1 // SPDX-License-Identifier: LGPL-2.1
2 /*
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 */
8
9 #include <linux/slab.h>
10 #include <linux/ctype.h>
11 #include <linux/mempool.h>
12 #include <linux/vmalloc.h>
13 #include "cifsglob.h"
14 #include "cifsproto.h"
15 #include "cifs_debug.h"
16 #include "smberr.h"
17 #include "nterr.h"
18 #include "cifs_unicode.h"
19 #include "smb2pdu.h"
20 #include "smb2proto.h"
21 #include "smb1proto.h"
22 #include "cifsfs.h"
23 #ifdef CONFIG_CIFS_DFS_UPCALL
24 #include "dns_resolve.h"
25 #include "dfs_cache.h"
26 #include "dfs.h"
27 #endif
28 #include "fs_context.h"
29 #include "cached_dir.h"
30
31 struct tcon_list {
32 struct list_head entry;
33 struct cifs_tcon *tcon;
34 };
35
36 /* The xid serves as a useful identifier for each incoming vfs request,
37 in a similar way to the mid which is useful to track each sent smb,
38 and CurrentXid can also provide a running counter (although it
39 will eventually wrap past zero) of the total vfs operations handled
40 since the cifs fs was mounted */
41
42 unsigned int
_get_xid(void)43 _get_xid(void)
44 {
45 unsigned int xid;
46
47 spin_lock(&GlobalMid_Lock);
48 GlobalTotalActiveXid++;
49
50 /* keep high water mark for number of simultaneous ops in filesystem */
51 if (GlobalTotalActiveXid > GlobalMaxActiveXid)
52 GlobalMaxActiveXid = GlobalTotalActiveXid;
53 if (GlobalTotalActiveXid > 65000)
54 cifs_dbg(FYI, "warning: more than 65000 requests active\n");
55 xid = GlobalCurrentXid++;
56 spin_unlock(&GlobalMid_Lock);
57 return xid;
58 }
59
60 void
_free_xid(unsigned int xid)61 _free_xid(unsigned int xid)
62 {
63 spin_lock(&GlobalMid_Lock);
64 /* if (GlobalTotalActiveXid == 0)
65 BUG(); */
66 GlobalTotalActiveXid--;
67 spin_unlock(&GlobalMid_Lock);
68 }
69
70 struct cifs_ses *
sesInfoAlloc(void)71 sesInfoAlloc(void)
72 {
73 struct cifs_ses *ret_buf;
74
75 ret_buf = kzalloc_obj(struct cifs_ses);
76 if (ret_buf) {
77 atomic_inc(&sesInfoAllocCount);
78 spin_lock_init(&ret_buf->ses_lock);
79 ret_buf->ses_status = SES_NEW;
80 ++ret_buf->ses_count;
81 INIT_LIST_HEAD(&ret_buf->smb_ses_list);
82 INIT_LIST_HEAD(&ret_buf->tcon_list);
83 mutex_init(&ret_buf->session_mutex);
84 spin_lock_init(&ret_buf->iface_lock);
85 INIT_LIST_HEAD(&ret_buf->iface_list);
86 spin_lock_init(&ret_buf->chan_lock);
87 }
88 return ret_buf;
89 }
90
91 void
sesInfoFree(struct cifs_ses * buf_to_free)92 sesInfoFree(struct cifs_ses *buf_to_free)
93 {
94 struct cifs_server_iface *iface = NULL, *niface = NULL;
95
96 if (buf_to_free == NULL) {
97 cifs_dbg(FYI, "Null buffer passed to sesInfoFree\n");
98 return;
99 }
100
101 unload_nls(buf_to_free->local_nls);
102 atomic_dec(&sesInfoAllocCount);
103 kfree(buf_to_free->serverOS);
104 kfree(buf_to_free->serverDomain);
105 kfree(buf_to_free->serverNOS);
106 kfree_sensitive(buf_to_free->password);
107 kfree_sensitive(buf_to_free->password2);
108 kfree(buf_to_free->user_name);
109 kfree(buf_to_free->domainName);
110 kfree(buf_to_free->dns_dom);
111 kfree_sensitive(buf_to_free->auth_key.response);
112 spin_lock(&buf_to_free->iface_lock);
113 list_for_each_entry_safe(iface, niface, &buf_to_free->iface_list,
114 iface_head)
115 kref_put(&iface->refcount, release_iface);
116 spin_unlock(&buf_to_free->iface_lock);
117 kfree_sensitive(buf_to_free);
118 }
119
120 struct cifs_tcon *
tcon_info_alloc(bool dir_leases_enabled,enum smb3_tcon_ref_trace trace)121 tcon_info_alloc(bool dir_leases_enabled, enum smb3_tcon_ref_trace trace)
122 {
123 struct cifs_tcon *ret_buf;
124 static atomic_t tcon_debug_id;
125
126 ret_buf = kzalloc_obj(*ret_buf);
127 if (!ret_buf)
128 return NULL;
129
130 if (dir_leases_enabled == true) {
131 ret_buf->cfids = init_cached_dirs();
132 if (!ret_buf->cfids) {
133 kfree(ret_buf);
134 return NULL;
135 }
136 }
137 /* else ret_buf->cfids is already set to NULL above */
138
139 atomic_inc(&tconInfoAllocCount);
