1 // SPDX-License-Identifier: LGPL-2.1
4 * Copyright (C) International Business Machines Corp., 2009, 2013
6 * Author(s): Steve French (sfrench@us.ibm.com)
7 * Pavel Shilovsky (pshilovsky@samba.org) 2012
9 * Contains the routines for constructing the SMB2 PDUs themselves
13 /* SMB2 PDU handling routines here - except for leftovers (eg session setup) */
14 /* Note that there are handle based routines which must be */
15 /* treated slightly differently for reconnection purposes since we never */
16 /* want to reuse a stale file handle and only the caller knows the file info */
19 #include <linux/kernel.h>
20 #include <linux/vfs.h>
21 #include <linux/task_io_accounting_ops.h>
22 #include <linux/uaccess.h>
23 #include <linux/uuid.h>
24 #include <linux/pagemap.h>
25 #include <linux/xattr.h>
28 #include "cifsproto.h"
29 #include "smb2proto.h"
30 #include "cifs_unicode.h"
31 #include "cifs_debug.h"
33 #include "smb2status.h"
36 #include "cifs_spnego.h"
37 #include "smbdirect.h"
39 #ifdef CONFIG_CIFS_DFS_UPCALL
40 #include "dfs_cache.h"
42 #include "cached_dir.h"
45 * The following table defines the expected "StructureSize" of SMB2 requests
46 * in order by SMB2 command. This is similar to "wct" in SMB/CIFS requests.
48 * Note that commands are defined in smb2pdu.h in le16 but the array below is
49 * indexed by command in host byte order.
51 static const int smb2_req_struct_sizes
[NUMBER_OF_SMB2_COMMANDS
] = {
52 /* SMB2_NEGOTIATE */ 36,
53 /* SMB2_SESSION_SETUP */ 25,
55 /* SMB2_TREE_CONNECT */ 9,
56 /* SMB2_TREE_DISCONNECT */ 4,
66 /* SMB2_QUERY_DIRECTORY */ 33,
67 /* SMB2_CHANGE_NOTIFY */ 32,
68 /* SMB2_QUERY_INFO */ 41,
69 /* SMB2_SET_INFO */ 33,
70 /* SMB2_OPLOCK_BREAK */ 24 /* BB this is 36 for LEASE_BREAK variant */
73 int smb3_encryption_required(const struct cifs_tcon
*tcon
)
75 if (!tcon
|| !tcon
->ses
)
77 if ((tcon
->ses
->session_flags
& SMB2_SESSION_FLAG_ENCRYPT_DATA
) ||
78 (tcon
->share_flags
& SHI1005_FLAGS_ENCRYPT_DATA
))
81 (tcon
->ses
->server
->capabilities
& SMB2_GLOBAL_CAP_ENCRYPTION
))
87 smb2_hdr_assemble(struct smb2_hdr
*shdr
, __le16 smb2_cmd
,
88 const struct cifs_tcon
*tcon
,
89 struct TCP_Server_Info
*server
)
91 struct smb3_hdr_req
*smb3_hdr
;
93 shdr
->ProtocolId
= SMB2_PROTO_NUMBER
;
94 shdr
->StructureSize
= cpu_to_le16(64);
95 shdr
->Command
= smb2_cmd
;
98 /* After reconnect SMB3 must set ChannelSequence on subsequent reqs */
99 if (server
->dialect
>= SMB30_PROT_ID
) {
100 smb3_hdr
= (struct smb3_hdr_req
*)shdr
;
102 * if primary channel is not set yet, use default
103 * channel for chan sequence num
105 if (SERVER_IS_CHAN(server
))
106 smb3_hdr
->ChannelSequence
=
107 cpu_to_le16(server
->primary_server
->channel_sequence_num
);
109 smb3_hdr
->ChannelSequence
=
110 cpu_to_le16(server
->channel_sequence_num
);
112 spin_lock(&server
->req_lock
);
113 /* Request up to 10 credits but don't go over the limit. */
114 if (server
->credits
>= server
->max_credits
)
115 shdr
->CreditRequest
= cpu_to_le16(0);
117 shdr
->CreditRequest
= cpu_to_le16(
118 min_t(int, server
->max_credits
-
119 server
->credits
, 10));
120 spin_unlock(&server
->req_lock
);
122 shdr
->CreditRequest
= cpu_to_le16(2);
124 shdr
->Id
.SyncId
.ProcessId
= cpu_to_le32((__u16
)current
->tgid
);
129 /* GLOBAL_CAP_LARGE_MTU will only be set if dialect > SMB2.02 */
130 /* See sections 2.2.4 and 3.2.4.1.5 of MS-SMB2 */
131 if (server
&& (server
->capabilities
& SMB2_GLOBAL_CAP_LARGE_MTU
))
132 shdr
->CreditCharge
= cpu_to_le16(1);
133 /* else CreditCharge MBZ */
135 shdr
->Id
.SyncId
.TreeId
= cpu_to_le32(tcon
->tid
);
136 /* Uid is not converted */
138 shdr
->SessionId
= cpu_to_le64(tcon
->ses
->Suid
);
141 * If we would set SMB2_FLAGS_DFS_OPERATIONS on open we also would have
142 * to pass the path on the Open SMB prefixed by \\server\share.
143 * Not sure when we would need to do the augmented path (if ever) and
144 * setting this flag breaks the SMB2 open operation since it is
145 * illegal to send an empty path name (without \\server\share prefix)
146 * when the DFS flag is set in the SMB open header. We could
147 * consider setting the flag on all operations other than open
148 * but it is safer to net set it for now.
150 /* if (tcon->share_flags & SHI1005_FLAGS_DFS)
151 shdr->Flags |= SMB2_FLAGS_DFS_OPERATIONS; */
153 if (server
&& server
->sign
&& !smb3_encryption_required(tcon
))
154 shdr
->Flags
|= SMB2_FLAGS_SIGNED
;
160 smb2_reconnect(__le16 smb2_command
, struct cifs_tcon
*tcon
,
161 struct TCP_Server_Info
*server
)
164 struct nls_table
*nls_codepage
= NULL
;
165 struct cifs_ses
*ses
;
169 * SMB2s NegProt, SessSetup, Logoff do not have tcon yet so
170 * check for tcp and smb session status done differently
171 * for those three - in the calling routine.
177 * Need to also skip SMB2_IOCTL because it is used for checking nested dfs links in
178 * cifs_tree_connect().
180 if (smb2_command
== SMB2_TREE_CONNECT
|| smb2_command
== SMB2_IOCTL
)
183 spin_lock(&tcon
->tc_lock
);
184 if (tcon
->status
== TID_EXITING
) {
186 * only tree disconnect allowed when disconnecting ...
188 if (smb2_command
!= SMB2_TREE_DISCONNECT
) {
189 spin_unlock(&tcon
->tc_lock
);
190 cifs_dbg(FYI
, "can not send cmd %d while umounting\n",
195 spin_unlock(&tcon
->tc_lock
);
200 spin_lock(&ses
->ses_lock
);
201 if (ses
->ses_status
== SES_EXITING
) {
202 spin_unlock(&ses
->ses_lock
);
205 spin_unlock(&ses
->ses_lock
);
206 if (!ses
->server
|| !server
)
209 spin_lock(&server
->srv_lock
);
210 if (server
->tcpStatus
== CifsNeedReconnect
) {
212 * Return to caller for TREE_DISCONNECT and LOGOFF and CLOSE
213 * here since they are implicitly done when session drops.
215 switch (smb2_command
) {
217 * BB Should we keep oplock break and add flush to exceptions?
219 case SMB2_TREE_DISCONNECT
:
222 case SMB2_OPLOCK_BREAK
:
223 spin_unlock(&server
->srv_lock
);
227 spin_unlock(&server
->srv_lock
);
230 rc
= cifs_wait_for_server_reconnect(server
, tcon
->retry
);
234 spin_lock(&ses
->chan_lock
);
235 if (!cifs_chan_needs_reconnect(ses
, server
) && !tcon
->need_reconnect
) {
236 spin_unlock(&ses
->chan_lock
);
239 spin_unlock(&ses
->chan_lock
);
240 cifs_dbg(FYI
, "sess reconnect mask: 0x%lx, tcon reconnect: %d",
241 tcon
->ses
->chans_need_reconnect
,
242 tcon
->need_reconnect
);
244 mutex_lock(&ses
->session_mutex
);
246 * Recheck after acquire mutex. If another thread is negotiating
247 * and the server never sends an answer the socket will be closed
248 * and tcpStatus set to reconnect.
250 spin_lock(&server
->srv_lock
);
251 if (server
->tcpStatus
== CifsNeedReconnect
) {
252 spin_unlock(&server
->srv_lock
);
253 mutex_unlock(&ses
->session_mutex
);
261 spin_unlock(&server
->srv_lock
);
263 nls_codepage
= ses
->local_nls
;
266 * need to prevent multiple threads trying to simultaneously
267 * reconnect the same SMB session
269 spin_lock(&ses
->ses_lock
);
270 spin_lock(&ses
->chan_lock
);
271 if (!cifs_chan_needs_reconnect(ses
, server
) &&
272 ses
->ses_status
== SES_GOOD
) {
273 spin_unlock(&ses
->chan_lock
);
274 spin_unlock(&ses
->ses_lock
);
275 /* this means that we only need to tree connect */
276 if (tcon
->need_reconnect
)
277 goto skip_sess_setup
;
279 mutex_unlock(&ses
->session_mutex
);
282 spin_unlock(&ses
->chan_lock
);
283 spin_unlock(&ses
->ses_lock
);
285 rc
= cifs_negotiate_protocol(0, ses
, server
);
287 rc
= cifs_setup_session(0, ses
, server
, nls_codepage
);
288 if ((rc
== -EACCES
) && !tcon
->retry
) {
289 mutex_unlock(&ses
->session_mutex
);
293 mutex_unlock(&ses
->session_mutex
);
297 mutex_unlock(&ses
->session_mutex
);
302 if (!tcon
->need_reconnect
) {
303 mutex_unlock(&ses
->session_mutex
);
306 cifs_mark_open_files_invalid(tcon
);
307 if (tcon
->use_persistent
)
308 tcon
->need_reopen_files
= true;
310 rc
= cifs_tree_connect(0, tcon
, nls_codepage
);
312 cifs_dbg(FYI
, "reconnect tcon rc = %d\n", rc
);
314 /* If sess reconnected but tcon didn't, something strange ... */
315 mutex_unlock(&ses
->session_mutex
);
316 cifs_dbg(VFS
, "reconnect tcon failed rc = %d\n", rc
);
321 (server
->capabilities
& SMB2_GLOBAL_CAP_MULTI_CHANNEL
)) {
322 mutex_unlock(&ses
->session_mutex
);
325 * query server network interfaces, in case they change
328 rc
= SMB3_request_interfaces(xid
, tcon
, false);
332 cifs_dbg(FYI
, "%s: failed to query server interfaces: %d\n",
335 if (ses
->chan_max
> ses
->chan_count
&&
336 !SERVER_IS_CHAN(server
)) {
337 if (ses
->chan_count
== 1)
338 cifs_server_dbg(VFS
, "supports multichannel now\n");
340 cifs_try_adding_channels(ses
);
343 mutex_unlock(&ses
->session_mutex
);
346 if (smb2_command
!= SMB2_INTERNAL_CMD
)
347 if (mod_delayed_work(cifsiod_wq
, &server
->reconnect
, 0))
348 cifs_put_tcp_session(server
, false);
350 atomic_inc(&tconInfoReconnectCount
);
353 * Check if handle based operation so we know whether we can continue
354 * or not without returning to caller to reset file handle.
357 * BB Is flush done by server on drop of tcp session? Should we special
358 * case it and skip above?
360 switch (smb2_command
) {
365 case SMB2_QUERY_DIRECTORY
:
366 case SMB2_CHANGE_NOTIFY
:
367 case SMB2_QUERY_INFO
:
376 fill_small_buf(__le16 smb2_command
, struct cifs_tcon
*tcon
,
377 struct TCP_Server_Info
*server
,
379 unsigned int *total_len
)
381 struct smb2_pdu
*spdu
= buf
;
382 /* lookup word count ie StructureSize from table */
383 __u16 parmsize
= smb2_req_struct_sizes
[le16_to_cpu(smb2_command
)];
386 * smaller than SMALL_BUFFER_SIZE but bigger than fixed area of
387 * largest operations (Create)
391 smb2_hdr_assemble(&spdu
->hdr
, smb2_command
, tcon
, server
);
392 spdu
->StructureSize2
= cpu_to_le16(parmsize
);
394 *total_len
= parmsize
+ sizeof(struct smb2_hdr
);
398 * Allocate and return pointer to an SMB request hdr, and set basic
399 * SMB information in the SMB header. If the return code is zero, this
400 * function must have filled in request_buf pointer.
402 static int __smb2_plain_req_init(__le16 smb2_command
, struct cifs_tcon
*tcon
,
403 struct TCP_Server_Info
*server
,
404 void **request_buf
, unsigned int *total_len
)
406 /* BB eventually switch this to SMB2 specific small buf size */
407 if (smb2_command
== SMB2_SET_INFO
)
408 *request_buf
= cifs_buf_get();
410 *request_buf
= cifs_small_buf_get();
411 if (*request_buf
== NULL
) {
412 /* BB should we add a retry in here if not a writepage? */
416 fill_small_buf(smb2_command
, tcon
, server
,
417 (struct smb2_hdr
*)(*request_buf
),
421 uint16_t com_code
= le16_to_cpu(smb2_command
);
422 cifs_stats_inc(&tcon
->stats
.smb2_stats
.smb2_com_sent
[com_code
]);
423 cifs_stats_inc(&tcon
->num_smbs_sent
);
429 static int smb2_plain_req_init(__le16 smb2_command
, struct cifs_tcon
*tcon
,
430 struct TCP_Server_Info
*server
,
431 void **request_buf
, unsigned int *total_len
)
435 rc
= smb2_reconnect(smb2_command
, tcon
, server
);
439 return __smb2_plain_req_init(smb2_command
, tcon
, server
, request_buf
,
443 static int smb2_ioctl_req_init(u32 opcode
, struct cifs_tcon
*tcon
,
444 struct TCP_Server_Info
*server
,
445 void **request_buf
, unsigned int *total_len
)
447 /* Skip reconnect only for FSCTL_VALIDATE_NEGOTIATE_INFO IOCTLs */
448 if (opcode
== FSCTL_VALIDATE_NEGOTIATE_INFO
) {
449 return __smb2_plain_req_init(SMB2_IOCTL
, tcon
, server
,
450 request_buf
, total_len
);
452 return smb2_plain_req_init(SMB2_IOCTL
, tcon
, server
,
453 request_buf
, total_len
);
456 /* For explanation of negotiate contexts see MS-SMB2 section 2.2.3.1 */
459 build_preauth_ctxt(struct smb2_preauth_neg_context
*pneg_ctxt
)
461 pneg_ctxt
->ContextType
= SMB2_PREAUTH_INTEGRITY_CAPABILITIES
;
462 pneg_ctxt
->DataLength
= cpu_to_le16(38);
463 pneg_ctxt
->HashAlgorithmCount
= cpu_to_le16(1);
464 pneg_ctxt
->SaltLength
= cpu_to_le16(SMB311_SALT_SIZE
);
465 get_random_bytes(pneg_ctxt
->Salt
, SMB311_SALT_SIZE
);
466 pneg_ctxt
->HashAlgorithms
= SMB2_PREAUTH_INTEGRITY_SHA512
;
470 build_compression_ctxt(struct smb2_compression_capabilities_context
*pneg_ctxt
)
472 pneg_ctxt
->ContextType
= SMB2_COMPRESSION_CAPABILITIES
;
473 pneg_ctxt
->DataLength
=
474 cpu_to_le16(sizeof(struct smb2_compression_capabilities_context
)
475 - sizeof(struct smb2_neg_context
));
476 pneg_ctxt
->CompressionAlgorithmCount
= cpu_to_le16(3);
477 pneg_ctxt
->CompressionAlgorithms
[0] = SMB3_COMPRESS_LZ77
;
478 pneg_ctxt
->CompressionAlgorithms
[1] = SMB3_COMPRESS_LZ77_HUFF
;
479 pneg_ctxt
->CompressionAlgorithms
[2] = SMB3_COMPRESS_LZNT1
;
483 build_signing_ctxt(struct smb2_signing_capabilities
*pneg_ctxt
)
485 unsigned int ctxt_len
= sizeof(struct smb2_signing_capabilities
);
486 unsigned short num_algs
= 1; /* number of signing algorithms sent */
488 pneg_ctxt
->ContextType
= SMB2_SIGNING_CAPABILITIES
;
490 * Context Data length must be rounded to multiple of 8 for some servers
492 pneg_ctxt
->DataLength
= cpu_to_le16(ALIGN(sizeof(struct smb2_signing_capabilities
) -
493 sizeof(struct smb2_neg_context
) +
494 (num_algs
* sizeof(u16
)), 8));
495 pneg_ctxt
->SigningAlgorithmCount
= cpu_to_le16(num_algs
);
496 pneg_ctxt
->SigningAlgorithms
[0] = cpu_to_le16(SIGNING_ALG_AES_CMAC
);
498 ctxt_len
+= sizeof(__le16
) * num_algs
;
499 ctxt_len
= ALIGN(ctxt_len
, 8);
501 /* TBD add SIGNING_ALG_AES_GMAC and/or SIGNING_ALG_HMAC_SHA256 */
505 build_encrypt_ctxt(struct smb2_encryption_neg_context
*pneg_ctxt
)
507 pneg_ctxt
->ContextType
= SMB2_ENCRYPTION_CAPABILITIES
;
508 if (require_gcm_256
) {
509 pneg_ctxt
->DataLength
= cpu_to_le16(4); /* Cipher Count + 1 cipher */
510 pneg_ctxt
->CipherCount
= cpu_to_le16(1);
511 pneg_ctxt
->Ciphers
[0] = SMB2_ENCRYPTION_AES256_GCM
;
512 } else if (enable_gcm_256
) {
513 pneg_ctxt
->DataLength
= cpu_to_le16(8); /* Cipher Count + 3 ciphers */
514 pneg_ctxt
->CipherCount
= cpu_to_le16(3);
515 pneg_ctxt
->Ciphers
[0] = SMB2_ENCRYPTION_AES128_GCM
;
516 pneg_ctxt
->Ciphers
[1] = SMB2_ENCRYPTION_AES256_GCM
;
517 pneg_ctxt
->Ciphers
[2] = SMB2_ENCRYPTION_AES128_CCM
;
519 pneg_ctxt
->DataLength
= cpu_to_le16(6); /* Cipher Count + 2 ciphers */
520 pneg_ctxt
->CipherCount
= cpu_to_le16(2);
521 pneg_ctxt
->Ciphers
[0] = SMB2_ENCRYPTION_AES128_GCM
;
522 pneg_ctxt
->Ciphers
[1] = SMB2_ENCRYPTION_AES128_CCM
;
527 build_netname_ctxt(struct smb2_netname_neg_context
*pneg_ctxt
, char *hostname
)
529 struct nls_table
*cp
= load_nls_default();
531 pneg_ctxt
->ContextType
= SMB2_NETNAME_NEGOTIATE_CONTEXT_ID
;
533 /* copy up to max of first 100 bytes of server name to NetName field */
534 pneg_ctxt
->DataLength
= cpu_to_le16(2 * cifs_strtoUTF16(pneg_ctxt
->NetName
, hostname
, 100, cp
));
535 /* context size is DataLength + minimal smb2_neg_context */
536 return ALIGN(le16_to_cpu(pneg_ctxt
->DataLength
) + sizeof(struct smb2_neg_context
), 8);
540 build_posix_ctxt(struct smb2_posix_neg_context
*pneg_ctxt
)
542 pneg_ctxt
->ContextType
= SMB2_POSIX_EXTENSIONS_AVAILABLE
;
543 pneg_ctxt
->DataLength
= cpu_to_le16(POSIX_CTXT_DATA_LEN
);
544 /* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */
545 pneg_ctxt
->Name
[0] = 0x93;
546 pneg_ctxt
->Name
[1] = 0xAD;
547 pneg_ctxt
->Name
[2] = 0x25;
548 pneg_ctxt
->Name
[3] = 0x50;
549 pneg_ctxt
->Name
[4] = 0x9C;
550 pneg_ctxt
->Name
[5] = 0xB4;
551 pneg_ctxt
->Name
[6] = 0x11;
552 pneg_ctxt
->Name
[7] = 0xE7;
553 pneg_ctxt
->Name
[8] = 0xB4;
554 pneg_ctxt
->Name
[9] = 0x23;
555 pneg_ctxt
->Name
[10] = 0x83;
556 pneg_ctxt
->Name
[11] = 0xDE;
557 pneg_ctxt
->Name
[12] = 0x96;
558 pneg_ctxt
->Name
[13] = 0x8B;
559 pneg_ctxt
->Name
[14] = 0xCD;
560 pneg_ctxt
->Name
[15] = 0x7C;
564 assemble_neg_contexts(struct smb2_negotiate_req
*req
,
565 struct TCP_Server_Info
*server
, unsigned int *total_len
)
567 unsigned int ctxt_len
, neg_context_count
;
568 struct TCP_Server_Info
*pserver
;
572 if (*total_len
> 200) {
573 /* In case length corrupted don't want to overrun smb buffer */
574 cifs_server_dbg(VFS
, "Bad frame length assembling neg contexts\n");
579 * round up total_len of fixed part of SMB3 negotiate request to 8
580 * byte boundary before adding negotiate contexts
582 *total_len
= ALIGN(*total_len
, 8);
584 pneg_ctxt
= (*total_len
) + (char *)req
;
585 req
->NegotiateContextOffset
= cpu_to_le32(*total_len
);
587 build_preauth_ctxt((struct smb2_preauth_neg_context
*)pneg_ctxt
);
588 ctxt_len
= ALIGN(sizeof(struct smb2_preauth_neg_context
), 8);
589 *total_len
+= ctxt_len
;
590 pneg_ctxt
+= ctxt_len
;
592 build_encrypt_ctxt((struct smb2_encryption_neg_context
*)pneg_ctxt
);
593 ctxt_len
= ALIGN(sizeof(struct smb2_encryption_neg_context
), 8);
594 *total_len
+= ctxt_len
;
595 pneg_ctxt
+= ctxt_len
;
598 * secondary channels don't have the hostname field populated
599 * use the hostname field in the primary channel instead
601 pserver
= SERVER_IS_CHAN(server
) ? server
->primary_server
: server
;
602 cifs_server_lock(pserver
);
603 hostname
= pserver
->hostname
;
604 if (hostname
&& (hostname
[0] != 0)) {
605 ctxt_len
= build_netname_ctxt((struct smb2_netname_neg_context
*)pneg_ctxt
,
607 *total_len
+= ctxt_len
;
608 pneg_ctxt
+= ctxt_len
;
609 neg_context_count
= 3;
611 neg_context_count
= 2;
612 cifs_server_unlock(pserver
);
614 build_posix_ctxt((struct smb2_posix_neg_context
*)pneg_ctxt
);
615 *total_len
+= sizeof(struct smb2_posix_neg_context
);
616 pneg_ctxt
+= sizeof(struct smb2_posix_neg_context
);
619 if (server
->compress_algorithm
) {
620 build_compression_ctxt((struct smb2_compression_capabilities_context
*)
622 ctxt_len
= ALIGN(sizeof(struct smb2_compression_capabilities_context
), 8);
623 *total_len
+= ctxt_len
;
624 pneg_ctxt
+= ctxt_len
;
628 if (enable_negotiate_signing
) {
629 ctxt_len
= build_signing_ctxt((struct smb2_signing_capabilities
*)
631 *total_len
+= ctxt_len
;
632 pneg_ctxt
+= ctxt_len
;
636 /* check for and add transport_capabilities and signing capabilities */
637 req
->NegotiateContextCount
= cpu_to_le16(neg_context_count
);
641 /* If invalid preauth context warn but use what we requested, SHA-512 */
642 static void decode_preauth_context(struct smb2_preauth_neg_context
*ctxt
)
644 unsigned int len
= le16_to_cpu(ctxt
->DataLength
);
647 * Caller checked that DataLength remains within SMB boundary. We still
648 * need to confirm that one HashAlgorithms member is accounted for.
650 if (len
< MIN_PREAUTH_CTXT_DATA_LEN
) {
651 pr_warn_once("server sent bad preauth context\n");
653 } else if (len
< MIN_PREAUTH_CTXT_DATA_LEN
+ le16_to_cpu(ctxt
->SaltLength
)) {
654 pr_warn_once("server sent invalid SaltLength\n");
657 if (le16_to_cpu(ctxt
->HashAlgorithmCount
) != 1)
658 pr_warn_once("Invalid SMB3 hash algorithm count\n");
659 if (ctxt
->HashAlgorithms
!= SMB2_PREAUTH_INTEGRITY_SHA512
)
660 pr_warn_once("unknown SMB3 hash algorithm\n");
663 static void decode_compress_ctx(struct TCP_Server_Info
*server
,
664 struct smb2_compression_capabilities_context
*ctxt
)
666 unsigned int len
= le16_to_cpu(ctxt
->DataLength
);
669 * Caller checked that DataLength remains within SMB boundary. We still
670 * need to confirm that one CompressionAlgorithms member is accounted
674 pr_warn_once("server sent bad compression cntxt\n");
677 if (le16_to_cpu(ctxt
->CompressionAlgorithmCount
) != 1) {
678 pr_warn_once("Invalid SMB3 compress algorithm count\n");
681 if (le16_to_cpu(ctxt
->CompressionAlgorithms
[0]) > 3) {
682 pr_warn_once("unknown compression algorithm\n");
685 server
->compress_algorithm
= ctxt
->CompressionAlgorithms
[0];
688 static int decode_encrypt_ctx(struct TCP_Server_Info
*server
,
689 struct smb2_encryption_neg_context
*ctxt
)
691 unsigned int len
= le16_to_cpu(ctxt
->DataLength
);
693 cifs_dbg(FYI
, "decode SMB3.11 encryption neg context of len %d\n", len
);
695 * Caller checked that DataLength remains within SMB boundary. We still
696 * need to confirm that one Cipher flexible array member is accounted
699 if (len
< MIN_ENCRYPT_CTXT_DATA_LEN
) {
700 pr_warn_once("server sent bad crypto ctxt len\n");
704 if (le16_to_cpu(ctxt
->CipherCount
) != 1) {
705 pr_warn_once("Invalid SMB3.11 cipher count\n");
708 cifs_dbg(FYI
, "SMB311 cipher type:%d\n", le16_to_cpu(ctxt
->Ciphers
[0]));
709 if (require_gcm_256
) {
710 if (ctxt
->Ciphers
[0] != SMB2_ENCRYPTION_AES256_GCM
) {
711 cifs_dbg(VFS
, "Server does not support requested encryption type (AES256 GCM)\n");
714 } else if (ctxt
->Ciphers
[0] == 0) {
716 * e.g. if server only supported AES256_CCM (very unlikely)
717 * or server supported no encryption types or had all disabled.
