1 // SPDX-License-Identifier: LGPL-2.1 2 /* 3 * 4 * Copyright (C) International Business Machines Corp., 2009, 2013 5 * Etersoft, 2012 6 * Author(s): Steve French (sfrench@us.ibm.com) 7 * Pavel Shilovsky (pshilovsky@samba.org) 2012 8 * 9 * Contains the routines for constructing the SMB2 PDUs themselves 10 * 11 */ 12 13 /* SMB2 PDU handling routines here - except for leftovers (eg session setup) */ 14 /* Note that there are handle based routines which must be */ 15 /* treated slightly differently for reconnection purposes since we never */ 16 /* want to reuse a stale file handle and only the caller knows the file info */ 17 18 #include <linux/fs.h> 19 #include <linux/kernel.h> 20 #include <linux/vfs.h> 21 #include <linux/task_io_accounting_ops.h> 22 #include <linux/uaccess.h> 23 #include <linux/uuid.h> 24 #include <linux/pagemap.h> 25 #include <linux/xattr.h> 26 #include "cifsglob.h" 27 #include "cifsacl.h" 28 #include "cifsproto.h" 29 #include "smb2proto.h" 30 #include "cifs_unicode.h" 31 #include "cifs_debug.h" 32 #include "ntlmssp.h" 33 #include "smb2status.h" 34 #include "smb2glob.h" 35 #include "cifspdu.h" 36 #include "cifs_spnego.h" 37 #include "smbdirect.h" 38 #include "trace.h" 39 #ifdef CONFIG_CIFS_DFS_UPCALL 40 #include "dfs_cache.h" 41 #endif 42 #include "cached_dir.h" 43 44 /* 45 * The following table defines the expected "StructureSize" of SMB2 requests 46 * in order by SMB2 command. This is similar to "wct" in SMB/CIFS requests. 47 * 48 * Note that commands are defined in smb2pdu.h in le16 but the array below is 49 * indexed by command in host byte order. 50 */ 51 static const int smb2_req_struct_sizes[NUMBER_OF_SMB2_COMMANDS] = { 52 /* SMB2_NEGOTIATE */ 36, 53 /* SMB2_SESSION_SETUP */ 25, 54 /* SMB2_LOGOFF */ 4, 55 /* SMB2_TREE_CONNECT */ 9, 56 /* SMB2_TREE_DISCONNECT */ 4, 57 /* SMB2_CREATE */ 57, 58 /* SMB2_CLOSE */ 24, 59 /* SMB2_FLUSH */ 24, 60 /* SMB2_READ */ 49, 61 /* SMB2_WRITE */ 49, 62 /* SMB2_LOCK */ 48, 63 /* SMB2_IOCTL */ 57, 64 /* SMB2_CANCEL */ 4, 65 /* SMB2_ECHO */ 4, 66 /* SMB2_QUERY_DIRECTORY */ 33, 67 /* SMB2_CHANGE_NOTIFY */ 32, 68 /* SMB2_QUERY_INFO */ 41, 69 /* SMB2_SET_INFO */ 33, 70 /* SMB2_OPLOCK_BREAK */ 24 /* BB this is 36 for LEASE_BREAK variant */ 71 }; 72 73 int smb3_encryption_required(const struct cifs_tcon *tcon) 74 { 75 if (!tcon || !tcon->ses) 76 return 0; 77 if ((tcon->ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) || 78 (tcon->share_flags & SHI1005_FLAGS_ENCRYPT_DATA)) 79 return 1; 80 if (tcon->seal && 81 (tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) 82 return 1; 83 if (((global_secflags & CIFSSEC_MUST_SEAL) == CIFSSEC_MUST_SEAL) && 84 (tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) 85 return 1; 86 return 0; 87 } 88 89 static void 90 smb2_hdr_assemble(struct smb2_hdr *shdr, __le16 smb2_cmd, 91 const struct cifs_tcon *tcon, 92 struct TCP_Server_Info *server) 93 { 94 struct smb3_hdr_req *smb3_hdr; 95 96 shdr->ProtocolId = SMB2_PROTO_NUMBER; 97 shdr->StructureSize = cpu_to_le16(64); 98 shdr->Command = smb2_cmd; 99 100 if (server) { 101 /* After reconnect SMB3 must set ChannelSequence on subsequent reqs */ 102 if (server->dialect >= SMB30_PROT_ID) { 103 smb3_hdr = (struct smb3_hdr_req *)shdr; 104 /* 105 * if primary channel is not set yet, use default 106 * channel for chan sequence num 107 */ 108 if (SERVER_IS_CHAN(server)) 109 smb3_hdr->ChannelSequence = 110 cpu_to_le16(server->primary_server->channel_sequence_num); 111 else 112 smb3_hdr->ChannelSequence = 113 cpu_to_le16(server->channel_sequence_num); 114 } 115 spin_lock(&server->req_lock); 116 /* Request up to 10 credits but don't go over the limit. */ 117 if (server->credits >= server->max_credits) 118 shdr->CreditRequest = cpu_to_le16(0); 119 else 120 shdr->CreditRequest = cpu_to_le16( 121 min_t(int, server->max_credits - 122 server->credits, 10)); 123 spin_unlock(&server->req_lock); 124 } else { 125 shdr->CreditRequest = cpu_to_le16(2); 126 } 127 shdr->Id.SyncId.ProcessId = cpu_to_le32((__u16)current->tgid); 128 129 if (!tcon) 130 goto out; 131 132 /* GLOBAL_CAP_LARGE_MTU will only be set if dialect > SMB2.02 */ 133 /* See sections 2.2.4 and 3.2.4.1.5 of MS-SMB2 */ 134 if (server && (server->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU)) 135 shdr->CreditCharge = cpu_to_le16(1); 136 /* else CreditCharge MBZ */ 137 138 shdr->Id.SyncId.TreeId = cpu_to_le32(tcon->tid); 139 /* Uid is not converted */ 140 if (tcon->ses) 141 shdr->SessionId = cpu_to_le64(tcon->ses->Suid); 142 143 /* 144 * If we would set SMB2_FLAGS_DFS_OPERATIONS on open we also would have 145 * to pass the path on the Open SMB prefixed by \\server\share. 146 * Not sure when we would need to do the augmented path (if ever) and 147 * setting this flag breaks the SMB2 open operation since it is 148 * illegal to send an empty path name (without \\server\share prefix) 149 * when the DFS flag is set in the SMB open header. We could 150 * consider setting the flag on all operations other than open 151 * but it is safer to net set it for now. 152 */ 153 /* if (tcon->share_flags & SHI1005_FLAGS_DFS) 154 shdr->Flags |= SMB2_FLAGS_DFS_OPERATIONS; */ 155 156 if (server && server->sign && !smb3_encryption_required(tcon)) 157 shdr->Flags |= SMB2_FLAGS_SIGNED; 158 out: 159 return; 160 } 161 162 /* helper function for code reuse */ 163 static int 164 cifs_chan_skip_or_disable(struct cifs_ses *ses, 165 struct TCP_Server_Info *server, 166 bool from_reconnect) 167 { 168 struct TCP_Server_Info *pserver; 169 unsigned int chan_index; 170 171 if (SERVER_IS_CHAN(server)) { 172 cifs_dbg(VFS, 173 "server %s does not support multichannel anymore. Skip secondary channel\n", 174 ses->server->hostname); 175 176 spin_lock(&ses->chan_lock); 177 chan_index = cifs_ses_get_chan_index(ses, server); 178 if (chan_index == CIFS_INVAL_CHAN_INDEX) { 179 spin_unlock(&ses->chan_lock); 180 goto skip_terminate; 181 } 182 183 ses->chans[chan_index].server = NULL; 184 server->terminate = true; 185 spin_unlock(&ses->chan_lock); 186 187 /* 188 * the above reference of server by channel 189 * needs to be dropped without holding chan_lock 190 * as cifs_put_tcp_session takes a higher lock 191 * i.e. cifs_tcp_ses_lock 192 */ 193 cifs_put_tcp_session(server, from_reconnect); 194 195 cifs_signal_cifsd_for_reconnect(server, false); 196 197 /* mark primary server as needing reconnect */ 198 pserver = server->primary_server; 199 cifs_signal_cifsd_for_reconnect(pserver, false); 200 skip_terminate: 201 return -EHOSTDOWN; 202 } 203 204 cifs_server_dbg(VFS, 205 "server does not support multichannel anymore. Disable all other channels\n"); 206 cifs_disable_secondary_channels(ses); 207 208 209 return 0; 210 } 211 212 static int 213 smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon, 214 struct TCP_Server_Info *server, bool from_reconnect) 215 { 216 int rc = 0; 217 struct nls_table *nls_codepage = NULL; 218 struct cifs_ses *ses; 219 int xid; 220 221 /* 222 * SMB2s NegProt, SessSetup, Logoff do not have tcon yet so 223 * check for tcp and smb session status done differently 224 * for those three - in the calling routine. 225 */ 226 if (tcon == NULL) 227 return 0; 228 229 /* 230 * Need to also skip SMB2_IOCTL because it is used for checking nested dfs links in 231 * cifs_tree_connect(). 232 */ 233 if (smb2_command == SMB2_TREE_CONNECT || smb2_command == SMB2_IOCTL) 234 return 0; 235 236 spin_lock(&tcon->tc_lock); 237 if (tcon->status == TID_EXITING) { 238 /* 239 * only tree disconnect allowed when disconnecting ... 240 */ 241 if (smb2_command != SMB2_TREE_DISCONNECT) { 242 spin_unlock(&tcon->tc_lock); 243 cifs_dbg(FYI, "can not send cmd %d while umounting\n", 244 smb2_command); 245 return -ENODEV; 246 } 247 } 248 spin_unlock(&tcon->tc_lock); 249 250 ses = tcon->ses; 251 if (!ses) 252 return -EIO; 253 spin_lock(&ses->ses_lock); 254 if (ses->ses_status == SES_EXITING) { 255 spin_unlock(&ses->ses_lock); 256 return -EIO; 257 } 258 spin_unlock(&ses->ses_lock); 259 if (!ses->server || !server) 260 return -EIO; 261 262 spin_lock(&server->srv_lock); 263 if (server->tcpStatus == CifsNeedReconnect) { 264 /* 265 * Return to caller for TREE_DISCONNECT and LOGOFF and CLOSE 266 * here since they are implicitly done when session drops. 267 */ 268 switch (smb2_command) { 269 /* 270 * BB Should we keep oplock break and add flush to exceptions? 271 */ 272 case SMB2_TREE_DISCONNECT: 273 case SMB2_CANCEL: 274 case SMB2_CLOSE: 275 case SMB2_OPLOCK_BREAK: 276 spin_unlock(&server->srv_lock); 277 return -EAGAIN; 278 } 279 } 280 281 /* if server is marked for termination, cifsd will cleanup */ 282 if (server->terminate) { 283 spin_unlock(&server->srv_lock); 284 return -EHOSTDOWN; 285 } 286 spin_unlock(&server->srv_lock); 287 288 again: 289 rc = cifs_wait_for_server_reconnect(server, tcon->retry); 290 if (rc) 291 return rc; 292 293 spin_lock(&ses->chan_lock); 294 if (!cifs_chan_needs_reconnect(ses, server) && !tcon->need_reconnect) { 295 spin_unlock(&ses->chan_lock); 296 return 0; 297 } 298 spin_unlock(&ses->chan_lock); 299 cifs_dbg(FYI, "sess reconnect mask: 0x%lx, tcon reconnect: %d", 300 tcon->ses->chans_need_reconnect, 301 tcon->need_reconnect); 302 303 mutex_lock(&ses->session_mutex); 304 /* 305 * if this is called by delayed work, and the channel has been disabled 306 * in parallel, the delayed work can continue to execute in parallel 307 * there's a chance that this channel may not exist anymore 308 */ 309 spin_lock(&server->srv_lock); 310 if (server->tcpStatus == CifsExiting) { 311 spin_unlock(&server->srv_lock); 312 mutex_unlock(&ses->session_mutex); 313 rc = -EHOSTDOWN; 314 goto out; 315 } 316 317 /* 318 * Recheck after acquire mutex. If another thread is negotiating 319 * and the server never sends an answer the socket will be closed 320 * and tcpStatus set to reconnect. 321 */ 322 if (server->tcpStatus == CifsNeedReconnect) { 323 spin_unlock(&server->srv_lock); 324 mutex_unlock(&ses->session_mutex); 325 326 if (tcon->retry) 327 goto again; 328 329 rc = -EHOSTDOWN; 330 goto out; 331 } 332 spin_unlock(&server->srv_lock); 333 334 nls_codepage = ses->local_nls; 335 336 /* 337 * need to prevent multiple threads trying to simultaneously 338 * reconnect the same SMB session 339 */ 340 spin_lock(&ses->ses_lock); 341 spin_lock(&ses->chan_lock); 342 if (!cifs_chan_needs_reconnect(ses, server) && 343 ses->ses_status == SES_GOOD) { 344 spin_unlock(&ses->chan_lock); 345 spin_unlock(&ses->ses_lock); 346 /* this means that we only need to tree connect */ 347 if (tcon->need_reconnect) 348 goto skip_sess_setup; 349 350 mutex_unlock(&ses->session_mutex); 351 goto out; 352 } 353 spin_unlock(&ses->chan_lock); 354 spin_unlock(&ses->ses_lock); 355 356 rc = cifs_negotiate_protocol(0, ses, server); 357 if (!rc) { 358 /* 359 * if server stopped supporting multichannel 360 * and the first channel reconnected, disable all the others. 361 */ 362 if (ses->chan_count > 1 && 363 !(server->capabilities & SMB2_GLOBAL_CAP_MULTI_CHANNEL)) { 364 rc = cifs_chan_skip_or_disable(ses, server, 365 from_reconnect); 366 if (rc) { 367 mutex_unlock(&ses->session_mutex); 368 goto out; 369 } 370 } 371 372 rc = cifs_setup_session(0, ses, server, nls_codepage); 373 if ((rc == -EACCES) || (rc == -EKEYEXPIRED) || (rc == -EKEYREVOKED)) { 374 /* 375 * Try alternate password for next reconnect (key rotation 376 * could be enabled on the server e.g.) if an alternate 377 * password is available and the current password is expired, 378 * but do not swap on non pwd related errors like host down 379 */ 380 if (ses->password2) 381 swap(ses->password2, ses->password); 382 } 383 384 if ((rc == -EACCES) && !tcon->retry) { 385 mutex_unlock(&ses->session_mutex); 386 rc = -EHOSTDOWN; 387 goto failed; 388 } else if (rc) { 389 mutex_unlock(&ses->session_mutex); 390 goto out; 391 } 392 } else { 393 mutex_unlock(&ses->session_mutex); 394 goto out; 395 } 396 397 skip_sess_setup: 398 if (!tcon->need_reconnect) { 399 mutex_unlock(&ses->session_mutex); 400 goto out; 401 } 402 cifs_mark_open_files_invalid(tcon); 403 if (tcon->use_persistent) 404 tcon->need_reopen_files = true; 405 406 rc = cifs_tree_connect(0, tcon, nls_codepage); 407 408 cifs_dbg(FYI, "reconnect tcon rc = %d\n", rc); 409 if (rc) { 410 /* If sess reconnected but tcon didn't, something strange ... */ 411 mutex_unlock(&ses->session_mutex); 412 cifs_dbg(VFS, "reconnect tcon failed rc = %d\n", rc); 413 goto out; 414 } 415 416 spin_lock(&ses->ses_lock); 417 if (ses->flags & CIFS_SES_FLAG_SCALE_CHANNELS) { 418 spin_unlock(&ses->ses_lock); 419 mutex_unlock(&ses->session_mutex); 420 goto skip_add_channels; 421 } 422 ses->flags |= CIFS_SES_FLAG_SCALE_CHANNELS; 423 spin_unlock(&ses->ses_lock); 424 425 if (!rc && 426 (server->capabilities & SMB2_GLOBAL_CAP_MULTI_CHANNEL) && 427 server->ops->query_server_interfaces) { 428 mutex_unlock(&ses->session_mutex); 429 430 /* 431 * query server network interfaces, in case they change 432 */ 433 xid = get_xid(); 434 rc = server->ops->query_server_interfaces(xid, tcon, false); 435 free_xid(xid); 436 437 if (rc == -EOPNOTSUPP && ses->chan_count > 1) { 438 /* 439 * some servers like Azure SMB server do not advertise 440 * that multichannel has been disabled with server 441 * capabilities, rather return STATUS_NOT_IMPLEMENTED. 442 * treat this as server not supporting multichannel 443 */ 444 445 rc = cifs_chan_skip_or_disable(ses, server, 446 from_reconnect); 447 goto skip_add_channels; 448 } else if (rc) 449 cifs_dbg(FYI, "%s: failed to query server interfaces: %d\n", 450 __func__, rc); 451 452 if (ses->chan_max > ses->chan_count && 453 ses->iface_count && 454 !SERVER_IS_CHAN(server)) { 455 if (ses->chan_count == 1) { 456 cifs_server_dbg(VFS, "supports multichannel now\n"); 457 queue_delayed_work(cifsiod_wq, &tcon->query_interfaces, 458 (SMB_INTERFACE_POLL_INTERVAL * HZ)); 459 } 460 461 cifs_try_adding_channels(ses); 462 } 463 } else { 464 mutex_unlock(&ses->session_mutex); 465 } 466 467 skip_add_channels: 468 spin_lock(&ses->ses_lock); 469 ses->flags &= ~CIFS_SES_FLAG_SCALE_CHANNELS; 470 spin_unlock(&ses->ses_lock); 471 472 if (smb2_command != SMB2_INTERNAL_CMD) 473 mod_delayed_work(cifsiod_wq, &server->reconnect, 0); 474 475 atomic_inc(&tconInfoReconnectCount); 476 out: 477 /* 478 * Check if handle based operation so we know whether we can continue 479 * or not without returning to caller to reset file handle. 480 */ 481 /* 482 * BB Is flush done by server on drop of tcp session? Should we special 483 * case it and skip above? 484 */ 485 switch (smb2_command) { 486 case SMB2_FLUSH: 487 case SMB2_READ: 488 case SMB2_WRITE: 489 case SMB2_LOCK: 490 case SMB2_QUERY_DIRECTORY: 491 case SMB2_CHANGE_NOTIFY: 492 case SMB2_QUERY_INFO: 493 case SMB2_SET_INFO: 494 rc = -EAGAIN; 495 } 496 failed: 497 return rc; 498 } 499 500 static void 501 fill_small_buf(__le16 smb2_command, struct cifs_tcon *tcon, 502 struct TCP_Server_Info *server, 503 void *buf, 504 unsigned int *total_len) 505 { 506 struct smb2_pdu *spdu = buf; 507 /* lookup word count ie StructureSize from table */ 508 __u16 parmsize = smb2_req_struct_sizes[le16_to_cpu(smb2_command)]; 509 510 /* 511 * smaller than SMALL_BUFFER_SIZE but bigger than fixed area of 512 * largest operations (Create) 513 */ 514 memset(buf, 0, 256); 515 516 smb2_hdr_assemble(&spdu->hdr, smb2_command, tcon, server); 517 spdu->StructureSize2 = cpu_to_le16(parmsize); 518 519 *total_len = parmsize + sizeof(struct smb2_hdr); 520 } 521 522 /* 523 * Allocate and return pointer to an SMB request hdr, and set basic 524 * SMB information in the SMB header. If the return code is zero, this 525 * function must have filled in request_buf pointer. 526 */ 527 static int __smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon, 528 struct TCP_Server_Info *server, 529 void **request_buf, unsigned int *total_len) 530 { 531 /* BB eventually switch this to SMB2 specific small buf size */ 532 switch (smb2_command) { 533 case SMB2_SET_INFO: 534 case SMB2_QUERY_INFO: 535 *request_buf = cifs_buf_get(); 536 break; 537 default: 538 *request_buf = cifs_small_buf_get(); 539 break; 540 } 541 if (*request_buf == NULL) { 542 /* BB should we add a retry in here if not a writepage? */ 543 return -ENOMEM; 544 } 545 546 fill_small_buf(smb2_command, tcon, server, 547 (struct smb2_hdr *)(*request_buf), 548 total_len); 549 550 if (tcon != NULL) { 551 uint16_t com_code = le16_to_cpu(smb2_command); 552 cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_sent[com_code]); 553 cifs_stats_inc(&tcon->num_smbs_sent); 554 } 555 556 return 0; 557 } 558 559 static int smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon, 560 struct TCP_Server_Info *server, 561 void **request_buf, unsigned int *total_len) 562 { 563 int rc; 564 565 rc = smb2_reconnect(smb2_command, tcon, server, false); 566 if (rc) 567 return rc; 568 569 return __smb2_plain_req_init(smb2_command, tcon, server, request_buf, 570 total_len); 571 } 572 573 static int smb2_ioctl_req_init(u32 opcode, struct cifs_tcon *tcon, 574 struct TCP_Server_Info *server, 575 void **request_buf, unsigned int *total_len) 576 { 577 /* Skip reconnect only for FSCTL_VALIDATE_NEGOTIATE_INFO IOCTLs */ 578 if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO) { 579 return __smb2_plain_req_init(SMB2_IOCTL, tcon, server, 580 request_buf, total_len); 581 } 582 return smb2_plain_req_init(SMB2_IOCTL, tcon, server, 583 request_buf, total_len); 584 } 585 586 /* For explanation of negotiate contexts see MS-SMB2 section 2.2.3.1 */ 587 588 static void 589 build_preauth_ctxt(struct smb2_preauth_neg_context *pneg_ctxt) 590 { 591 pneg_ctxt->ContextType = SMB2_PREAUTH_INTEGRITY_CAPABILITIES; 592 pneg_ctxt->DataLength = cpu_to_le16(38); 593 pneg_ctxt->HashAlgorithmCount = cpu_to_le16(1); 594 pneg_ctxt->SaltLength = cpu_to_le16(SMB311_SALT_SIZE); 595 get_random_bytes(pneg_ctxt->Salt, SMB311_SALT_SIZE); 596 pneg_ctxt->HashAlgorithms = SMB2_PREAUTH_INTEGRITY_SHA512; 597 } 598 599 static void 600 build_compression_ctxt(struct smb2_compression_capabilities_context *pneg_ctxt) 601 { 602 pneg_ctxt->ContextType = SMB2_COMPRESSION_CAPABILITIES; 603 pneg_ctxt->DataLength = 604 cpu_to_le16(sizeof(struct smb2_compression_capabilities_context) 605 - sizeof(struct smb2_neg_context)); 606 pneg_ctxt->CompressionAlgorithmCount = cpu_to_le16(3); 607 pneg_ctxt->CompressionAlgorithms[0] = SMB3_COMPRESS_LZ77; 608 pneg_ctxt->CompressionAlgorithms[1] = SMB3_COMPRESS_LZ77_HUFF; 609 pneg_ctxt->CompressionAlgorithms[2] = SMB3_COMPRESS_LZNT1; 610 } 611 612 static unsigned int 613 build_signing_ctxt(struct smb2_signing_capabilities *pneg_ctxt) 614 { 615 unsigned int ctxt_len = sizeof(struct smb2_signing_capabilities); 616 unsigned short num_algs = 1; /* number of signing algorithms sent */ 617 618 pneg_ctxt->ContextType = SMB2_SIGNING_CAPABILITIES; 619 /* 620 * Context Data length must be rounded to multiple of 8 for some servers 621 */ 622 pneg_ctxt->DataLength = cpu_to_le16(ALIGN(sizeof(struct smb2_signing_capabilities) - 623 sizeof(struct smb2_neg_context) + 624 (num_algs * sizeof(u16)), 8)); 625 pneg_ctxt->SigningAlgorithmCount = cpu_to_le16(num_algs); 626 pneg_ctxt->SigningAlgorithms[0] = cpu_to_le16(SIGNING_ALG_AES_CMAC); 627 628 ctxt_len += sizeof(__le16) * num_algs; 629 ctxt_len = ALIGN(ctxt_len, 8); 630 return ctxt_len; 631 /* TBD add SIGNING_ALG_AES_GMAC and/or SIGNING_ALG_HMAC_SHA256 */ 632 } 633 634 static void 635 build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt) 636 { 637 pneg_ctxt->ContextType = SMB2_ENCRYPTION_CAPABILITIES; 638 if (require_gcm_256) { 639 pneg_ctxt->DataLength = cpu_to_le16(4); /* Cipher Count + 1 cipher */ 640 pneg_ctxt->CipherCount = cpu_to_le16(1); 641 pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES256_GCM; 642 } else if (enable_gcm_256) { 643 pneg_ctxt->DataLength = cpu_to_le16(8); /* Cipher Count + 3 ciphers */ 644 pneg_ctxt->CipherCount = cpu_to_le16(3); 645 pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_GCM; 646 pneg_ctxt->Ciphers[1] = SMB2_ENCRYPTION_AES256_GCM; 647 pneg_ctxt->Ciphers[2] = SMB2_ENCRYPTION_AES128_CCM; 648 } else { 649 pneg_ctxt->DataLength = cpu_to_le16(6); /* Cipher Count + 2 ciphers */ 650 pneg_ctxt->CipherCount = cpu_to_le16(2); 651 pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_GCM; 652 pneg_ctxt->Ciphers[1] = SMB2_ENCRYPTION_AES128_CCM; 653 } 654 } 655 656 static unsigned int 657 build_netname_ctxt(struct smb2_netname_neg_context *pneg_ctxt, char *hostname) 658 { 659 struct nls_table *cp = load_nls_default(); 660 661 pneg_ctxt->ContextType = SMB2_NETNAME_NEGOTIATE_CONTEXT_ID; 662 663 /* copy up to max of first 100 bytes of server name to NetName field */ 664 pneg_ctxt->DataLength = cpu_to_le16(2 * cifs_strtoUTF16(pneg_ctxt->NetName, hostname, 100, cp)); 665 /* context size is DataLength + minimal smb2_neg_context */ 666 return ALIGN(le16_to_cpu(pneg_ctxt->DataLength) + sizeof(struct smb2_neg_context), 8); 667 } 668 669 static void 670 build_posix_ctxt(struct smb2_posix_neg_context *pneg_ctxt) 671 { 672 pneg_ctxt->ContextType = SMB2_POSIX_EXTENSIONS_AVAILABLE; 673 pneg_ctxt->DataLength = cpu_to_le16(POSIX_CTXT_DATA_LEN); 674 /* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */ 675 pneg_ctxt->Name[0] = 0x93; 676 pneg_ctxt->Name[1] = 0xAD; 677 pneg_ctxt->Name[2] = 0x25; 678 pneg_ctxt->Name[3] = 0x50; 679 pneg_ctxt->Name[4] = 0x9C; 680 pneg_ctxt->Name[5] = 0xB4; 681 pneg_ctxt->Name[6] = 0x11; 682 pneg_ctxt->Name[7] = 0xE7; 683 pneg_ctxt->Name[8] = 0xB4; 684 pneg_ctxt->Name[9] = 0x23; 685 pneg_ctxt->Name[10] = 0x83; 686 pneg_ctxt->Name[11] = 0xDE; 687 pneg_ctxt->Name[12] = 0x96; 688 pneg_ctxt->Name[13] = 0x8B; 689 pneg_ctxt->Name[14] = 0xCD; 690 pneg_ctxt->Name[15] = 0x7C; 691 } 692 693 static void 694 assemble_neg_contexts(struct smb2_negotiate_req *req, 695 struct TCP_Server_Info *server, unsigned int *total_len) 696 { 697 unsigned int ctxt_len, neg_context_count; 698 struct TCP_Server_Info *pserver; 699 char *pneg_ctxt; 700 char *hostname; 701 702 if (*total_len > 200) { 703 /* In case length corrupted don't want to overrun smb buffer */ 704 cifs_server_dbg(VFS, "Bad frame length assembling neg contexts\n"); 705 return; 706 } 707 708 /* 709 * round up total_len of fixed part of SMB3 negotiate request to 8 710 * byte boundary before adding negotiate contexts 711 */ 712 *total_len = ALIGN(*total_len, 8); 713 714 pneg_ctxt = (*total_len) + (char *)req; 715 req->NegotiateContextOffset = cpu_to_le32(*total_len); 716 717 build_preauth_ctxt((struct smb2_preauth_neg_context *)pneg_ctxt); 718 ctxt_len = ALIGN(sizeof(struct smb2_preauth_neg_context), 8); 719 *total_len += ctxt_len; 720 pneg_ctxt += ctxt_len; 721 722 build_encrypt_ctxt((struct smb2_encryption_neg_context *)pneg_ctxt); 723 ctxt_len = ALIGN(sizeof(struct smb2_encryption_neg_context), 8); 724 *total_len += ctxt_len; 725 pneg_ctxt += ctxt_len; 726 727 /* 728 * secondary channels don't have the hostname field populated 729 * use the hostname field in the primary channel instead 730 */ 731 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server; 732 cifs_server_lock(pserver); 733 hostname = pserver->hostname; 734 if (hostname && (hostname[0] != 0)) { 735 ctxt_len = build_netname_ctxt((struct smb2_netname_neg_context *)pneg_ctxt, 736 hostname); 737 *total_len += ctxt_len; 738 pneg_ctxt += ctxt_len; 739 neg_context_count = 3; 740 } else 741 neg_context_count = 2; 742 cifs_server_unlock(pserver); 743 744 build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt); 745 *total_len += sizeof(struct smb2_posix_neg_context); 746 pneg_ctxt += sizeof(struct smb2_posix_neg_context); 747 neg_context_count++; 748 749 if (server->compression.requested) { 750 build_compression_ctxt((struct smb2_compression_capabilities_context *) 751 pneg_ctxt); 752 ctxt_len = ALIGN(sizeof(struct smb2_compression_capabilities_context), 8); 753 *total_len += ctxt_len; 754 pneg_ctxt += ctxt_len; 755 neg_context_count++; 756 } 757 758 if (enable_negotiate_signing) { 759 ctxt_len = build_signing_ctxt((struct smb2_signing_capabilities *) 760 pneg_ctxt); 761 *total_len += ctxt_len; 762 pneg_ctxt += ctxt_len; 763 neg_context_count++; 764 } 765 766 /* check for and add transport_capabilities and signing capabilities */ 767 req->NegotiateContextCount = cpu_to_le16(neg_context_count); 768 769 } 770 771 /* If invalid preauth context warn but use what we requested, SHA-512 */ 772 static void decode_preauth_context(struct smb2_preauth_neg_context *ctxt) 773 { 774 unsigned int len = le16_to_cpu(ctxt->DataLength); 775 776 /* 777 * Caller checked that DataLength remains within SMB boundary. We still 778 * need to confirm that one HashAlgorithms member is accounted for. 779 */ 780 if (len < MIN_PREAUTH_CTXT_DATA_LEN) { 781 pr_warn_once("server sent bad preauth context\n"); 782 return; 783 } else if (len < MIN_PREAUTH_CTXT_DATA_LEN + le16_to_cpu(ctxt->SaltLength)) { 784 pr_warn_once("server sent invalid SaltLength\n"); 785 return; 786 } 787 if (le16_to_cpu(ctxt->HashAlgorithmCount) != 1) 788 pr_warn_once("Invalid SMB3 hash algorithm count\n"); 789 if (ctxt->HashAlgorithms != SMB2_PREAUTH_INTEGRITY_SHA512) 790 pr_warn_once("unknown SMB3 hash algorithm\n"); 791 } 792 793 static void decode_compress_ctx(struct TCP_Server_Info *server, 794 struct smb2_compression_capabilities_context *ctxt) 795 { 796 unsigned int len = le16_to_cpu(ctxt->DataLength); 797 __le16 alg; 798 799 server->compression.enabled = false; 800 801 /* 802 * Caller checked that DataLength remains within SMB boundary. We still 803 * need to confirm that one CompressionAlgorithms member is accounted 804 * for. 805 */ 806 if (len < 10) { 807 pr_warn_once("server sent bad compression cntxt\n"); 808 return; 809 } 810 811 if (le16_to_cpu(ctxt->CompressionAlgorithmCount) != 1) { 812 pr_warn_once("invalid SMB3 compress algorithm count\n"); 813 return; 814 } 815 816 alg = ctxt->CompressionAlgorithms[0]; 817 818 /* 'NONE' (0) compressor type is never negotiated */ 819 if (alg == 0 || le16_to_cpu(alg) > 3) { 820 pr_warn_once("invalid compression algorithm '%u'\n", alg); 821 return; 822 } 823 824 server->compression.alg = alg; 825 server->compression.enabled = true; 826 } 827 828 static int decode_encrypt_ctx(struct TCP_Server_Info *server, 829 struct smb2_encryption_neg_context *ctxt) 830 { 831 unsigned int len = le16_to_cpu(ctxt->DataLength); 832 833 cifs_dbg(FYI, "decode SMB3.11 encryption neg context of len %d\n", len); 834 /* 835 * Caller checked that DataLength remains within SMB boundary. We still 836 * need to confirm that one Cipher flexible array member is accounted 837 * for. 838 */ 839 if (len < MIN_ENCRYPT_CTXT_DATA_LEN) { 840 pr_warn_once("server sent bad crypto ctxt len\n"); 841 return -EINVAL; 842 } 843 844 if (le16_to_cpu(ctxt->CipherCount) != 1) { 845 pr_warn_once("Invalid SMB3.11 cipher count\n"); 846 return -EINVAL; 847 } 848 cifs_dbg(FYI, "SMB311 cipher type:%d\n", le16_to_cpu(ctxt->Ciphers[0])); 849 if (require_gcm_256) { 850 if (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES256_GCM) { 851 cifs_dbg(VFS, "Server does not support requested encryption type (AES256 GCM)\n"); 852 return -EOPNOTSUPP; 853 } 854 } else if (ctxt->Ciphers[0] == 0) { 855 /* 856 * e.g. if server only supported AES256_CCM (very unlikely) 857 * or server supported no encryption types or had all disabled. 