tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'v6.16-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull smb client fixes from Steve French:

- Multichannel reconnect lock ordering deadlock fix

- Fix for regression in handling native Windows symlinks

- Three smbdirect fixes:
- oops in RDMA response processing
- smbdirect memcpy issue
- fix smbdirect regression with large writes (smbdirect test cases
now all passing)

- Fix for "FAILED_TO_PARSE" warning in trace-cmd report output

* tag 'v6.16-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
cifs: Fix reading into an ITER_FOLIOQ from the smbdirect code
cifs: Fix the smbd_response slab to allow usercopy
smb: client: fix potential deadlock when reconnecting channels
smb: client: remove \t from TP_printk statements
smb: client: let smbd_post_send_iter() respect the peers max_send_size and transmit all data
smb: client: fix regression with native SMB symlinks

Linus Torvalds aaf724ed 0fd39af2

+110 -154
+1
fs/smb/client/cifsglob.h
··· 709 709 struct TCP_Server_Info { 710 710 struct list_head tcp_ses_list; 711 711 struct list_head smb_ses_list; 712 + struct list_head rlist; /* reconnect list */ 712 713 spinlock_t srv_lock; /* protect anything here that is not protected */ 713 714 __u64 conn_id; /* connection identifier (useful for debugging) */ 714 715 int srv_count; /* reference counter */
+36 -22
fs/smb/client/connect.c
··· 124 124 (SMB_INTERFACE_POLL_INTERVAL * HZ)); 125 125 } 126 126 127 + #define set_need_reco(server) \ 128 + do { \ 129 + spin_lock(&server->srv_lock); \ 130 + if (server->tcpStatus != CifsExiting) \ 131 + server->tcpStatus = CifsNeedReconnect; \ 132 + spin_unlock(&server->srv_lock); \ 133 + } while (0) 134 + 127 135 /* 128 136 * Update the tcpStatus for the server. 129 137 * This is used to signal the cifsd thread to call cifs_reconnect ··· 145 137 cifs_signal_cifsd_for_reconnect(struct TCP_Server_Info *server, 146 138 bool all_channels) 147 139 { 148 - struct TCP_Server_Info *pserver; 140 + struct TCP_Server_Info *nserver; 149 141 struct cifs_ses *ses; 142 + LIST_HEAD(reco); 150 143 int i; 151 - 152 - /* If server is a channel, select the primary channel */ 153 - pserver = SERVER_IS_CHAN(server) ? server->primary_server : server; 154 144 155 145 /* if we need to signal just this channel */ 156 146 if (!all_channels) { 157 - spin_lock(&server->srv_lock); 158 - if (server->tcpStatus != CifsExiting) 159 - server->tcpStatus = CifsNeedReconnect; 160 - spin_unlock(&server->srv_lock); 147 + set_need_reco(server); 161 148 return; 162 149 } 163 150 164 - spin_lock(&cifs_tcp_ses_lock); 165 - list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) { 166 - if (cifs_ses_exiting(ses)) 167 - continue; 168 - spin_lock(&ses->chan_lock); 169 - for (i = 0; i < ses->chan_count; i++) { 170 - if (!ses->chans[i].server) 151 + if (SERVER_IS_CHAN(server)) 152 + server = server->primary_server; 153 + scoped_guard(spinlock, &cifs_tcp_ses_lock) { 154 + set_need_reco(server); 155 + list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) { 156 + spin_lock(&ses->ses_lock); 157 + if (ses->ses_status == SES_EXITING) { 158 + spin_unlock(&ses->ses_lock); 171 159 continue; 172 - 173 - spin_lock(&ses->chans[i].server->srv_lock); 174 - if (ses->chans[i].server->tcpStatus != CifsExiting) 175 - ses->chans[i].server->tcpStatus = CifsNeedReconnect; 176 - spin_unlock(&ses->chans[i].server->srv_lock); 160 + } 161 + spin_lock(&ses->chan_lock); 162 + for (i = 1; i < ses->chan_count; i++) { 163 + nserver = ses->chans[i].server; 164 + if (!nserver) 165 + continue; 166 + nserver->srv_count++; 167 + list_add(&nserver->rlist, &reco); 168 + } 169 + spin_unlock(&ses->chan_lock); 170 + spin_unlock(&ses->ses_lock); 177 171 } 178 - spin_unlock(&ses->chan_lock); 179 172 } 180 - spin_unlock(&cifs_tcp_ses_lock); 173 + 174 + list_for_each_entry_safe(server, nserver, &reco, rlist) { 175 + list_del_init(&server->rlist); 176 + set_need_reco(server); 177 + cifs_put_tcp_session(server, 0); 178 + } 181 179 } 182 180 183 181 /*
