_le16(releases);
2007 
2008 	/* time stamp */
2009 	{
2010 		struct ceph_timespec ts;
2011 		ceph_encode_timespec(&ts, &req->r_stamp);
2012 		ceph_encode_copy(&p, &ts, sizeof(ts));
2013 	}
2014 
2015 	BUG_ON(p > end);
2016 	msg->front.iov_len = p - msg->front.iov_base;
2017 	msg->hdr.front_len = cpu_to_le32(msg->front.iov_len);
2018 
2019 	if (req->r_pagelist) {
2020 		struct ceph_pagelist *pagelist = req->r_pagelist;
2021 		atomic_inc(&pagelist->refcnt);
2022 		ceph_msg_data_add_pagelist(msg, pagelist);
2023 		msg->hdr.data_len = cpu_to_le32(pagelist->length);
2024 	} else {
2025 		msg->hdr.data_len = 0;
2026 	}
2027 
2028 	msg->hdr.data_off = cpu_to_le16(0);
2029 
2030 out_free2:
2031 	if (freepath2)
2032 		kfree((char *)path2);
2033 out_free1:
2034 	if (freepath1)
2035 		kfree((char *)path1);
2036 out:
2037 	return msg;
2038 }
2039 
2040 /*
2041  * called under mdsc->mutex if error, under no mutex if
2042  * success.
2043  */
2044 static void complete_request(struct ceph_mds_client *mdsc,
2045 			     struct ceph_mds_request *req)
2046 {
2047 	if (req->r_callback)
2048 		req->r_callback(mdsc, req);
2049 	else
2050 		complete_all(&req->r_completion);
2051 }
2052 
2053 /*
2054  * called under mdsc->mutex
2055  */
2056 static int __prepare_send_request(struct ceph_mds_client *mdsc,
2057 				  struct ceph_mds_request *req,
2058 				  int mds, bool drop_cap_releases)
2059 {
2060 	struct ceph_mds_request_head *rhead;
2061 	struct ceph_msg *msg;
2062 	int flags = 0;
2063 
2064 	req->r_attempts++;
2065 	if (req->r_inode) {
2066 		struct ceph_cap *cap =
2067 			ceph_get_cap_for_mds(ceph_inode(req->r_inode), mds);
2068 
2069 		if (cap)
2070 			req->r_sent_on_mseq = cap->mseq;
2071 		else
2072 			req->r_sent_on_mseq = -1;
2073 	}
2074 	dout("prepare_send_request %p tid %lld %s (attempt %d)\n", req,
2075 	     req->r_tid, ceph_mds_op_name(req->r_op), req->r_attempts);
2076 
2077 	if (req->r_got_unsafe) {
2078 		void *p;
2079 		/*
2080 		 * Replay.  Do not regenerate message (and rebuild
2081 		 * paths, etc.); just use the original message.
2082 		 * Rebuilding paths will break for renames because
2083 		 * d_move mangles the src name.
2084 		 */
2085 		msg = req->r_request;
2086 		rhead = msg->front.iov_base;
2087 
2088 		flags = le32_to_cpu(rhead->flags);
2089 		flags |= CEPH_MDS_FLAG_REPLAY;
2090 		rhead->flags = cpu_to_le32(flags);
2091 
2092 		if (req->r_target_inode)
2093 			rhead->ino = cpu_to_le64(ceph_ino(req->r_target_inode));
2094 
2095 		rhead->num_retry = req->r_attempts - 1;
2096 
2097 		/* remove cap/dentry releases from message */
2098 		rhead->num_releases = 0;
2099 
2100 		/* time stamp */
2101 		p = msg->front.iov_base + req->r_request_release_offset;
2102 		{
2103 			struct ceph_timespec ts;
2104 			ceph_encode_timespec(&ts, &req->r_stamp);
2105 			ceph_encode_copy(&p, &ts, sizeof(ts));
2106 		}
2107 
2108 		msg->front.iov_len = p - msg->front.iov_base;
2109 		msg->hdr.front_len = cpu_to_le32(msg->front.iov_len);
2110 		return 0;
2111 	}
2112 
2113 	if (req->r_request) {
2114 		ceph_msg_put(req->r_request);
2115 		req->r_request = NULL;
2116 	}
2117 	msg = create_request_message(mdsc, req, mds, drop_cap_releases);
2118 	if (IS_ERR(msg)) {
2119 		req->r_err = PTR_ERR(msg);
2120 		return PTR_ERR(msg);
2121 	}
2122 	req->r_request = msg;
2123 
2124 	rhead = msg->front.iov_base;
2125 	rhead->oldest_client_tid = cpu_to_le64(__get_oldest_tid(mdsc));
2126 	if (req->r_got_unsafe)
2127 		flags |= CEPH_MDS_FLAG_REPLAY;
2128 	if (req->r_locked_dir)
2129 		flags |= CEPH_MDS_FLAG_WANT_DENTRY;
2130 	rhead->flags = cpu_to_le32(flags);
2131 	rhead->num_fwd = req->r_num_fwd;
2132 	rhead->num_retry = req->r_attempts - 1;
2133 	rhead->ino = 0;
2134 
2135 	dout(" r_locked_dir = %p\n", req->r_locked_dir);
2136 	return 0;
2137 }
2138 
2139 /*
2140  * send request, or put it on the appropriate wait list.
2141  */
2142 static int __do_request(struct ceph_mds_client *mdsc,
2143 			struct ceph_mds_request *req)
2144 {
2145 	struct ceph_mds_session *session = NULL;
2146 	int mds = -1;
2147 	int err = 0;
2148 
2149 	if (req->r_err || req->r_got_result) {
2150 		if (req->r_aborted)
2151 			__unregister_request(mdsc, req);
2152 		goto out;
2153 	}
2154 
2155 	if (req->r_timeout &&
2156 	    time_after_eq(jiffies, req->r_started + req->r_timeout)) {
2157 		dout("do_request timed out\n");
2158 		err = -EIO;
2159 		goto finish;
2160 	}
2161 	if (ACCESS_ONCE(mdsc->fsc->mount_state) == CEPH_MOUNT_SHUTDOWN) {
2162 		dout("do_request forced umount\n");
2163 		err = -EIO;
2164 		goto finish;
2165 	}
2166 
2167 	put_request_session(req);
2168 
2169 	mds = __choose_mds(mdsc, req);
2170 	if (mds < 0 ||
2171 	    ceph_mdsmap_get_state(mdsc->mdsmap, mds) < CEPH_MDS_STATE_ACTIVE) {
2172 		dout("do_request no mds or not active, waiting for map\n");
2173 		list_add(&req->r_wait, &mdsc->waiting_for_map);
2174 		goto out;
2175 	}
2176 
2177 	/* get, open session */
2178 	session = __ceph_lookup_mds_session(mdsc, mds);
2179 	if (!session) {
2180 		session = register_session(mdsc, mds);
2181 		if (IS_ERR(session)) {
2182 			err = PTR_ERR(session);
2183 			goto finish;
2184 		}
2185 	}
2186 	req->r_session = get_session(session);
2187 
2188 	dout("do_request mds%d session %p state %s\n", mds, session,
2189 	     ceph_session_state_name(session->s_state));
2190 	if (session->s_state != CEPH_MDS_SESSION_OPEN &&
2191 	    session->s_state != CEPH_MDS_SESSION_HUNG) {
2192 		if (session->s_state == CEPH_MDS_SESSION_NEW ||
2193 		    session->s_state == CEPH_MDS_SESSION_CLOSING)
2194 			__open_session(mdsc, session);
2195 		list_add(&req->r_wait, &session->s_waiting);
2196 		goto out_session;
2197 	}
2198 
2199 	/* send request */
2200 	req->r_resend_mds = -1;   /* forget any previous mds hint */
2201 
2202 	if (req->r_request_started == 0)   /* note request start time */
2203 		req->r_request_started = jiffies;
2204 
2205 	err = __prepare_send_request(mdsc, req, mds, false);
2206 	if (!err) {
2207 		ceph_msg_get(req->r_request);
2208 		ceph_con_send(&session->s_con, req->r_request);
2209 	}
2210 
2211 out_session:
2212 	ceph_put_mds_session(session);
2213 finish:
2214 	if (err) {
2215 		dout("__do_request early error %d\n", err);
2216 		req->r_err = err;
2217 		complete_request(mdsc, req);
2218 		__unregister_request(mdsc, req);
2219 	}
2220 out:
2221 	return err;
2222 }
2223 
2224 /*
2225  * called under mdsc->mutex
2226  */
2227 static void __wake_requests(struct ceph_mds_client *mdsc,
2228 			    struct list_head *head)
2229 {
2230 	struct ceph_mds_request *req;
2231 	LIST_HEAD(tmp_list);
2232 
2233 	list_splice_init(head, &tmp_list);
2234 
2235 	while (!list_empty(&tmp_list)) {
2236 		req = list_entry(tmp_list.next,
2237 				 struct ceph_mds_request, r_wait);
2238 		list_del_init(&req->r_wait);
2239 		dout(" wake request %p tid %llu\n", req, req->r_tid);
2240 		__do_request(mdsc, req);
2241 	}
2242 }
2243 
2244 /*
2245  * Wake up threads with requests pending for @mds, so that they can
2246  * resubmit their requests to a possibly different mds.
2247  */
2248 static void kick_requests(struct ceph_mds_client *mdsc, int mds)
2249 {
2250 	struct ceph_mds_request *req;
2251 	struct rb_node *p = rb_first(&mdsc->request_tree);
2252 
2253 	dout("kick_requests mds%d\n", mds);
2254 	while (p) {
2255 		req = rb_entry(p, struct ceph_mds_request, r_node);
2256 		p = rb_next(p);
2257 		if (req->r_got_unsafe)
2258 			continue;
2259 		if (req->r_attempts > 0)
2260 			continue; /* only new requests */
2261 		if (req->r_session &&
2262 		    req->r_session->s_mds == mds) {
2263 			dout(" kicking tid %llu\n", req->r_tid);
2264 			list_del_init(&req->r_wait);
2265 			__do_request(mdsc, req);
2266 		}
2267 	}
2268 }
2269 
2270 void ceph_mdsc_submit_request(struct ceph_mds_client *mdsc,
2271 			      struct ceph_mds_request *req)
2272 {
2273 	dout("submit_request on %p\n", req);
2274 	mutex_lock(&mdsc->mutex);
2275 	__register_request(mdsc, req, NULL);
2276 	__do_request(mdsc, req);
2277 	mutex_unlock(&mdsc->mutex);
2278 }
2279 
2280 /*
2281  * Synchrously perform an mds request.  Take care of all of the
2282  * session setup, forwarding, retry details.
