1 // SPDX-License-Identifier: LGPL-2.1 2 /* 3 * 4 * Copyright (C) International Business Machines Corp., 2002,2008 5 * Author(s): Steve French (sfrench@us.ibm.com) 6 * Jeremy Allison (jra@samba.org) 2006. 7 * 8 */ 9 10 #include <linux/fs.h> 11 #include <linux/list.h> 12 #include <linux/gfp.h> 13 #include <linux/wait.h> 14 #include <linux/net.h> 15 #include <linux/delay.h> 16 #include <linux/freezer.h> 17 #include <linux/tcp.h> 18 #include <linux/bvec.h> 19 #include <linux/highmem.h> 20 #include <linux/uaccess.h> 21 #include <asm/processor.h> 22 #include <linux/mempool.h> 23 #include <linux/sched/signal.h> 24 #include <linux/task_io_accounting_ops.h> 25 #include "cifspdu.h" 26 #include "cifsglob.h" 27 #include "cifsproto.h" 28 #include "cifs_debug.h" 29 #include "smb2proto.h" 30 #include "smbdirect.h" 31 32 /* Max number of iovectors we can use off the stack when sending requests. */ 33 #define CIFS_MAX_IOV_SIZE 8 34 35 void 36 cifs_wake_up_task(struct mid_q_entry *mid) 37 { 38 wake_up_process(mid->callback_data); 39 } 40 41 static struct mid_q_entry * 42 alloc_mid(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server) 43 { 44 struct mid_q_entry *temp; 45 46 if (server == NULL) { 47 cifs_dbg(VFS, "%s: null TCP session\n", __func__); 48 return NULL; 49 } 50 51 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS); 52 memset(temp, 0, sizeof(struct mid_q_entry)); 53 kref_init(&temp->refcount); 54 temp->mid = get_mid(smb_buffer); 55 temp->pid = current->pid; 56 temp->command = cpu_to_le16(smb_buffer->Command); 57 cifs_dbg(FYI, "For smb_command %d\n", smb_buffer->Command); 58 /* easier to use jiffies */ 59 /* when mid allocated can be before when sent */ 60 temp->when_alloc = jiffies; 61 temp->server = server; 62 63 /* 64 * The default is for the mid to be synchronous, so the 65 * default callback just wakes up the current task. 66 */ 67 get_task_struct(current); 68 temp->creator = current; 69 temp->callback = cifs_wake_up_task; 70 temp->callback_data = current; 71 72 atomic_inc(&mid_count); 73 temp->mid_state = MID_REQUEST_ALLOCATED; 74 return temp; 75 } 76 77 static void __release_mid(struct kref *refcount) 78 { 79 struct mid_q_entry *midEntry = 80 container_of(refcount, struct mid_q_entry, refcount); 81 #ifdef CONFIG_CIFS_STATS2 82 __le16 command = midEntry->server->vals->lock_cmd; 83 __u16 smb_cmd = le16_to_cpu(midEntry->command); 84 unsigned long now; 85 unsigned long roundtrip_time; 86 #endif 87 struct TCP_Server_Info *server = midEntry->server; 88 89 if (midEntry->resp_buf && (midEntry->mid_flags & MID_WAIT_CANCELLED) && 90 midEntry->mid_state == MID_RESPONSE_RECEIVED && 91 server->ops->handle_cancelled_mid) 92 server->ops->handle_cancelled_mid(midEntry, server); 93 94 midEntry->mid_state = MID_FREE; 95 atomic_dec(&mid_count); 96 if (midEntry->large_buf) 97 cifs_buf_release(midEntry->resp_buf); 98 else 99 cifs_small_buf_release(midEntry->resp_buf); 100 #ifdef CONFIG_CIFS_STATS2 101 now = jiffies; 102 if (now < midEntry->when_alloc) 103 cifs_server_dbg(VFS, "Invalid mid allocation time\n"); 104 roundtrip_time = now - midEntry->when_alloc; 105 106 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) { 107 if (atomic_read(&server->num_cmds[smb_cmd]) == 0) { 108 server->slowest_cmd[smb_cmd] = roundtrip_time; 109 server->fastest_cmd[smb_cmd] = roundtrip_time; 110 } else { 111 if (server->slowest_cmd[smb_cmd] < roundtrip_time) 112 server->slowest_cmd[smb_cmd] = roundtrip_time; 113 else if (server->fastest_cmd[smb_cmd] > roundtrip_time) 114 server->fastest_cmd[smb_cmd] = roundtrip_time; 115 } 116 cifs_stats_inc(&server->num_cmds[smb_cmd]); 117 server->time_per_cmd[smb_cmd] += roundtrip_time; 118 } 119 /* 120 * commands taking longer than one second (default) can be indications 121 * that something is wrong, unless it is quite a slow link or a very 122 * busy server. Note that this calc is unlikely or impossible to wrap 123 * as long as slow_rsp_threshold is not set way above recommended max 124 * value (32767 ie 9 hours) and is generally harmless even if wrong 125 * since only affects debug counters - so leaving the calc as simple 126 * comparison rather than doing multiple conversions and overflow 127 * checks 128 */ 129 if ((slow_rsp_threshold != 0) && 130 time_after(now, midEntry->when_alloc + (slow_rsp_threshold * HZ)) && 131 (midEntry->command != command)) { 132 /* 133 * smb2slowcmd[NUMBER_OF_SMB2_COMMANDS] counts by command 134 * NB: le16_to_cpu returns unsigned so can not be negative below 135 */ 136 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) 137 cifs_stats_inc(&server->smb2slowcmd[smb_cmd]); 138 139 trace_smb3_slow_rsp(smb_cmd, midEntry->mid, midEntry->pid, 140 midEntry->when_sent, midEntry->when_received); 141 if (cifsFYI & CIFS_TIMER) { 142 pr_debug("slow rsp: cmd %d mid %llu", 143 midEntry->command, midEntry->mid); 144 cifs_info("A: 0x%lx S: 0x%lx R: 0x%lx\n", 145 now - midEntry->when_alloc, 146 now - midEntry->when_sent, 147 now - midEntry->when_received); 148 } 149 } 150 #endif 151 put_task_struct(midEntry->creator); 152 153 mempool_free(midEntry, cifs_mid_poolp); 154 } 155 156 void release_mid(struct mid_q_entry *mid) 157 { 158 struct TCP_Server_Info *server = mid->server; 159 160 spin_lock(&server->mid_lock); 161 kref_put(&mid->refcount, __release_mid); 162 spin_unlock(&server->mid_lock); 163 } 164 165 void 166 delete_mid(struct mid_q_entry *mid) 167 { 168 spin_lock(&mid->server->mid_lock); 169 if (!(mid->mid_flags & MID_DELETED)) { 170 list_del_init(&mid->qhead); 171 mid->mid_flags |= MID_DELETED; 172 } 173 spin_unlock(&mid->server->mid_lock); 174 175 release_mid(mid); 176 } 177 178 /* 179 * smb_send_kvec - send an array of kvecs to the server 180 * @server: Server to send the data to 181 * @smb_msg: Message to send 182 * @sent: amount of data sent on socket is stored here 183 * 184 * Our basic "send data to server" function. Should be called with srv_mutex 185 * held. The caller is responsible for handling the results. 186 */ 187 static int 188 smb_send_kvec(struct TCP_Server_Info *server, struct msghdr *smb_msg, 189 size_t *sent) 190 { 191 int rc = 0; 192 int retries = 0; 193 struct socket *ssocket = server->ssocket; 194 195 *sent = 0; 196 197 if (server->noblocksnd) 198 smb_msg->msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL; 199 else 200 smb_msg->msg_flags = MSG_NOSIGNAL; 201 202 while (msg_data_left(smb_msg)) { 203 /* 204 * If blocking send, we try 3 times, since each can block 205 * for 5 seconds. For nonblocking we have to try more 206 * but wait increasing amounts of time allowing time for 207 * socket to clear. The overall time we wait in either 208 * case to send on the socket is about 15 seconds. 