1 // SPDX-License-Identifier: LGPL-2.1 2 /* 3 * 4 * Copyright (C) International Business Machines Corp., 2002,2008 5 * Author(s): Steve French (sfrench@us.ibm.com) 6 * Jeremy Allison (jra@samba.org) 2006. 7 * 8 */ 9 10 #include <linux/fs.h> 11 #include <linux/list.h> 12 #include <linux/gfp.h> 13 #include <linux/wait.h> 14 #include <linux/net.h> 15 #include <linux/delay.h> 16 #include <linux/freezer.h> 17 #include <linux/tcp.h> 18 #include <linux/bvec.h> 19 #include <linux/highmem.h> 20 #include <linux/uaccess.h> 21 #include <linux/processor.h> 22 #include <linux/mempool.h> 23 #include <linux/sched/signal.h> 24 #include <linux/task_io_accounting_ops.h> 25 #include "cifspdu.h" 26 #include "cifsglob.h" 27 #include "cifsproto.h" 28 #include "cifs_debug.h" 29 #include "smb2proto.h" 30 #include "smbdirect.h" 31 #include "compress.h" 32 33 void 34 cifs_wake_up_task(struct mid_q_entry *mid) 35 { 36 if (mid->mid_state == MID_RESPONSE_RECEIVED) 37 mid->mid_state = MID_RESPONSE_READY; 38 wake_up_process(mid->callback_data); 39 } 40 41 void __release_mid(struct kref *refcount) 42 { 43 struct mid_q_entry *midEntry = 44 container_of(refcount, struct mid_q_entry, refcount); 45 #ifdef CONFIG_CIFS_STATS2 46 __le16 command = midEntry->server->vals->lock_cmd; 47 __u16 smb_cmd = le16_to_cpu(midEntry->command); 48 unsigned long now; 49 unsigned long roundtrip_time; 50 #endif 51 struct TCP_Server_Info *server = midEntry->server; 52 53 if (midEntry->resp_buf && (midEntry->wait_cancelled) && 54 (midEntry->mid_state == MID_RESPONSE_RECEIVED || 55 midEntry->mid_state == MID_RESPONSE_READY) && 56 server->ops->handle_cancelled_mid) 57 server->ops->handle_cancelled_mid(midEntry, server); 58 59 midEntry->mid_state = MID_FREE; 60 atomic_dec(&mid_count); 61 if (midEntry->large_buf) 62 cifs_buf_release(midEntry->resp_buf); 63 else 64 cifs_small_buf_release(midEntry->resp_buf); 65 #ifdef CONFIG_CIFS_STATS2 66 now = jiffies; 67 if (now < midEntry->when_alloc) 68 cifs_server_dbg(VFS, "Invalid mid allocation time\n"); 69 roundtrip_time = now - midEntry->when_alloc; 70 71 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) { 72 if (atomic_read(&server->num_cmds[smb_cmd]) == 0) { 73 server->slowest_cmd[smb_cmd] = roundtrip_time; 74 server->fastest_cmd[smb_cmd] = roundtrip_time; 75 } else { 76 if (server->slowest_cmd[smb_cmd] < roundtrip_time) 77 server->slowest_cmd[smb_cmd] = roundtrip_time; 78 else if (server->fastest_cmd[smb_cmd] > roundtrip_time) 79 server->fastest_cmd[smb_cmd] = roundtrip_time; 80 } 81 cifs_stats_inc(&server->num_cmds[smb_cmd]); 82 server->time_per_cmd[smb_cmd] += roundtrip_time; 83 } 84 /* 85 * commands taking longer than one second (default) can be indications 86 * that something is wrong, unless it is quite a slow link or a very 87 * busy server. Note that this calc is unlikely or impossible to wrap 88 * as long as slow_rsp_threshold is not set way above recommended max 89 * value (32767 ie 9 hours) and is generally harmless even if wrong 90 * since only affects debug counters - so leaving the calc as simple 91 * comparison rather than doing multiple conversions and overflow 92 * checks 93 */ 94 if ((slow_rsp_threshold != 0) && 95 time_after(now, midEntry->when_alloc + (slow_rsp_threshold * HZ)) && 96 (midEntry->command != command)) { 97 /* 98 * smb2slowcmd[NUMBER_OF_SMB2_COMMANDS] counts by command 99 * NB: le16_to_cpu returns unsigned so can not be negative below 100 */ 101 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) 102 cifs_stats_inc(&server->smb2slowcmd[smb_cmd]); 103 104 trace_smb3_slow_rsp(smb_cmd, midEntry->mid, midEntry->pid, 105 midEntry->when_sent, midEntry->when_received); 106 if (cifsFYI & CIFS_TIMER) { 107 pr_debug("slow rsp: cmd %d mid %llu", 108 midEntry->command, midEntry->mid); 109 cifs_info("A: 0x%lx S: 0x%lx R: 0x%lx\n", 110 now - midEntry->when_alloc, 111 now - midEntry->when_sent, 112 now - midEntry->when_received); 113 } 114 } 115 #endif 116 put_task_struct(midEntry->creator); 117 118 mempool_free(midEntry, cifs_mid_poolp); 119 } 120 121 void 122 delete_mid(struct mid_q_entry *mid) 123 { 124 spin_lock(&mid->server->mid_queue_lock); 125 if (mid->deleted_from_q == false) { 126 list_del_init(&mid->qhead); 127 mid->deleted_from_q = true; 128 } 129 spin_unlock(&mid->server->mid_queue_lock); 130 131 release_mid(mid); 132 } 133 134 /* 135 * smb_send_kvec - send an array of kvecs to the server 136 * @server: Server to send the data to 137 * @smb_msg: Message to send 138 * @sent: amount of data sent on socket is stored here 139 * 140 * Our basic "send data to server" function. Should be called with srv_mutex 141 * held. The caller is responsible for handling the results. 