140 ret_buf->status = TID_NEW;
141 ret_buf->debug_id = atomic_inc_return(&tcon_debug_id);
142 ret_buf->tc_count = 1;
143 spin_lock_init(&ret_buf->tc_lock);
144 INIT_LIST_HEAD(&ret_buf->openFileList);
145 INIT_LIST_HEAD(&ret_buf->tcon_list);
146 INIT_LIST_HEAD(&ret_buf->cifs_sb_list);
147 spin_lock_init(&ret_buf->open_file_lock);
148 spin_lock_init(&ret_buf->stat_lock);
149 spin_lock_init(&ret_buf->sb_list_lock);
150 atomic_set(&ret_buf->num_local_opens, 0);
151 atomic_set(&ret_buf->num_remote_opens, 0);
152 ret_buf->stats_from_time = ktime_get_real_seconds();
153 #ifdef CONFIG_CIFS_FSCACHE
154 mutex_init(&ret_buf->fscache_lock);
155 #endif
156 trace_smb3_tcon_ref(ret_buf->debug_id, ret_buf->tc_count, trace);
157 #ifdef CONFIG_CIFS_DFS_UPCALL
158 INIT_LIST_HEAD(&ret_buf->dfs_ses_list);
159 #endif
160 INIT_LIST_HEAD(&ret_buf->pending_opens);
161 INIT_DELAYED_WORK(&ret_buf->query_interfaces,
162 smb2_query_server_interfaces);
163 #ifdef CONFIG_CIFS_DFS_UPCALL
164 INIT_DELAYED_WORK(&ret_buf->dfs_cache_work, dfs_cache_refresh);
165 #endif
166
167 return ret_buf;
168 }
169
170 void
tconInfoFree(struct cifs_tcon * tcon,enum smb3_tcon_ref_trace trace)171 tconInfoFree(struct cifs_tcon *tcon, enum smb3_tcon_ref_trace trace)
172 {
173 if (tcon == NULL) {
174 cifs_dbg(FYI, "Null buffer passed to tconInfoFree\n");
175 return;
176 }
177 trace_smb3_tcon_ref(tcon->debug_id, tcon->tc_count, trace);
178 free_cached_dirs(tcon->cfids);
179 atomic_dec(&tconInfoAllocCount);
180 kfree(tcon->nativeFileSystem);
181 kfree_sensitive(tcon->password);
182 kfree(tcon->origin_fullpath);
183 kfree(tcon);
184 }
185
186 void *
cifs_buf_get(void)187 cifs_buf_get(void)
188 {
189 void *ret_buf = NULL;
190 /*
191 * SMB2 header is bigger than CIFS one - no problems to clean some
192 * more bytes for CIFS.
193 */
194 size_t buf_size = sizeof(struct smb2_hdr);
195
196 /*
197 * We could use negotiated size instead of max_msgsize -
198 * but it may be more efficient to always alloc same size
199 * albeit slightly larger than necessary and maxbuffersize
200 * defaults to this and can not be bigger.
201 */
202 ret_buf = mempool_alloc(cifs_req_poolp, GFP_NOFS);
203
204 /* clear the first few header bytes */
205 /* for most paths, more is cleared in header_assemble */
206 memset(ret_buf, 0, buf_size + 3);
207 atomic_inc(&buf_alloc_count);
208 #ifdef CONFIG_CIFS_STATS2
209 atomic_inc(&total_buf_alloc_count);
210 #endif /* CONFIG_CIFS_STATS2 */
211
212 return ret_buf;
213 }
214
215 void
cifs_buf_release(void * buf_to_free)216 cifs_buf_release(void *buf_to_free)
217 {
218 if (buf_to_free == NULL) {
219 /* cifs_dbg(FYI, "Null buffer passed to cifs_buf_release\n");*/
220 return;
221 }
222 mempool_free(buf_to_free, cifs_req_poolp);
223
224 atomic_dec(&buf_alloc_count);
225 return;
226 }
227
228 void *
cifs_small_buf_get(void)229 cifs_small_buf_get(void)
230 {
231 void *ret_buf = NULL;
232
233 /* We could use negotiated size instead of max_msgsize -
234 but it may be more efficient to always alloc same size
235 albeit slightly larger than necessary and maxbuffersize
236 defaults to this and can not be bigger */
237 ret_buf = mempool_alloc(cifs_sm_req_poolp, GFP_NOFS);
238 /* No need to clear memory here, cleared in header assemble */
239 atomic_inc(&small_buf_alloc_count);
240 #ifdef CONFIG_CIFS_STATS2
241 atomic_inc(&total_small_buf_alloc_count);
242 #endif /* CONFIG_CIFS_STATS2 */
243
244 return ret_buf;
245 }
246
247 void
cifs_small_buf_release(void * buf_to_free)248 cifs_small_buf_release(void *buf_to_free)
249 {
250
251 if (buf_to_free == NULL) {
252 cifs_dbg(FYI, "Null buffer passed to cifs_small_buf_release\n");
253 return;
254 }
255 mempool_free(buf_to_free, cifs_sm_req_poolp);
256
257 atomic_dec(&small_buf_alloc_count);
258 return;
259 }
260
261 void
free_rsp_buf(int resp_buftype,void * rsp)262 free_rsp_buf(int resp_buftype, void *rsp)
