1/* 2 * fs/cifs/transport.c 3 * 4 * Copyright (C) International Business Machines Corp., 2002,2008 5 * Author(s): Steve French (sfrench@us.ibm.com) 6 * Jeremy Allison (jra@samba.org) 2006. 7 * 8 * This library is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU Lesser General Public License as published 10 * by the Free Software Foundation; either version 2.1 of the License, or 11 * (at your option) any later version. 12 * 13 * This library is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 16 * the GNU Lesser General Public License for more details. 17 * 18 * You should have received a copy of the GNU Lesser General Public License 19 * along with this library; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 21 */ 22 23#include <linux/fs.h> 24#include <linux/list.h> 25#include <linux/gfp.h> 26#include <linux/wait.h> 27#include <linux/net.h> 28#include <linux/delay.h> 29#include <linux/freezer.h> 30#include <linux/tcp.h> 31#include <linux/bvec.h> 32#include <linux/highmem.h> 33#include <linux/uaccess.h> 34#include <asm/processor.h> 35#include <linux/mempool.h> 36#include <linux/sched/signal.h> 37#include "cifspdu.h" 38#include "cifsglob.h" 39#include "cifsproto.h" 40#include "cifs_debug.h" 41#include "smb2proto.h" 42#include "smbdirect.h" 43 44/* Max number of iovectors we can use off the stack when sending requests. */ 45#define CIFS_MAX_IOV_SIZE 8 46 47void 48cifs_wake_up_task(struct mid_q_entry *mid) 49{ 50 wake_up_process(mid->callback_data); 51} 52 53struct mid_q_entry * 54AllocMidQEntry(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server) 55{ 56 struct mid_q_entry *temp; 57 58 if (server == NULL) { 59 cifs_dbg(VFS, "Null TCP session in AllocMidQEntry\n"); 60 return NULL; 61 } 62 63 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS); 64 memset(temp, 0, sizeof(struct mid_q_entry)); 65 kref_init(&temp->refcount); 66 temp->mid = get_mid(smb_buffer); 67 temp->pid = current->pid; 68 temp->command = cpu_to_le16(smb_buffer->Command); 69 cifs_dbg(FYI, "For smb_command %d\n", smb_buffer->Command); 70 /* do_gettimeofday(&temp->when_sent);*/ /* easier to use jiffies */ 71 /* when mid allocated can be before when sent */ 72 temp->when_alloc = jiffies; 73 temp->server = server; 74 75 /* 76 * The default is for the mid to be synchronous, so the 77 * default callback just wakes up the current task. 78 */ 79 get_task_struct(current); 80 temp->creator = current; 81 temp->callback = cifs_wake_up_task; 82 temp->callback_data = current; 83 84 atomic_inc(&midCount); 85 temp->mid_state = MID_REQUEST_ALLOCATED; 86 return temp; 87} 88 89static void _cifs_mid_q_entry_release(struct kref *refcount) 90{ 91 struct mid_q_entry *midEntry = 92 container_of(refcount, struct mid_q_entry, refcount); 93#ifdef CONFIG_CIFS_STATS2 94 __le16 command = midEntry->server->vals->lock_cmd; 95 __u16 smb_cmd = le16_to_cpu(midEntry->command); 96 unsigned long now; 97 unsigned long roundtrip_time; 98#endif 99 struct TCP_Server_Info *server = midEntry->server; 100 101 if (midEntry->resp_buf && (midEntry->mid_flags & MID_WAIT_CANCELLED) && 102 midEntry->mid_state == MID_RESPONSE_RECEIVED && 103 server->ops->handle_cancelled_mid) 104 server->ops->handle_cancelled_mid(midEntry, server); 105 106 midEntry->mid_state = MID_FREE; 107 atomic_dec(&midCount); 108 if (midEntry->large_buf) 109 cifs_buf_release(midEntry->resp_buf); 110 else 111 cifs_small_buf_release(midEntry->resp_buf); 112#ifdef CONFIG_CIFS_STATS2 113 now = jiffies; 114 if (now < midEntry->when_alloc) 115 cifs_server_dbg(VFS, "Invalid mid allocation time\n"); 116 roundtrip_time = now - midEntry->when_alloc; 117 118 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) { 119 if (atomic_read(&server->num_cmds[smb_cmd]) == 0) { 120 server->slowest_cmd[smb_cmd] = roundtrip_time; 121 server->fastest_cmd[smb_cmd] = roundtrip_time; 122 } else { 123 if (server->slowest_cmd[smb_cmd] < roundtrip_time) 124 server->slowest_cmd[smb_cmd] = roundtrip_time; 125 else if (server->fastest_cmd[smb_cmd] > roundtrip_time) 126 server->fastest_cmd[smb_cmd] = roundtrip_time; 127 } 128 cifs_stats_inc(&server->num_cmds[smb_cmd]); 129 server->time_per_cmd[smb_cmd] += roundtrip_time; 130 } 131 /* 132 * commands taking longer than one second (default) can be indications 133 * that something is wrong, unless it is quite a slow link or a very 134 * busy server. Note that this calc is unlikely or impossible to wrap 135 * as long as slow_rsp_threshold is not set way above recommended max 136 * value (32767 ie 9 hours) and is generally harmless even if wrong 137 * since only affects debug counters - so leaving the calc as simple 138 * comparison rather than doing multiple conversions and overflow 139 * checks 140 */ 141 if ((slow_rsp_threshold != 0) && 142 time_after(now, midEntry->when_alloc + (slow_rsp_threshold * HZ)) && 143 (midEntry->command != command)) { 144 /* 145 * smb2slowcmd[NUMBER_OF_SMB2_COMMANDS] counts by command 146 * NB: le16_to_cpu returns unsigned so can not be negative below 147 */ 148 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) 149 cifs_stats_inc(&server->smb2slowcmd[smb_cmd]); 150 151 trace_smb3_slow_rsp(smb_cmd, midEntry->mid, midEntry->pid, 152 midEntry->when_sent, midEntry->when_received); 153 if (cifsFYI & CIFS_TIMER) { 154 pr_debug("slow rsp: cmd %d mid %llu", 155 midEntry->command, midEntry->mid); 156 cifs_info("A: 0x%lx S: 0x%lx R: 0x%lx\n", 157 now - midEntry->when_alloc, 158 now - midEntry->when_sent, 159 now - midEntry->when_received); 160 } 161 } 162#endif 163 put_task_struct(midEntry->creator); 164 165 mempool_free(midEntry, cifs_mid_poolp); 166} 167 168void cifs_mid_q_entry_release(struct mid_q_entry *midEntry) 169{ 170 spin_lock(&GlobalMid_Lock); 171 kref_put(&midEntry->refcount, _cifs_mid_q_entry_release); 172 spin_unlock(&GlobalMid_Lock); 173} 174 175void DeleteMidQEntry(struct mid_q_entry *midEntry) 176{ 177 cifs_mid_q_entry_release(midEntry); 178} 179 180void 181cifs_delete_mid(struct mid_q_entry *mid) 182{ 183 spin_lock(&GlobalMid_Lock); 184 if (!