209 * Similarly we wait for 15 seconds for a response from 210 * the server in SendReceive[2] for the server to send 211 * a response back for most types of requests (except 212 * SMB Write past end of file which can be slow, and 213 * blocking lock operations). NFS waits slightly longer 214 * than CIFS, but this can make it take longer for 215 * nonresponsive servers to be detected and 15 seconds 216 * is more than enough time for modern networks to 217 * send a packet. In most cases if we fail to send 218 * after the retries we will kill the socket and 219 * reconnect which may clear the network problem. 220 */ 221 rc = sock_sendmsg(ssocket, smb_msg); 222 if (rc == -EAGAIN) { 223 retries++; 224 if (retries >= 14 || 225 (!server->noblocksnd && (retries > 2))) { 226 cifs_server_dbg(VFS, "sends on sock %p stuck for 15 seconds\n", 227 ssocket); 228 return -EAGAIN; 229 } 230 msleep(1 << retries); 231 continue; 232 } 233 234 if (rc < 0) 235 return rc; 236 237 if (rc == 0) { 238 /* should never happen, letting socket clear before 239 retrying is our only obvious option here */ 240 cifs_server_dbg(VFS, "tcp sent no data\n"); 241 msleep(500); 242 continue; 243 } 244 245 /* send was at least partially successful */ 246 *sent += rc; 247 retries = 0; /* in case we get ENOSPC on the next send */ 248 } 249 return 0; 250 } 251 252 unsigned long 253 smb_rqst_len(struct TCP_Server_Info *server, struct smb_rqst *rqst) 254 { 255 unsigned int i; 256 struct kvec *iov; 257 int nvec; 258 unsigned long buflen = 0; 259 260 if (!is_smb1(server) && rqst->rq_nvec >= 2 && 261 rqst->rq_iov[0].iov_len == 4) { 262 iov = &rqst->rq_iov[1]; 263 nvec = rqst->rq_nvec - 1; 264 } else { 265 iov = rqst->rq_iov; 266 nvec = rqst->rq_nvec; 267 } 268 269 /* total up iov array first */ 270 for (i = 0; i < nvec; i++) 271 buflen += iov[i].iov_len; 272 273 buflen += iov_iter_count(&rqst->rq_iter); 274 return buflen; 275 } 276 277 static int 278 __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst, 279 struct smb_rqst *rqst) 280 { 281 int rc; 282 struct kvec *iov; 283 int n_vec; 284 unsigned int send_length = 0; 285 unsigned int i, j; 286 sigset_t mask, oldmask; 287 size_t total_len = 0, sent, size; 288 struct socket *ssocket = server->ssocket; 289 struct msghdr smb_msg = {}; 290 __be32 rfc1002_marker; 291 292 cifs_in_send_inc(server); 293 if (cifs_rdma_enabled(server)) { 294 /* return -EAGAIN when connecting or reconnecting */ 295 rc = -EAGAIN; 296 if (server->smbd_conn) 297 rc = smbd_send(server, num_rqst, rqst); 298 goto smbd_done; 299 } 300 301 rc = -EAGAIN; 302 if (ssocket == NULL) 303 goto out; 304 305 rc = -ERESTARTSYS; 306 if (fatal_signal_pending(current)) { 307 cifs_dbg(FYI, "signal pending before send request\n"); 308 goto out; 309 } 310 311 rc = 0; 312 /* cork the socket */ 313 tcp_sock_set_cork(ssocket->sk, true); 314 315 for (j = 0; j < num_rqst; j++) 316 send_length += smb_rqst_len(server, &rqst[j]); 317 rfc1002_marker = cpu_to_be32(send_length); 318 319 /* 320 * We should not allow signals to interrupt the network send because 321 * any partial send will cause session reconnects thus increasing 322 * latency of system calls and overload a server with unnecessary 323 * requests. 324 */ 325 326 sigfillset(&mask); 327 sigprocmask(SIG_BLOCK, &mask, &oldmask); 328 329 /* Generate a rfc1002 marker for SMB2+ */ 330 if (!is_smb1(server)) { 331 struct kvec hiov = { 332 .iov_base = &rfc1002_marker, 333 .iov_len = 4 334 }; 335 iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, &hiov, 1, 4); 336 rc = smb_send_kvec(server, &smb_msg, &sent); 337 if (rc < 0) 338 goto unmask; 339 340 total_len += sent; 341 send_length += 4; 342 } 343 344 cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length); 345 346 for (j = 0; j < num_rqst; j++) { 347 iov = rqst[j].rq_iov; 348 n_vec = rqst[j].rq_nvec; 349 350 size = 0; 351 for (i = 0; i < n_vec; i++) { 352 dump_smb(iov[i].iov_base, iov[i].iov_len); 353 size += iov[i].iov_len; 354 } 355 356 iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, iov, n_vec, size); 357 358 rc = smb_send_kvec(server, &smb_msg, &sent); 359 if (rc < 0) 360 goto unmask; 361 362 total_len += sent; 363 364 if (iov_iter_count(&rqst[j].rq_iter) > 0) { 365 smb_msg.msg_iter = rqst[j].rq_iter; 366 rc = smb_send_kvec(server, &smb_msg, &sent); 367 if (rc < 0) 368 break; 369 total_len += sent; 370 } 371 372 } 373 374 unmask: 375 sigprocmask(SIG_SETMASK, &oldmask, NULL); 376 377 /* 378 * If signal is pending but we have already sent the whole packet to 379 * the server we need to return success status to allow a corresponding 380 * mid entry to be kept in the pending requests queue thus allowing 381 * to handle responses from the server by the client. 382 * 383 * If only part of the packet has been sent there is no need to hide 384 * interrupt because the session will be reconnected anyway, so there 385 * won't be any response from the server to handle. 386 */ 387 388 if (signal_pending(current) && (total_len != send_length)) { 389 cifs_dbg(FYI, "signal is pending after attempt to send\n"); 390 rc = -ERESTARTSYS; 391 } 392 393 /* uncork it */ 394 tcp_sock_set_cork(ssocket->sk, false); 395 396 if ((total_len > 0) && (total_len != send_length)) { 397 cifs_dbg(FYI, "partial send (wanted=%u sent=%zu): terminating session\n", 398 send_length, total_len); 399 /* 400 * If we have only sent part of an SMB then the next SMB could 401 * be taken as the remainder of this one. We need to kill the 402 * socket so the server throws away the partial SMB 403 */ 404 cifs_signal_cifsd_for_reconnect(server, false); 405 trace_smb3_partial_send_reconnect(server->CurrentMid, 406 server->conn_id, server->hostname); 407 } 408 smbd_done: 409 if (rc < 0 && rc != -EINTR) 410 cifs_server_dbg(VFS, "Error %d sending data on socket to server\n", 411 rc); 412 else if (rc > 0) 413 rc = 0; 414 out: 415 cifs_in_send_dec(server); 416 return rc; 417 } 418 419 struct send_req_vars { 420 struct smb2_transform_hdr tr_hdr; 421 struct smb_rqst rqst[MAX_COMPOUND]; 422 struct kvec iov; 423 }; 424 425 static int 426 smb_send_rqst(struct TCP_Server_Info *server, int num_rqst, 427 struct smb_rqst *rqst, int flags) 428 { 429 struct send_req_vars *vars; 430 struct smb_rqst *cur_rqst; 431 struct kvec *iov; 432 int rc; 433 434 if (!