1 // SPDX-License-Identifier: LGPL-2.1 2 /* 3 * 4 * Copyright (C) International Business Machines Corp., 2002,2008 5 * Author(s): Steve French (sfrench@us.ibm.com) 6 * Jeremy Allison (jra@samba.org) 2006. 7 * 8 */ 9 10 #include <linux/fs.h> 11 #include <linux/list.h> 12 #include <linux/gfp.h> 13 #include <linux/wait.h> 14 #include <linux/net.h> 15 #include <linux/delay.h> 16 #include <linux/freezer.h> 17 #include <linux/tcp.h> 18 #include <linux/bvec.h> 19 #include <linux/highmem.h> 20 #include <linux/uaccess.h> 21 #include <asm/processor.h> 22 #include <linux/mempool.h> 23 #include <linux/sched/signal.h> 24 #include <linux/task_io_accounting_ops.h> 25 #include "cifspdu.h" 26 #include "cifsglob.h" 27 #include "cifsproto.h" 28 #include "cifs_debug.h" 29 #include "smb2proto.h" 30 #include "smbdirect.h" 31 32 /* Max number of iovectors we can use off the stack when sending requests. */ 33 #define CIFS_MAX_IOV_SIZE 8 34 35 void 36 cifs_wake_up_task(struct mid_q_entry *mid) 37 { 38 wake_up_process(mid->callback_data); 39 } 40 41 static struct mid_q_entry * 42 alloc_mid(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server) 43 { 44 struct mid_q_entry *temp; 45 46 if (server == NULL) { 47 cifs_dbg(VFS, "%s: null TCP session\n", __func__); 48 return NULL; 49 } 50 51 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS); 52 memset(temp, 0, sizeof(struct mid_q_entry)); 53 kref_init(&temp->refcount); 54 temp->mid = get_mid(smb_buffer); 55 temp->pid = current->pid; 56 temp->command = cpu_to_le16(smb_buffer->Command); 57 cifs_dbg(FYI, "For smb_command %d\n", smb_buffer->Command); 58 /* easier to use jiffies */ 59 /* when mid allocated can be before when sent */ 60 temp->when_alloc = jiffies; 61 temp->server = server; 62 63 /* 64 * The default is for the mid to be synchronous, so the 65 * default callback just wakes up the current task. 66 */ 67 get_task_struct(current); 68 temp->creator = current; 69 temp->callback = cifs_wake_up_task; 70 temp->callback_data = current; 71 72 atomic_inc(&mid_count); 73 temp->mid_state = MID_REQUEST_ALLOCATED; 74 return temp; 75 } 76 77 static void __release_mid(struct kref *refcount) 78 { 79 struct mid_q_entry *midEntry = 80 container_of(refcount, struct mid_q_entry, refcount); 81 #ifdef CONFIG_CIFS_STATS2 82 __le16 command = midEntry->server->vals->lock_cmd; 83 __u16 smb_cmd = le16_to_cpu(midEntry->command); 84 unsigned long now; 85 unsigned long roundtrip_time; 86 #endif 87 struct TCP_Server_Info *server = midEntry->server; 88 89 if (midEntry->resp_buf && (midEntry->mid_flags & MID_WAIT_CANCELLED) && 90 midEntry->mid_state == MID_RESPONSE_RECEIVED && 91 server->ops->handle_cancelled_mid) 92 server->ops->handle_cancelled_mid(midEntry, server); 93 94 midEntry->mid_state = MID_FREE; 95 atomic_dec(&mid_count); 96 if (midEntry->large_buf) 97 cifs_buf_release(midEntry->resp_buf); 98 else 99 cifs_small_buf_release(midEntry->resp_buf); 100 #ifdef CONFIG_CIFS_STATS2 101 now = jiffies; 102 if (now < midEntry->when_alloc) 103 cifs_server_dbg(VFS, "Invalid mid allocation time\n"); 104 roundtrip_time = now - midEntry->when_alloc; 105 106 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) { 107 if (atomic_read(&server->num_cmds[smb_cmd]) == 0) { 108 server->slowest_cmd[smb_cmd] = roundtrip_time; 109 server->fastest_cmd[smb_cmd] = roundtrip_time; 110 } else { 111 if (server->slowest_cmd[smb_cmd] < roundtrip_time) 112 server->slowest_cmd[smb_cmd] = roundtrip_time; 113 else if (server->fastest_cmd[smb_cmd] > roundtrip_time) 114 server->fastest_cmd[smb_cmd] = roundtrip_time; 115 } 116 cifs_stats_inc(&server->num_cmds[smb_cmd]); 117 server->time_per_cmd[smb_cmd] += roundtrip_time; 118 } 119 /* 120 * commands taking longer than one second (default) can be indications 121 * that something is wrong, unless it is quite a slow link or a very 122 * busy server. Note that this calc is unlikely or impossible to wrap 123 * as long as slow_rsp_threshold is not set way above recommended max 124 * value (32767 ie 9 hours) and is generally harmless even if wrong 125 * since only affects debug counters - so leaving the calc as simple 126 * comparison rather than doing multiple conversions and overflow 127 * checks 128 */ 129 if ((slow_rsp_threshold != 0) && 130 time_after(now, midEntry->when_alloc + (slow_rsp_threshold * HZ)) && 131 (midEntry->command != command)) { 132 /* 133 * smb2slowcmd[NUMBER_OF_SMB2_COMMANDS] counts by command 134 * NB: le16_to_cpu returns unsigned so can not be negative below 135 */ 136 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) 137 cifs_stats_inc(&server->smb2slowcmd[smb_cmd]); 138 139 trace_smb3_slow_rsp(smb_cmd, midEntry->mid, midEntry->pid, 140 midEntry->when_sent, midEntry->when_received); 141 if (cifsFYI & CIFS_TIMER) { 142 pr_debug("slow rsp: cmd %d mid %llu", 143 midEntry->command, midEntry->mid); 144 cifs_info("A: 0x%lx S: 0x%lx R: 0x%lx\n", 145 now - midEntry->when_alloc, 146 now - midEntry->when_sent, 147 now - midEntry->when_received); 148 } 149 } 150 #endif 151 put_task_struct(midEntry->creator); 152 153 mempool_free(midEntry, cifs_mid_poolp); 154 } 155 156 void release_mid(struct mid_q_entry *mid) 157 { 158 struct TCP_Server_Info *server = mid->server; 159 160 spin_lock(&server->mid_lock); 161 kref_put(&mid->refcount, __release_mid); 162 spin_unlock(&server->mid_lock); 163 } 164 165 void 166 delete_mid(struct mid_q_entry *mid) 167 { 168 spin_lock(&mid->server->mid_lock); 169 if (!(mid->mid_flags & MID_DELETED)) { 170 list_del_init(&mid->qhead); 171 mid->mid_flags |= MID_DELETED; 172 } 173 spin_unlock(&mid->server->mid_lock); 174 175 release_mid(mid); 176 } 177 178 /* 179 * smb_send_kvec - send an array of kvecs to the server 180 * @server: Server to send the data to 181 * @smb_msg: Message to send 182 * @sent: amount of data sent on socket is stored here 183 * 184 * Our basic "send data to server" function. Should be called with srv_mutex 185 * held. The caller is responsible for handling the results. 186 */ 187 static int 188 smb_send_kvec(struct TCP_Server_Info *server, struct msghdr *smb_msg, 189 size_t *sent) 190 { 191 int rc = 0; 192 int retries = 0; 193 struct socket *ssocket = server->ssocket; 194 195 *sent = 0; 196 197 if (server->noblocksnd) 198 smb_msg->msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL; 199 else 200 smb_msg->msg_flags = MSG_NOSIGNAL; 201 202 while (msg_data_left(smb_msg)) { 203 /* 204 * If blocking send, we try 3 times, since each can block 205 * for 5 seconds. For nonblocking we have to try more 206 * but wait increasing amounts of time allowing time for 207 * socket to clear. The overall time we wait in either 208 * case to send on the socket is about 15 seconds. 