1/* 2 * fs/cifs/smb2pdu.c 3 * 4 * Copyright (C) International Business Machines Corp., 2009, 2013 5 * Etersoft, 2012 6 * Author(s): Steve French (sfrench@us.ibm.com) 7 * Pavel Shilovsky (pshilovsky@samba.org) 2012 8 * 9 * Contains the routines for constructing the SMB2 PDUs themselves 10 * 11 * This library is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU Lesser General Public License as published 13 * by the Free Software Foundation; either version 2.1 of the License, or 14 * (at your option) any later version. 15 * 16 * This library is distributed in the hope that it will be useful, 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 19 * the GNU Lesser General Public License for more details. 20 * 21 * You should have received a copy of the GNU Lesser General Public License 22 * along with this library; if not, write to the Free Software 23 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 24 */ 25 26 /* SMB2 PDU handling routines here - except for leftovers (eg session setup) */ 27 /* Note that there are handle based routines which must be */ 28 /* treated slightly differently for reconnection purposes since we never */ 29 /* want to reuse a stale file handle and only the caller knows the file info */ 30 31#include <linux/fs.h> 32#include <linux/kernel.h> 33#include <linux/vfs.h> 34#include <linux/task_io_accounting_ops.h> 35#include <linux/uaccess.h> 36#include <linux/pagemap.h> 37#include <linux/xattr.h> 38#include "smb2pdu.h" 39#include "cifsglob.h" 40#include "cifsacl.h" 41#include "cifsproto.h" 42#include "smb2proto.h" 43#include "cifs_unicode.h" 44#include "cifs_debug.h" 45#include "ntlmssp.h" 46#include "smb2status.h" 47#include "smb2glob.h" 48#include "cifspdu.h" 49#include "cifs_spnego.h" 50 51/* 52 * The following table defines the expected "StructureSize" of SMB2 requests 53 * in order by SMB2 command. This is similar to "wct" in SMB/CIFS requests. 54 * 55 * Note that commands are defined in smb2pdu.h in le16 but the array below is 56 * indexed by command in host byte order. 57 */ 58static const int smb2_req_struct_sizes[NUMBER_OF_SMB2_COMMANDS] = { 59 /* SMB2_NEGOTIATE */ 36, 60 /* SMB2_SESSION_SETUP */ 25, 61 /* SMB2_LOGOFF */ 4, 62 /* SMB2_TREE_CONNECT */ 9, 63 /* SMB2_TREE_DISCONNECT */ 4, 64 /* SMB2_CREATE */ 57, 65 /* SMB2_CLOSE */ 24, 66 /* SMB2_FLUSH */ 24, 67 /* SMB2_READ */ 49, 68 /* SMB2_WRITE */ 49, 69 /* SMB2_LOCK */ 48, 70 /* SMB2_IOCTL */ 57, 71 /* SMB2_CANCEL */ 4, 72 /* SMB2_ECHO */ 4, 73 /* SMB2_QUERY_DIRECTORY */ 33, 74 /* SMB2_CHANGE_NOTIFY */ 32, 75 /* SMB2_QUERY_INFO */ 41, 76 /* SMB2_SET_INFO */ 33, 77 /* SMB2_OPLOCK_BREAK */ 24 /* BB this is 36 for LEASE_BREAK variant */ 78}; 79 80 81static void 82smb2_hdr_assemble(struct smb2_hdr *hdr, __le16 smb2_cmd /* command */ , 83 const struct cifs_tcon *tcon) 84{ 85 struct smb2_pdu *pdu = (struct smb2_pdu *)hdr; 86 char *temp = (char *)hdr; 87 /* lookup word count ie StructureSize from table */ 88 __u16 parmsize = smb2_req_struct_sizes[le16_to_cpu(smb2_cmd)]; 89 90 /* 91 * smaller than SMALL_BUFFER_SIZE but bigger than fixed area of 92 * largest operations (Create) 93 */ 94 memset(temp, 0, 256); 95 96 /* Note this is only network field converted to big endian */ 97 hdr->smb2_buf_length = cpu_to_be32(parmsize + sizeof(struct smb2_hdr) 98 - 4 /* RFC 1001 length field itself not counted */); 99 100 hdr->ProtocolId[0] = 0xFE; 101 hdr->ProtocolId[1] = 'S'; 102 hdr->ProtocolId[2] = 'M'; 103 hdr->ProtocolId[3] = 'B'; 104 hdr->StructureSize = cpu_to_le16(64); 105 hdr->Command = smb2_cmd; 106 hdr->CreditRequest = cpu_to_le16(2); /* BB make this dynamic */ 107 hdr->ProcessId = cpu_to_le32((__u16)current->tgid); 108 109 if (!tcon) 110 goto out; 111 112 /* GLOBAL_CAP_LARGE_MTU will only be set if dialect > SMB2.02 */ 113 /* See sections 2.2.4 and 3.2.4.1.5 of MS-SMB2 */ 114 if ((tcon->ses) && (tcon->ses->server) && 115 (tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU)) 116 hdr->CreditCharge = cpu_to_le16(1); 117 /* else CreditCharge MBZ */ 118 119 hdr->TreeId = tcon->tid; 120 /* Uid is not converted */ 121 if (tcon->ses) 122 hdr->SessionId = tcon->ses->Suid; 123 124 /* 125 * If we would set SMB2_FLAGS_DFS_OPERATIONS on open we also would have 126 * to pass the path on the Open SMB prefixed by \\server\share. 127 * Not sure when we would need to do the augmented path (if ever) and 128 * setting this flag breaks the SMB2 open operation since it is 129 * illegal to send an empty path name (without \\server\share prefix) 130 * when the DFS flag is set in the SMB open header. We could 131 * consider setting the flag on all operations other than open 132 * but it is safer to net set it for now. 133 */ 134/* if (tcon->share_flags & SHI1005_FLAGS_DFS) 135 hdr->Flags |= SMB2_FLAGS_DFS_OPERATIONS; */ 136 137 if (tcon->ses && tcon->ses->server && tcon->ses->server->sign) 138 hdr->Flags |= SMB2_FLAGS_SIGNED; 139out: 140 pdu->StructureSize2 = cpu_to_le16(parmsize); 141 return; 142} 143 144static int 145smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) 146{ 147 int rc = 0; 148 struct nls_table *nls_codepage; 149 struct cifs_ses *ses; 150 struct TCP_Server_Info *server; 151 152 /* 153 * SMB2s NegProt, SessSetup, Logoff do not have tcon yet so 154 * check for tcp and smb session status done differently 155 * for those three - in the calling routine. 156 */ 157 if (tcon == NULL) 158 return rc; 159 160 if (smb2_command == SMB2_TREE_CONNECT) 161 return rc; 162 163 if (tcon->tidStatus == CifsExiting) { 164 /* 165 * only tree disconnect, open, and write, 166 * (and ulogoff which does not have tcon) 167 * are allowed as we start force umount. 168 */ 169 if ((smb2_command != SMB2_WRITE) && 170 (smb2_command != SMB2_CREATE) && 171 (smb2_command != SMB2_TREE_DISCONNECT)) { 172 cifs_dbg(FYI, "can not send cmd %d while umounting\n", 173 smb2_command); 174 return -ENODEV; 175 } 176 } 177 if ((!tcon->ses) || (tcon->ses->status == CifsExiting) || 178 (!tcon->ses->server)) 179 return -EIO; 180 181 ses = tcon->ses; 182 server = ses->server; 183 184 /* 185 * Give demultiplex thread up to 10 seconds to reconnect, should be 186 * greater than cifs socket timeout which is 7 seconds 187 */ 188 while (server->tcpStatus == CifsNeedReconnect) { 189 /* 190 * Return to caller for TREE_DISCONNECT and LOGOFF and CLOSE 191 * here since they are implicitly done when session drops. 192 */ 193 switch (smb2_command) { 194 /* 195 * BB Should we keep oplock break and add flush to exceptions? 