1 // SPDX-License-Identifier: LGPL-2.1 2 /* 3 * 4 * Copyright (C) International Business Machines Corp., 2002, 2011 5 * Author(s): Steve French (sfrench@us.ibm.com), 6 * Pavel Shilovsky ((pshilovsky@samba.org) 2012 7 * 8 */ 9 #include <linux/fs.h> 10 #include <linux/filelock.h> 11 #include <linux/stat.h> 12 #include <linux/slab.h> 13 #include <linux/pagemap.h> 14 #include <asm/div64.h> 15 #include "cifsfs.h" 16 #include "cifsglob.h" 17 #include "cifsproto.h" 18 #include "cifs_debug.h" 19 #include "cifs_fs_sb.h" 20 #include "cifs_unicode.h" 21 #include "fscache.h" 22 #include "smb2proto.h" 23 #include "../common/smb2status.h" 24 #include "../common/smbfsctl.h" 25 26 static struct smb2_symlink_err_rsp *symlink_data(const struct kvec *iov) 27 { 28 struct smb2_err_rsp *err = iov->iov_base; 29 struct smb2_symlink_err_rsp *sym = ERR_PTR(-EINVAL); 30 u8 *end = (u8 *)err + iov->iov_len; 31 u32 len; 32 33 if (err->ErrorContextCount) { 34 struct smb2_error_context_rsp *p; 35 36 len = (u32)err->ErrorContextCount * (offsetof(struct smb2_error_context_rsp, 37 ErrorContextData) + 38 sizeof(struct smb2_symlink_err_rsp)); 39 if (le32_to_cpu(err->ByteCount) < len || iov->iov_len < len + sizeof(*err) + 1) 40 return ERR_PTR(-EINVAL); 41 42 p = (struct smb2_error_context_rsp *)err->ErrorData; 43 while ((u8 *)p + sizeof(*p) <= end) { 44 if (le32_to_cpu(p->ErrorId) == SMB2_ERROR_ID_DEFAULT) { 45 sym = (struct smb2_symlink_err_rsp *)p->ErrorContextData; 46 break; 47 } 48 cifs_dbg(FYI, "%s: skipping unhandled error context: 0x%x\n", 49 __func__, le32_to_cpu(p->ErrorId)); 50 51 len = ALIGN(le32_to_cpu(p->ErrorDataLength), 8); 52 p = (struct smb2_error_context_rsp *)(p->ErrorContextData + len); 53 } 54 } else if (le32_to_cpu(err->ByteCount) >= sizeof(*sym) && 55 iov->iov_len >= SMB2_SYMLINK_STRUCT_SIZE) { 56 sym = (struct smb2_symlink_err_rsp *)err->ErrorData; 57 } 58 59 if (!IS_ERR(sym) && 60 ((u8 *)sym + sizeof(*sym) > end || 61 le32_to_cpu(sym->SymLinkErrorTag) != SYMLINK_ERROR_TAG || 62 le32_to_cpu(sym->ReparseTag) != IO_REPARSE_TAG_SYMLINK)) 63 sym = ERR_PTR(-EINVAL); 64 65 return sym; 66 } 67 68 int smb2_fix_symlink_target_type(char **target, bool directory, struct cifs_sb_info *cifs_sb) 69 { 70 char *buf; 71 int len; 72 73 /* 74 * POSIX server does not distinguish between symlinks to file and 75 * symlink directory. So nothing is needed to fix on the client side. 76 */ 77 if (cifs_sb_flags(cifs_sb) & CIFS_MOUNT_POSIX_PATHS) 78 return 0; 79 80 if (!*target) 81 return smb_EIO(smb_eio_trace_null_pointers); 82 83 len = strlen(*target); 84 if (!len) 85 return smb_EIO1(smb_eio_trace_sym_target_len, len); 86 87 /* 88 * If this is directory symlink and it does not have trailing slash then 89 * append it. Trailing slash simulates Windows/SMB behavior which do not 90 * allow resolving directory symlink to file. 91 */ 92 if (directory && (*target)[len-1] != '/') { 93 buf = krealloc(*target, len+2, GFP_KERNEL); 94 if (!buf) 95 return -ENOMEM; 96 buf[len] = '/'; 97 buf[len+1] = '\0'; 98 *target = buf; 99 len++; 100 } 101 102 /* 103 * If this is a file (non-directory) symlink and it points to path name 104 * with trailing slash then this is an invalid symlink because file name 105 * cannot contain slash character. File name with slash is invalid on 106 * both Windows and Linux systems. So return an error for such symlink. 