]> git.ipfire.org Git - thirdparty/linux.git/blob - fs/smb/client/smb2pdu.c
projects / thirdparty / linux.git / blob
? search:


0d4351e430695ec90f1d2331f26dc90963bd2233
[thirdparty/linux.git] / fs / smb / client / smb2pdu.c
1 // SPDX-License-Identifier: LGPL-2.1
2 /*
3 *
4 * Copyright (C) International Business Machines Corp., 2009, 2013
5 * Etersoft, 2012
6 * Author(s): Steve French (sfrench@us.ibm.com)
7 * Pavel Shilovsky (pshilovsky@samba.org) 2012
8 *
9 * Contains the routines for constructing the SMB2 PDUs themselves
10 *
11 */
12
13 /* SMB2 PDU handling routines here - except for leftovers (eg session setup) */
14 /* Note that there are handle based routines which must be */
15 /* treated slightly differently for reconnection purposes since we never */
16 /* want to reuse a stale file handle and only the caller knows the file info */
17
18 #include <linux/fs.h>
19 #include <linux/kernel.h>
20 #include <linux/vfs.h>
21 #include <linux/task_io_accounting_ops.h>
22 #include <linux/uaccess.h>
23 #include <linux/uuid.h>
24 #include <linux/pagemap.h>
25 #include <linux/xattr.h>
26 #include "cifsglob.h"
27 #include "cifsacl.h"
28 #include "cifsproto.h"
29 #include "smb2proto.h"
30 #include "cifs_unicode.h"
31 #include "cifs_debug.h"
32 #include "ntlmssp.h"
33 #include "smb2status.h"
34 #include "smb2glob.h"
35 #include "cifspdu.h"
36 #include "cifs_spnego.h"
37 #include "smbdirect.h"
38 #include "trace.h"
39 #ifdef CONFIG_CIFS_DFS_UPCALL
40 #include "dfs_cache.h"
41 #endif
42 #include "cached_dir.h"
43
44 /*
45 * The following table defines the expected "StructureSize" of SMB2 requests
46 * in order by SMB2 command. This is similar to "wct" in SMB/CIFS requests.
47 *
48 * Note that commands are defined in smb2pdu.h in le16 but the array below is
49 * indexed by command in host byte order.
50 */
51 static const int smb2_req_struct_sizes[NUMBER_OF_SMB2_COMMANDS] = {
52 /* SMB2_NEGOTIATE */ 36,
53 /* SMB2_SESSION_SETUP */ 25,
54 /* SMB2_LOGOFF */ 4,
55 /* SMB2_TREE_CONNECT */ 9,
56 /* SMB2_TREE_DISCONNECT */ 4,
57 /* SMB2_CREATE */ 57,
58 /* SMB2_CLOSE */ 24,
59 /* SMB2_FLUSH */ 24,
60 /* SMB2_READ */ 49,
61 /* SMB2_WRITE */ 49,
62 /* SMB2_LOCK */ 48,
63 /* SMB2_IOCTL */ 57,
64 /* SMB2_CANCEL */ 4,
65 /* SMB2_ECHO */ 4,
66 /* SMB2_QUERY_DIRECTORY */ 33,
67 /* SMB2_CHANGE_NOTIFY */ 32,
68 /* SMB2_QUERY_INFO */ 41,
69 /* SMB2_SET_INFO */ 33,
70 /* SMB2_OPLOCK_BREAK */ 24 /* BB this is 36 for LEASE_BREAK variant */
71 };
72
73 int smb3_encryption_required(const struct cifs_tcon *tcon)
74 {
75 if (!tcon || !tcon->ses)
76 return 0;
77 if ((tcon->ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) ||
78 (tcon->share_flags & SHI1005_FLAGS_ENCRYPT_DATA))
79 return 1;
80 if (tcon->seal &&
81 (tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
82 return 1;
83 return 0;
84 }
85
86 static void
87 smb2_hdr_assemble(struct smb2_hdr *shdr, __le16 smb2_cmd,
88 const struct cifs_tcon *tcon,
89 struct TCP_Server_Info *server)
90 {
91 struct smb3_hdr_req *smb3_hdr;
92
93 shdr->ProtocolId = SMB2_PROTO_NUMBER;
94 shdr->StructureSize = cpu_to_le16(64);
95 shdr->Command = smb2_cmd;
96
97 if (server) {
98 /* After reconnect SMB3 must set ChannelSequence on subsequent reqs */
99 if (server->dialect >= SMB30_PROT_ID) {
100 smb3_hdr = (struct smb3_hdr_req *)shdr;
101 /*
102 * if primary channel is not set yet, use default
103 * channel for chan sequence num
104 */
105 if (SERVER_IS_CHAN(server))
106 smb3_hdr->ChannelSequence =
107 cpu_to_le16(server->primary_server->channel_sequence_num);
108 else
109 smb3_hdr->ChannelSequence =
110 cpu_to_le16(server->channel_sequence_num);
111 }
112 spin_lock(&server->req_lock);
113 /* Request up to 10 credits but don't go over the limit. */
114 if (server->credits >= server->max_credits)
115 shdr->CreditRequest = cpu_to_le16(0);
116 else
117 shdr->CreditRequest = cpu_to_le16(
118 min_t(int, server->max_credits -
119 server->credits, 10));
120 spin_unlock(&server->req_lock);
121 } else {
122 shdr->CreditRequest = cpu_to_le16(2);
123 }
124 shdr->Id.SyncId.ProcessId = cpu_to_le32((__u16)current->tgid);
125
126 if (!tcon)
127 goto out;
128
129 /* GLOBAL_CAP_LARGE_MTU will only be set if dialect > SMB2.02 */
130 /* See sections 2.2.4 and 3.2.4.1.5 of MS-SMB2 */
131 if (server && (server->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU))
132 shdr->CreditCharge = cpu_to_le16(1);
133 /* else CreditCharge MBZ */
134
135 shdr->Id.SyncId.TreeId = cpu_to_le32(tcon->tid);
136 /* Uid is not converted */
137 if (tcon->ses)
138 shdr->SessionId = cpu_to_le64(tcon->ses->Suid);
139
140 /*
141 * If we would set SMB2_FLAGS_DFS_OPERATIONS on open we also would have
142 * to pass the path on the Open SMB prefixed by \\server\share.
143 * Not sure when we would need to do the augmented path (if ever) and
144 * setting this flag breaks the SMB2 open operation since it is
145 * illegal to send an empty path name (without \\server\share prefix)
146 * when the DFS flag is set in the SMB open header. We could
147 * consider setting the flag on all operations other than open
148 * but it is safer to net set it for now.
149 */
150 /* if (tcon->share_flags & SHI1005_FLAGS_DFS)
151 shdr->Flags |= SMB2_FLAGS_DFS_OPERATIONS; */
152
153 if (server && server->sign && !smb3_encryption_required(tcon))
154 shdr->Flags |= SMB2_FLAGS_SIGNED;
155 out:
156 return;
157 }
158
159 static int
160 smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon,
161 struct TCP_Server_Info *server)
162 {
163 int rc = 0;
164 struct nls_table *nls_codepage = NULL;
165 struct cifs_ses *ses;
166 int xid;
167
168 /*
169 * SMB2s NegProt, SessSetup, Logoff do not have tcon yet so
170 * check for tcp and smb session status done differently
171 * for those three - in the calling routine.
172 */
173 if (tcon == NULL)
174 return 0;
175
176 /*
177 * Need to also skip SMB2_IOCTL because it is used for checking nested dfs links in
178 * cifs_tree_connect().
179 */
180 if (smb2_command == SMB2_TREE_CONNECT || smb2_command == SMB2_IOCTL)
181 return 0;
182
183 spin_lock(&tcon->tc_lock);
184 if (tcon->status == TID_EXITING) {
185 /*
186 * only tree disconnect allowed when disconnecting ...
187 */
188 if (smb2_command != SMB2_TREE_DISCONNECT) {
189 spin_unlock(&tcon->tc_lock);
190 cifs_dbg(FYI, "can not send cmd %d while umounting\n",
191 smb2_command);
192 return -ENODEV;
193 }
194 }
195 spin_unlock(&tcon->tc_lock);
196
197 ses = tcon->ses;
198 if (!ses)
199 return -EIO;
200 spin_lock(&ses->ses_lock);
201 if (ses->ses_status == SES_EXITING) {
202 spin_unlock(&ses->ses_lock);
203 return -EIO;
204 }
205 spin_unlock(&ses->ses_lock);
206 if (!ses->server || !server)
207 return -EIO;
208
209 spin_lock(&server->srv_lock);
210 if (server->tcpStatus == CifsNeedReconnect) {
211 /*
212 * Return to caller for TREE_DISCONNECT and LOGOFF and CLOSE
213 * here since they are implicitly done when session drops.
214 */
215 switch (smb2_command) {
216 /*
217 * BB Should we keep oplock break and add flush to exceptions?
218 */
219 case SMB2_TREE_DISCONNECT:
220 case SMB2_CANCEL:
221 case SMB2_CLOSE:
222 case SMB2_OPLOCK_BREAK:
223 spin_unlock(&server->srv_lock);
224 return -EAGAIN;
225 }
226 }
227 spin_unlock(&server->srv_lock);
228
229 again:
230 rc = cifs_wait_for_server_reconnect(server, tcon->retry);
231 if (rc)
232 return rc;
233
234 spin_lock(&ses->chan_lock);
235 if (!cifs_chan_needs_reconnect(ses, server) && !tcon->need_reconnect) {
236 spin_unlock(&ses->chan_lock);
237 return 0;
238 }
239 spin_unlock(&ses->chan_lock);
240 cifs_dbg(FYI, "sess reconnect mask: 0x%lx, tcon reconnect: %d",
241 tcon->ses->chans_need_reconnect,
242 tcon->need_reconnect);
243
244 mutex_lock(&ses->session_mutex);
245 /*
246 * Recheck after acquire mutex. If another thread is negotiating
247 * and the server never sends an answer the socket will be closed
248 * and tcpStatus set to reconnect.
249 */
250 spin_lock(&server->srv_lock);
251 if (server->tcpStatus == CifsNeedReconnect) {
252 spin_unlock(&server->srv_lock);
253 mutex_unlock(&ses->session_mutex);
254
255 if (tcon->retry)
256 goto again;
257
258 rc = -EHOSTDOWN;
259 goto out;
260 }
261 spin_unlock(&server->srv_lock);
262
263 nls_codepage = ses->local_nls;
264
265 /*
266 * need to prevent multiple threads trying to simultaneously
267 * reconnect the same SMB session
268 */
269 spin_lock(&ses->ses_lock);
270 spin_lock(&ses->chan_lock);
271 if (!cifs_chan_needs_reconnect(ses, server) &&
272 ses->ses_status == SES_GOOD) {
273 spin_unlock(&ses->chan_lock);
274 spin_unlock(&ses->ses_lock);
275 /* this means that we only need to tree connect */
276 if (tcon->need_reconnect)
277 goto skip_sess_setup;
278
279 mutex_unlock(&ses->session_mutex);
280 goto out;
281 }
282 spin_unlock(&ses->chan_lock);
283 spin_unlock(&ses->ses_lock);
284
285 rc = cifs_negotiate_protocol(0, ses, server);
286 if (!rc) {
287 rc = cifs_setup_session(0, ses, server, nls_codepage);
288 if ((rc == -EACCES) && !tcon->retry) {
289 mutex_unlock(&ses->session_mutex);
290 rc = -EHOSTDOWN;
291 goto failed;
292 } else if (rc) {
293 mutex_unlock(&ses->session_mutex);
294 goto out;
295 }
296 } else {
297 mutex_unlock(&ses->session_mutex);
298 goto out;
299 }
300
301 skip_sess_setup:
302 if (!tcon->need_reconnect) {
303 mutex_unlock(&ses->session_mutex);
304 goto out;
305 }
306 cifs_mark_open_files_invalid(tcon);
307 if (tcon->use_persistent)
308 tcon->need_reopen_files = true;
309
310 rc = cifs_tree_connect(0, tcon, nls_codepage);
311
312 cifs_dbg(FYI, "reconnect tcon rc = %d\n", rc);
313 if (rc) {
314 /* If sess reconnected but tcon didn't, something strange ... */
315 mutex_unlock(&ses->session_mutex);
316 cifs_dbg(VFS, "reconnect tcon failed rc = %d\n", rc);
317 goto out;
318 }
319
320 if (!rc &&
321 (server->capabilities & SMB2_GLOBAL_CAP_MULTI_CHANNEL)) {
322 mutex_unlock(&ses->session_mutex);
323
324 /*
325 * query server network interfaces, in case they change
326 */
327 xid = get_xid();
328 rc = SMB3_request_interfaces(xid, tcon, false);
329 free_xid(xid);
330
331 if (rc)
332 cifs_dbg(FYI, "%s: failed to query server interfaces: %d\n",
333 __func__, rc);
334
335 if (ses->chan_max > ses->chan_count &&
336 !SERVER_IS_CHAN(server)) {
337 if (ses->chan_count == 1)
338 cifs_server_dbg(VFS, "supports multichannel now\n");
339
340 cifs_try_adding_channels(ses);
341 }
342 } else {
343 mutex_unlock(&ses->session_mutex);
344 }
345
346 if (smb2_command != SMB2_INTERNAL_CMD)
347 if (mod_delayed_work(cifsiod_wq, &server->reconnect, 0))
348 cifs_put_tcp_session(server, false);
349
350 atomic_inc(&tconInfoReconnectCount);
351 out:
352 /*
353 * Check if handle based operation so we know whether we can continue
354 * or not without returning to caller to reset file handle.
355 */
356 /*
357 * BB Is flush done by server on drop of tcp session? Should we special
358 * case it and skip above?
359 */
360 switch (smb2_command) {
361 case SMB2_FLUSH:
362 case SMB2_READ:
363 case SMB2_WRITE:
364 case SMB2_LOCK:
365 case SMB2_QUERY_DIRECTORY:
366 case SMB2_CHANGE_NOTIFY:
367 case SMB2_QUERY_INFO:
368 case SMB2_SET_INFO:
369 rc = -EAGAIN;
370 }
371 failed:
372 return rc;
373 }
374
375 static void
376 fill_small_buf(__le16 smb2_command, struct cifs_tcon *tcon,
377 struct TCP_Server_Info *server,
378 void *buf,
379 unsigned int *total_len)
380 {
381 struct smb2_pdu *spdu = buf;
382 /* lookup word count ie StructureSize from table */
383 __u16 parmsize = smb2_req_struct_sizes[le16_to_cpu(smb2_command)];
384
385 /*
386 * smaller than SMALL_BUFFER_SIZE but bigger than fixed area of
387 * largest operations (Create)
388 */
389 memset(buf, 0, 256);
390
391 smb2_hdr_assemble(&spdu->hdr, smb2_command, tcon, server);
392 spdu->StructureSize2 = cpu_to_le16(parmsize);
393
394 *total_len = parmsize + sizeof(struct smb2_hdr);
395 }
396
397 /*
398 * Allocate and return pointer to an SMB request hdr, and set basic
399 * SMB information in the SMB header. If the return code is zero, this
400 * function must have filled in request_buf pointer.
401 */
402 static int __smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon,
403 struct TCP_Server_Info *server,
404 void **request_buf, unsigned int *total_len)
405 {
406 /* BB eventually switch this to SMB2 specific small buf size */
407 if (smb2_command == SMB2_SET_INFO)
408 *request_buf = cifs_buf_get();
409 else
410 *request_buf = cifs_small_buf_get();
411 if (*request_buf == NULL) {
412 /* BB should we add a retry in here if not a writepage? */
413 return -ENOMEM;
414 }
415
416 fill_small_buf(smb2_command, tcon, server,
417 (struct smb2_hdr *)(*request_buf),
418 total_len);
419
420 if (tcon != NULL) {
421 uint16_t com_code = le16_to_cpu(smb2_command);
422 cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_sent[com_code]);
423 cifs_stats_inc(&tcon->num_smbs_sent);
424 }
425
426 return 0;
427 }
428
429 static int smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon,
430 struct TCP_Server_Info *server,
431 void **request_buf, unsigned int *total_len)
432 {
433 int rc;
434
435 rc = smb2_reconnect(smb2_command, tcon, server);
436 if (rc)
437 return rc;
438
439 return __smb2_plain_req_init(smb2_command, tcon, server, request_buf,
440 total_len);
441 }
442
443 static int smb2_ioctl_req_init(u32 opcode, struct cifs_tcon *tcon,
444 struct TCP_Server_Info *server,
445 void **request_buf, unsigned int *total_len)
446 {
447 /* Skip reconnect only for FSCTL_VALIDATE_NEGOTIATE_INFO IOCTLs */
448 if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO) {
449 return __smb2_plain_req_init(SMB2_IOCTL, tcon, server,
450 request_buf, total_len);
451 }
452 return smb2_plain_req_init(SMB2_IOCTL, tcon, server,
453 request_buf, total_len);
454 }
455
456 /* For explanation of negotiate contexts see MS-SMB2 section 2.2.3.1 */
457
458 static void
459 build_preauth_ctxt(struct smb2_preauth_neg_context *pneg_ctxt)
460 {
461 pneg_ctxt->ContextType = SMB2_PREAUTH_INTEGRITY_CAPABILITIES;
462 pneg_ctxt->DataLength = cpu_to_le16(38);
463 pneg_ctxt->HashAlgorithmCount = cpu_to_le16(1);
464 pneg_ctxt->SaltLength = cpu_to_le16(SMB311_SALT_SIZE);
465 get_random_bytes(pneg_ctxt->Salt, SMB311_SALT_SIZE);
466 pneg_ctxt->HashAlgorithms = SMB2_PREAUTH_INTEGRITY_SHA512;
467 }
468
469 static void
470 build_compression_ctxt(struct smb2_compression_capabilities_context *pneg_ctxt)
471 {
472 pneg_ctxt->ContextType = SMB2_COMPRESSION_CAPABILITIES;
473 pneg_ctxt->DataLength =
474 cpu_to_le16(sizeof(struct smb2_compression_capabilities_context)
475 - sizeof(struct smb2_neg_context));
476 pneg_ctxt->CompressionAlgorithmCount = cpu_to_le16(3);
477 pneg_ctxt->CompressionAlgorithms[0] = SMB3_COMPRESS_LZ77;
478 pneg_ctxt->CompressionAlgorithms[1] = SMB3_COMPRESS_LZ77_HUFF;
479 pneg_ctxt->CompressionAlgorithms[2] = SMB3_COMPRESS_LZNT1;
480 }
481
482 static unsigned int
483 build_signing_ctxt(struct smb2_signing_capabilities *pneg_ctxt)
484 {
485 unsigned int ctxt_len = sizeof(struct smb2_signing_capabilities);
486 unsigned short num_algs = 1; /* number of signing algorithms sent */
487
488 pneg_ctxt->ContextType = SMB2_SIGNING_CAPABILITIES;
489 /*
490 * Context Data length must be rounded to multiple of 8 for some servers
491 */
492 pneg_ctxt->DataLength = cpu_to_le16(ALIGN(sizeof(struct smb2_signing_capabilities) -
493 sizeof(struct smb2_neg_context) +
494 (num_algs * sizeof(u16)), 8));
495 pneg_ctxt->SigningAlgorithmCount = cpu_to_le16(num_algs);
496 pneg_ctxt->SigningAlgorithms[0] = cpu_to_le16(SIGNING_ALG_AES_CMAC);
497
498 ctxt_len += sizeof(__le16) * num_algs;
499 ctxt_len = ALIGN(ctxt_len, 8);
500 return ctxt_len;
501 /* TBD add SIGNING_ALG_AES_GMAC and/or SIGNING_ALG_HMAC_SHA256 */
502 }
503
504 static void
505 build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt)
506 {
507 pneg_ctxt->ContextType = SMB2_ENCRYPTION_CAPABILITIES;
508 if (require_gcm_256) {
509 pneg_ctxt->DataLength = cpu_to_le16(4); /* Cipher Count + 1 cipher */
510 pneg_ctxt->CipherCount = cpu_to_le16(1);
511 pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES256_GCM;
512 } else if (enable_gcm_256) {
513 pneg_ctxt->DataLength = cpu_to_le16(8); /* Cipher Count + 3 ciphers */
514 pneg_ctxt->CipherCount = cpu_to_le16(3);
515 pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_GCM;
516 pneg_ctxt->Ciphers[1] = SMB2_ENCRYPTION_AES256_GCM;
517 pneg_ctxt->Ciphers[2] = SMB2_ENCRYPTION_AES128_CCM;
518 } else {
519 pneg_ctxt->DataLength = cpu_to_le16(6); /* Cipher Count + 2 ciphers */
520 pneg_ctxt->CipherCount = cpu_to_le16(2);
521 pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_GCM;
522 pneg_ctxt->Ciphers[1] = SMB2_ENCRYPTION_AES128_CCM;
523 }
524 }
525
526 static unsigned int
527 build_netname_ctxt(struct smb2_netname_neg_context *pneg_ctxt, char *hostname)
528 {
529 struct nls_table *cp = load_nls_default();
530
531 pneg_ctxt->ContextType = SMB2_NETNAME_NEGOTIATE_CONTEXT_ID;
532
533 /* copy up to max of first 100 bytes of server name to NetName field */
534 pneg_ctxt->DataLength = cpu_to_le16(2 * cifs_strtoUTF16(pneg_ctxt->NetName, hostname, 100, cp));
535 /* context size is DataLength + minimal smb2_neg_context */
536 return ALIGN(le16_to_cpu(pneg_ctxt->DataLength) + sizeof(struct smb2_neg_context), 8);
537 }
538
539 static void
540 build_posix_ctxt(struct smb2_posix_neg_context *pneg_ctxt)
541 {
542 pneg_ctxt->ContextType = SMB2_POSIX_EXTENSIONS_AVAILABLE;
543 pneg_ctxt->DataLength = cpu_to_le16(POSIX_CTXT_DATA_LEN);
544 /* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */
545 pneg_ctxt->Name[0] = 0x93;
546 pneg_ctxt->Name[1] = 0xAD;
547 pneg_ctxt->Name[2] = 0x25;
548 pneg_ctxt->Name[3] = 0x50;
549 pneg_ctxt->Name[4] = 0x9C;
550 pneg_ctxt->Name[5] = 0xB4;
551 pneg_ctxt->Name[6] = 0x11;
552 pneg_ctxt->Name[7] = 0xE7;
553 pneg_ctxt->Name[8] = 0xB4;
554 pneg_ctxt->Name[9] = 0x23;
555 pneg_ctxt->Name[10] = 0x83;
556 pneg_ctxt->Name[11] = 0xDE;
557 pneg_ctxt->Name[12] = 0x96;
558 pneg_ctxt->Name[13] = 0x8B;
559 pneg_ctxt->Name[14] = 0xCD;
560 pneg_ctxt->Name[15] = 0x7C;
561 }
562
563 static void
564 assemble_neg_contexts(struct smb2_negotiate_req *req,
565 struct TCP_Server_Info *server, unsigned int *total_len)
566 {
567 unsigned int ctxt_len, neg_context_count;
568 struct TCP_Server_Info *pserver;
569 char *pneg_ctxt;
570 char *hostname;
571
572 if (*total_len > 200) {
573 /* In case length corrupted don't want to overrun smb buffer */
574 cifs_server_dbg(VFS, "Bad frame length assembling neg contexts\n");
575 return;
576 }
577
578 /*
579 * round up total_len of fixed part of SMB3 negotiate request to 8
580 * byte boundary before adding negotiate contexts
581 */
582 *total_len = ALIGN(*total_len, 8);
583
584 pneg_ctxt = (*total_len) + (char *)req;
585 req->NegotiateContextOffset = cpu_to_le32(*total_len);
586
587 build_preauth_ctxt((struct smb2_preauth_neg_context *)pneg_ctxt);
588 ctxt_len = ALIGN(sizeof(struct smb2_preauth_neg_context), 8);
589 *total_len += ctxt_len;
590 pneg_ctxt += ctxt_len;
591
592 build_encrypt_ctxt((struct smb2_encryption_neg_context *)pneg_ctxt);
593 ctxt_len = ALIGN(sizeof(struct smb2_encryption_neg_context), 8);
594 *total_len += ctxt_len;
595 pneg_ctxt += ctxt_len;
596
597 /*
598 * secondary channels don't have the hostname field populated
599 * use the hostname field in the primary channel instead
600 */
601 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server;
602 cifs_server_lock(pserver);
603 hostname = pserver->hostname;
604 if (hostname && (hostname[0] != 0)) {
605 ctxt_len = build_netname_ctxt((struct smb2_netname_neg_context *)pneg_ctxt,
606 hostname);
607 *total_len += ctxt_len;
608 pneg_ctxt += ctxt_len;
609 neg_context_count = 3;
610 } else
611 neg_context_count = 2;
612 cifs_server_unlock(pserver);
613
614 build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt);
615 *total_len += sizeof(struct smb2_posix_neg_context);
616 pneg_ctxt += sizeof(struct smb2_posix_neg_context);
617 neg_context_count++;
618
619 if (server->compress_algorithm) {
620 build_compression_ctxt((struct smb2_compression_capabilities_context *)
621 pneg_ctxt);
622 ctxt_len = ALIGN(sizeof(struct smb2_compression_capabilities_context), 8);
623 *total_len += ctxt_len;
624 pneg_ctxt += ctxt_len;
625 neg_context_count++;
626 }
627
628 if (enable_negotiate_signing) {
629 ctxt_len = build_signing_ctxt((struct smb2_signing_capabilities *)
630 pneg_ctxt);
631 *total_len += ctxt_len;
632 pneg_ctxt += ctxt_len;
633 neg_context_count++;
634 }
635
636 /* check for and add transport_capabilities and signing capabilities */
637 req->NegotiateContextCount = cpu_to_le16(neg_context_count);
638
639 }
640
641 /* If invalid preauth context warn but use what we requested, SHA-512 */
642 static void decode_preauth_context(struct smb2_preauth_neg_context *ctxt)
643 {
644 unsigned int len = le16_to_cpu(ctxt->DataLength);
645
646 /*
647 * Caller checked that DataLength remains within SMB boundary. We still
648 * need to confirm that one HashAlgorithms member is accounted for.
649 */
650 if (len < MIN_PREAUTH_CTXT_DATA_LEN) {
651 pr_warn_once("server sent bad preauth context\n");
652 return;
653 } else if (len < MIN_PREAUTH_CTXT_DATA_LEN + le16_to_cpu(ctxt->SaltLength)) {
654 pr_warn_once("server sent invalid SaltLength\n");
655 return;
656 }
657 if (le16_to_cpu(ctxt->HashAlgorithmCount) != 1)
658 pr_warn_once("Invalid SMB3 hash algorithm count\n");
659 if (ctxt->HashAlgorithms != SMB2_PREAUTH_INTEGRITY_SHA512)
660 pr_warn_once("unknown SMB3 hash algorithm\n");
661 }
662
663 static void decode_compress_ctx(struct TCP_Server_Info *server,
664 struct smb2_compression_capabilities_context *ctxt)
665 {
666 unsigned int len = le16_to_cpu(ctxt->DataLength);
667
668 /*
669 * Caller checked that DataLength remains within SMB boundary. We still
670 * need to confirm that one CompressionAlgorithms member is accounted
671 * for.
672 */
673 if (len < 10) {
674 pr_warn_once("server sent bad compression cntxt\n");
675 return;
676 }
677 if (le16_to_cpu(ctxt->CompressionAlgorithmCount) != 1) {
678 pr_warn_once("Invalid SMB3 compress algorithm count\n");
679 return;
680 }
681 if (le16_to_cpu(ctxt->CompressionAlgorithms[0]) > 3) {
682 pr_warn_once("unknown compression algorithm\n");
683 return;
684 }
685 server->compress_algorithm = ctxt->CompressionAlgorithms[0];
686 }
687
688 static int decode_encrypt_ctx(struct TCP_Server_Info *server,
689 struct smb2_encryption_neg_context *ctxt)
690 {
691 unsigned int len = le16_to_cpu(ctxt->DataLength);
692
693 cifs_dbg(FYI, "decode SMB3.11 encryption neg context of len %d\n", len);
694 /*
695 * Caller checked that DataLength remains within SMB boundary. We still
696 * need to confirm that one Cipher flexible array member is accounted
697 * for.
698 */
699 if (len < MIN_ENCRYPT_CTXT_DATA_LEN) {
700 pr_warn_once("server sent bad crypto ctxt len\n");
701 return -EINVAL;
702 }
703
704 if (le16_to_cpu(ctxt->CipherCount) != 1) {
705 pr_warn_once("Invalid SMB3.11 cipher count\n");
706 return -EINVAL;
707 }
708 cifs_dbg(FYI, "SMB311 cipher type:%d\n", le16_to_cpu(ctxt->Ciphers[0]));
709 if (require_gcm_256) {
710 if (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES256_GCM) {
711 cifs_dbg(VFS, "Server does not support requested encryption type (AES256 GCM)\n");
712 return -EOPNOTSUPP;
713 }
714 } else if (ctxt->Ciphers[0] == 0) {
715 /*
716 * e.g. if server only supported AES256_CCM (very unlikely)
717 * or server supported no encryption types or had all disabled.