+4 -16
fs/smb/client/reparse.c
··· 875 875 abs_path += sizeof("\\DosDevices\\")-1; 876 876 else if (strstarts(abs_path, "\\GLOBAL??\\")) 877 877 abs_path += sizeof("\\GLOBAL??\\")-1; 878 - else { 879 - /* Unhandled absolute symlink, points outside of DOS/Win32 */ 880 - cifs_dbg(VFS, 881 - "absolute symlink '%s' cannot be converted from NT format " 882 - "because points to unknown target\n", 883 - smb_target); 884 - rc = -EIO; 885 - goto out; 886 - } 878 + else 879 + goto out_unhandled_target; 887 880 888 881 /* Sometimes path separator after \?? is double backslash */ 889 882 if (abs_path[0] == '\\') ··· 903 910 abs_path++; 904 911 abs_path[0] = drive_letter; 905 912 } else { 906 - /* Unhandled absolute symlink. Report an error. */ 907 - cifs_dbg(VFS, 908 - "absolute symlink '%s' cannot be converted from NT format " 909 - "because points to unknown target\n", 910 - smb_target); 911 - rc = -EIO; 912 - goto out; 913 + goto out_unhandled_target; 913 914 } 914 915 915 916 abs_path_len = strlen(abs_path)+1; ··· 953 966 * These paths have same format as Linux symlinks, so no 954 967 * conversion is needed. 955 968 */ 969 + out_unhandled_target: 956 970 linux_target = smb_target; 957 971 smb_target = NULL; 958 972 }
+57 -104
fs/smb/client/smbdirect.c
··· 907 907 .local_dma_lkey = sc->ib.pd->local_dma_lkey, 908 908 .direction = DMA_TO_DEVICE, 909 909 }; 910 + size_t payload_len = umin(*_remaining_data_length, 911 + sp->max_send_size - sizeof(*packet)); 910 912 911 - rc = smb_extract_iter_to_rdma(iter, *_remaining_data_length, 913 + rc = smb_extract_iter_to_rdma(iter, payload_len, 912 914 &extract); 913 915 if (rc < 0) 914 916 goto err_dma; ··· 1013 1011 1014 1012 info->count_send_empty++; 1015 1013 return smbd_post_send_iter(info, NULL, &remaining_data_length); 1014 + } 1015 + 1016 + static int smbd_post_send_full_iter(struct smbd_connection *info, 1017 + struct iov_iter *iter, 1018 + int *_remaining_data_length) 1019 + { 1020 + int rc = 0; 1021 + 1022 + /* 1023 + * smbd_post_send_iter() respects the 1024 + * negotiated max_send_size, so we need to 1025 + * loop until the full iter is posted 1026 + */ 1027 + 1028 + while (iov_iter_count(iter) > 0) { 1029 + rc = smbd_post_send_iter(info, iter, _remaining_data_length); 1030 + if (rc < 0) 1031 + break; 1032 + } 1033 + 1034 + return rc; 1016 1035 } 1017 1036 1018 1037 /* ··· 1475 1452 char name[MAX_NAME_LEN]; 1476 1453 int rc; 1477 1454 1455 + if (WARN_ON_ONCE(sp->max_recv_size < sizeof(struct smbdirect_data_transfer))) 1456 + return -ENOMEM; 1457 + 1478 1458 scnprintf(name, MAX_NAME_LEN, "smbd_request_%p", info); 1479 1459 info->request_cache = 1480 1460 kmem_cache_create( ··· 1495 1469 goto out1; 1496 1470 1497 1471 scnprintf(name, MAX_NAME_LEN, "smbd_response_%p", info); 1472 + 1473 + struct kmem_cache_args response_args = { 1474 + .align = __alignof__(struct smbd_response), 1475 + .useroffset = (offsetof(struct smbd_response, packet) + 1476 + sizeof(struct smbdirect_data_transfer)), 1477 + .usersize = sp->max_recv_size - sizeof(struct smbdirect_data_transfer), 1478 + }; 1498 1479 info->response_cache = 1499 - kmem_cache_create( 1500 - name, 1501 - sizeof(struct smbd_response) + 1502 - sp->max_recv_size, 