Loading...
1/*
2 * fs/cifs/transport.c
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 * Jeremy Allison (jra@samba.org) 2006.
7 *
8 * This library is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU Lesser General Public License as published
10 * by the Free Software Foundation; either version 2.1 of the License, or
11 * (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
16 * the GNU Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this library; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
22
23#include <linux/fs.h>
24#include <linux/list.h>
25#include <linux/gfp.h>
26#include <linux/wait.h>
27#include <linux/net.h>
28#include <linux/delay.h>
29#include <asm/uaccess.h>
30#include <asm/processor.h>
31#include <linux/mempool.h>
32#include "cifspdu.h"
33#include "cifsglob.h"
34#include "cifsproto.h"
35#include "cifs_debug.h"
36
37extern mempool_t *cifs_mid_poolp;
38
39static void
40wake_up_task(struct mid_q_entry *mid)
41{
42 wake_up_process(mid->callback_data);
43}
44
45struct mid_q_entry *
46AllocMidQEntry(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server)
47{
48 struct mid_q_entry *temp;
49
50 if (server == NULL) {
51 cERROR(1, "Null TCP session in AllocMidQEntry");
52 return NULL;
53 }
54
55 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
56 if (temp == NULL)
57 return temp;
58 else {
59 memset(temp, 0, sizeof(struct mid_q_entry));
60 temp->mid = smb_buffer->Mid; /* always LE */
61 temp->pid = current->pid;
62 temp->command = smb_buffer->Command;
63 cFYI(1, "For smb_command %d", temp->command);
64 /* do_gettimeofday(&temp->when_sent);*/ /* easier to use jiffies */
65 /* when mid allocated can be before when sent */
66 temp->when_alloc = jiffies;
67
68 /*
69 * The default is for the mid to be synchronous, so the
70 * default callback just wakes up the current task.
71 */
72 temp->callback = wake_up_task;
73 temp->callback_data = current;
74 }
75
76 atomic_inc(&midCount);
77 temp->midState = MID_REQUEST_ALLOCATED;
78 return temp;
79}
80
81void
82DeleteMidQEntry(struct mid_q_entry *midEntry)
83{
84#ifdef CONFIG_CIFS_STATS2
85 unsigned long now;
86#endif
87 midEntry->midState = MID_FREE;
88 atomic_dec(&midCount);
89 if (midEntry->largeBuf)
90 cifs_buf_release(midEntry->resp_buf);
91 else
92 cifs_small_buf_release(midEntry->resp_buf);
93#ifdef CONFIG_CIFS_STATS2
94 now = jiffies;
95 /* commands taking longer than one second are indications that
96 something is wrong, unless it is quite a slow link or server */
97 if ((now - midEntry->when_alloc) > HZ) {
98 if ((cifsFYI & CIFS_TIMER) &&
99 (midEntry->command != SMB_COM_LOCKING_ANDX)) {
100 printk(KERN_DEBUG " CIFS slow rsp: cmd %d mid %d",
101 midEntry->command, midEntry->mid);
102 printk(" A: 0x%lx S: 0x%lx R: 0x%lx\n",
103 now - midEntry->when_alloc,
104 now - midEntry->when_sent,
105 now - midEntry->when_received);
106 }
107 }
108#endif
109 mempool_free(midEntry, cifs_mid_poolp);
110}
111
112static void
113delete_mid(struct mid_q_entry *mid)
114{
115 spin_lock(&GlobalMid_Lock);
116 list_del(&mid->qhead);
117 spin_unlock(&GlobalMid_Lock);
118
119 DeleteMidQEntry(mid);
120}
121
122static int
123smb_sendv(struct TCP_Server_Info *server, struct kvec *iov, int n_vec)
124{
125 int rc = 0;
126 int i = 0;
127 struct msghdr smb_msg;
128 struct smb_hdr *smb_buffer = iov[0].iov_base;
129 unsigned int len = iov[0].iov_len;
130 unsigned int total_len;
131 int first_vec = 0;
132 unsigned int smb_buf_length = be32_to_cpu(smb_buffer->smb_buf_length);
133 struct socket *ssocket = server->ssocket;
134
135 if (ssocket == NULL)
136 return -ENOTSOCK; /* BB eventually add reconnect code here */
137
138 smb_msg.msg_name = (struct sockaddr *) &server->dstaddr;
139 smb_msg.msg_namelen = sizeof(struct sockaddr);
140 smb_msg.msg_control = NULL;
141 smb_msg.msg_controllen = 0;
142 if (server->noblocksnd)
143 smb_msg.msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL;
144 else
145 smb_msg.msg_flags = MSG_NOSIGNAL;
146
147 total_len = 0;
148 for (i = 0; i < n_vec; i++)
149 total_len += iov[i].iov_len;
150
151 cFYI(1, "Sending smb: total_len %d", total_len);
152 dump_smb(smb_buffer, len);
153
154 i = 0;
155 while (total_len) {
156 rc = kernel_sendmsg(ssocket, &smb_msg, &iov[first_vec],
157 n_vec - first_vec, total_len);
158 if ((rc == -ENOSPC) || (rc == -EAGAIN)) {
159 i++;
160 /* if blocking send we try 3 times, since each can block
161 for 5 seconds. For nonblocking we have to try more
162 but wait increasing amounts of time allowing time for
163 socket to clear. The overall time we wait in either
164 case to send on the socket is about 15 seconds.
165 Similarly we wait for 15 seconds for
166 a response from the server in SendReceive[2]
167 for the server to send a response back for
168 most types of requests (except SMB Write
169 past end of file which can be slow, and
170 blocking lock operations). NFS waits slightly longer
171 than CIFS, but this can make it take longer for
172 nonresponsive servers to be detected and 15 seconds
173 is more than enough time for modern networks to
174 send a packet. In most cases if we fail to send
175 after the retries we will kill the socket and
176 reconnect which may clear the network problem.
177 */
178 if ((i >= 14) || (!server->noblocksnd && (i > 2))) {
179 cERROR(1, "sends on sock %p stuck for 15 seconds",
180 ssocket);
181 rc = -EAGAIN;
182 break;
183 }
184 msleep(1 << i);
185 continue;
186 }
187 if (rc < 0)
188 break;
189
190 if (rc == total_len) {
191 total_len = 0;
192 break;
193 } else if (rc > total_len) {
194 cERROR(1, "sent %d requested %d", rc, total_len);
195 break;
196 }
197 if (rc == 0) {
198 /* should never happen, letting socket clear before
199 retrying is our only obvious option here */
200 cERROR(1, "tcp sent no data");
201 msleep(500);
202 continue;
203 }
204 total_len -= rc;
205 /* the line below resets i */
206 for (i = first_vec; i < n_vec; i++) {
207 if (iov[i].iov_len) {
208 if (rc > iov[i].iov_len) {
209 rc -= iov[i].iov_len;
210 iov[i].iov_len = 0;
211 } else {
212 iov[i].iov_base += rc;
213 iov[i].iov_len -= rc;
214 first_vec = i;
215 break;
216 }
217 }
218 }
219 i = 0; /* in case we get ENOSPC on the next send */
220 }
221
222 if ((total_len > 0) && (total_len != smb_buf_length + 4)) {
223 cFYI(1, "partial send (%d remaining), terminating session",
224 total_len);
225 /* If we have only sent part of an SMB then the next SMB
226 could be taken as the remainder of this one. We need
227 to kill the socket so the server throws away the partial
228 SMB */
229 server->tcpStatus = CifsNeedReconnect;
230 }
231
232 if (rc < 0 && rc != -EINTR)
233 cERROR(1, "Error %d sending data on socket to server", rc);
234 else
235 rc = 0;
236
237 /* Don't want to modify the buffer as a
238 side effect of this call. */
239 smb_buffer->smb_buf_length = cpu_to_be32(smb_buf_length);
240
241 return rc;
242}
243
244int
245smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer,
246 unsigned int smb_buf_length)
247{
248 struct kvec iov;
249
250 iov.iov_base = smb_buffer;
251 iov.iov_len = smb_buf_length + 4;
252
253 return smb_sendv(server, &iov, 1);
254}
255
256static int wait_for_free_request(struct TCP_Server_Info *server,
257 const int long_op)
258{
259 if (long_op == CIFS_ASYNC_OP) {
260 /* oplock breaks must not be held up */
261 atomic_inc(&server->inFlight);
262 return 0;
263 }
264
265 spin_lock(&GlobalMid_Lock);
266 while (1) {
267 if (atomic_read(&server->inFlight) >= cifs_max_pending) {
268 spin_unlock(&GlobalMid_Lock);
269 cifs_num_waiters_inc(server);
270 wait_event(server->request_q,
271 atomic_read(&server->inFlight)
272 < cifs_max_pending);
273 cifs_num_waiters_dec(server);
274 spin_lock(&GlobalMid_Lock);
275 } else {
276 if (server->tcpStatus == CifsExiting) {
277 spin_unlock(&GlobalMid_Lock);
278 return -ENOENT;
279 }
280
281 /* can not count locking commands against total
282 as they are allowed to block on server */
283
284 /* update # of requests on the wire to server */
285 if (long_op != CIFS_BLOCKING_OP)
286 atomic_inc(&server->inFlight);
287 spin_unlock(&GlobalMid_Lock);
288 break;
289 }
290 }
291 return 0;
292}
293
294static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf,
295 struct mid_q_entry **ppmidQ)
296{
297 if (ses->server->tcpStatus == CifsExiting) {
298 return -ENOENT;
299 }
300
301 if (ses->server->tcpStatus == CifsNeedReconnect) {
302 cFYI(1, "tcp session dead - return to caller to retry");
303 return -EAGAIN;
304 }
305
306 if (ses->status != CifsGood) {
307 /* check if SMB session is bad because we are setting it up */
308 if ((in_buf->Command != SMB_COM_SESSION_SETUP_ANDX) &&
309 (in_buf->Command != SMB_COM_NEGOTIATE))
310 return -EAGAIN;
311 /* else ok - we are setting up session */
312 }
313 *ppmidQ = AllocMidQEntry(in_buf, ses->server);
314 if (*ppmidQ == NULL)
315 return -ENOMEM;
316 spin_lock(&GlobalMid_Lock);
317 list_add_tail(&(*ppmidQ)->qhead, &ses->server->pending_mid_q);
318 spin_unlock(&GlobalMid_Lock);
319 return 0;
320}
321
322static int
323wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ)
324{
325 int error;
326
327 error = wait_event_killable(server->response_q,
328 midQ->midState != MID_REQUEST_SUBMITTED);
329 if (error < 0)
330 return -ERESTARTSYS;
331
332 return 0;
333}
334
335
336/*
337 * Send a SMB request and set the callback function in the mid to handle
338 * the result. Caller is responsible for dealing with timeouts.
