1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org> 4 * Copyright (C) 2019 Samsung Electronics Co., Ltd. 5 */ 6 7 #include <linux/fs.h> 8 #include <linux/filelock.h> 9 #include <linux/slab.h> 10 #include <linux/vmalloc.h> 11 #include <linux/kthread.h> 12 #include <linux/freezer.h> 13 14 #include "glob.h" 15 #include "vfs_cache.h" 16 #include "oplock.h" 17 #include "vfs.h" 18 #include "connection.h" 19 #include "misc.h" 20 #include "mgmt/tree_connect.h" 21 #include "mgmt/user_session.h" 22 #include "mgmt/user_config.h" 23 #include "smb_common.h" 24 #include "server.h" 25 #include "smb2pdu.h" 26 27 #define S_DEL_PENDING 1 28 #define S_DEL_ON_CLS 2 29 #define S_DEL_ON_CLS_STREAM 8 30 31 static unsigned int inode_hash_mask __read_mostly; 32 static unsigned int inode_hash_shift __read_mostly; 33 static struct hlist_head *inode_hashtable __read_mostly; 34 static DEFINE_RWLOCK(inode_hash_lock); 35 36 static struct ksmbd_file_table global_ft; 37 static atomic_long_t fd_limit; 38 static struct kmem_cache *filp_cache; 39 40 #define OPLOCK_NONE 0 41 #define OPLOCK_EXCLUSIVE 1 42 #define OPLOCK_BATCH 2 43 #define OPLOCK_READ 3 /* level 2 oplock */ 44 45 #ifdef CONFIG_PROC_FS 46 47 static const struct ksmbd_const_name ksmbd_lease_const_names[] = { 48 {le32_to_cpu(SMB2_LEASE_NONE_LE), "LEASE_NONE"}, 49 {le32_to_cpu(SMB2_LEASE_READ_CACHING_LE), "LEASE_R"}, 50 {le32_to_cpu(SMB2_LEASE_HANDLE_CACHING_LE), "LEASE_H"}, 51 {le32_to_cpu(SMB2_LEASE_WRITE_CACHING_LE), "LEASE_W"}, 52 {le32_to_cpu(SMB2_LEASE_READ_CACHING_LE | 53 SMB2_LEASE_HANDLE_CACHING_LE), "LEASE_RH"}, 54 {le32_to_cpu(SMB2_LEASE_READ_CACHING_LE | 55 SMB2_LEASE_WRITE_CACHING_LE), "LEASE_RW"}, 56 {le32_to_cpu(SMB2_LEASE_HANDLE_CACHING_LE | 57 SMB2_LEASE_WRITE_CACHING_LE), "LEASE_WH"}, 58 {le32_to_cpu(SMB2_LEASE_READ_CACHING_LE | 59 SMB2_LEASE_HANDLE_CACHING_LE | 60 SMB2_LEASE_WRITE_CACHING_LE), "LEASE_RWH"}, 61 }; 62 63 static const struct ksmbd_const_name ksmbd_oplock_const_names[] = { 64 {SMB2_OPLOCK_LEVEL_NONE, "OPLOCK_NONE"}, 65 {SMB2_OPLOCK_LEVEL_II, "OPLOCK_II"}, 66 {SMB2_OPLOCK_LEVEL_EXCLUSIVE, "OPLOCK_EXECL"}, 67 {SMB2_OPLOCK_LEVEL_BATCH, "OPLOCK_BATCH"}, 68 }; 69 70 static int proc_show_files(struct seq_file *m, void *v) 71 { 72 struct ksmbd_file *fp = NULL; 73 unsigned int id; 74 struct oplock_info *opinfo; 75 76 seq_printf(m, "#%-10s %-10s %-10s %-10s %-15s %-10s %-10s %s\n", 77 "<tree id>", "<pid>", "<vid>", "<refcnt>", 78 "<oplock>", "<daccess>", "<saccess>", 79 "<name>"); 80 81 read_lock(&global_ft.lock); 82 idr_for_each_entry(global_ft.idr, fp, id) { 83 seq_printf(m, "%#-10x %#-10llx %#-10llx %#-10x", 84 fp->tcon->id, 85 fp->persistent_id, 86 fp->volatile_id, 87 atomic_read(&fp->refcount)); 88 89 rcu_read_lock(); 90 opinfo = rcu_dereference(fp->f_opinfo); 91 if (opinfo) { 92 const struct ksmbd_const_name *const_names; 93 int count; 94 unsigned int level; 95 96 if (opinfo->is_lease) { 97 const_names = ksmbd_lease_const_names; 98 count = ARRAY_SIZE(ksmbd_lease_const_names); 99 level = le32_to_cpu(opinfo->o_lease->state); 100 } else { 101 const_names = ksmbd_oplock_const_names; 102 count = ARRAY_SIZE(ksmbd_oplock_const_names); 103 level = opinfo->level; 104 } 105 rcu_read_unlock(); 106 ksmbd_proc_show_const_name(m, " %-15s", 107 const_names, count, level); 108 } else { 109 rcu_read_unlock(); 110 seq_printf(m, " %-15s", " "); 111 } 112 113 seq_printf(m, " %#010x %#010x %s\n", 114 le32_to_cpu(fp->daccess), 115 le32_to_cpu(fp->saccess), 116 fp->filp->f_path.dentry->d_name.name); 117 } 118 read_unlock(&global_ft.lock); 119 return 0; 120 } 121 122 static int create_proc_files(void) 123 { 124 ksmbd_proc_create("files", proc_show_files, NULL); 125 return 0; 126 } 127 #else 128 static int create_proc_files(void) { return 0; } 129 #endif 130 131 static bool durable_scavenger_running; 132 static DEFINE_MUTEX(durable_scavenger_lock); 133 static wait_queue_head_t dh_wq; 