196 */ 197 case SMB2_TREE_DISCONNECT: 198 case SMB2_CANCEL: 199 case SMB2_CLOSE: 200 case SMB2_OPLOCK_BREAK: 201 return -EAGAIN; 202 } 203 204 wait_event_interruptible_timeout(server->response_q, 205 (server->tcpStatus != CifsNeedReconnect), 10 * HZ); 206 207 /* are we still trying to reconnect? */ 208 if (server->tcpStatus != CifsNeedReconnect) 209 break; 210 211 /* 212 * on "soft" mounts we wait once. Hard mounts keep 213 * retrying until process is killed or server comes 214 * back on-line 215 */ 216 if (!tcon->retry) { 217 cifs_dbg(FYI, "gave up waiting on reconnect in smb_init\n"); 218 return -EHOSTDOWN; 219 } 220 } 221 222 if (!tcon->ses->need_reconnect && !tcon->need_reconnect) 223 return rc; 224 225 nls_codepage = load_nls_default(); 226 227 /* 228 * need to prevent multiple threads trying to simultaneously reconnect 229 * the same SMB session 230 */ 231 mutex_lock(&tcon->ses->session_mutex); 232 rc = cifs_negotiate_protocol(0, tcon->ses); 233 if (!rc && tcon->ses->need_reconnect) 234 rc = cifs_setup_session(0, tcon->ses, nls_codepage); 235 236 if (rc || !tcon->need_reconnect) { 237 mutex_unlock(&tcon->ses->session_mutex); 238 goto out; 239 } 240 241 cifs_mark_open_files_invalid(tcon); 242 rc = SMB2_tcon(0, tcon->ses, tcon->treeName, tcon, nls_codepage); 243 mutex_unlock(&tcon->ses->session_mutex); 244 cifs_dbg(FYI, "reconnect tcon rc = %d\n", rc); 245 if (rc) 246 goto out; 247 atomic_inc(&tconInfoReconnectCount); 248out: 249 /* 250 * Check if handle based operation so we know whether we can continue 251 * or not without returning to caller to reset file handle. 252 */ 253 /* 254 * BB Is flush done by server on drop of tcp session? Should we special 255 * case it and skip above? 256 */ 257 switch (smb2_command) { 258 case SMB2_FLUSH: 259 case SMB2_READ: 260 case SMB2_WRITE: 261 case SMB2_LOCK: 262 case SMB2_IOCTL: 263 case SMB2_QUERY_DIRECTORY: 264 case SMB2_CHANGE_NOTIFY: 265 case SMB2_QUERY_INFO: 266 case SMB2_SET_INFO: 267 return -EAGAIN; 268 } 269 unload_nls(nls_codepage); 270 return rc; 271} 272 273/* 274 * Allocate and return pointer to an SMB request hdr, and set basic 275 * SMB information in the SMB header. If the return code is zero, this 276 * function must have filled in request_buf pointer. 277 */ 278static int 279small_smb2_init(__le16 smb2_command, struct cifs_tcon *tcon, 280 void **request_buf) 281{ 282 int rc = 0; 283 284 rc = smb2_reconnect(smb2_command, tcon); 285 if (rc) 286 return rc; 287 288 /* BB eventually switch this to SMB2 specific small buf size */ 289 *request_buf = cifs_small_buf_get(); 290 if (*request_buf == NULL) { 291 /* BB should we add a retry in here if not a writepage? */ 292 return -ENOMEM; 293 } 294 295 smb2_hdr_assemble((struct smb2_hdr *) *request_buf, smb2_command, tcon); 296 297 if (tcon != NULL) { 298#ifdef CONFIG_CIFS_STATS2 299 uint16_t com_code = le16_to_cpu(smb2_command); 300 cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_sent[com_code]); 301#endif 302 cifs_stats_inc(&tcon->num_smbs_sent); 303 } 304 305 return rc; 306} 307 308#ifdef CONFIG_CIFS_SMB311 309/* offset is sizeof smb2_negotiate_req - 4 but rounded up to 8 bytes */ 310#define OFFSET_OF_NEG_CONTEXT 0x68 /* sizeof(struct smb2_negotiate_req) - 4 */ 311 312 313#define SMB2_PREAUTH_INTEGRITY_CAPABILITIES cpu_to_le16(1) 314#define SMB2_ENCRYPTION_CAPABILITIES cpu_to_le16(2) 315 316static void 317build_preauth_ctxt(struct smb2_preauth_neg_context *pneg_ctxt) 318{ 319 pneg_ctxt->ContextType = SMB2_PREAUTH_INTEGRITY_CAPABILITIES; 320 pneg_ctxt->DataLength = cpu_to_le16(38); 321 pneg_ctxt->HashAlgorithmCount = cpu_to_le16(1); 322 pneg_ctxt->SaltLength = cpu_to_le16(SMB311_SALT_SIZE); 323 get_random_bytes(pneg_ctxt->Salt, SMB311_SALT_SIZE); 324 pneg_ctxt->HashAlgorithms = SMB2_PREAUTH_INTEGRITY_SHA512; 325} 326 327static void 328build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt) 329{ 330 pneg_ctxt->ContextType = SMB2_ENCRYPTION_CAPABILITIES; 331 pneg_ctxt->DataLength = cpu_to_le16(6); 332 pneg_ctxt->CipherCount = cpu_to_le16(2); 333 pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_GCM; 334 pneg_ctxt->Ciphers[1] = SMB2_ENCRYPTION_AES128_CCM; 335} 336 337static void 338assemble_neg_contexts(struct smb2_negotiate_req *req) 339{ 340 341 /* +4 is to account for the RFC1001 len field */ 342 char *pneg_ctxt = (char *)req + OFFSET_OF_NEG_CONTEXT + 4; 343 344 build_preauth_ctxt((struct smb2_preauth_neg_context *)pneg_ctxt); 345 /* Add 2 to size to round to 8 byte boundary */ 346 pneg_ctxt += 2 + sizeof(struct smb2_preauth_neg_context); 347 build_encrypt_ctxt((struct smb2_encryption_neg_context *)pneg_ctxt); 348 req->NegotiateContextOffset = cpu_to_le32(OFFSET_OF_NEG_CONTEXT); 349 req->NegotiateContextCount = cpu_to_le16(2); 350 inc_rfc1001_len(req, 4 + sizeof(struct smb2_preauth_neg_context) + 2 351 + sizeof(struct smb2_encryption_neg_context)); /* calculate hash */ 352} 353#else 354static void assemble_neg_contexts(struct smb2_negotiate_req *req) 355{ 356 return; 357} 358#endif /* SMB311 */ 359 360 361/* 362 * 363 * SMB2 Worker functions follow: 364 * 365 * The general structure of the worker functions is: 366 * 1) Call smb2_init (assembles SMB2 header) 367 * 2) Initialize SMB2 command specific fields in fixed length area of SMB 368 * 3) Call smb_sendrcv2 (sends request on socket and waits for response) 369 * 4) Decode SMB2 command specific fields in the fixed length area 370 * 5) Decode variable length data area (if any for this SMB2 command type) 371 * 6) Call free smb buffer 372 * 7) return 373 * 374 */ 375 376int 377SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) 378{ 379 struct smb2_negotiate_req *req; 380 struct smb2_negotiate_rsp *rsp; 381 struct kvec iov[1]; 382 int rc = 0; 383 int resp_buftype; 384 struct TCP_Server_Info *server = ses->server; 385 int blob_offset, blob_length; 386 char *security_blob; 387 int flags = CIFS_NEG_OP; 388 389 cifs_dbg(FYI, "Negotiate protocol\n"); 390 391 if (!server) { 392 WARN(1, "%s: server is NULL!\n", __func__); 393 return -EIO; 394 } 395 396 rc = small_smb2_init(SMB2_NEGOTIATE, NULL, (void **) &req); 397 if (rc) 398 return rc; 399 400 req->hdr.SessionId = 0; 401 402 req->Dialects[0] = cpu_to_le16(ses->server->vals->protocol_id); 403 404 req->DialectCount = cpu_to_le16(1); /* One vers= at a time for now */ 405 inc_rfc1001_len(req, 2); 406 407 /* only one of SMB2 signing flags may be set in SMB2 request */ 408 if (ses->sign) 409 req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED); 410 else if (global_secflags & CIFSSEC_MAY_SIGN) 411 req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED); 412 else 413 req->SecurityMode = 0; 414 415 req->Capabilities = cpu_to_le32(ses->server->vals->req_capabilities); 416 417 /* ClientGUID must be zero for SMB2.02 dialect */ 418 if (ses->server->vals->protocol_id == SMB20_PROT_ID) 419 memset(req->ClientGUID, 0, SMB2_CLIENT_GUID_SIZE); 420 else { 421 memcpy(req->ClientGUID, server->client_guid, 422 SMB2_CLIENT_GUID_SIZE); 423 if (ses->server->vals->protocol_id == SMB311_PROT_ID) 424 assemble_neg_contexts(req); 425 } 426 iov[0].iov_base = (char *)req; 427 /* 4 for rfc1002 length field */ 428 iov[0].iov_len = get_rfc1002_length(req) + 4; 429 430 rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, flags); 431 432 rsp = (struct smb2_negotiate_rsp *)iov[0].iov_base; 433 /* 434 * No tcon so can't do 435 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]); 436 */ 437 if (rc != 0) 438 goto neg_exit; 439 440 cifs_dbg(FYI, "mode 0x%x\n", rsp->SecurityMode); 441 442 /* BB we may eventually