2283  */
2284 int ceph_mdsc_do_request(struct ceph_mds_client *mdsc,
2285 			 struct inode *dir,
2286 			 struct ceph_mds_request *req)
2287 {
2288 	int err;
2289 
2290 	dout("do_request on %p\n", req);
2291 
2292 	/* take CAP_PIN refs for r_inode, r_locked_dir, r_old_dentry */
2293 	if (req->r_inode)
2294 		ceph_get_cap_refs(ceph_inode(req->r_inode), CEPH_CAP_PIN);
2295 	if (req->r_locked_dir)
2296 		ceph_get_cap_refs(ceph_inode(req->r_locked_dir), CEPH_CAP_PIN);
2297 	if (req->r_old_dentry_dir)
2298 		ceph_get_cap_refs(ceph_inode(req->r_old_dentry_dir),
2299 				  CEPH_CAP_PIN);
2300 
2301 	/* issue */
2302 	mutex_lock(&mdsc->mutex);
2303 	__register_request(mdsc, req, dir);
2304 	__do_request(mdsc, req);
2305 
2306 	if (req->r_err) {
2307 		err = req->r_err;
2308 		goto out;
2309 	}
2310 
2311 	/* wait */
2312 	mutex_unlock(&mdsc->mutex);
2313 	dout("do_request waiting\n");
2314 	if (!req->r_timeout && req->r_wait_for_completion) {
2315 		err = req->r_wait_for_completion(mdsc, req);
2316 	} else {
2317 		long timeleft = wait_for_completion_killable_timeout(
2318 					&req->r_completion,
2319 					ceph_timeout_jiffies(req->r_timeout));
2320 		if (timeleft > 0)
2321 			err = 0;
2322 		else if (!timeleft)
2323 			err = -EIO;  /* timed out */
2324 		else
2325 			err = timeleft;  /* killed */
2326 	}
2327 	dout("do_request waited, got %d\n", err);
2328 	mutex_lock(&mdsc->mutex);
2329 
2330 	/* only abort if we didn't race with a real reply */
2331 	if (req->r_got_result) {
2332 		err = le32_to_cpu(req->r_reply_info.head->result);
2333 	} else if (err < 0) {
2334 		dout("aborted request %lld with %d\n", req->r_tid, err);
2335 
2336 		/*
2337 		 * ensure we aren't running concurrently with
2338 		 * ceph_fill_trace or ceph_readdir_prepopulate, which
2339 		 * rely on locks (dir mutex) held by our caller.
2340 		 */
2341 		mutex_lock(&req->r_fill_mutex);
2342 		req->r_err = err;
2343 		req->r_aborted = true;
2344 		mutex_unlock(&req->r_fill_mutex);
2345 
2346 		if (req->r_locked_dir &&
2347 		    (req->r_op & CEPH_MDS_OP_WRITE))
2348 			ceph_invalidate_dir_request(req);
2349 	} else {
2350 		err = req->r_err;
2351 	}
2352 
2353 out:
2354 	mutex_unlock(&mdsc->mutex);
2355 	dout("do_request %p done, result %d\n", req, err);
2356 	return err;
2357 }
2358 
2359 /*
2360  * Invalidate dir's completeness, dentry lease state on an aborted MDS
2361  * namespace request.
2362  */
2363 void ceph_invalidate_dir_request(struct ceph_mds_request *req)
2364 {
2365 	struct inode *inode = req->r_locked_dir;
2366 
2367 	dout("invalidate_dir_request %p (complete, lease(s))\n", inode);
2368 
2369 	ceph_dir_clear_complete(inode);
2370 	if (req->r_dentry)
2371 		ceph_invalidate_dentry_lease(req->r_dentry);
2372 	if (req->r_old_dentry)
2373 		ceph_invalidate_dentry_lease(req->r_old_dentry);
2374 }
2375 
2376 /*
2377  * Handle mds reply.
2378  *
2379  * We take the session mutex and parse and process the reply immediately.
2380  * This preserves the logical ordering of replies, capabilities, etc., sent
2381  * by the MDS as they are applied to our local cache.
2382  */
2383 static void handle_reply(struct ceph_mds_session *session, struct ceph_msg *msg)
2384 {
2385 	struct ceph_mds_client *mdsc = session->s_mdsc;
2386 	struct ceph_mds_request *req;
2387 	struct ceph_mds_reply_head *head = msg->front.iov_base;
2388 	struct ceph_mds_reply_info_parsed *rinfo;  /* parsed reply info */
2389 	struct ceph_snap_realm *realm;
2390 	u64 tid;
2391 	int err, result;
2392 	int mds = session->s_mds;
2393 
2394 	if (msg->front.iov_len < sizeof(*head)) {
2395 		pr_err("mdsc_handle_reply got corrupt (short) reply\n");
2396 		ceph_msg_dump(msg);
2397 		return;
2398 	}
2399 
2400 	/* get request, session */
2401 	tid = le64_to_cpu(msg->hdr.tid);
2402 	mutex_lock(&mdsc->mutex);
2403 	req = __lookup_request(mdsc, tid);
2404 	if (!req) {
2405 		dout("handle_reply on unknown tid %llu\n", tid);
2406 		mutex_unlock(&mdsc->mutex);
2407 		return;
2408 	}
2409 	dout("handle_reply %p\n", req);
2410 
2411 	/* correct session? */
2412 	if (req->r_session != session) {
2413 		pr_err("mdsc_handle_reply got %llu on session mds%d"
2414 		       " not mds%d\n", tid, session->s_mds,
2415 		       req->r_session ? req->r_session->s_mds : -1);
2416 		mutex_unlock(&mdsc->mutex);
2417 		goto out;
2418 	}
2419 
2420 	/* dup? */
2421 	if ((req->r_got_unsafe && !head->safe) ||
2422 	    (req->r_got_safe && head->safe)) {
2423 		pr_warn("got a dup %s reply on %llu from mds%d\n",
2424 			   head->safe ? "safe" : "unsafe", tid, mds);
2425 		mutex_unlock(&mdsc->mutex);
2426 		goto out;
2427 	}
2428 	if (req->r_got_safe) {
2429 		pr_warn("got unsafe after safe on %llu from mds%d\n",
2430 			   tid, mds);
2431 		mutex_unlock(&mdsc->mutex);
2432 		goto out;
2433 	}
2434 
2435 	result = le32_to_cpu(head->result);
2436 
2437 	/*
2438 	 * Handle an ESTALE
2439 	 * if we're not talking to the authority, send to them
2440 	 * if the authority has changed while we weren't looking,
2441 	 * send to new authority
2442 	 * Otherwise we just have to return an ESTALE
2443 	 */
2444 	if (result == -ESTALE) {
2445 		dout("got ESTALE on request %llu", req->r_tid);
2446 		req->r_resend_mds = -1;
2447 		if (req->r_direct_mode != USE_AUTH_MDS) {
2448 			dout("not using auth, setting for that now");
2449 			req->r_direct_mode = USE_AUTH_MDS;
2450 			__do_request(mdsc, req);
2451 			mutex_unlock(&mdsc->mutex);
2452 			goto out;
2453 		} else  {
2454 			int mds = __choose_mds(mdsc, req);
2455 			if (mds >= 0 && mds != req->r_session->s_mds) {
2456 				dout("but auth changed, so resending");
2457 				__do_request(mdsc, req);
2458 				mutex_unlock(&mdsc->mutex);
2459 				goto out;
2460 			}
2461 		}
2462 		dout("have to return ESTALE on request %llu", req->r_tid);
2463 	}
2464 
2465 
2466 	if (head->safe) {
2467 		req->r_got_safe = true;
2468 		__unregister_request(mdsc, req);
2469 
2470 		if (req->r_got_unsafe) {
2471 			/*
2472 			 * We already handled the unsafe response, now do the
2473 			 * cleanup.  No need to examine the response; the MDS
2474 			 * doesn't include any result info in the safe
2475 			 * response.  And even if it did, there is nothing
2476 			 * useful we could do with a revised return value.
