4
* Copyright (C) 2001 by Urban Widmark
6
* Please add a note about your changes to smbfs in the ChangeLog file.
9
#include <linux/kernel.h>
10
#include <linux/types.h>
12
#include <linux/slab.h>
13
#include <linux/net.h>
14
#include <linux/sched.h>
16
#include <linux/smb_fs.h>
17
#include <linux/smbno.h>
18
#include <linux/smb_mount.h>
20
#include "smb_debug.h"
24
/* #define SMB_SLAB_DEBUG (SLAB_RED_ZONE | SLAB_POISON) */
25
#define SMB_SLAB_DEBUG 0
27
/* cache for request structures */
28
static struct kmem_cache *req_cachep;
30
static int smb_request_send_req(struct smb_request *req);
34
name, active, num, objsize, active_slabs, num_slaps, #pages
38
int smb_init_request_cache(void)
40
req_cachep = kmem_cache_create("smb_request",
41
sizeof(struct smb_request), 0,
42
SMB_SLAB_DEBUG | SLAB_HWCACHE_ALIGN,
44
if (req_cachep == NULL)
50
void smb_destroy_request_cache(void)
52
kmem_cache_destroy(req_cachep);
56
* Allocate and initialise a request structure
58
static struct smb_request *smb_do_alloc_request(struct smb_sb_info *server,
61
struct smb_request *req;
62
unsigned char *buf = NULL;
64
req = kmem_cache_zalloc(req_cachep, GFP_KERNEL);
65
VERBOSE("allocating request: %p\n", req);
70
buf = kmalloc(bufsize, GFP_NOFS);
72
kmem_cache_free(req_cachep, req);
78
req->rq_bufsize = bufsize;
79
req->rq_server = server;
80
init_waitqueue_head(&req->rq_wait);
81
INIT_LIST_HEAD(&req->rq_queue);
82
atomic_set(&req->rq_count, 1);
88
struct smb_request *smb_alloc_request(struct smb_sb_info *server, int bufsize)
90
struct smb_request *req = NULL;
93
atomic_inc(&server->nr_requests);
94
if (atomic_read(&server->nr_requests) <= MAX_REQUEST_HARD) {
95
req = smb_do_alloc_request(server, bufsize);
102
* Try to free up at least one request in order to stay
103
* below the hard limit
105
if (nfs_try_to_free_pages(server))
108
if (fatal_signal_pending(current))
109
return ERR_PTR(-ERESTARTSYS);
110
current->policy = SCHED_YIELD;
113
/* FIXME: we want something like nfs does above, but that
114
requires changes to all callers and can wait. */
121
static void smb_free_request(struct smb_request *req)
123
atomic_dec(&req->rq_server->nr_requests);
124
if (req->rq_buffer && !(req->rq_flags & SMB_REQ_STATIC))
125
kfree(req->rq_buffer);
126
kfree(req->rq_trans2buffer);
127
kmem_cache_free(req_cachep, req);
131
* What prevents a rget to race with a rput? The count must never drop to zero
132
* while it is in use. Only rput if it is ok that it is free'd.
134
static void smb_rget(struct smb_request *req)
136
atomic_inc(&req->rq_count);
138
void smb_rput(struct smb_request *req)
140
if (atomic_dec_and_test(&req->rq_count)) {
141
list_del_init(&req->rq_queue);
142
smb_free_request(req);
146
/* setup to receive the data part of the SMB */
147
static int smb_setup_bcc(struct smb_request *req)
150
req->rq_rlen = smb_len(req->rq_header) + 4 - req->rq_bytes_recvd;
152
if (req->rq_rlen > req->rq_bufsize) {
153
PARANOIA("Packet too large %d > %d\n",
154
req->rq_rlen, req->rq_bufsize);
158
req->rq_iov[0].iov_base = req->rq_buffer;
159
req->rq_iov[0].iov_len = req->rq_rlen;
166
* Prepare a "normal" request structure.
