1 // SPDX-License-Identifier: LGPL-2.1 2 /* 3 * 4 * Copyright (C) International Business Machines Corp., 2009, 2013 5 * Etersoft, 2012 6 * Author(s): Steve French (sfrench@us.ibm.com) 7 * Pavel Shilovsky (pshilovsky@samba.org) 2012 8 * 9 * Contains the routines for constructing the SMB2 PDUs themselves 10 * 11 */ 12 13 /* SMB2 PDU handling routines here - except for leftovers (eg session setup) */ 14 /* Note that there are handle based routines which must be */ 15 /* treated slightly differently for reconnection purposes since we never */ 16 /* want to reuse a stale file handle and only the caller knows the file info */ 17 18 #include <linux/fs.h> 19 #include <linux/kernel.h> 20 #include <linux/vfs.h> 21 #include <linux/task_io_accounting_ops.h> 22 #include <linux/uaccess.h> 23 #include <linux/uuid.h> 24 #include <linux/pagemap.h> 25 #include <linux/xattr.h> 26 #include "cifsglob.h" 27 #include "cifsacl.h" 28 #include "cifsproto.h" 29 #include "smb2proto.h" 30 #include "cifs_unicode.h" 31 #include "cifs_debug.h" 32 #include "ntlmssp.h" 33 #include "smb2status.h" 34 #include "smb2glob.h" 35 #include "cifspdu.h" 36 #include "cifs_spnego.h" 37 #include "smbdirect.h" 38 #include "trace.h" 39 #ifdef CONFIG_CIFS_DFS_UPCALL 40 #include "dfs_cache.h" 41 #endif 42 #include "cached_dir.h" 43 44 /* 45 * The following table defines the expected "StructureSize" of SMB2 requests 46 * in order by SMB2 command. This is similar to "wct" in SMB/CIFS requests. 47 * 48 * Note that commands are defined in smb2pdu.h in le16 but the array below is 49 * indexed by command in host byte order. 50 */ 51 static const int smb2_req_struct_sizes[NUMBER_OF_SMB2_COMMANDS] = { 52 /* SMB2_NEGOTIATE */ 36, 53 /* SMB2_SESSION_SETUP */ 25, 54 /* SMB2_LOGOFF */ 4, 55 /* SMB2_TREE_CONNECT */ 9, 56 /* SMB2_TREE_DISCONNECT */ 4, 57 /* SMB2_CREATE */ 57, 58 /* SMB2_CLOSE */ 24, 59 /* SMB2_FLUSH */ 24, 60 /* SMB2_READ */ 49, 61 /* SMB2_WRITE */ 49, 62 /* SMB2_LOCK */ 48, 63 /* SMB2_IOCTL */ 57, 64 /* SMB2_CANCEL */ 4, 65 /* SMB2_ECHO */ 4, 66 /* SMB2_QUERY_DIRECTORY */ 33, 67 /* SMB2_CHANGE_NOTIFY */ 32, 68 /* SMB2_QUERY_INFO */ 41, 69 /* SMB2_SET_INFO */ 33, 70 /* SMB2_OPLOCK_BREAK */ 24 /* BB this is 36 for LEASE_BREAK variant */ 71 }; 72 73 int smb3_encryption_required(const struct cifs_tcon *tcon) 74 { 75 if (!tcon || !tcon->ses) 76 return 0; 77 if ((tcon->ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) || 78 (tcon->share_flags & SHI1005_FLAGS_ENCRYPT_DATA)) 79 return 1; 80 if (tcon->seal && 81 (tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) 82 return 1; 83 return 0; 84 } 85 86 static void 87 smb2_hdr_assemble(struct smb2_hdr *shdr, __le16 smb2_cmd, 88 const struct cifs_tcon *tcon, 89 struct TCP_Server_Info *server) 90 { 91 struct smb3_hdr_req *smb3_hdr; 92 93 shdr->ProtocolId = SMB2_PROTO_NUMBER; 94 shdr->StructureSize = cpu_to_le16(64); 95 shdr->Command = smb2_cmd; 96 97 if (server) { 98 /* After reconnect SMB3 must set ChannelSequence on subsequent reqs */ 99 if (server->dialect >= SMB30_PROT_ID) { 100 smb3_hdr = (struct smb3_hdr_req *)shdr; 101 /* 102 * if primary channel is not set yet, use default 103 * channel for chan sequence num 104 */ 105 if (SERVER_IS_CHAN(server)) 106 smb3_hdr->ChannelSequence = 107 cpu_to_le16(server->primary_server->channel_sequence_num); 108 else 109 smb3_hdr->ChannelSequence = 110 cpu_to_le16(server->channel_sequence_num); 111 } 112 spin_lock(&server->req_lock); 113 /* Request up to 10 credits but don't go over the limit. */ 114 if (server->credits >= server->max_credits) 115 shdr->CreditRequest = cpu_to_le16(0); 116 else 117 shdr->CreditRequest = cpu_to_le16( 118 min_t(int, server->max_credits - 119 server->credits, 10)); 120 spin_unlock(&server->req_lock); 121 } else { 122 shdr->CreditRequest = cpu_to_le16(2); 123 } 124 shdr->Id.SyncId.ProcessId = cpu_to_le32((__u16)current->tgid); 125 126 if (!tcon) 127 goto out; 128 129 /* GLOBAL_CAP_LARGE_MTU will only be set if dialect > SMB2.02 */ 130 /* See sections 2.2.4 and 3.2.4.1.5 of MS-SMB2 */ 131 if (server && (server->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU)) 132 shdr->CreditCharge = cpu_to_le16(1); 133 /* else CreditCharge MBZ */ 134 135 shdr->Id.SyncId.TreeId = cpu_to_le32(tcon->tid); 136 /* Uid is not converted */ 137 if (tcon->ses) 138 shdr->SessionId = cpu_to_le64(tcon->ses->Suid); 139 140 /* 141 * If we would set SMB2_FLAGS_DFS_OPERATIONS on open we also would have 142 * to pass the path on the Open SMB prefixed by \\server\share. 143 * Not sure when we would need to do the augmented path (if ever) and 144 * setting this flag breaks the SMB2 open operation since it is 145 * illegal to send an empty path name (without \\server\share prefix) 146 * when the DFS flag is set in the SMB open header. We could 147 * consider setting the flag on all operations other than open 148 * but it is safer to net set it for now. 149 */ 150 /* if (tcon->share_flags & SHI1005_FLAGS_DFS) 151 shdr->Flags |= SMB2_FLAGS_DFS_OPERATIONS; */ 152 153 if (server && server->sign && !smb3_encryption_required(tcon)) 154 shdr->Flags |= SMB2_FLAGS_SIGNED; 155 out: 156 return; 157 } 158 159 static int 160 smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon, 161 struct TCP_Server_Info *server) 162 { 163 int rc = 0; 164 struct nls_table *nls_codepage = NULL; 165 struct cifs_ses *ses; 166 167 /* 168 * SMB2s NegProt, SessSetup, Logoff do not have tcon yet so 169 * check for tcp and smb session status done differently 170 * for those three - in the calling routine. 171 */ 172 if (tcon == NULL) 173 return 0; 174 175 /* 176 * Need to also skip SMB2_IOCTL because it is used for checking nested dfs links in 177 * cifs_tree_connect(). 178 */ 179 if (smb2_command == SMB2_TREE_CONNECT || smb2_command == SMB2_IOCTL) 180 return 0; 181 182 spin_lock(&tcon->tc_lock); 183 if (tcon->status == TID_EXITING) { 184 /* 185 * only tree disconnect allowed when disconnecting ... 186 */ 187 if (smb2_command != SMB2_TREE_DISCONNECT) { 188 spin_unlock(&tcon->tc_lock); 189 cifs_dbg(FYI, "can not send cmd %d while umounting\n", 190 smb2_command); 191 return -ENODEV; 192 } 193 } 194 spin_unlock(&tcon->tc_lock); 195 196 ses = tcon->ses; 197 if (!ses) 198 return -EIO; 199 spin_lock(&ses->ses_lock); 200 if (ses->ses_status == SES_EXITING) { 201 spin_unlock(&ses->ses_lock); 202 return -EIO; 203 } 204 spin_unlock(&ses->ses_lock); 205 if (!ses->server || !server) 206 return -EIO; 207 208 spin_lock(&server->srv_lock); 209 if (server->tcpStatus == CifsNeedReconnect) { 210 /* 211 * Return to caller for TREE_DISCONNECT and LOGOFF and CLOSE 212 * here since they are implicitly done when session drops. 213 */ 214 switch (smb2_command) { 215 /* 216 * BB Should we keep oplock break and add flush to exceptions? 217 */ 218 case SMB2_TREE_DISCONNECT: 219 case SMB2_CANCEL: 220 case SMB2_CLOSE: 221 case SMB2_OPLOCK_BREAK: 222 spin_unlock(&server->srv_lock); 223 return -EAGAIN; 224 } 225 } 226 spin_unlock(&server->srv_lock); 227 228 again: 229 rc = cifs_wait_for_server_reconnect(server, tcon->retry); 230 if (rc) 231 return rc; 232 233 spin_lock(&ses->chan_lock); 234 if (!cifs_chan_needs_reconnect(ses, server) && !tcon->need_reconnect) { 235 spin_unlock(&ses->chan_lock); 236 return 0; 237 } 238 spin_unlock(&ses->chan_lock); 239 cifs_dbg(FYI, "sess reconnect mask: 0x%lx, tcon reconnect: %d", 240 tcon->ses->chans_need_reconnect, 241 tcon->need_reconnect); 242 243 mutex_lock(&ses->session_mutex); 244 /* 245 * Recheck after acquire mutex. If another thread is negotiating 246 * and the server never sends an answer the socket will be closed 247 * and tcpStatus set to reconnect. 248 */ 249 spin_lock(&server->srv_lock); 250 if (server->tcpStatus == CifsNeedReconnect) { 251 spin_unlock(&server->srv_lock); 252 mutex_unlock(&ses->session_mutex); 253 254 if (tcon->retry) 255 goto again; 256 257 rc = -EHOSTDOWN; 258 goto out; 259 } 260 spin_unlock(&server->srv_lock); 261 262 nls_codepage = ses->local_nls; 263 264 /* 265 * need to prevent multiple threads trying to simultaneously 266 * reconnect the same SMB session 267 */ 268 spin_lock(&ses->ses_lock); 269 spin_lock(&ses->chan_lock); 270 if (!cifs_chan_needs_reconnect(ses, server) && 271 ses->ses_status == SES_GOOD) { 272 spin_unlock(&ses->chan_lock); 273 spin_unlock(&ses->ses_lock); 274 /* this means that we only need to tree connect */ 275 if (tcon->need_reconnect) 276 goto skip_sess_setup; 277 278 mutex_unlock(&ses->session_mutex); 279 goto out; 280 } 281 spin_unlock(&ses->chan_lock); 282 spin_unlock(&ses->ses_lock); 283 284 rc = cifs_negotiate_protocol(0, ses, server); 285 if (!rc) { 286 rc = cifs_setup_session(0, ses, server, nls_codepage); 287 if ((rc == -EACCES) && !tcon->retry) { 288 mutex_unlock(&ses->session_mutex); 289 rc = -EHOSTDOWN; 290 goto failed; 291 } else if (rc) { 292 mutex_unlock(&ses->session_mutex); 293 goto out; 294 } 295 } else { 296 mutex_unlock(&ses->session_mutex); 297 goto out; 298 } 299 300 skip_sess_setup: 301 if (!tcon->need_reconnect) { 302 mutex_unlock(&ses->session_mutex); 303 goto out; 304 } 305 cifs_mark_open_files_invalid(tcon); 306 if (tcon->use_persistent) 307 tcon->need_reopen_files = true; 308 309 rc = cifs_tree_connect(0, tcon, nls_codepage); 310 mutex_unlock(&ses->session_mutex); 311 312 cifs_dbg(FYI, "reconnect tcon rc = %d\n", rc); 313 if (rc) { 314 /* If sess reconnected but tcon didn't, something strange ... */ 315 cifs_dbg(VFS, "reconnect tcon failed rc = %d\n", rc); 316 goto out; 317 } 318 319 if (smb2_command != SMB2_INTERNAL_CMD) 320 mod_delayed_work(cifsiod_wq, &server->reconnect, 0); 321 322 atomic_inc(&tconInfoReconnectCount); 323 out: 324 /* 325 * Check if handle based operation so we know whether we can continue 326 * or not without returning to caller to reset file handle. 327 */ 328 /* 329 * BB Is flush done by server on drop of tcp session? Should we special 330 * case it and skip above? 331 */ 332 switch (smb2_command) { 333 case SMB2_FLUSH: 334 case SMB2_READ: 335 case SMB2_WRITE: 336 case SMB2_LOCK: 337 case SMB2_QUERY_DIRECTORY: 338 case SMB2_CHANGE_NOTIFY: 339 case SMB2_QUERY_INFO: 340 case SMB2_SET_INFO: 341 rc = -EAGAIN; 342 } 343 failed: 344 return rc; 345 } 346 347 static void 348 fill_small_buf(__le16 smb2_command, struct cifs_tcon *tcon, 349 struct TCP_Server_Info *server, 350 void *buf, 351 unsigned int *total_len) 352 { 353 struct smb2_pdu *spdu = buf; 354 /* lookup word count ie StructureSize from table */ 355 __u16 parmsize = smb2_req_struct_sizes[le16_to_cpu(smb2_command)]; 356 357 /* 358 * smaller than SMALL_BUFFER_SIZE but bigger than fixed area of 359 * largest operations (Create) 360 */ 361 memset(buf, 0, 256); 362 363 smb2_hdr_assemble(&spdu->hdr, smb2_command, tcon, server); 364 spdu->StructureSize2 = cpu_to_le16(parmsize); 365 366 *total_len = parmsize + sizeof(struct smb2_hdr); 367 } 368 369 /* 370 * Allocate and return pointer to an SMB request hdr, and set basic 371 * SMB information in the SMB header. If the return code is zero, this 372 * function must have filled in request_buf pointer. 373 */ 374 static int __smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon, 375 struct TCP_Server_Info *server, 376 void **request_buf, unsigned int *total_len) 377 { 378 /* BB eventually switch this to SMB2 specific small buf size */ 379 if (smb2_command == SMB2_SET_INFO) 380 *request_buf = cifs_buf_get(); 381 else 382 *request_buf = cifs_small_buf_get(); 383 if (*request_buf == NULL) { 384 /* BB should we add a retry in here if not a writepage? */ 385 return -ENOMEM; 386 } 387 388 fill_small_buf(smb2_command, tcon, server, 389 (struct smb2_hdr *)(*request_buf), 390 total_len); 391 392 if (tcon != NULL) { 393 uint16_t com_code = le16_to_cpu(smb2_command); 394 cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_sent[com_code]); 395 cifs_stats_inc(&tcon->num_smbs_sent); 396 } 397 398 return 0; 399 } 400 401 static int smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon, 402 struct TCP_Server_Info *server, 403 void **request_buf, unsigned int *total_len) 404 { 405 int rc; 406 407 rc = smb2_reconnect(smb2_command, tcon, server); 408 if (rc) 409 return rc; 410 411 return __smb2_plain_req_init(smb2_command, tcon, server, request_buf, 412 total_len); 413 } 414 415 static int smb2_ioctl_req_init(u32 opcode, struct cifs_tcon *tcon, 416 struct TCP_Server_Info *server, 417 void **request_buf, unsigned int *total_len) 418 { 419 /* Skip reconnect only for FSCTL_VALIDATE_NEGOTIATE_INFO IOCTLs */ 420 if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO) { 421 return __smb2_plain_req_init(SMB2_IOCTL, tcon, server, 422 request_buf, total_len); 423 } 424 return smb2_plain_req_init(SMB2_IOCTL, tcon, server, 425 request_buf, total_len); 426 } 427 428 /* For explanation of negotiate contexts see MS-SMB2 section 2.2.3.1 */ 429 430 static void 431 build_preauth_ctxt(struct smb2_preauth_neg_context *pneg_ctxt) 432 { 433 pneg_ctxt->ContextType = SMB2_PREAUTH_INTEGRITY_CAPABILITIES; 434 pneg_ctxt->DataLength = cpu_to_le16(38); 435 pneg_ctxt->HashAlgorithmCount = cpu_to_le16(1); 436 pneg_ctxt->SaltLength = cpu_to_le16(SMB311_SALT_SIZE); 437 get_random_bytes(pneg_ctxt->Salt, SMB311_SALT_SIZE); 438 pneg_ctxt->HashAlgorithms = SMB2_PREAUTH_INTEGRITY_SHA512; 439 } 440 441 static void 442 build_compression_ctxt(struct smb2_compression_capabilities_context *pneg_ctxt) 443 { 444 pneg_ctxt->ContextType = SMB2_COMPRESSION_CAPABILITIES; 445 pneg_ctxt->DataLength = 446 cpu_to_le16(sizeof(struct smb2_compression_capabilities_context) 447 - sizeof(struct smb2_neg_context)); 448 pneg_ctxt->CompressionAlgorithmCount = cpu_to_le16(3); 449 pneg_ctxt->CompressionAlgorithms[0] = SMB3_COMPRESS_LZ77; 450 pneg_ctxt->CompressionAlgorithms[1] = SMB3_COMPRESS_LZ77_HUFF; 451 pneg_ctxt->CompressionAlgorithms[2] = SMB3_COMPRESS_LZNT1; 452 } 453 454 static unsigned int 455 build_signing_ctxt(struct smb2_signing_capabilities *pneg_ctxt) 456 { 457 unsigned int ctxt_len = sizeof(struct smb2_signing_capabilities); 458 unsigned short num_algs = 1; /* number of signing algorithms sent */ 459 460 pneg_ctxt->ContextType = SMB2_SIGNING_CAPABILITIES; 461 /* 462 * Context Data length must be rounded to multiple of 8 for some servers 463 */ 464 pneg_ctxt->DataLength = cpu_to_le16(ALIGN(sizeof(struct smb2_signing_capabilities) - 465 sizeof(struct smb2_neg_context) + 466 (num_algs * sizeof(u16)), 8)); 467 pneg_ctxt->SigningAlgorithmCount = cpu_to_le16(num_algs); 468 pneg_ctxt->SigningAlgorithms[0] = cpu_to_le16(SIGNING_ALG_AES_CMAC); 469 470 ctxt_len += sizeof(__le16) * num_algs; 471 ctxt_len = ALIGN(ctxt_len, 8); 472 return ctxt_len; 473 /* TBD add SIGNING_ALG_AES_GMAC and/or SIGNING_ALG_HMAC_SHA256 */ 474 } 475 476 static void 477 build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt) 478 { 479 pneg_ctxt->ContextType = SMB2_ENCRYPTION_CAPABILITIES; 480 if (require_gcm_256) { 481 pneg_ctxt->DataLength = cpu_to_le16(4); /* Cipher Count + 1 cipher */ 482 pneg_ctxt->CipherCount = cpu_to_le16(1); 483 pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES256_GCM; 484 } else if (enable_gcm_256) { 485 pneg_ctxt->DataLength = cpu_to_le16(8); /* Cipher Count + 3 ciphers */ 486 pneg_ctxt->CipherCount = cpu_to_le16(3); 487 pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_GCM; 488 pneg_ctxt->Ciphers[1] = SMB2_ENCRYPTION_AES256_GCM; 489 pneg_ctxt->Ciphers[2] = SMB2_ENCRYPTION_AES128_CCM; 490 } else { 491 pneg_ctxt->DataLength = cpu_to_le16(6); /* Cipher Count + 2 ciphers */ 492 pneg_ctxt->CipherCount = cpu_to_le16(2); 493 pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_GCM; 494 pneg_ctxt->Ciphers[1] = SMB2_ENCRYPTION_AES128_CCM; 495 } 496 } 497 498 static unsigned int 499 build_netname_ctxt(struct smb2_netname_neg_context *pneg_ctxt, char *hostname) 500 { 501 struct nls_table *cp = load_nls_default(); 502 503 pneg_ctxt->ContextType = SMB2_NETNAME_NEGOTIATE_CONTEXT_ID; 504 505 /* copy up to max of first 100 bytes of server name to NetName field */ 506 pneg_ctxt->DataLength = cpu_to_le16(2 * cifs_strtoUTF16(pneg_ctxt->NetName, hostname, 100, cp)); 507 /* context size is DataLength + minimal smb2_neg_context */ 508 return ALIGN(le16_to_cpu(pneg_ctxt->DataLength) + sizeof(struct smb2_neg_context), 8); 509 } 510 511 static void 512 build_posix_ctxt(struct smb2_posix_neg_context *pneg_ctxt) 513 { 514 pneg_ctxt->ContextType = SMB2_POSIX_EXTENSIONS_AVAILABLE; 515 pneg_ctxt->DataLength = cpu_to_le16(POSIX_CTXT_DATA_LEN); 516 /* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */ 517 pneg_ctxt->Name[0] = 0x93; 518 pneg_ctxt->Name[1] = 0xAD; 519 pneg_ctxt->Name[2] = 0x25; 520 pneg_ctxt->Name[3] = 0x50; 521 pneg_ctxt->Name[4] = 0x9C; 522 pneg_ctxt->Name[5] = 0xB4; 523 pneg_ctxt->Name[6] = 0x11; 524 pneg_ctxt->Name[7] = 0xE7; 525 pneg_ctxt->Name[8] = 0xB4; 526 pneg_ctxt->Name[9] = 0x23; 527 pneg_ctxt->Name[10] = 0x83; 528 pneg_ctxt->Name[11] = 0xDE; 529 pneg_ctxt->Name[12] = 0x96; 530 pneg_ctxt->Name[13] = 0x8B; 531 pneg_ctxt->Name[14] = 0xCD; 532 pneg_ctxt->Name[15] = 0x7C; 533 } 534 535 static void 536 assemble_neg_contexts(struct smb2_negotiate_req *req, 537 struct TCP_Server_Info *server, unsigned int *total_len) 538 { 539 unsigned int ctxt_len, neg_context_count; 540 struct TCP_Server_Info *pserver; 541 char *pneg_ctxt; 542 char *hostname; 543 544 if (*total_len > 200) { 545 /* In case length corrupted don't want to overrun smb buffer */ 546 cifs_server_dbg(VFS, "Bad frame length assembling neg contexts\n"); 547 return; 548 } 549 550 /* 551 * round up total_len of fixed part of SMB3 negotiate request to 8 552 * byte boundary before adding negotiate contexts 553 */ 554 *total_len = ALIGN(*total_len, 8); 555 556 pneg_ctxt = (*total_len) + (char *)req; 557 req->NegotiateContextOffset = cpu_to_le32(*total_len); 558 559 build_preauth_ctxt((struct smb2_preauth_neg_context *)pneg_ctxt); 560 ctxt_len = ALIGN(sizeof(struct smb2_preauth_neg_context), 8); 561 *total_len += ctxt_len; 562 pneg_ctxt += ctxt_len; 563 564 build_encrypt_ctxt((struct smb2_encryption_neg_context *)pneg_ctxt); 565 ctxt_len = ALIGN(sizeof(struct smb2_encryption_neg_context), 8); 566 *total_len += ctxt_len; 567 pneg_ctxt += ctxt_len; 568 569 /* 570 * secondary channels don't have the hostname field populated 571 * use the hostname field in the primary channel instead 572 */ 573 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server; 574 cifs_server_lock(pserver); 575 hostname = pserver->hostname; 576 if (hostname && (hostname[0] != 0)) { 577 ctxt_len = build_netname_ctxt((struct smb2_netname_neg_context *)pneg_ctxt, 578 hostname); 579 *total_len += ctxt_len; 580 pneg_ctxt += ctxt_len; 581 neg_context_count = 3; 582 } else 583 neg_context_count = 2; 584 cifs_server_unlock(pserver); 585 586 build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt); 587 *total_len += sizeof(struct smb2_posix_neg_context); 588 pneg_ctxt += sizeof(struct smb2_posix_neg_context); 589 neg_context_count++; 590 591 if (server->compress_algorithm) { 592 build_compression_ctxt((struct smb2_compression_capabilities_context *) 593 pneg_ctxt); 594 ctxt_len = ALIGN(sizeof(struct smb2_compression_capabilities_context), 8); 595 *total_len += ctxt_len; 596 pneg_ctxt += ctxt_len; 597 neg_context_count++; 598 } 599 600 if (enable_negotiate_signing) { 601 ctxt_len = build_signing_ctxt((struct smb2_signing_capabilities *) 602 pneg_ctxt); 603 *total_len += ctxt_len; 604 pneg_ctxt += ctxt_len; 605 neg_context_count++; 606 } 607 608 /* check for and add transport_capabilities and signing capabilities */ 609 req->NegotiateContextCount = cpu_to_le16(neg_context_count); 610 611 } 612 613 /* If invalid preauth context warn but use what we requested, SHA-512 */ 614 static void decode_preauth_context(struct smb2_preauth_neg_context *ctxt) 615 { 616 unsigned int len = le16_to_cpu(ctxt->DataLength); 617 618 /* 619 * Caller checked that DataLength remains within SMB boundary. We still 620 * need to confirm that one HashAlgorithms member is accounted for. 621 */ 622 if (len < MIN_PREAUTH_CTXT_DATA_LEN) { 623 pr_warn_once("server sent bad preauth context\n"); 624 return; 625 } else if (len < MIN_PREAUTH_CTXT_DATA_LEN + le16_to_cpu(ctxt->SaltLength)) { 626 pr_warn_once("server sent invalid SaltLength\n"); 627 return; 628 } 629 if (le16_to_cpu(ctxt->HashAlgorithmCount) != 1) 630 pr_warn_once("Invalid SMB3 hash algorithm count\n"); 631 if (ctxt->HashAlgorithms != SMB2_PREAUTH_INTEGRITY_SHA512) 632 pr_warn_once("unknown SMB3 hash algorithm\n"); 633 } 634 635 static void decode_compress_ctx(struct TCP_Server_Info *server, 636 struct smb2_compression_capabilities_context *ctxt) 637 { 638 unsigned int len = le16_to_cpu(ctxt->DataLength); 639 640 /* 641 * Caller checked that DataLength remains within SMB boundary. We still 642 * need to confirm that one CompressionAlgorithms member is accounted 643 * for. 644 */ 645 if (len < 10) { 646 pr_warn_once("server sent bad compression cntxt\n"); 647 return; 648 } 649 if (le16_to_cpu(ctxt->CompressionAlgorithmCount) != 1) { 650 pr_warn_once("Invalid SMB3 compress algorithm count\n"); 651 return; 652 } 653 if (le16_to_cpu(ctxt->CompressionAlgorithms[0]) > 3) { 654 pr_warn_once("unknown compression algorithm\n"); 655 return; 656 } 657 server->compress_algorithm = ctxt->CompressionAlgorithms[0]; 658 } 659 660 static int decode_encrypt_ctx(struct TCP_Server_Info *server, 661 struct smb2_encryption_neg_context *ctxt) 662 { 663 unsigned int len = le16_to_cpu(ctxt->DataLength); 664 665 cifs_dbg(FYI, "decode SMB3.11 encryption neg context of len %d\n", len); 666 /* 667 * Caller checked that DataLength remains within SMB boundary. We still 668 * need to confirm that one Cipher flexible array member is accounted 669 * for. 670 */ 671 if (len < MIN_ENCRYPT_CTXT_DATA_LEN) { 672 pr_warn_once("server sent bad crypto ctxt len\n"); 673 return -EINVAL; 674 } 675 676 if (le16_to_cpu(ctxt->CipherCount) != 1) { 677 pr_warn_once("Invalid SMB3.11 cipher count\n"); 678 return -EINVAL; 679 } 680 cifs_dbg(FYI, "SMB311 cipher type:%d\n", le16_to_cpu(ctxt->Ciphers[0])); 681 if (require_gcm_256) { 682 if (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES256_GCM) { 683 cifs_dbg(VFS, "Server does not support requested encryption type (AES256 GCM)\n"); 684 return -EOPNOTSUPP; 685 } 686 } else if (ctxt->Ciphers[0] == 0) { 687 /* 688 * e.g. if server only supported AES256_CCM (very unlikely) 689 * or server supported no encryption types or had all disabled. 