1 // SPDX-License-Identifier: LGPL-2.1 2 /* 3 * 4 * Copyright (C) International Business Machines Corp., 2009, 2013 5 * Etersoft, 2012 6 * Author(s): Steve French (sfrench@us.ibm.com) 7 * Pavel Shilovsky (pshilovsky@samba.org) 2012 8 * 9 * Contains the routines for constructing the SMB2 PDUs themselves 10 * 11 */ 12 13 /* SMB2 PDU handling routines here - except for leftovers (eg session setup) */ 14 /* Note that there are handle based routines which must be */ 15 /* treated slightly differently for reconnection purposes since we never */ 16 /* want to reuse a stale file handle and only the caller knows the file info */ 17 18 #include <linux/fs.h> 19 #include <linux/kernel.h> 20 #include <linux/vfs.h> 21 #include <linux/task_io_accounting_ops.h> 22 #include <linux/uaccess.h> 23 #include <linux/uuid.h> 24 #include <linux/pagemap.h> 25 #include <linux/xattr.h> 26 #include <linux/netfs.h> 27 #include <trace/events/netfs.h> 28 #include "cifsglob.h" 29 #include "cifsacl.h" 30 #include "cifsproto.h" 31 #include "smb2proto.h" 32 #include "cifs_unicode.h" 33 #include "cifs_debug.h" 34 #include "ntlmssp.h" 35 #include "../common/smb2status.h" 36 #include "smb2glob.h" 37 #include "cifspdu.h" 38 #include "cifs_spnego.h" 39 #include "smbdirect.h" 40 #include "trace.h" 41 #ifdef CONFIG_CIFS_DFS_UPCALL 42 #include "dfs_cache.h" 43 #endif 44 #include "cached_dir.h" 45 #include "compress.h" 46 #include "fs_context.h" 47 48 /* 49 * The following table defines the expected "StructureSize" of SMB2 requests 50 * in order by SMB2 command. This is similar to "wct" in SMB/CIFS requests. 51 * 52 * Note that commands are defined in smb2pdu.h in le16 but the array below is 53 * indexed by command in host byte order. 54 */ 55 static const int smb2_req_struct_sizes[NUMBER_OF_SMB2_COMMANDS] = { 56 /* SMB2_NEGOTIATE */ 36, 57 /* SMB2_SESSION_SETUP */ 25, 58 /* SMB2_LOGOFF */ 4, 59 /* SMB2_TREE_CONNECT */ 9, 60 /* SMB2_TREE_DISCONNECT */ 4, 61 /* SMB2_CREATE */ 57, 62 /* SMB2_CLOSE */ 24, 63 /* SMB2_FLUSH */ 24, 64 /* SMB2_READ */ 49, 65 /* SMB2_WRITE */ 49, 66 /* SMB2_LOCK */ 48, 67 /* SMB2_IOCTL */ 57, 68 /* SMB2_CANCEL */ 4, 69 /* SMB2_ECHO */ 4, 70 /* SMB2_QUERY_DIRECTORY */ 33, 71 /* SMB2_CHANGE_NOTIFY */ 32, 72 /* SMB2_QUERY_INFO */ 41, 73 /* SMB2_SET_INFO */ 33, 74 /* SMB2_OPLOCK_BREAK */ 24 /* BB this is 36 for LEASE_BREAK variant */ 75 }; 76 smb3_encryption_required(const struct cifs_tcon * tcon)77 int smb3_encryption_required(const struct cifs_tcon *tcon) 78 { 79 if (!tcon || !tcon->ses) 80 return 0; 81 if ((tcon->ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) || 82 (tcon->share_flags & SHI1005_FLAGS_ENCRYPT_DATA)) 83 return 1; 84 if (tcon->seal && 85 (tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) 86 return 1; 87 if (((global_secflags & CIFSSEC_MUST_SEAL) == CIFSSEC_MUST_SEAL) && 88 (tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) 89 return 1; 90 return 0; 91 } 92 93 static void smb2_hdr_assemble(struct smb2_hdr * shdr,__le16 smb2_cmd,const struct cifs_tcon * tcon,struct TCP_Server_Info * server)94 smb2_hdr_assemble(struct smb2_hdr *shdr, __le16 smb2_cmd, 95 const struct cifs_tcon *tcon, 96 struct TCP_Server_Info *server) 97 { 98 struct smb3_hdr_req *smb3_hdr; 99 100 shdr->ProtocolId = SMB2_PROTO_NUMBER; 101 shdr->StructureSize = cpu_to_le16(64); 102 shdr->Command = smb2_cmd; 103 104 if (server) { 105 /* After reconnect SMB3 must set ChannelSequence on subsequent reqs */ 106 if (server->dialect >= SMB30_PROT_ID) { 107 smb3_hdr = (struct smb3_hdr_req *)shdr; 108 /* 109 * if primary channel is not set yet, use default 110 * channel for chan sequence num 111 */ 112 if (SERVER_IS_CHAN(server)) 113 smb3_hdr->ChannelSequence = 114 cpu_to_le16(server->primary_server->channel_sequence_num); 115 else 116 smb3_hdr->ChannelSequence = 117 cpu_to_le16(server->channel_sequence_num); 118 } 119 spin_lock(&server->req_lock); 120 /* Request up to 10 credits but don't go over the limit. */ 121 if (server->credits >= server->max_credits) 122 shdr->CreditRequest = cpu_to_le16(0); 123 else 124 shdr->CreditRequest = cpu_to_le16( 125 min_t(int, server->max_credits - 126 server->credits, 10)); 127 spin_unlock(&server->req_lock); 128 } else { 129 shdr->CreditRequest = cpu_to_le16(2); 130 } 131 shdr->Id.SyncId.ProcessId = cpu_to_le32((__u16)current->tgid); 132 133 if (!tcon) 134 goto out; 135 136 /* GLOBAL_CAP_LARGE_MTU will only be set if dialect > SMB2.02 */ 137 /* See sections 2.2.4 and 3.2.4.1.5 of MS-SMB2 */ 138 if (server && (server->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU)) 139 shdr->CreditCharge = cpu_to_le16(1); 140 /* else CreditCharge MBZ */ 141 142 shdr->Id.SyncId.TreeId = cpu_to_le32(tcon->tid); 143 /* Uid is not converted */ 144 if (tcon->ses) 145 shdr->SessionId = cpu_to_le64(tcon->ses->Suid); 146 147 /* 148 * If we would set SMB2_FLAGS_DFS_OPERATIONS on open we also would have 149 * to pass the path on the Open SMB prefixed by \\server\share. 150 * Not sure when we would need to do the augmented path (if ever) and 151 * setting this flag breaks the SMB2 open operation since it is 152 * illegal to send an empty path name (without \\server\share prefix) 153 * when the DFS flag is set in the SMB open header. We could 154 * consider setting the flag on all operations other than open 155 * but it is safer to net set it for now. 156 */ 157 /* if (tcon->share_flags & SHI1005_FLAGS_DFS) 158 shdr->Flags |= SMB2_FLAGS_DFS_OPERATIONS; */ 159 160 if (server && server->sign && !smb3_encryption_required(tcon)) 161 shdr->Flags |= SMB2_FLAGS_SIGNED; 162 out: 163 return; 164 } 165 166 /* helper function for code reuse */ 167 static int cifs_chan_skip_or_disable(struct cifs_ses * ses,struct TCP_Server_Info * server,bool from_reconnect)168 cifs_chan_skip_or_disable(struct cifs_ses *ses, 169 struct TCP_Server_Info *server, 170 bool from_reconnect) 171 { 172 struct TCP_Server_Info *pserver; 173 unsigned int chan_index; 174 175 if (SERVER_IS_CHAN(server)) { 176 cifs_dbg(VFS, 177 "server %s does not support multichannel anymore. Skip secondary channel\n", 178 ses->server->hostname); 179 180 spin_lock(&ses->chan_lock); 181 chan_index = cifs_ses_get_chan_index(ses, server); 182 if (chan_index == CIFS_INVAL_CHAN_INDEX) { 183 spin_unlock(&ses->chan_lock); 184 goto skip_terminate; 185 } 186 187 ses->chans[chan_index].server = NULL; 188 server->terminate = true; 189 spin_unlock(&ses->chan_lock); 190 191 /* 192 * the above reference of server by channel 193 * needs to be dropped without holding chan_lock 194 * as cifs_put_tcp_session takes a higher lock 195 * i.e. cifs_tcp_ses_lock 196 */ 197 cifs_put_tcp_session(server, from_reconnect); 198 199 cifs_signal_cifsd_for_reconnect(server, false); 200 201 /* mark primary server as needing reconnect */ 202 pserver = server->primary_server; 203 cifs_signal_cifsd_for_reconnect(pserver, false); 204 skip_terminate: 205 return -EHOSTDOWN; 206 } 207 208 cifs_server_dbg(VFS, 209 "server does not support multichannel anymore. Disable all other channels\n"); 210 cifs_disable_secondary_channels(ses); 211 212 213 return 0; 214 } 215 216 static int smb2_reconnect(__le16 smb2_command,struct cifs_tcon * tcon,struct TCP_Server_Info * server,bool from_reconnect)217 smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon, 218 struct TCP_Server_Info *server, bool from_reconnect) 219 { 220 struct cifs_ses *ses; 221 int xid; 222 int rc = 0; 223 224 /* 225 * SMB2s NegProt, SessSetup, Logoff do not have tcon yet so 226 * check for tcp and smb session status done differently 227 * for those three - in the calling routine. 228 */ 229 if (tcon == NULL) 230 return 0; 231 232 if (smb2_command == SMB2_TREE_CONNECT) 233 return 0; 234 235 spin_lock(&tcon->tc_lock); 236 if (tcon->status == TID_EXITING) { 237 /* 238 * only tree disconnect allowed when disconnecting ... 239 */ 240 if (smb2_command != SMB2_TREE_DISCONNECT) { 241 spin_unlock(&tcon->tc_lock); 242 cifs_dbg(FYI, "can not send cmd %d while umounting\n", 243 smb2_command); 244 return -ENODEV; 245 } 246 } 247 spin_unlock(&tcon->tc_lock); 248 249 ses = tcon->ses; 250 if (!ses) 251 return -EIO; 252 spin_lock(&ses->ses_lock); 253 if (ses->ses_status == SES_EXITING) { 254 spin_unlock(&ses->ses_lock); 255 return -EIO; 256 } 257 spin_unlock(&ses->ses_lock); 258 if (!ses->server || !server) 259 return -EIO; 260 261 spin_lock(&server->srv_lock); 262 if (server->tcpStatus == CifsNeedReconnect) { 263 /* 264 * Return to caller for TREE_DISCONNECT and LOGOFF and CLOSE 265 * here since they are implicitly done when session drops. 266 */ 267 switch (smb2_command) { 268 /* 269 * BB Should we keep oplock break and add flush to exceptions? 270 */ 271 case SMB2_TREE_DISCONNECT: 272 case SMB2_CANCEL: 273 case SMB2_CLOSE: 274 case SMB2_OPLOCK_BREAK: 275 spin_unlock(&server->srv_lock); 276 return -EAGAIN; 277 } 278 } 279 280 /* if server is marked for termination, cifsd will cleanup */ 281 if (server->terminate) { 282 spin_unlock(&server->srv_lock); 283 return -EHOSTDOWN; 284 } 285 spin_unlock(&server->srv_lock); 286 287 again: 288 rc = cifs_wait_for_server_reconnect(server, tcon->retry); 289 if (rc) 290 return rc; 291 292 spin_lock(&ses->chan_lock); 293 if (!cifs_chan_needs_reconnect(ses, server) && !tcon->need_reconnect) { 294 spin_unlock(&ses->chan_lock); 295 return 0; 296 } 297 spin_unlock(&ses->chan_lock); 298 cifs_dbg(FYI, "sess reconnect mask: 0x%lx, tcon reconnect: %d", 299 tcon->ses->chans_need_reconnect, 300 tcon->need_reconnect); 301 302 mutex_lock(&ses->session_mutex); 303 /* 304 * Handle the case where a concurrent thread failed to negotiate or 305 * killed a channel. 306 */ 307 spin_lock(&server->srv_lock); 308 switch (server->tcpStatus) { 309 case CifsExiting: 310 spin_unlock(&server->srv_lock); 311 mutex_unlock(&ses->session_mutex); 312 return -EHOSTDOWN; 313 case CifsNeedReconnect: 314 spin_unlock(&server->srv_lock); 315 mutex_unlock(&ses->session_mutex); 316 if (!tcon->retry) 317 return -EHOSTDOWN; 318 goto again; 319 default: 320 break; 321 } 322 spin_unlock(&server->srv_lock); 323 324 /* 325 * need to prevent multiple threads trying to simultaneously 326 * reconnect the same SMB session 327 */ 328 spin_lock(&ses->ses_lock); 329 spin_lock(&ses->chan_lock); 330 if (!cifs_chan_needs_reconnect(ses, server) && 331 ses->ses_status == SES_GOOD) { 332 spin_unlock(&ses->chan_lock); 333 spin_unlock(&ses->ses_lock); 334 /* this means that we only need to tree connect */ 335 if (tcon->need_reconnect) 336 goto skip_sess_setup; 337 338 mutex_unlock(&ses->session_mutex); 339 goto out; 340 } 341 spin_unlock(&ses->chan_lock); 342 spin_unlock(&ses->ses_lock); 343 344 rc = cifs_negotiate_protocol(0, ses, server); 345 if (rc) { 346 mutex_unlock(&ses->session_mutex); 347 if (!tcon->retry) 348 return -EHOSTDOWN; 349 goto again; 350 } 351 /* 352 * if server stopped supporting multichannel 353 * and the first channel reconnected, disable all the others. 354 */ 355 if (ses->chan_count > 1 && 356 !(server->capabilities & SMB2_GLOBAL_CAP_MULTI_CHANNEL)) { 357 rc = cifs_chan_skip_or_disable(ses, server, 358 from_reconnect); 359 if (rc) { 360 mutex_unlock(&ses->session_mutex); 361 goto out; 362 } 363 } 364 365 rc = cifs_setup_session(0, ses, server, ses->local_nls); 366 if ((rc == -EACCES) || (rc == -EKEYEXPIRED) || (rc == -EKEYREVOKED)) { 367 /* 368 * Try alternate password for next reconnect (key rotation 369 * could be enabled on the server e.g.) if an alternate 370 * password is available and the current password is expired, 371 * but do not swap on non pwd related errors like host down 372 */ 373 if (ses->password2) 374 swap(ses->password2, ses->password); 375 } 376 if (rc) { 377 mutex_unlock(&ses->session_mutex); 378 if (rc == -EACCES && !tcon->retry) 379 return -EHOSTDOWN; 380 goto out; 381 } 382 383 skip_sess_setup: 384 if (!tcon->need_reconnect) { 385 mutex_unlock(&ses->session_mutex); 386 goto out; 387 } 388 cifs_mark_open_files_invalid(tcon); 389 if (tcon->use_persistent) 390 tcon->need_reopen_files = true; 391 392 rc = cifs_tree_connect(0, tcon); 393 394 cifs_dbg(FYI, "reconnect tcon rc = %d\n", rc); 395 if (rc) { 396 /* If sess reconnected but tcon didn't, something strange ... */ 397 mutex_unlock(&ses->session_mutex); 398 cifs_dbg(VFS, "reconnect tcon failed rc = %d\n", rc); 399 goto out; 400 } 401 402 spin_lock(&ses->ses_lock); 403 if (ses->flags & CIFS_SES_FLAG_SCALE_CHANNELS) { 404 spin_unlock(&ses->ses_lock); 405 mutex_unlock(&ses->session_mutex); 406 goto skip_add_channels; 407 } 408 ses->flags |= CIFS_SES_FLAG_SCALE_CHANNELS; 409 spin_unlock(&ses->ses_lock); 410 411 if (!rc && 412 (server->capabilities & SMB2_GLOBAL_CAP_MULTI_CHANNEL) && 413 server->ops->query_server_interfaces) { 414 mutex_unlock(&ses->session_mutex); 415 416 /* 417 * query server network interfaces, in case they change 418 */ 419 xid = get_xid(); 420 rc = server->ops->query_server_interfaces(xid, tcon, false); 421 free_xid(xid); 422 423 if (rc == -EOPNOTSUPP && ses->chan_count > 1) { 424 /* 425 * some servers like Azure SMB server do not advertise 426 * that multichannel has been disabled with server 427 * capabilities, rather return STATUS_NOT_IMPLEMENTED. 428 * treat this as server not supporting multichannel 429 */ 430 431 rc = cifs_chan_skip_or_disable(ses, server, 432 from_reconnect); 433 goto skip_add_channels; 434 } else if (rc) 435 cifs_dbg(FYI, "%s: failed to query server interfaces: %d\n", 436 __func__, rc); 437 438 if (ses->chan_max > ses->chan_count && 439 ses->iface_count && 440 !SERVER_IS_CHAN(server)) { 441 if (ses->chan_count == 1) { 442 cifs_server_dbg(VFS, "supports multichannel now\n"); 443 queue_delayed_work(cifsiod_wq, &tcon->query_interfaces, 444 (SMB_INTERFACE_POLL_INTERVAL * HZ)); 445 } 446 447 cifs_try_adding_channels(ses); 448 } 449 } else { 450 mutex_unlock(&ses->session_mutex); 451 } 452 453 skip_add_channels: 454 spin_lock(&ses->ses_lock); 455 ses->flags &= ~CIFS_SES_FLAG_SCALE_CHANNELS; 456 spin_unlock(&ses->ses_lock); 457 458 if (smb2_command != SMB2_INTERNAL_CMD) 459 mod_delayed_work(cifsiod_wq, &server->reconnect, 0); 460 461 atomic_inc(&tconInfoReconnectCount); 462 out: 463 /* 464 * Check if handle based operation so we know whether we can continue 465 * or not without returning to caller to reset file handle. 466 */ 467 /* 468 * BB Is flush done by server on drop of tcp session? Should we special 469 * case it and skip above? 470 */ 471 switch (smb2_command) { 472 case SMB2_FLUSH: 473 case SMB2_READ: 474 case SMB2_WRITE: 475 case SMB2_LOCK: 476 case SMB2_QUERY_DIRECTORY: 477 case SMB2_CHANGE_NOTIFY: 478 case SMB2_QUERY_INFO: 479 case SMB2_SET_INFO: 480 case SMB2_IOCTL: 481 rc = -EAGAIN; 482 } 483 return rc; 484 } 485 486 static void fill_small_buf(__le16 smb2_command,struct cifs_tcon * tcon,struct TCP_Server_Info * server,void * buf,unsigned int * total_len)487 fill_small_buf(__le16 smb2_command, struct cifs_tcon *tcon, 488 struct TCP_Server_Info *server, 489 void *buf, 490 unsigned int *total_len) 491 { 492 struct smb2_pdu *spdu = buf; 493 /* lookup word count ie StructureSize from table */ 494 __u16 parmsize = smb2_req_struct_sizes[le16_to_cpu(smb2_command)]; 495 496 /* 497 * smaller than SMALL_BUFFER_SIZE but bigger than fixed area of 498 * largest operations (Create) 499 */ 500 memset(buf, 0, 256); 501 502 smb2_hdr_assemble(&spdu->hdr, smb2_command, tcon, server); 503 spdu->StructureSize2 = cpu_to_le16(parmsize); 504 505 *total_len = parmsize + sizeof(struct smb2_hdr); 506 } 507 508 /* 509 * Allocate and return pointer to an SMB request hdr, and set basic 510 * SMB information in the SMB header. If the return code is zero, this 511 * function must have filled in request_buf pointer. 512 */ __smb2_plain_req_init(__le16 smb2_command,struct cifs_tcon * tcon,struct TCP_Server_Info * server,void ** request_buf,unsigned int * total_len)513 static int __smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon, 514 struct TCP_Server_Info *server, 515 void **request_buf, unsigned int *total_len) 516 { 517 /* BB eventually switch this to SMB2 specific small buf size */ 518 switch (smb2_command) { 519 case SMB2_SET_INFO: 520 case SMB2_QUERY_INFO: 521 *request_buf = cifs_buf_get(); 522 break; 523 default: 524 *request_buf = cifs_small_buf_get(); 525 break; 526 } 527 if (*request_buf == NULL) { 528 /* BB should we add a retry in here if not a writepage? */ 529 return -ENOMEM; 530 } 531 532 fill_small_buf(smb2_command, tcon, server, 533 (struct smb2_hdr *)(*request_buf), 534 total_len); 535 536 if (tcon != NULL) { 537 uint16_t com_code = le16_to_cpu(smb2_command); 538 cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_sent[com_code]); 539 cifs_stats_inc(&tcon->num_smbs_sent); 540 } 541 542 return 0; 543 } 544 smb2_plain_req_init(__le16 smb2_command,struct cifs_tcon * tcon,struct TCP_Server_Info * server,void ** request_buf,unsigned int * total_len)545 static int smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon, 546 struct TCP_Server_Info *server, 547 void **request_buf, unsigned int *total_len) 548 { 549 int rc; 550 551 rc = smb2_reconnect(smb2_command, tcon, server, false); 552 if (rc) 553 return rc; 554 555 return __smb2_plain_req_init(smb2_command, tcon, server, request_buf, 556 total_len); 557 } 558 smb2_ioctl_req_init(u32 opcode,struct cifs_tcon * tcon,struct TCP_Server_Info * server,void ** request_buf,unsigned int * total_len)559 static int smb2_ioctl_req_init(u32 opcode, struct cifs_tcon *tcon, 560 struct TCP_Server_Info *server, 561 void **request_buf, unsigned int *total_len) 562 { 563 /* Skip reconnect only for FSCTL_VALIDATE_NEGOTIATE_INFO IOCTLs */ 564 if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO) { 565 return __smb2_plain_req_init(SMB2_IOCTL, tcon, server, 566 request_buf, total_len); 567 } 568 return smb2_plain_req_init(SMB2_IOCTL, tcon, server, 569 request_buf, total_len); 570 } 571 572 /* For explanation of negotiate contexts see MS-SMB2 section 2.2.3.1 */ 573 574 static void build_preauth_ctxt(struct smb2_preauth_neg_context * pneg_ctxt)575 build_preauth_ctxt(struct smb2_preauth_neg_context *pneg_ctxt) 576 { 577 pneg_ctxt->ContextType = SMB2_PREAUTH_INTEGRITY_CAPABILITIES; 578 pneg_ctxt->DataLength = cpu_to_le16(38); 579 pneg_ctxt->HashAlgorithmCount = cpu_to_le16(1); 580 pneg_ctxt->SaltLength = cpu_to_le16(SMB311_SALT_SIZE); 581 get_random_bytes(pneg_ctxt->Salt, SMB311_SALT_SIZE); 582 pneg_ctxt->HashAlgorithms = SMB2_PREAUTH_INTEGRITY_SHA512; 583 } 584 585 static void build_compression_ctxt(struct smb2_compression_capabilities_context * pneg_ctxt)586 build_compression_ctxt(struct smb2_compression_capabilities_context *pneg_ctxt) 587 { 588 pneg_ctxt->ContextType = SMB2_COMPRESSION_CAPABILITIES; 589 pneg_ctxt->DataLength = 590 cpu_to_le16(sizeof(struct smb2_compression_capabilities_context) 591 - sizeof(struct smb2_neg_context)); 592 pneg_ctxt->CompressionAlgorithmCount = cpu_to_le16(3); 593 pneg_ctxt->CompressionAlgorithms[0] = SMB3_COMPRESS_LZ77; 594 pneg_ctxt->CompressionAlgorithms[1] = SMB3_COMPRESS_LZ77_HUFF; 595 pneg_ctxt->CompressionAlgorithms[2] = SMB3_COMPRESS_LZNT1; 596 } 597 598 static unsigned int build_signing_ctxt(struct smb2_signing_capabilities * pneg_ctxt)599 build_signing_ctxt(struct smb2_signing_capabilities *pneg_ctxt) 600 { 601 unsigned int ctxt_len = sizeof(struct smb2_signing_capabilities); 602 unsigned short num_algs = 1; /* number of signing algorithms sent */ 603 604 pneg_ctxt->ContextType = SMB2_SIGNING_CAPABILITIES; 605 /* 606 * Context Data length must be rounded to multiple of 8 for some servers 607 */ 608 pneg_ctxt->DataLength = cpu_to_le16(ALIGN(sizeof(struct smb2_signing_capabilities) - 609 sizeof(struct smb2_neg_context) + 610 (num_algs * sizeof(u16)), 8)); 611 pneg_ctxt->SigningAlgorithmCount = cpu_to_le16(num_algs); 612 pneg_ctxt->SigningAlgorithms[0] = cpu_to_le16(SIGNING_ALG_AES_CMAC); 613 614 ctxt_len += sizeof(__le16) * num_algs; 615 ctxt_len = ALIGN(ctxt_len, 8); 616 return ctxt_len; 617 /* TBD add SIGNING_ALG_AES_GMAC and/or SIGNING_ALG_HMAC_SHA256 */ 618 } 619 620 static void build_encrypt_ctxt(struct smb2_encryption_neg_context * pneg_ctxt)621 build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt) 622 { 623 pneg_ctxt->ContextType = SMB2_ENCRYPTION_CAPABILITIES; 624 if (require_gcm_256) { 625 pneg_ctxt->DataLength = cpu_to_le16(4); /* Cipher Count + 1 cipher */ 626 pneg_ctxt->CipherCount = cpu_to_le16(1); 627 pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES256_GCM; 628 } else if (enable_gcm_256) { 629 pneg_ctxt->DataLength = cpu_to_le16(8); /* Cipher Count + 3 ciphers */ 630 pneg_ctxt->CipherCount = cpu_to_le16(3); 631 pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_GCM; 632 pneg_ctxt->Ciphers[1] = SMB2_ENCRYPTION_AES256_GCM; 633 pneg_ctxt->Ciphers[2] = SMB2_ENCRYPTION_AES128_CCM; 634 } else { 635 pneg_ctxt->DataLength = cpu_to_le16(6); /* Cipher Count + 2 ciphers */ 636 pneg_ctxt->CipherCount = cpu_to_le16(2); 637 pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_GCM; 638 pneg_ctxt->Ciphers[1] = SMB2_ENCRYPTION_AES128_CCM; 639 } 640 } 641 642 static unsigned int build_netname_ctxt(struct smb2_netname_neg_context * pneg_ctxt,char * hostname)643 build_netname_ctxt(struct smb2_netname_neg_context *pneg_ctxt, char *hostname) 644 { 645 struct nls_table *cp = load_nls_default(); 646 647 pneg_ctxt->ContextType = SMB2_NETNAME_NEGOTIATE_CONTEXT_ID; 648 649 /* copy up to max of first 100 bytes of server name to NetName field */ 650 pneg_ctxt->DataLength = cpu_to_le16(2 * cifs_strtoUTF16(pneg_ctxt->NetName, hostname, 100, cp)); 651 /* context size is DataLength + minimal smb2_neg_context */ 652 return ALIGN(le16_to_cpu(pneg_ctxt->DataLength) + sizeof(struct smb2_neg_context), 8); 653 } 654 655 static void build_posix_ctxt(struct smb2_posix_neg_context * pneg_ctxt)656 build_posix_ctxt(struct smb2_posix_neg_context *pneg_ctxt) 657 { 658 pneg_ctxt->ContextType = SMB2_POSIX_EXTENSIONS_AVAILABLE; 659 pneg_ctxt->DataLength = cpu_to_le16(POSIX_CTXT_DATA_LEN); 660 /* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */ 661 pneg_ctxt->Name[0] = 0x93; 662 pneg_ctxt->Name[1] = 0xAD; 663 pneg_ctxt->Name[2] = 0x25; 664 pneg_ctxt->Name[3] = 0x50; 665 pneg_ctxt->Name[4] = 0x9C; 666 pneg_ctxt->Name[5] = 0xB4; 667 pneg_ctxt->Name[6] = 0x11; 668 pneg_ctxt->Name[7] = 0xE7; 669 pneg_ctxt->Name[8] = 0xB4; 670 pneg_ctxt->Name[9] = 0x23; 671 pneg_ctxt->Name[10] = 0x83; 672 pneg_ctxt->Name[11] = 0xDE; 673 pneg_ctxt->Name[12] = 0x96; 674 pneg_ctxt->Name[13] = 0x8B; 675 pneg_ctxt->Name[14] = 0xCD; 676 pneg_ctxt->Name[15] = 0x7C; 677 } 678 679 static void assemble_neg_contexts(struct smb2_negotiate_req * req,struct TCP_Server_Info * server,unsigned int * total_len)680 assemble_neg_contexts(struct smb2_negotiate_req *req, 681 struct TCP_Server_Info *server, unsigned int *total_len) 682 { 683 unsigned int ctxt_len, neg_context_count; 684 struct TCP_Server_Info *pserver; 685 char *pneg_ctxt; 686 char *hostname; 687 688 if (*total_len > 200) { 689 /* In case length corrupted don't want to overrun smb buffer */ 690 cifs_server_dbg(VFS, "Bad frame length assembling neg contexts\n"); 691 return; 692 } 693 694 /* 695 * round up total_len of fixed part of SMB3 negotiate request to 8 696 * byte boundary before adding negotiate contexts 697 */ 698 *total_len = ALIGN(*total_len, 8); 699 700 pneg_ctxt = (*total_len) + (char *)req; 701 req->NegotiateContextOffset = cpu_to_le32(*total_len); 702 703 build_preauth_ctxt((struct smb2_preauth_neg_context *)pneg_ctxt); 704 ctxt_len = ALIGN(sizeof(struct smb2_preauth_neg_context), 8); 705 *total_len += ctxt_len; 706 pneg_ctxt += ctxt_len; 707 708 build_encrypt_ctxt((struct smb2_encryption_neg_context *)pneg_ctxt); 709 ctxt_len = ALIGN(sizeof(struct smb2_encryption_neg_context), 8); 710 *total_len += ctxt_len; 711 pneg_ctxt += ctxt_len; 712 713 /* 714 * secondary channels don't have the hostname field populated 715 * use the hostname field in the primary channel instead 716 */ 717 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server; 718 cifs_server_lock(pserver); 719 hostname = pserver->hostname; 720 if (hostname && (hostname[0] != 0)) { 721 ctxt_len = build_netname_ctxt((struct smb2_netname_neg_context *)pneg_ctxt, 722 hostname); 723 *total_len += ctxt_len; 724 pneg_ctxt += ctxt_len; 725 neg_context_count = 3; 726 } else 727 neg_context_count = 2; 728 cifs_server_unlock(pserver); 729 730 build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt); 731 *total_len += sizeof(struct smb2_posix_neg_context); 732 pneg_ctxt += sizeof(struct smb2_posix_neg_context); 733 neg_context_count++; 734 735 if (server->compression.requested) { 736 build_compression_ctxt((struct smb2_compression_capabilities_context *) 737 pneg_ctxt); 738 ctxt_len = ALIGN(sizeof(struct smb2_compression_capabilities_context), 8); 739 *total_len += ctxt_len; 740 pneg_ctxt += ctxt_len; 741 neg_context_count++; 742 } 743 744 if (enable_negotiate_signing) { 745 ctxt_len = build_signing_ctxt((struct smb2_signing_capabilities *) 746 pneg_ctxt); 747 *total_len += ctxt_len; 748 pneg_ctxt += ctxt_len; 749 neg_context_count++; 750 } 751 752 /* check for and add transport_capabilities and signing capabilities */ 753 req->NegotiateContextCount = cpu_to_le16(neg_context_count); 754 755 } 756 757 /* If invalid preauth context warn but use what we requested, SHA-512 */ decode_preauth_context(struct smb2_preauth_neg_context * ctxt)758 static void decode_preauth_context(struct smb2_preauth_neg_context *ctxt) 759 { 760 unsigned int len = le16_to_cpu(ctxt->DataLength); 761 762 /* 763 * Caller checked that DataLength remains within SMB boundary. We still 764 * need to confirm that one HashAlgorithms member is accounted for. 765 */ 766 if (len < MIN_PREAUTH_CTXT_DATA_LEN) { 767 pr_warn_once("server sent bad preauth context\n"); 768 return; 769 } else if (len < MIN_PREAUTH_CTXT_DATA_LEN + le16_to_cpu(ctxt->SaltLength)) { 770 pr_warn_once("server sent invalid SaltLength\n"); 771 return; 772 } 773 if (le16_to_cpu(ctxt->HashAlgorithmCount) != 1) 774 pr_warn_once("Invalid SMB3 hash algorithm count\n"); 775 if (ctxt->HashAlgorithms != SMB2_PREAUTH_INTEGRITY_SHA512) 776 pr_warn_once("unknown SMB3 hash algorithm\n"); 777 } 778 decode_compress_ctx(struct TCP_Server_Info * server,struct smb2_compression_capabilities_context * ctxt)779 static void decode_compress_ctx(struct TCP_Server_Info *server, 780 struct smb2_compression_capabilities_context *ctxt) 781 { 782 unsigned int len = le16_to_cpu(ctxt->DataLength); 783 __le16 alg; 784 785 server->compression.enabled = false; 786 787 /* 788 * Caller checked that DataLength remains within SMB boundary. We still 789 * need to confirm that one CompressionAlgorithms member is accounted 790 * for. 791 */ 792 if (len < 10) { 793 pr_warn_once("server sent bad compression cntxt\n"); 794 return; 795 } 796 797 if (le16_to_cpu(ctxt->CompressionAlgorithmCount) != 1) { 798 pr_warn_once("invalid SMB3 compress algorithm count\n"); 799 return; 800 } 801 802 alg = ctxt->CompressionAlgorithms[0]; 803 804 /* 'NONE' (0) compressor type is never negotiated */ 805 if (alg == 0 || le16_to_cpu(alg) > 3) { 806 pr_warn_once("invalid compression algorithm '%u'\n", alg); 807 return; 808 } 809 810 server->compression.alg = alg; 811 server->compression.enabled = true; 812 } 813 decode_encrypt_ctx(struct TCP_Server_Info * server,struct smb2_encryption_neg_context * ctxt)814 static int decode_encrypt_ctx(struct TCP_Server_Info *server, 815 struct smb2_encryption_neg_context *ctxt) 816 { 817 unsigned int len = le16_to_cpu(ctxt->DataLength); 818 819 cifs_dbg(FYI, "decode SMB3.11 encryption neg context of len %d\n", len); 820 /* 821 * Caller checked that DataLength remains within SMB boundary. We still 822 * need to confirm that one Cipher flexible array member is accounted 823 * for. 824 */ 825 if (len < MIN_ENCRYPT_CTXT_DATA_LEN) { 826 pr_warn_once("server sent bad crypto ctxt len\n"); 827 return -EINVAL; 828 } 829 830 if (le16_to_cpu(ctxt->CipherCount) != 1) { 831 pr_warn_once("Invalid SMB3.11 cipher count\n"); 832 return -EINVAL; 833 } 834 cifs_dbg(FYI, "SMB311 cipher type:%d\n", le16_to_cpu(ctxt->Ciphers[0])); 835 if (require_gcm_256) { 836 if (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES256_GCM) { 837 cifs_dbg(VFS, "Server does not support requested encryption type (AES256 GCM)\n"); 838 return -EOPNOTSUPP; 839 } 840 } else if (ctxt->Ciphers[0] == 0) { 841 /* 842 * e.g. if server only supported AES256_CCM (very unlikely) 843 * or server supported no encryption types or had all disabled. 