1 // SPDX-License-Identifier: LGPL-2.1 2 /* 3 * 4 * Copyright (C) International Business Machines Corp., 2002,2008 5 * Author(s): Steve French (sfrench@us.ibm.com) 6 * Jeremy Allison (jra@samba.org) 2006. 7 * 8 */ 9 10 #include <linux/fs.h> 11 #include <linux/list.h> 12 #include <linux/gfp.h> 13 #include <linux/wait.h> 14 #include <linux/net.h> 15 #include <linux/delay.h> 16 #include <linux/freezer.h> 17 #include <linux/tcp.h> 18 #include <linux/bvec.h> 19 #include <linux/highmem.h> 20 #include <linux/uaccess.h> 21 #include <linux/processor.h> 22 #include <linux/mempool.h> 23 #include <linux/sched/signal.h> 24 #include <linux/task_io_accounting_ops.h> 25 #include "cifspdu.h" 26 #include "cifsglob.h" 27 #include "cifsproto.h" 28 #include "cifs_debug.h" 29 #include "smb2proto.h" 30 #include "smbdirect.h" 31 32 /* Max number of iovectors we can use off the stack when sending requests. */ 33 #define CIFS_MAX_IOV_SIZE 8 34 35 void 36 cifs_wake_up_task(struct mid_q_entry *mid) 37 { 38 if (mid->mid_state == MID_RESPONSE_RECEIVED) 39 mid->mid_state = MID_RESPONSE_READY; 40 wake_up_process(mid->callback_data); 41 } 42 43 static struct mid_q_entry * 44 alloc_mid(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server) 45 { 46 struct mid_q_entry *temp; 47 48 if (server == NULL) { 49 cifs_dbg(VFS, "%s: null TCP session\n", __func__); 50 return NULL; 51 } 52 53 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS); 54 memset(temp, 0, sizeof(struct mid_q_entry)); 55 kref_init(&temp->refcount); 56 temp->mid = get_mid(smb_buffer); 57 temp->pid = current->pid; 58 temp->command = cpu_to_le16(smb_buffer->Command); 59 cifs_dbg(FYI, "For smb_command %d\n", smb_buffer->Command); 60 /* easier to use jiffies */ 61 /* when mid allocated can be before when sent */ 62 temp->when_alloc = jiffies; 63 temp->server = server; 64 65 /* 66 * The default is for the mid to be synchronous, so the 67 * default callback just wakes up the current task. 68 */ 69 get_task_struct(current); 70 temp->creator = current; 71 temp->callback = cifs_wake_up_task; 72 temp->callback_data = current; 73 74 atomic_inc(&mid_count); 75 temp->mid_state = MID_REQUEST_ALLOCATED; 76 return temp; 77 } 78 79 static void __release_mid(struct kref *refcount) 80 { 81 struct mid_q_entry *midEntry = 82 container_of(refcount, struct mid_q_entry, refcount); 83 #ifdef CONFIG_CIFS_STATS2 84 __le16 command = midEntry->server->vals->lock_cmd; 85 __u16 smb_cmd = le16_to_cpu(midEntry->command); 86 unsigned long now; 87 unsigned long roundtrip_time; 88 #endif 89 struct TCP_Server_Info *server = midEntry->server; 90 91 if (midEntry->resp_buf && (midEntry->mid_flags & MID_WAIT_CANCELLED) && 92 (midEntry->mid_state == MID_RESPONSE_RECEIVED || 93 midEntry->mid_state == MID_RESPONSE_READY) && 94 server->ops->handle_cancelled_mid) 95 server->ops->handle_cancelled_mid(midEntry, server); 96 97 midEntry->mid_state = MID_FREE; 98 atomic_dec(&mid_count); 99 if (midEntry->large_buf) 100 cifs_buf_release(midEntry->resp_buf); 101 else 102 cifs_small_buf_release(midEntry->resp_buf); 103 #ifdef CONFIG_CIFS_STATS2 104 now = jiffies; 105 if (now < midEntry->when_alloc) 106 cifs_server_dbg(VFS, "Invalid mid allocation time\n"); 107 roundtrip_time = now - midEntry->when_alloc; 108 109 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) { 110 if (atomic_read(&server->num_cmds[smb_cmd]) == 0) { 111 server->slowest_cmd[smb_cmd] = roundtrip_time; 112 server->fastest_cmd[smb_cmd] = roundtrip_time; 113 } else { 114 if (server->slowest_cmd[smb_cmd] < roundtrip_time) 115 server->slowest_cmd[smb_cmd] = roundtrip_time; 116 else if (server->fastest_cmd[smb_cmd] > roundtrip_time) 117 server->fastest_cmd[smb_cmd] = roundtrip_time; 118 } 119 cifs_stats_inc(&server->num_cmds[smb_cmd]); 120 server->time_per_cmd[smb_cmd] += roundtrip_time; 121 } 122 /* 123 * commands taking longer than one second (default) can be indications 124 * that something is wrong, unless it is quite a slow link or a very 125 * busy server. Note that this calc is unlikely or impossible to wrap 126 * as long as slow_rsp_threshold is not set way above recommended max 127 * value (32767 ie 9 hours) and is generally harmless even if wrong 128 * since only affects debug counters - so leaving the calc as simple 129 * comparison rather than doing multiple conversions and overflow 130 * checks 131 */ 132 if ((slow_rsp_threshold != 0) && 133 time_after(now, midEntry->when_alloc + (slow_rsp_threshold * HZ)) && 134 (midEntry->command != command)) { 135 /* 136 * smb2slowcmd[NUMBER_OF_SMB2_COMMANDS] counts by command 137 * NB: le16_to_cpu returns unsigned so can not be negative below 138 */ 139 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) 140 cifs_stats_inc(&server->smb2slowcmd[smb_cmd]); 141 142 trace_smb3_slow_rsp(smb_cmd, midEntry->mid, midEntry->pid, 143 midEntry->when_sent, midEntry->when_received); 144 if (cifsFYI & CIFS_TIMER) { 145 pr_debug("slow rsp: cmd %d mid %llu", 146 midEntry->command, midEntry->mid); 147 cifs_info("A: 0x%lx S: 0x%lx R: 0x%lx\n", 148 now - midEntry->when_alloc, 149 now - midEntry->when_sent, 150 now - midEntry->when_received); 151 } 152 } 153 #endif 154 put_task_struct(midEntry->creator); 155 156 mempool_free(midEntry, cifs_mid_poolp); 157 } 158 159 void release_mid(struct mid_q_entry *mid) 160 { 161 struct TCP_Server_Info *server = mid->server; 162 163 spin_lock(&server->mid_lock); 164 kref_put(&mid->refcount, __release_mid); 165 spin_unlock(&server->mid_lock); 166 } 167 168 void 169 delete_mid(struct mid_q_entry *mid) 170 { 171 spin_lock(&mid->server->mid_lock); 172 if (!(mid->mid_flags & MID_DELETED)) { 173 list_del_init(&mid->qhead); 174 mid->mid_flags |= MID_DELETED; 175 } 176 spin_unlock(&mid->server->mid_lock); 177 178 release_mid(mid); 179 } 180 181 /* 182 * smb_send_kvec - send an array of kvecs to the server 183 * @server: Server to send the data to 184 * @smb_msg: Message to send 185 * @sent: amount of data sent on socket is stored here 186 * 187 * Our basic "send data to server" function. Should be called with srv_mutex 188 * held. The caller is responsible for handling the results. 189 */ 190 static int 191 smb_send_kvec(struct TCP_Server_Info *server, struct msghdr *smb_msg, 192 size_t *sent) 193 { 194 int rc = 0; 195 int retries = 0; 196 struct socket *ssocket = server->ssocket; 197 198 *sent = 0; 199 200 if (server->noblocksnd) 201 smb_msg->msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL; 202 else 203 smb_msg->msg_flags = MSG_NOSIGNAL; 204 205 while (msg_data_left(smb_msg)) { 206 /* 207 * If blocking send, we try 3 times, since each can block 208 * for 5 seconds. For nonblocking we have to try more 209 * but wait increasing amounts of time allowing time for 210 * socket to clear. The overall time we wait in either 211 * case to send on the socket is about 15 seconds. 