Loading...
1/*
2 * fs/cifs/transport.c
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 * Jeremy Allison (jra@samba.org) 2006.
7 *
8 * This library is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU Lesser General Public License as published
10 * by the Free Software Foundation; either version 2.1 of the License, or
11 * (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
16 * the GNU Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this library; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
22
23#include <linux/fs.h>
24#include <linux/list.h>
25#include <linux/gfp.h>
26#include <linux/wait.h>
27#include <linux/net.h>
28#include <linux/delay.h>
29#include <linux/freezer.h>
30#include <asm/uaccess.h>
31#include <asm/processor.h>
32#include <linux/mempool.h>
33#include "cifspdu.h"
34#include "cifsglob.h"
35#include "cifsproto.h"
36#include "cifs_debug.h"
37
38extern mempool_t *cifs_mid_poolp;
39
40static void
41wake_up_task(struct mid_q_entry *mid)
42{
43 wake_up_process(mid->callback_data);
44}
45
46struct mid_q_entry *
47AllocMidQEntry(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server)
48{
49 struct mid_q_entry *temp;
50
51 if (server == NULL) {
52 cERROR(1, "Null TCP session in AllocMidQEntry");
53 return NULL;
54 }
55
56 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
57 if (temp == NULL)
58 return temp;
59 else {
60 memset(temp, 0, sizeof(struct mid_q_entry));
61 temp->mid = smb_buffer->Mid; /* always LE */
62 temp->pid = current->pid;
63 temp->command = cpu_to_le16(smb_buffer->Command);
64 cFYI(1, "For smb_command %d", smb_buffer->Command);
65 /* do_gettimeofday(&temp->when_sent);*/ /* easier to use jiffies */
66 /* when mid allocated can be before when sent */
67 temp->when_alloc = jiffies;
68
69 /*
70 * The default is for the mid to be synchronous, so the
71 * default callback just wakes up the current task.
72 */
73 temp->callback = wake_up_task;
74 temp->callback_data = current;
75 }
76
77 atomic_inc(&midCount);
78 temp->mid_state = MID_REQUEST_ALLOCATED;
79 return temp;
80}
81
82void
83DeleteMidQEntry(struct mid_q_entry *midEntry)
84{
85#ifdef CONFIG_CIFS_STATS2
86 unsigned long now;
87#endif
88 midEntry->mid_state = MID_FREE;
89 atomic_dec(&midCount);
90 if (midEntry->large_buf)
91 cifs_buf_release(midEntry->resp_buf);
92 else
93 cifs_small_buf_release(midEntry->resp_buf);
94#ifdef CONFIG_CIFS_STATS2
95 now = jiffies;
96 /* commands taking longer than one second are indications that
97 something is wrong, unless it is quite a slow link or server */
98 if ((now - midEntry->when_alloc) > HZ) {
99 if ((cifsFYI & CIFS_TIMER) &&
100 (midEntry->command != cpu_to_le16(SMB_COM_LOCKING_ANDX))) {
101 printk(KERN_DEBUG " CIFS slow rsp: cmd %d mid %llu",
102 midEntry->command, midEntry->mid);
103 printk(" A: 0x%lx S: 0x%lx R: 0x%lx\n",
104 now - midEntry->when_alloc,
105 now - midEntry->when_sent,
106 now - midEntry->when_received);
107 }
108 }
109#endif
110 mempool_free(midEntry, cifs_mid_poolp);
111}
112
113static void
114delete_mid(struct mid_q_entry *mid)
115{
116 spin_lock(&GlobalMid_Lock);
117 list_del(&mid->qhead);
118 spin_unlock(&GlobalMid_Lock);
119
120 DeleteMidQEntry(mid);
121}
122
123static int
124smb_sendv(struct TCP_Server_Info *server, struct kvec *iov, int n_vec)
125{
126 int rc = 0;
127 int i = 0;
128 struct msghdr smb_msg;
129 __be32 *buf_len = (__be32 *)(iov[0].iov_base);
130 unsigned int len = iov[0].iov_len;
131 unsigned int total_len;
132 int first_vec = 0;
133 unsigned int smb_buf_length = get_rfc1002_length(iov[0].iov_base);
134 struct socket *ssocket = server->ssocket;
135
136 if (ssocket == NULL)
137 return -ENOTSOCK; /* BB eventually add reconnect code here */
138
139 smb_msg.msg_name = (struct sockaddr *) &server->dstaddr;
140 smb_msg.msg_namelen = sizeof(struct sockaddr);
141 smb_msg.msg_control = NULL;
142 smb_msg.msg_controllen = 0;
143 if (server->noblocksnd)
144 smb_msg.msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL;
145 else
146 smb_msg.msg_flags = MSG_NOSIGNAL;
147
148 total_len = 0;
149 for (i = 0; i < n_vec; i++)
150 total_len += iov[i].iov_len;
151
152 cFYI(1, "Sending smb: total_len %d", total_len);
153 dump_smb(iov[0].iov_base, len);
154
155 i = 0;
156 while (total_len) {
157 rc = kernel_sendmsg(ssocket, &smb_msg, &iov[first_vec],
158 n_vec - first_vec, total_len);
159 if ((rc == -ENOSPC) || (rc == -EAGAIN)) {
160 i++;
161 /*
162 * If blocking send we try 3 times, since each can block
163 * for 5 seconds. For nonblocking we have to try more
164 * but wait increasing amounts of time allowing time for
165 * socket to clear. The overall time we wait in either
166 * case to send on the socket is about 15 seconds.
167 * Similarly we wait for 15 seconds for a response from
168 * the server in SendReceive[2] for the server to send
169 * a response back for most types of requests (except
170 * SMB Write past end of file which can be slow, and
171 * blocking lock operations). NFS waits slightly longer
172 * than CIFS, but this can make it take longer for
173 * nonresponsive servers to be detected and 15 seconds
174 * is more than enough time for modern networks to
175 * send a packet. In most cases if we fail to send
176 * after the retries we will kill the socket and
177 * reconnect which may clear the network problem.
178 */
179 if ((i >= 14) || (!server->noblocksnd && (i > 2))) {
180 cERROR(1, "sends on sock %p stuck for 15 seconds",
181 ssocket);
182 rc = -EAGAIN;
183 break;
184 }
185 msleep(1 << i);
186 continue;
187 }
188 if (rc < 0)
189 break;
190
191 if (rc == total_len) {
192 total_len = 0;
193 break;
194 } else if (rc > total_len) {
195 cERROR(1, "sent %d requested %d", rc, total_len);
196 break;
197 }
198 if (rc == 0) {
199 /* should never happen, letting socket clear before
200 retrying is our only obvious option here */
201 cERROR(1, "tcp sent no data");
202 msleep(500);
203 continue;
204 }
205 total_len -= rc;
206 /* the line below resets i */
207 for (i = first_vec; i < n_vec; i++) {
208 if (iov[i].iov_len) {
209 if (rc > iov[i].iov_len) {
210 rc -= iov[i].iov_len;
211 iov[i].iov_len = 0;
212 } else {
213 iov[i].iov_base += rc;
214 iov[i].iov_len -= rc;
215 first_vec = i;
216 break;
217 }
218 }
219 }
220 i = 0; /* in case we get ENOSPC on the next send */
221 }
222
223 if ((total_len > 0) && (total_len != smb_buf_length + 4)) {
224 cFYI(1, "partial send (%d remaining), terminating session",
225 total_len);
226 /* If we have only sent part of an SMB then the next SMB
227 could be taken as the remainder of this one. We need
228 to kill the socket so the server throws away the partial
229 SMB */
230 server->tcpStatus = CifsNeedReconnect;
231 }
232
233 if (rc < 0 && rc != -EINTR)
234 cERROR(1, "Error %d sending data on socket to server", rc);
235 else
236 rc = 0;
237
238 /* Don't want to modify the buffer as a side effect of this call. */
239 *buf_len = cpu_to_be32(smb_buf_length);
240
241 return rc;
242}
243
244int
245smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer,
246 unsigned int smb_buf_length)
247{
248 struct kvec iov;
249
250 iov.iov_base = smb_buffer;
251 iov.iov_len = smb_buf_length + 4;
252
253 return smb_sendv(server, &iov, 1);
254}
255
256static int
257wait_for_free_credits(struct TCP_Server_Info *server, const int optype,
258 int *credits)
259{
260 int rc;
261
262 spin_lock(&server->req_lock);
263 if (optype == CIFS_ASYNC_OP) {
264 /* oplock breaks must not be held up */
265 server->in_flight++;
266 *credits -= 1;
267 spin_unlock(&server->req_lock);
268 return 0;
269 }
270
271 while (1) {
272 if (*credits <= 0) {
273 spin_unlock(&server->req_lock);
274 cifs_num_waiters_inc(server);
275 rc = wait_event_killable(server->request_q,
276 has_credits(server, credits));
277 cifs_num_waiters_dec(server);
278 if (rc)
279 return rc;
280 spin_lock(&server->req_lock);
281 } else {
282 if (server->tcpStatus == CifsExiting) {
283 spin_unlock(&server->req_lock);
284 return -ENOENT;
285 }
286
287 /*
288 * Can not count locking commands against total
289 * as they are allowed to block on server.