want to match the negotiated vs. requested 443 dialect, even though we are only requesting one at a time */ 444 if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) 445 cifs_dbg(FYI, "negotiated smb2.0 dialect\n"); 446 else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) 447 cifs_dbg(FYI, "negotiated smb2.1 dialect\n"); 448 else if (rsp->DialectRevision == cpu_to_le16(SMB30_PROT_ID)) 449 cifs_dbg(FYI, "negotiated smb3.0 dialect\n"); 450 else if (rsp->DialectRevision == cpu_to_le16(SMB302_PROT_ID)) 451 cifs_dbg(FYI, "negotiated smb3.02 dialect\n"); 452#ifdef CONFIG_CIFS_SMB311 453 else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) 454 cifs_dbg(FYI, "negotiated smb3.1.1 dialect\n"); 455#endif /* SMB311 */ 456 else { 457 cifs_dbg(VFS, "Illegal dialect returned by server 0x%x\n", 458 le16_to_cpu(rsp->DialectRevision)); 459 rc = -EIO; 460 goto neg_exit; 461 } 462 server->dialect = le16_to_cpu(rsp->DialectRevision); 463 464 /* SMB2 only has an extended negflavor */ 465 server->negflavor = CIFS_NEGFLAVOR_EXTENDED; 466 /* set it to the maximum buffer size value we can send with 1 credit */ 467 server->maxBuf = min_t(unsigned int, le32_to_cpu(rsp->MaxTransactSize), 468 SMB2_MAX_BUFFER_SIZE); 469 server->max_read = le32_to_cpu(rsp->MaxReadSize); 470 server->max_write = le32_to_cpu(rsp->MaxWriteSize); 471 /* BB Do we need to validate the SecurityMode? */ 472 server->sec_mode = le16_to_cpu(rsp->SecurityMode); 473 server->capabilities = le32_to_cpu(rsp->Capabilities); 474 /* Internal types */ 475 server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES; 476 477 security_blob = smb2_get_data_area_len(&blob_offset, &blob_length, 478 &rsp->hdr); 479 /* 480 * See MS-SMB2 section 2.2.4: if no blob, client picks default which 481 * for us will be 482 * ses->sectype = RawNTLMSSP; 483 * but for time being this is our only auth choice so doesn't matter. 484 * We just found a server which sets blob length to zero expecting raw. 485 */ 486 if (blob_length == 0) 487 cifs_dbg(FYI, "missing security blob on negprot\n"); 488 489 rc = cifs_enable_signing(server, ses->sign); 490 if (rc) 491 goto neg_exit; 492 if (blob_length) { 493 rc = decode_negTokenInit(security_blob, blob_length, server); 494 if (rc == 1) 495 rc = 0; 496 else if (rc == 0) 497 rc = -EIO; 498 } 499neg_exit: 500 free_rsp_buf(resp_buftype, rsp); 501 return rc; 502} 503 504int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon) 505{ 506 int rc = 0; 507 struct validate_negotiate_info_req vneg_inbuf; 508 struct validate_negotiate_info_rsp *pneg_rsp; 509 u32 rsplen; 510 511 cifs_dbg(FYI, "validate negotiate\n"); 512 513 /* 514 * validation ioctl must be signed, so no point sending this if we 515 * can not sign it. We could eventually change this to selectively 516 * sign just this, the first and only signed request on a connection. 517 * This is good enough for now since a user who wants better security 518 * would also enable signing on the mount. Having validation of 519 * negotiate info for signed connections helps reduce attack vectors 520 */ 521 if (tcon->ses->server->sign == false) 522 return 0; /* validation requires signing */ 523 524 vneg_inbuf.Capabilities = 525 cpu_to_le32(tcon->ses->server->vals->req_capabilities); 526 memcpy(vneg_inbuf.Guid, tcon->ses->server->client_guid, 527 SMB2_CLIENT_GUID_SIZE); 528 529 if (tcon->ses->sign) 530 vneg_inbuf.SecurityMode = 531 cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED); 532 else if (global_secflags & CIFSSEC_MAY_SIGN) 533 vneg_inbuf.SecurityMode = 534 cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED); 535 else 536 vneg_inbuf.SecurityMode = 0; 537 538 vneg_inbuf.DialectCount = cpu_to_le16(1); 539 vneg_inbuf.Dialects[0] = 540 cpu_to_le16(tcon->ses->server->vals->protocol_id); 541 542 rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID, 543 FSCTL_VALIDATE_NEGOTIATE_INFO, true /* is_fsctl */, 544 (char *)&vneg_inbuf, sizeof(struct validate_negotiate_info_req), 545 (char **)&pneg_rsp, &rsplen); 546 547 if (rc != 0) { 548 cifs_dbg(VFS, "validate protocol negotiate failed: %d\n", rc); 549 return -EIO; 550 } 551 552 if (rsplen != sizeof(struct validate_negotiate_info_rsp)) { 553 cifs_dbg(VFS, "invalid size of protocol negotiate response\n"); 554 return -EIO; 555 } 556 557 /* check validate negotiate info response matches what we got earlier */ 558 if (pneg_rsp->Dialect != 559 cpu_to_le16(tcon->ses->server->vals->protocol_id)) 560 goto vneg_out; 561 562 if (pneg_rsp->SecurityMode != cpu_to_le16(tcon->ses->server->sec_mode)) 563 goto vneg_out; 564 565 /* do not validate server guid because not saved at negprot time yet */ 566 567 if ((le32_to_cpu(pneg_rsp->Capabilities) | SMB2_NT_FIND | 568 SMB2_LARGE_FILES) != tcon->ses->server->capabilities) 569 goto vneg_out; 570 571 /* validate negotiate successful */ 572 cifs_dbg(FYI, "validate negotiate info successful\n"); 573 return 0; 574 575vneg_out: 576 cifs_dbg(VFS, "protocol revalidation - security settings mismatch\n"); 577 return -EIO; 578} 579 580int 581SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses, 582 const struct nls_table *nls_cp) 583{ 584 struct smb2_sess_setup_req *req; 585 struct smb2_sess_setup_rsp *rsp = NULL; 586 struct kvec iov[2]; 587 int rc = 0; 588 int resp_buftype = CIFS_NO_BUFFER; 589 __le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */ 590 struct TCP_Server_Info *server = ses->server; 591 u16 blob_length = 0; 592 struct key *spnego_key = NULL; 593 char *security_blob = NULL; 594 char *ntlmssp_blob = NULL; 595 bool use_spnego = false; /* else use raw ntlmssp */ 596 597 cifs_dbg(FYI, "Session Setup\n"); 598 599 if (!server) { 600 WARN(1, "%s: server is NULL!\n", __func__); 601 return -EIO; 602 } 603 604 /* 605 * If we are here due to reconnect, free per-smb session key 606 * in case signing was required. 607 */ 608 kfree(ses->auth_key.response); 609 ses->auth_key.response = NULL; 610 611 /* 612 * If memory allocation is successful, caller of this function 613 * frees it. 614 */ 615 ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL); 616 if (!ses->ntlmssp) 617 return -ENOMEM; 618 ses->ntlmssp->sesskey_per_smbsess = true; 619 620 /* FIXME: allow for other auth types besides NTLMSSP (e.g. krb5) */ 621 if (ses->sectype != Kerberos && ses->sectype != RawNTLMSSP) 622 ses->sectype = RawNTLMSSP; 623 624ssetup_ntlmssp_authenticate: 625 if (phase == NtLmChallenge) 626 phase = NtLmAuthenticate; /* if ntlmssp, now final phase */ 627 628 rc = small_smb2_init(SMB2_SESSION_SETUP, NULL, (void **) &req); 629 if (rc) 630 return rc; 631 632 req->hdr.SessionId = 0; /* First session, not a reauthenticate */ 633 req->Flags = 0; /* MBZ */ 634 /* to enable echos and oplocks */ 635 req->hdr.CreditRequest = cpu_to_le16(3); 636 637 /* only one of SMB2 signing flags may be set in SMB2 request */ 638 if (server->sign) 639 req->SecurityMode = SMB2_NEGOTIATE_SIGNING_REQUIRED; 640 else if (global_secflags & CIFSSEC_MAY_SIGN) /* one flag unlike MUST_ */ 641 req->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED; 