263 {
264 if (resp_buftype == CIFS_SMALL_BUFFER)
265 cifs_small_buf_release(rsp);
266 else if (resp_buftype == CIFS_LARGE_BUFFER)
267 cifs_buf_release(rsp);
268 }
269
270 void
dump_smb(void * buf,int smb_buf_length)271 dump_smb(void *buf, int smb_buf_length)
272 {
273 if (traceSMB == 0)
274 return;
275
276 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_NONE, 8, 2, buf,
277 smb_buf_length, true);
278 }
279
280 void
cifs_autodisable_serverino(struct cifs_sb_info * cifs_sb)281 cifs_autodisable_serverino(struct cifs_sb_info *cifs_sb)
282 {
283 unsigned int sbflags = cifs_sb_flags(cifs_sb);
284
285 if (sbflags & CIFS_MOUNT_SERVER_INUM) {
286 struct cifs_tcon *tcon = NULL;
287
288 if (cifs_sb->master_tlink)
289 tcon = cifs_sb_master_tcon(cifs_sb);
290
291 atomic_andnot(CIFS_MOUNT_SERVER_INUM, &cifs_sb->mnt_cifs_flags);
292 cifs_sb->mnt_cifs_serverino_autodisabled = true;
293 cifs_dbg(VFS, "Autodisabling the use of server inode numbers on %s\n",
294 tcon ? tcon->tree_name : "new server");
295 cifs_dbg(VFS, "The server doesn't seem to support them properly or the files might be on different servers (DFS)\n");
296 cifs_dbg(VFS, "Hardlinks will not be recognized on this mount. Consider mounting with the \"noserverino\" option to silence this message.\n");
297
298 }
299 }
300
cifs_set_oplock_level(struct cifsInodeInfo * cinode,__u32 oplock)301 void cifs_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock)
302 {
303 oplock &= 0xF;
304
305 if (oplock == OPLOCK_EXCLUSIVE) {
306 cinode->oplock = CIFS_CACHE_WRITE_FLG | CIFS_CACHE_READ_FLG;
307 cifs_dbg(FYI, "Exclusive Oplock granted on inode %p\n",
308 &cinode->netfs.inode);
309 } else if (oplock == OPLOCK_READ) {
310 cinode->oplock = CIFS_CACHE_READ_FLG;
311 cifs_dbg(FYI, "Level II Oplock granted on inode %p\n",
312 &cinode->netfs.inode);
313 } else
314 cinode->oplock = 0;
315 }
316
317 /*
318 * We wait for oplock breaks to be processed before we attempt to perform
319 * writes.
320 */
cifs_get_writer(struct cifsInodeInfo * cinode)321 int cifs_get_writer(struct cifsInodeInfo *cinode)
322 {
323 int rc;
324
325 start:
326 rc = wait_on_bit(&cinode->flags, CIFS_INODE_PENDING_OPLOCK_BREAK,
327 TASK_KILLABLE);
328 if (rc)
329 return rc;
330
331 spin_lock(&cinode->writers_lock);
332 if (!cinode->writers)
333 set_bit(CIFS_INODE_PENDING_WRITERS, &cinode->flags);
334 cinode->writers++;
335 /* Check to see if we have started servicing an oplock break */
336 if (test_bit(CIFS_INODE_PENDING_OPLOCK_BREAK, &cinode->flags)) {
337 cinode->writers--;
338 if (cinode->writers == 0) {
339 clear_bit(CIFS_INODE_PENDING_WRITERS, &cinode->flags);
340 wake_up_bit(&cinode->flags, CIFS_INODE_PENDING_WRITERS);
341 }
342 spin_unlock(&cinode->writers_lock);
343 goto start;
344 }
345 spin_unlock(&cinode->writers_lock);
346 return 0;
347 }
348
cifs_put_writer(struct cifsInodeInfo * cinode)349 void cifs_put_writer(struct cifsInodeInfo *cinode)
350 {
351 spin_lock(&cinode->writers_lock);
352 cinode->writers--;
353 if (cinode->writers == 0) {
354 clear_bit(CIFS_INODE_PENDING_WRITERS, &cinode->flags);
355 wake_up_bit(&cinode->flags, CIFS_INODE_PENDING_WRITERS);
356 }
357 spin_unlock(&cinode->writers_lock);
358 }
359
360 /**
361 * cifs_queue_oplock_break - queue the oplock break handler for cfile
362 * @cfile: The file to break the oplock on
363 *
364 * This function is called from the demultiplex thread when it
365 * receives an oplock break for @cfile.
366 *
367 * Assumes the tcon->open_file_lock is held.
368 * Assumes cfile->file_info_lock is NOT held.
369 */
cifs_queue_oplock_break(struct cifsFileInfo * cfile)370 void cifs_queue_oplock_break(struct cifsFileInfo *cfile)
371 {
372 /*
373 * Bump the handle refcount now while we hold the
374 * open_file_lock to enforce the validity of it for the oplock
375 * break handler. The matching put is done at the end of the
376 * handler.
