1 // SPDX-License-Identifier: LGPL-2.1
2 /*
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 * Jeremy Allison (jra@samba.org) 2006.
7 *
8 */
9
10 #include <linux/fs.h>
11 #include <linux/list.h>
12 #include <linux/gfp.h>
13 #include <linux/wait.h>
14 #include <linux/net.h>
15 #include <linux/delay.h>
16 #include <linux/freezer.h>
17 #include <linux/tcp.h>
18 #include <linux/bvec.h>
19 #include <linux/highmem.h>
20 #include <linux/uaccess.h>
21 #include <linux/processor.h>
22 #include <linux/mempool.h>
23 #include <linux/sched/signal.h>
24 #include <linux/task_io_accounting_ops.h>
25 #include "cifspdu.h"
26 #include "cifsglob.h"
27 #include "cifsproto.h"
28 #include "cifs_debug.h"
29 #include "smb2proto.h"
30 #include "smbdirect.h"
31
32 /* Max number of iovectors we can use off the stack when sending requests. */
33 #define CIFS_MAX_IOV_SIZE 8
34
35 void
cifs_wake_up_task(struct mid_q_entry * mid)36 cifs_wake_up_task(struct mid_q_entry *mid)
37 {
38 if (mid->mid_state == MID_RESPONSE_RECEIVED)
39 mid->mid_state = MID_RESPONSE_READY;
40 wake_up_process(mid->callback_data);
41 }
42
43 static struct mid_q_entry *
alloc_mid(const struct smb_hdr * smb_buffer,struct TCP_Server_Info * server)44 alloc_mid(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server)
45 {
46 struct mid_q_entry *temp;
47
48 if (server == NULL) {
49 cifs_dbg(VFS, "%s: null TCP session\n", __func__);
50 return NULL;
51 }
52
53 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
54 memset(temp, 0, sizeof(struct mid_q_entry));
55 kref_init(&temp->refcount);
56 temp->mid = get_mid(smb_buffer);
57 temp->pid = current->pid;
58 temp->command = cpu_to_le16(smb_buffer->Command);
59 cifs_dbg(FYI, "For smb_command %d\n", smb_buffer->Command);
60 /* easier to use jiffies */
61 /* when mid allocated can be before when sent */
62 temp->when_alloc = jiffies;
63 temp->server = server;
64
65 /*
66 * The default is for the mid to be synchronous, so the
67 * default callback just wakes up the current task.
68 */
69 get_task_struct(current);
70 temp->creator = current;
71 temp->callback = cifs_wake_up_task;
72 temp->callback_data = current;
73
74 atomic_inc(&mid_count);
75 temp->mid_state = MID_REQUEST_ALLOCATED;
76 return temp;
77 }
78
__release_mid(struct kref * refcount)79 static void __release_mid(struct kref *refcount)
80 {
81 struct mid_q_entry *midEntry =
82 container_of(refcount, struct mid_q_entry, refcount);
83 #ifdef CONFIG_CIFS_STATS2
84 __le16 command = midEntry->server->vals->lock_cmd;
85 __u16 smb_cmd = le16_to_cpu(midEntry->command);
86 unsigned long now;
87 unsigned long roundtrip_time;
88 #endif
89 struct TCP_Server_Info *server = midEntry->server;
90
91 if (midEntry->resp_buf && (midEntry->mid_flags & MID_WAIT_CANCELLED) &&
92 (midEntry->mid_state == MID_RESPONSE_RECEIVED ||
93 midEntry->mid_state == MID_RESPONSE_READY) &&
94 server->ops->handle_cancelled_mid)
95 server->ops->handle_cancelled_mid(midEntry, server);
96
97 midEntry->mid_state = MID_FREE;
98 atomic_dec(&mid_count);
99 if (midEntry->large_buf)
100 cifs_buf_release(midEntry->resp_buf);
101 else
102 cifs_small_buf_release(midEntry->resp_buf);
103 #ifdef CONFIG_CIFS_STATS2
104 now = jiffies;
105 if (now < midEntry->when_alloc)
106 cifs_server_dbg(VFS, "Invalid mid allocation time\n");
107 roundtrip_time = now - midEntry->when_alloc;
108
109 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) {
110 if (atomic_read(&server->num_cmds[smb_cmd]) == 0) {
111 server->slowest_cmd[smb_cmd] = roundtrip_time;
112 server->fastest_cmd[smb_cmd] = roundtrip_time;
113 } else {
114 if (server->slowest_cmd[smb_cmd] < roundtrip_time)
115 server->slowest_cmd[smb_cmd] = roundtrip_time;
116 else if (server->fastest_cmd[smb_cmd] > roundtrip_time)
117 server->fastest_cmd[smb_cmd] = roundtrip_time;
118 }
119 cifs_stats_inc(&server->num_cmds[smb_cmd]);
120 server->time_per_cmd[smb_cmd] += roundtrip_time;
121 }
122 /*
123 * commands taking longer than one second (default) can be indications
124 * that something is wrong, unless it is quite a slow link or a very
125 * busy server. Note that this calc is unlikely or impossible to wrap
126 * as long as slow_rsp_threshold is not set way above recommended max
127 * value (32767 ie 9 hours) and is generally harmless even if wrong
128 * since only affects debug counters - so leaving the calc as simple
129 * comparison rather than doing multiple conversions and overflow
130 * checks
131 */
132 if ((slow_rsp_threshold != 0) &&
133 time_after(now, midEntry->when_alloc + (slow_rsp_threshold * HZ)) &&
134 (midEntry->command != command)) {
135 /*
136 * smb2slowcmd[NUMBER_OF_SMB2_COMMANDS] counts by command
137 * NB: le16_to_cpu returns unsigned so can not be negative below
138 */
139 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS)
140 cifs_stats_inc(&server->smb2slowcmd[smb_cmd]);
141
142 trace_smb3_slow_rsp(smb_cmd, midEntry->mid, midEntry->pid,
143 midEntry->when_sent, midEntry->when_received);
144 if (cifsFYI & CIFS_TIMER) {
145 pr_debug("slow rsp: cmd %d mid %llu",
146 midEntry->command, midEntry->mid);
147 cifs_info("A: 0x%lx S: 0x%lx R: 0x%lx\n",
148 now - midEntry->when_alloc,
149 now - midEntry->when_sent,
150 now - midEntry->when_received);
151 }
152 }
153 #endif
154 put_task_struct(midEntry->creator);
155
156 mempool_free(midEntry, cifs_mid_poolp);
157 }
158
release_mid(struct mid_q_entry * mid)159 void release_mid(struct mid_q_entry *mid)
160 {
161 struct TCP_Server_Info *server = mid->server;
162
163 spin_lock(&server->mid_lock);
164 kref_put(&mid->refcount, __release_mid);
165 spin_unlock(&server->mid_lock);
166 }
167
168 void
delete_mid(struct mid_q_entry * mid)169 delete_mid(struct mid_q_entry *mid)
170 {
171 spin_lock(&mid->server->mid_lock);
172 if (!(mid->mid_flags & MID_DELETED)) {
173 list_del_init(&mid->qhead);
174 mid->mid_flags |= MID_DELETED;
175 }
176 spin_unlock(&mid->server->mid_lock);
177
178 release_mid(mid);
179 }
180
181 /*
182 * smb_send_kvec - send an array of kvecs to the server
183 * @server: Server to send the data to
184 * @smb_msg: Message to send
185 * @sent: amount of data sent on socket is stored here
186 *
187 * Our basic "send data to server" function. Should be called with srv_mutex
188 * held. The caller is responsible for handling the results.
189 */
190 static int
smb_send_kvec(struct TCP_Server_Info * server,struct msghdr * smb_msg,size_t * sent)191 smb_send_kvec(struct TCP_Server_Info *server, struct msghdr *smb_msg,
192 size_t *sent)
193 {
194 int rc = 0;
195 int retries = 0;
196 struct socket *ssocket = server->ssocket;
197
198 *sent = 0;
199
200 if (server->noblocksnd)
201 smb_msg->msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL;
202 else
203 smb_msg->msg_flags = MSG_NOSIGNAL;
204
205 while (msg_data_left(smb_msg)) {
206 /*
207 * If blocking send, we try 3 times, since each can block
208 * for 5 seconds. For nonblocking we have to try more
209 * but wait increasing amounts of time allowing time for
210 * socket to clear. The overall time we wait in either
211 * case to send on the socket is about 15 seconds.
