1 // SPDX-License-Identifier: LGPL-2.1
2 /*
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 * Jeremy Allison (jra@samba.org) 2006.
7 *
8 */
9
10 #include <linux/fs.h>
11 #include <linux/list.h>
12 #include <linux/gfp.h>
13 #include <linux/wait.h>
14 #include <linux/net.h>
15 #include <linux/delay.h>
16 #include <linux/freezer.h>
17 #include <linux/tcp.h>
18 #include <linux/bvec.h>
19 #include <linux/highmem.h>
20 #include <linux/uaccess.h>
21 #include <linux/processor.h>
22 #include <linux/mempool.h>
23 #include <linux/sched/signal.h>
24 #include <linux/task_io_accounting_ops.h>
25 #include "cifspdu.h"
26 #include "cifsglob.h"
27 #include "cifsproto.h"
28 #include "cifs_debug.h"
29 #include "smb2proto.h"
30 #include "smbdirect.h"
31 #include "compress.h"
32
33 void
cifs_wake_up_task(struct mid_q_entry * mid)34 cifs_wake_up_task(struct mid_q_entry *mid)
35 {
36 if (mid->mid_state == MID_RESPONSE_RECEIVED)
37 mid->mid_state = MID_RESPONSE_READY;
38 wake_up_process(mid->callback_data);
39 }
40
__release_mid(struct kref * refcount)41 void __release_mid(struct kref *refcount)
42 {
43 struct mid_q_entry *midEntry =
44 container_of(refcount, struct mid_q_entry, refcount);
45 #ifdef CONFIG_CIFS_STATS2
46 __le16 command = midEntry->server->vals->lock_cmd;
47 __u16 smb_cmd = le16_to_cpu(midEntry->command);
48 unsigned long now;
49 unsigned long roundtrip_time;
50 #endif
51 struct TCP_Server_Info *server = midEntry->server;
52
53 if (midEntry->resp_buf && (midEntry->wait_cancelled) &&
54 (midEntry->mid_state == MID_RESPONSE_RECEIVED ||
55 midEntry->mid_state == MID_RESPONSE_READY) &&
56 server->ops->handle_cancelled_mid)
57 server->ops->handle_cancelled_mid(midEntry, server);
58
59 midEntry->mid_state = MID_FREE;
60 atomic_dec(&mid_count);
61 if (midEntry->large_buf)
62 cifs_buf_release(midEntry->resp_buf);
63 else
64 cifs_small_buf_release(midEntry->resp_buf);
65 #ifdef CONFIG_CIFS_STATS2
66 now = jiffies;
67 if (now < midEntry->when_alloc)
68 cifs_server_dbg(VFS, "Invalid mid allocation time\n");
69 roundtrip_time = now - midEntry->when_alloc;
70
71 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) {
72 if (atomic_read(&server->num_cmds[smb_cmd]) == 0) {
73 server->slowest_cmd[smb_cmd] = roundtrip_time;
74 server->fastest_cmd[smb_cmd] = roundtrip_time;
75 } else {
76 if (server->slowest_cmd[smb_cmd] < roundtrip_time)
77 server->slowest_cmd[smb_cmd] = roundtrip_time;
78 else if (server->fastest_cmd[smb_cmd] > roundtrip_time)
79 server->fastest_cmd[smb_cmd] = roundtrip_time;
80 }
81 cifs_stats_inc(&server->num_cmds[smb_cmd]);
82 server->time_per_cmd[smb_cmd] += roundtrip_time;
83 }
84 /*
85 * commands taking longer than one second (default) can be indications
86 * that something is wrong, unless it is quite a slow link or a very
87 * busy server. Note that this calc is unlikely or impossible to wrap
88 * as long as slow_rsp_threshold is not set way above recommended max
89 * value (32767 ie 9 hours) and is generally harmless even if wrong
90 * since only affects debug counters - so leaving the calc as simple
91 * comparison rather than doing multiple conversions and overflow
92 * checks
93 */
94 if ((slow_rsp_threshold != 0) &&
95 time_after(now, midEntry->when_alloc + (slow_rsp_threshold * HZ)) &&
96 (midEntry->command != command)) {
97 /*
98 * smb2slowcmd[NUMBER_OF_SMB2_COMMANDS] counts by command
99 * NB: le16_to_cpu returns unsigned so can not be negative below
100 */
101 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS)
102 cifs_stats_inc(&server->smb2slowcmd[smb_cmd]);
103
104 trace_smb3_slow_rsp(smb_cmd, midEntry->mid, midEntry->pid,
105 midEntry->when_sent, midEntry->when_received);
106 if (cifsFYI & CIFS_TIMER) {
107 pr_debug("slow rsp: cmd %d mid %llu",
108 midEntry->command, midEntry->mid);
109 cifs_info("A: 0x%lx S: 0x%lx R: 0x%lx\n",
110 now - midEntry->when_alloc,
111 now - midEntry->when_sent,
112 now - midEntry->when_received);
113 }
114 }
115 #endif
116 put_task_struct(midEntry->creator);
117
118 mempool_free(midEntry, cifs_mid_poolp);
119 }
120
121 void
delete_mid(struct mid_q_entry * mid)122 delete_mid(struct mid_q_entry *mid)
123 {
124 spin_lock(&mid->server->mid_queue_lock);
125 if (mid->deleted_from_q == false) {
126 list_del_init(&mid->qhead);
127 mid->deleted_from_q = true;
128 }
129 spin_unlock(&mid->server->mid_queue_lock);
130
131 release_mid(mid);
132 }
133
134 /*
135 * smb_send_kvec - send an array of kvecs to the server
136 * @server: Server to send the data to
137 * @smb_msg: Message to send
138 * @sent: amount of data sent on socket is stored here
139 *
140 * Our basic "send data to server" function. Should be called with srv_mutex
141 * held. The caller is responsible for handling the results.