844 * Since GLOBAL_CAP_ENCRYPTION will be not set, in the case 845 * in which mount requested encryption ("seal") checks later 846 * on during tree connection will return proper rc, but if 847 * seal not requested by client, since server is allowed to 848 * return 0 to indicate no supported cipher, we can't fail here 849 */ 850 server->cipher_type = 0; 851 server->capabilities &= ~SMB2_GLOBAL_CAP_ENCRYPTION; 852 pr_warn_once("Server does not support requested encryption types\n"); 853 return 0; 854 } else if ((ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_CCM) && 855 (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_GCM) && 856 (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES256_GCM)) { 857 /* server returned a cipher we didn't ask for */ 858 pr_warn_once("Invalid SMB3.11 cipher returned\n"); 859 return -EINVAL; 860 } 861 server->cipher_type = ctxt->Ciphers[0]; 862 server->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION; 863 return 0; 864 } 865 decode_signing_ctx(struct TCP_Server_Info * server,struct smb2_signing_capabilities * pctxt)866 static void decode_signing_ctx(struct TCP_Server_Info *server, 867 struct smb2_signing_capabilities *pctxt) 868 { 869 unsigned int len = le16_to_cpu(pctxt->DataLength); 870 871 /* 872 * Caller checked that DataLength remains within SMB boundary. We still 873 * need to confirm that one SigningAlgorithms flexible array member is 874 * accounted for. 875 */ 876 if ((len < 4) || (len > 16)) { 877 pr_warn_once("server sent bad signing negcontext\n"); 878 return; 879 } 880 if (le16_to_cpu(pctxt->SigningAlgorithmCount) != 1) { 881 pr_warn_once("Invalid signing algorithm count\n"); 882 return; 883 } 884 if (le16_to_cpu(pctxt->SigningAlgorithms[0]) > 2) { 885 pr_warn_once("unknown signing algorithm\n"); 886 return; 887 } 888 889 server->signing_negotiated = true; 890 server->signing_algorithm = le16_to_cpu(pctxt->SigningAlgorithms[0]); 891 cifs_dbg(FYI, "signing algorithm %d chosen\n", 892 server->signing_algorithm); 893 } 894 895 smb311_decode_neg_context(struct smb2_negotiate_rsp * rsp,struct TCP_Server_Info * server,unsigned int len_of_smb)896 static int smb311_decode_neg_context(struct smb2_negotiate_rsp *rsp, 897 struct TCP_Server_Info *server, 898 unsigned int len_of_smb) 899 { 900 struct smb2_neg_context *pctx; 901 unsigned int offset = le32_to_cpu(rsp->NegotiateContextOffset); 902 unsigned int ctxt_cnt = le16_to_cpu(rsp->NegotiateContextCount); 903 unsigned int len_of_ctxts, i; 904 int rc = 0; 905 906 cifs_dbg(FYI, "decoding %d negotiate contexts\n", ctxt_cnt); 907 if (len_of_smb <= offset) { 908 cifs_server_dbg(VFS, "Invalid response: negotiate context offset\n"); 909 return -EINVAL; 910 } 911 912 len_of_ctxts = len_of_smb - offset; 913 914 for (i = 0; i < ctxt_cnt; i++) { 915 int clen; 916 /* check that offset is not beyond end of SMB */ 917 if (len_of_ctxts < sizeof(struct smb2_neg_context)) 918 break; 919 920 pctx = (struct smb2_neg_context *)(offset + (char *)rsp); 921 clen = sizeof(struct smb2_neg_context) 922 + le16_to_cpu(pctx->DataLength); 923 /* 924 * 2.2.4 SMB2 NEGOTIATE Response 925 * Subsequent negotiate contexts MUST appear at the first 8-byte 926 * aligned offset following the previous negotiate context. 927 */ 928 if (i + 1 != ctxt_cnt) 929 clen = ALIGN(clen, 8); 930 if (clen > len_of_ctxts) 931 break; 932 933 if (pctx->ContextType == SMB2_PREAUTH_INTEGRITY_CAPABILITIES) 934 decode_preauth_context( 935 (struct smb2_preauth_neg_context *)pctx); 936 else if (pctx->ContextType == SMB2_ENCRYPTION_CAPABILITIES) 937 rc = decode_encrypt_ctx(server, 938 (struct smb2_encryption_neg_context *)pctx); 939 else if (pctx->ContextType == SMB2_COMPRESSION_CAPABILITIES) 940 decode_compress_ctx(server, 941 (struct smb2_compression_capabilities_context *)pctx); 942 else if (pctx->ContextType == SMB2_POSIX_EXTENSIONS_AVAILABLE) 943 server->posix_ext_supported = true; 944 else if (pctx->ContextType == SMB2_SIGNING_CAPABILITIES) 945 decode_signing_ctx(server, 946 (struct smb2_signing_capabilities *)pctx); 947 else 948 cifs_server_dbg(VFS, "unknown negcontext of type %d ignored\n", 949 le16_to_cpu(pctx->ContextType)); 950 if (rc) 951 break; 952 953 offset += clen; 954 len_of_ctxts -= clen; 955 } 956 return rc; 957 } 958 959 static struct create_posix * create_posix_buf(umode_t mode)960 create_posix_buf(umode_t mode) 961 { 962 struct create_posix *buf; 963 964 buf = kzalloc(sizeof(struct create_posix), 965 GFP_KERNEL); 966 if (!buf) 967 return NULL; 968 969 buf->ccontext.DataOffset = 970 cpu_to_le16(offsetof(struct create_posix, Mode)); 971 buf->ccontext.DataLength = cpu_to_le32(4); 972 buf->ccontext.NameOffset = 973 cpu_to_le16(offsetof(struct create_posix, Name)); 974 buf->ccontext.NameLength = cpu_to_le16(16); 975 976 /* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */ 977 buf->Name[0] = 0x93; 978 buf->Name[1] = 0xAD; 979 buf->Name[2] = 0x25; 980 buf->Name[3] = 0x50; 981 buf->Name[4] = 0x9C; 982 buf->Name[5] = 0xB4; 983 buf->Name[6] = 0x11; 984 buf->Name[7] = 0xE7; 985 buf->Name[8] = 0xB4; 986 buf->Name[9] = 0x23; 987 buf->Name[10] = 0x83; 988 buf->Name[11] = 0xDE; 989 buf->Name[12] = 0x96; 990 buf->Name[13] = 0x8B; 991 buf->Name[14] = 0xCD; 992 buf->Name[15] = 0x7C; 993 buf->Mode = cpu_to_le32(mode); 994 cifs_dbg(FYI, "mode on posix create 0%o\n", mode); 995 return buf; 996 } 997 998 static int add_posix_context(struct kvec * iov,unsigned int * num_iovec,umode_t mode)999 add_posix_context(struct kvec *iov, unsigned int *num_iovec, umode_t mode) 1000 { 1001 unsigned int num = *num_iovec; 1002 1003 iov[num].iov_base = create_posix_buf(mode); 1004 if (mode == ACL_NO_MODE) 1005 cifs_dbg(FYI, "%s: no mode\n", __func__); 1006 if (iov[num].iov_base == NULL) 1007 return -ENOMEM; 1008 iov[num].iov_len = sizeof(struct create_posix); 1009 *num_iovec = num + 1; 1010 return 0; 1011 } 1012 1013 1014 /* 1015 * 1016 * SMB2 Worker functions follow: 1017 * 1018 * The general structure of the worker functions is: 1019 * 1) Call smb2_init (assembles SMB2 header) 1020 * 2) Initialize SMB2 command specific fields in fixed length area of SMB 1021 * 3) Call smb_sendrcv2 (sends request on socket and waits for response) 1022 * 4) Decode SMB2 command specific fields in the fixed length area 1023 * 5) Decode variable length data area (if any for this SMB2 command type) 1024 * 6) Call free smb buffer 1025 * 7) return 1026 * 1027 */ 1028 1029 int SMB2_negotiate(const unsigned int xid,struct cifs_ses * ses,struct TCP_Server_Info * server)1030 SMB2_negotiate(const unsigned int xid, 1031 struct cifs_ses *ses, 1032 struct TCP_Server_Info *server) 1033 { 1034 struct smb_rqst rqst; 1035 struct smb2_negotiate_req *req; 1036 struct smb2_negotiate_rsp *rsp; 1037 struct kvec iov[1]; 1038 struct kvec rsp_iov; 1039 int rc; 1040 int resp_buftype; 1041 int blob_offset, blob_length; 1042 char *security_blob; 1043 int flags = CIFS_NEG_OP; 1044 unsigned int total_len; 1045 1046 cifs_dbg(FYI, "Negotiate protocol\n"); 1047 1048 if (!server) { 1049 WARN(1, "%s: server is NULL!\n", __func__); 1050 return -EIO; 1051 } 1052 1053 rc = smb2_plain_req_init(SMB2_NEGOTIATE, NULL, server, 1054 (void **) &req, &total_len); 1055 if (rc) 1056 return rc; 1057 1058 req->hdr.SessionId = 0; 1059 1060 memset(server->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE); 1061 memset(ses->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE); 1062 1063 if (strcmp(server->vals->version_string, 1064 SMB3ANY_VERSION_STRING) == 0) { 1065 req->Dialects[0] = cpu_to_le16(SMB30_PROT_ID); 1066 req->Dialects[1] = cpu_to_le16(SMB302_PROT_ID); 1067 req->Dialects[2] = cpu_to_le16(SMB311_PROT_ID); 1068 req->DialectCount = cpu_to_le16(3); 1069 total_len += 6; 1070 } else if (strcmp(server->vals->version_string, 1071 SMBDEFAULT_VERSION_STRING) == 0) { 1072 req->Dialects[0] = cpu_to_le16(SMB21_PROT_ID); 1073 req->Dialects[1] = cpu_to_le16(SMB30_PROT_ID); 1074 req->Dialects[2] = cpu_to_le16(SMB302_PROT_ID); 1075 req->Dialects[3] = cpu_to_le16(SMB311_PROT_ID); 1076 req->DialectCount = cpu_to_le16(4); 1077 total_len += 8; 1078 } else { 1079 /* otherwise send specific dialect */ 1080 req->Dialects[0] = cpu_to_le16(server->vals->protocol_id); 1081 req->DialectCount = cpu_to_le16(1); 1082 total_len += 2; 1083 } 1084 1085 /* only one of SMB2 signing flags may be set in SMB2 request */ 1086 if (ses->sign) 1087 req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED); 1088 else if (global_secflags & CIFSSEC_MAY_SIGN) 1089 req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED); 1090 else 1091 req->SecurityMode = 0; 1092 1093 req->Capabilities = cpu_to_le32(server->vals->req_capabilities); 1094 if (ses->chan_max > 1) 1095 req->Capabilities |= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL); 1096 1097 /* ClientGUID must be zero for SMB2.02 dialect */ 1098 if (server->vals->protocol_id == SMB20_PROT_ID) 1099 memset(req->ClientGUID, 0, SMB2_CLIENT_GUID_SIZE); 1100 else { 1101 memcpy(req->ClientGUID, server->client_guid, 1102 SMB2_CLIENT_GUID_SIZE); 1103 if ((server->vals->protocol_id == SMB311_PROT_ID) || 1104 (strcmp(server->vals->version_string, 1105 SMB3ANY_VERSION_STRING) == 0) || 1106 (strcmp(server->vals->version_string, 1107 SMBDEFAULT_VERSION_STRING) == 0)) 1108 assemble_neg_contexts(req, server, &total_len); 1109 } 1110 iov[0].iov_base = (char *)req; 1111 iov[0].iov_len = total_len; 1112 1113 memset(&rqst, 0, sizeof(struct smb_rqst)); 1114 rqst.rq_iov = iov; 1115 rqst.rq_nvec = 1; 1116 1117 rc = cifs_send_recv(xid, ses, server, 1118 &rqst, &resp_buftype, flags, &rsp_iov); 1119 cifs_small_buf_release(req); 1120 rsp = (struct smb2_negotiate_rsp *)rsp_iov.iov_base; 1121 /* 1122 * No tcon so can't do 1123 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]); 1124 */ 1125 if (rc == -EOPNOTSUPP) { 1126 cifs_server_dbg(VFS, "Dialect not supported by server. Consider specifying vers=1.0 or vers=2.0 on mount for accessing older servers\n"); 1127 goto neg_exit; 1128 } else if (rc != 0) 1129 goto neg_exit; 1130 1131 rc = -EIO; 1132 if (strcmp(server->vals->version_string, 1133 SMB3ANY_VERSION_STRING) == 0) { 1134 if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) { 1135 cifs_server_dbg(VFS, 1136 "SMB2 dialect returned but not requested\n"); 1137 goto neg_exit; 1138 } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) { 1139 cifs_server_dbg(VFS, 1140 "SMB2.1 dialect returned but not requested\n"); 1141 goto neg_exit; 1142 } else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) { 1143 /* ops set to 3.0 by default for default so update */ 1144 server->ops = &smb311_operations; 1145 server->vals = &smb311_values; 1146 } 1147 } else if (strcmp(server->vals->version_string, 1148 SMBDEFAULT_VERSION_STRING) == 0) { 1149 if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) { 1150 cifs_server_dbg(VFS, 1151 "SMB2 dialect returned but not requested\n"); 1152 goto neg_exit; 1153 } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) { 1154 /* ops set to 3.0 by default for default so update */ 1155 server->ops = &smb21_operations; 1156 server->vals = &smb21_values; 1157 } else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) { 1158 server->ops = &smb311_operations; 1159 server->vals = &smb311_values; 1160 } 1161 } else if (le16_to_cpu(rsp->DialectRevision) != 1162 server->vals->protocol_id) { 1163 /* if requested single dialect ensure returned dialect matched */ 1164 cifs_server_dbg(VFS, "Invalid 0x%x dialect returned: not requested\n", 1165 le16_to_cpu(rsp->DialectRevision)); 1166 goto neg_exit; 1167 } 1168 1169 cifs_dbg(FYI, "mode 0x%x\n", rsp->SecurityMode); 1170 1171 if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) 1172 cifs_dbg(FYI, "negotiated smb2.0 dialect\n"); 1173 else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) 1174 cifs_dbg(FYI, "negotiated smb2.1 dialect\n"); 1175 else if (rsp->DialectRevision == cpu_to_le16(SMB30_PROT_ID)) 1176 cifs_dbg(FYI, "negotiated smb3.0 dialect\n"); 1177 else if (rsp->DialectRevision == cpu_to_le16(SMB302_PROT_ID)) 1178 cifs_dbg(FYI, "negotiated smb3.02 dialect\n"); 1179 else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) 1180 cifs_dbg(FYI, "negotiated smb3.1.1 dialect\n"); 1181 else { 1182 cifs_server_dbg(VFS, "Invalid dialect returned by server 0x%x\n", 1183 le16_to_cpu(rsp->DialectRevision)); 1184 goto neg_exit; 1185 } 1186 1187 rc = 0; 1188 server->dialect = le16_to_cpu(rsp->DialectRevision); 1189 1190 /* 1191 * Keep a copy of the hash after negprot. This hash will be 1192 * the starting hash value for all sessions made from this 1193 * server. 1194 */ 1195 memcpy(server->preauth_sha_hash, ses->preauth_sha_hash, 1196 SMB2_PREAUTH_HASH_SIZE); 1197 1198 /* SMB2 only has an extended negflavor */ 1199 server->negflavor = CIFS_NEGFLAVOR_EXTENDED; 1200 /* set it to the maximum buffer size value we can send with 1 credit */ 1201 server->maxBuf = min_t(unsigned int, le32_to_cpu(rsp->MaxTransactSize), 1202 SMB2_MAX_BUFFER_SIZE); 1203 server->max_read = le32_to_cpu(rsp->MaxReadSize); 1204 server->max_write = le32_to_cpu(rsp->MaxWriteSize); 1205 server->sec_mode = le16_to_cpu(rsp->SecurityMode); 1206 if ((server->sec_mode & SMB2_SEC_MODE_FLAGS_ALL) != server->sec_mode) 1207 cifs_dbg(FYI, "Server returned unexpected security mode 0x%x\n", 1208 server->sec_mode); 1209 server->capabilities = le32_to_cpu(rsp->Capabilities); 1210 /* Internal types */ 1211 server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES; 1212 1213 /* 1214 * SMB3.0 supports only 1 cipher and doesn't have a encryption neg context 1215 * Set the cipher type manually. 1216 */ 1217 if ((server->dialect == SMB30_PROT_ID || 1218 server->dialect == SMB302_PROT_ID) && 1219 (server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) 1220 server->cipher_type = SMB2_ENCRYPTION_AES128_CCM; 1221 1222 security_blob = smb2_get_data_area_len(&blob_offset, &blob_length, 1223 (struct smb2_hdr *)rsp); 1224 /* 1225 * See MS-SMB2 section 2.2.4: if no blob, client picks default which 1226 * for us will be 1227 * ses->sectype = RawNTLMSSP; 1228 * but for time being this is our only auth choice so doesn't matter. 1229 * We just found a server which sets blob length to zero expecting raw. 1230 */ 1231 if (blob_length == 0) { 1232 cifs_dbg(FYI, "missing security blob on negprot\n"); 1233 server->sec_ntlmssp = true; 1234 } 1235 1236 rc = cifs_enable_signing(server, ses->sign); 1237 if (rc) 1238 goto neg_exit; 1239 if (blob_length) { 1240 rc = decode_negTokenInit(security_blob, blob_length, server); 1241 if (rc == 1) 1242 rc = 0; 1243 else if (rc == 0) 1244 rc = -EIO; 1245 } 1246 1247 if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) { 1248 if (rsp->NegotiateContextCount) 1249 rc = smb311_decode_neg_context(rsp, server, 1250 rsp_iov.iov_len); 1251 else 1252 cifs_server_dbg(VFS, "Missing expected negotiate contexts\n"); 1253 } 1254 1255 if (server->cipher_type && !rc) { 1256 if (!SERVER_IS_CHAN(server)) { 1257 rc = smb3_crypto_aead_allocate(server); 1258 } else { 1259 /* For channels, just reuse the primary server crypto secmech. */ 1260 server->secmech.enc = server->primary_server->secmech.enc; 1261 server->secmech.dec = server->primary_server->secmech.dec; 1262 } 1263 } 1264 neg_exit: 1265 free_rsp_buf(resp_buftype, rsp); 1266 return rc; 1267 } 1268 smb3_validate_negotiate(const unsigned int xid,struct cifs_tcon * tcon)1269 int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon) 1270 { 1271 int rc; 1272 struct validate_negotiate_info_req *pneg_inbuf; 1273 struct validate_negotiate_info_rsp *pneg_rsp = NULL; 1274 u32 rsplen; 1275 u32 inbuflen; /* max of 4 dialects */ 1276 struct TCP_Server_Info *server = tcon->ses->server; 1277 1278 cifs_dbg(FYI, "validate negotiate\n"); 1279 1280 /* In SMB3.11 preauth integrity supersedes validate negotiate */ 1281 if (server->dialect == SMB311_PROT_ID) 1282 return 0; 1283 1284 /* 1285 * validation ioctl must be signed, so no point sending this if we 1286 * can not sign it (ie are not known user). Even if signing is not 1287 * required (enabled but not negotiated), in those cases we selectively 1288 * sign just this, the first and only signed request on a connection. 1289 * Having validation of negotiate info helps reduce attack vectors. 1290 */ 1291 if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST) 1292 return 0; /* validation requires signing */ 1293 1294 if (tcon->ses->user_name == NULL) { 1295 cifs_dbg(FYI, "Can't validate negotiate: null user mount\n"); 1296 return 0; /* validation requires signing */ 1297 } 1298 1299 if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_NULL) 1300 cifs_tcon_dbg(VFS, "Unexpected null user (anonymous) auth flag sent by server\n"); 1301 1302 pneg_inbuf = kmalloc(sizeof(*pneg_inbuf), GFP_NOFS); 1303 if (!pneg_inbuf) 1304 return -ENOMEM; 1305 1306 pneg_inbuf->Capabilities = 1307 cpu_to_le32(server->vals->req_capabilities); 1308 if (tcon->ses->chan_max > 1) 1309 pneg_inbuf->Capabilities |= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL); 1310 1311 memcpy(pneg_inbuf->Guid, server->client_guid, 1312 SMB2_CLIENT_GUID_SIZE); 1313 1314 if (tcon->ses->sign) 1315 pneg_inbuf->SecurityMode = 1316 cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED); 1317 else if (global_secflags & CIFSSEC_MAY_SIGN) 1318 pneg_inbuf->SecurityMode = 1319 cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED); 1320 else 1321 pneg_inbuf->SecurityMode = 0; 1322 1323 1324 if (strcmp(server->vals->version_string, 1325 SMB3ANY_VERSION_STRING) == 0) { 1326 pneg_inbuf->Dialects[0] = cpu_to_le16(SMB30_PROT_ID); 1327 pneg_inbuf->Dialects[1] = cpu_to_le16(SMB302_PROT_ID); 1328 pneg_inbuf->Dialects[2] = cpu_to_le16(SMB311_PROT_ID); 1329 pneg_inbuf->DialectCount = cpu_to_le16(3); 1330 /* SMB 2.1 not included so subtract one dialect from len */ 1331 inbuflen = sizeof(*pneg_inbuf) - 1332 (sizeof(pneg_inbuf->Dialects[0])); 1333 } else if (strcmp(server->vals->version_string, 1334 SMBDEFAULT_VERSION_STRING) == 0) { 1335 pneg_inbuf->Dialects[0] = cpu_to_le16(SMB21_PROT_ID); 1336 pneg_inbuf->Dialects[1] = cpu_to_le16(SMB30_PROT_ID); 1337 pneg_inbuf->Dialects[2] = cpu_to_le16(SMB302_PROT_ID); 1338 pneg_inbuf->Dialects[3] = cpu_to_le16(SMB311_PROT_ID); 1339 pneg_inbuf->DialectCount = cpu_to_le16(4); 1340 /* structure is big enough for 4 dialects */ 1341 inbuflen = sizeof(*pneg_inbuf); 1342 } else { 1343 /* otherwise specific dialect was requested */ 1344 pneg_inbuf->Dialects[0] = 1345 cpu_to_le16(server->vals->protocol_id); 1346 pneg_inbuf->DialectCount = cpu_to_le16(1); 1347 /* structure is big enough for 4 dialects, sending only 1 */ 1348 inbuflen = sizeof(*pneg_inbuf) - 1349 sizeof(pneg_inbuf->Dialects[0]) * 3; 1350 } 1351 1352 rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID, 1353 FSCTL_VALIDATE_NEGOTIATE_INFO, 1354 (char *)pneg_inbuf, inbuflen, CIFSMaxBufSize, 1355 (char **)&pneg_rsp, &rsplen); 1356 if (rc == -EOPNOTSUPP) { 1357 /* 1358 * Old Windows versions or Netapp SMB server can return 1359 * not supported error. Client should accept it. 1360 */ 1361 cifs_tcon_dbg(VFS, "Server does not support validate negotiate\n"); 1362 rc = 0; 1363 goto out_free_inbuf; 1364 } else if (rc != 0) { 1365 cifs_tcon_dbg(VFS, "validate protocol negotiate failed: %d\n", 1366 rc); 1367 rc = -EIO; 1368 goto out_free_inbuf; 1369 } 1370 1371 rc = -EIO; 1372 if (rsplen != sizeof(*pneg_rsp)) { 1373 cifs_tcon_dbg(VFS, "Invalid protocol negotiate response size: %d\n", 1374 rsplen); 1375 1376 /* relax check since Mac returns max bufsize allowed on ioctl */ 1377 if (rsplen > CIFSMaxBufSize || rsplen < sizeof(*pneg_rsp)) 1378 goto out_free_rsp; 1379 } 1380 1381 /* check validate negotiate info response matches what we got earlier */ 1382 if (pneg_rsp->Dialect != cpu_to_le16(server->dialect)) 1383 goto vneg_out; 1384 1385 if (pneg_rsp->SecurityMode != cpu_to_le16(server->sec_mode)) 1386 goto vneg_out; 1387 1388 /* do not validate server guid because not saved at negprot time yet */ 1389 1390 if ((le32_to_cpu(pneg_rsp->Capabilities) | SMB2_NT_FIND | 1391 SMB2_LARGE_FILES) != server->capabilities) 1392 goto vneg_out; 1393 1394 /* validate negotiate successful */ 1395 rc = 0; 1396 cifs_dbg(FYI, "validate negotiate info successful\n"); 1397 goto out_free_rsp; 1398 1399 vneg_out: 1400 cifs_tcon_dbg(VFS, "protocol revalidation - security settings mismatch\n"); 1401 out_free_rsp: 1402 kfree(pneg_rsp); 1403 out_free_inbuf: 1404 kfree(pneg_inbuf); 1405 return rc; 1406 } 1407 1408 enum securityEnum smb2_select_sectype(struct TCP_Server_Info * server,enum securityEnum requested)1409 smb2_select_sectype(struct TCP_Server_Info *server, enum securityEnum requested) 1410 { 1411 switch (requested) { 1412 case Kerberos: 1413 case RawNTLMSSP: 1414 return requested; 1415 case NTLMv2: 1416 return RawNTLMSSP; 1417 case Unspecified: 1418 if (server->sec_ntlmssp && 1419 (global_secflags & CIFSSEC_MAY_NTLMSSP)) 1420 return RawNTLMSSP; 1421 if ((server->sec_kerberos || server->sec_mskerberos || server->sec_iakerb) && 1422 (global_secflags & CIFSSEC_MAY_KRB5)) 1423 return Kerberos; 1424 fallthrough; 1425 default: 1426 return Unspecified; 1427 } 1428 } 1429 1430 struct SMB2_sess_data { 1431 unsigned int xid; 1432 struct cifs_ses *ses; 1433 struct TCP_Server_Info *server; 1434 struct nls_table *nls_cp; 1435 void (*func)(struct SMB2_sess_data *); 1436 int result; 1437 u64 previous_session; 1438 1439 /* we will send the SMB in three pieces: 1440 * a fixed length beginning part, an optional 1441 * SPNEGO blob (which can be zero length), and a 1442 * last part which will include the strings 1443 * and rest of bcc area. This allows us to avoid 1444 * a large buffer 17K allocation 1445 */ 1446 int buf0_type; 1447 struct kvec iov[2]; 1448 }; 1449 1450 static int SMB2_sess_alloc_buffer(struct SMB2_sess_data * sess_data)1451 SMB2_sess_alloc_buffer(struct SMB2_sess_data *sess_data) 1452 { 1453 int rc; 1454 struct cifs_ses *ses = sess_data->ses; 1455 struct TCP_Server_Info *server = sess_data->server; 1456 struct smb2_sess_setup_req *req; 1457 unsigned int total_len; 1458 bool is_binding = false; 1459 1460 rc = smb2_plain_req_init(SMB2_SESSION_SETUP, NULL, server, 1461 (void **) &req, 1462 &total_len); 1463 if (rc) 1464 return rc; 1465 1466 spin_lock(&ses->ses_lock); 1467 is_binding = (ses->ses_status == SES_GOOD); 1468 spin_unlock(&ses->ses_lock); 1469 1470 if (is_binding) { 1471 req->hdr.SessionId = cpu_to_le64(ses->Suid); 1472 req->hdr.Flags |= SMB2_FLAGS_SIGNED; 1473 req->PreviousSessionId = 0; 1474 req->Flags = SMB2_SESSION_REQ_FLAG_BINDING; 1475 cifs_dbg(FYI, "Binding to sess id: %llx\n", ses->Suid); 1476 } else { 1477 /* First session, not a reauthenticate */ 1478 req->hdr.SessionId = 0; 1479 /* 1480 * if reconnect, we need to send previous sess id 1481 * otherwise it is 0 1482 */ 1483 req->PreviousSessionId = cpu_to_le64(sess_data->previous_session); 1484 req->Flags = 0; /* MBZ */ 1485 cifs_dbg(FYI, "Fresh session. Previous: %llx\n", 1486 sess_data->previous_session); 1487 } 1488 1489 /* enough to enable echos and oplocks and one max size write */ 1490 if (server->credits >= server->max_credits) 1491 req->hdr.CreditRequest = cpu_to_le16(0); 1492 else 1493 req->hdr.CreditRequest = cpu_to_le16( 1494 min_t(int, server->max_credits - 1495 server->credits, 130)); 1496 1497 /* only one of SMB2 signing flags may be set in SMB2 request */ 1498 if (server->sign) 1499 req->SecurityMode = SMB2_NEGOTIATE_SIGNING_REQUIRED; 1500 else if (global_secflags & CIFSSEC_MAY_SIGN) /* one flag unlike MUST_ */ 1501 req->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED; 1502 else 1503 req->SecurityMode = 0; 1504 1505 #ifdef CONFIG_CIFS_DFS_UPCALL 1506 req->Capabilities = cpu_to_le32(SMB2_GLOBAL_CAP_DFS); 1507 #else 1508 req->Capabilities = 0; 1509 #endif /* DFS_UPCALL */ 1510 1511 req->Channel = 0; /* MBZ */ 1512 1513 sess_data->iov[0].iov_base = (char *)req; 1514 /* 1 for pad */ 1515 sess_data->iov[0].iov_len = total_len - 1; 1516 /* 1517 * This variable will be used to clear the buffer 1518 * allocated above in case of any error in the calling function. 