1 /*
2 * fs/cifs/transport.c
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 * Jeremy Allison (jra@samba.org) 2006.
7 *
8 * This library is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU Lesser General Public License as published
10 * by the Free Software Foundation; either version 2.1 of the License, or
11 * (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
16 * the GNU Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this library; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 #include <linux/fs.h>
24 #include <linux/list.h>
25 #include <linux/gfp.h>
26 #include <linux/wait.h>
27 #include <linux/net.h>
28 #include <linux/delay.h>
29 #include <linux/freezer.h>
30 #include <linux/tcp.h>
31 #include <linux/bvec.h>
32 #include <linux/highmem.h>
33 #include <linux/uaccess.h>
34 #include <asm/processor.h>
35 #include <linux/mempool.h>
36 #include "cifspdu.h"
37 #include "cifsglob.h"
38 #include "cifsproto.h"
39 #include "cifs_debug.h"
40 #include "smb2proto.h"
41 #include "smbdirect.h"
43 /* Max number of iovectors we can use off the stack when sending requests. */
44 #define CIFS_MAX_IOV_SIZE 8
46 void
47 cifs_wake_up_task(struct mid_q_entry *mid)
48 {
49 wake_up_process(mid->callback_data);
50 }
52 struct mid_q_entry *
53 AllocMidQEntry(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server)
54 {
55 struct mid_q_entry *temp;
57 if (server == NULL) {
58 cifs_dbg(VFS, "Null TCP session in AllocMidQEntry\n");
59 return NULL;
60 }
62 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
63 memset(temp, 0, sizeof(struct mid_q_entry));
64 kref_init(&temp->refcount);
65 temp->mid = get_mid(smb_buffer);
66 temp->pid = current->pid;
67 temp->command = cpu_to_le16(smb_buffer->Command);
68 cifs_dbg(FYI, "For smb_command %d\n", smb_buffer->Command);
69 /* do_gettimeofday(&temp->when_sent);*/ /* easier to use jiffies */
70 /* when mid allocated can be before when sent */
71 temp->when_alloc = jiffies;
72 temp->server = server;
74 /*
75 * The default is for the mid to be synchronous, so the
76 * default callback just wakes up the current task.
77 */
78 temp->callback = cifs_wake_up_task;
79 temp->callback_data = current;
81 atomic_inc(&midCount);
82 temp->mid_state = MID_REQUEST_ALLOCATED;
83 return temp;
84 }
86 static void _cifs_mid_q_entry_release(struct kref *refcount)
87 {
88 struct mid_q_entry *mid = container_of(refcount, struct mid_q_entry,
89 refcount);
91 mempool_free(mid, cifs_mid_poolp);
92 }
94 void cifs_mid_q_entry_release(struct mid_q_entry *midEntry)
95 {
96 spin_lock(&GlobalMid_Lock);
97 kref_put(&midEntry->refcount, _cifs_mid_q_entry_release);
98 spin_unlock(&GlobalMid_Lock);
99 }
101 void
102 DeleteMidQEntry(struct mid_q_entry *midEntry)
103 {
104 #ifdef CONFIG_CIFS_STATS2
105 __le16 command = midEntry->server->vals->lock_cmd;
106 unsigned long now;
107 #endif
108 midEntry->mid_state = MID_FREE;
109 atomic_dec(&midCount);
110 if (midEntry->large_buf)
111 cifs_buf_release(midEntry->resp_buf);
112 else
113 cifs_small_buf_release(midEntry->resp_buf);
114 #ifdef CONFIG_CIFS_STATS2
115 now = jiffies;
116 /* commands taking longer than one second are indications that
117 something is wrong, unless it is quite a slow link or server */
118 if (time_after(now, midEntry->when_alloc + HZ) &&
119 (midEntry->command != command)) {
120 /* smb2slowcmd[NUMBER_OF_SMB2_COMMANDS] counts by command */
121 if ((le16_to_cpu(midEntry->command) < NUMBER_OF_SMB2_COMMANDS) &&
122 (le16_to_cpu(midEntry->command) >= 0))
123 cifs_stats_inc(&midEntry->server->smb2slowcmd[le16_to_cpu(midEntry->command)]);
125 trace_smb3_slow_rsp(le16_to_cpu(midEntry->command),
126 midEntry->mid, midEntry->pid,
127 midEntry->when_sent, midEntry->when_received);
128 if (cifsFYI & CIFS_TIMER) {
129 pr_debug(" CIFS slow rsp: cmd %d mid %llu",
130 midEntry->command, midEntry->mid);
131 pr_info(" A: 0x%lx S: 0x%lx R: 0x%lx\n",
132 now - midEntry->when_alloc,
133 now - midEntry->when_sent,
134 now - midEntry->when_received);
135 }
136 }
137 #endif
138 cifs_mid_q_entry_release(midEntry);
139 }
141 void
142 cifs_delete_mid(struct mid_q_entry *mid)
143 {
144 spin_lock(&GlobalMid_Lock);
145 list_del_init(&mid->qhead);
146 mid->mid_flags |= MID_DELETED;
147 spin_unlock(&GlobalMid_Lock);
149 DeleteMidQEntry(mid);
150 }
152 /*
153 * smb_send_kvec - send an array of kvecs to the server
154 * @server: Server to send the data to
155 * @smb_msg: Message to send
156 * @sent: amount of data sent on socket is stored here
157 *
158 * Our basic "send data to server" function. Should be called with srv_mutex
159 * held. The caller is responsible for handling the results.