690 * Since GLOBAL_CAP_ENCRYPTION will be not set, in the case 691 * in which mount requested encryption ("seal") checks later 692 * on during tree connection will return proper rc, but if 693 * seal not requested by client, since server is allowed to 694 * return 0 to indicate no supported cipher, we can't fail here 695 */ 696 server->cipher_type = 0; 697 server->capabilities &= ~SMB2_GLOBAL_CAP_ENCRYPTION; 698 pr_warn_once("Server does not support requested encryption types\n"); 699 return 0; 700 } else if ((ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_CCM) && 701 (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_GCM) && 702 (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES256_GCM)) { 703 /* server returned a cipher we didn't ask for */ 704 pr_warn_once("Invalid SMB3.11 cipher returned\n"); 705 return -EINVAL; 706 } 707 server->cipher_type = ctxt->Ciphers[0]; 708 server->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION; 709 return 0; 710 } 711 712 static void decode_signing_ctx(struct TCP_Server_Info *server, 713 struct smb2_signing_capabilities *pctxt) 714 { 715 unsigned int len = le16_to_cpu(pctxt->DataLength); 716 717 /* 718 * Caller checked that DataLength remains within SMB boundary. We still 719 * need to confirm that one SigningAlgorithms flexible array member is 720 * accounted for. 721 */ 722 if ((len < 4) || (len > 16)) { 723 pr_warn_once("server sent bad signing negcontext\n"); 724 return; 725 } 726 if (le16_to_cpu(pctxt->SigningAlgorithmCount) != 1) { 727 pr_warn_once("Invalid signing algorithm count\n"); 728 return; 729 } 730 if (le16_to_cpu(pctxt->SigningAlgorithms[0]) > 2) { 731 pr_warn_once("unknown signing algorithm\n"); 732 return; 733 } 734 735 server->signing_negotiated = true; 736 server->signing_algorithm = le16_to_cpu(pctxt->SigningAlgorithms[0]); 737 cifs_dbg(FYI, "signing algorithm %d chosen\n", 738 server->signing_algorithm); 739 } 740 741 742 static int smb311_decode_neg_context(struct smb2_negotiate_rsp *rsp, 743 struct TCP_Server_Info *server, 744 unsigned int len_of_smb) 745 { 746 struct smb2_neg_context *pctx; 747 unsigned int offset = le32_to_cpu(rsp->NegotiateContextOffset); 748 unsigned int ctxt_cnt = le16_to_cpu(rsp->NegotiateContextCount); 749 unsigned int len_of_ctxts, i; 750 int rc = 0; 751 752 cifs_dbg(FYI, "decoding %d negotiate contexts\n", ctxt_cnt); 753 if (len_of_smb <= offset) { 754 cifs_server_dbg(VFS, "Invalid response: negotiate context offset\n"); 755 return -EINVAL; 756 } 757 758 len_of_ctxts = len_of_smb - offset; 759 760 for (i = 0; i < ctxt_cnt; i++) { 761 int clen; 762 /* check that offset is not beyond end of SMB */ 763 if (len_of_ctxts < sizeof(struct smb2_neg_context)) 764 break; 765 766 pctx = (struct smb2_neg_context *)(offset + (char *)rsp); 767 clen = sizeof(struct smb2_neg_context) 768 + le16_to_cpu(pctx->DataLength); 769 /* 770 * 2.2.4 SMB2 NEGOTIATE Response 771 * Subsequent negotiate contexts MUST appear at the first 8-byte 772 * aligned offset following the previous negotiate context. 773 */ 774 if (i + 1 != ctxt_cnt) 775 clen = ALIGN(clen, 8); 776 if (clen > len_of_ctxts) 777 break; 778 779 if (pctx->ContextType == SMB2_PREAUTH_INTEGRITY_CAPABILITIES) 780 decode_preauth_context( 781 (struct smb2_preauth_neg_context *)pctx); 782 else if (pctx->ContextType == SMB2_ENCRYPTION_CAPABILITIES) 783 rc = decode_encrypt_ctx(server, 784 (struct smb2_encryption_neg_context *)pctx); 785 else if (pctx->ContextType == SMB2_COMPRESSION_CAPABILITIES) 786 decode_compress_ctx(server, 787 (struct smb2_compression_capabilities_context *)pctx); 788 else if (pctx->ContextType == SMB2_POSIX_EXTENSIONS_AVAILABLE) 789 server->posix_ext_supported = true; 790 else if (pctx->ContextType == SMB2_SIGNING_CAPABILITIES) 791 decode_signing_ctx(server, 792 (struct smb2_signing_capabilities *)pctx); 793 else 794 cifs_server_dbg(VFS, "unknown negcontext of type %d ignored\n", 795 le16_to_cpu(pctx->ContextType)); 796 if (rc) 797 break; 798 799 offset += clen; 800 len_of_ctxts -= clen; 801 } 802 return rc; 803 } 804 805 static struct create_posix * 806 create_posix_buf(umode_t mode) 807 { 808 struct create_posix *buf; 809 810 buf = kzalloc(sizeof(struct create_posix), 811 GFP_KERNEL); 812 if (!buf) 813 return NULL; 814 815 buf->ccontext.DataOffset = 816 cpu_to_le16(offsetof(struct create_posix, Mode)); 817 buf->ccontext.DataLength = cpu_to_le32(4); 818 buf->ccontext.NameOffset = 819 cpu_to_le16(offsetof(struct create_posix, Name)); 820 buf->ccontext.NameLength = cpu_to_le16(16); 821 822 /* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */ 823 buf->Name[0] = 0x93; 824 buf->Name[1] = 0xAD; 825 buf->Name[2] = 0x25; 826 buf->Name[3] = 0x50; 827 buf->Name[4] = 0x9C; 828 buf->Name[5] = 0xB4; 829 buf->Name[6] = 0x11; 830 buf->Name[7] = 0xE7; 831 buf->Name[8] = 0xB4; 832 buf->Name[9] = 0x23; 833 buf->Name[10] = 0x83; 834 buf->Name[11] = 0xDE; 835 buf->Name[12] = 0x96; 836 buf->Name[13] = 0x8B; 837 buf->Name[14] = 0xCD; 838 buf->Name[15] = 0x7C; 839 buf->Mode = cpu_to_le32(mode); 840 cifs_dbg(FYI, "mode on posix create 0%o\n", mode); 841 return buf; 842 } 843 844 static int 845 add_posix_context(struct kvec *iov, unsigned int *num_iovec, umode_t mode) 846 { 847 unsigned int num = *num_iovec; 848 849 iov[num].iov_base = create_posix_buf(mode); 850 if (mode == ACL_NO_MODE) 851 cifs_dbg(FYI, "%s: no mode\n", __func__); 852 if (iov[num].iov_base == NULL) 853 return -ENOMEM; 854 iov[num].iov_len = sizeof(struct create_posix); 855 *num_iovec = num + 1; 856 return 0; 857 } 858 859 860 /* 861 * 862 * SMB2 Worker functions follow: 863 * 864 * The general structure of the worker functions is: 865 * 1) Call smb2_init (assembles SMB2 header) 866 * 2) Initialize SMB2 command specific fields in fixed length area of SMB 867 * 3) Call smb_sendrcv2 (sends request on socket and waits for response) 868 * 4) Decode SMB2 command specific fields in the fixed length area 869 * 5) Decode variable length data area (if any for this SMB2 command type) 870 * 6) Call free smb buffer 871 * 7) return 872 * 873 */ 874 875 int 876 SMB2_negotiate(const unsigned int xid, 877 struct cifs_ses *ses, 878 struct TCP_Server_Info *server) 879 { 880 struct smb_rqst rqst; 881 struct smb2_negotiate_req *req; 882 struct smb2_negotiate_rsp *rsp; 883 struct kvec iov[1]; 884 struct kvec rsp_iov; 885 int rc; 886 int resp_buftype; 887 int blob_offset, blob_length; 888 char *security_blob; 889 int flags = CIFS_NEG_OP; 890 unsigned int total_len; 891 892 cifs_dbg(FYI, "Negotiate protocol\n"); 893 894 if (!server) { 895 WARN(1, "%s: server is NULL!\n", __func__); 896 return -EIO; 897 } 898 899 rc = smb2_plain_req_init(SMB2_NEGOTIATE, NULL, server, 900 (void **) &req, &total_len); 901 if (rc) 902 return rc; 903 904 req->hdr.SessionId = 0; 905 906 memset(server->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE); 907 memset(ses->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE); 908 909 if (strcmp(server->vals->version_string, 910 SMB3ANY_VERSION_STRING) == 0) { 911 req->Dialects[0] = cpu_to_le16(SMB30_PROT_ID); 912 req->Dialects[1] = cpu_to_le16(SMB302_PROT_ID); 913 req->Dialects[2] = cpu_to_le16(SMB311_PROT_ID); 914 req->DialectCount = cpu_to_le16(3); 915 total_len += 6; 916 } else if (strcmp(server->vals->version_string, 917 SMBDEFAULT_VERSION_STRING) == 0) { 918 req->Dialects[0] = cpu_to_le16(SMB21_PROT_ID); 919 req->Dialects[1] = cpu_to_le16(SMB30_PROT_ID); 920 req->Dialects[2] = cpu_to_le16(SMB302_PROT_ID); 921 req->Dialects[3] = cpu_to_le16(SMB311_PROT_ID); 922 req->DialectCount = cpu_to_le16(4); 923 total_len += 8; 924 } else { 925 /* otherwise send specific dialect */ 926 req->Dialects[0] = cpu_to_le16(server->vals->protocol_id); 927 req->DialectCount = cpu_to_le16(1); 928 total_len += 2; 929 } 930 931 /* only one of SMB2 signing flags may be set in SMB2 request */ 932 if (ses->sign) 933 req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED); 934 else if (global_secflags & CIFSSEC_MAY_SIGN) 935 req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED); 936 else 937 req->SecurityMode = 0; 938 939 req->Capabilities = cpu_to_le32(server->vals->req_capabilities); 940 if (ses->chan_max > 1) 941 req->Capabilities |= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL); 942 943 /* ClientGUID must be zero for SMB2.02 dialect */ 944 if (server->vals->protocol_id == SMB20_PROT_ID) 945 memset(req->ClientGUID, 0, SMB2_CLIENT_GUID_SIZE); 946 else { 947 memcpy(req->ClientGUID, server->client_guid, 948 SMB2_CLIENT_GUID_SIZE); 949 if ((server->vals->protocol_id == SMB311_PROT_ID) || 950 (strcmp(server->vals->version_string, 951 SMB3ANY_VERSION_STRING) == 0) || 952 (strcmp(server->vals->version_string, 953 SMBDEFAULT_VERSION_STRING) == 0)) 954 assemble_neg_contexts(req, server, &total_len); 955 } 956 iov[0].iov_base = (char *)req; 957 iov[0].iov_len = total_len; 958 959 memset(&rqst, 0, sizeof(struct smb_rqst)); 960 rqst.rq_iov = iov; 961 rqst.rq_nvec = 1; 962 963 rc = cifs_send_recv(xid, ses, server, 964 &rqst, &resp_buftype, flags, &rsp_iov); 965 cifs_small_buf_release(req); 966 rsp = (struct smb2_negotiate_rsp *)rsp_iov.iov_base; 967 /* 968 * No tcon so can't do 969 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]); 970 */ 971 if (rc == -EOPNOTSUPP) { 972 cifs_server_dbg(VFS, "Dialect not supported by server. Consider specifying vers=1.0 or vers=2.0 on mount for accessing older servers\n"); 973 goto neg_exit; 974 } else if (rc != 0) 975 goto neg_exit; 976 977 rc = -EIO; 978 if (strcmp(server->vals->version_string, 979 SMB3ANY_VERSION_STRING) == 0) { 980 if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) { 981 cifs_server_dbg(VFS, 982 "SMB2 dialect returned but not requested\n"); 983 goto neg_exit; 984 } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) { 985 cifs_server_dbg(VFS, 986 "SMB2.1 dialect returned but not requested\n"); 987 goto neg_exit; 988 } else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) { 989 /* ops set to 3.0 by default for default so update */ 990 server->ops = &smb311_operations; 991 server->vals = &smb311_values; 992 } 993 } else if (strcmp(server->vals->version_string, 994 SMBDEFAULT_VERSION_STRING) == 0) { 995 if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) { 996 cifs_server_dbg(VFS, 997 "SMB2 dialect returned but not requested\n"); 998 goto neg_exit; 999 } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) { 1000 /* ops set to 3.0 by default for default so update */ 1001 server->ops = &smb21_operations; 1002 server->vals = &smb21_values; 1003 } else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) { 1004 server->ops = &smb311_operations; 1005 server->vals = &smb311_values; 1006 } 1007 } else if (le16_to_cpu(rsp->DialectRevision) != 1008 server->vals->protocol_id) { 1009 /* if requested single dialect ensure returned dialect matched */ 1010 cifs_server_dbg(VFS, "Invalid 0x%x dialect returned: not requested\n", 1011 le16_to_cpu(rsp->DialectRevision)); 1012 goto neg_exit; 1013 } 1014 1015 cifs_dbg(FYI, "mode 0x%x\n", rsp->SecurityMode); 1016 1017 if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) 1018 cifs_dbg(FYI, "negotiated smb2.0 dialect\n"); 1019 else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) 1020 cifs_dbg(FYI, "negotiated smb2.1 dialect\n"); 1021 else if (rsp->DialectRevision == cpu_to_le16(SMB30_PROT_ID)) 1022 cifs_dbg(FYI, "negotiated smb3.0 dialect\n"); 1023 else if (rsp->DialectRevision == cpu_to_le16(SMB302_PROT_ID)) 1024 cifs_dbg(FYI, "negotiated smb3.02 dialect\n"); 1025 else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) 1026 cifs_dbg(FYI, "negotiated smb3.1.1 dialect\n"); 1027 else { 1028 cifs_server_dbg(VFS, "Invalid dialect returned by server 0x%x\n", 1029 le16_to_cpu(rsp->DialectRevision)); 1030 goto neg_exit; 1031 } 1032 1033 rc = 0; 1034 server->dialect = le16_to_cpu(rsp->DialectRevision); 1035 1036 /* 1037 * Keep a copy of the hash after negprot. This hash will be 1038 * the starting hash value for all sessions made from this 1039 * server. 1040 */ 1041 memcpy(server->preauth_sha_hash, ses->preauth_sha_hash, 1042 SMB2_PREAUTH_HASH_SIZE); 1043 1044 /* SMB2 only has an extended negflavor */ 1045 server->negflavor = CIFS_NEGFLAVOR_EXTENDED; 1046 /* set it to the maximum buffer size value we can send with 1 credit */ 1047 server->maxBuf = min_t(unsigned int, le32_to_cpu(rsp->MaxTransactSize), 1048 SMB2_MAX_BUFFER_SIZE); 1049 server->max_read = le32_to_cpu(rsp->MaxReadSize); 1050 server->max_write = le32_to_cpu(rsp->MaxWriteSize); 1051 server->sec_mode = le16_to_cpu(rsp->SecurityMode); 1052 if ((server->sec_mode & SMB2_SEC_MODE_FLAGS_ALL) != server->sec_mode) 1053 cifs_dbg(FYI, "Server returned unexpected security mode 0x%x\n", 1054 server->sec_mode); 1055 server->capabilities = le32_to_cpu(rsp->Capabilities); 1056 /* Internal types */ 1057 server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES; 1058 1059 /* 1060 * SMB3.0 supports only 1 cipher and doesn't have a encryption neg context 1061 * Set the cipher type manually. 1062 */ 1063 if (server->dialect == SMB30_PROT_ID && (server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) 1064 server->cipher_type = SMB2_ENCRYPTION_AES128_CCM; 1065 1066 security_blob = smb2_get_data_area_len(&blob_offset, &blob_length, 1067 (struct smb2_hdr *)rsp); 1068 /* 1069 * See MS-SMB2 section 2.2.4: if no blob, client picks default which 1070 * for us will be 1071 * ses->sectype = RawNTLMSSP; 1072 * but for time being this is our only auth choice so doesn't matter. 1073 * We just found a server which sets blob length to zero expecting raw. 1074 */ 1075 if (blob_length == 0) { 1076 cifs_dbg(FYI, "missing security blob on negprot\n"); 1077 server->sec_ntlmssp = true; 1078 } 1079 1080 rc = cifs_enable_signing(server, ses->sign); 1081 if (rc) 1082 goto neg_exit; 1083 if (blob_length) { 1084 rc = decode_negTokenInit(security_blob, blob_length, server); 1085 if (rc == 1) 1086 rc = 0; 1087 else if (rc == 0) 1088 rc = -EIO; 1089 } 1090 1091 if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) { 1092 if (rsp->NegotiateContextCount) 1093 rc = smb311_decode_neg_context(rsp, server, 1094 rsp_iov.iov_len); 1095 else 1096 cifs_server_dbg(VFS, "Missing expected negotiate contexts\n"); 1097 } 1098 neg_exit: 1099 free_rsp_buf(resp_buftype, rsp); 1100 return rc; 1101 } 1102 1103 int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon) 1104 { 1105 int rc; 1106 struct validate_negotiate_info_req *pneg_inbuf; 1107 struct validate_negotiate_info_rsp *pneg_rsp = NULL; 1108 u32 rsplen; 1109 u32 inbuflen; /* max of 4 dialects */ 1110 struct TCP_Server_Info *server = tcon->ses->server; 1111 1112 cifs_dbg(FYI, "validate negotiate\n"); 1113 1114 /* In SMB3.11 preauth integrity supersedes validate negotiate */ 1115 if (server->dialect == SMB311_PROT_ID) 1116 return 0; 1117 1118 /* 1119 * validation ioctl must be signed, so no point sending this if we 1120 * can not sign it (ie are not known user). Even if signing is not 1121 * required (enabled but not negotiated), in those cases we selectively 1122 * sign just this, the first and only signed request on a connection. 1123 * Having validation of negotiate info helps reduce attack vectors. 1124 */ 1125 if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST) 1126 return 0; /* validation requires signing */ 1127 1128 if (tcon->ses->user_name == NULL) { 1129 cifs_dbg(FYI, "Can't validate negotiate: null user mount\n"); 1130 return 0; /* validation requires signing */ 1131 } 1132 1133 if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_NULL) 1134 cifs_tcon_dbg(VFS, "Unexpected null user (anonymous) auth flag sent by server\n"); 1135 1136 pneg_inbuf = kmalloc(sizeof(*pneg_inbuf), GFP_NOFS); 1137 if (!pneg_inbuf) 1138 return -ENOMEM; 1139 1140 pneg_inbuf->Capabilities = 1141 cpu_to_le32(server->vals->req_capabilities); 1142 if (tcon->ses->chan_max > 1) 1143 pneg_inbuf->Capabilities |= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL); 1144 1145 memcpy(pneg_inbuf->Guid, server->client_guid, 1146 SMB2_CLIENT_GUID_SIZE); 1147 1148 if (tcon->ses->sign) 1149 pneg_inbuf->SecurityMode = 1150 cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED); 1151 else if (global_secflags & CIFSSEC_MAY_SIGN) 1152 pneg_inbuf->SecurityMode = 1153 cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED); 1154 else 1155 pneg_inbuf->SecurityMode = 0; 1156 1157 1158 if (strcmp(server->vals->version_string, 1159 SMB3ANY_VERSION_STRING) == 0) { 1160 pneg_inbuf->Dialects[0] = cpu_to_le16(SMB30_PROT_ID); 1161 pneg_inbuf->Dialects[1] = cpu_to_le16(SMB302_PROT_ID); 1162 pneg_inbuf->Dialects[2] = cpu_to_le16(SMB311_PROT_ID); 1163 pneg_inbuf->DialectCount = cpu_to_le16(3); 1164 /* SMB 2.1 not included so subtract one dialect from len */ 1165 inbuflen = sizeof(*pneg_inbuf) - 1166 (sizeof(pneg_inbuf->Dialects[0])); 1167 } else if (strcmp(server->vals->version_string, 1168 SMBDEFAULT_VERSION_STRING) == 0) { 1169 pneg_inbuf->Dialects[0] = cpu_to_le16(SMB21_PROT_ID); 1170 pneg_inbuf->Dialects[1] = cpu_to_le16(SMB30_PROT_ID); 1171 pneg_inbuf->Dialects[2] = cpu_to_le16(SMB302_PROT_ID); 1172 pneg_inbuf->Dialects[3] = cpu_to_le16(SMB311_PROT_ID); 1173 pneg_inbuf->DialectCount = cpu_to_le16(4); 1174 /* structure is big enough for 4 dialects */ 1175 inbuflen = sizeof(*pneg_inbuf); 1176 } else { 1177 /* otherwise specific dialect was requested */ 1178 pneg_inbuf->Dialects[0] = 1179 cpu_to_le16(server->vals->protocol_id); 1180 pneg_inbuf->DialectCount = cpu_to_le16(1); 1181 /* structure is big enough for 4 dialects, sending only 1 */ 1182 inbuflen = sizeof(*pneg_inbuf) - 1183 sizeof(pneg_inbuf->Dialects[0]) * 3; 1184 } 1185 1186 rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID, 1187 FSCTL_VALIDATE_NEGOTIATE_INFO, 1188 (char *)pneg_inbuf, inbuflen, CIFSMaxBufSize, 1189 (char **)&pneg_rsp, &rsplen); 1190 if (rc == -EOPNOTSUPP) { 1191 /* 1192 * Old Windows versions or Netapp SMB server can return 1193 * not supported error. Client should accept it. 1194 */ 1195 cifs_tcon_dbg(VFS, "Server does not support validate negotiate\n"); 1196 rc = 0; 1197 goto out_free_inbuf; 1198 } else if (rc != 0) { 1199 cifs_tcon_dbg(VFS, "validate protocol negotiate failed: %d\n", 1200 rc); 1201 rc = -EIO; 1202 goto out_free_inbuf; 1203 } 1204 1205 rc = -EIO; 1206 if (rsplen != sizeof(*pneg_rsp)) { 1207 cifs_tcon_dbg(VFS, "Invalid protocol negotiate response size: %d\n", 1208 rsplen); 1209 1210 /* relax check since Mac returns max bufsize allowed on ioctl */ 1211 if (rsplen > CIFSMaxBufSize || rsplen < sizeof(*pneg_rsp)) 1212 goto out_free_rsp; 1213 } 1214 1215 /* check validate negotiate info response matches what we got earlier */ 1216 if (pneg_rsp->Dialect != cpu_to_le16(server->dialect)) 1217 goto vneg_out; 1218 1219 if (pneg_rsp->SecurityMode != cpu_to_le16(server->sec_mode)) 1220 goto vneg_out; 1221 1222 /* do not validate server guid because not saved at negprot time yet */ 1223 1224 if ((le32_to_cpu(pneg_rsp->Capabilities) | SMB2_NT_FIND | 1225 SMB2_LARGE_FILES) != server->capabilities) 1226 goto vneg_out; 1227 1228 /* validate negotiate successful */ 1229 rc = 0; 1230 cifs_dbg(FYI, "validate negotiate info successful\n"); 1231 goto out_free_rsp; 1232 1233 vneg_out: 1234 cifs_tcon_dbg(VFS, "protocol revalidation - security settings mismatch\n"); 1235 out_free_rsp: 1236 kfree(pneg_rsp); 1237 out_free_inbuf: 1238 kfree(pneg_inbuf); 1239 return rc; 1240 } 1241 1242 enum securityEnum 1243 smb2_select_sectype(struct TCP_Server_Info *server, enum securityEnum requested) 1244 { 1245 switch (requested) { 1246 case Kerberos: 1247 case RawNTLMSSP: 1248 return requested; 1249 case NTLMv2: 1250 return RawNTLMSSP; 1251 case Unspecified: 1252 if (server->sec_ntlmssp && 1253 (global_secflags & CIFSSEC_MAY_NTLMSSP)) 1254 return RawNTLMSSP; 1255 if ((server->sec_kerberos || server->sec_mskerberos) && 1256 (global_secflags & CIFSSEC_MAY_KRB5)) 1257 return Kerberos; 1258 fallthrough; 1259 default: 1260 return Unspecified; 1261 } 1262 } 1263 1264 struct SMB2_sess_data { 1265 unsigned int xid; 1266 struct cifs_ses *ses; 1267 struct TCP_Server_Info *server; 1268 struct nls_table *nls_cp; 1269 void (*func)(struct SMB2_sess_data *); 1270 int result; 1271 u64 previous_session; 1272 1273 /* we will send the SMB in three pieces: 1274 * a fixed length beginning part, an optional 1275 * SPNEGO blob (which can be zero length), and a 1276 * last part which will include the strings 1277 * and rest of bcc area. This allows us to avoid 1278 * a large buffer 17K allocation 1279 */ 1280 int buf0_type; 1281 struct kvec iov[2]; 1282 }; 1283 1284 static int 1285 SMB2_sess_alloc_buffer(struct SMB2_sess_data *sess_data) 1286 { 1287 int rc; 1288 struct cifs_ses *ses = sess_data->ses; 1289 struct TCP_Server_Info *server = sess_data->server; 1290 struct smb2_sess_setup_req *req; 1291 unsigned int total_len; 1292 bool is_binding = false; 1293 1294 rc = smb2_plain_req_init(SMB2_SESSION_SETUP, NULL, server, 1295 (void **) &req, 1296 &total_len); 1297 if (rc) 1298 return rc; 1299 1300 spin_lock(&ses->ses_lock); 1301 is_binding = (ses->ses_status == SES_GOOD); 1302 spin_unlock(&ses->ses_lock); 1303 1304 if (is_binding) { 1305 req->hdr.SessionId = cpu_to_le64(ses->Suid); 1306 req->hdr.Flags |= SMB2_FLAGS_SIGNED; 1307 req->PreviousSessionId = 0; 1308 req->Flags = SMB2_SESSION_REQ_FLAG_BINDING; 1309 cifs_dbg(FYI, "Binding to sess id: %llx\n", ses->Suid); 1310 } else { 1311 /* First session, not a reauthenticate */ 1312 req->hdr.SessionId = 0; 1313 /* 1314 * if reconnect, we need to send previous sess id 1315 * otherwise it is 0 1316 */ 1317 req->PreviousSessionId = cpu_to_le64(sess_data->previous_session); 1318 req->Flags = 0; /* MBZ */ 1319 cifs_dbg(FYI, "Fresh session. Previous: %llx\n", 1320 sess_data->previous_session); 1321 } 1322 1323 /* enough to enable echos and oplocks and one max size write */ 1324 if (server->credits >= server->max_credits) 1325 req->hdr.CreditRequest = cpu_to_le16(0); 1326 else 1327 req->hdr.CreditRequest = cpu_to_le16( 1328 min_t(int, server->max_credits - 1329 server->credits, 130)); 1330 1331 /* only one of SMB2 signing flags may be set in SMB2 request */ 1332 if (server->sign) 1333 req->SecurityMode = SMB2_NEGOTIATE_SIGNING_REQUIRED; 1334 else if (global_secflags & CIFSSEC_MAY_SIGN) /* one flag unlike MUST_ */ 1335 req->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED; 1336 else 1337 req->SecurityMode = 0; 1338 1339 #ifdef CONFIG_CIFS_DFS_UPCALL 1340 req->Capabilities = cpu_to_le32(SMB2_GLOBAL_CAP_DFS); 1341 #else 1342 req->Capabilities = 0; 1343 #endif /* DFS_UPCALL */ 1344 1345 req->Channel = 0; /* MBZ */ 1346 1347 sess_data->iov[0].iov_base = (char *)req; 1348 /* 1 for pad */ 1349 sess_data->iov[0].iov_len = total_len - 1; 1350 /* 1351 * This variable will be used to clear the buffer 1352 * allocated above in case of any error in the calling function. 