142 */
143 int
smb_send_kvec(struct TCP_Server_Info * server,struct msghdr * smb_msg,size_t * sent)144 smb_send_kvec(struct TCP_Server_Info *server, struct msghdr *smb_msg,
145 size_t *sent)
146 {
147 int rc = 0;
148 int retries = 0;
149 struct socket *ssocket = server->ssocket;
150
151 *sent = 0;
152
153 if (server->noblocksnd)
154 smb_msg->msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL;
155 else
156 smb_msg->msg_flags = MSG_NOSIGNAL;
157
158 while (msg_data_left(smb_msg)) {
159 /*
160 * If blocking send, we try 3 times, since each can block
161 * for 5 seconds. For nonblocking we have to try more
162 * but wait increasing amounts of time allowing time for
163 * socket to clear. The overall time we wait in either
164 * case to send on the socket is about 15 seconds.
165 * Similarly we wait for 15 seconds for a response from
166 * the server in SendReceive[2] for the server to send
167 * a response back for most types of requests (except
168 * SMB Write past end of file which can be slow, and
169 * blocking lock operations). NFS waits slightly longer
170 * than CIFS, but this can make it take longer for
171 * nonresponsive servers to be detected and 15 seconds
172 * is more than enough time for modern networks to
173 * send a packet. In most cases if we fail to send
174 * after the retries we will kill the socket and
175 * reconnect which may clear the network problem.
176 */
177 rc = sock_sendmsg(ssocket, smb_msg);
178 if (rc == -EAGAIN) {
179 retries++;
180 if (retries >= 14 ||
181 (!server->noblocksnd && (retries > 2))) {
182 cifs_server_dbg(VFS, "sends on sock %p stuck for 15 seconds\n",
183 ssocket);
184 return -EAGAIN;
185 }
186 msleep(1 << retries);
187 continue;
188 }
189
190 if (rc < 0)
191 return rc;
192
193 if (rc == 0) {
194 /* should never happen, letting socket clear before
195 retrying is our only obvious option here */
196 cifs_server_dbg(VFS, "tcp sent no data\n");
197 msleep(500);
198 continue;
199 }
200
201 /* send was at least partially successful */
202 *sent += rc;
203 retries = 0; /* in case we get ENOSPC on the next send */
204 }
205 return 0;
206 }
207
208 unsigned long
smb_rqst_len(struct TCP_Server_Info * server,struct smb_rqst * rqst)209 smb_rqst_len(struct TCP_Server_Info *server, struct smb_rqst *rqst)
210 {
211 unsigned int i;
212 struct kvec *iov;
213 int nvec;
214 unsigned long buflen = 0;
215
216 if (!is_smb1(server) && rqst->rq_nvec >= 2 &&
217 rqst->rq_iov[0].iov_len == 4) {
218 iov = &rqst->rq_iov[1];
219 nvec = rqst->rq_nvec - 1;
220 } else {
221 iov = rqst->rq_iov;
222 nvec = rqst->rq_nvec;
223 }
224
225 /* total up iov array first */
226 for (i = 0; i < nvec; i++)
227 buflen += iov[i].iov_len;
228
229 buflen += iov_iter_count(&rqst->rq_iter);
230 return buflen;
231 }
232
__smb_send_rqst(struct TCP_Server_Info * server,int num_rqst,struct smb_rqst * rqst)233 int __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
234 struct smb_rqst *rqst)
235 {
236 int rc;
237 struct kvec *iov;
238 int n_vec;
239 unsigned int send_length = 0;
240 unsigned int i, j;
241 sigset_t mask, oldmask;
242 size_t total_len = 0, sent, size;
243 struct socket *ssocket = server->ssocket;
244 struct msghdr smb_msg = {};
245 __be32 rfc1002_marker;
246
247 cifs_in_send_inc(server);
248 if (cifs_rdma_enabled(server)) {
249 /* return -EAGAIN when connecting or reconnecting */
250 rc = -EAGAIN;
251 if (server->smbd_conn)
252 rc = smbd_send(server, num_rqst, rqst);
253 goto smbd_done;
254 }
255
256 rc = -EAGAIN;
257 if (ssocket == NULL)
258 goto out;
259
260 rc = -ERESTARTSYS;
261 if (fatal_signal_pending(current)) {
262 cifs_dbg(FYI, "signal pending before send request\n");
263 goto out;
264 }
265
266 rc = 0;
267 /* cork the socket */
268 tcp_sock_set_cork(ssocket->sk, true);
269
270 for (j = 0; j < num_rqst; j++)
271 send_length += smb_rqst_len(server, &rqst[j]);
272 rfc1002_marker = cpu_to_be32(send_length);
273
274 /*
275 * We should not allow signals to interrupt the network send because
276 * any partial send will cause session reconnects thus increasing
277 * latency of system calls and overload a server with unnecessary
278 * requests.
279 */
280
281 sigfillset(&mask);
282 sigprocmask(SIG_BLOCK, &mask, &oldmask);
283
284 /* Generate a rfc1002 marker for SMB2+ */
285 if (!is_smb1(server)) {
286 struct kvec hiov = {
287 .iov_base = &rfc1002_marker,
288 .iov_len = 4
289 };
290 iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, &hiov, 1, 4);
291 rc = smb_send_kvec(server, &smb_msg, &sent);
292 if (rc < 0)
293 goto unmask;
294
295 total_len += sent;
296 send_length += 4;
297 }
298
299 cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length);
300
301 for (j = 0; j < num_rqst; j++) {
302 iov = rqst[j].rq_iov;
303 n_vec = rqst[j].rq_nvec;
304
305 size = 0;
306 for (i = 0; i < n_vec; i++) {
307 dump_smb(iov[i].iov_base, iov[i].iov_len);
308 size += iov[i].iov_len;
309 }
310
311 iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, iov, n_vec, size);
312
313 rc = smb_send_kvec(server, &smb_msg, &sent);
314 if (rc < 0)
315 goto unmask;
316
317 total_len += sent;
318
319 if (iov_iter_count(&rqst[j].rq_iter) > 0) {
320 smb_msg.msg_iter = rqst[j].rq_iter;
321 rc = smb_send_kvec(server, &smb_msg, &sent);
322 if (rc < 0)
323 break;
324 total_len += sent;
325 }
326
327 }
328
329 unmask:
330 sigprocmask(SIG_SETMASK, &oldmask, NULL);
331
332 /*
333 * If signal is pending but we have already sent the whole packet to
334 * the server we need to return success status to allow a corresponding
335 * mid entry to be kept in the pending requests queue thus allowing
336 * to handle responses from the server by the client.
