xref: /linux/fs/smb/client/transport.c (revision 79997eda0d31bc68203c95ecb978773ee6ce7a1f)
1 // SPDX-License-Identifier: LGPL-2.1
2 /*
3  *
4  *   Copyright (C) International Business Machines  Corp., 2002,2008
5  *   Author(s): Steve French (sfrench@us.ibm.com)
6  *   Jeremy Allison (jra@samba.org) 2006.
7  *
8  */
9 
10 #include <linux/fs.h>
11 #include <linux/list.h>
12 #include <linux/gfp.h>
13 #include <linux/wait.h>
14 #include <linux/net.h>
15 #include <linux/delay.h>
16 #include <linux/freezer.h>
17 #include <linux/tcp.h>
18 #include <linux/bvec.h>
19 #include <linux/highmem.h>
20 #include <linux/uaccess.h>
21 #include <linux/processor.h>
22 #include <linux/mempool.h>
23 #include <linux/sched/signal.h>
24 #include <linux/task_io_accounting_ops.h>
25 #include "cifspdu.h"
26 #include "cifsglob.h"
27 #include "cifsproto.h"
28 #include "cifs_debug.h"
29 #include "smb2proto.h"
30 #include "smbdirect.h"
31 
32 /* Max number of iovectors we can use off the stack when sending requests. */
33 #define CIFS_MAX_IOV_SIZE 8
34 
35 void
36 cifs_wake_up_task(struct mid_q_entry *mid)
37 {
38 	if (mid->mid_state == MID_RESPONSE_RECEIVED)
39 		mid->mid_state = MID_RESPONSE_READY;
40 	wake_up_process(mid->callback_data);
41 }
42 
43 static struct mid_q_entry *
44 alloc_mid(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server)
45 {
46 	struct mid_q_entry *temp;
47 
48 	if (server == NULL) {
49 		cifs_dbg(VFS, "%s: null TCP session\n", __func__);
50 		return NULL;
51 	}
52 
53 	temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
54 	memset(temp, 0, sizeof(struct mid_q_entry));
55 	kref_init(&temp->refcount);
56 	temp->mid = get_mid(smb_buffer);
57 	temp->pid = current->pid;
58 	temp->command = cpu_to_le16(smb_buffer->Command);
59 	cifs_dbg(FYI, "For smb_command %d\n", smb_buffer->Command);
60 	/* easier to use jiffies */
61 	/* when mid allocated can be before when sent */
62 	temp->when_alloc = jiffies;
63 	temp->server = server;
64 
65 	/*
66 	 * The default is for the mid to be synchronous, so the
67 	 * default callback just wakes up the current task.
68 	 */
69 	get_task_struct(current);
70 	temp->creator = current;
71 	temp->callback = cifs_wake_up_task;
72 	temp->callback_data = current;
73 
74 	atomic_inc(&mid_count);
75 	temp->mid_state = MID_REQUEST_ALLOCATED;
76 	return temp;
77 }
78 
79 void __release_mid(struct kref *refcount)
80 {
81 	struct mid_q_entry *midEntry =
82 			container_of(refcount, struct mid_q_entry, refcount);
83 #ifdef CONFIG_CIFS_STATS2
84 	__le16 command = midEntry->server->vals->lock_cmd;
85 	__u16 smb_cmd = le16_to_cpu(midEntry->command);
86 	unsigned long now;
87 	unsigned long roundtrip_time;
88 #endif
89 	struct TCP_Server_Info *server = midEntry->server;
90 
91 	if (midEntry->resp_buf && (midEntry->mid_flags & MID_WAIT_CANCELLED) &&
92 	    (midEntry->mid_state == MID_RESPONSE_RECEIVED ||
93 	     midEntry->mid_state == MID_RESPONSE_READY) &&
94 	    server->ops->handle_cancelled_mid)
95 		server->ops->handle_cancelled_mid(midEntry, server);
96 
97 	midEntry->mid_state = MID_FREE;
98 	atomic_dec(&mid_count);
99 	if (midEntry->large_buf)
100 		cifs_buf_release(midEntry->resp_buf);
101 	else
102 		cifs_small_buf_release(midEntry->resp_buf);
103 #ifdef CONFIG_CIFS_STATS2
104 	now = jiffies;
105 	if (now < midEntry->when_alloc)
106 		cifs_server_dbg(VFS, "Invalid mid allocation time\n");
107 	roundtrip_time = now - midEntry->when_alloc;
108 
109 	if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) {
110 		if (atomic_read(&server->num_cmds[smb_cmd]) == 0) {
111 			server->slowest_cmd[smb_cmd] = roundtrip_time;
112 			server->fastest_cmd[smb_cmd] = roundtrip_time;
113 		} else {
114 			if (server->slowest_cmd[smb_cmd] < roundtrip_time)
115 				server->slowest_cmd[smb_cmd] = roundtrip_time;
116 			else if (server->fastest_cmd[smb_cmd] > roundtrip_time)
117 				server->fastest_cmd[smb_cmd] = roundtrip_time;
118 		}
119 		cifs_stats_inc(&server->num_cmds[smb_cmd]);
120 		server->time_per_cmd[smb_cmd] += roundtrip_time;
121 	}
122 	/*
123 	 * commands taking longer than one second (default) can be indications
124 	 * that something is wrong, unless it is quite a slow link or a very
125 	 * busy server. Note that this calc is unlikely or impossible to wrap
126 	 * as long as slow_rsp_threshold is not set way above recommended max
127 	 * value (32767 ie 9 hours) and is generally harmless even if wrong
128 	 * since only affects debug counters - so leaving the calc as simple
129 	 * comparison rather than doing multiple conversions and overflow
130 	 * checks
131 	 */
132 	if ((slow_rsp_threshold != 0) &&
133 	    time_after(now, midEntry->when_alloc + (slow_rsp_threshold * HZ)) &&
134 	    (midEntry->command != command)) {
135 		/*
136 		 * smb2slowcmd[NUMBER_OF_SMB2_COMMANDS] counts by command
137 		 * NB: le16_to_cpu returns unsigned so can not be negative below
138 		 */
139 		if (smb_cmd < NUMBER_OF_SMB2_COMMANDS)
140 			cifs_stats_inc(&server->smb2slowcmd[smb_cmd]);
141 
142 		trace_smb3_slow_rsp(smb_cmd, midEntry->mid, midEntry->pid,
143 			       midEntry->when_sent, midEntry->when_received);
144 		if (cifsFYI & CIFS_TIMER) {
145 			pr_debug("slow rsp: cmd %d mid %llu",
146 				 midEntry->command, midEntry->mid);
147 			cifs_info("A: 0x%lx S: 0x%lx R: 0x%lx\n",
148 				  now - midEntry->when_alloc,
149 				  now - midEntry->when_sent,
150 				  now - midEntry->when_received);
151 		}
152 	}
153 #endif
154 	put_task_struct(midEntry->creator);
155 
156 	mempool_free(midEntry, cifs_mid_poolp);
157 }
158 
159 void
160 delete_mid(struct mid_q_entry *mid)
161 {
162 	spin_lock(&mid->server->mid_lock);
163 	if (!(mid->mid_flags & MID_DELETED)) {
164 		list_del_init(&mid->qhead);
165 		mid->mid_flags |= MID_DELETED;
166 	}
167 	spin_unlock(&mid->server->mid_lock);
168 
169 	release_mid(mid);
170 }
171 
172 /*
173  * smb_send_kvec - send an array of kvecs to the server
174  * @server:	Server to send the data to
175  * @smb_msg:	Message to send
176  * @sent:	amount of data sent on socket is stored here
177  *
178  * Our basic "send data to server" function. Should be called with srv_mutex
179  * held. The caller is responsible for handling the results.
180  */
181 static int
182 smb_send_kvec(struct TCP_Server_Info *server, struct msghdr *smb_msg,
183 	      size_t *sent)
184 {
185 	int rc = 0;
186 	int retries = 0;
187 	struct socket *ssocket = server->ssocket;
188 
189 	*sent = 0;
190 
191 	if (server->noblocksnd)
192 		smb_msg->msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL;
193 	else
194 		smb_msg->msg_flags = MSG_NOSIGNAL;
195 
196 	while (msg_data_left(smb_msg)) {
197 		/*
198 		 * If blocking send, we try 3 times, since each can block
199 		 * for 5 seconds. For nonblocking  we have to try more
200 		 * but wait increasing amounts of time allowing time for
201 		 * socket to clear.  The overall time we wait in either
202 		 * case to send on the socket is about 15 seconds.
