1/*
  2 *   fs/cifs/transport.c
  3 *
  4 *   Copyright (C) International Business Machines  Corp., 2002,2008
  5 *   Author(s): Steve French (sfrench@us.ibm.com)
  6 *   Jeremy Allison (jra@samba.org) 2006.
  7 *
  8 *   This library is free software; you can redistribute it and/or modify
  9 *   it under the terms of the GNU Lesser General Public License as published
 10 *   by the Free Software Foundation; either version 2.1 of the License, or
 11 *   (at your option) any later version.
 12 *
 13 *   This library is distributed in the hope that it will be useful,
 14 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 15 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
 16 *   the GNU Lesser General Public License for more details.
 17 *
 18 *   You should have received a copy of the GNU Lesser General Public License
 19 *   along with this library; if not, write to the Free Software
 20 *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 21 */
 22
 23#include <linux/fs.h>
 24#include <linux/list.h>
 25#include <linux/gfp.h>
 26#include <linux/wait.h>
 27#include <linux/net.h>
 28#include <linux/delay.h>
 
 29#include <asm/uaccess.h>
 30#include <asm/processor.h>
 31#include <linux/mempool.h>
 32#include "cifspdu.h"
 33#include "cifsglob.h"
 34#include "cifsproto.h"
 35#include "cifs_debug.h"
 36
 37extern mempool_t *cifs_mid_poolp;
 38
 39static void
 40wake_up_task(struct mid_q_entry *mid)
 41{
 42	wake_up_process(mid->callback_data);
 43}
 44
 45struct mid_q_entry *
 46AllocMidQEntry(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server)
 47{
 48	struct mid_q_entry *temp;
 49
 50	if (server == NULL) {
 51		cERROR(1, "Null TCP session in AllocMidQEntry");
 52		return NULL;
 53	}
 54
 55	temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
 56	if (temp == NULL)
 57		return temp;
 58	else {
 59		memset(temp, 0, sizeof(struct mid_q_entry));
 60		temp->mid = smb_buffer->Mid;	/* always LE */
 61		temp->pid = current->pid;
 62		temp->command = smb_buffer->Command;
 63		cFYI(1, "For smb_command %d", temp->command);
 64	/*	do_gettimeofday(&temp->when_sent);*/ /* easier to use jiffies */
 65		/* when mid allocated can be before when sent */
 66		temp->when_alloc = jiffies;
 67
 68		/*
 69		 * The default is for the mid to be synchronous, so the
 70		 * default callback just wakes up the current task.
 71		 */
 72		temp->callback = wake_up_task;
 73		temp->callback_data = current;
 74	}
 75
 76	atomic_inc(&midCount);
 77	temp->midState = MID_REQUEST_ALLOCATED;
 78	return temp;
 79}
 80
 81void
 82DeleteMidQEntry(struct mid_q_entry *midEntry)
 83{
 84#ifdef CONFIG_CIFS_STATS2
 85	unsigned long now;
 86#endif
 87	midEntry->midState = MID_FREE;
 88	atomic_dec(&midCount);
 89	if (midEntry->largeBuf)
 90		cifs_buf_release(midEntry->resp_buf);
 91	else
 92		cifs_small_buf_release(midEntry->resp_buf);
 93#ifdef CONFIG_CIFS_STATS2
 94	now = jiffies;
 95	/* commands taking longer than one second are indications that
 96	   something is wrong, unless it is quite a slow link or server */
 97	if ((now - midEntry->when_alloc) > HZ) {
 98		if ((cifsFYI & CIFS_TIMER) &&
 99		   (midEntry->command != SMB_COM_LOCKING_ANDX)) {
100			printk(KERN_DEBUG " CIFS slow rsp: cmd %d mid %d",
101			       midEntry->command, midEntry->mid);
102			printk(" A: 0x%lx S: 0x%lx R: 0x%lx\n",
103			       now - midEntry->when_alloc,
104			       now - midEntry->when_sent,
105			       now - midEntry->when_received);
106		}
107	}
108#endif
109	mempool_free(midEntry, cifs_mid_poolp);
110}
111
112static void
113delete_mid(struct mid_q_entry *mid)
114{
115	spin_lock(&GlobalMid_Lock);
116	list_del(&mid->qhead);
117	spin_unlock(&GlobalMid_Lock);
118
119	DeleteMidQEntry(mid);
120}
121
122static int
123smb_sendv(struct TCP_Server_Info *server, struct kvec *iov, int n_vec)
124{
125	int rc = 0;
126	int i = 0;
127	struct msghdr smb_msg;
128	struct smb_hdr *smb_buffer = iov[0].iov_base;
129	unsigned int len = iov[0].iov_len;
130	unsigned int total_len;
131	int first_vec = 0;