212 * Similarly we wait for 15 seconds for a response from 213 * the server in SendReceive[2] for the server to send 214 * a response back for most types of requests (except 215 * SMB Write past end of file which can be slow, and 216 * blocking lock operations). NFS waits slightly longer 217 * than CIFS, but this can make it take longer for 218 * nonresponsive servers to be detected and 15 seconds 219 * is more than enough time for modern networks to 220 * send a packet. In most cases if we fail to send 221 * after the retries we will kill the socket and 222 * reconnect which may clear the network problem. 223 */ 224 rc = sock_sendmsg(ssocket, smb_msg); 225 if (rc == -EAGAIN) { 226 retries++; 227 if (retries >= 14 || 228 (!server->noblocksnd && (retries > 2))) { 229 cifs_server_dbg(VFS, "sends on sock %p stuck for 15 seconds\n", 230 ssocket); 231 return -EAGAIN; 232 } 233 msleep(1 << retries); 234 continue; 235 } 236 237 if (rc < 0) 238 return rc; 239 240 if (rc == 0) { 241 /* should never happen, letting socket clear before 242 retrying is our only obvious option here */ 243 cifs_server_dbg(VFS, "tcp sent no data\n"); 244 msleep(500); 245 continue; 246 } 247 248 /* send was at least partially successful */ 249 *sent += rc; 250 retries = 0; /* in case we get ENOSPC on the next send */ 251 } 252 return 0; 253 } 254 255 unsigned long 256 smb_rqst_len(struct TCP_Server_Info *server, struct smb_rqst *rqst) 257 { 258 unsigned int i; 259 struct kvec *iov; 260 int nvec; 261 unsigned long buflen = 0; 262 263 if (!is_smb1(server) && rqst->rq_nvec >= 2 && 264 rqst->rq_iov[0].iov_len == 4) { 265 iov = &rqst->rq_iov[1]; 266 nvec = rqst->rq_nvec - 1; 267 } else { 268 iov = rqst->rq_iov; 269 nvec = rqst->rq_nvec; 270 } 271 272 /* total up iov array first */ 273 for (i = 0; i < nvec; i++) 274 buflen += iov[i].iov_len; 275 276 buflen += iov_iter_count(&rqst->rq_iter); 277 return buflen; 278 } 279 280 static int 281 __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst, 282 struct smb_rqst *rqst) 283 { 284 int rc; 285 struct kvec *iov; 286 int n_vec; 287 unsigned int send_length = 0; 288 unsigned int i, j; 289 sigset_t mask, oldmask; 290 size_t total_len = 0, sent, size; 291 struct socket *ssocket = server->ssocket; 292 struct msghdr smb_msg = {}; 293 __be32 rfc1002_marker; 294 295 cifs_in_send_inc(server); 296 if (cifs_rdma_enabled(server)) { 297 /* return -EAGAIN when connecting or reconnecting */ 298 rc = -EAGAIN; 299 if (server->smbd_conn) 300 rc = smbd_send(server, num_rqst, rqst); 301 goto smbd_done; 302 } 303 304 rc = -EAGAIN; 305 if (ssocket == NULL) 306 goto out; 307 308 rc = -ERESTARTSYS; 309 if (fatal_signal_pending(current)) { 310 cifs_dbg(FYI, "signal pending before send request\n"); 311 goto out; 312 } 313 314 rc = 0; 315 /* cork the socket */ 316 tcp_sock_set_cork(ssocket->sk, true); 317 318 for (j = 0; j < num_rqst; j++) 319 send_length += smb_rqst_len(server, &rqst[j]); 320 rfc1002_marker = cpu_to_be32(send_length); 321 322 /* 323 * We should not allow signals to interrupt the network send because 324 * any partial send will cause session reconnects thus increasing 325 * latency of system calls and overload a server with unnecessary 326 * requests. 327 */ 328 329 sigfillset(&mask); 330 sigprocmask(SIG_BLOCK, &mask, &oldmask); 331 332 /* Generate a rfc1002 marker for SMB2+ */ 333 if (!is_smb1(server)) { 334 struct kvec hiov = { 335 .iov_base = &rfc1002_marker, 336 .iov_len = 4 337 }; 338 iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, &hiov, 1, 4); 339 rc = smb_send_kvec(server, &smb_msg, &sent); 340 if (rc < 0) 341 goto unmask; 342 343 total_len += sent; 344 send_length += 4; 345 } 346 347 cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length); 348 349 for (j = 0; j < num_rqst; j++) { 350 iov = rqst[j].rq_iov; 351 n_vec = rqst[j].rq_nvec; 352 353 size = 0; 354 for (i = 0; i < n_vec; i++) { 355 dump_smb(iov[i].iov_base, iov[i].iov_len); 356 size += iov[i].iov_len; 357 } 358 359 iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, iov, n_vec, size); 360 361 rc = smb_send_kvec(server, &smb_msg, &sent); 362 if (rc < 0) 363 goto unmask; 364 365 total_len += sent; 366 367 if (iov_iter_count(&rqst[j].rq_iter) > 0) { 368 smb_msg.msg_iter = rqst[j].rq_iter; 369 rc = smb_send_kvec(server, &smb_msg, &sent); 370 if (rc < 0) 371 break; 372 total_len += sent; 373 } 374 375 } 376 377 unmask: 378 sigprocmask(SIG_SETMASK, &oldmask, NULL); 379 380 /* 381 * If signal is pending but we have already sent the whole packet to 382 * the server we need to return success status to allow a corresponding 383 * mid entry to be kept in the pending requests queue thus allowing 384 * to handle responses from the server by the client. 385 * 386 * If only part of the packet has been sent there is no need to hide 387 * interrupt because the session will be reconnected anyway, so there 388 * won't be any response from the server to handle. 389 */ 390 391 if (signal_pending(current) && (total_len != send_length)) { 392 cifs_dbg(FYI, "signal is pending after attempt to send\n"); 393 rc = -ERESTARTSYS; 394 } 395 396 /* uncork it */ 397 tcp_sock_set_cork(ssocket->sk, false); 398 399 if ((total_len > 0) && (total_len != send_length)) { 400 cifs_dbg(FYI, "partial send (wanted=%u sent=%zu): terminating session\n", 401 send_length, total_len); 402 /* 403 * If we have only sent part of an SMB then the next SMB could 404 * be taken as the remainder of this one. We need to kill the 405 * socket so the server throws away the partial SMB 406 */ 407 cifs_signal_cifsd_for_reconnect(server, false); 408 trace_smb3_partial_send_reconnect(server->CurrentMid, 409 server->conn_id, server->hostname); 410 } 411 smbd_done: 412 if (rc < 0 && rc != -EINTR) 413 cifs_server_dbg(VFS, "Error %d sending data on socket to server\n", 414 rc); 415 else if (rc > 0) 416 rc = 0; 417 out: 418 cifs_in_send_dec(server); 419 return rc; 420 } 421 422 struct send_req_vars { 423 struct smb2_transform_hdr tr_hdr; 424 struct smb_rqst rqst[MAX_COMPOUND]; 425 struct kvec iov; 426 }; 427 428 static int 429 smb_send_rqst(struct TCP_Server_Info *server, int num_rqst, 430 struct smb_rqst *rqst, int flags) 431 { 432 struct send_req_vars *vars; 433 struct smb_rqst *cur_rqst; 434 struct kvec *iov; 435 int rc; 436 437 if (!