203 		 * Similarly we wait for 15 seconds for a response from
204 		 * the server in SendReceive[2] for the server to send
205 		 * a response back for most types of requests (except
206 		 * SMB Write past end of file which can be slow, and
207 		 * blocking lock operations). NFS waits slightly longer
208 		 * than CIFS, but this can make it take longer for
209 		 * nonresponsive servers to be detected and 15 seconds
210 		 * is more than enough time for modern networks to
211 		 * send a packet.  In most cases if we fail to send
212 		 * after the retries we will kill the socket and
213 		 * reconnect which may clear the network problem.
214 		 */
215 		rc = sock_sendmsg(ssocket, smb_msg);
216 		if (rc == -EAGAIN) {
217 			retries++;
218 			if (retries >= 14 ||
219 			    (!server->noblocksnd && (retries > 2))) {
220 				cifs_server_dbg(VFS, "sends on sock %p stuck for 15 seconds\n",
221 					 ssocket);
222 				return -EAGAIN;
223 			}
224 			msleep(1 << retries);
225 			continue;
226 		}
227 
228 		if (rc < 0)
229 			return rc;
230 
231 		if (rc == 0) {
232 			/* should never happen, letting socket clear before
233 			   retrying is our only obvious option here */
234 			cifs_server_dbg(VFS, "tcp sent no data\n");
235 			msleep(500);
236 			continue;
237 		}
238 
239 		/* send was at least partially successful */
240 		*sent += rc;
241 		retries = 0; /* in case we get ENOSPC on the next send */
242 	}
243 	return 0;
244 }
245 
246 unsigned long
247 smb_rqst_len(struct TCP_Server_Info *server, struct smb_rqst *rqst)
248 {
249 	unsigned int i;
250 	struct kvec *iov;
251 	int nvec;
252 	unsigned long buflen = 0;
253 
254 	if (!is_smb1(server) && rqst->rq_nvec >= 2 &&
255 	    rqst->rq_iov[0].iov_len == 4) {
256 		iov = &rqst->rq_iov[1];
257 		nvec = rqst->rq_nvec - 1;
258 	} else {
259 		iov = rqst->rq_iov;
260 		nvec = rqst->rq_nvec;
261 	}
262 
263 	/* total up iov array first */
264 	for (i = 0; i < nvec; i++)
265 		buflen += iov[i].iov_len;
266 
267 	buflen += iov_iter_count(&rqst->rq_iter);
268 	return buflen;
269 }
270 
271 static int
272 __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
273 		struct smb_rqst *rqst)
274 {
275 	int rc;
276 	struct kvec *iov;
277 	int n_vec;
278 	unsigned int send_length = 0;
279 	unsigned int i, j;
280 	sigset_t mask, oldmask;
281 	size_t total_len = 0, sent, size;
282 	struct socket *ssocket = server->ssocket;
283 	struct msghdr smb_msg = {};
284 	__be32 rfc1002_marker;
285 
286 	cifs_in_send_inc(server);
287 	if (cifs_rdma_enabled(server)) {
288 		/* return -EAGAIN when connecting or reconnecting */
289 		rc = -EAGAIN;
290 		if (server->smbd_conn)
291 			rc = smbd_send(server, num_rqst, rqst);
292 		goto smbd_done;
293 	}
294 
295 	rc = -EAGAIN;
296 	if (ssocket == NULL)
297 		goto out;
298 
299 	rc = -ERESTARTSYS;
300 	if (fatal_signal_pending(current)) {
301 		cifs_dbg(FYI, "signal pending before send request\n");
302 		goto out;
303 	}
304 
305 	rc = 0;
306 	/* cork the socket */
307 	tcp_sock_set_cork(ssocket->sk, true);
308 
309 	for (j = 0; j < num_rqst; j++)
310 		send_length += smb_rqst_len(server, &rqst[j]);
311 	rfc1002_marker = cpu_to_be32(send_length);
312 
313 	/*
314 	 * We should not allow signals to interrupt the network send because
315 	 * any partial send will cause session reconnects thus increasing
316 	 * latency of system calls and overload a server with unnecessary
317 	 * requests.
318 	 */
319 
320 	sigfillset(&mask);
321 	sigprocmask(SIG_BLOCK, &mask, &oldmask);
322 
323 	/* Generate a rfc1002 marker for SMB2+ */
324 	if (!is_smb1(server)) {
325 		struct kvec hiov = {
326 			.iov_base = &rfc1002_marker,
327 			.iov_len  = 4
328 		};
329 		iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, &hiov, 1, 4);
330 		rc = smb_send_kvec(server, &smb_msg, &sent);
331 		if (rc < 0)
332 			goto unmask;
333 
334 		total_len += sent;
335 		send_length += 4;
336 	}
337 
338 	cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length);
339 
340 	for (j = 0; j < num_rqst; j++) {
341 		iov = rqst[j].rq_iov;
342 		n_vec = rqst[j].rq_nvec;
343 
344 		size = 0;
345 		for (i = 0; i < n_vec; i++) {
346 			dump_smb(iov[i].iov_base, iov[i].iov_len);
347 			size += iov[i].iov_len;
348 		}
349 
350 		iov_iter_kvec(&smb_msg.msg_iter, ITER_SOURCE, iov, n_vec, size);
351 
352 		rc = smb_send_kvec(server, &smb_msg, &sent);
353 		if (rc < 0)
354 			goto unmask;
355 
356 		total_len += sent;
357 
358 		if (iov_iter_count(&rqst[j].rq_iter) > 0) {
359 			smb_msg.msg_iter = rqst[j].rq_iter;
360 			rc = smb_send_kvec(server, &smb_msg, &sent);
361 			if (rc < 0)
362 				break;
363 			total_len += sent;
364 		}
365 
366 }
367 
368 unmask:
369 	sigprocmask(SIG_SETMASK, &oldmask, NULL);
370 
371 	/*
372 	 * If signal is pending but we have already sent the whole packet to
373 	 * the server we need to return success status to allow a corresponding
374 	 * mid entry to be kept in the pending requests queue thus allowing
375 	 * to handle responses from the server by the client.
376 	 *
377 	 * If only part of the packet has been sent there is no need to hide
378 	 * interrupt because the session will be reconnected anyway, so there
379 	 * won't be any response from the server to handle.