132	unsigned int smb_buf_length = be32_to_cpu(smb_buffer->smb_buf_length);
133	struct socket *ssocket = server->ssocket;
134
135	if (ssocket == NULL)
136		return -ENOTSOCK; /* BB eventually add reconnect code here */
137
138	smb_msg.msg_name = (struct sockaddr *) &server->dstaddr;
139	smb_msg.msg_namelen = sizeof(struct sockaddr);
140	smb_msg.msg_control = NULL;
141	smb_msg.msg_controllen = 0;
142	if (server->noblocksnd)
143		smb_msg.msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL;
144	else
145		smb_msg.msg_flags = MSG_NOSIGNAL;
146
147	total_len = 0;
148	for (i = 0; i < n_vec; i++)
149		total_len += iov[i].iov_len;
150
151	cFYI(1, "Sending smb:  total_len %d", total_len);
152	dump_smb(smb_buffer, len);
153
154	i = 0;
155	while (total_len) {
156		rc = kernel_sendmsg(ssocket, &smb_msg, &iov[first_vec],
157				    n_vec - first_vec, total_len);
158		if ((rc == -ENOSPC) || (rc == -EAGAIN)) {
159			i++;
160			/* if blocking send we try 3 times, since each can block
161			   for 5 seconds. For nonblocking  we have to try more
162			   but wait increasing amounts of time allowing time for
163			   socket to clear.  The overall time we wait in either
164			   case to send on the socket is about 15 seconds.
165			   Similarly we wait for 15 seconds for
166			   a response from the server in SendReceive[2]
167			   for the server to send a response back for
168			   most types of requests (except SMB Write
169			   past end of file which can be slow, and
170			   blocking lock operations). NFS waits slightly longer
171			   than CIFS, but this can make it take longer for
172			   nonresponsive servers to be detected and 15 seconds
173			   is more than enough time for modern networks to
174			   send a packet.  In most cases if we fail to send
175			   after the retries we will kill the socket and
176			   reconnect which may clear the network problem.
177			*/
178			if ((i >= 14) || (!server->noblocksnd && (i > 2))) {
179				cERROR(1, "sends on sock %p stuck for 15 seconds",
180				    ssocket);
181				rc = -EAGAIN;
182				break;
183			}
184			msleep(1 << i);
185			continue;
186		}
187		if (rc < 0)
188			break;
189
190		if (rc == total_len) {
191			total_len = 0;
192			break;
193		} else if (rc > total_len) {
194			cERROR(1, "sent %d requested %d", rc, total_len);
195			break;
196		}
197		if (rc == 0) {
198			/* should never happen, letting socket clear before
199			   retrying is our only obvious option here */
200			cERROR(1, "tcp sent no data");
201			msleep(500);
202			continue;
203		}
204		total_len -= rc;
205		/* the line below resets i */
206		for (i = first_vec; i < n_vec; i++) {
207			if (iov[i].iov_len) {
208				if (rc > iov[i].iov_len) {
209					rc -= iov[i].iov_len;
210					iov[i].iov_len = 0;
211				} else {
212					iov[i].iov_base += rc;
213					iov[i].iov_len -= rc;
214					first_vec = i;
215					break;
216				}
217			}
218		}
219		i = 0; /* in case we get ENOSPC on the next send */
220	}
221
222	if ((total_len > 0) && (total_len != smb_buf_length + 4)) {
223		cFYI(1, "partial send (%d remaining), terminating session",
224			total_len);
225		/* If we have only sent part of an SMB then the next SMB
226		   could be taken as the remainder of this one.  We need
227		   to kill the socket so the server throws away the partial
228		   SMB */
229		server->tcpStatus = CifsNeedReconnect;
230	}
231
232	if (rc < 0 && rc != -EINTR)
233		cERROR(1, "Error %d sending data on socket to server", rc);
234	else
235		rc = 0;
236
237	/* Don't want to modify the buffer as a
238	   side effect of this call. */
239	smb_buffer->smb_buf_length = cpu_to_be32(smb_buf_length);
240
241	return rc;
242}
243
244int
245smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer,
246	 unsigned int smb_buf_length)
247{
248	struct kvec iov;
249
250	iov.iov_base = smb_buffer;
251	iov.iov_len = smb_buf_length + 4;
252
253	return smb_sendv(server, &iov, 1);
254}
255
256static int wait_for_free_request(struct TCP_Server_Info *server,
257				 const int long_op)
 