209 * Similarly we wait for 15 seconds for a response from 210 * the server in SendReceive[2] for the server to send 211 * a response back for most types of requests (except 212 * SMB Write past end of file which can be slow, and 213 * blocking lock operations). NFS waits slightly longer 214 * than CIFS, but this can make it take longer for 215 * nonresponsive servers to be detected and 15 seconds 216 * is more than enough time for modern networks to 217 * send a packet. In most cases if we fail to send 218 * after the retries we will kill the socket and 219 * reconnect which may clear the network problem. 220 */ 221 rc = sock_sendmsg(ssocket, smb_msg); 222 if (rc == -EAGAIN) { 223 retries++; 224 if (retries >= 14 || 225 (!server->noblocksnd && (retries > 2))) { 226 cifs_server_dbg(VFS, "sends on sock %p stuck for 15 seconds\n", 227 ssocket); 228 return -EAGAIN; 229 } 230 msleep(1 << retries); 231 continue; 232 } 233 234 if (rc < 0) 235 return rc; 236 237 if (rc == 0) { 238 /* should never happen, letting socket clear before 239 retrying is our only obvious option here */ 240 cifs_server_dbg(VFS, "tcp sent no data\n"); 241 msleep(500); 242 continue; 243 } 244 245 /* send was at least partially successful */ 246 *sent += rc; 247 retries = 0; /* in case we get ENOSPC on the next send */ 248 } 249 return 0; 250 } 251 252 unsigned long 253 smb_rqst_len(struct TCP_Server_Info *server, struct smb_rqst *rqst) 254 { 255 unsigned int i; 256 struct kvec *iov; 257 int nvec; 258 unsigned long buflen = 0; 259 260 if (!is_smb1(server) && rqst->rq_nvec >= 2 && 261 rqst->rq_iov[0].iov_len == 4) { 262 iov = &rqst->rq_iov[1]; 263 nvec = rqst->rq_nvec - 1; 264 } else { 265 iov = rqst->rq_iov; 266 nvec = rqst->rq_nvec; 267 } 268 269 /* total up iov array first */ 270 for (i = 0; i < nvec; i++) 271 buflen += iov[i].iov_len; 272 273 buflen += iov_iter_count(&rqst->rq_iter); 274 return buflen; 275 } 276 277 static int 278 __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst, 279 struct smb_rqst *rqst) 280 { 281 int rc; 282 struct kvec *iov; 283 int n_vec; 284 unsigned int send_length = 0; 285 unsigned int i, j; 286 sigset_t mask, oldmask; 287 size_t total_len = 0, sent, size; 288 struct socket *ssocket = server->ssocket; 289 struct msghdr smb_msg = {}; 290 __be32 rfc1002_marker; 291 292 cifs_in_send_inc(server); 293 if (cifs_rdma_enabled(server)) { 294 /* return -EAGAIN when connecting or reconnecting */ 295 rc = -EAGAIN; 296 if (server->smbd_conn) 297 rc = smbd_send(server, num_rqst, rqst); 298 goto smbd_done; 299 } 300 301 rc = -EAGAIN; 302 if (ssocket == NULL) 303 goto out; 304 305 rc = -ERESTARTSYS; 306 if (fatal_signal_pending(current)) { 307 cifs_dbg(FYI, "signal pending before send request\n"); 308 goto out; 309 } 310 311 rc = 0; 312 /* cork the socket */ 313 tcp_sock_set_cork(ssocket->sk, true); 314 315 for (j = 0; j < num_rqst; j++) 316 send_length += smb_rqst_len(server, &rqst[j]); 317 rfc1002_marker = cpu_to_be32(send_length); 318 319 /* 320 * We should not allow signals to interrupt the network send because 321 * any partial send will cause session reconnects thus increasing 322 * latency of system calls and overload a server with unnecessary 323 * requests. 324 */ 325 326 sigfillset(&mask); 327 sigprocmask(SIG_BLOCK, &mask, &oldmask); 328 329 /* Generate a rfc1002 marker for SMB2+ */ 330 if (!is_smb1(server)) { 331 struct kvec hiov = { 332 .iov_base = &rfc1002_marker, 333 .iov_len = 4 334 }; 335 iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, &hiov, 1, 4); 336 rc = smb_send_kvec(server, &smb_msg, &sent); 337 if (rc < 0) 338 goto unmask; 339 340 total_len += sent; 341 send_length += 4; 342 } 343 344 cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length); 345 346 for (j = 0; j < num_rqst; j++) { 347 iov = rqst[j].rq_iov; 348 n_vec = rqst[j].rq_nvec; 349 350 size = 0; 351 for (i = 0; i < n_vec; i++) { 352 dump_smb(iov[i].iov_base, iov[i].iov_len); 353 size += iov[i].iov_len; 354 } 355 356 iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, iov, n_vec, size); 357 358 rc = smb_send_kvec(server, &smb_msg, &sent); 359 if (rc < 0) 360 goto unmask; 361 362 total_len += sent; 363 364 if (iov_iter_count(&rqst[j].rq_iter) > 0) { 365 smb_msg.msg_iter = rqst[j].rq_iter; 366 rc = smb_send_kvec(server, &smb_msg, &sent); 367 if (rc < 0) 368 break; 369 total_len += sent; 370 } 371 372 } 373 374 unmask: 375 sigprocmask(SIG_SETMASK, &oldmask, NULL); 376 377 /* 378 * If signal is pending but we have already sent the whole packet to 379 * the server we need to return success status to allow a corresponding 380 * mid entry to be kept in the pending requests queue thus allowing 381 * to handle responses from the server by the client. 382 * 383 * If only part of the packet has been sent there is no need to hide 384 * interrupt because the session will be reconnected anyway, so there 385 * won't be any response from the server to handle. 386 */ 387 388 if (signal_pending(current) && (total_len != send_length)) { 389 cifs_dbg(FYI, "signal is pending after attempt to send\n"); 390 rc = -ERESTARTSYS; 391 } 392 393 /* uncork it */ 394 tcp_sock_set_cork(ssocket->sk, false); 395 396 if ((total_len > 0) && (total_len != send_length)) { 397 cifs_dbg(FYI, "partial send (wanted=%u sent=%zu): terminating session\n", 398 send_length, total_len); 399 /* 400 * If we have only sent part of an SMB then the next SMB could 401 * be taken as the remainder of this one. We need to kill the 402 * socket so the server throws away the partial SMB 403 */ 404 cifs_signal_cifsd_for_reconnect(server, false); 405 trace_smb3_partial_send_reconnect(server->CurrentMid, 406 server->conn_id, server->hostname); 407 } 408 smbd_done: 409 if (rc < 0 && rc != -EINTR) 410 cifs_server_dbg(VFS, "Error %d sending data on socket to server\n", 411 rc); 412 else if (rc > 0) 413 rc = 0; 414 out: 415 cifs_in_send_dec(server); 416 return rc; 417 } 418 419 static int 420 smb_send_rqst(struct TCP_Server_Info *server, int num_rqst, 421 struct smb_rqst *rqst, int flags) 422 { 423 struct kvec iov; 424 struct smb2_transform_hdr *tr_hdr; 425 struct smb_rqst cur_rqst[MAX_COMPOUND]; 426 int rc; 427 428 if (!