107 */ 108 if (!directory && (*target)[len-1] == '/') 109 return smb_EIO(smb_eio_trace_sym_slash); 110 111 return 0; 112 } 113 114 int smb2_parse_symlink_response(struct cifs_sb_info *cifs_sb, const struct kvec *iov, 115 const char *full_path, char **path) 116 { 117 struct smb2_symlink_err_rsp *sym; 118 unsigned int sub_offs, sub_len; 119 unsigned int print_offs, print_len; 120 121 if (!cifs_sb || !iov || !iov->iov_base || !iov->iov_len || !path) 122 return -EINVAL; 123 124 sym = symlink_data(iov); 125 if (IS_ERR(sym)) 126 return PTR_ERR(sym); 127 128 sub_len = le16_to_cpu(sym->SubstituteNameLength); 129 sub_offs = le16_to_cpu(sym->SubstituteNameOffset); 130 print_len = le16_to_cpu(sym->PrintNameLength); 131 print_offs = le16_to_cpu(sym->PrintNameOffset); 132 133 if ((char *)sym->PathBuffer + sub_offs + sub_len > 134 (char *)iov->iov_base + iov->iov_len || 135 (char *)sym->PathBuffer + print_offs + print_len > 136 (char *)iov->iov_base + iov->iov_len) 137 return -EINVAL; 138 139 return smb2_parse_native_symlink(path, 140 (char *)sym->PathBuffer + sub_offs, 141 sub_len, 142 le32_to_cpu(sym->Flags) & SYMLINK_FLAG_RELATIVE, 143 full_path, 144 cifs_sb); 145 } 146 147 int smb2_open_file(const unsigned int xid, struct cifs_open_parms *oparms, 148 __u32 *oplock, void *buf) 149 { 150 int rc; 151 __le16 *smb2_path; 152 __u8 smb2_oplock; 153 struct cifs_open_info_data *data = buf; 154 struct smb2_file_all_info file_info = {}; 155 struct smb2_file_all_info *smb2_data = data ? &file_info : NULL; 156 struct kvec err_iov = {}; 157 int err_buftype = CIFS_NO_BUFFER; 158 struct cifs_fid *fid = oparms->fid; 159 struct network_resiliency_req nr_ioctl_req; 160 bool retry_without_read_attributes = false; 161 162 smb2_path = cifs_convert_path_to_utf16(oparms->path, oparms->cifs_sb); 163 if (smb2_path == NULL) 164 return -ENOMEM; 165 166 /* 167 * GENERIC_READ, GENERIC_EXECUTE, GENERIC_ALL and MAXIMUM_ALLOWED 168 * contains also FILE_READ_ATTRIBUTES access right. So do not append 169 * FILE_READ_ATTRIBUTES when not needed and prevent calling code path 170 * for retry_without_read_attributes. 171 */ 172 if (!(oparms->desired_access & FILE_READ_ATTRIBUTES) && 173 !(oparms->desired_access & GENERIC_READ) && 174 !(oparms->desired_access & GENERIC_EXECUTE) && 175 !(oparms->desired_access & GENERIC_ALL) && 176 !(oparms->desired_access & MAXIMUM_ALLOWED)) { 177 oparms->desired_access |= FILE_READ_ATTRIBUTES; 178 retry_without_read_attributes = true; 179 } 180 smb2_oplock = SMB2_OPLOCK_LEVEL_BATCH; 181 182 rc = SMB2_open(xid, oparms, smb2_path, &smb2_oplock, smb2_data, NULL, &err_iov, 183 &err_buftype); 184 if (rc == -EACCES && retry_without_read_attributes) { 185 free_rsp_buf(err_buftype, err_iov.iov_base); 186 memset(&err_iov, 0, sizeof(err_iov)); 187 err_buftype = CIFS_NO_BUFFER; 188 oparms->desired_access &= ~FILE_READ_ATTRIBUTES; 189 rc = SMB2_open(xid, oparms, smb2_path, &smb2_oplock, smb2_data, NULL, &err_iov, 190 &err_buftype); 191 } 192 if (rc && data) { 193 struct smb2_hdr *hdr = err_iov.iov_base; 194 195 if (unlikely(!err_iov.iov_base || err_buftype == CIFS_NO_BUFFER)) 196 goto out; 197 if (hdr->Status == STATUS_STOPPED_ON_SYMLINK) { 198 rc = smb2_parse_symlink_response(oparms->cifs_sb, &err_iov, 199 oparms->path, 200 &data->symlink_target); 201 if (!rc) { 202 memset(smb2_data, 0, sizeof(*smb2_data)); 203 oparms->create_options |= OPEN_REPARSE_POINT; 204 rc = SMB2_open(xid, oparms, smb2_path, &smb2_oplock, smb2_data, 205 NULL, NULL, NULL); 206 oparms->create_options &= ~OPEN_REPARSE_POINT; 207 } 208 if (!rc) { 209 bool directory = le32_to_cpu(data->fi.Attributes) & ATTR_DIRECTORY; 210 rc = smb2_fix_symlink_target_type(&data->symlink_target, 211 directory, oparms->cifs_sb); 212 } 213 } 214 } 215 216 if (rc) 217 goto out; 218 219 if (oparms->tcon->use_resilient) { 220 /* default timeout is 0, servers pick default (120 seconds) */ 221 nr_ioctl_req.Timeout = 222 cpu_to_le32(oparms->tcon->handle_timeout); 223 nr_ioctl_req.Reserved = 0; 224 rc = SMB2_ioctl(xid, oparms->tcon, fid->persistent_fid, 225 fid->volatile_fid, FSCTL_LMR_REQUEST_RESILIENCY, 226 (char *)&nr_ioctl_req, sizeof(nr_ioctl_req), 227 CIFSMaxBufSize, NULL, NULL /* no return info */); 228 if (rc == -EOPNOTSUPP) { 229 cifs_dbg(VFS, 230 "resiliency not supported by server, disabling\n"); 231 oparms->tcon->use_resilient = false; 232 } else if (rc) 233 cifs_dbg(FYI, "error %d setting resiliency\n", rc); 234 235 rc = 0; 236 } 237 238 if (smb2_data) { 239 /* if open response does not have IndexNumber field - get it */ 240 if (smb2_data->IndexNumber == 0) { 241 rc = SMB2_get_srv_num(xid, oparms->tcon, 242 fid->persistent_fid, 243 fid->volatile_fid, 244 &smb2_data->IndexNumber); 245 if (rc) { 246 /* 247 * let get_inode_info disable server inode 248 * numbers 249 */ 250 smb2_data->IndexNumber = 0; 251 rc = 0; 252 } 253 } 254 memcpy(&data->fi, smb2_data, sizeof(data->fi)); 255 } 256 257 *oplock = smb2_oplock; 258 out: 259 free_rsp_buf(err_buftype, err_iov.iov_base); 260 kfree(smb2_path); 261 return rc; 262 } 263 264 int 265 smb2_unlock_range(struct cifsFileInfo *cfile, struct file_lock *flock, 266 const unsigned int xid) 267 { 268 int rc = 0, stored_rc; 269 unsigned int max_num, num = 0, max_buf; 270 struct smb2_lock_element *buf, *cur; 271 struct cifs_tcon *tcon = tlink_tcon(cfile->tlink); 272 struct cifsInodeInfo *cinode = CIFS_I(d_inode(cfile->dentry)); 273 struct cifsLockInfo *li, *tmp; 274 __u64 length = 1 + flock->fl_end - flock->fl_start; 275 LIST_HEAD(tmp_llist); 276 277 /* 278 * Accessing maxBuf is racy with cifs_reconnect - need to store value 279 * and check it before using. 280 */ 281 max_buf = tcon->ses->server->maxBuf; 282 if (max_buf < sizeof(struct smb2_lock_element)) 283 return -EINVAL; 284 285 BUILD_BUG_ON(sizeof(struct smb2_lock_element) > PAGE_SIZE); 286 max_buf = min_t(unsigned int, max_buf, PAGE_SIZE); 287 max_num = max_buf / sizeof(struct smb2_lock_element); 288 buf = kzalloc_objs(struct smb2_lock_element, max_num); 289 if (!buf) 290 return -ENOMEM; 291 292 cur = buf; 293 294 cifs_down_write(&cinode->lock_sem); 295 list_for_each_entry_safe(li, tmp, &cfile->llist->locks, llist) { 296 if (flock->fl_start > li->offset || 297 (flock->fl_start + length) < 298 (li->offset + li->length)) 299 continue; 300 if (current->tgid != li->pid) 301 /* 302 * flock and OFD lock are associated with an open 303 * file description, not the process. 304 */ 305 if (!(flock->c.flc_flags & (FL_FLOCK | FL_OFDLCK))) 306 continue; 307 if (cinode->can_cache_brlcks) { 308 /* 309 * We can cache brlock requests - simply remove a lock 310 * from the file's list. 311 */ 312 list_del(&li->llist); 313 cifs_del_lock_waiters(li); 314 kfree(li); 315 continue; 316 } 317 cur->Length = cpu_to_le64(li->length); 318 cur->Offset = cpu_to_le64(li->offset); 319 cur->Flags = cpu_to_le32(SMB2_LOCKFLAG_UNLOCK); 320 /* 321 * We need to save a lock here to let us add it again to the 322 * file's list if the unlock range request fails on the server. 