290 */
291
292 /* update # of requests on the wire to server */
293 if (optype != CIFS_BLOCKING_OP) {
294 *credits -= 1;
295 server->in_flight++;
296 }
297 spin_unlock(&server->req_lock);
298 break;
299 }
300 }
301 return 0;
302}
303
304static int
305wait_for_free_request(struct TCP_Server_Info *server, const int optype)
306{
307 return wait_for_free_credits(server, optype,
308 server->ops->get_credits_field(server));
309}
310
311static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf,
312 struct mid_q_entry **ppmidQ)
313{
314 if (ses->server->tcpStatus == CifsExiting) {
315 return -ENOENT;
316 }
317
318 if (ses->server->tcpStatus == CifsNeedReconnect) {
319 cFYI(1, "tcp session dead - return to caller to retry");
320 return -EAGAIN;
321 }
322
323 if (ses->status != CifsGood) {
324 /* check if SMB session is bad because we are setting it up */
325 if ((in_buf->Command != SMB_COM_SESSION_SETUP_ANDX) &&
326 (in_buf->Command != SMB_COM_NEGOTIATE))
327 return -EAGAIN;
328 /* else ok - we are setting up session */
329 }
330 *ppmidQ = AllocMidQEntry(in_buf, ses->server);
331 if (*ppmidQ == NULL)
332 return -ENOMEM;
333 spin_lock(&GlobalMid_Lock);
334 list_add_tail(&(*ppmidQ)->qhead, &ses->server->pending_mid_q);
335 spin_unlock(&GlobalMid_Lock);
336 return 0;
337}
338
339static int
340wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ)
341{
342 int error;
343
344 error = wait_event_freezekillable(server->response_q,
345 midQ->mid_state != MID_REQUEST_SUBMITTED);
346 if (error < 0)
347 return -ERESTARTSYS;
348
349 return 0;
350}
351
352static int
353cifs_setup_async_request(struct TCP_Server_Info *server, struct kvec *iov,
354 unsigned int nvec, struct mid_q_entry **ret_mid)
355{
356 int rc;
357 struct smb_hdr *hdr = (struct smb_hdr *)iov[0].iov_base;
358 struct mid_q_entry *mid;
359
360 /* enable signing if server requires it */
361 if (server->sec_mode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
362 hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
363
364 mid = AllocMidQEntry(hdr, server);
365 if (mid == NULL)
366 return -ENOMEM;
367
368 rc = cifs_sign_smb2(iov, nvec, server, &mid->sequence_number);
369 if (rc) {
370 DeleteMidQEntry(mid);
371 return rc;
372 }
373
374 *ret_mid = mid;
375 return 0;
376}
377
378/*
379 * Send a SMB request and set the callback function in the mid to handle
380 * the result. Caller is responsible for dealing with timeouts.
381 */
382int
383cifs_call_async(struct TCP_Server_Info *server, struct kvec *iov,
384 unsigned int nvec, mid_receive_t *receive,
385 mid_callback_t *callback, void *cbdata, bool ignore_pend)
386{
387 int rc;
388 struct mid_q_entry *mid;
389
390 rc = wait_for_free_request(server, ignore_pend ? CIFS_ASYNC_OP : 0);
391 if (rc)
392 return rc;
393
394 mutex_lock(&server->srv_mutex);
395 rc = cifs_setup_async_request(server, iov, nvec, &mid);
396 if (rc) {
397 mutex_unlock(&server->srv_mutex);
398 add_credits(server, 1);
399 wake_up(&server->request_q);
400 return rc;
401 }
402
403 mid->receive = receive;
404 mid->callback = callback;
405 mid->callback_data = cbdata;
406 mid->mid_state = MID_REQUEST_SUBMITTED;
407
408 /* put it on the pending_mid_q */
409 spin_lock(&GlobalMid_Lock);
410 list_add_tail(&mid->qhead, &server->pending_mid_q);
411 spin_unlock(&GlobalMid_Lock);
412
413
414 cifs_in_send_inc(server);
415 rc = smb_sendv(server, iov, nvec);
416 cifs_in_send_dec(server);
417 cifs_save_when_sent(mid);
418 mutex_unlock(&server->srv_mutex);
419
420 if (rc == 0)
421 return 0;
422
423 delete_mid(mid);
424 add_credits(server, 1);
425 wake_up(&server->request_q);
426 return rc;
427}
428
429/*
430 *
431 * Send an SMB Request. No response info (other than return code)
432 * needs to be parsed.
433 *
434 * flags indicate the type of request buffer and how long to wait
435 * and whether to log NT STATUS code (error) before mapping it to POSIX error
436 *
437 */
438int
439SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses,
440 char *in_buf, int flags)
441{
442 int rc;
443 struct kvec iov[1];
444 int resp_buf_type;
445
446 iov[0].iov_base = in_buf;
447 iov[0].iov_len = get_rfc1002_length(in_buf) + 4;
448 flags |= CIFS_NO_RESP;
449 rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags);
450 cFYI(DBG2, "SendRcvNoRsp flags %d rc %d", flags, rc);
451
452 return rc;
453}
454
455static int
456cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server)
457{
458 int rc = 0;
459
460 cFYI(1, "%s: cmd=%d mid=%llu state=%d", __func__,
461 le16_to_cpu(mid->command), mid->mid, mid->mid_state);
462
463 spin_lock(&GlobalMid_Lock);
464 switch (mid->mid_state) {
465 case MID_RESPONSE_RECEIVED:
466 spin_unlock(&GlobalMid_Lock);
467 return rc;
468 case MID_RETRY_NEEDED:
469 rc = -EAGAIN;
470 break;
471 case MID_RESPONSE_MALFORMED:
472 rc = -EIO;
473 break;
474 case MID_SHUTDOWN:
475 rc = -EHOSTDOWN;
476 break;
477 default:
478 list_del_init(&mid->qhead);
479 cERROR(1, "%s: invalid mid state mid=%llu state=%d", __func__,
480 mid->mid, mid->mid_state);
481 rc = -EIO;
482 }
483 spin_unlock(&GlobalMid_Lock);
484
485 DeleteMidQEntry(mid);
486 return rc;
487}
488
489static inline int
490send_cancel(struct TCP_Server_Info *server, void *buf, struct mid_q_entry *mid)
491{
492 return server->ops->send_cancel ?