339 */
340int
341cifs_call_async(struct TCP_Server_Info *server, struct kvec *iov,
342 unsigned int nvec, mid_callback_t *callback, void *cbdata,
343 bool ignore_pend)
344{
345 int rc;
346 struct mid_q_entry *mid;
347 struct smb_hdr *hdr = (struct smb_hdr *)iov[0].iov_base;
348
349 rc = wait_for_free_request(server, ignore_pend ? CIFS_ASYNC_OP : 0);
350 if (rc)
351 return rc;
352
353 /* enable signing if server requires it */
354 if (server->sec_mode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
355 hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
356
357 mutex_lock(&server->srv_mutex);
358 mid = AllocMidQEntry(hdr, server);
359 if (mid == NULL) {
360 mutex_unlock(&server->srv_mutex);
361 atomic_dec(&server->inFlight);
362 wake_up(&server->request_q);
363 return -ENOMEM;
364 }
365
366 /* put it on the pending_mid_q */
367 spin_lock(&GlobalMid_Lock);
368 list_add_tail(&mid->qhead, &server->pending_mid_q);
369 spin_unlock(&GlobalMid_Lock);
370
371 rc = cifs_sign_smb2(iov, nvec, server, &mid->sequence_number);
372 if (rc) {
373 mutex_unlock(&server->srv_mutex);
374 goto out_err;
375 }
376
377 mid->callback = callback;
378 mid->callback_data = cbdata;
379 mid->midState = MID_REQUEST_SUBMITTED;
380
381 cifs_in_send_inc(server);
382 rc = smb_sendv(server, iov, nvec);
383 cifs_in_send_dec(server);
384 cifs_save_when_sent(mid);
385 mutex_unlock(&server->srv_mutex);
386
387 if (rc)
388 goto out_err;
389
390 return rc;
391out_err:
392 delete_mid(mid);
393 atomic_dec(&server->inFlight);
394 wake_up(&server->request_q);
395 return rc;
396}
397
398/*
399 *
400 * Send an SMB Request. No response info (other than return code)
401 * needs to be parsed.
402 *
403 * flags indicate the type of request buffer and how long to wait
404 * and whether to log NT STATUS code (error) before mapping it to POSIX error
405 *
406 */
407int
408SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses,
409 struct smb_hdr *in_buf, int flags)
410{
411 int rc;
412 struct kvec iov[1];
413 int resp_buf_type;
414
415 iov[0].iov_base = (char *)in_buf;
416 iov[0].iov_len = be32_to_cpu(in_buf->smb_buf_length) + 4;
417 flags |= CIFS_NO_RESP;
418 rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags);
419 cFYI(DBG2, "SendRcvNoRsp flags %d rc %d", flags, rc);
420
421 return rc;
422}
423
424static int
425cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server)
426{
427 int rc = 0;
428
429 cFYI(1, "%s: cmd=%d mid=%d state=%d", __func__, mid->command,
430 mid->mid, mid->midState);
431
432 spin_lock(&GlobalMid_Lock);
433 switch (mid->midState) {
434 case MID_RESPONSE_RECEIVED:
435 spin_unlock(&GlobalMid_Lock);
436 return rc;
437 case MID_RETRY_NEEDED:
438 rc = -EAGAIN;
439 break;
440 case MID_RESPONSE_MALFORMED:
441 rc = -EIO;
442 break;
443 case MID_SHUTDOWN:
444 rc = -EHOSTDOWN;
445 break;
446 default:
447 list_del_init(&mid->qhead);
448 cERROR(1, "%s: invalid mid state mid=%d state=%d", __func__,
449 mid->mid, mid->midState);
450 rc = -EIO;
451 }
452 spin_unlock(&GlobalMid_Lock);
453
454 DeleteMidQEntry(mid);
455 return rc;
456}
457
458/*
459 * An NT cancel request header looks just like the original request except:
460 *
461 * The Command is SMB_COM_NT_CANCEL
462 * The WordCount is zeroed out
463 * The ByteCount is zeroed out
464 *
465 * This function mangles an existing request buffer into a
466 * SMB_COM_NT_CANCEL request and then sends it.
467 */
468static int
469send_nt_cancel(struct TCP_Server_Info *server, struct smb_hdr *in_buf,
470 struct mid_q_entry *mid)
471{
472 int rc = 0;
473
474 /* -4 for RFC1001 length and +2 for BCC field */
475 in_buf->smb_buf_length = cpu_to_be32(sizeof(struct smb_hdr) - 4 + 2);
476 in_buf->Command = SMB_COM_NT_CANCEL;
477 in_buf->WordCount = 0;
478 put_bcc(0, in_buf);
479
480 mutex_lock(&server->srv_mutex);
481 rc = cifs_sign_smb(in_buf, server, &mid->sequence_number);
482 if (rc) {
483 mutex_unlock(&server->srv_mutex);
484 return rc;
485 }
486 rc = smb_send(server, in_buf, be32_to_cpu(in_buf->smb_buf_length));
487 mutex_unlock(&server->srv_mutex);
488
489 cFYI(1, "issued NT_CANCEL for mid %u, rc = %d",
490 in_buf->Mid, rc);
491
492 return rc;
493}
494
495int
496cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
497 bool log_error)
498{
499 dump_smb(mid->resp_buf,
500 min_t(u32, 92, be32_to_cpu(mid->resp_buf->smb_buf_length)));
501
502 /* convert the length into a more usable form */
503 if (server->sec_mode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) {
504 /* FIXME: add code to kill session */
505 if (cifs_verify_signature(mid->resp_buf, server,
506 mid->sequence_number + 1) != 0)
507 cERROR(1, "Unexpected SMB signature");
508 }
509
510 /* BB special case reconnect tid and uid here? */
511 return map_smb_to_linux_error(mid->resp_buf, log_error);
512}
513
514int
515SendReceive2(const unsigned int xid, struct cifs_ses *ses,
516 struct kvec *iov, int n_vec, int *pRespBufType /* ret */,
517 const int flags)
518{
519 int rc = 0;
520 int long_op;
521 struct mid_q_entry *midQ;
522 struct smb_hdr *in_buf = iov[0].iov_base;
523
524 long_op = flags & CIFS_TIMEOUT_MASK;
525
526 *pRespBufType = CIFS_NO_BUFFER; /* no response buf yet */
527
528 if ((ses == NULL) || (ses->server == NULL)) {
529 cifs_small_buf_release(in_buf);
530 cERROR(1, "Null session");
531 return -EIO;
532 }
533
534 if (ses->server->tcpStatus == CifsExiting) {
535 cifs_small_buf_release(in_buf);
536 return -ENOENT;
537 }
538
539 /* Ensure that we do not send more than 50 overlapping requests
540 to the same server. We may make this configurable later or
541 use ses->maxReq */
542
543 rc = wait_for_free_request(ses->server, long_op);
544 if (rc) {
545 cifs_small_buf_release(in_buf);
546 return rc;
547 }
548
549 /* make sure that we sign in the same order that we send on this socket
550 and avoid races inside tcp sendmsg code that could cause corruption
551 of smb data */
552
553 mutex_lock(&ses->server->srv_mutex);
554
555 rc = allocate_mid(ses, in_buf, &midQ);
556 if (rc) {
557 mutex_unlock(&ses->server->srv_mutex);
558 cifs_small_buf_release(in_buf);
559 /* Update # of requests on wire to server */
560 atomic_dec(&ses->server->inFlight);
561 wake_up(&ses->server->request_q);
562 return rc;
563 }
564 rc = cifs_sign_smb2(iov, n_vec, ses->server, &midQ->sequence_number);
565 if (rc) {
566 mutex_unlock(&ses->server->srv_mutex);
567 cifs_small_buf_release(in_buf);
568 goto out;
569 }
570
571 midQ->midState = MID_REQUEST_SUBMITTED;
572 cifs_in_send_inc(ses->server);
573 rc = smb_sendv(ses->server, iov, n_vec);
574 cifs_in_send_dec(ses->server);
575 cifs_save_when_sent(midQ);
576
577 mutex_unlock(&ses->server->srv_mutex);
578
579 if (rc < 0) {
580 cifs_small_buf_release(in_buf);
581 goto out;
582 }
583
584 if (long_op == CIFS_ASYNC_OP) {
585 cifs_small_buf_release(in_buf);
586 goto out;
587 }
588