718 * Since GLOBAL_CAP_ENCRYPTION will be not set, in the case
719 * in which mount requested encryption ("seal") checks later
720 * on during tree connection will return proper rc, but if
721 * seal not requested by client, since server is allowed to
722 * return 0 to indicate no supported cipher, we can't fail here
724 server
->cipher_type
= 0;
725 server
->capabilities
&= ~SMB2_GLOBAL_CAP_ENCRYPTION
;
726 pr_warn_once("Server does not support requested encryption types\n");
728 } else if ((ctxt
->Ciphers
[0] != SMB2_ENCRYPTION_AES128_CCM
) &&
729 (ctxt
->Ciphers
[0] != SMB2_ENCRYPTION_AES128_GCM
) &&
730 (ctxt
->Ciphers
[0] != SMB2_ENCRYPTION_AES256_GCM
)) {
731 /* server returned a cipher we didn't ask for */
732 pr_warn_once("Invalid SMB3.11 cipher returned\n");
735 server
->cipher_type
= ctxt
->Ciphers
[0];
736 server
->capabilities
|= SMB2_GLOBAL_CAP_ENCRYPTION
;
740 static void decode_signing_ctx(struct TCP_Server_Info
*server
,
741 struct smb2_signing_capabilities
*pctxt
)
743 unsigned int len
= le16_to_cpu(pctxt
->DataLength
);
746 * Caller checked that DataLength remains within SMB boundary. We still
747 * need to confirm that one SigningAlgorithms flexible array member is
750 if ((len
< 4) || (len
> 16)) {
751 pr_warn_once("server sent bad signing negcontext\n");
754 if (le16_to_cpu(pctxt
->SigningAlgorithmCount
) != 1) {
755 pr_warn_once("Invalid signing algorithm count\n");
758 if (le16_to_cpu(pctxt
->SigningAlgorithms
[0]) > 2) {
759 pr_warn_once("unknown signing algorithm\n");
763 server
->signing_negotiated
= true;
764 server
->signing_algorithm
= le16_to_cpu(pctxt
->SigningAlgorithms
[0]);
765 cifs_dbg(FYI
, "signing algorithm %d chosen\n",
766 server
->signing_algorithm
);
770 static int smb311_decode_neg_context(struct smb2_negotiate_rsp
*rsp
,
771 struct TCP_Server_Info
*server
,
772 unsigned int len_of_smb
)
774 struct smb2_neg_context
*pctx
;
775 unsigned int offset
= le32_to_cpu(rsp
->NegotiateContextOffset
);
776 unsigned int ctxt_cnt
= le16_to_cpu(rsp
->NegotiateContextCount
);
777 unsigned int len_of_ctxts
, i
;
780 cifs_dbg(FYI
, "decoding %d negotiate contexts\n", ctxt_cnt
);
781 if (len_of_smb
<= offset
) {
782 cifs_server_dbg(VFS
, "Invalid response: negotiate context offset\n");
786 len_of_ctxts
= len_of_smb
- offset
;
788 for (i
= 0; i
< ctxt_cnt
; i
++) {
790 /* check that offset is not beyond end of SMB */
791 if (len_of_ctxts
< sizeof(struct smb2_neg_context
))
794 pctx
= (struct smb2_neg_context
*)(offset
+ (char *)rsp
);
795 clen
= sizeof(struct smb2_neg_context
)
796 + le16_to_cpu(pctx
->DataLength
);
798 * 2.2.4 SMB2 NEGOTIATE Response
799 * Subsequent negotiate contexts MUST appear at the first 8-byte
800 * aligned offset following the previous negotiate context.
802 if (i
+ 1 != ctxt_cnt
)
803 clen
= ALIGN(clen
, 8);
804 if (clen
> len_of_ctxts
)
807 if (pctx
->ContextType
== SMB2_PREAUTH_INTEGRITY_CAPABILITIES
)
808 decode_preauth_context(
809 (struct smb2_preauth_neg_context
*)pctx
);
810 else if (pctx
->ContextType
== SMB2_ENCRYPTION_CAPABILITIES
)
811 rc
= decode_encrypt_ctx(server
,
812 (struct smb2_encryption_neg_context
*)pctx
);
813 else if (pctx
->ContextType
== SMB2_COMPRESSION_CAPABILITIES
)
814 decode_compress_ctx(server
,
815 (struct smb2_compression_capabilities_context
*)pctx
);
816 else if (pctx
->ContextType
== SMB2_POSIX_EXTENSIONS_AVAILABLE
)
817 server
->posix_ext_supported
= true;
818 else if (pctx
->ContextType
== SMB2_SIGNING_CAPABILITIES
)
819 decode_signing_ctx(server
,
820 (struct smb2_signing_capabilities
*)pctx
);
822 cifs_server_dbg(VFS
, "unknown negcontext of type %d ignored\n",
823 le16_to_cpu(pctx
->ContextType
));
828 len_of_ctxts
-= clen
;
833 static struct create_posix
*
834 create_posix_buf(umode_t mode
)
836 struct create_posix
*buf
;
838 buf
= kzalloc(sizeof(struct create_posix
),
843 buf
->ccontext
.DataOffset
=
844 cpu_to_le16(offsetof(struct create_posix
, Mode
));
845 buf
->ccontext
.DataLength
= cpu_to_le32(4);
846 buf
->ccontext
.NameOffset
=
847 cpu_to_le16(offsetof(struct create_posix
, Name
));
848 buf
->ccontext
.NameLength
= cpu_to_le16(16);
850 /* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */
861 buf
->Name
[10] = 0x83;
862 buf
->Name
[11] = 0xDE;
863 buf
->Name
[12] = 0x96;
864 buf
->Name
[13] = 0x8B;
865 buf
->Name
[14] = 0xCD;
866 buf
->Name
[15] = 0x7C;
867 buf
->Mode
= cpu_to_le32(mode
);
868 cifs_dbg(FYI
, "mode on posix create 0%o\n", mode
);
873 add_posix_context(struct kvec
*iov
, unsigned int *num_iovec
, umode_t mode
)
875 unsigned int num
= *num_iovec
;
877 iov
[num
].iov_base
= create_posix_buf(mode
);
878 if (mode
== ACL_NO_MODE
)
879 cifs_dbg(FYI
, "%s: no mode\n", __func__
);
880 if (iov
[num
].iov_base
== NULL
)
882 iov
[num
].iov_len
= sizeof(struct create_posix
);
883 *num_iovec
= num
+ 1;
890 * SMB2 Worker functions follow:
892 * The general structure of the worker functions is:
893 * 1) Call smb2_init (assembles SMB2 header)
894 * 2) Initialize SMB2 command specific fields in fixed length area of SMB
895 * 3) Call smb_sendrcv2 (sends request on socket and waits for response)
896 * 4) Decode SMB2 command specific fields in the fixed length area
897 * 5) Decode variable length data area (if any for this SMB2 command type)
898 * 6) Call free smb buffer
904 SMB2_negotiate(const unsigned int xid
,
905 struct cifs_ses
*ses
,
906 struct TCP_Server_Info
*server
)
908 struct smb_rqst rqst
;
909 struct smb2_negotiate_req
*req
;
910 struct smb2_negotiate_rsp
*rsp
;
915 int blob_offset
, blob_length
;
917 int flags
= CIFS_NEG_OP
;
918 unsigned int total_len
;
920 cifs_dbg(FYI
, "Negotiate protocol\n");
923 WARN(1, "%s: server is NULL!\n", __func__
);
927 rc
= smb2_plain_req_init(SMB2_NEGOTIATE
, NULL
, server
,
928 (void **) &req
, &total_len
);
932 req
->hdr
.SessionId
= 0;
934 memset(server
->preauth_sha_hash
, 0, SMB2_PREAUTH_HASH_SIZE
);
935 memset(ses
->preauth_sha_hash
, 0, SMB2_PREAUTH_HASH_SIZE
);
937 if (strcmp(server
->vals
->version_string
,
938 SMB3ANY_VERSION_STRING
) == 0) {
939 req
->Dialects
[0] = cpu_to_le16(SMB30_PROT_ID
);
940 req
->Dialects
[1] = cpu_to_le16(SMB302_PROT_ID
);
941 req
->Dialects
[2] = cpu_to_le16(SMB311_PROT_ID
);
942 req
->DialectCount
= cpu_to_le16(3);
944 } else if (strcmp(server
->vals
->version_string
,
945 SMBDEFAULT_VERSION_STRING
) == 0) {
946 req
->Dialects
[0] = cpu_to_le16(SMB21_PROT_ID
);
947 req
->Dialects
[1] = cpu_to_le16(SMB30_PROT_ID
);
948 req
->Dialects
[2] = cpu_to_le16(SMB302_PROT_ID
);
949 req
->Dialects
[3] = cpu_to_le16(SMB311_PROT_ID
);
950 req
->DialectCount
= cpu_to_le16(4);
953 /* otherwise send specific dialect */
954 req
->Dialects
[0] = cpu_to_le16(server
->vals
->protocol_id
);
955 req
->DialectCount
= cpu_to_le16(1);
959 /* only one of SMB2 signing flags may be set in SMB2 request */
961 req
->SecurityMode
= cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED
);
962 else if (global_secflags
& CIFSSEC_MAY_SIGN
)
963 req
->SecurityMode
= cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED
);
965 req
->SecurityMode
= 0;
967 req
->Capabilities
= cpu_to_le32(server
->vals
->req_capabilities
);
968 if (ses
->chan_max
> 1)
969 req
->Capabilities
|= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL
);
971 /* ClientGUID must be zero for SMB2.02 dialect */
972 if (server
->vals
->protocol_id
== SMB20_PROT_ID
)
973 memset(req
->ClientGUID
, 0, SMB2_CLIENT_GUID_SIZE
);
975 memcpy(req
->ClientGUID
, server
->client_guid
,
976 SMB2_CLIENT_GUID_SIZE
);
977 if ((server
->vals
->protocol_id
== SMB311_PROT_ID
) ||
978 (strcmp(server
->vals
->version_string
,
979 SMB3ANY_VERSION_STRING
) == 0) ||
980 (strcmp(server
->vals
->version_string
,
981 SMBDEFAULT_VERSION_STRING
) == 0))
982 assemble_neg_contexts(req
, server
, &total_len
);
984 iov
[0].iov_base
= (char *)req
;
985 iov
[0].iov_len
= total_len
;
987 memset(&rqst
, 0, sizeof(struct smb_rqst
));
991 rc
= cifs_send_recv(xid
, ses
, server
,
992 &rqst
, &resp_buftype
, flags
, &rsp_iov
);
993 cifs_small_buf_release(req
);
994 rsp
= (struct smb2_negotiate_rsp
*)rsp_iov
.iov_base
;
996 * No tcon so can't do
997 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
999 if (rc
== -EOPNOTSUPP
) {
1000 cifs_server_dbg(VFS
, "Dialect not supported by server. Consider specifying vers=1.0 or vers=2.0 on mount for accessing older servers\n");
1006 if (strcmp(server
->vals
->version_string
,
1007 SMB3ANY_VERSION_STRING
) == 0) {
1008 if (rsp
->DialectRevision
== cpu_to_le16(SMB20_PROT_ID
)) {
1009 cifs_server_dbg(VFS
,
1010 "SMB2 dialect returned but not requested\n");
1012 } else if (rsp
->DialectRevision
== cpu_to_le16(SMB21_PROT_ID
)) {
1013 cifs_server_dbg(VFS
,
1014 "SMB2.1 dialect returned but not requested\n");
1016 } else if (rsp
->DialectRevision
== cpu_to_le16(SMB311_PROT_ID
)) {
1017 /* ops set to 3.0 by default for default so update */
1018 server
->ops
= &smb311_operations
;
1019 server
->vals
= &smb311_values
;
1021 } else if (strcmp(server
->vals
->version_string
,
1022 SMBDEFAULT_VERSION_STRING
) == 0) {
1023 if (rsp
->DialectRevision
== cpu_to_le16(SMB20_PROT_ID
)) {
1024 cifs_server_dbg(VFS
,
1025 "SMB2 dialect returned but not requested\n");
1027 } else if (rsp
->DialectRevision
== cpu_to_le16(SMB21_PROT_ID
)) {
1028 /* ops set to 3.0 by default for default so update */
1029 server
->ops
= &smb21_operations
;
1030 server
->vals
= &smb21_values
;
1031 } else if (rsp
->DialectRevision
== cpu_to_le16(SMB311_PROT_ID
)) {
1032 server
->ops
= &smb311_operations
;
1033 server
->vals
= &smb311_values
;
1035 } else if (le16_to_cpu(rsp
->DialectRevision
) !=
1036 server
->vals
->protocol_id
) {
1037 /* if requested single dialect ensure returned dialect matched */
1038 cifs_server_dbg(VFS
, "Invalid 0x%x dialect returned: not requested\n",
1039 le16_to_cpu(rsp
->DialectRevision
));
1043 cifs_dbg(FYI
, "mode 0x%x\n", rsp
->SecurityMode
);
1045 if (rsp
->DialectRevision
== cpu_to_le16(SMB20_PROT_ID
))
1046 cifs_dbg(FYI
, "negotiated smb2.0 dialect\n");
1047 else if (rsp
->DialectRevision
== cpu_to_le16(SMB21_PROT_ID
))
1048 cifs_dbg(FYI
, "negotiated smb2.1 dialect\n");
1049 else if (rsp
->DialectRevision
== cpu_to_le16(SMB30_PROT_ID
))
1050 cifs_dbg(FYI
, "negotiated smb3.0 dialect\n");
1051 else if (rsp
->DialectRevision
== cpu_to_le16(SMB302_PROT_ID
))
1052 cifs_dbg(FYI
, "negotiated smb3.02 dialect\n");
1053 else if (rsp
->DialectRevision
== cpu_to_le16(SMB311_PROT_ID
))
1054 cifs_dbg(FYI
, "negotiated smb3.1.1 dialect\n");
1056 cifs_server_dbg(VFS
, "Invalid dialect returned by server 0x%x\n",
1057 le16_to_cpu(rsp
->DialectRevision
));
1062 server
->dialect
= le16_to_cpu(rsp
->DialectRevision
);
1065 * Keep a copy of the hash after negprot. This hash will be
1066 * the starting hash value for all sessions made from this
1069 memcpy(server
->preauth_sha_hash
, ses
->preauth_sha_hash
,
1070 SMB2_PREAUTH_HASH_SIZE
);
1072 /* SMB2 only has an extended negflavor */
1073 server
->negflavor
= CIFS_NEGFLAVOR_EXTENDED
;
1074 /* set it to the maximum buffer size value we can send with 1 credit */
1075 server
->maxBuf
= min_t(unsigned int, le32_to_cpu(rsp
->MaxTransactSize
),
1076 SMB2_MAX_BUFFER_SIZE
);
1077 server
->max_read
= le32_to_cpu(rsp
->MaxReadSize
);
1078 server
->max_write
= le32_to_cpu(rsp
->MaxWriteSize
);
1079 server
->sec_mode
= le16_to_cpu(rsp
->SecurityMode
);
1080 if ((server
->sec_mode
& SMB2_SEC_MODE_FLAGS_ALL
) != server
->sec_mode
)
1081 cifs_dbg(FYI
, "Server returned unexpected security mode 0x%x\n",
1083 server
->capabilities
= le32_to_cpu(rsp
->Capabilities
);
1084 /* Internal types */
1085 server
->capabilities
|= SMB2_NT_FIND
| SMB2_LARGE_FILES
;
1088 * SMB3.0 supports only 1 cipher and doesn't have a encryption neg context
1089 * Set the cipher type manually.
1091 if (server
->dialect
== SMB30_PROT_ID
&& (server
->capabilities
& SMB2_GLOBAL_CAP_ENCRYPTION
))
1092 server
->cipher_type
= SMB2_ENCRYPTION_AES128_CCM
;
1094 security_blob
= smb2_get_data_area_len(&blob_offset
, &blob_length
,
1095 (struct smb2_hdr
*)rsp
);
1097 * See MS-SMB2 section 2.2.4: if no blob, client picks default which
1099 * ses->sectype = RawNTLMSSP;
1100 * but for time being this is our only auth choice so doesn't matter.
1101 * We just found a server which sets blob length to zero expecting raw.
1103 if (blob_length
== 0) {
1104 cifs_dbg(FYI
, "missing security blob on negprot\n");
1105 server
->sec_ntlmssp
= true;
1108 rc
= cifs_enable_signing(server
, ses
->sign
);
1112 rc
= decode_negTokenInit(security_blob
, blob_length
, server
);
1119 if (rsp
->DialectRevision
== cpu_to_le16(SMB311_PROT_ID
)) {
1120 if (rsp
->NegotiateContextCount
)
1121 rc
= smb311_decode_neg_context(rsp
, server
,
1124 cifs_server_dbg(VFS
, "Missing expected negotiate contexts\n");
1127 free_rsp_buf(resp_buftype
, rsp
);
1131 int smb3_validate_negotiate(const unsigned int xid
, struct cifs_tcon
*tcon
)
1134 struct validate_negotiate_info_req
*pneg_inbuf
;
1135 struct validate_negotiate_info_rsp
*pneg_rsp
= NULL
;
1137 u32 inbuflen
; /* max of 4 dialects */
1138 struct TCP_Server_Info
*server
= tcon
->ses
->server
;
1140 cifs_dbg(FYI
, "validate negotiate\n");
1142 /* In SMB3.11 preauth integrity supersedes validate negotiate */
1143 if (server
->dialect
== SMB311_PROT_ID
)
1147 * validation ioctl must be signed, so no point sending this if we
1148 * can not sign it (ie are not known user). Even if signing is not
1149 * required (enabled but not negotiated), in those cases we selectively
1150 * sign just this, the first and only signed request on a connection.
1151 * Having validation of negotiate info helps reduce attack vectors.
1153 if (tcon
->ses
->session_flags
& SMB2_SESSION_FLAG_IS_GUEST
)
1154 return 0; /* validation requires signing */
1156 if (tcon
->ses
->user_name
== NULL
) {
1157 cifs_dbg(FYI
, "Can't validate negotiate: null user mount\n");
1158 return 0; /* validation requires signing */
1161 if (tcon
->ses
->session_flags
& SMB2_SESSION_FLAG_IS_NULL
)
1162 cifs_tcon_dbg(VFS
, "Unexpected null user (anonymous) auth flag sent by server\n");
1164 pneg_inbuf
= kmalloc(sizeof(*pneg_inbuf
), GFP_NOFS
);
1168 pneg_inbuf
->Capabilities
=
1169 cpu_to_le32(server
->vals
->req_capabilities
);
1170 if (tcon
->ses
->chan_max
> 1)
1171 pneg_inbuf
->Capabilities
|= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL
);
1173 memcpy(pneg_inbuf
->Guid
, server
->client_guid
,
1174 SMB2_CLIENT_GUID_SIZE
);
1176 if (tcon
->ses
->sign
)
1177 pneg_inbuf
->SecurityMode
=
1178 cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED
);
1179 else if (global_secflags
& CIFSSEC_MAY_SIGN
)
1180 pneg_inbuf
->SecurityMode
=
1181 cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED
);
1183 pneg_inbuf
->SecurityMode
= 0;
1186 if (strcmp(server
->vals
->version_string
,
1187 SMB3ANY_VERSION_STRING
) == 0) {
1188 pneg_inbuf
->Dialects
[0] = cpu_to_le16(SMB30_PROT_ID
);
1189 pneg_inbuf
->Dialects
[1] = cpu_to_le16(SMB302_PROT_ID
);
1190 pneg_inbuf
->Dialects
[2] = cpu_to_le16(SMB311_PROT_ID
);
1191 pneg_inbuf
->DialectCount
= cpu_to_le16(3);
1192 /* SMB 2.1 not included so subtract one dialect from len */
1193 inbuflen
= sizeof(*pneg_inbuf
) -
1194 (sizeof(pneg_inbuf
->Dialects
[0]));
1195 } else if (strcmp(server
->vals
->version_string
,
1196 SMBDEFAULT_VERSION_STRING
) == 0) {
1197 pneg_inbuf
->Dialects
[0] = cpu_to_le16(SMB21_PROT_ID
);
1198 pneg_inbuf
->Dialects
[1] = cpu_to_le16(SMB30_PROT_ID
);
1199 pneg_inbuf
->Dialects
[2] = cpu_to_le16(SMB302_PROT_ID
);
1200 pneg_inbuf
->Dialects
[3] = cpu_to_le16(SMB311_PROT_ID
);
1201 pneg_inbuf
->DialectCount
= cpu_to_le16(4);
1202 /* structure is big enough for 4 dialects */
1203 inbuflen
= sizeof(*pneg_inbuf
);
1205 /* otherwise specific dialect was requested */
1206 pneg_inbuf
->Dialects
[0] =
1207 cpu_to_le16(server
->vals
->protocol_id
);
1208 pneg_inbuf
->DialectCount
= cpu_to_le16(1);
1209 /* structure is big enough for 4 dialects, sending only 1 */
1210 inbuflen
= sizeof(*pneg_inbuf
) -
1211 sizeof(pneg_inbuf
->Dialects
[0]) * 3;
1214 rc
= SMB2_ioctl(xid
, tcon
, NO_FILE_ID
, NO_FILE_ID
,
1215 FSCTL_VALIDATE_NEGOTIATE_INFO
,
1216 (char *)pneg_inbuf
, inbuflen
, CIFSMaxBufSize
,
1217 (char **)&pneg_rsp
, &rsplen
);
1218 if (rc
== -EOPNOTSUPP
) {
1220 * Old Windows versions or Netapp SMB server can return
1221 * not supported error. Client should accept it.
1223 cifs_tcon_dbg(VFS
, "Server does not support validate negotiate\n");
1225 goto out_free_inbuf
;
1226 } else if (rc
!= 0) {
1227 cifs_tcon_dbg(VFS
, "validate protocol negotiate failed: %d\n",
1230 goto out_free_inbuf
;
1234 if (rsplen
!= sizeof(*pneg_rsp
)) {
1235 cifs_tcon_dbg(VFS
, "Invalid protocol negotiate response size: %d\n",
1238 /* relax check since Mac returns max bufsize allowed on ioctl */
1239 if (rsplen
> CIFSMaxBufSize
|| rsplen
< sizeof(*pneg_rsp
))
1243 /* check validate negotiate info response matches what we got earlier */
1244 if (pneg_rsp
->Dialect
!= cpu_to_le16(server
->dialect
))
1247 if (pneg_rsp
->SecurityMode
!= cpu_to_le16(server
->sec_mode
))
1250 /* do not validate server guid because not saved at negprot time yet */
1252 if ((le32_to_cpu(pneg_rsp
->Capabilities
) | SMB2_NT_FIND
|
1253 SMB2_LARGE_FILES
) != server
->capabilities
)
1256 /* validate negotiate successful */
1258 cifs_dbg(FYI
, "validate negotiate info successful\n");
1262 cifs_tcon_dbg(VFS
, "protocol revalidation - security settings mismatch\n");
1271 smb2_select_sectype(struct TCP_Server_Info
*server
, enum securityEnum requested
)
1273 switch (requested
) {
1280 if (server
->sec_ntlmssp
&&
1281 (global_secflags
& CIFSSEC_MAY_NTLMSSP
))
1283 if ((server
->sec_kerberos
|| server
->sec_mskerberos
) &&
1284 (global_secflags
& CIFSSEC_MAY_KRB5
))
1292 struct SMB2_sess_data
{
1294 struct cifs_ses
*ses
;
1295 struct TCP_Server_Info
*server
;
1296 struct nls_table
*nls_cp
;
1297 void (*func
)(struct SMB2_sess_data
*);
1299 u64 previous_session
;
1301 /* we will send the SMB in three pieces:
1302 * a fixed length beginning part, an optional
1303 * SPNEGO blob (which can be zero length), and a
1304 * last part which will include the strings
1305 * and rest of bcc area. This allows us to avoid
1306 * a large buffer 17K allocation
1313 SMB2_sess_alloc_buffer(struct SMB2_sess_data
*sess_data
)
1316 struct cifs_ses
*ses
= sess_data
->ses
;
1317 struct TCP_Server_Info
*server
= sess_data
->server
;
1318 struct smb2_sess_setup_req
*req
;
1319 unsigned int total_len
;
1320 bool is_binding
= false;
1322 rc
= smb2_plain_req_init(SMB2_SESSION_SETUP
, NULL
, server
,
1328 spin_lock(&ses
->ses_lock
);
1329 is_binding
= (ses
->ses_status
== SES_GOOD
);
1330 spin_unlock(&ses
->ses_lock
);
1333 req
->hdr
.SessionId
= cpu_to_le64(ses
->Suid
);
1334 req
->hdr
.Flags
|= SMB2_FLAGS_SIGNED
;
1335 req
->PreviousSessionId
= 0;
1336 req
->Flags
= SMB2_SESSION_REQ_FLAG_BINDING
;
1337 cifs_dbg(FYI
, "Binding to sess id: %llx\n", ses
->Suid
);
1339 /* First session, not a reauthenticate */
1340 req
->hdr
.SessionId
= 0;
1342 * if reconnect, we need to send previous sess id
1345 req
->PreviousSessionId
= cpu_to_le64(sess_data
->previous_session
);
1346 req
->Flags
= 0; /* MBZ */
1347 cifs_dbg(FYI
, "Fresh session. Previous: %llx\n",
1348 sess_data
->previous_session
);
1351 /* enough to enable echos and oplocks and one max size write */
1352 if (server
->credits
>= server
->max_credits
)
1353 req
->hdr
.CreditRequest
= cpu_to_le16(0);
1355 req
->hdr
.CreditRequest
= cpu_to_le16(
1356 min_t(int, server
->max_credits
-
1357 server
->credits
, 130));
1359 /* only one of SMB2 signing flags may be set in SMB2 request */
1361 req
->SecurityMode
= SMB2_NEGOTIATE_SIGNING_REQUIRED
;
1362 else if (global_secflags
& CIFSSEC_MAY_SIGN
) /* one flag unlike MUST_ */
1363 req
->SecurityMode
= SMB2_NEGOTIATE_SIGNING_ENABLED
;
1365 req
->SecurityMode
= 0;
1367 #ifdef CONFIG_CIFS_DFS_UPCALL
1368 req
->Capabilities
= cpu_to_le32(SMB2_GLOBAL_CAP_DFS
);
1370 req
->Capabilities
= 0;
1371 #endif /* DFS_UPCALL */
1373 req
->Channel
= 0; /* MBZ */
1375 sess_data
->iov
[0].iov_base
= (char *)req
;
1377 sess_data
->iov
[0].iov_len
= total_len
- 1;
1379 * This variable will be used to clear the buffer
1380 * allocated above in case of any error in the calling function.