337 *
338 * If only part of the packet has been sent there is no need to hide
339 * interrupt because the session will be reconnected anyway, so there
340 * won't be any response from the server to handle.
341 */
342
343 if (signal_pending(current) && (total_len != send_length)) {
344 cifs_dbg(FYI, "signal is pending after attempt to send\n");
345 rc = -ERESTARTSYS;
346 }
347
348 /* uncork it */
349 tcp_sock_set_cork(ssocket->sk, false);
350
351 if ((total_len > 0) && (total_len != send_length)) {
352 cifs_dbg(FYI, "partial send (wanted=%u sent=%zu): terminating session\n",
353 send_length, total_len);
354 /*
355 * If we have only sent part of an SMB then the next SMB could
356 * be taken as the remainder of this one. We need to kill the
357 * socket so the server throws away the partial SMB
358 */
359 cifs_signal_cifsd_for_reconnect(server, false);
360 trace_smb3_partial_send_reconnect(server->current_mid,
361 server->conn_id, server->hostname);
362 }
363 smbd_done:
364 /*
365 * there's hardly any use for the layers above to know the
366 * actual error code here. All they should do at this point is
367 * to retry the connection and hope it goes away.
368 */
369 if (rc < 0 && rc != -EINTR && rc != -EAGAIN) {
370 cifs_server_dbg(VFS, "Error %d sending data on socket to server\n",
371 rc);
372 rc = -ECONNABORTED;
373 cifs_signal_cifsd_for_reconnect(server, false);
374 } else if (rc > 0)
375 rc = 0;
376 out:
377 cifs_in_send_dec(server);
378 return rc;
379 }
380
381 static int
smb_send_rqst(struct TCP_Server_Info * server,int num_rqst,struct smb_rqst * rqst,int flags)382 smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
383 struct smb_rqst *rqst, int flags)
384 {
385 struct smb2_transform_hdr tr_hdr;
386 struct smb_rqst new_rqst[MAX_COMPOUND] = {};
387 struct kvec iov = {
388 .iov_base = &tr_hdr,
389 .iov_len = sizeof(tr_hdr),
390 };
391 int rc;
392
393 if (flags & CIFS_COMPRESS_REQ)
394 return smb_compress(server, &rqst[0], __smb_send_rqst);
395
396 if (!(flags & CIFS_TRANSFORM_REQ))
397 return __smb_send_rqst(server, num_rqst, rqst);
398
399 if (WARN_ON_ONCE(num_rqst > MAX_COMPOUND - 1))
400 return -EIO;
401
402 if (!server->ops->init_transform_rq) {
403 cifs_server_dbg(VFS, "Encryption requested but transform callback is missing\n");
404 return -EIO;
405 }
406
407 new_rqst[0].rq_iov = &iov;
408 new_rqst[0].rq_nvec = 1;
409
410 rc = server->ops->init_transform_rq(server, num_rqst + 1,
411 new_rqst, rqst);
412 if (!rc) {
413 rc = __smb_send_rqst(server, num_rqst + 1, new_rqst);
414 smb3_free_compound_rqst(num_rqst, &new_rqst[1]);
415 }
416 return rc;
417 }
418
419 static int
wait_for_free_credits(struct TCP_Server_Info * server,const int num_credits,const int timeout,const int flags,unsigned int * instance)420 wait_for_free_credits(struct TCP_Server_Info *server, const int num_credits,
421 const int timeout, const int flags,
422 unsigned int *instance)
423 {
424 long rc;
425 int *credits;
426 int optype;
427 long int t;
428 int scredits, in_flight;
429
430 if (timeout < 0)
431 t = MAX_JIFFY_OFFSET;
432 else
433 t = msecs_to_jiffies(timeout);
434
435 optype = flags & CIFS_OP_MASK;
436
437 *instance = 0;
438
439 credits = server->ops->get_credits_field(server, optype);
440 /* Since an echo is already inflight, no need to wait to send another */
441 if (*credits <= 0 && optype == CIFS_ECHO_OP)
442 return -EAGAIN;
443
444 spin_lock(&server->req_lock);
445 if ((flags & CIFS_TIMEOUT_MASK) == CIFS_NON_BLOCKING) {
446 /* oplock breaks must not be held up */
447 server->in_flight++;
448 if (server->in_flight > server->max_in_flight)
449 server->max_in_flight = server->in_flight;
450 *credits -= 1;
451 *instance = server->reconnect_instance;
452 scredits = *credits;
453 in_flight = server->in_flight;
454 spin_unlock(&server->req_lock);
455
456 trace_smb3_nblk_credits(server->current_mid,
457 server->conn_id, server->hostname, scredits, -1, in_flight);
458 cifs_dbg(FYI, "%s: remove %u credits total=%d\n",
459 __func__, 1, scredits);
460
461 return 0;
462 }
463
464 while (1) {
465 spin_unlock(&server->req_lock);
466
467 spin_lock(&server->srv_lock);
468 if (server->tcpStatus == CifsExiting) {
469 spin_unlock(&server->srv_lock);
470 return -ENOENT;
471 }
472 spin_unlock(&server->srv_lock);
473
474 spin_lock(&server->req_lock);
475 if (*credits < num_credits) {
476 scredits = *credits;
477 spin_unlock(&server->req_lock);
478
479 cifs_num_waiters_inc(server);
480 rc = wait_event_killable_timeout(server->request_q,
481 has_credits(server, credits, num_credits), t);
482 cifs_num_waiters_dec(server);
483 if (!rc) {
484 spin_lock(&server->req_lock);
485 scredits = *credits;
486 in_flight = server->in_flight;
487 spin_unlock(&server->req_lock);
488
489 trace_smb3_credit_timeout(server->current_mid,
490 server->conn_id, server->hostname, scredits,
491 num_credits, in_flight);
492 cifs_server_dbg(VFS, "wait timed out after %d ms\n",
493 timeout);
494 return -EBUSY;
495 }
496 if (rc == -ERESTARTSYS)
497 return -ERESTARTSYS;
498 spin_lock(&server->req_lock);
499 } else {
500 /*
501 * For normal commands, reserve the last MAX_COMPOUND
502 * credits to compound requests.
