]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - fs/cifs/smb2pdu.c
projects / mirror_ubuntu-zesty-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
CIFS: Add mid handle callback
[mirror_ubuntu-zesty-kernel.git] / fs / cifs / smb2pdu.c
1 /*
2 * fs/cifs/smb2pdu.c
3 *
4 * Copyright (C) International Business Machines Corp., 2009, 2013
5 * Etersoft, 2012
6 * Author(s): Steve French (sfrench@us.ibm.com)
7 * Pavel Shilovsky (pshilovsky@samba.org) 2012
8 *
9 * Contains the routines for constructing the SMB2 PDUs themselves
10 *
11 * This library is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU Lesser General Public License as published
13 * by the Free Software Foundation; either version 2.1 of the License, or
14 * (at your option) any later version.
15 *
16 * This library is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
19 * the GNU Lesser General Public License for more details.
20 *
21 * You should have received a copy of the GNU Lesser General Public License
22 * along with this library; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 */
25
26 /* SMB2 PDU handling routines here - except for leftovers (eg session setup) */
27 /* Note that there are handle based routines which must be */
28 /* treated slightly differently for reconnection purposes since we never */
29 /* want to reuse a stale file handle and only the caller knows the file info */
30
31 #include <linux/fs.h>
32 #include <linux/kernel.h>
33 #include <linux/vfs.h>
34 #include <linux/task_io_accounting_ops.h>
35 #include <linux/uaccess.h>
36 #include <linux/pagemap.h>
37 #include <linux/xattr.h>
38 #include "smb2pdu.h"
39 #include "cifsglob.h"
40 #include "cifsacl.h"
41 #include "cifsproto.h"
42 #include "smb2proto.h"
43 #include "cifs_unicode.h"
44 #include "cifs_debug.h"
45 #include "ntlmssp.h"
46 #include "smb2status.h"
47 #include "smb2glob.h"
48 #include "cifspdu.h"
49 #include "cifs_spnego.h"
50
51 /*
52 * The following table defines the expected "StructureSize" of SMB2 requests
53 * in order by SMB2 command. This is similar to "wct" in SMB/CIFS requests.
54 *
55 * Note that commands are defined in smb2pdu.h in le16 but the array below is
56 * indexed by command in host byte order.
57 */
58 static const int smb2_req_struct_sizes[NUMBER_OF_SMB2_COMMANDS] = {
59 /* SMB2_NEGOTIATE */ 36,
60 /* SMB2_SESSION_SETUP */ 25,
61 /* SMB2_LOGOFF */ 4,
62 /* SMB2_TREE_CONNECT */ 9,
63 /* SMB2_TREE_DISCONNECT */ 4,
64 /* SMB2_CREATE */ 57,
65 /* SMB2_CLOSE */ 24,
66 /* SMB2_FLUSH */ 24,
67 /* SMB2_READ */ 49,
68 /* SMB2_WRITE */ 49,
69 /* SMB2_LOCK */ 48,
70 /* SMB2_IOCTL */ 57,
71 /* SMB2_CANCEL */ 4,
72 /* SMB2_ECHO */ 4,
73 /* SMB2_QUERY_DIRECTORY */ 33,
74 /* SMB2_CHANGE_NOTIFY */ 32,
75 /* SMB2_QUERY_INFO */ 41,
76 /* SMB2_SET_INFO */ 33,
77 /* SMB2_OPLOCK_BREAK */ 24 /* BB this is 36 for LEASE_BREAK variant */
78 };
79
80 static int encryption_required(const struct cifs_tcon *tcon)
81 {
82 if ((tcon->ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) ||
83 (tcon->share_flags & SHI1005_FLAGS_ENCRYPT_DATA))
84 return 1;
85 return 0;
86 }
87
88 static void
89 smb2_hdr_assemble(struct smb2_sync_hdr *shdr, __le16 smb2_cmd,
90 const struct cifs_tcon *tcon)
91 {
92 shdr->ProtocolId = SMB2_PROTO_NUMBER;
93 shdr->StructureSize = cpu_to_le16(64);
94 shdr->Command = smb2_cmd;
95 if (tcon && tcon->ses && tcon->ses->server) {
96 struct TCP_Server_Info *server = tcon->ses->server;
97
98 spin_lock(&server->req_lock);
99 /* Request up to 2 credits but don't go over the limit. */
100 if (server->credits >= server->max_credits)
101 shdr->CreditRequest = cpu_to_le16(0);
102 else
103 shdr->CreditRequest = cpu_to_le16(
104 min_t(int, server->max_credits -
105 server->credits, 2));
106 spin_unlock(&server->req_lock);
107 } else {
108 shdr->CreditRequest = cpu_to_le16(2);
109 }
110 shdr->ProcessId = cpu_to_le32((__u16)current->tgid);
111
112 if (!tcon)
113 goto out;
114
115 /* GLOBAL_CAP_LARGE_MTU will only be set if dialect > SMB2.02 */
116 /* See sections 2.2.4 and 3.2.4.1.5 of MS-SMB2 */
117 if ((tcon->ses) && (tcon->ses->server) &&
118 (tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU))
119 shdr->CreditCharge = cpu_to_le16(1);
120 /* else CreditCharge MBZ */
121
122 shdr->TreeId = tcon->tid;
123 /* Uid is not converted */
124 if (tcon->ses)
125 shdr->SessionId = tcon->ses->Suid;
126
127 /*
128 * If we would set SMB2_FLAGS_DFS_OPERATIONS on open we also would have
129 * to pass the path on the Open SMB prefixed by \\server\share.
130 * Not sure when we would need to do the augmented path (if ever) and
131 * setting this flag breaks the SMB2 open operation since it is
132 * illegal to send an empty path name (without \\server\share prefix)
133 * when the DFS flag is set in the SMB open header. We could
134 * consider setting the flag on all operations other than open
135 * but it is safer to net set it for now.
136 */
137 /* if (tcon->share_flags & SHI1005_FLAGS_DFS)
138 shdr->Flags |= SMB2_FLAGS_DFS_OPERATIONS; */
139
140 if (tcon->ses && tcon->ses->server && tcon->ses->server->sign &&
141 !encryption_required(tcon))
142 shdr->Flags |= SMB2_FLAGS_SIGNED;
143 out:
144 return;
145 }
146
147 static int
148 smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon)
149 {
150 int rc = 0;
151 struct nls_table *nls_codepage;
152 struct cifs_ses *ses;
153 struct TCP_Server_Info *server;
154
155 /*
156 * SMB2s NegProt, SessSetup, Logoff do not have tcon yet so
157 * check for tcp and smb session status done differently
158 * for those three - in the calling routine.
159 */
160 if (tcon == NULL)
161 return rc;
162
163 if (smb2_command == SMB2_TREE_CONNECT)
164 return rc;
165
166 if (tcon->tidStatus == CifsExiting) {
167 /*
168 * only tree disconnect, open, and write,
169 * (and ulogoff which does not have tcon)
170 * are allowed as we start force umount.
171 */
172 if ((smb2_command != SMB2_WRITE) &&
173 (smb2_command != SMB2_CREATE) &&
174 (smb2_command != SMB2_TREE_DISCONNECT)) {
175 cifs_dbg(FYI, "can not send cmd %d while umounting\n",
176 smb2_command);
177 return -ENODEV;
178 }
179 }
180 if ((!tcon->ses) || (tcon->ses->status == CifsExiting) ||
181 (!tcon->ses->server))
182 return -EIO;
183
184 ses = tcon->ses;
185 server = ses->server;
186
187 /*
188 * Give demultiplex thread up to 10 seconds to reconnect, should be
189 * greater than cifs socket timeout which is 7 seconds
190 */
191 while (server->tcpStatus == CifsNeedReconnect) {
192 /*
193 * Return to caller for TREE_DISCONNECT and LOGOFF and CLOSE
194 * here since they are implicitly done when session drops.
195 */
196 switch (smb2_command) {
197 /*
198 * BB Should we keep oplock break and add flush to exceptions?
199 */
200 case SMB2_TREE_DISCONNECT:
201 case SMB2_CANCEL:
202 case SMB2_CLOSE:
203 case SMB2_OPLOCK_BREAK:
204 return -EAGAIN;
205 }
206
207 wait_event_interruptible_timeout(server->response_q,
208 (server->tcpStatus != CifsNeedReconnect), 10 * HZ);
209
210 /* are we still trying to reconnect? */
211 if (server->tcpStatus != CifsNeedReconnect)
212 break;
213
214 /*
215 * on "soft" mounts we wait once. Hard mounts keep
216 * retrying until process is killed or server comes
217 * back on-line
218 */
219 if (!tcon->retry) {
220 cifs_dbg(FYI, "gave up waiting on reconnect in smb_init\n");
221 return -EHOSTDOWN;
222 }
223 }
224
225 if (!tcon->ses->need_reconnect && !tcon->need_reconnect)
226 return rc;
227
228 nls_codepage = load_nls_default();
229
230 /*
231 * need to prevent multiple threads trying to simultaneously reconnect
232 * the same SMB session
233 */
234 mutex_lock(&tcon->ses->session_mutex);
235 rc = cifs_negotiate_protocol(0, tcon->ses);
236 if (!rc && tcon->ses->need_reconnect)
237 rc = cifs_setup_session(0, tcon->ses, nls_codepage);
238
239 if (rc || !tcon->need_reconnect) {
240 mutex_unlock(&tcon->ses->session_mutex);
241 goto out;
242 }
243
244 cifs_mark_open_files_invalid(tcon);
245 if (tcon->use_persistent)
246 tcon->need_reopen_files = true;
247
248 rc = SMB2_tcon(0, tcon->ses, tcon->treeName, tcon, nls_codepage);
249 mutex_unlock(&tcon->ses->session_mutex);
250
251 cifs_dbg(FYI, "reconnect tcon rc = %d\n", rc);
252 if (rc)
253 goto out;
254
255 if (smb2_command != SMB2_INTERNAL_CMD)
256 queue_delayed_work(cifsiod_wq, &server->reconnect, 0);
257
258 atomic_inc(&tconInfoReconnectCount);
259 out:
260 /*
261 * Check if handle based operation so we know whether we can continue
262 * or not without returning to caller to reset file handle.
263 */
264 /*
265 * BB Is flush done by server on drop of tcp session? Should we special
266 * case it and skip above?
267 */
268 switch (smb2_command) {
269 case SMB2_FLUSH:
270 case SMB2_READ:
271 case SMB2_WRITE:
272 case SMB2_LOCK:
273 case SMB2_IOCTL:
274 case SMB2_QUERY_DIRECTORY:
275 case SMB2_CHANGE_NOTIFY:
276 case SMB2_QUERY_INFO:
277 case SMB2_SET_INFO:
278 rc = -EAGAIN;
279 }
280 unload_nls(nls_codepage);
281 return rc;
282 }
283
284 static void
285 fill_small_buf(__le16 smb2_command, struct cifs_tcon *tcon, void *buf,
286 unsigned int *total_len)
287 {
288 struct smb2_sync_pdu *spdu = (struct smb2_sync_pdu *)buf;
289 /* lookup word count ie StructureSize from table */
290 __u16 parmsize = smb2_req_struct_sizes[le16_to_cpu(smb2_command)];
291
292 /*
293 * smaller than SMALL_BUFFER_SIZE but bigger than fixed area of
294 * largest operations (Create)
295 */
296 memset(buf, 0, 256);
297
298 smb2_hdr_assemble(&spdu->sync_hdr, smb2_command, tcon);
299 spdu->StructureSize2 = cpu_to_le16(parmsize);
300
301 *total_len = parmsize + sizeof(struct smb2_sync_hdr);
302 }
303
304 /* init request without RFC1001 length at the beginning */
305 static int
306 smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon,
307 void **request_buf, unsigned int *total_len)
308 {
309 int rc;
310 struct smb2_sync_hdr *shdr;
311
312 rc = smb2_reconnect(smb2_command, tcon);
313 if (rc)
314 return rc;
315
316 /* BB eventually switch this to SMB2 specific small buf size */
317 *request_buf = cifs_small_buf_get();
318 if (*request_buf == NULL) {
319 /* BB should we add a retry in here if not a writepage? */
320 return -ENOMEM;
321 }
322
323 shdr = (struct smb2_sync_hdr *)(*request_buf);
324
325 fill_small_buf(smb2_command, tcon, shdr, total_len);
326
327 if (tcon != NULL) {
328 #ifdef CONFIG_CIFS_STATS2
329 uint16_t com_code = le16_to_cpu(smb2_command);
330
331 cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_sent[com_code]);
332 #endif
333 cifs_stats_inc(&tcon->num_smbs_sent);
334 }
335
336 return rc;
337 }
338
339 /*
340 * Allocate and return pointer to an SMB request hdr, and set basic
341 * SMB information in the SMB header. If the return code is zero, this
342 * function must have filled in request_buf pointer. The returned buffer
343 * has RFC1001 length at the beginning.
