1 // SPDX-License-Identifier: LGPL-2.1 2 /* 3 * 4 * Copyright (C) International Business Machines Corp., 2002,2008 5 * Author(s): Steve French (sfrench@us.ibm.com) 6 * Jeremy Allison (jra@samba.org) 2006. 7 * 8 */ 9 10 #include <linux/fs.h> 11 #include <linux/list.h> 12 #include <linux/gfp.h> 13 #include <linux/wait.h> 14 #include <linux/net.h> 15 #include <linux/delay.h> 16 #include <linux/freezer.h> 17 #include <linux/tcp.h> 18 #include <linux/bvec.h> 19 #include <linux/highmem.h> 20 #include <linux/uaccess.h> 21 #include <linux/processor.h> 22 #include <linux/mempool.h> 23 #include <linux/sched/signal.h> 24 #include <linux/task_io_accounting_ops.h> 25 #include "cifspdu.h" 26 #include "cifsglob.h" 27 #include "cifsproto.h" 28 #include "cifs_debug.h" 29 #include "smb2proto.h" 30 #include "smbdirect.h" 31 32 /* Max number of iovectors we can use off the stack when sending requests. */ 33 #define CIFS_MAX_IOV_SIZE 8 34 35 void 36 cifs_wake_up_task(struct mid_q_entry *mid) 37 { 38 if (mid->mid_state == MID_RESPONSE_RECEIVED) 39 mid->mid_state = MID_RESPONSE_READY; 40 wake_up_process(mid->callback_data); 41 } 42 43 static struct mid_q_entry * 44 alloc_mid(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server) 45 { 46 struct mid_q_entry *temp; 47 48 if (server == NULL) { 49 cifs_dbg(VFS, "%s: null TCP session\n", __func__); 50 return NULL; 51 } 52 53 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS); 54 memset(temp, 0, sizeof(struct mid_q_entry)); 55 kref_init(&temp->refcount); 56 temp->mid = get_mid(smb_buffer); 57 temp->pid = current->pid; 58 temp->command = cpu_to_le16(smb_buffer->Command); 59 cifs_dbg(FYI, "For smb_command %d\n", smb_buffer->Command); 60 /* easier to use jiffies */ 61 /* when mid allocated can be before when sent */ 62 temp->when_alloc = jiffies; 63 temp->server = server; 64 65 /* 66 * The default is for the mid to be synchronous, so the 67 * default callback just wakes up the current task. 68 */ 69 get_task_struct(current); 70 temp->creator = current; 71 temp->callback = cifs_wake_up_task; 72 temp->callback_data = current; 73 74 atomic_inc(&mid_count); 75 temp->mid_state = MID_REQUEST_ALLOCATED; 76 return temp; 77 } 78 79 void __release_mid(struct kref *refcount) 80 { 81 struct mid_q_entry *midEntry = 82 container_of(refcount, struct mid_q_entry, refcount); 83 #ifdef CONFIG_CIFS_STATS2 84 __le16 command = midEntry->server->vals->lock_cmd; 85 __u16 smb_cmd = le16_to_cpu(midEntry->command); 86 unsigned long now; 87 unsigned long roundtrip_time; 88 #endif 89 struct TCP_Server_Info *server = midEntry->server; 90 91 if (midEntry->resp_buf && (midEntry->mid_flags & MID_WAIT_CANCELLED) && 92 (midEntry->mid_state == MID_RESPONSE_RECEIVED || 93 midEntry->mid_state == MID_RESPONSE_READY) && 94 server->ops->handle_cancelled_mid) 95 server->ops->handle_cancelled_mid(midEntry, server); 96 97 midEntry->mid_state = MID_FREE; 98 atomic_dec(&mid_count); 99 if (midEntry->large_buf) 100 cifs_buf_release(midEntry->resp_buf); 101 else 102 cifs_small_buf_release(midEntry->resp_buf); 103 #ifdef CONFIG_CIFS_STATS2 104 now = jiffies; 105 if (now < midEntry->when_alloc) 106 cifs_server_dbg(VFS, "Invalid mid allocation time\n"); 107 roundtrip_time = now - midEntry->when_alloc; 108 109 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) { 110 if (atomic_read(&server->num_cmds[smb_cmd]) == 0) { 111 server->slowest_cmd[smb_cmd] = roundtrip_time; 112 server->fastest_cmd[smb_cmd] = roundtrip_time; 113 } else { 114 if (server->slowest_cmd[smb_cmd] < roundtrip_time) 115 server->slowest_cmd[smb_cmd] = roundtrip_time; 116 else if (server->fastest_cmd[smb_cmd] > roundtrip_time) 117 server->fastest_cmd[smb_cmd] = roundtrip_time; 118 } 119 cifs_stats_inc(&server->num_cmds[smb_cmd]); 120 server->time_per_cmd[smb_cmd] += roundtrip_time; 121 } 122 /* 123 * commands taking longer than one second (default) can be indications 124 * that something is wrong, unless it is quite a slow link or a very 125 * busy server. Note that this calc is unlikely or impossible to wrap 126 * as long as slow_rsp_threshold is not set way above recommended max 127 * value (32767 ie 9 hours) and is generally harmless even if wrong 128 * since only affects debug counters - so leaving the calc as simple 129 * comparison rather than doing multiple conversions and overflow 130 * checks 131 */ 132 if ((slow_rsp_threshold != 0) && 133 time_after(now, midEntry->when_alloc + (slow_rsp_threshold * HZ)) && 134 (midEntry->command != command)) { 135 /* 136 * smb2slowcmd[NUMBER_OF_SMB2_COMMANDS] counts by command 137 * NB: le16_to_cpu returns unsigned so can not be negative below 138 */ 139 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) 140 cifs_stats_inc(&server->smb2slowcmd[smb_cmd]); 141 142 trace_smb3_slow_rsp(smb_cmd, midEntry->mid, midEntry->pid, 143 midEntry->when_sent, midEntry->when_received); 144 if (cifsFYI & CIFS_TIMER) { 145 pr_debug("slow rsp: cmd %d mid %llu", 146 midEntry->command, midEntry->mid); 147 cifs_info("A: 0x%lx S: 0x%lx R: 0x%lx\n", 148 now - midEntry->when_alloc, 149 now - midEntry->when_sent, 150 now - midEntry->when_received); 151 } 152 } 153 #endif 154 put_task_struct(midEntry->creator); 155 156 mempool_free(midEntry, cifs_mid_poolp); 157 } 158 159 void 160 delete_mid(struct mid_q_entry *mid) 161 { 162 spin_lock(&mid->server->mid_lock); 163 if (!(mid->mid_flags & MID_DELETED)) { 164 list_del_init(&mid->qhead); 165 mid->mid_flags |= MID_DELETED; 166 } 167 spin_unlock(&mid->server->mid_lock); 168 169 release_mid(mid); 170 } 171 172 /* 173 * smb_send_kvec - send an array of kvecs to the server 174 * @server: Server to send the data to 175 * @smb_msg: Message to send 176 * @sent: amount of data sent on socket is stored here 177 * 178 * Our basic "send data to server" function. Should be called with srv_mutex 179 * held. The caller is responsible for handling the results. 180 */ 181 static int 182 smb_send_kvec(struct TCP_Server_Info *server, struct msghdr *smb_msg, 183 size_t *sent) 184 { 185 int rc = 0; 186 int retries = 0; 187 struct socket *ssocket = server->ssocket; 188 189 *sent = 0; 190 191 if (server->noblocksnd) 192 smb_msg->msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL; 193 else 194 smb_msg->msg_flags = MSG_NOSIGNAL; 195 196 while (msg_data_left(smb_msg)) { 197 /* 198 * If blocking send, we try 3 times, since each can block 199 * for 5 seconds. For nonblocking we have to try more 200 * but wait increasing amounts of time allowing time for 201 * socket to clear. The overall time we wait in either 202 * case to send on the socket is about 15 seconds. 