377 */
378 cifsFileInfo_get(cfile);
379
380 queue_work(cifsoplockd_wq, &cfile->oplock_break);
381 }
382
cifs_done_oplock_break(struct cifsInodeInfo * cinode)383 void cifs_done_oplock_break(struct cifsInodeInfo *cinode)
384 {
385 clear_bit(CIFS_INODE_PENDING_OPLOCK_BREAK, &cinode->flags);
386 wake_up_bit(&cinode->flags, CIFS_INODE_PENDING_OPLOCK_BREAK);
387 }
388
389 bool
backup_cred(struct cifs_sb_info * cifs_sb)390 backup_cred(struct cifs_sb_info *cifs_sb)
391 {
392 unsigned int sbflags = cifs_sb_flags(cifs_sb);
393
394 if (sbflags & CIFS_MOUNT_CIFS_BACKUPUID) {
395 if (uid_eq(cifs_sb->ctx->backupuid, current_fsuid()))
396 return true;
397 }
398 if (sbflags & CIFS_MOUNT_CIFS_BACKUPGID) {
399 if (in_group_p(cifs_sb->ctx->backupgid))
400 return true;
401 }
402
403 return false;
404 }
405
406 void
cifs_del_pending_open(struct cifs_pending_open * open)407 cifs_del_pending_open(struct cifs_pending_open *open)
408 {
409 spin_lock(&tlink_tcon(open->tlink)->open_file_lock);
410 list_del(&open->olist);
411 spin_unlock(&tlink_tcon(open->tlink)->open_file_lock);
412 }
413
414 void
cifs_add_pending_open_locked(struct cifs_fid * fid,struct tcon_link * tlink,struct cifs_pending_open * open)415 cifs_add_pending_open_locked(struct cifs_fid *fid, struct tcon_link *tlink,
416 struct cifs_pending_open *open)
417 {
418 memcpy(open->lease_key, fid->lease_key, SMB2_LEASE_KEY_SIZE);
419 open->oplock = CIFS_OPLOCK_NO_CHANGE;
420 open->tlink = tlink;
421 fid->pending_open = open;
422 list_add_tail(&open->olist, &tlink_tcon(tlink)->pending_opens);
423 }
424
425 void
cifs_add_pending_open(struct cifs_fid * fid,struct tcon_link * tlink,struct cifs_pending_open * open)426 cifs_add_pending_open(struct cifs_fid *fid, struct tcon_link *tlink,
427 struct cifs_pending_open *open)
428 {
429 spin_lock(&tlink_tcon(tlink)->open_file_lock);
430 cifs_add_pending_open_locked(fid, tlink, open);
431 spin_unlock(&tlink_tcon(open->tlink)->open_file_lock);
432 }
433
434 /*
435 * Critical section which runs after acquiring deferred_lock.
436 * As there is no reference count on cifs_deferred_close, pdclose
437 * should not be used outside deferred_lock.
438 */
439 bool
cifs_is_deferred_close(struct cifsFileInfo * cfile,struct cifs_deferred_close ** pdclose)440 cifs_is_deferred_close(struct cifsFileInfo *cfile, struct cifs_deferred_close **pdclose)
441 {
442 struct cifs_deferred_close *dclose;
443
444 list_for_each_entry(dclose, &CIFS_I(d_inode(cfile->dentry))->deferred_closes, dlist) {
445 if ((dclose->netfid == cfile->fid.netfid) &&
446 (dclose->persistent_fid == cfile->fid.persistent_fid) &&
447 (dclose->volatile_fid == cfile->fid.volatile_fid)) {
448 *pdclose = dclose;
449 return true;
450 }
451 }
452 return false;
453 }
454
455 /*
456 * Critical section which runs after acquiring deferred_lock.
457 */
458 void
cifs_add_deferred_close(struct cifsFileInfo * cfile,struct cifs_deferred_close * dclose)459 cifs_add_deferred_close(struct cifsFileInfo *cfile, struct cifs_deferred_close *dclose)
460 {
461 bool is_deferred = false;
462 struct cifs_deferred_close *pdclose;
463
464 is_deferred = cifs_is_deferred_close(cfile, &pdclose);
465 if (is_deferred) {
466 kfree(dclose);
467 return;
468 }
469
470 dclose->tlink = cfile->tlink;
471 dclose->netfid = cfile->fid.netfid;
472 dclose->persistent_fid = cfile->fid.persistent_fid;
473 dclose->volatile_fid = cfile->fid.volatile_fid;
474 list_add_tail(&dclose->dlist, &CIFS_I(d_inode(cfile->dentry))->deferred_closes);
475 }
476
477 /*
478 * Critical section which runs after acquiring deferred_lock.
479 */
480 void
cifs_del_deferred_close(struct cifsFileInfo * cfile)481 cifs_del_deferred_close(struct cifsFileInfo *cfile)
482 {
483 bool is_deferred = false;
484 struct cifs_deferred_close *dclose;
485
486 is_deferred = cifs_is_deferred_close(cfile, &dclose);
487 if (!is_deferred)
488 return;
489 list_del(&dclose->dlist);
490 kfree(dclose);
491 }
492
493 void
cifs_close_deferred_file(struct cifsInodeInfo * cifs_inode)494 cifs_close_deferred_file(struct cifsInodeInfo *cifs_inode)
495 {
496 struct cifsFileInfo *cfile = NULL;
497 struct file_list *tmp_list, *tmp_next_list;
498 LIST_HEAD(file_head);
499
500 if (cifs_inode == NULL)
501 return;
502
503 spin_lock(&cifs_inode->open_file_lock);
504 list_for_each_entry(cfile, &cifs_inode->openFileList, flist) {
505 if (delayed_work_pending(&cfile->deferred)) {
506 if (cancel_delayed_work(&cfile->deferred)) {
507 spin_lock(&cifs_inode->deferred_lock);
508 cifs_del_deferred_close(cfile);
509 spin_unlock(&cifs_inode->deferred_lock);
510
511 tmp_list = kmalloc_obj(struct file_list,
512 GFP_ATOMIC);