212 * Similarly we wait for 15 seconds for a response from
213 * the server in SendReceive[2] for the server to send
214 * a response back for most types of requests (except
215 * SMB Write past end of file which can be slow, and
216 * blocking lock operations). NFS waits slightly longer
217 * than CIFS, but this can make it take longer for
218 * nonresponsive servers to be detected and 15 seconds
219 * is more than enough time for modern networks to
220 * send a packet. In most cases if we fail to send
221 * after the retries we will kill the socket and
222 * reconnect which may clear the network problem.
223 */
224 rc = sock_sendmsg(ssocket, smb_msg);
225 if (rc == -EAGAIN) {
226 retries++;
227 if (retries >= 14 ||
228 (!server->noblocksnd && (retries > 2))) {
229 cifs_server_dbg(VFS, "sends on sock %p stuck for 15 seconds\n",
230 ssocket);
231 return -EAGAIN;
232 }
233 msleep(1 << retries);
234 continue;
235 }
236
237 if (rc < 0)
238 return rc;
239
240 if (rc == 0) {
241 /* should never happen, letting socket clear before
242 retrying is our only obvious option here */
243 cifs_server_dbg(VFS, "tcp sent no data\n");
244 msleep(500);
245 continue;
246 }
247
248 /* send was at least partially successful */
249 *sent += rc;
250 retries = 0; /* in case we get ENOSPC on the next send */
251 }
252 return 0;
253 }
254
255 unsigned long
smb_rqst_len(struct TCP_Server_Info * server,struct smb_rqst * rqst)256 smb_rqst_len(struct TCP_Server_Info *server, struct smb_rqst *rqst)
257 {
258 unsigned int i;
259 struct kvec *iov;
260 int nvec;
261 unsigned long buflen = 0;
262
263 if (!is_smb1(server) && rqst->rq_nvec >= 2 &&
264 rqst->rq_iov[0].iov_len == 4) {
265 iov = &rqst->rq_iov[1];
266 nvec = rqst->rq_nvec - 1;
267 } else {
268 iov = rqst->rq_iov;
269 nvec = rqst->rq_nvec;
270 }
271
272 /* total up iov array first */
273 for (i = 0; i < nvec; i++)
274 buflen += iov[i].iov_len;
275
276 buflen += iov_iter_count(&rqst->rq_iter);
277 return buflen;
278 }
279
280 static int
__smb_send_rqst(struct TCP_Server_Info * server,int num_rqst,struct smb_rqst * rqst)281 __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
282 struct smb_rqst *rqst)
283 {
284 int rc;
285 struct kvec *iov;
286 int n_vec;
287 unsigned int send_length = 0;
288 unsigned int i, j;
289 sigset_t mask, oldmask;
290 size_t total_len = 0, sent, size;
291 struct socket *ssocket = server->ssocket;
292 struct msghdr smb_msg = {};
293 __be32 rfc1002_marker;
294
295 cifs_in_send_inc(server);
296 if (cifs_rdma_enabled(server)) {
297 /* return -EAGAIN when connecting or reconnecting */
298 rc = -EAGAIN;
299 if (server->smbd_conn)
300 rc = smbd_send(server, num_rqst, rqst);
301 goto smbd_done;
302 }
303
304 rc = -EAGAIN;
305 if (ssocket == NULL)
306 goto out;
307
308 rc = -ERESTARTSYS;
309 if (fatal_signal_pending(current)) {
310 cifs_dbg(FYI, "signal pending before send request\n");
311 goto out;
312 }
313
314 rc = 0;
315 /* cork the socket */
316 tcp_sock_set_cork(ssocket->sk, true);
317
318 for (j = 0; j < num_rqst; j++)
319 send_length += smb_rqst_len(server, &rqst[j]);
320 rfc1002_marker = cpu_to_be32(send_length);
321
322 /*
323 * We should not allow signals to interrupt the network send because
324 * any partial send will cause session reconnects thus increasing
325 * latency of system calls and overload a server with unnecessary
326 * requests.
327 */
328
329 sigfillset(&mask);
330 sigprocmask(SIG_BLOCK, &mask, &oldmask);
331
332 /* Generate a rfc1002 marker for SMB2+ */
333 if (!is_smb1(server)) {
334 struct kvec hiov = {
335 .iov_base = &rfc1002_marker,
336 .iov_len = 4
337 };
338 iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, &hiov, 1, 4);
339 rc = smb_send_kvec(server, &smb_msg, &sent);
340 if (rc < 0)
341 goto unmask;
342
343 total_len += sent;
344 send_length += 4;
345 }
346
347 cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length);
348
349 for (j = 0; j < num_rqst; j++) {
350 iov = rqst[j].rq_iov;
351 n_vec = rqst[j].rq_nvec;
352
353 size = 0;
354 for (i = 0; i < n_vec; i++) {
355 dump_smb(iov[i].iov_base, iov[i].iov_len);
356 size += iov[i].iov_len;
357 }
358
359 iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, iov, n_vec, size);
360
361 rc = smb_send_kvec(server, &smb_msg, &sent);
362 if (rc < 0)
363 goto unmask;
364
365 total_len += sent;
366
367 if (iov_iter_count(&rqst[j].rq_iter) > 0) {
368 smb_msg.msg_iter = rqst[j].rq_iter;
369 rc = smb_send_kvec(server, &smb_msg, &sent);
370 if (rc < 0)
371 break;
372 total_len += sent;
373 }
374
375 }
376
377 unmask:
378 sigprocmask(SIG_SETMASK, &oldmask, NULL);
379
380 /*
381 * If signal is pending but we have already sent the whole packet to
382 * the server we need to return success status to allow a corresponding
383 * mid entry to be kept in the pending requests queue thus allowing
384 * to handle responses from the server by the client.
385 *
386 * If only part of the packet has been sent there is no need to hide
387 * interrupt because the session will be reconnected anyway, so there
388 * won't be any response from the server to handle.
389 */
390
391 if (signal_pending(current) && (total_len != send_length)) {
392 cifs_dbg(FYI, "signal is pending after attempt to send\n");
393 rc = -ERESTARTSYS;
394 }
395
396 /* uncork it */
397 tcp_sock_set_cork(ssocket->sk, false);
398
399 if ((total_len > 0) && (total_len != send_length)) {
400 cifs_dbg(FYI, "partial send (wanted=%u sent=%zu): terminating session\n",
401 send_length, total_len);
402 /*
403 * If we have only sent part of an SMB then the next SMB could
404 * be taken as the remainder of this one. We need to kill the
405 * socket so the server throws away the partial SMB
406 */
407 cifs_signal_cifsd_for_reconnect(server, false);
408 trace_smb3_partial_send_reconnect(server->CurrentMid,
409 server->conn_id, server->hostname);
410 }
411 smbd_done:
412 if (rc < 0 && rc != -EINTR)
413 cifs_server_dbg(VFS, "Error %d sending data on socket to server\n",
414 rc);
415 else if (rc > 0)
416 rc = 0;
417 out:
418 cifs_in_send_dec(server);
419 return rc;
420 }
421
422 struct send_req_vars {
423 struct smb2_transform_hdr tr_hdr;
424 struct smb_rqst rqst[MAX_COMPOUND];
425 struct kvec iov;
426 };
427
428 static int
smb_send_rqst(struct TCP_Server_Info * server,int num_rqst,struct smb_rqst * rqst,int flags)429 smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
430 struct smb_rqst *rqst, int flags)
431 {
432 struct send_req_vars *vars;
433 struct smb_rqst *cur_rqst;
434 struct kvec *iov;
435 int rc;
436
437 if (!(flags & CIFS_TRANSFORM_REQ))
438 return __smb_send_rqst(server, num_rqst, rqst);
439
440 if (num_rqst > MAX_COMPOUND - 1)
441 return -ENOMEM;
442
443 if (!server->ops->init_transform_rq) {
444 cifs_server_dbg(VFS, "Encryption requested but transform callback is missing\n");
445 return -EIO;
446 }
447
448 vars = kzalloc(sizeof(*vars), GFP_NOFS);
449 if (!vars)
450 return -ENOMEM;
451 cur_rqst = vars->rqst;
452 iov = &vars->iov;
453
454 iov->iov_base = &vars->tr_hdr;
455 iov->iov_len = sizeof(vars->tr_hdr);