203 * Similarly we wait for 15 seconds for a response from 204 * the server in SendReceive[2] for the server to send 205 * a response back for most types of requests (except 206 * SMB Write past end of file which can be slow, and 207 * blocking lock operations). NFS waits slightly longer 208 * than CIFS, but this can make it take longer for 209 * nonresponsive servers to be detected and 15 seconds 210 * is more than enough time for modern networks to 211 * send a packet. In most cases if we fail to send 212 * after the retries we will kill the socket and 213 * reconnect which may clear the network problem. 214 */ 215 rc = sock_sendmsg(ssocket, smb_msg); 216 if (rc == -EAGAIN) { 217 retries++; 218 if (retries >= 14 || 219 (!server->noblocksnd && (retries > 2))) { 220 cifs_server_dbg(VFS, "sends on sock %p stuck for 15 seconds\n", 221 ssocket); 222 return -EAGAIN; 223 } 224 msleep(1 << retries); 225 continue; 226 } 227 228 if (rc < 0) 229 return rc; 230 231 if (rc == 0) { 232 /* should never happen, letting socket clear before 233 retrying is our only obvious option here */ 234 cifs_server_dbg(VFS, "tcp sent no data\n"); 235 msleep(500); 236 continue; 237 } 238 239 /* send was at least partially successful */ 240 *sent += rc; 241 retries = 0; /* in case we get ENOSPC on the next send */ 242 } 243 return 0; 244 } 245 246 unsigned long 247 smb_rqst_len(struct TCP_Server_Info *server, struct smb_rqst *rqst) 248 { 249 unsigned int i; 250 struct kvec *iov; 251 int nvec; 252 unsigned long buflen = 0; 253 254 if (!is_smb1(server) && rqst->rq_nvec >= 2 && 255 rqst->rq_iov[0].iov_len == 4) { 256 iov = &rqst->rq_iov[1]; 257 nvec = rqst->rq_nvec - 1; 258 } else { 259 iov = rqst->rq_iov; 260 nvec = rqst->rq_nvec; 261 } 262 263 /* total up iov array first */ 264 for (i = 0; i < nvec; i++) 265 buflen += iov[i].iov_len; 266 267 buflen += iov_iter_count(&rqst->rq_iter); 268 return buflen; 269 } 270 271 static int 272 __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst, 273 struct smb_rqst *rqst) 274 { 275 int rc; 276 struct kvec *iov; 277 int n_vec; 278 unsigned int send_length = 0; 279 unsigned int i, j; 280 sigset_t mask, oldmask; 281 size_t total_len = 0, sent, size; 282 struct socket *ssocket = server->ssocket; 283 struct msghdr smb_msg = {}; 284 __be32 rfc1002_marker; 285 286 cifs_in_send_inc(server); 287 if (cifs_rdma_enabled(server)) { 288 /* return -EAGAIN when connecting or reconnecting */ 289 rc = -EAGAIN; 290 if (server->smbd_conn) 291 rc = smbd_send(server, num_rqst, rqst); 292 goto smbd_done; 293 } 294 295 rc = -EAGAIN; 296 if (ssocket == NULL) 297 goto out; 298 299 rc = -ERESTARTSYS; 300 if (fatal_signal_pending(current)) { 301 cifs_dbg(FYI, "signal pending before send request\n"); 302 goto out; 303 } 304 305 rc = 0; 306 /* cork the socket */ 307 tcp_sock_set_cork(ssocket->sk, true); 308 309 for (j = 0; j < num_rqst; j++) 310 send_length += smb_rqst_len(server, &rqst[j]); 311 rfc1002_marker = cpu_to_be32(send_length); 312 313 /* 314 * We should not allow signals to interrupt the network send because 315 * any partial send will cause session reconnects thus increasing 316 * latency of system calls and overload a server with unnecessary 317 * requests. 318 */ 319 320 sigfillset(&mask); 321 sigprocmask(SIG_BLOCK, &mask, &oldmask); 322 323 /* Generate a rfc1002 marker for SMB2+ */ 324 if (!is_smb1(server)) { 325 struct kvec hiov = { 326 .iov_base = &rfc1002_marker, 327 .iov_len = 4 328 }; 329 iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, &hiov, 1, 4); 330 rc = smb_send_kvec(server, &smb_msg, &sent); 331 if (rc < 0) 332 goto unmask; 333 334 total_len += sent; 335 send_length += 4; 336 } 337 338 cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length); 339 340 for (j = 0; j < num_rqst; j++) { 341 iov = rqst[j].rq_iov; 342 n_vec = rqst[j].rq_nvec; 343 344 size = 0; 345 for (i = 0; i < n_vec; i++) { 346 dump_smb(iov[i].iov_base, iov[i].iov_len); 347 size += iov[i].iov_len; 348 } 349 350 iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, iov, n_vec, size); 351 352 rc = smb_send_kvec(server, &smb_msg, &sent); 353 if (rc < 0) 354 goto unmask; 355 356 total_len += sent; 357 358 if (iov_iter_count(&rqst[j].rq_iter) > 0) { 359 smb_msg.msg_iter = rqst[j].rq_iter; 360 rc = smb_send_kvec(server, &smb_msg, &sent); 361 if (rc < 0) 362 break; 363 total_len += sent; 364 } 365 366 } 367 368 unmask: 369 sigprocmask(SIG_SETMASK, &oldmask, NULL); 370 371 /* 372 * If signal is pending but we have already sent the whole packet to 373 * the server we need to return success status to allow a corresponding 374 * mid entry to be kept in the pending requests queue thus allowing 375 * to handle responses from the server by the client. 376 * 377 * If only part of the packet has been sent there is no need to hide 378 * interrupt because the session will be reconnected anyway, so there 379 * won't be any response from the server to handle. 380 */ 381 382 if (signal_pending(current) && (total_len != send_length)) { 383 cifs_dbg(FYI, "signal is pending after attempt to send\n"); 384 rc = -ERESTARTSYS; 385 } 386 387 /* uncork it */ 388 tcp_sock_set_cork(ssocket->sk, false); 389 390 if ((total_len > 0) && (total_len != send_length)) { 391 cifs_dbg(FYI, "partial send (wanted=%u sent=%zu): terminating session\n", 392 send_length, total_len); 393 /* 394 * If we have only sent part of an SMB then the next SMB could 395 * be taken as the remainder of this one. We need to kill the 396 * socket so the server throws away the partial SMB 397 */ 398 cifs_signal_cifsd_for_reconnect(server, false); 399 trace_smb3_partial_send_reconnect(server->CurrentMid, 400 server->conn_id, server->hostname); 401 } 402 smbd_done: 403 /* 404 * there's hardly any use for the layers above to know the 405 * actual error code here. All they should do at this point is 406 * to retry the connection and hope it goes away. 407 */ 408 if (rc < 0 && rc != -EINTR && rc != -EAGAIN) { 409 cifs_server_dbg(VFS, "Error %d sending data on socket to server\n", 410 rc); 411 rc = -ECONNABORTED; 412 cifs_signal_cifsd_for_reconnect(server, false); 413 } else if (rc > 0) 414 rc = 0; 415 out: 416 cifs_in_send_dec(server); 417 return rc; 418 } 419 420 struct send_req_vars { 421 struct smb2_transform_hdr tr_hdr; 422 struct smb_rqst rqst[MAX_COMPOUND]; 423 struct kvec iov; 424 }; 425 426 static int 427 smb_send_rqst(struct TCP_Server_Info *server, int num_rqst, 428 struct smb_rqst *rqst, int flags) 429 { 430 struct send_req_vars *vars; 431 struct smb_rqst *cur_rqst; 432 struct kvec *iov; 433 int rc; 434 435 if (!