1353 */ 1354 sess_data->buf0_type = CIFS_SMALL_BUFFER; 1355 1356 return 0; 1357 } 1358 1359 static void 1360 SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data) 1361 { 1362 struct kvec *iov = sess_data->iov; 1363 1364 /* iov[1] is already freed by caller */ 1365 if (sess_data->buf0_type != CIFS_NO_BUFFER && iov[0].iov_base) 1366 memzero_explicit(iov[0].iov_base, iov[0].iov_len); 1367 1368 free_rsp_buf(sess_data->buf0_type, iov[0].iov_base); 1369 sess_data->buf0_type = CIFS_NO_BUFFER; 1370 } 1371 1372 static int 1373 SMB2_sess_sendreceive(struct SMB2_sess_data *sess_data) 1374 { 1375 int rc; 1376 struct smb_rqst rqst; 1377 struct smb2_sess_setup_req *req = sess_data->iov[0].iov_base; 1378 struct kvec rsp_iov = { NULL, 0 }; 1379 1380 /* Testing shows that buffer offset must be at location of Buffer[0] */ 1381 req->SecurityBufferOffset = 1382 cpu_to_le16(sizeof(struct smb2_sess_setup_req)); 1383 req->SecurityBufferLength = cpu_to_le16(sess_data->iov[1].iov_len); 1384 1385 memset(&rqst, 0, sizeof(struct smb_rqst)); 1386 rqst.rq_iov = sess_data->iov; 1387 rqst.rq_nvec = 2; 1388 1389 /* BB add code to build os and lm fields */ 1390 rc = cifs_send_recv(sess_data->xid, sess_data->ses, 1391 sess_data->server, 1392 &rqst, 1393 &sess_data->buf0_type, 1394 CIFS_LOG_ERROR | CIFS_SESS_OP, &rsp_iov); 1395 cifs_small_buf_release(sess_data->iov[0].iov_base); 1396 memcpy(&sess_data->iov[0], &rsp_iov, sizeof(struct kvec)); 1397 1398 return rc; 1399 } 1400 1401 static int 1402 SMB2_sess_establish_session(struct SMB2_sess_data *sess_data) 1403 { 1404 int rc = 0; 1405 struct cifs_ses *ses = sess_data->ses; 1406 struct TCP_Server_Info *server = sess_data->server; 1407 1408 cifs_server_lock(server); 1409 if (server->ops->generate_signingkey) { 1410 rc = server->ops->generate_signingkey(ses, server); 1411 if (rc) { 1412 cifs_dbg(FYI, 1413 "SMB3 session key generation failed\n"); 1414 cifs_server_unlock(server); 1415 return rc; 1416 } 1417 } 1418 if (!server->session_estab) { 1419 server->sequence_number = 0x2; 1420 server->session_estab = true; 1421 } 1422 cifs_server_unlock(server); 1423 1424 cifs_dbg(FYI, "SMB2/3 session established successfully\n"); 1425 return rc; 1426 } 1427 1428 #ifdef CONFIG_CIFS_UPCALL 1429 static void 1430 SMB2_auth_kerberos(struct SMB2_sess_data *sess_data) 1431 { 1432 int rc; 1433 struct cifs_ses *ses = sess_data->ses; 1434 struct TCP_Server_Info *server = sess_data->server; 1435 struct cifs_spnego_msg *msg; 1436 struct key *spnego_key = NULL; 1437 struct smb2_sess_setup_rsp *rsp = NULL; 1438 bool is_binding = false; 1439 1440 rc = SMB2_sess_alloc_buffer(sess_data); 1441 if (rc) 1442 goto out; 1443 1444 spnego_key = cifs_get_spnego_key(ses, server); 1445 if (IS_ERR(spnego_key)) { 1446 rc = PTR_ERR(spnego_key); 1447 if (rc == -ENOKEY) 1448 cifs_dbg(VFS, "Verify user has a krb5 ticket and keyutils is installed\n"); 1449 spnego_key = NULL; 1450 goto out; 1451 } 1452 1453 msg = spnego_key->payload.data[0]; 1454 /* 1455 * check version field to make sure that cifs.upcall is 1456 * sending us a response in an expected form 1457 */ 1458 if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) { 1459 cifs_dbg(VFS, "bad cifs.upcall version. Expected %d got %d\n", 1460 CIFS_SPNEGO_UPCALL_VERSION, msg->version); 1461 rc = -EKEYREJECTED; 1462 goto out_put_spnego_key; 1463 } 1464 1465 spin_lock(&ses->ses_lock); 1466 is_binding = (ses->ses_status == SES_GOOD); 1467 spin_unlock(&ses->ses_lock); 1468 1469 /* keep session key if binding */ 1470 if (!is_binding) { 1471 kfree_sensitive(ses->auth_key.response); 1472 ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len, 1473 GFP_KERNEL); 1474 if (!ses->auth_key.response) { 1475 cifs_dbg(VFS, "Kerberos can't allocate (%u bytes) memory\n", 1476 msg->sesskey_len); 1477 rc = -ENOMEM; 1478 goto out_put_spnego_key; 1479 } 1480 ses->auth_key.len = msg->sesskey_len; 1481 } 1482 1483 sess_data->iov[1].iov_base = msg->data + msg->sesskey_len; 1484 sess_data->iov[1].iov_len = msg->secblob_len; 1485 1486 rc = SMB2_sess_sendreceive(sess_data); 1487 if (rc) 1488 goto out_put_spnego_key; 1489 1490 rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base; 1491 /* keep session id and flags if binding */ 1492 if (!is_binding) { 1493 ses->Suid = le64_to_cpu(rsp->hdr.SessionId); 1494 ses->session_flags = le16_to_cpu(rsp->SessionFlags); 1495 } 1496 1497 rc = SMB2_sess_establish_session(sess_data); 1498 out_put_spnego_key: 1499 key_invalidate(spnego_key); 1500 key_put(spnego_key); 1501 if (rc) { 1502 kfree_sensitive(ses->auth_key.response); 1503 ses->auth_key.response = NULL; 1504 ses->auth_key.len = 0; 1505 } 1506 out: 1507 sess_data->result = rc; 1508 sess_data->func = NULL; 1509 SMB2_sess_free_buffer(sess_data); 1510 } 1511 #else 1512 static void 1513 SMB2_auth_kerberos(struct SMB2_sess_data *sess_data) 1514 { 1515 cifs_dbg(VFS, "Kerberos negotiated but upcall support disabled!\n"); 1516 sess_data->result = -EOPNOTSUPP; 1517 sess_data->func = NULL; 1518 } 1519 #endif 1520 1521 static void 1522 SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data); 1523 1524 static void 1525 SMB2_sess_auth_rawntlmssp_negotiate(struct SMB2_sess_data *sess_data) 1526 { 1527 int rc; 1528 struct cifs_ses *ses = sess_data->ses; 1529 struct TCP_Server_Info *server = sess_data->server; 1530 struct smb2_sess_setup_rsp *rsp = NULL; 1531 unsigned char *ntlmssp_blob = NULL; 1532 bool use_spnego = false; /* else use raw ntlmssp */ 1533 u16 blob_length = 0; 1534 bool is_binding = false; 1535 1536 /* 1537 * If memory allocation is successful, caller of this function 1538 * frees it. 1539 */ 1540 ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL); 1541 if (!ses->ntlmssp) { 1542 rc = -ENOMEM; 1543 goto out_err; 1544 } 1545 ses->ntlmssp->sesskey_per_smbsess = true; 1546 1547 rc = SMB2_sess_alloc_buffer(sess_data); 1548 if (rc) 1549 goto out_err; 1550 1551 rc = build_ntlmssp_smb3_negotiate_blob(&ntlmssp_blob, 1552 &blob_length, ses, server, 1553 sess_data->nls_cp); 1554 if (rc) 1555 goto out; 1556 1557 if (use_spnego) { 1558 /* BB eventually need to add this */ 1559 cifs_dbg(VFS, "spnego not supported for SMB2 yet\n"); 1560 rc = -EOPNOTSUPP; 1561 goto out; 1562 } 1563 sess_data->iov[1].iov_base = ntlmssp_blob; 1564 sess_data->iov[1].iov_len = blob_length; 1565 1566 rc = SMB2_sess_sendreceive(sess_data); 1567 rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base; 1568 1569 /* If true, rc here is expected and not an error */ 1570 if (sess_data->buf0_type != CIFS_NO_BUFFER && 1571 rsp->hdr.Status == STATUS_MORE_PROCESSING_REQUIRED) 1572 rc = 0; 1573 1574 if (rc) 1575 goto out; 1576 1577 if (offsetof(struct smb2_sess_setup_rsp, Buffer) != 1578 le16_to_cpu(rsp->SecurityBufferOffset)) { 1579 cifs_dbg(VFS, "Invalid security buffer offset %d\n", 1580 le16_to_cpu(rsp->SecurityBufferOffset)); 1581 rc = -EIO; 1582 goto out; 1583 } 1584 rc = decode_ntlmssp_challenge(rsp->Buffer, 1585 le16_to_cpu(rsp->SecurityBufferLength), ses); 1586 if (rc) 1587 goto out; 1588 1589 cifs_dbg(FYI, "rawntlmssp session setup challenge phase\n"); 1590 1591 spin_lock(&ses->ses_lock); 1592 is_binding = (ses->ses_status == SES_GOOD); 1593 spin_unlock(&ses->ses_lock); 1594 1595 /* keep existing ses id and flags if binding */ 1596 if (!is_binding) { 1597 ses->Suid = le64_to_cpu(rsp->hdr.SessionId); 1598 ses->session_flags = le16_to_cpu(rsp->SessionFlags); 1599 } 1600 1601 out: 1602 kfree_sensitive(ntlmssp_blob); 1603 SMB2_sess_free_buffer(sess_data); 1604 if (!rc) { 1605 sess_data->result = 0; 1606 sess_data->func = SMB2_sess_auth_rawntlmssp_authenticate; 1607 return; 1608 } 1609 out_err: 1610 kfree_sensitive(ses->ntlmssp); 1611 ses->ntlmssp = NULL; 1612 sess_data->result = rc; 1613 sess_data->func = NULL; 1614 } 1615 1616 static void 1617 SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data) 1618 { 1619 int rc; 1620 struct cifs_ses *ses = sess_data->ses; 1621 struct TCP_Server_Info *server = sess_data->server; 1622 struct smb2_sess_setup_req *req; 1623 struct smb2_sess_setup_rsp *rsp = NULL; 1624 unsigned char *ntlmssp_blob = NULL; 1625 bool use_spnego = false; /* else use raw ntlmssp */ 1626 u16 blob_length = 0; 1627 bool is_binding = false; 1628 1629 rc = SMB2_sess_alloc_buffer(sess_data); 1630 if (rc) 1631 goto out; 1632 1633 req = (struct smb2_sess_setup_req *) sess_data->iov[0].iov_base; 1634 req->hdr.SessionId = cpu_to_le64(ses->Suid); 1635 1636 rc = build_ntlmssp_auth_blob(&ntlmssp_blob, &blob_length, 1637 ses, server, 1638 sess_data->nls_cp); 1639 if (rc) { 1640 cifs_dbg(FYI, "build_ntlmssp_auth_blob failed %d\n", rc); 1641 goto out; 1642 } 1643 1644 if (use_spnego) { 1645 /* BB eventually need to add this */ 1646 cifs_dbg(VFS, "spnego not supported for SMB2 yet\n"); 1647 rc = -EOPNOTSUPP; 1648 goto out; 1649 } 1650 sess_data->iov[1].iov_base = ntlmssp_blob; 1651 sess_data->iov[1].iov_len = blob_length; 1652 1653 rc = SMB2_sess_sendreceive(sess_data); 1654 if (rc) 1655 goto out; 1656 1657 rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base; 1658 1659 spin_lock(&ses->ses_lock); 1660 is_binding = (ses->ses_status == SES_GOOD); 1661 spin_unlock(&ses->ses_lock); 1662 1663 /* keep existing ses id and flags if binding */ 1664 if (!is_binding) { 1665 ses->Suid = le64_to_cpu(rsp->hdr.SessionId); 1666 ses->session_flags = le16_to_cpu(rsp->SessionFlags); 1667 } 1668 1669 rc = SMB2_sess_establish_session(sess_data); 1670 #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS 1671 if (ses->server->dialect < SMB30_PROT_ID) { 1672 cifs_dbg(VFS, "%s: dumping generated SMB2 session keys\n", __func__); 1673 /* 1674 * The session id is opaque in terms of endianness, so we can't 1675 * print it as a long long. we dump it as we got it on the wire 1676 */ 1677 cifs_dbg(VFS, "Session Id %*ph\n", (int)sizeof(ses->Suid), 1678 &ses->Suid); 1679 cifs_dbg(VFS, "Session Key %*ph\n", 1680 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response); 1681 cifs_dbg(VFS, "Signing Key %*ph\n", 1682 SMB3_SIGN_KEY_SIZE, ses->auth_key.response); 1683 } 1684 #endif 1685 out: 1686 kfree_sensitive(ntlmssp_blob); 1687 SMB2_sess_free_buffer(sess_data); 1688 kfree_sensitive(ses->ntlmssp); 1689 ses->ntlmssp = NULL; 1690 sess_data->result = rc; 1691 sess_data->func = NULL; 1692 } 1693 1694 static int 1695 SMB2_select_sec(struct SMB2_sess_data *sess_data) 1696 { 1697 int type; 1698 struct cifs_ses *ses = sess_data->ses; 1699 struct TCP_Server_Info *server = sess_data->server; 1700 1701 type = smb2_select_sectype(server, ses->sectype); 1702 cifs_dbg(FYI, "sess setup type %d\n", type); 1703 if (type == Unspecified) { 1704 cifs_dbg(VFS, "Unable to select appropriate authentication method!\n"); 1705 return -EINVAL; 1706 } 1707 1708 switch (type) { 1709 case Kerberos: 1710 sess_data->func = SMB2_auth_kerberos; 1711 break; 1712 case RawNTLMSSP: 1713 sess_data->func = SMB2_sess_auth_rawntlmssp_negotiate; 1714 break; 1715 default: 1716 cifs_dbg(VFS, "secType %d not supported!\n", type); 1717 return -EOPNOTSUPP; 1718 } 1719 1720 return 0; 1721 } 1722 1723 int 1724 SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses, 1725 struct TCP_Server_Info *server, 1726 const struct nls_table *nls_cp) 1727 { 1728 int rc = 0; 1729 struct SMB2_sess_data *sess_data; 1730 1731 cifs_dbg(FYI, "Session Setup\n"); 1732 1733 if (!server) { 1734 WARN(1, "%s: server is NULL!\n", __func__); 1735 return -EIO; 1736 } 1737 1738 sess_data = kzalloc(sizeof(struct SMB2_sess_data), GFP_KERNEL); 1739 if (!sess_data) 1740 return -ENOMEM; 1741 1742 sess_data->xid = xid; 1743 sess_data->ses = ses; 1744 sess_data->server = server; 1745 sess_data->buf0_type = CIFS_NO_BUFFER; 1746 sess_data->nls_cp = (struct nls_table *) nls_cp; 1747 sess_data->previous_session = ses->Suid; 1748 1749 rc = SMB2_select_sec(sess_data); 1750 if (rc) 1751 goto out; 1752 1753 /* 1754 * Initialize the session hash with the server one. 1755 */ 1756 memcpy(ses->preauth_sha_hash, server->preauth_sha_hash, 1757 SMB2_PREAUTH_HASH_SIZE); 1758 1759 while (sess_data->func) 1760 sess_data->func(sess_data); 1761 1762 if ((ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST) && (ses->sign)) 1763 cifs_server_dbg(VFS, "signing requested but authenticated as guest\n"); 1764 rc = sess_data->result; 1765 out: 1766 kfree_sensitive(sess_data); 1767 return rc; 1768 } 1769 1770 int 1771 SMB2_logoff(const unsigned int xid, struct cifs_ses *ses) 1772 { 1773 struct smb_rqst rqst; 1774 struct smb2_logoff_req *req; /* response is also trivial struct */ 1775 int rc = 0; 1776 struct TCP_Server_Info *server; 1777 int flags = 0; 1778 unsigned int total_len; 1779 struct kvec iov[1]; 1780 struct kvec rsp_iov; 1781 int resp_buf_type; 1782 1783 cifs_dbg(FYI, "disconnect session %p\n", ses); 1784 1785 if (ses && (ses->server)) 1786 server = ses->server; 1787 else 1788 return -EIO; 1789 1790 /* no need to send SMB logoff if uid already closed due to reconnect */ 1791 spin_lock(&ses->chan_lock); 1792 if (CIFS_ALL_CHANS_NEED_RECONNECT(ses)) { 1793 spin_unlock(&ses->chan_lock); 1794 goto smb2_session_already_dead; 1795 } 1796 spin_unlock(&ses->chan_lock); 1797 1798 rc = smb2_plain_req_init(SMB2_LOGOFF, NULL, ses->server, 1799 (void **) &req, &total_len); 1800 if (rc) 1801 return rc; 1802 1803 /* since no tcon, smb2_init can not do this, so do here */ 1804 req->hdr.SessionId = cpu_to_le64(ses->Suid); 1805 1806 if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) 1807 flags |= CIFS_TRANSFORM_REQ; 1808 else if (server->sign) 1809 req->hdr.Flags |= SMB2_FLAGS_SIGNED; 1810 1811 flags |= CIFS_NO_RSP_BUF; 1812 1813 iov[0].iov_base = (char *)req; 1814 iov[0].iov_len = total_len; 1815 1816 memset(&rqst, 0, sizeof(struct smb_rqst)); 1817 rqst.rq_iov = iov; 1818 rqst.rq_nvec = 1; 1819 1820 rc = cifs_send_recv(xid, ses, ses->server, 1821 &rqst, &resp_buf_type, flags, &rsp_iov); 1822 cifs_small_buf_release(req); 1823 /* 1824 * No tcon so can't do 1825 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]); 1826 */ 1827 1828 smb2_session_already_dead: 1829 return rc; 1830 } 1831 1832 static inline void cifs_stats_fail_inc(struct cifs_tcon *tcon, uint16_t code) 1833 { 1834 cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_failed[code]); 1835 } 1836 1837 #define MAX_SHARENAME_LENGTH (255 /* server */ + 80 /* share */ + 1 /* NULL */) 1838 1839 /* These are similar values to what Windows uses */ 1840 static inline void init_copy_chunk_defaults(struct cifs_tcon *tcon) 1841 { 1842 tcon->max_chunks = 256; 1843 tcon->max_bytes_chunk = 1048576; 1844 tcon->max_bytes_copy = 16777216; 1845 } 1846 1847 int 1848 SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, 1849 struct cifs_tcon *tcon, const struct nls_table *cp) 1850 { 1851 struct smb_rqst rqst; 1852 struct smb2_tree_connect_req *req; 1853 struct smb2_tree_connect_rsp *rsp = NULL; 1854 struct kvec iov[2]; 1855 struct kvec rsp_iov = { NULL, 0 }; 1856 int rc = 0; 1857 int resp_buftype; 1858 int unc_path_len; 1859 __le16 *unc_path = NULL; 1860 int flags = 0; 1861 unsigned int total_len; 1862 struct TCP_Server_Info *server; 1863 1864 /* always use master channel */ 1865 server = ses->server; 1866 1867 cifs_dbg(FYI, "TCON\n"); 1868 1869 if (!server || !tree) 1870 return -EIO; 1871 1872 unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL); 1873 if (unc_path == NULL) 1874 return -ENOMEM; 1875 1876 unc_path_len = cifs_strtoUTF16(unc_path, tree, strlen(tree), cp); 1877 if (unc_path_len <= 0) { 1878 kfree(unc_path); 1879 return -EINVAL; 1880 } 1881 unc_path_len *= 2; 1882 1883 /* SMB2 TREE_CONNECT request must be called with TreeId == 0 */ 1884 tcon->tid = 0; 1885 atomic_set(&tcon->num_remote_opens, 0); 1886 rc = smb2_plain_req_init(SMB2_TREE_CONNECT, tcon, server, 1887 (void **) &req, &total_len); 1888 if (rc) { 1889 kfree(unc_path); 1890 return rc; 1891 } 1892 1893 if (smb3_encryption_required(tcon)) 1894 flags |= CIFS_TRANSFORM_REQ; 1895 1896 iov[0].iov_base = (char *)req; 1897 /* 1 for pad */ 1898 iov[0].iov_len = total_len - 1; 1899 1900 /* Testing shows that buffer offset must be at location of Buffer[0] */ 1901 req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req)); 1902 req->PathLength = cpu_to_le16(unc_path_len); 1903 iov[1].iov_base = unc_path; 1904 iov[1].iov_len = unc_path_len; 1905 1906 /* 1907 * 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1 1908 * unless it is guest or anonymous user. See MS-SMB2 3.2.5.3.1 1909 * (Samba servers don't always set the flag so also check if null user) 1910 */ 1911 if ((server->dialect == SMB311_PROT_ID) && 1912 !smb3_encryption_required(tcon) && 1913 !(ses->session_flags & 1914 (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL)) && 1915 ((ses->user_name != NULL) || (ses->sectype == Kerberos))) 1916 req->hdr.Flags |= SMB2_FLAGS_SIGNED; 1917 1918 memset(&rqst, 0, sizeof(struct smb_rqst)); 1919 rqst.rq_iov = iov; 1920 rqst.rq_nvec = 2; 1921 1922 /* Need 64 for max size write so ask for more in case not there yet */ 1923 if (server->credits >= server->max_credits) 1924 req->hdr.CreditRequest = cpu_to_le16(0); 1925 else 1926 req->hdr.CreditRequest = cpu_to_le16( 1927 min_t(int, server->max_credits - 1928 server->credits, 64)); 1929 1930 rc = cifs_send_recv(xid, ses, server, 1931 &rqst, &resp_buftype, flags, &rsp_iov); 1932 cifs_small_buf_release(req); 1933 rsp = (struct smb2_tree_connect_rsp *)rsp_iov.iov_base; 1934 trace_smb3_tcon(xid, tcon->tid, ses->Suid, tree, rc); 1935 if ((rc != 0) || (rsp == NULL)) { 1936 cifs_stats_fail_inc(tcon, SMB2_TREE_CONNECT_HE); 1937 tcon->need_reconnect = true; 1938 goto tcon_error_exit; 1939 } 1940 1941 switch (rsp->ShareType) { 1942 case SMB2_SHARE_TYPE_DISK: 1943 cifs_dbg(FYI, "connection to disk share\n"); 1944 break; 1945 case SMB2_SHARE_TYPE_PIPE: 1946 tcon->pipe = true; 1947 cifs_dbg(FYI, "connection to pipe share\n"); 1948 break; 1949 case SMB2_SHARE_TYPE_PRINT: 1950 tcon->print = true; 1951 cifs_dbg(FYI, "connection to printer\n"); 1952 break; 1953 default: 1954 cifs_server_dbg(VFS, "unknown share type %d\n", rsp->ShareType); 1955 rc = -EOPNOTSUPP; 1956 goto tcon_error_exit; 1957 } 1958 1959 tcon->share_flags = le32_to_cpu(rsp->ShareFlags); 1960 tcon->capabilities = rsp->Capabilities; /* we keep caps little endian */ 1961 tcon->maximal_access = le32_to_cpu(rsp->MaximalAccess); 1962 tcon->tid = le32_to_cpu(rsp->hdr.Id.SyncId.TreeId); 1963 strscpy(tcon->tree_name, tree, sizeof(tcon->tree_name)); 1964 1965 if ((rsp->Capabilities & SMB2_SHARE_CAP_DFS) && 1966 ((tcon->share_flags & SHI1005_FLAGS_DFS) == 0)) 1967 cifs_tcon_dbg(VFS, "DFS capability contradicts DFS flag\n"); 1968 1969 if (tcon->seal && 1970 !(server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) 1971 cifs_tcon_dbg(VFS, "Encryption is requested but not supported\n"); 1972 1973 init_copy_chunk_defaults(tcon); 1974 if (server->ops->validate_negotiate) 1975 rc = server->ops->validate_negotiate(xid, tcon); 1976 if (rc == 0) /* See MS-SMB2 2.2.10 and 3.2.5.5 */ 1977 if (tcon->share_flags & SMB2_SHAREFLAG_ISOLATED_TRANSPORT) 1978 server->nosharesock = true; 1979 tcon_exit: 1980 1981 free_rsp_buf(resp_buftype, rsp); 1982 kfree(unc_path); 1983 return rc; 1984 1985 tcon_error_exit: 1986 if (rsp && rsp->hdr.Status == STATUS_BAD_NETWORK_NAME) 1987 cifs_tcon_dbg(VFS, "BAD_NETWORK_NAME: %s\n", tree); 1988 goto tcon_exit; 1989 } 1990 1991 int 1992 SMB2_tdis(const unsigned int xid, struct cifs_tcon *tcon) 1993 { 1994 struct smb_rqst rqst; 1995 struct smb2_tree_disconnect_req *req; /* response is trivial */ 1996 int rc = 0; 1997 struct cifs_ses *ses = tcon->ses; 1998 int flags = 0; 1999 unsigned int total_len; 2000 struct kvec iov[1]; 2001 struct kvec rsp_iov; 2002 int resp_buf_type; 2003 2004 cifs_dbg(FYI, "Tree Disconnect\n"); 2005 2006 if (!ses || !