589 rc = wait_for_response(ses->server, midQ);
590 if (rc != 0) {
591 send_nt_cancel(ses->server, in_buf, midQ);
592 spin_lock(&GlobalMid_Lock);
593 if (midQ->midState == MID_REQUEST_SUBMITTED) {
594 midQ->callback = DeleteMidQEntry;
595 spin_unlock(&GlobalMid_Lock);
596 cifs_small_buf_release(in_buf);
597 atomic_dec(&ses->server->inFlight);
598 wake_up(&ses->server->request_q);
599 return rc;
600 }
601 spin_unlock(&GlobalMid_Lock);
602 }
603
604 cifs_small_buf_release(in_buf);
605
606 rc = cifs_sync_mid_result(midQ, ses->server);
607 if (rc != 0) {
608 atomic_dec(&ses->server->inFlight);
609 wake_up(&ses->server->request_q);
610 return rc;
611 }
612
613 if (!midQ->resp_buf || midQ->midState != MID_RESPONSE_RECEIVED) {
614 rc = -EIO;
615 cFYI(1, "Bad MID state?");
616 goto out;
617 }
618
619 iov[0].iov_base = (char *)midQ->resp_buf;
620 iov[0].iov_len = be32_to_cpu(midQ->resp_buf->smb_buf_length) + 4;
621 if (midQ->largeBuf)
622 *pRespBufType = CIFS_LARGE_BUFFER;
623 else
624 *pRespBufType = CIFS_SMALL_BUFFER;
625
626 rc = cifs_check_receive(midQ, ses->server, flags & CIFS_LOG_ERROR);
627
628 /* mark it so buf will not be freed by delete_mid */
629 if ((flags & CIFS_NO_RESP) == 0)
630 midQ->resp_buf = NULL;
631out:
632 delete_mid(midQ);
633 atomic_dec(&ses->server->inFlight);
634 wake_up(&ses->server->request_q);
635
636 return rc;
637}
638
639int
640SendReceive(const unsigned int xid, struct cifs_ses *ses,
641 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
642 int *pbytes_returned, const int long_op)
643{
644 int rc = 0;
645 struct mid_q_entry *midQ;
646
647 if (ses == NULL) {
648 cERROR(1, "Null smb session");
649 return -EIO;
650 }
651 if (ses->server == NULL) {
652 cERROR(1, "Null tcp session");
653 return -EIO;
654 }
655
656 if (ses->server->tcpStatus == CifsExiting)
657 return -ENOENT;
658
659 /* Ensure that we do not send more than 50 overlapping requests
660 to the same server. We may make this configurable later or
661 use ses->maxReq */
662
663 if (be32_to_cpu(in_buf->smb_buf_length) > CIFSMaxBufSize +
664 MAX_CIFS_HDR_SIZE - 4) {
665 cERROR(1, "Illegal length, greater than maximum frame, %d",
666 be32_to_cpu(in_buf->smb_buf_length));
667 return -EIO;
668 }
669
670 rc = wait_for_free_request(ses->server, long_op);
671 if (rc)
672 return rc;
673
674 /* make sure that we sign in the same order that we send on this socket
675 and avoid races inside tcp sendmsg code that could cause corruption
676 of smb data */
677
678 mutex_lock(&ses->server->srv_mutex);
679
680 rc = allocate_mid(ses, in_buf, &midQ);
681 if (rc) {
682 mutex_unlock(&ses->server->srv_mutex);
683 /* Update # of requests on wire to server */
684 atomic_dec(&ses->server->inFlight);
685 wake_up(&ses->server->request_q);
686 return rc;
687 }
688
689 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
690 if (rc) {
691 mutex_unlock(&ses->server->srv_mutex);
692 goto out;
693 }
694
695 midQ->midState = MID_REQUEST_SUBMITTED;
696
697 cifs_in_send_inc(ses->server);
698 rc = smb_send(ses->server, in_buf, be32_to_cpu(in_buf->smb_buf_length));
699 cifs_in_send_dec(ses->server);
700 cifs_save_when_sent(midQ);
701 mutex_unlock(&ses->server->srv_mutex);
702
703 if (rc < 0)
704 goto out;
705
706 if (long_op == CIFS_ASYNC_OP)
707 goto out;
708
709 rc = wait_for_response(ses->server, midQ);
710 if (rc != 0) {
711 send_nt_cancel(ses->server, in_buf, midQ);
712 spin_lock(&GlobalMid_Lock);
713 if (midQ->midState == MID_REQUEST_SUBMITTED) {
714 /* no longer considered to be "in-flight" */
715 midQ->callback = DeleteMidQEntry;
716 spin_unlock(&GlobalMid_Lock);
717 atomic_dec(&ses->server->inFlight);
718 wake_up(&ses->server->request_q);
719 return rc;
720 }
721 spin_unlock(&GlobalMid_Lock);
722 }
723
724 rc = cifs_sync_mid_result(midQ, ses->server);
725 if (rc != 0) {
726 atomic_dec(&ses->server->inFlight);
727 wake_up(&ses->server->request_q);
728 return rc;
729 }
730
731 if (!midQ->resp_buf || !out_buf ||
732 midQ->midState != MID_RESPONSE_RECEIVED) {
733 rc = -EIO;
734 cERROR(1, "Bad MID state?");
735 goto out;
736 }
737
738 *pbytes_returned = be32_to_cpu(midQ->resp_buf->smb_buf_length);
739 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
740 rc = cifs_check_receive(midQ, ses->server, 0);
741out:
742 delete_mid(midQ);
743 atomic_dec(&ses->server->inFlight);
744 wake_up(&ses->server->request_q);
745
746 return rc;
747}
748
749/* We send a LOCKINGX_CANCEL_LOCK to cause the Windows
750 blocking lock to return. */
751
752static int
753send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon,
754 struct smb_hdr *in_buf,
755 struct smb_hdr *out_buf)
756{
757 int bytes_returned;
758 struct cifs_ses *ses = tcon->ses;
759 LOCK_REQ *pSMB = (LOCK_REQ *)in_buf;
760
761 /* We just modify the current in_buf to change
762 the type of lock from LOCKING_ANDX_SHARED_LOCK
763 or LOCKING_ANDX_EXCLUSIVE_LOCK to
764 LOCKING_ANDX_CANCEL_LOCK. */
765
766 pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES;
767 pSMB->Timeout = 0;
768 pSMB->hdr.Mid = GetNextMid(ses->server);
769
770 return SendReceive(xid, ses, in_buf, out_buf,
771 &bytes_returned, 0);
772}
773
774int
775SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon,
776 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
777 int *pbytes_returned)
778{
779 int rc = 0;
780 int rstart = 0;
781 struct mid_q_entry *midQ;
782 struct cifs_ses *ses;
783
784 if (tcon == NULL || tcon->ses == NULL) {
785 cERROR(1, "Null smb session");
786 return -EIO;
787 }
788 ses = tcon->ses;
789
790 if (ses->server == NULL) {
791 cERROR(1, "Null tcp session");
792 return -EIO;
793 }
794
795 if (ses->server->tcpStatus == CifsExiting)
796 return -ENOENT;
797
798 /* Ensure that we do not send more than 50 overlapping requests
799 to the same server. We may make this configurable later or
800 use ses->maxReq */
801
802 if (be32_to_cpu(in_buf->smb_buf_length) > CIFSMaxBufSize +
803 MAX_CIFS_HDR_SIZE - 4) {
804 cERROR(1, "Illegal length, greater than maximum frame, %d",
805 be32_to_cpu(in_buf->smb_buf_length));
806 return -EIO;
807 }
808
809 rc = wait_for_free_request(ses->server, CIFS_BLOCKING_OP);
810 if (rc)
811 return rc;
812
813 /* make sure that we sign in the same order that we send on this socket
814 and avoid races inside tcp sendmsg code that could cause corruption
815 of smb data */
816
817 mutex_lock(&ses->server->srv_mutex);
818
819 rc = allocate_mid(ses, in_buf, &midQ);
820 if (rc) {
821 mutex_unlock(&ses->server->srv_mutex);
822 return rc;
823 }
824
825 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
826 if (rc) {
827 delete_mid(midQ);
828 mutex_unlock(&ses->server->srv_mutex);
829 return rc;
830 }
831
832 midQ->midState = MID_REQUEST_SUBMITTED;
833 cifs_in_send_inc(ses->server);
834 rc = smb_send(ses->server, in_buf, be32_to_cpu(in_buf->smb_buf_length));
835 cifs_in_send_dec(ses->server);
836 cifs_save_when_sent(midQ);
