1/* 2 * fs/cifs/misc.c 3 * 4 * Copyright (C) International Business Machines Corp., 2002,2008 5 * Author(s): Steve French (sfrench@us.ibm.com) 6 * 7 * This library is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU Lesser General Public License as published 9 * by the Free Software Foundation; either version 2.1 of the License, or 10 * (at your option) any later version. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 15 * the GNU Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public License 18 * along with this library; if not, write to the Free Software 19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 20 */ 21 22#include <linux/slab.h> 23#include <linux/ctype.h> 24#include <linux/mempool.h> 25#include <linux/vmalloc.h> 26#include "cifspdu.h" 27#include "cifsglob.h" 28#include "cifsproto.h" 29#include "cifs_debug.h" 30#include "smberr.h" 31#include "nterr.h" 32#include "cifs_unicode.h" 33#include "smb2pdu.h" 34#include "cifsfs.h" 35#ifdef CONFIG_CIFS_DFS_UPCALL 36#include "dns_resolve.h" 37#endif 38 39extern mempool_t *cifs_sm_req_poolp; 40extern mempool_t *cifs_req_poolp; 41 42/* The xid serves as a useful identifier for each incoming vfs request, 43 in a similar way to the mid which is useful to track each sent smb, 44 and CurrentXid can also provide a running counter (although it 45 will eventually wrap past zero) of the total vfs operations handled 46 since the cifs fs was mounted */ 47 48unsigned int 49_get_xid(void) 50{ 51 unsigned int xid; 52 53 spin_lock(&GlobalMid_Lock); 54 GlobalTotalActiveXid++; 55 56 /* keep high water mark for number of simultaneous ops in filesystem */ 57 if (GlobalTotalActiveXid > GlobalMaxActiveXid) 58 GlobalMaxActiveXid = GlobalTotalActiveXid; 59 if (GlobalTotalActiveXid > 65000) 60 cifs_dbg(FYI, "warning: more than 65000 requests active\n"); 61 xid = GlobalCurrentXid++; 62 spin_unlock(&GlobalMid_Lock); 63 return xid; 64} 65 66void 67_free_xid(unsigned int xid) 68{ 69 spin_lock(&GlobalMid_Lock); 70 /* if (GlobalTotalActiveXid == 0) 71 BUG(); */ 72 GlobalTotalActiveXid--; 73 spin_unlock(&GlobalMid_Lock); 74} 75 76struct cifs_ses * 77sesInfoAlloc(void) 78{ 79 struct cifs_ses *ret_buf; 80 81 ret_buf = kzalloc(sizeof(struct cifs_ses), GFP_KERNEL); 82 if (ret_buf) { 83 atomic_inc(&sesInfoAllocCount); 84 ret_buf->status = CifsNew; 85 ++ret_buf->ses_count; 86 INIT_LIST_HEAD(&ret_buf->smb_ses_list); 87 INIT_LIST_HEAD(&ret_buf->tcon_list); 88 mutex_init(&ret_buf->session_mutex); 89 spin_lock_init(&ret_buf->iface_lock); 90 } 91 return ret_buf; 92} 93 94void 95sesInfoFree(struct cifs_ses *buf_to_free) 96{ 97 if (buf_to_free == NULL) { 98 cifs_dbg(FYI, "Null buffer passed to sesInfoFree\n"); 99 return; 100 } 101 102 atomic_dec(&sesInfoAllocCount); 103 kfree(buf_to_free->serverOS); 104 kfree(buf_to_free->serverDomain); 105 kfree(buf_to_free->serverNOS); 106 kfree_sensitive(buf_to_free->password); 107 kfree(buf_to_free->user_name); 108 kfree(buf_to_free->domainName); 109 kfree_sensitive(buf_to_free->auth_key.response); 110 kfree(buf_to_free->iface_list); 111 kfree_sensitive(buf_to_free); 112} 113 114struct cifs_tcon * 115tconInfoAlloc(void) 116{ 117 struct cifs_tcon *ret_buf; 118 119 ret_buf = kzalloc(sizeof(*ret_buf), GFP_KERNEL); 120 if (!ret_buf) 121 return NULL; 122 ret_buf->crfid.fid = kzalloc(sizeof(*ret_buf->crfid.fid), GFP_KERNEL); 123 if (!ret_buf->crfid.fid) { 124 kfree(ret_buf); 125 return NULL; 126 } 127 128 atomic_inc(&tconInfoAllocCount); 129 ret_buf->tidStatus = CifsNew; 130 ++ret_buf->tc_count; 131 INIT_LIST_HEAD(&ret_buf->openFileList); 132 INIT_LIST_HEAD(&ret_buf->tcon_list); 133 spin_lock_init(&ret_buf->open_file_lock); 134 mutex_init(&ret_buf->crfid.fid_mutex); 135 spin_lock_init(&ret_buf->stat_lock); 136 atomic_set(&ret_buf->num_local_opens, 0); 137 atomic_set(&ret_buf->num_remote_opens, 0); 138 139 return ret_buf; 140} 141 142void 143tconInfoFree(struct cifs_tcon *buf_to_free) 144{ 145 if (buf_to_free == NULL) { 146 cifs_dbg(FYI, "Null buffer passed to tconInfoFree\n"); 147 return; 148 } 149 atomic_dec(&tconInfoAllocCount); 150 kfree(buf_to_free->nativeFileSystem); 151 kfree_sensitive(buf_to_free->password); 152 kfree(buf_to_free->crfid.fid); 153#ifdef CONFIG_CIFS_DFS_UPCALL 154 kfree(buf_to_free->dfs_path); 155#endif 156 kfree(buf_to_free); 157} 158 159struct smb_hdr * 160cifs_buf_get(void) 161{ 162 struct smb_hdr *ret_buf = NULL; 163 /* 164 * SMB2 header is bigger than CIFS one - no problems to clean some 165 * more bytes for CIFS. 166 */ 167 size_t buf_size = sizeof(struct smb2_sync_hdr); 168 169 /* 170 * We could use negotiated size instead of max_msgsize - 171 * but it may be more efficient to always alloc same size 172 * albeit slightly larger than necessary and maxbuffersize 173 * defaults to this and can not be bigger. 