(flags & CIFS_TRANSFORM_REQ)) 438 return __smb_send_rqst(server, num_rqst, rqst); 439 440 if (num_rqst > MAX_COMPOUND - 1) 441 return -ENOMEM; 442 443 if (!server->ops->init_transform_rq) { 444 cifs_server_dbg(VFS, "Encryption requested but transform callback is missing\n"); 445 return -EIO; 446 } 447 448 vars = kzalloc(sizeof(*vars), GFP_NOFS); 449 if (!vars) 450 return -ENOMEM; 451 cur_rqst = vars->rqst; 452 iov = &vars->iov; 453 454 iov->iov_base = &vars->tr_hdr; 455 iov->iov_len = sizeof(vars->tr_hdr); 456 cur_rqst[0].rq_iov = iov; 457 cur_rqst[0].rq_nvec = 1; 458 459 rc = server->ops->init_transform_rq(server, num_rqst + 1, 460 &cur_rqst[0], rqst); 461 if (rc) 462 goto out; 463 464 rc = __smb_send_rqst(server, num_rqst + 1, &cur_rqst[0]); 465 smb3_free_compound_rqst(num_rqst, &cur_rqst[1]); 466 out: 467 kfree(vars); 468 return rc; 469 } 470 471 int 472 smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer, 473 unsigned int smb_buf_length) 474 { 475 struct kvec iov[2]; 476 struct smb_rqst rqst = { .rq_iov = iov, 477 .rq_nvec = 2 }; 478 479 iov[0].iov_base = smb_buffer; 480 iov[0].iov_len = 4; 481 iov[1].iov_base = (char *)smb_buffer + 4; 482 iov[1].iov_len = smb_buf_length; 483 484 return __smb_send_rqst(server, 1, &rqst); 485 } 486 487 static int 488 wait_for_free_credits(struct TCP_Server_Info *server, const int num_credits, 489 const int timeout, const int flags, 490 unsigned int *instance) 491 { 492 long rc; 493 int *credits; 494 int optype; 495 long int t; 496 int scredits, in_flight; 497 498 if (timeout < 0) 499 t = MAX_JIFFY_OFFSET; 500 else 501 t = msecs_to_jiffies(timeout); 502 503 optype = flags & CIFS_OP_MASK; 504 505 *instance = 0; 506 507 credits = server->ops->get_credits_field(server, optype); 508 /* Since an echo is already inflight, no need to wait to send another */ 509 if (*credits <= 0 && optype == CIFS_ECHO_OP) 510 return -EAGAIN; 511 512 spin_lock(&server->req_lock); 513 if ((flags & CIFS_TIMEOUT_MASK) == CIFS_NON_BLOCKING) { 514 /* oplock breaks must not be held up */ 515 server->in_flight++; 516 if (server->in_flight > server->max_in_flight) 517 server->max_in_flight = server->in_flight; 518 *credits -= 1; 519 *instance = server->reconnect_instance; 520 scredits = *credits; 521 in_flight = server->in_flight; 522 spin_unlock(&server->req_lock); 523 524 trace_smb3_nblk_credits(server->CurrentMid, 525 server->conn_id, server->hostname, scredits, -1, in_flight); 526 cifs_dbg(FYI, "%s: remove %u credits total=%d\n", 527 __func__, 1, scredits); 528 529 return 0; 530 } 531 532 while (1) { 533 spin_unlock(&server->req_lock); 534 535 spin_lock(&server->srv_lock); 536 if (server->tcpStatus == CifsExiting) { 537 spin_unlock(&server->srv_lock); 538 return -ENOENT; 539 } 540 spin_unlock(&server->srv_lock); 541 542 spin_lock(&server->req_lock); 543 if (*credits < num_credits) { 544 scredits = *credits; 545 spin_unlock(&server->req_lock); 546 547 cifs_num_waiters_inc(server); 548 rc = wait_event_killable_timeout(server->request_q, 549 has_credits(server, credits, num_credits), t); 550 cifs_num_waiters_dec(server); 551 if (!rc) { 552 spin_lock(&server->req_lock); 553 scredits = *credits; 554 in_flight = server->in_flight; 555 spin_unlock(&server->req_lock); 556 557 trace_smb3_credit_timeout(server->CurrentMid, 558 server->conn_id, server->hostname, scredits, 559 num_credits, in_flight); 560 cifs_server_dbg(VFS, "wait timed out after %d ms\n", 561 timeout); 562 return -EBUSY; 563 } 564 if (rc == -ERESTARTSYS) 565 return -ERESTARTSYS; 566 spin_lock(&server->req_lock); 567 } else { 568 /* 569 * For normal commands, reserve the last MAX_COMPOUND 570 * credits to compound requests. 571 * Otherwise these compounds could be permanently 572 * starved for credits by single-credit requests. 573 * 574 * To prevent spinning CPU, block this thread until 575 * there are >MAX_COMPOUND credits available. 576 * But only do this is we already have a lot of 577 * credits in flight to avoid triggering this check 578 * for servers that are slow to hand out credits on 579 * new sessions. 580 */ 581 if (!optype && num_credits == 1 && 582 server->in_flight > 2 * MAX_COMPOUND && 583 *credits <= MAX_COMPOUND) { 584 spin_unlock(&server->req_lock); 585 586 cifs_num_waiters_inc(server); 587 rc = wait_event_killable_timeout( 588 server->request_q, 589 has_credits(server, credits, 590 MAX_COMPOUND + 1), 591 t); 592 cifs_num_waiters_dec(server); 593 if (!rc) { 594 spin_lock(&server->req_lock); 595 scredits = *credits; 596 in_flight = server->in_flight; 597 spin_unlock(&server->req_lock); 598 599 trace_smb3_credit_timeout( 600 server->CurrentMid, 601 server->conn_id, server->hostname, 602 scredits, num_credits, in_flight); 603 cifs_server_dbg(VFS, "wait timed out after %d ms\n", 604 timeout); 605 return -EBUSY; 606 } 607 if (rc == -ERESTARTSYS) 608 return -ERESTARTSYS; 609 spin_lock(&server->req_lock); 610 continue; 611 } 612 613 /* 614 * Can not count locking commands against total 615 * as they are allowed to block on server. 616 */ 617 618 /* update # of requests on the wire to server */ 619 if ((flags & CIFS_TIMEOUT_MASK) != CIFS_BLOCKING_OP) { 620 *credits -= num_credits; 621 server->in_flight += num_credits; 622 if (server->in_flight > server->max_in_flight) 623 server->max_in_flight = server->in_flight; 624 *instance = server->reconnect_instance; 625 } 626 scredits = *credits; 627 in_flight = server->in_flight; 628 spin_unlock(&server->req_lock); 629 630 trace_smb3_waitff_credits(server->CurrentMid, 631 server->conn_id, server->hostname, scredits, 632 -(num_credits), in_flight); 633 cifs_dbg(FYI, "%s: remove %u credits total=%d\n", 634 __func__, num_credits, scredits); 635 break; 636 } 637 } 638 return 0; 639 } 640 641 static int 642 wait_for_free_request(struct TCP_Server_Info *server, const int flags, 643 unsigned int *instance) 644 { 645 return wait_for_free_credits(server, 1, -1, flags, 646 instance); 647 } 648 649 static int 650 wait_for_compound_request(struct TCP_Server_Info *server, int num, 651 const int flags, unsigned int *instance) 652 { 653 int *credits; 654 int scredits, in_flight; 655 656 credits = server->ops->get_credits_field(server, flags & CIFS_OP_MASK); 657 658 spin_lock(&server->req_lock); 659 scredits = *credits; 660 in_flight = server->in_flight; 661 662 if (*credits < num) { 663 /* 664 * If the server is tight on resources or just gives us less 665 * credits for other reasons (e.g. requests are coming out of 666 * order and the server delays granting more credits until it 667 * processes a missing mid) and we exhausted most available 668 * credits there may be situations when we try to send 669 * a compound request but we don't have enough credits. At this 670 * point the client needs to decide if it should wait for 671 * additional credits or fail the request. If at least one 672 * request is in flight there is a high probability that the 673 * server will return enough credits to satisfy this compound 674 * request. 675 * 676 * Return immediately if no requests in flight since we will be 677 * stuck on waiting for credits. 