142 */ 143 int 144 smb_send_kvec(struct TCP_Server_Info *server, struct msghdr *smb_msg, 145 size_t *sent) 146 { 147 int rc = 0; 148 int retries = 0; 149 struct socket *ssocket = server->ssocket; 150 151 *sent = 0; 152 153 if (server->noblocksnd) 154 smb_msg->msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL; 155 else 156 smb_msg->msg_flags = MSG_NOSIGNAL; 157 158 while (msg_data_left(smb_msg)) { 159 /* 160 * If blocking send, we try 3 times, since each can block 161 * for 5 seconds. For nonblocking we have to try more 162 * but wait increasing amounts of time allowing time for 163 * socket to clear. The overall time we wait in either 164 * case to send on the socket is about 15 seconds. 165 * Similarly we wait for 15 seconds for a response from 166 * the server in SendReceive[2] for the server to send 167 * a response back for most types of requests (except 168 * SMB Write past end of file which can be slow, and 169 * blocking lock operations). NFS waits slightly longer 170 * than CIFS, but this can make it take longer for 171 * nonresponsive servers to be detected and 15 seconds 172 * is more than enough time for modern networks to 173 * send a packet. In most cases if we fail to send 174 * after the retries we will kill the socket and 175 * reconnect which may clear the network problem. 176 */ 177 rc = sock_sendmsg(ssocket, smb_msg); 178 if (rc == -EAGAIN) { 179 retries++; 180 if (retries >= 14 || 181 (!server->noblocksnd && (retries > 2))) { 182 cifs_server_dbg(VFS, "sends on sock %p stuck for 15 seconds\n", 183 ssocket); 184 return -EAGAIN; 185 } 186 msleep(1 << retries); 187 continue; 188 } 189 190 if (rc < 0) 191 return rc; 192 193 if (rc == 0) { 194 /* should never happen, letting socket clear before 195 retrying is our only obvious option here */ 196 cifs_server_dbg(VFS, "tcp sent no data\n"); 197 msleep(500); 198 continue; 199 } 200 201 /* send was at least partially successful */ 202 *sent += rc; 203 retries = 0; /* in case we get ENOSPC on the next send */ 204 } 205 return 0; 206 } 207 208 unsigned long 209 smb_rqst_len(struct TCP_Server_Info *server, struct smb_rqst *rqst) 210 { 211 unsigned int i; 212 struct kvec *iov; 213 int nvec; 214 unsigned long buflen = 0; 215 216 if (!is_smb1(server) && rqst->rq_nvec >= 2 && 217 rqst->rq_iov[0].iov_len == 4) { 218 iov = &rqst->rq_iov[1]; 219 nvec = rqst->rq_nvec - 1; 220 } else { 221 iov = rqst->rq_iov; 222 nvec = rqst->rq_nvec; 223 } 224 225 /* total up iov array first */ 226 for (i = 0; i < nvec; i++) 227 buflen += iov[i].iov_len; 228 229 buflen += iov_iter_count(&rqst->rq_iter); 230 return buflen; 231 } 232 233 int __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst, 234 struct smb_rqst *rqst) 235 { 236 int rc; 237 struct kvec *iov; 238 int n_vec; 239 unsigned int send_length = 0; 240 unsigned int i, j; 241 sigset_t mask, oldmask; 242 size_t total_len = 0, sent, size; 243 struct socket *ssocket = server->ssocket; 244 struct msghdr smb_msg = {}; 245 __be32 rfc1002_marker; 246 247 cifs_in_send_inc(server); 248 if (cifs_rdma_enabled(server)) { 249 /* return -EAGAIN when connecting or reconnecting */ 250 rc = -EAGAIN; 251 if (server->smbd_conn) 252 rc = smbd_send(server, num_rqst, rqst); 253 goto smbd_done; 254 } 255 256 rc = -EAGAIN; 257 if (ssocket == NULL) 258 goto out; 259 260 rc = -ERESTARTSYS; 261 if (fatal_signal_pending(current)) { 262 cifs_dbg(FYI, "signal pending before send request\n"); 263 goto out; 264 } 265 266 rc = 0; 267 /* cork the socket */ 268 tcp_sock_set_cork(ssocket->sk, true); 269 270 for (j = 0; j < num_rqst; j++) 271 send_length += smb_rqst_len(server, &rqst[j]); 272 rfc1002_marker = cpu_to_be32(send_length); 273 274 /* 275 * We should not allow signals to interrupt the network send because 276 * any partial send will cause session reconnects thus increasing 277 * latency of system calls and overload a server with unnecessary 278 * requests. 279 */ 280 281 sigfillset(&mask); 282 sigprocmask(SIG_BLOCK, &mask, &oldmask); 283 284 /* Generate a rfc1002 marker for SMB2+ */ 285 if (!is_smb1(server)) { 286 struct kvec hiov = { 287 .iov_base = &rfc1002_marker, 288 .iov_len = 4 289 }; 290 iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, &hiov, 1, 4); 291 rc = smb_send_kvec(server, &smb_msg, &sent); 292 if (rc < 0) 293 goto unmask; 294 295 total_len += sent; 296 send_length += 4; 297 } 298 299 cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length); 300 301 for (j = 0; j < num_rqst; j++) { 302 iov = rqst[j].rq_iov; 303 n_vec = rqst[j].rq_nvec; 304 305 size = 0; 306 for (i = 0; i < n_vec; i++) { 307 dump_smb(iov[i].iov_base, iov[i].iov_len); 308 size += iov[i].iov_len; 309 } 310 311 iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, iov, n_vec, size); 312 313 rc = smb_send_kvec(server, &smb_msg, &sent); 314 if (rc < 0) 315 goto unmask; 316 317 total_len += sent; 318 319 if (iov_iter_count(&rqst[j].rq_iter) > 0) { 320 smb_msg.msg_iter = rqst[j].rq_iter; 321 rc = smb_send_kvec(server, &smb_msg, &sent); 322 if (rc < 0) 323 break; 324 total_len += sent; 325 } 326 327 } 328 329 unmask: 330 sigprocmask(SIG_SETMASK, &oldmask, NULL); 331 332 /* 333 * If signal is pending but we have already sent the whole packet to 334 * the server we need to return success status to allow a corresponding 335 * mid entry to be kept in the pending requests queue thus allowing 336 * to handle responses from the server by the client. 