]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - fs/cifs/transport.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
mm: fix null pointer dereference in wait_iff_congested()
[mirror_ubuntu-bionic-kernel.git] / fs / cifs / transport.c
CommitLineData
1da177e4
LT		 1/*
2 * fs/cifs/transport.c
3 *
ad7a2926 4 * Copyright (C) International Business Machines Corp., 2002,2008
1da177e4 5 * Author(s): Steve French (sfrench@us.ibm.com)
14a441a2 6 * Jeremy Allison (jra@samba.org) 2006.
79a58d1f 7 *
1da177e4
LT		 8 * This library is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU Lesser General Public License as published
10 * by the Free Software Foundation; either version 2.1 of the License, or
11 * (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
16 * the GNU Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this library; if not, write to the Free Software
79a58d1f 20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
1da177e4
LT		 21 */
22
23#include <linux/fs.h>
24#include <linux/list.h>
5a0e3ad6 25#include <linux/gfp.h>
1da177e4
LT		 26#include <linux/wait.h>
27#include <linux/net.h>
28#include <linux/delay.h>
f06ac72e 29#include <linux/freezer.h>
b8eed283 30#include <linux/tcp.h>
97bc00b3 31#include <linux/highmem.h>
1da177e4
LT		 32#include <asm/uaccess.h>
33#include <asm/processor.h>
34#include <linux/mempool.h>
35#include "cifspdu.h"
36#include "cifsglob.h"
37#include "cifsproto.h"
38#include "cifs_debug.h"
50c2f753 39
2dc7e1c0
PS		 40void
41cifs_wake_up_task(struct mid_q_entry *mid)
2b84a36c
JL		 42{
43 wake_up_process(mid->callback_data);
44}
45
a6827c18 46struct mid_q_entry *
24b9b06b 47AllocMidQEntry(const struct smb_hdr *smb_buffer, struct TCP_Server_Info *server)
1da177e4
LT		 48{
49 struct mid_q_entry *temp;
50
24b9b06b 51 if (server == NULL) {
b6b38f70 52 cERROR(1, "Null TCP session in AllocMidQEntry");
1da177e4
LT		 53 return NULL;
54 }
50c2f753 55
232087cb 56 temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
1da177e4
LT		 57 if (temp == NULL)
58 return temp;
59 else {
26f57364 60 memset(temp, 0, sizeof(struct mid_q_entry));
1da177e4
LT		 61 temp->mid = smb_buffer->Mid; /* always LE */
62 temp->pid = current->pid;
7c9421e1
PS		 63 temp->command = cpu_to_le16(smb_buffer->Command);
64 cFYI(1, "For smb_command %d", smb_buffer->Command);
1047abc1
SF		 65 /* do_gettimeofday(&temp->when_sent);*/ /* easier to use jiffies */
66 /* when mid allocated can be before when sent */
67 temp->when_alloc = jiffies;
2dc7e1c0 68 temp->server = server;
2b84a36c
JL		 69
70 /*
71 * The default is for the mid to be synchronous, so the
72 * default callback just wakes up the current task.
73 */
2dc7e1c0 74 temp->callback = cifs_wake_up_task;
2b84a36c 75 temp->callback_data = current;
1da177e4
LT		 76 }
77
1da177e4 78 atomic_inc(&midCount);
7c9421e1 79 temp->mid_state = MID_REQUEST_ALLOCATED;
1da177e4
LT		 80 return temp;
81}
82
766fdbb5 83void
1da177e4
LT		 84DeleteMidQEntry(struct mid_q_entry *midEntry)
85{
1047abc1 86#ifdef CONFIG_CIFS_STATS2
2dc7e1c0 87 __le16 command = midEntry->server->vals->lock_cmd;
1047abc1
SF		 88 unsigned long now;
89#endif
7c9421e1 90 midEntry->mid_state = MID_FREE;
8097531a 91 atomic_dec(&midCount);
7c9421e1 92 if (midEntry->large_buf)
b8643e1b
SF		 93 cifs_buf_release(midEntry->resp_buf);
94 else
95 cifs_small_buf_release(midEntry->resp_buf);
1047abc1
SF		 96#ifdef CONFIG_CIFS_STATS2
97 now = jiffies;
98 /* commands taking longer than one second are indications that
99 something is wrong, unless it is quite a slow link or server */
79a58d1f 100 if ((now - midEntry->when_alloc) > HZ) {
2dc7e1c0 101 if ((cifsFYI & CIFS_TIMER) && (midEntry->command != command)) {
7c9421e1 102 printk(KERN_DEBUG " CIFS slow rsp: cmd %d mid %llu",
1047abc1
SF		 103 midEntry->command, midEntry->mid);
104 printk(" A: 0x%lx S: 0x%lx R: 0x%lx\n",
105 now - midEntry->when_alloc,
106 now - midEntry->when_sent,
107 now - midEntry->when_received);
108 }
109 }
110#endif
1da177e4
LT		 111 mempool_free(midEntry, cifs_mid_poolp);
112}
113
3c1bf7e4
PS		 114void
115cifs_delete_mid(struct mid_q_entry *mid)
ddc8cf8f
JL		 116{
117 spin_lock(&GlobalMid_Lock);
118 list_del(&mid->qhead);
119 spin_unlock(&GlobalMid_Lock);
120
121 DeleteMidQEntry(mid);
122}
123
6f49f46b
JL		 124/*
125 * smb_send_kvec - send an array of kvecs to the server
126 * @server: Server to send the data to
127 * @iov: Pointer to array of kvecs
128 * @n_vec: length of kvec array
129 * @sent: amount of data sent on socket is stored here
130 *
131 * Our basic "send data to server" function. Should be called with srv_mutex
132 * held. The caller is responsible for handling the results.
