fs/cifs/transport.c

   1 // SPDX-License-Identifier: LGPL-2.1
   2 /*
   3  *
   4  *   Copyright (C) International Business Machines  Corp., 2002,2008
   5  *   Author(s): Steve French (sfrench@us.ibm.com)
   6  *   Jeremy Allison (jra@samba.org) 2006.
   7  *
   8  */
   9
  10 #include <linux/fs.h>
  11 #include <linux/list.h>
  12 #include <linux/gfp.h>
  13 #include <linux/wait.h>
  14 #include <linux/net.h>
  15 #include <linux/delay.h>
  16 #include <linux/freezer.h>
  17 #include <linux/tcp.h>
  18 #include <linux/bvec.h>
  19 #include <linux/highmem.h>
  20 #include <linux/uaccess.h>
  21 #include <asm/processor.h>
  22 #include <linux/mempool.h>
  23 #include <linux/sched/signal.h>
  24 #include <linux/task_io_accounting_ops.h>
  25 #include "cifspdu.h"
  26 #include "cifsglob.h"
  27 #include "cifsproto.h"
  28 #include "cifs_debug.h"
  29 #include "smb2proto.h"
  30 #include "smbdirect.h"
  31
  32 /* Max number of iovectors we can use off the stack when sending requests. */
  33 #define CIFS_MAX_IOV_SIZE 8
  34
  35 void
  36 cifs_wake_up_task(struct mid_q_entry *mid)
  37 {
  38         wake_up_process(mid->callback_data);
  39 }
  40
  41 static struct mid_q_entry *
  42 alloc_mid(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server)
  43 {
  44         struct mid_q_entry *temp;
  45
  46         if (server == NULL) {
  47                 cifs_dbg(VFS, "%s: null TCP session\n", __func__);
  48                 return NULL;
  49         }
  50
  51         temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
  52         memset(temp, 0, sizeof(struct mid_q_entry));
  53         kref_init(&temp->refcount);
  54         temp->mid = get_mid(smb_buffer);
  55         temp->pid = current->pid;
  56         temp->command = cpu_to_le16(smb_buffer->Command);
  57         cifs_dbg(FYI, "For smb_command %d\n", smb_buffer->Command);
  58         /*      do_gettimeofday(&temp->when_sent);*/ /* easier to use jiffies */
  59         /* when mid allocated can be before when sent */
  60         temp->when_alloc = jiffies;
  61         temp->server = server;
  62
  63         /*
  64          * The default is for the mid to be synchronous, so the
  65          * default callback just wakes up the current task.
  66          */
  67         get_task_struct(current);
  68         temp->creator = current;
  69         temp->callback = cifs_wake_up_task;
  70         temp->callback_data = current;
  71
  72         atomic_inc(&mid_count);
  73         temp->mid_state = MID_REQUEST_ALLOCATED;
  74         return temp;
  75 }
  76
  77 static void __release_mid(struct kref *refcount)
  78 {
  79         struct mid_q_entry *midEntry =
  80                         container_of(refcount, struct mid_q_entry, refcount);
  81 #ifdef CONFIG_CIFS_STATS2
  82         __le16 command = midEntry->server->vals->lock_cmd;
  83         __u16 smb_cmd = le16_to_cpu(midEntry->command);
  84         unsigned long now;
  85         unsigned long roundtrip_time;
  86 #endif
  87         struct TCP_Server_Info *server = midEntry->server;
  88
  89         if (midEntry->resp_buf && (midEntry->mid_flags & MID_WAIT_CANCELLED) &&
  90             midEntry->mid_state == MID_RESPONSE_RECEIVED &&
  91             server->ops->handle_cancelled_mid)
  92                 server->ops->handle_cancelled_mid(midEntry, server);
  93
  94         midEntry->mid_state = MID_FREE;
  95         atomic_dec(&mid_count);
  96         if (midEntry->large_buf)
  97                 cifs_buf_release(midEntry->resp_buf);
  98         else
  99                 cifs_small_buf_release(midEntry->resp_buf);
 100 #ifdef CONFIG_CIFS_STATS2
 101         now = jiffies;
 102         if (now < midEntry->when_alloc)
 103                 cifs_server_dbg(VFS, "Invalid mid allocation time\n");
 104         roundtrip_time = now - midEntry->when_alloc;
 105
 106         if (smb_cmd < NUMBER_OF_SMB2_COMMANDS) {
 107                 if (atomic_read(&server->num_cmds[smb_cmd]) == 0) {
 108                         server->slowest_cmd[smb_cmd] = roundtrip_time;
 109                         server->fastest_cmd[smb_cmd] = roundtrip_time;
 110                 } else {
 111                         if (server->slowest_cmd[smb_cmd] < roundtrip_time)
 112                                 server->slowest_cmd[smb_cmd] = roundtrip_time;
 113                         else if (server->fastest_cmd[smb_cmd] > roundtrip_time)
 114                                 server->fastest_cmd[smb_cmd] = roundtrip_time;
 115                 }
 116                 cifs_stats_inc(&server->num_cmds[smb_cmd]);
 117                 server->time_per_cmd[smb_cmd] += roundtrip_time;
 118         }
 119         /*
 120          * commands taking longer than one second (default) can be indications
 121          * that something is wrong, unless it is quite a slow link or a very
 122          * busy server. Note that this calc is unlikely or impossible to wrap
 123          * as long as slow_rsp_threshold is not set way above recommended max
 124          * value (32767 ie 9 hours) and is generally harmless even if wrong
 125          * since only affects debug counters - so leaving the calc as simple
 126          * comparison rather than doing multiple conversions and overflow
 127          * checks
 128          */
 129         if ((slow_rsp_threshold != 0) &&
 130             time_after(now, midEntry->when_alloc + (slow_rsp_threshold * HZ)) &&
 131             (midEntry->command != command)) {
 132                 /*
 133                  * smb2slowcmd[NUMBER_OF_SMB2_COMMANDS] counts by command
 134                  * NB: le16_to_cpu returns unsigned so can not be negative below
 135                  */
 136                 if (smb_cmd < NUMBER_OF_SMB2_COMMANDS)
 137                         cifs_stats_inc(&server->smb2slowcmd[smb_cmd]);
 138
 139                 trace_smb3_slow_rsp(smb_cmd, midEntry->mid, midEntry->pid,
 140                                midEntry->when_sent, midEntry->when_received);
 141                 if (cifsFYI & CIFS_TIMER) {
 142                         pr_debug("slow rsp: cmd %d mid %llu",
 143                                  midEntry->command, midEntry->mid);
 144                         cifs_info("A: 0x%lx S: 0x%lx R: 0x%lx\n",
 145                                   now - midEntry->when_alloc,
 146                                   now - midEntry->when_sent,
 147                                   now - midEntry->when_received);
 148                 }
 149         }
 150 #endif
 151         put_task_struct(midEntry->creator);
 152
 153         mempool_free(midEntry, cifs_mid_poolp);
 154 }
 155
 156 void release_mid(struct mid_q_entry *mid)
 157 {
 158         struct TCP_Server_Info *server = mid->server;
 159
 160         spin_lock(&server->mid_lock);
 161         kref_put(&mid->refcount, __release_mid);
 162         spin_unlock(&server->mid_lock);
 163 }
 164
 165 void
 166 delete_mid(struct mid_q_entry *mid)
 167 {
 168         spin_lock(&mid->server->mid_lock);
 169         if (!(mid->mid_flags & MID_DELETED)) {
 170                 list_del_init(&mid->qhead);
 171                 mid->mid_flags |= MID_DELETED;
 172         }
 173         spin_unlock(&mid->server->mid_lock);
 174
 175         release_mid(mid);
 176 }
 177
 178 /*
 179  * smb_send_kvec - send an array of kvecs to the server
 180  * @server:     Server to send the data to
 181  * @smb_msg:    Message to send
 182  * @sent:       amount of data sent on socket is stored here
 183  *
 184  * Our basic "send data to server" function. Should be called with srv_mutex
 185  * held. The caller is responsible for handling the results.
 186  */
 187 static int
 188 smb_send_kvec(struct TCP_Server_Info *server, struct msghdr *smb_msg,
 189               size_t *sent)
 190 {
 191         int rc = 0;
 192         int retries = 0;
 193         struct socket *ssocket = server->ssocket;
 194
 195         *sent = 0;
 196
 197         if (server->noblocksnd)
 198                 smb_msg->msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL;
 199         else
 200                 smb_msg->msg_flags = MSG_NOSIGNAL;
 201
 202         while (msg_data_left(smb_msg)) {
 203                 /*
 204                  * If blocking send, we try 3 times, since each can block
 205                  * for 5 seconds. For nonblocking  we have to try more
 206                  * but wait increasing amounts of time allowing time for
 207                  * socket to clear.  The overall time we wait in either
 208                  * case to send on the socket is about 15 seconds.