(flags & CIFS_TRANSFORM_REQ)) 429 return __smb_send_rqst(server, num_rqst, rqst); 430 431 if (num_rqst > MAX_COMPOUND - 1) 432 return -ENOMEM; 433 434 if (!server->ops->init_transform_rq) { 435 cifs_server_dbg(VFS, "Encryption requested but transform callback is missing\n"); 436 return -EIO; 437 } 438 439 tr_hdr = kzalloc(sizeof(*tr_hdr), GFP_NOFS); 440 if (!tr_hdr) 441 return -ENOMEM; 442 443 memset(&cur_rqst[0], 0, sizeof(cur_rqst)); 444 memset(&iov, 0, sizeof(iov)); 445 446 iov.iov_base = tr_hdr; 447 iov.iov_len = sizeof(*tr_hdr); 448 cur_rqst[0].rq_iov = &iov; 449 cur_rqst[0].rq_nvec = 1; 450 451 rc = server->ops->init_transform_rq(server, num_rqst + 1, 452 &cur_rqst[0], rqst); 453 if (rc) 454 goto out; 455 456 rc = __smb_send_rqst(server, num_rqst + 1, &cur_rqst[0]); 457 smb3_free_compound_rqst(num_rqst, &cur_rqst[1]); 458 out: 459 kfree(tr_hdr); 460 return rc; 461 } 462 463 int 464 smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer, 465 unsigned int smb_buf_length) 466 { 467 struct kvec iov[2]; 468 struct smb_rqst rqst = { .rq_iov = iov, 469 .rq_nvec = 2 }; 470 471 iov[0].iov_base = smb_buffer; 472 iov[0].iov_len = 4; 473 iov[1].iov_base = (char *)smb_buffer + 4; 474 iov[1].iov_len = smb_buf_length; 475 476 return __smb_send_rqst(server, 1, &rqst); 477 } 478 479 static int 480 wait_for_free_credits(struct TCP_Server_Info *server, const int num_credits, 481 const int timeout, const int flags, 482 unsigned int *instance) 483 { 484 long rc; 485 int *credits; 486 int optype; 487 long int t; 488 int scredits, in_flight; 489 490 if (timeout < 0) 491 t = MAX_JIFFY_OFFSET; 492 else 493 t = msecs_to_jiffies(timeout); 494 495 optype = flags & CIFS_OP_MASK; 496 497 *instance = 0; 498 499 credits = server->ops->get_credits_field(server, optype); 500 /* Since an echo is already inflight, no need to wait to send another */ 501 if (*credits <= 0 && optype == CIFS_ECHO_OP) 502 return -EAGAIN; 503 504 spin_lock(&server->req_lock); 505 if ((flags & CIFS_TIMEOUT_MASK) == CIFS_NON_BLOCKING) { 506 /* oplock breaks must not be held up */ 507 server->in_flight++; 508 if (server->in_flight > server->max_in_flight) 509 server->max_in_flight = server->in_flight; 510 *credits -= 1; 511 *instance = server->reconnect_instance; 512 scredits = *credits; 513 in_flight = server->in_flight; 514 spin_unlock(&server->req_lock); 515 516 trace_smb3_nblk_credits(server->CurrentMid, 517 server->conn_id, server->hostname, scredits, -1, in_flight); 518 cifs_dbg(FYI, "%s: remove %u credits total=%d\n", 519 __func__, 1, scredits); 520 521 return 0; 522 } 523 524 while (1) { 525 if (*credits < num_credits) { 526 scredits = *credits; 527 spin_unlock(&server->req_lock); 528 529 cifs_num_waiters_inc(server); 530 rc = wait_event_killable_timeout(server->request_q, 531 has_credits(server, credits, num_credits), t); 532 cifs_num_waiters_dec(server); 533 if (!rc) { 534 spin_lock(&server->req_lock); 535 scredits = *credits; 536 in_flight = server->in_flight; 537 spin_unlock(&server->req_lock); 538 539 trace_smb3_credit_timeout(server->CurrentMid, 540 server->conn_id, server->hostname, scredits, 541 num_credits, in_flight); 542 cifs_server_dbg(VFS, "wait timed out after %d ms\n", 543 timeout); 544 return -EBUSY; 545 } 546 if (rc == -ERESTARTSYS) 547 return -ERESTARTSYS; 548 spin_lock(&server->req_lock); 549 } else { 550 spin_unlock(&server->req_lock); 551 552 spin_lock(&server->srv_lock); 553 if (server->tcpStatus == CifsExiting) { 554 spin_unlock(&server->srv_lock); 555 return -ENOENT; 556 } 557 spin_unlock(&server->srv_lock); 558 559 /* 560 * For normal commands, reserve the last MAX_COMPOUND 561 * credits to compound requests. 562 * Otherwise these compounds could be permanently 563 * starved for credits by single-credit requests. 564 * 565 * To prevent spinning CPU, block this thread until 566 * there are >MAX_COMPOUND credits available. 567 * But only do this is we already have a lot of 568 * credits in flight to avoid triggering this check 569 * for servers that are slow to hand out credits on 570 * new sessions. 571 */ 572 spin_lock(&server->req_lock); 573 if (!optype && num_credits == 1 && 574 server->in_flight > 2 * MAX_COMPOUND && 575 *credits <= MAX_COMPOUND) { 576 spin_unlock(&server->req_lock); 577 578 cifs_num_waiters_inc(server); 579 rc = wait_event_killable_timeout( 580 server->request_q, 581 has_credits(server, credits, 582 MAX_COMPOUND + 1), 583 t); 584 cifs_num_waiters_dec(server); 585 if (!rc) { 586 spin_lock(&server->req_lock); 587 scredits = *credits; 588 in_flight = server->in_flight; 589 spin_unlock(&server->req_lock); 590 591 trace_smb3_credit_timeout( 592 server->CurrentMid, 593 server->conn_id, server->hostname, 594 scredits, num_credits, in_flight); 595 cifs_server_dbg(VFS, "wait timed out after %d ms\n", 596 timeout); 597 return -EBUSY; 598 } 599 if (rc == -ERESTARTSYS) 600 return -ERESTARTSYS; 601 spin_lock(&server->req_lock); 602 continue; 603 } 604 605 /* 606 * Can not count locking commands against total 607 * as they are allowed to block on server. 608 */ 609 610 /* update # of requests on the wire to server */ 611 if ((flags & CIFS_TIMEOUT_MASK) != CIFS_BLOCKING_OP) { 612 *credits -= num_credits; 613 server->in_flight += num_credits; 614 if (server->in_flight > server->max_in_flight) 615 server->max_in_flight = server->in_flight; 616 *instance = server->reconnect_instance; 617 } 618 scredits = *credits; 619 in_flight = server->in_flight; 620 spin_unlock(&server->req_lock); 621 622 trace_smb3_waitff_credits(server->CurrentMid, 623 server->conn_id, server->hostname, scredits, 624 -(num_credits), in_flight); 625 cifs_dbg(FYI, "%s: remove %u credits total=%d\n", 626 __func__, num_credits, scredits); 627 break; 628 } 629 } 630 return 0; 631 } 632 633 static int 634 wait_for_free_request(struct TCP_Server_Info *server, const int flags, 635 unsigned int *instance) 636 { 637 return wait_for_free_credits(server, 1, -1, flags, 638 instance); 639 } 640 641 static int 642 wait_for_compound_request(struct TCP_Server_Info *server, int num, 643 const int flags, unsigned int *instance) 644 { 645 int *credits; 646 int scredits, in_flight; 647 648 credits = server->ops->get_credits_field(server, flags & CIFS_OP_MASK); 649 650 spin_lock(&server->req_lock); 651 scredits = *credits; 652 in_flight = server->in_flight; 653 654 if (*credits < num) { 655 /* 656 * If the server is tight on resources or just gives us less 657 * credits for other reasons (e.g. requests are coming out of 658 * order and the server delays granting more credits until it 659 * processes a missing mid) and we exhausted most available 660 * credits there may be situations when we try to send 661 * a compound request but we don't have enough credits. At this 662 * point the client needs to decide if it should wait for 663 * additional credits or fail the request. If at least one 664 * request is in flight there is a high probability that the 665 * server will return enough credits to satisfy this compound 666 * request. 667 * 668 * Return immediately if no requests in flight since we will be 669 * stuck on waiting for credits. 