(flags & CIFS_TRANSFORM_REQ)) 435 return __smb_send_rqst(server, num_rqst, rqst); 436 437 if (num_rqst > MAX_COMPOUND - 1) 438 return -ENOMEM; 439 440 if (!server->ops->init_transform_rq) { 441 cifs_server_dbg(VFS, "Encryption requested but transform callback is missing\n"); 442 return -EIO; 443 } 444 445 vars = kzalloc(sizeof(*vars), GFP_NOFS); 446 if (!vars) 447 return -ENOMEM; 448 cur_rqst = vars->rqst; 449 iov = &vars->iov; 450 451 iov->iov_base = &vars->tr_hdr; 452 iov->iov_len = sizeof(vars->tr_hdr); 453 cur_rqst[0].rq_iov = iov; 454 cur_rqst[0].rq_nvec = 1; 455 456 rc = server->ops->init_transform_rq(server, num_rqst + 1, 457 &cur_rqst[0], rqst); 458 if (rc) 459 goto out; 460 461 rc = __smb_send_rqst(server, num_rqst + 1, &cur_rqst[0]); 462 smb3_free_compound_rqst(num_rqst, &cur_rqst[1]); 463 out: 464 kfree(vars); 465 return rc; 466 } 467 468 int 469 smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer, 470 unsigned int smb_buf_length) 471 { 472 struct kvec iov[2]; 473 struct smb_rqst rqst = { .rq_iov = iov, 474 .rq_nvec = 2 }; 475 476 iov[0].iov_base = smb_buffer; 477 iov[0].iov_len = 4; 478 iov[1].iov_base = (char *)smb_buffer + 4; 479 iov[1].iov_len = smb_buf_length; 480 481 return __smb_send_rqst(server, 1, &rqst); 482 } 483 484 static int 485 wait_for_free_credits(struct TCP_Server_Info *server, const int num_credits, 486 const int timeout, const int flags, 487 unsigned int *instance) 488 { 489 long rc; 490 int *credits; 491 int optype; 492 long int t; 493 int scredits, in_flight; 494 495 if (timeout < 0) 496 t = MAX_JIFFY_OFFSET; 497 else 498 t = msecs_to_jiffies(timeout); 499 500 optype = flags & CIFS_OP_MASK; 501 502 *instance = 0; 503 504 credits = server->ops->get_credits_field(server, optype); 505 /* Since an echo is already inflight, no need to wait to send another */ 506 if (*credits <= 0 && optype == CIFS_ECHO_OP) 507 return -EAGAIN; 508 509 spin_lock(&server->req_lock); 510 if ((flags & CIFS_TIMEOUT_MASK) == CIFS_NON_BLOCKING) { 511 /* oplock breaks must not be held up */ 512 server->in_flight++; 513 if (server->in_flight > server->max_in_flight) 514 server->max_in_flight = server->in_flight; 515 *credits -= 1; 516 *instance = server->reconnect_instance; 517 scredits = *credits; 518 in_flight = server->in_flight; 519 spin_unlock(&server->req_lock); 520 521 trace_smb3_nblk_credits(server->CurrentMid, 522 server->conn_id, server->hostname, scredits, -1, in_flight); 523 cifs_dbg(FYI, "%s: remove %u credits total=%d\n", 524 __func__, 1, scredits); 525 526 return 0; 527 } 528 529 while (1) { 530 spin_unlock(&server->req_lock); 531 532 spin_lock(&server->srv_lock); 533 if (server->tcpStatus == CifsExiting) { 534 spin_unlock(&server->srv_lock); 535 return -ENOENT; 536 } 537 spin_unlock(&server->srv_lock); 538 539 spin_lock(&server->req_lock); 540 if (*credits < num_credits) { 541 scredits = *credits; 542 spin_unlock(&server->req_lock); 543 544 cifs_num_waiters_inc(server); 545 rc = wait_event_killable_timeout(server->request_q, 546 has_credits(server, credits, num_credits), t); 547 cifs_num_waiters_dec(server); 548 if (!rc) { 549 spin_lock(&server->req_lock); 550 scredits = *credits; 551 in_flight = server->in_flight; 552 spin_unlock(&server->req_lock); 553 554 trace_smb3_credit_timeout(server->CurrentMid, 555 server->conn_id, server->hostname, scredits, 556 num_credits, in_flight); 557 cifs_server_dbg(VFS, "wait timed out after %d ms\n", 558 timeout); 559 return -EBUSY; 560 } 561 if (rc == -ERESTARTSYS) 562 return -ERESTARTSYS; 563 spin_lock(&server->req_lock); 564 } else { 565 /* 566 * For normal commands, reserve the last MAX_COMPOUND 567 * credits to compound requests. 568 * Otherwise these compounds could be permanently 569 * starved for credits by single-credit requests. 570 * 571 * To prevent spinning CPU, block this thread until 572 * there are >MAX_COMPOUND credits available. 573 * But only do this is we already have a lot of 574 * credits in flight to avoid triggering this check 575 * for servers that are slow to hand out credits on 576 * new sessions. 577 */ 578 if (!optype && num_credits == 1 && 579 server->in_flight > 2 * MAX_COMPOUND && 580 *credits <= MAX_COMPOUND) { 581 spin_unlock(&server->req_lock); 582 583 cifs_num_waiters_inc(server); 584 rc = wait_event_killable_timeout( 585 server->request_q, 586 has_credits(server, credits, 587 MAX_COMPOUND + 1), 588 t); 589 cifs_num_waiters_dec(server); 590 if (!rc) { 591 spin_lock(&server->req_lock); 592 scredits = *credits; 593 in_flight = server->in_flight; 594 spin_unlock(&server->req_lock); 595 596 trace_smb3_credit_timeout( 597 server->CurrentMid, 598 server->conn_id, server->hostname, 599 scredits, num_credits, in_flight); 600 cifs_server_dbg(VFS, "wait timed out after %d ms\n", 601 timeout); 602 return -EBUSY; 603 } 604 if (rc == -ERESTARTSYS) 605 return -ERESTARTSYS; 606 spin_lock(&server->req_lock); 607 continue; 608 } 609 610 /* 611 * Can not count locking commands against total 612 * as they are allowed to block on server. 613 */ 614 615 /* update # of requests on the wire to server */ 616 if ((flags & CIFS_TIMEOUT_MASK) != CIFS_BLOCKING_OP) { 617 *credits -= num_credits; 618 server->in_flight += num_credits; 619 if (server->in_flight > server->max_in_flight) 620 server->max_in_flight = server->in_flight; 621 *instance = server->reconnect_instance; 622 } 623 scredits = *credits; 624 in_flight = server->in_flight; 625 spin_unlock(&server->req_lock); 626 627 trace_smb3_waitff_credits(server->CurrentMid, 628 server->conn_id, server->hostname, scredits, 629 -(num_credits), in_flight); 630 cifs_dbg(FYI, "%s: remove %u credits total=%d\n", 631 __func__, num_credits, scredits); 632 break; 633 } 634 } 635 return 0; 636 } 637 638 static int 639 wait_for_free_request(struct TCP_Server_Info *server, const int flags, 640 unsigned int *instance) 641 { 642 return wait_for_free_credits(server, 1, -1, flags, 643 instance); 644 } 645 646 static int 647 wait_for_compound_request(struct TCP_Server_Info *server, int num, 648 const int flags, unsigned int *instance) 649 { 650 int *credits; 651 int scredits, in_flight; 652 653 credits = server->ops->get_credits_field(server, flags & CIFS_OP_MASK); 654 655 spin_lock(&server->req_lock); 656 scredits = *credits; 657 in_flight = server->in_flight; 658 659 if (*credits < num) { 660 /* 661 * If the server is tight on resources or just gives us less 662 * credits for other reasons (e.g. requests are coming out of 663 * order and the server delays granting more credits until it 664 * processes a missing mid) and we exhausted most available 665 * credits there may be situations when we try to send 666 * a compound request but we don't have enough credits. At this 667 * point the client needs to decide if it should wait for 668 * additional credits or fail the request. If at least one 669 * request is in flight there is a high probability that the 670 * server will return enough credits to satisfy this compound 671 * request. 672 * 673 * Return immediately if no requests in flight since we will be 674 * stuck on waiting for credits. 