160 */
161 static int
162 smb_send_kvec(struct TCP_Server_Info *server, struct msghdr *smb_msg,
163 size_t *sent)
164 {
165 int rc = 0;
166 int retries = 0;
167 struct socket *ssocket = server->ssocket;
169 *sent = 0;
171 smb_msg->msg_name = (struct sockaddr *) &server->dstaddr;
172 smb_msg->msg_namelen = sizeof(struct sockaddr);
173 smb_msg->msg_control = NULL;
174 smb_msg->msg_controllen = 0;
175 if (server->noblocksnd)
176 smb_msg->msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL;
177 else
178 smb_msg->msg_flags = MSG_NOSIGNAL;
180 while (msg_data_left(smb_msg)) {
181 /*
182 * If blocking send, we try 3 times, since each can block
183 * for 5 seconds. For nonblocking we have to try more
184 * but wait increasing amounts of time allowing time for
185 * socket to clear. The overall time we wait in either
186 * case to send on the socket is about 15 seconds.
187 * Similarly we wait for 15 seconds for a response from
188 * the server in SendReceive[2] for the server to send
189 * a response back for most types of requests (except
190 * SMB Write past end of file which can be slow, and
191 * blocking lock operations). NFS waits slightly longer
192 * than CIFS, but this can make it take longer for
193 * nonresponsive servers to be detected and 15 seconds
194 * is more than enough time for modern networks to
195 * send a packet. In most cases if we fail to send
196 * after the retries we will kill the socket and
197 * reconnect which may clear the network problem.
198 */
199 rc = sock_sendmsg(ssocket, smb_msg);
200 if (rc == -EAGAIN) {
201 retries++;
202 if (retries >= 14 ||
203 (!server->noblocksnd && (retries > 2))) {
204 cifs_dbg(VFS, "sends on sock %p stuck for 15 seconds\n",
205 ssocket);
206 return -EAGAIN;
207 }
208 msleep(1 << retries);
209 continue;
210 }
212 if (rc < 0)
213 return rc;
215 if (rc == 0) {
216 /* should never happen, letting socket clear before
217 retrying is our only obvious option here */
218 cifs_dbg(VFS, "tcp sent no data\n");
219 msleep(500);
220 continue;
221 }
223 /* send was at least partially successful */
224 *sent += rc;
225 retries = 0; /* in case we get ENOSPC on the next send */
226 }
227 return 0;
228 }
230 unsigned long
231 smb_rqst_len(struct TCP_Server_Info *server, struct smb_rqst *rqst)
232 {
233 unsigned int i;
234 struct kvec *iov;
235 int nvec;
236 unsigned long buflen = 0;
238 if (server->vals->header_preamble_size == 0 &&
239 rqst->rq_nvec >= 2 && rqst->rq_iov[0].iov_len == 4) {
240 iov = &rqst->rq_iov[1];
241 nvec = rqst->rq_nvec - 1;
242 } else {
243 iov = rqst->rq_iov;
244 nvec = rqst->rq_nvec;
245 }
247 /* total up iov array first */
248 for (i = 0; i < nvec; i++)
249 buflen += iov[i].iov_len;
251 /*
252 * Add in the page array if there is one. The caller needs to make
253 * sure rq_offset and rq_tailsz are set correctly. If a buffer of
254 * multiple pages ends at page boundary, rq_tailsz needs to be set to
255 * PAGE_SIZE.
256 */
257 if (rqst->rq_npages) {
258 if (rqst->rq_npages == 1)
259 buflen += rqst->rq_tailsz;
260 else {
261 /*
262 * If there is more than one page, calculate the
263 * buffer length based on rq_offset and rq_tailsz
264 */
265 buflen += rqst->rq_pagesz * (rqst->rq_npages - 1) -
266 rqst->rq_offset;
267 buflen += rqst->rq_tailsz;
268 }
269 }
271 return buflen;
272 }
274 static int
275 __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
276 struct smb_rqst *rqst)
277 {
278 int rc = 0;
279 struct kvec *iov;
280 int n_vec;
281 unsigned int send_length = 0;
282 unsigned int i, j;
283 size_t total_len = 0, sent, size;
284 struct socket *ssocket = server->ssocket;
285 struct msghdr smb_msg;
286 int val = 1;
287 __be32 rfc1002_marker;
289 if (cifs_rdma_enabled(server) && server->smbd_conn) {
290 rc = smbd_send(server, rqst);
291 goto smbd_done;
292 }
293 if (ssocket == NULL)
294 return -ENOTSOCK;
296 /* cork the socket */
297 kernel_setsockopt(ssocket, SOL_TCP, TCP_CORK,
298 (char *)&val, sizeof(val));
300 for (j = 0; j < num_rqst; j++)
301 send_length += smb_rqst_len(server, &rqst[j]);
302 rfc1002_marker = cpu_to_be32(send_length);
304 /* Generate a rfc1002 marker for SMB2+ */
305 if (server->vals->header_preamble_size == 0) {
306 struct kvec hiov = {