670 */ 671 if (server->in_flight == 0) { 672 spin_unlock(&server->req_lock); 673 trace_smb3_insufficient_credits(server->CurrentMid, 674 server->conn_id, server->hostname, scredits, 675 num, in_flight); 676 cifs_dbg(FYI, "%s: %d requests in flight, needed %d total=%d\n", 677 __func__, in_flight, num, scredits); 678 return -EDEADLK; 679 } 680 } 681 spin_unlock(&server->req_lock); 682 683 return wait_for_free_credits(server, num, 60000, flags, 684 instance); 685 } 686 687 int 688 cifs_wait_mtu_credits(struct TCP_Server_Info *server, unsigned int size, 689 unsigned int *num, struct cifs_credits *credits) 690 { 691 *num = size; 692 credits->value = 0; 693 credits->instance = server->reconnect_instance; 694 return 0; 695 } 696 697 static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf, 698 struct mid_q_entry **ppmidQ) 699 { 700 spin_lock(&ses->ses_lock); 701 if (ses->ses_status == SES_NEW) { 702 if ((in_buf->Command != SMB_COM_SESSION_SETUP_ANDX) && 703 (in_buf->Command != SMB_COM_NEGOTIATE)) { 704 spin_unlock(&ses->ses_lock); 705 return -EAGAIN; 706 } 707 /* else ok - we are setting up session */ 708 } 709 710 if (ses->ses_status == SES_EXITING) { 711 /* check if SMB session is bad because we are setting it up */ 712 if (in_buf->Command != SMB_COM_LOGOFF_ANDX) { 713 spin_unlock(&ses->ses_lock); 714 return -EAGAIN; 715 } 716 /* else ok - we are shutting down session */ 717 } 718 spin_unlock(&ses->ses_lock); 719 720 *ppmidQ = alloc_mid(in_buf, ses->server); 721 if (*ppmidQ == NULL) 722 return -ENOMEM; 723 spin_lock(&ses->server->mid_lock); 724 list_add_tail(&(*ppmidQ)->qhead, &ses->server->pending_mid_q); 725 spin_unlock(&ses->server->mid_lock); 726 return 0; 727 } 728 729 static int 730 wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ) 731 { 732 int error; 733 734 error = wait_event_state(server->response_q, 735 midQ->mid_state != MID_REQUEST_SUBMITTED, 736 (TASK_KILLABLE|TASK_FREEZABLE_UNSAFE)); 737 if (error < 0) 738 return -ERESTARTSYS; 739 740 return 0; 741 } 742 743 struct mid_q_entry * 744 cifs_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst) 745 { 746 int rc; 747 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 748 struct mid_q_entry *mid; 749 750 if (rqst->rq_iov[0].iov_len != 4 || 751 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base) 752 return ERR_PTR(-EIO); 753 754 /* enable signing if server requires it */ 755 if (server->sign) 756 hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE; 757 758 mid = alloc_mid(hdr, server); 759 if (mid == NULL) 760 return ERR_PTR(-ENOMEM); 761 762 rc = cifs_sign_rqst(rqst, server, &mid->sequence_number); 763 if (rc) { 764 release_mid(mid); 765 return ERR_PTR(rc); 766 } 767 768 return mid; 769 } 770 771 /* 772 * Send a SMB request and set the callback function in the mid to handle 773 * the result. Caller is responsible for dealing with timeouts. 774 */ 775 int 776 cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst, 777 mid_receive_t *receive, mid_callback_t *callback, 778 mid_handle_t *handle, void *cbdata, const int flags, 779 const struct cifs_credits *exist_credits) 780 { 781 int rc; 782 struct mid_q_entry *mid; 783 struct cifs_credits credits = { .value = 0, .instance = 0 }; 784 unsigned int instance; 785 int optype; 786 787 optype = flags & CIFS_OP_MASK; 788 789 if ((flags & CIFS_HAS_CREDITS) == 0) { 790 rc = wait_for_free_request(server, flags, &instance); 791 if (rc) 792 return rc; 793 credits.value = 1; 794 credits.instance = instance; 795 } else 796 instance = exist_credits->instance; 797 798 cifs_server_lock(server); 799 800 /* 801 * We can't use credits obtained from the previous session to send this 802 * request. Check if there were reconnects after we obtained credits and 803 * return -EAGAIN in such cases to let callers handle it. 804 */ 805 if (instance != server->reconnect_instance) { 806 cifs_server_unlock(server); 807 add_credits_and_wake_if(server, &credits, optype); 808 return -EAGAIN; 809 } 810 811 mid = server->ops->setup_async_request(server, rqst); 812 if (IS_ERR(mid)) { 813 cifs_server_unlock(server); 814 add_credits_and_wake_if(server, &credits, optype); 815 return PTR_ERR(mid); 816 } 817 818 mid->receive = receive; 819 mid->callback = callback; 820 mid->callback_data = cbdata; 821 mid->handle = handle; 822 mid->mid_state = MID_REQUEST_SUBMITTED; 823 824 /* put it on the pending_mid_q */ 825 spin_lock(&server->mid_lock); 826 list_add_tail(&mid->qhead, &server->pending_mid_q); 827 spin_unlock(&server->mid_lock); 828 829 /* 830 * Need to store the time in mid before calling I/O. For call_async, 831 * I/O response may come back and free the mid entry on another thread. 832 */ 833 cifs_save_when_sent(mid); 834 rc = smb_send_rqst(server, 1, rqst, flags); 835 836 if (rc < 0) { 837 revert_current_mid(server, mid->credits); 838 server->sequence_number -= 2; 839 delete_mid(mid); 840 } 841 842 cifs_server_unlock(server); 843 844 if (rc == 0) 845 return 0; 846 847 add_credits_and_wake_if(server, &credits, optype); 848 return rc; 849 } 850 851 /* 852 * 853 * Send an SMB Request. No response info (other than return code) 854 * needs to be parsed. 855 * 856 * flags indicate the type of request buffer and how long to wait 857 * and whether to log NT STATUS code (error) before mapping it to POSIX error 858 * 859 */ 860 int 861 SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses, 862 char *in_buf, int flags) 863 { 864 int rc; 865 struct kvec iov[1]; 866 struct kvec rsp_iov; 867 int resp_buf_type; 868 869 iov[0].iov_base = in_buf; 870 iov[0].iov_len = get_rfc1002_length(in_buf) + 4; 871 flags |= CIFS_NO_RSP_BUF; 872 rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags, &rsp_iov); 873 cifs_dbg(NOISY, "SendRcvNoRsp flags %d rc %d\n", flags, rc); 874 875 return rc; 876 } 877 878 static int 879 cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) 880 { 881 int rc = 0; 882 883 cifs_dbg(FYI, "%s: cmd=%d mid=%llu state=%d\n", 884 __func__, le16_to_cpu(mid->command), mid->mid, mid->mid_state); 885 886 spin_lock(&server->mid_lock); 887 switch (mid->mid_state) { 888 case MID_RESPONSE_RECEIVED: 889 spin_unlock(&server->mid_lock); 890 return rc; 891 case MID_RETRY_NEEDED: 892 rc = -EAGAIN; 893 break; 894 case MID_RESPONSE_MALFORMED: 895 rc = -EIO; 896 break; 897 case MID_SHUTDOWN: 898 rc = -EHOSTDOWN; 899 break; 900 default: 901 if (!(mid->mid_flags & MID_DELETED)) { 902 list_del_init(&mid->qhead); 903 mid->mid_flags |= MID_DELETED; 904 } 905 cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", 906 __func__, mid->mid, mid->mid_state); 907 rc = -EIO; 908 } 909 spin_unlock(&server->mid_lock); 910 911 release_mid(mid); 912 return rc; 913 } 914 915 static inline int 916 send_cancel(struct TCP_Server_Info *server, struct smb_rqst *rqst, 917 struct mid_q_entry *mid) 918 { 919 return server->ops->send_cancel ? 