(ses->server)) 2007 return -EIO; 2008 2009 trace_smb3_tdis_enter(xid, tcon->tid, ses->Suid, tcon->tree_name); 2010 spin_lock(&ses->chan_lock); 2011 if ((tcon->need_reconnect) || 2012 (CIFS_ALL_CHANS_NEED_RECONNECT(tcon->ses))) { 2013 spin_unlock(&ses->chan_lock); 2014 return 0; 2015 } 2016 spin_unlock(&ses->chan_lock); 2017 2018 invalidate_all_cached_dirs(tcon); 2019 2020 rc = smb2_plain_req_init(SMB2_TREE_DISCONNECT, tcon, ses->server, 2021 (void **) &req, 2022 &total_len); 2023 if (rc) 2024 return rc; 2025 2026 if (smb3_encryption_required(tcon)) 2027 flags |= CIFS_TRANSFORM_REQ; 2028 2029 flags |= CIFS_NO_RSP_BUF; 2030 2031 iov[0].iov_base = (char *)req; 2032 iov[0].iov_len = total_len; 2033 2034 memset(&rqst, 0, sizeof(struct smb_rqst)); 2035 rqst.rq_iov = iov; 2036 rqst.rq_nvec = 1; 2037 2038 rc = cifs_send_recv(xid, ses, ses->server, 2039 &rqst, &resp_buf_type, flags, &rsp_iov); 2040 cifs_small_buf_release(req); 2041 if (rc) { 2042 cifs_stats_fail_inc(tcon, SMB2_TREE_DISCONNECT_HE); 2043 trace_smb3_tdis_err(xid, tcon->tid, ses->Suid, rc); 2044 } 2045 trace_smb3_tdis_done(xid, tcon->tid, ses->Suid); 2046 2047 return rc; 2048 } 2049 2050 2051 static struct create_durable * 2052 create_durable_buf(void) 2053 { 2054 struct create_durable *buf; 2055 2056 buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL); 2057 if (!buf) 2058 return NULL; 2059 2060 buf->ccontext.DataOffset = cpu_to_le16(offsetof 2061 (struct create_durable, Data)); 2062 buf->ccontext.DataLength = cpu_to_le32(16); 2063 buf->ccontext.NameOffset = cpu_to_le16(offsetof 2064 (struct create_durable, Name)); 2065 buf->ccontext.NameLength = cpu_to_le16(4); 2066 /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DHnQ" */ 2067 buf->Name[0] = 'D'; 2068 buf->Name[1] = 'H'; 2069 buf->Name[2] = 'n'; 2070 buf->Name[3] = 'Q'; 2071 return buf; 2072 } 2073 2074 static struct create_durable * 2075 create_reconnect_durable_buf(struct cifs_fid *fid) 2076 { 2077 struct create_durable *buf; 2078 2079 buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL); 2080 if (!buf) 2081 return NULL; 2082 2083 buf->ccontext.DataOffset = cpu_to_le16(offsetof 2084 (struct create_durable, Data)); 2085 buf->ccontext.DataLength = cpu_to_le32(16); 2086 buf->ccontext.NameOffset = cpu_to_le16(offsetof 2087 (struct create_durable, Name)); 2088 buf->ccontext.NameLength = cpu_to_le16(4); 2089 buf->Data.Fid.PersistentFileId = fid->persistent_fid; 2090 buf->Data.Fid.VolatileFileId = fid->volatile_fid; 2091 /* SMB2_CREATE_DURABLE_HANDLE_RECONNECT is "DHnC" */ 2092 buf->Name[0] = 'D'; 2093 buf->Name[1] = 'H'; 2094 buf->Name[2] = 'n'; 2095 buf->Name[3] = 'C'; 2096 return buf; 2097 } 2098 2099 static void 2100 parse_query_id_ctxt(struct create_context *cc, struct smb2_file_all_info *buf) 2101 { 2102 struct create_disk_id_rsp *pdisk_id = (struct create_disk_id_rsp *)cc; 2103 2104 cifs_dbg(FYI, "parse query id context 0x%llx 0x%llx\n", 2105 pdisk_id->DiskFileId, pdisk_id->VolumeId); 2106 buf->IndexNumber = pdisk_id->DiskFileId; 2107 } 2108 2109 static void 2110 parse_posix_ctxt(struct create_context *cc, struct smb2_file_all_info *info, 2111 struct create_posix_rsp *posix) 2112 { 2113 int sid_len; 2114 u8 *beg = (u8 *)cc + le16_to_cpu(cc->DataOffset); 2115 u8 *end = beg + le32_to_cpu(cc->DataLength); 2116 u8 *sid; 2117 2118 memset(posix, 0, sizeof(*posix)); 2119 2120 posix->nlink = le32_to_cpu(*(__le32 *)(beg + 0)); 2121 posix->reparse_tag = le32_to_cpu(*(__le32 *)(beg + 4)); 2122 posix->mode = le32_to_cpu(*(__le32 *)(beg + 8)); 2123 2124 sid = beg + 12; 2125 sid_len = posix_info_sid_size(sid, end); 2126 if (sid_len < 0) { 2127 cifs_dbg(VFS, "bad owner sid in posix create response\n"); 2128 return; 2129 } 2130 memcpy(&posix->owner, sid, sid_len); 2131 2132 sid = sid + sid_len; 2133 sid_len = posix_info_sid_size(sid, end); 2134 if (sid_len < 0) { 2135 cifs_dbg(VFS, "bad group sid in posix create response\n"); 2136 return; 2137 } 2138 memcpy(&posix->group, sid, sid_len); 2139 2140 cifs_dbg(FYI, "nlink=%d mode=%o reparse_tag=%x\n", 2141 posix->nlink, posix->mode, posix->reparse_tag); 2142 } 2143 2144 void 2145 smb2_parse_contexts(struct TCP_Server_Info *server, 2146 struct smb2_create_rsp *rsp, 2147 unsigned int *epoch, char *lease_key, __u8 *oplock, 2148 struct smb2_file_all_info *buf, 2149 struct create_posix_rsp *posix) 2150 { 2151 char *data_offset; 2152 struct create_context *cc; 2153 unsigned int next; 2154 unsigned int remaining; 2155 char *name; 2156 static const char smb3_create_tag_posix[] = { 2157 0x93, 0xAD, 0x25, 0x50, 0x9C, 2158 0xB4, 0x11, 0xE7, 0xB4, 0x23, 0x83, 2159 0xDE, 0x96, 0x8B, 0xCD, 0x7C 2160 }; 2161 2162 *oplock = 0; 2163 data_offset = (char *)rsp + le32_to_cpu(rsp->CreateContextsOffset); 2164 remaining = le32_to_cpu(rsp->CreateContextsLength); 2165 cc = (struct create_context *)data_offset; 2166 2167 /* Initialize inode number to 0 in case no valid data in qfid context */ 2168 if (buf) 2169 buf->IndexNumber = 0; 2170 2171 while (remaining >= sizeof(struct create_context)) { 2172 name = le16_to_cpu(cc->NameOffset) + (char *)cc; 2173 if (le16_to_cpu(cc->NameLength) == 4 && 2174 strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4) == 0) 2175 *oplock = server->ops->parse_lease_buf(cc, epoch, 2176 lease_key); 2177 else if (buf && (le16_to_cpu(cc->NameLength) == 4) && 2178 strncmp(name, SMB2_CREATE_QUERY_ON_DISK_ID, 4) == 0) 2179 parse_query_id_ctxt(cc, buf); 2180 else if ((le16_to_cpu(cc->NameLength) == 16)) { 2181 if (posix && 2182 memcmp(name, smb3_create_tag_posix, 16) == 0) 2183 parse_posix_ctxt(cc, buf, posix); 2184 } 2185 /* else { 2186 cifs_dbg(FYI, "Context not matched with len %d\n", 2187 le16_to_cpu(cc->NameLength)); 2188 cifs_dump_mem("Cctxt name: ", name, 4); 2189 } */ 2190 2191 next = le32_to_cpu(cc->Next); 2192 if (!next) 2193 break; 2194 remaining -= next; 2195 cc = (struct create_context *)((char *)cc + next); 2196 } 2197 2198 if (rsp->OplockLevel != SMB2_OPLOCK_LEVEL_LEASE) 2199 *oplock = rsp->OplockLevel; 2200 2201 return; 2202 } 2203 2204 static int 2205 add_lease_context(struct TCP_Server_Info *server, 2206 struct smb2_create_req *req, 2207 struct kvec *iov, 2208 unsigned int *num_iovec, u8 *lease_key, __u8 *oplock) 2209 { 2210 unsigned int num = *num_iovec; 2211 2212 iov[num].iov_base = server->ops->create_lease_buf(lease_key, *oplock); 2213 if (iov[num].iov_base == NULL) 2214 return -ENOMEM; 2215 iov[num].iov_len = server->vals->create_lease_size; 2216 req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_LEASE; 2217 *num_iovec = num + 1; 2218 return 0; 2219 } 2220 2221 static struct create_durable_v2 * 2222 create_durable_v2_buf(struct cifs_open_parms *oparms) 2223 { 2224 struct cifs_fid *pfid = oparms->fid; 2225 struct create_durable_v2 *buf; 2226 2227 buf = kzalloc(sizeof(struct create_durable_v2), GFP_KERNEL); 2228 if (!buf) 2229 return NULL; 2230 2231 buf->ccontext.DataOffset = cpu_to_le16(offsetof 2232 (struct create_durable_v2, dcontext)); 2233 buf->ccontext.DataLength = cpu_to_le32(sizeof(struct durable_context_v2)); 2234 buf->ccontext.NameOffset = cpu_to_le16(offsetof 2235 (struct create_durable_v2, Name)); 2236 buf->ccontext.NameLength = cpu_to_le16(4); 2237 2238 /* 2239 * NB: Handle timeout defaults to 0, which allows server to choose 2240 * (most servers default to 120 seconds) and most clients default to 0. 2241 * This can be overridden at mount ("handletimeout=") if the user wants 2242 * a different persistent (or resilient) handle timeout for all opens 2243 * on a particular SMB3 mount. 2244 */ 2245 buf->dcontext.Timeout = cpu_to_le32(oparms->tcon->handle_timeout); 2246 buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT); 2247 generate_random_uuid(buf->dcontext.CreateGuid); 2248 memcpy(pfid->create_guid, buf->dcontext.CreateGuid, 16); 2249 2250 /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DH2Q" */ 2251 buf->Name[0] = 'D'; 2252 buf->Name[1] = 'H'; 2253 buf->Name[2] = '2'; 2254 buf->Name[3] = 'Q'; 2255 return buf; 2256 } 2257 2258 static struct create_durable_handle_reconnect_v2 * 2259 create_reconnect_durable_v2_buf(struct cifs_fid *fid) 2260 { 2261 struct create_durable_handle_reconnect_v2 *buf; 2262 2263 buf = kzalloc(sizeof(struct create_durable_handle_reconnect_v2), 2264 GFP_KERNEL); 2265 if (!buf) 2266 return NULL; 2267 2268 buf->ccontext.DataOffset = 2269 cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2, 2270 dcontext)); 2271 buf->ccontext.DataLength = 2272 cpu_to_le32(sizeof(struct durable_reconnect_context_v2)); 2273 buf->ccontext.NameOffset = 2274 cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2, 2275 Name)); 2276 buf->ccontext.NameLength = cpu_to_le16(4); 2277 2278 buf->dcontext.Fid.PersistentFileId = fid->persistent_fid; 2279 buf->dcontext.Fid.VolatileFileId = fid->volatile_fid; 2280 buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT); 2281 memcpy(buf->dcontext.CreateGuid, fid->create_guid, 16); 2282 2283 /* SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 is "DH2C" */ 2284 buf->Name[0] = 'D'; 2285 buf->Name[1] = 'H'; 2286 buf->Name[2] = '2'; 2287 buf->Name[3] = 'C'; 2288 return buf; 2289 } 2290 2291 static int 2292 add_durable_v2_context(struct kvec *iov, unsigned int *num_iovec, 2293 struct cifs_open_parms *oparms) 2294 { 2295 unsigned int num = *num_iovec; 2296 2297 iov[num].iov_base = create_durable_v2_buf(oparms); 2298 if (iov[num].iov_base == NULL) 2299 return -ENOMEM; 2300 iov[num].iov_len = sizeof(struct create_durable_v2); 2301 *num_iovec = num + 1; 2302 return 0; 2303 } 2304 2305 static int 2306 add_durable_reconnect_v2_context(struct kvec *iov, unsigned int *num_iovec, 2307 struct cifs_open_parms *oparms) 2308 { 2309 unsigned int num = *num_iovec; 2310 2311 /* indicate that we don't need to relock the file */ 2312 oparms->reconnect = false; 2313 2314 iov[num].iov_base = create_reconnect_durable_v2_buf(oparms->fid); 2315 if (iov[num].iov_base == NULL) 2316 return -ENOMEM; 2317 iov[num].iov_len = sizeof(struct create_durable_handle_reconnect_v2); 2318 *num_iovec = num + 1; 2319 return 0; 2320 } 2321 2322 static int 2323 add_durable_context(struct kvec *iov, unsigned int *num_iovec, 2324 struct cifs_open_parms *oparms, bool use_persistent) 2325 { 2326 unsigned int num = *num_iovec; 2327 2328 if (use_persistent) { 2329 if (oparms->reconnect) 2330 return add_durable_reconnect_v2_context(iov, num_iovec, 2331 oparms); 2332 else 2333 return add_durable_v2_context(iov, num_iovec, oparms); 2334 } 2335 2336 if (oparms->reconnect) { 2337 iov[num].iov_base = create_reconnect_durable_buf(oparms->fid); 2338 /* indicate that we don't need to relock the file */ 2339 oparms->reconnect = false; 2340 } else 2341 iov[num].iov_base = create_durable_buf(); 2342 if (iov[num].iov_base == NULL) 2343 return -ENOMEM; 2344 iov[num].iov_len = sizeof(struct create_durable); 2345 *num_iovec = num + 1; 2346 return 0; 2347 } 2348 2349 /* See MS-SMB2 2.2.13.2.7 */ 2350 static struct crt_twarp_ctxt * 2351 create_twarp_buf(__u64 timewarp) 2352 { 2353 struct crt_twarp_ctxt *buf; 2354 2355 buf = kzalloc(sizeof(struct crt_twarp_ctxt), GFP_KERNEL); 2356 if (!buf) 2357 return NULL; 2358 2359 buf->ccontext.DataOffset = cpu_to_le16(offsetof 2360 (struct crt_twarp_ctxt, Timestamp)); 2361 buf->ccontext.DataLength = cpu_to_le32(8); 2362 buf->ccontext.NameOffset = cpu_to_le16(offsetof 2363 (struct crt_twarp_ctxt, Name)); 2364 buf->ccontext.NameLength = cpu_to_le16(4); 2365 /* SMB2_CREATE_TIMEWARP_TOKEN is "TWrp" */ 2366 buf->Name[0] = 'T'; 2367 buf->Name[1] = 'W'; 2368 buf->Name[2] = 'r'; 2369 buf->Name[3] = 'p'; 2370 buf->Timestamp = cpu_to_le64(timewarp); 2371 return buf; 2372 } 2373 2374 /* See MS-SMB2 2.2.13.2.7 */ 2375 static int 2376 add_twarp_context(struct kvec *iov, unsigned int *num_iovec, __u64 timewarp) 2377 { 2378 unsigned int num = *num_iovec; 2379 2380 iov[num].iov_base = create_twarp_buf(timewarp); 2381 if (iov[num].iov_base == NULL) 2382 return -ENOMEM; 2383 iov[num].iov_len = sizeof(struct crt_twarp_ctxt); 2384 *num_iovec = num + 1; 2385 return 0; 2386 } 2387 2388 /* See http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx */ 2389 static void setup_owner_group_sids(char *buf) 2390 { 2391 struct owner_group_sids *sids = (struct owner_group_sids *)buf; 2392 2393 /* Populate the user ownership fields S-1-5-88-1 */ 2394 sids->owner.Revision = 1; 2395 sids->owner.NumAuth = 3; 2396 sids->owner.Authority[5] = 5; 2397 sids->owner.SubAuthorities[0] = cpu_to_le32(88); 2398 sids->owner.SubAuthorities[1] = cpu_to_le32(1); 2399 sids->owner.SubAuthorities[2] = cpu_to_le32(current_fsuid().val); 2400 2401 /* Populate the group ownership fields S-1-5-88-2 */ 2402 sids->group.Revision = 1; 2403 sids->group.NumAuth = 3; 2404 sids->group.Authority[5] = 5; 2405 sids->group.SubAuthorities[0] = cpu_to_le32(88); 2406 sids->group.SubAuthorities[1] = cpu_to_le32(2); 2407 sids->group.SubAuthorities[2] = cpu_to_le32(current_fsgid().val); 2408 2409 cifs_dbg(FYI, "owner S-1-5-88-1-%d, group S-1-5-88-2-%d\n", current_fsuid().val, current_fsgid().val); 2410 } 2411 2412 /* See MS-SMB2 2.2.13.2.2 and MS-DTYP 2.4.6 */ 2413 static struct crt_sd_ctxt * 2414 create_sd_buf(umode_t mode, bool set_owner, unsigned int *len) 2415 { 2416 struct crt_sd_ctxt *buf; 2417 __u8 *ptr, *aclptr; 2418 unsigned int acelen, acl_size, ace_count; 2419 unsigned int owner_offset = 0; 2420 unsigned int group_offset = 0; 2421 struct smb3_acl acl = {}; 2422 2423 *len = round_up(sizeof(struct crt_sd_ctxt) + (sizeof(struct cifs_ace) * 4), 8); 2424 2425 if (set_owner) { 2426 /* sizeof(struct owner_group_sids) is already multiple of 8 so no need to round */ 2427 *len += sizeof(struct owner_group_sids); 2428 } 2429 2430 buf = kzalloc(*len, GFP_KERNEL); 2431 if (buf == NULL) 2432 return buf; 2433 2434 ptr = (__u8 *)&buf[1]; 2435 if (set_owner) { 2436 /* offset fields are from beginning of security descriptor not of create context */ 2437 owner_offset = ptr - (__u8 *)&buf->sd; 2438 buf->sd.OffsetOwner = cpu_to_le32(owner_offset); 2439 group_offset = owner_offset + offsetof(struct owner_group_sids, group); 2440 buf->sd.OffsetGroup = cpu_to_le32(group_offset); 2441 2442 setup_owner_group_sids(ptr); 2443 ptr += sizeof(struct owner_group_sids); 2444 } else { 2445 buf->sd.OffsetOwner = 0; 2446 buf->sd.OffsetGroup = 0; 2447 } 2448 2449 buf->ccontext.DataOffset = cpu_to_le16(offsetof(struct crt_sd_ctxt, sd)); 2450 buf->ccontext.NameOffset = cpu_to_le16(offsetof(struct crt_sd_ctxt, Name)); 2451 buf->ccontext.NameLength = cpu_to_le16(4); 2452 /* SMB2_CREATE_SD_BUFFER_TOKEN is "SecD" */ 2453 buf->Name[0] = 'S'; 2454 buf->Name[1] = 'e'; 2455 buf->Name[2] = 'c'; 2456 buf->Name[3] = 'D'; 2457 buf->sd.Revision = 1; /* Must be one see MS-DTYP 2.4.6 */ 2458 2459 /* 2460 * ACL is "self relative" ie ACL is stored in contiguous block of memory 2461 * and "DP" ie the DACL is present 2462 */ 2463 buf->sd.Control = cpu_to_le16(ACL_CONTROL_SR | ACL_CONTROL_DP); 2464 2465 /* offset owner, group and Sbz1 and SACL are all zero */ 2466 buf->sd.OffsetDacl = cpu_to_le32(ptr - (__u8 *)&buf->sd); 2467 /* Ship the ACL for now. we will copy it into buf later. */ 2468 aclptr = ptr; 2469 ptr += sizeof(struct smb3_acl); 2470 2471 /* create one ACE to hold the mode embedded in reserved special SID */ 2472 acelen = setup_special_mode_ACE((struct cifs_ace *)ptr, (__u64)mode); 2473 ptr += acelen; 2474 acl_size = acelen + sizeof(struct smb3_acl); 2475 ace_count = 1; 2476 2477 if (set_owner) { 2478 /* we do not need to reallocate buffer to add the two more ACEs. plenty of space */ 2479 acelen = setup_special_user_owner_ACE((struct cifs_ace *)ptr); 2480 ptr += acelen; 2481 acl_size += acelen; 2482 ace_count += 1; 2483 } 2484 2485 /* and one more ACE to allow access for authenticated users */ 2486 acelen = setup_authusers_ACE((struct cifs_ace *)ptr); 2487 ptr += acelen; 2488 acl_size += acelen; 2489 ace_count += 1; 2490 2491 acl.AclRevision = ACL_REVISION; /* See 2.4.4.1 of MS-DTYP */ 2492 acl.AclSize = cpu_to_le16(acl_size); 2493 acl.AceCount = cpu_to_le16(ace_count); 2494 /* acl.Sbz1 and Sbz2 MBZ so are not set here, but initialized above */ 2495 memcpy(aclptr, &acl, sizeof(struct smb3_acl)); 2496 2497 buf->ccontext.DataLength = cpu_to_le32(ptr - (__u8 *)&buf->sd); 2498 *len = round_up((unsigned int)(ptr - (__u8 *)buf), 8); 2499 2500 return buf; 2501 } 2502 2503 static int 2504 add_sd_context(struct kvec *iov, unsigned int *num_iovec, umode_t mode, bool set_owner) 2505 { 2506 unsigned int num = *num_iovec; 2507 unsigned int len = 0; 2508 2509 iov[num].iov_base = create_sd_buf(mode, set_owner, &len); 2510 if (iov[num].iov_base == NULL) 2511 return -ENOMEM; 2512 iov[num].iov_len = len; 2513 *num_iovec = num + 1; 2514 return 0; 2515 } 2516 2517 static struct crt_query_id_ctxt * 2518 create_query_id_buf(void) 2519 { 2520 struct crt_query_id_ctxt *buf; 2521 2522 buf = kzalloc(sizeof(struct crt_query_id_ctxt), GFP_KERNEL); 2523 if (!buf) 2524 return NULL; 2525 2526 buf->ccontext.DataOffset = cpu_to_le16(0); 2527 buf->ccontext.DataLength = cpu_to_le32(0); 2528 buf->ccontext.NameOffset = cpu_to_le16(offsetof 2529 (struct crt_query_id_ctxt, Name)); 2530 buf->ccontext.NameLength = cpu_to_le16(4); 2531 /* SMB2_CREATE_QUERY_ON_DISK_ID is "QFid" */ 2532 buf->Name[0] = 'Q'; 2533 buf->Name[1] = 'F'; 2534 buf->Name[2] = 'i'; 2535 buf->Name[3] = 'd'; 2536 return buf; 2537 } 2538 2539 /* See MS-SMB2 2.2.13.2.9 */ 2540 static int 2541 add_query_id_context(struct kvec *iov, unsigned int *num_iovec) 2542 { 2543 unsigned int num = *num_iovec; 2544 2545 iov[num].iov_base = create_query_id_buf(); 2546 if (iov[num].iov_base == NULL) 2547 return -ENOMEM; 2548 iov[num].iov_len = sizeof(struct crt_query_id_ctxt); 2549 *num_iovec = num + 1; 2550 return 0; 2551 } 2552 2553 static int 2554 alloc_path_with_tree_prefix(__le16 **out_path, int *out_size, int *out_len, 2555 const char *treename, const __le16 *path) 2556 { 2557 int treename_len, path_len; 2558 struct nls_table *cp; 2559 const __le16 sep[] = {cpu_to_le16('\\'), cpu_to_le16(0x0000)}; 2560 2561 /* 2562 * skip leading "\\" 2563 */ 2564 treename_len = strlen(treename); 2565 if (treename_len < 2 || !(treename[0] == '\\' && treename[1] == '\\')) 2566 return -EINVAL; 2567 2568 treename += 2; 2569 treename_len -= 2; 2570 2571 path_len = UniStrnlen((wchar_t *)path, PATH_MAX); 2572 2573 /* make room for one path separator only if @path isn't empty */ 2574 *out_len = treename_len + (path[0] ? 1 : 0) + path_len; 2575 2576 /* 2577 * final path needs to be 8-byte aligned as specified in 2578 * MS-SMB2 2.2.13 SMB2 CREATE Request. 2579 */ 2580 *out_size = round_up(*out_len * sizeof(__le16), 8); 2581 *out_path = kzalloc(*out_size + sizeof(__le16) /* null */, GFP_KERNEL); 2582 if (!*out_path) 2583 return -ENOMEM; 2584 2585 cp = load_nls_default(); 2586 cifs_strtoUTF16(*out_path, treename, treename_len, cp); 2587 2588 /* Do not append the separator if the path is empty */ 2589 if (path[0] != cpu_to_le16(0x0000)) { 2590 UniStrcat((wchar_t *)*out_path, (wchar_t *)sep); 2591 UniStrcat((wchar_t *)*out_path, (wchar_t *)path); 2592 } 2593 2594 unload_nls(cp); 2595 2596 return 0; 2597 } 2598 2599 int smb311_posix_mkdir(const unsigned int xid, struct inode *inode, 2600 umode_t mode, struct cifs_tcon *tcon, 2601 const char *full_path, 2602 struct cifs_sb_info *cifs_sb) 2603 { 2604 struct smb_rqst rqst; 2605 struct smb2_create_req *req; 2606 struct smb2_create_rsp *rsp = NULL; 2607 struct cifs_ses *ses = tcon->ses; 2608 struct kvec iov[3]; /* make sure at least one for each open context */ 2609 struct kvec rsp_iov = {NULL, 0}; 2610 int resp_buftype; 2611 int uni_path_len; 2612 __le16 *copy_path = NULL; 2613 int copy_size; 2614 int rc = 0; 2615 unsigned int n_iov = 2; 2616 __u32 file_attributes = 0; 2617 char *pc_buf = NULL; 2618 int flags = 0; 2619 unsigned int total_len; 2620 __le16 *utf16_path = NULL; 2621 struct TCP_Server_Info *server = cifs_pick_channel(ses); 2622 2623 cifs_dbg(FYI, "mkdir\n"); 2624 2625 /* resource #1: path allocation */ 2626 utf16_path = cifs_convert_path_to_utf16(full_path, cifs_sb); 2627 if (!utf16_path) 2628 return -ENOMEM; 2629 2630 if (!ses || !server) { 2631 rc = -EIO; 2632 goto err_free_path; 2633 } 2634 2635 /* resource #2: request */ 2636 rc = smb2_plain_req_init(SMB2_CREATE, tcon, server, 2637 (void **) &req, &total_len); 2638 if (rc) 2639 goto err_free_path; 2640 2641 2642 if (smb3_encryption_required(tcon)) 2643 flags |= CIFS_TRANSFORM_REQ; 2644 2645 req->ImpersonationLevel = IL_IMPERSONATION; 2646 req->DesiredAccess = cpu_to_le32(FILE_WRITE_ATTRIBUTES); 2647 /* File attributes ignored on open (used in create though) */ 2648 req->FileAttributes = cpu_to_le32(file_attributes); 2649 req->ShareAccess = FILE_SHARE_ALL_LE; 2650 req->CreateDisposition = cpu_to_le32(FILE_CREATE); 2651 req->CreateOptions = cpu_to_le32(CREATE_NOT_FILE); 2652 2653 iov[0].iov_base = (char *)req; 2654 /* -1 since last byte is buf[0] which is sent below (path) */ 2655 iov[0].iov_len = total_len - 1; 2656 2657 req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req)); 2658 2659 /* [MS-SMB2] 2.2.13 NameOffset: 2660 * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of 2661 * the SMB2 header, the file name includes a prefix that will 2662 * be processed during DFS name normalization as specified in 2663 * section 3.3.5.9. Otherwise, the file name is relative to 2664 * the share that is identified by the TreeId in the SMB2 2665 * header. 2666 */ 2667 if (tcon->share_flags & SHI1005_FLAGS_DFS) { 2668 int name_len; 2669 2670 req->hdr.Flags |= SMB2_FLAGS_DFS_OPERATIONS; 2671 rc = alloc_path_with_tree_prefix(©_path, ©_size, 2672 &name_len, 2673 tcon->tree_name, utf16_path); 2674 if (rc) 2675 goto err_free_req; 2676 2677 req->NameLength = cpu_to_le16(name_len * 2); 2678 uni_path_len = copy_size; 2679 /* free before overwriting resource */ 2680 kfree(utf16_path); 2681 utf16_path = copy_path; 2682 } else { 2683 uni_path_len = (2 * UniStrnlen((wchar_t *)utf16_path, PATH_MAX)) + 2; 2684 /* MUST set path len (NameLength) to 0 opening root of share */ 2685 req->NameLength = cpu_to_le16(uni_path_len - 2); 2686 if (uni_path_len % 8 != 0) { 2687 copy_size = roundup(uni_path_len, 8); 2688 copy_path = kzalloc(copy_size, GFP_KERNEL); 2689 if (!copy_path) { 2690 rc = -ENOMEM; 2691 goto err_free_req; 2692 } 2693 memcpy((char *)copy_path, (const char *)utf16_path, 2694 uni_path_len); 2695 uni_path_len = copy_size; 2696 /* free before overwriting resource */ 2697 kfree(utf16_path); 2698 utf16_path = copy_path; 2699 } 2700 } 2701 2702 iov[1].iov_len = uni_path_len; 2703 iov[1].iov_base = utf16_path; 2704 req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_NONE; 2705 2706 if (tcon->posix_extensions) { 2707 /* resource #3: posix buf */ 2708 rc = add_posix_context(iov, &n_iov, mode); 2709 if (rc) 2710 goto err_free_req; 2711 req->CreateContextsOffset = cpu_to_le32( 2712 sizeof(struct smb2_create_req) + 2713 iov[1].iov_len); 2714 pc_buf = iov[n_iov-1].iov_base; 2715 } 2716 2717 2718 memset(&rqst, 0, sizeof(struct smb_rqst)); 2719 rqst.rq_iov = iov; 2720 rqst.rq_nvec = n_iov; 2721 2722 /* no need to inc num_remote_opens because we close it just below */ 2723 trace_smb3_posix_mkdir_enter(xid, tcon->tid, ses->Suid, full_path, CREATE_NOT_FILE, 2724 FILE_WRITE_ATTRIBUTES); 2725 /* resource #4: response buffer */ 2726 rc = cifs_send_recv(xid, ses, server, 2727 &rqst, &resp_buftype, flags, &rsp_iov); 2728 if (rc) { 2729 cifs_stats_fail_inc(tcon, SMB2_CREATE_HE); 2730 trace_smb3_posix_mkdir_err(xid, tcon->tid, ses->Suid, 2731 CREATE_NOT_FILE, 2732 FILE_WRITE_ATTRIBUTES, rc); 2733 goto err_free_rsp_buf; 2734 } 2735 2736 /* 2737 * Although unlikely to be possible for rsp to be null and rc not set, 2738 * adding check below is slightly safer long term (and quiets Coverity 2739 * warning) 2740 */ 2741 rsp = (struct smb2_create_rsp *)rsp_iov.iov_base; 2742 if (rsp == NULL) { 2743 rc = -EIO; 2744 kfree(pc_buf); 2745 goto err_free_req; 2746 } 2747 2748 trace_smb3_posix_mkdir_done(xid, rsp->PersistentFileId, tcon->tid, ses->Suid, 2749 CREATE_NOT_FILE, FILE_WRITE_ATTRIBUTES); 2750 2751 SMB2_close(xid, tcon, rsp->PersistentFileId, rsp->VolatileFileId); 2752 2753 /* Eventually save off posix specific response info and timestaps */ 2754 2755 err_free_rsp_buf: 2756 free_rsp_buf(resp_buftype, rsp); 2757 kfree(pc_buf); 2758 err_free_req: 2759 cifs_small_buf_release(req); 2760 err_free_path: 2761 kfree(utf16_path); 2762 return rc; 2763 } 2764 2765 int 2766 SMB2_open_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, 2767 struct smb_rqst *rqst, __u8 *oplock, 2768 struct cifs_open_parms *oparms, __le16 *path) 2769 { 2770 struct smb2_create_req *req; 2771 unsigned int n_iov = 2; 2772 __u32 file_attributes = 0; 2773 int copy_size; 2774 int uni_path_len; 2775 unsigned int total_len; 2776 struct kvec *iov = rqst->rq_iov; 2777 __le16 *copy_path; 2778 int rc; 2779 2780 rc = smb2_plain_req_init(SMB2_CREATE, tcon, server, 2781 (void **) &req, &total_len); 2782 if (rc) 2783 return rc; 2784 2785 iov[0].iov_base = (char *)req; 2786 /* -1 since last byte is buf[0] which is sent below (path) */ 2787 iov[0].iov_len = total_len - 1; 2788 2789 if (oparms->create_options & CREATE_OPTION_READONLY) 2790 file_attributes |= ATTR_READONLY; 2791 if (oparms->create_options & CREATE_OPTION_SPECIAL) 2792 file_attributes |= ATTR_SYSTEM; 2793 2794 req->ImpersonationLevel = IL_IMPERSONATION; 2795 req->DesiredAccess = cpu_to_le32(oparms->desired_access); 2796 /* File attributes ignored on open (used in create though) */ 2797 req->FileAttributes = cpu_to_le32(file_attributes); 2798 req->ShareAccess = FILE_SHARE_ALL_LE; 2799 2800 req->CreateDisposition = cpu_to_le32(oparms->disposition); 2801 req->CreateOptions = cpu_to_le32(oparms->create_options & CREATE_OPTIONS_MASK); 2802 req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req)); 2803 2804 /* [MS-SMB2] 2.2.13 NameOffset: 2805 * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of 2806 * the SMB2 header, the file name includes a prefix that will 2807 * be processed during DFS name normalization as specified in 2808 * section 3.3.5.9. Otherwise, the file name is relative to 2809 * the share that is identified by the TreeId in the SMB2 2810 * header. 