 209                  * Similarly we wait for 15 seconds for a response from
 210                  * the server in SendReceive[2] for the server to send
 211                  * a response back for most types of requests (except
 212                  * SMB Write past end of file which can be slow, and
 213                  * blocking lock operations). NFS waits slightly longer
 214                  * than CIFS, but this can make it take longer for
 215                  * nonresponsive servers to be detected and 15 seconds
 216                  * is more than enough time for modern networks to
 217                  * send a packet.  In most cases if we fail to send
 218                  * after the retries we will kill the socket and
 219                  * reconnect which may clear the network problem.
 220                  */
 221                 rc = sock_sendmsg(ssocket, smb_msg);
 222                 if (rc == -EAGAIN) {
 223                         retries++;
 224                         if (retries >= 14 ||
 225                             (!server->noblocksnd && (retries > 2))) {
 226                                 cifs_server_dbg(VFS, "sends on sock %p stuck for 15 seconds\n",
 227                                          ssocket);
 228                                 return -EAGAIN;
 229                         }
 230                         msleep(1 << retries);
 231                         continue;
 232                 }
 233
 234                 if (rc < 0)
 235                         return rc;
 236
 237                 if (rc == 0) {
 238                         /* should never happen, letting socket clear before
 239                            retrying is our only obvious option here */
 240                         cifs_server_dbg(VFS, "tcp sent no data\n");
 241                         msleep(500);
 242                         continue;
 243                 }
 244
 245                 /* send was at least partially successful */
 246                 *sent += rc;
 247                 retries = 0; /* in case we get ENOSPC on the next send */
 248         }
 249         return 0;
 250 }
 251
 252 unsigned long
 253 smb_rqst_len(struct TCP_Server_Info *server, struct smb_rqst *rqst)
 254 {
 255         unsigned int i;
 256         struct kvec *iov;
 257         int nvec;
 258         unsigned long buflen = 0;
 259
 260         if (!is_smb1(server) && rqst->rq_nvec >= 2 &&
 261             rqst->rq_iov[0].iov_len == 4) {
 262                 iov = &rqst->rq_iov[1];
 263                 nvec = rqst->rq_nvec - 1;
 264         } else {
 265                 iov = rqst->rq_iov;
 266                 nvec = rqst->rq_nvec;
 267         }
 268
 269         /* total up iov array first */
 270         for (i = 0; i < nvec; i++)
 271                 buflen += iov[i].iov_len;
 272
 273         /*
 274          * Add in the page array if there is one. The caller needs to make
 275          * sure rq_offset and rq_tailsz are set correctly. If a buffer of
 276          * multiple pages ends at page boundary, rq_tailsz needs to be set to
 277          * PAGE_SIZE.
 278          */
 279         if (rqst->rq_npages) {
 280                 if (rqst->rq_npages == 1)
 281                         buflen += rqst->rq_tailsz;
 282                 else {
 283                         /*
 284                          * If there is more than one page, calculate the
 285                          * buffer length based on rq_offset and rq_tailsz
 286                          */
 287                         buflen += rqst->rq_pagesz * (rqst->rq_npages - 1) -
 288                                         rqst->rq_offset;
 289                         buflen += rqst->rq_tailsz;
 290                 }
 291         }
 292
 293         return buflen;
 294 }
 295
 296 static int
 297 __smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
 298                 struct smb_rqst *rqst)
 299 {
 300         int rc = 0;
 301         struct kvec *iov;
 302         int n_vec;
 303         unsigned int send_length = 0;
 304         unsigned int i, j;
 305         sigset_t mask, oldmask;
 306         size_t total_len = 0, sent, size;
 307         struct socket *ssocket = server->ssocket;
 308         struct msghdr smb_msg = {};
 309         __be32 rfc1002_marker;
 310
 311         if (cifs_rdma_enabled(server)) {
 312                 /* return -EAGAIN when connecting or reconnecting */
 313                 rc = -EAGAIN;
 314                 if (server->smbd_conn)
 315                         rc = smbd_send(server, num_rqst, rqst);
 316                 goto smbd_done;
 317         }
 318
 319         if (ssocket == NULL)
 320                 return -EAGAIN;
 321
 322         if (fatal_signal_pending(current)) {
 323                 cifs_dbg(FYI, "signal pending before send request\n");
 324                 return -ERESTARTSYS;
 325         }
 326
 327         /* cork the socket */
 328         tcp_sock_set_cork(ssocket->sk, true);
 329
 330         for (j = 0; j < num_rqst; j++)
 331                 send_length += smb_rqst_len(server, &rqst[j]);
 332         rfc1002_marker = cpu_to_be32(send_length);
 333
 334         /*
 335          * We should not allow signals to interrupt the network send because
 336          * any partial send will cause session reconnects thus increasing
 337          * latency of system calls and overload a server with unnecessary
 338          * requests.
 339          */
 340
 341         sigfillset(&mask);
 342         sigprocmask(SIG_BLOCK, &mask, &oldmask);
 343
 344         /* Generate a rfc1002 marker for SMB2+ */
 345         if (!is_smb1(server)) {
 346                 struct kvec hiov = {
 347                         .iov_base = &rfc1002_marker,
 348                         .iov_len  = 4
 349                 };
 350                 iov_iter_kvec(&smb_msg.msg_iter, WRITE, &hiov, 1, 4);
 351                 rc = smb_send_kvec(server, &smb_msg, &sent);
 352                 if (rc < 0)
 353                         goto unmask;
 354
 355                 total_len += sent;
 356                 send_length += 4;
 357         }
 358
 359         cifs_dbg(FYI, "Sending smb: smb_len=%u\n", send_length);
 360
 361         for (j = 0; j < num_rqst; j++) {
 362                 iov = rqst[j].rq_iov;
 363                 n_vec = rqst[j].rq_nvec;
 364
 365                 size = 0;
 366                 for (i = 0; i < n_vec; i++) {
 367                         dump_smb(iov[i].iov_base, iov[i].iov_len);
 368                         size += iov[i].iov_len;
 369                 }
 370
 371                 iov_iter_kvec(&smb_msg.msg_iter, WRITE, iov, n_vec, size);
 372
 373                 rc = smb_send_kvec(server, &smb_msg, &sent);
 374                 if (rc < 0)
 375                         goto unmask;
 376
 377                 total_len += sent;
 378
 379                 /* now walk the page array and send each page in it */
 380                 for (i = 0; i < rqst[j].rq_npages; i++) {
 381                         struct bio_vec bvec;
 382
 383                         bvec.bv_page = rqst[j].rq_pages[i];
 384                         rqst_page_get_length(&rqst[j], i, &bvec.bv_len,
 385                                              &bvec.bv_offset);
 386
 387                         iov_iter_bvec(&smb_msg.msg_iter, WRITE,
 388                                       &bvec, 1, bvec.bv_len);
 389                         rc = smb_send_kvec(server, &smb_msg, &sent);
 390                         if (rc < 0)
 391                                 break;
 392
 393                         total_len += sent;
 394                 }
 395         }
 396
 397 unmask:
 398         sigprocmask(SIG_SETMASK, &oldmask, NULL);
 399
 400         /*
 401          * If signal is pending but we have already sent the whole packet to
 402          * the server we need to return success status to allow a corresponding
 403          * mid entry to be kept in the pending requests queue thus allowing
 404          * to handle responses from the server by the client.
 405          *
 406          * If only part of the packet has been sent there is no need to hide
 407          * interrupt because the session will be reconnected anyway, so there
 408          * won't be any response from the server to handle.