174 */ 175 ret_buf = mempool_alloc(cifs_req_poolp, GFP_NOFS); 176 177 /* clear the first few header bytes */ 178 /* for most paths, more is cleared in header_assemble */ 179 memset(ret_buf, 0, buf_size + 3); 180 atomic_inc(&bufAllocCount); 181#ifdef CONFIG_CIFS_STATS2 182 atomic_inc(&totBufAllocCount); 183#endif /* CONFIG_CIFS_STATS2 */ 184 185 return ret_buf; 186} 187 188void 189cifs_buf_release(void *buf_to_free) 190{ 191 if (buf_to_free == NULL) { 192 /* cifs_dbg(FYI, "Null buffer passed to cifs_buf_release\n");*/ 193 return; 194 } 195 mempool_free(buf_to_free, cifs_req_poolp); 196 197 atomic_dec(&bufAllocCount); 198 return; 199} 200 201struct smb_hdr * 202cifs_small_buf_get(void) 203{ 204 struct smb_hdr *ret_buf = NULL; 205 206/* We could use negotiated size instead of max_msgsize - 207 but it may be more efficient to always alloc same size 208 albeit slightly larger than necessary and maxbuffersize 209 defaults to this and can not be bigger */ 210 ret_buf = mempool_alloc(cifs_sm_req_poolp, GFP_NOFS); 211 /* No need to clear memory here, cleared in header assemble */ 212 /* memset(ret_buf, 0, sizeof(struct smb_hdr) + 27);*/ 213 atomic_inc(&smBufAllocCount); 214#ifdef CONFIG_CIFS_STATS2 215 atomic_inc(&totSmBufAllocCount); 216#endif /* CONFIG_CIFS_STATS2 */ 217 218 return ret_buf; 219} 220 221void 222cifs_small_buf_release(void *buf_to_free) 223{ 224 225 if (buf_to_free == NULL) { 226 cifs_dbg(FYI, "Null buffer passed to cifs_small_buf_release\n"); 227 return; 228 } 229 mempool_free(buf_to_free, cifs_sm_req_poolp); 230 231 atomic_dec(&smBufAllocCount); 232 return; 233} 234 235void 236free_rsp_buf(int resp_buftype, void *rsp) 237{ 238 if (resp_buftype == CIFS_SMALL_BUFFER) 239 cifs_small_buf_release(rsp); 240 else if (resp_buftype == CIFS_LARGE_BUFFER) 241 cifs_buf_release(rsp); 242} 243 244/* NB: MID can not be set if treeCon not passed in, in that 245 case it is responsbility of caller to set the mid */ 246void 247header_assemble(struct smb_hdr *buffer, char smb_command /* command */ , 248 const struct cifs_tcon *treeCon, int word_count 249 /* length of fixed section (word count) in two byte units */) 250{ 251 char *temp = (char *) buffer; 252 253 memset(temp, 0, 256); /* bigger than MAX_CIFS_HDR_SIZE */ 254 255 buffer->smb_buf_length = cpu_to_be32( 256 (2 * word_count) + sizeof(struct smb_hdr) - 257 4 /* RFC 1001 length field does not count */ + 258 2 /* for bcc field itself */) ; 259 260 buffer->Protocol[0] = 0xFF; 261 buffer->Protocol[1] = 'S'; 262 buffer->Protocol[2] = 'M'; 263 buffer->Protocol[3] = 'B'; 264 buffer->Command = smb_command; 265 buffer->Flags = 0x00; /* case sensitive */ 266 buffer->Flags2 = SMBFLG2_KNOWS_LONG_NAMES; 267 buffer->Pid = cpu_to_le16((__u16)current->tgid); 268 buffer->PidHigh = cpu_to_le16((__u16)(current->tgid >> 16)); 269 if (treeCon) { 270 buffer->Tid = treeCon->tid; 271 if (treeCon->ses) { 272 if (treeCon->ses->capabilities & CAP_UNICODE) 273 buffer->Flags2 |= SMBFLG2_UNICODE; 274 if (treeCon->ses->capabilities & CAP_STATUS32) 275 buffer->Flags2 |= SMBFLG2_ERR_STATUS; 276 277 /* Uid is not converted */ 278 buffer->Uid = treeCon->ses->Suid; 279 buffer->Mid = get_next_mid(treeCon->ses->server); 280 } 281 if (treeCon->Flags & SMB_SHARE_IS_IN_DFS) 282 buffer->Flags2 |= SMBFLG2_DFS; 283 if (treeCon->nocase) 284 buffer->Flags |= SMBFLG_CASELESS; 285 if ((treeCon->ses) && (treeCon->ses->server)) 286 if (treeCon->ses->server->sign) 287 buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE; 288 } 289 290/* endian conversion of flags is now done just before sending */ 291 buffer->WordCount = (char) word_count; 292 return; 293} 294 295static int 296check_smb_hdr(struct smb_hdr *smb) 297{ 298 /* does it have the right SMB "signature" ? */ 299 if (*(__le32 *) smb->Protocol != cpu_to_le32(0x424d53ff)) { 