2477 			 */
2478 			dout("got safe reply %llu, mds%d\n", tid, mds);
2479 			list_del_init(&req->r_unsafe_item);
2480 
2481 			/* last unsafe request during umount? */
2482 			if (mdsc->stopping && !__get_oldest_req(mdsc))
2483 				complete_all(&mdsc->safe_umount_waiters);
2484 			mutex_unlock(&mdsc->mutex);
2485 			goto out;
2486 		}
2487 	} else {
2488 		req->r_got_unsafe = true;
2489 		list_add_tail(&req->r_unsafe_item, &req->r_session->s_unsafe);
2490 		if (req->r_unsafe_dir) {
2491 			struct ceph_inode_info *ci =
2492 					ceph_inode(req->r_unsafe_dir);
2493 			spin_lock(&ci->i_unsafe_lock);
2494 			list_add_tail(&req->r_unsafe_dir_item,
2495 				      &ci->i_unsafe_dirops);
2496 			spin_unlock(&ci->i_unsafe_lock);
2497 		}
2498 	}
2499 
2500 	dout("handle_reply tid %lld result %d\n", tid, result);
2501 	rinfo = &req->r_reply_info;
2502 	err = parse_reply_info(msg, rinfo, session->s_con.peer_features);
2503 	mutex_unlock(&mdsc->mutex);
2504 
2505 	mutex_lock(&session->s_mutex);
2506 	if (err < 0) {
2507 		pr_err("mdsc_handle_reply got corrupt reply mds%d(tid:%lld)\n", mds, tid);
2508 		ceph_msg_dump(msg);
2509 		goto out_err;
2510 	}
2511 
2512 	/* snap trace */
2513 	realm = NULL;
2514 	if (rinfo->snapblob_len) {
2515 		down_write(&mdsc->snap_rwsem);
2516 		ceph_update_snap_trace(mdsc, rinfo->snapblob,
2517 				rinfo->snapblob + rinfo->snapblob_len,
2518 				le32_to_cpu(head->op) == CEPH_MDS_OP_RMSNAP,
2519 				&realm);
2520 		downgrade_write(&mdsc->snap_rwsem);
2521 	} else {
2522 		down_read(&mdsc->snap_rwsem);
2523 	}
2524 
2525 	/* insert trace into our cache */
2526 	mutex_lock(&req->r_fill_mutex);
2527 	err = ceph_fill_trace(mdsc->fsc->sb, req, req->r_session);
2528 	if (err == 0) {
2529 		if (result == 0 && (req->r_op == CEPH_MDS_OP_READDIR ||
2530 				    req->r_op == CEPH_MDS_OP_LSSNAP))
2531 			ceph_readdir_prepopulate(req, req->r_session);
2532 		ceph_unreserve_caps(mdsc, &req->r_caps_reservation);
2533 	}
2534 	mutex_unlock(&req->r_fill_mutex);
2535 
2536 	up_read(&mdsc->snap_rwsem);
2537 	if (realm)
2538 		ceph_put_snap_realm(mdsc, realm);
2539 
2540 	if (err == 0 && req->r_got_unsafe && req->r_target_inode) {
2541 		struct ceph_inode_info *ci = ceph_inode(req->r_target_inode);
2542 		spin_lock(&ci->i_unsafe_lock);
2543 		list_add_tail(&req->r_unsafe_target_item, &ci->i_unsafe_iops);
2544 		spin_unlock(&ci->i_unsafe_lock);
2545 	}
2546 out_err:
2547 	mutex_lock(&mdsc->mutex);
2548 	if (!req->r_aborted) {
2549 		if (err) {
2550 			req->r_err = err;
2551 		} else {
2552 			req->r_reply =  ceph_msg_get(msg);
2553 			req->r_got_result = true;
2554 		}
2555 	} else {
2556 		dout("reply arrived after request %lld was aborted\n", tid);
2557 	}
2558 	mutex_unlock(&mdsc->mutex);
2559 
2560 	mutex_unlock(&session->s_mutex);
2561 
2562 	/* kick calling process */
2563 	complete_request(mdsc, req);
2564 out:
2565 	ceph_mdsc_put_request(req);
2566 	return;
2567 }
2568 
2569 
2570 
2571 /*
2572  * handle mds notification that our request has been forwarded.
2573  */
2574 static void handle_forward(struct ceph_mds_client *mdsc,
2575 			   struct ceph_mds_session *session,
2576 			   struct ceph_msg *msg)
2577 {
2578 	struct ceph_mds_request *req;
2579 	u64 tid = le64_to_cpu(msg->hdr.tid);
2580 	u32 next_mds;
2581 	u32 fwd_seq;
2582 	int err = -EINVAL;
2583 	void *p = msg->front.iov_base;
2584 	void *end = p + msg->front.iov_len;
2585 
2586 	ceph_decode_need(&p, end, 2*sizeof(u32), bad);
2587 	next_mds = ceph_decode_32(&p);
2588 	fwd_seq = ceph_decode_32(&p);
2589 
2590 	mutex_lock(&mdsc->mutex);
2591 	req = __lookup_request(mdsc, tid);
2592 	if (!req) {
2593 		dout("forward tid %llu to mds%d - req dne\n", tid, next_mds);
2594 		goto out;  /* dup reply? */
2595 	}
2596 
2597 	if (req->r_aborted) {
2598 		dout("forward tid %llu aborted, unregistering\n", tid);
2599 		__unregister_request(mdsc, req);
2600 	} else if (fwd_seq <= req->r_num_fwd) {
2601 		dout("forward tid %llu to mds%d - old seq %d <= %d\n",
2602 		     tid, next_mds, req->r_num_fwd, fwd_seq);
2603 	} else {
2604 		/* resend. forward race not possible; mds would drop */
2605 		dout("forward tid %llu to mds%d (we resend)\n", tid, next_mds);
2606 		BUG_ON(req->r_err);
2607 		BUG_ON(req->r_got_result);
2608 		req->r_attempts = 0;
2609 		req->r_num_fwd = fwd_seq;
2610 		req->r_resend_mds = next_mds;
2611 		put_request_session(req);
2612 		__do_request(mdsc, req);
2613 	}
2614 	ceph_mdsc_put_request(req);
2615 out:
2616 	mutex_unlock(&mdsc->mutex);
2617 	return;
2618 
2619 bad:
2620 	pr_err("mdsc_handle_forward decode error err=%d\n", err);
2621 }
2622 
2623 /*
2624  * handle a mds session control message
2625  */
2626 static void handle_session(struct ceph_mds_session *session,
2627 			   struct ceph_msg *msg)
2628 {
2629 	struct ceph_mds_client *mdsc = session->s_mdsc;
2630 	u32 op;
2631 	u64 seq;
2632 	int mds = session->s_mds;
2633 	struct ceph_mds_session_head *h = msg->front.iov_base;
2634 	int wake = 0;
2635 
2636 	/* decode */
2637 	if (msg->front.iov_len != sizeof(*h))
2638 		goto bad;
2639 	op = le32_to_cpu(h->op);
2640 	seq = le64_to_cpu(h->seq);
2641 
2642 	mutex_lock(&mdsc->mutex);
2643 	if (op == CEPH_SESSION_CLOSE)
2644 		__unregister_session(mdsc, session);
2645 	/* FIXME: this ttl calculation is generous */
2646 	session->s_ttl = jiffies + HZ*mdsc->mdsmap->m_session_autoclose;
2647 	mutex_unlock(&mdsc->mutex);
2648 
2649 	mutex_lock(&session->s_mutex);
2650 
2651 	dout("handle_session mds%d %s %p state %s seq %llu\n",
2652 	     mds, ceph_session_op_name(op), session,
2653 	     ceph_session_state_name(session->s_state), seq);
2654 
2655 	if (session->s_state == CEPH_MDS_SESSION_HUNG) {
2656 		session->s_state = CEPH_MDS_SESSION_OPEN;
2657 		pr_info("mds%d came back\n", session->s_mds);
2658 	}
2659 
2660 	switch (op) {
2661 	case CEPH_SESSION_OPEN:
2662 		if (session->s_state == CEPH_MDS_SESSION_RECONNECTING)
2663 			pr_info("mds%d reconnect success\n", session->s_mds);
2664 		session->s_state = CEPH_MDS_SESSION_OPEN;
2665 		renewed_caps(mdsc, session, 0);
2666 		wake = 1;
2667 		if (mdsc->stopping)
2668 			__close_session(mdsc, session);
2669 		break;
2670 
2671 	case CEPH_SESSION_RENEWCAPS:
2672 		if (session->s_renew_seq == seq)
2673 			renewed_caps(mdsc, session, 1);
2674 		break;
2675 
2676 	case CEPH_SESSION_CLOSE:
2677 		if (session->s_state == CEPH_MDS_SESSION_RECONNECTING)
2678 			pr_info("mds%d reconnect denied\n", session->s_mds);
2679 		cleanup_session_requests(mdsc, session);
2680 		remove_session_caps(session);
2681 		wake = 2; /* for good measure */
2682 		wake_up_all(&mdsc->session_close_wq);
2683 		break;
2684 
2685 	case CEPH_SESSION_STALE:
2686 		pr_info("mds%d caps went stale, renewing\n",
2687 			session->s_mds);
2688 		spin_lock(&session->s_gen_ttl_lock);
2689 		session->s_cap_gen++;
2690 		session->s_cap_ttl = jiffies - 1;
2691 		spin_unlock(&session->s_gen_ttl_lock);
2692 		send_renew_caps(mdsc, session);
2693 		break;
2694 
2695 	case CEPH_SESSION_RECALL_STATE:
2696 		trim_caps(mdsc, session, le32_to_cpu(h->max_caps));
2697 		break;
2698 
2699 	case CEPH_SESSION_FLUSHMSG:
2700 		send_flushmsg_ack(mdsc, session, seq);
2701 		break;
2702 
2703 	case CEPH_SESSION_FORCE_RO:
2704 		dout("force_session_readonly %p\n", session);
2705 		spin_lock(&session->s_cap_lock);
2706 		session->s_readonly = true;
2707 		spin_unlock(&session->s_cap_lock);
2708 		wake_up_session_caps(session, 0);
2709 		break;
2710 
2711 	default:
2712 		pr_err("mdsc_handle_session bad op %d mds%d\n", op, mds);
2713 		WARN_ON(1);
2714 	}
2715 
2716 	mutex_unlock(&session->s_mutex);
2717 	if (wake) {
2718 		mutex_lock(&mdsc->mutex);
2719 		__wake_requests(mdsc, &session->s_waiting);
2720 		if (wake == 2)
2721 			kick_requests(mdsc, mds);
2722 		mutex_unlock(&mdsc->mutex);
2723 	}
2724 	return;
2725 
2726 bad:
2727 	pr_err("mdsc_handle_session corrupt message mds%d len %d\n", mds,
2728 	       (int)msg->front.iov_len);
2729 	ceph_msg_dump(msg);
2730 	return;
2731 }
2732 
2733 
2734 /*
2735  * called under session->mutex.
2736  */
2737 static void replay_unsafe_requests(struct ceph_mds_client *mdsc,
2738 				   struct ceph_mds_session *session)
2739 {
2740 	struct ceph_mds_request *req, *nreq;
2741 	struct rb_node *p;
2742 	int err;
2743 
2744 	dout("replay_unsafe_requests mds%d\n", session->s_mds);
2745 
2746 	mutex_lock(&mdsc->mutex);
2747 	list_for_each_entry_safe(req, nreq, &session->s_unsafe, r_unsafe_item) {
2748 		err = __prepare_send_request(mdsc, req, session->s_mds, true);
2749 		if (!err) {
2750 			ceph_msg_get(req->r_request);
2751 			ceph_con_send(&session->s_con, req->r_request);
2752 		}
2753 	}
2754 
2755 	/*
2756 	 * also re-send old requests when MDS enters reconnect stage. So that MDS
2757 	 * can process completed request in clientreplay stage.