718 * Since GLOBAL_CAP_ENCRYPTION will be not set, in the case
719 * in which mount requested encryption ("seal") checks later
720 * on during tree connection will return proper rc, but if
721 * seal not requested by client, since server is allowed to
722 * return 0 to indicate no supported cipher, we can't fail here
723 */
724 server->cipher_type = 0;
725 server->capabilities &= ~SMB2_GLOBAL_CAP_ENCRYPTION;
726 pr_warn_once("Server does not support requested encryption types\n");
727 return 0;
728 } else if ((ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_CCM) &&
729 (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_GCM) &&
730 (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES256_GCM)) {
731 /* server returned a cipher we didn't ask for */
732 pr_warn_once("Invalid SMB3.11 cipher returned\n");
733 return -EINVAL;
734 }
735 server->cipher_type = ctxt->Ciphers[0];
736 server->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION;
737 return 0;
738 }
739
740 static void decode_signing_ctx(struct TCP_Server_Info *server,
741 struct smb2_signing_capabilities *pctxt)
742 {
743 unsigned int len = le16_to_cpu(pctxt->DataLength);
744
745 /*
746 * Caller checked that DataLength remains within SMB boundary. We still
747 * need to confirm that one SigningAlgorithms flexible array member is
748 * accounted for.
749 */
750 if ((len < 4) || (len > 16)) {
751 pr_warn_once("server sent bad signing negcontext\n");
752 return;
753 }
754 if (le16_to_cpu(pctxt->SigningAlgorithmCount) != 1) {
755 pr_warn_once("Invalid signing algorithm count\n");
756 return;
757 }
758 if (le16_to_cpu(pctxt->SigningAlgorithms[0]) > 2) {
759 pr_warn_once("unknown signing algorithm\n");
760 return;
761 }
762
763 server->signing_negotiated = true;
764 server->signing_algorithm = le16_to_cpu(pctxt->SigningAlgorithms[0]);
765 cifs_dbg(FYI, "signing algorithm %d chosen\n",
766 server->signing_algorithm);
767 }
768
769
770 static int smb311_decode_neg_context(struct smb2_negotiate_rsp *rsp,
771 struct TCP_Server_Info *server,
772 unsigned int len_of_smb)
773 {
774 struct smb2_neg_context *pctx;
775 unsigned int offset = le32_to_cpu(rsp->NegotiateContextOffset);
776 unsigned int ctxt_cnt = le16_to_cpu(rsp->NegotiateContextCount);
777 unsigned int len_of_ctxts, i;
778 int rc = 0;
779
780 cifs_dbg(FYI, "decoding %d negotiate contexts\n", ctxt_cnt);
781 if (len_of_smb <= offset) {
782 cifs_server_dbg(VFS, "Invalid response: negotiate context offset\n");
783 return -EINVAL;
784 }
785
786 len_of_ctxts = len_of_smb - offset;
787
788 for (i = 0; i < ctxt_cnt; i++) {
789 int clen;
790 /* check that offset is not beyond end of SMB */
791 if (len_of_ctxts < sizeof(struct smb2_neg_context))
792 break;
793
794 pctx = (struct smb2_neg_context *)(offset + (char *)rsp);
795 clen = sizeof(struct smb2_neg_context)
796 + le16_to_cpu(pctx->DataLength);
797 /*
798 * 2.2.4 SMB2 NEGOTIATE Response
799 * Subsequent negotiate contexts MUST appear at the first 8-byte
800 * aligned offset following the previous negotiate context.
801 */
802 if (i + 1 != ctxt_cnt)
803 clen = ALIGN(clen, 8);
804 if (clen > len_of_ctxts)
805 break;
806
807 if (pctx->ContextType == SMB2_PREAUTH_INTEGRITY_CAPABILITIES)
808 decode_preauth_context(
809 (struct smb2_preauth_neg_context *)pctx);
810 else if (pctx->ContextType == SMB2_ENCRYPTION_CAPABILITIES)
811 rc = decode_encrypt_ctx(server,
812 (struct smb2_encryption_neg_context *)pctx);
813 else if (pctx->ContextType == SMB2_COMPRESSION_CAPABILITIES)
814 decode_compress_ctx(server,
815 (struct smb2_compression_capabilities_context *)pctx);
816 else if (pctx->ContextType == SMB2_POSIX_EXTENSIONS_AVAILABLE)
817 server->posix_ext_supported = true;
818 else if (pctx->ContextType == SMB2_SIGNING_CAPABILITIES)
819 decode_signing_ctx(server,
820 (struct smb2_signing_capabilities *)pctx);
821 else
822 cifs_server_dbg(VFS, "unknown negcontext of type %d ignored\n",
823 le16_to_cpu(pctx->ContextType));
824 if (rc)
825 break;
826
827 offset += clen;
828 len_of_ctxts -= clen;
829 }
830 return rc;
831 }
832
833 static struct create_posix *
834 create_posix_buf(umode_t mode)
835 {
836 struct create_posix *buf;
837
838 buf = kzalloc(sizeof(struct create_posix),
839 GFP_KERNEL);
840 if (!buf)
841 return NULL;
842
843 buf->ccontext.DataOffset =
844 cpu_to_le16(offsetof(struct create_posix, Mode));
845 buf->ccontext.DataLength = cpu_to_le32(4);
846 buf->ccontext.NameOffset =
847 cpu_to_le16(offsetof(struct create_posix, Name));
848 buf->ccontext.NameLength = cpu_to_le16(16);
849
850 /* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */
851 buf->Name[0] = 0x93;
852 buf->Name[1] = 0xAD;
853 buf->Name[2] = 0x25;
854 buf->Name[3] = 0x50;
855 buf->Name[4] = 0x9C;
856 buf->Name[5] = 0xB4;
857 buf->Name[6] = 0x11;
858 buf->Name[7] = 0xE7;
859 buf->Name[8] = 0xB4;
860 buf->Name[9] = 0x23;
861 buf->Name[10] = 0x83;
862 buf->Name[11] = 0xDE;
863 buf->Name[12] = 0x96;
864 buf->Name[13] = 0x8B;
865 buf->Name[14] = 0xCD;
866 buf->Name[15] = 0x7C;
867 buf->Mode = cpu_to_le32(mode);
868 cifs_dbg(FYI, "mode on posix create 0%o\n", mode);
869 return buf;
870 }
871
872 static int
873 add_posix_context(struct kvec *iov, unsigned int *num_iovec, umode_t mode)
874 {
875 unsigned int num = *num_iovec;
876
877 iov[num].iov_base = create_posix_buf(mode);
878 if (mode == ACL_NO_MODE)
879 cifs_dbg(FYI, "%s: no mode\n", __func__);
880 if (iov[num].iov_base == NULL)
881 return -ENOMEM;
882 iov[num].iov_len = sizeof(struct create_posix);
883 *num_iovec = num + 1;
884 return 0;
885 }
886
887
888 /*
889 *
890 * SMB2 Worker functions follow:
891 *
892 * The general structure of the worker functions is:
893 * 1) Call smb2_init (assembles SMB2 header)
894 * 2) Initialize SMB2 command specific fields in fixed length area of SMB
895 * 3) Call smb_sendrcv2 (sends request on socket and waits for response)
896 * 4) Decode SMB2 command specific fields in the fixed length area
897 * 5) Decode variable length data area (if any for this SMB2 command type)
898 * 6) Call free smb buffer
899 * 7) return
900 *
901 */
902
903 int
904 SMB2_negotiate(const unsigned int xid,
905 struct cifs_ses *ses,
906 struct TCP_Server_Info *server)
907 {
908 struct smb_rqst rqst;
909 struct smb2_negotiate_req *req;
910 struct smb2_negotiate_rsp *rsp;
911 struct kvec iov[1];
912 struct kvec rsp_iov;
913 int rc;
914 int resp_buftype;
915 int blob_offset, blob_length;
916 char *security_blob;
917 int flags = CIFS_NEG_OP;
918 unsigned int total_len;
919
920 cifs_dbg(FYI, "Negotiate protocol\n");
921
922 if (!server) {
923 WARN(1, "%s: server is NULL!\n", __func__);
924 return -EIO;
925 }
926
927 rc = smb2_plain_req_init(SMB2_NEGOTIATE, NULL, server,
928 (void **) &req, &total_len);
929 if (rc)
930 return rc;
931
932 req->hdr.SessionId = 0;
933
934 memset(server->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE);
935 memset(ses->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE);
936
937 if (strcmp(server->vals->version_string,
938 SMB3ANY_VERSION_STRING) == 0) {
939 req->Dialects[0] = cpu_to_le16(SMB30_PROT_ID);
940 req->Dialects[1] = cpu_to_le16(SMB302_PROT_ID);
941 req->Dialects[2] = cpu_to_le16(SMB311_PROT_ID);
942 req->DialectCount = cpu_to_le16(3);
943 total_len += 6;
944 } else if (strcmp(server->vals->version_string,
945 SMBDEFAULT_VERSION_STRING) == 0) {
946 req->Dialects[0] = cpu_to_le16(SMB21_PROT_ID);
947 req->Dialects[1] = cpu_to_le16(SMB30_PROT_ID);
948 req->Dialects[2] = cpu_to_le16(SMB302_PROT_ID);
949 req->Dialects[3] = cpu_to_le16(SMB311_PROT_ID);
950 req->DialectCount = cpu_to_le16(4);
951 total_len += 8;
952 } else {
953 /* otherwise send specific dialect */
954 req->Dialects[0] = cpu_to_le16(server->vals->protocol_id);
955 req->DialectCount = cpu_to_le16(1);
956 total_len += 2;
957 }
958
959 /* only one of SMB2 signing flags may be set in SMB2 request */
960 if (ses->sign)
961 req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED);
962 else if (global_secflags & CIFSSEC_MAY_SIGN)
963 req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED);
964 else
965 req->SecurityMode = 0;
966
967 req->Capabilities = cpu_to_le32(server->vals->req_capabilities);
968 if (ses->chan_max > 1)
969 req->Capabilities |= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL);
970
971 /* ClientGUID must be zero for SMB2.02 dialect */
972 if (server->vals->protocol_id == SMB20_PROT_ID)
973 memset(req->ClientGUID, 0, SMB2_CLIENT_GUID_SIZE);
974 else {
975 memcpy(req->ClientGUID, server->client_guid,
976 SMB2_CLIENT_GUID_SIZE);
977 if ((server->vals->protocol_id == SMB311_PROT_ID) ||
978 (strcmp(server->vals->version_string,
979 SMB3ANY_VERSION_STRING) == 0) ||
980 (strcmp(server->vals->version_string,
981 SMBDEFAULT_VERSION_STRING) == 0))
982 assemble_neg_contexts(req, server, &total_len);
983 }
984 iov[0].iov_base = (char *)req;
985 iov[0].iov_len = total_len;
986
987 memset(&rqst, 0, sizeof(struct smb_rqst));
988 rqst.rq_iov = iov;
989 rqst.rq_nvec = 1;
990
991 rc = cifs_send_recv(xid, ses, server,
992 &rqst, &resp_buftype, flags, &rsp_iov);
993 cifs_small_buf_release(req);
994 rsp = (struct smb2_negotiate_rsp *)rsp_iov.iov_base;
995 /*
996 * No tcon so can't do
997 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
998 */
999 if (rc == -EOPNOTSUPP) {
1000 cifs_server_dbg(VFS, "Dialect not supported by server. Consider specifying vers=1.0 or vers=2.0 on mount for accessing older servers\n");
1001 goto neg_exit;
1002 } else if (rc != 0)
1003 goto neg_exit;
1004
1005 rc = -EIO;
1006 if (strcmp(server->vals->version_string,
1007 SMB3ANY_VERSION_STRING) == 0) {
1008 if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) {
1009 cifs_server_dbg(VFS,
1010 "SMB2 dialect returned but not requested\n");
1011 goto neg_exit;
1012 } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) {
1013 cifs_server_dbg(VFS,
1014 "SMB2.1 dialect returned but not requested\n");
1015 goto neg_exit;
1016 } else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) {
1017 /* ops set to 3.0 by default for default so update */
1018 server->ops = &smb311_operations;
1019 server->vals = &smb311_values;
1020 }
1021 } else if (strcmp(server->vals->version_string,
1022 SMBDEFAULT_VERSION_STRING) == 0) {
1023 if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) {
1024 cifs_server_dbg(VFS,
1025 "SMB2 dialect returned but not requested\n");
1026 goto neg_exit;
1027 } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) {
1028 /* ops set to 3.0 by default for default so update */
1029 server->ops = &smb21_operations;
1030 server->vals = &smb21_values;
1031 } else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) {
1032 server->ops = &smb311_operations;
1033 server->vals = &smb311_values;
1034 }
1035 } else if (le16_to_cpu(rsp->DialectRevision) !=
1036 server->vals->protocol_id) {
1037 /* if requested single dialect ensure returned dialect matched */
1038 cifs_server_dbg(VFS, "Invalid 0x%x dialect returned: not requested\n",
1039 le16_to_cpu(rsp->DialectRevision));
1040 goto neg_exit;
1041 }
1042
1043 cifs_dbg(FYI, "mode 0x%x\n", rsp->SecurityMode);
1044
1045 if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID))
1046 cifs_dbg(FYI, "negotiated smb2.0 dialect\n");
1047 else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID))
1048 cifs_dbg(FYI, "negotiated smb2.1 dialect\n");
1049 else if (rsp->DialectRevision == cpu_to_le16(SMB30_PROT_ID))
1050 cifs_dbg(FYI, "negotiated smb3.0 dialect\n");
1051 else if (rsp->DialectRevision == cpu_to_le16(SMB302_PROT_ID))
1052 cifs_dbg(FYI, "negotiated smb3.02 dialect\n");
1053 else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID))
1054 cifs_dbg(FYI, "negotiated smb3.1.1 dialect\n");
1055 else {
1056 cifs_server_dbg(VFS, "Invalid dialect returned by server 0x%x\n",
1057 le16_to_cpu(rsp->DialectRevision));
1058 goto neg_exit;
1059 }
1060
1061 rc = 0;
1062 server->dialect = le16_to_cpu(rsp->DialectRevision);
1063
1064 /*
1065 * Keep a copy of the hash after negprot. This hash will be
1066 * the starting hash value for all sessions made from this
1067 * server.
1068 */
1069 memcpy(server->preauth_sha_hash, ses->preauth_sha_hash,
1070 SMB2_PREAUTH_HASH_SIZE);
1071
1072 /* SMB2 only has an extended negflavor */
1073 server->negflavor = CIFS_NEGFLAVOR_EXTENDED;
1074 /* set it to the maximum buffer size value we can send with 1 credit */
1075 server->maxBuf = min_t(unsigned int, le32_to_cpu(rsp->MaxTransactSize),
1076 SMB2_MAX_BUFFER_SIZE);
1077 server->max_read = le32_to_cpu(rsp->MaxReadSize);
1078 server->max_write = le32_to_cpu(rsp->MaxWriteSize);
1079 server->sec_mode = le16_to_cpu(rsp->SecurityMode);
1080 if ((server->sec_mode & SMB2_SEC_MODE_FLAGS_ALL) != server->sec_mode)
1081 cifs_dbg(FYI, "Server returned unexpected security mode 0x%x\n",
1082 server->sec_mode);
1083 server->capabilities = le32_to_cpu(rsp->Capabilities);
1084 /* Internal types */
1085 server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES;
1086
1087 /*
1088 * SMB3.0 supports only 1 cipher and doesn't have a encryption neg context
1089 * Set the cipher type manually.
1090 */
1091 if (server->dialect == SMB30_PROT_ID && (server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
1092 server->cipher_type = SMB2_ENCRYPTION_AES128_CCM;
1093
1094 security_blob = smb2_get_data_area_len(&blob_offset, &blob_length,
1095 (struct smb2_hdr *)rsp);
1096 /*
1097 * See MS-SMB2 section 2.2.4: if no blob, client picks default which
1098 * for us will be
1099 * ses->sectype = RawNTLMSSP;
1100 * but for time being this is our only auth choice so doesn't matter.
1101 * We just found a server which sets blob length to zero expecting raw.
1102 */
1103 if (blob_length == 0) {
1104 cifs_dbg(FYI, "missing security blob on negprot\n");
1105 server->sec_ntlmssp = true;
1106 }
1107
1108 rc = cifs_enable_signing(server, ses->sign);
1109 if (rc)
1110 goto neg_exit;
1111 if (blob_length) {
1112 rc = decode_negTokenInit(security_blob, blob_length, server);
1113 if (rc == 1)
1114 rc = 0;
1115 else if (rc == 0)
1116 rc = -EIO;
1117 }
1118
1119 if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) {
1120 if (rsp->NegotiateContextCount)
1121 rc = smb311_decode_neg_context(rsp, server,
1122 rsp_iov.iov_len);
1123 else
1124 cifs_server_dbg(VFS, "Missing expected negotiate contexts\n");
1125 }
1126 neg_exit:
1127 free_rsp_buf(resp_buftype, rsp);
1128 return rc;
1129 }
1130
1131 int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon)
1132 {
1133 int rc;
1134 struct validate_negotiate_info_req *pneg_inbuf;
1135 struct validate_negotiate_info_rsp *pneg_rsp = NULL;
1136 u32 rsplen;
1137 u32 inbuflen; /* max of 4 dialects */
1138 struct TCP_Server_Info *server = tcon->ses->server;
1139
1140 cifs_dbg(FYI, "validate negotiate\n");
1141
1142 /* In SMB3.11 preauth integrity supersedes validate negotiate */
1143 if (server->dialect == SMB311_PROT_ID)
1144 return 0;
1145
1146 /*
1147 * validation ioctl must be signed, so no point sending this if we
1148 * can not sign it (ie are not known user). Even if signing is not
1149 * required (enabled but not negotiated), in those cases we selectively
1150 * sign just this, the first and only signed request on a connection.
1151 * Having validation of negotiate info helps reduce attack vectors.
1152 */
1153 if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST)
1154 return 0; /* validation requires signing */
1155
1156 if (tcon->ses->user_name == NULL) {
1157 cifs_dbg(FYI, "Can't validate negotiate: null user mount\n");
1158 return 0; /* validation requires signing */
1159 }
1160
1161 if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_NULL)
1162 cifs_tcon_dbg(VFS, "Unexpected null user (anonymous) auth flag sent by server\n");
1163
1164 pneg_inbuf = kmalloc(sizeof(*pneg_inbuf), GFP_NOFS);
1165 if (!pneg_inbuf)
1166 return -ENOMEM;
1167
1168 pneg_inbuf->Capabilities =
1169 cpu_to_le32(server->vals->req_capabilities);
1170 if (tcon->ses->chan_max > 1)
1171 pneg_inbuf->Capabilities |= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL);
1172
1173 memcpy(pneg_inbuf->Guid, server->client_guid,
1174 SMB2_CLIENT_GUID_SIZE);
1175
1176 if (tcon->ses->sign)
1177 pneg_inbuf->SecurityMode =
1178 cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED);
1179 else if (global_secflags & CIFSSEC_MAY_SIGN)
1180 pneg_inbuf->SecurityMode =
1181 cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED);
1182 else
1183 pneg_inbuf->SecurityMode = 0;
1184
1185
1186 if (strcmp(server->vals->version_string,
1187 SMB3ANY_VERSION_STRING) == 0) {
1188 pneg_inbuf->Dialects[0] = cpu_to_le16(SMB30_PROT_ID);
1189 pneg_inbuf->Dialects[1] = cpu_to_le16(SMB302_PROT_ID);
1190 pneg_inbuf->Dialects[2] = cpu_to_le16(SMB311_PROT_ID);
1191 pneg_inbuf->DialectCount = cpu_to_le16(3);
1192 /* SMB 2.1 not included so subtract one dialect from len */
1193 inbuflen = sizeof(*pneg_inbuf) -
1194 (sizeof(pneg_inbuf->Dialects[0]));
1195 } else if (strcmp(server->vals->version_string,
1196 SMBDEFAULT_VERSION_STRING) == 0) {
1197 pneg_inbuf->Dialects[0] = cpu_to_le16(SMB21_PROT_ID);
1198 pneg_inbuf->Dialects[1] = cpu_to_le16(SMB30_PROT_ID);
1199 pneg_inbuf->Dialects[2] = cpu_to_le16(SMB302_PROT_ID);
1200 pneg_inbuf->Dialects[3] = cpu_to_le16(SMB311_PROT_ID);
1201 pneg_inbuf->DialectCount = cpu_to_le16(4);
1202 /* structure is big enough for 4 dialects */
1203 inbuflen = sizeof(*pneg_inbuf);
1204 } else {
1205 /* otherwise specific dialect was requested */
1206 pneg_inbuf->Dialects[0] =
1207 cpu_to_le16(server->vals->protocol_id);
1208 pneg_inbuf->DialectCount = cpu_to_le16(1);
1209 /* structure is big enough for 4 dialects, sending only 1 */
1210 inbuflen = sizeof(*pneg_inbuf) -
1211 sizeof(pneg_inbuf->Dialects[0]) * 3;
1212 }
1213
1214 rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID,
1215 FSCTL_VALIDATE_NEGOTIATE_INFO,
1216 (char *)pneg_inbuf, inbuflen, CIFSMaxBufSize,
1217 (char **)&pneg_rsp, &rsplen);
1218 if (rc == -EOPNOTSUPP) {
1219 /*
1220 * Old Windows versions or Netapp SMB server can return
1221 * not supported error. Client should accept it.
1222 */
1223 cifs_tcon_dbg(VFS, "Server does not support validate negotiate\n");
1224 rc = 0;
1225 goto out_free_inbuf;
1226 } else if (rc != 0) {
1227 cifs_tcon_dbg(VFS, "validate protocol negotiate failed: %d\n",
1228 rc);
1229 rc = -EIO;
1230 goto out_free_inbuf;
1231 }
1232
1233 rc = -EIO;
1234 if (rsplen != sizeof(*pneg_rsp)) {
1235 cifs_tcon_dbg(VFS, "Invalid protocol negotiate response size: %d\n",
1236 rsplen);
1237
1238 /* relax check since Mac returns max bufsize allowed on ioctl */
1239 if (rsplen > CIFSMaxBufSize || rsplen < sizeof(*pneg_rsp))
1240 goto out_free_rsp;
1241 }
1242
1243 /* check validate negotiate info response matches what we got earlier */
1244 if (pneg_rsp->Dialect != cpu_to_le16(server->dialect))
1245 goto vneg_out;
1246
1247 if (pneg_rsp->SecurityMode != cpu_to_le16(server->sec_mode))
1248 goto vneg_out;
1249
1250 /* do not validate server guid because not saved at negprot time yet */
1251
1252 if ((le32_to_cpu(pneg_rsp->Capabilities) | SMB2_NT_FIND |
1253 SMB2_LARGE_FILES) != server->capabilities)
1254 goto vneg_out;
1255
1256 /* validate negotiate successful */
1257 rc = 0;
1258 cifs_dbg(FYI, "validate negotiate info successful\n");
1259 goto out_free_rsp;
1260
1261 vneg_out:
1262 cifs_tcon_dbg(VFS, "protocol revalidation - security settings mismatch\n");
1263 out_free_rsp:
1264 kfree(pneg_rsp);
1265 out_free_inbuf:
1266 kfree(pneg_inbuf);
1267 return rc;
1268 }
1269
1270 enum securityEnum
1271 smb2_select_sectype(struct TCP_Server_Info *server, enum securityEnum requested)
1272 {
1273 switch (requested) {
1274 case Kerberos:
1275 case RawNTLMSSP:
1276 return requested;
1277 case NTLMv2:
1278 return RawNTLMSSP;
1279 case Unspecified:
1280 if (server->sec_ntlmssp &&
1281 (global_secflags & CIFSSEC_MAY_NTLMSSP))
1282 return RawNTLMSSP;
1283 if ((server->sec_kerberos || server->sec_mskerberos) &&
1284 (global_secflags & CIFSSEC_MAY_KRB5))
1285 return Kerberos;
1286 fallthrough;
1287 default:
1288 return Unspecified;
1289 }
1290 }
1291
1292 struct SMB2_sess_data {
1293 unsigned int xid;
1294 struct cifs_ses *ses;
1295 struct TCP_Server_Info *server;
1296 struct nls_table *nls_cp;
1297 void (*func)(struct SMB2_sess_data *);
1298 int result;
1299 u64 previous_session;
1300
1301 /* we will send the SMB in three pieces:
1302 * a fixed length beginning part, an optional
1303 * SPNEGO blob (which can be zero length), and a
1304 * last part which will include the strings
1305 * and rest of bcc area. This allows us to avoid
1306 * a large buffer 17K allocation
1307 */
1308 int buf0_type;
1309 struct kvec iov[2];
1310 };
1311
1312 static int
1313 SMB2_sess_alloc_buffer(struct SMB2_sess_data *sess_data)
1314 {
1315 int rc;
1316 struct cifs_ses *ses = sess_data->ses;
1317 struct TCP_Server_Info *server = sess_data->server;
1318 struct smb2_sess_setup_req *req;
1319 unsigned int total_len;
1320 bool is_binding = false;
1321
1322 rc = smb2_plain_req_init(SMB2_SESSION_SETUP, NULL, server,
1323 (void **) &req,
1324 &total_len);
1325 if (rc)
1326 return rc;
1327
1328 spin_lock(&ses->ses_lock);
1329 is_binding = (ses->ses_status == SES_GOOD);
1330 spin_unlock(&ses->ses_lock);
1331
1332 if (is_binding) {
1333 req->hdr.SessionId = cpu_to_le64(ses->Suid);
1334 req->hdr.Flags |= SMB2_FLAGS_SIGNED;
1335 req->PreviousSessionId = 0;
1336 req->Flags = SMB2_SESSION_REQ_FLAG_BINDING;
1337 cifs_dbg(FYI, "Binding to sess id: %llx\n", ses->Suid);
1338 } else {
1339 /* First session, not a reauthenticate */
1340 req->hdr.SessionId = 0;
1341 /*
1342 * if reconnect, we need to send previous sess id
1343 * otherwise it is 0
1344 */
1345 req->PreviousSessionId = cpu_to_le64(sess_data->previous_session);
1346 req->Flags = 0; /* MBZ */
1347 cifs_dbg(FYI, "Fresh session. Previous: %llx\n",
1348 sess_data->previous_session);
1349 }
1350
1351 /* enough to enable echos and oplocks and one max size write */
1352 if (server->credits >= server->max_credits)
1353 req->hdr.CreditRequest = cpu_to_le16(0);
1354 else
1355 req->hdr.CreditRequest = cpu_to_le16(
1356 min_t(int, server->max_credits -
1357 server->credits, 130));
1358
1359 /* only one of SMB2 signing flags may be set in SMB2 request */
1360 if (server->sign)
1361 req->SecurityMode = SMB2_NEGOTIATE_SIGNING_REQUIRED;
1362 else if (global_secflags & CIFSSEC_MAY_SIGN) /* one flag unlike MUST_ */
1363 req->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED;
1364 else
1365 req->SecurityMode = 0;
1366
1367 #ifdef CONFIG_CIFS_DFS_UPCALL
1368 req->Capabilities = cpu_to_le32(SMB2_GLOBAL_CAP_DFS);
1369 #else
1370 req->Capabilities = 0;
1371 #endif /* DFS_UPCALL */
1372
1373 req->Channel = 0; /* MBZ */
1374
1375 sess_data->iov[0].iov_base = (char *)req;
1376 /* 1 for pad */
1377 sess_data->iov[0].iov_len = total_len - 1;
1378 /*
1379 * This variable will be used to clear the buffer
1380 * allocated above in case of any error in the calling function.