258{
259	if (long_op == CIFS_ASYNC_OP) {
 
 
 
260		/* oplock breaks must not be held up */
261		atomic_inc(&server->inFlight);
 
 
262		return 0;
263	}
264
265	spin_lock(&GlobalMid_Lock);
266	while (1) {
267		if (atomic_read(&server->inFlight) >= cifs_max_pending) {
268			spin_unlock(&GlobalMid_Lock);
269			cifs_num_waiters_inc(server);
270			wait_event(server->request_q,
271				   atomic_read(&server->inFlight)
272				     < cifs_max_pending);
273			cifs_num_waiters_dec(server);
274			spin_lock(&GlobalMid_Lock);
 
 
275		} else {
276			if (server->tcpStatus == CifsExiting) {
277				spin_unlock(&GlobalMid_Lock);
278				return -ENOENT;
279			}
280
281			/* can not count locking commands against total
282			   as they are allowed to block on server */
 
 
283
284			/* update # of requests on the wire to server */
285			if (long_op != CIFS_BLOCKING_OP)
286				atomic_inc(&server->inFlight);
287			spin_unlock(&GlobalMid_Lock);
 
 
288			break;
289		}
290	}
291	return 0;
292}
293
 
 
 
 
 
 
 
294static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf,
295			struct mid_q_entry **ppmidQ)
296{
297	if (ses->server->tcpStatus == CifsExiting) {
298		return -ENOENT;
299	}
300
301	if (ses->server->tcpStatus == CifsNeedReconnect) {
302		cFYI(1, "tcp session dead - return to caller to retry");
303		return -EAGAIN;
304	}
305
306	if (ses->status != CifsGood) {
307		/* check if SMB session is bad because we are setting it up */
308		if ((in_buf->Command != SMB_COM_SESSION_SETUP_ANDX) &&
309			(in_buf->Command != SMB_COM_NEGOTIATE))
310			return -EAGAIN;
311		/* else ok - we are setting up session */
312	}
313	*ppmidQ = AllocMidQEntry(in_buf, ses->server);
314	if (*ppmidQ == NULL)
315		return -ENOMEM;
316	spin_lock(&GlobalMid_Lock);
317	list_add_tail(&(*ppmidQ)->qhead, &ses->server->pending_mid_q);
318	spin_unlock(&GlobalMid_Lock);
319	return 0;
320}
321
322static int
323wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ)
324{
325	int error;
326
327	error = wait_event_killable(server->response_q,
328				    midQ->midState != MID_REQUEST_SUBMITTED);
329	if (error < 0)
330		return -ERESTARTSYS;
331
332	return 0;
333}
334
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
335
336/*
337 * Send a SMB request and set the callback function in the mid to handle
338 * the result. Caller is responsible for dealing with timeouts.
339 */
340int
341cifs_call_async(struct TCP_Server_Info *server, struct kvec *iov,
342		unsigned int nvec, mid_callback_t *callback, void *cbdata,
343		bool ignore_pend)
344{
345	int rc;
346	struct mid_q_entry *mid;
347	struct smb_hdr *hdr = (struct smb_hdr *)iov[0].iov_base;
348
349	rc = wait_for_free_request(server, ignore_pend ? CIFS_ASYNC_OP : 0);
350	if (rc)
351		return rc;
352
353	/* enable signing if server requires it */
354	if (server->sec_mode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
355		hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
356
357	mutex_lock(&server->srv_mutex);
358	mid = AllocMidQEntry(hdr, server);
359	if (mid == NULL) {
360		mutex_unlock(&server->srv_mutex);
361		atomic_dec(&server->inFlight);
362		wake_up(&server->request_q);
363		return -ENOMEM;
364	}
365
 