134 135 void ksmbd_set_fd_limit(unsigned long limit) 136 { 137 limit = min(limit, get_max_files()); 138 atomic_long_set(&fd_limit, limit); 139 } 140 141 static bool fd_limit_depleted(void) 142 { 143 long v = atomic_long_dec_return(&fd_limit); 144 145 if (v >= 0) 146 return false; 147 atomic_long_inc(&fd_limit); 148 return true; 149 } 150 151 static void fd_limit_close(void) 152 { 153 atomic_long_inc(&fd_limit); 154 } 155 156 /* 157 * INODE hash 158 */ 159 160 static unsigned long inode_hash(struct super_block *sb, unsigned long hashval) 161 { 162 unsigned long tmp; 163 164 tmp = (hashval * (unsigned long)sb) ^ (GOLDEN_RATIO_PRIME + hashval) / 165 L1_CACHE_BYTES; 166 tmp = tmp ^ ((tmp ^ GOLDEN_RATIO_PRIME) >> inode_hash_shift); 167 return tmp & inode_hash_mask; 168 } 169 170 static struct ksmbd_inode *__ksmbd_inode_lookup(struct dentry *de) 171 { 172 struct hlist_head *head = inode_hashtable + 173 inode_hash(d_inode(de)->i_sb, (unsigned long)de); 174 struct ksmbd_inode *ci = NULL, *ret_ci = NULL; 175 176 hlist_for_each_entry(ci, head, m_hash) { 177 if (ci->m_de == de) { 178 if (atomic_inc_not_zero(&ci->m_count)) 179 ret_ci = ci; 180 break; 181 } 182 } 183 return ret_ci; 184 } 185 186 static struct ksmbd_inode *ksmbd_inode_lookup(struct ksmbd_file *fp) 187 { 188 return __ksmbd_inode_lookup(fp->filp->f_path.dentry); 189 } 190 191 struct ksmbd_inode *ksmbd_inode_lookup_lock(struct dentry *d) 192 { 193 struct ksmbd_inode *ci; 194 195 read_lock(&inode_hash_lock); 196 ci = __ksmbd_inode_lookup(d); 197 read_unlock(&inode_hash_lock); 198 199 return ci; 200 } 201 202 int ksmbd_query_inode_status(struct dentry *dentry) 203 { 204 struct ksmbd_inode *ci; 205 int ret = KSMBD_INODE_STATUS_UNKNOWN; 206 207 read_lock(&inode_hash_lock); 208 ci = __ksmbd_inode_lookup(dentry); 209 read_unlock(&inode_hash_lock); 210 if (!ci) 211 return ret; 212 213 down_read(&ci->m_lock); 214 if (ci->m_flags & (S_DEL_PENDING | S_DEL_ON_CLS)) 215 ret = KSMBD_INODE_STATUS_PENDING_DELETE; 216 else 217 ret = KSMBD_INODE_STATUS_OK; 218 up_read(&ci->m_lock); 219 220 atomic_dec(&ci->m_count); 221 return ret; 222 } 223 224 bool ksmbd_inode_pending_delete(struct ksmbd_file *fp) 225 { 226 struct ksmbd_inode *ci = fp->f_ci; 227 int ret; 228 229 down_read(&ci->m_lock); 230 ret = (ci->m_flags & (S_DEL_PENDING | S_DEL_ON_CLS)); 231 up_read(&ci->m_lock); 232 233 return ret; 234 } 235 236 void ksmbd_set_inode_pending_delete(struct ksmbd_file *fp) 237 { 238 struct ksmbd_inode *ci = fp->f_ci; 239 240 down_write(&ci->m_lock); 241 ci->m_flags |= S_DEL_PENDING; 242 up_write(&ci->m_lock); 243 } 244 245 void ksmbd_clear_inode_pending_delete(struct ksmbd_file *fp) 246 { 247 struct ksmbd_inode *ci = fp->f_ci; 248 249 down_write(&ci->m_lock); 250 ci->m_flags &= ~S_DEL_PENDING; 251 up_write(&ci->m_lock); 252 } 253 254 void ksmbd_fd_set_delete_on_close(struct ksmbd_file *fp, 255 int file_info) 256 { 257 struct ksmbd_inode *ci = fp->f_ci; 258 259 down_write(&ci->m_lock); 260 if (ksmbd_stream_fd(fp)) 261 ci->m_flags |= S_DEL_ON_CLS_STREAM; 262 else 263 ci->m_flags |= S_DEL_ON_CLS; 264 up_write(&ci->m_lock); 265 } 266 267 static void ksmbd_inode_hash(struct ksmbd_inode *ci) 268 { 269 struct hlist_head *b = inode_hashtable + 270 inode_hash(d_inode(ci->m_de)->i_sb, (unsigned long)ci->m_de); 271 272 hlist_add_head(&ci->m_hash, b); 273 } 274 275 static void ksmbd_inode_unhash(struct ksmbd_inode *ci) 276 { 277 write_lock(&inode_hash_lock); 278 hlist_del_init(&ci->m_hash); 279 write_unlock(&inode_hash_lock); 280 } 281 282 static int ksmbd_inode_init(struct ksmbd_inode *ci, struct ksmbd_file *fp) 283 { 284 atomic_set(&ci->m_count, 1); 285 atomic_set(&ci->op_count, 0); 286 atomic_set(&ci->sop_count, 0); 287 ci->m_flags = 0; 288 ci->m_fattr = 0; 289 INIT_LIST_HEAD(&ci->m_fp_list); 290 INIT_LIST_HEAD(&ci->m_op_list); 291 init_rwsem(&ci->m_lock); 292 ci->m_de = fp->filp->f_path.dentry; 293 return 0; 