1381 */
1382 sess_data->buf0_type = CIFS_SMALL_BUFFER;
1383
1384 return 0;
1385 }
1386
1387 static void
1388 SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
1389 {
1390 struct kvec *iov = sess_data->iov;
1391
1392 /* iov[1] is already freed by caller */
1393 if (sess_data->buf0_type != CIFS_NO_BUFFER && iov[0].iov_base)
1394 memzero_explicit(iov[0].iov_base, iov[0].iov_len);
1395
1396 free_rsp_buf(sess_data->buf0_type, iov[0].iov_base);
1397 sess_data->buf0_type = CIFS_NO_BUFFER;
1398 }
1399
1400 static int
1401 SMB2_sess_sendreceive(struct SMB2_sess_data *sess_data)
1402 {
1403 int rc;
1404 struct smb_rqst rqst;
1405 struct smb2_sess_setup_req *req = sess_data->iov[0].iov_base;
1406 struct kvec rsp_iov = { NULL, 0 };
1407
1408 /* Testing shows that buffer offset must be at location of Buffer[0] */
1409 req->SecurityBufferOffset =
1410 cpu_to_le16(sizeof(struct smb2_sess_setup_req));
1411 req->SecurityBufferLength = cpu_to_le16(sess_data->iov[1].iov_len);
1412
1413 memset(&rqst, 0, sizeof(struct smb_rqst));
1414 rqst.rq_iov = sess_data->iov;
1415 rqst.rq_nvec = 2;
1416
1417 /* BB add code to build os and lm fields */
1418 rc = cifs_send_recv(sess_data->xid, sess_data->ses,
1419 sess_data->server,
1420 &rqst,
1421 &sess_data->buf0_type,
1422 CIFS_LOG_ERROR | CIFS_SESS_OP, &rsp_iov);
1423 cifs_small_buf_release(sess_data->iov[0].iov_base);
1424 memcpy(&sess_data->iov[0], &rsp_iov, sizeof(struct kvec));
1425
1426 return rc;
1427 }
1428
1429 static int
1430 SMB2_sess_establish_session(struct SMB2_sess_data *sess_data)
1431 {
1432 int rc = 0;
1433 struct cifs_ses *ses = sess_data->ses;
1434 struct TCP_Server_Info *server = sess_data->server;
1435
1436 cifs_server_lock(server);
1437 if (server->ops->generate_signingkey) {
1438 rc = server->ops->generate_signingkey(ses, server);
1439 if (rc) {
1440 cifs_dbg(FYI,
1441 "SMB3 session key generation failed\n");
1442 cifs_server_unlock(server);
1443 return rc;
1444 }
1445 }
1446 if (!server->session_estab) {
1447 server->sequence_number = 0x2;
1448 server->session_estab = true;
1449 }
1450 cifs_server_unlock(server);
1451
1452 cifs_dbg(FYI, "SMB2/3 session established successfully\n");
1453 return rc;
1454 }
1455
1456 #ifdef CONFIG_CIFS_UPCALL
1457 static void
1458 SMB2_auth_kerberos(struct SMB2_sess_data *sess_data)
1459 {
1460 int rc;
1461 struct cifs_ses *ses = sess_data->ses;
1462 struct TCP_Server_Info *server = sess_data->server;
1463 struct cifs_spnego_msg *msg;
1464 struct key *spnego_key = NULL;
1465 struct smb2_sess_setup_rsp *rsp = NULL;
1466 bool is_binding = false;
1467
1468 rc = SMB2_sess_alloc_buffer(sess_data);
1469 if (rc)
1470 goto out;
1471
1472 spnego_key = cifs_get_spnego_key(ses, server);
1473 if (IS_ERR(spnego_key)) {
1474 rc = PTR_ERR(spnego_key);
1475 if (rc == -ENOKEY)
1476 cifs_dbg(VFS, "Verify user has a krb5 ticket and keyutils is installed\n");
1477 spnego_key = NULL;
1478 goto out;
1479 }
1480
1481 msg = spnego_key->payload.data[0];
1482 /*
1483 * check version field to make sure that cifs.upcall is
1484 * sending us a response in an expected form
1485 */
1486 if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
1487 cifs_dbg(VFS, "bad cifs.upcall version. Expected %d got %d\n",
1488 CIFS_SPNEGO_UPCALL_VERSION, msg->version);
1489 rc = -EKEYREJECTED;
1490 goto out_put_spnego_key;
1491 }
1492
1493 spin_lock(&ses->ses_lock);
1494 is_binding = (ses->ses_status == SES_GOOD);
1495 spin_unlock(&ses->ses_lock);
1496
1497 /* keep session key if binding */
1498 if (!is_binding) {
1499 kfree_sensitive(ses->auth_key.response);
1500 ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,
1501 GFP_KERNEL);
1502 if (!ses->auth_key.response) {
1503 cifs_dbg(VFS, "Kerberos can't allocate (%u bytes) memory\n",
1504 msg->sesskey_len);
1505 rc = -ENOMEM;
1506 goto out_put_spnego_key;
1507 }
1508 ses->auth_key.len = msg->sesskey_len;
1509 }
1510
1511 sess_data->iov[1].iov_base = msg->data + msg->sesskey_len;
1512 sess_data->iov[1].iov_len = msg->secblob_len;
1513
1514 rc = SMB2_sess_sendreceive(sess_data);
1515 if (rc)
1516 goto out_put_spnego_key;
1517
1518 rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base;
1519 /* keep session id and flags if binding */
1520 if (!is_binding) {
1521 ses->Suid = le64_to_cpu(rsp->hdr.SessionId);
1522 ses->session_flags = le16_to_cpu(rsp->SessionFlags);
1523 }
1524
1525 rc = SMB2_sess_establish_session(sess_data);
1526 out_put_spnego_key:
1527 key_invalidate(spnego_key);
1528 key_put(spnego_key);
1529 if (rc) {
1530 kfree_sensitive(ses->auth_key.response);
1531 ses->auth_key.response = NULL;
1532 ses->auth_key.len = 0;
1533 }
1534 out:
1535 sess_data->result = rc;
1536 sess_data->func = NULL;
1537 SMB2_sess_free_buffer(sess_data);
1538 }
1539 #else
1540 static void
1541 SMB2_auth_kerberos(struct SMB2_sess_data *sess_data)
1542 {
1543 cifs_dbg(VFS, "Kerberos negotiated but upcall support disabled!\n");
1544 sess_data->result = -EOPNOTSUPP;
1545 sess_data->func = NULL;
1546 }
1547 #endif
1548
1549 static void
1550 SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data);
1551
1552 static void
1553 SMB2_sess_auth_rawntlmssp_negotiate(struct SMB2_sess_data *sess_data)
1554 {
1555 int rc;
1556 struct cifs_ses *ses = sess_data->ses;
1557 struct TCP_Server_Info *server = sess_data->server;
1558 struct smb2_sess_setup_rsp *rsp = NULL;
1559 unsigned char *ntlmssp_blob = NULL;
1560 bool use_spnego = false; /* else use raw ntlmssp */
1561 u16 blob_length = 0;
1562 bool is_binding = false;
1563
1564 /*
1565 * If memory allocation is successful, caller of this function
1566 * frees it.
1567 */
1568 ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
1569 if (!ses->ntlmssp) {
1570 rc = -ENOMEM;
1571 goto out_err;
1572 }
1573 ses->ntlmssp->sesskey_per_smbsess = true;
1574
1575 rc = SMB2_sess_alloc_buffer(sess_data);
1576 if (rc)
1577 goto out_err;
1578
1579 rc = build_ntlmssp_smb3_negotiate_blob(&ntlmssp_blob,
1580 &blob_length, ses, server,
1581 sess_data->nls_cp);
1582 if (rc)
1583 goto out;
1584
1585 if (use_spnego) {
1586 /* BB eventually need to add this */
1587 cifs_dbg(VFS, "spnego not supported for SMB2 yet\n");
1588 rc = -EOPNOTSUPP;
1589 goto out;
1590 }
1591 sess_data->iov[1].iov_base = ntlmssp_blob;
1592 sess_data->iov[1].iov_len = blob_length;
1593
1594 rc = SMB2_sess_sendreceive(sess_data);
1595 rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base;
1596
1597 /* If true, rc here is expected and not an error */
1598 if (sess_data->buf0_type != CIFS_NO_BUFFER &&
1599 rsp->hdr.Status == STATUS_MORE_PROCESSING_REQUIRED)
1600 rc = 0;
1601
1602 if (rc)
1603 goto out;
1604
1605 if (offsetof(struct smb2_sess_setup_rsp, Buffer) !=
1606 le16_to_cpu(rsp->SecurityBufferOffset)) {
1607 cifs_dbg(VFS, "Invalid security buffer offset %d\n",
1608 le16_to_cpu(rsp->SecurityBufferOffset));
1609 rc = -EIO;
1610 goto out;
1611 }
1612 rc = decode_ntlmssp_challenge(rsp->Buffer,
1613 le16_to_cpu(rsp->SecurityBufferLength), ses);
1614 if (rc)
1615 goto out;
1616
1617 cifs_dbg(FYI, "rawntlmssp session setup challenge phase\n");
1618
1619 spin_lock(&ses->ses_lock);
1620 is_binding = (ses->ses_status == SES_GOOD);
1621 spin_unlock(&ses->ses_lock);
1622
1623 /* keep existing ses id and flags if binding */
1624 if (!is_binding) {
1625 ses->Suid = le64_to_cpu(rsp->hdr.SessionId);
1626 ses->session_flags = le16_to_cpu(rsp->SessionFlags);
1627 }
1628
1629 out:
1630 kfree_sensitive(ntlmssp_blob);
1631 SMB2_sess_free_buffer(sess_data);
1632 if (!rc) {
1633 sess_data->result = 0;
1634 sess_data->func = SMB2_sess_auth_rawntlmssp_authenticate;
1635 return;
1636 }
1637 out_err:
1638 kfree_sensitive(ses->ntlmssp);
1639 ses->ntlmssp = NULL;
1640 sess_data->result = rc;
1641 sess_data->func = NULL;
1642 }
1643
1644 static void
1645 SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data)
1646 {
1647 int rc;
1648 struct cifs_ses *ses = sess_data->ses;
1649 struct TCP_Server_Info *server = sess_data->server;
1650 struct smb2_sess_setup_req *req;
1651 struct smb2_sess_setup_rsp *rsp = NULL;
1652 unsigned char *ntlmssp_blob = NULL;
1653 bool use_spnego = false; /* else use raw ntlmssp */
1654 u16 blob_length = 0;
1655 bool is_binding = false;
1656
1657 rc = SMB2_sess_alloc_buffer(sess_data);
1658 if (rc)
1659 goto out;
1660
1661 req = (struct smb2_sess_setup_req *) sess_data->iov[0].iov_base;
1662 req->hdr.SessionId = cpu_to_le64(ses->Suid);
1663
1664 rc = build_ntlmssp_auth_blob(&ntlmssp_blob, &blob_length,
1665 ses, server,
1666 sess_data->nls_cp);
1667 if (rc) {
1668 cifs_dbg(FYI, "build_ntlmssp_auth_blob failed %d\n", rc);
1669 goto out;
1670 }
1671
1672 if (use_spnego) {
1673 /* BB eventually need to add this */
1674 cifs_dbg(VFS, "spnego not supported for SMB2 yet\n");
1675 rc = -EOPNOTSUPP;
1676 goto out;
1677 }
1678 sess_data->iov[1].iov_base = ntlmssp_blob;
1679 sess_data->iov[1].iov_len = blob_length;
1680
1681 rc = SMB2_sess_sendreceive(sess_data);
1682 if (rc)
1683 goto out;
1684
1685 rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base;
1686
1687 spin_lock(&ses->ses_lock);
1688 is_binding = (ses->ses_status == SES_GOOD);
1689 spin_unlock(&ses->ses_lock);
1690
1691 /* keep existing ses id and flags if binding */
1692 if (!is_binding) {
1693 ses->Suid = le64_to_cpu(rsp->hdr.SessionId);
1694 ses->session_flags = le16_to_cpu(rsp->SessionFlags);
1695 }
1696
1697 rc = SMB2_sess_establish_session(sess_data);
1698 #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS
1699 if (ses->server->dialect < SMB30_PROT_ID) {
1700 cifs_dbg(VFS, "%s: dumping generated SMB2 session keys\n", __func__);
1701 /*
1702 * The session id is opaque in terms of endianness, so we can't
1703 * print it as a long long. we dump it as we got it on the wire
1704 */
1705 cifs_dbg(VFS, "Session Id %*ph\n", (int)sizeof(ses->Suid),
1706 &ses->Suid);
1707 cifs_dbg(VFS, "Session Key %*ph\n",
1708 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response);
1709 cifs_dbg(VFS, "Signing Key %*ph\n",
1710 SMB3_SIGN_KEY_SIZE, ses->auth_key.response);
1711 }
1712 #endif
1713 out:
1714 kfree_sensitive(ntlmssp_blob);
1715 SMB2_sess_free_buffer(sess_data);
1716 kfree_sensitive(ses->ntlmssp);
1717 ses->ntlmssp = NULL;
1718 sess_data->result = rc;
1719 sess_data->func = NULL;
1720 }
1721
1722 static int
1723 SMB2_select_sec(struct SMB2_sess_data *sess_data)
1724 {
1725 int type;
1726 struct cifs_ses *ses = sess_data->ses;
1727 struct TCP_Server_Info *server = sess_data->server;
1728
1729 type = smb2_select_sectype(server, ses->sectype);
1730 cifs_dbg(FYI, "sess setup type %d\n", type);
1731 if (type == Unspecified) {
1732 cifs_dbg(VFS, "Unable to select appropriate authentication method!\n");
1733 return -EINVAL;
1734 }
1735
1736 switch (type) {
1737 case Kerberos:
1738 sess_data->func = SMB2_auth_kerberos;
1739 break;
1740 case RawNTLMSSP:
1741 sess_data->func = SMB2_sess_auth_rawntlmssp_negotiate;
1742 break;
1743 default:
1744 cifs_dbg(VFS, "secType %d not supported!\n", type);
1745 return -EOPNOTSUPP;
1746 }
1747
1748 return 0;
1749 }
1750
1751 int
1752 SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
1753 struct TCP_Server_Info *server,
1754 const struct nls_table *nls_cp)
1755 {
1756 int rc = 0;
1757 struct SMB2_sess_data *sess_data;
1758
1759 cifs_dbg(FYI, "Session Setup\n");
1760
1761 if (!server) {
1762 WARN(1, "%s: server is NULL!\n", __func__);
1763 return -EIO;
1764 }
1765
1766 sess_data = kzalloc(sizeof(struct SMB2_sess_data), GFP_KERNEL);
1767 if (!sess_data)
1768 return -ENOMEM;
1769
1770 sess_data->xid = xid;
1771 sess_data->ses = ses;
1772 sess_data->server = server;
1773 sess_data->buf0_type = CIFS_NO_BUFFER;
1774 sess_data->nls_cp = (struct nls_table *) nls_cp;
1775 sess_data->previous_session = ses->Suid;
1776
1777 rc = SMB2_select_sec(sess_data);
1778 if (rc)
1779 goto out;
1780
1781 /*
1782 * Initialize the session hash with the server one.
1783 */
1784 memcpy(ses->preauth_sha_hash, server->preauth_sha_hash,
1785 SMB2_PREAUTH_HASH_SIZE);
1786
1787 while (sess_data->func)
1788 sess_data->func(sess_data);
1789
1790 if ((ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST) && (ses->sign))
1791 cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
1792 rc = sess_data->result;
1793 out:
1794 kfree_sensitive(sess_data);
1795 return rc;
1796 }
1797
1798 int
1799 SMB2_logoff(const unsigned int xid, struct cifs_ses *ses)
1800 {
1801 struct smb_rqst rqst;
1802 struct smb2_logoff_req *req; /* response is also trivial struct */
1803 int rc = 0;
1804 struct TCP_Server_Info *server;
1805 int flags = 0;
1806 unsigned int total_len;
1807 struct kvec iov[1];
1808 struct kvec rsp_iov;
1809 int resp_buf_type;
1810
1811 cifs_dbg(FYI, "disconnect session %p\n", ses);
1812
1813 if (ses && (ses->server))
1814 server = ses->server;
1815 else
1816 return -EIO;
1817
1818 /* no need to send SMB logoff if uid already closed due to reconnect */
1819 spin_lock(&ses->chan_lock);
1820 if (CIFS_ALL_CHANS_NEED_RECONNECT(ses)) {
1821 spin_unlock(&ses->chan_lock);
1822 goto smb2_session_already_dead;
1823 }
1824 spin_unlock(&ses->chan_lock);
1825
1826 rc = smb2_plain_req_init(SMB2_LOGOFF, NULL, ses->server,
1827 (void **) &req, &total_len);
1828 if (rc)
1829 return rc;
1830
1831 /* since no tcon, smb2_init can not do this, so do here */
1832 req->hdr.SessionId = cpu_to_le64(ses->Suid);
1833
1834 if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA)
1835 flags |= CIFS_TRANSFORM_REQ;
1836 else if (server->sign)
1837 req->hdr.Flags |= SMB2_FLAGS_SIGNED;
1838
1839 flags |= CIFS_NO_RSP_BUF;
1840
1841 iov[0].iov_base = (char *)req;
1842 iov[0].iov_len = total_len;
1843
1844 memset(&rqst, 0, sizeof(struct smb_rqst));
1845 rqst.rq_iov = iov;
1846 rqst.rq_nvec = 1;
1847
1848 rc = cifs_send_recv(xid, ses, ses->server,
1849 &rqst, &resp_buf_type, flags, &rsp_iov);
1850 cifs_small_buf_release(req);
1851 /*
1852 * No tcon so can't do
1853 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
1854 */
1855
1856 smb2_session_already_dead:
1857 return rc;
1858 }
1859
1860 static inline void cifs_stats_fail_inc(struct cifs_tcon *tcon, uint16_t code)
1861 {
1862 cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_failed[code]);
1863 }
1864
1865 #define MAX_SHARENAME_LENGTH (255 /* server */ + 80 /* share */ + 1 /* NULL */)
1866
1867 /* These are similar values to what Windows uses */
1868 static inline void init_copy_chunk_defaults(struct cifs_tcon *tcon)
1869 {
1870 tcon->max_chunks = 256;
1871 tcon->max_bytes_chunk = 1048576;
1872 tcon->max_bytes_copy = 16777216;
1873 }
1874
1875 int
1876 SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree,
1877 struct cifs_tcon *tcon, const struct nls_table *cp)
1878 {
1879 struct smb_rqst rqst;
1880 struct smb2_tree_connect_req *req;
1881 struct smb2_tree_connect_rsp *rsp = NULL;
1882 struct kvec iov[2];
1883 struct kvec rsp_iov = { NULL, 0 };
1884 int rc = 0;
1885 int resp_buftype;
1886 int unc_path_len;
1887 __le16 *unc_path = NULL;
1888 int flags = 0;
1889 unsigned int total_len;
1890 struct TCP_Server_Info *server;
1891
1892 /* always use master channel */
1893 server = ses->server;
1894
1895 cifs_dbg(FYI, "TCON\n");
1896
1897 if (!server || !tree)
1898 return -EIO;
1899
1900 unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL);
1901 if (unc_path == NULL)
1902 return -ENOMEM;
1903
1904 unc_path_len = cifs_strtoUTF16(unc_path, tree, strlen(tree), cp);
1905 if (unc_path_len <= 0) {
1906 kfree(unc_path);
1907 return -EINVAL;
1908 }
1909 unc_path_len *= 2;
1910
1911 /* SMB2 TREE_CONNECT request must be called with TreeId == 0 */
1912 tcon->tid = 0;
1913 atomic_set(&tcon->num_remote_opens, 0);
1914 rc = smb2_plain_req_init(SMB2_TREE_CONNECT, tcon, server,
1915 (void **) &req, &total_len);
1916 if (rc) {
1917 kfree(unc_path);
1918 return rc;
1919 }
1920
1921 if (smb3_encryption_required(tcon))
1922 flags |= CIFS_TRANSFORM_REQ;
1923
1924 iov[0].iov_base = (char *)req;
1925 /* 1 for pad */
1926 iov[0].iov_len = total_len - 1;
1927
1928 /* Testing shows that buffer offset must be at location of Buffer[0] */
1929 req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req));
1930 req->PathLength = cpu_to_le16(unc_path_len);
1931 iov[1].iov_base = unc_path;
1932 iov[1].iov_len = unc_path_len;
1933
1934 /*
1935 * 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1
1936 * unless it is guest or anonymous user. See MS-SMB2 3.2.5.3.1
1937 * (Samba servers don't always set the flag so also check if null user)
1938 */
1939 if ((server->dialect == SMB311_PROT_ID) &&
1940 !smb3_encryption_required(tcon) &&
1941 !(ses->session_flags &
1942 (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL)) &&
1943 ((ses->user_name != NULL) || (ses->sectype == Kerberos)))
1944 req->hdr.Flags |= SMB2_FLAGS_SIGNED;
1945
1946 memset(&rqst, 0, sizeof(struct smb_rqst));
1947 rqst.rq_iov = iov;
1948 rqst.rq_nvec = 2;
1949
1950 /* Need 64 for max size write so ask for more in case not there yet */
1951 if (server->credits >= server->max_credits)
1952 req->hdr.CreditRequest = cpu_to_le16(0);
1953 else
1954 req->hdr.CreditRequest = cpu_to_le16(
1955 min_t(int, server->max_credits -
1956 server->credits, 64));
1957
1958 rc = cifs_send_recv(xid, ses, server,
1959 &rqst, &resp_buftype, flags, &rsp_iov);
1960 cifs_small_buf_release(req);
1961 rsp = (struct smb2_tree_connect_rsp *)rsp_iov.iov_base;
1962 trace_smb3_tcon(xid, tcon->tid, ses->Suid, tree, rc);
1963 if ((rc != 0) || (rsp == NULL)) {
1964 cifs_stats_fail_inc(tcon, SMB2_TREE_CONNECT_HE);
1965 tcon->need_reconnect = true;
1966 goto tcon_error_exit;
1967 }
1968
1969 switch (rsp->ShareType) {
1970 case SMB2_SHARE_TYPE_DISK:
1971 cifs_dbg(FYI, "connection to disk share\n");
1972 break;
1973 case SMB2_SHARE_TYPE_PIPE:
1974 tcon->pipe = true;
1975 cifs_dbg(FYI, "connection to pipe share\n");
1976 break;
1977 case SMB2_SHARE_TYPE_PRINT:
1978 tcon->print = true;
1979 cifs_dbg(FYI, "connection to printer\n");
1980 break;
1981 default:
1982 cifs_server_dbg(VFS, "unknown share type %d\n", rsp->ShareType);
1983 rc = -EOPNOTSUPP;
1984 goto tcon_error_exit;
1985 }
1986
1987 tcon->share_flags = le32_to_cpu(rsp->ShareFlags);
1988 tcon->capabilities = rsp->Capabilities; /* we keep caps little endian */
1989 tcon->maximal_access = le32_to_cpu(rsp->MaximalAccess);
1990 tcon->tid = le32_to_cpu(rsp->hdr.Id.SyncId.TreeId);
1991 strscpy(tcon->tree_name, tree, sizeof(tcon->tree_name));
1992
1993 if ((rsp->Capabilities & SMB2_SHARE_CAP_DFS) &&
1994 ((tcon->share_flags & SHI1005_FLAGS_DFS) == 0))
1995 cifs_tcon_dbg(VFS, "DFS capability contradicts DFS flag\n");
1996
1997 if (tcon->seal &&
1998 !(server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
1999 cifs_tcon_dbg(VFS, "Encryption is requested but not supported\n");
2000
2001 init_copy_chunk_defaults(tcon);
2002 if (server->ops->validate_negotiate)
2003 rc = server->ops->validate_negotiate(xid, tcon);
2004 if (rc == 0) /* See MS-SMB2 2.2.10 and 3.2.5.5 */
2005 if (tcon->share_flags & SMB2_SHAREFLAG_ISOLATED_TRANSPORT)
2006 server->nosharesock = true;
2007 tcon_exit:
2008
2009 free_rsp_buf(resp_buftype, rsp);
2010 kfree(unc_path);
2011 return rc;
2012
2013 tcon_error_exit:
2014 if (rsp && rsp->hdr.Status == STATUS_BAD_NETWORK_NAME)
2015 cifs_tcon_dbg(VFS, "BAD_NETWORK_NAME: %s\n", tree);
2016 goto tcon_exit;
2017 }
2018
2019 int
2020 SMB2_tdis(const unsigned int xid, struct cifs_tcon *tcon)
2021 {
2022 struct smb_rqst rqst;
2023 struct smb2_tree_disconnect_req *req; /* response is trivial */
2024 int rc = 0;
2025 struct cifs_ses *ses = tcon->ses;
2026 int flags = 0;
2027 unsigned int total_len;
2028 struct kvec iov[1];
2029 struct kvec rsp_iov;
2030 int resp_buf_type;
2031
2032 cifs_dbg(FYI, "Tree Disconnect\n");
2033
2034 if (!ses || !(ses->server))
2035 return -EIO;
2036
2037 trace_smb3_tdis_enter(xid, tcon->tid, ses->Suid, tcon->tree_name);
2038 spin_lock(&ses->chan_lock);
2039 if ((tcon->need_reconnect) ||
2040 (CIFS_ALL_CHANS_NEED_RECONNECT(tcon->ses))) {
2041 spin_unlock(&ses->chan_lock);
2042 return 0;
2043 }
2044 spin_unlock(&ses->chan_lock);
2045
2046 invalidate_all_cached_dirs(tcon);
2047
2048 rc = smb2_plain_req_init(SMB2_TREE_DISCONNECT, tcon, ses->server,
2049 (void **) &req,
2050 &total_len);
2051 if (rc)
2052 return rc;
2053
2054 if (smb3_encryption_required(tcon))
2055 flags |= CIFS_TRANSFORM_REQ;
2056
2057 flags |= CIFS_NO_RSP_BUF;
2058
2059 iov[0].iov_base = (char *)req;
2060 iov[0].iov_len = total_len;
2061
2062 memset(&rqst, 0, sizeof(struct smb_rqst));
2063 rqst.rq_iov = iov;
2064 rqst.rq_nvec = 1;
2065
2066 rc = cifs_send_recv(xid, ses, ses->server,
2067 &rqst, &resp_buf_type, flags, &rsp_iov);
2068 cifs_small_buf_release(req);
2069 if (rc) {
2070 cifs_stats_fail_inc(tcon, SMB2_TREE_DISCONNECT_HE);
2071 trace_smb3_tdis_err(xid, tcon->tid, ses->Suid, rc);
2072 }
2073 trace_smb3_tdis_done(xid, tcon->tid, ses->Suid);
2074
2075 return rc;
2076 }
2077
2078
2079 static struct create_durable *
2080 create_durable_buf(void)
2081 {
2082 struct create_durable *buf;
2083
2084 buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL);
2085 if (!buf)
2086 return NULL;
2087
2088 buf->ccontext.DataOffset = cpu_to_le16(offsetof
2089 (struct create_durable, Data));
2090 buf->ccontext.DataLength = cpu_to_le32(16);
2091 buf->ccontext.NameOffset = cpu_to_le16(offsetof
2092 (struct create_durable, Name));
2093 buf->ccontext.NameLength = cpu_to_le16(4);
2094 /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DHnQ" */
2095 buf->Name[0] = 'D';
2096 buf->Name[1] = 'H';
2097 buf->Name[2] = 'n';
2098 buf->Name[3] = 'Q';
2099 return buf;
2100 }
2101
2102 static struct create_durable *
2103 create_reconnect_durable_buf(struct cifs_fid *fid)
2104 {
2105 struct create_durable *buf;
2106
2107 buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL);
2108 if (!buf)
2109 return NULL;
2110
2111 buf->ccontext.DataOffset = cpu_to_le16(offsetof
2112 (struct create_durable, Data));
2113 buf->ccontext.DataLength = cpu_to_le32(16);
2114 buf->ccontext.NameOffset = cpu_to_le16(offsetof
2115 (struct create_durable, Name));
2116 buf->ccontext.NameLength = cpu_to_le16(4);
2117 buf->Data.Fid.PersistentFileId = fid->persistent_fid;
2118 buf->Data.Fid.VolatileFileId = fid->volatile_fid;
2119 /* SMB2_CREATE_DURABLE_HANDLE_RECONNECT is "DHnC" */
2120 buf->Name[0] = 'D';
2121 buf->Name[1] = 'H';
2122 buf->Name[2] = 'n';
2123 buf->Name[3] = 'C';
2124 return buf;
2125 }
2126
2127 static void
2128 parse_query_id_ctxt(struct create_context *cc, struct smb2_file_all_info *buf)
2129 {
2130 struct create_disk_id_rsp *pdisk_id = (struct create_disk_id_rsp *)cc;
2131
2132 cifs_dbg(FYI, "parse query id context 0x%llx 0x%llx\n",
2133 pdisk_id->DiskFileId, pdisk_id->VolumeId);
2134 buf->IndexNumber = pdisk_id->DiskFileId;
2135 }
2136
2137 static void
2138 parse_posix_ctxt(struct create_context *cc, struct smb2_file_all_info *info,
2139 struct create_posix_rsp *posix)
2140 {
2141 int sid_len;
2142 u8 *beg = (u8 *)cc + le16_to_cpu(cc->DataOffset);
2143 u8 *end = beg + le32_to_cpu(cc->DataLength);
2144 u8 *sid;
2145
2146 memset(posix, 0, sizeof(*posix));
2147
2148 posix->nlink = le32_to_cpu(*(__le32 *)(beg + 0));
2149 posix->reparse_tag = le32_to_cpu(*(__le32 *)(beg + 4));
2150 posix->mode = le32_to_cpu(*(__le32 *)(beg + 8));
2151
2152 sid = beg + 12;
2153 sid_len = posix_info_sid_size(sid, end);
2154 if (sid_len < 0) {
2155 cifs_dbg(VFS, "bad owner sid in posix create response\n");
2156 return;
2157 }
2158 memcpy(&posix->owner, sid, sid_len);
2159
2160 sid = sid + sid_len;
2161 sid_len = posix_info_sid_size(sid, end);
2162 if (sid_len < 0) {
2163 cifs_dbg(VFS, "bad group sid in posix create response\n");
2164 return;
2165 }
2166 memcpy(&posix->group, sid, sid_len);
2167
2168 cifs_dbg(FYI, "nlink=%d mode=%o reparse_tag=%x\n",
2169 posix->nlink, posix->mode, posix->reparse_tag);
2170 }
2171
2172 void
2173 smb2_parse_contexts(struct TCP_Server_Info *server,
2174 struct smb2_create_rsp *rsp,
2175 unsigned int *epoch, char *lease_key, __u8 *oplock,
2176 struct smb2_file_all_info *buf,
2177 struct create_posix_rsp *posix)
2178 {
2179 char *data_offset;
2180 struct create_context *cc;
2181 unsigned int next;
2182 unsigned int remaining;
2183 char *name;
2184 static const char smb3_create_tag_posix[] = {
2185 0x93, 0xAD, 0x25, 0x50, 0x9C,
2186 0xB4, 0x11, 0xE7, 0xB4, 0x23, 0x83,
2187 0xDE, 0x96, 0x8B, 0xCD, 0x7C
2188 };
2189
2190 *oplock = 0;
2191 data_offset = (char *)rsp + le32_to_cpu(rsp->CreateContextsOffset);
2192 remaining = le32_to_cpu(rsp->CreateContextsLength);
2193 cc = (struct create_context *)data_offset;
2194
2195 /* Initialize inode number to 0 in case no valid data in qfid context */
2196 if (buf)
2197 buf->IndexNumber = 0;
2198
2199 while (remaining >= sizeof(struct create_context)) {
2200 name = le16_to_cpu(cc->NameOffset) + (char *)cc;
2201 if (le16_to_cpu(cc->NameLength) == 4 &&
2202 strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4) == 0)
2203 *oplock = server->ops->parse_lease_buf(cc, epoch,
2204 lease_key);
2205 else if (buf && (le16_to_cpu(cc->NameLength) == 4) &&
2206 strncmp(name, SMB2_CREATE_QUERY_ON_DISK_ID, 4) == 0)
2207 parse_query_id_ctxt(cc, buf);
2208 else if ((le16_to_cpu(cc->NameLength) == 16)) {
2209 if (posix &&
2210 memcmp(name, smb3_create_tag_posix, 16) == 0)
2211 parse_posix_ctxt(cc, buf, posix);
2212 }
2213 /* else {
2214 cifs_dbg(FYI, "Context not matched with len %d\n",
2215 le16_to_cpu(cc->NameLength));
2216 cifs_dump_mem("Cctxt name: ", name, 4);
2217 } */
2218
2219 next = le32_to_cpu(cc->Next);
2220 if (!next)
2221 break;
2222 remaining -= next;
2223 cc = (struct create_context *)((char *)cc + next);
2224 }
2225
2226 if (rsp->OplockLevel != SMB2_OPLOCK_LEVEL_LEASE)
2227 *oplock = rsp->OplockLevel;
2228
2229 return;
2230 }
2231
2232 static int
2233 add_lease_context(struct TCP_Server_Info *server,
2234 struct smb2_create_req *req,
2235 struct kvec *iov,
2236 unsigned int *num_iovec, u8 *lease_key, __u8 *oplock)
2237 {
2238 unsigned int num = *num_iovec;
2239
2240 iov[num].iov_base = server->ops->create_lease_buf(lease_key, *oplock);
2241 if (iov[num].iov_base == NULL)
2242 return -ENOMEM;
2243 iov[num].iov_len = server->vals->create_lease_size;
2244 req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_LEASE;
2245 *num_iovec = num + 1;
2246 return 0;
2247 }
2248
2249 static struct create_durable_v2 *
2250 create_durable_v2_buf(struct cifs_open_parms *oparms)
2251 {
2252 struct cifs_fid *pfid = oparms->fid;
2253 struct create_durable_v2 *buf;
2254
2255 buf = kzalloc(sizeof(struct create_durable_v2), GFP_KERNEL);
2256 if (!buf)
2257 return NULL;
2258
2259 buf->ccontext.DataOffset = cpu_to_le16(offsetof
2260 (struct create_durable_v2, dcontext));
2261 buf->ccontext.DataLength = cpu_to_le32(sizeof(struct durable_context_v2));
2262 buf->ccontext.NameOffset = cpu_to_le16(offsetof
2263 (struct create_durable_v2, Name));
2264 buf->ccontext.NameLength = cpu_to_le16(4);
2265
2266 /*
2267 * NB: Handle timeout defaults to 0, which allows server to choose
2268 * (most servers default to 120 seconds) and most clients default to 0.