323 */ 324 list_move(&li->llist, &tmp_llist); 325 if (++num == max_num) { 326 stored_rc = smb2_lockv(xid, tcon, 327 cfile->fid.persistent_fid, 328 cfile->fid.volatile_fid, 329 current->tgid, num, buf); 330 if (stored_rc) { 331 /* 332 * We failed on the unlock range request - add 333 * all locks from the tmp list to the head of 334 * the file's list. 335 */ 336 cifs_move_llist(&tmp_llist, 337 &cfile->llist->locks); 338 rc = stored_rc; 339 } else 340 /* 341 * The unlock range request succeed - free the 342 * tmp list. 343 */ 344 cifs_free_llist(&tmp_llist); 345 cur = buf; 346 num = 0; 347 } else 348 cur++; 349 } 350 if (num) { 351 stored_rc = smb2_lockv(xid, tcon, cfile->fid.persistent_fid, 352 cfile->fid.volatile_fid, current->tgid, 353 num, buf); 354 if (stored_rc) { 355 cifs_move_llist(&tmp_llist, &cfile->llist->locks); 356 rc = stored_rc; 357 } else 358 cifs_free_llist(&tmp_llist); 359 } 360 up_write(&cinode->lock_sem); 361 362 kfree(buf); 363 return rc; 364 } 365 366 static int 367 smb2_push_mand_fdlocks(struct cifs_fid_locks *fdlocks, const unsigned int xid, 368 struct smb2_lock_element *buf, unsigned int max_num) 369 { 370 int rc = 0, stored_rc; 371 struct cifsFileInfo *cfile = fdlocks->cfile; 372 struct cifsLockInfo *li; 373 unsigned int num = 0; 374 struct smb2_lock_element *cur = buf; 375 struct cifs_tcon *tcon = tlink_tcon(cfile->tlink); 376 377 list_for_each_entry(li, &fdlocks->locks, llist) { 378 cur->Length = cpu_to_le64(li->length); 379 cur->Offset = cpu_to_le64(li->offset); 380 cur->Flags = cpu_to_le32(li->type | 381 SMB2_LOCKFLAG_FAIL_IMMEDIATELY); 382 if (++num == max_num) { 383 stored_rc = smb2_lockv(xid, tcon, 384 cfile->fid.persistent_fid, 385 cfile->fid.volatile_fid, 386 current->tgid, num, buf); 387 if (stored_rc) 388 rc = stored_rc; 389 cur = buf; 390 num = 0; 391 } else 392 cur++; 393 } 394 if (num) { 395 stored_rc = smb2_lockv(xid, tcon, 396 cfile->fid.persistent_fid, 397 cfile->fid.volatile_fid, 398 current->tgid, num, buf); 399 if (stored_rc) 400 rc = stored_rc; 401 } 402 403 return rc; 404 } 405 406 int 407 smb2_push_mandatory_locks(struct cifsFileInfo *cfile) 408 { 409 int rc = 0, stored_rc; 410 unsigned int xid; 411 unsigned int max_num, max_buf; 412 struct smb2_lock_element *buf; 413 struct cifsInodeInfo *cinode = CIFS_I(d_inode(cfile->dentry)); 414 struct cifs_fid_locks *fdlocks; 415 416 xid = get_xid(); 417 418 /* 419 * Accessing maxBuf is racy with cifs_reconnect - need to store value 420 * and check it for zero before using. 421 */ 422 max_buf = tlink_tcon(cfile->tlink)->ses->server->maxBuf; 423 if (max_buf < sizeof(struct smb2_lock_element)) { 424 free_xid(xid); 425 return -EINVAL; 426 } 427 428 BUILD_BUG_ON(sizeof(struct smb2_lock_element) > PAGE_SIZE); 429 max_buf = min_t(unsigned int, max_buf, PAGE_SIZE); 430 max_num = max_buf / sizeof(struct smb2_lock_element); 431 buf = kzalloc_objs(struct smb2_lock_element, max_num); 432 if (!buf) { 433 free_xid(xid); 434 return -ENOMEM; 435 } 436 437 list_for_each_entry(fdlocks, &cinode->llist, llist) { 438 stored_rc = smb2_push_mand_fdlocks(fdlocks, xid, buf, max_num); 439 if (stored_rc) 440 rc = stored_rc; 441 } 442 443 kfree(buf); 444 free_xid(xid); 445 return rc; 446 } 447