 
 
 
 
366	/* put it on the pending_mid_q */
367	spin_lock(&GlobalMid_Lock);
368	list_add_tail(&mid->qhead, &server->pending_mid_q);
369	spin_unlock(&GlobalMid_Lock);
370
371	rc = cifs_sign_smb2(iov, nvec, server, &mid->sequence_number);
372	if (rc) {
373		mutex_unlock(&server->srv_mutex);
374		goto out_err;
375	}
376
377	mid->callback = callback;
378	mid->callback_data = cbdata;
379	mid->midState = MID_REQUEST_SUBMITTED;
380
381	cifs_in_send_inc(server);
382	rc = smb_sendv(server, iov, nvec);
383	cifs_in_send_dec(server);
384	cifs_save_when_sent(mid);
385	mutex_unlock(&server->srv_mutex);
386
387	if (rc)
388		goto out_err;
389
390	return rc;
391out_err:
392	delete_mid(mid);
393	atomic_dec(&server->inFlight);
394	wake_up(&server->request_q);
395	return rc;
396}
397
398/*
399 *
400 * Send an SMB Request.  No response info (other than return code)
401 * needs to be parsed.
402 *
403 * flags indicate the type of request buffer and how long to wait
404 * and whether to log NT STATUS code (error) before mapping it to POSIX error
405 *
406 */
407int
408SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses,
409		struct smb_hdr *in_buf, int flags)
410{
411	int rc;
412	struct kvec iov[1];
413	int resp_buf_type;
414
415	iov[0].iov_base = (char *)in_buf;
416	iov[0].iov_len = be32_to_cpu(in_buf->smb_buf_length) + 4;
417	flags |= CIFS_NO_RESP;
418	rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags);
419	cFYI(DBG2, "SendRcvNoRsp flags %d rc %d", flags, rc);
420
421	return rc;
422}
423
424static int
425cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server)
426{
427	int rc = 0;
428
429	cFYI(1, "%s: cmd=%d mid=%d state=%d", __func__, mid->command,
430		mid->mid, mid->midState);
431
432	spin_lock(&GlobalMid_Lock);
433	switch (mid->midState) {
434	case MID_RESPONSE_RECEIVED:
435		spin_unlock(&GlobalMid_Lock);
436		return rc;
437	case MID_RETRY_NEEDED:
438		rc = -EAGAIN;
439		break;
440	case MID_RESPONSE_MALFORMED:
441		rc = -EIO;
442		break;
443	case MID_SHUTDOWN:
444		rc = -EHOSTDOWN;
445		break;
446	default:
447		list_del_init(&mid->qhead);
448		cERROR(1, "%s: invalid mid state mid=%d state=%d", __func__,
449			mid->mid, mid->midState);
450		rc = -EIO;
451	}
452	spin_unlock(&GlobalMid_Lock);
453
454	DeleteMidQEntry(mid);
455	return rc;
456}
457
458/*
459 * An NT cancel request header looks just like the original request except:
460 *
461 * The Command is SMB_COM_NT_CANCEL
462 * The WordCount is zeroed out
463 * The ByteCount is zeroed out
464 *
465 * This function mangles an existing request buffer into a
466 * SMB_COM_NT_CANCEL request and then sends it.
467 */
468static int
469send_nt_cancel(struct TCP_Server_Info *server, struct smb_hdr *in_buf,
470		struct mid_q_entry *mid)
471{
472	int rc = 0;
473
474	/* -4 for RFC1001 length and +2 for BCC field */
475	in_buf->smb_buf_length = cpu_to_be32(sizeof(struct smb_hdr) - 4  + 2);
476	in_buf->Command = SMB_COM_NT_CANCEL;
477	in_buf->WordCount = 0;
478	put_bcc(0, in_buf);
479
480	mutex_lock(&server->srv_mutex);
481	rc = cifs_sign_smb(in_buf, server, &mid->sequence_number);
482	if (rc) {
483		mutex_unlock(&server->srv_mutex);
484		return rc;
485	}
486	rc = smb_send(server, in_buf, be32_to_cpu(in_buf->smb_buf_length));
487	mutex_unlock(&server->srv_mutex);
488
489	cFYI(1, "issued NT_CANCEL for mid %u, rc = %d",
490		in_buf->Mid, rc);
491
492	return rc;
493}
494
495int
496cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
497		   bool log_error)
498{
499	dump_smb(mid->resp_buf,
500		 min_t(u32, 92, be32_to_cpu(mid->resp_buf->smb_buf_length)));
 