(flags & CIFS_TRANSFORM_REQ)) 436 return __smb_send_rqst(server, num_rqst, rqst); 437 438 if (WARN_ON_ONCE(num_rqst > MAX_COMPOUND - 1)) 439 return -EIO; 440 441 if (!server->ops->init_transform_rq) { 442 cifs_server_dbg(VFS, "Encryption requested but transform callback is missing\n"); 443 return -EIO; 444 } 445 446 vars = kzalloc(sizeof(*vars), GFP_NOFS); 447 if (!vars) 448 return -ENOMEM; 449 cur_rqst = vars->rqst; 450 iov = &vars->iov; 451 452 iov->iov_base = &vars->tr_hdr; 453 iov->iov_len = sizeof(vars->tr_hdr); 454 cur_rqst[0].rq_iov = iov; 455 cur_rqst[0].rq_nvec = 1; 456 457 rc = server->ops->init_transform_rq(server, num_rqst + 1, 458 &cur_rqst[0], rqst); 459 if (rc) 460 goto out; 461 462 rc = __smb_send_rqst(server, num_rqst + 1, &cur_rqst[0]); 463 smb3_free_compound_rqst(num_rqst, &cur_rqst[1]); 464 out: 465 kfree(vars); 466 return rc; 467 } 468 469 int 470 smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer, 471 unsigned int smb_buf_length) 472 { 473 struct kvec iov[2]; 474 struct smb_rqst rqst = { .rq_iov = iov, 475 .rq_nvec = 2 }; 476 477 iov[0].iov_base = smb_buffer; 478 iov[0].iov_len = 4; 479 iov[1].iov_base = (char *)smb_buffer + 4; 480 iov[1].iov_len = smb_buf_length; 481 482 return __smb_send_rqst(server, 1, &rqst); 483 } 484 485 static int 486 wait_for_free_credits(struct TCP_Server_Info *server, const int num_credits, 487 const int timeout, const int flags, 488 unsigned int *instance) 489 { 490 long rc; 491 int *credits; 492 int optype; 493 long int t; 494 int scredits, in_flight; 495 496 if (timeout < 0) 497 t = MAX_JIFFY_OFFSET; 498 else 499 t = msecs_to_jiffies(timeout); 500 501 optype = flags & CIFS_OP_MASK; 502 503 *instance = 0; 504 505 credits = server->ops->get_credits_field(server, optype); 506 /* Since an echo is already inflight, no need to wait to send another */ 507 if (*credits <= 0 && optype == CIFS_ECHO_OP) 508 return -EAGAIN; 509 510 spin_lock(&server->req_lock); 511 if ((flags & CIFS_TIMEOUT_MASK) == CIFS_NON_BLOCKING) { 512 /* oplock breaks must not be held up */ 513 server->in_flight++; 514 if (server->in_flight > server->max_in_flight) 515 server->max_in_flight = server->in_flight; 516 *credits -= 1; 517 *instance = server->reconnect_instance; 518 scredits = *credits; 519 in_flight = server->in_flight; 520 spin_unlock(&server->req_lock); 521 522 trace_smb3_nblk_credits(server->CurrentMid, 523 server->conn_id, server->hostname, scredits, -1, in_flight); 524 cifs_dbg(FYI, "%s: remove %u credits total=%d\n", 525 __func__, 1, scredits); 526 527 return 0; 528 } 529 530 while (1) { 531 spin_unlock(&server->req_lock); 532 533 spin_lock(&server->srv_lock); 534 if (server->tcpStatus == CifsExiting) { 535 spin_unlock(&server->srv_lock); 536 return -ENOENT; 537 } 538 spin_unlock(&server->srv_lock); 539 540 spin_lock(&server->req_lock); 541 if (*credits < num_credits) { 542 scredits = *credits; 543 spin_unlock(&server->req_lock); 544 545 cifs_num_waiters_inc(server); 546 rc = wait_event_killable_timeout(server->request_q, 547 has_credits(server, credits, num_credits), t); 548 cifs_num_waiters_dec(server); 549 if (!rc) { 550 spin_lock(&server->req_lock); 551 scredits = *credits; 552 in_flight = server->in_flight; 553 spin_unlock(&server->req_lock); 554 555 trace_smb3_credit_timeout(server->CurrentMid, 556 server->conn_id, server->hostname, scredits, 557 num_credits, in_flight); 558 cifs_server_dbg(VFS, "wait timed out after %d ms\n", 559 timeout); 560 return -EBUSY; 561 } 562 if (rc == -ERESTARTSYS) 563 return -ERESTARTSYS; 564 spin_lock(&server->req_lock); 565 } else { 566 /* 567 * For normal commands, reserve the last MAX_COMPOUND 568 * credits to compound requests. 569 * Otherwise these compounds could be permanently 570 * starved for credits by single-credit requests. 571 * 572 * To prevent spinning CPU, block this thread until 573 * there are >MAX_COMPOUND credits available. 574 * But only do this is we already have a lot of 575 * credits in flight to avoid triggering this check 576 * for servers that are slow to hand out credits on 577 * new sessions. 578 */ 579 if (!optype && num_credits == 1 && 580 server->in_flight > 2 * MAX_COMPOUND && 581 *credits <= MAX_COMPOUND) { 582 spin_unlock(&server->req_lock); 583 584 cifs_num_waiters_inc(server); 585 rc = wait_event_killable_timeout( 586 server->request_q, 587 has_credits(server, credits, 588 MAX_COMPOUND + 1), 589 t); 590 cifs_num_waiters_dec(server); 591 if (!rc) { 592 spin_lock(&server->req_lock); 593 scredits = *credits; 594 in_flight = server->in_flight; 595 spin_unlock(&server->req_lock); 596 597 trace_smb3_credit_timeout( 598 server->CurrentMid, 599 server->conn_id, server->hostname, 600 scredits, num_credits, in_flight); 601 cifs_server_dbg(VFS, "wait timed out after %d ms\n", 602 timeout); 603 return -EBUSY; 604 } 605 if (rc == -ERESTARTSYS) 606 return -ERESTARTSYS; 607 spin_lock(&server->req_lock); 608 continue; 609 } 610 611 /* 612 * Can not count locking commands against total 613 * as they are allowed to block on server. 614 */ 615 616 /* update # of requests on the wire to server */ 617 if ((flags & CIFS_TIMEOUT_MASK) != CIFS_BLOCKING_OP) { 618 *credits -= num_credits; 619 server->in_flight += num_credits; 620 if (server->in_flight > server->max_in_flight) 621 server->max_in_flight = server->in_flight; 622 *instance = server->reconnect_instance; 623 } 624 scredits = *credits; 625 in_flight = server->in_flight; 626 spin_unlock(&server->req_lock); 627 628 trace_smb3_waitff_credits(server->CurrentMid, 629 server->conn_id, server->hostname, scredits, 630 -(num_credits), in_flight); 631 cifs_dbg(FYI, "%s: remove %u credits total=%d\n", 632 __func__, num_credits, scredits); 633 break; 634 } 635 } 636 return 0; 637 } 638 639 static int 640 wait_for_free_request(struct TCP_Server_Info *server, const int flags, 641 unsigned int *instance) 642 { 643 return wait_for_free_credits(server, 1, -1, flags, 644 instance); 645 } 646 647 static int 648 wait_for_compound_request(struct TCP_Server_Info *server, int num, 649 const int flags, unsigned int *instance) 650 { 651 int *credits; 652 int scredits, in_flight; 653 654 credits = server->ops->get_credits_field(server, flags & CIFS_OP_MASK); 655 656 spin_lock(&server->req_lock); 657 scredits = *credits; 658 in_flight = server->in_flight; 659 660 if (*credits < num) { 661 /* 662 * If the server is tight on resources or just gives us less 663 * credits for other reasons (e.g. requests are coming out of 664 * order and the server delays granting more credits until it 665 * processes a missing mid) and we exhausted most available 666 * credits there may be situations when we try to send 667 * a compound request but we don't have enough credits. At this 668 * point the client needs to decide if it should wait for 669 * additional credits or fail the request. If at least one 670 * request is in flight there is a high probability that the 671 * server will return enough credits to satisfy this compound 672 * request. 673 * 674 * Return immediately if no requests in flight since we will be 675 * stuck on waiting for credits. 