2269 * This can be overridden at mount ("handletimeout=") if the user wants
2270 * a different persistent (or resilient) handle timeout for all opens
2271 * on a particular SMB3 mount.
2272 */
2273 buf->dcontext.Timeout = cpu_to_le32(oparms->tcon->handle_timeout);
2274 buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT);
2275 generate_random_uuid(buf->dcontext.CreateGuid);
2276 memcpy(pfid->create_guid, buf->dcontext.CreateGuid, 16);
2277
2278 /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DH2Q" */
2279 buf->Name[0] = 'D';
2280 buf->Name[1] = 'H';
2281 buf->Name[2] = '2';
2282 buf->Name[3] = 'Q';
2283 return buf;
2284 }
2285
2286 static struct create_durable_handle_reconnect_v2 *
2287 create_reconnect_durable_v2_buf(struct cifs_fid *fid)
2288 {
2289 struct create_durable_handle_reconnect_v2 *buf;
2290
2291 buf = kzalloc(sizeof(struct create_durable_handle_reconnect_v2),
2292 GFP_KERNEL);
2293 if (!buf)
2294 return NULL;
2295
2296 buf->ccontext.DataOffset =
2297 cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2,
2298 dcontext));
2299 buf->ccontext.DataLength =
2300 cpu_to_le32(sizeof(struct durable_reconnect_context_v2));
2301 buf->ccontext.NameOffset =
2302 cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2,
2303 Name));
2304 buf->ccontext.NameLength = cpu_to_le16(4);
2305
2306 buf->dcontext.Fid.PersistentFileId = fid->persistent_fid;
2307 buf->dcontext.Fid.VolatileFileId = fid->volatile_fid;
2308 buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT);
2309 memcpy(buf->dcontext.CreateGuid, fid->create_guid, 16);
2310
2311 /* SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 is "DH2C" */
2312 buf->Name[0] = 'D';
2313 buf->Name[1] = 'H';
2314 buf->Name[2] = '2';
2315 buf->Name[3] = 'C';
2316 return buf;
2317 }
2318
2319 static int
2320 add_durable_v2_context(struct kvec *iov, unsigned int *num_iovec,
2321 struct cifs_open_parms *oparms)
2322 {
2323 unsigned int num = *num_iovec;
2324
2325 iov[num].iov_base = create_durable_v2_buf(oparms);
2326 if (iov[num].iov_base == NULL)
2327 return -ENOMEM;
2328 iov[num].iov_len = sizeof(struct create_durable_v2);
2329 *num_iovec = num + 1;
2330 return 0;
2331 }
2332
2333 static int
2334 add_durable_reconnect_v2_context(struct kvec *iov, unsigned int *num_iovec,
2335 struct cifs_open_parms *oparms)
2336 {
2337 unsigned int num = *num_iovec;
2338
2339 /* indicate that we don't need to relock the file */
2340 oparms->reconnect = false;
2341
2342 iov[num].iov_base = create_reconnect_durable_v2_buf(oparms->fid);
2343 if (iov[num].iov_base == NULL)
2344 return -ENOMEM;
2345 iov[num].iov_len = sizeof(struct create_durable_handle_reconnect_v2);
2346 *num_iovec = num + 1;
2347 return 0;
2348 }
2349
2350 static int
2351 add_durable_context(struct kvec *iov, unsigned int *num_iovec,
2352 struct cifs_open_parms *oparms, bool use_persistent)
2353 {
2354 unsigned int num = *num_iovec;
2355
2356 if (use_persistent) {
2357 if (oparms->reconnect)
2358 return add_durable_reconnect_v2_context(iov, num_iovec,
2359 oparms);
2360 else
2361 return add_durable_v2_context(iov, num_iovec, oparms);
2362 }
2363
2364 if (oparms->reconnect) {
2365 iov[num].iov_base = create_reconnect_durable_buf(oparms->fid);
2366 /* indicate that we don't need to relock the file */
2367 oparms->reconnect = false;
2368 } else
2369 iov[num].iov_base = create_durable_buf();
2370 if (iov[num].iov_base == NULL)
2371 return -ENOMEM;
2372 iov[num].iov_len = sizeof(struct create_durable);
2373 *num_iovec = num + 1;
2374 return 0;
2375 }
2376
2377 /* See MS-SMB2 2.2.13.2.7 */
2378 static struct crt_twarp_ctxt *
2379 create_twarp_buf(__u64 timewarp)
2380 {
2381 struct crt_twarp_ctxt *buf;
2382
2383 buf = kzalloc(sizeof(struct crt_twarp_ctxt), GFP_KERNEL);
2384 if (!buf)
2385 return NULL;
2386
2387 buf->ccontext.DataOffset = cpu_to_le16(offsetof
2388 (struct crt_twarp_ctxt, Timestamp));
2389 buf->ccontext.DataLength = cpu_to_le32(8);
2390 buf->ccontext.NameOffset = cpu_to_le16(offsetof
2391 (struct crt_twarp_ctxt, Name));
2392 buf->ccontext.NameLength = cpu_to_le16(4);
2393 /* SMB2_CREATE_TIMEWARP_TOKEN is "TWrp" */
2394 buf->Name[0] = 'T';
2395 buf->Name[1] = 'W';
2396 buf->Name[2] = 'r';
2397 buf->Name[3] = 'p';
2398 buf->Timestamp = cpu_to_le64(timewarp);
2399 return buf;
2400 }
2401
2402 /* See MS-SMB2 2.2.13.2.7 */
2403 static int
2404 add_twarp_context(struct kvec *iov, unsigned int *num_iovec, __u64 timewarp)
2405 {
2406 unsigned int num = *num_iovec;
2407
2408 iov[num].iov_base = create_twarp_buf(timewarp);
2409 if (iov[num].iov_base == NULL)
2410 return -ENOMEM;
2411 iov[num].iov_len = sizeof(struct crt_twarp_ctxt);
2412 *num_iovec = num + 1;
2413 return 0;
2414 }
2415
2416 /* See http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx */
2417 static void setup_owner_group_sids(char *buf)
2418 {
2419 struct owner_group_sids *sids = (struct owner_group_sids *)buf;
2420
2421 /* Populate the user ownership fields S-1-5-88-1 */
2422 sids->owner.Revision = 1;
2423 sids->owner.NumAuth = 3;
2424 sids->owner.Authority[5] = 5;
2425 sids->owner.SubAuthorities[0] = cpu_to_le32(88);
2426 sids->owner.SubAuthorities[1] = cpu_to_le32(1);
2427 sids->owner.SubAuthorities[2] = cpu_to_le32(current_fsuid().val);
2428
2429 /* Populate the group ownership fields S-1-5-88-2 */
2430 sids->group.Revision = 1;
2431 sids->group.NumAuth = 3;
2432 sids->group.Authority[5] = 5;
2433 sids->group.SubAuthorities[0] = cpu_to_le32(88);
2434 sids->group.SubAuthorities[1] = cpu_to_le32(2);
2435 sids->group.SubAuthorities[2] = cpu_to_le32(current_fsgid().val);
2436
2437 cifs_dbg(FYI, "owner S-1-5-88-1-%d, group S-1-5-88-2-%d\n", current_fsuid().val, current_fsgid().val);
2438 }
2439
2440 /* See MS-SMB2 2.2.13.2.2 and MS-DTYP 2.4.6 */
2441 static struct crt_sd_ctxt *
2442 create_sd_buf(umode_t mode, bool set_owner, unsigned int *len)
2443 {
2444 struct crt_sd_ctxt *buf;
2445 __u8 *ptr, *aclptr;
2446 unsigned int acelen, acl_size, ace_count;
2447 unsigned int owner_offset = 0;
2448 unsigned int group_offset = 0;
2449 struct smb3_acl acl = {};
2450
2451 *len = round_up(sizeof(struct crt_sd_ctxt) + (sizeof(struct cifs_ace) * 4), 8);
2452
2453 if (set_owner) {
2454 /* sizeof(struct owner_group_sids) is already multiple of 8 so no need to round */
2455 *len += sizeof(struct owner_group_sids);
2456 }
2457
2458 buf = kzalloc(*len, GFP_KERNEL);
2459 if (buf == NULL)
2460 return buf;
2461
2462 ptr = (__u8 *)&buf[1];
2463 if (set_owner) {
2464 /* offset fields are from beginning of security descriptor not of create context */
2465 owner_offset = ptr - (__u8 *)&buf->sd;
2466 buf->sd.OffsetOwner = cpu_to_le32(owner_offset);
2467 group_offset = owner_offset + offsetof(struct owner_group_sids, group);
2468 buf->sd.OffsetGroup = cpu_to_le32(group_offset);
2469
2470 setup_owner_group_sids(ptr);
2471 ptr += sizeof(struct owner_group_sids);
2472 } else {
2473 buf->sd.OffsetOwner = 0;
2474 buf->sd.OffsetGroup = 0;
2475 }
2476
2477 buf->ccontext.DataOffset = cpu_to_le16(offsetof(struct crt_sd_ctxt, sd));
2478 buf->ccontext.NameOffset = cpu_to_le16(offsetof(struct crt_sd_ctxt, Name));
2479 buf->ccontext.NameLength = cpu_to_le16(4);
2480 /* SMB2_CREATE_SD_BUFFER_TOKEN is "SecD" */
2481 buf->Name[0] = 'S';
2482 buf->Name[1] = 'e';
2483 buf->Name[2] = 'c';
2484 buf->Name[3] = 'D';
2485 buf->sd.Revision = 1; /* Must be one see MS-DTYP 2.4.6 */
2486
2487 /*
2488 * ACL is "self relative" ie ACL is stored in contiguous block of memory
2489 * and "DP" ie the DACL is present
2490 */
2491 buf->sd.Control = cpu_to_le16(ACL_CONTROL_SR | ACL_CONTROL_DP);
2492
2493 /* offset owner, group and Sbz1 and SACL are all zero */
2494 buf->sd.OffsetDacl = cpu_to_le32(ptr - (__u8 *)&buf->sd);
2495 /* Ship the ACL for now. we will copy it into buf later. */
2496 aclptr = ptr;
2497 ptr += sizeof(struct smb3_acl);
2498
2499 /* create one ACE to hold the mode embedded in reserved special SID */
2500 acelen = setup_special_mode_ACE((struct cifs_ace *)ptr, (__u64)mode);
2501 ptr += acelen;
2502 acl_size = acelen + sizeof(struct smb3_acl);
2503 ace_count = 1;
2504
2505 if (set_owner) {
2506 /* we do not need to reallocate buffer to add the two more ACEs. plenty of space */
2507 acelen = setup_special_user_owner_ACE((struct cifs_ace *)ptr);
2508 ptr += acelen;
2509 acl_size += acelen;
2510 ace_count += 1;
2511 }
2512
2513 /* and one more ACE to allow access for authenticated users */
2514 acelen = setup_authusers_ACE((struct cifs_ace *)ptr);
2515 ptr += acelen;
2516 acl_size += acelen;
2517 ace_count += 1;
2518
2519 acl.AclRevision = ACL_REVISION; /* See 2.4.4.1 of MS-DTYP */
2520 acl.AclSize = cpu_to_le16(acl_size);
2521 acl.AceCount = cpu_to_le16(ace_count);
2522 /* acl.Sbz1 and Sbz2 MBZ so are not set here, but initialized above */
2523 memcpy(aclptr, &acl, sizeof(struct smb3_acl));
2524
2525 buf->ccontext.DataLength = cpu_to_le32(ptr - (__u8 *)&buf->sd);
2526 *len = round_up((unsigned int)(ptr - (__u8 *)buf), 8);
2527
2528 return buf;
2529 }
2530
2531 static int
2532 add_sd_context(struct kvec *iov, unsigned int *num_iovec, umode_t mode, bool set_owner)
2533 {
2534 unsigned int num = *num_iovec;
2535 unsigned int len = 0;
2536
2537 iov[num].iov_base = create_sd_buf(mode, set_owner, &len);
2538 if (iov[num].iov_base == NULL)
2539 return -ENOMEM;
2540 iov[num].iov_len = len;
2541 *num_iovec = num + 1;
2542 return 0;
2543 }
2544
2545 static struct crt_query_id_ctxt *
2546 create_query_id_buf(void)
2547 {
2548 struct crt_query_id_ctxt *buf;
2549
2550 buf = kzalloc(sizeof(struct crt_query_id_ctxt), GFP_KERNEL);
2551 if (!buf)
2552 return NULL;
2553
2554 buf->ccontext.DataOffset = cpu_to_le16(0);
2555 buf->ccontext.DataLength = cpu_to_le32(0);
2556 buf->ccontext.NameOffset = cpu_to_le16(offsetof
2557 (struct crt_query_id_ctxt, Name));
2558 buf->ccontext.NameLength = cpu_to_le16(4);
2559 /* SMB2_CREATE_QUERY_ON_DISK_ID is "QFid" */
2560 buf->Name[0] = 'Q';
2561 buf->Name[1] = 'F';
2562 buf->Name[2] = 'i';
2563 buf->Name[3] = 'd';
2564 return buf;
2565 }
2566
2567 /* See MS-SMB2 2.2.13.2.9 */
2568 static int
2569 add_query_id_context(struct kvec *iov, unsigned int *num_iovec)
2570 {
2571 unsigned int num = *num_iovec;
2572
2573 iov[num].iov_base = create_query_id_buf();
2574 if (iov[num].iov_base == NULL)
2575 return -ENOMEM;
2576 iov[num].iov_len = sizeof(struct crt_query_id_ctxt);
2577 *num_iovec = num + 1;
2578 return 0;
2579 }
2580
2581 static int
2582 alloc_path_with_tree_prefix(__le16 **out_path, int *out_size, int *out_len,
2583 const char *treename, const __le16 *path)
2584 {
2585 int treename_len, path_len;
2586 struct nls_table *cp;
2587 const __le16 sep[] = {cpu_to_le16('\\'), cpu_to_le16(0x0000)};
2588
2589 /*
2590 * skip leading "\\"
2591 */
2592 treename_len = strlen(treename);
2593 if (treename_len < 2 || !(treename[0] == '\\' && treename[1] == '\\'))
2594 return -EINVAL;
2595
2596 treename += 2;
2597 treename_len -= 2;
2598
2599 path_len = UniStrnlen((wchar_t *)path, PATH_MAX);
2600
2601 /* make room for one path separator only if @path isn't empty */
2602 *out_len = treename_len + (path[0] ? 1 : 0) + path_len;
2603
2604 /*
2605 * final path needs to be 8-byte aligned as specified in
2606 * MS-SMB2 2.2.13 SMB2 CREATE Request.
2607 */
2608 *out_size = round_up(*out_len * sizeof(__le16), 8);
2609 *out_path = kzalloc(*out_size + sizeof(__le16) /* null */, GFP_KERNEL);
2610 if (!*out_path)
2611 return -ENOMEM;
2612
2613 cp = load_nls_default();
2614 cifs_strtoUTF16(*out_path, treename, treename_len, cp);
2615
2616 /* Do not append the separator if the path is empty */
2617 if (path[0] != cpu_to_le16(0x0000)) {
2618 UniStrcat((wchar_t *)*out_path, (wchar_t *)sep);
2619 UniStrcat((wchar_t *)*out_path, (wchar_t *)path);
2620 }
2621
2622 unload_nls(cp);
2623
2624 return 0;
2625 }
2626
2627 int smb311_posix_mkdir(const unsigned int xid, struct inode *inode,
2628 umode_t mode, struct cifs_tcon *tcon,
2629 const char *full_path,
2630 struct cifs_sb_info *cifs_sb)
2631 {
2632 struct smb_rqst rqst;
2633 struct smb2_create_req *req;
2634 struct smb2_create_rsp *rsp = NULL;
2635 struct cifs_ses *ses = tcon->ses;
2636 struct kvec iov[3]; /* make sure at least one for each open context */
2637 struct kvec rsp_iov = {NULL, 0};
2638 int resp_buftype;
2639 int uni_path_len;
2640 __le16 *copy_path = NULL;
2641 int copy_size;
2642 int rc = 0;
2643 unsigned int n_iov = 2;
2644 __u32 file_attributes = 0;
2645 char *pc_buf = NULL;
2646 int flags = 0;
2647 unsigned int total_len;
2648 __le16 *utf16_path = NULL;
2649 struct TCP_Server_Info *server = cifs_pick_channel(ses);
2650
2651 cifs_dbg(FYI, "mkdir\n");
2652
2653 /* resource #1: path allocation */
2654 utf16_path = cifs_convert_path_to_utf16(full_path, cifs_sb);
2655 if (!utf16_path)
2656 return -ENOMEM;
2657
2658 if (!ses || !server) {
2659 rc = -EIO;
2660 goto err_free_path;
2661 }
2662
2663 /* resource #2: request */
2664 rc = smb2_plain_req_init(SMB2_CREATE, tcon, server,
2665 (void **) &req, &total_len);
2666 if (rc)
2667 goto err_free_path;
2668
2669
2670 if (smb3_encryption_required(tcon))
2671 flags |= CIFS_TRANSFORM_REQ;
2672
2673 req->ImpersonationLevel = IL_IMPERSONATION;
2674 req->DesiredAccess = cpu_to_le32(FILE_WRITE_ATTRIBUTES);
2675 /* File attributes ignored on open (used in create though) */
2676 req->FileAttributes = cpu_to_le32(file_attributes);
2677 req->ShareAccess = FILE_SHARE_ALL_LE;
2678 req->CreateDisposition = cpu_to_le32(FILE_CREATE);
2679 req->CreateOptions = cpu_to_le32(CREATE_NOT_FILE);
2680
2681 iov[0].iov_base = (char *)req;
2682 /* -1 since last byte is buf[0] which is sent below (path) */
2683 iov[0].iov_len = total_len - 1;
2684
2685 req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req));
2686
2687 /* [MS-SMB2] 2.2.13 NameOffset:
2688 * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of
2689 * the SMB2 header, the file name includes a prefix that will
2690 * be processed during DFS name normalization as specified in
2691 * section 3.3.5.9. Otherwise, the file name is relative to
2692 * the share that is identified by the TreeId in the SMB2
2693 * header.
2694 */
2695 if (tcon->share_flags & SHI1005_FLAGS_DFS) {
2696 int name_len;
2697
2698 req->hdr.Flags |= SMB2_FLAGS_DFS_OPERATIONS;
2699 rc = alloc_path_with_tree_prefix(&copy_path, &copy_size,
2700 &name_len,
2701 tcon->tree_name, utf16_path);
2702 if (rc)
2703 goto err_free_req;
2704
2705 req->NameLength = cpu_to_le16(name_len * 2);
2706 uni_path_len = copy_size;
2707 /* free before overwriting resource */
2708 kfree(utf16_path);
2709 utf16_path = copy_path;
2710 } else {
2711 uni_path_len = (2 * UniStrnlen((wchar_t *)utf16_path, PATH_MAX)) + 2;
2712 /* MUST set path len (NameLength) to 0 opening root of share */
2713 req->NameLength = cpu_to_le16(uni_path_len - 2);
2714 if (uni_path_len % 8 != 0) {
2715 copy_size = roundup(uni_path_len, 8);
2716 copy_path = kzalloc(copy_size, GFP_KERNEL);
2717 if (!copy_path) {
2718 rc = -ENOMEM;
2719 goto err_free_req;
2720 }
2721 memcpy((char *)copy_path, (const char *)utf16_path,
2722 uni_path_len);
2723 uni_path_len = copy_size;
2724 /* free before overwriting resource */
2725 kfree(utf16_path);
2726 utf16_path = copy_path;
2727 }
2728 }
2729
2730 iov[1].iov_len = uni_path_len;
2731 iov[1].iov_base = utf16_path;
2732 req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_NONE;
2733
2734 if (tcon->posix_extensions) {
2735 /* resource #3: posix buf */
2736 rc = add_posix_context(iov, &n_iov, mode);
2737 if (rc)
2738 goto err_free_req;
2739 req->CreateContextsOffset = cpu_to_le32(
2740 sizeof(struct smb2_create_req) +
2741 iov[1].iov_len);
2742 pc_buf = iov[n_iov-1].iov_base;
2743 }
2744
2745
2746 memset(&rqst, 0, sizeof(struct smb_rqst));
2747 rqst.rq_iov = iov;
2748 rqst.rq_nvec = n_iov;
2749
2750 /* no need to inc num_remote_opens because we close it just below */
2751 trace_smb3_posix_mkdir_enter(xid, tcon->tid, ses->Suid, full_path, CREATE_NOT_FILE,
2752 FILE_WRITE_ATTRIBUTES);
2753 /* resource #4: response buffer */
2754 rc = cifs_send_recv(xid, ses, server,
2755 &rqst, &resp_buftype, flags, &rsp_iov);
2756 if (rc) {
2757 cifs_stats_fail_inc(tcon, SMB2_CREATE_HE);
2758 trace_smb3_posix_mkdir_err(xid, tcon->tid, ses->Suid,
2759 CREATE_NOT_FILE,
2760 FILE_WRITE_ATTRIBUTES, rc);
2761 goto err_free_rsp_buf;
2762 }
2763
2764 /*
2765 * Although unlikely to be possible for rsp to be null and rc not set,
2766 * adding check below is slightly safer long term (and quiets Coverity
2767 * warning)
2768 */
2769 rsp = (struct smb2_create_rsp *)rsp_iov.iov_base;
2770 if (rsp == NULL) {
2771 rc = -EIO;
2772 kfree(pc_buf);
2773 goto err_free_req;
2774 }
2775
2776 trace_smb3_posix_mkdir_done(xid, rsp->PersistentFileId, tcon->tid, ses->Suid,
2777 CREATE_NOT_FILE, FILE_WRITE_ATTRIBUTES);
2778
2779 SMB2_close(xid, tcon, rsp->PersistentFileId, rsp->VolatileFileId);
2780
2781 /* Eventually save off posix specific response info and timestaps */
2782
2783 err_free_rsp_buf:
2784 free_rsp_buf(resp_buftype, rsp);
2785 kfree(pc_buf);
2786 err_free_req:
2787 cifs_small_buf_release(req);
2788 err_free_path:
2789 kfree(utf16_path);
2790 return rc;
2791 }
2792
2793 int
2794 SMB2_open_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
2795 struct smb_rqst *rqst, __u8 *oplock,
2796 struct cifs_open_parms *oparms, __le16 *path)
2797 {
2798 struct smb2_create_req *req;
2799 unsigned int n_iov = 2;
2800 __u32 file_attributes = 0;
2801 int copy_size;
2802 int uni_path_len;
2803 unsigned int total_len;
2804 struct kvec *iov = rqst->rq_iov;
2805 __le16 *copy_path;
2806 int rc;
2807
2808 rc = smb2_plain_req_init(SMB2_CREATE, tcon, server,
2809 (void **) &req, &total_len);
2810 if (rc)
2811 return rc;
2812
2813 iov[0].iov_base = (char *)req;
2814 /* -1 since last byte is buf[0] which is sent below (path) */
2815 iov[0].iov_len = total_len - 1;
2816
2817 if (oparms->create_options & CREATE_OPTION_READONLY)
2818 file_attributes |= ATTR_READONLY;
2819 if (oparms->create_options & CREATE_OPTION_SPECIAL)
2820 file_attributes |= ATTR_SYSTEM;
2821
2822 req->ImpersonationLevel = IL_IMPERSONATION;
2823 req->DesiredAccess = cpu_to_le32(oparms->desired_access);
2824 /* File attributes ignored on open (used in create though) */
2825 req->FileAttributes = cpu_to_le32(file_attributes);
2826 req->ShareAccess = FILE_SHARE_ALL_LE;
2827
2828 req->CreateDisposition = cpu_to_le32(oparms->disposition);
2829 req->CreateOptions = cpu_to_le32(oparms->create_options & CREATE_OPTIONS_MASK);
2830 req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req));
2831
2832 /* [MS-SMB2] 2.2.13 NameOffset:
2833 * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of
2834 * the SMB2 header, the file name includes a prefix that will
2835 * be processed during DFS name normalization as specified in
2836 * section 3.3.5.9. Otherwise, the file name is relative to
2837 * the share that is identified by the TreeId in the SMB2
2838 * header.