307 .iov_base = &rfc1002_marker,
308 .iov_len = 4
309 };
310 iov_iter_kvec(&smb_msg.msg_iter, WRITE | ITER_KVEC, &hiov,
311 1, 4);
312 rc = smb_send_kvec(server, &smb_msg, &sent);
313 if (rc < 0)
314 goto uncork;
316 total_len += sent;
317 send_length += 4;
318 }
320 cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length);
322 for (j = 0; j < num_rqst; j++) {
323 iov = rqst[j].rq_iov;
324 n_vec = rqst[j].rq_nvec;
326 size = 0;
327 for (i = 0; i < n_vec; i++) {
328 dump_smb(iov[i].iov_base, iov[i].iov_len);
329 size += iov[i].iov_len;
330 }
332 iov_iter_kvec(&smb_msg.msg_iter, WRITE | ITER_KVEC,
333 iov, n_vec, size);
335 rc = smb_send_kvec(server, &smb_msg, &sent);
336 if (rc < 0)
337 goto uncork;
339 total_len += sent;
341 /* now walk the page array and send each page in it */
342 for (i = 0; i < rqst[j].rq_npages; i++) {
343 struct bio_vec bvec;
345 bvec.bv_page = rqst[j].rq_pages[i];
346 rqst_page_get_length(&rqst[j], i, &bvec.bv_len,
347 &bvec.bv_offset);
349 iov_iter_bvec(&smb_msg.msg_iter, WRITE | ITER_BVEC,
350 &bvec, 1, bvec.bv_len);
351 rc = smb_send_kvec(server, &smb_msg, &sent);
352 if (rc < 0)
353 break;
355 total_len += sent;
356 }
357 }
359 uncork:
360 /* uncork it */
361 val = 0;
362 kernel_setsockopt(ssocket, SOL_TCP, TCP_CORK,
363 (char *)&val, sizeof(val));
365 if ((total_len > 0) && (total_len != send_length)) {
366 cifs_dbg(FYI, "partial send (wanted=%u sent=%zu): terminating session\n",
367 send_length, total_len);
368 /*
369 * If we have only sent part of an SMB then the next SMB could
370 * be taken as the remainder of this one. We need to kill the
371 * socket so the server throws away the partial SMB
372 */
373 server->tcpStatus = CifsNeedReconnect;
374 trace_smb3_partial_send_reconnect(server->CurrentMid,
375 server->hostname);
376 }
377 smbd_done:
378 if (rc < 0 && rc != -EINTR)
379 cifs_dbg(VFS, "Error %d sending data on socket to server\n",
380 rc);
381 else
382 rc = 0;
384 return rc;
385 }
387 static int
388 smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
389 struct smb_rqst *rqst, int flags)
390 {
391 struct kvec iov;
392 struct smb2_transform_hdr tr_hdr;
393 struct smb_rqst cur_rqst[MAX_COMPOUND];
394 int rc;
396 if (!(flags & CIFS_TRANSFORM_REQ))
397 return __smb_send_rqst(server, num_rqst, rqst);
399 if (num_rqst > MAX_COMPOUND - 1)
400 return -ENOMEM;
402 memset(&cur_rqst[0], 0, sizeof(cur_rqst));
403 memset(&iov, 0, sizeof(iov));
404 memset(&tr_hdr, 0, sizeof(tr_hdr));
406 iov.iov_base = &tr_hdr;
407 iov.iov_len = sizeof(tr_hdr);
408 cur_rqst[0].rq_iov = &iov;
409 cur_rqst[0].rq_nvec = 1;
411 if (!server->ops->init_transform_rq) {
412 cifs_dbg(VFS, "Encryption requested but transform callback "
413 "is missing\n");
414 return -EIO;
415 }
417 rc = server->ops->init_transform_rq(server, num_rqst + 1,
418 &cur_rqst[0], rqst);
419 if (rc)
420 return rc;
422 rc = __smb_send_rqst(server, num_rqst + 1, &cur_rqst[0]);
423 smb3_free_compound_rqst(num_rqst, &cur_rqst[1]);
424 return rc;
425 }
427 int
428 smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer,
429 unsigned int smb_buf_length)
430 {
431 struct kvec iov[2];
432 struct smb_rqst rqst = { .rq_iov = iov,
433 .rq_nvec = 2 };
435 iov[0].iov_base = smb_buffer;
436 iov[0].iov_len = 4;
437 iov[1].iov_base = (char *)smb_buffer + 4;
438 iov[1].iov_len = smb_buf_length;
440 return __smb_send_rqst(server, 1, &rqst);
441 }
443 static int
444 wait_for_free_credits(struct TCP_Server_Info *server, const int timeout,
445 int *credits)
446 {
447 int rc;
449 spin_lock(&server->req_lock);
450 if (timeout == CIFS_ASYNC_OP) {
451 /* oplock breaks must not be held up */
452 server->in_flight++;
453 *credits -= 1;
454 spin_unlock(&server->req_lock);
455 return 0;
456 }
458 while (1) {
459 if (*credits <= 0) {
460 spin_unlock(&server->req_lock);
461 cifs_num_waiters_inc(server);
462 rc = wait_event_killable(server->request_q,
463 has_credits(server, credits));
464 cifs_num_waiters_dec(server);
465 if (rc)
466 return rc;
467 spin_lock(&server->req_lock);
468 } else {
469 if (server->tcpStatus == CifsExiting) {
470 spin_unlock(&server->req_lock);
471 return -ENOENT;
472 }
474 /*
475 * Can not count locking commands against total
476 * as they are allowed to block on server.