 409          */
 410
 411         if (signal_pending(current) && (total_len != send_length)) {
 412                 cifs_dbg(FYI, "signal is pending after attempt to send\n");
 413                 rc = -ERESTARTSYS;
 414         }
 415
 416         /* uncork it */
 417         tcp_sock_set_cork(ssocket->sk, false);
 418
 419         if ((total_len > 0) && (total_len != send_length)) {
 420                 cifs_dbg(FYI, "partial send (wanted=%u sent=%zu): terminating session\n",
 421                          send_length, total_len);
 422                 /*
 423                  * If we have only sent part of an SMB then the next SMB could
 424                  * be taken as the remainder of this one. We need to kill the
 425                  * socket so the server throws away the partial SMB
 426                  */
 427                 cifs_signal_cifsd_for_reconnect(server, false);
 428                 trace_smb3_partial_send_reconnect(server->CurrentMid,
 429                                                   server->conn_id, server->hostname);
 430         }
 431 smbd_done:
 432         if (rc < 0 && rc != -EINTR)
 433                 cifs_server_dbg(VFS, "Error %d sending data on socket to server\n",
 434                          rc);
 435         else if (rc > 0)
 436                 rc = 0;
 437
 438         return rc;
 439 }
 440
 441 static int
 442 smb_send_rqst(struct TCP_Server_Info *server, int num_rqst,
 443               struct smb_rqst *rqst, int flags)
 444 {
 445         struct kvec iov;
 446         struct smb2_transform_hdr *tr_hdr;
 447         struct smb_rqst cur_rqst[MAX_COMPOUND];
 448         int rc;
 449
 450         if (!(flags & CIFS_TRANSFORM_REQ))
 451                 return __smb_send_rqst(server, num_rqst, rqst);
 452
 453         if (num_rqst > MAX_COMPOUND - 1)
 454                 return -ENOMEM;
 455
 456         if (!server->ops->init_transform_rq) {
 457                 cifs_server_dbg(VFS, "Encryption requested but transform callback is missing\n");
 458                 return -EIO;
 459         }
 460
 461         tr_hdr = kzalloc(sizeof(*tr_hdr), GFP_NOFS);
 462         if (!tr_hdr)
 463                 return -ENOMEM;
 464
 465         memset(&cur_rqst[0], 0, sizeof(cur_rqst));
 466         memset(&iov, 0, sizeof(iov));
 467
 468         iov.iov_base = tr_hdr;
 469         iov.iov_len = sizeof(*tr_hdr);
 470         cur_rqst[0].rq_iov = &iov;
 471         cur_rqst[0].rq_nvec = 1;
 472
 473         rc = server->ops->init_transform_rq(server, num_rqst + 1,
 474                                             &cur_rqst[0], rqst);
 475         if (rc)
 476                 goto out;
 477
 478         rc = __smb_send_rqst(server, num_rqst + 1, &cur_rqst[0]);
 479         smb3_free_compound_rqst(num_rqst, &cur_rqst[1]);
 480 out:
 481         kfree(tr_hdr);
 482         return rc;
 483 }
 484
 485 int
 486 smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer,
 487          unsigned int smb_buf_length)
 488 {
 489         struct kvec iov[2];
 490         struct smb_rqst rqst = { .rq_iov = iov,
 491                                  .rq_nvec = 2 };
 492
 493         iov[0].iov_base = smb_buffer;
 494         iov[0].iov_len = 4;
 495         iov[1].iov_base = (char *)smb_buffer + 4;
 496         iov[1].iov_len = smb_buf_length;
 497
 498         return __smb_send_rqst(server, 1, &rqst);
 499 }
 500
 501 static int
 502 wait_for_free_credits(struct TCP_Server_Info *server, const int num_credits,
 503                       const int timeout, const int flags,
 504                       unsigned int *instance)
 505 {
 506         long rc;
 507         int *credits;
 508         int optype;
 509         long int t;
 510         int scredits, in_flight;
 511
 512         if (timeout < 0)
 513                 t = MAX_JIFFY_OFFSET;
 514         else
 515                 t = msecs_to_jiffies(timeout);
 516
 517         optype = flags & CIFS_OP_MASK;
 518
 519         *instance = 0;
 520
 521         credits = server->ops->get_credits_field(server, optype);
 522         /* Since an echo is already inflight, no need to wait to send another */
 523         if (*credits <= 0 && optype == CIFS_ECHO_OP)
 524                 return -EAGAIN;
 525
 526         spin_lock(&server->req_lock);
 527         if ((flags & CIFS_TIMEOUT_MASK) == CIFS_NON_BLOCKING) {
 528                 /* oplock breaks must not be held up */
 529                 server->in_flight++;
 530                 if (server->in_flight > server->max_in_flight)
 531                         server->max_in_flight = server->in_flight;
 532                 *credits -= 1;
 533                 *instance = server->reconnect_instance;
 534                 scredits = *credits;
 535                 in_flight = server->in_flight;
 536                 spin_unlock(&server->req_lock);
 537
 538                 trace_smb3_nblk_credits(server->CurrentMid,
 539                                 server->conn_id, server->hostname, scredits, -1, in_flight);
 540                 cifs_dbg(FYI, "%s: remove %u credits total=%d\n",
 541                                 __func__, 1, scredits);
 542
 543                 return 0;
 544         }
 545
 546         while (1) {
 547                 if (*credits < num_credits) {
 548                         scredits = *credits;
 549                         spin_unlock(&server->req_lock);
 550
 551                         cifs_num_waiters_inc(server);
 552                         rc = wait_event_killable_timeout(server->request_q,
 553                                 has_credits(server, credits, num_credits), t);
 554                         cifs_num_waiters_dec(server);
 555                         if (!rc) {
 556                                 spin_lock(&server->req_lock);
 557                                 scredits = *credits;
 558                                 in_flight = server->in_flight;
 559                                 spin_unlock(&server->req_lock);
 560
 561                                 trace_smb3_credit_timeout(server->CurrentMid,
 562                                                 server->conn_id, server->hostname, scredits,
 563                                                 num_credits, in_flight);
 564                                 cifs_server_dbg(VFS, "wait timed out after %d ms\n",
 565                                                 timeout);
 566                                 return -EBUSY;
 567                         }
 568                         if (rc == -ERESTARTSYS)
 569                                 return -ERESTARTSYS;
 570                         spin_lock(&server->req_lock);
 571                 } else {
 572                         spin_unlock(&server->req_lock);
 573
 574                         spin_lock(&server->srv_lock);
 575                         if (server->tcpStatus == CifsExiting) {
 576                                 spin_unlock(&server->srv_lock);
 577                                 return -ENOENT;
 578                         }
 579                         spin_unlock(&server->srv_lock);
 580
 581                         /*
 582                          * For normal commands, reserve the last MAX_COMPOUND
 583                          * credits to compound requests.
 584                          * Otherwise these compounds could be permanently
 585                          * starved for credits by single-credit requests.
 586                          *
 587                          * To prevent spinning CPU, block this thread until
 588                          * there are >MAX_COMPOUND credits available.
 589                          * But only do this is we already have a lot of
 590                          * credits in flight to avoid triggering this check
 591                          * for servers that are slow to hand out credits on
 592                          * new sessions.
 593                          */
 594                         spin_lock(&server->req_lock);
 595                         if (!optype && num_credits == 1 &&
 596                             server->in_flight > 2 * MAX_COMPOUND &&
 597                             *credits <= MAX_COMPOUND) {
 598                                 spin_unlock(&server->req_lock);
 599
 600                                 cifs_num_waiters_inc(server);
 601                                 rc = wait_event_killable_timeout(
 602                                         server->request_q,
 603                                         has_credits(server, credits,
 604                                                     MAX_COMPOUND + 1),
 605                                         t);
 606                                 cifs_num_waiters_dec(server);
 607                                 if (!rc) {
 608                                         spin_lock(&server->req_lock);
 609                                         scredits = *credits;
 610                                         in_flight = server->in_flight;
 611                                         spin_unlock(&server->req_lock);
 612
 613                                         trace_smb3_credit_timeout(
 614                                                         server->CurrentMid,
 615                                                         server->conn_id, server->hostname,
 616                                                         scredits, num_credits, in_flight);
 617                                         cifs_server_dbg(VFS, "wait timed out after %d ms\n",
 618                                                         timeout);
 619                                         return -EBUSY;
 620                                 }
 621                                 if (rc == -ERESTARTSYS)
 622                                         return -ERESTARTSYS;
 623                                 spin_lock(&server->req_lock);
 624                                 continue;
 625                         }
 626
 627                         /*
 628                          * Can not count locking commands against total
 629                          * as they are allowed to block on server.