501
502	/* convert the length into a more usable form */
503	if (server->sec_mode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) {
 
 
 
 
504		/* FIXME: add code to kill session */
505		if (cifs_verify_signature(mid->resp_buf, server,
506					  mid->sequence_number + 1) != 0)
507			cERROR(1, "Unexpected SMB signature");
508	}
509
510	/* BB special case reconnect tid and uid here? */
511	return map_smb_to_linux_error(mid->resp_buf, log_error);
512}
513
514int
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
515SendReceive2(const unsigned int xid, struct cifs_ses *ses,
516	     struct kvec *iov, int n_vec, int *pRespBufType /* ret */,
517	     const int flags)
518{
519	int rc = 0;
520	int long_op;
521	struct mid_q_entry *midQ;
522	struct smb_hdr *in_buf = iov[0].iov_base;
523
524	long_op = flags & CIFS_TIMEOUT_MASK;
525
526	*pRespBufType = CIFS_NO_BUFFER;  /* no response buf yet */
527
528	if ((ses == NULL) || (ses->server == NULL)) {
529		cifs_small_buf_release(in_buf);
530		cERROR(1, "Null session");
531		return -EIO;
532	}
533
534	if (ses->server->tcpStatus == CifsExiting) {
535		cifs_small_buf_release(in_buf);
536		return -ENOENT;
537	}
538
539	/* Ensure that we do not send more than 50 overlapping requests
540	   to the same server. We may make this configurable later or
541	   use ses->maxReq */
 
 
542
543	rc = wait_for_free_request(ses->server, long_op);
544	if (rc) {
545		cifs_small_buf_release(in_buf);
546		return rc;
547	}
548
549	/* make sure that we sign in the same order that we send on this socket
550	   and avoid races inside tcp sendmsg code that could cause corruption
551	   of smb data */
 