837 mutex_unlock(&ses->server->srv_mutex);
838
839 if (rc < 0) {
840 delete_mid(midQ);
841 return rc;
842 }
843
844 /* Wait for a reply - allow signals to interrupt. */
845 rc = wait_event_interruptible(ses->server->response_q,
846 (!(midQ->midState == MID_REQUEST_SUBMITTED)) ||
847 ((ses->server->tcpStatus != CifsGood) &&
848 (ses->server->tcpStatus != CifsNew)));
849
850 /* Were we interrupted by a signal ? */
851 if ((rc == -ERESTARTSYS) &&
852 (midQ->midState == MID_REQUEST_SUBMITTED) &&
853 ((ses->server->tcpStatus == CifsGood) ||
854 (ses->server->tcpStatus == CifsNew))) {
855
856 if (in_buf->Command == SMB_COM_TRANSACTION2) {
857 /* POSIX lock. We send a NT_CANCEL SMB to cause the
858 blocking lock to return. */
859 rc = send_nt_cancel(ses->server, in_buf, midQ);
860 if (rc) {
861 delete_mid(midQ);
862 return rc;
863 }
864 } else {
865 /* Windows lock. We send a LOCKINGX_CANCEL_LOCK
866 to cause the blocking lock to return. */
867
868 rc = send_lock_cancel(xid, tcon, in_buf, out_buf);
869
870 /* If we get -ENOLCK back the lock may have
871 already been removed. Don't exit in this case. */
872 if (rc && rc != -ENOLCK) {
873 delete_mid(midQ);
874 return rc;
875 }
876 }
877
878 rc = wait_for_response(ses->server, midQ);
879 if (rc) {
880 send_nt_cancel(ses->server, in_buf, midQ);
881 spin_lock(&GlobalMid_Lock);
882 if (midQ->midState == MID_REQUEST_SUBMITTED) {
883 /* no longer considered to be "in-flight" */
884 midQ->callback = DeleteMidQEntry;
885 spin_unlock(&GlobalMid_Lock);
886 return rc;
887 }
888 spin_unlock(&GlobalMid_Lock);
889 }
890
891 /* We got the response - restart system call. */
892 rstart = 1;
893 }
894
895 rc = cifs_sync_mid_result(midQ, ses->server);
896 if (rc != 0)
897 return rc;
898
899 /* rcvd frame is ok */
900 if (out_buf == NULL || midQ->midState != MID_RESPONSE_RECEIVED) {
901 rc = -EIO;
902 cERROR(1, "Bad MID state?");
903 goto out;
904 }
905
906 *pbytes_returned = be32_to_cpu(midQ->resp_buf->smb_buf_length);
907 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
908 rc = cifs_check_receive(midQ, ses->server, 0);
909out:
910 delete_mid(midQ);
911 if (rstart && rc == -EACCES)
912 return -ERESTARTSYS;
913 return rc;
914}
1/*
2 * fs/cifs/transport.c
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 * Jeremy Allison (jra@samba.org) 2006.
7 *
8 * This library is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU Lesser General Public License as published
10 * by the Free Software Foundation; either version 2.1 of the License, or
11 * (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
16 * the GNU Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this library; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
22
23#include <linux/fs.h>
24#include <linux/list.h>
25#include <linux/gfp.h>
26#include <linux/wait.h>
27#include <linux/net.h>
28#include <linux/delay.h>
29#include <linux/freezer.h>
30#include <linux/tcp.h>
31#include <linux/bvec.h>
32#include <linux/highmem.h>
33#include <linux/uaccess.h>
34#include <asm/processor.h>
35#include <linux/mempool.h>
36#include "cifspdu.h"
37#include "cifsglob.h"
38#include "cifsproto.h"
39#include "cifs_debug.h"
40#include "smb2proto.h"
41#include "smbdirect.h"
42
43/* Max number of iovectors we can use off the stack when sending requests. */
44#define CIFS_MAX_IOV_SIZE 8
45
46void
47cifs_wake_up_task(struct mid_q_entry *mid)
48{
49 wake_up_process(mid->callback_data);
50}
51
52struct mid_q_entry *
53AllocMidQEntry(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server)
54{
55 struct mid_q_entry *temp;
56
57 if (server == NULL) {
58 cifs_dbg(VFS, "Null TCP session in AllocMidQEntry\n");
59 return NULL;
60 }
61
62 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
63 memset(temp, 0, sizeof(struct mid_q_entry));
64 temp->mid = get_mid(smb_buffer);
65 temp->pid = current->pid;
66 temp->command = cpu_to_le16(smb_buffer->Command);
67 cifs_dbg(FYI, "For smb_command %d\n", smb_buffer->Command);
68 /* do_gettimeofday(&temp->when_sent);*/ /* easier to use jiffies */
69 /* when mid allocated can be before when sent */
70 temp->when_alloc = jiffies;
71 temp->server = server;
72
73 /*
74 * The default is for the mid to be synchronous, so the
75 * default callback just wakes up the current task.
76 */
77 temp->callback = cifs_wake_up_task;
78 temp->callback_data = current;
79
80 atomic_inc(&midCount);
81 temp->mid_state = MID_REQUEST_ALLOCATED;
82 return temp;
83}
84
85void
86DeleteMidQEntry(struct mid_q_entry *midEntry)
87{
88#ifdef CONFIG_CIFS_STATS2
89 __le16 command = midEntry->server->vals->lock_cmd;
90 unsigned long now;
91#endif
92 midEntry->mid_state = MID_FREE;
93 atomic_dec(&midCount);
94 if (midEntry->large_buf)
95 cifs_buf_release(midEntry->resp_buf);
96 else
97 cifs_small_buf_release(midEntry->resp_buf);
98#ifdef CONFIG_CIFS_STATS2
99 now = jiffies;
100 /* commands taking longer than one second are indications that
101 something is wrong, unless it is quite a slow link or server */
102 if (time_after(now, midEntry->when_alloc + HZ)) {
103 if ((cifsFYI & CIFS_TIMER) && (midEntry->command != command)) {
104 pr_debug(" CIFS slow rsp: cmd %d mid %llu",
105 midEntry->command, midEntry->mid);
106 pr_info(" A: 0x%lx S: 0x%lx R: 0x%lx\n",
107 now - midEntry->when_alloc,
108 now - midEntry->when_sent,
109 now - midEntry->when_received);
110 }
111 }
112#endif
113 mempool_free(midEntry, cifs_mid_poolp);
114}
115
116void
117cifs_delete_mid(struct mid_q_entry *mid)
118{
119 spin_lock(&GlobalMid_Lock);
120 list_del(&mid->qhead);
121 spin_unlock(&GlobalMid_Lock);
122
123 DeleteMidQEntry(mid);
124}
125
126/*
127 * smb_send_kvec - send an array of kvecs to the server
128 * @server: Server to send the data to
129 * @smb_msg: Message to send
130 * @sent: amount of data sent on socket is stored here
131 *
132 * Our basic "send data to server" function. Should be called with srv_mutex
133 * held. The caller is responsible for handling the results.
134 */
135static int
136smb_send_kvec(struct TCP_Server_Info *server, struct msghdr *smb_msg,
137 size_t *sent)
138{
139 int rc = 0;
140 int retries = 0;
141 struct socket *ssocket = server->ssocket;
142
143 *sent = 0;
144
145 smb_msg->msg_name = (struct sockaddr *) &server->dstaddr;
146 smb_msg->msg_namelen = sizeof(struct sockaddr);
147 smb_msg->msg_control = NULL;
148 smb_msg->msg_controllen = 0;
149 if (server->noblocksnd)
150 smb_msg->msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL;
151 else
152 smb_msg->msg_flags = MSG_NOSIGNAL;
153
154 while (msg_data_left(smb_msg)) {
155 /*
156 * If blocking send, we try 3 times, since each can block
157 * for 5 seconds. For nonblocking we have to try more
158 * but wait increasing amounts of time allowing time for
159 * socket to clear. The overall time we wait in either
160 * case to send on the socket is about 15 seconds.