 630                          */
 631
 632                         /* update # of requests on the wire to server */
 633                         if ((flags & CIFS_TIMEOUT_MASK) != CIFS_BLOCKING_OP) {
 634                                 *credits -= num_credits;
 635                                 server->in_flight += num_credits;
 636                                 if (server->in_flight > server->max_in_flight)
 637                                         server->max_in_flight = server->in_flight;
 638                                 *instance = server->reconnect_instance;
 639                         }
 640                         scredits = *credits;
 641                         in_flight = server->in_flight;
 642                         spin_unlock(&server->req_lock);
 643
 644                         trace_smb3_waitff_credits(server->CurrentMid,
 645                                         server->conn_id, server->hostname, scredits,
 646                                         -(num_credits), in_flight);
 647                         cifs_dbg(FYI, "%s: remove %u credits total=%d\n",
 648                                         __func__, num_credits, scredits);
 649                         break;
 650                 }
 651         }
 652         return 0;
 653 }
 654
 655 static int
 656 wait_for_free_request(struct TCP_Server_Info *server, const int flags,
 657                       unsigned int *instance)
 658 {
 659         return wait_for_free_credits(server, 1, -1, flags,
 660                                      instance);
 661 }
 662
 663 static int
 664 wait_for_compound_request(struct TCP_Server_Info *server, int num,
 665                           const int flags, unsigned int *instance)
 666 {
 667         int *credits;
 668         int scredits, in_flight;
 669
 670         credits = server->ops->get_credits_field(server, flags & CIFS_OP_MASK);
 671
 672         spin_lock(&server->req_lock);
 673         scredits = *credits;
 674         in_flight = server->in_flight;
 675
 676         if (*credits < num) {
 677                 /*
 678                  * If the server is tight on resources or just gives us less
 679                  * credits for other reasons (e.g. requests are coming out of
 680                  * order and the server delays granting more credits until it
 681                  * processes a missing mid) and we exhausted most available
 682                  * credits there may be situations when we try to send
 683                  * a compound request but we don't have enough credits. At this
 684                  * point the client needs to decide if it should wait for
 685                  * additional credits or fail the request. If at least one
 686                  * request is in flight there is a high probability that the
 687                  * server will return enough credits to satisfy this compound
 688                  * request.
 689                  *
 690                  * Return immediately if no requests in flight since we will be
 691                  * stuck on waiting for credits.
 692                  */
 693                 if (server->in_flight == 0) {
 694                         spin_unlock(&server->req_lock);
 695                         trace_smb3_insufficient_credits(server->CurrentMid,
 696                                         server->conn_id, server->hostname, scredits,
 697                                         num, in_flight);
 698                         cifs_dbg(FYI, "%s: %d requests in flight, needed %d total=%d\n",
 699                                         __func__, in_flight, num, scredits);
 700                         return -EDEADLK;
 701                 }
 702         }
 703         spin_unlock(&server->req_lock);
 704
 705         return wait_for_free_credits(server, num, 60000, flags,
 706                                      instance);
 707 }
 708
 709 int
 710 cifs_wait_mtu_credits(struct TCP_Server_Info *server, unsigned int size,
 711                       unsigned int *num, struct cifs_credits *credits)
 712 {
 713         *num = size;
 714         credits->value = 0;
 715         credits->instance = server->reconnect_instance;
 716         return 0;
 717 }
 718
 719 static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf,
 720                         struct mid_q_entry **ppmidQ)
 721 {
 722         spin_lock(&ses->ses_lock);
 723         if (ses->ses_status == SES_NEW) {
 724                 if ((in_buf->Command != SMB_COM_SESSION_SETUP_ANDX) &&
 725                         (in_buf->Command != SMB_COM_NEGOTIATE)) {
 726                         spin_unlock(&ses->ses_lock);
 727                         return -EAGAIN;
 728                 }
 729                 /* else ok - we are setting up session */
 730         }
 731
 732         if (ses->ses_status == SES_EXITING) {
 733                 /* check if SMB session is bad because we are setting it up */
 734                 if (in_buf->Command != SMB_COM_LOGOFF_ANDX) {
 735                         spin_unlock(&ses->ses_lock);
 736                         return -EAGAIN;
 737                 }
 738                 /* else ok - we are shutting down session */
 739         }
 740         spin_unlock(&ses->ses_lock);
 741
 742         *ppmidQ = alloc_mid(in_buf, ses->server);
 743         if (*ppmidQ == NULL)
 744                 return -ENOMEM;
 745         spin_lock(&ses->server->mid_lock);
 746         list_add_tail(&(*ppmidQ)->qhead, &ses->server->pending_mid_q);
 747         spin_unlock(&ses->server->mid_lock);
 748         return 0;
 749 }
 750
 751 static int
 752 wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ)
 753 {
 754         int error;
 755
 756         error = wait_event_freezekillable_unsafe(server->response_q,
 757                                     midQ->mid_state != MID_REQUEST_SUBMITTED);
 758         if (error < 0)
 759                 return -ERESTARTSYS;
 760
 761         return 0;
 762 }
 763
 764 struct mid_q_entry *
 765 cifs_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
 766 {
 767         int rc;
 768         struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
 769         struct mid_q_entry *mid;
 770
 771         if (rqst->rq_iov[0].iov_len != 4 ||
 772             rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
 773                 return ERR_PTR(-EIO);
 774
 775         /* enable signing if server requires it */
 776         if (server->sign)
 777                 hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
 778
 779         mid = alloc_mid(hdr, server);
 780         if (mid == NULL)
 781                 return ERR_PTR(-ENOMEM);
 782
 783         rc = cifs_sign_rqst(rqst, server, &mid->sequence_number);
 784         if (rc) {
 785                 release_mid(mid);
 786                 return ERR_PTR(rc);
 787         }
 788
 789         return mid;
 790 }
 791
 792 /*
 793  * Send a SMB request and set the callback function in the mid to handle
 794  * the result. Caller is responsible for dealing with timeouts.
 795  */
 796 int
 797 cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst,
 798                 mid_receive_t *receive, mid_callback_t *callback,
 799                 mid_handle_t *handle, void *cbdata, const int flags,
 800                 const struct cifs_credits *exist_credits)
 801 {
 802         int rc;
 803         struct mid_q_entry *mid;
 804         struct cifs_credits credits = { .value = 0, .instance = 0 };
 805         unsigned int instance;
 806         int optype;
 807
 808         optype = flags & CIFS_OP_MASK;
 809
 810         if ((flags & CIFS_HAS_CREDITS) == 0) {
 811                 rc = wait_for_free_request(server, flags, &instance);
 812                 if (rc)
 813                         return rc;
 814                 credits.value = 1;
 815                 credits.instance = instance;
 816         } else
 817                 instance = exist_credits->instance;
 818
 819         cifs_server_lock(server);
 820
 821         /*
 822          * We can't use credits obtained from the previous session to send this
 823          * request. Check if there were reconnects after we obtained credits and
 824          * return -EAGAIN in such cases to let callers handle it.
 825          */
 826         if (instance != server->reconnect_instance) {
 827                 cifs_server_unlock(server);
 828                 add_credits_and_wake_if(server, &credits, optype);
 829                 return -EAGAIN;
 830         }
 831
 832         mid = server->ops->setup_async_request(server, rqst);
 833         if (IS_ERR(mid)) {
 834                 cifs_server_unlock(server);
 835                 add_credits_and_wake_if(server, &credits, optype);
 836                 return PTR_ERR(mid);
 837         }
 838
 839         mid->receive = receive;
 840         mid->callback = callback;
 841         mid->callback_data = cbdata;
 842         mid->handle = handle;
 843         mid->mid_state = MID_REQUEST_SUBMITTED;
 844
 845         /* put it on the pending_mid_q */
 846         spin_lock(&server->mid_lock);
 847         list_add_tail(&mid->qhead, &server->pending_mid_q);
 848         spin_unlock(&server->mid_lock);
 849
 850         /*
 851          * Need to store the time in mid before calling I/O. For call_async,
 852          * I/O response may come back and free the mid entry on another thread.
 853          */
 854         cifs_save_when_sent(mid);
 855         cifs_in_send_inc(server);
 856         rc = smb_send_rqst(server, 1, rqst, flags);
 857         cifs_in_send_dec(server);
 858
 859         if (rc < 0) {
 860                 revert_current_mid(server, mid->credits);
 861                 server->sequence_number -= 2;
 862                 delete_mid(mid);
 863         }
 864
 865         cifs_server_unlock(server);
 866
 867         if (rc == 0)
 868                 return 0;
 869
 870         add_credits_and_wake_if(server, &credits, optype);
 871         return rc;
 872 }
 873
 874 /*
 875  *
 876  * Send an SMB Request.  No response info (other than return code)
 877  * needs to be parsed.