678 */ 679 if (server->in_flight == 0) { 680 spin_unlock(&server->req_lock); 681 trace_smb3_insufficient_credits(server->CurrentMid, 682 server->conn_id, server->hostname, scredits, 683 num, in_flight); 684 cifs_dbg(FYI, "%s: %d requests in flight, needed %d total=%d\n", 685 __func__, in_flight, num, scredits); 686 return -EDEADLK; 687 } 688 } 689 spin_unlock(&server->req_lock); 690 691 return wait_for_free_credits(server, num, 60000, flags, 692 instance); 693 } 694 695 int 696 cifs_wait_mtu_credits(struct TCP_Server_Info *server, unsigned int size, 697 unsigned int *num, struct cifs_credits *credits) 698 { 699 *num = size; 700 credits->value = 0; 701 credits->instance = server->reconnect_instance; 702 return 0; 703 } 704 705 static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf, 706 struct mid_q_entry **ppmidQ) 707 { 708 spin_lock(&ses->ses_lock); 709 if (ses->ses_status == SES_NEW) { 710 if ((in_buf->Command != SMB_COM_SESSION_SETUP_ANDX) && 711 (in_buf->Command != SMB_COM_NEGOTIATE)) { 712 spin_unlock(&ses->ses_lock); 713 return -EAGAIN; 714 } 715 /* else ok - we are setting up session */ 716 } 717 718 if (ses->ses_status == SES_EXITING) { 719 /* check if SMB session is bad because we are setting it up */ 720 if (in_buf->Command != SMB_COM_LOGOFF_ANDX) { 721 spin_unlock(&ses->ses_lock); 722 return -EAGAIN; 723 } 724 /* else ok - we are shutting down session */ 725 } 726 spin_unlock(&ses->ses_lock); 727 728 *ppmidQ = alloc_mid(in_buf, ses->server); 729 if (*ppmidQ == NULL) 730 return -ENOMEM; 731 spin_lock(&ses->server->mid_lock); 732 list_add_tail(&(*ppmidQ)->qhead, &ses->server->pending_mid_q); 733 spin_unlock(&ses->server->mid_lock); 734 return 0; 735 } 736 737 static int 738 wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ) 739 { 740 int error; 741 742 error = wait_event_state(server->response_q, 743 midQ->mid_state != MID_REQUEST_SUBMITTED && 744 midQ->mid_state != MID_RESPONSE_RECEIVED, 745 (TASK_KILLABLE|TASK_FREEZABLE_UNSAFE)); 746 if (error < 0) 747 return -ERESTARTSYS; 748 749 return 0; 750 } 751 752 struct mid_q_entry * 753 cifs_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst) 754 { 755 int rc; 756 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 757 struct mid_q_entry *mid; 758 759 if (rqst->rq_iov[0].iov_len != 4 || 760 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base) 761 return ERR_PTR(-EIO); 762 763 /* enable signing if server requires it */ 764 if (server->sign) 765 hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE; 766 767 mid = alloc_mid(hdr, server); 768 if (mid == NULL) 769 return ERR_PTR(-ENOMEM); 770 771 rc = cifs_sign_rqst(rqst, server, &mid->sequence_number); 772 if (rc) { 773 release_mid(mid); 774 return ERR_PTR(rc); 775 } 776 777 return mid; 778 } 779 780 /* 781 * Send a SMB request and set the callback function in the mid to handle 782 * the result. Caller is responsible for dealing with timeouts. 783 */ 784 int 785 cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst, 786 mid_receive_t *receive, mid_callback_t *callback, 787 mid_handle_t *handle, void *cbdata, const int flags, 788 const struct cifs_credits *exist_credits) 789 { 790 int rc; 791 struct mid_q_entry *mid; 792 struct cifs_credits credits = { .value = 0, .instance = 0 }; 793 unsigned int instance; 794 int optype; 795 796 optype = flags & CIFS_OP_MASK; 797 798 if ((flags & CIFS_HAS_CREDITS) == 0) { 799 rc = wait_for_free_request(server, flags, &instance); 800 if (rc) 801 return rc; 802 credits.value = 1; 803 credits.instance = instance; 804 } else 805 instance = exist_credits->instance; 806 807 cifs_server_lock(server); 808 809 /* 810 * We can't use credits obtained from the previous session to send this 811 * request. Check if there were reconnects after we obtained credits and 812 * return -EAGAIN in such cases to let callers handle it. 813 */ 814 if (instance != server->reconnect_instance) { 815 cifs_server_unlock(server); 816 add_credits_and_wake_if(server, &credits, optype); 817 return -EAGAIN; 818 } 819 820 mid = server->ops->setup_async_request(server, rqst); 821 if (IS_ERR(mid)) { 822 cifs_server_unlock(server); 823 add_credits_and_wake_if(server, &credits, optype); 824 return PTR_ERR(mid); 825 } 826 827 mid->receive = receive; 828 mid->callback = callback; 829 mid->callback_data = cbdata; 830 mid->handle = handle; 831 mid->mid_state = MID_REQUEST_SUBMITTED; 832 833 /* put it on the pending_mid_q */ 834 spin_lock(&server->mid_lock); 835 list_add_tail(&mid->qhead, &server->pending_mid_q); 836 spin_unlock(&server->mid_lock); 837 838 /* 839 * Need to store the time in mid before calling I/O. For call_async, 840 * I/O response may come back and free the mid entry on another thread. 841 */ 842 cifs_save_when_sent(mid); 843 rc = smb_send_rqst(server, 1, rqst, flags); 844 845 if (rc < 0) { 846 revert_current_mid(server, mid->credits); 847 server->sequence_number -= 2; 848 delete_mid(mid); 849 } 850 851 cifs_server_unlock(server); 852 853 if (rc == 0) 854 return 0; 855 856 add_credits_and_wake_if(server, &credits, optype); 857 return rc; 858 } 859 860 /* 861 * 862 * Send an SMB Request. No response info (other than return code) 863 * needs to be parsed. 864 * 865 * flags indicate the type of request buffer and how long to wait 866 * and whether to log NT STATUS code (error) before mapping it to POSIX error 867 * 868 */ 869 int 870 SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses, 871 char *in_buf, int flags) 872 { 873 int rc; 874 struct kvec iov[1]; 875 struct kvec rsp_iov; 876 int resp_buf_type; 877 878 iov[0].iov_base = in_buf; 879 iov[0].iov_len = get_rfc1002_length(in_buf) + 4; 880 flags |= CIFS_NO_RSP_BUF; 881 rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags, &rsp_iov); 882 cifs_dbg(NOISY, "SendRcvNoRsp flags %d rc %d\n", flags, rc); 883 884 return rc; 885 } 886 887 static int 888 cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) 889 { 890 int rc = 0; 891 892 cifs_dbg(FYI, "%s: cmd=%d mid=%llu state=%d\n", 893 __func__, le16_to_cpu(mid->command), mid->mid, mid->mid_state); 894 895 spin_lock(&server->mid_lock); 896 switch (mid->mid_state) { 897 case MID_RESPONSE_READY: 898 spin_unlock(&server->mid_lock); 899 return rc; 900 case MID_RETRY_NEEDED: 901 rc = -EAGAIN; 902 break; 903 case MID_RESPONSE_MALFORMED: 904 rc = -EIO; 905 break; 906 case MID_SHUTDOWN: 907 rc = -EHOSTDOWN; 908 break; 909 default: 910 if (!(mid->mid_flags & MID_DELETED)) { 911 list_del_init(&mid->qhead); 912 mid->mid_flags |= MID_DELETED; 913 } 914 cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", 915 __func__, mid->mid, mid->mid_state); 916 rc = -EIO; 917 } 918 spin_unlock(&server->mid_lock); 919 920 release_mid(mid); 921 return rc; 922 } 923 924 static inline int 925 send_cancel(struct TCP_Server_Info *server, struct smb_rqst *rqst, 926 struct mid_q_entry *mid) 927 { 928 return server->ops->send_cancel ? 