161 * Similarly we wait for 15 seconds for a response from
162 * the server in SendReceive[2] for the server to send
163 * a response back for most types of requests (except
164 * SMB Write past end of file which can be slow, and
165 * blocking lock operations). NFS waits slightly longer
166 * than CIFS, but this can make it take longer for
167 * nonresponsive servers to be detected and 15 seconds
168 * is more than enough time for modern networks to
169 * send a packet. In most cases if we fail to send
170 * after the retries we will kill the socket and
171 * reconnect which may clear the network problem.
172 */
173 rc = sock_sendmsg(ssocket, smb_msg);
174 if (rc == -EAGAIN) {
175 retries++;
176 if (retries >= 14 ||
177 (!server->noblocksnd && (retries > 2))) {
178 cifs_dbg(VFS, "sends on sock %p stuck for 15 seconds\n",
179 ssocket);
180 return -EAGAIN;
181 }
182 msleep(1 << retries);
183 continue;
184 }
185
186 if (rc < 0)
187 return rc;
188
189 if (rc == 0) {
190 /* should never happen, letting socket clear before
191 retrying is our only obvious option here */
192 cifs_dbg(VFS, "tcp sent no data\n");
193 msleep(500);
194 continue;
195 }
196
197 /* send was at least partially successful */
198 *sent += rc;
199 retries = 0; /* in case we get ENOSPC on the next send */
200 }
201 return 0;
202}
203
204static unsigned long
205rqst_len(struct smb_rqst *rqst)
206{
207 unsigned int i;
208 struct kvec *iov = rqst->rq_iov;
209 unsigned long buflen = 0;
210
211 /* total up iov array first */
212 for (i = 0; i < rqst->rq_nvec; i++)
213 buflen += iov[i].iov_len;
214
215 /* add in the page array if there is one */
216 if (rqst->rq_npages) {
217 buflen += rqst->rq_pagesz * (rqst->rq_npages - 1);
218 buflen += rqst->rq_tailsz;
219 }
220
221 return buflen;
222}
223
224static int
225__smb_send_rqst(struct TCP_Server_Info *server, struct smb_rqst *rqst)
226{
227 int rc;
228 struct kvec *iov = rqst->rq_iov;
229 int n_vec = rqst->rq_nvec;
230 unsigned int smb_buf_length = get_rfc1002_length(iov[0].iov_base);
231 unsigned long send_length;
232 unsigned int i;
233 size_t total_len = 0, sent, size;
234 struct socket *ssocket = server->ssocket;
235 struct msghdr smb_msg;
236 int val = 1;
237 if (cifs_rdma_enabled(server) && server->smbd_conn) {
238 rc = smbd_send(server->smbd_conn, rqst);
239 goto smbd_done;
240 }
241 if (ssocket == NULL)
242 return -ENOTSOCK;
243
244 /* sanity check send length */
245 send_length = rqst_len(rqst);
246 if (send_length != smb_buf_length + 4) {
247 WARN(1, "Send length mismatch(send_length=%lu smb_buf_length=%u)\n",
248 send_length, smb_buf_length);
249 return -EIO;
250 }
251
252 if (n_vec < 2)
253 return -EIO;
254
255 cifs_dbg(FYI, "Sending smb: smb_len=%u\n", smb_buf_length);
256 dump_smb(iov[0].iov_base, iov[0].iov_len);
257 dump_smb(iov[1].iov_base, iov[1].iov_len);
258
259 /* cork the socket */
260 kernel_setsockopt(ssocket, SOL_TCP, TCP_CORK,
261 (char *)&val, sizeof(val));
262
263 size = 0;
264 for (i = 0; i < n_vec; i++)
265 size += iov[i].iov_len;
266
267 iov_iter_kvec(&smb_msg.msg_iter, WRITE | ITER_KVEC, iov, n_vec, size);
268
269 rc = smb_send_kvec(server, &smb_msg, &sent);
270 if (rc < 0)
271 goto uncork;
272
273 total_len += sent;
274
275 /* now walk the page array and send each page in it */
276 for (i = 0; i < rqst->rq_npages; i++) {
277 size_t len = i == rqst->rq_npages - 1
278 ? rqst->rq_tailsz
279 : rqst->rq_pagesz;
280 struct bio_vec bvec = {
281 .bv_page = rqst->rq_pages[i],
282 .bv_len = len
283 };
284 iov_iter_bvec(&smb_msg.msg_iter, WRITE | ITER_BVEC,
285 &bvec, 1, len);
286 rc = smb_send_kvec(server, &smb_msg, &sent);
287 if (rc < 0)
288 break;
289
290 total_len += sent;
291 }
292
293uncork:
294 /* uncork it */
295 val = 0;
296 kernel_setsockopt(ssocket, SOL_TCP, TCP_CORK,
297 (char *)&val, sizeof(val));
298
299 if ((total_len > 0) && (total_len != smb_buf_length + 4)) {
300 cifs_dbg(FYI, "partial send (wanted=%u sent=%zu): terminating session\n",
301 smb_buf_length + 4, total_len);
302 /*
303 * If we have only sent part of an SMB then the next SMB could
304 * be taken as the remainder of this one. We need to kill the
305 * socket so the server throws away the partial SMB
306 */
307 server->tcpStatus = CifsNeedReconnect;
308 }
309smbd_done:
310 if (rc < 0 && rc != -EINTR)
311 cifs_dbg(VFS, "Error %d sending data on socket to server\n",
312 rc);
313 else
314 rc = 0;
315
316 return rc;
317}
318
319static int
320smb_send_rqst(struct TCP_Server_Info *server, struct smb_rqst *rqst, int flags)
321{
322 struct smb_rqst cur_rqst;
323 int rc;
324
325 if (!(flags & CIFS_TRANSFORM_REQ))
326 return __smb_send_rqst(server, rqst);
327
328 if (!server->ops->init_transform_rq ||
329 !server->ops->free_transform_rq) {
330 cifs_dbg(VFS, "Encryption requested but transform callbacks are missed\n");
331 return -EIO;
332 }
333
334 rc = server->ops->init_transform_rq(server, &cur_rqst, rqst);
335 if (rc)
336 return rc;
337
338 rc = __smb_send_rqst(server, &cur_rqst);
339 server->ops->free_transform_rq(&cur_rqst);
340 return rc;
341}
342
343int
344smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer,
345 unsigned int smb_buf_length)
346{
347 struct kvec iov[2];
348 struct smb_rqst rqst = { .rq_iov = iov,
349 .rq_nvec = 2 };
350
351 iov[0].iov_base = smb_buffer;
352 iov[0].iov_len = 4;
353 iov[1].iov_base = (char *)smb_buffer + 4;
354 iov[1].iov_len = smb_buf_length;
355
356 return __smb_send_rqst(server, &rqst);
357}
358
359static int
360wait_for_free_credits(struct TCP_Server_Info *server, const int timeout,
361 int *credits)
362{
363 int rc;
364
365 spin_lock(&server->req_lock);
366 if (timeout == CIFS_ASYNC_OP) {
367 /* oplock breaks must not be held up */
368 server->in_flight++;
369 *credits -= 1;
370 spin_unlock(&server->req_lock);
371 return 0;
372 }
373
374 while (1) {
375 if (*credits <= 0) {
376 spin_unlock(&server->req_lock);
377 cifs_num_waiters_inc(server);
378 rc = wait_event_killable(server->request_q,
379 has_credits(server, credits));
380 cifs_num_waiters_dec(server);
381 if (rc)
382 return rc;
383 spin_lock(&server->req_lock);
384 } else {
385 if (server->tcpStatus == CifsExiting) {
386 spin_unlock(&server->req_lock);
387 return -ENOENT;
388 }
389
390 /*
391 * Can not count locking commands against total
392 * as they are allowed to block on server.