337 * 338 * If only part of the packet has been sent there is no need to hide 339 * interrupt because the session will be reconnected anyway, so there 340 * won't be any response from the server to handle. 341 */ 342 343 if (signal_pending(current) && (total_len != send_length)) { 344 cifs_dbg(FYI, "signal is pending after attempt to send\n"); 345 rc = -ERESTARTSYS; 346 } 347 348 /* uncork it */ 349 tcp_sock_set_cork(ssocket->sk, false); 350 351 if ((total_len > 0) && (total_len != send_length)) { 352 cifs_dbg(FYI, "partial send (wanted=%u sent=%zu): terminating session\n", 353 send_length, total_len); 354 /* 355 * If we have only sent part of an SMB then the next SMB could 356 * be taken as the remainder of this one. We need to kill the 357 * socket so the server throws away the partial SMB 358 */ 359 cifs_signal_cifsd_for_reconnect(server, false); 360 trace_smb3_partial_send_reconnect(server->current_mid, 361 server->conn_id, server->hostname); 362 } 363 smbd_done: 364 /* 365 * there's hardly any use for the layers above to know the 366 * actual error code here. All they should do at this point is 367 * to retry the connection and hope it goes away. 368 */ 369 if (rc < 0 && rc != -EINTR && rc != -EAGAIN) { 370 cifs_server_dbg(VFS, "Error %d sending data on socket to server\n", 371 rc); 372 rc = -ECONNABORTED; 373 cifs_signal_cifsd_for_reconnect(server, false); 374 } else if (rc > 0) 375 rc = 0; 376 out: 377 cifs_in_send_dec(server); 378 return rc; 379 } 380 381 static int 382 smb_send_rqst(struct TCP_Server_Info *server, int num_rqst, 383 struct smb_rqst *rqst, int flags) 384 { 385 struct smb2_transform_hdr tr_hdr; 386 struct smb_rqst new_rqst[MAX_COMPOUND] = {}; 387 struct kvec iov = { 388 .iov_base = &tr_hdr, 389 .iov_len = sizeof(tr_hdr), 390 }; 391 int rc; 392 393 if (flags & CIFS_COMPRESS_REQ) 394 return smb_compress(server, &rqst[0], __smb_send_rqst); 395 396 if (!(flags & CIFS_TRANSFORM_REQ)) 397 return __smb_send_rqst(server, num_rqst, rqst); 398 399 if (WARN_ON_ONCE(num_rqst > MAX_COMPOUND - 1)) 400 return -EIO; 401 402 if (!server->ops->init_transform_rq) { 403 cifs_server_dbg(VFS, "Encryption requested but transform callback is missing\n"); 404 return -EIO; 405 } 406 407 new_rqst[0].rq_iov = &iov; 408 new_rqst[0].rq_nvec = 1; 409 410 rc = server->ops->init_transform_rq(server, num_rqst + 1, 411 new_rqst, rqst); 412 if (!rc) { 413 rc = __smb_send_rqst(server, num_rqst + 1, new_rqst); 414 smb3_free_compound_rqst(num_rqst, &new_rqst[1]); 415 } 416 return rc; 417 } 418 419 static int 420 wait_for_free_credits(struct TCP_Server_Info *server, const int num_credits, 421 const int timeout, const int flags, 422 unsigned int *instance) 423 { 424 long rc; 425 int *credits; 426 int optype; 427 long int t; 428 int scredits, in_flight; 429 430 if (timeout < 0) 431 t = MAX_JIFFY_OFFSET; 432 else 433 t = msecs_to_jiffies(timeout); 434 435 optype = flags & CIFS_OP_MASK; 436 437 *instance = 0; 438 439 credits = server->ops->get_credits_field(server, optype); 440 /* Since an echo is already inflight, no need to wait to send another */ 441 if (*credits <= 0 && optype == CIFS_ECHO_OP) 442 return -EAGAIN; 443 444 spin_lock(&server->req_lock); 445 if ((flags & CIFS_TIMEOUT_MASK) == CIFS_NON_BLOCKING) { 446 /* oplock breaks must not be held up */ 447 server->in_flight++; 448 if (server->in_flight > server->max_in_flight) 449 server->max_in_flight = server->in_flight; 450 *credits -= 1; 451 *instance = server->reconnect_instance; 452 scredits = *credits; 453 in_flight = server->in_flight; 454 spin_unlock(&server->req_lock); 455 456 trace_smb3_nblk_credits(server->current_mid, 457 server->conn_id, server->hostname, scredits, -1, in_flight); 458 cifs_dbg(FYI, "%s: remove %u credits total=%d\n", 459 __func__, 1, scredits); 460 461 return 0; 462 } 463 464 while (1) { 465 spin_unlock(&server->req_lock); 466 467 spin_lock(&server->srv_lock); 468 if (server->tcpStatus == CifsExiting) { 469 spin_unlock(&server->srv_lock); 470 return -ENOENT; 471 } 472 spin_unlock(&server->srv_lock); 473 474 spin_lock(&server->req_lock); 475 if (*credits < num_credits) { 476 scredits = *credits; 477 spin_unlock(&server->req_lock); 478 479 cifs_num_waiters_inc(server); 480 rc = wait_event_killable_timeout(server->request_q, 481 has_credits(server, credits, num_credits), t); 482 cifs_num_waiters_dec(server); 483 if (!rc) { 484 spin_lock(&server->req_lock); 485 scredits = *credits; 486 in_flight = server->in_flight; 487 spin_unlock(&server->req_lock); 488 489 trace_smb3_credit_timeout(server->current_mid, 490 server->conn_id, server->hostname, scredits, 491 num_credits, in_flight); 492 cifs_server_dbg(VFS, "wait timed out after %d ms\n", 493 timeout); 494 return -EBUSY; 495 } 496 if (rc == -ERESTARTSYS) 497 return -ERESTARTSYS; 498 spin_lock(&server->req_lock); 499 } else { 500 /* 501 * For normal commands, reserve the last MAX_COMPOUND 502 * credits to compound requests. 