133 */
d6e04ae6 134static int
6f49f46b
JL		 135smb_send_kvec(struct TCP_Server_Info *server, struct kvec *iov, size_t n_vec,
136 size_t *sent)
1da177e4
LT		 137{
138 int rc = 0;
139 int i = 0;
140 struct msghdr smb_msg;
6f49f46b
JL		 141 unsigned int remaining;
142 size_t first_vec = 0;
edf1ae40 143 struct socket *ssocket = server->ssocket;
50c2f753 144
6f49f46b
JL		 145 *sent = 0;
146
79a58d1f 147 if (ssocket == NULL)
1da177e4 148 return -ENOTSOCK; /* BB eventually add reconnect code here */
3e84469d 149
a9f1b85e 150 smb_msg.msg_name = (struct sockaddr *) &server->dstaddr;
26f57364 151 smb_msg.msg_namelen = sizeof(struct sockaddr);
1da177e4
LT		 152 smb_msg.msg_control = NULL;
153 smb_msg.msg_controllen = 0;
0496e02d 154 if (server->noblocksnd)
edf1ae40
SF		 155 smb_msg.msg_flags = MSG_DONTWAIT + MSG_NOSIGNAL;
156 else
157 smb_msg.msg_flags = MSG_NOSIGNAL;
1da177e4 158
6f49f46b 159 remaining = 0;
3e84469d 160 for (i = 0; i < n_vec; i++)
6f49f46b 161 remaining += iov[i].iov_len;
1da177e4 162
17680356 163 i = 0;
6f49f46b
JL		 164 while (remaining) {
165 /*
166 * If blocking send, we try 3 times, since each can block
167 * for 5 seconds. For nonblocking we have to try more
168 * but wait increasing amounts of time allowing time for
169 * socket to clear. The overall time we wait in either
170 * case to send on the socket is about 15 seconds.
171 * Similarly we wait for 15 seconds for a response from
172 * the server in SendReceive[2] for the server to send
173 * a response back for most types of requests (except
174 * SMB Write past end of file which can be slow, and
175 * blocking lock operations). NFS waits slightly longer
176 * than CIFS, but this can make it take longer for
177 * nonresponsive servers to be detected and 15 seconds
178 * is more than enough time for modern networks to
179 * send a packet. In most cases if we fail to send
180 * after the retries we will kill the socket and
181 * reconnect which may clear the network problem.
182 */
3e84469d 183 rc = kernel_sendmsg(ssocket, &smb_msg, &iov[first_vec],
6f49f46b
JL		 184 n_vec - first_vec, remaining);
185 if (rc == -ENOSPC || rc == -EAGAIN) {
b7a10626
SF		 186 /*
187 * Catch if a low level driver returns -ENOSPC. This
188 * WARN_ON will be removed by 3.10 if no one reports
189 * seeing this.
190 */
191 WARN_ON_ONCE(rc == -ENOSPC);
1da177e4 192 i++;
6f49f46b
JL		 193 if (i >= 14 || (!server->noblocksnd && (i > 2))) {
194 cERROR(1, "sends on sock %p stuck for 15 "
195 "seconds", ssocket);
1da177e4
LT		 196 rc = -EAGAIN;
197 break;
198 }
68058e75 199 msleep(1 << i);
1da177e4
LT		 200 continue;
201 }
6f49f46b 202
79a58d1f 203 if (rc < 0)
1da177e4 204 break;
3e84469d 205
6f49f46b
JL		 206 /* send was at least partially successful */
207 *sent += rc;
208
209 if (rc == remaining) {
210 remaining = 0;
61de800d 211 break;
6f49f46b
JL		 212 }
213
214 if (rc > remaining) {
215 cERROR(1, "sent %d requested %d", rc, remaining);
3e84469d
SF		 216 break;
217 }
6f49f46b 218
79a58d1f 219 if (rc == 0) {
3e84469d
SF		 220 /* should never happen, letting socket clear before
221 retrying is our only obvious option here */
b6b38f70 222 cERROR(1, "tcp sent no data");
3e84469d
SF		 223 msleep(500);
224 continue;
d6e04ae6 225 }
6f49f46b
JL		 226
227 remaining -= rc;
228
68058e75 229 /* the line below resets i */
3e84469d
SF		 230 for (i = first_vec; i < n_vec; i++) {
231 if (iov[i].iov_len) {
232 if (rc > iov[i].iov_len) {
233 rc -= iov[i].iov_len;
234 iov[i].iov_len = 0;
235 } else {
236 iov[i].iov_base += rc;
237 iov[i].iov_len -= rc;
238 first_vec = i;
239 break;
240 }
241 }
d6e04ae6 242 }
6f49f46b 243
5e1253b5 244 i = 0; /* in case we get ENOSPC on the next send */
6f49f46b 245 rc = 0;
1da177e4 246 }
6f49f46b
JL		 247 return rc;
248}
249
97bc00b3
JL		 250/**
251 * rqst_page_to_kvec - Turn a slot in the smb_rqst page array into a kvec
252 * @rqst: pointer to smb_rqst
253 * @idx: index into the array of the page
254 * @iov: pointer to struct kvec that will hold the result
255 *
256 * Helper function to convert a slot in the rqst->rq_pages array into a kvec.
257 * The page will be kmapped and the address placed into iov_base. The length
258 * will then be adjusted according to the ptailoff.
259 */
fb308a6f 260void
97bc00b3
JL		 261cifs_rqst_page_to_kvec(struct smb_rqst *rqst, unsigned int idx,
262 struct kvec *iov)
263{
264 /*
265 * FIXME: We could avoid this kmap altogether if we used
266 * kernel_sendpage instead of kernel_sendmsg. That will only
267 * work if signing is disabled though as sendpage inlines the
268 * page directly into the fraglist. If userspace modifies the
269 * page after we calculate the signature, then the server will
270 * reject it and may break the connection. kernel_sendmsg does
271 * an extra copy of the data and avoids that issue.