1519 */ 1520 sess_data->buf0_type = CIFS_SMALL_BUFFER; 1521 1522 return 0; 1523 } 1524 1525 static void SMB2_sess_free_buffer(struct SMB2_sess_data * sess_data)1526 SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data) 1527 { 1528 struct kvec *iov = sess_data->iov; 1529 1530 /* iov[1] is already freed by caller */ 1531 if (sess_data->buf0_type != CIFS_NO_BUFFER && iov[0].iov_base) 1532 memzero_explicit(iov[0].iov_base, iov[0].iov_len); 1533 1534 free_rsp_buf(sess_data->buf0_type, iov[0].iov_base); 1535 sess_data->buf0_type = CIFS_NO_BUFFER; 1536 } 1537 1538 static int SMB2_sess_sendreceive(struct SMB2_sess_data * sess_data)1539 SMB2_sess_sendreceive(struct SMB2_sess_data *sess_data) 1540 { 1541 int rc; 1542 struct smb_rqst rqst; 1543 struct smb2_sess_setup_req *req = sess_data->iov[0].iov_base; 1544 struct kvec rsp_iov = { NULL, 0 }; 1545 1546 /* Testing shows that buffer offset must be at location of Buffer[0] */ 1547 req->SecurityBufferOffset = 1548 cpu_to_le16(sizeof(struct smb2_sess_setup_req)); 1549 req->SecurityBufferLength = cpu_to_le16(sess_data->iov[1].iov_len); 1550 1551 memset(&rqst, 0, sizeof(struct smb_rqst)); 1552 rqst.rq_iov = sess_data->iov; 1553 rqst.rq_nvec = 2; 1554 1555 /* BB add code to build os and lm fields */ 1556 rc = cifs_send_recv(sess_data->xid, sess_data->ses, 1557 sess_data->server, 1558 &rqst, 1559 &sess_data->buf0_type, 1560 CIFS_LOG_ERROR | CIFS_SESS_OP, &rsp_iov); 1561 cifs_small_buf_release(sess_data->iov[0].iov_base); 1562 if (rc == 0) 1563 sess_data->ses->expired_pwd = false; 1564 else if ((rc == -EACCES) || (rc == -EKEYEXPIRED) || (rc == -EKEYREVOKED)) { 1565 if (sess_data->ses->expired_pwd == false) 1566 trace_smb3_key_expired(sess_data->server->hostname, 1567 sess_data->ses->user_name, 1568 sess_data->server->conn_id, 1569 &sess_data->server->dstaddr, rc); 1570 sess_data->ses->expired_pwd = true; 1571 } 1572 1573 memcpy(&sess_data->iov[0], &rsp_iov, sizeof(struct kvec)); 1574 1575 return rc; 1576 } 1577 1578 static int SMB2_sess_establish_session(struct SMB2_sess_data * sess_data)1579 SMB2_sess_establish_session(struct SMB2_sess_data *sess_data) 1580 { 1581 int rc = 0; 1582 struct cifs_ses *ses = sess_data->ses; 1583 struct TCP_Server_Info *server = sess_data->server; 1584 1585 cifs_server_lock(server); 1586 if (server->ops->generate_signingkey) { 1587 rc = server->ops->generate_signingkey(ses, server); 1588 if (rc) { 1589 cifs_dbg(FYI, 1590 "SMB3 session key generation failed\n"); 1591 cifs_server_unlock(server); 1592 return rc; 1593 } 1594 } 1595 if (!server->session_estab) { 1596 server->sequence_number = 0x2; 1597 server->session_estab = true; 1598 } 1599 cifs_server_unlock(server); 1600 1601 cifs_dbg(FYI, "SMB2/3 session established successfully\n"); 1602 return rc; 1603 } 1604 1605 #ifdef CONFIG_CIFS_UPCALL 1606 static void SMB2_auth_kerberos(struct SMB2_sess_data * sess_data)1607 SMB2_auth_kerberos(struct SMB2_sess_data *sess_data) 1608 { 1609 int rc; 1610 struct cifs_ses *ses = sess_data->ses; 1611 struct TCP_Server_Info *server = sess_data->server; 1612 struct cifs_spnego_msg *msg; 1613 struct key *spnego_key = NULL; 1614 struct smb2_sess_setup_rsp *rsp = NULL; 1615 bool is_binding = false; 1616 1617 rc = SMB2_sess_alloc_buffer(sess_data); 1618 if (rc) 1619 goto out; 1620 1621 spnego_key = cifs_get_spnego_key(ses, server); 1622 if (IS_ERR(spnego_key)) { 1623 rc = PTR_ERR(spnego_key); 1624 if (rc == -ENOKEY) 1625 cifs_dbg(VFS, "Verify user has a krb5 ticket and keyutils is installed\n"); 1626 spnego_key = NULL; 1627 goto out; 1628 } 1629 1630 msg = spnego_key->payload.data[0]; 1631 /* 1632 * check version field to make sure that cifs.upcall is 1633 * sending us a response in an expected form 1634 */ 1635 if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) { 1636 cifs_dbg(VFS, "bad cifs.upcall version. Expected %d got %d\n", 1637 CIFS_SPNEGO_UPCALL_VERSION, msg->version); 1638 rc = -EKEYREJECTED; 1639 goto out_put_spnego_key; 1640 } 1641 1642 spin_lock(&ses->ses_lock); 1643 is_binding = (ses->ses_status == SES_GOOD); 1644 spin_unlock(&ses->ses_lock); 1645 1646 /* keep session key if binding */ 1647 if (!is_binding) { 1648 kfree_sensitive(ses->auth_key.response); 1649 ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len, 1650 GFP_KERNEL); 1651 if (!ses->auth_key.response) { 1652 cifs_dbg(VFS, "Kerberos can't allocate (%u bytes) memory\n", 1653 msg->sesskey_len); 1654 rc = -ENOMEM; 1655 goto out_put_spnego_key; 1656 } 1657 ses->auth_key.len = msg->sesskey_len; 1658 } 1659 1660 sess_data->iov[1].iov_base = msg->data + msg->sesskey_len; 1661 sess_data->iov[1].iov_len = msg->secblob_len; 1662 1663 rc = SMB2_sess_sendreceive(sess_data); 1664 if (rc) 1665 goto out_put_spnego_key; 1666 1667 rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base; 1668 /* keep session id and flags if binding */ 1669 if (!is_binding) { 1670 ses->Suid = le64_to_cpu(rsp->hdr.SessionId); 1671 ses->session_flags = le16_to_cpu(rsp->SessionFlags); 1672 } 1673 1674 rc = SMB2_sess_establish_session(sess_data); 1675 out_put_spnego_key: 1676 key_invalidate(spnego_key); 1677 key_put(spnego_key); 1678 if (rc) { 1679 kfree_sensitive(ses->auth_key.response); 1680 ses->auth_key.response = NULL; 1681 ses->auth_key.len = 0; 1682 } 1683 out: 1684 sess_data->result = rc; 1685 sess_data->func = NULL; 1686 SMB2_sess_free_buffer(sess_data); 1687 } 1688 #else 1689 static void SMB2_auth_kerberos(struct SMB2_sess_data * sess_data)1690 SMB2_auth_kerberos(struct SMB2_sess_data *sess_data) 1691 { 1692 cifs_dbg(VFS, "Kerberos negotiated but upcall support disabled!\n"); 1693 sess_data->result = -EOPNOTSUPP; 1694 sess_data->func = NULL; 1695 } 1696 #endif 1697 1698 static void 1699 SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data); 1700 1701 static void SMB2_sess_auth_rawntlmssp_negotiate(struct SMB2_sess_data * sess_data)1702 SMB2_sess_auth_rawntlmssp_negotiate(struct SMB2_sess_data *sess_data) 1703 { 1704 int rc; 1705 struct cifs_ses *ses = sess_data->ses; 1706 struct TCP_Server_Info *server = sess_data->server; 1707 struct smb2_sess_setup_rsp *rsp = NULL; 1708 unsigned char *ntlmssp_blob = NULL; 1709 bool use_spnego = false; /* else use raw ntlmssp */ 1710 u16 blob_length = 0; 1711 bool is_binding = false; 1712 1713 /* 1714 * If memory allocation is successful, caller of this function 1715 * frees it. 1716 */ 1717 ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL); 1718 if (!ses->ntlmssp) { 1719 rc = -ENOMEM; 1720 goto out_err; 1721 } 1722 ses->ntlmssp->sesskey_per_smbsess = true; 1723 1724 rc = SMB2_sess_alloc_buffer(sess_data); 1725 if (rc) 1726 goto out_err; 1727 1728 rc = build_ntlmssp_smb3_negotiate_blob(&ntlmssp_blob, 1729 &blob_length, ses, server, 1730 sess_data->nls_cp); 1731 if (rc) 1732 goto out; 1733 1734 if (use_spnego) { 1735 /* BB eventually need to add this */ 1736 cifs_dbg(VFS, "spnego not supported for SMB2 yet\n"); 1737 rc = -EOPNOTSUPP; 1738 goto out; 1739 } 1740 sess_data->iov[1].iov_base = ntlmssp_blob; 1741 sess_data->iov[1].iov_len = blob_length; 1742 1743 rc = SMB2_sess_sendreceive(sess_data); 1744 rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base; 1745 1746 /* If true, rc here is expected and not an error */ 1747 if (sess_data->buf0_type != CIFS_NO_BUFFER && 1748 rsp->hdr.Status == STATUS_MORE_PROCESSING_REQUIRED) 1749 rc = 0; 1750 1751 if (rc) 1752 goto out; 1753 1754 if (offsetof(struct smb2_sess_setup_rsp, Buffer) != 1755 le16_to_cpu(rsp->SecurityBufferOffset)) { 1756 cifs_dbg(VFS, "Invalid security buffer offset %d\n", 1757 le16_to_cpu(rsp->SecurityBufferOffset)); 1758 rc = -EIO; 1759 goto out; 1760 } 1761 rc = decode_ntlmssp_challenge(rsp->Buffer, 1762 le16_to_cpu(rsp->SecurityBufferLength), ses); 1763 if (rc) 1764 goto out; 1765 1766 cifs_dbg(FYI, "rawntlmssp session setup challenge phase\n"); 1767 1768 spin_lock(&ses->ses_lock); 1769 is_binding = (ses->ses_status == SES_GOOD); 1770 spin_unlock(&ses->ses_lock); 1771 1772 /* keep existing ses id and flags if binding */ 1773 if (!is_binding) { 1774 ses->Suid = le64_to_cpu(rsp->hdr.SessionId); 1775 ses->session_flags = le16_to_cpu(rsp->SessionFlags); 1776 } 1777 1778 out: 1779 kfree_sensitive(ntlmssp_blob); 1780 SMB2_sess_free_buffer(sess_data); 1781 if (!rc) { 1782 sess_data->result = 0; 1783 sess_data->func = SMB2_sess_auth_rawntlmssp_authenticate; 1784 return; 1785 } 1786 out_err: 1787 kfree_sensitive(ses->ntlmssp); 1788 ses->ntlmssp = NULL; 1789 sess_data->result = rc; 1790 sess_data->func = NULL; 1791 } 1792 1793 static void SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data * sess_data)1794 SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data) 1795 { 1796 int rc; 1797 struct cifs_ses *ses = sess_data->ses; 1798 struct TCP_Server_Info *server = sess_data->server; 1799 struct smb2_sess_setup_req *req; 1800 struct smb2_sess_setup_rsp *rsp = NULL; 1801 unsigned char *ntlmssp_blob = NULL; 1802 bool use_spnego = false; /* else use raw ntlmssp */ 1803 u16 blob_length = 0; 1804 bool is_binding = false; 1805 1806 rc = SMB2_sess_alloc_buffer(sess_data); 1807 if (rc) 1808 goto out; 1809 1810 req = (struct smb2_sess_setup_req *) sess_data->iov[0].iov_base; 1811 req->hdr.SessionId = cpu_to_le64(ses->Suid); 1812 1813 rc = build_ntlmssp_auth_blob(&ntlmssp_blob, &blob_length, 1814 ses, server, 1815 sess_data->nls_cp); 1816 if (rc) { 1817 cifs_dbg(FYI, "build_ntlmssp_auth_blob failed %d\n", rc); 1818 goto out; 1819 } 1820 1821 if (use_spnego) { 1822 /* BB eventually need to add this */ 1823 cifs_dbg(VFS, "spnego not supported for SMB2 yet\n"); 1824 rc = -EOPNOTSUPP; 1825 goto out; 1826 } 1827 sess_data->iov[1].iov_base = ntlmssp_blob; 1828 sess_data->iov[1].iov_len = blob_length; 1829 1830 rc = SMB2_sess_sendreceive(sess_data); 1831 if (rc) 1832 goto out; 1833 1834 rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base; 1835 1836 spin_lock(&ses->ses_lock); 1837 is_binding = (ses->ses_status == SES_GOOD); 1838 spin_unlock(&ses->ses_lock); 1839 1840 /* keep existing ses id and flags if binding */ 1841 if (!is_binding) { 1842 ses->Suid = le64_to_cpu(rsp->hdr.SessionId); 1843 ses->session_flags = le16_to_cpu(rsp->SessionFlags); 1844 } 1845 1846 rc = SMB2_sess_establish_session(sess_data); 1847 #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS 1848 if (ses->server->dialect < SMB30_PROT_ID) { 1849 cifs_dbg(VFS, "%s: dumping generated SMB2 session keys\n", __func__); 1850 /* 1851 * The session id is opaque in terms of endianness, so we can't 1852 * print it as a long long. we dump it as we got it on the wire 1853 */ 1854 cifs_dbg(VFS, "Session Id %*ph\n", (int)sizeof(ses->Suid), 1855 &ses->Suid); 1856 cifs_dbg(VFS, "Session Key %*ph\n", 1857 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response); 1858 cifs_dbg(VFS, "Signing Key %*ph\n", 1859 SMB3_SIGN_KEY_SIZE, ses->auth_key.response); 1860 } 1861 #endif 1862 out: 1863 kfree_sensitive(ntlmssp_blob); 1864 SMB2_sess_free_buffer(sess_data); 1865 kfree_sensitive(ses->ntlmssp); 1866 ses->ntlmssp = NULL; 1867 sess_data->result = rc; 1868 sess_data->func = NULL; 1869 } 1870 1871 static int SMB2_select_sec(struct SMB2_sess_data * sess_data)1872 SMB2_select_sec(struct SMB2_sess_data *sess_data) 1873 { 1874 int type; 1875 struct cifs_ses *ses = sess_data->ses; 1876 struct TCP_Server_Info *server = sess_data->server; 1877 1878 type = smb2_select_sectype(server, ses->sectype); 1879 cifs_dbg(FYI, "sess setup type %d\n", type); 1880 if (type == Unspecified) { 1881 cifs_dbg(VFS, "Unable to select appropriate authentication method!\n"); 1882 return -EINVAL; 1883 } 1884 1885 switch (type) { 1886 case Kerberos: 1887 sess_data->func = SMB2_auth_kerberos; 1888 break; 1889 case RawNTLMSSP: 1890 sess_data->func = SMB2_sess_auth_rawntlmssp_negotiate; 1891 break; 1892 default: 1893 cifs_dbg(VFS, "secType %d not supported!\n", type); 1894 return -EOPNOTSUPP; 1895 } 1896 1897 return 0; 1898 } 1899 1900 int SMB2_sess_setup(const unsigned int xid,struct cifs_ses * ses,struct TCP_Server_Info * server,const struct nls_table * nls_cp)1901 SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses, 1902 struct TCP_Server_Info *server, 1903 const struct nls_table *nls_cp) 1904 { 1905 int rc = 0; 1906 struct SMB2_sess_data *sess_data; 1907 1908 cifs_dbg(FYI, "Session Setup\n"); 1909 1910 if (!server) { 1911 WARN(1, "%s: server is NULL!\n", __func__); 1912 return -EIO; 1913 } 1914 1915 sess_data = kzalloc(sizeof(struct SMB2_sess_data), GFP_KERNEL); 1916 if (!sess_data) 1917 return -ENOMEM; 1918 1919 sess_data->xid = xid; 1920 sess_data->ses = ses; 1921 sess_data->server = server; 1922 sess_data->buf0_type = CIFS_NO_BUFFER; 1923 sess_data->nls_cp = (struct nls_table *) nls_cp; 1924 sess_data->previous_session = ses->Suid; 1925 1926 rc = SMB2_select_sec(sess_data); 1927 if (rc) 1928 goto out; 1929 1930 /* 1931 * Initialize the session hash with the server one. 1932 */ 1933 memcpy(ses->preauth_sha_hash, server->preauth_sha_hash, 1934 SMB2_PREAUTH_HASH_SIZE); 1935 1936 while (sess_data->func) 1937 sess_data->func(sess_data); 1938 1939 if ((ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST) && (ses->sign)) 1940 cifs_server_dbg(VFS, "signing requested but authenticated as guest\n"); 1941 rc = sess_data->result; 1942 out: 1943 kfree_sensitive(sess_data); 1944 return rc; 1945 } 1946 1947 int SMB2_logoff(const unsigned int xid,struct cifs_ses * ses)1948 SMB2_logoff(const unsigned int xid, struct cifs_ses *ses) 1949 { 1950 struct smb_rqst rqst; 1951 struct smb2_logoff_req *req; /* response is also trivial struct */ 1952 int rc = 0; 1953 struct TCP_Server_Info *server; 1954 int flags = 0; 1955 unsigned int total_len; 1956 struct kvec iov[1]; 1957 struct kvec rsp_iov; 1958 int resp_buf_type; 1959 1960 cifs_dbg(FYI, "disconnect session %p\n", ses); 1961 1962 if (ses && (ses->server)) 1963 server = ses->server; 1964 else 1965 return -EIO; 1966 1967 /* no need to send SMB logoff if uid already closed due to reconnect */ 1968 spin_lock(&ses->chan_lock); 1969 if (CIFS_ALL_CHANS_NEED_RECONNECT(ses)) { 1970 spin_unlock(&ses->chan_lock); 1971 goto smb2_session_already_dead; 1972 } 1973 spin_unlock(&ses->chan_lock); 1974 1975 rc = smb2_plain_req_init(SMB2_LOGOFF, NULL, ses->server, 1976 (void **) &req, &total_len); 1977 if (rc) 1978 return rc; 1979 1980 /* since no tcon, smb2_init can not do this, so do here */ 1981 req->hdr.SessionId = cpu_to_le64(ses->Suid); 1982 1983 if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) 1984 flags |= CIFS_TRANSFORM_REQ; 1985 else if (server->sign) 1986 req->hdr.Flags |= SMB2_FLAGS_SIGNED; 1987 1988 flags |= CIFS_NO_RSP_BUF; 1989 1990 iov[0].iov_base = (char *)req; 1991 iov[0].iov_len = total_len; 1992 1993 memset(&rqst, 0, sizeof(struct smb_rqst)); 1994 rqst.rq_iov = iov; 1995 rqst.rq_nvec = 1; 1996 1997 rc = cifs_send_recv(xid, ses, ses->server, 1998 &rqst, &resp_buf_type, flags, &rsp_iov); 1999 cifs_small_buf_release(req); 2000 /* 2001 * No tcon so can't do 2002 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]); 2003 */ 2004 2005 smb2_session_already_dead: 2006 return rc; 2007 } 2008 cifs_stats_fail_inc(struct cifs_tcon * tcon,uint16_t code)2009 static inline void cifs_stats_fail_inc(struct cifs_tcon *tcon, uint16_t code) 2010 { 2011 cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_failed[code]); 2012 } 2013 2014 #define MAX_SHARENAME_LENGTH (255 /* server */ + 80 /* share */ + 1 /* NULL */) 2015 2016 /* These are similar values to what Windows uses */ init_copy_chunk_defaults(struct cifs_tcon * tcon)2017 static inline void init_copy_chunk_defaults(struct cifs_tcon *tcon) 2018 { 2019 tcon->max_chunks = 256; 2020 tcon->max_bytes_chunk = 1048576; 2021 tcon->max_bytes_copy = 16777216; 2022 } 2023 2024 int SMB2_tcon(const unsigned int xid,struct cifs_ses * ses,const char * tree,struct cifs_tcon * tcon,const struct nls_table * cp)2025 SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, 2026 struct cifs_tcon *tcon, const struct nls_table *cp) 2027 { 2028 struct smb_rqst rqst; 2029 struct smb2_tree_connect_req *req; 2030 struct smb2_tree_connect_rsp *rsp = NULL; 2031 struct kvec iov[2]; 2032 struct kvec rsp_iov = { NULL, 0 }; 2033 int rc = 0; 2034 int resp_buftype; 2035 int unc_path_len; 2036 __le16 *unc_path = NULL; 2037 int flags = 0; 2038 unsigned int total_len; 2039 struct TCP_Server_Info *server = cifs_pick_channel(ses); 2040 2041 cifs_dbg(FYI, "TCON\n"); 2042 2043 if (!server || !tree) 2044 return -EIO; 2045 2046 unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL); 2047 if (unc_path == NULL) 2048 return -ENOMEM; 2049 2050 unc_path_len = cifs_strtoUTF16(unc_path, tree, strlen(tree), cp); 2051 if (unc_path_len <= 0) { 2052 kfree(unc_path); 2053 return -EINVAL; 2054 } 2055 unc_path_len *= 2; 2056 2057 /* SMB2 TREE_CONNECT request must be called with TreeId == 0 */ 2058 tcon->tid = 0; 2059 atomic_set(&tcon->num_remote_opens, 0); 2060 rc = smb2_plain_req_init(SMB2_TREE_CONNECT, tcon, server, 2061 (void **) &req, &total_len); 2062 if (rc) { 2063 kfree(unc_path); 2064 return rc; 2065 } 2066 2067 if (smb3_encryption_required(tcon)) 2068 flags |= CIFS_TRANSFORM_REQ; 2069 2070 iov[0].iov_base = (char *)req; 2071 /* 1 for pad */ 2072 iov[0].iov_len = total_len - 1; 2073 2074 /* Testing shows that buffer offset must be at location of Buffer[0] */ 2075 req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req)); 2076 req->PathLength = cpu_to_le16(unc_path_len); 2077 iov[1].iov_base = unc_path; 2078 iov[1].iov_len = unc_path_len; 2079 2080 /* 2081 * 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1 2082 * unless it is guest or anonymous user. See MS-SMB2 3.2.5.3.1 2083 * (Samba servers don't always set the flag so also check if null user) 2084 */ 2085 if ((server->dialect == SMB311_PROT_ID) && 2086 !smb3_encryption_required(tcon) && 2087 !(ses->session_flags & 2088 (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL)) && 2089 ((ses->user_name != NULL) || (ses->sectype == Kerberos))) 2090 req->hdr.Flags |= SMB2_FLAGS_SIGNED; 2091 2092 memset(&rqst, 0, sizeof(struct smb_rqst)); 2093 rqst.rq_iov = iov; 2094 rqst.rq_nvec = 2; 2095 2096 /* Need 64 for max size write so ask for more in case not there yet */ 2097 if (server->credits >= server->max_credits) 2098 req->hdr.CreditRequest = cpu_to_le16(0); 2099 else 2100 req->hdr.CreditRequest = cpu_to_le16( 2101 min_t(int, server->max_credits - 2102 server->credits, 64)); 2103 2104 rc = cifs_send_recv(xid, ses, server, 2105 &rqst, &resp_buftype, flags, &rsp_iov); 2106 cifs_small_buf_release(req); 2107 rsp = (struct smb2_tree_connect_rsp *)rsp_iov.iov_base; 2108 trace_smb3_tcon(xid, tcon->tid, ses->Suid, tree, rc); 2109 if ((rc != 0) || (rsp == NULL)) { 2110 cifs_stats_fail_inc(tcon, SMB2_TREE_CONNECT_HE); 2111 tcon->need_reconnect = true; 2112 goto tcon_error_exit; 2113 } 2114 2115 switch (rsp->ShareType) { 2116 case SMB2_SHARE_TYPE_DISK: 2117 cifs_dbg(FYI, "connection to disk share\n"); 2118 break; 2119 case SMB2_SHARE_TYPE_PIPE: 2120 tcon->pipe = true; 2121 cifs_dbg(FYI, "connection to pipe share\n"); 2122 break; 2123 case SMB2_SHARE_TYPE_PRINT: 2124 tcon->print = true; 2125 cifs_dbg(FYI, "connection to printer\n"); 2126 break; 2127 default: 2128 cifs_server_dbg(VFS, "unknown share type %d\n", rsp->ShareType); 2129 rc = -EOPNOTSUPP; 2130 goto tcon_error_exit; 2131 } 2132 2133 tcon->share_flags = le32_to_cpu(rsp->ShareFlags); 2134 tcon->capabilities = rsp->Capabilities; /* we keep caps little endian */ 2135 tcon->maximal_access = le32_to_cpu(rsp->MaximalAccess); 2136 tcon->tid = le32_to_cpu(rsp->hdr.Id.SyncId.TreeId); 2137 strscpy(tcon->tree_name, tree, sizeof(tcon->tree_name)); 2138 2139 if ((rsp->Capabilities & SMB2_SHARE_CAP_DFS) && 2140 ((tcon->share_flags & SHI1005_FLAGS_DFS) == 0)) 2141 cifs_tcon_dbg(VFS, "DFS capability contradicts DFS flag\n"); 2142 2143 if (tcon->seal && 2144 !(server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION)) 2145 cifs_tcon_dbg(VFS, "Encryption is requested but not supported\n"); 2146 2147 init_copy_chunk_defaults(tcon); 2148 if (server->ops->validate_negotiate) 2149 rc = server->ops->validate_negotiate(xid, tcon); 2150 if (rc == 0) /* See MS-SMB2 2.2.10 and 3.2.5.5 */ 2151 if (tcon->share_flags & SMB2_SHAREFLAG_ISOLATED_TRANSPORT) 2152 server->nosharesock = true; 2153 tcon_exit: 2154 2155 free_rsp_buf(resp_buftype, rsp); 2156 kfree(unc_path); 2157 return rc; 2158 2159 tcon_error_exit: 2160 if (rsp && rsp->hdr.Status == STATUS_BAD_NETWORK_NAME) 2161 cifs_dbg(VFS | ONCE, "BAD_NETWORK_NAME: %s\n", tree); 2162 goto tcon_exit; 2163 } 2164 2165 int SMB2_tdis(const unsigned int xid,struct cifs_tcon * tcon)2166 SMB2_tdis(const unsigned int xid, struct cifs_tcon *tcon) 2167 { 2168 struct smb_rqst rqst; 2169 struct smb2_tree_disconnect_req *req; /* response is trivial */ 2170 int rc = 0; 2171 struct cifs_ses *ses = tcon->ses; 2172 struct TCP_Server_Info *server = cifs_pick_channel(ses); 2173 int flags = 0; 2174 unsigned int total_len; 2175 struct kvec iov[1]; 2176 struct kvec rsp_iov; 2177 int resp_buf_type; 2178 2179 cifs_dbg(FYI, "Tree Disconnect\n"); 2180 2181 if (!ses || !(ses->server)) 2182 return -EIO; 2183 2184 trace_smb3_tdis_enter(xid, tcon->tid, ses->Suid, tcon->tree_name); 2185 spin_lock(&ses->chan_lock); 2186 if ((tcon->need_reconnect) || 2187 (CIFS_ALL_CHANS_NEED_RECONNECT(tcon->ses))) { 2188 spin_unlock(&ses->chan_lock); 2189 return 0; 2190 } 2191 spin_unlock(&ses->chan_lock); 2192 2193 invalidate_all_cached_dirs(tcon); 2194 2195 rc = smb2_plain_req_init(SMB2_TREE_DISCONNECT, tcon, server, 2196 (void **) &req, 2197 &total_len); 2198 if (rc) 2199 return rc; 2200 2201 if (smb3_encryption_required(tcon)) 2202 flags |= CIFS_TRANSFORM_REQ; 2203 2204 flags |= CIFS_NO_RSP_BUF; 2205 2206 iov[0].iov_base = (char *)req; 2207 iov[0].iov_len = total_len; 2208 2209 memset(&rqst, 0, sizeof(struct smb_rqst)); 2210 rqst.rq_iov = iov; 2211 rqst.rq_nvec = 1; 2212 2213 rc = cifs_send_recv(xid, ses, server, 2214 &rqst, &resp_buf_type, flags, &rsp_iov); 2215 cifs_small_buf_release(req); 2216 if (rc) { 2217 cifs_stats_fail_inc(tcon, SMB2_TREE_DISCONNECT_HE); 2218 trace_smb3_tdis_err(xid, tcon->tid, ses->Suid, rc); 2219 } 2220 trace_smb3_tdis_done(xid, tcon->tid, ses->Suid); 2221 2222 return rc; 2223 } 2224 2225 2226 static struct create_durable * create_durable_buf(void)2227 create_durable_buf(void) 2228 { 2229 struct create_durable *buf; 2230 2231 buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL); 2232 if (!buf) 2233 return NULL; 2234 2235 buf->ccontext.DataOffset = cpu_to_le16(offsetof 2236 (struct create_durable, Data)); 2237 buf->ccontext.DataLength = cpu_to_le32(16); 2238 buf->ccontext.NameOffset = cpu_to_le16(offsetof 2239 (struct create_durable, Name)); 2240 buf->ccontext.NameLength = cpu_to_le16(4); 2241 /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DHnQ" */ 2242 buf->Name[0] = 'D'; 2243 buf->Name[1] = 'H'; 2244 buf->Name[2] = 'n'; 2245 buf->Name[3] = 'Q'; 2246 return buf; 2247 } 2248 2249 static struct create_durable * create_reconnect_durable_buf(struct cifs_fid * fid)2250 create_reconnect_durable_buf(struct cifs_fid *fid) 2251 { 2252 struct create_durable *buf; 2253 2254 buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL); 2255 if (!buf) 2256 return NULL; 2257 2258 buf->ccontext.DataOffset = cpu_to_le16(offsetof 2259 (struct create_durable, Data)); 2260 buf->ccontext.DataLength = cpu_to_le32(16); 2261 buf->ccontext.NameOffset = cpu_to_le16(offsetof 2262 (struct create_durable, Name)); 2263 buf->ccontext.NameLength = cpu_to_le16(4); 2264 buf->Data.Fid.PersistentFileId = fid->persistent_fid; 2265 buf->Data.Fid.VolatileFileId = fid->volatile_fid; 2266 /* SMB2_CREATE_DURABLE_HANDLE_RECONNECT is "DHnC" */ 2267 buf->Name[0] = 'D'; 2268 buf->Name[1] = 'H'; 2269 buf->Name[2] = 'n'; 2270 buf->Name[3] = 'C'; 2271 return buf; 2272 } 2273 2274 static void parse_query_id_ctxt(struct create_context * cc,struct smb2_file_all_info * buf)2275 parse_query_id_ctxt(struct create_context *cc, struct smb2_file_all_info *buf) 2276 { 2277 struct create_disk_id_rsp *pdisk_id = (struct create_disk_id_rsp *)cc; 2278 2279 cifs_dbg(FYI, "parse query id context 0x%llx 0x%llx\n", 2280 pdisk_id->DiskFileId, pdisk_id->VolumeId); 2281 buf->IndexNumber = pdisk_id->DiskFileId; 2282 } 2283 2284 static void parse_posix_ctxt(struct create_context * cc,struct smb2_file_all_info * info,struct create_posix_rsp * posix)2285 parse_posix_ctxt(struct create_context *cc, struct smb2_file_all_info *info, 2286 struct create_posix_rsp *posix) 2287 { 2288 int sid_len; 2289 u8 *beg = (u8 *)cc + le16_to_cpu(cc->DataOffset); 2290 u8 *end = beg + le32_to_cpu(cc->DataLength); 2291 u8 *sid; 2292 2293 memset(posix, 0, sizeof(*posix)); 2294 2295 posix->nlink = le32_to_cpu(*(__le32 *)(beg + 0)); 2296 posix->reparse_tag = le32_to_cpu(*(__le32 *)(beg + 4)); 2297 posix->mode = le32_to_cpu(*(__le32 *)(beg + 8)); 2298 2299 sid = beg + 12; 2300 sid_len = posix_info_sid_size(sid, end); 2301 if (sid_len < 0) { 2302 cifs_dbg(VFS, "bad owner sid in posix create response\n"); 2303 return; 2304 } 2305 memcpy(&posix->owner, sid, sid_len); 2306 2307 sid = sid + sid_len; 2308 sid_len = posix_info_sid_size(sid, end); 2309 if (sid_len < 0) { 2310 cifs_dbg(VFS, "bad group sid in posix create response\n"); 2311 return; 2312 } 2313 memcpy(&posix->group, sid, sid_len); 2314 2315 cifs_dbg(FYI, "nlink=%d mode=%o reparse_tag=%x\n", 2316 posix->nlink, posix->mode, posix->reparse_tag); 