1 // SPDX-License-Identifier: LGPL-2.1
2 /*
3  *
4  *   Copyright (C) International Business Machines  Corp., 2002,2008
5  *   Author(s): Steve French (sfrench@us.ibm.com)
6  *   Jeremy Allison (jra@samba.org) 2006.
7  *
8  */
9 
10 #include <linux/fs.h>
11 #include <linux/list.h>
12 #include <linux/gfp.h>
13 #include <linux/wait.h>
14 #include <linux/net.h>
15 #include <linux/delay.h>
16 #include <linux/freezer.h>
17 #include <linux/tcp.h>
18 #include <linux/bvec.h>
19 #include <linux/highmem.h>
20 #include <linux/uaccess.h>
21 #include <linux/processor.h>
22 #include <linux/mempool.h>
23 #include <linux/sched/signal.h>
24 #include <linux/task_io_accounting_ops.h>
25 #include "cifspdu.h"
26 #include "cifsglob.h"
27 #include "cifsproto.h"
28 #include "cifs_debug.h"
29 #include "smb2proto.h"
30 #include "smbdirect.h"
31 
32 /* Max number of iovectors we can use off the stack when sending requests. */
33 #define CIFS_MAX_IOV_SIZE 8
34 
35 void
cifs_wake_up_task(struct mid_q_entry * mid)36 cifs_wake_up_task(struct mid_q_entry *mid)
37 {
38 	if (mid->mid_state == MID_RESPONSE_RECEIVED)
39 		mid->mid_state = MID_RESPONSE_READY;
40 	wake_up_process(mid->callback_data);
41 }
42 
43 static struct mid_q_entry *
alloc_mid(const struct smb_hdr * smb_buffer,struct TCP_Server_Info * server)44 alloc_mid(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server)
45 {
46 	struct mid_q_entry *temp;
47 
48 	if (server == NULL) {
49 		cifs_dbg(VFS, "%s: null TCP session\n", __func__);
50 		return NULL;
51 	}
52 
53 	temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
54 	memset(temp, 0, sizeof(struct mid_q_entry));
55 	kref_init(&temp->refcount);
56 	temp->mid = get_mid(smb_buffer);
57 	temp->pid = current->pid;
58 	temp->command = cpu_to_le16(smb_buffer->Command);
59 	cifs_dbg(FYI, "For smb_command %d\n", smb_buffer->Command);
60 	/* easier to use jiffies */
61 	/* when mid allocated can be before when sent */
62 	temp->when_alloc = jiffies;
63 	temp->server = server;
64 
65 	/*
66 	 * The default is for the mid to be synchronous, so the
67 	 * default callback just wakes up the current task.
68 	 */
69 	get_task_struct(current);
70 	temp->creator = current;
71 	temp->callback = cifs_wake_up_task;
72 	temp->callback_data = current;
73 
74 	atomic_inc(&mid_count);
75 	temp->mid_state = MID_REQUEST_ALLOCATED;
76 	return temp;
77 }
78 
__release_mid(struct kref * refcount)79 static void __release_mid(struct kref *refcount)
80 {
81 	struct mid_q_entry *midEntry =
82 			container_of(refcount, struct mid_q_entry, refcount);
83 #ifdef CONFIG_CIFS_STATS2
84 	__le16 command = midEntry->server->vals->lock_cmd;
85 	__u16 smb_cmd = le16_to_cpu(midEntry->command);
86 	unsigned long now;
87 	unsigned long roundtrip_time;
88 #endif
89 	struct TCP_Server_Info *server = midEntry->server;
90 
91 	if (midEntry->resp_buf && (midEntry->mid_flags & MID_WAIT_CANCELLED) &&
92 	    (midEntry->mid_state == MID_RESPONSE_RECEIVED ||
93 	     midEntry->mid_state == MID_RESPONSE_READY) &&
94 	    server->ops->handle_cancelled_mid)
95 		server->ops->handle_cancelled_mid(midEntry, server);
96 
97 	midEntry->mid_state = MID_FREE;
98 	atomic_dec(&mid_count);
99 	if (midEntry->large_buf)
100 		cifs_buf_release(midEntry->resp_buf);
101 	else
102 		cifs_small_buf_release(midEntry->resp_buf);
103 #ifdef CONFIG_CIFS_STATS2
104 	now = jiffies;
105 	if (now < midEntry->when_alloc)
106 		cifs_server_dbg(VFS, "Invalid mid allocation time\n");
107 	roundtrip_time = now - midEntry->when_alloc;
108 
109 	if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) {
110 		if (atomic_read(&server->num_cmds[smb_cmd]) == 0) {
111 			server->slowest_cmd[smb_cmd] = roundtrip_time;
112 			server->fastest_cmd[smb_cmd] = roundtrip_time;
113 		} else {
114 			if (server->slowest_cmd[smb_cmd] < roundtrip_time)
115 				server->slowest_cmd[smb_cmd] = roundtrip_time;
116 			else if (server->fastest_cmd[smb_cmd] > roundtrip_time)
117 				server->fastest_cmd[smb_cmd] = roundtrip_time;
118 		}
119 		cifs_stats_inc(&server->num_cmds[smb_cmd]);
120 		server->time_per_cmd[smb_cmd] += roundtrip_time;
121 	}
122 	/*
123 	 * commands taking longer than one second (default) can be indications
124 	 * that something is wrong, unless it is quite a slow link or a very
125 	 * busy server. Note that this calc is unlikely or impossible to wrap
126 	 * as long as slow_rsp_threshold is not set way above recommended max
127 	 * value (32767 ie 9 hours) and is generally harmless even if wrong
128 	 * since only affects debug counters - so leaving the calc as simple
129 	 * comparison rather than doing multiple conversions and overflow
130 	 * checks
131 	 */
132 	if ((slow_rsp_threshold != 0) &&
133 	    time_after(now, midEntry->when_alloc + (slow_rsp_threshold * HZ)) &&
134 	    (midEntry->command != command)) {
135 		/*
136 		 * smb2slowcmd[NUMBER_OF_SMB2_COMMANDS] counts by command
137 		 * NB: le16_to_cpu returns unsigned so can not be negative below
138 		 */
139 		if (smb_cmd < NUMBER_OF_SMB2_COMMANDS)
140 			cifs_stats_inc(&server->smb2slowcmd[smb_cmd]);
141 
142 		trace_smb3_slow_rsp(smb_cmd, midEntry->mid, midEntry->pid,
143 			       midEntry->when_sent, midEntry->when_received);
144 		if (cifsFYI & CIFS_TIMER) {
145 			pr_debug("slow rsp: cmd %d mid %llu",
146 				 midEntry->command, midEntry->mid);
147 			cifs_info("A: 0x%lx S: 0x%lx R: 0x%lx\n",
148 				  now - midEntry->when_alloc,
149 				  now - midEntry->when_sent,
150 				  now - midEntry->when_received);
151 		}
152 	}
153 #endif
154 	put_task_struct(midEntry->creator);
155 
156 	mempool_free(midEntry, cifs_mid_poolp);
157 }
158 
release_mid(struct mid_q_entry * mid)159 void release_mid(struct mid_q_entry *mid)
160 {
161 	struct TCP_Server_Info *server = mid->server;
162 
163 	spin_lock(&server->mid_lock);
164 	kref_put(&mid->refcount, __release_mid);
165 	spin_unlock(&server->mid_lock);
166 }
167 
168 void
delete_mid(struct mid_q_entry * mid)169 delete_mid(struct mid_q_entry *mid)
170 {
171 	spin_lock(&mid->server->mid_lock);
172 	if (!(mid->mid_flags & MID_DELETED)) {
173 		list_del_init(&mid->qhead);
174 		mid->mid_flags |= MID_DELETED;
175 	}
176 	spin_unlock(&mid->server->mid_lock);
177 
178 	release_mid(mid);
179 }
180 
181 /*
182  * smb_send_kvec - send an array of kvecs to the server
183  * @server:	Server to send the data to
184  * @smb_msg:	Message to send
185  * @sent:	amount of data sent on socket is stored here
186  *
187  * Our basic "send data to server" function. Should be called with srv_mutex
188  * held. The caller is responsible for handling the results.
189  */
190 static int
smb_send_kvec(struct TCP_Server_Info * server,struct msghdr * smb_msg,size_t * sent)191 smb_send_kvec(struct TCP_Server_Info *server, struct msghdr *smb_msg,
192 	      size_t *sent)
193 {
194 	int rc = 0;
195 	int retries = 0;
196 	struct socket *ssocket = server->ssocket;
197 
198 	*sent = 0;
199 
200 	if (server->noblocksnd)
201 		smb_msg->msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL;
202 	else
203 		smb_msg->msg_flags = MSG_NOSIGNAL;
204 
205 	while (msg_data_left(smb_msg)) {
206 		/*
207 		 * If blocking send, we try 3 times, since each can block
208 		 * for 5 seconds. For nonblocking  we have to try more
209 		 * but wait increasing amounts of time allowing time for
210 		 * socket to clear.  The overall time we wait in either
211 		 * case to send on the socket is about 15 seconds.