676 */ 677 if (server->in_flight == 0) { 678 spin_unlock(&server->req_lock); 679 trace_smb3_insufficient_credits(server->CurrentMid, 680 server->conn_id, server->hostname, scredits, 681 num, in_flight); 682 cifs_dbg(FYI, "%s: %d requests in flight, needed %d total=%d\n", 683 __func__, in_flight, num, scredits); 684 return -EDEADLK; 685 } 686 } 687 spin_unlock(&server->req_lock); 688 689 return wait_for_free_credits(server, num, 60000, flags, 690 instance); 691 } 692 693 int 694 cifs_wait_mtu_credits(struct TCP_Server_Info *server, unsigned int size, 695 unsigned int *num, struct cifs_credits *credits) 696 { 697 *num = size; 698 credits->value = 0; 699 credits->instance = server->reconnect_instance; 700 return 0; 701 } 702 703 static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf, 704 struct mid_q_entry **ppmidQ) 705 { 706 spin_lock(&ses->ses_lock); 707 if (ses->ses_status == SES_NEW) { 708 if ((in_buf->Command != SMB_COM_SESSION_SETUP_ANDX) && 709 (in_buf->Command != SMB_COM_NEGOTIATE)) { 710 spin_unlock(&ses->ses_lock); 711 return -EAGAIN; 712 } 713 /* else ok - we are setting up session */ 714 } 715 716 if (ses->ses_status == SES_EXITING) { 717 /* check if SMB session is bad because we are setting it up */ 718 if (in_buf->Command != SMB_COM_LOGOFF_ANDX) { 719 spin_unlock(&ses->ses_lock); 720 return -EAGAIN; 721 } 722 /* else ok - we are shutting down session */ 723 } 724 spin_unlock(&ses->ses_lock); 725 726 *ppmidQ = alloc_mid(in_buf, ses->server); 727 if (*ppmidQ == NULL) 728 return -ENOMEM; 729 spin_lock(&ses->server->mid_lock); 730 list_add_tail(&(*ppmidQ)->qhead, &ses->server->pending_mid_q); 731 spin_unlock(&ses->server->mid_lock); 732 return 0; 733 } 734 735 static int 736 wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ) 737 { 738 int error; 739 740 error = wait_event_state(server->response_q, 741 midQ->mid_state != MID_REQUEST_SUBMITTED && 742 midQ->mid_state != MID_RESPONSE_RECEIVED, 743 (TASK_KILLABLE|TASK_FREEZABLE_UNSAFE)); 744 if (error < 0) 745 return -ERESTARTSYS; 746 747 return 0; 748 } 749 750 struct mid_q_entry * 751 cifs_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst) 752 { 753 int rc; 754 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 755 struct mid_q_entry *mid; 756 757 if (rqst->rq_iov[0].iov_len != 4 || 758 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base) 759 return ERR_PTR(-EIO); 760 761 /* enable signing if server requires it */ 762 if (server->sign) 763 hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE; 764 765 mid = alloc_mid(hdr, server); 766 if (mid == NULL) 767 return ERR_PTR(-ENOMEM); 768 769 rc = cifs_sign_rqst(rqst, server, &mid->sequence_number); 770 if (rc) { 771 release_mid(mid); 772 return ERR_PTR(rc); 773 } 774 775 return mid; 776 } 777 778 /* 779 * Send a SMB request and set the callback function in the mid to handle 780 * the result. Caller is responsible for dealing with timeouts. 781 */ 782 int 783 cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst, 784 mid_receive_t *receive, mid_callback_t *callback, 785 mid_handle_t *handle, void *cbdata, const int flags, 786 const struct cifs_credits *exist_credits) 787 { 788 int rc; 789 struct mid_q_entry *mid; 790 struct cifs_credits credits = { .value = 0, .instance = 0 }; 791 unsigned int instance; 792 int optype; 793 794 optype = flags & CIFS_OP_MASK; 795 796 if ((flags & CIFS_HAS_CREDITS) == 0) { 797 rc = wait_for_free_request(server, flags, &instance); 798 if (rc) 799 return rc; 800 credits.value = 1; 801 credits.instance = instance; 802 } else 803 instance = exist_credits->instance; 804 805 cifs_server_lock(server); 806 807 /* 808 * We can't use credits obtained from the previous session to send this 809 * request. Check if there were reconnects after we obtained credits and 810 * return -EAGAIN in such cases to let callers handle it. 811 */ 812 if (instance != server->reconnect_instance) { 813 cifs_server_unlock(server); 814 add_credits_and_wake_if(server, &credits, optype); 815 return -EAGAIN; 816 } 817 818 mid = server->ops->setup_async_request(server, rqst); 819 if (IS_ERR(mid)) { 820 cifs_server_unlock(server); 821 add_credits_and_wake_if(server, &credits, optype); 822 return PTR_ERR(mid); 823 } 824 825 mid->receive = receive; 826 mid->callback = callback; 827 mid->callback_data = cbdata; 828 mid->handle = handle; 829 mid->mid_state = MID_REQUEST_SUBMITTED; 830 831 /* put it on the pending_mid_q */ 832 spin_lock(&server->mid_lock); 833 list_add_tail(&mid->qhead, &server->pending_mid_q); 834 spin_unlock(&server->mid_lock); 835 836 /* 837 * Need to store the time in mid before calling I/O. For call_async, 838 * I/O response may come back and free the mid entry on another thread. 839 */ 840 cifs_save_when_sent(mid); 841 rc = smb_send_rqst(server, 1, rqst, flags); 842 843 if (rc < 0) { 844 revert_current_mid(server, mid->credits); 845 server->sequence_number -= 2; 846 delete_mid(mid); 847 } 848 849 cifs_server_unlock(server); 850 851 if (rc == 0) 852 return 0; 853 854 add_credits_and_wake_if(server, &credits, optype); 855 return rc; 856 } 857 858 /* 859 * 860 * Send an SMB Request. No response info (other than return code) 861 * needs to be parsed. 862 * 863 * flags indicate the type of request buffer and how long to wait 864 * and whether to log NT STATUS code (error) before mapping it to POSIX error 865 * 866 */ 867 int 868 SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses, 869 char *in_buf, int flags) 870 { 871 int rc; 872 struct kvec iov[1]; 873 struct kvec rsp_iov; 874 int resp_buf_type; 875 876 iov[0].iov_base = in_buf; 877 iov[0].iov_len = get_rfc1002_length(in_buf) + 4; 878 flags |= CIFS_NO_RSP_BUF; 879 rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags, &rsp_iov); 880 cifs_dbg(NOISY, "SendRcvNoRsp flags %d rc %d\n", flags, rc); 881 882 return rc; 883 } 884 885 static int 886 cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) 887 { 888 int rc = 0; 889 890 cifs_dbg(FYI, "%s: cmd=%d mid=%llu state=%d\n", 891 __func__, le16_to_cpu(mid->command), mid->mid, mid->mid_state); 892 893 spin_lock(&server->mid_lock); 894 switch (mid->mid_state) { 895 case MID_RESPONSE_READY: 896 spin_unlock(&server->mid_lock); 897 return rc; 898 case MID_RETRY_NEEDED: 899 rc = -EAGAIN; 900 break; 901 case MID_RESPONSE_MALFORMED: 902 rc = -EIO; 903 break; 904 case MID_SHUTDOWN: 905 rc = -EHOSTDOWN; 906 break; 907 default: 908 if (!(mid->mid_flags & MID_DELETED)) { 909 list_del_init(&mid->qhead); 910 mid->mid_flags |= MID_DELETED; 911 } 912 cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", 913 __func__, mid->mid, mid->mid_state); 914 rc = -EIO; 915 } 916 spin_unlock(&server->mid_lock); 917 918 release_mid(mid); 919 return rc; 920 } 921 922 static inline int 923 send_cancel(struct TCP_Server_Info *server, struct smb_rqst *rqst, 924 struct mid_q_entry *mid) 925 { 926 return server->ops->send_cancel ? 