675 */ 676 if (server->in_flight == 0) { 677 spin_unlock(&server->req_lock); 678 trace_smb3_insufficient_credits(server->CurrentMid, 679 server->conn_id, server->hostname, scredits, 680 num, in_flight); 681 cifs_dbg(FYI, "%s: %d requests in flight, needed %d total=%d\n", 682 __func__, in_flight, num, scredits); 683 return -EDEADLK; 684 } 685 } 686 spin_unlock(&server->req_lock); 687 688 return wait_for_free_credits(server, num, 60000, flags, 689 instance); 690 } 691 692 int 693 cifs_wait_mtu_credits(struct TCP_Server_Info *server, unsigned int size, 694 unsigned int *num, struct cifs_credits *credits) 695 { 696 *num = size; 697 credits->value = 0; 698 credits->instance = server->reconnect_instance; 699 return 0; 700 } 701 702 static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf, 703 struct mid_q_entry **ppmidQ) 704 { 705 spin_lock(&ses->ses_lock); 706 if (ses->ses_status == SES_NEW) { 707 if ((in_buf->Command != SMB_COM_SESSION_SETUP_ANDX) && 708 (in_buf->Command != SMB_COM_NEGOTIATE)) { 709 spin_unlock(&ses->ses_lock); 710 return -EAGAIN; 711 } 712 /* else ok - we are setting up session */ 713 } 714 715 if (ses->ses_status == SES_EXITING) { 716 /* check if SMB session is bad because we are setting it up */ 717 if (in_buf->Command != SMB_COM_LOGOFF_ANDX) { 718 spin_unlock(&ses->ses_lock); 719 return -EAGAIN; 720 } 721 /* else ok - we are shutting down session */ 722 } 723 spin_unlock(&ses->ses_lock); 724 725 *ppmidQ = alloc_mid(in_buf, ses->server); 726 if (*ppmidQ == NULL) 727 return -ENOMEM; 728 spin_lock(&ses->server->mid_lock); 729 list_add_tail(&(*ppmidQ)->qhead, &ses->server->pending_mid_q); 730 spin_unlock(&ses->server->mid_lock); 731 return 0; 732 } 733 734 static int 735 wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ) 736 { 737 int error; 738 739 error = wait_event_state(server->response_q, 740 midQ->mid_state != MID_REQUEST_SUBMITTED, 741 (TASK_KILLABLE|TASK_FREEZABLE_UNSAFE)); 742 if (error < 0) 743 return -ERESTARTSYS; 744 745 return 0; 746 } 747 748 struct mid_q_entry * 749 cifs_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst) 750 { 751 int rc; 752 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 753 struct mid_q_entry *mid; 754 755 if (rqst->rq_iov[0].iov_len != 4 || 756 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base) 757 return ERR_PTR(-EIO); 758 759 /* enable signing if server requires it */ 760 if (server->sign) 761 hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE; 762 763 mid = alloc_mid(hdr, server); 764 if (mid == NULL) 765 return ERR_PTR(-ENOMEM); 766 767 rc = cifs_sign_rqst(rqst, server, &mid->sequence_number); 768 if (rc) { 769 release_mid(mid); 770 return ERR_PTR(rc); 771 } 772 773 return mid; 774 } 775 776 /* 777 * Send a SMB request and set the callback function in the mid to handle 778 * the result. Caller is responsible for dealing with timeouts. 779 */ 780 int 781 cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst, 782 mid_receive_t *receive, mid_callback_t *callback, 783 mid_handle_t *handle, void *cbdata, const int flags, 784 const struct cifs_credits *exist_credits) 785 { 786 int rc; 787 struct mid_q_entry *mid; 788 struct cifs_credits credits = { .value = 0, .instance = 0 }; 789 unsigned int instance; 790 int optype; 791 792 optype = flags & CIFS_OP_MASK; 793 794 if ((flags & CIFS_HAS_CREDITS) == 0) { 795 rc = wait_for_free_request(server, flags, &instance); 796 if (rc) 797 return rc; 798 credits.value = 1; 799 credits.instance = instance; 800 } else 801 instance = exist_credits->instance; 802 803 cifs_server_lock(server); 804 805 /* 806 * We can't use credits obtained from the previous session to send this 807 * request. Check if there were reconnects after we obtained credits and 808 * return -EAGAIN in such cases to let callers handle it. 809 */ 810 if (instance != server->reconnect_instance) { 811 cifs_server_unlock(server); 812 add_credits_and_wake_if(server, &credits, optype); 813 return -EAGAIN; 814 } 815 816 mid = server->ops->setup_async_request(server, rqst); 817 if (IS_ERR(mid)) { 818 cifs_server_unlock(server); 819 add_credits_and_wake_if(server, &credits, optype); 820 return PTR_ERR(mid); 821 } 822 823 mid->receive = receive; 824 mid->callback = callback; 825 mid->callback_data = cbdata; 826 mid->handle = handle; 827 mid->mid_state = MID_REQUEST_SUBMITTED; 828 829 /* put it on the pending_mid_q */ 830 spin_lock(&server->mid_lock); 831 list_add_tail(&mid->qhead, &server->pending_mid_q); 832 spin_unlock(&server->mid_lock); 833 834 /* 835 * Need to store the time in mid before calling I/O. For call_async, 836 * I/O response may come back and free the mid entry on another thread. 837 */ 838 cifs_save_when_sent(mid); 839 rc = smb_send_rqst(server, 1, rqst, flags); 840 841 if (rc < 0) { 842 revert_current_mid(server, mid->credits); 843 server->sequence_number -= 2; 844 delete_mid(mid); 845 } 846 847 cifs_server_unlock(server); 848 849 if (rc == 0) 850 return 0; 851 852 add_credits_and_wake_if(server, &credits, optype); 853 return rc; 854 } 855 856 /* 857 * 858 * Send an SMB Request. No response info (other than return code) 859 * needs to be parsed. 860 * 861 * flags indicate the type of request buffer and how long to wait 862 * and whether to log NT STATUS code (error) before mapping it to POSIX error 863 * 864 */ 865 int 866 SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses, 867 char *in_buf, int flags) 868 { 869 int rc; 870 struct kvec iov[1]; 871 struct kvec rsp_iov; 872 int resp_buf_type; 873 874 iov[0].iov_base = in_buf; 875 iov[0].iov_len = get_rfc1002_length(in_buf) + 4; 876 flags |= CIFS_NO_RSP_BUF; 877 rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags, &rsp_iov); 878 cifs_dbg(NOISY, "SendRcvNoRsp flags %d rc %d\n", flags, rc); 879 880 return rc; 881 } 882 883 static int 884 cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) 885 { 886 int rc = 0; 887 888 cifs_dbg(FYI, "%s: cmd=%d mid=%llu state=%d\n", 889 __func__, le16_to_cpu(mid->command), mid->mid, mid->mid_state); 890 891 spin_lock(&server->mid_lock); 892 switch (mid->mid_state) { 893 case MID_RESPONSE_RECEIVED: 894 spin_unlock(&server->mid_lock); 895 return rc; 896 case MID_RETRY_NEEDED: 897 rc = -EAGAIN; 898 break; 899 case MID_RESPONSE_MALFORMED: 900 rc = -EIO; 901 break; 902 case MID_SHUTDOWN: 903 rc = -EHOSTDOWN; 904 break; 905 default: 906 if (!(mid->mid_flags & MID_DELETED)) { 907 list_del_init(&mid->qhead); 908 mid->mid_flags |= MID_DELETED; 909 } 910 cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", 911 __func__, mid->mid, mid->mid_state); 912 rc = -EIO; 913 } 914 spin_unlock(&server->mid_lock); 915 916 release_mid(mid); 917 return rc; 918 } 919 920 static inline int 921 send_cancel(struct TCP_Server_Info *server, struct smb_rqst *rqst, 922 struct mid_q_entry *mid) 923 { 924 return server->ops->send_cancel ? 