2317 } 2318 smb2_parse_contexts(struct TCP_Server_Info * server,struct kvec * rsp_iov,__u16 * epoch,char * lease_key,__u8 * oplock,struct smb2_file_all_info * buf,struct create_posix_rsp * posix)2319 int smb2_parse_contexts(struct TCP_Server_Info *server, 2320 struct kvec *rsp_iov, 2321 __u16 *epoch, 2322 char *lease_key, __u8 *oplock, 2323 struct smb2_file_all_info *buf, 2324 struct create_posix_rsp *posix) 2325 { 2326 struct smb2_create_rsp *rsp = rsp_iov->iov_base; 2327 struct create_context *cc; 2328 size_t rem, off, len; 2329 size_t doff, dlen; 2330 size_t noff, nlen; 2331 char *name; 2332 static const char smb3_create_tag_posix[] = { 2333 0x93, 0xAD, 0x25, 0x50, 0x9C, 2334 0xB4, 0x11, 0xE7, 0xB4, 0x23, 0x83, 2335 0xDE, 0x96, 0x8B, 0xCD, 0x7C 2336 }; 2337 2338 *oplock = 0; 2339 2340 off = le32_to_cpu(rsp->CreateContextsOffset); 2341 rem = le32_to_cpu(rsp->CreateContextsLength); 2342 if (check_add_overflow(off, rem, &len) || len > rsp_iov->iov_len) 2343 return -EINVAL; 2344 cc = (struct create_context *)((u8 *)rsp + off); 2345 2346 /* Initialize inode number to 0 in case no valid data in qfid context */ 2347 if (buf) 2348 buf->IndexNumber = 0; 2349 2350 while (rem >= sizeof(*cc)) { 2351 doff = le16_to_cpu(cc->DataOffset); 2352 dlen = le32_to_cpu(cc->DataLength); 2353 if (check_add_overflow(doff, dlen, &len) || len > rem) 2354 return -EINVAL; 2355 2356 noff = le16_to_cpu(cc->NameOffset); 2357 nlen = le16_to_cpu(cc->NameLength); 2358 if (noff + nlen > doff) 2359 return -EINVAL; 2360 2361 name = (char *)cc + noff; 2362 switch (nlen) { 2363 case 4: 2364 if (!strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4)) { 2365 *oplock = server->ops->parse_lease_buf(cc, epoch, 2366 lease_key); 2367 } else if (buf && 2368 !strncmp(name, SMB2_CREATE_QUERY_ON_DISK_ID, 4)) { 2369 parse_query_id_ctxt(cc, buf); 2370 } 2371 break; 2372 case 16: 2373 if (posix && !memcmp(name, smb3_create_tag_posix, 16)) 2374 parse_posix_ctxt(cc, buf, posix); 2375 break; 2376 default: 2377 cifs_dbg(FYI, "%s: unhandled context (nlen=%zu dlen=%zu)\n", 2378 __func__, nlen, dlen); 2379 if (IS_ENABLED(CONFIG_CIFS_DEBUG2)) 2380 cifs_dump_mem("context data: ", cc, dlen); 2381 break; 2382 } 2383 2384 off = le32_to_cpu(cc->Next); 2385 if (!off) 2386 break; 2387 if (check_sub_overflow(rem, off, &rem)) 2388 return -EINVAL; 2389 cc = (struct create_context *)((u8 *)cc + off); 2390 } 2391 2392 if (rsp->OplockLevel != SMB2_OPLOCK_LEVEL_LEASE) 2393 *oplock = rsp->OplockLevel; 2394 2395 return 0; 2396 } 2397 2398 static int add_lease_context(struct TCP_Server_Info * server,struct smb2_create_req * req,struct kvec * iov,unsigned int * num_iovec,u8 * lease_key,__u8 * oplock)2399 add_lease_context(struct TCP_Server_Info *server, 2400 struct smb2_create_req *req, 2401 struct kvec *iov, 2402 unsigned int *num_iovec, u8 *lease_key, __u8 *oplock) 2403 { 2404 unsigned int num = *num_iovec; 2405 2406 iov[num].iov_base = server->ops->create_lease_buf(lease_key, *oplock); 2407 if (iov[num].iov_base == NULL) 2408 return -ENOMEM; 2409 iov[num].iov_len = server->vals->create_lease_size; 2410 req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_LEASE; 2411 *num_iovec = num + 1; 2412 return 0; 2413 } 2414 2415 static struct create_durable_v2 * create_durable_v2_buf(struct cifs_open_parms * oparms)2416 create_durable_v2_buf(struct cifs_open_parms *oparms) 2417 { 2418 struct cifs_fid *pfid = oparms->fid; 2419 struct create_durable_v2 *buf; 2420 2421 buf = kzalloc(sizeof(struct create_durable_v2), GFP_KERNEL); 2422 if (!buf) 2423 return NULL; 2424 2425 buf->ccontext.DataOffset = cpu_to_le16(offsetof 2426 (struct create_durable_v2, dcontext)); 2427 buf->ccontext.DataLength = cpu_to_le32(sizeof(struct durable_context_v2)); 2428 buf->ccontext.NameOffset = cpu_to_le16(offsetof 2429 (struct create_durable_v2, Name)); 2430 buf->ccontext.NameLength = cpu_to_le16(4); 2431 2432 /* 2433 * NB: Handle timeout defaults to 0, which allows server to choose 2434 * (most servers default to 120 seconds) and most clients default to 0. 2435 * This can be overridden at mount ("handletimeout=") if the user wants 2436 * a different persistent (or resilient) handle timeout for all opens 2437 * on a particular SMB3 mount. 2438 */ 2439 buf->dcontext.Timeout = cpu_to_le32(oparms->tcon->handle_timeout); 2440 buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT); 2441 2442 /* for replay, we should not overwrite the existing create guid */ 2443 if (!oparms->replay) { 2444 generate_random_uuid(buf->dcontext.CreateGuid); 2445 memcpy(pfid->create_guid, buf->dcontext.CreateGuid, 16); 2446 } else 2447 memcpy(buf->dcontext.CreateGuid, pfid->create_guid, 16); 2448 2449 /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DH2Q" */ 2450 buf->Name[0] = 'D'; 2451 buf->Name[1] = 'H'; 2452 buf->Name[2] = '2'; 2453 buf->Name[3] = 'Q'; 2454 return buf; 2455 } 2456 2457 static struct create_durable_handle_reconnect_v2 * create_reconnect_durable_v2_buf(struct cifs_fid * fid)2458 create_reconnect_durable_v2_buf(struct cifs_fid *fid) 2459 { 2460 struct create_durable_handle_reconnect_v2 *buf; 2461 2462 buf = kzalloc(sizeof(struct create_durable_handle_reconnect_v2), 2463 GFP_KERNEL); 2464 if (!buf) 2465 return NULL; 2466 2467 buf->ccontext.DataOffset = 2468 cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2, 2469 dcontext)); 2470 buf->ccontext.DataLength = 2471 cpu_to_le32(sizeof(struct durable_reconnect_context_v2)); 2472 buf->ccontext.NameOffset = 2473 cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2, 2474 Name)); 2475 buf->ccontext.NameLength = cpu_to_le16(4); 2476 2477 buf->dcontext.Fid.PersistentFileId = fid->persistent_fid; 2478 buf->dcontext.Fid.VolatileFileId = fid->volatile_fid; 2479 buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT); 2480 memcpy(buf->dcontext.CreateGuid, fid->create_guid, 16); 2481 2482 /* SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 is "DH2C" */ 2483 buf->Name[0] = 'D'; 2484 buf->Name[1] = 'H'; 2485 buf->Name[2] = '2'; 2486 buf->Name[3] = 'C'; 2487 return buf; 2488 } 2489 2490 static int add_durable_v2_context(struct kvec * iov,unsigned int * num_iovec,struct cifs_open_parms * oparms)2491 add_durable_v2_context(struct kvec *iov, unsigned int *num_iovec, 2492 struct cifs_open_parms *oparms) 2493 { 2494 unsigned int num = *num_iovec; 2495 2496 iov[num].iov_base = create_durable_v2_buf(oparms); 2497 if (iov[num].iov_base == NULL) 2498 return -ENOMEM; 2499 iov[num].iov_len = sizeof(struct create_durable_v2); 2500 *num_iovec = num + 1; 2501 return 0; 2502 } 2503 2504 static int add_durable_reconnect_v2_context(struct kvec * iov,unsigned int * num_iovec,struct cifs_open_parms * oparms)2505 add_durable_reconnect_v2_context(struct kvec *iov, unsigned int *num_iovec, 2506 struct cifs_open_parms *oparms) 2507 { 2508 unsigned int num = *num_iovec; 2509 2510 /* indicate that we don't need to relock the file */ 2511 oparms->reconnect = false; 2512 2513 iov[num].iov_base = create_reconnect_durable_v2_buf(oparms->fid); 2514 if (iov[num].iov_base == NULL) 2515 return -ENOMEM; 2516 iov[num].iov_len = sizeof(struct create_durable_handle_reconnect_v2); 2517 *num_iovec = num + 1; 2518 return 0; 2519 } 2520 2521 static int add_durable_context(struct kvec * iov,unsigned int * num_iovec,struct cifs_open_parms * oparms,bool use_persistent)2522 add_durable_context(struct kvec *iov, unsigned int *num_iovec, 2523 struct cifs_open_parms *oparms, bool use_persistent) 2524 { 2525 unsigned int num = *num_iovec; 2526 2527 if (use_persistent) { 2528 if (oparms->reconnect) 2529 return add_durable_reconnect_v2_context(iov, num_iovec, 2530 oparms); 2531 else 2532 return add_durable_v2_context(iov, num_iovec, oparms); 2533 } 2534 2535 if (oparms->reconnect) { 2536 iov[num].iov_base = create_reconnect_durable_buf(oparms->fid); 2537 /* indicate that we don't need to relock the file */ 2538 oparms->reconnect = false; 2539 } else 2540 iov[num].iov_base = create_durable_buf(); 2541 if (iov[num].iov_base == NULL) 2542 return -ENOMEM; 2543 iov[num].iov_len = sizeof(struct create_durable); 2544 *num_iovec = num + 1; 2545 return 0; 2546 } 2547 2548 /* See MS-SMB2 2.2.13.2.7 */ 2549 static struct crt_twarp_ctxt * create_twarp_buf(__u64 timewarp)2550 create_twarp_buf(__u64 timewarp) 2551 { 2552 struct crt_twarp_ctxt *buf; 2553 2554 buf = kzalloc(sizeof(struct crt_twarp_ctxt), GFP_KERNEL); 2555 if (!buf) 2556 return NULL; 2557 2558 buf->ccontext.DataOffset = cpu_to_le16(offsetof 2559 (struct crt_twarp_ctxt, Timestamp)); 2560 buf->ccontext.DataLength = cpu_to_le32(8); 2561 buf->ccontext.NameOffset = cpu_to_le16(offsetof 2562 (struct crt_twarp_ctxt, Name)); 2563 buf->ccontext.NameLength = cpu_to_le16(4); 2564 /* SMB2_CREATE_TIMEWARP_TOKEN is "TWrp" */ 2565 buf->Name[0] = 'T'; 2566 buf->Name[1] = 'W'; 2567 buf->Name[2] = 'r'; 2568 buf->Name[3] = 'p'; 2569 buf->Timestamp = cpu_to_le64(timewarp); 2570 return buf; 2571 } 2572 2573 /* See MS-SMB2 2.2.13.2.7 */ 2574 static int add_twarp_context(struct kvec * iov,unsigned int * num_iovec,__u64 timewarp)2575 add_twarp_context(struct kvec *iov, unsigned int *num_iovec, __u64 timewarp) 2576 { 2577 unsigned int num = *num_iovec; 2578 2579 iov[num].iov_base = create_twarp_buf(timewarp); 2580 if (iov[num].iov_base == NULL) 2581 return -ENOMEM; 2582 iov[num].iov_len = sizeof(struct crt_twarp_ctxt); 2583 *num_iovec = num + 1; 2584 return 0; 2585 } 2586 2587 /* See http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx */ setup_owner_group_sids(char * buf)2588 static void setup_owner_group_sids(char *buf) 2589 { 2590 struct owner_group_sids *sids = (struct owner_group_sids *)buf; 2591 2592 /* Populate the user ownership fields S-1-5-88-1 */ 2593 sids->owner.Revision = 1; 2594 sids->owner.NumAuth = 3; 2595 sids->owner.Authority[5] = 5; 2596 sids->owner.SubAuthorities[0] = cpu_to_le32(88); 2597 sids->owner.SubAuthorities[1] = cpu_to_le32(1); 2598 sids->owner.SubAuthorities[2] = cpu_to_le32(current_fsuid().val); 2599 2600 /* Populate the group ownership fields S-1-5-88-2 */ 2601 sids->group.Revision = 1; 2602 sids->group.NumAuth = 3; 2603 sids->group.Authority[5] = 5; 2604 sids->group.SubAuthorities[0] = cpu_to_le32(88); 2605 sids->group.SubAuthorities[1] = cpu_to_le32(2); 2606 sids->group.SubAuthorities[2] = cpu_to_le32(current_fsgid().val); 2607 2608 cifs_dbg(FYI, "owner S-1-5-88-1-%d, group S-1-5-88-2-%d\n", current_fsuid().val, current_fsgid().val); 2609 } 2610 2611 /* See MS-SMB2 2.2.13.2.2 and MS-DTYP 2.4.6 */ 2612 static struct crt_sd_ctxt * create_sd_buf(umode_t mode,bool set_owner,unsigned int * len)2613 create_sd_buf(umode_t mode, bool set_owner, unsigned int *len) 2614 { 2615 struct crt_sd_ctxt *buf; 2616 __u8 *ptr, *aclptr; 2617 unsigned int acelen, acl_size, ace_count; 2618 unsigned int owner_offset = 0; 2619 unsigned int group_offset = 0; 2620 struct smb3_acl acl = {}; 2621 2622 *len = round_up(sizeof(struct crt_sd_ctxt) + (sizeof(struct smb_ace) * 4), 8); 2623 2624 if (set_owner) { 2625 /* sizeof(struct owner_group_sids) is already multiple of 8 so no need to round */ 2626 *len += sizeof(struct owner_group_sids); 2627 } 2628 2629 buf = kzalloc(*len, GFP_KERNEL); 2630 if (buf == NULL) 2631 return buf; 2632 2633 ptr = (__u8 *)&buf[1]; 2634 if (set_owner) { 2635 /* offset fields are from beginning of security descriptor not of create context */ 2636 owner_offset = ptr - (__u8 *)&buf->sd; 2637 buf->sd.OffsetOwner = cpu_to_le32(owner_offset); 2638 group_offset = owner_offset + offsetof(struct owner_group_sids, group); 2639 buf->sd.OffsetGroup = cpu_to_le32(group_offset); 2640 2641 setup_owner_group_sids(ptr); 2642 ptr += sizeof(struct owner_group_sids); 2643 } else { 2644 buf->sd.OffsetOwner = 0; 2645 buf->sd.OffsetGroup = 0; 2646 } 2647 2648 buf->ccontext.DataOffset = cpu_to_le16(offsetof(struct crt_sd_ctxt, sd)); 2649 buf->ccontext.NameOffset = cpu_to_le16(offsetof(struct crt_sd_ctxt, Name)); 2650 buf->ccontext.NameLength = cpu_to_le16(4); 2651 /* SMB2_CREATE_SD_BUFFER_TOKEN is "SecD" */ 2652 buf->Name[0] = 'S'; 2653 buf->Name[1] = 'e'; 2654 buf->Name[2] = 'c'; 2655 buf->Name[3] = 'D'; 2656 buf->sd.Revision = 1; /* Must be one see MS-DTYP 2.4.6 */ 2657 2658 /* 2659 * ACL is "self relative" ie ACL is stored in contiguous block of memory 2660 * and "DP" ie the DACL is present 2661 */ 2662 buf->sd.Control = cpu_to_le16(ACL_CONTROL_SR | ACL_CONTROL_DP); 2663 2664 /* offset owner, group and Sbz1 and SACL are all zero */ 2665 buf->sd.OffsetDacl = cpu_to_le32(ptr - (__u8 *)&buf->sd); 2666 /* Ship the ACL for now. we will copy it into buf later. */ 2667 aclptr = ptr; 2668 ptr += sizeof(struct smb3_acl); 2669 2670 /* create one ACE to hold the mode embedded in reserved special SID */ 2671 acelen = setup_special_mode_ACE((struct smb_ace *)ptr, false, (__u64)mode); 2672 ptr += acelen; 2673 acl_size = acelen + sizeof(struct smb3_acl); 2674 ace_count = 1; 2675 2676 if (set_owner) { 2677 /* we do not need to reallocate buffer to add the two more ACEs. plenty of space */ 2678 acelen = setup_special_user_owner_ACE((struct smb_ace *)ptr); 2679 ptr += acelen; 2680 acl_size += acelen; 2681 ace_count += 1; 2682 } 2683 2684 /* and one more ACE to allow access for authenticated users */ 2685 acelen = setup_authusers_ACE((struct smb_ace *)ptr); 2686 ptr += acelen; 2687 acl_size += acelen; 2688 ace_count += 1; 2689 2690 acl.AclRevision = ACL_REVISION; /* See 2.4.4.1 of MS-DTYP */ 2691 acl.AclSize = cpu_to_le16(acl_size); 2692 acl.AceCount = cpu_to_le16(ace_count); 2693 /* acl.Sbz1 and Sbz2 MBZ so are not set here, but initialized above */ 2694 memcpy(aclptr, &acl, sizeof(struct smb3_acl)); 2695 2696 buf->ccontext.DataLength = cpu_to_le32(ptr - (__u8 *)&buf->sd); 2697 *len = round_up((unsigned int)(ptr - (__u8 *)buf), 8); 2698 2699 return buf; 2700 } 2701 2702 static int add_sd_context(struct kvec * iov,unsigned int * num_iovec,umode_t mode,bool set_owner)2703 add_sd_context(struct kvec *iov, unsigned int *num_iovec, umode_t mode, bool set_owner) 2704 { 2705 unsigned int num = *num_iovec; 2706 unsigned int len = 0; 2707 2708 iov[num].iov_base = create_sd_buf(mode, set_owner, &len); 2709 if (iov[num].iov_base == NULL) 2710 return -ENOMEM; 2711 iov[num].iov_len = len; 2712 *num_iovec = num + 1; 2713 return 0; 2714 } 2715 2716 static struct crt_query_id_ctxt * create_query_id_buf(void)2717 create_query_id_buf(void) 2718 { 2719 struct crt_query_id_ctxt *buf; 2720 2721 buf = kzalloc(sizeof(struct crt_query_id_ctxt), GFP_KERNEL); 2722 if (!buf) 2723 return NULL; 2724 2725 buf->ccontext.DataOffset = cpu_to_le16(0); 2726 buf->ccontext.DataLength = cpu_to_le32(0); 2727 buf->ccontext.NameOffset = cpu_to_le16(offsetof 2728 (struct crt_query_id_ctxt, Name)); 2729 buf->ccontext.NameLength = cpu_to_le16(4); 2730 /* SMB2_CREATE_QUERY_ON_DISK_ID is "QFid" */ 2731 buf->Name[0] = 'Q'; 2732 buf->Name[1] = 'F'; 2733 buf->Name[2] = 'i'; 2734 buf->Name[3] = 'd'; 2735 return buf; 2736 } 2737 2738 /* See MS-SMB2 2.2.13.2.9 */ 2739 static int add_query_id_context(struct kvec * iov,unsigned int * num_iovec)2740 add_query_id_context(struct kvec *iov, unsigned int *num_iovec) 2741 { 2742 unsigned int num = *num_iovec; 2743 2744 iov[num].iov_base = create_query_id_buf(); 2745 if (iov[num].iov_base == NULL) 2746 return -ENOMEM; 2747 iov[num].iov_len = sizeof(struct crt_query_id_ctxt); 2748 *num_iovec = num + 1; 2749 return 0; 2750 } 2751 add_ea_context(struct cifs_open_parms * oparms,struct kvec * rq_iov,unsigned int * num_iovs)2752 static void add_ea_context(struct cifs_open_parms *oparms, 2753 struct kvec *rq_iov, unsigned int *num_iovs) 2754 { 2755 struct kvec *iov = oparms->ea_cctx; 2756 2757 if (iov && iov->iov_base && iov->iov_len) { 2758 rq_iov[(*num_iovs)++] = *iov; 2759 memset(iov, 0, sizeof(*iov)); 2760 } 2761 } 2762 2763 static int alloc_path_with_tree_prefix(__le16 ** out_path,int * out_size,int * out_len,const char * treename,const __le16 * path)2764 alloc_path_with_tree_prefix(__le16 **out_path, int *out_size, int *out_len, 2765 const char *treename, const __le16 *path) 2766 { 2767 int treename_len, path_len; 2768 struct nls_table *cp; 2769 const __le16 sep[] = {cpu_to_le16('\\'), cpu_to_le16(0x0000)}; 2770 2771 /* 2772 * skip leading "\\" 2773 */ 2774 treename_len = strlen(treename); 2775 if (treename_len < 2 || !(treename[0] == '\\' && treename[1] == '\\')) 2776 return -EINVAL; 2777 2778 treename += 2; 2779 treename_len -= 2; 2780 2781 path_len = UniStrnlen((wchar_t *)path, PATH_MAX); 2782 2783 /* make room for one path separator only if @path isn't empty */ 2784 *out_len = treename_len + (path[0] ? 1 : 0) + path_len; 2785 2786 /* 2787 * final path needs to be 8-byte aligned as specified in 2788 * MS-SMB2 2.2.13 SMB2 CREATE Request. 2789 */ 2790 *out_size = round_up(*out_len * sizeof(__le16), 8); 2791 *out_path = kzalloc(*out_size + sizeof(__le16) /* null */, GFP_KERNEL); 2792 if (!*out_path) 2793 return -ENOMEM; 2794 2795 cp = load_nls_default(); 2796 cifs_strtoUTF16(*out_path, treename, treename_len, cp); 2797 2798 /* Do not append the separator if the path is empty */ 2799 if (path[0] != cpu_to_le16(0x0000)) { 2800 UniStrcat((wchar_t *)*out_path, (wchar_t *)sep); 2801 UniStrcat((wchar_t *)*out_path, (wchar_t *)path); 2802 } 2803 2804 unload_nls(cp); 2805 2806 return 0; 2807 } 2808 smb311_posix_mkdir(const unsigned int xid,struct inode * inode,umode_t mode,struct cifs_tcon * tcon,const char * full_path,struct cifs_sb_info * cifs_sb)2809 int smb311_posix_mkdir(const unsigned int xid, struct inode *inode, 2810 umode_t mode, struct cifs_tcon *tcon, 2811 const char *full_path, 2812 struct cifs_sb_info *cifs_sb) 2813 { 2814 struct smb_rqst rqst; 2815 struct smb2_create_req *req; 2816 struct smb2_create_rsp *rsp = NULL; 2817 struct cifs_ses *ses = tcon->ses; 2818 struct kvec iov[3]; /* make sure at least one for each open context */ 2819 struct kvec rsp_iov = {NULL, 0}; 2820 int resp_buftype; 2821 int uni_path_len; 2822 __le16 *copy_path = NULL; 2823 int copy_size; 2824 int rc = 0; 2825 unsigned int n_iov = 2; 2826 __u32 file_attributes = 0; 2827 char *pc_buf = NULL; 2828 int flags = 0; 2829 unsigned int total_len; 2830 __le16 *utf16_path = NULL; 2831 struct TCP_Server_Info *server; 2832 int retries = 0, cur_sleep = 1; 2833 2834 replay_again: 2835 /* reinitialize for possible replay */ 2836 flags = 0; 2837 n_iov = 2; 2838 server = cifs_pick_channel(ses); 2839 2840 cifs_dbg(FYI, "mkdir\n"); 2841 2842 /* resource #1: path allocation */ 2843 utf16_path = cifs_convert_path_to_utf16(full_path, cifs_sb); 2844 if (!utf16_path) 2845 return -ENOMEM; 2846 2847 if (!ses || !server) { 2848 rc = -EIO; 2849 goto err_free_path; 2850 } 2851 2852 /* resource #2: request */ 2853 rc = smb2_plain_req_init(SMB2_CREATE, tcon, server, 2854 (void **) &req, &total_len); 2855 if (rc) 2856 goto err_free_path; 2857 2858 2859 if (smb3_encryption_required(tcon)) 2860 flags |= CIFS_TRANSFORM_REQ; 2861 2862 req->ImpersonationLevel = IL_IMPERSONATION; 2863 req->DesiredAccess = cpu_to_le32(FILE_WRITE_ATTRIBUTES); 2864 /* File attributes ignored on open (used in create though) */ 2865 req->FileAttributes = cpu_to_le32(file_attributes); 2866 req->ShareAccess = FILE_SHARE_ALL_LE; 2867 req->CreateDisposition = cpu_to_le32(FILE_CREATE); 2868 req->CreateOptions = cpu_to_le32(CREATE_NOT_FILE); 2869 2870 iov[0].iov_base = (char *)req; 2871 /* -1 since last byte is buf[0] which is sent below (path) */ 2872 iov[0].iov_len = total_len - 1; 2873 2874 req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req)); 2875 2876 /* [MS-SMB2] 2.2.13 NameOffset: 2877 * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of 2878 * the SMB2 header, the file name includes a prefix that will 2879 * be processed during DFS name normalization as specified in 2880 * section 3.3.5.9. Otherwise, the file name is relative to 2881 * the share that is identified by the TreeId in the SMB2 2882 * header. 2883 */ 2884 if (tcon->share_flags & SHI1005_FLAGS_DFS) { 2885 int name_len; 2886 2887 req->hdr.Flags |= SMB2_FLAGS_DFS_OPERATIONS; 2888 rc = alloc_path_with_tree_prefix(©_path, ©_size, 2889 &name_len, 2890 tcon->tree_name, utf16_path); 2891 if (rc) 2892 goto err_free_req; 2893 2894 req->NameLength = cpu_to_le16(name_len * 2); 2895 uni_path_len = copy_size; 2896 /* free before overwriting resource */ 2897 kfree(utf16_path); 2898 utf16_path = copy_path; 2899 } else { 2900 uni_path_len = (2 * UniStrnlen((wchar_t *)utf16_path, PATH_MAX)) + 2; 2901 /* MUST set path len (NameLength) to 0 opening root of share */ 2902 req->NameLength = cpu_to_le16(uni_path_len - 2); 2903 if (uni_path_len % 8 != 0) { 2904 copy_size = roundup(uni_path_len, 8); 2905 copy_path = kzalloc(copy_size, GFP_KERNEL); 2906 if (!copy_path) { 2907 rc = -ENOMEM; 2908 goto err_free_req; 2909 } 2910 memcpy((char *)copy_path, (const char *)utf16_path, 2911 uni_path_len); 2912 uni_path_len = copy_size; 2913 /* free before overwriting resource */ 2914 kfree(utf16_path); 2915 utf16_path = copy_path; 2916 } 2917 } 2918 2919 iov[1].iov_len = uni_path_len; 2920 iov[1].iov_base = utf16_path; 2921 req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_NONE; 2922 2923 if (tcon->posix_extensions) { 2924 /* resource #3: posix buf */ 2925 rc = add_posix_context(iov, &n_iov, mode); 2926 if (rc) 2927 goto err_free_req; 2928 req->CreateContextsOffset = cpu_to_le32( 2929 sizeof(struct smb2_create_req) + 2930 iov[1].iov_len); 2931 pc_buf = iov[n_iov-1].iov_base; 2932 } 2933 2934 2935 memset(&rqst, 0, sizeof(struct smb_rqst)); 2936 rqst.rq_iov = iov; 2937 rqst.rq_nvec = n_iov; 2938 2939 /* no need to inc num_remote_opens because we close it just below */ 2940 trace_smb3_posix_mkdir_enter(xid, tcon->tid, ses->Suid, full_path, CREATE_NOT_FILE, 2941 FILE_WRITE_ATTRIBUTES); 2942 2943 if (retries) 2944 smb2_set_replay(server, &rqst); 2945 2946 /* resource #4: response buffer */ 2947 rc = cifs_send_recv(xid, ses, server, 2948 &rqst, &resp_buftype, flags, &rsp_iov); 2949 if (rc) { 2950 cifs_stats_fail_inc(tcon, SMB2_CREATE_HE); 2951 trace_smb3_posix_mkdir_err(xid, tcon->tid, ses->Suid, 2952 CREATE_NOT_FILE, 2953 FILE_WRITE_ATTRIBUTES, rc); 2954 goto err_free_rsp_buf; 2955 } 2956 2957 /* 2958 * Although unlikely to be possible for rsp to be null and rc not set, 2959 * adding check below is slightly safer long term (and quiets Coverity 2960 * warning) 2961 */ 2962 rsp = (struct smb2_create_rsp *)rsp_iov.iov_base; 2963 if (rsp == NULL) { 2964 rc = -EIO; 2965 kfree(pc_buf); 2966 goto err_free_req; 2967 } 2968 2969 trace_smb3_posix_mkdir_done(xid, rsp->PersistentFileId, tcon->tid, ses->Suid, 2970 CREATE_NOT_FILE, FILE_WRITE_ATTRIBUTES); 2971 2972 SMB2_close(xid, tcon, rsp->PersistentFileId, rsp->VolatileFileId); 2973 2974 /* Eventually save off posix specific response info and timestamps */ 2975 2976 err_free_rsp_buf: 2977 free_rsp_buf(resp_buftype, rsp); 2978 kfree(pc_buf); 2979 err_free_req: 2980 cifs_small_buf_release(req); 2981 err_free_path: 2982 kfree(utf16_path); 2983 2984 if (is_replayable_error(rc) && 2985 smb2_should_replay(tcon, &retries, &cur_sleep)) 2986 goto replay_again; 2987 2988 return rc; 2989 } 2990 2991 int SMB2_open_init(struct cifs_tcon * tcon,struct TCP_Server_Info * server,struct smb_rqst * rqst,__u8 * oplock,struct cifs_open_parms * oparms,__le16 * path)2992 SMB2_open_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, 2993 struct smb_rqst *rqst, __u8 *oplock, 2994 struct cifs_open_parms *oparms, __le16 *path) 2995 { 2996 struct smb2_create_req *req; 2997 unsigned int n_iov = 2; 2998 __u32 file_attributes = 0; 2999 int copy_size; 3000 int uni_path_len; 3001 unsigned int total_len; 3002 struct kvec *iov = rqst->rq_iov; 3003 __le16 *copy_path; 3004 int rc; 3005 3006 rc = smb2_plain_req_init(SMB2_CREATE, tcon, server, 3007 (void **) &req, &total_len); 3008 if (rc) 3009 return rc; 3010 3011 iov[0].iov_base = (char *)req; 3012 /* -1 since last byte is buf[0] which is sent below (path) */ 3013 iov[0].iov_len = total_len - 1; 3014 3015 if (oparms->create_options & CREATE_OPTION_READONLY) 3016 file_attributes |= ATTR_READONLY; 3017 if (oparms->create_options & CREATE_OPTION_SPECIAL) 3018 file_attributes |= ATTR_SYSTEM; 3019 3020 req->ImpersonationLevel = IL_IMPERSONATION; 3021 req->DesiredAccess = cpu_to_le32(oparms->desired_access); 3022 /* File attributes ignored on open (used in create though) */ 3023 req->FileAttributes = cpu_to_le32(file_attributes); 3024 req->ShareAccess = FILE_SHARE_ALL_LE; 3025 3026 req->CreateDisposition = cpu_to_le32(oparms->disposition); 3027 req->CreateOptions = cpu_to_le32(oparms->create_options & CREATE_OPTIONS_MASK); 3028 req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req)); 3029 3030 /* [MS-SMB2] 2.2.13 NameOffset: 3031 * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of 3032 * the SMB2 header, the file name includes a prefix that will 3033 * be processed during DFS name normalization as specified in 3034 * section 3.3.5.9. Otherwise, the file name is relative to 3035 * the share that is identified by the TreeId in the SMB2 3036 * header. 3037 */ 3038 if (tcon->share_flags & SHI1005_FLAGS_DFS) { 3039 int name_len; 3040 3041 req->hdr.Flags |= SMB2_FLAGS_DFS_OPERATIONS; 3042 rc = alloc_path_with_tree_prefix(©_path, ©_size, 3043 &name_len, 3044 tcon->tree_name, path); 3045 if (rc) 3046 return rc; 3047 req->NameLength = cpu_to_le16(name_len * 2); 3048 uni_path_len = copy_size; 3049 path = copy_path; 3050 } else { 3051 uni_path_len = (2 * UniStrnlen((wchar_t *)path, PATH_MAX)) + 2; 3052 /* MUST set path len (NameLength) to 0 opening root of share */ 3053 req->NameLength = cpu_to_le16(uni_path_len - 2); 3054 copy_size = round_up(uni_path_len, 8); 3055 copy_path = kzalloc(copy_size, GFP_KERNEL); 3056 if (!copy_path) 3057 return -ENOMEM; 3058 memcpy((char *)copy_path, (const char *)path, 3059 uni_path_len); 3060 uni_path_len = copy_size; 3061 path = copy_path; 3062 } 3063 3064 iov[1].iov_len = uni_path_len; 3065 iov[1].iov_base = path; 3066 3067 if ((!server->oplocks) || (tcon->no_lease)) 3068 *oplock = SMB2_OPLOCK_LEVEL_NONE; 3069 3070 if (!