1503 - 0, SLAB_HWCACHE_ALIGN, NULL); 1480 + kmem_cache_create(name, 1481 + sizeof(struct smbd_response) + sp->max_recv_size, 1482 + &response_args, SLAB_HWCACHE_ALIGN); 1504 1483 if (!info->response_cache) 1505 1484 goto out2; 1506 1485 ··· 1778 1747 } 1779 1748 1780 1749 /* 1781 - * Receive data from receive reassembly queue 1750 + * Receive data from the transport's receive reassembly queue 1782 1751 * All the incoming data packets are placed in reassembly queue 1783 - * buf: the buffer to read data into 1752 + * iter: the buffer to read data into 1784 1753 * size: the length of data to read 1785 1754 * return value: actual data read 1786 - * Note: this implementation copies the data from reassebmly queue to receive 1755 + * 1756 + * Note: this implementation copies the data from reassembly queue to receive 1787 1757 * buffers used by upper layer. This is not the optimal code path. A better way 1788 1758 * to do it is to not have upper layer allocate its receive buffers but rather 1789 1759 * borrow the buffer from reassembly queue, and return it after data is 1790 1760 * consumed. But this will require more changes to upper layer code, and also 1791 1761 * need to consider packet boundaries while they still being reassembled. 1792 1762 */ 1793 - static int smbd_recv_buf(struct smbd_connection *info, char *buf, 1794 - unsigned int size) 1763 + int smbd_recv(struct smbd_connection *info, struct msghdr *msg) 1795 1764 { 1796 1765 struct smbdirect_socket *sc = &info->socket; 1797 1766 struct smbd_response *response; 1798 1767 struct smbdirect_data_transfer *data_transfer; 1768 + size_t size = iov_iter_count(&msg->msg_iter); 1799 1769 int to_copy, to_read, data_read, offset; 1800 1770 u32 data_length, remaining_data_length, data_offset; 1801 1771 int rc; 1772 + 1773 + if (WARN_ON_ONCE(iov_iter_rw(&msg->msg_iter) == WRITE)) 1774 + return -EINVAL; /* It's a bug in upper layer to get there */ 1802 1775 1803 1776 again: 1804 1777 /* ··· 1810 1775 * the only one reading from the front of the queue. The transport 1811 1776 * may add more entries to the back of the queue at the same time 1812 1777 */ 1813 - log_read(INFO, "size=%d info->reassembly_data_length=%d\n", size, 1778 + log_read(INFO, "size=%zd info->reassembly_data_length=%d\n", size, 1814 1779 info->reassembly_data_length); 1815 1780 if (info->reassembly_data_length >= size) { 1816 1781 int queue_length; ··· 1848 1813 if (response->first_segment && size == 4) { 1849 1814 unsigned int rfc1002_len = 1850 1815 data_length + remaining_data_length; 1851 - *((__be32 *)buf) = cpu_to_be32(rfc1002_len); 1816 + __be32 rfc1002_hdr = cpu_to_be32(rfc1002_len); 1817 + if (copy_to_iter(&rfc1002_hdr, sizeof(rfc1002_hdr), 1818 + &msg->msg_iter) != sizeof(rfc1002_hdr)) 1819 + return -EFAULT; 1852 1820 data_read = 4; 1853 1821 response->first_segment = false; 1854 1822 log_read(INFO, "returning rfc1002 length %d\n", ··· 1860 1822 } 1861 1823 1862 1824 to_copy = min_t(int, data_length - offset, to_read); 1863 - memcpy( 1864 - buf + data_read, 1865 - (char *)data_transfer + data_offset + offset, 1866 - to_copy); 1825 + if (copy_to_iter((char *)data_transfer + data_offset + offset, 1826 + to_copy, &msg->msg_iter) != to_copy) 1827 + return -EFAULT; 1867 1828 1868 1829 /* move on to the next buffer? */ 1869 1830 if (to_copy == data_length - offset) { ··· 1928 1891 } 1929 1892 1930 1893 /* 1931 - * Receive a page from receive reassembly queue 1932 - * page: the page to read data into 1933 - * to_read: the length of data to read 1934 - * return value: actual data read 1935 - */ 1936 - static int smbd_recv_page(struct