2839 */
2840 if (tcon->share_flags & SHI1005_FLAGS_DFS) {
2841 int name_len;
2842
2843 req->hdr.Flags |= SMB2_FLAGS_DFS_OPERATIONS;
2844 rc = alloc_path_with_tree_prefix(&copy_path, &copy_size,
2845 &name_len,
2846 tcon->tree_name, path);
2847 if (rc)
2848 return rc;
2849 req->NameLength = cpu_to_le16(name_len * 2);
2850 uni_path_len = copy_size;
2851 path = copy_path;
2852 } else {
2853 uni_path_len = (2 * UniStrnlen((wchar_t *)path, PATH_MAX)) + 2;
2854 /* MUST set path len (NameLength) to 0 opening root of share */
2855 req->NameLength = cpu_to_le16(uni_path_len - 2);
2856 copy_size = round_up(uni_path_len, 8);
2857 copy_path = kzalloc(copy_size, GFP_KERNEL);
2858 if (!copy_path)
2859 return -ENOMEM;
2860 memcpy((char *)copy_path, (const char *)path,
2861 uni_path_len);
2862 uni_path_len = copy_size;
2863 path = copy_path;
2864 }
2865
2866 iov[1].iov_len = uni_path_len;
2867 iov[1].iov_base = path;
2868
2869 if ((!server->oplocks) || (tcon->no_lease))
2870 *oplock = SMB2_OPLOCK_LEVEL_NONE;
2871
2872 if (!(server->capabilities & SMB2_GLOBAL_CAP_LEASING) ||
2873 *oplock == SMB2_OPLOCK_LEVEL_NONE)
2874 req->RequestedOplockLevel = *oplock;
2875 else if (!(server->capabilities & SMB2_GLOBAL_CAP_DIRECTORY_LEASING) &&
2876 (oparms->create_options & CREATE_NOT_FILE))
2877 req->RequestedOplockLevel = *oplock; /* no srv lease support */
2878 else {
2879 rc = add_lease_context(server, req, iov, &n_iov,
2880 oparms->fid->lease_key, oplock);
2881 if (rc)
2882 return rc;
2883 }
2884
2885 if (*oplock == SMB2_OPLOCK_LEVEL_BATCH) {
2886 rc = add_durable_context(iov, &n_iov, oparms,
2887 tcon->use_persistent);
2888 if (rc)
2889 return rc;
2890 }
2891
2892 if (tcon->posix_extensions) {
2893 rc = add_posix_context(iov, &n_iov, oparms->mode);
2894 if (rc)
2895 return rc;
2896 }
2897
2898 if (tcon->snapshot_time) {
2899 cifs_dbg(FYI, "adding snapshot context\n");
2900 rc = add_twarp_context(iov, &n_iov, tcon->snapshot_time);
2901 if (rc)
2902 return rc;
2903 }
2904
2905 if ((oparms->disposition != FILE_OPEN) && (oparms->cifs_sb)) {
2906 bool set_mode;
2907 bool set_owner;
2908
2909 if ((oparms->cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MODE_FROM_SID) &&
2910 (oparms->mode != ACL_NO_MODE))
2911 set_mode = true;
2912 else {
2913 set_mode = false;
2914 oparms->mode = ACL_NO_MODE;
2915 }
2916
2917 if (oparms->cifs_sb->mnt_cifs_flags & CIFS_MOUNT_UID_FROM_ACL)
2918 set_owner = true;
2919 else
2920 set_owner = false;
2921
2922 if (set_owner | set_mode) {
2923 cifs_dbg(FYI, "add sd with mode 0x%x\n", oparms->mode);
2924 rc = add_sd_context(iov, &n_iov, oparms->mode, set_owner);
2925 if (rc)
2926 return rc;
2927 }
2928 }
2929
2930 add_query_id_context(iov, &n_iov);
2931
2932 if (n_iov > 2) {
2933 /*
2934 * We have create contexts behind iov[1] (the file
2935 * name), point at them from the main create request
2936 */
2937 req->CreateContextsOffset = cpu_to_le32(
2938 sizeof(struct smb2_create_req) +
2939 iov[1].iov_len);
2940 req->CreateContextsLength = 0;
2941
2942 for (unsigned int i = 2; i < (n_iov-1); i++) {
2943 struct kvec *v = &iov[i];
2944 size_t len = v->iov_len;
2945 struct create_context *cctx =
2946 (struct create_context *)v->iov_base;
2947
2948 cctx->Next = cpu_to_le32(len);
2949 le32_add_cpu(&req->CreateContextsLength, len);
2950 }
2951 le32_add_cpu(&req->CreateContextsLength,
2952 iov[n_iov-1].iov_len);
2953 }
2954
2955 rqst->rq_nvec = n_iov;
2956 return 0;
2957 }
2958
2959 /* rq_iov[0] is the request and is released by cifs_small_buf_release().
2960 * All other vectors are freed by kfree().
2961 */
2962 void
2963 SMB2_open_free(struct smb_rqst *rqst)
2964 {
2965 int i;
2966
2967 if (rqst && rqst->rq_iov) {
2968 cifs_small_buf_release(rqst->rq_iov[0].iov_base);
2969 for (i = 1; i < rqst->rq_nvec; i++)
2970 if (rqst->rq_iov[i].iov_base != smb2_padding)
2971 kfree(rqst->rq_iov[i].iov_base);
2972 }
2973 }
2974
2975 int
2976 SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
2977 __u8 *oplock, struct smb2_file_all_info *buf,
2978 struct create_posix_rsp *posix,
2979 struct kvec *err_iov, int *buftype)
2980 {
2981 struct smb_rqst rqst;
2982 struct smb2_create_rsp *rsp = NULL;
2983 struct cifs_tcon *tcon = oparms->tcon;
2984 struct cifs_ses *ses = tcon->ses;
2985 struct TCP_Server_Info *server = cifs_pick_channel(ses);
2986 struct kvec iov[SMB2_CREATE_IOV_SIZE];
2987 struct kvec rsp_iov = {NULL, 0};
2988 int resp_buftype = CIFS_NO_BUFFER;
2989 int rc = 0;
2990 int flags = 0;
2991
2992 cifs_dbg(FYI, "create/open\n");
2993 if (!ses || !server)
2994 return -EIO;
2995
2996 if (smb3_encryption_required(tcon))
2997 flags |= CIFS_TRANSFORM_REQ;
2998
2999 memset(&rqst, 0, sizeof(struct smb_rqst));
3000 memset(&iov, 0, sizeof(iov));
3001 rqst.rq_iov = iov;
3002 rqst.rq_nvec = SMB2_CREATE_IOV_SIZE;
3003
3004 rc = SMB2_open_init(tcon, server,
3005 &rqst, oplock, oparms, path);
3006 if (rc)
3007 goto creat_exit;
3008
3009 trace_smb3_open_enter(xid, tcon->tid, tcon->ses->Suid, oparms->path,
3010 oparms->create_options, oparms->desired_access);
3011
3012 rc = cifs_send_recv(xid, ses, server,
3013 &rqst, &resp_buftype, flags,
3014 &rsp_iov);
3015 rsp = (struct smb2_create_rsp *)rsp_iov.iov_base;
3016
3017 if (rc != 0) {
3018 cifs_stats_fail_inc(tcon, SMB2_CREATE_HE);
3019 if (err_iov && rsp) {
3020 *err_iov = rsp_iov;
3021 *buftype = resp_buftype;
3022 resp_buftype = CIFS_NO_BUFFER;
3023 rsp = NULL;
3024 }
3025 trace_smb3_open_err(xid, tcon->tid, ses->Suid,
3026 oparms->create_options, oparms->desired_access, rc);
3027 if (rc == -EREMCHG) {
3028 pr_warn_once("server share %s deleted\n",
3029 tcon->tree_name);
3030 tcon->need_reconnect = true;
3031 }
3032 goto creat_exit;
3033 } else if (rsp == NULL) /* unlikely to happen, but safer to check */
3034 goto creat_exit;
3035 else
3036 trace_smb3_open_done(xid, rsp->PersistentFileId, tcon->tid, ses->Suid,
3037 oparms->create_options, oparms->desired_access);
3038
3039 atomic_inc(&tcon->num_remote_opens);
3040 oparms->fid->persistent_fid = rsp->PersistentFileId;
3041 oparms->fid->volatile_fid = rsp->VolatileFileId;
3042 oparms->fid->access = oparms->desired_access;
3043 #ifdef CONFIG_CIFS_DEBUG2
3044 oparms->fid->mid = le64_to_cpu(rsp->hdr.MessageId);
3045 #endif /* CIFS_DEBUG2 */
3046
3047 if (buf) {
3048 buf->CreationTime = rsp->CreationTime;
3049 buf->LastAccessTime = rsp->LastAccessTime;
3050 buf->LastWriteTime = rsp->LastWriteTime;
3051 buf->ChangeTime = rsp->ChangeTime;
3052 buf->AllocationSize = rsp->AllocationSize;
3053 buf->EndOfFile = rsp->EndofFile;
3054 buf->Attributes = rsp->FileAttributes;
3055 buf->NumberOfLinks = cpu_to_le32(1);
3056 buf->DeletePending = 0;
3057 }
3058
3059
3060 smb2_parse_contexts(server, rsp, &oparms->fid->epoch,
3061 oparms->fid->lease_key, oplock, buf, posix);
3062 creat_exit:
3063 SMB2_open_free(&rqst);
3064 free_rsp_buf(resp_buftype, rsp);
3065 return rc;
3066 }
3067
3068 int
3069 SMB2_ioctl_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
3070 struct smb_rqst *rqst,
3071 u64 persistent_fid, u64 volatile_fid, u32 opcode,
3072 char *in_data, u32 indatalen,
3073 __u32 max_response_size)
3074 {
3075 struct smb2_ioctl_req *req;
3076 struct kvec *iov = rqst->rq_iov;
3077 unsigned int total_len;
3078 int rc;
3079 char *in_data_buf;
3080
3081 rc = smb2_ioctl_req_init(opcode, tcon, server,
3082 (void **) &req, &total_len);
3083 if (rc)
3084 return rc;
3085
3086 if (indatalen) {
3087 /*
3088 * indatalen is usually small at a couple of bytes max, so
3089 * just allocate through generic pool
3090 */
3091 in_data_buf = kmemdup(in_data, indatalen, GFP_NOFS);
3092 if (!in_data_buf) {
3093 cifs_small_buf_release(req);
3094 return -ENOMEM;
3095 }
3096 }
3097
3098 req->CtlCode = cpu_to_le32(opcode);
3099 req->PersistentFileId = persistent_fid;
3100 req->VolatileFileId = volatile_fid;
3101
3102 iov[0].iov_base = (char *)req;
3103 /*
3104 * If no input data, the size of ioctl struct in
3105 * protocol spec still includes a 1 byte data buffer,
3106 * but if input data passed to ioctl, we do not
3107 * want to double count this, so we do not send
3108 * the dummy one byte of data in iovec[0] if sending
3109 * input data (in iovec[1]).
3110 */
3111 if (indatalen) {
3112 req->InputCount = cpu_to_le32(indatalen);
3113 /* do not set InputOffset if no input data */
3114 req->InputOffset =
3115 cpu_to_le32(offsetof(struct smb2_ioctl_req, Buffer));
3116 rqst->rq_nvec = 2;
3117 iov[0].iov_len = total_len - 1;
3118 iov[1].iov_base = in_data_buf;
3119 iov[1].iov_len = indatalen;
3120 } else {
3121 rqst->rq_nvec = 1;
3122 iov[0].iov_len = total_len;
3123 }
3124
3125 req->OutputOffset = 0;
3126 req->OutputCount = 0; /* MBZ */
3127
3128 /*
3129 * In most cases max_response_size is set to 16K (CIFSMaxBufSize)
3130 * We Could increase default MaxOutputResponse, but that could require
3131 * more credits. Windows typically sets this smaller, but for some
3132 * ioctls it may be useful to allow server to send more. No point
3133 * limiting what the server can send as long as fits in one credit
3134 * We can not handle more than CIFS_MAX_BUF_SIZE yet but may want
3135 * to increase this limit up in the future.
3136 * Note that for snapshot queries that servers like Azure expect that
3137 * the first query be minimal size (and just used to get the number/size
3138 * of previous versions) so response size must be specified as EXACTLY
3139 * sizeof(struct snapshot_array) which is 16 when rounded up to multiple
3140 * of eight bytes. Currently that is the only case where we set max
3141 * response size smaller.
3142 */
3143 req->MaxOutputResponse = cpu_to_le32(max_response_size);
3144 req->hdr.CreditCharge =
3145 cpu_to_le16(DIV_ROUND_UP(max(indatalen, max_response_size),
3146 SMB2_MAX_BUFFER_SIZE));
3147 /* always an FSCTL (for now) */
3148 req->Flags = cpu_to_le32(SMB2_0_IOCTL_IS_FSCTL);
3149
3150 /* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */
3151 if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO)
3152 req->hdr.Flags |= SMB2_FLAGS_SIGNED;
3153
3154 return 0;
3155 }
3156
3157 void
3158 SMB2_ioctl_free(struct smb_rqst *rqst)
3159 {
3160 int i;
3161
3162 if (rqst && rqst->rq_iov) {
3163 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
3164 for (i = 1; i < rqst->rq_nvec; i++)
3165 if (rqst->rq_iov[i].iov_base != smb2_padding)
3166 kfree(rqst->rq_iov[i].iov_base);
3167 }
3168 }
3169
3170
3171 /*
3172 * SMB2 IOCTL is used for both IOCTLs and FSCTLs
3173 */
3174 int
3175 SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
3176 u64 volatile_fid, u32 opcode, char *in_data, u32 indatalen,
3177 u32 max_out_data_len, char **out_data,
3178 u32 *plen /* returned data len */)
3179 {
3180 struct smb_rqst rqst;
3181 struct smb2_ioctl_rsp *rsp = NULL;
3182 struct cifs_ses *ses;
3183 struct TCP_Server_Info *server;
3184 struct kvec iov[SMB2_IOCTL_IOV_SIZE];
3185 struct kvec rsp_iov = {NULL, 0};
3186 int resp_buftype = CIFS_NO_BUFFER;
3187 int rc = 0;
3188 int flags = 0;
3189
3190 cifs_dbg(FYI, "SMB2 IOCTL\n");
3191
3192 if (out_data != NULL)
3193 *out_data = NULL;
3194
3195 /* zero out returned data len, in case of error */
3196 if (plen)
3197 *plen = 0;
3198
3199 if (!tcon)
3200 return -EIO;
3201
3202 ses = tcon->ses;
3203 if (!ses)
3204 return -EIO;
3205
3206 server = cifs_pick_channel(ses);
3207 if (!server)
3208 return -EIO;
3209
3210 if (smb3_encryption_required(tcon))
3211 flags |= CIFS_TRANSFORM_REQ;
3212
3213 memset(&rqst, 0, sizeof(struct smb_rqst));
3214 memset(&iov, 0, sizeof(iov));
3215 rqst.rq_iov = iov;
3216 rqst.rq_nvec = SMB2_IOCTL_IOV_SIZE;
3217
3218 rc = SMB2_ioctl_init(tcon, server,
3219 &rqst, persistent_fid, volatile_fid, opcode,
3220 in_data, indatalen, max_out_data_len);
3221 if (rc)
3222 goto ioctl_exit;
3223
3224 rc = cifs_send_recv(xid, ses, server,
3225 &rqst, &resp_buftype, flags,
3226 &rsp_iov);
3227 rsp = (struct smb2_ioctl_rsp *)rsp_iov.iov_base;
3228
3229 if (rc != 0)
3230 trace_smb3_fsctl_err(xid, persistent_fid, tcon->tid,
3231 ses->Suid, 0, opcode, rc);
3232
3233 if ((rc != 0) && (rc != -EINVAL) && (rc != -E2BIG)) {
3234 cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);
3235 goto ioctl_exit;
3236 } else if (rc == -EINVAL) {
3237 if ((opcode != FSCTL_SRV_COPYCHUNK_WRITE) &&
3238 (opcode != FSCTL_SRV_COPYCHUNK)) {
3239 cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);
3240 goto ioctl_exit;
3241 }
3242 } else if (rc == -E2BIG) {
3243 if (opcode != FSCTL_QUERY_ALLOCATED_RANGES) {
3244 cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);
3245 goto ioctl_exit;
3246 }
3247 }
3248
3249 /* check if caller wants to look at return data or just return rc */
3250 if ((plen == NULL) || (out_data == NULL))
3251 goto ioctl_exit;
3252
3253 /*
3254 * Although unlikely to be possible for rsp to be null and rc not set,
3255 * adding check below is slightly safer long term (and quiets Coverity
3256 * warning)
3257 */
3258 if (rsp == NULL) {
3259 rc = -EIO;
3260 goto ioctl_exit;
3261 }
3262
3263 *plen = le32_to_cpu(rsp->OutputCount);
3264
3265 /* We check for obvious errors in the output buffer length and offset */
3266 if (*plen == 0)
3267 goto ioctl_exit; /* server returned no data */
3268 else if (*plen > rsp_iov.iov_len || *plen > 0xFF00) {
3269 cifs_tcon_dbg(VFS, "srv returned invalid ioctl length: %d\n", *plen);
3270 *plen = 0;
3271 rc = -EIO;
3272 goto ioctl_exit;
3273 }
3274
3275 if (rsp_iov.iov_len - *plen < le32_to_cpu(rsp->OutputOffset)) {
3276 cifs_tcon_dbg(VFS, "Malformed ioctl resp: len %d offset %d\n", *plen,
3277 le32_to_cpu(rsp->OutputOffset));
3278 *plen = 0;
3279 rc = -EIO;
3280 goto ioctl_exit;
3281 }
3282
3283 *out_data = kmemdup((char *)rsp + le32_to_cpu(rsp->OutputOffset),
3284 *plen, GFP_KERNEL);
3285 if (*out_data == NULL) {
3286 rc = -ENOMEM;
3287 goto ioctl_exit;
3288 }
3289
3290 ioctl_exit:
3291 SMB2_ioctl_free(&rqst);
3292 free_rsp_buf(resp_buftype, rsp);
3293 return rc;
3294 }
3295
3296 /*
3297 * Individual callers to ioctl worker function follow
3298 */
3299
3300 int
3301 SMB2_set_compression(const unsigned int xid, struct cifs_tcon *tcon,
3302 u64 persistent_fid, u64 volatile_fid)
3303 {
3304 int rc;
3305 struct compress_ioctl fsctl_input;
3306 char *ret_data = NULL;
3307
3308 fsctl_input.CompressionState =
3309 cpu_to_le16(COMPRESSION_FORMAT_DEFAULT);
3310
3311 rc = SMB2_ioctl(xid, tcon, persistent_fid, volatile_fid,
3312 FSCTL_SET_COMPRESSION,
3313 (char *)&fsctl_input /* data input */,
3314 2 /* in data len */, CIFSMaxBufSize /* max out data */,
3315 &ret_data /* out data */, NULL);
3316
3317 cifs_dbg(FYI, "set compression rc %d\n", rc);
3318
3319 return rc;
3320 }
3321
3322 int
3323 SMB2_close_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
3324 struct smb_rqst *rqst,
3325 u64 persistent_fid, u64 volatile_fid, bool query_attrs)
3326 {
3327 struct smb2_close_req *req;
3328 struct kvec *iov = rqst->rq_iov;
3329 unsigned int total_len;
3330 int rc;
3331
3332 rc = smb2_plain_req_init(SMB2_CLOSE, tcon, server,
3333 (void **) &req, &total_len);
3334 if (rc)
3335 return rc;
3336
3337 req->PersistentFileId = persistent_fid;
3338 req->VolatileFileId = volatile_fid;
3339 if (query_attrs)
3340 req->Flags = SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB;
3341 else
3342 req->Flags = 0;
3343 iov[0].iov_base = (char *)req;
3344 iov[0].iov_len = total_len;
3345
3346 return 0;
3347 }
3348
3349 void
3350 SMB2_close_free(struct smb_rqst *rqst)
3351 {
3352 if (rqst && rqst->rq_iov)
3353 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
3354 }
3355
3356 int
3357 __SMB2_close(const unsigned int xid, struct cifs_tcon *tcon,
3358 u64 persistent_fid, u64 volatile_fid,
3359 struct smb2_file_network_open_info *pbuf)
3360 {
3361 struct smb_rqst rqst;
3362 struct smb2_close_rsp *rsp = NULL;
3363 struct cifs_ses *ses = tcon->ses;
3364 struct TCP_Server_Info *server = cifs_pick_channel(ses);
3365 struct kvec iov[1];
3366 struct kvec rsp_iov;
3367 int resp_buftype = CIFS_NO_BUFFER;
3368 int rc = 0;
3369 int flags = 0;
3370 bool query_attrs = false;
3371
3372 cifs_dbg(FYI, "Close\n");
3373
3374 if (!ses || !server)
3375 return -EIO;
3376
3377 if (smb3_encryption_required(tcon))
3378 flags |= CIFS_TRANSFORM_REQ;
3379
3380 memset(&rqst, 0, sizeof(struct smb_rqst));
3381 memset(&iov, 0, sizeof(iov));
3382 rqst.rq_iov = iov;
3383 rqst.rq_nvec = 1;
3384
3385 /* check if need to ask server to return timestamps in close response */
3386 if (pbuf)
3387 query_attrs = true;
3388
3389 trace_smb3_close_enter(xid, persistent_fid, tcon->tid, ses->Suid);
3390 rc = SMB2_close_init(tcon, server,
3391 &rqst, persistent_fid, volatile_fid,
3392 query_attrs);
3393 if (rc)
3394 goto close_exit;
3395
3396 rc = cifs_send_recv(xid, ses, server,
3397 &rqst, &resp_buftype, flags, &rsp_iov);
3398 rsp = (struct smb2_close_rsp *)rsp_iov.iov_base;
3399
3400 if (rc != 0) {
3401 cifs_stats_fail_inc(tcon, SMB2_CLOSE_HE);
3402 trace_smb3_close_err(xid, persistent_fid, tcon->tid, ses->Suid,
3403 rc);
3404 goto close_exit;
3405 } else {
3406 trace_smb3_close_done(xid, persistent_fid, tcon->tid,
3407 ses->Suid);
3408 /*
3409 * Note that have to subtract 4 since struct network_open_info
3410 * has a final 4 byte pad that close response does not have
3411 */
3412 if (pbuf)
3413 memcpy(pbuf, (char *)&rsp->CreationTime, sizeof(*pbuf) - 4);
3414 }
3415
3416 atomic_dec(&tcon->num_remote_opens);
3417 close_exit:
3418 SMB2_close_free(&rqst);
3419 free_rsp_buf(resp_buftype, rsp);
3420
3421 /* retry close in a worker thread if this one is interrupted */
3422 if (is_interrupt_error(rc)) {
3423 int tmp_rc;
3424
3425 tmp_rc = smb2_handle_cancelled_close(tcon, persistent_fid,
3426 volatile_fid);
3427 if (tmp_rc)
3428 cifs_dbg(VFS, "handle cancelled close fid 0x%llx returned error %d\n",
3429 persistent_fid, tmp_rc);
3430 }
3431 return rc;
3432 }
3433
3434 int
3435 SMB2_close(const unsigned int xid, struct cifs_tcon *tcon,
3436 u64 persistent_fid, u64 volatile_fid)
3437 {
3438 return __SMB2_close(xid, tcon, persistent_fid, volatile_fid, NULL);
3439 }
3440
3441 int
3442 smb2_validate_iov(unsigned int offset, unsigned int buffer_length,
3443 struct kvec *iov, unsigned int min_buf_size)
3444 {
3445 unsigned int smb_len = iov->iov_len;
3446 char *end_of_smb = smb_len + (char *)iov->iov_base;
3447 char *begin_of_buf = offset + (char *)iov->iov_base;
3448 char *end_of_buf = begin_of_buf + buffer_length;
3449
3450
3451 if (buffer_length < min_buf_size) {
3452 cifs_dbg(VFS, "buffer length %d smaller than minimum size %d\n",
3453 buffer_length, min_buf_size);
3454 return -EINVAL;
3455 }
3456
3457 /* check if beyond RFC1001 maximum length */
3458 if ((smb_len > 0x7FFFFF) || (buffer_length > 0x7FFFFF)) {
3459 cifs_dbg(VFS, "buffer length %d or smb length %d too large\n",
3460 buffer_length, smb_len);
3461 return -EINVAL;
3462 }
3463
3464 if ((begin_of_buf > end_of_smb) || (end_of_buf > end_of_smb)) {
3465 cifs_dbg(VFS, "Invalid server response, bad offset to data\n");
3466 return -EINVAL;
3467 }
3468
3469 return 0;
3470 }
3471
3472 /*
3473 * If SMB buffer fields are valid, copy into temporary buffer to hold result.
3474 * Caller must free buffer.