1382 sess_data
->buf0_type
= CIFS_SMALL_BUFFER
;
1388 SMB2_sess_free_buffer(struct SMB2_sess_data
*sess_data
)
1390 struct kvec
*iov
= sess_data
->iov
;
1392 /* iov[1] is already freed by caller */
1393 if (sess_data
->buf0_type
!= CIFS_NO_BUFFER
&& iov
[0].iov_base
)
1394 memzero_explicit(iov
[0].iov_base
, iov
[0].iov_len
);
1396 free_rsp_buf(sess_data
->buf0_type
, iov
[0].iov_base
);
1397 sess_data
->buf0_type
= CIFS_NO_BUFFER
;
1401 SMB2_sess_sendreceive(struct SMB2_sess_data
*sess_data
)
1404 struct smb_rqst rqst
;
1405 struct smb2_sess_setup_req
*req
= sess_data
->iov
[0].iov_base
;
1406 struct kvec rsp_iov
= { NULL
, 0 };
1408 /* Testing shows that buffer offset must be at location of Buffer[0] */
1409 req
->SecurityBufferOffset
=
1410 cpu_to_le16(sizeof(struct smb2_sess_setup_req
));
1411 req
->SecurityBufferLength
= cpu_to_le16(sess_data
->iov
[1].iov_len
);
1413 memset(&rqst
, 0, sizeof(struct smb_rqst
));
1414 rqst
.rq_iov
= sess_data
->iov
;
1417 /* BB add code to build os and lm fields */
1418 rc
= cifs_send_recv(sess_data
->xid
, sess_data
->ses
,
1421 &sess_data
->buf0_type
,
1422 CIFS_LOG_ERROR
| CIFS_SESS_OP
, &rsp_iov
);
1423 cifs_small_buf_release(sess_data
->iov
[0].iov_base
);
1424 memcpy(&sess_data
->iov
[0], &rsp_iov
, sizeof(struct kvec
));
1430 SMB2_sess_establish_session(struct SMB2_sess_data
*sess_data
)
1433 struct cifs_ses
*ses
= sess_data
->ses
;
1434 struct TCP_Server_Info
*server
= sess_data
->server
;
1436 cifs_server_lock(server
);
1437 if (server
->ops
->generate_signingkey
) {
1438 rc
= server
->ops
->generate_signingkey(ses
, server
);
1441 "SMB3 session key generation failed\n");
1442 cifs_server_unlock(server
);
1446 if (!server
->session_estab
) {
1447 server
->sequence_number
= 0x2;
1448 server
->session_estab
= true;
1450 cifs_server_unlock(server
);
1452 cifs_dbg(FYI
, "SMB2/3 session established successfully\n");
1456 #ifdef CONFIG_CIFS_UPCALL
1458 SMB2_auth_kerberos(struct SMB2_sess_data
*sess_data
)
1461 struct cifs_ses
*ses
= sess_data
->ses
;
1462 struct TCP_Server_Info
*server
= sess_data
->server
;
1463 struct cifs_spnego_msg
*msg
;
1464 struct key
*spnego_key
= NULL
;
1465 struct smb2_sess_setup_rsp
*rsp
= NULL
;
1466 bool is_binding
= false;
1468 rc
= SMB2_sess_alloc_buffer(sess_data
);
1472 spnego_key
= cifs_get_spnego_key(ses
, server
);
1473 if (IS_ERR(spnego_key
)) {
1474 rc
= PTR_ERR(spnego_key
);
1476 cifs_dbg(VFS
, "Verify user has a krb5 ticket and keyutils is installed\n");
1481 msg
= spnego_key
->payload
.data
[0];
1483 * check version field to make sure that cifs.upcall is
1484 * sending us a response in an expected form
1486 if (msg
->version
!= CIFS_SPNEGO_UPCALL_VERSION
) {
1487 cifs_dbg(VFS
, "bad cifs.upcall version. Expected %d got %d\n",
1488 CIFS_SPNEGO_UPCALL_VERSION
, msg
->version
);
1490 goto out_put_spnego_key
;
1493 spin_lock(&ses
->ses_lock
);
1494 is_binding
= (ses
->ses_status
== SES_GOOD
);
1495 spin_unlock(&ses
->ses_lock
);
1497 /* keep session key if binding */
1499 kfree_sensitive(ses
->auth_key
.response
);
1500 ses
->auth_key
.response
= kmemdup(msg
->data
, msg
->sesskey_len
,
1502 if (!ses
->auth_key
.response
) {
1503 cifs_dbg(VFS
, "Kerberos can't allocate (%u bytes) memory\n",
1506 goto out_put_spnego_key
;
1508 ses
->auth_key
.len
= msg
->sesskey_len
;
1511 sess_data
->iov
[1].iov_base
= msg
->data
+ msg
->sesskey_len
;
1512 sess_data
->iov
[1].iov_len
= msg
->secblob_len
;
1514 rc
= SMB2_sess_sendreceive(sess_data
);
1516 goto out_put_spnego_key
;
1518 rsp
= (struct smb2_sess_setup_rsp
*)sess_data
->iov
[0].iov_base
;
1519 /* keep session id and flags if binding */
1521 ses
->Suid
= le64_to_cpu(rsp
->hdr
.SessionId
);
1522 ses
->session_flags
= le16_to_cpu(rsp
->SessionFlags
);
1525 rc
= SMB2_sess_establish_session(sess_data
);
1527 key_invalidate(spnego_key
);
1528 key_put(spnego_key
);
1530 kfree_sensitive(ses
->auth_key
.response
);
1531 ses
->auth_key
.response
= NULL
;
1532 ses
->auth_key
.len
= 0;
1535 sess_data
->result
= rc
;
1536 sess_data
->func
= NULL
;
1537 SMB2_sess_free_buffer(sess_data
);
1541 SMB2_auth_kerberos(struct SMB2_sess_data
*sess_data
)
1543 cifs_dbg(VFS
, "Kerberos negotiated but upcall support disabled!\n");
1544 sess_data
->result
= -EOPNOTSUPP
;
1545 sess_data
->func
= NULL
;
1550 SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data
*sess_data
);
1553 SMB2_sess_auth_rawntlmssp_negotiate(struct SMB2_sess_data
*sess_data
)
1556 struct cifs_ses
*ses
= sess_data
->ses
;
1557 struct TCP_Server_Info
*server
= sess_data
->server
;
1558 struct smb2_sess_setup_rsp
*rsp
= NULL
;
1559 unsigned char *ntlmssp_blob
= NULL
;
1560 bool use_spnego
= false; /* else use raw ntlmssp */
1561 u16 blob_length
= 0;
1562 bool is_binding
= false;
1565 * If memory allocation is successful, caller of this function
1568 ses
->ntlmssp
= kmalloc(sizeof(struct ntlmssp_auth
), GFP_KERNEL
);
1569 if (!ses
->ntlmssp
) {
1573 ses
->ntlmssp
->sesskey_per_smbsess
= true;
1575 rc
= SMB2_sess_alloc_buffer(sess_data
);
1579 rc
= build_ntlmssp_smb3_negotiate_blob(&ntlmssp_blob
,
1580 &blob_length
, ses
, server
,
1586 /* BB eventually need to add this */
1587 cifs_dbg(VFS
, "spnego not supported for SMB2 yet\n");
1591 sess_data
->iov
[1].iov_base
= ntlmssp_blob
;
1592 sess_data
->iov
[1].iov_len
= blob_length
;
1594 rc
= SMB2_sess_sendreceive(sess_data
);
1595 rsp
= (struct smb2_sess_setup_rsp
*)sess_data
->iov
[0].iov_base
;
1597 /* If true, rc here is expected and not an error */
1598 if (sess_data
->buf0_type
!= CIFS_NO_BUFFER
&&
1599 rsp
->hdr
.Status
== STATUS_MORE_PROCESSING_REQUIRED
)
1605 if (offsetof(struct smb2_sess_setup_rsp
, Buffer
) !=
1606 le16_to_cpu(rsp
->SecurityBufferOffset
)) {
1607 cifs_dbg(VFS
, "Invalid security buffer offset %d\n",
1608 le16_to_cpu(rsp
->SecurityBufferOffset
));
1612 rc
= decode_ntlmssp_challenge(rsp
->Buffer
,
1613 le16_to_cpu(rsp
->SecurityBufferLength
), ses
);
1617 cifs_dbg(FYI
, "rawntlmssp session setup challenge phase\n");
1619 spin_lock(&ses
->ses_lock
);
1620 is_binding
= (ses
->ses_status
== SES_GOOD
);
1621 spin_unlock(&ses
->ses_lock
);
1623 /* keep existing ses id and flags if binding */
1625 ses
->Suid
= le64_to_cpu(rsp
->hdr
.SessionId
);
1626 ses
->session_flags
= le16_to_cpu(rsp
->SessionFlags
);
1630 kfree_sensitive(ntlmssp_blob
);
1631 SMB2_sess_free_buffer(sess_data
);
1633 sess_data
->result
= 0;
1634 sess_data
->func
= SMB2_sess_auth_rawntlmssp_authenticate
;
1638 kfree_sensitive(ses
->ntlmssp
);
1639 ses
->ntlmssp
= NULL
;
1640 sess_data
->result
= rc
;
1641 sess_data
->func
= NULL
;
1645 SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data
*sess_data
)
1648 struct cifs_ses
*ses
= sess_data
->ses
;
1649 struct TCP_Server_Info
*server
= sess_data
->server
;
1650 struct smb2_sess_setup_req
*req
;
1651 struct smb2_sess_setup_rsp
*rsp
= NULL
;
1652 unsigned char *ntlmssp_blob
= NULL
;
1653 bool use_spnego
= false; /* else use raw ntlmssp */
1654 u16 blob_length
= 0;
1655 bool is_binding
= false;
1657 rc
= SMB2_sess_alloc_buffer(sess_data
);
1661 req
= (struct smb2_sess_setup_req
*) sess_data
->iov
[0].iov_base
;
1662 req
->hdr
.SessionId
= cpu_to_le64(ses
->Suid
);
1664 rc
= build_ntlmssp_auth_blob(&ntlmssp_blob
, &blob_length
,
1668 cifs_dbg(FYI
, "build_ntlmssp_auth_blob failed %d\n", rc
);
1673 /* BB eventually need to add this */
1674 cifs_dbg(VFS
, "spnego not supported for SMB2 yet\n");
1678 sess_data
->iov
[1].iov_base
= ntlmssp_blob
;
1679 sess_data
->iov
[1].iov_len
= blob_length
;
1681 rc
= SMB2_sess_sendreceive(sess_data
);
1685 rsp
= (struct smb2_sess_setup_rsp
*)sess_data
->iov
[0].iov_base
;
1687 spin_lock(&ses
->ses_lock
);
1688 is_binding
= (ses
->ses_status
== SES_GOOD
);
1689 spin_unlock(&ses
->ses_lock
);
1691 /* keep existing ses id and flags if binding */
1693 ses
->Suid
= le64_to_cpu(rsp
->hdr
.SessionId
);
1694 ses
->session_flags
= le16_to_cpu(rsp
->SessionFlags
);
1697 rc
= SMB2_sess_establish_session(sess_data
);
1698 #ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS
1699 if (ses
->server
->dialect
< SMB30_PROT_ID
) {
1700 cifs_dbg(VFS
, "%s: dumping generated SMB2 session keys\n", __func__
);
1702 * The session id is opaque in terms of endianness, so we can't
1703 * print it as a long long. we dump it as we got it on the wire
1705 cifs_dbg(VFS
, "Session Id %*ph\n", (int)sizeof(ses
->Suid
),
1707 cifs_dbg(VFS
, "Session Key %*ph\n",
1708 SMB2_NTLMV2_SESSKEY_SIZE
, ses
->auth_key
.response
);
1709 cifs_dbg(VFS
, "Signing Key %*ph\n",
1710 SMB3_SIGN_KEY_SIZE
, ses
->auth_key
.response
);
1714 kfree_sensitive(ntlmssp_blob
);
1715 SMB2_sess_free_buffer(sess_data
);
1716 kfree_sensitive(ses
->ntlmssp
);
1717 ses
->ntlmssp
= NULL
;
1718 sess_data
->result
= rc
;
1719 sess_data
->func
= NULL
;
1723 SMB2_select_sec(struct SMB2_sess_data
*sess_data
)
1726 struct cifs_ses
*ses
= sess_data
->ses
;
1727 struct TCP_Server_Info
*server
= sess_data
->server
;
1729 type
= smb2_select_sectype(server
, ses
->sectype
);
1730 cifs_dbg(FYI
, "sess setup type %d\n", type
);
1731 if (type
== Unspecified
) {
1732 cifs_dbg(VFS
, "Unable to select appropriate authentication method!\n");
1738 sess_data
->func
= SMB2_auth_kerberos
;
1741 sess_data
->func
= SMB2_sess_auth_rawntlmssp_negotiate
;
1744 cifs_dbg(VFS
, "secType %d not supported!\n", type
);
1752 SMB2_sess_setup(const unsigned int xid
, struct cifs_ses
*ses
,
1753 struct TCP_Server_Info
*server
,
1754 const struct nls_table
*nls_cp
)
1757 struct SMB2_sess_data
*sess_data
;
1759 cifs_dbg(FYI
, "Session Setup\n");
1762 WARN(1, "%s: server is NULL!\n", __func__
);
1766 sess_data
= kzalloc(sizeof(struct SMB2_sess_data
), GFP_KERNEL
);
1770 sess_data
->xid
= xid
;
1771 sess_data
->ses
= ses
;
1772 sess_data
->server
= server
;
1773 sess_data
->buf0_type
= CIFS_NO_BUFFER
;
1774 sess_data
->nls_cp
= (struct nls_table
*) nls_cp
;
1775 sess_data
->previous_session
= ses
->Suid
;
1777 rc
= SMB2_select_sec(sess_data
);
1782 * Initialize the session hash with the server one.
1784 memcpy(ses
->preauth_sha_hash
, server
->preauth_sha_hash
,
1785 SMB2_PREAUTH_HASH_SIZE
);
1787 while (sess_data
->func
)
1788 sess_data
->func(sess_data
);
1790 if ((ses
->session_flags
& SMB2_SESSION_FLAG_IS_GUEST
) && (ses
->sign
))
1791 cifs_server_dbg(VFS
, "signing requested but authenticated as guest\n");
1792 rc
= sess_data
->result
;
1794 kfree_sensitive(sess_data
);
1799 SMB2_logoff(const unsigned int xid
, struct cifs_ses
*ses
)
1801 struct smb_rqst rqst
;
1802 struct smb2_logoff_req
*req
; /* response is also trivial struct */
1804 struct TCP_Server_Info
*server
;
1806 unsigned int total_len
;
1808 struct kvec rsp_iov
;
1811 cifs_dbg(FYI
, "disconnect session %p\n", ses
);
1813 if (ses
&& (ses
->server
))
1814 server
= ses
->server
;
1818 /* no need to send SMB logoff if uid already closed due to reconnect */
1819 spin_lock(&ses
->chan_lock
);
1820 if (CIFS_ALL_CHANS_NEED_RECONNECT(ses
)) {
1821 spin_unlock(&ses
->chan_lock
);
1822 goto smb2_session_already_dead
;
1824 spin_unlock(&ses
->chan_lock
);
1826 rc
= smb2_plain_req_init(SMB2_LOGOFF
, NULL
, ses
->server
,
1827 (void **) &req
, &total_len
);
1831 /* since no tcon, smb2_init can not do this, so do here */
1832 req
->hdr
.SessionId
= cpu_to_le64(ses
->Suid
);
1834 if (ses
->session_flags
& SMB2_SESSION_FLAG_ENCRYPT_DATA
)
1835 flags
|= CIFS_TRANSFORM_REQ
;
1836 else if (server
->sign
)
1837 req
->hdr
.Flags
|= SMB2_FLAGS_SIGNED
;
1839 flags
|= CIFS_NO_RSP_BUF
;
1841 iov
[0].iov_base
= (char *)req
;
1842 iov
[0].iov_len
= total_len
;
1844 memset(&rqst
, 0, sizeof(struct smb_rqst
));
1848 rc
= cifs_send_recv(xid
, ses
, ses
->server
,
1849 &rqst
, &resp_buf_type
, flags
, &rsp_iov
);
1850 cifs_small_buf_release(req
);
1852 * No tcon so can't do
1853 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
1856 smb2_session_already_dead
:
1860 static inline void cifs_stats_fail_inc(struct cifs_tcon
*tcon
, uint16_t code
)
1862 cifs_stats_inc(&tcon
->stats
.smb2_stats
.smb2_com_failed
[code
]);
1865 #define MAX_SHARENAME_LENGTH (255 /* server */ + 80 /* share */ + 1 /* NULL */)
1867 /* These are similar values to what Windows uses */
1868 static inline void init_copy_chunk_defaults(struct cifs_tcon
*tcon
)
1870 tcon
->max_chunks
= 256;
1871 tcon
->max_bytes_chunk
= 1048576;
1872 tcon
->max_bytes_copy
= 16777216;
1876 SMB2_tcon(const unsigned int xid
, struct cifs_ses
*ses
, const char *tree
,
1877 struct cifs_tcon
*tcon
, const struct nls_table
*cp
)
1879 struct smb_rqst rqst
;
1880 struct smb2_tree_connect_req
*req
;
1881 struct smb2_tree_connect_rsp
*rsp
= NULL
;
1883 struct kvec rsp_iov
= { NULL
, 0 };
1887 __le16
*unc_path
= NULL
;
1889 unsigned int total_len
;
1890 struct TCP_Server_Info
*server
;
1892 /* always use master channel */
1893 server
= ses
->server
;
1895 cifs_dbg(FYI
, "TCON\n");
1897 if (!server
|| !tree
)
1900 unc_path
= kmalloc(MAX_SHARENAME_LENGTH
* 2, GFP_KERNEL
);
1901 if (unc_path
== NULL
)
1904 unc_path_len
= cifs_strtoUTF16(unc_path
, tree
, strlen(tree
), cp
);
1905 if (unc_path_len
<= 0) {
1911 /* SMB2 TREE_CONNECT request must be called with TreeId == 0 */
1913 atomic_set(&tcon
->num_remote_opens
, 0);
1914 rc
= smb2_plain_req_init(SMB2_TREE_CONNECT
, tcon
, server
,
1915 (void **) &req
, &total_len
);
1921 if (smb3_encryption_required(tcon
))
1922 flags
|= CIFS_TRANSFORM_REQ
;
1924 iov
[0].iov_base
= (char *)req
;
1926 iov
[0].iov_len
= total_len
- 1;
1928 /* Testing shows that buffer offset must be at location of Buffer[0] */
1929 req
->PathOffset
= cpu_to_le16(sizeof(struct smb2_tree_connect_req
));
1930 req
->PathLength
= cpu_to_le16(unc_path_len
);
1931 iov
[1].iov_base
= unc_path
;
1932 iov
[1].iov_len
= unc_path_len
;
1935 * 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1
1936 * unless it is guest or anonymous user. See MS-SMB2 3.2.5.3.1
1937 * (Samba servers don't always set the flag so also check if null user)
1939 if ((server
->dialect
== SMB311_PROT_ID
) &&
1940 !smb3_encryption_required(tcon
) &&
1941 !(ses
->session_flags
&
1942 (SMB2_SESSION_FLAG_IS_GUEST
|SMB2_SESSION_FLAG_IS_NULL
)) &&
1943 ((ses
->user_name
!= NULL
) || (ses
->sectype
== Kerberos
)))
1944 req
->hdr
.Flags
|= SMB2_FLAGS_SIGNED
;
1946 memset(&rqst
, 0, sizeof(struct smb_rqst
));
1950 /* Need 64 for max size write so ask for more in case not there yet */
1951 if (server
->credits
>= server
->max_credits
)
1952 req
->hdr
.CreditRequest
= cpu_to_le16(0);
1954 req
->hdr
.CreditRequest
= cpu_to_le16(
1955 min_t(int, server
->max_credits
-
1956 server
->credits
, 64));
1958 rc
= cifs_send_recv(xid
, ses
, server
,
1959 &rqst
, &resp_buftype
, flags
, &rsp_iov
);
1960 cifs_small_buf_release(req
);
1961 rsp
= (struct smb2_tree_connect_rsp
*)rsp_iov
.iov_base
;
1962 trace_smb3_tcon(xid
, tcon
->tid
, ses
->Suid
, tree
, rc
);
1963 if ((rc
!= 0) || (rsp
== NULL
)) {
1964 cifs_stats_fail_inc(tcon
, SMB2_TREE_CONNECT_HE
);
1965 tcon
->need_reconnect
= true;
1966 goto tcon_error_exit
;
1969 switch (rsp
->ShareType
) {
1970 case SMB2_SHARE_TYPE_DISK
:
1971 cifs_dbg(FYI
, "connection to disk share\n");
1973 case SMB2_SHARE_TYPE_PIPE
:
1975 cifs_dbg(FYI
, "connection to pipe share\n");
1977 case SMB2_SHARE_TYPE_PRINT
:
1979 cifs_dbg(FYI
, "connection to printer\n");
1982 cifs_server_dbg(VFS
, "unknown share type %d\n", rsp
->ShareType
);
1984 goto tcon_error_exit
;
1987 tcon
->share_flags
= le32_to_cpu(rsp
->ShareFlags
);
1988 tcon
->capabilities
= rsp
->Capabilities
; /* we keep caps little endian */
1989 tcon
->maximal_access
= le32_to_cpu(rsp
->MaximalAccess
);
1990 tcon
->tid
= le32_to_cpu(rsp
->hdr
.Id
.SyncId
.TreeId
);
1991 strscpy(tcon
->tree_name
, tree
, sizeof(tcon
->tree_name
));
1993 if ((rsp
->Capabilities
& SMB2_SHARE_CAP_DFS
) &&
1994 ((tcon
->share_flags
& SHI1005_FLAGS_DFS
) == 0))
1995 cifs_tcon_dbg(VFS
, "DFS capability contradicts DFS flag\n");
1998 !(server
->capabilities
& SMB2_GLOBAL_CAP_ENCRYPTION
))
1999 cifs_tcon_dbg(VFS
, "Encryption is requested but not supported\n");
2001 init_copy_chunk_defaults(tcon
);
2002 if (server
->ops
->validate_negotiate
)
2003 rc
= server
->ops
->validate_negotiate(xid
, tcon
);
2004 if (rc
== 0) /* See MS-SMB2 2.2.10 and 3.2.5.5 */
2005 if (tcon
->share_flags
& SMB2_SHAREFLAG_ISOLATED_TRANSPORT
)
2006 server
->nosharesock
= true;
2009 free_rsp_buf(resp_buftype
, rsp
);
2014 if (rsp
&& rsp
->hdr
.Status
== STATUS_BAD_NETWORK_NAME
)
2015 cifs_tcon_dbg(VFS
, "BAD_NETWORK_NAME: %s\n", tree
);
2020 SMB2_tdis(const unsigned int xid
, struct cifs_tcon
*tcon
)
2022 struct smb_rqst rqst
;
2023 struct smb2_tree_disconnect_req
*req
; /* response is trivial */
2025 struct cifs_ses
*ses
= tcon
->ses
;
2027 unsigned int total_len
;
2029 struct kvec rsp_iov
;
2032 cifs_dbg(FYI
, "Tree Disconnect\n");
2034 if (!ses
|| !(ses
->server
))
2037 trace_smb3_tdis_enter(xid
, tcon
->tid
, ses
->Suid
, tcon
->tree_name
);
2038 spin_lock(&ses
->chan_lock
);
2039 if ((tcon
->need_reconnect
) ||
2040 (CIFS_ALL_CHANS_NEED_RECONNECT(tcon
->ses
))) {
2041 spin_unlock(&ses
->chan_lock
);
2044 spin_unlock(&ses
->chan_lock
);
2046 invalidate_all_cached_dirs(tcon
);
2048 rc
= smb2_plain_req_init(SMB2_TREE_DISCONNECT
, tcon
, ses
->server
,
2054 if (smb3_encryption_required(tcon
))
2055 flags
|= CIFS_TRANSFORM_REQ
;
2057 flags
|= CIFS_NO_RSP_BUF
;
2059 iov
[0].iov_base
= (char *)req
;
2060 iov
[0].iov_len
= total_len
;
2062 memset(&rqst
, 0, sizeof(struct smb_rqst
));
2066 rc
= cifs_send_recv(xid
, ses
, ses
->server
,
2067 &rqst
, &resp_buf_type
, flags
, &rsp_iov
);
2068 cifs_small_buf_release(req
);
2070 cifs_stats_fail_inc(tcon
, SMB2_TREE_DISCONNECT_HE
);
2071 trace_smb3_tdis_err(xid
, tcon
->tid
, ses
->Suid
, rc
);
2073 trace_smb3_tdis_done(xid
, tcon
->tid
, ses
->Suid
);
2079 static struct create_durable
*
2080 create_durable_buf(void)
2082 struct create_durable
*buf
;
2084 buf
= kzalloc(sizeof(struct create_durable
), GFP_KERNEL
);
2088 buf
->ccontext
.DataOffset
= cpu_to_le16(offsetof
2089 (struct create_durable
, Data
));
2090 buf
->ccontext
.DataLength
= cpu_to_le32(16);
2091 buf
->ccontext
.NameOffset
= cpu_to_le16(offsetof
2092 (struct create_durable
, Name
));
2093 buf
->ccontext
.NameLength
= cpu_to_le16(4);
2094 /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DHnQ" */
2102 static struct create_durable
*
2103 create_reconnect_durable_buf(struct cifs_fid
*fid
)
2105 struct create_durable
*buf
;
2107 buf
= kzalloc(sizeof(struct create_durable
), GFP_KERNEL
);
2111 buf
->ccontext
.DataOffset
= cpu_to_le16(offsetof
2112 (struct create_durable
, Data
));
2113 buf
->ccontext
.DataLength
= cpu_to_le32(16);
2114 buf
->ccontext
.NameOffset
= cpu_to_le16(offsetof
2115 (struct create_durable
, Name
));
2116 buf
->ccontext
.NameLength
= cpu_to_le16(4);
2117 buf
->Data
.Fid
.PersistentFileId
= fid
->persistent_fid
;
2118 buf
->Data
.Fid
.VolatileFileId
= fid
->volatile_fid
;
2119 /* SMB2_CREATE_DURABLE_HANDLE_RECONNECT is "DHnC" */
2128 parse_query_id_ctxt(struct create_context
*cc
, struct smb2_file_all_info
*buf
)
2130 struct create_disk_id_rsp
*pdisk_id
= (struct create_disk_id_rsp
*)cc
;
2132 cifs_dbg(FYI
, "parse query id context 0x%llx 0x%llx\n",
2133 pdisk_id
->DiskFileId
, pdisk_id
->VolumeId
);
2134 buf
->IndexNumber
= pdisk_id
->DiskFileId
;
2138 parse_posix_ctxt(struct create_context
*cc
, struct smb2_file_all_info
*info
,
2139 struct create_posix_rsp
*posix
)
2142 u8
*beg
= (u8
*)cc
+ le16_to_cpu(cc
->DataOffset
);
2143 u8
*end
= beg
+ le32_to_cpu(cc
->DataLength
);
2146 memset(posix
, 0, sizeof(*posix
));
2148 posix
->nlink
= le32_to_cpu(*(__le32
*)(beg
+ 0));
2149 posix
->reparse_tag
= le32_to_cpu(*(__le32
*)(beg
+ 4));
2150 posix
->mode
= le32_to_cpu(*(__le32
*)(beg
+ 8));
2153 sid_len
= posix_info_sid_size(sid
, end
);
2155 cifs_dbg(VFS
, "bad owner sid in posix create response\n");
2158 memcpy(&posix
->owner
, sid
, sid_len
);
2160 sid
= sid
+ sid_len
;
2161 sid_len
= posix_info_sid_size(sid
, end
);
2163 cifs_dbg(VFS
, "bad group sid in posix create response\n");
2166 memcpy(&posix
->group
, sid
, sid_len
);
2168 cifs_dbg(FYI
, "nlink=%d mode=%o reparse_tag=%x\n",
2169 posix
->nlink
, posix
->mode
, posix
->reparse_tag
);
2173 smb2_parse_contexts(struct TCP_Server_Info
*server
,
2174 struct smb2_create_rsp
*rsp
,
2175 unsigned int *epoch
, char *lease_key
, __u8
*oplock
,
2176 struct smb2_file_all_info
*buf
,
2177 struct create_posix_rsp
*posix
)
2180 struct create_context
*cc
;
2182 unsigned int remaining
;
2184 static const char smb3_create_tag_posix
[] = {
2185 0x93, 0xAD, 0x25, 0x50, 0x9C,
2186 0xB4, 0x11, 0xE7, 0xB4, 0x23, 0x83,
2187 0xDE, 0x96, 0x8B, 0xCD, 0x7C
2191 data_offset
= (char *)rsp
+ le32_to_cpu(rsp
->CreateContextsOffset
);
2192 remaining
= le32_to_cpu(rsp
->CreateContextsLength
);
2193 cc
= (struct create_context
*)data_offset
;
2195 /* Initialize inode number to 0 in case no valid data in qfid context */
2197 buf
->IndexNumber
= 0;
2199 while (remaining
>= sizeof(struct create_context
)) {
2200 name
= le16_to_cpu(cc
->NameOffset
) + (char *)cc
;
2201 if (le16_to_cpu(cc
->NameLength
) == 4 &&
2202 strncmp(name
, SMB2_CREATE_REQUEST_LEASE
, 4) == 0)
2203 *oplock
= server
->ops
->parse_lease_buf(cc
, epoch
,
2205 else if (buf
&& (le16_to_cpu(cc
->NameLength
) == 4) &&
2206 strncmp(name
, SMB2_CREATE_QUERY_ON_DISK_ID
, 4) == 0)
2207 parse_query_id_ctxt(cc
, buf
);
2208 else if ((le16_to_cpu(cc
->NameLength
) == 16)) {
2210 memcmp(name
, smb3_create_tag_posix
, 16) == 0)
2211 parse_posix_ctxt(cc
, buf
, posix
);
2214 cifs_dbg(FYI, "Context not matched with len %d\n",
2215 le16_to_cpu(cc->NameLength));
2216 cifs_dump_mem("Cctxt name: ", name, 4);
2219 next
= le32_to_cpu(cc
->Next
);
2223 cc
= (struct create_context
*)((char *)cc
+ next
);
2226 if (rsp
->OplockLevel
!= SMB2_OPLOCK_LEVEL_LEASE
)
2227 *oplock
= rsp
->OplockLevel
;
2233 add_lease_context(struct TCP_Server_Info
*server
,
2234 struct smb2_create_req
*req
,
2236 unsigned int *num_iovec
, u8
*lease_key
, __u8
*oplock
)
2238 unsigned int num
= *num_iovec
;
2240 iov
[num
].iov_base
= server
->ops
->create_lease_buf(lease_key
, *oplock
);
2241 if (iov
[num
].iov_base
== NULL
)
2243 iov
[num
].iov_len
= server
->vals
->create_lease_size
;
2244 req
->RequestedOplockLevel
= SMB2_OPLOCK_LEVEL_LEASE
;
2245 *num_iovec
= num
+ 1;
2249 static struct create_durable_v2
*
2250 create_durable_v2_buf(struct cifs_open_parms
*oparms
)
2252 struct cifs_fid
*pfid
= oparms
->fid
;
2253 struct create_durable_v2
*buf
;
2255 buf
= kzalloc(sizeof(struct create_durable_v2
), GFP_KERNEL
);
2259 buf
->ccontext
.DataOffset
= cpu_to_le16(offsetof
2260 (struct create_durable_v2
, dcontext
));
2261 buf
->ccontext
.DataLength
= cpu_to_le32(sizeof(struct durable_context_v2
));
2262 buf
->ccontext
.NameOffset
= cpu_to_le16(offsetof
2263 (struct create_durable_v2
, Name
));
2264 buf
->ccontext
.NameLength
= cpu_to_le16(4);
2267 * NB: Handle timeout defaults to 0, which allows server to choose
2268 * (most servers default to 120 seconds) and most clients default to 0.