smbd_connection *info, 1937 - struct page *page, unsigned int page_offset, 1938 - unsigned int to_read) 1939 - { 1940 - struct smbdirect_socket *sc = &info->socket; 1941 - int ret; 1942 - char *to_address; 1943 - void *page_address; 1944 - 1945 - /* make sure we have the page ready for read */ 1946 - ret = wait_event_interruptible( 1947 - info->wait_reassembly_queue, 1948 - info->reassembly_data_length >= to_read || 1949 - sc->status != SMBDIRECT_SOCKET_CONNECTED); 1950 - if (ret) 1951 - return ret; 1952 - 1953 - /* now we can read from reassembly queue and not sleep */ 1954 - page_address = kmap_atomic(page); 1955 - to_address = (char *) page_address + page_offset; 1956 - 1957 - log_read(INFO, "reading from page=%p address=%p to_read=%d\n", 1958 - page, to_address, to_read); 1959 - 1960 - ret = smbd_recv_buf(info, to_address, to_read); 1961 - kunmap_atomic(page_address); 1962 - 1963 - return ret; 1964 - } 1965 - 1966 - /* 1967 - * Receive data from transport 1968 - * msg: a msghdr point to the buffer, can be ITER_KVEC or ITER_BVEC 1969 - * return: total bytes read, or 0. SMB Direct will not do partial read. 1970 - */ 1971 - int smbd_recv(struct smbd_connection *info, struct msghdr *msg) 1972 - { 1973 - char *buf; 1974 - struct page *page; 1975 - unsigned int to_read, page_offset; 1976 - int rc; 1977 - 1978 - if (iov_iter_rw(&msg->msg_iter) == WRITE) { 1979 - /* It's a bug in upper layer to get there */ 1980 - cifs_dbg(VFS, "Invalid msg iter dir %u\n", 1981 - iov_iter_rw(&msg->msg_iter)); 1982 - rc = -EINVAL; 1983 - goto out; 1984 - } 1985 - 1986 - switch (iov_iter_type(&msg->msg_iter)) { 1987 - case ITER_KVEC: 1988 - buf = msg->msg_iter.kvec->iov_base; 1989 - to_read = msg->msg_iter.kvec->iov_len; 1990 - rc = smbd_recv_buf(info, buf, to_read); 1991 - break; 1992 - 1993 - case ITER_BVEC: 1994 - page = msg->msg_iter.bvec->bv_page; 1995 - page_offset = msg->msg_iter.bvec->bv_offset; 1996 - to_read = msg->msg_iter.bvec->bv_len; 1997 - rc = smbd_recv_page(info, page, page_offset, to_read); 1998 - break; 1999 - 2000 - default: 2001 - /* It's a bug in upper layer to get there */ 2002 - cifs_dbg(VFS, "Invalid msg type %d\n", 2003 - iov_iter_type(&msg->msg_iter)); 2004 - rc = -EINVAL; 2005 - } 2006 - 2007 - out: 2008 - /* SMBDirect will read it all or nothing */ 2009 - if (rc > 0) 2010 - msg->msg_iter.count = 0; 2011 - return rc; 2012 - } 2013 - 2014 - /* 2015 1894 * Send data to transport 2016 1895 * Each rqst is transported as a SMBDirect payload 2017 1896 * rqst: the data to write ··· 1985 2032 klen += rqst->rq_iov[i].iov_len; 1986 2033 iov_iter_kvec(&iter, ITER_SOURCE, rqst->rq_iov, rqst->rq_nvec, klen); 1987 2034 1988 - rc = smbd_post_send_iter(info, &iter, &remaining_data_length); 2035 + rc = smbd_post_send_full_iter(info, &iter, &remaining_data_length); 1989 2036 if (rc < 0) 1990 2037 break; 1991 2038 1992 2039 if (iov_iter_count(&rqst->rq_iter) > 0) { 1993 2040 /* And then the data pages if there are any */ 1994 - rc = smbd_post_send_iter(info, &rqst->rq_iter, 1995 - &remaining_data_length); 2041 + rc = smbd_post_send_full_iter(info, &rqst->rq_iter, 2042 + &remaining_data_length); 1996 2043 if (rc < 0) 1997 2044 break; 1998 2045 }
+12 -12
fs/smb/client/trace.h