493 server->ops->send_cancel(server, buf, mid) : 0;
494}
495
496int
497cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
498 bool log_error)
499{
500 unsigned int len = get_rfc1002_length(mid->resp_buf) + 4;
501
502 dump_smb(mid->resp_buf, min_t(u32, 92, len));
503
504 /* convert the length into a more usable form */
505 if (server->sec_mode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) {
506 struct kvec iov;
507
508 iov.iov_base = mid->resp_buf;
509 iov.iov_len = len;
510 /* FIXME: add code to kill session */
511 if (cifs_verify_signature(&iov, 1, server,
512 mid->sequence_number + 1) != 0)
513 cERROR(1, "Unexpected SMB signature");
514 }
515
516 /* BB special case reconnect tid and uid here? */
517 return map_smb_to_linux_error(mid->resp_buf, log_error);
518}
519
520int
521cifs_setup_request(struct cifs_ses *ses, struct kvec *iov,
522 unsigned int nvec, struct mid_q_entry **ret_mid)
523{
524 int rc;
525 struct smb_hdr *hdr = (struct smb_hdr *)iov[0].iov_base;
526 struct mid_q_entry *mid;
527
528 rc = allocate_mid(ses, hdr, &mid);
529 if (rc)
530 return rc;
531 rc = cifs_sign_smb2(iov, nvec, ses->server, &mid->sequence_number);
532 if (rc)
533 delete_mid(mid);
534 *ret_mid = mid;
535 return rc;
536}
537
538int
539SendReceive2(const unsigned int xid, struct cifs_ses *ses,
540 struct kvec *iov, int n_vec, int *pRespBufType /* ret */,
541 const int flags)
542{
543 int rc = 0;
544 int long_op;
545 struct mid_q_entry *midQ;
546 char *buf = iov[0].iov_base;
547
548 long_op = flags & CIFS_TIMEOUT_MASK;
549
550 *pRespBufType = CIFS_NO_BUFFER; /* no response buf yet */
551
552 if ((ses == NULL) || (ses->server == NULL)) {
553 cifs_small_buf_release(buf);
554 cERROR(1, "Null session");
555 return -EIO;
556 }
557
558 if (ses->server->tcpStatus == CifsExiting) {
559 cifs_small_buf_release(buf);
560 return -ENOENT;
561 }
562
563 /*
564 * Ensure that we do not send more than 50 overlapping requests
565 * to the same server. We may make this configurable later or
566 * use ses->maxReq.
567 */
568
569 rc = wait_for_free_request(ses->server, long_op);
570 if (rc) {
571 cifs_small_buf_release(buf);
572 return rc;
573 }
574
575 /*
576 * Make sure that we sign in the same order that we send on this socket
577 * and avoid races inside tcp sendmsg code that could cause corruption
578 * of smb data.
579 */
580
581 mutex_lock(&ses->server->srv_mutex);
582
583 rc = ses->server->ops->setup_request(ses, iov, n_vec, &midQ);
584 if (rc) {
585 mutex_unlock(&ses->server->srv_mutex);
586 cifs_small_buf_release(buf);
587 /* Update # of requests on wire to server */
588 add_credits(ses->server, 1);
589 return rc;
590 }
591
592 midQ->mid_state = MID_REQUEST_SUBMITTED;
593 cifs_in_send_inc(ses->server);
594 rc = smb_sendv(ses->server, iov, n_vec);
595 cifs_in_send_dec(ses->server);
596 cifs_save_when_sent(midQ);
597
598 mutex_unlock(&ses->server->srv_mutex);
599
600 if (rc < 0) {
601 cifs_small_buf_release(buf);
602 goto out;
603 }
604
605 if (long_op == CIFS_ASYNC_OP) {
606 cifs_small_buf_release(buf);
607 goto out;
608 }
609
610 rc = wait_for_response(ses->server, midQ);
611 if (rc != 0) {
612 send_cancel(ses->server, buf, midQ);
613 spin_lock(&GlobalMid_Lock);
614 if (midQ->mid_state == MID_REQUEST_SUBMITTED) {
615 midQ->callback = DeleteMidQEntry;
616 spin_unlock(&GlobalMid_Lock);
617 cifs_small_buf_release(buf);
618 add_credits(ses->server, 1);
619 return rc;
620 }
621 spin_unlock(&GlobalMid_Lock);
622 }
623
624 cifs_small_buf_release(buf);
625
626 rc = cifs_sync_mid_result(midQ, ses->server);
627 if (rc != 0) {
628 add_credits(ses->server, 1);
629 return rc;
630 }
631
632 if (!midQ->resp_buf || midQ->mid_state != MID_RESPONSE_RECEIVED) {
633 rc = -EIO;
634 cFYI(1, "Bad MID state?");
635 goto out;
636 }
637
638 buf = (char *)midQ->resp_buf;
639 iov[0].iov_base = buf;
640 iov[0].iov_len = get_rfc1002_length(buf) + 4;
641 if (midQ->large_buf)
642 *pRespBufType = CIFS_LARGE_BUFFER;
643 else
644 *pRespBufType = CIFS_SMALL_BUFFER;
645
646 rc = ses->server->ops->check_receive(midQ, ses->server,
647 flags & CIFS_LOG_ERROR);
648
649 /* mark it so buf will not be freed by delete_mid */
650 if ((flags & CIFS_NO_RESP) == 0)
651 midQ->resp_buf = NULL;
652out:
653 delete_mid(midQ);
654 add_credits(ses->server, 1);
655
656 return rc;
657}
658
659int
660SendReceive(const unsigned int xid, struct cifs_ses *ses,
661 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
662 int *pbytes_returned, const int long_op)
663{
664 int rc = 0;
665 struct mid_q_entry *midQ;
666
667 if (ses == NULL) {
668 cERROR(1, "Null smb session");
669 return -EIO;
670 }
671 if (ses->server == NULL) {
672 cERROR(1, "Null tcp session");
673 return -EIO;
674 }
675
676 if (ses->server->tcpStatus == CifsExiting)
677 return -ENOENT;
678
679 /* Ensure that we do not send more than 50 overlapping requests
680 to the same server. We may make this configurable later or
681 use ses->maxReq */
682
683 if (be32_to_cpu(in_buf->smb_buf_length) > CIFSMaxBufSize +
684 MAX_CIFS_HDR_SIZE - 4) {
685 cERROR(1, "Illegal length, greater than maximum frame, %d",
686 be32_to_cpu(in_buf->smb_buf_length));
687 return -EIO;
688 }
689
690 rc = wait_for_free_request(ses->server, long_op);
691 if (rc)
692 return rc;
693
694 /* make sure that we sign in the same order that we send on this socket
695 and avoid races inside tcp sendmsg code that could cause corruption
696 of smb data */
697
698 mutex_lock(&ses->server->srv_mutex);
699
700 rc = allocate_mid(ses, in_buf, &midQ);
701 if (rc) {
702 mutex_unlock(&ses->server->srv_mutex);
703 /* Update # of requests on wire to server */
704 add_credits(ses->server, 1);
705 return rc;
706 }
707
708 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
709 if (rc) {
710 mutex_unlock(&ses->server->srv_mutex);
711 goto out;
712 }
713
714 midQ->mid_state = MID_REQUEST_SUBMITTED;
715
716 cifs_in_send_inc(ses->server);
717 rc = smb_send(ses->server, in_buf, be32_to_cpu(in_buf->smb_buf_length));
718 cifs_in_send_dec(ses->server);
719 cifs_save_when_sent(midQ);
720 mutex_unlock(&ses->server->srv_mutex);
721
722 if (rc < 0)
723 goto out;
724
725 if (long_op == CIFS_ASYNC_OP)
726 goto out;
727
728 rc = wait_for_response(ses->server, midQ);
729 if (rc != 0) {
730 send_cancel(ses->server, in_buf, midQ);
731 spin_lock(&GlobalMid_Lock);
732 if (midQ->mid_state == MID_REQUEST_SUBMITTED) {
733 /* no longer considered to be "in-flight" */
734 midQ->callback = DeleteMidQEntry;
735 spin_unlock(&GlobalMid_Lock);
736 add_credits(ses->server, 1);
737 return rc;
738 }
739 spin_unlock(&GlobalMid_Lock);
740 }
741
742 rc = cifs_sync_mid_result(midQ, ses->server);
743 if (rc != 0) {
744 add_credits(ses->server, 1);
745 return rc;
746 }
747
748 if (!midQ->resp_buf || !out_buf ||
749 midQ->mid_state != MID_RESPONSE_RECEIVED) {
750 rc = -EIO;
751 cERROR(1, "Bad MID state?");
752 goto out;
753 }