272 */
273 iov->iov_base = kmap(rqst->rq_pages[idx]);
274
275 /* if last page, don't send beyond this offset into page */
276 if (idx == (rqst->rq_npages - 1))
277 iov->iov_len = rqst->rq_tailsz;
278 else
279 iov->iov_len = rqst->rq_pagesz;
280}
281
6f49f46b
JL		 282static int
283smb_send_rqst(struct TCP_Server_Info *server, struct smb_rqst *rqst)
284{
285 int rc;
286 struct kvec *iov = rqst->rq_iov;
287 int n_vec = rqst->rq_nvec;
288 unsigned int smb_buf_length = get_rfc1002_length(iov[0].iov_base);
97bc00b3
JL		 289 unsigned int i;
290 size_t total_len = 0, sent;
b8eed283
JL		 291 struct socket *ssocket = server->ssocket;
292 int val = 1;
6f49f46b
JL		 293
294 cFYI(1, "Sending smb: smb_len=%u", smb_buf_length);
295 dump_smb(iov[0].iov_base, iov[0].iov_len);
296
b8eed283
JL		 297 /* cork the socket */
298 kernel_setsockopt(ssocket, SOL_TCP, TCP_CORK,
299 (char *)&val, sizeof(val));
300
97bc00b3
JL		 301 rc = smb_send_kvec(server, iov, n_vec, &sent);
302 if (rc < 0)
303 goto uncork;
304
305 total_len += sent;
306
307 /* now walk the page array and send each page in it */
308 for (i = 0; i < rqst->rq_npages; i++) {
309 struct kvec p_iov;
310
311 cifs_rqst_page_to_kvec(rqst, i, &p_iov);
312 rc = smb_send_kvec(server, &p_iov, 1, &sent);
313 kunmap(rqst->rq_pages[i]);
314 if (rc < 0)
315 break;
316
317 total_len += sent;
318 }
1da177e4 319
97bc00b3 320uncork:
b8eed283
JL		 321 /* uncork it */
322 val = 0;
323 kernel_setsockopt(ssocket, SOL_TCP, TCP_CORK,
324 (char *)&val, sizeof(val));
325
edf1ae40 326 if ((total_len > 0) && (total_len != smb_buf_length + 4)) {
6f49f46b
JL		 327 cFYI(1, "partial send (wanted=%u sent=%zu): terminating "
328 "session", smb_buf_length + 4, total_len);
329 /*
330 * If we have only sent part of an SMB then the next SMB could
331 * be taken as the remainder of this one. We need to kill the
332 * socket so the server throws away the partial SMB
333 */
edf1ae40
SF		 334 server->tcpStatus = CifsNeedReconnect;
335 }
336
d804d41d 337 if (rc < 0 && rc != -EINTR)
b6b38f70 338 cERROR(1, "Error %d sending data on socket to server", rc);
d804d41d 339 else
1da177e4 340 rc = 0;
1da177e4
LT		 341
342 return rc;
343}
344
6f49f46b
JL		 345static int
346smb_sendv(struct TCP_Server_Info *server, struct kvec *iov, int n_vec)
347{
348 struct smb_rqst rqst = { .rq_iov = iov,
349 .rq_nvec = n_vec };
350
351 return smb_send_rqst(server, &rqst);
352}
353
0496e02d
JL		 354int
355smb_send(struct TCP_Server_Info *server, struct smb_hdr *smb_buffer,
356 unsigned int smb_buf_length)
357{
358 struct kvec iov;
359
360 iov.iov_base = smb_buffer;
361 iov.iov_len = smb_buf_length + 4;
362
363 return smb_sendv(server, &iov, 1);
364}
365
fc40f9cf 366static int
a891f0f8 367wait_for_free_credits(struct TCP_Server_Info *server, const int timeout,
bc205ed1 368 int *credits)
1da177e4 369{
5bc59498
PS		 370 int rc;
371
fc40f9cf 372 spin_lock(&server->req_lock);
a891f0f8 373 if (timeout == CIFS_ASYNC_OP) {
1da177e4 374 /* oplock breaks must not be held up */
fc40f9cf 375 server->in_flight++;
bc205ed1 376 *credits -= 1;
fc40f9cf 377 spin_unlock(&server->req_lock);
27a97a61
VL		 378 return 0;
379 }
380
27a97a61 381 while (1) {
bc205ed1 382 if (*credits <= 0) {
fc40f9cf 383 spin_unlock(&server->req_lock);
789e6661 384 cifs_num_waiters_inc(server);
5bc59498 385 rc = wait_event_killable(server->request_q,
bc205ed1 386 has_credits(server, credits));
789e6661 387 cifs_num_waiters_dec(server);
5bc59498
PS		 388 if (rc)
389 return rc;
fc40f9cf 390 spin_lock(&server->req_lock);
27a97a61 391 } else {
c5797a94 392 if (server->tcpStatus == CifsExiting) {
fc40f9cf 393 spin_unlock(&server->req_lock);
27a97a61 394 return -ENOENT;
1da177e4 395 }
27a97a61 396
2d86dbc9
PS		 397 /*
398 * Can not count locking commands against total
399 * as they are allowed to block on server.