456 cur_rqst[0].rq_iov = iov;
457 cur_rqst[0].rq_nvec = 1;
458
459 rc = server->ops->init_transform_rq(server, num_rqst + 1,
460 &cur_rqst[0], rqst);
461 if (rc)
462 goto out;
463
464 rc = __smb_send_rqst(server, num_rqst + 1, &cur_rqst[0]);
465 smb3_free_compound_rqst(num_rqst, &cur_rqst[1]);
466 out:
467 kfree(vars);
468 return rc;
469 }
470
471 int
smb_send(struct TCP_Server_Info * server,struct smb_hdr * smb_buffer,unsigned int smb_buf_length)472 smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer,
473 unsigned int smb_buf_length)
474 {
475 struct kvec iov[2];
476 struct smb_rqst rqst = { .rq_iov = iov,
477 .rq_nvec = 2 };
478
479 iov[0].iov_base = smb_buffer;
480 iov[0].iov_len = 4;
481 iov[1].iov_base = (char *)smb_buffer + 4;
482 iov[1].iov_len = smb_buf_length;
483
484 return __smb_send_rqst(server, 1, &rqst);
485 }
486
487 static int
wait_for_free_credits(struct TCP_Server_Info * server,const int num_credits,const int timeout,const int flags,unsigned int * instance)488 wait_for_free_credits(struct TCP_Server_Info *server, const int num_credits,
489 const int timeout, const int flags,
490 unsigned int *instance)
491 {
492 long rc;
493 int *credits;
494 int optype;
495 long int t;
496 int scredits, in_flight;
497
498 if (timeout < 0)
499 t = MAX_JIFFY_OFFSET;
500 else
501 t = msecs_to_jiffies(timeout);
502
503 optype = flags & CIFS_OP_MASK;
504
505 *instance = 0;
506
507 credits = server->ops->get_credits_field(server, optype);
508 /* Since an echo is already inflight, no need to wait to send another */
509 if (*credits <= 0 && optype == CIFS_ECHO_OP)
510 return -EAGAIN;
511
512 spin_lock(&server->req_lock);
513 if ((flags & CIFS_TIMEOUT_MASK) == CIFS_NON_BLOCKING) {
514 /* oplock breaks must not be held up */
515 server->in_flight++;
516 if (server->in_flight > server->max_in_flight)
517 server->max_in_flight = server->in_flight;
518 *credits -= 1;
519 *instance = server->reconnect_instance;
520 scredits = *credits;
521 in_flight = server->in_flight;
522 spin_unlock(&server->req_lock);
523
524 trace_smb3_nblk_credits(server->CurrentMid,
525 server->conn_id, server->hostname, scredits, -1, in_flight);
526 cifs_dbg(FYI, "%s: remove %u credits total=%d\n",
527 __func__, 1, scredits);
528
529 return 0;
530 }
531
532 while (1) {
533 spin_unlock(&server->req_lock);
534
535 spin_lock(&server->srv_lock);
536 if (server->tcpStatus == CifsExiting) {
537 spin_unlock(&server->srv_lock);
538 return -ENOENT;
539 }
540 spin_unlock(&server->srv_lock);
541
542 spin_lock(&server->req_lock);
543 if (*credits < num_credits) {
544 scredits = *credits;
545 spin_unlock(&server->req_lock);
546
547 cifs_num_waiters_inc(server);
548 rc = wait_event_killable_timeout(server->request_q,
549 has_credits(server, credits, num_credits), t);
550 cifs_num_waiters_dec(server);
551 if (!rc) {
552 spin_lock(&server->req_lock);
553 scredits = *credits;
554 in_flight = server->in_flight;
555 spin_unlock(&server->req_lock);
556
557 trace_smb3_credit_timeout(server->CurrentMid,
558 server->conn_id, server->hostname, scredits,
559 num_credits, in_flight);
560 cifs_server_dbg(VFS, "wait timed out after %d ms\n",
561 timeout);
562 return -EBUSY;
563 }
564 if (rc == -ERESTARTSYS)
565 return -ERESTARTSYS;
566 spin_lock(&server->req_lock);
567 } else {
568 /*
569 * For normal commands, reserve the last MAX_COMPOUND
570 * credits to compound requests.
571 * Otherwise these compounds could be permanently
572 * starved for credits by single-credit requests.
573 *
574 * To prevent spinning CPU, block this thread until
575 * there are >MAX_COMPOUND credits available.
576 * But only do this is we already have a lot of
577 * credits in flight to avoid triggering this check
578 * for servers that are slow to hand out credits on
579 * new sessions.
580 */
581 if (!optype && num_credits == 1 &&
582 server->in_flight > 2 * MAX_COMPOUND &&
583 *credits <= MAX_COMPOUND) {
584 spin_unlock(&server->req_lock);
585
586 cifs_num_waiters_inc(server);
587 rc = wait_event_killable_timeout(
588 server->request_q,
589 has_credits(server, credits,
590 MAX_COMPOUND + 1),
591 t);
592 cifs_num_waiters_dec(server);
593 if (!rc) {
594 spin_lock(&server->req_lock);
595 scredits = *credits;
596 in_flight = server->in_flight;
597 spin_unlock(&server->req_lock);
598
599 trace_smb3_credit_timeout(
600 server->CurrentMid,
601 server->conn_id, server->hostname,
602 scredits, num_credits, in_flight);
603 cifs_server_dbg(VFS, "wait timed out after %d ms\n",
604 timeout);
605 return -EBUSY;
606 }
607 if (rc == -ERESTARTSYS)
608 return -ERESTARTSYS;
609 spin_lock(&server->req_lock);
610 continue;
611 }
612
613 /*
614 * Can not count locking commands against total
615 * as they are allowed to block on server.
616 */
617
618 /* update # of requests on the wire to server */
619 if ((flags & CIFS_TIMEOUT_MASK) != CIFS_BLOCKING_OP) {
620 *credits -= num_credits;
621 server->in_flight += num_credits;
622 if (server->in_flight > server->max_in_flight)
623 server->max_in_flight = server->in_flight;
624 *instance = server->reconnect_instance;
625 }
626 scredits = *credits;
627 in_flight = server->in_flight;
628 spin_unlock(&server->req_lock);
629
630 trace_smb3_waitff_credits(server->CurrentMid,
631 server->conn_id, server->hostname, scredits,
632 -(num_credits), in_flight);
633 cifs_dbg(FYI, "%s: remove %u credits total=%d\n",
634 __func__, num_credits, scredits);
635 break;
636 }
637 }
638 return 0;
639 }
640
641 static int
wait_for_free_request(struct TCP_Server_Info * server,const int flags,unsigned int * instance)642 wait_for_free_request(struct TCP_Server_Info *server, const int flags,
643 unsigned int *instance)
644 {
645 return wait_for_free_credits(server, 1, -1, flags,
646 instance);
647 }
648
649 static int
wait_for_compound_request(struct TCP_Server_Info * server,int num,const int flags,unsigned int * instance)650 wait_for_compound_request(struct TCP_Server_Info *server, int num,
651 const int flags, unsigned int *instance)
652 {
653 int *credits;
654 int scredits, in_flight;
655
656 credits = server->ops->get_credits_field(server, flags & CIFS_OP_MASK);
657
658 spin_lock(&server->req_lock);
659 scredits = *credits;
660 in_flight = server->in_flight;
661
662 if (*credits < num) {
663 /*
664 * If the server is tight on resources or just gives us less
665 * credits for other reasons (e.g. requests are coming out of
666 * order and the server delays granting more credits until it
667 * processes a missing mid) and we exhausted most available
668 * credits there may be situations when we try to send
669 * a compound request but we don't have enough credits. At this
670 * point the client needs to decide if it should wait for
671 * additional credits or fail the request. If at least one
672 * request is in flight there is a high probability that the
673 * server will return enough credits to satisfy this compound
674 * request.
675 *
676 * Return immediately if no requests in flight since we will be
677 * stuck on waiting for credits.