 878  *
 879  * flags indicate the type of request buffer and how long to wait
 880  * and whether to log NT STATUS code (error) before mapping it to POSIX error
 881  *
 882  */
 883 int
 884 SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses,
 885                  char *in_buf, int flags)
 886 {
 887         int rc;
 888         struct kvec iov[1];
 889         struct kvec rsp_iov;
 890         int resp_buf_type;
 891
 892         iov[0].iov_base = in_buf;
 893         iov[0].iov_len = get_rfc1002_length(in_buf) + 4;
 894         flags |= CIFS_NO_RSP_BUF;
 895         rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags, &rsp_iov);
 896         cifs_dbg(NOISY, "SendRcvNoRsp flags %d rc %d\n", flags, rc);
 897
 898         return rc;
 899 }
 900
 901 static int
 902 cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server)
 903 {
 904         int rc = 0;
 905
 906         cifs_dbg(FYI, "%s: cmd=%d mid=%llu state=%d\n",
 907                  __func__, le16_to_cpu(mid->command), mid->mid, mid->mid_state);
 908
 909         spin_lock(&server->mid_lock);
 910         switch (mid->mid_state) {
 911         case MID_RESPONSE_RECEIVED:
 912                 spin_unlock(&server->mid_lock);
 913                 return rc;
 914         case MID_RETRY_NEEDED:
 915                 rc = -EAGAIN;
 916                 break;
 917         case MID_RESPONSE_MALFORMED:
 918                 rc = -EIO;
 919                 break;
 920         case MID_SHUTDOWN:
 921                 rc = -EHOSTDOWN;
 922                 break;
 923         default:
 924                 if (!(mid->mid_flags & MID_DELETED)) {
 925                         list_del_init(&mid->qhead);
 926                         mid->mid_flags |= MID_DELETED;
 927                 }
 928                 cifs_server_dbg(VFS, "%s: invalid mid state mid=%llu state=%d\n",
 929                          __func__, mid->mid, mid->mid_state);
 930                 rc = -EIO;
 931         }
 932         spin_unlock(&server->mid_lock);
 933
 934         release_mid(mid);
 935         return rc;
 936 }
 937
 938 static inline int
 939 send_cancel(struct TCP_Server_Info *server, struct smb_rqst *rqst,
 940             struct mid_q_entry *mid)
 941 {
 942         return server->ops->send_cancel ?
 943                                 server->ops->send_cancel(server, rqst, mid) : 0;
 944 }
 945
 946 int
 947 cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
 948                    bool log_error)
 949 {
 950         unsigned int len = get_rfc1002_length(mid->resp_buf) + 4;
 951
 952         dump_smb(mid->resp_buf, min_t(u32, 92, len));
 953
 954         /* convert the length into a more usable form */
 955         if (server->sign) {
 956                 struct kvec iov[2];
 957                 int rc = 0;
 958                 struct smb_rqst rqst = { .rq_iov = iov,
 959                                          .rq_nvec = 2 };
 960
 961                 iov[0].iov_base = mid->resp_buf;
 962                 iov[0].iov_len = 4;
 963                 iov[1].iov_base = (char *)mid->resp_buf + 4;
 964                 iov[1].iov_len = len - 4;
 965                 /* FIXME: add code to kill session */
 966                 rc = cifs_verify_signature(&rqst, server,
 967                                            mid->sequence_number);
 968                 if (rc)
 969                         cifs_server_dbg(VFS, "SMB signature verification returned error = %d\n",
 970                                  rc);
 971         }
 972
 973         /* BB special case reconnect tid and uid here? */
 974         return map_and_check_smb_error(mid, log_error);
 975 }
 976
 977 struct mid_q_entry *
 978 cifs_setup_request(struct cifs_ses *ses, struct TCP_Server_Info *ignored,
 979                    struct smb_rqst *rqst)
 980 {
 981         int rc;
 982         struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
 983         struct mid_q_entry *mid;
 984
 985         if (rqst->rq_iov[0].iov_len != 4 ||
 986             rqst->rq_iov[0].iov_base + 4 != rqst->rq_iov[1].iov_base)
 987                 return ERR_PTR(-EIO);
 988
 989         rc = allocate_mid(ses, hdr, &mid);
 990         if (rc)
 991                 return ERR_PTR(rc);
 992         rc = cifs_sign_rqst(rqst, ses->server, &mid->sequence_number);
 993         if (rc) {
 994                 delete_mid(mid);
 995                 return ERR_PTR(rc);
 996         }
 997         return mid;
 998 }
 999
1000 static void
1001 cifs_compound_callback(struct mid_q_entry *mid)
1002 {
1003         struct TCP_Server_Info *server = mid->server;
1004         struct cifs_credits credits;
1005
1006         credits.value = server->ops->get_credits(mid);
1007         credits.instance = server->reconnect_instance;
1008
1009         add_credits(server, &credits, mid->optype);
1010 }
1011
1012 static void
1013 cifs_compound_last_callback(struct mid_q_entry *mid)
1014 {
1015         cifs_compound_callback(mid);
1016         cifs_wake_up_task(mid);
1017 }
1018
1019 static void
1020 cifs_cancelled_callback(struct mid_q_entry *mid)
1021 {
1022         cifs_compound_callback(mid);
1023         release_mid(mid);
1024 }
1025
1026 /*
1027  * Return a channel (master if none) of @ses that can be used to send
1028  * regular requests.
1029  *
1030  * If we are currently binding a new channel (negprot/sess.setup),
1031  * return the new incomplete channel.
1032  */
1033 struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses)
1034 {
1035         uint index = 0;
1036
1037         if (!ses)
1038                 return NULL;
1039
1040         /* round robin */
1041         index = (uint)atomic_inc_return(&ses->chan_seq);
1042
1043         spin_lock(&ses->chan_lock);
1044         index %= ses->chan_count;
1045         spin_unlock(&ses->chan_lock);
1046
1047         return ses->chans[index].server;
1048 }
1049
1050 int
1051 compound_send_recv(const unsigned int xid, struct cifs_ses *ses,
1052                    struct TCP_Server_Info *server,
1053                    const int flags, const int num_rqst, struct smb_rqst *rqst,
1054                    int *resp_buf_type, struct kvec *resp_iov)
1055 {
1056         int i, j, optype, rc = 0;
1057         struct mid_q_entry *midQ[MAX_COMPOUND];
1058         bool cancelled_mid[MAX_COMPOUND] = {false};
1059         struct cifs_credits credits[MAX_COMPOUND] = {
1060                 { .value = 0, .instance = 0 }
1061         };
1062         unsigned int instance;
1063         char *buf;
1064
1065         optype = flags & CIFS_OP_MASK;
1066
1067         for (i = 0; i < num_rqst; i++)
1068                 resp_buf_type[i] = CIFS_NO_BUFFER;  /* no response buf yet */
1069
1070         if (!ses || !ses->server || !server) {
1071                 cifs_dbg(VFS, "Null session\n");
1072                 return -EIO;
1073         }
1074
1075         spin_lock(&server->srv_lock);
1076         if (server->tcpStatus == CifsExiting) {
1077                 spin_unlock(&server->srv_lock);
1078                 return -ENOENT;
1079         }
1080         spin_unlock(&server->srv_lock);
1081
1082         /*
1083          * Wait for all the requests to become available.
1084          * This approach still leaves the possibility to be stuck waiting for
1085          * credits if the server doesn't grant credits to the outstanding
1086          * requests and if the client is completely idle, not generating any
1087          * other requests.
1088          * This can be handled by the eventual session reconnect.
1089          */
1090         rc = wait_for_compound_request(server, num_rqst, flags,
1091                                        &instance);
1092         if (rc)
1093                 return rc;
1094
1095         for (i = 0; i < num_rqst; i++) {
1096                 credits[i].value = 1;
1097                 credits[i].instance = instance;
1098         }
1099
1100         /*
1101          * Make sure that we sign in the same order that we send on this socket
1102          * and avoid races inside tcp sendmsg code that could cause corruption
1103          * of smb data.
1104          */
1105
1106         cifs_server_lock(server);
1107
1108         /*
1109          * All the parts of the compound chain belong obtained credits from the
1110          * same session. We can not use credits obtained from the previous
1111          * session to send this request. Check if there were reconnects after
1112          * we obtained credits and return -EAGAIN in such cases to let callers
1113          * handle it.
1114          */
1115         if (instance != server->reconnect_instance) {
1116                 cifs_server_unlock(server);
1117                 for (j = 0; j < num_rqst; j++)
1118                         add_credits(server, &credits[j], optype);
1119                 return -EAGAIN;
1120         }
1121
1122         for (i = 0; i < num_rqst; i++) {
1123                 midQ[i] = server->ops->setup_request(ses, server, &rqst[i]);
1124                 if (IS_ERR(midQ[i])) {
1125                         revert_current_mid(server, i);
1126                         for (j = 0; j < i; j++)
1127                                 delete_mid(midQ[j]);
1128                         cifs_server_unlock(server);
1129
1130                         /* Update # of requests on wire to server */
1131                         for (j = 0; j < num_rqst; j++)
1132                                 add_credits(server, &credits[j], optype);
1133                         return PTR_ERR(midQ[i]);
1134                 }
1135
1136                 midQ[i]->mid_state = MID_REQUEST_SUBMITTED;
1137                 midQ[i]->optype = optype;
1138                 /*
1139                  * Invoke callback for every part of the compound chain
1140                  * to calculate credits properly. Wake up this thread only when
1141                  * the last element is received.