2811 */ 2812 if (tcon->share_flags & SHI1005_FLAGS_DFS) { 2813 int name_len; 2814 2815 req->hdr.Flags |= SMB2_FLAGS_DFS_OPERATIONS; 2816 rc = alloc_path_with_tree_prefix(©_path, ©_size, 2817 &name_len, 2818 tcon->tree_name, path); 2819 if (rc) 2820 return rc; 2821 req->NameLength = cpu_to_le16(name_len * 2); 2822 uni_path_len = copy_size; 2823 path = copy_path; 2824 } else { 2825 uni_path_len = (2 * UniStrnlen((wchar_t *)path, PATH_MAX)) + 2; 2826 /* MUST set path len (NameLength) to 0 opening root of share */ 2827 req->NameLength = cpu_to_le16(uni_path_len - 2); 2828 copy_size = round_up(uni_path_len, 8); 2829 copy_path = kzalloc(copy_size, GFP_KERNEL); 2830 if (!copy_path) 2831 return -ENOMEM; 2832 memcpy((char *)copy_path, (const char *)path, 2833 uni_path_len); 2834 uni_path_len = copy_size; 2835 path = copy_path; 2836 } 2837 2838 iov[1].iov_len = uni_path_len; 2839 iov[1].iov_base = path; 2840 2841 if ((!server->oplocks) || (tcon->no_lease)) 2842 *oplock = SMB2_OPLOCK_LEVEL_NONE; 2843 2844 if (!(server->capabilities & SMB2_GLOBAL_CAP_LEASING) || 2845 *oplock == SMB2_OPLOCK_LEVEL_NONE) 2846 req->RequestedOplockLevel = *oplock; 2847 else if (!(server->capabilities & SMB2_GLOBAL_CAP_DIRECTORY_LEASING) && 2848 (oparms->create_options & CREATE_NOT_FILE)) 2849 req->RequestedOplockLevel = *oplock; /* no srv lease support */ 2850 else { 2851 rc = add_lease_context(server, req, iov, &n_iov, 2852 oparms->fid->lease_key, oplock); 2853 if (rc) 2854 return rc; 2855 } 2856 2857 if (*oplock == SMB2_OPLOCK_LEVEL_BATCH) { 2858 rc = add_durable_context(iov, &n_iov, oparms, 2859 tcon->use_persistent); 2860 if (rc) 2861 return rc; 2862 } 2863 2864 if (tcon->posix_extensions) { 2865 rc = add_posix_context(iov, &n_iov, oparms->mode); 2866 if (rc) 2867 return rc; 2868 } 2869 2870 if (tcon->snapshot_time) { 2871 cifs_dbg(FYI, "adding snapshot context\n"); 2872 rc = add_twarp_context(iov, &n_iov, tcon->snapshot_time); 2873 if (rc) 2874 return rc; 2875 } 2876 2877 if ((oparms->disposition != FILE_OPEN) && (oparms->cifs_sb)) { 2878 bool set_mode; 2879 bool set_owner; 2880 2881 if ((oparms->cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MODE_FROM_SID) && 2882 (oparms->mode != ACL_NO_MODE)) 2883 set_mode = true; 2884 else { 2885 set_mode = false; 2886 oparms->mode = ACL_NO_MODE; 2887 } 2888 2889 if (oparms->cifs_sb->mnt_cifs_flags & CIFS_MOUNT_UID_FROM_ACL) 2890 set_owner = true; 2891 else 2892 set_owner = false; 2893 2894 if (set_owner | set_mode) { 2895 cifs_dbg(FYI, "add sd with mode 0x%x\n", oparms->mode); 2896 rc = add_sd_context(iov, &n_iov, oparms->mode, set_owner); 2897 if (rc) 2898 return rc; 2899 } 2900 } 2901 2902 add_query_id_context(iov, &n_iov); 2903 2904 if (n_iov > 2) { 2905 /* 2906 * We have create contexts behind iov[1] (the file 2907 * name), point at them from the main create request 2908 */ 2909 req->CreateContextsOffset = cpu_to_le32( 2910 sizeof(struct smb2_create_req) + 2911 iov[1].iov_len); 2912 req->CreateContextsLength = 0; 2913 2914 for (unsigned int i = 2; i < (n_iov-1); i++) { 2915 struct kvec *v = &iov[i]; 2916 size_t len = v->iov_len; 2917 struct create_context *cctx = 2918 (struct create_context *)v->iov_base; 2919 2920 cctx->Next = cpu_to_le32(len); 2921 le32_add_cpu(&req->CreateContextsLength, len); 2922 } 2923 le32_add_cpu(&req->CreateContextsLength, 2924 iov[n_iov-1].iov_len); 2925 } 2926 2927 rqst->rq_nvec = n_iov; 2928 return 0; 2929 } 2930 2931 /* rq_iov[0] is the request and is released by cifs_small_buf_release(). 2932 * All other vectors are freed by kfree(). 2933 */ 2934 void 2935 SMB2_open_free(struct smb_rqst *rqst) 2936 { 2937 int i; 2938 2939 if (rqst && rqst->rq_iov) { 2940 cifs_small_buf_release(rqst->rq_iov[0].iov_base); 2941 for (i = 1; i < rqst->rq_nvec; i++) 2942 if (rqst->rq_iov[i].iov_base != smb2_padding) 2943 kfree(rqst->rq_iov[i].iov_base); 2944 } 2945 } 2946 2947 int 2948 SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path, 2949 __u8 *oplock, struct smb2_file_all_info *buf, 2950 struct create_posix_rsp *posix, 2951 struct kvec *err_iov, int *buftype) 2952 { 2953 struct smb_rqst rqst; 2954 struct smb2_create_rsp *rsp = NULL; 2955 struct cifs_tcon *tcon = oparms->tcon; 2956 struct cifs_ses *ses = tcon->ses; 2957 struct TCP_Server_Info *server = cifs_pick_channel(ses); 2958 struct kvec iov[SMB2_CREATE_IOV_SIZE]; 2959 struct kvec rsp_iov = {NULL, 0}; 2960 int resp_buftype = CIFS_NO_BUFFER; 2961 int rc = 0; 2962 int flags = 0; 2963 2964 cifs_dbg(FYI, "create/open\n"); 2965 if (!ses || !server) 2966 return -EIO; 2967 2968 if (smb3_encryption_required(tcon)) 2969 flags |= CIFS_TRANSFORM_REQ; 2970 2971 memset(&rqst, 0, sizeof(struct smb_rqst)); 2972 memset(&iov, 0, sizeof(iov)); 2973 rqst.rq_iov = iov; 2974 rqst.rq_nvec = SMB2_CREATE_IOV_SIZE; 2975 2976 rc = SMB2_open_init(tcon, server, 2977 &rqst, oplock, oparms, path); 2978 if (rc) 2979 goto creat_exit; 2980 2981 trace_smb3_open_enter(xid, tcon->tid, tcon->ses->Suid, oparms->path, 2982 oparms->create_options, oparms->desired_access); 2983 2984 rc = cifs_send_recv(xid, ses, server, 2985 &rqst, &resp_buftype, flags, 2986 &rsp_iov); 2987 rsp = (struct smb2_create_rsp *)rsp_iov.iov_base; 2988 2989 if (rc != 0) { 2990 cifs_stats_fail_inc(tcon, SMB2_CREATE_HE); 2991 if (err_iov && rsp) { 2992 *err_iov = rsp_iov; 2993 *buftype = resp_buftype; 2994 resp_buftype = CIFS_NO_BUFFER; 2995 rsp = NULL; 2996 } 2997 trace_smb3_open_err(xid, tcon->tid, ses->Suid, 2998 oparms->create_options, oparms->desired_access, rc); 2999 if (rc == -EREMCHG) { 3000 pr_warn_once("server share %s deleted\n", 3001 tcon->tree_name); 3002 tcon->need_reconnect = true; 3003 } 3004 goto creat_exit; 3005 } else if (rsp == NULL) /* unlikely to happen, but safer to check */ 3006 goto creat_exit; 3007 else 3008 trace_smb3_open_done(xid, rsp->PersistentFileId, tcon->tid, ses->Suid, 3009 oparms->create_options, oparms->desired_access); 3010 3011 atomic_inc(&tcon->num_remote_opens); 3012 oparms->fid->persistent_fid = rsp->PersistentFileId; 3013 oparms->fid->volatile_fid = rsp->VolatileFileId; 3014 oparms->fid->access = oparms->desired_access; 3015 #ifdef CONFIG_CIFS_DEBUG2 3016 oparms->fid->mid = le64_to_cpu(rsp->hdr.MessageId); 3017 #endif /* CIFS_DEBUG2 */ 3018 3019 if (buf) { 3020 buf->CreationTime = rsp->CreationTime; 3021 buf->LastAccessTime = rsp->LastAccessTime; 3022 buf->LastWriteTime = rsp->LastWriteTime; 3023 buf->ChangeTime = rsp->ChangeTime; 3024 buf->AllocationSize = rsp->AllocationSize; 3025 buf->EndOfFile = rsp->EndofFile; 3026 buf->Attributes = rsp->FileAttributes; 3027 buf->NumberOfLinks = cpu_to_le32(1); 3028 buf->DeletePending = 0; 3029 } 3030 3031 3032 smb2_parse_contexts(server, rsp, &oparms->fid->epoch, 3033 oparms->fid->lease_key, oplock, buf, posix); 3034 creat_exit: 3035 SMB2_open_free(&rqst); 3036 free_rsp_buf(resp_buftype, rsp); 3037 return rc; 3038 } 3039 3040 int 3041 SMB2_ioctl_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, 3042 struct smb_rqst *rqst, 3043 u64 persistent_fid, u64 volatile_fid, u32 opcode, 3044 char *in_data, u32 indatalen, 3045 __u32 max_response_size) 3046 { 3047 struct smb2_ioctl_req *req; 3048 struct kvec *iov = rqst->rq_iov; 3049 unsigned int total_len; 3050 int rc; 3051 char *in_data_buf; 3052 3053 rc = smb2_ioctl_req_init(opcode, tcon, server, 3054 (void **) &req, &total_len); 3055 if (rc) 3056 return rc; 3057 3058 if (indatalen) { 3059 /* 3060 * indatalen is usually small at a couple of bytes max, so 3061 * just allocate through generic pool 3062 */ 3063 in_data_buf = kmemdup(in_data, indatalen, GFP_NOFS); 3064 if (!in_data_buf) { 3065 cifs_small_buf_release(req); 3066 return -ENOMEM; 3067 } 3068 } 3069 3070 req->CtlCode = cpu_to_le32(opcode); 3071 req->PersistentFileId = persistent_fid; 3072 req->VolatileFileId = volatile_fid; 3073 3074 iov[0].iov_base = (char *)req; 3075 /* 3076 * If no input data, the size of ioctl struct in 3077 * protocol spec still includes a 1 byte data buffer, 3078 * but if input data passed to ioctl, we do not 3079 * want to double count this, so we do not send 3080 * the dummy one byte of data in iovec[0] if sending 3081 * input data (in iovec[1]). 3082 */ 3083 if (indatalen) { 3084 req->InputCount = cpu_to_le32(indatalen); 3085 /* do not set InputOffset if no input data */ 3086 req->InputOffset = 3087 cpu_to_le32(offsetof(struct smb2_ioctl_req, Buffer)); 3088 rqst->rq_nvec = 2; 3089 iov[0].iov_len = total_len - 1; 3090 iov[1].iov_base = in_data_buf; 3091 iov[1].iov_len = indatalen; 3092 } else { 3093 rqst->rq_nvec = 1; 3094 iov[0].iov_len = total_len; 3095 } 3096 3097 req->OutputOffset = 0; 3098 req->OutputCount = 0; /* MBZ */ 3099 3100 /* 3101 * In most cases max_response_size is set to 16K (CIFSMaxBufSize) 3102 * We Could increase default MaxOutputResponse, but that could require 3103 * more credits. Windows typically sets this smaller, but for some 3104 * ioctls it may be useful to allow server to send more. No point 3105 * limiting what the server can send as long as fits in one credit 3106 * We can not handle more than CIFS_MAX_BUF_SIZE yet but may want 3107 * to increase this limit up in the future. 3108 * Note that for snapshot queries that servers like Azure expect that 3109 * the first query be minimal size (and just used to get the number/size 3110 * of previous versions) so response size must be specified as EXACTLY 3111 * sizeof(struct snapshot_array) which is 16 when rounded up to multiple 3112 * of eight bytes. Currently that is the only case where we set max 3113 * response size smaller. 3114 */ 3115 req->MaxOutputResponse = cpu_to_le32(max_response_size); 3116 req->hdr.CreditCharge = 3117 cpu_to_le16(DIV_ROUND_UP(max(indatalen, max_response_size), 3118 SMB2_MAX_BUFFER_SIZE)); 3119 /* always an FSCTL (for now) */ 3120 req->Flags = cpu_to_le32(SMB2_0_IOCTL_IS_FSCTL); 3121 3122 /* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */ 3123 if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO) 3124 req->hdr.Flags |= SMB2_FLAGS_SIGNED; 3125 3126 return 0; 3127 } 3128 3129 void 3130 SMB2_ioctl_free(struct smb_rqst *rqst) 3131 { 3132 int i; 3133 3134 if (rqst && rqst->rq_iov) { 3135 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */ 3136 for (i = 1; i < rqst->rq_nvec; i++) 3137 if (rqst->rq_iov[i].iov_base != smb2_padding) 3138 kfree(rqst->rq_iov[i].iov_base); 3139 } 3140 } 3141 3142 3143 /* 3144 * SMB2 IOCTL is used for both IOCTLs and FSCTLs 3145 */ 3146 int 3147 SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid, 3148 u64 volatile_fid, u32 opcode, char *in_data, u32 indatalen, 3149 u32 max_out_data_len, char **out_data, 3150 u32 *plen /* returned data len */) 3151 { 3152 struct smb_rqst rqst; 3153 struct smb2_ioctl_rsp *rsp = NULL; 3154 struct cifs_ses *ses; 3155 struct TCP_Server_Info *server; 3156 struct kvec iov[SMB2_IOCTL_IOV_SIZE]; 3157 struct kvec rsp_iov = {NULL, 0}; 3158 int resp_buftype = CIFS_NO_BUFFER; 3159 int rc = 0; 3160 int flags = 0; 3161 3162 cifs_dbg(FYI, "SMB2 IOCTL\n"); 3163 3164 if (out_data != NULL) 3165 *out_data = NULL; 3166 3167 /* zero out returned data len, in case of error */ 3168 if (plen) 3169 *plen = 0; 3170 3171 if (!tcon) 3172 return -EIO; 3173 3174 ses = tcon->ses; 3175 if (!ses) 3176 return -EIO; 3177 3178 server = cifs_pick_channel(ses); 3179 if (!server) 3180 return -EIO; 3181 3182 if (smb3_encryption_required(tcon)) 3183 flags |= CIFS_TRANSFORM_REQ; 3184 3185 memset(&rqst, 0, sizeof(struct smb_rqst)); 3186 memset(&iov, 0, sizeof(iov)); 3187 rqst.rq_iov = iov; 3188 rqst.rq_nvec = SMB2_IOCTL_IOV_SIZE; 3189 3190 rc = SMB2_ioctl_init(tcon, server, 3191 &rqst, persistent_fid, volatile_fid, opcode, 3192 in_data, indatalen, max_out_data_len); 3193 if (rc) 3194 goto ioctl_exit; 3195 3196 rc = cifs_send_recv(xid, ses, server, 3197 &rqst, &resp_buftype, flags, 3198 &rsp_iov); 3199 rsp = (struct smb2_ioctl_rsp *)rsp_iov.iov_base; 3200 3201 if (rc != 0) 3202 trace_smb3_fsctl_err(xid, persistent_fid, tcon->tid, 3203 ses->Suid, 0, opcode, rc); 3204 3205 if ((rc != 0) && (rc != -EINVAL) && (rc != -E2BIG)) { 3206 cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE); 3207 goto ioctl_exit; 3208 } else if (rc == -EINVAL) { 3209 if ((opcode != FSCTL_SRV_COPYCHUNK_WRITE) && 3210 (opcode != FSCTL_SRV_COPYCHUNK)) { 3211 cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE); 3212 goto ioctl_exit; 3213 } 3214 } else if (rc == -E2BIG) { 3215 if (opcode != FSCTL_QUERY_ALLOCATED_RANGES) { 3216 cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE); 3217 goto ioctl_exit; 3218 } 3219 } 3220 3221 /* check if caller wants to look at return data or just return rc */ 3222 if ((plen == NULL) || (out_data == NULL)) 3223 goto ioctl_exit; 3224 3225 /* 3226 * Although unlikely to be possible for rsp to be null and rc not set, 3227 * adding check below is slightly safer long term (and quiets Coverity 3228 * warning) 3229 */ 3230 if (rsp == NULL) { 3231 rc = -EIO; 3232 goto ioctl_exit; 3233 } 3234 3235 *plen = le32_to_cpu(rsp->OutputCount); 3236 3237 /* We check for obvious errors in the output buffer length and offset */ 3238 if (*plen == 0) 3239 goto ioctl_exit; /* server returned no data */ 3240 else if (*plen > rsp_iov.iov_len || *plen > 0xFF00) { 3241 cifs_tcon_dbg(VFS, "srv returned invalid ioctl length: %d\n", *plen); 3242 *plen = 0; 3243 rc = -EIO; 3244 goto ioctl_exit; 3245 } 3246 3247 if (rsp_iov.iov_len - *plen < le32_to_cpu(rsp->OutputOffset)) { 3248 cifs_tcon_dbg(VFS, "Malformed ioctl resp: len %d offset %d\n", *plen, 3249 le32_to_cpu(rsp->OutputOffset)); 3250 *plen = 0; 3251 rc = -EIO; 3252 goto ioctl_exit; 3253 } 3254 3255 *out_data = kmemdup((char *)rsp + le32_to_cpu(rsp->OutputOffset), 3256 *plen, GFP_KERNEL); 3257 if (*out_data == NULL) { 3258 rc = -ENOMEM; 3259 goto ioctl_exit; 3260 } 3261 3262 ioctl_exit: 3263 SMB2_ioctl_free(&rqst); 3264 free_rsp_buf(resp_buftype, rsp); 3265 return rc; 3266 } 3267 3268 /* 3269 * Individual callers to ioctl worker function follow 3270 */ 3271 3272 int 3273 SMB2_set_compression(const unsigned int xid, struct cifs_tcon *tcon, 3274 u64 persistent_fid, u64 volatile_fid) 3275 { 3276 int rc; 3277 struct compress_ioctl fsctl_input; 3278 char *ret_data = NULL; 3279 3280 fsctl_input.CompressionState = 3281 cpu_to_le16(COMPRESSION_FORMAT_DEFAULT); 3282 3283 rc = SMB2_ioctl(xid, tcon, persistent_fid, volatile_fid, 3284 FSCTL_SET_COMPRESSION, 3285 (char *)&fsctl_input /* data input */, 3286 2 /* in data len */, CIFSMaxBufSize /* max out data */, 3287 &ret_data /* out data */, NULL); 3288 3289 cifs_dbg(FYI, "set compression rc %d\n", rc); 3290 3291 return rc; 3292 } 3293 3294 int 3295 SMB2_close_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, 3296 struct smb_rqst *rqst, 3297 u64 persistent_fid, u64 volatile_fid, bool query_attrs) 3298 { 3299 struct smb2_close_req *req; 3300 struct kvec *iov = rqst->rq_iov; 3301 unsigned int total_len; 3302 int rc; 3303 3304 rc = smb2_plain_req_init(SMB2_CLOSE, tcon, server, 3305 (void **) &req, &total_len); 3306 if (rc) 3307 return rc; 3308 3309 req->PersistentFileId = persistent_fid; 3310 req->VolatileFileId = volatile_fid; 3311 if (query_attrs) 3312 req->Flags = SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB; 3313 else 3314 req->Flags = 0; 3315 iov[0].iov_base = (char *)req; 3316 iov[0].iov_len = total_len; 3317 3318 return 0; 3319 } 3320 3321 void 3322 SMB2_close_free(struct smb_rqst *rqst) 3323 { 3324 if (rqst && rqst->rq_iov) 3325 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */ 3326 } 3327 3328 int 3329 __SMB2_close(const unsigned int xid, struct cifs_tcon *tcon, 3330 u64 persistent_fid, u64 volatile_fid, 3331 struct smb2_file_network_open_info *pbuf) 3332 { 3333 struct smb_rqst rqst; 3334 struct smb2_close_rsp *rsp = NULL; 3335 struct cifs_ses *ses = tcon->ses; 3336 struct TCP_Server_Info *server = cifs_pick_channel(ses); 3337 struct kvec iov[1]; 3338 struct kvec rsp_iov; 3339 int resp_buftype = CIFS_NO_BUFFER; 3340 int rc = 0; 3341 int flags = 0; 3342 bool query_attrs = false; 3343 3344 cifs_dbg(FYI, "Close\n"); 3345 3346 if (!ses || !server) 3347 return -EIO; 3348 3349 if (smb3_encryption_required(tcon)) 3350 flags |= CIFS_TRANSFORM_REQ; 3351 3352 memset(&rqst, 0, sizeof(struct smb_rqst)); 3353 memset(&iov, 0, sizeof(iov)); 3354 rqst.rq_iov = iov; 3355 rqst.rq_nvec = 1; 3356 3357 /* check if need to ask server to return timestamps in close response */ 3358 if (pbuf) 3359 query_attrs = true; 3360 3361 trace_smb3_close_enter(xid, persistent_fid, tcon->tid, ses->Suid); 3362 rc = SMB2_close_init(tcon, server, 3363 &rqst, persistent_fid, volatile_fid, 3364 query_attrs); 3365 if (rc) 3366 goto close_exit; 3367 3368 rc = cifs_send_recv(xid, ses, server, 3369 &rqst, &resp_buftype, flags, &rsp_iov); 3370 rsp = (struct smb2_close_rsp *)rsp_iov.iov_base; 3371 3372 if (rc != 0) { 3373 cifs_stats_fail_inc(tcon, SMB2_CLOSE_HE); 3374 trace_smb3_close_err(xid, persistent_fid, tcon->tid, ses->Suid, 3375 rc); 3376 goto close_exit; 3377 } else { 3378 trace_smb3_close_done(xid, persistent_fid, tcon->tid, 3379 ses->Suid); 3380 /* 3381 * Note that have to subtract 4 since struct network_open_info 3382 * has a final 4 byte pad that close response does not have 3383 */ 3384 if (pbuf) 3385 memcpy(pbuf, (char *)&rsp->CreationTime, sizeof(*pbuf) - 4); 3386 } 3387 3388 atomic_dec(&tcon->num_remote_opens); 3389 close_exit: 3390 SMB2_close_free(&rqst); 3391 free_rsp_buf(resp_buftype, rsp); 3392 3393 /* retry close in a worker thread if this one is interrupted */ 3394 if (is_interrupt_error(rc)) { 3395 int tmp_rc; 3396 3397 tmp_rc = smb2_handle_cancelled_close(tcon, persistent_fid, 3398 volatile_fid); 3399 if (tmp_rc) 3400 cifs_dbg(VFS, "handle cancelled close fid 0x%llx returned error %d\n", 3401 persistent_fid, tmp_rc); 3402 } 3403 return rc; 3404 } 3405 3406 int 3407 SMB2_close(const unsigned int xid, struct cifs_tcon *tcon, 3408 u64 persistent_fid, u64 volatile_fid) 3409 { 3410 return __SMB2_close(xid, tcon, persistent_fid, volatile_fid, NULL); 3411 } 3412 3413 int 3414 smb2_validate_iov(unsigned int offset, unsigned int buffer_length, 3415 struct kvec *iov, unsigned int min_buf_size) 3416 { 3417 unsigned int smb_len = iov->iov_len; 3418 char *end_of_smb = smb_len + (char *)iov->iov_base; 3419 char *begin_of_buf = offset + (char *)iov->iov_base; 3420 char *end_of_buf = begin_of_buf + buffer_length; 3421 3422 3423 if (buffer_length < min_buf_size) { 3424 cifs_dbg(VFS, "buffer length %d smaller than minimum size %d\n", 3425 buffer_length, min_buf_size); 3426 return -EINVAL; 3427 } 3428 3429 /* check if beyond RFC1001 maximum length */ 3430 if ((smb_len > 0x7FFFFF) || (buffer_length > 0x7FFFFF)) { 3431 cifs_dbg(VFS, "buffer length %d or smb length %d too large\n", 3432 buffer_length, smb_len); 3433 return -EINVAL; 3434 } 3435 3436 if ((begin_of_buf > end_of_smb) || (end_of_buf > end_of_smb)) { 3437 cifs_dbg(VFS, "Invalid server response, bad offset to data\n"); 3438 return -EINVAL; 3439 } 3440 3441 return 0; 3442 } 3443 3444 /* 3445 * If SMB buffer fields are valid, copy into temporary buffer to hold result. 3446 * Caller must free buffer. 3447 */ 3448 int 3449 smb2_validate_and_copy_iov(unsigned int offset, unsigned int buffer_length, 3450 struct kvec *iov, unsigned int minbufsize, 3451 char *data) 3452 { 3453 char *begin_of_buf = offset + (char *)iov->iov_base; 3454 int rc; 3455 3456 if (!data) 3457 return -EINVAL; 3458 3459 rc = smb2_validate_iov(offset, buffer_length, iov, minbufsize); 3460 if (rc) 3461 return rc; 3462 3463 memcpy(data, begin_of_buf, minbufsize); 3464 3465 return 0; 3466 } 3467 3468 int 3469 SMB2_query_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, 3470 struct smb_rqst *rqst, 3471 u64 persistent_fid, u64 volatile_fid, 3472 u8 info_class, u8 info_type, u32 additional_info, 3473 size_t output_len, size_t input_len, void *input) 3474 { 3475 struct smb2_query_info_req *req; 3476 struct kvec *iov = rqst->rq_iov; 3477 unsigned int total_len; 3478 int rc; 3479 3480 rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, server, 3481 (void **) &req, &total_len); 3482 if (rc) 3483 return rc; 3484 3485 req->InfoType = info_type; 3486 req->FileInfoClass = info_class; 3487 req->PersistentFileId = persistent_fid; 3488 req->VolatileFileId = volatile_fid; 3489 req->AdditionalInformation = cpu_to_le32(additional_info); 3490 3491 req->OutputBufferLength = cpu_to_le32(output_len); 3492 if (input_len) { 3493 req->InputBufferLength = cpu_to_le32(input_len); 3494 /* total_len for smb query request never close to le16 max */ 3495 req->InputBufferOffset = cpu_to_le16(total_len - 1); 3496 memcpy(req->Buffer, input, input_len); 3497 } 3498 3499 iov[0].iov_base = (char *)req; 3500 /* 1 for Buffer */ 3501 iov[0].iov_len = total_len - 1 + input_len; 3502 return 0; 3503 } 3504 3505 void 3506 SMB2_query_info_free(struct smb_rqst *rqst) 3507 { 3508 if (rqst && rqst->rq_iov) 3509 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */ 3510 } 3511 3512 static int 3513 query_info(const unsigned int xid, struct cifs_tcon *tcon, 3514 u64 persistent_fid, u64 volatile_fid, u8 info_class, u8 info_type, 3515 u32 additional_info, size_t output_len, size_t min_len, void **data, 3516 u32 *dlen) 3517 { 3518 struct smb_rqst rqst; 3519 struct smb2_query_info_rsp *rsp = NULL; 3520 struct kvec iov[1]; 3521 struct kvec rsp_iov; 3522 int rc = 0; 3523 int resp_buftype = CIFS_NO_BUFFER; 3524 struct cifs_ses *ses = tcon->ses; 3525 struct TCP_Server_Info *server; 3526 int flags = 0; 3527 bool allocated = false; 3528 3529 cifs_dbg(FYI, "Query Info\n"); 3530 3531 if (!ses) 3532 return -EIO; 3533 server = cifs_pick_channel(ses); 3534 if (!server) 3535 return -EIO; 3536 3537 if (smb3_encryption_required(tcon)) 3538 flags |= CIFS_TRANSFORM_REQ; 3539 3540 memset(&rqst, 0, sizeof(struct smb_rqst)); 3541 memset(&iov, 0, sizeof(iov)); 3542 rqst.rq_iov = iov; 3543 rqst.rq_nvec = 1; 3544 3545 rc = SMB2_query_info_init(tcon, server, 3546 &rqst, persistent_fid, volatile_fid, 3547 info_class, info_type, additional_info, 3548 output_len, 0, NULL); 3549 if (rc) 3550 goto qinf_exit; 3551 3552 trace_smb3_query_info_enter(xid, persistent_fid, tcon->tid, 3553 ses->Suid, info_class, (__u32)info_type); 3554 3555 rc = cifs_send_recv(xid, ses, server, 3556 &rqst, &resp_buftype, flags, &rsp_iov); 3557 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base; 3558 3559 if (rc) { 3560 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); 3561 trace_smb3_query_info_err(xid, persistent_fid, tcon->tid, 3562 ses->Suid, info_class, (__u32)info_type, rc); 3563 goto qinf_exit; 3564 } 3565 3566 trace_smb3_query_info_done(xid, persistent_fid, tcon->tid, 3567 ses->Suid, info_class, (__u32)info_type); 3568 3569 if (dlen) { 3570 *dlen = le32_to_cpu(rsp->OutputBufferLength); 3571 if (!