920 server->ops->send_cancel(server, rqst, mid) : 0; 921 } 922 923 int 924 cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server, 925 bool log_error) 926 { 927 unsigned int len = get_rfc1002_length(mid->resp_buf) + 4; 928 929 dump_smb(mid->resp_buf, min_t(u32, 92, len)); 930 931 /* convert the length into a more usable form */ 932 if (server->sign) { 933 struct kvec iov[2]; 934 int rc = 0; 935 struct smb_rqst rqst = { .rq_iov = iov, 936 .rq_nvec = 2 }; 937 938 iov[0].iov_base = mid->resp_buf; 939 iov[0].iov_len = 4; 940 iov[1].iov_base = (char *)mid->resp_buf + 4; 941 iov[1].iov_len = len - 4; 942 /* FIXME: add code to kill session */ 943 rc = cifs_verify_signature(&rqst, server, 944 mid->sequence_number); 945 if (rc) 946 cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n", 947 rc); 948 } 949 950 /* BB special case reconnect tid and uid here? */ 951 return map_and_check_smb_error(mid, log_error); 952 } 953 954 struct mid_q_entry * 955 cifs_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *ignored, 956 struct smb_rqst *rqst) 957 { 958 int rc; 959 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 960 struct mid_q_entry *mid; 961 962 if (rqst->rq_iov[0].iov_len != 4 || 963 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base) 964 return ERR_PTR(-EIO); 965 966 rc = allocate_mid(ses, hdr, &mid); 967 if (rc) 968 return ERR_PTR(rc); 969 rc = cifs_sign_rqst(rqst, ses->server, &mid->sequence_number); 970 if (rc) { 971 delete_mid(mid); 972 return ERR_PTR(rc); 973 } 974 return mid; 975 } 976 977 static void 978 cifs_compound_callback(struct mid_q_entry *mid) 979 { 980 struct TCP_Server_Info *server = mid->server; 981 struct cifs_credits credits; 982 983 credits.value = server->ops->get_credits(mid); 984 credits.instance = server->reconnect_instance; 985 986 add_credits(server, &credits, mid->optype); 987 } 988 989 static void 990 cifs_compound_last_callback(struct mid_q_entry *mid) 991 { 992 cifs_compound_callback(mid); 993 cifs_wake_up_task(mid); 994 } 995 996 static void 997 cifs_cancelled_callback(struct mid_q_entry *mid) 998 { 999 cifs_compound_callback(mid); 1000 release_mid(mid); 1001 } 1002 1003 /* 1004 * Return a channel (master if none) of @ses that can be used to send 1005 * regular requests. 1006 * 1007 * If we are currently binding a new channel (negprot/sess.setup), 1008 * return the new incomplete channel. 1009 */ 1010 struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) 1011 { 1012 uint index = 0; 1013 unsigned int min_in_flight = UINT_MAX, max_in_flight = 0; 1014 struct TCP_Server_Info *server = NULL; 1015 int i; 1016 1017 if (!ses) 1018 return NULL; 1019 1020 spin_lock(&ses->chan_lock); 1021 for (i = 0; i < ses->chan_count; i++) { 1022 server = ses->chans[i].server; 1023 if (!server) 1024 continue; 1025 1026 /* 1027 * strictly speaking, we should pick up req_lock to read 1028 * server->in_flight. But it shouldn't matter much here if we 1029 * race while reading this data. The worst that can happen is 1030 * that we could use a channel that's not least loaded. Avoiding 1031 * taking the lock could help reduce wait time, which is 1032 * important for this function 1033 */ 1034 if (server->in_flight < min_in_flight) { 1035 min_in_flight = server->in_flight; 1036 index = i; 1037 } 1038 if (server->in_flight > max_in_flight) 1039 max_in_flight = server->in_flight; 1040 } 1041 1042 /* if all channels are equally loaded, fall back to round-robin */ 1043 if (min_in_flight == max_in_flight) { 1044 index = (uint)atomic_inc_return(&ses->chan_seq); 1045 index %= ses->chan_count; 1046 } 1047 spin_unlock(&ses->chan_lock); 1048 1049 return ses->chans[index].server; 1050 } 1051 1052 int 1053 compound_send_recv(const unsigned int xid, struct cifs_ses *ses, 1054 struct TCP_Server_Info *server, 1055 const int flags, const int num_rqst, struct smb_rqst *rqst, 1056 int *resp_buf_type, struct kvec *resp_iov) 1057 { 1058 int i, j, optype, rc = 0; 1059 struct mid_q_entry *midQ[MAX_COMPOUND]; 1060 bool cancelled_mid[MAX_COMPOUND] = {false}; 1061 struct cifs_credits credits[MAX_COMPOUND] = { 1062 { .value = 0, .instance = 0 } 1063 }; 1064 unsigned int instance; 1065 char *buf; 1066 1067 optype = flags & CIFS_OP_MASK; 1068 1069 for (i = 0; i < num_rqst; i++) 1070 resp_buf_type[i] = CIFS_NO_BUFFER; /* no response buf yet */ 1071 1072 if (!ses || !ses->server || !server) { 1073 cifs_dbg(VFS, "Null session\n"); 1074 return -EIO; 1075 } 1076 1077 spin_lock(&server->srv_lock); 1078 if (server->tcpStatus == CifsExiting) { 1079 spin_unlock(&server->srv_lock); 1080 return -ENOENT; 1081 } 1082 spin_unlock(&server->srv_lock); 1083 1084 /* 1085 * Wait for all the requests to become available. 1086 * This approach still leaves the possibility to be stuck waiting for 1087 * credits if the server doesn't grant credits to the outstanding 1088 * requests and if the client is completely idle, not generating any 1089 * other requests. 1090 * This can be handled by the eventual session reconnect. 1091 */ 1092 rc = wait_for_compound_request(server, num_rqst, flags, 1093 &instance); 1094 if (rc) 1095 return rc; 1096 1097 for (i = 0; i < num_rqst; i++) { 1098 credits[i].value = 1; 1099 credits[i].instance = instance; 1100 } 1101 1102 /* 1103 * Make sure that we sign in the same order that we send on this socket 1104 * and avoid races inside tcp sendmsg code that could cause corruption 1105 * of smb data. 1106 */ 1107 1108 cifs_server_lock(server); 1109 1110 /* 1111 * All the parts of the compound chain belong obtained credits from the 1112 * same session. We can not use credits obtained from the previous 1113 * session to send this request. Check if there were reconnects after 1114 * we obtained credits and return -EAGAIN in such cases to let callers 1115 * handle it. 1116 */ 1117 if (instance != server->reconnect_instance) { 1118 cifs_server_unlock(server); 1119 for (j = 0; j < num_rqst; j++) 1120 add_credits(server, &credits[j], optype); 1121 return -EAGAIN; 1122 } 1123 1124 for (i = 0; i < num_rqst; i++) { 1125 midQ[i] = server->ops->setup_request(ses, server, &rqst[i]); 1126 if (IS_ERR(midQ[i])) { 1127 revert_current_mid(server, i); 1128 for (j = 0; j < i; j++) 1129 delete_mid(midQ[j]); 1130 cifs_server_unlock(server); 1131 1132 /* Update # of requests on wire to server */ 1133 for (j = 0; j < num_rqst; j++) 1134 add_credits(server, &credits[j], optype); 1135 return PTR_ERR(midQ[i]); 1136 } 1137 1138 midQ[i]->mid_state = MID_REQUEST_SUBMITTED; 1139 midQ[i]->optype = optype; 1140 /* 1141 * Invoke callback for every part of the compound chain 1142 * to calculate credits properly. Wake up this thread only when 1143 * the last element is received. 