212 		 * Similarly we wait for 15 seconds for a response from
213 		 * the server in SendReceive[2] for the server to send
214 		 * a response back for most types of requests (except
215 		 * SMB Write past end of file which can be slow, and
216 		 * blocking lock operations). NFS waits slightly longer
217 		 * than CIFS, but this can make it take longer for
218 		 * nonresponsive servers to be detected and 15 seconds
219 		 * is more than enough time for modern networks to
220 		 * send a packet.  In most cases if we fail to send
221 		 * after the retries we will kill the socket and
222 		 * reconnect which may clear the network problem.
223 		 */
224 		rc = sock_sendmsg(ssocket, smb_msg);
225 		if (rc == -EAGAIN) {
226 			retries++;
227 			if (retries >= 14 ||
228 			    (!server->noblocksnd && (retries > 2))) {
229 				cifs_server_dbg(VFS, "sends on sock %p stuck for 15 seconds\n",
230 					 ssocket);
231 				return -EAGAIN;
232 			}
233 			msleep(1 << retries);
234 			continue;
235 		}
236 
237 		if (rc < 0)
238 			return rc;
239 
240 		if (rc == 0) {
241 			/* should never happen, letting socket clear before
242 			   retrying is our only obvious option here */
243 			cifs_server_dbg(VFS, "tcp sent no data\n");
244 			msleep(500);
245 			continue;
246 		}
247 
248 		/* send was at least partially successful */
249 		*sent += rc;
250 		retries = 0; /* in case we get ENOSPC on the next send */
251 	}
252 	return 0;
253 }
254 
255 unsigned long
smb_rqst_len(struct TCP_Server_Info * server,struct smb_rqst * rqst)256 smb_rqst_len(struct TCP_Server_Info *server, struct smb_rqst *rqst)
257 {
258 	unsigned int i;
259 	struct kvec *iov;
260 	int nvec;
261 	unsigned long buflen = 0;
262 
263 	if (!is_smb1(server) && rqst->rq_nvec >= 2 &&
264 	    rqst->rq_iov[0].iov_len == 4) {
265 		iov = &rqst->rq_iov[1];
266 		nvec = rqst->rq_nvec - 1;
267 	} else {
268 		iov = rqst->rq_iov;
269 		nvec = rqst->rq_nvec;
270 	}
271 
272 	/* total up iov array first */
273 	for (i = 0; i < nvec; i++)
274 		buflen += iov[i].iov_len;
275 
276 	buflen += iov_iter_count(&rqst->rq_iter);
277 	return buflen;
278 }
279 
280 static int
__smb_send_rqst(struct TCP_Server_Info * server,int num_rqst,struct smb_rqst * rqst)281 __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
282 		struct smb_rqst *rqst)
283 {
284 	int rc;
285 	struct kvec *iov;
286 	int n_vec;
287 	unsigned int send_length = 0;
288 	unsigned int i, j;
289 	sigset_t mask, oldmask;
290 	size_t total_len = 0, sent, size;
291 	struct socket *ssocket = server->ssocket;
292 	struct msghdr smb_msg = {};
293 	__be32 rfc1002_marker;
294 
295 	cifs_in_send_inc(server);
296 	if (cifs_rdma_enabled(server)) {
297 		/* return -EAGAIN when connecting or reconnecting */
298 		rc = -EAGAIN;
299 		if (server->smbd_conn)
300 			rc = smbd_send(server, num_rqst, rqst);
301 		goto smbd_done;
302 	}
303 
304 	rc = -EAGAIN;
305 	if (ssocket == NULL)
306 		goto out;
307 
308 	rc = -ERESTARTSYS;
309 	if (fatal_signal_pending(current)) {
310 		cifs_dbg(FYI, "signal pending before send request\n");
311 		goto out;
312 	}
313 
314 	rc = 0;
315 	/* cork the socket */
316 	tcp_sock_set_cork(ssocket->sk, true);
317 
318 	for (j = 0; j < num_rqst; j++)
319 		send_length += smb_rqst_len(server, &rqst[j]);
320 	rfc1002_marker = cpu_to_be32(send_length);
321 
322 	/*
323 	 * We should not allow signals to interrupt the network send because
324 	 * any partial send will cause session reconnects thus increasing
325 	 * latency of system calls and overload a server with unnecessary
326 	 * requests.
327 	 */
328 
329 	sigfillset(&mask);
330 	sigprocmask(SIG_BLOCK, &mask, &oldmask);
331 
332 	/* Generate a rfc1002 marker for SMB2+ */
333 	if (!is_smb1(server)) {
334 		struct kvec hiov = {
335 			.iov_base = &rfc1002_marker,
336 			.iov_len  = 4
337 		};
338 		iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, &hiov, 1, 4);
339 		rc = smb_send_kvec(server, &smb_msg, &sent);
340 		if (rc < 0)
341 			goto unmask;
342 
343 		total_len += sent;
344 		send_length += 4;
345 	}
346 
347 	cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length);
348 
349 	for (j = 0; j < num_rqst; j++) {
350 		iov = rqst[j].rq_iov;
351 		n_vec = rqst[j].rq_nvec;
352 
353 		size = 0;
354 		for (i = 0; i < n_vec; i++) {
355 			dump_smb(iov[i].iov_base, iov[i].iov_len);
356 			size += iov[i].iov_len;
357 		}
358 
359 		iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, iov, n_vec, size);
360 
361 		rc = smb_send_kvec(server, &smb_msg, &sent);
362 		if (rc < 0)
363 			goto unmask;
364 
365 		total_len += sent;
366 
367 		if (iov_iter_count(&rqst[j].rq_iter) > 0) {
368 			smb_msg.msg_iter = rqst[j].rq_iter;
369 			rc = smb_send_kvec(server, &smb_msg, &sent);
370 			if (rc < 0)
371 				break;
372 			total_len += sent;
373 		}
374 
375 }
376 
377 unmask:
378 	sigprocmask(SIG_SETMASK, &oldmask, NULL);
379 
380 	/*
381 	 * If signal is pending but we have already sent the whole packet to
382 	 * the server we need to return success status to allow a corresponding
383 	 * mid entry to be kept in the pending requests queue thus allowing
384 	 * to handle responses from the server by the client.
385 	 *
386 	 * If only part of the packet has been sent there is no need to hide
387 	 * interrupt because the session will be reconnected anyway, so there
388 	 * won't be any response from the server to handle.
389 	 */
390 
391 	if (signal_pending(current) && (total_len != send_length)) {
392 		cifs_dbg(FYI, "signal is pending after attempt to send\n");
393 		rc = -ERESTARTSYS;
394 	}
395 
396 	/* uncork it */
397 	tcp_sock_set_cork(ssocket->sk, false);
398 
399 	if ((total_len > 0) && (total_len != send_length)) {
400 		cifs_dbg(FYI, "partial send (wanted=%u sent=%zu): terminating session\n",
401 			 send_length, total_len);
402 		/*
403 		 * If we have only sent part of an SMB then the next SMB could
404 		 * be taken as the remainder of this one. We need to kill the
405 		 * socket so the server throws away the partial SMB
406 		 */
407 		cifs_signal_cifsd_for_reconnect(server, false);
408 		trace_smb3_partial_send_reconnect(server->CurrentMid,
409 						  server->conn_id, server->hostname);
410 	}
411 smbd_done:
412 	if (rc < 0 && rc != -EINTR)
413 		cifs_server_dbg(VFS, "Error %d sending data on socket to server\n",
414 			 rc);
415 	else if (rc > 0)
416 		rc = 0;
417 out:
418 	cifs_in_send_dec(server);
419 	return rc;
420 }
421 
422 struct send_req_vars {
423 	struct smb2_transform_hdr tr_hdr;
424 	struct smb_rqst rqst[MAX_COMPOUND];
425 	struct kvec iov;
426 };
427 
428 static int
smb_send_rqst(struct TCP_Server_Info * server,int num_rqst,struct smb_rqst * rqst,int flags)429 smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
430 	      struct smb_rqst *rqst, int flags)
431 {
432 	struct send_req_vars *vars;
433 	struct smb_rqst *cur_rqst;
434 	struct kvec *iov;
435 	int rc;
436 
437 	if (!(flags & CIFS_TRANSFORM_REQ))
438 		return __smb_send_rqst(server, num_rqst, rqst);
439 
440 	if (num_rqst > MAX_COMPOUND - 1)
441 		return -ENOMEM;
442 
443 	if (!server->ops->init_transform_rq) {
444 		cifs_server_dbg(VFS, "Encryption requested but transform callback is missing\n");
445 		return -EIO;
446 	}
447 
448 	vars = kzalloc(sizeof(*vars), GFP_NOFS);
449 	if (!vars)
450 		return -ENOMEM;
451 	cur_rqst = vars->rqst;
452 	iov = &vars->iov;
453 
454 	iov->iov_base = &vars->tr_hdr;
455 	iov->iov_len = sizeof(vars->tr_hdr);
456 	cur_rqst[0].rq_iov = iov;
457 	cur_rqst[0].rq_nvec = 1;
458 