*data) { 3572 *data = kmalloc(*dlen, GFP_KERNEL); 3573 if (!*data) { 3574 cifs_tcon_dbg(VFS, 3575 "Error %d allocating memory for acl\n", 3576 rc); 3577 *dlen = 0; 3578 rc = -ENOMEM; 3579 goto qinf_exit; 3580 } 3581 allocated = true; 3582 } 3583 } 3584 3585 rc = smb2_validate_and_copy_iov(le16_to_cpu(rsp->OutputBufferOffset), 3586 le32_to_cpu(rsp->OutputBufferLength), 3587 &rsp_iov, dlen ? *dlen : min_len, *data); 3588 if (rc && allocated) { 3589 kfree(*data); 3590 *data = NULL; 3591 *dlen = 0; 3592 } 3593 3594 qinf_exit: 3595 SMB2_query_info_free(&rqst); 3596 free_rsp_buf(resp_buftype, rsp); 3597 return rc; 3598 } 3599 3600 int SMB2_query_info(const unsigned int xid, struct cifs_tcon *tcon, 3601 u64 persistent_fid, u64 volatile_fid, struct smb2_file_all_info *data) 3602 { 3603 return query_info(xid, tcon, persistent_fid, volatile_fid, 3604 FILE_ALL_INFORMATION, SMB2_O_INFO_FILE, 0, 3605 sizeof(struct smb2_file_all_info) + PATH_MAX * 2, 3606 sizeof(struct smb2_file_all_info), (void **)&data, 3607 NULL); 3608 } 3609 3610 #if 0 3611 /* currently unused, as now we are doing compounding instead (see smb311_posix_query_path_info) */ 3612 int 3613 SMB311_posix_query_info(const unsigned int xid, struct cifs_tcon *tcon, 3614 u64 persistent_fid, u64 volatile_fid, struct smb311_posix_qinfo *data, u32 *plen) 3615 { 3616 size_t output_len = sizeof(struct smb311_posix_qinfo *) + 3617 (sizeof(struct cifs_sid) * 2) + (PATH_MAX * 2); 3618 *plen = 0; 3619 3620 return query_info(xid, tcon, persistent_fid, volatile_fid, 3621 SMB_FIND_FILE_POSIX_INFO, SMB2_O_INFO_FILE, 0, 3622 output_len, sizeof(struct smb311_posix_qinfo), (void **)&data, plen); 3623 /* Note caller must free "data" (passed in above). It may be allocated in query_info call */ 3624 } 3625 #endif 3626 3627 int 3628 SMB2_query_acl(const unsigned int xid, struct cifs_tcon *tcon, 3629 u64 persistent_fid, u64 volatile_fid, 3630 void **data, u32 *plen, u32 extra_info) 3631 { 3632 __u32 additional_info = OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO | 3633 extra_info; 3634 *plen = 0; 3635 3636 return query_info(xid, tcon, persistent_fid, volatile_fid, 3637 0, SMB2_O_INFO_SECURITY, additional_info, 3638 SMB2_MAX_BUFFER_SIZE, MIN_SEC_DESC_LEN, data, plen); 3639 } 3640 3641 int 3642 SMB2_get_srv_num(const unsigned int xid, struct cifs_tcon *tcon, 3643 u64 persistent_fid, u64 volatile_fid, __le64 *uniqueid) 3644 { 3645 return query_info(xid, tcon, persistent_fid, volatile_fid, 3646 FILE_INTERNAL_INFORMATION, SMB2_O_INFO_FILE, 0, 3647 sizeof(struct smb2_file_internal_info), 3648 sizeof(struct smb2_file_internal_info), 3649 (void **)&uniqueid, NULL); 3650 } 3651 3652 /* 3653 * CHANGE_NOTIFY Request is sent to get notifications on changes to a directory 3654 * See MS-SMB2 2.2.35 and 2.2.36 3655 */ 3656 3657 static int 3658 SMB2_notify_init(const unsigned int xid, struct smb_rqst *rqst, 3659 struct cifs_tcon *tcon, struct TCP_Server_Info *server, 3660 u64 persistent_fid, u64 volatile_fid, 3661 u32 completion_filter, bool watch_tree) 3662 { 3663 struct smb2_change_notify_req *req; 3664 struct kvec *iov = rqst->rq_iov; 3665 unsigned int total_len; 3666 int rc; 3667 3668 rc = smb2_plain_req_init(SMB2_CHANGE_NOTIFY, tcon, server, 3669 (void **) &req, &total_len); 3670 if (rc) 3671 return rc; 3672 3673 req->PersistentFileId = persistent_fid; 3674 req->VolatileFileId = volatile_fid; 3675 /* See note 354 of MS-SMB2, 64K max */ 3676 req->OutputBufferLength = 3677 cpu_to_le32(SMB2_MAX_BUFFER_SIZE - MAX_SMB2_HDR_SIZE); 3678 req->CompletionFilter = cpu_to_le32(completion_filter); 3679 if (watch_tree) 3680 req->Flags = cpu_to_le16(SMB2_WATCH_TREE); 3681 else 3682 req->Flags = 0; 3683 3684 iov[0].iov_base = (char *)req; 3685 iov[0].iov_len = total_len; 3686 3687 return 0; 3688 } 3689 3690 int 3691 SMB2_change_notify(const unsigned int xid, struct cifs_tcon *tcon, 3692 u64 persistent_fid, u64 volatile_fid, bool watch_tree, 3693 u32 completion_filter, u32 max_out_data_len, char **out_data, 3694 u32 *plen /* returned data len */) 3695 { 3696 struct cifs_ses *ses = tcon->ses; 3697 struct TCP_Server_Info *server = cifs_pick_channel(ses); 3698 struct smb_rqst rqst; 3699 struct smb2_change_notify_rsp *smb_rsp; 3700 struct kvec iov[1]; 3701 struct kvec rsp_iov = {NULL, 0}; 3702 int resp_buftype = CIFS_NO_BUFFER; 3703 int flags = 0; 3704 int rc = 0; 3705 3706 cifs_dbg(FYI, "change notify\n"); 3707 if (!ses || !server) 3708 return -EIO; 3709 3710 if (smb3_encryption_required(tcon)) 3711 flags |= CIFS_TRANSFORM_REQ; 3712 3713 memset(&rqst, 0, sizeof(struct smb_rqst)); 3714 memset(&iov, 0, sizeof(iov)); 3715 if (plen) 3716 *plen = 0; 3717 3718 rqst.rq_iov = iov; 3719 rqst.rq_nvec = 1; 3720 3721 rc = SMB2_notify_init(xid, &rqst, tcon, server, 3722 persistent_fid, volatile_fid, 3723 completion_filter, watch_tree); 3724 if (rc) 3725 goto cnotify_exit; 3726 3727 trace_smb3_notify_enter(xid, persistent_fid, tcon->tid, ses->Suid, 3728 (u8)watch_tree, completion_filter); 3729 rc = cifs_send_recv(xid, ses, server, 3730 &rqst, &resp_buftype, flags, &rsp_iov); 3731 3732 if (rc != 0) { 3733 cifs_stats_fail_inc(tcon, SMB2_CHANGE_NOTIFY_HE); 3734 trace_smb3_notify_err(xid, persistent_fid, tcon->tid, ses->Suid, 3735 (u8)watch_tree, completion_filter, rc); 3736 } else { 3737 trace_smb3_notify_done(xid, persistent_fid, tcon->tid, 3738 ses->Suid, (u8)watch_tree, completion_filter); 3739 /* validate that notify information is plausible */ 3740 if ((rsp_iov.iov_base == NULL) || 3741 (rsp_iov.iov_len < sizeof(struct smb2_change_notify_rsp) + 1)) 3742 goto cnotify_exit; 3743 3744 smb_rsp = (struct smb2_change_notify_rsp *)rsp_iov.iov_base; 3745 3746 smb2_validate_iov(le16_to_cpu(smb_rsp->OutputBufferOffset), 3747 le32_to_cpu(smb_rsp->OutputBufferLength), &rsp_iov, 3748 sizeof(struct file_notify_information)); 3749 3750 *out_data = kmemdup((char *)smb_rsp + le16_to_cpu(smb_rsp->OutputBufferOffset), 3751 le32_to_cpu(smb_rsp->OutputBufferLength), GFP_KERNEL); 3752 if (*out_data == NULL) { 3753 rc = -ENOMEM; 3754 goto cnotify_exit; 3755 } else if (plen) 3756 *plen = le32_to_cpu(smb_rsp->OutputBufferLength); 3757 } 3758 3759 cnotify_exit: 3760 if (rqst.rq_iov) 3761 cifs_small_buf_release(rqst.rq_iov[0].iov_base); /* request */ 3762 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 3763 return rc; 3764 } 3765 3766 3767 3768 /* 3769 * This is a no-op for now. We're not really interested in the reply, but 3770 * rather in the fact that the server sent one and that server->lstrp 3771 * gets updated. 3772 * 3773 * FIXME: maybe we should consider checking that the reply matches request? 3774 */ 3775 static void 3776 smb2_echo_callback(struct mid_q_entry *mid) 3777 { 3778 struct TCP_Server_Info *server = mid->callback_data; 3779 struct smb2_echo_rsp *rsp = (struct smb2_echo_rsp *)mid->resp_buf; 3780 struct cifs_credits credits = { .value = 0, .instance = 0 }; 3781 3782 if (mid->mid_state == MID_RESPONSE_RECEIVED 3783 || mid->mid_state == MID_RESPONSE_MALFORMED) { 3784 credits.value = le16_to_cpu(rsp->hdr.CreditRequest); 3785 credits.instance = server->reconnect_instance; 3786 } 3787 3788 release_mid(mid); 3789 add_credits(server, &credits, CIFS_ECHO_OP); 3790 } 3791 3792 void smb2_reconnect_server(struct work_struct *work) 3793 { 3794 struct TCP_Server_Info *server = container_of(work, 3795 struct TCP_Server_Info, reconnect.work); 3796 struct TCP_Server_Info *pserver; 3797 struct cifs_ses *ses, *ses2; 3798 struct cifs_tcon *tcon, *tcon2; 3799 struct list_head tmp_list, tmp_ses_list; 3800 bool tcon_exist = false, ses_exist = false; 3801 bool tcon_selected = false; 3802 int rc; 3803 bool resched = false; 3804 3805 /* If server is a channel, select the primary channel */ 3806 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server; 3807 3808 /* Prevent simultaneous reconnects that can corrupt tcon->rlist list */ 3809 mutex_lock(&pserver->reconnect_mutex); 3810 3811 INIT_LIST_HEAD(&tmp_list); 3812 INIT_LIST_HEAD(&tmp_ses_list); 3813 cifs_dbg(FYI, "Reconnecting tcons and channels\n"); 3814 3815 spin_lock(&cifs_tcp_ses_lock); 3816 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) { 3817 spin_lock(&ses->ses_lock); 3818 if (ses->ses_status == SES_EXITING) { 3819 spin_unlock(&ses->ses_lock); 3820 continue; 3821 } 3822 spin_unlock(&ses->ses_lock); 3823 3824 tcon_selected = false; 3825 3826 list_for_each_entry(tcon, &ses->tcon_list, tcon_list) { 3827 if (tcon->need_reconnect || tcon->need_reopen_files) { 3828 tcon->tc_count++; 3829 list_add_tail(&tcon->rlist, &tmp_list); 3830 tcon_selected = tcon_exist = true; 3831 } 3832 } 3833 /* 3834 * IPC has the same lifetime as its session and uses its 3835 * refcount. 3836 */ 3837 if (ses->tcon_ipc && ses->tcon_ipc->need_reconnect) { 3838 list_add_tail(&ses->tcon_ipc->rlist, &tmp_list); 3839 tcon_selected = tcon_exist = true; 3840 cifs_smb_ses_inc_refcount(ses); 3841 } 3842 /* 3843 * handle the case where channel needs to reconnect 3844 * binding session, but tcon is healthy (some other channel 3845 * is active) 3846 */ 3847 spin_lock(&ses->chan_lock); 3848 if (!tcon_selected && cifs_chan_needs_reconnect(ses, server)) { 3849 list_add_tail(&ses->rlist, &tmp_ses_list); 3850 ses_exist = true; 3851 cifs_smb_ses_inc_refcount(ses); 3852 } 3853 spin_unlock(&ses->chan_lock); 3854 } 3855 /* 3856 * Get the reference to server struct to be sure that the last call of 3857 * cifs_put_tcon() in the loop below won't release the server pointer. 3858 */ 3859 if (tcon_exist || ses_exist) 3860 server->srv_count++; 3861 3862 spin_unlock(&cifs_tcp_ses_lock); 3863 3864 list_for_each_entry_safe(tcon, tcon2, &tmp_list, rlist) { 3865 rc = smb2_reconnect(SMB2_INTERNAL_CMD, tcon, server); 3866 if (!rc) 3867 cifs_reopen_persistent_handles(tcon); 3868 else 3869 resched = true; 3870 list_del_init(&tcon->rlist); 3871 if (tcon->ipc) 3872 cifs_put_smb_ses(tcon->ses); 3873 else 3874 cifs_put_tcon(tcon); 3875 } 3876 3877 if (!ses_exist) 3878 goto done; 3879 3880 /* allocate a dummy tcon struct used for reconnect */ 3881 tcon = tcon_info_alloc(false); 3882 if (!tcon) { 3883 resched = true; 3884 list_for_each_entry_safe(ses, ses2, &tmp_ses_list, rlist) { 3885 list_del_init(&ses->rlist); 3886 cifs_put_smb_ses(ses); 3887 } 3888 goto done; 3889 } 3890 3891 tcon->status = TID_GOOD; 3892 tcon->retry = false; 3893 tcon->need_reconnect = false; 3894 3895 /* now reconnect sessions for necessary channels */ 3896 list_for_each_entry_safe(ses, ses2, &tmp_ses_list, rlist) { 3897 tcon->ses = ses; 3898 rc = smb2_reconnect(SMB2_INTERNAL_CMD, tcon, server); 3899 if (rc) 3900 resched = true; 3901 list_del_init(&ses->rlist); 3902 cifs_put_smb_ses(ses); 3903 } 3904 tconInfoFree(tcon); 3905 3906 done: 3907 cifs_dbg(FYI, "Reconnecting tcons and channels finished\n"); 3908 if (resched) 3909 queue_delayed_work(cifsiod_wq, &server->reconnect, 2 * HZ); 3910 mutex_unlock(&pserver->reconnect_mutex); 3911 3912 /* now we can safely release srv struct */ 3913 if (tcon_exist || ses_exist) 3914 cifs_put_tcp_session(server, 1); 3915 } 3916 3917 int 3918 SMB2_echo(struct TCP_Server_Info *server) 3919 { 3920 struct smb2_echo_req *req; 3921 int rc = 0; 3922 struct kvec iov[1]; 3923 struct smb_rqst rqst = { .rq_iov = iov, 3924 .rq_nvec = 1 }; 3925 unsigned int total_len; 3926 3927 cifs_dbg(FYI, "In echo request for conn_id %lld\n", server->conn_id); 3928 3929 spin_lock(&server->srv_lock); 3930 if (server->ops->need_neg && 3931 server->ops->need_neg(server)) { 3932 spin_unlock(&server->srv_lock); 3933 /* No need to send echo on newly established connections */ 3934 mod_delayed_work(cifsiod_wq, &server->reconnect, 0); 3935 return rc; 3936 } 3937 spin_unlock(&server->srv_lock); 3938 3939 rc = smb2_plain_req_init(SMB2_ECHO, NULL, server, 3940 (void **)&req, &total_len); 3941 if (rc) 3942 return rc; 3943 3944 req->hdr.CreditRequest = cpu_to_le16(1); 3945 3946 iov[0].iov_len = total_len; 3947 iov[0].iov_base = (char *)req; 3948 3949 rc = cifs_call_async(server, &rqst, NULL, smb2_echo_callback, NULL, 3950 server, CIFS_ECHO_OP, NULL); 3951 if (rc) 3952 cifs_dbg(FYI, "Echo request failed: %d\n", rc); 3953 3954 cifs_small_buf_release(req); 3955 return rc; 3956 } 3957 3958 void 3959 SMB2_flush_free(struct smb_rqst *rqst) 3960 { 3961 if (rqst && rqst->rq_iov) 3962 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */ 3963 } 3964 3965 int 3966 SMB2_flush_init(const unsigned int xid, struct smb_rqst *rqst, 3967 struct cifs_tcon *tcon, struct TCP_Server_Info *server, 3968 u64 persistent_fid, u64 volatile_fid) 3969 { 3970 struct smb2_flush_req *req; 3971 struct kvec *iov = rqst->rq_iov; 3972 unsigned int total_len; 3973 int rc; 3974 3975 rc = smb2_plain_req_init(SMB2_FLUSH, tcon, server, 3976 (void **) &req, &total_len); 3977 if (rc) 3978 return rc; 3979 3980 req->PersistentFileId = persistent_fid; 3981 req->VolatileFileId = volatile_fid; 3982 3983 iov[0].iov_base = (char *)req; 3984 iov[0].iov_len = total_len; 3985 3986 return 0; 3987 } 3988 3989 int 3990 SMB2_flush(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid, 3991 u64 volatile_fid) 3992 { 3993 struct cifs_ses *ses = tcon->ses; 3994 struct smb_rqst rqst; 3995 struct kvec iov[1]; 3996 struct kvec rsp_iov = {NULL, 0}; 3997 struct TCP_Server_Info *server = cifs_pick_channel(ses); 3998 int resp_buftype = CIFS_NO_BUFFER; 3999 int flags = 0; 4000 int rc = 0; 4001 4002 cifs_dbg(FYI, "flush\n"); 4003 if (!ses || !(ses->server)) 4004 return -EIO; 4005 4006 if (smb3_encryption_required(tcon)) 4007 flags |= CIFS_TRANSFORM_REQ; 4008 4009 memset(&rqst, 0, sizeof(struct smb_rqst)); 4010 memset(&iov, 0, sizeof(iov)); 4011 rqst.rq_iov = iov; 4012 rqst.rq_nvec = 1; 4013 4014 rc = SMB2_flush_init(xid, &rqst, tcon, server, 4015 persistent_fid, volatile_fid); 4016 if (rc) 4017 goto flush_exit; 4018 4019 trace_smb3_flush_enter(xid, persistent_fid, tcon->tid, ses->Suid); 4020 rc = cifs_send_recv(xid, ses, server, 4021 &rqst, &resp_buftype, flags, &rsp_iov); 4022 4023 if (rc != 0) { 4024 cifs_stats_fail_inc(tcon, SMB2_FLUSH_HE); 4025 trace_smb3_flush_err(xid, persistent_fid, tcon->tid, ses->Suid, 4026 rc); 4027 } else 4028 trace_smb3_flush_done(xid, persistent_fid, tcon->tid, 4029 ses->Suid); 4030 4031 flush_exit: 4032 SMB2_flush_free(&rqst); 4033 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 4034 return rc; 4035 } 4036 4037 #ifdef CONFIG_CIFS_SMB_DIRECT 4038 static inline bool smb3_use_rdma_offload(struct cifs_io_parms *io_parms) 4039 { 4040 struct TCP_Server_Info *server = io_parms->server; 4041 struct cifs_tcon *tcon = io_parms->tcon; 4042 4043 /* we can only offload if we're connected */ 4044 if (!server || !tcon) 4045 return false; 4046 4047 /* we can only offload on an rdma connection */ 4048 if (!server->rdma || !server->smbd_conn) 4049 return false; 4050 4051 /* we don't support signed offload yet */ 4052 if (server->sign) 4053 return false; 4054 4055 /* we don't support encrypted offload yet */ 4056 if (smb3_encryption_required(tcon)) 4057 return false; 4058 4059 /* offload also has its overhead, so only do it if desired */ 4060 if (io_parms->length < server->smbd_conn->rdma_readwrite_threshold) 4061 return false; 4062 4063 return true; 4064 } 4065 #endif /* CONFIG_CIFS_SMB_DIRECT */ 4066 4067 /* 4068 * To form a chain of read requests, any read requests after the first should 4069 * have the end_of_chain boolean set to true. 4070 */ 4071 static int 4072 smb2_new_read_req(void **buf, unsigned int *total_len, 4073 struct cifs_io_parms *io_parms, struct cifs_readdata *rdata, 4074 unsigned int remaining_bytes, int request_type) 4075 { 4076 int rc = -EACCES; 4077 struct smb2_read_req *req = NULL; 4078 struct smb2_hdr *shdr; 4079 struct TCP_Server_Info *server = io_parms->server; 4080 4081 rc = smb2_plain_req_init(SMB2_READ, io_parms->tcon, server, 4082 (void **) &req, total_len); 4083 if (rc) 4084 return rc; 4085 4086 if (server == NULL) 4087 return -ECONNABORTED; 4088 4089 shdr = &req->hdr; 4090 shdr->Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid); 4091 4092 req->PersistentFileId = io_parms->persistent_fid; 4093 req->VolatileFileId = io_parms->volatile_fid; 4094 req->ReadChannelInfoOffset = 0; /* reserved */ 4095 req->ReadChannelInfoLength = 0; /* reserved */ 4096 req->Channel = 0; /* reserved */ 4097 req->MinimumCount = 0; 4098 req->Length = cpu_to_le32(io_parms->length); 4099 req->Offset = cpu_to_le64(io_parms->offset); 4100 4101 trace_smb3_read_enter(0 /* xid */, 4102 io_parms->persistent_fid, 4103 io_parms->tcon->tid, io_parms->tcon->ses->Suid, 4104 io_parms->offset, io_parms->length); 4105 #ifdef CONFIG_CIFS_SMB_DIRECT 4106 /* 4107 * If we want to do a RDMA write, fill in and append 4108 * smbd_buffer_descriptor_v1 to the end of read request 4109 */ 4110 if (smb3_use_rdma_offload(io_parms)) { 4111 struct smbd_buffer_descriptor_v1 *v1; 4112 bool need_invalidate = server->dialect == SMB30_PROT_ID; 4113 4114 rdata->mr = smbd_register_mr(server->smbd_conn, &rdata->iter, 4115 true, need_invalidate); 4116 if (!rdata->mr) 4117 return -EAGAIN; 4118 4119 req->Channel = SMB2_CHANNEL_RDMA_V1_INVALIDATE; 4120 if (need_invalidate) 4121 req->Channel = SMB2_CHANNEL_RDMA_V1; 4122 req->ReadChannelInfoOffset = 4123 cpu_to_le16(offsetof(struct smb2_read_req, Buffer)); 4124 req->ReadChannelInfoLength = 4125 cpu_to_le16(sizeof(struct smbd_buffer_descriptor_v1)); 4126 v1 = (struct smbd_buffer_descriptor_v1 *) &req->Buffer[0]; 4127 v1->offset = cpu_to_le64(rdata->mr->mr->iova); 4128 v1->token = cpu_to_le32(rdata->mr->mr->rkey); 4129 v1->length = cpu_to_le32(rdata->mr->mr->length); 4130 4131 *total_len += sizeof(*v1) - 1; 4132 } 4133 #endif 4134 if (request_type & CHAINED_REQUEST) { 4135 if (!(request_type & END_OF_CHAIN)) { 4136 /* next 8-byte aligned request */ 4137 *total_len = ALIGN(*total_len, 8); 4138 shdr->NextCommand = cpu_to_le32(*total_len); 4139 } else /* END_OF_CHAIN */ 4140 shdr->NextCommand = 0; 4141 if (request_type & RELATED_REQUEST) { 4142 shdr->Flags |= SMB2_FLAGS_RELATED_OPERATIONS; 4143 /* 4144 * Related requests use info from previous read request 4145 * in chain. 