754
755 *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
756 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
757 rc = cifs_check_receive(midQ, ses->server, 0);
758out:
759 delete_mid(midQ);
760 add_credits(ses->server, 1);
761
762 return rc;
763}
764
765/* We send a LOCKINGX_CANCEL_LOCK to cause the Windows
766 blocking lock to return. */
767
768static int
769send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon,
770 struct smb_hdr *in_buf,
771 struct smb_hdr *out_buf)
772{
773 int bytes_returned;
774 struct cifs_ses *ses = tcon->ses;
775 LOCK_REQ *pSMB = (LOCK_REQ *)in_buf;
776
777 /* We just modify the current in_buf to change
778 the type of lock from LOCKING_ANDX_SHARED_LOCK
779 or LOCKING_ANDX_EXCLUSIVE_LOCK to
780 LOCKING_ANDX_CANCEL_LOCK. */
781
782 pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES;
783 pSMB->Timeout = 0;
784 pSMB->hdr.Mid = get_next_mid(ses->server);
785
786 return SendReceive(xid, ses, in_buf, out_buf,
787 &bytes_returned, 0);
788}
789
790int
791SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon,
792 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
793 int *pbytes_returned)
794{
795 int rc = 0;
796 int rstart = 0;
797 struct mid_q_entry *midQ;
798 struct cifs_ses *ses;
799
800 if (tcon == NULL || tcon->ses == NULL) {
801 cERROR(1, "Null smb session");
802 return -EIO;
803 }
804 ses = tcon->ses;
805
806 if (ses->server == NULL) {
807 cERROR(1, "Null tcp session");
808 return -EIO;
809 }
810
811 if (ses->server->tcpStatus == CifsExiting)
812 return -ENOENT;
813
814 /* Ensure that we do not send more than 50 overlapping requests
815 to the same server. We may make this configurable later or
816 use ses->maxReq */
817
818 if (be32_to_cpu(in_buf->smb_buf_length) > CIFSMaxBufSize +
819 MAX_CIFS_HDR_SIZE - 4) {
820 cERROR(1, "Illegal length, greater than maximum frame, %d",
821 be32_to_cpu(in_buf->smb_buf_length));
822 return -EIO;
823 }
824
825 rc = wait_for_free_request(ses->server, CIFS_BLOCKING_OP);
826 if (rc)
827 return rc;
828
829 /* make sure that we sign in the same order that we send on this socket
830 and avoid races inside tcp sendmsg code that could cause corruption
831 of smb data */
832
833 mutex_lock(&ses->server->srv_mutex);
834
835 rc = allocate_mid(ses, in_buf, &midQ);
836 if (rc) {
837 mutex_unlock(&ses->server->srv_mutex);
838 return rc;
839 }
840
841 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
842 if (rc) {
843 delete_mid(midQ);
844 mutex_unlock(&ses->server->srv_mutex);
845 return rc;
846 }
847
848 midQ->mid_state = MID_REQUEST_SUBMITTED;
849 cifs_in_send_inc(ses->server);
850 rc = smb_send(ses->server, in_buf, be32_to_cpu(in_buf->smb_buf_length));
851 cifs_in_send_dec(ses->server);
852 cifs_save_when_sent(midQ);
853 mutex_unlock(&ses->server->srv_mutex);
854
855 if (rc < 0) {
856 delete_mid(midQ);
857 return rc;
858 }
859
860 /* Wait for a reply - allow signals to interrupt. */
861 rc = wait_event_interruptible(ses->server->response_q,
862 (!(midQ->mid_state == MID_REQUEST_SUBMITTED)) ||
863 ((ses->server->tcpStatus != CifsGood) &&
864 (ses->server->tcpStatus != CifsNew)));
865
866 /* Were we interrupted by a signal ? */
867 if ((rc == -ERESTARTSYS) &&
868 (midQ->mid_state == MID_REQUEST_SUBMITTED) &&
869 ((ses->server->tcpStatus == CifsGood) ||
870 (ses->server->tcpStatus == CifsNew))) {
871
872 if (in_buf->Command == SMB_COM_TRANSACTION2) {
873 /* POSIX lock. We send a NT_CANCEL SMB to cause the
874 blocking lock to return. */
875 rc = send_cancel(ses->server, in_buf, midQ);
876 if (rc) {
877 delete_mid(midQ);
878 return rc;
879 }
880 } else {
881 /* Windows lock. We send a LOCKINGX_CANCEL_LOCK
882 to cause the blocking lock to return. */
883
884 rc = send_lock_cancel(xid, tcon, in_buf, out_buf);
885
886 /* If we get -ENOLCK back the lock may have
887 already been removed. Don't exit in this case. */
888 if (rc && rc != -ENOLCK) {
889 delete_mid(midQ);
890 return rc;
891 }
892 }
893
894 rc = wait_for_response(ses->server, midQ);
895 if (rc) {
896 send_cancel(ses->server, in_buf, midQ);
897 spin_lock(&GlobalMid_Lock);
898 if (midQ->mid_state == MID_REQUEST_SUBMITTED) {
899 /* no longer considered to be "in-flight" */
900 midQ->callback = DeleteMidQEntry;
901 spin_unlock(&GlobalMid_Lock);
902 return rc;
903 }
904 spin_unlock(&GlobalMid_Lock);
905 }
906
907 /* We got the response - restart system call. */
908 rstart = 1;
909 }
910
911 rc = cifs_sync_mid_result(midQ, ses->server);
912 if (rc != 0)
913 return rc;
914
915 /* rcvd frame is ok */
916 if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_RECEIVED) {
917 rc = -EIO;
918 cERROR(1, "Bad MID state?");
919 goto out;
920 }
921
922 *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
923 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
924 rc = cifs_check_receive(midQ, ses->server, 0);
925out:
926 delete_mid(midQ);
927 if (rstart && rc == -EACCES)
928 return -ERESTARTSYS;
929 return rc;
930}
1/*
2 * fs/cifs/transport.c
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 * Jeremy Allison (jra@samba.org) 2006.
7 *
8 * This library is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU Lesser General Public License as published
10 * by the Free Software Foundation; either version 2.1 of the License, or
11 * (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
16 * the GNU Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this library; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
22
23#include <linux/fs.h>
24#include <linux/list.h>
25#include <linux/gfp.h>
26#include <linux/wait.h>
27#include <linux/net.h>
28#include <linux/delay.h>
29#include <linux/freezer.h>
30#include <linux/tcp.h>
31#include <linux/highmem.h>
32#include <asm/uaccess.h>
33#include <asm/processor.h>
34#include <linux/mempool.h>
35#include "cifspdu.h"
36#include "cifsglob.h"
37#include "cifsproto.h"
38#include "cifs_debug.h"
39
40void
41cifs_wake_up_task(struct mid_q_entry *mid)
42{
43 wake_up_process(mid->callback_data);
44}
45
46struct mid_q_entry *
47AllocMidQEntry(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server)
48{
49 struct mid_q_entry *temp;
50
51 if (server == NULL) {
52 cifs_dbg(VFS, "Null TCP session in AllocMidQEntry\n");
53 return NULL;
54 }
55
56 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
57 if (temp == NULL)
58 return temp;
59 else {
60 memset(temp, 0, sizeof(struct mid_q_entry));
61 temp->mid = get_mid(smb_buffer);
62 temp->pid = current->pid;
63 temp->command = cpu_to_le16(smb_buffer->Command);
64 cifs_dbg(FYI, "For smb_command %d\n", smb_buffer->Command);
65 /* do_gettimeofday(&temp->when_sent);*/ /* easier to use jiffies */
66 /* when mid allocated can be before when sent */
67 temp->when_alloc = jiffies;
68 temp->server = server;
69
70 /*
71 * The default is for the mid to be synchronous, so the
72 * default callback just wakes up the current task.