642 else 643 req->SecurityMode = 0; 644 645 req->Capabilities = 0; 646 req->Channel = 0; /* MBZ */ 647 648 iov[0].iov_base = (char *)req; 649 /* 4 for rfc1002 length field and 1 for pad */ 650 iov[0].iov_len = get_rfc1002_length(req) + 4 - 1; 651 652 if (ses->sectype == Kerberos) { 653#ifdef CONFIG_CIFS_UPCALL 654 struct cifs_spnego_msg *msg; 655 656 spnego_key = cifs_get_spnego_key(ses); 657 if (IS_ERR(spnego_key)) { 658 rc = PTR_ERR(spnego_key); 659 spnego_key = NULL; 660 goto ssetup_exit; 661 } 662 663 msg = spnego_key->payload.data[0]; 664 /* 665 * check version field to make sure that cifs.upcall is 666 * sending us a response in an expected form 667 */ 668 if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) { 669 cifs_dbg(VFS, 670 "bad cifs.upcall version. Expected %d got %d", 671 CIFS_SPNEGO_UPCALL_VERSION, msg->version); 672 rc = -EKEYREJECTED; 673 goto ssetup_exit; 674 } 675 ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len, 676 GFP_KERNEL); 677 if (!ses->auth_key.response) { 678 cifs_dbg(VFS, 679 "Kerberos can't allocate (%u bytes) memory", 680 msg->sesskey_len); 681 rc = -ENOMEM; 682 goto ssetup_exit; 683 } 684 ses->auth_key.len = msg->sesskey_len; 685 blob_length = msg->secblob_len; 686 iov[1].iov_base = msg->data + msg->sesskey_len; 687 iov[1].iov_len = blob_length; 688#else 689 rc = -EOPNOTSUPP; 690 goto ssetup_exit; 691#endif /* CONFIG_CIFS_UPCALL */ 692 } else if (phase == NtLmNegotiate) { /* if not krb5 must be ntlmssp */ 693 ntlmssp_blob = kmalloc(sizeof(struct _NEGOTIATE_MESSAGE), 694 GFP_KERNEL); 695 if (ntlmssp_blob == NULL) { 696 rc = -ENOMEM; 697 goto ssetup_exit; 698 } 699 build_ntlmssp_negotiate_blob(ntlmssp_blob, ses); 700 if (use_spnego) { 701 /* blob_length = build_spnego_ntlmssp_blob( 702 &security_blob, 703 sizeof(struct _NEGOTIATE_MESSAGE), 704 ntlmssp_blob); */ 705 /* BB eventually need to add this */ 706 cifs_dbg(VFS, "spnego not supported for SMB2 yet\n"); 707 rc = -EOPNOTSUPP; 708 kfree(ntlmssp_blob); 709 goto ssetup_exit; 710 } else { 711 blob_length = sizeof(struct _NEGOTIATE_MESSAGE); 712 /* with raw NTLMSSP we don't encapsulate in SPNEGO */ 713 security_blob = ntlmssp_blob; 714 } 715 iov[1].iov_base = security_blob; 716 iov[1].iov_len = blob_length; 717 } else if (phase == NtLmAuthenticate) { 718 req->hdr.SessionId = ses->Suid; 719 ntlmssp_blob = kzalloc(sizeof(struct _NEGOTIATE_MESSAGE) + 500, 720 GFP_KERNEL); 721 if (ntlmssp_blob == NULL) { 722 rc = -ENOMEM; 723 goto ssetup_exit; 724 } 725 rc = build_ntlmssp_auth_blob(ntlmssp_blob, &blob_length, ses, 726 nls_cp); 727 if (rc) { 728 cifs_dbg(FYI, "build_ntlmssp_auth_blob failed %d\n", 729 rc); 730 goto ssetup_exit; /* BB double check error handling */ 731 } 732 if (use_spnego) { 733 /* blob_length = build_spnego_ntlmssp_blob( 734 &security_blob, 735 blob_length, 736 ntlmssp_blob); */ 737 cifs_dbg(VFS, "spnego not supported for SMB2 yet\n"); 738 rc = -EOPNOTSUPP; 739 kfree(ntlmssp_blob); 740 goto ssetup_exit; 741 } else { 742 security_blob = ntlmssp_blob; 743 } 744 iov[1].iov_base = security_blob; 745 iov[1].iov_len = blob_length; 746 } else { 747 cifs_dbg(VFS, "illegal ntlmssp phase\n"); 748 rc = -EIO; 749 goto ssetup_exit; 750 } 751 752 /* Testing shows that buffer offset must be at location of Buffer[0] */ 753 req->SecurityBufferOffset = 754 cpu_to_le16(sizeof(struct smb2_sess_setup_req) - 755 1 /* pad */ - 4 /* rfc1001 len */); 756 req->SecurityBufferLength = cpu_to_le16(blob_length); 757 758 inc_rfc1001_len(req, blob_length - 1 /* pad */); 759 760 /* BB add code to build os and lm fields */ 761 762 rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, 763 CIFS_LOG_ERROR | CIFS_NEG_OP); 764 765 kfree(security_blob); 766 rsp = (struct smb2_sess_setup_rsp *)iov[0].iov_base; 767 ses->Suid = rsp->hdr.SessionId; 768 if (resp_buftype != CIFS_NO_BUFFER && 769 rsp->hdr.Status == STATUS_MORE_PROCESSING_REQUIRED) { 770 if (phase != NtLmNegotiate) { 771 cifs_dbg(VFS, "Unexpected more processing error\n"); 772 goto ssetup_exit; 773 } 774 if (offsetof(struct smb2_sess_setup_rsp, Buffer) - 4 != 775 le16_to_cpu(rsp->SecurityBufferOffset)) { 776 cifs_dbg(VFS, "Invalid security buffer offset %d\n", 777 le16_to_cpu(rsp->SecurityBufferOffset)); 778 rc = -EIO; 779 goto ssetup_exit; 780 } 781 782 /* NTLMSSP Negotiate sent now processing challenge (response) */ 783 phase = NtLmChallenge; /* process ntlmssp challenge */ 784 rc = 0; /* MORE_PROCESSING is not an error here but expected */ 785 rc = decode_ntlmssp_challenge(rsp->Buffer, 786 le16_to_cpu(rsp->SecurityBufferLength), ses); 787 } 788 789 /* 790 * BB eventually add code for SPNEGO decoding of NtlmChallenge blob, 791 * but at least the raw NTLMSSP case works. 792 */ 793 /* 794 * No tcon so can't do 795 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]); 796 */ 797 if (rc != 0) 798 goto ssetup_exit; 799 800 ses->session_flags = le16_to_cpu(rsp->SessionFlags); 801 if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) 802 cifs_dbg(VFS, "SMB3 encryption not supported yet\n"); 803ssetup_exit: 804 free_rsp_buf(resp_buftype, rsp); 805 806 /* if ntlmssp, and negotiate succeeded, proceed to authenticate phase */ 807 if ((phase == NtLmChallenge) && (rc == 0)) 808 goto ssetup_ntlmssp_authenticate; 809 810 if (!rc) { 811 mutex_lock(&server->srv_mutex); 812 if (server->sign && server->ops->generate_signingkey) { 813 rc = server->ops->generate_signingkey(ses); 814 kfree(ses->auth_key.response); 815 ses->auth_key.response = NULL; 816 if (rc) { 817 cifs_dbg(FYI, 818 "SMB3 session key generation failed\n"); 819 mutex_unlock(&server->srv_mutex); 820 goto keygen_exit; 821 } 822 } 823 if (!server->session_estab) { 824 server->sequence_number = 0x2; 825 server->session_estab = true; 826 } 827 mutex_unlock(&server->srv_mutex); 828 829 cifs_dbg(FYI, "SMB2/3 session established successfully\n"); 830 spin_lock(&GlobalMid_Lock); 831 ses->status = CifsGood; 832 ses->need_reconnect = false; 833 spin_unlock(&GlobalMid_Lock); 834 } 835 836keygen_exit: 837 if (!server->sign) { 838 kfree(ses->auth_key.response); 839 ses->auth_key.response = NULL; 840 } 841 if (spnego_key) { 842 key_invalidate(spnego_key); 843 key_put(spnego_key); 844 } 845 kfree(ses->ntlmssp); 846 847 return rc; 848} 849 850int 851SMB2_logoff(const unsigned int xid, struct cifs_ses *ses) 852{ 853 struct smb2_logoff_req *req; /* response is also trivial struct */ 854 int rc = 0; 855 struct TCP_Server_Info *server; 856 857 cifs_dbg(FYI, "disconnect session %p\n", ses); 858 859 if (ses && (ses->server)) 860 server = ses->server; 861 else 862 return -EIO; 863 864 /* no need to send SMB logoff if uid already closed due to reconnect */ 865 if (ses->need_reconnect) 866 goto smb2_session_already_dead; 867 868 rc = small_smb2_init(SMB2_LOGOFF, NULL, (void **) &req); 869 if (rc) 870 return rc; 871 872 /* since no tcon, smb2_init can not do this, so do here */ 873 req->hdr.SessionId = ses->Suid; 874 if (server->sign) 875 req->hdr.Flags |= SMB2_FLAGS_SIGNED; 876 877 rc = SendReceiveNoRsp(xid, ses, (char *) &req->hdr, 0); 878 /* 879 * No tcon so can't do 880 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]); 881 */ 882 883smb2_session_already_dead: 884 return rc; 885} 886 887static inline void cifs_stats_fail_inc(struct cifs_tcon *tcon, uint16_t code) 888{ 889 cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_failed[code]); 890} 891 892#define MAX_SHARENAME_LENGTH (255 /* server */ + 80 /* share */ + 1 /* NULL */) 893 894/* These are similar values to what Windows uses */ 895static inline void init_copy_chunk_defaults(struct cifs_tcon *tcon) 896{ 897 tcon->max_chunks = 256; 898 tcon->max_bytes_chunk = 1048576; 899 tcon->max_bytes_copy = 16777216; 900} 901 902int 903SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, 904 struct cifs_tcon *tcon, const struct nls_table *cp) 905{ 906 struct smb2_tree_connect_req *req; 907 struct smb2_tree_connect_rsp *rsp = NULL; 908 struct kvec iov[2]; 909 int rc = 0; 910 int resp_buftype; 911 int unc_path_len; 912 struct TCP_Server_Info *server; 913 __le16 *unc_path = NULL; 914 915 cifs_dbg(FYI, "TCON\n"); 916 917 if ((ses->server) && tree) 918 server = ses->server; 919 else 920 return -EIO; 921 922 if (tcon && tcon->bad_network_name) 923 return -ENOENT; 924 925 if ((tcon && tcon->seal) && 926 ((ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION) == 0)) { 927 cifs_dbg(VFS, "encryption requested but no server support"); 928 return -EOPNOTSUPP; 929 } 930 931 unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL); 932 if (unc_path == NULL) 933 return -ENOMEM; 934 935 unc_path_len = cifs_strtoUTF16(unc_path, tree, strlen(tree), cp) + 1; 936 unc_path_len *= 2; 937 if (unc_path_len < 2) { 938 kfree(unc_path); 939 return -EINVAL; 940 } 941 942 rc = small_smb2_init(SMB2_TREE_CONNECT, tcon, (void **) &req); 943 if (rc) { 944 kfree(unc_path); 945 return rc; 946 } 947 948 if (tcon == NULL) { 949 /* since no tcon, smb2_init can not do this, so do here */ 950 req->hdr.SessionId = ses->Suid; 951 /* if (ses->server->sec_mode & SECMODE_SIGN_REQUIRED) 952 req->hdr.Flags |= SMB2_FLAGS_SIGNED; */ 953 } 954 955 iov[0].iov_base = (char *)req; 956 /* 4 for rfc1002 length field and 1 for pad */ 957 iov[0].iov_len = get_rfc1002_length(req) + 4 - 1; 958 959 /* Testing shows that buffer offset must be at location of Buffer[0] */ 960 req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req) 961 - 1 /* pad */ - 4 /* do not count rfc1001 len field */); 962 req->PathLength = cpu_to_le16(unc_path_len - 2); 963 iov[1].iov_base = unc_path; 964 iov[1].iov_len = unc_path_len; 965 966 inc_rfc1001_len(req, unc_path_len - 1 /* pad */); 967 968 rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, 0); 969 rsp = (struct smb2_tree_connect_rsp *)iov[0].iov_base; 970 971 if (rc != 0) { 972 if (tcon) { 973 cifs_stats_fail_inc(tcon, SMB2_TREE_CONNECT_HE); 974 tcon->need_reconnect = true; 975 } 976 goto tcon_error_exit; 977 } 978 979 if (tcon == NULL) { 980 ses->ipc_tid = rsp->hdr.TreeId; 981 goto tcon_exit; 982 } 983 984 if (rsp->ShareType & SMB2_SHARE_TYPE_DISK) 985 cifs_dbg(FYI, "connection to disk share\n"); 986 else if (rsp->ShareType & SMB2_SHARE_TYPE_PIPE) { 987 tcon->ipc = true; 988 cifs_dbg(FYI, "connection to pipe share\n"); 989 } else if (rsp->ShareType & SMB2_SHARE_TYPE_PRINT) { 990 tcon->print = true; 991 cifs_dbg(FYI, "connection to printer\n"); 992 } else { 993 cifs_dbg(VFS, "unknown share type %d\n", rsp->ShareType); 994 rc = -EOPNOTSUPP; 995 goto tcon_error_exit; 996 } 997 998 tcon->share_flags = le32_to_cpu(rsp->ShareFlags); 999 tcon->capabilities = rsp->Capabilities; /* we keep caps little endian */ 1000 tcon->maximal_access = le32_to_cpu(rsp->MaximalAccess); 1001 tcon->tidStatus = CifsGood; 1002 tcon->need_reconnect = false; 1003 tcon->tid = rsp->hdr.TreeId; 1004 strlcpy(tcon->treeName, tree, sizeof(tcon->treeName)); 1005 1006 if ((rsp->Capabilities & SMB2_SHARE_CAP_DFS) && 1007 ((tcon->share_flags & SHI1005_FLAGS_DFS) == 0)) 1008 cifs_dbg(VFS, "DFS capability contradicts DFS flag\n"); 1009 init_copy_chunk_defaults(tcon); 1010 if (tcon->share_flags & SHI1005_FLAGS_ENCRYPT_DATA) 1011 cifs_dbg(VFS, "Encrypted shares not supported"); 1012 if (tcon->ses->server->ops->validate_negotiate) 1013 rc = tcon->ses->server->ops->validate_negotiate(xid, tcon); 1014tcon_exit: 1015 free_rsp_buf(resp_buftype, rsp); 1016 kfree(unc_path); 1017 return rc; 1018 1019tcon_error_exit: 1020 if (rsp->hdr.Status == STATUS_BAD_NETWORK_NAME) { 1021 cifs_dbg(VFS, "BAD_NETWORK_NAME: %s\n", tree); 1022 if (tcon) 1023 tcon->bad_network_name = true; 1024 } 1025 goto tcon_exit; 1026} 1027 1028int 1029SMB2_tdis(const unsigned int xid, struct cifs_tcon *tcon) 1030{ 1031 struct smb2_tree_disconnect_req *req; /* response is trivial */ 1032 int rc = 0; 1033 struct TCP_Server_Info *server; 1034 struct cifs_ses *ses = tcon->ses; 1035 1036 cifs_dbg(FYI, "Tree Disconnect\n"); 1037 1038 if (ses && (ses->server)) 1039 server = ses->server; 1040 else 1041 return -EIO; 1042 1043 if ((tcon->need_reconnect) || (tcon->ses->need_reconnect)) 1044 return 0; 1045 1046 rc = small_smb2_init(SMB2_TREE_DISCONNECT, tcon, (void **) &req); 1047 if (rc) 1048 return rc; 1049 1050 rc = SendReceiveNoRsp(xid, ses, (char *)&req->hdr, 0); 1051 if (rc) 1052 cifs_stats_fail_inc(tcon, SMB2_TREE_DISCONNECT_HE); 1053 1054 return rc; 1055} 1056 1057 1058static struct create_durable * 1059create_durable_buf(void) 1060{ 1061 struct create_durable *buf; 1062 1063 buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL); 1064 if (!buf) 1065 return NULL; 1066 1067 buf->ccontext.DataOffset = cpu_to_le16(offsetof 1068 (struct create_durable, Data)); 1069 buf->ccontext.DataLength = cpu_to_le32(16); 1070 buf->ccontext.NameOffset = cpu_to_le16(offsetof 1071 (struct create_durable, Name)); 1072 buf->ccontext.NameLength = cpu_to_le16(4); 1073 /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DHnQ" */ 1074 buf->Name[0] = 'D'; 1075 buf->Name[1] = 'H'; 1076 buf->Name[2] = 'n'; 1077 buf->Name[3] = 'Q'; 1078 return buf; 1079} 1080 1081static struct create_durable * 1082create_reconnect_durable_buf(struct cifs_fid *fid) 1083{ 1084 struct create_durable *buf; 1085 1086 buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL); 1087 if (!buf) 1088 return NULL; 1089 1090 buf->ccontext.DataOffset = cpu_to_le16(offsetof 1091 (struct create_durable, Data)); 1092 buf->ccontext.DataLength = cpu_to_le32(16); 1093 buf->ccontext.NameOffset = cpu_to_le16(offsetof 1094 (struct create_durable, Name)); 1095 buf->ccontext.NameLength = cpu_to_le16(4); 1096 buf->Data.Fid.PersistentFileId = fid->persistent_fid; 1097 buf->Data.Fid.VolatileFileId = fid->volatile_fid; 1098 /* SMB2_CREATE_DURABLE_HANDLE_RECONNECT is "DHnC" */ 1099 buf->Name[0] = 'D'; 1100 buf->Name[1] = 'H'; 1101 buf->Name[2] = 'n'; 1102 buf->Name[3] = 'C'; 1103 return buf; 1104} 1105 1106static __u8 1107parse_lease_state(struct TCP_Server_Info *server, struct smb2_create_rsp *rsp, 1108 unsigned int *epoch) 1109{ 1110 char *data_offset; 1111 