168
static int smb_setup_request(struct smb_request *req)
170
int len = smb_len(req->rq_header) + 4;
173
/* if we expect a data part in the reply we set the iov's to read it */
174
if (req->rq_resp_bcc)
175
req->rq_setup_read = smb_setup_bcc;
177
/* This tries to support re-using the same request */
178
req->rq_bytes_sent = 0;
182
req->rq_fragment = 0;
183
kfree(req->rq_trans2buffer);
184
req->rq_trans2buffer = NULL;
190
* Prepare a transaction2 request structure
192
static int smb_setup_trans2request(struct smb_request *req)
194
struct smb_sb_info *server = req->rq_server;
196
static unsigned char padding[4];
198
/* I know the following is very ugly, but I want to build the
199
smb packet as efficiently as possible. */
201
const int smb_parameters = 15;
202
const int header = SMB_HEADER_LEN + 2 * smb_parameters + 2;
203
const int oparam = ALIGN(header + 3, sizeof(u32));
204
const int odata = ALIGN(oparam + req->rq_lparm, sizeof(u32));
205
const int bcc = (req->rq_data ? odata + req->rq_ldata :
206
oparam + req->rq_lparm) - header;
208
if ((bcc + oparam) > server->opt.max_xmit)
210
smb_setup_header(req, SMBtrans2, smb_parameters, bcc);
213
* max parameters + max data + max setup == bufsize to make NT4 happy
214
* and not abort the transfer or split into multiple responses. It also
215
* makes smbfs happy as handling packets larger than the buffer size
218
* OS/2 is probably going to hate me for this ...
220
mparam = SMB_TRANS2_MAX_PARAM;
221
mdata = req->rq_bufsize - mparam;
223
mdata = server->opt.max_xmit - mparam - 100;
230
/* NT/win2k has ~4k max_xmit, so with this we request more than it wants
231
to return as one SMB. Useful for testing the fragmented trans2
236
WSET(req->rq_header, smb_tpscnt, req->rq_lparm);
237
WSET(req->rq_header, smb_tdscnt, req->rq_ldata);
238
WSET(req->rq_header, smb_mprcnt, mparam);
239
WSET(req->rq_header, smb_mdrcnt, mdata);
240
WSET(req->rq_header, smb_msrcnt, 0); /* max setup always 0 ? */
241
WSET(req->rq_header, smb_flags, 0);
242
DSET(req->rq_header, smb_timeout, 0);
243
WSET(req->rq_header, smb_pscnt, req->rq_lparm);
244
WSET(req->rq_header, smb_psoff, oparam - 4);
245
WSET(req->rq_header, smb_dscnt, req->rq_ldata);
246
WSET(req->rq_header, smb_dsoff, req->rq_data ? odata - 4 : 0);
247
*(req->rq_header + smb_suwcnt) = 0x01; /* setup count */
248
*(req->rq_header + smb_suwcnt + 1) = 0x00; /* reserved */
249
WSET(req->rq_header, smb_setup0, req->rq_trans2_command);
252
req->rq_iov[0].iov_base = (void *) req->rq_header;
253
req->rq_iov[0].iov_len = oparam;
254
req->rq_iov[1].iov_base = (req->rq_parm==NULL) ? padding : req->rq_parm;
255
req->rq_iov[1].iov_len = req->rq_lparm;
256
req->rq_slen = oparam + req->rq_lparm;
260
req->rq_iov[2].iov_base = padding;
261
req->rq_iov[2].iov_len = odata - oparam - req->rq_lparm;
262
req->rq_iov[3].iov_base = req->rq_data;
263
req->rq_iov[3].iov_len = req->rq_ldata;
264
req->rq_slen = odata + req->rq_ldata;
267
/* always a data part for trans2 replies */
268
req->rq_setup_read = smb_setup_bcc;
274
* Add a request and tell smbiod to process it
276
int smb_add_request(struct smb_request *req)
279
struct smb_sb_info *server = req->rq_server;
282
smb_setup_request(req);
283
if (req->rq_trans2_command) {
284
if (req->rq_buffer == NULL) {
285
PARANOIA("trans2 attempted without response buffer!\n");
288
result = smb_setup_trans2request(req);
293
#ifdef SMB_DEBUG_PACKET_SIZE
297
/* add 'req' to the queue of requests */
298
if (smb_lock_server_interruptible(server))
302
* Try to send the request as the process. If that fails we queue the
303
* request and let smbiod send it later.
306
/* FIXME: each server has a number on the maximum number of parallel
307
requests. 10, 50 or so. We should not allow more requests to be
309
if (server->mid > 0xf000)
311
req->rq_mid = server->mid++;
312
WSET(req->rq_header, smb_mid, req->rq_mid);
315
if (server->state == CONN_VALID) {
316
if (list_empty(&server->xmitq))
317
result = smb_request_send_req(req);
319
/* Connection lost? */
320
server->conn_error = result;
321
server->state = CONN_INVALID;
325
list_add_tail(&req->rq_queue, &server->xmitq);
328
if (server->state != CONN_VALID)
329
smbiod_retry(server);
331
smb_unlock_server(server);
335
timeleft = wait_event_interruptible_timeout(req->rq_wait,
336
req->rq_flags & SMB_REQ_RECEIVED, 30*HZ);
337
if (!timeleft || signal_pending(current)) {
339
* On timeout or on interrupt we want to try and remove the
340
* request from the recvq/xmitq.