858 * Since GLOBAL_CAP_ENCRYPTION will be not set, in the case 859 * in which mount requested encryption ("seal") checks later 860 * on during tree connection will return proper rc, but if 861 * seal not requested by client, since server is allowed to 862 * return 0 to indicate no supported cipher, we can't fail here 863 */ 864 server->cipher_type = 0; 865 server->capabilities &= ~SMB2_GLOBAL_CAP_ENCRYPTION; 866 pr_warn_once("Server does not support requested encryption types\n"); 867 return 0; 868 } else if ((ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_CCM) && 869 (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_GCM) && 870 (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES256_GCM)) { 871 /* server returned a cipher we didn't ask for */ 872 pr_warn_once("Invalid SMB3.11 cipher returned\n"); 873 return -EINVAL; 874 } 875 server->cipher_type = ctxt->Ciphers[0]; 876 server->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION; 877 return 0; 878 } 879 880 static void decode_signing_ctx(struct TCP_Server_Info *server, 881 struct smb2_signing_capabilities *pctxt) 882 { 883 unsigned int len = le16_to_cpu(pctxt->DataLength); 884 885 /* 886 * Caller checked that DataLength remains within SMB boundary. We still 887 * need to confirm that one SigningAlgorithms flexible array member is 888 * accounted for. 889 */ 890 if ((len < 4) || (len > 16)) { 891 pr_warn_once("server sent bad signing negcontext\n"); 892 return; 893 } 894 if (le16_to_cpu(pctxt->SigningAlgorithmCount) != 1) { 895 pr_warn_once("Invalid signing algorithm count\n"); 896 return; 897 } 898 if (le16_to_cpu(pctxt->SigningAlgorithms[0]) > 2) { 899 pr_warn_once("unknown signing algorithm\n"); 900 return; 901 } 902 903 server->signing_negotiated = true; 904 server->signing_algorithm = le16_to_cpu(pctxt->SigningAlgorithms[0]); 905 cifs_dbg(FYI, "signing algorithm %d chosen\n", 906 server->signing_algorithm); 907 } 908 909 910 static int smb311_decode_neg_context(struct smb2_negotiate_rsp *rsp, 911 struct TCP_Server_Info *server, 912 unsigned int len_of_smb) 913 { 914 struct smb2_neg_context *pctx; 915 unsigned int offset = le32_to_cpu(rsp->NegotiateContextOffset); 916 unsigned int ctxt_cnt = le16_to_cpu(rsp->NegotiateContextCount); 917 unsigned int len_of_ctxts, i; 918 int rc = 0; 919 920 cifs_dbg(FYI, "decoding %d negotiate contexts\n", ctxt_cnt); 921 if (len_of_smb <= offset) { 922 cifs_server_dbg(VFS, "Invalid response: negotiate context offset\n"); 923 return -EINVAL; 924 } 925 926 len_of_ctxts = len_of_smb - offset; 927 928 for (i = 0; i < ctxt_cnt; i++) { 929 int clen; 930 /* check that offset is not beyond end of SMB */ 931 if (len_of_ctxts < sizeof(struct smb2_neg_context)) 932 break; 933 934 pctx = (struct smb2_neg_context *)(offset + (char *)rsp); 935 clen = sizeof(struct smb2_neg_context) 936 + le16_to_cpu(pctx->DataLength); 937 /* 938 * 2.2.4 SMB2 NEGOTIATE Response 939 * Subsequent negotiate contexts MUST appear at the first 8-byte 940 * aligned offset following the previous negotiate context. 941 */ 942 if (i + 1 != ctxt_cnt) 943 clen = ALIGN(clen, 8); 944 if (clen > len_of_ctxts) 945 break; 946 947 if (pctx->ContextType == SMB2_PREAUTH_INTEGRITY_CAPABILITIES) 948 decode_preauth_context( 949 (struct smb2_preauth_neg_context *)pctx); 950 else if (pctx->ContextType == SMB2_ENCRYPTION_CAPABILITIES) 951 rc = decode_encrypt_ctx(server, 952 (struct smb2_encryption_neg_context *)pctx); 953 else if (pctx->ContextType == SMB2_COMPRESSION_CAPABILITIES) 954 decode_compress_ctx(server, 955 (struct smb2_compression_capabilities_context *)pctx); 956 else if (pctx->ContextType == SMB2_POSIX_EXTENSIONS_AVAILABLE) 957 server->posix_ext_supported = true; 958 else if (pctx->ContextType == SMB2_SIGNING_CAPABILITIES) 959 decode_signing_ctx(server, 960 (struct smb2_signing_capabilities *)pctx); 961 else 962 cifs_server_dbg(VFS, "unknown negcontext of type %d ignored\n", 963 le16_to_cpu(pctx->ContextType)); 964 if (rc) 965 break; 966 967 offset += clen; 968 len_of_ctxts -= clen; 969 } 970 return rc; 971 } 972 973 static struct create_posix * 974 create_posix_buf(umode_t mode) 975 { 976 struct create_posix *buf; 977 978 buf = kzalloc(sizeof(struct create_posix), 979 GFP_KERNEL); 980 if (!buf) 981 return NULL; 982 983 buf->ccontext.DataOffset = 984 cpu_to_le16(offsetof(struct create_posix, Mode)); 985 buf->ccontext.DataLength = cpu_to_le32(4); 986 buf->ccontext.NameOffset = 987 cpu_to_le16(offsetof(struct create_posix, Name)); 988 buf->ccontext.NameLength = cpu_to_le16(16); 989 990 /* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */ 991 buf->Name[0] = 0x93; 992 buf->Name[1] = 0xAD; 993 buf->Name[2] = 0x25; 994 buf->Name[3] = 0x50; 995 buf->Name[4] = 0x9C; 996 buf->Name[5] = 0xB4; 997 buf->Name[6] = 0x11; 998 buf->Name[7] = 0xE7; 999 buf->Name[8] = 0xB4; 1000 buf->Name[9] = 0x23; 1001 buf->Name[10] = 0x83; 1002 buf->Name[11] = 0xDE; 1003 buf->Name[12] = 0x96; 1004 buf->Name[13] = 0x8B; 1005 buf->Name[14] = 0xCD; 1006 buf->Name[15] = 0x7C; 1007 buf->Mode = cpu_to_le32(mode); 1008 cifs_dbg(FYI, "mode on posix create 0%o\n", mode); 1009 return buf; 1010 } 1011 1012 static int 1013 add_posix_context(struct kvec *iov, unsigned int *num_iovec, umode_t mode) 1014 { 1015 unsigned int num = *num_iovec; 1016 1017 iov[num].iov_base = create_posix_buf(mode); 1018 if (mode == ACL_NO_MODE) 1019 cifs_dbg(FYI, "%s: no mode\n", __func__); 1020 if (iov[num].iov_base == NULL) 1021 return -ENOMEM; 1022 iov[num].iov_len = sizeof(struct create_posix); 1023 *num_iovec = num + 1; 1024 return 0; 1025 } 1026 1027 1028 /* 1029 * 1030 * SMB2 Worker functions follow: 1031 * 1032 * The general structure of the worker functions is: 1033 * 1) Call smb2_init (assembles SMB2 header) 1034 * 2) Initialize SMB2 command specific fields in fixed length area of SMB 1035 * 3) Call smb_sendrcv2 (sends request on socket and waits for response) 1036 * 4) Decode SMB2 command specific fields in the fixed length area 1037 * 5) Decode variable length data area (if any for this SMB2 command type) 1038 * 6) Call free smb buffer 1039 * 7) return 1040 * 1041 */ 1042 1043 int 1044 SMB2_negotiate(const unsigned int xid, 1045 struct cifs_ses *ses, 1046 struct TCP_Server_Info *server) 1047 { 1048 struct smb_rqst rqst; 1049 struct smb2_negotiate_req *req; 1050 struct smb2_negotiate_rsp *rsp; 1051 struct kvec iov[1]; 1052 struct kvec rsp_iov; 1053 int rc; 1054 int resp_buftype; 1055 int blob_offset, blob_length; 1056 char *security_blob; 1057 int flags = CIFS_NEG_OP; 1058 unsigned int total_len; 1059 1060 cifs_dbg(FYI, "Negotiate protocol\n"); 1061 1062 if (!server) { 1063 WARN(1, "%s: server is NULL!\n", __func__); 1064 return -EIO; 1065 } 1066 1067 rc = smb2_plain_req_init(SMB2_NEGOTIATE, NULL, server, 1068 (void **) &req, &total_len); 1069 if (rc) 1070 return rc; 1071 1072 req->hdr.SessionId = 0; 1073 1074 memset(server->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE); 1075 memset(ses->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE); 1076 1077 if (strcmp(server->vals->version_string, 1078 SMB3ANY_VERSION_STRING) == 0) { 1079 req->Dialects[0] = cpu_to_le16(SMB30_PROT_ID); 1080 req->Dialects[1] = cpu_to_le16(SMB302_PROT_ID); 1081 req->Dialects[2] = cpu_to_le16(SMB311_PROT_ID); 1082 req->DialectCount = cpu_to_le16(3); 1083 total_len += 6; 1084 } else if (strcmp(server->vals->version_string, 1085 SMBDEFAULT_VERSION_STRING) == 0) { 1086 req->Dialects[0] = cpu_to_le16(SMB21_PROT_ID); 1087 req->Dialects[1] = cpu_to_le16(SMB30_PROT_ID); 1088 req->Dialects[2] = cpu_to_le16(SMB302_PROT_ID); 1089 req->Dialects[3] = cpu_to_le16(SMB311_PROT_ID); 1090 req->DialectCount = cpu_to_le16(4); 1091 total_len += 8; 1092 } else { 1093 /* otherwise send specific dialect */ 1094 req->Dialects[0] = cpu_to_le16(server->vals->protocol_id); 1095 req->DialectCount = cpu_to_le16(1); 1096 total_len += 2; 1097 } 1098 1099 /* only one of SMB2 signing flags may be set in SMB2 request */ 1100 if (ses->sign) 1101 req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED); 1102 else if (global_secflags & CIFSSEC_MAY_SIGN) 1103 req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED); 1104 else 1105 req->SecurityMode = 0; 1106 1107 req->Capabilities = cpu_to_le32(server->vals->req_capabilities); 1108 if (ses->chan_max > 1) 1109 req->Capabilities |= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL); 1110 1111 /* ClientGUID must be zero for SMB2.02 dialect */ 1112 if (server->vals->protocol_id == SMB20_PROT_ID) 1113 memset(req->ClientGUID, 0, SMB2_CLIENT_GUID_SIZE); 1114 else { 1115 memcpy(req->ClientGUID, server->client_guid, 1116 SMB2_CLIENT_GUID_SIZE); 1117 if ((server->vals->protocol_id == SMB311_PROT_ID) || 1118 (strcmp(server->vals->version_string, 1119 SMB3ANY_VERSION_STRING) == 0) || 1120 (strcmp(server->vals->version_string, 1121 SMBDEFAULT_VERSION_STRING) == 0)) 1122 assemble_neg_contexts(req, server, &total_len); 1123 } 1124 iov[0].iov_base = (char *)req; 1125 iov[0].iov_len = total_len; 1126 1127 memset(&rqst, 0, sizeof(struct smb_rqst)); 1128 rqst.rq_iov = iov; 1129 rqst.rq_nvec = 1; 1130 1131 rc = cifs_send_recv(xid, ses, server, 1132 &rqst, &resp_buftype, flags, &rsp_iov); 1133 cifs_small_buf_release(req); 1134 rsp = (struct smb2_negotiate_rsp *)rsp_iov.iov_base; 1135 /* 1136 * No tcon so can't do 1137 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]); 1138 */ 1139 if (rc == -EOPNOTSUPP) { 1140 cifs_server_dbg(VFS, "Dialect not supported by server. Consider specifying vers=1.0 or vers=2.0 on mount for accessing older servers\n"); 1141 goto neg_exit; 1142 } else if (rc != 0) 1143 goto neg_exit; 1144 1145 rc = -EIO; 1146 if (strcmp(server->vals->version_string, 1147 SMB3ANY_VERSION_STRING) == 0) { 1148 if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) { 1149 cifs_server_dbg(VFS, 1150 "SMB2 dialect returned but not requested\n"); 1151 goto neg_exit; 1152 } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) { 1153 cifs_server_dbg(VFS, 1154 "SMB2.1 dialect returned but not requested\n"); 1155 goto neg_exit; 1156 } else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) { 1157 /* ops set to 3.0 by default for default so update */ 1158 server->ops = &smb311_operations; 1159 server->vals = &smb311_values; 1160 } 1161 } else if (strcmp(server->vals->version_string, 1162 SMBDEFAULT_VERSION_STRING) == 0) { 1163 if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) { 1164 cifs_server_dbg(VFS, 1165 "SMB2 dialect returned but not requested\n"); 1166 goto neg_exit; 1167 } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) { 1168 /* ops set to 3.0 by default for default so update */ 1169 server->ops = &smb21_operations; 1170 server->vals = &smb21_values; 1171 } else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) { 1172 server->ops = &smb311_operations; 1173 server->vals = &smb311_values; 1174 } 1175 } else if (le16_to_cpu(rsp->DialectRevision) != 1176 server->vals->protocol_id) { 1177 /* if requested single dialect ensure returned dialect matched */ 1178 cifs_server_dbg(VFS, "Invalid 0x%x dialect returned: not requested\n", 1179 le16_to_cpu(rsp->DialectRevision)); 1180 goto neg_exit; 1181 } 1182 1183 cifs_dbg(FYI, "mode 0x%x\n", rsp->SecurityMode); 1184 1185 if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) 1186 cifs_dbg(FYI, "negotiated smb2.0 dialect\n"); 1187 else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) 1188 cifs_dbg(FYI, "negotiated smb2.1 dialect\n"); 1189 else if (rsp->DialectRevision == cpu_to_le16(SMB30_PROT_ID)) 1190 cifs_dbg(FYI, "negotiated smb3.0 dialect\n"); 1191 else if (rsp->DialectRevision == cpu_to_le16(SMB302_PROT_ID)) 1192 cifs_dbg(FYI, "negotiated smb3.02 dialect\n"); 1193 else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) 1194 cifs_dbg(FYI, "negotiated smb3.1.1 dialect\n"); 1195 else { 1196 cifs_server_dbg(VFS, "Invalid dialect returned by server 0x%x\n", 1197 le16_to_cpu(rsp->DialectRevision)); 1198 goto neg_exit; 1199 } 1200 1201 rc = 0; 1202 server->dialect = le16_to_cpu(rsp->DialectRevision); 1203 1204 /* 1205 * Keep a copy of the hash after negprot. This hash will be 1206 * the starting hash value for all sessions made from this 1207 * server. 1208 */ 1209 memcpy(server->preauth_sha_hash, ses->preauth_sha_hash, 1210 SMB2_PREAUTH_HASH_SIZE); 1211 1212 /* SMB2 only has an extended negflavor */ 1213 server->negflavor = CIFS_NEGFLAVOR_EXTENDED; 1214 /* set it to the maximum buffer size value we can send with 1 credit */ 1215 server->maxBuf = min_t(unsigned int, le32_to_cpu(rsp->MaxTransactSize), 1216 SMB2_MAX_BUFFER_SIZE); 1217 server->max_read = le32_to_cpu(rsp->MaxReadSize); 1218 server->max_write = le32_to_cpu(rsp->MaxWriteSize); 1219 server->sec_mode = le16_to_cpu(rsp->SecurityMode); 1220 if ((server->sec_mode & SMB2_SEC_MODE_FLAGS_ALL) != server->sec_mode) 1221 cifs_dbg(FYI, "Server returned unexpected security mode 0x%x\n", 1222 server->sec_mode); 1223 server->capabilities = le32_to_cpu(rsp->Capabilities); 1224 /* Internal types */ 1225 server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES; 1226 1227 /* 1228 * SMB3.0 supports only 1 cipher and doesn't have a encryption neg context 1229 * Set the cipher type manually. 1230 */ 1231 if (server->dialect == SMB30_PROT_ID && (server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) 1232 server->cipher_type = SMB2_ENCRYPTION_AES128_CCM; 1233 1234 security_blob = smb2_get_data_area_len(&blob_offset, &blob_length, 1235 (struct smb2_hdr *)rsp); 1236 /* 1237 * See MS-SMB2 section 2.2.4: if no blob, client picks default which 1238 * for us will be 1239 * ses->sectype = RawNTLMSSP; 1240 * but for time being this is our only auth choice so doesn't matter. 1241 * We just found a server which sets blob length to zero expecting raw. 1242 */ 1243 if (blob_length == 0) { 1244 cifs_dbg(FYI, "missing security blob on negprot\n"); 1245 server->sec_ntlmssp = true; 1246 } 1247 1248 rc = cifs_enable_signing(server, ses->sign); 1249 if (rc) 1250 goto neg_exit; 1251 if (blob_length) { 1252 rc = decode_negTokenInit(security_blob, blob_length, server); 1253 if (rc == 1) 1254 rc = 0; 1255 else if (rc == 0) 1256 rc = -EIO; 1257 } 1258 1259 if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) { 1260 if (rsp->NegotiateContextCount) 1261 rc = smb311_decode_neg_context(rsp, server, 1262 rsp_iov.iov_len); 1263 else 1264 cifs_server_dbg(VFS, "Missing expected negotiate contexts\n"); 1265 } 1266 1267 if (server->cipher_type && !rc) { 1268 rc = smb3_crypto_aead_allocate(server); 1269 if (rc) 1270 cifs_server_dbg(VFS, "%s: crypto alloc failed, rc=%d\n", __func__, rc); 1271 } 1272 neg_exit: 1273 free_rsp_buf(resp_buftype, rsp); 1274 return rc; 1275 } 1276 1277 int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon) 1278 { 1279 int rc; 1280 struct validate_negotiate_info_req *pneg_inbuf; 1281 struct validate_negotiate_info_rsp *pneg_rsp = NULL; 1282 u32 rsplen; 1283 u32 inbuflen; /* max of 4 dialects */ 1284 struct TCP_Server_Info *server = tcon->ses->server; 1285 1286 cifs_dbg(FYI, "validate negotiate\n"); 1287 1288 /* In SMB3.11 preauth integrity supersedes validate negotiate */ 1289 if (server->dialect == SMB311_PROT_ID) 1290 return 0; 1291 1292 /* 1293 * validation ioctl must be signed, so no point sending this if we 1294 * can not sign it (ie are not known user). Even if signing is not 1295 * required (enabled but not negotiated), in those cases we selectively 1296 * sign just this, the first and only signed request on a connection. 1297 * Having validation of negotiate info helps reduce attack vectors. 1298 */ 1299 if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST) 1300 return 0; /* validation requires signing */ 1301 1302 if (tcon->ses->user_name == NULL) { 1303 cifs_dbg(FYI, "Can't validate negotiate: null user mount\n"); 1304 return 0; /* validation requires signing */ 1305 } 1306 1307 if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_NULL) 1308 cifs_tcon_dbg(VFS, "Unexpected null user (anonymous) auth flag sent by server\n"); 1309 1310 pneg_inbuf = kmalloc(sizeof(*pneg_inbuf), GFP_NOFS); 1311 if (!pneg_inbuf) 1312 return -ENOMEM; 1313 1314 pneg_inbuf->Capabilities = 1315 cpu_to_le32(server->vals->req_capabilities); 1316 if (tcon->ses->chan_max > 1) 1317 pneg_inbuf->Capabilities |= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL); 1318 1319 memcpy(pneg_inbuf->Guid, server->client_guid, 1320 SMB2_CLIENT_GUID_SIZE); 1321 1322 if (tcon->ses->sign) 1323 pneg_inbuf->SecurityMode = 1324 cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED); 1325 else if (global_secflags & CIFSSEC_MAY_SIGN) 1326 pneg_inbuf->SecurityMode = 1327 cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED); 1328 else 1329 pneg_inbuf->SecurityMode = 0; 1330 1331 1332 if (strcmp(server->vals->version_string, 1333 SMB3ANY_VERSION_STRING) == 0) { 1334 pneg_inbuf->Dialects[0] = cpu_to_le16(SMB30_PROT_ID); 1335 pneg_inbuf->Dialects[1] = cpu_to_le16(SMB302_PROT_ID); 1336 pneg_inbuf->Dialects[2] = cpu_to_le16(SMB311_PROT_ID); 1337 pneg_inbuf->DialectCount = cpu_to_le16(3); 1338 /* SMB 2.1 not included so subtract one dialect from len */ 1339 inbuflen = sizeof(*pneg_inbuf) - 1340 (sizeof(pneg_inbuf->Dialects[0])); 1341 } else if (strcmp(server->vals->version_string, 1342 SMBDEFAULT_VERSION_STRING) == 0) { 1343 pneg_inbuf->Dialects[0] = cpu_to_le16(SMB21_PROT_ID); 1344 pneg_inbuf->Dialects[1] = cpu_to_le16(SMB30_PROT_ID); 1345 pneg_inbuf->Dialects[2] = cpu_to_le16(SMB302_PROT_ID); 1346 pneg_inbuf->Dialects[3] = cpu_to_le16(SMB311_PROT_ID); 1347 pneg_inbuf->DialectCount = cpu_to_le16(4); 1348 /* structure is big enough for 4 dialects */ 1349 inbuflen = sizeof(*pneg_inbuf); 1350 } else { 1351 /* otherwise specific dialect was requested */ 1352 pneg_inbuf->Dialects[0] = 1353 cpu_to_le16(server->vals->protocol_id); 1354 pneg_inbuf->DialectCount = cpu_to_le16(1); 1355 /* structure is big enough for 4 dialects, sending only 1 */ 1356 inbuflen = sizeof(*pneg_inbuf) - 1357 sizeof(pneg_inbuf->Dialects[0]) * 3; 1358 } 1359 1360 rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID, 1361 FSCTL_VALIDATE_NEGOTIATE_INFO, 1362 (char *)pneg_inbuf, inbuflen, CIFSMaxBufSize, 1363 (char **)&pneg_rsp, &rsplen); 1364 if (rc == -EOPNOTSUPP) { 1365 /* 1366 * Old Windows versions or Netapp SMB server can return 1367 * not supported error. Client should accept it. 1368 */ 1369 cifs_tcon_dbg(VFS, "Server does not support validate negotiate\n"); 1370 rc = 0; 1371 goto out_free_inbuf; 1372 } else if (rc != 0) { 1373 cifs_tcon_dbg(VFS, "validate protocol negotiate failed: %d\n", 1374 rc); 1375 rc = -EIO; 1376 goto out_free_inbuf; 1377 } 1378 1379 rc = -EIO; 1380 if (rsplen != sizeof(*pneg_rsp)) { 1381 cifs_tcon_dbg(VFS, "Invalid protocol negotiate response size: %d\n", 1382 rsplen); 1383 1384 /* relax check since Mac returns max bufsize allowed on ioctl */ 1385 if (rsplen > CIFSMaxBufSize || rsplen < sizeof(*pneg_rsp)) 1386 goto out_free_rsp; 1387 } 1388 1389 /* check validate negotiate info response matches what we got earlier */ 1390 if (pneg_rsp->Dialect != cpu_to_le16(server->dialect)) 1391 goto vneg_out; 1392 1393 if (pneg_rsp->SecurityMode != cpu_to_le16(server->sec_mode)) 1394 goto vneg_out; 1395 1396 /* do not validate server guid because not saved at negprot time yet */ 1397 1398 if ((le32_to_cpu(pneg_rsp->Capabilities) | SMB2_NT_FIND | 1399 SMB2_LARGE_FILES) != server->capabilities) 1400 goto vneg_out; 1401 1402 /* validate negotiate successful */ 1403 rc = 0; 1404 cifs_dbg(FYI, "validate negotiate info successful\n"); 1405 goto out_free_rsp; 1406 1407 vneg_out: 1408 cifs_tcon_dbg(VFS, "protocol revalidation - security settings mismatch\n"); 1409 out_free_rsp: 1410 kfree(pneg_rsp); 1411 out_free_inbuf: 1412 kfree(pneg_inbuf); 1413 return rc; 1414 } 1415 1416 enum securityEnum 1417 smb2_select_sectype(struct TCP_Server_Info *server, enum securityEnum requested) 1418 { 1419 switch (requested) { 1420 case Kerberos: 1421 case RawNTLMSSP: 1422 return requested; 1423 case NTLMv2: 1424 return RawNTLMSSP; 1425 case Unspecified: 1426 if (server->sec_ntlmssp && 1427 (global_secflags & CIFSSEC_MAY_NTLMSSP)) 1428 return RawNTLMSSP; 1429 if ((server->sec_kerberos || server->sec_mskerberos) && 1430 (global_secflags & CIFSSEC_MAY_KRB5)) 1431 return Kerberos; 1432 fallthrough; 1433 default: 1434 return Unspecified; 1435 } 1436 } 1437 1438 struct SMB2_sess_data { 1439 unsigned int xid; 1440 struct cifs_ses *ses; 1441 struct TCP_Server_Info *server; 1442 struct nls_table *nls_cp; 1443 void (*func)(struct SMB2_sess_data *); 1444 int result; 1445 u64 previous_session; 1446 1447 /* we will send the SMB in three pieces: 1448 * a fixed length beginning part, an optional 1449 * SPNEGO blob (which can be zero length), and a 1450 * last part which will include the strings 1451 * and rest of bcc area. This allows us to avoid 1452 * a large buffer 17K allocation 1453 */ 1454 int buf0_type; 1455 struct kvec iov[2]; 1456 }; 1457 1458 static int 1459 SMB2_sess_alloc_buffer(struct SMB2_sess_data *sess_data) 1460 { 1461 int rc; 1462 struct cifs_ses *ses = sess_data->ses; 1463 struct TCP_Server_Info *server = sess_data->server; 1464 struct smb2_sess_setup_req *req; 1465 unsigned int total_len; 1466 bool is_binding = false; 1467 1468 rc = smb2_plain_req_init(SMB2_SESSION_SETUP, NULL, server, 1469 (void **) &req, 1470 &total_len); 1471 if (rc) 1472 return rc; 1473 1474 spin_lock(&ses->ses_lock); 1475 is_binding = (ses->ses_status == SES_GOOD); 1476 spin_unlock(&ses->ses_lock); 1477 1478 if (is_binding) { 1479 req->hdr.SessionId = cpu_to_le64(ses->Suid); 1480 req->hdr.Flags |= SMB2_FLAGS_SIGNED; 1481 req->PreviousSessionId = 0; 1482 req->Flags = SMB2_SESSION_REQ_FLAG_BINDING; 1483 cifs_dbg(FYI, "Binding to sess id: %llx\n", ses->Suid); 1484 } else { 1485 /* First session, not a reauthenticate */ 1486 req->hdr.SessionId = 0; 1487 /* 1488 * if reconnect, we need to send previous sess id 1489 * otherwise it is 0 1490 */ 1491 req->PreviousSessionId = cpu_to_le64(sess_data->previous_session); 1492 req->Flags = 0; /* MBZ */ 1493 cifs_dbg(FYI, "Fresh session. Previous: %llx\n", 1494 sess_data->previous_session); 1495 } 1496 1497 /* enough to enable echos and oplocks and one max size write */ 1498 if (server->credits >= server->max_credits) 1499 req->hdr.CreditRequest = cpu_to_le16(0); 1500 else 1501 req->hdr.CreditRequest = cpu_to_le16( 1502 min_t(int, server->max_credits - 1503 server->credits, 130)); 1504 1505 /* only one of SMB2 signing flags may be set in SMB2 request */ 1506 if (server->sign) 1507 req->SecurityMode = SMB2_NEGOTIATE_SIGNING_REQUIRED; 1508 else if (global_secflags & CIFSSEC_MAY_SIGN) /* one flag unlike MUST_ */ 1509 req->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED; 1510 else 1511 req->SecurityMode = 0; 1512 1513 #ifdef CONFIG_CIFS_DFS_UPCALL 1514 req->Capabilities = cpu_to_le32(SMB2_GLOBAL_CAP_DFS); 1515 #else 1516 req->Capabilities = 0; 1517 #endif /* DFS_UPCALL */ 1518 1519 req->Channel = 0; /* MBZ */ 1520 1521 sess_data->iov[0].iov_base = (char *)req; 1522 /* 1 for pad */ 1523 sess_data->iov[0].iov_len = total_len - 1; 1524 /* 1525 * This variable will be used to clear the buffer 1526 * allocated above in case of any error in the calling function. 