294 } 295 296 static struct ksmbd_inode *ksmbd_inode_get(struct ksmbd_file *fp) 297 { 298 struct ksmbd_inode *ci, *tmpci; 299 int rc; 300 301 read_lock(&inode_hash_lock); 302 ci = ksmbd_inode_lookup(fp); 303 read_unlock(&inode_hash_lock); 304 if (ci) 305 return ci; 306 307 ci = kmalloc_obj(struct ksmbd_inode, KSMBD_DEFAULT_GFP); 308 if (!ci) 309 return NULL; 310 311 rc = ksmbd_inode_init(ci, fp); 312 if (rc) { 313 pr_err("inode initialized failed\n"); 314 kfree(ci); 315 return NULL; 316 } 317 318 write_lock(&inode_hash_lock); 319 tmpci = ksmbd_inode_lookup(fp); 320 if (!tmpci) { 321 ksmbd_inode_hash(ci); 322 } else { 323 kfree(ci); 324 ci = tmpci; 325 } 326 write_unlock(&inode_hash_lock); 327 return ci; 328 } 329 330 static void ksmbd_inode_free(struct ksmbd_inode *ci) 331 { 332 ksmbd_inode_unhash(ci); 333 kfree(ci); 334 } 335 336 void ksmbd_inode_put(struct ksmbd_inode *ci) 337 { 338 if (atomic_dec_and_test(&ci->m_count)) 339 ksmbd_inode_free(ci); 340 } 341 342 int __init ksmbd_inode_hash_init(void) 343 { 344 unsigned int loop; 345 unsigned long numentries = 16384; 346 unsigned long bucketsize = sizeof(struct hlist_head); 347 unsigned long size; 348 349 inode_hash_shift = ilog2(numentries); 350 inode_hash_mask = (1 << inode_hash_shift) - 1; 351 352 size = bucketsize << inode_hash_shift; 353 354 /* init master fp hash table */ 355 inode_hashtable = vmalloc(size); 356 if (!inode_hashtable) 357 return -ENOMEM; 358 359 for (loop = 0; loop < (1U << inode_hash_shift); loop++) 360 INIT_HLIST_HEAD(&inode_hashtable[loop]); 361 return 0; 362 } 363 364 void ksmbd_release_inode_hash(void) 365 { 366 vfree(inode_hashtable); 367 } 368 369 static void __ksmbd_inode_close(struct ksmbd_file *fp) 370 { 371 struct ksmbd_inode *ci = fp->f_ci; 372 int err; 373 struct file *filp; 374 375 filp = fp->filp; 376 377 if (ksmbd_stream_fd(fp)) { 378 bool remove_stream_xattr = false; 379 380 down_write(&ci->m_lock); 381 if (ci->m_flags & S_DEL_ON_CLS_STREAM) { 382 ci->m_flags &= ~S_DEL_ON_CLS_STREAM; 383 remove_stream_xattr = true; 384 } 385 up_write(&ci->m_lock); 386 387 if (remove_stream_xattr) { 388 err = ksmbd_vfs_remove_xattr(file_mnt_idmap(filp), 389 &filp->f_path, 390 fp->stream.name, 391 true); 392 if (err) 393 pr_err("remove xattr failed : %s\n", 394 fp->stream.name); 395 } 396 } 397 398 if (atomic_dec_and_test(&ci->m_count)) { 399 bool do_unlink = false; 400 401 down_write(&ci->m_lock); 402 if (ci->m_flags & (S_DEL_ON_CLS | S_DEL_PENDING)) { 403 ci->m_flags &= ~(S_DEL_ON_CLS | S_DEL_PENDING); 404 do_unlink = true; 405 } 406 up_write(&ci->m_lock); 407 408 if (do_unlink) 409 ksmbd_vfs_unlink(filp); 410 411 ksmbd_inode_free(ci); 412 } 413 } 414 415 static void __ksmbd_remove_durable_fd(struct ksmbd_file *fp) 416 { 417 if (!has_file_id(fp->persistent_id)) 418 return; 419 420 idr_remove(global_ft.idr, fp->persistent_id); 421 } 422 423 static void ksmbd_remove_durable_fd(struct ksmbd_file *fp) 424 { 425 write_lock(&global_ft.lock); 426 __ksmbd_remove_durable_fd(fp); 427 write_unlock(&global_ft.lock); 428 if (waitqueue_active(&dh_wq)) 429 wake_up(&dh_wq); 430 } 431 432 static void __ksmbd_remove_fd(struct ksmbd_file_table *ft, struct ksmbd_file *fp) 433 { 434 if (!has_file_id(fp->volatile_id)) 435 return; 436 437 down_write(&fp->f_ci->m_lock); 438 list_del_init(&fp->node); 439 up_write(&fp->f_ci->m_lock); 440 441 write_lock(&ft->lock); 442 idr_remove(ft->idr, fp->volatile_id); 443 write_unlock(&ft->lock); 444 } 445 446 static void __ksmbd_close_fd(struct ksmbd_file_table *ft, struct ksmbd_file *fp) 447 { 448 struct file *filp; 449 struct ksmbd_lock *smb_lock, *tmp_lock; 450 451 fd_limit_close(); 452 ksmbd_remove_durable_fd(fp); 453 if (ft) 454 __ksmbd_remove_fd(ft, fp); 455 456 close_id_del_oplock(fp); 457 filp = fp->filp; 458 459 __ksmbd_inode_close(fp); 460 if (!IS_ERR_OR_NULL(filp)) 461 fput(filp); 462 463 /* because the reference count of fp is 