(server->capabilities & SMB2_GLOBAL_CAP_LEASING) || 3071 *oplock == SMB2_OPLOCK_LEVEL_NONE) 3072 req->RequestedOplockLevel = *oplock; 3073 else if (!(server->capabilities & SMB2_GLOBAL_CAP_DIRECTORY_LEASING) && 3074 (oparms->create_options & CREATE_NOT_FILE)) 3075 req->RequestedOplockLevel = *oplock; /* no srv lease support */ 3076 else { 3077 rc = add_lease_context(server, req, iov, &n_iov, 3078 oparms->fid->lease_key, oplock); 3079 if (rc) 3080 return rc; 3081 } 3082 3083 if (*oplock == SMB2_OPLOCK_LEVEL_BATCH) { 3084 rc = add_durable_context(iov, &n_iov, oparms, 3085 tcon->use_persistent); 3086 if (rc) 3087 return rc; 3088 } 3089 3090 if (tcon->posix_extensions) { 3091 rc = add_posix_context(iov, &n_iov, oparms->mode); 3092 if (rc) 3093 return rc; 3094 } 3095 3096 if (tcon->snapshot_time) { 3097 cifs_dbg(FYI, "adding snapshot context\n"); 3098 rc = add_twarp_context(iov, &n_iov, tcon->snapshot_time); 3099 if (rc) 3100 return rc; 3101 } 3102 3103 if ((oparms->disposition != FILE_OPEN) && (oparms->cifs_sb)) { 3104 bool set_mode; 3105 bool set_owner; 3106 3107 if ((oparms->cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MODE_FROM_SID) && 3108 (oparms->mode != ACL_NO_MODE)) 3109 set_mode = true; 3110 else { 3111 set_mode = false; 3112 oparms->mode = ACL_NO_MODE; 3113 } 3114 3115 if (oparms->cifs_sb->mnt_cifs_flags & CIFS_MOUNT_UID_FROM_ACL) 3116 set_owner = true; 3117 else 3118 set_owner = false; 3119 3120 if (set_owner | set_mode) { 3121 cifs_dbg(FYI, "add sd with mode 0x%x\n", oparms->mode); 3122 rc = add_sd_context(iov, &n_iov, oparms->mode, set_owner); 3123 if (rc) 3124 return rc; 3125 } 3126 } 3127 3128 add_query_id_context(iov, &n_iov); 3129 add_ea_context(oparms, iov, &n_iov); 3130 3131 if (n_iov > 2) { 3132 /* 3133 * We have create contexts behind iov[1] (the file 3134 * name), point at them from the main create request 3135 */ 3136 req->CreateContextsOffset = cpu_to_le32( 3137 sizeof(struct smb2_create_req) + 3138 iov[1].iov_len); 3139 req->CreateContextsLength = 0; 3140 3141 for (unsigned int i = 2; i < (n_iov-1); i++) { 3142 struct kvec *v = &iov[i]; 3143 size_t len = v->iov_len; 3144 struct create_context *cctx = 3145 (struct create_context *)v->iov_base; 3146 3147 cctx->Next = cpu_to_le32(len); 3148 le32_add_cpu(&req->CreateContextsLength, len); 3149 } 3150 le32_add_cpu(&req->CreateContextsLength, 3151 iov[n_iov-1].iov_len); 3152 } 3153 3154 rqst->rq_nvec = n_iov; 3155 return 0; 3156 } 3157 3158 /* rq_iov[0] is the request and is released by cifs_small_buf_release(). 3159 * All other vectors are freed by kfree(). 3160 */ 3161 void SMB2_open_free(struct smb_rqst * rqst)3162 SMB2_open_free(struct smb_rqst *rqst) 3163 { 3164 int i; 3165 3166 if (rqst && rqst->rq_iov) { 3167 cifs_small_buf_release(rqst->rq_iov[0].iov_base); 3168 for (i = 1; i < rqst->rq_nvec; i++) 3169 if (rqst->rq_iov[i].iov_base != smb2_padding) 3170 kfree(rqst->rq_iov[i].iov_base); 3171 } 3172 } 3173 3174 int SMB2_open(const unsigned int xid,struct cifs_open_parms * oparms,__le16 * path,__u8 * oplock,struct smb2_file_all_info * buf,struct create_posix_rsp * posix,struct kvec * err_iov,int * buftype)3175 SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path, 3176 __u8 *oplock, struct smb2_file_all_info *buf, 3177 struct create_posix_rsp *posix, 3178 struct kvec *err_iov, int *buftype) 3179 { 3180 struct smb_rqst rqst; 3181 struct smb2_create_rsp *rsp = NULL; 3182 struct cifs_tcon *tcon = oparms->tcon; 3183 struct cifs_ses *ses = tcon->ses; 3184 struct TCP_Server_Info *server; 3185 struct kvec iov[SMB2_CREATE_IOV_SIZE]; 3186 struct kvec rsp_iov = {NULL, 0}; 3187 int resp_buftype = CIFS_NO_BUFFER; 3188 int rc = 0; 3189 int flags = 0; 3190 int retries = 0, cur_sleep = 1; 3191 3192 replay_again: 3193 /* reinitialize for possible replay */ 3194 flags = 0; 3195 server = cifs_pick_channel(ses); 3196 oparms->replay = !!(retries); 3197 3198 cifs_dbg(FYI, "create/open\n"); 3199 if (!ses || !server) 3200 return -EIO; 3201 3202 if (smb3_encryption_required(tcon)) 3203 flags |= CIFS_TRANSFORM_REQ; 3204 3205 memset(&rqst, 0, sizeof(struct smb_rqst)); 3206 memset(&iov, 0, sizeof(iov)); 3207 rqst.rq_iov = iov; 3208 rqst.rq_nvec = SMB2_CREATE_IOV_SIZE; 3209 3210 rc = SMB2_open_init(tcon, server, 3211 &rqst, oplock, oparms, path); 3212 if (rc) 3213 goto creat_exit; 3214 3215 trace_smb3_open_enter(xid, tcon->tid, tcon->ses->Suid, oparms->path, 3216 oparms->create_options, oparms->desired_access); 3217 3218 if (retries) 3219 smb2_set_replay(server, &rqst); 3220 3221 rc = cifs_send_recv(xid, ses, server, 3222 &rqst, &resp_buftype, flags, 3223 &rsp_iov); 3224 rsp = (struct smb2_create_rsp *)rsp_iov.iov_base; 3225 3226 if (rc != 0) { 3227 cifs_stats_fail_inc(tcon, SMB2_CREATE_HE); 3228 if (err_iov && rsp) { 3229 *err_iov = rsp_iov; 3230 *buftype = resp_buftype; 3231 resp_buftype = CIFS_NO_BUFFER; 3232 rsp = NULL; 3233 } 3234 trace_smb3_open_err(xid, tcon->tid, ses->Suid, 3235 oparms->create_options, oparms->desired_access, rc); 3236 if (rc == -EREMCHG) { 3237 pr_warn_once("server share %s deleted\n", 3238 tcon->tree_name); 3239 tcon->need_reconnect = true; 3240 } 3241 goto creat_exit; 3242 } else if (rsp == NULL) /* unlikely to happen, but safer to check */ 3243 goto creat_exit; 3244 else 3245 trace_smb3_open_done(xid, rsp->PersistentFileId, tcon->tid, ses->Suid, 3246 oparms->create_options, oparms->desired_access); 3247 3248 atomic_inc(&tcon->num_remote_opens); 3249 oparms->fid->persistent_fid = rsp->PersistentFileId; 3250 oparms->fid->volatile_fid = rsp->VolatileFileId; 3251 oparms->fid->access = oparms->desired_access; 3252 #ifdef CONFIG_CIFS_DEBUG2 3253 oparms->fid->mid = le64_to_cpu(rsp->hdr.MessageId); 3254 #endif /* CIFS_DEBUG2 */ 3255 3256 if (buf) { 3257 buf->CreationTime = rsp->CreationTime; 3258 buf->LastAccessTime = rsp->LastAccessTime; 3259 buf->LastWriteTime = rsp->LastWriteTime; 3260 buf->ChangeTime = rsp->ChangeTime; 3261 buf->AllocationSize = rsp->AllocationSize; 3262 buf->EndOfFile = rsp->EndofFile; 3263 buf->Attributes = rsp->FileAttributes; 3264 buf->NumberOfLinks = cpu_to_le32(1); 3265 buf->DeletePending = 0; 3266 } 3267 3268 3269 rc = smb2_parse_contexts(server, &rsp_iov, &oparms->fid->epoch, 3270 oparms->fid->lease_key, oplock, buf, posix); 3271 creat_exit: 3272 SMB2_open_free(&rqst); 3273 free_rsp_buf(resp_buftype, rsp); 3274 3275 if (is_replayable_error(rc) && 3276 smb2_should_replay(tcon, &retries, &cur_sleep)) 3277 goto replay_again; 3278 3279 return rc; 3280 } 3281 3282 int SMB2_ioctl_init(struct cifs_tcon * tcon,struct TCP_Server_Info * server,struct smb_rqst * rqst,u64 persistent_fid,u64 volatile_fid,u32 opcode,char * in_data,u32 indatalen,__u32 max_response_size)3283 SMB2_ioctl_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, 3284 struct smb_rqst *rqst, 3285 u64 persistent_fid, u64 volatile_fid, u32 opcode, 3286 char *in_data, u32 indatalen, 3287 __u32 max_response_size) 3288 { 3289 struct smb2_ioctl_req *req; 3290 struct kvec *iov = rqst->rq_iov; 3291 unsigned int total_len; 3292 int rc; 3293 char *in_data_buf; 3294 3295 rc = smb2_ioctl_req_init(opcode, tcon, server, 3296 (void **) &req, &total_len); 3297 if (rc) 3298 return rc; 3299 3300 if (indatalen) { 3301 /* 3302 * indatalen is usually small at a couple of bytes max, so 3303 * just allocate through generic pool 3304 */ 3305 in_data_buf = kmemdup(in_data, indatalen, GFP_NOFS); 3306 if (!in_data_buf) { 3307 cifs_small_buf_release(req); 3308 return -ENOMEM; 3309 } 3310 } 3311 3312 req->CtlCode = cpu_to_le32(opcode); 3313 req->PersistentFileId = persistent_fid; 3314 req->VolatileFileId = volatile_fid; 3315 3316 iov[0].iov_base = (char *)req; 3317 /* 3318 * If no input data, the size of ioctl struct in 3319 * protocol spec still includes a 1 byte data buffer, 3320 * but if input data passed to ioctl, we do not 3321 * want to double count this, so we do not send 3322 * the dummy one byte of data in iovec[0] if sending 3323 * input data (in iovec[1]). 3324 */ 3325 if (indatalen) { 3326 req->InputCount = cpu_to_le32(indatalen); 3327 /* do not set InputOffset if no input data */ 3328 req->InputOffset = 3329 cpu_to_le32(offsetof(struct smb2_ioctl_req, Buffer)); 3330 rqst->rq_nvec = 2; 3331 iov[0].iov_len = total_len - 1; 3332 iov[1].iov_base = in_data_buf; 3333 iov[1].iov_len = indatalen; 3334 } else { 3335 rqst->rq_nvec = 1; 3336 iov[0].iov_len = total_len; 3337 } 3338 3339 req->OutputOffset = 0; 3340 req->OutputCount = 0; /* MBZ */ 3341 3342 /* 3343 * In most cases max_response_size is set to 16K (CIFSMaxBufSize) 3344 * We Could increase default MaxOutputResponse, but that could require 3345 * more credits. Windows typically sets this smaller, but for some 3346 * ioctls it may be useful to allow server to send more. No point 3347 * limiting what the server can send as long as fits in one credit 3348 * We can not handle more than CIFS_MAX_BUF_SIZE yet but may want 3349 * to increase this limit up in the future. 3350 * Note that for snapshot queries that servers like Azure expect that 3351 * the first query be minimal size (and just used to get the number/size 3352 * of previous versions) so response size must be specified as EXACTLY 3353 * sizeof(struct snapshot_array) which is 16 when rounded up to multiple 3354 * of eight bytes. Currently that is the only case where we set max 3355 * response size smaller. 3356 */ 3357 req->MaxOutputResponse = cpu_to_le32(max_response_size); 3358 req->hdr.CreditCharge = 3359 cpu_to_le16(DIV_ROUND_UP(max(indatalen, max_response_size), 3360 SMB2_MAX_BUFFER_SIZE)); 3361 /* always an FSCTL (for now) */ 3362 req->Flags = cpu_to_le32(SMB2_0_IOCTL_IS_FSCTL); 3363 3364 /* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */ 3365 if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO) 3366 req->hdr.Flags |= SMB2_FLAGS_SIGNED; 3367 3368 return 0; 3369 } 3370 3371 void SMB2_ioctl_free(struct smb_rqst * rqst)3372 SMB2_ioctl_free(struct smb_rqst *rqst) 3373 { 3374 int i; 3375 3376 if (rqst && rqst->rq_iov) { 3377 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */ 3378 for (i = 1; i < rqst->rq_nvec; i++) 3379 if (rqst->rq_iov[i].iov_base != smb2_padding) 3380 kfree(rqst->rq_iov[i].iov_base); 3381 } 3382 } 3383 3384 3385 /* 3386 * SMB2 IOCTL is used for both IOCTLs and FSCTLs 3387 */ 3388 int SMB2_ioctl(const unsigned int xid,struct cifs_tcon * tcon,u64 persistent_fid,u64 volatile_fid,u32 opcode,char * in_data,u32 indatalen,u32 max_out_data_len,char ** out_data,u32 * plen)3389 SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid, 3390 u64 volatile_fid, u32 opcode, char *in_data, u32 indatalen, 3391 u32 max_out_data_len, char **out_data, 3392 u32 *plen /* returned data len */) 3393 { 3394 struct smb_rqst rqst; 3395 struct smb2_ioctl_rsp *rsp = NULL; 3396 struct cifs_ses *ses; 3397 struct TCP_Server_Info *server; 3398 struct kvec iov[SMB2_IOCTL_IOV_SIZE]; 3399 struct kvec rsp_iov = {NULL, 0}; 3400 int resp_buftype = CIFS_NO_BUFFER; 3401 int rc = 0; 3402 int flags = 0; 3403 int retries = 0, cur_sleep = 1; 3404 3405 if (!tcon) 3406 return -EIO; 3407 3408 ses = tcon->ses; 3409 if (!ses) 3410 return -EIO; 3411 3412 replay_again: 3413 /* reinitialize for possible replay */ 3414 flags = 0; 3415 server = cifs_pick_channel(ses); 3416 3417 if (!server) 3418 return -EIO; 3419 3420 cifs_dbg(FYI, "SMB2 IOCTL\n"); 3421 3422 if (out_data != NULL) 3423 *out_data = NULL; 3424 3425 /* zero out returned data len, in case of error */ 3426 if (plen) 3427 *plen = 0; 3428 3429 if (smb3_encryption_required(tcon)) 3430 flags |= CIFS_TRANSFORM_REQ; 3431 3432 memset(&rqst, 0, sizeof(struct smb_rqst)); 3433 memset(&iov, 0, sizeof(iov)); 3434 rqst.rq_iov = iov; 3435 rqst.rq_nvec = SMB2_IOCTL_IOV_SIZE; 3436 3437 rc = SMB2_ioctl_init(tcon, server, 3438 &rqst, persistent_fid, volatile_fid, opcode, 3439 in_data, indatalen, max_out_data_len); 3440 if (rc) 3441 goto ioctl_exit; 3442 3443 if (retries) 3444 smb2_set_replay(server, &rqst); 3445 3446 rc = cifs_send_recv(xid, ses, server, 3447 &rqst, &resp_buftype, flags, 3448 &rsp_iov); 3449 rsp = (struct smb2_ioctl_rsp *)rsp_iov.iov_base; 3450 3451 if (rc != 0) 3452 trace_smb3_fsctl_err(xid, persistent_fid, tcon->tid, 3453 ses->Suid, 0, opcode, rc); 3454 3455 if ((rc != 0) && (rc != -EINVAL) && (rc != -E2BIG)) { 3456 cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE); 3457 goto ioctl_exit; 3458 } else if (rc == -EINVAL) { 3459 if ((opcode != FSCTL_SRV_COPYCHUNK_WRITE) && 3460 (opcode != FSCTL_SRV_COPYCHUNK)) { 3461 cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE); 3462 goto ioctl_exit; 3463 } 3464 } else if (rc == -E2BIG) { 3465 if (opcode != FSCTL_QUERY_ALLOCATED_RANGES) { 3466 cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE); 3467 goto ioctl_exit; 3468 } 3469 } 3470 3471 /* check if caller wants to look at return data or just return rc */ 3472 if ((plen == NULL) || (out_data == NULL)) 3473 goto ioctl_exit; 3474 3475 /* 3476 * Although unlikely to be possible for rsp to be null and rc not set, 3477 * adding check below is slightly safer long term (and quiets Coverity 3478 * warning) 3479 */ 3480 if (rsp == NULL) { 3481 rc = -EIO; 3482 goto ioctl_exit; 3483 } 3484 3485 *plen = le32_to_cpu(rsp->OutputCount); 3486 3487 /* We check for obvious errors in the output buffer length and offset */ 3488 if (*plen == 0) 3489 goto ioctl_exit; /* server returned no data */ 3490 else if (*plen > rsp_iov.iov_len || *plen > 0xFF00) { 3491 cifs_tcon_dbg(VFS, "srv returned invalid ioctl length: %d\n", *plen); 3492 *plen = 0; 3493 rc = -EIO; 3494 goto ioctl_exit; 3495 } 3496 3497 if (rsp_iov.iov_len - *plen < le32_to_cpu(rsp->OutputOffset)) { 3498 cifs_tcon_dbg(VFS, "Malformed ioctl resp: len %d offset %d\n", *plen, 3499 le32_to_cpu(rsp->OutputOffset)); 3500 *plen = 0; 3501 rc = -EIO; 3502 goto ioctl_exit; 3503 } 3504 3505 *out_data = kmemdup((char *)rsp + le32_to_cpu(rsp->OutputOffset), 3506 *plen, GFP_KERNEL); 3507 if (*out_data == NULL) { 3508 rc = -ENOMEM; 3509 goto ioctl_exit; 3510 } 3511 3512 ioctl_exit: 3513 SMB2_ioctl_free(&rqst); 3514 free_rsp_buf(resp_buftype, rsp); 3515 3516 if (is_replayable_error(rc) && 3517 smb2_should_replay(tcon, &retries, &cur_sleep)) 3518 goto replay_again; 3519 3520 return rc; 3521 } 3522 3523 /* 3524 * Individual callers to ioctl worker function follow 3525 */ 3526 3527 int SMB2_set_compression(const unsigned int xid,struct cifs_tcon * tcon,u64 persistent_fid,u64 volatile_fid)3528 SMB2_set_compression(const unsigned int xid, struct cifs_tcon *tcon, 3529 u64 persistent_fid, u64 volatile_fid) 3530 { 3531 int rc; 3532 struct compress_ioctl fsctl_input; 3533 char *ret_data = NULL; 3534 3535 fsctl_input.CompressionState = 3536 cpu_to_le16(COMPRESSION_FORMAT_DEFAULT); 3537 3538 rc = SMB2_ioctl(xid, tcon, persistent_fid, volatile_fid, 3539 FSCTL_SET_COMPRESSION, 3540 (char *)&fsctl_input /* data input */, 3541 2 /* in data len */, CIFSMaxBufSize /* max out data */, 3542 &ret_data /* out data */, NULL); 3543 3544 cifs_dbg(FYI, "set compression rc %d\n", rc); 3545 3546 return rc; 3547 } 3548 3549 int SMB2_close_init(struct cifs_tcon * tcon,struct TCP_Server_Info * server,struct smb_rqst * rqst,u64 persistent_fid,u64 volatile_fid,bool query_attrs)3550 SMB2_close_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, 3551 struct smb_rqst *rqst, 3552 u64 persistent_fid, u64 volatile_fid, bool query_attrs) 3553 { 3554 struct smb2_close_req *req; 3555 struct kvec *iov = rqst->rq_iov; 3556 unsigned int total_len; 3557 int rc; 3558 3559 rc = smb2_plain_req_init(SMB2_CLOSE, tcon, server, 3560 (void **) &req, &total_len); 3561 if (rc) 3562 return rc; 3563 3564 req->PersistentFileId = persistent_fid; 3565 req->VolatileFileId = volatile_fid; 3566 if (query_attrs) 3567 req->Flags = SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB; 3568 else 3569 req->Flags = 0; 3570 iov[0].iov_base = (char *)req; 3571 iov[0].iov_len = total_len; 3572 3573 return 0; 3574 } 3575 3576 void SMB2_close_free(struct smb_rqst * rqst)3577 SMB2_close_free(struct smb_rqst *rqst) 3578 { 3579 if (rqst && rqst->rq_iov) 3580 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */ 3581 } 3582 3583 int __SMB2_close(const unsigned int xid,struct cifs_tcon * tcon,u64 persistent_fid,u64 volatile_fid,struct smb2_file_network_open_info * pbuf)3584 __SMB2_close(const unsigned int xid, struct cifs_tcon *tcon, 3585 u64 persistent_fid, u64 volatile_fid, 3586 struct smb2_file_network_open_info *pbuf) 3587 { 3588 struct smb_rqst rqst; 3589 struct smb2_close_rsp *rsp = NULL; 3590 struct cifs_ses *ses = tcon->ses; 3591 struct TCP_Server_Info *server; 3592 struct kvec iov[1]; 3593 struct kvec rsp_iov; 3594 int resp_buftype = CIFS_NO_BUFFER; 3595 int rc = 0; 3596 int flags = 0; 3597 bool query_attrs = false; 3598 int retries = 0, cur_sleep = 1; 3599 3600 replay_again: 3601 /* reinitialize for possible replay */ 3602 flags = 0; 3603 query_attrs = false; 3604 server = cifs_pick_channel(ses); 3605 3606 cifs_dbg(FYI, "Close\n"); 3607 3608 if (!ses || !server) 3609 return -EIO; 3610 3611 if (smb3_encryption_required(tcon)) 3612 flags |= CIFS_TRANSFORM_REQ; 3613 3614 memset(&rqst, 0, sizeof(struct smb_rqst)); 3615 memset(&iov, 0, sizeof(iov)); 3616 rqst.rq_iov = iov; 3617 rqst.rq_nvec = 1; 3618 3619 /* check if need to ask server to return timestamps in close response */ 3620 if (pbuf) 3621 query_attrs = true; 3622 3623 trace_smb3_close_enter(xid, persistent_fid, tcon->tid, ses->Suid); 3624 rc = SMB2_close_init(tcon, server, 3625 &rqst, persistent_fid, volatile_fid, 3626 query_attrs); 3627 if (rc) 3628 goto close_exit; 3629 3630 if (retries) 3631 smb2_set_replay(server, &rqst); 3632 3633 rc = cifs_send_recv(xid, ses, server, 3634 &rqst, &resp_buftype, flags, &rsp_iov); 3635 rsp = (struct smb2_close_rsp *)rsp_iov.iov_base; 3636 3637 if (rc != 0) { 3638 cifs_stats_fail_inc(tcon, SMB2_CLOSE_HE); 3639 trace_smb3_close_err(xid, persistent_fid, tcon->tid, ses->Suid, 3640 rc); 3641 goto close_exit; 3642 } else { 3643 trace_smb3_close_done(xid, persistent_fid, tcon->tid, 3644 ses->Suid); 3645 if (pbuf) 3646 memcpy(&pbuf->network_open_info, 3647 &rsp->network_open_info, 3648 sizeof(pbuf->network_open_info)); 3649 atomic_dec(&tcon->num_remote_opens); 3650 } 3651 3652 close_exit: 3653 SMB2_close_free(&rqst); 3654 free_rsp_buf(resp_buftype, rsp); 3655 3656 /* retry close in a worker thread if this one is interrupted */ 3657 if (is_interrupt_error(rc)) { 3658 int tmp_rc; 3659 3660 tmp_rc = smb2_handle_cancelled_close(tcon, persistent_fid, 3661 volatile_fid); 3662 if (tmp_rc) 3663 cifs_dbg(VFS, "handle cancelled close fid 0x%llx returned error %d\n", 3664 persistent_fid, tmp_rc); 3665 } 3666 3667 if (is_replayable_error(rc) && 3668 smb2_should_replay(tcon, &retries, &cur_sleep)) 3669 goto replay_again; 3670 3671 return rc; 3672 } 3673 3674 int SMB2_close(const unsigned int xid,struct cifs_tcon * tcon,u64 persistent_fid,u64 volatile_fid)3675 SMB2_close(const unsigned int xid, struct cifs_tcon *tcon, 3676 u64 persistent_fid, u64 volatile_fid) 3677 { 3678 return __SMB2_close(xid, tcon, persistent_fid, volatile_fid, NULL); 3679 } 3680 3681 int smb2_validate_iov(unsigned int offset,unsigned int buffer_length,struct kvec * iov,unsigned int min_buf_size)3682 smb2_validate_iov(unsigned int offset, unsigned int buffer_length, 3683 struct kvec *iov, unsigned int min_buf_size) 3684 { 3685 unsigned int smb_len = iov->iov_len; 3686 char *end_of_smb = smb_len + (char *)iov->iov_base; 3687 char *begin_of_buf = offset + (char *)iov->iov_base; 3688 char *end_of_buf = begin_of_buf + buffer_length; 3689 3690 3691 if (buffer_length < min_buf_size) { 3692 cifs_dbg(VFS, "buffer length %d smaller than minimum size %d\n", 3693 buffer_length, min_buf_size); 3694 return -EINVAL; 3695 } 3696 3697 /* check if beyond RFC1001 maximum length */ 3698 if ((smb_len > 0x7FFFFF) || (buffer_length > 0x7FFFFF)) { 3699 cifs_dbg(VFS, "buffer length %d or smb length %d too large\n", 3700 buffer_length, smb_len); 3701 return -EINVAL; 3702 } 3703 3704 if ((begin_of_buf > end_of_smb) || (end_of_buf > end_of_smb)) { 3705 cifs_dbg(VFS, "Invalid server response, bad offset to data\n"); 3706 return -EINVAL; 3707 } 3708 3709 return 0; 3710 } 3711 3712 /* 3713 * If SMB buffer fields are valid, copy into temporary buffer to hold result. 3714 * Caller must free buffer. 3715 */ 3716 int smb2_validate_and_copy_iov(unsigned int offset,unsigned int buffer_length,struct kvec * iov,unsigned int minbufsize,char * data)3717 smb2_validate_and_copy_iov(unsigned int offset, unsigned int buffer_length, 3718 struct kvec *iov, unsigned int minbufsize, 3719 char *data) 3720 { 3721 char *begin_of_buf = offset + (char *)iov->iov_base; 3722 int rc; 3723 3724 if (!data) 3725 return -EINVAL; 3726 3727 rc = smb2_validate_iov(offset, buffer_length, iov, minbufsize); 3728 if (rc) 3729 return rc; 3730 3731 memcpy(data, begin_of_buf, minbufsize); 3732 3733 return 0; 3734 } 3735 3736 int SMB2_query_info_init(struct cifs_tcon * tcon,struct TCP_Server_Info * server,struct smb_rqst * rqst,u64 persistent_fid,u64 volatile_fid,u8 info_class,u8 info_type,u32 additional_info,size_t output_len,size_t input_len,void * input)3737 SMB2_query_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, 3738 struct smb_rqst *rqst, 3739 u64 persistent_fid, u64 volatile_fid, 3740 u8 info_class, u8 info_type, u32 additional_info, 3741 size_t output_len, size_t input_len, void *input) 3742 { 3743 struct smb2_query_info_req *req; 3744 struct kvec *iov = rqst->rq_iov; 3745 unsigned int total_len; 3746 size_t len; 3747 int rc; 3748 3749 if (unlikely(check_add_overflow(input_len, sizeof(*req), &len) || 3750 len > CIFSMaxBufSize)) 3751 return -EINVAL; 3752 3753 rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, server, 3754 (void **) &req, &total_len); 3755 if (rc) 3756 return rc; 3757 3758 req->InfoType = info_type; 3759 req->FileInfoClass = info_class; 3760 req->PersistentFileId = persistent_fid; 3761 req->VolatileFileId = volatile_fid; 3762 req->AdditionalInformation = cpu_to_le32(additional_info); 3763 3764 req->OutputBufferLength = cpu_to_le32(output_len); 3765 if (input_len) { 3766 req->InputBufferLength = cpu_to_le32(input_len); 3767 /* total_len for smb query request never close to le16 max */ 3768 req->InputBufferOffset = cpu_to_le16(total_len - 1); 3769 memcpy(req->Buffer, input, input_len); 3770 } 3771 3772 iov[0].iov_base = (char *)req; 3773 /* 1 for Buffer */ 3774 iov[0].iov_len = len; 3775 return 0; 3776 } 3777 3778 void SMB2_query_info_free(struct smb_rqst * rqst)3779 SMB2_query_info_free(struct smb_rqst *rqst) 3780 { 3781 if (rqst && rqst->rq_iov) 3782 cifs_buf_release(rqst->rq_iov[0].iov_base); /* request */ 3783 } 3784 3785 static int query_info(const unsigned int xid,struct cifs_tcon * tcon,u64 persistent_fid,u64 volatile_fid,u8 info_class,u8 info_type,u32 additional_info,size_t output_len,size_t min_len,void ** data,u32 * dlen)3786 query_info(const unsigned int xid, struct cifs_tcon *tcon, 3787 u64 persistent_fid, u64 volatile_fid, u8 info_class, u8 info_type, 3788 u32 additional_info, size_t output_len, size_t min_len, void **data, 3789 u32 *dlen) 3790 { 3791 struct smb_rqst rqst; 3792 struct smb2_query_info_rsp *rsp = NULL; 3793 struct kvec iov[1]; 3794 struct kvec rsp_iov; 3795 int rc = 0; 3796 int resp_buftype = CIFS_NO_BUFFER; 3797 struct cifs_ses *ses = tcon->ses; 3798 struct TCP_Server_Info *server; 3799 int flags = 0; 3800 bool allocated = false; 3801 int retries = 0, cur_sleep = 1; 3802 3803 cifs_dbg(FYI, "Query Info\n"); 3804 3805 if (!ses) 3806 return -EIO; 3807 3808 replay_again: 3809 /* reinitialize for possible replay */ 3810 flags = 0; 3811 allocated = false; 3812 server = cifs_pick_channel(ses); 3813 3814 if (!server) 3815 return -EIO; 3816 3817 if (smb3_encryption_required(tcon)) 3818 flags |= CIFS_TRANSFORM_REQ; 3819 3820 memset(&rqst, 0, sizeof(struct smb_rqst)); 3821 memset(&iov, 0, sizeof(iov)); 3822 rqst.rq_iov = iov; 3823 rqst.rq_nvec = 1; 3824 3825 rc = SMB2_query_info_init(tcon, server, 3826 &rqst, persistent_fid, volatile_fid, 3827 info_class, info_type, additional_info, 3828 output_len, 0, NULL); 3829 if (rc) 3830 goto qinf_exit; 3831 3832 trace_smb3_query_info_enter(xid, persistent_fid, tcon->tid, 3833 ses->Suid, info_class, (__u32)info_type); 3834 3835 if (retries) 3836 smb2_set_replay(server, &rqst); 3837 3838 rc = cifs_send_recv(xid, ses, server, 3839 &rqst, &resp_buftype, flags, &rsp_iov); 3840 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base; 3841 3842 if (rc) { 3843 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); 3844 trace_smb3_query_info_err(xid, persistent_fid, tcon->tid, 3845 ses->Suid, info_class, (__u32)info_type, rc); 3846 goto qinf_exit; 3847 } 3848 3849 trace_smb3_query_info_done(xid, persistent_fid, tcon->tid, 3850 ses->Suid, info_class, (__u32)info_type); 3851 3852 if (dlen) { 3853 *dlen = le32_to_cpu(rsp->OutputBufferLength); 3854 if (!*data) { 3855 *data = kmalloc(*dlen, GFP_KERNEL); 3856 if (!