477 */
479 /* update # of requests on the wire to server */
480 if (timeout != CIFS_BLOCKING_OP) {
481 *credits -= 1;
482 server->in_flight++;
483 }
484 spin_unlock(&server->req_lock);
485 break;
486 }
487 }
488 return 0;
489 }
491 static int
492 wait_for_free_request(struct TCP_Server_Info *server, const int timeout,
493 const int optype)
494 {
495 int *val;
497 val = server->ops->get_credits_field(server, optype);
498 /* Since an echo is already inflight, no need to wait to send another */
499 if (*val <= 0 && optype == CIFS_ECHO_OP)
500 return -EAGAIN;
501 return wait_for_free_credits(server, timeout, val);
502 }
504 int
505 cifs_wait_mtu_credits(struct TCP_Server_Info *server, unsigned int size,
506 unsigned int *num, unsigned int *credits)
507 {
508 *num = size;
509 *credits = 0;
510 return 0;
511 }
513 static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf,
514 struct mid_q_entry **ppmidQ)
515 {
516 if (ses->server->tcpStatus == CifsExiting) {
517 return -ENOENT;
518 }
520 if (ses->server->tcpStatus == CifsNeedReconnect) {
521 cifs_dbg(FYI, "tcp session dead - return to caller to retry\n");
522 return -EAGAIN;
523 }
525 if (ses->status == CifsNew) {
526 if ((in_buf->Command != SMB_COM_SESSION_SETUP_ANDX) &&
527 (in_buf->Command != SMB_COM_NEGOTIATE))
528 return -EAGAIN;
529 /* else ok - we are setting up session */
530 }
532 if (ses->status == CifsExiting) {
533 /* check if SMB session is bad because we are setting it up */
534 if (in_buf->Command != SMB_COM_LOGOFF_ANDX)
535 return -EAGAIN;
536 /* else ok - we are shutting down session */
537 }
539 *ppmidQ = AllocMidQEntry(in_buf, ses->server);
540 if (*ppmidQ == NULL)
541 return -ENOMEM;
542 spin_lock(&GlobalMid_Lock);
543 list_add_tail(&(*ppmidQ)->qhead, &ses->server->pending_mid_q);
544 spin_unlock(&GlobalMid_Lock);
545 return 0;
546 }
548 static int
549 wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ)
550 {
551 int error;
553 error = wait_event_freezekillable_unsafe(server->response_q,
554 midQ->mid_state != MID_REQUEST_SUBMITTED);
555 if (error < 0)
556 return -ERESTARTSYS;
558 return 0;
559 }
561 struct mid_q_entry *
562 cifs_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
563 {
564 int rc;
565 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
566 struct mid_q_entry *mid;
568 if (rqst->rq_iov[0].iov_len != 4 ||
569 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
570 return ERR_PTR(-EIO);
572 /* enable signing if server requires it */
573 if (server->sign)
574 hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
576 mid = AllocMidQEntry(hdr, server);
577 if (mid == NULL)
578 return ERR_PTR(-ENOMEM);
580 rc = cifs_sign_rqst(rqst, server, &mid->sequence_number);
581 if (rc) {
582 DeleteMidQEntry(mid);
583 return ERR_PTR(rc);
584 }
586 return mid;
587 }
589 /*
590 * Send a SMB request and set the callback function in the mid to handle
591 * the result. Caller is responsible for dealing with timeouts.
592 */
593 int
594 cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst,
595 mid_receive_t *receive, mid_callback_t *callback,
596 mid_handle_t *handle, void *cbdata, const int flags)
597 {
598 int rc, timeout, optype;
599 struct mid_q_entry *mid;
600 unsigned int credits = 0;
602 timeout = flags & CIFS_TIMEOUT_MASK;
603 optype = flags & CIFS_OP_MASK;
605 if ((flags & CIFS_HAS_CREDITS) == 0) {
606 rc = wait_for_free_request(server, timeout, optype);
607 if (rc)
608 return rc;
609 credits = 1;
610 }
612 mutex_lock(&server->srv_mutex);
613 mid = server->ops->setup_async_request(server, rqst);
614 if (IS_ERR(mid)) {
615 mutex_unlock(&server->srv_mutex);
616 add_credits_and_wake_if(server, credits, optype);
617 return PTR_ERR(mid);
618 }
620 mid->receive = receive;
621 mid->callback = callback;
622 mid->callback_data = cbdata;
623 mid->handle = handle;
624 mid->mid_state = MID_REQUEST_SUBMITTED;
626 /* put it on the pending_mid_q */
627 spin_lock(&GlobalMid_Lock);
628 list_add_tail(&mid->qhead, &server->pending_mid_q);
629 spin_unlock(&GlobalMid_Lock);
631 /*
632 * Need to store the time in mid before calling I/O. For call_async,
633 * I/O response may come back and free the mid entry on another thread.
634 */
635 cifs_save_when_sent(mid);
636 cifs_in_send_inc(server);
637 rc = smb_send_rqst(server, 1, rqst, flags);
638 cifs_in_send_dec(server);
640 if (rc < 0) {
641 server->sequence_number -= 2;
642 cifs_delete_mid(mid);
643 }
645 mutex_unlock(&server->srv_mutex);
647 if (rc == 0)
648 return 0;
650 add_credits_and_wake_if(server, credits, optype);
651 return rc;
652 }
654 /*
655 *
656 * Send an SMB Request. No response info (other than return code)
657 * needs to be parsed.