1142                  */
1143                 if (i < num_rqst - 1)
1144                         midQ[i]->callback = cifs_compound_callback;
1145                 else
1146                         midQ[i]->callback = cifs_compound_last_callback;
1147         }
1148         cifs_in_send_inc(server);
1149         rc = smb_send_rqst(server, num_rqst, rqst, flags);
1150         cifs_in_send_dec(server);
1151
1152         for (i = 0; i < num_rqst; i++)
1153                 cifs_save_when_sent(midQ[i]);
1154
1155         if (rc < 0) {
1156                 revert_current_mid(server, num_rqst);
1157                 server->sequence_number -= 2;
1158         }
1159
1160         cifs_server_unlock(server);
1161
1162         /*
1163          * If sending failed for some reason or it is an oplock break that we
1164          * will not receive a response to - return credits back
1165          */
1166         if (rc < 0 || (flags & CIFS_NO_SRV_RSP)) {
1167                 for (i = 0; i < num_rqst; i++)
1168                         add_credits(server, &credits[i], optype);
1169                 goto out;
1170         }
1171
1172         /*
1173          * At this point the request is passed to the network stack - we assume
1174          * that any credits taken from the server structure on the client have
1175          * been spent and we can't return them back. Once we receive responses
1176          * we will collect credits granted by the server in the mid callbacks
1177          * and add those credits to the server structure.
1178          */
1179
1180         /*
1181          * Compounding is never used during session establish.
1182          */
1183         spin_lock(&ses->ses_lock);
1184         if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) {
1185                 spin_unlock(&ses->ses_lock);
1186
1187                 cifs_server_lock(server);
1188                 smb311_update_preauth_hash(ses, server, rqst[0].rq_iov, rqst[0].rq_nvec);
1189                 cifs_server_unlock(server);
1190
1191                 spin_lock(&ses->ses_lock);
1192         }
1193         spin_unlock(&ses->ses_lock);
1194
1195         for (i = 0; i < num_rqst; i++) {
1196                 rc = wait_for_response(server, midQ[i]);
1197                 if (rc != 0)
1198                         break;
1199         }
1200         if (rc != 0) {
1201                 for (; i < num_rqst; i++) {
1202                         cifs_server_dbg(FYI, "Cancelling wait for mid %llu cmd: %d\n",
1203                                  midQ[i]->mid, le16_to_cpu(midQ[i]->command));
1204                         send_cancel(server, &rqst[i], midQ[i]);
1205                         spin_lock(&server->mid_lock);
1206                         midQ[i]->mid_flags |= MID_WAIT_CANCELLED;
1207                         if (midQ[i]->mid_state == MID_REQUEST_SUBMITTED) {
1208                                 midQ[i]->callback = cifs_cancelled_callback;
1209                                 cancelled_mid[i] = true;
1210                                 credits[i].value = 0;
1211                         }
1212                         spin_unlock(&server->mid_lock);
1213                 }
1214         }
1215
1216         for (i = 0; i < num_rqst; i++) {
1217                 if (rc < 0)
1218                         goto out;
1219
1220                 rc = cifs_sync_mid_result(midQ[i], server);
1221                 if (rc != 0) {
1222                         /* mark this mid as cancelled to not free it below */
1223                         cancelled_mid[i] = true;
1224                         goto out;
1225                 }
1226
1227                 if (!midQ[i]->resp_buf ||
1228                     midQ[i]->mid_state != MID_RESPONSE_RECEIVED) {
1229                         rc = -EIO;
1230                         cifs_dbg(FYI, "Bad MID state?\n");
1231                         goto out;
1232                 }
1233
1234                 buf = (char *)midQ[i]->resp_buf;
1235                 resp_iov[i].iov_base = buf;
1236                 resp_iov[i].iov_len = midQ[i]->resp_buf_size +
1237                         HEADER_PREAMBLE_SIZE(server);
1238
1239                 if (midQ[i]->large_buf)
1240                         resp_buf_type[i] = CIFS_LARGE_BUFFER;
1241                 else
1242                         resp_buf_type[i] = CIFS_SMALL_BUFFER;
1243
1244                 rc = server->ops->check_receive(midQ[i], server,
1245                                                      flags & CIFS_LOG_ERROR);
1246
1247                 /* mark it so buf will not be freed by delete_mid */
1248                 if ((flags & CIFS_NO_RSP_BUF) == 0)
1249                         midQ[i]->resp_buf = NULL;
1250
1251         }
1252
1253         /*
1254          * Compounding is never used during session establish.
1255          */
1256         spin_lock(&ses->ses_lock);
1257         if ((ses->ses_status == SES_NEW) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) {
1258                 struct kvec iov = {
1259                         .iov_base = resp_iov[0].iov_base,
1260                         .iov_len = resp_iov[0].iov_len
1261                 };
1262                 spin_unlock(&ses->ses_lock);
1263                 cifs_server_lock(server);
1264                 smb311_update_preauth_hash(ses, server, &iov, 1);
1265                 cifs_server_unlock(server);
1266                 spin_lock(&ses->ses_lock);
1267         }
1268         spin_unlock(&ses->ses_lock);
1269
1270 out:
1271         /*
1272          * This will dequeue all mids. After this it is important that the
1273          * demultiplex_thread will not process any of these mids any futher.
1274          * This is prevented above by using a noop callback that will not
1275          * wake this thread except for the very last PDU.
1276          */
1277         for (i = 0; i < num_rqst; i++) {
1278                 if (!cancelled_mid[i])
1279                         delete_mid(midQ[i]);
1280         }
1281
1282         return rc;
1283 }
1284
1285 int
1286 cifs_send_recv(const unsigned int xid, struct cifs_ses *ses,
1287                struct TCP_Server_Info *server,
1288                struct smb_rqst *rqst, int *resp_buf_type, const int flags,
1289                struct kvec *resp_iov)
1290 {
1291         return compound_send_recv(xid, ses, server, flags, 1,
1292                                   rqst, resp_buf_type, resp_iov);
1293 }
1294
1295 int
1296 SendReceive2(const unsigned int xid, struct cifs_ses *ses,
1297              struct kvec *iov, int n_vec, int *resp_buf_type /* ret */,
1298              const int flags, struct kvec *resp_iov)
1299 {
1300         struct smb_rqst rqst;
1301         struct kvec s_iov[CIFS_MAX_IOV_SIZE], *new_iov;
1302         int rc;
1303
1304         if (n_vec + 1 > CIFS_MAX_IOV_SIZE) {
1305                 new_iov = kmalloc_array(n_vec + 1, sizeof(struct kvec),
1306                                         GFP_KERNEL);
1307                 if (!new_iov) {
1308                         /* otherwise cifs_send_recv below sets resp_buf_type */
1309                         *resp_buf_type = CIFS_NO_BUFFER;
1310                         return -ENOMEM;
1311                 }
1312         } else
1313                 new_iov = s_iov;
1314
1315         /* 1st iov is a RFC1001 length followed by the rest of the packet */
1316         memcpy(new_iov + 1, iov, (sizeof(struct kvec) * n_vec));
1317
1318         new_iov[0].iov_base = new_iov[1].iov_base;
1319         new_iov[0].iov_len = 4;
1320         new_iov[1].iov_base += 4;
1321         new_iov[1].iov_len -= 4;
1322
1323         memset(&rqst, 0, sizeof(struct smb_rqst));
1324         rqst.rq_iov = new_iov;
1325         rqst.rq_nvec = n_vec + 1;
1326
1327         rc = cifs_send_recv(xid, ses, ses->server,
1328                             &rqst, resp_buf_type, flags, resp_iov);
1329         if (n_vec + 1 > CIFS_MAX_IOV_SIZE)
1330                 kfree(new_iov);
1331         return rc;
1332 }
1333
1334 int
1335 SendReceive(const unsigned int xid, struct cifs_ses *ses,
1336             struct smb_hdr *in_buf, struct smb_hdr *out_buf,
1337             int *pbytes_returned, const int flags)
1338 {
1339         int rc = 0;
1340         struct mid_q_entry *midQ;
1341         unsigned int len = be32_to_cpu(in_buf->smb_buf_length);
1342         struct kvec iov = { .iov_base = in_buf, .iov_len = len };
1343         struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 };
1344         struct cifs_credits credits = { .value = 1, .instance = 0 };
1345         struct TCP_Server_Info *server;
1346
1347         if (ses == NULL) {
1348                 cifs_dbg(VFS, "Null smb session\n");
1349                 return -EIO;
1350         }
1351         server = ses->server;
1352         if (server == NULL) {
1353                 cifs_dbg(VFS, "Null tcp session\n");
1354                 return -EIO;
1355         }
1356
1357         spin_lock(&server->srv_lock);
1358         if (server->tcpStatus == CifsExiting) {
1359                 spin_unlock(&server->srv_lock);
1360                 return -ENOENT;
1361         }
1362         spin_unlock(&server->srv_lock);
1363
1364         /* Ensure that we do not send more than 50 overlapping requests
1365            to the same server. We may make this configurable later or
1366            use ses->maxReq */
1367
1368         if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
1369                 cifs_server_dbg(VFS, "Invalid length, greater than maximum frame, %d\n",
1370                                 len);
1371                 return -EIO;
1372         }
1373
1374         rc = wait_for_free_request(server, flags, &credits.instance);
1375         if (rc)
1376                 return rc;
1377
1378         /* make sure that we sign in the same order that we send on this socket