300 cifs_dbg(VFS, "Bad protocol string signature header 0x%x\n", 301 *(unsigned int *)smb->Protocol); 302 return 1; 303 } 304 305 /* if it's a response then accept */ 306 if (smb->Flags & SMBFLG_RESPONSE) 307 return 0; 308 309 /* only one valid case where server sends us request */ 310 if (smb->Command == SMB_COM_LOCKING_ANDX) 311 return 0; 312 313 cifs_dbg(VFS, "Server sent request, not response. mid=%u\n", 314 get_mid(smb)); 315 return 1; 316} 317 318int 319checkSMB(char *buf, unsigned int total_read, struct TCP_Server_Info *server) 320{ 321 struct smb_hdr *smb = (struct smb_hdr *)buf; 322 __u32 rfclen = be32_to_cpu(smb->smb_buf_length); 323 __u32 clc_len; /* calculated length */ 324 cifs_dbg(FYI, "checkSMB Length: 0x%x, smb_buf_length: 0x%x\n", 325 total_read, rfclen); 326 327 /* is this frame too small to even get to a BCC? */ 328 if (total_read < 2 + sizeof(struct smb_hdr)) { 329 if ((total_read >= sizeof(struct smb_hdr) - 1) 330 && (smb->Status.CifsError != 0)) { 331 /* it's an error return */ 332 smb->WordCount = 0; 333 /* some error cases do not return wct and bcc */ 334 return 0; 335 } else if ((total_read == sizeof(struct smb_hdr) + 1) && 336 (smb->WordCount == 0)) { 337 char *tmp = (char *)smb; 338 /* Need to work around a bug in two servers here */ 339 /* First, check if the part of bcc they sent was zero */ 340 if (tmp[sizeof(struct smb_hdr)] == 0) { 341 /* some servers return only half of bcc 342 * on simple responses (wct, bcc both zero) 343 * in particular have seen this on 344 * ulogoffX and FindClose. This leaves 345 * one byte of bcc potentially unitialized 346 */ 347 /* zero rest of bcc */ 348 tmp[sizeof(struct smb_hdr)+1] = 0; 349 return 0; 350 } 351 cifs_dbg(VFS, "rcvd invalid byte count (bcc)\n"); 352 } else { 353 cifs_dbg(VFS, "Length less than smb header size\n"); 354 } 355 return -EIO; 356 } else if (total_read < sizeof(*smb) + 2 * smb->WordCount) { 357 cifs_dbg(VFS, "%s: can't read BCC due to invalid WordCount(%u)\n", 358 __func__, smb->WordCount); 359 return -EIO; 360 } 361 362 /* otherwise, there is enough to get to the BCC */ 363 if (check_smb_hdr(smb)) 364 return -EIO; 365 clc_len = smbCalcSize(smb, server); 366 367 if (4 + rfclen != total_read) { 368 cifs_dbg(VFS, "Length read does not match RFC1001 length %d\n", 369 rfclen); 370 return -EIO; 371 } 372 373 if (4 + rfclen != clc_len) { 374 __u16 mid = get_mid(smb); 375 /* check if bcc wrapped around for large read responses */ 376 if ((rfclen > 64 * 1024) && (rfclen > clc_len)) { 377 /* check if lengths match mod 64K */ 378 if (((4 + rfclen) & 0xFFFF) == (clc_len & 0xFFFF)) 379 return 0; /* bcc wrapped */ 380 } 381 cifs_dbg(FYI, "Calculated size %u vs length %u mismatch for mid=%u\n", 382 clc_len, 4 + rfclen, mid); 383 384 if (4 + rfclen < clc_len) { 385 cifs_dbg(VFS, "RFC1001 size %u smaller than SMB for mid=%u\n", 386 rfclen, mid); 387 return -EIO; 388 } else if (rfclen > clc_len + 512) { 389 /* 390 * Some servers (Windows XP in particular) send more 391 * data than the lengths in the SMB packet would 392 * indicate on certain calls (byte range locks and 393 * trans2 find first calls in particular). While the 394 * client can handle such a frame by ignoring the 395 * trailing data, we choose limit the amount of extra 396 * data to 512 bytes. 397 */ 398 cifs_dbg(VFS, "RFC1001 size %u more than 512 bytes larger than SMB for mid=%u\n", 399 rfclen, mid); 400 return -EIO; 401 } 402 } 403 return 0; 404} 405 406bool 407is_valid_oplock_break(char *buffer, struct TCP_Server_Info *srv) 408{ 409 struct smb_hdr *buf = (struct smb_hdr *)buffer; 410 struct smb_com_lock_req *pSMB = (struct smb_com_lock_req *)buf; 411 struct list_head *tmp, *tmp1, *tmp2; 412 struct cifs_ses *ses; 413 struct cifs_tcon *tcon; 414 struct cifsInodeInfo *pCifsInode; 415 struct cifsFileInfo *netfile; 416 417 cifs_dbg(FYI, "Checking for oplock break or dnotify response\n"); 418 if ((pSMB->hdr.Command == SMB_COM_NT_TRANSACT) && 419 (pSMB->hdr.Flags & SMBFLG_RESPONSE)) { 420 struct smb_com_transaction_change_notify_rsp *pSMBr = 421 (struct smb_com_transaction_change_notify_rsp *)buf; 422 struct file_notify_information *pnotify; 423 __u32 data_offset = 0; 424 size_t len = srv->total_read - sizeof(pSMBr->hdr.smb_buf_length); 425 426 if (get_bcc(buf) > sizeof(struct