929 server->ops->send_cancel(server, rqst, mid) : 0; 930 } 931 932 int 933 cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server, 934 bool log_error) 935 { 936 unsigned int len = get_rfc1002_length(mid->resp_buf) + 4; 937 938 dump_smb(mid->resp_buf, min_t(u32, 92, len)); 939 940 /* convert the length into a more usable form */ 941 if (server->sign) { 942 struct kvec iov[2]; 943 int rc = 0; 944 struct smb_rqst rqst = { .rq_iov = iov, 945 .rq_nvec = 2 }; 946 947 iov[0].iov_base = mid->resp_buf; 948 iov[0].iov_len = 4; 949 iov[1].iov_base = (char *)mid->resp_buf + 4; 950 iov[1].iov_len = len - 4; 951 /* FIXME: add code to kill session */ 952 rc = cifs_verify_signature(&rqst, server, 953 mid->sequence_number); 954 if (rc) 955 cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n", 956 rc); 957 } 958 959 /* BB special case reconnect tid and uid here? */ 960 return map_and_check_smb_error(mid, log_error); 961 } 962 963 struct mid_q_entry * 964 cifs_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *ignored, 965 struct smb_rqst *rqst) 966 { 967 int rc; 968 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 969 struct mid_q_entry *mid; 970 971 if (rqst->rq_iov[0].iov_len != 4 || 972 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base) 973 return ERR_PTR(-EIO); 974 975 rc = allocate_mid(ses, hdr, &mid); 976 if (rc) 977 return ERR_PTR(rc); 978 rc = cifs_sign_rqst(rqst, ses->server, &mid->sequence_number); 979 if (rc) { 980 delete_mid(mid); 981 return ERR_PTR(rc); 982 } 983 return mid; 984 } 985 986 static void 987 cifs_compound_callback(struct mid_q_entry *mid) 988 { 989 struct TCP_Server_Info *server = mid->server; 990 struct cifs_credits credits; 991 992 credits.value = server->ops->get_credits(mid); 993 credits.instance = server->reconnect_instance; 994 995 add_credits(server, &credits, mid->optype); 996 997 if (mid->mid_state == MID_RESPONSE_RECEIVED) 998 mid->mid_state = MID_RESPONSE_READY; 999 } 1000 1001 static void 1002 cifs_compound_last_callback(struct mid_q_entry *mid) 1003 { 1004 cifs_compound_callback(mid); 1005 cifs_wake_up_task(mid); 1006 } 1007 1008 static void 1009 cifs_cancelled_callback(struct mid_q_entry *mid) 1010 { 1011 cifs_compound_callback(mid); 1012 release_mid(mid); 1013 } 1014 1015 /* 1016 * Return a channel (master if none) of @ses that can be used to send 1017 * regular requests. 1018 * 1019 * If we are currently binding a new channel (negprot/sess.setup), 1020 * return the new incomplete channel. 1021 */ 1022 struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) 1023 { 1024 uint index = 0; 1025 unsigned int min_in_flight = UINT_MAX, max_in_flight = 0; 1026 struct TCP_Server_Info *server = NULL; 1027 int i; 1028 1029 if (!ses) 1030 return NULL; 1031 1032 spin_lock(&ses->chan_lock); 1033 for (i = 0; i < ses->chan_count; i++) { 1034 server = ses->chans[i].server; 1035 if (!server) 1036 continue; 1037 1038 /* 1039 * strictly speaking, we should pick up req_lock to read 1040 * server->in_flight. But it shouldn't matter much here if we 1041 * race while reading this data. The worst that can happen is 1042 * that we could use a channel that's not least loaded. Avoiding 1043 * taking the lock could help reduce wait time, which is 1044 * important for this function 1045 */ 1046 if (server->in_flight < min_in_flight) { 1047 min_in_flight = server->in_flight; 1048 index = i; 1049 } 1050 if (server->in_flight > max_in_flight) 1051 max_in_flight = server->in_flight; 1052 } 1053 1054 /* if all channels are equally loaded, fall back to round-robin */ 1055 if (min_in_flight == max_in_flight) { 1056 index = (uint)atomic_inc_return(&ses->chan_seq); 1057 index %= ses->chan_count; 1058 } 1059 spin_unlock(&ses->chan_lock); 1060 1061 return ses->chans[index].server; 1062 } 1063 1064 int 1065 compound_send_recv(const unsigned int xid, struct cifs_ses *ses, 1066 struct TCP_Server_Info *server, 1067 const int flags, const int num_rqst, struct smb_rqst *rqst, 1068 int *resp_buf_type, struct kvec *resp_iov) 1069 { 1070 int i, j, optype, rc = 0; 1071 struct mid_q_entry *midQ[MAX_COMPOUND]; 1072 bool cancelled_mid[MAX_COMPOUND] = {false}; 1073 struct cifs_credits credits[MAX_COMPOUND] = { 1074 { .value = 0, .instance = 0 } 1075 }; 1076 unsigned int instance; 1077 char *buf; 1078 1079 optype = flags & CIFS_OP_MASK; 1080 1081 for (i = 0; i < num_rqst; i++) 1082 resp_buf_type[i] = CIFS_NO_BUFFER; /* no response buf yet */ 1083 1084 if (!ses || !ses->server || !server) { 1085 cifs_dbg(VFS, "Null session\n"); 1086 return -EIO; 1087 } 1088 1089 spin_lock(&server->srv_lock); 1090 if (server->tcpStatus == CifsExiting) { 1091 spin_unlock(&server->srv_lock); 1092 return -ENOENT; 1093 } 1094 spin_unlock(&server->srv_lock); 1095 1096 /* 1097 * Wait for all the requests to become available. 1098 * This approach still leaves the possibility to be stuck waiting for 1099 * credits if the server doesn't grant credits to the outstanding 1100 * requests and if the client is completely idle, not generating any 1101 * other requests. 1102 * This can be handled by the eventual session reconnect. 1103 */ 1104 rc = wait_for_compound_request(server, num_rqst, flags, 1105 &instance); 1106 if (rc) 1107 return rc; 1108 1109 for (i = 0; i < num_rqst; i++) { 1110 credits[i].value = 1; 1111 credits[i].instance = instance; 1112 } 1113 1114 /* 1115 * Make sure that we sign in the same order that we send on this socket 1116 * and avoid races inside tcp sendmsg code that could cause corruption 1117 * of smb data. 1118 */ 1119 1120 cifs_server_lock(server); 1121 1122 /* 1123 * All the parts of the compound chain belong obtained credits from the 1124 * same session. We can not use credits obtained from the previous 1125 * session to send this request. Check if there were reconnects after 1126 * we obtained credits and return -EAGAIN in such cases to let callers 1127 * handle it. 1128 */ 1129 if (instance != server->reconnect_instance) { 1130 cifs_server_unlock(server); 1131 for (j = 0; j < num_rqst; j++) 1132 add_credits(server, &credits[j], optype); 1133 return -EAGAIN; 1134 } 1135 1136 for (i = 0; i < num_rqst; i++) { 1137 midQ[i] = server->ops->setup_request(ses, server, &rqst[i]); 1138 if (IS_ERR(midQ[i])) { 1139 revert_current_mid(server, i); 1140 for (j = 0; j < i; j++) 1141 delete_mid(midQ[j]); 1142 cifs_server_unlock(server); 1143 1144 /* Update # of requests on wire to server */ 1145 for (j = 0; j < num_rqst; j++) 1146 add_credits(server, &credits[j], optype); 1147 return PTR_ERR(midQ[i]); 1148 } 1149 1150 midQ[i]->mid_state = MID_REQUEST_SUBMITTED; 1151 midQ[i]->optype = optype; 1152 /* 1153 * Invoke callback for every part of the compound chain 1154 * to calculate credits properly. Wake up this thread only when 1155 * the last element is received. 