1144 */ 1145 if (i < num_rqst - 1) 1146 midQ[i]->callback = cifs_compound_callback; 1147 else 1148 midQ[i]->callback = cifs_compound_last_callback; 1149 } 1150 rc = smb_send_rqst(server, num_rqst, rqst, flags); 1151 1152 for (i = 0; i < num_rqst; i++) 1153 cifs_save_when_sent(midQ[i]); 1154 1155 if (rc < 0) { 1156 revert_current_mid(server, num_rqst); 1157 server->sequence_number -= 2; 1158 } 1159 1160 cifs_server_unlock(server); 1161 1162 /* 1163 * If sending failed for some reason or it is an oplock break that we 1164 * will not receive a response to - return credits back 1165 */ 1166 if (rc < 0 || (flags & CIFS_NO_SRV_RSP)) { 1167 for (i = 0; i < num_rqst; i++) 1168 add_credits(server, &credits[i], optype); 1169 goto out; 1170 } 1171 1172 /* 1173 * At this point the request is passed to the network stack - we assume 1174 * that any credits taken from the server structure on the client have 1175 * been spent and we can't return them back. Once we receive responses 1176 * we will collect credits granted by the server in the mid callbacks 1177 * and add those credits to the server structure. 1178 */ 1179 1180 /* 1181 * Compounding is never used during session establish. 1182 */ 1183 spin_lock(&ses->ses_lock); 1184 if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) { 1185 spin_unlock(&ses->ses_lock); 1186 1187 cifs_server_lock(server); 1188 smb311_update_preauth_hash(ses, server, rqst[0].rq_iov, rqst[0].rq_nvec); 1189 cifs_server_unlock(server); 1190 1191 spin_lock(&ses->ses_lock); 1192 } 1193 spin_unlock(&ses->ses_lock); 1194 1195 for (i = 0; i < num_rqst; i++) { 1196 rc = wait_for_response(server, midQ[i]); 1197 if (rc != 0) 1198 break; 1199 } 1200 if (rc != 0) { 1201 for (; i < num_rqst; i++) { 1202 cifs_server_dbg(FYI, "Cancelling wait for mid %llu cmd: %d\n", 1203 midQ[i]->mid, le16_to_cpu(midQ[i]->command)); 1204 send_cancel(server, &rqst[i], midQ[i]); 1205 spin_lock(&server->mid_lock); 1206 midQ[i]->mid_flags |= MID_WAIT_CANCELLED; 1207 if (midQ[i]->mid_state == MID_REQUEST_SUBMITTED) { 1208 midQ[i]->callback = cifs_cancelled_callback; 1209 cancelled_mid[i] = true; 1210 credits[i].value = 0; 1211 } 1212 spin_unlock(&server->mid_lock); 1213 } 1214 } 1215 1216 for (i = 0; i < num_rqst; i++) { 1217 if (rc < 0) 1218 goto out; 1219 1220 rc = cifs_sync_mid_result(midQ[i], server); 1221 if (rc != 0) { 1222 /* mark this mid as cancelled to not free it below */ 1223 cancelled_mid[i] = true; 1224 goto out; 1225 } 1226 1227 if (!midQ[i]->resp_buf || 1228 midQ[i]->mid_state != MID_RESPONSE_RECEIVED) { 1229 rc = -EIO; 1230 cifs_dbg(FYI, "Bad MID state?\n"); 1231 goto out; 1232 } 1233 1234 buf = (char *)midQ[i]->resp_buf; 1235 resp_iov[i].iov_base = buf; 1236 resp_iov[i].iov_len = midQ[i]->resp_buf_size + 1237 HEADER_PREAMBLE_SIZE(server); 1238 1239 if (midQ[i]->large_buf) 1240 resp_buf_type[i] = CIFS_LARGE_BUFFER; 1241 else 1242 resp_buf_type[i] = CIFS_SMALL_BUFFER; 1243 1244 rc = server->ops->check_receive(midQ[i], server, 1245 flags & CIFS_LOG_ERROR); 1246 1247 /* mark it so buf will not be freed by delete_mid */ 1248 if ((flags & CIFS_NO_RSP_BUF) == 0) 1249 midQ[i]->resp_buf = NULL; 1250 1251 } 1252 1253 /* 1254 * Compounding is never used during session establish. 1255 */ 1256 spin_lock(&ses->ses_lock); 1257 if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) { 1258 struct kvec iov = { 1259 .iov_base = resp_iov[0].iov_base, 1260 .iov_len = resp_iov[0].iov_len 1261 }; 1262 spin_unlock(&ses->ses_lock); 1263 cifs_server_lock(server); 1264 smb311_update_preauth_hash(ses, server, &iov, 1); 1265 cifs_server_unlock(server); 1266 spin_lock(&ses->ses_lock); 1267 } 1268 spin_unlock(&ses->ses_lock); 1269 1270 out: 1271 /* 1272 * This will dequeue all mids. After this it is important that the 1273 * demultiplex_thread will not process any of these mids any futher. 1274 * This is prevented above by using a noop callback that will not 1275 * wake this thread except for the very last PDU. 1276 */ 1277 for (i = 0; i < num_rqst; i++) { 1278 if (!cancelled_mid[i]) 1279 delete_mid(midQ[i]); 1280 } 1281 1282 return rc; 1283 } 1284 1285 int 1286 cifs_send_recv(const unsigned int xid, struct cifs_ses *ses, 1287 struct TCP_Server_Info *server, 1288 struct smb_rqst *rqst, int *resp_buf_type, const int flags, 1289 struct kvec *resp_iov) 1290 { 1291 return compound_send_recv(xid, ses, server, flags, 1, 1292 rqst, resp_buf_type, resp_iov); 1293 } 1294 1295 int 1296 SendReceive2(const unsigned int xid, struct cifs_ses *ses, 1297 struct kvec *iov, int n_vec, int *resp_buf_type /* ret */, 1298 const int flags, struct kvec *resp_iov) 1299 { 1300 struct smb_rqst rqst; 1301 struct kvec s_iov[CIFS_MAX_IOV_SIZE], *new_iov; 1302 int rc; 1303 1304 if (n_vec + 1 > CIFS_MAX_IOV_SIZE) { 1305 new_iov = kmalloc_array(n_vec + 1, sizeof(struct kvec), 1306 GFP_KERNEL); 1307 if (!new_iov) { 1308 /* otherwise cifs_send_recv below sets resp_buf_type */ 1309 *resp_buf_type = CIFS_NO_BUFFER; 1310 return -ENOMEM; 1311 } 1312 } else 1313 new_iov = s_iov; 1314 1315 /* 1st iov is a RFC1001 length followed by the rest of the packet */ 1316 memcpy(new_iov + 1, iov, (sizeof(struct kvec) * n_vec)); 1317 1318 new_iov[0].iov_base = new_iov[1].iov_base; 1319 new_iov[0].iov_len = 4; 1320 new_iov[1].iov_base += 4; 1321 new_iov[1].iov_len -= 4; 1322 1323 memset(&rqst, 0, sizeof(struct smb_rqst)); 1324 rqst.rq_iov = new_iov; 1325 rqst.rq_nvec = n_vec + 1; 1326 1327 rc = cifs_send_recv(xid, ses, ses->server, 1328 &rqst, resp_buf_type, flags, resp_iov); 1329 if (n_vec + 1 > CIFS_MAX_IOV_SIZE) 1330 kfree(new_iov); 1331 return rc; 1332 } 1333 1334 int 1335 SendReceive(const unsigned int xid, struct cifs_ses *ses, 1336 struct smb_hdr *in_buf, struct smb_hdr *out_buf, 1337 int *pbytes_returned, const int flags) 1338 { 1339 int rc = 0; 1340 struct mid_q_entry *midQ; 1341 unsigned int len = be32_to_cpu(in_buf->smb_buf_length); 1342 struct kvec iov = { .iov_base = in_buf, .iov_len = len }; 1343 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 }; 1344 struct cifs_credits credits = { .value = 1, .instance = 0 }; 1345 struct TCP_Server_Info *server; 1346 1347 if (ses == NULL) { 1348 cifs_dbg(VFS, "Null smb session\n"); 1349 return -EIO; 1350 } 1351 server = ses->server; 1352 if (server == NULL) { 1353 cifs_dbg(VFS, "Null tcp session\n"); 1354 return -EIO; 1355 } 1356 1357 spin_lock(&server->srv_lock); 1358 if (server->tcpStatus == CifsExiting) { 1359 spin_unlock(&server->srv_lock); 1360 return -ENOENT; 1361 } 1362 spin_unlock(&server->srv_lock); 1363 1364 /* Ensure that we do