678 */
679 if (server->in_flight == 0) {
680 spin_unlock(&server->req_lock);
681 trace_smb3_insufficient_credits(server->CurrentMid,
682 server->conn_id, server->hostname, scredits,
683 num, in_flight);
684 cifs_dbg(FYI, "%s: %d requests in flight, needed %d total=%d\n",
685 __func__, in_flight, num, scredits);
686 return -EDEADLK;
687 }
688 }
689 spin_unlock(&server->req_lock);
690
691 return wait_for_free_credits(server, num, 60000, flags,
692 instance);
693 }
694
695 int
cifs_wait_mtu_credits(struct TCP_Server_Info * server,unsigned int size,unsigned int * num,struct cifs_credits * credits)696 cifs_wait_mtu_credits(struct TCP_Server_Info *server, unsigned int size,
697 unsigned int *num, struct cifs_credits *credits)
698 {
699 *num = size;
700 credits->value = 0;
701 credits->instance = server->reconnect_instance;
702 return 0;
703 }
704
allocate_mid(struct cifs_ses * ses,struct smb_hdr * in_buf,struct mid_q_entry ** ppmidQ)705 static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf,
706 struct mid_q_entry **ppmidQ)
707 {
708 spin_lock(&ses->ses_lock);
709 if (ses->ses_status == SES_NEW) {
710 if ((in_buf->Command != SMB_COM_SESSION_SETUP_ANDX) &&
711 (in_buf->Command != SMB_COM_NEGOTIATE)) {
712 spin_unlock(&ses->ses_lock);
713 return -EAGAIN;
714 }
715 /* else ok - we are setting up session */
716 }
717
718 if (ses->ses_status == SES_EXITING) {
719 /* check if SMB session is bad because we are setting it up */
720 if (in_buf->Command != SMB_COM_LOGOFF_ANDX) {
721 spin_unlock(&ses->ses_lock);
722 return -EAGAIN;
723 }
724 /* else ok - we are shutting down session */
725 }
726 spin_unlock(&ses->ses_lock);
727
728 *ppmidQ = alloc_mid(in_buf, ses->server);
729 if (*ppmidQ == NULL)
730 return -ENOMEM;
731 spin_lock(&ses->server->mid_lock);
732 list_add_tail(&(*ppmidQ)->qhead, &ses->server->pending_mid_q);
733 spin_unlock(&ses->server->mid_lock);
734 return 0;
735 }
736
737 static int
wait_for_response(struct TCP_Server_Info * server,struct mid_q_entry * midQ)738 wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ)
739 {
740 int error;
741
742 error = wait_event_state(server->response_q,
743 midQ->mid_state != MID_REQUEST_SUBMITTED &&
744 midQ->mid_state != MID_RESPONSE_RECEIVED,
745 (TASK_KILLABLE|TASK_FREEZABLE_UNSAFE));
746 if (error < 0)
747 return -ERESTARTSYS;
748
749 return 0;
750 }
751
752 struct mid_q_entry *
cifs_setup_async_request(struct TCP_Server_Info * server,struct smb_rqst * rqst)753 cifs_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
754 {
755 int rc;
756 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
757 struct mid_q_entry *mid;
758
759 if (rqst->rq_iov[0].iov_len != 4 ||
760 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
761 return ERR_PTR(-EIO);
762
763 /* enable signing if server requires it */
764 if (server->sign)
765 hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
766
767 mid = alloc_mid(hdr, server);
768 if (mid == NULL)
769 return ERR_PTR(-ENOMEM);
770
771 rc = cifs_sign_rqst(rqst, server, &mid->sequence_number);
772 if (rc) {
773 release_mid(mid);
774 return ERR_PTR(rc);
775 }
776
777 return mid;
778 }
779
780 /*
781 * Send a SMB request and set the callback function in the mid to handle
782 * the result. Caller is responsible for dealing with timeouts.
783 */
784 int
cifs_call_async(struct TCP_Server_Info * server,struct smb_rqst * rqst,mid_receive_t * receive,mid_callback_t * callback,mid_handle_t * handle,void * cbdata,const int flags,const struct cifs_credits * exist_credits)785 cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst,
786 mid_receive_t *receive, mid_callback_t *callback,
787 mid_handle_t *handle, void *cbdata, const int flags,
788 const struct cifs_credits *exist_credits)
789 {
790 int rc;
791 struct mid_q_entry *mid;
792 struct cifs_credits credits = { .value = 0, .instance = 0 };
793 unsigned int instance;
794 int optype;
795
796 optype = flags & CIFS_OP_MASK;
797
798 if ((flags & CIFS_HAS_CREDITS) == 0) {
799 rc = wait_for_free_request(server, flags, &instance);
800 if (rc)
801 return rc;
802 credits.value = 1;
803 credits.instance = instance;
804 } else
805 instance = exist_credits->instance;
806
807 cifs_server_lock(server);
808
809 /*
810 * We can't use credits obtained from the previous session to send this
811 * request. Check if there were reconnects after we obtained credits and
812 * return -EAGAIN in such cases to let callers handle it.
813 */
814 if (instance != server->reconnect_instance) {
815 cifs_server_unlock(server);
816 add_credits_and_wake_if(server, &credits, optype);
817 return -EAGAIN;
818 }
819
820 mid = server->ops->setup_async_request(server, rqst);
821 if (IS_ERR(mid)) {
822 cifs_server_unlock(server);
823 add_credits_and_wake_if(server, &credits, optype);
824 return PTR_ERR(mid);
825 }
826
827 mid->receive = receive;
828 mid->callback = callback;
829 mid->callback_data = cbdata;
830 mid->handle = handle;
831 mid->mid_state = MID_REQUEST_SUBMITTED;
832
833 /* put it on the pending_mid_q */
834 spin_lock(&server->mid_lock);
835 list_add_tail(&mid->qhead, &server->pending_mid_q);
836 spin_unlock(&server->mid_lock);
837
838 /*
839 * Need to store the time in mid before calling I/O. For call_async,
840 * I/O response may come back and free the mid entry on another thread.
841 */
842 cifs_save_when_sent(mid);
843 rc = smb_send_rqst(server, 1, rqst, flags);
844
845 if (rc < 0) {
846 revert_current_mid(server, mid->credits);
847 server->sequence_number -= 2;
848 delete_mid(mid);
849 }
850
851 cifs_server_unlock(server);
852
853 if (rc == 0)
854 return 0;
855
856 add_credits_and_wake_if(server, &credits, optype);
857 return rc;
858 }
859
860 /*
861 *
862 * Send an SMB Request. No response info (other than return code)
863 * needs to be parsed.
864 *
865 * flags indicate the type of request buffer and how long to wait
866 * and whether to log NT STATUS code (error) before mapping it to POSIX error
867 *
868 */
869 int
SendReceiveNoRsp(const unsigned int xid,struct cifs_ses * ses,char * in_buf,int flags)870 SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses,
871 char *in_buf, int flags)
872 {
873 int rc;
874 struct kvec iov[1];
875 struct kvec rsp_iov;
876 int resp_buf_type;
877
878 iov[0].iov_base = in_buf;
879 iov[0].iov_len = get_rfc1002_length(in_buf) + 4;
880 flags |= CIFS_NO_RSP_BUF;
881 rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags, &rsp_iov);
882 cifs_dbg(NOISY, "SendRcvNoRsp flags %d rc %d\n", flags, rc);
883
884 return rc;
885 }
886
887 static int
cifs_sync_mid_result(struct mid_q_entry * mid,struct TCP_Server_Info * server)888 cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server)
889 {
890 int rc = 0;
891
892 cifs_dbg(FYI, "%s: cmd=%d mid=%llu state=%d\n",
893 __func__, le16_to_cpu(mid->command), mid->mid, mid->mid_state);
894
895 spin_lock(&server->mid_lock);
896 switch (mid->mid_state) {
897 case MID_RESPONSE_READY:
898 spin_unlock(&server->mid_lock);
899 return rc;
900 case MID_RETRY_NEEDED:
901 rc = -EAGAIN;
902 break;
903 case MID_RESPONSE_MALFORMED:
904 rc = -EIO;
905 break;
906 case MID_SHUTDOWN:
907 rc = -EHOSTDOWN;
908 break;
909 default:
910 if (!(mid->mid_flags & MID_DELETED)) {
911 list_del_init(&mid->qhead);
912 mid->mid_flags |= MID_DELETED;
913 }
914 cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n",
915 __func__, mid->mid, mid->mid_state);
916 rc = -EIO;
917 }
918 spin_unlock(&server->mid_lock);
919
920 release_mid(mid);
921 return rc;
922 }
923
924 static inline int
send_cancel(struct TCP_Server_Info * server,struct smb_rqst * rqst,struct mid_q_entry * mid)925 send_cancel(struct TCP_Server_Info *server, struct smb_rqst *rqst,
926 struct mid_q_entry *mid)
927 {
928 return server->ops->send_cancel ?