1156 */ 1157 if (i < num_rqst - 1) 1158 midQ[i]->callback = cifs_compound_callback; 1159 else 1160 midQ[i]->callback = cifs_compound_last_callback; 1161 } 1162 rc = smb_send_rqst(server, num_rqst, rqst, flags); 1163 1164 for (i = 0; i < num_rqst; i++) 1165 cifs_save_when_sent(midQ[i]); 1166 1167 if (rc < 0) { 1168 revert_current_mid(server, num_rqst); 1169 server->sequence_number -= 2; 1170 } 1171 1172 cifs_server_unlock(server); 1173 1174 /* 1175 * If sending failed for some reason or it is an oplock break that we 1176 * will not receive a response to - return credits back 1177 */ 1178 if (rc < 0 || (flags & CIFS_NO_SRV_RSP)) { 1179 for (i = 0; i < num_rqst; i++) 1180 add_credits(server, &credits[i], optype); 1181 goto out; 1182 } 1183 1184 /* 1185 * At this point the request is passed to the network stack - we assume 1186 * that any credits taken from the server structure on the client have 1187 * been spent and we can't return them back. Once we receive responses 1188 * we will collect credits granted by the server in the mid callbacks 1189 * and add those credits to the server structure. 1190 */ 1191 1192 /* 1193 * Compounding is never used during session establish. 1194 */ 1195 spin_lock(&ses->ses_lock); 1196 if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) { 1197 spin_unlock(&ses->ses_lock); 1198 1199 cifs_server_lock(server); 1200 smb311_update_preauth_hash(ses, server, rqst[0].rq_iov, rqst[0].rq_nvec); 1201 cifs_server_unlock(server); 1202 1203 spin_lock(&ses->ses_lock); 1204 } 1205 spin_unlock(&ses->ses_lock); 1206 1207 for (i = 0; i < num_rqst; i++) { 1208 rc = wait_for_response(server, midQ[i]); 1209 if (rc != 0) 1210 break; 1211 } 1212 if (rc != 0) { 1213 for (; i < num_rqst; i++) { 1214 cifs_server_dbg(FYI, "Cancelling wait for mid %llu cmd: %d\n", 1215 midQ[i]->mid, le16_to_cpu(midQ[i]->command)); 1216 send_cancel(server, &rqst[i], midQ[i]); 1217 spin_lock(&server->mid_lock); 1218 midQ[i]->mid_flags |= MID_WAIT_CANCELLED; 1219 if (midQ[i]->mid_state == MID_REQUEST_SUBMITTED || 1220 midQ[i]->mid_state == MID_RESPONSE_RECEIVED) { 1221 midQ[i]->callback = cifs_cancelled_callback; 1222 cancelled_mid[i] = true; 1223 credits[i].value = 0; 1224 } 1225 spin_unlock(&server->mid_lock); 1226 } 1227 } 1228 1229 for (i = 0; i < num_rqst; i++) { 1230 if (rc < 0) 1231 goto out; 1232 1233 rc = cifs_sync_mid_result(midQ[i], server); 1234 if (rc != 0) { 1235 /* mark this mid as cancelled to not free it below */ 1236 cancelled_mid[i] = true; 1237 goto out; 1238 } 1239 1240 if (!midQ[i]->resp_buf || 1241 midQ[i]->mid_state != MID_RESPONSE_READY) { 1242 rc = -EIO; 1243 cifs_dbg(FYI, "Bad MID state?\n"); 1244 goto out; 1245 } 1246 1247 buf = (char *)midQ[i]->resp_buf; 1248 resp_iov[i].iov_base = buf; 1249 resp_iov[i].iov_len = midQ[i]->resp_buf_size + 1250 HEADER_PREAMBLE_SIZE(server); 1251 1252 if (midQ[i]->large_buf) 1253 resp_buf_type[i] = CIFS_LARGE_BUFFER; 1254 else 1255 resp_buf_type[i] = CIFS_SMALL_BUFFER; 1256 1257 rc = server->ops->check_receive(midQ[i], server, 1258 flags & CIFS_LOG_ERROR); 1259 1260 /* mark it so buf will not be freed by delete_mid */ 1261 if ((flags & CIFS_NO_RSP_BUF) == 0) 1262 midQ[i]->resp_buf = NULL; 1263 1264 } 1265 1266 /* 1267 * Compounding is never used during session establish. 1268 */ 1269 spin_lock(&ses->ses_lock); 1270 if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) { 1271 struct kvec iov = { 1272 .iov_base = resp_iov[0].iov_base, 1273 .iov_len = resp_iov[0].iov_len 1274 }; 1275 spin_unlock(&ses->ses_lock); 1276 cifs_server_lock(server); 1277 smb311_update_preauth_hash(ses, server, &iov, 1); 1278 cifs_server_unlock(server); 1279 spin_lock(&ses->ses_lock); 1280 } 1281 spin_unlock(&ses->ses_lock); 1282 1283 out: 1284 /* 1285 * This will dequeue all mids. After this it is important that the 1286 * demultiplex_thread will not process any of these mids any futher. 1287 * This is prevented above by using a noop callback that will not 1288 * wake this thread except for the very last PDU. 1289 */ 1290 for (i = 0; i < num_rqst; i++) { 1291 if (!cancelled_mid[i]) 1292 delete_mid(midQ[i]); 1293 } 1294 1295 return rc; 1296 } 1297 1298 int 1299 cifs_send_recv(const unsigned int xid, struct cifs_ses *ses, 1300 struct TCP_Server_Info *server, 1301 struct smb_rqst *rqst, int *resp_buf_type, const int flags, 1302 struct kvec *resp_iov) 1303 { 1304 return compound_send_recv(xid, ses, server, flags, 1, 1305 rqst, resp_buf_type, resp_iov); 1306 } 1307 1308 int 1309 SendReceive2(const unsigned int xid, struct cifs_ses *ses, 1310 struct kvec *iov, int n_vec, int *resp_buf_type /* ret */, 1311 const int flags, struct kvec *resp_iov) 1312 { 1313 struct smb_rqst rqst; 1314 struct kvec s_iov[CIFS_MAX_IOV_SIZE], *new_iov; 1315 int rc; 1316 1317 if (n_vec + 1 > CIFS_MAX_IOV_SIZE) { 1318 new_iov = kmalloc_array(n_vec + 1, sizeof(struct kvec), 1319 GFP_KERNEL); 1320 if (!new_iov) { 1321 /* otherwise cifs_send_recv below sets resp_buf_type */ 1322 *resp_buf_type = CIFS_NO_BUFFER; 1323 return -ENOMEM; 1324 } 1325 } else 1326 new_iov = s_iov; 1327 1328 /* 1st iov is a RFC1001 length followed by the rest of the packet */ 1329 memcpy(new_iov + 1, iov, (sizeof(struct kvec) * n_vec)); 1330 1331 new_iov[0].iov_base = new_iov[1].iov_base; 1332 new_iov[0].iov_len = 4; 1333 new_iov[1].iov_base += 4; 1334 new_iov[1].iov_len -= 4; 1335 1336 memset(&rqst, 0, sizeof(struct smb_rqst)); 1337 rqst.rq_iov = new_iov; 1338 rqst.rq_nvec = n_vec + 1; 1339 1340 rc = cifs_send_recv(xid, ses, ses->server, 1341 &rqst, resp_buf_type, flags, resp_iov); 1342 if (n_vec + 1 > CIFS_MAX_IOV_SIZE) 1343 kfree(new_iov); 1344 return rc; 1345 } 1346 1347 int 1348 SendReceive(const unsigned int xid, struct cifs_ses *ses, 1349 struct smb_hdr *in_buf, struct smb_hdr *out_buf, 1350 int *pbytes_returned, const int flags) 1351 { 1352 int rc = 0; 1353 struct mid_q_entry *midQ; 1354 unsigned int len = be32_to_cpu(in_buf->smb_buf_length); 1355 struct kvec iov = { .iov_base = in_buf, .iov_len = len }; 1356 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 }; 1357 struct cifs_credits credits = { .value = 1, .instance = 0 }; 1358 struct TCP_Server_Info *server; 1359 1360 if (ses == NULL) { 1361 cifs_dbg(VFS, "Null smb session\n"); 1362 return -EIO; 1363 } 1364 server = ses->server; 1365 if (server == NULL) { 1366 cifs_dbg(VFS, "Null tcp session\n"); 1367 return -EIO; 1368 } 1369 1370 spin_lock(&server->srv_lock); 1371 if (server->tcpStatus == CifsExiting) { 1372 spin_unlock(&server->srv_lock); 1373 return -ENOENT; 1374 } 1375 spin_unlock(&server->srv_lock); 1376 1377 /* Ensure that we do not send more than 50 overlapping