4146 */ 4147 shdr->SessionId = cpu_to_le64(0xFFFFFFFFFFFFFFFF); 4148 shdr->Id.SyncId.TreeId = cpu_to_le32(0xFFFFFFFF); 4149 req->PersistentFileId = (u64)-1; 4150 req->VolatileFileId = (u64)-1; 4151 } 4152 } 4153 if (remaining_bytes > io_parms->length) 4154 req->RemainingBytes = cpu_to_le32(remaining_bytes); 4155 else 4156 req->RemainingBytes = 0; 4157 4158 *buf = req; 4159 return rc; 4160 } 4161 4162 static void 4163 smb2_readv_callback(struct mid_q_entry *mid) 4164 { 4165 struct cifs_readdata *rdata = mid->callback_data; 4166 struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink); 4167 struct TCP_Server_Info *server = rdata->server; 4168 struct smb2_hdr *shdr = 4169 (struct smb2_hdr *)rdata->iov[0].iov_base; 4170 struct cifs_credits credits = { .value = 0, .instance = 0 }; 4171 struct smb_rqst rqst = { .rq_iov = &rdata->iov[1], .rq_nvec = 1 }; 4172 4173 if (rdata->got_bytes) { 4174 rqst.rq_iter = rdata->iter; 4175 rqst.rq_iter_size = iov_iter_count(&rdata->iter); 4176 } 4177 4178 WARN_ONCE(rdata->server != mid->server, 4179 "rdata server %p != mid server %p", 4180 rdata->server, mid->server); 4181 4182 cifs_dbg(FYI, "%s: mid=%llu state=%d result=%d bytes=%u\n", 4183 __func__, mid->mid, mid->mid_state, rdata->result, 4184 rdata->bytes); 4185 4186 switch (mid->mid_state) { 4187 case MID_RESPONSE_RECEIVED: 4188 credits.value = le16_to_cpu(shdr->CreditRequest); 4189 credits.instance = server->reconnect_instance; 4190 /* result already set, check signature */ 4191 if (server->sign && !mid->decrypted) { 4192 int rc; 4193 4194 iov_iter_revert(&rqst.rq_iter, rdata->got_bytes); 4195 iov_iter_truncate(&rqst.rq_iter, rdata->got_bytes); 4196 rc = smb2_verify_signature(&rqst, server); 4197 if (rc) 4198 cifs_tcon_dbg(VFS, "SMB signature verification returned error = %d\n", 4199 rc); 4200 } 4201 /* FIXME: should this be counted toward the initiating task? */ 4202 task_io_account_read(rdata->got_bytes); 4203 cifs_stats_bytes_read(tcon, rdata->got_bytes); 4204 break; 4205 case MID_REQUEST_SUBMITTED: 4206 case MID_RETRY_NEEDED: 4207 rdata->result = -EAGAIN; 4208 if (server->sign && rdata->got_bytes) 4209 /* reset bytes number since we can not check a sign */ 4210 rdata->got_bytes = 0; 4211 /* FIXME: should this be counted toward the initiating task? */ 4212 task_io_account_read(rdata->got_bytes); 4213 cifs_stats_bytes_read(tcon, rdata->got_bytes); 4214 break; 4215 case MID_RESPONSE_MALFORMED: 4216 credits.value = le16_to_cpu(shdr->CreditRequest); 4217 credits.instance = server->reconnect_instance; 4218 fallthrough; 4219 default: 4220 rdata->result = -EIO; 4221 } 4222 #ifdef CONFIG_CIFS_SMB_DIRECT 4223 /* 4224 * If this rdata has a memmory registered, the MR can be freed 4225 * MR needs to be freed as soon as I/O finishes to prevent deadlock 4226 * because they have limited number and are used for future I/Os 4227 */ 4228 if (rdata->mr) { 4229 smbd_deregister_mr(rdata->mr); 4230 rdata->mr = NULL; 4231 } 4232 #endif 4233 if (rdata->result && rdata->result != -ENODATA) { 4234 cifs_stats_fail_inc(tcon, SMB2_READ_HE); 4235 trace_smb3_read_err(0 /* xid */, 4236 rdata->cfile->fid.persistent_fid, 4237 tcon->tid, tcon->ses->Suid, rdata->offset, 4238 rdata->bytes, rdata->result); 4239 } else 4240 trace_smb3_read_done(0 /* xid */, 4241 rdata->cfile->fid.persistent_fid, 4242 tcon->tid, tcon->ses->Suid, 4243 rdata->offset, rdata->got_bytes); 4244 4245 queue_work(cifsiod_wq, &rdata->work); 4246 release_mid(mid); 4247 add_credits(server, &credits, 0); 4248 } 4249 4250 /* smb2_async_readv - send an async read, and set up mid to handle result */ 4251 int 4252 smb2_async_readv(struct cifs_readdata *rdata) 4253 { 4254 int rc, flags = 0; 4255 char *buf; 4256 struct smb2_hdr *shdr; 4257 struct cifs_io_parms io_parms; 4258 struct smb_rqst rqst = { .rq_iov = rdata->iov, 4259 .rq_nvec = 1 }; 4260 struct TCP_Server_Info *server; 4261 struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink); 4262 unsigned int total_len; 4263 int credit_request; 4264 4265 cifs_dbg(FYI, "%s: offset=%llu bytes=%u\n", 4266 __func__, rdata->offset, rdata->bytes); 4267 4268 if (!rdata->server) 4269 rdata->server = cifs_pick_channel(tcon->ses); 4270 4271 io_parms.tcon = tlink_tcon(rdata->cfile->tlink); 4272 io_parms.server = server = rdata->server; 4273 io_parms.offset = rdata->offset; 4274 io_parms.length = rdata->bytes; 4275 io_parms.persistent_fid = rdata->cfile->fid.persistent_fid; 4276 io_parms.volatile_fid = rdata->cfile->fid.volatile_fid; 4277 io_parms.pid = rdata->pid; 4278 4279 rc = smb2_new_read_req( 4280 (void **) &buf, &total_len, &io_parms, rdata, 0, 0); 4281 if (rc) 4282 return rc; 4283 4284 if (smb3_encryption_required(io_parms.tcon)) 4285 flags |= CIFS_TRANSFORM_REQ; 4286 4287 rdata->iov[0].iov_base = buf; 4288 rdata->iov[0].iov_len = total_len; 4289 4290 shdr = (struct smb2_hdr *)buf; 4291 4292 if (rdata->credits.value > 0) { 4293 shdr->CreditCharge = cpu_to_le16(DIV_ROUND_UP(rdata->bytes, 4294 SMB2_MAX_BUFFER_SIZE)); 4295 credit_request = le16_to_cpu(shdr->CreditCharge) + 8; 4296 if (server->credits >= server->max_credits) 4297 shdr->CreditRequest = cpu_to_le16(0); 4298 else 4299 shdr->CreditRequest = cpu_to_le16( 4300 min_t(int, server->max_credits - 4301 server->credits, credit_request)); 4302 4303 rc = adjust_credits(server, &rdata->credits, rdata->bytes); 4304 if (rc) 4305 goto async_readv_out; 4306 4307 flags |= CIFS_HAS_CREDITS; 4308 } 4309 4310 kref_get(&rdata->refcount); 4311 rc = cifs_call_async(server, &rqst, 4312 cifs_readv_receive, smb2_readv_callback, 4313 smb3_handle_read_data, rdata, flags, 4314 &rdata->credits); 4315 if (rc) { 4316 kref_put(&rdata->refcount, cifs_readdata_release); 4317 cifs_stats_fail_inc(io_parms.tcon, SMB2_READ_HE); 4318 trace_smb3_read_err(0 /* xid */, io_parms.persistent_fid, 4319 io_parms.tcon->tid, 4320 io_parms.tcon->ses->Suid, 4321 io_parms.offset, io_parms.length, rc); 4322 } 4323 4324 async_readv_out: 4325 cifs_small_buf_release(buf); 4326 return rc; 4327 } 4328 4329 int 4330 SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms, 4331 unsigned int *nbytes, char **buf, int *buf_type) 4332 { 4333 struct smb_rqst rqst; 4334 int resp_buftype, rc; 4335 struct smb2_read_req *req = NULL; 4336 struct smb2_read_rsp *rsp = NULL; 4337 struct kvec iov[1]; 4338 struct kvec rsp_iov; 4339 unsigned int total_len; 4340 int flags = CIFS_LOG_ERROR; 4341 struct cifs_ses *ses = io_parms->tcon->ses; 4342 4343 if (!io_parms->server) 4344 io_parms->server = cifs_pick_channel(io_parms->tcon->ses); 4345 4346 *nbytes = 0; 4347 rc = smb2_new_read_req((void **)&req, &total_len, io_parms, NULL, 0, 0); 4348 if (rc) 4349 return rc; 4350 4351 if (smb3_encryption_required(io_parms->tcon)) 4352 flags |= CIFS_TRANSFORM_REQ; 4353 4354 iov[0].iov_base = (char *)req; 4355 iov[0].iov_len = total_len; 4356 4357 memset(&rqst, 0, sizeof(struct smb_rqst)); 4358 rqst.rq_iov = iov; 4359 rqst.rq_nvec = 1; 4360 4361 rc = cifs_send_recv(xid, ses, io_parms->server, 4362 &rqst, &resp_buftype, flags, &rsp_iov); 4363 rsp = (struct smb2_read_rsp *)rsp_iov.iov_base; 4364 4365 if (rc) { 4366 if (rc != -ENODATA) { 4367 cifs_stats_fail_inc(io_parms->tcon, SMB2_READ_HE); 4368 cifs_dbg(VFS, "Send error in read = %d\n", rc); 4369 trace_smb3_read_err(xid, 4370 req->PersistentFileId, 4371 io_parms->tcon->tid, ses->Suid, 4372 io_parms->offset, io_parms->length, 4373 rc); 4374 } else 4375 trace_smb3_read_done(xid, req->PersistentFileId, io_parms->tcon->tid, 4376 ses->Suid, io_parms->offset, 0); 4377 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 4378 cifs_small_buf_release(req); 4379 return rc == -ENODATA ? 0 : rc; 4380 } else 4381 trace_smb3_read_done(xid, 4382 req->PersistentFileId, 4383 io_parms->tcon->tid, ses->Suid, 4384 io_parms->offset, io_parms->length); 4385 4386 cifs_small_buf_release(req); 4387 4388 *nbytes = le32_to_cpu(rsp->DataLength); 4389 if ((*nbytes > CIFS_MAX_MSGSIZE) || 4390 (*nbytes > io_parms->length)) { 4391 cifs_dbg(FYI, "bad length %d for count %d\n", 4392 *nbytes, io_parms->length); 4393 rc = -EIO; 4394 *nbytes = 0; 4395 } 4396 4397 if (*buf) { 4398 memcpy(*buf, (char *)rsp + rsp->DataOffset, *nbytes); 4399 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 4400 } else if (resp_buftype != CIFS_NO_BUFFER) { 4401 *buf = rsp_iov.iov_base; 4402 if (resp_buftype == CIFS_SMALL_BUFFER) 4403 *buf_type = CIFS_SMALL_BUFFER; 4404 else if (resp_buftype == CIFS_LARGE_BUFFER) 4405 *buf_type = CIFS_LARGE_BUFFER; 4406 } 4407 return rc; 4408 } 4409 4410 /* 4411 * Check the mid_state and signature on received buffer (if any), and queue the 4412 * workqueue completion task. 4413 */ 4414 static void 4415 smb2_writev_callback(struct mid_q_entry *mid) 4416 { 4417 struct cifs_writedata *wdata = mid->callback_data; 4418 struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink); 4419 struct TCP_Server_Info *server = wdata->server; 4420 unsigned int written; 4421 struct smb2_write_rsp *rsp = (struct smb2_write_rsp *)mid->resp_buf; 4422 struct cifs_credits credits = { .value = 0, .instance = 0 }; 4423 4424 WARN_ONCE(wdata->server != mid->server, 4425 "wdata server %p != mid server %p", 4426 wdata->server, mid->server); 4427 4428 switch (mid->mid_state) { 4429 case MID_RESPONSE_RECEIVED: 4430 credits.value = le16_to_cpu(rsp->hdr.CreditRequest); 4431 credits.instance = server->reconnect_instance; 4432 wdata->result = smb2_check_receive(mid, server, 0); 4433 if (wdata->result != 0) 4434 break; 4435 4436 written = le32_to_cpu(rsp->DataLength); 4437 /* 4438 * Mask off high 16 bits when bytes written as returned 4439 * by the server is greater than bytes requested by the 4440 * client. OS/2 servers are known to set incorrect 4441 * CountHigh values. 4442 */ 4443 if (written > wdata->bytes) 4444 written &= 0xFFFF; 4445 4446 if (written < wdata->bytes) 4447 wdata->result = -ENOSPC; 4448 else 4449 wdata->bytes = written; 4450 break; 4451 case MID_REQUEST_SUBMITTED: 4452 case MID_RETRY_NEEDED: 4453 wdata->result = -EAGAIN; 4454 break; 4455 case MID_RESPONSE_MALFORMED: 4456 credits.value = le16_to_cpu(rsp->hdr.CreditRequest); 4457 credits.instance = server->reconnect_instance; 4458 fallthrough; 4459 default: 4460 wdata->result = -EIO; 4461 break; 4462 } 4463 #ifdef CONFIG_CIFS_SMB_DIRECT 4464 /* 4465 * If this wdata has a memory registered, the MR can be freed 4466 * The number of MRs available is limited, it's important to recover 4467 * used MR as soon as I/O is finished. Hold MR longer in the later 4468 * I/O process can possibly result in I/O deadlock due to lack of MR 4469 * to send request on I/O retry 4470 */ 4471 if (wdata->mr) { 4472 smbd_deregister_mr(wdata->mr); 4473 wdata->mr = NULL; 4474 } 4475 #endif 4476 if (wdata->result) { 4477 cifs_stats_fail_inc(tcon, SMB2_WRITE_HE); 4478 trace_smb3_write_err(0 /* no xid */, 4479 wdata->cfile->fid.persistent_fid, 4480 tcon->tid, tcon->ses->Suid, wdata->offset, 4481 wdata->bytes, wdata->result); 4482 if (wdata->result == -ENOSPC) 4483 pr_warn_once("Out of space writing to %s\n", 4484 tcon->tree_name); 4485 } else 4486 trace_smb3_write_done(0 /* no xid */, 4487 wdata->cfile->fid.persistent_fid, 4488 tcon->tid, tcon->ses->Suid, 4489 wdata->offset, wdata->bytes); 4490 4491 queue_work(cifsiod_wq, &wdata->work); 4492 release_mid(mid); 4493 add_credits(server, &credits, 0); 4494 } 4495 4496 /* smb2_async_writev - send an async write, and set up mid to handle result */ 4497 int 4498 smb2_async_writev(struct cifs_writedata *wdata, 4499 void (*release)(struct kref *kref)) 4500 { 4501 int rc = -EACCES, flags = 0; 4502 struct smb2_write_req *req = NULL; 4503 struct smb2_hdr *shdr; 4504 struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink); 4505 struct TCP_Server_Info *server = wdata->server; 4506 struct kvec iov[1]; 4507 struct smb_rqst rqst = { }; 4508 unsigned int total_len; 4509 struct cifs_io_parms _io_parms; 4510 struct cifs_io_parms *io_parms = NULL; 4511 int credit_request; 4512 4513 if (!wdata->server) 4514 server = wdata->server = cifs_pick_channel(tcon->ses); 4515 4516 /* 4517 * in future we may get cifs_io_parms passed in from the caller, 4518 * but for now we construct it here... 4519 */ 4520 _io_parms = (struct cifs_io_parms) { 4521 .tcon = tcon, 4522 .server = server, 4523 .offset = wdata->offset, 4524 .length = wdata->bytes, 4525 .persistent_fid = wdata->cfile->fid.persistent_fid, 4526 .volatile_fid = wdata->cfile->fid.volatile_fid, 4527 .pid = wdata->pid, 4528 }; 4529 io_parms = &_io_parms; 4530 4531 rc = smb2_plain_req_init(SMB2_WRITE, tcon, server, 4532 (void **) &req, &total_len); 4533 if (rc) 4534 return rc; 4535 4536 if (smb3_encryption_required(tcon)) 4537 flags |= CIFS_TRANSFORM_REQ; 4538 4539 shdr = (struct smb2_hdr *)req; 4540 shdr->Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid); 4541 4542 req->PersistentFileId = io_parms->persistent_fid; 4543 req->VolatileFileId = io_parms->volatile_fid; 4544 req->WriteChannelInfoOffset = 0; 4545 req->WriteChannelInfoLength = 0; 4546 req->Channel = SMB2_CHANNEL_NONE; 4547 req->Offset = cpu_to_le64(io_parms->offset); 4548 req->DataOffset = cpu_to_le16( 4549 offsetof(struct smb2_write_req, Buffer)); 4550 req->RemainingBytes = 0; 4551 4552 trace_smb3_write_enter(0 /* xid */, 4553 io_parms->persistent_fid, 4554 io_parms->tcon->tid, 4555 io_parms->tcon->ses->Suid, 4556 io_parms->offset, 4557 io_parms->length); 4558 4559 #ifdef CONFIG_CIFS_SMB_DIRECT 4560 /* 4561 * If we want to do a server RDMA read, fill in and append 4562 * smbd_buffer_descriptor_v1 to the end of write request 4563 */ 4564 if (smb3_use_rdma_offload(io_parms)) { 4565 struct smbd_buffer_descriptor_v1 *v1; 4566 size_t data_size = iov_iter_count(&wdata->iter); 4567 bool need_invalidate = server->dialect == SMB30_PROT_ID; 4568 4569 wdata->mr = smbd_register_mr(server->smbd_conn, &wdata->iter, 4570 false, need_invalidate); 4571 if (!wdata->mr) { 4572 rc = -EAGAIN; 4573 goto async_writev_out; 4574 } 4575 req->Length = 0; 4576 req->DataOffset = 0; 4577 req->RemainingBytes = cpu_to_le32(data_size); 4578 req->Channel = SMB2_CHANNEL_RDMA_V1_INVALIDATE; 4579 if (need_invalidate) 4580 req->Channel = SMB2_CHANNEL_RDMA_V1; 4581 req->WriteChannelInfoOffset = 4582 cpu_to_le16(offsetof(struct smb2_write_req, Buffer)); 4583 req->WriteChannelInfoLength = 4584 cpu_to_le16(sizeof(struct smbd_buffer_descriptor_v1)); 4585 v1 = (struct smbd_buffer_descriptor_v1 *) &req->Buffer[0]; 4586 v1->offset = cpu_to_le64(wdata->mr->mr->iova); 4587 v1->token = cpu_to_le32(wdata->mr->mr->rkey); 4588 v1->length = cpu_to_le32(wdata->mr->mr->length); 4589 } 4590 #endif 4591 iov[0].iov_len = total_len - 1; 4592 iov[0].iov_base = (char *)req; 4593 4594 rqst.rq_iov = iov; 4595 rqst.rq_nvec = 1; 4596 rqst.rq_iter = wdata->iter; 4597 rqst.rq_iter_size = iov_iter_count(&rqst.rq_iter); 4598 #ifdef CONFIG_CIFS_SMB_DIRECT 4599 if (wdata->mr) 4600 iov[0].iov_len += sizeof(struct smbd_buffer_descriptor_v1); 4601 #endif 4602 cifs_dbg(FYI, "async write at %llu %u bytes iter=%zx\n", 4603 io_parms->offset, io_parms->length, iov_iter_count(&rqst.rq_iter)); 4604 4605 #ifdef CONFIG_CIFS_SMB_DIRECT 4606 /* For RDMA read, I/O size is in RemainingBytes not in Length */ 4607 if (!wdata->mr) 4608 req->Length = cpu_to_le32(io_parms->length); 4609 #else 4610 req->Length = cpu_to_le32(io_parms->length); 4611 #endif 4612 4613 if (wdata->credits.value > 0) { 4614 shdr->CreditCharge = cpu_to_le16(DIV_ROUND_UP(wdata->bytes, 4615 SMB2_MAX_BUFFER_SIZE)); 4616 credit_request = le16_to_cpu(shdr->CreditCharge) + 8; 4617 if (server->credits >= server->max_credits) 4618 shdr->CreditRequest = cpu_to_le16(0); 4619 else 4620 shdr->CreditRequest = cpu_to_le16( 4621 min_t(int, server->max_credits - 4622 server->credits, credit_request)); 4623 4624 rc = adjust_credits(server, &wdata->credits, io_parms->length); 4625 if (rc) 4626 goto async_writev_out; 4627 4628 flags |= CIFS_HAS_CREDITS; 4629 } 4630 4631 kref_get(&wdata->refcount); 4632 rc = cifs_call_async(server, &rqst, NULL, smb2_writev_callback, NULL, 4633 wdata, flags, &wdata->credits); 4634 4635 if (rc) { 4636 trace_smb3_write_err(0 /* no xid */, 4637 io_parms->persistent_fid, 4638 io_parms->tcon->tid, 4639 io_parms->tcon->ses->Suid, 4640 io_parms->offset, 4641 io_parms->length, 4642 rc); 4643 kref_put(&wdata->refcount, release); 4644 cifs_stats_fail_inc(tcon, SMB2_WRITE_HE); 4645 } 4646 4647 async_writev_out: 4648 cifs_small_buf_release(req); 4649 return rc; 4650 } 4651 4652 /* 4653 * SMB2_write function gets iov pointer to kvec array with n_vec as a length. 4654 * The length field from io_parms must be at least 1 and indicates a number of 4655 * elements with data to write that begins with position 1 in iov array. All 4656 * data length is specified by count. 4657 */ 4658 int 4659 SMB2_write(const unsigned int xid, struct cifs_io_parms *io_parms, 4660 unsigned int *nbytes, struct kvec *iov, int n_vec) 4661 { 4662 struct smb_rqst rqst; 4663 int rc = 0; 4664 struct smb2_write_req *req = NULL; 4665 struct smb2_write_rsp *rsp = NULL; 4666 int resp_buftype; 4667 struct kvec rsp_iov; 4668 int flags = 0; 4669 unsigned int total_len; 4670 struct TCP_Server_Info *server; 4671 4672 *nbytes = 0; 4673 4674 if (n_vec < 1) 4675 return rc; 4676 4677 if (!io_parms->server) 4678 io_parms->server = cifs_pick_channel(io_parms->tcon->ses); 4679 server = io_parms->server; 4680 if (server == NULL) 4681 return -ECONNABORTED; 4682 4683 rc = smb2_plain_req_init(SMB2_WRITE, io_parms->tcon, server, 4684 (void **) &req, &total_len); 4685 if (rc) 4686 return rc; 4687 4688 if (smb3_encryption_required(io_parms->tcon)) 4689 flags |= CIFS_TRANSFORM_REQ; 4690 4691 req->hdr.Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid); 4692 4693 req->PersistentFileId = io_parms->persistent_fid; 4694 req->VolatileFileId = io_parms->volatile_fid; 4695 req->WriteChannelInfoOffset = 0; 4696 req->WriteChannelInfoLength = 0; 4697 req->Channel = 0; 4698 req->Length = cpu_to_le32(io_parms->length); 4699 req->Offset = cpu_to_le64(io_parms->offset); 4700 req->DataOffset = cpu_to_le16( 4701 offsetof(struct smb2_write_req, Buffer)); 4702 req->RemainingBytes = 0; 4703 4704 trace_smb3_write_enter(xid, io_parms->persistent_fid, 4705 io_parms->tcon->tid, io_parms->tcon->ses->Suid, 4706 io_parms->offset, io_parms->length); 4707 4708 iov[0].iov_base = (char *)req; 4709 /* 1 for Buffer */ 4710 iov[0].iov_len = total_len - 1; 4711 4712 memset(&rqst, 0, sizeof(struct smb_rqst)); 4713 rqst.rq_iov = iov; 4714 rqst.rq_nvec = n_vec + 1; 4715 4716 rc = cifs_send_recv(xid, io_parms->tcon->ses, server, 4717 &rqst, 4718 &resp_buftype, flags, &rsp_iov); 4719 rsp = (struct smb2_write_rsp *)rsp_iov.iov_base; 4720 4721 if (rc) { 4722 trace_smb3_write_err(xid, 4723 req->PersistentFileId, 4724 io_parms->tcon->tid, 4725 io_parms->tcon->ses->Suid, 4726 io_parms->offset, io_parms->length, rc); 4727 cifs_stats_fail_inc(io_parms->tcon, SMB2_WRITE_HE); 4728 cifs_dbg(VFS, "Send error in write = %d\n", rc); 4729 } else { 4730 *nbytes = le32_to_cpu(rsp->DataLength); 4731 trace_smb3_write_done(xid, 4732 req->PersistentFileId, 4733 io_parms->tcon->tid, 4734 io_parms->tcon->ses->Suid, 4735 io_parms->offset, *nbytes); 4736 } 4737 4738 cifs_small_buf_release(req); 4739 free_rsp_buf(resp_buftype, rsp); 4740 return rc; 4741 } 4742 4743 int posix_info_sid_size(const void *beg, const void *end) 4744 { 4745 size_t subauth; 4746 int total; 4747 4748 if (beg + 1 > end) 4749 return -1; 4750 4751 subauth = *(u8 *)(beg+1); 4752 if (subauth < 1 || subauth > 15) 4753 return -1; 4754 4755 total = 1 + 1 + 6 + 4*subauth; 4756 if (beg + total > end) 4757 return -1; 4758 4759 return total; 4760 } 4761 4762 int posix_info_parse(const void *beg, const void *end, 4763 struct smb2_posix_info_parsed *out) 4764 4765 { 4766 int total_len = 0; 4767 int owner_len, group_len; 4768 int name_len; 4769 const void *owner_sid; 4770 const void *group_sid; 4771 const void *name; 4772 4773 /* if no end bound given, assume payload to be correct */ 4774 if (!end) { 4775 const struct smb2_posix_info *p = beg; 4776 4777 end = beg + le32_to_cpu(p->NextEntryOffset); 4778 /* last element will have a 0 offset, pick a sensible bound */ 4779 if (end == beg) 4780 end += 0xFFFF; 4781 } 4782 4783 /* check base buf */ 4784 if (beg + sizeof(struct smb2_posix_info) > end) 4785 return -1; 4786 total_len = sizeof(struct smb2_posix_info); 4787 4788 /* check owner sid */ 4789 owner_sid = beg + total_len; 4790 owner_len = posix_info_sid_size(owner_sid, end); 4791 if (owner_len < 0) 4792 return -1; 4793 total_len += owner_len; 4794 4795 /* check group sid */ 4796 group_sid = beg + total_len; 4797 group_len = posix_info_sid_size(group_sid, end); 4798 if (group_len < 0) 4799 return -1; 4800 total_len += group_len; 4801 4802 /* check name len */ 4803 if (beg + total_len + 4 > end) 4804 return -1; 4805 name_len = le32_to_cpu(*(__le32 *)(beg + total_len)); 4806 if (name_len < 1 || name_len > 0xFFFF) 4807 return -1; 4808 total_len += 4; 4809 4810 /* check name */ 4811 name = beg + total_len; 4812 if (name + name_len > end) 4813 return -1; 4814 total_len += name_len; 4815 4816 if (out) { 4817 out->base = beg; 4818 out->size = total_len; 4819 out->name_len = name_len; 4820 out->name = name; 4821 memcpy(&out->owner, owner_sid, owner_len); 4822 memcpy(&out->group, group_sid, group_len); 4823 } 4824 return total_len; 4825 } 4826 4827 static int posix_info_extra_size(const void *beg, const void *end) 4828 { 4829 int len = posix_info_parse(beg, end, NULL); 4830 4831 if (len < 0) 4832 return -1; 4833 return len - sizeof(struct smb2_posix_info); 4834 } 4835 4836 static unsigned int 4837 num_entries(int infotype, char *bufstart, char *end_of_buf, char **lastentry, 4838 size_t size) 4839 { 4840 int len; 4841 unsigned int entrycount = 0; 4842 unsigned int next_offset = 0; 4843 char *entryptr; 4844 FILE_DIRECTORY_INFO *dir_info; 4845 4846 if (bufstart == NULL) 4847 return 0; 4848 4849 entryptr = bufstart; 4850 4851 while (1) { 4852 if (entryptr + next_offset < entryptr || 4853 entryptr + next_offset > end_of_buf || 4854 entryptr + next_offset + size > end_of_buf) { 4855 cifs_dbg(VFS, "malformed search entry would overflow\n"); 4856 break; 4857 } 4858 4859 entryptr = entryptr + next_offset; 4860 dir_info = (FILE_DIRECTORY_INFO *)entryptr; 4861 4862 if (infotype == SMB_FIND_FILE_POSIX_INFO) 4863 len = posix_info_extra_size(entryptr, end_of_buf); 4864 else 4865 len = le32_to_cpu(dir_info->FileNameLength); 4866 4867 if (len < 0 || 4868 entryptr + len < entryptr || 4869 entryptr + len > end_of_buf || 4870 entryptr + len + size > end_of_buf) { 4871 cifs_dbg(VFS, "directory entry name would overflow frame end of buf %p\n", 4872 end_of_buf); 4873 break; 4874 } 4875 4876 *lastentry = entryptr; 4877 entrycount++; 4878 4879 next_offset = le32_to_cpu(dir_info->NextEntryOffset); 4880 if (!next_offset) 4881 break; 4882 } 4883 4884 return entrycount; 4885 } 4886 4887 /* 4888 * Readdir/FindFirst 4889 */ 4890 int SMB2_query_directory_init(const unsigned int xid, 4891 struct cifs_tcon *tcon, 4892 struct TCP_Server_Info *server, 4893 struct smb_rqst *rqst, 4894 u64 persistent_fid, u64 volatile_fid, 4895 int index, int info_level) 4896 { 4897 struct smb2_query_directory_req *req; 4898 unsigned char *bufptr; 4899 __le16 asteriks = cpu_to_le16('*'); 4900 unsigned int output_size = CIFSMaxBufSize - 4901 MAX_SMB2_CREATE_RESPONSE_SIZE - 4902 MAX_SMB2_CLOSE_RESPONSE_SIZE; 4903 unsigned int total_len; 4904 struct kvec *iov = rqst->rq_iov; 4905 int len, rc; 4906 4907 rc = smb2_plain_req_init(SMB2_QUERY_DIRECTORY, tcon, server, 4908 (void **) &req, &total_len); 4909 if (rc) 4910 return rc; 4911 4912 switch (info_level) { 4913 case SMB_FIND_FILE_DIRECTORY_INFO: 4914 req->FileInformationClass = FILE_DIRECTORY_INFORMATION; 4915 break; 4916 case SMB_FIND_FILE_ID_FULL_DIR_INFO: 4917 req->FileInformationClass = FILEID_FULL_DIRECTORY_INFORMATION; 4918 break; 4919 case SMB_FIND_FILE_POSIX_INFO: 4920 req->FileInformationClass = SMB_FIND_FILE_POSIX_INFO; 4921 break; 4922 default: 4923 cifs_tcon_dbg(VFS, "info level %u isn't supported\n", 4924 info_level); 4925 return -EINVAL; 4926 } 4927 4928 req->FileIndex = cpu_to_le32(index); 4929 req->PersistentFileId = persistent_fid; 4930 req->VolatileFileId = volatile_fid; 4931 4932 len = 0x2; 4933 bufptr = req->Buffer; 4934 memcpy(bufptr, &asteriks, len); 4935 4936 req->FileNameOffset = 4937 cpu_to_le16(sizeof(struct smb2_query_directory_req)); 4938 req->FileNameLength = cpu_to_le16(len); 4939 /* 4940 * BB could be 30 bytes or so longer if we used SMB2 specific 4941 * buffer lengths, but this is safe and close enough. 