3475 */
3476 int
3477 smb2_validate_and_copy_iov(unsigned int offset, unsigned int buffer_length,
3478 struct kvec *iov, unsigned int minbufsize,
3479 char *data)
3480 {
3481 char *begin_of_buf = offset + (char *)iov->iov_base;
3482 int rc;
3483
3484 if (!data)
3485 return -EINVAL;
3486
3487 rc = smb2_validate_iov(offset, buffer_length, iov, minbufsize);
3488 if (rc)
3489 return rc;
3490
3491 memcpy(data, begin_of_buf, minbufsize);
3492
3493 return 0;
3494 }
3495
3496 int
3497 SMB2_query_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
3498 struct smb_rqst *rqst,
3499 u64 persistent_fid, u64 volatile_fid,
3500 u8 info_class, u8 info_type, u32 additional_info,
3501 size_t output_len, size_t input_len, void *input)
3502 {
3503 struct smb2_query_info_req *req;
3504 struct kvec *iov = rqst->rq_iov;
3505 unsigned int total_len;
3506 int rc;
3507
3508 rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, server,
3509 (void **) &req, &total_len);
3510 if (rc)
3511 return rc;
3512
3513 req->InfoType = info_type;
3514 req->FileInfoClass = info_class;
3515 req->PersistentFileId = persistent_fid;
3516 req->VolatileFileId = volatile_fid;
3517 req->AdditionalInformation = cpu_to_le32(additional_info);
3518
3519 req->OutputBufferLength = cpu_to_le32(output_len);
3520 if (input_len) {
3521 req->InputBufferLength = cpu_to_le32(input_len);
3522 /* total_len for smb query request never close to le16 max */
3523 req->InputBufferOffset = cpu_to_le16(total_len - 1);
3524 memcpy(req->Buffer, input, input_len);
3525 }
3526
3527 iov[0].iov_base = (char *)req;
3528 /* 1 for Buffer */
3529 iov[0].iov_len = total_len - 1 + input_len;
3530 return 0;
3531 }
3532
3533 void
3534 SMB2_query_info_free(struct smb_rqst *rqst)
3535 {
3536 if (rqst && rqst->rq_iov)
3537 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
3538 }
3539
3540 static int
3541 query_info(const unsigned int xid, struct cifs_tcon *tcon,
3542 u64 persistent_fid, u64 volatile_fid, u8 info_class, u8 info_type,
3543 u32 additional_info, size_t output_len, size_t min_len, void **data,
3544 u32 *dlen)
3545 {
3546 struct smb_rqst rqst;
3547 struct smb2_query_info_rsp *rsp = NULL;
3548 struct kvec iov[1];
3549 struct kvec rsp_iov;
3550 int rc = 0;
3551 int resp_buftype = CIFS_NO_BUFFER;
3552 struct cifs_ses *ses = tcon->ses;
3553 struct TCP_Server_Info *server;
3554 int flags = 0;
3555 bool allocated = false;
3556
3557 cifs_dbg(FYI, "Query Info\n");
3558
3559 if (!ses)
3560 return -EIO;
3561 server = cifs_pick_channel(ses);
3562 if (!server)
3563 return -EIO;
3564
3565 if (smb3_encryption_required(tcon))
3566 flags |= CIFS_TRANSFORM_REQ;
3567
3568 memset(&rqst, 0, sizeof(struct smb_rqst));
3569 memset(&iov, 0, sizeof(iov));
3570 rqst.rq_iov = iov;
3571 rqst.rq_nvec = 1;
3572
3573 rc = SMB2_query_info_init(tcon, server,
3574 &rqst, persistent_fid, volatile_fid,
3575 info_class, info_type, additional_info,
3576 output_len, 0, NULL);
3577 if (rc)
3578 goto qinf_exit;
3579
3580 trace_smb3_query_info_enter(xid, persistent_fid, tcon->tid,
3581 ses->Suid, info_class, (__u32)info_type);
3582
3583 rc = cifs_send_recv(xid, ses, server,
3584 &rqst, &resp_buftype, flags, &rsp_iov);
3585 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
3586
3587 if (rc) {
3588 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
3589 trace_smb3_query_info_err(xid, persistent_fid, tcon->tid,
3590 ses->Suid, info_class, (__u32)info_type, rc);
3591 goto qinf_exit;
3592 }
3593
3594 trace_smb3_query_info_done(xid, persistent_fid, tcon->tid,
3595 ses->Suid, info_class, (__u32)info_type);
3596
3597 if (dlen) {
3598 *dlen = le32_to_cpu(rsp->OutputBufferLength);
3599 if (!*data) {
3600 *data = kmalloc(*dlen, GFP_KERNEL);
3601 if (!*data) {
3602 cifs_tcon_dbg(VFS,
3603 "Error %d allocating memory for acl\n",
3604 rc);
3605 *dlen = 0;
3606 rc = -ENOMEM;
3607 goto qinf_exit;
3608 }
3609 allocated = true;
3610 }
3611 }
3612
3613 rc = smb2_validate_and_copy_iov(le16_to_cpu(rsp->OutputBufferOffset),
3614 le32_to_cpu(rsp->OutputBufferLength),
3615 &rsp_iov, dlen ? *dlen : min_len, *data);
3616 if (rc && allocated) {
3617 kfree(*data);
3618 *data = NULL;
3619 *dlen = 0;
3620 }
3621
3622 qinf_exit:
3623 SMB2_query_info_free(&rqst);
3624 free_rsp_buf(resp_buftype, rsp);
3625 return rc;
3626 }
3627
3628 int SMB2_query_info(const unsigned int xid, struct cifs_tcon *tcon,
3629 u64 persistent_fid, u64 volatile_fid, struct smb2_file_all_info *data)
3630 {
3631 return query_info(xid, tcon, persistent_fid, volatile_fid,
3632 FILE_ALL_INFORMATION, SMB2_O_INFO_FILE, 0,
3633 sizeof(struct smb2_file_all_info) + PATH_MAX * 2,
3634 sizeof(struct smb2_file_all_info), (void **)&data,
3635 NULL);
3636 }
3637
3638 #if 0
3639 /* currently unused, as now we are doing compounding instead (see smb311_posix_query_path_info) */
3640 int
3641 SMB311_posix_query_info(const unsigned int xid, struct cifs_tcon *tcon,
3642 u64 persistent_fid, u64 volatile_fid, struct smb311_posix_qinfo *data, u32 *plen)
3643 {
3644 size_t output_len = sizeof(struct smb311_posix_qinfo *) +
3645 (sizeof(struct cifs_sid) * 2) + (PATH_MAX * 2);
3646 *plen = 0;
3647
3648 return query_info(xid, tcon, persistent_fid, volatile_fid,
3649 SMB_FIND_FILE_POSIX_INFO, SMB2_O_INFO_FILE, 0,
3650 output_len, sizeof(struct smb311_posix_qinfo), (void **)&data, plen);
3651 /* Note caller must free "data" (passed in above). It may be allocated in query_info call */
3652 }
3653 #endif
3654
3655 int
3656 SMB2_query_acl(const unsigned int xid, struct cifs_tcon *tcon,
3657 u64 persistent_fid, u64 volatile_fid,
3658 void **data, u32 *plen, u32 extra_info)
3659 {
3660 __u32 additional_info = OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO |
3661 extra_info;
3662 *plen = 0;
3663
3664 return query_info(xid, tcon, persistent_fid, volatile_fid,
3665 0, SMB2_O_INFO_SECURITY, additional_info,
3666 SMB2_MAX_BUFFER_SIZE, MIN_SEC_DESC_LEN, data, plen);
3667 }
3668
3669 int
3670 SMB2_get_srv_num(const unsigned int xid, struct cifs_tcon *tcon,
3671 u64 persistent_fid, u64 volatile_fid, __le64 *uniqueid)
3672 {
3673 return query_info(xid, tcon, persistent_fid, volatile_fid,
3674 FILE_INTERNAL_INFORMATION, SMB2_O_INFO_FILE, 0,
3675 sizeof(struct smb2_file_internal_info),
3676 sizeof(struct smb2_file_internal_info),
3677 (void **)&uniqueid, NULL);
3678 }
3679
3680 /*
3681 * CHANGE_NOTIFY Request is sent to get notifications on changes to a directory
3682 * See MS-SMB2 2.2.35 and 2.2.36
3683 */
3684
3685 static int
3686 SMB2_notify_init(const unsigned int xid, struct smb_rqst *rqst,
3687 struct cifs_tcon *tcon, struct TCP_Server_Info *server,
3688 u64 persistent_fid, u64 volatile_fid,
3689 u32 completion_filter, bool watch_tree)
3690 {
3691 struct smb2_change_notify_req *req;
3692 struct kvec *iov = rqst->rq_iov;
3693 unsigned int total_len;
3694 int rc;
3695
3696 rc = smb2_plain_req_init(SMB2_CHANGE_NOTIFY, tcon, server,
3697 (void **) &req, &total_len);
3698 if (rc)
3699 return rc;
3700
3701 req->PersistentFileId = persistent_fid;
3702 req->VolatileFileId = volatile_fid;
3703 /* See note 354 of MS-SMB2, 64K max */
3704 req->OutputBufferLength =
3705 cpu_to_le32(SMB2_MAX_BUFFER_SIZE - MAX_SMB2_HDR_SIZE);
3706 req->CompletionFilter = cpu_to_le32(completion_filter);
3707 if (watch_tree)
3708 req->Flags = cpu_to_le16(SMB2_WATCH_TREE);
3709 else
3710 req->Flags = 0;
3711
3712 iov[0].iov_base = (char *)req;
3713 iov[0].iov_len = total_len;
3714
3715 return 0;
3716 }
3717
3718 int
3719 SMB2_change_notify(const unsigned int xid, struct cifs_tcon *tcon,
3720 u64 persistent_fid, u64 volatile_fid, bool watch_tree,
3721 u32 completion_filter, u32 max_out_data_len, char **out_data,
3722 u32 *plen /* returned data len */)
3723 {
3724 struct cifs_ses *ses = tcon->ses;
3725 struct TCP_Server_Info *server = cifs_pick_channel(ses);
3726 struct smb_rqst rqst;
3727 struct smb2_change_notify_rsp *smb_rsp;
3728 struct kvec iov[1];
3729 struct kvec rsp_iov = {NULL, 0};
3730 int resp_buftype = CIFS_NO_BUFFER;
3731 int flags = 0;
3732 int rc = 0;
3733
3734 cifs_dbg(FYI, "change notify\n");
3735 if (!ses || !server)
3736 return -EIO;
3737
3738 if (smb3_encryption_required(tcon))
3739 flags |= CIFS_TRANSFORM_REQ;
3740
3741 memset(&rqst, 0, sizeof(struct smb_rqst));
3742 memset(&iov, 0, sizeof(iov));
3743 if (plen)
3744 *plen = 0;
3745
3746 rqst.rq_iov = iov;
3747 rqst.rq_nvec = 1;
3748
3749 rc = SMB2_notify_init(xid, &rqst, tcon, server,
3750 persistent_fid, volatile_fid,
3751 completion_filter, watch_tree);
3752 if (rc)
3753 goto cnotify_exit;
3754
3755 trace_smb3_notify_enter(xid, persistent_fid, tcon->tid, ses->Suid,
3756 (u8)watch_tree, completion_filter);
3757 rc = cifs_send_recv(xid, ses, server,
3758 &rqst, &resp_buftype, flags, &rsp_iov);
3759
3760 if (rc != 0) {
3761 cifs_stats_fail_inc(tcon, SMB2_CHANGE_NOTIFY_HE);
3762 trace_smb3_notify_err(xid, persistent_fid, tcon->tid, ses->Suid,
3763 (u8)watch_tree, completion_filter, rc);
3764 } else {
3765 trace_smb3_notify_done(xid, persistent_fid, tcon->tid,
3766 ses->Suid, (u8)watch_tree, completion_filter);
3767 /* validate that notify information is plausible */
3768 if ((rsp_iov.iov_base == NULL) ||
3769 (rsp_iov.iov_len < sizeof(struct smb2_change_notify_rsp) + 1))
3770 goto cnotify_exit;
3771
3772 smb_rsp = (struct smb2_change_notify_rsp *)rsp_iov.iov_base;
3773
3774 smb2_validate_iov(le16_to_cpu(smb_rsp->OutputBufferOffset),
3775 le32_to_cpu(smb_rsp->OutputBufferLength), &rsp_iov,
3776 sizeof(struct file_notify_information));
3777
3778 *out_data = kmemdup((char *)smb_rsp + le16_to_cpu(smb_rsp->OutputBufferOffset),
3779 le32_to_cpu(smb_rsp->OutputBufferLength), GFP_KERNEL);
3780 if (*out_data == NULL) {
3781 rc = -ENOMEM;
3782 goto cnotify_exit;
3783 } else if (plen)
3784 *plen = le32_to_cpu(smb_rsp->OutputBufferLength);
3785 }
3786
3787 cnotify_exit:
3788 if (rqst.rq_iov)
3789 cifs_small_buf_release(rqst.rq_iov[0].iov_base); /* request */
3790 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
3791 return rc;
3792 }
3793
3794
3795
3796 /*
3797 * This is a no-op for now. We're not really interested in the reply, but
3798 * rather in the fact that the server sent one and that server->lstrp
3799 * gets updated.
3800 *
3801 * FIXME: maybe we should consider checking that the reply matches request?
3802 */
3803 static void
3804 smb2_echo_callback(struct mid_q_entry *mid)
3805 {
3806 struct TCP_Server_Info *server = mid->callback_data;
3807 struct smb2_echo_rsp *rsp = (struct smb2_echo_rsp *)mid->resp_buf;
3808 struct cifs_credits credits = { .value = 0, .instance = 0 };
3809
3810 if (mid->mid_state == MID_RESPONSE_RECEIVED
3811 || mid->mid_state == MID_RESPONSE_MALFORMED) {
3812 credits.value = le16_to_cpu(rsp->hdr.CreditRequest);
3813 credits.instance = server->reconnect_instance;
3814 }
3815
3816 release_mid(mid);
3817 add_credits(server, &credits, CIFS_ECHO_OP);
3818 }
3819
3820 void smb2_reconnect_server(struct work_struct *work)
3821 {
3822 struct TCP_Server_Info *server = container_of(work,
3823 struct TCP_Server_Info, reconnect.work);
3824 struct TCP_Server_Info *pserver;
3825 struct cifs_ses *ses, *ses2;
3826 struct cifs_tcon *tcon, *tcon2;
3827 struct list_head tmp_list, tmp_ses_list;
3828 bool tcon_exist = false, ses_exist = false;
3829 bool tcon_selected = false;
3830 int rc;
3831 bool resched = false;
3832
3833 /* If server is a channel, select the primary channel */
3834 pserver = SERVER_IS_CHAN(server) ? server->primary_server : server;
3835
3836 /* Prevent simultaneous reconnects that can corrupt tcon->rlist list */
3837 mutex_lock(&pserver->reconnect_mutex);
3838
3839 INIT_LIST_HEAD(&tmp_list);
3840 INIT_LIST_HEAD(&tmp_ses_list);
3841 cifs_dbg(FYI, "Reconnecting tcons and channels\n");
3842
3843 spin_lock(&cifs_tcp_ses_lock);
3844 list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
3845 spin_lock(&ses->ses_lock);
3846 if (ses->ses_status == SES_EXITING) {
3847 spin_unlock(&ses->ses_lock);
3848 continue;
3849 }
3850 spin_unlock(&ses->ses_lock);
3851
3852 tcon_selected = false;
3853
3854 list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
3855 if (tcon->need_reconnect || tcon->need_reopen_files) {
3856 tcon->tc_count++;
3857 list_add_tail(&tcon->rlist, &tmp_list);
3858 tcon_selected = tcon_exist = true;
3859 }
3860 }
3861 /*
3862 * IPC has the same lifetime as its session and uses its
3863 * refcount.
3864 */
3865 if (ses->tcon_ipc && ses->tcon_ipc->need_reconnect) {
3866 list_add_tail(&ses->tcon_ipc->rlist, &tmp_list);
3867 tcon_selected = tcon_exist = true;
3868 cifs_smb_ses_inc_refcount(ses);
3869 }
3870 /*
3871 * handle the case where channel needs to reconnect
3872 * binding session, but tcon is healthy (some other channel
3873 * is active)
3874 */
3875 spin_lock(&ses->chan_lock);
3876 if (!tcon_selected && cifs_chan_needs_reconnect(ses, server)) {
3877 list_add_tail(&ses->rlist, &tmp_ses_list);
3878 ses_exist = true;
3879 cifs_smb_ses_inc_refcount(ses);
3880 }
3881 spin_unlock(&ses->chan_lock);
3882 }
3883
3884 spin_unlock(&cifs_tcp_ses_lock);
3885
3886 list_for_each_entry_safe(tcon, tcon2, &tmp_list, rlist) {
3887 rc = smb2_reconnect(SMB2_INTERNAL_CMD, tcon, server);
3888 if (!rc)
3889 cifs_reopen_persistent_handles(tcon);
3890 else
3891 resched = true;
3892 list_del_init(&tcon->rlist);
3893 if (tcon->ipc)
3894 cifs_put_smb_ses(tcon->ses);
3895 else
3896 cifs_put_tcon(tcon);
3897 }
3898
3899 if (!ses_exist)
3900 goto done;
3901
3902 /* allocate a dummy tcon struct used for reconnect */
3903 tcon = tcon_info_alloc(false);
3904 if (!tcon) {
3905 resched = true;
3906 list_for_each_entry_safe(ses, ses2, &tmp_ses_list, rlist) {
3907 list_del_init(&ses->rlist);
3908 cifs_put_smb_ses(ses);
3909 }
3910 goto done;
3911 }
3912
3913 tcon->status = TID_GOOD;
3914 tcon->retry = false;
3915 tcon->need_reconnect = false;
3916
3917 /* now reconnect sessions for necessary channels */
3918 list_for_each_entry_safe(ses, ses2, &tmp_ses_list, rlist) {
3919 tcon->ses = ses;
3920 rc = smb2_reconnect(SMB2_INTERNAL_CMD, tcon, server);
3921 if (rc)
3922 resched = true;
3923 list_del_init(&ses->rlist);
3924 cifs_put_smb_ses(ses);
3925 }
3926 tconInfoFree(tcon);
3927
3928 done:
3929 cifs_dbg(FYI, "Reconnecting tcons and channels finished\n");
3930 if (resched) {
3931 queue_delayed_work(cifsiod_wq, &server->reconnect, 2 * HZ);
3932 mutex_unlock(&pserver->reconnect_mutex);
3933
3934 /* no need to put tcp session as we're retrying */
3935 return;
3936 }
3937 mutex_unlock(&pserver->reconnect_mutex);
3938
3939 /* now we can safely release srv struct */
3940 cifs_put_tcp_session(server, true);
3941 }
3942
3943 int
3944 SMB2_echo(struct TCP_Server_Info *server)
3945 {
3946 struct smb2_echo_req *req;
3947 int rc = 0;
3948 struct kvec iov[1];
3949 struct smb_rqst rqst = { .rq_iov = iov,
3950 .rq_nvec = 1 };
3951 unsigned int total_len;
3952
3953 cifs_dbg(FYI, "In echo request for conn_id %lld\n", server->conn_id);
3954
3955 spin_lock(&server->srv_lock);
3956 if (server->ops->need_neg &&
3957 server->ops->need_neg(server)) {
3958 spin_unlock(&server->srv_lock);
3959 /* No need to send echo on newly established connections */
3960 spin_lock(&cifs_tcp_ses_lock);
3961 server->srv_count++;
3962 spin_unlock(&cifs_tcp_ses_lock);
3963 if (mod_delayed_work(cifsiod_wq, &server->reconnect, 0))
3964 cifs_put_tcp_session(server, false);
3965
3966 return rc;
3967 }
3968 spin_unlock(&server->srv_lock);
3969
3970 rc = smb2_plain_req_init(SMB2_ECHO, NULL, server,
3971 (void **)&req, &total_len);
3972 if (rc)
3973 return rc;
3974
3975 req->hdr.CreditRequest = cpu_to_le16(1);
3976
3977 iov[0].iov_len = total_len;
3978 iov[0].iov_base = (char *)req;
3979
3980 rc = cifs_call_async(server, &rqst, NULL, smb2_echo_callback, NULL,
3981 server, CIFS_ECHO_OP, NULL);
3982 if (rc)
3983 cifs_dbg(FYI, "Echo request failed: %d\n", rc);
3984
3985 cifs_small_buf_release(req);
3986 return rc;
3987 }
3988
3989 void
3990 SMB2_flush_free(struct smb_rqst *rqst)
3991 {
3992 if (rqst && rqst->rq_iov)
3993 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
3994 }
3995
3996 int
3997 SMB2_flush_init(const unsigned int xid, struct smb_rqst *rqst,
3998 struct cifs_tcon *tcon, struct TCP_Server_Info *server,
3999 u64 persistent_fid, u64 volatile_fid)
4000 {
4001 struct smb2_flush_req *req;
4002 struct kvec *iov = rqst->rq_iov;
4003 unsigned int total_len;
4004 int rc;
4005
4006 rc = smb2_plain_req_init(SMB2_FLUSH, tcon, server,
4007 (void **) &req, &total_len);
4008 if (rc)
4009 return rc;
4010
4011 req->PersistentFileId = persistent_fid;
4012 req->VolatileFileId = volatile_fid;
4013
4014 iov[0].iov_base = (char *)req;
4015 iov[0].iov_len = total_len;
4016
4017 return 0;
4018 }
4019
4020 int
4021 SMB2_flush(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
4022 u64 volatile_fid)
4023 {
4024 struct cifs_ses *ses = tcon->ses;
4025 struct smb_rqst rqst;
4026 struct kvec iov[1];
4027 struct kvec rsp_iov = {NULL, 0};
4028 struct TCP_Server_Info *server = cifs_pick_channel(ses);
4029 int resp_buftype = CIFS_NO_BUFFER;
4030 int flags = 0;
4031 int rc = 0;
4032
4033 cifs_dbg(FYI, "flush\n");
4034 if (!ses || !(ses->server))
4035 return -EIO;
4036
4037 if (smb3_encryption_required(tcon))
4038 flags |= CIFS_TRANSFORM_REQ;
4039
4040 memset(&rqst, 0, sizeof(struct smb_rqst));
4041 memset(&iov, 0, sizeof(iov));
4042 rqst.rq_iov = iov;
4043 rqst.rq_nvec = 1;
4044
4045 rc = SMB2_flush_init(xid, &rqst, tcon, server,
4046 persistent_fid, volatile_fid);
4047 if (rc)
4048 goto flush_exit;
4049
4050 trace_smb3_flush_enter(xid, persistent_fid, tcon->tid, ses->Suid);
4051 rc = cifs_send_recv(xid, ses, server,
4052 &rqst, &resp_buftype, flags, &rsp_iov);
4053
4054 if (rc != 0) {
4055 cifs_stats_fail_inc(tcon, SMB2_FLUSH_HE);
4056 trace_smb3_flush_err(xid, persistent_fid, tcon->tid, ses->Suid,
4057 rc);
4058 } else
4059 trace_smb3_flush_done(xid, persistent_fid, tcon->tid,
4060 ses->Suid);
4061
4062 flush_exit:
4063 SMB2_flush_free(&rqst);
4064 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
4065 return rc;
4066 }
4067
4068 #ifdef CONFIG_CIFS_SMB_DIRECT
4069 static inline bool smb3_use_rdma_offload(struct cifs_io_parms *io_parms)
4070 {
4071 struct TCP_Server_Info *server = io_parms->server;
4072 struct cifs_tcon *tcon = io_parms->tcon;
4073
4074 /* we can only offload if we're connected */
4075 if (!server || !tcon)
4076 return false;
4077
4078 /* we can only offload on an rdma connection */
4079 if (!server->rdma || !server->smbd_conn)
4080 return false;
4081
4082 /* we don't support signed offload yet */
4083 if (server->sign)
4084 return false;
4085
4086 /* we don't support encrypted offload yet */
4087 if (smb3_encryption_required(tcon))
4088 return false;
4089
4090 /* offload also has its overhead, so only do it if desired */
4091 if (io_parms->length < server->smbd_conn->rdma_readwrite_threshold)
4092 return false;
4093
4094 return true;
4095 }
4096 #endif /* CONFIG_CIFS_SMB_DIRECT */
4097
4098 /*
4099 * To form a chain of read requests, any read requests after the first should
4100 * have the end_of_chain boolean set to true.
4101 */
4102 static int
4103 smb2_new_read_req(void **buf, unsigned int *total_len,
4104 struct cifs_io_parms *io_parms, struct cifs_readdata *rdata,
4105 unsigned int remaining_bytes, int request_type)
4106 {
4107 int rc = -EACCES;
4108 struct smb2_read_req *req = NULL;
4109 struct smb2_hdr *shdr;
4110 struct TCP_Server_Info *server = io_parms->server;
4111
4112 rc = smb2_plain_req_init(SMB2_READ, io_parms->tcon, server,
4113 (void **) &req, total_len);
4114 if (rc)
4115 return rc;
4116
4117 if (server == NULL)
4118 return -ECONNABORTED;
4119
4120 shdr = &req->hdr;
4121 shdr->Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid);
4122
4123 req->PersistentFileId = io_parms->persistent_fid;
4124 req->VolatileFileId = io_parms->volatile_fid;
4125 req->ReadChannelInfoOffset = 0; /* reserved */
4126 req->ReadChannelInfoLength = 0; /* reserved */
4127 req->Channel = 0; /* reserved */
4128 req->MinimumCount = 0;
4129 req->Length = cpu_to_le32(io_parms->length);
4130 req->Offset = cpu_to_le64(io_parms->offset);
4131
4132 trace_smb3_read_enter(0 /* xid */,
4133 io_parms->persistent_fid,
4134 io_parms->tcon->tid, io_parms->tcon->ses->Suid,
4135 io_parms->offset, io_parms->length);
4136 #ifdef CONFIG_CIFS_SMB_DIRECT
4137 /*
4138 * If we want to do a RDMA write, fill in and append
4139 * smbd_buffer_descriptor_v1 to the end of read request
4140 */
4141 if (smb3_use_rdma_offload(io_parms)) {
4142 struct smbd_buffer_descriptor_v1 *v1;
4143 bool need_invalidate = server->dialect == SMB30_PROT_ID;
4144
4145 rdata->mr = smbd_register_mr(server->smbd_conn, &rdata->iter,
4146 true, need_invalidate);
4147 if (!rdata->mr)
4148 return -EAGAIN;
4149
4150 req->Channel = SMB2_CHANNEL_RDMA_V1_INVALIDATE;
4151 if (need_invalidate)
4152 req->Channel = SMB2_CHANNEL_RDMA_V1;
4153 req->ReadChannelInfoOffset =
4154 cpu_to_le16(offsetof(struct smb2_read_req, Buffer));
4155 req->ReadChannelInfoLength =
4156 cpu_to_le16(sizeof(struct smbd_buffer_descriptor_v1));
4157 v1 = (struct smbd_buffer_descriptor_v1 *) &req->Buffer[0];
4158 v1->offset = cpu_to_le64(rdata->mr->mr->iova);
4159 v1->token = cpu_to_le32(rdata->mr->mr->rkey);
4160 v1->length = cpu_to_le32(rdata->mr->mr->length);
4161
4162 *total_len += sizeof(*v1) - 1;
4163 }
4164 #endif
4165 if (request_type & CHAINED_REQUEST) {
4166 if (!(request_type & END_OF_CHAIN)) {
4167 /* next 8-byte aligned request */
4168 *total_len = ALIGN(*total_len, 8);
4169 shdr->NextCommand = cpu_to_le32(*total_len);
4170 } else /* END_OF_CHAIN */
4171 shdr->NextCommand = 0;
4172 if (request_type & RELATED_REQUEST) {
4173 shdr->Flags |= SMB2_FLAGS_RELATED_OPERATIONS;
4174 /*
4175 * Related requests use info from previous read request
4176 * in chain.