344 */
345 static int
346 small_smb2_init(__le16 smb2_command, struct cifs_tcon *tcon,
347 void **request_buf)
348 {
349 int rc;
350 unsigned int total_len;
351 struct smb2_pdu *pdu;
352
353 rc = smb2_reconnect(smb2_command, tcon);
354 if (rc)
355 return rc;
356
357 /* BB eventually switch this to SMB2 specific small buf size */
358 *request_buf = cifs_small_buf_get();
359 if (*request_buf == NULL) {
360 /* BB should we add a retry in here if not a writepage? */
361 return -ENOMEM;
362 }
363
364 pdu = (struct smb2_pdu *)(*request_buf);
365
366 fill_small_buf(smb2_command, tcon, get_sync_hdr(pdu), &total_len);
367
368 /* Note this is only network field converted to big endian */
369 pdu->hdr.smb2_buf_length = cpu_to_be32(total_len);
370
371 if (tcon != NULL) {
372 #ifdef CONFIG_CIFS_STATS2
373 uint16_t com_code = le16_to_cpu(smb2_command);
374 cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_sent[com_code]);
375 #endif
376 cifs_stats_inc(&tcon->num_smbs_sent);
377 }
378
379 return rc;
380 }
381
382 #ifdef CONFIG_CIFS_SMB311
383 /* offset is sizeof smb2_negotiate_req - 4 but rounded up to 8 bytes */
384 #define OFFSET_OF_NEG_CONTEXT 0x68 /* sizeof(struct smb2_negotiate_req) - 4 */
385
386
387 #define SMB2_PREAUTH_INTEGRITY_CAPABILITIES cpu_to_le16(1)
388 #define SMB2_ENCRYPTION_CAPABILITIES cpu_to_le16(2)
389
390 static void
391 build_preauth_ctxt(struct smb2_preauth_neg_context *pneg_ctxt)
392 {
393 pneg_ctxt->ContextType = SMB2_PREAUTH_INTEGRITY_CAPABILITIES;
394 pneg_ctxt->DataLength = cpu_to_le16(38);
395 pneg_ctxt->HashAlgorithmCount = cpu_to_le16(1);
396 pneg_ctxt->SaltLength = cpu_to_le16(SMB311_SALT_SIZE);
397 get_random_bytes(pneg_ctxt->Salt, SMB311_SALT_SIZE);
398 pneg_ctxt->HashAlgorithms = SMB2_PREAUTH_INTEGRITY_SHA512;
399 }
400
401 static void
402 build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt)
403 {
404 pneg_ctxt->ContextType = SMB2_ENCRYPTION_CAPABILITIES;
405 pneg_ctxt->DataLength = cpu_to_le16(6);
406 pneg_ctxt->CipherCount = cpu_to_le16(2);
407 pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_GCM;
408 pneg_ctxt->Ciphers[1] = SMB2_ENCRYPTION_AES128_CCM;
409 }
410
411 static void
412 assemble_neg_contexts(struct smb2_negotiate_req *req)
413 {
414
415 /* +4 is to account for the RFC1001 len field */
416 char *pneg_ctxt = (char *)req + OFFSET_OF_NEG_CONTEXT + 4;
417
418 build_preauth_ctxt((struct smb2_preauth_neg_context *)pneg_ctxt);
419 /* Add 2 to size to round to 8 byte boundary */
420 pneg_ctxt += 2 + sizeof(struct smb2_preauth_neg_context);
421 build_encrypt_ctxt((struct smb2_encryption_neg_context *)pneg_ctxt);
422 req->NegotiateContextOffset = cpu_to_le32(OFFSET_OF_NEG_CONTEXT);
423 req->NegotiateContextCount = cpu_to_le16(2);
424 inc_rfc1001_len(req, 4 + sizeof(struct smb2_preauth_neg_context) + 2
425 + sizeof(struct smb2_encryption_neg_context)); /* calculate hash */
426 }
427 #else
428 static void assemble_neg_contexts(struct smb2_negotiate_req *req)
429 {
430 return;
431 }
432 #endif /* SMB311 */
433
434 /*
435 *
436 * SMB2 Worker functions follow:
437 *
438 * The general structure of the worker functions is:
439 * 1) Call smb2_init (assembles SMB2 header)
440 * 2) Initialize SMB2 command specific fields in fixed length area of SMB
441 * 3) Call smb_sendrcv2 (sends request on socket and waits for response)
442 * 4) Decode SMB2 command specific fields in the fixed length area
443 * 5) Decode variable length data area (if any for this SMB2 command type)
444 * 6) Call free smb buffer
445 * 7) return
446 *
447 */
448
449 int
450 SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
451 {
452 struct smb2_negotiate_req *req;
453 struct smb2_negotiate_rsp *rsp;
454 struct kvec iov[1];
455 struct kvec rsp_iov;
456 int rc = 0;
457 int resp_buftype;
458 struct TCP_Server_Info *server = ses->server;
459 int blob_offset, blob_length;
460 char *security_blob;
461 int flags = CIFS_NEG_OP;
462
463 cifs_dbg(FYI, "Negotiate protocol\n");
464
465 if (!server) {
466 WARN(1, "%s: server is NULL!\n", __func__);
467 return -EIO;
468 }
469
470 rc = small_smb2_init(SMB2_NEGOTIATE, NULL, (void **) &req);
471 if (rc)
472 return rc;
473
474 req->hdr.sync_hdr.SessionId = 0;
475
476 req->Dialects[0] = cpu_to_le16(ses->server->vals->protocol_id);
477
478 req->DialectCount = cpu_to_le16(1); /* One vers= at a time for now */
479 inc_rfc1001_len(req, 2);
480
481 /* only one of SMB2 signing flags may be set in SMB2 request */
482 if (ses->sign)
483 req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED);
484 else if (global_secflags & CIFSSEC_MAY_SIGN)
485 req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED);
486 else
487 req->SecurityMode = 0;
488
489 req->Capabilities = cpu_to_le32(ses->server->vals->req_capabilities);
490
491 /* ClientGUID must be zero for SMB2.02 dialect */
492 if (ses->server->vals->protocol_id == SMB20_PROT_ID)
493 memset(req->ClientGUID, 0, SMB2_CLIENT_GUID_SIZE);
494 else {
495 memcpy(req->ClientGUID, server->client_guid,
496 SMB2_CLIENT_GUID_SIZE);
497 if (ses->server->vals->protocol_id == SMB311_PROT_ID)
498 assemble_neg_contexts(req);
499 }
500 iov[0].iov_base = (char *)req;
501 /* 4 for rfc1002 length field */
502 iov[0].iov_len = get_rfc1002_length(req) + 4;
503
504 rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, flags, &rsp_iov);
505 cifs_small_buf_release(req);
506 rsp = (struct smb2_negotiate_rsp *)rsp_iov.iov_base;
507 /*
508 * No tcon so can't do
509 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
510 */
511 if (rc != 0)
512 goto neg_exit;
513
514 cifs_dbg(FYI, "mode 0x%x\n", rsp->SecurityMode);
515
516 /* BB we may eventually want to match the negotiated vs. requested
517 dialect, even though we are only requesting one at a time */
518 if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID))
519 cifs_dbg(FYI, "negotiated smb2.0 dialect\n");
520 else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID))
521 cifs_dbg(FYI, "negotiated smb2.1 dialect\n");
522 else if (rsp->DialectRevision == cpu_to_le16(SMB30_PROT_ID))
523 cifs_dbg(FYI, "negotiated smb3.0 dialect\n");
524 else if (rsp->DialectRevision == cpu_to_le16(SMB302_PROT_ID))
525 cifs_dbg(FYI, "negotiated smb3.02 dialect\n");
526 #ifdef CONFIG_CIFS_SMB311
527 else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID))
528 cifs_dbg(FYI, "negotiated smb3.1.1 dialect\n");
529 #endif /* SMB311 */
530 else {
531 cifs_dbg(VFS, "Illegal dialect returned by server 0x%x\n",
532 le16_to_cpu(rsp->DialectRevision));
533 rc = -EIO;
534 goto neg_exit;
535 }
536 server->dialect = le16_to_cpu(rsp->DialectRevision);
537
538 /* SMB2 only has an extended negflavor */
539 server->negflavor = CIFS_NEGFLAVOR_EXTENDED;
540 /* set it to the maximum buffer size value we can send with 1 credit */
541 server->maxBuf = min_t(unsigned int, le32_to_cpu(rsp->MaxTransactSize),
542 SMB2_MAX_BUFFER_SIZE);
543 server->max_read = le32_to_cpu(rsp->MaxReadSize);
544 server->max_write = le32_to_cpu(rsp->MaxWriteSize);
545 /* BB Do we need to validate the SecurityMode? */
546 server->sec_mode = le16_to_cpu(rsp->SecurityMode);
547 server->capabilities = le32_to_cpu(rsp->Capabilities);
548 /* Internal types */
549 server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES;
550
551 security_blob = smb2_get_data_area_len(&blob_offset, &blob_length,
552 &rsp->hdr);
553 /*
554 * See MS-SMB2 section 2.2.4: if no blob, client picks default which
555 * for us will be
556 * ses->sectype = RawNTLMSSP;
557 * but for time being this is our only auth choice so doesn't matter.
558 * We just found a server which sets blob length to zero expecting raw.
559 */
560 if (blob_length == 0)
561 cifs_dbg(FYI, "missing security blob on negprot\n");
562
563 rc = cifs_enable_signing(server, ses->sign);
564 if (rc)
565 goto neg_exit;
566 if (blob_length) {
567 rc = decode_negTokenInit(security_blob, blob_length, server);
568 if (rc == 1)
569 rc = 0;
570 else if (rc == 0)
571 rc = -EIO;
572 }
573 neg_exit:
574 free_rsp_buf(resp_buftype, rsp);
575 return rc;
576 }
577
578 int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon)
579 {
580 int rc = 0;
581 struct validate_negotiate_info_req vneg_inbuf;
582 struct validate_negotiate_info_rsp *pneg_rsp;
583 u32 rsplen;
584
585 cifs_dbg(FYI, "validate negotiate\n");
586
587 /*
588 * validation ioctl must be signed, so no point sending this if we
589 * can not sign it. We could eventually change this to selectively
590 * sign just this, the first and only signed request on a connection.
591 * This is good enough for now since a user who wants better security
592 * would also enable signing on the mount. Having validation of
593 * negotiate info for signed connections helps reduce attack vectors
594 */
595 if (tcon->ses->server->sign == false)
596 return 0; /* validation requires signing */
597
598 vneg_inbuf.Capabilities =
599 cpu_to_le32(tcon->ses->server->vals->req_capabilities);
600 memcpy(vneg_inbuf.Guid, tcon->ses->server->client_guid,
601 SMB2_CLIENT_GUID_SIZE);
602
603 if (tcon->ses->sign)
604 vneg_inbuf.SecurityMode =
605 cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED);
606 else if (global_secflags & CIFSSEC_MAY_SIGN)
607 vneg_inbuf.SecurityMode =
608 cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED);
609 else
610 vneg_inbuf.SecurityMode = 0;
611
612 vneg_inbuf.DialectCount = cpu_to_le16(1);
613 vneg_inbuf.Dialects[0] =
614 cpu_to_le16(tcon->ses->server->vals->protocol_id);
615
616 rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID,
617 FSCTL_VALIDATE_NEGOTIATE_INFO, true /* is_fsctl */,
618 (char *)&vneg_inbuf, sizeof(struct validate_negotiate_info_req),
619 (char **)&pneg_rsp, &rsplen);
620
621 if (rc != 0) {
622 cifs_dbg(VFS, "validate protocol negotiate failed: %d\n", rc);
623 return -EIO;
624 }
625
626 if (rsplen != sizeof(struct validate_negotiate_info_rsp)) {
627 cifs_dbg(VFS, "invalid size of protocol negotiate response\n");
628 return -EIO;
629 }
630
631 /* check validate negotiate info response matches what we got earlier */
632 if (pneg_rsp->Dialect !=
633 cpu_to_le16(tcon->ses->server->vals->protocol_id))
634 goto vneg_out;
635
636 if (pneg_rsp->SecurityMode != cpu_to_le16(tcon->ses->server->sec_mode))
637 goto vneg_out;
638
639 /* do not validate server guid because not saved at negprot time yet */
640
641 if ((le32_to_cpu(pneg_rsp->Capabilities) | SMB2_NT_FIND |
642 SMB2_LARGE_FILES) != tcon->ses->server->capabilities)
643 goto vneg_out;
644
645 /* validate negotiate successful */
646 cifs_dbg(FYI, "validate negotiate info successful\n");
647 return 0;
648
649 vneg_out:
650 cifs_dbg(VFS, "protocol revalidation - security settings mismatch\n");
651 return -EIO;
652 }
653
654 struct SMB2_sess_data {
655 unsigned int xid;
656 struct cifs_ses *ses;
657 struct nls_table *nls_cp;
658 void (*func)(struct SMB2_sess_data *);
659 int result;
660 u64 previous_session;
661
662 /* we will send the SMB in three pieces:
663 * a fixed length beginning part, an optional
664 * SPNEGO blob (which can be zero length), and a
665 * last part which will include the strings
666 * and rest of bcc area. This allows us to avoid
667 * a large buffer 17K allocation
668 */
669 int buf0_type;
670 struct kvec iov[2];
671 };
672
673 static int
674 SMB2_sess_alloc_buffer(struct SMB2_sess_data *sess_data)
675 {
676 int rc;
677 struct cifs_ses *ses = sess_data->ses;
678 struct smb2_sess_setup_req *req;
679 struct TCP_Server_Info *server = ses->server;
680
681 rc = small_smb2_init(SMB2_SESSION_SETUP, NULL, (void **) &req);
682 if (rc)
683 return rc;
684
685 /* First session, not a reauthenticate */
686 req->hdr.sync_hdr.SessionId = 0;
687
688 /* if reconnect, we need to send previous sess id, otherwise it is 0 */
689 req->PreviousSessionId = sess_data->previous_session;
690
691 req->Flags = 0; /* MBZ */
692 /* to enable echos and oplocks */
693 req->hdr.sync_hdr.CreditRequest = cpu_to_le16(3);
694
695 /* only one of SMB2 signing flags may be set in SMB2 request */
696 if (server->sign)
697 req->SecurityMode = SMB2_NEGOTIATE_SIGNING_REQUIRED;
698 else if (global_secflags & CIFSSEC_MAY_SIGN) /* one flag unlike MUST_ */
699 req->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED;
700 else
701 req->SecurityMode = 0;
702
703 req->Capabilities = 0;
704 req->Channel = 0; /* MBZ */
705
706 sess_data->iov[0].iov_base = (char *)req;
707 /* 4 for rfc1002 length field and 1 for pad */
708 sess_data->iov[0].iov_len = get_rfc1002_length(req) + 4 - 1;
709 /*
710 * This variable will be used to clear the buffer
711 * allocated above in case of any error in the calling function.
712 */
713 sess_data->buf0_type = CIFS_SMALL_BUFFER;
714
715 return 0;
716 }
717
718 static void
719 SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
720 {
721 free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
722 sess_data->buf0_type = CIFS_NO_BUFFER;
723 }
724
725 static int
726 SMB2_sess_sendreceive(struct SMB2_sess_data *sess_data)
727 {
728 int rc;
729 struct smb2_sess_setup_req *req = sess_data->iov[0].iov_base;
730 struct kvec rsp_iov = { NULL, 0 };
731
732 /* Testing shows that buffer offset must be at location of Buffer[0] */
733 req->SecurityBufferOffset =
734 cpu_to_le16(sizeof(struct smb2_sess_setup_req) -
735 1 /* pad */ - 4 /* rfc1001 len */);
736 req->SecurityBufferLength = cpu_to_le16(sess_data->iov[1].iov_len);
737
738 inc_rfc1001_len(req, sess_data->iov[1].iov_len - 1 /* pad */);
739
740 /* BB add code to build os and lm fields */
741
742 rc = SendReceive2(sess_data->xid, sess_data->ses,
743 sess_data->iov, 2,
744 &sess_data->buf0_type,
745 CIFS_LOG_ERROR | CIFS_NEG_OP, &rsp_iov);
746 cifs_small_buf_release(sess_data->iov[0].iov_base);
747 memcpy(&sess_data->iov[0], &rsp_iov, sizeof(struct kvec));
748
749 return rc;
750 }
751
752 static int
753 SMB2_sess_establish_session(struct SMB2_sess_data *sess_data)
754 {
755 int rc = 0;
756 struct cifs_ses *ses = sess_data->ses;
757
758 mutex_lock(&ses->server->srv_mutex);
759 if (ses->server->ops->generate_signingkey) {
760 rc = ses->server->ops->generate_signingkey(ses);
761 if (rc) {
762 cifs_dbg(FYI,
763 "SMB3 session key generation failed\n");
764 mutex_unlock(&ses->server->srv_mutex);
765 return rc;
766 }
767 }
768 if (!ses->server->session_estab) {
769 ses->server->sequence_number = 0x2;
770 ses->server->session_estab = true;
771 }
772 mutex_unlock(&ses->server->srv_mutex);
773
774 cifs_dbg(FYI, "SMB2/3 session established successfully\n");
775 spin_lock(&GlobalMid_Lock);
776 ses->status = CifsGood;
777 ses->need_reconnect = false;
778 spin_unlock(&GlobalMid_Lock);
779 return rc;
780 }
781
782 #ifdef CONFIG_CIFS_UPCALL
783 static void
784 SMB2_auth_kerberos(struct SMB2_sess_data *sess_data)
785 {
786 int rc;
787 struct cifs_ses *ses = sess_data->ses;
788 struct cifs_spnego_msg *msg;
789 struct key *spnego_key = NULL;
790 struct smb2_sess_setup_rsp *rsp = NULL;
791
792 rc = SMB2_sess_alloc_buffer(sess_data);
793 if (rc)
794 goto out;
795
796 spnego_key = cifs_get_spnego_key(ses);
797 if (IS_ERR(spnego_key)) {
798 rc = PTR_ERR(spnego_key);
799 spnego_key = NULL;
800 goto out;
801 }
802
803 msg = spnego_key->payload.data[0];
804 /*
805 * check version field to make sure that cifs.upcall is
806 * sending us a response in an expected form
807 */
808 if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
809 cifs_dbg(VFS,
810 "bad cifs.upcall version. Expected %d got %d",
811 CIFS_SPNEGO_UPCALL_VERSION, msg->version);
812 rc = -EKEYREJECTED;
813 goto out_put_spnego_key;
814 }
815
816 ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,
817 GFP_KERNEL);
818 if (!ses->auth_key.response) {
819 cifs_dbg(VFS,
820 "Kerberos can't allocate (%u bytes) memory",
821 msg->sesskey_len);
822 rc = -ENOMEM;
823 goto out_put_spnego_key;
824 }
825 ses->auth_key.len = msg->sesskey_len;
826
827 sess_data->iov[1].iov_base = msg->data + msg->sesskey_len;
828 sess_data->iov[1].iov_len = msg->secblob_len;
829
830 rc = SMB2_sess_sendreceive(sess_data);
831 if (rc)
832 goto out_put_spnego_key;
833
834 rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base;
835 ses->Suid = rsp->hdr.sync_hdr.SessionId;
836
837 ses->session_flags = le16_to_cpu(rsp->SessionFlags);
838 if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA)
839 cifs_dbg(VFS, "SMB3 encryption not supported yet\n");
840
841 rc = SMB2_sess_establish_session(sess_data);
842 out_put_spnego_key:
843 key_invalidate(spnego_key);
844 key_put(spnego_key);
845 out:
846 sess_data->result = rc;
847 sess_data->func = NULL;
848 SMB2_sess_free_buffer(sess_data);
849 }
850 #else
851 static void
852 SMB2_auth_kerberos(struct SMB2_sess_data *sess_data)
853 {
854 cifs_dbg(VFS, "Kerberos negotiated but upcall support disabled!\n");
855 sess_data->result = -EOPNOTSUPP;
856 sess_data->func = NULL;
857 }
858 #endif
859
860 static void
861 SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data);
862
863 static void
864 SMB2_sess_auth_rawntlmssp_negotiate(struct SMB2_sess_data *sess_data)
865 {
866 int rc;
867 struct cifs_ses *ses = sess_data->ses;
868 struct smb2_sess_setup_rsp *rsp = NULL;
869 char *ntlmssp_blob = NULL;
870 bool use_spnego = false; /* else use raw ntlmssp */
871 u16 blob_length = 0;
872
873 /*
874 * If memory allocation is successful, caller of this function
875 * frees it.