1527 */ 1528 sess_data->buf0_type = CIFS_SMALL_BUFFER; 1529 1530 return 0; 1531 } 1532 1533 static void 1534 SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data) 1535 { 1536 struct kvec *iov = sess_data->iov; 1537 1538 /* iov[1] is already freed by caller */ 1539 if (sess_data->buf0_type != CIFS_NO_BUFFER && iov[0].iov_base) 1540 memzero_explicit(iov[0].iov_base, iov[0].iov_len); 1541 1542 free_rsp_buf(sess_data->buf0_type, iov[0].iov_base); 1543 sess_data->buf0_type = CIFS_NO_BUFFER; 1544 } 1545 1546 static int 1547 SMB2_sess_sendreceive(struct SMB2_sess_data *sess_data) 1548 { 1549 int rc; 1550 struct smb_rqst rqst; 1551 struct smb2_sess_setup_req *req = sess_data->iov[0].iov_base; 1552 struct kvec rsp_iov = { NULL, 0 }; 1553 1554 /* Testing shows that buffer offset must be at location of Buffer[0] */ 1555 req->SecurityBufferOffset = 1556 cpu_to_le16(sizeof(struct smb2_sess_setup_req)); 1557 req->SecurityBufferLength = cpu_to_le16(sess_data->iov[1].iov_len); 1558 1559 memset(&rqst, 0, sizeof(struct smb_rqst)); 1560 rqst.rq_iov = sess_data->iov; 1561 rqst.rq_nvec = 2; 1562 1563 /* BB add code to build os and lm fields */ 1564 rc = cifs_send_recv(sess_data->xid, sess_data->ses, 1565 sess_data->server, 1566 &rqst, 1567 &sess_data->buf0_type, 1568 CIFS_LOG_ERROR | CIFS_SESS_OP, &rsp_iov); 1569 cifs_small_buf_release(sess_data->iov[0].iov_base); 1570 if (rc == 0) 1571 sess_data->ses->expired_pwd = false; 1572 else if ((rc == -EACCES) || (rc == -EKEYEXPIRED) || (rc == -EKEYREVOKED)) 1573 sess_data->ses->expired_pwd = true; 1574 1575 memcpy(&sess_data->iov[0], &rsp_iov, sizeof(struct kvec)); 1576 1577 return rc; 1578 } 1579 1580 static int 1581 SMB2_sess_establish_session(struct SMB2_sess_data *sess_data) 1582 { 1583 int rc = 0; 1584 struct cifs_ses *ses = sess_data->ses; 1585 struct TCP_Server_Info *server = sess_data->server; 1586 1587 cifs_server_lock(server); 1588 if (server->ops->generate_signingkey) { 1589 rc = server->ops->generate_signingkey(ses, server); 1590 if (rc) { 1591 cifs_dbg(FYI, 1592 "SMB3 session key generation failed\n"); 1593 cifs_server_unlock(server); 1594 return rc; 1595 } 1596 } 1597 if (!server->session_estab) { 1598 server->sequence_number = 0x2; 1599 server->session_estab = true; 1600 } 1601 cifs_server_unlock(server); 1602 1603 cifs_dbg(FYI, "SMB2/3 session established successfully\n"); 1604 return rc; 1605 } 1606 1607 #ifdef CONFIG_CIFS_UPCALL 1608 static void 1609 SMB2_auth_kerberos(struct SMB2_sess_data *sess_data) 1610 { 1611 int rc; 1612 struct cifs_ses *ses = sess_data->ses; 1613 struct TCP_Server_Info *server = sess_data->server; 1614 struct cifs_spnego_msg *msg; 1615 struct key *spnego_key = NULL; 1616 struct smb2_sess_setup_rsp *rsp = NULL; 1617 bool is_binding = false; 1618 1619 rc = SMB2_sess_alloc_buffer(sess_data); 1620 if (rc) 1621 goto out; 1622 1623 spnego_key = cifs_get_spnego_key(ses, server); 1624 if (IS_ERR(spnego_key)) { 1625 rc = PTR_ERR(spnego_key); 1626 if (rc == -ENOKEY) 1627 cifs_dbg(VFS, "Verify user has a krb5 ticket and keyutils is installed\n"); 1628 spnego_key = NULL; 1629 goto out; 1630 } 1631 1632 msg = spnego_key->payload.data[0]; 1633 /* 1634 * check version field to make sure that cifs.upcall is 1635 * sending us a response in an expected form 1636 */ 1637 if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) { 1638 cifs_dbg(VFS, "bad cifs.upcall version. Expected %d got %d\n", 1639 CIFS_SPNEGO_UPCALL_VERSION, msg->version); 1640 rc = -EKEYREJECTED; 1641 goto out_put_spnego_key; 1642 } 1643 1644 spin_lock(&ses->ses_lock); 1645 is_binding = (ses->ses_status == SES_GOOD); 1646 spin_unlock(&ses->ses_lock); 1647 1648 /* keep session key if binding */ 1649 if (!is_binding) { 1650 kfree_sensitive(ses->auth_key.response); 1651 ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len, 1652 GFP_KERNEL); 1653 if (!ses->auth_key.response) { 1654 cifs_dbg(VFS, "Kerberos can't allocate (%u bytes) memory\n", 1655 msg->sesskey_len); 1656 rc = -ENOMEM; 1657 goto out_put_spnego_key; 1658 } 1659 ses->auth_key.len = msg->sesskey_len; 1660 } 1661 1662 sess_data->iov[1].iov_base = msg->data + msg->sesskey_len; 1663 sess_data->iov[1].iov_len = msg->secblob_len; 1664 1665 rc = SMB2_sess_sendreceive(sess_data); 1666 if (rc) 1667 goto out_put_spnego_key; 1668 1669 rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base; 1670 /* keep session id and flags if binding */ 1671 if (!is_binding) { 1672 ses->Suid = le64_to_cpu(rsp->hdr.SessionId); 1673 ses->session_flags = le16_to_cpu(rsp->SessionFlags); 1674 } 1675 1676 rc = SMB2_sess_establish_session(sess_data); 1677 out_put_spnego_key: 1678 key_invalidate(spnego_key); 1679 key_put(spnego_key); 1680 if (rc) { 1681 kfree_sensitive(ses->auth_key.response); 1682 ses->auth_key.response = NULL; 1683 ses->auth_key.len = 0; 1684 } 1685 out: 1686 sess_data->result = rc; 1687 sess_data->func = NULL; 1688 SMB2_sess_free_buffer(sess_data); 1689 } 1690 #else 1691 static void 1692 SMB2_auth_kerberos(struct SMB2_sess_data *sess_data) 1693 { 1694 cifs_dbg(VFS, "Kerberos negotiated but upcall support disabled!\n"); 1695 sess_data->result = -EOPNOTSUPP; 1696 sess_data->func = NULL; 1697 } 1698 #endif 1699 1700 static void 1701 SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data); 1702 1703 static void 1704 SMB2_sess_auth_rawntlmssp_negotiate(struct SMB2_sess_data *sess_data) 1705 { 1706 int rc; 1707 struct cifs_ses *ses = sess_data->ses; 1708 struct TCP_Server_Info *server = sess_data->server; 1709 struct smb2_sess_setup_rsp *rsp = NULL; 1710 unsigned char *ntlmssp_blob = NULL; 1711 bool use_spnego = false; /* else use raw ntlmssp */ 1712 u16 blob_length = 0; 1713 bool is_binding = false; 1714 1715 /* 1716 * If memory allocation is successful, caller of this function 1717 * frees it. 1718 */ 1719 ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL); 1720 if (!ses->ntlmssp) { 1721 rc = -ENOMEM; 1722 goto out_err; 1723 } 1724 ses->ntlmssp->sesskey_per_smbsess = true; 1725 1726 rc = SMB2_sess_alloc_buffer(sess_data); 1727 if (rc) 1728 goto out_err; 1729 1730 rc = build_ntlmssp_smb3_negotiate_blob(&ntlmssp_blob, 1731 &blob_length, ses, server, 1732 sess_data->nls_cp); 1733 if (rc) 1734 goto out; 1735 1736 if (use_spnego) { 1737 /* BB eventually need to add this */ 1738 cifs_dbg(VFS, "spnego not supported for SMB2 yet\n"); 1739 rc = -EOPNOTSUPP; 1740 goto out; 1741 } 1742 sess_data->iov[1].iov_base = ntlmssp_blob; 1743 sess_data->iov[1].iov_len = blob_length; 1744 1745 rc = SMB2_sess_sendreceive(sess_data); 1746 rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base; 1747 1748 /* If true, rc here is expected and not an error */ 1749 if (sess_data->buf0_type != CIFS_NO_BUFFER && 1750 rsp->hdr.Status == STATUS_MORE_PROCESSING_REQUIRED) 1751 rc = 0; 1752 1753 if (rc) 1754 goto out; 1755 1756 if (offsetof(struct smb2_sess_setup_rsp, Buffer) != 1757 le16_to_cpu(rsp->SecurityBufferOffset)) { 1758 cifs_dbg(VFS, "Invalid security buffer offset %d\n", 1759 le16_to_cpu(rsp->SecurityBufferOffset)); 1760 rc = -EIO; 1761 goto out; 1762 } 1763 rc = decode_ntlmssp_challenge(rsp->Buffer, 1764 le16_to_cpu(rsp->SecurityBufferLength), ses); 1765 if (rc) 1766 goto out; 1767 1768 cifs_dbg(FYI, "rawntlmssp session setup challenge phase\n"); 1769 1770 spin_lock(&ses->ses_lock); 1771 is_binding = (ses->ses_status == SES_GOOD); 1772 spin_unlock(&ses->ses_lock); 1773 1774 /* keep existing ses id and flags if binding */ 1775 if (!is_binding) { 1776 ses->Suid = le64_to_cpu(rsp->hdr.SessionId); 1777 ses->session_flags = le16_to_cpu(rsp->SessionFlags); 1778 } 1779 1780 out: 1781 kfree_sensitive(ntlmssp_blob); 1782 SMB2_sess_free_buffer(sess_data); 1783 if (!rc) { 1784 sess_data->result = 0; 1785 sess_data->func = SMB2_sess_auth_rawntlmssp_authenticate; 1786 return; 1787 } 1788 out_err: 1789 kfree_sensitive(ses->ntlmssp); 1790 ses->ntlmssp = NULL; 1791 sess_data->result = rc; 1792 sess_data->func = NULL; 1793 } 1794 1795 static void 1796 SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data) 1797 { 1798 int rc; 1799 struct cifs_ses *ses = sess_data->ses; 1800 struct TCP_Server_Info *server = sess_data->server; 1801 struct smb2_sess_setup_req *req; 1802 struct smb2_sess_setup_rsp *rsp = NULL; 1803 unsigned char *ntlmssp_blob = NULL; 1804 bool use_spnego = false; /* else use raw ntlmssp */ 1805 u16 blob_length = 0; 1806 bool is_binding = false; 1807 1808 rc = SMB2_sess_alloc_buffer(sess_data); 1809 if (rc) 1810 goto out; 1811 1812 req = (struct smb2_sess_setup_req *) sess_data->iov[0].iov_base; 1813 req->hdr.SessionId = cpu_to_le64(ses->Suid); 1814 1815 rc = build_ntlmssp_auth_blob(&ntlmssp_blob, &blob_length, 1816 ses, server, 1817 sess_data->nls_cp); 1818 if (rc) { 1819 cifs_dbg(FYI, "build_ntlmssp_auth_blob failed %d\n", rc); 1820 goto out; 1821 } 1822 1823 if (use_spnego) { 1824 /* BB eventually need to add this */ 1825 cifs_dbg(VFS, "spnego not supported for SMB2 yet\n"); 1826 rc = -EOPNOTSUPP; 1827 goto out; 1828 } 1829 sess_data->iov[1].iov_base = ntlmssp_blob; 1830 sess_data->iov[1].iov_len = blob_length; 1831 1832 rc = SMB2_sess_sendreceive(sess_data); 1833 if (rc) 1834 goto out; 1835 1836 rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base; 1837 1838 spin_lock(&ses->ses_lock); 1839 is_binding = (ses->ses_status == SES_GOOD); 1840 spin_unlock(&ses->ses_lock); 1841 1842 /* keep existing ses id and flags if binding */ 1843 if (!is_binding) { 1844 ses->Suid = le64_to_cpu(rsp->hdr.SessionId); 1845 ses->session_flags = le16_to_cpu(rsp->SessionFlags); 1846 } 1847 1848 rc = SMB2_sess_establish_session(sess_data); 1849 #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS 1850 if (ses->server->dialect < SMB30_PROT_ID) { 1851 cifs_dbg(VFS, "%s: dumping generated SMB2 session keys\n", __func__); 1852 /* 1853 * The session id is opaque in terms of endianness, so we can't 1854 * print it as a long long. we dump it as we got it on the wire 1855 */ 1856 cifs_dbg(VFS, "Session Id %*ph\n", (int)sizeof(ses->Suid), 1857 &ses->Suid); 1858 cifs_dbg(VFS, "Session Key %*ph\n", 1859 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response); 1860 cifs_dbg(VFS, "Signing Key %*ph\n", 1861 SMB3_SIGN_KEY_SIZE, ses->auth_key.response); 1862 } 1863 #endif 1864 out: 1865 kfree_sensitive(ntlmssp_blob); 1866 SMB2_sess_free_buffer(sess_data); 1867 kfree_sensitive(ses->ntlmssp); 1868 ses->ntlmssp = NULL; 1869 sess_data->result = rc; 1870 sess_data->func = NULL; 1871 } 1872 1873 static int 1874 SMB2_select_sec(struct SMB2_sess_data *sess_data) 1875 { 1876 int type; 1877 struct cifs_ses *ses = sess_data->ses; 1878 struct TCP_Server_Info *server = sess_data->server; 1879 1880 type = smb2_select_sectype(server, ses->sectype); 1881 cifs_dbg(FYI, "sess setup type %d\n", type); 1882 if (type == Unspecified) { 1883 cifs_dbg(VFS, "Unable to select appropriate authentication method!\n"); 1884 return -EINVAL; 1885 } 1886 1887 switch (type) { 1888 case Kerberos: 1889 sess_data->func = SMB2_auth_kerberos; 1890 break; 1891 case RawNTLMSSP: 1892 sess_data->func = SMB2_sess_auth_rawntlmssp_negotiate; 1893 break; 1894 default: 1895 cifs_dbg(VFS, "secType %d not supported!\n", type); 1896 return -EOPNOTSUPP; 1897 } 1898 1899 return 0; 1900 } 1901 1902 int 1903 SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses, 1904 struct TCP_Server_Info *server, 1905 const struct nls_table *nls_cp) 1906 { 1907 int rc = 0; 1908 struct SMB2_sess_data *sess_data; 1909 1910 cifs_dbg(FYI, "Session Setup\n"); 1911 1912 if (!server) { 1913 WARN(1, "%s: server is NULL!\n", __func__); 1914 return -EIO; 1915 } 1916 1917 sess_data = kzalloc(sizeof(struct SMB2_sess_data), GFP_KERNEL); 1918 if (!sess_data) 1919 return -ENOMEM; 1920 1921 sess_data->xid = xid; 1922 sess_data->ses = ses; 1923 sess_data->server = server; 1924 sess_data->buf0_type = CIFS_NO_BUFFER; 1925 sess_data->nls_cp = (struct nls_table *) nls_cp; 1926 sess_data->previous_session = ses->Suid; 1927 1928 rc = SMB2_select_sec(sess_data); 1929 if (rc) 1930 goto out; 1931 1932 /* 1933 * Initialize the session hash with the server one. 1934 */ 1935 memcpy(ses->preauth_sha_hash, server->preauth_sha_hash, 1936 SMB2_PREAUTH_HASH_SIZE); 1937 1938 while (sess_data->func) 1939 sess_data->func(sess_data); 1940 1941 if ((ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST) && (ses->sign)) 1942 cifs_server_dbg(VFS, "signing requested but authenticated as guest\n"); 1943 rc = sess_data->result; 1944 out: 1945 kfree_sensitive(sess_data); 1946 return rc; 1947 } 1948 1949 int 1950 SMB2_logoff(const unsigned int xid, struct cifs_ses *ses) 1951 { 1952 struct smb_rqst rqst; 1953 struct smb2_logoff_req *req; /* response is also trivial struct */ 1954 int rc = 0; 1955 struct TCP_Server_Info *server; 1956 int flags = 0; 1957 unsigned int total_len; 1958 struct kvec iov[1]; 1959 struct kvec rsp_iov; 1960 int resp_buf_type; 1961 1962 cifs_dbg(FYI, "disconnect session %p\n", ses); 1963 1964 if (ses && (ses->server)) 1965 server = ses->server; 1966 else 1967 return -EIO; 1968 1969 /* no need to send SMB logoff if uid already closed due to reconnect */ 1970 spin_lock(&ses->chan_lock); 1971 if (CIFS_ALL_CHANS_NEED_RECONNECT(ses)) { 1972 spin_unlock(&ses->chan_lock); 1973 goto smb2_session_already_dead; 1974 } 1975 spin_unlock(&ses->chan_lock); 1976 1977 rc = smb2_plain_req_init(SMB2_LOGOFF, NULL, ses->server, 1978 (void **) &req, &total_len); 1979 if (rc) 1980 return rc; 1981 1982 /* since no tcon, smb2_init can not do this, so do here */ 1983 req->hdr.SessionId = cpu_to_le64(ses->Suid); 1984 1985 if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) 1986 flags |= CIFS_TRANSFORM_REQ; 1987 else if (server->sign) 1988 req->hdr.Flags |= SMB2_FLAGS_SIGNED; 1989 1990 flags |= CIFS_NO_RSP_BUF; 1991 1992 iov[0].iov_base = (char *)req; 1993 iov[0].iov_len = total_len; 1994 1995 memset(&rqst, 0, sizeof(struct smb_rqst)); 1996 rqst.rq_iov = iov; 1997 rqst.rq_nvec = 1; 1998 1999 rc = cifs_send_recv(xid, ses, ses->server, 2000 &rqst, &resp_buf_type, flags, &rsp_iov); 2001 cifs_small_buf_release(req); 2002 /* 2003 * No tcon so can't do 2004 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]); 2005 */ 2006 2007 smb2_session_already_dead: 2008 return rc; 2009 } 2010 2011 static inline void cifs_stats_fail_inc(struct cifs_tcon *tcon, uint16_t code) 2012 { 2013 cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_failed[code]); 2014 } 2015 2016 #define MAX_SHARENAME_LENGTH (255 /* server */ + 80 /* share */ + 1 /* NULL */) 2017 2018 /* These are similar values to what Windows uses */ 2019 static inline void init_copy_chunk_defaults(struct cifs_tcon *tcon) 2020 { 2021 tcon->max_chunks = 256; 2022 tcon->max_bytes_chunk = 1048576; 2023 tcon->max_bytes_copy = 16777216; 2024 } 2025 2026 int 2027 SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, 2028 struct cifs_tcon *tcon, const struct nls_table *cp) 2029 { 2030 struct smb_rqst rqst; 2031 struct smb2_tree_connect_req *req; 2032 struct smb2_tree_connect_rsp *rsp = NULL; 2033 struct kvec iov[2]; 2034 struct kvec rsp_iov = { NULL, 0 }; 2035 int rc = 0; 2036 int resp_buftype; 2037 int unc_path_len; 2038 __le16 *unc_path = NULL; 2039 int flags = 0; 2040 unsigned int total_len; 2041 struct TCP_Server_Info *server = cifs_pick_channel(ses); 2042 2043 cifs_dbg(FYI, "TCON\n"); 2044 2045 if (!server || !tree) 2046 return -EIO; 2047 2048 unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL); 2049 if (unc_path == NULL) 2050 return -ENOMEM; 2051 2052 unc_path_len = cifs_strtoUTF16(unc_path, tree, strlen(tree), cp); 2053 if (unc_path_len <= 0) { 2054 kfree(unc_path); 2055 return -EINVAL; 2056 } 2057 unc_path_len *= 2; 2058 2059 /* SMB2 TREE_CONNECT request must be called with TreeId == 0 */ 2060 tcon->tid = 0; 2061 atomic_set(&tcon->num_remote_opens, 0); 2062 rc = smb2_plain_req_init(SMB2_TREE_CONNECT, tcon, server, 2063 (void **) &req, &total_len); 2064 if (rc) { 2065 kfree(unc_path); 2066 return rc; 2067 } 2068 2069 if (smb3_encryption_required(tcon)) 2070 flags |= CIFS_TRANSFORM_REQ; 2071 2072 iov[0].iov_base = (char *)req; 2073 /* 1 for pad */ 2074 iov[0].iov_len = total_len - 1; 2075 2076 /* Testing shows that buffer offset must be at location of Buffer[0] */ 2077 req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req)); 2078 req->PathLength = cpu_to_le16(unc_path_len); 2079 iov[1].iov_base = unc_path; 2080 iov[1].iov_len = unc_path_len; 2081 2082 /* 2083 * 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1 2084 * unless it is guest or anonymous user. See MS-SMB2 3.2.5.3.1 2085 * (Samba servers don't always set the flag so also check if null user) 2086 */ 2087 if ((server->dialect == SMB311_PROT_ID) && 2088 !smb3_encryption_required(tcon) && 2089 !(ses->session_flags & 2090 (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL)) && 2091 ((ses->user_name != NULL) || (ses->sectype == Kerberos))) 2092 req->hdr.Flags |= SMB2_FLAGS_SIGNED; 2093 2094 memset(&rqst, 0, sizeof(struct smb_rqst)); 2095 rqst.rq_iov = iov; 2096 rqst.rq_nvec = 2; 2097 2098 /* Need 64 for max size write so ask for more in case not there yet */ 2099 if (server->credits >= server->max_credits) 2100 req->hdr.CreditRequest = cpu_to_le16(0); 2101 else 2102 req->hdr.CreditRequest = cpu_to_le16( 2103 min_t(int, server->max_credits - 2104 server->credits, 64)); 2105 2106 rc = cifs_send_recv(xid, ses, server, 2107 &rqst, &resp_buftype, flags, &rsp_iov); 2108 cifs_small_buf_release(req); 2109 rsp = (struct smb2_tree_connect_rsp *)rsp_iov.iov_base; 2110 trace_smb3_tcon(xid, tcon->tid, ses->Suid, tree, rc); 2111 if ((rc != 0) || (rsp == NULL)) { 2112 cifs_stats_fail_inc(tcon, SMB2_TREE_CONNECT_HE); 2113 tcon->need_reconnect = true; 2114 goto tcon_error_exit; 2115 } 2116 2117 switch (rsp->ShareType) { 2118 case SMB2_SHARE_TYPE_DISK: 2119 cifs_dbg(FYI, "connection to disk share\n"); 2120 break; 2121 case SMB2_SHARE_TYPE_PIPE: 2122 tcon->pipe = true; 2123 cifs_dbg(FYI, "connection to pipe share\n"); 2124 break; 2125 case SMB2_SHARE_TYPE_PRINT: 2126 tcon->print = true; 2127 cifs_dbg(FYI, "connection to printer\n"); 2128 break; 2129 default: 2130 cifs_server_dbg(VFS, "unknown share type %d\n", rsp->ShareType); 2131 rc = -EOPNOTSUPP; 2132 goto tcon_error_exit; 2133 } 2134 2135 tcon->share_flags = le32_to_cpu(rsp->ShareFlags); 2136 tcon->capabilities = rsp->Capabilities; /* we keep caps little endian */ 2137 tcon->maximal_access = le32_to_cpu(rsp->MaximalAccess); 2138 tcon->tid = le32_to_cpu(rsp->hdr.Id.SyncId.TreeId); 2139 strscpy(tcon->tree_name, tree, sizeof(tcon->tree_name)); 2140 2141 if ((rsp->Capabilities & SMB2_SHARE_CAP_DFS) && 2142 ((tcon->share_flags & SHI1005_FLAGS_DFS) == 0)) 2143 cifs_tcon_dbg(VFS, "DFS capability contradicts DFS flag\n"); 2144 2145 if (tcon->seal && 2146 !(server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) 2147 cifs_tcon_dbg(VFS, "Encryption is requested but not supported\n"); 2148 2149 init_copy_chunk_defaults(tcon); 2150 if (server->ops->validate_negotiate) 2151 rc = server->ops->validate_negotiate(xid, tcon); 2152 if (rc == 0) /* See MS-SMB2 2.2.10 and 3.2.5.5 */ 2153 if (tcon->share_flags & SMB2_SHAREFLAG_ISOLATED_TRANSPORT) 2154 server->nosharesock = true; 2155 tcon_exit: 2156 2157 free_rsp_buf(resp_buftype, rsp); 2158 kfree(unc_path); 2159 return rc; 2160 2161 tcon_error_exit: 2162 if (rsp && rsp->hdr.Status == STATUS_BAD_NETWORK_NAME) 2163 cifs_tcon_dbg(VFS, "BAD_NETWORK_NAME: %s\n", tree); 2164 goto tcon_exit; 2165 } 2166 2167 int 2168 SMB2_tdis(const unsigned int xid, struct cifs_tcon *tcon) 2169 { 2170 struct smb_rqst rqst; 2171 struct smb2_tree_disconnect_req *req; /* response is trivial */ 2172 int rc = 0; 2173 struct cifs_ses *ses = tcon->ses; 2174 struct TCP_Server_Info *server = cifs_pick_channel(ses); 2175 int flags = 0; 2176 unsigned int total_len; 2177 struct kvec iov[1]; 2178 struct kvec rsp_iov; 2179 int resp_buf_type; 2180 2181 cifs_dbg(FYI, "Tree Disconnect\n"); 2182 2183 if (!ses || !