459 	rc = server->ops->init_transform_rq(server, num_rqst + 1,
460 					    &cur_rqst[0], rqst);
461 	if (rc)
462 		goto out;
463 
464 	rc = __smb_send_rqst(server, num_rqst + 1, &cur_rqst[0]);
465 	smb3_free_compound_rqst(num_rqst, &cur_rqst[1]);
466 out:
467 	kfree(vars);
468 	return rc;
469 }
470 
471 int
smb_send(struct TCP_Server_Info * server,struct smb_hdr * smb_buffer,unsigned int smb_buf_length)472 smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer,
473 	 unsigned int smb_buf_length)
474 {
475 	struct kvec iov[2];
476 	struct smb_rqst rqst = { .rq_iov = iov,
477 				 .rq_nvec = 2 };
478 
479 	iov[0].iov_base = smb_buffer;
480 	iov[0].iov_len = 4;
481 	iov[1].iov_base = (char *)smb_buffer + 4;
482 	iov[1].iov_len = smb_buf_length;
483 
484 	return __smb_send_rqst(server, 1, &rqst);
485 }
486 
487 static int
wait_for_free_credits(struct TCP_Server_Info * server,const int num_credits,const int timeout,const int flags,unsigned int * instance)488 wait_for_free_credits(struct TCP_Server_Info *server, const int num_credits,
489 		      const int timeout, const int flags,
490 		      unsigned int *instance)
491 {
492 	long rc;
493 	int *credits;
494 	int optype;
495 	long int t;
496 	int scredits, in_flight;
497 
498 	if (timeout < 0)
499 		t = MAX_JIFFY_OFFSET;
500 	else
501 		t = msecs_to_jiffies(timeout);
502 
503 	optype = flags & CIFS_OP_MASK;
504 
505 	*instance = 0;
506 
507 	credits = server->ops->get_credits_field(server, optype);
508 	/* Since an echo is already inflight, no need to wait to send another */
509 	if (*credits <= 0 && optype == CIFS_ECHO_OP)
510 		return -EAGAIN;
511 
512 	spin_lock(&server->req_lock);
513 	if ((flags & CIFS_TIMEOUT_MASK) == CIFS_NON_BLOCKING) {
514 		/* oplock breaks must not be held up */
515 		server->in_flight++;
516 		if (server->in_flight > server->max_in_flight)
517 			server->max_in_flight = server->in_flight;
518 		*credits -= 1;
519 		*instance = server->reconnect_instance;
520 		scredits = *credits;
521 		in_flight = server->in_flight;
522 		spin_unlock(&server->req_lock);
523 
524 		trace_smb3_nblk_credits(server->CurrentMid,
525 				server->conn_id, server->hostname, scredits, -1, in_flight);
526 		cifs_dbg(FYI, "%s: remove %u credits total=%d\n",
527 				__func__, 1, scredits);
528 
529 		return 0;
530 	}
531 
532 	while (1) {
533 		spin_unlock(&server->req_lock);
534 
535 		spin_lock(&server->srv_lock);
536 		if (server->tcpStatus == CifsExiting) {
537 			spin_unlock(&server->srv_lock);
538 			return -ENOENT;
539 		}
540 		spin_unlock(&server->srv_lock);
541 
542 		spin_lock(&server->req_lock);
543 		if (*credits < num_credits) {
544 			scredits = *credits;
545 			spin_unlock(&server->req_lock);
546 
547 			cifs_num_waiters_inc(server);
548 			rc = wait_event_killable_timeout(server->request_q,
549 				has_credits(server, credits, num_credits), t);
550 			cifs_num_waiters_dec(server);
551 			if (!rc) {
552 				spin_lock(&server->req_lock);
553 				scredits = *credits;
554 				in_flight = server->in_flight;
555 				spin_unlock(&server->req_lock);
556 
557 				trace_smb3_credit_timeout(server->CurrentMid,
558 						server->conn_id, server->hostname, scredits,
559 						num_credits, in_flight);
560 				cifs_server_dbg(VFS, "wait timed out after %d ms\n",
561 						timeout);
562 				return -EBUSY;
563 			}
564 			if (rc == -ERESTARTSYS)
565 				return -ERESTARTSYS;
566 			spin_lock(&server->req_lock);
567 		} else {
568 			/*
569 			 * For normal commands, reserve the last MAX_COMPOUND
570 			 * credits to compound requests.
571 			 * Otherwise these compounds could be permanently
572 			 * starved for credits by single-credit requests.
573 			 *
574 			 * To prevent spinning CPU, block this thread until
575 			 * there are >MAX_COMPOUND credits available.
576 			 * But only do this is we already have a lot of
577 			 * credits in flight to avoid triggering this check
578 			 * for servers that are slow to hand out credits on
579 			 * new sessions.
580 			 */
581 			if (!optype && num_credits == 1 &&
582 			    server->in_flight > 2 * MAX_COMPOUND &&
583 			    *credits <= MAX_COMPOUND) {
584 				spin_unlock(&server->req_lock);
585 
586 				cifs_num_waiters_inc(server);
587 				rc = wait_event_killable_timeout(
588 					server->request_q,
589 					has_credits(server, credits,
590 						    MAX_COMPOUND + 1),
591 					t);
592 				cifs_num_waiters_dec(server);
593 				if (!rc) {
594 					spin_lock(&server->req_lock);
595 					scredits = *credits;
596 					in_flight = server->in_flight;
597 					spin_unlock(&server->req_lock);
598 
599 					trace_smb3_credit_timeout(
600 							server->CurrentMid,
601 							server->conn_id, server->hostname,
602 							scredits, num_credits, in_flight);
603 					cifs_server_dbg(VFS, "wait timed out after %d ms\n",
604 							timeout);
605 					return -EBUSY;
606 				}
607 				if (rc == -ERESTARTSYS)
608 					return -ERESTARTSYS;
609 				spin_lock(&server->req_lock);
610 				continue;
611 			}
612 
613 			/*
614 			 * Can not count locking commands against total
615 			 * as they are allowed to block on server.
616 			 */
617 
618 			/* update # of requests on the wire to server */
619 			if ((flags & CIFS_TIMEOUT_MASK) != CIFS_BLOCKING_OP) {
620 				*credits -= num_credits;
621 				server->in_flight += num_credits;
622 				if (server->in_flight > server->max_in_flight)
623 					server->max_in_flight = server->in_flight;
624 				*instance = server->reconnect_instance;
625 			}
626 			scredits = *credits;
627 			in_flight = server->in_flight;
628 			spin_unlock(&server->req_lock);
629 
630 			trace_smb3_waitff_credits(server->CurrentMid,
631 					server->conn_id, server->hostname, scredits,
632 					-(num_credits), in_flight);
633 			cifs_dbg(FYI, "%s: remove %u credits total=%d\n",
634 					__func__, num_credits, scredits);
635 			break;
636 		}
637 	}
638 	return 0;
639 }
640 
641 static int
wait_for_free_request(struct TCP_Server_Info * server,const int flags,unsigned int * instance)642 wait_for_free_request(struct TCP_Server_Info *server, const int flags,
643 		      unsigned int *instance)
644 {
645 	return wait_for_free_credits(server, 1, -1, flags,
646 				     instance);
647 }
648 
649 static int
wait_for_compound_request(struct TCP_Server_Info * server,int num,const int flags,unsigned int * instance)650 wait_for_compound_request(struct TCP_Server_Info *server, int num,
651 			  const int flags, unsigned int *instance)
652 {
653 	int *credits;
654 	int scredits, in_flight;
655 
656 	credits = server->ops->get_credits_field(server, flags & CIFS_OP_MASK);
657 
658 	spin_lock(&server->req_lock);
659 	scredits = *credits;
660 	in_flight = server->in_flight;
661 
662 	if (*credits < num) {
663 		/*
664 		 * If the server is tight on resources or just gives us less
665 		 * credits for other reasons (e.g. requests are coming out of
666 		 * order and the server delays granting more credits until it
667 		 * processes a missing mid) and we exhausted most available
668 		 * credits there may be situations when we try to send
669 		 * a compound request but we don't have enough credits. At this
670 		 * point the client needs to decide if it should wait for
671 		 * additional credits or fail the request. If at least one
672 		 * request is in flight there is a high probability that the
673 		 * server will return enough credits to satisfy this compound
674 		 * request.
675 		 *
676 		 * Return immediately if no requests in flight since we will be
677 		 * stuck on waiting for credits.