876 */
877 ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
878 if (!ses->ntlmssp) {
879 rc = -ENOMEM;
880 goto out_err;
881 }
882 ses->ntlmssp->sesskey_per_smbsess = true;
883
884 rc = SMB2_sess_alloc_buffer(sess_data);
885 if (rc)
886 goto out_err;
887
888 ntlmssp_blob = kmalloc(sizeof(struct _NEGOTIATE_MESSAGE),
889 GFP_KERNEL);
890 if (ntlmssp_blob == NULL) {
891 rc = -ENOMEM;
892 goto out;
893 }
894
895 build_ntlmssp_negotiate_blob(ntlmssp_blob, ses);
896 if (use_spnego) {
897 /* BB eventually need to add this */
898 cifs_dbg(VFS, "spnego not supported for SMB2 yet\n");
899 rc = -EOPNOTSUPP;
900 goto out;
901 } else {
902 blob_length = sizeof(struct _NEGOTIATE_MESSAGE);
903 /* with raw NTLMSSP we don't encapsulate in SPNEGO */
904 }
905 sess_data->iov[1].iov_base = ntlmssp_blob;
906 sess_data->iov[1].iov_len = blob_length;
907
908 rc = SMB2_sess_sendreceive(sess_data);
909 rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base;
910
911 /* If true, rc here is expected and not an error */
912 if (sess_data->buf0_type != CIFS_NO_BUFFER &&
913 rsp->hdr.sync_hdr.Status == STATUS_MORE_PROCESSING_REQUIRED)
914 rc = 0;
915
916 if (rc)
917 goto out;
918
919 if (offsetof(struct smb2_sess_setup_rsp, Buffer) - 4 !=
920 le16_to_cpu(rsp->SecurityBufferOffset)) {
921 cifs_dbg(VFS, "Invalid security buffer offset %d\n",
922 le16_to_cpu(rsp->SecurityBufferOffset));
923 rc = -EIO;
924 goto out;
925 }
926 rc = decode_ntlmssp_challenge(rsp->Buffer,
927 le16_to_cpu(rsp->SecurityBufferLength), ses);
928 if (rc)
929 goto out;
930
931 cifs_dbg(FYI, "rawntlmssp session setup challenge phase\n");
932
933
934 ses->Suid = rsp->hdr.sync_hdr.SessionId;
935 ses->session_flags = le16_to_cpu(rsp->SessionFlags);
936 if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA)
937 cifs_dbg(VFS, "SMB3 encryption not supported yet\n");
938
939 out:
940 kfree(ntlmssp_blob);
941 SMB2_sess_free_buffer(sess_data);
942 if (!rc) {
943 sess_data->result = 0;
944 sess_data->func = SMB2_sess_auth_rawntlmssp_authenticate;
945 return;
946 }
947 out_err:
948 kfree(ses->ntlmssp);
949 ses->ntlmssp = NULL;
950 sess_data->result = rc;
951 sess_data->func = NULL;
952 }
953
954 static void
955 SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data)
956 {
957 int rc;
958 struct cifs_ses *ses = sess_data->ses;
959 struct smb2_sess_setup_req *req;
960 struct smb2_sess_setup_rsp *rsp = NULL;
961 unsigned char *ntlmssp_blob = NULL;
962 bool use_spnego = false; /* else use raw ntlmssp */
963 u16 blob_length = 0;
964
965 rc = SMB2_sess_alloc_buffer(sess_data);
966 if (rc)
967 goto out;
968
969 req = (struct smb2_sess_setup_req *) sess_data->iov[0].iov_base;
970 req->hdr.sync_hdr.SessionId = ses->Suid;
971
972 rc = build_ntlmssp_auth_blob(&ntlmssp_blob, &blob_length, ses,
973 sess_data->nls_cp);
974 if (rc) {
975 cifs_dbg(FYI, "build_ntlmssp_auth_blob failed %d\n", rc);
976 goto out;
977 }
978
979 if (use_spnego) {
980 /* BB eventually need to add this */
981 cifs_dbg(VFS, "spnego not supported for SMB2 yet\n");
982 rc = -EOPNOTSUPP;
983 goto out;
984 }
985 sess_data->iov[1].iov_base = ntlmssp_blob;
986 sess_data->iov[1].iov_len = blob_length;
987
988 rc = SMB2_sess_sendreceive(sess_data);
989 if (rc)
990 goto out;
991
992 rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base;
993
994 ses->Suid = rsp->hdr.sync_hdr.SessionId;
995 ses->session_flags = le16_to_cpu(rsp->SessionFlags);
996 if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA)
997 cifs_dbg(VFS, "SMB3 encryption not supported yet\n");
998
999 rc = SMB2_sess_establish_session(sess_data);
1000 out:
1001 kfree(ntlmssp_blob);
1002 SMB2_sess_free_buffer(sess_data);
1003 kfree(ses->ntlmssp);
1004 ses->ntlmssp = NULL;
1005 sess_data->result = rc;
1006 sess_data->func = NULL;
1007 }
1008
1009 static int
1010 SMB2_select_sec(struct cifs_ses *ses, struct SMB2_sess_data *sess_data)
1011 {
1012 if (ses->sectype != Kerberos && ses->sectype != RawNTLMSSP)
1013 ses->sectype = RawNTLMSSP;
1014
1015 switch (ses->sectype) {
1016 case Kerberos:
1017 sess_data->func = SMB2_auth_kerberos;
1018 break;
1019 case RawNTLMSSP:
1020 sess_data->func = SMB2_sess_auth_rawntlmssp_negotiate;
1021 break;
1022 default:
1023 cifs_dbg(VFS, "secType %d not supported!\n", ses->sectype);
1024 return -EOPNOTSUPP;
1025 }
1026
1027 return 0;
1028 }
1029
1030 int
1031 SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
1032 const struct nls_table *nls_cp)
1033 {
1034 int rc = 0;
1035 struct TCP_Server_Info *server = ses->server;
1036 struct SMB2_sess_data *sess_data;
1037
1038 cifs_dbg(FYI, "Session Setup\n");
1039
1040 if (!server) {
1041 WARN(1, "%s: server is NULL!\n", __func__);
1042 return -EIO;
1043 }
1044
1045 sess_data = kzalloc(sizeof(struct SMB2_sess_data), GFP_KERNEL);
1046 if (!sess_data)
1047 return -ENOMEM;
1048
1049 rc = SMB2_select_sec(ses, sess_data);
1050 if (rc)
1051 goto out;
1052 sess_data->xid = xid;
1053 sess_data->ses = ses;
1054 sess_data->buf0_type = CIFS_NO_BUFFER;
1055 sess_data->nls_cp = (struct nls_table *) nls_cp;
1056
1057 while (sess_data->func)
1058 sess_data->func(sess_data);
1059
1060 rc = sess_data->result;
1061 out:
1062 kfree(sess_data);
1063 return rc;
1064 }
1065
1066 int
1067 SMB2_logoff(const unsigned int xid, struct cifs_ses *ses)
1068 {
1069 struct smb2_logoff_req *req; /* response is also trivial struct */
1070 int rc = 0;
1071 struct TCP_Server_Info *server;
1072 int flags = 0;
1073
1074 cifs_dbg(FYI, "disconnect session %p\n", ses);
1075
1076 if (ses && (ses->server))
1077 server = ses->server;
1078 else
1079 return -EIO;
1080
1081 /* no need to send SMB logoff if uid already closed due to reconnect */
1082 if (ses->need_reconnect)
1083 goto smb2_session_already_dead;
1084
1085 rc = small_smb2_init(SMB2_LOGOFF, NULL, (void **) &req);
1086 if (rc)
1087 return rc;
1088
1089 /* since no tcon, smb2_init can not do this, so do here */
1090 req->hdr.sync_hdr.SessionId = ses->Suid;
1091
1092 if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA)
1093 flags |= CIFS_TRANSFORM_REQ;
1094 else if (server->sign)
1095 req->hdr.sync_hdr.Flags |= SMB2_FLAGS_SIGNED;
1096
1097 rc = SendReceiveNoRsp(xid, ses, (char *) req, flags);
1098 cifs_small_buf_release(req);
1099 /*
1100 * No tcon so can't do
1101 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
1102 */
1103
1104 smb2_session_already_dead:
1105 return rc;
1106 }
1107
1108 static inline void cifs_stats_fail_inc(struct cifs_tcon *tcon, uint16_t code)
1109 {
1110 cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_failed[code]);
1111 }
1112
1113 #define MAX_SHARENAME_LENGTH (255 /* server */ + 80 /* share */ + 1 /* NULL */)
1114
1115 /* These are similar values to what Windows uses */
1116 static inline void init_copy_chunk_defaults(struct cifs_tcon *tcon)
1117 {
1118 tcon->max_chunks = 256;
1119 tcon->max_bytes_chunk = 1048576;
1120 tcon->max_bytes_copy = 16777216;
1121 }
1122
1123 int
1124 SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree,
1125 struct cifs_tcon *tcon, const struct nls_table *cp)
1126 {
1127 struct smb2_tree_connect_req *req;
1128 struct smb2_tree_connect_rsp *rsp = NULL;
1129 struct kvec iov[2];
1130 struct kvec rsp_iov;
1131 int rc = 0;
1132 int resp_buftype;
1133 int unc_path_len;
1134 struct TCP_Server_Info *server;
1135 __le16 *unc_path = NULL;
1136 int flags = 0;
1137
1138 cifs_dbg(FYI, "TCON\n");
1139
1140 if ((ses->server) && tree)
1141 server = ses->server;
1142 else
1143 return -EIO;
1144
1145 if (tcon && tcon->bad_network_name)
1146 return -ENOENT;
1147
1148 if ((tcon && tcon->seal) &&
1149 ((ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION) == 0)) {
1150 cifs_dbg(VFS, "encryption requested but no server support");
1151 return -EOPNOTSUPP;
1152 }
1153
1154 unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL);
1155 if (unc_path == NULL)
1156 return -ENOMEM;
1157
1158 unc_path_len = cifs_strtoUTF16(unc_path, tree, strlen(tree), cp) + 1;
1159 unc_path_len *= 2;
1160 if (unc_path_len < 2) {
1161 kfree(unc_path);
1162 return -EINVAL;
1163 }
1164
1165 rc = small_smb2_init(SMB2_TREE_CONNECT, tcon, (void **) &req);
1166 if (rc) {
1167 kfree(unc_path);
1168 return rc;
1169 }
1170
1171 if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA)
1172 flags |= CIFS_TRANSFORM_REQ;
1173
1174 if (tcon == NULL) {
1175 /* since no tcon, smb2_init can not do this, so do here */
1176 req->hdr.sync_hdr.SessionId = ses->Suid;
1177 /* if (ses->server->sec_mode & SECMODE_SIGN_REQUIRED)
1178 req->hdr.Flags |= SMB2_FLAGS_SIGNED; */
1179 }
1180
1181 iov[0].iov_base = (char *)req;
1182 /* 4 for rfc1002 length field and 1 for pad */
1183 iov[0].iov_len = get_rfc1002_length(req) + 4 - 1;
1184
1185 /* Testing shows that buffer offset must be at location of Buffer[0] */
1186 req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req)
1187 - 1 /* pad */ - 4 /* do not count rfc1001 len field */);
1188 req->PathLength = cpu_to_le16(unc_path_len - 2);
1189 iov[1].iov_base = unc_path;
1190 iov[1].iov_len = unc_path_len;
1191
1192 inc_rfc1001_len(req, unc_path_len - 1 /* pad */);
1193
1194 rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, flags, &rsp_iov);
1195 cifs_small_buf_release(req);
1196 rsp = (struct smb2_tree_connect_rsp *)rsp_iov.iov_base;
1197
1198 if (rc != 0) {
1199 if (tcon) {
1200 cifs_stats_fail_inc(tcon, SMB2_TREE_CONNECT_HE);
1201 tcon->need_reconnect = true;
1202 }
1203 goto tcon_error_exit;
1204 }
1205
1206 if (tcon == NULL) {
1207 ses->ipc_tid = rsp->hdr.sync_hdr.TreeId;
1208 goto tcon_exit;
1209 }
1210
1211 if (rsp->ShareType & SMB2_SHARE_TYPE_DISK)
1212 cifs_dbg(FYI, "connection to disk share\n");
1213 else if (rsp->ShareType & SMB2_SHARE_TYPE_PIPE) {
1214 tcon->ipc = true;
1215 cifs_dbg(FYI, "connection to pipe share\n");
1216 } else if (rsp->ShareType & SMB2_SHARE_TYPE_PRINT) {
1217 tcon->print = true;
1218 cifs_dbg(FYI, "connection to printer\n");
1219 } else {
1220 cifs_dbg(VFS, "unknown share type %d\n", rsp->ShareType);
1221 rc = -EOPNOTSUPP;
1222 goto tcon_error_exit;
1223 }
1224
1225 tcon->share_flags = le32_to_cpu(rsp->ShareFlags);
1226 tcon->capabilities = rsp->Capabilities; /* we keep caps little endian */
1227 tcon->maximal_access = le32_to_cpu(rsp->MaximalAccess);
1228 tcon->tidStatus = CifsGood;
1229 tcon->need_reconnect = false;
1230 tcon->tid = rsp->hdr.sync_hdr.TreeId;
1231 strlcpy(tcon->treeName, tree, sizeof(tcon->treeName));
1232
1233 if ((rsp->Capabilities & SMB2_SHARE_CAP_DFS) &&
1234 ((tcon->share_flags & SHI1005_FLAGS_DFS) == 0))
1235 cifs_dbg(VFS, "DFS capability contradicts DFS flag\n");
1236 init_copy_chunk_defaults(tcon);
1237 if (tcon->share_flags & SHI1005_FLAGS_ENCRYPT_DATA)
1238 cifs_dbg(VFS, "Encrypted shares not supported");
1239 if (tcon->ses->server->ops->validate_negotiate)
1240 rc = tcon->ses->server->ops->validate_negotiate(xid, tcon);
1241 tcon_exit:
1242 free_rsp_buf(resp_buftype, rsp);
1243 kfree(unc_path);
1244 return rc;
1245
1246 tcon_error_exit:
1247 if (rsp->hdr.sync_hdr.Status == STATUS_BAD_NETWORK_NAME) {
1248 cifs_dbg(VFS, "BAD_NETWORK_NAME: %s\n", tree);
1249 if (tcon)
1250 tcon->bad_network_name = true;
1251 }
1252 goto tcon_exit;
1253 }
1254
1255 int
1256 SMB2_tdis(const unsigned int xid, struct cifs_tcon *tcon)
1257 {
1258 struct smb2_tree_disconnect_req *req; /* response is trivial */
1259 int rc = 0;
1260 struct TCP_Server_Info *server;
1261 struct cifs_ses *ses = tcon->ses;
1262 int flags = 0;
1263
1264 cifs_dbg(FYI, "Tree Disconnect\n");
1265
1266 if (ses && (ses->server))
1267 server = ses->server;
1268 else
1269 return -EIO;
1270
1271 if ((tcon->need_reconnect) || (tcon->ses->need_reconnect))
1272 return 0;
1273
1274 rc = small_smb2_init(SMB2_TREE_DISCONNECT, tcon, (void **) &req);
1275 if (rc)
1276 return rc;
1277
1278 if (encryption_required(tcon))
1279 flags |= CIFS_TRANSFORM_REQ;
1280
1281 rc = SendReceiveNoRsp(xid, ses, (char *)req, flags);
1282 cifs_small_buf_release(req);
1283 if (rc)
1284 cifs_stats_fail_inc(tcon, SMB2_TREE_DISCONNECT_HE);
1285
1286 return rc;
1287 }
1288
1289
1290 static struct create_durable *
1291 create_durable_buf(void)
1292 {
1293 struct create_durable *buf;
1294
1295 buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL);
1296 if (!buf)
1297 return NULL;
1298
1299 buf->ccontext.DataOffset = cpu_to_le16(offsetof
1300 (struct create_durable, Data));
1301 buf->ccontext.DataLength = cpu_to_le32(16);
1302 buf->ccontext.NameOffset = cpu_to_le16(offsetof
1303 (struct create_durable, Name));
1304 buf->ccontext.NameLength = cpu_to_le16(4);
1305 /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DHnQ" */
1306 buf->Name[0] = 'D';
1307 buf->Name[1] = 'H';
1308 buf->Name[2] = 'n';
1309 buf->Name[3] = 'Q';
1310 return buf;
1311 }
1312
1313 static struct create_durable *
1314 create_reconnect_durable_buf(struct cifs_fid *fid)
1315 {
1316 struct create_durable *buf;
1317
1318 buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL);
1319 if (!buf)
1320 return NULL;
1321
1322 buf->ccontext.DataOffset = cpu_to_le16(offsetof
1323 (struct create_durable, Data));
1324 buf->ccontext.DataLength = cpu_to_le32(16);
1325 buf->ccontext.NameOffset = cpu_to_le16(offsetof
1326 (struct create_durable, Name));
1327 buf->ccontext.NameLength = cpu_to_le16(4);
1328 buf->Data.Fid.PersistentFileId = fid->persistent_fid;
1329 buf->Data.Fid.VolatileFileId = fid->volatile_fid;
1330 /* SMB2_CREATE_DURABLE_HANDLE_RECONNECT is "DHnC" */
1331 buf->Name[0] = 'D';
1332 buf->Name[1] = 'H';
1333 buf->Name[2] = 'n';
1334 buf->Name[3] = 'C';
1335 return buf;
1336 }
1337
1338 static __u8
1339 parse_lease_state(struct TCP_Server_Info *server, struct smb2_create_rsp *rsp,
1340 unsigned int *epoch)
1341 {
1342 char *data_offset;
1343 struct create_context *cc;
1344 unsigned int next;
1345 unsigned int remaining;
1346 char *name;