513 if (tmp_list == NULL)
514 break;
515 tmp_list->cfile = cfile;
516 list_add_tail(&tmp_list->list, &file_head);
517 }
518 }
519 }
520 spin_unlock(&cifs_inode->open_file_lock);
521
522 list_for_each_entry_safe(tmp_list, tmp_next_list, &file_head, list) {
523 _cifsFileInfo_put(tmp_list->cfile, false, false);
524 list_del(&tmp_list->list);
525 kfree(tmp_list);
526 }
527 }
528
529 void
cifs_close_all_deferred_files(struct cifs_tcon * tcon)530 cifs_close_all_deferred_files(struct cifs_tcon *tcon)
531 {
532 struct cifsFileInfo *cfile;
533 struct file_list *tmp_list, *tmp_next_list;
534 LIST_HEAD(file_head);
535
536 spin_lock(&tcon->open_file_lock);
537 list_for_each_entry(cfile, &tcon->openFileList, tlist) {
538 if (delayed_work_pending(&cfile->deferred)) {
539 if (cancel_delayed_work(&cfile->deferred)) {
540 spin_lock(&CIFS_I(d_inode(cfile->dentry))->deferred_lock);
541 cifs_del_deferred_close(cfile);
542 spin_unlock(&CIFS_I(d_inode(cfile->dentry))->deferred_lock);
543
544 tmp_list = kmalloc_obj(struct file_list,
545 GFP_ATOMIC);
546 if (tmp_list == NULL)
547 break;
548 tmp_list->cfile = cfile;
549 list_add_tail(&tmp_list->list, &file_head);
550 }
551 }
552 }
553 spin_unlock(&tcon->open_file_lock);
554
555 list_for_each_entry_safe(tmp_list, tmp_next_list, &file_head, list) {
556 _cifsFileInfo_put(tmp_list->cfile, true, false);
557 list_del(&tmp_list->list);
558 kfree(tmp_list);
559 }
560 }
561
cifs_close_all_deferred_files_sb(struct cifs_sb_info * cifs_sb)562 void cifs_close_all_deferred_files_sb(struct cifs_sb_info *cifs_sb)
563 {
564 struct rb_root *root = &cifs_sb->tlink_tree;
565 struct rb_node *node;
566 struct cifs_tcon *tcon;
567 struct tcon_link *tlink;
568 struct tcon_list *tmp_list, *q;
569 LIST_HEAD(tcon_head);
570
571 spin_lock(&cifs_sb->tlink_tree_lock);
572 for (node = rb_first(root); node; node = rb_next(node)) {
573 tlink = rb_entry(node, struct tcon_link, tl_rbnode);
574 tcon = tlink_tcon(tlink);
575 if (IS_ERR(tcon))
576 continue;
577 tmp_list = kmalloc_obj(struct tcon_list, GFP_ATOMIC);
578 if (tmp_list == NULL)
579 break;
580 tmp_list->tcon = tcon;
581 /* Take a reference on tcon to prevent it from being freed */
582 spin_lock(&tcon->tc_lock);
583 ++tcon->tc_count;
584 trace_smb3_tcon_ref(tcon->debug_id, tcon->tc_count,
585 netfs_trace_tcon_ref_get_close_defer_files);
586 spin_unlock(&tcon->tc_lock);
587 list_add_tail(&tmp_list->entry, &tcon_head);
588 }
589 spin_unlock(&cifs_sb->tlink_tree_lock);
590
591 list_for_each_entry_safe(tmp_list, q, &tcon_head, entry) {
592 cifs_close_all_deferred_files(tmp_list->tcon);
593 list_del(&tmp_list->entry);
594 cifs_put_tcon(tmp_list->tcon, netfs_trace_tcon_ref_put_close_defer_files);
595 kfree(tmp_list);
596 }
597 }
598
cifs_close_deferred_file_under_dentry(struct cifs_tcon * tcon,struct dentry * dentry)599 void cifs_close_deferred_file_under_dentry(struct cifs_tcon *tcon,
600 struct dentry *dentry)
601 {
602 struct file_list *tmp_list, *tmp_next_list;
603 struct cifsFileInfo *cfile;
604 LIST_HEAD(file_head);
605
606 spin_lock(&tcon->open_file_lock);
607 list_for_each_entry(cfile, &tcon->openFileList, tlist) {
608 if ((cfile->dentry == dentry) &&
609 delayed_work_pending(&cfile->deferred) &&
610 cancel_delayed_work(&cfile->deferred)) {
611 spin_lock(&CIFS_I(d_inode(cfile->dentry))->deferred_lock);
612 cifs_del_deferred_close(cfile);
613 spin_unlock(&CIFS_I(d_inode(cfile->dentry))->deferred_lock);
614
615 tmp_list = kmalloc_obj(struct file_list, GFP_ATOMIC);
616 if (tmp_list == NULL)
617 break;
618 tmp_list->cfile = cfile;
619 list_add_tail(&tmp_list->list, &file_head);
620 }
621 }
622 spin_unlock(&tcon->open_file_lock);
623
624 list_for_each_entry_safe(tmp_list, tmp_next_list, &file_head, list) {
625 _cifsFileInfo_put(tmp_list->cfile, true, false);
626 list_del(&tmp_list->list);
627 kfree(tmp_list);
628 }
629 }
630
631 /*
632 * If a dentry has been deleted, all corresponding open handles should know that
633 * so that we do not defer close them.
634 */
cifs_mark_open_handles_for_deleted_file(struct inode * inode,const char * path)635 void cifs_mark_open_handles_for_deleted_file(struct inode *inode,
636 const char *path)
637 {
638 struct cifsFileInfo *cfile;
639 void *page;
640 const char *full_path;
641 struct cifsInodeInfo *cinode = CIFS_I(inode);
642
643 page = alloc_dentry_path();
644 spin_lock(&cinode->open_file_lock);
645
646 /*
647 * note: we need to construct path from dentry and compare only if the
648 * inode has any hardlinks. When number of hardlinks is 1, we can just
649 * mark all open handles since they are going to be from the same file.