658 *
659 * flags indicate the type of request buffer and how long to wait
660 * and whether to log NT STATUS code (error) before mapping it to POSIX error
661 *
662 */
663 int
664 SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses,
665 char *in_buf, int flags)
666 {
667 int rc;
668 struct kvec iov[1];
669 struct kvec rsp_iov;
670 int resp_buf_type;
672 iov[0].iov_base = in_buf;
673 iov[0].iov_len = get_rfc1002_length(in_buf) + 4;
674 flags |= CIFS_NO_RESP;
675 rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags, &rsp_iov);
676 cifs_dbg(NOISY, "SendRcvNoRsp flags %d rc %d\n", flags, rc);
678 return rc;
679 }
681 static int
682 cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server)
683 {
684 int rc = 0;
686 cifs_dbg(FYI, "%s: cmd=%d mid=%llu state=%d\n",
687 __func__, le16_to_cpu(mid->command), mid->mid, mid->mid_state);
689 spin_lock(&GlobalMid_Lock);
690 switch (mid->mid_state) {
691 case MID_RESPONSE_RECEIVED:
692 spin_unlock(&GlobalMid_Lock);
693 return rc;
694 case MID_RETRY_NEEDED:
695 rc = -EAGAIN;
696 break;
697 case MID_RESPONSE_MALFORMED:
698 rc = -EIO;
699 break;
700 case MID_SHUTDOWN:
701 rc = -EHOSTDOWN;
702 break;
703 default:
704 list_del_init(&mid->qhead);
705 cifs_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n",
706 __func__, mid->mid, mid->mid_state);
707 rc = -EIO;
708 }
709 spin_unlock(&GlobalMid_Lock);
711 DeleteMidQEntry(mid);
712 return rc;
713 }
715 static inline int
716 send_cancel(struct TCP_Server_Info *server, struct smb_rqst *rqst,
717 struct mid_q_entry *mid)
718 {
719 return server->ops->send_cancel ?
720 server->ops->send_cancel(server, rqst, mid) : 0;
721 }
723 int
724 cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
725 bool log_error)
726 {
727 unsigned int len = get_rfc1002_length(mid->resp_buf) + 4;
729 dump_smb(mid->resp_buf, min_t(u32, 92, len));
731 /* convert the length into a more usable form */
732 if (server->sign) {
733 struct kvec iov[2];
734 int rc = 0;
735 struct smb_rqst rqst = { .rq_iov = iov,
736 .rq_nvec = 2 };
738 iov[0].iov_base = mid->resp_buf;
739 iov[0].iov_len = 4;
740 iov[1].iov_base = (char *)mid->resp_buf + 4;
741 iov[1].iov_len = len - 4;
742 /* FIXME: add code to kill session */
743 rc = cifs_verify_signature(&rqst, server,
744 mid->sequence_number);
745 if (rc)
746 cifs_dbg(VFS, "SMB signature verification returned error = %d\n",
747 rc);
748 }
750 /* BB special case reconnect tid and uid here? */
751 return map_smb_to_linux_error(mid->resp_buf, log_error);
752 }
754 struct mid_q_entry *
755 cifs_setup_request(struct cifs_ses *ses, struct smb_rqst *rqst)
756 {
757 int rc;
758 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
759 struct mid_q_entry *mid;
761 if (rqst->rq_iov[0].iov_len != 4 ||
762 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
763 return ERR_PTR(-EIO);
765 rc = allocate_mid(ses, hdr, &mid);
766 if (rc)
767 return ERR_PTR(rc);
768 rc = cifs_sign_rqst(rqst, ses->server, &mid->sequence_number);
769 if (rc) {
770 cifs_delete_mid(mid);
771 return ERR_PTR(rc);
772 }
773 return mid;
774 }
776 static void
777 cifs_noop_callback(struct mid_q_entry *mid)
778 {
779 }
781 int
782 compound_send_recv(const unsigned int xid, struct cifs_ses *ses,
783 const int flags, const int num_rqst, struct smb_rqst *rqst,
784 int *resp_buf_type, struct kvec *resp_iov)
785 {
786 int i, j, rc = 0;
787 int timeout, optype;
788 struct mid_q_entry *midQ[MAX_COMPOUND];
789 unsigned int credits = 1;
790 char *buf;
792 timeout = flags & CIFS_TIMEOUT_MASK;
793 optype = flags & CIFS_OP_MASK;
795 for (i = 0; i < num_rqst; i++)
796 resp_buf_type[i] = CIFS_NO_BUFFER; /* no response buf yet */
798 if ((ses == NULL) || (ses->server == NULL)) {
799 cifs_dbg(VFS, "Null session\n");
800 return -EIO;
801 }
803 if (ses->server->tcpStatus == CifsExiting)
804 return -ENOENT;
806 /*
807 * Ensure that we do not send more than 50 overlapping requests
808 * to the same server. We may make this configurable later or
809 * use ses->maxReq.
810 */
811 rc = wait_for_free_request(ses->server, timeout, optype);
812 if (rc)
813 return rc;
815 /*
816 * Make sure that we sign in the same order that we send on this socket
817 * and avoid races inside tcp sendmsg code that could cause corruption
818 * of smb data.