file_notify_information)) { 427 data_offset = le32_to_cpu(pSMBr->DataOffset); 428 429 if (data_offset > 430 len - sizeof(struct file_notify_information)) { 431 cifs_dbg(FYI, "Invalid data_offset %u\n", 432 data_offset); 433 return true; 434 } 435 pnotify = (struct file_notify_information *) 436 ((char *)&pSMBr->hdr.Protocol + data_offset); 437 cifs_dbg(FYI, "dnotify on %s Action: 0x%x\n", 438 pnotify->FileName, pnotify->Action); 439 /* cifs_dump_mem("Rcvd notify Data: ",buf, 440 sizeof(struct smb_hdr)+60); */ 441 return true; 442 } 443 if (pSMBr->hdr.Status.CifsError) { 444 cifs_dbg(FYI, "notify err 0x%x\n", 445 pSMBr->hdr.Status.CifsError); 446 return true; 447 } 448 return false; 449 } 450 if (pSMB->hdr.Command != SMB_COM_LOCKING_ANDX) 451 return false; 452 if (pSMB->hdr.Flags & SMBFLG_RESPONSE) { 453 /* no sense logging error on invalid handle on oplock 454 break - harmless race between close request and oplock 455 break response is expected from time to time writing out 456 large dirty files cached on the client */ 457 if ((NT_STATUS_INVALID_HANDLE) == 458 le32_to_cpu(pSMB->hdr.Status.CifsError)) { 459 cifs_dbg(FYI, "Invalid handle on oplock break\n"); 460 return true; 461 } else if (ERRbadfid == 462 le16_to_cpu(pSMB->hdr.Status.DosError.Error)) { 463 return true; 464 } else { 465 return false; /* on valid oplock brk we get "request" */ 466 } 467 } 468 if (pSMB->hdr.WordCount != 8) 469 return false; 470 471 cifs_dbg(FYI, "oplock type 0x%x level 0x%x\n", 472 pSMB->LockType, pSMB->OplockLevel); 473 if (!(pSMB->LockType & LOCKING_ANDX_OPLOCK_RELEASE)) 474 return false; 475 476 /* look up tcon based on tid & uid */ 477 spin_lock(&cifs_tcp_ses_lock); 478 list_for_each(tmp, &srv->smb_ses_list) { 479 ses = list_entry(tmp, struct cifs_ses, smb_ses_list); 480 list_for_each(tmp1, &ses->tcon_list) { 481 tcon = list_entry(tmp1, struct cifs_tcon, tcon_list); 482 if (tcon->tid != buf->Tid) 483 continue; 484 485 cifs_stats_inc(&tcon->stats.cifs_stats.num_oplock_brks); 486 spin_lock(&tcon->open_file_lock); 487 list_for_each(tmp2, &tcon->openFileList) { 488 netfile = list_entry(tmp2, struct cifsFileInfo, 489 tlist); 490 if (pSMB->Fid != netfile->fid.netfid) 491 continue; 492 493 cifs_dbg(FYI, "file id match, oplock break\n"); 494 pCifsInode = CIFS_I(d_inode(netfile->dentry)); 495 496 set_bit(CIFS_INODE_PENDING_OPLOCK_BREAK, 497 &pCifsInode->flags); 498 499 netfile->oplock_epoch = 0; 500 netfile->oplock_level = pSMB->OplockLevel; 501 netfile->oplock_break_cancelled = false; 502 cifs_queue_oplock_break(netfile); 503 504 spin_unlock(&tcon->open_file_lock); 505 spin_unlock(&cifs_tcp_ses_lock); 506 return true; 507 } 508 spin_unlock(&tcon->open_file_lock); 509 spin_unlock(&cifs_tcp_ses_lock); 510 cifs_dbg(FYI, "No matching file for oplock break\n"); 511 return true; 512 } 513 } 514 spin_unlock(&cifs_tcp_ses_lock); 515 cifs_dbg(FYI, "Can not process oplock break for non-existent connection\n"); 516 return true; 517} 518 519void 520dump_smb(void *buf, int smb_buf_length) 521{ 522 if (traceSMB == 0) 523 return; 524 525 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_NONE, 8, 2, buf, 526 smb_buf_length, true); 527} 528 529void 530cifs_autodisable_serverino(struct cifs_sb_info *cifs_sb) 531{ 532 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SERVER_INUM) { 533 struct cifs_tcon *tcon = NULL; 534 535 if (cifs_sb->master_tlink) 536 tcon = cifs_sb_master_tcon(cifs_sb); 537 538 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_SERVER_INUM; 539 cifs_sb->mnt_cifs_serverino_autodisabled = true; 540 cifs_dbg(VFS, "Autodisabling the use of server inode numbers on %s\n", 541 tcon ? tcon->treeName : "new server"); 542 cifs_dbg(VFS, "The server doesn't seem to support them properly or the files might be on different servers (DFS)\n"); 543 cifs_dbg(VFS, "Hardlinks will not be recognized on this mount. Consider mounting with the \"noserverino\" option to silence this message.\n"); 544 545 } 546} 547 548void cifs_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock) 549{ 550 oplock &= 0xF; 551 552 if (oplock == OPLOCK_EXCLUSIVE) { 553 cinode->oplock = CIFS_CACHE_WRITE_FLG | CIFS_CACHE_READ_FLG; 554 cifs_dbg(FYI, "Exclusive Oplock granted on inode %p\n", 555 &cinode->vfs_inode); 556 } else if (oplock == OPLOCK_READ) { 557 cinode->oplock = CIFS_CACHE_READ_FLG; 558 cifs_dbg(FYI, "Level II Oplock granted on inode %p\n", 559 &cinode->vfs_inode); 560 } else 561 cinode->oplock = 0; 562} 563 564/* 565 * We wait for oplock breaks to be processed before we attempt to perform 566 * writes. 