400 */
27a97a61
VL		 401
402 /* update # of requests on the wire to server */
a891f0f8 403 if (timeout != CIFS_BLOCKING_OP) {
bc205ed1 404 *credits -= 1;
fc40f9cf 405 server->in_flight++;
2d86dbc9 406 }
fc40f9cf 407 spin_unlock(&server->req_lock);
27a97a61 408 break;
1da177e4
LT		 409 }
410 }
7ee1af76
JA		 411 return 0;
412}
1da177e4 413
bc205ed1 414static int
a891f0f8
PS		 415wait_for_free_request(struct TCP_Server_Info *server, const int timeout,
416 const int optype)
bc205ed1 417{
a891f0f8
PS		 418 return wait_for_free_credits(server, timeout,
419 server->ops->get_credits_field(server, optype));
bc205ed1
PS		 420}
421
96daf2b0 422static int allocate_mid(struct cifs_ses *ses, struct smb_hdr *in_buf,
7ee1af76
JA		 423 struct mid_q_entry **ppmidQ)
424{
1da177e4 425 if (ses->server->tcpStatus == CifsExiting) {
7ee1af76 426 return -ENOENT;
8fbbd365
VL		 427 }
428
429 if (ses->server->tcpStatus == CifsNeedReconnect) {
b6b38f70 430 cFYI(1, "tcp session dead - return to caller to retry");
7ee1af76 431 return -EAGAIN;
8fbbd365
VL		 432 }
433
434 if (ses->status != CifsGood) {
1da177e4 435 /* check if SMB session is bad because we are setting it up */
79a58d1f 436 if ((in_buf->Command != SMB_COM_SESSION_SETUP_ANDX) &&
ad7a2926 437 (in_buf->Command != SMB_COM_NEGOTIATE))
7ee1af76 438 return -EAGAIN;
ad7a2926 439 /* else ok - we are setting up session */
1da177e4 440 }
24b9b06b 441 *ppmidQ = AllocMidQEntry(in_buf, ses->server);
26f57364 442 if (*ppmidQ == NULL)
7ee1af76 443 return -ENOMEM;
ddc8cf8f
JL		 444 spin_lock(&GlobalMid_Lock);
445 list_add_tail(&(*ppmidQ)->qhead, &ses->server->pending_mid_q);
446 spin_unlock(&GlobalMid_Lock);
7ee1af76
JA		 447 return 0;
448}
449
0ade640e
JL		 450static int
451wait_for_response(struct TCP_Server_Info *server, struct mid_q_entry *midQ)
7ee1af76 452{
0ade640e 453 int error;
7ee1af76 454
f06ac72e 455 error = wait_event_freezekillable(server->response_q,
7c9421e1 456 midQ->mid_state != MID_REQUEST_SUBMITTED);
0ade640e
JL		 457 if (error < 0)
458 return -ERESTARTSYS;
7ee1af76 459
0ade640e 460 return 0;
7ee1af76
JA		 461}
462
fec344e3
JL		 463struct mid_q_entry *
464cifs_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
792af7b0
PS		 465{
466 int rc;
fec344e3 467 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
792af7b0
PS		 468 struct mid_q_entry *mid;
469
470 /* enable signing if server requires it */
471 if (server->sec_mode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
472 hdr->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
473
474 mid = AllocMidQEntry(hdr, server);
475 if (mid == NULL)
fec344e3 476 return ERR_PTR(-ENOMEM);
792af7b0 477
fec344e3 478 rc = cifs_sign_rqst(rqst, server, &mid->sequence_number);
ffc61ccb
SP		 479 if (rc) {
480 DeleteMidQEntry(mid);
fec344e3 481 return ERR_PTR(rc);
ffc61ccb
SP		 482 }
483
fec344e3 484 return mid;
792af7b0 485}
133672ef 486
a6827c18
JL		 487/*
488 * Send a SMB request and set the callback function in the mid to handle
489 * the result. Caller is responsible for dealing with timeouts.
490 */
491int
fec344e3
JL		 492cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst,
493 mid_receive_t *receive, mid_callback_t *callback,
494 void *cbdata, const int flags)
a6827c18 495{
a891f0f8 496 int rc, timeout, optype;
a6827c18
JL		 497 struct mid_q_entry *mid;
498
a891f0f8
PS		 499 timeout = flags & CIFS_TIMEOUT_MASK;
500 optype = flags & CIFS_OP_MASK;
501
502 rc = wait_for_free_request(server, timeout, optype);
a6827c18
JL		 503 if (rc)
504 return rc;
505
506 mutex_lock(&server->srv_mutex);
fec344e3
JL		 507 mid = server->ops->setup_async_request(server, rqst);
508 if (IS_ERR(mid)) {
a6827c18 509 mutex_unlock(&server->srv_mutex);
a891f0f8 510 add_credits(server, 1, optype);
0193e072 511 wake_up(&server->request_q);
fec344e3 512 return PTR_ERR(mid);
a6827c18
JL		 513 }
514
44d22d84 515 mid->receive = receive;
a6827c18
JL		 516 mid->callback = callback;
517 mid->callback_data = cbdata;
7c9421e1 518 mid->mid_state = MID_REQUEST_SUBMITTED;
789e6661 519
ffc61ccb
SP		 520 /* put it on the pending_mid_q */
521 spin_lock(&GlobalMid_Lock);
522 list_add_tail(&mid->qhead, &server->pending_mid_q);
523 spin_unlock(&GlobalMid_Lock);
524
525
789e6661 526 cifs_in_send_inc(server);
fec344e3 527 rc = smb_send_rqst(server, rqst);
789e6661
SF		 528 cifs_in_send_dec(server);
529 cifs_save_when_sent(mid);
a6827c18 530 mutex_unlock(&server->srv_mutex);
789e6661 531
ffc61ccb
SP		 532 if (rc == 0)
533 return 0;
a6827c18 534
3c1bf7e4 535 cifs_delete_mid(mid);
a891f0f8 536 add_credits(server, 1, optype);
a6827c18
JL		 537 wake_up(&server->request_q);
538 return rc;
539}
540
133672ef
SF		 541/*
542 *
543 * Send an SMB Request. No response info (other than return code)
544 * needs to be parsed.