(ses->server)) 2184 return -EIO; 2185 2186 trace_smb3_tdis_enter(xid, tcon->tid, ses->Suid, tcon->tree_name); 2187 spin_lock(&ses->chan_lock); 2188 if ((tcon->need_reconnect) || 2189 (CIFS_ALL_CHANS_NEED_RECONNECT(tcon->ses))) { 2190 spin_unlock(&ses->chan_lock); 2191 return 0; 2192 } 2193 spin_unlock(&ses->chan_lock); 2194 2195 invalidate_all_cached_dirs(tcon); 2196 2197 rc = smb2_plain_req_init(SMB2_TREE_DISCONNECT, tcon, server, 2198 (void **) &req, 2199 &total_len); 2200 if (rc) 2201 return rc; 2202 2203 if (smb3_encryption_required(tcon)) 2204 flags |= CIFS_TRANSFORM_REQ; 2205 2206 flags |= CIFS_NO_RSP_BUF; 2207 2208 iov[0].iov_base = (char *)req; 2209 iov[0].iov_len = total_len; 2210 2211 memset(&rqst, 0, sizeof(struct smb_rqst)); 2212 rqst.rq_iov = iov; 2213 rqst.rq_nvec = 1; 2214 2215 rc = cifs_send_recv(xid, ses, server, 2216 &rqst, &resp_buf_type, flags, &rsp_iov); 2217 cifs_small_buf_release(req); 2218 if (rc) { 2219 cifs_stats_fail_inc(tcon, SMB2_TREE_DISCONNECT_HE); 2220 trace_smb3_tdis_err(xid, tcon->tid, ses->Suid, rc); 2221 } 2222 trace_smb3_tdis_done(xid, tcon->tid, ses->Suid); 2223 2224 return rc; 2225 } 2226 2227 2228 static struct create_durable * 2229 create_durable_buf(void) 2230 { 2231 struct create_durable *buf; 2232 2233 buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL); 2234 if (!buf) 2235 return NULL; 2236 2237 buf->ccontext.DataOffset = cpu_to_le16(offsetof 2238 (struct create_durable, Data)); 2239 buf->ccontext.DataLength = cpu_to_le32(16); 2240 buf->ccontext.NameOffset = cpu_to_le16(offsetof 2241 (struct create_durable, Name)); 2242 buf->ccontext.NameLength = cpu_to_le16(4); 2243 /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DHnQ" */ 2244 buf->Name[0] = 'D'; 2245 buf->Name[1] = 'H'; 2246 buf->Name[2] = 'n'; 2247 buf->Name[3] = 'Q'; 2248 return buf; 2249 } 2250 2251 static struct create_durable * 2252 create_reconnect_durable_buf(struct cifs_fid *fid) 2253 { 2254 struct create_durable *buf; 2255 2256 buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL); 2257 if (!buf) 2258 return NULL; 2259 2260 buf->ccontext.DataOffset = cpu_to_le16(offsetof 2261 (struct create_durable, Data)); 2262 buf->ccontext.DataLength = cpu_to_le32(16); 2263 buf->ccontext.NameOffset = cpu_to_le16(offsetof 2264 (struct create_durable, Name)); 2265 buf->ccontext.NameLength = cpu_to_le16(4); 2266 buf->Data.Fid.PersistentFileId = fid->persistent_fid; 2267 buf->Data.Fid.VolatileFileId = fid->volatile_fid; 2268 /* SMB2_CREATE_DURABLE_HANDLE_RECONNECT is "DHnC" */ 2269 buf->Name[0] = 'D'; 2270 buf->Name[1] = 'H'; 2271 buf->Name[2] = 'n'; 2272 buf->Name[3] = 'C'; 2273 return buf; 2274 } 2275 2276 static void 2277 parse_query_id_ctxt(struct create_context *cc, struct smb2_file_all_info *buf) 2278 { 2279 struct create_disk_id_rsp *pdisk_id = (struct create_disk_id_rsp *)cc; 2280 2281 cifs_dbg(FYI, "parse query id context 0x%llx 0x%llx\n", 2282 pdisk_id->DiskFileId, pdisk_id->VolumeId); 2283 buf->IndexNumber = pdisk_id->DiskFileId; 2284 } 2285 2286 static void 2287 parse_posix_ctxt(struct create_context *cc, struct smb2_file_all_info *info, 2288 struct create_posix_rsp *posix) 2289 { 2290 int sid_len; 2291 u8 *beg = (u8 *)cc + le16_to_cpu(cc->DataOffset); 2292 u8 *end = beg + le32_to_cpu(cc->DataLength); 2293 u8 *sid; 2294 2295 memset(posix, 0, sizeof(*posix)); 2296 2297 posix->nlink = le32_to_cpu(*(__le32 *)(beg + 0)); 2298 posix->reparse_tag = le32_to_cpu(*(__le32 *)(beg + 4)); 2299 posix->mode = le32_to_cpu(*(__le32 *)(beg + 8)); 2300 2301 sid = beg + 12; 2302 sid_len = posix_info_sid_size(sid, end); 2303 if (sid_len < 0) { 2304 cifs_dbg(VFS, "bad owner sid in posix create response\n"); 2305 return; 2306 } 2307 memcpy(&posix->owner, sid, sid_len); 2308 2309 sid = sid + sid_len; 2310 sid_len = posix_info_sid_size(sid, end); 2311 if (sid_len < 0) { 2312 cifs_dbg(VFS, "bad group sid in posix create response\n"); 2313 return; 2314 } 2315 memcpy(&posix->group, sid, sid_len); 2316 2317 cifs_dbg(FYI, "nlink=%d mode=%o reparse_tag=%x\n", 2318 posix->nlink, posix->mode, posix->reparse_tag); 2319 } 2320 2321 int smb2_parse_contexts(struct TCP_Server_Info *server, 2322 struct kvec *rsp_iov, 2323 unsigned int *epoch, 2324 char *lease_key, __u8 *oplock, 2325 struct smb2_file_all_info *buf, 2326 struct create_posix_rsp *posix) 2327 { 2328 struct smb2_create_rsp *rsp = rsp_iov->iov_base; 2329 struct create_context *cc; 2330 size_t rem, off, len; 2331 size_t doff, dlen; 2332 size_t noff, nlen; 2333 char *name; 2334 static const char smb3_create_tag_posix[] = { 2335 0x93, 0xAD, 0x25, 0x50, 0x9C, 2336 0xB4, 0x11, 0xE7, 0xB4, 0x23, 0x83, 2337 0xDE, 0x96, 0x8B, 0xCD, 0x7C 2338 }; 2339 2340 *oplock = 0; 2341 2342 off = le32_to_cpu(rsp->CreateContextsOffset); 2343 rem = le32_to_cpu(rsp->CreateContextsLength); 2344 if (check_add_overflow(off, rem, &len) || len > rsp_iov->iov_len) 2345 return -EINVAL; 2346 cc = (struct create_context *)((u8 *)rsp + off); 2347 2348 /* Initialize inode number to 0 in case no valid data in qfid context */ 2349 if (buf) 2350 buf->IndexNumber = 0; 2351 2352 while (rem >= sizeof(*cc)) { 2353 doff = le16_to_cpu(cc->DataOffset); 2354 dlen = le32_to_cpu(cc->DataLength); 2355 if (check_add_overflow(doff, dlen, &len) || len > rem) 2356 return -EINVAL; 2357 2358 noff = le16_to_cpu(cc->NameOffset); 2359 nlen = le16_to_cpu(cc->NameLength); 2360 if (noff + nlen > doff) 2361 return -EINVAL; 2362 2363 name = (char *)cc + noff; 2364 switch (nlen) { 2365 case 4: 2366 if (!strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4)) { 2367 *oplock = server->ops->parse_lease_buf(cc, epoch, 2368 lease_key); 2369 } else if (buf && 2370 !strncmp(name, SMB2_CREATE_QUERY_ON_DISK_ID, 4)) { 2371 parse_query_id_ctxt(cc, buf); 2372 } 2373 break; 2374 case 16: 2375 if (posix && !memcmp(name, smb3_create_tag_posix, 16)) 2376 parse_posix_ctxt(cc, buf, posix); 2377 break; 2378 default: 2379 cifs_dbg(FYI, "%s: unhandled context (nlen=%zu dlen=%zu)\n", 2380 __func__, nlen, dlen); 2381 if (IS_ENABLED(CONFIG_CIFS_DEBUG2)) 2382 cifs_dump_mem("context data: ", cc, dlen); 2383 break; 2384 } 2385 2386 off = le32_to_cpu(cc->Next); 2387 if (!off) 2388 break; 2389 if (check_sub_overflow(rem, off, &rem)) 2390 return -EINVAL; 2391 cc = (struct create_context *)((u8 *)cc + off); 2392 } 2393 2394 if (rsp->OplockLevel != SMB2_OPLOCK_LEVEL_LEASE) 2395 *oplock = rsp->OplockLevel; 2396 2397 return 0; 2398 } 2399 2400 static int 2401 add_lease_context(struct TCP_Server_Info *server, 2402 struct smb2_create_req *req, 2403 struct kvec *iov, 2404 unsigned int *num_iovec, u8 *lease_key, __u8 *oplock) 2405 { 2406 unsigned int num = *num_iovec; 2407 2408 iov[num].iov_base = server->ops->create_lease_buf(lease_key, *oplock); 2409 if (iov[num].iov_base == NULL) 2410 return -ENOMEM; 2411 iov[num].iov_len = server->vals->create_lease_size; 2412 req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_LEASE; 2413 *num_iovec = num + 1; 2414 return 0; 2415 } 2416 2417 static struct create_durable_v2 * 2418 create_durable_v2_buf(struct cifs_open_parms *oparms) 2419 { 2420 struct cifs_fid *pfid = oparms->fid; 2421 struct create_durable_v2 *buf; 2422 2423 buf = kzalloc(sizeof(struct create_durable_v2), GFP_KERNEL); 2424 if (!buf) 2425 return NULL; 2426 2427 buf->ccontext.DataOffset = cpu_to_le16(offsetof 2428 (struct create_durable_v2, dcontext)); 2429 buf->ccontext.DataLength = cpu_to_le32(sizeof(struct durable_context_v2)); 2430 buf->ccontext.NameOffset = cpu_to_le16(offsetof 2431 (struct create_durable_v2, Name)); 2432 buf->ccontext.NameLength = cpu_to_le16(4); 2433 2434 /* 2435 * NB: Handle timeout defaults to 0, which allows server to choose 2436 * (most servers default to 120 seconds) and most clients default to 0. 2437 * This can be overridden at mount ("handletimeout=") if the user wants 2438 * a different persistent (or resilient) handle timeout for all opens 2439 * on a particular SMB3 mount. 2440 */ 2441 buf->dcontext.Timeout = cpu_to_le32(oparms->tcon->handle_timeout); 2442 buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT); 2443 2444 /* for replay, we should not overwrite the existing create guid */ 2445 if (!oparms->replay) { 2446 generate_random_uuid(buf->dcontext.CreateGuid); 2447 memcpy(pfid->create_guid, buf->dcontext.CreateGuid, 16); 2448 } else 2449 memcpy(buf->dcontext.CreateGuid, pfid->create_guid, 16); 2450 2451 /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DH2Q" */ 2452 buf->Name[0] = 'D'; 2453 buf->Name[1] = 'H'; 2454 buf->Name[2] = '2'; 2455 buf->Name[3] = 'Q'; 2456 return buf; 2457 } 2458 2459 static struct create_durable_handle_reconnect_v2 * 2460 create_reconnect_durable_v2_buf(struct cifs_fid *fid) 2461 { 2462 struct create_durable_handle_reconnect_v2 *buf; 2463 2464 buf = kzalloc(sizeof(struct create_durable_handle_reconnect_v2), 2465 GFP_KERNEL); 2466 if (!buf) 2467 return NULL; 2468 2469 buf->ccontext.DataOffset = 2470 cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2, 2471 dcontext)); 2472 buf->ccontext.DataLength = 2473 cpu_to_le32(sizeof(struct durable_reconnect_context_v2)); 2474 buf->ccontext.NameOffset = 2475 cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2, 2476 Name)); 2477 buf->ccontext.NameLength = cpu_to_le16(4); 2478 2479 buf->dcontext.Fid.PersistentFileId = fid->persistent_fid; 2480 buf->dcontext.Fid.VolatileFileId = fid->volatile_fid; 2481 buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT); 2482 memcpy(buf->dcontext.CreateGuid, fid->create_guid, 16); 2483 2484 /* SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 is "DH2C" */ 2485 buf->Name[0] = 'D'; 2486 buf->Name[1] = 'H'; 2487 buf->Name[2] = '2'; 2488 buf->Name[3] = 'C'; 2489 return buf; 2490 } 2491 2492 static int 2493 add_durable_v2_context(struct kvec *iov, unsigned int *num_iovec, 2494 struct cifs_open_parms *oparms) 2495 { 2496 unsigned int num = *num_iovec; 2497 2498 iov[num].iov_base = create_durable_v2_buf(oparms); 2499 if (iov[num].iov_base == NULL) 2500 return -ENOMEM; 2501 iov[num].iov_len = sizeof(struct create_durable_v2); 2502 *num_iovec = num + 1; 2503 return 0; 2504 } 2505 2506 static int 2507 add_durable_reconnect_v2_context(struct kvec *iov, unsigned int *num_iovec, 2508 struct cifs_open_parms *oparms) 2509 { 2510 unsigned int num = *num_iovec; 2511 2512 /* indicate that we don't need to relock the file */ 2513 oparms->reconnect = false; 2514 2515 iov[num].iov_base = create_reconnect_durable_v2_buf(oparms->fid); 2516 if (iov[num].iov_base == NULL) 2517 return -ENOMEM; 2518 iov[num].iov_len = sizeof(struct create_durable_handle_reconnect_v2); 2519 *num_iovec = num + 1; 2520 return 0; 2521 } 2522 2523 static int 2524 add_durable_context(struct kvec *iov, unsigned int *num_iovec, 2525 struct cifs_open_parms *oparms, bool use_persistent) 2526 { 2527 unsigned int num = *num_iovec; 2528 2529 if (use_persistent) { 2530 if (oparms->reconnect) 2531 return add_durable_reconnect_v2_context(iov, num_iovec, 2532 oparms); 2533 else 2534 return add_durable_v2_context(iov, num_iovec, oparms); 2535 } 2536 2537 if (oparms->reconnect) { 2538 iov[num].iov_base = create_reconnect_durable_buf(oparms->fid); 2539 /* indicate that we don't need to relock the file */ 2540 oparms->reconnect = false; 2541 } else 2542 iov[num].iov_base = create_durable_buf(); 2543 if (iov[num].iov_base == NULL) 2544 return -ENOMEM; 2545 iov[num].iov_len = sizeof(struct create_durable); 2546 *num_iovec = num + 1; 2547 return 0; 2548 } 2549 2550 /* See MS-SMB2 2.2.13.2.7 */ 2551 static struct crt_twarp_ctxt * 2552 create_twarp_buf(__u64 timewarp) 2553 { 2554 struct crt_twarp_ctxt *buf; 2555 2556 buf = kzalloc(sizeof(struct crt_twarp_ctxt), GFP_KERNEL); 2557 if (!buf) 2558 return NULL; 2559 2560 buf->ccontext.DataOffset = cpu_to_le16(offsetof 2561 (struct crt_twarp_ctxt, Timestamp)); 2562 buf->ccontext.DataLength = cpu_to_le32(8); 2563 buf->ccontext.NameOffset = cpu_to_le16(offsetof 2564 (struct crt_twarp_ctxt, Name)); 2565 buf->ccontext.NameLength = cpu_to_le16(4); 2566 /* SMB2_CREATE_TIMEWARP_TOKEN is "TWrp" */ 2567 buf->Name[0] = 'T'; 2568 buf->Name[1] = 'W'; 2569 buf->Name[2] = 'r'; 2570 buf->Name[3] = 'p'; 2571 buf->Timestamp = cpu_to_le64(timewarp); 2572 return buf; 2573 } 2574 2575 /* See MS-SMB2 2.2.13.2.7 */ 2576 static int 2577 add_twarp_context(struct kvec *iov, unsigned int *num_iovec, __u64 timewarp) 2578 { 2579 unsigned int num = *num_iovec; 2580 2581 iov[num].iov_base = create_twarp_buf(timewarp); 2582 if (iov[num].iov_base == NULL) 2583 return -ENOMEM; 2584 iov[num].iov_len = sizeof(struct crt_twarp_ctxt); 2585 *num_iovec = num + 1; 2586 return 0; 2587 } 2588 2589 /* See http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx */ 2590 static void setup_owner_group_sids(char *buf) 2591 { 2592 struct owner_group_sids *sids = (struct owner_group_sids *)buf; 2593 2594 /* Populate the user ownership fields S-1-5-88-1 */ 2595 sids->owner.Revision = 1; 2596 sids->owner.NumAuth = 3; 2597 sids->owner.Authority[5] = 5; 2598 sids->owner.SubAuthorities[0] = cpu_to_le32(88); 2599 sids->owner.SubAuthorities[1] = cpu_to_le32(1); 2600 sids->owner.SubAuthorities[2] = cpu_to_le32(current_fsuid().val); 2601 2602 /* Populate the group ownership fields S-1-5-88-2 */ 2603 sids->group.Revision = 1; 2604 sids->group.NumAuth = 3; 2605 sids->group.Authority[5] = 5; 2606 sids->group.SubAuthorities[0] = cpu_to_le32(88); 2607 sids->group.SubAuthorities[1] = cpu_to_le32(2); 2608 sids->group.SubAuthorities[2] = cpu_to_le32(current_fsgid().val); 2609 2610 cifs_dbg(FYI, "owner S-1-5-88-1-%d, group S-1-5-88-2-%d\n", current_fsuid().val, current_fsgid().val); 2611 } 2612 2613 /* See MS-SMB2 2.2.13.2.2 and MS-DTYP 2.4.6 */ 2614 static struct crt_sd_ctxt * 2615 create_sd_buf(umode_t mode, bool set_owner, unsigned int *len) 2616 { 2617 struct crt_sd_ctxt *buf; 2618 __u8 *ptr, *aclptr; 2619 unsigned int acelen, acl_size, ace_count; 2620 unsigned int owner_offset = 0; 2621 unsigned int group_offset = 0; 2622 struct smb3_acl acl = {}; 2623 2624 *len = round_up(sizeof(struct crt_sd_ctxt) + (sizeof(struct cifs_ace) * 4), 8); 2625 2626 if (set_owner) { 2627 /* sizeof(struct owner_group_sids) is already multiple of 8 so no need to round */ 2628 *len += sizeof(struct owner_group_sids); 2629 } 2630 2631 buf = kzalloc(*len, GFP_KERNEL); 2632 if (buf == NULL) 2633 return buf; 2634 2635 ptr = (__u8 *)&buf[1]; 2636 if (set_owner) { 2637 /* offset fields are from beginning of security descriptor not of create context */ 2638 owner_offset = ptr - (__u8 *)&buf->sd; 2639 buf->sd.OffsetOwner = cpu_to_le32(owner_offset); 2640 group_offset = owner_offset + offsetof(struct owner_group_sids, group); 2641 buf->sd.OffsetGroup = cpu_to_le32(group_offset); 2642 2643 setup_owner_group_sids(ptr); 2644 ptr += sizeof(struct owner_group_sids); 2645 } else { 2646 buf->sd.OffsetOwner = 0; 2647 buf->sd.OffsetGroup = 0; 2648 } 2649 2650 buf->ccontext.DataOffset = cpu_to_le16(offsetof(struct crt_sd_ctxt, sd)); 2651 buf->ccontext.NameOffset = cpu_to_le16(offsetof(struct crt_sd_ctxt, Name)); 2652 buf->ccontext.NameLength = cpu_to_le16(4); 2653 /* SMB2_CREATE_SD_BUFFER_TOKEN is "SecD" */ 2654 buf->Name[0] = 'S'; 2655 buf->Name[1] = 'e'; 2656 buf->Name[2] = 'c'; 2657 buf->Name[3] = 'D'; 2658 buf->sd.Revision = 1; /* Must be one see MS-DTYP 2.4.6 */ 2659 2660 /* 2661 * ACL is "self relative" ie ACL is stored in contiguous block of memory 2662 * and "DP" ie the DACL is present 2663 */ 2664 buf->sd.Control = cpu_to_le16(ACL_CONTROL_SR | ACL_CONTROL_DP); 2665 2666 /* offset owner, group and Sbz1 and SACL are all zero */ 2667 buf->sd.OffsetDacl = cpu_to_le32(ptr - (__u8 *)&buf->sd); 2668 /* Ship the ACL for now. we will copy it into buf later. */ 2669 aclptr = ptr; 2670 ptr += sizeof(struct smb3_acl); 2671 2672 /* create one ACE to hold the mode embedded in reserved special SID */ 2673 acelen = setup_special_mode_ACE((struct cifs_ace *)ptr, (__u64)mode); 2674 ptr += acelen; 2675 acl_size = acelen + sizeof(struct smb3_acl); 2676 ace_count = 1; 2677 2678 if (set_owner) { 2679 /* we do not need to reallocate buffer to add the two more ACEs. plenty of space */ 2680 acelen = setup_special_user_owner_ACE((struct cifs_ace *)ptr); 2681 ptr += acelen; 2682 acl_size += acelen; 2683 ace_count += 1; 2684 } 2685 2686 /* and one more ACE to allow access for authenticated users */ 2687 acelen = setup_authusers_ACE((struct cifs_ace *)ptr); 2688 ptr += acelen; 2689 acl_size += acelen; 2690 ace_count += 1; 2691 2692 acl.AclRevision = ACL_REVISION; /* See 2.4.4.1 of MS-DTYP */ 2693 acl.AclSize = cpu_to_le16(acl_size); 2694 acl.AceCount = cpu_to_le16(ace_count); 2695 /* acl.Sbz1 and Sbz2 MBZ so are not set here, but initialized above */ 2696 memcpy(aclptr, &acl, sizeof(struct smb3_acl)); 2697 2698 buf->ccontext.DataLength = cpu_to_le32(ptr - (__u8 *)&buf->sd); 2699 *len = round_up((unsigned int)(ptr - (__u8 *)buf), 8); 2700 2701 return buf; 2702 } 2703 2704 static int 2705 add_sd_context(struct kvec *iov, unsigned int *num_iovec, umode_t mode, bool set_owner) 2706 { 2707 unsigned int num = *num_iovec; 2708 unsigned int len = 0; 2709 2710 iov[num].iov_base = create_sd_buf(mode, set_owner, &len); 2711 if (iov[num].iov_base == NULL) 2712 return -ENOMEM; 2713 iov[num].iov_len = len; 2714 *num_iovec = num + 1; 2715 return 0; 2716 } 2717 2718 static struct crt_query_id_ctxt * 2719 create_query_id_buf(void) 2720 { 2721 struct crt_query_id_ctxt *buf; 2722 2723 buf = kzalloc(sizeof(struct crt_query_id_ctxt), GFP_KERNEL); 2724 if (!buf) 2725 return NULL; 2726 2727 buf->ccontext.DataOffset = cpu_to_le16(0); 2728 buf->ccontext.DataLength = cpu_to_le32(0); 2729 buf->ccontext.NameOffset = cpu_to_le16(offsetof 2730 (struct crt_query_id_ctxt, Name)); 2731 buf->ccontext.NameLength = cpu_to_le16(4); 2732 /* SMB2_CREATE_QUERY_ON_DISK_ID is "QFid" */ 2733 buf->Name[0] = 'Q'; 2734 buf->Name[1] = 'F'; 2735 buf->Name[2] = 'i'; 2736 buf->Name[3] = 'd'; 2737 return buf; 2738 } 2739 2740 /* See MS-SMB2 2.2.13.2.9 */ 2741 static int 2742 add_query_id_context(struct kvec *iov, unsigned int *num_iovec) 2743 { 2744 unsigned int num = *num_iovec; 2745 2746 iov[num].iov_base = create_query_id_buf(); 2747 if (iov[num].iov_base == NULL) 2748 return -ENOMEM; 2749 iov[num].iov_len = sizeof(struct crt_query_id_ctxt); 2750 *num_iovec = num + 1; 2751 return 0; 2752 } 2753 2754 static void add_ea_context(struct cifs_open_parms *oparms, 2755 struct kvec *rq_iov, unsigned int *num_iovs) 2756 { 2757 struct kvec *iov = oparms->ea_cctx; 2758 2759 if (iov && iov->iov_base && iov->iov_len) { 2760 rq_iov[(*num_iovs)++] = *iov; 2761 memset(iov, 0, sizeof(*iov)); 2762 } 2763 } 2764 2765 static int 2766 alloc_path_with_tree_prefix(__le16 **out_path, int *out_size, int *out_len, 2767 const char *treename, const __le16 *path) 2768 { 2769 int treename_len, path_len; 2770 struct nls_table *cp; 2771 const __le16 sep[] = {cpu_to_le16('\\'), cpu_to_le16(0x0000)}; 2772 2773 /* 2774 * skip leading "\\" 2775 */ 2776 treename_len = strlen(treename); 2777 if (treename_len < 2 || !(treename[0] == '\\' && treename[1] == '\\')) 2778 return -EINVAL; 2779 2780 treename += 2; 2781 treename_len -= 2; 2782 2783 path_len = UniStrnlen((wchar_t *)path, PATH_MAX); 2784 2785 /* make room for one path separator only if @path isn't empty */ 2786 *out_len = treename_len + (path[0] ? 1 : 0) + path_len; 2787 2788 /* 2789 * final path needs to be 8-byte aligned as specified in 2790 * MS-SMB2 2.2.13 SMB2 CREATE Request. 2791 */ 2792 *out_size = round_up(*out_len * sizeof(__le16), 8); 2793 *out_path = kzalloc(*out_size + sizeof(__le16) /* null */, GFP_KERNEL); 2794 if (!*out_path) 2795 return -ENOMEM; 2796 2797 cp = load_nls_default(); 2798 cifs_strtoUTF16(*out_path, treename, treename_len, cp); 2799 2800 /* Do not append the separator if the path is empty */ 2801 if (path[0] != cpu_to_le16(0x0000)) { 2802 UniStrcat((wchar_t *)*out_path, (wchar_t *)sep); 2803 UniStrcat((wchar_t *)*out_path, (wchar_t *)path); 2804 } 2805 2806 unload_nls(cp); 2807 2808 return 0; 2809 } 2810 2811 int smb311_posix_mkdir(const unsigned int xid, struct inode *inode, 2812 umode_t mode, struct cifs_tcon *tcon, 2813 const char *full_path, 2814 struct cifs_sb_info *cifs_sb) 2815 { 2816 struct smb_rqst rqst; 2817 struct smb2_create_req *req; 2818 struct smb2_create_rsp *rsp = NULL; 2819 struct cifs_ses *ses = tcon->ses; 2820 struct kvec iov[3]; /* make sure at least one for each open context */ 2821 struct kvec rsp_iov = {NULL, 0}; 2822 int resp_buftype; 2823 int uni_path_len; 2824 __le16 *copy_path = NULL; 2825 int copy_size; 2826 int rc = 0; 2827 unsigned int n_iov = 2; 2828 __u32 file_attributes = 0; 2829 char *pc_buf = NULL; 2830 int flags = 0; 2831 unsigned int total_len; 2832 __le16 *utf16_path = NULL; 2833 struct TCP_Server_Info *server; 2834 int retries = 0, cur_sleep = 1; 2835 2836 replay_again: 2837 /* reinitialize for possible replay */ 2838 flags = 0; 2839 n_iov = 2; 2840 server = cifs_pick_channel(ses); 2841 2842 cifs_dbg(FYI, "mkdir\n"); 2843 2844 /* resource #1: path allocation */ 2845 utf16_path = cifs_convert_path_to_utf16(full_path, cifs_sb); 2846 if (!utf16_path) 2847 return -ENOMEM; 2848 2849 if (!ses || !server) { 2850 rc = -EIO; 2851 goto err_free_path; 2852 } 2853 2854 /* resource #2: request */ 2855 rc = smb2_plain_req_init(SMB2_CREATE, tcon, server, 2856 (void **) &req, &total_len); 2857 if (rc) 2858 goto err_free_path; 2859 2860 2861 if (smb3_encryption_required(tcon)) 2862 flags |= CIFS_TRANSFORM_REQ; 2863 2864 req->ImpersonationLevel = IL_IMPERSONATION; 2865 req->DesiredAccess = cpu_to_le32(FILE_WRITE_ATTRIBUTES); 2866 /* File attributes ignored on open (used in create though) */ 2867 req->FileAttributes = cpu_to_le32(file_attributes); 2868 req->ShareAccess = FILE_SHARE_ALL_LE; 2869 req->CreateDisposition = cpu_to_le32(FILE_CREATE); 2870 req->CreateOptions = cpu_to_le32(CREATE_NOT_FILE); 2871 2872 iov[0].iov_base = (char *)req; 2873 /* -1 since last byte is buf[0] which is sent below (path) */ 2874 iov[0].iov_len = total_len - 1; 2875 2876 req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req)); 2877 2878 /* [MS-SMB2] 2.2.13 NameOffset: 2879 * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of 2880 * the SMB2 header, the file name includes a prefix that will 2881 * be processed during DFS name normalization as specified in 2882 * section 3.3.5.9. Otherwise, the file name is relative to 2883 * the share that is identified by the TreeId in the SMB2 2884 * header. 2885 */ 2886 if (tcon->share_flags & SHI1005_FLAGS_DFS) { 2887 int name_len; 2888 2889 req->hdr.Flags |= SMB2_FLAGS_DFS_OPERATIONS; 2890 rc = alloc_path_with_tree_prefix(©_path, ©_size, 2891 &name_len, 2892 tcon->tree_name, utf16_path); 2893 if (rc) 2894 goto err_free_req; 2895 2896 req->NameLength = cpu_to_le16(name_len * 2); 2897 uni_path_len = copy_size; 2898 /* free before overwriting resource */ 2899 kfree(utf16_path); 2900 utf16_path = copy_path; 2901 } else { 2902 uni_path_len = (2 * UniStrnlen((wchar_t *)utf16_path, PATH_MAX)) + 2; 2903 /* MUST set path len (NameLength) to 0 opening root of share */ 2904 req->NameLength = cpu_to_le16(uni_path_len - 2); 2905 if (uni_path_len % 8 != 0) { 2906 copy_size = roundup(uni_path_len, 8); 2907 copy_path = kzalloc(copy_size, GFP_KERNEL); 2908 if (!copy_path) { 2909 rc = -ENOMEM; 2910 goto err_free_req; 2911 } 2912 memcpy((char *)copy_path, (const char *)utf16_path, 2913 uni_path_len); 2914 uni_path_len = copy_size; 2915 /* free before overwriting resource */ 2916 kfree(utf16_path); 2917 utf16_path = copy_path; 2918 } 2919 } 2920 2921 iov[1].iov_len = uni_path_len; 2922 iov[1].iov_base = utf16_path; 2923 req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_NONE; 2924 2925 if (tcon->posix_extensions) { 2926 /* resource #3: posix buf */ 2927 rc = add_posix_context(iov, &n_iov, mode); 2928 if (rc) 2929 goto err_free_req; 2930 req->CreateContextsOffset = cpu_to_le32( 2931 sizeof(struct smb2_create_req) + 2932 iov[1].iov_len); 2933 pc_buf = iov[n_iov-1].iov_base; 2934 } 2935 2936 2937 memset(&rqst, 0, sizeof(struct smb_rqst)); 2938 rqst.rq_iov = iov; 2939 rqst.rq_nvec = n_iov; 2940 2941 /* no need to inc num_remote_opens because we close it just below */ 2942 trace_smb3_posix_mkdir_enter(xid, tcon->tid, ses->Suid, full_path, CREATE_NOT_FILE, 2943 FILE_WRITE_ATTRIBUTES); 2944 2945 if (retries) 2946 smb2_set_replay(server, &rqst); 2947 2948 /* resource #4: response buffer */ 2949 rc = cifs_send_recv(xid, ses, server, 2950 &rqst, &resp_buftype, flags, &rsp_iov); 2951 if (rc) { 2952 cifs_stats_fail_inc(tcon, SMB2_CREATE_HE); 2953 trace_smb3_posix_mkdir_err(xid, tcon->tid, ses->Suid, 2954 CREATE_NOT_FILE, 2955 FILE_WRITE_ATTRIBUTES, rc); 2956 goto err_free_rsp_buf; 2957 } 2958 2959 /* 2960 * Although unlikely to be possible for rsp to be null and rc not set, 2961 * adding check below is slightly safer long term (and quiets Coverity 2962 * warning) 2963 */ 2964 rsp = (struct smb2_create_rsp *)rsp_iov.iov_base; 2965 if (rsp == NULL) { 2966 rc = -EIO; 2967 kfree(pc_buf); 2968 goto err_free_req; 2969 } 2970 2971 trace_smb3_posix_mkdir_done(xid, rsp->PersistentFileId, tcon->tid, ses->Suid, 2972 CREATE_NOT_FILE, FILE_WRITE_ATTRIBUTES); 2973 2974 SMB2_close(xid, tcon, rsp->PersistentFileId, rsp->VolatileFileId); 2975 2976 /* Eventually save off posix specific response info and timestaps */ 2977 2978 err_free_rsp_buf: 2979 free_rsp_buf(resp_buftype, rsp); 2980 kfree(pc_buf); 2981 err_free_req: 2982 cifs_small_buf_release(req); 2983 err_free_path: 2984 kfree(utf16_path); 2985 2986 if (is_replayable_error(rc) && 2987 smb2_should_replay(tcon, &retries, &cur_sleep)) 2988 goto replay_again; 2989 2990 return rc; 2991 } 2992 2993 int 2994 SMB2_open_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, 2995 struct smb_rqst *rqst, __u8 *oplock, 2996 struct cifs_open_parms *oparms, __le16 *path) 2997 { 2998 struct smb2_create_req *req; 2999 unsigned int n_iov = 2; 3000 __u32 file_attributes = 0; 3001 int copy_size; 3002 int uni_path_len; 3003 unsigned int total_len; 3004 struct kvec *iov = rqst->rq_iov; 3005 __le16 *copy_path; 3006 int rc; 3007 3008 rc = smb2_plain_req_init(SMB2_CREATE, tcon, server, 3009 (void **) &req, &total_len); 3010 if (rc) 3011 return rc; 3012 3013 iov[0].iov_base = (char *)req; 3014 /* -1 since last byte is buf[0] which is sent below (path) */ 3015 iov[0].iov_len = total_len - 1; 3016 3017 if (oparms->create_options & CREATE_OPTION_READONLY) 3018 file_attributes |= ATTR_READONLY; 3019 if (oparms->create_options & CREATE_OPTION_SPECIAL) 3020 file_attributes |= ATTR_SYSTEM; 3021 3022 req->ImpersonationLevel = IL_IMPERSONATION; 3023 req->DesiredAccess = cpu_to_le32(oparms->desired_access); 3024 /* File attributes ignored on open (used in create though) */ 3025 req->FileAttributes = cpu_to_le32(file_attributes); 3026 req->ShareAccess = FILE_SHARE_ALL_LE; 3027 3028 req->CreateDisposition = cpu_to_le32(oparms->disposition); 3029 req->CreateOptions = cpu_to_le32(oparms->create_options & CREATE_OPTIONS_MASK); 3030 req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req)); 3031 3032 /* [MS-SMB2] 2.2.13 NameOffset: 3033 * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of 3034 * the SMB2 header, the file name includes a prefix that will 3035 * be processed during DFS name normalization as specified in 3036 * section 3.3.5.9. Otherwise, the file name is relative to 3037 * the share that is identified by the TreeId in the SMB2 3038 * header. 