*data) { 3857 cifs_tcon_dbg(VFS, 3858 "Error %d allocating memory for acl\n", 3859 rc); 3860 *dlen = 0; 3861 rc = -ENOMEM; 3862 goto qinf_exit; 3863 } 3864 allocated = true; 3865 } 3866 } 3867 3868 rc = smb2_validate_and_copy_iov(le16_to_cpu(rsp->OutputBufferOffset), 3869 le32_to_cpu(rsp->OutputBufferLength), 3870 &rsp_iov, dlen ? *dlen : min_len, *data); 3871 if (rc && allocated) { 3872 kfree(*data); 3873 *data = NULL; 3874 *dlen = 0; 3875 } 3876 3877 qinf_exit: 3878 SMB2_query_info_free(&rqst); 3879 free_rsp_buf(resp_buftype, rsp); 3880 3881 if (is_replayable_error(rc) && 3882 smb2_should_replay(tcon, &retries, &cur_sleep)) 3883 goto replay_again; 3884 3885 return rc; 3886 } 3887 SMB2_query_info(const unsigned int xid,struct cifs_tcon * tcon,u64 persistent_fid,u64 volatile_fid,struct smb2_file_all_info * data)3888 int SMB2_query_info(const unsigned int xid, struct cifs_tcon *tcon, 3889 u64 persistent_fid, u64 volatile_fid, struct smb2_file_all_info *data) 3890 { 3891 return query_info(xid, tcon, persistent_fid, volatile_fid, 3892 FILE_ALL_INFORMATION, SMB2_O_INFO_FILE, 0, 3893 sizeof(struct smb2_file_all_info) + PATH_MAX * 2, 3894 sizeof(struct smb2_file_all_info), (void **)&data, 3895 NULL); 3896 } 3897 3898 #if 0 3899 /* currently unused, as now we are doing compounding instead (see smb311_posix_query_path_info) */ 3900 int 3901 SMB311_posix_query_info(const unsigned int xid, struct cifs_tcon *tcon, 3902 u64 persistent_fid, u64 volatile_fid, struct smb311_posix_qinfo *data, u32 *plen) 3903 { 3904 size_t output_len = sizeof(struct smb311_posix_qinfo *) + 3905 (sizeof(struct smb_sid) * 2) + (PATH_MAX * 2); 3906 *plen = 0; 3907 3908 return query_info(xid, tcon, persistent_fid, volatile_fid, 3909 SMB_FIND_FILE_POSIX_INFO, SMB2_O_INFO_FILE, 0, 3910 output_len, sizeof(struct smb311_posix_qinfo), (void **)&data, plen); 3911 /* Note caller must free "data" (passed in above). It may be allocated in query_info call */ 3912 } 3913 #endif 3914 3915 int SMB2_query_acl(const unsigned int xid,struct cifs_tcon * tcon,u64 persistent_fid,u64 volatile_fid,void ** data,u32 * plen,u32 extra_info)3916 SMB2_query_acl(const unsigned int xid, struct cifs_tcon *tcon, 3917 u64 persistent_fid, u64 volatile_fid, 3918 void **data, u32 *plen, u32 extra_info) 3919 { 3920 *plen = 0; 3921 3922 return query_info(xid, tcon, persistent_fid, volatile_fid, 3923 0, SMB2_O_INFO_SECURITY, extra_info, 3924 SMB2_MAX_BUFFER_SIZE, MIN_SEC_DESC_LEN, data, plen); 3925 } 3926 3927 int SMB2_get_srv_num(const unsigned int xid,struct cifs_tcon * tcon,u64 persistent_fid,u64 volatile_fid,__le64 * uniqueid)3928 SMB2_get_srv_num(const unsigned int xid, struct cifs_tcon *tcon, 3929 u64 persistent_fid, u64 volatile_fid, __le64 *uniqueid) 3930 { 3931 return query_info(xid, tcon, persistent_fid, volatile_fid, 3932 FILE_INTERNAL_INFORMATION, SMB2_O_INFO_FILE, 0, 3933 sizeof(struct smb2_file_internal_info), 3934 sizeof(struct smb2_file_internal_info), 3935 (void **)&uniqueid, NULL); 3936 } 3937 3938 /* 3939 * CHANGE_NOTIFY Request is sent to get notifications on changes to a directory 3940 * See MS-SMB2 2.2.35 and 2.2.36 3941 */ 3942 3943 static int SMB2_notify_init(const unsigned int xid,struct smb_rqst * rqst,struct cifs_tcon * tcon,struct TCP_Server_Info * server,u64 persistent_fid,u64 volatile_fid,u32 completion_filter,bool watch_tree)3944 SMB2_notify_init(const unsigned int xid, struct smb_rqst *rqst, 3945 struct cifs_tcon *tcon, struct TCP_Server_Info *server, 3946 u64 persistent_fid, u64 volatile_fid, 3947 u32 completion_filter, bool watch_tree) 3948 { 3949 struct smb2_change_notify_req *req; 3950 struct kvec *iov = rqst->rq_iov; 3951 unsigned int total_len; 3952 int rc; 3953 3954 rc = smb2_plain_req_init(SMB2_CHANGE_NOTIFY, tcon, server, 3955 (void **) &req, &total_len); 3956 if (rc) 3957 return rc; 3958 3959 req->PersistentFileId = persistent_fid; 3960 req->VolatileFileId = volatile_fid; 3961 /* See note 354 of MS-SMB2, 64K max */ 3962 req->OutputBufferLength = 3963 cpu_to_le32(SMB2_MAX_BUFFER_SIZE - MAX_SMB2_HDR_SIZE); 3964 req->CompletionFilter = cpu_to_le32(completion_filter); 3965 if (watch_tree) 3966 req->Flags = cpu_to_le16(SMB2_WATCH_TREE); 3967 else 3968 req->Flags = 0; 3969 3970 iov[0].iov_base = (char *)req; 3971 iov[0].iov_len = total_len; 3972 3973 return 0; 3974 } 3975 3976 int SMB2_change_notify(const unsigned int xid,struct cifs_tcon * tcon,u64 persistent_fid,u64 volatile_fid,bool watch_tree,u32 completion_filter,u32 max_out_data_len,char ** out_data,u32 * plen)3977 SMB2_change_notify(const unsigned int xid, struct cifs_tcon *tcon, 3978 u64 persistent_fid, u64 volatile_fid, bool watch_tree, 3979 u32 completion_filter, u32 max_out_data_len, char **out_data, 3980 u32 *plen /* returned data len */) 3981 { 3982 struct cifs_ses *ses = tcon->ses; 3983 struct TCP_Server_Info *server; 3984 struct smb_rqst rqst; 3985 struct smb2_change_notify_rsp *smb_rsp; 3986 struct kvec iov[1]; 3987 struct kvec rsp_iov = {NULL, 0}; 3988 int resp_buftype = CIFS_NO_BUFFER; 3989 int flags = 0; 3990 int rc = 0; 3991 int retries = 0, cur_sleep = 1; 3992 3993 replay_again: 3994 /* reinitialize for possible replay */ 3995 flags = 0; 3996 server = cifs_pick_channel(ses); 3997 3998 cifs_dbg(FYI, "change notify\n"); 3999 if (!ses || !server) 4000 return -EIO; 4001 4002 if (smb3_encryption_required(tcon)) 4003 flags |= CIFS_TRANSFORM_REQ; 4004 4005 memset(&rqst, 0, sizeof(struct smb_rqst)); 4006 memset(&iov, 0, sizeof(iov)); 4007 if (plen) 4008 *plen = 0; 4009 4010 rqst.rq_iov = iov; 4011 rqst.rq_nvec = 1; 4012 4013 rc = SMB2_notify_init(xid, &rqst, tcon, server, 4014 persistent_fid, volatile_fid, 4015 completion_filter, watch_tree); 4016 if (rc) 4017 goto cnotify_exit; 4018 4019 trace_smb3_notify_enter(xid, persistent_fid, tcon->tid, ses->Suid, 4020 (u8)watch_tree, completion_filter); 4021 4022 if (retries) 4023 smb2_set_replay(server, &rqst); 4024 4025 rc = cifs_send_recv(xid, ses, server, 4026 &rqst, &resp_buftype, flags, &rsp_iov); 4027 4028 if (rc != 0) { 4029 cifs_stats_fail_inc(tcon, SMB2_CHANGE_NOTIFY_HE); 4030 trace_smb3_notify_err(xid, persistent_fid, tcon->tid, ses->Suid, 4031 (u8)watch_tree, completion_filter, rc); 4032 } else { 4033 trace_smb3_notify_done(xid, persistent_fid, tcon->tid, 4034 ses->Suid, (u8)watch_tree, completion_filter); 4035 /* validate that notify information is plausible */ 4036 if ((rsp_iov.iov_base == NULL) || 4037 (rsp_iov.iov_len < sizeof(struct smb2_change_notify_rsp) + 1)) 4038 goto cnotify_exit; 4039 4040 smb_rsp = (struct smb2_change_notify_rsp *)rsp_iov.iov_base; 4041 4042 smb2_validate_iov(le16_to_cpu(smb_rsp->OutputBufferOffset), 4043 le32_to_cpu(smb_rsp->OutputBufferLength), &rsp_iov, 4044 sizeof(struct file_notify_information)); 4045 4046 *out_data = kmemdup((char *)smb_rsp + le16_to_cpu(smb_rsp->OutputBufferOffset), 4047 le32_to_cpu(smb_rsp->OutputBufferLength), GFP_KERNEL); 4048 if (*out_data == NULL) { 4049 rc = -ENOMEM; 4050 goto cnotify_exit; 4051 } else if (plen) 4052 *plen = le32_to_cpu(smb_rsp->OutputBufferLength); 4053 } 4054 4055 cnotify_exit: 4056 if (rqst.rq_iov) 4057 cifs_small_buf_release(rqst.rq_iov[0].iov_base); /* request */ 4058 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 4059 4060 if (is_replayable_error(rc) && 4061 smb2_should_replay(tcon, &retries, &cur_sleep)) 4062 goto replay_again; 4063 4064 return rc; 4065 } 4066 4067 4068 4069 /* 4070 * This is a no-op for now. We're not really interested in the reply, but 4071 * rather in the fact that the server sent one and that server->lstrp 4072 * gets updated. 4073 * 4074 * FIXME: maybe we should consider checking that the reply matches request? 4075 */ 4076 static void smb2_echo_callback(struct mid_q_entry * mid)4077 smb2_echo_callback(struct mid_q_entry *mid) 4078 { 4079 struct TCP_Server_Info *server = mid->callback_data; 4080 struct smb2_echo_rsp *rsp = (struct smb2_echo_rsp *)mid->resp_buf; 4081 struct cifs_credits credits = { .value = 0, .instance = 0 }; 4082 4083 if (mid->mid_state == MID_RESPONSE_RECEIVED 4084 || mid->mid_state == MID_RESPONSE_MALFORMED) { 4085 credits.value = le16_to_cpu(rsp->hdr.CreditRequest); 4086 credits.instance = server->reconnect_instance; 4087 } 4088 4089 release_mid(mid); 4090 add_credits(server, &credits, CIFS_ECHO_OP); 4091 } 4092 cifs_renegotiate_iosize(struct TCP_Server_Info * server,struct cifs_tcon * tcon)4093 static void cifs_renegotiate_iosize(struct TCP_Server_Info *server, 4094 struct cifs_tcon *tcon) 4095 { 4096 struct cifs_sb_info *cifs_sb; 4097 4098 if (server == NULL || tcon == NULL) 4099 return; 4100 4101 spin_lock(&tcon->sb_list_lock); 4102 list_for_each_entry(cifs_sb, &tcon->cifs_sb_list, tcon_sb_link) { 4103 cifs_sb->ctx->rsize = 4104 server->ops->negotiate_rsize(tcon, cifs_sb->ctx); 4105 cifs_sb->ctx->wsize = 4106 server->ops->negotiate_wsize(tcon, cifs_sb->ctx); 4107 } 4108 spin_unlock(&tcon->sb_list_lock); 4109 } 4110 smb2_reconnect_server(struct work_struct * work)4111 void smb2_reconnect_server(struct work_struct *work) 4112 { 4113 struct TCP_Server_Info *server = container_of(work, 4114 struct TCP_Server_Info, reconnect.work); 4115 struct TCP_Server_Info *pserver; 4116 struct cifs_ses *ses, *ses2; 4117 struct cifs_tcon *tcon, *tcon2; 4118 struct list_head tmp_list, tmp_ses_list; 4119 bool ses_exist = false; 4120 bool tcon_selected = false; 4121 int rc; 4122 bool resched = false; 4123 4124 /* first check if ref count has reached 0, if not inc ref count */ 4125 spin_lock(&cifs_tcp_ses_lock); 4126 if (!server->srv_count) { 4127 spin_unlock(&cifs_tcp_ses_lock); 4128 return; 4129 } 4130 server->srv_count++; 4131 spin_unlock(&cifs_tcp_ses_lock); 4132 4133 /* If server is a channel, select the primary channel */ 4134 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server; 4135 4136 /* Prevent simultaneous reconnects that can corrupt tcon->rlist list */ 4137 mutex_lock(&pserver->reconnect_mutex); 4138 4139 /* if the server is marked for termination, drop the ref count here */ 4140 if (server->terminate) { 4141 cifs_put_tcp_session(server, true); 4142 mutex_unlock(&pserver->reconnect_mutex); 4143 return; 4144 } 4145 4146 INIT_LIST_HEAD(&tmp_list); 4147 INIT_LIST_HEAD(&tmp_ses_list); 4148 cifs_dbg(FYI, "Reconnecting tcons and channels\n"); 4149 4150 spin_lock(&cifs_tcp_ses_lock); 4151 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) { 4152 spin_lock(&ses->ses_lock); 4153 if (ses->ses_status == SES_EXITING) { 4154 spin_unlock(&ses->ses_lock); 4155 continue; 4156 } 4157 spin_unlock(&ses->ses_lock); 4158 4159 tcon_selected = false; 4160 4161 list_for_each_entry(tcon, &ses->tcon_list, tcon_list) { 4162 if (tcon->need_reconnect || tcon->need_reopen_files) { 4163 tcon->tc_count++; 4164 trace_smb3_tcon_ref(tcon->debug_id, tcon->tc_count, 4165 netfs_trace_tcon_ref_get_reconnect_server); 4166 list_add_tail(&tcon->rlist, &tmp_list); 4167 tcon_selected = true; 4168 } 4169 } 4170 /* 4171 * IPC has the same lifetime as its session and uses its 4172 * refcount. 4173 */ 4174 if (ses->tcon_ipc && ses->tcon_ipc->need_reconnect) { 4175 list_add_tail(&ses->tcon_ipc->rlist, &tmp_list); 4176 tcon_selected = true; 4177 cifs_smb_ses_inc_refcount(ses); 4178 } 4179 /* 4180 * handle the case where channel needs to reconnect 4181 * binding session, but tcon is healthy (some other channel 4182 * is active) 4183 */ 4184 spin_lock(&ses->chan_lock); 4185 if (!tcon_selected && cifs_chan_needs_reconnect(ses, server)) { 4186 list_add_tail(&ses->rlist, &tmp_ses_list); 4187 ses_exist = true; 4188 cifs_smb_ses_inc_refcount(ses); 4189 } 4190 spin_unlock(&ses->chan_lock); 4191 } 4192 spin_unlock(&cifs_tcp_ses_lock); 4193 4194 list_for_each_entry_safe(tcon, tcon2, &tmp_list, rlist) { 4195 rc = smb2_reconnect(SMB2_INTERNAL_CMD, tcon, server, true); 4196 if (!rc) { 4197 cifs_renegotiate_iosize(server, tcon); 4198 cifs_reopen_persistent_handles(tcon); 4199 } else 4200 resched = true; 4201 list_del_init(&tcon->rlist); 4202 if (tcon->ipc) 4203 cifs_put_smb_ses(tcon->ses); 4204 else 4205 cifs_put_tcon(tcon, netfs_trace_tcon_ref_put_reconnect_server); 4206 } 4207 4208 if (!ses_exist) 4209 goto done; 4210 4211 /* allocate a dummy tcon struct used for reconnect */ 4212 tcon = tcon_info_alloc(false, netfs_trace_tcon_ref_new_reconnect_server); 4213 if (!tcon) { 4214 resched = true; 4215 list_for_each_entry_safe(ses, ses2, &tmp_ses_list, rlist) { 4216 list_del_init(&ses->rlist); 4217 cifs_put_smb_ses(ses); 4218 } 4219 goto done; 4220 } 4221 4222 tcon->status = TID_GOOD; 4223 tcon->retry = false; 4224 tcon->need_reconnect = false; 4225 4226 /* now reconnect sessions for necessary channels */ 4227 list_for_each_entry_safe(ses, ses2, &tmp_ses_list, rlist) { 4228 tcon->ses = ses; 4229 rc = smb2_reconnect(SMB2_INTERNAL_CMD, tcon, server, true); 4230 if (rc) 4231 resched = true; 4232 list_del_init(&ses->rlist); 4233 cifs_put_smb_ses(ses); 4234 } 4235 tconInfoFree(tcon, netfs_trace_tcon_ref_free_reconnect_server); 4236 4237 done: 4238 cifs_dbg(FYI, "Reconnecting tcons and channels finished\n"); 4239 if (resched) 4240 queue_delayed_work(cifsiod_wq, &server->reconnect, 2 * HZ); 4241 mutex_unlock(&pserver->reconnect_mutex); 4242 4243 /* now we can safely release srv struct */ 4244 cifs_put_tcp_session(server, true); 4245 } 4246 4247 int SMB2_echo(struct TCP_Server_Info * server)4248 SMB2_echo(struct TCP_Server_Info *server) 4249 { 4250 struct smb2_echo_req *req; 4251 int rc = 0; 4252 struct kvec iov[1]; 4253 struct smb_rqst rqst = { .rq_iov = iov, 4254 .rq_nvec = 1 }; 4255 unsigned int total_len; 4256 4257 cifs_dbg(FYI, "In echo request for conn_id %lld\n", server->conn_id); 4258 4259 spin_lock(&server->srv_lock); 4260 if (server->ops->need_neg && 4261 server->ops->need_neg(server)) { 4262 spin_unlock(&server->srv_lock); 4263 /* No need to send echo on newly established connections */ 4264 mod_delayed_work(cifsiod_wq, &server->reconnect, 0); 4265 return rc; 4266 } 4267 spin_unlock(&server->srv_lock); 4268 4269 rc = smb2_plain_req_init(SMB2_ECHO, NULL, server, 4270 (void **)&req, &total_len); 4271 if (rc) 4272 return rc; 4273 4274 req->hdr.CreditRequest = cpu_to_le16(1); 4275 4276 iov[0].iov_len = total_len; 4277 iov[0].iov_base = (char *)req; 4278 4279 rc = cifs_call_async(server, &rqst, NULL, smb2_echo_callback, NULL, 4280 server, CIFS_ECHO_OP, NULL); 4281 if (rc) 4282 cifs_dbg(FYI, "Echo request failed: %d\n", rc); 4283 4284 cifs_small_buf_release(req); 4285 return rc; 4286 } 4287 4288 void SMB2_flush_free(struct smb_rqst * rqst)4289 SMB2_flush_free(struct smb_rqst *rqst) 4290 { 4291 if (rqst && rqst->rq_iov) 4292 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */ 4293 } 4294 4295 int SMB2_flush_init(const unsigned int xid,struct smb_rqst * rqst,struct cifs_tcon * tcon,struct TCP_Server_Info * server,u64 persistent_fid,u64 volatile_fid)4296 SMB2_flush_init(const unsigned int xid, struct smb_rqst *rqst, 4297 struct cifs_tcon *tcon, struct TCP_Server_Info *server, 4298 u64 persistent_fid, u64 volatile_fid) 4299 { 4300 struct smb2_flush_req *req; 4301 struct kvec *iov = rqst->rq_iov; 4302 unsigned int total_len; 4303 int rc; 4304 4305 rc = smb2_plain_req_init(SMB2_FLUSH, tcon, server, 4306 (void **) &req, &total_len); 4307 if (rc) 4308 return rc; 4309 4310 req->PersistentFileId = persistent_fid; 4311 req->VolatileFileId = volatile_fid; 4312 4313 iov[0].iov_base = (char *)req; 4314 iov[0].iov_len = total_len; 4315 4316 return 0; 4317 } 4318 4319 int SMB2_flush(const unsigned int xid,struct cifs_tcon * tcon,u64 persistent_fid,u64 volatile_fid)4320 SMB2_flush(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid, 4321 u64 volatile_fid) 4322 { 4323 struct cifs_ses *ses = tcon->ses; 4324 struct smb_rqst rqst; 4325 struct kvec iov[1]; 4326 struct kvec rsp_iov = {NULL, 0}; 4327 struct TCP_Server_Info *server; 4328 int resp_buftype = CIFS_NO_BUFFER; 4329 int flags = 0; 4330 int rc = 0; 4331 int retries = 0, cur_sleep = 1; 4332 4333 replay_again: 4334 /* reinitialize for possible replay */ 4335 flags = 0; 4336 server = cifs_pick_channel(ses); 4337 4338 cifs_dbg(FYI, "flush\n"); 4339 if (!ses || !(ses->server)) 4340 return -EIO; 4341 4342 if (smb3_encryption_required(tcon)) 4343 flags |= CIFS_TRANSFORM_REQ; 4344 4345 memset(&rqst, 0, sizeof(struct smb_rqst)); 4346 memset(&iov, 0, sizeof(iov)); 4347 rqst.rq_iov = iov; 4348 rqst.rq_nvec = 1; 4349 4350 rc = SMB2_flush_init(xid, &rqst, tcon, server, 4351 persistent_fid, volatile_fid); 4352 if (rc) 4353 goto flush_exit; 4354 4355 trace_smb3_flush_enter(xid, persistent_fid, tcon->tid, ses->Suid); 4356 4357 if (retries) 4358 smb2_set_replay(server, &rqst); 4359 4360 rc = cifs_send_recv(xid, ses, server, 4361 &rqst, &resp_buftype, flags, &rsp_iov); 4362 4363 if (rc != 0) { 4364 cifs_stats_fail_inc(tcon, SMB2_FLUSH_HE); 4365 trace_smb3_flush_err(xid, persistent_fid, tcon->tid, ses->Suid, 4366 rc); 4367 } else 4368 trace_smb3_flush_done(xid, persistent_fid, tcon->tid, 4369 ses->Suid); 4370 4371 flush_exit: 4372 SMB2_flush_free(&rqst); 4373 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 4374 4375 if (is_replayable_error(rc) && 4376 smb2_should_replay(tcon, &retries, &cur_sleep)) 4377 goto replay_again; 4378 4379 return rc; 4380 } 4381 4382 #ifdef CONFIG_CIFS_SMB_DIRECT smb3_use_rdma_offload(struct cifs_io_parms * io_parms)4383 static inline bool smb3_use_rdma_offload(struct cifs_io_parms *io_parms) 4384 { 4385 struct TCP_Server_Info *server = io_parms->server; 4386 struct cifs_tcon *tcon = io_parms->tcon; 4387 4388 /* we can only offload if we're connected */ 4389 if (!server || !tcon) 4390 return false; 4391 4392 /* we can only offload on an rdma connection */ 4393 if (!server->rdma || !server->smbd_conn) 4394 return false; 4395 4396 /* we don't support signed offload yet */ 4397 if (server->sign) 4398 return false; 4399 4400 /* we don't support encrypted offload yet */ 4401 if (smb3_encryption_required(tcon)) 4402 return false; 4403 4404 /* offload also has its overhead, so only do it if desired */ 4405 if (io_parms->length < server->smbd_conn->rdma_readwrite_threshold) 4406 return false; 4407 4408 return true; 4409 } 4410 #endif /* CONFIG_CIFS_SMB_DIRECT */ 4411 4412 /* 4413 * To form a chain of read requests, any read requests after the first should 4414 * have the end_of_chain boolean set to true. 4415 */ 4416 static int smb2_new_read_req(void ** buf,unsigned int * total_len,struct cifs_io_parms * io_parms,struct cifs_io_subrequest * rdata,unsigned int remaining_bytes,int request_type)4417 smb2_new_read_req(void **buf, unsigned int *total_len, 4418 struct cifs_io_parms *io_parms, struct cifs_io_subrequest *rdata, 4419 unsigned int remaining_bytes, int request_type) 4420 { 4421 int rc = -EACCES; 4422 struct smb2_read_req *req = NULL; 4423 struct smb2_hdr *shdr; 4424 struct TCP_Server_Info *server = io_parms->server; 4425 4426 rc = smb2_plain_req_init(SMB2_READ, io_parms->tcon, server, 4427 (void **) &req, total_len); 4428 if (rc) 4429 return rc; 4430 4431 if (server == NULL) 4432 return -ECONNABORTED; 4433 4434 shdr = &req->hdr; 4435 shdr->Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid); 4436 4437 req->PersistentFileId = io_parms->persistent_fid; 4438 req->VolatileFileId = io_parms->volatile_fid; 4439 req->ReadChannelInfoOffset = 0; /* reserved */ 4440 req->ReadChannelInfoLength = 0; /* reserved */ 4441 req->Channel = 0; /* reserved */ 4442 req->MinimumCount = 0; 4443 req->Length = cpu_to_le32(io_parms->length); 4444 req->Offset = cpu_to_le64(io_parms->offset); 4445 4446 trace_smb3_read_enter(rdata ? rdata->rreq->debug_id : 0, 4447 rdata ? rdata->subreq.debug_index : 0, 4448 rdata ? rdata->xid : 0, 4449 io_parms->persistent_fid, 4450 io_parms->tcon->tid, io_parms->tcon->ses->Suid, 4451 io_parms->offset, io_parms->length); 4452 #ifdef CONFIG_CIFS_SMB_DIRECT 4453 /* 4454 * If we want to do a RDMA write, fill in and append 4455 * smbd_buffer_descriptor_v1 to the end of read request 4456 */ 4457 if (rdata && smb3_use_rdma_offload(io_parms)) { 4458 struct smbd_buffer_descriptor_v1 *v1; 4459 bool need_invalidate = server->dialect == SMB30_PROT_ID; 4460 4461 rdata->mr = smbd_register_mr(server->smbd_conn, &rdata->subreq.io_iter, 4462 true, need_invalidate); 4463 if (!rdata->mr) 4464 return -EAGAIN; 4465 4466 req->Channel = SMB2_CHANNEL_RDMA_V1_INVALIDATE; 4467 if (need_invalidate) 4468 req->Channel = SMB2_CHANNEL_RDMA_V1; 4469 req->ReadChannelInfoOffset = 4470 cpu_to_le16(offsetof(struct smb2_read_req, Buffer)); 4471 req->ReadChannelInfoLength = 4472 cpu_to_le16(sizeof(struct smbd_buffer_descriptor_v1)); 4473 v1 = (struct smbd_buffer_descriptor_v1 *) &req->Buffer[0]; 4474 v1->offset = cpu_to_le64(rdata->mr->mr->iova); 4475 v1->token = cpu_to_le32(rdata->mr->mr->rkey); 4476 v1->length = cpu_to_le32(rdata->mr->mr->length); 4477 4478 *total_len += sizeof(*v1) - 1; 4479 } 4480 #endif 4481 if (request_type & CHAINED_REQUEST) { 4482 if (!(request_type & END_OF_CHAIN)) { 4483 /* next 8-byte aligned request */ 4484 *total_len = ALIGN(*total_len, 8); 4485 shdr->NextCommand = cpu_to_le32(*total_len); 4486 } else /* END_OF_CHAIN */ 4487 shdr->NextCommand = 0; 4488 if (request_type & RELATED_REQUEST) { 4489 shdr->Flags |= SMB2_FLAGS_RELATED_OPERATIONS; 4490 /* 4491 * Related requests use info from previous read request 4492 * in chain. 4493 */ 4494 shdr->SessionId = cpu_to_le64(0xFFFFFFFFFFFFFFFF); 4495 shdr->Id.SyncId.TreeId = cpu_to_le32(0xFFFFFFFF); 4496 req->PersistentFileId = (u64)-1; 4497 req->VolatileFileId = (u64)-1; 4498 } 4499 } 4500 if (remaining_bytes > io_parms->length) 4501 req->RemainingBytes = cpu_to_le32(remaining_bytes); 4502 else 4503 req->RemainingBytes = 0; 4504 4505 *buf = req; 4506 return rc; 4507 } 4508 4509 static void smb2_readv_callback(struct mid_q_entry * mid)4510 smb2_readv_callback(struct mid_q_entry *mid) 4511 { 4512 struct cifs_io_subrequest *rdata = mid->callback_data; 4513 struct netfs_inode *ictx = netfs_inode(rdata->rreq->inode); 4514 struct cifs_tcon *tcon = tlink_tcon(rdata->req->cfile->tlink); 4515 struct TCP_Server_Info *server = rdata->server; 4516 struct smb2_hdr *shdr = 4517 (struct smb2_hdr *)rdata->iov[0].iov_base; 4518 struct cifs_credits credits = { 4519 .value = 0, 4520 .instance = 0, 4521 .rreq_debug_id = rdata->rreq->debug_id, 4522 .rreq_debug_index = rdata->subreq.debug_index, 4523 }; 4524 struct smb_rqst rqst = { .rq_iov = &rdata->iov[1], .rq_nvec = 1 }; 4525 unsigned int rreq_debug_id = rdata->rreq->debug_id; 4526 unsigned int subreq_debug_index = rdata->subreq.debug_index; 4527 4528 if (rdata->got_bytes) { 4529 rqst.rq_iter = rdata->subreq.io_iter; 4530 } 4531 4532 WARN_ONCE(rdata->server != mid->server, 4533 "rdata server %p != mid server %p", 4534 rdata->server, mid->server); 4535 4536 cifs_dbg(FYI, "%s: mid=%llu state=%d result=%d bytes=%zu/%zu\n", 4537 __func__, mid->mid, mid->mid_state, rdata->result, 4538 rdata->got_bytes, rdata->subreq.len - rdata->subreq.transferred); 4539 4540 switch (mid->mid_state) { 4541 case MID_RESPONSE_RECEIVED: 4542 credits.value = le16_to_cpu(shdr->CreditRequest); 4543 credits.instance = server->reconnect_instance; 4544 /* result already set, check signature */ 4545 if (server->sign && !mid->decrypted) { 4546 int rc; 4547 4548 iov_iter_truncate(&rqst.rq_iter, rdata->got_bytes); 4549 rc = smb2_verify_signature(&rqst, server); 4550 if (rc) 4551 cifs_tcon_dbg(VFS, "SMB signature verification returned error = %d\n", 4552 rc); 4553 } 4554 /* FIXME: should this be counted toward the initiating task? */ 4555 task_io_account_read(rdata->got_bytes); 4556 cifs_stats_bytes_read(tcon, rdata->got_bytes); 4557 break; 4558 case MID_REQUEST_SUBMITTED: 4559 case MID_RETRY_NEEDED: 4560 __set_bit(NETFS_SREQ_NEED_RETRY, &rdata->subreq.flags); 4561 rdata->result = -EAGAIN; 4562 if (server->sign && rdata->got_bytes) 4563 /* reset bytes number since we can not check a sign */ 4564 rdata->got_bytes = 0; 4565 /* FIXME: should this be counted toward the initiating task? */ 4566 task_io_account_read(rdata->got_bytes); 4567 cifs_stats_bytes_read(tcon, rdata->got_bytes); 4568 break; 4569 case MID_RESPONSE_MALFORMED: 4570 credits.value = le16_to_cpu(shdr->CreditRequest); 4571 credits.instance = server->reconnect_instance; 4572 fallthrough; 4573 default: 4574 rdata->result = -EIO; 4575 } 4576 #ifdef CONFIG_CIFS_SMB_DIRECT 4577 /* 4578 * If this rdata has a memory registered, the MR can be freed 4579 * MR needs to be freed as soon as I/O finishes to prevent deadlock 4580 * because they have limited number and are used for future I/Os 4581 */ 4582 if (rdata->mr) { 4583 smbd_deregister_mr(rdata->mr); 4584 rdata->mr = NULL; 4585 } 4586 #endif 4587 if (rdata->result && rdata->result != -ENODATA) { 4588 cifs_stats_fail_inc(tcon, SMB2_READ_HE); 4589 trace_smb3_read_err(rdata->rreq->debug_id, 4590 rdata->subreq.debug_index, 4591 rdata->xid, 4592 rdata->req->cfile->fid.persistent_fid, 4593 tcon->tid, tcon->ses->Suid, 4594 rdata->subreq.start + rdata->subreq.transferred, 4595 rdata->subreq.len - rdata->subreq.transferred, 4596 rdata->result); 4597 } else 4598 trace_smb3_read_done(rdata->rreq->debug_id, 4599 rdata->subreq.debug_index, 4600 rdata->xid, 4601 rdata->req->cfile->fid.persistent_fid, 4602 tcon->tid, tcon->ses->Suid, 4603 rdata->subreq.start + rdata->subreq.transferred, 4604 rdata->got_bytes); 4605 4606 if (rdata->result == -ENODATA) { 4607 __set_bit(NETFS_SREQ_HIT_EOF, &rdata->subreq.flags); 4608 rdata->result = 0; 4609 } else { 4610 size_t trans = rdata->subreq.transferred + rdata->got_bytes; 4611 if (trans < rdata->subreq.len && 4612 rdata->subreq.start + trans == ictx->remote_i_size) { 4613 __set_bit(NETFS_SREQ_HIT_EOF, &rdata->subreq.flags); 4614 rdata->result = 0; 4615 } 4616 if (rdata->got_bytes) 4617 __set_bit(NETFS_SREQ_MADE_PROGRESS, &rdata->subreq.flags); 4618 } 4619 trace_smb3_rw_credits(rreq_debug_id, subreq_debug_index, rdata->credits.value, 4620 server->credits, server->in_flight, 4621 0, cifs_trace_rw_credits_read_response_clear); 4622 rdata->credits.value = 0; 4623 rdata->subreq.error = rdata->result; 4624 rdata->subreq.transferred += rdata->got_bytes; 4625 trace_netfs_sreq(&rdata->subreq, netfs_sreq_trace_io_progress); 4626 netfs_read_subreq_terminated(&rdata->subreq); 4627 release_mid(mid); 4628 trace_smb3_rw_credits(rreq_debug_id, subreq_debug_index, 0, 4629 server->credits, server->in_flight, 4630 credits.value, cifs_trace_rw_credits_read_response_add); 4631 add_credits(server, &credits, 0); 4632 } 4633 4634 /* smb2_async_readv - send an async read, and set up mid to handle result */ 4635 int smb2_async_readv(struct cifs_io_subrequest * rdata)4636 smb2_async_readv(struct cifs_io_subrequest *rdata) 4637 { 4638 int rc, flags = 0; 4639 char *buf; 4640 struct netfs_io_subrequest *subreq = &rdata->subreq; 4641 struct smb2_hdr *shdr; 4642 struct cifs_io_parms io_parms; 4643 struct smb_rqst rqst = { .rq_iov = rdata->iov, 4644 .rq_nvec = 1 }; 4645 struct TCP_Server_Info *server; 4646 struct cifs_tcon *tcon = tlink_tcon(rdata->req->cfile->tlink); 4647 unsigned int