819 */
821 mutex_lock(&ses->server->srv_mutex);
823 for (i = 0; i < num_rqst; i++) {
824 midQ[i] = ses->server->ops->setup_request(ses, &rqst[i]);
825 if (IS_ERR(midQ[i])) {
826 for (j = 0; j < i; j++)
827 cifs_delete_mid(midQ[j]);
828 mutex_unlock(&ses->server->srv_mutex);
829 /* Update # of requests on wire to server */
830 add_credits(ses->server, 1, optype);
831 return PTR_ERR(midQ[i]);
832 }
834 midQ[i]->mid_state = MID_REQUEST_SUBMITTED;
835 /*
836 * We don't invoke the callback compounds unless it is the last
837 * request.
838 */
839 if (i < num_rqst - 1)
840 midQ[i]->callback = cifs_noop_callback;
841 }
842 cifs_in_send_inc(ses->server);
843 rc = smb_send_rqst(ses->server, num_rqst, rqst, flags);
844 cifs_in_send_dec(ses->server);
846 for (i = 0; i < num_rqst; i++)
847 cifs_save_when_sent(midQ[i]);
849 if (rc < 0)
850 ses->server->sequence_number -= 2;
852 mutex_unlock(&ses->server->srv_mutex);
854 for (i = 0; i < num_rqst; i++) {
855 if (rc < 0)
856 goto out;
858 if ((ses->status == CifsNew) || (optype & CIFS_NEG_OP))
859 smb311_update_preauth_hash(ses, rqst[i].rq_iov,
860 rqst[i].rq_nvec);
862 if (timeout == CIFS_ASYNC_OP)
863 goto out;
865 rc = wait_for_response(ses->server, midQ[i]);
866 if (rc != 0) {
867 cifs_dbg(FYI, "Cancelling wait for mid %llu\n",
868 midQ[i]->mid);
869 send_cancel(ses->server, &rqst[i], midQ[i]);
870 spin_lock(&GlobalMid_Lock);
871 if (midQ[i]->mid_state == MID_REQUEST_SUBMITTED) {
872 midQ[i]->mid_flags |= MID_WAIT_CANCELLED;
873 midQ[i]->callback = DeleteMidQEntry;
874 spin_unlock(&GlobalMid_Lock);
875 add_credits(ses->server, 1, optype);
876 return rc;
877 }
878 spin_unlock(&GlobalMid_Lock);
879 }
881 rc = cifs_sync_mid_result(midQ[i], ses->server);
882 if (rc != 0) {
883 add_credits(ses->server, 1, optype);
884 return rc;
885 }
887 if (!midQ[i]->resp_buf ||
888 midQ[i]->mid_state != MID_RESPONSE_RECEIVED) {
889 rc = -EIO;
890 cifs_dbg(FYI, "Bad MID state?\n");
891 goto out;
892 }
894 buf = (char *)midQ[i]->resp_buf;
895 resp_iov[i].iov_base = buf;
896 resp_iov[i].iov_len = midQ[i]->resp_buf_size +
897 ses->server->vals->header_preamble_size;
899 if (midQ[i]->large_buf)
900 resp_buf_type[i] = CIFS_LARGE_BUFFER;
901 else
902 resp_buf_type[i] = CIFS_SMALL_BUFFER;
904 if ((ses->status == CifsNew) || (optype & CIFS_NEG_OP)) {
905 struct kvec iov = {
906 .iov_base = resp_iov[i].iov_base,
907 .iov_len = resp_iov[i].iov_len
908 };
909 smb311_update_preauth_hash(ses, &iov, 1);
910 }
912 credits = ses->server->ops->get_credits(midQ[i]);
914 rc = ses->server->ops->check_receive(midQ[i], ses->server,
915 flags & CIFS_LOG_ERROR);
917 /* mark it so buf will not be freed by cifs_delete_mid */
918 if ((flags & CIFS_NO_RESP) == 0)
919 midQ[i]->resp_buf = NULL;
920 }
921 out:
922 /*
923 * This will dequeue all mids. After this it is important that the
924 * demultiplex_thread will not process any of these mids any futher.
925 * This is prevented above by using a noop callback that will not
926 * wake this thread except for the very last PDU.