3039 */ 3040 if (tcon->share_flags & SHI1005_FLAGS_DFS) { 3041 int name_len; 3042 3043 req->hdr.Flags |= SMB2_FLAGS_DFS_OPERATIONS; 3044 rc = alloc_path_with_tree_prefix(©_path, ©_size, 3045 &name_len, 3046 tcon->tree_name, path); 3047 if (rc) 3048 return rc; 3049 req->NameLength = cpu_to_le16(name_len * 2); 3050 uni_path_len = copy_size; 3051 path = copy_path; 3052 } else { 3053 uni_path_len = (2 * UniStrnlen((wchar_t *)path, PATH_MAX)) + 2; 3054 /* MUST set path len (NameLength) to 0 opening root of share */ 3055 req->NameLength = cpu_to_le16(uni_path_len - 2); 3056 copy_size = round_up(uni_path_len, 8); 3057 copy_path = kzalloc(copy_size, GFP_KERNEL); 3058 if (!copy_path) 3059 return -ENOMEM; 3060 memcpy((char *)copy_path, (const char *)path, 3061 uni_path_len); 3062 uni_path_len = copy_size; 3063 path = copy_path; 3064 } 3065 3066 iov[1].iov_len = uni_path_len; 3067 iov[1].iov_base = path; 3068 3069 if ((!server->oplocks) || (tcon->no_lease)) 3070 *oplock = SMB2_OPLOCK_LEVEL_NONE; 3071 3072 if (!(server->capabilities & SMB2_GLOBAL_CAP_LEASING) || 3073 *oplock == SMB2_OPLOCK_LEVEL_NONE) 3074 req->RequestedOplockLevel = *oplock; 3075 else if (!(server->capabilities & SMB2_GLOBAL_CAP_DIRECTORY_LEASING) && 3076 (oparms->create_options & CREATE_NOT_FILE)) 3077 req->RequestedOplockLevel = *oplock; /* no srv lease support */ 3078 else { 3079 rc = add_lease_context(server, req, iov, &n_iov, 3080 oparms->fid->lease_key, oplock); 3081 if (rc) 3082 return rc; 3083 } 3084 3085 if (*oplock == SMB2_OPLOCK_LEVEL_BATCH) { 3086 rc = add_durable_context(iov, &n_iov, oparms, 3087 tcon->use_persistent); 3088 if (rc) 3089 return rc; 3090 } 3091 3092 if (tcon->posix_extensions) { 3093 rc = add_posix_context(iov, &n_iov, oparms->mode); 3094 if (rc) 3095 return rc; 3096 } 3097 3098 if (tcon->snapshot_time) { 3099 cifs_dbg(FYI, "adding snapshot context\n"); 3100 rc = add_twarp_context(iov, &n_iov, tcon->snapshot_time); 3101 if (rc) 3102 return rc; 3103 } 3104 3105 if ((oparms->disposition != FILE_OPEN) && (oparms->cifs_sb)) { 3106 bool set_mode; 3107 bool set_owner; 3108 3109 if ((oparms->cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MODE_FROM_SID) && 3110 (oparms->mode != ACL_NO_MODE)) 3111 set_mode = true; 3112 else { 3113 set_mode = false; 3114 oparms->mode = ACL_NO_MODE; 3115 } 3116 3117 if (oparms->cifs_sb->mnt_cifs_flags & CIFS_MOUNT_UID_FROM_ACL) 3118 set_owner = true; 3119 else 3120 set_owner = false; 3121 3122 if (set_owner | set_mode) { 3123 cifs_dbg(FYI, "add sd with mode 0x%x\n", oparms->mode); 3124 rc = add_sd_context(iov, &n_iov, oparms->mode, set_owner); 3125 if (rc) 3126 return rc; 3127 } 3128 } 3129 3130 add_query_id_context(iov, &n_iov); 3131 add_ea_context(oparms, iov, &n_iov); 3132 3133 if (n_iov > 2) { 3134 /* 3135 * We have create contexts behind iov[1] (the file 3136 * name), point at them from the main create request 3137 */ 3138 req->CreateContextsOffset = cpu_to_le32( 3139 sizeof(struct smb2_create_req) + 3140 iov[1].iov_len); 3141 req->CreateContextsLength = 0; 3142 3143 for (unsigned int i = 2; i < (n_iov-1); i++) { 3144 struct kvec *v = &iov[i]; 3145 size_t len = v->iov_len; 3146 struct create_context *cctx = 3147 (struct create_context *)v->iov_base; 3148 3149 cctx->Next = cpu_to_le32(len); 3150 le32_add_cpu(&req->CreateContextsLength, len); 3151 } 3152 le32_add_cpu(&req->CreateContextsLength, 3153 iov[n_iov-1].iov_len); 3154 } 3155 3156 rqst->rq_nvec = n_iov; 3157 return 0; 3158 } 3159 3160 /* rq_iov[0] is the request and is released by cifs_small_buf_release(). 3161 * All other vectors are freed by kfree(). 3162 */ 3163 void 3164 SMB2_open_free(struct smb_rqst *rqst) 3165 { 3166 int i; 3167 3168 if (rqst && rqst->rq_iov) { 3169 cifs_small_buf_release(rqst->rq_iov[0].iov_base); 3170 for (i = 1; i < rqst->rq_nvec; i++) 3171 if (rqst->rq_iov[i].iov_base != smb2_padding) 3172 kfree(rqst->rq_iov[i].iov_base); 3173 } 3174 } 3175 3176 int 3177 SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path, 3178 __u8 *oplock, struct smb2_file_all_info *buf, 3179 struct create_posix_rsp *posix, 3180 struct kvec *err_iov, int *buftype) 3181 { 3182 struct smb_rqst rqst; 3183 struct smb2_create_rsp *rsp = NULL; 3184 struct cifs_tcon *tcon = oparms->tcon; 3185 struct cifs_ses *ses = tcon->ses; 3186 struct TCP_Server_Info *server; 3187 struct kvec iov[SMB2_CREATE_IOV_SIZE]; 3188 struct kvec rsp_iov = {NULL, 0}; 3189 int resp_buftype = CIFS_NO_BUFFER; 3190 int rc = 0; 3191 int flags = 0; 3192 int retries = 0, cur_sleep = 1; 3193 3194 replay_again: 3195 /* reinitialize for possible replay */ 3196 flags = 0; 3197 server = cifs_pick_channel(ses); 3198 oparms->replay = !!(retries); 3199 3200 cifs_dbg(FYI, "create/open\n"); 3201 if (!ses || !server) 3202 return -EIO; 3203 3204 if (smb3_encryption_required(tcon)) 3205 flags |= CIFS_TRANSFORM_REQ; 3206 3207 memset(&rqst, 0, sizeof(struct smb_rqst)); 3208 memset(&iov, 0, sizeof(iov)); 3209 rqst.rq_iov = iov; 3210 rqst.rq_nvec = SMB2_CREATE_IOV_SIZE; 3211 3212 rc = SMB2_open_init(tcon, server, 3213 &rqst, oplock, oparms, path); 3214 if (rc) 3215 goto creat_exit; 3216 3217 trace_smb3_open_enter(xid, tcon->tid, tcon->ses->Suid, oparms->path, 3218 oparms->create_options, oparms->desired_access); 3219 3220 if (retries) 3221 smb2_set_replay(server, &rqst); 3222 3223 rc = cifs_send_recv(xid, ses, server, 3224 &rqst, &resp_buftype, flags, 3225 &rsp_iov); 3226 rsp = (struct smb2_create_rsp *)rsp_iov.iov_base; 3227 3228 if (rc != 0) { 3229 cifs_stats_fail_inc(tcon, SMB2_CREATE_HE); 3230 if (err_iov && rsp) { 3231 *err_iov = rsp_iov; 3232 *buftype = resp_buftype; 3233 resp_buftype = CIFS_NO_BUFFER; 3234 rsp = NULL; 3235 } 3236 trace_smb3_open_err(xid, tcon->tid, ses->Suid, 3237 oparms->create_options, oparms->desired_access, rc); 3238 if (rc == -EREMCHG) { 3239 pr_warn_once("server share %s deleted\n", 3240 tcon->tree_name); 3241 tcon->need_reconnect = true; 3242 } 3243 goto creat_exit; 3244 } else if (rsp == NULL) /* unlikely to happen, but safer to check */ 3245 goto creat_exit; 3246 else 3247 trace_smb3_open_done(xid, rsp->PersistentFileId, tcon->tid, ses->Suid, 3248 oparms->create_options, oparms->desired_access); 3249 3250 atomic_inc(&tcon->num_remote_opens); 3251 oparms->fid->persistent_fid = rsp->PersistentFileId; 3252 oparms->fid->volatile_fid = rsp->VolatileFileId; 3253 oparms->fid->access = oparms->desired_access; 3254 #ifdef CONFIG_CIFS_DEBUG2 3255 oparms->fid->mid = le64_to_cpu(rsp->hdr.MessageId); 3256 #endif /* CIFS_DEBUG2 */ 3257 3258 if (buf) { 3259 buf->CreationTime = rsp->CreationTime; 3260 buf->LastAccessTime = rsp->LastAccessTime; 3261 buf->LastWriteTime = rsp->LastWriteTime; 3262 buf->ChangeTime = rsp->ChangeTime; 3263 buf->AllocationSize = rsp->AllocationSize; 3264 buf->EndOfFile = rsp->EndofFile; 3265 buf->Attributes = rsp->FileAttributes; 3266 buf->NumberOfLinks = cpu_to_le32(1); 3267 buf->DeletePending = 0; 3268 } 3269 3270 3271 rc = smb2_parse_contexts(server, &rsp_iov, &oparms->fid->epoch, 3272 oparms->fid->lease_key, oplock, buf, posix); 3273 creat_exit: 3274 SMB2_open_free(&rqst); 3275 free_rsp_buf(resp_buftype, rsp); 3276 3277 if (is_replayable_error(rc) && 3278 smb2_should_replay(tcon, &retries, &cur_sleep)) 3279 goto replay_again; 3280 3281 return rc; 3282 } 3283 3284 int 3285 SMB2_ioctl_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, 3286 struct smb_rqst *rqst, 3287 u64 persistent_fid, u64 volatile_fid, u32 opcode, 3288 char *in_data, u32 indatalen, 3289 __u32 max_response_size) 3290 { 3291 struct smb2_ioctl_req *req; 3292 struct kvec *iov = rqst->rq_iov; 3293 unsigned int total_len; 3294 int rc; 3295 char *in_data_buf; 3296 3297 rc = smb2_ioctl_req_init(opcode, tcon, server, 3298 (void **) &req, &total_len); 3299 if (rc) 3300 return rc; 3301 3302 if (indatalen) { 3303 /* 3304 * indatalen is usually small at a couple of bytes max, so 3305 * just allocate through generic pool 3306 */ 3307 in_data_buf = kmemdup(in_data, indatalen, GFP_NOFS); 3308 if (!in_data_buf) { 3309 cifs_small_buf_release(req); 3310 return -ENOMEM; 3311 } 3312 } 3313 3314 req->CtlCode = cpu_to_le32(opcode); 3315 req->PersistentFileId = persistent_fid; 3316 req->VolatileFileId = volatile_fid; 3317 3318 iov[0].iov_base = (char *)req; 3319 /* 3320 * If no input data, the size of ioctl struct in 3321 * protocol spec still includes a 1 byte data buffer, 3322 * but if input data passed to ioctl, we do not 3323 * want to double count this, so we do not send 3324 * the dummy one byte of data in iovec[0] if sending 3325 * input data (in iovec[1]). 3326 */ 3327 if (indatalen) { 3328 req->InputCount = cpu_to_le32(indatalen); 3329 /* do not set InputOffset if no input data */ 3330 req->InputOffset = 3331 cpu_to_le32(offsetof(struct smb2_ioctl_req, Buffer)); 3332 rqst->rq_nvec = 2; 3333 iov[0].iov_len = total_len - 1; 3334 iov[1].iov_base = in_data_buf; 3335 iov[1].iov_len = indatalen; 3336 } else { 3337 rqst->rq_nvec = 1; 3338 iov[0].iov_len = total_len; 3339 } 3340 3341 req->OutputOffset = 0; 3342 req->OutputCount = 0; /* MBZ */ 3343 3344 /* 3345 * In most cases max_response_size is set to 16K (CIFSMaxBufSize) 3346 * We Could increase default MaxOutputResponse, but that could require 3347 * more credits. Windows typically sets this smaller, but for some 3348 * ioctls it may be useful to allow server to send more. No point 3349 * limiting what the server can send as long as fits in one credit 3350 * We can not handle more than CIFS_MAX_BUF_SIZE yet but may want 3351 * to increase this limit up in the future. 3352 * Note that for snapshot queries that servers like Azure expect that 3353 * the first query be minimal size (and just used to get the number/size 3354 * of previous versions) so response size must be specified as EXACTLY 3355 * sizeof(struct snapshot_array) which is 16 when rounded up to multiple 3356 * of eight bytes. Currently that is the only case where we set max 3357 * response size smaller. 3358 */ 3359 req->MaxOutputResponse = cpu_to_le32(max_response_size); 3360 req->hdr.CreditCharge = 3361 cpu_to_le16(DIV_ROUND_UP(max(indatalen, max_response_size), 3362 SMB2_MAX_BUFFER_SIZE)); 3363 /* always an FSCTL (for now) */ 3364 req->Flags = cpu_to_le32(SMB2_0_IOCTL_IS_FSCTL); 3365 3366 /* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */ 3367 if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO) 3368 req->hdr.Flags |= SMB2_FLAGS_SIGNED; 3369 3370 return 0; 3371 } 3372 3373 void 3374 SMB2_ioctl_free(struct smb_rqst *rqst) 3375 { 3376 int i; 3377 3378 if (rqst && rqst->rq_iov) { 3379 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */ 3380 for (i = 1; i < rqst->rq_nvec; i++) 3381 if (rqst->rq_iov[i].iov_base != smb2_padding) 3382 kfree(rqst->rq_iov[i].iov_base); 3383 } 3384 } 3385 3386 3387 /* 3388 * SMB2 IOCTL is used for both IOCTLs and FSCTLs 3389 */ 3390 int 3391 SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid, 3392 u64 volatile_fid, u32 opcode, char *in_data, u32 indatalen, 3393 u32 max_out_data_len, char **out_data, 3394 u32 *plen /* returned data len */) 3395 { 3396 struct smb_rqst rqst; 3397 struct smb2_ioctl_rsp *rsp = NULL; 3398 struct cifs_ses *ses; 3399 struct TCP_Server_Info *server; 3400 struct kvec iov[SMB2_IOCTL_IOV_SIZE]; 3401 struct kvec rsp_iov = {NULL, 0}; 3402 int resp_buftype = CIFS_NO_BUFFER; 3403 int rc = 0; 3404 int flags = 0; 3405 int retries = 0, cur_sleep = 1; 3406 3407 if (!tcon) 3408 return -EIO; 3409 3410 ses = tcon->ses; 3411 if (!ses) 3412 return -EIO; 3413 3414 replay_again: 3415 /* reinitialize for possible replay */ 3416 flags = 0; 3417 server = cifs_pick_channel(ses); 3418 3419 if (!server) 3420 return -EIO; 3421 3422 cifs_dbg(FYI, "SMB2 IOCTL\n"); 3423 3424 if (out_data != NULL) 3425 *out_data = NULL; 3426 3427 /* zero out returned data len, in case of error */ 3428 if (plen) 3429 *plen = 0; 3430 3431 if (smb3_encryption_required(tcon)) 3432 flags |= CIFS_TRANSFORM_REQ; 3433 3434 memset(&rqst, 0, sizeof(struct smb_rqst)); 3435 memset(&iov, 0, sizeof(iov)); 3436 rqst.rq_iov = iov; 3437 rqst.rq_nvec = SMB2_IOCTL_IOV_SIZE; 3438 3439 rc = SMB2_ioctl_init(tcon, server, 3440 &rqst, persistent_fid, volatile_fid, opcode, 3441 in_data, indatalen, max_out_data_len); 3442 if (rc) 3443 goto ioctl_exit; 3444 3445 if (retries) 3446 smb2_set_replay(server, &rqst); 3447 3448 rc = cifs_send_recv(xid, ses, server, 3449 &rqst, &resp_buftype, flags, 3450 &rsp_iov); 3451 rsp = (struct smb2_ioctl_rsp *)rsp_iov.iov_base; 3452 3453 if (rc != 0) 3454 trace_smb3_fsctl_err(xid, persistent_fid, tcon->tid, 3455 ses->Suid, 0, opcode, rc); 3456 3457 if ((rc != 0) && (rc != -EINVAL) && (rc != -E2BIG)) { 3458 cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE); 3459 goto ioctl_exit; 3460 } else if (rc == -EINVAL) { 3461 if ((opcode != FSCTL_SRV_COPYCHUNK_WRITE) && 3462 (opcode != FSCTL_SRV_COPYCHUNK)) { 3463 cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE); 3464 goto ioctl_exit; 3465 } 3466 } else if (rc == -E2BIG) { 3467 if (opcode != FSCTL_QUERY_ALLOCATED_RANGES) { 3468 cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE); 3469 goto ioctl_exit; 3470 } 3471 } 3472 3473 /* check if caller wants to look at return data or just return rc */ 3474 if ((plen == NULL) || (out_data == NULL)) 3475 goto ioctl_exit; 3476 3477 /* 3478 * Although unlikely to be possible for rsp to be null and rc not set, 3479 * adding check below is slightly safer long term (and quiets Coverity 3480 * warning) 3481 */ 3482 if (rsp == NULL) { 3483 rc = -EIO; 3484 goto ioctl_exit; 3485 } 3486 3487 *plen = le32_to_cpu(rsp->OutputCount); 3488 3489 /* We check for obvious errors in the output buffer length and offset */ 3490 if (*plen == 0) 3491 goto ioctl_exit; /* server returned no data */ 3492 else if (*plen > rsp_iov.iov_len || *plen > 0xFF00) { 3493 cifs_tcon_dbg(VFS, "srv returned invalid ioctl length: %d\n", *plen); 3494 *plen = 0; 3495 rc = -EIO; 3496 goto ioctl_exit; 3497 } 3498 3499 if (rsp_iov.iov_len - *plen < le32_to_cpu(rsp->OutputOffset)) { 3500 cifs_tcon_dbg(VFS, "Malformed ioctl resp: len %d offset %d\n", *plen, 3501 le32_to_cpu(rsp->OutputOffset)); 3502 *plen = 0; 3503 rc = -EIO; 3504 goto ioctl_exit; 3505 } 3506 3507 *out_data = kmemdup((char *)rsp + le32_to_cpu(rsp->OutputOffset), 3508 *plen, GFP_KERNEL); 3509 if (*out_data == NULL) { 3510 rc = -ENOMEM; 3511 goto ioctl_exit; 3512 } 3513 3514 ioctl_exit: 3515 SMB2_ioctl_free(&rqst); 3516 free_rsp_buf(resp_buftype, rsp); 3517 3518 if (is_replayable_error(rc) && 3519 smb2_should_replay(tcon, &retries, &cur_sleep)) 3520 goto replay_again; 3521 3522 return rc; 3523 } 3524 3525 /* 3526 * Individual callers to ioctl worker function follow 3527 */ 3528 3529 int 3530 SMB2_set_compression(const unsigned int xid, struct cifs_tcon *tcon, 3531 u64 persistent_fid, u64 volatile_fid) 3532 { 3533 int rc; 3534 struct compress_ioctl fsctl_input; 3535 char *ret_data = NULL; 3536 3537 fsctl_input.CompressionState = 3538 cpu_to_le16(COMPRESSION_FORMAT_DEFAULT); 3539 3540 rc = SMB2_ioctl(xid, tcon, persistent_fid, volatile_fid, 3541 FSCTL_SET_COMPRESSION, 3542 (char *)&fsctl_input /* data input */, 3543 2 /* in data len */, CIFSMaxBufSize /* max out data */, 3544 &ret_data /* out data */, NULL); 3545 3546 cifs_dbg(FYI, "set compression rc %d\n", rc); 3547 3548 return rc; 3549 } 3550 3551 int 3552 SMB2_close_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, 3553 struct smb_rqst *rqst, 3554 u64 persistent_fid, u64 volatile_fid, bool query_attrs) 3555 { 3556 struct smb2_close_req *req; 3557 struct kvec *iov = rqst->rq_iov; 3558 unsigned int total_len; 3559 int rc; 3560 3561 rc = smb2_plain_req_init(SMB2_CLOSE, tcon, server, 3562 (void **) &req, &total_len); 3563 if (rc) 3564 return rc; 3565 3566 req->PersistentFileId = persistent_fid; 3567 req->VolatileFileId = volatile_fid; 3568 if (query_attrs) 3569 req->Flags = SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB; 3570 else 3571 req->Flags = 0; 3572 iov[0].iov_base = (char *)req; 3573 iov[0].iov_len = total_len; 3574 3575 return 0; 3576 } 3577 3578 void 3579 SMB2_close_free(struct smb_rqst *rqst) 3580 { 3581 if (rqst && rqst->rq_iov) 3582 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */ 3583 } 3584 3585 int 3586 __SMB2_close(const unsigned int xid, struct cifs_tcon *tcon, 3587 u64 persistent_fid, u64 volatile_fid, 3588 struct smb2_file_network_open_info *pbuf) 3589 { 3590 struct smb_rqst rqst; 3591 struct smb2_close_rsp *rsp = NULL; 3592 struct cifs_ses *ses = tcon->ses; 3593 struct TCP_Server_Info *server; 3594 struct kvec iov[1]; 3595 struct kvec rsp_iov; 3596 int resp_buftype = CIFS_NO_BUFFER; 3597 int rc = 0; 3598 int flags = 0; 3599 bool query_attrs = false; 3600 int retries = 0, cur_sleep = 1; 3601 3602 replay_again: 3603 /* reinitialize for possible replay */ 3604 flags = 0; 3605 query_attrs = false; 3606 server = cifs_pick_channel(ses); 3607 3608 cifs_dbg(FYI, "Close\n"); 3609 3610 if (!ses || !server) 3611 return -EIO; 3612 3613 if (smb3_encryption_required(tcon)) 3614 flags |= CIFS_TRANSFORM_REQ; 3615 3616 memset(&rqst, 0, sizeof(struct smb_rqst)); 3617 memset(&iov, 0, sizeof(iov)); 3618 rqst.rq_iov = iov; 3619 rqst.rq_nvec = 1; 3620 3621 /* check if need to ask server to return timestamps in close response */ 3622 if (pbuf) 3623 query_attrs = true; 3624 3625 trace_smb3_close_enter(xid, persistent_fid, tcon->tid, ses->Suid); 3626 rc = SMB2_close_init(tcon, server, 3627 &rqst, persistent_fid, volatile_fid, 3628 query_attrs); 3629 if (rc) 3630 goto close_exit; 3631 3632 if (retries) 3633 smb2_set_replay(server, &rqst); 3634 3635 rc = cifs_send_recv(xid, ses, server, 3636 &rqst, &resp_buftype, flags, &rsp_iov); 3637 rsp = (struct smb2_close_rsp *)rsp_iov.iov_base; 3638 3639 if (rc != 0) { 3640 cifs_stats_fail_inc(tcon, SMB2_CLOSE_HE); 3641 trace_smb3_close_err(xid, persistent_fid, tcon->tid, ses->Suid, 3642 rc); 3643 goto close_exit; 3644 } else { 3645 trace_smb3_close_done(xid, persistent_fid, tcon->tid, 3646 ses->Suid); 3647 if (pbuf) 3648 memcpy(&pbuf->network_open_info, 3649 &rsp->network_open_info, 3650 sizeof(pbuf->network_open_info)); 3651 atomic_dec(&tcon->num_remote_opens); 3652 } 3653 3654 close_exit: 3655 SMB2_close_free(&rqst); 3656 free_rsp_buf(resp_buftype, rsp); 3657 3658 /* retry close in a worker thread if this one is interrupted */ 3659 if (is_interrupt_error(rc)) { 3660 int tmp_rc; 3661 3662 tmp_rc = smb2_handle_cancelled_close(tcon, persistent_fid, 3663 volatile_fid); 3664 if (tmp_rc) 3665 cifs_dbg(VFS, "handle cancelled close fid 0x%llx returned error %d\n", 3666 persistent_fid, tmp_rc); 3667 } 3668 3669 if (is_replayable_error(rc) && 3670 smb2_should_replay(tcon, &retries, &cur_sleep)) 3671 goto replay_again; 3672 3673 return rc; 3674 } 3675 3676 int 3677 SMB2_close(const unsigned int xid, struct cifs_tcon *tcon, 3678 u64 persistent_fid, u64 volatile_fid) 3679 { 3680 return __SMB2_close(xid, tcon, persistent_fid, volatile_fid, NULL); 3681 } 3682 3683 int 3684 smb2_validate_iov(unsigned int offset, unsigned int buffer_length, 3685 struct kvec *iov, unsigned int min_buf_size) 3686 { 3687 unsigned int smb_len = iov->iov_len; 3688 char *end_of_smb = smb_len + (char *)iov->iov_base; 3689 char *begin_of_buf = offset + (char *)iov->iov_base; 3690 char *end_of_buf = begin_of_buf + buffer_length; 3691 3692 3693 if (buffer_length < min_buf_size) { 3694 cifs_dbg(VFS, "buffer length %d smaller than minimum size %d\n", 3695 buffer_length, min_buf_size); 3696 return -EINVAL; 3697 } 3698 3699 /* check if beyond RFC1001 maximum length */ 3700 if ((smb_len > 0x7FFFFF) || (buffer_length > 0x7FFFFF)) { 3701 cifs_dbg(VFS, "buffer length %d or smb length %d too large\n", 3702 buffer_length, smb_len); 3703 return -EINVAL; 3704 } 3705 3706 if ((begin_of_buf > end_of_smb) || (end_of_buf > end_of_smb)) { 3707 cifs_dbg(VFS, "Invalid server response, bad offset to data\n"); 3708 return -EINVAL; 3709 } 3710 3711 return 0; 3712 } 3713 3714 /* 3715 * If SMB buffer fields are valid, copy into temporary buffer to hold result. 3716 * Caller must free buffer. 3717 */ 3718 int 3719 smb2_validate_and_copy_iov(unsigned int offset, unsigned int buffer_length, 3720 struct kvec *iov, unsigned int minbufsize, 3721 char *data) 3722 { 3723 char *begin_of_buf = offset + (char *)iov->iov_base; 3724 int rc; 3725 3726 if (!data) 3727 return -EINVAL; 3728 3729 rc = smb2_validate_iov(offset, buffer_length, iov, minbufsize); 3730 if (rc) 3731 return rc; 3732 3733 memcpy(data, begin_of_buf, minbufsize); 3734 3735 return 0; 3736 } 3737 3738 int 3739 SMB2_query_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, 3740 struct smb_rqst *rqst, 3741 u64 persistent_fid, u64 volatile_fid, 3742 u8 info_class, u8 info_type, u32 additional_info, 3743 size_t output_len, size_t input_len, void *input) 3744 { 3745 struct smb2_query_info_req *req; 3746 struct kvec *iov = rqst->rq_iov; 3747 unsigned int total_len; 3748 size_t len; 3749 int rc; 3750 3751 if (unlikely(check_add_overflow(input_len, sizeof(*req), &len) || 3752 len > CIFSMaxBufSize)) 3753 return -EINVAL; 3754 3755 rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, server, 3756 (void **) &req, &total_len); 3757 if (rc) 3758 return rc; 3759 3760 req->InfoType = info_type; 3761 req->FileInfoClass = info_class; 3762 req->PersistentFileId = persistent_fid; 3763 req->VolatileFileId = volatile_fid; 3764 req->AdditionalInformation = cpu_to_le32(additional_info); 3765 3766 req->OutputBufferLength = cpu_to_le32(output_len); 3767 if (input_len) { 3768 req->InputBufferLength = cpu_to_le32(input_len); 3769 /* total_len for smb query request never close to le16 max */ 3770 req->InputBufferOffset = cpu_to_le16(total_len - 1); 3771 memcpy(req->Buffer, input, input_len); 3772 } 3773 3774 iov[0].iov_base = (char *)req; 3775 /* 1 for Buffer */ 3776 iov[0].iov_len = len; 3777 return 0; 3778 } 3779 3780 void 3781 SMB2_query_info_free(struct smb_rqst *rqst) 3782 { 3783 if (rqst && rqst->rq_iov) 3784 cifs_buf_release(rqst->rq_iov[0].iov_base); /* request */ 3785 } 3786 3787 static int 3788 query_info(const unsigned int xid, struct cifs_tcon *tcon, 3789 u64 persistent_fid, u64 volatile_fid, u8 info_class, u8 info_type, 3790 u32 additional_info, size_t output_len, size_t min_len, void **data, 3791 u32 *dlen) 3792 { 3793 struct smb_rqst rqst; 3794 struct smb2_query_info_rsp *rsp = NULL; 3795 struct kvec iov[1]; 3796 struct kvec rsp_iov; 3797 int rc = 0; 3798 int resp_buftype = CIFS_NO_BUFFER; 3799 struct cifs_ses *ses = tcon->ses; 3800 struct TCP_Server_Info *server; 3801 int flags = 0; 3802 bool allocated = false; 3803 int retries = 0, cur_sleep = 1; 3804 3805 cifs_dbg(FYI, "Query Info\n"); 3806 3807 if (!ses) 3808 return -EIO; 3809 3810 replay_again: 3811 /* reinitialize for possible replay */ 3812 flags = 0; 3813 allocated = false; 3814 server = cifs_pick_channel(ses); 3815 3816 if (!server) 3817 return -EIO; 3818 3819 if (smb3_encryption_required(tcon)) 3820 flags |= CIFS_TRANSFORM_REQ; 3821 3822 memset(&rqst, 0, sizeof(struct smb_rqst)); 3823 memset(&iov, 0, sizeof(iov)); 3824 rqst.rq_iov = iov; 3825 rqst.rq_nvec = 1; 3826 3827 rc = SMB2_query_info_init(tcon, server, 3828 &rqst, persistent_fid, volatile_fid, 3829 info_class, info_type, additional_info, 3830 output_len, 0, NULL); 3831 if (rc) 3832 goto qinf_exit; 3833 3834 trace_smb3_query_info_enter(xid, persistent_fid, tcon->tid, 3835 ses->Suid, info_class, (__u32)info_type); 3836 3837 if (retries) 3838 smb2_set_replay(server, &rqst); 3839 3840 rc = cifs_send_recv(xid, ses, server, 3841 &rqst, &resp_buftype, flags, &rsp_iov); 3842 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base; 3843 3844 if (rc) { 3845 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); 3846 trace_smb3_query_info_err(xid, persistent_fid, tcon->tid, 3847 ses->Suid, info_class, (__u32)info_type, rc); 3848 goto qinf_exit; 3849 } 3850 3851 trace_smb3_query_info_done(xid, persistent_fid, tcon->tid, 3852 ses->Suid, info_class, (__u32)info_type); 3853 3854 if (dlen) { 3855 *dlen = le32_to_cpu(rsp->OutputBufferLength); 3856 if (!