503 * Otherwise these compounds could be permanently 504 * starved for credits by single-credit requests. 505 * 506 * To prevent spinning CPU, block this thread until 507 * there are >MAX_COMPOUND credits available. 508 * But only do this is we already have a lot of 509 * credits in flight to avoid triggering this check 510 * for servers that are slow to hand out credits on 511 * new sessions. 512 */ 513 if (!optype && num_credits == 1 && 514 server->in_flight > 2 * MAX_COMPOUND && 515 *credits <= MAX_COMPOUND) { 516 spin_unlock(&server->req_lock); 517 518 cifs_num_waiters_inc(server); 519 rc = wait_event_killable_timeout( 520 server->request_q, 521 has_credits(server, credits, 522 MAX_COMPOUND + 1), 523 t); 524 cifs_num_waiters_dec(server); 525 if (!rc) { 526 spin_lock(&server->req_lock); 527 scredits = *credits; 528 in_flight = server->in_flight; 529 spin_unlock(&server->req_lock); 530 531 trace_smb3_credit_timeout( 532 server->current_mid, 533 server->conn_id, server->hostname, 534 scredits, num_credits, in_flight); 535 cifs_server_dbg(VFS, "wait timed out after %d ms\n", 536 timeout); 537 return -EBUSY; 538 } 539 if (rc == -ERESTARTSYS) 540 return -ERESTARTSYS; 541 spin_lock(&server->req_lock); 542 continue; 543 } 544 545 /* 546 * Can not count locking commands against total 547 * as they are allowed to block on server. 548 */ 549 550 /* update # of requests on the wire to server */ 551 if ((flags & CIFS_TIMEOUT_MASK) != CIFS_BLOCKING_OP) { 552 *credits -= num_credits; 553 server->in_flight += num_credits; 554 if (server->in_flight > server->max_in_flight) 555 server->max_in_flight = server->in_flight; 556 *instance = server->reconnect_instance; 557 } 558 scredits = *credits; 559 in_flight = server->in_flight; 560 spin_unlock(&server->req_lock); 561 562 trace_smb3_waitff_credits(server->current_mid, 563 server->conn_id, server->hostname, scredits, 564 -(num_credits), in_flight); 565 cifs_dbg(FYI, "%s: remove %u credits total=%d\n", 566 __func__, num_credits, scredits); 567 break; 568 } 569 } 570 return 0; 571 } 572 573 int wait_for_free_request(struct TCP_Server_Info *server, const int flags, 574 unsigned int *instance) 575 { 576 return wait_for_free_credits(server, 1, -1, flags, 577 instance); 578 } 579 580 static int 581 wait_for_compound_request(struct TCP_Server_Info *server, int num, 582 const int flags, unsigned int *instance) 583 { 584 int *credits; 585 int scredits, in_flight; 586 587 credits = server->ops->get_credits_field(server, flags & CIFS_OP_MASK); 588 589 spin_lock(&server->req_lock); 590 scredits = *credits; 591 in_flight = server->in_flight; 592 593 if (*credits < num) { 594 /* 595 * If the server is tight on resources or just gives us less 596 * credits for other reasons (e.g. requests are coming out of 597 * order and the server delays granting more credits until it 598 * processes a missing mid) and we exhausted most available 599 * credits there may be situations when we try to send 600 * a compound request but we don't have enough credits. At this 601 * point the client needs to decide if it should wait for 602 * additional credits or fail the request. If at least one 603 * request is in flight there is a high probability that the 604 * server will return enough credits to satisfy this compound 605 * request. 606 * 607 * Return immediately if no requests in flight since we will be 608 * stuck on waiting for credits. 609 */ 610 if (server->in_flight == 0) { 611 spin_unlock(&server->req_lock); 612 trace_smb3_insufficient_credits(server->current_mid, 613 server->conn_id, server->hostname, scredits, 614 num, in_flight); 615 cifs_dbg(FYI, "%s: %d requests in flight, needed %d total=%d\n", 616 __func__, in_flight, num, scredits); 617 return -EDEADLK; 618 } 619 } 620 spin_unlock(&server->req_lock); 621 622 return wait_for_free_credits(server, num, 60000, flags, 623 instance); 624 } 625 626 int 627 cifs_wait_mtu_credits(struct TCP_Server_Info *server, size_t size, 628 size_t *num, struct cifs_credits *credits) 629 { 630 *num = size; 631 credits->value = 0; 632 credits->instance = server->reconnect_instance; 633 return 0; 634 } 635 636 int wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ) 637 { 638 int error; 639 640 error = wait_event_state(server->response_q, 641 midQ->mid_state != MID_REQUEST_SUBMITTED && 642 midQ->mid_state != MID_RESPONSE_RECEIVED, 643 (TASK_KILLABLE|TASK_FREEZABLE_UNSAFE)); 644 if (error < 0) 645 return -ERESTARTSYS; 646 647 return 0; 648 } 649 650 /* 651 * Send a SMB request and set the callback function in the mid to handle 652 * the result. Caller is responsible for dealing with timeouts. 