545 *
546 * flags indicate the type of request buffer and how long to wait
547 * and whether to log NT STATUS code (error) before mapping it to POSIX error
548 *
549 */
550int
96daf2b0 551SendReceiveNoRsp(const unsigned int xid, struct cifs_ses *ses,
792af7b0 552 char *in_buf, int flags)
133672ef
SF		 553{
554 int rc;
555 struct kvec iov[1];
556 int resp_buf_type;
557
792af7b0
PS		 558 iov[0].iov_base = in_buf;
559 iov[0].iov_len = get_rfc1002_length(in_buf) + 4;
133672ef
SF		 560 flags |= CIFS_NO_RESP;
561 rc = SendReceive2(xid, ses, iov, 1, &resp_buf_type, flags);
b6b38f70 562 cFYI(DBG2, "SendRcvNoRsp flags %d rc %d", flags, rc);
90c81e0b 563
133672ef
SF		 564 return rc;
565}
566
053d5034 567static int
3c1105df 568cifs_sync_mid_result(struct mid_q_entry *mid, struct TCP_Server_Info *server)
053d5034
JL		 569{
570 int rc = 0;
571
7c9421e1
PS		 572 cFYI(1, "%s: cmd=%d mid=%llu state=%d", __func__,
573 le16_to_cpu(mid->command), mid->mid, mid->mid_state);
053d5034 574
74dd92a8 575 spin_lock(&GlobalMid_Lock);
7c9421e1 576 switch (mid->mid_state) {
74dd92a8 577 case MID_RESPONSE_RECEIVED:
053d5034
JL		 578 spin_unlock(&GlobalMid_Lock);
579 return rc;
74dd92a8
JL		 580 case MID_RETRY_NEEDED:
581 rc = -EAGAIN;
582 break;
71823baf
JL		 583 case MID_RESPONSE_MALFORMED:
584 rc = -EIO;
585 break;
3c1105df
JL		 586 case MID_SHUTDOWN:
587 rc = -EHOSTDOWN;
588 break;
74dd92a8 589 default:
3c1105df 590 list_del_init(&mid->qhead);
7c9421e1
PS		 591 cERROR(1, "%s: invalid mid state mid=%llu state=%d", __func__,
592 mid->mid, mid->mid_state);
74dd92a8 593 rc = -EIO;
053d5034
JL		 594 }
595 spin_unlock(&GlobalMid_Lock);
596
2b84a36c 597 DeleteMidQEntry(mid);
053d5034
JL		 598 return rc;
599}
600
121b046a
JL		 601static inline int
602send_cancel(struct TCP_Server_Info *server, void *buf, struct mid_q_entry *mid)
76dcc26f 603{
121b046a
JL		 604 return server->ops->send_cancel ?
605 server->ops->send_cancel(server, buf, mid) : 0;
76dcc26f
JL		 606}
607
2c8f981d
JL		 608int
609cifs_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
610 bool log_error)
611{
792af7b0 612 unsigned int len = get_rfc1002_length(mid->resp_buf) + 4;
826a95e4
JL		 613
614 dump_smb(mid->resp_buf, min_t(u32, 92, len));
2c8f981d
JL		 615
616 /* convert the length into a more usable form */
96daf2b0 617 if (server->sec_mode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) {
826a95e4 618 struct kvec iov;
985e4ff0 619 int rc = 0;
bf5ea0e2
JL		 620 struct smb_rqst rqst = { .rq_iov = &iov,
621 .rq_nvec = 1 };
826a95e4
JL		 622
623 iov.iov_base = mid->resp_buf;
624 iov.iov_len = len;
2c8f981d 625 /* FIXME: add code to kill session */
bf5ea0e2 626 rc = cifs_verify_signature(&rqst, server,
985e4ff0
SF		 627 mid->sequence_number + 1);
628 if (rc)
629 cERROR(1, "SMB signature verification returned error = "
630 "%d", rc);
2c8f981d
JL		 631 }
632
633 /* BB special case reconnect tid and uid here? */
634 return map_smb_to_linux_error(mid->resp_buf, log_error);
635}
636
fec344e3
JL		 637struct mid_q_entry *
638cifs_setup_request(struct cifs_ses *ses, struct smb_rqst *rqst)
792af7b0
PS		 639{
640 int rc;
fec344e3 641 struct smb_hdr *hdr = (struct smb_hdr *)rqst->rq_iov[0].iov_base;
792af7b0
PS		 642 struct mid_q_entry *mid;
643
644 rc = allocate_mid(ses, hdr, &mid);
645 if (rc)
fec344e3
JL		 646 return ERR_PTR(rc);
647 rc = cifs_sign_rqst(rqst, ses->server, &mid->sequence_number);
648 if (rc) {
3c1bf7e4 649 cifs_delete_mid(mid);
fec344e3
JL		 650 return ERR_PTR(rc);
651 }
652 return mid;
792af7b0
PS		 653}
654
7ee1af76 655int
96daf2b0 656SendReceive2(const unsigned int xid, struct cifs_ses *ses,
a891f0f8 657 struct kvec *iov, int n_vec, int *resp_buf_type /* ret */,
133672ef 658 const int flags)
7ee1af76
JA		 659{
660 int rc = 0;
a891f0f8 661 int timeout, optype;
7ee1af76 662 struct mid_q_entry *midQ;
792af7b0 663 char *buf = iov[0].iov_base;
a891f0f8 664 unsigned int credits = 1;
fec344e3
JL		 665 struct smb_rqst rqst = { .rq_iov = iov,
666 .rq_nvec = n_vec };
50c2f753 667
a891f0f8
PS		 668 timeout = flags & CIFS_TIMEOUT_MASK;
669 optype = flags & CIFS_OP_MASK;
133672ef 670
a891f0f8 671 *resp_buf_type = CIFS_NO_BUFFER; /* no response buf yet */
7ee1af76
JA		 672
673 if ((ses == NULL) || (ses->server == NULL)) {
792af7b0 674 cifs_small_buf_release(buf);
b6b38f70 675 cERROR(1, "Null session");
7ee1af76
JA		 676 return -EIO;
677 }
678
79a58d1f 679 if (ses->server->tcpStatus == CifsExiting) {
792af7b0 680 cifs_small_buf_release(buf);
7ee1af76
JA		 681 return -ENOENT;
682 }
683
792af7b0
PS		 684 /*
685 * Ensure that we do not send more than 50 overlapping requests
686 * to the same server. We may make this configurable later or
687 * use ses->maxReq.