567 */ 568int cifs_get_writer(struct cifsInodeInfo *cinode) 569{ 570 int rc; 571 572start: 573 rc = wait_on_bit(&cinode->flags, CIFS_INODE_PENDING_OPLOCK_BREAK, 574 TASK_KILLABLE); 575 if (rc) 576 return rc; 577 578 spin_lock(&cinode->writers_lock); 579 if (!cinode->writers) 580 set_bit(CIFS_INODE_PENDING_WRITERS, &cinode->flags); 581 cinode->writers++; 582 /* Check to see if we have started servicing an oplock break */ 583 if (test_bit(CIFS_INODE_PENDING_OPLOCK_BREAK, &cinode->flags)) { 584 cinode->writers--; 585 if (cinode->writers == 0) { 586 clear_bit(CIFS_INODE_PENDING_WRITERS, &cinode->flags); 587 wake_up_bit(&cinode->flags, CIFS_INODE_PENDING_WRITERS); 588 } 589 spin_unlock(&cinode->writers_lock); 590 goto start; 591 } 592 spin_unlock(&cinode->writers_lock); 593 return 0; 594} 595 596void cifs_put_writer(struct cifsInodeInfo *cinode) 597{ 598 spin_lock(&cinode->writers_lock); 599 cinode->writers--; 600 if (cinode->writers == 0) { 601 clear_bit(CIFS_INODE_PENDING_WRITERS, &cinode->flags); 602 wake_up_bit(&cinode->flags, CIFS_INODE_PENDING_WRITERS); 603 } 604 spin_unlock(&cinode->writers_lock); 605} 606 607/** 608 * cifs_queue_oplock_break - queue the oplock break handler for cfile 609 * 610 * This function is called from the demultiplex thread when it 611 * receives an oplock break for @cfile. 612 * 613 * Assumes the tcon->open_file_lock is held. 614 * Assumes cfile->file_info_lock is NOT held. 615 */ 616void cifs_queue_oplock_break(struct cifsFileInfo *cfile) 617{ 618 /* 619 * Bump the handle refcount now while we hold the 620 * open_file_lock to enforce the validity of it for the oplock 621 * break handler. The matching put is done at the end of the 622 * handler. 623 */ 624 cifsFileInfo_get(cfile); 625 626 queue_work(cifsoplockd_wq, &cfile->oplock_break); 627} 628 629void cifs_done_oplock_break(struct cifsInodeInfo *cinode) 630{ 631 clear_bit(CIFS_INODE_PENDING_OPLOCK_BREAK, &cinode->flags); 632 wake_up_bit(&cinode->flags, CIFS_INODE_PENDING_OPLOCK_BREAK); 633} 634 635bool 636backup_cred(struct cifs_sb_info *cifs_sb) 637{ 638 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_BACKUPUID) { 639 if (uid_eq(cifs_sb->mnt_backupuid, current_fsuid())) 640 return true; 641 } 642 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_BACKUPGID) { 643 if (in_group_p(cifs_sb->mnt_backupgid)) 644 return true; 645 } 646 647 return false; 648} 649 650void 651cifs_del_pending_open(struct cifs_pending_open *open) 652{ 653 spin_lock(&tlink_tcon(open->tlink)->open_file_lock); 654 list_del(&open->olist); 655 spin_unlock(&tlink_tcon(open->tlink)->open_file_lock); 656} 657 658void 659cifs_add_pending_open_locked(struct cifs_fid *fid, struct tcon_link *tlink, 660 struct cifs_pending_open *open) 661{ 662 memcpy(open->lease_key, fid->lease_key, SMB2_LEASE_KEY_SIZE); 663 open->oplock = CIFS_OPLOCK_NO_CHANGE; 664 open->tlink = tlink; 665 fid->pending_open = open; 666 list_add_tail(&open->olist, &tlink_tcon(tlink)->pending_opens); 667} 668 669void 670cifs_add_pending_open(struct cifs_fid *fid, struct tcon_link *tlink, 671 struct cifs_pending_open *open) 672{ 673 spin_lock(&tlink_tcon(tlink)->open_file_lock); 674 cifs_add_pending_open_locked(fid, tlink, open); 675 spin_unlock(&tlink_tcon(open->tlink)->open_file_lock); 676} 677 678/* parses DFS refferal V3 structure 679 * caller is responsible for freeing target_nodes 680 * returns: 681 * - on success - 0 682 * - on failure - errno 683 */ 684int 685parse_dfs_referrals(struct get_dfs_referral_rsp *rsp, u32 rsp_size, 686 unsigned int *num_of_nodes, 687 struct dfs_info3_param **target_nodes, 688 const struct nls_table *nls_codepage, int remap, 689 const char *searchName, bool is_unicode) 690{ 691 int i, rc = 0; 692 char *data_end; 693 struct dfs_referral_level_3 *ref; 694 695 *num_of_nodes = le16_to_cpu(rsp->NumberOfReferrals); 696 697 if (*num_of_nodes < 1) { 698 cifs_dbg(VFS, "num_referrals: must be at least > 0, but we get num_referrals = %d\n", 699 *num_of_nodes); 700 rc = -EINVAL; 701 goto parse_DFS_referrals_exit; 702 } 703 704 ref = (struct dfs_referral_level_3 *) &(rsp->referrals); 705 if (ref->VersionNumber != cpu_to_le16(3)) { 706 cifs_dbg(VFS, "Referrals of V%d version are not supported, should be V3\n", 707 le16_to_cpu(ref->VersionNumber)); 708 rc = -EINVAL; 709 goto parse_DFS_referrals_exit; 710 } 711 712 /* get the upper boundary of the resp buffer */ 713 data_end = (char *)rsp + rsp_size; 714 715 cifs_dbg(FYI, "num_referrals: %d dfs flags: 0x%x ...