not send more than 50 overlapping requests 1365 to the same server. We may make this configurable later or 1366 use ses->maxReq */ 1367 1368 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { 1369 cifs_server_dbg(VFS, "Invalid length, greater than maximum frame, %d\n", 1370 len); 1371 return -EIO; 1372 } 1373 1374 rc = wait_for_free_request(server, flags, &credits.instance); 1375 if (rc) 1376 return rc; 1377 1378 /* make sure that we sign in the same order that we send on this socket 1379 and avoid races inside tcp sendmsg code that could cause corruption 1380 of smb data */ 1381 1382 cifs_server_lock(server); 1383 1384 rc = allocate_mid(ses, in_buf, &midQ); 1385 if (rc) { 1386 cifs_server_unlock(server); 1387 /* Update # of requests on wire to server */ 1388 add_credits(server, &credits, 0); 1389 return rc; 1390 } 1391 1392 rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number); 1393 if (rc) { 1394 cifs_server_unlock(server); 1395 goto out; 1396 } 1397 1398 midQ->mid_state = MID_REQUEST_SUBMITTED; 1399 1400 rc = smb_send(server, in_buf, len); 1401 cifs_save_when_sent(midQ); 1402 1403 if (rc < 0) 1404 server->sequence_number -= 2; 1405 1406 cifs_server_unlock(server); 1407 1408 if (rc < 0) 1409 goto out; 1410 1411 rc = wait_for_response(server, midQ); 1412 if (rc != 0) { 1413 send_cancel(server, &rqst, midQ); 1414 spin_lock(&server->mid_lock); 1415 if (midQ->mid_state == MID_REQUEST_SUBMITTED) { 1416 /* no longer considered to be "in-flight" */ 1417 midQ->callback = release_mid; 1418 spin_unlock(&server->mid_lock); 1419 add_credits(server, &credits, 0); 1420 return rc; 1421 } 1422 spin_unlock(&server->mid_lock); 1423 } 1424 1425 rc = cifs_sync_mid_result(midQ, server); 1426 if (rc != 0) { 1427 add_credits(server, &credits, 0); 1428 return rc; 1429 } 1430 1431 if (!midQ->resp_buf || !out_buf || 1432 midQ->mid_state != MID_RESPONSE_RECEIVED) { 1433 rc = -EIO; 1434 cifs_server_dbg(VFS, "Bad MID state?\n"); 1435 goto out; 1436 } 1437 1438 *pbytes_returned = get_rfc1002_length(midQ->resp_buf); 1439 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4); 1440 rc = cifs_check_receive(midQ, server, 0); 1441 out: 1442 delete_mid(midQ); 1443 add_credits(server, &credits, 0); 1444 1445 return rc; 1446 } 1447 1448 /* We send a LOCKINGX_CANCEL_LOCK to cause the Windows 1449 blocking lock to return. */ 1450 1451 static int 1452 send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon, 1453 struct smb_hdr *in_buf, 1454 struct smb_hdr *out_buf) 1455 { 1456 int bytes_returned; 1457 struct cifs_ses *ses = tcon->ses; 1458 LOCK_REQ *pSMB = (LOCK_REQ *)in_buf; 1459 1460 /* We just modify the current in_buf to change 1461 the type of lock from LOCKING_ANDX_SHARED_LOCK 1462 or LOCKING_ANDX_EXCLUSIVE_LOCK to 1463 LOCKING_ANDX_CANCEL_LOCK. */ 1464 1465 pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES; 1466 pSMB->Timeout = 0; 1467 pSMB->hdr.Mid = get_next_mid(ses->server); 1468 1469 return SendReceive(xid, ses, in_buf, out_buf, 1470 &bytes_returned, 0); 1471 } 1472 1473 int 1474 SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon, 1475 struct smb_hdr *in_buf, struct smb_hdr *out_buf, 1476 int *pbytes_returned) 1477 { 1478 int rc = 0; 1479 int rstart = 0; 1480 struct mid_q_entry *midQ; 1481 struct cifs_ses *ses; 1482 unsigned int len = be32_to_cpu(in_buf->smb_buf_length); 1483 struct kvec iov = { .iov_base = in_buf, .iov_len = len }; 1484 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 }; 1485 unsigned int instance; 1486 struct TCP_Server_Info *server; 1487 1488 if (tcon == NULL || tcon->ses == NULL) { 1489 cifs_dbg(VFS, "Null smb session\n"); 1490 return -EIO; 1491 } 1492 ses = tcon->ses; 1493 server = ses->server; 1494 1495 if (server == NULL) { 1496 cifs_dbg(VFS, "Null tcp session\n"); 1497 return -EIO; 1498 } 1499 1500 spin_lock(&server->srv_lock); 1501 if (server->tcpStatus == CifsExiting) { 1502 spin_unlock(&server->srv_lock); 1503 return -ENOENT; 1504 } 1505 spin_unlock(&server->srv_lock); 1506 1507 /* Ensure that we do not send more than 50 overlapping requests 1508 to the same server. We may make this configurable later or 1509 use ses->maxReq */ 1510 1511 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { 1512 cifs_tcon_dbg(VFS, "Invalid length, greater than maximum frame, %d\n", 1513 len); 1514 return -EIO; 1515 } 1516 1517 rc = wait_for_free_request(server, CIFS_BLOCKING_OP, &instance); 1518 if (rc) 1519 return rc; 1520 1521 /* make sure that we sign in the same order that we send on this socket 1522 and avoid races inside tcp sendmsg code that could cause corruption 1523 of smb data */ 1524 1525 cifs_server_lock(server); 1526 1527 rc = allocate_mid(ses, in_buf, &midQ); 1528 if (rc) { 1529 cifs_server_unlock(server); 1530 return rc; 1531 } 1532 1533 rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number); 1534 if (rc) { 1535 delete_mid(midQ); 1536 cifs_server_unlock(server); 1537 return rc; 1538 } 1539 1540 midQ->mid_state = MID_REQUEST_SUBMITTED; 1541 rc = smb_send(server, in_buf, len); 1542 cifs_save_when_sent(midQ); 1543 1544 if (rc < 0) 1545 server->sequence_number -= 2; 1546 1547 cifs_server_unlock(server); 1548 1549 if (rc < 0) { 1550 delete_mid(midQ); 1551 return rc; 1552 } 1553 1554 /* Wait for a reply - allow signals to interrupt. */ 1555 rc = wait_event_interruptible(server->response_q, 1556 (!(midQ->mid_state == MID_REQUEST_SUBMITTED)) || 1557 ((server->tcpStatus != CifsGood) && 1558 (server->tcpStatus != CifsNew))); 1559 1560 /* Were we interrupted by a signal ? */ 1561 spin_lock(&server->srv_lock); 1562 if ((rc == -ERESTARTSYS) && 1563 (midQ->mid_state == MID_REQUEST_SUBMITTED) && 1564 ((server->tcpStatus == CifsGood) || 1565 (server->tcpStatus == CifsNew))) { 1566 spin_unlock(&server->srv_lock); 1567 1568 if (in_buf->Command == SMB_COM_TRANSACTION2) { 1569 /* POSIX lock. We send a NT_CANCEL SMB to cause the 1570 blocking lock to return. */ 1571 rc = send_cancel(server, &rqst, midQ); 1572 if (rc) { 1573 delete_mid(midQ); 1574 return rc; 1575 } 1576 } else { 1577 /* Windows lock. We send a LOCKINGX_CANCEL_LOCK 1578 to cause the blocking lock to return. */ 1579 1580 rc = send_lock_cancel(xid, tcon, in_buf, out_buf); 1581 1582 /* If we get -ENOLCK back the lock may have 1583 already been removed. Don't exit in this case. */ 1584 if (rc && rc != -ENOLCK) { 1585 delete_mid(midQ); 1586 return rc; 1587 } 1588 } 1589 1590 rc = wait_for_response(server, midQ); 1591 if (rc) { 1592 send_cancel(server, &rqst, midQ); 1593 spin_lock(&server->mid_lock); 1594 if (midQ->mid_state == MID_REQUEST_SUBMITTED) { 1595 /* no longer considered to be "in-flight" */ 1596 midQ->callback = release_mid; 1597 spin_unlock(&server->mid_lock); 1598 return rc; 1599 } 1600 spin_unlock(&server->mid_lock); 1601 } 1602 1603 /* We got the response - restart system call. */ 1604 rstart = 1; 1605 spin_lock(&server->srv_lock); 1606 } 1607 spin_unlock(&server->srv_lock); 1608 1609 rc = cifs_sync_mid_result(midQ, server); 1610 if (rc != 0) 1611 return rc; 1612 1613 /* rcvd frame is ok */ 1614 if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_RECEIVED) { 1615 rc = -EIO; 1616 cifs_tcon_dbg(VFS, "Bad MID state?