2758 	 */
2759 	p = rb_first(&mdsc->request_tree);
2760 	while (p) {
2761 		req = rb_entry(p, struct ceph_mds_request, r_node);
2762 		p = rb_next(p);
2763 		if (req->r_got_unsafe)
2764 			continue;
2765 		if (req->r_attempts == 0)
2766 			continue; /* only old requests */
2767 		if (req->r_session &&
2768 		    req->r_session->s_mds == session->s_mds) {
2769 			err = __prepare_send_request(mdsc, req,
2770 						     session->s_mds, true);
2771 			if (!err) {
2772 				ceph_msg_get(req->r_request);
2773 				ceph_con_send(&session->s_con, req->r_request);
2774 			}
2775 		}
2776 	}
2777 	mutex_unlock(&mdsc->mutex);
2778 }
2779 
2780 /*
2781  * Encode information about a cap for a reconnect with the MDS.
2782  */
2783 static int encode_caps_cb(struct inode *inode, struct ceph_cap *cap,
2784 			  void *arg)
2785 {
2786 	union {
2787 		struct ceph_mds_cap_reconnect v2;
2788 		struct ceph_mds_cap_reconnect_v1 v1;
2789 	} rec;
2790 	size_t reclen;
2791 	struct ceph_inode_info *ci;
2792 	struct ceph_reconnect_state *recon_state = arg;
2793 	struct ceph_pagelist *pagelist = recon_state->pagelist;
2794 	char *path;
2795 	int pathlen, err;
2796 	u64 pathbase;
2797 	struct dentry *dentry;
2798 
2799 	ci = cap->ci;
2800 
2801 	dout(" adding %p ino %llx.%llx cap %p %lld %s\n",
2802 	     inode, ceph_vinop(inode), cap, cap->cap_id,
2803 	     ceph_cap_string(cap->issued));
2804 	err = ceph_pagelist_encode_64(pagelist, ceph_ino(inode));
2805 	if (err)
2806 		return err;
2807 
2808 	dentry = d_find_alias(inode);
2809 	if (dentry) {
2810 		path = ceph_mdsc_build_path(dentry, &pathlen, &pathbase, 0);
2811 		if (IS_ERR(path)) {
2812 			err = PTR_ERR(path);
2813 			goto out_dput;
2814 		}
2815 	} else {
2816 		path = NULL;
2817 		pathlen = 0;
2818 	}
2819 	err = ceph_pagelist_encode_string(pagelist, path, pathlen);
2820 	if (err)
2821 		goto out_free;
2822 
2823 	spin_lock(&ci->i_ceph_lock);
2824 	cap->seq = 0;        /* reset cap seq */
2825 	cap->issue_seq = 0;  /* and issue_seq */
2826 	cap->mseq = 0;       /* and migrate_seq */
2827 	cap->cap_gen = cap->session->s_cap_gen;
2828 
2829 	if (recon_state->flock) {
2830 		rec.v2.cap_id = cpu_to_le64(cap->cap_id);
2831 		rec.v2.wanted = cpu_to_le32(__ceph_caps_wanted(ci));
2832 		rec.v2.issued = cpu_to_le32(cap->issued);
2833 		rec.v2.snaprealm = cpu_to_le64(ci->i_snap_realm->ino);
2834 		rec.v2.pathbase = cpu_to_le64(pathbase);
2835 		rec.v2.flock_len = 0;
2836 		reclen = sizeof(rec.v2);
2837 	} else {
2838 		rec.v1.cap_id = cpu_to_le64(cap->cap_id);
2839 		rec.v1.wanted = cpu_to_le32(__ceph_caps_wanted(ci));
2840 		rec.v1.issued = cpu_to_le32(cap->issued);
2841 		rec.v1.size = cpu_to_le64(inode->i_size);
2842 		ceph_encode_timespec(&rec.v1.mtime, &inode->i_mtime);
2843 		ceph_encode_timespec(&rec.v1.atime, &inode->i_atime);
2844 		rec.v1.snaprealm = cpu_to_le64(ci->i_snap_realm->ino);
2845 		rec.v1.pathbase = cpu_to_le64(pathbase);
2846 		reclen = sizeof(rec.v1);
2847 	}
2848 	spin_unlock(&ci->i_ceph_lock);
2849 
2850 	if (recon_state->flock) {
2851 		int num_fcntl_locks, num_flock_locks;
2852 		struct ceph_filelock *flocks;
2853 
2854 encode_again:
2855 		ceph_count_locks(inode, &num_fcntl_locks, &num_flock_locks);
2856 		flocks = kmalloc((num_fcntl_locks+num_flock_locks) *
2857 				 sizeof(struct ceph_filelock), GFP_NOFS);
2858 		if (!flocks) {
2859 			err = -ENOMEM;
2860 			goto out_free;
2861 		}
2862 		err = ceph_encode_locks_to_buffer(inode, flocks,
2863 						  num_fcntl_locks,
2864 						  num_flock_locks);
2865 		if (err) {
2866 			kfree(flocks);
2867 			if (err == -ENOSPC)
2868 				goto encode_again;
2869 			goto out_free;
2870 		}
2871 		/*
2872 		 * number of encoded locks is stable, so copy to pagelist
2873 		 */
2874 		rec.v2.flock_len = cpu_to_le32(2*sizeof(u32) +
2875 				    (num_fcntl_locks+num_flock_locks) *
2876 				    sizeof(struct ceph_filelock));
2877 		err = ceph_pagelist_append(pagelist, &rec, reclen);
2878 		if (!err)
2879 			err = ceph_locks_to_pagelist(flocks, pagelist,
2880 						     num_fcntl_locks,
2881 						     num_flock_locks);
2882 		kfree(flocks);
2883 	} else {
2884 		err = ceph_pagelist_append(pagelist, &rec, reclen);
2885 	}
2886 
2887 	recon_state->nr_caps++;
2888 out_free:
2889 	kfree(path);
2890 out_dput:
2891 	dput(dentry);
2892 	return err;
2893 }
2894 
2895 
2896 /*
2897  * If an MDS fails and recovers, clients need to reconnect in order to
2898  * reestablish shared state.  This includes all caps issued through
2899  * this session _and_ the snap_realm hierarchy.  Because it's not
2900  * clear which snap realms the mds cares about, we send everything we
2901  * know about.. that ensures we'll then get any new info the
2902  * recovering MDS might have.
2903  *
2904  * This is a relatively heavyweight operation, but it's rare.
2905  *
2906  * called with mdsc->mutex held.
2907  */
2908 static void send_mds_reconnect(struct ceph_mds_client *mdsc,
2909 			       struct ceph_mds_session *session)
2910 {
2911 	struct ceph_msg *reply;
2912 	struct rb_node *p;
2913 	int mds = session->s_mds;
2914 	int err = -ENOMEM;
2915 	int s_nr_caps;
2916 	struct ceph_pagelist *pagelist;
2917 	struct ceph_reconnect_state recon_state;
2918 
2919 	pr_info("mds%d reconnect start\n", mds);
2920 
2921 	pagelist = kmalloc(sizeof(*pagelist), GFP_NOFS);
2922 	if (!pagelist)
2923 		goto fail_nopagelist;
2924 	ceph_pagelist_init(pagelist);
2925 
2926 	reply = ceph_msg_new(CEPH_MSG_CLIENT_RECONNECT, 0, GFP_NOFS, false);
2927 	if (!reply)
2928 		goto fail_nomsg;
2929 
2930 	mutex_lock(&session->s_mutex);
2931 	session->s_state = CEPH_MDS_SESSION_RECONNECTING;
2932 	session->s_seq = 0;
2933 
2934 	dout("session %p state %s\n", session,
2935 	     ceph_session_state_name(session->s_state));
2936 
2937 	spin_lock(&session->s_gen_ttl_lock);
2938 	session->s_cap_gen++;
2939 	spin_unlock(&session->s_gen_ttl_lock);
2940 
2941 	spin_lock(&session->s_cap_lock);
2942 	/* don't know if session is readonly */
2943 	session->s_readonly = 0;
2944 	/*
2945 	 * notify __ceph_remove_cap() that we are composing cap reconnect.
2946 	 * If a cap get released before being added to the cap reconnect,
2947 	 * __ceph_remove_cap() should skip queuing cap release.
2948 	 */
2949 	session->s_cap_reconnect = 1;
2950 	/* drop old cap expires; we're about to reestablish that state */
2951 	cleanup_cap_releases(mdsc, session);
2952 
2953 	/* trim unused caps to reduce MDS's cache rejoin time */
2954 	if (mdsc->fsc->sb->s_root)
2955 		shrink_dcache_parent(mdsc->fsc->sb->s_root);
2956 
2957 	ceph_con_close(&session->s_con);
2958 	ceph_con_open(&session->s_con,
2959 		      CEPH_ENTITY_TYPE_MDS, mds,
2960 		      ceph_mdsmap_get_addr(mdsc->mdsmap, mds));
2961 
2962 	/* replay unsafe requests */
2963 	replay_unsafe_requests(mdsc, session);
2964 
2965 	down_read(&mdsc->snap_rwsem);
2966 
2967 	/* traverse this session's caps */
2968 	s_nr_caps = session->s_nr_caps;
2969 	err = ceph_pagelist_encode_32(pagelist, s_nr_caps);
2970 	if (err)
2971 		goto fail;
2972 
2973 	recon_state.nr_caps = 0;
2974 	recon_state.pagelist = pagelist;
2975 	recon_state.flock = session->s_con.peer_features & CEPH_FEATURE_FLOCK;
2976 	err = iterate_session_caps(session, encode_caps_cb, &recon_state);
2977 	if (err < 0)
2978 		goto fail;
2979 
2980 	spin_lock(&session->s_cap_lock);
2981 	session->s_cap_reconnect = 0;
2982 	spin_unlock(&session->s_cap_lock);
2983 
2984 	/*
2985 	 * snaprealms.  we provide mds with the ino, seq (version), and
2986 	 * parent for all of our realms.  If the mds has any newer info,
2987 	 * it will tell us.