2269 * This can be overridden at mount ("handletimeout=") if the user wants
2270 * a different persistent (or resilient) handle timeout for all opens
2271 * on a particular SMB3 mount.
2273 buf
->dcontext
.Timeout
= cpu_to_le32(oparms
->tcon
->handle_timeout
);
2274 buf
->dcontext
.Flags
= cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT
);
2275 generate_random_uuid(buf
->dcontext
.CreateGuid
);
2276 memcpy(pfid
->create_guid
, buf
->dcontext
.CreateGuid
, 16);
2278 /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DH2Q" */
2286 static struct create_durable_handle_reconnect_v2
*
2287 create_reconnect_durable_v2_buf(struct cifs_fid
*fid
)
2289 struct create_durable_handle_reconnect_v2
*buf
;
2291 buf
= kzalloc(sizeof(struct create_durable_handle_reconnect_v2
),
2296 buf
->ccontext
.DataOffset
=
2297 cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2
,
2299 buf
->ccontext
.DataLength
=
2300 cpu_to_le32(sizeof(struct durable_reconnect_context_v2
));
2301 buf
->ccontext
.NameOffset
=
2302 cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2
,
2304 buf
->ccontext
.NameLength
= cpu_to_le16(4);
2306 buf
->dcontext
.Fid
.PersistentFileId
= fid
->persistent_fid
;
2307 buf
->dcontext
.Fid
.VolatileFileId
= fid
->volatile_fid
;
2308 buf
->dcontext
.Flags
= cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT
);
2309 memcpy(buf
->dcontext
.CreateGuid
, fid
->create_guid
, 16);
2311 /* SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 is "DH2C" */
2320 add_durable_v2_context(struct kvec
*iov
, unsigned int *num_iovec
,
2321 struct cifs_open_parms
*oparms
)
2323 unsigned int num
= *num_iovec
;
2325 iov
[num
].iov_base
= create_durable_v2_buf(oparms
);
2326 if (iov
[num
].iov_base
== NULL
)
2328 iov
[num
].iov_len
= sizeof(struct create_durable_v2
);
2329 *num_iovec
= num
+ 1;
2334 add_durable_reconnect_v2_context(struct kvec
*iov
, unsigned int *num_iovec
,
2335 struct cifs_open_parms
*oparms
)
2337 unsigned int num
= *num_iovec
;
2339 /* indicate that we don't need to relock the file */
2340 oparms
->reconnect
= false;
2342 iov
[num
].iov_base
= create_reconnect_durable_v2_buf(oparms
->fid
);
2343 if (iov
[num
].iov_base
== NULL
)
2345 iov
[num
].iov_len
= sizeof(struct create_durable_handle_reconnect_v2
);
2346 *num_iovec
= num
+ 1;
2351 add_durable_context(struct kvec
*iov
, unsigned int *num_iovec
,
2352 struct cifs_open_parms
*oparms
, bool use_persistent
)
2354 unsigned int num
= *num_iovec
;
2356 if (use_persistent
) {
2357 if (oparms
->reconnect
)
2358 return add_durable_reconnect_v2_context(iov
, num_iovec
,
2361 return add_durable_v2_context(iov
, num_iovec
, oparms
);
2364 if (oparms
->reconnect
) {
2365 iov
[num
].iov_base
= create_reconnect_durable_buf(oparms
->fid
);
2366 /* indicate that we don't need to relock the file */
2367 oparms
->reconnect
= false;
2369 iov
[num
].iov_base
= create_durable_buf();
2370 if (iov
[num
].iov_base
== NULL
)
2372 iov
[num
].iov_len
= sizeof(struct create_durable
);
2373 *num_iovec
= num
+ 1;
2377 /* See MS-SMB2 2.2.13.2.7 */
2378 static struct crt_twarp_ctxt
*
2379 create_twarp_buf(__u64 timewarp
)
2381 struct crt_twarp_ctxt
*buf
;
2383 buf
= kzalloc(sizeof(struct crt_twarp_ctxt
), GFP_KERNEL
);
2387 buf
->ccontext
.DataOffset
= cpu_to_le16(offsetof
2388 (struct crt_twarp_ctxt
, Timestamp
));
2389 buf
->ccontext
.DataLength
= cpu_to_le32(8);
2390 buf
->ccontext
.NameOffset
= cpu_to_le16(offsetof
2391 (struct crt_twarp_ctxt
, Name
));
2392 buf
->ccontext
.NameLength
= cpu_to_le16(4);
2393 /* SMB2_CREATE_TIMEWARP_TOKEN is "TWrp" */
2398 buf
->Timestamp
= cpu_to_le64(timewarp
);
2402 /* See MS-SMB2 2.2.13.2.7 */
2404 add_twarp_context(struct kvec
*iov
, unsigned int *num_iovec
, __u64 timewarp
)
2406 unsigned int num
= *num_iovec
;
2408 iov
[num
].iov_base
= create_twarp_buf(timewarp
);
2409 if (iov
[num
].iov_base
== NULL
)
2411 iov
[num
].iov_len
= sizeof(struct crt_twarp_ctxt
);
2412 *num_iovec
= num
+ 1;
2416 /* See http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx */
2417 static void setup_owner_group_sids(char *buf
)
2419 struct owner_group_sids
*sids
= (struct owner_group_sids
*)buf
;
2421 /* Populate the user ownership fields S-1-5-88-1 */
2422 sids
->owner
.Revision
= 1;
2423 sids
->owner
.NumAuth
= 3;
2424 sids
->owner
.Authority
[5] = 5;
2425 sids
->owner
.SubAuthorities
[0] = cpu_to_le32(88);
2426 sids
->owner
.SubAuthorities
[1] = cpu_to_le32(1);
2427 sids
->owner
.SubAuthorities
[2] = cpu_to_le32(current_fsuid().val
);
2429 /* Populate the group ownership fields S-1-5-88-2 */
2430 sids
->group
.Revision
= 1;
2431 sids
->group
.NumAuth
= 3;
2432 sids
->group
.Authority
[5] = 5;
2433 sids
->group
.SubAuthorities
[0] = cpu_to_le32(88);
2434 sids
->group
.SubAuthorities
[1] = cpu_to_le32(2);
2435 sids
->group
.SubAuthorities
[2] = cpu_to_le32(current_fsgid().val
);
2437 cifs_dbg(FYI
, "owner S-1-5-88-1-%d, group S-1-5-88-2-%d\n", current_fsuid().val
, current_fsgid().val
);
2440 /* See MS-SMB2 2.2.13.2.2 and MS-DTYP 2.4.6 */
2441 static struct crt_sd_ctxt
*
2442 create_sd_buf(umode_t mode
, bool set_owner
, unsigned int *len
)
2444 struct crt_sd_ctxt
*buf
;
2446 unsigned int acelen
, acl_size
, ace_count
;
2447 unsigned int owner_offset
= 0;
2448 unsigned int group_offset
= 0;
2449 struct smb3_acl acl
= {};
2451 *len
= round_up(sizeof(struct crt_sd_ctxt
) + (sizeof(struct cifs_ace
) * 4), 8);
2454 /* sizeof(struct owner_group_sids) is already multiple of 8 so no need to round */
2455 *len
+= sizeof(struct owner_group_sids
);
2458 buf
= kzalloc(*len
, GFP_KERNEL
);
2462 ptr
= (__u8
*)&buf
[1];
2464 /* offset fields are from beginning of security descriptor not of create context */
2465 owner_offset
= ptr
- (__u8
*)&buf
->sd
;
2466 buf
->sd
.OffsetOwner
= cpu_to_le32(owner_offset
);
2467 group_offset
= owner_offset
+ offsetof(struct owner_group_sids
, group
);
2468 buf
->sd
.OffsetGroup
= cpu_to_le32(group_offset
);
2470 setup_owner_group_sids(ptr
);
2471 ptr
+= sizeof(struct owner_group_sids
);
2473 buf
->sd
.OffsetOwner
= 0;
2474 buf
->sd
.OffsetGroup
= 0;
2477 buf
->ccontext
.DataOffset
= cpu_to_le16(offsetof(struct crt_sd_ctxt
, sd
));
2478 buf
->ccontext
.NameOffset
= cpu_to_le16(offsetof(struct crt_sd_ctxt
, Name
));
2479 buf
->ccontext
.NameLength
= cpu_to_le16(4);
2480 /* SMB2_CREATE_SD_BUFFER_TOKEN is "SecD" */
2485 buf
->sd
.Revision
= 1; /* Must be one see MS-DTYP 2.4.6 */
2488 * ACL is "self relative" ie ACL is stored in contiguous block of memory
2489 * and "DP" ie the DACL is present
2491 buf
->sd
.Control
= cpu_to_le16(ACL_CONTROL_SR
| ACL_CONTROL_DP
);
2493 /* offset owner, group and Sbz1 and SACL are all zero */
2494 buf
->sd
.OffsetDacl
= cpu_to_le32(ptr
- (__u8
*)&buf
->sd
);
2495 /* Ship the ACL for now. we will copy it into buf later. */
2497 ptr
+= sizeof(struct smb3_acl
);
2499 /* create one ACE to hold the mode embedded in reserved special SID */
2500 acelen
= setup_special_mode_ACE((struct cifs_ace
*)ptr
, (__u64
)mode
);
2502 acl_size
= acelen
+ sizeof(struct smb3_acl
);
2506 /* we do not need to reallocate buffer to add the two more ACEs. plenty of space */
2507 acelen
= setup_special_user_owner_ACE((struct cifs_ace
*)ptr
);
2513 /* and one more ACE to allow access for authenticated users */
2514 acelen
= setup_authusers_ACE((struct cifs_ace
*)ptr
);
2519 acl
.AclRevision
= ACL_REVISION
; /* See 2.4.4.1 of MS-DTYP */
2520 acl
.AclSize
= cpu_to_le16(acl_size
);
2521 acl
.AceCount
= cpu_to_le16(ace_count
);
2522 /* acl.Sbz1 and Sbz2 MBZ so are not set here, but initialized above */
2523 memcpy(aclptr
, &acl
, sizeof(struct smb3_acl
));
2525 buf
->ccontext
.DataLength
= cpu_to_le32(ptr
- (__u8
*)&buf
->sd
);
2526 *len
= round_up((unsigned int)(ptr
- (__u8
*)buf
), 8);
2532 add_sd_context(struct kvec
*iov
, unsigned int *num_iovec
, umode_t mode
, bool set_owner
)
2534 unsigned int num
= *num_iovec
;
2535 unsigned int len
= 0;
2537 iov
[num
].iov_base
= create_sd_buf(mode
, set_owner
, &len
);
2538 if (iov
[num
].iov_base
== NULL
)
2540 iov
[num
].iov_len
= len
;
2541 *num_iovec
= num
+ 1;
2545 static struct crt_query_id_ctxt
*
2546 create_query_id_buf(void)
2548 struct crt_query_id_ctxt
*buf
;
2550 buf
= kzalloc(sizeof(struct crt_query_id_ctxt
), GFP_KERNEL
);
2554 buf
->ccontext
.DataOffset
= cpu_to_le16(0);
2555 buf
->ccontext
.DataLength
= cpu_to_le32(0);
2556 buf
->ccontext
.NameOffset
= cpu_to_le16(offsetof
2557 (struct crt_query_id_ctxt
, Name
));
2558 buf
->ccontext
.NameLength
= cpu_to_le16(4);
2559 /* SMB2_CREATE_QUERY_ON_DISK_ID is "QFid" */
2567 /* See MS-SMB2 2.2.13.2.9 */
2569 add_query_id_context(struct kvec
*iov
, unsigned int *num_iovec
)
2571 unsigned int num
= *num_iovec
;
2573 iov
[num
].iov_base
= create_query_id_buf();
2574 if (iov
[num
].iov_base
== NULL
)
2576 iov
[num
].iov_len
= sizeof(struct crt_query_id_ctxt
);
2577 *num_iovec
= num
+ 1;
2582 alloc_path_with_tree_prefix(__le16
**out_path
, int *out_size
, int *out_len
,
2583 const char *treename
, const __le16
*path
)
2585 int treename_len
, path_len
;
2586 struct nls_table
*cp
;
2587 const __le16 sep
[] = {cpu_to_le16('\\'), cpu_to_le16(0x0000)};
2592 treename_len
= strlen(treename
);
2593 if (treename_len
< 2 || !(treename
[0] == '\\' && treename
[1] == '\\'))
2599 path_len
= UniStrnlen((wchar_t *)path
, PATH_MAX
);
2601 /* make room for one path separator only if @path isn't empty */
2602 *out_len
= treename_len
+ (path
[0] ? 1 : 0) + path_len
;
2605 * final path needs to be 8-byte aligned as specified in
2606 * MS-SMB2 2.2.13 SMB2 CREATE Request.
2608 *out_size
= round_up(*out_len
* sizeof(__le16
), 8);
2609 *out_path
= kzalloc(*out_size
+ sizeof(__le16
) /* null */, GFP_KERNEL
);
2613 cp
= load_nls_default();
2614 cifs_strtoUTF16(*out_path
, treename
, treename_len
, cp
);
2616 /* Do not append the separator if the path is empty */
2617 if (path
[0] != cpu_to_le16(0x0000)) {
2618 UniStrcat((wchar_t *)*out_path
, (wchar_t *)sep
);
2619 UniStrcat((wchar_t *)*out_path
, (wchar_t *)path
);
2627 int smb311_posix_mkdir(const unsigned int xid
, struct inode
*inode
,
2628 umode_t mode
, struct cifs_tcon
*tcon
,
2629 const char *full_path
,
2630 struct cifs_sb_info
*cifs_sb
)
2632 struct smb_rqst rqst
;
2633 struct smb2_create_req
*req
;
2634 struct smb2_create_rsp
*rsp
= NULL
;
2635 struct cifs_ses
*ses
= tcon
->ses
;
2636 struct kvec iov
[3]; /* make sure at least one for each open context */
2637 struct kvec rsp_iov
= {NULL
, 0};
2640 __le16
*copy_path
= NULL
;
2643 unsigned int n_iov
= 2;
2644 __u32 file_attributes
= 0;
2645 char *pc_buf
= NULL
;
2647 unsigned int total_len
;
2648 __le16
*utf16_path
= NULL
;
2649 struct TCP_Server_Info
*server
= cifs_pick_channel(ses
);
2651 cifs_dbg(FYI
, "mkdir\n");
2653 /* resource #1: path allocation */
2654 utf16_path
= cifs_convert_path_to_utf16(full_path
, cifs_sb
);
2658 if (!ses
|| !server
) {
2663 /* resource #2: request */
2664 rc
= smb2_plain_req_init(SMB2_CREATE
, tcon
, server
,
2665 (void **) &req
, &total_len
);
2670 if (smb3_encryption_required(tcon
))
2671 flags
|= CIFS_TRANSFORM_REQ
;
2673 req
->ImpersonationLevel
= IL_IMPERSONATION
;
2674 req
->DesiredAccess
= cpu_to_le32(FILE_WRITE_ATTRIBUTES
);
2675 /* File attributes ignored on open (used in create though) */
2676 req
->FileAttributes
= cpu_to_le32(file_attributes
);
2677 req
->ShareAccess
= FILE_SHARE_ALL_LE
;
2678 req
->CreateDisposition
= cpu_to_le32(FILE_CREATE
);
2679 req
->CreateOptions
= cpu_to_le32(CREATE_NOT_FILE
);
2681 iov
[0].iov_base
= (char *)req
;
2682 /* -1 since last byte is buf[0] which is sent below (path) */
2683 iov
[0].iov_len
= total_len
- 1;
2685 req
->NameOffset
= cpu_to_le16(sizeof(struct smb2_create_req
));
2687 /* [MS-SMB2] 2.2.13 NameOffset:
2688 * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of
2689 * the SMB2 header, the file name includes a prefix that will
2690 * be processed during DFS name normalization as specified in
2691 * section 3.3.5.9. Otherwise, the file name is relative to
2692 * the share that is identified by the TreeId in the SMB2
2695 if (tcon
->share_flags
& SHI1005_FLAGS_DFS
) {
2698 req
->hdr
.Flags
|= SMB2_FLAGS_DFS_OPERATIONS
;
2699 rc
= alloc_path_with_tree_prefix(©_path
, ©_size
,
2701 tcon
->tree_name
, utf16_path
);
2705 req
->NameLength
= cpu_to_le16(name_len
* 2);
2706 uni_path_len
= copy_size
;
2707 /* free before overwriting resource */
2709 utf16_path
= copy_path
;
2711 uni_path_len
= (2 * UniStrnlen((wchar_t *)utf16_path
, PATH_MAX
)) + 2;
2712 /* MUST set path len (NameLength) to 0 opening root of share */
2713 req
->NameLength
= cpu_to_le16(uni_path_len
- 2);
2714 if (uni_path_len
% 8 != 0) {
2715 copy_size
= roundup(uni_path_len
, 8);
2716 copy_path
= kzalloc(copy_size
, GFP_KERNEL
);
2721 memcpy((char *)copy_path
, (const char *)utf16_path
,
2723 uni_path_len
= copy_size
;
2724 /* free before overwriting resource */
2726 utf16_path
= copy_path
;
2730 iov
[1].iov_len
= uni_path_len
;
2731 iov
[1].iov_base
= utf16_path
;
2732 req
->RequestedOplockLevel
= SMB2_OPLOCK_LEVEL_NONE
;
2734 if (tcon
->posix_extensions
) {
2735 /* resource #3: posix buf */
2736 rc
= add_posix_context(iov
, &n_iov
, mode
);
2739 req
->CreateContextsOffset
= cpu_to_le32(
2740 sizeof(struct smb2_create_req
) +
2742 pc_buf
= iov
[n_iov
-1].iov_base
;
2746 memset(&rqst
, 0, sizeof(struct smb_rqst
));
2748 rqst
.rq_nvec
= n_iov
;
2750 /* no need to inc num_remote_opens because we close it just below */
2751 trace_smb3_posix_mkdir_enter(xid
, tcon
->tid
, ses
->Suid
, full_path
, CREATE_NOT_FILE
,
2752 FILE_WRITE_ATTRIBUTES
);
2753 /* resource #4: response buffer */
2754 rc
= cifs_send_recv(xid
, ses
, server
,
2755 &rqst
, &resp_buftype
, flags
, &rsp_iov
);
2757 cifs_stats_fail_inc(tcon
, SMB2_CREATE_HE
);
2758 trace_smb3_posix_mkdir_err(xid
, tcon
->tid
, ses
->Suid
,
2760 FILE_WRITE_ATTRIBUTES
, rc
);
2761 goto err_free_rsp_buf
;
2765 * Although unlikely to be possible for rsp to be null and rc not set,
2766 * adding check below is slightly safer long term (and quiets Coverity
2769 rsp
= (struct smb2_create_rsp
*)rsp_iov
.iov_base
;
2776 trace_smb3_posix_mkdir_done(xid
, rsp
->PersistentFileId
, tcon
->tid
, ses
->Suid
,
2777 CREATE_NOT_FILE
, FILE_WRITE_ATTRIBUTES
);
2779 SMB2_close(xid
, tcon
, rsp
->PersistentFileId
, rsp
->VolatileFileId
);
2781 /* Eventually save off posix specific response info and timestaps */
2784 free_rsp_buf(resp_buftype
, rsp
);
2787 cifs_small_buf_release(req
);
2794 SMB2_open_init(struct cifs_tcon
*tcon
, struct TCP_Server_Info
*server
,
2795 struct smb_rqst
*rqst
, __u8
*oplock
,
2796 struct cifs_open_parms
*oparms
, __le16
*path
)
2798 struct smb2_create_req
*req
;
2799 unsigned int n_iov
= 2;
2800 __u32 file_attributes
= 0;
2803 unsigned int total_len
;
2804 struct kvec
*iov
= rqst
->rq_iov
;
2808 rc
= smb2_plain_req_init(SMB2_CREATE
, tcon
, server
,
2809 (void **) &req
, &total_len
);
2813 iov
[0].iov_base
= (char *)req
;
2814 /* -1 since last byte is buf[0] which is sent below (path) */
2815 iov
[0].iov_len
= total_len
- 1;
2817 if (oparms
->create_options
& CREATE_OPTION_READONLY
)
2818 file_attributes
|= ATTR_READONLY
;
2819 if (oparms
->create_options
& CREATE_OPTION_SPECIAL
)
2820 file_attributes
|= ATTR_SYSTEM
;
2822 req
->ImpersonationLevel
= IL_IMPERSONATION
;
2823 req
->DesiredAccess
= cpu_to_le32(oparms
->desired_access
);
2824 /* File attributes ignored on open (used in create though) */
2825 req
->FileAttributes
= cpu_to_le32(file_attributes
);
2826 req
->ShareAccess
= FILE_SHARE_ALL_LE
;
2828 req
->CreateDisposition
= cpu_to_le32(oparms
->disposition
);
2829 req
->CreateOptions
= cpu_to_le32(oparms
->create_options
& CREATE_OPTIONS_MASK
);
2830 req
->NameOffset
= cpu_to_le16(sizeof(struct smb2_create_req
));
2832 /* [MS-SMB2] 2.2.13 NameOffset:
2833 * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of
2834 * the SMB2 header, the file name includes a prefix that will
2835 * be processed during DFS name normalization as specified in
2836 * section 3.3.5.9. Otherwise, the file name is relative to
2837 * the share that is identified by the TreeId in the SMB2
2840 if (tcon
->share_flags
& SHI1005_FLAGS_DFS
) {
2843 req
->hdr
.Flags
|= SMB2_FLAGS_DFS_OPERATIONS
;
2844 rc
= alloc_path_with_tree_prefix(©_path
, ©_size
,
2846 tcon
->tree_name
, path
);
2849 req
->NameLength
= cpu_to_le16(name_len
* 2);
2850 uni_path_len
= copy_size
;
2853 uni_path_len
= (2 * UniStrnlen((wchar_t *)path
, PATH_MAX
)) + 2;
2854 /* MUST set path len (NameLength) to 0 opening root of share */
2855 req
->NameLength
= cpu_to_le16(uni_path_len
- 2);
2856 copy_size
= round_up(uni_path_len
, 8);
2857 copy_path
= kzalloc(copy_size
, GFP_KERNEL
);
2860 memcpy((char *)copy_path
, (const char *)path
,
2862 uni_path_len
= copy_size
;
2866 iov
[1].iov_len
= uni_path_len
;
2867 iov
[1].iov_base
= path
;
2869 if ((!server
->oplocks
) || (tcon
->no_lease
))
2870 *oplock
= SMB2_OPLOCK_LEVEL_NONE
;
2872 if (!(server
->capabilities
& SMB2_GLOBAL_CAP_LEASING
) ||
2873 *oplock
== SMB2_OPLOCK_LEVEL_NONE
)
2874 req
->RequestedOplockLevel
= *oplock
;
2875 else if (!(server
->capabilities
& SMB2_GLOBAL_CAP_DIRECTORY_LEASING
) &&
2876 (oparms
->create_options
& CREATE_NOT_FILE
))
2877 req
->RequestedOplockLevel
= *oplock
; /* no srv lease support */
2879 rc
= add_lease_context(server
, req
, iov
, &n_iov
,
2880 oparms
->fid
->lease_key
, oplock
);
2885 if (*oplock
== SMB2_OPLOCK_LEVEL_BATCH
) {
2886 rc
= add_durable_context(iov
, &n_iov
, oparms
,
2887 tcon
->use_persistent
);
2892 if (tcon
->posix_extensions
) {
2893 rc
= add_posix_context(iov
, &n_iov
, oparms
->mode
);
2898 if (tcon
->snapshot_time
) {
2899 cifs_dbg(FYI
, "adding snapshot context\n");
2900 rc
= add_twarp_context(iov
, &n_iov
, tcon
->snapshot_time
);
2905 if ((oparms
->disposition
!= FILE_OPEN
) && (oparms
->cifs_sb
)) {
2909 if ((oparms
->cifs_sb
->mnt_cifs_flags
& CIFS_MOUNT_MODE_FROM_SID
) &&
2910 (oparms
->mode
!= ACL_NO_MODE
))
2914 oparms
->mode
= ACL_NO_MODE
;
2917 if (oparms
->cifs_sb
->mnt_cifs_flags
& CIFS_MOUNT_UID_FROM_ACL
)
2922 if (set_owner
| set_mode
) {
2923 cifs_dbg(FYI
, "add sd with mode 0x%x\n", oparms
->mode
);
2924 rc
= add_sd_context(iov
, &n_iov
, oparms
->mode
, set_owner
);
2930 add_query_id_context(iov
, &n_iov
);
2934 * We have create contexts behind iov[1] (the file
2935 * name), point at them from the main create request
2937 req
->CreateContextsOffset
= cpu_to_le32(
2938 sizeof(struct smb2_create_req
) +
2940 req
->CreateContextsLength
= 0;
2942 for (unsigned int i
= 2; i
< (n_iov
-1); i
++) {
2943 struct kvec
*v
= &iov
[i
];
2944 size_t len
= v
->iov_len
;
2945 struct create_context
*cctx
=
2946 (struct create_context
*)v
->iov_base
;
2948 cctx
->Next
= cpu_to_le32(len
);
2949 le32_add_cpu(&req
->CreateContextsLength
, len
);
2951 le32_add_cpu(&req
->CreateContextsLength
,
2952 iov
[n_iov
-1].iov_len
);
2955 rqst
->rq_nvec
= n_iov
;
2959 /* rq_iov[0] is the request and is released by cifs_small_buf_release().
