1 // SPDX-License-Identifier: LGPL-2.1
2 /*
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 */
8
9 #include <linux/slab.h>
10 #include <linux/ctype.h>
11 #include <linux/mempool.h>
12 #include <linux/vmalloc.h>
13 #include "cifsglob.h"
14 #include "cifsproto.h"
15 #include "cifs_debug.h"
16 #include "smberr.h"
17 #include "nterr.h"
18 #include "cifs_unicode.h"
19 #include "smb2pdu.h"
20 #include "smb2proto.h"
21 #include "smb1proto.h"
22 #include "cifsfs.h"
23 #ifdef CONFIG_CIFS_DFS_UPCALL
24 #include "dns_resolve.h"
25 #include "dfs_cache.h"
26 #include "dfs.h"
27 #endif
28 #include "fs_context.h"
29 #include "cached_dir.h"
30
31 struct tcon_list {
32 struct list_head entry;
33 struct cifs_tcon *tcon;
34 };
35
36 /* The xid serves as a useful identifier for each incoming vfs request,
37 in a similar way to the mid which is useful to track each sent smb,
38 and CurrentXid can also provide a running counter (although it
39 will eventually wrap past zero) of the total vfs operations handled
40 since the cifs fs was mounted */
41
42 unsigned int
_get_xid(void)43 _get_xid(void)
44 {
45 unsigned int xid;
46
47 spin_lock(&GlobalMid_Lock);
48 GlobalTotalActiveXid++;
49
50 /* keep high water mark for number of simultaneous ops in filesystem */
51 if (GlobalTotalActiveXid > GlobalMaxActiveXid)
52 GlobalMaxActiveXid = GlobalTotalActiveXid;
53 if (GlobalTotalActiveXid > 65000)
54 cifs_dbg(FYI, "warning: more than 65000 requests active\n");
55 xid = GlobalCurrentXid++;
56 spin_unlock(&GlobalMid_Lock);
57 return xid;
58 }
59
60 void
_free_xid(unsigned int xid)61 _free_xid(unsigned int xid)
62 {
63 spin_lock(&GlobalMid_Lock);
64 /* if (GlobalTotalActiveXid == 0)
65 BUG(); */
66 GlobalTotalActiveXid--;
67 spin_unlock(&GlobalMid_Lock);
68 }
69
70 struct cifs_ses *
sesInfoAlloc(void)71 sesInfoAlloc(void)
72 {
73 struct cifs_ses *ret_buf;
74
75 ret_buf = kzalloc_obj(struct cifs_ses);
76 if (ret_buf) {
77 atomic_inc(&sesInfoAllocCount);
78 spin_lock_init(&ret_buf->ses_lock);
79 ret_buf->ses_status = SES_NEW;
80 ++ret_buf->ses_count;
81 INIT_LIST_HEAD(&ret_buf->smb_ses_list);
82 INIT_LIST_HEAD(&ret_buf->tcon_list);
83 mutex_init(&ret_buf->session_mutex);
84 spin_lock_init(&ret_buf->iface_lock);
85 INIT_LIST_HEAD(&ret_buf->iface_list);
86 spin_lock_init(&ret_buf->chan_lock);
87 }
88 return ret_buf;
89 }
90
91 void
sesInfoFree(struct cifs_ses * buf_to_free)92 sesInfoFree(struct cifs_ses *buf_to_free)
93 {
94 struct cifs_server_iface *iface = NULL, *niface = NULL;
95
96 if (buf_to_free == NULL) {
97 cifs_dbg(FYI, "Null buffer passed to sesInfoFree\n");
98 return;
99 }
100
101 unload_nls(buf_to_free->local_nls);
102 atomic_dec(&sesInfoAllocCount);
103 kfree(buf_to_free->serverOS);
104 kfree(buf_to_free->serverDomain);
105 kfree(buf_to_free->serverNOS);
106 kfree_sensitive(buf_to_free->password);
107 kfree_sensitive(buf_to_free->password2);
108 kfree(buf_to_free->user_name);
109 kfree(buf_to_free->domainName);
110 kfree(buf_to_free->dns_dom);
111 kfree_sensitive(buf_to_free->auth_key.response);
112 spin_lock(&buf_to_free->iface_lock);
113 list_for_each_entry_safe(iface, niface, &buf_to_free->iface_list,
114 iface_head)
115 kref_put(&iface->refcount, release_iface);
116 spin_unlock(&buf_to_free->iface_lock);
117 kfree_sensitive(buf_to_free);
118 }
119
120 struct cifs_tcon *
tcon_info_alloc(bool dir_leases_enabled,enum smb3_tcon_ref_trace trace)121 tcon_info_alloc(bool dir_leases_enabled, enum smb3_tcon_ref_trace trace)
122 {
123 struct cifs_tcon *ret_buf;
124 static atomic_t tcon_debug_id;
125
126 ret_buf = kzalloc_obj(*ret_buf);
127 if (!ret_buf)
128 return NULL;
129
130 if (dir_leases_enabled == true) {
131 ret_buf->cfids = init_cached_dirs();
132 if (!ret_buf->cfids) {
133 kfree(ret_buf);
134 return NULL;
135 }
136 }
137 /* else ret_buf->cfids is already set to NULL above */
138
139 atomic_inc(&tconInfoAllocCount);
140 ret_buf->status = TID_NEW;
141 ret_buf->debug_id = atomic_inc_return(&tcon_debug_id);
142 ret_buf->tc_count = 1;
143 spin_lock_init(&ret_buf->tc_lock);
144 INIT_LIST_HEAD(&ret_buf->openFileList);
145 INIT_LIST_HEAD(&ret_buf->tcon_list);
146 INIT_LIST_HEAD(&ret_buf->cifs_sb_list);
147 spin_lock_init(&ret_buf->open_file_lock);
148 spin_lock_init(&ret_buf->stat_lock);
149 spin_lock_init(&ret_buf->sb_list_lock);
150 atomic_set(&ret_buf->num_local_opens, 0);
151 atomic_set(&ret_buf->num_remote_opens, 0);
152 ret_buf->stats_from_time = ktime_get_real_seconds();
153 #ifdef CONFIG_CIFS_FSCACHE
154 mutex_init(&ret_buf->fscache_lock);
155 #endif
156 trace_smb3_tcon_ref(ret_buf->debug_id, ret_buf->tc_count, trace);
157 #ifdef CONFIG_CIFS_DFS_UPCALL
158 INIT_LIST_HEAD(&ret_buf->dfs_ses_list);
159 #endif
160 INIT_LIST_HEAD(&ret_buf->pending_opens);
161 INIT_DELAYED_WORK(&ret_buf->query_interfaces,
162 smb2_query_server_interfaces);
163 #ifdef CONFIG_CIFS_DFS_UPCALL