341
* First check if the request is still part of a queue. (May
342
* have been removed by some error condition)
344
smb_lock_server(server);
345
if (!list_empty(&req->rq_queue)) {
346
list_del_init(&req->rq_queue);
349
smb_unlock_server(server);
353
PARANOIA("request [%p, mid=%d] timed out!\n",
355
VERBOSE("smb_com: %02x\n", *(req->rq_header + smb_com));
356
VERBOSE("smb_rcls: %02x\n", *(req->rq_header + smb_rcls));
357
VERBOSE("smb_flg: %02x\n", *(req->rq_header + smb_flg));
358
VERBOSE("smb_tid: %04x\n", WVAL(req->rq_header, smb_tid));
359
VERBOSE("smb_pid: %04x\n", WVAL(req->rq_header, smb_pid));
360
VERBOSE("smb_uid: %04x\n", WVAL(req->rq_header, smb_uid));
361
VERBOSE("smb_mid: %04x\n", WVAL(req->rq_header, smb_mid));
362
VERBOSE("smb_wct: %02x\n", *(req->rq_header + smb_wct));
364
req->rq_rcls = ERRSRV;
365
req->rq_err = ERRtimeout;
367
/* Just in case it was "stuck" */
370
VERBOSE("woke up, rcls=%d\n", req->rq_rcls);
372
if (req->rq_rcls != 0)
373
req->rq_errno = smb_errno(req);
374
if (signal_pending(current))
375
req->rq_errno = -ERESTARTSYS;
376
return req->rq_errno;
380
* Send a request and place it on the recvq if successfully sent.
381
* Must be called with the server lock held.
383
static int smb_request_send_req(struct smb_request *req)
385
struct smb_sb_info *server = req->rq_server;
388
if (req->rq_bytes_sent == 0) {
389
WSET(req->rq_header, smb_tid, server->opt.tid);
390
WSET(req->rq_header, smb_pid, 1);
391
WSET(req->rq_header, smb_uid, server->opt.server_uid);
394
result = smb_send_request(req);
395
if (result < 0 && result != -EAGAIN)
399
if (!(req->rq_flags & SMB_REQ_TRANSMITTED))
402
list_move_tail(&req->rq_queue, &server->recvq);
409
* Sends one request for this server. (smbiod)
410
* Must be called with the server lock held.
411
* Returns: <0 on error
412
* 0 if no request could be completely sent
413
* 1 if all data for one request was sent
415
int smb_request_send_server(struct smb_sb_info *server)
417
struct list_head *head;
418
struct smb_request *req;
421
if (server->state != CONN_VALID)
424
/* dequeue first request, if any */
426
head = server->xmitq.next;
427
if (head != &server->xmitq) {
428
req = list_entry(head, struct smb_request, rq_queue);
433
result = smb_request_send_req(req);
435
server->conn_error = result;
436
list_move(&req->rq_queue, &server->xmitq);
446
* Try to find a request matching this "mid". Typically the first entry will
447
* be the matching one.
449
static struct smb_request *find_request(struct smb_sb_info *server, int mid)
451
struct list_head *tmp;
452
struct smb_request *req = NULL;
454
list_for_each(tmp, &server->recvq) {
455
req = list_entry(tmp, struct smb_request, rq_queue);
456
if (req->rq_mid == mid) {
463
VERBOSE("received reply with mid %d but no request!\n",
464
WVAL(server->header, smb_mid));
465
server->rstate = SMB_RECV_DROP;
472
* Called when we have read the smb header and believe this is a response.