73 */
74 temp->callback = cifs_wake_up_task;
75 temp->callback_data = current;
76 }
77
78 atomic_inc(&midCount);
79 temp->mid_state = MID_REQUEST_ALLOCATED;
80 return temp;
81}
82
83void
84DeleteMidQEntry(struct mid_q_entry *midEntry)
85{
86#ifdef CONFIG_CIFS_STATS2
87 __le16 command = midEntry->server->vals->lock_cmd;
88 unsigned long now;
89#endif
90 midEntry->mid_state = MID_FREE;
91 atomic_dec(&midCount);
92 if (midEntry->large_buf)
93 cifs_buf_release(midEntry->resp_buf);
94 else
95 cifs_small_buf_release(midEntry->resp_buf);
96#ifdef CONFIG_CIFS_STATS2
97 now = jiffies;
98 /* commands taking longer than one second are indications that
99 something is wrong, unless it is quite a slow link or server */
100 if ((now - midEntry->when_alloc) > HZ) {
101 if ((cifsFYI & CIFS_TIMER) && (midEntry->command != command)) {
102 printk(KERN_DEBUG " CIFS slow rsp: cmd %d mid %llu",
103 midEntry->command, midEntry->mid);
104 printk(" A: 0x%lx S: 0x%lx R: 0x%lx\n",
105 now - midEntry->when_alloc,
106 now - midEntry->when_sent,
107 now - midEntry->when_received);
108 }
109 }
110#endif
111 mempool_free(midEntry, cifs_mid_poolp);
112}
113
114void
115cifs_delete_mid(struct mid_q_entry *mid)
116{
117 spin_lock(&GlobalMid_Lock);
118 list_del(&mid->qhead);
119 spin_unlock(&GlobalMid_Lock);
120
121 DeleteMidQEntry(mid);
122}
123
124/*
125 * smb_send_kvec - send an array of kvecs to the server
126 * @server: Server to send the data to
127 * @iov: Pointer to array of kvecs
128 * @n_vec: length of kvec array
129 * @sent: amount of data sent on socket is stored here
130 *
131 * Our basic "send data to server" function. Should be called with srv_mutex
132 * held. The caller is responsible for handling the results.
133 */
134static int
135smb_send_kvec(struct TCP_Server_Info *server, struct kvec *iov, size_t n_vec,
136 size_t *sent)
137{
138 int rc = 0;
139 int i = 0;
140 struct msghdr smb_msg;
141 unsigned int remaining;
142 size_t first_vec = 0;
143 struct socket *ssocket = server->ssocket;
144
145 *sent = 0;
146
147 smb_msg.msg_name = (struct sockaddr *) &server->dstaddr;
148 smb_msg.msg_namelen = sizeof(struct sockaddr);
149 smb_msg.msg_control = NULL;
150 smb_msg.msg_controllen = 0;
151 if (server->noblocksnd)
152 smb_msg.msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL;
153 else
154 smb_msg.msg_flags = MSG_NOSIGNAL;
155
156 remaining = 0;
157 for (i = 0; i < n_vec; i++)
158 remaining += iov[i].iov_len;
159
160 i = 0;
161 while (remaining) {
162 /*
163 * If blocking send, we try 3 times, since each can block
164 * for 5 seconds. For nonblocking we have to try more
165 * but wait increasing amounts of time allowing time for
166 * socket to clear. The overall time we wait in either
167 * case to send on the socket is about 15 seconds.
168 * Similarly we wait for 15 seconds for a response from
169 * the server in SendReceive[2] for the server to send
170 * a response back for most types of requests (except
171 * SMB Write past end of file which can be slow, and
172 * blocking lock operations). NFS waits slightly longer
173 * than CIFS, but this can make it take longer for
174 * nonresponsive servers to be detected and 15 seconds
175 * is more than enough time for modern networks to
176 * send a packet. In most cases if we fail to send
177 * after the retries we will kill the socket and
178 * reconnect which may clear the network problem.
179 */
180 rc = kernel_sendmsg(ssocket, &smb_msg, &iov[first_vec],
181 n_vec - first_vec, remaining);
182 if (rc == -EAGAIN) {
183 i++;
184 if (i >= 14 || (!server->noblocksnd && (i > 2))) {
185 cifs_dbg(VFS, "sends on sock %p stuck for 15 seconds\n",
186 ssocket);
187 rc = -EAGAIN;
188 break;
189 }
190 msleep(1 << i);
191 continue;
192 }
193
194 if (rc < 0)
195 break;
196
197 /* send was at least partially successful */
198 *sent += rc;
199
200 if (rc == remaining) {
201 remaining = 0;
202 break;
203 }
204
205 if (rc > remaining) {
206 cifs_dbg(VFS, "sent %d requested %d\n", rc, remaining);
207 break;
208 }
209
210 if (rc == 0) {
211 /* should never happen, letting socket clear before
212 retrying is our only obvious option here */
213 cifs_dbg(VFS, "tcp sent no data\n");
214 msleep(500);
215 continue;
216 }
217
218 remaining -= rc;
219
220 /* the line below resets i */
221 for (i = first_vec; i < n_vec; i++) {
222 if (iov[i].iov_len) {
223 if (rc > iov[i].iov_len) {
224 rc -= iov[i].iov_len;
225 iov[i].iov_len = 0;
226 } else {
227 iov[i].iov_base += rc;
228 iov[i].iov_len -= rc;
229 first_vec = i;
230 break;
231 }
232 }
233 }
234
235 i = 0; /* in case we get ENOSPC on the next send */
236 rc = 0;
237 }
238 return rc;
239}
240
241/**
242 * rqst_page_to_kvec - Turn a slot in the smb_rqst page array into a kvec
243 * @rqst: pointer to smb_rqst
244 * @idx: index into the array of the page
245 * @iov: pointer to struct kvec that will hold the result
246 *
247 * Helper function to convert a slot in the rqst->rq_pages array into a kvec.
248 * The page will be kmapped and the address placed into iov_base. The length
249 * will then be adjusted according to the ptailoff.
250 */
251void
252cifs_rqst_page_to_kvec(struct smb_rqst *rqst, unsigned int idx,
253 struct kvec *iov)
254{
255 /*
256 * FIXME: We could avoid this kmap altogether if we used
257 * kernel_sendpage instead of kernel_sendmsg. That will only
258 * work if signing is disabled though as sendpage inlines the
259 * page directly into the fraglist. If userspace modifies the
260 * page after we calculate the signature, then the server will
261 * reject it and may break the connection. kernel_sendmsg does
262 * an extra copy of the data and avoids that issue.
263 */
264 iov->iov_base = kmap(rqst->rq_pages[idx]);
265
266 /* if last page, don't send beyond this offset into page */
267 if (idx == (rqst->rq_npages - 1))
268 iov->iov_len = rqst->rq_tailsz;
269 else
270 iov->iov_len = rqst->rq_pagesz;
271}
272
273static unsigned long
274rqst_len(struct smb_rqst *rqst)
275{
276 unsigned int i;
277 struct kvec *iov = rqst->rq_iov;
278 unsigned long buflen = 0;
279
280 /* total up iov array first */
281 for (i = 0; i < rqst->rq_nvec; i++)
282 buflen += iov[i].iov_len;
283
284 /* add in the page array if there is one */
285 if (rqst->rq_npages) {
286 buflen += rqst->rq_pagesz * (rqst->rq_npages - 1);
287 buflen += rqst->rq_tailsz;
288 }
289
290 return buflen;
291}
292
293static int
294smb_send_rqst(struct TCP_Server_Info *server, struct smb_rqst *rqst)
295{
296 int rc;
297 struct kvec *iov = rqst->rq_iov;
298 int n_vec = rqst->rq_nvec;
299 unsigned int smb_buf_length = get_rfc1002_length(iov[0].iov_base);
300 unsigned long send_length;
301 unsigned int i;
302 size_t total_len = 0, sent;
303 struct socket *ssocket = server->ssocket;
304 int val = 1;
305
306 if (ssocket == NULL)
307 return -ENOTSOCK;
308
309 /* sanity check send length */
310 send_length = rqst_len(rqst);
311 if (send_length != smb_buf_length + 4) {
312 WARN(1, "Send length mismatch(send_length=%lu smb_buf_length=%u)\n",
313 send_length, smb_buf_length);
314 return -EIO;
315 }
316
317 cifs_dbg(FYI, "Sending smb: smb_len=%u\n", smb_buf_length);
318 dump_smb(iov[0].iov_base, iov[0].iov_len);
319
320 /* cork the socket */
321 kernel_setsockopt(ssocket, SOL_TCP, TCP_CORK,
322 (char *)&val, sizeof(val));
323
324 rc = smb_send_kvec(server, iov, n_vec, &sent);
325 if (rc < 0)
326 goto uncork;
327
328 total_len += sent;
329
330 /* now walk the page array and send each page in it */
331 for (i = 0; i < rqst->rq_npages; i++) {
332 struct kvec p_iov;
333
334 cifs_rqst_page_to_kvec(rqst, i, &p_iov);
335 rc = smb_send_kvec(server, &p_iov, 1, &sent);
336 kunmap(rqst->rq_pages[i]);
337 if (rc < 0)
338 break;
339
340 total_len += sent;
341 }
342
343uncork:
344 /* uncork it */
345 val = 0;
346 kernel_setsockopt(ssocket, SOL_TCP, TCP_CORK,
347 (char *)&val, sizeof(val));
348
349 if ((total_len > 0) && (total_len != smb_buf_length + 4)) {
350 cifs_dbg(FYI, "partial send (wanted=%u sent=%zu): terminating session\n",
351 smb_buf_length + 4, total_len);
352 /*
353 * If we have only sent part of an SMB then the next SMB could
354 * be taken as the remainder of this one. We need to kill the
355 * socket so the server throws away the partial SMB
356 */
357 server->tcpStatus = CifsNeedReconnect;
358 }
359
360 if (rc < 0 && rc != -EINTR)
361 cifs_dbg(VFS, "Error %d sending data on socket to server\n",
362 rc);
363 else
364 rc = 0;
365
366 return rc;
367}
368
369static int
370smb_sendv(struct TCP_Server_Info *server, struct kvec *iov, int n_vec)
371{
372 struct smb_rqst rqst = { .rq_iov = iov,
373 .rq_nvec = n_vec };
374
375 return smb_send_rqst(server, &rqst);
376}
377
378int
379smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer,
380 unsigned int smb_buf_length)
381{
382 struct kvec iov;
383
384 iov.iov_base = smb_buffer;
385 iov.iov_len = smb_buf_length + 4;
386
387 return smb_sendv(server, &iov, 1);
388}
389
390static int
391wait_for_free_credits(struct TCP_Server_Info *server, const int timeout,
392 int *credits)
393{
394 int rc;
395
396 spin_lock(&server->req_lock);
397 if (timeout == CIFS_ASYNC_OP) {
398 /* oplock breaks must not be held up */
399 server->in_flight++;
400 *credits -= 1;
401 spin_unlock(&server->req_lock);
402 return 0;
403 }
404
405 while (1) {
406 if (*credits <= 0) {
407 spin_unlock(&server->req_lock);
408 cifs_num_waiters_inc(server);
409 rc = wait_event_killable(server->request_q,
410 has_credits(server, credits));
411 cifs_num_waiters_dec(server);
412 if (rc)
413 return rc;
414 spin_lock(&server->req_lock);
415 } else {
416 if (server->tcpStatus == CifsExiting) {
417 spin_unlock(&server->req_lock);
418 return -ENOENT;
419 }
420
421 /*
422 * Can not count locking commands against total
423 * as they are allowed to block on server.