*data) { 3857 *data = kmalloc(*dlen, GFP_KERNEL); 3858 if (!*data) { 3859 cifs_tcon_dbg(VFS, 3860 "Error %d allocating memory for acl\n", 3861 rc); 3862 *dlen = 0; 3863 rc = -ENOMEM; 3864 goto qinf_exit; 3865 } 3866 allocated = true; 3867 } 3868 } 3869 3870 rc = smb2_validate_and_copy_iov(le16_to_cpu(rsp->OutputBufferOffset), 3871 le32_to_cpu(rsp->OutputBufferLength), 3872 &rsp_iov, dlen ? *dlen : min_len, *data); 3873 if (rc && allocated) { 3874 kfree(*data); 3875 *data = NULL; 3876 *dlen = 0; 3877 } 3878 3879 qinf_exit: 3880 SMB2_query_info_free(&rqst); 3881 free_rsp_buf(resp_buftype, rsp); 3882 3883 if (is_replayable_error(rc) && 3884 smb2_should_replay(tcon, &retries, &cur_sleep)) 3885 goto replay_again; 3886 3887 return rc; 3888 } 3889 3890 int SMB2_query_info(const unsigned int xid, struct cifs_tcon *tcon, 3891 u64 persistent_fid, u64 volatile_fid, struct smb2_file_all_info *data) 3892 { 3893 return query_info(xid, tcon, persistent_fid, volatile_fid, 3894 FILE_ALL_INFORMATION, SMB2_O_INFO_FILE, 0, 3895 sizeof(struct smb2_file_all_info) + PATH_MAX * 2, 3896 sizeof(struct smb2_file_all_info), (void **)&data, 3897 NULL); 3898 } 3899 3900 #if 0 3901 /* currently unused, as now we are doing compounding instead (see smb311_posix_query_path_info) */ 3902 int 3903 SMB311_posix_query_info(const unsigned int xid, struct cifs_tcon *tcon, 3904 u64 persistent_fid, u64 volatile_fid, struct smb311_posix_qinfo *data, u32 *plen) 3905 { 3906 size_t output_len = sizeof(struct smb311_posix_qinfo *) + 3907 (sizeof(struct cifs_sid) * 2) + (PATH_MAX * 2); 3908 *plen = 0; 3909 3910 return query_info(xid, tcon, persistent_fid, volatile_fid, 3911 SMB_FIND_FILE_POSIX_INFO, SMB2_O_INFO_FILE, 0, 3912 output_len, sizeof(struct smb311_posix_qinfo), (void **)&data, plen); 3913 /* Note caller must free "data" (passed in above). It may be allocated in query_info call */ 3914 } 3915 #endif 3916 3917 int 3918 SMB2_query_acl(const unsigned int xid, struct cifs_tcon *tcon, 3919 u64 persistent_fid, u64 volatile_fid, 3920 void **data, u32 *plen, u32 extra_info) 3921 { 3922 __u32 additional_info = OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO | 3923 extra_info; 3924 *plen = 0; 3925 3926 return query_info(xid, tcon, persistent_fid, volatile_fid, 3927 0, SMB2_O_INFO_SECURITY, additional_info, 3928 SMB2_MAX_BUFFER_SIZE, MIN_SEC_DESC_LEN, data, plen); 3929 } 3930 3931 int 3932 SMB2_get_srv_num(const unsigned int xid, struct cifs_tcon *tcon, 3933 u64 persistent_fid, u64 volatile_fid, __le64 *uniqueid) 3934 { 3935 return query_info(xid, tcon, persistent_fid, volatile_fid, 3936 FILE_INTERNAL_INFORMATION, SMB2_O_INFO_FILE, 0, 3937 sizeof(struct smb2_file_internal_info), 3938 sizeof(struct smb2_file_internal_info), 3939 (void **)&uniqueid, NULL); 3940 } 3941 3942 /* 3943 * CHANGE_NOTIFY Request is sent to get notifications on changes to a directory 3944 * See MS-SMB2 2.2.35 and 2.2.36 3945 */ 3946 3947 static int 3948 SMB2_notify_init(const unsigned int xid, struct smb_rqst *rqst, 3949 struct cifs_tcon *tcon, struct TCP_Server_Info *server, 3950 u64 persistent_fid, u64 volatile_fid, 3951 u32 completion_filter, bool watch_tree) 3952 { 3953 struct smb2_change_notify_req *req; 3954 struct kvec *iov = rqst->rq_iov; 3955 unsigned int total_len; 3956 int rc; 3957 3958 rc = smb2_plain_req_init(SMB2_CHANGE_NOTIFY, tcon, server, 3959 (void **) &req, &total_len); 3960 if (rc) 3961 return rc; 3962 3963 req->PersistentFileId = persistent_fid; 3964 req->VolatileFileId = volatile_fid; 3965 /* See note 354 of MS-SMB2, 64K max */ 3966 req->OutputBufferLength = 3967 cpu_to_le32(SMB2_MAX_BUFFER_SIZE - MAX_SMB2_HDR_SIZE); 3968 req->CompletionFilter = cpu_to_le32(completion_filter); 3969 if (watch_tree) 3970 req->Flags = cpu_to_le16(SMB2_WATCH_TREE); 3971 else 3972 req->Flags = 0; 3973 3974 iov[0].iov_base = (char *)req; 3975 iov[0].iov_len = total_len; 3976 3977 return 0; 3978 } 3979 3980 int 3981 SMB2_change_notify(const unsigned int xid, struct cifs_tcon *tcon, 3982 u64 persistent_fid, u64 volatile_fid, bool watch_tree, 3983 u32 completion_filter, u32 max_out_data_len, char **out_data, 3984 u32 *plen /* returned data len */) 3985 { 3986 struct cifs_ses *ses = tcon->ses; 3987 struct TCP_Server_Info *server; 3988 struct smb_rqst rqst; 3989 struct smb2_change_notify_rsp *smb_rsp; 3990 struct kvec iov[1]; 3991 struct kvec rsp_iov = {NULL, 0}; 3992 int resp_buftype = CIFS_NO_BUFFER; 3993 int flags = 0; 3994 int rc = 0; 3995 int retries = 0, cur_sleep = 1; 3996 3997 replay_again: 3998 /* reinitialize for possible replay */ 3999 flags = 0; 4000 server = cifs_pick_channel(ses); 4001 4002 cifs_dbg(FYI, "change notify\n"); 4003 if (!ses || !server) 4004 return -EIO; 4005 4006 if (smb3_encryption_required(tcon)) 4007 flags |= CIFS_TRANSFORM_REQ; 4008 4009 memset(&rqst, 0, sizeof(struct smb_rqst)); 4010 memset(&iov, 0, sizeof(iov)); 4011 if (plen) 4012 *plen = 0; 4013 4014 rqst.rq_iov = iov; 4015 rqst.rq_nvec = 1; 4016 4017 rc = SMB2_notify_init(xid, &rqst, tcon, server, 4018 persistent_fid, volatile_fid, 4019 completion_filter, watch_tree); 4020 if (rc) 4021 goto cnotify_exit; 4022 4023 trace_smb3_notify_enter(xid, persistent_fid, tcon->tid, ses->Suid, 4024 (u8)watch_tree, completion_filter); 4025 4026 if (retries) 4027 smb2_set_replay(server, &rqst); 4028 4029 rc = cifs_send_recv(xid, ses, server, 4030 &rqst, &resp_buftype, flags, &rsp_iov); 4031 4032 if (rc != 0) { 4033 cifs_stats_fail_inc(tcon, SMB2_CHANGE_NOTIFY_HE); 4034 trace_smb3_notify_err(xid, persistent_fid, tcon->tid, ses->Suid, 4035 (u8)watch_tree, completion_filter, rc); 4036 } else { 4037 trace_smb3_notify_done(xid, persistent_fid, tcon->tid, 4038 ses->Suid, (u8)watch_tree, completion_filter); 4039 /* validate that notify information is plausible */ 4040 if ((rsp_iov.iov_base == NULL) || 4041 (rsp_iov.iov_len < sizeof(struct smb2_change_notify_rsp) + 1)) 4042 goto cnotify_exit; 4043 4044 smb_rsp = (struct smb2_change_notify_rsp *)rsp_iov.iov_base; 4045 4046 smb2_validate_iov(le16_to_cpu(smb_rsp->OutputBufferOffset), 4047 le32_to_cpu(smb_rsp->OutputBufferLength), &rsp_iov, 4048 sizeof(struct file_notify_information)); 4049 4050 *out_data = kmemdup((char *)smb_rsp + le16_to_cpu(smb_rsp->OutputBufferOffset), 4051 le32_to_cpu(smb_rsp->OutputBufferLength), GFP_KERNEL); 4052 if (*out_data == NULL) { 4053 rc = -ENOMEM; 4054 goto cnotify_exit; 4055 } else if (plen) 4056 *plen = le32_to_cpu(smb_rsp->OutputBufferLength); 4057 } 4058 4059 cnotify_exit: 4060 if (rqst.rq_iov) 4061 cifs_small_buf_release(rqst.rq_iov[0].iov_base); /* request */ 4062 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 4063 4064 if (is_replayable_error(rc) && 4065 smb2_should_replay(tcon, &retries, &cur_sleep)) 4066 goto replay_again; 4067 4068 return rc; 4069 } 4070 4071 4072 4073 /* 4074 * This is a no-op for now. We're not really interested in the reply, but 4075 * rather in the fact that the server sent one and that server->lstrp 4076 * gets updated. 4077 * 4078 * FIXME: maybe we should consider checking that the reply matches request? 4079 */ 4080 static void 4081 smb2_echo_callback(struct mid_q_entry *mid) 4082 { 4083 struct TCP_Server_Info *server = mid->callback_data; 4084 struct smb2_echo_rsp *rsp = (struct smb2_echo_rsp *)mid->resp_buf; 4085 struct cifs_credits credits = { .value = 0, .instance = 0 }; 4086 4087 if (mid->mid_state == MID_RESPONSE_RECEIVED 4088 || mid->mid_state == MID_RESPONSE_MALFORMED) { 4089 credits.value = le16_to_cpu(rsp->hdr.CreditRequest); 4090 credits.instance = server->reconnect_instance; 4091 } 4092 4093 release_mid(mid); 4094 add_credits(server, &credits, CIFS_ECHO_OP); 4095 } 4096 4097 void smb2_reconnect_server(struct work_struct *work) 4098 { 4099 struct TCP_Server_Info *server = container_of(work, 4100 struct TCP_Server_Info, reconnect.work); 4101 struct TCP_Server_Info *pserver; 4102 struct cifs_ses *ses, *ses2; 4103 struct cifs_tcon *tcon, *tcon2; 4104 struct list_head tmp_list, tmp_ses_list; 4105 bool ses_exist = false; 4106 bool tcon_selected = false; 4107 int rc; 4108 bool resched = false; 4109 4110 /* first check if ref count has reached 0, if not inc ref count */ 4111 spin_lock(&cifs_tcp_ses_lock); 4112 if (!server->srv_count) { 4113 spin_unlock(&cifs_tcp_ses_lock); 4114 return; 4115 } 4116 server->srv_count++; 4117 spin_unlock(&cifs_tcp_ses_lock); 4118 4119 /* If server is a channel, select the primary channel */ 4120 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server; 4121 4122 /* Prevent simultaneous reconnects that can corrupt tcon->rlist list */ 4123 mutex_lock(&pserver->reconnect_mutex); 4124 4125 /* if the server is marked for termination, drop the ref count here */ 4126 if (server->terminate) { 4127 cifs_put_tcp_session(server, true); 4128 mutex_unlock(&pserver->reconnect_mutex); 4129 return; 4130 } 4131 4132 INIT_LIST_HEAD(&tmp_list); 4133 INIT_LIST_HEAD(&tmp_ses_list); 4134 cifs_dbg(FYI, "Reconnecting tcons and channels\n"); 4135 4136 spin_lock(&cifs_tcp_ses_lock); 4137 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) { 4138 spin_lock(&ses->ses_lock); 4139 if (ses->ses_status == SES_EXITING) { 4140 spin_unlock(&ses->ses_lock); 4141 continue; 4142 } 4143 spin_unlock(&ses->ses_lock); 4144 4145 tcon_selected = false; 4146 4147 list_for_each_entry(tcon, &ses->tcon_list, tcon_list) { 4148 if (tcon->need_reconnect || tcon->need_reopen_files) { 4149 tcon->tc_count++; 4150 trace_smb3_tcon_ref(tcon->debug_id, tcon->tc_count, 4151 netfs_trace_tcon_ref_get_reconnect_server); 4152 list_add_tail(&tcon->rlist, &tmp_list); 4153 tcon_selected = true; 4154 } 4155 } 4156 /* 4157 * IPC has the same lifetime as its session and uses its 4158 * refcount. 4159 */ 4160 if (ses->tcon_ipc && ses->tcon_ipc->need_reconnect) { 4161 list_add_tail(&ses->tcon_ipc->rlist, &tmp_list); 4162 tcon_selected = true; 4163 cifs_smb_ses_inc_refcount(ses); 4164 } 4165 /* 4166 * handle the case where channel needs to reconnect 4167 * binding session, but tcon is healthy (some other channel 4168 * is active) 4169 */ 4170 spin_lock(&ses->chan_lock); 4171 if (!tcon_selected && cifs_chan_needs_reconnect(ses, server)) { 4172 list_add_tail(&ses->rlist, &tmp_ses_list); 4173 ses_exist = true; 4174 cifs_smb_ses_inc_refcount(ses); 4175 } 4176 spin_unlock(&ses->chan_lock); 4177 } 4178 spin_unlock(&cifs_tcp_ses_lock); 4179 4180 list_for_each_entry_safe(tcon, tcon2, &tmp_list, rlist) { 4181 rc = smb2_reconnect(SMB2_INTERNAL_CMD, tcon, server, true); 4182 if (!rc) 4183 cifs_reopen_persistent_handles(tcon); 4184 else 4185 resched = true; 4186 list_del_init(&tcon->rlist); 4187 if (tcon->ipc) 4188 cifs_put_smb_ses(tcon->ses); 4189 else 4190 cifs_put_tcon(tcon, netfs_trace_tcon_ref_put_reconnect_server); 4191 } 4192 4193 if (!ses_exist) 4194 goto done; 4195 4196 /* allocate a dummy tcon struct used for reconnect */ 4197 tcon = tcon_info_alloc(false, netfs_trace_tcon_ref_new_reconnect_server); 4198 if (!tcon) { 4199 resched = true; 4200 list_for_each_entry_safe(ses, ses2, &tmp_ses_list, rlist) { 4201 list_del_init(&ses->rlist); 4202 cifs_put_smb_ses(ses); 4203 } 4204 goto done; 4205 } 4206 4207 tcon->status = TID_GOOD; 4208 tcon->retry = false; 4209 tcon->need_reconnect = false; 4210 4211 /* now reconnect sessions for necessary channels */ 4212 list_for_each_entry_safe(ses, ses2, &tmp_ses_list, rlist) { 4213 tcon->ses = ses; 4214 rc = smb2_reconnect(SMB2_INTERNAL_CMD, tcon, server, true); 4215 if (rc) 4216 resched = true; 4217 list_del_init(&ses->rlist); 4218 cifs_put_smb_ses(ses); 4219 } 4220 tconInfoFree(tcon, netfs_trace_tcon_ref_free_reconnect_server); 4221 4222 done: 4223 cifs_dbg(FYI, "Reconnecting tcons and channels finished\n"); 4224 if (resched) 4225 queue_delayed_work(cifsiod_wq, &server->reconnect, 2 * HZ); 4226 mutex_unlock(&pserver->reconnect_mutex); 4227 4228 /* now we can safely release srv struct */ 4229 cifs_put_tcp_session(server, true); 4230 } 4231 4232 int 4233 SMB2_echo(struct TCP_Server_Info *server) 4234 { 4235 struct smb2_echo_req *req; 4236 int rc = 0; 4237 struct kvec iov[1]; 4238 struct smb_rqst rqst = { .rq_iov = iov, 4239 .rq_nvec = 1 }; 4240 unsigned int total_len; 4241 4242 cifs_dbg(FYI, "In echo request for conn_id %lld\n", server->conn_id); 4243 4244 spin_lock(&server->srv_lock); 4245 if (server->ops->need_neg && 4246 server->ops->need_neg(server)) { 4247 spin_unlock(&server->srv_lock); 4248 /* No need to send echo on newly established connections */ 4249 mod_delayed_work(cifsiod_wq, &server->reconnect, 0); 4250 return rc; 4251 } 4252 spin_unlock(&server->srv_lock); 4253 4254 rc = smb2_plain_req_init(SMB2_ECHO, NULL, server, 4255 (void **)&req, &total_len); 4256 if (rc) 4257 return rc; 4258 4259 req->hdr.CreditRequest = cpu_to_le16(1); 4260 4261 iov[0].iov_len = total_len; 4262 iov[0].iov_base = (char *)req; 4263 4264 rc = cifs_call_async(server, &rqst, NULL, smb2_echo_callback, NULL, 4265 server, CIFS_ECHO_OP, NULL); 4266 if (rc) 4267 cifs_dbg(FYI, "Echo request failed: %d\n", rc); 4268 4269 cifs_small_buf_release(req); 4270 return rc; 4271 } 4272 4273 void 4274 SMB2_flush_free(struct smb_rqst *rqst) 4275 { 4276 if (rqst && rqst->rq_iov) 4277 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */ 4278 } 4279 4280 int 4281 SMB2_flush_init(const unsigned int xid, struct smb_rqst *rqst, 4282 struct cifs_tcon *tcon, struct TCP_Server_Info *server, 4283 u64 persistent_fid, u64 volatile_fid) 4284 { 4285 struct smb2_flush_req *req; 4286 struct kvec *iov = rqst->rq_iov; 4287 unsigned int total_len; 4288 int rc; 4289 4290 rc = smb2_plain_req_init(SMB2_FLUSH, tcon, server, 4291 (void **) &req, &total_len); 4292 if (rc) 4293 return rc; 4294 4295 req->PersistentFileId = persistent_fid; 4296 req->VolatileFileId = volatile_fid; 4297 4298 iov[0].iov_base = (char *)req; 4299 iov[0].iov_len = total_len; 4300 4301 return 0; 4302 } 4303 4304 int 4305 SMB2_flush(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid, 4306 u64 volatile_fid) 4307 { 4308 struct cifs_ses *ses = tcon->ses; 4309 struct smb_rqst rqst; 4310 struct kvec iov[1]; 4311 struct kvec rsp_iov = {NULL, 0}; 4312 struct TCP_Server_Info *server; 4313 int resp_buftype = CIFS_NO_BUFFER; 4314 int flags = 0; 4315 int rc = 0; 4316 int retries = 0, cur_sleep = 1; 4317 4318 replay_again: 4319 /* reinitialize for possible replay */ 4320 flags = 0; 4321 server = cifs_pick_channel(ses); 4322 4323 cifs_dbg(FYI, "flush\n"); 4324 if (!ses || !(ses->server)) 4325 return -EIO; 4326 4327 if (smb3_encryption_required(tcon)) 4328 flags |= CIFS_TRANSFORM_REQ; 4329 4330 memset(&rqst, 0, sizeof(struct smb_rqst)); 4331 memset(&iov, 0, sizeof(iov)); 4332 rqst.rq_iov = iov; 4333 rqst.rq_nvec = 1; 4334 4335 rc = SMB2_flush_init(xid, &rqst, tcon, server, 4336 persistent_fid, volatile_fid); 4337 if (rc) 4338 goto flush_exit; 4339 4340 trace_smb3_flush_enter(xid, persistent_fid, tcon->tid, ses->Suid); 4341 4342 if (retries) 4343 smb2_set_replay(server, &rqst); 4344 4345 rc = cifs_send_recv(xid, ses, server, 4346 &rqst, &resp_buftype, flags, &rsp_iov); 4347 4348 if (rc != 0) { 4349 cifs_stats_fail_inc(tcon, SMB2_FLUSH_HE); 4350 trace_smb3_flush_err(xid, persistent_fid, tcon->tid, ses->Suid, 4351 rc); 4352 } else 4353 trace_smb3_flush_done(xid, persistent_fid, tcon->tid, 4354 ses->Suid); 4355 4356 flush_exit: 4357 SMB2_flush_free(&rqst); 4358 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 4359 4360 if (is_replayable_error(rc) && 4361 smb2_should_replay(tcon, &retries, &cur_sleep)) 4362 goto replay_again; 4363 4364 return rc; 4365 } 4366 4367 #ifdef CONFIG_CIFS_SMB_DIRECT 4368 static inline bool smb3_use_rdma_offload(struct cifs_io_parms *io_parms) 4369 { 4370 struct TCP_Server_Info *server = io_parms->server; 4371 struct cifs_tcon *tcon = io_parms->tcon; 4372 4373 /* we can only offload if we're connected */ 4374 if (!server || !tcon) 4375 return false; 4376 4377 /* we can only offload on an rdma connection */ 4378 if (!server->rdma || !server->smbd_conn) 4379 return false; 4380 4381 /* we don't support signed offload yet */ 4382 if (server->sign) 4383 return false; 4384 4385 /* we don't support encrypted offload yet */ 4386 if (smb3_encryption_required(tcon)) 4387 return false; 4388 4389 /* offload also has its overhead, so only do it if desired */ 4390 if (io_parms->length < server->smbd_conn->rdma_readwrite_threshold) 4391 return false; 4392 4393 return true; 4394 } 4395 #endif /* CONFIG_CIFS_SMB_DIRECT */ 4396 4397 /* 4398 * To form a chain of read requests, any read requests after the first should 4399 * have the end_of_chain boolean set to true. 4400 */ 4401 static int 4402 smb2_new_read_req(void **buf, unsigned int *total_len, 4403 struct cifs_io_parms *io_parms, struct cifs_readdata *rdata, 4404 unsigned int remaining_bytes, int request_type) 4405 { 4406 int rc = -EACCES; 4407 struct smb2_read_req *req = NULL; 4408 struct smb2_hdr *shdr; 4409 struct TCP_Server_Info *server = io_parms->server; 4410 4411 rc = smb2_plain_req_init(SMB2_READ, io_parms->tcon, server, 4412 (void **) &req, total_len); 4413 if (rc) 4414 return rc; 4415 4416 if (server == NULL) 4417 return -ECONNABORTED; 4418 4419 shdr = &req->hdr; 4420 shdr->Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid); 4421 4422 req->PersistentFileId = io_parms->persistent_fid; 4423 req->VolatileFileId = io_parms->volatile_fid; 4424 req->ReadChannelInfoOffset = 0; /* reserved */ 4425 req->ReadChannelInfoLength = 0; /* reserved */ 4426 req->Channel = 0; /* reserved */ 4427 req->MinimumCount = 0; 4428 req->Length = cpu_to_le32(io_parms->length); 4429 req->Offset = cpu_to_le64(io_parms->offset); 4430 4431 trace_smb3_read_enter(0 /* xid */, 4432 io_parms->persistent_fid, 4433 io_parms->tcon->tid, io_parms->tcon->ses->Suid, 4434 io_parms->offset, io_parms->length); 4435 #ifdef CONFIG_CIFS_SMB_DIRECT 4436 /* 4437 * If we want to do a RDMA write, fill in and append 4438 * smbd_buffer_descriptor_v1 to the end of read request 4439 */ 4440 if (rdata && smb3_use_rdma_offload(io_parms)) { 4441 struct smbd_buffer_descriptor_v1 *v1; 4442 bool need_invalidate = server->dialect == SMB30_PROT_ID; 4443 4444 rdata->mr = smbd_register_mr(server->smbd_conn, &rdata->iter, 4445 true, need_invalidate); 4446 if (!rdata->mr) 4447 return -EAGAIN; 4448 4449 req->Channel = SMB2_CHANNEL_RDMA_V1_INVALIDATE; 4450 if (need_invalidate) 4451 req->Channel = SMB2_CHANNEL_RDMA_V1; 4452 req->ReadChannelInfoOffset = 4453 cpu_to_le16(offsetof(struct smb2_read_req, Buffer)); 4454 req->ReadChannelInfoLength = 4455 cpu_to_le16(sizeof(struct smbd_buffer_descriptor_v1)); 4456 v1 = (struct smbd_buffer_descriptor_v1 *) &req->Buffer[0]; 4457 v1->offset = cpu_to_le64(rdata->mr->mr->iova); 4458 v1->token = cpu_to_le32(rdata->mr->mr->rkey); 4459 v1->length = cpu_to_le32(rdata->mr->mr->length); 4460 4461 *total_len += sizeof(*v1) - 1; 4462 } 4463 #endif 4464 if (request_type & CHAINED_REQUEST) { 4465 if (!(request_type & END_OF_CHAIN)) { 4466 /* next 8-byte aligned request */ 4467 *total_len = ALIGN(*total_len, 8); 4468 shdr->NextCommand = cpu_to_le32(*total_len); 4469 } else /* END_OF_CHAIN */ 4470 shdr->NextCommand = 0; 4471 if (request_type & RELATED_REQUEST) { 4472 shdr->Flags |= SMB2_FLAGS_RELATED_OPERATIONS; 4473 /* 4474 * Related requests use info from previous read request 4475 * in chain. 