474
static int smb_init_request(struct smb_sb_info *server, struct smb_request *req)
478
memcpy(req->rq_header, server->header, SMB_HEADER_LEN);
480
wct = *(req->rq_header + smb_wct);
482
PARANOIA("wct too large, %d > 20\n", wct);
483
server->rstate = SMB_RECV_DROP;
487
req->rq_resp_wct = wct;
488
hdrlen = SMB_HEADER_LEN + wct*2 + 2;
489
VERBOSE("header length: %d smb_wct: %2d\n", hdrlen, wct);
491
req->rq_bytes_recvd = SMB_HEADER_LEN;
492
req->rq_rlen = hdrlen;
493
req->rq_iov[0].iov_base = req->rq_header;
494
req->rq_iov[0].iov_len = hdrlen;
496
server->rstate = SMB_RECV_PARAM;
498
#ifdef SMB_DEBUG_PACKET_SIZE
499
add_recv_stats(smb_len(server->header));
505
* Reads the SMB parameters
507
static int smb_recv_param(struct smb_sb_info *server, struct smb_request *req)
511
result = smb_receive(server, req);
514
if (req->rq_bytes_recvd < req->rq_rlen)
517
VERBOSE("result: %d smb_bcc: %04x\n", result,
518
WVAL(req->rq_header, SMB_HEADER_LEN +
519
(*(req->rq_header + smb_wct) * 2)));
522
req->rq_iov[0].iov_base = NULL;
524
if (req->rq_callback)
525
req->rq_callback(req);
526
else if (req->rq_setup_read)
527
result = req->rq_setup_read(req);
529
server->rstate = SMB_RECV_DROP;
533
server->rstate = req->rq_rlen > 0 ? SMB_RECV_DATA : SMB_RECV_END;
535
req->rq_bytes_recvd = 0; // recvd out of the iov
537
VERBOSE("rlen: %d\n", req->rq_rlen);
538
if (req->rq_rlen < 0) {
539
PARANOIA("Parameters read beyond end of packet!\n");
540
server->rstate = SMB_RECV_END;
549
static int smb_recv_data(struct smb_sb_info *server, struct smb_request *req)
553
result = smb_receive(server, req);
556
if (req->rq_bytes_recvd < req->rq_rlen)
558
server->rstate = SMB_RECV_END;
560
VERBOSE("result: %d\n", result);
565
* Receive a transaction2 response
566
* Return: 0 if the response has been fully read
567
* 1 if there are further "fragments" to read
568
* <0 if there is an error
570
static int smb_recv_trans2(struct smb_sb_info *server, struct smb_request *req)
572
unsigned char *inbuf;
573
unsigned int parm_disp, parm_offset, parm_count, parm_tot;
574
unsigned int data_disp, data_offset, data_count, data_tot;
575
int hdrlen = SMB_HEADER_LEN + req->rq_resp_wct*2 - 2;
577
VERBOSE("handling trans2\n");
579
inbuf = req->rq_header;
580
data_tot = WVAL(inbuf, smb_tdrcnt);
581
parm_tot = WVAL(inbuf, smb_tprcnt);
582
parm_disp = WVAL(inbuf, smb_prdisp);
583
parm_offset = WVAL(inbuf, smb_proff);
584
parm_count = WVAL(inbuf, smb_prcnt);
585
data_disp = WVAL(inbuf, smb_drdisp);
586
data_offset = WVAL(inbuf, smb_droff);
587
data_count = WVAL(inbuf, smb_drcnt);
589
/* Modify offset for the split header/buffer we use */
590
if (data_count || data_offset) {
591
if (unlikely(data_offset < hdrlen))
594
data_offset -= hdrlen;
596
if (parm_count || parm_offset) {
597
if (unlikely(parm_offset < hdrlen))
600
parm_offset -= hdrlen;
603
if (parm_count == parm_tot && data_count == data_tot) {
605
* This packet has all the trans2 data.
607
* We setup the request so that this will be the common
608
* case. It may be a server error to not return a
609
* response that fits.
611
VERBOSE("single trans2 response "
612
"dcnt=%u, pcnt=%u, doff=%u, poff=%u\n",
613
data_count, parm_count,
614
data_offset, parm_offset);
615
req->rq_ldata = data_count;
616
req->rq_lparm = parm_count;
617
req->rq_data = req->rq_buffer + data_offset;
618
req->rq_parm = req->rq_buffer + parm_offset;
619
if (unlikely(parm_offset + parm_count > req->rq_rlen))
621
if (unlikely(data_offset + data_count > req->rq_rlen))
626
VERBOSE("multi trans2 response "
627
"frag=%d, dcnt=%u, pcnt=%u, doff=%u, poff=%u\n",
629
data_count, parm_count,
630
data_offset, parm_offset);
632
if (!req->rq_fragment) {
635
/* We got the first trans2 fragment */
636
req->rq_fragment = 1;
637
req->rq_total_data = data_tot;
638
req->rq_total_parm = parm_tot;
642
buf_len = data_tot + parm_tot;
643
if (buf_len > SMB_MAX_PACKET_SIZE)
646
req->rq_trans2bufsize = buf_len;
647
req->rq_trans2buffer = kzalloc(buf_len, GFP_NOFS);
648
if (!req->rq_trans2buffer)
651
req->rq_parm = req->rq_trans2buffer;
652
req->rq_data = req->rq_trans2buffer + parm_tot;
653
} else if (unlikely(req->rq_total_data < data_tot ||
654
req->rq_total_parm < parm_tot))
657
if (unlikely(parm_disp + parm_count > req->rq_total_parm ||
658
parm_offset + parm_count > req->rq_rlen))
660
if (unlikely(data_disp + data_count > req->rq_total_data ||
661
data_offset + data_count > req->rq_rlen))
664
inbuf = req->rq_buffer;
665
memcpy(req->rq_parm + parm_disp, inbuf + parm_offset, parm_count);
666
memcpy(req->rq_data + data_disp, inbuf + data_offset, data_count);
668
req->rq_ldata += data_count;
669
req->rq_lparm += parm_count;
672
* Check whether we've received all of the data. Note that
673
* we use the packet totals -- total lengths might shrink!