927 server->ops->send_cancel(server, rqst, mid) : 0; 928 } 929 930 int 931 cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server, 932 bool log_error) 933 { 934 unsigned int len = get_rfc1002_length(mid->resp_buf) + 4; 935 936 dump_smb(mid->resp_buf, min_t(u32, 92, len)); 937 938 /* convert the length into a more usable form */ 939 if (server->sign) { 940 struct kvec iov[2]; 941 int rc = 0; 942 struct smb_rqst rqst = { .rq_iov = iov, 943 .rq_nvec = 2 }; 944 945 iov[0].iov_base = mid->resp_buf; 946 iov[0].iov_len = 4; 947 iov[1].iov_base = (char *)mid->resp_buf + 4; 948 iov[1].iov_len = len - 4; 949 /* FIXME: add code to kill session */ 950 rc = cifs_verify_signature(&rqst, server, 951 mid->sequence_number); 952 if (rc) 953 cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n", 954 rc); 955 } 956 957 /* BB special case reconnect tid and uid here? */ 958 return map_and_check_smb_error(mid, log_error); 959 } 960 961 struct mid_q_entry * 962 cifs_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *ignored, 963 struct smb_rqst *rqst) 964 { 965 int rc; 966 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 967 struct mid_q_entry *mid; 968 969 if (rqst->rq_iov[0].iov_len != 4 || 970 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base) 971 return ERR_PTR(-EIO); 972 973 rc = allocate_mid(ses, hdr, &mid); 974 if (rc) 975 return ERR_PTR(rc); 976 rc = cifs_sign_rqst(rqst, ses->server, &mid->sequence_number); 977 if (rc) { 978 delete_mid(mid); 979 return ERR_PTR(rc); 980 } 981 return mid; 982 } 983 984 static void 985 cifs_compound_callback(struct mid_q_entry *mid) 986 { 987 struct TCP_Server_Info *server = mid->server; 988 struct cifs_credits credits; 989 990 credits.value = server->ops->get_credits(mid); 991 credits.instance = server->reconnect_instance; 992 993 add_credits(server, &credits, mid->optype); 994 995 if (mid->mid_state == MID_RESPONSE_RECEIVED) 996 mid->mid_state = MID_RESPONSE_READY; 997 } 998 999 static void 1000 cifs_compound_last_callback(struct mid_q_entry *mid) 1001 { 1002 cifs_compound_callback(mid); 1003 cifs_wake_up_task(mid); 1004 } 1005 1006 static void 1007 cifs_cancelled_callback(struct mid_q_entry *mid) 1008 { 1009 cifs_compound_callback(mid); 1010 release_mid(mid); 1011 } 1012 1013 /* 1014 * Return a channel (master if none) of @ses that can be used to send 1015 * regular requests. 1016 * 1017 * If we are currently binding a new channel (negprot/sess.setup), 1018 * return the new incomplete channel. 1019 */ 1020 struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) 1021 { 1022 uint index = 0; 1023 unsigned int min_in_flight = UINT_MAX, max_in_flight = 0; 1024 struct TCP_Server_Info *server = NULL; 1025 int i; 1026 1027 if (!ses) 1028 return NULL; 1029 1030 spin_lock(&ses->chan_lock); 1031 for (i = 0; i < ses->chan_count; i++) { 1032 server = ses->chans[i].server; 1033 if (!server || server->terminate) 1034 continue; 1035 1036 if (CIFS_CHAN_NEEDS_RECONNECT(ses, i)) 1037 continue; 1038 1039 /* 1040 * strictly speaking, we should pick up req_lock to read 1041 * server->in_flight. But it shouldn't matter much here if we 1042 * race while reading this data. The worst that can happen is 1043 * that we could use a channel that's not least loaded. Avoiding 1044 * taking the lock could help reduce wait time, which is 1045 * important for this function 1046 */ 1047 if (server->in_flight < min_in_flight) { 1048 min_in_flight = server->in_flight; 1049 index = i; 1050 } 1051 if (server->in_flight > max_in_flight) 1052 max_in_flight = server->in_flight; 1053 } 1054 1055 /* if all channels are equally loaded, fall back to round-robin */ 1056 if (min_in_flight == max_in_flight) { 1057 index = (uint)atomic_inc_return(&ses->chan_seq); 1058 index %= ses->chan_count; 1059 } 1060 spin_unlock(&ses->chan_lock); 1061 1062 return ses->chans[index].server; 1063 } 1064 1065 int 1066 compound_send_recv(const unsigned int xid, struct cifs_ses *ses, 1067 struct TCP_Server_Info *server, 1068 const int flags, const int num_rqst, struct smb_rqst *rqst, 1069 int *resp_buf_type, struct kvec *resp_iov) 1070 { 1071 int i, j, optype, rc = 0; 1072 struct mid_q_entry *midQ[MAX_COMPOUND]; 1073 bool cancelled_mid[MAX_COMPOUND] = {false}; 1074 struct cifs_credits credits[MAX_COMPOUND] = { 1075 { .value = 0, .instance = 0 } 1076 }; 1077 unsigned int instance; 1078 char *buf; 1079 1080 optype = flags & CIFS_OP_MASK; 1081 1082 for (i = 0; i < num_rqst; i++) 1083 resp_buf_type[i] = CIFS_NO_BUFFER; /* no response buf yet */ 1084 1085 if (!ses || !ses->server || !server) { 1086 cifs_dbg(VFS, "Null session\n"); 1087 return -EIO; 1088 } 1089 1090 spin_lock(&server->srv_lock); 1091 if (server->tcpStatus == CifsExiting) { 1092 spin_unlock(&server->srv_lock); 1093 return -ENOENT; 1094 } 1095 spin_unlock(&server->srv_lock); 1096 1097 /* 1098 * Wait for all the requests to become available. 1099 * This approach still leaves the possibility to be stuck waiting for 1100 * credits if the server doesn't grant credits to the outstanding 1101 * requests and if the client is completely idle, not generating any 1102 * other requests. 1103 * This can be handled by the eventual session reconnect. 1104 */ 1105 rc = wait_for_compound_request(server, num_rqst, flags, 1106 &instance); 1107 if (rc) 1108 return rc; 1109 1110 for (i = 0; i < num_rqst; i++) { 1111 credits[i].value = 1; 1112 credits[i].instance = instance; 1113 } 1114 1115 /* 1116 * Make sure that we sign in the same order that we send on this socket 1117 * and avoid races inside tcp sendmsg code that could cause corruption 1118 * of smb data. 1119 */ 1120 1121 cifs_server_lock(server); 1122 1123 /* 1124 * All the parts of the compound chain belong obtained credits from the 1125 * same session. We can not use credits obtained from the previous 1126 * session to send this request. Check if there were reconnects after 1127 * we obtained credits and return -EAGAIN in such cases to let callers 1128 * handle it. 1129 */ 1130 if (instance != server->reconnect_instance) { 1131 cifs_server_unlock(server); 1132 for (j = 0; j < num_rqst; j++) 1133 add_credits(server, &credits[j], optype); 1134 return -EAGAIN; 1135 } 1136 1137 for (i = 0; i < num_rqst; i++) { 1138 midQ[i] = server->ops->setup_request(ses, server, &rqst[i]); 1139 if (IS_ERR(midQ[i])) { 1140 revert_current_mid(server, i); 1141 for (j = 0; j < i; j++) 1142 delete_mid(midQ[j]); 1143 cifs_server_unlock(server); 1144 1145 /* Update # of requests on wire to server */ 1146 for (j = 0; j < num_rqst; j++) 1147 add_credits(server, &credits[j], optype); 1148 return PTR_ERR(midQ[i]); 1149 } 1150 1151 midQ[i]->mid_state = MID_REQUEST_SUBMITTED; 1152 midQ[i]->optype = optype; 1153 /* 1154 * Invoke callback for every part of the compound chain 1155 * to calculate credits properly. Wake up this thread only when 1156 * the last element is received. 