fs/smbsrv/smb2_cancel.c

a90cf9f2SGordon Ross/*
a90cf9f2SGordon Ross * This file and its contents are supplied under the terms of the
a90cf9f2SGordon Ross * Common Development and Distribution License ("CDDL"), version 1.0.
a90cf9f2SGordon Ross * You may only use this file in accordance with the terms of version
a90cf9f2SGordon Ross * 1.0 of the CDDL.
a90cf9f2SGordon Ross *
a90cf9f2SGordon Ross * A full copy of the text of the CDDL should have accompanied this
a90cf9f2SGordon Ross * source.  A copy of the CDDL is also available via the Internet at
a90cf9f2SGordon Ross * http://www.illumos.org/license/CDDL.
a90cf9f2SGordon Ross */
a90cf9f2SGordon Ross
a90cf9f2SGordon Ross/*
*525641e8SGordon Ross * Copyright 2020 Tintri by DDN, Inc.  All rights reserved.
a90cf9f2SGordon Ross */
a90cf9f2SGordon Ross
a90cf9f2SGordon Ross/*
a90cf9f2SGordon Ross * Dispatch function for SMB2_CANCEL
a90cf9f2SGordon Ross */
a90cf9f2SGordon Ross
a90cf9f2SGordon Ross#include <smbsrv/smb2_kproto.h>
a90cf9f2SGordon Ross
5677e049SGordon Rossstatic void smb2_cancel_async(smb_request_t *);
5677e049SGordon Rossstatic void smb2_cancel_sync(smb_request_t *);
a90cf9f2SGordon Ross
a90cf9f2SGordon Ross/*
a90cf9f2SGordon Ross * This handles an SMB2_CANCEL request when seen in the reader.
a90cf9f2SGordon Ross * (See smb2sr_newrq)  Handle this immediately, rather than
a90cf9f2SGordon Ross * going through the normal taskq dispatch mechanism.
a90cf9f2SGordon Ross * Note that Cancel does NOT get a response.
5677e049SGordon Ross *
5677e049SGordon Ross * Any non-zero return causes disconnect.
5677e049SGordon Ross * SMB2 header is already decoded.
a90cf9f2SGordon Ross */
a90cf9f2SGordon Rossint
5677e049SGordon Rosssmb2_newrq_cancel(smb_request_t *sr)
a90cf9f2SGordon Ross{
a90cf9f2SGordon Ross
a90cf9f2SGordon Ross	/*
5677e049SGordon Ross	 * If we get SMB2 cancel as part of a compound,
5677e049SGordon Ross	 * that's a protocol violation.  Drop 'em!
a90cf9f2SGordon Ross	 */
5677e049SGordon Ross	if (sr->smb2_next_command != 0)
5677e049SGordon Ross		return (EINVAL);
a90cf9f2SGordon Ross
93bc28dbSGordon Ross	DTRACE_SMB2_START(op__Cancel, smb_request_t *, sr);
93bc28dbSGordon Ross
a90cf9f2SGordon Ross	if (sr->smb2_hdr_flags & SMB2_FLAGS_ASYNC_COMMAND)
5677e049SGordon Ross		smb2_cancel_async(sr);
a90cf9f2SGordon Ross	else
5677e049SGordon Ross		smb2_cancel_sync(sr);
a90cf9f2SGordon Ross
93bc28dbSGordon Ross	DTRACE_SMB2_DONE(op__Cancel, smb_request_t *, sr);
93bc28dbSGordon Ross
a90cf9f2SGordon Ross	return (0);
a90cf9f2SGordon Ross}
a90cf9f2SGordon Ross
5677e049SGordon Ross/*
5677e049SGordon Ross * Dispatch handler for SMB2_CANCEL.
5677e049SGordon Ross * Note that Cancel does NOT get a response.
5677e049SGordon Ross */
5677e049SGordon Rosssmb_sdrc_t
5677e049SGordon Rosssmb2_cancel(smb_request_t *sr)
5677e049SGordon Ross{
5677e049SGordon Ross
5677e049SGordon Ross	/*
5677e049SGordon Ross	 * If we get SMB2 cancel as part of a compound,
5677e049SGordon Ross	 * that's a protocol violation.  Drop 'em!
5677e049SGordon Ross	 */
5677e049SGordon Ross	if (sr->smb2_cmd_hdr != 0 || sr->smb2_next_command != 0)
5677e049SGordon Ross		return (SDRC_DROP_VC);
5677e049SGordon Ross
93bc28dbSGordon Ross	DTRACE_SMB2_START(op__Cancel, smb_request_t *, sr);
93bc28dbSGordon Ross
5677e049SGordon Ross	if (sr->smb2_hdr_flags & SMB2_FLAGS_ASYNC_COMMAND) {
5677e049SGordon Ross		smb2_cancel_async(sr);
5677e049SGordon Ross	} else {
5677e049SGordon Ross		smb2_cancel_sync(sr);
5677e049SGordon Ross	}
5677e049SGordon Ross
93bc28dbSGordon Ross	DTRACE_SMB2_DONE(op__Cancel, smb_request_t *, sr);
93bc28dbSGordon Ross
5677e049SGordon Ross	return (SDRC_NO_REPLY);
5677e049SGordon Ross}
5677e049SGordon Ross
5677e049SGordon Ross/*
5677e049SGordon Ross * SMB2 Cancel (sync) has an inherent race with the request being
5677e049SGordon Ross * cancelled.  The request may have been received but not yet
5677e049SGordon Ross * executed by a worker thread, in which case we'll mark the
5677e049SGordon Ross * request state as cancelled, and when a worker thread starts
5677e049SGordon Ross * on this request we'll cancel everything in the compound.