424 */
425
426 /* update # of requests on the wire to server */
427 if (timeout != CIFS_BLOCKING_OP) {
428 *credits -= 1;
429 server->in_flight++;
430 }
431 spin_unlock(&server->req_lock);
432 break;
433 }
434 }
435 return 0;
436}
437
438static int
439wait_for_free_request(struct TCP_Server_Info *server, const int timeout,
440 const int optype)
441{
442 int *val;
443
444 val = server->ops->get_credits_field(server, optype);
445 /* Since an echo is already inflight, no need to wait to send another */
446 if (*val <= 0 && optype == CIFS_ECHO_OP)
447 return -EAGAIN;
448 return wait_for_free_credits(server, timeout, val);
449}
450
451static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf,
452 struct mid_q_entry **ppmidQ)
453{
454 if (ses->server->tcpStatus == CifsExiting) {
455 return -ENOENT;
456 }
457
458 if (ses->server->tcpStatus == CifsNeedReconnect) {
459 cifs_dbg(FYI, "tcp session dead - return to caller to retry\n");
460 return -EAGAIN;
461 }
462
463 if (ses->status == CifsNew) {
464 if ((in_buf->Command != SMB_COM_SESSION_SETUP_ANDX) &&
465 (in_buf->Command != SMB_COM_NEGOTIATE))
466 return -EAGAIN;
467 /* else ok - we are setting up session */
468 }
469
470 if (ses->status == CifsExiting) {
471 /* check if SMB session is bad because we are setting it up */
472 if (in_buf->Command != SMB_COM_LOGOFF_ANDX)
473 return -EAGAIN;
474 /* else ok - we are shutting down session */
475 }
476
477 *ppmidQ = AllocMidQEntry(in_buf, ses->server);
478 if (*ppmidQ == NULL)
479 return -ENOMEM;
480 spin_lock(&GlobalMid_Lock);
481 list_add_tail(&(*ppmidQ)->qhead, &ses->server->pending_mid_q);
482 spin_unlock(&GlobalMid_Lock);
483 return 0;
484}
485
486static int
487wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ)
488{
489 int error;
490
491 error = wait_event_freezekillable_unsafe(server->response_q,
492 midQ->mid_state != MID_REQUEST_SUBMITTED);
493 if (error < 0)
494 return -ERESTARTSYS;
495
496 return 0;
497}
498
499struct mid_q_entry *
500cifs_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
501{
502 int rc;
503 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
504 struct mid_q_entry *mid;
505
506 /* enable signing if server requires it */
507 if (server->sign)
508 hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
509
510 mid = AllocMidQEntry(hdr, server);
511 if (mid == NULL)
512 return ERR_PTR(-ENOMEM);
513
514 rc = cifs_sign_rqst(rqst, server, &mid->sequence_number);
515 if (rc) {
516 DeleteMidQEntry(mid);
517 return ERR_PTR(rc);
518 }
519
520 return mid;
521}
522
523/*
524 * Send a SMB request and set the callback function in the mid to handle
525 * the result. Caller is responsible for dealing with timeouts.
526 */
527int
528cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst,
529 mid_receive_t *receive, mid_callback_t *callback,
530 void *cbdata, const int flags)
531{
532 int rc, timeout, optype;
533 struct mid_q_entry *mid;
534
535 timeout = flags & CIFS_TIMEOUT_MASK;
536 optype = flags & CIFS_OP_MASK;
537
538 rc = wait_for_free_request(server, timeout, optype);
539 if (rc)
540 return rc;
541
542 mutex_lock(&server->srv_mutex);
543 mid = server->ops->setup_async_request(server, rqst);
544 if (IS_ERR(mid)) {
545 mutex_unlock(&server->srv_mutex);
546 add_credits(server, 1, optype);
547 wake_up(&server->request_q);
548 return PTR_ERR(mid);
549 }
550
551 mid->receive = receive;
552 mid->callback = callback;
553 mid->callback_data = cbdata;
554 mid->mid_state = MID_REQUEST_SUBMITTED;
555
556 /* put it on the pending_mid_q */
557 spin_lock(&GlobalMid_Lock);
558 list_add_tail(&mid->qhead, &server->pending_mid_q);
559 spin_unlock(&GlobalMid_Lock);
560
561
562 cifs_in_send_inc(server);
563 rc = smb_send_rqst(server, rqst);
564 cifs_in_send_dec(server);
565 cifs_save_when_sent(mid);
566
567 if (rc < 0)
568 server->sequence_number -= 2;
569 mutex_unlock(&server->srv_mutex);
570
571 if (rc == 0)
572 return 0;
573
574 cifs_delete_mid(mid);
575 add_credits(server, 1, optype);
576 wake_up(&server->request_q);
577 return rc;
578}
579
580/*
581 *
582 * Send an SMB Request. No response info (other than return code)
583 * needs to be parsed.
584 *
585 * flags indicate the type of request buffer and how long to wait
586 * and whether to log NT STATUS code (error) before mapping it to POSIX error
587 *
588 */
589int
590SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses,
591 char *in_buf, int flags)
592{
593 int rc;
594 struct kvec iov[1];
595 int resp_buf_type;
596
597 iov[0].iov_base = in_buf;
598 iov[0].iov_len = get_rfc1002_length(in_buf) + 4;
599 flags |= CIFS_NO_RESP;
600 rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags);
601 cifs_dbg(NOISY, "SendRcvNoRsp flags %d rc %d\n", flags, rc);
602
603 return rc;
604}
605
606static int
607cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server)
608{
609 int rc = 0;
610
611 cifs_dbg(FYI, "%s: cmd=%d mid=%llu state=%d\n",
612 __func__, le16_to_cpu(mid->command), mid->mid, mid->mid_state);
613
614 spin_lock(&GlobalMid_Lock);
615 switch (mid->mid_state) {
616 case MID_RESPONSE_RECEIVED:
617 spin_unlock(&GlobalMid_Lock);
618 return rc;
619 case MID_RETRY_NEEDED:
620 rc = -EAGAIN;
621 break;
622 case MID_RESPONSE_MALFORMED:
623 rc = -EIO;
624 break;
625 case MID_SHUTDOWN:
626 rc = -EHOSTDOWN;
627 break;
628 default:
629 list_del_init(&mid->qhead);
630 cifs_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n",
631 __func__, mid->mid, mid->mid_state);
632 rc = -EIO;
633 }
634 spin_unlock(&GlobalMid_Lock);
635
636 DeleteMidQEntry(mid);
637 return rc;
638}
639
640static inline int
641send_cancel(struct TCP_Server_Info *server, void *buf, struct mid_q_entry *mid)
642{
643 return server->ops->send_cancel ?