393 */
394
395 /* update # of requests on the wire to server */
396 if (timeout != CIFS_BLOCKING_OP) {
397 *credits -= 1;
398 server->in_flight++;
399 }
400 spin_unlock(&server->req_lock);
401 break;
402 }
403 }
404 return 0;
405}
406
407static int
408wait_for_free_request(struct TCP_Server_Info *server, const int timeout,
409 const int optype)
410{
411 int *val;
412
413 val = server->ops->get_credits_field(server, optype);
414 /* Since an echo is already inflight, no need to wait to send another */
415 if (*val <= 0 && optype == CIFS_ECHO_OP)
416 return -EAGAIN;
417 return wait_for_free_credits(server, timeout, val);
418}
419
420int
421cifs_wait_mtu_credits(struct TCP_Server_Info *server, unsigned int size,
422 unsigned int *num, unsigned int *credits)
423{
424 *num = size;
425 *credits = 0;
426 return 0;
427}
428
429static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf,
430 struct mid_q_entry **ppmidQ)
431{
432 if (ses->server->tcpStatus == CifsExiting) {
433 return -ENOENT;
434 }
435
436 if (ses->server->tcpStatus == CifsNeedReconnect) {
437 cifs_dbg(FYI, "tcp session dead - return to caller to retry\n");
438 return -EAGAIN;
439 }
440
441 if (ses->status == CifsNew) {
442 if ((in_buf->Command != SMB_COM_SESSION_SETUP_ANDX) &&
443 (in_buf->Command != SMB_COM_NEGOTIATE))
444 return -EAGAIN;
445 /* else ok - we are setting up session */
446 }
447
448 if (ses->status == CifsExiting) {
449 /* check if SMB session is bad because we are setting it up */
450 if (in_buf->Command != SMB_COM_LOGOFF_ANDX)
451 return -EAGAIN;
452 /* else ok - we are shutting down session */
453 }
454
455 *ppmidQ = AllocMidQEntry(in_buf, ses->server);
456 if (*ppmidQ == NULL)
457 return -ENOMEM;
458 spin_lock(&GlobalMid_Lock);
459 list_add_tail(&(*ppmidQ)->qhead, &ses->server->pending_mid_q);
460 spin_unlock(&GlobalMid_Lock);
461 return 0;
462}
463
464static int
465wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ)
466{
467 int error;
468
469 error = wait_event_freezekillable_unsafe(server->response_q,
470 midQ->mid_state != MID_REQUEST_SUBMITTED);
471 if (error < 0)
472 return -ERESTARTSYS;
473
474 return 0;
475}
476
477struct mid_q_entry *
478cifs_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
479{
480 int rc;
481 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
482 struct mid_q_entry *mid;
483
484 if (rqst->rq_iov[0].iov_len != 4 ||
485 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
486 return ERR_PTR(-EIO);
487
488 /* enable signing if server requires it */
489 if (server->sign)
490 hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
491
492 mid = AllocMidQEntry(hdr, server);
493 if (mid == NULL)
494 return ERR_PTR(-ENOMEM);
495
496 rc = cifs_sign_rqst(rqst, server, &mid->sequence_number);
497 if (rc) {
498 DeleteMidQEntry(mid);
499 return ERR_PTR(rc);
500 }
501
502 return mid;
503}
504
505/*
506 * Send a SMB request and set the callback function in the mid to handle
507 * the result. Caller is responsible for dealing with timeouts.
508 */
509int
510cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst,
511 mid_receive_t *receive, mid_callback_t *callback,
512 mid_handle_t *handle, void *cbdata, const int flags)
513{
514 int rc, timeout, optype;
515 struct mid_q_entry *mid;
516 unsigned int credits = 0;
517
518 timeout = flags & CIFS_TIMEOUT_MASK;
519 optype = flags & CIFS_OP_MASK;
520
521 if ((flags & CIFS_HAS_CREDITS) == 0) {
522 rc = wait_for_free_request(server, timeout, optype);
523 if (rc)
524 return rc;
525 credits = 1;
526 }
527
528 mutex_lock(&server->srv_mutex);
529 mid = server->ops->setup_async_request(server, rqst);
530 if (IS_ERR(mid)) {
531 mutex_unlock(&server->srv_mutex);
532 add_credits_and_wake_if(server, credits, optype);
533 return PTR_ERR(mid);
534 }
535
536 mid->receive = receive;
537 mid->callback = callback;
538 mid->callback_data = cbdata;
539 mid->handle = handle;
540 mid->mid_state = MID_REQUEST_SUBMITTED;
541
542 /* put it on the pending_mid_q */
543 spin_lock(&GlobalMid_Lock);
544 list_add_tail(&mid->qhead, &server->pending_mid_q);
545 spin_unlock(&GlobalMid_Lock);
546
547 /*
548 * Need to store the time in mid before calling I/O. For call_async,
549 * I/O response may come back and free the mid entry on another thread.
550 */
551 cifs_save_when_sent(mid);
552 cifs_in_send_inc(server);
553 rc = smb_send_rqst(server, rqst, flags);
554 cifs_in_send_dec(server);
555
556 if (rc < 0) {
557 server->sequence_number -= 2;
558 cifs_delete_mid(mid);
559 }
560
561 mutex_unlock(&server->srv_mutex);
562
563 if (rc == 0)
564 return 0;
565
566 add_credits_and_wake_if(server, credits, optype);
567 return rc;
568}
569
570/*
571 *
572 * Send an SMB Request. No response info (other than return code)
573 * needs to be parsed.
574 *
575 * flags indicate the type of request buffer and how long to wait
576 * and whether to log NT STATUS code (error) before mapping it to POSIX error
577 *
578 */
579int
580SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses,
581 char *in_buf, int flags)
582{
583 int rc;
584 struct kvec iov[1];
585 struct kvec rsp_iov;
586 int resp_buf_type;
587
588 iov[0].iov_base = in_buf;
589 iov[0].iov_len = get_rfc1002_length(in_buf) + 4;
590 flags |= CIFS_NO_RESP;
591 rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags, &rsp_iov);
592 cifs_dbg(NOISY, "SendRcvNoRsp flags %d rc %d\n", flags, rc);
593
594 return rc;
595}
596
597static int
598cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server)
599{
600 int rc = 0;
601
602 cifs_dbg(FYI, "%s: cmd=%d mid=%llu state=%d\n",
603 __func__, le16_to_cpu(mid->command), mid->mid, mid->mid_state);
604
605 spin_lock(&GlobalMid_Lock);
606 switch (mid->mid_state) {
607 case MID_RESPONSE_RECEIVED:
608 spin_unlock(&GlobalMid_Lock);
609 return rc;
610 case MID_RETRY_NEEDED:
611 rc = -EAGAIN;
612 break;
613 case MID_RESPONSE_MALFORMED:
614 rc = -EIO;
615 break;
616 case MID_SHUTDOWN:
617 rc = -EHOSTDOWN;
618 break;
619 default:
620 list_del_init(&mid->qhead);
621 cifs_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n",
622 __func__, mid->mid, mid->mid_state);
623 rc = -EIO;
624 }
625 spin_unlock(&GlobalMid_Lock);
626
627 DeleteMidQEntry(mid);
628 return rc;
629}
630
631static inline int
632send_cancel(struct TCP_Server_Info *server, struct smb_rqst *rqst,
633 struct mid_q_entry *mid)
634{
635 return server->ops->send_cancel ?
636 server->ops->send_cancel(server, rqst, mid) : 0;
637}
638
639int
640cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
641 bool log_error)
642{
643 unsigned int len = get_rfc1002_length(mid->resp_buf) + 4;
644
645 dump_smb(mid->resp_buf, min_t(u32, 92, len));
646
647 /* convert the length into a more usable form */
648 if (server->sign) {
649 struct kvec iov[2];
650 int rc = 0;
651 struct smb_rqst rqst = { .rq_iov = iov,
652 .rq_nvec = 2 };
653
654 iov[0].iov_base = mid->resp_buf;
655 iov[0].iov_len = 4;
656 iov[1].iov_base = (char *)mid->resp_buf + 4;
657 iov[1].iov_len = len - 4;
658 /* FIXME: add code to kill session */
659 rc = cifs_verify_signature(&rqst, server,
660 mid->sequence_number);
661 if (rc)
662 cifs_dbg(VFS, "SMB signature verification returned error = %d\n",
663 rc);
664 }
665
666 /* BB special case reconnect tid and uid here? */
667 return map_smb_to_linux_error(mid->resp_buf, log_error);
668}
669
670struct mid_q_entry *
671cifs_setup_request(struct cifs_ses *ses, struct smb_rqst *rqst)
672{
673 int rc;
674 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
675 struct mid_q_entry *mid;
676
677 if (rqst->rq_iov[0].iov_len != 4 ||
678 rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
679 return ERR_PTR(-EIO);
680
681 rc = allocate_mid(ses, hdr, &mid);
682 if (rc)
683 return ERR_PTR(rc);
684 rc = cifs_sign_rqst(rqst, ses->server, &mid->sequence_number);
685 if (rc) {
686 cifs_delete_mid(mid);
687 return ERR_PTR(rc);
688 }
689 return mid;
690}
691
692int
693cifs_send_recv(const unsigned int xid, struct cifs_ses *ses,
694 struct smb_rqst *rqst, int *resp_buf_type, const int flags,
695 struct kvec *resp_iov)
696{
697 int rc = 0;
698 int timeout, optype;
699 struct mid_q_entry *midQ;
700 unsigned int credits = 1;
701 char *buf;
702
703 timeout = flags & CIFS_TIMEOUT_MASK;
704 optype = flags & CIFS_OP_MASK;
705
706 *resp_buf_type = CIFS_NO_BUFFER; /* no response buf yet */
707
708 if ((ses == NULL) || (ses->server == NULL)) {
709 cifs_dbg(VFS, "Null session\n");
710 return -EIO;
711 }
712
713 if (ses->server->tcpStatus == CifsExiting)
714 return -ENOENT;
715
716 /*
717 * Ensure that we do not send more than 50 overlapping requests
718 * to the same server. We may make this configurable later or
719 * use ses->maxReq.