4476 */ 4477 shdr->SessionId = cpu_to_le64(0xFFFFFFFFFFFFFFFF); 4478 shdr->Id.SyncId.TreeId = cpu_to_le32(0xFFFFFFFF); 4479 req->PersistentFileId = (u64)-1; 4480 req->VolatileFileId = (u64)-1; 4481 } 4482 } 4483 if (remaining_bytes > io_parms->length) 4484 req->RemainingBytes = cpu_to_le32(remaining_bytes); 4485 else 4486 req->RemainingBytes = 0; 4487 4488 *buf = req; 4489 return rc; 4490 } 4491 4492 static void 4493 smb2_readv_callback(struct mid_q_entry *mid) 4494 { 4495 struct cifs_readdata *rdata = mid->callback_data; 4496 struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink); 4497 struct TCP_Server_Info *server = rdata->server; 4498 struct smb2_hdr *shdr = 4499 (struct smb2_hdr *)rdata->iov[0].iov_base; 4500 struct cifs_credits credits = { .value = 0, .instance = 0 }; 4501 struct smb_rqst rqst = { .rq_iov = &rdata->iov[1], .rq_nvec = 1 }; 4502 4503 if (rdata->got_bytes) { 4504 rqst.rq_iter = rdata->iter; 4505 rqst.rq_iter_size = iov_iter_count(&rdata->iter); 4506 } 4507 4508 WARN_ONCE(rdata->server != mid->server, 4509 "rdata server %p != mid server %p", 4510 rdata->server, mid->server); 4511 4512 cifs_dbg(FYI, "%s: mid=%llu state=%d result=%d bytes=%u\n", 4513 __func__, mid->mid, mid->mid_state, rdata->result, 4514 rdata->bytes); 4515 4516 switch (mid->mid_state) { 4517 case MID_RESPONSE_RECEIVED: 4518 credits.value = le16_to_cpu(shdr->CreditRequest); 4519 credits.instance = server->reconnect_instance; 4520 /* result already set, check signature */ 4521 if (server->sign && !mid->decrypted) { 4522 int rc; 4523 4524 iov_iter_revert(&rqst.rq_iter, rdata->got_bytes); 4525 iov_iter_truncate(&rqst.rq_iter, rdata->got_bytes); 4526 rc = smb2_verify_signature(&rqst, server); 4527 if (rc) 4528 cifs_tcon_dbg(VFS, "SMB signature verification returned error = %d\n", 4529 rc); 4530 } 4531 /* FIXME: should this be counted toward the initiating task? */ 4532 task_io_account_read(rdata->got_bytes); 4533 cifs_stats_bytes_read(tcon, rdata->got_bytes); 4534 break; 4535 case MID_REQUEST_SUBMITTED: 4536 case MID_RETRY_NEEDED: 4537 rdata->result = -EAGAIN; 4538 if (server->sign && rdata->got_bytes) 4539 /* reset bytes number since we can not check a sign */ 4540 rdata->got_bytes = 0; 4541 /* FIXME: should this be counted toward the initiating task? */ 4542 task_io_account_read(rdata->got_bytes); 4543 cifs_stats_bytes_read(tcon, rdata->got_bytes); 4544 break; 4545 case MID_RESPONSE_MALFORMED: 4546 credits.value = le16_to_cpu(shdr->CreditRequest); 4547 credits.instance = server->reconnect_instance; 4548 fallthrough; 4549 default: 4550 rdata->result = -EIO; 4551 } 4552 #ifdef CONFIG_CIFS_SMB_DIRECT 4553 /* 4554 * If this rdata has a memmory registered, the MR can be freed 4555 * MR needs to be freed as soon as I/O finishes to prevent deadlock 4556 * because they have limited number and are used for future I/Os 4557 */ 4558 if (rdata->mr) { 4559 smbd_deregister_mr(rdata->mr); 4560 rdata->mr = NULL; 4561 } 4562 #endif 4563 if (rdata->result && rdata->result != -ENODATA) { 4564 cifs_stats_fail_inc(tcon, SMB2_READ_HE); 4565 trace_smb3_read_err(0 /* xid */, 4566 rdata->cfile->fid.persistent_fid, 4567 tcon->tid, tcon->ses->Suid, rdata->offset, 4568 rdata->bytes, rdata->result); 4569 } else 4570 trace_smb3_read_done(0 /* xid */, 4571 rdata->cfile->fid.persistent_fid, 4572 tcon->tid, tcon->ses->Suid, 4573 rdata->offset, rdata->got_bytes); 4574 4575 queue_work(cifsiod_wq, &rdata->work); 4576 release_mid(mid); 4577 add_credits(server, &credits, 0); 4578 } 4579 4580 /* smb2_async_readv - send an async read, and set up mid to handle result */ 4581 int 4582 smb2_async_readv(struct cifs_readdata *rdata) 4583 { 4584 int rc, flags = 0; 4585 char *buf; 4586 struct smb2_hdr *shdr; 4587 struct cifs_io_parms io_parms; 4588 struct smb_rqst rqst = { .rq_iov = rdata->iov, 4589 .rq_nvec = 1 }; 4590 struct TCP_Server_Info *server; 4591 struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink); 4592 unsigned int total_len; 4593 int credit_request; 4594 4595 cifs_dbg(FYI, "%s: offset=%llu bytes=%u\n", 4596 __func__, rdata->offset, rdata->bytes); 4597 4598 if (!rdata->server) 4599 rdata->server = cifs_pick_channel(tcon->ses); 4600 4601 io_parms.tcon = tlink_tcon(rdata->cfile->tlink); 4602 io_parms.server = server = rdata->server; 4603 io_parms.offset = rdata->offset; 4604 io_parms.length = rdata->bytes; 4605 io_parms.persistent_fid = rdata->cfile->fid.persistent_fid; 4606 io_parms.volatile_fid = rdata->cfile->fid.volatile_fid; 4607 io_parms.pid = rdata->pid; 4608 4609 rc = smb2_new_read_req( 4610 (void **) &buf, &total_len, &io_parms, rdata, 0, 0); 4611 if (rc) 4612 return rc; 4613 4614 if (smb3_encryption_required(io_parms.tcon)) 4615 flags |= CIFS_TRANSFORM_REQ; 4616 4617 rdata->iov[0].iov_base = buf; 4618 rdata->iov[0].iov_len = total_len; 4619 4620 shdr = (struct smb2_hdr *)buf; 4621 4622 if (rdata->credits.value > 0) { 4623 shdr->CreditCharge = cpu_to_le16(DIV_ROUND_UP(rdata->bytes, 4624 SMB2_MAX_BUFFER_SIZE)); 4625 credit_request = le16_to_cpu(shdr->CreditCharge) + 8; 4626 if (server->credits >= server->max_credits) 4627 shdr->CreditRequest = cpu_to_le16(0); 4628 else 4629 shdr->CreditRequest = cpu_to_le16( 4630 min_t(int, server->max_credits - 4631 server->credits, credit_request)); 4632 4633 rc = adjust_credits(server, &rdata->credits, rdata->bytes); 4634 if (rc) 4635 goto async_readv_out; 4636 4637 flags |= CIFS_HAS_CREDITS; 4638 } 4639 4640 kref_get(&rdata->refcount); 4641 rc = cifs_call_async(server, &rqst, 4642 cifs_readv_receive, smb2_readv_callback, 4643 smb3_handle_read_data, rdata, flags, 4644 &rdata->credits); 4645 if (rc) { 4646 kref_put(&rdata->refcount, cifs_readdata_release); 4647 cifs_stats_fail_inc(io_parms.tcon, SMB2_READ_HE); 4648 trace_smb3_read_err(0 /* xid */, io_parms.persistent_fid, 4649 io_parms.tcon->tid, 4650 io_parms.tcon->ses->Suid, 4651 io_parms.offset, io_parms.length, rc); 4652 } 4653 4654 async_readv_out: 4655 cifs_small_buf_release(buf); 4656 return rc; 4657 } 4658 4659 int 4660 SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms, 4661 unsigned int *nbytes, char **buf, int *buf_type) 4662 { 4663 struct smb_rqst rqst; 4664 int resp_buftype, rc; 4665 struct smb2_read_req *req = NULL; 4666 struct smb2_read_rsp *rsp = NULL; 4667 struct kvec iov[1]; 4668 struct kvec rsp_iov; 4669 unsigned int total_len; 4670 int flags = CIFS_LOG_ERROR; 4671 struct cifs_ses *ses = io_parms->tcon->ses; 4672 4673 if (!io_parms->server) 4674 io_parms->server = cifs_pick_channel(io_parms->tcon->ses); 4675 4676 *nbytes = 0; 4677 rc = smb2_new_read_req((void **)&req, &total_len, io_parms, NULL, 0, 0); 4678 if (rc) 4679 return rc; 4680 4681 if (smb3_encryption_required(io_parms->tcon)) 4682 flags |= CIFS_TRANSFORM_REQ; 4683 4684 iov[0].iov_base = (char *)req; 4685 iov[0].iov_len = total_len; 4686 4687 memset(&rqst, 0, sizeof(struct smb_rqst)); 4688 rqst.rq_iov = iov; 4689 rqst.rq_nvec = 1; 4690 4691 rc = cifs_send_recv(xid, ses, io_parms->server, 4692 &rqst, &resp_buftype, flags, &rsp_iov); 4693 rsp = (struct smb2_read_rsp *)rsp_iov.iov_base; 4694 4695 if (rc) { 4696 if (rc != -ENODATA) { 4697 cifs_stats_fail_inc(io_parms->tcon, SMB2_READ_HE); 4698 cifs_dbg(VFS, "Send error in read = %d\n", rc); 4699 trace_smb3_read_err(xid, 4700 req->PersistentFileId, 4701 io_parms->tcon->tid, ses->Suid, 4702 io_parms->offset, io_parms->length, 4703 rc); 4704 } else 4705 trace_smb3_read_done(xid, req->PersistentFileId, io_parms->tcon->tid, 4706 ses->Suid, io_parms->offset, 0); 4707 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 4708 cifs_small_buf_release(req); 4709 return rc == -ENODATA ? 0 : rc; 4710 } else 4711 trace_smb3_read_done(xid, 4712 req->PersistentFileId, 4713 io_parms->tcon->tid, ses->Suid, 4714 io_parms->offset, io_parms->length); 4715 4716 cifs_small_buf_release(req); 4717 4718 *nbytes = le32_to_cpu(rsp->DataLength); 4719 if ((*nbytes > CIFS_MAX_MSGSIZE) || 4720 (*nbytes > io_parms->length)) { 4721 cifs_dbg(FYI, "bad length %d for count %d\n", 4722 *nbytes, io_parms->length); 4723 rc = -EIO; 4724 *nbytes = 0; 4725 } 4726 4727 if (*buf) { 4728 memcpy(*buf, (char *)rsp + rsp->DataOffset, *nbytes); 4729 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 4730 } else if (resp_buftype != CIFS_NO_BUFFER) { 4731 *buf = rsp_iov.iov_base; 4732 if (resp_buftype == CIFS_SMALL_BUFFER) 4733 *buf_type = CIFS_SMALL_BUFFER; 4734 else if (resp_buftype == CIFS_LARGE_BUFFER) 4735 *buf_type = CIFS_LARGE_BUFFER; 4736 } 4737 return rc; 4738 } 4739 4740 /* 4741 * Check the mid_state and signature on received buffer (if any), and queue the 4742 * workqueue completion task. 4743 */ 4744 static void 4745 smb2_writev_callback(struct mid_q_entry *mid) 4746 { 4747 struct cifs_writedata *wdata = mid->callback_data; 4748 struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink); 4749 struct TCP_Server_Info *server = wdata->server; 4750 unsigned int written; 4751 struct smb2_write_rsp *rsp = (struct smb2_write_rsp *)mid->resp_buf; 4752 struct cifs_credits credits = { .value = 0, .instance = 0 }; 4753 4754 WARN_ONCE(wdata->server != mid->server, 4755 "wdata server %p != mid server %p", 4756 wdata->server, mid->server); 4757 4758 switch (mid->mid_state) { 4759 case MID_RESPONSE_RECEIVED: 4760 credits.value = le16_to_cpu(rsp->hdr.CreditRequest); 4761 credits.instance = server->reconnect_instance; 4762 wdata->result = smb2_check_receive(mid, server, 0); 4763 if (wdata->result != 0) 4764 break; 4765 4766 written = le32_to_cpu(rsp->DataLength); 4767 /* 4768 * Mask off high 16 bits when bytes written as returned 4769 * by the server is greater than bytes requested by the 4770 * client. OS/2 servers are known to set incorrect 4771 * CountHigh values. 4772 */ 4773 if (written > wdata->bytes) 4774 written &= 0xFFFF; 4775 4776 if (written < wdata->bytes) 4777 wdata->result = -ENOSPC; 4778 else 4779 wdata->bytes = written; 4780 break; 4781 case MID_REQUEST_SUBMITTED: 4782 case MID_RETRY_NEEDED: 4783 wdata->result = -EAGAIN; 4784 break; 4785 case MID_RESPONSE_MALFORMED: 4786 credits.value = le16_to_cpu(rsp->hdr.CreditRequest); 4787 credits.instance = server->reconnect_instance; 4788 fallthrough; 4789 default: 4790 wdata->result = -EIO; 4791 break; 4792 } 4793 #ifdef CONFIG_CIFS_SMB_DIRECT 4794 /* 4795 * If this wdata has a memory registered, the MR can be freed 4796 * The number of MRs available is limited, it's important to recover 4797 * used MR as soon as I/O is finished. Hold MR longer in the later 4798 * I/O process can possibly result in I/O deadlock due to lack of MR 4799 * to send request on I/O retry 4800 */ 4801 if (wdata->mr) { 4802 smbd_deregister_mr(wdata->mr); 4803 wdata->mr = NULL; 4804 } 4805 #endif 4806 if (wdata->result) { 4807 cifs_stats_fail_inc(tcon, SMB2_WRITE_HE); 4808 trace_smb3_write_err(0 /* no xid */, 4809 wdata->cfile->fid.persistent_fid, 4810 tcon->tid, tcon->ses->Suid, wdata->offset, 4811 wdata->bytes, wdata->result); 4812 if (wdata->result == -ENOSPC) 4813 pr_warn_once("Out of space writing to %s\n", 4814 tcon->tree_name); 4815 } else 4816 trace_smb3_write_done(0 /* no xid */, 4817 wdata->cfile->fid.persistent_fid, 4818 tcon->tid, tcon->ses->Suid, 4819 wdata->offset, wdata->bytes); 4820 4821 queue_work(cifsiod_wq, &wdata->work); 4822 release_mid(mid); 4823 add_credits(server, &credits, 0); 4824 } 4825 4826 /* smb2_async_writev - send an async write, and set up mid to handle result */ 4827 int 4828 smb2_async_writev(struct cifs_writedata *wdata, 4829 void (*release)(struct kref *kref)) 4830 { 4831 int rc = -EACCES, flags = 0; 4832 struct smb2_write_req *req = NULL; 4833 struct smb2_hdr *shdr; 4834 struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink); 4835 struct TCP_Server_Info *server = wdata->server; 4836 struct kvec iov[1]; 4837 struct smb_rqst rqst = { }; 4838 unsigned int total_len; 4839 struct cifs_io_parms _io_parms; 4840 struct cifs_io_parms *io_parms = NULL; 4841 int credit_request; 4842 4843 if (!wdata->server || wdata->replay) 4844 server = wdata->server = cifs_pick_channel(tcon->ses); 4845 4846 /* 4847 * in future we may get cifs_io_parms passed in from the caller, 4848 * but for now we construct it here... 4849 */ 4850 _io_parms = (struct cifs_io_parms) { 4851 .tcon = tcon, 4852 .server = server, 4853 .offset = wdata->offset, 4854 .length = wdata->bytes, 4855 .persistent_fid = wdata->cfile->fid.persistent_fid, 4856 .volatile_fid = wdata->cfile->fid.volatile_fid, 4857 .pid = wdata->pid, 4858 }; 4859 io_parms = &_io_parms; 4860 4861 rc = smb2_plain_req_init(SMB2_WRITE, tcon, server, 4862 (void **) &req, &total_len); 4863 if (rc) 4864 return rc; 4865 4866 if (smb3_encryption_required(tcon)) 4867 flags |= CIFS_TRANSFORM_REQ; 4868 4869 shdr = (struct smb2_hdr *)req; 4870 shdr->Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid); 4871 4872 req->PersistentFileId = io_parms->persistent_fid; 4873 req->VolatileFileId = io_parms->volatile_fid; 4874 req->WriteChannelInfoOffset = 0; 4875 req->WriteChannelInfoLength = 0; 4876 req->Channel = SMB2_CHANNEL_NONE; 4877 req->Offset = cpu_to_le64(io_parms->offset); 4878 req->DataOffset = cpu_to_le16( 4879 offsetof(struct smb2_write_req, Buffer)); 4880 req->RemainingBytes = 0; 4881 4882 trace_smb3_write_enter(0 /* xid */, 4883 io_parms->persistent_fid, 4884 io_parms->tcon->tid, 4885 io_parms->tcon->ses->Suid, 4886 io_parms->offset, 4887 io_parms->length); 4888 4889 #ifdef CONFIG_CIFS_SMB_DIRECT 4890 /* 4891 * If we want to do a server RDMA read, fill in and append 4892 * smbd_buffer_descriptor_v1 to the end of write request 4893 */ 4894 if (smb3_use_rdma_offload(io_parms)) { 4895 struct smbd_buffer_descriptor_v1 *v1; 4896 size_t data_size = iov_iter_count(&wdata->iter); 4897 bool need_invalidate = server->dialect == SMB30_PROT_ID; 4898 4899 wdata->mr = smbd_register_mr(server->smbd_conn, &wdata->iter, 4900 false, need_invalidate); 4901 if (!wdata->mr) { 4902 rc = -EAGAIN; 4903 goto async_writev_out; 4904 } 4905 req->Length = 0; 4906 req->DataOffset = 0; 4907 req->RemainingBytes = cpu_to_le32(data_size); 4908 req->Channel = SMB2_CHANNEL_RDMA_V1_INVALIDATE; 4909 if (need_invalidate) 4910 req->Channel = SMB2_CHANNEL_RDMA_V1; 4911 req->WriteChannelInfoOffset = 4912 cpu_to_le16(offsetof(struct smb2_write_req, Buffer)); 4913 req->WriteChannelInfoLength = 4914 cpu_to_le16(sizeof(struct smbd_buffer_descriptor_v1)); 4915 v1 = (struct smbd_buffer_descriptor_v1 *) &req->Buffer[0]; 4916 v1->offset = cpu_to_le64(wdata->mr->mr->iova); 4917 v1->token = cpu_to_le32(wdata->mr->mr->rkey); 4918 v1->length = cpu_to_le32(wdata->mr->mr->length); 4919 } 4920 #endif 4921 iov[0].iov_len = total_len - 1; 4922 iov[0].iov_base = (char *)req; 4923 4924 rqst.rq_iov = iov; 4925 rqst.rq_nvec = 1; 4926 rqst.rq_iter = wdata->iter; 4927 rqst.rq_iter_size = iov_iter_count(&rqst.rq_iter); 4928 if (wdata->replay) 4929 smb2_set_replay(server, &rqst); 4930 #ifdef CONFIG_CIFS_SMB_DIRECT 4931 if (wdata->mr) 4932 iov[0].iov_len += sizeof(struct smbd_buffer_descriptor_v1); 4933 #endif 4934 cifs_dbg(FYI, "async write at %llu %u bytes iter=%zx\n", 4935 io_parms->offset, io_parms->length, iov_iter_count(&rqst.rq_iter)); 4936 4937 #ifdef CONFIG_CIFS_SMB_DIRECT 4938 /* For RDMA read, I/O size is in RemainingBytes not in Length */ 4939 if (!wdata->mr) 4940 req->Length = cpu_to_le32(io_parms->length); 4941 #else 4942 req->Length = cpu_to_le32(io_parms->length); 4943 #endif 4944 4945 if (wdata->credits.value > 0) { 4946 shdr->CreditCharge = cpu_to_le16(DIV_ROUND_UP(wdata->bytes, 4947 SMB2_MAX_BUFFER_SIZE)); 4948 credit_request = le16_to_cpu(shdr->CreditCharge) + 8; 4949 if (server->credits >= server->max_credits) 4950 shdr->CreditRequest = cpu_to_le16(0); 4951 else 4952 shdr->CreditRequest = cpu_to_le16( 4953 min_t(int, server->max_credits - 4954 server->credits, credit_request)); 4955 4956 rc = adjust_credits(server, &wdata->credits, io_parms->length); 4957 if (rc) 4958 goto async_writev_out; 4959 4960 flags |= CIFS_HAS_CREDITS; 4961 } 4962 4963 kref_get(&wdata->refcount); 4964 rc = cifs_call_async(server, &rqst, NULL, smb2_writev_callback, NULL, 4965 wdata, flags, &wdata->credits); 4966 4967 if (rc) { 4968 trace_smb3_write_err(0 /* no xid */, 4969 io_parms->persistent_fid, 4970 io_parms->tcon->tid, 4971 io_parms->tcon->ses->Suid, 4972 io_parms->offset, 4973 io_parms->length, 4974 rc); 4975 kref_put(&wdata->refcount, release); 4976 cifs_stats_fail_inc(tcon, SMB2_WRITE_HE); 4977 } 4978 4979 async_writev_out: 4980 cifs_small_buf_release(req); 4981 return rc; 4982 } 4983 4984 /* 4985 * SMB2_write function gets iov pointer to kvec array with n_vec as a length. 4986 * The length field from io_parms must be at least 1 and indicates a number of 4987 * elements with data to write that begins with position 1 in iov array. All 4988 * data length is specified by count. 4989 */ 4990 int 4991 SMB2_write(const unsigned int xid, struct cifs_io_parms *io_parms, 4992 unsigned int *nbytes, struct kvec *iov, int n_vec) 4993 { 4994 struct smb_rqst rqst; 4995 int rc = 0; 4996 struct smb2_write_req *req = NULL; 4997 struct smb2_write_rsp *rsp = NULL; 4998 int resp_buftype; 4999 struct kvec rsp_iov; 5000 int flags = 0; 5001 unsigned int total_len; 5002 struct TCP_Server_Info *server; 5003 int retries = 0, cur_sleep = 1; 5004 5005 replay_again: 5006 /* reinitialize for possible replay */ 5007 flags = 0; 5008 *nbytes = 0; 5009 if (!io_parms->server) 5010 io_parms->server = cifs_pick_channel(io_parms->tcon->ses); 5011 server = io_parms->server; 5012 if (server == NULL) 5013 return -ECONNABORTED; 5014 5015 if (n_vec < 1) 5016 return rc; 5017 5018 rc = smb2_plain_req_init(SMB2_WRITE, io_parms->tcon, server, 5019 (void **) &req, &total_len); 5020 if (rc) 5021 return rc; 5022 5023 if (smb3_encryption_required(io_parms->tcon)) 5024 flags |= CIFS_TRANSFORM_REQ; 5025 5026 req->hdr.Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid); 5027 5028 req->PersistentFileId = io_parms->persistent_fid; 5029 req->VolatileFileId = io_parms->volatile_fid; 5030 req->WriteChannelInfoOffset = 0; 5031 req->WriteChannelInfoLength = 0; 5032 req->Channel = 0; 5033 req->Length = cpu_to_le32(io_parms->length); 5034 req->Offset = cpu_to_le64(io_parms->offset); 5035 req->DataOffset = cpu_to_le16( 5036 offsetof(struct smb2_write_req, Buffer)); 5037 req->RemainingBytes = 0; 5038 5039 trace_smb3_write_enter(xid, io_parms->persistent_fid, 5040 io_parms->tcon->tid, io_parms->tcon->ses->Suid, 5041 io_parms->offset, io_parms->length); 5042 5043 iov[0].iov_base = (char *)req; 5044 /* 1 for Buffer */ 5045 iov[0].iov_len = total_len - 1; 5046 5047 memset(&rqst, 0, sizeof(struct smb_rqst)); 5048 rqst.rq_iov = iov; 5049 rqst.rq_nvec = n_vec + 1; 5050 5051 if (retries) 5052 smb2_set_replay(server, &rqst); 5053 5054 rc = cifs_send_recv(xid, io_parms->tcon->ses, server, 5055 &rqst, 5056 &resp_buftype, flags, &rsp_iov); 5057 rsp = (struct smb2_write_rsp *)rsp_iov.iov_base; 5058 5059 if (rc) { 5060 trace_smb3_write_err(xid, 5061 req->PersistentFileId, 5062 io_parms->tcon->tid, 5063 io_parms->tcon->ses->Suid, 5064 io_parms->offset, io_parms->length, rc); 5065 cifs_stats_fail_inc(io_parms->tcon, SMB2_WRITE_HE); 5066 cifs_dbg(VFS, "Send error in write = %d\n", rc); 5067 } else { 5068 *nbytes = le32_to_cpu(rsp->DataLength); 5069 trace_smb3_write_done(xid, 5070 req->PersistentFileId, 5071 io_parms->tcon->tid, 5072 io_parms->tcon->ses->Suid, 5073 io_parms->offset, *nbytes); 5074 } 5075 5076 cifs_small_buf_release(req); 5077 free_rsp_buf(resp_buftype, rsp); 5078 5079 if (is_replayable_error(rc) && 5080 smb2_should_replay(io_parms->tcon, &retries, &cur_sleep)) 5081 goto replay_again; 5082 5083 return rc; 5084 } 5085 5086 int posix_info_sid_size(const void *beg, const void *end) 5087 { 5088 size_t subauth; 5089 int total; 5090 5091 if (beg + 1 > end) 5092 return -1; 5093 5094 subauth = *(u8 *)(beg+1); 5095 if (subauth < 1 || subauth > 15) 5096 return -1; 5097 5098 total = 1 + 1 + 6 + 4*subauth; 5099 if (beg + total > end) 5100 return -1; 5101 5102 return total; 5103 } 5104 5105 int posix_info_parse(const void *beg, const void *end, 5106 struct smb2_posix_info_parsed *out) 5107 5108 { 5109 int total_len = 0; 5110 int owner_len, group_len; 5111 int name_len; 5112 const void *owner_sid; 5113 const void *group_sid; 5114 const void *name; 5115 5116 /* if no end bound given, assume payload to be correct */ 5117 if (!end) { 5118 const struct smb2_posix_info *p = beg; 5119 5120 end = beg + le32_to_cpu(p->NextEntryOffset); 5121 /* last element will have a 0 offset, pick a sensible bound */ 5122 if (end == beg) 5123 end += 0xFFFF; 5124 } 5125 5126 /* check base buf */ 5127 if (beg + sizeof(struct smb2_posix_info) > end) 5128 return -1; 5129 total_len = sizeof(struct smb2_posix_info); 5130 5131 /* check owner sid */ 5132 owner_sid = beg + total_len; 5133 owner_len = posix_info_sid_size(owner_sid, end); 5134 if (owner_len < 0) 5135 return -1; 5136 total_len += owner_len; 5137 5138 /* check group sid */ 5139 group_sid = beg + total_len; 5140 group_len = posix_info_sid_size(group_sid, end); 5141 if (group_len < 0) 5142 return -1; 5143 total_len += group_len; 5144 5145 /* check name len */ 5146 if (beg + total_len + 4 > end) 5147 return -1; 5148 name_len = le32_to_cpu(*(__le32 *)(beg + total_len)); 5149 if (name_len < 1 || name_len > 0xFFFF) 5150 return -1; 5151 total_len += 4; 5152 5153 /* check name */ 5154 name = beg + total_len; 5155 if (name + name_len > end) 5156 return -1; 5157 total_len += name_len; 5158 5159 if (out) { 5160 out->base = beg; 5161 out->size = total_len; 5162 out->name_len = name_len; 5163 out->name = name; 5164 memcpy(&out->owner, owner_sid, owner_len); 5165 memcpy(&out->group, group_sid, group_len); 5166 } 5167 return total_len; 5168 } 5169 5170 static int posix_info_extra_size(const void *beg, const void *end) 5171 { 5172 int len = posix_info_parse(beg, end, NULL); 5173 5174 if (len < 0) 5175 return -1; 5176 return len - sizeof(struct smb2_posix_info); 5177 } 5178 5179 static unsigned int 5180 num_entries(int infotype, char *bufstart, char *end_of_buf, char **lastentry, 5181 size_t size) 5182 { 5183 int len; 5184 unsigned int entrycount = 0; 5185 unsigned int next_offset = 0; 5186 char *entryptr; 5187 FILE_DIRECTORY_INFO *dir_info; 5188 5189 if (bufstart == NULL) 5190 return 0; 5191 5192 entryptr = bufstart; 5193 5194 while (1) { 5195 if (entryptr + next_offset < entryptr || 5196 entryptr + next_offset > end_of_buf || 5197 entryptr + next_offset + size > end_of_buf) { 5198 cifs_dbg(VFS, "malformed search entry would overflow\n"); 5199 break; 5200 } 5201 5202 entryptr = entryptr + next_offset; 5203 dir_info = (FILE_DIRECTORY_INFO *)entryptr; 5204 5205 if (infotype == SMB_FIND_FILE_POSIX_INFO) 5206 len = posix_info_extra_size(entryptr, end_of_buf); 5207 else 5208 len = le32_to_cpu(dir_info->FileNameLength); 5209 5210 if (len < 0 || 5211 entryptr + len < entryptr || 5212 entryptr + len > end_of_buf || 5213 entryptr + len + size > end_of_buf) { 5214 cifs_dbg(VFS, "directory entry name would overflow frame end of buf %p\n", 5215 end_of_buf); 5216 break; 5217 } 5218 5219 *lastentry = entryptr; 5220 entrycount++; 5221 5222 next_offset = le32_to_cpu(dir_info->NextEntryOffset); 5223 if (!next_offset) 5224 break; 5225 } 5226 5227 return entrycount; 5228 } 5229 5230 /* 5231 * Readdir/FindFirst 5232 */ 5233 int SMB2_query_directory_init(const unsigned int xid, 5234 struct cifs_tcon *tcon, 5235 struct TCP_Server_Info *server, 5236 struct smb_rqst *rqst, 5237 u64 persistent_fid, u64 volatile_fid, 5238 int index, int info_level) 5239 { 5240 struct smb2_query_directory_req *req; 5241 unsigned char *bufptr; 5242 __le16 asteriks = cpu_to_le16('*'); 5243 unsigned int output_size = CIFSMaxBufSize - 5244 MAX_SMB2_CREATE_RESPONSE_SIZE - 5245 MAX_SMB2_CLOSE_RESPONSE_SIZE; 5246 unsigned int total_len; 5247 struct kvec *iov = rqst->rq_iov; 5248 int len, rc; 5249 5250 rc = smb2_plain_req_init(SMB2_QUERY_DIRECTORY, tcon, server, 5251 (void **) &req, &total_len); 5252 if (rc) 5253 return rc; 5254 5255 switch (info_level) { 5256 case SMB_FIND_FILE_DIRECTORY_INFO: 5257 req->FileInformationClass = FILE_DIRECTORY_INFORMATION; 5258 break; 5259 case SMB_FIND_FILE_ID_FULL_DIR_INFO: 5260 req->FileInformationClass = FILEID_FULL_DIRECTORY_INFORMATION; 5261 break; 5262 case SMB_FIND_FILE_POSIX_INFO: 5263 req->FileInformationClass = SMB_FIND_FILE_POSIX_INFO; 5264 break; 5265 case SMB_FIND_FILE_FULL_DIRECTORY_INFO: 5266 req->FileInformationClass = FILE_FULL_DIRECTORY_INFORMATION; 5267 break; 5268 default: 5269 cifs_tcon_dbg(VFS, "info level %u isn't supported\n", 5270 info_level); 5271 return -EINVAL; 5272 } 5273 5274 req->FileIndex = cpu_to_le32(index); 5275 req->PersistentFileId = persistent_fid; 5276 req->VolatileFileId = volatile_fid; 5277 5278 len = 0x2; 5279 bufptr = req->Buffer; 5280 memcpy(bufptr, &asteriks, len); 5281 5282 req->FileNameOffset = 5283 cpu_to_le16(sizeof(struct smb2_query_directory_req)); 5284 req->FileNameLength = cpu_to_le16(len); 5285 /* 5286 * BB could be 30 bytes or so longer if we used SMB2 specific 5287 * buffer lengths, but this is safe and close enough. 