678 		 */
679 		if (server->in_flight == 0) {
680 			spin_unlock(&server->req_lock);
681 			trace_smb3_insufficient_credits(server->CurrentMid,
682 					server->conn_id, server->hostname, scredits,
683 					num, in_flight);
684 			cifs_dbg(FYI, "%s: %d requests in flight, needed %d total=%d\n",
685 					__func__, in_flight, num, scredits);
686 			return -EDEADLK;
687 		}
688 	}
689 	spin_unlock(&server->req_lock);
690 
691 	return wait_for_free_credits(server, num, 60000, flags,
692 				     instance);
693 }
694 
695 int
cifs_wait_mtu_credits(struct TCP_Server_Info * server,unsigned int size,unsigned int * num,struct cifs_credits * credits)696 cifs_wait_mtu_credits(struct TCP_Server_Info *server, unsigned int size,
697 		      unsigned int *num, struct cifs_credits *credits)
698 {
699 	*num = size;
700 	credits->value = 0;
701 	credits->instance = server->reconnect_instance;
702 	return 0;
703 }
704 
allocate_mid(struct cifs_ses * ses,struct smb_hdr * in_buf,struct mid_q_entry ** ppmidQ)705 static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf,
706 			struct mid_q_entry **ppmidQ)
707 {
708 	spin_lock(&ses->ses_lock);
709 	if (ses->ses_status == SES_NEW) {
710 		if ((in_buf->Command != SMB_COM_SESSION_SETUP_ANDX) &&
711 			(in_buf->Command != SMB_COM_NEGOTIATE)) {
712 			spin_unlock(&ses->ses_lock);
713 			return -EAGAIN;
714 		}
715 		/* else ok - we are setting up session */
716 	}
717 
718 	if (ses->ses_status == SES_EXITING) {
719 		/* check if SMB session is bad because we are setting it up */
720 		if (in_buf->Command != SMB_COM_LOGOFF_ANDX) {
721 			spin_unlock(&ses->ses_lock);
722 			return -EAGAIN;
723 		}
724 		/* else ok - we are shutting down session */
725 	}
726 	spin_unlock(&ses->ses_lock);
727 
728 	*ppmidQ = alloc_mid(in_buf, ses->server);
729 	if (*ppmidQ == NULL)
730 		return -ENOMEM;
731 	spin_lock(&ses->server->mid_lock);
732 	list_add_tail(&(*ppmidQ)->qhead, &ses->server->pending_mid_q);
733 	spin_unlock(&ses->server->mid_lock);
734 	return 0;
735 }
736 
737 static int
wait_for_response(struct TCP_Server_Info * server,struct mid_q_entry * midQ)738 wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ)
739 {
740 	int error;
741 
742 	error = wait_event_state(server->response_q,
743 				 midQ->mid_state != MID_REQUEST_SUBMITTED &&
744 				 midQ->mid_state != MID_RESPONSE_RECEIVED,
745 				 (TASK_KILLABLE|TASK_FREEZABLE_UNSAFE));
746 	if (error < 0)
747 		return -ERESTARTSYS;
748 
749 	return 0;
750 }
751 
752 struct mid_q_entry *
cifs_setup_async_request(struct TCP_Server_Info * server,struct smb_rqst * rqst)753 cifs_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
754 {
755 	int rc;
756 	struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
757 	struct mid_q_entry *mid;
758 
759 	if (rqst->rq_iov[0].iov_len != 4 ||
760 	    rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
761 		return ERR_PTR(-EIO);
762 
763 	/* enable signing if server requires it */
764 	if (server->sign)
765 		hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
766 
767 	mid = alloc_mid(hdr, server);
768 	if (mid == NULL)
769 		return ERR_PTR(-ENOMEM);
770 
771 	rc = cifs_sign_rqst(rqst, server, &mid->sequence_number);
772 	if (rc) {
773 		release_mid(mid);
774 		return ERR_PTR(rc);
775 	}
776 
777 	return mid;
778 }
779 
780 /*
781  * Send a SMB request and set the callback function in the mid to handle
782  * the result. Caller is responsible for dealing with timeouts.
783  */
784 int
cifs_call_async(struct TCP_Server_Info * server,struct smb_rqst * rqst,mid_receive_t * receive,mid_callback_t * callback,mid_handle_t * handle,void * cbdata,const int flags,const struct cifs_credits * exist_credits)785 cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst,
786 		mid_receive_t *receive, mid_callback_t *callback,
787 		mid_handle_t *handle, void *cbdata, const int flags,
788 		const struct cifs_credits *exist_credits)
789 {
790 	int rc;
791 	struct mid_q_entry *mid;
792 	struct cifs_credits credits = { .value = 0, .instance = 0 };
793 	unsigned int instance;
794 	int optype;
795 
796 	optype = flags & CIFS_OP_MASK;
797 
798 	if ((flags & CIFS_HAS_CREDITS) == 0) {
799 		rc = wait_for_free_request(server, flags, &instance);
800 		if (rc)
801 			return rc;
802 		credits.value = 1;
803 		credits.instance = instance;
804 	} else
805 		instance = exist_credits->instance;
806 
807 	cifs_server_lock(server);
808 
809 	/*
810 	 * We can't use credits obtained from the previous session to send this
811 	 * request. Check if there were reconnects after we obtained credits and
812 	 * return -EAGAIN in such cases to let callers handle it.
813 	 */
814 	if (instance != server->reconnect_instance) {
815 		cifs_server_unlock(server);
816 		add_credits_and_wake_if(server, &credits, optype);
817 		return -EAGAIN;
818 	}
819 
820 	mid = server->ops->setup_async_request(server, rqst);
821 	if (IS_ERR(mid)) {
822 		cifs_server_unlock(server);
823 		add_credits_and_wake_if(server, &credits, optype);
824 		return PTR_ERR(mid);
825 	}
826 
827 	mid->receive = receive;
828 	mid->callback = callback;
829 	mid->callback_data = cbdata;
830 	mid->handle = handle;
831 	mid->mid_state = MID_REQUEST_SUBMITTED;
832 
833 	/* put it on the pending_mid_q */
834 	spin_lock(&server->mid_lock);
835 	list_add_tail(&mid->qhead, &server->pending_mid_q);
836 	spin_unlock(&server->mid_lock);
837 
838 	/*
839 	 * Need to store the time in mid before calling I/O. For call_async,
840 	 * I/O response may come back and free the mid entry on another thread.
841 	 */
842 	cifs_save_when_sent(mid);
843 	rc = smb_send_rqst(server, 1, rqst, flags);
844 
845 	if (rc < 0) {
846 		revert_current_mid(server, mid->credits);
847 		server->sequence_number -= 2;
848 		delete_mid(mid);
849 	}
850 
851 	cifs_server_unlock(server);
852 
853 	if (rc == 0)
854 		return 0;
855 
856 	add_credits_and_wake_if(server, &credits, optype);
857 	return rc;
858 }
859 
860 /*
861  *
862  * Send an SMB Request.  No response info (other than return code)
863  * needs to be parsed.
864  *
865  * flags indicate the type of request buffer and how long to wait
866  * and whether to log NT STATUS code (error) before mapping it to POSIX error
867  *
868  */
869 int
SendReceiveNoRsp(const unsigned int xid,struct cifs_ses * ses,char * in_buf,int flags)870 SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses,
871 		 char *in_buf, int flags)
872 {
873 	int rc;
874 	struct kvec iov[1];
875 	struct kvec rsp_iov;
876 	int resp_buf_type;
877 
878 	iov[0].iov_base = in_buf;
879 	iov[0].iov_len = get_rfc1002_length(in_buf) + 4;
880 	flags |= CIFS_NO_RSP_BUF;
881 	rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags, &rsp_iov);
882 	cifs_dbg(NOISY, "SendRcvNoRsp flags %d rc %d\n", flags, rc);
883 
884 	return rc;
885 }
886 
887 static int
cifs_sync_mid_result(struct mid_q_entry * mid,struct TCP_Server_Info * server)888 cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server)
889 {
890 	int rc = 0;
891 
892 	cifs_dbg(FYI, "%s: cmd=%d mid=%llu state=%d\n",
893 		 __func__, le16_to_cpu(mid->command), mid->mid, mid->mid_state);
894 
895 	spin_lock(&server->mid_lock);
896 	switch (mid->mid_state) {
897 	case MID_RESPONSE_READY:
898 		spin_unlock(&server->mid_lock);
899 		return rc;
900 	case MID_RETRY_NEEDED:
901 		rc = -EAGAIN;
902 		break;
903 	case MID_RESPONSE_MALFORMED:
904 		rc = -EIO;
905 		break;
906 	case MID_SHUTDOWN:
907 		rc = -EHOSTDOWN;
908 		break;
909 	default:
910 		if (!(mid->mid_flags & MID_DELETED)) {
911 			list_del_init(&mid->qhead);
912 			mid->mid_flags |= MID_DELETED;
913 		}
914 		cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n",
915 			 __func__, mid->mid, mid->mid_state);
916 		rc = -EIO;
917 	}
918 	spin_unlock(&server->mid_lock);
919 
920 	release_mid(mid);
921 	return rc;
922 }
923 
924 static inline int
send_cancel(struct TCP_Server_Info * server,struct smb_rqst * rqst,struct mid_q_entry * mid)925 send_cancel(struct TCP_Server_Info *server, struct smb_rqst *rqst,
926 	    struct mid_q_entry *mid)
927 {
928 	return server->ops->send_cancel ?