1157 */ 1158 if (i < num_rqst - 1) 1159 midQ[i]->callback = cifs_compound_callback; 1160 else 1161 midQ[i]->callback = cifs_compound_last_callback; 1162 } 1163 rc = smb_send_rqst(server, num_rqst, rqst, flags); 1164 1165 for (i = 0; i < num_rqst; i++) 1166 cifs_save_when_sent(midQ[i]); 1167 1168 if (rc < 0) { 1169 revert_current_mid(server, num_rqst); 1170 server->sequence_number -= 2; 1171 } 1172 1173 cifs_server_unlock(server); 1174 1175 /* 1176 * If sending failed for some reason or it is an oplock break that we 1177 * will not receive a response to - return credits back 1178 */ 1179 if (rc < 0 || (flags & CIFS_NO_SRV_RSP)) { 1180 for (i = 0; i < num_rqst; i++) 1181 add_credits(server, &credits[i], optype); 1182 goto out; 1183 } 1184 1185 /* 1186 * At this point the request is passed to the network stack - we assume 1187 * that any credits taken from the server structure on the client have 1188 * been spent and we can't return them back. Once we receive responses 1189 * we will collect credits granted by the server in the mid callbacks 1190 * and add those credits to the server structure. 1191 */ 1192 1193 /* 1194 * Compounding is never used during session establish. 1195 */ 1196 spin_lock(&ses->ses_lock); 1197 if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) { 1198 spin_unlock(&ses->ses_lock); 1199 1200 cifs_server_lock(server); 1201 smb311_update_preauth_hash(ses, server, rqst[0].rq_iov, rqst[0].rq_nvec); 1202 cifs_server_unlock(server); 1203 1204 spin_lock(&ses->ses_lock); 1205 } 1206 spin_unlock(&ses->ses_lock); 1207 1208 for (i = 0; i < num_rqst; i++) { 1209 rc = wait_for_response(server, midQ[i]); 1210 if (rc != 0) 1211 break; 1212 } 1213 if (rc != 0) { 1214 for (; i < num_rqst; i++) { 1215 cifs_server_dbg(FYI, "Cancelling wait for mid %llu cmd: %d\n", 1216 midQ[i]->mid, le16_to_cpu(midQ[i]->command)); 1217 send_cancel(server, &rqst[i], midQ[i]); 1218 spin_lock(&server->mid_lock); 1219 midQ[i]->mid_flags |= MID_WAIT_CANCELLED; 1220 if (midQ[i]->mid_state == MID_REQUEST_SUBMITTED || 1221 midQ[i]->mid_state == MID_RESPONSE_RECEIVED) { 1222 midQ[i]->callback = cifs_cancelled_callback; 1223 cancelled_mid[i] = true; 1224 credits[i].value = 0; 1225 } 1226 spin_unlock(&server->mid_lock); 1227 } 1228 } 1229 1230 for (i = 0; i < num_rqst; i++) { 1231 if (rc < 0) 1232 goto out; 1233 1234 rc = cifs_sync_mid_result(midQ[i], server); 1235 if (rc != 0) { 1236 /* mark this mid as cancelled to not free it below */ 1237 cancelled_mid[i] = true; 1238 goto out; 1239 } 1240 1241 if (!midQ[i]->resp_buf || 1242 midQ[i]->mid_state != MID_RESPONSE_READY) { 1243 rc = -EIO; 1244 cifs_dbg(FYI, "Bad MID state?\n"); 1245 goto out; 1246 } 1247 1248 buf = (char *)midQ[i]->resp_buf; 1249 resp_iov[i].iov_base = buf; 1250 resp_iov[i].iov_len = midQ[i]->resp_buf_size + 1251 HEADER_PREAMBLE_SIZE(server); 1252 1253 if (midQ[i]->large_buf) 1254 resp_buf_type[i] = CIFS_LARGE_BUFFER; 1255 else 1256 resp_buf_type[i] = CIFS_SMALL_BUFFER; 1257 1258 rc = server->ops->check_receive(midQ[i], server, 1259 flags & CIFS_LOG_ERROR); 1260 1261 /* mark it so buf will not be freed by delete_mid */ 1262 if ((flags & CIFS_NO_RSP_BUF) == 0) 1263 midQ[i]->resp_buf = NULL; 1264 1265 } 1266 1267 /* 1268 * Compounding is never used during session establish. 1269 */ 1270 spin_lock(&ses->ses_lock); 1271 if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) { 1272 struct kvec iov = { 1273 .iov_base = resp_iov[0].iov_base, 1274 .iov_len = resp_iov[0].iov_len 1275 }; 1276 spin_unlock(&ses->ses_lock); 1277 cifs_server_lock(server); 1278 smb311_update_preauth_hash(ses, server, &iov, 1); 1279 cifs_server_unlock(server); 1280 spin_lock(&ses->ses_lock); 1281 } 1282 spin_unlock(&ses->ses_lock); 1283 1284 out: 1285 /* 1286 * This will dequeue all mids. After this it is important that the 1287 * demultiplex_thread will not process any of these mids any futher. 1288 * This is prevented above by using a noop callback that will not 1289 * wake this thread except for the very last PDU. 1290 */ 1291 for (i = 0; i < num_rqst; i++) { 1292 if (!cancelled_mid[i]) 1293 delete_mid(midQ[i]); 1294 } 1295 1296 return rc; 1297 } 1298 1299 int 1300 cifs_send_recv(const unsigned int xid, struct cifs_ses *ses, 1301 struct TCP_Server_Info *server, 1302 struct smb_rqst *rqst, int *resp_buf_type, const int flags, 1303 struct kvec *resp_iov) 1304 { 1305 return compound_send_recv(xid, ses, server, flags, 1, 1306 rqst, resp_buf_type, resp_iov); 1307 } 1308 1309 int 1310 SendReceive2(const unsigned int xid, struct cifs_ses *ses, 1311 struct kvec *iov, int n_vec, int *resp_buf_type /* ret */, 1312 const int flags, struct kvec *resp_iov) 1313 { 1314 struct smb_rqst rqst; 1315 struct kvec s_iov[CIFS_MAX_IOV_SIZE], *new_iov; 1316 int rc; 1317 1318 if (n_vec + 1 > CIFS_MAX_IOV_SIZE) { 1319 new_iov = kmalloc_array(n_vec + 1, sizeof(struct kvec), 1320 GFP_KERNEL); 1321 if (!new_iov) { 1322 /* otherwise cifs_send_recv below sets resp_buf_type */ 1323 *resp_buf_type = CIFS_NO_BUFFER; 1324 return -ENOMEM; 1325 } 1326 } else 1327 new_iov = s_iov; 1328 1329 /* 1st iov is a RFC1001 length followed by the rest of the packet */ 1330 memcpy(new_iov + 1, iov, (sizeof(struct kvec) * n_vec)); 1331 1332 new_iov[0].iov_base = new_iov[1].iov_base; 1333 new_iov[0].iov_len = 4; 1334 new_iov[1].iov_base += 4; 1335 new_iov[1].iov_len -= 4; 1336 1337 memset(&rqst, 0, sizeof(struct smb_rqst)); 1338 rqst.rq_iov = new_iov; 1339 rqst.rq_nvec = n_vec + 1; 1340 1341 rc = cifs_send_recv(xid, ses, ses->server, 1342 &rqst, resp_buf_type, flags, resp_iov); 1343 if (n_vec + 1 > CIFS_MAX_IOV_SIZE) 1344 kfree(new_iov); 1345 return rc; 1346 } 1347 1348 int 1349 SendReceive(const unsigned int xid, struct cifs_ses *ses, 1350 struct smb_hdr *in_buf, struct smb_hdr *out_buf, 1351 int *pbytes_returned, const int flags) 1352 { 1353 int rc = 0; 1354 struct mid_q_entry *midQ; 1355 unsigned int len = be32_to_cpu(in_buf->smb_buf_length); 1356 struct kvec iov = { .iov_base = in_buf, .iov_len = len }; 1357 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 }; 1358 struct cifs_credits credits = { .value = 1, .instance = 0 }; 1359 struct TCP_Server_Info *server; 1360 1361 if (ses == NULL) { 1362 cifs_dbg(VFS, "Null smb session\n"); 1363 return -EIO; 1364 } 1365 server = ses->server; 1366 if (server == NULL) { 1367 cifs_dbg(VFS, "Null tcp session\n"); 1368 return -EIO; 1369 } 1370 1371 spin_lock(&server->srv_lock); 1372 if (server->tcpStatus == CifsExiting) { 1373 spin_unlock(&server->srv_lock); 1374 return -ENOENT; 1375 } 1376 spin_unlock(&server->srv_lock); 1377 1378 /* Ensure that we