650 */
651 if (inode->i_nlink > 1) {
652 list_for_each_entry(cfile, &cinode->openFileList, flist) {
653 full_path = build_path_from_dentry(cfile->dentry, page);
654 if (!IS_ERR(full_path) && strcmp(full_path, path) == 0)
655 cfile->status_file_deleted = true;
656 }
657 } else {
658 list_for_each_entry(cfile, &cinode->openFileList, flist)
659 cfile->status_file_deleted = true;
660 }
661 spin_unlock(&cinode->open_file_lock);
662 free_dentry_path(page);
663 }
664
665 /* parses DFS referral V3 structure
666 * caller is responsible for freeing target_nodes
667 * returns:
668 * - on success - 0
669 * - on failure - errno
670 */
671 int
parse_dfs_referrals(struct get_dfs_referral_rsp * rsp,u32 rsp_size,unsigned int * num_of_nodes,struct dfs_info3_param ** target_nodes,const struct nls_table * nls_codepage,int remap,const char * searchName,bool is_unicode)672 parse_dfs_referrals(struct get_dfs_referral_rsp *rsp, u32 rsp_size,
673 unsigned int *num_of_nodes,
674 struct dfs_info3_param **target_nodes,
675 const struct nls_table *nls_codepage, int remap,
676 const char *searchName, bool is_unicode)
677 {
678 int i, rc = 0;
679 char *data_end;
680 struct dfs_referral_level_3 *ref;
681
682 if (rsp_size < sizeof(*rsp)) {
683 cifs_dbg(VFS | ONCE,
684 "%s: header is malformed (size is %u, must be %zu)\n",
685 __func__, rsp_size, sizeof(*rsp));
686 rc = -EINVAL;
687 goto parse_DFS_referrals_exit;
688 }
689
690 *num_of_nodes = le16_to_cpu(rsp->NumberOfReferrals);
691
692 if (*num_of_nodes < 1) {
693 cifs_dbg(VFS | ONCE, "%s: [path=%s] num_referrals must be at least > 0, but we got %d\n",
694 __func__, searchName, *num_of_nodes);
695 rc = -ENOENT;
696 goto parse_DFS_referrals_exit;
697 }
698
699 if (sizeof(*rsp) + *num_of_nodes * sizeof(REFERRAL3) > rsp_size) {
700 cifs_dbg(VFS | ONCE,
701 "%s: malformed buffer (size is %u, must be at least %zu)\n",
702 __func__, rsp_size,
703 sizeof(*rsp) + *num_of_nodes * sizeof(REFERRAL3));
704 rc = -EINVAL;
705 goto parse_DFS_referrals_exit;
706 }
707
708 ref = (struct dfs_referral_level_3 *) &(rsp->referrals);
709 if (ref->VersionNumber != cpu_to_le16(3)) {
710 cifs_dbg(VFS, "Referrals of V%d version are not supported, should be V3\n",
711 le16_to_cpu(ref->VersionNumber));
712 rc = -EINVAL;
713 goto parse_DFS_referrals_exit;
714 }
715
716 /* get the upper boundary of the resp buffer */
717 data_end = (char *)rsp + rsp_size;
718
719 cifs_dbg(FYI, "num_referrals: %d dfs flags: 0x%x ...\n",
720 *num_of_nodes, le32_to_cpu(rsp->DFSFlags));
721
722 *target_nodes = kzalloc_objs(struct dfs_info3_param, *num_of_nodes);
723 if (*target_nodes == NULL) {
724 rc = -ENOMEM;
725 goto parse_DFS_referrals_exit;
726 }
727
728 /* collect necessary data from referrals */
729 for (i = 0; i < *num_of_nodes; i++) {
730 char *temp;
731 int max_len;
732 struct dfs_info3_param *node = (*target_nodes)+i;
733
734 node->flags = le32_to_cpu(rsp->DFSFlags);
735 if (is_unicode) {
736 __le16 *tmp = kmalloc(strlen(searchName)*2 + 2,
737 GFP_KERNEL);
738 if (tmp == NULL) {
739 rc = -ENOMEM;
740 goto parse_DFS_referrals_exit;
741 }
742 cifsConvertToUTF16((__le16 *) tmp, searchName,
743 PATH_MAX, nls_codepage, remap);
744 node->path_consumed = cifs_utf16_bytes(tmp,
745 le16_to_cpu(rsp->PathConsumed),
746 nls_codepage);
747 kfree(tmp);
748 } else
749 node->path_consumed = le16_to_cpu(rsp->PathConsumed);
750
751 node->server_type = le16_to_cpu(ref->ServerType);
752 node->ref_flag = le16_to_cpu(ref->ReferralEntryFlags);
753
754 /* copy DfsPath */
755 temp = (char *)ref + le16_to_cpu(ref->DfsPathOffset);
756 max_len = data_end - temp;
757 node->path_name = cifs_strndup_from_utf16(temp, max_len,
758 is_unicode, nls_codepage);
759 if (!node->path_name) {
760 rc = -ENOMEM;
761 goto parse_DFS_referrals_exit;
762 }
763
764 /* copy link target UNC */
765 temp = (char *)ref + le16_to_cpu(ref->NetworkAddressOffset);
766 max_len = data_end - temp;
767 node->node_name = cifs_strndup_from_utf16(temp, max_len,
768 is_unicode, nls_codepage);
769 if (!node->node_name) {
770 rc = -ENOMEM;
771 goto parse_DFS_referrals_exit;
772 }
773
774 node->ttl = le32_to_cpu(ref->TimeToLive);
775
776 ref++;
777 }
778
779 parse_DFS_referrals_exit:
780 if (rc) {
781 free_dfs_info_array(*target_nodes, *num_of_nodes);
782 *target_nodes = NULL;
783 *num_of_nodes = 0;
784 }
785 return rc;
786 }
787
extract_unc_hostname(const char * unc,const char ** h,size_t * len)788 void extract_unc_hostname(const char *unc, const char **h, size_t *len)
789 {
790 const char *end;
791
792 /* skip initial slashes */
793 while (*unc && (*unc == '\\' || *unc == '/'))
794 unc++;
795
796 end = unc;
797
798 while (*end && !(*end == '\\' || *end == '/'))