925 server->ops->send_cancel(server, rqst, mid) : 0; 926 } 927 928 int 929 cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server, 930 bool log_error) 931 { 932 unsigned int len = get_rfc1002_length(mid->resp_buf) + 4; 933 934 dump_smb(mid->resp_buf, min_t(u32, 92, len)); 935 936 /* convert the length into a more usable form */ 937 if (server->sign) { 938 struct kvec iov[2]; 939 int rc = 0; 940 struct smb_rqst rqst = { .rq_iov = iov, 941 .rq_nvec = 2 }; 942 943 iov[0].iov_base = mid->resp_buf; 944 iov[0].iov_len = 4; 945 iov[1].iov_base = (char *)mid->resp_buf + 4; 946 iov[1].iov_len = len - 4; 947 /* FIXME: add code to kill session */ 948 rc = cifs_verify_signature(&rqst, server, 949 mid->sequence_number); 950 if (rc) 951 cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n", 952 rc); 953 } 954 955 /* BB special case reconnect tid and uid here? */ 956 return map_and_check_smb_error(mid, log_error); 957 } 958 959 struct mid_q_entry * 960 cifs_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *ignored, 961 struct smb_rqst *rqst) 962 { 963 int rc; 964 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 965 struct mid_q_entry *mid; 966 967 if (rqst->rq_iov[0].iov_len != 4 || 968 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base) 969 return ERR_PTR(-EIO); 970 971 rc = allocate_mid(ses, hdr, &mid); 972 if (rc) 973 return ERR_PTR(rc); 974 rc = cifs_sign_rqst(rqst, ses->server, &mid->sequence_number); 975 if (rc) { 976 delete_mid(mid); 977 return ERR_PTR(rc); 978 } 979 return mid; 980 } 981 982 static void 983 cifs_compound_callback(struct mid_q_entry *mid) 984 { 985 struct TCP_Server_Info *server = mid->server; 986 struct cifs_credits credits; 987 988 credits.value = server->ops->get_credits(mid); 989 credits.instance = server->reconnect_instance; 990 991 add_credits(server, &credits, mid->optype); 992 } 993 994 static void 995 cifs_compound_last_callback(struct mid_q_entry *mid) 996 { 997 cifs_compound_callback(mid); 998 cifs_wake_up_task(mid); 999 } 1000 1001 static void 1002 cifs_cancelled_callback(struct mid_q_entry *mid) 1003 { 1004 cifs_compound_callback(mid); 1005 release_mid(mid); 1006 } 1007 1008 /* 1009 * Return a channel (master if none) of @ses that can be used to send 1010 * regular requests. 1011 * 1012 * If we are currently binding a new channel (negprot/sess.setup), 1013 * return the new incomplete channel. 1014 */ 1015 struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) 1016 { 1017 uint index = 0; 1018 unsigned int min_in_flight = UINT_MAX, max_in_flight = 0; 1019 struct TCP_Server_Info *server = NULL; 1020 int i; 1021 1022 if (!ses) 1023 return NULL; 1024 1025 spin_lock(&ses->chan_lock); 1026 for (i = 0; i < ses->chan_count; i++) { 1027 server = ses->chans[i].server; 1028 if (!server) 1029 continue; 1030 1031 /* 1032 * strictly speaking, we should pick up req_lock to read 1033 * server->in_flight. But it shouldn't matter much here if we 1034 * race while reading this data. The worst that can happen is 1035 * that we could use a channel that's not least loaded. Avoiding 1036 * taking the lock could help reduce wait time, which is 1037 * important for this function 1038 */ 1039 if (server->in_flight < min_in_flight) { 1040 min_in_flight = server->in_flight; 1041 index = i; 1042 } 1043 if (server->in_flight > max_in_flight) 1044 max_in_flight = server->in_flight; 1045 } 1046 1047 /* if all channels are equally loaded, fall back to round-robin */ 1048 if (min_in_flight == max_in_flight) { 1049 index = (uint)atomic_inc_return(&ses->chan_seq); 1050 index %= ses->chan_count; 1051 } 1052 spin_unlock(&ses->chan_lock); 1053 1054 return ses->chans[index].server; 1055 } 1056 1057 int 1058 compound_send_recv(const unsigned int xid, struct cifs_ses *ses, 1059 struct TCP_Server_Info *server, 1060 const int flags, const int num_rqst, struct smb_rqst *rqst, 1061 int *resp_buf_type, struct kvec *resp_iov) 1062 { 1063 int i, j, optype, rc = 0; 1064 struct mid_q_entry *midQ[MAX_COMPOUND]; 1065 bool cancelled_mid[MAX_COMPOUND] = {false}; 1066 struct cifs_credits credits[MAX_COMPOUND] = { 1067 { .value = 0, .instance = 0 } 1068 }; 1069 unsigned int instance; 1070 char *buf; 1071 1072 optype = flags & CIFS_OP_MASK; 1073 1074 for (i = 0; i < num_rqst; i++) 1075 resp_buf_type[i] = CIFS_NO_BUFFER; /* no response buf yet */ 1076 1077 if (!ses || !ses->server || !server) { 1078 cifs_dbg(VFS, "Null session\n"); 1079 return -EIO; 1080 } 1081 1082 spin_lock(&server->srv_lock); 1083 if (server->tcpStatus == CifsExiting) { 1084 spin_unlock(&server->srv_lock); 1085 return -ENOENT; 1086 } 1087 spin_unlock(&server->srv_lock); 1088 1089 /* 1090 * Wait for all the requests to become available. 1091 * This approach still leaves the possibility to be stuck waiting for 1092 * credits if the server doesn't grant credits to the outstanding 1093 * requests and if the client is completely idle, not generating any 1094 * other requests. 1095 * This can be handled by the eventual session reconnect. 1096 */ 1097 rc = wait_for_compound_request(server, num_rqst, flags, 1098 &instance); 1099 if (rc) 1100 return rc; 1101 1102 for (i = 0; i < num_rqst; i++) { 1103 credits[i].value = 1; 1104 credits[i].instance = instance; 1105 } 1106 1107 /* 1108 * Make sure that we sign in the same order that we send on this socket 1109 * and avoid races inside tcp sendmsg code that could cause corruption 1110 * of smb data. 1111 */ 1112 1113 cifs_server_lock(server); 1114 1115 /* 1116 * All the parts of the compound chain belong obtained credits from the 1117 * same session. We can not use credits obtained from the previous 1118 * session to send this request. Check if there were reconnects after 1119 * we obtained credits and return -EAGAIN in such cases to let callers 1120 * handle it. 1121 */ 1122 if (instance != server->reconnect_instance) { 1123 cifs_server_unlock(server); 1124 for (j = 0; j < num_rqst; j++) 1125 add_credits(server, &credits[j], optype); 1126 return -EAGAIN; 1127 } 1128 1129 for (i = 0; i < num_rqst; i++) { 1130 midQ[i] = server->ops->setup_request(ses, server, &rqst[i]); 1131 if (IS_ERR(midQ[i])) { 1132 revert_current_mid(server, i); 1133 for (j = 0; j < i; j++) 1134 delete_mid(midQ[j]); 1135 cifs_server_unlock(server); 1136 1137 /* Update # of requests on wire to server */ 1138 for (j = 0; j < num_rqst; j++) 1139 add_credits(server, &credits[j], optype); 1140 return PTR_ERR(midQ[i]); 1141 } 1142 1143 midQ[i]->mid_state = MID_REQUEST_SUBMITTED; 1144 midQ[i]->optype = optype; 1145 /* 1146 * Invoke callback for every part of the compound chain 1147 * to calculate credits properly. Wake up this thread only when 1148 * the last element is received. 