requests 1378 to the same server. We may make this configurable later or 1379 use ses->maxReq */ 1380 1381 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { 1382 cifs_server_dbg(VFS, "Invalid length, greater than maximum frame, %d\n", 1383 len); 1384 return -EIO; 1385 } 1386 1387 rc = wait_for_free_request(server, flags, &credits.instance); 1388 if (rc) 1389 return rc; 1390 1391 /* make sure that we sign in the same order that we send on this socket 1392 and avoid races inside tcp sendmsg code that could cause corruption 1393 of smb data */ 1394 1395 cifs_server_lock(server); 1396 1397 rc = allocate_mid(ses, in_buf, &midQ); 1398 if (rc) { 1399 cifs_server_unlock(server); 1400 /* Update # of requests on wire to server */ 1401 add_credits(server, &credits, 0); 1402 return rc; 1403 } 1404 1405 rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number); 1406 if (rc) { 1407 cifs_server_unlock(server); 1408 goto out; 1409 } 1410 1411 midQ->mid_state = MID_REQUEST_SUBMITTED; 1412 1413 rc = smb_send(server, in_buf, len); 1414 cifs_save_when_sent(midQ); 1415 1416 if (rc < 0) 1417 server->sequence_number -= 2; 1418 1419 cifs_server_unlock(server); 1420 1421 if (rc < 0) 1422 goto out; 1423 1424 rc = wait_for_response(server, midQ); 1425 if (rc != 0) { 1426 send_cancel(server, &rqst, midQ); 1427 spin_lock(&server->mid_lock); 1428 if (midQ->mid_state == MID_REQUEST_SUBMITTED || 1429 midQ->mid_state == MID_RESPONSE_RECEIVED) { 1430 /* no longer considered to be "in-flight" */ 1431 midQ->callback = release_mid; 1432 spin_unlock(&server->mid_lock); 1433 add_credits(server, &credits, 0); 1434 return rc; 1435 } 1436 spin_unlock(&server->mid_lock); 1437 } 1438 1439 rc = cifs_sync_mid_result(midQ, server); 1440 if (rc != 0) { 1441 add_credits(server, &credits, 0); 1442 return rc; 1443 } 1444 1445 if (!midQ->resp_buf || !out_buf || 1446 midQ->mid_state != MID_RESPONSE_READY) { 1447 rc = -EIO; 1448 cifs_server_dbg(VFS, "Bad MID state?\n"); 1449 goto out; 1450 } 1451 1452 *pbytes_returned = get_rfc1002_length(midQ->resp_buf); 1453 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4); 1454 rc = cifs_check_receive(midQ, server, 0); 1455 out: 1456 delete_mid(midQ); 1457 add_credits(server, &credits, 0); 1458 1459 return rc; 1460 } 1461 1462 /* We send a LOCKINGX_CANCEL_LOCK to cause the Windows 1463 blocking lock to return. */ 1464 1465 static int 1466 send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon, 1467 struct smb_hdr *in_buf, 1468 struct smb_hdr *out_buf) 1469 { 1470 int bytes_returned; 1471 struct cifs_ses *ses = tcon->ses; 1472 LOCK_REQ *pSMB = (LOCK_REQ *)in_buf; 1473 1474 /* We just modify the current in_buf to change 1475 the type of lock from LOCKING_ANDX_SHARED_LOCK 1476 or LOCKING_ANDX_EXCLUSIVE_LOCK to 1477 LOCKING_ANDX_CANCEL_LOCK. */ 1478 1479 pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES; 1480 pSMB->Timeout = 0; 1481 pSMB->hdr.Mid = get_next_mid(ses->server); 1482 1483 return SendReceive(xid, ses, in_buf, out_buf, 1484 &bytes_returned, 0); 1485 } 1486 1487 int 1488 SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon, 1489 struct smb_hdr *in_buf, struct smb_hdr *out_buf, 1490 int *pbytes_returned) 1491 { 1492 int rc = 0; 1493 int rstart = 0; 1494 struct mid_q_entry *midQ; 1495 struct cifs_ses *ses; 1496 unsigned int len = be32_to_cpu(in_buf->smb_buf_length); 1497 struct kvec iov = { .iov_base = in_buf, .iov_len = len }; 1498 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 }; 1499 unsigned int instance; 1500 struct TCP_Server_Info *server; 1501 1502 if (tcon == NULL || tcon->ses == NULL) { 1503 cifs_dbg(VFS, "Null smb session\n"); 1504 return -EIO; 1505 } 1506 ses = tcon->ses; 1507 server = ses->server; 1508 1509 if (server == NULL) { 1510 cifs_dbg(VFS, "Null tcp session\n"); 1511 return -EIO; 1512 } 1513 1514 spin_lock(&server->srv_lock); 1515 if (server->tcpStatus == CifsExiting) { 1516 spin_unlock(&server->srv_lock); 1517 return -ENOENT; 1518 } 1519 spin_unlock(&server->srv_lock); 1520 1521 /* Ensure that we do not send more than 50 overlapping requests 1522 to the same server. We may make this configurable later or 1523 use ses->maxReq */ 1524 1525 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { 1526 cifs_tcon_dbg(VFS, "Invalid length, greater than maximum frame, %d\n", 1527 len); 1528 return -EIO; 1529 } 1530 1531 rc = wait_for_free_request(server, CIFS_BLOCKING_OP, &instance); 1532 if (rc) 1533 return rc; 1534 1535 /* make sure that we sign in the same order that we send on this socket 1536 and avoid races inside tcp sendmsg code that could cause corruption 1537 of smb data */ 1538 1539 cifs_server_lock(server); 1540 1541 rc = allocate_mid(ses, in_buf, &midQ); 1542 if (rc) { 1543 cifs_server_unlock(server); 1544 return rc; 1545 } 1546 1547 rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number); 1548 if (rc) { 1549 delete_mid(midQ); 1550 cifs_server_unlock(server); 1551 return rc; 1552 } 1553 1554 midQ->mid_state = MID_REQUEST_SUBMITTED; 1555 rc = smb_send(server, in_buf, len); 1556 cifs_save_when_sent(midQ); 1557 1558 if (rc < 0) 1559 server->sequence_number -= 2; 1560 1561 cifs_server_unlock(server); 1562 1563 if (rc < 0) { 1564 delete_mid(midQ); 1565 return rc; 1566 } 1567 1568 /* Wait for a reply - allow signals to interrupt. */ 1569 rc = wait_event_interruptible(server->response_q, 1570 (!(midQ->mid_state == MID_REQUEST_SUBMITTED || 1571 midQ->mid_state == MID_RESPONSE_RECEIVED)) || 1572 ((server->tcpStatus != CifsGood) && 1573 (server->tcpStatus != CifsNew))); 1574 1575 /* Were we interrupted by a signal ? */ 1576 spin_lock(&server->srv_lock); 1577 if ((rc == -ERESTARTSYS) && 1578 (midQ->mid_state == MID_REQUEST_SUBMITTED || 1579 midQ->mid_state == MID_RESPONSE_RECEIVED) && 1580 ((server->tcpStatus == CifsGood) || 1581 (server->tcpStatus == CifsNew))) { 1582 spin_unlock(&server->srv_lock); 1583 1584 if (in_buf->Command == SMB_COM_TRANSACTION2) { 1585 /* POSIX lock. We send a NT_CANCEL SMB to cause the 1586 blocking lock to return. */ 1587 rc = send_cancel(server, &rqst, midQ); 1588 if (rc) { 1589 delete_mid(midQ); 1590 return rc; 1591 } 1592 } else { 1593 /* Windows lock. We send a LOCKINGX_CANCEL_LOCK 1594 to cause the blocking lock to return. */ 1595 1596 rc = send_lock_cancel(xid, tcon, in_buf, out_buf); 1597 1598 /* If we get -ENOLCK back the lock may have 1599 already been removed. Don't exit in this case. */ 1600 if (rc && rc != -ENOLCK) { 1601 delete_mid(midQ); 1602 return rc; 1603 } 1604 } 1605 1606 rc = wait_for_response(server, midQ); 1607 if (rc) { 1608 send_cancel(server, &rqst, midQ); 1609 spin_lock(&server->mid_lock); 1610 if (midQ->mid_state == MID_REQUEST_SUBMITTED || 1611 midQ->mid_state == MID_RESPONSE_RECEIVED) { 1612 /* no longer considered to be "in-flight" */ 1613 midQ->callback = release_mid; 1614 spin_unlock(&server->mid_lock); 1615 return rc; 1616 } 1617 spin_unlock(&server->mid_lock); 1618 } 1619 1620 /* We got the response - restart system call. */ 1621 rstart = 1; 1622 spin_lock(&server->srv_lock); 1623 } 1624 spin_unlock(&server->srv_lock); 1625 1626 rc = cifs_sync_mid_result(midQ, server); 1627 if (rc != 0) 1628 return rc; 1629 1630 /* rcvd frame is ok */ 1631 if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_READY) { 1632 rc = -EIO; 1633 cifs_tcon_dbg(VFS, "Bad MID state?