1379            and avoid races inside tcp sendmsg code that could cause corruption
1380            of smb data */
1381
1382         cifs_server_lock(server);
1383
1384         rc = allocate_mid(ses, in_buf, &midQ);
1385         if (rc) {
1386                 cifs_server_unlock(server);
1387                 /* Update # of requests on wire to server */
1388                 add_credits(server, &credits, 0);
1389                 return rc;
1390         }
1391
1392         rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number);
1393         if (rc) {
1394                 cifs_server_unlock(server);
1395                 goto out;
1396         }
1397
1398         midQ->mid_state = MID_REQUEST_SUBMITTED;
1399
1400         cifs_in_send_inc(server);
1401         rc = smb_send(server, in_buf, len);
1402         cifs_in_send_dec(server);
1403         cifs_save_when_sent(midQ);
1404
1405         if (rc < 0)
1406                 server->sequence_number -= 2;
1407
1408         cifs_server_unlock(server);
1409
1410         if (rc < 0)
1411                 goto out;
1412
1413         rc = wait_for_response(server, midQ);
1414         if (rc != 0) {
1415                 send_cancel(server, &rqst, midQ);
1416                 spin_lock(&server->mid_lock);
1417                 if (midQ->mid_state == MID_REQUEST_SUBMITTED) {
1418                         /* no longer considered to be "in-flight" */
1419                         midQ->callback = release_mid;
1420                         spin_unlock(&server->mid_lock);
1421                         add_credits(server, &credits, 0);
1422                         return rc;
1423                 }
1424                 spin_unlock(&server->mid_lock);
1425         }
1426
1427         rc = cifs_sync_mid_result(midQ, server);
1428         if (rc != 0) {
1429                 add_credits(server, &credits, 0);
1430                 return rc;
1431         }
1432
1433         if (!midQ->resp_buf || !out_buf ||
1434             midQ->mid_state != MID_RESPONSE_RECEIVED) {
1435                 rc = -EIO;
1436                 cifs_server_dbg(VFS, "Bad MID state?\n");
1437                 goto out;
1438         }
1439
1440         *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
1441         memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1442         rc = cifs_check_receive(midQ, server, 0);
1443 out:
1444         delete_mid(midQ);
1445         add_credits(server, &credits, 0);
1446
1447         return rc;
1448 }
1449
1450 /* We send a LOCKINGX_CANCEL_LOCK to cause the Windows
1451    blocking lock to return. */
1452
1453 static int
1454 send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon,
1455                         struct smb_hdr *in_buf,
1456                         struct smb_hdr *out_buf)
1457 {
1458         int bytes_returned;
1459         struct cifs_ses *ses = tcon->ses;
1460         LOCK_REQ *pSMB = (LOCK_REQ *)in_buf;
1461
1462         /* We just modify the current in_buf to change
1463            the type of lock from LOCKING_ANDX_SHARED_LOCK
1464            or LOCKING_ANDX_EXCLUSIVE_LOCK to
1465            LOCKING_ANDX_CANCEL_LOCK. */
1466
1467         pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES;
1468         pSMB->Timeout = 0;
1469         pSMB->hdr.Mid = get_next_mid(ses->server);
1470
1471         return SendReceive(xid, ses, in_buf, out_buf,
1472                         &bytes_returned, 0);
1473 }
1474
1475 int
1476 SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon,
1477             struct smb_hdr *in_buf, struct smb_hdr *out_buf,
1478             int *pbytes_returned)
1479 {
1480         int rc = 0;
1481         int rstart = 0;
1482         struct mid_q_entry *midQ;
1483         struct cifs_ses *ses;
1484         unsigned int len = be32_to_cpu(in_buf->smb_buf_length);
1485         struct kvec iov = { .iov_base = in_buf, .iov_len = len };
1486         struct smb_rqst rqst = { .rq_iov = &iov, .rq_nvec = 1 };
1487         unsigned int instance;
1488         struct TCP_Server_Info *server;
1489
1490         if (tcon == NULL || tcon->ses == NULL) {
1491                 cifs_dbg(VFS, "Null smb session\n");
1492                 return -EIO;
1493         }
1494         ses = tcon->ses;
1495         server = ses->server;
1496
1497         if (server == NULL) {
1498                 cifs_dbg(VFS, "Null tcp session\n");
1499                 return -EIO;
1500         }
1501
1502         spin_lock(&server->srv_lock);
1503         if (server->tcpStatus == CifsExiting) {
1504                 spin_unlock(&server->srv_lock);
1505                 return -ENOENT;
1506         }
1507         spin_unlock(&server->srv_lock);
1508
1509         /* Ensure that we do not send more than 50 overlapping requests
1510            to the same server. We may make this configurable later or
1511            use ses->maxReq */
1512
1513         if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
1514                 cifs_tcon_dbg(VFS, "Invalid length, greater than maximum frame, %d\n",
1515                               len);
1516                 return -EIO;
1517         }
1518
1519         rc = wait_for_free_request(server, CIFS_BLOCKING_OP, &instance);
1520         if (rc)
1521                 return rc;
1522
1523         /* make sure that we sign in the same order that we send on this socket
1524            and avoid races inside tcp sendmsg code that could cause corruption
1525            of smb data */
1526
1527         cifs_server_lock(server);
1528
1529         rc = allocate_mid(ses, in_buf, &midQ);
1530         if (rc) {
1531                 cifs_server_unlock(server);
1532                 return rc;
1533         }
1534
1535         rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number);
1536         if (rc) {
1537                 delete_mid(midQ);
1538                 cifs_server_unlock(server);
1539                 return rc;
1540         }
1541
1542         midQ->mid_state = MID_REQUEST_SUBMITTED;
1543         cifs_in_send_inc(server);
1544         rc = smb_send(server, in_buf, len);
1545         cifs_in_send_dec(server);
1546         cifs_save_when_sent(midQ);
1547
1548         if (rc < 0)
1549                 server->sequence_number -= 2;
1550
1551         cifs_server_unlock(server);
1552
1553         if (rc < 0) {
1554                 delete_mid(midQ);
1555                 return rc;
1556         }
1557
1558         /* Wait for a reply - allow signals to interrupt. */
1559         rc = wait_event_interruptible(server->response_q,
1560                 (!(midQ->mid_state == MID_REQUEST_SUBMITTED)) ||
1561                 ((server->tcpStatus != CifsGood) &&
1562                  (server->tcpStatus != CifsNew)));
1563
1564         /* Were we interrupted by a signal ? */
1565         spin_lock(&server->srv_lock);
1566         if ((rc == -ERESTARTSYS) &&
1567                 (midQ->mid_state == MID_REQUEST_SUBMITTED) &&
1568                 ((server->tcpStatus == CifsGood) ||
1569                  (server->tcpStatus == CifsNew))) {
1570                 spin_unlock(&server->srv_lock);
1571
1572                 if (in_buf->Command == SMB_COM_TRANSACTION2) {
1573                         /* POSIX lock. We send a NT_CANCEL SMB to cause the
1574                            blocking lock to return. */
1575                         rc = send_cancel(server, &rqst, midQ);
1576                         if (rc) {
1577                                 delete_mid(midQ);
1578                                 return rc;
1579                         }
1580                 } else {
1581                         /* Windows lock. We send a LOCKINGX_CANCEL_LOCK
1582                            to cause the blocking lock to return. */
1583
1584                         rc = send_lock_cancel(xid, tcon, in_buf, out_buf);
1585
1586                         /* If we get -ENOLCK back the lock may have
1587                            already been removed. Don't exit in this case. */
1588                         if (rc && rc != -ENOLCK) {
1589                                 delete_mid(midQ);
1590                                 return rc;
1591                         }
1592                 }
1593
1594                 rc = wait_for_response(server, midQ);
1595                 if (rc) {
1596                         send_cancel(server, &rqst, midQ);
1597                         spin_lock(&server->mid_lock);
1598                         if (midQ->mid_state == MID_REQUEST_SUBMITTED) {
1599                                 /* no longer considered to be "in-flight" */
1600                                 midQ->callback = release_mid;
1601                                 spin_unlock(&server->mid_lock);
1602                                 return rc;
1603                         }
1604                         spin_unlock(&server->mid_lock);
1605                 }
1606
1607                 /* We got the response - restart system call. */
1608                 rstart = 1;
1609                 spin_lock(&server->srv_lock);
1610         }
1611         spin_unlock(&server->srv_lock);
1612
1613         rc = cifs_sync_mid_result(midQ, server);
1614         if (rc != 0)
1615                 return rc;
1616
1617         /* rcvd frame is ok */
1618         if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_RECEIVED) {
1619                 rc = -EIO;
1620                 cifs_tcon_dbg(VFS, "Bad MID state?\n");
1621                 goto out;
1622         }
1623
1624         *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
1625         memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1626         rc = cifs_check_receive(midQ, server, 0);
1627 out:
1628         delete_mid(midQ);
1629         if (rstart && rc == -EACCES)
1630                 return -ERESTARTSYS;
1631         return rc;
1632 }
1633
1634 /*
1635  * Discard any remaining data in the current SMB. To do this, we borrow the
1636  * current bigbuf.