(mid->mid_flags & MID_DELETED)) { 185 list_del_init(&mid->qhead); 186 mid->mid_flags |= MID_DELETED; 187 } 188 spin_unlock(&GlobalMid_Lock); 189 190 DeleteMidQEntry(mid); 191} 192 193/* 194 * smb_send_kvec - send an array of kvecs to the server 195 * @server: Server to send the data to 196 * @smb_msg: Message to send 197 * @sent: amount of data sent on socket is stored here 198 * 199 * Our basic "send data to server" function. Should be called with srv_mutex 200 * held. The caller is responsible for handling the results. 201 */ 202static int 203smb_send_kvec(struct TCP_Server_Info *server, struct msghdr *smb_msg, 204 size_t *sent) 205{ 206 int rc = 0; 207 int retries = 0; 208 struct socket *ssocket = server->ssocket; 209 210 *sent = 0; 211 212 if (server->noblocksnd) 213 smb_msg->msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL; 214 else 215 smb_msg->msg_flags = MSG_NOSIGNAL; 216 217 while (msg_data_left(smb_msg)) { 218 /* 219 * If blocking send, we try 3 times, since each can block 220 * for 5 seconds. For nonblocking we have to try more 221 * but wait increasing amounts of time allowing time for 222 * socket to clear. The overall time we wait in either 223 * case to send on the socket is about 15 seconds. 224 * Similarly we wait for 15 seconds for a response from 225 * the server in SendReceive[2] for the server to send 226 * a response back for most types of requests (except 227 * SMB Write past end of file which can be slow, and 228 * blocking lock operations). NFS waits slightly longer 229 * than CIFS, but this can make it take longer for 230 * nonresponsive servers to be detected and 15 seconds 231 * is more than enough time for modern networks to 232 * send a packet. In most cases if we fail to send 233 * after the retries we will kill the socket and 234 * reconnect which may clear the network problem. 235 */ 236 rc = sock_sendmsg(ssocket, smb_msg); 237 if (rc == -EAGAIN) { 238 retries++; 239 if (retries >= 14 || 240 (!server->noblocksnd && (retries > 2))) { 241 cifs_server_dbg(VFS, "sends on sock %p stuck for 15 seconds\n", 242 ssocket); 243 return -EAGAIN; 244 } 245 msleep(1 << retries); 246 continue; 247 } 248 249 if (rc < 0) 250 return rc; 251 252 if (rc == 0) { 253 /* should never happen, letting socket clear before 254 retrying is our only obvious option here */ 255 cifs_server_dbg(VFS, "tcp sent no data\n"); 256 msleep(500); 257 continue; 258 } 259 260 /* send was at least partially successful */ 261 *sent += rc; 262 retries = 0; /* in case we get ENOSPC on the next send */ 263 } 264 return 0; 265} 266 267unsigned long 268smb_rqst_len(struct TCP_Server_Info *server, struct smb_rqst *rqst) 269{ 270 unsigned int i; 271 struct kvec *iov; 272 int nvec; 273 unsigned long buflen = 0; 274 275 if (server->vals->header_preamble_size == 0 && 276 rqst->rq_nvec >= 2 && rqst->rq_iov[0].iov_len == 4) { 277 iov = &rqst->rq_iov[1]; 278 nvec = rqst->rq_nvec - 1; 279 } else { 280 iov = rqst->rq_iov; 281 nvec = rqst->rq_nvec; 282 } 283 284 /* total up iov array first */ 285 for (i = 0; i < nvec; i++) 286 buflen += iov[i].iov_len; 287 288 /* 289 * Add in the page array if there is one. The caller needs to make 290 * sure rq_offset and rq_tailsz are set correctly. If a buffer of 291 * multiple pages ends at page boundary, rq_tailsz needs to be set to 292 * PAGE_SIZE. 293 */ 294 if (rqst->rq_npages) { 295 if (rqst->rq_npages == 1) 296 buflen += rqst->rq_tailsz; 297 else { 298 /* 299 * If there is more than one page, calculate the 300 * buffer length based on rq_offset and rq_tailsz 301 */ 302 buflen += rqst->rq_pagesz * (rqst->rq_npages - 1) - 303 rqst->rq_offset; 304 buflen += rqst->rq_tailsz; 305 } 306 } 307 308 return buflen; 309} 310 311static int 312__smb_send_rqst(struct TCP_Server_Info *server, int num_rqst, 313 struct smb_rqst *rqst) 314{ 315 int rc; 316 struct kvec *iov; 317 int n_vec; 318 unsigned int send_length = 0; 319 unsigned int i, j; 320 sigset_t mask, oldmask; 321 size_t total_len = 0, sent, size; 322 struct socket *ssocket = server->ssocket; 323 struct msghdr smb_msg = {}; 324 __be32 rfc1002_marker; 325 326 cifs_in_send_inc(server); 327 if (cifs_rdma_enabled(server)) { 328 /* return -EAGAIN when connecting or reconnecting */ 329 rc = -EAGAIN; 330 if (server->smbd_conn) 331 rc = smbd_send(server, num_rqst, rqst); 332 goto smbd_done; 333 } 334 335 rc = -EAGAIN; 336 if (ssocket == NULL) 337 goto out; 338 339 rc = -ERESTARTSYS; 340 if (fatal_signal_pending(current)) { 341 cifs_dbg(FYI, "signal pending before send request\n"); 342 goto out; 343 } 344 345 rc = 0; 346 /* cork the socket */ 347 tcp_sock_set_cork(ssocket->sk, true); 348 349 for (j = 0; j < num_rqst; j++) 350 send_length += smb_rqst_len(server, &rqst[j]); 351 rfc1002_marker = cpu_to_be32(send_length); 352 353 /* 354 * We should not allow signals to interrupt the network send because 355 * any partial send will cause session reconnects thus increasing 356 * latency of system calls and overload a server with unnecessary 357 * requests. 