5288 */ 5289 output_size = min_t(unsigned int, output_size, server->maxBuf); 5290 output_size = min_t(unsigned int, output_size, 2 << 15); 5291 req->OutputBufferLength = cpu_to_le32(output_size); 5292 5293 iov[0].iov_base = (char *)req; 5294 /* 1 for Buffer */ 5295 iov[0].iov_len = total_len - 1; 5296 5297 iov[1].iov_base = (char *)(req->Buffer); 5298 iov[1].iov_len = len; 5299 5300 trace_smb3_query_dir_enter(xid, persistent_fid, tcon->tid, 5301 tcon->ses->Suid, index, output_size); 5302 5303 return 0; 5304 } 5305 5306 void SMB2_query_directory_free(struct smb_rqst *rqst) 5307 { 5308 if (rqst && rqst->rq_iov) { 5309 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */ 5310 } 5311 } 5312 5313 int 5314 smb2_parse_query_directory(struct cifs_tcon *tcon, 5315 struct kvec *rsp_iov, 5316 int resp_buftype, 5317 struct cifs_search_info *srch_inf) 5318 { 5319 struct smb2_query_directory_rsp *rsp; 5320 size_t info_buf_size; 5321 char *end_of_smb; 5322 int rc; 5323 5324 rsp = (struct smb2_query_directory_rsp *)rsp_iov->iov_base; 5325 5326 switch (srch_inf->info_level) { 5327 case SMB_FIND_FILE_DIRECTORY_INFO: 5328 info_buf_size = sizeof(FILE_DIRECTORY_INFO); 5329 break; 5330 case SMB_FIND_FILE_ID_FULL_DIR_INFO: 5331 info_buf_size = sizeof(SEARCH_ID_FULL_DIR_INFO); 5332 break; 5333 case SMB_FIND_FILE_POSIX_INFO: 5334 /* note that posix payload are variable size */ 5335 info_buf_size = sizeof(struct smb2_posix_info); 5336 break; 5337 case SMB_FIND_FILE_FULL_DIRECTORY_INFO: 5338 info_buf_size = sizeof(FILE_FULL_DIRECTORY_INFO); 5339 break; 5340 default: 5341 cifs_tcon_dbg(VFS, "info level %u isn't supported\n", 5342 srch_inf->info_level); 5343 return -EINVAL; 5344 } 5345 5346 rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset), 5347 le32_to_cpu(rsp->OutputBufferLength), rsp_iov, 5348 info_buf_size); 5349 if (rc) { 5350 cifs_tcon_dbg(VFS, "bad info payload"); 5351 return rc; 5352 } 5353 5354 srch_inf->unicode = true; 5355 5356 if (srch_inf->ntwrk_buf_start) { 5357 if (srch_inf->smallBuf) 5358 cifs_small_buf_release(srch_inf->ntwrk_buf_start); 5359 else 5360 cifs_buf_release(srch_inf->ntwrk_buf_start); 5361 } 5362 srch_inf->ntwrk_buf_start = (char *)rsp; 5363 srch_inf->srch_entries_start = srch_inf->last_entry = 5364 (char *)rsp + le16_to_cpu(rsp->OutputBufferOffset); 5365 end_of_smb = rsp_iov->iov_len + (char *)rsp; 5366 5367 srch_inf->entries_in_buffer = num_entries( 5368 srch_inf->info_level, 5369 srch_inf->srch_entries_start, 5370 end_of_smb, 5371 &srch_inf->last_entry, 5372 info_buf_size); 5373 5374 srch_inf->index_of_last_entry += srch_inf->entries_in_buffer; 5375 cifs_dbg(FYI, "num entries %d last_index %lld srch start %p srch end %p\n", 5376 srch_inf->entries_in_buffer, srch_inf->index_of_last_entry, 5377 srch_inf->srch_entries_start, srch_inf->last_entry); 5378 if (resp_buftype == CIFS_LARGE_BUFFER) 5379 srch_inf->smallBuf = false; 5380 else if (resp_buftype == CIFS_SMALL_BUFFER) 5381 srch_inf->smallBuf = true; 5382 else 5383 cifs_tcon_dbg(VFS, "Invalid search buffer type\n"); 5384 5385 return 0; 5386 } 5387 5388 int 5389 SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, 5390 u64 persistent_fid, u64 volatile_fid, int index, 5391 struct cifs_search_info *srch_inf) 5392 { 5393 struct smb_rqst rqst; 5394 struct kvec iov[SMB2_QUERY_DIRECTORY_IOV_SIZE]; 5395 struct smb2_query_directory_rsp *rsp = NULL; 5396 int resp_buftype = CIFS_NO_BUFFER; 5397 struct kvec rsp_iov; 5398 int rc = 0; 5399 struct cifs_ses *ses = tcon->ses; 5400 struct TCP_Server_Info *server; 5401 int flags = 0; 5402 int retries = 0, cur_sleep = 1; 5403 5404 replay_again: 5405 /* reinitialize for possible replay */ 5406 flags = 0; 5407 server = cifs_pick_channel(ses); 5408 5409 if (!ses || !(ses->server)) 5410 return -EIO; 5411 5412 if (smb3_encryption_required(tcon)) 5413 flags |= CIFS_TRANSFORM_REQ; 5414 5415 memset(&rqst, 0, sizeof(struct smb_rqst)); 5416 memset(&iov, 0, sizeof(iov)); 5417 rqst.rq_iov = iov; 5418 rqst.rq_nvec = SMB2_QUERY_DIRECTORY_IOV_SIZE; 5419 5420 rc = SMB2_query_directory_init(xid, tcon, server, 5421 &rqst, persistent_fid, 5422 volatile_fid, index, 5423 srch_inf->info_level); 5424 if (rc) 5425 goto qdir_exit; 5426 5427 if (retries) 5428 smb2_set_replay(server, &rqst); 5429 5430 rc = cifs_send_recv(xid, ses, server, 5431 &rqst, &resp_buftype, flags, &rsp_iov); 5432 rsp = (struct smb2_query_directory_rsp *)rsp_iov.iov_base; 5433 5434 if (rc) { 5435 if (rc == -ENODATA && 5436 rsp->hdr.Status == STATUS_NO_MORE_FILES) { 5437 trace_smb3_query_dir_done(xid, persistent_fid, 5438 tcon->tid, tcon->ses->Suid, index, 0); 5439 srch_inf->endOfSearch = true; 5440 rc = 0; 5441 } else { 5442 trace_smb3_query_dir_err(xid, persistent_fid, tcon->tid, 5443 tcon->ses->Suid, index, 0, rc); 5444 cifs_stats_fail_inc(tcon, SMB2_QUERY_DIRECTORY_HE); 5445 } 5446 goto qdir_exit; 5447 } 5448 5449 rc = smb2_parse_query_directory(tcon, &rsp_iov, resp_buftype, 5450 srch_inf); 5451 if (rc) { 5452 trace_smb3_query_dir_err(xid, persistent_fid, tcon->tid, 5453 tcon->ses->Suid, index, 0, rc); 5454 goto qdir_exit; 5455 } 5456 resp_buftype = CIFS_NO_BUFFER; 5457 5458 trace_smb3_query_dir_done(xid, persistent_fid, tcon->tid, 5459 tcon->ses->Suid, index, srch_inf->entries_in_buffer); 5460 5461 qdir_exit: 5462 SMB2_query_directory_free(&rqst); 5463 free_rsp_buf(resp_buftype, rsp); 5464 5465 if (is_replayable_error(rc) && 5466 smb2_should_replay(tcon, &retries, &cur_sleep)) 5467 goto replay_again; 5468 5469 return rc; 5470 } 5471 5472 int 5473 SMB2_set_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, 5474 struct smb_rqst *rqst, 5475 u64 persistent_fid, u64 volatile_fid, u32 pid, 5476 u8 info_class, u8 info_type, u32 additional_info, 5477 void **data, unsigned int *size) 5478 { 5479 struct smb2_set_info_req *req; 5480 struct kvec *iov = rqst->rq_iov; 5481 unsigned int i, total_len; 5482 int rc; 5483 5484 rc = smb2_plain_req_init(SMB2_SET_INFO, tcon, server, 5485 (void **) &req, &total_len); 5486 if (rc) 5487 return rc; 5488 5489 req->hdr.Id.SyncId.ProcessId = cpu_to_le32(pid); 5490 req->InfoType = info_type; 5491 req->FileInfoClass = info_class; 5492 req->PersistentFileId = persistent_fid; 5493 req->VolatileFileId = volatile_fid; 5494 req->AdditionalInformation = cpu_to_le32(additional_info); 5495 5496 req->BufferOffset = cpu_to_le16(sizeof(struct smb2_set_info_req)); 5497 req->BufferLength = cpu_to_le32(*size); 5498 5499 memcpy(req->Buffer, *data, *size); 5500 total_len += *size; 5501 5502 iov[0].iov_base = (char *)req; 5503 /* 1 for Buffer */ 5504 iov[0].iov_len = total_len - 1; 5505 5506 for (i = 1; i < rqst->rq_nvec; i++) { 5507 le32_add_cpu(&req->BufferLength, size[i]); 5508 iov[i].iov_base = (char *)data[i]; 5509 iov[i].iov_len = size[i]; 5510 } 5511 5512 return 0; 5513 } 5514 5515 void 5516 SMB2_set_info_free(struct smb_rqst *rqst) 5517 { 5518 if (rqst && rqst->rq_iov) 5519 cifs_buf_release(rqst->rq_iov[0].iov_base); /* request */ 5520 } 5521 5522 static int 5523 send_set_info(const unsigned int xid, struct cifs_tcon *tcon, 5524 u64 persistent_fid, u64 volatile_fid, u32 pid, u8 info_class, 5525 u8 info_type, u32 additional_info, unsigned int num, 5526 void **data, unsigned int *size) 5527 { 5528 struct smb_rqst rqst; 5529 struct smb2_set_info_rsp *rsp = NULL; 5530 struct kvec *iov; 5531 struct kvec rsp_iov; 5532 int rc = 0; 5533 int resp_buftype; 5534 struct cifs_ses *ses = tcon->ses; 5535 struct TCP_Server_Info *server; 5536 int flags = 0; 5537 int retries = 0, cur_sleep = 1; 5538 5539 replay_again: 5540 /* reinitialize for possible replay */ 5541 flags = 0; 5542 server = cifs_pick_channel(ses); 5543 5544 if (!ses || !server) 5545 return -EIO; 5546 5547 if (!num) 5548 return -EINVAL; 5549 5550 if (smb3_encryption_required(tcon)) 5551 flags |= CIFS_TRANSFORM_REQ; 5552 5553 iov = kmalloc_array(num, sizeof(struct kvec), GFP_KERNEL); 5554 if (!iov) 5555 return -ENOMEM; 5556 5557 memset(&rqst, 0, sizeof(struct smb_rqst)); 5558 rqst.rq_iov = iov; 5559 rqst.rq_nvec = num; 5560 5561 rc = SMB2_set_info_init(tcon, server, 5562 &rqst, persistent_fid, volatile_fid, pid, 5563 info_class, info_type, additional_info, 5564 data, size); 5565 if (rc) { 5566 kfree(iov); 5567 return rc; 5568 } 5569 5570 if (retries) 5571 smb2_set_replay(server, &rqst); 5572 5573 rc = cifs_send_recv(xid, ses, server, 5574 &rqst, &resp_buftype, flags, 5575 &rsp_iov); 5576 SMB2_set_info_free(&rqst); 5577 rsp = (struct smb2_set_info_rsp *)rsp_iov.iov_base; 5578 5579 if (rc != 0) { 5580 cifs_stats_fail_inc(tcon, SMB2_SET_INFO_HE); 5581 trace_smb3_set_info_err(xid, persistent_fid, tcon->tid, 5582 ses->Suid, info_class, (__u32)info_type, rc); 5583 } 5584 5585 free_rsp_buf(resp_buftype, rsp); 5586 kfree(iov); 5587 5588 if (is_replayable_error(rc) && 5589 smb2_should_replay(tcon, &retries, &cur_sleep)) 5590 goto replay_again; 5591 5592 return rc; 5593 } 5594 5595 int 5596 SMB2_set_eof(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid, 5597 u64 volatile_fid, u32 pid, loff_t new_eof) 5598 { 5599 struct smb2_file_eof_info info; 5600 void *data; 5601 unsigned int size; 5602 5603 info.EndOfFile = cpu_to_le64(new_eof); 5604 5605 data = &info; 5606 size = sizeof(struct smb2_file_eof_info); 5607 5608 trace_smb3_set_eof(xid, persistent_fid, tcon->tid, tcon->ses->Suid, new_eof); 5609 5610 return send_set_info(xid, tcon, persistent_fid, volatile_fid, 5611 pid, FILE_END_OF_FILE_INFORMATION, SMB2_O_INFO_FILE, 5612 0, 1, &data, &size); 5613 } 5614 5615 int 5616 SMB2_set_acl(const unsigned int xid, struct cifs_tcon *tcon, 5617 u64 persistent_fid, u64 volatile_fid, 5618 struct cifs_ntsd *pnntsd, int pacllen, int aclflag) 5619 { 5620 return send_set_info(xid, tcon, persistent_fid, volatile_fid, 5621 current->tgid, 0, SMB2_O_INFO_SECURITY, aclflag, 5622 1, (void **)&pnntsd, &pacllen); 5623 } 5624 5625 int 5626 SMB2_set_ea(const unsigned int xid, struct cifs_tcon *tcon, 5627 u64 persistent_fid, u64 volatile_fid, 5628 struct smb2_file_full_ea_info *buf, int len) 5629 { 5630 return send_set_info(xid, tcon, persistent_fid, volatile_fid, 5631 current->tgid, FILE_FULL_EA_INFORMATION, SMB2_O_INFO_FILE, 5632 0, 1, (void **)&buf, &len); 5633 } 5634 5635 int 5636 SMB2_oplock_break(const unsigned int xid, struct cifs_tcon *tcon, 5637 const u64 persistent_fid, const u64 volatile_fid, 5638 __u8 oplock_level) 5639 { 5640 struct smb_rqst rqst; 5641 int rc; 5642 struct smb2_oplock_break *req = NULL; 5643 struct cifs_ses *ses = tcon->ses; 5644 struct TCP_Server_Info *server; 5645 int flags = CIFS_OBREAK_OP; 5646 unsigned int total_len; 5647 struct kvec iov[1]; 5648 struct kvec rsp_iov; 5649 int resp_buf_type; 5650 int retries = 0, cur_sleep = 1; 5651 5652 replay_again: 5653 /* reinitialize for possible replay */ 5654 flags = CIFS_OBREAK_OP; 5655 server = cifs_pick_channel(ses); 5656 5657 cifs_dbg(FYI, "SMB2_oplock_break\n"); 5658 rc = smb2_plain_req_init(SMB2_OPLOCK_BREAK, tcon, server, 5659 (void **) &req, &total_len); 5660 if (rc) 5661 return rc; 5662 5663 if (smb3_encryption_required(tcon)) 5664 flags |= CIFS_TRANSFORM_REQ; 5665 5666 req->VolatileFid = volatile_fid; 5667 req->PersistentFid = persistent_fid; 5668 req->OplockLevel = oplock_level; 5669 req->hdr.CreditRequest = cpu_to_le16(1); 5670 5671 flags |= CIFS_NO_RSP_BUF; 5672 5673 iov[0].iov_base = (char *)req; 5674 iov[0].iov_len = total_len; 5675 5676 memset(&rqst, 0, sizeof(struct smb_rqst)); 5677 rqst.rq_iov = iov; 5678 rqst.rq_nvec = 1; 5679 5680 if (retries) 5681 smb2_set_replay(server, &rqst); 5682 5683 rc = cifs_send_recv(xid, ses, server, 5684 &rqst, &resp_buf_type, flags, &rsp_iov); 5685 cifs_small_buf_release(req); 5686 if (rc) { 5687 cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE); 5688 cifs_dbg(FYI, "Send error in Oplock Break = %d\n", rc); 5689 } 5690 5691 if (is_replayable_error(rc) && 5692 smb2_should_replay(tcon, &retries, &cur_sleep)) 5693 goto replay_again; 5694 5695 return rc; 5696 } 5697 5698 void 5699 smb2_copy_fs_info_to_kstatfs(struct smb2_fs_full_size_info *pfs_inf, 5700 struct kstatfs *kst) 5701 { 5702 kst->f_bsize = le32_to_cpu(pfs_inf->BytesPerSector) * 5703 le32_to_cpu(pfs_inf->SectorsPerAllocationUnit); 5704 kst->f_blocks = le64_to_cpu(pfs_inf->TotalAllocationUnits); 5705 kst->f_bfree = kst->f_bavail = 5706 le64_to_cpu(pfs_inf->CallerAvailableAllocationUnits); 5707 return; 5708 } 5709 5710 static void 5711 copy_posix_fs_info_to_kstatfs(FILE_SYSTEM_POSIX_INFO *response_data, 5712 struct kstatfs *kst) 5713 { 5714 kst->f_bsize = le32_to_cpu(response_data->BlockSize); 5715 kst->f_blocks = le64_to_cpu(response_data->TotalBlocks); 5716 kst->f_bfree = le64_to_cpu(response_data->BlocksAvail); 5717 if (response_data->UserBlocksAvail == cpu_to_le64(-1)) 5718 kst->f_bavail = kst->f_bfree; 5719 else 5720 kst->f_bavail = le64_to_cpu(response_data->UserBlocksAvail); 5721 if (response_data->TotalFileNodes != cpu_to_le64(-1)) 5722 kst->f_files = le64_to_cpu(response_data->TotalFileNodes); 5723 if (response_data->FreeFileNodes != cpu_to_le64(-1)) 5724 kst->f_ffree = le64_to_cpu(response_data->FreeFileNodes); 5725 5726 return; 5727 } 5728 5729 static int 5730 build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon, 5731 struct TCP_Server_Info *server, 5732 int level, int outbuf_len, u64 persistent_fid, 5733 u64 volatile_fid) 5734 { 5735 int rc; 5736 struct smb2_query_info_req *req; 5737 unsigned int total_len; 5738 5739 cifs_dbg(FYI, "Query FSInfo level %d\n", level); 5740 5741 if ((tcon->ses == NULL) || server == NULL) 5742 return -EIO; 5743 5744 rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, server, 5745 (void **) &req, &total_len); 5746 if (rc) 5747 return rc; 5748 5749 req->InfoType = SMB2_O_INFO_FILESYSTEM; 5750 req->FileInfoClass = level; 5751 req->PersistentFileId = persistent_fid; 5752 req->VolatileFileId = volatile_fid; 5753 /* 1 for pad */ 5754 req->InputBufferOffset = 5755 cpu_to_le16(sizeof(struct smb2_query_info_req)); 5756 req->OutputBufferLength = cpu_to_le32( 5757 outbuf_len + sizeof(struct smb2_query_info_rsp)); 5758 5759 iov->iov_base = (char *)req; 5760 iov->iov_len = total_len; 5761 return 0; 5762 } 5763 5764 static inline void free_qfs_info_req(struct kvec *iov) 5765 { 5766 cifs_buf_release(iov->iov_base); 5767 } 5768 5769 int 5770 SMB311_posix_qfs_info(const unsigned int xid, struct cifs_tcon *tcon, 5771 u64 persistent_fid, u64 volatile_fid, struct kstatfs *fsdata) 5772 { 5773 struct smb_rqst rqst; 5774 struct smb2_query_info_rsp *rsp = NULL; 5775 struct kvec iov; 5776 struct kvec rsp_iov; 5777 int rc = 0; 5778 int resp_buftype; 5779 struct cifs_ses *ses = tcon->ses; 5780 struct TCP_Server_Info *server; 5781 FILE_SYSTEM_POSIX_INFO *info = NULL; 5782 int flags = 0; 5783 int retries = 0, cur_sleep = 1; 5784 5785 replay_again: 5786 /* reinitialize for possible replay */ 5787 flags = 0; 5788 server = cifs_pick_channel(ses); 5789 5790 rc = build_qfs_info_req(&iov, tcon, server, 5791 FS_POSIX_INFORMATION, 5792 sizeof(FILE_SYSTEM_POSIX_INFO), 5793 persistent_fid, volatile_fid); 5794 if (rc) 5795 return rc; 5796 5797 if (smb3_encryption_required(tcon)) 5798 flags |= CIFS_TRANSFORM_REQ; 5799 5800 memset(&rqst, 0, sizeof(struct smb_rqst)); 5801 rqst.rq_iov = &iov; 5802 rqst.rq_nvec = 1; 5803 5804 if (retries) 5805 smb2_set_replay(server, &rqst); 5806 5807 rc = cifs_send_recv(xid, ses, server, 5808 &rqst, &resp_buftype, flags, &rsp_iov); 5809 free_qfs_info_req(&iov); 5810 if (rc) { 5811 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); 5812 goto posix_qfsinf_exit; 5813 } 5814 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base; 5815 5816 info = (FILE_SYSTEM_POSIX_INFO *)( 5817 le16_to_cpu(rsp->OutputBufferOffset) + (char *)rsp); 5818 rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset), 5819 le32_to_cpu(rsp->OutputBufferLength), &rsp_iov, 5820 sizeof(FILE_SYSTEM_POSIX_INFO)); 5821 if (!rc) 5822 copy_posix_fs_info_to_kstatfs(info, fsdata); 5823 5824 posix_qfsinf_exit: 5825 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 5826 5827 if (is_replayable_error(rc) && 5828 smb2_should_replay(tcon, &retries, &cur_sleep)) 5829 goto replay_again; 5830 5831 return rc; 5832 } 5833 5834 int 5835 SMB2_QFS_info(const unsigned int xid, struct cifs_tcon *tcon, 5836 u64 persistent_fid, u64 volatile_fid, struct kstatfs *fsdata) 5837 { 5838 struct smb_rqst rqst; 5839 struct smb2_query_info_rsp *rsp = NULL; 5840 struct kvec iov; 5841 struct kvec rsp_iov; 5842 int rc = 0; 5843 int resp_buftype; 5844 struct cifs_ses *ses = tcon->ses; 5845 struct TCP_Server_Info *server; 5846 struct smb2_fs_full_size_info *info = NULL; 5847 int flags = 0; 5848 int retries = 0, cur_sleep = 1; 5849 5850 replay_again: 5851 /* reinitialize for possible replay */ 5852 flags = 0; 5853 server = cifs_pick_channel(ses); 5854 5855 rc = build_qfs_info_req(&iov, tcon, server, 5856 FS_FULL_SIZE_INFORMATION, 5857 sizeof(struct smb2_fs_full_size_info), 5858 persistent_fid, volatile_fid); 5859 if (rc) 5860 return rc; 5861 5862 if (smb3_encryption_required(tcon)) 5863 flags |= CIFS_TRANSFORM_REQ; 5864 5865 memset(&rqst, 0, sizeof(struct smb_rqst)); 5866 rqst.rq_iov = &iov; 5867 rqst.rq_nvec = 1; 5868 5869 if (retries) 5870 smb2_set_replay(server, &rqst); 5871 5872 rc = cifs_send_recv(xid, ses, server, 5873 &rqst, &resp_buftype, flags, &rsp_iov); 5874 free_qfs_info_req(&iov); 5875 if (rc) { 5876 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); 5877 goto qfsinf_exit; 5878 } 5879 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base; 5880 5881 info = (struct smb2_fs_full_size_info *)( 5882 le16_to_cpu(rsp->OutputBufferOffset) + (char *)rsp); 5883 rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset), 5884 le32_to_cpu(rsp->OutputBufferLength), &rsp_iov, 5885 sizeof(struct smb2_fs_full_size_info)); 5886 if (!rc) 5887 smb2_copy_fs_info_to_kstatfs(info, fsdata); 5888 5889 qfsinf_exit: 5890 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 5891 5892 if (is_replayable_error(rc) && 5893 smb2_should_replay(tcon, &retries, &cur_sleep)) 5894 goto replay_again; 5895 5896 return rc; 5897 } 5898 5899 int 5900 SMB2_QFS_attr(const unsigned int xid, struct cifs_tcon *tcon, 5901 u64 persistent_fid, u64 volatile_fid, int level) 5902 { 5903 struct smb_rqst rqst; 5904 struct smb2_query_info_rsp *rsp = NULL; 5905 struct kvec iov; 5906 struct kvec rsp_iov; 5907 int rc = 0; 5908 int resp_buftype, max_len, min_len; 5909 struct cifs_ses *ses = tcon->ses; 5910 struct TCP_Server_Info *server; 5911 unsigned int rsp_len, offset; 5912 int flags = 0; 5913 int retries = 0, cur_sleep = 1; 5914 5915 replay_again: 5916 /* reinitialize for possible replay */ 5917 flags = 0; 5918 server = cifs_pick_channel(ses); 5919 5920 if (level == FS_DEVICE_INFORMATION) { 5921 max_len = sizeof(FILE_SYSTEM_DEVICE_INFO); 5922 min_len = sizeof(FILE_SYSTEM_DEVICE_INFO); 5923 } else if (level == FS_ATTRIBUTE_INFORMATION) { 5924 max_len = sizeof(FILE_SYSTEM_ATTRIBUTE_INFO); 5925 min_len = MIN_FS_ATTR_INFO_SIZE; 5926 } else if (level == FS_SECTOR_SIZE_INFORMATION) { 5927 max_len = sizeof(struct smb3_fs_ss_info); 5928 min_len = sizeof(struct smb3_fs_ss_info); 5929 } else if (level == FS_VOLUME_INFORMATION) { 5930 max_len = sizeof(struct smb3_fs_vol_info) + MAX_VOL_LABEL_LEN; 5931 min_len = sizeof(struct smb3_fs_vol_info); 5932 } else { 5933 cifs_dbg(FYI, "Invalid qfsinfo level %d\n", level); 5934 return -EINVAL; 5935 } 5936 5937 rc = build_qfs_info_req(&iov, tcon, server, 5938 level, max_len, 5939 persistent_fid, volatile_fid); 5940 if (rc) 5941 return rc; 5942 5943 if (smb3_encryption_required(tcon)) 5944 flags |= CIFS_TRANSFORM_REQ; 5945 5946 memset(&rqst, 0, sizeof(struct smb_rqst)); 5947 rqst.rq_iov = &iov; 5948 rqst.rq_nvec = 1; 5949 5950 if (retries) 5951 smb2_set_replay(server, &rqst); 5952 5953 rc = cifs_send_recv(xid, ses, server, 5954 &rqst, &resp_buftype, flags, &rsp_iov); 5955 free_qfs_info_req(&iov); 5956 if (rc) { 5957 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); 5958 goto qfsattr_exit; 5959 } 5960 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base; 5961 5962 rsp_len = le32_to_cpu(rsp->OutputBufferLength); 5963 offset = le16_to_cpu(rsp->OutputBufferOffset); 5964 rc = smb2_validate_iov(offset, rsp_len, &rsp_iov, min_len); 5965 if (rc) 5966 goto qfsattr_exit; 5967 5968 if (level == FS_ATTRIBUTE_INFORMATION) 5969 memcpy(&tcon->fsAttrInfo, offset 5970 + (char *)rsp, min_t(unsigned int, 5971 rsp_len, max_len)); 5972 else if (level == FS_DEVICE_INFORMATION) 5973 memcpy(&tcon->fsDevInfo, offset 5974 + (char *)rsp, sizeof(FILE_SYSTEM_DEVICE_INFO)); 5975 else if (level == FS_SECTOR_SIZE_INFORMATION) { 5976 struct smb3_fs_ss_info *ss_info = (struct smb3_fs_ss_info *) 5977 (offset + (char *)rsp); 5978 tcon->ss_flags = le32_to_cpu(ss_info->Flags); 5979 tcon->perf_sector_size = 5980 le32_to_cpu(ss_info->PhysicalBytesPerSectorForPerf); 5981 } else if (level == FS_VOLUME_INFORMATION) { 5982 struct smb3_fs_vol_info *vol_info = (struct smb3_fs_vol_info *) 5983 (offset + (char *)rsp); 5984 tcon->vol_serial_number = vol_info->VolumeSerialNumber; 5985 tcon->vol_create_time = vol_info->VolumeCreationTime; 5986 } 5987 5988 qfsattr_exit: 5989 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 5990 5991 if (is_replayable_error(rc) && 5992 smb2_should_replay(tcon, &retries, &cur_sleep)) 5993 goto replay_again; 5994 5995 return rc; 5996 } 5997 5998 int 5999 smb2_lockv(const unsigned int xid, struct cifs_tcon *tcon, 6000 const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid, 6001 const __u32 num_lock, struct smb2_lock_element *buf) 6002 { 6003 struct smb_rqst rqst; 6004 int rc = 0; 6005 struct smb2_lock_req *req = NULL; 6006 struct kvec iov[2]; 6007 struct kvec rsp_iov; 6008 int resp_buf_type; 6009 unsigned int count; 6010 int flags = CIFS_NO_RSP_BUF; 6011 unsigned int total_len; 6012 struct TCP_Server_Info *server; 6013 int retries = 0, cur_sleep = 1; 6014 6015 replay_again: 6016 /* reinitialize for possible replay */ 6017 flags = CIFS_NO_RSP_BUF; 6018 server = cifs_pick_channel(tcon->ses); 6019 6020 cifs_dbg(FYI, "smb2_lockv num lock %d\n", num_lock); 6021 6022 rc = smb2_plain_req_init(SMB2_LOCK, tcon, server, 6023 (void **) &req, &total_len); 6024 if (rc) 6025 return rc; 6026 6027 if (smb3_encryption_required(tcon)) 6028 flags |= CIFS_TRANSFORM_REQ; 6029 6030 req->hdr.Id.SyncId.ProcessId = cpu_to_le32(pid); 6031 req->LockCount = cpu_to_le16(num_lock); 6032 6033 req->PersistentFileId = persist_fid; 6034 req->VolatileFileId = volatile_fid; 6035 6036 count = num_lock * sizeof(struct smb2_lock_element); 6037 6038 iov[0].iov_base = (char *)req; 6039 iov[0].iov_len = total_len - sizeof(struct smb2_lock_element); 6040 iov[1].iov_base = (char *)buf; 6041 iov[1].iov_len = count; 6042 6043 cifs_stats_inc(&tcon->stats.cifs_stats.num_locks); 6044 6045 memset(&rqst, 0, sizeof(struct smb_rqst)); 6046 rqst.rq_iov = iov; 6047 rqst.rq_nvec = 2; 6048 6049 if (retries) 6050 smb2_set_replay(server, &rqst); 6051 6052 rc = cifs_send_recv(xid, tcon->ses, server, 6053 &rqst, &resp_buf_type, flags, 6054 &rsp_iov); 6055 cifs_small_buf_release(req); 6056 if (rc) { 6057 cifs_dbg(FYI, "Send error in smb2_lockv = %d\n", rc); 6058 cifs_stats_fail_inc(tcon, SMB2_LOCK_HE); 6059 trace_smb3_lock_err(xid, persist_fid, tcon->tid, 6060 tcon->ses->Suid, rc); 6061 } 6062 6063 if (is_replayable_error(rc) && 6064 smb2_should_replay(tcon, &retries, &cur_sleep)) 6065 goto replay_again; 6066 6067 return rc; 6068 } 6069 6070 int 6071 SMB2_lock(const unsigned int xid, struct cifs_tcon *tcon, 6072 const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid, 6073 const __u64 length, const __u64 offset, const __u32 lock_flags, 6074 const bool wait) 6075 { 6076 struct smb2_lock_element lock; 6077 6078 lock.Offset = cpu_to_le64(offset); 6079 lock.Length = cpu_to_le64(length); 6080 lock.Flags = cpu_to_le32(lock_flags); 6081 if (!wait && lock_flags != SMB2_LOCKFLAG_UNLOCK) 6082 lock.Flags |= cpu_to_le32(SMB2_LOCKFLAG_FAIL_IMMEDIATELY); 6083 6084 return smb2_lockv(xid, tcon, persist_fid, volatile_fid, pid, 1, &lock); 6085 } 6086 6087 int 6088 SMB2_lease_break(const unsigned int xid, struct cifs_tcon *tcon, 6089 __u8 *lease_key, const __le32 lease_state) 6090 { 6091 struct smb_rqst rqst; 6092 int rc; 6093 struct smb2_lease_ack *req = NULL; 6094 struct cifs_ses *ses = tcon->ses; 6095 int flags = CIFS_OBREAK_OP; 6096 unsigned int total_len; 6097 struct kvec iov[1]; 6098 struct kvec rsp_iov; 6099 int resp_buf_type; 6100 __u64 *please_key_high; 6101 __u64 *please_key_low; 6102 struct TCP_Server_Info *server = cifs_pick_channel(tcon->ses); 6103 6104 cifs_dbg(FYI, "SMB2_lease_break\n"); 6105 rc = smb2_plain_req_init(SMB2_OPLOCK_BREAK, tcon, server, 6106 (void **) &req, &total_len); 6107 if (rc) 6108 return rc; 6109 6110 if (smb3_encryption_required(tcon)) 6111 flags |= CIFS_TRANSFORM_REQ; 6112 6113 req->hdr.CreditRequest = cpu_to_le16(1); 6114 req->StructureSize = cpu_to_le16(36); 6115 total_len += 12; 6116 6117 memcpy(req->LeaseKey, lease_key, 16); 6118 req->LeaseState = lease_state; 6119 6120 flags |= CIFS_NO_RSP_BUF; 6121 6122 iov[0].iov_base = (char *)req; 6123 iov[0].iov_len = total_len; 6124 6125 memset(&rqst, 0, sizeof(struct smb_rqst)); 6126 rqst.rq_iov = iov; 6127 rqst.rq_nvec = 1; 6128 6129 rc = cifs_send_recv(xid, ses, server, 6130 &rqst, &resp_buf_type, flags, &rsp_iov); 6131 cifs_small_buf_release(req); 6132 6133 please_key_low = (__u64 *)lease_key; 6134 please_key_high = (__u64 *)(lease_key+8); 6135 if (rc) { 6136 cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE); 6137 trace_smb3_lease_err(le32_to_cpu(lease_state), tcon->tid, 6138 ses->Suid, *please_key_low, *please_key_high, rc); 6139 cifs_dbg(FYI, "Send error in Lease Break = %d\n", rc); 6140 } else 6141 trace_smb3_lease_done(le32_to_cpu(lease_state), tcon->tid, 6142 ses->Suid, *please_key_low, *please_key_high); 6143 6144 return rc; 6145 } 6146