164 INIT_DELAYED_WORK(&ret_buf->dfs_cache_work, dfs_cache_refresh);
165 #endif
166
167 return ret_buf;
168 }
169
170 void
tconInfoFree(struct cifs_tcon * tcon,enum smb3_tcon_ref_trace trace)171 tconInfoFree(struct cifs_tcon *tcon, enum smb3_tcon_ref_trace trace)
172 {
173 if (tcon == NULL) {
174 cifs_dbg(FYI, "Null buffer passed to tconInfoFree\n");
175 return;
176 }
177 trace_smb3_tcon_ref(tcon->debug_id, tcon->tc_count, trace);
178 free_cached_dirs(tcon->cfids);
179 atomic_dec(&tconInfoAllocCount);
180 kfree(tcon->nativeFileSystem);
181 kfree_sensitive(tcon->password);
182 kfree(tcon->origin_fullpath);
183 kfree(tcon);
184 }
185
186 void *
cifs_buf_get(void)187 cifs_buf_get(void)
188 {
189 void *ret_buf = NULL;
190 /*
191 * SMB2 header is bigger than CIFS one - no problems to clean some
192 * more bytes for CIFS.
193 */
194 size_t buf_size = sizeof(struct smb2_hdr);
195
196 /*
197 * We could use negotiated size instead of max_msgsize -
198 * but it may be more efficient to always alloc same size
199 * albeit slightly larger than necessary and maxbuffersize
200 * defaults to this and can not be bigger.
201 */
202 ret_buf = mempool_alloc(cifs_req_poolp, GFP_NOFS);
203
204 /* clear the first few header bytes */
205 /* for most paths, more is cleared in header_assemble */
206 memset(ret_buf, 0, buf_size + 3);
207 atomic_inc(&buf_alloc_count);
208 #ifdef CONFIG_CIFS_STATS2
209 atomic_inc(&total_buf_alloc_count);
210 #endif /* CONFIG_CIFS_STATS2 */
211
212 return ret_buf;
213 }
214
215 void
cifs_buf_release(void * buf_to_free)216 cifs_buf_release(void *buf_to_free)
217 {
218 if (buf_to_free == NULL) {
219 /* cifs_dbg(FYI, "Null buffer passed to cifs_buf_release\n");*/
220 return;
221 }
222 mempool_free(buf_to_free, cifs_req_poolp);
223
224 atomic_dec(&buf_alloc_count);
225 return;
226 }
227
228 void *
cifs_small_buf_get(void)229 cifs_small_buf_get(void)
230 {
231 void *ret_buf = NULL;
232
233 /* We could use negotiated size instead of max_msgsize -
234 but it may be more efficient to always alloc same size
235 albeit slightly larger than necessary and maxbuffersize
236 defaults to this and can not be bigger */
237 ret_buf = mempool_alloc(cifs_sm_req_poolp, GFP_NOFS);
238 /* No need to clear memory here, cleared in header assemble */
239 atomic_inc(&small_buf_alloc_count);
240 #ifdef CONFIG_CIFS_STATS2
241 atomic_inc(&total_small_buf_alloc_count);
242 #endif /* CONFIG_CIFS_STATS2 */
243
244 return ret_buf;
245 }
246
247 void
cifs_small_buf_release(void * buf_to_free)248 cifs_small_buf_release(void *buf_to_free)
249 {
250
251 if (buf_to_free == NULL) {
252 cifs_dbg(FYI, "Null buffer passed to cifs_small_buf_release\n");
253 return;
254 }
255 mempool_free(buf_to_free, cifs_sm_req_poolp);
256
257 atomic_dec(&small_buf_alloc_count);
258 return;
259 }
260
261 void
free_rsp_buf(int resp_buftype,void * rsp)262 free_rsp_buf(int resp_buftype, void *rsp)
263 {
264 if (resp_buftype == CIFS_SMALL_BUFFER)
265 cifs_small_buf_release(rsp);
266 else if (resp_buftype == CIFS_LARGE_BUFFER)
267 cifs_buf_release(rsp);
268 }
269
270 void
dump_smb(void * buf,int smb_buf_length)271 dump_smb(void *buf, int smb_buf_length)
272 {
273 if (traceSMB == 0)
274 return;
275
276 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_NONE, 8, 2, buf,
277 smb_buf_length, true);
278 }
279
280 void
cifs_autodisable_serverino(struct cifs_sb_info * cifs_sb)281 cifs_autodisable_serverino(struct cifs_sb_info *cifs_sb)
282 {
283 unsigned int sbflags = cifs_sb_flags(cifs_sb);
284
285 if (sbflags & CIFS_MOUNT_SERVER_INUM) {
286 struct cifs_tcon *tcon = NULL;
287
288 if (cifs_sb->master_tlink)
289 tcon = cifs_sb_master_tcon(cifs_sb);
290
291 atomic_andnot(CIFS_MOUNT_SERVER_INUM, &cifs_sb->mnt_cifs_flags);
292 cifs_sb->mnt_cifs_serverino_autodisabled = true;
293 cifs_dbg(VFS, "Autodisabling the use of server inode numbers on %s\n",
294 tcon ? tcon->tree_name : "new server");
295 cifs_dbg(VFS, "The server doesn't seem to support them properly or the files might be on different servers (DFS)\n");
296 cifs_dbg(VFS, "Hardlinks will not be recognized on this mount. Consider mounting with the \"noserverino\" option to silence this message.\n");
297
298 }
299 }
300
cifs_set_oplock_level(struct cifsInodeInfo * cinode,__u32 oplock)301 void cifs_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock)
302 {
303 oplock &= 0xF;
304
305 if (oplock == OPLOCK_EXCLUSIVE) {
306 cinode->oplock = CIFS_CACHE_WRITE_FLG | CIFS_CACHE_READ_FLG;
307 cifs_dbg(FYI, "Exclusive Oplock granted on inode %p\n",
308 &cinode->netfs.inode);
309 } else if (oplock == OPLOCK_READ) {
310 cinode->oplock = CIFS_CACHE_READ_FLG;
311 cifs_dbg(FYI, "Level II Oplock granted on inode %p\n",
312 &cinode->netfs.inode);
313 } else
314 cinode->oplock = 0;
315 }
316
317 /*
318 * We wait for oplock breaks to be processed before we attempt to perform
319 * writes.