929 				server->ops->send_cancel(server, rqst, mid) : 0;
930 }
931 
932 int
cifs_check_receive(struct mid_q_entry * mid,struct TCP_Server_Info * server,bool log_error)933 cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
934 		   bool log_error)
935 {
936 	unsigned int len = get_rfc1002_length(mid->resp_buf) + 4;
937 
938 	dump_smb(mid->resp_buf, min_t(u32, 92, len));
939 
940 	/* convert the length into a more usable form */
941 	if (server->sign) {
942 		struct kvec iov[2];
943 		int rc = 0;
944 		struct smb_rqst rqst = { .rq_iov = iov,
945 					 .rq_nvec = 2 };
946 
947 		iov[0].iov_base = mid->resp_buf;
948 		iov[0].iov_len = 4;
949 		iov[1].iov_base = (char *)mid->resp_buf + 4;
950 		iov[1].iov_len = len - 4;
951 		/* FIXME: add code to kill session */
952 		rc = cifs_verify_signature(&rqst, server,
953 					   mid->sequence_number);
954 		if (rc)
955 			cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n",
956 				 rc);
957 	}
958 
959 	/* BB special case reconnect tid and uid here? */
960 	return map_and_check_smb_error(mid, log_error);
961 }
962 
963 struct mid_q_entry *
cifs_setup_request(struct cifs_ses * ses,struct TCP_Server_Info * ignored,struct smb_rqst * rqst)964 cifs_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *ignored,
965 		   struct smb_rqst *rqst)
966 {
967 	int rc;
968 	struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
969 	struct mid_q_entry *mid;
970 
971 	if (rqst->rq_iov[0].iov_len != 4 ||
972 	    rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
973 		return ERR_PTR(-EIO);
974 
975 	rc = allocate_mid(ses, hdr, &mid);
976 	if (rc)
977 		return ERR_PTR(rc);
978 	rc = cifs_sign_rqst(rqst, ses->server, &mid->sequence_number);
979 	if (rc) {
980 		delete_mid(mid);
981 		return ERR_PTR(rc);
982 	}
983 	return mid;
984 }
985 
986 static void
cifs_compound_callback(struct mid_q_entry * mid)987 cifs_compound_callback(struct mid_q_entry *mid)
988 {
989 	struct TCP_Server_Info *server = mid->server;
990 	struct cifs_credits credits;
991 
992 	credits.value = server->ops->get_credits(mid);
993 	credits.instance = server->reconnect_instance;
994 
995 	add_credits(server, &credits, mid->optype);
996 
997 	if (mid->mid_state == MID_RESPONSE_RECEIVED)
998 		mid->mid_state = MID_RESPONSE_READY;
999 }
1000 
1001 static void
cifs_compound_last_callback(struct mid_q_entry * mid)1002 cifs_compound_last_callback(struct mid_q_entry *mid)
1003 {
1004 	cifs_compound_callback(mid);
1005 	cifs_wake_up_task(mid);
1006 }
1007 
1008 static void
cifs_cancelled_callback(struct mid_q_entry * mid)1009 cifs_cancelled_callback(struct mid_q_entry *mid)
1010 {
1011 	cifs_compound_callback(mid);
1012 	release_mid(mid);
1013 }
1014 
1015 /*
1016  * Return a channel (master if none) of @ses that can be used to send
1017  * regular requests.
1018  *
1019  * If we are currently binding a new channel (negprot/sess.setup),
1020  * return the new incomplete channel.
1021  */
cifs_pick_channel(struct cifs_ses * ses)1022 struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses)
1023 {
1024 	uint index = 0;
1025 	unsigned int min_in_flight = UINT_MAX, max_in_flight = 0;
1026 	struct TCP_Server_Info *server = NULL;
1027 	int i;
1028 
1029 	if (!ses)
1030 		return NULL;
1031 
1032 	spin_lock(&ses->chan_lock);
1033 	for (i = 0; i < ses->chan_count; i++) {
1034 		server = ses->chans[i].server;
1035 		if (!server)
1036 			continue;
1037 
1038 		/*
1039 		 * strictly speaking, we should pick up req_lock to read
1040 		 * server->in_flight. But it shouldn't matter much here if we
1041 		 * race while reading this data. The worst that can happen is
1042 		 * that we could use a channel that's not least loaded. Avoiding
1043 		 * taking the lock could help reduce wait time, which is
1044 		 * important for this function
1045 		 */
1046 		if (server->in_flight < min_in_flight) {
1047 			min_in_flight = server->in_flight;
1048 			index = i;
1049 		}
1050 		if (server->in_flight > max_in_flight)
1051 			max_in_flight = server->in_flight;
1052 	}
1053 
1054 	/* if all channels are equally loaded, fall back to round-robin */
1055 	if (min_in_flight == max_in_flight) {
1056 		index = (uint)atomic_inc_return(&ses->chan_seq);
1057 		index %= ses->chan_count;
1058 	}
1059 	spin_unlock(&ses->chan_lock);
1060 
1061 	return ses->chans[index].server;
1062 }
1063 
1064 int
compound_send_recv(const unsigned int xid,struct cifs_ses * ses,struct TCP_Server_Info * server,const int flags,const int num_rqst,struct smb_rqst * rqst,int * resp_buf_type,struct kvec * resp_iov)1065 compound_send_recv(const unsigned int xid, struct cifs_ses *ses,
1066 		   struct TCP_Server_Info *server,
1067 		   const int flags, const int num_rqst, struct smb_rqst *rqst,
1068 		   int *resp_buf_type, struct kvec *resp_iov)
1069 {
1070 	int i, j, optype, rc = 0;
1071 	struct mid_q_entry *midQ[MAX_COMPOUND];
1072 	bool cancelled_mid[MAX_COMPOUND] = {false};
1073 	struct cifs_credits credits[MAX_COMPOUND] = {
1074 		{ .value = 0, .instance = 0 }
1075 	};
1076 	unsigned int instance;
1077 	char *buf;
1078 
1079 	optype = flags & CIFS_OP_MASK;
1080 
1081 	for (i = 0; i < num_rqst; i++)
1082 		resp_buf_type[i] = CIFS_NO_BUFFER;  /* no response buf yet */
1083 
1084 	if (!ses || !ses->server || !server) {
1085 		cifs_dbg(VFS, "Null session\n");
1086 		return -EIO;
1087 	}
1088 
1089 	spin_lock(&server->srv_lock);
1090 	if (server->tcpStatus == CifsExiting) {
1091 		spin_unlock(&server->srv_lock);
1092 		return -ENOENT;
1093 	}
1094 	spin_unlock(&server->srv_lock);
1095 
1096 	/*
1097 	 * Wait for all the requests to become available.
1098 	 * This approach still leaves the possibility to be stuck waiting for
1099 	 * credits if the server doesn't grant credits to the outstanding
1100 	 * requests and if the client is completely idle, not generating any
1101 	 * other requests.
1102 	 * This can be handled by the eventual session reconnect.
1103 	 */
1104 	rc = wait_for_compound_request(server, num_rqst, flags,
1105 				       &instance);
1106 	if (rc)
1107 		return rc;
1108 
1109 	for (i = 0; i < num_rqst; i++) {
1110 		credits[i].value = 1;
1111 		credits[i].instance = instance;
1112 	}
1113 
1114 	/*
1115 	 * Make sure that we sign in the same order that we send on this socket
1116 	 * and avoid races inside tcp sendmsg code that could cause corruption
1117 	 * of smb data.
1118 	 */
1119 
1120 	cifs_server_lock(server);
1121 
1122 	/*
1123 	 * All the parts of the compound chain belong obtained credits from the
1124 	 * same session. We can not use credits obtained from the previous
1125 	 * session to send this request. Check if there were reconnects after
1126 	 * we obtained credits and return -EAGAIN in such cases to let callers
1127 	 * handle it.
1128 	 */
1129 	if (instance != server->reconnect_instance) {
1130 		cifs_server_unlock(server);
1131 		for (j = 0; j < num_rqst; j++)
1132 			add_credits(server, &credits[j], optype);
1133 		return -EAGAIN;
1134 	}
1135 
1136 	for (i = 0; i < num_rqst; i++) {
1137 		midQ[i] = server->ops->setup_request(ses, server, &rqst[i]);
1138 		if (IS_ERR(midQ[i])) {
1139 			revert_current_mid(server, i);
1140 			for (j = 0; j < i; j++)
1141 				delete_mid(midQ[j]);
1142 			cifs_server_unlock(server);
1143 
1144 			/* Update # of requests on wire to server */
1145 			for (j = 0; j < num_rqst; j++)
1146 				add_credits(server, &credits[j], optype);
1147 			return PTR_ERR(midQ[i]);
1148 		}
1149 
1150 		midQ[i]->mid_state = MID_REQUEST_SUBMITTED;
1151 		midQ[i]->optype = optype;
1152 		/*
1153 		 * Invoke callback for every part of the compound chain
1154 		 * to calculate credits properly. Wake up this thread only when
1155 		 * the last element is received.