2960 * All other vectors are freed by kfree().
2963 SMB2_open_free(struct smb_rqst
*rqst
)
2967 if (rqst
&& rqst
->rq_iov
) {
2968 cifs_small_buf_release(rqst
->rq_iov
[0].iov_base
);
2969 for (i
= 1; i
< rqst
->rq_nvec
; i
++)
2970 if (rqst
->rq_iov
[i
].iov_base
!= smb2_padding
)
2971 kfree(rqst
->rq_iov
[i
].iov_base
);
2976 SMB2_open(const unsigned int xid
, struct cifs_open_parms
*oparms
, __le16
*path
,
2977 __u8
*oplock
, struct smb2_file_all_info
*buf
,
2978 struct create_posix_rsp
*posix
,
2979 struct kvec
*err_iov
, int *buftype
)
2981 struct smb_rqst rqst
;
2982 struct smb2_create_rsp
*rsp
= NULL
;
2983 struct cifs_tcon
*tcon
= oparms
->tcon
;
2984 struct cifs_ses
*ses
= tcon
->ses
;
2985 struct TCP_Server_Info
*server
= cifs_pick_channel(ses
);
2986 struct kvec iov
[SMB2_CREATE_IOV_SIZE
];
2987 struct kvec rsp_iov
= {NULL
, 0};
2988 int resp_buftype
= CIFS_NO_BUFFER
;
2992 cifs_dbg(FYI
, "create/open\n");
2993 if (!ses
|| !server
)
2996 if (smb3_encryption_required(tcon
))
2997 flags
|= CIFS_TRANSFORM_REQ
;
2999 memset(&rqst
, 0, sizeof(struct smb_rqst
));
3000 memset(&iov
, 0, sizeof(iov
));
3002 rqst
.rq_nvec
= SMB2_CREATE_IOV_SIZE
;
3004 rc
= SMB2_open_init(tcon
, server
,
3005 &rqst
, oplock
, oparms
, path
);
3009 trace_smb3_open_enter(xid
, tcon
->tid
, tcon
->ses
->Suid
, oparms
->path
,
3010 oparms
->create_options
, oparms
->desired_access
);
3012 rc
= cifs_send_recv(xid
, ses
, server
,
3013 &rqst
, &resp_buftype
, flags
,
3015 rsp
= (struct smb2_create_rsp
*)rsp_iov
.iov_base
;
3018 cifs_stats_fail_inc(tcon
, SMB2_CREATE_HE
);
3019 if (err_iov
&& rsp
) {
3021 *buftype
= resp_buftype
;
3022 resp_buftype
= CIFS_NO_BUFFER
;
3025 trace_smb3_open_err(xid
, tcon
->tid
, ses
->Suid
,
3026 oparms
->create_options
, oparms
->desired_access
, rc
);
3027 if (rc
== -EREMCHG
) {
3028 pr_warn_once("server share %s deleted\n",
3030 tcon
->need_reconnect
= true;
3033 } else if (rsp
== NULL
) /* unlikely to happen, but safer to check */
3036 trace_smb3_open_done(xid
, rsp
->PersistentFileId
, tcon
->tid
, ses
->Suid
,
3037 oparms
->create_options
, oparms
->desired_access
);
3039 atomic_inc(&tcon
->num_remote_opens
);
3040 oparms
->fid
->persistent_fid
= rsp
->PersistentFileId
;
3041 oparms
->fid
->volatile_fid
= rsp
->VolatileFileId
;
3042 oparms
->fid
->access
= oparms
->desired_access
;
3043 #ifdef CONFIG_CIFS_DEBUG2
3044 oparms
->fid
->mid
= le64_to_cpu(rsp
->hdr
.MessageId
);
3045 #endif /* CIFS_DEBUG2 */
3048 buf
->CreationTime
= rsp
->CreationTime
;
3049 buf
->LastAccessTime
= rsp
->LastAccessTime
;
3050 buf
->LastWriteTime
= rsp
->LastWriteTime
;
3051 buf
->ChangeTime
= rsp
->ChangeTime
;
3052 buf
->AllocationSize
= rsp
->AllocationSize
;
3053 buf
->EndOfFile
= rsp
->EndofFile
;
3054 buf
->Attributes
= rsp
->FileAttributes
;
3055 buf
->NumberOfLinks
= cpu_to_le32(1);
3056 buf
->DeletePending
= 0;
3060 smb2_parse_contexts(server
, rsp
, &oparms
->fid
->epoch
,
3061 oparms
->fid
->lease_key
, oplock
, buf
, posix
);
3063 SMB2_open_free(&rqst
);
3064 free_rsp_buf(resp_buftype
, rsp
);
3069 SMB2_ioctl_init(struct cifs_tcon
*tcon
, struct TCP_Server_Info
*server
,
3070 struct smb_rqst
*rqst
,
3071 u64 persistent_fid
, u64 volatile_fid
, u32 opcode
,
3072 char *in_data
, u32 indatalen
,
3073 __u32 max_response_size
)
3075 struct smb2_ioctl_req
*req
;
3076 struct kvec
*iov
= rqst
->rq_iov
;
3077 unsigned int total_len
;
3081 rc
= smb2_ioctl_req_init(opcode
, tcon
, server
,
3082 (void **) &req
, &total_len
);
3088 * indatalen is usually small at a couple of bytes max, so
3089 * just allocate through generic pool
3091 in_data_buf
= kmemdup(in_data
, indatalen
, GFP_NOFS
);
3093 cifs_small_buf_release(req
);
3098 req
->CtlCode
= cpu_to_le32(opcode
);
3099 req
->PersistentFileId
= persistent_fid
;
3100 req
->VolatileFileId
= volatile_fid
;
3102 iov
[0].iov_base
= (char *)req
;
3104 * If no input data, the size of ioctl struct in
3105 * protocol spec still includes a 1 byte data buffer,
3106 * but if input data passed to ioctl, we do not
3107 * want to double count this, so we do not send
3108 * the dummy one byte of data in iovec[0] if sending
3109 * input data (in iovec[1]).
3112 req
->InputCount
= cpu_to_le32(indatalen
);
3113 /* do not set InputOffset if no input data */
3115 cpu_to_le32(offsetof(struct smb2_ioctl_req
, Buffer
));
3117 iov
[0].iov_len
= total_len
- 1;
3118 iov
[1].iov_base
= in_data_buf
;
3119 iov
[1].iov_len
= indatalen
;
3122 iov
[0].iov_len
= total_len
;
3125 req
->OutputOffset
= 0;
3126 req
->OutputCount
= 0; /* MBZ */
3129 * In most cases max_response_size is set to 16K (CIFSMaxBufSize)
3130 * We Could increase default MaxOutputResponse, but that could require
3131 * more credits. Windows typically sets this smaller, but for some
3132 * ioctls it may be useful to allow server to send more. No point
3133 * limiting what the server can send as long as fits in one credit
3134 * We can not handle more than CIFS_MAX_BUF_SIZE yet but may want
3135 * to increase this limit up in the future.
3136 * Note that for snapshot queries that servers like Azure expect that
3137 * the first query be minimal size (and just used to get the number/size
3138 * of previous versions) so response size must be specified as EXACTLY
3139 * sizeof(struct snapshot_array) which is 16 when rounded up to multiple
3140 * of eight bytes. Currently that is the only case where we set max
3141 * response size smaller.
3143 req
->MaxOutputResponse
= cpu_to_le32(max_response_size
);
3144 req
->hdr
.CreditCharge
=
3145 cpu_to_le16(DIV_ROUND_UP(max(indatalen
, max_response_size
),
3146 SMB2_MAX_BUFFER_SIZE
));
3147 /* always an FSCTL (for now) */
3148 req
->Flags
= cpu_to_le32(SMB2_0_IOCTL_IS_FSCTL
);
3150 /* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */
3151 if (opcode
== FSCTL_VALIDATE_NEGOTIATE_INFO
)
3152 req
->hdr
.Flags
|= SMB2_FLAGS_SIGNED
;
3158 SMB2_ioctl_free(struct smb_rqst
*rqst
)
3162 if (rqst
&& rqst
->rq_iov
) {
3163 cifs_small_buf_release(rqst
->rq_iov
[0].iov_base
); /* request */
3164 for (i
= 1; i
< rqst
->rq_nvec
; i
++)
3165 if (rqst
->rq_iov
[i
].iov_base
!= smb2_padding
)
3166 kfree(rqst
->rq_iov
[i
].iov_base
);
3172 * SMB2 IOCTL is used for both IOCTLs and FSCTLs
3175 SMB2_ioctl(const unsigned int xid
, struct cifs_tcon
*tcon
, u64 persistent_fid
,
3176 u64 volatile_fid
, u32 opcode
, char *in_data
, u32 indatalen
,
3177 u32 max_out_data_len
, char **out_data
,
3178 u32
*plen
/* returned data len */)
3180 struct smb_rqst rqst
;
3181 struct smb2_ioctl_rsp
*rsp
= NULL
;
3182 struct cifs_ses
*ses
;
3183 struct TCP_Server_Info
*server
;
3184 struct kvec iov
[SMB2_IOCTL_IOV_SIZE
];
3185 struct kvec rsp_iov
= {NULL
, 0};
3186 int resp_buftype
= CIFS_NO_BUFFER
;
3190 cifs_dbg(FYI
, "SMB2 IOCTL\n");
3192 if (out_data
!= NULL
)
3195 /* zero out returned data len, in case of error */
3206 server
= cifs_pick_channel(ses
);
3210 if (smb3_encryption_required(tcon
))
3211 flags
|= CIFS_TRANSFORM_REQ
;
3213 memset(&rqst
, 0, sizeof(struct smb_rqst
));
3214 memset(&iov
, 0, sizeof(iov
));
3216 rqst
.rq_nvec
= SMB2_IOCTL_IOV_SIZE
;
3218 rc
= SMB2_ioctl_init(tcon
, server
,
3219 &rqst
, persistent_fid
, volatile_fid
, opcode
,
3220 in_data
, indatalen
, max_out_data_len
);
3224 rc
= cifs_send_recv(xid
, ses
, server
,
3225 &rqst
, &resp_buftype
, flags
,
3227 rsp
= (struct smb2_ioctl_rsp
*)rsp_iov
.iov_base
;
3230 trace_smb3_fsctl_err(xid
, persistent_fid
, tcon
->tid
,
3231 ses
->Suid
, 0, opcode
, rc
);
3233 if ((rc
!= 0) && (rc
!= -EINVAL
) && (rc
!= -E2BIG
)) {
3234 cifs_stats_fail_inc(tcon
, SMB2_IOCTL_HE
);
3236 } else if (rc
== -EINVAL
) {
3237 if ((opcode
!= FSCTL_SRV_COPYCHUNK_WRITE
) &&
3238 (opcode
!= FSCTL_SRV_COPYCHUNK
)) {
3239 cifs_stats_fail_inc(tcon
, SMB2_IOCTL_HE
);
3242 } else if (rc
== -E2BIG
) {
3243 if (opcode
!= FSCTL_QUERY_ALLOCATED_RANGES
) {
3244 cifs_stats_fail_inc(tcon
, SMB2_IOCTL_HE
);
3249 /* check if caller wants to look at return data or just return rc */
3250 if ((plen
== NULL
) || (out_data
== NULL
))
3254 * Although unlikely to be possible for rsp to be null and rc not set,
3255 * adding check below is slightly safer long term (and quiets Coverity
3263 *plen
= le32_to_cpu(rsp
->OutputCount
);
3265 /* We check for obvious errors in the output buffer length and offset */
3267 goto ioctl_exit
; /* server returned no data */
3268 else if (*plen
> rsp_iov
.iov_len
|| *plen
> 0xFF00) {
3269 cifs_tcon_dbg(VFS
, "srv returned invalid ioctl length: %d\n", *plen
);
3275 if (rsp_iov
.iov_len
- *plen
< le32_to_cpu(rsp
->OutputOffset
)) {
3276 cifs_tcon_dbg(VFS
, "Malformed ioctl resp: len %d offset %d\n", *plen
,
3277 le32_to_cpu(rsp
->OutputOffset
));
3283 *out_data
= kmemdup((char *)rsp
+ le32_to_cpu(rsp
->OutputOffset
),
3285 if (*out_data
== NULL
) {
3291 SMB2_ioctl_free(&rqst
);
3292 free_rsp_buf(resp_buftype
, rsp
);
3297 * Individual callers to ioctl worker function follow
3301 SMB2_set_compression(const unsigned int xid
, struct cifs_tcon
*tcon
,
3302 u64 persistent_fid
, u64 volatile_fid
)
3305 struct compress_ioctl fsctl_input
;
3306 char *ret_data
= NULL
;
3308 fsctl_input
.CompressionState
=
3309 cpu_to_le16(COMPRESSION_FORMAT_DEFAULT
);
3311 rc
= SMB2_ioctl(xid
, tcon
, persistent_fid
, volatile_fid
,
3312 FSCTL_SET_COMPRESSION
,
3313 (char *)&fsctl_input
/* data input */,
3314 2 /* in data len */, CIFSMaxBufSize
/* max out data */,
3315 &ret_data
/* out data */, NULL
);
3317 cifs_dbg(FYI
, "set compression rc %d\n", rc
);
3323 SMB2_close_init(struct cifs_tcon
*tcon
, struct TCP_Server_Info
*server
,
3324 struct smb_rqst
*rqst
,
3325 u64 persistent_fid
, u64 volatile_fid
, bool query_attrs
)
3327 struct smb2_close_req
*req
;
3328 struct kvec
*iov
= rqst
->rq_iov
;
3329 unsigned int total_len
;
3332 rc
= smb2_plain_req_init(SMB2_CLOSE
, tcon
, server
,
3333 (void **) &req
, &total_len
);
3337 req
->PersistentFileId
= persistent_fid
;
3338 req
->VolatileFileId
= volatile_fid
;
3340 req
->Flags
= SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB
;
3343 iov
[0].iov_base
= (char *)req
;
3344 iov
[0].iov_len
= total_len
;
3350 SMB2_close_free(struct smb_rqst
*rqst
)
3352 if (rqst
&& rqst
->rq_iov
)
3353 cifs_small_buf_release(rqst
->rq_iov
[0].iov_base
); /* request */
3357 __SMB2_close(const unsigned int xid
, struct cifs_tcon
*tcon
,
3358 u64 persistent_fid
, u64 volatile_fid
,
3359 struct smb2_file_network_open_info
*pbuf
)
3361 struct smb_rqst rqst
;
3362 struct smb2_close_rsp
*rsp
= NULL
;
3363 struct cifs_ses
*ses
= tcon
->ses
;
3364 struct TCP_Server_Info
*server
= cifs_pick_channel(ses
);
3366 struct kvec rsp_iov
;
3367 int resp_buftype
= CIFS_NO_BUFFER
;
3370 bool query_attrs
= false;
3372 cifs_dbg(FYI
, "Close\n");
3374 if (!ses
|| !server
)
3377 if (smb3_encryption_required(tcon
))
3378 flags
|= CIFS_TRANSFORM_REQ
;
3380 memset(&rqst
, 0, sizeof(struct smb_rqst
));
3381 memset(&iov
, 0, sizeof(iov
));
3385 /* check if need to ask server to return timestamps in close response */
3389 trace_smb3_close_enter(xid
, persistent_fid
, tcon
->tid
, ses
->Suid
);
3390 rc
= SMB2_close_init(tcon
, server
,
3391 &rqst
, persistent_fid
, volatile_fid
,
3396 rc
= cifs_send_recv(xid
, ses
, server
,
3397 &rqst
, &resp_buftype
, flags
, &rsp_iov
);
3398 rsp
= (struct smb2_close_rsp
*)rsp_iov
.iov_base
;
3401 cifs_stats_fail_inc(tcon
, SMB2_CLOSE_HE
);
3402 trace_smb3_close_err(xid
, persistent_fid
, tcon
->tid
, ses
->Suid
,
3406 trace_smb3_close_done(xid
, persistent_fid
, tcon
->tid
,
3409 * Note that have to subtract 4 since struct network_open_info
3410 * has a final 4 byte pad that close response does not have
3413 memcpy(pbuf
, (char *)&rsp
->CreationTime
, sizeof(*pbuf
) - 4);
3416 atomic_dec(&tcon
->num_remote_opens
);
3418 SMB2_close_free(&rqst
);
3419 free_rsp_buf(resp_buftype
, rsp
);
3421 /* retry close in a worker thread if this one is interrupted */
3422 if (is_interrupt_error(rc
)) {
3425 tmp_rc
= smb2_handle_cancelled_close(tcon
, persistent_fid
,
3428 cifs_dbg(VFS
, "handle cancelled close fid 0x%llx returned error %d\n",
3429 persistent_fid
, tmp_rc
);
3435 SMB2_close(const unsigned int xid
, struct cifs_tcon
*tcon
,
3436 u64 persistent_fid
, u64 volatile_fid
)
3438 return __SMB2_close(xid
, tcon
, persistent_fid
, volatile_fid
, NULL
);
3442 smb2_validate_iov(unsigned int offset
, unsigned int buffer_length
,
3443 struct kvec
*iov
, unsigned int min_buf_size
)
3445 unsigned int smb_len
= iov
->iov_len
;
3446 char *end_of_smb
= smb_len
+ (char *)iov
->iov_base
;
3447 char *begin_of_buf
= offset
+ (char *)iov
->iov_base
;
3448 char *end_of_buf
= begin_of_buf
+ buffer_length
;
3451 if (buffer_length
< min_buf_size
) {
3452 cifs_dbg(VFS
, "buffer length %d smaller than minimum size %d\n",
3453 buffer_length
, min_buf_size
);
3457 /* check if beyond RFC1001 maximum length */
3458 if ((smb_len
> 0x7FFFFF) || (buffer_length
> 0x7FFFFF)) {
3459 cifs_dbg(VFS
, "buffer length %d or smb length %d too large\n",
3460 buffer_length
, smb_len
);
3464 if ((begin_of_buf
> end_of_smb
) || (end_of_buf
> end_of_smb
)) {
3465 cifs_dbg(VFS
, "Invalid server response, bad offset to data\n");
3473 * If SMB buffer fields are valid, copy into temporary buffer to hold result.
3474 * Caller must free buffer.