320 */
cifs_get_writer(struct cifsInodeInfo * cinode)321 int cifs_get_writer(struct cifsInodeInfo *cinode)
322 {
323 int rc;
324
325 start:
326 rc = wait_on_bit(&cinode->flags, CIFS_INODE_PENDING_OPLOCK_BREAK,
327 TASK_KILLABLE);
328 if (rc)
329 return rc;
330
331 spin_lock(&cinode->writers_lock);
332 if (!cinode->writers)
333 set_bit(CIFS_INODE_PENDING_WRITERS, &cinode->flags);
334 cinode->writers++;
335 /* Check to see if we have started servicing an oplock break */
336 if (test_bit(CIFS_INODE_PENDING_OPLOCK_BREAK, &cinode->flags)) {
337 cinode->writers--;
338 if (cinode->writers == 0) {
339 clear_bit(CIFS_INODE_PENDING_WRITERS, &cinode->flags);
340 wake_up_bit(&cinode->flags, CIFS_INODE_PENDING_WRITERS);
341 }
342 spin_unlock(&cinode->writers_lock);
343 goto start;
344 }
345 spin_unlock(&cinode->writers_lock);
346 return 0;
347 }
348
cifs_put_writer(struct cifsInodeInfo * cinode)349 void cifs_put_writer(struct cifsInodeInfo *cinode)
350 {
351 spin_lock(&cinode->writers_lock);
352 cinode->writers--;
353 if (cinode->writers == 0) {
354 clear_bit(CIFS_INODE_PENDING_WRITERS, &cinode->flags);
355 wake_up_bit(&cinode->flags, CIFS_INODE_PENDING_WRITERS);
356 }
357 spin_unlock(&cinode->writers_lock);
358 }
359
360 /**
361 * cifs_queue_oplock_break - queue the oplock break handler for cfile
362 * @cfile: The file to break the oplock on
363 *
364 * This function is called from the demultiplex thread when it
365 * receives an oplock break for @cfile.
366 *
367 * Assumes the tcon->open_file_lock is held.
368 * Assumes cfile->file_info_lock is NOT held.
369 */
cifs_queue_oplock_break(struct cifsFileInfo * cfile)370 void cifs_queue_oplock_break(struct cifsFileInfo *cfile)
371 {
372 /*
373 * Bump the handle refcount now while we hold the
374 * open_file_lock to enforce the validity of it for the oplock
375 * break handler. The matching put is done at the end of the
376 * handler.
377 */
378 cifsFileInfo_get(cfile);
379
380 queue_work(cifsoplockd_wq, &cfile->oplock_break);
381 }
382
cifs_done_oplock_break(struct cifsInodeInfo * cinode)383 void cifs_done_oplock_break(struct cifsInodeInfo *cinode)
384 {
385 clear_bit(CIFS_INODE_PENDING_OPLOCK_BREAK, &cinode->flags);
386 wake_up_bit(&cinode->flags, CIFS_INODE_PENDING_OPLOCK_BREAK);
387 }
388
389 bool
backup_cred(struct cifs_sb_info * cifs_sb)390 backup_cred(struct cifs_sb_info *cifs_sb)
391 {
392 unsigned int sbflags = cifs_sb_flags(cifs_sb);
393
394 if (sbflags & CIFS_MOUNT_CIFS_BACKUPUID) {
395 if (uid_eq(cifs_sb->ctx->backupuid, current_fsuid()))
396 return true;
397 }
398 if (sbflags & CIFS_MOUNT_CIFS_BACKUPGID) {
399 if (in_group_p(cifs_sb->ctx->backupgid))
400 return true;
401 }
402
403 return false;
404 }
405
406 void
cifs_del_pending_open(struct cifs_pending_open * open)407 cifs_del_pending_open(struct cifs_pending_open *open)
408 {
409 spin_lock(&tlink_tcon(open->tlink)->open_file_lock);
410 list_del(&open->olist);
411 spin_unlock(&tlink_tcon(open->tlink)->open_file_lock);
412 }
413
414 void
cifs_add_pending_open_locked(struct cifs_fid * fid,struct tcon_link * tlink,struct cifs_pending_open * open)415 cifs_add_pending_open_locked(struct cifs_fid *fid, struct tcon_link *tlink,
416 struct cifs_pending_open *open)
417 {
418 memcpy(open->lease_key, fid->lease_key, SMB2_LEASE_KEY_SIZE);
419 open->oplock = CIFS_OPLOCK_NO_CHANGE;
420 open->tlink = tlink;
421 fid->pending_open = open;
422 list_add_tail(&open->olist, &tlink_tcon(tlink)->pending_opens);
423 }
424
425 void
cifs_add_pending_open(struct cifs_fid * fid,struct tcon_link * tlink,struct cifs_pending_open * open)426 cifs_add_pending_open(struct cifs_fid *fid, struct tcon_link *tlink,
427 struct cifs_pending_open *open)
428 {
429 spin_lock(&tlink_tcon(tlink)->open_file_lock);
430 cifs_add_pending_open_locked(fid, tlink, open);
431 spin_unlock(&tlink_tcon(open->tlink)->open_file_lock);
432 }
433
434 /*
435 * Critical section which runs after acquiring deferred_lock.