\n", 716 *num_of_nodes, le32_to_cpu(rsp->DFSFlags)); 717 718 *target_nodes = kcalloc(*num_of_nodes, sizeof(struct dfs_info3_param), 719 GFP_KERNEL); 720 if (*target_nodes == NULL) { 721 rc = -ENOMEM; 722 goto parse_DFS_referrals_exit; 723 } 724 725 /* collect necessary data from referrals */ 726 for (i = 0; i < *num_of_nodes; i++) { 727 char *temp; 728 int max_len; 729 struct dfs_info3_param *node = (*target_nodes)+i; 730 731 node->flags = le32_to_cpu(rsp->DFSFlags); 732 if (is_unicode) { 733 __le16 *tmp = kmalloc(strlen(searchName)*2 + 2, 734 GFP_KERNEL); 735 if (tmp == NULL) { 736 rc = -ENOMEM; 737 goto parse_DFS_referrals_exit; 738 } 739 cifsConvertToUTF16((__le16 *) tmp, searchName, 740 PATH_MAX, nls_codepage, remap); 741 node->path_consumed = cifs_utf16_bytes(tmp, 742 le16_to_cpu(rsp->PathConsumed), 743 nls_codepage); 744 kfree(tmp); 745 } else 746 node->path_consumed = le16_to_cpu(rsp->PathConsumed); 747 748 node->server_type = le16_to_cpu(ref->ServerType); 749 node->ref_flag = le16_to_cpu(ref->ReferralEntryFlags); 750 751 /* copy DfsPath */ 752 temp = (char *)ref + le16_to_cpu(ref->DfsPathOffset); 753 max_len = data_end - temp; 754 node->path_name = cifs_strndup_from_utf16(temp, max_len, 755 is_unicode, nls_codepage); 756 if (!node->path_name) { 757 rc = -ENOMEM; 758 goto parse_DFS_referrals_exit; 759 } 760 761 /* copy link target UNC */ 762 temp = (char *)ref + le16_to_cpu(ref->NetworkAddressOffset); 763 max_len = data_end - temp; 764 node->node_name = cifs_strndup_from_utf16(temp, max_len, 765 is_unicode, nls_codepage); 766 if (!node->node_name) { 767 rc = -ENOMEM; 768 goto parse_DFS_referrals_exit; 769 } 770 771 node->ttl = le32_to_cpu(ref->TimeToLive); 772 773 ref++; 774 } 775 776parse_DFS_referrals_exit: 777 if (rc) { 778 free_dfs_info_array(*target_nodes, *num_of_nodes); 779 *target_nodes = NULL; 780 *num_of_nodes = 0; 781 } 782 return rc; 783} 784 785struct cifs_aio_ctx * 786cifs_aio_ctx_alloc(void) 787{ 788 struct cifs_aio_ctx *ctx; 789 790 /* 791 * Must use kzalloc to initialize ctx->bv to NULL and ctx->direct_io 792 * to false so that we know when we have to unreference pages within 793 * cifs_aio_ctx_release() 794 */ 795 ctx = kzalloc(sizeof(struct cifs_aio_ctx), GFP_KERNEL); 796 if (!ctx) 797 return NULL; 798 799 INIT_LIST_HEAD(&ctx->list); 800 mutex_init(&ctx->aio_mutex); 801 init_completion(&ctx->done); 802 kref_init(&ctx->refcount); 803 return ctx; 804} 805 806void 807cifs_aio_ctx_release(struct kref *refcount) 808{ 809 struct cifs_aio_ctx *ctx = container_of(refcount, 810 struct cifs_aio_ctx, refcount); 811 812 cifsFileInfo_put(ctx->cfile); 813 814 /* 815 * ctx->bv is only set if setup_aio_ctx_iter() was call successfuly 816 * which means that iov_iter_get_pages() was a success and thus that 817 * we have taken reference on pages. 818 */ 819 if (ctx->bv) { 820 unsigned i; 821 822 for (i = 0; i < ctx->npages; i++) { 823 if (ctx->should_dirty) 824 set_page_dirty(ctx->bv[i].bv_page); 825 put_page(ctx->bv[i].bv_page); 826 } 827 kvfree(ctx->bv); 828 } 829 830 kfree(ctx); 831} 832 833#define CIFS_AIO_KMALLOC_LIMIT (1024 * 1024) 834 835int 836setup_aio_ctx_iter(struct cifs_aio_ctx *ctx, struct iov_iter *iter, int rw) 837{ 838 ssize_t rc; 839 unsigned int cur_npages; 840 unsigned int npages = 0; 841 unsigned int i; 842 size_t len; 843 size_t count = iov_iter_count(iter); 844 unsigned int saved_len; 845 size_t start; 846 unsigned int max_pages = iov_iter_npages(iter, INT_MAX); 847 struct page **pages = NULL; 848 struct bio_vec *bv = NULL; 849 850 if (iov_iter_is_kvec(iter)) { 851 memcpy(&ctx->iter, iter, sizeof(*iter)); 852 ctx->len = count; 853 iov_iter_advance(iter, count); 854 return 0; 855 } 856 857 if (array_size(max_pages, sizeof(*bv)) <= CIFS_AIO_KMALLOC_LIMIT) 858 bv = kmalloc_array(max_pages, sizeof(*bv), GFP_KERNEL); 859 860 if (!bv) { 861 bv = vmalloc(array_size(max_pages, sizeof(*bv))); 862 if (!bv) 863 return -ENOMEM; 864 } 865 866 if (array_size(max_pages, sizeof(*pages)) <= CIFS_AIO_KMALLOC_LIMIT) 867 pages = kmalloc_array(max_pages, sizeof(*pages), GFP_KERNEL); 868 869 if (!pages) { 870 pages = vmalloc(array_size(max_pages, sizeof(*pages))); 871 if (!pages) { 872 kvfree(bv); 873 return -ENOMEM; 874 } 875 } 876 877 saved_len = count; 878 879 while (count && npages < max_pages) { 880 rc = iov_iter_get_pages(iter, pages, count, max_pages, &start); 881 if (rc < 0) { 882 cifs_dbg(VFS, "Couldn't get user pages (rc=%zd)\n", rc); 883 break; 884 } 885 886 if (rc > count) { 887 cifs_dbg(VFS, "get pages rc=%zd more than %zu\n", rc, 888 count); 889 break; 890 } 891 892 iov_iter_advance(iter, rc); 893 count -= rc; 894 rc += start; 895 cur_npages = DIV_ROUND_UP(rc, PAGE_SIZE); 896 897 if (npages + cur_npages > max_pages) { 898 cifs_dbg(VFS, "out of vec array capacity (%u vs %u)\n", 899 npages + cur_npages, max_pages); 900 break; 901 } 902 903 for (i = 0; i < cur_npages; i++) { 904 len = rc > PAGE_SIZE ? PAGE_SIZE : rc; 905 bv[npages + i].bv_page = pages[i]; 906 bv[npages + i].bv_offset = start; 907 bv[npages + i].bv_len = len - start; 908 rc -= len; 909 start = 0; 910 } 911 912 npages += cur_npages; 913 } 914 915 kvfree(pages); 916 ctx->bv = bv; 917 ctx->len = saved_len - count; 918 ctx->npages = npages; 919 iov_iter_bvec(&ctx->iter, rw, ctx->bv, npages, ctx->len); 920 return 0; 921} 922 923/** 924 * cifs_alloc_hash - allocate hash and hash context together 925 * 926 * The caller has to make sure @sdesc is initialized to either NULL or 927 * a valid context. Both can be freed via cifs_free_hash(). 928 */ 929int 930cifs_alloc_hash(const char *name, 931 struct crypto_shash **shash, struct sdesc **sdesc) 932{ 933 int rc = 0; 934 size_t size; 935 936 if (*sdesc != NULL) 937 return 0; 938 939 *shash = crypto_alloc_shash(name, 0, 0); 940 if (IS_ERR(*shash)) { 941 cifs_dbg(VFS, "Could not allocate crypto %s\n", name); 942 rc = PTR_ERR(*shash); 943 *shash = NULL; 944 *sdesc = NULL; 945 return rc; 946 } 947 948 size = sizeof(struct shash_desc) + crypto_shash_descsize(*shash); 949 *sdesc = kmalloc(size, GFP_KERNEL); 950 if (*sdesc == NULL) { 951 cifs_dbg(VFS, "no memory left to allocate crypto %s\n", name); 952 crypto_free_shash(*shash); 953 *shash = NULL; 954 return -ENOMEM; 955 } 956 957 (*sdesc)->shash.tfm = *shash; 958 return 0; 959} 960 961/** 962 * cifs_free_hash - free hash and hash context together 963 * 964 * Freeing a NULL hash or context is safe. 965 */ 966void 967cifs_free_hash(struct crypto_shash **shash, struct sdesc **sdesc) 968{ 969 kfree(*sdesc); 970 *sdesc = NULL; 971 if (*shash) 972 crypto_free_shash(*shash); 973 *shash = NULL; 974} 975 976/** 977 * rqst_page_get_length - obtain the length and offset for a page in smb_rqst 978 * Input: rqst - a smb_rqst, page - a page index for rqst 979 * Output: *len - the length for this page, *offset - the offset for this page 980 */ 981void rqst_page_get_length(const struct smb_rqst *rqst, unsigned int page, 982 unsigned int *len, unsigned int *offset) 983{ 984 *len = rqst->rq_pagesz; 985 *offset = (page == 0) ? rqst->rq_offset : 0; 986 987 if (rqst->rq_npages == 1 || page == rqst->rq_npages-1) 988 *len = rqst->rq_tailsz; 989 else if (page == 0) 990 *len = rqst->rq_pagesz - rqst->rq_offset; 991} 992 993void extract_unc_hostname(const char *unc, const char **h, size_t *len) 994{ 995 const char *end; 996 997 /* skip initial slashes */ 998 while (*unc && (*unc == '\\' || *unc == '/')) 999 unc++; 1000 1001 end = unc; 1002 1003 while (*end && !(*end == '\\' || *end == '/')) 1004 end++; 1005 1006 *h = unc; 1007 *len = end - unc; 1008} 1009 1010/** 1011 * copy_path_name - copy src path to dst, possibly truncating 1012 * 1013 * returns number of bytes written (including trailing nul) 1014 */ 1015int copy_path_name(char *dst, const char *src) 1016{ 1017 int name_len; 1018 1019 /* 1020 * PATH_MAX includes nul, so if strlen(src) >= PATH_MAX it 1021 * will truncate and strlen(dst) will be PATH_MAX-1 1022 */ 1023 name_len = strscpy(dst, src, PATH_MAX); 1024 if (WARN_ON_ONCE(name_len < 0)) 1025 name_len = PATH_MAX-1; 1026 1027 /* we count the trailing nul */ 1028 name_len++; 1029 return name_len; 1030} 1031 1032struct super_cb_data { 1033 void *data; 1034 struct super_block *sb; 1035}; 1036 1037static void tcp_super_cb(struct super_block *sb, void *arg) 1038{ 1039 struct super_cb_data *sd = arg; 1040 struct TCP_Server_Info *server = sd->data; 1041 struct cifs_sb_info *cifs_sb; 1042 struct cifs_tcon *tcon; 1043 1044 if (sd->sb) 1045 return; 1046 1047 cifs_sb = CIFS_SB(sb); 1048 tcon = cifs_sb_master_tcon(cifs_sb); 1049 if (tcon->ses->server == server) 1050 sd->sb = sb; 1051} 1052 1053static struct super_block *__cifs_get_super(void (*f)(struct super_block *, void *), 1054 void *data) 1055{ 1056 struct super_cb_data sd = { 1057 .data = data, 1058 .sb = NULL, 1059 }; 1060 struct file_system_type **fs_type = (struct file_system_type *[]) { 1061 &cifs_fs_type, &smb3_fs_type, NULL, 1062 }; 1063 1064 for (; *fs_type; fs_type++) { 1065 iterate_supers_type(*fs_type, f, &sd); 1066 if (sd.sb) { 1067 /* 1068 * Grab an active reference in order to prevent automounts (DFS links) 1069 * of expiring and then freeing up our cifs superblock pointer while 1070 * we're doing failover. 1071 */ 1072 cifs_sb_active(sd.sb); 1073 return sd.sb; 1074 } 1075 } 1076 return ERR_PTR(-EINVAL); 1077} 1078 1079static void __cifs_put_super(struct super_block *sb) 1080{ 1081 if (!IS_ERR_OR_NULL(sb)) 1082 cifs_sb_deactive(sb); 1083} 1084 1085struct super_block *cifs_get_tcp_super(struct TCP_Server_Info *server) 1086{ 1087 return __cifs_get_super(tcp_super_cb, server); 1088} 1089 1090void cifs_put_tcp_super(struct super_block *sb) 1091{ 1092 __cifs_put_super(sb); 1093} 1094 1095#ifdef CONFIG_CIFS_DFS_UPCALL 1096int match_target_ip(struct TCP_Server_Info *server, 1097 const char *share, size_t share_len, 1098 bool *result) 1099{ 1100 int rc; 1101 char *target, *tip = NULL; 1102 struct sockaddr tipaddr; 1103 1104 *result = false; 1105 1106 target = kzalloc(share_len + 3, GFP_KERNEL); 1107 if (!target) { 1108 rc = -ENOMEM; 1109 goto out; 1110 } 1111 1112 scnprintf(target, share_len + 3, "\\\\%.*s", (int)share_len, share); 1113 1114 cifs_dbg(FYI, "%s: target name: %s\n", __func__, target + 2); 1115 1116 rc = dns_resolve_server_name_to_ip(target, &tip); 1117 if (rc < 0) 1118 goto out; 1119 1120 cifs_dbg(FYI, "%s: target ip: %s\n", __func__, tip); 1121 1122 if (!cifs_convert_address(&tipaddr, tip, strlen(tip))) { 1123 cifs_dbg(VFS, "%s: failed to convert target ip address\n", 1124 __func__); 1125 rc = -EINVAL; 1126 goto out; 1127 } 1128 1129 *result = cifs_match_ipaddr((struct sockaddr *)&server->dstaddr, 1130 &tipaddr); 1131 cifs_dbg(FYI, "%s: ip addresses match: %u\n", __func__, *result); 1132 rc = 0; 1133 1134out: 1135 kfree(target); 1136 kfree(tip); 1137 1138 return rc; 1139} 1140 1141static void tcon_super_cb(struct super_block *sb, void *arg) 1142{ 1143 struct super_cb_data *sd = arg; 1144 struct cifs_tcon *tcon = sd->data; 1145 struct cifs_sb_info *cifs_sb; 1146 1147 if (sd->sb) 1148 return; 1149 1150 cifs_sb = CIFS_SB(sb); 1151 if (tcon->dfs_path && cifs_sb->origin_fullpath && 1152 !strcasecmp(tcon->dfs_path, cifs_sb->origin_fullpath)) 1153 sd->sb = sb; 1154} 1155 1156static inline struct super_block *cifs_get_tcon_super(struct cifs_tcon *tcon) 1157{ 1158 return __cifs_get_super(tcon_super_cb, tcon); 1159} 1160 1161static inline void cifs_put_tcon_super(struct super_block *sb) 1162{ 1163 __cifs_put_super(sb); 1164} 1165#else 1166static inline struct super_block *cifs_get_tcon_super(struct cifs_tcon *tcon) 1167{ 1168 return ERR_PTR(-EOPNOTSUPP); 1169} 1170 1171static inline void cifs_put_tcon_super(struct super_block *sb) 1172{ 1173} 1174#endif 1175 1176int update_super_prepath(struct cifs_tcon *tcon, char *prefix) 1177{ 1178 struct super_block *sb; 1179 struct cifs_sb_info *cifs_sb; 1180 int rc = 0; 1181 1182 sb = cifs_get_tcon_super(tcon); 1183 if (IS_ERR(sb)) 1184 return PTR_ERR(sb); 1185 1186 cifs_sb = CIFS_SB(sb); 1187 1188 kfree(cifs_sb->prepath); 1189 1190 if (prefix && *prefix) { 1191 cifs_sb->prepath = kstrndup(prefix, strlen(prefix), GFP_ATOMIC); 1192 if (!cifs_sb->prepath) { 1193 rc = -ENOMEM; 1194 goto out; 1195 } 1196 1197 convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb)); 1198 } else 1199 cifs_sb->prepath = NULL; 1200 1201 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_USE_PREFIX_PATH; 1202 1203out: 1204 cifs_put_tcon_super(sb); 1205 return rc; 1206} 1207