\n"); 1634 goto out; 1635 } 1636 1637 *pbytes_returned = get_rfc1002_length(midQ->resp_buf); 1638 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4); 1639 rc = cifs_check_receive(midQ, server, 0); 1640 out: 1641 delete_mid(midQ); 1642 if (rstart && rc == -EACCES) 1643 return -ERESTARTSYS; 1644 return rc; 1645 } 1646 1647 /* 1648 * Discard any remaining data in the current SMB. To do this, we borrow the 1649 * current bigbuf. 1650 */ 1651 int 1652 cifs_discard_remaining_data(struct TCP_Server_Info *server) 1653 { 1654 unsigned int rfclen = server->pdu_size; 1655 size_t remaining = rfclen + HEADER_PREAMBLE_SIZE(server) - 1656 server->total_read; 1657 1658 while (remaining > 0) { 1659 ssize_t length; 1660 1661 length = cifs_discard_from_socket(server, 1662 min_t(size_t, remaining, 1663 CIFSMaxBufSize + MAX_HEADER_SIZE(server))); 1664 if (length < 0) 1665 return length; 1666 server->total_read += length; 1667 remaining -= length; 1668 } 1669 1670 return 0; 1671 } 1672 1673 static int 1674 __cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid, 1675 bool malformed) 1676 { 1677 int length; 1678 1679 length = cifs_discard_remaining_data(server); 1680 dequeue_mid(mid, malformed); 1681 mid->resp_buf = server->smallbuf; 1682 server->smallbuf = NULL; 1683 return length; 1684 } 1685 1686 static int 1687 cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid) 1688 { 1689 struct cifs_readdata *rdata = mid->callback_data; 1690 1691 return __cifs_readv_discard(server, mid, rdata->result); 1692 } 1693 1694 int 1695 cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid) 1696 { 1697 int length, len; 1698 unsigned int data_offset, data_len; 1699 struct cifs_readdata *rdata = mid->callback_data; 1700 char *buf = server->smallbuf; 1701 unsigned int buflen = server->pdu_size + HEADER_PREAMBLE_SIZE(server); 1702 bool use_rdma_mr = false; 1703 1704 cifs_dbg(FYI, "%s: mid=%llu offset=%llu bytes=%u\n", 1705 __func__, mid->mid, rdata->offset, rdata->bytes); 1706 1707 /* 1708 * read the rest of READ_RSP header (sans Data array), or whatever we 1709 * can if there's not enough data. At this point, we've read down to 1710 * the Mid. 1711 */ 1712 len = min_t(unsigned int, buflen, server->vals->read_rsp_size) - 1713 HEADER_SIZE(server) + 1; 1714 1715 length = cifs_read_from_socket(server, 1716 buf + HEADER_SIZE(server) - 1, len); 1717 if (length < 0) 1718 return length; 1719 server->total_read += length; 1720 1721 if (server->ops->is_session_expired && 1722 server->ops->is_session_expired(buf)) { 1723 cifs_reconnect(server, true); 1724 return -1; 1725 } 1726 1727 if (server->ops->is_status_pending && 1728 server->ops->is_status_pending(buf, server)) { 1729 cifs_discard_remaining_data(server); 1730 return -1; 1731 } 1732 1733 /* set up first two iov for signature check and to get credits */ 1734 rdata->iov[0].iov_base = buf; 1735 rdata->iov[0].iov_len = HEADER_PREAMBLE_SIZE(server); 1736 rdata->iov[1].iov_base = buf + HEADER_PREAMBLE_SIZE(server); 1737 rdata->iov[1].iov_len = 1738 server->total_read - HEADER_PREAMBLE_SIZE(server); 1739 cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu\n", 1740 rdata->iov[0].iov_base, rdata->iov[0].iov_len); 1741 cifs_dbg(FYI, "1: iov_base=%p iov_len=%zu\n", 1742 rdata->iov[1].iov_base, rdata->iov[1].iov_len); 1743 1744 /* Was the SMB read successful? */ 1745 rdata->result = server->ops->map_error(buf, false); 1746 if (rdata->result != 0) { 1747 cifs_dbg(FYI, "%s: server returned error %d\n", 1748 __func__, rdata->result); 1749 /* normal error on read response */ 1750 return __cifs_readv_discard(server, mid, false); 1751 } 1752 1753 /* Is there enough to get to the rest of the READ_RSP header? */ 1754 if (server->total_read < server->vals->read_rsp_size) { 1755 cifs_dbg(FYI, "%s: server returned short header. got=%u expected=%zu\n", 1756 __func__, server->total_read, 1757 server->vals->read_rsp_size); 1758 rdata->result = -EIO; 1759 return cifs_readv_discard(server, mid); 1760 } 1761 1762 data_offset = server->ops->read_data_offset(buf) + 1763 HEADER_PREAMBLE_SIZE(server); 1764 if (data_offset < server->total_read) { 1765 /* 1766 * win2k8 sometimes sends an offset of 0 when the read 1767 * is beyond the EOF. Treat it as if the data starts just after 1768 * the header. 1769 */ 1770 cifs_dbg(FYI, "%s: data offset (%u) inside read response header\n", 1771 __func__, data_offset); 1772 data_offset = server->total_read; 1773 } else if (data_offset > MAX_CIFS_SMALL_BUFFER_SIZE) { 1774 /* data_offset is beyond the end of smallbuf */ 1775 cifs_dbg(FYI, "%s: data offset (%u) beyond end of smallbuf\n", 1776 __func__, data_offset); 1777 rdata->result = -EIO; 1778 return cifs_readv_discard(server, mid); 1779 } 1780 1781 cifs_dbg(FYI, "%s: total_read=%u data_offset=%u\n", 1782 __func__, server->total_read, data_offset); 1783 1784 len = data_offset - server->total_read; 1785 if (len > 0) { 1786 /* read any junk before data into the rest of smallbuf */ 1787 length = cifs_read_from_socket(server, 1788 buf + server->total_read, len); 1789 if (length < 0) 1790 return length; 1791 server->total_read += length; 1792 } 1793 1794 /* how much data is in the response? */ 1795 #ifdef CONFIG_CIFS_SMB_DIRECT 1796 use_rdma_mr = rdata->mr; 1797 #endif 1798 data_len = server->ops->read_data_length(buf, use_rdma_mr); 1799 if (!use_rdma_mr && (data_offset + data_len > buflen)) { 1800 /* data_len is corrupt -- discard frame */ 1801 rdata->result = -EIO; 1802 return cifs_readv_discard(server, mid); 1803 } 1804 1805 #ifdef CONFIG_CIFS_SMB_DIRECT 1806 if (rdata->mr) 1807 length = data_len; /* An RDMA read is already done. */ 1808 else 1809 #endif 1810 length = cifs_read_iter_from_socket(server, &rdata->iter, 1811 data_len); 1812 if (length > 0) 1813 rdata->got_bytes += length; 1814 server->total_read += length; 1815 1816 cifs_dbg(FYI, "total_read=%u buflen=%u remaining=%u\n", 1817 server->total_read, buflen, data_len); 1818 1819 /* discard anything left over */ 1820 if (server->total_read < buflen) 1821 return cifs_readv_discard(server, mid); 1822 1823 dequeue_mid(mid, false); 1824 mid->resp_buf = server->smallbuf; 1825 server->smallbuf = NULL; 1826 return length; 1827 } 1828