720 */
721
722 rc = wait_for_free_request(ses->server, timeout, optype);
723 if (rc)
724 return rc;
725
726 /*
727 * Make sure that we sign in the same order that we send on this socket
728 * and avoid races inside tcp sendmsg code that could cause corruption
729 * of smb data.
730 */
731
732 mutex_lock(&ses->server->srv_mutex);
733
734 midQ = ses->server->ops->setup_request(ses, rqst);
735 if (IS_ERR(midQ)) {
736 mutex_unlock(&ses->server->srv_mutex);
737 /* Update # of requests on wire to server */
738 add_credits(ses->server, 1, optype);
739 return PTR_ERR(midQ);
740 }
741
742 midQ->mid_state = MID_REQUEST_SUBMITTED;
743 cifs_in_send_inc(ses->server);
744 rc = smb_send_rqst(ses->server, rqst, flags);
745 cifs_in_send_dec(ses->server);
746 cifs_save_when_sent(midQ);
747
748 if (rc < 0)
749 ses->server->sequence_number -= 2;
750 mutex_unlock(&ses->server->srv_mutex);
751
752 if (rc < 0)
753 goto out;
754
755#ifdef CONFIG_CIFS_SMB311
756 if ((ses->status == CifsNew) || (optype & CIFS_NEG_OP))
757 smb311_update_preauth_hash(ses, rqst->rq_iov+1,
758 rqst->rq_nvec-1);
759#endif
760
761 if (timeout == CIFS_ASYNC_OP)
762 goto out;
763
764 rc = wait_for_response(ses->server, midQ);
765 if (rc != 0) {
766 cifs_dbg(FYI, "Cancelling wait for mid %llu\n", midQ->mid);
767 send_cancel(ses->server, rqst, midQ);
768 spin_lock(&GlobalMid_Lock);
769 if (midQ->mid_state == MID_REQUEST_SUBMITTED) {
770 midQ->mid_flags |= MID_WAIT_CANCELLED;
771 midQ->callback = DeleteMidQEntry;
772 spin_unlock(&GlobalMid_Lock);
773 add_credits(ses->server, 1, optype);
774 return rc;
775 }
776 spin_unlock(&GlobalMid_Lock);
777 }
778
779 rc = cifs_sync_mid_result(midQ, ses->server);
780 if (rc != 0) {
781 add_credits(ses->server, 1, optype);
782 return rc;
783 }
784
785 if (!midQ->resp_buf || midQ->mid_state != MID_RESPONSE_RECEIVED) {
786 rc = -EIO;
787 cifs_dbg(FYI, "Bad MID state?\n");
788 goto out;
789 }
790
791 buf = (char *)midQ->resp_buf;
792 resp_iov->iov_base = buf;
793 resp_iov->iov_len = midQ->resp_buf_size +
794 ses->server->vals->header_preamble_size;
795 if (midQ->large_buf)
796 *resp_buf_type = CIFS_LARGE_BUFFER;
797 else
798 *resp_buf_type = CIFS_SMALL_BUFFER;
799
800#ifdef CONFIG_CIFS_SMB311
801 if ((ses->status == CifsNew) || (optype & CIFS_NEG_OP)) {
802 struct kvec iov = {
803 .iov_base = buf + 4,
804 .iov_len = get_rfc1002_length(buf)
805 };
806 smb311_update_preauth_hash(ses, &iov, 1);
807 }
808#endif
809
810 credits = ses->server->ops->get_credits(midQ);
811
812 rc = ses->server->ops->check_receive(midQ, ses->server,
813 flags & CIFS_LOG_ERROR);
814
815 /* mark it so buf will not be freed by cifs_delete_mid */
816 if ((flags & CIFS_NO_RESP) == 0)
817 midQ->resp_buf = NULL;
818out:
819 cifs_delete_mid(midQ);
820 add_credits(ses->server, credits, optype);
821
822 return rc;
823}
824
825int
826SendReceive2(const unsigned int xid, struct cifs_ses *ses,
827 struct kvec *iov, int n_vec, int *resp_buf_type /* ret */,
828 const int flags, struct kvec *resp_iov)
829{
830 struct smb_rqst rqst;
831 struct kvec s_iov[CIFS_MAX_IOV_SIZE], *new_iov;
832 int rc;
833
834 if (n_vec + 1 > CIFS_MAX_IOV_SIZE) {
835 new_iov = kmalloc(sizeof(struct kvec) * (n_vec + 1),
836 GFP_KERNEL);
837 if (!new_iov) {
838 /* otherwise cifs_send_recv below sets resp_buf_type */
839 *resp_buf_type = CIFS_NO_BUFFER;
840 return -ENOMEM;
841 }
842 } else
843 new_iov = s_iov;
844
845 /* 1st iov is a RFC1001 length followed by the rest of the packet */
846 memcpy(new_iov + 1, iov, (sizeof(struct kvec) * n_vec));
847
848 new_iov[0].iov_base = new_iov[1].iov_base;
849 new_iov[0].iov_len = 4;
850 new_iov[1].iov_base += 4;
851 new_iov[1].iov_len -= 4;
852
853 memset(&rqst, 0, sizeof(struct smb_rqst));
854 rqst.rq_iov = new_iov;
855 rqst.rq_nvec = n_vec + 1;
856
857 rc = cifs_send_recv(xid, ses, &rqst, resp_buf_type, flags, resp_iov);
858 if (n_vec + 1 > CIFS_MAX_IOV_SIZE)
859 kfree(new_iov);
860 return rc;
861}
862
863/* Like SendReceive2 but iov[0] does not contain an rfc1002 header */
864int
865smb2_send_recv(const unsigned int xid, struct cifs_ses *ses,
866 struct kvec *iov, int n_vec, int *resp_buf_type /* ret */,
867 const int flags, struct kvec *resp_iov)
868{
869 struct smb_rqst rqst;
870 struct kvec s_iov[CIFS_MAX_IOV_SIZE], *new_iov;
871 int rc;
872 int i;
873 __u32 count;
874 __be32 rfc1002_marker;
875
876 if (n_vec + 1 > CIFS_MAX_IOV_SIZE) {
877 new_iov = kmalloc(sizeof(struct kvec) * (n_vec + 1),
878 GFP_KERNEL);
879 if (!new_iov)
880 return -ENOMEM;
881 } else
882 new_iov = s_iov;
883
884 /* 1st iov is an RFC1002 Session Message length */
885 memcpy(new_iov + 1, iov, (sizeof(struct kvec) * n_vec));
886
887 count = 0;
888 for (i = 1; i < n_vec + 1; i++)
889 count += new_iov[i].iov_len;
890
891 rfc1002_marker = cpu_to_be32(count);
892
893 new_iov[0].iov_base = &rfc1002_marker;
894 new_iov[0].iov_len = 4;
895
896 memset(&rqst, 0, sizeof(struct smb_rqst));
897 rqst.rq_iov = new_iov;
898 rqst.rq_nvec = n_vec + 1;
899
900 rc = cifs_send_recv(xid, ses, &rqst, resp_buf_type, flags, resp_iov);
901 if (n_vec + 1 > CIFS_MAX_IOV_SIZE)
902 kfree(new_iov);
903 return rc;
904}
905
906int
907SendReceive(const unsigned int xid, struct cifs_ses *ses,
908 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
909 int *pbytes_returned, const int timeout)
910{
911 int rc = 0;
912 struct mid_q_entry *midQ;
913 unsigned int len = be32_to_cpu(in_buf->smb_buf_length);
914 struct kvec iov = { .iov_base = in_buf, .iov_len = len };
915 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 };
916
917 if (ses == NULL) {
918 cifs_dbg(VFS, "Null smb session\n");
919 return -EIO;
920 }
921 if (ses->server == NULL) {
922 cifs_dbg(VFS, "Null tcp session\n");
923 return -EIO;
924 }
925
926 if (ses->server->tcpStatus == CifsExiting)
927 return -ENOENT;
928
929 /* Ensure that we do not send more than 50 overlapping requests
930 to the same server. We may make this configurable later or
931 use ses->maxReq */
932
933 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
934 cifs_dbg(VFS, "Illegal length, greater than maximum frame, %d\n",
935 len);
936 return -EIO;
937 }
938
939 rc = wait_for_free_request(ses->server, timeout, 0);
940 if (rc)
941 return rc;
942
943 /* make sure that we sign in the same order that we send on this socket
944 and avoid races inside tcp sendmsg code that could cause corruption
945 of smb data */
946
947 mutex_lock(&ses->server->srv_mutex);
948
949 rc = allocate_mid(ses, in_buf, &midQ);
950 if (rc) {
951 mutex_unlock(&ses->server->srv_mutex);
952 /* Update # of requests on wire to server */
953 add_credits(ses->server, 1, 0);