436 * As there is no reference count on cifs_deferred_close, pdclose
437 * should not be used outside deferred_lock.
438 */
439 bool
cifs_is_deferred_close(struct cifsFileInfo * cfile,struct cifs_deferred_close ** pdclose)440 cifs_is_deferred_close(struct cifsFileInfo *cfile, struct cifs_deferred_close **pdclose)
441 {
442 struct cifs_deferred_close *dclose;
443
444 list_for_each_entry(dclose, &CIFS_I(d_inode(cfile->dentry))->deferred_closes, dlist) {
445 if ((dclose->netfid == cfile->fid.netfid) &&
446 (dclose->persistent_fid == cfile->fid.persistent_fid) &&
447 (dclose->volatile_fid == cfile->fid.volatile_fid)) {
448 *pdclose = dclose;
449 return true;
450 }
451 }
452 return false;
453 }
454
455 /*
456 * Critical section which runs after acquiring deferred_lock.
457 */
458 void
cifs_add_deferred_close(struct cifsFileInfo * cfile,struct cifs_deferred_close * dclose)459 cifs_add_deferred_close(struct cifsFileInfo *cfile, struct cifs_deferred_close *dclose)
460 {
461 bool is_deferred = false;
462 struct cifs_deferred_close *pdclose;
463
464 is_deferred = cifs_is_deferred_close(cfile, &pdclose);
465 if (is_deferred) {
466 kfree(dclose);
467 return;
468 }
469
470 dclose->tlink = cfile->tlink;
471 dclose->netfid = cfile->fid.netfid;
472 dclose->persistent_fid = cfile->fid.persistent_fid;
473 dclose->volatile_fid = cfile->fid.volatile_fid;
474 list_add_tail(&dclose->dlist, &CIFS_I(d_inode(cfile->dentry))->deferred_closes);
475 }
476
477 /*
478 * Critical section which runs after acquiring deferred_lock.
479 */
480 void
cifs_del_deferred_close(struct cifsFileInfo * cfile)481 cifs_del_deferred_close(struct cifsFileInfo *cfile)
482 {
483 bool is_deferred = false;
484 struct cifs_deferred_close *dclose;
485
486 is_deferred = cifs_is_deferred_close(cfile, &dclose);
487 if (!is_deferred)
488 return;
489 list_del(&dclose->dlist);
490 kfree(dclose);
491 }
492
493 void
cifs_close_deferred_file(struct cifsInodeInfo * cifs_inode)494 cifs_close_deferred_file(struct cifsInodeInfo *cifs_inode)
495 {
496 struct cifsFileInfo *cfile = NULL;
497 struct file_list *tmp_list, *tmp_next_list;
498 LIST_HEAD(file_head);
499
500 if (cifs_inode == NULL)
501 return;
502
503 spin_lock(&cifs_inode->open_file_lock);
504 list_for_each_entry(cfile, &cifs_inode->openFileList, flist) {
505 if (delayed_work_pending(&cfile->deferred)) {
506 if (cancel_delayed_work(&cfile->deferred)) {
507 spin_lock(&cifs_inode->deferred_lock);
508 cifs_del_deferred_close(cfile);
509 spin_unlock(&cifs_inode->deferred_lock);
510
511 tmp_list = kmalloc_obj(struct file_list,
512 GFP_ATOMIC);
513 if (tmp_list == NULL)
514 break;
515 tmp_list->cfile = cfile;
516 list_add_tail(&tmp_list->list, &file_head);
517 }
518 }
519 }
520 spin_unlock(&cifs_inode->open_file_lock);
521
522 list_for_each_entry_safe(tmp_list, tmp_next_list, &file_head, list) {
523 _cifsFileInfo_put(tmp_list->cfile, false, false);
524 list_del(&tmp_list->list);
525 kfree(tmp_list);
526 }
527 }
528
529 void
cifs_close_all_deferred_files(struct cifs_tcon * tcon)530 cifs_close_all_deferred_files(struct cifs_tcon *tcon)
531 {
532 struct cifsFileInfo *cfile;
533 struct file_list *tmp_list, *tmp_next_list;
534 LIST_HEAD(file_head);
535
536 spin_lock(&tcon->open_file_lock);
537 list_for_each_entry(cfile, &tcon->openFileList, tlist) {
538 if (delayed_work_pending(&cfile->deferred)) {
539 if (cancel_delayed_work(&cfile->deferred)) {
540 spin_lock(&CIFS_I(d_inode(cfile->dentry))->deferred_lock);
541 cifs_del_deferred_close(cfile);
542 spin_unlock(&CIFS_I(d_inode(cfile->dentry))->deferred_lock);
543
544 tmp_list = kmalloc_obj(struct file_list,