503 * Otherwise these compounds could be permanently
504 * starved for credits by single-credit requests.
505 *
506 * To prevent spinning CPU, block this thread until
507 * there are >MAX_COMPOUND credits available.
508 * But only do this is we already have a lot of
509 * credits in flight to avoid triggering this check
510 * for servers that are slow to hand out credits on
511 * new sessions.
512 */
513 if (!optype && num_credits == 1 &&
514 server->in_flight > 2 * MAX_COMPOUND &&
515 *credits <= MAX_COMPOUND) {
516 spin_unlock(&server->req_lock);
517
518 cifs_num_waiters_inc(server);
519 rc = wait_event_killable_timeout(
520 server->request_q,
521 has_credits(server, credits,
522 MAX_COMPOUND + 1),
523 t);
524 cifs_num_waiters_dec(server);
525 if (!rc) {
526 spin_lock(&server->req_lock);
527 scredits = *credits;
528 in_flight = server->in_flight;
529 spin_unlock(&server->req_lock);
530
531 trace_smb3_credit_timeout(
532 server->current_mid,
533 server->conn_id, server->hostname,
534 scredits, num_credits, in_flight);
535 cifs_server_dbg(VFS, "wait timed out after %d ms\n",
536 timeout);
537 return -EBUSY;
538 }
539 if (rc == -ERESTARTSYS)
540 return -ERESTARTSYS;
541 spin_lock(&server->req_lock);
542 continue;
543 }
544
545 /*
546 * Can not count locking commands against total
547 * as they are allowed to block on server.
548 */
549
550 /* update # of requests on the wire to server */
551 if ((flags & CIFS_TIMEOUT_MASK) != CIFS_BLOCKING_OP) {
552 *credits -= num_credits;
553 server->in_flight += num_credits;
554 if (server->in_flight > server->max_in_flight)
555 server->max_in_flight = server->in_flight;
556 *instance = server->reconnect_instance;
557 }
558 scredits = *credits;
559 in_flight = server->in_flight;
560 spin_unlock(&server->req_lock);
561
562 trace_smb3_waitff_credits(server->current_mid,
563 server->conn_id, server->hostname, scredits,
564 -(num_credits), in_flight);
565 cifs_dbg(FYI, "%s: remove %u credits total=%d\n",
566 __func__, num_credits, scredits);
567 break;
568 }
569 }
570 return 0;
571 }
572
wait_for_free_request(struct TCP_Server_Info * server,const int flags,unsigned int * instance)573 int wait_for_free_request(struct TCP_Server_Info *server, const int flags,
574 unsigned int *instance)
575 {
576 return wait_for_free_credits(server, 1, -1, flags,
577 instance);
578 }
579
580 static int
wait_for_compound_request(struct TCP_Server_Info * server,int num,const int flags,unsigned int * instance)581 wait_for_compound_request(struct TCP_Server_Info *server, int num,
582 const int flags, unsigned int *instance)
583 {
584 int *credits;
585 int scredits, in_flight;
586
587 credits = server->ops->get_credits_field(server, flags & CIFS_OP_MASK);
588
589 spin_lock(&server->req_lock);
590 scredits = *credits;
591 in_flight = server->in_flight;
592
593 if (*credits < num) {
594 /*
595 * If the server is tight on resources or just gives us less
596 * credits for other reasons (e.g. requests are coming out of
597 * order and the server delays granting more credits until it
598 * processes a missing mid) and we exhausted most available
599 * credits there may be situations when we try to send
600 * a compound request but we don't have enough credits. At this
601 * point the client needs to decide if it should wait for
602 * additional credits or fail the request. If at least one
603 * request is in flight there is a high probability that the
604 * server will return enough credits to satisfy this compound
605 * request.
606 *
607 * Return immediately if no requests in flight since we will be
608 * stuck on waiting for credits.
609 */
610 if (server->in_flight == 0) {
611 spin_unlock(&server->req_lock);
612 trace_smb3_insufficient_credits(server->current_mid,
613 server->conn_id, server->hostname, scredits,
614 num, in_flight);
615 cifs_dbg(FYI, "%s: %d requests in flight, needed %d total=%d\n",
616 __func__, in_flight, num, scredits);
617 return -EDEADLK;
618 }
619 }
620 spin_unlock(&server->req_lock);
621
622 return wait_for_free_credits(server, num, 60000, flags,
623 instance);
624 }
625
626 int
cifs_wait_mtu_credits(struct TCP_Server_Info * server,size_t size,size_t * num,struct cifs_credits * credits)627 cifs_wait_mtu_credits(struct TCP_Server_Info *server, size_t size,
628 size_t *num, struct cifs_credits *credits)
629 {
630 *num = size;
631 credits->value = 0;
632 credits->instance = server->reconnect_instance;
633 return 0;
634 }
635
wait_for_response(struct TCP_Server_Info * server,struct mid_q_entry * midQ)636 int wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ)
637 {
638 int error;
639
640 error = wait_event_state(server->response_q,
641 midQ->mid_state != MID_REQUEST_SUBMITTED &&
642 midQ->mid_state != MID_RESPONSE_RECEIVED,
643 (TASK_KILLABLE|TASK_FREEZABLE_UNSAFE));
644 if (error < 0)
645 return -ERESTARTSYS;
646
647 return 0;
648 }
649
650 /*
651 * Send a SMB request and set the callback function in the mid to handle
652 * the result. Caller is responsible for dealing with timeouts.