struct create_context *cc; 1112 unsigned int next; 1113 unsigned int remaining; 1114 char *name; 1115 1116 data_offset = (char *)rsp + 4 + le32_to_cpu(rsp->CreateContextsOffset); 1117 remaining = le32_to_cpu(rsp->CreateContextsLength); 1118 cc = (struct create_context *)data_offset; 1119 while (remaining >= sizeof(struct create_context)) { 1120 name = le16_to_cpu(cc->NameOffset) + (char *)cc; 1121 if (le16_to_cpu(cc->NameLength) == 4 && 1122 strncmp(name, "RqLs", 4) == 0) 1123 return server->ops->parse_lease_buf(cc, epoch); 1124 1125 next = le32_to_cpu(cc->Next); 1126 if (!next) 1127 break; 1128 remaining -= next; 1129 cc = (struct create_context *)((char *)cc + next); 1130 } 1131 1132 return 0; 1133} 1134 1135static int 1136add_lease_context(struct TCP_Server_Info *server, struct kvec *iov, 1137 unsigned int *num_iovec, __u8 *oplock) 1138{ 1139 struct smb2_create_req *req = iov[0].iov_base; 1140 unsigned int num = *num_iovec; 1141 1142 iov[num].iov_base = server->ops->create_lease_buf(oplock+1, *oplock); 1143 if (iov[num].iov_base == NULL) 1144 return -ENOMEM; 1145 iov[num].iov_len = server->vals->create_lease_size; 1146 req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_LEASE; 1147 if (!req->CreateContextsOffset) 1148 req->CreateContextsOffset = cpu_to_le32( 1149 sizeof(struct smb2_create_req) - 4 + 1150 iov[num - 1].iov_len); 1151 le32_add_cpu(&req->CreateContextsLength, 1152 server->vals->create_lease_size); 1153 inc_rfc1001_len(&req->hdr, server->vals->create_lease_size); 1154 *num_iovec = num + 1; 1155 return 0; 1156} 1157 1158static struct create_durable_v2 * 1159create_durable_v2_buf(struct cifs_fid *pfid) 1160{ 1161 struct create_durable_v2 *buf; 1162 1163 buf = kzalloc(sizeof(struct create_durable_v2), GFP_KERNEL); 1164 if (!buf) 1165 return NULL; 1166 1167 buf->ccontext.DataOffset = cpu_to_le16(offsetof 1168 (struct create_durable_v2, dcontext)); 1169 buf->ccontext.DataLength = cpu_to_le32(sizeof(struct durable_context_v2)); 1170 buf->ccontext.NameOffset = cpu_to_le16(offsetof 1171 (struct create_durable_v2, Name)); 1172 buf->ccontext.NameLength = cpu_to_le16(4); 1173 1174 buf->dcontext.Timeout = 0; /* Should this be configurable by workload */ 1175 buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT); 1176 get_random_bytes(buf->dcontext.CreateGuid, 16); 1177 memcpy(pfid->create_guid, buf->dcontext.CreateGuid, 16); 1178 1179 /* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DH2Q" */ 1180 buf->Name[0] = 'D'; 1181 buf->Name[1] = 'H'; 1182 buf->Name[2] = '2'; 1183 buf->Name[3] = 'Q'; 1184 return buf; 1185} 1186 1187static struct create_durable_handle_reconnect_v2 * 1188create_reconnect_durable_v2_buf(struct cifs_fid *fid) 1189{ 1190 struct create_durable_handle_reconnect_v2 *buf; 1191 1192 buf = kzalloc(sizeof(struct create_durable_handle_reconnect_v2), 1193 GFP_KERNEL); 1194 if (!buf) 1195 return NULL; 1196 1197 buf->ccontext.DataOffset = 1198 cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2, 1199 dcontext)); 1200 buf->ccontext.DataLength = 1201 cpu_to_le32(sizeof(struct durable_reconnect_context_v2)); 1202 buf->ccontext.NameOffset = 1203 cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2, 1204 Name)); 1205 buf->ccontext.NameLength = cpu_to_le16(4); 1206 1207 buf->dcontext.Fid.PersistentFileId = fid->persistent_fid; 1208 buf->dcontext.Fid.VolatileFileId = fid->volatile_fid; 1209 buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT); 1210 memcpy(buf->dcontext.CreateGuid, fid->create_guid, 16); 1211 1212 /* SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 is "DH2C" */ 1213 buf->Name[0] = 'D'; 1214 buf->Name[1] = 'H'; 1215 buf->Name[2] = '2'; 1216 buf->Name[3] = 'C'; 1217 return buf; 1218} 1219 1220static int 1221add_durable_v2_context(struct kvec *iov, unsigned int *num_iovec, 1222 struct cifs_open_parms *oparms) 1223{ 1224 struct smb2_create_req *req = iov[0].iov_base; 1225 unsigned int num = *num_iovec; 1226 1227 iov[num].iov_base = create_durable_v2_buf(oparms->fid); 1228 if (iov[num].iov_base == NULL) 1229 return -ENOMEM; 1230 iov[num].iov_len = sizeof(struct create_durable_v2); 1231 if (!req->CreateContextsOffset) 1232 req->CreateContextsOffset = 1233 cpu_to_le32(sizeof(struct smb2_create_req) - 4 + 1234 iov[1].iov_len); 1235 le32_add_cpu(&req->CreateContextsLength, sizeof(struct create_durable_v2)); 1236 inc_rfc1001_len(&req->hdr, sizeof(struct create_durable_v2)); 1237 *num_iovec = num + 1; 1238 return 0; 1239} 1240 1241static int 1242add_durable_reconnect_v2_context(struct kvec *iov, unsigned int *num_iovec, 1243 struct cifs_open_parms *oparms) 1244{ 1245 struct smb2_create_req *req = iov[0].iov_base; 1246 unsigned int num = *num_iovec; 1247 1248 /* indicate that we don't need to relock the file */ 1249 oparms->reconnect = false; 1250 1251 iov[num].iov_base = create_reconnect_durable_v2_buf(oparms->fid); 1252 if (iov[num].iov_base == NULL) 1253 return -ENOMEM; 1254 iov[num].iov_len = sizeof(struct create_durable_handle_reconnect_v2); 1255 if (!req->CreateContextsOffset) 1256 req->CreateContextsOffset = 1257 cpu_to_le32(sizeof(struct smb2_create_req) - 4 + 1258 iov[1].iov_len); 1259 le32_add_cpu(&req->CreateContextsLength, 1260 sizeof(struct create_durable_handle_reconnect_v2)); 1261 inc_rfc1001_len(&req->hdr, 1262 sizeof(struct create_durable_handle_reconnect_v2)); 1263 *num_iovec = num + 1; 1264 return 0; 1265} 1266 1267static int 1268add_durable_context(struct kvec *iov, unsigned int *num_iovec, 1269 struct cifs_open_parms *oparms, bool use_persistent) 1270{ 1271 struct smb2_create_req *req = iov[0].iov_base; 1272 unsigned int num = *num_iovec; 1273 1274 if (use_persistent) { 1275 if (oparms->reconnect) 1276 return add_durable_reconnect_v2_context(iov, num_iovec, 1277 oparms); 1278 else 1279 return add_durable_v2_context(iov, num_iovec, oparms); 1280 } 1281 1282 if (oparms->reconnect) { 1283 iov[num].iov_base = create_reconnect_durable_buf(oparms->fid); 1284 /* indicate that we don't need to relock the file */ 1285 oparms->reconnect = false; 1286 } else 1287 iov[num].iov_base = create_durable_buf(); 1288 if (iov[num].iov_base == NULL) 1289 return -ENOMEM; 1290 iov[num].iov_len = sizeof(struct create_durable); 1291 if (!req->CreateContextsOffset) 1292 req->CreateContextsOffset = 1293 cpu_to_le32(sizeof(struct smb2_create_req) - 4 + 1294 iov[1].iov_len); 1295 le32_add_cpu(&req->CreateContextsLength, sizeof(struct create_durable)); 1296 inc_rfc1001_len(&req->hdr, sizeof(struct create_durable)); 1297 *num_iovec = num + 1; 1298 return 0; 1299} 1300 1301int 1302SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path, 1303 __u8 *oplock, struct smb2_file_all_info *buf, 1304 struct smb2_err_rsp **err_buf) 1305{ 1306 struct smb2_create_req *req; 1307 struct smb2_create_rsp *rsp; 1308 struct TCP_Server_Info *server; 1309 struct cifs_tcon *tcon = oparms->tcon; 1310 struct cifs_ses *ses = tcon->ses; 1311 struct kvec iov[4]; 1312 int resp_buftype; 1313 int uni_path_len; 1314 __le16 *copy_path = NULL; 1315 int copy_size; 1316 int