1347
1348 data_offset = (char *)rsp + 4 + le32_to_cpu(rsp->CreateContextsOffset);
1349 remaining = le32_to_cpu(rsp->CreateContextsLength);
1350 cc = (struct create_context *)data_offset;
1351 while (remaining >= sizeof(struct create_context)) {
1352 name = le16_to_cpu(cc->NameOffset) + (char *)cc;
1353 if (le16_to_cpu(cc->NameLength) == 4 &&
1354 strncmp(name, "RqLs", 4) == 0)
1355 return server->ops->parse_lease_buf(cc, epoch);
1356
1357 next = le32_to_cpu(cc->Next);
1358 if (!next)
1359 break;
1360 remaining -= next;
1361 cc = (struct create_context *)((char *)cc + next);
1362 }
1363
1364 return 0;
1365 }
1366
1367 static int
1368 add_lease_context(struct TCP_Server_Info *server, struct kvec *iov,
1369 unsigned int *num_iovec, __u8 *oplock)
1370 {
1371 struct smb2_create_req *req = iov[0].iov_base;
1372 unsigned int num = *num_iovec;
1373
1374 iov[num].iov_base = server->ops->create_lease_buf(oplock+1, *oplock);
1375 if (iov[num].iov_base == NULL)
1376 return -ENOMEM;
1377 iov[num].iov_len = server->vals->create_lease_size;
1378 req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_LEASE;
1379 if (!req->CreateContextsOffset)
1380 req->CreateContextsOffset = cpu_to_le32(
1381 sizeof(struct smb2_create_req) - 4 +
1382 iov[num - 1].iov_len);
1383 le32_add_cpu(&req->CreateContextsLength,
1384 server->vals->create_lease_size);
1385 inc_rfc1001_len(&req->hdr, server->vals->create_lease_size);
1386 *num_iovec = num + 1;
1387 return 0;
1388 }
1389
1390 static struct create_durable_v2 *
1391 create_durable_v2_buf(struct cifs_fid *pfid)
1392 {
1393 struct create_durable_v2 *buf;
1394
1395 buf = kzalloc(sizeof(struct create_durable_v2), GFP_KERNEL);
1396 if (!buf)
1397 return NULL;
1398
1399 buf->ccontext.DataOffset = cpu_to_le16(offsetof
1400 (struct create_durable_v2, dcontext));
1401 buf->ccontext.DataLength = cpu_to_le32(sizeof(struct durable_context_v2));
1402 buf->ccontext.NameOffset = cpu_to_le16(offsetof
1403 (struct create_durable_v2, Name));
1404 buf->ccontext.NameLength = cpu_to_le16(4);
1405
1406 buf->dcontext.Timeout = 0; /* Should this be configurable by workload */
1407 buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT);
1408 generate_random_uuid(buf->dcontext.CreateGuid);
1409 memcpy(pfid->create_guid, buf->dcontext.CreateGuid, 16);
1410
1411 /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DH2Q" */
1412 buf->Name[0] = 'D';
1413 buf->Name[1] = 'H';
1414 buf->Name[2] = '2';
1415 buf->Name[3] = 'Q';
1416 return buf;
1417 }
1418
1419 static struct create_durable_handle_reconnect_v2 *
1420 create_reconnect_durable_v2_buf(struct cifs_fid *fid)
1421 {
1422 struct create_durable_handle_reconnect_v2 *buf;
1423
1424 buf = kzalloc(sizeof(struct create_durable_handle_reconnect_v2),
1425 GFP_KERNEL);
1426 if (!buf)
1427 return NULL;
1428
1429 buf->ccontext.DataOffset =
1430 cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2,
1431 dcontext));
1432 buf->ccontext.DataLength =
1433 cpu_to_le32(sizeof(struct durable_reconnect_context_v2));
1434 buf->ccontext.NameOffset =
1435 cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2,
1436 Name));
1437 buf->ccontext.NameLength = cpu_to_le16(4);
1438
1439 buf->dcontext.Fid.PersistentFileId = fid->persistent_fid;
1440 buf->dcontext.Fid.VolatileFileId = fid->volatile_fid;
1441 buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT);
1442 memcpy(buf->dcontext.CreateGuid, fid->create_guid, 16);
1443
1444 /* SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 is "DH2C" */
1445 buf->Name[0] = 'D';
1446 buf->Name[1] = 'H';
1447 buf->Name[2] = '2';
1448 buf->Name[3] = 'C';
1449 return buf;
1450 }
1451
1452 static int
1453 add_durable_v2_context(struct kvec *iov, unsigned int *num_iovec,
1454 struct cifs_open_parms *oparms)
1455 {
1456 struct smb2_create_req *req = iov[0].iov_base;
1457 unsigned int num = *num_iovec;
1458
1459 iov[num].iov_base = create_durable_v2_buf(oparms->fid);
1460 if (iov[num].iov_base == NULL)
1461 return -ENOMEM;
1462 iov[num].iov_len = sizeof(struct create_durable_v2);
1463 if (!req->CreateContextsOffset)
1464 req->CreateContextsOffset =
1465 cpu_to_le32(sizeof(struct smb2_create_req) - 4 +
1466 iov[1].iov_len);
1467 le32_add_cpu(&req->CreateContextsLength, sizeof(struct create_durable_v2));
1468 inc_rfc1001_len(&req->hdr, sizeof(struct create_durable_v2));
1469 *num_iovec = num + 1;
1470 return 0;
1471 }
1472
1473 static int
1474 add_durable_reconnect_v2_context(struct kvec *iov, unsigned int *num_iovec,
1475 struct cifs_open_parms *oparms)
1476 {
1477 struct smb2_create_req *req = iov[0].iov_base;
1478 unsigned int num = *num_iovec;
1479
1480 /* indicate that we don't need to relock the file */
1481 oparms->reconnect = false;
1482
1483 iov[num].iov_base = create_reconnect_durable_v2_buf(oparms->fid);
1484 if (iov[num].iov_base == NULL)
1485 return -ENOMEM;
1486 iov[num].iov_len = sizeof(struct create_durable_handle_reconnect_v2);
1487 if (!req->CreateContextsOffset)
1488 req->CreateContextsOffset =
1489 cpu_to_le32(sizeof(struct smb2_create_req) - 4 +
1490 iov[1].iov_len);
1491 le32_add_cpu(&req->CreateContextsLength,
1492 sizeof(struct create_durable_handle_reconnect_v2));
1493 inc_rfc1001_len(&req->hdr,
1494 sizeof(struct create_durable_handle_reconnect_v2));
1495 *num_iovec = num + 1;
1496 return 0;
1497 }
1498
1499 static int
1500 add_durable_context(struct kvec *iov, unsigned int *num_iovec,
1501 struct cifs_open_parms *oparms, bool use_persistent)
1502 {
1503 struct smb2_create_req *req = iov[0].iov_base;
1504 unsigned int num = *num_iovec;
1505
1506 if (use_persistent) {
1507 if (oparms->reconnect)
1508 return add_durable_reconnect_v2_context(iov, num_iovec,
1509 oparms);
1510 else
1511 return add_durable_v2_context(iov, num_iovec, oparms);
1512 }
1513
1514 if (oparms->reconnect) {
1515 iov[num].iov_base = create_reconnect_durable_buf(oparms->fid);
1516 /* indicate that we don't need to relock the file */
1517 oparms->reconnect = false;
1518 } else
1519 iov[num].iov_base = create_durable_buf();
1520 if (iov[num].iov_base == NULL)
1521 return -ENOMEM;
1522 iov[num].iov_len = sizeof(struct create_durable);
1523 if (!req->CreateContextsOffset)
1524 req->CreateContextsOffset =
1525 cpu_to_le32(sizeof(struct smb2_create_req) - 4 +
1526 iov[1].iov_len);
1527 le32_add_cpu(&req->CreateContextsLength, sizeof(struct create_durable));
1528 inc_rfc1001_len(&req->hdr, sizeof(struct create_durable));
1529 *num_iovec = num + 1;
1530 return 0;
1531 }
1532
1533 int
1534 SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
1535 __u8 *oplock, struct smb2_file_all_info *buf,
1536 struct smb2_err_rsp **err_buf)
1537 {
1538 struct smb2_create_req *req;
1539 struct smb2_create_rsp *rsp;
1540 struct TCP_Server_Info *server;
1541 struct cifs_tcon *tcon = oparms->tcon;
1542 struct cifs_ses *ses = tcon->ses;
1543 struct kvec iov[4];
1544 struct kvec rsp_iov;
1545 int resp_buftype;
1546 int uni_path_len;
1547 __le16 *copy_path = NULL;
1548 int copy_size;
1549 int rc = 0;
1550 unsigned int n_iov = 2;
1551 __u32 file_attributes = 0;
1552 char *dhc_buf = NULL, *lc_buf = NULL;
1553 int flags = 0;
1554
1555 cifs_dbg(FYI, "create/open\n");
1556
1557 if (ses && (ses->server))
1558 server = ses->server;
1559 else
1560 return -EIO;
1561
1562 rc = small_smb2_init(SMB2_CREATE, tcon, (void **) &req);
1563 if (rc)
1564 return rc;
1565
1566 if (encryption_required(tcon))
1567 flags |= CIFS_TRANSFORM_REQ;
1568
1569 if (oparms->create_options & CREATE_OPTION_READONLY)
1570 file_attributes |= ATTR_READONLY;
1571 if (oparms->create_options & CREATE_OPTION_SPECIAL)
1572 file_attributes |= ATTR_SYSTEM;
1573
1574 req->ImpersonationLevel = IL_IMPERSONATION;
1575 req->DesiredAccess = cpu_to_le32(oparms->desired_access);
1576 /* File attributes ignored on open (used in create though) */
1577 req->FileAttributes = cpu_to_le32(file_attributes);
1578 req->ShareAccess = FILE_SHARE_ALL_LE;
1579 req->CreateDisposition = cpu_to_le32(oparms->disposition);
1580 req->CreateOptions = cpu_to_le32(oparms->create_options & CREATE_OPTIONS_MASK);
1581 uni_path_len = (2 * UniStrnlen((wchar_t *)path, PATH_MAX)) + 2;
1582 /* do not count rfc1001 len field */
1583 req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req) - 4);
1584
1585 iov[0].iov_base = (char *)req;
1586 /* 4 for rfc1002 length field */
1587 iov[0].iov_len = get_rfc1002_length(req) + 4;
1588
1589 /* MUST set path len (NameLength) to 0 opening root of share */
1590 req->NameLength = cpu_to_le16(uni_path_len - 2);
1591 /* -1 since last byte is buf[0] which is sent below (path) */
1592 iov[0].iov_len--;
1593 if (uni_path_len % 8 != 0) {
1594 copy_size = uni_path_len / 8 * 8;
1595 if (copy_size < uni_path_len)
1596 copy_size += 8;
1597
1598 copy_path = kzalloc(copy_size, GFP_KERNEL);
1599 if (!copy_path)
1600 return -ENOMEM;
1601 memcpy((char *)copy_path, (const char *)path,
1602 uni_path_len);
1603 uni_path_len = copy_size;
1604 path = copy_path;
1605 }
1606
1607 iov[1].iov_len = uni_path_len;
1608 iov[1].iov_base = path;
1609 /* -1 since last byte is buf[0] which was counted in smb2_buf_len */
1610 inc_rfc1001_len(req, uni_path_len - 1);
1611
1612 if (!server->oplocks)
1613 *oplock = SMB2_OPLOCK_LEVEL_NONE;
1614
1615 if (!(server->capabilities & SMB2_GLOBAL_CAP_LEASING) ||
1616 *oplock == SMB2_OPLOCK_LEVEL_NONE)
1617 req->RequestedOplockLevel = *oplock;
1618 else {
1619 rc = add_lease_context(server, iov, &n_iov, oplock);
1620 if (rc) {
1621 cifs_small_buf_release(req);
1622 kfree(copy_path);
1623 return rc;
1624 }
1625 lc_buf = iov[n_iov-1].iov_base;
1626 }
1627
1628 if (*oplock == SMB2_OPLOCK_LEVEL_BATCH) {
1629 /* need to set Next field of lease context if we request it */
1630 if (server->capabilities & SMB2_GLOBAL_CAP_LEASING) {
1631 struct create_context *ccontext =
1632 (struct create_context *)iov[n_iov-1].iov_base;
1633 ccontext->Next =
1634 cpu_to_le32(server->vals->create_lease_size);
1635 }
1636
1637 rc = add_durable_context(iov, &n_iov, oparms,
1638 tcon->use_persistent);
1639 if (rc) {
1640 cifs_small_buf_release(req);
1641 kfree(copy_path);
1642 kfree(lc_buf);
1643 return rc;
1644 }
1645 dhc_buf = iov[n_iov-1].iov_base;
1646 }
1647
1648 rc = SendReceive2(xid, ses, iov, n_iov, &resp_buftype, flags, &rsp_iov);
1649 cifs_small_buf_release(req);
1650 rsp = (struct smb2_create_rsp *)rsp_iov.iov_base;
1651
1652 if (rc != 0) {
1653 cifs_stats_fail_inc(tcon, SMB2_CREATE_HE);
1654 if (err_buf)
1655 *err_buf = kmemdup(rsp, get_rfc1002_length(rsp) + 4,
1656 GFP_KERNEL);
1657 goto creat_exit;
1658 }
1659
1660 oparms->fid->persistent_fid = rsp->PersistentFileId;
1661 oparms->fid->volatile_fid = rsp->VolatileFileId;
1662
1663 if (buf) {
1664 memcpy(buf, &rsp->CreationTime, 32);
1665 buf->AllocationSize = rsp->AllocationSize;
1666 buf->EndOfFile = rsp->EndofFile;
1667 buf->Attributes = rsp->FileAttributes;
1668 buf->NumberOfLinks = cpu_to_le32(1);
1669 buf->DeletePending = 0;
1670 }
1671
1672 if (rsp->OplockLevel == SMB2_OPLOCK_LEVEL_LEASE)
1673 *oplock = parse_lease_state(server, rsp, &oparms->fid->epoch);
1674 else
1675 *oplock = rsp->OplockLevel;
1676 creat_exit:
1677 kfree(copy_path);
1678 kfree(lc_buf);
1679 kfree(dhc_buf);
1680 free_rsp_buf(resp_buftype, rsp);
1681 return rc;
1682 }
1683
1684 /*
1685 * SMB2 IOCTL is used for both IOCTLs and FSCTLs
1686 */
1687 int
1688 SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
1689 u64 volatile_fid, u32 opcode, bool is_fsctl, char *in_data,
1690 u32 indatalen, char **out_data, u32 *plen /* returned data len */)
1691 {
1692 struct smb2_ioctl_req *req;
1693 struct smb2_ioctl_rsp *rsp;
1694 struct smb2_sync_hdr *shdr;
1695 struct TCP_Server_Info *server;
1696 struct cifs_ses *ses;
1697 struct kvec iov[2];
1698 struct kvec rsp_iov;
1699 int resp_buftype;
1700 int n_iov;
1701 int rc = 0;
1702 int flags = 0;
1703
1704 cifs_dbg(FYI, "SMB2 IOCTL\n");
1705
1706 if (out_data != NULL)
1707 *out_data = NULL;
1708
1709 /* zero out returned data len, in case of error */
1710 if (plen)
1711 *plen = 0;
1712
1713 if (tcon)
1714 ses = tcon->ses;
1715 else
1716 return -EIO;
1717
1718 if (ses && (ses->server))
1719 server = ses->server;
1720 else
1721 return -EIO;
1722
1723 rc = small_smb2_init(SMB2_IOCTL, tcon, (void **) &req);
1724 if (rc)
1725 return rc;
1726
1727 if (encryption_required(tcon))
1728 flags |= CIFS_TRANSFORM_REQ;
1729
1730 req->CtlCode = cpu_to_le32(opcode);
1731 req->PersistentFileId = persistent_fid;
1732 req->VolatileFileId = volatile_fid;
1733
1734 if (indatalen) {
1735 req->InputCount = cpu_to_le32(indatalen);
1736 /* do not set InputOffset if no input data */
1737 req->InputOffset =
1738 cpu_to_le32(offsetof(struct smb2_ioctl_req, Buffer) - 4);
1739 iov[1].iov_base = in_data;
1740 iov[1].iov_len = indatalen;
1741 n_iov = 2;
1742 } else
1743 n_iov = 1;
1744
1745 req->OutputOffset = 0;
1746 req->OutputCount = 0; /* MBZ */
1747
1748 /*
1749 * Could increase MaxOutputResponse, but that would require more
1750 * than one credit. Windows typically sets this smaller, but for some
1751 * ioctls it may be useful to allow server to send more. No point
1752 * limiting what the server can send as long as fits in one credit
1753 */
1754 req->MaxOutputResponse = cpu_to_le32(0xFF00); /* < 64K uses 1 credit */
1755
1756 if (is_fsctl)
1757 req->Flags = cpu_to_le32(SMB2_0_IOCTL_IS_FSCTL);
1758 else
1759 req->Flags = 0;
1760
1761 iov[0].iov_base = (char *)req;
1762
1763 /*
1764 * If no input data, the size of ioctl struct in
1765 * protocol spec still includes a 1 byte data buffer,
1766 * but if input data passed to ioctl, we do not
1767 * want to double count this, so we do not send
1768 * the dummy one byte of data in iovec[0] if sending
1769 * input data (in iovec[1]). We also must add 4 bytes
1770 * in first iovec to allow for rfc1002 length field.