927 */
928 for (i = 0; i < num_rqst; i++)
929 cifs_delete_mid(midQ[i]);
930 add_credits(ses->server, credits, optype);
932 return rc;
933 }
935 int
936 cifs_send_recv(const unsigned int xid, struct cifs_ses *ses,
937 struct smb_rqst *rqst, int *resp_buf_type, const int flags,
938 struct kvec *resp_iov)
939 {
940 return compound_send_recv(xid, ses, flags, 1, rqst, resp_buf_type,
941 resp_iov);
942 }
944 int
945 SendReceive2(const unsigned int xid, struct cifs_ses *ses,
946 struct kvec *iov, int n_vec, int *resp_buf_type /* ret */,
947 const int flags, struct kvec *resp_iov)
948 {
949 struct smb_rqst rqst;
950 struct kvec s_iov[CIFS_MAX_IOV_SIZE], *new_iov;
951 int rc;
953 if (n_vec + 1 > CIFS_MAX_IOV_SIZE) {
954 new_iov = kmalloc_array(n_vec + 1, sizeof(struct kvec),
955 GFP_KERNEL);
956 if (!new_iov) {
957 /* otherwise cifs_send_recv below sets resp_buf_type */
958 *resp_buf_type = CIFS_NO_BUFFER;
959 return -ENOMEM;
960 }
961 } else
962 new_iov = s_iov;
964 /* 1st iov is a RFC1001 length followed by the rest of the packet */
965 memcpy(new_iov + 1, iov, (sizeof(struct kvec) * n_vec));
967 new_iov[0].iov_base = new_iov[1].iov_base;
968 new_iov[0].iov_len = 4;
969 new_iov[1].iov_base += 4;
970 new_iov[1].iov_len -= 4;
972 memset(&rqst, 0, sizeof(struct smb_rqst));
973 rqst.rq_iov = new_iov;
974 rqst.rq_nvec = n_vec + 1;
976 rc = cifs_send_recv(xid, ses, &rqst, resp_buf_type, flags, resp_iov);
977 if (n_vec + 1 > CIFS_MAX_IOV_SIZE)
978 kfree(new_iov);
979 return rc;
980 }
982 int
983 SendReceive(const unsigned int xid, struct cifs_ses *ses,
984 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
985 int *pbytes_returned, const int timeout)
986 {
987 int rc = 0;
988 struct mid_q_entry *midQ;
989 unsigned int len = be32_to_cpu(in_buf->smb_buf_length);
990 struct kvec iov = { .iov_base = in_buf, .iov_len = len };
991 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 };
993 if (ses == NULL) {
994 cifs_dbg(VFS, "Null smb session\n");
995 return -EIO;
996 }
997 if (ses->server == NULL) {
998 cifs_dbg(VFS, "Null tcp session\n");
999 return -EIO;
1000 }
1002 if (ses->server->tcpStatus == CifsExiting)
1003 return -ENOENT;
1005 /* Ensure that we do not send more than 50 overlapping requests
1006 to the same server. We may make this configurable later or
1007 use ses->maxReq */
1009 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
1010 cifs_dbg(VFS, "Illegal length, greater than maximum frame, %d\n",
1011 len);
1012 return -EIO;
1013 }
1015 rc = wait_for_free_request(ses->server, timeout, 0);
1016 if (rc)
1017 return rc;
1019 /* make sure that we sign in the same order that we send on this socket
1020 and avoid races inside tcp sendmsg code that could cause corruption
1021 of smb data */
1023 mutex_lock(&ses->server->srv_mutex);
1025 rc = allocate_mid(ses, in_buf, &midQ);
1026 if (rc) {
1027 mutex_unlock(&ses->server->srv_mutex);
1028 /* Update # of requests on wire to server */
1029 add_credits(ses->server, 1, 0);
1030 return rc;
1031 }
1033 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
1034 if (rc) {
1035 mutex_unlock(&ses->server->srv_mutex);
1036 goto out;
1037 }
1039 midQ->mid_state = MID_REQUEST_SUBMITTED;
1041 cifs_in_send_inc(ses->server);
1042 rc = smb_send(ses->server, in_buf, len);
1043 cifs_in_send_dec(ses->server);
1044 cifs_save_when_sent(midQ);
1046 if (rc < 0)
1047 ses->server->sequence_number -= 2;
1049 mutex_unlock(&ses->server->srv_mutex);
1051 if (rc < 0)
1052 goto out;
1054 if (timeout == CIFS_ASYNC_OP)
1055 goto out;
1057 rc = wait_for_response(ses->server, midQ);
1058 if (rc != 0) {
1059 send_cancel(ses->server, &rqst, midQ);
1060 spin_lock(&GlobalMid_Lock);
1061 if (midQ->mid_state == MID_REQUEST_SUBMITTED) {
1062 /* no longer considered to be "in-flight" */
1063 midQ->callback = DeleteMidQEntry;
1064 spin_unlock(&GlobalMid_Lock);
1065 add_credits(ses->server, 1, 0);
1066 return rc;
1067 }
1068 spin_unlock(&GlobalMid_Lock);
1069 }
1071 rc = cifs_sync_mid_result(midQ, ses->server);
1072 if (rc != 0) {
1073 add_credits(ses->server, 1, 0);
1074 return rc;
1075 }
1077 if (!midQ->resp_buf || !out_buf ||
1078 midQ->mid_state != MID_RESPONSE_RECEIVED) {
1079 rc = -EIO;
1080 cifs_dbg(VFS, "Bad MID state?\n");
1081 goto out;
1082 }
1084 *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
1085 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1086 rc = cifs_check_receive(midQ, ses->server, 0);
1087 out:
1088 cifs_delete_mid(midQ);
1089 add_credits(ses->server, 1, 0);
1091 return rc;
1092 }
1094 /* We send a LOCKINGX_CANCEL_LOCK to cause the Windows
1095 blocking lock to return. */
1097 static int
1098 send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon,
1099 struct smb_hdr *in_buf,