358 */ 359 360 sigfillset(&mask); 361 sigprocmask(SIG_BLOCK, &mask, &oldmask); 362 363 /* Generate a rfc1002 marker for SMB2+ */ 364 if (server->vals->header_preamble_size == 0) { 365 struct kvec hiov = { 366 .iov_base = &rfc1002_marker, 367 .iov_len = 4 368 }; 369 iov_iter_kvec(&smb_msg.msg_iter, WRITE, &hiov, 1, 4); 370 rc = smb_send_kvec(server, &smb_msg, &sent); 371 if (rc < 0) 372 goto unmask; 373 374 total_len += sent; 375 send_length += 4; 376 } 377 378 cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length); 379 380 for (j = 0; j < num_rqst; j++) { 381 iov = rqst[j].rq_iov; 382 n_vec = rqst[j].rq_nvec; 383 384 size = 0; 385 for (i = 0; i < n_vec; i++) { 386 dump_smb(iov[i].iov_base, iov[i].iov_len); 387 size += iov[i].iov_len; 388 } 389 390 iov_iter_kvec(&smb_msg.msg_iter, WRITE, iov, n_vec, size); 391 392 rc = smb_send_kvec(server, &smb_msg, &sent); 393 if (rc < 0) 394 goto unmask; 395 396 total_len += sent; 397 398 /* now walk the page array and send each page in it */ 399 for (i = 0; i < rqst[j].rq_npages; i++) { 400 struct bio_vec bvec; 401 402 bvec.bv_page = rqst[j].rq_pages[i]; 403 rqst_page_get_length(&rqst[j], i, &bvec.bv_len, 404 &bvec.bv_offset); 405 406 iov_iter_bvec(&smb_msg.msg_iter, WRITE, 407 &bvec, 1, bvec.bv_len); 408 rc = smb_send_kvec(server, &smb_msg, &sent); 409 if (rc < 0) 410 break; 411 412 total_len += sent; 413 } 414 } 415 416unmask: 417 sigprocmask(SIG_SETMASK, &oldmask, NULL); 418 419 /* 420 * If signal is pending but we have already sent the whole packet to 421 * the server we need to return success status to allow a corresponding 422 * mid entry to be kept in the pending requests queue thus allowing 423 * to handle responses from the server by the client. 424 * 425 * If only part of the packet has been sent there is no need to hide 426 * interrupt because the session will be reconnected anyway, so there 427 * won't be any response from the server to handle. 428 */ 429 430 if (signal_pending(current) && (total_len != send_length)) { 431 cifs_dbg(FYI, "signal is pending after attempt to send\n"); 432 rc = -ERESTARTSYS; 433 } 434 435 /* uncork it */ 436 tcp_sock_set_cork(ssocket->sk, false); 437 438 if ((total_len > 0) && (total_len != send_length)) { 439 cifs_dbg(FYI, "partial send (wanted=%u sent=%zu): terminating session\n", 440 send_length, total_len); 441 /* 442 * If we have only sent part of an SMB then the next SMB could 443 * be taken as the remainder of this one. We need to kill the 444 * socket so the server throws away the partial SMB 445 */ 446 server->tcpStatus = CifsNeedReconnect; 447 trace_smb3_partial_send_reconnect(server->CurrentMid, 448 server->hostname); 449 } 450smbd_done: 451 if (rc < 0 && rc != -EINTR) 452 cifs_server_dbg(VFS, "Error %d sending data on socket to server\n", 453 rc); 454 else if (rc > 0) 455 rc = 0; 456out: 457 cifs_in_send_dec(server); 458 return rc; 459} 460 461static int 462smb_send_rqst(struct TCP_Server_Info *server, int num_rqst, 463 struct smb_rqst *rqst, int flags) 464{ 465 struct kvec iov; 466 struct smb2_transform_hdr *tr_hdr; 467 struct smb_rqst cur_rqst[MAX_COMPOUND]; 468 int rc; 469 470 if (!(flags & CIFS_TRANSFORM_REQ)) 471 return __smb_send_rqst(server, num_rqst, rqst); 472 473 if (num_rqst > MAX_COMPOUND - 1) 474 return -ENOMEM; 475 476 if (!server->ops->init_transform_rq) { 477 cifs_server_dbg(VFS, "Encryption requested but transform callback is missing\n"); 478 return -EIO; 479 } 480 481 tr_hdr = kmalloc(sizeof(*tr_hdr), GFP_NOFS); 482 if (!tr_hdr) 483 return -ENOMEM; 484 485 memset(&cur_rqst[0], 0, sizeof(cur_rqst)); 486 memset(&iov, 0, sizeof(iov)); 487 memset(tr_hdr, 0, sizeof(*tr_hdr)); 488 489 iov.iov_base = tr_hdr; 490 iov.iov_len = sizeof(*tr_hdr); 491 cur_rqst[0].rq_iov = &iov; 492 cur_rqst[0].rq_nvec = 1; 493 494 rc = server->ops->init_transform_rq(server, num_rqst + 1, 495 &cur_rqst[0], rqst); 496 if (rc) 497 goto out; 498 499 rc = __smb_send_rqst(server, num_rqst + 1, &cur_rqst[0]); 500 smb3_free_compound_rqst(num_rqst, &cur_rqst[1]); 501out: 502 kfree(tr_hdr); 503 return rc; 504} 505 506int 507smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer, 508 unsigned int smb_buf_length) 509{ 510 struct kvec iov[2]; 511 struct smb_rqst rqst = { .rq_iov = iov, 512 .rq_nvec = 2 }; 513 514 iov[0].iov_base = smb_buffer; 515 iov[0].iov_len = 4; 516 iov[1].iov_base = (char *)smb_buffer + 4; 517 iov[1].iov_len = smb_buf_length; 518 519 return __smb_send_rqst(server, 1, &rqst); 520} 521 522static int 523wait_for_free_credits(struct TCP_Server_Info *server, const int num_credits, 524 const int timeout, const int flags, 525 unsigned int *instance) 526{ 527 long rc; 528 int *credits; 529 int optype; 530 long int t; 531 532 if (timeout < 0) 533 t = MAX_JIFFY_OFFSET; 534 else 535 t = msecs_to_jiffies(timeout); 536 537 optype = flags & CIFS_OP_MASK; 538 539 *instance = 0; 540 541 credits = server->ops->get_credits_field(server, optype); 542 /* Since an echo is already inflight, no need to wait to send another */ 543 if (*credits <= 0 && optype == CIFS_ECHO_OP) 544 return -EAGAIN; 545 546 spin_lock(&server->req_lock); 547 if ((flags & CIFS_TIMEOUT_MASK) == CIFS_NON_BLOCKING) { 548 /* oplock breaks must not be held up */ 549 server->in_flight++; 550 if (server->in_flight > server->max_in_flight) 551 server->max_in_flight = server->in_flight; 552 *credits -= 1; 553 *instance = server->reconnect_instance; 554 spin_unlock(&server->req_lock); 555 return 0; 556 } 557 558 while (1) { 559 if (*credits < num_credits) { 560 spin_unlock(&server->req_lock); 561 cifs_num_waiters_inc(server); 562 rc = wait_event_killable_timeout(server->request_q, 563 has_credits(server, credits, num_credits), t); 564 cifs_num_waiters_dec(server); 565 if (!rc) { 566 trace_smb3_credit_timeout(server->CurrentMid, 567 server->hostname, num_credits, 0); 568 cifs_server_dbg(VFS, "wait timed out after %d ms\n", 569 timeout); 570 return -ENOTSUPP; 571 } 572 if (rc == -ERESTARTSYS) 573 return -ERESTARTSYS; 574 spin_lock(&server->req_lock); 575 } else { 576 if (server->tcpStatus == CifsExiting) { 577 spin_unlock(&server->req_lock); 578 return -ENOENT; 579 } 580 581 /* 582 * For normal commands, reserve the last MAX_COMPOUND 583 * credits to compound requests. 