1771 */
1772
1773 if (indatalen) {
1774 iov[0].iov_len = get_rfc1002_length(req) + 4 - 1;
1775 inc_rfc1001_len(req, indatalen - 1);
1776 } else
1777 iov[0].iov_len = get_rfc1002_length(req) + 4;
1778
1779
1780 rc = SendReceive2(xid, ses, iov, n_iov, &resp_buftype, flags, &rsp_iov);
1781 cifs_small_buf_release(req);
1782 rsp = (struct smb2_ioctl_rsp *)rsp_iov.iov_base;
1783
1784 if ((rc != 0) && (rc != -EINVAL)) {
1785 cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);
1786 goto ioctl_exit;
1787 } else if (rc == -EINVAL) {
1788 if ((opcode != FSCTL_SRV_COPYCHUNK_WRITE) &&
1789 (opcode != FSCTL_SRV_COPYCHUNK)) {
1790 cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);
1791 goto ioctl_exit;
1792 }
1793 }
1794
1795 /* check if caller wants to look at return data or just return rc */
1796 if ((plen == NULL) || (out_data == NULL))
1797 goto ioctl_exit;
1798
1799 *plen = le32_to_cpu(rsp->OutputCount);
1800
1801 /* We check for obvious errors in the output buffer length and offset */
1802 if (*plen == 0)
1803 goto ioctl_exit; /* server returned no data */
1804 else if (*plen > 0xFF00) {
1805 cifs_dbg(VFS, "srv returned invalid ioctl length: %d\n", *plen);
1806 *plen = 0;
1807 rc = -EIO;
1808 goto ioctl_exit;
1809 }
1810
1811 if (get_rfc1002_length(rsp) < le32_to_cpu(rsp->OutputOffset) + *plen) {
1812 cifs_dbg(VFS, "Malformed ioctl resp: len %d offset %d\n", *plen,
1813 le32_to_cpu(rsp->OutputOffset));
1814 *plen = 0;
1815 rc = -EIO;
1816 goto ioctl_exit;
1817 }
1818
1819 *out_data = kmalloc(*plen, GFP_KERNEL);
1820 if (*out_data == NULL) {
1821 rc = -ENOMEM;
1822 goto ioctl_exit;
1823 }
1824
1825 shdr = get_sync_hdr(rsp);
1826 memcpy(*out_data, (char *)shdr + le32_to_cpu(rsp->OutputOffset), *plen);
1827 ioctl_exit:
1828 free_rsp_buf(resp_buftype, rsp);
1829 return rc;
1830 }
1831
1832 /*
1833 * Individual callers to ioctl worker function follow
1834 */
1835
1836 int
1837 SMB2_set_compression(const unsigned int xid, struct cifs_tcon *tcon,
1838 u64 persistent_fid, u64 volatile_fid)
1839 {
1840 int rc;
1841 struct compress_ioctl fsctl_input;
1842 char *ret_data = NULL;
1843
1844 fsctl_input.CompressionState =
1845 cpu_to_le16(COMPRESSION_FORMAT_DEFAULT);
1846
1847 rc = SMB2_ioctl(xid, tcon, persistent_fid, volatile_fid,
1848 FSCTL_SET_COMPRESSION, true /* is_fsctl */,
1849 (char *)&fsctl_input /* data input */,
1850 2 /* in data len */, &ret_data /* out data */, NULL);
1851
1852 cifs_dbg(FYI, "set compression rc %d\n", rc);
1853
1854 return rc;
1855 }
1856
1857 int
1858 SMB2_close(const unsigned int xid, struct cifs_tcon *tcon,
1859 u64 persistent_fid, u64 volatile_fid)
1860 {
1861 struct smb2_close_req *req;
1862 struct smb2_close_rsp *rsp;
1863 struct TCP_Server_Info *server;
1864 struct cifs_ses *ses = tcon->ses;
1865 struct kvec iov[1];
1866 struct kvec rsp_iov;
1867 int resp_buftype;
1868 int rc = 0;
1869 int flags = 0;
1870
1871 cifs_dbg(FYI, "Close\n");
1872
1873 if (ses && (ses->server))
1874 server = ses->server;
1875 else
1876 return -EIO;
1877
1878 rc = small_smb2_init(SMB2_CLOSE, tcon, (void **) &req);
1879 if (rc)
1880 return rc;
1881
1882 if (encryption_required(tcon))
1883 flags |= CIFS_TRANSFORM_REQ;
1884
1885 req->PersistentFileId = persistent_fid;
1886 req->VolatileFileId = volatile_fid;
1887
1888 iov[0].iov_base = (char *)req;
1889 /* 4 for rfc1002 length field */
1890 iov[0].iov_len = get_rfc1002_length(req) + 4;
1891
1892 rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, flags, &rsp_iov);
1893 cifs_small_buf_release(req);
1894 rsp = (struct smb2_close_rsp *)rsp_iov.iov_base;
1895
1896 if (rc != 0) {
1897 cifs_stats_fail_inc(tcon, SMB2_CLOSE_HE);
1898 goto close_exit;
1899 }
1900
1901 /* BB FIXME - decode close response, update inode for caching */
1902
1903 close_exit:
1904 free_rsp_buf(resp_buftype, rsp);
1905 return rc;
1906 }
1907
1908 static int
1909 validate_buf(unsigned int offset, unsigned int buffer_length,
1910 struct smb2_hdr *hdr, unsigned int min_buf_size)
1911
1912 {
1913 unsigned int smb_len = be32_to_cpu(hdr->smb2_buf_length);
1914 char *end_of_smb = smb_len + 4 /* RFC1001 length field */ + (char *)hdr;
1915 char *begin_of_buf = 4 /* RFC1001 len field */ + offset + (char *)hdr;
1916 char *end_of_buf = begin_of_buf + buffer_length;
1917
1918
1919 if (buffer_length < min_buf_size) {
1920 cifs_dbg(VFS, "buffer length %d smaller than minimum size %d\n",
1921 buffer_length, min_buf_size);
1922 return -EINVAL;
1923 }
1924
1925 /* check if beyond RFC1001 maximum length */
1926 if ((smb_len > 0x7FFFFF) || (buffer_length > 0x7FFFFF)) {
1927 cifs_dbg(VFS, "buffer length %d or smb length %d too large\n",
1928 buffer_length, smb_len);
1929 return -EINVAL;
1930 }
1931
1932 if ((begin_of_buf > end_of_smb) || (end_of_buf > end_of_smb)) {
1933 cifs_dbg(VFS, "illegal server response, bad offset to data\n");
1934 return -EINVAL;
1935 }
1936
1937 return 0;
1938 }
1939
1940 /*
1941 * If SMB buffer fields are valid, copy into temporary buffer to hold result.
1942 * Caller must free buffer.
1943 */
1944 static int
1945 validate_and_copy_buf(unsigned int offset, unsigned int buffer_length,
1946 struct smb2_hdr *hdr, unsigned int minbufsize,
1947 char *data)
1948
1949 {
1950 char *begin_of_buf = 4 /* RFC1001 len field */ + offset + (char *)hdr;
1951 int rc;
1952
1953 if (!data)
1954 return -EINVAL;
1955
1956 rc = validate_buf(offset, buffer_length, hdr, minbufsize);
1957 if (rc)
1958 return rc;
1959
1960 memcpy(data, begin_of_buf, buffer_length);
1961
1962 return 0;
1963 }
1964
1965 static int
1966 query_info(const unsigned int xid, struct cifs_tcon *tcon,
1967 u64 persistent_fid, u64 volatile_fid, u8 info_class,
1968 size_t output_len, size_t min_len, void *data)
1969 {
1970 struct smb2_query_info_req *req;
1971 struct smb2_query_info_rsp *rsp = NULL;
1972 struct kvec iov[2];
1973 struct kvec rsp_iov;
1974 int rc = 0;
1975 int resp_buftype;
1976 struct TCP_Server_Info *server;
1977 struct cifs_ses *ses = tcon->ses;
1978 int flags = 0;
1979
1980 cifs_dbg(FYI, "Query Info\n");
1981
1982 if (ses && (ses->server))
1983 server = ses->server;
1984 else
1985 return -EIO;
1986
1987 rc = small_smb2_init(SMB2_QUERY_INFO, tcon, (void **) &req);
1988 if (rc)
1989 return rc;
1990
1991 if (encryption_required(tcon))
1992 flags |= CIFS_TRANSFORM_REQ;
1993
1994 req->InfoType = SMB2_O_INFO_FILE;
1995 req->FileInfoClass = info_class;
1996 req->PersistentFileId = persistent_fid;
1997 req->VolatileFileId = volatile_fid;
1998 /* 4 for rfc1002 length field and 1 for Buffer */
1999 req->InputBufferOffset =
2000 cpu_to_le16(sizeof(struct smb2_query_info_req) - 1 - 4);
2001 req->OutputBufferLength = cpu_to_le32(output_len);
2002
2003 iov[0].iov_base = (char *)req;
2004 /* 4 for rfc1002 length field */
2005 iov[0].iov_len = get_rfc1002_length(req) + 4;
2006
2007 rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, flags, &rsp_iov);
2008 cifs_small_buf_release(req);
2009 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
2010
2011 if (rc) {
2012 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
2013 goto qinf_exit;
2014 }
2015
2016 rc = validate_and_copy_buf(le16_to_cpu(rsp->OutputBufferOffset),
2017 le32_to_cpu(rsp->OutputBufferLength),
2018 &rsp->hdr, min_len, data);
2019
2020 qinf_exit:
2021 free_rsp_buf(resp_buftype, rsp);
2022 return rc;
2023 }
2024
2025 int
2026 SMB2_query_info(const unsigned int xid, struct cifs_tcon *tcon,
2027 u64 persistent_fid, u64 volatile_fid,
2028 struct smb2_file_all_info *data)
2029 {
2030 return query_info(xid, tcon, persistent_fid, volatile_fid,
2031 FILE_ALL_INFORMATION,
2032 sizeof(struct smb2_file_all_info) + PATH_MAX * 2,
2033 sizeof(struct smb2_file_all_info), data);
2034 }
2035
2036 int
2037 SMB2_get_srv_num(const unsigned int xid, struct cifs_tcon *tcon,
2038 u64 persistent_fid, u64 volatile_fid, __le64 *uniqueid)
2039 {
2040 return query_info(xid, tcon, persistent_fid, volatile_fid,
2041 FILE_INTERNAL_INFORMATION,
2042 sizeof(struct smb2_file_internal_info),
2043 sizeof(struct smb2_file_internal_info), uniqueid);
2044 }
2045
2046 /*
2047 * This is a no-op for now. We're not really interested in the reply, but
2048 * rather in the fact that the server sent one and that server->lstrp
2049 * gets updated.
2050 *
2051 * FIXME: maybe we should consider checking that the reply matches request?
2052 */
2053 static void
2054 smb2_echo_callback(struct mid_q_entry *mid)
2055 {
2056 struct TCP_Server_Info *server = mid->callback_data;
2057 struct smb2_echo_rsp *rsp = (struct smb2_echo_rsp *)mid->resp_buf;
2058 unsigned int credits_received = 1;
2059
2060 if (mid->mid_state == MID_RESPONSE_RECEIVED)
2061 credits_received = le16_to_cpu(rsp->hdr.sync_hdr.CreditRequest);
2062
2063 mutex_lock(&server->srv_mutex);
2064 DeleteMidQEntry(mid);
2065 mutex_unlock(&server->srv_mutex);
2066 add_credits(server, credits_received, CIFS_ECHO_OP);
2067 }
2068
2069 void smb2_reconnect_server(struct work_struct *work)
2070 {
2071 struct TCP_Server_Info *server = container_of(work,
2072 struct TCP_Server_Info, reconnect.work);
2073 struct cifs_ses *ses;
2074 struct cifs_tcon *tcon, *tcon2;
2075 struct list_head tmp_list;
2076 int tcon_exist = false;
2077
2078 /* Prevent simultaneous reconnects that can corrupt tcon->rlist list */
2079 mutex_lock(&server->reconnect_mutex);
2080
2081 INIT_LIST_HEAD(&tmp_list);
2082 cifs_dbg(FYI, "Need negotiate, reconnecting tcons\n");
2083
2084 spin_lock(&cifs_tcp_ses_lock);
2085 list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
2086 list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
2087 if (tcon->need_reconnect || tcon->need_reopen_files) {
2088 tcon->tc_count++;
2089 list_add_tail(&tcon->rlist, &tmp_list);
2090 tcon_exist = true;
2091 }
2092 }
2093 }
2094 /*
2095 * Get the reference to server struct to be sure that the last call of
2096 * cifs_put_tcon() in the loop below won't release the server pointer.