2988 	 */
2989 	for (p = rb_first(&mdsc->snap_realms); p; p = rb_next(p)) {
2990 		struct ceph_snap_realm *realm =
2991 			rb_entry(p, struct ceph_snap_realm, node);
2992 		struct ceph_mds_snaprealm_reconnect sr_rec;
2993 
2994 		dout(" adding snap realm %llx seq %lld parent %llx\n",
2995 		     realm->ino, realm->seq, realm->parent_ino);
2996 		sr_rec.ino = cpu_to_le64(realm->ino);
2997 		sr_rec.seq = cpu_to_le64(realm->seq);
2998 		sr_rec.parent = cpu_to_le64(realm->parent_ino);
2999 		err = ceph_pagelist_append(pagelist, &sr_rec, sizeof(sr_rec));
3000 		if (err)
3001 			goto fail;
3002 	}
3003 
3004 	if (recon_state.flock)
3005 		reply->hdr.version = cpu_to_le16(2);
3006 
3007 	/* raced with cap release? */
3008 	if (s_nr_caps != recon_state.nr_caps) {
3009 		struct page *page = list_first_entry(&pagelist->head,
3010 						     struct page, lru);
3011 		__le32 *addr = kmap_atomic(page);
3012 		*addr = cpu_to_le32(recon_state.nr_caps);
3013 		kunmap_atomic(addr);
3014 	}
3015 
3016 	reply->hdr.data_len = cpu_to_le32(pagelist->length);
3017 	ceph_msg_data_add_pagelist(reply, pagelist);
3018 
3019 	ceph_early_kick_flushing_caps(mdsc, session);
3020 
3021 	ceph_con_send(&session->s_con, reply);
3022 
3023 	mutex_unlock(&session->s_mutex);
3024 
3025 	mutex_lock(&mdsc->mutex);
3026 	__wake_requests(mdsc, &session->s_waiting);
3027 	mutex_unlock(&mdsc->mutex);
3028 
3029 	up_read(&mdsc->snap_rwsem);
3030 	return;
3031 
3032 fail:
3033 	ceph_msg_put(reply);
3034 	up_read(&mdsc->snap_rwsem);
3035 	mutex_unlock(&session->s_mutex);
3036 fail_nomsg:
3037 	ceph_pagelist_release(pagelist);
3038 fail_nopagelist:
3039 	pr_err("error %d preparing reconnect for mds%d\n", err, mds);
3040 	return;
3041 }
3042 
3043 
3044 /*
3045  * compare old and new mdsmaps, kicking requests
3046  * and closing out old connections as necessary
3047  *
3048  * called under mdsc->mutex.
3049  */
3050 static void check_new_map(struct ceph_mds_client *mdsc,
3051 			  struct ceph_mdsmap *newmap,
3052 			  struct ceph_mdsmap *oldmap)
3053 {
3054 	int i;
3055 	int oldstate, newstate;
3056 	struct ceph_mds_session *s;
3057 
3058 	dout("check_new_map new %u old %u\n",
3059 	     newmap->m_epoch, oldmap->m_epoch);
3060 
3061 	for (i = 0; i < oldmap->m_max_mds && i < mdsc->max_sessions; i++) {
3062 		if (mdsc->sessions[i] == NULL)
3063 			continue;
3064 		s = mdsc->sessions[i];
3065 		oldstate = ceph_mdsmap_get_state(oldmap, i);
3066 		newstate = ceph_mdsmap_get_state(newmap, i);
3067 
3068 		dout("check_new_map mds%d state %s%s -> %s%s (session %s)\n",
3069 		     i, ceph_mds_state_name(oldstate),
3070 		     ceph_mdsmap_is_laggy(oldmap, i) ? " (laggy)" : "",
3071 		     ceph_mds_state_name(newstate),
3072 		     ceph_mdsmap_is_laggy(newmap, i) ? " (laggy)" : "",
3073 		     ceph_session_state_name(s->s_state));
3074 
3075 		if (i >= newmap->m_max_mds ||
3076 		    memcmp(ceph_mdsmap_get_addr(oldmap, i),
3077 			   ceph_mdsmap_get_addr(newmap, i),
3078 			   sizeof(struct ceph_entity_addr))) {
3079 			if (s->s_state == CEPH_MDS_SESSION_OPENING) {
3080 				/* the session never opened, just close it
3081 				 * out now */
3082 				__wake_requests(mdsc, &s->s_waiting);
3083 				__unregister_session(mdsc, s);
3084 			} else {
3085 				/* just close it */
3086 				mutex_unlock(&mdsc->mutex);
3087 				mutex_lock(&s->s_mutex);
3088 				mutex_lock(&mdsc->mutex);
3089 				ceph_con_close(&s->s_con);
3090 				mutex_unlock(&s->s_mutex);
3091 				s->s_state = CEPH_MDS_SESSION_RESTARTING;
3092 			}
3093 		} else if (oldstate == newstate) {
3094 			continue;  /* nothing new with this mds */
3095 		}
3096 
3097 		/*
3098 		 * send reconnect?
3099 		 */
3100 		if (s->s_state == CEPH_MDS_SESSION_RESTARTING &&
3101 		    newstate >= CEPH_MDS_STATE_RECONNECT) {
3102 			mutex_unlock(&mdsc->mutex);
3103 			send_mds_reconnect(mdsc, s);
3104 			mutex_lock(&mdsc->mutex);
3105 		}
3106 
3107 		/*
3108 		 * kick request on any mds that has gone active.
3109 		 */
3110 		if (oldstate < CEPH_MDS_STATE_ACTIVE &&
3111 		    newstate >= CEPH_MDS_STATE_ACTIVE) {
3112 			if (oldstate != CEPH_MDS_STATE_CREATING &&
3113 			    oldstate != CEPH_MDS_STATE_STARTING)
3114 				pr_info("mds%d recovery completed\n", s->s_mds);
3115 			kick_requests(mdsc, i);
3116 			ceph_kick_flushing_caps(mdsc, s);
3117 			wake_up_session_caps(s, 1);
3118 		}
3119 	}
3120 
3121 	for (i = 0; i < newmap->m_max_mds && i < mdsc->max_sessions; i++) {
3122 		s = mdsc->sessions[i];
3123 		if (!s)
3124 			continue;
3125 		if (!ceph_mdsmap_is_laggy(newmap, i))
3126 			continue;
3127 		if (s->s_state == CEPH_MDS_SESSION_OPEN ||
3128 		    s->s_state == CEPH_MDS_SESSION_HUNG ||
3129 		    s->s_state == CEPH_MDS_SESSION_CLOSING) {
3130 			dout(" connecting to export targets of laggy mds%d\n",
3131 			     i);
3132 			__open_export_target_sessions(mdsc, s);
3133 		}
3134 	}
3135 }
3136 
3137 
3138 
3139 /*
3140  * leases
3141  */
3142 
3143 /*
3144  * caller must hold session s_mutex, dentry->d_lock
3145  */
3146 void __ceph_mdsc_drop_dentry_lease(struct dentry *dentry)
3147 {
3148 	struct ceph_dentry_info *di = ceph_dentry(dentry);
3149 
3150 	ceph_put_mds_session(di->lease_session);
3151 	di->lease_session = NULL;
3152 }
3153 
3154 static void handle_lease(struct ceph_mds_client *mdsc,
3155 			 struct ceph_mds_session *session,
3156 			 struct ceph_msg *msg)
3157 {
3158 	struct super_block *sb = mdsc->fsc->sb;
3159 	struct inode *inode;
3160 	struct dentry *parent, *dentry;
3161 	struct ceph_dentry_info *di;
3162 	int mds = session->s_mds;
3163 	struct ceph_mds_lease *h = msg->front.iov_base;
3164 	u32 seq;
3165 	struct ceph_vino vino;
3166 	struct qstr dname;
3167 	int release = 0;
3168 
3169 	dout("handle_lease from mds%d\n", mds);
3170 
3171 	/* decode */
3172 	if (msg->front.iov_len < sizeof(*h) + sizeof(u32))
3173 		goto bad;
3174 	vino.ino = le64_to_cpu(h->ino);
3175 	vino.snap = CEPH_NOSNAP;
3176 	seq = le32_to_cpu(h->seq);
3177 	dname.name = (void *)h + sizeof(*h) + sizeof(u32);
3178 	dname.len = msg->front.iov_len - sizeof(*h) - sizeof(u32);
3179 	if (dname.len != get_unaligned_le32(h+1))
3180 		goto bad;
3181 
3182 	/* lookup inode */
3183 	inode = ceph_find_inode(sb, vino);
3184 	dout("handle_lease %s, ino %llx %p %.*s\n",
3185 	     ceph_lease_op_name(h->action), vino.ino, inode,
3186 	     dname.len, dname.name);
3187 
3188 	mutex_lock(&session->s_mutex);
3189 	session->s_seq++;
3190 
3191 	if (inode == NULL) {
3192 		dout("handle_lease no inode %llx\n", vino.ino);
3193 		goto release;
3194 	}
3195 
3196 	/* dentry */
3197 	parent = d_find_alias(inode);
3198 	if (!parent) {
3199 		dout("no parent dentry on inode %p\n", inode);
3200 		WARN_ON(1);
3201 		goto release;  /* hrm... */
3202 	}
3203 	dname.hash = full_name_hash(dname.name, dname.len);
3204 	dentry = d_lookup(parent, &dname);
3205 	dput(parent);
3206 	if (!dentry)
3207 		goto release;
3208 
3209 	spin_lock(&dentry->d_lock);
3210 	di = ceph_dentry(dentry);
3211 	switch (h->action) {
3212 	case CEPH_MDS_LEASE_REVOKE:
3213 		if (di->lease_session == session) {
3214 			if (ceph_seq_cmp(di->lease_seq, seq) > 0)
3215 				h->seq = cpu_to_le32(di->lease_seq);
3216 			__ceph_mdsc_drop_dentry_lease(dentry);
3217 		}
3218 		release = 1;
3219 		break;
3220 
3221 	case CEPH_MDS_LEASE_RENEW:
3222 		if (di->lease_session == session &&
3223 		    di->lease_gen == session->s_cap_gen &&
3224 		    di->lease_renew_from &&
3225 		    di->lease_renew_after == 0) {
3226 			unsigned long duration =
3227 				msecs_to_jiffies(le32_to_cpu(h->duration_ms));
3228 
3229 			di->lease_seq = seq;
3230 			dentry->d_time = di->lease_renew_from + duration;
3231 			di->lease_renew_after = di->lease_renew_from +
3232 				(duration >> 1);
3233 			di->lease_renew_from = 0;
3234 		}
3235 		break;
3236 	}
3237 	spin_unlock(&dentry->d_lock);
3238 	dput(dentry);
3239 
3240 	if (!release)
3241 		goto out;
3242 
3243 release:
3244 	/* let's just reuse the same message */
3245 	h->action = CEPH_MDS_LEASE_REVOKE_ACK;
3246 	ceph_msg_get(msg);
3247 	ceph_con_send(&session->s_con, msg);
3248 
3249 out:
3250 	iput(inode);
3251 	mutex_unlock(&session->s_mutex);
3252 	return;
3253 
3254 bad:
3255 	pr_err("corrupt lease message\n");
3256 	ceph_msg_dump(msg);
3257 }
3258 
3259 void ceph_mdsc_lease_send_msg(struct ceph_mds_session *session,
3260 			      struct inode *inode,
3261 			      struct dentry *dentry, char action,
3262 			      u32 seq)
3263 {
3264 	struct ceph_msg *msg;
3265 	struct ceph_mds_lease *lease;
3266 	int len = sizeof(*lease) + sizeof(u32);
3267 	int dnamelen = 0;
3268 
3269 	dout("lease_send_msg inode %p dentry %p %s to mds%d\n",
3270 	     inode, dentry, ceph_lease_op_name(action), session->s_mds);
3271 	dnamelen = dentry->d_name.len;
3272 	len += dnamelen;
3273 
3274 	msg = ceph_msg_new(CEPH_MSG_CLIENT_LEASE, len, GFP_NOFS, false);
3275 	if (!msg)
3276 		return;
3277 	lease = msg->front.iov_base;
3278 	lease->action = action;
3279 	lease->ino = cpu_to_le64(ceph_vino(inode).ino);
3280 	lease->first = lease->last = cpu_to_le64(ceph_vino(inode).snap);
3281 	lease->seq = cpu_to_le32(seq);
3282 	put_unaligned_le32(dnamelen, lease + 1);
3283 	memcpy((void *)(lease + 1) + 4, dentry->d_name.name, dnamelen);
3284 
3285 	/*
3286 	 * if this is a preemptive lease RELEASE, no need to
3287 	 * flush request stream, since the actual request will
3288 	 * soon follow.