653 */ 654 int 655 cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst, 656 mid_receive_t *receive, mid_callback_t *callback, 657 mid_handle_t *handle, void *cbdata, const int flags, 658 const struct cifs_credits *exist_credits) 659 { 660 int rc; 661 struct mid_q_entry *mid; 662 struct cifs_credits credits = { .value = 0, .instance = 0 }; 663 unsigned int instance; 664 int optype; 665 666 optype = flags & CIFS_OP_MASK; 667 668 if ((flags & CIFS_HAS_CREDITS) == 0) { 669 rc = wait_for_free_request(server, flags, &instance); 670 if (rc) 671 return rc; 672 credits.value = 1; 673 credits.instance = instance; 674 } else 675 instance = exist_credits->instance; 676 677 cifs_server_lock(server); 678 679 /* 680 * We can't use credits obtained from the previous session to send this 681 * request. Check if there were reconnects after we obtained credits and 682 * return -EAGAIN in such cases to let callers handle it. 683 */ 684 if (instance != server->reconnect_instance) { 685 cifs_server_unlock(server); 686 add_credits_and_wake_if(server, &credits, optype); 687 return -EAGAIN; 688 } 689 690 mid = server->ops->setup_async_request(server, rqst); 691 if (IS_ERR(mid)) { 692 cifs_server_unlock(server); 693 add_credits_and_wake_if(server, &credits, optype); 694 return PTR_ERR(mid); 695 } 696 697 mid->receive = receive; 698 mid->callback = callback; 699 mid->callback_data = cbdata; 700 mid->handle = handle; 701 mid->mid_state = MID_REQUEST_SUBMITTED; 702 703 /* put it on the pending_mid_q */ 704 spin_lock(&server->mid_queue_lock); 705 list_add_tail(&mid->qhead, &server->pending_mid_q); 706 spin_unlock(&server->mid_queue_lock); 707 708 /* 709 * Need to store the time in mid before calling I/O. For call_async, 710 * I/O response may come back and free the mid entry on another thread. 711 */ 712 cifs_save_when_sent(mid); 713 rc = smb_send_rqst(server, 1, rqst, flags); 714 715 if (rc < 0) { 716 revert_current_mid(server, mid->credits); 717 server->sequence_number -= 2; 718 delete_mid(mid); 719 } 720 721 cifs_server_unlock(server); 722 723 if (rc == 0) 724 return 0; 725 726 add_credits_and_wake_if(server, &credits, optype); 727 return rc; 728 } 729 730 int cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server) 731 { 732 int rc = 0; 733 734 cifs_dbg(FYI, "%s: cmd=%d mid=%llu state=%d\n", 735 __func__, le16_to_cpu(mid->command), mid->mid, mid->mid_state); 736 737 spin_lock(&server->mid_queue_lock); 738 switch (mid->mid_state) { 739 case MID_RESPONSE_READY: 740 spin_unlock(&server->mid_queue_lock); 741 return rc; 742 case MID_RETRY_NEEDED: 743 rc = -EAGAIN; 744 break; 745 case MID_RESPONSE_MALFORMED: 746 rc = -EIO; 747 break; 748 case MID_SHUTDOWN: 749 rc = -EHOSTDOWN; 750 break; 751 case MID_RC: 752 rc = mid->mid_rc; 753 break; 754 default: 755 if (mid->deleted_from_q == false) { 756 list_del_init(&mid->qhead); 757 mid->deleted_from_q = true; 758 } 759 spin_unlock(&server->mid_queue_lock); 760 cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n", 761 __func__, mid->mid, mid->mid_state); 762 rc = -EIO; 763 goto sync_mid_done; 764 } 765 spin_unlock(&server->mid_queue_lock); 766 767 sync_mid_done: 768 release_mid(mid); 769 return rc; 770 } 771 772 static void 773 cifs_compound_callback(struct mid_q_entry *mid) 774 { 775 struct TCP_Server_Info *server = mid->server; 776 struct cifs_credits credits = { 777 .value = server->ops->get_credits(mid), 778 .instance = server->reconnect_instance, 779 }; 780 781 add_credits(server, &credits, mid->optype); 782 783 if (mid->mid_state == MID_RESPONSE_RECEIVED) 784 mid->mid_state = MID_RESPONSE_READY; 785 } 786 787 static void 788 cifs_compound_last_callback(struct mid_q_entry *mid) 789 { 790 cifs_compound_callback(mid); 791 cifs_wake_up_task(mid); 792 } 793 794 static void 795 cifs_cancelled_callback(struct mid_q_entry *mid) 796 { 797 cifs_compound_callback(mid); 798 release_mid(mid); 799 } 800 801 /* 802 * Return a channel (master if none) of @ses that can be used to send 803 * regular requests. 804 * 805 * If we are currently binding a new channel (negprot/sess.setup), 806 * return the new incomplete channel. 