584 * Otherwise these compounds could be permanently 585 * starved for credits by single-credit requests. 586 * 587 * To prevent spinning CPU, block this thread until 588 * there are >MAX_COMPOUND credits available. 589 * But only do this is we already have a lot of 590 * credits in flight to avoid triggering this check 591 * for servers that are slow to hand out credits on 592 * new sessions. 593 */ 594 if (!optype && num_credits == 1 && 595 server->in_flight > 2 * MAX_COMPOUND && 596 *credits <= MAX_COMPOUND) { 597 spin_unlock(&server->req_lock); 598 cifs_num_waiters_inc(server); 599 rc = wait_event_killable_timeout( 600 server->request_q, 601 has_credits(server, credits, 602 MAX_COMPOUND + 1), 603 t); 604 cifs_num_waiters_dec(server); 605 if (!rc) { 606 trace_smb3_credit_timeout( 607 server->CurrentMid, 608 server->hostname, num_credits, 609 0); 610 cifs_server_dbg(VFS, "wait timed out after %d ms\n", 611 timeout); 612 return -ENOTSUPP; 613 } 614 if (rc == -ERESTARTSYS) 615 return -ERESTARTSYS; 616 spin_lock(&server->req_lock); 617 continue; 618 } 619 620 /* 621 * Can not count locking commands against total 622 * as they are allowed to block on server. 623 */ 624 625 /* update # of requests on the wire to server */ 626 if ((flags & CIFS_TIMEOUT_MASK) != CIFS_BLOCKING_OP) { 627 *credits -= num_credits; 628 server->in_flight += num_credits; 629 if (server->in_flight > server->max_in_flight) 630 server->max_in_flight = server->in_flight; 631 *instance = server->reconnect_instance; 632 } 633 spin_unlock(&server->req_lock); 634 break; 635 } 636 } 637 return 0; 638} 639 640static int 641wait_for_free_request(struct TCP_Server_Info *server, const int flags, 642 unsigned int *instance) 643{ 644 return wait_for_free_credits(server, 1, -1, flags, 645 instance); 646} 647 648static int 649wait_for_compound_request(struct TCP_Server_Info *server, int num, 650 const int flags, unsigned int *instance) 651{ 652 int *credits; 653 654 credits = server->ops->get_credits_field(server, flags & CIFS_OP_MASK); 655 656 spin_lock(&server->req_lock); 657 if (*credits < num) { 658 /* 659 * If the server is tight on resources or just gives us less 660 * credits for other reasons (e.g. requests are coming out of 661 * order and the server delays granting more credits until it 662 * processes a missing mid) and we exhausted most available 663 * credits there may be situations when we try to send 664 * a compound request but we don't have enough credits. At this 665 * point the client needs to decide if it should wait for 666 * additional credits or fail the request. If at least one 667 * request is in flight there is a high probability that the 668 * server will return enough credits to satisfy this compound 669 * request. 670 * 671 * Return immediately if no requests in flight since we will be 672 * stuck on waiting for credits. 673 */ 674 if (server->in_flight == 0) { 675 spin_unlock(&server->req_lock); 676 return -ENOTSUPP; 677 } 678 } 679 spin_unlock(&server->req_lock); 680 681 return wait_for_free_credits(server, num, 60000, flags, 682 instance); 683} 684 685int 686cifs_wait_mtu_credits(struct TCP_Server_Info *server, unsigned int size, 687 unsigned int *num, struct cifs_credits *credits) 688{ 689 *num = size; 690 credits->value = 0; 691 credits->instance = server->reconnect_instance; 692 return 0; 693} 694 695static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf, 696 struct mid_q_entry **ppmidQ) 697{ 698 if (ses->server->tcpStatus == CifsExiting) { 699 return -ENOENT; 700 } 701 702 if (ses->server->tcpStatus == CifsNeedReconnect) { 703 cifs_dbg(FYI, "tcp session dead - return to caller to retry\n"); 704 return -EAGAIN; 705 } 706 707 if (ses->status == CifsNew) { 708 if ((in_buf->Command != SMB_COM_SESSION_SETUP_ANDX) && 709 (in_buf->Command != SMB_COM_NEGOTIATE)) 710 return -EAGAIN; 711 /* else ok - we are setting up session */ 712 } 713 714 if (ses->status == CifsExiting) { 715 /* check if SMB session is bad because we are setting it up */ 716 if (in_buf->Command != SMB_COM_LOGOFF_ANDX) 717 return -EAGAIN; 718 /* else ok - we are shutting down session */ 719 } 720 721 *ppmidQ = AllocMidQEntry(in_buf, ses->server); 722 if (*ppmidQ == NULL) 723 return -ENOMEM; 724 spin_lock(&GlobalMid_Lock); 725 list_add_tail(&(*ppmidQ)->qhead, &ses->server->pending_mid_q); 726 spin_unlock(&GlobalMid_Lock); 727 return 0; 728} 729 730static int 731wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ) 732{ 733 int error; 734 735 error = wait_event_freezekillable_unsafe(server->response_q, 736 midQ->mid_state != MID_REQUEST_SUBMITTED); 737 if (error < 0) 738 return -ERESTARTSYS; 739 740 return 0; 741} 742 743struct mid_q_entry * 744cifs_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst) 745{ 746 int rc; 747 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 748 struct mid_q_entry *mid; 749 750 if (rqst->rq_iov[0].iov_len != 4 || 751 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base) 752 return ERR_PTR(-EIO); 753 754 /* enable signing if server requires it */ 755 if (server->sign) 756 hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE; 757 758 mid = AllocMidQEntry(hdr, server); 759 if (mid == NULL) 760 return ERR_PTR(-ENOMEM); 761 762 rc = cifs_sign_rqst(rqst, server, &mid->sequence_number); 763 if (rc) { 764 DeleteMidQEntry(mid); 765 return ERR_PTR(rc); 766 } 767 768 return mid; 769} 770 771/* 772 * Send a SMB request and set the callback function in the mid to handle 773 * the result. Caller is responsible for dealing with timeouts. 