1149 */ 1150 if (i < num_rqst - 1) 1151 midQ[i]->callback = cifs_compound_callback; 1152 else 1153 midQ[i]->callback = cifs_compound_last_callback; 1154 } 1155 rc = smb_send_rqst(server, num_rqst, rqst, flags); 1156 1157 for (i = 0; i < num_rqst; i++) 1158 cifs_save_when_sent(midQ[i]); 1159 1160 if (rc < 0) { 1161 revert_current_mid(server, num_rqst); 1162 server->sequence_number -= 2; 1163 } 1164 1165 cifs_server_unlock(server); 1166 1167 /* 1168 * If sending failed for some reason or it is an oplock break that we 1169 * will not receive a response to - return credits back 1170 */ 1171 if (rc < 0 || (flags & CIFS_NO_SRV_RSP)) { 1172 for (i = 0; i < num_rqst; i++) 1173 add_credits(server, &credits[i], optype); 1174 goto out; 1175 } 1176 1177 /* 1178 * At this point the request is passed to the network stack - we assume 1179 * that any credits taken from the server structure on the client have 1180 * been spent and we can't return them back. Once we receive responses 1181 * we will collect credits granted by the server in the mid callbacks 1182 * and add those credits to the server structure. 1183 */ 1184 1185 /* 1186 * Compounding is never used during session establish. 1187 */ 1188 spin_lock(&ses->ses_lock); 1189 if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) { 1190 spin_unlock(&ses->ses_lock); 1191 1192 cifs_server_lock(server); 1193 smb311_update_preauth_hash(ses, server, rqst[0].rq_iov, rqst[0].rq_nvec); 1194 cifs_server_unlock(server); 1195 1196 spin_lock(&ses->ses_lock); 1197 } 1198 spin_unlock(&ses->ses_lock); 1199 1200 for (i = 0; i < num_rqst; i++) { 1201 rc = wait_for_response(server, midQ[i]); 1202 if (rc != 0) 1203 break; 1204 } 1205 if (rc != 0) { 1206 for (; i < num_rqst; i++) { 1207 cifs_server_dbg(FYI, "Cancelling wait for mid %llu cmd: %d\n", 1208 midQ[i]->mid, le16_to_cpu(midQ[i]->command)); 1209 send_cancel(server, &rqst[i], midQ[i]); 1210 spin_lock(&server->mid_lock); 1211 midQ[i]->mid_flags |= MID_WAIT_CANCELLED; 1212 if (midQ[i]->mid_state == MID_REQUEST_SUBMITTED) { 1213 midQ[i]->callback = cifs_cancelled_callback; 1214 cancelled_mid[i] = true; 1215 credits[i].value = 0; 1216 } 1217 spin_unlock(&server->mid_lock); 1218 } 1219 } 1220 1221 for (i = 0; i < num_rqst; i++) { 1222 if (rc < 0) 1223 goto out; 1224 1225 rc = cifs_sync_mid_result(midQ[i], server); 1226 if (rc != 0) { 1227 /* mark this mid as cancelled to not free it below */ 1228 cancelled_mid[i] = true; 1229 goto out; 1230 } 1231 1232 if (!midQ[i]->resp_buf || 1233 midQ[i]->mid_state != MID_RESPONSE_RECEIVED) { 1234 rc = -EIO; 1235 cifs_dbg(FYI, "Bad MID state?\n"); 1236 goto out; 1237 } 1238 1239 buf = (char *)midQ[i]->resp_buf; 1240 resp_iov[i].iov_base = buf; 1241 resp_iov[i].iov_len = midQ[i]->resp_buf_size + 1242 HEADER_PREAMBLE_SIZE(server); 1243 1244 if (midQ[i]->large_buf) 1245 resp_buf_type[i] = CIFS_LARGE_BUFFER; 1246 else 1247 resp_buf_type[i] = CIFS_SMALL_BUFFER; 1248 1249 rc = server->ops->check_receive(midQ[i], server, 1250 flags & CIFS_LOG_ERROR); 1251 1252 /* mark it so buf will not be freed by delete_mid */ 1253 if ((flags & CIFS_NO_RSP_BUF) == 0) 1254 midQ[i]->resp_buf = NULL; 1255 1256 } 1257 1258 /* 1259 * Compounding is never used during session establish. 1260 */ 1261 spin_lock(&ses->ses_lock); 1262 if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) { 1263 struct kvec iov = { 1264 .iov_base = resp_iov[0].iov_base, 1265 .iov_len = resp_iov[0].iov_len 1266 }; 1267 spin_unlock(&ses->ses_lock); 1268 cifs_server_lock(server); 1269 smb311_update_preauth_hash(ses, server, &iov, 1); 1270 cifs_server_unlock(server); 1271 spin_lock(&ses->ses_lock); 1272 } 1273 spin_unlock(&ses->ses_lock); 1274 1275 out: 1276 /* 1277 * This will dequeue all mids. After this it is important that the 1278 * demultiplex_thread will not process any of these mids any futher. 1279 * This is prevented above by using a noop callback that will not 1280 * wake this thread except for the very last PDU. 1281 */ 1282 for (i = 0; i < num_rqst; i++) { 1283 if (!cancelled_mid[i]) 1284 delete_mid(midQ[i]); 1285 } 1286 1287 return rc; 1288 } 1289 1290 int 1291 cifs_send_recv(const unsigned int xid, struct cifs_ses *ses, 1292 struct TCP_Server_Info *server, 1293 struct smb_rqst *rqst, int *resp_buf_type, const int flags, 1294 struct kvec *resp_iov) 1295 { 1296 return compound_send_recv(xid, ses, server, flags, 1, 1297 rqst, resp_buf_type, resp_iov); 1298 } 1299 1300 int 1301 SendReceive2(const unsigned int xid, struct cifs_ses *ses, 1302 struct kvec *iov, int n_vec, int *resp_buf_type /* ret */, 1303 const int flags, struct kvec *resp_iov) 1304 { 1305 struct smb_rqst rqst; 1306 struct kvec s_iov[CIFS_MAX_IOV_SIZE], *new_iov; 1307 int rc; 1308 1309 if (n_vec + 1 > CIFS_MAX_IOV_SIZE) { 1310 new_iov = kmalloc_array(n_vec + 1, sizeof(struct kvec), 1311 GFP_KERNEL); 1312 if (!new_iov) { 1313 /* otherwise cifs_send_recv below sets resp_buf_type */ 1314 *resp_buf_type = CIFS_NO_BUFFER; 1315 return -ENOMEM; 1316 } 1317 } else 1318 new_iov = s_iov; 1319 1320 /* 1st iov is a RFC1001 length followed by the rest of the packet */ 1321 memcpy(new_iov + 1, iov, (sizeof(struct kvec) * n_vec)); 1322 1323 new_iov[0].iov_base = new_iov[1].iov_base; 1324 new_iov[0].iov_len = 4; 1325 new_iov[1].iov_base += 4; 1326 new_iov[1].iov_len -= 4; 1327 1328 memset(&rqst, 0, sizeof(struct smb_rqst)); 1329 rqst.rq_iov = new_iov; 1330 rqst.rq_nvec = n_vec + 1; 1331 1332 rc = cifs_send_recv(xid, ses, ses->server, 1333 &rqst, resp_buf_type, flags, resp_iov); 1334 if (n_vec + 1 > CIFS_MAX_IOV_SIZE) 1335 kfree(new_iov); 1336 return rc; 1337 } 1338 1339 int 1340 SendReceive(const unsigned int xid, struct cifs_ses *ses, 1341 struct smb_hdr *in_buf, struct smb_hdr *out_buf, 1342 int *pbytes_returned, const int flags) 1343 { 1344 int rc = 0; 1345 struct mid_q_entry *midQ; 1346 unsigned int len = be32_to_cpu(in_buf->smb_buf_length); 1347 struct kvec iov = { .iov_base = in_buf, .iov_len = len }; 1348 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 }; 1349 struct cifs_credits credits = { .value = 1, .instance = 0 }; 1350 struct TCP_Server_Info *server; 1351 1352 if (ses == NULL) { 1353 cifs_dbg(VFS, "Null smb session\n"); 1354 return -EIO; 1355 } 1356 server = ses->server; 1357 if (server == NULL) { 1358 cifs_dbg(VFS, "Null tcp session\n"); 1359 return -EIO; 1360 } 1361 1362 spin_lock(&server->srv_lock); 1363 if (server->tcpStatus == CifsExiting) { 1364 spin_unlock(&server->srv_lock); 1365 return -ENOENT; 1366 } 1367 spin_unlock(&server->srv_lock); 1368 