1637  */
1638 int
1639 cifs_discard_remaining_data(struct TCP_Server_Info *server)
1640 {
1641         unsigned int rfclen = server->pdu_size;
1642         int remaining = rfclen + HEADER_PREAMBLE_SIZE(server) -
1643                 server->total_read;
1644
1645         while (remaining > 0) {
1646                 int length;
1647
1648                 length = cifs_discard_from_socket(server,
1649                                 min_t(size_t, remaining,
1650                                       CIFSMaxBufSize + MAX_HEADER_SIZE(server)));
1651                 if (length < 0)
1652                         return length;
1653                 server->total_read += length;
1654                 remaining -= length;
1655         }
1656
1657         return 0;
1658 }
1659
1660 static int
1661 __cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid,
1662                      bool malformed)
1663 {
1664         int length;
1665
1666         length = cifs_discard_remaining_data(server);
1667         dequeue_mid(mid, malformed);
1668         mid->resp_buf = server->smallbuf;
1669         server->smallbuf = NULL;
1670         return length;
1671 }
1672
1673 static int
1674 cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid)
1675 {
1676         struct cifs_readdata *rdata = mid->callback_data;
1677
1678         return  __cifs_readv_discard(server, mid, rdata->result);
1679 }
1680
1681 int
1682 cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid)
1683 {
1684         int length, len;
1685         unsigned int data_offset, data_len;
1686         struct cifs_readdata *rdata = mid->callback_data;
1687         char *buf = server->smallbuf;
1688         unsigned int buflen = server->pdu_size + HEADER_PREAMBLE_SIZE(server);
1689         bool use_rdma_mr = false;
1690
1691         cifs_dbg(FYI, "%s: mid=%llu offset=%llu bytes=%u\n",
1692                  __func__, mid->mid, rdata->offset, rdata->bytes);
1693
1694         /*
1695          * read the rest of READ_RSP header (sans Data array), or whatever we
1696          * can if there's not enough data. At this point, we've read down to
1697          * the Mid.
1698          */
1699         len = min_t(unsigned int, buflen, server->vals->read_rsp_size) -
1700                                                         HEADER_SIZE(server) + 1;
1701
1702         length = cifs_read_from_socket(server,
1703                                        buf + HEADER_SIZE(server) - 1, len);
1704         if (length < 0)
1705                 return length;
1706         server->total_read += length;
1707
1708         if (server->ops->is_session_expired &&
1709             server->ops->is_session_expired(buf)) {
1710                 cifs_reconnect(server, true);
1711                 return -1;
1712         }
1713
1714         if (server->ops->is_status_pending &&
1715             server->ops->is_status_pending(buf, server)) {
1716                 cifs_discard_remaining_data(server);
1717                 return -1;
1718         }
1719
1720         /* set up first two iov for signature check and to get credits */
1721         rdata->iov[0].iov_base = buf;
1722         rdata->iov[0].iov_len = HEADER_PREAMBLE_SIZE(server);
1723         rdata->iov[1].iov_base = buf + HEADER_PREAMBLE_SIZE(server);
1724         rdata->iov[1].iov_len =
1725                 server->total_read - HEADER_PREAMBLE_SIZE(server);
1726         cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu\n",
1727                  rdata->iov[0].iov_base, rdata->iov[0].iov_len);
1728         cifs_dbg(FYI, "1: iov_base=%p iov_len=%zu\n",
1729                  rdata->iov[1].iov_base, rdata->iov[1].iov_len);
1730
1731         /* Was the SMB read successful? */
1732         rdata->result = server->ops->map_error(buf, false);
1733         if (rdata->result != 0) {
1734                 cifs_dbg(FYI, "%s: server returned error %d\n",
1735                          __func__, rdata->result);
1736                 /* normal error on read response */
1737                 return __cifs_readv_discard(server, mid, false);
1738         }
1739
1740         /* Is there enough to get to the rest of the READ_RSP header? */
1741         if (server->total_read < server->vals->read_rsp_size) {
1742                 cifs_dbg(FYI, "%s: server returned short header. got=%u expected=%zu\n",
1743                          __func__, server->total_read,
1744                          server->vals->read_rsp_size);
1745                 rdata->result = -EIO;
1746                 return cifs_readv_discard(server, mid);
1747         }
1748
1749         data_offset = server->ops->read_data_offset(buf) +
1750                 HEADER_PREAMBLE_SIZE(server);
1751         if (data_offset < server->total_read) {
1752                 /*
1753                  * win2k8 sometimes sends an offset of 0 when the read
1754                  * is beyond the EOF. Treat it as if the data starts just after
1755                  * the header.
1756                  */
1757                 cifs_dbg(FYI, "%s: data offset (%u) inside read response header\n",
1758                          __func__, data_offset);
1759                 data_offset = server->total_read;
1760         } else if (data_offset > MAX_CIFS_SMALL_BUFFER_SIZE) {
1761                 /* data_offset is beyond the end of smallbuf */
1762                 cifs_dbg(FYI, "%s: data offset (%u) beyond end of smallbuf\n",
1763                          __func__, data_offset);
1764                 rdata->result = -EIO;
1765                 return cifs_readv_discard(server, mid);
1766         }
1767
1768         cifs_dbg(FYI, "%s: total_read=%u data_offset=%u\n",
1769                  __func__, server->total_read, data_offset);
1770
1771         len = data_offset - server->total_read;
1772         if (len > 0) {
1773                 /* read any junk before data into the rest of smallbuf */
1774                 length = cifs_read_from_socket(server,
1775                                                buf + server->total_read, len);
1776                 if (length < 0)
1777                         return length;
1778                 server->total_read += length;
1779         }
1780
1781         /* how much data is in the response? */
1782 #ifdef CONFIG_CIFS_SMB_DIRECT
1783         use_rdma_mr = rdata->mr;
1784 #endif
1785         data_len = server->ops->read_data_length(buf, use_rdma_mr);
1786         if (!use_rdma_mr && (data_offset + data_len > buflen)) {
1787                 /* data_len is corrupt -- discard frame */
1788                 rdata->result = -EIO;
1789                 return cifs_readv_discard(server, mid);
1790         }
1791
1792         length = rdata->read_into_pages(server, rdata, data_len);
1793         if (length < 0)
1794                 return length;
1795
1796         server->total_read += length;
1797
1798         cifs_dbg(FYI, "total_read=%u buflen=%u remaining=%u\n",
1799                  server->total_read, buflen, data_len);
1800
1801         /* discard anything left over */
1802         if (server->total_read < buflen)
1803                 return cifs_readv_discard(server, mid);
1804
1805         dequeue_mid(mid, false);
1806         mid->resp_buf = server->smallbuf;
1807         server->smallbuf = NULL;
1808         return length;
1809 }