··· 140 140 __entry->len = len; 141 141 __entry->rc = rc; 142 142 ), 143 - TP_printk("\tR=%08x[%x] xid=%u sid=0x%llx tid=0x%x fid=0x%llx offset=0x%llx len=0x%x rc=%d", 143 + TP_printk("R=%08x[%x] xid=%u sid=0x%llx tid=0x%x fid=0x%llx offset=0x%llx len=0x%x rc=%d", 144 144 __entry->rreq_debug_id, __entry->rreq_debug_index, 145 145 __entry->xid, __entry->sesid, __entry->tid, __entry->fid, 146 146 __entry->offset, __entry->len, __entry->rc) ··· 190 190 __entry->len = len; 191 191 __entry->rc = rc; 192 192 ), 193 - TP_printk("\txid=%u sid=0x%llx tid=0x%x fid=0x%llx offset=0x%llx len=0x%x rc=%d", 193 + TP_printk("xid=%u sid=0x%llx tid=0x%x fid=0x%llx offset=0x%llx len=0x%x rc=%d", 194 194 __entry->xid, __entry->sesid, __entry->tid, __entry->fid, 195 195 __entry->offset, __entry->len, __entry->rc) 196 196 ) ··· 247 247 __entry->len = len; 248 248 __entry->rc = rc; 249 249 ), 250 - TP_printk("\txid=%u sid=0x%llx tid=0x%x source fid=0x%llx source offset=0x%llx target fid=0x%llx target offset=0x%llx len=0x%x rc=%d", 250 + TP_printk("xid=%u sid=0x%llx tid=0x%x source fid=0x%llx source offset=0x%llx target fid=0x%llx target offset=0x%llx len=0x%x rc=%d", 251 251 __entry->xid, __entry->sesid, __entry->tid, __entry->target_fid, 252 252 __entry->src_offset, __entry->target_fid, __entry->target_offset, __entry->len, __entry->rc) 253 253 ) ··· 298 298 __entry->target_offset = target_offset; 299 299 __entry->len = len; 300 300 ), 301 - TP_printk("\txid=%u sid=0x%llx tid=0x%x source fid=0x%llx source offset=0x%llx target fid=0x%llx target offset=0x%llx len=0x%x", 301 + TP_printk("xid=%u sid=0x%llx tid=0x%x source fid=0x%llx source offset=0x%llx target fid=0x%llx target offset=0x%llx len=0x%x", 302 302 __entry->xid, __entry->sesid, __entry->tid, __entry->target_fid, 303 303 __entry->src_offset, __entry->target_fid, __entry->target_offset, __entry->len) 304 304 ) ··· 482 482 __entry->tid = tid; 483 483 __entry->sesid = sesid; 484 484 ), 485 - TP_printk("\txid=%u sid=0x%llx tid=0x%x fid=0x%llx", 485 + TP_printk("xid=%u sid=0x%llx tid=0x%x fid=0x%llx", 486 486 __entry->xid, __entry->sesid, __entry->tid, __entry->fid) 487 487 ) 488 488 ··· 521 521 __entry->sesid = sesid; 522 522 __entry->rc = rc; 523 523 ), 524 - TP_printk("\txid=%u sid=0x%llx tid=0x%x fid=0x%llx rc=%d", 524 + TP_printk("xid=%u sid=0x%llx tid=0x%x fid=0x%llx rc=%d", 525 525 __entry->xid, __entry->sesid, __entry->tid, __entry->fid, 526 526 __entry->rc) 527 527 ) ··· 794 794 __entry->status = status; 795 795 __entry->rc = rc; 796 796 ), 797 - TP_printk("\tsid=0x%llx tid=0x%x cmd=%u mid=%llu status=0x%x rc=%d", 797 + TP_printk("sid=0x%llx tid=0x%x cmd=%u mid=%llu status=0x%x rc=%d", 798 798 __entry->sesid, __entry->tid, __entry->cmd, __entry->mid, 799 799 __entry->status, __entry->rc) 800 800 ) ··· 829 829 __entry->cmd = cmd; 830 830 __entry->mid = mid; 831 831 ), 832 - TP_printk("\tsid=0x%llx tid=0x%x cmd=%u mid=%llu", 832 + TP_printk("sid=0x%llx tid=0x%x cmd=%u mid=%llu", 833 833 __entry->sesid, __entry->tid, 834 834 __entry->cmd, __entry->mid) 835 835 ) ··· 867 867 __entry->when_sent = when_sent; 868 868 __entry->when_received = when_received; 869 869 ), 870 - TP_printk("\tcmd=%u mid=%llu pid=%u, when_sent=%lu when_rcv=%lu", 870 + TP_printk("cmd=%u mid=%llu pid=%u, when_sent=%lu when_rcv=%lu", 871 871 __entry->cmd, __entry->mid, __entry->pid, __entry->when_sent, 872 872 __entry->when_received) 873 873 ) ··· 898 898 __assign_str(func_name); 899 899 __entry->rc = rc; 900 900 ), 901 - TP_printk("\t%s: xid=%u rc=%d", 901 + TP_printk("%s: xid=%u rc=%d", 902 902 __get_str(func_name), __entry->xid, __entry->rc) 903 903 ) 904 904 ··· 924 924 __entry->ino = ino; 925 925 __entry->rc = rc; 926 926 ), 927 - TP_printk("\tino=%lu rc=%d", 927 + TP_printk("ino=%lu rc=%d", 928 928 __entry->ino, __entry->rc) 929 929 ) 930 930 ··· 950 950 __entry->xid = xid; 951 951 __assign_str(func_name); 952 952 ), 953 - TP_printk("\t%s: xid=%u", 953 + TP_printk("%s: xid=%u", 954 954 __get_str(func_name), __entry->xid) 955 955 ) 956 956