380 	 */
381 
382 	if (signal_pending(current) && (total_len != send_length)) {
383 		cifs_dbg(FYI, "signal is pending after attempt to send\n");
384 		rc = -ERESTARTSYS;
385 	}
386 
387 	/* uncork it */
388 	tcp_sock_set_cork(ssocket->sk, false);
389 
390 	if ((total_len > 0) && (total_len != send_length)) {
391 		cifs_dbg(FYI, "partial send (wanted=%u sent=%zu): terminating session\n",
392 			 send_length, total_len);
393 		/*
394 		 * If we have only sent part of an SMB then the next SMB could
395 		 * be taken as the remainder of this one. We need to kill the
396 		 * socket so the server throws away the partial SMB
397 		 */
398 		cifs_signal_cifsd_for_reconnect(server, false);
399 		trace_smb3_partial_send_reconnect(server->CurrentMid,
400 						  server->conn_id, server->hostname);
401 	}
402 smbd_done:
403 	if (rc < 0 && rc != -EINTR)
404 		cifs_server_dbg(VFS, "Error %d sending data on socket to server\n",
405 			 rc);
406 	else if (rc > 0)
407 		rc = 0;
408 out:
409 	cifs_in_send_dec(server);
410 	return rc;
411 }
412 
413 struct send_req_vars {
414 	struct smb2_transform_hdr tr_hdr;
415 	struct smb_rqst rqst[MAX_COMPOUND];
416 	struct kvec iov;
417 };
418 
419 static int
420 smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
421 	      struct smb_rqst *rqst, int flags)
422 {
423 	struct send_req_vars *vars;
424 	struct smb_rqst *cur_rqst;
425 	struct kvec *iov;
426 	int rc;
427 
428 	if (!(flags & CIFS_TRANSFORM_REQ))
429 		return __smb_send_rqst(server, num_rqst, rqst);
430 
431 	if (num_rqst > MAX_COMPOUND - 1)
432 		return -ENOMEM;
433 
434 	if (!server->ops->init_transform_rq) {
435 		cifs_server_dbg(VFS, "Encryption requested but transform callback is missing\n");
436 		return -EIO;
437 	}
438 
439 	vars = kzalloc(sizeof(*vars), GFP_NOFS);
440 	if (!vars)
441 		return -ENOMEM;
442 	cur_rqst = vars->rqst;
443 	iov = &vars->iov;
444 
445 	iov->iov_base = &vars->tr_hdr;
446 	iov->iov_len = sizeof(vars->tr_hdr);
447 	cur_rqst[0].rq_iov = iov;
448 	cur_rqst[0].rq_nvec = 1;
449 
450 	rc = server->ops->init_transform_rq(server, num_rqst + 1,
451 					    &cur_rqst[0], rqst);
452 	if (rc)
453 		goto out;
454 
455 	rc = __smb_send_rqst(server, num_rqst + 1, &cur_rqst[0]);
456 	smb3_free_compound_rqst(num_rqst, &cur_rqst[1]);
457 out:
458 	kfree(vars);
459 	return rc;
460 }
461 
462 int
463 smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer,
464 	 unsigned int smb_buf_length)
465 {
466 	struct kvec iov[2];
467 	struct smb_rqst rqst = { .rq_iov = iov,
468 				 .rq_nvec = 2 };
469 
470 	iov[0].iov_base = smb_buffer;
471 	iov[0].iov_len = 4;
472 	iov[1].iov_base = (char *)smb_buffer + 4;
473 	iov[1].iov_len = smb_buf_length;
474 
475 	return __smb_send_rqst(server, 1, &rqst);
476 }
477 
478 static int
479 wait_for_free_credits(struct TCP_Server_Info *server, const int num_credits,
480 		      const int timeout, const int flags,
481 		      unsigned int *instance)
482 {
483 	long rc;
484 	int *credits;
485 	int optype;
486 	long int t;
487 	int scredits, in_flight;
488 
489 	if (timeout < 0)
490 		t = MAX_JIFFY_OFFSET;
491 	else
492 		t = msecs_to_jiffies(timeout);
493 
494 	optype = flags & CIFS_OP_MASK;
495 
496 	*instance = 0;
497 
498 	credits = server->ops->get_credits_field(server, optype);
499 	/* Since an echo is already inflight, no need to wait to send another */
500 	if (*credits <= 0 && optype == CIFS_ECHO_OP)
501 		return -EAGAIN;
502 
503 	spin_lock(&server->req_lock);
504 	if ((flags & CIFS_TIMEOUT_MASK) == CIFS_NON_BLOCKING) {
505 		/* oplock breaks must not be held up */
506 		server->in_flight++;
507 		if (server->in_flight > server->max_in_flight)
508 			server->max_in_flight = server->in_flight;
509 		*credits -= 1;
510 		*instance = server->reconnect_instance;
511 		scredits = *credits;
512 		in_flight = server->in_flight;
513 		spin_unlock(&server->req_lock);
514 
515 		trace_smb3_nblk_credits(server->CurrentMid,
516 				server->conn_id, server->hostname, scredits, -1, in_flight);
517 		cifs_dbg(FYI, "%s: remove %u credits total=%d\n",
518 				__func__, 1, scredits);
519 
520 		return 0;
521 	}
522 
523 	while (1) {
524 		spin_unlock(&server->req_lock);
525 
526 		spin_lock(&server->srv_lock);
527 		if (server->tcpStatus == CifsExiting) {
528 			spin_unlock(&server->srv_lock);
529 			return -ENOENT;
530 		}
531 		spin_unlock(&server->srv_lock);
532 
533 		spin_lock(&server->req_lock);
534 		if (*credits < num_credits) {
535 			scredits = *credits;
536 			spin_unlock(&server->req_lock);
537 
538 			cifs_num_waiters_inc(server);
539 			rc = wait_event_killable_timeout(server->request_q,
540 				has_credits(server, credits, num_credits), t);
541 			cifs_num_waiters_dec(server);
542 			if (!rc) {
543 				spin_lock(&server->req_lock);
544 				scredits = *credits;
545 				in_flight = server->in_flight;
546 				spin_unlock(&server->req_lock);
547 
548 				trace_smb3_credit_timeout(server->CurrentMid,
549 						server->conn_id, server->hostname, scredits,
550 						num_credits, in_flight);
551 				cifs_server_dbg(VFS, "wait timed out after %d ms\n",
552 						timeout);
553 				return -EBUSY;
554 			}
555 			if (rc == -ERESTARTSYS)
556 				return -ERESTARTSYS;
557 			spin_lock(&server->req_lock);
558 		} else {
559 			/*
560 			 * For normal commands, reserve the last MAX_COMPOUND
561 			 * credits to compound requests.
562 			 * Otherwise these compounds could be permanently
563 			 * starved for credits by single-credit requests.
564 			 *
565 			 * To prevent spinning CPU, block this thread until
566 			 * there are >MAX_COMPOUND credits available.
567 			 * But only do this is we already have a lot of
568 			 * credits in flight to avoid triggering this check
569 			 * for servers that are slow to hand out credits on
570 			 * new sessions.
571 			 */
572 			if (!optype && num_credits == 1 &&
573 			    server->in_flight > 2 * MAX_COMPOUND &&
574 			    *credits <= MAX_COMPOUND) {
575 				spin_unlock(&server->req_lock);
576 
577 				cifs_num_waiters_inc(server);
578 				rc = wait_event_killable_timeout(
579 					server->request_q,
580 					has_credits(server, credits,
581 						    MAX_COMPOUND + 1),
582 					t);
583 				cifs_num_waiters_dec(server);
584 				if (!rc) {
585 					spin_lock(&server->req_lock);
586 					scredits = *credits;
587 					in_flight = server->in_flight;
588 					spin_unlock(&server->req_lock);
589 
590 					trace_smb3_credit_timeout(
591 							server->CurrentMid,
592 							server->conn_id, server->hostname,
593 							scredits, num_credits, in_flight);
594 					cifs_server_dbg(VFS, "wait timed out after %d ms\n",
595 							timeout);
596 					return -EBUSY;
597 				}
598 				if (rc == -ERESTARTSYS)
599 					return -ERESTARTSYS;
600 				spin_lock(&server->req_lock);
601 				continue;
602 			}
603 
604 			/*
605 			 * Can not count locking commands against total
606 			 * as they are allowed to block on server.
607 			 */
608 
609 			/* update # of requests on the wire to server */
610 			if ((flags & CIFS_TIMEOUT_MASK) != CIFS_BLOCKING_OP) {
611 				*credits -= num_credits;
612 				server->in_flight += num_credits;
613 				if (server->in_flight > server->max_in_flight)
614 					server->max_in_flight = server->in_flight;
615 				*instance = server->reconnect_instance;
616 			}
617 			scredits = *credits;
618 			in_flight = server->in_flight;
619 			spin_unlock(&server->req_lock);
620 
621 			trace_smb3_waitff_credits(server->CurrentMid,
622 					server->conn_id, server->hostname, scredits,
623 					-(num_credits), in_flight);
624 			cifs_dbg(FYI, "%s: remove %u credits total=%d\n",
625 					__func__, num_credits, scredits);
626 			break;
627 		}
628 	}
629 	return 0;
630 }
631 
632 static int
633 wait_for_free_request(struct TCP_Server_Info *server, const int flags,
634 		      unsigned int *instance)
635 {
636 	return wait_for_free_credits(server, 1, -1, flags,
637 				     instance);
638 }
639 
640 static int
641 wait_for_compound_request(struct TCP_Server_Info *server, int num,
642 			  const int flags, unsigned int *instance)
643 {
644 	int *credits;
645 	int scredits, in_flight;
646 
647 	credits = server->ops->get_credits_field(server, flags & CIFS_OP_MASK);
648 
649 	spin_lock(&server->req_lock);
650 	scredits = *credits;
651 	in_flight = server->in_flight;
652 
653 	if (*credits < num) {
654 		/*
655 		 * If the server is tight on resources or just gives us less
656 		 * credits for other reasons (e.g. requests are coming out of
657 		 * order and the server delays granting more credits until it
658 		 * processes a missing mid) and we exhausted most available
659 		 * credits there may be situations when we try to send
660 		 * a compound request but we don't have enough credits. At this
661 		 * point the client needs to decide if it should wait for
662 		 * additional credits or fail the request. If at least one
663 		 * request is in flight there is a high probability that the
664 		 * server will return enough credits to satisfy this compound
665 		 * request.
666 		 *
667 		 * Return immediately if no requests in flight since we will be
668 		 * stuck on waiting for credits.