774 */ 775int 776cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst, 777 mid_receive_t *receive, mid_callback_t *callback, 778 mid_handle_t *handle, void *cbdata, const int flags, 779 const struct cifs_credits *exist_credits) 780{ 781 int rc; 782 struct mid_q_entry *mid; 783 struct cifs_credits credits = { .value = 0, .instance = 0 }; 784 unsigned int instance; 785 int optype; 786 787 optype = flags & CIFS_OP_MASK; 788 789 if ((flags & CIFS_HAS_CREDITS) == 0) { 790 rc = wait_for_free_request(server, flags, &instance); 791 if (rc) 792 return rc; 793 credits.value = 1; 794 credits.instance = instance; 795 } else 796 instance = exist_credits->instance; 797 798 mutex_lock(&server->srv_mutex); 799 800 /* 801 * We can't use credits obtained from the previous session to send this 802 * request. Check if there were reconnects after we obtained credits and 803 * return -EAGAIN in such cases to let callers handle it. 804 */ 805 if (instance != server->reconnect_instance) { 806 mutex_unlock(&server->srv_mutex); 807 add_credits_and_wake_if(server, &credits, optype); 808 return -EAGAIN; 809 } 810 811 mid = server->ops->setup_async_request(server, rqst); 812 if (IS_ERR(mid)) { 813 mutex_unlock(&server->srv_mutex); 814 add_credits_and_wake_if(server, &credits, optype); 815 return PTR_ERR(mid); 816 } 817 818 mid->receive = receive; 819 mid->callback = callback; 820 mid->callback_data = cbdata; 821 mid->handle = handle; 822 mid->mid_state = MID_REQUEST_SUBMITTED; 823 824 /* put it on the pending_mid_q */ 825 spin_lock(&GlobalMid_Lock); 826 list_add_tail(&mid->qhead, &server->pending_mid_q); 827 spin_unlock(&GlobalMid_Lock); 828 829 /* 830 * Need to store the time in mid before calling I/O. For call_async, 831 * I/O response may come back and free the mid entry on another thread. 832 */ 833 cifs_save_when_sent(mid); 834 rc = smb_send_rqst(server, 1, rqst, flags); 835 836 if (rc < 0) { 837 revert_current_mid(server, mid->credits); 838 server->sequence_number -= 2; 839 cifs_delete_mid(mid); 840 } 841 842 mutex_unlock(&server->srv_mutex); 843 844 if (rc == 0) 845 return 0; 846 847 add_credits_and_wake_if(server, &credits, optype); 848 return rc; 849} 850 851/* 852 * 853 * Send an SMB Request. No response info (other than return code) 854 * needs to be parsed. 855 * 856 * flags indicate the type of request buffer and how long to wait 857 * and whether to log NT STATUS code (error) before mapping it to POSIX error 858 * 859 */ 860int 861SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses, 862 char *in_buf, int flags) 863{ 864 int rc; 865 struct kvec iov[1]; 866 struct kvec rsp_iov; 867 int resp_buf_type; 868 869 iov[0].iov_base = in_buf; 870 iov[0].iov_len = get_rfc1002_length(in_buf) + 4; 871 flags |= CIFS_NO_RSP_BUF; 872 rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags, &rsp_iov); 873 cifs_dbg(NOISY, "SendRcvNoRsp flags %d rc %d\n", flags, rc); 874 875 return rc; 876} 877 878static int 879cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) 880{ 881 int rc = 0; 882 883 cifs_dbg(FYI, "%s: cmd=%d mid=%llu state=%d\n", 884 __func__, le16_to_cpu(mid->command), mid->mid, mid->mid_state); 885 886 spin_lock(&GlobalMid_Lock); 887 switch (mid->mid_state) { 888 case MID_RESPONSE_RECEIVED: 889 spin_unlock(&GlobalMid_Lock); 890 return rc; 891 case MID_RETRY_NEEDED: 892 rc = -EAGAIN; 893 break; 894 case MID_RESPONSE_MALFORMED: 895 rc = -EIO; 896 break; 897 case MID_SHUTDOWN: 898 rc = -EHOSTDOWN; 899 break; 900 default: 901 if (!(mid->mid_flags & MID_DELETED)) { 902 list_del_init(&mid->qhead); 903 mid->mid_flags |= MID_DELETED; 904 } 905 cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", 906 __func__, mid->mid, mid->mid_state); 907 rc = -EIO; 908 } 909 spin_unlock(&GlobalMid_Lock); 910 911 DeleteMidQEntry(mid); 912 return rc; 913} 914 915static inline int 916send_cancel(struct TCP_Server_Info *server, struct smb_rqst *rqst, 917 struct mid_q_entry *mid) 918{ 919 return server->ops->send_cancel ? 920 server->ops->send_cancel(server, rqst, mid) : 0; 921} 922 923int 924cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server, 925 bool log_error) 926{ 927 unsigned int len = get_rfc1002_length(mid->resp_buf) + 4; 928 929 dump_smb(mid->resp_buf, min_t(u32, 92, len)); 930 931 /* convert the length into a more usable form */ 932 if (server->sign) { 933 struct kvec iov[2]; 934 int rc = 0; 935 struct smb_rqst rqst = { .rq_iov = iov, 936 .rq_nvec = 2 }; 937 938 iov[0].iov_base = mid->resp_buf; 939 iov[0].iov_len = 4; 940 iov[1].iov_base = (char *)mid->resp_buf + 4; 941 iov[1].iov_len = len - 4; 942 /* FIXME: add code to kill session */ 943 rc = cifs_verify_signature(&rqst, server, 944 mid->sequence_number); 945 if (rc) 946 cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n", 947 rc); 948 } 949 950 /* BB special case reconnect tid and uid here? */ 951 return map_and_check_smb_error(mid, log_error); 952} 953 954struct mid_q_entry * 955cifs_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *ignored, 956 struct smb_rqst *rqst) 957{ 958 int rc; 959 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base; 960 struct mid_q_entry *mid; 961 962 if (rqst->rq_iov[0].iov_len != 4 || 963 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base) 964 return ERR_PTR(-EIO); 965 966 rc = allocate_mid(ses, hdr, &mid); 967 if (rc) 968 return ERR_PTR(rc); 969 rc = cifs_sign_rqst(rqst, ses->server, &mid->sequence_number); 970 if (rc) { 971 cifs_delete_mid(mid); 972 return ERR_PTR(rc); 973 } 974 return mid; 975} 976 977static void 978cifs_compound_callback(struct mid_q_entry *mid) 979{ 980 struct TCP_Server_Info *server = mid->server; 981 struct cifs_credits credits; 982 983 credits.value = server->ops->get_credits(mid); 984 credits.instance = server->reconnect_instance; 985 986 add_credits(server, &credits, mid->optype); 987} 988 989static void 990cifs_compound_last_callback(struct mid_q_entry *mid) 991{ 992 cifs_compound_callback(mid); 993 cifs_wake_up_task(mid); 994} 995 996static void 997cifs_cancelled_callback(struct mid_q_entry *mid) 998{ 999 cifs_compound_callback(mid); 1000 DeleteMidQEntry(mid); 1001} 1002 1003/* 1004 * Return a channel (master if none) of @ses that can be used to send 1005 * regular requests. 