799 end++;
800
801 *h = unc;
802 *len = end - unc;
803 }
804
805 /**
806 * copy_path_name - copy src path to dst, possibly truncating
807 * @dst: The destination buffer
808 * @src: The source name
809 *
810 * returns number of bytes written (including trailing nul)
811 */
copy_path_name(char * dst,const char * src)812 int copy_path_name(char *dst, const char *src)
813 {
814 int name_len;
815
816 /*
817 * PATH_MAX includes nul, so if strlen(src) >= PATH_MAX it
818 * will truncate and strlen(dst) will be PATH_MAX-1
819 */
820 name_len = strscpy(dst, src, PATH_MAX);
821 if (WARN_ON_ONCE(name_len < 0))
822 name_len = PATH_MAX-1;
823
824 /* we count the trailing nul */
825 name_len++;
826 return name_len;
827 }
828
829 struct super_cb_data {
830 void *data;
831 struct super_block *sb;
832 };
833
tcon_super_cb(struct super_block * sb,void * arg)834 static void tcon_super_cb(struct super_block *sb, void *arg)
835 {
836 struct super_cb_data *sd = arg;
837 struct cifs_sb_info *cifs_sb;
838 struct cifs_tcon *t1 = sd->data, *t2;
839
840 if (sd->sb)
841 return;
842
843 cifs_sb = CIFS_SB(sb);
844 t2 = cifs_sb_master_tcon(cifs_sb);
845
846 spin_lock(&t2->tc_lock);
847 if ((t1->ses == t2->ses ||
848 t1->ses->dfs_root_ses == t2->ses->dfs_root_ses) &&
849 t1->ses->server == t2->ses->server &&
850 t2->origin_fullpath &&
851 dfs_src_pathname_equal(t2->origin_fullpath, t1->origin_fullpath))
852 sd->sb = sb;
853 spin_unlock(&t2->tc_lock);
854 }
855
__cifs_get_super(void (* f)(struct super_block *,void *),void * data)856 static struct super_block *__cifs_get_super(void (*f)(struct super_block *, void *),
857 void *data)
858 {
859 struct super_cb_data sd = {
860 .data = data,
861 .sb = NULL,
862 };
863 struct file_system_type **fs_type = (struct file_system_type *[]) {
864 &cifs_fs_type, &smb3_fs_type, NULL,
865 };
866
867 for (; *fs_type; fs_type++) {
868 iterate_supers_type(*fs_type, f, &sd);
869 if (sd.sb) {
870 /*
871 * Grab an active reference in order to prevent automounts (DFS links)
872 * of expiring and then freeing up our cifs superblock pointer while
873 * we're doing failover.
874 */
875 cifs_sb_active(sd.sb);
876 return sd.sb;
877 }
878 }
879 pr_warn_once("%s: could not find dfs superblock\n", __func__);
880 return ERR_PTR(-EINVAL);
881 }
882
__cifs_put_super(struct super_block * sb)883 static void __cifs_put_super(struct super_block *sb)
884 {
885 if (!IS_ERR_OR_NULL(sb))
886 cifs_sb_deactive(sb);
887 }
888
cifs_get_dfs_tcon_super(struct cifs_tcon * tcon)889 struct super_block *cifs_get_dfs_tcon_super(struct cifs_tcon *tcon)
890 {
891 spin_lock(&tcon->tc_lock);
892 if (!tcon->origin_fullpath) {
893 spin_unlock(&tcon->tc_lock);
894 return ERR_PTR(-ENOENT);
895 }
896 spin_unlock(&tcon->tc_lock);
897 return __cifs_get_super(tcon_super_cb, tcon);
898 }
899
cifs_put_tcp_super(struct super_block * sb)900 void cifs_put_tcp_super(struct super_block *sb)
901 {
902 __cifs_put_super(sb);
903 }
904
905 #ifdef CONFIG_CIFS_DFS_UPCALL
match_target_ip(struct TCP_Server_Info * server,const char * host,size_t hostlen,bool * result)906 int match_target_ip(struct TCP_Server_Info *server,
907 const char *host, size_t hostlen,
908 bool *result)
909 {
910 struct sockaddr_storage ss;
911 int rc;
912
913 cifs_dbg(FYI, "%s: hostname=%.*s\n", __func__, (int)hostlen, host);
914
915 *result = false;
916
917 rc = dns_resolve_name(server->dns_dom, host, hostlen,
918 (struct sockaddr *)&ss);
919 if (rc < 0)
920 return rc;
921
922 spin_lock(&server->srv_lock);
923 *result = cifs_match_ipaddr((struct sockaddr *)&server->dstaddr, (struct sockaddr *)&ss);
924 spin_unlock(&server->srv_lock);
925 cifs_dbg(FYI, "%s: ip addresses matched: %s\n", __func__, str_yes_no(*result));
926 return 0;
927 }
928
cifs_update_super_prepath(struct cifs_sb_info * cifs_sb,char * prefix)929 int cifs_update_super_prepath(struct cifs_sb_info *cifs_sb, char *prefix)
930 {
931 int rc;
932
933 kfree(cifs_sb->prepath);
934 cifs_sb->prepath = NULL;
935
936 if (prefix && *prefix) {
937 cifs_sb->prepath = cifs_sanitize_prepath(prefix, GFP_ATOMIC);
938 if (IS_ERR(cifs_sb->prepath)) {
939 rc = PTR_ERR(cifs_sb->prepath);
940 cifs_sb->prepath = NULL;
941 return rc;
942 }
943 if (cifs_sb->prepath)
944 convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb));
945 }
946
947 atomic_or(CIFS_MOUNT_USE_PREFIX_PATH, &cifs_sb->mnt_cifs_flags);
948 return 0;
949 }
950
951 /*
952 * Handle weird Windows SMB server behaviour. It responds with
953 * STATUS_OBJECT_NAME_INVALID code to SMB2 QUERY_INFO request for
954 * "\<server>\<dfsname>\<linkpath>" DFS reference, where <dfsname> contains
955 * non-ASCII unicode symbols.