669 		 */
670 		if (server->in_flight == 0) {
671 			spin_unlock(&server->req_lock);
672 			trace_smb3_insufficient_credits(server->CurrentMid,
673 					server->conn_id, server->hostname, scredits,
674 					num, in_flight);
675 			cifs_dbg(FYI, "%s: %d requests in flight, needed %d total=%d\n",
676 					__func__, in_flight, num, scredits);
677 			return -EDEADLK;
678 		}
679 	}
680 	spin_unlock(&server->req_lock);
681 
682 	return wait_for_free_credits(server, num, 60000, flags,
683 				     instance);
684 }
685 
686 int
687 cifs_wait_mtu_credits(struct TCP_Server_Info *server, unsigned int size,
688 		      unsigned int *num, struct cifs_credits *credits)
689 {
690 	*num = size;
691 	credits->value = 0;
692 	credits->instance = server->reconnect_instance;
693 	return 0;
694 }
695 
696 static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf,
697 			struct mid_q_entry **ppmidQ)
698 {
699 	spin_lock(&ses->ses_lock);
700 	if (ses->ses_status == SES_NEW) {
701 		if ((in_buf->Command != SMB_COM_SESSION_SETUP_ANDX) &&
702 			(in_buf->Command != SMB_COM_NEGOTIATE)) {
703 			spin_unlock(&ses->ses_lock);
704 			return -EAGAIN;
705 		}
706 		/* else ok - we are setting up session */
707 	}
708 
709 	if (ses->ses_status == SES_EXITING) {
710 		/* check if SMB session is bad because we are setting it up */
711 		if (in_buf->Command != SMB_COM_LOGOFF_ANDX) {
712 			spin_unlock(&ses->ses_lock);
713 			return -EAGAIN;
714 		}
715 		/* else ok - we are shutting down session */
716 	}
717 	spin_unlock(&ses->ses_lock);
718 
719 	*ppmidQ = alloc_mid(in_buf, ses->server);
720 	if (*ppmidQ == NULL)
721 		return -ENOMEM;
722 	spin_lock(&ses->server->mid_lock);
723 	list_add_tail(&(*ppmidQ)->qhead, &ses->server->pending_mid_q);
724 	spin_unlock(&ses->server->mid_lock);
725 	return 0;
726 }
727 
728 static int
729 wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ)
730 {
731 	int error;
732 
733 	error = wait_event_state(server->response_q,
734 				 midQ->mid_state != MID_REQUEST_SUBMITTED &&
735 				 midQ->mid_state != MID_RESPONSE_RECEIVED,
736 				 (TASK_KILLABLE|TASK_FREEZABLE_UNSAFE));
737 	if (error < 0)
738 		return -ERESTARTSYS;
739 
740 	return 0;
741 }
742 
743 struct mid_q_entry *
744 cifs_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
745 {
746 	int rc;
747 	struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
748 	struct mid_q_entry *mid;
749 
750 	if (rqst->rq_iov[0].iov_len != 4 ||
751 	    rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
752 		return ERR_PTR(-EIO);
753 
754 	/* enable signing if server requires it */
755 	if (server->sign)
756 		hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
757 
758 	mid = alloc_mid(hdr, server);
759 	if (mid == NULL)
760 		return ERR_PTR(-ENOMEM);
761 
762 	rc = cifs_sign_rqst(rqst, server, &mid->sequence_number);
763 	if (rc) {
764 		release_mid(mid);
765 		return ERR_PTR(rc);
766 	}
767 
768 	return mid;
769 }
770 
771 /*
772  * Send a SMB request and set the callback function in the mid to handle
773  * the result. Caller is responsible for dealing with timeouts.
774  */
775 int
776 cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst,
777 		mid_receive_t *receive, mid_callback_t *callback,
778 		mid_handle_t *handle, void *cbdata, const int flags,
779 		const struct cifs_credits *exist_credits)
780 {
781 	int rc;
782 	struct mid_q_entry *mid;
783 	struct cifs_credits credits = { .value = 0, .instance = 0 };
784 	unsigned int instance;
785 	int optype;
786 
787 	optype = flags & CIFS_OP_MASK;
788 
789 	if ((flags & CIFS_HAS_CREDITS) == 0) {
790 		rc = wait_for_free_request(server, flags, &instance);
791 		if (rc)
792 			return rc;
793 		credits.value = 1;
794 		credits.instance = instance;
795 	} else
796 		instance = exist_credits->instance;
797 
798 	cifs_server_lock(server);
799 
800 	/*
801 	 * We can't use credits obtained from the previous session to send this
802 	 * request. Check if there were reconnects after we obtained credits and
803 	 * return -EAGAIN in such cases to let callers handle it.
804 	 */
805 	if (instance != server->reconnect_instance) {
806 		cifs_server_unlock(server);
807 		add_credits_and_wake_if(server, &credits, optype);
808 		return -EAGAIN;
809 	}
810 
811 	mid = server->ops->setup_async_request(server, rqst);
812 	if (IS_ERR(mid)) {
813 		cifs_server_unlock(server);
814 		add_credits_and_wake_if(server, &credits, optype);
815 		return PTR_ERR(mid);
816 	}
817 
818 	mid->receive = receive;
819 	mid->callback = callback;
820 	mid->callback_data = cbdata;
821 	mid->handle = handle;
822 	mid->mid_state = MID_REQUEST_SUBMITTED;
823 
824 	/* put it on the pending_mid_q */
825 	spin_lock(&server->mid_lock);
826 	list_add_tail(&mid->qhead, &server->pending_mid_q);
827 	spin_unlock(&server->mid_lock);
828 
829 	/*
830 	 * Need to store the time in mid before calling I/O. For call_async,
831 	 * I/O response may come back and free the mid entry on another thread.
832 	 */
833 	cifs_save_when_sent(mid);
834 	rc = smb_send_rqst(server, 1, rqst, flags);
835 
836 	if (rc < 0) {
837 		revert_current_mid(server, mid->credits);
838 		server->sequence_number -= 2;
839 		delete_mid(mid);
840 	}
841 
842 	cifs_server_unlock(server);
843 
844 	if (rc == 0)
845 		return 0;
846 
847 	add_credits_and_wake_if(server, &credits, optype);
848 	return rc;
849 }
850 
851 /*
852  *
853  * Send an SMB Request.  No response info (other than return code)
854  * needs to be parsed.
855  *
856  * flags indicate the type of request buffer and how long to wait
857  * and whether to log NT STATUS code (error) before mapping it to POSIX error
858  *
859  */
860 int
861 SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses,
862 		 char *in_buf, int flags)
863 {
864 	int rc;
865 	struct kvec iov[1];
866 	struct kvec rsp_iov;
867 	int resp_buf_type;
868 
869 	iov[0].iov_base = in_buf;
870 	iov[0].iov_len = get_rfc1002_length(in_buf) + 4;
871 	flags |= CIFS_NO_RSP_BUF;
872 	rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags, &rsp_iov);
873 	cifs_dbg(NOISY, "SendRcvNoRsp flags %d rc %d\n", flags, rc);
874 
875 	return rc;
876 }
877 
878 static int
879 cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server)
880 {
881 	int rc = 0;
882 
883 	cifs_dbg(FYI, "%s: cmd=%d mid=%llu state=%d\n",
884 		 __func__, le16_to_cpu(mid->command), mid->mid, mid->mid_state);
885 
886 	spin_lock(&server->mid_lock);
887 	switch (mid->mid_state) {
888 	case MID_RESPONSE_READY:
889 		spin_unlock(&server->mid_lock);
890 		return rc;
891 	case MID_RETRY_NEEDED:
892 		rc = -EAGAIN;
893 		break;
894 	case MID_RESPONSE_MALFORMED:
895 		rc = -EIO;
896 		break;
897 	case MID_SHUTDOWN:
898 		rc = -EHOSTDOWN;
899 		break;
900 	default:
901 		if (!(mid->mid_flags & MID_DELETED)) {
902 			list_del_init(&mid->qhead);
903 			mid->mid_flags |= MID_DELETED;
904 		}
905 		cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n",
906 			 __func__, mid->mid, mid->mid_state);
907 		rc = -EIO;
908 	}
909 	spin_unlock(&server->mid_lock);
910 
911 	release_mid(mid);
912 	return rc;
913 }
914 
915 static inline int
916 send_cancel(struct TCP_Server_Info *server, struct smb_rqst *rqst,
917 	    struct mid_q_entry *mid)
918 {
919 	return server->ops->send_cancel ?