653 */
654 int
cifs_call_async(struct TCP_Server_Info * server,struct smb_rqst * rqst,mid_receive_t * receive,mid_callback_t * callback,mid_handle_t * handle,void * cbdata,const int flags,const struct cifs_credits * exist_credits)655 cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst,
656 mid_receive_t *receive, mid_callback_t *callback,
657 mid_handle_t *handle, void *cbdata, const int flags,
658 const struct cifs_credits *exist_credits)
659 {
660 int rc;
661 struct mid_q_entry *mid;
662 struct cifs_credits credits = { .value = 0, .instance = 0 };
663 unsigned int instance;
664 int optype;
665
666 optype = flags & CIFS_OP_MASK;
667
668 if ((flags & CIFS_HAS_CREDITS) == 0) {
669 rc = wait_for_free_request(server, flags, &instance);
670 if (rc)
671 return rc;
672 credits.value = 1;
673 credits.instance = instance;
674 } else
675 instance = exist_credits->instance;
676
677 cifs_server_lock(server);
678
679 /*
680 * We can't use credits obtained from the previous session to send this
681 * request. Check if there were reconnects after we obtained credits and
682 * return -EAGAIN in such cases to let callers handle it.
683 */
684 if (instance != server->reconnect_instance) {
685 cifs_server_unlock(server);
686 add_credits_and_wake_if(server, &credits, optype);
687 return -EAGAIN;
688 }
689
690 mid = server->ops->setup_async_request(server, rqst);
691 if (IS_ERR(mid)) {
692 cifs_server_unlock(server);
693 add_credits_and_wake_if(server, &credits, optype);
694 return PTR_ERR(mid);
695 }
696
697 mid->receive = receive;
698 mid->callback = callback;
699 mid->callback_data = cbdata;
700 mid->handle = handle;
701 mid->mid_state = MID_REQUEST_SUBMITTED;
702
703 /* put it on the pending_mid_q */
704 spin_lock(&server->mid_queue_lock);
705 list_add_tail(&mid->qhead, &server->pending_mid_q);
706 spin_unlock(&server->mid_queue_lock);
707
708 /*
709 * Need to store the time in mid before calling I/O. For call_async,
710 * I/O response may come back and free the mid entry on another thread.
711 */
712 cifs_save_when_sent(mid);
713 rc = smb_send_rqst(server, 1, rqst, flags);
714
715 if (rc < 0) {
716 revert_current_mid(server, mid->credits);
717 server->sequence_number -= 2;
718 delete_mid(mid);
719 }
720
721 cifs_server_unlock(server);
722
723 if (rc == 0)
724 return 0;
725
726 add_credits_and_wake_if(server, &credits, optype);
727 return rc;
728 }
729
cifs_sync_mid_result(struct mid_q_entry * mid,struct TCP_Server_Info * server)730 int cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server)
731 {
732 int rc = 0;
733
734 cifs_dbg(FYI, "%s: cmd=%d mid=%llu state=%d\n",
735 __func__, le16_to_cpu(mid->command), mid->mid, mid->mid_state);
736
737 spin_lock(&server->mid_queue_lock);
738 switch (mid->mid_state) {
739 case MID_RESPONSE_READY:
740 spin_unlock(&server->mid_queue_lock);
741 return rc;
742 case MID_RETRY_NEEDED:
743 rc = -EAGAIN;
744 break;
745 case MID_RESPONSE_MALFORMED:
746 rc = -EIO;
747 break;
748 case MID_SHUTDOWN:
749 rc = -EHOSTDOWN;
750 break;
751 case MID_RC:
752 rc = mid->mid_rc;
753 break;
754 default:
755 if (mid->deleted_from_q == false) {
756 list_del_init(&mid->qhead);
757 mid->deleted_from_q = true;
758 }
759 spin_unlock(&server->mid_queue_lock);
760 cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n",
761 __func__, mid->mid, mid->mid_state);
762 rc = -EIO;
763 goto sync_mid_done;
764 }
765 spin_unlock(&server->mid_queue_lock);
766
767 sync_mid_done:
768 release_mid(mid);
769 return rc;
770 }
771
772 static void
cifs_compound_callback(struct mid_q_entry * mid)773 cifs_compound_callback(struct mid_q_entry *mid)
774 {
775 struct TCP_Server_Info *server = mid->server;
776 struct cifs_credits credits = {
777 .value = server->ops->get_credits(mid),
778 .instance = server->reconnect_instance,
779 };
780
781 add_credits(server, &credits, mid->optype);
782
783 if (mid->mid_state == MID_RESPONSE_RECEIVED)
784 mid->mid_state = MID_RESPONSE_READY;
785 }
786
787 static void
cifs_compound_last_callback(struct mid_q_entry * mid)788 cifs_compound_last_callback(struct mid_q_entry *mid)
789 {
790 cifs_compound_callback(mid);
791 cifs_wake_up_task(mid);
792 }
793
794 static void
cifs_cancelled_callback(struct mid_q_entry * mid)795 cifs_cancelled_callback(struct mid_q_entry *mid)
796 {
797 cifs_compound_callback(mid);
798 release_mid(mid);
799 }
800
801 /*
802 * Return a channel (master if none) of @ses that can be used to send
803 * regular requests.
804 *
805 * If we are currently binding a new channel (negprot/sess.setup),
806 * return the new incomplete channel.