929 server->ops->send_cancel(server, rqst, mid) : 0;
930 }
931
932 int
cifs_check_receive(struct mid_q_entry * mid,struct TCP_Server_Info * server,bool log_error)933 cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
934 bool log_error)
935 {
936 unsigned int len = get_rfc1002_length(mid->resp_buf) + 4;
937
938 dump_smb(mid->resp_buf, min_t(u32, 92, len));
939
940 /* convert the length into a more usable form */
941 if (server->sign) {
942 struct kvec iov[2];
943 int rc = 0;
944 struct smb_rqst rqst = { .rq_iov = iov,
945 .rq_nvec = 2 };
946
947 iov[0].iov_base = mid->resp_buf;
948 iov[0].iov_len = 4;
949 iov[1].iov_base = (char *)mid->resp_buf + 4;
950 iov[1].iov_len = len - 4;
951 /* FIXME: add code to kill session */
952 rc = cifs_verify_signature(&rqst, server,
953 mid->sequence_number);
954 if (rc)
955 cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n",
956 rc);
957 }
958
959 /* BB special case reconnect tid and uid here? */
960 return map_and_check_smb_error(mid, log_error);
961 }
962
963 struct mid_q_entry *
cifs_setup_request(struct cifs_ses * ses,struct TCP_Server_Info * ignored,struct smb_rqst * rqst)964 cifs_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *ignored,
965 struct smb_rqst *rqst)
966 {
967 int rc;
968 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
969 struct mid_q_entry *mid;
970
971 if (rqst->rq_iov[0].iov_len != 4 ||
972 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
973 return ERR_PTR(-EIO);
974
975 rc = allocate_mid(ses, hdr, &mid);
976 if (rc)
977 return ERR_PTR(rc);
978 rc = cifs_sign_rqst(rqst, ses->server, &mid->sequence_number);
979 if (rc) {
980 delete_mid(mid);
981 return ERR_PTR(rc);
982 }
983 return mid;
984 }
985
986 static void
cifs_compound_callback(struct mid_q_entry * mid)987 cifs_compound_callback(struct mid_q_entry *mid)
988 {
989 struct TCP_Server_Info *server = mid->server;
990 struct cifs_credits credits;
991
992 credits.value = server->ops->get_credits(mid);
993 credits.instance = server->reconnect_instance;
994
995 add_credits(server, &credits, mid->optype);
996
997 if (mid->mid_state == MID_RESPONSE_RECEIVED)
998 mid->mid_state = MID_RESPONSE_READY;
999 }
1000
1001 static void
cifs_compound_last_callback(struct mid_q_entry * mid)1002 cifs_compound_last_callback(struct mid_q_entry *mid)
1003 {
1004 cifs_compound_callback(mid);
1005 cifs_wake_up_task(mid);
1006 }
1007
1008 static void
cifs_cancelled_callback(struct mid_q_entry * mid)1009 cifs_cancelled_callback(struct mid_q_entry *mid)
1010 {
1011 cifs_compound_callback(mid);
1012 release_mid(mid);
1013 }
1014
1015 /*
1016 * Return a channel (master if none) of @ses that can be used to send
1017 * regular requests.
1018 *
1019 * If we are currently binding a new channel (negprot/sess.setup),
1020 * return the new incomplete channel.
1021 */
cifs_pick_channel(struct cifs_ses * ses)1022 struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses)
1023 {
1024 uint index = 0;
1025 unsigned int min_in_flight = UINT_MAX, max_in_flight = 0;
1026 struct TCP_Server_Info *server = NULL;
1027 int i;
1028
1029 if (!ses)
1030 return NULL;
1031
1032 spin_lock(&ses->chan_lock);
1033 for (i = 0; i < ses->chan_count; i++) {
1034 server = ses->chans[i].server;
1035 if (!server)
1036 continue;
1037
1038 /*
1039 * strictly speaking, we should pick up req_lock to read
1040 * server->in_flight. But it shouldn't matter much here if we
1041 * race while reading this data. The worst that can happen is
1042 * that we could use a channel that's not least loaded. Avoiding
1043 * taking the lock could help reduce wait time, which is
1044 * important for this function
1045 */
1046 if (server->in_flight < min_in_flight) {
1047 min_in_flight = server->in_flight;
1048 index = i;
1049 }
1050 if (server->in_flight > max_in_flight)
1051 max_in_flight = server->in_flight;
1052 }
1053
1054 /* if all channels are equally loaded, fall back to round-robin */
1055 if (min_in_flight == max_in_flight) {
1056 index = (uint)atomic_inc_return(&ses->chan_seq);
1057 index %= ses->chan_count;
1058 }
1059 spin_unlock(&ses->chan_lock);
1060
1061 return ses->chans[index].server;
1062 }
1063
1064 int
compound_send_recv(const unsigned int xid,struct cifs_ses * ses,struct TCP_Server_Info * server,const int flags,const int num_rqst,struct smb_rqst * rqst,int * resp_buf_type,struct kvec * resp_iov)1065 compound_send_recv(const unsigned int xid, struct cifs_ses *ses,
1066 struct TCP_Server_Info *server,
1067 const int flags, const int num_rqst, struct smb_rqst *rqst,
1068 int *resp_buf_type, struct kvec *resp_iov)
1069 {
1070 int i, j, optype, rc = 0;
1071 struct mid_q_entry *midQ[MAX_COMPOUND];
1072 bool cancelled_mid[MAX_COMPOUND] = {false};
1073 struct cifs_credits credits[MAX_COMPOUND] = {
1074 { .value = 0, .instance = 0 }
1075 };
1076 unsigned int instance;
1077 char *buf;
1078
1079 optype = flags & CIFS_OP_MASK;
1080
1081 for (i = 0; i < num_rqst; i++)
1082 resp_buf_type[i] = CIFS_NO_BUFFER; /* no response buf yet */
1083
1084 if (!ses || !ses->server || !server) {
1085 cifs_dbg(VFS, "Null session\n");
1086 return -EIO;
1087 }
1088
1089 spin_lock(&server->srv_lock);
1090 if (server->tcpStatus == CifsExiting) {
1091 spin_unlock(&server->srv_lock);
1092 return -ENOENT;
1093 }
1094 spin_unlock(&server->srv_lock);
1095
1096 /*
1097 * Wait for all the requests to become available.
1098 * This approach still leaves the possibility to be stuck waiting for
1099 * credits if the server doesn't grant credits to the outstanding
1100 * requests and if the client is completely idle, not generating any
1101 * other requests.
1102 * This can be handled by the eventual session reconnect.
1103 */
1104 rc = wait_for_compound_request(server, num_rqst, flags,
1105 &instance);
1106 if (rc)
1107 return rc;
1108
1109 for (i = 0; i < num_rqst; i++) {
1110 credits[i].value = 1;
1111 credits[i].instance = instance;
1112 }
1113
1114 /*
1115 * Make sure that we sign in the same order that we send on this socket
1116 * and avoid races inside tcp sendmsg code that could cause corruption
1117 * of smb data.
1118 */
1119
1120 cifs_server_lock(server);
1121
1122 /*
1123 * All the parts of the compound chain belong obtained credits from the
1124 * same session. We can not use credits obtained from the previous
1125 * session to send this request. Check if there were reconnects after
1126 * we obtained credits and return -EAGAIN in such cases to let callers
1127 * handle it.
1128 */
1129 if (instance != server->reconnect_instance) {
1130 cifs_server_unlock(server);
1131 for (j = 0; j < num_rqst; j++)
1132 add_credits(server, &credits[j], optype);
1133 return -EAGAIN;
1134 }
1135
1136 for (i = 0; i < num_rqst; i++) {
1137 midQ[i] = server->ops->setup_request(ses, server, &rqst[i]);
1138 if (IS_ERR(midQ[i])) {
1139 revert_current_mid(server, i);
1140 for (j = 0; j < i; j++)
1141 delete_mid(midQ[j]);
1142 cifs_server_unlock(server);
1143
1144 /* Update # of requests on wire to server */
1145 for (j = 0; j < num_rqst; j++)
1146 add_credits(server, &credits[j], optype);
1147 return PTR_ERR(midQ[i]);
1148 }
1149
1150 midQ[i]->mid_state = MID_REQUEST_SUBMITTED;
1151 midQ[i]->optype = optype;
1152 /*
1153 * Invoke callback for every part of the compound chain
1154 * to calculate credits properly. Wake up this thread only when
1155 * the last element is received.