3477 smb2_validate_and_copy_iov(unsigned int offset
, unsigned int buffer_length
,
3478 struct kvec
*iov
, unsigned int minbufsize
,
3481 char *begin_of_buf
= offset
+ (char *)iov
->iov_base
;
3487 rc
= smb2_validate_iov(offset
, buffer_length
, iov
, minbufsize
);
3491 memcpy(data
, begin_of_buf
, minbufsize
);
3497 SMB2_query_info_init(struct cifs_tcon
*tcon
, struct TCP_Server_Info
*server
,
3498 struct smb_rqst
*rqst
,
3499 u64 persistent_fid
, u64 volatile_fid
,
3500 u8 info_class
, u8 info_type
, u32 additional_info
,
3501 size_t output_len
, size_t input_len
, void *input
)
3503 struct smb2_query_info_req
*req
;
3504 struct kvec
*iov
= rqst
->rq_iov
;
3505 unsigned int total_len
;
3508 rc
= smb2_plain_req_init(SMB2_QUERY_INFO
, tcon
, server
,
3509 (void **) &req
, &total_len
);
3513 req
->InfoType
= info_type
;
3514 req
->FileInfoClass
= info_class
;
3515 req
->PersistentFileId
= persistent_fid
;
3516 req
->VolatileFileId
= volatile_fid
;
3517 req
->AdditionalInformation
= cpu_to_le32(additional_info
);
3519 req
->OutputBufferLength
= cpu_to_le32(output_len
);
3521 req
->InputBufferLength
= cpu_to_le32(input_len
);
3522 /* total_len for smb query request never close to le16 max */
3523 req
->InputBufferOffset
= cpu_to_le16(total_len
- 1);
3524 memcpy(req
->Buffer
, input
, input_len
);
3527 iov
[0].iov_base
= (char *)req
;
3529 iov
[0].iov_len
= total_len
- 1 + input_len
;
3534 SMB2_query_info_free(struct smb_rqst
*rqst
)
3536 if (rqst
&& rqst
->rq_iov
)
3537 cifs_small_buf_release(rqst
->rq_iov
[0].iov_base
); /* request */
3541 query_info(const unsigned int xid
, struct cifs_tcon
*tcon
,
3542 u64 persistent_fid
, u64 volatile_fid
, u8 info_class
, u8 info_type
,
3543 u32 additional_info
, size_t output_len
, size_t min_len
, void **data
,
3546 struct smb_rqst rqst
;
3547 struct smb2_query_info_rsp
*rsp
= NULL
;
3549 struct kvec rsp_iov
;
3551 int resp_buftype
= CIFS_NO_BUFFER
;
3552 struct cifs_ses
*ses
= tcon
->ses
;
3553 struct TCP_Server_Info
*server
;
3555 bool allocated
= false;
3557 cifs_dbg(FYI
, "Query Info\n");
3561 server
= cifs_pick_channel(ses
);
3565 if (smb3_encryption_required(tcon
))
3566 flags
|= CIFS_TRANSFORM_REQ
;
3568 memset(&rqst
, 0, sizeof(struct smb_rqst
));
3569 memset(&iov
, 0, sizeof(iov
));
3573 rc
= SMB2_query_info_init(tcon
, server
,
3574 &rqst
, persistent_fid
, volatile_fid
,
3575 info_class
, info_type
, additional_info
,
3576 output_len
, 0, NULL
);
3580 trace_smb3_query_info_enter(xid
, persistent_fid
, tcon
->tid
,
3581 ses
->Suid
, info_class
, (__u32
)info_type
);
3583 rc
= cifs_send_recv(xid
, ses
, server
,
3584 &rqst
, &resp_buftype
, flags
, &rsp_iov
);
3585 rsp
= (struct smb2_query_info_rsp
*)rsp_iov
.iov_base
;
3588 cifs_stats_fail_inc(tcon
, SMB2_QUERY_INFO_HE
);
3589 trace_smb3_query_info_err(xid
, persistent_fid
, tcon
->tid
,
3590 ses
->Suid
, info_class
, (__u32
)info_type
, rc
);
3594 trace_smb3_query_info_done(xid
, persistent_fid
, tcon
->tid
,
3595 ses
->Suid
, info_class
, (__u32
)info_type
);
3598 *dlen
= le32_to_cpu(rsp
->OutputBufferLength
);
3600 *data
= kmalloc(*dlen
, GFP_KERNEL
);
3603 "Error %d allocating memory for acl\n",
3613 rc
= smb2_validate_and_copy_iov(le16_to_cpu(rsp
->OutputBufferOffset
),
3614 le32_to_cpu(rsp
->OutputBufferLength
),
3615 &rsp_iov
, dlen
? *dlen
: min_len
, *data
);
3616 if (rc
&& allocated
) {
3623 SMB2_query_info_free(&rqst
);
3624 free_rsp_buf(resp_buftype
, rsp
);
3628 int SMB2_query_info(const unsigned int xid
, struct cifs_tcon
*tcon
,
3629 u64 persistent_fid
, u64 volatile_fid
, struct smb2_file_all_info
*data
)
3631 return query_info(xid
, tcon
, persistent_fid
, volatile_fid
,
3632 FILE_ALL_INFORMATION
, SMB2_O_INFO_FILE
, 0,
3633 sizeof(struct smb2_file_all_info
) + PATH_MAX
* 2,
3634 sizeof(struct smb2_file_all_info
), (void **)&data
,
3639 /* currently unused, as now we are doing compounding instead (see smb311_posix_query_path_info) */
3641 SMB311_posix_query_info(const unsigned int xid
, struct cifs_tcon
*tcon
,
3642 u64 persistent_fid
, u64 volatile_fid
, struct smb311_posix_qinfo
*data
, u32
*plen
)
3644 size_t output_len
= sizeof(struct smb311_posix_qinfo
*) +
3645 (sizeof(struct cifs_sid
) * 2) + (PATH_MAX
* 2);
3648 return query_info(xid
, tcon
, persistent_fid
, volatile_fid
,
3649 SMB_FIND_FILE_POSIX_INFO
, SMB2_O_INFO_FILE
, 0,
3650 output_len
, sizeof(struct smb311_posix_qinfo
), (void **)&data
, plen
);
3651 /* Note caller must free "data" (passed in above). It may be allocated in query_info call */
3656 SMB2_query_acl(const unsigned int xid
, struct cifs_tcon
*tcon
,
3657 u64 persistent_fid
, u64 volatile_fid
,
3658 void **data
, u32
*plen
, u32 extra_info
)
3660 __u32 additional_info
= OWNER_SECINFO
| GROUP_SECINFO
| DACL_SECINFO
|
3664 return query_info(xid
, tcon
, persistent_fid
, volatile_fid
,
3665 0, SMB2_O_INFO_SECURITY
, additional_info
,
3666 SMB2_MAX_BUFFER_SIZE
, MIN_SEC_DESC_LEN
, data
, plen
);
3670 SMB2_get_srv_num(const unsigned int xid
, struct cifs_tcon
*tcon
,
3671 u64 persistent_fid
, u64 volatile_fid
, __le64
*uniqueid
)
3673 return query_info(xid
, tcon
, persistent_fid
, volatile_fid
,
3674 FILE_INTERNAL_INFORMATION
, SMB2_O_INFO_FILE
, 0,
3675 sizeof(struct smb2_file_internal_info
),
3676 sizeof(struct smb2_file_internal_info
),
3677 (void **)&uniqueid
, NULL
);
3681 * CHANGE_NOTIFY Request is sent to get notifications on changes to a directory
3682 * See MS-SMB2 2.2.35 and 2.2.36
3686 SMB2_notify_init(const unsigned int xid
, struct smb_rqst
*rqst
,
3687 struct cifs_tcon
*tcon
, struct TCP_Server_Info
*server
,
3688 u64 persistent_fid
, u64 volatile_fid
,
3689 u32 completion_filter
, bool watch_tree
)
3691 struct smb2_change_notify_req
*req
;
3692 struct kvec
*iov
= rqst
->rq_iov
;
3693 unsigned int total_len
;
3696 rc
= smb2_plain_req_init(SMB2_CHANGE_NOTIFY
, tcon
, server
,
3697 (void **) &req
, &total_len
);
3701 req
->PersistentFileId
= persistent_fid
;
3702 req
->VolatileFileId
= volatile_fid
;
3703 /* See note 354 of MS-SMB2, 64K max */
3704 req
->OutputBufferLength
=
3705 cpu_to_le32(SMB2_MAX_BUFFER_SIZE
- MAX_SMB2_HDR_SIZE
);
3706 req
->CompletionFilter
= cpu_to_le32(completion_filter
);
3708 req
->Flags
= cpu_to_le16(SMB2_WATCH_TREE
);
3712 iov
[0].iov_base
= (char *)req
;
3713 iov
[0].iov_len
= total_len
;
3719 SMB2_change_notify(const unsigned int xid
, struct cifs_tcon
*tcon
,
3720 u64 persistent_fid
, u64 volatile_fid
, bool watch_tree
,
3721 u32 completion_filter
, u32 max_out_data_len
, char **out_data
,
3722 u32
*plen
/* returned data len */)
3724 struct cifs_ses
*ses
= tcon
->ses
;
3725 struct TCP_Server_Info
*server
= cifs_pick_channel(ses
);
3726 struct smb_rqst rqst
;
3727 struct smb2_change_notify_rsp
*smb_rsp
;
3729 struct kvec rsp_iov
= {NULL
, 0};
3730 int resp_buftype
= CIFS_NO_BUFFER
;
3734 cifs_dbg(FYI
, "change notify\n");
3735 if (!ses
|| !server
)
3738 if (smb3_encryption_required(tcon
))
3739 flags
|= CIFS_TRANSFORM_REQ
;
3741 memset(&rqst
, 0, sizeof(struct smb_rqst
));
3742 memset(&iov
, 0, sizeof(iov
));
3749 rc
= SMB2_notify_init(xid
, &rqst
, tcon
, server
,
3750 persistent_fid
, volatile_fid
,
3751 completion_filter
, watch_tree
);
3755 trace_smb3_notify_enter(xid
, persistent_fid
, tcon
->tid
, ses
->Suid
,
3756 (u8
)watch_tree
, completion_filter
);
3757 rc
= cifs_send_recv(xid
, ses
, server
,
3758 &rqst
, &resp_buftype
, flags
, &rsp_iov
);
3761 cifs_stats_fail_inc(tcon
, SMB2_CHANGE_NOTIFY_HE
);
3762 trace_smb3_notify_err(xid
, persistent_fid
, tcon
->tid
, ses
->Suid
,
3763 (u8
)watch_tree
, completion_filter
, rc
);
3765 trace_smb3_notify_done(xid
, persistent_fid
, tcon
->tid
,
3766 ses
->Suid
, (u8
)watch_tree
, completion_filter
);
3767 /* validate that notify information is plausible */
3768 if ((rsp_iov
.iov_base
== NULL
) ||
3769 (rsp_iov
.iov_len
< sizeof(struct smb2_change_notify_rsp
) + 1))
3772 smb_rsp
= (struct smb2_change_notify_rsp
*)rsp_iov
.iov_base
;
3774 smb2_validate_iov(le16_to_cpu(smb_rsp
->OutputBufferOffset
),
3775 le32_to_cpu(smb_rsp
->OutputBufferLength
), &rsp_iov
,
3776 sizeof(struct file_notify_information
));
3778 *out_data
= kmemdup((char *)smb_rsp
+ le16_to_cpu(smb_rsp
->OutputBufferOffset
),
3779 le32_to_cpu(smb_rsp
->OutputBufferLength
), GFP_KERNEL
);
3780 if (*out_data
== NULL
) {
3784 *plen
= le32_to_cpu(smb_rsp
->OutputBufferLength
);
3789 cifs_small_buf_release(rqst
.rq_iov
[0].iov_base
); /* request */
3790 free_rsp_buf(resp_buftype
, rsp_iov
.iov_base
);
3797 * This is a no-op for now. We're not really interested in the reply, but
3798 * rather in the fact that the server sent one and that server->lstrp
3801 * FIXME: maybe we should consider checking that the reply matches request?
3804 smb2_echo_callback(struct mid_q_entry
*mid
)
3806 struct TCP_Server_Info
*server
= mid
->callback_data
;
3807 struct smb2_echo_rsp
*rsp
= (struct smb2_echo_rsp
*)mid
->resp_buf
;
3808 struct cifs_credits credits
= { .value
= 0, .instance
= 0 };
3810 if (mid
->mid_state
== MID_RESPONSE_RECEIVED
3811 || mid
->mid_state
== MID_RESPONSE_MALFORMED
) {
3812 credits
.value
= le16_to_cpu(rsp
->hdr
.CreditRequest
);
3813 credits
.instance
= server
->reconnect_instance
;
3817 add_credits(server
, &credits
, CIFS_ECHO_OP
);
3820 void smb2_reconnect_server(struct work_struct
*work
)
3822 struct TCP_Server_Info
*server
= container_of(work
,
3823 struct TCP_Server_Info
, reconnect
.work
);
3824 struct TCP_Server_Info
*pserver
;
3825 struct cifs_ses
*ses
, *ses2
;
3826 struct cifs_tcon
*tcon
, *tcon2
;
3827 struct list_head tmp_list
, tmp_ses_list
;
3828 bool tcon_exist
= false, ses_exist
= false;
3829 bool tcon_selected
= false;
3831 bool resched
= false;
3833 /* If server is a channel, select the primary channel */
3834 pserver
= SERVER_IS_CHAN(server
) ? server
->primary_server
: server
;
3836 /* Prevent simultaneous reconnects that can corrupt tcon->rlist list */
3837 mutex_lock(&pserver
->reconnect_mutex
);
3839 INIT_LIST_HEAD(&tmp_list
);
3840 INIT_LIST_HEAD(&tmp_ses_list
);
3841 cifs_dbg(FYI
, "Reconnecting tcons and channels\n");
3843 spin_lock(&cifs_tcp_ses_lock
);
3844 list_for_each_entry(ses
, &pserver
->smb_ses_list
, smb_ses_list
) {
3845 spin_lock(&ses
->ses_lock
);
3846 if (ses
->ses_status
== SES_EXITING
) {
3847 spin_unlock(&ses
->ses_lock
);
3850 spin_unlock(&ses
->ses_lock
);
3852 tcon_selected
= false;
3854 list_for_each_entry(tcon
, &ses
->tcon_list
, tcon_list
) {
3855 if (tcon
->need_reconnect
|| tcon
->need_reopen_files
) {
3857 list_add_tail(&tcon
->rlist
, &tmp_list
);
3858 tcon_selected
= tcon_exist
= true;
3862 * IPC has the same lifetime as its session and uses its
3865 if (ses
->tcon_ipc
&& ses
->tcon_ipc
->need_reconnect
) {
3866 list_add_tail(&ses
->tcon_ipc
->rlist
, &tmp_list
);
3867 tcon_selected
= tcon_exist
= true;
3868 cifs_smb_ses_inc_refcount(ses
);
3871 * handle the case where channel needs to reconnect
3872 * binding session, but tcon is healthy (some other channel
3875 spin_lock(&ses
->chan_lock
);
3876 if (!tcon_selected
&& cifs_chan_needs_reconnect(ses
, server
)) {
3877 list_add_tail(&ses
->rlist
, &tmp_ses_list
);
3879 cifs_smb_ses_inc_refcount(ses
);
3881 spin_unlock(&ses
->chan_lock
);
3884 spin_unlock(&cifs_tcp_ses_lock
);
3886 list_for_each_entry_safe(tcon
, tcon2
, &tmp_list
, rlist
) {
3887 rc
= smb2_reconnect(SMB2_INTERNAL_CMD
, tcon
, server
);
3889 cifs_reopen_persistent_handles(tcon
);
3892 list_del_init(&tcon
->rlist
);
3894 cifs_put_smb_ses(tcon
->ses
);
3896 cifs_put_tcon(tcon
);
3902 /* allocate a dummy tcon struct used for reconnect */
3903 tcon
= tcon_info_alloc(false);
3906 list_for_each_entry_safe(ses
, ses2
, &tmp_ses_list
, rlist
) {
3907 list_del_init(&ses
->rlist
);
3908 cifs_put_smb_ses(ses
);
3913 tcon
->status
= TID_GOOD
;
3914 tcon
->retry
= false;
3915 tcon
->need_reconnect
= false;
3917 /* now reconnect sessions for necessary channels */
3918 list_for_each_entry_safe(ses
, ses2
, &tmp_ses_list
, rlist
) {
3920 rc
= smb2_reconnect(SMB2_INTERNAL_CMD
, tcon
, server
);
3923 list_del_init(&ses
->rlist
);
3924 cifs_put_smb_ses(ses
);
3929 cifs_dbg(FYI
, "Reconnecting tcons and channels finished\n");
3931 queue_delayed_work(cifsiod_wq
, &server
->reconnect
, 2 * HZ
);
3932 mutex_unlock(&pserver
->reconnect_mutex
);
3934 /* no need to put tcp session as we're retrying */
3937 mutex_unlock(&pserver
->reconnect_mutex
);
3939 /* now we can safely release srv struct */
3940 cifs_put_tcp_session(server
, true);
3944 SMB2_echo(struct TCP_Server_Info
*server
)
3946 struct smb2_echo_req
*req
;
3949 struct smb_rqst rqst
= { .rq_iov
= iov
,
3951 unsigned int total_len
;
3953 cifs_dbg(FYI
, "In echo request for conn_id %lld\n", server
->conn_id
);
3955 spin_lock(&server
->srv_lock
);
3956 if (server
->ops
->need_neg
&&
3957 server
->ops
->need_neg(server
)) {
3958 spin_unlock(&server
->srv_lock
);
3959 /* No need to send echo on newly established connections */
3960 spin_lock(&cifs_tcp_ses_lock
);
3961 server
->srv_count
++;
3962 spin_unlock(&cifs_tcp_ses_lock
);
3963 if (mod_delayed_work(cifsiod_wq
, &server
->reconnect
, 0))
3964 cifs_put_tcp_session(server
, false);
3968 spin_unlock(&server
->srv_lock
);
3970 rc
= smb2_plain_req_init(SMB2_ECHO
, NULL
, server
,
3971 (void **)&req
, &total_len
);
3975 req
->hdr
.CreditRequest
= cpu_to_le16(1);
3977 iov
[0].iov_len
= total_len
;
3978 iov
[0].iov_base
= (char *)req
;
3980 rc
= cifs_call_async(server
, &rqst
, NULL
, smb2_echo_callback
, NULL
,
3981 server
, CIFS_ECHO_OP
, NULL
);
3983 cifs_dbg(FYI
, "Echo request failed: %d\n", rc
);
3985 cifs_small_buf_release(req
);
3990 SMB2_flush_free(struct smb_rqst
*rqst
)
3992 if (rqst
&& rqst
->rq_iov
)
3993 cifs_small_buf_release(rqst
->rq_iov
[0].iov_base
); /* request */
3997 SMB2_flush_init(const unsigned int xid
, struct smb_rqst
*rqst
,
3998 struct cifs_tcon
*tcon
, struct TCP_Server_Info
*server
,
3999 u64 persistent_fid
, u64 volatile_fid
)
4001 struct smb2_flush_req
*req
;
4002 struct kvec
*iov
= rqst
->rq_iov
;
4003 unsigned int total_len
;
4006 rc
= smb2_plain_req_init(SMB2_FLUSH
, tcon
, server
,
4007 (void **) &req
, &total_len
);
4011 req
->PersistentFileId
= persistent_fid
;
4012 req
->VolatileFileId
= volatile_fid
;
4014 iov
[0].iov_base
= (char *)req
;
4015 iov
[0].iov_len
= total_len
;
4021 SMB2_flush(const unsigned int xid
, struct cifs_tcon
*tcon
, u64 persistent_fid
,
4024 struct cifs_ses
*ses
= tcon
->ses
;
4025 struct smb_rqst rqst
;
4027 struct kvec rsp_iov
= {NULL
, 0};
4028 struct TCP_Server_Info
*server
= cifs_pick_channel(ses
);
4029 int resp_buftype
= CIFS_NO_BUFFER
;
4033 cifs_dbg(FYI
, "flush\n");
4034 if (!ses
|| !(ses
->server
))
4037 if (smb3_encryption_required(tcon
))
4038 flags
|= CIFS_TRANSFORM_REQ
;
4040 memset(&rqst
, 0, sizeof(struct smb_rqst
));
4041 memset(&iov
, 0, sizeof(iov
));
4045 rc
= SMB2_flush_init(xid
, &rqst
, tcon
, server
,
4046 persistent_fid
, volatile_fid
);
4050 trace_smb3_flush_enter(xid
, persistent_fid
, tcon
->tid
, ses
->Suid
);
4051 rc
= cifs_send_recv(xid
, ses
, server
,
4052 &rqst
, &resp_buftype
, flags
, &rsp_iov
);
4055 cifs_stats_fail_inc(tcon
, SMB2_FLUSH_HE
);
4056 trace_smb3_flush_err(xid
, persistent_fid
, tcon
->tid
, ses
->Suid
,
4059 trace_smb3_flush_done(xid
, persistent_fid
, tcon
->tid
,
4063 SMB2_flush_free(&rqst
);
4064 free_rsp_buf(resp_buftype
, rsp_iov
.iov_base
);
4068 #ifdef CONFIG_CIFS_SMB_DIRECT
4069 static inline bool smb3_use_rdma_offload(struct cifs_io_parms
*io_parms
)
4071 struct TCP_Server_Info
*server
= io_parms
->server
;
4072 struct cifs_tcon
*tcon
= io_parms
->tcon
;
4074 /* we can only offload if we're connected */
4075 if (!server
|| !tcon
)
4078 /* we can only offload on an rdma connection */
4079 if (!server
->rdma
|| !server
->smbd_conn
)
4082 /* we don't support signed offload yet */
4086 /* we don't support encrypted offload yet */
4087 if (smb3_encryption_required(tcon
))
4090 /* offload also has its overhead, so only do it if desired */
4091 if (io_parms
->length
< server
->smbd_conn
->rdma_readwrite_threshold
)
4096 #endif /* CONFIG_CIFS_SMB_DIRECT */
4099 * To form a chain of read requests, any read requests after the first should
4100 * have the end_of_chain boolean set to true.
4103 smb2_new_read_req(void **buf
, unsigned int *total_len
,
4104 struct cifs_io_parms
*io_parms
, struct cifs_readdata
*rdata
,
4105 unsigned int remaining_bytes
, int request_type
)
4108 struct smb2_read_req
*req
= NULL
;
4109 struct smb2_hdr
*shdr
;
4110 struct TCP_Server_Info
*server
= io_parms
->server
;
4112 rc
= smb2_plain_req_init(SMB2_READ
, io_parms
->tcon
, server
,
4113 (void **) &req
, total_len
);
4118 return -ECONNABORTED
;
4121 shdr
->Id
.SyncId
.ProcessId
= cpu_to_le32(io_parms
->pid
);
4123 req
->PersistentFileId
= io_parms
->persistent_fid
;
4124 req
->VolatileFileId
= io_parms
->volatile_fid
;
4125 req
->ReadChannelInfoOffset
= 0; /* reserved */
4126 req
->ReadChannelInfoLength
= 0; /* reserved */
4127 req
->Channel
= 0; /* reserved */
4128 req
->MinimumCount
= 0;
4129 req
->Length
= cpu_to_le32(io_parms
->length
);
4130 req
->Offset
= cpu_to_le64(io_parms
->offset
);
4132 trace_smb3_read_enter(0 /* xid */,
4133 io_parms
->persistent_fid
,
4134 io_parms
->tcon
->tid
, io_parms
->tcon
->ses
->Suid
,
4135 io_parms
->offset
, io_parms
->length
);
4136 #ifdef CONFIG_CIFS_SMB_DIRECT
4138 * If we want to do a RDMA write, fill in and append
4139 * smbd_buffer_descriptor_v1 to the end of read request
4141 if (smb3_use_rdma_offload(io_parms
)) {
4142 struct smbd_buffer_descriptor_v1
*v1
;
4143 bool need_invalidate
= server
->dialect
== SMB30_PROT_ID
;
4145 rdata
->mr
= smbd_register_mr(server
->smbd_conn
, &rdata
->iter
,
4146 true, need_invalidate
);
4150 req
->Channel
= SMB2_CHANNEL_RDMA_V1_INVALIDATE
;
4151 if (need_invalidate
)
4152 req
->Channel
= SMB2_CHANNEL_RDMA_V1
;
4153 req
->ReadChannelInfoOffset
=
4154 cpu_to_le16(offsetof(struct smb2_read_req
, Buffer
));
4155 req
->ReadChannelInfoLength
=
4156 cpu_to_le16(sizeof(struct smbd_buffer_descriptor_v1
));
4157 v1
= (struct smbd_buffer_descriptor_v1
*) &req
->Buffer
[0];
4158 v1
->offset
= cpu_to_le64(rdata
->mr
->mr
->iova
);
4159 v1
->token
= cpu_to_le32(rdata
->mr
->mr
->rkey
);
4160 v1
->length
= cpu_to_le32(rdata
->mr
->mr
->length
);
4162 *total_len
+= sizeof(*v1
) - 1;
4165 if (request_type
& CHAINED_REQUEST
) {
4166 if (!(request_type
& END_OF_CHAIN
)) {
4167 /* next 8-byte aligned request */
4168 *total_len
= ALIGN(*total_len
, 8);
4169 shdr
->NextCommand
= cpu_to_le32(*total_len
);
4170 } else /* END_OF_CHAIN */
4171 shdr
->NextCommand
= 0;
4172 if (request_type
& RELATED_REQUEST
) {
4173 shdr
->Flags
|= SMB2_FLAGS_RELATED_OPERATIONS
;
4175 * Related requests use info from previous read request
4178 shdr
->SessionId
= cpu_to_le64(0xFFFFFFFFFFFFFFFF);
4179 shdr
->Id
.SyncId
.TreeId
= cpu_to_le32(0xFFFFFFFF);
4180 req
->PersistentFileId
= (u64
)-1;
4181 req
->VolatileFileId
= (u64
)-1;
4184 if (remaining_bytes
> io_parms
->length
)
4185 req
->RemainingBytes
= cpu_to_le32(remaining_bytes
);
4187 req
->RemainingBytes
= 0;
4194 smb2_readv_callback(struct mid_q_entry
*mid
)
4196 struct cifs_readdata
*rdata
= mid
->callback_data
;
4197 struct cifs_tcon
*tcon
= tlink_tcon(rdata
->cfile
->tlink
);
4198 struct TCP_Server_Info
*server
= rdata
->server
;
4199 struct smb2_hdr
*shdr
=
4200 (struct smb2_hdr
*)rdata
->iov
[0].iov_base
;
4201 struct cifs_credits credits
= { .value
= 0, .instance
= 0 };
4202 struct smb_rqst rqst
= { .rq_iov
= &rdata
->iov
[1], .rq_nvec
= 1 };
4204 if (rdata
->got_bytes
) {
4205 rqst
.rq_iter
= rdata
->iter
;
4206 rqst
.rq_iter_size
= iov_iter_count(&rdata
->iter
);
4209 WARN_ONCE(rdata
->server
!= mid
->server
,
4210 "rdata server %p != mid server %p",
4211 rdata
->server
, mid
->server
);
4213 cifs_dbg(FYI
, "%s: mid=%llu state=%d result=%d bytes=%u\n",
4214 __func__
, mid
->mid
, mid
->mid_state
, rdata
->result
,
4217 switch (mid
->mid_state
) {
4218 case MID_RESPONSE_RECEIVED
:
4219 credits
.value
= le16_to_cpu(shdr
->CreditRequest
);
4220 credits
.instance
= server
->reconnect_instance
;
4221 /* result already set, check signature */
4222 if (server
->sign
&& !mid
->decrypted
) {
4225 iov_iter_revert(&rqst
.rq_iter
, rdata
->got_bytes
);
4226 iov_iter_truncate(&rqst
.rq_iter
, rdata
->got_bytes
);
4227 rc
= smb2_verify_signature(&rqst
, server
);
4229 cifs_tcon_dbg(VFS
, "SMB signature verification returned error = %d\n",
4232 /* FIXME: should this be counted toward the initiating task? */
4233 task_io_account_read(rdata
->got_bytes
);
4234 cifs_stats_bytes_read(tcon
, rdata
->got_bytes
);
4236 case MID_REQUEST_SUBMITTED
:
4237 case MID_RETRY_NEEDED
:
4238 rdata
->result
= -EAGAIN
;
4239 if (server
->sign
&& rdata
->got_bytes
)
4240 /* reset bytes number since we can not check a sign */
4241 rdata
->got_bytes
= 0;
4242 /* FIXME: should this be counted toward the initiating task? */
4243 task_io_account_read(rdata
->got_bytes
);
4244 cifs_stats_bytes_read(tcon
, rdata
->got_bytes
);
4246 case MID_RESPONSE_MALFORMED
:
4247 credits
.value
= le16_to_cpu(shdr
->CreditRequest
);
4248 credits
.instance
= server
->reconnect_instance
;
4251 rdata
->result
= -EIO
;
4253 #ifdef CONFIG_CIFS_SMB_DIRECT
4255 * If this rdata has a memmory registered, the MR can be freed
4256 * MR needs to be freed as soon as I/O finishes to prevent deadlock
4257 * because they have limited number and are used for future I/Os
4260 smbd_deregister_mr(rdata
->mr
);
4264 if (rdata
->result
&& rdata
->result
!= -ENODATA
) {
4265 cifs_stats_fail_inc(tcon
, SMB2_READ_HE
);
4266 trace_smb3_read_err(0 /* xid */,
4267 rdata
->cfile
->fid
.persistent_fid
,
4268 tcon
->tid
, tcon
->ses
->Suid
, rdata
->offset
,
4269 rdata
->bytes
, rdata
->result
);
4271 trace_smb3_read_done(0 /* xid */,
4272 rdata
->cfile
->fid
.persistent_fid
,
4273 tcon
->tid
, tcon
->ses
->Suid
,
4274 rdata
->offset
, rdata
->got_bytes
);
4276 queue_work(cifsiod_wq
, &rdata
->work
);
4278 add_credits(server
, &credits
, 0);
4281 /* smb2_async_readv - send an async read, and set up mid to handle result */
4283 smb2_async_readv(struct cifs_readdata
*rdata
)
4287 struct smb2_hdr
*shdr
;
4288 struct cifs_io_parms io_parms
;
4289 struct smb_rqst rqst
= { .rq_iov
= rdata
->iov
,
4291 struct TCP_Server_Info
*server
;
4292 struct cifs_tcon
*tcon
= tlink_tcon(rdata
->cfile
->tlink
);
4293 unsigned int total_len
;
4296 cifs_dbg(FYI
, "%s: offset=%llu bytes=%u\n",
4297 __func__
, rdata
->offset
, rdata
->bytes
);
4300 rdata
->server
= cifs_pick_channel(tcon
->ses
);
4302 io_parms
.tcon
= tlink_tcon(rdata
->cfile
->tlink
);
4303 io_parms
.server
= server
= rdata
->server
;
4304 io_parms
.offset
= rdata
->offset
;
4305 io_parms
.length
= rdata
->bytes
;
4306 io_parms
.persistent_fid
= rdata
->cfile
->fid
.persistent_fid
;
4307 io_parms
.volatile_fid
= rdata
->cfile
->fid
.volatile_fid
;
4308 io_parms
.pid
= rdata
->pid
;
4310 rc
= smb2_new_read_req(
4311 (void **) &buf
, &total_len
, &io_parms
, rdata
, 0, 0);
4315 if (smb3_encryption_required(io_parms
.tcon
))
4316 flags
|= CIFS_TRANSFORM_REQ
;
4318 rdata
->iov
[0].iov_base
= buf
;
4319 rdata
->iov
[0].iov_len
= total_len
;
4321 shdr
= (struct smb2_hdr
*)buf
;
4323 if (rdata
->credits
.value
> 0) {
4324 shdr
->CreditCharge
= cpu_to_le16(DIV_ROUND_UP(rdata
->bytes
,
4325 SMB2_MAX_BUFFER_SIZE
));
4326 credit_request
= le16_to_cpu(shdr
->CreditCharge
) + 8;
4327 if (server
->credits
>= server
->max_credits
)
4328 shdr
->CreditRequest
= cpu_to_le16(0);
4330 shdr
->CreditRequest
= cpu_to_le16(
4331 min_t(int, server
->max_credits
-
4332 server
->credits
, credit_request
));
4334 rc
= adjust_credits(server
, &rdata
->credits
, rdata
->bytes
);
4336 goto async_readv_out
;
4338 flags
|= CIFS_HAS_CREDITS
;
4341 kref_get(&rdata
->refcount
);
4342 rc
= cifs_call_async(server
, &rqst
,
4343 cifs_readv_receive
, smb2_readv_callback
,
4344 smb3_handle_read_data
, rdata
, flags
,
4347 kref_put(&rdata
->refcount
, cifs_readdata_release
);
4348 cifs_stats_fail_inc(io_parms
.tcon
, SMB2_READ_HE
);
4349 trace_smb3_read_err(0 /* xid */, io_parms
.persistent_fid
,
4351 io_parms
.tcon
->ses
->Suid
,
4352 io_parms
.offset
, io_parms
.length
, rc
);
4356 cifs_small_buf_release(buf
);
4361 SMB2_read(const unsigned int xid
, struct cifs_io_parms
*io_parms
,
4362 unsigned int *nbytes
, char **buf
, int *buf_type
)
4364 struct smb_rqst rqst
;
4365 int resp_buftype
, rc
;
4366 struct smb2_read_req
*req
= NULL
;
4367 struct smb2_read_rsp
*rsp
= NULL
;
4369 struct kvec rsp_iov
;
4370 unsigned int total_len
;
4371 int flags
= CIFS_LOG_ERROR
;
4372 struct cifs_ses
*ses
= io_parms
->tcon
->ses
;
4374 if (!io_parms
->server
)
4375 io_parms
->server
= cifs_pick_channel(io_parms
->tcon
->ses
);
4378 rc
= smb2_new_read_req((void **)&req
, &total_len
, io_parms
, NULL
, 0, 0);
4382 if (smb3_encryption_required(io_parms
->tcon
))
4383 flags
|= CIFS_TRANSFORM_REQ
;
4385 iov
[0].iov_base
= (char *)req
;
4386 iov
[0].iov_len
= total_len
;
4388 memset(&rqst
, 0, sizeof(struct smb_rqst
));
4392 rc
= cifs_send_recv(xid
, ses
, io_parms
->server
,
4393 &rqst
, &resp_buftype
, flags
, &rsp_iov
);
4394 rsp
= (struct smb2_read_rsp
*)rsp_iov
.iov_base
;
4397 if (rc
!= -ENODATA
) {
4398 cifs_stats_fail_inc(io_parms
->tcon
, SMB2_READ_HE
);
4399 cifs_dbg(VFS
, "Send error in read = %d\n", rc
);
4400 trace_smb3_read_err(xid
,
4401 req
->PersistentFileId
,
4402 io_parms
->tcon
->tid
, ses
->Suid
,
4403 io_parms
->offset
, io_parms
->length
,
4406 trace_smb3_read_done(xid
, req
->PersistentFileId
, io_parms
->tcon
->tid
,
4407 ses
->Suid
, io_parms
->offset
, 0);
4408 free_rsp_buf(resp_buftype
, rsp_iov
.iov_base
);
4409 cifs_small_buf_release(req
);
4410 return rc
== -ENODATA
? 0 : rc
;
4412 trace_smb3_read_done(xid
,
4413 req
->PersistentFileId
,
4414 io_parms
->tcon
->tid
, ses
->Suid
,
4415 io_parms
->offset
, io_parms
->length
);
4417 cifs_small_buf_release(req
);
4419 *nbytes
= le32_to_cpu(rsp
->DataLength
);
4420 if ((*nbytes
> CIFS_MAX_MSGSIZE
) ||
4421 (*nbytes
> io_parms
->length
)) {
4422 cifs_dbg(FYI
, "bad length %d for count %d\n",
4423 *nbytes
, io_parms
->length
);
4429 memcpy(*buf
, (char *)rsp
+ rsp
->DataOffset
, *nbytes
);
4430 free_rsp_buf(resp_buftype
, rsp_iov
.iov_base
);
4431 } else if (resp_buftype
!= CIFS_NO_BUFFER
) {
4432 *buf
= rsp_iov
.iov_base
;
4433 if (resp_buftype
== CIFS_SMALL_BUFFER
)
4434 *buf_type
= CIFS_SMALL_BUFFER
;
4435 else if (resp_buftype
== CIFS_LARGE_BUFFER
)
4436 *buf_type
= CIFS_LARGE_BUFFER
;
4442 * Check the mid_state and signature on received buffer (if any), and queue the
4443 * workqueue completion task.