3289 	 */
3290 	msg->more_to_follow = (action == CEPH_MDS_LEASE_RELEASE);
3291 
3292 	ceph_con_send(&session->s_con, msg);
3293 }
3294 
3295 /*
3296  * Preemptively release a lease we expect to invalidate anyway.
3297  * Pass @inode always, @dentry is optional.
3298  */
3299 void ceph_mdsc_lease_release(struct ceph_mds_client *mdsc, struct inode *inode,
3300 			     struct dentry *dentry)
3301 {
3302 	struct ceph_dentry_info *di;
3303 	struct ceph_mds_session *session;
3304 	u32 seq;
3305 
3306 	BUG_ON(inode == NULL);
3307 	BUG_ON(dentry == NULL);
3308 
3309 	/* is dentry lease valid? */
3310 	spin_lock(&dentry->d_lock);
3311 	di = ceph_dentry(dentry);
3312 	if (!di || !di->lease_session ||
3313 	    di->lease_session->s_mds < 0 ||
3314 	    di->lease_gen != di->lease_session->s_cap_gen ||
3315 	    !time_before(jiffies, dentry->d_time)) {
3316 		dout("lease_release inode %p dentry %p -- "
3317 		     "no lease\n",
3318 		     inode, dentry);
3319 		spin_unlock(&dentry->d_lock);
3320 		return;
3321 	}
3322 
3323 	/* we do have a lease on this dentry; note mds and seq */
3324 	session = ceph_get_mds_session(di->lease_session);
3325 	seq = di->lease_seq;
3326 	__ceph_mdsc_drop_dentry_lease(dentry);
3327 	spin_unlock(&dentry->d_lock);
3328 
3329 	dout("lease_release inode %p dentry %p to mds%d\n",
3330 	     inode, dentry, session->s_mds);
3331 	ceph_mdsc_lease_send_msg(session, inode, dentry,
3332 				 CEPH_MDS_LEASE_RELEASE, seq);
3333 	ceph_put_mds_session(session);
3334 }
3335 
3336 /*
3337  * drop all leases (and dentry refs) in preparation for umount
3338  */
3339 static void drop_leases(struct ceph_mds_client *mdsc)
3340 {
3341 	int i;
3342 
3343 	dout("drop_leases\n");
3344 	mutex_lock(&mdsc->mutex);
3345 	for (i = 0; i < mdsc->max_sessions; i++) {
3346 		struct ceph_mds_session *s = __ceph_lookup_mds_session(mdsc, i);
3347 		if (!s)
3348 			continue;
3349 		mutex_unlock(&mdsc->mutex);
3350 		mutex_lock(&s->s_mutex);
3351 		mutex_unlock(&s->s_mutex);
3352 		ceph_put_mds_session(s);
3353 		mutex_lock(&mdsc->mutex);
3354 	}
3355 	mutex_unlock(&mdsc->mutex);
3356 }
3357 
3358 
3359 
3360 /*
3361  * delayed work -- periodically trim expired leases, renew caps with mds
3362  */
3363 static void schedule_delayed(struct ceph_mds_client *mdsc)
3364 {
3365 	int delay = 5;
3366 	unsigned hz = round_jiffies_relative(HZ * delay);
3367 	schedule_delayed_work(&mdsc->delayed_work, hz);
3368 }
3369 
3370 static void delayed_work(struct work_struct *work)
3371 {
3372 	int i;
3373 	struct ceph_mds_client *mdsc =
3374 		container_of(work, struct ceph_mds_client, delayed_work.work);
3375 	int renew_interval;
3376 	int renew_caps;
3377 
3378 	dout("mdsc delayed_work\n");
3379 	ceph_check_delayed_caps(mdsc);
3380 
3381 	mutex_lock(&mdsc->mutex);
3382 	renew_interval = mdsc->mdsmap->m_session_timeout >> 2;
3383 	renew_caps = time_after_eq(jiffies, HZ*renew_interval +
3384 				   mdsc->last_renew_caps);
3385 	if (renew_caps)
3386 		mdsc->last_renew_caps = jiffies;
3387 
3388 	for (i = 0; i < mdsc->max_sessions; i++) {
3389 		struct ceph_mds_session *s = __ceph_lookup_mds_session(mdsc, i);
3390 		if (s == NULL)
3391 			continue;
3392 		if (s->s_state == CEPH_MDS_SESSION_CLOSING) {
3393 			dout("resending session close request for mds%d\n",
3394 			     s->s_mds);
3395 			request_close_session(mdsc, s);
3396 			ceph_put_mds_session(s);
3397 			continue;
3398 		}
3399 		if (s->s_ttl && time_after(jiffies, s->s_ttl)) {
3400 			if (s->s_state == CEPH_MDS_SESSION_OPEN) {
3401 				s->s_state = CEPH_MDS_SESSION_HUNG;
3402 				pr_info("mds%d hung\n", s->s_mds);
3403 			}
3404 		}
3405 		if (s->s_state < CEPH_MDS_SESSION_OPEN) {
3406 			/* this mds is failed or recovering, just wait */
3407 			ceph_put_mds_session(s);
3408 			continue;
3409 		}
3410 		mutex_unlock(&mdsc->mutex);
3411 
3412 		mutex_lock(&s->s_mutex);
3413 		if (renew_caps)
3414 			send_renew_caps(mdsc, s);
3415 		else
3416 			ceph_con_keepalive(&s->s_con);
3417 		if (s->s_state == CEPH_MDS_SESSION_OPEN ||
3418 		    s->s_state == CEPH_MDS_SESSION_HUNG)
3419 			ceph_send_cap_releases(mdsc, s);
3420 		mutex_unlock(&s->s_mutex);
3421 		ceph_put_mds_session(s);
3422 
3423 		mutex_lock(&mdsc->mutex);
3424 	}
3425 	mutex_unlock(&mdsc->mutex);
3426 
3427 	schedule_delayed(mdsc);
3428 }
3429 
3430 int ceph_mdsc_init(struct ceph_fs_client *fsc)
3431 
3432 {
3433 	struct ceph_mds_client *mdsc;
3434 
3435 	mdsc = kzalloc(sizeof(struct ceph_mds_client), GFP_NOFS);
3436 	if (!mdsc)
3437 		return -ENOMEM;
3438 	mdsc->fsc = fsc;
3439 	fsc->mdsc = mdsc;
3440 	mutex_init(&mdsc->mutex);
3441 	mdsc->mdsmap = kzalloc(sizeof(*mdsc->mdsmap), GFP_NOFS);
3442 	if (mdsc->mdsmap == NULL) {
3443 		kfree(mdsc);
3444 		return -ENOMEM;
3445 	}
3446 
3447 	init_completion(&mdsc->safe_umount_waiters);
3448 	init_waitqueue_head(&mdsc->session_close_wq);
3449 	INIT_LIST_HEAD(&mdsc->waiting_for_map);
3450 	mdsc->sessions = NULL;
3451 	atomic_set(&mdsc->num_sessions, 0);
3452 	mdsc->max_sessions = 0;
3453 	mdsc->stopping = 0;
3454 	mdsc->last_snap_seq = 0;
3455 	init_rwsem(&mdsc->snap_rwsem);
3456 	mdsc->snap_realms = RB_ROOT;
3457 	INIT_LIST_HEAD(&mdsc->snap_empty);
3458 	spin_lock_init(&mdsc->snap_empty_lock);
3459 	mdsc->last_tid = 0;
3460 	mdsc->oldest_tid = 0;
3461 	mdsc->request_tree = RB_ROOT;
3462 	INIT_DELAYED_WORK(&mdsc->delayed_work, delayed_work);
3463 	mdsc->last_renew_caps = jiffies;
3464 	INIT_LIST_HEAD(&mdsc->cap_delay_list);
3465 	spin_lock_init(&mdsc->cap_delay_lock);
3466 	INIT_LIST_HEAD(&mdsc->snap_flush_list);
3467 	spin_lock_init(&mdsc->snap_flush_lock);
3468 	mdsc->last_cap_flush_tid = 1;
3469 	mdsc->cap_flush_tree = RB_ROOT;
3470 	INIT_LIST_HEAD(&mdsc->cap_dirty);
3471 	INIT_LIST_HEAD(&mdsc->cap_dirty_migrating);
3472 	mdsc->num_cap_flushing = 0;
3473 	spin_lock_init(&mdsc->cap_dirty_lock);
3474 	init_waitqueue_head(&mdsc->cap_flushing_wq);
3475 	spin_lock_init(&mdsc->dentry_lru_lock);
3476 	INIT_LIST_HEAD(&mdsc->dentry_lru);
3477 
3478 	ceph_caps_init(mdsc);
3479 	ceph_adjust_min_caps(mdsc, fsc->min_caps);
3480 
3481 	init_rwsem(&mdsc->pool_perm_rwsem);
3482 	mdsc->pool_perm_tree = RB_ROOT;
3483 
3484 	return 0;
3485 }
3486 
3487 /*
3488  * Wait for safe replies on open mds requests.  If we time out, drop
3489  * all requests from the tree to avoid dangling dentry refs.