 
552
553	mutex_lock(&ses->server->srv_mutex);
554
555	rc = allocate_mid(ses, in_buf, &midQ);
556	if (rc) {
557		mutex_unlock(&ses->server->srv_mutex);
558		cifs_small_buf_release(in_buf);
559		/* Update # of requests on wire to server */
560		atomic_dec(&ses->server->inFlight);
561		wake_up(&ses->server->request_q);
562		return rc;
563	}
564	rc = cifs_sign_smb2(iov, n_vec, ses->server, &midQ->sequence_number);
565	if (rc) {
566		mutex_unlock(&ses->server->srv_mutex);
567		cifs_small_buf_release(in_buf);
568		goto out;
569	}
570
571	midQ->midState = MID_REQUEST_SUBMITTED;
572	cifs_in_send_inc(ses->server);
573	rc = smb_sendv(ses->server, iov, n_vec);
574	cifs_in_send_dec(ses->server);
575	cifs_save_when_sent(midQ);
576
577	mutex_unlock(&ses->server->srv_mutex);
578
579	if (rc < 0) {
580		cifs_small_buf_release(in_buf);
581		goto out;
582	}
583
584	if (long_op == CIFS_ASYNC_OP) {
585		cifs_small_buf_release(in_buf);
586		goto out;
587	}
588
589	rc = wait_for_response(ses->server, midQ);
590	if (rc != 0) {
591		send_nt_cancel(ses->server, in_buf, midQ);
592		spin_lock(&GlobalMid_Lock);
593		if (midQ->midState == MID_REQUEST_SUBMITTED) {
594			midQ->callback = DeleteMidQEntry;
595			spin_unlock(&GlobalMid_Lock);
596			cifs_small_buf_release(in_buf);
597			atomic_dec(&ses->server->inFlight);
598			wake_up(&ses->server->request_q);
599			return rc;
600		}
601		spin_unlock(&GlobalMid_Lock);
602	}
603
604	cifs_small_buf_release(in_buf);
605
606	rc = cifs_sync_mid_result(midQ, ses->server);
607	if (rc != 0) {
608		atomic_dec(&ses->server->inFlight);
609		wake_up(&ses->server->request_q);
610		return rc;
611	}
612
613	if (!midQ->resp_buf || midQ->midState != MID_RESPONSE_RECEIVED) {
614		rc = -EIO;
615		cFYI(1, "Bad MID state?");
616		goto out;
617	}
618
619	iov[0].iov_base = (char *)midQ->resp_buf;
620	iov[0].iov_len = be32_to_cpu(midQ->resp_buf->smb_buf_length) + 4;
621	if (midQ->largeBuf)
 
622		*pRespBufType = CIFS_LARGE_BUFFER;
623	else
624		*pRespBufType = CIFS_SMALL_BUFFER;
625
626	rc = cifs_check_receive(midQ, ses->server, flags & CIFS_LOG_ERROR);
 