2097 */
2098 if (tcon_exist)
2099 server->srv_count++;
2100
2101 spin_unlock(&cifs_tcp_ses_lock);
2102
2103 list_for_each_entry_safe(tcon, tcon2, &tmp_list, rlist) {
2104 if (!smb2_reconnect(SMB2_INTERNAL_CMD, tcon))
2105 cifs_reopen_persistent_handles(tcon);
2106 list_del_init(&tcon->rlist);
2107 cifs_put_tcon(tcon);
2108 }
2109
2110 cifs_dbg(FYI, "Reconnecting tcons finished\n");
2111 mutex_unlock(&server->reconnect_mutex);
2112
2113 /* now we can safely release srv struct */
2114 if (tcon_exist)
2115 cifs_put_tcp_session(server, 1);
2116 }
2117
2118 int
2119 SMB2_echo(struct TCP_Server_Info *server)
2120 {
2121 struct smb2_echo_req *req;
2122 int rc = 0;
2123 struct kvec iov[2];
2124 struct smb_rqst rqst = { .rq_iov = iov,
2125 .rq_nvec = 2 };
2126
2127 cifs_dbg(FYI, "In echo request\n");
2128
2129 if (server->tcpStatus == CifsNeedNegotiate) {
2130 /* No need to send echo on newly established connections */
2131 queue_delayed_work(cifsiod_wq, &server->reconnect, 0);
2132 return rc;
2133 }
2134
2135 rc = small_smb2_init(SMB2_ECHO, NULL, (void **)&req);
2136 if (rc)
2137 return rc;
2138
2139 req->hdr.sync_hdr.CreditRequest = cpu_to_le16(1);
2140
2141 /* 4 for rfc1002 length field */
2142 iov[0].iov_len = 4;
2143 iov[0].iov_base = (char *)req;
2144 iov[1].iov_len = get_rfc1002_length(req);
2145 iov[1].iov_base = (char *)req + 4;
2146
2147 rc = cifs_call_async(server, &rqst, NULL, smb2_echo_callback, NULL,
2148 server, CIFS_ECHO_OP);
2149 if (rc)
2150 cifs_dbg(FYI, "Echo request failed: %d\n", rc);
2151
2152 cifs_small_buf_release(req);
2153 return rc;
2154 }
2155
2156 int
2157 SMB2_flush(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
2158 u64 volatile_fid)
2159 {
2160 struct smb2_flush_req *req;
2161 struct TCP_Server_Info *server;
2162 struct cifs_ses *ses = tcon->ses;
2163 struct kvec iov[1];
2164 struct kvec rsp_iov;
2165 int resp_buftype;
2166 int rc = 0;
2167 int flags = 0;
2168
2169 cifs_dbg(FYI, "Flush\n");
2170
2171 if (ses && (ses->server))
2172 server = ses->server;
2173 else
2174 return -EIO;
2175
2176 rc = small_smb2_init(SMB2_FLUSH, tcon, (void **) &req);
2177 if (rc)
2178 return rc;
2179
2180 if (encryption_required(tcon))
2181 flags |= CIFS_TRANSFORM_REQ;
2182
2183 req->PersistentFileId = persistent_fid;
2184 req->VolatileFileId = volatile_fid;
2185
2186 iov[0].iov_base = (char *)req;
2187 /* 4 for rfc1002 length field */
2188 iov[0].iov_len = get_rfc1002_length(req) + 4;
2189
2190 rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, flags, &rsp_iov);
2191 cifs_small_buf_release(req);
2192
2193 if (rc != 0)
2194 cifs_stats_fail_inc(tcon, SMB2_FLUSH_HE);
2195
2196 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
2197 return rc;
2198 }
2199
2200 /*
2201 * To form a chain of read requests, any read requests after the first should
2202 * have the end_of_chain boolean set to true.
2203 */
2204 static int
2205 smb2_new_read_req(void **buf, unsigned int *total_len,
2206 struct cifs_io_parms *io_parms, unsigned int remaining_bytes,
2207 int request_type)
2208 {
2209 int rc = -EACCES;
2210 struct smb2_read_plain_req *req = NULL;
2211 struct smb2_sync_hdr *shdr;
2212
2213 rc = smb2_plain_req_init(SMB2_READ, io_parms->tcon, (void **) &req,
2214 total_len);
2215 if (rc)
2216 return rc;
2217 if (io_parms->tcon->ses->server == NULL)
2218 return -ECONNABORTED;
2219
2220 shdr = &req->sync_hdr;
2221 shdr->ProcessId = cpu_to_le32(io_parms->pid);
2222
2223 req->PersistentFileId = io_parms->persistent_fid;
2224 req->VolatileFileId = io_parms->volatile_fid;
2225 req->ReadChannelInfoOffset = 0; /* reserved */
2226 req->ReadChannelInfoLength = 0; /* reserved */
2227 req->Channel = 0; /* reserved */
2228 req->MinimumCount = 0;
2229 req->Length = cpu_to_le32(io_parms->length);
2230 req->Offset = cpu_to_le64(io_parms->offset);
2231
2232 if (request_type & CHAINED_REQUEST) {
2233 if (!(request_type & END_OF_CHAIN)) {
2234 /* next 8-byte aligned request */
2235 *total_len = DIV_ROUND_UP(*total_len, 8) * 8;
2236 shdr->NextCommand = cpu_to_le32(*total_len);
2237 } else /* END_OF_CHAIN */
2238 shdr->NextCommand = 0;
2239 if (request_type & RELATED_REQUEST) {
2240 shdr->Flags |= SMB2_FLAGS_RELATED_OPERATIONS;
2241 /*
2242 * Related requests use info from previous read request
2243 * in chain.
2244 */
2245 shdr->SessionId = 0xFFFFFFFF;
2246 shdr->TreeId = 0xFFFFFFFF;
2247 req->PersistentFileId = 0xFFFFFFFF;
2248 req->VolatileFileId = 0xFFFFFFFF;
2249 }
2250 }
2251 if (remaining_bytes > io_parms->length)
2252 req->RemainingBytes = cpu_to_le32(remaining_bytes);
2253 else
2254 req->RemainingBytes = 0;
2255
2256 *buf = req;
2257 return rc;
2258 }
2259
2260 static void
2261 smb2_readv_callback(struct mid_q_entry *mid)
2262 {
2263 struct cifs_readdata *rdata = mid->callback_data;
2264 struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink);
2265 struct TCP_Server_Info *server = tcon->ses->server;
2266 struct smb2_sync_hdr *shdr =
2267 (struct smb2_sync_hdr *)rdata->iov[1].iov_base;
2268 unsigned int credits_received = 1;
2269 struct smb_rqst rqst = { .rq_iov = rdata->iov,
2270 .rq_nvec = 2,
2271 .rq_pages = rdata->pages,
2272 .rq_npages = rdata->nr_pages,
2273 .rq_pagesz = rdata->pagesz,
2274 .rq_tailsz = rdata->tailsz };
2275
2276 cifs_dbg(FYI, "%s: mid=%llu state=%d result=%d bytes=%u\n",
2277 __func__, mid->mid, mid->mid_state, rdata->result,
2278 rdata->bytes);
2279
2280 switch (mid->mid_state) {
2281 case MID_RESPONSE_RECEIVED:
2282 credits_received = le16_to_cpu(shdr->CreditRequest);
2283 /* result already set, check signature */
2284 if (server->sign) {
2285 int rc;
2286
2287 rc = smb2_verify_signature(&rqst, server);
2288 if (rc)
2289 cifs_dbg(VFS, "SMB signature verification returned error = %d\n",
2290 rc);
2291 }
2292 /* FIXME: should this be counted toward the initiating task? */
2293 task_io_account_read(rdata->got_bytes);
2294 cifs_stats_bytes_read(tcon, rdata->got_bytes);
2295 break;
2296 case MID_REQUEST_SUBMITTED:
2297 case MID_RETRY_NEEDED:
2298 rdata->result = -EAGAIN;
2299 if (server->sign && rdata->got_bytes)
2300 /* reset bytes number since we can not check a sign */
2301 rdata->got_bytes = 0;
2302 /* FIXME: should this be counted toward the initiating task? */
2303 task_io_account_read(rdata->got_bytes);
2304 cifs_stats_bytes_read(tcon, rdata->got_bytes);
2305 break;
2306 default:
2307 if (rdata->result != -ENODATA)
2308 rdata->result = -EIO;
2309 }
2310
2311 if (rdata->result)
2312 cifs_stats_fail_inc(tcon, SMB2_READ_HE);
2313
2314 queue_work(cifsiod_wq, &rdata->work);
2315 mutex_lock(&server->srv_mutex);
2316 DeleteMidQEntry(mid);
2317 mutex_unlock(&server->srv_mutex);
2318 add_credits(server, credits_received, 0);
2319 }
2320
2321 /* smb2_async_readv - send an async read, and set up mid to handle result */
2322 int
2323 smb2_async_readv(struct cifs_readdata *rdata)
2324 {
2325 int rc, flags = 0;
2326 char *buf;
2327 struct smb2_sync_hdr *shdr;
2328 struct cifs_io_parms io_parms;
2329 struct smb_rqst rqst = { .rq_iov = rdata->iov,
2330 .rq_nvec = 2 };
2331 struct TCP_Server_Info *server;
2332 unsigned int total_len;
2333 __be32 req_len;
2334
2335 cifs_dbg(FYI, "%s: offset=%llu bytes=%u\n",
2336 __func__, rdata->offset, rdata->bytes);
2337
2338 io_parms.tcon = tlink_tcon(rdata->cfile->tlink);
2339 io_parms.offset = rdata->offset;
2340 io_parms.length = rdata->bytes;
2341 io_parms.persistent_fid = rdata->cfile->fid.persistent_fid;
2342 io_parms.volatile_fid = rdata->cfile->fid.volatile_fid;
2343 io_parms.pid = rdata->pid;
2344
2345 server = io_parms.tcon->ses->server;
2346
2347 rc = smb2_new_read_req((void **) &buf, &total_len, &io_parms, 0, 0);
2348 if (rc) {
2349 if (rc == -EAGAIN && rdata->credits) {
2350 /* credits was reset by reconnect */
2351 rdata->credits = 0;
2352 /* reduce in_flight value since we won't send the req */
2353 spin_lock(&server->req_lock);
2354 server->in_flight--;
2355 spin_unlock(&server->req_lock);
2356 }
2357 return rc;
2358 }
2359
2360 if (encryption_required(io_parms.tcon))
2361 flags |= CIFS_TRANSFORM_REQ;
2362
2363 req_len = cpu_to_be32(total_len);
2364
2365 rdata->iov[0].iov_base = &req_len;
2366 rdata->iov[0].iov_len = sizeof(__be32);
2367 rdata->iov[1].iov_base = buf;
2368 rdata->iov[1].iov_len = total_len;
2369
2370 shdr = (struct smb2_sync_hdr *)buf;
2371
2372 if (rdata->credits) {
2373 shdr->CreditCharge = cpu_to_le16(DIV_ROUND_UP(rdata->bytes,
2374 SMB2_MAX_BUFFER_SIZE));
2375 shdr->CreditRequest = shdr->CreditCharge;
2376 spin_lock(&server->req_lock);
2377 server->credits += rdata->credits -
2378 le16_to_cpu(shdr->CreditCharge);
2379 spin_unlock(&server->req_lock);
2380 wake_up(&server->request_q);
2381 flags |= CIFS_HAS_CREDITS;
2382 }
2383
2384 kref_get(&rdata->refcount);
2385 rc = cifs_call_async(io_parms.tcon->ses->server, &rqst,
2386 cifs_readv_receive, smb2_readv_callback,
2387 NULL, rdata, flags);
2388 if (rc) {
2389 kref_put(&rdata->refcount, cifs_readdata_release);
2390 cifs_stats_fail_inc(io_parms.tcon, SMB2_READ_HE);
2391 }
2392
2393 cifs_small_buf_release(buf);
2394 return rc;
2395 }
2396
2397 int
2398 SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms,
2399 unsigned int *nbytes, char **buf, int *buf_type)
2400 {
2401 int resp_buftype, rc = -EACCES;
2402 struct smb2_read_plain_req *req = NULL;
2403 struct smb2_read_rsp *rsp = NULL;
2404 struct smb2_sync_hdr *shdr;
2405 struct kvec iov[2];
2406 struct kvec rsp_iov;
2407 unsigned int total_len;
2408 __be32 req_len;
2409 struct smb_rqst rqst = { .rq_iov = iov,
2410 .rq_nvec = 2 };
2411 int flags = CIFS_LOG_ERROR;
2412 struct cifs_ses *ses = io_parms->tcon->ses;
2413
2414 *nbytes = 0;
2415 rc = smb2_new_read_req((void **)&req, &total_len, io_parms, 0, 0);
2416 if (rc)
2417 return rc;
2418
2419 if (encryption_required(io_parms->tcon))
2420 flags |= CIFS_TRANSFORM_REQ;
2421
2422 req_len = cpu_to_be32(total_len);
2423
2424 iov[0].iov_base = &req_len;
2425 iov[0].iov_len = sizeof(__be32);
2426 iov[1].iov_base = req;
2427 iov[1].iov_len = total_len;
2428
2429 rc = cifs_send_recv(xid, ses, &rqst, &resp_buftype, flags, &rsp_iov);
2430 cifs_small_buf_release(req);
2431
2432 rsp = (struct smb2_read_rsp *)rsp_iov.iov_base;
2433 shdr = get_sync_hdr(rsp);
2434
2435 if (shdr->Status == STATUS_END_OF_FILE) {
2436 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
2437 return 0;
2438 }
2439
2440 if (rc) {
2441 cifs_stats_fail_inc(io_parms->tcon, SMB2_READ_HE);
2442 cifs_dbg(VFS, "Send error in read = %d\n", rc);
2443 } else {
2444 *nbytes = le32_to_cpu(rsp->DataLength);
2445 if ((*nbytes > CIFS_MAX_MSGSIZE) ||
2446 (*nbytes > io_parms->length)) {
2447 cifs_dbg(FYI, "bad length %d for count %d\n",
2448 *nbytes, io_parms->length);
2449 rc = -EIO;
2450 *nbytes = 0;
2451 }
2452 }
2453
2454 if (*buf) {
2455 memcpy(*buf, (char *)shdr + rsp->DataOffset, *nbytes);
2456 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
2457 } else if (resp_buftype != CIFS_NO_BUFFER) {
2458 *buf = rsp_iov.iov_base;
2459 if (resp_buftype == CIFS_SMALL_BUFFER)
2460 *buf_type = CIFS_SMALL_BUFFER;
2461 else if (resp_buftype == CIFS_LARGE_BUFFER)
2462 *buf_type = CIFS_LARGE_BUFFER;
2463 }
2464 return rc;
2465 }
2466
2467 /*
2468 * Check the mid_state and signature on received buffer (if any), and queue the
2469 * workqueue completion task.
2470 */
2471 static void
2472 smb2_writev_callback(struct mid_q_entry *mid)
2473 {
2474 struct cifs_writedata *wdata = mid->callback_data;
2475 struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink);
2476 struct TCP_Server_Info *server = tcon->ses->server;
2477 unsigned int written;
2478 struct smb2_write_rsp *rsp = (struct smb2_write_rsp *)mid->resp_buf;
2479 unsigned int credits_received = 1;
2480
2481 switch (mid->mid_state) {
2482 case MID_RESPONSE_RECEIVED:
2483 credits_received = le16_to_cpu(rsp->hdr.sync_hdr.CreditRequest);
2484 wdata->result = smb2_check_receive(mid, tcon->ses->server, 0);
2485 if (wdata->result != 0)
2486 break;
2487
2488 written = le32_to_cpu(rsp->DataLength);
2489 /*
2490 * Mask off high 16 bits when bytes written as returned
2491 * by the server is greater than bytes requested by the
2492 * client. OS/2 servers are known to set incorrect
2493 * CountHigh values.