3490  */
3491 static void wait_requests(struct ceph_mds_client *mdsc)
3492 {
3493 	struct ceph_options *opts = mdsc->fsc->client->options;
3494 	struct ceph_mds_request *req;
3495 
3496 	mutex_lock(&mdsc->mutex);
3497 	if (__get_oldest_req(mdsc)) {
3498 		mutex_unlock(&mdsc->mutex);
3499 
3500 		dout("wait_requests waiting for requests\n");
3501 		wait_for_completion_timeout(&mdsc->safe_umount_waiters,
3502 				    ceph_timeout_jiffies(opts->mount_timeout));
3503 
3504 		/* tear down remaining requests */
3505 		mutex_lock(&mdsc->mutex);
3506 		while ((req = __get_oldest_req(mdsc))) {
3507 			dout("wait_requests timed out on tid %llu\n",
3508 			     req->r_tid);
3509 			__unregister_request(mdsc, req);
3510 		}
3511 	}
3512 	mutex_unlock(&mdsc->mutex);
3513 	dout("wait_requests done\n");
3514 }
3515 
3516 /*
3517  * called before mount is ro, and before dentries are torn down.
3518  * (hmm, does this still race with new lookups?)
3519  */
3520 void ceph_mdsc_pre_umount(struct ceph_mds_client *mdsc)
3521 {
3522 	dout("pre_umount\n");
3523 	mdsc->stopping = 1;
3524 
3525 	drop_leases(mdsc);
3526 	ceph_flush_dirty_caps(mdsc);
3527 	wait_requests(mdsc);
3528 
3529 	/*
3530 	 * wait for reply handlers to drop their request refs and
3531 	 * their inode/dcache refs
3532 	 */
3533 	ceph_msgr_flush();
3534 }
3535 
3536 /*
3537  * wait for all write mds requests to flush.
3538  */
3539 static void wait_unsafe_requests(struct ceph_mds_client *mdsc, u64 want_tid)
3540 {
3541 	struct ceph_mds_request *req = NULL, *nextreq;
3542 	struct rb_node *n;
3543 
3544 	mutex_lock(&mdsc->mutex);
3545 	dout("wait_unsafe_requests want %lld\n", want_tid);
3546 restart:
3547 	req = __get_oldest_req(mdsc);
3548 	while (req && req->r_tid <= want_tid) {
3549 		/* find next request */
3550 		n = rb_next(&req->r_node);
3551 		if (n)
3552 			nextreq = rb_entry(n, struct ceph_mds_request, r_node);
3553 		else
3554 			nextreq = NULL;
3555 		if (req->r_op != CEPH_MDS_OP_SETFILELOCK &&
3556 		    (req->r_op & CEPH_MDS_OP_WRITE)) {
3557 			/* write op */
3558 			ceph_mdsc_get_request(req);
3559 			if (nextreq)
3560 				ceph_mdsc_get_request(nextreq);
3561 			mutex_unlock(&mdsc->mutex);
3562 			dout("wait_unsafe_requests  wait on %llu (want %llu)\n",
3563 			     req->r_tid, want_tid);
3564 			wait_for_completion(&req->r_safe_completion);
3565 			mutex_lock(&mdsc->mutex);
3566 			ceph_mdsc_put_request(req);
3567 			if (!nextreq)
3568 				break;  /* next dne before, so we're done! */
3569 			if (RB_EMPTY_NODE(&nextreq->r_node)) {
3570 				/* next request was removed from tree */
3571 				ceph_mdsc_put_request(nextreq);
3572 				goto restart;
3573 			}
3574 			ceph_mdsc_put_request(nextreq);  /* won't go away */
3575 		}
3576 		req = nextreq;
3577 	}
3578 	mutex_unlock(&mdsc->mutex);
3579 	dout("wait_unsafe_requests done\n");
3580 }
3581 
3582 void ceph_mdsc_sync(struct ceph_mds_client *mdsc)
3583 {
3584 	u64 want_tid, want_flush, want_snap;
3585 
3586 	if (ACCESS_ONCE(mdsc->fsc->mount_state) == CEPH_MOUNT_SHUTDOWN)
3587 		return;
3588 
3589 	dout("sync\n");
3590 	mutex_lock(&mdsc->mutex);
3591 	want_tid = mdsc->last_tid;
3592 	mutex_unlock(&mdsc->mutex);
3593 
3594 	ceph_flush_dirty_caps(mdsc);
3595 	spin_lock(&mdsc->cap_dirty_lock);
3596 	want_flush = mdsc->last_cap_flush_tid;
3597 	spin_unlock(&mdsc->cap_dirty_lock);
3598 
3599 	down_read(&mdsc->snap_rwsem);
3600 	want_snap = mdsc->last_snap_seq;
3601 	up_read(&mdsc->snap_rwsem);
3602 
3603 	dout("sync want tid %lld flush_seq %lld snap_seq %lld\n",
3604 	     want_tid, want_flush, want_snap);
3605 
3606 	wait_unsafe_requests(mdsc, want_tid);
3607 	wait_caps_flush(mdsc, want_flush, want_snap);
3608 }
3609 
3610 /*
3611  * true if all sessions are closed, or we force unmount
3612  */
3613 static bool done_closing_sessions(struct ceph_mds_client *mdsc)
3614 {
3615 	if (ACCESS_ONCE(mdsc->fsc->mount_state) == CEPH_MOUNT_SHUTDOWN)
3616 		return true;
3617 	return atomic_read(&mdsc->num_sessions) == 0;
3618 }
3619 
3620 /*
3621  * called after sb is ro.
3622  */
3623 void ceph_mdsc_close_sessions(struct ceph_mds_client *mdsc)
3624 {
3625 	struct ceph_options *opts = mdsc->fsc->client->options;
3626 	struct ceph_mds_session *session;
3627 	int i;
3628 
3629 	dout("close_sessions\n");
3630 
3631 	/* close sessions */
3632 	mutex_lock(&mdsc->mutex);
3633 	for (i = 0; i < mdsc->max_sessions; i++) {
3634 		session = __ceph_lookup_mds_session(mdsc, i);
3635 		if (!session)
3636 			continue;
3637 		mutex_unlock(&mdsc->mutex);
3638 		mutex_lock(&session->s_mutex);
3639 		__close_session(mdsc, session);
3640 		mutex_unlock(&session->s_mutex);
3641 		ceph_put_mds_session(session);
3642 		mutex_lock(&mdsc->mutex);
3643 	}
3644 	mutex_unlock(&mdsc->mutex);
3645 
3646 	dout("waiting for sessions to close\n");
3647 	wait_event_timeout(mdsc->session_close_wq, done_closing_sessions(mdsc),
3648 			   ceph_timeout_jiffies(opts->mount_timeout));
3649 
3650 	/* tear down remaining sessions */
3651 	mutex_lock(&mdsc->mutex);
3652 	for (i = 0; i < mdsc->max_sessions; i++) {
3653 		if (mdsc->sessions[i]) {
3654 			session = get_session(mdsc->sessions[i]);
3655 			__unregister_session(mdsc, session);
3656 			mutex_unlock(&mdsc->mutex);
3657 			mutex_lock(&session->s_mutex);
3658 			remove_session_caps(session);
3659 			mutex_unlock(&session->s_mutex);
3660 			ceph_put_mds_session(session);
3661 			mutex_lock(&mdsc->mutex);
3662 		}
3663 	}
3664 	WARN_ON(!list_empty(&mdsc->cap_delay_list));
3665 	mutex_unlock(&mdsc->mutex);
3666 
3667 	ceph_cleanup_empty_realms(mdsc);
3668 
3669 	cancel_delayed_work_sync(&mdsc->delayed_work); /* cancel timer */
3670 
3671 	dout("stopped\n");
3672 }
3673 
3674 void ceph_mdsc_force_umount(struct ceph_mds_client *mdsc)
3675 {
3676 	struct ceph_mds_session *session;
3677 	int mds;
3678 
3679 	dout("force umount\n");
3680 
3681 	mutex_lock(&mdsc->mutex);
3682 	for (mds = 0; mds < mdsc->max_sessions; mds++) {
3683 		session = __ceph_lookup_mds_session(mdsc, mds);
3684 		if (!session)
3685 			continue;
3686 		mutex_unlock(&mdsc->mutex);
3687 		mutex_lock(&session->s_mutex);
3688 		__close_session(mdsc, session);
3689 		if (session->s_state == CEPH_MDS_SESSION_CLOSING) {
3690 			cleanup_session_requests(mdsc, session);
3691 			remove_session_caps(session);
3692 		}
3693 		mutex_unlock(&session->s_mutex);
3694 		ceph_put_mds_session(session);
3695 		mutex_lock(&mdsc->mutex);
3696 		kick_requests(mdsc, mds);
3697 	}
3698 	__wake_requests(mdsc, &mdsc->waiting_for_map);
3699 	mutex_unlock(&mdsc->mutex);
3700 }
3701 
3702 static void ceph_mdsc_stop(struct ceph_mds_client *mdsc)
3703 {
3704 	dout("stop\n");
3705 	cancel_delayed_work_sync(&mdsc->delayed_work); /* cancel timer */
3706 	if (mdsc->mdsmap)
3707 		ceph_mdsmap_destroy(mdsc->mdsmap);
3708 	kfree(mdsc->sessions);
3709 	ceph_caps_finalize(mdsc);
3710 	ceph_pool_perm_destroy(mdsc);
3711 }
3712 
3713 void ceph_mdsc_destroy(struct ceph_fs_client *fsc)
3714 {
3715 	struct ceph_mds_client *mdsc = fsc->mdsc;
3716 
3717 	dout("mdsc_destroy %p\n", mdsc);
3718 	ceph_mdsc_stop(mdsc);
3719 
3720 	/* flush out any connection work with references to us */
3721 	ceph_msgr_flush();
3722 
3723 	fsc->mdsc = NULL;
3724 	kfree(mdsc);
3725 	dout("mdsc_destroy %p done\n", mdsc);
3726 }
3727 
3728 
3729 /*
3730  * handle mds map update.