0, it is guaranteed that 464 * there are not accesses to fp->lock_list. 465 */ 466 list_for_each_entry_safe(smb_lock, tmp_lock, &fp->lock_list, flist) { 467 if (!list_empty(&smb_lock->clist) && fp->conn) { 468 spin_lock(&fp->conn->llist_lock); 469 list_del(&smb_lock->clist); 470 spin_unlock(&fp->conn->llist_lock); 471 } 472 473 list_del(&smb_lock->flist); 474 locks_free_lock(smb_lock->fl); 475 kfree(smb_lock); 476 } 477 478 if (ksmbd_stream_fd(fp)) 479 kfree(fp->stream.name); 480 kfree(fp->owner.name); 481 482 kmem_cache_free(filp_cache, fp); 483 } 484 485 static struct ksmbd_file *ksmbd_fp_get(struct ksmbd_file *fp) 486 { 487 if (fp->f_state != FP_INITED) 488 return NULL; 489 490 if (!atomic_inc_not_zero(&fp->refcount)) 491 return NULL; 492 return fp; 493 } 494 495 static struct ksmbd_file *__ksmbd_lookup_fd(struct ksmbd_file_table *ft, 496 u64 id) 497 { 498 struct ksmbd_file *fp; 499 500 if (!has_file_id(id)) 501 return NULL; 502 503 read_lock(&ft->lock); 504 fp = idr_find(ft->idr, id); 505 if (fp) 506 fp = ksmbd_fp_get(fp); 507 read_unlock(&ft->lock); 508 return fp; 509 } 510 511 static void __put_fd_final(struct ksmbd_work *work, struct ksmbd_file *fp) 512 { 513 __ksmbd_close_fd(&work->sess->file_table, fp); 514 atomic_dec(&work->conn->stats.open_files_count); 515 } 516 517 static void set_close_state_blocked_works(struct ksmbd_file *fp) 518 { 519 struct ksmbd_work *cancel_work; 520 521 spin_lock(&fp->f_lock); 522 list_for_each_entry(cancel_work, &fp->blocked_works, 523 fp_entry) { 524 cancel_work->state = KSMBD_WORK_CLOSED; 525 cancel_work->cancel_fn(cancel_work->cancel_argv); 526 } 527 spin_unlock(&fp->f_lock); 528 } 529 530 int ksmbd_close_fd(struct ksmbd_work *work, u64 id) 531 { 532 struct ksmbd_file *fp; 533 struct ksmbd_file_table *ft; 534 535 if (!has_file_id(id)) 536 return 0; 537 538 ft = &work->sess->file_table; 539 write_lock(&ft->lock); 540 fp = idr_find(ft->idr, id); 541 if (fp) { 542 set_close_state_blocked_works(fp); 543 544 if (fp->f_state != FP_INITED) 545 fp = NULL; 546 else { 547 fp->f_state = FP_CLOSED; 548 if (!atomic_dec_and_test(&fp->refcount)) 549 fp = NULL; 550 } 551 } 552 write_unlock(&ft->lock); 553 554 if (!fp) 555 return -EINVAL; 556 557 __put_fd_final(work, fp); 558 return 0; 559 } 560 561 void ksmbd_fd_put(struct ksmbd_work *work, struct ksmbd_file *fp) 562 { 563 if (!fp) 564 return; 565 566 if (!atomic_dec_and_test(&fp->refcount)) 567 return; 568 __put_fd_final(work, fp); 569 } 570 571 static bool __sanity_check(struct ksmbd_tree_connect *tcon, struct ksmbd_file *fp) 572 { 573 if (!fp) 574 return false; 575 if (fp->tcon != tcon) 576 return false; 577 return true; 578 } 579 580 struct ksmbd_file *ksmbd_lookup_foreign_fd(struct ksmbd_work *work, u64 id) 581 { 582 return __ksmbd_lookup_fd(&work->sess->file_table, id); 583 } 584 585 struct ksmbd_file *ksmbd_lookup_fd_fast(struct ksmbd_work *work, u64 id) 586 { 587 struct ksmbd_file *fp = __ksmbd_lookup_fd(&work->sess->file_table, id); 588 589 if (__sanity_check(work->tcon, fp)) 590 return fp; 591 592 ksmbd_fd_put(work, fp); 593 return NULL; 594 } 595 596 struct ksmbd_file *ksmbd_lookup_fd_slow(struct ksmbd_work *work, u64 id, 597 u64 pid) 598 { 599 struct ksmbd_file *fp; 600 601 if (!has_file_id(id)) { 602 id = work->compound_fid; 603 pid = work->compound_pfid; 604 } 605 606 fp = __ksmbd_lookup_fd(&work->sess->file_table, id); 607 if (!