do not send more than 50 overlapping requests 1379 to the same server. We may make this configurable later or 1380 use ses->maxReq */ 1381 1382 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { 1383 cifs_server_dbg(VFS, "Invalid length, greater than maximum frame, %d\n", 1384 len); 1385 return -EIO; 1386 } 1387 1388 rc = wait_for_free_request(server, flags, &credits.instance); 1389 if (rc) 1390 return rc; 1391 1392 /* make sure that we sign in the same order that we send on this socket 1393 and avoid races inside tcp sendmsg code that could cause corruption 1394 of smb data */ 1395 1396 cifs_server_lock(server); 1397 1398 rc = allocate_mid(ses, in_buf, &midQ); 1399 if (rc) { 1400 cifs_server_unlock(server); 1401 /* Update # of requests on wire to server */ 1402 add_credits(server, &credits, 0); 1403 return rc; 1404 } 1405 1406 rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number); 1407 if (rc) { 1408 cifs_server_unlock(server); 1409 goto out; 1410 } 1411 1412 midQ->mid_state = MID_REQUEST_SUBMITTED; 1413 1414 rc = smb_send(server, in_buf, len); 1415 cifs_save_when_sent(midQ); 1416 1417 if (rc < 0) 1418 server->sequence_number -= 2; 1419 1420 cifs_server_unlock(server); 1421 1422 if (rc < 0) 1423 goto out; 1424 1425 rc = wait_for_response(server, midQ); 1426 if (rc != 0) { 1427 send_cancel(server, &rqst, midQ); 1428 spin_lock(&server->mid_lock); 1429 if (midQ->mid_state == MID_REQUEST_SUBMITTED || 1430 midQ->mid_state == MID_RESPONSE_RECEIVED) { 1431 /* no longer considered to be "in-flight" */ 1432 midQ->callback = release_mid; 1433 spin_unlock(&server->mid_lock); 1434 add_credits(server, &credits, 0); 1435 return rc; 1436 } 1437 spin_unlock(&server->mid_lock); 1438 } 1439 1440 rc = cifs_sync_mid_result(midQ, server); 1441 if (rc != 0) { 1442 add_credits(server, &credits, 0); 1443 return rc; 1444 } 1445 1446 if (!midQ->resp_buf || !out_buf || 1447 midQ->mid_state != MID_RESPONSE_READY) { 1448 rc = -EIO; 1449 cifs_server_dbg(VFS, "Bad MID state?\n"); 1450 goto out; 1451 } 1452 1453 *pbytes_returned = get_rfc1002_length(midQ->resp_buf); 1454 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4); 1455 rc = cifs_check_receive(midQ, server, 0); 1456 out: 1457 delete_mid(midQ); 1458 add_credits(server, &credits, 0); 1459 1460 return rc; 1461 } 1462 1463 /* We send a LOCKINGX_CANCEL_LOCK to cause the Windows 1464 blocking lock to return. */ 1465 1466 static int 1467 send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon, 1468 struct smb_hdr *in_buf, 1469 struct smb_hdr *out_buf) 1470 { 1471 int bytes_returned; 1472 struct cifs_ses *ses = tcon->ses; 1473 LOCK_REQ *pSMB = (LOCK_REQ *)in_buf; 1474 1475 /* We just modify the current in_buf to change 1476 the type of lock from LOCKING_ANDX_SHARED_LOCK 1477 or LOCKING_ANDX_EXCLUSIVE_LOCK to 1478 LOCKING_ANDX_CANCEL_LOCK. */ 1479 1480 pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES; 1481 pSMB->Timeout = 0; 1482 pSMB->hdr.Mid = get_next_mid(ses->server); 1483 1484 return SendReceive(xid, ses, in_buf, out_buf, 1485 &bytes_returned, 0); 1486 } 1487 1488 int 1489 SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon, 1490 struct smb_hdr *in_buf, struct smb_hdr *out_buf, 1491 int *pbytes_returned) 1492 { 1493 int rc = 0; 1494 int rstart = 0; 1495 struct mid_q_entry *midQ; 1496 struct cifs_ses *ses; 1497 unsigned int len = be32_to_cpu(in_buf->smb_buf_length); 1498 struct kvec iov = { .iov_base = in_buf, .iov_len = len }; 1499 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 }; 1500 unsigned int instance; 1501 struct TCP_Server_Info *server; 1502 1503 if (tcon == NULL || tcon->ses == NULL) { 1504 cifs_dbg(VFS, "Null smb session\n"); 1505 return -EIO; 1506 } 1507 ses = tcon->ses; 1508 server = ses->server; 1509 1510 if (server == NULL) { 1511 cifs_dbg(VFS, "Null tcp session\n"); 1512 return -EIO; 1513 } 1514 1515 spin_lock(&server->srv_lock); 1516 if (server->tcpStatus == CifsExiting) { 1517 spin_unlock(&server->srv_lock); 1518 return -ENOENT; 1519 } 1520 spin_unlock(&server->srv_lock); 1521 1522 /* Ensure that we do not send more than 50 overlapping requests 1523 to the same server. We may make this configurable later or 1524 use ses->maxReq */ 1525 1526 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { 1527 cifs_tcon_dbg(VFS, "Invalid length, greater than maximum frame, %d\n", 1528 len); 1529 return -EIO; 1530 } 1531 1532 rc = wait_for_free_request(server, CIFS_BLOCKING_OP, &instance); 1533 if (rc) 1534 return rc; 1535 1536 /* make sure that we sign in the same order that we send on this socket 1537 and avoid races inside tcp sendmsg code that could cause corruption 1538 of smb data */ 1539 1540 cifs_server_lock(server); 1541 1542 rc = allocate_mid(ses, in_buf, &midQ); 1543 if (rc) { 1544 cifs_server_unlock(server); 1545 return rc; 1546 } 1547 1548 rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number); 1549 if (rc) { 1550 delete_mid(midQ); 1551 cifs_server_unlock(server); 1552 return rc; 1553 } 1554 1555 midQ->mid_state = MID_REQUEST_SUBMITTED; 1556 rc = smb_send(server, in_buf, len); 1557 cifs_save_when_sent(midQ); 1558 1559 if (rc < 0) 1560 server->sequence_number -= 2; 1561 1562 cifs_server_unlock(server); 1563 1564 if (rc < 0) { 1565 delete_mid(midQ); 1566 return rc; 1567 } 1568 1569 /* Wait for a reply - allow signals to interrupt. */ 1570 rc = wait_event_interruptible(server->response_q, 1571 (!(midQ->mid_state == MID_REQUEST_SUBMITTED || 1572 midQ->mid_state == MID_RESPONSE_RECEIVED)) || 1573 ((server->tcpStatus != CifsGood) && 1574 (server->tcpStatus != CifsNew))); 1575 1576 /* Were we interrupted by a signal ? */ 1577 spin_lock(&server->srv_lock); 1578 if ((rc == -ERESTARTSYS) && 1579 (midQ->mid_state == MID_REQUEST_SUBMITTED || 1580 midQ->mid_state == MID_RESPONSE_RECEIVED) && 1581 ((server->tcpStatus == CifsGood) || 1582 (server->tcpStatus == CifsNew))) { 1583 spin_unlock(&server->srv_lock); 1584 1585 if (in_buf->Command == SMB_COM_TRANSACTION2) { 1586 /* POSIX lock. We send a NT_CANCEL SMB to cause the 1587 blocking lock to return. */ 1588 rc = send_cancel(server, &rqst, midQ); 1589 if (rc) { 1590 delete_mid(midQ); 1591 return rc; 1592 } 1593 } else { 1594 /* Windows lock. We send a LOCKINGX_CANCEL_LOCK 1595 to cause the blocking lock to return. */ 1596 1597 rc = send_lock_cancel(xid, tcon, in_buf, out_buf); 1598 1599 /* If we get -ENOLCK back the lock may have 1600 already been removed. Don't exit in this case. */ 1601 if (rc && rc != -ENOLCK) { 1602 delete_mid(midQ); 1603 return rc; 1604 } 1605 } 1606 1607 rc = wait_for_response(server, midQ); 1608 if (rc) { 1609 send_cancel(server, &rqst, midQ); 1610 spin_lock(&server->mid_lock); 1611 if (midQ->mid_state == MID_REQUEST_SUBMITTED || 1612 midQ->mid_state == MID_RESPONSE_RECEIVED) { 1613 /* no longer considered to be "in-flight" */ 1614 midQ->callback = release_mid; 1615 spin_unlock(&server->mid_lock); 1616 return rc; 1617 } 1618 spin_unlock(&server->mid_lock); 1619 } 1620 1621 /* We got the response - restart system call. */ 1622 rstart = 1; 1623 spin_lock(&server->srv_lock); 1624 } 1625 spin_unlock(&server->srv_lock); 1626 1627 rc = cifs_sync_mid_result(midQ, server); 1628 if (rc != 0) 1629 return rc; 1630 1631 /* rcvd frame is ok */ 1632 if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_READY) { 1633 rc = -EIO; 1634 cifs_tcon_dbg(VFS, "Bad MID state?