4177 */
4178 shdr->SessionId = cpu_to_le64(0xFFFFFFFFFFFFFFFF);
4179 shdr->Id.SyncId.TreeId = cpu_to_le32(0xFFFFFFFF);
4180 req->PersistentFileId = (u64)-1;
4181 req->VolatileFileId = (u64)-1;
4182 }
4183 }
4184 if (remaining_bytes > io_parms->length)
4185 req->RemainingBytes = cpu_to_le32(remaining_bytes);
4186 else
4187 req->RemainingBytes = 0;
4188
4189 *buf = req;
4190 return rc;
4191 }
4192
4193 static void
4194 smb2_readv_callback(struct mid_q_entry *mid)
4195 {
4196 struct cifs_readdata *rdata = mid->callback_data;
4197 struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink);
4198 struct TCP_Server_Info *server = rdata->server;
4199 struct smb2_hdr *shdr =
4200 (struct smb2_hdr *)rdata->iov[0].iov_base;
4201 struct cifs_credits credits = { .value = 0, .instance = 0 };
4202 struct smb_rqst rqst = { .rq_iov = &rdata->iov[1], .rq_nvec = 1 };
4203
4204 if (rdata->got_bytes) {
4205 rqst.rq_iter = rdata->iter;
4206 rqst.rq_iter_size = iov_iter_count(&rdata->iter);
4207 }
4208
4209 WARN_ONCE(rdata->server != mid->server,
4210 "rdata server %p != mid server %p",
4211 rdata->server, mid->server);
4212
4213 cifs_dbg(FYI, "%s: mid=%llu state=%d result=%d bytes=%u\n",
4214 __func__, mid->mid, mid->mid_state, rdata->result,
4215 rdata->bytes);
4216
4217 switch (mid->mid_state) {
4218 case MID_RESPONSE_RECEIVED:
4219 credits.value = le16_to_cpu(shdr->CreditRequest);
4220 credits.instance = server->reconnect_instance;
4221 /* result already set, check signature */
4222 if (server->sign && !mid->decrypted) {
4223 int rc;
4224
4225 iov_iter_revert(&rqst.rq_iter, rdata->got_bytes);
4226 iov_iter_truncate(&rqst.rq_iter, rdata->got_bytes);
4227 rc = smb2_verify_signature(&rqst, server);
4228 if (rc)
4229 cifs_tcon_dbg(VFS, "SMB signature verification returned error = %d\n",
4230 rc);
4231 }
4232 /* FIXME: should this be counted toward the initiating task? */
4233 task_io_account_read(rdata->got_bytes);
4234 cifs_stats_bytes_read(tcon, rdata->got_bytes);
4235 break;
4236 case MID_REQUEST_SUBMITTED:
4237 case MID_RETRY_NEEDED:
4238 rdata->result = -EAGAIN;
4239 if (server->sign && rdata->got_bytes)
4240 /* reset bytes number since we can not check a sign */
4241 rdata->got_bytes = 0;
4242 /* FIXME: should this be counted toward the initiating task? */
4243 task_io_account_read(rdata->got_bytes);
4244 cifs_stats_bytes_read(tcon, rdata->got_bytes);
4245 break;
4246 case MID_RESPONSE_MALFORMED:
4247 credits.value = le16_to_cpu(shdr->CreditRequest);
4248 credits.instance = server->reconnect_instance;
4249 fallthrough;
4250 default:
4251 rdata->result = -EIO;
4252 }
4253 #ifdef CONFIG_CIFS_SMB_DIRECT
4254 /*
4255 * If this rdata has a memmory registered, the MR can be freed
4256 * MR needs to be freed as soon as I/O finishes to prevent deadlock
4257 * because they have limited number and are used for future I/Os
4258 */
4259 if (rdata->mr) {
4260 smbd_deregister_mr(rdata->mr);
4261 rdata->mr = NULL;
4262 }
4263 #endif
4264 if (rdata->result && rdata->result != -ENODATA) {
4265 cifs_stats_fail_inc(tcon, SMB2_READ_HE);
4266 trace_smb3_read_err(0 /* xid */,
4267 rdata->cfile->fid.persistent_fid,
4268 tcon->tid, tcon->ses->Suid, rdata->offset,
4269 rdata->bytes, rdata->result);
4270 } else
4271 trace_smb3_read_done(0 /* xid */,
4272 rdata->cfile->fid.persistent_fid,
4273 tcon->tid, tcon->ses->Suid,
4274 rdata->offset, rdata->got_bytes);
4275
4276 queue_work(cifsiod_wq, &rdata->work);
4277 release_mid(mid);
4278 add_credits(server, &credits, 0);
4279 }
4280
4281 /* smb2_async_readv - send an async read, and set up mid to handle result */
4282 int
4283 smb2_async_readv(struct cifs_readdata *rdata)
4284 {
4285 int rc, flags = 0;
4286 char *buf;
4287 struct smb2_hdr *shdr;
4288 struct cifs_io_parms io_parms;
4289 struct smb_rqst rqst = { .rq_iov = rdata->iov,
4290 .rq_nvec = 1 };
4291 struct TCP_Server_Info *server;
4292 struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink);
4293 unsigned int total_len;
4294 int credit_request;
4295
4296 cifs_dbg(FYI, "%s: offset=%llu bytes=%u\n",
4297 __func__, rdata->offset, rdata->bytes);
4298
4299 if (!rdata->server)
4300 rdata->server = cifs_pick_channel(tcon->ses);
4301
4302 io_parms.tcon = tlink_tcon(rdata->cfile->tlink);
4303 io_parms.server = server = rdata->server;
4304 io_parms.offset = rdata->offset;
4305 io_parms.length = rdata->bytes;
4306 io_parms.persistent_fid = rdata->cfile->fid.persistent_fid;
4307 io_parms.volatile_fid = rdata->cfile->fid.volatile_fid;
4308 io_parms.pid = rdata->pid;
4309
4310 rc = smb2_new_read_req(
4311 (void **) &buf, &total_len, &io_parms, rdata, 0, 0);
4312 if (rc)
4313 return rc;
4314
4315 if (smb3_encryption_required(io_parms.tcon))
4316 flags |= CIFS_TRANSFORM_REQ;
4317
4318 rdata->iov[0].iov_base = buf;
4319 rdata->iov[0].iov_len = total_len;
4320
4321 shdr = (struct smb2_hdr *)buf;
4322
4323 if (rdata->credits.value > 0) {
4324 shdr->CreditCharge = cpu_to_le16(DIV_ROUND_UP(rdata->bytes,
4325 SMB2_MAX_BUFFER_SIZE));
4326 credit_request = le16_to_cpu(shdr->CreditCharge) + 8;
4327 if (server->credits >= server->max_credits)
4328 shdr->CreditRequest = cpu_to_le16(0);
4329 else
4330 shdr->CreditRequest = cpu_to_le16(
4331 min_t(int, server->max_credits -
4332 server->credits, credit_request));
4333
4334 rc = adjust_credits(server, &rdata->credits, rdata->bytes);
4335 if (rc)
4336 goto async_readv_out;
4337
4338 flags |= CIFS_HAS_CREDITS;
4339 }
4340
4341 kref_get(&rdata->refcount);
4342 rc = cifs_call_async(server, &rqst,
4343 cifs_readv_receive, smb2_readv_callback,
4344 smb3_handle_read_data, rdata, flags,
4345 &rdata->credits);
4346 if (rc) {
4347 kref_put(&rdata->refcount, cifs_readdata_release);
4348 cifs_stats_fail_inc(io_parms.tcon, SMB2_READ_HE);
4349 trace_smb3_read_err(0 /* xid */, io_parms.persistent_fid,
4350 io_parms.tcon->tid,
4351 io_parms.tcon->ses->Suid,
4352 io_parms.offset, io_parms.length, rc);
4353 }
4354
4355 async_readv_out:
4356 cifs_small_buf_release(buf);
4357 return rc;
4358 }
4359
4360 int
4361 SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms,
4362 unsigned int *nbytes, char **buf, int *buf_type)
4363 {
4364 struct smb_rqst rqst;
4365 int resp_buftype, rc;
4366 struct smb2_read_req *req = NULL;
4367 struct smb2_read_rsp *rsp = NULL;
4368 struct kvec iov[1];
4369 struct kvec rsp_iov;
4370 unsigned int total_len;
4371 int flags = CIFS_LOG_ERROR;
4372 struct cifs_ses *ses = io_parms->tcon->ses;
4373
4374 if (!io_parms->server)
4375 io_parms->server = cifs_pick_channel(io_parms->tcon->ses);
4376
4377 *nbytes = 0;
4378 rc = smb2_new_read_req((void **)&req, &total_len, io_parms, NULL, 0, 0);
4379 if (rc)
4380 return rc;
4381
4382 if (smb3_encryption_required(io_parms->tcon))
4383 flags |= CIFS_TRANSFORM_REQ;
4384
4385 iov[0].iov_base = (char *)req;
4386 iov[0].iov_len = total_len;
4387
4388 memset(&rqst, 0, sizeof(struct smb_rqst));
4389 rqst.rq_iov = iov;
4390 rqst.rq_nvec = 1;
4391
4392 rc = cifs_send_recv(xid, ses, io_parms->server,
4393 &rqst, &resp_buftype, flags, &rsp_iov);
4394 rsp = (struct smb2_read_rsp *)rsp_iov.iov_base;
4395
4396 if (rc) {
4397 if (rc != -ENODATA) {
4398 cifs_stats_fail_inc(io_parms->tcon, SMB2_READ_HE);
4399 cifs_dbg(VFS, "Send error in read = %d\n", rc);
4400 trace_smb3_read_err(xid,
4401 req->PersistentFileId,
4402 io_parms->tcon->tid, ses->Suid,
4403 io_parms->offset, io_parms->length,
4404 rc);
4405 } else
4406 trace_smb3_read_done(xid, req->PersistentFileId, io_parms->tcon->tid,
4407 ses->Suid, io_parms->offset, 0);
4408 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
4409 cifs_small_buf_release(req);
4410 return rc == -ENODATA ? 0 : rc;
4411 } else
4412 trace_smb3_read_done(xid,
4413 req->PersistentFileId,
4414 io_parms->tcon->tid, ses->Suid,
4415 io_parms->offset, io_parms->length);
4416
4417 cifs_small_buf_release(req);
4418
4419 *nbytes = le32_to_cpu(rsp->DataLength);
4420 if ((*nbytes > CIFS_MAX_MSGSIZE) ||
4421 (*nbytes > io_parms->length)) {
4422 cifs_dbg(FYI, "bad length %d for count %d\n",
4423 *nbytes, io_parms->length);
4424 rc = -EIO;
4425 *nbytes = 0;
4426 }
4427
4428 if (*buf) {
4429 memcpy(*buf, (char *)rsp + rsp->DataOffset, *nbytes);
4430 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
4431 } else if (resp_buftype != CIFS_NO_BUFFER) {
4432 *buf = rsp_iov.iov_base;
4433 if (resp_buftype == CIFS_SMALL_BUFFER)
4434 *buf_type = CIFS_SMALL_BUFFER;
4435 else if (resp_buftype == CIFS_LARGE_BUFFER)
4436 *buf_type = CIFS_LARGE_BUFFER;
4437 }
4438 return rc;
4439 }
4440
4441 /*
4442 * Check the mid_state and signature on received buffer (if any), and queue the
4443 * workqueue completion task.
4444 */
4445 static void
4446 smb2_writev_callback(struct mid_q_entry *mid)
4447 {
4448 struct cifs_writedata *wdata = mid->callback_data;
4449 struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink);
4450 struct TCP_Server_Info *server = wdata->server;
4451 unsigned int written;
4452 struct smb2_write_rsp *rsp = (struct smb2_write_rsp *)mid->resp_buf;
4453 struct cifs_credits credits = { .value = 0, .instance = 0 };
4454
4455 WARN_ONCE(wdata->server != mid->server,
4456 "wdata server %p != mid server %p",
4457 wdata->server, mid->server);
4458
4459 switch (mid->mid_state) {
4460 case MID_RESPONSE_RECEIVED:
4461 credits.value = le16_to_cpu(rsp->hdr.CreditRequest);
4462 credits.instance = server->reconnect_instance;
4463 wdata->result = smb2_check_receive(mid, server, 0);
4464 if (wdata->result != 0)
4465 break;
4466
4467 written = le32_to_cpu(rsp->DataLength);
4468 /*
4469 * Mask off high 16 bits when bytes written as returned
4470 * by the server is greater than bytes requested by the
4471 * client. OS/2 servers are known to set incorrect
4472 * CountHigh values.
4473 */
4474 if (written > wdata->bytes)
4475 written &= 0xFFFF;
4476
4477 if (written < wdata->bytes)
4478 wdata->result = -ENOSPC;
4479 else
4480 wdata->bytes = written;
4481 break;
4482 case MID_REQUEST_SUBMITTED:
4483 case MID_RETRY_NEEDED:
4484 wdata->result = -EAGAIN;
4485 break;
4486 case MID_RESPONSE_MALFORMED:
4487 credits.value = le16_to_cpu(rsp->hdr.CreditRequest);
4488 credits.instance = server->reconnect_instance;
4489 fallthrough;
4490 default:
4491 wdata->result = -EIO;
4492 break;
4493 }
4494 #ifdef CONFIG_CIFS_SMB_DIRECT
4495 /*
4496 * If this wdata has a memory registered, the MR can be freed
4497 * The number of MRs available is limited, it's important to recover
4498 * used MR as soon as I/O is finished. Hold MR longer in the later
4499 * I/O process can possibly result in I/O deadlock due to lack of MR
4500 * to send request on I/O retry
4501 */
4502 if (wdata->mr) {
4503 smbd_deregister_mr(wdata->mr);
4504 wdata->mr = NULL;
4505 }
4506 #endif
4507 if (wdata->result) {
4508 cifs_stats_fail_inc(tcon, SMB2_WRITE_HE);
4509 trace_smb3_write_err(0 /* no xid */,
4510 wdata->cfile->fid.persistent_fid,
4511 tcon->tid, tcon->ses->Suid, wdata->offset,
4512 wdata->bytes, wdata->result);
4513 if (wdata->result == -ENOSPC)
4514 pr_warn_once("Out of space writing to %s\n",
4515 tcon->tree_name);
4516 } else
4517 trace_smb3_write_done(0 /* no xid */,
4518 wdata->cfile->fid.persistent_fid,
4519 tcon->tid, tcon->ses->Suid,
4520 wdata->offset, wdata->bytes);
4521
4522 queue_work(cifsiod_wq, &wdata->work);
4523 release_mid(mid);
4524 add_credits(server, &credits, 0);
4525 }
4526
4527 /* smb2_async_writev - send an async write, and set up mid to handle result */
4528 int
4529 smb2_async_writev(struct cifs_writedata *wdata,
4530 void (*release)(struct kref *kref))
4531 {
4532 int rc = -EACCES, flags = 0;
4533 struct smb2_write_req *req = NULL;
4534 struct smb2_hdr *shdr;
4535 struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink);
4536 struct TCP_Server_Info *server = wdata->server;
4537 struct kvec iov[1];
4538 struct smb_rqst rqst = { };
4539 unsigned int total_len;
4540 struct cifs_io_parms _io_parms;
4541 struct cifs_io_parms *io_parms = NULL;
4542 int credit_request;
4543
4544 if (!wdata->server)
4545 server = wdata->server = cifs_pick_channel(tcon->ses);
4546
4547 /*
4548 * in future we may get cifs_io_parms passed in from the caller,
4549 * but for now we construct it here...
4550 */
4551 _io_parms = (struct cifs_io_parms) {
4552 .tcon = tcon,
4553 .server = server,
4554 .offset = wdata->offset,
4555 .length = wdata->bytes,
4556 .persistent_fid = wdata->cfile->fid.persistent_fid,
4557 .volatile_fid = wdata->cfile->fid.volatile_fid,
4558 .pid = wdata->pid,
4559 };
4560 io_parms = &_io_parms;
4561
4562 rc = smb2_plain_req_init(SMB2_WRITE, tcon, server,
4563 (void **) &req, &total_len);
4564 if (rc)
4565 return rc;
4566
4567 if (smb3_encryption_required(tcon))
4568 flags |= CIFS_TRANSFORM_REQ;
4569
4570 shdr = (struct smb2_hdr *)req;
4571 shdr->Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid);
4572
4573 req->PersistentFileId = io_parms->persistent_fid;
4574 req->VolatileFileId = io_parms->volatile_fid;
4575 req->WriteChannelInfoOffset = 0;
4576 req->WriteChannelInfoLength = 0;
4577 req->Channel = SMB2_CHANNEL_NONE;
4578 req->Offset = cpu_to_le64(io_parms->offset);
4579 req->DataOffset = cpu_to_le16(
4580 offsetof(struct smb2_write_req, Buffer));
4581 req->RemainingBytes = 0;
4582
4583 trace_smb3_write_enter(0 /* xid */,
4584 io_parms->persistent_fid,
4585 io_parms->tcon->tid,
4586 io_parms->tcon->ses->Suid,
4587 io_parms->offset,
4588 io_parms->length);
4589
4590 #ifdef CONFIG_CIFS_SMB_DIRECT
4591 /*
4592 * If we want to do a server RDMA read, fill in and append
4593 * smbd_buffer_descriptor_v1 to the end of write request
4594 */
4595 if (smb3_use_rdma_offload(io_parms)) {
4596 struct smbd_buffer_descriptor_v1 *v1;
4597 size_t data_size = iov_iter_count(&wdata->iter);
4598 bool need_invalidate = server->dialect == SMB30_PROT_ID;
4599
4600 wdata->mr = smbd_register_mr(server->smbd_conn, &wdata->iter,
4601 false, need_invalidate);
4602 if (!wdata->mr) {
4603 rc = -EAGAIN;
4604 goto async_writev_out;
4605 }
4606 req->Length = 0;
4607 req->DataOffset = 0;
4608 req->RemainingBytes = cpu_to_le32(data_size);
4609 req->Channel = SMB2_CHANNEL_RDMA_V1_INVALIDATE;
4610 if (need_invalidate)
4611 req->Channel = SMB2_CHANNEL_RDMA_V1;
4612 req->WriteChannelInfoOffset =
4613 cpu_to_le16(offsetof(struct smb2_write_req, Buffer));
4614 req->WriteChannelInfoLength =
4615 cpu_to_le16(sizeof(struct smbd_buffer_descriptor_v1));
4616 v1 = (struct smbd_buffer_descriptor_v1 *) &req->Buffer[0];
4617 v1->offset = cpu_to_le64(wdata->mr->mr->iova);
4618 v1->token = cpu_to_le32(wdata->mr->mr->rkey);
4619 v1->length = cpu_to_le32(wdata->mr->mr->length);
4620 }
4621 #endif
4622 iov[0].iov_len = total_len - 1;
4623 iov[0].iov_base = (char *)req;
4624
4625 rqst.rq_iov = iov;
4626 rqst.rq_nvec = 1;
4627 rqst.rq_iter = wdata->iter;
4628 rqst.rq_iter_size = iov_iter_count(&rqst.rq_iter);
4629 #ifdef CONFIG_CIFS_SMB_DIRECT
4630 if (wdata->mr)
4631 iov[0].iov_len += sizeof(struct smbd_buffer_descriptor_v1);
4632 #endif
4633 cifs_dbg(FYI, "async write at %llu %u bytes iter=%zx\n",
4634 io_parms->offset, io_parms->length, iov_iter_count(&rqst.rq_iter));
4635
4636 #ifdef CONFIG_CIFS_SMB_DIRECT
4637 /* For RDMA read, I/O size is in RemainingBytes not in Length */
4638 if (!wdata->mr)
4639 req->Length = cpu_to_le32(io_parms->length);
4640 #else
4641 req->Length = cpu_to_le32(io_parms->length);
4642 #endif
4643
4644 if (wdata->credits.value > 0) {
4645 shdr->CreditCharge = cpu_to_le16(DIV_ROUND_UP(wdata->bytes,
4646 SMB2_MAX_BUFFER_SIZE));
4647 credit_request = le16_to_cpu(shdr->CreditCharge) + 8;
4648 if (server->credits >= server->max_credits)
4649 shdr->CreditRequest = cpu_to_le16(0);
4650 else
4651 shdr->CreditRequest = cpu_to_le16(
4652 min_t(int, server->max_credits -
4653 server->credits, credit_request));
4654
4655 rc = adjust_credits(server, &wdata->credits, io_parms->length);
4656 if (rc)
4657 goto async_writev_out;
4658
4659 flags |= CIFS_HAS_CREDITS;
4660 }
4661
4662 kref_get(&wdata->refcount);
4663 rc = cifs_call_async(server, &rqst, NULL, smb2_writev_callback, NULL,
4664 wdata, flags, &wdata->credits);
4665
4666 if (rc) {
4667 trace_smb3_write_err(0 /* no xid */,
4668 io_parms->persistent_fid,
4669 io_parms->tcon->tid,
4670 io_parms->tcon->ses->Suid,
4671 io_parms->offset,
4672 io_parms->length,
4673 rc);
4674 kref_put(&wdata->refcount, release);
4675 cifs_stats_fail_inc(tcon, SMB2_WRITE_HE);
4676 }
4677
4678 async_writev_out:
4679 cifs_small_buf_release(req);
4680 return rc;
4681 }
4682
4683 /*
4684 * SMB2_write function gets iov pointer to kvec array with n_vec as a length.
4685 * The length field from io_parms must be at least 1 and indicates a number of
4686 * elements with data to write that begins with position 1 in iov array. All
4687 * data length is specified by count.
4688 */
4689 int
4690 SMB2_write(const unsigned int xid, struct cifs_io_parms *io_parms,
4691 unsigned int *nbytes, struct kvec *iov, int n_vec)
4692 {
4693 struct smb_rqst rqst;
4694 int rc = 0;
4695 struct smb2_write_req *req = NULL;
4696 struct smb2_write_rsp *rsp = NULL;
4697 int resp_buftype;
4698 struct kvec rsp_iov;
4699 int flags = 0;
4700 unsigned int total_len;
4701 struct TCP_Server_Info *server;
4702
4703 *nbytes = 0;
4704
4705 if (n_vec < 1)
4706 return rc;
4707
4708 if (!io_parms->server)
4709 io_parms->server = cifs_pick_channel(io_parms->tcon->ses);
4710 server = io_parms->server;
4711 if (server == NULL)
4712 return -ECONNABORTED;
4713
4714 rc = smb2_plain_req_init(SMB2_WRITE, io_parms->tcon, server,
4715 (void **) &req, &total_len);
4716 if (rc)
4717 return rc;
4718
4719 if (smb3_encryption_required(io_parms->tcon))
4720 flags |= CIFS_TRANSFORM_REQ;
4721
4722 req->hdr.Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid);
4723
4724 req->PersistentFileId = io_parms->persistent_fid;
4725 req->VolatileFileId = io_parms->volatile_fid;
4726 req->WriteChannelInfoOffset = 0;
4727 req->WriteChannelInfoLength = 0;
4728 req->Channel = 0;
4729 req->Length = cpu_to_le32(io_parms->length);
4730 req->Offset = cpu_to_le64(io_parms->offset);
4731 req->DataOffset = cpu_to_le16(
4732 offsetof(struct smb2_write_req, Buffer));
4733 req->RemainingBytes = 0;
4734
4735 trace_smb3_write_enter(xid, io_parms->persistent_fid,
4736 io_parms->tcon->tid, io_parms->tcon->ses->Suid,
4737 io_parms->offset, io_parms->length);
4738
4739 iov[0].iov_base = (char *)req;
4740 /* 1 for Buffer */
4741 iov[0].iov_len = total_len - 1;
4742
4743 memset(&rqst, 0, sizeof(struct smb_rqst));
4744 rqst.rq_iov = iov;
4745 rqst.rq_nvec = n_vec + 1;
4746
4747 rc = cifs_send_recv(xid, io_parms->tcon->ses, server,
4748 &rqst,
4749 &resp_buftype, flags, &rsp_iov);
4750 rsp = (struct smb2_write_rsp *)rsp_iov.iov_base;
4751
4752 if (rc) {
4753 trace_smb3_write_err(xid,
4754 req->PersistentFileId,
4755 io_parms->tcon->tid,
4756 io_parms->tcon->ses->Suid,
4757 io_parms->offset, io_parms->length, rc);
4758 cifs_stats_fail_inc(io_parms->tcon, SMB2_WRITE_HE);
4759 cifs_dbg(VFS, "Send error in write = %d\n", rc);
4760 } else {
4761 *nbytes = le32_to_cpu(rsp->DataLength);
4762 trace_smb3_write_done(xid,
4763 req->PersistentFileId,
4764 io_parms->tcon->tid,
4765 io_parms->tcon->ses->Suid,
4766 io_parms->offset, *nbytes);
4767 }
4768
4769 cifs_small_buf_release(req);
4770 free_rsp_buf(resp_buftype, rsp);
4771 return rc;
4772 }
4773
4774 int posix_info_sid_size(const void *beg, const void *end)
4775 {
4776 size_t subauth;
4777 int total;
4778
4779 if (beg + 1 > end)
4780 return -1;
4781
4782 subauth = *(u8 *)(beg+1);
4783 if (subauth < 1 || subauth > 15)
4784 return -1;
4785
4786 total = 1 + 1 + 6 + 4*subauth;
4787 if (beg + total > end)
4788 return -1;
4789
4790 return total;
4791 }
4792
4793 int posix_info_parse(const void *beg, const void *end,
4794 struct smb2_posix_info_parsed *out)
4795
4796 {
4797 int total_len = 0;
4798 int owner_len, group_len;
4799 int name_len;
4800 const void *owner_sid;
4801 const void *group_sid;
4802 const void *name;
4803
4804 /* if no end bound given, assume payload to be correct */
4805 if (!end) {
4806 const struct smb2_posix_info *p = beg;
4807
4808 end = beg + le32_to_cpu(p->NextEntryOffset);
4809 /* last element will have a 0 offset, pick a sensible bound */
4810 if (end == beg)
4811 end += 0xFFFF;
4812 }
4813
4814 /* check base buf */
4815 if (beg + sizeof(struct smb2_posix_info) > end)
4816 return -1;
4817 total_len = sizeof(struct smb2_posix_info);
4818
4819 /* check owner sid */
4820 owner_sid = beg + total_len;
4821 owner_len = posix_info_sid_size(owner_sid, end);
4822 if (owner_len < 0)
4823 return -1;
4824 total_len += owner_len;
4825
4826 /* check group sid */
4827 group_sid = beg + total_len;
4828 group_len = posix_info_sid_size(group_sid, end);
4829 if (group_len < 0)
4830 return -1;
4831 total_len += group_len;
4832
4833 /* check name len */
4834 if (beg + total_len + 4 > end)
4835 return -1;
4836 name_len = le32_to_cpu(*(__le32 *)(beg + total_len));
4837 if (name_len < 1 || name_len > 0xFFFF)
4838 return -1;
4839 total_len += 4;
4840
4841 /* check name */
4842 name = beg + total_len;
4843 if (name + name_len > end)
4844 return -1;
4845 total_len += name_len;
4846
4847 if (out) {
4848 out->base = beg;
4849 out->size = total_len;
4850 out->name_len = name_len;
4851 out->name = name;
4852 memcpy(&out->owner, owner_sid, owner_len);
4853 memcpy(&out->group, group_sid, group_len);
4854 }
4855 return total_len;
4856 }
4857
4858 static int posix_info_extra_size(const void *beg, const void *end)
4859 {
4860 int len = posix_info_parse(beg, end, NULL);
4861
4862 if (len < 0)
4863 return -1;
4864 return len - sizeof(struct smb2_posix_info);
4865 }
4866
4867 static unsigned int
4868 num_entries(int infotype, char *bufstart, char *end_of_buf, char **lastentry,
4869 size_t size)
4870 {
4871 int len;
4872 unsigned int entrycount = 0;
4873 unsigned int next_offset = 0;
4874 char *entryptr;
4875 FILE_DIRECTORY_INFO *dir_info;
4876
4877 if (bufstart == NULL)
4878 return 0;
4879
4880 entryptr = bufstart;
4881
4882 while (1) {
4883 if (entryptr + next_offset < entryptr ||
4884 entryptr + next_offset > end_of_buf ||
4885 entryptr + next_offset + size > end_of_buf) {
4886 cifs_dbg(VFS, "malformed search entry would overflow\n");
4887 break;
4888 }
4889
4890 entryptr = entryptr + next_offset;
4891 dir_info = (FILE_DIRECTORY_INFO *)entryptr;
4892
4893 if (infotype == SMB_FIND_FILE_POSIX_INFO)
4894 len = posix_info_extra_size(entryptr, end_of_buf);
4895 else
4896 len = le32_to_cpu(dir_info->FileNameLength);
4897
4898 if (len < 0 ||
4899 entryptr + len < entryptr ||
4900 entryptr + len > end_of_buf ||
4901 entryptr + len + size > end_of_buf) {
4902 cifs_dbg(VFS, "directory entry name would overflow frame end of buf %p\n",
4903 end_of_buf);
4904 break;
4905 }
4906
4907 *lastentry = entryptr;
4908 entrycount++;
4909
4910 next_offset = le32_to_cpu(dir_info->NextEntryOffset);
4911 if (!next_offset)
4912 break;
4913 }
4914
4915 return entrycount;
4916 }
4917
4918 /*
4919 * Readdir/FindFirst
4920 */
4921 int SMB2_query_directory_init(const unsigned int xid,
4922 struct cifs_tcon *tcon,
4923 struct TCP_Server_Info *server,
4924 struct smb_rqst *rqst,
4925 u64 persistent_fid, u64 volatile_fid,
4926 int index, int info_level)
4927 {
4928 struct smb2_query_directory_req *req;
4929 unsigned char *bufptr;
4930 __le16 asteriks = cpu_to_le16('*');
4931 unsigned int output_size = CIFSMaxBufSize -
4932 MAX_SMB2_CREATE_RESPONSE_SIZE -
4933 MAX_SMB2_CLOSE_RESPONSE_SIZE;
4934 unsigned int total_len;
4935 struct kvec *iov = rqst->rq_iov;
4936 int len, rc;
4937
4938 rc = smb2_plain_req_init(SMB2_QUERY_DIRECTORY, tcon, server,
4939 (void **) &req, &total_len);
4940 if (rc)
4941 return rc;
4942
4943 switch (info_level) {
4944 case SMB_FIND_FILE_DIRECTORY_INFO:
4945 req->FileInformationClass = FILE_DIRECTORY_INFORMATION;
4946 break;
4947 case SMB_FIND_FILE_ID_FULL_DIR_INFO:
4948 req->FileInformationClass = FILEID_FULL_DIRECTORY_INFORMATION;
4949 break;
4950 case SMB_FIND_FILE_POSIX_INFO:
4951 req->FileInformationClass = SMB_FIND_FILE_POSIX_INFO;
4952 break;
4953 default:
4954 cifs_tcon_dbg(VFS, "info level %u isn't supported\n",
4955 info_level);
4956 return -EINVAL;
4957 }
4958
4959 req->FileIndex = cpu_to_le32(index);
4960 req->PersistentFileId = persistent_fid;
4961 req->VolatileFileId = volatile_fid;
4962
4963 len = 0x2;
4964 bufptr = req->Buffer;
4965 memcpy(bufptr, &asteriks, len);
4966
4967 req->FileNameOffset =
4968 cpu_to_le16(sizeof(struct smb2_query_directory_req));
4969 req->FileNameLength = cpu_to_le16(len);
4970 /*
4971 * BB could be 30 bytes or so longer if we used SMB2 specific
4972 * buffer lengths, but this is safe and close enough.