807 */
cifs_pick_channel(struct cifs_ses * ses)808 struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses)
809 {
810 uint index = 0;
811 unsigned int min_in_flight = UINT_MAX, max_in_flight = 0;
812 struct TCP_Server_Info *server = NULL;
813 int i, start, cur;
814
815 if (!ses)
816 return NULL;
817
818 spin_lock(&ses->chan_lock);
819 start = atomic_inc_return(&ses->chan_seq);
820 for (i = 0; i < ses->chan_count; i++) {
821 cur = (start + i) % ses->chan_count;
822 server = ses->chans[cur].server;
823 if (!server || server->terminate)
824 continue;
825
826 if (CIFS_CHAN_NEEDS_RECONNECT(ses, i))
827 continue;
828
829 /*
830 * strictly speaking, we should pick up req_lock to read
831 * server->in_flight. But it shouldn't matter much here if we
832 * race while reading this data. The worst that can happen is
833 * that we could use a channel that's not least loaded. Avoiding
834 * taking the lock could help reduce wait time, which is
835 * important for this function
836 */
837 if (server->in_flight < min_in_flight) {
838 min_in_flight = server->in_flight;
839 index = cur;
840 }
841 if (server->in_flight > max_in_flight)
842 max_in_flight = server->in_flight;
843 }
844
845 /* if all channels are equally loaded, fall back to round-robin */
846 if (min_in_flight == max_in_flight)
847 index = (uint)start % ses->chan_count;
848
849 server = ses->chans[index].server;
850 spin_unlock(&ses->chan_lock);
851
852 return server;
853 }
854
855 int
compound_send_recv(const unsigned int xid,struct cifs_ses * ses,struct TCP_Server_Info * server,const int flags,const int num_rqst,struct smb_rqst * rqst,int * resp_buf_type,struct kvec * resp_iov)856 compound_send_recv(const unsigned int xid, struct cifs_ses *ses,
857 struct TCP_Server_Info *server,
858 const int flags, const int num_rqst, struct smb_rqst *rqst,
859 int *resp_buf_type, struct kvec *resp_iov)
860 {
861 int i, j, optype, rc = 0;
862 struct mid_q_entry *midQ[MAX_COMPOUND];
863 bool cancelled_mid[MAX_COMPOUND] = {false};
864 struct cifs_credits credits[MAX_COMPOUND] = {
865 { .value = 0, .instance = 0 }
866 };
867 unsigned int instance;
868 char *buf;
869
870 optype = flags & CIFS_OP_MASK;
871
872 for (i = 0; i < num_rqst; i++)
873 resp_buf_type[i] = CIFS_NO_BUFFER; /* no response buf yet */
874
875 if (!ses || !ses->server || !server) {
876 cifs_dbg(VFS, "Null session\n");
877 return -EIO;
878 }
879
880 spin_lock(&server->srv_lock);
881 if (server->tcpStatus == CifsExiting) {
882 spin_unlock(&server->srv_lock);
883 return -ENOENT;
884 }
885 spin_unlock(&server->srv_lock);
886
887 /*
888 * Wait for all the requests to become available.
889 * This approach still leaves the possibility to be stuck waiting for
890 * credits if the server doesn't grant credits to the outstanding
891 * requests and if the client is completely idle, not generating any
892 * other requests.
893 * This can be handled by the eventual session reconnect.
894 */
895 rc = wait_for_compound_request(server, num_rqst, flags,
896 &instance);
897 if (rc)
898 return rc;
899
900 for (i = 0; i < num_rqst; i++) {
901 credits[i].value = 1;
902 credits[i].instance = instance;
903 }
904
905 /*
906 * Make sure that we sign in the same order that we send on this socket
907 * and avoid races inside tcp sendmsg code that could cause corruption
908 * of smb data.
909 */
910
911 cifs_server_lock(server);
912
913 /*
914 * All the parts of the compound chain belong obtained credits from the
915 * same session. We can not use credits obtained from the previous
916 * session to send this request. Check if there were reconnects after
917 * we obtained credits and return -EAGAIN in such cases to let callers
918 * handle it.
919 */
920 if (instance != server->reconnect_instance) {
921 cifs_server_unlock(server);
922 for (j = 0; j < num_rqst; j++)
923 add_credits(server, &credits[j], optype);
924 return -EAGAIN;
925 }
926
927 for (i = 0; i < num_rqst; i++) {
928 midQ[i] = server->ops->setup_request(ses, server, &rqst[i]);
929 if (IS_ERR(midQ[i])) {
930 revert_current_mid(server, i);
931 for (j = 0; j < i; j++)
932 delete_mid(midQ[j]);
933 cifs_server_unlock(server);
934
935 /* Update # of requests on wire to server */
936 for (j = 0; j < num_rqst; j++)
937 add_credits(server, &credits[j], optype);
938 return PTR_ERR(midQ[i]);
939 }
940
941 midQ[i]->mid_state = MID_REQUEST_SUBMITTED;
942 midQ[i]->optype = optype;
943 /*
944 * Invoke callback for every part of the compound chain
945 * to calculate credits properly. Wake up this thread only when
946 * the last element is received.
947 */
948 if (i < num_rqst - 1)
949 midQ[i]->callback = cifs_compound_callback;
950 else
951 midQ[i]->callback = cifs_compound_last_callback;
952 }
953 rc = smb_send_rqst(server, num_rqst, rqst, flags);
954
955 for (i = 0; i < num_rqst; i++)
956 cifs_save_when_sent(midQ[i]);
957
958 if (rc < 0) {
959 revert_current_mid(server, num_rqst);
960 server->sequence_number -= 2;
961 }
962
963 cifs_server_unlock(server);
964
965 /*
966 * If sending failed for some reason or it is an oplock break that we
967 * will not receive a response to - return credits back
968 */
969 if (rc < 0 || (flags & CIFS_NO_SRV_RSP)) {
970 for (i = 0; i < num_rqst; i++)
971 add_credits(server, &credits[i], optype);
972 goto out;
973 }
974
975 /*
976 * At this point the request is passed to the network stack - we assume
977 * that any credits taken from the server structure on the client have
978 * been spent and we can't return them back. Once we receive responses
979 * we will collect credits granted by the server in the mid callbacks
980 * and add those credits to the server structure.
981 */
982
983 /*
984 * Compounding is never used during session establish.