545 GFP_ATOMIC);
546 if (tmp_list == NULL)
547 break;
548 tmp_list->cfile = cfile;
549 list_add_tail(&tmp_list->list, &file_head);
550 }
551 }
552 }
553 spin_unlock(&tcon->open_file_lock);
554
555 list_for_each_entry_safe(tmp_list, tmp_next_list, &file_head, list) {
556 _cifsFileInfo_put(tmp_list->cfile, true, false);
557 list_del(&tmp_list->list);
558 kfree(tmp_list);
559 }
560 }
561
cifs_close_all_deferred_files_sb(struct cifs_sb_info * cifs_sb)562 void cifs_close_all_deferred_files_sb(struct cifs_sb_info *cifs_sb)
563 {
564 struct rb_root *root = &cifs_sb->tlink_tree;
565 struct rb_node *node;
566 struct cifs_tcon *tcon;
567 struct tcon_link *tlink;
568 struct tcon_list *tmp_list, *q;
569 LIST_HEAD(tcon_head);
570
571 spin_lock(&cifs_sb->tlink_tree_lock);
572 for (node = rb_first(root); node; node = rb_next(node)) {
573 tlink = rb_entry(node, struct tcon_link, tl_rbnode);
574 tcon = tlink_tcon(tlink);
575 if (IS_ERR(tcon))
576 continue;
577 tmp_list = kmalloc_obj(struct tcon_list, GFP_ATOMIC);
578 if (tmp_list == NULL)
579 break;
580 tmp_list->tcon = tcon;
581 /* Take a reference on tcon to prevent it from being freed */
582 spin_lock(&tcon->tc_lock);
583 ++tcon->tc_count;
584 trace_smb3_tcon_ref(tcon->debug_id, tcon->tc_count,
585 netfs_trace_tcon_ref_get_close_defer_files);
586 spin_unlock(&tcon->tc_lock);
587 list_add_tail(&tmp_list->entry, &tcon_head);
588 }
589 spin_unlock(&cifs_sb->tlink_tree_lock);
590
591 list_for_each_entry_safe(tmp_list, q, &tcon_head, entry) {
592 cifs_close_all_deferred_files(tmp_list->tcon);
593 list_del(&tmp_list->entry);
594 cifs_put_tcon(tmp_list->tcon, netfs_trace_tcon_ref_put_close_defer_files);
595 kfree(tmp_list);
596 }
597 }
598
cifs_close_deferred_file_under_dentry(struct cifs_tcon * tcon,struct dentry * dentry)599 void cifs_close_deferred_file_under_dentry(struct cifs_tcon *tcon,
600 struct dentry *dentry)
601 {
602 struct file_list *tmp_list, *tmp_next_list;
603 struct cifsFileInfo *cfile;
604 LIST_HEAD(file_head);
605
606 spin_lock(&tcon->open_file_lock);
607 list_for_each_entry(cfile, &tcon->openFileList, tlist) {
608 if ((cfile->dentry == dentry) &&
609 delayed_work_pending(&cfile->deferred) &&
610 cancel_delayed_work(&cfile->deferred)) {
611 spin_lock(&CIFS_I(d_inode(cfile->dentry))->deferred_lock);
612 cifs_del_deferred_close(cfile);
613 spin_unlock(&CIFS_I(d_inode(cfile->dentry))->deferred_lock);
614
615 tmp_list = kmalloc_obj(struct file_list, GFP_ATOMIC);
616 if (tmp_list == NULL)
617 break;
618 tmp_list->cfile = cfile;
619 list_add_tail(&tmp_list->list, &file_head);
620 }
621 }
622 spin_unlock(&tcon->open_file_lock);
623
624 list_for_each_entry_safe(tmp_list, tmp_next_list, &file_head, list) {
625 _cifsFileInfo_put(tmp_list->cfile, true, false);
626 list_del(&tmp_list->list);
627 kfree(tmp_list);
628 }
629 }
630
631 /*
632 * If a dentry has been deleted, all corresponding open handles should know that
633 * so that we do not defer close them.
634 */
cifs_mark_open_handles_for_deleted_file(struct inode * inode,const char * path)635 void cifs_mark_open_handles_for_deleted_file(struct inode *inode,
636 const char *path)
637 {
638 struct cifsFileInfo *cfile;
639 void *page;
640 const char *full_path;
641 struct cifsInodeInfo *cinode = CIFS_I(inode);
642
643 page = alloc_dentry_path();
644 spin_lock(&cinode->open_file_lock);
645
646 /*
647 * note: we need to construct path from dentry and compare only if the
648 * inode has any hardlinks. When number of hardlinks is 1, we can just
649 * mark all open handles since they are going to be from the same file.