1100 struct smb_hdr *out_buf)
1101 {
1102 int bytes_returned;
1103 struct cifs_ses *ses = tcon->ses;
1104 LOCK_REQ *pSMB = (LOCK_REQ *)in_buf;
1106 /* We just modify the current in_buf to change
1107 the type of lock from LOCKING_ANDX_SHARED_LOCK
1108 or LOCKING_ANDX_EXCLUSIVE_LOCK to
1109 LOCKING_ANDX_CANCEL_LOCK. */
1111 pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES;
1112 pSMB->Timeout = 0;
1113 pSMB->hdr.Mid = get_next_mid(ses->server);
1115 return SendReceive(xid, ses, in_buf, out_buf,
1116 &bytes_returned, 0);
1117 }
1119 int
1120 SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon,
1121 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
1122 int *pbytes_returned)
1123 {
1124 int rc = 0;
1125 int rstart = 0;
1126 struct mid_q_entry *midQ;
1127 struct cifs_ses *ses;
1128 unsigned int len = be32_to_cpu(in_buf->smb_buf_length);
1129 struct kvec iov = { .iov_base = in_buf, .iov_len = len };
1130 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 };
1132 if (tcon == NULL || tcon->ses == NULL) {
1133 cifs_dbg(VFS, "Null smb session\n");
1134 return -EIO;
1135 }
1136 ses = tcon->ses;
1138 if (ses->server == NULL) {
1139 cifs_dbg(VFS, "Null tcp session\n");
1140 return -EIO;
1141 }
1143 if (ses->server->tcpStatus == CifsExiting)
1144 return -ENOENT;
1146 /* Ensure that we do not send more than 50 overlapping requests
1147 to the same server. We may make this configurable later or
1148 use ses->maxReq */
1150 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
1151 cifs_dbg(VFS, "Illegal length, greater than maximum frame, %d\n",
1152 len);
1153 return -EIO;
1154 }
1156 rc = wait_for_free_request(ses->server, CIFS_BLOCKING_OP, 0);
1157 if (rc)
1158 return rc;
1160 /* make sure that we sign in the same order that we send on this socket
1161 and avoid races inside tcp sendmsg code that could cause corruption
1162 of smb data */
1164 mutex_lock(&ses->server->srv_mutex);
1166 rc = allocate_mid(ses, in_buf, &midQ);
1167 if (rc) {
1168 mutex_unlock(&ses->server->srv_mutex);
1169 return rc;
1170 }
1172 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
1173 if (rc) {
1174 cifs_delete_mid(midQ);
1175 mutex_unlock(&ses->server->srv_mutex);
1176 return rc;
1177 }
1179 midQ->mid_state = MID_REQUEST_SUBMITTED;
1180 cifs_in_send_inc(ses->server);
1181 rc = smb_send(ses->server, in_buf, len);
1182 cifs_in_send_dec(ses->server);
1183 cifs_save_when_sent(midQ);
1185 if (rc < 0)
1186 ses->server->sequence_number -= 2;
1188 mutex_unlock(&ses->server->srv_mutex);
1190 if (rc < 0) {
1191 cifs_delete_mid(midQ);
1192 return rc;
1193 }
1195 /* Wait for a reply - allow signals to interrupt. */
1196 rc = wait_event_interruptible(ses->server->response_q,
1197 (!(midQ->mid_state == MID_REQUEST_SUBMITTED)) ||
1198 ((ses->server->tcpStatus != CifsGood) &&
1199 (ses->server->tcpStatus != CifsNew)));
1201 /* Were we interrupted by a signal ? */
1202 if ((rc == -ERESTARTSYS) &&
1203 (midQ->mid_state == MID_REQUEST_SUBMITTED) &&
1204 ((ses->server->tcpStatus == CifsGood) ||
1205 (ses->server->tcpStatus == CifsNew))) {
1207 if (in_buf->Command == SMB_COM_TRANSACTION2) {
1208 /* POSIX lock. We send a NT_CANCEL SMB to cause the
1209 blocking lock to return. */
1210 rc = send_cancel(ses->server, &rqst, midQ);
1211 if (rc) {
1212 cifs_delete_mid(midQ);
1213 return rc;
1214 }
1215 } else {
1216 /* Windows lock. We send a LOCKINGX_CANCEL_LOCK
1217 to cause the blocking lock to return. */
1219 rc = send_lock_cancel(xid, tcon, in_buf, out_buf);
1221 /* If we get -ENOLCK back the lock may have
1222 already been removed. Don't exit in this case. */
1223 if (rc && rc != -ENOLCK) {
1224 cifs_delete_mid(midQ);
1225 return rc;
1226 }
1227 }
1229 rc = wait_for_response(ses->server, midQ);
1230 if (rc) {
1231 send_cancel(ses->server, &rqst, midQ);
1232 spin_lock(&GlobalMid_Lock);
1233 if (midQ->mid_state == MID_REQUEST_SUBMITTED) {
1234 /* no longer considered to be "in-flight" */
1235 midQ->callback = DeleteMidQEntry;
1236 spin_unlock(&GlobalMid_Lock);
1237 return rc;
1238 }
1239 spin_unlock(&GlobalMid_Lock);
1240 }
1242 /* We got the response - restart system call. */
1243 rstart = 1;
1244 }
1246 rc = cifs_sync_mid_result(midQ, ses->server);
1247 if (rc != 0)
1248 return rc;
1250 /* rcvd frame is ok */
1251 if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_RECEIVED) {
1252 rc = -EIO;
1253 cifs_dbg(VFS, "Bad MID state?\n");
1254 goto out;
1255 }
1257 *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
1258 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1259 rc = cifs_check_receive(midQ, ses->server, 0);
1260 out:
1261 cifs_delete_mid(midQ);
1262 if (rstart && rc == -EACCES)
1263 return -ERESTARTSYS;
1264 return rc;
1265 }