920 				server->ops->send_cancel(server, rqst, mid) : 0;
921 }
922 
923 int
924 cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
925 		   bool log_error)
926 {
927 	unsigned int len = get_rfc1002_length(mid->resp_buf) + 4;
928 
929 	dump_smb(mid->resp_buf, min_t(u32, 92, len));
930 
931 	/* convert the length into a more usable form */
932 	if (server->sign) {
933 		struct kvec iov[2];
934 		int rc = 0;
935 		struct smb_rqst rqst = { .rq_iov = iov,
936 					 .rq_nvec = 2 };
937 
938 		iov[0].iov_base = mid->resp_buf;
939 		iov[0].iov_len = 4;
940 		iov[1].iov_base = (char *)mid->resp_buf + 4;
941 		iov[1].iov_len = len - 4;
942 		/* FIXME: add code to kill session */
943 		rc = cifs_verify_signature(&rqst, server,
944 					   mid->sequence_number);
945 		if (rc)
946 			cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n",
947 				 rc);
948 	}
949 
950 	/* BB special case reconnect tid and uid here? */
951 	return map_and_check_smb_error(mid, log_error);
952 }
953 
954 struct mid_q_entry *
955 cifs_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *ignored,
956 		   struct smb_rqst *rqst)
957 {
958 	int rc;
959 	struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
960 	struct mid_q_entry *mid;
961 
962 	if (rqst->rq_iov[0].iov_len != 4 ||
963 	    rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
964 		return ERR_PTR(-EIO);
965 
966 	rc = allocate_mid(ses, hdr, &mid);
967 	if (rc)
968 		return ERR_PTR(rc);
969 	rc = cifs_sign_rqst(rqst, ses->server, &mid->sequence_number);
970 	if (rc) {
971 		delete_mid(mid);
972 		return ERR_PTR(rc);
973 	}
974 	return mid;
975 }
976 
977 static void
978 cifs_compound_callback(struct mid_q_entry *mid)
979 {
980 	struct TCP_Server_Info *server = mid->server;
981 	struct cifs_credits credits;
982 
983 	credits.value = server->ops->get_credits(mid);
984 	credits.instance = server->reconnect_instance;
985 
986 	add_credits(server, &credits, mid->optype);
987 
988 	if (mid->mid_state == MID_RESPONSE_RECEIVED)
989 		mid->mid_state = MID_RESPONSE_READY;
990 }
991 
992 static void
993 cifs_compound_last_callback(struct mid_q_entry *mid)
994 {
995 	cifs_compound_callback(mid);
996 	cifs_wake_up_task(mid);
997 }
998 
999 static void
1000 cifs_cancelled_callback(struct mid_q_entry *mid)
1001 {
1002 	cifs_compound_callback(mid);
1003 	release_mid(mid);
1004 }
1005 
1006 /*
1007  * Return a channel (master if none) of @ses that can be used to send
1008  * regular requests.
1009  *
1010  * If we are currently binding a new channel (negprot/sess.setup),
1011  * return the new incomplete channel.
1012  */
1013 struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses)
1014 {
1015 	uint index = 0;
1016 	unsigned int min_in_flight = UINT_MAX, max_in_flight = 0;
1017 	struct TCP_Server_Info *server = NULL;
1018 	int i;
1019 
1020 	if (!ses)
1021 		return NULL;
1022 
1023 	spin_lock(&ses->chan_lock);
1024 	for (i = 0; i < ses->chan_count; i++) {
1025 		server = ses->chans[i].server;
1026 		if (!server || server->terminate)
1027 			continue;
1028 
1029 		/*
1030 		 * strictly speaking, we should pick up req_lock to read
1031 		 * server->in_flight. But it shouldn't matter much here if we
1032 		 * race while reading this data. The worst that can happen is
1033 		 * that we could use a channel that's not least loaded. Avoiding
1034 		 * taking the lock could help reduce wait time, which is
1035 		 * important for this function
1036 		 */
1037 		if (server->in_flight < min_in_flight) {
1038 			min_in_flight = server->in_flight;
1039 			index = i;
1040 		}
1041 		if (server->in_flight > max_in_flight)
1042 			max_in_flight = server->in_flight;
1043 	}
1044 
1045 	/* if all channels are equally loaded, fall back to round-robin */
1046 	if (min_in_flight == max_in_flight) {
1047 		index = (uint)atomic_inc_return(&ses->chan_seq);
1048 		index %= ses->chan_count;
1049 	}
1050 	spin_unlock(&ses->chan_lock);
1051 
1052 	return ses->chans[index].server;
1053 }
1054 
1055 int
1056 compound_send_recv(const unsigned int xid, struct cifs_ses *ses,
1057 		   struct TCP_Server_Info *server,
1058 		   const int flags, const int num_rqst, struct smb_rqst *rqst,
1059 		   int *resp_buf_type, struct kvec *resp_iov)
1060 {
1061 	int i, j, optype, rc = 0;
1062 	struct mid_q_entry *midQ[MAX_COMPOUND];
1063 	bool cancelled_mid[MAX_COMPOUND] = {false};
1064 	struct cifs_credits credits[MAX_COMPOUND] = {
1065 		{ .value = 0, .instance = 0 }
1066 	};
1067 	unsigned int instance;
1068 	char *buf;
1069 
1070 	optype = flags & CIFS_OP_MASK;
1071 
1072 	for (i = 0; i < num_rqst; i++)
1073 		resp_buf_type[i] = CIFS_NO_BUFFER;  /* no response buf yet */
1074 
1075 	if (!ses || !ses->server || !server) {
1076 		cifs_dbg(VFS, "Null session\n");
1077 		return -EIO;
1078 	}
1079 
1080 	spin_lock(&server->srv_lock);
1081 	if (server->tcpStatus == CifsExiting) {
1082 		spin_unlock(&server->srv_lock);
1083 		return -ENOENT;
1084 	}
1085 	spin_unlock(&server->srv_lock);
1086 
1087 	/*
1088 	 * Wait for all the requests to become available.
1089 	 * This approach still leaves the possibility to be stuck waiting for
1090 	 * credits if the server doesn't grant credits to the outstanding
1091 	 * requests and if the client is completely idle, not generating any
1092 	 * other requests.
1093 	 * This can be handled by the eventual session reconnect.
1094 	 */
1095 	rc = wait_for_compound_request(server, num_rqst, flags,
1096 				       &instance);
1097 	if (rc)
1098 		return rc;
1099 
1100 	for (i = 0; i < num_rqst; i++) {
1101 		credits[i].value = 1;
1102 		credits[i].instance = instance;
1103 	}
1104 
1105 	/*
1106 	 * Make sure that we sign in the same order that we send on this socket
1107 	 * and avoid races inside tcp sendmsg code that could cause corruption
1108 	 * of smb data.
1109 	 */
1110 
1111 	cifs_server_lock(server);
1112 
1113 	/*
1114 	 * All the parts of the compound chain belong obtained credits from the
1115 	 * same session. We can not use credits obtained from the previous
1116 	 * session to send this request. Check if there were reconnects after
1117 	 * we obtained credits and return -EAGAIN in such cases to let callers
1118 	 * handle it.
1119 	 */
1120 	if (instance != server->reconnect_instance) {
1121 		cifs_server_unlock(server);
1122 		for (j = 0; j < num_rqst; j++)
1123 			add_credits(server, &credits[j], optype);
1124 		return -EAGAIN;
1125 	}
1126 
1127 	for (i = 0; i < num_rqst; i++) {
1128 		midQ[i] = server->ops->setup_request(ses, server, &rqst[i]);
1129 		if (IS_ERR(midQ[i])) {
1130 			revert_current_mid(server, i);
1131 			for (j = 0; j < i; j++)
1132 				delete_mid(midQ[j]);
1133 			cifs_server_unlock(server);
1134 
1135 			/* Update # of requests on wire to server */
1136 			for (j = 0; j < num_rqst; j++)
1137 				add_credits(server, &credits[j], optype);
1138 			return PTR_ERR(midQ[i]);
1139 		}
1140 
1141 		midQ[i]->mid_state = MID_REQUEST_SUBMITTED;
1142 		midQ[i]->optype = optype;
1143 		/*
1144 		 * Invoke callback for every part of the compound chain
1145 		 * to calculate credits properly. Wake up this thread only when
1146 		 * the last element is received.
1147 		 */
1148 		if (i < num_rqst - 1)
1149 			midQ[i]->callback = cifs_compound_callback;
1150 		else
1151 			midQ[i]->callback = cifs_compound_last_callback;
1152 	}
1153 	rc = smb_send_rqst(server, num_rqst, rqst, flags);
1154 
1155 	for (i = 0; i < num_rqst; i++)
1156 		cifs_save_when_sent(midQ[i]);
1157 
1158 	if (rc < 0) {
1159 		revert_current_mid(server, num_rqst);
1160 		server->sequence_number -= 2;
1161 	}
1162 
1163 	cifs_server_unlock(server);
1164 
1165 	/*
1166 	 * If sending failed for some reason or it is an oplock break that we
1167 	 * will not receive a response to - return credits back
1168 	 */
1169 	if (rc < 0 || (flags & CIFS_NO_SRV_RSP)) {
1170 		for (i = 0; i < num_rqst; i++)
1171 			add_credits(server, &credits[i], optype);
1172 		goto out;
1173 	}
1174 
1175 	/*
1176 	 * At this point the request is passed to the network stack - we assume
1177 	 * that any credits taken from the server structure on the client have
1178 	 * been spent and we can't return them back. Once we receive responses
1179 	 * we will collect credits granted by the server in the mid callbacks
1180 	 * and add those credits to the server structure.