2494 */
2495 if (written > wdata->bytes)
2496 written &= 0xFFFF;
2497
2498 if (written < wdata->bytes)
2499 wdata->result = -ENOSPC;
2500 else
2501 wdata->bytes = written;
2502 break;
2503 case MID_REQUEST_SUBMITTED:
2504 case MID_RETRY_NEEDED:
2505 wdata->result = -EAGAIN;
2506 break;
2507 default:
2508 wdata->result = -EIO;
2509 break;
2510 }
2511
2512 if (wdata->result)
2513 cifs_stats_fail_inc(tcon, SMB2_WRITE_HE);
2514
2515 queue_work(cifsiod_wq, &wdata->work);
2516 mutex_lock(&server->srv_mutex);
2517 DeleteMidQEntry(mid);
2518 mutex_unlock(&server->srv_mutex);
2519 add_credits(tcon->ses->server, credits_received, 0);
2520 }
2521
2522 /* smb2_async_writev - send an async write, and set up mid to handle result */
2523 int
2524 smb2_async_writev(struct cifs_writedata *wdata,
2525 void (*release)(struct kref *kref))
2526 {
2527 int rc = -EACCES, flags = 0;
2528 struct smb2_write_req *req = NULL;
2529 struct smb2_sync_hdr *shdr;
2530 struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink);
2531 struct TCP_Server_Info *server = tcon->ses->server;
2532 struct kvec iov[2];
2533 struct smb_rqst rqst = { };
2534
2535 rc = small_smb2_init(SMB2_WRITE, tcon, (void **) &req);
2536 if (rc) {
2537 if (rc == -EAGAIN && wdata->credits) {
2538 /* credits was reset by reconnect */
2539 wdata->credits = 0;
2540 /* reduce in_flight value since we won't send the req */
2541 spin_lock(&server->req_lock);
2542 server->in_flight--;
2543 spin_unlock(&server->req_lock);
2544 }
2545 goto async_writev_out;
2546 }
2547
2548 if (encryption_required(tcon))
2549 flags |= CIFS_TRANSFORM_REQ;
2550
2551 shdr = get_sync_hdr(req);
2552 shdr->ProcessId = cpu_to_le32(wdata->cfile->pid);
2553
2554 req->PersistentFileId = wdata->cfile->fid.persistent_fid;
2555 req->VolatileFileId = wdata->cfile->fid.volatile_fid;
2556 req->WriteChannelInfoOffset = 0;
2557 req->WriteChannelInfoLength = 0;
2558 req->Channel = 0;
2559 req->Offset = cpu_to_le64(wdata->offset);
2560 /* 4 for rfc1002 length field */
2561 req->DataOffset = cpu_to_le16(
2562 offsetof(struct smb2_write_req, Buffer) - 4);
2563 req->RemainingBytes = 0;
2564
2565 /* 4 for rfc1002 length field and 1 for Buffer */
2566 iov[0].iov_len = 4;
2567 iov[0].iov_base = req;
2568 iov[1].iov_len = get_rfc1002_length(req) - 1;
2569 iov[1].iov_base = (char *)req + 4;
2570
2571 rqst.rq_iov = iov;
2572 rqst.rq_nvec = 2;
2573 rqst.rq_pages = wdata->pages;
2574 rqst.rq_npages = wdata->nr_pages;
2575 rqst.rq_pagesz = wdata->pagesz;
2576 rqst.rq_tailsz = wdata->tailsz;
2577
2578 cifs_dbg(FYI, "async write at %llu %u bytes\n",
2579 wdata->offset, wdata->bytes);
2580
2581 req->Length = cpu_to_le32(wdata->bytes);
2582
2583 inc_rfc1001_len(&req->hdr, wdata->bytes - 1 /* Buffer */);
2584
2585 if (wdata->credits) {
2586 shdr->CreditCharge = cpu_to_le16(DIV_ROUND_UP(wdata->bytes,
2587 SMB2_MAX_BUFFER_SIZE));
2588 shdr->CreditRequest = shdr->CreditCharge;
2589 spin_lock(&server->req_lock);
2590 server->credits += wdata->credits -
2591 le16_to_cpu(shdr->CreditCharge);
2592 spin_unlock(&server->req_lock);
2593 wake_up(&server->request_q);
2594 flags |= CIFS_HAS_CREDITS;
2595 }
2596
2597 kref_get(&wdata->refcount);
2598 rc = cifs_call_async(server, &rqst, NULL, smb2_writev_callback, NULL,
2599 wdata, flags);
2600
2601 if (rc) {
2602 kref_put(&wdata->refcount, release);
2603 cifs_stats_fail_inc(tcon, SMB2_WRITE_HE);
2604 }
2605
2606 async_writev_out:
2607 cifs_small_buf_release(req);
2608 return rc;
2609 }
2610
2611 /*
2612 * SMB2_write function gets iov pointer to kvec array with n_vec as a length.
2613 * The length field from io_parms must be at least 1 and indicates a number of
2614 * elements with data to write that begins with position 1 in iov array. All
2615 * data length is specified by count.
2616 */
2617 int
2618 SMB2_write(const unsigned int xid, struct cifs_io_parms *io_parms,
2619 unsigned int *nbytes, struct kvec *iov, int n_vec)
2620 {
2621 int rc = 0;
2622 struct smb2_write_req *req = NULL;
2623 struct smb2_write_rsp *rsp = NULL;
2624 int resp_buftype;
2625 struct kvec rsp_iov;
2626 int flags = 0;
2627
2628 *nbytes = 0;
2629
2630 if (n_vec < 1)
2631 return rc;
2632
2633 rc = small_smb2_init(SMB2_WRITE, io_parms->tcon, (void **) &req);
2634 if (rc)
2635 return rc;
2636
2637 if (io_parms->tcon->ses->server == NULL)
2638 return -ECONNABORTED;
2639
2640 if (encryption_required(io_parms->tcon))
2641 flags |= CIFS_TRANSFORM_REQ;
2642
2643 req->hdr.sync_hdr.ProcessId = cpu_to_le32(io_parms->pid);
2644
2645 req->PersistentFileId = io_parms->persistent_fid;
2646 req->VolatileFileId = io_parms->volatile_fid;
2647 req->WriteChannelInfoOffset = 0;
2648 req->WriteChannelInfoLength = 0;
2649 req->Channel = 0;
2650 req->Length = cpu_to_le32(io_parms->length);
2651 req->Offset = cpu_to_le64(io_parms->offset);
2652 /* 4 for rfc1002 length field */
2653 req->DataOffset = cpu_to_le16(
2654 offsetof(struct smb2_write_req, Buffer) - 4);
2655 req->RemainingBytes = 0;
2656
2657 iov[0].iov_base = (char *)req;
2658 /* 4 for rfc1002 length field and 1 for Buffer */
2659 iov[0].iov_len = get_rfc1002_length(req) + 4 - 1;
2660
2661 /* length of entire message including data to be written */
2662 inc_rfc1001_len(req, io_parms->length - 1 /* Buffer */);
2663
2664 rc = SendReceive2(xid, io_parms->tcon->ses, iov, n_vec + 1,
2665 &resp_buftype, flags, &rsp_iov);
2666 cifs_small_buf_release(req);
2667 rsp = (struct smb2_write_rsp *)rsp_iov.iov_base;
2668
2669 if (rc) {
2670 cifs_stats_fail_inc(io_parms->tcon, SMB2_WRITE_HE);
2671 cifs_dbg(VFS, "Send error in write = %d\n", rc);
2672 } else
2673 *nbytes = le32_to_cpu(rsp->DataLength);
2674
2675 free_rsp_buf(resp_buftype, rsp);
2676 return rc;
2677 }
2678
2679 static unsigned int
2680 num_entries(char *bufstart, char *end_of_buf, char **lastentry, size_t size)
2681 {
2682 int len;
2683 unsigned int entrycount = 0;
2684 unsigned int next_offset = 0;
2685 FILE_DIRECTORY_INFO *entryptr;
2686
2687 if (bufstart == NULL)
2688 return 0;
2689
2690 entryptr = (FILE_DIRECTORY_INFO *)bufstart;
2691
2692 while (1) {
2693 entryptr = (FILE_DIRECTORY_INFO *)
2694 ((char *)entryptr + next_offset);
2695
2696 if ((char *)entryptr + size > end_of_buf) {
2697 cifs_dbg(VFS, "malformed search entry would overflow\n");
2698 break;
2699 }
2700
2701 len = le32_to_cpu(entryptr->FileNameLength);
2702 if ((char *)entryptr + len + size > end_of_buf) {
2703 cifs_dbg(VFS, "directory entry name would overflow frame end of buf %p\n",
2704 end_of_buf);
2705 break;
2706 }
2707
2708 *lastentry = (char *)entryptr;
2709 entrycount++;
2710
2711 next_offset = le32_to_cpu(entryptr->NextEntryOffset);
2712 if (!next_offset)
2713 break;
2714 }
2715
2716 return entrycount;
2717 }
2718
2719 /*
2720 * Readdir/FindFirst
2721 */
2722 int
2723 SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
2724 u64 persistent_fid, u64 volatile_fid, int index,
2725 struct cifs_search_info *srch_inf)
2726 {
2727 struct smb2_query_directory_req *req;
2728 struct smb2_query_directory_rsp *rsp = NULL;
2729 struct kvec iov[2];
2730 struct kvec rsp_iov;
2731 int rc = 0;
2732 int len;
2733 int resp_buftype = CIFS_NO_BUFFER;
2734 unsigned char *bufptr;
2735 struct TCP_Server_Info *server;
2736 struct cifs_ses *ses = tcon->ses;
2737 __le16 asteriks = cpu_to_le16('*');
2738 char *end_of_smb;
2739 unsigned int output_size = CIFSMaxBufSize;
2740 size_t info_buf_size;
2741 int flags = 0;
2742
2743 if (ses && (ses->server))
2744 server = ses->server;
2745 else
2746 return -EIO;
2747
2748 rc = small_smb2_init(SMB2_QUERY_DIRECTORY, tcon, (void **) &req);
2749 if (rc)
2750 return rc;
2751
2752 if (encryption_required(tcon))
2753 flags |= CIFS_TRANSFORM_REQ;
2754
2755 switch (srch_inf->info_level) {
2756 case SMB_FIND_FILE_DIRECTORY_INFO:
2757 req->FileInformationClass = FILE_DIRECTORY_INFORMATION;
2758 info_buf_size = sizeof(FILE_DIRECTORY_INFO) - 1;
2759 break;
2760 case SMB_FIND_FILE_ID_FULL_DIR_INFO:
2761 req->FileInformationClass = FILEID_FULL_DIRECTORY_INFORMATION;
2762 info_buf_size = sizeof(SEARCH_ID_FULL_DIR_INFO) - 1;
2763 break;
2764 default:
2765 cifs_dbg(VFS, "info level %u isn't supported\n",
2766 srch_inf->info_level);
2767 rc = -EINVAL;
2768 goto qdir_exit;
2769 }
2770
2771 req->FileIndex = cpu_to_le32(index);
2772 req->PersistentFileId = persistent_fid;
2773 req->VolatileFileId = volatile_fid;
2774
2775 len = 0x2;
2776 bufptr = req->Buffer;
2777 memcpy(bufptr, &asteriks, len);
2778
2779 req->FileNameOffset =
2780 cpu_to_le16(sizeof(struct smb2_query_directory_req) - 1 - 4);
2781 req->FileNameLength = cpu_to_le16(len);
2782 /*
2783 * BB could be 30 bytes or so longer if we used SMB2 specific
2784 * buffer lengths, but this is safe and close enough.
2785 */
2786 output_size = min_t(unsigned int, output_size, server->maxBuf);
2787 output_size = min_t(unsigned int, output_size, 2 << 15);
2788 req->OutputBufferLength = cpu_to_le32(output_size);
2789
2790 iov[0].iov_base = (char *)req;
2791 /* 4 for RFC1001 length and 1 for Buffer */
2792 iov[0].iov_len = get_rfc1002_length(req) + 4 - 1;
2793
2794 iov[1].iov_base = (char *)(req->Buffer);
2795 iov[1].iov_len = len;
2796
2797 inc_rfc1001_len(req, len - 1 /* Buffer */);
2798
2799 rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, flags, &rsp_iov);
2800 cifs_small_buf_release(req);
2801 rsp = (struct smb2_query_directory_rsp *)rsp_iov.iov_base;
2802
2803 if (rc) {
2804 if (rc == -ENODATA &&
2805 rsp->hdr.sync_hdr.Status == STATUS_NO_MORE_FILES) {
2806 srch_inf->endOfSearch = true;
2807 rc = 0;
2808 }
2809 cifs_stats_fail_inc(tcon, SMB2_QUERY_DIRECTORY_HE);
2810 goto qdir_exit;
2811 }
2812
2813 rc = validate_buf(le16_to_cpu(rsp->OutputBufferOffset),
2814 le32_to_cpu(rsp->OutputBufferLength), &rsp->hdr,
2815 info_buf_size);
2816 if (rc)
2817 goto qdir_exit;
2818
2819 srch_inf->unicode = true;
2820
2821 if (srch_inf->ntwrk_buf_start) {
2822 if (srch_inf->smallBuf)
2823 cifs_small_buf_release(srch_inf->ntwrk_buf_start);
2824 else
2825 cifs_buf_release(srch_inf->ntwrk_buf_start);
2826 }
2827 srch_inf->ntwrk_buf_start = (char *)rsp;
2828 srch_inf->srch_entries_start = srch_inf->last_entry = 4 /* rfclen */ +
2829 (char *)&rsp->hdr + le16_to_cpu(rsp->OutputBufferOffset);
2830 /* 4 for rfc1002 length field */
2831 end_of_smb = get_rfc1002_length(rsp) + 4 + (char *)&rsp->hdr;
2832 srch_inf->entries_in_buffer =
2833 num_entries(srch_inf->srch_entries_start, end_of_smb,
2834 &srch_inf->last_entry, info_buf_size);
2835 srch_inf->index_of_last_entry += srch_inf->entries_in_buffer;
2836 cifs_dbg(FYI, "num entries %d last_index %lld srch start %p srch end %p\n",
2837 srch_inf->entries_in_buffer, srch_inf->index_of_last_entry,
2838 srch_inf->srch_entries_start, srch_inf->last_entry);
2839 if (resp_buftype == CIFS_LARGE_BUFFER)
2840 srch_inf->smallBuf = false;
2841 else if (resp_buftype == CIFS_SMALL_BUFFER)
2842 srch_inf->smallBuf = true;
2843 else
2844 cifs_dbg(VFS, "illegal search buffer type\n");
2845
2846 return rc;
2847
2848 qdir_exit:
2849 free_rsp_buf(resp_buftype, rsp);
2850 return rc;
2851 }
2852
2853 static int
2854 send_set_info(const unsigned int xid, struct cifs_tcon *tcon,
2855 u64 persistent_fid, u64 volatile_fid, u32 pid, int info_class,
2856 unsigned int num, void **data, unsigned int *size)
2857 {
2858 struct smb2_set_info_req *req;
2859 struct smb2_set_info_rsp *rsp = NULL;
2860 struct kvec *iov;
2861 struct kvec rsp_iov;
2862 int rc = 0;
2863 int resp_buftype;
2864 unsigned int i;
2865 struct TCP_Server_Info *server;
2866 struct cifs_ses *ses = tcon->ses;
2867 int flags = 0;
2868
2869 if (ses && (ses->server))
2870 server = ses->server;
2871 else
2872 return -EIO;
2873
2874 if (!num)
2875 return -EINVAL;
2876
2877 iov = kmalloc(sizeof(struct kvec) * num, GFP_KERNEL);
2878 if (!iov)
2879 return -ENOMEM;
2880
2881 rc = small_smb2_init(SMB2_SET_INFO, tcon, (void **) &req);
2882 if (rc) {
2883 kfree(iov);
2884 return rc;
2885 }
2886
2887 if (encryption_required(tcon))
2888 flags |= CIFS_TRANSFORM_REQ;
2889
2890 req->hdr.sync_hdr.ProcessId = cpu_to_le32(pid);
2891
2892 req->InfoType = SMB2_O_INFO_FILE;
2893 req->FileInfoClass = info_class;
2894 req->PersistentFileId = persistent_fid;
2895 req->VolatileFileId = volatile_fid;
2896
2897 /* 4 for RFC1001 length and 1 for Buffer */
2898 req->BufferOffset =
2899 cpu_to_le16(sizeof(struct smb2_set_info_req) - 1 - 4);
2900 req->BufferLength = cpu_to_le32(*size);
2901
2902 inc_rfc1001_len(req, *size - 1 /* Buffer */);
2903
2904 memcpy(req->Buffer, *data, *size);
2905
2906 iov[0].iov_base = (char *)req;
2907 /* 4 for RFC1001 length */
2908 iov[0].iov_len = get_rfc1002_length(req) + 4;
2909
2910 for (i = 1; i < num; i++) {
2911 inc_rfc1001_len(req, size[i]);
2912 le32_add_cpu(&req->BufferLength, size[i]);
2913 iov[i].iov_base = (char *)data[i];
2914 iov[i].iov_len = size[i];
2915 }
2916
2917 rc = SendReceive2(xid, ses, iov, num, &resp_buftype, flags, &rsp_iov);
2918 cifs_small_buf_release(req);