954 return rc;
955 }
956
957 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
958 if (rc) {
959 mutex_unlock(&ses->server->srv_mutex);
960 goto out;
961 }
962
963 midQ->mid_state = MID_REQUEST_SUBMITTED;
964
965 cifs_in_send_inc(ses->server);
966 rc = smb_send(ses->server, in_buf, len);
967 cifs_in_send_dec(ses->server);
968 cifs_save_when_sent(midQ);
969
970 if (rc < 0)
971 ses->server->sequence_number -= 2;
972
973 mutex_unlock(&ses->server->srv_mutex);
974
975 if (rc < 0)
976 goto out;
977
978 if (timeout == CIFS_ASYNC_OP)
979 goto out;
980
981 rc = wait_for_response(ses->server, midQ);
982 if (rc != 0) {
983 send_cancel(ses->server, &rqst, midQ);
984 spin_lock(&GlobalMid_Lock);
985 if (midQ->mid_state == MID_REQUEST_SUBMITTED) {
986 /* no longer considered to be "in-flight" */
987 midQ->callback = DeleteMidQEntry;
988 spin_unlock(&GlobalMid_Lock);
989 add_credits(ses->server, 1, 0);
990 return rc;
991 }
992 spin_unlock(&GlobalMid_Lock);
993 }
994
995 rc = cifs_sync_mid_result(midQ, ses->server);
996 if (rc != 0) {
997 add_credits(ses->server, 1, 0);
998 return rc;
999 }
1000
1001 if (!midQ->resp_buf || !out_buf ||
1002 midQ->mid_state != MID_RESPONSE_RECEIVED) {
1003 rc = -EIO;
1004 cifs_dbg(VFS, "Bad MID state?\n");
1005 goto out;
1006 }
1007
1008 *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
1009 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1010 rc = cifs_check_receive(midQ, ses->server, 0);
1011out:
1012 cifs_delete_mid(midQ);
1013 add_credits(ses->server, 1, 0);
1014
1015 return rc;
1016}
1017
1018/* We send a LOCKINGX_CANCEL_LOCK to cause the Windows
1019 blocking lock to return. */
1020
1021static int
1022send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon,
1023 struct smb_hdr *in_buf,
1024 struct smb_hdr *out_buf)
1025{
1026 int bytes_returned;
1027 struct cifs_ses *ses = tcon->ses;
1028 LOCK_REQ *pSMB = (LOCK_REQ *)in_buf;
1029
1030 /* We just modify the current in_buf to change
1031 the type of lock from LOCKING_ANDX_SHARED_LOCK
1032 or LOCKING_ANDX_EXCLUSIVE_LOCK to
1033 LOCKING_ANDX_CANCEL_LOCK. */
1034
1035 pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES;
1036 pSMB->Timeout = 0;
1037 pSMB->hdr.Mid = get_next_mid(ses->server);
1038
1039 return SendReceive(xid, ses, in_buf, out_buf,
1040 &bytes_returned, 0);
1041}
1042
1043int
1044SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon,
1045 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
1046 int *pbytes_returned)
1047{
1048 int rc = 0;
1049 int rstart = 0;
1050 struct mid_q_entry *midQ;
1051 struct cifs_ses *ses;
1052 unsigned int len = be32_to_cpu(in_buf->smb_buf_length);
1053 struct kvec iov = { .iov_base = in_buf, .iov_len = len };
1054 struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 };
1055
1056 if (tcon == NULL || tcon->ses == NULL) {
1057 cifs_dbg(VFS, "Null smb session\n");
1058 return -EIO;
1059 }
1060 ses = tcon->ses;
1061
1062 if (ses->server == NULL) {
1063 cifs_dbg(VFS, "Null tcp session\n");
1064 return -EIO;
1065 }
1066
1067 if (ses->server->tcpStatus == CifsExiting)
1068 return -ENOENT;
1069
1070 /* Ensure that we do not send more than 50 overlapping requests
1071 to the same server. We may make this configurable later or
1072 use ses->maxReq */
1073
1074 if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
1075 cifs_dbg(VFS, "Illegal length, greater than maximum frame, %d\n",
1076 len);
1077 return -EIO;
1078 }
1079
1080 rc = wait_for_free_request(ses->server, CIFS_BLOCKING_OP, 0);
1081 if (rc)
1082 return rc;
1083
1084 /* make sure that we sign in the same order that we send on this socket
1085 and avoid races inside tcp sendmsg code that could cause corruption
1086 of smb data */
1087
1088 mutex_lock(&ses->server->srv_mutex);
1089
1090 rc = allocate_mid(ses, in_buf, &midQ);
1091 if (rc) {
1092 mutex_unlock(&ses->server->srv_mutex);
1093 return rc;
1094 }
1095
1096 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
1097 if (rc) {
1098 cifs_delete_mid(midQ);
1099 mutex_unlock(&ses->server->srv_mutex);
1100 return rc;
1101 }
1102
1103 midQ->mid_state = MID_REQUEST_SUBMITTED;
1104 cifs_in_send_inc(ses->server);
1105 rc = smb_send(ses->server, in_buf, len);
1106 cifs_in_send_dec(ses->server);
1107 cifs_save_when_sent(midQ);
1108
1109 if (rc < 0)
1110 ses->server->sequence_number -= 2;
1111
1112 mutex_unlock(&ses->server->srv_mutex);
1113
1114 if (rc < 0) {
1115 cifs_delete_mid(midQ);
1116 return rc;
1117 }
1118
1119 /* Wait for a reply - allow signals to interrupt. */
1120 rc = wait_event_interruptible(ses->server->response_q,
1121 (!(midQ->mid_state == MID_REQUEST_SUBMITTED)) ||
1122 ((ses->server->tcpStatus != CifsGood) &&
1123 (ses->server->tcpStatus != CifsNew)));
1124
1125 /* Were we interrupted by a signal ? */
1126 if ((rc == -ERESTARTSYS) &&
1127 (midQ->mid_state == MID_REQUEST_SUBMITTED) &&
1128 ((ses->server->tcpStatus == CifsGood) ||
1129 (ses->server->tcpStatus == CifsNew))) {
1130
1131 if (in_buf->Command == SMB_COM_TRANSACTION2) {
1132 /* POSIX lock. We send a NT_CANCEL SMB to cause the
1133 blocking lock to return. */
1134 rc = send_cancel(ses->server, &rqst, midQ);
1135 if (rc) {
1136 cifs_delete_mid(midQ);
1137 return rc;
1138 }
1139 } else {
1140 /* Windows lock. We send a LOCKINGX_CANCEL_LOCK
1141 to cause the blocking lock to return. */
1142
1143 rc = send_lock_cancel(xid, tcon, in_buf, out_buf);
1144
1145 /* If we get -ENOLCK back the lock may have
1146 already been removed. Don't exit in this case. */
1147 if (rc && rc != -ENOLCK) {
1148 cifs_delete_mid(midQ);
1149 return rc;
1150 }
1151 }
1152
1153 rc = wait_for_response(ses->server, midQ);
1154 if (rc) {
1155 send_cancel(ses->server, &rqst, midQ);
1156 spin_lock(&GlobalMid_Lock);
1157 if (midQ->mid_state == MID_REQUEST_SUBMITTED) {
1158 /* no longer considered to be "in-flight" */
1159 midQ->callback = DeleteMidQEntry;
1160 spin_unlock(&GlobalMid_Lock);
1161 return rc;
1162 }
1163 spin_unlock(&GlobalMid_Lock);
1164 }
1165
1166 /* We got the response - restart system call. */
1167 rstart = 1;
1168 }
1169
1170 rc = cifs_sync_mid_result(midQ, ses->server);
1171 if (rc != 0)
1172 return rc;
1173
1174 /* rcvd frame is ok */
1175 if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_RECEIVED) {
1176 rc = -EIO;
1177 cifs_dbg(VFS, "Bad MID state?\n");
1178 goto out;
1179 }
1180
1181 *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
1182 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1183 rc = cifs_check_receive(midQ, ses->server, 0);
1184out:
1185 cifs_delete_mid(midQ);
1186 if (rstart && rc == -EACCES)
1187 return -ERESTARTSYS;
1188 return rc;
1189}