5677e049SGordon Ross */
a90cf9f2SGordon Rossstatic void
5677e049SGordon Rosssmb2_cancel_sync(smb_request_t *sr)
a90cf9f2SGordon Ross{
a90cf9f2SGordon Ross	struct smb_request *req;
a90cf9f2SGordon Ross	struct smb_session *session = sr->session;
a90cf9f2SGordon Ross	int cnt = 0;
a90cf9f2SGordon Ross
*525641e8SGordon Ross	if (sr->smb2_messageid == 0 || sr->smb2_messageid == UINT64_MAX)
*525641e8SGordon Ross		return;
5677e049SGordon Ross
a90cf9f2SGordon Ross	smb_slist_enter(&session->s_req_list);
5677e049SGordon Ross	for (req = smb_slist_head(&session->s_req_list); req != NULL;
5677e049SGordon Ross	    req = smb_slist_next(&session->s_req_list, req)) {
5677e049SGordon Ross
5677e049SGordon Ross		/* never cancel self */
5677e049SGordon Ross		if (req == sr)
5677e049SGordon Ross			continue;
5677e049SGordon Ross
5677e049SGordon Ross		if (sr->smb2_messageid >= req->smb2_first_msgid &&
5677e049SGordon Ross		    sr->smb2_messageid < (req->smb2_first_msgid +
5677e049SGordon Ross		    req->smb2_total_credits)) {
a90cf9f2SGordon Ross			smb_request_cancel(req);
a90cf9f2SGordon Ross			cnt++;
a90cf9f2SGordon Ross		}
a90cf9f2SGordon Ross	}
5677e049SGordon Ross	smb_slist_exit(&session->s_req_list);
5677e049SGordon Ross
a90cf9f2SGordon Ross	if (cnt != 1) {
a90cf9f2SGordon Ross		DTRACE_PROBE2(smb2__cancel__error,
a90cf9f2SGordon Ross		    uint64_t, sr->smb2_messageid, int, cnt);
5677e049SGordon Ross#ifdef	DEBUG
5677e049SGordon Ross		/*
5677e049SGordon Ross		 * It's somewhat common that we may see a cancel for a
5677e049SGordon Ross		 * request that has already completed, so report that
5677e049SGordon Ross		 * only in debug builds.
5677e049SGordon Ross		 */
5677e049SGordon Ross		cmn_err(CE_WARN, "SMB2 cancel failed, "
5677e049SGordon Ross		    "client=%s, MID=0x%llx",
5677e049SGordon Ross		    sr->session->ip_addr_str,
5677e049SGordon Ross		    (u_longlong_t)sr->smb2_messageid);
5677e049SGordon Ross#endif
a90cf9f2SGordon Ross	}
a90cf9f2SGordon Ross}
a90cf9f2SGordon Ross
5677e049SGordon Ross/*
5677e049SGordon Ross * Note that cancelling an async request doesn't have a race
5677e049SGordon Ross * because the client doesn't learn about the async ID until we
5677e049SGordon Ross * send it to them in an interim reply, and by that point the
5677e049SGordon Ross * request has progressed to the point where smb_cancel can find
5677e049SGordon Ross * the request and cancel it.
5677e049SGordon Ross */
a90cf9f2SGordon Rossstatic void
5677e049SGordon Rosssmb2_cancel_async(smb_request_t *sr)
a90cf9f2SGordon Ross{
a90cf9f2SGordon Ross	struct smb_request *req;
a90cf9f2SGordon Ross	struct smb_session *session = sr->session;
a90cf9f2SGordon Ross	int cnt = 0;
a90cf9f2SGordon Ross
*525641e8SGordon Ross	if (sr->smb2_async_id == 0)
*525641e8SGordon Ross		return;
*525641e8SGordon Ross
a90cf9f2SGordon Ross	smb_slist_enter(&session->s_req_list);
a90cf9f2SGordon Ross	req = smb_slist_head(&session->s_req_list);
a90cf9f2SGordon Ross	while (req) {
a90cf9f2SGordon Ross		ASSERT(req->sr_magic == SMB_REQ_MAGIC);
a90cf9f2SGordon Ross		if ((req != sr) &&
a90cf9f2SGordon Ross		    (req->smb2_async_id == sr->smb2_async_id)) {
a90cf9f2SGordon Ross			smb_request_cancel(req);
a90cf9f2SGordon Ross			cnt++;
a90cf9f2SGordon Ross		}
a90cf9f2SGordon Ross		req = smb_slist_next(&session->s_req_list, req);
a90cf9f2SGordon Ross	}
a90cf9f2SGordon Ross	if (cnt != 1) {
a90cf9f2SGordon Ross		DTRACE_PROBE2(smb2__cancel__error,
a90cf9f2SGordon Ross		    uint64_t, sr->smb2_async_id, int, cnt);
5677e049SGordon Ross		/*
5677e049SGordon Ross		 * Not logging here, as this is normal, i.e.
5677e049SGordon Ross		 * when both a cancel and a handle close
5677e049SGordon Ross		 * terminates an SMB2_notify request.
5677e049SGordon Ross		 */
a90cf9f2SGordon Ross	}
a90cf9f2SGordon Ross	smb_slist_exit(&session->s_req_list);
a90cf9f2SGordon Ross}