2919 rsp = (struct smb2_set_info_rsp *)rsp_iov.iov_base;
2920
2921 if (rc != 0)
2922 cifs_stats_fail_inc(tcon, SMB2_SET_INFO_HE);
2923
2924 free_rsp_buf(resp_buftype, rsp);
2925 kfree(iov);
2926 return rc;
2927 }
2928
2929 int
2930 SMB2_rename(const unsigned int xid, struct cifs_tcon *tcon,
2931 u64 persistent_fid, u64 volatile_fid, __le16 *target_file)
2932 {
2933 struct smb2_file_rename_info info;
2934 void **data;
2935 unsigned int size[2];
2936 int rc;
2937 int len = (2 * UniStrnlen((wchar_t *)target_file, PATH_MAX));
2938
2939 data = kmalloc(sizeof(void *) * 2, GFP_KERNEL);
2940 if (!data)
2941 return -ENOMEM;
2942
2943 info.ReplaceIfExists = 1; /* 1 = replace existing target with new */
2944 /* 0 = fail if target already exists */
2945 info.RootDirectory = 0; /* MBZ for network ops (why does spec say?) */
2946 info.FileNameLength = cpu_to_le32(len);
2947
2948 data[0] = &info;
2949 size[0] = sizeof(struct smb2_file_rename_info);
2950
2951 data[1] = target_file;
2952 size[1] = len + 2 /* null */;
2953
2954 rc = send_set_info(xid, tcon, persistent_fid, volatile_fid,
2955 current->tgid, FILE_RENAME_INFORMATION, 2, data,
2956 size);
2957 kfree(data);
2958 return rc;
2959 }
2960
2961 int
2962 SMB2_rmdir(const unsigned int xid, struct cifs_tcon *tcon,
2963 u64 persistent_fid, u64 volatile_fid)
2964 {
2965 __u8 delete_pending = 1;
2966 void *data;
2967 unsigned int size;
2968
2969 data = &delete_pending;
2970 size = 1; /* sizeof __u8 */
2971
2972 return send_set_info(xid, tcon, persistent_fid, volatile_fid,
2973 current->tgid, FILE_DISPOSITION_INFORMATION, 1, &data,
2974 &size);
2975 }
2976
2977 int
2978 SMB2_set_hardlink(const unsigned int xid, struct cifs_tcon *tcon,
2979 u64 persistent_fid, u64 volatile_fid, __le16 *target_file)
2980 {
2981 struct smb2_file_link_info info;
2982 void **data;
2983 unsigned int size[2];
2984 int rc;
2985 int len = (2 * UniStrnlen((wchar_t *)target_file, PATH_MAX));
2986
2987 data = kmalloc(sizeof(void *) * 2, GFP_KERNEL);
2988 if (!data)
2989 return -ENOMEM;
2990
2991 info.ReplaceIfExists = 0; /* 1 = replace existing link with new */
2992 /* 0 = fail if link already exists */
2993 info.RootDirectory = 0; /* MBZ for network ops (why does spec say?) */
2994 info.FileNameLength = cpu_to_le32(len);
2995
2996 data[0] = &info;
2997 size[0] = sizeof(struct smb2_file_link_info);
2998
2999 data[1] = target_file;
3000 size[1] = len + 2 /* null */;
3001
3002 rc = send_set_info(xid, tcon, persistent_fid, volatile_fid,
3003 current->tgid, FILE_LINK_INFORMATION, 2, data, size);
3004 kfree(data);
3005 return rc;
3006 }
3007
3008 int
3009 SMB2_set_eof(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
3010 u64 volatile_fid, u32 pid, __le64 *eof, bool is_falloc)
3011 {
3012 struct smb2_file_eof_info info;
3013 void *data;
3014 unsigned int size;
3015
3016 info.EndOfFile = *eof;
3017
3018 data = &info;
3019 size = sizeof(struct smb2_file_eof_info);
3020
3021 if (is_falloc)
3022 return send_set_info(xid, tcon, persistent_fid, volatile_fid,
3023 pid, FILE_ALLOCATION_INFORMATION, 1, &data, &size);
3024 else
3025 return send_set_info(xid, tcon, persistent_fid, volatile_fid,
3026 pid, FILE_END_OF_FILE_INFORMATION, 1, &data, &size);
3027 }
3028
3029 int
3030 SMB2_set_info(const unsigned int xid, struct cifs_tcon *tcon,
3031 u64 persistent_fid, u64 volatile_fid, FILE_BASIC_INFO *buf)
3032 {
3033 unsigned int size;
3034 size = sizeof(FILE_BASIC_INFO);
3035 return send_set_info(xid, tcon, persistent_fid, volatile_fid,
3036 current->tgid, FILE_BASIC_INFORMATION, 1,
3037 (void **)&buf, &size);
3038 }
3039
3040 int
3041 SMB2_oplock_break(const unsigned int xid, struct cifs_tcon *tcon,
3042 const u64 persistent_fid, const u64 volatile_fid,
3043 __u8 oplock_level)
3044 {
3045 int rc;
3046 struct smb2_oplock_break *req = NULL;
3047 int flags = CIFS_OBREAK_OP;
3048
3049 cifs_dbg(FYI, "SMB2_oplock_break\n");
3050 rc = small_smb2_init(SMB2_OPLOCK_BREAK, tcon, (void **) &req);
3051 if (rc)
3052 return rc;
3053
3054 if (encryption_required(tcon))
3055 flags |= CIFS_TRANSFORM_REQ;
3056
3057 req->VolatileFid = volatile_fid;
3058 req->PersistentFid = persistent_fid;
3059 req->OplockLevel = oplock_level;
3060 req->hdr.sync_hdr.CreditRequest = cpu_to_le16(1);
3061
3062 rc = SendReceiveNoRsp(xid, tcon->ses, (char *) req, flags);
3063 cifs_small_buf_release(req);
3064
3065 if (rc) {
3066 cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE);
3067 cifs_dbg(FYI, "Send error in Oplock Break = %d\n", rc);
3068 }
3069
3070 return rc;
3071 }
3072
3073 static void
3074 copy_fs_info_to_kstatfs(struct smb2_fs_full_size_info *pfs_inf,
3075 struct kstatfs *kst)
3076 {
3077 kst->f_bsize = le32_to_cpu(pfs_inf->BytesPerSector) *
3078 le32_to_cpu(pfs_inf->SectorsPerAllocationUnit);
3079 kst->f_blocks = le64_to_cpu(pfs_inf->TotalAllocationUnits);
3080 kst->f_bfree = le64_to_cpu(pfs_inf->ActualAvailableAllocationUnits);
3081 kst->f_bavail = le64_to_cpu(pfs_inf->CallerAvailableAllocationUnits);
3082 return;
3083 }
3084
3085 static int
3086 build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon, int level,
3087 int outbuf_len, u64 persistent_fid, u64 volatile_fid)
3088 {
3089 int rc;
3090 struct smb2_query_info_req *req;
3091
3092 cifs_dbg(FYI, "Query FSInfo level %d\n", level);
3093
3094 if ((tcon->ses == NULL) || (tcon->ses->server == NULL))
3095 return -EIO;
3096
3097 rc = small_smb2_init(SMB2_QUERY_INFO, tcon, (void **) &req);
3098 if (rc)
3099 return rc;
3100
3101 req->InfoType = SMB2_O_INFO_FILESYSTEM;
3102 req->FileInfoClass = level;
3103 req->PersistentFileId = persistent_fid;
3104 req->VolatileFileId = volatile_fid;
3105 /* 4 for rfc1002 length field and 1 for pad */
3106 req->InputBufferOffset =
3107 cpu_to_le16(sizeof(struct smb2_query_info_req) - 1 - 4);
3108 req->OutputBufferLength = cpu_to_le32(
3109 outbuf_len + sizeof(struct smb2_query_info_rsp) - 1 - 4);
3110
3111 iov->iov_base = (char *)req;
3112 /* 4 for rfc1002 length field */
3113 iov->iov_len = get_rfc1002_length(req) + 4;
3114 return 0;
3115 }
3116
3117 int
3118 SMB2_QFS_info(const unsigned int xid, struct cifs_tcon *tcon,
3119 u64 persistent_fid, u64 volatile_fid, struct kstatfs *fsdata)
3120 {
3121 struct smb2_query_info_rsp *rsp = NULL;
3122 struct kvec iov;
3123 struct kvec rsp_iov;
3124 int rc = 0;
3125 int resp_buftype;
3126 struct cifs_ses *ses = tcon->ses;
3127 struct smb2_fs_full_size_info *info = NULL;
3128 int flags = 0;
3129
3130 rc = build_qfs_info_req(&iov, tcon, FS_FULL_SIZE_INFORMATION,
3131 sizeof(struct smb2_fs_full_size_info),
3132 persistent_fid, volatile_fid);
3133 if (rc)
3134 return rc;
3135
3136 if (encryption_required(tcon))
3137 flags |= CIFS_TRANSFORM_REQ;
3138
3139 rc = SendReceive2(xid, ses, &iov, 1, &resp_buftype, flags, &rsp_iov);
3140 cifs_small_buf_release(iov.iov_base);
3141 if (rc) {
3142 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
3143 goto qfsinf_exit;
3144 }
3145 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
3146
3147 info = (struct smb2_fs_full_size_info *)(4 /* RFC1001 len */ +
3148 le16_to_cpu(rsp->OutputBufferOffset) + (char *)&rsp->hdr);
3149 rc = validate_buf(le16_to_cpu(rsp->OutputBufferOffset),
3150 le32_to_cpu(rsp->OutputBufferLength), &rsp->hdr,
3151 sizeof(struct smb2_fs_full_size_info));
3152 if (!rc)
3153 copy_fs_info_to_kstatfs(info, fsdata);
3154
3155 qfsinf_exit:
3156 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
3157 return rc;
3158 }
3159
3160 int
3161 SMB2_QFS_attr(const unsigned int xid, struct cifs_tcon *tcon,
3162 u64 persistent_fid, u64 volatile_fid, int level)
3163 {
3164 struct smb2_query_info_rsp *rsp = NULL;
3165 struct kvec iov;
3166 struct kvec rsp_iov;
3167 int rc = 0;
3168 int resp_buftype, max_len, min_len;
3169 struct cifs_ses *ses = tcon->ses;
3170 unsigned int rsp_len, offset;
3171 int flags = 0;
3172
3173 if (level == FS_DEVICE_INFORMATION) {
3174 max_len = sizeof(FILE_SYSTEM_DEVICE_INFO);
3175 min_len = sizeof(FILE_SYSTEM_DEVICE_INFO);
3176 } else if (level == FS_ATTRIBUTE_INFORMATION) {
3177 max_len = sizeof(FILE_SYSTEM_ATTRIBUTE_INFO);
3178 min_len = MIN_FS_ATTR_INFO_SIZE;
3179 } else if (level == FS_SECTOR_SIZE_INFORMATION) {
3180 max_len = sizeof(struct smb3_fs_ss_info);
3181 min_len = sizeof(struct smb3_fs_ss_info);
3182 } else {
3183 cifs_dbg(FYI, "Invalid qfsinfo level %d\n", level);
3184 return -EINVAL;
3185 }
3186
3187 rc = build_qfs_info_req(&iov, tcon, level, max_len,
3188 persistent_fid, volatile_fid);
3189 if (rc)
3190 return rc;
3191
3192 if (encryption_required(tcon))
3193 flags |= CIFS_TRANSFORM_REQ;
3194
3195 rc = SendReceive2(xid, ses, &iov, 1, &resp_buftype, flags, &rsp_iov);
3196 cifs_small_buf_release(iov.iov_base);
3197 if (rc) {
3198 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
3199 goto qfsattr_exit;
3200 }
3201 rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
3202
3203 rsp_len = le32_to_cpu(rsp->OutputBufferLength);
3204 offset = le16_to_cpu(rsp->OutputBufferOffset);
3205 rc = validate_buf(offset, rsp_len, &rsp->hdr, min_len);
3206 if (rc)
3207 goto qfsattr_exit;
3208
3209 if (level == FS_ATTRIBUTE_INFORMATION)
3210 memcpy(&tcon->fsAttrInfo, 4 /* RFC1001 len */ + offset
3211 + (char *)&rsp->hdr, min_t(unsigned int,
3212 rsp_len, max_len));
3213 else if (level == FS_DEVICE_INFORMATION)
3214 memcpy(&tcon->fsDevInfo, 4 /* RFC1001 len */ + offset
3215 + (char *)&rsp->hdr, sizeof(FILE_SYSTEM_DEVICE_INFO));
3216 else if (level == FS_SECTOR_SIZE_INFORMATION) {
3217 struct smb3_fs_ss_info *ss_info = (struct smb3_fs_ss_info *)
3218 (4 /* RFC1001 len */ + offset + (char *)&rsp->hdr);
3219 tcon->ss_flags = le32_to_cpu(ss_info->Flags);
3220 tcon->perf_sector_size =
3221 le32_to_cpu(ss_info->PhysicalBytesPerSectorForPerf);
3222 }
3223
3224 qfsattr_exit:
3225 free_rsp_buf(resp_buftype, rsp_iov.iov_base);
3226 return rc;
3227 }
3228
3229 int
3230 smb2_lockv(const unsigned int xid, struct cifs_tcon *tcon,
3231 const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid,
3232 const __u32 num_lock, struct smb2_lock_element *buf)
3233 {
3234 int rc = 0;
3235 struct smb2_lock_req *req = NULL;
3236 struct kvec iov[2];
3237 struct kvec rsp_iov;
3238 int resp_buf_type;
3239 unsigned int count;
3240 int flags = CIFS_NO_RESP;
3241
3242 cifs_dbg(FYI, "smb2_lockv num lock %d\n", num_lock);
3243
3244 rc = small_smb2_init(SMB2_LOCK, tcon, (void **) &req);
3245 if (rc)
3246 return rc;
3247
3248 if (encryption_required(tcon))
3249 flags |= CIFS_TRANSFORM_REQ;
3250
3251 req->hdr.sync_hdr.ProcessId = cpu_to_le32(pid);
3252 req->LockCount = cpu_to_le16(num_lock);
3253
3254 req->PersistentFileId = persist_fid;
3255 req->VolatileFileId = volatile_fid;
3256
3257 count = num_lock * sizeof(struct smb2_lock_element);
3258 inc_rfc1001_len(req, count - sizeof(struct smb2_lock_element));
3259
3260 iov[0].iov_base = (char *)req;
3261 /* 4 for rfc1002 length field and count for all locks */
3262 iov[0].iov_len = get_rfc1002_length(req) + 4 - count;
3263 iov[1].iov_base = (char *)buf;
3264 iov[1].iov_len = count;
3265
3266 cifs_stats_inc(&tcon->stats.cifs_stats.num_locks);
3267 rc = SendReceive2(xid, tcon->ses, iov, 2, &resp_buf_type, flags,
3268 &rsp_iov);
3269 cifs_small_buf_release(req);
3270 if (rc) {
3271 cifs_dbg(FYI, "Send error in smb2_lockv = %d\n", rc);
3272 cifs_stats_fail_inc(tcon, SMB2_LOCK_HE);
3273 }
3274
3275 return rc;
3276 }
3277
3278 int
3279 SMB2_lock(const unsigned int xid, struct cifs_tcon *tcon,
3280 const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid,
3281 const __u64 length, const __u64 offset, const __u32 lock_flags,
3282 const bool wait)
3283 {
3284 struct smb2_lock_element lock;
3285
3286 lock.Offset = cpu_to_le64(offset);
3287 lock.Length = cpu_to_le64(length);
3288 lock.Flags = cpu_to_le32(lock_flags);
3289 if (!wait && lock_flags != SMB2_LOCKFLAG_UNLOCK)
3290 lock.Flags |= cpu_to_le32(SMB2_LOCKFLAG_FAIL_IMMEDIATELY);
3291
3292 return smb2_lockv(xid, tcon, persist_fid, volatile_fid, pid, 1, &lock);
3293 }
3294
3295 int
3296 SMB2_lease_break(const unsigned int xid, struct cifs_tcon *tcon,
3297 __u8 *lease_key, const __le32 lease_state)
3298 {
3299 int rc;
3300 struct smb2_lease_ack *req = NULL;
3301 int flags = CIFS_OBREAK_OP;
3302
3303 cifs_dbg(FYI, "SMB2_lease_break\n");
3304 rc = small_smb2_init(SMB2_OPLOCK_BREAK, tcon, (void **) &req);
3305 if (rc)
3306 return rc;
3307
3308 if (encryption_required(tcon))
3309 flags |= CIFS_TRANSFORM_REQ;
3310
3311 req->hdr.sync_hdr.CreditRequest = cpu_to_le16(1);
3312 req->StructureSize = cpu_to_le16(36);
3313 inc_rfc1001_len(req, 12);
3314
3315 memcpy(req->LeaseKey, lease_key, 16);
3316 req->LeaseState = lease_state;
3317
3318 rc = SendReceiveNoRsp(xid, tcon->ses, (char *) req, flags);
3319 cifs_small_buf_release(req);
3320
3321 if (rc) {
3322 cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE);
3323 cifs_dbg(FYI, "Send error in Lease Break = %d\n", rc);
3324 }
3325
3326 return rc;
3327 }
ubuntu-zesty-kernel mirror