4446 smb2_writev_callback(struct mid_q_entry
*mid
)
4448 struct cifs_writedata
*wdata
= mid
->callback_data
;
4449 struct cifs_tcon
*tcon
= tlink_tcon(wdata
->cfile
->tlink
);
4450 struct TCP_Server_Info
*server
= wdata
->server
;
4451 unsigned int written
;
4452 struct smb2_write_rsp
*rsp
= (struct smb2_write_rsp
*)mid
->resp_buf
;
4453 struct cifs_credits credits
= { .value
= 0, .instance
= 0 };
4455 WARN_ONCE(wdata
->server
!= mid
->server
,
4456 "wdata server %p != mid server %p",
4457 wdata
->server
, mid
->server
);
4459 switch (mid
->mid_state
) {
4460 case MID_RESPONSE_RECEIVED
:
4461 credits
.value
= le16_to_cpu(rsp
->hdr
.CreditRequest
);
4462 credits
.instance
= server
->reconnect_instance
;
4463 wdata
->result
= smb2_check_receive(mid
, server
, 0);
4464 if (wdata
->result
!= 0)
4467 written
= le32_to_cpu(rsp
->DataLength
);
4469 * Mask off high 16 bits when bytes written as returned
4470 * by the server is greater than bytes requested by the
4471 * client. OS/2 servers are known to set incorrect
4474 if (written
> wdata
->bytes
)
4477 if (written
< wdata
->bytes
)
4478 wdata
->result
= -ENOSPC
;
4480 wdata
->bytes
= written
;
4482 case MID_REQUEST_SUBMITTED
:
4483 case MID_RETRY_NEEDED
:
4484 wdata
->result
= -EAGAIN
;
4486 case MID_RESPONSE_MALFORMED
:
4487 credits
.value
= le16_to_cpu(rsp
->hdr
.CreditRequest
);
4488 credits
.instance
= server
->reconnect_instance
;
4491 wdata
->result
= -EIO
;
4494 #ifdef CONFIG_CIFS_SMB_DIRECT
4496 * If this wdata has a memory registered, the MR can be freed
4497 * The number of MRs available is limited, it's important to recover
4498 * used MR as soon as I/O is finished. Hold MR longer in the later
4499 * I/O process can possibly result in I/O deadlock due to lack of MR
4500 * to send request on I/O retry
4503 smbd_deregister_mr(wdata
->mr
);
4507 if (wdata
->result
) {
4508 cifs_stats_fail_inc(tcon
, SMB2_WRITE_HE
);
4509 trace_smb3_write_err(0 /* no xid */,
4510 wdata
->cfile
->fid
.persistent_fid
,
4511 tcon
->tid
, tcon
->ses
->Suid
, wdata
->offset
,
4512 wdata
->bytes
, wdata
->result
);
4513 if (wdata
->result
== -ENOSPC
)
4514 pr_warn_once("Out of space writing to %s\n",
4517 trace_smb3_write_done(0 /* no xid */,
4518 wdata
->cfile
->fid
.persistent_fid
,
4519 tcon
->tid
, tcon
->ses
->Suid
,
4520 wdata
->offset
, wdata
->bytes
);
4522 queue_work(cifsiod_wq
, &wdata
->work
);
4524 add_credits(server
, &credits
, 0);
4527 /* smb2_async_writev - send an async write, and set up mid to handle result */
4529 smb2_async_writev(struct cifs_writedata
*wdata
,
4530 void (*release
)(struct kref
*kref
))
4532 int rc
= -EACCES
, flags
= 0;
4533 struct smb2_write_req
*req
= NULL
;
4534 struct smb2_hdr
*shdr
;
4535 struct cifs_tcon
*tcon
= tlink_tcon(wdata
->cfile
->tlink
);
4536 struct TCP_Server_Info
*server
= wdata
->server
;
4538 struct smb_rqst rqst
= { };
4539 unsigned int total_len
;
4540 struct cifs_io_parms _io_parms
;
4541 struct cifs_io_parms
*io_parms
= NULL
;
4545 server
= wdata
->server
= cifs_pick_channel(tcon
->ses
);
4548 * in future we may get cifs_io_parms passed in from the caller,
4549 * but for now we construct it here...
4551 _io_parms
= (struct cifs_io_parms
) {
4554 .offset
= wdata
->offset
,
4555 .length
= wdata
->bytes
,
4556 .persistent_fid
= wdata
->cfile
->fid
.persistent_fid
,
4557 .volatile_fid
= wdata
->cfile
->fid
.volatile_fid
,
4560 io_parms
= &_io_parms
;
4562 rc
= smb2_plain_req_init(SMB2_WRITE
, tcon
, server
,
4563 (void **) &req
, &total_len
);
4567 if (smb3_encryption_required(tcon
))
4568 flags
|= CIFS_TRANSFORM_REQ
;
4570 shdr
= (struct smb2_hdr
*)req
;
4571 shdr
->Id
.SyncId
.ProcessId
= cpu_to_le32(io_parms
->pid
);
4573 req
->PersistentFileId
= io_parms
->persistent_fid
;
4574 req
->VolatileFileId
= io_parms
->volatile_fid
;
4575 req
->WriteChannelInfoOffset
= 0;
4576 req
->WriteChannelInfoLength
= 0;
4577 req
->Channel
= SMB2_CHANNEL_NONE
;
4578 req
->Offset
= cpu_to_le64(io_parms
->offset
);
4579 req
->DataOffset
= cpu_to_le16(
4580 offsetof(struct smb2_write_req
, Buffer
));
4581 req
->RemainingBytes
= 0;
4583 trace_smb3_write_enter(0 /* xid */,
4584 io_parms
->persistent_fid
,
4585 io_parms
->tcon
->tid
,
4586 io_parms
->tcon
->ses
->Suid
,
4590 #ifdef CONFIG_CIFS_SMB_DIRECT
4592 * If we want to do a server RDMA read, fill in and append
4593 * smbd_buffer_descriptor_v1 to the end of write request
4595 if (smb3_use_rdma_offload(io_parms
)) {
4596 struct smbd_buffer_descriptor_v1
*v1
;
4597 size_t data_size
= iov_iter_count(&wdata
->iter
);
4598 bool need_invalidate
= server
->dialect
== SMB30_PROT_ID
;
4600 wdata
->mr
= smbd_register_mr(server
->smbd_conn
, &wdata
->iter
,
4601 false, need_invalidate
);
4604 goto async_writev_out
;
4607 req
->DataOffset
= 0;
4608 req
->RemainingBytes
= cpu_to_le32(data_size
);
4609 req
->Channel
= SMB2_CHANNEL_RDMA_V1_INVALIDATE
;
4610 if (need_invalidate
)
4611 req
->Channel
= SMB2_CHANNEL_RDMA_V1
;
4612 req
->WriteChannelInfoOffset
=
4613 cpu_to_le16(offsetof(struct smb2_write_req
, Buffer
));
4614 req
->WriteChannelInfoLength
=
4615 cpu_to_le16(sizeof(struct smbd_buffer_descriptor_v1
));
4616 v1
= (struct smbd_buffer_descriptor_v1
*) &req
->Buffer
[0];
4617 v1
->offset
= cpu_to_le64(wdata
->mr
->mr
->iova
);
4618 v1
->token
= cpu_to_le32(wdata
->mr
->mr
->rkey
);
4619 v1
->length
= cpu_to_le32(wdata
->mr
->mr
->length
);
4622 iov
[0].iov_len
= total_len
- 1;
4623 iov
[0].iov_base
= (char *)req
;
4627 rqst
.rq_iter
= wdata
->iter
;
4628 rqst
.rq_iter_size
= iov_iter_count(&rqst
.rq_iter
);
4629 #ifdef CONFIG_CIFS_SMB_DIRECT
4631 iov
[0].iov_len
+= sizeof(struct smbd_buffer_descriptor_v1
);
4633 cifs_dbg(FYI
, "async write at %llu %u bytes iter=%zx\n",
4634 io_parms
->offset
, io_parms
->length
, iov_iter_count(&rqst
.rq_iter
));
4636 #ifdef CONFIG_CIFS_SMB_DIRECT
4637 /* For RDMA read, I/O size is in RemainingBytes not in Length */
4639 req
->Length
= cpu_to_le32(io_parms
->length
);
4641 req
->Length
= cpu_to_le32(io_parms
->length
);
4644 if (wdata
->credits
.value
> 0) {
4645 shdr
->CreditCharge
= cpu_to_le16(DIV_ROUND_UP(wdata
->bytes
,
4646 SMB2_MAX_BUFFER_SIZE
));
4647 credit_request
= le16_to_cpu(shdr
->CreditCharge
) + 8;
4648 if (server
->credits
>= server
->max_credits
)
4649 shdr
->CreditRequest
= cpu_to_le16(0);
4651 shdr
->CreditRequest
= cpu_to_le16(
4652 min_t(int, server
->max_credits
-
4653 server
->credits
, credit_request
));
4655 rc
= adjust_credits(server
, &wdata
->credits
, io_parms
->length
);
4657 goto async_writev_out
;
4659 flags
|= CIFS_HAS_CREDITS
;
4662 kref_get(&wdata
->refcount
);
4663 rc
= cifs_call_async(server
, &rqst
, NULL
, smb2_writev_callback
, NULL
,
4664 wdata
, flags
, &wdata
->credits
);
4667 trace_smb3_write_err(0 /* no xid */,
4668 io_parms
->persistent_fid
,
4669 io_parms
->tcon
->tid
,
4670 io_parms
->tcon
->ses
->Suid
,
4674 kref_put(&wdata
->refcount
, release
);
4675 cifs_stats_fail_inc(tcon
, SMB2_WRITE_HE
);
4679 cifs_small_buf_release(req
);
4684 * SMB2_write function gets iov pointer to kvec array with n_vec as a length.
4685 * The length field from io_parms must be at least 1 and indicates a number of
4686 * elements with data to write that begins with position 1 in iov array. All
4687 * data length is specified by count.
4690 SMB2_write(const unsigned int xid
, struct cifs_io_parms
*io_parms
,
4691 unsigned int *nbytes
, struct kvec
*iov
, int n_vec
)
4693 struct smb_rqst rqst
;
4695 struct smb2_write_req
*req
= NULL
;
4696 struct smb2_write_rsp
*rsp
= NULL
;
4698 struct kvec rsp_iov
;
4700 unsigned int total_len
;
4701 struct TCP_Server_Info
*server
;
4708 if (!io_parms
->server
)
4709 io_parms
->server
= cifs_pick_channel(io_parms
->tcon
->ses
);
4710 server
= io_parms
->server
;
4712 return -ECONNABORTED
;
4714 rc
= smb2_plain_req_init(SMB2_WRITE
, io_parms
->tcon
, server
,
4715 (void **) &req
, &total_len
);
4719 if (smb3_encryption_required(io_parms
->tcon
))
4720 flags
|= CIFS_TRANSFORM_REQ
;
4722 req
->hdr
.Id
.SyncId
.ProcessId
= cpu_to_le32(io_parms
->pid
);
4724 req
->PersistentFileId
= io_parms
->persistent_fid
;
4725 req
->VolatileFileId
= io_parms
->volatile_fid
;
4726 req
->WriteChannelInfoOffset
= 0;
4727 req
->WriteChannelInfoLength
= 0;
4729 req
->Length
= cpu_to_le32(io_parms
->length
);
4730 req
->Offset
= cpu_to_le64(io_parms
->offset
);
4731 req
->DataOffset
= cpu_to_le16(
4732 offsetof(struct smb2_write_req
, Buffer
));
4733 req
->RemainingBytes
= 0;
4735 trace_smb3_write_enter(xid
, io_parms
->persistent_fid
,
4736 io_parms
->tcon
->tid
, io_parms
->tcon
->ses
->Suid
,
4737 io_parms
->offset
, io_parms
->length
);
4739 iov
[0].iov_base
= (char *)req
;
4741 iov
[0].iov_len
= total_len
- 1;
4743 memset(&rqst
, 0, sizeof(struct smb_rqst
));
4745 rqst
.rq_nvec
= n_vec
+ 1;
4747 rc
= cifs_send_recv(xid
, io_parms
->tcon
->ses
, server
,
4749 &resp_buftype
, flags
, &rsp_iov
);
4750 rsp
= (struct smb2_write_rsp
*)rsp_iov
.iov_base
;
4753 trace_smb3_write_err(xid
,
4754 req
->PersistentFileId
,
4755 io_parms
->tcon
->tid
,
4756 io_parms
->tcon
->ses
->Suid
,
4757 io_parms
->offset
, io_parms
->length
, rc
);
4758 cifs_stats_fail_inc(io_parms
->tcon
, SMB2_WRITE_HE
);
4759 cifs_dbg(VFS
, "Send error in write = %d\n", rc
);
4761 *nbytes
= le32_to_cpu(rsp
->DataLength
);
4762 trace_smb3_write_done(xid
,
4763 req
->PersistentFileId
,
4764 io_parms
->tcon
->tid
,
4765 io_parms
->tcon
->ses
->Suid
,
4766 io_parms
->offset
, *nbytes
);
4769 cifs_small_buf_release(req
);
4770 free_rsp_buf(resp_buftype
, rsp
);
4774 int posix_info_sid_size(const void *beg
, const void *end
)
4782 subauth
= *(u8
*)(beg
+1);
4783 if (subauth
< 1 || subauth
> 15)
4786 total
= 1 + 1 + 6 + 4*subauth
;
4787 if (beg
+ total
> end
)
4793 int posix_info_parse(const void *beg
, const void *end
,
4794 struct smb2_posix_info_parsed
*out
)
4798 int owner_len
, group_len
;
4800 const void *owner_sid
;
4801 const void *group_sid
;
4804 /* if no end bound given, assume payload to be correct */
4806 const struct smb2_posix_info
*p
= beg
;
4808 end
= beg
+ le32_to_cpu(p
->NextEntryOffset
);
4809 /* last element will have a 0 offset, pick a sensible bound */
4814 /* check base buf */
4815 if (beg
+ sizeof(struct smb2_posix_info
) > end
)
4817 total_len
= sizeof(struct smb2_posix_info
);
4819 /* check owner sid */
4820 owner_sid
= beg
+ total_len
;
4821 owner_len
= posix_info_sid_size(owner_sid
, end
);
4824 total_len
+= owner_len
;
4826 /* check group sid */
4827 group_sid
= beg
+ total_len
;
4828 group_len
= posix_info_sid_size(group_sid
, end
);
4831 total_len
+= group_len
;
4833 /* check name len */
4834 if (beg
+ total_len
+ 4 > end
)
4836 name_len
= le32_to_cpu(*(__le32
*)(beg
+ total_len
));
4837 if (name_len
< 1 || name_len
> 0xFFFF)
4842 name
= beg
+ total_len
;
4843 if (name
+ name_len
> end
)
4845 total_len
+= name_len
;
4849 out
->size
= total_len
;
4850 out
->name_len
= name_len
;
4852 memcpy(&out
->owner
, owner_sid
, owner_len
);
4853 memcpy(&out
->group
, group_sid
, group_len
);
4858 static int posix_info_extra_size(const void *beg
, const void *end
)
4860 int len
= posix_info_parse(beg
, end
, NULL
);
4864 return len
- sizeof(struct smb2_posix_info
);
4868 num_entries(int infotype
, char *bufstart
, char *end_of_buf
, char **lastentry
,
4872 unsigned int entrycount
= 0;
4873 unsigned int next_offset
= 0;
4875 FILE_DIRECTORY_INFO
*dir_info
;
4877 if (bufstart
== NULL
)
4880 entryptr
= bufstart
;
4883 if (entryptr
+ next_offset
< entryptr
||
4884 entryptr
+ next_offset
> end_of_buf
||
4885 entryptr
+ next_offset
+ size
> end_of_buf
) {
4886 cifs_dbg(VFS
, "malformed search entry would overflow\n");
4890 entryptr
= entryptr
+ next_offset
;
4891 dir_info
= (FILE_DIRECTORY_INFO
*)entryptr
;
4893 if (infotype
== SMB_FIND_FILE_POSIX_INFO
)
4894 len
= posix_info_extra_size(entryptr
, end_of_buf
);
4896 len
= le32_to_cpu(dir_info
->FileNameLength
);
4899 entryptr
+ len
< entryptr
||
4900 entryptr
+ len
> end_of_buf
||
4901 entryptr
+ len
+ size
> end_of_buf
) {
4902 cifs_dbg(VFS
, "directory entry name would overflow frame end of buf %p\n",
4907 *lastentry
= entryptr
;
4910 next_offset
= le32_to_cpu(dir_info
->NextEntryOffset
);
4921 int SMB2_query_directory_init(const unsigned int xid
,
4922 struct cifs_tcon
*tcon
,
4923 struct TCP_Server_Info
*server
,
4924 struct smb_rqst
*rqst
,
4925 u64 persistent_fid
, u64 volatile_fid
,
4926 int index
, int info_level
)
4928 struct smb2_query_directory_req
*req
;
4929 unsigned char *bufptr
;
4930 __le16 asteriks
= cpu_to_le16('*');
4931 unsigned int output_size
= CIFSMaxBufSize
-
4932 MAX_SMB2_CREATE_RESPONSE_SIZE
-
4933 MAX_SMB2_CLOSE_RESPONSE_SIZE
;
4934 unsigned int total_len
;
4935 struct kvec
*iov
= rqst
->rq_iov
;
4938 rc
= smb2_plain_req_init(SMB2_QUERY_DIRECTORY
, tcon
, server
,
4939 (void **) &req
, &total_len
);
4943 switch (info_level
) {
4944 case SMB_FIND_FILE_DIRECTORY_INFO
:
4945 req
->FileInformationClass
= FILE_DIRECTORY_INFORMATION
;
4947 case SMB_FIND_FILE_ID_FULL_DIR_INFO
:
4948 req
->FileInformationClass
= FILEID_FULL_DIRECTORY_INFORMATION
;
4950 case SMB_FIND_FILE_POSIX_INFO
:
4951 req
->FileInformationClass
= SMB_FIND_FILE_POSIX_INFO
;
4954 cifs_tcon_dbg(VFS
, "info level %u isn't supported\n",
4959 req
->FileIndex
= cpu_to_le32(index
);
4960 req
->PersistentFileId
= persistent_fid
;
4961 req
->VolatileFileId
= volatile_fid
;
4964 bufptr
= req
->Buffer
;
4965 memcpy(bufptr
, &asteriks
, len
);
4967 req
->FileNameOffset
=
4968 cpu_to_le16(sizeof(struct smb2_query_directory_req
));
4969 req
->FileNameLength
= cpu_to_le16(len
);
4971 * BB could be 30 bytes or so longer if we used SMB2 specific
4972 * buffer lengths, but this is safe and close enough.