688 */
7ee1af76 689
a891f0f8 690 rc = wait_for_free_request(ses->server, timeout, optype);
7ee1af76 691 if (rc) {
792af7b0 692 cifs_small_buf_release(buf);
7ee1af76
JA		 693 return rc;
694 }
695
792af7b0
PS		 696 /*
697 * Make sure that we sign in the same order that we send on this socket
698 * and avoid races inside tcp sendmsg code that could cause corruption
699 * of smb data.
700 */
7ee1af76 701
72ca545b 702 mutex_lock(&ses->server->srv_mutex);
7ee1af76 703
fec344e3
JL		 704 midQ = ses->server->ops->setup_request(ses, &rqst);
705 if (IS_ERR(midQ)) {
72ca545b 706 mutex_unlock(&ses->server->srv_mutex);
792af7b0 707 cifs_small_buf_release(buf);
7ee1af76 708 /* Update # of requests on wire to server */
a891f0f8 709 add_credits(ses->server, 1, optype);
fec344e3 710 return PTR_ERR(midQ);
1da177e4 711 }
1da177e4 712
7c9421e1 713 midQ->mid_state = MID_REQUEST_SUBMITTED;
789e6661 714 cifs_in_send_inc(ses->server);
0496e02d 715 rc = smb_sendv(ses->server, iov, n_vec);
789e6661
SF		 716 cifs_in_send_dec(ses->server);
717 cifs_save_when_sent(midQ);
7ee1af76 718
72ca545b 719 mutex_unlock(&ses->server->srv_mutex);
7ee1af76 720
2db7c581 721 if (rc < 0) {
792af7b0 722 cifs_small_buf_release(buf);
7ee1af76 723 goto out;
2db7c581 724 }
4b8f930f 725
a891f0f8 726 if (timeout == CIFS_ASYNC_OP) {
792af7b0 727 cifs_small_buf_release(buf);
133672ef 728 goto out;
2db7c581 729 }
d6e04ae6 730
0ade640e 731 rc = wait_for_response(ses->server, midQ);
1be912dd 732 if (rc != 0) {
121b046a 733 send_cancel(ses->server, buf, midQ);
1be912dd 734 spin_lock(&GlobalMid_Lock);
7c9421e1 735 if (midQ->mid_state == MID_REQUEST_SUBMITTED) {
1be912dd
JL		 736 midQ->callback = DeleteMidQEntry;
737 spin_unlock(&GlobalMid_Lock);
792af7b0 738 cifs_small_buf_release(buf);
a891f0f8 739 add_credits(ses->server, 1, optype);
1be912dd
JL		 740 return rc;
741 }
742 spin_unlock(&GlobalMid_Lock);
743 }
d6e04ae6 744
792af7b0 745 cifs_small_buf_release(buf);
2db7c581 746
3c1105df 747 rc = cifs_sync_mid_result(midQ, ses->server);
053d5034 748 if (rc != 0) {
a891f0f8 749 add_credits(ses->server, 1, optype);
d6e04ae6
SF		 750 return rc;
751 }
50c2f753 752
7c9421e1 753 if (!midQ->resp_buf || midQ->mid_state != MID_RESPONSE_RECEIVED) {
d6e04ae6 754 rc = -EIO;
2c8f981d 755 cFYI(1, "Bad MID state?");
2b2bdfba
SF		 756 goto out;
757 }
758
792af7b0
PS		 759 buf = (char *)midQ->resp_buf;
760 iov[0].iov_base = buf;
761 iov[0].iov_len = get_rfc1002_length(buf) + 4;
7c9421e1 762 if (midQ->large_buf)
a891f0f8 763 *resp_buf_type = CIFS_LARGE_BUFFER;
2c8f981d 764 else
a891f0f8
PS		 765 *resp_buf_type = CIFS_SMALL_BUFFER;
766
767 credits = ses->server->ops->get_credits(midQ);
2b2bdfba 768
082d0642
PS		 769 rc = ses->server->ops->check_receive(midQ, ses->server,
770 flags & CIFS_LOG_ERROR);
1da177e4 771
3c1bf7e4 772 /* mark it so buf will not be freed by cifs_delete_mid */
2c8f981d
JL		 773 if ((flags & CIFS_NO_RESP) == 0)
774 midQ->resp_buf = NULL;
7ee1af76 775out:
3c1bf7e4 776 cifs_delete_mid(midQ);
a891f0f8 777 add_credits(ses->server, credits, optype);
1da177e4 778
d6e04ae6
SF		 779 return rc;
780}
1da177e4
LT		 781
782int
96daf2b0 783SendReceive(const unsigned int xid, struct cifs_ses *ses,
1da177e4 784 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
a891f0f8 785 int *pbytes_returned, const int timeout)
1da177e4
LT		 786{
787 int rc = 0;
1da177e4
LT		 788 struct mid_q_entry *midQ;
789
790 if (ses == NULL) {
b6b38f70 791 cERROR(1, "Null smb session");
1da177e4
LT		 792 return -EIO;
793 }
79a58d1f 794 if (ses->server == NULL) {
b6b38f70 795 cERROR(1, "Null tcp session");
1da177e4
LT		 796 return -EIO;
797 }
798
79a58d1f 799 if (ses->server->tcpStatus == CifsExiting)
31ca3bc3
SF		 800 return -ENOENT;
801
79a58d1f 802 /* Ensure that we do not send more than 50 overlapping requests
1da177e4
LT		 803 to the same server. We may make this configurable later or
804 use ses->maxReq */
1da177e4 805
be8e3b00
SF		 806 if (be32_to_cpu(in_buf->smb_buf_length) > CIFSMaxBufSize +
807 MAX_CIFS_HDR_SIZE - 4) {
b6b38f70 808 cERROR(1, "Illegal length, greater than maximum frame, %d",
be8e3b00 809 be32_to_cpu(in_buf->smb_buf_length));
6d9c6d54