1156 */
1157 if (i < num_rqst - 1)
1158 midQ[i]->callback = cifs_compound_callback;
1159 else
1160 midQ[i]->callback = cifs_compound_last_callback;
1161 }
1162 rc = smb_send_rqst(server, num_rqst, rqst, flags);
1163
1164 for (i = 0; i < num_rqst; i++)
1165 cifs_save_when_sent(midQ[i]);
1166
1167 if (rc < 0) {
1168 revert_current_mid(server, num_rqst);
1169 server->sequence_number -= 2;
1170 }
1171
1172 cifs_server_unlock(server);
1173
1174 /*
1175 * If sending failed for some reason or it is an oplock break that we
1176 * will not receive a response to - return credits back
1177 */
1178 if (rc < 0 || (flags & CIFS_NO_SRV_RSP)) {
1179 for (i = 0; i < num_rqst; i++)
1180 add_credits(server, &credits[i], optype);
1181 goto out;
1182 }
1183
1184 /*
1185 * At this point the request is passed to the network stack - we assume
1186 * that any credits taken from the server structure on the client have
1187 * been spent and we can't return them back. Once we receive responses
1188 * we will collect credits granted by the server in the mid callbacks
1189 * and add those credits to the server structure.
1190 */
1191
1192 /*
1193 * Compounding is never used during session establish.
1194 */
1195 spin_lock(&ses->ses_lock);
1196 if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) {
1197 spin_unlock(&ses->ses_lock);
1198
1199 cifs_server_lock(server);
1200 smb311_update_preauth_hash(ses, server, rqst[0].rq_iov, rqst[0].rq_nvec);
1201 cifs_server_unlock(server);
1202
1203 spin_lock(&ses->ses_lock);
1204 }
1205 spin_unlock(&ses->ses_lock);
1206
1207 for (i = 0; i < num_rqst; i++) {
1208 rc = wait_for_response(server, midQ[i]);
1209 if (rc != 0)
1210 break;
1211 }
1212 if (rc != 0) {
1213 for (; i < num_rqst; i++) {
1214 cifs_server_dbg(FYI, "Cancelling wait for mid %llu cmd: %d\n",
1215 midQ[i]->mid, le16_to_cpu(midQ[i]->command));
1216 send_cancel(server, &rqst[i], midQ[i]);
1217 spin_lock(&server->mid_lock);
1218 midQ[i]->mid_flags |= MID_WAIT_CANCELLED;
1219 if (midQ[i]->mid_state == MID_REQUEST_SUBMITTED ||
1220 midQ[i]->mid_state == MID_RESPONSE_RECEIVED) {
1221 midQ[i]->callback = cifs_cancelled_callback;
1222 cancelled_mid[i] = true;
1223 credits[i].value = 0;
1224 }
1225 spin_unlock(&server->mid_lock);
1226 }
1227 }
1228
1229 for (i = 0; i < num_rqst; i++) {
1230 if (rc < 0)
1231 goto out;
1232
1233 rc = cifs_sync_mid_result(midQ[i], server);
1234 if (rc != 0) {
1235 /* mark this mid as cancelled to not free it below */
1236 cancelled_mid[i] = true;
1237 goto out;
1238 }
1239
1240 if (!midQ[i]->resp_buf ||
1241 midQ[i]->mid_state != MID_RESPONSE_READY) {
1242 rc = -EIO;
1243 cifs_dbg(FYI, "Bad MID state?\n");
1244 goto out;
1245 }
1246
1247 buf = (char *)midQ[i]->resp_buf;
1248 resp_iov[i].iov_base = buf;
1249 resp_iov[i].iov_len = midQ[i]->resp_buf_size +
1250 HEADER_PREAMBLE_SIZE(server);
1251
1252 if (midQ[i]->large_buf)
1253 resp_buf_type[i] = CIFS_LARGE_BUFFER;
1254 else
1255 resp_buf_type[i] = CIFS_SMALL_BUFFER;
1256
1257 rc = server->ops->check_receive(midQ[i], server,
1258 flags & CIFS_LOG_ERROR);
1259
1260 /* mark it so buf will not be freed by delete_mid */
1261 if ((flags & CIFS_NO_RSP_BUF) == 0)
1262 midQ[i]->resp_buf = NULL;
1263
1264 }
1265
1266 /*
1267 * Compounding is never used during session establish.
1268 */
1269 spin_lock(&ses->ses_lock);
1270 if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) {
1271 struct kvec iov = {
1272 .iov_base = resp_iov[0].iov_base,
1273 .iov_len = resp_iov[0].iov_len
1274 };
1275 spin_unlock(&ses->ses_lock);
1276 cifs_server_lock(server);
1277 smb311_update_preauth_hash(ses, server, &iov, 1);
1278 cifs_server_unlock(server);
1279 spin_lock(&ses->ses_lock);
1280 }
1281 spin_unlock(&ses->ses_lock);
1282
1283 out:
1284 /*
1285 * This will dequeue all mids. After this it is important that the
1286 * demultiplex_thread will not process any of these mids any futher.
1287 * This is prevented above by using a noop callback that will not
1288 * wake this thread except for the very last PDU.
1289 */
1290 for (i = 0; i < num_rqst; i++) {
1291 if (!cancelled_mid[i])
1292 delete_mid(midQ[i]);
1293 }
1294
1295 return rc;
1296 }
1297
1298 int
cifs_send_recv(const unsigned int xid,struct cifs_ses * ses,struct TCP_Server_Info * server,struct smb_rqst * rqst,int * resp_buf_type,const int flags,struct kvec * resp_iov)1299 cifs_send_recv(const unsigned int xid, struct cifs_ses *ses,
1300 struct TCP_Server_Info *server,
1301 struct smb_rqst *rqst, int *resp_buf_type, const int flags,
1302 struct kvec *resp_iov)
1303 {
1304 return compound_send_recv(xid, ses, server, flags, 1,
1305 rqst, resp_buf_type, resp_iov);
1306 }
1307
1308 int
SendReceive2(const unsigned int xid,struct cifs_ses * ses,struct kvec * iov,int n_vec,int * resp_buf_type,const int flags,struct kvec * resp_iov)1309 SendReceive2(const unsigned int xid, struct cifs_ses *ses,
1310 struct kvec *iov, int n_vec, int *resp_buf_type /* ret */,
1311 const int flags, struct kvec *resp_iov)
1312 {
1313 struct smb_rqst rqst;
1314 struct kvec s_iov[CIFS_MAX_IOV_SIZE], *new_iov;
1315 int rc;
1316
1317 if (n_vec + 1 > CIFS_MAX_IOV_SIZE) {
1318 new_iov = kmalloc_array(n_vec + 1, sizeof(struct kvec),
1319 GFP_KERNEL);
1320 if (!new_iov) {
1321 /* otherwise cifs_send_recv below sets resp_buf_type */
1322 *resp_buf_type = CIFS_NO_BUFFER;
1323 return -ENOMEM;
1324 }
1325 } else
1326 new_iov = s_iov;
1327
1328 /* 1st iov is a RFC1001 length followed by the rest of the packet */
1329 memcpy(new_iov + 1, iov, (sizeof(struct kvec) * n_vec));
1330
1331 new_iov[0].iov_base = new_iov[1].iov_base;
1332 new_iov[0].iov_len = 4;
1333 new_iov[1].iov_base += 4;
1334 new_iov[1].iov_len -= 4;
1335
1336 memset(&rqst, 0, sizeof(struct smb_rqst));
1337 rqst.rq_iov = new_iov;
1338 rqst.rq_nvec = n_vec + 1;
1339
1340 rc = cifs_send_recv(xid, ses, ses->server,
1341 &rqst, resp_buf_type, flags, resp_iov);
1342 if (n_vec + 1 > CIFS_MAX_IOV_SIZE)
1343 kfree(new_iov);
1344 return rc;
1345 }
1346
1347 int
SendReceive(const unsigned int xid,struct cifs_ses * ses,struct smb_hdr * in_buf,struct smb_hdr * out_buf,int * pbytes_returned,const int flags)1348 SendReceive(const unsigned int xid, struct cifs_ses *ses,
1349 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
1350 int *pbytes_returned, const int flags)
1351 {
1352 int rc = 0;
1353 struct mid_q_entry *midQ;
1354 unsigned int len = be32_to_cpu(in_buf->smb_buf_length);
1355 struct kvec iov = { .iov_base = in_buf, .iov_len = len };
1356 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 };
1357 struct cifs_credits credits = { .value = 1, .instance = 0 };
1358 struct TCP_Server_Info *server;
1359
1360 if (ses == NULL) {
1361 cifs_dbg(VFS, "Null smb session\n");
1362 return -EIO;
1363 }
1364 server = ses->server;
1365 if (server == NULL) {
1366 cifs_dbg(VFS, "Null tcp session\n");
1367 return -EIO;
1368 }
1369
1370 spin_lock(&server->srv_lock);
1371 if (server->tcpStatus == CifsExiting) {
1372 spin_unlock(&server->srv_lock);
1373 return -ENOENT;
1374 }
1375 spin_unlock(&server->srv_lock);
1376
1377 /* Ensure that we do not send more than 50 overlapping requests
1378 to the same server. We may make this configurable later or
1379 use ses->maxReq */
1380
1381 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
1382 cifs_server_dbg(VFS, "Invalid length, greater than maximum frame, %d\n",
1383 len);
1384 return -EIO;
1385 }
1386
1387 rc = wait_for_free_request(server, flags, &credits.instance);
1388 if (rc)
1389 return rc;
1390
1391 /* make sure that we sign in the same order that we send on this socket