650 */
651 if (inode->i_nlink > 1) {
652 list_for_each_entry(cfile, &cinode->openFileList, flist) {
653 full_path = build_path_from_dentry(cfile->dentry, page);
654 if (!IS_ERR(full_path) && strcmp(full_path, path) == 0)
655 cfile->status_file_deleted = true;
656 }
657 } else {
658 list_for_each_entry(cfile, &cinode->openFileList, flist)
659 cfile->status_file_deleted = true;
660 }
661 spin_unlock(&cinode->open_file_lock);
662 free_dentry_path(page);
663 }
664
665 /* parses DFS referral V3 structure
666 * caller is responsible for freeing target_nodes
667 * returns:
668 * - on success - 0
669 * - on failure - errno
670 */
671 int
parse_dfs_referrals(struct get_dfs_referral_rsp * rsp,u32 rsp_size,unsigned int * num_of_nodes,struct dfs_info3_param ** target_nodes,const struct nls_table * nls_codepage,int remap,const char * searchName,bool is_unicode)672 parse_dfs_referrals(struct get_dfs_referral_rsp *rsp, u32 rsp_size,
673 unsigned int *num_of_nodes,
674 struct dfs_info3_param **target_nodes,
675 const struct nls_table *nls_codepage, int remap,
676 const char *searchName, bool is_unicode)
677 {
678 int i, rc = 0;
679 char *data_end;
680 struct dfs_referral_level_3 *ref;
681
682 if (rsp_size < sizeof(*rsp)) {
683 cifs_dbg(VFS | ONCE,
684 "%s: header is malformed (size is %u, must be %zu)\n",
685 __func__, rsp_size, sizeof(*rsp));
686 rc = -EINVAL;
687 goto parse_DFS_referrals_exit;
688 }
689
690 *num_of_nodes = le16_to_cpu(rsp->NumberOfReferrals);
691
692 if (*num_of_nodes < 1) {
693 cifs_dbg(VFS | ONCE, "%s: [path=%s] num_referrals must be at least > 0, but we got %d\n",
694 __func__, searchName, *num_of_nodes);
695 rc = -ENOENT;
696 goto parse_DFS_referrals_exit;
697 }
698
699 if (sizeof(*rsp) + *num_of_nodes * sizeof(REFERRAL3) > rsp_size) {
700 cifs_dbg(VFS | ONCE,
701 "%s: malformed buffer (size is %u, must be at least %zu)\n",
702 __func__, rsp_size,
703 sizeof(*rsp) + *num_of_nodes * sizeof(REFERRAL3));
704 rc = -EINVAL;
705 goto parse_DFS_referrals_exit;
706 }
707
708 ref = (struct dfs_referral_level_3 *) &(rsp->referrals);
709 if (ref->VersionNumber != cpu_to_le16(3)) {
710 cifs_dbg(VFS, "Referrals of V%d version are not supported, should be V3\n",
711 le16_to_cpu(ref->VersionNumber));
712 rc = -EINVAL;
713 goto parse_DFS_referrals_exit;
714 }
715
716 /* get the upper boundary of the resp buffer */
717 data_end = (char *)rsp + rsp_size;
718
719 cifs_dbg(FYI, "num_referrals: %d dfs flags: 0x%x ...\n",
720 *num_of_nodes, le32_to_cpu(rsp->DFSFlags));
721
722 *target_nodes = kzalloc_objs(struct dfs_info3_param, *num_of_nodes);
723 if (*target_nodes == NULL) {
724 rc = -ENOMEM;
725 goto parse_DFS_referrals_exit;
726 }
727
728 /* collect necessary data from referrals */
729 for (i = 0; i < *num_of_nodes; i++) {
730 char *temp;
731 int max_len;
732 struct dfs_info3_param *node = (*target_nodes)+i;
733
734 node->flags = le32_to_cpu(rsp->DFSFlags);
735 if (is_unicode) {
736 __le16 *tmp = kmalloc(strlen(searchName)*2 + 2,
737 GFP_KERNEL);
738 if (tmp == NULL) {
739 rc = -ENOMEM;
740 goto parse_DFS_referrals_exit;
741 }
742 cifsConvertToUTF16((__le16 *) tmp, searchName,
743 PATH_MAX, nls_codepage, remap);
744 node->path_consumed = cifs_utf16_bytes(tmp,
745 le16_to_cpu(rsp->PathConsumed),
746 nls_codepage);
747 kfree(tmp);
748 } else
749 node->path_consumed = le16_to_cpu(rsp->PathConsumed);
750
751 node->server_type = le16_to_cpu(ref->ServerType);
752 node->ref_flag = le16_to_cpu(ref->ReferralEntryFlags);
753
754 /* copy DfsPath */
755 temp = (char *)ref + le16_to_cpu(ref->DfsPathOffset);
756 max_len = data_end - temp;
757 node->path_name = cifs_strndup_from_utf16(temp, max_len,
758 is_unicode, nls_codepage);
759 if (!node->path_name) {
760 rc = -ENOMEM;
761 goto parse_DFS_referrals_exit;
762 }
763
764 /* copy link target UNC */
765 temp = (char *)ref + le16_to_cpu(ref->NetworkAddressOffset);
766 max_len = data_end - temp;
767 node->node_name = cifs_strndup_from_utf16(temp, max_len,
768 is_unicode, nls_codepage);
769 if (!node->node_name) {
770 rc = -ENOMEM;
771 goto parse_DFS_referrals_exit;
772 }
773
774 node->ttl = le32_to_cpu(ref->TimeToLive);
775
776 ref++;
777 }
778
779 parse_DFS_referrals_exit:
780 if (rc) {
781 free_dfs_info_array(*target_nodes, *num_of_nodes);
782 *target_nodes = NULL;
783 *num_of_nodes = 0;
784 }
785 return rc;
786 }
787
788 /**
789 * cifs_alloc_hash - allocate hash and hash context together
790 * @name: The name of the crypto hash algo
791 * @sdesc: SHASH descriptor where to put the pointer to the hash TFM
792 *
793 * The caller has to make sure @sdesc is initialized to either NULL or
794 * a valid context. It can be freed via cifs_free_hash().
795 */
796 int
cifs_alloc_hash(const char * name,struct shash_desc ** sdesc)797 cifs_alloc_hash(const char *name, struct shash_desc **sdesc)
798 {
799 int rc = 0;
800 struct crypto_shash *alg = NULL;
801
802 if (*sdesc)
803 return 0;
804
805 alg = crypto_alloc_shash(name, 0, 0);
806 if (IS_ERR(alg)) {
807 cifs_dbg(VFS, "Could not allocate shash TFM '%s'\n", name);
808 rc = PTR_ERR(alg);
809 *sdesc = NULL;
810 return rc;
811 }
812
813 *sdesc = kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(alg), GFP_KERNEL);
814 if (*sdesc == NULL) {
815 cifs_dbg(VFS, "no memory left to allocate shash TFM '%s'\n", name);
816 crypto_free_shash(alg);
817 return -ENOMEM;
818 }
819
820 (*sdesc)->tfm = alg;
821 return 0;
822 }
823
824 /**
825 * cifs_free_hash - free hash and hash context together
826 * @sdesc: Where to find the pointer to the hash TFM
827 *
828 * Freeing a NULL descriptor is safe.