\n"); 1635 goto out; 1636 } 1637 1638 *pbytes_returned = get_rfc1002_length(midQ->resp_buf); 1639 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4); 1640 rc = cifs_check_receive(midQ, server, 0); 1641 out: 1642 delete_mid(midQ); 1643 if (rstart && rc == -EACCES) 1644 return -ERESTARTSYS; 1645 return rc; 1646 } 1647 1648 /* 1649 * Discard any remaining data in the current SMB. To do this, we borrow the 1650 * current bigbuf. 1651 */ 1652 int 1653 cifs_discard_remaining_data(struct TCP_Server_Info *server) 1654 { 1655 unsigned int rfclen = server->pdu_size; 1656 size_t remaining = rfclen + HEADER_PREAMBLE_SIZE(server) - 1657 server->total_read; 1658 1659 while (remaining > 0) { 1660 ssize_t length; 1661 1662 length = cifs_discard_from_socket(server, 1663 min_t(size_t, remaining, 1664 CIFSMaxBufSize + MAX_HEADER_SIZE(server))); 1665 if (length < 0) 1666 return length; 1667 server->total_read += length; 1668 remaining -= length; 1669 } 1670 1671 return 0; 1672 } 1673 1674 static int 1675 __cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid, 1676 bool malformed) 1677 { 1678 int length; 1679 1680 length = cifs_discard_remaining_data(server); 1681 dequeue_mid(mid, malformed); 1682 mid->resp_buf = server->smallbuf; 1683 server->smallbuf = NULL; 1684 return length; 1685 } 1686 1687 static int 1688 cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid) 1689 { 1690 struct cifs_readdata *rdata = mid->callback_data; 1691 1692 return __cifs_readv_discard(server, mid, rdata->result); 1693 } 1694 1695 int 1696 cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid) 1697 { 1698 int length, len; 1699 unsigned int data_offset, data_len; 1700 struct cifs_readdata *rdata = mid->callback_data; 1701 char *buf = server->smallbuf; 1702 unsigned int buflen = server->pdu_size + HEADER_PREAMBLE_SIZE(server); 1703 bool use_rdma_mr = false; 1704 1705 cifs_dbg(FYI, "%s: mid=%llu offset=%llu bytes=%u\n", 1706 __func__, mid->mid, rdata->offset, rdata->bytes); 1707 1708 /* 1709 * read the rest of READ_RSP header (sans Data array), or whatever we 1710 * can if there's not enough data. At this point, we've read down to 1711 * the Mid. 1712 */ 1713 len = min_t(unsigned int, buflen, server->vals->read_rsp_size) - 1714 HEADER_SIZE(server) + 1; 1715 1716 length = cifs_read_from_socket(server, 1717 buf + HEADER_SIZE(server) - 1, len); 1718 if (length < 0) 1719 return length; 1720 server->total_read += length; 1721 1722 if (server->ops->is_session_expired && 1723 server->ops->is_session_expired(buf)) { 1724 cifs_reconnect(server, true); 1725 return -1; 1726 } 1727 1728 if (server->ops->is_status_pending && 1729 server->ops->is_status_pending(buf, server)) { 1730 cifs_discard_remaining_data(server); 1731 return -1; 1732 } 1733 1734 /* set up first two iov for signature check and to get credits */ 1735 rdata->iov[0].iov_base = buf; 1736 rdata->iov[0].iov_len = HEADER_PREAMBLE_SIZE(server); 1737 rdata->iov[1].iov_base = buf + HEADER_PREAMBLE_SIZE(server); 1738 rdata->iov[1].iov_len = 1739 server->total_read - HEADER_PREAMBLE_SIZE(server); 1740 cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu\n", 1741 rdata->iov[0].iov_base, rdata->iov[0].iov_len); 1742 cifs_dbg(FYI, "1: iov_base=%p iov_len=%zu\n", 1743 rdata->iov[1].iov_base, rdata->iov[1].iov_len); 1744 1745 /* Was the SMB read successful? */ 1746 rdata->result = server->ops->map_error(buf, false); 1747 if (rdata->result != 0) { 1748 cifs_dbg(FYI, "%s: server returned error %d\n", 1749 __func__, rdata->result); 1750 /* normal error on read response */ 1751 return __cifs_readv_discard(server, mid, false); 1752 } 1753 1754 /* Is there enough to get to the rest of the READ_RSP header? */ 1755 if (server->total_read < server->vals->read_rsp_size) { 1756 cifs_dbg(FYI, "%s: server returned short header. got=%u expected=%zu\n", 1757 __func__, server->total_read, 1758 server->vals->read_rsp_size); 1759 rdata->result = -EIO; 1760 return cifs_readv_discard(server, mid); 1761 } 1762 1763 data_offset = server->ops->read_data_offset(buf) + 1764 HEADER_PREAMBLE_SIZE(server); 1765 if (data_offset < server->total_read) { 1766 /* 1767 * win2k8 sometimes sends an offset of 0 when the read 1768 * is beyond the EOF. Treat it as if the data starts just after 1769 * the header. 1770 */ 1771 cifs_dbg(FYI, "%s: data offset (%u) inside read response header\n", 1772 __func__, data_offset); 1773 data_offset = server->total_read; 1774 } else if (data_offset > MAX_CIFS_SMALL_BUFFER_SIZE) { 1775 /* data_offset is beyond the end of smallbuf */ 1776 cifs_dbg(FYI, "%s: data offset (%u) beyond end of smallbuf\n", 1777 __func__, data_offset); 1778 rdata->result = -EIO; 1779 return cifs_readv_discard(server, mid); 1780 } 1781 1782 cifs_dbg(FYI, "%s: total_read=%u data_offset=%u\n", 1783 __func__, server->total_read, data_offset); 1784 1785 len = data_offset - server->total_read; 1786 if (len > 0) { 1787 /* read any junk before data into the rest of smallbuf */ 1788 length = cifs_read_from_socket(server, 1789 buf + server->total_read, len); 1790 if (length < 0) 1791 return length; 1792 server->total_read += length; 1793 } 1794 1795 /* how much data is in the response? */ 1796 #ifdef CONFIG_CIFS_SMB_DIRECT 1797 use_rdma_mr = rdata->mr; 1798 #endif 1799 data_len = server->ops->read_data_length(buf, use_rdma_mr); 1800 if (!use_rdma_mr && (data_offset + data_len > buflen)) { 1801 /* data_len is corrupt -- discard frame */ 1802 rdata->result = -EIO; 1803 return cifs_readv_discard(server, mid); 1804 } 1805 1806 #ifdef CONFIG_CIFS_SMB_DIRECT 1807 if (rdata->mr) 1808 length = data_len; /* An RDMA read is already done. */ 1809 else 1810 #endif 1811 length = cifs_read_iter_from_socket(server, &rdata->iter, 1812 data_len); 1813 if (length > 0) 1814 rdata->got_bytes += length; 1815 server->total_read += length; 1816 1817 cifs_dbg(FYI, "total_read=%u buflen=%u remaining=%u\n", 1818 server->total_read, buflen, data_len); 1819 1820 /* discard anything left over */ 1821 if (server->total_read < buflen) 1822 return cifs_readv_discard(server, mid); 1823 1824 dequeue_mid(mid, false); 1825 mid->resp_buf = server->smallbuf; 1826 server->smallbuf = NULL; 1827 return length; 1828 } 1829