4973 */
4974 output_size = min_t(unsigned int, output_size, server->maxBuf);
4975 output_size = min_t(unsigned int, output_size, 2 << 15);
4976 req->OutputBufferLength = cpu_to_le32(output_size);
4977
4978 iov[0].iov_base = (char *)req;
4979 /* 1 for Buffer */
4980 iov[0].iov_len = total_len - 1;
4981
4982 iov[1].iov_base = (char *)(req->Buffer);
4983 iov[1].iov_len = len;
4984
4985 trace_smb3_query_dir_enter(xid, persistent_fid, tcon->tid,
4986 tcon->ses->Suid, index, output_size);
4987
4988 return 0;
4989 }
4990
4991 void SMB2_query_directory_free(struct smb_rqst *rqst)
4992 {
4993 if (rqst && rqst->rq_iov) {
4994 cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
4995 }
4996 }
4997
4998 int
4999 smb2_parse_query_directory(struct cifs_tcon *tcon,
5000 struct kvec *rsp_iov,
5001 int resp_buftype,
5002 struct cifs_search_info *srch_inf)
5003 {
5004 struct smb2_query_directory_rsp *rsp;
5005 size_t info_buf_size;
5006 char *end_of_smb;
5007 int rc;
5008
5009 rsp = (struct smb2_query_directory_rsp *)rsp_iov->iov_base;
5010
5011 switch (srch_inf->info_level) {
5012 case SMB_FIND_FILE_DIRECTORY_INFO:
5013 info_buf_size = sizeof(FILE_DIRECTORY_INFO);
5014 break;
5015 case SMB_FIND_FILE_ID_FULL_DIR_INFO:
5016 info_buf_size = sizeof(SEARCH_ID_FULL_DIR_INFO);
5017 break;
5018 case SMB_FIND_FILE_POSIX_INFO:
5019 /* note that posix payload are variable size */
5020 info_buf_size = sizeof(struct smb2_posix_info);
5021 break;
5022 default:
5023 cifs_tcon_dbg(VFS, "info level %u isn't supported\n",
5024 srch_inf->info_level);
5025 return -EINVAL;
5026 }
5027
5028 rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset),
5029 le32_to_cpu(rsp->OutputBufferLength), rsp_iov,
5030 info_buf_size);
5031 if (rc) {
5032 cifs_tcon_dbg(VFS, "bad info payload");
5033 return rc;
5034 }
5035
5036 srch_inf->unicode = true;
5037
5038 if (srch_inf->ntwrk_buf_start) {
5039 if (srch_inf->smallBuf)
5040 cifs_small_buf_release(srch_inf->ntwrk_buf_start);
5041 else
5042 cifs_buf_release(srch_inf->ntwrk_buf_start);
5043 }
5044 srch_inf->ntwrk_buf_start = (char *)rsp;
5045 srch_inf->srch_entries_start = srch_inf->last_entry =
5046 (char *)rsp + le16_to_cpu(rsp->OutputBufferOffset);
5047 end_of_smb = rsp_iov->iov_len + (char *)rsp;
5048
5049 srch_inf->entries_in_buffer = num_entries(
5050 srch_inf->info_level,
5051 srch_inf->srch_entries_start,
5052 end_of_smb,
5053 &srch_inf->last_entry,
5054 info_buf_size);
5055
5056 srch_inf->index_of_last_entry += srch_inf->entries_in_buffer;
5057 cifs_dbg(FYI, "num entries %d last_index %lld srch start %p srch end %p\n",
5058 srch_inf->entries_in_buffer, srch_inf->index_of_last_entry,
5059 srch_inf->srch_entries_start, srch_inf->last_entry);
5060 if (resp_buftype == CIFS_LARGE_BUFFER)
5061 srch_inf->smallBuf = false;
5062 else if (resp_buftype == CIFS_SMALL_BUFFER)
5063 srch_inf->smallBuf = true;
5064 else
5065 cifs_tcon_dbg(VFS, "Invalid search buffer type\n");
5066
5067 return 0;
5068 }
5069
5070 int
5071 SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
5072 u64 persistent_fid, u64 volatile_fid, int index,
5073 struct cifs_search_info *srch_inf)
5074 {
5075 struct smb_rqst rqst;
5076 struct kvec iov[SMB2_QUERY_DIRECTORY_IOV_SIZE];
5077 struct smb2_query_directory_rsp *rsp = NULL;
5078 int resp_buftype = CIFS_NO_BUFFER;
5079 struct kvec rsp_iov;
5080 int rc = 0;
5081 struct cifs_ses *ses = tcon->ses;
5082 struct TCP_Server_Info *server = cifs_pick_channel(ses);
5083 int flags = 0;
5084
5085 if (!ses || !(ses->server))
5086 return -EIO;
5087
5088 if (smb3_encryption_required(tcon))
5089 flags |= CIFS_TRANSFORM_REQ;
5090
5091 memset(&rqst, 0, sizeof(struct smb_rqst));
5092 memset(&iov, 0, sizeof(iov));
5093 rqst.rq_iov = iov;
5094 rqst.rq_nvec = SMB2_QUERY_DIRECTORY_IOV_SIZE;
5095
5096 rc = SMB2_query_directory_init(xid, tcon, server,
5097 &rqst, persistent_fid,
5098 volatile_fid, index,
5099 srch_inf->info_level);
5100 if (rc)
5101 goto qdir_exit;
5102
5103 rc = cifs_send_recv(xid, ses, server,
5104 &rqst, &resp_buftype, flags, &rsp_iov);
5105 rsp = (struct smb2_query_directory_rsp *)rsp_iov.iov_base;
5106
5107 if (rc) {
5108 if (rc == -ENODATA &&
5109 rsp->hdr.Status == STATUS_NO_MORE_FILES) {
5110 trace_smb3_query_dir_done(xid, persistent_fid,
5111 tcon->tid, tcon->ses->Suid, index, 0);
5112 srch_inf->endOfSearch = true;
5113 rc = 0;
5114 } else {
5115 trace_smb3_query_dir_err(xid, persistent_fid, tcon->tid,
5116 tcon->ses->Suid, index, 0, rc);
5117 cifs_stats_fail_inc(tcon, SMB2_QUERY_DIRECTORY_HE);
5118 }
5119 goto qdir_exit;
5120 }
5121
5122 rc = smb2_parse_query_directory(tcon, &rsp_iov, resp_buftype,
5123 srch_inf);
5124 if (rc) {
5125 trace_smb3_query_dir_err(xid, persistent_fid, tcon->tid,
5126 tcon->ses->Suid, index, 0, rc);
5127 goto qdir_exit;
5128 }
5129 resp_buftype = CIFS_NO_BUFFER;
5130
5131 trace_smb3_query_dir_done(xid, persistent_fid, tcon->tid,
5132 tcon->ses->Suid, index, srch_inf->entries_in_buffer);
5133
5134 qdir_exit:
5135 SMB2_query_directory_free(&rqst);
5136 free_rsp_buf(resp_buftype, rsp);
5137 return rc;
5138 }
5139
5140 int
5141 SMB2_set_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
5142 struct smb_rqst *rqst,
5143 u64 persistent_fid, u64 volatile_fid, u32 pid,
5144 u8 info_class, u8 info_type, u32 additional_info,
5145 void **data, unsigned int *size)
5146 {
5147 struct smb2_set_info_req *req;
5148 struct kvec *iov = rqst->rq_iov;
5149 unsigned int i, total_len;
5150 int rc;
5151
5152 rc = smb2_plain_req_init(SMB2_SET_INFO, tcon, server,
5153 (void **) &req, &total_len);
5154 if (rc)
5155 return rc;
5156
5157 req->hdr.Id.SyncId.ProcessId = cpu_to_le32(pid);
5158 req->InfoType = info_type;
5159 req->FileInfoClass = info_class;
5160 req->PersistentFileId = persistent_fid;
5161 req->VolatileFileId = volatile_fid;
5162 req->AdditionalInformation = cpu_to_le32(additional_info);
5163
5164 req->BufferOffset = cpu_to_le16(sizeof(struct smb2_set_info_req));
5165 req->BufferLength = cpu_to_le32(*size);
5166
5167 memcpy(req->Buffer, *data, *size);
5168 total_len += *size;
5169
5170 iov[0].iov_base = (char *)req;
5171 /* 1 for Buffer */
5172 iov[0].iov_len = total_len - 1;
5173
5174 for (i = 1; i < rqst->rq_nvec; i++) {
5175 le32_add_cpu(&req->BufferLength, size[i]);
5176 iov[i].iov_base = (char *)data[i];
5177 iov[i].iov_len = size[i];
5178 }
5179
5180 return 0;
5181 }
5182
5183 void
5184 SMB2_set_info_free(struct smb_rqst *rqst)
5185 {
5186 if (rqst && rqst->rq_iov)
5187 cifs_buf_release(rqst->rq_iov[0].iov_base); /* request */
5188 }
5189
5190 static int
5191 send_set_info(const unsigned int xid, struct cifs_tcon *tcon,
5192 u64 persistent_fid, u64 volatile_fid, u32 pid, u8 info_class,
5193 u8 info_type, u32 additional_info, unsigned int num,
5194 void **data, unsigned int *size)
5195 {
5196 struct smb_rqst rqst;
5197 struct smb2_set_info_rsp *rsp = NULL;
5198 struct kvec *iov;
5199 struct kvec rsp_iov;
5200 int rc = 0;
5201 int resp_buftype;
5202 struct cifs_ses *ses = tcon->ses;
5203 struct TCP_Server_Info *server = cifs_pick_channel(ses);
5204 int flags = 0;
5205
5206 if (!ses || !server)
5207 return -EIO;
5208
5209 if (!num)
5210 return -EINVAL;
5211
5212 if (smb3_encryption_required(tcon))
5213 flags |= CIFS_TRANSFORM_REQ;
5214
5215 iov = kmalloc_array(num, sizeof(struct kvec), GFP_KERNEL);
5216 if (!iov)
5217 return -ENOMEM;
5218
5219 memset(&rqst, 0, sizeof(struct smb_rqst));
5220 rqst.rq_iov = iov;
5221 rqst.rq_nvec = num;
5222
5223 rc = SMB2_set_info_init(tcon, server,
5224 &rqst, persistent_fid, volatile_fid, pid,
5225 info_class, info_type, additional_info,
5226 data, size);
5227 if (rc) {
5228 kfree(iov);
5229 return rc;
5230 }
5231
5232
5233 rc = cifs_send_recv(xid, ses, server,
5234 &rqst, &resp_buftype, flags,
5235 &rsp_iov);
5236 SMB2_set_info_free(&rqst);
5237 rsp = (struct smb2_set_info_rsp *)rsp_iov.iov_base;
5238
5239 if (rc != 0) {
5240 cifs_stats_fail_inc(tcon, SMB2_SET_INFO_HE);
5241 trace_smb3_set_info_err(xid, persistent_fid, tcon->tid,
5242 ses->Suid, info_class, (__u32)info_type, rc);
5243 }
5244
5245 free_rsp_buf(resp_buftype, rsp);
5246 kfree(iov);
5247 return rc;
5248 }
5249
5250 int
5251 SMB2_set_eof(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
5252 u64 volatile_fid, u32 pid, __le64 *eof)
5253 {
5254 struct smb2_file_eof_info info;
5255 void *data;
5256 unsigned int size;
5257
5258 info.EndOfFile = *eof;
5259
5260 data = &info;
5261 size = sizeof(struct smb2_file_eof_info);
5262
5263 trace_smb3_set_eof(xid, persistent_fid, tcon->tid, tcon->ses->Suid, le64_to_cpu(*eof));
5264
5265 return send_set_info(xid, tcon, persistent_fid, volatile_fid,
5266 pid, FILE_END_OF_FILE_INFORMATION, SMB2_O_INFO_FILE,
5267 0, 1, &data, &size);
5268 }
5269
5270 int
5271 SMB2_set_acl(const unsigned int xid, struct cifs_tcon *tcon,
5272 u64 persistent_fid, u64 volatile_fid,
5273 struct cifs_ntsd *pnntsd, int pacllen, int aclflag)
5274 {
5275 return send_set_info(xid, tcon, persistent_fid, volatile_fid,
5276 current->tgid, 0, SMB2_O_INFO_SECURITY, aclflag,
5277 1, (void **)&pnntsd, &pacllen);
5278 }
5279
5280 int
5281 SMB2_set_ea(const unsigned int xid, struct cifs_tcon *tcon,
5282 u64 persistent_fid, u64 volatile_fid,
5283 struct smb2_file_full_ea_info *buf, int len)
5284 {
5285 return send_set_info(xid, tcon, persistent_fid, volatile_fid,
5286 current->tgid, FILE_FULL_EA_INFORMATION, SMB2_O_INFO_FILE,
5287 0, 1, (void **)&buf, &len);
5288 }
5289
5290 int
5291 SMB2_oplock_break(const unsigned int xid, struct cifs_tcon *tcon,
5292 const u64 persistent_fid, const u64 volatile_fid,
5293 __u8 oplock_level)
5294 {
5295 struct smb_rqst rqst;
5296 int rc;
5297 struct smb2_oplock_break *req = NULL;
5298 struct cifs_ses *ses = tcon->ses;
5299 struct TCP_Server_Info *server = cifs_pick_channel(ses);
5300 int flags = CIFS_OBREAK_OP;
5301 unsigned int total_len;
5302 struct kvec iov[1];
5303 struct kvec rsp_iov;
5304 int resp_buf_type;
5305
5306 cifs_dbg(FYI, "SMB2_oplock_break\n");
5307 rc = smb2_plain_req_init(SMB2_OPLOCK_BREAK, tcon, server,
5308 (void **) &req, &total_len);
5309 if (rc)
5310 return rc;
5311
5312 if (smb3_encryption_required(tcon))
5313 flags |= CIFS_TRANSFORM_REQ;
5314
5315 req->VolatileFid = volatile_fid;
5316 req->PersistentFid = persistent_fid;
5317 req->OplockLevel = oplock_level;
5318 req->hdr.CreditRequest = cpu_to_le16(1);
5319
5320 flags |= CIFS_NO_RSP_BUF;
5321
5322 iov[0].iov_base = (char *)req;
5323 iov[0].iov_len = total_len;
5324
5325 memset(&rqst, 0, sizeof(struct smb_rqst));
5326 rqst.rq_iov = iov;
5327 rqst.rq_nvec = 1;
5328
5329 rc = cifs_send_recv(xid, ses, server,
5330 &rqst, &resp_buf_type, flags, &rsp_iov);
5331 cifs_small_buf_release(req);
5332
5333 if (rc) {
5334 cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE);
5335 cifs_dbg(FYI, "Send error in Oplock Break = %d\n", rc);
5336 }
5337
5338 return rc;
5339 }
5340
5341 void
5342 smb2_copy_fs_info_to_kstatfs(struct smb2_fs_full_size_info *pfs_inf,
5343 struct kstatfs *kst)
5344 {
5345 kst->f_bsize = le32_to_cpu(pfs_inf->BytesPerSector) *
5346 le32_to_cpu(pfs_inf->SectorsPerAllocationUnit);
5347 kst->f_blocks = le64_to_cpu(pfs_inf->TotalAllocationUnits);
5348 kst->f_bfree = kst->f_bavail =
5349 le64_to_cpu(pfs_inf->CallerAvailableAllocationUnits);
5350 return;
5351 }
5352
5353 static void
5354 copy_posix_fs_info_to_kstatfs(FILE_SYSTEM_POSIX_INFO *response_data,
5355 struct kstatfs *kst)
5356 {
5357 kst->f_bsize = le32_to_cpu(response_data->BlockSize);
5358 kst->f_blocks = le64_to_cpu(response_data->TotalBlocks);
5359 kst->f_bfree = le64_to_cpu(response_data->BlocksAvail);
5360 if (response_data->UserBlocksAvail == cpu_to_le64(-1))
5361 kst->f_bavail = kst->f_bfree;
5362 else
5363 kst->f_bavail = le64_to_cpu(response_data->UserBlocksAvail);
5364 if (response_data->TotalFileNodes != cpu_to_le64(-1))
5365 kst->f_files = le64_to_cpu(response_data->TotalFileNodes);
5366 if (response_data->FreeFileNodes != cpu_to_le64(-1))
5367 kst->f_ffree = le64_to_cpu(response_data->FreeFileNodes);
5368
5369 return;
5370 }
5371
5372 static int
5373 build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon,
5374 struct TCP_Server_Info *server,
5375 int level, int outbuf_len, u64 persistent_fid,
5376 u64 volatile_fid)
5377 {
5378 int rc;
5379 struct smb2_query_info_req *req;
5380 unsigned int total_len;
5381
5382 cifs_dbg(FYI, "Query FSInfo level %d\n", level);
5383
5384 if ((tcon->ses == NULL) || server == NULL)
5385 return -EIO;
5386
5387 rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, server,
5388 (void **) &req, &total_len);
5389 if (rc)
5390 return rc;
5391
5392 req->InfoType = SMB2_O_INFO_FILESYSTEM;
5393 req->FileInfoClass = level;
5394 req->PersistentFileId = persistent_fid;
5395 req->VolatileFileId = volatile_fid;
5396 /* 1 for pad */
5397 req->InputBufferOffset =
5398 cpu_to_le16(sizeof(struct smb2_query_info_req));
5399 req->OutputBufferLength = cpu_to_le32(
5400 outbuf_len + sizeof(struct smb2_query_info_rsp));
5401
5402 iov->iov_base = (char *)req;
5403 iov->iov_len = total_len;
5404 return 0;
5405 }
5406
5407 int
5408 SMB311_posix_qfs_info(const unsigned int xid, struct cifs_tcon *tcon,
5409 u64 persistent_fid, u64 volatile_fid, struct kstatfs *fsdata)
5410 {
5411 struct smb_rqst rqst;
5412 struct smb2_query_info_rsp *rsp = NULL;
5413 struct kvec iov;
5414 struct kvec rsp_iov;
5415 int rc = 0;
5416 int resp_buftype;
5417 struct cifs_ses *ses = tcon->ses;
5418 struct TCP_Server_Info *server = cifs_pick_channel(ses);
5419 FILE_SYSTEM_POSIX_INFO *info = NULL;
5420 int flags = 0;
5421
5422 rc = build_qfs_info_req(&iov, tcon, server,
5423 FS_POSIX_INFORMATION,
5424 sizeof(FILE_SYSTEM_POSIX_INFO),
5425 persistent_fid, volatile_fid);
5426 if (rc)
5427 return rc;
5428
5429 if (smb3_encryption_required(tcon))
5430 flags |= CIFS_TRANSFORM_REQ;
5431
5432 memset(&rqst, 0, sizeof(struct smb_rqst));
5433 rqst.rq_iov = &iov;
5434 rqst.rq_nvec = 1;
5435
5436 rc = cifs_send_recv(xid, ses, server,
5437 &rqst, &resp_buftype, flags, &rsp_iov);
5438 cifs_small_buf_release(iov.iov_base);
5439 if (rc) {
5440 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
5441 goto posix_qfsinf_exit;
5442 }
5443 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
5444
5445 info = (FILE_SYSTEM_POSIX_INFO *)(
5446 le16_to_cpu(rsp->OutputBufferOffset) + (char *)rsp);
5447 rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset),
5448 le32_to_cpu(rsp->OutputBufferLength), &rsp_iov,
5449 sizeof(FILE_SYSTEM_POSIX_INFO));
5450 if (!rc)
5451 copy_posix_fs_info_to_kstatfs(info, fsdata);
5452
5453 posix_qfsinf_exit:
5454 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
5455 return rc;
5456 }
5457
5458 int
5459 SMB2_QFS_info(const unsigned int xid, struct cifs_tcon *tcon,
5460 u64 persistent_fid, u64 volatile_fid, struct kstatfs *fsdata)
5461 {
5462 struct smb_rqst rqst;
5463 struct smb2_query_info_rsp *rsp = NULL;
5464 struct kvec iov;
5465 struct kvec rsp_iov;
5466 int rc = 0;
5467 int resp_buftype;
5468 struct cifs_ses *ses = tcon->ses;
5469 struct TCP_Server_Info *server = cifs_pick_channel(ses);
5470 struct smb2_fs_full_size_info *info = NULL;
5471 int flags = 0;
5472
5473 rc = build_qfs_info_req(&iov, tcon, server,
5474 FS_FULL_SIZE_INFORMATION,
5475 sizeof(struct smb2_fs_full_size_info),
5476 persistent_fid, volatile_fid);
5477 if (rc)
5478 return rc;
5479
5480 if (smb3_encryption_required(tcon))
5481 flags |= CIFS_TRANSFORM_REQ;
5482
5483 memset(&rqst, 0, sizeof(struct smb_rqst));
5484 rqst.rq_iov = &iov;
5485 rqst.rq_nvec = 1;
5486
5487 rc = cifs_send_recv(xid, ses, server,
5488 &rqst, &resp_buftype, flags, &rsp_iov);
5489 cifs_small_buf_release(iov.iov_base);
5490 if (rc) {
5491 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
5492 goto qfsinf_exit;
5493 }
5494 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
5495
5496 info = (struct smb2_fs_full_size_info *)(
5497 le16_to_cpu(rsp->OutputBufferOffset) + (char *)rsp);
5498 rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset),
5499 le32_to_cpu(rsp->OutputBufferLength), &rsp_iov,
5500 sizeof(struct smb2_fs_full_size_info));
5501 if (!rc)
5502 smb2_copy_fs_info_to_kstatfs(info, fsdata);
5503
5504 qfsinf_exit:
5505 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
5506 return rc;
5507 }
5508
5509 int
5510 SMB2_QFS_attr(const unsigned int xid, struct cifs_tcon *tcon,
5511 u64 persistent_fid, u64 volatile_fid, int level)
5512 {
5513 struct smb_rqst rqst;
5514 struct smb2_query_info_rsp *rsp = NULL;
5515 struct kvec iov;
5516 struct kvec rsp_iov;
5517 int rc = 0;
5518 int resp_buftype, max_len, min_len;
5519 struct cifs_ses *ses = tcon->ses;
5520 struct TCP_Server_Info *server = cifs_pick_channel(ses);
5521 unsigned int rsp_len, offset;
5522 int flags = 0;
5523
5524 if (level == FS_DEVICE_INFORMATION) {
5525 max_len = sizeof(FILE_SYSTEM_DEVICE_INFO);
5526 min_len = sizeof(FILE_SYSTEM_DEVICE_INFO);
5527 } else if (level == FS_ATTRIBUTE_INFORMATION) {
5528 max_len = sizeof(FILE_SYSTEM_ATTRIBUTE_INFO);
5529 min_len = MIN_FS_ATTR_INFO_SIZE;
5530 } else if (level == FS_SECTOR_SIZE_INFORMATION) {
5531 max_len = sizeof(struct smb3_fs_ss_info);
5532 min_len = sizeof(struct smb3_fs_ss_info);
5533 } else if (level == FS_VOLUME_INFORMATION) {
5534 max_len = sizeof(struct smb3_fs_vol_info) + MAX_VOL_LABEL_LEN;
5535 min_len = sizeof(struct smb3_fs_vol_info);
5536 } else {
5537 cifs_dbg(FYI, "Invalid qfsinfo level %d\n", level);
5538 return -EINVAL;
5539 }
5540
5541 rc = build_qfs_info_req(&iov, tcon, server,
5542 level, max_len,
5543 persistent_fid, volatile_fid);
5544 if (rc)
5545 return rc;
5546
5547 if (smb3_encryption_required(tcon))
5548 flags |= CIFS_TRANSFORM_REQ;
5549
5550 memset(&rqst, 0, sizeof(struct smb_rqst));
5551 rqst.rq_iov = &iov;
5552 rqst.rq_nvec = 1;
5553
5554 rc = cifs_send_recv(xid, ses, server,
5555 &rqst, &resp_buftype, flags, &rsp_iov);
5556 cifs_small_buf_release(iov.iov_base);
5557 if (rc) {
5558 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
5559 goto qfsattr_exit;
5560 }
5561 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
5562
5563 rsp_len = le32_to_cpu(rsp->OutputBufferLength);
5564 offset = le16_to_cpu(rsp->OutputBufferOffset);
5565 rc = smb2_validate_iov(offset, rsp_len, &rsp_iov, min_len);
5566 if (rc)
5567 goto qfsattr_exit;
5568
5569 if (level == FS_ATTRIBUTE_INFORMATION)
5570 memcpy(&tcon->fsAttrInfo, offset
5571 + (char *)rsp, min_t(unsigned int,
5572 rsp_len, max_len));
5573 else if (level == FS_DEVICE_INFORMATION)
5574 memcpy(&tcon->fsDevInfo, offset
5575 + (char *)rsp, sizeof(FILE_SYSTEM_DEVICE_INFO));
5576 else if (level == FS_SECTOR_SIZE_INFORMATION) {
5577 struct smb3_fs_ss_info *ss_info = (struct smb3_fs_ss_info *)
5578 (offset + (char *)rsp);
5579 tcon->ss_flags = le32_to_cpu(ss_info->Flags);
5580 tcon->perf_sector_size =
5581 le32_to_cpu(ss_info->PhysicalBytesPerSectorForPerf);
5582 } else if (level == FS_VOLUME_INFORMATION) {
5583 struct smb3_fs_vol_info *vol_info = (struct smb3_fs_vol_info *)
5584 (offset + (char *)rsp);
5585 tcon->vol_serial_number = vol_info->VolumeSerialNumber;
5586 tcon->vol_create_time = vol_info->VolumeCreationTime;
5587 }
5588
5589 qfsattr_exit:
5590 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
5591 return rc;
5592 }
5593
5594 int
5595 smb2_lockv(const unsigned int xid, struct cifs_tcon *tcon,
5596 const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid,
5597 const __u32 num_lock, struct smb2_lock_element *buf)
5598 {
5599 struct smb_rqst rqst;
5600 int rc = 0;
5601 struct smb2_lock_req *req = NULL;
5602 struct kvec iov[2];
5603 struct kvec rsp_iov;
5604 int resp_buf_type;
5605 unsigned int count;
5606 int flags = CIFS_NO_RSP_BUF;
5607 unsigned int total_len;
5608 struct TCP_Server_Info *server = cifs_pick_channel(tcon->ses);
5609
5610 cifs_dbg(FYI, "smb2_lockv num lock %d\n", num_lock);
5611
5612 rc = smb2_plain_req_init(SMB2_LOCK, tcon, server,
5613 (void **) &req, &total_len);
5614 if (rc)
5615 return rc;
5616
5617 if (smb3_encryption_required(tcon))
5618 flags |= CIFS_TRANSFORM_REQ;
5619
5620 req->hdr.Id.SyncId.ProcessId = cpu_to_le32(pid);
5621 req->LockCount = cpu_to_le16(num_lock);
5622
5623 req->PersistentFileId = persist_fid;
5624 req->VolatileFileId = volatile_fid;
5625
5626 count = num_lock * sizeof(struct smb2_lock_element);
5627
5628 iov[0].iov_base = (char *)req;
5629 iov[0].iov_len = total_len - sizeof(struct smb2_lock_element);
5630 iov[1].iov_base = (char *)buf;
5631 iov[1].iov_len = count;
5632
5633 cifs_stats_inc(&tcon->stats.cifs_stats.num_locks);
5634
5635 memset(&rqst, 0, sizeof(struct smb_rqst));
5636 rqst.rq_iov = iov;
5637 rqst.rq_nvec = 2;
5638
5639 rc = cifs_send_recv(xid, tcon->ses, server,
5640 &rqst, &resp_buf_type, flags,
5641 &rsp_iov);
5642 cifs_small_buf_release(req);
5643 if (rc) {
5644 cifs_dbg(FYI, "Send error in smb2_lockv = %d\n", rc);
5645 cifs_stats_fail_inc(tcon, SMB2_LOCK_HE);
5646 trace_smb3_lock_err(xid, persist_fid, tcon->tid,
5647 tcon->ses->Suid, rc);
5648 }
5649
5650 return rc;
5651 }
5652
5653 int
5654 SMB2_lock(const unsigned int xid, struct cifs_tcon *tcon,
5655 const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid,
5656 const __u64 length, const __u64 offset, const __u32 lock_flags,
5657 const bool wait)
5658 {
5659 struct smb2_lock_element lock;
5660
5661 lock.Offset = cpu_to_le64(offset);
5662 lock.Length = cpu_to_le64(length);
5663 lock.Flags = cpu_to_le32(lock_flags);
5664 if (!wait && lock_flags != SMB2_LOCKFLAG_UNLOCK)
5665 lock.Flags |= cpu_to_le32(SMB2_LOCKFLAG_FAIL_IMMEDIATELY);
5666
5667 return smb2_lockv(xid, tcon, persist_fid, volatile_fid, pid, 1, &lock);
5668 }
5669
5670 int
5671 SMB2_lease_break(const unsigned int xid, struct cifs_tcon *tcon,
5672 __u8 *lease_key, const __le32 lease_state)
5673 {
5674 struct smb_rqst rqst;
5675 int rc;
5676 struct smb2_lease_ack *req = NULL;
5677 struct cifs_ses *ses = tcon->ses;
5678 int flags = CIFS_OBREAK_OP;
5679 unsigned int total_len;
5680 struct kvec iov[1];
5681 struct kvec rsp_iov;
5682 int resp_buf_type;
5683 __u64 *please_key_high;
5684 __u64 *please_key_low;
5685 struct TCP_Server_Info *server = cifs_pick_channel(tcon->ses);
5686
5687 cifs_dbg(FYI, "SMB2_lease_break\n");
5688 rc = smb2_plain_req_init(SMB2_OPLOCK_BREAK, tcon, server,
5689 (void **) &req, &total_len);
5690 if (rc)
5691 return rc;
5692
5693 if (smb3_encryption_required(tcon))
5694 flags |= CIFS_TRANSFORM_REQ;
5695
5696 req->hdr.CreditRequest = cpu_to_le16(1);
5697 req->StructureSize = cpu_to_le16(36);
5698 total_len += 12;
5699
5700 memcpy(req->LeaseKey, lease_key, 16);
5701 req->LeaseState = lease_state;
5702
5703 flags |= CIFS_NO_RSP_BUF;
5704
5705 iov[0].iov_base = (char *)req;
5706 iov[0].iov_len = total_len;
5707
5708 memset(&rqst, 0, sizeof(struct smb_rqst));
5709 rqst.rq_iov = iov;
5710 rqst.rq_nvec = 1;
5711
5712 rc = cifs_send_recv(xid, ses, server,
5713 &rqst, &resp_buf_type, flags, &rsp_iov);
5714 cifs_small_buf_release(req);
5715
5716 please_key_low = (__u64 *)lease_key;
5717 please_key_high = (__u64 *)(lease_key+8);
5718 if (rc) {
5719 cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE);
5720 trace_smb3_lease_err(le32_to_cpu(lease_state), tcon->tid,
5721 ses->Suid, *please_key_low, *please_key_high, rc);
5722 cifs_dbg(FYI, "Send error in Lease Break = %d\n", rc);
5723 } else
5724 trace_smb3_lease_done(le32_to_cpu(lease_state), tcon->tid,
5725 ses->Suid, *please_key_low, *please_key_high);
5726
5727 return rc;
5728 }
A mirror of Linus' kernel repository