829 */
830 void
cifs_free_hash(struct shash_desc ** sdesc)831 cifs_free_hash(struct shash_desc **sdesc)
832 {
833 if (unlikely(!sdesc) || !*sdesc)
834 return;
835
836 if ((*sdesc)->tfm) {
837 crypto_free_shash((*sdesc)->tfm);
838 (*sdesc)->tfm = NULL;
839 }
840
841 kfree_sensitive(*sdesc);
842 *sdesc = NULL;
843 }
844
extract_unc_hostname(const char * unc,const char ** h,size_t * len)845 void extract_unc_hostname(const char *unc, const char **h, size_t *len)
846 {
847 const char *end;
848
849 /* skip initial slashes */
850 while (*unc && (*unc == '\\' || *unc == '/'))
851 unc++;
852
853 end = unc;
854
855 while (*end && !(*end == '\\' || *end == '/'))
856 end++;
857
858 *h = unc;
859 *len = end - unc;
860 }
861
862 /**
863 * copy_path_name - copy src path to dst, possibly truncating
864 * @dst: The destination buffer
865 * @src: The source name
866 *
867 * returns number of bytes written (including trailing nul)
868 */
copy_path_name(char * dst,const char * src)869 int copy_path_name(char *dst, const char *src)
870 {
871 int name_len;
872
873 /*
874 * PATH_MAX includes nul, so if strlen(src) >= PATH_MAX it
875 * will truncate and strlen(dst) will be PATH_MAX-1
876 */
877 name_len = strscpy(dst, src, PATH_MAX);
878 if (WARN_ON_ONCE(name_len < 0))
879 name_len = PATH_MAX-1;
880
881 /* we count the trailing nul */
882 name_len++;
883 return name_len;
884 }
885
886 struct super_cb_data {
887 void *data;
888 struct super_block *sb;
889 };
890
tcon_super_cb(struct super_block * sb,void * arg)891 static void tcon_super_cb(struct super_block *sb, void *arg)
892 {
893 struct super_cb_data *sd = arg;
894 struct cifs_sb_info *cifs_sb;
895 struct cifs_tcon *t1 = sd->data, *t2;
896
897 if (sd->sb)
898 return;
899
900 cifs_sb = CIFS_SB(sb);
901 t2 = cifs_sb_master_tcon(cifs_sb);
902
903 spin_lock(&t2->tc_lock);
904 if ((t1->ses == t2->ses ||
905 t1->ses->dfs_root_ses == t2->ses->dfs_root_ses) &&
906 t1->ses->server == t2->ses->server &&
907 t2->origin_fullpath &&
908 dfs_src_pathname_equal(t2->origin_fullpath, t1->origin_fullpath))
909 sd->sb = sb;
910 spin_unlock(&t2->tc_lock);
911 }
912
__cifs_get_super(void (* f)(struct super_block *,void *),void * data)913 static struct super_block *__cifs_get_super(void (*f)(struct super_block *, void *),
914 void *data)
915 {
916 struct super_cb_data sd = {
917 .data = data,
918 .sb = NULL,
919 };
920 struct file_system_type **fs_type = (struct file_system_type *[]) {
921 &cifs_fs_type, &smb3_fs_type, NULL,
922 };
923
924 for (; *fs_type; fs_type++) {
925 iterate_supers_type(*fs_type, f, &sd);
926 if (sd.sb) {
927 /*
928 * Grab an active reference in order to prevent automounts (DFS links)
929 * of expiring and then freeing up our cifs superblock pointer while
930 * we're doing failover.
931 */
932 cifs_sb_active(sd.sb);
933 return sd.sb;
934 }
935 }
936 pr_warn_once("%s: could not find dfs superblock\n", __func__);
937 return ERR_PTR(-EINVAL);
938 }
939
__cifs_put_super(struct super_block * sb)940 static void __cifs_put_super(struct super_block *sb)
941 {
942 if (!IS_ERR_OR_NULL(sb))
943 cifs_sb_deactive(sb);
944 }
945
cifs_get_dfs_tcon_super(struct cifs_tcon * tcon)946 struct super_block *cifs_get_dfs_tcon_super(struct cifs_tcon *tcon)
947 {
948 spin_lock(&tcon->tc_lock);
949 if (!tcon->origin_fullpath) {
950 spin_unlock(&tcon->tc_lock);
951 return ERR_PTR(-ENOENT);
952 }
953 spin_unlock(&tcon->tc_lock);
954 return __cifs_get_super(tcon_super_cb, tcon);
955 }
956
cifs_put_tcp_super(struct super_block * sb)957 void cifs_put_tcp_super(struct super_block *sb)
958 {
959 __cifs_put_super(sb);
960 }
961
962 #ifdef CONFIG_CIFS_DFS_UPCALL
match_target_ip(struct TCP_Server_Info * server,const char * host,size_t hostlen,bool * result)963 int match_target_ip(struct TCP_Server_Info *server,
964 const char *host, size_t hostlen,
965 bool *result)
966 {
967 struct sockaddr_storage ss;
968 int rc;
969
970 cifs_dbg(FYI, "%s: hostname=%.*s\n", __func__, (int)hostlen, host);
971
972 *result = false;
973
974 rc = dns_resolve_name(server->dns_dom, host, hostlen,
975 (struct sockaddr *)&ss);
976 if (rc < 0)
977 return rc;
978
979 spin_lock(&server->srv_lock);
980 *result = cifs_match_ipaddr((struct sockaddr *)&server->dstaddr, (struct sockaddr *)&ss);
981 spin_unlock(&server->srv_lock);
982 cifs_dbg(FYI, "%s: ip addresses matched: %s\n", __func__, str_yes_no(*result));
983 return 0;
984 }
985
cifs_update_super_prepath(struct cifs_sb_info * cifs_sb,char * prefix)986 int cifs_update_super_prepath(struct cifs_sb_info *cifs_sb, char *prefix)
987 {
988 int rc;
989
990 kfree(cifs_sb->prepath);
991 cifs_sb->prepath = NULL;
992
993 if (prefix && *prefix) {
994 cifs_sb->prepath = cifs_sanitize_prepath(prefix, GFP_ATOMIC);
995 if (IS_ERR(cifs_sb->prepath)) {
996 rc = PTR_ERR(cifs_sb->prepath);
997 cifs_sb->prepath = NULL;
998 return rc;
999 }
1000 if (cifs_sb->prepath)
1001 convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb));
1002 }
1003
1004 atomic_or(CIFS_MOUNT_USE_PREFIX_PATH, &cifs_sb->mnt_cifs_flags);
1005 return 0;
1006 }
1007
1008 /*
1009 * Handle weird Windows SMB server behaviour. It responds with
1010 * STATUS_OBJECT_NAME_INVALID code to SMB2 QUERY_INFO request for
1011 * "\<server>\<dfsname>\<linkpath>" DFS reference, where <dfsname> contains
1012 * non-ASCII unicode symbols.