VL		 810 return -EIO;
811 }
812
a891f0f8 813 rc = wait_for_free_request(ses->server, timeout, 0);
7ee1af76
JA		 814 if (rc)
815 return rc;
816
79a58d1f 817 /* make sure that we sign in the same order that we send on this socket
1da177e4
LT		 818 and avoid races inside tcp sendmsg code that could cause corruption
819 of smb data */
820
72ca545b 821 mutex_lock(&ses->server->srv_mutex);
1da177e4 822
7ee1af76
JA		 823 rc = allocate_mid(ses, in_buf, &midQ);
824 if (rc) {
72ca545b 825 mutex_unlock(&ses->server->srv_mutex);
7ee1af76 826 /* Update # of requests on wire to server */
a891f0f8 827 add_credits(ses->server, 1, 0);
7ee1af76 828 return rc;
1da177e4
LT		 829 }
830
ad009ac9 831 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
829049cb
VL		 832 if (rc) {
833 mutex_unlock(&ses->server->srv_mutex);
834 goto out;
835 }
1da177e4 836
7c9421e1 837 midQ->mid_state = MID_REQUEST_SUBMITTED;
789e6661
SF		 838
839 cifs_in_send_inc(ses->server);
be8e3b00 840 rc = smb_send(ses->server, in_buf, be32_to_cpu(in_buf->smb_buf_length));
789e6661
SF		 841 cifs_in_send_dec(ses->server);
842 cifs_save_when_sent(midQ);
72ca545b 843 mutex_unlock(&ses->server->srv_mutex);
7ee1af76 844
79a58d1f 845 if (rc < 0)
7ee1af76
JA		 846 goto out;
847
a891f0f8 848 if (timeout == CIFS_ASYNC_OP)
7ee1af76 849 goto out;
1da177e4 850
0ade640e 851 rc = wait_for_response(ses->server, midQ);
1be912dd 852 if (rc != 0) {
121b046a 853 send_cancel(ses->server, in_buf, midQ);
1be912dd 854 spin_lock(&GlobalMid_Lock);
7c9421e1 855 if (midQ->mid_state == MID_REQUEST_SUBMITTED) {
1be912dd
JL		 856 /* no longer considered to be "in-flight" */
857 midQ->callback = DeleteMidQEntry;
858 spin_unlock(&GlobalMid_Lock);
a891f0f8 859 add_credits(ses->server, 1, 0);
1be912dd
JL		 860 return rc;
861 }
862 spin_unlock(&GlobalMid_Lock);
863 }
1da177e4 864
3c1105df 865 rc = cifs_sync_mid_result(midQ, ses->server);
053d5034 866 if (rc != 0) {
a891f0f8 867 add_credits(ses->server, 1, 0);
1da177e4
LT		 868 return rc;
869 }
50c2f753 870
2c8f981d 871 if (!midQ->resp_buf || !out_buf ||
7c9421e1 872 midQ->mid_state != MID_RESPONSE_RECEIVED) {
2b2bdfba 873 rc = -EIO;
b6b38f70 874 cERROR(1, "Bad MID state?");
2c8f981d 875 goto out;
1da177e4 876 }
7ee1af76 877
d4e4854f 878 *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
2c8f981d
JL		 879 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
880 rc = cifs_check_receive(midQ, ses->server, 0);
7ee1af76 881out:
3c1bf7e4 882 cifs_delete_mid(midQ);
a891f0f8 883 add_credits(ses->server, 1, 0);
1da177e4 884
7ee1af76
JA		 885 return rc;
886}
1da177e4 887
7ee1af76
JA		 888/* We send a LOCKINGX_CANCEL_LOCK to cause the Windows
889 blocking lock to return. */
890
891static int
96daf2b0 892send_lock_cancel(const unsigned int xid, struct cifs_tcon *tcon,
7ee1af76
JA		 893 struct smb_hdr *in_buf,
894 struct smb_hdr *out_buf)
895{
896 int bytes_returned;
96daf2b0 897 struct cifs_ses *ses = tcon->ses;
7ee1af76
JA		 898 LOCK_REQ *pSMB = (LOCK_REQ *)in_buf;
899
900 /* We just modify the current in_buf to change
901 the type of lock from LOCKING_ANDX_SHARED_LOCK
902 or LOCKING_ANDX_EXCLUSIVE_LOCK to
903 LOCKING_ANDX_CANCEL_LOCK. */
904
905 pSMB->LockType = LOCKING_ANDX_CANCEL_LOCK|LOCKING_ANDX_LARGE_FILES;
906 pSMB->Timeout = 0;
88257360 907 pSMB->hdr.Mid = get_next_mid(ses->server);
7ee1af76
JA		 908
909 return SendReceive(xid, ses, in_buf, out_buf,
7749981e 910 &bytes_returned, 0);
7ee1af76
JA		 911}
912
913int
96daf2b0 914SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon,
7ee1af76
JA		 915 struct smb_hdr *in_buf, struct smb_hdr *out_buf,
916 int *pbytes_returned)
917{
918 int rc = 0;
919 int rstart = 0;
7ee1af76 920 struct mid_q_entry *midQ;
96daf2b0 921 struct cifs_ses *ses;
7ee1af76
JA		 922
923 if (tcon == NULL || tcon->ses == NULL) {
b6b38f70 924 cERROR(1, "Null smb session");
7ee1af76
JA		 925 return -EIO;
926 }
927 ses = tcon->ses;
928
79a58d1f 929 if (ses->server == NULL) {
b6b38f70 930 cERROR(1, "Null tcp session");
7ee1af76
JA		 931 return -EIO;
932 }
933
79a58d1f 934 if (ses->server->tcpStatus == CifsExiting)
7ee1af76
JA		 935 return -ENOENT;
936