644 server->ops->send_cancel(server, buf, mid) : 0;
645}
646
647int
648cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
649 bool log_error)
650{
651 unsigned int len = get_rfc1002_length(mid->resp_buf) + 4;
652
653 dump_smb(mid->resp_buf, min_t(u32, 92, len));
654
655 /* convert the length into a more usable form */
656 if (server->sign) {
657 struct kvec iov;
658 int rc = 0;
659 struct smb_rqst rqst = { .rq_iov = &iov,
660 .rq_nvec = 1 };
661
662 iov.iov_base = mid->resp_buf;
663 iov.iov_len = len;
664 /* FIXME: add code to kill session */
665 rc = cifs_verify_signature(&rqst, server,
666 mid->sequence_number);
667 if (rc)
668 cifs_dbg(VFS, "SMB signature verification returned error = %d\n",
669 rc);
670 }
671
672 /* BB special case reconnect tid and uid here? */
673 return map_smb_to_linux_error(mid->resp_buf, log_error);
674}
675
676struct mid_q_entry *
677cifs_setup_request(struct cifs_ses *ses, struct smb_rqst *rqst)
678{
679 int rc;
680 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
681 struct mid_q_entry *mid;
682
683 rc = allocate_mid(ses, hdr, &mid);
684 if (rc)
685 return ERR_PTR(rc);
686 rc = cifs_sign_rqst(rqst, ses->server, &mid->sequence_number);
687 if (rc) {
688 cifs_delete_mid(mid);
689 return ERR_PTR(rc);
690 }
691 return mid;
692}
693
694int
695SendReceive2(const unsigned int xid, struct cifs_ses *ses,
696 struct kvec *iov, int n_vec, int *resp_buf_type /* ret */,
697 const int flags)
698{
699 int rc = 0;
700 int timeout, optype;
701 struct mid_q_entry *midQ;
702 char *buf = iov[0].iov_base;
703 unsigned int credits = 1;
704 struct smb_rqst rqst = { .rq_iov = iov,
705 .rq_nvec = n_vec };
706
707 timeout = flags & CIFS_TIMEOUT_MASK;
708 optype = flags & CIFS_OP_MASK;
709
710 *resp_buf_type = CIFS_NO_BUFFER; /* no response buf yet */
711
712 if ((ses == NULL) || (ses->server == NULL)) {
713 cifs_small_buf_release(buf);
714 cifs_dbg(VFS, "Null session\n");
715 return -EIO;
716 }
717
718 if (ses->server->tcpStatus == CifsExiting) {
719 cifs_small_buf_release(buf);
720 return -ENOENT;
721 }
722
723 /*
724 * Ensure that we do not send more than 50 overlapping requests
725 * to the same server. We may make this configurable later or
726 * use ses->maxReq.
727 */
728
729 rc = wait_for_free_request(ses->server, timeout, optype);
730 if (rc) {
731 cifs_small_buf_release(buf);
732 return rc;
733 }
734
735 /*
736 * Make sure that we sign in the same order that we send on this socket
737 * and avoid races inside tcp sendmsg code that could cause corruption
738 * of smb data.
739 */
740
741 mutex_lock(&ses->server->srv_mutex);
742
743 midQ = ses->server->ops->setup_request(ses, &rqst);
744 if (IS_ERR(midQ)) {
745 mutex_unlock(&ses->server->srv_mutex);
746 cifs_small_buf_release(buf);
747 /* Update # of requests on wire to server */
748 add_credits(ses->server, 1, optype);
749 return PTR_ERR(midQ);
750 }
751
752 midQ->mid_state = MID_REQUEST_SUBMITTED;
753 cifs_in_send_inc(ses->server);
754 rc = smb_sendv(ses->server, iov, n_vec);
755 cifs_in_send_dec(ses->server);
756 cifs_save_when_sent(midQ);
757
758 if (rc < 0)
759 ses->server->sequence_number -= 2;
760 mutex_unlock(&ses->server->srv_mutex);
761
762 if (rc < 0) {
763 cifs_small_buf_release(buf);
764 goto out;
765 }
766
767 if (timeout == CIFS_ASYNC_OP) {
768 cifs_small_buf_release(buf);
769 goto out;
770 }
771
772 rc = wait_for_response(ses->server, midQ);
773 if (rc != 0) {
774 send_cancel(ses->server, buf, midQ);
775 spin_lock(&GlobalMid_Lock);
776 if (midQ->mid_state == MID_REQUEST_SUBMITTED) {
777 midQ->callback = DeleteMidQEntry;
778 spin_unlock(&GlobalMid_Lock);
779 cifs_small_buf_release(buf);
780 add_credits(ses->server, 1, optype);
781 return rc;
782 }
783 spin_unlock(&GlobalMid_Lock);
784 }
785
786 cifs_small_buf_release(buf);
787
788 rc = cifs_sync_mid_result(midQ, ses->server);
789 if (rc != 0) {
790 add_credits(ses->server, 1, optype);
791 return rc;
792 }
793
794 if (!midQ->resp_buf || midQ->mid_state != MID_RESPONSE_RECEIVED) {
795 rc = -EIO;
796 cifs_dbg(FYI, "Bad MID state?\n");
797 goto out;
798 }
799
800 buf = (char *)midQ->resp_buf;
801 iov[0].iov_base = buf;
802 iov[0].iov_len = get_rfc1002_length(buf) + 4;
803 if (midQ->large_buf)
804 *resp_buf_type = CIFS_LARGE_BUFFER;
805 else
806 *resp_buf_type = CIFS_SMALL_BUFFER;
807
808 credits = ses->server->ops->get_credits(midQ);
809
810 rc = ses->server->ops->check_receive(midQ, ses->server,
811 flags & CIFS_LOG_ERROR);
812
813 /* mark it so buf will not be freed by cifs_delete_mid */
814 if ((flags & CIFS_NO_RESP) == 0)
815 midQ->resp_buf = NULL;
816out:
817 cifs_delete_mid(midQ);
818 add_credits(ses->server, credits, optype);
819
820 return rc;
821}
822
823int
824SendReceive(const unsigned int xid, struct cifs_ses *ses,
825 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
826 int *pbytes_returned, const int timeout)
827{
828 int rc = 0;
829 struct mid_q_entry *midQ;
830
831 if (ses == NULL) {
832 cifs_dbg(VFS, "Null smb session\n");
833 return -EIO;
834 }
835 if (ses->server == NULL) {
836 cifs_dbg(VFS, "Null tcp session\n");
837 return -EIO;
838 }
839
840 if (ses->server->tcpStatus == CifsExiting)
841 return -ENOENT;
842
843 /* Ensure that we do not send more than 50 overlapping requests
844 to the same server. We may make this configurable later or
845 use ses->maxReq */
846
847 if (be32_to_cpu(in_buf->smb_buf_length) > CIFSMaxBufSize +
848 MAX_CIFS_HDR_SIZE - 4) {
849 cifs_dbg(VFS, "Illegal length, greater than maximum frame, %d\n",
850 be32_to_cpu(in_buf->smb_buf_length));
851 return -EIO;
852 }
853
854 rc = wait_for_free_request(ses->server, timeout, 0);
855 if (rc)
856 return rc;
857
858 /* make sure that we sign in the same order that we send on this socket
859 and avoid races inside tcp sendmsg code that could cause corruption
860 of smb data */
861
862 mutex_lock(&ses->server->srv_mutex);
863
864 rc = allocate_mid(ses, in_buf, &midQ);
865 if (rc) {
866 mutex_unlock(&ses->server->srv_mutex);
867 /* Update # of requests on wire to server */
868 add_credits(ses->server, 1, 0);
869 return rc;
870 }
871
872 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
873 if (rc) {
874 mutex_unlock(&ses->server->srv_mutex);
875 goto out;
876 }
877
878 midQ->mid_state = MID_REQUEST_SUBMITTED;