1369 /* Ensure that we do not send more than 50 overlapping requests 1370 to the same server. We may make this configurable later or 1371 use ses->maxReq */ 1372 1373 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { 1374 cifs_server_dbg(VFS, "Invalid length, greater than maximum frame, %d\n", 1375 len); 1376 return -EIO; 1377 } 1378 1379 rc = wait_for_free_request(server, flags, &credits.instance); 1380 if (rc) 1381 return rc; 1382 1383 /* make sure that we sign in the same order that we send on this socket 1384 and avoid races inside tcp sendmsg code that could cause corruption 1385 of smb data */ 1386 1387 cifs_server_lock(server); 1388 1389 rc = allocate_mid(ses, in_buf, &midQ); 1390 if (rc) { 1391 cifs_server_unlock(server); 1392 /* Update # of requests on wire to server */ 1393 add_credits(server, &credits, 0); 1394 return rc; 1395 } 1396 1397 rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number); 1398 if (rc) { 1399 cifs_server_unlock(server); 1400 goto out; 1401 } 1402 1403 midQ->mid_state = MID_REQUEST_SUBMITTED; 1404 1405 rc = smb_send(server, in_buf, len); 1406 cifs_save_when_sent(midQ); 1407 1408 if (rc < 0) 1409 server->sequence_number -= 2; 1410 1411 cifs_server_unlock(server); 1412 1413 if (rc < 0) 1414 goto out; 1415 1416 rc = wait_for_response(server, midQ); 1417 if (rc != 0) { 1418 send_cancel(server, &rqst, midQ); 1419 spin_lock(&server->mid_lock); 1420 if (midQ->mid_state == MID_REQUEST_SUBMITTED) { 1421 /* no longer considered to be "in-flight" */ 1422 midQ->callback = release_mid; 1423 spin_unlock(&server->mid_lock); 1424 add_credits(server, &credits, 0); 1425 return rc; 1426 } 1427 spin_unlock(&server->mid_lock); 1428 } 1429 1430 rc = cifs_sync_mid_result(midQ, server); 1431 if (rc != 0) { 1432 add_credits(server, &credits, 0); 1433 return rc; 1434 } 1435 1436 if (!midQ->resp_buf || !out_buf || 1437 midQ->mid_state != MID_RESPONSE_RECEIVED) { 1438 rc = -EIO; 1439 cifs_server_dbg(VFS, "Bad MID state?\n"); 1440 goto out; 1441 } 1442 1443 *pbytes_returned = get_rfc1002_length(midQ->resp_buf); 1444 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4); 1445 rc = cifs_check_receive(midQ, server, 0); 1446 out: 1447 delete_mid(midQ); 1448 add_credits(server, &credits, 0); 1449 1450 return rc; 1451 } 1452 1453 /* We send a LOCKINGX_CANCEL_LOCK to cause the Windows 1454 blocking lock to return. */ 1455 1456 static int 1457 send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon, 1458 struct smb_hdr *in_buf, 1459 struct smb_hdr *out_buf) 1460 { 1461 int bytes_returned; 1462 struct cifs_ses *ses = tcon->ses; 1463 LOCK_REQ *pSMB = (LOCK_REQ *)in_buf; 1464 1465 /* We just modify the current in_buf to change 1466 the type of lock from LOCKING_ANDX_SHARED_LOCK 1467 or LOCKING_ANDX_EXCLUSIVE_LOCK to 1468 LOCKING_ANDX_CANCEL_LOCK. */ 1469 1470 pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES; 1471 pSMB->Timeout = 0; 1472 pSMB->hdr.Mid = get_next_mid(ses->server); 1473 1474 return SendReceive(xid, ses, in_buf, out_buf, 1475 &bytes_returned, 0); 1476 } 1477 1478 int 1479 SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon, 1480 struct smb_hdr *in_buf, struct smb_hdr *out_buf, 1481 int *pbytes_returned) 1482 { 1483 int rc = 0; 1484 int rstart = 0; 1485 struct mid_q_entry *midQ; 1486 struct cifs_ses *ses; 1487 unsigned int len = be32_to_cpu(in_buf->smb_buf_length); 1488 struct kvec iov = { .iov_base = in_buf, .iov_len = len }; 1489 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 }; 1490 unsigned int instance; 1491 struct TCP_Server_Info *server; 1492 1493 if (tcon == NULL || tcon->ses == NULL) { 1494 cifs_dbg(VFS, "Null smb session\n"); 1495 return -EIO; 1496 } 1497 ses = tcon->ses; 1498 server = ses->server; 1499 1500 if (server == NULL) { 1501 cifs_dbg(VFS, "Null tcp session\n"); 1502 return -EIO; 1503 } 1504 1505 spin_lock(&server->srv_lock); 1506 if (server->tcpStatus == CifsExiting) { 1507 spin_unlock(&server->srv_lock); 1508 return -ENOENT; 1509 } 1510 spin_unlock(&server->srv_lock); 1511 1512 /* Ensure that we do not send more than 50 overlapping requests 1513 to the same server. We may make this configurable later or 1514 use ses->maxReq */ 1515 1516 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { 1517 cifs_tcon_dbg(VFS, "Invalid length, greater than maximum frame, %d\n", 1518 len); 1519 return -EIO; 1520 } 1521 1522 rc = wait_for_free_request(server, CIFS_BLOCKING_OP, &instance); 1523 if (rc) 1524 return rc; 1525 1526 /* make sure that we sign in the same order that we send on this socket 1527 and avoid races inside tcp sendmsg code that could cause corruption 1528 of smb data */ 1529 1530 cifs_server_lock(server); 1531 1532 rc = allocate_mid(ses, in_buf, &midQ); 1533 if (rc) { 1534 cifs_server_unlock(server); 1535 return rc; 1536 } 1537 1538 rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number); 1539 if (rc) { 1540 delete_mid(midQ); 1541 cifs_server_unlock(server); 1542 return rc; 1543 } 1544 1545 midQ->mid_state = MID_REQUEST_SUBMITTED; 1546 rc = smb_send(server, in_buf, len); 1547 cifs_save_when_sent(midQ); 1548 1549 if (rc < 0) 1550 server->sequence_number -= 2; 1551 1552 cifs_server_unlock(server); 1553 1554 if (rc < 0) { 1555 delete_mid(midQ); 1556 return rc; 1557 } 1558 1559 /* Wait for a reply - allow signals to interrupt. */ 1560 rc = wait_event_interruptible(server->response_q, 1561 (!(midQ->mid_state == MID_REQUEST_SUBMITTED)) || 1562 ((server->tcpStatus != CifsGood) && 1563 (server->tcpStatus != CifsNew))); 1564 1565 /* Were we interrupted by a signal ? */ 1566 spin_lock(&server->srv_lock); 1567 if ((rc == -ERESTARTSYS) && 1568 (midQ->mid_state == MID_REQUEST_SUBMITTED) && 1569 ((server->tcpStatus == CifsGood) || 1570 (server->tcpStatus == CifsNew))) { 1571 spin_unlock(&server->srv_lock); 1572 1573 if (in_buf->Command == SMB_COM_TRANSACTION2) { 1574 /* POSIX lock. We send a NT_CANCEL SMB to cause the 1575 blocking lock to return. */ 1576 rc = send_cancel(server, &rqst, midQ); 1577 if (rc) { 1578 delete_mid(midQ); 1579 return rc; 1580 } 1581 } else { 1582 /* Windows lock. We send a LOCKINGX_CANCEL_LOCK 1583 to cause the blocking lock to return. */ 1584 1585 rc = send_lock_cancel(xid, tcon, in_buf, out_buf); 1586 1587 /* If we get -ENOLCK back the lock may have 1588 already been removed. Don't exit in this case. */ 1589 if (rc && rc != -ENOLCK) { 1590 delete_mid(midQ); 1591 return rc; 1592 } 1593 } 1594 1595 rc = wait_for_response(server, midQ); 1596 if (rc) { 1597 send_cancel(server, &rqst, midQ); 1598 spin_lock(&server->mid_lock); 1599 if (midQ->mid_state == MID_REQUEST_SUBMITTED) { 1600 /* no longer considered to be "in-flight" */ 1601 midQ->callback = release_mid; 1602 spin_unlock(&server->mid_lock); 1603 return rc; 1604 } 1605 spin_unlock(&server->mid_lock); 1606 } 1607 1608 /* We got the response - restart system call. */ 1609 rstart = 1; 1610 spin_lock(&server->srv_lock); 1611 } 1612 spin_unlock(&server->srv_lock); 1613 1614 rc = cifs_sync_mid_result(midQ, server); 1615 if (rc != 0) 1616 return rc; 1617 1618 /* rcvd frame is ok */ 1619 if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_RECEIVED) { 1620 rc = -EIO; 1621 cifs_tcon_dbg(VFS, "Bad MID state?