1181 	 */
1182 
1183 	/*
1184 	 * Compounding is never used during session establish.
1185 	 */
1186 	spin_lock(&ses->ses_lock);
1187 	if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) {
1188 		spin_unlock(&ses->ses_lock);
1189 
1190 		cifs_server_lock(server);
1191 		smb311_update_preauth_hash(ses, server, rqst[0].rq_iov, rqst[0].rq_nvec);
1192 		cifs_server_unlock(server);
1193 
1194 		spin_lock(&ses->ses_lock);
1195 	}
1196 	spin_unlock(&ses->ses_lock);
1197 
1198 	for (i = 0; i < num_rqst; i++) {
1199 		rc = wait_for_response(server, midQ[i]);
1200 		if (rc != 0)
1201 			break;
1202 	}
1203 	if (rc != 0) {
1204 		for (; i < num_rqst; i++) {
1205 			cifs_server_dbg(FYI, "Cancelling wait for mid %llu cmd: %d\n",
1206 				 midQ[i]->mid, le16_to_cpu(midQ[i]->command));
1207 			send_cancel(server, &rqst[i], midQ[i]);
1208 			spin_lock(&server->mid_lock);
1209 			midQ[i]->mid_flags |= MID_WAIT_CANCELLED;
1210 			if (midQ[i]->mid_state == MID_REQUEST_SUBMITTED ||
1211 			    midQ[i]->mid_state == MID_RESPONSE_RECEIVED) {
1212 				midQ[i]->callback = cifs_cancelled_callback;
1213 				cancelled_mid[i] = true;
1214 				credits[i].value = 0;
1215 			}
1216 			spin_unlock(&server->mid_lock);
1217 		}
1218 	}
1219 
1220 	for (i = 0; i < num_rqst; i++) {
1221 		if (rc < 0)
1222 			goto out;
1223 
1224 		rc = cifs_sync_mid_result(midQ[i], server);
1225 		if (rc != 0) {
1226 			/* mark this mid as cancelled to not free it below */
1227 			cancelled_mid[i] = true;
1228 			goto out;
1229 		}
1230 
1231 		if (!midQ[i]->resp_buf ||
1232 		    midQ[i]->mid_state != MID_RESPONSE_READY) {
1233 			rc = -EIO;
1234 			cifs_dbg(FYI, "Bad MID state?\n");
1235 			goto out;
1236 		}
1237 
1238 		buf = (char *)midQ[i]->resp_buf;
1239 		resp_iov[i].iov_base = buf;
1240 		resp_iov[i].iov_len = midQ[i]->resp_buf_size +
1241 			HEADER_PREAMBLE_SIZE(server);
1242 
1243 		if (midQ[i]->large_buf)
1244 			resp_buf_type[i] = CIFS_LARGE_BUFFER;
1245 		else
1246 			resp_buf_type[i] = CIFS_SMALL_BUFFER;
1247 
1248 		rc = server->ops->check_receive(midQ[i], server,
1249 						     flags & CIFS_LOG_ERROR);
1250 
1251 		/* mark it so buf will not be freed by delete_mid */
1252 		if ((flags & CIFS_NO_RSP_BUF) == 0)
1253 			midQ[i]->resp_buf = NULL;
1254 
1255 	}
1256 
1257 	/*
1258 	 * Compounding is never used during session establish.
1259 	 */
1260 	spin_lock(&ses->ses_lock);
1261 	if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) {
1262 		struct kvec iov = {
1263 			.iov_base = resp_iov[0].iov_base,
1264 			.iov_len = resp_iov[0].iov_len
1265 		};
1266 		spin_unlock(&ses->ses_lock);
1267 		cifs_server_lock(server);
1268 		smb311_update_preauth_hash(ses, server, &iov, 1);
1269 		cifs_server_unlock(server);
1270 		spin_lock(&ses->ses_lock);
1271 	}
1272 	spin_unlock(&ses->ses_lock);
1273 
1274 out:
1275 	/*
1276 	 * This will dequeue all mids. After this it is important that the
1277 	 * demultiplex_thread will not process any of these mids any futher.
1278 	 * This is prevented above by using a noop callback that will not
1279 	 * wake this thread except for the very last PDU.
1280 	 */
1281 	for (i = 0; i < num_rqst; i++) {
1282 		if (!cancelled_mid[i])
1283 			delete_mid(midQ[i]);
1284 	}
1285 
1286 	return rc;
1287 }
1288 
1289 int
1290 cifs_send_recv(const unsigned int xid, struct cifs_ses *ses,
1291 	       struct TCP_Server_Info *server,
1292 	       struct smb_rqst *rqst, int *resp_buf_type, const int flags,
1293 	       struct kvec *resp_iov)
1294 {
1295 	return compound_send_recv(xid, ses, server, flags, 1,
1296 				  rqst, resp_buf_type, resp_iov);
1297 }
1298 
1299 int
1300 SendReceive2(const unsigned int xid, struct cifs_ses *ses,
1301 	     struct kvec *iov, int n_vec, int *resp_buf_type /* ret */,
1302 	     const int flags, struct kvec *resp_iov)
1303 {
1304 	struct smb_rqst rqst;
1305 	struct kvec s_iov[CIFS_MAX_IOV_SIZE], *new_iov;
1306 	int rc;
1307 
1308 	if (n_vec + 1 > CIFS_MAX_IOV_SIZE) {
1309 		new_iov = kmalloc_array(n_vec + 1, sizeof(struct kvec),
1310 					GFP_KERNEL);
1311 		if (!new_iov) {
1312 			/* otherwise cifs_send_recv below sets resp_buf_type */
1313 			*resp_buf_type = CIFS_NO_BUFFER;
1314 			return -ENOMEM;
1315 		}
1316 	} else
1317 		new_iov = s_iov;
1318 
1319 	/* 1st iov is a RFC1001 length followed by the rest of the packet */
1320 	memcpy(new_iov + 1, iov, (sizeof(struct kvec) * n_vec));
1321 
1322 	new_iov[0].iov_base = new_iov[1].iov_base;
1323 	new_iov[0].iov_len = 4;
1324 	new_iov[1].iov_base += 4;
1325 	new_iov[1].iov_len -= 4;
1326 
1327 	memset(&rqst, 0, sizeof(struct smb_rqst));
1328 	rqst.rq_iov = new_iov;
1329 	rqst.rq_nvec = n_vec + 1;
1330 
1331 	rc = cifs_send_recv(xid, ses, ses->server,
1332 			    &rqst, resp_buf_type, flags, resp_iov);
1333 	if (n_vec + 1 > CIFS_MAX_IOV_SIZE)
1334 		kfree(new_iov);
1335 	return rc;
1336 }
1337 
1338 int
1339 SendReceive(const unsigned int xid, struct cifs_ses *ses,
1340 	    struct smb_hdr *in_buf, struct smb_hdr *out_buf,
1341 	    int *pbytes_returned, const int flags)
1342 {
1343 	int rc = 0;
1344 	struct mid_q_entry *midQ;
1345 	unsigned int len = be32_to_cpu(in_buf->smb_buf_length);
1346 	struct kvec iov = { .iov_base = in_buf, .iov_len = len };
1347 	struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 };
1348 	struct cifs_credits credits = { .value = 1, .instance = 0 };
1349 	struct TCP_Server_Info *server;
1350 
1351 	if (ses == NULL) {
1352 		cifs_dbg(VFS, "Null smb session\n");
1353 		return -EIO;
1354 	}
1355 	server = ses->server;
1356 	if (server == NULL) {
1357 		cifs_dbg(VFS, "Null tcp session\n");
1358 		return -EIO;
1359 	}
1360 
1361 	spin_lock(&server->srv_lock);
1362 	if (server->tcpStatus == CifsExiting) {
1363 		spin_unlock(&server->srv_lock);
1364 		return -ENOENT;
1365 	}
1366 	spin_unlock(&server->srv_lock);
1367 
1368 	/* Ensure that we do not send more than 50 overlapping requests
1369 	   to the same server. We may make this configurable later or
1370 	   use ses->maxReq */
1371 
1372 	if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
1373 		cifs_server_dbg(VFS, "Invalid length, greater than maximum frame, %d\n",
1374 				len);
1375 		return -EIO;
1376 	}
1377 
1378 	rc = wait_for_free_request(server, flags, &credits.instance);
1379 	if (rc)
1380 		return rc;
1381 
1382 	/* make sure that we sign in the same order that we send on this socket
1383 	   and avoid races inside tcp sendmsg code that could cause corruption
1384 	   of smb data */
1385 
1386 	cifs_server_lock(server);
1387 
1388 	rc = allocate_mid(ses, in_buf, &midQ);
1389 	if (rc) {
1390 		cifs_server_unlock(server);
1391 		/* Update # of requests on wire to server */
1392 		add_credits(server, &credits, 0);
1393 		return rc;
1394 	}
1395 
1396 	rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number);
1397 	if (rc) {
1398 		cifs_server_unlock(server);
1399 		goto out;
1400 	}
1401 
1402 	midQ->mid_state = MID_REQUEST_SUBMITTED;
1403 
1404 	rc = smb_send(server, in_buf, len);
1405 	cifs_save_when_sent(midQ);
1406 
1407 	if (rc < 0)