total_len; 4648 int credit_request; 4649 4650 cifs_dbg(FYI, "%s: offset=%llu bytes=%zu\n", 4651 __func__, subreq->start, subreq->len); 4652 4653 if (!rdata->server) 4654 rdata->server = cifs_pick_channel(tcon->ses); 4655 4656 io_parms.tcon = tlink_tcon(rdata->req->cfile->tlink); 4657 io_parms.server = server = rdata->server; 4658 io_parms.offset = subreq->start + subreq->transferred; 4659 io_parms.length = subreq->len - subreq->transferred; 4660 io_parms.persistent_fid = rdata->req->cfile->fid.persistent_fid; 4661 io_parms.volatile_fid = rdata->req->cfile->fid.volatile_fid; 4662 io_parms.pid = rdata->req->pid; 4663 4664 rc = smb2_new_read_req( 4665 (void **) &buf, &total_len, &io_parms, rdata, 0, 0); 4666 if (rc) 4667 return rc; 4668 4669 if (smb3_encryption_required(io_parms.tcon)) 4670 flags |= CIFS_TRANSFORM_REQ; 4671 4672 rdata->iov[0].iov_base = buf; 4673 rdata->iov[0].iov_len = total_len; 4674 rdata->got_bytes = 0; 4675 rdata->result = 0; 4676 4677 shdr = (struct smb2_hdr *)buf; 4678 4679 if (rdata->credits.value > 0) { 4680 shdr->CreditCharge = cpu_to_le16(DIV_ROUND_UP(io_parms.length, 4681 SMB2_MAX_BUFFER_SIZE)); 4682 credit_request = le16_to_cpu(shdr->CreditCharge) + 8; 4683 if (server->credits >= server->max_credits) 4684 shdr->CreditRequest = cpu_to_le16(0); 4685 else 4686 shdr->CreditRequest = cpu_to_le16( 4687 min_t(int, server->max_credits - 4688 server->credits, credit_request)); 4689 4690 rc = adjust_credits(server, rdata, cifs_trace_rw_credits_call_readv_adjust); 4691 if (rc) 4692 goto async_readv_out; 4693 4694 flags |= CIFS_HAS_CREDITS; 4695 } 4696 4697 rc = cifs_call_async(server, &rqst, 4698 cifs_readv_receive, smb2_readv_callback, 4699 smb3_handle_read_data, rdata, flags, 4700 &rdata->credits); 4701 if (rc) { 4702 cifs_stats_fail_inc(io_parms.tcon, SMB2_READ_HE); 4703 trace_smb3_read_err(rdata->rreq->debug_id, 4704 subreq->debug_index, 4705 rdata->xid, io_parms.persistent_fid, 4706 io_parms.tcon->tid, 4707 io_parms.tcon->ses->Suid, 4708 io_parms.offset, 4709 subreq->len - subreq->transferred, rc); 4710 } 4711 4712 async_readv_out: 4713 cifs_small_buf_release(buf); 4714 return rc; 4715 } 4716 4717 int SMB2_read(const unsigned int xid,struct cifs_io_parms * io_parms,unsigned int * nbytes,char ** buf,int * buf_type)4718 SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms, 4719 unsigned int *nbytes, char **buf, int *buf_type) 4720 { 4721 struct smb_rqst rqst; 4722 int resp_buftype, rc; 4723 struct smb2_read_req *req = NULL; 4724 struct smb2_read_rsp *rsp = NULL; 4725 struct kvec iov[1]; 4726 struct kvec rsp_iov; 4727 unsigned int total_len; 4728 int flags = CIFS_LOG_ERROR; 4729 struct cifs_ses *ses = io_parms->tcon->ses; 4730 4731 if (!io_parms->server) 4732 io_parms->server = cifs_pick_channel(io_parms->tcon->ses); 4733 4734 *nbytes = 0; 4735 rc = smb2_new_read_req((void **)&req, &total_len, io_parms, NULL, 0, 0); 4736 if (rc) 4737 return rc; 4738 4739 if (smb3_encryption_required(io_parms->tcon)) 4740 flags |= CIFS_TRANSFORM_REQ; 4741 4742 iov[0].iov_base = (char *)req; 4743 iov[0].iov_len = total_len; 4744 4745 memset(&rqst, 0, sizeof(struct smb_rqst)); 4746 rqst.rq_iov = iov; 4747 rqst.rq_nvec = 1; 4748 4749 rc = cifs_send_recv(xid, ses, io_parms->server, 4750 &rqst, &resp_buftype, flags, &rsp_iov); 4751 rsp = (struct smb2_read_rsp *)rsp_iov.iov_base; 4752 4753 if (rc) { 4754 if (rc != -ENODATA) { 4755 cifs_stats_fail_inc(io_parms->tcon, SMB2_READ_HE); 4756 cifs_dbg(VFS, "Send error in read = %d\n", rc); 4757 trace_smb3_read_err(0, 0, xid, 4758 req->PersistentFileId, 4759 io_parms->tcon->tid, ses->Suid, 4760 io_parms->offset, io_parms->length, 4761 rc); 4762 } else 4763 trace_smb3_read_done(0, 0, xid, 4764 req->PersistentFileId, io_parms->tcon->tid, 4765 ses->Suid, io_parms->offset, 0); 4766 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 4767 cifs_small_buf_release(req); 4768 return rc == -ENODATA ? 0 : rc; 4769 } else 4770 trace_smb3_read_done(0, 0, xid, 4771 req->PersistentFileId, 4772 io_parms->tcon->tid, ses->Suid, 4773 io_parms->offset, io_parms->length); 4774 4775 cifs_small_buf_release(req); 4776 4777 *nbytes = le32_to_cpu(rsp->DataLength); 4778 if ((*nbytes > CIFS_MAX_MSGSIZE) || 4779 (*nbytes > io_parms->length)) { 4780 cifs_dbg(FYI, "bad length %d for count %d\n", 4781 *nbytes, io_parms->length); 4782 rc = -EIO; 4783 *nbytes = 0; 4784 } 4785 4786 if (*buf) { 4787 memcpy(*buf, (char *)rsp + rsp->DataOffset, *nbytes); 4788 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 4789 } else if (resp_buftype != CIFS_NO_BUFFER) { 4790 *buf = rsp_iov.iov_base; 4791 if (resp_buftype == CIFS_SMALL_BUFFER) 4792 *buf_type = CIFS_SMALL_BUFFER; 4793 else if (resp_buftype == CIFS_LARGE_BUFFER) 4794 *buf_type = CIFS_LARGE_BUFFER; 4795 } 4796 return rc; 4797 } 4798 4799 /* 4800 * Check the mid_state and signature on received buffer (if any), and queue the 4801 * workqueue completion task. 4802 */ 4803 static void smb2_writev_callback(struct mid_q_entry * mid)4804 smb2_writev_callback(struct mid_q_entry *mid) 4805 { 4806 struct cifs_io_subrequest *wdata = mid->callback_data; 4807 struct cifs_tcon *tcon = tlink_tcon(wdata->req->cfile->tlink); 4808 struct TCP_Server_Info *server = wdata->server; 4809 struct smb2_write_rsp *rsp = (struct smb2_write_rsp *)mid->resp_buf; 4810 struct cifs_credits credits = { 4811 .value = 0, 4812 .instance = 0, 4813 .rreq_debug_id = wdata->rreq->debug_id, 4814 .rreq_debug_index = wdata->subreq.debug_index, 4815 }; 4816 unsigned int rreq_debug_id = wdata->rreq->debug_id; 4817 unsigned int subreq_debug_index = wdata->subreq.debug_index; 4818 ssize_t result = 0; 4819 size_t written; 4820 4821 WARN_ONCE(wdata->server != mid->server, 4822 "wdata server %p != mid server %p", 4823 wdata->server, mid->server); 4824 4825 switch (mid->mid_state) { 4826 case MID_RESPONSE_RECEIVED: 4827 credits.value = le16_to_cpu(rsp->hdr.CreditRequest); 4828 credits.instance = server->reconnect_instance; 4829 result = smb2_check_receive(mid, server, 0); 4830 if (result != 0) 4831 break; 4832 4833 written = le32_to_cpu(rsp->DataLength); 4834 /* 4835 * Mask off high 16 bits when bytes written as returned 4836 * by the server is greater than bytes requested by the 4837 * client. OS/2 servers are known to set incorrect 4838 * CountHigh values. 4839 */ 4840 if (written > wdata->subreq.len) 4841 written &= 0xFFFF; 4842 4843 cifs_stats_bytes_written(tcon, written); 4844 4845 if (written < wdata->subreq.len) { 4846 wdata->result = -ENOSPC; 4847 } else if (written > 0) { 4848 wdata->subreq.len = written; 4849 __set_bit(NETFS_SREQ_MADE_PROGRESS, &wdata->subreq.flags); 4850 } 4851 break; 4852 case MID_REQUEST_SUBMITTED: 4853 case MID_RETRY_NEEDED: 4854 result = -EAGAIN; 4855 break; 4856 case MID_RESPONSE_MALFORMED: 4857 credits.value = le16_to_cpu(rsp->hdr.CreditRequest); 4858 credits.instance = server->reconnect_instance; 4859 fallthrough; 4860 default: 4861 result = -EIO; 4862 break; 4863 } 4864 #ifdef CONFIG_CIFS_SMB_DIRECT 4865 /* 4866 * If this wdata has a memory registered, the MR can be freed 4867 * The number of MRs available is limited, it's important to recover 4868 * used MR as soon as I/O is finished. Hold MR longer in the later 4869 * I/O process can possibly result in I/O deadlock due to lack of MR 4870 * to send request on I/O retry 4871 */ 4872 if (wdata->mr) { 4873 smbd_deregister_mr(wdata->mr); 4874 wdata->mr = NULL; 4875 } 4876 #endif 4877 if (result) { 4878 cifs_stats_fail_inc(tcon, SMB2_WRITE_HE); 4879 trace_smb3_write_err(wdata->rreq->debug_id, 4880 wdata->subreq.debug_index, 4881 wdata->xid, 4882 wdata->req->cfile->fid.persistent_fid, 4883 tcon->tid, tcon->ses->Suid, wdata->subreq.start, 4884 wdata->subreq.len, wdata->result); 4885 if (wdata->result == -ENOSPC) 4886 pr_warn_once("Out of space writing to %s\n", 4887 tcon->tree_name); 4888 } else 4889 trace_smb3_write_done(wdata->rreq->debug_id, 4890 wdata->subreq.debug_index, 4891 wdata->xid, 4892 wdata->req->cfile->fid.persistent_fid, 4893 tcon->tid, tcon->ses->Suid, 4894 wdata->subreq.start, wdata->subreq.len); 4895 4896 trace_smb3_rw_credits(rreq_debug_id, subreq_debug_index, wdata->credits.value, 4897 server->credits, server->in_flight, 4898 0, cifs_trace_rw_credits_write_response_clear); 4899 wdata->credits.value = 0; 4900 trace_netfs_sreq(&wdata->subreq, netfs_sreq_trace_io_progress); 4901 cifs_write_subrequest_terminated(wdata, result ?: written, true); 4902 release_mid(mid); 4903 trace_smb3_rw_credits(rreq_debug_id, subreq_debug_index, 0, 4904 server->credits, server->in_flight, 4905 credits.value, cifs_trace_rw_credits_write_response_add); 4906 add_credits(server, &credits, 0); 4907 } 4908 4909 /* smb2_async_writev - send an async write, and set up mid to handle result */ 4910 void smb2_async_writev(struct cifs_io_subrequest * wdata)4911 smb2_async_writev(struct cifs_io_subrequest *wdata) 4912 { 4913 int rc = -EACCES, flags = 0; 4914 struct smb2_write_req *req = NULL; 4915 struct smb2_hdr *shdr; 4916 struct cifs_tcon *tcon = tlink_tcon(wdata->req->cfile->tlink); 4917 struct TCP_Server_Info *server = wdata->server; 4918 struct kvec iov[1]; 4919 struct smb_rqst rqst = { }; 4920 unsigned int total_len, xid = wdata->xid; 4921 struct cifs_io_parms _io_parms; 4922 struct cifs_io_parms *io_parms = NULL; 4923 int credit_request; 4924 4925 /* 4926 * in future we may get cifs_io_parms passed in from the caller, 4927 * but for now we construct it here... 4928 */ 4929 _io_parms = (struct cifs_io_parms) { 4930 .tcon = tcon, 4931 .server = server, 4932 .offset = wdata->subreq.start, 4933 .length = wdata->subreq.len, 4934 .persistent_fid = wdata->req->cfile->fid.persistent_fid, 4935 .volatile_fid = wdata->req->cfile->fid.volatile_fid, 4936 .pid = wdata->req->pid, 4937 }; 4938 io_parms = &_io_parms; 4939 4940 rc = smb2_plain_req_init(SMB2_WRITE, tcon, server, 4941 (void **) &req, &total_len); 4942 if (rc) 4943 goto out; 4944 4945 rqst.rq_iov = iov; 4946 rqst.rq_iter = wdata->subreq.io_iter; 4947 4948 rqst.rq_iov[0].iov_len = total_len - 1; 4949 rqst.rq_iov[0].iov_base = (char *)req; 4950 rqst.rq_nvec += 1; 4951 4952 if (smb3_encryption_required(tcon)) 4953 flags |= CIFS_TRANSFORM_REQ; 4954 4955 shdr = (struct smb2_hdr *)req; 4956 shdr->Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid); 4957 4958 req->PersistentFileId = io_parms->persistent_fid; 4959 req->VolatileFileId = io_parms->volatile_fid; 4960 req->WriteChannelInfoOffset = 0; 4961 req->WriteChannelInfoLength = 0; 4962 req->Channel = SMB2_CHANNEL_NONE; 4963 req->Length = cpu_to_le32(io_parms->length); 4964 req->Offset = cpu_to_le64(io_parms->offset); 4965 req->DataOffset = cpu_to_le16( 4966 offsetof(struct smb2_write_req, Buffer)); 4967 req->RemainingBytes = 0; 4968 4969 trace_smb3_write_enter(wdata->rreq->debug_id, 4970 wdata->subreq.debug_index, 4971 wdata->xid, 4972 io_parms->persistent_fid, 4973 io_parms->tcon->tid, 4974 io_parms->tcon->ses->Suid, 4975 io_parms->offset, 4976 io_parms->length); 4977 4978 #ifdef CONFIG_CIFS_SMB_DIRECT 4979 /* 4980 * If we want to do a server RDMA read, fill in and append 4981 * smbd_buffer_descriptor_v1 to the end of write request 4982 */ 4983 if (smb3_use_rdma_offload(io_parms)) { 4984 struct smbd_buffer_descriptor_v1 *v1; 4985 bool need_invalidate = server->dialect == SMB30_PROT_ID; 4986 4987 wdata->mr = smbd_register_mr(server->smbd_conn, &wdata->subreq.io_iter, 4988 false, need_invalidate); 4989 if (!wdata->mr) { 4990 rc = -EAGAIN; 4991 goto async_writev_out; 4992 } 4993 /* For RDMA read, I/O size is in RemainingBytes not in Length */ 4994 req->RemainingBytes = req->Length; 4995 req->Length = 0; 4996 req->DataOffset = 0; 4997 req->Channel = SMB2_CHANNEL_RDMA_V1_INVALIDATE; 4998 if (need_invalidate) 4999 req->Channel = SMB2_CHANNEL_RDMA_V1; 5000 req->WriteChannelInfoOffset = 5001 cpu_to_le16(offsetof(struct smb2_write_req, Buffer)); 5002 req->WriteChannelInfoLength = 5003 cpu_to_le16(sizeof(struct smbd_buffer_descriptor_v1)); 5004 v1 = (struct smbd_buffer_descriptor_v1 *) &req->Buffer[0]; 5005 v1->offset = cpu_to_le64(wdata->mr->mr->iova); 5006 v1->token = cpu_to_le32(wdata->mr->mr->rkey); 5007 v1->length = cpu_to_le32(wdata->mr->mr->length); 5008 5009 rqst.rq_iov[0].iov_len += sizeof(*v1); 5010 5011 /* 5012 * We keep wdata->subreq.io_iter, 5013 * but we have to truncate rqst.rq_iter 5014 */ 5015 iov_iter_truncate(&rqst.rq_iter, 0); 5016 } 5017 #endif 5018 5019 if (wdata->subreq.retry_count > 0) 5020 smb2_set_replay(server, &rqst); 5021 5022 cifs_dbg(FYI, "async write at %llu %u bytes iter=%zx\n", 5023 io_parms->offset, io_parms->length, iov_iter_count(&wdata->subreq.io_iter)); 5024 5025 if (wdata->credits.value > 0) { 5026 shdr->CreditCharge = cpu_to_le16(DIV_ROUND_UP(wdata->subreq.len, 5027 SMB2_MAX_BUFFER_SIZE)); 5028 credit_request = le16_to_cpu(shdr->CreditCharge) + 8; 5029 if (server->credits >= server->max_credits) 5030 shdr->CreditRequest = cpu_to_le16(0); 5031 else 5032 shdr->CreditRequest = cpu_to_le16( 5033 min_t(int, server->max_credits - 5034 server->credits, credit_request)); 5035 5036 rc = adjust_credits(server, wdata, cifs_trace_rw_credits_call_writev_adjust); 5037 if (rc) 5038 goto async_writev_out; 5039 5040 flags |= CIFS_HAS_CREDITS; 5041 } 5042 5043 /* XXX: compression + encryption is unsupported for now */ 5044 if (((flags & CIFS_TRANSFORM_REQ) != CIFS_TRANSFORM_REQ) && should_compress(tcon, &rqst)) 5045 flags |= CIFS_COMPRESS_REQ; 5046 5047 rc = cifs_call_async(server, &rqst, NULL, smb2_writev_callback, NULL, 5048 wdata, flags, &wdata->credits); 5049 /* Can't touch wdata if rc == 0 */ 5050 if (rc) { 5051 trace_smb3_write_err(wdata->rreq->debug_id, 5052 wdata->subreq.debug_index, 5053 xid, 5054 io_parms->persistent_fid, 5055 io_parms->tcon->tid, 5056 io_parms->tcon->ses->Suid, 5057 io_parms->offset, 5058 io_parms->length, 5059 rc); 5060 cifs_stats_fail_inc(tcon, SMB2_WRITE_HE); 5061 } 5062 5063 async_writev_out: 5064 cifs_small_buf_release(req); 5065 out: 5066 if (rc) { 5067 trace_smb3_rw_credits(wdata->rreq->debug_id, 5068 wdata->subreq.debug_index, 5069 wdata->credits.value, 5070 server->credits, server->in_flight, 5071 -(int)wdata->credits.value, 5072 cifs_trace_rw_credits_write_response_clear); 5073 add_credits_and_wake_if(wdata->server, &wdata->credits, 0); 5074 cifs_write_subrequest_terminated(wdata, rc, true); 5075 } 5076 } 5077 5078 /* 5079 * SMB2_write function gets iov pointer to kvec array with n_vec as a length. 5080 * The length field from io_parms must be at least 1 and indicates a number of 5081 * elements with data to write that begins with position 1 in iov array. All 5082 * data length is specified by count. 5083 */ 5084 int SMB2_write(const unsigned int xid,struct cifs_io_parms * io_parms,unsigned int * nbytes,struct kvec * iov,int n_vec)5085 SMB2_write(const unsigned int xid, struct cifs_io_parms *io_parms, 5086 unsigned int *nbytes, struct kvec *iov, int n_vec) 5087 { 5088 struct smb_rqst rqst; 5089 int rc = 0; 5090 struct smb2_write_req *req = NULL; 5091 struct smb2_write_rsp *rsp = NULL; 5092 int resp_buftype; 5093 struct kvec rsp_iov; 5094 int flags = 0; 5095 unsigned int total_len; 5096 struct TCP_Server_Info *server; 5097 int retries = 0, cur_sleep = 1; 5098 5099 replay_again: 5100 /* reinitialize for possible replay */ 5101 flags = 0; 5102 *nbytes = 0; 5103 if (!io_parms->server) 5104 io_parms->server = cifs_pick_channel(io_parms->tcon->ses); 5105 server = io_parms->server; 5106 if (server == NULL) 5107 return -ECONNABORTED; 5108 5109 if (n_vec < 1) 5110 return rc; 5111 5112 rc = smb2_plain_req_init(SMB2_WRITE, io_parms->tcon, server, 5113 (void **) &req, &total_len); 5114 if (rc) 5115 return rc; 5116 5117 if (smb3_encryption_required(io_parms->tcon)) 5118 flags |= CIFS_TRANSFORM_REQ; 5119 5120 req->hdr.Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid); 5121 5122 req->PersistentFileId = io_parms->persistent_fid; 5123 req->VolatileFileId = io_parms->volatile_fid; 5124 req->WriteChannelInfoOffset = 0; 5125 req->WriteChannelInfoLength = 0; 5126 req->Channel = 0; 5127 req->Length = cpu_to_le32(io_parms->length); 5128 req->Offset = cpu_to_le64(io_parms->offset); 5129 req->DataOffset = cpu_to_le16( 5130 offsetof(struct smb2_write_req, Buffer)); 5131 req->RemainingBytes = 0; 5132 5133 trace_smb3_write_enter(0, 0, xid, io_parms->persistent_fid, 5134 io_parms->tcon->tid, io_parms->tcon->ses->Suid, 5135 io_parms->offset, io_parms->length); 5136 5137 iov[0].iov_base = (char *)req; 5138 /* 1 for Buffer */ 5139 iov[0].iov_len = total_len - 1; 5140 5141 memset(&rqst, 0, sizeof(struct smb_rqst)); 5142 rqst.rq_iov = iov; 5143 rqst.rq_nvec = n_vec + 1; 5144 5145 if (retries) 5146 smb2_set_replay(server, &rqst); 5147 5148 rc = cifs_send_recv(xid, io_parms->tcon->ses, server, 5149 &rqst, 5150 &resp_buftype, flags, &rsp_iov); 5151 rsp = (struct smb2_write_rsp *)rsp_iov.iov_base; 5152 5153 if (rc) { 5154 trace_smb3_write_err(0, 0, xid, 5155 req->PersistentFileId, 5156 io_parms->tcon->tid, 5157 io_parms->tcon->ses->Suid, 5158 io_parms->offset, io_parms->length, rc); 5159 cifs_stats_fail_inc(io_parms->tcon, SMB2_WRITE_HE); 5160 cifs_dbg(VFS, "Send error in write = %d\n", rc); 5161 } else { 5162 *nbytes = le32_to_cpu(rsp->DataLength); 5163 cifs_stats_bytes_written(io_parms->tcon, *nbytes); 5164 trace_smb3_write_done(0, 0, xid, 5165 req->PersistentFileId, 5166 io_parms->tcon->tid, 5167 io_parms->tcon->ses->Suid, 5168 io_parms->offset, *nbytes); 5169 } 5170 5171 cifs_small_buf_release(req); 5172 free_rsp_buf(resp_buftype, rsp); 5173 5174 if (is_replayable_error(rc) && 5175 smb2_should_replay(io_parms->tcon, &retries, &cur_sleep)) 5176 goto replay_again; 5177 5178 return rc; 5179 } 5180 posix_info_sid_size(const void * beg,const void * end)5181 int posix_info_sid_size(const void *beg, const void *end) 5182 { 5183 size_t subauth; 5184 int total; 5185 5186 if (beg + 1 > end) 5187 return -1; 5188 5189 subauth = *(u8 *)(beg+1); 5190 if (subauth < 1 || subauth > 15) 5191 return -1; 5192 5193 total = 1 + 1 + 6 + 4*subauth; 5194 if (beg + total > end) 5195 return -1; 5196 5197 return total; 5198 } 5199 posix_info_parse(const void * beg,const void * end,struct smb2_posix_info_parsed * out)5200 int posix_info_parse(const void *beg, const void *end, 5201 struct smb2_posix_info_parsed *out) 5202 5203 { 5204 int total_len = 0; 5205 int owner_len, group_len; 5206 int name_len; 5207 const void *owner_sid; 5208 const void *group_sid; 5209 const void *name; 5210 5211 /* if no end bound given, assume payload to be correct */ 5212 if (!end) { 5213 const struct smb2_posix_info *p = beg; 5214 5215 end = beg + le32_to_cpu(p->NextEntryOffset); 5216 /* last element will have a 0 offset, pick a sensible bound */ 5217 if (end == beg) 5218 end += 0xFFFF; 5219 } 5220 5221 /* check base buf */ 5222 if (beg + sizeof(struct smb2_posix_info) > end) 5223 return -1; 5224 total_len = sizeof(struct smb2_posix_info); 5225 5226 /* check owner sid */ 5227 owner_sid = beg + total_len; 5228 owner_len = posix_info_sid_size(owner_sid, end); 5229 if (owner_len < 0) 5230 return -1; 5231 total_len += owner_len; 5232 5233 /* check group sid */ 5234 group_sid = beg + total_len; 5235 group_len = posix_info_sid_size(group_sid, end); 5236 if (group_len < 0) 5237 return -1; 5238 total_len += group_len; 5239 5240 /* check name len */ 5241 if (beg + total_len + 4 > end) 5242 return -1; 5243 name_len = le32_to_cpu(*(__le32 *)(beg + total_len)); 5244 if (name_len < 1 || name_len > 0xFFFF) 5245 return -1; 5246 total_len += 4; 5247 5248 /* check name */ 5249 name = beg + total_len; 5250 if (name + name_len > end) 5251 return -1; 5252 total_len += name_len; 5253 5254 if (out) { 5255 out->base = beg; 5256 out->size = total_len; 5257 out->name_len = name_len; 5258 out->name = name; 5259 memcpy(&out->owner, owner_sid, owner_len); 5260 memcpy(&out->group, group_sid, group_len); 5261 } 5262 return total_len; 5263 } 5264 posix_info_extra_size(const void * beg,const void * end)5265 static int posix_info_extra_size(const void *beg, const void *end) 5266 { 5267 int len = posix_info_parse(beg, end, NULL); 5268 5269 if (len < 0) 5270 return -1; 5271 return len - sizeof(struct smb2_posix_info); 5272 } 5273 5274 static unsigned int num_entries(int infotype,char * bufstart,char * end_of_buf,char ** lastentry,size_t size)5275 num_entries(int infotype, char *bufstart, char *end_of_buf, char **lastentry, 5276 size_t size) 5277 { 5278 int len; 5279 unsigned int entrycount = 0; 5280 unsigned int next_offset = 0; 5281 char *entryptr; 5282 FILE_DIRECTORY_INFO *dir_info; 5283 5284 if (bufstart == NULL) 5285 return 0; 5286 5287 entryptr = bufstart; 5288 5289 while (1) { 5290 if (entryptr + next_offset < entryptr || 5291 entryptr + next_offset > end_of_buf || 5292 entryptr + next_offset + size > end_of_buf) { 5293 cifs_dbg(VFS, "malformed search entry would overflow\n"); 5294 break; 5295 } 5296 5297 entryptr = entryptr + next_offset; 5298 dir_info = (FILE_DIRECTORY_INFO *)entryptr; 5299 5300 if (infotype == SMB_FIND_FILE_POSIX_INFO) 5301 len = posix_info_extra_size(entryptr, end_of_buf); 5302 else 5303 len = le32_to_cpu(dir_info->FileNameLength); 5304 5305 if (len < 0 || 5306 entryptr + len < entryptr || 5307 entryptr + len > end_of_buf || 5308 entryptr + len + size > end_of_buf) { 5309 cifs_dbg(VFS, "directory entry name would overflow frame end of buf %p\n", 5310 end_of_buf); 5311 break; 5312 } 5313 5314 *lastentry = entryptr; 5315 entrycount++; 5316 5317 next_offset = le32_to_cpu(dir_info->NextEntryOffset); 5318 if (!next_offset) 5319 break; 5320 } 5321 5322 return entrycount; 5323 } 5324 5325 /* 5326 * Readdir/FindFirst 5327 */ SMB2_query_directory_init(const unsigned int xid,struct cifs_tcon * tcon,struct TCP_Server_Info * server,struct smb_rqst * rqst,u64 persistent_fid,u64 volatile_fid,int index,int info_level)5328 int SMB2_query_directory_init(const unsigned int xid, 5329 struct cifs_tcon *tcon, 5330 struct TCP_Server_Info *server, 5331 struct smb_rqst *rqst, 5332 u64 persistent_fid, u64 volatile_fid, 5333 int index, int info_level) 5334 { 5335 struct smb2_query_directory_req *req; 5336 unsigned char *bufptr; 5337 __le16 asteriks = cpu_to_le16('*'); 5338 unsigned int output_size = CIFSMaxBufSize - 5339 MAX_SMB2_CREATE_RESPONSE_SIZE - 5340 MAX_SMB2_CLOSE_RESPONSE_SIZE; 5341 unsigned int total_len; 5342 struct kvec *iov = rqst->rq_iov; 5343 int len, rc; 5344 5345 rc = smb2_plain_req_init(SMB2_QUERY_DIRECTORY, tcon, server, 5346 (void **) &req, &total_len); 5347 if (rc) 5348 return rc; 5349 5350 switch (info_level) { 5351 case SMB_FIND_FILE_DIRECTORY_INFO: 5352 req->FileInformationClass = FILE_DIRECTORY_INFORMATION; 5353 break; 5354 case SMB_FIND_FILE_ID_FULL_DIR_INFO: 5355 req->FileInformationClass = FILEID_FULL_DIRECTORY_INFORMATION; 5356 break; 5357 case SMB_FIND_FILE_POSIX_INFO: 5358 req->FileInformationClass = SMB_FIND_FILE_POSIX_INFO; 5359 break; 5360 case SMB_FIND_FILE_FULL_DIRECTORY_INFO: 5361 req->FileInformationClass = FILE_FULL_DIRECTORY_INFORMATION; 5362 break; 5363 default: 5364 cifs_tcon_dbg(VFS, "info level %u isn't supported\n", 5365 info_level); 5366 return -EINVAL; 5367 } 5368 5369 req->FileIndex = cpu_to_le32(index); 5370 req->PersistentFileId = persistent_fid; 5371 req->VolatileFileId = volatile_fid; 5372 5373 len = 0x2; 5374 bufptr = req->Buffer; 5375 memcpy(bufptr, &asteriks, len); 5376 5377 req->FileNameOffset = 5378 cpu_to_le16(sizeof(struct smb2_query_directory_req)); 5379 req->FileNameLength = cpu_to_le16(len); 5380 /* 5381 * BB could be 30 bytes or so longer if we used SMB2 specific 5382 * buffer lengths, but this is safe and close enough. 5383 */ 5384 output_size = min_t(unsigned int, output_size, server->maxBuf); 5385 output_size = min_t(unsigned int, output_size, 2 << 15); 5386 req->OutputBufferLength = cpu_to_le32(output_size); 5387 5388 iov[0].iov_base = (char *)req; 5389 /* 1 for Buffer */ 5390 iov[0].iov_len = total_len - 1; 5391 5392 iov[1].iov_base = (char *)(req->Buffer); 5393 iov[1].iov_len = len; 5394 5395 trace_smb3_query_dir_enter(xid, persistent_fid, tcon->tid, 5396 tcon->ses->Suid, index, output_size); 5397 5398 return 0; 5399 } 5400 SMB2_query_directory_free(struct smb_rqst * rqst)5401 void SMB2_query_directory_free(struct smb_rqst *rqst) 5402 { 5403 if (rqst && rqst->rq_iov) { 5404 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */ 5405 } 5406 } 5407 5408 int smb2_parse_query_directory(struct cifs_tcon * tcon,struct kvec * rsp_iov,int resp_buftype,struct cifs_search_info * srch_inf)5409 smb2_parse_query_directory(struct cifs_tcon *tcon, 5410 struct kvec *rsp_iov, 5411 int resp_buftype, 5412 struct cifs_search_info *srch_inf) 5413 { 5414 struct smb2_query_directory_rsp *rsp; 5415 size_t info_buf_size; 5416 char *end_of_smb; 5417 int rc; 5418 5419 rsp = (struct smb2_query_directory_rsp *)rsp_iov->iov_base; 5420 5421 switch (srch_inf->info_level) { 5422 case SMB_FIND_FILE_DIRECTORY_INFO: 5423 info_buf_size = sizeof(FILE_DIRECTORY_INFO); 5424 break; 5425 case SMB_FIND_FILE_ID_FULL_DIR_INFO: 5426 info_buf_size = sizeof(SEARCH_ID_FULL_DIR_INFO); 5427 break; 5428 case SMB_FIND_FILE_POSIX_INFO: 5429 /* note that posix payload are variable size */ 5430 info_buf_size = sizeof(struct smb2_posix_info); 5431 break; 5432 case SMB_FIND_FILE_FULL_DIRECTORY_INFO: 5433 info_buf_size = sizeof(FILE_FULL_DIRECTORY_INFO); 5434 break; 5435 default: 5436 cifs_tcon_dbg(VFS, "info level %u isn't supported\n", 5437 srch_inf->info_level); 5438 return -EINVAL; 5439 } 5440 5441 rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset), 5442 le32_to_cpu(rsp->OutputBufferLength), rsp_iov, 5443 info_buf_size); 5444 if (rc) { 5445 cifs_tcon_dbg(VFS, "bad info payload"); 5446 return rc; 5447 } 5448 5449 srch_inf->unicode = true; 5450 5451 if (srch_inf->ntwrk_buf_start) { 5452 if (srch_inf->smallBuf) 5453 cifs_small_buf_release(srch_inf->ntwrk_buf_start); 5454 else 5455 cifs_buf_release(srch_inf->ntwrk_buf_start); 5456 } 5457 srch_inf->ntwrk_buf_start = (char *)rsp; 5458 srch_inf->srch_entries_start = srch_inf->last_entry = 5459 (char *)rsp + le16_to_cpu(rsp->OutputBufferOffset); 5460 end_of_smb = rsp_iov->iov_len + (char *)rsp; 5461 5462 srch_inf->entries_in_buffer = num_entries( 5463 srch_inf->info_level, 5464 srch_inf->srch_entries_start, 5465 end_of_smb, 5466 &srch_inf->last_entry, 5467 info_buf_size); 5468 5469 srch_inf->index_of_last_entry += srch_inf->entries_in_buffer; 5470 cifs_dbg(FYI, "num entries %d last_index %lld srch start %p srch end %p\n", 5471 srch_inf->entries_in_buffer, srch_inf->index_of_last_entry, 5472 srch_inf->srch_entries_start, srch_inf->last_entry); 5473 if (resp_buftype == CIFS_LARGE_BUFFER) 5474 srch_inf->smallBuf = false; 5475 else if (resp_buftype == CIFS_SMALL_BUFFER) 5476 srch_inf->smallBuf = true; 5477 else 5478 cifs_tcon_dbg(VFS, "Invalid search buffer type\n"); 5479 5480 return 0; 5481 } 5482 5483 int SMB2_query_directory(const unsigned int xid,struct cifs_tcon * tcon,u64 persistent_fid,u64 volatile_fid,int index,struct cifs_search_info * srch_inf)5484 SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, 5485 u64 persistent_fid, u64 volatile_fid, int index, 5486 struct cifs_search_info *srch_inf) 5487 { 5488 struct smb_rqst rqst; 5489 struct kvec iov[SMB2_QUERY_DIRECTORY_IOV_SIZE]; 5490 struct smb2_query_directory_rsp *rsp = NULL; 5491 int resp_buftype = CIFS_NO_BUFFER; 5492 struct kvec rsp_iov; 5493 int rc = 0; 5494 struct cifs_ses *ses = tcon->ses; 5495 struct TCP_Server_Info *server; 5496 int flags = 0; 5497 int retries = 0, cur_sleep = 1; 5498 5499 replay_again: 5500 /* reinitialize for possible replay */ 5501 flags = 0; 5502 server = cifs_pick_channel(ses); 5503 5504 if (!ses || !