__sanity_check(work->tcon, fp)) { 608 ksmbd_fd_put(work, fp); 609 return NULL; 610 } 611 if (fp->persistent_id != pid) { 612 ksmbd_fd_put(work, fp); 613 return NULL; 614 } 615 return fp; 616 } 617 618 struct ksmbd_file *ksmbd_lookup_global_fd(unsigned long long id) 619 { 620 return __ksmbd_lookup_fd(&global_ft, id); 621 } 622 623 struct ksmbd_file *ksmbd_lookup_durable_fd(unsigned long long id) 624 { 625 struct ksmbd_file *fp; 626 627 fp = __ksmbd_lookup_fd(&global_ft, id); 628 if (fp && (fp->conn || 629 (fp->durable_scavenger_timeout && 630 (fp->durable_scavenger_timeout < 631 jiffies_to_msecs(jiffies))))) { 632 ksmbd_put_durable_fd(fp); 633 fp = NULL; 634 } 635 636 return fp; 637 } 638 639 void ksmbd_put_durable_fd(struct ksmbd_file *fp) 640 { 641 if (!atomic_dec_and_test(&fp->refcount)) 642 return; 643 644 __ksmbd_close_fd(NULL, fp); 645 } 646 647 struct ksmbd_file *ksmbd_lookup_fd_cguid(char *cguid) 648 { 649 struct ksmbd_file *fp = NULL; 650 unsigned int id; 651 652 read_lock(&global_ft.lock); 653 idr_for_each_entry(global_ft.idr, fp, id) { 654 if (!memcmp(fp->create_guid, 655 cguid, 656 SMB2_CREATE_GUID_SIZE)) { 657 fp = ksmbd_fp_get(fp); 658 break; 659 } 660 } 661 read_unlock(&global_ft.lock); 662 663 return fp; 664 } 665 666 struct ksmbd_file *ksmbd_lookup_fd_inode(struct dentry *dentry) 667 { 668 struct ksmbd_file *lfp; 669 struct ksmbd_inode *ci; 670 struct inode *inode = d_inode(dentry); 671 672 read_lock(&inode_hash_lock); 673 ci = __ksmbd_inode_lookup(dentry); 674 read_unlock(&inode_hash_lock); 675 if (!ci) 676 return NULL; 677 678 down_read(&ci->m_lock); 679 list_for_each_entry(lfp, &ci->m_fp_list, node) { 680 if (inode == file_inode(lfp->filp)) { 681 atomic_dec(&ci->m_count); 682 lfp = ksmbd_fp_get(lfp); 683 up_read(&ci->m_lock); 684 return lfp; 685 } 686 } 687 atomic_dec(&ci->m_count); 688 up_read(&ci->m_lock); 689 return NULL; 690 } 691 692 #define OPEN_ID_TYPE_VOLATILE_ID (0) 693 #define OPEN_ID_TYPE_PERSISTENT_ID (1) 694 695 static void __open_id_set(struct ksmbd_file *fp, u64 id, int type) 696 { 697 if (type == OPEN_ID_TYPE_VOLATILE_ID) 698 fp->volatile_id = id; 699 if (type == OPEN_ID_TYPE_PERSISTENT_ID) 700 fp->persistent_id = id; 701 } 702 703 static int __open_id(struct ksmbd_file_table *ft, struct ksmbd_file *fp, 704 int type) 705 { 706 u64 id = 0; 707 int ret; 708 709 if (type == OPEN_ID_TYPE_VOLATILE_ID && fd_limit_depleted()) { 710 __open_id_set(fp, KSMBD_NO_FID, type); 711 return -EMFILE; 712 } 713 714 idr_preload(KSMBD_DEFAULT_GFP); 715 write_lock(&ft->lock); 716 ret = idr_alloc_cyclic(ft->idr, fp, 0, INT_MAX - 1, GFP_NOWAIT); 717 if (ret >= 0) { 718 id = ret; 719 ret = 0; 720 } else { 721 id = KSMBD_NO_FID; 722 fd_limit_close(); 723 } 724 725 __open_id_set(fp, id, type); 726 write_unlock(&ft->lock); 727 idr_preload_end(); 728 return ret; 729 } 730 731 unsigned int ksmbd_open_durable_fd(struct ksmbd_file *fp) 732 { 733 __open_id(&global_ft, fp, OPEN_ID_TYPE_PERSISTENT_ID); 734 return fp->persistent_id; 735 } 736 737 struct ksmbd_file *ksmbd_open_fd(struct ksmbd_work *work, struct file *filp) 738 { 739 struct ksmbd_file *fp; 740 int ret; 741 742 fp = kmem_cache_zalloc(filp_cache, KSMBD_DEFAULT_GFP); 743 if (!fp) { 744 pr_err("Failed to allocate memory\n"); 745 return ERR_PTR(-ENOMEM); 746 } 747 748 INIT_LIST_HEAD(&fp->blocked_works); 749 INIT_LIST_HEAD(&fp->node); 750 INIT_LIST_HEAD(&fp->lock_list); 751 spin_lock_init(&fp->f_lock); 752 atomic_set(&fp->refcount, 1); 753 754 fp->filp = filp; 755 fp->conn = work->conn; 756 fp->tcon = work->tcon; 757 fp->volatile_id = KSMBD_NO_FID; 758 fp->persistent_id = KSMBD_NO_FID; 759 fp->f_state = FP_NEW; 760 fp->f_ci = ksmbd_inode_get(fp); 761 762 if (!fp->f_ci) { 763 ret = -ENOMEM; 764 goto err_out; 765 } 766 767 ret = __open_id(&work->sess->file_table, fp, OPEN_ID_TYPE_VOLATILE_ID); 768 if (ret) { 769 ksmbd_inode_put(fp->f_ci); 770 goto err_out; 771 } 772 773 atomic_inc(&work->conn->stats.open_files_count); 774 return fp; 775 776 err_out: 777 kmem_cache_free(filp_cache, fp); 778 return ERR_PTR(ret); 779 } 780 781 void ksmbd_update_fstate(struct ksmbd_file_table *ft, struct ksmbd_file *fp, 782 unsigned int state) 783 { 784 if (!fp) 785 return; 786 787 write_lock(&ft->lock); 788 fp->f_state = state; 789 write_unlock(&ft->lock); 790 } 791 792 static int 793 __close_file_table_ids(struct ksmbd_session *sess, 794 struct ksmbd_tree_connect *tcon, 795 bool (*skip)(struct ksmbd_tree_connect *tcon, 796 struct ksmbd_file *fp, 797 struct ksmbd_user *user)) 798 { 799 struct ksmbd_file_table *ft = &sess->file_table; 800 struct ksmbd_file *fp; 801 unsigned int id = 0; 802 int num = 0; 803 804 while (1) { 805 write_lock(&ft->lock); 806 fp = idr_get_next(ft->idr, &id); 807 if (!fp) { 808 write_unlock(&ft->lock); 809 break; 810 } 811 812 if (skip(tcon, fp, sess->user) || 813 !atomic_dec_and_test(&fp->refcount)) { 814 id++; 815 write_unlock(&ft->lock); 816 continue; 817 } 818 819 set_close_state_blocked_works(fp); 820 idr_remove(ft->idr, fp->volatile_id); 821 fp->volatile_id = KSMBD_NO_FID; 822 write_unlock(&ft->lock); 823 824 down_write(&fp->f_ci->m_lock); 825 list_del_init(&fp->node); 826 up_write(&fp->f_ci->m_lock); 827 828 __ksmbd_close_fd(ft, fp); 829 830 num++; 831 id++; 832 } 833 834 return num; 835 } 836 837 static inline bool is_reconnectable(struct ksmbd_file *fp) 838 { 839 struct oplock_info *opinfo = opinfo_get(fp); 840 bool reconn = false; 841 842 if (!opinfo) 843 return false; 844 845 if (opinfo->op_state != OPLOCK_STATE_NONE) { 846 opinfo_put(opinfo); 847 return false; 848 } 849 850 if (fp->is_resilient || fp->is_persistent) 851 reconn = true; 852 else if (fp->is_durable && opinfo->is_lease && 853 opinfo->o_lease->state & SMB2_LEASE_HANDLE_CACHING_LE) 854 reconn = true; 855 856 else if (fp->is_durable && opinfo->level == SMB2_OPLOCK_LEVEL_BATCH) 857 reconn = true; 858 859 opinfo_put(opinfo); 860 return reconn; 861 } 862 863 static bool tree_conn_fd_check(struct ksmbd_tree_connect *tcon, 864 struct ksmbd_file *fp, 865 struct ksmbd_user *user) 866 { 867 return fp->tcon != tcon; 868 } 869 870 static bool ksmbd_durable_scavenger_alive(void) 871 { 872 if (!durable_scavenger_running) 873 return false; 874 875 if (kthread_should_stop()) 876 return false; 877 878 if (idr_is_empty(global_ft.idr)) 879 return false; 880 881 return true; 882 } 883 884 static void ksmbd_scavenger_dispose_dh(struct list_head *head) 885 { 886 while (!list_empty(head)) { 887 struct ksmbd_file *fp; 888 889 fp = list_first_entry(head, struct ksmbd_file, node); 890 list_del_init(&fp->node); 891 __ksmbd_close_fd(NULL, fp); 892 } 893 } 894 895 static int ksmbd_durable_scavenger(void *dummy) 896 { 897 struct ksmbd_file *fp = NULL; 898 unsigned int id; 899 unsigned int min_timeout = 1; 900 bool found_fp_timeout; 901 LIST_HEAD(scavenger_list); 902 unsigned long remaining_jiffies; 903 904 __module_get(THIS_MODULE); 905 906 set_freezable(); 907 while (ksmbd_durable_scavenger_alive()) { 908 if (try_to_freeze()) 909 continue; 910 911 found_fp_timeout = false; 912 913 remaining_jiffies = wait_event_timeout(dh_wq, 914 ksmbd_durable_scavenger_alive() == false, 915 __msecs_to_jiffies(min_timeout)); 916 if (remaining_jiffies) 917 min_timeout = jiffies_to_msecs(remaining_jiffies); 918 else 919 min_timeout = DURABLE_HANDLE_MAX_TIMEOUT; 920 921 write_lock(&global_ft.lock); 922 idr_for_each_entry(global_ft.idr, fp, id) { 923 if (!fp->durable_timeout) 924 continue; 925 926 if (atomic_read(&fp->refcount) > 1 || 927 fp->conn) 928 continue; 929 930 found_fp_timeout = true; 931 if (fp->durable_scavenger_timeout <= 932 jiffies_to_msecs(jiffies)) { 933 __ksmbd_remove_durable_fd(fp); 934 list_add(&fp->node, &scavenger_list); 935 } else { 936 unsigned long durable_timeout; 937 938 durable_timeout = 939 fp->durable_scavenger_timeout - 940 jiffies_to_msecs(jiffies); 941 942 if (min_timeout > durable_timeout) 943 min_timeout = durable_timeout; 944 } 945 } 946 write_unlock(&global_ft.lock); 947 948 ksmbd_scavenger_dispose_dh(&scavenger_list); 949 950 if (found_fp_timeout == false) 951 break; 952 } 953 954 durable_scavenger_running = false; 955 956 module_put(THIS_MODULE); 957 958 return 0; 959 } 960 961 void ksmbd_launch_ksmbd_durable_scavenger(void) 962 { 963 if (!