675
if (req->rq_ldata >= data_tot && req->rq_lparm >= parm_tot) {
676
req->rq_ldata = data_tot;
677
req->rq_lparm = parm_tot;
683
printk(KERN_ERR "smb_trans2: data/param too long, data=%u, parm=%u\n",
687
printk(KERN_ERR "smb_trans2: couldn't allocate data area of %d bytes\n",
688
req->rq_trans2bufsize);
689
req->rq_errno = -ENOMEM;
692
printk(KERN_ERR "smb_trans2: data/params grew!\n");
695
printk(KERN_ERR "smb_trans2: invalid parms, disp=%u, cnt=%u, tot=%u, ofs=%u\n",
696
parm_disp, parm_count, parm_tot, parm_offset);
699
printk(KERN_ERR "smb_trans2: invalid data, disp=%u, cnt=%u, tot=%u, ofs=%u\n",
700
data_disp, data_count, data_tot, data_offset);
702
req->rq_errno = -EIO;
704
return req->rq_errno;
708
* State machine for receiving responses. We handle the fact that we can't
709
* read the full response in one try by having states telling us how much we
712
* Must be called with the server lock held (only called from smbiod).
714
* Return: <0 on error
716
int smb_request_recv(struct smb_sb_info *server)
718
struct smb_request *req = NULL;
721
if (smb_recv_available(server) <= 0)
724
VERBOSE("state: %d\n", server->rstate);
725
switch (server->rstate) {
727
result = smb_receive_drop(server);
730
if (server->rstate == SMB_RECV_DROP)
732
server->rstate = SMB_RECV_START;
735
server->smb_read = 0;
736
server->rstate = SMB_RECV_HEADER;
738
case SMB_RECV_HEADER:
739
result = smb_receive_header(server);
742
if (server->rstate == SMB_RECV_HEADER)
744
if (! (*(server->header + smb_flg) & SMB_FLAGS_REPLY) ) {
745
server->rstate = SMB_RECV_REQUEST;
748
if (server->rstate != SMB_RECV_HCOMPLETE)
751
case SMB_RECV_HCOMPLETE:
752
req = find_request(server, WVAL(server->header, smb_mid));
755
smb_init_request(server, req);
756
req->rq_rcls = *(req->rq_header + smb_rcls);
757
req->rq_err = WVAL(req->rq_header, smb_err);
758
if (server->rstate != SMB_RECV_PARAM)
763
req = find_request(server,WVAL(server->header,smb_mid));
766
result = smb_recv_param(server, req);
769
if (server->rstate != SMB_RECV_DATA)
774
req = find_request(server,WVAL(server->header,smb_mid));
777
result = smb_recv_data(server, req);
782
/* We should never be called with any of these states */
784
case SMB_RECV_REQUEST:
789
/* We saw an error */
793
if (server->rstate != SMB_RECV_END)
797
if (req->rq_trans2_command && req->rq_rcls == SUCCESS)
798
result = smb_recv_trans2(server, req);
801
* Response completely read. Drop any extra bytes sent by the server.
802
* (Yes, servers sometimes add extra bytes to responses)
804
VERBOSE("smb_len: %d smb_read: %d\n",
805
server->smb_len, server->smb_read);
806
if (server->smb_read < server->smb_len)
807
smb_receive_drop(server);
809
server->rstate = SMB_RECV_START;
812
list_del_init(&req->rq_queue);
813
req->rq_flags |= SMB_REQ_RECEIVED;
815
wake_up_interruptible(&req->rq_wait);