1006 * 1007 * If we are currently binding a new channel (negprot/sess.setup), 1008 * return the new incomplete channel. 1009 */ 1010struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) 1011{ 1012 uint index = 0; 1013 1014 if (!ses) 1015 return NULL; 1016 1017 if (!ses->binding) { 1018 /* round robin */ 1019 if (ses->chan_count > 1) { 1020 index = (uint)atomic_inc_return(&ses->chan_seq); 1021 index %= ses->chan_count; 1022 } 1023 return ses->chans[index].server; 1024 } else { 1025 return cifs_ses_server(ses); 1026 } 1027} 1028 1029int 1030compound_send_recv(const unsigned int xid, struct cifs_ses *ses, 1031 struct TCP_Server_Info *server, 1032 const int flags, const int num_rqst, struct smb_rqst *rqst, 1033 int *resp_buf_type, struct kvec *resp_iov) 1034{ 1035 int i, j, optype, rc = 0; 1036 struct mid_q_entry *midQ[MAX_COMPOUND]; 1037 bool cancelled_mid[MAX_COMPOUND] = {false}; 1038 struct cifs_credits credits[MAX_COMPOUND] = { 1039 { .value = 0, .instance = 0 } 1040 }; 1041 unsigned int instance; 1042 char *buf; 1043 1044 optype = flags & CIFS_OP_MASK; 1045 1046 for (i = 0; i < num_rqst; i++) 1047 resp_buf_type[i] = CIFS_NO_BUFFER; /* no response buf yet */ 1048 1049 if (!ses || !ses->server || !server) { 1050 cifs_dbg(VFS, "Null session\n"); 1051 return -EIO; 1052 } 1053 1054 if (server->tcpStatus == CifsExiting) 1055 return -ENOENT; 1056 1057 /* 1058 * Wait for all the requests to become available. 1059 * This approach still leaves the possibility to be stuck waiting for 1060 * credits if the server doesn't grant credits to the outstanding 1061 * requests and if the client is completely idle, not generating any 1062 * other requests. 1063 * This can be handled by the eventual session reconnect. 1064 */ 1065 rc = wait_for_compound_request(server, num_rqst, flags, 1066 &instance); 1067 if (rc) 1068 return rc; 1069 1070 for (i = 0; i < num_rqst; i++) { 1071 credits[i].value = 1; 1072 credits[i].instance = instance; 1073 } 1074 1075 /* 1076 * Make sure that we sign in the same order that we send on this socket 1077 * and avoid races inside tcp sendmsg code that could cause corruption 1078 * of smb data. 1079 */ 1080 1081 mutex_lock(&server->srv_mutex); 1082 1083 /* 1084 * All the parts of the compound chain belong obtained credits from the 1085 * same session. We can not use credits obtained from the previous 1086 * session to send this request. Check if there were reconnects after 1087 * we obtained credits and return -EAGAIN in such cases to let callers 1088 * handle it. 1089 */ 1090 if (instance != server->reconnect_instance) { 1091 mutex_unlock(&server->srv_mutex); 1092 for (j = 0; j < num_rqst; j++) 1093 add_credits(server, &credits[j], optype); 1094 return -EAGAIN; 1095 } 1096 1097 for (i = 0; i < num_rqst; i++) { 1098 midQ[i] = server->ops->setup_request(ses, server, &rqst[i]); 1099 if (IS_ERR(midQ[i])) { 1100 revert_current_mid(server, i); 1101 for (j = 0; j < i; j++) 1102 cifs_delete_mid(midQ[j]); 1103 mutex_unlock(&server->srv_mutex); 1104 1105 /* Update # of requests on wire to server */ 1106 for (j = 0; j < num_rqst; j++) 1107 add_credits(server, &credits[j], optype); 1108 return PTR_ERR(midQ[i]); 1109 } 1110 1111 midQ[i]->mid_state = MID_REQUEST_SUBMITTED; 1112 midQ[i]->optype = optype; 1113 /* 1114 * Invoke callback for every part of the compound chain 1115 * to calculate credits properly. Wake up this thread only when 1116 * the last element is received. 1117 */ 1118 if (i < num_rqst - 1) 1119 midQ[i]->callback = cifs_compound_callback; 1120 else 1121 midQ[i]->callback = cifs_compound_last_callback; 1122 } 1123 rc = smb_send_rqst(server, num_rqst, rqst, flags); 1124 1125 for (i = 0; i < num_rqst; i++) 1126 cifs_save_when_sent(midQ[i]); 1127 1128 if (rc < 0) { 1129 revert_current_mid(server, num_rqst); 1130 server->sequence_number -= 2; 1131 } 1132 1133 mutex_unlock(&server->srv_mutex); 1134 1135 /* 1136 * If sending failed for some reason or it is an oplock break that we 1137 * will not receive a response to - return credits back 1138 */ 1139 if (rc < 0 || (flags & CIFS_NO_SRV_RSP)) { 1140 for (i = 0; i < num_rqst; i++) 1141 add_credits(server, &credits[i], optype); 1142 goto out; 1143 } 1144 1145 /* 1146 * At this point the request is passed to the network stack - we assume 1147 * that any credits taken from the server structure on the client have 1148 * been spent and we can't return them back. Once we receive responses 1149 * we will collect credits granted by the server in the mid callbacks 1150 * and add those credits to the server structure. 1151 */ 1152 1153 /* 1154 * Compounding is never used during session establish. 1155 */ 1156 if ((ses->status == CifsNew) || (optype & CIFS_NEG_OP)) { 1157 mutex_lock(&server->srv_mutex); 1158 smb311_update_preauth_hash(ses, rqst[0].rq_iov, 1159 rqst[0].rq_nvec); 1160 mutex_unlock(&server->srv_mutex); 1161 } 1162 1163 for (i = 0; i < num_rqst; i++) { 1164 rc = wait_for_response(server, midQ[i]); 1165 if (rc != 0) 1166 break; 1167 } 1168 if (rc != 0) { 1169 for (; i < num_rqst; i++) { 1170 cifs_server_dbg(FYI, "Cancelling wait for mid %llu cmd: %d\n", 1171 midQ[i]->mid, le16_to_cpu(midQ[i]->command)); 1172 send_cancel(server, &rqst[i], midQ[i]); 1173 spin_lock(&GlobalMid_Lock); 1174 midQ[i]->mid_flags |= MID_WAIT_CANCELLED; 1175 if (midQ[i]->mid_state == MID_REQUEST_SUBMITTED) { 1176 midQ[i]->callback = cifs_cancelled_callback; 1177 cancelled_mid[i] = true; 1178 credits[i].value = 0; 1179 } 1180 spin_unlock(&GlobalMid_Lock); 1181 } 1182 } 1183 1184 for (i = 0; i < num_rqst; i++) { 1185 if (rc < 0) 1186 goto out; 1187 1188 rc = cifs_sync_mid_result(midQ[i], server); 1189 if (rc != 0) { 1190 /* mark this mid as cancelled to not free it below */ 1191 cancelled_mid[i] = true; 1192 goto out; 1193 } 1194 1195 if (!midQ[i]->resp_buf || 1196 midQ[i]->mid_state != MID_RESPONSE_RECEIVED) { 1197 rc = -EIO; 1198 cifs_dbg(FYI, "Bad MID state?