879
880 cifs_in_send_inc(ses->server);
881 rc = smb_send(ses->server, in_buf, be32_to_cpu(in_buf->smb_buf_length));
882 cifs_in_send_dec(ses->server);
883 cifs_save_when_sent(midQ);
884
885 if (rc < 0)
886 ses->server->sequence_number -= 2;
887
888 mutex_unlock(&ses->server->srv_mutex);
889
890 if (rc < 0)
891 goto out;
892
893 if (timeout == CIFS_ASYNC_OP)
894 goto out;
895
896 rc = wait_for_response(ses->server, midQ);
897 if (rc != 0) {
898 send_cancel(ses->server, in_buf, midQ);
899 spin_lock(&GlobalMid_Lock);
900 if (midQ->mid_state == MID_REQUEST_SUBMITTED) {
901 /* no longer considered to be "in-flight" */
902 midQ->callback = DeleteMidQEntry;
903 spin_unlock(&GlobalMid_Lock);
904 add_credits(ses->server, 1, 0);
905 return rc;
906 }
907 spin_unlock(&GlobalMid_Lock);
908 }
909
910 rc = cifs_sync_mid_result(midQ, ses->server);
911 if (rc != 0) {
912 add_credits(ses->server, 1, 0);
913 return rc;
914 }
915
916 if (!midQ->resp_buf || !out_buf ||
917 midQ->mid_state != MID_RESPONSE_RECEIVED) {
918 rc = -EIO;
919 cifs_dbg(VFS, "Bad MID state?\n");
920 goto out;
921 }
922
923 *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
924 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
925 rc = cifs_check_receive(midQ, ses->server, 0);
926out:
927 cifs_delete_mid(midQ);
928 add_credits(ses->server, 1, 0);
929
930 return rc;
931}
932
933/* We send a LOCKINGX_CANCEL_LOCK to cause the Windows
934 blocking lock to return. */
935
936static int
937send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon,
938 struct smb_hdr *in_buf,
939 struct smb_hdr *out_buf)
940{
941 int bytes_returned;
942 struct cifs_ses *ses = tcon->ses;
943 LOCK_REQ *pSMB = (LOCK_REQ *)in_buf;
944
945 /* We just modify the current in_buf to change
946 the type of lock from LOCKING_ANDX_SHARED_LOCK
947 or LOCKING_ANDX_EXCLUSIVE_LOCK to
948 LOCKING_ANDX_CANCEL_LOCK. */
949
950 pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES;
951 pSMB->Timeout = 0;
952 pSMB->hdr.Mid = get_next_mid(ses->server);
953
954 return SendReceive(xid, ses, in_buf, out_buf,
955 &bytes_returned, 0);
956}
957
958int
959SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon,
960 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
961 int *pbytes_returned)
962{
963 int rc = 0;
964 int rstart = 0;
965 struct mid_q_entry *midQ;
966 struct cifs_ses *ses;
967
968 if (tcon == NULL || tcon->ses == NULL) {
969 cifs_dbg(VFS, "Null smb session\n");
970 return -EIO;
971 }
972 ses = tcon->ses;
973
974 if (ses->server == NULL) {
975 cifs_dbg(VFS, "Null tcp session\n");
976 return -EIO;
977 }
978
979 if (ses->server->tcpStatus == CifsExiting)
980 return -ENOENT;
981
982 /* Ensure that we do not send more than 50 overlapping requests
983 to the same server. We may make this configurable later or
984 use ses->maxReq */
985
986 if (be32_to_cpu(in_buf->smb_buf_length) > CIFSMaxBufSize +
987 MAX_CIFS_HDR_SIZE - 4) {
988 cifs_dbg(VFS, "Illegal length, greater than maximum frame, %d\n",
989 be32_to_cpu(in_buf->smb_buf_length));
990 return -EIO;
991 }
992
993 rc = wait_for_free_request(ses->server, CIFS_BLOCKING_OP, 0);
994 if (rc)
995 return rc;
996
997 /* make sure that we sign in the same order that we send on this socket
998 and avoid races inside tcp sendmsg code that could cause corruption
999 of smb data */
1000
1001 mutex_lock(&ses->server->srv_mutex);
1002
1003 rc = allocate_mid(ses, in_buf, &midQ);
1004 if (rc) {
1005 mutex_unlock(&ses->server->srv_mutex);
1006 return rc;
1007 }
1008
1009 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
1010 if (rc) {
1011 cifs_delete_mid(midQ);
1012 mutex_unlock(&ses->server->srv_mutex);
1013 return rc;
1014 }
1015
1016 midQ->mid_state = MID_REQUEST_SUBMITTED;
1017 cifs_in_send_inc(ses->server);
1018 rc = smb_send(ses->server, in_buf, be32_to_cpu(in_buf->smb_buf_length));
1019 cifs_in_send_dec(ses->server);
1020 cifs_save_when_sent(midQ);
1021
1022 if (rc < 0)
1023 ses->server->sequence_number -= 2;
1024
1025 mutex_unlock(&ses->server->srv_mutex);
1026
1027 if (rc < 0) {
1028 cifs_delete_mid(midQ);
1029 return rc;
1030 }
1031
1032 /* Wait for a reply - allow signals to interrupt. */
1033 rc = wait_event_interruptible(ses->server->response_q,
1034 (!(midQ->mid_state == MID_REQUEST_SUBMITTED)) ||
1035 ((ses->server->tcpStatus != CifsGood) &&
1036 (ses->server->tcpStatus != CifsNew)));
1037
1038 /* Were we interrupted by a signal ? */
1039 if ((rc == -ERESTARTSYS) &&
1040 (midQ->mid_state == MID_REQUEST_SUBMITTED) &&
1041 ((ses->server->tcpStatus == CifsGood) ||
1042 (ses->server->tcpStatus == CifsNew))) {
1043
1044 if (in_buf->Command == SMB_COM_TRANSACTION2) {
1045 /* POSIX lock. We send a NT_CANCEL SMB to cause the
1046 blocking lock to return. */
1047 rc = send_cancel(ses->server, in_buf, midQ);
1048 if (rc) {
1049 cifs_delete_mid(midQ);
1050 return rc;
1051 }
1052 } else {
1053 /* Windows lock. We send a LOCKINGX_CANCEL_LOCK
1054 to cause the blocking lock to return. */
1055
1056 rc = send_lock_cancel(xid, tcon, in_buf, out_buf);
1057
1058 /* If we get -ENOLCK back the lock may have
1059 already been removed. Don't exit in this case. */
1060 if (rc && rc != -ENOLCK) {
1061 cifs_delete_mid(midQ);
1062 return rc;
1063 }
1064 }
1065
1066 rc = wait_for_response(ses->server, midQ);
1067 if (rc) {
1068 send_cancel(ses->server, in_buf, midQ);
1069 spin_lock(&GlobalMid_Lock);
1070 if (midQ->mid_state == MID_REQUEST_SUBMITTED) {
1071 /* no longer considered to be "in-flight" */
1072 midQ->callback = DeleteMidQEntry;
1073 spin_unlock(&GlobalMid_Lock);
1074 return rc;
1075 }
1076 spin_unlock(&GlobalMid_Lock);
1077 }
1078
1079 /* We got the response - restart system call. */
1080 rstart = 1;
1081 }
1082
1083 rc = cifs_sync_mid_result(midQ, ses->server);
1084 if (rc != 0)
1085 return rc;
1086
1087 /* rcvd frame is ok */
1088 if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_RECEIVED) {
1089 rc = -EIO;
1090 cifs_dbg(VFS, "Bad MID state?\n");
1091 goto out;
1092 }
1093
1094 *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
1095 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1096 rc = cifs_check_receive(midQ, ses->server, 0);
1097out:
1098 cifs_delete_mid(midQ);
1099 if (rstart && rc == -EACCES)
1100 return -ERESTARTSYS;
1101 return rc;
1102}