79a58d1f 937 /* Ensure that we do not send more than 50 overlapping requests
7ee1af76
JA		 938 to the same server. We may make this configurable later or
939 use ses->maxReq */
940
be8e3b00
SF		 941 if (be32_to_cpu(in_buf->smb_buf_length) > CIFSMaxBufSize +
942 MAX_CIFS_HDR_SIZE - 4) {
b6b38f70 943 cERROR(1, "Illegal length, greater than maximum frame, %d",
be8e3b00 944 be32_to_cpu(in_buf->smb_buf_length));
6d9c6d54
VL		 945 return -EIO;
946 }
947
a891f0f8 948 rc = wait_for_free_request(ses->server, CIFS_BLOCKING_OP, 0);
7ee1af76
JA		 949 if (rc)
950 return rc;
951
79a58d1f 952 /* make sure that we sign in the same order that we send on this socket
7ee1af76
JA		 953 and avoid races inside tcp sendmsg code that could cause corruption
954 of smb data */
955
72ca545b 956 mutex_lock(&ses->server->srv_mutex);
7ee1af76
JA		 957
958 rc = allocate_mid(ses, in_buf, &midQ);
959 if (rc) {
72ca545b 960 mutex_unlock(&ses->server->srv_mutex);
7ee1af76
JA		 961 return rc;
962 }
963
7ee1af76 964 rc = cifs_sign_smb(in_buf, ses->server, &midQ->sequence_number);
829049cb 965 if (rc) {
3c1bf7e4 966 cifs_delete_mid(midQ);
829049cb
VL		 967 mutex_unlock(&ses->server->srv_mutex);
968 return rc;
969 }
1da177e4 970
7c9421e1 971 midQ->mid_state = MID_REQUEST_SUBMITTED;
789e6661 972 cifs_in_send_inc(ses->server);
be8e3b00 973 rc = smb_send(ses->server, in_buf, be32_to_cpu(in_buf->smb_buf_length));
789e6661
SF		 974 cifs_in_send_dec(ses->server);
975 cifs_save_when_sent(midQ);
72ca545b 976 mutex_unlock(&ses->server->srv_mutex);
7ee1af76 977
79a58d1f 978 if (rc < 0) {
3c1bf7e4 979 cifs_delete_mid(midQ);
7ee1af76
JA		 980 return rc;
981 }
982
983 /* Wait for a reply - allow signals to interrupt. */
984 rc = wait_event_interruptible(ses->server->response_q,
7c9421e1 985 (!(midQ->mid_state == MID_REQUEST_SUBMITTED)) ||
7ee1af76
JA		 986 ((ses->server->tcpStatus != CifsGood) &&
987 (ses->server->tcpStatus != CifsNew)));
988
989 /* Were we interrupted by a signal ? */
990 if ((rc == -ERESTARTSYS) &&
7c9421e1 991 (midQ->mid_state == MID_REQUEST_SUBMITTED) &&
7ee1af76
JA		 992 ((ses->server->tcpStatus == CifsGood) ||
993 (ses->server->tcpStatus == CifsNew))) {
994
995 if (in_buf->Command == SMB_COM_TRANSACTION2) {
996 /* POSIX lock. We send a NT_CANCEL SMB to cause the
997 blocking lock to return. */
121b046a 998 rc = send_cancel(ses->server, in_buf, midQ);
7ee1af76 999 if (rc) {
3c1bf7e4 1000 cifs_delete_mid(midQ);
7ee1af76
JA		 1001 return rc;
1002 }
1003 } else {
1004 /* Windows lock. We send a LOCKINGX_CANCEL_LOCK
1005 to cause the blocking lock to return. */
1006
1007 rc = send_lock_cancel(xid, tcon, in_buf, out_buf);
1008
1009 /* If we get -ENOLCK back the lock may have
1010 already been removed. Don't exit in this case. */
1011 if (rc && rc != -ENOLCK) {
3c1bf7e4 1012 cifs_delete_mid(midQ);
7ee1af76
JA		 1013 return rc;
1014 }
1015 }
1016
1be912dd
JL		 1017 rc = wait_for_response(ses->server, midQ);
1018 if (rc) {
121b046a 1019 send_cancel(ses->server, in_buf, midQ);
1be912dd 1020 spin_lock(&GlobalMid_Lock);
7c9421e1 1021 if (midQ->mid_state == MID_REQUEST_SUBMITTED) {
1be912dd
JL		 1022 /* no longer considered to be "in-flight" */
1023 midQ->callback = DeleteMidQEntry;
1024 spin_unlock(&GlobalMid_Lock);
1025 return rc;
1026 }
1027 spin_unlock(&GlobalMid_Lock);
7ee1af76 1028 }
1be912dd
JL		 1029
1030 /* We got the response - restart system call. */
1031 rstart = 1;
7ee1af76
JA		 1032 }
1033
3c1105df 1034 rc = cifs_sync_mid_result(midQ, ses->server);
053d5034 1035 if (rc != 0)
7ee1af76 1036 return rc;
50c2f753 1037
17c8bfed 1038 /* rcvd frame is ok */
7c9421e1 1039 if (out_buf == NULL || midQ->mid_state != MID_RESPONSE_RECEIVED) {
698e96a8 1040 rc = -EIO;
b6b38f70 1041 cERROR(1, "Bad MID state?");
698e96a8
VL		 1042 goto out;
1043 }
1da177e4 1044
d4e4854f 1045 *pbytes_returned = get_rfc1002_length(midQ->resp_buf);
2c8f981d
JL		 1046 memcpy(out_buf, midQ->resp_buf, *pbytes_returned + 4);
1047 rc = cifs_check_receive(midQ, ses->server, 0);
17c8bfed 1048out:
3c1bf7e4 1049 cifs_delete_mid(midQ);
7ee1af76
JA		 1050 if (rstart && rc == -EACCES)
1051 return -ERESTARTSYS;
1da177e4
LT		 1052 return rc;
1053}
ubuntu-bionic-kernel mirror