3731  */
3732 void ceph_mdsc_handle_map(struct ceph_mds_client *mdsc, struct ceph_msg *msg)
3733 {
3734 	u32 epoch;
3735 	u32 maplen;
3736 	void *p = msg->front.iov_base;
3737 	void *end = p + msg->front.iov_len;
3738 	struct ceph_mdsmap *newmap, *oldmap;
3739 	struct ceph_fsid fsid;
3740 	int err = -EINVAL;
3741 
3742 	ceph_decode_need(&p, end, sizeof(fsid)+2*sizeof(u32), bad);
3743 	ceph_decode_copy(&p, &fsid, sizeof(fsid));
3744 	if (ceph_check_fsid(mdsc->fsc->client, &fsid) < 0)
3745 		return;
3746 	epoch = ceph_decode_32(&p);
3747 	maplen = ceph_decode_32(&p);
3748 	dout("handle_map epoch %u len %d\n", epoch, (int)maplen);
3749 
3750 	/* do we need it? */
3751 	ceph_monc_got_mdsmap(&mdsc->fsc->client->monc, epoch);
3752 	mutex_lock(&mdsc->mutex);
3753 	if (mdsc->mdsmap && epoch <= mdsc->mdsmap->m_epoch) {
3754 		dout("handle_map epoch %u <= our %u\n",
3755 		     epoch, mdsc->mdsmap->m_epoch);
3756 		mutex_unlock(&mdsc->mutex);
3757 		return;
3758 	}
3759 
3760 	newmap = ceph_mdsmap_decode(&p, end);
3761 	if (IS_ERR(newmap)) {
3762 		err = PTR_ERR(newmap);
3763 		goto bad_unlock;
3764 	}
3765 
3766 	/* swap into place */
3767 	if (mdsc->mdsmap) {
3768 		oldmap = mdsc->mdsmap;
3769 		mdsc->mdsmap = newmap;
3770 		check_new_map(mdsc, newmap, oldmap);
3771 		ceph_mdsmap_destroy(oldmap);
3772 	} else {
3773 		mdsc->mdsmap = newmap;  /* first mds map */
3774 	}
3775 	mdsc->fsc->sb->s_maxbytes = mdsc->mdsmap->m_max_file_size;
3776 
3777 	__wake_requests(mdsc, &mdsc->waiting_for_map);
3778 
3779 	mutex_unlock(&mdsc->mutex);
3780 	schedule_delayed(mdsc);
3781 	return;
3782 
3783 bad_unlock:
3784 	mutex_unlock(&mdsc->mutex);
3785 bad:
3786 	pr_err("error decoding mdsmap %d\n", err);
3787 	return;
3788 }
3789 
3790 static struct ceph_connection *con_get(struct ceph_connection *con)
3791 {
3792 	struct ceph_mds_session *s = con->private;
3793 
3794 	if (get_session(s)) {
3795 		dout("mdsc con_get %p ok (%d)\n", s, atomic_read(&s->s_ref));
3796 		return con;
3797 	}
3798 	dout("mdsc con_get %p FAIL\n", s);
3799 	return NULL;
3800 }
3801 
3802 static void con_put(struct ceph_connection *con)
3803 {
3804 	struct ceph_mds_session *s = con->private;
3805 
3806 	dout("mdsc con_put %p (%d)\n", s, atomic_read(&s->s_ref) - 1);
3807 	ceph_put_mds_session(s);
3808 }
3809 
3810 /*
3811  * if the client is unresponsive for long enough, the mds will kill
3812  * the session entirely.
3813  */
3814 static void peer_reset(struct ceph_connection *con)
3815 {
3816 	struct ceph_mds_session *s = con->private;
3817 	struct ceph_mds_client *mdsc = s->s_mdsc;
3818 
3819 	pr_warn("mds%d closed our session\n", s->s_mds);
3820 	send_mds_reconnect(mdsc, s);
3821 }
3822 
3823 static void dispatch(struct ceph_connection *con, struct ceph_msg *msg)
3824 {
3825 	struct ceph_mds_session *s = con->private;
3826 	struct ceph_mds_client *mdsc = s->s_mdsc;
3827 	int type = le16_to_cpu(msg->hdr.type);
3828 
3829 	mutex_lock(&mdsc->mutex);
3830 	if (__verify_registered_session(mdsc, s) < 0) {
3831 		mutex_unlock(&mdsc->mutex);
3832 		goto out;
3833 	}
3834 	mutex_unlock(&mdsc->mutex);
3835 
3836 	switch (type) {
3837 	case CEPH_MSG_MDS_MAP:
3838 		ceph_mdsc_handle_map(mdsc, msg);
3839 		break;
3840 	case CEPH_MSG_CLIENT_SESSION:
3841 		handle_session(s, msg);
3842 		break;
3843 	case CEPH_MSG_CLIENT_REPLY:
3844 		handle_reply(s, msg);
3845 		break;
3846 	case CEPH_MSG_CLIENT_REQUEST_FORWARD:
3847 		handle_forward(mdsc, s, msg);
3848 		break;
3849 	case CEPH_MSG_CLIENT_CAPS:
3850 		ceph_handle_caps(s, msg);
3851 		break;
3852 	case CEPH_MSG_CLIENT_SNAP:
3853 		ceph_handle_snap(mdsc, s, msg);
3854 		break;
3855 	case CEPH_MSG_CLIENT_LEASE:
3856 		handle_lease(mdsc, s, msg);
3857 		break;
3858 
3859 	default:
3860 		pr_err("received unknown message type %d %s\n", type,
3861 		       ceph_msg_type_name(type));
3862 	}
3863 out:
3864 	ceph_msg_put(msg);
3865 }
3866 
3867 /*
3868  * authentication
3869  */
3870 
3871 /*
3872  * Note: returned pointer is the address of a structure that's
3873  * managed separately.  Caller must *not* attempt to free it.
3874  */
3875 static struct ceph_auth_handshake *get_authorizer(struct ceph_connection *con,
3876 					int *proto, int force_new)
3877 {
3878 	struct ceph_mds_session *s = con->private;
3879 	struct ceph_mds_client *mdsc = s->s_mdsc;
3880 	struct ceph_auth_client *ac = mdsc->fsc->client->monc.auth;
3881 	struct ceph_auth_handshake *auth = &s->s_auth;
3882 
3883 	if (force_new && auth->authorizer) {
3884 		ceph_auth_destroy_authorizer(ac, auth->authorizer);
3885 		auth->authorizer = NULL;
3886 	}
3887 	if (!auth->authorizer) {
3888 		int ret = ceph_auth_create_authorizer(ac, CEPH_ENTITY_TYPE_MDS,
3889 						      auth);
3890 		if (ret)
3891 			return ERR_PTR(ret);
3892 	} else {
3893 		int ret = ceph_auth_update_authorizer(ac, CEPH_ENTITY_TYPE_MDS,
3894 						      auth);
3895 		if (ret)
3896 			return ERR_PTR(ret);
3897 	}
3898 	*proto = ac->protocol;
3899 
3900 	return auth;
3901 }
3902 
3903 
3904 static int verify_authorizer_reply(struct ceph_connection *con, int len)
3905 {
3906 	struct ceph_mds_session *s = con->private;
3907 	struct ceph_mds_client *mdsc = s->s_mdsc;
3908 	struct ceph_auth_client *ac = mdsc->fsc->client->monc.auth;
3909 
3910 	return ceph_auth_verify_authorizer_reply(ac, s->s_auth.authorizer, len);
3911 }
3912 
3913 static int invalidate_authorizer(struct ceph_connection *con)
3914 {
3915 	struct ceph_mds_session *s = con->private;
3916 	struct ceph_mds_client *mdsc = s->s_mdsc;
3917 	struct ceph_auth_client *ac = mdsc->fsc->client->monc.auth;
3918 
3919 	ceph_auth_invalidate_authorizer(ac, CEPH_ENTITY_TYPE_MDS);
3920 
3921 	return ceph_monc_validate_auth(&mdsc->fsc->client->monc);
3922 }
3923 
3924 static struct ceph_msg *mds_alloc_msg(struct ceph_connection *con,
3925 				struct ceph_msg_header *hdr, int *skip)
3926 {
3927 	struct ceph_msg *msg;
3928 	int type = (int) le16_to_cpu(hdr->type);
3929 	int front_len = (int) le32_to_cpu(hdr->front_len);
3930 
3931 	if (con->in_msg)
3932 		return con->in_msg;
3933 
3934 	*skip = 0;
3935 	msg = ceph_msg_new(type, front_len, GFP_NOFS, false);
3936 	if (!msg) {
3937 		pr_err("unable to allocate msg type %d len %d\n",
3938 		       type, front_len);
3939 		return NULL;
3940 	}
3941 
3942 	return msg;
3943 }
3944 
3945 static int mds_sign_message(struct ceph_msg *msg)
3946 {
3947        struct ceph_mds_session *s = msg->con->private;
3948        struct ceph_auth_handshake *auth = &s->s_auth;
3949 
3950        return ceph_auth_sign_message(auth, msg);
3951 }
3952 
3953 static int mds_check_message_signature(struct ceph_msg *msg)
3954 {
3955        struct ceph_mds_session *s = msg->con->private;
3956        struct ceph_auth_handshake *auth = &s->s_auth;
3957 
3958        return ceph_auth_check_message_signature(auth, msg);
3959 }
3960 
3961 static const struct ceph_connection_operations mds_con_ops = {
3962 	.get = con_get,
3963 	.put = con_put,
3964 	.dispatch = dispatch,
3965 	.get_authorizer = get_authorizer,
3966 	.verify_authorizer_reply = verify_authorizer_reply,
3967 	.invalidate_authorizer = invalidate_authorizer,
3968 	.peer_reset = peer_reset,
3969 	.alloc_msg = mds_alloc_msg,
3970 	.sign_message = mds_sign_message,
3971 	.check_message_signature = mds_check_message_signature,
3972 };
3973 
3974 /* eof */
3975