(server_conf.flags & KSMBD_GLOBAL_FLAG_DURABLE_HANDLE)) 964 return; 965 966 mutex_lock(&durable_scavenger_lock); 967 if (durable_scavenger_running == true) { 968 mutex_unlock(&durable_scavenger_lock); 969 return; 970 } 971 972 durable_scavenger_running = true; 973 974 server_conf.dh_task = kthread_run(ksmbd_durable_scavenger, 975 (void *)NULL, "ksmbd-durable-scavenger"); 976 if (IS_ERR(server_conf.dh_task)) 977 pr_err("cannot start conn thread, err : %ld\n", 978 PTR_ERR(server_conf.dh_task)); 979 mutex_unlock(&durable_scavenger_lock); 980 } 981 982 void ksmbd_stop_durable_scavenger(void) 983 { 984 if (!(server_conf.flags & KSMBD_GLOBAL_FLAG_DURABLE_HANDLE)) 985 return; 986 987 mutex_lock(&durable_scavenger_lock); 988 if (!durable_scavenger_running) { 989 mutex_unlock(&durable_scavenger_lock); 990 return; 991 } 992 993 durable_scavenger_running = false; 994 if (waitqueue_active(&dh_wq)) 995 wake_up(&dh_wq); 996 mutex_unlock(&durable_scavenger_lock); 997 kthread_stop(server_conf.dh_task); 998 } 999 1000 /* 1001 * ksmbd_vfs_copy_durable_owner - Copy owner info for durable reconnect 1002 * @fp: ksmbd file pointer to store owner info 1003 * @user: user pointer to copy from 1004 * 1005 * This function binds the current user's identity to the file handle 1006 * to satisfy MS-SMB2 Step 8 (SecurityContext matching) during reconnect. 1007 * 1008 * Return: 0 on success, or negative error code on failure 1009 */ 1010 static int ksmbd_vfs_copy_durable_owner(struct ksmbd_file *fp, 1011 struct ksmbd_user *user) 1012 { 1013 if (!user) 1014 return -EINVAL; 1015 1016 /* Duplicate the user name to ensure identity persistence */ 1017 fp->owner.name = kstrdup(user->name, GFP_KERNEL); 1018 if (!fp->owner.name) 1019 return -ENOMEM; 1020 1021 fp->owner.uid = user->uid; 1022 fp->owner.gid = user->gid; 1023 1024 return 0; 1025 } 1026 1027 /** 1028 * ksmbd_vfs_compare_durable_owner - Verify if the requester is original owner 1029 * @fp: existing ksmbd file pointer 1030 * @user: user pointer of the reconnect requester 1031 * 1032 * Compares the UID, GID, and name of the current requester against the 1033 * original owner stored in the file handle. 1034 * 1035 * Return: true if the user matches, false otherwise 1036 */ 1037 bool ksmbd_vfs_compare_durable_owner(struct ksmbd_file *fp, 1038 struct ksmbd_user *user) 1039 { 1040 if (!user || !fp->owner.name) 1041 return false; 1042 1043 /* Check if the UID and GID match first (fast path) */ 1044 if (fp->owner.uid != user->uid || fp->owner.gid != user->gid) 1045 return false; 1046 1047 /* Validate the account name to ensure the same SecurityContext */ 1048 if (strcmp(fp->owner.name, user->name)) 1049 return false; 1050 1051 return true; 1052 } 1053 1054 static bool session_fd_check(struct ksmbd_tree_connect *tcon, 1055 struct ksmbd_file *fp, struct ksmbd_user *user) 1056 { 1057 struct ksmbd_inode *ci; 1058 struct oplock_info *op; 1059 struct ksmbd_conn *conn; 1060 struct ksmbd_lock *smb_lock, *tmp_lock; 1061 1062 if (!is_reconnectable(fp)) 1063 return false; 1064 1065 if (ksmbd_vfs_copy_durable_owner(fp, user)) 1066 return false; 1067 1068 conn = fp->conn; 1069 ci = fp->f_ci; 1070 down_write(&ci->m_lock); 1071 list_for_each_entry_rcu(op, &ci->m_op_list, op_entry) { 1072 if (op->conn != conn) 1073 continue; 1074 if (op->conn && atomic_dec_and_test(&op->conn->refcnt)) 1075 kfree(op->conn); 1076 op->conn = NULL; 1077 } 1078 up_write(&ci->m_lock); 1079 1080 list_for_each_entry_safe(smb_lock, tmp_lock, &fp->lock_list, flist) { 1081 spin_lock(&fp->conn->llist_lock); 1082 list_del_init(&smb_lock->clist); 1083 spin_unlock(&fp->conn->llist_lock); 1084 } 1085 1086 fp->conn = NULL; 1087 fp->tcon = NULL; 1088 fp->volatile_id = KSMBD_NO_FID; 1089 1090 if (fp->durable_timeout) 1091 fp->durable_scavenger_timeout = 1092 jiffies_to_msecs(jiffies) + fp->durable_timeout; 1093 1094 return true; 1095 } 1096 1097 void ksmbd_close_tree_conn_fds(struct ksmbd_work *work) 1098 { 1099 int num = __close_file_table_ids(work->sess, 1100 work->tcon, 1101 tree_conn_fd_check); 1102 1103 atomic_sub(num, &work->conn->stats.open_files_count); 1104 } 1105 1106 void ksmbd_close_session_fds(struct ksmbd_work *work) 1107 { 1108 int num = __close_file_table_ids(work->sess, 1109 work->tcon, 1110 session_fd_check); 1111 1112 atomic_sub(num, &work->conn->stats.open_files_count); 1113 } 1114 1115 int ksmbd_init_global_file_table(void) 1116 { 1117 create_proc_files(); 1118 return ksmbd_init_file_table(&global_ft); 1119 } 1120 1121 void ksmbd_free_global_file_table(void) 1122 { 1123 struct ksmbd_file *fp = NULL; 1124 unsigned int id; 1125 1126 idr_for_each_entry(global_ft.idr, fp, id) { 1127 ksmbd_remove_durable_fd(fp); 1128 __ksmbd_close_fd(NULL, fp); 1129 } 1130 1131 idr_destroy(global_ft.idr); 1132 kfree(global_ft.idr); 1133 } 1134 1135 int ksmbd_validate_name_reconnect(struct ksmbd_share_config *share, 1136 struct ksmbd_file *fp, char *name) 1137 { 1138 char *pathname, *ab_pathname; 1139 int ret = 0; 1140 1141 pathname = kmalloc(PATH_MAX, KSMBD_DEFAULT_GFP); 1142 if (!pathname) 1143 return -EACCES; 1144 1145 ab_pathname = d_path(&fp->filp->f_path, pathname, PATH_MAX); 1146 if (IS_ERR(ab_pathname)) { 1147 kfree(pathname); 1148 return -EACCES; 1149 } 1150 1151 if (name && strcmp(&ab_pathname[share->path_sz + 1], name)) { 1152 ksmbd_debug(SMB, "invalid name reconnect %s\n", name); 1153 ret = -EINVAL; 1154 } 1155 1156 kfree(pathname); 1157 1158 return ret; 1159 } 1160 1161 int ksmbd_reopen_durable_fd(struct ksmbd_work *work, struct ksmbd_file *fp) 1162 { 1163 struct ksmbd_inode *ci; 1164 struct oplock_info *op; 1165 struct ksmbd_conn *conn = work->conn; 1166 struct ksmbd_lock *smb_lock; 1167 unsigned int old_f_state; 1168 1169 if (!fp->is_durable || fp->conn || fp->tcon) { 1170 pr_err("Invalid durable fd [%p:%p]\n", fp->conn, fp->tcon); 1171 return -EBADF; 1172 } 1173 1174 if (has_file_id(fp->volatile_id)) { 1175 pr_err("Still in use durable fd: %llu\n", fp->volatile_id); 1176 return -EBADF; 1177 } 1178 1179 old_f_state = fp->f_state; 1180 fp->f_state = FP_NEW; 1181 __open_id(&work->sess->file_table, fp, OPEN_ID_TYPE_VOLATILE_ID); 1182 if (!has_file_id(fp->volatile_id)) { 1183 fp->f_state = old_f_state; 1184 return -EBADF; 1185 } 1186 1187 fp->conn = conn; 1188 fp->tcon = work->tcon; 1189 1190 list_for_each_entry(smb_lock, &fp->lock_list, flist) { 1191 spin_lock(&conn->llist_lock); 1192 list_add_tail(&smb_lock->clist, &conn->lock_list); 1193 spin_unlock(&conn->llist_lock); 1194 } 1195 1196 ci = fp->f_ci; 1197 down_write(&ci->m_lock); 1198 list_for_each_entry_rcu(op, &ci->m_op_list, op_entry) { 1199 if (op->conn) 1200 continue; 1201 op->conn = fp->conn; 1202 atomic_inc(&op->conn->refcnt); 1203 } 1204 up_write(&ci->m_lock); 1205 1206 fp->owner.uid = fp->owner.gid = 0; 1207 kfree(fp->owner.name); 1208 fp->owner.name = NULL; 1209 1210 return 0; 1211 } 1212 1213 int ksmbd_init_file_table(struct ksmbd_file_table *ft) 1214 { 1215 ft->idr = kzalloc_obj(struct idr, KSMBD_DEFAULT_GFP); 1216 if (!ft->idr) 1217 return -ENOMEM; 1218 1219 idr_init(ft->idr); 1220 rwlock_init(&ft->lock); 1221 return 0; 1222 } 1223 1224 void ksmbd_destroy_file_table(struct ksmbd_session *sess) 1225 { 1226 struct ksmbd_file_table *ft = &sess->file_table; 1227 1228 if (!ft->idr) 1229 return; 1230 1231 __close_file_table_ids(sess, NULL, session_fd_check); 1232 idr_destroy(ft->idr); 1233 kfree(ft->idr); 1234 ft->idr = NULL; 1235 } 1236 1237 int ksmbd_init_file_cache(void) 1238 { 1239 filp_cache = kmem_cache_create("ksmbd_file_cache", 1240 sizeof(struct ksmbd_file), 0, 1241 SLAB_HWCACHE_ALIGN, NULL); 1242 if (!filp_cache) 1243 goto out; 1244 1245 init_waitqueue_head(&dh_wq); 1246 1247 return 0; 1248 1249 out: 1250 pr_err("failed to allocate file cache\n"); 1251 return -ENOMEM; 1252 } 1253 1254 void ksmbd_exit_file_cache(void) 1255 { 1256 kmem_cache_destroy(filp_cache); 1257 } 1258