1392 and avoid races inside tcp sendmsg code that could cause corruption
1393 of smb data */
1394
1395 cifs_server_lock(server);
1396
1397 rc = allocate_mid(ses, in_buf, &midQ);
1398 if (rc) {
1399 cifs_server_unlock(server);
1400 /* Update # of requests on wire to server */
1401 add_credits(server, &credits, 0);
1402 return rc;
1403 }
1404
1405 rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number);
1406 if (rc) {
1407 cifs_server_unlock(server);
1408 goto out;
1409 }
1410
1411 midQ->mid_state = MID_REQUEST_SUBMITTED;
1412
1413 rc = smb_send(server, in_buf, len);
1414 cifs_save_when_sent(midQ);
1415
1416 if (rc < 0)
1417 server->sequence_number -= 2;
1418
1419 cifs_server_unlock(server);
1420
1421 if (rc < 0)
1422 goto out;
1423
1424 rc = wait_for_response(server, midQ);
1425 if (rc != 0) {
1426 send_cancel(server, &rqst, midQ);
1427 spin_lock(&server->mid_lock);
1428 if (midQ->mid_state == MID_REQUEST_SUBMITTED ||
1429 midQ->mid_state == MID_RESPONSE_RECEIVED) {
1430 /* no longer considered to be "in-flight" */
1431 midQ->callback = release_mid;
1432 spin_unlock(&server->mid_lock);
1433 add_credits(server, &credits, 0);
1434 return rc;
1435 }
1436 spin_unlock(&server->mid_lock);
1437 }
1438
1439 rc = cifs_sync_mid_result(midQ, server);
1440 if (rc != 0) {
1441 add_credits(server, &credits, 0);
1442 return rc;
1443 }
1444
1445 if (!midQ->resp_buf || !out_buf ||
1446 midQ->mid_state != MID_RESPONSE_READY) {
1447 rc = -EIO;
1448 cifs_server_dbg(VFS, "Bad MID state?\n");
1449 goto out;
1450 }
1451
1452 *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
1453 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1454 rc = cifs_check_receive(midQ, server, 0);
1455 out:
1456 delete_mid(midQ);
1457 add_credits(server, &credits, 0);
1458
1459 return rc;
1460 }
1461
1462 /* We send a LOCKINGX_CANCEL_LOCK to cause the Windows
1463 blocking lock to return. */
1464
1465 static int
send_lock_cancel(const unsigned int xid,struct cifs_tcon * tcon,struct smb_hdr * in_buf,struct smb_hdr * out_buf)1466 send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon,
1467 struct smb_hdr *in_buf,
1468 struct smb_hdr *out_buf)
1469 {
1470 int bytes_returned;
1471 struct cifs_ses *ses = tcon->ses;
1472 LOCK_REQ *pSMB = (LOCK_REQ *)in_buf;
1473
1474 /* We just modify the current in_buf to change
1475 the type of lock from LOCKING_ANDX_SHARED_LOCK
1476 or LOCKING_ANDX_EXCLUSIVE_LOCK to
1477 LOCKING_ANDX_CANCEL_LOCK. */
1478
1479 pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES;
1480 pSMB->Timeout = 0;
1481 pSMB->hdr.Mid = get_next_mid(ses->server);
1482
1483 return SendReceive(xid, ses, in_buf, out_buf,
1484 &bytes_returned, 0);
1485 }
1486
1487 int
SendReceiveBlockingLock(const unsigned int xid,struct cifs_tcon * tcon,struct smb_hdr * in_buf,struct smb_hdr * out_buf,int * pbytes_returned)1488 SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon,
1489 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
1490 int *pbytes_returned)
1491 {
1492 int rc = 0;
1493 int rstart = 0;
1494 struct mid_q_entry *midQ;
1495 struct cifs_ses *ses;
1496 unsigned int len = be32_to_cpu(in_buf->smb_buf_length);
1497 struct kvec iov = { .iov_base = in_buf, .iov_len = len };
1498 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 };
1499 unsigned int instance;
1500 struct TCP_Server_Info *server;
1501
1502 if (tcon == NULL || tcon->ses == NULL) {
1503 cifs_dbg(VFS, "Null smb session\n");
1504 return -EIO;
1505 }
1506 ses = tcon->ses;
1507 server = ses->server;
1508
1509 if (server == NULL) {
1510 cifs_dbg(VFS, "Null tcp session\n");
1511 return -EIO;
1512 }
1513
1514 spin_lock(&server->srv_lock);
1515 if (server->tcpStatus == CifsExiting) {
1516 spin_unlock(&server->srv_lock);
1517 return -ENOENT;
1518 }
1519 spin_unlock(&server->srv_lock);
1520
1521 /* Ensure that we do not send more than 50 overlapping requests
1522 to the same server. We may make this configurable later or
1523 use ses->maxReq */
1524
1525 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
1526 cifs_tcon_dbg(VFS, "Invalid length, greater than maximum frame, %d\n",
1527 len);
1528 return -EIO;
1529 }
1530
1531 rc = wait_for_free_request(server, CIFS_BLOCKING_OP, &instance);
1532 if (rc)
1533 return rc;
1534
1535 /* make sure that we sign in the same order that we send on this socket
1536 and avoid races inside tcp sendmsg code that could cause corruption
1537 of smb data */
1538
1539 cifs_server_lock(server);
1540
1541 rc = allocate_mid(ses, in_buf, &midQ);
1542 if (rc) {
1543 cifs_server_unlock(server);
1544 return rc;
1545 }
1546
1547 rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number);
1548 if (rc) {
1549 delete_mid(midQ);
1550 cifs_server_unlock(server);
1551 return rc;
1552 }
1553
1554 midQ->mid_state = MID_REQUEST_SUBMITTED;
1555 rc = smb_send(server, in_buf, len);
1556 cifs_save_when_sent(midQ);
1557
1558 if (rc < 0)
1559 server->sequence_number -= 2;
1560
1561 cifs_server_unlock(server);
1562
1563 if (rc < 0) {
1564 delete_mid(midQ);
1565 return rc;
1566 }
1567
1568 /* Wait for a reply - allow signals to interrupt. */
1569 rc = wait_event_interruptible(server->response_q,
1570 (!(midQ->mid_state == MID_REQUEST_SUBMITTED ||
1571 midQ->mid_state == MID_RESPONSE_RECEIVED)) ||
1572 ((server->tcpStatus != CifsGood) &&
1573 (server->tcpStatus != CifsNew)));
1574
1575 /* Were we interrupted by a signal ? */
1576 spin_lock(&server->srv_lock);
1577 if ((rc == -ERESTARTSYS) &&
1578 (midQ->mid_state == MID_REQUEST_SUBMITTED ||
1579 midQ->mid_state == MID_RESPONSE_RECEIVED) &&
1580 ((server->tcpStatus == CifsGood) ||
1581 (server->tcpStatus == CifsNew))) {
1582 spin_unlock(&server->srv_lock);
1583
1584 if (in_buf->Command == SMB_COM_TRANSACTION2) {
1585 /* POSIX lock. We send a NT_CANCEL SMB to cause the
1586 blocking lock to return. */
1587 rc = send_cancel(server, &rqst, midQ);
1588 if (rc) {
1589 delete_mid(midQ);
1590 return rc;
1591 }
1592 } else {
1593 /* Windows lock. We send a LOCKINGX_CANCEL_LOCK
1594 to cause the blocking lock to return. */
1595
1596 rc = send_lock_cancel(xid, tcon, in_buf, out_buf);
1597
1598 /* If we get -ENOLCK back the lock may have
1599 already been removed. Don't exit in this case. */
1600 if (rc && rc != -ENOLCK) {
1601 delete_mid(midQ);
1602 return rc;
1603 }
1604 }
1605
1606 rc = wait_for_response(server, midQ);
1607 if (rc) {
1608 send_cancel(server, &rqst, midQ);
1609 spin_lock(&server->mid_lock);
1610 if (midQ->mid_state == MID_REQUEST_SUBMITTED ||
1611 midQ->mid_state == MID_RESPONSE_RECEIVED) {
1612 /* no longer considered to be "in-flight" */
1613 midQ->callback = release_mid;
1614 spin_unlock(&server->mid_lock);
1615 return rc;
1616 }
1617 spin_unlock(&server->mid_lock);
1618 }
1619
1620 /* We got the response - restart system call. */
1621 rstart = 1;
1622 spin_lock(&server->srv_lock);
1623 }
1624 spin_unlock(&server->srv_lock);
1625
1626 rc = cifs_sync_mid_result(midQ, server);
1627 if (rc != 0)
1628 return rc;
1629
1630 /* rcvd frame is ok */
1631 if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_READY) {
1632 rc = -EIO;
1633 cifs_tcon_dbg(VFS, "Bad MID state?\n");
1634 goto out;
1635 }
1636
1637 *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
1638 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1639 rc = cifs_check_receive(midQ, server, 0);
1640 out:
1641 delete_mid(midQ);
1642 if (rstart && rc == -EACCES)
1643 return -ERESTARTSYS;
1644 return rc;
1645 }
1646
1647 /*
1648 * Discard any remaining data in the current SMB. To do this, we borrow the
1649 * current bigbuf.