956 */
cifs_inval_name_dfs_link_error(const unsigned int xid,struct cifs_tcon * tcon,struct cifs_sb_info * cifs_sb,const char * full_path,bool * islink)957 int cifs_inval_name_dfs_link_error(const unsigned int xid,
958 struct cifs_tcon *tcon,
959 struct cifs_sb_info *cifs_sb,
960 const char *full_path,
961 bool *islink)
962 {
963 struct TCP_Server_Info *server = tcon->ses->server;
964 struct cifs_ses *ses = tcon->ses;
965 size_t len;
966 char *path;
967 char *ref_path;
968
969 *islink = false;
970
971 /*
972 * Fast path - skip check when @full_path doesn't have a prefix path to
973 * look up or tcon is not DFS.
974 */
975 if (strlen(full_path) < 2 || !cifs_sb ||
976 (cifs_sb_flags(cifs_sb) & CIFS_MOUNT_NO_DFS) ||
977 !is_tcon_dfs(tcon))
978 return 0;
979
980 spin_lock(&server->srv_lock);
981 if (!server->leaf_fullpath) {
982 spin_unlock(&server->srv_lock);
983 return 0;
984 }
985 spin_unlock(&server->srv_lock);
986
987 /*
988 * Slow path - tcon is DFS and @full_path has prefix path, so attempt
989 * to get a referral to figure out whether it is an DFS link.
990 */
991 len = strnlen(tcon->tree_name, MAX_TREE_SIZE + 1) + strlen(full_path) + 1;
992 path = kmalloc(len, GFP_KERNEL);
993 if (!path)
994 return -ENOMEM;
995
996 scnprintf(path, len, "%s%s", tcon->tree_name, full_path);
997 ref_path = dfs_cache_canonical_path(path + 1, cifs_sb->local_nls,
998 cifs_remap(cifs_sb));
999 kfree(path);
1000
1001 if (IS_ERR(ref_path)) {
1002 if (PTR_ERR(ref_path) != -EINVAL)
1003 return PTR_ERR(ref_path);
1004 } else {
1005 struct dfs_info3_param *refs = NULL;
1006 int num_refs = 0;
1007
1008 /*
1009 * XXX: we are not using dfs_cache_find() here because we might
1010 * end up filling all the DFS cache and thus potentially
1011 * removing cached DFS targets that the client would eventually
1012 * need during failover.
1013 */
1014 ses = CIFS_DFS_ROOT_SES(ses);
1015 if (ses->server->ops->get_dfs_refer &&
1016 !ses->server->ops->get_dfs_refer(xid, ses, ref_path, &refs,
1017 &num_refs, cifs_sb->local_nls,
1018 cifs_remap(cifs_sb)))
1019 *islink = refs[0].server_type == DFS_TYPE_LINK;
1020 free_dfs_info_array(refs, num_refs);
1021 kfree(ref_path);
1022 }
1023 return 0;
1024 }
1025 #endif
1026
cifs_wait_for_server_reconnect(struct TCP_Server_Info * server,bool retry)1027 int cifs_wait_for_server_reconnect(struct TCP_Server_Info *server, bool retry)
1028 {
1029 int timeout = 10;
1030 int rc;
1031
1032 spin_lock(&server->srv_lock);
1033 if (server->tcpStatus != CifsNeedReconnect) {
1034 spin_unlock(&server->srv_lock);
1035 return 0;
1036 }
1037 timeout *= server->nr_targets;
1038 spin_unlock(&server->srv_lock);
1039
1040 /*
1041 * Give demultiplex thread up to 10 seconds to each target available for
1042 * reconnect -- should be greater than cifs socket timeout which is 7
1043 * seconds.
1044 *
1045 * On "soft" mounts we wait once. Hard mounts keep retrying until
1046 * process is killed or server comes back on-line.
1047 */
1048 do {
1049 rc = wait_event_interruptible_timeout(server->response_q,
1050 (server->tcpStatus != CifsNeedReconnect),
1051 timeout * HZ);
1052 if (rc < 0) {
1053 cifs_dbg(FYI, "%s: aborting reconnect due to received signal\n",
1054 __func__);
1055 return -ERESTARTSYS;
1056 }
1057
1058 /* are we still trying to reconnect? */
1059 spin_lock(&server->srv_lock);
1060 if (server->tcpStatus != CifsNeedReconnect) {
1061 spin_unlock(&server->srv_lock);
1062 return 0;
1063 }
1064 spin_unlock(&server->srv_lock);
1065 } while (retry);
1066
1067 cifs_dbg(FYI, "%s: gave up waiting on reconnect\n", __func__);
1068 return -EHOSTDOWN;
1069 }
1070