4942 */ 4943 output_size = min_t(unsigned int, output_size, server->maxBuf); 4944 output_size = min_t(unsigned int, output_size, 2 << 15); 4945 req->OutputBufferLength = cpu_to_le32(output_size); 4946 4947 iov[0].iov_base = (char *)req; 4948 /* 1 for Buffer */ 4949 iov[0].iov_len = total_len - 1; 4950 4951 iov[1].iov_base = (char *)(req->Buffer); 4952 iov[1].iov_len = len; 4953 4954 trace_smb3_query_dir_enter(xid, persistent_fid, tcon->tid, 4955 tcon->ses->Suid, index, output_size); 4956 4957 return 0; 4958 } 4959 4960 void SMB2_query_directory_free(struct smb_rqst *rqst) 4961 { 4962 if (rqst && rqst->rq_iov) { 4963 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */ 4964 } 4965 } 4966 4967 int 4968 smb2_parse_query_directory(struct cifs_tcon *tcon, 4969 struct kvec *rsp_iov, 4970 int resp_buftype, 4971 struct cifs_search_info *srch_inf) 4972 { 4973 struct smb2_query_directory_rsp *rsp; 4974 size_t info_buf_size; 4975 char *end_of_smb; 4976 int rc; 4977 4978 rsp = (struct smb2_query_directory_rsp *)rsp_iov->iov_base; 4979 4980 switch (srch_inf->info_level) { 4981 case SMB_FIND_FILE_DIRECTORY_INFO: 4982 info_buf_size = sizeof(FILE_DIRECTORY_INFO); 4983 break; 4984 case SMB_FIND_FILE_ID_FULL_DIR_INFO: 4985 info_buf_size = sizeof(SEARCH_ID_FULL_DIR_INFO); 4986 break; 4987 case SMB_FIND_FILE_POSIX_INFO: 4988 /* note that posix payload are variable size */ 4989 info_buf_size = sizeof(struct smb2_posix_info); 4990 break; 4991 default: 4992 cifs_tcon_dbg(VFS, "info level %u isn't supported\n", 4993 srch_inf->info_level); 4994 return -EINVAL; 4995 } 4996 4997 rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset), 4998 le32_to_cpu(rsp->OutputBufferLength), rsp_iov, 4999 info_buf_size); 5000 if (rc) { 5001 cifs_tcon_dbg(VFS, "bad info payload"); 5002 return rc; 5003 } 5004 5005 srch_inf->unicode = true; 5006 5007 if (srch_inf->ntwrk_buf_start) { 5008 if (srch_inf->smallBuf) 5009 cifs_small_buf_release(srch_inf->ntwrk_buf_start); 5010 else 5011 cifs_buf_release(srch_inf->ntwrk_buf_start); 5012 } 5013 srch_inf->ntwrk_buf_start = (char *)rsp; 5014 srch_inf->srch_entries_start = srch_inf->last_entry = 5015 (char *)rsp + le16_to_cpu(rsp->OutputBufferOffset); 5016 end_of_smb = rsp_iov->iov_len + (char *)rsp; 5017 5018 srch_inf->entries_in_buffer = num_entries( 5019 srch_inf->info_level, 5020 srch_inf->srch_entries_start, 5021 end_of_smb, 5022 &srch_inf->last_entry, 5023 info_buf_size); 5024 5025 srch_inf->index_of_last_entry += srch_inf->entries_in_buffer; 5026 cifs_dbg(FYI, "num entries %d last_index %lld srch start %p srch end %p\n", 5027 srch_inf->entries_in_buffer, srch_inf->index_of_last_entry, 5028 srch_inf->srch_entries_start, srch_inf->last_entry); 5029 if (resp_buftype == CIFS_LARGE_BUFFER) 5030 srch_inf->smallBuf = false; 5031 else if (resp_buftype == CIFS_SMALL_BUFFER) 5032 srch_inf->smallBuf = true; 5033 else 5034 cifs_tcon_dbg(VFS, "Invalid search buffer type\n"); 5035 5036 return 0; 5037 } 5038 5039 int 5040 SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, 5041 u64 persistent_fid, u64 volatile_fid, int index, 5042 struct cifs_search_info *srch_inf) 5043 { 5044 struct smb_rqst rqst; 5045 struct kvec iov[SMB2_QUERY_DIRECTORY_IOV_SIZE]; 5046 struct smb2_query_directory_rsp *rsp = NULL; 5047 int resp_buftype = CIFS_NO_BUFFER; 5048 struct kvec rsp_iov; 5049 int rc = 0; 5050 struct cifs_ses *ses = tcon->ses; 5051 struct TCP_Server_Info *server = cifs_pick_channel(ses); 5052 int flags = 0; 5053 5054 if (!ses || !(ses->server)) 5055 return -EIO; 5056 5057 if (smb3_encryption_required(tcon)) 5058 flags |= CIFS_TRANSFORM_REQ; 5059 5060 memset(&rqst, 0, sizeof(struct smb_rqst)); 5061 memset(&iov, 0, sizeof(iov)); 5062 rqst.rq_iov = iov; 5063 rqst.rq_nvec = SMB2_QUERY_DIRECTORY_IOV_SIZE; 5064 5065 rc = SMB2_query_directory_init(xid, tcon, server, 5066 &rqst, persistent_fid, 5067 volatile_fid, index, 5068 srch_inf->info_level); 5069 if (rc) 5070 goto qdir_exit; 5071 5072 rc = cifs_send_recv(xid, ses, server, 5073 &rqst, &resp_buftype, flags, &rsp_iov); 5074 rsp = (struct smb2_query_directory_rsp *)rsp_iov.iov_base; 5075 5076 if (rc) { 5077 if (rc == -ENODATA && 5078 rsp->hdr.Status == STATUS_NO_MORE_FILES) { 5079 trace_smb3_query_dir_done(xid, persistent_fid, 5080 tcon->tid, tcon->ses->Suid, index, 0); 5081 srch_inf->endOfSearch = true; 5082 rc = 0; 5083 } else { 5084 trace_smb3_query_dir_err(xid, persistent_fid, tcon->tid, 5085 tcon->ses->Suid, index, 0, rc); 5086 cifs_stats_fail_inc(tcon, SMB2_QUERY_DIRECTORY_HE); 5087 } 5088 goto qdir_exit; 5089 } 5090 5091 rc = smb2_parse_query_directory(tcon, &rsp_iov, resp_buftype, 5092 srch_inf); 5093 if (rc) { 5094 trace_smb3_query_dir_err(xid, persistent_fid, tcon->tid, 5095 tcon->ses->Suid, index, 0, rc); 5096 goto qdir_exit; 5097 } 5098 resp_buftype = CIFS_NO_BUFFER; 5099 5100 trace_smb3_query_dir_done(xid, persistent_fid, tcon->tid, 5101 tcon->ses->Suid, index, srch_inf->entries_in_buffer); 5102 5103 qdir_exit: 5104 SMB2_query_directory_free(&rqst); 5105 free_rsp_buf(resp_buftype, rsp); 5106 return rc; 5107 } 5108 5109 int 5110 SMB2_set_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, 5111 struct smb_rqst *rqst, 5112 u64 persistent_fid, u64 volatile_fid, u32 pid, 5113 u8 info_class, u8 info_type, u32 additional_info, 5114 void **data, unsigned int *size) 5115 { 5116 struct smb2_set_info_req *req; 5117 struct kvec *iov = rqst->rq_iov; 5118 unsigned int i, total_len; 5119 int rc; 5120 5121 rc = smb2_plain_req_init(SMB2_SET_INFO, tcon, server, 5122 (void **) &req, &total_len); 5123 if (rc) 5124 return rc; 5125 5126 req->hdr.Id.SyncId.ProcessId = cpu_to_le32(pid); 5127 req->InfoType = info_type; 5128 req->FileInfoClass = info_class; 5129 req->PersistentFileId = persistent_fid; 5130 req->VolatileFileId = volatile_fid; 5131 req->AdditionalInformation = cpu_to_le32(additional_info); 5132 5133 req->BufferOffset = cpu_to_le16(sizeof(struct smb2_set_info_req)); 5134 req->BufferLength = cpu_to_le32(*size); 5135 5136 memcpy(req->Buffer, *data, *size); 5137 total_len += *size; 5138 5139 iov[0].iov_base = (char *)req; 5140 /* 1 for Buffer */ 5141 iov[0].iov_len = total_len - 1; 5142 5143 for (i = 1; i < rqst->rq_nvec; i++) { 5144 le32_add_cpu(&req->BufferLength, size[i]); 5145 iov[i].iov_base = (char *)data[i]; 5146 iov[i].iov_len = size[i]; 5147 } 5148 5149 return 0; 5150 } 5151 5152 void 5153 SMB2_set_info_free(struct smb_rqst *rqst) 5154 { 5155 if (rqst && rqst->rq_iov) 5156 cifs_buf_release(rqst->rq_iov[0].iov_base); /* request */ 5157 } 5158 5159 static int 5160 send_set_info(const unsigned int xid, struct cifs_tcon *tcon, 5161 u64 persistent_fid, u64 volatile_fid, u32 pid, u8 info_class, 5162 u8 info_type, u32 additional_info, unsigned int num, 5163 void **data, unsigned int *size) 5164 { 5165 struct smb_rqst rqst; 5166 struct smb2_set_info_rsp *rsp = NULL; 5167 struct kvec *iov; 5168 struct kvec rsp_iov; 5169 int rc = 0; 5170 int resp_buftype; 5171 struct cifs_ses *ses = tcon->ses; 5172 struct TCP_Server_Info *server = cifs_pick_channel(ses); 5173 int flags = 0; 5174 5175 if (!ses || !server) 5176 return -EIO; 5177 5178 if (!num) 5179 return -EINVAL; 5180 5181 if (smb3_encryption_required(tcon)) 5182 flags |= CIFS_TRANSFORM_REQ; 5183 5184 iov = kmalloc_array(num, sizeof(struct kvec), GFP_KERNEL); 5185 if (!iov) 5186 return -ENOMEM; 5187 5188 memset(&rqst, 0, sizeof(struct smb_rqst)); 5189 rqst.rq_iov = iov; 5190 rqst.rq_nvec = num; 5191 5192 rc = SMB2_set_info_init(tcon, server, 5193 &rqst, persistent_fid, volatile_fid, pid, 5194 info_class, info_type, additional_info, 5195 data, size); 5196 if (rc) { 5197 kfree(iov); 5198 return rc; 5199 } 5200 5201 5202 rc = cifs_send_recv(xid, ses, server, 5203 &rqst, &resp_buftype, flags, 5204 &rsp_iov); 5205 SMB2_set_info_free(&rqst); 5206 rsp = (struct smb2_set_info_rsp *)rsp_iov.iov_base; 5207 5208 if (rc != 0) { 5209 cifs_stats_fail_inc(tcon, SMB2_SET_INFO_HE); 5210 trace_smb3_set_info_err(xid, persistent_fid, tcon->tid, 5211 ses->Suid, info_class, (__u32)info_type, rc); 5212 } 5213 5214 free_rsp_buf(resp_buftype, rsp); 5215 kfree(iov); 5216 return rc; 5217 } 5218 5219 int 5220 SMB2_set_eof(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid, 5221 u64 volatile_fid, u32 pid, __le64 *eof) 5222 { 5223 struct smb2_file_eof_info info; 5224 void *data; 5225 unsigned int size; 5226 5227 info.EndOfFile = *eof; 5228 5229 data = &info; 5230 size = sizeof(struct smb2_file_eof_info); 5231 5232 trace_smb3_set_eof(xid, persistent_fid, tcon->tid, tcon->ses->Suid, le64_to_cpu(*eof)); 5233 5234 return send_set_info(xid, tcon, persistent_fid, volatile_fid, 5235 pid, FILE_END_OF_FILE_INFORMATION, SMB2_O_INFO_FILE, 5236 0, 1, &data, &size); 5237 } 5238 5239 int 5240 SMB2_set_acl(const unsigned int xid, struct cifs_tcon *tcon, 5241 u64 persistent_fid, u64 volatile_fid, 5242 struct cifs_ntsd *pnntsd, int pacllen, int aclflag) 5243 { 5244 return send_set_info(xid, tcon, persistent_fid, volatile_fid, 5245 current->tgid, 0, SMB2_O_INFO_SECURITY, aclflag, 5246 1, (void **)&pnntsd, &pacllen); 5247 } 5248 5249 int 5250 SMB2_set_ea(const unsigned int xid, struct cifs_tcon *tcon, 5251 u64 persistent_fid, u64 volatile_fid, 5252 struct smb2_file_full_ea_info *buf, int len) 5253 { 5254 return send_set_info(xid, tcon, persistent_fid, volatile_fid, 5255 current->tgid, FILE_FULL_EA_INFORMATION, SMB2_O_INFO_FILE, 5256 0, 1, (void **)&buf, &len); 5257 } 5258 5259 int 5260 SMB2_oplock_break(const unsigned int xid, struct cifs_tcon *tcon, 5261 const u64 persistent_fid, const u64 volatile_fid, 5262 __u8 oplock_level) 5263 { 5264 struct smb_rqst rqst; 5265 int rc; 5266 struct smb2_oplock_break *req = NULL; 5267 struct cifs_ses *ses = tcon->ses; 5268 struct TCP_Server_Info *server = cifs_pick_channel(ses); 5269 int flags = CIFS_OBREAK_OP; 5270 unsigned int total_len; 5271 struct kvec iov[1]; 5272 struct kvec rsp_iov; 5273 int resp_buf_type; 5274 5275 cifs_dbg(FYI, "SMB2_oplock_break\n"); 5276 rc = smb2_plain_req_init(SMB2_OPLOCK_BREAK, tcon, server, 5277 (void **) &req, &total_len); 5278 if (rc) 5279 return rc; 5280 5281 if (smb3_encryption_required(tcon)) 5282 flags |= CIFS_TRANSFORM_REQ; 5283 5284 req->VolatileFid = volatile_fid; 5285 req->PersistentFid = persistent_fid; 5286 req->OplockLevel = oplock_level; 5287 req->hdr.CreditRequest = cpu_to_le16(1); 5288 5289 flags |= CIFS_NO_RSP_BUF; 5290 5291 iov[0].iov_base = (char *)req; 5292 iov[0].iov_len = total_len; 5293 5294 memset(&rqst, 0, sizeof(struct smb_rqst)); 5295 rqst.rq_iov = iov; 5296 rqst.rq_nvec = 1; 5297 5298 rc = cifs_send_recv(xid, ses, server, 5299 &rqst, &resp_buf_type, flags, &rsp_iov); 5300 cifs_small_buf_release(req); 5301 5302 if (rc) { 5303 cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE); 5304 cifs_dbg(FYI, "Send error in Oplock Break = %d\n", rc); 5305 } 5306 5307 return rc; 5308 } 5309 5310 void 5311 smb2_copy_fs_info_to_kstatfs(struct smb2_fs_full_size_info *pfs_inf, 5312 struct kstatfs *kst) 5313 { 5314 kst->f_bsize = le32_to_cpu(pfs_inf->BytesPerSector) * 5315 le32_to_cpu(pfs_inf->SectorsPerAllocationUnit); 5316 kst->f_blocks = le64_to_cpu(pfs_inf->TotalAllocationUnits); 5317 kst->f_bfree = kst->f_bavail = 5318 le64_to_cpu(pfs_inf->CallerAvailableAllocationUnits); 5319 return; 5320 } 5321 5322 static void 5323 copy_posix_fs_info_to_kstatfs(FILE_SYSTEM_POSIX_INFO *response_data, 5324 struct kstatfs *kst) 5325 { 5326 kst->f_bsize = le32_to_cpu(response_data->BlockSize); 5327 kst->f_blocks = le64_to_cpu(response_data->TotalBlocks); 5328 kst->f_bfree = le64_to_cpu(response_data->BlocksAvail); 5329 if (response_data->UserBlocksAvail == cpu_to_le64(-1)) 5330 kst->f_bavail = kst->f_bfree; 5331 else 5332 kst->f_bavail = le64_to_cpu(response_data->UserBlocksAvail); 5333 if (response_data->TotalFileNodes != cpu_to_le64(-1)) 5334 kst->f_files = le64_to_cpu(response_data->TotalFileNodes); 5335 if (response_data->FreeFileNodes != cpu_to_le64(-1)) 5336 kst->f_ffree = le64_to_cpu(response_data->FreeFileNodes); 5337 5338 return; 5339 } 5340 5341 static int 5342 build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon, 5343 struct TCP_Server_Info *server, 5344 int level, int outbuf_len, u64 persistent_fid, 5345 u64 volatile_fid) 5346 { 5347 int rc; 5348 struct smb2_query_info_req *req; 5349 unsigned int total_len; 5350 5351 cifs_dbg(FYI, "Query FSInfo level %d\n", level); 5352 5353 if ((tcon->ses == NULL) || server == NULL) 5354 return -EIO; 5355 5356 rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, server, 5357 (void **) &req, &total_len); 5358 if (rc) 5359 return rc; 5360 5361 req->InfoType = SMB2_O_INFO_FILESYSTEM; 5362 req->FileInfoClass = level; 5363 req->PersistentFileId = persistent_fid; 5364 req->VolatileFileId = volatile_fid; 5365 /* 1 for pad */ 5366 req->InputBufferOffset = 5367 cpu_to_le16(sizeof(struct smb2_query_info_req)); 5368 req->OutputBufferLength = cpu_to_le32( 5369 outbuf_len + sizeof(struct smb2_query_info_rsp)); 5370 5371 iov->iov_base = (char *)req; 5372 iov->iov_len = total_len; 5373 return 0; 5374 } 5375 5376 int 5377 SMB311_posix_qfs_info(const unsigned int xid, struct cifs_tcon *tcon, 5378 u64 persistent_fid, u64 volatile_fid, struct kstatfs *fsdata) 5379 { 5380 struct smb_rqst rqst; 5381 struct smb2_query_info_rsp *rsp = NULL; 5382 struct kvec iov; 5383 struct kvec rsp_iov; 5384 int rc = 0; 5385 int resp_buftype; 5386 struct cifs_ses *ses = tcon->ses; 5387 struct TCP_Server_Info *server = cifs_pick_channel(ses); 5388 FILE_SYSTEM_POSIX_INFO *info = NULL; 5389 int flags = 0; 5390 5391 rc = build_qfs_info_req(&iov, tcon, server, 5392 FS_POSIX_INFORMATION, 5393 sizeof(FILE_SYSTEM_POSIX_INFO), 5394 persistent_fid, volatile_fid); 5395 if (rc) 5396 return rc; 5397 5398 if (smb3_encryption_required(tcon)) 5399 flags |= CIFS_TRANSFORM_REQ; 5400 5401 memset(&rqst, 0, sizeof(struct smb_rqst)); 5402 rqst.rq_iov = &iov; 5403 rqst.rq_nvec = 1; 5404 5405 rc = cifs_send_recv(xid, ses, server, 5406 &rqst, &resp_buftype, flags, &rsp_iov); 5407 cifs_small_buf_release(iov.iov_base); 5408 if (rc) { 5409 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); 5410 goto posix_qfsinf_exit; 5411 } 5412 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base; 5413 5414 info = (FILE_SYSTEM_POSIX_INFO *)( 5415 le16_to_cpu(rsp->OutputBufferOffset) + (char *)rsp); 5416 rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset), 5417 le32_to_cpu(rsp->OutputBufferLength), &rsp_iov, 5418 sizeof(FILE_SYSTEM_POSIX_INFO)); 5419 if (!rc) 5420 copy_posix_fs_info_to_kstatfs(info, fsdata); 5421 5422 posix_qfsinf_exit: 5423 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 5424 return rc; 5425 } 5426 5427 int 5428 SMB2_QFS_info(const unsigned int xid, struct cifs_tcon *tcon, 5429 u64 persistent_fid, u64 volatile_fid, struct kstatfs *fsdata) 5430 { 5431 struct smb_rqst rqst; 5432 struct smb2_query_info_rsp *rsp = NULL; 5433 struct kvec iov; 5434 struct kvec rsp_iov; 5435 int rc = 0; 5436 int resp_buftype; 5437 struct cifs_ses *ses = tcon->ses; 5438 struct TCP_Server_Info *server = cifs_pick_channel(ses); 5439 struct smb2_fs_full_size_info *info = NULL; 5440 int flags = 0; 5441 5442 rc = build_qfs_info_req(&iov, tcon, server, 5443 FS_FULL_SIZE_INFORMATION, 5444 sizeof(struct smb2_fs_full_size_info), 5445 persistent_fid, volatile_fid); 5446 if (rc) 5447 return rc; 5448 5449 if (smb3_encryption_required(tcon)) 5450 flags |= CIFS_TRANSFORM_REQ; 5451 5452 memset(&rqst, 0, sizeof(struct smb_rqst)); 5453 rqst.rq_iov = &iov; 5454 rqst.rq_nvec = 1; 5455 5456 rc = cifs_send_recv(xid, ses, server, 5457 &rqst, &resp_buftype, flags, &rsp_iov); 5458 cifs_small_buf_release(iov.iov_base); 5459 if (rc) { 5460 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); 5461 goto qfsinf_exit; 5462 } 5463 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base; 5464 5465 info = (struct smb2_fs_full_size_info *)( 5466 le16_to_cpu(rsp->OutputBufferOffset) + (char *)rsp); 5467 rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset), 5468 le32_to_cpu(rsp->OutputBufferLength), &rsp_iov, 5469 sizeof(struct smb2_fs_full_size_info)); 5470 if (!rc) 5471 smb2_copy_fs_info_to_kstatfs(info, fsdata); 5472 5473 qfsinf_exit: 5474 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 5475 return rc; 5476 } 5477 5478 int 5479 SMB2_QFS_attr(const unsigned int xid, struct cifs_tcon *tcon, 5480 u64 persistent_fid, u64 volatile_fid, int level) 5481 { 5482 struct smb_rqst rqst; 5483 struct smb2_query_info_rsp *rsp = NULL; 5484 struct kvec iov; 5485 struct kvec rsp_iov; 5486 int rc = 0; 5487 int resp_buftype, max_len, min_len; 5488 struct cifs_ses *ses = tcon->ses; 5489 struct TCP_Server_Info *server = cifs_pick_channel(ses); 5490 unsigned int rsp_len, offset; 5491 int flags = 0; 5492 5493 if (level == FS_DEVICE_INFORMATION) { 5494 max_len = sizeof(FILE_SYSTEM_DEVICE_INFO); 5495 min_len = sizeof(FILE_SYSTEM_DEVICE_INFO); 5496 } else if (level == FS_ATTRIBUTE_INFORMATION) { 5497 max_len = sizeof(FILE_SYSTEM_ATTRIBUTE_INFO); 5498 min_len = MIN_FS_ATTR_INFO_SIZE; 5499 } else if (level == FS_SECTOR_SIZE_INFORMATION) { 5500 max_len = sizeof(struct smb3_fs_ss_info); 5501 min_len = sizeof(struct smb3_fs_ss_info); 5502 } else if (level == FS_VOLUME_INFORMATION) { 5503 max_len = sizeof(struct smb3_fs_vol_info) + MAX_VOL_LABEL_LEN; 5504 min_len = sizeof(struct smb3_fs_vol_info); 5505 } else { 5506 cifs_dbg(FYI, "Invalid qfsinfo level %d\n", level); 5507 return -EINVAL; 5508 } 5509 5510 rc = build_qfs_info_req(&iov, tcon, server, 5511 level, max_len, 5512 persistent_fid, volatile_fid); 5513 if (rc) 5514 return rc; 5515 5516 if (smb3_encryption_required(tcon)) 5517 flags |= CIFS_TRANSFORM_REQ; 5518 5519 memset(&rqst, 0, sizeof(struct smb_rqst)); 5520 rqst.rq_iov = &iov; 5521 rqst.rq_nvec = 1; 5522 5523 rc = cifs_send_recv(xid, ses, server, 5524 &rqst, &resp_buftype, flags, &rsp_iov); 5525 cifs_small_buf_release(iov.iov_base); 5526 if (rc) { 5527 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); 5528 goto qfsattr_exit; 5529 } 5530 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base; 5531 5532 rsp_len = le32_to_cpu(rsp->OutputBufferLength); 5533 offset = le16_to_cpu(rsp->OutputBufferOffset); 5534 rc = smb2_validate_iov(offset, rsp_len, &rsp_iov, min_len); 5535 if (rc) 5536 goto qfsattr_exit; 5537 5538 if (level == FS_ATTRIBUTE_INFORMATION) 5539 memcpy(&tcon->fsAttrInfo, offset 5540 + (char *)rsp, min_t(unsigned int, 5541 rsp_len, max_len)); 5542 else if (level == FS_DEVICE_INFORMATION) 5543 memcpy(&tcon->fsDevInfo, offset 5544 + (char *)rsp, sizeof(FILE_SYSTEM_DEVICE_INFO)); 5545 else if (level == FS_SECTOR_SIZE_INFORMATION) { 5546 struct smb3_fs_ss_info *ss_info = (struct smb3_fs_ss_info *) 5547 (offset + (char *)rsp); 5548 tcon->ss_flags = le32_to_cpu(ss_info->Flags); 5549 tcon->perf_sector_size = 5550 le32_to_cpu(ss_info->PhysicalBytesPerSectorForPerf); 5551 } else if (level == FS_VOLUME_INFORMATION) { 5552 struct smb3_fs_vol_info *vol_info = (struct smb3_fs_vol_info *) 5553 (offset + (char *)rsp); 5554 tcon->vol_serial_number = vol_info->VolumeSerialNumber; 5555 tcon->vol_create_time = vol_info->VolumeCreationTime; 5556 } 5557 5558 qfsattr_exit: 5559 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 5560 return rc; 5561 } 5562 5563 int 5564 smb2_lockv(const unsigned int xid, struct cifs_tcon *tcon, 5565 const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid, 5566 const __u32 num_lock, struct smb2_lock_element *buf) 5567 { 5568 struct smb_rqst rqst; 5569 int rc = 0; 5570 struct smb2_lock_req *req = NULL; 5571 struct kvec iov[2]; 5572 struct kvec rsp_iov; 5573 int resp_buf_type; 5574 unsigned int count; 5575 int flags = CIFS_NO_RSP_BUF; 5576 unsigned int total_len; 5577 struct TCP_Server_Info *server = cifs_pick_channel(tcon->ses); 5578 5579 cifs_dbg(FYI, "smb2_lockv num lock %d\n", num_lock); 5580 5581 rc = smb2_plain_req_init(SMB2_LOCK, tcon, server, 5582 (void **) &req, &total_len); 5583 if (rc) 5584 return rc; 5585 5586 if (smb3_encryption_required(tcon)) 5587 flags |= CIFS_TRANSFORM_REQ; 5588 5589 req->hdr.Id.SyncId.ProcessId = cpu_to_le32(pid); 5590 req->LockCount = cpu_to_le16(num_lock); 5591 5592 req->PersistentFileId = persist_fid; 5593 req->VolatileFileId = volatile_fid; 5594 5595 count = num_lock * sizeof(struct smb2_lock_element); 5596 5597 iov[0].iov_base = (char *)req; 5598 iov[0].iov_len = total_len - sizeof(struct smb2_lock_element); 5599 iov[1].iov_base = (char *)buf; 5600 iov[1].iov_len = count; 5601 5602 cifs_stats_inc(&tcon->stats.cifs_stats.num_locks); 5603 5604 memset(&rqst, 0, sizeof(struct smb_rqst)); 5605 rqst.rq_iov = iov; 5606 rqst.rq_nvec = 2; 5607 5608 rc = cifs_send_recv(xid, tcon->ses, server, 5609 &rqst, &resp_buf_type, flags, 5610 &rsp_iov); 5611 cifs_small_buf_release(req); 5612 if (rc) { 5613 cifs_dbg(FYI, "Send error in smb2_lockv = %d\n", rc); 5614 cifs_stats_fail_inc(tcon, SMB2_LOCK_HE); 5615 trace_smb3_lock_err(xid, persist_fid, tcon->tid, 5616 tcon->ses->Suid, rc); 5617 } 5618 5619 return rc; 5620 } 5621 5622 int 5623 SMB2_lock(const unsigned int xid, struct cifs_tcon *tcon, 5624 const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid, 5625 const __u64 length, const __u64 offset, const __u32 lock_flags, 5626 const bool wait) 5627 { 5628 struct smb2_lock_element lock; 5629 5630 lock.Offset = cpu_to_le64(offset); 5631 lock.Length = cpu_to_le64(length); 5632 lock.Flags = cpu_to_le32(lock_flags); 5633 if (!wait && lock_flags != SMB2_LOCKFLAG_UNLOCK) 5634 lock.Flags |= cpu_to_le32(SMB2_LOCKFLAG_FAIL_IMMEDIATELY); 5635 5636 return smb2_lockv(xid, tcon, persist_fid, volatile_fid, pid, 1, &lock); 5637 } 5638 5639 int 5640 SMB2_lease_break(const unsigned int xid, struct cifs_tcon *tcon, 5641 __u8 *lease_key, const __le32 lease_state) 5642 { 5643 struct smb_rqst rqst; 5644 int rc; 5645 struct smb2_lease_ack *req = NULL; 5646 struct cifs_ses *ses = tcon->ses; 5647 int flags = CIFS_OBREAK_OP; 5648 unsigned int total_len; 5649 struct kvec iov[1]; 5650 struct kvec rsp_iov; 5651 int resp_buf_type; 5652 __u64 *please_key_high; 5653 __u64 *please_key_low; 5654 struct TCP_Server_Info *server = cifs_pick_channel(tcon->ses); 5655 5656 cifs_dbg(FYI, "SMB2_lease_break\n"); 5657 rc = smb2_plain_req_init(SMB2_OPLOCK_BREAK, tcon, server, 5658 (void **) &req, &total_len); 5659 if (rc) 5660 return rc; 5661 5662 if (smb3_encryption_required(tcon)) 5663 flags |= CIFS_TRANSFORM_REQ; 5664 5665 req->hdr.CreditRequest = cpu_to_le16(1); 5666 req->StructureSize = cpu_to_le16(36); 5667 total_len += 12; 5668 5669 memcpy(req->LeaseKey, lease_key, 16); 5670 req->LeaseState = lease_state; 5671 5672 flags |= CIFS_NO_RSP_BUF; 5673 5674 iov[0].iov_base = (char *)req; 5675 iov[0].iov_len = total_len; 5676 5677 memset(&rqst, 0, sizeof(struct smb_rqst)); 5678 rqst.rq_iov = iov; 5679 rqst.rq_nvec = 1; 5680 5681 rc = cifs_send_recv(xid, ses, server, 5682 &rqst, &resp_buf_type, flags, &rsp_iov); 5683 cifs_small_buf_release(req); 5684 5685 please_key_low = (__u64 *)lease_key; 5686 please_key_high = (__u64 *)(lease_key+8); 5687 if (rc) { 5688 cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE); 5689 trace_smb3_lease_err(le32_to_cpu(lease_state), tcon->tid, 5690 ses->Suid, *please_key_low, *please_key_high, rc); 5691 cifs_dbg(FYI, "Send error in Lease Break = %d\n", rc); 5692 } else 5693 trace_smb3_lease_done(le32_to_cpu(lease_state), tcon->tid, 5694 ses->Suid, *please_key_low, *please_key_high); 5695 5696 return rc; 5697 } 5698