1156 		 */
1157 		if (i < num_rqst - 1)
1158 			midQ[i]->callback = cifs_compound_callback;
1159 		else
1160 			midQ[i]->callback = cifs_compound_last_callback;
1161 	}
1162 	rc = smb_send_rqst(server, num_rqst, rqst, flags);
1163 
1164 	for (i = 0; i < num_rqst; i++)
1165 		cifs_save_when_sent(midQ[i]);
1166 
1167 	if (rc < 0) {
1168 		revert_current_mid(server, num_rqst);
1169 		server->sequence_number -= 2;
1170 	}
1171 
1172 	cifs_server_unlock(server);
1173 
1174 	/*
1175 	 * If sending failed for some reason or it is an oplock break that we
1176 	 * will not receive a response to - return credits back
1177 	 */
1178 	if (rc < 0 || (flags & CIFS_NO_SRV_RSP)) {
1179 		for (i = 0; i < num_rqst; i++)
1180 			add_credits(server, &credits[i], optype);
1181 		goto out;
1182 	}
1183 
1184 	/*
1185 	 * At this point the request is passed to the network stack - we assume
1186 	 * that any credits taken from the server structure on the client have
1187 	 * been spent and we can't return them back. Once we receive responses
1188 	 * we will collect credits granted by the server in the mid callbacks
1189 	 * and add those credits to the server structure.
1190 	 */
1191 
1192 	/*
1193 	 * Compounding is never used during session establish.
1194 	 */
1195 	spin_lock(&ses->ses_lock);
1196 	if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) {
1197 		spin_unlock(&ses->ses_lock);
1198 
1199 		cifs_server_lock(server);
1200 		smb311_update_preauth_hash(ses, server, rqst[0].rq_iov, rqst[0].rq_nvec);
1201 		cifs_server_unlock(server);
1202 
1203 		spin_lock(&ses->ses_lock);
1204 	}
1205 	spin_unlock(&ses->ses_lock);
1206 
1207 	for (i = 0; i < num_rqst; i++) {
1208 		rc = wait_for_response(server, midQ[i]);
1209 		if (rc != 0)
1210 			break;
1211 	}
1212 	if (rc != 0) {
1213 		for (; i < num_rqst; i++) {
1214 			cifs_server_dbg(FYI, "Cancelling wait for mid %llu cmd: %d\n",
1215 				 midQ[i]->mid, le16_to_cpu(midQ[i]->command));
1216 			send_cancel(server, &rqst[i], midQ[i]);
1217 			spin_lock(&server->mid_lock);
1218 			midQ[i]->mid_flags |= MID_WAIT_CANCELLED;
1219 			if (midQ[i]->mid_state == MID_REQUEST_SUBMITTED ||
1220 			    midQ[i]->mid_state == MID_RESPONSE_RECEIVED) {
1221 				midQ[i]->callback = cifs_cancelled_callback;
1222 				cancelled_mid[i] = true;
1223 				credits[i].value = 0;
1224 			}
1225 			spin_unlock(&server->mid_lock);
1226 		}
1227 	}
1228 
1229 	for (i = 0; i < num_rqst; i++) {
1230 		if (rc < 0)
1231 			goto out;
1232 
1233 		rc = cifs_sync_mid_result(midQ[i], server);
1234 		if (rc != 0) {
1235 			/* mark this mid as cancelled to not free it below */
1236 			cancelled_mid[i] = true;
1237 			goto out;
1238 		}
1239 
1240 		if (!midQ[i]->resp_buf ||
1241 		    midQ[i]->mid_state != MID_RESPONSE_READY) {
1242 			rc = -EIO;
1243 			cifs_dbg(FYI, "Bad MID state?\n");
1244 			goto out;
1245 		}
1246 
1247 		buf = (char *)midQ[i]->resp_buf;
1248 		resp_iov[i].iov_base = buf;
1249 		resp_iov[i].iov_len = midQ[i]->resp_buf_size +
1250 			HEADER_PREAMBLE_SIZE(server);
1251 
1252 		if (midQ[i]->large_buf)
1253 			resp_buf_type[i] = CIFS_LARGE_BUFFER;
1254 		else
1255 			resp_buf_type[i] = CIFS_SMALL_BUFFER;
1256 
1257 		rc = server->ops->check_receive(midQ[i], server,
1258 						     flags & CIFS_LOG_ERROR);
1259 
1260 		/* mark it so buf will not be freed by delete_mid */
1261 		if ((flags & CIFS_NO_RSP_BUF) == 0)
1262 			midQ[i]->resp_buf = NULL;
1263 
1264 	}
1265 
1266 	/*
1267 	 * Compounding is never used during session establish.
1268 	 */
1269 	spin_lock(&ses->ses_lock);
1270 	if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) {
1271 		struct kvec iov = {
1272 			.iov_base = resp_iov[0].iov_base,
1273 			.iov_len = resp_iov[0].iov_len
1274 		};
1275 		spin_unlock(&ses->ses_lock);
1276 		cifs_server_lock(server);
1277 		smb311_update_preauth_hash(ses, server, &iov, 1);
1278 		cifs_server_unlock(server);
1279 		spin_lock(&ses->ses_lock);
1280 	}
1281 	spin_unlock(&ses->ses_lock);
1282 
1283 out:
1284 	/*
1285 	 * This will dequeue all mids. After this it is important that the
1286 	 * demultiplex_thread will not process any of these mids any futher.
1287 	 * This is prevented above by using a noop callback that will not
1288 	 * wake this thread except for the very last PDU.
1289 	 */
1290 	for (i = 0; i < num_rqst; i++) {
1291 		if (!cancelled_mid[i])
1292 			delete_mid(midQ[i]);
1293 	}
1294 
1295 	return rc;
1296 }
1297 
1298 int
cifs_send_recv(const unsigned int xid,struct cifs_ses * ses,struct TCP_Server_Info * server,struct smb_rqst * rqst,int * resp_buf_type,const int flags,struct kvec * resp_iov)1299 cifs_send_recv(const unsigned int xid, struct cifs_ses *ses,
1300 	       struct TCP_Server_Info *server,
1301 	       struct smb_rqst *rqst, int *resp_buf_type, const int flags,
1302 	       struct kvec *resp_iov)
1303 {
1304 	return compound_send_recv(xid, ses, server, flags, 1,
1305 				  rqst, resp_buf_type, resp_iov);
1306 }
1307 
1308 int
SendReceive2(const unsigned int xid,struct cifs_ses * ses,struct kvec * iov,int n_vec,int * resp_buf_type,const int flags,struct kvec * resp_iov)1309 SendReceive2(const unsigned int xid, struct cifs_ses *ses,
1310 	     struct kvec *iov, int n_vec, int *resp_buf_type /* ret */,
1311 	     const int flags, struct kvec *resp_iov)
1312 {
1313 	struct smb_rqst rqst;
1314 	struct kvec s_iov[CIFS_MAX_IOV_SIZE], *new_iov;
1315 	int rc;
1316 
1317 	if (n_vec + 1 > CIFS_MAX_IOV_SIZE) {
1318 		new_iov = kmalloc_array(n_vec + 1, sizeof(struct kvec),
1319 					GFP_KERNEL);
1320 		if (!new_iov) {
1321 			/* otherwise cifs_send_recv below sets resp_buf_type */
1322 			*resp_buf_type = CIFS_NO_BUFFER;
1323 			return -ENOMEM;
1324 		}
1325 	} else
1326 		new_iov = s_iov;
1327 
1328 	/* 1st iov is a RFC1001 length followed by the rest of the packet */
1329 	memcpy(new_iov + 1, iov, (sizeof(struct kvec) * n_vec));
1330 
1331 	new_iov[0].iov_base = new_iov[1].iov_base;
1332 	new_iov[0].iov_len = 4;
1333 	new_iov[1].iov_base += 4;
1334 	new_iov[1].iov_len -= 4;
1335 
1336 	memset(&rqst, 0, sizeof(struct smb_rqst));
1337 	rqst.rq_iov = new_iov;
1338 	rqst.rq_nvec = n_vec + 1;
1339 
1340 	rc = cifs_send_recv(xid, ses, ses->server,
1341 			    &rqst, resp_buf_type, flags, resp_iov);
1342 	if (n_vec + 1 > CIFS_MAX_IOV_SIZE)
1343 		kfree(new_iov);
1344 	return rc;
1345 }
1346 
1347 int
SendReceive(const unsigned int xid,struct cifs_ses * ses,struct smb_hdr * in_buf,struct smb_hdr * out_buf,int * pbytes_returned,const int flags)1348 SendReceive(const unsigned int xid, struct cifs_ses *ses,
1349 	    struct smb_hdr *in_buf, struct smb_hdr *out_buf,
1350 	    int *pbytes_returned, const int flags)
1351 {
1352 	int rc = 0;
1353 	struct mid_q_entry *midQ;
1354 	unsigned int len = be32_to_cpu(in_buf->smb_buf_length);
1355 	struct kvec iov = { .iov_base = in_buf, .iov_len = len };
1356 	struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 };
1357 	struct cifs_credits credits = { .value = 1, .instance = 0 };
1358 	struct TCP_Server_Info *server;
1359 
1360 	if (ses == NULL) {
1361 		cifs_dbg(VFS, "Null smb session\n");
1362 		return -EIO;
1363 	}
1364 	server = ses->server;
1365 	if (server == NULL) {
1366 		cifs_dbg(VFS, "Null tcp session\n");
1367 		return -EIO;
1368 	}
1369 
1370 	spin_lock(&server->srv_lock);
1371 	if (server->tcpStatus == CifsExiting) {
1372 		spin_unlock(&server->srv_lock);
1373 		return -ENOENT;
1374 	}
1375 	spin_unlock(&server->srv_lock);
1376 
1377 	/* Ensure that we do not send more than 50 overlapping requests
1378 	   to the same server. We may make this configurable later or
1379 	   use ses->maxReq */
1380 
1381 	if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
1382 		cifs_server_dbg(VFS, "Invalid length, greater than maximum frame, %d\n",
1383 				len);
1384 		return -EIO;
1385 	}
1386 
1387 	rc = wait_for_free_request(server, flags, &credits.instance);
1388 	if (rc)
1389 		return rc;
1390 
1391 	/* make sure that we sign in the same order that we send on this socket