\n"); 1617 goto out; 1618 } 1619 1620 *pbytes_returned = get_rfc1002_length(midQ->resp_buf); 1621 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4); 1622 rc = cifs_check_receive(midQ, server, 0); 1623 out: 1624 delete_mid(midQ); 1625 if (rstart && rc == -EACCES) 1626 return -ERESTARTSYS; 1627 return rc; 1628 } 1629 1630 /* 1631 * Discard any remaining data in the current SMB. To do this, we borrow the 1632 * current bigbuf. 1633 */ 1634 int 1635 cifs_discard_remaining_data(struct TCP_Server_Info *server) 1636 { 1637 unsigned int rfclen = server->pdu_size; 1638 size_t remaining = rfclen + HEADER_PREAMBLE_SIZE(server) - 1639 server->total_read; 1640 1641 while (remaining > 0) { 1642 ssize_t length; 1643 1644 length = cifs_discard_from_socket(server, 1645 min_t(size_t, remaining, 1646 CIFSMaxBufSize + MAX_HEADER_SIZE(server))); 1647 if (length < 0) 1648 return length; 1649 server->total_read += length; 1650 remaining -= length; 1651 } 1652 1653 return 0; 1654 } 1655 1656 static int 1657 __cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid, 1658 bool malformed) 1659 { 1660 int length; 1661 1662 length = cifs_discard_remaining_data(server); 1663 dequeue_mid(mid, malformed); 1664 mid->resp_buf = server->smallbuf; 1665 server->smallbuf = NULL; 1666 return length; 1667 } 1668 1669 static int 1670 cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid) 1671 { 1672 struct cifs_readdata *rdata = mid->callback_data; 1673 1674 return __cifs_readv_discard(server, mid, rdata->result); 1675 } 1676 1677 int 1678 cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid) 1679 { 1680 int length, len; 1681 unsigned int data_offset, data_len; 1682 struct cifs_readdata *rdata = mid->callback_data; 1683 char *buf = server->smallbuf; 1684 unsigned int buflen = server->pdu_size + HEADER_PREAMBLE_SIZE(server); 1685 bool use_rdma_mr = false; 1686 1687 cifs_dbg(FYI, "%s: mid=%llu offset=%llu bytes=%u\n", 1688 __func__, mid->mid, rdata->offset, rdata->bytes); 1689 1690 /* 1691 * read the rest of READ_RSP header (sans Data array), or whatever we 1692 * can if there's not enough data. At this point, we've read down to 1693 * the Mid. 1694 */ 1695 len = min_t(unsigned int, buflen, server->vals->read_rsp_size) - 1696 HEADER_SIZE(server) + 1; 1697 1698 length = cifs_read_from_socket(server, 1699 buf + HEADER_SIZE(server) - 1, len); 1700 if (length < 0) 1701 return length; 1702 server->total_read += length; 1703 1704 if (server->ops->is_session_expired && 1705 server->ops->is_session_expired(buf)) { 1706 cifs_reconnect(server, true); 1707 return -1; 1708 } 1709 1710 if (server->ops->is_status_pending && 1711 server->ops->is_status_pending(buf, server)) { 1712 cifs_discard_remaining_data(server); 1713 return -1; 1714 } 1715 1716 /* set up first two iov for signature check and to get credits */ 1717 rdata->iov[0].iov_base = buf; 1718 rdata->iov[0].iov_len = HEADER_PREAMBLE_SIZE(server); 1719 rdata->iov[1].iov_base = buf + HEADER_PREAMBLE_SIZE(server); 1720 rdata->iov[1].iov_len = 1721 server->total_read - HEADER_PREAMBLE_SIZE(server); 1722 cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu\n", 1723 rdata->iov[0].iov_base, rdata->iov[0].iov_len); 1724 cifs_dbg(FYI, "1: iov_base=%p iov_len=%zu\n", 1725 rdata->iov[1].iov_base, rdata->iov[1].iov_len); 1726 1727 /* Was the SMB read successful? */ 1728 rdata->result = server->ops->map_error(buf, false); 1729 if (rdata->result != 0) { 1730 cifs_dbg(FYI, "%s: server returned error %d\n", 1731 __func__, rdata->result); 1732 /* normal error on read response */ 1733 return __cifs_readv_discard(server, mid, false); 1734 } 1735 1736 /* Is there enough to get to the rest of the READ_RSP header? */ 1737 if (server->total_read < server->vals->read_rsp_size) { 1738 cifs_dbg(FYI, "%s: server returned short header. got=%u expected=%zu\n", 1739 __func__, server->total_read, 1740 server->vals->read_rsp_size); 1741 rdata->result = -EIO; 1742 return cifs_readv_discard(server, mid); 1743 } 1744 1745 data_offset = server->ops->read_data_offset(buf) + 1746 HEADER_PREAMBLE_SIZE(server); 1747 if (data_offset < server->total_read) { 1748 /* 1749 * win2k8 sometimes sends an offset of 0 when the read 1750 * is beyond the EOF. Treat it as if the data starts just after 1751 * the header. 1752 */ 1753 cifs_dbg(FYI, "%s: data offset (%u) inside read response header\n", 1754 __func__, data_offset); 1755 data_offset = server->total_read; 1756 } else if (data_offset > MAX_CIFS_SMALL_BUFFER_SIZE) { 1757 /* data_offset is beyond the end of smallbuf */ 1758 cifs_dbg(FYI, "%s: data offset (%u) beyond end of smallbuf\n", 1759 __func__, data_offset); 1760 rdata->result = -EIO; 1761 return cifs_readv_discard(server, mid); 1762 } 1763 1764 cifs_dbg(FYI, "%s: total_read=%u data_offset=%u\n", 1765 __func__, server->total_read, data_offset); 1766 1767 len = data_offset - server->total_read; 1768 if (len > 0) { 1769 /* read any junk before data into the rest of smallbuf */ 1770 length = cifs_read_from_socket(server, 1771 buf + server->total_read, len); 1772 if (length < 0) 1773 return length; 1774 server->total_read += length; 1775 } 1776 1777 /* how much data is in the response? */ 1778 #ifdef CONFIG_CIFS_SMB_DIRECT 1779 use_rdma_mr = rdata->mr; 1780 #endif 1781 data_len = server->ops->read_data_length(buf, use_rdma_mr); 1782 if (!use_rdma_mr && (data_offset + data_len > buflen)) { 1783 /* data_len is corrupt -- discard frame */ 1784 rdata->result = -EIO; 1785 return cifs_readv_discard(server, mid); 1786 } 1787 1788 #ifdef CONFIG_CIFS_SMB_DIRECT 1789 if (rdata->mr) 1790 length = data_len; /* An RDMA read is already done. */ 1791 else 1792 #endif 1793 length = cifs_read_iter_from_socket(server, &rdata->iter, 1794 data_len); 1795 if (length > 0) 1796 rdata->got_bytes += length; 1797 server->total_read += length; 1798 1799 cifs_dbg(FYI, "total_read=%u buflen=%u remaining=%u\n", 1800 server->total_read, buflen, data_len); 1801 1802 /* discard anything left over */ 1803 if (server->total_read < buflen) 1804 return cifs_readv_discard(server, mid); 1805 1806 dequeue_mid(mid, false); 1807 mid->resp_buf = server->smallbuf; 1808 server->smallbuf = NULL; 1809 return length; 1810 } 1811