1650 */
1651 int
cifs_discard_remaining_data(struct TCP_Server_Info * server)1652 cifs_discard_remaining_data(struct TCP_Server_Info *server)
1653 {
1654 unsigned int rfclen = server->pdu_size;
1655 size_t remaining = rfclen + HEADER_PREAMBLE_SIZE(server) -
1656 server->total_read;
1657
1658 while (remaining > 0) {
1659 ssize_t length;
1660
1661 length = cifs_discard_from_socket(server,
1662 min_t(size_t, remaining,
1663 CIFSMaxBufSize + MAX_HEADER_SIZE(server)));
1664 if (length < 0)
1665 return length;
1666 server->total_read += length;
1667 remaining -= length;
1668 }
1669
1670 return 0;
1671 }
1672
1673 static int
__cifs_readv_discard(struct TCP_Server_Info * server,struct mid_q_entry * mid,bool malformed)1674 __cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid,
1675 bool malformed)
1676 {
1677 int length;
1678
1679 length = cifs_discard_remaining_data(server);
1680 dequeue_mid(mid, malformed);
1681 mid->resp_buf = server->smallbuf;
1682 server->smallbuf = NULL;
1683 return length;
1684 }
1685
1686 static int
cifs_readv_discard(struct TCP_Server_Info * server,struct mid_q_entry * mid)1687 cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid)
1688 {
1689 struct cifs_readdata *rdata = mid->callback_data;
1690
1691 return __cifs_readv_discard(server, mid, rdata->result);
1692 }
1693
1694 int
cifs_readv_receive(struct TCP_Server_Info * server,struct mid_q_entry * mid)1695 cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid)
1696 {
1697 int length, len;
1698 unsigned int data_offset, data_len;
1699 struct cifs_readdata *rdata = mid->callback_data;
1700 char *buf = server->smallbuf;
1701 unsigned int buflen = server->pdu_size + HEADER_PREAMBLE_SIZE(server);
1702 bool use_rdma_mr = false;
1703
1704 cifs_dbg(FYI, "%s: mid=%llu offset=%llu bytes=%u\n",
1705 __func__, mid->mid, rdata->offset, rdata->bytes);
1706
1707 /*
1708 * read the rest of READ_RSP header (sans Data array), or whatever we
1709 * can if there's not enough data. At this point, we've read down to
1710 * the Mid.
1711 */
1712 len = min_t(unsigned int, buflen, server->vals->read_rsp_size) -
1713 HEADER_SIZE(server) + 1;
1714
1715 length = cifs_read_from_socket(server,
1716 buf + HEADER_SIZE(server) - 1, len);
1717 if (length < 0)
1718 return length;
1719 server->total_read += length;
1720
1721 if (server->ops->is_session_expired &&
1722 server->ops->is_session_expired(buf)) {
1723 cifs_reconnect(server, true);
1724 return -1;
1725 }
1726
1727 if (server->ops->is_status_pending &&
1728 server->ops->is_status_pending(buf, server)) {
1729 cifs_discard_remaining_data(server);
1730 return -1;
1731 }
1732
1733 /* set up first two iov for signature check and to get credits */
1734 rdata->iov[0].iov_base = buf;
1735 rdata->iov[0].iov_len = HEADER_PREAMBLE_SIZE(server);
1736 rdata->iov[1].iov_base = buf + HEADER_PREAMBLE_SIZE(server);
1737 rdata->iov[1].iov_len =
1738 server->total_read - HEADER_PREAMBLE_SIZE(server);
1739 cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu\n",
1740 rdata->iov[0].iov_base, rdata->iov[0].iov_len);
1741 cifs_dbg(FYI, "1: iov_base=%p iov_len=%zu\n",
1742 rdata->iov[1].iov_base, rdata->iov[1].iov_len);
1743
1744 /* Was the SMB read successful? */
1745 rdata->result = server->ops->map_error(buf, false);
1746 if (rdata->result != 0) {
1747 cifs_dbg(FYI, "%s: server returned error %d\n",
1748 __func__, rdata->result);
1749 /* normal error on read response */
1750 return __cifs_readv_discard(server, mid, false);
1751 }
1752
1753 /* Is there enough to get to the rest of the READ_RSP header? */
1754 if (server->total_read < server->vals->read_rsp_size) {
1755 cifs_dbg(FYI, "%s: server returned short header. got=%u expected=%zu\n",
1756 __func__, server->total_read,
1757 server->vals->read_rsp_size);
1758 rdata->result = -EIO;
1759 return cifs_readv_discard(server, mid);
1760 }
1761
1762 data_offset = server->ops->read_data_offset(buf) +
1763 HEADER_PREAMBLE_SIZE(server);
1764 if (data_offset < server->total_read) {
1765 /*
1766 * win2k8 sometimes sends an offset of 0 when the read
1767 * is beyond the EOF. Treat it as if the data starts just after
1768 * the header.
1769 */
1770 cifs_dbg(FYI, "%s: data offset (%u) inside read response header\n",
1771 __func__, data_offset);
1772 data_offset = server->total_read;
1773 } else if (data_offset > MAX_CIFS_SMALL_BUFFER_SIZE) {
1774 /* data_offset is beyond the end of smallbuf */
1775 cifs_dbg(FYI, "%s: data offset (%u) beyond end of smallbuf\n",
1776 __func__, data_offset);
1777 rdata->result = -EIO;
1778 return cifs_readv_discard(server, mid);
1779 }
1780
1781 cifs_dbg(FYI, "%s: total_read=%u data_offset=%u\n",
1782 __func__, server->total_read, data_offset);
1783
1784 len = data_offset - server->total_read;
1785 if (len > 0) {
1786 /* read any junk before data into the rest of smallbuf */
1787 length = cifs_read_from_socket(server,
1788 buf + server->total_read, len);
1789 if (length < 0)
1790 return length;
1791 server->total_read += length;
1792 }
1793
1794 /* how much data is in the response? */
1795 #ifdef CONFIG_CIFS_SMB_DIRECT
1796 use_rdma_mr = rdata->mr;
1797 #endif
1798 data_len = server->ops->read_data_length(buf, use_rdma_mr);
1799 if (!use_rdma_mr && (data_offset + data_len > buflen)) {
1800 /* data_len is corrupt -- discard frame */
1801 rdata->result = -EIO;
1802 return cifs_readv_discard(server, mid);
1803 }
1804
1805 #ifdef CONFIG_CIFS_SMB_DIRECT
1806 if (rdata->mr)
1807 length = data_len; /* An RDMA read is already done. */
1808 else
1809 #endif
1810 length = cifs_read_iter_from_socket(server, &rdata->iter,
1811 data_len);
1812 if (length > 0)
1813 rdata->got_bytes += length;
1814 server->total_read += length;
1815
1816 cifs_dbg(FYI, "total_read=%u buflen=%u remaining=%u\n",
1817 server->total_read, buflen, data_len);
1818
1819 /* discard anything left over */
1820 if (server->total_read < buflen)
1821 return cifs_readv_discard(server, mid);
1822
1823 dequeue_mid(mid, false);
1824 mid->resp_buf = server->smallbuf;
1825 server->smallbuf = NULL;
1826 return length;
1827 }
1828