\n"); 1199 goto out; 1200 } 1201 1202 buf = (char *)midQ[i]->resp_buf; 1203 resp_iov[i].iov_base = buf; 1204 resp_iov[i].iov_len = midQ[i]->resp_buf_size + 1205 server->vals->header_preamble_size; 1206 1207 if (midQ[i]->large_buf) 1208 resp_buf_type[i] = CIFS_LARGE_BUFFER; 1209 else 1210 resp_buf_type[i] = CIFS_SMALL_BUFFER; 1211 1212 rc = server->ops->check_receive(midQ[i], server, 1213 flags & CIFS_LOG_ERROR); 1214 1215 /* mark it so buf will not be freed by cifs_delete_mid */ 1216 if ((flags & CIFS_NO_RSP_BUF) == 0) 1217 midQ[i]->resp_buf = NULL; 1218 1219 } 1220 1221 /* 1222 * Compounding is never used during session establish. 1223 */ 1224 if ((ses->status == CifsNew) || (optype & CIFS_NEG_OP)) { 1225 struct kvec iov = { 1226 .iov_base = resp_iov[0].iov_base, 1227 .iov_len = resp_iov[0].iov_len 1228 }; 1229 mutex_lock(&server->srv_mutex); 1230 smb311_update_preauth_hash(ses, &iov, 1); 1231 mutex_unlock(&server->srv_mutex); 1232 } 1233 1234out: 1235 /* 1236 * This will dequeue all mids. After this it is important that the 1237 * demultiplex_thread will not process any of these mids any futher. 1238 * This is prevented above by using a noop callback that will not 1239 * wake this thread except for the very last PDU. 1240 */ 1241 for (i = 0; i < num_rqst; i++) { 1242 if (!cancelled_mid[i]) 1243 cifs_delete_mid(midQ[i]); 1244 } 1245 1246 return rc; 1247} 1248 1249int 1250cifs_send_recv(const unsigned int xid, struct cifs_ses *ses, 1251 struct TCP_Server_Info *server, 1252 struct smb_rqst *rqst, int *resp_buf_type, const int flags, 1253 struct kvec *resp_iov) 1254{ 1255 return compound_send_recv(xid, ses, server, flags, 1, 1256 rqst, resp_buf_type, resp_iov); 1257} 1258 1259int 1260SendReceive2(const unsigned int xid, struct cifs_ses *ses, 1261 struct kvec *iov, int n_vec, int *resp_buf_type /* ret */, 1262 const int flags, struct kvec *resp_iov) 1263{ 1264 struct smb_rqst rqst; 1265 struct kvec s_iov[CIFS_MAX_IOV_SIZE], *new_iov; 1266 int rc; 1267 1268 if (n_vec + 1 > CIFS_MAX_IOV_SIZE) { 1269 new_iov = kmalloc_array(n_vec + 1, sizeof(struct kvec), 1270 GFP_KERNEL); 1271 if (!new_iov) { 1272 /* otherwise cifs_send_recv below sets resp_buf_type */ 1273 *resp_buf_type = CIFS_NO_BUFFER; 1274 return -ENOMEM; 1275 } 1276 } else 1277 new_iov = s_iov; 1278 1279 /* 1st iov is a RFC1001 length followed by the rest of the packet */ 1280 memcpy(new_iov + 1, iov, (sizeof(struct kvec) * n_vec)); 1281 1282 new_iov[0].iov_base = new_iov[1].iov_base; 1283 new_iov[0].iov_len = 4; 1284 new_iov[1].iov_base += 4; 1285 new_iov[1].iov_len -= 4; 1286 1287 memset(&rqst, 0, sizeof(struct smb_rqst)); 1288 rqst.rq_iov = new_iov; 1289 rqst.rq_nvec = n_vec + 1; 1290 1291 rc = cifs_send_recv(xid, ses, ses->server, 1292 &rqst, resp_buf_type, flags, resp_iov); 1293 if (n_vec + 1 > CIFS_MAX_IOV_SIZE) 1294 kfree(new_iov); 1295 return rc; 1296} 1297 1298int 1299SendReceive(const unsigned int xid, struct cifs_ses *ses, 1300 struct smb_hdr *in_buf, struct smb_hdr *out_buf, 1301 int *pbytes_returned, const int flags) 1302{ 1303 int rc = 0; 1304 struct mid_q_entry *midQ; 1305 unsigned int len = be32_to_cpu(in_buf->smb_buf_length); 1306 struct kvec iov = { .iov_base = in_buf, .iov_len = len }; 1307 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 }; 1308 struct cifs_credits credits = { .value = 1, .instance = 0 }; 1309 struct TCP_Server_Info *server; 1310 1311 if (ses == NULL) { 1312 cifs_dbg(VFS, "Null smb session\n"); 1313 return -EIO; 1314 } 1315 server = ses->server; 1316 if (server == NULL) { 1317 cifs_dbg(VFS, "Null tcp session\n"); 1318 return -EIO; 1319 } 1320 1321 if (server->tcpStatus == CifsExiting) 1322 return -ENOENT; 1323 1324 /* Ensure that we do not send more than 50 overlapping requests 1325 to the same server. We may make this configurable later or 1326 use ses->maxReq */ 1327 1328 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { 1329 cifs_server_dbg(VFS, "Invalid length, greater than maximum frame, %d\n", 1330 len); 1331 return -EIO; 1332 } 1333 1334 rc = wait_for_free_request(server, flags, &credits.instance); 1335 if (rc) 1336 return rc; 1337 1338 /* make sure that we sign in the same order that we send on this socket 1339 and avoid races inside tcp sendmsg code that could cause corruption 1340 of smb data */ 1341 1342 mutex_lock(&server->srv_mutex); 1343 1344 rc = allocate_mid(ses, in_buf, &midQ); 1345 if (rc) { 1346 mutex_unlock(&server->srv_mutex); 1347 /* Update # of requests on wire to server */ 1348 add_credits(server, &credits, 0); 1349 return rc; 1350 } 1351 1352 rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number); 1353 if (rc) { 1354 mutex_unlock(&server->srv_mutex); 1355 goto out; 1356 } 1357 1358 midQ->mid_state = MID_REQUEST_SUBMITTED; 1359 1360 rc = smb_send(server, in_buf, len); 1361 cifs_save_when_sent(midQ); 1362 1363 if (rc < 0) 1364 server->sequence_number -= 2; 1365 1366 mutex_unlock(&server->srv_mutex); 1367 1368 if (rc < 0) 1369 goto out; 1370 1371 rc = wait_for_response(server, midQ); 1372 if (rc != 0) { 1373 send_cancel(server, &rqst, midQ); 1374 spin_lock(&GlobalMid_Lock); 1375 if (midQ->mid_state == MID_REQUEST_SUBMITTED) { 1376 /* no longer considered to be "in-flight" */ 1377 midQ->callback = DeleteMidQEntry; 1378 spin_unlock(&GlobalMid_Lock); 1379 add_credits(server, &credits, 0); 1380 return rc; 1381 } 1382 spin_unlock(&GlobalMid_Lock); 1383 } 1384 1385 rc = cifs_sync_mid_result(midQ, server); 1386 if (rc != 0) { 1387 add_credits(server, &credits, 0); 1388 return rc; 1389 } 1390 1391 if (!midQ->resp_buf || !out_buf || 1392 midQ->mid_state != MID_RESPONSE_RECEIVED) { 1393 rc = -EIO; 1394 cifs_server_dbg(VFS, "Bad MID state?