1392 	   and avoid races inside tcp sendmsg code that could cause corruption
1393 	   of smb data */
1394 
1395 	cifs_server_lock(server);
1396 
1397 	rc = allocate_mid(ses, in_buf, &midQ);
1398 	if (rc) {
1399 		cifs_server_unlock(server);
1400 		/* Update # of requests on wire to server */
1401 		add_credits(server, &credits, 0);
1402 		return rc;
1403 	}
1404 
1405 	rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number);
1406 	if (rc) {
1407 		cifs_server_unlock(server);
1408 		goto out;
1409 	}
1410 
1411 	midQ->mid_state = MID_REQUEST_SUBMITTED;
1412 
1413 	rc = smb_send(server, in_buf, len);
1414 	cifs_save_when_sent(midQ);
1415 
1416 	if (rc < 0)
1417 		server->sequence_number -= 2;
1418 
1419 	cifs_server_unlock(server);
1420 
1421 	if (rc < 0)
1422 		goto out;
1423 
1424 	rc = wait_for_response(server, midQ);
1425 	if (rc != 0) {
1426 		send_cancel(server, &rqst, midQ);
1427 		spin_lock(&server->mid_lock);
1428 		if (midQ->mid_state == MID_REQUEST_SUBMITTED ||
1429 		    midQ->mid_state == MID_RESPONSE_RECEIVED) {
1430 			/* no longer considered to be "in-flight" */
1431 			midQ->callback = release_mid;
1432 			spin_unlock(&server->mid_lock);
1433 			add_credits(server, &credits, 0);
1434 			return rc;
1435 		}
1436 		spin_unlock(&server->mid_lock);
1437 	}
1438 
1439 	rc = cifs_sync_mid_result(midQ, server);
1440 	if (rc != 0) {
1441 		add_credits(server, &credits, 0);
1442 		return rc;
1443 	}
1444 
1445 	if (!midQ->resp_buf || !out_buf ||
1446 	    midQ->mid_state != MID_RESPONSE_READY) {
1447 		rc = -EIO;
1448 		cifs_server_dbg(VFS, "Bad MID state?\n");
1449 		goto out;
1450 	}
1451 
1452 	*pbytes_returned = get_rfc1002_length(midQ->resp_buf);
1453 	memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1454 	rc = cifs_check_receive(midQ, server, 0);
1455 out:
1456 	delete_mid(midQ);
1457 	add_credits(server, &credits, 0);
1458 
1459 	return rc;
1460 }
1461 
1462 /* We send a LOCKINGX_CANCEL_LOCK to cause the Windows
1463    blocking lock to return. */
1464 
1465 static int
send_lock_cancel(const unsigned int xid,struct cifs_tcon * tcon,struct smb_hdr * in_buf,struct smb_hdr * out_buf)1466 send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon,
1467 			struct smb_hdr *in_buf,
1468 			struct smb_hdr *out_buf)
1469 {
1470 	int bytes_returned;
1471 	struct cifs_ses *ses = tcon->ses;
1472 	LOCK_REQ *pSMB = (LOCK_REQ *)in_buf;
1473 
1474 	/* We just modify the current in_buf to change
1475 	   the type of lock from LOCKING_ANDX_SHARED_LOCK
1476 	   or LOCKING_ANDX_EXCLUSIVE_LOCK to
1477 	   LOCKING_ANDX_CANCEL_LOCK. */
1478 
1479 	pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES;
1480 	pSMB->Timeout = 0;
1481 	pSMB->hdr.Mid = get_next_mid(ses->server);
1482 
1483 	return SendReceive(xid, ses, in_buf, out_buf,
1484 			&bytes_returned, 0);
1485 }
1486 
1487 int
SendReceiveBlockingLock(const unsigned int xid,struct cifs_tcon * tcon,struct smb_hdr * in_buf,struct smb_hdr * out_buf,int * pbytes_returned)1488 SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon,
1489 	    struct smb_hdr *in_buf, struct smb_hdr *out_buf,
1490 	    int *pbytes_returned)
1491 {
1492 	int rc = 0;
1493 	int rstart = 0;
1494 	struct mid_q_entry *midQ;
1495 	struct cifs_ses *ses;
1496 	unsigned int len = be32_to_cpu(in_buf->smb_buf_length);
1497 	struct kvec iov = { .iov_base = in_buf, .iov_len = len };
1498 	struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 };
1499 	unsigned int instance;
1500 	struct TCP_Server_Info *server;
1501 
1502 	if (tcon == NULL || tcon->ses == NULL) {
1503 		cifs_dbg(VFS, "Null smb session\n");
1504 		return -EIO;
1505 	}
1506 	ses = tcon->ses;
1507 	server = ses->server;
1508 
1509 	if (server == NULL) {
1510 		cifs_dbg(VFS, "Null tcp session\n");
1511 		return -EIO;
1512 	}
1513 
1514 	spin_lock(&server->srv_lock);
1515 	if (server->tcpStatus == CifsExiting) {
1516 		spin_unlock(&server->srv_lock);
1517 		return -ENOENT;
1518 	}
1519 	spin_unlock(&server->srv_lock);
1520 
1521 	/* Ensure that we do not send more than 50 overlapping requests
1522 	   to the same server. We may make this configurable later or
1523 	   use ses->maxReq */
1524 
1525 	if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
1526 		cifs_tcon_dbg(VFS, "Invalid length, greater than maximum frame, %d\n",
1527 			      len);
1528 		return -EIO;
1529 	}
1530 
1531 	rc = wait_for_free_request(server, CIFS_BLOCKING_OP, &instance);
1532 	if (rc)
1533 		return rc;
1534 
1535 	/* make sure that we sign in the same order that we send on this socket
1536 	   and avoid races inside tcp sendmsg code that could cause corruption
1537 	   of smb data */
1538 
1539 	cifs_server_lock(server);
1540 
1541 	rc = allocate_mid(ses, in_buf, &midQ);
1542 	if (rc) {
1543 		cifs_server_unlock(server);
1544 		return rc;
1545 	}
1546 
1547 	rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number);
1548 	if (rc) {
1549 		delete_mid(midQ);
1550 		cifs_server_unlock(server);
1551 		return rc;
1552 	}
1553 
1554 	midQ->mid_state = MID_REQUEST_SUBMITTED;
1555 	rc = smb_send(server, in_buf, len);
1556 	cifs_save_when_sent(midQ);
1557 
1558 	if (rc < 0)
1559 		server->sequence_number -= 2;
1560 
1561 	cifs_server_unlock(server);
1562 
1563 	if (rc < 0) {
1564 		delete_mid(midQ);
1565 		return rc;
1566 	}
1567 
1568 	/* Wait for a reply - allow signals to interrupt. */
1569 	rc = wait_event_interruptible(server->response_q,
1570 		(!(midQ->mid_state == MID_REQUEST_SUBMITTED ||
1571 		   midQ->mid_state == MID_RESPONSE_RECEIVED)) ||
1572 		((server->tcpStatus != CifsGood) &&
1573 		 (server->tcpStatus != CifsNew)));
1574 
1575 	/* Were we interrupted by a signal ? */
1576 	spin_lock(&server->srv_lock);
1577 	if ((rc == -ERESTARTSYS) &&
1578 		(midQ->mid_state == MID_REQUEST_SUBMITTED ||
1579 		 midQ->mid_state == MID_RESPONSE_RECEIVED) &&
1580 		((server->tcpStatus == CifsGood) ||
1581 		 (server->tcpStatus == CifsNew))) {
1582 		spin_unlock(&server->srv_lock);
1583 
1584 		if (in_buf->Command == SMB_COM_TRANSACTION2) {
1585 			/* POSIX lock. We send a NT_CANCEL SMB to cause the
1586 			   blocking lock to return. */
1587 			rc = send_cancel(server, &rqst, midQ);
1588 			if (rc) {
1589 				delete_mid(midQ);
1590 				return rc;
1591 			}
1592 		} else {
1593 			/* Windows lock. We send a LOCKINGX_CANCEL_LOCK
1594 			   to cause the blocking lock to return. */
1595 
1596 			rc = send_lock_cancel(xid, tcon, in_buf, out_buf);
1597 
1598 			/* If we get -ENOLCK back the lock may have
1599 			   already been removed. Don't exit in this case. */
1600 			if (rc && rc != -ENOLCK) {
1601 				delete_mid(midQ);
1602 				return rc;
1603 			}
1604 		}
1605 
1606 		rc = wait_for_response(server, midQ);
1607 		if (rc) {
1608 			send_cancel(server, &rqst, midQ);
1609 			spin_lock(&server->mid_lock);
1610 			if (midQ->mid_state == MID_REQUEST_SUBMITTED ||
1611 			    midQ->mid_state == MID_RESPONSE_RECEIVED) {
1612 				/* no longer considered to be "in-flight" */
1613 				midQ->callback = release_mid;
1614 				spin_unlock(&server->mid_lock);
1615 				return rc;
1616 			}
1617 			spin_unlock(&server->mid_lock);
1618 		}
1619 
1620 		/* We got the response - restart system call. */
1621 		rstart = 1;
1622 		spin_lock(&server->srv_lock);
1623 	}
1624 	spin_unlock(&server->srv_lock);
1625 
1626 	rc = cifs_sync_mid_result(midQ, server);
1627 	if (rc != 0)
1628 		return rc;
1629 
1630 	/* rcvd frame is ok */
1631 	if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_READY) {
1632 		rc = -EIO;
1633 		cifs_tcon_dbg(VFS, "Bad MID state?\n");
1634 		goto out;
1635 	}
1636 
1637 	*pbytes_returned = get_rfc1002_length(midQ->resp_buf);
1638 	memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1639 	rc = cifs_check_receive(midQ, server, 0);
1640 out:
1641 	delete_mid(midQ);
1642 	if (rstart && rc == -EACCES)
1643 		return -ERESTARTSYS;
1644 	return rc;
1645 }
1646 
1647 /*
1648  * Discard any remaining data in the current SMB. To do this, we borrow the
1649  * current bigbuf.