985 */
986 spin_lock(&ses->ses_lock);
987 if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) {
988 spin_unlock(&ses->ses_lock);
989
990 cifs_server_lock(server);
991 smb311_update_preauth_hash(ses, server, rqst[0].rq_iov, rqst[0].rq_nvec);
992 cifs_server_unlock(server);
993
994 spin_lock(&ses->ses_lock);
995 }
996 spin_unlock(&ses->ses_lock);
997
998 for (i = 0; i < num_rqst; i++) {
999 rc = wait_for_response(server, midQ[i]);
1000 if (rc != 0)
1001 break;
1002 }
1003 if (rc != 0) {
1004 for (; i < num_rqst; i++) {
1005 cifs_server_dbg(FYI, "Cancelling wait for mid %llu cmd: %d\n",
1006 midQ[i]->mid, le16_to_cpu(midQ[i]->command));
1007 send_cancel(server, &rqst[i], midQ[i]);
1008 spin_lock(&server->mid_queue_lock);
1009 midQ[i]->wait_cancelled = true;
1010 if (midQ[i]->mid_state == MID_REQUEST_SUBMITTED ||
1011 midQ[i]->mid_state == MID_RESPONSE_RECEIVED) {
1012 midQ[i]->callback = cifs_cancelled_callback;
1013 cancelled_mid[i] = true;
1014 credits[i].value = 0;
1015 }
1016 spin_unlock(&server->mid_queue_lock);
1017 }
1018 }
1019
1020 for (i = 0; i < num_rqst; i++) {
1021 if (rc < 0)
1022 goto out;
1023
1024 rc = cifs_sync_mid_result(midQ[i], server);
1025 if (rc != 0) {
1026 /* mark this mid as cancelled to not free it below */
1027 cancelled_mid[i] = true;
1028 goto out;
1029 }
1030
1031 if (!midQ[i]->resp_buf ||
1032 midQ[i]->mid_state != MID_RESPONSE_READY) {
1033 rc = -EIO;
1034 cifs_dbg(FYI, "Bad MID state?\n");
1035 goto out;
1036 }
1037
1038 buf = (char *)midQ[i]->resp_buf;
1039 resp_iov[i].iov_base = buf;
1040 resp_iov[i].iov_len = midQ[i]->resp_buf_size +
1041 HEADER_PREAMBLE_SIZE(server);
1042
1043 if (midQ[i]->large_buf)
1044 resp_buf_type[i] = CIFS_LARGE_BUFFER;
1045 else
1046 resp_buf_type[i] = CIFS_SMALL_BUFFER;
1047
1048 rc = server->ops->check_receive(midQ[i], server,
1049 flags & CIFS_LOG_ERROR);
1050
1051 /* mark it so buf will not be freed by delete_mid */
1052 if ((flags & CIFS_NO_RSP_BUF) == 0)
1053 midQ[i]->resp_buf = NULL;
1054
1055 }
1056
1057 /*
1058 * Compounding is never used during session establish.
1059 */
1060 spin_lock(&ses->ses_lock);
1061 if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) {
1062 struct kvec iov = {
1063 .iov_base = resp_iov[0].iov_base,
1064 .iov_len = resp_iov[0].iov_len
1065 };
1066 spin_unlock(&ses->ses_lock);
1067 cifs_server_lock(server);
1068 smb311_update_preauth_hash(ses, server, &iov, 1);
1069 cifs_server_unlock(server);
1070 spin_lock(&ses->ses_lock);
1071 }
1072 spin_unlock(&ses->ses_lock);
1073
1074 out:
1075 /*
1076 * This will dequeue all mids. After this it is important that the
1077 * demultiplex_thread will not process any of these mids any further.
1078 * This is prevented above by using a noop callback that will not
1079 * wake this thread except for the very last PDU.
1080 */
1081 for (i = 0; i < num_rqst; i++) {
1082 if (!cancelled_mid[i])
1083 delete_mid(midQ[i]);
1084 }
1085
1086 return rc;
1087 }
1088
1089 int
cifs_send_recv(const unsigned int xid,struct cifs_ses * ses,struct TCP_Server_Info * server,struct smb_rqst * rqst,int * resp_buf_type,const int flags,struct kvec * resp_iov)1090 cifs_send_recv(const unsigned int xid, struct cifs_ses *ses,
1091 struct TCP_Server_Info *server,
1092 struct smb_rqst *rqst, int *resp_buf_type, const int flags,
1093 struct kvec *resp_iov)
1094 {
1095 return compound_send_recv(xid, ses, server, flags, 1,
1096 rqst, resp_buf_type, resp_iov);
1097 }
1098
1099
1100 /*
1101 * Discard any remaining data in the current SMB. To do this, we borrow the
1102 * current bigbuf.
1103 */
1104 int
cifs_discard_remaining_data(struct TCP_Server_Info * server)1105 cifs_discard_remaining_data(struct TCP_Server_Info *server)
1106 {
1107 unsigned int rfclen = server->pdu_size;
1108 size_t remaining = rfclen + HEADER_PREAMBLE_SIZE(server) -
1109 server->total_read;
1110
1111 while (remaining > 0) {
1112 ssize_t length;
1113
1114 length = cifs_discard_from_socket(server,
1115 min_t(size_t, remaining,
1116 CIFSMaxBufSize + MAX_HEADER_SIZE(server)));
1117 if (length < 0)
1118 return length;
1119 server->total_read += length;
1120 remaining -= length;
1121 }
1122
1123 return 0;
1124 }
1125
1126 static int
__cifs_readv_discard(struct TCP_Server_Info * server,struct mid_q_entry * mid,bool malformed)1127 __cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid,
1128 bool malformed)
1129 {
1130 int length;
1131
1132 length = cifs_discard_remaining_data(server);
1133 dequeue_mid(mid, malformed);
1134 mid->resp_buf = server->smallbuf;
1135 server->smallbuf = NULL;
1136 return length;
1137 }
1138
1139 static int
cifs_readv_discard(struct TCP_Server_Info * server,struct mid_q_entry * mid)1140 cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid)
1141 {
1142 struct cifs_io_subrequest *rdata = mid->callback_data;
1143
1144 return __cifs_readv_discard(server, mid, rdata->result);
1145 }
1146
1147 int
cifs_readv_receive(struct TCP_Server_Info * server,struct mid_q_entry * mid)1148 cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid)
1149 {
1150 int length, len;
1151 unsigned int data_offset, data_len;
1152 struct cifs_io_subrequest *rdata = mid->callback_data;
1153 char *buf = server->smallbuf;
1154 unsigned int buflen = server->pdu_size + HEADER_PREAMBLE_SIZE(server);
1155 bool use_rdma_mr = false;
1156
1157 cifs_dbg(FYI, "%s: mid=%llu offset=%llu bytes=%zu\n",
1158 __func__, mid->mid, rdata->subreq.start, rdata->subreq.len);
1159
1160 /*
1161 * read the rest of READ_RSP header (sans Data array), or whatever we
1162 * can if there's not enough data. At this point, we've read down to
1163 * the Mid.