807 */ 808 struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) 809 { 810 uint index = 0; 811 unsigned int min_in_flight = UINT_MAX, max_in_flight = 0; 812 struct TCP_Server_Info *server = NULL; 813 int i, start, cur; 814 815 if (!ses) 816 return NULL; 817 818 spin_lock(&ses->chan_lock); 819 start = atomic_inc_return(&ses->chan_seq); 820 for (i = 0; i < ses->chan_count; i++) { 821 cur = (start + i) % ses->chan_count; 822 server = ses->chans[cur].server; 823 if (!server || server->terminate) 824 continue; 825 826 if (CIFS_CHAN_NEEDS_RECONNECT(ses, i)) 827 continue; 828 829 /* 830 * strictly speaking, we should pick up req_lock to read 831 * server->in_flight. But it shouldn't matter much here if we 832 * race while reading this data. The worst that can happen is 833 * that we could use a channel that's not least loaded. Avoiding 834 * taking the lock could help reduce wait time, which is 835 * important for this function 836 */ 837 if (server->in_flight < min_in_flight) { 838 min_in_flight = server->in_flight; 839 index = cur; 840 } 841 if (server->in_flight > max_in_flight) 842 max_in_flight = server->in_flight; 843 } 844 845 /* if all channels are equally loaded, fall back to round-robin */ 846 if (min_in_flight == max_in_flight) 847 index = (uint)start % ses->chan_count; 848 849 server = ses->chans[index].server; 850 spin_unlock(&ses->chan_lock); 851 852 return server; 853 } 854 855 int 856 compound_send_recv(const unsigned int xid, struct cifs_ses *ses, 857 struct TCP_Server_Info *server, 858 const int flags, const int num_rqst, struct smb_rqst *rqst, 859 int *resp_buf_type, struct kvec *resp_iov) 860 { 861 int i, j, optype, rc = 0; 862 struct mid_q_entry *midQ[MAX_COMPOUND]; 863 bool cancelled_mid[MAX_COMPOUND] = {false}; 864 struct cifs_credits credits[MAX_COMPOUND] = { 865 { .value = 0, .instance = 0 } 866 }; 867 unsigned int instance; 868 char *buf; 869 870 optype = flags & CIFS_OP_MASK; 871 872 for (i = 0; i < num_rqst; i++) 873 resp_buf_type[i] = CIFS_NO_BUFFER; /* no response buf yet */ 874 875 if (!ses || !ses->server || !server) { 876 cifs_dbg(VFS, "Null session\n"); 877 return -EIO; 878 } 879 880 spin_lock(&server->srv_lock); 881 if (server->tcpStatus == CifsExiting) { 882 spin_unlock(&server->srv_lock); 883 return -ENOENT; 884 } 885 spin_unlock(&server->srv_lock); 886 887 /* 888 * Wait for all the requests to become available. 889 * This approach still leaves the possibility to be stuck waiting for 890 * credits if the server doesn't grant credits to the outstanding 891 * requests and if the client is completely idle, not generating any 892 * other requests. 893 * This can be handled by the eventual session reconnect. 894 */ 895 rc = wait_for_compound_request(server, num_rqst, flags, 896 &instance); 897 if (rc) 898 return rc; 899 900 for (i = 0; i < num_rqst; i++) { 901 credits[i].value = 1; 902 credits[i].instance = instance; 903 } 904 905 /* 906 * Make sure that we sign in the same order that we send on this socket 907 * and avoid races inside tcp sendmsg code that could cause corruption 908 * of smb data. 909 */ 910 911 cifs_server_lock(server); 912 913 /* 914 * All the parts of the compound chain belong obtained credits from the 915 * same session. We can not use credits obtained from the previous 916 * session to send this request. Check if there were reconnects after 917 * we obtained credits and return -EAGAIN in such cases to let callers 918 * handle it. 919 */ 920 if (instance != server->reconnect_instance) { 921 cifs_server_unlock(server); 922 for (j = 0; j < num_rqst; j++) 923 add_credits(server, &credits[j], optype); 924 return -EAGAIN; 925 } 926 927 for (i = 0; i < num_rqst; i++) { 928 midQ[i] = server->ops->setup_request(ses, server, &rqst[i]); 929 if (IS_ERR(midQ[i])) { 930 revert_current_mid(server, i); 931 for (j = 0; j < i; j++) 932 delete_mid(midQ[j]); 933 cifs_server_unlock(server); 934 935 /* Update # of requests on wire to server */ 936 for (j = 0; j < num_rqst; j++) 937 add_credits(server, &credits[j], optype); 938 return PTR_ERR(midQ[i]); 939 } 940 941 midQ[i]->mid_state = MID_REQUEST_SUBMITTED; 942 midQ[i]->optype = optype; 943 /* 944 * Invoke callback for every part of the compound chain 945 * to calculate credits properly. Wake up this thread only when 946 * the last element is received. 947 */ 948 if (i < num_rqst - 1) 949 midQ[i]->callback = cifs_compound_callback; 950 else 951 midQ[i]->callback = cifs_compound_last_callback; 952 } 953 rc = smb_send_rqst(server, num_rqst, rqst, flags); 954 955 for (i = 0; i < num_rqst; i++) 956 cifs_save_when_sent(midQ[i]); 957 958 if (rc < 0) { 959 revert_current_mid(server, num_rqst); 960 server->sequence_number -= 2; 961 } 962 963 cifs_server_unlock(server); 964 965 /* 966 * If sending failed for some reason or it is an oplock break that we 967 * will not receive a response to - return credits back 968 */ 969 if (rc < 0 || (flags & CIFS_NO_SRV_RSP)) { 970 for (i = 0; i < num_rqst; i++) 971 add_credits(server, &credits[i], optype); 972 goto out; 973 } 974 975 /* 976 * At this point the request is passed to the network stack - we assume 977 * that any credits taken from the server structure on the client have 978 * been spent and we can't return them back. Once we receive responses 979 * we will collect credits granted by the server in the mid callbacks 980 * and add those credits to the server structure. 