1408 		server->sequence_number -= 2;
1409 
1410 	cifs_server_unlock(server);
1411 
1412 	if (rc < 0)
1413 		goto out;
1414 
1415 	rc = wait_for_response(server, midQ);
1416 	if (rc != 0) {
1417 		send_cancel(server, &rqst, midQ);
1418 		spin_lock(&server->mid_lock);
1419 		if (midQ->mid_state == MID_REQUEST_SUBMITTED ||
1420 		    midQ->mid_state == MID_RESPONSE_RECEIVED) {
1421 			/* no longer considered to be "in-flight" */
1422 			midQ->callback = release_mid;
1423 			spin_unlock(&server->mid_lock);
1424 			add_credits(server, &credits, 0);
1425 			return rc;
1426 		}
1427 		spin_unlock(&server->mid_lock);
1428 	}
1429 
1430 	rc = cifs_sync_mid_result(midQ, server);
1431 	if (rc != 0) {
1432 		add_credits(server, &credits, 0);
1433 		return rc;
1434 	}
1435 
1436 	if (!midQ->resp_buf || !out_buf ||
1437 	    midQ->mid_state != MID_RESPONSE_READY) {
1438 		rc = -EIO;
1439 		cifs_server_dbg(VFS, "Bad MID state?\n");
1440 		goto out;
1441 	}
1442 
1443 	*pbytes_returned = get_rfc1002_length(midQ->resp_buf);
1444 	memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1445 	rc = cifs_check_receive(midQ, server, 0);
1446 out:
1447 	delete_mid(midQ);
1448 	add_credits(server, &credits, 0);
1449 
1450 	return rc;
1451 }
1452 
1453 /* We send a LOCKINGX_CANCEL_LOCK to cause the Windows
1454    blocking lock to return. */
1455 
1456 static int
1457 send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon,
1458 			struct smb_hdr *in_buf,
1459 			struct smb_hdr *out_buf)
1460 {
1461 	int bytes_returned;
1462 	struct cifs_ses *ses = tcon->ses;
1463 	LOCK_REQ *pSMB = (LOCK_REQ *)in_buf;
1464 
1465 	/* We just modify the current in_buf to change
1466 	   the type of lock from LOCKING_ANDX_SHARED_LOCK
1467 	   or LOCKING_ANDX_EXCLUSIVE_LOCK to
1468 	   LOCKING_ANDX_CANCEL_LOCK. */
1469 
1470 	pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES;
1471 	pSMB->Timeout = 0;
1472 	pSMB->hdr.Mid = get_next_mid(ses->server);
1473 
1474 	return SendReceive(xid, ses, in_buf, out_buf,
1475 			&bytes_returned, 0);
1476 }
1477 
1478 int
1479 SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon,
1480 	    struct smb_hdr *in_buf, struct smb_hdr *out_buf,
1481 	    int *pbytes_returned)
1482 {
1483 	int rc = 0;
1484 	int rstart = 0;
1485 	struct mid_q_entry *midQ;
1486 	struct cifs_ses *ses;
1487 	unsigned int len = be32_to_cpu(in_buf->smb_buf_length);
1488 	struct kvec iov = { .iov_base = in_buf, .iov_len = len };
1489 	struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 };
1490 	unsigned int instance;
1491 	struct TCP_Server_Info *server;
1492 
1493 	if (tcon == NULL || tcon->ses == NULL) {
1494 		cifs_dbg(VFS, "Null smb session\n");
1495 		return -EIO;
1496 	}
1497 	ses = tcon->ses;
1498 	server = ses->server;
1499 
1500 	if (server == NULL) {
1501 		cifs_dbg(VFS, "Null tcp session\n");
1502 		return -EIO;
1503 	}
1504 
1505 	spin_lock(&server->srv_lock);
1506 	if (server->tcpStatus == CifsExiting) {
1507 		spin_unlock(&server->srv_lock);
1508 		return -ENOENT;
1509 	}
1510 	spin_unlock(&server->srv_lock);
1511 
1512 	/* Ensure that we do not send more than 50 overlapping requests
1513 	   to the same server. We may make this configurable later or
1514 	   use ses->maxReq */
1515 
1516 	if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
1517 		cifs_tcon_dbg(VFS, "Invalid length, greater than maximum frame, %d\n",
1518 			      len);
1519 		return -EIO;
1520 	}
1521 
1522 	rc = wait_for_free_request(server, CIFS_BLOCKING_OP, &instance);
1523 	if (rc)
1524 		return rc;
1525 
1526 	/* make sure that we sign in the same order that we send on this socket
1527 	   and avoid races inside tcp sendmsg code that could cause corruption
1528 	   of smb data */
1529 
1530 	cifs_server_lock(server);
1531 
1532 	rc = allocate_mid(ses, in_buf, &midQ);
1533 	if (rc) {
1534 		cifs_server_unlock(server);
1535 		return rc;
1536 	}
1537 
1538 	rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number);
1539 	if (rc) {
1540 		delete_mid(midQ);
1541 		cifs_server_unlock(server);
1542 		return rc;
1543 	}
1544 
1545 	midQ->mid_state = MID_REQUEST_SUBMITTED;
1546 	rc = smb_send(server, in_buf, len);
1547 	cifs_save_when_sent(midQ);
1548 
1549 	if (rc < 0)
1550 		server->sequence_number -= 2;
1551 
1552 	cifs_server_unlock(server);
1553 
1554 	if (rc < 0) {
1555 		delete_mid(midQ);
1556 		return rc;
1557 	}
1558 
1559 	/* Wait for a reply - allow signals to interrupt. */
1560 	rc = wait_event_interruptible(server->response_q,
1561 		(!(midQ->mid_state == MID_REQUEST_SUBMITTED ||
1562 		   midQ->mid_state == MID_RESPONSE_RECEIVED)) ||
1563 		((server->tcpStatus != CifsGood) &&
1564 		 (server->tcpStatus != CifsNew)));
1565 
1566 	/* Were we interrupted by a signal ? */
1567 	spin_lock(&server->srv_lock);
1568 	if ((rc == -ERESTARTSYS) &&
1569 		(midQ->mid_state == MID_REQUEST_SUBMITTED ||
1570 		 midQ->mid_state == MID_RESPONSE_RECEIVED) &&
1571 		((server->tcpStatus == CifsGood) ||
1572 		 (server->tcpStatus == CifsNew))) {
1573 		spin_unlock(&server->srv_lock);
1574 
1575 		if (in_buf->Command == SMB_COM_TRANSACTION2) {
1576 			/* POSIX lock. We send a NT_CANCEL SMB to cause the
1577 			   blocking lock to return. */
1578 			rc = send_cancel(server, &rqst, midQ);
1579 			if (rc) {
1580 				delete_mid(midQ);
1581 				return rc;
1582 			}
1583 		} else {
1584 			/* Windows lock. We send a LOCKINGX_CANCEL_LOCK
1585 			   to cause the blocking lock to return. */
1586 
1587 			rc = send_lock_cancel(xid, tcon, in_buf, out_buf);
1588 
1589 			/* If we get -ENOLCK back the lock may have
1590 			   already been removed. Don't exit in this case. */
1591 			if (rc && rc != -ENOLCK) {
1592 				delete_mid(midQ);
1593 				return rc;
1594 			}
1595 		}
1596 
1597 		rc = wait_for_response(server, midQ);
1598 		if (rc) {
1599 			send_cancel(server, &rqst, midQ);
1600 			spin_lock(&server->mid_lock);
1601 			if (midQ->mid_state == MID_REQUEST_SUBMITTED ||
1602 			    midQ->mid_state == MID_RESPONSE_RECEIVED) {
1603 				/* no longer considered to be "in-flight" */
1604 				midQ->callback = release_mid;
1605 				spin_unlock(&server->mid_lock);
1606 				return rc;
1607 			}
1608 			spin_unlock(&server->mid_lock);
1609 		}
1610 
1611 		/* We got the response - restart system call. */
1612 		rstart = 1;
1613 		spin_lock(&server->srv_lock);
1614 	}
1615 	spin_unlock(&server->srv_lock);
1616 
1617 	rc = cifs_sync_mid_result(midQ, server);
1618 	if (rc != 0)
1619 		return rc;
1620 
1621 	/* rcvd frame is ok */
1622 	if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_READY) {
1623 		rc = -EIO;
1624 		cifs_tcon_dbg(VFS, "Bad MID state?\n");
1625 		goto out;
1626 	}
1627 
1628 	*pbytes_returned = get_rfc1002_length(midQ->resp_buf);
1629 	memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1630 	rc = cifs_check_receive(midQ, server, 0);
1631 out:
1632 	delete_mid(midQ);
1633 	if (rstart && rc == -EACCES)
1634 		return -ERESTARTSYS;
1635 	return rc;
1636 }
1637 
1638 /*
1639  * Discard any remaining data in the current SMB. To do this, we borrow the
1640  * current bigbuf.