1164 */
1165 len = min_t(unsigned int, buflen, server->vals->read_rsp_size) -
1166 HEADER_SIZE(server) + 1;
1167
1168 length = cifs_read_from_socket(server,
1169 buf + HEADER_SIZE(server) - 1, len);
1170 if (length < 0)
1171 return length;
1172 server->total_read += length;
1173
1174 if (server->ops->is_session_expired &&
1175 server->ops->is_session_expired(buf)) {
1176 cifs_reconnect(server, true);
1177 return -1;
1178 }
1179
1180 if (server->ops->is_status_pending &&
1181 server->ops->is_status_pending(buf, server)) {
1182 cifs_discard_remaining_data(server);
1183 return -1;
1184 }
1185
1186 /* set up first two iov for signature check and to get credits */
1187 rdata->iov[0].iov_base = buf;
1188 rdata->iov[0].iov_len = HEADER_PREAMBLE_SIZE(server);
1189 rdata->iov[1].iov_base = buf + HEADER_PREAMBLE_SIZE(server);
1190 rdata->iov[1].iov_len =
1191 server->total_read - HEADER_PREAMBLE_SIZE(server);
1192 cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu\n",
1193 rdata->iov[0].iov_base, rdata->iov[0].iov_len);
1194 cifs_dbg(FYI, "1: iov_base=%p iov_len=%zu\n",
1195 rdata->iov[1].iov_base, rdata->iov[1].iov_len);
1196
1197 /* Was the SMB read successful? */
1198 rdata->result = server->ops->map_error(buf, false);
1199 if (rdata->result != 0) {
1200 cifs_dbg(FYI, "%s: server returned error %d\n",
1201 __func__, rdata->result);
1202 /* normal error on read response */
1203 return __cifs_readv_discard(server, mid, false);
1204 }
1205
1206 /* Is there enough to get to the rest of the READ_RSP header? */
1207 if (server->total_read < server->vals->read_rsp_size) {
1208 cifs_dbg(FYI, "%s: server returned short header. got=%u expected=%zu\n",
1209 __func__, server->total_read,
1210 server->vals->read_rsp_size);
1211 rdata->result = -EIO;
1212 return cifs_readv_discard(server, mid);
1213 }
1214
1215 data_offset = server->ops->read_data_offset(buf) +
1216 HEADER_PREAMBLE_SIZE(server);
1217 if (data_offset < server->total_read) {
1218 /*
1219 * win2k8 sometimes sends an offset of 0 when the read
1220 * is beyond the EOF. Treat it as if the data starts just after
1221 * the header.
1222 */
1223 cifs_dbg(FYI, "%s: data offset (%u) inside read response header\n",
1224 __func__, data_offset);
1225 data_offset = server->total_read;
1226 } else if (data_offset > MAX_CIFS_SMALL_BUFFER_SIZE) {
1227 /* data_offset is beyond the end of smallbuf */
1228 cifs_dbg(FYI, "%s: data offset (%u) beyond end of smallbuf\n",
1229 __func__, data_offset);
1230 rdata->result = -EIO;
1231 return cifs_readv_discard(server, mid);
1232 }
1233
1234 cifs_dbg(FYI, "%s: total_read=%u data_offset=%u\n",
1235 __func__, server->total_read, data_offset);
1236
1237 len = data_offset - server->total_read;
1238 if (len > 0) {
1239 /* read any junk before data into the rest of smallbuf */
1240 length = cifs_read_from_socket(server,
1241 buf + server->total_read, len);
1242 if (length < 0)
1243 return length;
1244 server->total_read += length;
1245 }
1246
1247 /* how much data is in the response? */
1248 #ifdef CONFIG_CIFS_SMB_DIRECT
1249 use_rdma_mr = rdata->mr;
1250 #endif
1251 data_len = server->ops->read_data_length(buf, use_rdma_mr);
1252 if (!use_rdma_mr && (data_offset + data_len > buflen)) {
1253 /* data_len is corrupt -- discard frame */
1254 rdata->result = -EIO;
1255 return cifs_readv_discard(server, mid);
1256 }
1257
1258 #ifdef CONFIG_CIFS_SMB_DIRECT
1259 if (rdata->mr)
1260 length = data_len; /* An RDMA read is already done. */
1261 else
1262 #endif
1263 length = cifs_read_iter_from_socket(server, &rdata->subreq.io_iter,
1264 data_len);
1265 if (length > 0)
1266 rdata->got_bytes += length;
1267 server->total_read += length;
1268
1269 cifs_dbg(FYI, "total_read=%u buflen=%u remaining=%u\n",
1270 server->total_read, buflen, data_len);
1271
1272 /* discard anything left over */
1273 if (server->total_read < buflen)
1274 return cifs_readv_discard(server, mid);
1275
1276 dequeue_mid(mid, false);
1277 mid->resp_buf = server->smallbuf;
1278 server->smallbuf = NULL;
1279 return length;
1280 }
1281