(ses->server)) 5505 return -EIO; 5506 5507 if (smb3_encryption_required(tcon)) 5508 flags |= CIFS_TRANSFORM_REQ; 5509 5510 memset(&rqst, 0, sizeof(struct smb_rqst)); 5511 memset(&iov, 0, sizeof(iov)); 5512 rqst.rq_iov = iov; 5513 rqst.rq_nvec = SMB2_QUERY_DIRECTORY_IOV_SIZE; 5514 5515 rc = SMB2_query_directory_init(xid, tcon, server, 5516 &rqst, persistent_fid, 5517 volatile_fid, index, 5518 srch_inf->info_level); 5519 if (rc) 5520 goto qdir_exit; 5521 5522 if (retries) 5523 smb2_set_replay(server, &rqst); 5524 5525 rc = cifs_send_recv(xid, ses, server, 5526 &rqst, &resp_buftype, flags, &rsp_iov); 5527 rsp = (struct smb2_query_directory_rsp *)rsp_iov.iov_base; 5528 5529 if (rc) { 5530 if (rc == -ENODATA && 5531 rsp->hdr.Status == STATUS_NO_MORE_FILES) { 5532 trace_smb3_query_dir_done(xid, persistent_fid, 5533 tcon->tid, tcon->ses->Suid, index, 0); 5534 srch_inf->endOfSearch = true; 5535 rc = 0; 5536 } else { 5537 trace_smb3_query_dir_err(xid, persistent_fid, tcon->tid, 5538 tcon->ses->Suid, index, 0, rc); 5539 cifs_stats_fail_inc(tcon, SMB2_QUERY_DIRECTORY_HE); 5540 } 5541 goto qdir_exit; 5542 } 5543 5544 rc = smb2_parse_query_directory(tcon, &rsp_iov, resp_buftype, 5545 srch_inf); 5546 if (rc) { 5547 trace_smb3_query_dir_err(xid, persistent_fid, tcon->tid, 5548 tcon->ses->Suid, index, 0, rc); 5549 goto qdir_exit; 5550 } 5551 resp_buftype = CIFS_NO_BUFFER; 5552 5553 trace_smb3_query_dir_done(xid, persistent_fid, tcon->tid, 5554 tcon->ses->Suid, index, srch_inf->entries_in_buffer); 5555 5556 qdir_exit: 5557 SMB2_query_directory_free(&rqst); 5558 free_rsp_buf(resp_buftype, rsp); 5559 5560 if (is_replayable_error(rc) && 5561 smb2_should_replay(tcon, &retries, &cur_sleep)) 5562 goto replay_again; 5563 5564 return rc; 5565 } 5566 5567 int SMB2_set_info_init(struct cifs_tcon * tcon,struct TCP_Server_Info * server,struct smb_rqst * rqst,u64 persistent_fid,u64 volatile_fid,u32 pid,u8 info_class,u8 info_type,u32 additional_info,void ** data,unsigned int * size)5568 SMB2_set_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server, 5569 struct smb_rqst *rqst, 5570 u64 persistent_fid, u64 volatile_fid, u32 pid, 5571 u8 info_class, u8 info_type, u32 additional_info, 5572 void **data, unsigned int *size) 5573 { 5574 struct smb2_set_info_req *req; 5575 struct kvec *iov = rqst->rq_iov; 5576 unsigned int i, total_len; 5577 int rc; 5578 5579 rc = smb2_plain_req_init(SMB2_SET_INFO, tcon, server, 5580 (void **) &req, &total_len); 5581 if (rc) 5582 return rc; 5583 5584 req->hdr.Id.SyncId.ProcessId = cpu_to_le32(pid); 5585 req->InfoType = info_type; 5586 req->FileInfoClass = info_class; 5587 req->PersistentFileId = persistent_fid; 5588 req->VolatileFileId = volatile_fid; 5589 req->AdditionalInformation = cpu_to_le32(additional_info); 5590 5591 req->BufferOffset = cpu_to_le16(sizeof(struct smb2_set_info_req)); 5592 req->BufferLength = cpu_to_le32(*size); 5593 5594 memcpy(req->Buffer, *data, *size); 5595 total_len += *size; 5596 5597 iov[0].iov_base = (char *)req; 5598 /* 1 for Buffer */ 5599 iov[0].iov_len = total_len - 1; 5600 5601 for (i = 1; i < rqst->rq_nvec; i++) { 5602 le32_add_cpu(&req->BufferLength, size[i]); 5603 iov[i].iov_base = (char *)data[i]; 5604 iov[i].iov_len = size[i]; 5605 } 5606 5607 return 0; 5608 } 5609 5610 void SMB2_set_info_free(struct smb_rqst * rqst)5611 SMB2_set_info_free(struct smb_rqst *rqst) 5612 { 5613 if (rqst && rqst->rq_iov) 5614 cifs_buf_release(rqst->rq_iov[0].iov_base); /* request */ 5615 } 5616 5617 static int send_set_info(const unsigned int xid,struct cifs_tcon * tcon,u64 persistent_fid,u64 volatile_fid,u32 pid,u8 info_class,u8 info_type,u32 additional_info,unsigned int num,void ** data,unsigned int * size)5618 send_set_info(const unsigned int xid, struct cifs_tcon *tcon, 5619 u64 persistent_fid, u64 volatile_fid, u32 pid, u8 info_class, 5620 u8 info_type, u32 additional_info, unsigned int num, 5621 void **data, unsigned int *size) 5622 { 5623 struct smb_rqst rqst; 5624 struct smb2_set_info_rsp *rsp = NULL; 5625 struct kvec *iov; 5626 struct kvec rsp_iov; 5627 int rc = 0; 5628 int resp_buftype; 5629 struct cifs_ses *ses = tcon->ses; 5630 struct TCP_Server_Info *server; 5631 int flags = 0; 5632 int retries = 0, cur_sleep = 1; 5633 5634 replay_again: 5635 /* reinitialize for possible replay */ 5636 flags = 0; 5637 server = cifs_pick_channel(ses); 5638 5639 if (!ses || !server) 5640 return -EIO; 5641 5642 if (!num) 5643 return -EINVAL; 5644 5645 if (smb3_encryption_required(tcon)) 5646 flags |= CIFS_TRANSFORM_REQ; 5647 5648 iov = kmalloc_array(num, sizeof(struct kvec), GFP_KERNEL); 5649 if (!iov) 5650 return -ENOMEM; 5651 5652 memset(&rqst, 0, sizeof(struct smb_rqst)); 5653 rqst.rq_iov = iov; 5654 rqst.rq_nvec = num; 5655 5656 rc = SMB2_set_info_init(tcon, server, 5657 &rqst, persistent_fid, volatile_fid, pid, 5658 info_class, info_type, additional_info, 5659 data, size); 5660 if (rc) { 5661 kfree(iov); 5662 return rc; 5663 } 5664 5665 if (retries) 5666 smb2_set_replay(server, &rqst); 5667 5668 rc = cifs_send_recv(xid, ses, server, 5669 &rqst, &resp_buftype, flags, 5670 &rsp_iov); 5671 SMB2_set_info_free(&rqst); 5672 rsp = (struct smb2_set_info_rsp *)rsp_iov.iov_base; 5673 5674 if (rc != 0) { 5675 cifs_stats_fail_inc(tcon, SMB2_SET_INFO_HE); 5676 trace_smb3_set_info_err(xid, persistent_fid, tcon->tid, 5677 ses->Suid, info_class, (__u32)info_type, rc); 5678 } 5679 5680 free_rsp_buf(resp_buftype, rsp); 5681 kfree(iov); 5682 5683 if (is_replayable_error(rc) && 5684 smb2_should_replay(tcon, &retries, &cur_sleep)) 5685 goto replay_again; 5686 5687 return rc; 5688 } 5689 5690 int SMB2_set_eof(const unsigned int xid,struct cifs_tcon * tcon,u64 persistent_fid,u64 volatile_fid,u32 pid,loff_t new_eof)5691 SMB2_set_eof(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid, 5692 u64 volatile_fid, u32 pid, loff_t new_eof) 5693 { 5694 struct smb2_file_eof_info info; 5695 void *data; 5696 unsigned int size; 5697 5698 info.EndOfFile = cpu_to_le64(new_eof); 5699 5700 data = &info; 5701 size = sizeof(struct smb2_file_eof_info); 5702 5703 trace_smb3_set_eof(xid, persistent_fid, tcon->tid, tcon->ses->Suid, new_eof); 5704 5705 return send_set_info(xid, tcon, persistent_fid, volatile_fid, 5706 pid, FILE_END_OF_FILE_INFORMATION, SMB2_O_INFO_FILE, 5707 0, 1, &data, &size); 5708 } 5709 5710 int SMB2_set_acl(const unsigned int xid,struct cifs_tcon * tcon,u64 persistent_fid,u64 volatile_fid,struct smb_ntsd * pnntsd,int pacllen,int aclflag)5711 SMB2_set_acl(const unsigned int xid, struct cifs_tcon *tcon, 5712 u64 persistent_fid, u64 volatile_fid, 5713 struct smb_ntsd *pnntsd, int pacllen, int aclflag) 5714 { 5715 return send_set_info(xid, tcon, persistent_fid, volatile_fid, 5716 current->tgid, 0, SMB2_O_INFO_SECURITY, aclflag, 5717 1, (void **)&pnntsd, &pacllen); 5718 } 5719 5720 int SMB2_set_ea(const unsigned int xid,struct cifs_tcon * tcon,u64 persistent_fid,u64 volatile_fid,struct smb2_file_full_ea_info * buf,int len)5721 SMB2_set_ea(const unsigned int xid, struct cifs_tcon *tcon, 5722 u64 persistent_fid, u64 volatile_fid, 5723 struct smb2_file_full_ea_info *buf, int len) 5724 { 5725 return send_set_info(xid, tcon, persistent_fid, volatile_fid, 5726 current->tgid, FILE_FULL_EA_INFORMATION, SMB2_O_INFO_FILE, 5727 0, 1, (void **)&buf, &len); 5728 } 5729 5730 int SMB2_oplock_break(const unsigned int xid,struct cifs_tcon * tcon,const u64 persistent_fid,const u64 volatile_fid,__u8 oplock_level)5731 SMB2_oplock_break(const unsigned int xid, struct cifs_tcon *tcon, 5732 const u64 persistent_fid, const u64 volatile_fid, 5733 __u8 oplock_level) 5734 { 5735 struct smb_rqst rqst; 5736 int rc; 5737 struct smb2_oplock_break *req = NULL; 5738 struct cifs_ses *ses = tcon->ses; 5739 struct TCP_Server_Info *server; 5740 int flags = CIFS_OBREAK_OP; 5741 unsigned int total_len; 5742 struct kvec iov[1]; 5743 struct kvec rsp_iov; 5744 int resp_buf_type; 5745 int retries = 0, cur_sleep = 1; 5746 5747 replay_again: 5748 /* reinitialize for possible replay */ 5749 flags = CIFS_OBREAK_OP; 5750 server = cifs_pick_channel(ses); 5751 5752 cifs_dbg(FYI, "SMB2_oplock_break\n"); 5753 rc = smb2_plain_req_init(SMB2_OPLOCK_BREAK, tcon, server, 5754 (void **) &req, &total_len); 5755 if (rc) 5756 return rc; 5757 5758 if (smb3_encryption_required(tcon)) 5759 flags |= CIFS_TRANSFORM_REQ; 5760 5761 req->VolatileFid = volatile_fid; 5762 req->PersistentFid = persistent_fid; 5763 req->OplockLevel = oplock_level; 5764 req->hdr.CreditRequest = cpu_to_le16(1); 5765 5766 flags |= CIFS_NO_RSP_BUF; 5767 5768 iov[0].iov_base = (char *)req; 5769 iov[0].iov_len = total_len; 5770 5771 memset(&rqst, 0, sizeof(struct smb_rqst)); 5772 rqst.rq_iov = iov; 5773 rqst.rq_nvec = 1; 5774 5775 if (retries) 5776 smb2_set_replay(server, &rqst); 5777 5778 rc = cifs_send_recv(xid, ses, server, 5779 &rqst, &resp_buf_type, flags, &rsp_iov); 5780 cifs_small_buf_release(req); 5781 if (rc) { 5782 cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE); 5783 cifs_dbg(FYI, "Send error in Oplock Break = %d\n", rc); 5784 } 5785 5786 if (is_replayable_error(rc) && 5787 smb2_should_replay(tcon, &retries, &cur_sleep)) 5788 goto replay_again; 5789 5790 return rc; 5791 } 5792 5793 void smb2_copy_fs_info_to_kstatfs(struct smb2_fs_full_size_info * pfs_inf,struct kstatfs * kst)5794 smb2_copy_fs_info_to_kstatfs(struct smb2_fs_full_size_info *pfs_inf, 5795 struct kstatfs *kst) 5796 { 5797 kst->f_bsize = le32_to_cpu(pfs_inf->BytesPerSector) * 5798 le32_to_cpu(pfs_inf->SectorsPerAllocationUnit); 5799 kst->f_blocks = le64_to_cpu(pfs_inf->TotalAllocationUnits); 5800 kst->f_bfree = kst->f_bavail = 5801 le64_to_cpu(pfs_inf->CallerAvailableAllocationUnits); 5802 return; 5803 } 5804 5805 static void copy_posix_fs_info_to_kstatfs(FILE_SYSTEM_POSIX_INFO * response_data,struct kstatfs * kst)5806 copy_posix_fs_info_to_kstatfs(FILE_SYSTEM_POSIX_INFO *response_data, 5807 struct kstatfs *kst) 5808 { 5809 kst->f_bsize = le32_to_cpu(response_data->BlockSize); 5810 kst->f_blocks = le64_to_cpu(response_data->TotalBlocks); 5811 kst->f_bfree = le64_to_cpu(response_data->BlocksAvail); 5812 if (response_data->UserBlocksAvail == cpu_to_le64(-1)) 5813 kst->f_bavail = kst->f_bfree; 5814 else 5815 kst->f_bavail = le64_to_cpu(response_data->UserBlocksAvail); 5816 if (response_data->TotalFileNodes != cpu_to_le64(-1)) 5817 kst->f_files = le64_to_cpu(response_data->TotalFileNodes); 5818 if (response_data->FreeFileNodes != cpu_to_le64(-1)) 5819 kst->f_ffree = le64_to_cpu(response_data->FreeFileNodes); 5820 5821 return; 5822 } 5823 5824 static int build_qfs_info_req(struct kvec * iov,struct cifs_tcon * tcon,struct TCP_Server_Info * server,int level,int outbuf_len,u64 persistent_fid,u64 volatile_fid)5825 build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon, 5826 struct TCP_Server_Info *server, 5827 int level, int outbuf_len, u64 persistent_fid, 5828 u64 volatile_fid) 5829 { 5830 int rc; 5831 struct smb2_query_info_req *req; 5832 unsigned int total_len; 5833 5834 cifs_dbg(FYI, "Query FSInfo level %d\n", level); 5835 5836 if ((tcon->ses == NULL) || server == NULL) 5837 return -EIO; 5838 5839 rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, server, 5840 (void **) &req, &total_len); 5841 if (rc) 5842 return rc; 5843 5844 req->InfoType = SMB2_O_INFO_FILESYSTEM; 5845 req->FileInfoClass = level; 5846 req->PersistentFileId = persistent_fid; 5847 req->VolatileFileId = volatile_fid; 5848 /* 1 for pad */ 5849 req->InputBufferOffset = 5850 cpu_to_le16(sizeof(struct smb2_query_info_req)); 5851 req->OutputBufferLength = cpu_to_le32( 5852 outbuf_len + sizeof(struct smb2_query_info_rsp)); 5853 5854 iov->iov_base = (char *)req; 5855 iov->iov_len = total_len; 5856 return 0; 5857 } 5858 free_qfs_info_req(struct kvec * iov)5859 static inline void free_qfs_info_req(struct kvec *iov) 5860 { 5861 cifs_buf_release(iov->iov_base); 5862 } 5863 5864 int SMB311_posix_qfs_info(const unsigned int xid,struct cifs_tcon * tcon,u64 persistent_fid,u64 volatile_fid,struct kstatfs * fsdata)5865 SMB311_posix_qfs_info(const unsigned int xid, struct cifs_tcon *tcon, 5866 u64 persistent_fid, u64 volatile_fid, struct kstatfs *fsdata) 5867 { 5868 struct smb_rqst rqst; 5869 struct smb2_query_info_rsp *rsp = NULL; 5870 struct kvec iov; 5871 struct kvec rsp_iov; 5872 int rc = 0; 5873 int resp_buftype; 5874 struct cifs_ses *ses = tcon->ses; 5875 struct TCP_Server_Info *server; 5876 FILE_SYSTEM_POSIX_INFO *info = NULL; 5877 int flags = 0; 5878 int retries = 0, cur_sleep = 1; 5879 5880 replay_again: 5881 /* reinitialize for possible replay */ 5882 flags = 0; 5883 server = cifs_pick_channel(ses); 5884 5885 rc = build_qfs_info_req(&iov, tcon, server, 5886 FS_POSIX_INFORMATION, 5887 sizeof(FILE_SYSTEM_POSIX_INFO), 5888 persistent_fid, volatile_fid); 5889 if (rc) 5890 return rc; 5891 5892 if (smb3_encryption_required(tcon)) 5893 flags |= CIFS_TRANSFORM_REQ; 5894 5895 memset(&rqst, 0, sizeof(struct smb_rqst)); 5896 rqst.rq_iov = &iov; 5897 rqst.rq_nvec = 1; 5898 5899 if (retries) 5900 smb2_set_replay(server, &rqst); 5901 5902 rc = cifs_send_recv(xid, ses, server, 5903 &rqst, &resp_buftype, flags, &rsp_iov); 5904 free_qfs_info_req(&iov); 5905 if (rc) { 5906 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); 5907 goto posix_qfsinf_exit; 5908 } 5909 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base; 5910 5911 info = (FILE_SYSTEM_POSIX_INFO *)( 5912 le16_to_cpu(rsp->OutputBufferOffset) + (char *)rsp); 5913 rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset), 5914 le32_to_cpu(rsp->OutputBufferLength), &rsp_iov, 5915 sizeof(FILE_SYSTEM_POSIX_INFO)); 5916 if (!rc) 5917 copy_posix_fs_info_to_kstatfs(info, fsdata); 5918 5919 posix_qfsinf_exit: 5920 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 5921 5922 if (is_replayable_error(rc) && 5923 smb2_should_replay(tcon, &retries, &cur_sleep)) 5924 goto replay_again; 5925 5926 return rc; 5927 } 5928 5929 int SMB2_QFS_info(const unsigned int xid,struct cifs_tcon * tcon,u64 persistent_fid,u64 volatile_fid,struct kstatfs * fsdata)5930 SMB2_QFS_info(const unsigned int xid, struct cifs_tcon *tcon, 5931 u64 persistent_fid, u64 volatile_fid, struct kstatfs *fsdata) 5932 { 5933 struct smb_rqst rqst; 5934 struct smb2_query_info_rsp *rsp = NULL; 5935 struct kvec iov; 5936 struct kvec rsp_iov; 5937 int rc = 0; 5938 int resp_buftype; 5939 struct cifs_ses *ses = tcon->ses; 5940 struct TCP_Server_Info *server; 5941 struct smb2_fs_full_size_info *info = NULL; 5942 int flags = 0; 5943 int retries = 0, cur_sleep = 1; 5944 5945 replay_again: 5946 /* reinitialize for possible replay */ 5947 flags = 0; 5948 server = cifs_pick_channel(ses); 5949 5950 rc = build_qfs_info_req(&iov, tcon, server, 5951 FS_FULL_SIZE_INFORMATION, 5952 sizeof(struct smb2_fs_full_size_info), 5953 persistent_fid, volatile_fid); 5954 if (rc) 5955 return rc; 5956 5957 if (smb3_encryption_required(tcon)) 5958 flags |= CIFS_TRANSFORM_REQ; 5959 5960 memset(&rqst, 0, sizeof(struct smb_rqst)); 5961 rqst.rq_iov = &iov; 5962 rqst.rq_nvec = 1; 5963 5964 if (retries) 5965 smb2_set_replay(server, &rqst); 5966 5967 rc = cifs_send_recv(xid, ses, server, 5968 &rqst, &resp_buftype, flags, &rsp_iov); 5969 free_qfs_info_req(&iov); 5970 if (rc) { 5971 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); 5972 goto qfsinf_exit; 5973 } 5974 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base; 5975 5976 info = (struct smb2_fs_full_size_info *)( 5977 le16_to_cpu(rsp->OutputBufferOffset) + (char *)rsp); 5978 rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset), 5979 le32_to_cpu(rsp->OutputBufferLength), &rsp_iov, 5980 sizeof(struct smb2_fs_full_size_info)); 5981 if (!rc) 5982 smb2_copy_fs_info_to_kstatfs(info, fsdata); 5983 5984 qfsinf_exit: 5985 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 5986 5987 if (is_replayable_error(rc) && 5988 smb2_should_replay(tcon, &retries, &cur_sleep)) 5989 goto replay_again; 5990 5991 return rc; 5992 } 5993 5994 int SMB2_QFS_attr(const unsigned int xid,struct cifs_tcon * tcon,u64 persistent_fid,u64 volatile_fid,int level)5995 SMB2_QFS_attr(const unsigned int xid, struct cifs_tcon *tcon, 5996 u64 persistent_fid, u64 volatile_fid, int level) 5997 { 5998 struct smb_rqst rqst; 5999 struct smb2_query_info_rsp *rsp = NULL; 6000 struct kvec iov; 6001 struct kvec rsp_iov; 6002 int rc = 0; 6003 int resp_buftype, max_len, min_len; 6004 struct cifs_ses *ses = tcon->ses; 6005 struct TCP_Server_Info *server; 6006 unsigned int rsp_len, offset; 6007 int flags = 0; 6008 int retries = 0, cur_sleep = 1; 6009 6010 replay_again: 6011 /* reinitialize for possible replay */ 6012 flags = 0; 6013 server = cifs_pick_channel(ses); 6014 6015 if (level == FS_DEVICE_INFORMATION) { 6016 max_len = sizeof(FILE_SYSTEM_DEVICE_INFO); 6017 min_len = sizeof(FILE_SYSTEM_DEVICE_INFO); 6018 } else if (level == FS_ATTRIBUTE_INFORMATION) { 6019 max_len = sizeof(FILE_SYSTEM_ATTRIBUTE_INFO); 6020 min_len = MIN_FS_ATTR_INFO_SIZE; 6021 } else if (level == FS_SECTOR_SIZE_INFORMATION) { 6022 max_len = sizeof(struct smb3_fs_ss_info); 6023 min_len = sizeof(struct smb3_fs_ss_info); 6024 } else if (level == FS_VOLUME_INFORMATION) { 6025 max_len = sizeof(struct smb3_fs_vol_info) + MAX_VOL_LABEL_LEN; 6026 min_len = sizeof(struct smb3_fs_vol_info); 6027 } else { 6028 cifs_dbg(FYI, "Invalid qfsinfo level %d\n", level); 6029 return -EINVAL; 6030 } 6031 6032 rc = build_qfs_info_req(&iov, tcon, server, 6033 level, max_len, 6034 persistent_fid, volatile_fid); 6035 if (rc) 6036 return rc; 6037 6038 if (smb3_encryption_required(tcon)) 6039 flags |= CIFS_TRANSFORM_REQ; 6040 6041 memset(&rqst, 0, sizeof(struct smb_rqst)); 6042 rqst.rq_iov = &iov; 6043 rqst.rq_nvec = 1; 6044 6045 if (retries) 6046 smb2_set_replay(server, &rqst); 6047 6048 rc = cifs_send_recv(xid, ses, server, 6049 &rqst, &resp_buftype, flags, &rsp_iov); 6050 free_qfs_info_req(&iov); 6051 if (rc) { 6052 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); 6053 goto qfsattr_exit; 6054 } 6055 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base; 6056 6057 rsp_len = le32_to_cpu(rsp->OutputBufferLength); 6058 offset = le16_to_cpu(rsp->OutputBufferOffset); 6059 rc = smb2_validate_iov(offset, rsp_len, &rsp_iov, min_len); 6060 if (rc) 6061 goto qfsattr_exit; 6062 6063 if (level == FS_ATTRIBUTE_INFORMATION) 6064 memcpy(&tcon->fsAttrInfo, offset 6065 + (char *)rsp, min_t(unsigned int, 6066 rsp_len, max_len)); 6067 else if (level == FS_DEVICE_INFORMATION) 6068 memcpy(&tcon->fsDevInfo, offset 6069 + (char *)rsp, sizeof(FILE_SYSTEM_DEVICE_INFO)); 6070 else if (level == FS_SECTOR_SIZE_INFORMATION) { 6071 struct smb3_fs_ss_info *ss_info = (struct smb3_fs_ss_info *) 6072 (offset + (char *)rsp); 6073 tcon->ss_flags = le32_to_cpu(ss_info->Flags); 6074 tcon->perf_sector_size = 6075 le32_to_cpu(ss_info->PhysicalBytesPerSectorForPerf); 6076 } else if (level == FS_VOLUME_INFORMATION) { 6077 struct smb3_fs_vol_info *vol_info = (struct smb3_fs_vol_info *) 6078 (offset + (char *)rsp); 6079 tcon->vol_serial_number = vol_info->VolumeSerialNumber; 6080 tcon->vol_create_time = vol_info->VolumeCreationTime; 6081 } 6082 6083 qfsattr_exit: 6084 free_rsp_buf(resp_buftype, rsp_iov.iov_base); 6085 6086 if (is_replayable_error(rc) && 6087 smb2_should_replay(tcon, &retries, &cur_sleep)) 6088 goto replay_again; 6089 6090 return rc; 6091 } 6092 6093 int smb2_lockv(const unsigned int xid,struct cifs_tcon * tcon,const __u64 persist_fid,const __u64 volatile_fid,const __u32 pid,const __u32 num_lock,struct smb2_lock_element * buf)6094 smb2_lockv(const unsigned int xid, struct cifs_tcon *tcon, 6095 const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid, 6096 const __u32 num_lock, struct smb2_lock_element *buf) 6097 { 6098 struct smb_rqst rqst; 6099 int rc = 0; 6100 struct smb2_lock_req *req = NULL; 6101 struct kvec iov[2]; 6102 struct kvec rsp_iov; 6103 int resp_buf_type; 6104 unsigned int count; 6105 int flags = CIFS_NO_RSP_BUF; 6106 unsigned int total_len; 6107 struct TCP_Server_Info *server; 6108 int retries = 0, cur_sleep = 1; 6109 6110 replay_again: 6111 /* reinitialize for possible replay */ 6112 flags = CIFS_NO_RSP_BUF; 6113 server = cifs_pick_channel(tcon->ses); 6114 6115 cifs_dbg(FYI, "smb2_lockv num lock %d\n", num_lock); 6116 6117 rc = smb2_plain_req_init(SMB2_LOCK, tcon, server, 6118 (void **) &req, &total_len); 6119 if (rc) 6120 return rc; 6121 6122 if (smb3_encryption_required(tcon)) 6123 flags |= CIFS_TRANSFORM_REQ; 6124 6125 req->hdr.Id.SyncId.ProcessId = cpu_to_le32(pid); 6126 req->LockCount = cpu_to_le16(num_lock); 6127 6128 req->PersistentFileId = persist_fid; 6129 req->VolatileFileId = volatile_fid; 6130 6131 count = num_lock * sizeof(struct smb2_lock_element); 6132 6133 iov[0].iov_base = (char *)req; 6134 iov[0].iov_len = total_len - sizeof(struct smb2_lock_element); 6135 iov[1].iov_base = (char *)buf; 6136 iov[1].iov_len = count; 6137 6138 cifs_stats_inc(&tcon->stats.cifs_stats.num_locks); 6139 6140 memset(&rqst, 0, sizeof(struct smb_rqst)); 6141 rqst.rq_iov = iov; 6142 rqst.rq_nvec = 2; 6143 6144 if (retries) 6145 smb2_set_replay(server, &rqst); 6146 6147 rc = cifs_send_recv(xid, tcon->ses, server, 6148 &rqst, &resp_buf_type, flags, 6149 &rsp_iov); 6150 cifs_small_buf_release(req); 6151 if (rc) { 6152 cifs_dbg(FYI, "Send error in smb2_lockv = %d\n", rc); 6153 cifs_stats_fail_inc(tcon, SMB2_LOCK_HE); 6154 trace_smb3_lock_err(xid, persist_fid, tcon->tid, 6155 tcon->ses->Suid, rc); 6156 } 6157 6158 if (is_replayable_error(rc) && 6159 smb2_should_replay(tcon, &retries, &cur_sleep)) 6160 goto replay_again; 6161 6162 return rc; 6163 } 6164 6165 int SMB2_lock(const unsigned int xid,struct cifs_tcon * tcon,const __u64 persist_fid,const __u64 volatile_fid,const __u32 pid,const __u64 length,const __u64 offset,const __u32 lock_flags,const bool wait)6166 SMB2_lock(const unsigned int xid, struct cifs_tcon *tcon, 6167 const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid, 6168 const __u64 length, const __u64 offset, const __u32 lock_flags, 6169 const bool wait) 6170 { 6171 struct smb2_lock_element lock; 6172 6173 lock.Offset = cpu_to_le64(offset); 6174 lock.Length = cpu_to_le64(length); 6175 lock.Flags = cpu_to_le32(lock_flags); 6176 if (!wait && lock_flags != SMB2_LOCKFLAG_UNLOCK) 6177 lock.Flags |= cpu_to_le32(SMB2_LOCKFLAG_FAIL_IMMEDIATELY); 6178 6179 return smb2_lockv(xid, tcon, persist_fid, volatile_fid, pid, 1, &lock); 6180 } 6181 6182 int SMB2_lease_break(const unsigned int xid,struct cifs_tcon * tcon,__u8 * lease_key,const __le32 lease_state)6183 SMB2_lease_break(const unsigned int xid, struct cifs_tcon *tcon, 6184 __u8 *lease_key, const __le32 lease_state) 6185 { 6186 struct smb_rqst rqst; 6187 int rc; 6188 struct smb2_lease_ack *req = NULL; 6189 struct cifs_ses *ses = tcon->ses; 6190 int flags = CIFS_OBREAK_OP; 6191 unsigned int total_len; 6192 struct kvec iov[1]; 6193 struct kvec rsp_iov; 6194 int resp_buf_type; 6195 __u64 *please_key_high; 6196 __u64 *please_key_low; 6197 struct TCP_Server_Info *server = cifs_pick_channel(tcon->ses); 6198 6199 cifs_dbg(FYI, "SMB2_lease_break\n"); 6200 rc = smb2_plain_req_init(SMB2_OPLOCK_BREAK, tcon, server, 6201 (void **) &req, &total_len); 6202 if (rc) 6203 return rc; 6204 6205 if (smb3_encryption_required(tcon)) 6206 flags |= CIFS_TRANSFORM_REQ; 6207 6208 req->hdr.CreditRequest = cpu_to_le16(1); 6209 req->StructureSize = cpu_to_le16(36); 6210 total_len += 12; 6211 6212 memcpy(req->LeaseKey, lease_key, SMB2_LEASE_KEY_SIZE); 6213 req->LeaseState = lease_state; 6214 6215 flags |= CIFS_NO_RSP_BUF; 6216 6217 iov[0].iov_base = (char *)req; 6218 iov[0].iov_len = total_len; 6219 6220 memset(&rqst, 0, sizeof(struct smb_rqst)); 6221 rqst.rq_iov = iov; 6222 rqst.rq_nvec = 1; 6223 6224 rc = cifs_send_recv(xid, ses, server, 6225 &rqst, &resp_buf_type, flags, &rsp_iov); 6226 cifs_small_buf_release(req); 6227 6228 please_key_low = (__u64 *)lease_key; 6229 please_key_high = (__u64 *)(lease_key+8); 6230 if (rc) { 6231 cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE); 6232 trace_smb3_lease_err(le32_to_cpu(lease_state), tcon->tid, 6233 ses->Suid, *please_key_low, *please_key_high, rc); 6234 cifs_dbg(FYI, "Send error in Lease Break = %d\n", rc); 6235 } else 6236 trace_smb3_lease_done(le32_to_cpu(lease_state), tcon->tid, 6237 ses->Suid, *please_key_low, *please_key_high); 6238 6239 return rc; 6240 } 6241