627
628	/* mark it so buf will not be freed by delete_mid */
629	if ((flags & CIFS_NO_RESP) == 0)
630		midQ->resp_buf = NULL;
631out:
632	delete_mid(midQ);
633	atomic_dec(&ses->server->inFlight);
634	wake_up(&ses->server->request_q);
635
636	return rc;
637}
638
639int
640SendReceive(const unsigned int xid, struct cifs_ses *ses,
641	    struct smb_hdr *in_buf, struct smb_hdr *out_buf,
642	    int *pbytes_returned, const int long_op)
643{
644	int rc = 0;
645	struct mid_q_entry *midQ;
646
647	if (ses == NULL) {
648		cERROR(1, "Null smb session");
649		return -EIO;
650	}
651	if (ses->server == NULL) {
652		cERROR(1, "Null tcp session");
653		return -EIO;
654	}
655
656	if (ses->server->tcpStatus == CifsExiting)
657		return -ENOENT;
658
659	/* Ensure that we do not send more than 50 overlapping requests
660	   to the same server. We may make this configurable later or
661	   use ses->maxReq */
662
663	if (be32_to_cpu(in_buf->smb_buf_length) > CIFSMaxBufSize +
664			MAX_CIFS_HDR_SIZE - 4) {
665		cERROR(1, "Illegal length, greater than maximum frame, %d",
666			   be32_to_cpu(in_buf->smb_buf_length));
667		return -EIO;
668	}
669
670	rc = wait_for_free_request(ses->server, long_op);
671	if (rc)
672		return rc;
673
674	/* make sure that we sign in the same order that we send on this socket
675	   and avoid races inside tcp sendmsg code that could cause corruption
676	   of smb data */
677
678	mutex_lock(&ses->server->srv_mutex);
679
680	rc = allocate_mid(ses, in_buf, &midQ);
681	if (rc) {
682		mutex_unlock(&ses->server->srv_mutex);
683		/* Update # of requests on wire to server */
684		atomic_dec(&ses->server->inFlight);
685		wake_up(&ses->server->request_q);
686		return rc;
687	}
688
689	rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
690	if (rc) {
691		mutex_unlock(&ses->server->srv_mutex);
692		goto out;
693	}
694
695	midQ->midState = MID_REQUEST_SUBMITTED;
696
697	cifs_in_send_inc(ses->server);
698	rc = smb_send(ses->server, in_buf, be32_to_cpu(in_buf->smb_buf_length));
699	cifs_in_send_dec(ses->server);
700	cifs_save_when_sent(midQ);
701	mutex_unlock(&ses->server->srv_mutex);
702
703	if (rc < 0)
704		goto out;
705
706	if (long_op == CIFS_ASYNC_OP)
707		goto out;
708
709	rc = wait_for_response(ses->server, midQ);
710	if (rc != 0) {
711		send_nt_cancel(ses->server, in_buf, midQ);
712		spin_lock(&GlobalMid_Lock);
713		if (midQ->midState == MID_REQUEST_SUBMITTED) {
714			/* no longer considered to be "in-flight" */
715			midQ->callback = DeleteMidQEntry;
716			spin_unlock(&GlobalMid_Lock);
717			atomic_dec(&ses->server->inFlight);
718			wake_up(&ses->server->request_q);
719			return rc;
720		}
721		spin_unlock(&GlobalMid_Lock);
722	}
723
724	rc = cifs_sync_mid_result(midQ, ses->server);
725	if (rc != 0) {
726		atomic_dec(&ses->server->inFlight);
727		wake_up(&ses->server->request_q);
728		return rc;
729	}
730
731	if (!midQ->resp_buf || !out_buf ||
732	    midQ->midState != MID_RESPONSE_RECEIVED) {
733		rc = -EIO;
734		cERROR(1, "Bad MID state?");
735		goto out;
736	}
737
738	*pbytes_returned = be32_to_cpu(midQ->resp_buf->smb_buf_length);
739	memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
740	rc = cifs_check_receive(midQ, ses->server, 0);
741out:
742	delete_mid(midQ);
743	atomic_dec(&ses->server->inFlight);
744	wake_up(&ses->server->request_q);
745
746	return rc;
747}
748
749/* We send a LOCKINGX_CANCEL_LOCK to cause the Windows
750   blocking lock to return. */
751
752static int
753send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon,
754			struct smb_hdr *in_buf,
755			struct smb_hdr *out_buf)
756{
757	int bytes_returned;
758	struct cifs_ses *ses = tcon->ses;
759	LOCK_REQ *pSMB = (LOCK_REQ *)in_buf;
760
761	/* We just modify the current in_buf to change
762	   the type of lock from LOCKING_ANDX_SHARED_LOCK
763	   or LOCKING_ANDX_EXCLUSIVE_LOCK to
764	   LOCKING_ANDX_CANCEL_LOCK. */
765
766	pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES;
767	pSMB->Timeout = 0;
768	pSMB->hdr.Mid = GetNextMid(ses->server);
769
770	return SendReceive(xid, ses, in_buf, out_buf,
771			&bytes_returned, 0);