\n"); 1395 goto out; 1396 } 1397 1398 *pbytes_returned = get_rfc1002_length(midQ->resp_buf); 1399 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4); 1400 rc = cifs_check_receive(midQ, server, 0); 1401out: 1402 cifs_delete_mid(midQ); 1403 add_credits(server, &credits, 0); 1404 1405 return rc; 1406} 1407 1408/* We send a LOCKINGX_CANCEL_LOCK to cause the Windows 1409 blocking lock to return. */ 1410 1411static int 1412send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon, 1413 struct smb_hdr *in_buf, 1414 struct smb_hdr *out_buf) 1415{ 1416 int bytes_returned; 1417 struct cifs_ses *ses = tcon->ses; 1418 LOCK_REQ *pSMB = (LOCK_REQ *)in_buf; 1419 1420 /* We just modify the current in_buf to change 1421 the type of lock from LOCKING_ANDX_SHARED_LOCK 1422 or LOCKING_ANDX_EXCLUSIVE_LOCK to 1423 LOCKING_ANDX_CANCEL_LOCK. */ 1424 1425 pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES; 1426 pSMB->Timeout = 0; 1427 pSMB->hdr.Mid = get_next_mid(ses->server); 1428 1429 return SendReceive(xid, ses, in_buf, out_buf, 1430 &bytes_returned, 0); 1431} 1432 1433int 1434SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon, 1435 struct smb_hdr *in_buf, struct smb_hdr *out_buf, 1436 int *pbytes_returned) 1437{ 1438 int rc = 0; 1439 int rstart = 0; 1440 struct mid_q_entry *midQ; 1441 struct cifs_ses *ses; 1442 unsigned int len = be32_to_cpu(in_buf->smb_buf_length); 1443 struct kvec iov = { .iov_base = in_buf, .iov_len = len }; 1444 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 }; 1445 unsigned int instance; 1446 struct TCP_Server_Info *server; 1447 1448 if (tcon == NULL || tcon->ses == NULL) { 1449 cifs_dbg(VFS, "Null smb session\n"); 1450 return -EIO; 1451 } 1452 ses = tcon->ses; 1453 server = ses->server; 1454 1455 if (server == NULL) { 1456 cifs_dbg(VFS, "Null tcp session\n"); 1457 return -EIO; 1458 } 1459 1460 if (server->tcpStatus == CifsExiting) 1461 return -ENOENT; 1462 1463 /* Ensure that we do not send more than 50 overlapping requests 1464 to the same server. We may make this configurable later or 1465 use ses->maxReq */ 1466 1467 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { 1468 cifs_tcon_dbg(VFS, "Invalid length, greater than maximum frame, %d\n", 1469 len); 1470 return -EIO; 1471 } 1472 1473 rc = wait_for_free_request(server, CIFS_BLOCKING_OP, &instance); 1474 if (rc) 1475 return rc; 1476 1477 /* make sure that we sign in the same order that we send on this socket 1478 and avoid races inside tcp sendmsg code that could cause corruption 1479 of smb data */ 1480 1481 mutex_lock(&server->srv_mutex); 1482 1483 rc = allocate_mid(ses, in_buf, &midQ); 1484 if (rc) { 1485 mutex_unlock(&server->srv_mutex); 1486 return rc; 1487 } 1488 1489 rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number); 1490 if (rc) { 1491 cifs_delete_mid(midQ); 1492 mutex_unlock(&server->srv_mutex); 1493 return rc; 1494 } 1495 1496 midQ->mid_state = MID_REQUEST_SUBMITTED; 1497 rc = smb_send(server, in_buf, len); 1498 cifs_save_when_sent(midQ); 1499 1500 if (rc < 0) 1501 server->sequence_number -= 2; 1502 1503 mutex_unlock(&server->srv_mutex); 1504 1505 if (rc < 0) { 1506 cifs_delete_mid(midQ); 1507 return rc; 1508 } 1509 1510 /* Wait for a reply - allow signals to interrupt. */ 1511 rc = wait_event_interruptible(server->response_q, 1512 (!(midQ->mid_state == MID_REQUEST_SUBMITTED)) || 1513 ((server->tcpStatus != CifsGood) && 1514 (server->tcpStatus != CifsNew))); 1515 1516 /* Were we interrupted by a signal ? */ 1517 if ((rc == -ERESTARTSYS) && 1518 (midQ->mid_state == MID_REQUEST_SUBMITTED) && 1519 ((server->tcpStatus == CifsGood) || 1520 (server->tcpStatus == CifsNew))) { 1521 1522 if (in_buf->Command == SMB_COM_TRANSACTION2) { 1523 /* POSIX lock. We send a NT_CANCEL SMB to cause the 1524 blocking lock to return. */ 1525 rc = send_cancel(server, &rqst, midQ); 1526 if (rc) { 1527 cifs_delete_mid(midQ); 1528 return rc; 1529 } 1530 } else { 1531 /* Windows lock. We send a LOCKINGX_CANCEL_LOCK 1532 to cause the blocking lock to return. */ 1533 1534 rc = send_lock_cancel(xid, tcon, in_buf, out_buf); 1535 1536 /* If we get -ENOLCK back the lock may have 1537 already been removed. Don't exit in this case. */ 1538 if (rc && rc != -ENOLCK) { 1539 cifs_delete_mid(midQ); 1540 return rc; 1541 } 1542 } 1543 1544 rc = wait_for_response(server, midQ); 1545 if (rc) { 1546 send_cancel(server, &rqst, midQ); 1547 spin_lock(&GlobalMid_Lock); 1548 if (midQ->mid_state == MID_REQUEST_SUBMITTED) { 1549 /* no longer considered to be "in-flight" */ 1550 midQ->callback = DeleteMidQEntry; 1551 spin_unlock(&GlobalMid_Lock); 1552 return rc; 1553 } 1554 spin_unlock(&GlobalMid_Lock); 1555 } 1556 1557 /* We got the response - restart system call. */ 1558 rstart = 1; 1559 } 1560 1561 rc = cifs_sync_mid_result(midQ, server); 1562 if (rc != 0) 1563 return rc; 1564 1565 /* rcvd frame is ok */ 1566 if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_RECEIVED) { 1567 rc = -EIO; 1568 cifs_tcon_dbg(VFS, "Bad MID state?\n"); 1569 goto out; 1570 } 1571 1572 *pbytes_returned = get_rfc1002_length(midQ->resp_buf); 1573 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4); 1574 rc = cifs_check_receive(midQ, server, 0); 1575out: 1576 cifs_delete_mid(midQ); 1577 if (rstart && rc == -EACCES) 1578 return -ERESTARTSYS; 1579 return rc; 1580} 1581