rc = 0; 1317 unsigned int num_iovecs = 2; 1318 __u32 file_attributes = 0; 1319 char *dhc_buf = NULL, *lc_buf = NULL; 1320 1321 cifs_dbg(FYI, "create/open\n"); 1322 1323 if (ses && (ses->server)) 1324 server = ses->server; 1325 else 1326 return -EIO; 1327 1328 rc = small_smb2_init(SMB2_CREATE, tcon, (void **) &req); 1329 if (rc) 1330 return rc; 1331 1332 if (oparms->create_options & CREATE_OPTION_READONLY) 1333 file_attributes |= ATTR_READONLY; 1334 if (oparms->create_options & CREATE_OPTION_SPECIAL) 1335 file_attributes |= ATTR_SYSTEM; 1336 1337 req->ImpersonationLevel = IL_IMPERSONATION; 1338 req->DesiredAccess = cpu_to_le32(oparms->desired_access); 1339 /* File attributes ignored on open (used in create though) */ 1340 req->FileAttributes = cpu_to_le32(file_attributes); 1341 req->ShareAccess = FILE_SHARE_ALL_LE; 1342 req->CreateDisposition = cpu_to_le32(oparms->disposition); 1343 req->CreateOptions = cpu_to_le32(oparms->create_options & CREATE_OPTIONS_MASK); 1344 uni_path_len = (2 * UniStrnlen((wchar_t *)path, PATH_MAX)) + 2; 1345 /* do not count rfc1001 len field */ 1346 req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req) - 4); 1347 1348 iov[0].iov_base = (char *)req; 1349 /* 4 for rfc1002 length field */ 1350 iov[0].iov_len = get_rfc1002_length(req) + 4; 1351 1352 /* MUST set path len (NameLength) to 0 opening root of share */ 1353 req->NameLength = cpu_to_le16(uni_path_len - 2); 1354 /* -1 since last byte is buf[0] which is sent below (path) */ 1355 iov[0].iov_len--; 1356 if (uni_path_len % 8 != 0) { 1357 copy_size = uni_path_len / 8 * 8; 1358 if (copy_size < uni_path_len) 1359 copy_size += 8; 1360 1361 copy_path = kzalloc(copy_size, GFP_KERNEL); 1362 if (!copy_path) 1363 return -ENOMEM; 1364 memcpy((char *)copy_path, (const char *)path, 1365 uni_path_len); 1366 uni_path_len = copy_size; 1367 path = copy_path; 1368 } 1369 1370 iov[1].iov_len = uni_path_len; 1371 iov[1].iov_base = path; 1372 /* -1 since last byte is buf[0] which was counted in smb2_buf_len */ 1373 inc_rfc1001_len(req, uni_path_len - 1); 1374 1375 if (!server->oplocks) 1376 *oplock = SMB2_OPLOCK_LEVEL_NONE; 1377 1378 if (!(server->capabilities & SMB2_GLOBAL_CAP_LEASING) || 1379 *oplock == SMB2_OPLOCK_LEVEL_NONE) 1380 req->RequestedOplockLevel = *oplock; 1381 else { 1382 rc = add_lease_context(server, iov, &num_iovecs, oplock); 1383 if (rc) { 1384 cifs_small_buf_release(req); 1385 kfree(copy_path); 1386 return rc; 1387 } 1388 lc_buf = iov[num_iovecs-1].iov_base; 1389 } 1390 1391 if (*oplock == SMB2_OPLOCK_LEVEL_BATCH) { 1392 /* need to set Next field of lease context if we request it */ 1393 if (server->capabilities & SMB2_GLOBAL_CAP_LEASING) { 1394 struct create_context *ccontext = 1395 (struct create_context *)iov[num_iovecs-1].iov_base; 1396 ccontext->Next = 1397 cpu_to_le32(server->vals->create_lease_size); 1398 } 1399 1400 rc = add_durable_context(iov, &num_iovecs, oparms, 1401 tcon->use_persistent); 1402 if (rc) { 1403 cifs_small_buf_release(req); 1404 kfree(copy_path); 1405 kfree(lc_buf); 1406 return rc; 1407 } 1408 dhc_buf = iov[num_iovecs-1].iov_base; 1409 } 1410 1411 rc = SendReceive2(xid, ses, iov, num_iovecs, &resp_buftype, 0); 1412 rsp = (struct smb2_create_rsp *)iov[0].iov_base; 1413 1414 if (rc != 0) { 1415 cifs_stats_fail_inc(tcon, SMB2_CREATE_HE); 1416 if (err_buf) 1417 *err_buf = kmemdup(rsp, get_rfc1002_length(rsp) + 4, 1418 GFP_KERNEL); 1419 goto creat_exit; 1420 } 1421 1422 oparms->fid->persistent_fid = rsp->PersistentFileId; 1423 oparms->fid->volatile_fid = rsp->VolatileFileId; 1424 1425 if (buf) { 1426 memcpy(buf, &rsp->CreationTime, 32); 1427 buf->AllocationSize = rsp->AllocationSize; 1428 buf->EndOfFile = rsp->EndofFile; 1429 buf->Attributes = rsp->FileAttributes; 1430 buf->NumberOfLinks = cpu_to_le32(1); 1431 buf->DeletePending = 0; 1432 } 1433 1434 if (rsp->OplockLevel == SMB2_OPLOCK_LEVEL_LEASE) 1435 *oplock = parse_lease_state(server, rsp, &oparms->fid->epoch); 1436 else 1437 *oplock = rsp->OplockLevel; 1438creat_exit: 1439 kfree(copy_path); 1440 kfree(lc_buf); 1441 kfree(dhc_buf); 1442 free_rsp_buf(resp_buftype, rsp); 1443 return rc; 1444} 1445 1446/* 1447 * SMB2 IOCTL is used for both IOCTLs and FSCTLs 1448 */ 1449int 1450SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid, 1451 u64 volatile_fid, u32 opcode, bool is_fsctl, char *in_data, 1452 u32 indatalen, char **out_data, u32 *plen /* returned data len */) 1453{ 1454 struct smb2_ioctl_req *req; 1455 struct smb2_ioctl_rsp *rsp; 1456 struct TCP_Server_Info *server; 1457 struct cifs_ses *ses; 1458 struct kvec iov[2]; 1459 int resp_buftype; 1460 int num_iovecs; 1461 int rc = 0; 1462 1463 cifs_dbg(FYI, "SMB2 IOCTL\n"); 1464 1465 if (out_data != NULL) 1466 *out_data = NULL; 1467 1468 /* zero out returned data len, in case of error */ 1469 if (plen) 1470 *plen = 0; 1471 1472 if (tcon) 1473 ses = tcon->ses; 1474 else 1475 return -EIO; 1476 1477 if (ses && (ses->server)) 1478 server = ses->server; 1479 else 1480 return -EIO; 1481 1482 rc = small_smb2_init(SMB2_IOCTL, tcon, (void **) &req); 1483 if (rc) 1484 return rc; 1485 1486 req->CtlCode = cpu_to_le32(opcode); 1487 req->PersistentFileId = persistent_fid; 1488 req->VolatileFileId = volatile_fid; 1489 1490 if (indatalen) { 1491 req->InputCount = cpu_to_le32(indatalen); 1492 /* do not set InputOffset if no input data */ 1493 req->InputOffset = 1494 cpu_to_le32(offsetof(struct smb2_ioctl_req, Buffer) - 4); 1495 iov[1].iov_base = in_data; 1496 iov[1].iov_len = indatalen; 1497 num_iovecs = 2; 1498 } else 1499 num_iovecs = 1; 1500 1501 req->OutputOffset = 0; 1502 req->OutputCount = 0; /* MBZ */ 1503 1504 /* 1505 * Could increase MaxOutputResponse, but that would require more 1506 * than one credit. Windows typically sets this smaller, but for some 1507 * ioctls it may be useful to allow server to send more. No point 1508 * limiting what the server can send as long as fits in one credit 1509 */ 1510 req->MaxOutputResponse = cpu_to_le32(0xFF00); /* < 64K uses 1 credit */ 1511 1512 if (is_fsctl) 1513 req->Flags = cpu_to_le32(SMB2_0_IOCTL_IS_FSCTL); 1514 else 1515 req->Flags = 0; 1516 1517 iov[0].iov_base = (char *)req; 1518 1519 /* 1520 * If no input data, the size of ioctl struct in 1521 * protocol spec still includes a 1 byte data buffer, 1522 * but if input data passed to ioctl, we do not 1523 * want to double count this, so we do not send 1524 * the dummy one byte of data in iovec[0] if sending 1525 * input data (in iovec[1]). We also must add 4 bytes 1526 * in first iovec to allow for rfc1002 length field. 