1013 */
cifs_inval_name_dfs_link_error(const unsigned int xid,struct cifs_tcon * tcon,struct cifs_sb_info * cifs_sb,const char * full_path,bool * islink)1014 int cifs_inval_name_dfs_link_error(const unsigned int xid,
1015 struct cifs_tcon *tcon,
1016 struct cifs_sb_info *cifs_sb,
1017 const char *full_path,
1018 bool *islink)
1019 {
1020 struct TCP_Server_Info *server = tcon->ses->server;
1021 struct cifs_ses *ses = tcon->ses;
1022 size_t len;
1023 char *path;
1024 char *ref_path;
1025
1026 *islink = false;
1027
1028 /*
1029 * Fast path - skip check when @full_path doesn't have a prefix path to
1030 * look up or tcon is not DFS.
1031 */
1032 if (strlen(full_path) < 2 || !cifs_sb ||
1033 (cifs_sb_flags(cifs_sb) & CIFS_MOUNT_NO_DFS) ||
1034 !is_tcon_dfs(tcon))
1035 return 0;
1036
1037 spin_lock(&server->srv_lock);
1038 if (!server->leaf_fullpath) {
1039 spin_unlock(&server->srv_lock);
1040 return 0;
1041 }
1042 spin_unlock(&server->srv_lock);
1043
1044 /*
1045 * Slow path - tcon is DFS and @full_path has prefix path, so attempt
1046 * to get a referral to figure out whether it is an DFS link.
1047 */
1048 len = strnlen(tcon->tree_name, MAX_TREE_SIZE + 1) + strlen(full_path) + 1;
1049 path = kmalloc(len, GFP_KERNEL);
1050 if (!path)
1051 return -ENOMEM;
1052
1053 scnprintf(path, len, "%s%s", tcon->tree_name, full_path);
1054 ref_path = dfs_cache_canonical_path(path + 1, cifs_sb->local_nls,
1055 cifs_remap(cifs_sb));
1056 kfree(path);
1057
1058 if (IS_ERR(ref_path)) {
1059 if (PTR_ERR(ref_path) != -EINVAL)
1060 return PTR_ERR(ref_path);
1061 } else {
1062 struct dfs_info3_param *refs = NULL;
1063 int num_refs = 0;
1064
1065 /*
1066 * XXX: we are not using dfs_cache_find() here because we might
1067 * end up filling all the DFS cache and thus potentially
1068 * removing cached DFS targets that the client would eventually
1069 * need during failover.
1070 */
1071 ses = CIFS_DFS_ROOT_SES(ses);
1072 if (ses->server->ops->get_dfs_refer &&
1073 !ses->server->ops->get_dfs_refer(xid, ses, ref_path, &refs,
1074 &num_refs, cifs_sb->local_nls,
1075 cifs_remap(cifs_sb)))
1076 *islink = refs[0].server_type == DFS_TYPE_LINK;
1077 free_dfs_info_array(refs, num_refs);
1078 kfree(ref_path);
1079 }
1080 return 0;
1081 }
1082 #endif
1083
cifs_wait_for_server_reconnect(struct TCP_Server_Info * server,bool retry)1084 int cifs_wait_for_server_reconnect(struct TCP_Server_Info *server, bool retry)
1085 {
1086 int timeout = 10;
1087 int rc;
1088
1089 spin_lock(&server->srv_lock);
1090 if (server->tcpStatus != CifsNeedReconnect) {
1091 spin_unlock(&server->srv_lock);
1092 return 0;
1093 }
1094 timeout *= server->nr_targets;
1095 spin_unlock(&server->srv_lock);
1096
1097 /*
1098 * Give demultiplex thread up to 10 seconds to each target available for
1099 * reconnect -- should be greater than cifs socket timeout which is 7
1100 * seconds.
1101 *
1102 * On "soft" mounts we wait once. Hard mounts keep retrying until
1103 * process is killed or server comes back on-line.
1104 */
1105 do {
1106 rc = wait_event_interruptible_timeout(server->response_q,
1107 (server->tcpStatus != CifsNeedReconnect),
1108 timeout * HZ);
1109 if (rc < 0) {
1110 cifs_dbg(FYI, "%s: aborting reconnect due to received signal\n",
1111 __func__);
1112 return -ERESTARTSYS;
1113 }
1114
1115 /* are we still trying to reconnect? */
1116 spin_lock(&server->srv_lock);
1117 if (server->tcpStatus != CifsNeedReconnect) {
1118 spin_unlock(&server->srv_lock);
1119 return 0;
1120 }
1121 spin_unlock(&server->srv_lock);
1122 } while (retry);
1123
1124 cifs_dbg(FYI, "%s: gave up waiting on reconnect\n", __func__);
1125 return -EHOSTDOWN;
1126 }
1127