981 */ 982 983 /* 984 * Compounding is never used during session establish. 985 */ 986 spin_lock(&ses->ses_lock); 987 if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) { 988 spin_unlock(&ses->ses_lock); 989 990 cifs_server_lock(server); 991 smb311_update_preauth_hash(ses, server, rqst[0].rq_iov, rqst[0].rq_nvec); 992 cifs_server_unlock(server); 993 994 spin_lock(&ses->ses_lock); 995 } 996 spin_unlock(&ses->ses_lock); 997 998 for (i = 0; i < num_rqst; i++) { 999 rc = wait_for_response(server, midQ[i]); 1000 if (rc != 0) 1001 break; 1002 } 1003 if (rc != 0) { 1004 for (; i < num_rqst; i++) { 1005 cifs_server_dbg(FYI, "Cancelling wait for mid %llu cmd: %d\n", 1006 midQ[i]->mid, le16_to_cpu(midQ[i]->command)); 1007 send_cancel(server, &rqst[i], midQ[i]); 1008 spin_lock(&server->mid_queue_lock); 1009 midQ[i]->wait_cancelled = true; 1010 if (midQ[i]->mid_state == MID_REQUEST_SUBMITTED || 1011 midQ[i]->mid_state == MID_RESPONSE_RECEIVED) { 1012 midQ[i]->callback = cifs_cancelled_callback; 1013 cancelled_mid[i] = true; 1014 credits[i].value = 0; 1015 } 1016 spin_unlock(&server->mid_queue_lock); 1017 } 1018 } 1019 1020 for (i = 0; i < num_rqst; i++) { 1021 if (rc < 0) 1022 goto out; 1023 1024 rc = cifs_sync_mid_result(midQ[i], server); 1025 if (rc != 0) { 1026 /* mark this mid as cancelled to not free it below */ 1027 cancelled_mid[i] = true; 1028 goto out; 1029 } 1030 1031 if (!midQ[i]->resp_buf || 1032 midQ[i]->mid_state != MID_RESPONSE_READY) { 1033 rc = -EIO; 1034 cifs_dbg(FYI, "Bad MID state?\n"); 1035 goto out; 1036 } 1037 1038 buf = (char *)midQ[i]->resp_buf; 1039 resp_iov[i].iov_base = buf; 1040 resp_iov[i].iov_len = midQ[i]->resp_buf_size + 1041 HEADER_PREAMBLE_SIZE(server); 1042 1043 if (midQ[i]->large_buf) 1044 resp_buf_type[i] = CIFS_LARGE_BUFFER; 1045 else 1046 resp_buf_type[i] = CIFS_SMALL_BUFFER; 1047 1048 rc = server->ops->check_receive(midQ[i], server, 1049 flags & CIFS_LOG_ERROR); 1050 1051 /* mark it so buf will not be freed by delete_mid */ 1052 if ((flags & CIFS_NO_RSP_BUF) == 0) 1053 midQ[i]->resp_buf = NULL; 1054 1055 } 1056 1057 /* 1058 * Compounding is never used during session establish. 1059 */ 1060 spin_lock(&ses->ses_lock); 1061 if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) { 1062 struct kvec iov = { 1063 .iov_base = resp_iov[0].iov_base, 1064 .iov_len = resp_iov[0].iov_len 1065 }; 1066 spin_unlock(&ses->ses_lock); 1067 cifs_server_lock(server); 1068 smb311_update_preauth_hash(ses, server, &iov, 1); 1069 cifs_server_unlock(server); 1070 spin_lock(&ses->ses_lock); 1071 } 1072 spin_unlock(&ses->ses_lock); 1073 1074 out: 1075 /* 1076 * This will dequeue all mids. After this it is important that the 1077 * demultiplex_thread will not process any of these mids any further. 1078 * This is prevented above by using a noop callback that will not 1079 * wake this thread except for the very last PDU. 1080 */ 1081 for (i = 0; i < num_rqst; i++) { 1082 if (!cancelled_mid[i]) 1083 delete_mid(midQ[i]); 1084 } 1085 1086 return rc; 1087 } 1088 1089 int 1090 cifs_send_recv(const unsigned int xid, struct cifs_ses *ses, 1091 struct TCP_Server_Info *server, 1092 struct smb_rqst *rqst, int *resp_buf_type, const int flags, 1093 struct kvec *resp_iov) 1094 { 1095 return compound_send_recv(xid, ses, server, flags, 1, 1096 rqst, resp_buf_type, resp_iov); 1097 } 1098 1099 1100 /* 1101 * Discard any remaining data in the current SMB. To do this, we borrow the 1102 * current bigbuf. 1103 */ 1104 int 1105 cifs_discard_remaining_data(struct TCP_Server_Info *server) 1106 { 1107 unsigned int rfclen = server->pdu_size; 1108 size_t remaining = rfclen + HEADER_PREAMBLE_SIZE(server) - 1109 server->total_read; 1110 1111 while (remaining > 0) { 1112 ssize_t length; 1113 1114 length = cifs_discard_from_socket(server, 1115 min_t(size_t, remaining, 1116 CIFSMaxBufSize + MAX_HEADER_SIZE(server))); 1117 if (length < 0) 1118 return length; 1119 server->total_read += length; 1120 remaining -= length; 1121 } 1122 1123 return 0; 1124 } 1125 1126 static int 1127 __cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid, 1128 bool malformed) 1129 { 1130 int length; 1131 1132 length = cifs_discard_remaining_data(server); 1133 dequeue_mid(mid, malformed); 1134 mid->resp_buf = server->smallbuf; 1135 server->smallbuf = NULL; 1136 return length; 1137 } 1138 1139 static int 1140 cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid) 1141 { 1142 struct cifs_io_subrequest *rdata = mid->callback_data; 1143 1144 return __cifs_readv_discard(server, mid, rdata->result); 1145 } 1146 1147 int 1148 cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid) 1149 { 1150 int length, len; 1151 unsigned int data_offset, data_len; 1152 struct cifs_io_subrequest *rdata = mid->callback_data; 1153 char *buf = server->smallbuf; 1154 unsigned int buflen = server->pdu_size + HEADER_PREAMBLE_SIZE(server); 1155 bool use_rdma_mr = false; 1156 1157 cifs_dbg(FYI, "%s: mid=%llu offset=%llu bytes=%zu\n", 1158 __func__, mid->mid, rdata->subreq.start, rdata->subreq.len); 1159 1160 /* 1161 * read the rest of READ_RSP header (sans Data array), or whatever we 1162 * can if there's not enough data. At this point, we've read down to 1163 * the Mid. 1164 */ 1165 len = min_t(unsigned int, buflen, server->vals->read_rsp_size) - 1166 HEADER_SIZE(server) + 1; 1167 1168 length = cifs_read_from_socket(server, 1169 buf + HEADER_SIZE(server) - 1, len); 1170 if (length < 0) 1171 return length; 1172 server->total_read += length; 1173 1174 if (server->ops->is_session_expired && 1175 server->ops->is_session_expired(buf)) { 1176 cifs_reconnect(server, true); 1177 return -1; 1178 } 1179 1180 if (server->ops->is_status_pending && 1181 server->ops->is_status_pending(buf, server)) { 1182 cifs_discard_remaining_data(server); 1183 return -1; 1184 } 1185 1186 /* set up first two iov for signature check and to get credits */ 1187 rdata->iov[0].iov_base = buf; 1188 rdata->iov[0].iov_len = HEADER_PREAMBLE_SIZE(server); 1189 rdata->iov[1].iov_base = buf + HEADER_PREAMBLE_SIZE(server); 1190 rdata->iov[1].iov_len = 1191 server->total_read - HEADER_PREAMBLE_SIZE(server); 1192 cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu\n", 1193 rdata->iov[0].iov_base, rdata->iov[0].iov_len); 1194 cifs_dbg(FYI, "1: iov_base=%p iov_len=%zu\n", 1195 rdata->iov[1].iov_base, rdata->iov[1].iov_len); 1196 1197 /* Was the SMB read successful? */ 1198 rdata->result = server->ops->map_error(buf, false); 1199 if (rdata->result != 0) { 1200 cifs_dbg(FYI, "%s: server returned error %d\n", 1201 __func__, rdata->result); 1202 /* normal error on read response */ 1203 return __cifs_readv_discard(server, mid, false); 1204 } 1205 1206 /* Is there enough to get to the rest of the READ_RSP header? */ 1207 if (server->total_read < server->vals->read_rsp_size) { 1208 cifs_dbg(FYI, "%s: server returned short header. got=%u expected=%zu\n", 1209 __func__, server->total_read, 1210 server->vals->read_rsp_size); 1211 rdata->result = -EIO; 1212 return cifs_readv_discard(server, mid); 1213 } 1214 1215 data_offset = server->ops->read_data_offset(buf) + 1216 HEADER_PREAMBLE_SIZE(server); 1217 if (data_offset < server->total_read) { 1218 /* 1219 * win2k8 sometimes sends an offset of 0 when the read 1220 * is beyond the EOF. Treat it as if the data starts just after 1221 * the header. 1222 */ 1223 cifs_dbg(FYI, "%s: data offset (%u) inside read response header\n", 1224 __func__, data_offset); 1225 data_offset = server->total_read; 1226 } else if (data_offset > MAX_CIFS_SMALL_BUFFER_SIZE) { 1227 /* data_offset is beyond the end of smallbuf */ 1228 cifs_dbg(FYI, "%s: data offset (%u) beyond end of smallbuf\n", 1229 __func__, data_offset); 1230 rdata->result = -EIO; 1231 return cifs_readv_discard(server, mid); 1232 } 1233 1234 cifs_dbg(FYI, "%s: total_read=%u data_offset=%u\n", 1235 __func__, server->total_read, data_offset); 1236 1237 len = data_offset - server->total_read; 1238 if (len > 0) { 1239 /* read any junk before data into the rest of smallbuf */ 1240 length = cifs_read_from_socket(server, 1241 buf + server->total_read, len); 1242 if (length < 0) 1243 return length; 1244 server->total_read += length; 1245 } 1246 1247 /* how much data is in the response? */ 1248 #ifdef CONFIG_CIFS_SMB_DIRECT 1249 use_rdma_mr = rdata->mr; 1250 #endif 1251 data_len = server->ops->read_data_length(buf, use_rdma_mr); 1252 if (!use_rdma_mr && (data_offset + data_len > buflen)) { 1253 /* data_len is corrupt -- discard frame */ 1254 rdata->result = -EIO; 1255 return cifs_readv_discard(server, mid); 1256 } 1257 1258 #ifdef CONFIG_CIFS_SMB_DIRECT 1259 if (rdata->mr) 1260 length = data_len; /* An RDMA read is already done. */ 1261 else 1262 #endif 1263 length = cifs_read_iter_from_socket(server, &rdata->subreq.io_iter, 1264 data_len); 1265 if (length > 0) 1266 rdata->got_bytes += length; 1267 server->total_read += length; 1268 1269 cifs_dbg(FYI, "total_read=%u buflen=%u remaining=%u\n", 1270 server->total_read, buflen, data_len); 1271 1272 /* discard anything left over */ 1273 if (server->total_read < buflen) 1274 return cifs_readv_discard(server, mid); 1275 1276 dequeue_mid(mid, false); 1277 mid->resp_buf = server->smallbuf; 1278 server->smallbuf = NULL; 1279 return length; 1280 } 1281