1650  */
1651 int
cifs_discard_remaining_data(struct TCP_Server_Info * server)1652 cifs_discard_remaining_data(struct TCP_Server_Info *server)
1653 {
1654 	unsigned int rfclen = server->pdu_size;
1655 	size_t remaining = rfclen + HEADER_PREAMBLE_SIZE(server) -
1656 		server->total_read;
1657 
1658 	while (remaining > 0) {
1659 		ssize_t length;
1660 
1661 		length = cifs_discard_from_socket(server,
1662 				min_t(size_t, remaining,
1663 				      CIFSMaxBufSize + MAX_HEADER_SIZE(server)));
1664 		if (length < 0)
1665 			return length;
1666 		server->total_read += length;
1667 		remaining -= length;
1668 	}
1669 
1670 	return 0;
1671 }
1672 
1673 static int
__cifs_readv_discard(struct TCP_Server_Info * server,struct mid_q_entry * mid,bool malformed)1674 __cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid,
1675 		     bool malformed)
1676 {
1677 	int length;
1678 
1679 	length = cifs_discard_remaining_data(server);
1680 	dequeue_mid(mid, malformed);
1681 	mid->resp_buf = server->smallbuf;
1682 	server->smallbuf = NULL;
1683 	return length;
1684 }
1685 
1686 static int
cifs_readv_discard(struct TCP_Server_Info * server,struct mid_q_entry * mid)1687 cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid)
1688 {
1689 	struct cifs_readdata *rdata = mid->callback_data;
1690 
1691 	return  __cifs_readv_discard(server, mid, rdata->result);
1692 }
1693 
1694 int
cifs_readv_receive(struct TCP_Server_Info * server,struct mid_q_entry * mid)1695 cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid)
1696 {
1697 	int length, len;
1698 	unsigned int data_offset, data_len;
1699 	struct cifs_readdata *rdata = mid->callback_data;
1700 	char *buf = server->smallbuf;
1701 	unsigned int buflen = server->pdu_size + HEADER_PREAMBLE_SIZE(server);
1702 	bool use_rdma_mr = false;
1703 
1704 	cifs_dbg(FYI, "%s: mid=%llu offset=%llu bytes=%u\n",
1705 		 __func__, mid->mid, rdata->offset, rdata->bytes);
1706 
1707 	/*
1708 	 * read the rest of READ_RSP header (sans Data array), or whatever we
1709 	 * can if there's not enough data. At this point, we've read down to
1710 	 * the Mid.
1711 	 */
1712 	len = min_t(unsigned int, buflen, server->vals->read_rsp_size) -
1713 							HEADER_SIZE(server) + 1;
1714 
1715 	length = cifs_read_from_socket(server,
1716 				       buf + HEADER_SIZE(server) - 1, len);
1717 	if (length < 0)
1718 		return length;
1719 	server->total_read += length;
1720 
1721 	if (server->ops->is_session_expired &&
1722 	    server->ops->is_session_expired(buf)) {
1723 		cifs_reconnect(server, true);
1724 		return -1;
1725 	}
1726 
1727 	if (server->ops->is_status_pending &&
1728 	    server->ops->is_status_pending(buf, server)) {
1729 		cifs_discard_remaining_data(server);
1730 		return -1;
1731 	}
1732 
1733 	/* set up first two iov for signature check and to get credits */
1734 	rdata->iov[0].iov_base = buf;
1735 	rdata->iov[0].iov_len = HEADER_PREAMBLE_SIZE(server);
1736 	rdata->iov[1].iov_base = buf + HEADER_PREAMBLE_SIZE(server);
1737 	rdata->iov[1].iov_len =
1738 		server->total_read - HEADER_PREAMBLE_SIZE(server);
1739 	cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu\n",
1740 		 rdata->iov[0].iov_base, rdata->iov[0].iov_len);
1741 	cifs_dbg(FYI, "1: iov_base=%p iov_len=%zu\n",
1742 		 rdata->iov[1].iov_base, rdata->iov[1].iov_len);
1743 
1744 	/* Was the SMB read successful? */
1745 	rdata->result = server->ops->map_error(buf, false);
1746 	if (rdata->result != 0) {
1747 		cifs_dbg(FYI, "%s: server returned error %d\n",
1748 			 __func__, rdata->result);
1749 		/* normal error on read response */
1750 		return __cifs_readv_discard(server, mid, false);
1751 	}
1752 
1753 	/* Is there enough to get to the rest of the READ_RSP header? */
1754 	if (server->total_read < server->vals->read_rsp_size) {
1755 		cifs_dbg(FYI, "%s: server returned short header. got=%u expected=%zu\n",
1756 			 __func__, server->total_read,
1757 			 server->vals->read_rsp_size);
1758 		rdata->result = -EIO;
1759 		return cifs_readv_discard(server, mid);
1760 	}
1761 
1762 	data_offset = server->ops->read_data_offset(buf) +
1763 		HEADER_PREAMBLE_SIZE(server);
1764 	if (data_offset < server->total_read) {
1765 		/*
1766 		 * win2k8 sometimes sends an offset of 0 when the read
1767 		 * is beyond the EOF. Treat it as if the data starts just after
1768 		 * the header.
1769 		 */
1770 		cifs_dbg(FYI, "%s: data offset (%u) inside read response header\n",
1771 			 __func__, data_offset);
1772 		data_offset = server->total_read;
1773 	} else if (data_offset > MAX_CIFS_SMALL_BUFFER_SIZE) {
1774 		/* data_offset is beyond the end of smallbuf */
1775 		cifs_dbg(FYI, "%s: data offset (%u) beyond end of smallbuf\n",
1776 			 __func__, data_offset);
1777 		rdata->result = -EIO;
1778 		return cifs_readv_discard(server, mid);
1779 	}
1780 
1781 	cifs_dbg(FYI, "%s: total_read=%u data_offset=%u\n",
1782 		 __func__, server->total_read, data_offset);
1783 
1784 	len = data_offset - server->total_read;
1785 	if (len > 0) {
1786 		/* read any junk before data into the rest of smallbuf */
1787 		length = cifs_read_from_socket(server,
1788 					       buf + server->total_read, len);
1789 		if (length < 0)
1790 			return length;
1791 		server->total_read += length;
1792 	}
1793 
1794 	/* how much data is in the response? */
1795 #ifdef CONFIG_CIFS_SMB_DIRECT
1796 	use_rdma_mr = rdata->mr;
1797 #endif
1798 	data_len = server->ops->read_data_length(buf, use_rdma_mr);
1799 	if (!use_rdma_mr && (data_offset + data_len > buflen)) {
1800 		/* data_len is corrupt -- discard frame */
1801 		rdata->result = -EIO;
1802 		return cifs_readv_discard(server, mid);
1803 	}
1804 
1805 #ifdef CONFIG_CIFS_SMB_DIRECT
1806 	if (rdata->mr)
1807 		length = data_len; /* An RDMA read is already done. */
1808 	else
1809 #endif
1810 		length = cifs_read_iter_from_socket(server, &rdata->iter,
1811 						    data_len);
1812 	if (length > 0)
1813 		rdata->got_bytes += length;
1814 	server->total_read += length;
1815 
1816 	cifs_dbg(FYI, "total_read=%u buflen=%u remaining=%u\n",
1817 		 server->total_read, buflen, data_len);
1818 
1819 	/* discard anything left over */
1820 	if (server->total_read < buflen)
1821 		return cifs_readv_discard(server, mid);
1822 
1823 	dequeue_mid(mid, false);
1824 	mid->resp_buf = server->smallbuf;
1825 	server->smallbuf = NULL;
1826 	return length;
1827 }
1828