1641  */
1642 int
1643 cifs_discard_remaining_data(struct TCP_Server_Info *server)
1644 {
1645 	unsigned int rfclen = server->pdu_size;
1646 	size_t remaining = rfclen + HEADER_PREAMBLE_SIZE(server) -
1647 		server->total_read;
1648 
1649 	while (remaining > 0) {
1650 		ssize_t length;
1651 
1652 		length = cifs_discard_from_socket(server,
1653 				min_t(size_t, remaining,
1654 				      CIFSMaxBufSize + MAX_HEADER_SIZE(server)));
1655 		if (length < 0)
1656 			return length;
1657 		server->total_read += length;
1658 		remaining -= length;
1659 	}
1660 
1661 	return 0;
1662 }
1663 
1664 static int
1665 __cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid,
1666 		     bool malformed)
1667 {
1668 	int length;
1669 
1670 	length = cifs_discard_remaining_data(server);
1671 	dequeue_mid(mid, malformed);
1672 	mid->resp_buf = server->smallbuf;
1673 	server->smallbuf = NULL;
1674 	return length;
1675 }
1676 
1677 static int
1678 cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid)
1679 {
1680 	struct cifs_readdata *rdata = mid->callback_data;
1681 
1682 	return  __cifs_readv_discard(server, mid, rdata->result);
1683 }
1684 
1685 int
1686 cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid)
1687 {
1688 	int length, len;
1689 	unsigned int data_offset, data_len;
1690 	struct cifs_readdata *rdata = mid->callback_data;
1691 	char *buf = server->smallbuf;
1692 	unsigned int buflen = server->pdu_size + HEADER_PREAMBLE_SIZE(server);
1693 	bool use_rdma_mr = false;
1694 
1695 	cifs_dbg(FYI, "%s: mid=%llu offset=%llu bytes=%u\n",
1696 		 __func__, mid->mid, rdata->offset, rdata->bytes);
1697 
1698 	/*
1699 	 * read the rest of READ_RSP header (sans Data array), or whatever we
1700 	 * can if there's not enough data. At this point, we've read down to
1701 	 * the Mid.
1702 	 */
1703 	len = min_t(unsigned int, buflen, server->vals->read_rsp_size) -
1704 							HEADER_SIZE(server) + 1;
1705 
1706 	length = cifs_read_from_socket(server,
1707 				       buf + HEADER_SIZE(server) - 1, len);
1708 	if (length < 0)
1709 		return length;
1710 	server->total_read += length;
1711 
1712 	if (server->ops->is_session_expired &&
1713 	    server->ops->is_session_expired(buf)) {
1714 		cifs_reconnect(server, true);
1715 		return -1;
1716 	}
1717 
1718 	if (server->ops->is_status_pending &&
1719 	    server->ops->is_status_pending(buf, server)) {
1720 		cifs_discard_remaining_data(server);
1721 		return -1;
1722 	}
1723 
1724 	/* set up first two iov for signature check and to get credits */
1725 	rdata->iov[0].iov_base = buf;
1726 	rdata->iov[0].iov_len = HEADER_PREAMBLE_SIZE(server);
1727 	rdata->iov[1].iov_base = buf + HEADER_PREAMBLE_SIZE(server);
1728 	rdata->iov[1].iov_len =
1729 		server->total_read - HEADER_PREAMBLE_SIZE(server);
1730 	cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu\n",
1731 		 rdata->iov[0].iov_base, rdata->iov[0].iov_len);
1732 	cifs_dbg(FYI, "1: iov_base=%p iov_len=%zu\n",
1733 		 rdata->iov[1].iov_base, rdata->iov[1].iov_len);
1734 
1735 	/* Was the SMB read successful? */
1736 	rdata->result = server->ops->map_error(buf, false);
1737 	if (rdata->result != 0) {
1738 		cifs_dbg(FYI, "%s: server returned error %d\n",
1739 			 __func__, rdata->result);
1740 		/* normal error on read response */
1741 		return __cifs_readv_discard(server, mid, false);
1742 	}
1743 
1744 	/* Is there enough to get to the rest of the READ_RSP header? */
1745 	if (server->total_read < server->vals->read_rsp_size) {
1746 		cifs_dbg(FYI, "%s: server returned short header. got=%u expected=%zu\n",
1747 			 __func__, server->total_read,
1748 			 server->vals->read_rsp_size);
1749 		rdata->result = -EIO;
1750 		return cifs_readv_discard(server, mid);
1751 	}
1752 
1753 	data_offset = server->ops->read_data_offset(buf) +
1754 		HEADER_PREAMBLE_SIZE(server);
1755 	if (data_offset < server->total_read) {
1756 		/*
1757 		 * win2k8 sometimes sends an offset of 0 when the read
1758 		 * is beyond the EOF. Treat it as if the data starts just after
1759 		 * the header.
1760 		 */
1761 		cifs_dbg(FYI, "%s: data offset (%u) inside read response header\n",
1762 			 __func__, data_offset);
1763 		data_offset = server->total_read;
1764 	} else if (data_offset > MAX_CIFS_SMALL_BUFFER_SIZE) {
1765 		/* data_offset is beyond the end of smallbuf */
1766 		cifs_dbg(FYI, "%s: data offset (%u) beyond end of smallbuf\n",
1767 			 __func__, data_offset);
1768 		rdata->result = -EIO;
1769 		return cifs_readv_discard(server, mid);
1770 	}
1771 
1772 	cifs_dbg(FYI, "%s: total_read=%u data_offset=%u\n",
1773 		 __func__, server->total_read, data_offset);
1774 
1775 	len = data_offset - server->total_read;
1776 	if (len > 0) {
1777 		/* read any junk before data into the rest of smallbuf */
1778 		length = cifs_read_from_socket(server,
1779 					       buf + server->total_read, len);
1780 		if (length < 0)
1781 			return length;
1782 		server->total_read += length;
1783 	}
1784 
1785 	/* how much data is in the response? */
1786 #ifdef CONFIG_CIFS_SMB_DIRECT
1787 	use_rdma_mr = rdata->mr;
1788 #endif
1789 	data_len = server->ops->read_data_length(buf, use_rdma_mr);
1790 	if (!use_rdma_mr && (data_offset + data_len > buflen)) {
1791 		/* data_len is corrupt -- discard frame */
1792 		rdata->result = -EIO;
1793 		return cifs_readv_discard(server, mid);
1794 	}
1795 
1796 #ifdef CONFIG_CIFS_SMB_DIRECT
1797 	if (rdata->mr)
1798 		length = data_len; /* An RDMA read is already done. */
1799 	else
1800 #endif
1801 		length = cifs_read_iter_from_socket(server, &rdata->iter,
1802 						    data_len);
1803 	if (length > 0)
1804 		rdata->got_bytes += length;
1805 	server->total_read += length;
1806 
1807 	cifs_dbg(FYI, "total_read=%u buflen=%u remaining=%u\n",
1808 		 server->total_read, buflen, data_len);
1809 
1810 	/* discard anything left over */
1811 	if (server->total_read < buflen)
1812 		return cifs_readv_discard(server, mid);
1813 
1814 	dequeue_mid(mid, false);
1815 	mid->resp_buf = server->smallbuf;
1816 	server->smallbuf = NULL;
1817 	return length;
1818 }
1819