4974 output_size
= min_t(unsigned int, output_size
, server
->maxBuf
);
4975 output_size
= min_t(unsigned int, output_size
, 2 << 15);
4976 req
->OutputBufferLength
= cpu_to_le32(output_size
);
4978 iov
[0].iov_base
= (char *)req
;
4980 iov
[0].iov_len
= total_len
- 1;
4982 iov
[1].iov_base
= (char *)(req
->Buffer
);
4983 iov
[1].iov_len
= len
;
4985 trace_smb3_query_dir_enter(xid
, persistent_fid
, tcon
->tid
,
4986 tcon
->ses
->Suid
, index
, output_size
);
4991 void SMB2_query_directory_free(struct smb_rqst
*rqst
)
4993 if (rqst
&& rqst
->rq_iov
) {
4994 cifs_small_buf_release(rqst
->rq_iov
[0].iov_base
); /* request */
4999 smb2_parse_query_directory(struct cifs_tcon
*tcon
,
5000 struct kvec
*rsp_iov
,
5002 struct cifs_search_info
*srch_inf
)
5004 struct smb2_query_directory_rsp
*rsp
;
5005 size_t info_buf_size
;
5009 rsp
= (struct smb2_query_directory_rsp
*)rsp_iov
->iov_base
;
5011 switch (srch_inf
->info_level
) {
5012 case SMB_FIND_FILE_DIRECTORY_INFO
:
5013 info_buf_size
= sizeof(FILE_DIRECTORY_INFO
);
5015 case SMB_FIND_FILE_ID_FULL_DIR_INFO
:
5016 info_buf_size
= sizeof(SEARCH_ID_FULL_DIR_INFO
);
5018 case SMB_FIND_FILE_POSIX_INFO
:
5019 /* note that posix payload are variable size */
5020 info_buf_size
= sizeof(struct smb2_posix_info
);
5023 cifs_tcon_dbg(VFS
, "info level %u isn't supported\n",
5024 srch_inf
->info_level
);
5028 rc
= smb2_validate_iov(le16_to_cpu(rsp
->OutputBufferOffset
),
5029 le32_to_cpu(rsp
->OutputBufferLength
), rsp_iov
,
5032 cifs_tcon_dbg(VFS
, "bad info payload");
5036 srch_inf
->unicode
= true;
5038 if (srch_inf
->ntwrk_buf_start
) {
5039 if (srch_inf
->smallBuf
)
5040 cifs_small_buf_release(srch_inf
->ntwrk_buf_start
);
5042 cifs_buf_release(srch_inf
->ntwrk_buf_start
);
5044 srch_inf
->ntwrk_buf_start
= (char *)rsp
;
5045 srch_inf
->srch_entries_start
= srch_inf
->last_entry
=
5046 (char *)rsp
+ le16_to_cpu(rsp
->OutputBufferOffset
);
5047 end_of_smb
= rsp_iov
->iov_len
+ (char *)rsp
;
5049 srch_inf
->entries_in_buffer
= num_entries(
5050 srch_inf
->info_level
,
5051 srch_inf
->srch_entries_start
,
5053 &srch_inf
->last_entry
,
5056 srch_inf
->index_of_last_entry
+= srch_inf
->entries_in_buffer
;
5057 cifs_dbg(FYI
, "num entries %d last_index %lld srch start %p srch end %p\n",
5058 srch_inf
->entries_in_buffer
, srch_inf
->index_of_last_entry
,
5059 srch_inf
->srch_entries_start
, srch_inf
->last_entry
);
5060 if (resp_buftype
== CIFS_LARGE_BUFFER
)
5061 srch_inf
->smallBuf
= false;
5062 else if (resp_buftype
== CIFS_SMALL_BUFFER
)
5063 srch_inf
->smallBuf
= true;
5065 cifs_tcon_dbg(VFS
, "Invalid search buffer type\n");
5071 SMB2_query_directory(const unsigned int xid
, struct cifs_tcon
*tcon
,
5072 u64 persistent_fid
, u64 volatile_fid
, int index
,
5073 struct cifs_search_info
*srch_inf
)
5075 struct smb_rqst rqst
;
5076 struct kvec iov
[SMB2_QUERY_DIRECTORY_IOV_SIZE
];
5077 struct smb2_query_directory_rsp
*rsp
= NULL
;
5078 int resp_buftype
= CIFS_NO_BUFFER
;
5079 struct kvec rsp_iov
;
5081 struct cifs_ses
*ses
= tcon
->ses
;
5082 struct TCP_Server_Info
*server
= cifs_pick_channel(ses
);
5085 if (!ses
|| !(ses
->server
))
5088 if (smb3_encryption_required(tcon
))
5089 flags
|= CIFS_TRANSFORM_REQ
;
5091 memset(&rqst
, 0, sizeof(struct smb_rqst
));
5092 memset(&iov
, 0, sizeof(iov
));
5094 rqst
.rq_nvec
= SMB2_QUERY_DIRECTORY_IOV_SIZE
;
5096 rc
= SMB2_query_directory_init(xid
, tcon
, server
,
5097 &rqst
, persistent_fid
,
5098 volatile_fid
, index
,
5099 srch_inf
->info_level
);
5103 rc
= cifs_send_recv(xid
, ses
, server
,
5104 &rqst
, &resp_buftype
, flags
, &rsp_iov
);
5105 rsp
= (struct smb2_query_directory_rsp
*)rsp_iov
.iov_base
;
5108 if (rc
== -ENODATA
&&
5109 rsp
->hdr
.Status
== STATUS_NO_MORE_FILES
) {
5110 trace_smb3_query_dir_done(xid
, persistent_fid
,
5111 tcon
->tid
, tcon
->ses
->Suid
, index
, 0);
5112 srch_inf
->endOfSearch
= true;
5115 trace_smb3_query_dir_err(xid
, persistent_fid
, tcon
->tid
,
5116 tcon
->ses
->Suid
, index
, 0, rc
);
5117 cifs_stats_fail_inc(tcon
, SMB2_QUERY_DIRECTORY_HE
);
5122 rc
= smb2_parse_query_directory(tcon
, &rsp_iov
, resp_buftype
,
5125 trace_smb3_query_dir_err(xid
, persistent_fid
, tcon
->tid
,
5126 tcon
->ses
->Suid
, index
, 0, rc
);
5129 resp_buftype
= CIFS_NO_BUFFER
;
5131 trace_smb3_query_dir_done(xid
, persistent_fid
, tcon
->tid
,
5132 tcon
->ses
->Suid
, index
, srch_inf
->entries_in_buffer
);
5135 SMB2_query_directory_free(&rqst
);
5136 free_rsp_buf(resp_buftype
, rsp
);
5141 SMB2_set_info_init(struct cifs_tcon
*tcon
, struct TCP_Server_Info
*server
,
5142 struct smb_rqst
*rqst
,
5143 u64 persistent_fid
, u64 volatile_fid
, u32 pid
,
5144 u8 info_class
, u8 info_type
, u32 additional_info
,
5145 void **data
, unsigned int *size
)
5147 struct smb2_set_info_req
*req
;
5148 struct kvec
*iov
= rqst
->rq_iov
;
5149 unsigned int i
, total_len
;
5152 rc
= smb2_plain_req_init(SMB2_SET_INFO
, tcon
, server
,
5153 (void **) &req
, &total_len
);
5157 req
->hdr
.Id
.SyncId
.ProcessId
= cpu_to_le32(pid
);
5158 req
->InfoType
= info_type
;
5159 req
->FileInfoClass
= info_class
;
5160 req
->PersistentFileId
= persistent_fid
;
5161 req
->VolatileFileId
= volatile_fid
;
5162 req
->AdditionalInformation
= cpu_to_le32(additional_info
);
5164 req
->BufferOffset
= cpu_to_le16(sizeof(struct smb2_set_info_req
));
5165 req
->BufferLength
= cpu_to_le32(*size
);
5167 memcpy(req
->Buffer
, *data
, *size
);
5170 iov
[0].iov_base
= (char *)req
;
5172 iov
[0].iov_len
= total_len
- 1;
5174 for (i
= 1; i
< rqst
->rq_nvec
; i
++) {
5175 le32_add_cpu(&req
->BufferLength
, size
[i
]);
5176 iov
[i
].iov_base
= (char *)data
[i
];
5177 iov
[i
].iov_len
= size
[i
];
5184 SMB2_set_info_free(struct smb_rqst
*rqst
)
5186 if (rqst
&& rqst
->rq_iov
)
5187 cifs_buf_release(rqst
->rq_iov
[0].iov_base
); /* request */
5191 send_set_info(const unsigned int xid
, struct cifs_tcon
*tcon
,
5192 u64 persistent_fid
, u64 volatile_fid
, u32 pid
, u8 info_class
,
5193 u8 info_type
, u32 additional_info
, unsigned int num
,
5194 void **data
, unsigned int *size
)
5196 struct smb_rqst rqst
;
5197 struct smb2_set_info_rsp
*rsp
= NULL
;
5199 struct kvec rsp_iov
;
5202 struct cifs_ses
*ses
= tcon
->ses
;
5203 struct TCP_Server_Info
*server
= cifs_pick_channel(ses
);
5206 if (!ses
|| !server
)
5212 if (smb3_encryption_required(tcon
))
5213 flags
|= CIFS_TRANSFORM_REQ
;
5215 iov
= kmalloc_array(num
, sizeof(struct kvec
), GFP_KERNEL
);
5219 memset(&rqst
, 0, sizeof(struct smb_rqst
));
5223 rc
= SMB2_set_info_init(tcon
, server
,
5224 &rqst
, persistent_fid
, volatile_fid
, pid
,
5225 info_class
, info_type
, additional_info
,
5233 rc
= cifs_send_recv(xid
, ses
, server
,
5234 &rqst
, &resp_buftype
, flags
,
5236 SMB2_set_info_free(&rqst
);
5237 rsp
= (struct smb2_set_info_rsp
*)rsp_iov
.iov_base
;
5240 cifs_stats_fail_inc(tcon
, SMB2_SET_INFO_HE
);
5241 trace_smb3_set_info_err(xid
, persistent_fid
, tcon
->tid
,
5242 ses
->Suid
, info_class
, (__u32
)info_type
, rc
);
5245 free_rsp_buf(resp_buftype
, rsp
);
5251 SMB2_set_eof(const unsigned int xid
, struct cifs_tcon
*tcon
, u64 persistent_fid
,
5252 u64 volatile_fid
, u32 pid
, __le64
*eof
)
5254 struct smb2_file_eof_info info
;
5258 info
.EndOfFile
= *eof
;
5261 size
= sizeof(struct smb2_file_eof_info
);
5263 trace_smb3_set_eof(xid
, persistent_fid
, tcon
->tid
, tcon
->ses
->Suid
, le64_to_cpu(*eof
));
5265 return send_set_info(xid
, tcon
, persistent_fid
, volatile_fid
,
5266 pid
, FILE_END_OF_FILE_INFORMATION
, SMB2_O_INFO_FILE
,
5267 0, 1, &data
, &size
);
5271 SMB2_set_acl(const unsigned int xid
, struct cifs_tcon
*tcon
,
5272 u64 persistent_fid
, u64 volatile_fid
,
5273 struct cifs_ntsd
*pnntsd
, int pacllen
, int aclflag
)
5275 return send_set_info(xid
, tcon
, persistent_fid
, volatile_fid
,
5276 current
->tgid
, 0, SMB2_O_INFO_SECURITY
, aclflag
,
5277 1, (void **)&pnntsd
, &pacllen
);
5281 SMB2_set_ea(const unsigned int xid
, struct cifs_tcon
*tcon
,
5282 u64 persistent_fid
, u64 volatile_fid
,
5283 struct smb2_file_full_ea_info
*buf
, int len
)
5285 return send_set_info(xid
, tcon
, persistent_fid
, volatile_fid
,
5286 current
->tgid
, FILE_FULL_EA_INFORMATION
, SMB2_O_INFO_FILE
,
5287 0, 1, (void **)&buf
, &len
);
5291 SMB2_oplock_break(const unsigned int xid
, struct cifs_tcon
*tcon
,
5292 const u64 persistent_fid
, const u64 volatile_fid
,
5295 struct smb_rqst rqst
;
5297 struct smb2_oplock_break
*req
= NULL
;
5298 struct cifs_ses
*ses
= tcon
->ses
;
5299 struct TCP_Server_Info
*server
= cifs_pick_channel(ses
);
5300 int flags
= CIFS_OBREAK_OP
;
5301 unsigned int total_len
;
5303 struct kvec rsp_iov
;
5306 cifs_dbg(FYI
, "SMB2_oplock_break\n");
5307 rc
= smb2_plain_req_init(SMB2_OPLOCK_BREAK
, tcon
, server
,
5308 (void **) &req
, &total_len
);
5312 if (smb3_encryption_required(tcon
))
5313 flags
|= CIFS_TRANSFORM_REQ
;
5315 req
->VolatileFid
= volatile_fid
;
5316 req
->PersistentFid
= persistent_fid
;
5317 req
->OplockLevel
= oplock_level
;
5318 req
->hdr
.CreditRequest
= cpu_to_le16(1);
5320 flags
|= CIFS_NO_RSP_BUF
;
5322 iov
[0].iov_base
= (char *)req
;
5323 iov
[0].iov_len
= total_len
;
5325 memset(&rqst
, 0, sizeof(struct smb_rqst
));
5329 rc
= cifs_send_recv(xid
, ses
, server
,
5330 &rqst
, &resp_buf_type
, flags
, &rsp_iov
);
5331 cifs_small_buf_release(req
);
5334 cifs_stats_fail_inc(tcon
, SMB2_OPLOCK_BREAK_HE
);
5335 cifs_dbg(FYI
, "Send error in Oplock Break = %d\n", rc
);
5342 smb2_copy_fs_info_to_kstatfs(struct smb2_fs_full_size_info
*pfs_inf
,
5343 struct kstatfs
*kst
)
5345 kst
->f_bsize
= le32_to_cpu(pfs_inf
->BytesPerSector
) *
5346 le32_to_cpu(pfs_inf
->SectorsPerAllocationUnit
);
5347 kst
->f_blocks
= le64_to_cpu(pfs_inf
->TotalAllocationUnits
);
5348 kst
->f_bfree
= kst
->f_bavail
=
5349 le64_to_cpu(pfs_inf
->CallerAvailableAllocationUnits
);
5354 copy_posix_fs_info_to_kstatfs(FILE_SYSTEM_POSIX_INFO
*response_data
,
5355 struct kstatfs
*kst
)
5357 kst
->f_bsize
= le32_to_cpu(response_data
->BlockSize
);
5358 kst
->f_blocks
= le64_to_cpu(response_data
->TotalBlocks
);
5359 kst
->f_bfree
= le64_to_cpu(response_data
->BlocksAvail
);
5360 if (response_data
->UserBlocksAvail
== cpu_to_le64(-1))
5361 kst
->f_bavail
= kst
->f_bfree
;
5363 kst
->f_bavail
= le64_to_cpu(response_data
->UserBlocksAvail
);
5364 if (response_data
->TotalFileNodes
!= cpu_to_le64(-1))
5365 kst
->f_files
= le64_to_cpu(response_data
->TotalFileNodes
);
5366 if (response_data
->FreeFileNodes
!= cpu_to_le64(-1))
5367 kst
->f_ffree
= le64_to_cpu(response_data
->FreeFileNodes
);
5373 build_qfs_info_req(struct kvec
*iov
, struct cifs_tcon
*tcon
,
5374 struct TCP_Server_Info
*server
,
5375 int level
, int outbuf_len
, u64 persistent_fid
,
5379 struct smb2_query_info_req
*req
;
5380 unsigned int total_len
;
5382 cifs_dbg(FYI
, "Query FSInfo level %d\n", level
);
5384 if ((tcon
->ses
== NULL
) || server
== NULL
)
5387 rc
= smb2_plain_req_init(SMB2_QUERY_INFO
, tcon
, server
,
5388 (void **) &req
, &total_len
);
5392 req
->InfoType
= SMB2_O_INFO_FILESYSTEM
;
5393 req
->FileInfoClass
= level
;
5394 req
->PersistentFileId
= persistent_fid
;
5395 req
->VolatileFileId
= volatile_fid
;
5397 req
->InputBufferOffset
=
5398 cpu_to_le16(sizeof(struct smb2_query_info_req
));
5399 req
->OutputBufferLength
= cpu_to_le32(
5400 outbuf_len
+ sizeof(struct smb2_query_info_rsp
));
5402 iov
->iov_base
= (char *)req
;
5403 iov
->iov_len
= total_len
;
5408 SMB311_posix_qfs_info(const unsigned int xid
, struct cifs_tcon
*tcon
,
5409 u64 persistent_fid
, u64 volatile_fid
, struct kstatfs
*fsdata
)
5411 struct smb_rqst rqst
;
5412 struct smb2_query_info_rsp
*rsp
= NULL
;
5414 struct kvec rsp_iov
;
5417 struct cifs_ses
*ses
= tcon
->ses
;
5418 struct TCP_Server_Info
*server
= cifs_pick_channel(ses
);
5419 FILE_SYSTEM_POSIX_INFO
*info
= NULL
;
5422 rc
= build_qfs_info_req(&iov
, tcon
, server
,
5423 FS_POSIX_INFORMATION
,
5424 sizeof(FILE_SYSTEM_POSIX_INFO
),
5425 persistent_fid
, volatile_fid
);
5429 if (smb3_encryption_required(tcon
))
5430 flags
|= CIFS_TRANSFORM_REQ
;
5432 memset(&rqst
, 0, sizeof(struct smb_rqst
));
5436 rc
= cifs_send_recv(xid
, ses
, server
,
5437 &rqst
, &resp_buftype
, flags
, &rsp_iov
);
5438 cifs_small_buf_release(iov
.iov_base
);
5440 cifs_stats_fail_inc(tcon
, SMB2_QUERY_INFO_HE
);
5441 goto posix_qfsinf_exit
;
5443 rsp
= (struct smb2_query_info_rsp
*)rsp_iov
.iov_base
;
5445 info
= (FILE_SYSTEM_POSIX_INFO
*)(
5446 le16_to_cpu(rsp
->OutputBufferOffset
) + (char *)rsp
);
5447 rc
= smb2_validate_iov(le16_to_cpu(rsp
->OutputBufferOffset
),
5448 le32_to_cpu(rsp
->OutputBufferLength
), &rsp_iov
,
5449 sizeof(FILE_SYSTEM_POSIX_INFO
));
5451 copy_posix_fs_info_to_kstatfs(info
, fsdata
);
5454 free_rsp_buf(resp_buftype
, rsp_iov
.iov_base
);
5459 SMB2_QFS_info(const unsigned int xid
, struct cifs_tcon
*tcon
,
5460 u64 persistent_fid
, u64 volatile_fid
, struct kstatfs
*fsdata
)
5462 struct smb_rqst rqst
;
5463 struct smb2_query_info_rsp
*rsp
= NULL
;
5465 struct kvec rsp_iov
;
5468 struct cifs_ses
*ses
= tcon
->ses
;
5469 struct TCP_Server_Info
*server
= cifs_pick_channel(ses
);
5470 struct smb2_fs_full_size_info
*info
= NULL
;
5473 rc
= build_qfs_info_req(&iov
, tcon
, server
,
5474 FS_FULL_SIZE_INFORMATION
,
5475 sizeof(struct smb2_fs_full_size_info
),
5476 persistent_fid
, volatile_fid
);
5480 if (smb3_encryption_required(tcon
))
5481 flags
|= CIFS_TRANSFORM_REQ
;
5483 memset(&rqst
, 0, sizeof(struct smb_rqst
));
5487 rc
= cifs_send_recv(xid
, ses
, server
,
5488 &rqst
, &resp_buftype
, flags
, &rsp_iov
);
5489 cifs_small_buf_release(iov
.iov_base
);
5491 cifs_stats_fail_inc(tcon
, SMB2_QUERY_INFO_HE
);
5494 rsp
= (struct smb2_query_info_rsp
*)rsp_iov
.iov_base
;
5496 info
= (struct smb2_fs_full_size_info
*)(
5497 le16_to_cpu(rsp
->OutputBufferOffset
) + (char *)rsp
);
5498 rc
= smb2_validate_iov(le16_to_cpu(rsp
->OutputBufferOffset
),
5499 le32_to_cpu(rsp
->OutputBufferLength
), &rsp_iov
,
5500 sizeof(struct smb2_fs_full_size_info
));
5502 smb2_copy_fs_info_to_kstatfs(info
, fsdata
);
5505 free_rsp_buf(resp_buftype
, rsp_iov
.iov_base
);
5510 SMB2_QFS_attr(const unsigned int xid
, struct cifs_tcon
*tcon
,
5511 u64 persistent_fid
, u64 volatile_fid
, int level
)
5513 struct smb_rqst rqst
;
5514 struct smb2_query_info_rsp
*rsp
= NULL
;
5516 struct kvec rsp_iov
;
5518 int resp_buftype
, max_len
, min_len
;
5519 struct cifs_ses
*ses
= tcon
->ses
;
5520 struct TCP_Server_Info
*server
= cifs_pick_channel(ses
);
5521 unsigned int rsp_len
, offset
;
5524 if (level
== FS_DEVICE_INFORMATION
) {
5525 max_len
= sizeof(FILE_SYSTEM_DEVICE_INFO
);
5526 min_len
= sizeof(FILE_SYSTEM_DEVICE_INFO
);
5527 } else if (level
== FS_ATTRIBUTE_INFORMATION
) {
5528 max_len
= sizeof(FILE_SYSTEM_ATTRIBUTE_INFO
);
5529 min_len
= MIN_FS_ATTR_INFO_SIZE
;
5530 } else if (level
== FS_SECTOR_SIZE_INFORMATION
) {
5531 max_len
= sizeof(struct smb3_fs_ss_info
);
5532 min_len
= sizeof(struct smb3_fs_ss_info
);
5533 } else if (level
== FS_VOLUME_INFORMATION
) {
5534 max_len
= sizeof(struct smb3_fs_vol_info
) + MAX_VOL_LABEL_LEN
;
5535 min_len
= sizeof(struct smb3_fs_vol_info
);
5537 cifs_dbg(FYI
, "Invalid qfsinfo level %d\n", level
);
5541 rc
= build_qfs_info_req(&iov
, tcon
, server
,
5543 persistent_fid
, volatile_fid
);
5547 if (smb3_encryption_required(tcon
))
5548 flags
|= CIFS_TRANSFORM_REQ
;
5550 memset(&rqst
, 0, sizeof(struct smb_rqst
));
5554 rc
= cifs_send_recv(xid
, ses
, server
,
5555 &rqst
, &resp_buftype
, flags
, &rsp_iov
);
5556 cifs_small_buf_release(iov
.iov_base
);
5558 cifs_stats_fail_inc(tcon
, SMB2_QUERY_INFO_HE
);
5561 rsp
= (struct smb2_query_info_rsp
*)rsp_iov
.iov_base
;
5563 rsp_len
= le32_to_cpu(rsp
->OutputBufferLength
);
5564 offset
= le16_to_cpu(rsp
->OutputBufferOffset
);
5565 rc
= smb2_validate_iov(offset
, rsp_len
, &rsp_iov
, min_len
);
5569 if (level
== FS_ATTRIBUTE_INFORMATION
)
5570 memcpy(&tcon
->fsAttrInfo
, offset
5571 + (char *)rsp
, min_t(unsigned int,
5573 else if (level
== FS_DEVICE_INFORMATION
)
5574 memcpy(&tcon
->fsDevInfo
, offset
5575 + (char *)rsp
, sizeof(FILE_SYSTEM_DEVICE_INFO
));
5576 else if (level
== FS_SECTOR_SIZE_INFORMATION
) {
5577 struct smb3_fs_ss_info
*ss_info
= (struct smb3_fs_ss_info
*)
5578 (offset
+ (char *)rsp
);
5579 tcon
->ss_flags
= le32_to_cpu(ss_info
->Flags
);
5580 tcon
->perf_sector_size
=
5581 le32_to_cpu(ss_info
->PhysicalBytesPerSectorForPerf
);
5582 } else if (level
== FS_VOLUME_INFORMATION
) {
5583 struct smb3_fs_vol_info
*vol_info
= (struct smb3_fs_vol_info
*)
5584 (offset
+ (char *)rsp
);
5585 tcon
->vol_serial_number
= vol_info
->VolumeSerialNumber
;
5586 tcon
->vol_create_time
= vol_info
->VolumeCreationTime
;
5590 free_rsp_buf(resp_buftype
, rsp_iov
.iov_base
);
5595 smb2_lockv(const unsigned int xid
, struct cifs_tcon
*tcon
,
5596 const __u64 persist_fid
, const __u64 volatile_fid
, const __u32 pid
,
5597 const __u32 num_lock
, struct smb2_lock_element
*buf
)
5599 struct smb_rqst rqst
;
5601 struct smb2_lock_req
*req
= NULL
;
5603 struct kvec rsp_iov
;
5606 int flags
= CIFS_NO_RSP_BUF
;
5607 unsigned int total_len
;
5608 struct TCP_Server_Info
*server
= cifs_pick_channel(tcon
->ses
);
5610 cifs_dbg(FYI
, "smb2_lockv num lock %d\n", num_lock
);
5612 rc
= smb2_plain_req_init(SMB2_LOCK
, tcon
, server
,
5613 (void **) &req
, &total_len
);
5617 if (smb3_encryption_required(tcon
))
5618 flags
|= CIFS_TRANSFORM_REQ
;
5620 req
->hdr
.Id
.SyncId
.ProcessId
= cpu_to_le32(pid
);
5621 req
->LockCount
= cpu_to_le16(num_lock
);
5623 req
->PersistentFileId
= persist_fid
;
5624 req
->VolatileFileId
= volatile_fid
;
5626 count
= num_lock
* sizeof(struct smb2_lock_element
);
5628 iov
[0].iov_base
= (char *)req
;
5629 iov
[0].iov_len
= total_len
- sizeof(struct smb2_lock_element
);
5630 iov
[1].iov_base
= (char *)buf
;
5631 iov
[1].iov_len
= count
;
5633 cifs_stats_inc(&tcon
->stats
.cifs_stats
.num_locks
);
5635 memset(&rqst
, 0, sizeof(struct smb_rqst
));
5639 rc
= cifs_send_recv(xid
, tcon
->ses
, server
,
5640 &rqst
, &resp_buf_type
, flags
,
5642 cifs_small_buf_release(req
);
5644 cifs_dbg(FYI
, "Send error in smb2_lockv = %d\n", rc
);
5645 cifs_stats_fail_inc(tcon
, SMB2_LOCK_HE
);
5646 trace_smb3_lock_err(xid
, persist_fid
, tcon
->tid
,
5647 tcon
->ses
->Suid
, rc
);
5654 SMB2_lock(const unsigned int xid
, struct cifs_tcon
*tcon
,
5655 const __u64 persist_fid
, const __u64 volatile_fid
, const __u32 pid
,
5656 const __u64 length
, const __u64 offset
, const __u32 lock_flags
,
5659 struct smb2_lock_element lock
;
5661 lock
.Offset
= cpu_to_le64(offset
);
5662 lock
.Length
= cpu_to_le64(length
);
5663 lock
.Flags
= cpu_to_le32(lock_flags
);
5664 if (!wait
&& lock_flags
!= SMB2_LOCKFLAG_UNLOCK
)
5665 lock
.Flags
|= cpu_to_le32(SMB2_LOCKFLAG_FAIL_IMMEDIATELY
);
5667 return smb2_lockv(xid
, tcon
, persist_fid
, volatile_fid
, pid
, 1, &lock
);
5671 SMB2_lease_break(const unsigned int xid
, struct cifs_tcon
*tcon
,
5672 __u8
*lease_key
, const __le32 lease_state
)
5674 struct smb_rqst rqst
;
5676 struct smb2_lease_ack
*req
= NULL
;
5677 struct cifs_ses
*ses
= tcon
->ses
;
5678 int flags
= CIFS_OBREAK_OP
;
5679 unsigned int total_len
;
5681 struct kvec rsp_iov
;
5683 __u64
*please_key_high
;
5684 __u64
*please_key_low
;
5685 struct TCP_Server_Info
*server
= cifs_pick_channel(tcon
->ses
);
5687 cifs_dbg(FYI
, "SMB2_lease_break\n");
5688 rc
= smb2_plain_req_init(SMB2_OPLOCK_BREAK
, tcon
, server
,
5689 (void **) &req
, &total_len
);
5693 if (smb3_encryption_required(tcon
))
5694 flags
|= CIFS_TRANSFORM_REQ
;
5696 req
->hdr
.CreditRequest
= cpu_to_le16(1);
5697 req
->StructureSize
= cpu_to_le16(36);
5700 memcpy(req
->LeaseKey
, lease_key
, 16);
5701 req
->LeaseState
= lease_state
;
5703 flags
|= CIFS_NO_RSP_BUF
;
5705 iov
[0].iov_base
= (char *)req
;
5706 iov
[0].iov_len
= total_len
;
5708 memset(&rqst
, 0, sizeof(struct smb_rqst
));
5712 rc
= cifs_send_recv(xid
, ses
, server
,
5713 &rqst
, &resp_buf_type
, flags
, &rsp_iov
);
5714 cifs_small_buf_release(req
);
5716 please_key_low
= (__u64
*)lease_key
;
5717 please_key_high
= (__u64
*)(lease_key
+8);
5719 cifs_stats_fail_inc(tcon
, SMB2_OPLOCK_BREAK_HE
);
5720 trace_smb3_lease_err(le32_to_cpu(lease_state
), tcon
->tid
,
5721 ses
->Suid
, *please_key_low
, *please_key_high
, rc
);
5722 cifs_dbg(FYI
, "Send error in Lease Break = %d\n", rc
);
5724 trace_smb3_lease_done(le32_to_cpu(lease_state
), tcon
->tid
,
5725 ses
->Suid
, *please_key_low
, *please_key_high
);