\n"); 1622 goto out; 1623 } 1624 1625 *pbytes_returned = get_rfc1002_length(midQ->resp_buf); 1626 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4); 1627 rc = cifs_check_receive(midQ, server, 0); 1628 out: 1629 delete_mid(midQ); 1630 if (rstart && rc == -EACCES) 1631 return -ERESTARTSYS; 1632 return rc; 1633 } 1634 1635 /* 1636 * Discard any remaining data in the current SMB. To do this, we borrow the 1637 * current bigbuf. 1638 */ 1639 int 1640 cifs_discard_remaining_data(struct TCP_Server_Info *server) 1641 { 1642 unsigned int rfclen = server->pdu_size; 1643 size_t remaining = rfclen + HEADER_PREAMBLE_SIZE(server) - 1644 server->total_read; 1645 1646 while (remaining > 0) { 1647 ssize_t length; 1648 1649 length = cifs_discard_from_socket(server, 1650 min_t(size_t, remaining, 1651 CIFSMaxBufSize + MAX_HEADER_SIZE(server))); 1652 if (length < 0) 1653 return length; 1654 server->total_read += length; 1655 remaining -= length; 1656 } 1657 1658 return 0; 1659 } 1660 1661 static int 1662 __cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid, 1663 bool malformed) 1664 { 1665 int length; 1666 1667 length = cifs_discard_remaining_data(server); 1668 dequeue_mid(mid, malformed); 1669 mid->resp_buf = server->smallbuf; 1670 server->smallbuf = NULL; 1671 return length; 1672 } 1673 1674 static int 1675 cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid) 1676 { 1677 struct cifs_readdata *rdata = mid->callback_data; 1678 1679 return __cifs_readv_discard(server, mid, rdata->result); 1680 } 1681 1682 int 1683 cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid) 1684 { 1685 int length, len; 1686 unsigned int data_offset, data_len; 1687 struct cifs_readdata *rdata = mid->callback_data; 1688 char *buf = server->smallbuf; 1689 unsigned int buflen = server->pdu_size + HEADER_PREAMBLE_SIZE(server); 1690 bool use_rdma_mr = false; 1691 1692 cifs_dbg(FYI, "%s: mid=%llu offset=%llu bytes=%u\n", 1693 __func__, mid->mid, rdata->offset, rdata->bytes); 1694 1695 /* 1696 * read the rest of READ_RSP header (sans Data array), or whatever we 1697 * can if there's not enough data. At this point, we've read down to 1698 * the Mid. 1699 */ 1700 len = min_t(unsigned int, buflen, server->vals->read_rsp_size) - 1701 HEADER_SIZE(server) + 1; 1702 1703 length = cifs_read_from_socket(server, 1704 buf + HEADER_SIZE(server) - 1, len); 1705 if (length < 0) 1706 return length; 1707 server->total_read += length; 1708 1709 if (server->ops->is_session_expired && 1710 server->ops->is_session_expired(buf)) { 1711 cifs_reconnect(server, true); 1712 return -1; 1713 } 1714 1715 if (server->ops->is_status_pending && 1716 server->ops->is_status_pending(buf, server)) { 1717 cifs_discard_remaining_data(server); 1718 return -1; 1719 } 1720 1721 /* set up first two iov for signature check and to get credits */ 1722 rdata->iov[0].iov_base = buf; 1723 rdata->iov[0].iov_len = HEADER_PREAMBLE_SIZE(server); 1724 rdata->iov[1].iov_base = buf + HEADER_PREAMBLE_SIZE(server); 1725 rdata->iov[1].iov_len = 1726 server->total_read - HEADER_PREAMBLE_SIZE(server); 1727 cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu\n", 1728 rdata->iov[0].iov_base, rdata->iov[0].iov_len); 1729 cifs_dbg(FYI, "1: iov_base=%p iov_len=%zu\n", 1730 rdata->iov[1].iov_base, rdata->iov[1].iov_len); 1731 1732 /* Was the SMB read successful? */ 1733 rdata->result = server->ops->map_error(buf, false); 1734 if (rdata->result != 0) { 1735 cifs_dbg(FYI, "%s: server returned error %d\n", 1736 __func__, rdata->result); 1737 /* normal error on read response */ 1738 return __cifs_readv_discard(server, mid, false); 1739 } 1740 1741 /* Is there enough to get to the rest of the READ_RSP header? */ 1742 if (server->total_read < server->vals->read_rsp_size) { 1743 cifs_dbg(FYI, "%s: server returned short header. got=%u expected=%zu\n", 1744 __func__, server->total_read, 1745 server->vals->read_rsp_size); 1746 rdata->result = -EIO; 1747 return cifs_readv_discard(server, mid); 1748 } 1749 1750 data_offset = server->ops->read_data_offset(buf) + 1751 HEADER_PREAMBLE_SIZE(server); 1752 if (data_offset < server->total_read) { 1753 /* 1754 * win2k8 sometimes sends an offset of 0 when the read 1755 * is beyond the EOF. Treat it as if the data starts just after 1756 * the header. 1757 */ 1758 cifs_dbg(FYI, "%s: data offset (%u) inside read response header\n", 1759 __func__, data_offset); 1760 data_offset = server->total_read; 1761 } else if (data_offset > MAX_CIFS_SMALL_BUFFER_SIZE) { 1762 /* data_offset is beyond the end of smallbuf */ 1763 cifs_dbg(FYI, "%s: data offset (%u) beyond end of smallbuf\n", 1764 __func__, data_offset); 1765 rdata->result = -EIO; 1766 return cifs_readv_discard(server, mid); 1767 } 1768 1769 cifs_dbg(FYI, "%s: total_read=%u data_offset=%u\n", 1770 __func__, server->total_read, data_offset); 1771 1772 len = data_offset - server->total_read; 1773 if (len > 0) { 1774 /* read any junk before data into the rest of smallbuf */ 1775 length = cifs_read_from_socket(server, 1776 buf + server->total_read, len); 1777 if (length < 0) 1778 return length; 1779 server->total_read += length; 1780 } 1781 1782 /* how much data is in the response? */ 1783 #ifdef CONFIG_CIFS_SMB_DIRECT 1784 use_rdma_mr = rdata->mr; 1785 #endif 1786 data_len = server->ops->read_data_length(buf, use_rdma_mr); 1787 if (!use_rdma_mr && (data_offset + data_len > buflen)) { 1788 /* data_len is corrupt -- discard frame */ 1789 rdata->result = -EIO; 1790 return cifs_readv_discard(server, mid); 1791 } 1792 1793 #ifdef CONFIG_CIFS_SMB_DIRECT 1794 if (rdata->mr) 1795 length = data_len; /* An RDMA read is already done. */ 1796 else 1797 #endif 1798 length = cifs_read_iter_from_socket(server, &rdata->iter, 1799 data_len); 1800 if (length > 0) 1801 rdata->got_bytes += length; 1802 server->total_read += length; 1803 1804 cifs_dbg(FYI, "total_read=%u buflen=%u remaining=%u\n", 1805 server->total_read, buflen, data_len); 1806 1807 /* discard anything left over */ 1808 if (server->total_read < buflen) 1809 return cifs_readv_discard(server, mid); 1810 1811 dequeue_mid(mid, false); 1812 mid->resp_buf = server->smallbuf; 1813 server->smallbuf = NULL; 1814 return length; 1815 } 1816