772}
773
774int
775SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon,
776	    struct smb_hdr *in_buf, struct smb_hdr *out_buf,
777	    int *pbytes_returned)
778{
779	int rc = 0;
780	int rstart = 0;
781	struct mid_q_entry *midQ;
782	struct cifs_ses *ses;
783
784	if (tcon == NULL || tcon->ses == NULL) {
785		cERROR(1, "Null smb session");
786		return -EIO;
787	}
788	ses = tcon->ses;
789
790	if (ses->server == NULL) {
791		cERROR(1, "Null tcp session");
792		return -EIO;
793	}
794
795	if (ses->server->tcpStatus == CifsExiting)
796		return -ENOENT;
797
798	/* Ensure that we do not send more than 50 overlapping requests
799	   to the same server. We may make this configurable later or
800	   use ses->maxReq */
801
802	if (be32_to_cpu(in_buf->smb_buf_length) > CIFSMaxBufSize +
803			MAX_CIFS_HDR_SIZE - 4) {
804		cERROR(1, "Illegal length, greater than maximum frame, %d",
805			   be32_to_cpu(in_buf->smb_buf_length));
806		return -EIO;
807	}
808
809	rc = wait_for_free_request(ses->server, CIFS_BLOCKING_OP);
810	if (rc)
811		return rc;
812
813	/* make sure that we sign in the same order that we send on this socket
814	   and avoid races inside tcp sendmsg code that could cause corruption
815	   of smb data */
816
817	mutex_lock(&ses->server->srv_mutex);
818
819	rc = allocate_mid(ses, in_buf, &midQ);
820	if (rc) {
821		mutex_unlock(&ses->server->srv_mutex);
822		return rc;
823	}
824
825	rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
826	if (rc) {
827		delete_mid(midQ);
828		mutex_unlock(&ses->server->srv_mutex);
829		return rc;
830	}
831
832	midQ->midState = MID_REQUEST_SUBMITTED;
833	cifs_in_send_inc(ses->server);
834	rc = smb_send(ses->server, in_buf, be32_to_cpu(in_buf->smb_buf_length));
835	cifs_in_send_dec(ses->server);
836	cifs_save_when_sent(midQ);
837	mutex_unlock(&ses->server->srv_mutex);
838
839	if (rc < 0) {
840		delete_mid(midQ);
841		return rc;
842	}
843
844	/* Wait for a reply - allow signals to interrupt. */
845	rc = wait_event_interruptible(ses->server->response_q,
846		(!(midQ->midState == MID_REQUEST_SUBMITTED)) ||
847		((ses->server->tcpStatus != CifsGood) &&
848		 (ses->server->tcpStatus != CifsNew)));
849
850	/* Were we interrupted by a signal ? */
851	if ((rc == -ERESTARTSYS) &&
852		(midQ->midState == MID_REQUEST_SUBMITTED) &&
853		((ses->server->tcpStatus == CifsGood) ||
854		 (ses->server->tcpStatus == CifsNew))) {
855
856		if (in_buf->Command == SMB_COM_TRANSACTION2) {
857			/* POSIX lock. We send a NT_CANCEL SMB to cause the
858			   blocking lock to return. */
859			rc = send_nt_cancel(ses->server, in_buf, midQ);
860			if (rc) {
861				delete_mid(midQ);
862				return rc;
863			}
864		} else {
865			/* Windows lock. We send a LOCKINGX_CANCEL_LOCK
866			   to cause the blocking lock to return. */
867
868			rc = send_lock_cancel(xid, tcon, in_buf, out_buf);
869
870			/* If we get -ENOLCK back the lock may have
871			   already been removed. Don't exit in this case. */
872			if (rc && rc != -ENOLCK) {
873				delete_mid(midQ);
874				return rc;
875			}
876		}
877
878		rc = wait_for_response(ses->server, midQ);
879		if (rc) {
880			send_nt_cancel(ses->server, in_buf, midQ);
881			spin_lock(&GlobalMid_Lock);
882			if (midQ->midState == MID_REQUEST_SUBMITTED) {
883				/* no longer considered to be "in-flight" */
884				midQ->callback = DeleteMidQEntry;
885				spin_unlock(&GlobalMid_Lock);
886				return rc;
887			}
888			spin_unlock(&GlobalMid_Lock);
889		}
890
891		/* We got the response - restart system call. */
892		rstart = 1;
893	}
894
895	rc = cifs_sync_mid_result(midQ, ses->server);
896	if (rc != 0)
897		return rc;
898
899	/* rcvd frame is ok */
900	if (out_buf == NULL || midQ->midState != MID_RESPONSE_RECEIVED) {
901		rc = -EIO;
902		cERROR(1, "Bad MID state?");
903		goto out;
904	}
905
906	*pbytes_returned = be32_to_cpu(midQ->resp_buf->smb_buf_length);
907	memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
908	rc = cifs_check_receive(midQ, ses->server, 0);
909out:
910	delete_mid(midQ);
911	if (rstart && rc == -EACCES)
912		return -ERESTARTSYS;
913	return rc;
914}