1527 */ 1528 1529 if (indatalen) { 1530 iov[0].iov_len = get_rfc1002_length(req) + 4 - 1; 1531 inc_rfc1001_len(req, indatalen - 1); 1532 } else 1533 iov[0].iov_len = get_rfc1002_length(req) + 4; 1534 1535 1536 rc = SendReceive2(xid, ses, iov, num_iovecs, &resp_buftype, 0); 1537 rsp = (struct smb2_ioctl_rsp *)iov[0].iov_base; 1538 1539 if ((rc != 0) && (rc != -EINVAL)) { 1540 cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE); 1541 goto ioctl_exit; 1542 } else if (rc == -EINVAL) { 1543 if ((opcode != FSCTL_SRV_COPYCHUNK_WRITE) && 1544 (opcode != FSCTL_SRV_COPYCHUNK)) { 1545 cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE); 1546 goto ioctl_exit; 1547 } 1548 } 1549 1550 /* check if caller wants to look at return data or just return rc */ 1551 if ((plen == NULL) || (out_data == NULL)) 1552 goto ioctl_exit; 1553 1554 *plen = le32_to_cpu(rsp->OutputCount); 1555 1556 /* We check for obvious errors in the output buffer length and offset */ 1557 if (*plen == 0) 1558 goto ioctl_exit; /* server returned no data */ 1559 else if (*plen > 0xFF00) { 1560 cifs_dbg(VFS, "srv returned invalid ioctl length: %d\n", *plen); 1561 *plen = 0; 1562 rc = -EIO; 1563 goto ioctl_exit; 1564 } 1565 1566 if (get_rfc1002_length(rsp) < le32_to_cpu(rsp->OutputOffset) + *plen) { 1567 cifs_dbg(VFS, "Malformed ioctl resp: len %d offset %d\n", *plen, 1568 le32_to_cpu(rsp->OutputOffset)); 1569 *plen = 0; 1570 rc = -EIO; 1571 goto ioctl_exit; 1572 } 1573 1574 *out_data = kmalloc(*plen, GFP_KERNEL); 1575 if (*out_data == NULL) { 1576 rc = -ENOMEM; 1577 goto ioctl_exit; 1578 } 1579 1580 memcpy(*out_data, rsp->hdr.ProtocolId + le32_to_cpu(rsp->OutputOffset), 1581 *plen); 1582ioctl_exit: 1583 free_rsp_buf(resp_buftype, rsp); 1584 return rc; 1585} 1586 1587/* 1588 * Individual callers to ioctl worker function follow 1589 */ 1590 1591int 1592SMB2_set_compression(const unsigned int xid, struct cifs_tcon *tcon, 1593 u64 persistent_fid, u64 volatile_fid) 1594{ 1595 int rc; 1596 struct compress_ioctl fsctl_input; 1597 char *ret_data = NULL; 1598 1599 fsctl_input.CompressionState = 1600 cpu_to_le16(COMPRESSION_FORMAT_DEFAULT); 1601 1602 rc = SMB2_ioctl(xid, tcon, persistent_fid, volatile_fid, 1603 FSCTL_SET_COMPRESSION, true /* is_fsctl */, 1604 (char *)&fsctl_input /* data input */, 1605 2 /* in data len */, &ret_data /* out data */, NULL); 1606 1607 cifs_dbg(FYI, "set compression rc %d\n", rc); 1608 1609 return rc; 1610} 1611 1612int 1613SMB2_close(const unsigned int xid, struct cifs_tcon *tcon, 1614 u64 persistent_fid, u64 volatile_fid) 1615{ 1616 struct smb2_close_req *req; 1617 struct smb2_close_rsp *rsp; 1618 struct TCP_Server_Info *server; 1619 struct cifs_ses *ses = tcon->ses; 1620 struct kvec iov[1]; 1621 int resp_buftype; 1622 int rc = 0; 1623 1624 cifs_dbg(FYI, "Close\n"); 1625 1626 if (ses && (ses->server)) 1627 server = ses->server; 1628 else 1629 return -EIO; 1630 1631 rc = small_smb2_init(SMB2_CLOSE, tcon, (void **) &req); 1632 if (rc) 1633 return rc; 1634 1635 req->PersistentFileId = persistent_fid; 1636 req->VolatileFileId = volatile_fid; 1637 1638 iov[0].iov_base = (char *)req; 1639 /* 4 for rfc1002 length field */ 1640 iov[0].iov_len = get_rfc1002_length(req) + 4; 1641 1642 rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, 0); 1643 rsp = (struct smb2_close_rsp *)iov[0].iov_base; 1644 1645 if (rc != 0) { 1646 cifs_stats_fail_inc(tcon, SMB2_CLOSE_HE); 1647 goto close_exit; 1648 } 1649 1650 /* BB FIXME - decode close response, update inode for caching */ 1651 1652close_exit: 1653 free_rsp_buf(resp_buftype, rsp); 1654 return rc; 1655} 1656 1657static int 1658validate_buf(unsigned int offset, unsigned int buffer_length, 1659 struct smb2_hdr *hdr, unsigned int min_buf_size) 1660 1661{ 1662 unsigned int smb_len = be32_to_cpu(hdr->smb2_buf_length); 1663 char *end_of_smb = smb_len + 4 /* RFC1001 length field */ + (char *)hdr; 1664 char *begin_of_buf = 4 /* RFC1001 len field */ + offset + (char *)hdr; 1665 char *end_of_buf = begin_of_buf + buffer_length; 1666 1667 1668 if (buffer_length < min_buf_size) { 1669 cifs_dbg(VFS, "buffer length %d smaller than minimum size %d\n", 1670 buffer_length, min_buf_size); 1671 return -EINVAL; 1672 } 1673 1674 /* check if beyond RFC1001 maximum length */ 1675 if ((smb_len > 0x7FFFFF) || (buffer_length > 0x7FFFFF)) { 1676 cifs_dbg(VFS, "buffer length %d or smb length %d too large\n", 1677 buffer_length, smb_len); 1678 return -EINVAL; 1679 } 1680 1681 if ((begin_of_buf > end_of_smb) || (end_of_buf > end_of_smb)) { 1682 cifs_dbg(VFS, "illegal server response, bad offset to data\n"); 1683 return -EINVAL; 1684 } 1685 1686 return 0; 1687} 1688 1689/* 1690 * If SMB buffer fields are valid, copy into temporary buffer to hold result. 1691 * Caller must free buffer. 1692 */ 1693static int 1694validate_and_copy_buf(unsigned int offset, unsigned int buffer_length, 1695 struct smb2_hdr *hdr, unsigned int minbufsize, 1696 char *data) 1697 1698{ 1699 char *begin_of_buf = 4 /* RFC1001 len field */ + offset + (char *)hdr; 1700 int rc; 1701 1702 if (!data) 1703 return -EINVAL; 1704 1705 rc = validate_buf(offset, buffer_length, hdr, minbufsize); 1706 if (rc) 1707 return rc; 1708 1709 memcpy(data, begin_of_buf, buffer_length); 1710 1711 return 0; 1712} 1713 1714static int 1715query_info(const unsigned int xid, struct cifs_tcon *tcon, 1716 u64 persistent_fid, u64 volatile_fid, u8 info_class, 1717 size_t output_len, size_t min_len, void *data) 1718{ 1719 struct smb2_query_info_req *req; 1720 struct smb2_query_info_rsp *rsp = NULL; 1721 struct kvec iov[2]; 1722 int rc = 0; 1723 int resp_buftype; 1724 struct TCP_Server_Info *server; 1725 struct cifs_ses *ses = tcon->ses; 1726 1727 cifs_dbg(FYI, "Query Info\n"); 1728 1729 if (ses && (ses->server)) 1730 server = ses->server; 1731 else 1732 return -EIO; 1733 1734 rc = small_smb2_init(SMB2_QUERY_INFO, tcon, (void **) &req); 1735 if (rc) 1736 return rc; 1737 1738 req->InfoType = SMB2_O_INFO_FILE; 1739 req->FileInfoClass = info_class; 1740 req->PersistentFileId = persistent_fid; 1741 req->VolatileFileId = volatile_fid; 1742 /* 4 for rfc1002 length field and 1 for Buffer */ 1743 req->InputBufferOffset = 1744 cpu_to_le16(sizeof(struct smb2_query_info_req) - 1 - 4); 1745 req->OutputBufferLength = cpu_to_le32(output_len); 1746 1747 iov[0].iov_base = (char *)req; 1748 /* 4 for rfc1002 length field */ 1749 iov[0].iov_len = get_rfc1002_length(req) + 4; 1750 1751 rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, 0); 1752 rsp = (struct smb2_query_info_rsp *)iov[0].iov_base; 1753 1754 if (rc) { 1755 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); 1756 goto qinf_exit; 1757 } 1758 1759 rc = validate_and_copy_buf(le16_to_cpu(rsp->OutputBufferOffset), 1760 le32_to_cpu(rsp->OutputBufferLength), 1761 &rsp->hdr, min_len, data); 1762 1763qinf_exit: 1764 free_rsp_buf(resp_buftype, rsp); 1765 return rc; 1766} 1767 1768int 1769SMB2_query_info(const unsigned int xid, struct cifs_tcon *tcon, 1770 u64 persistent_fid, u64 volatile_fid, 1771 struct smb2_file_all_info *data) 1772{ 1773 return query_info(xid, tcon, persistent_fid, volatile_fid, 1774 FILE_ALL_INFORMATION, 1775 sizeof(struct smb2_file_all_info) + PATH_MAX * 2, 1776 sizeof(struct smb2_file_all_info), data); 1777} 1778 1779int 1780SMB2_get_srv_num(const unsigned int xid, struct cifs_tcon *tcon, 1781 u64 persistent_fid, u64 volatile_fid, __le64 *uniqueid) 1782{ 1783 return query_info(xid, tcon, persistent_fid, volatile_fid, 1784 FILE_INTERNAL_INFORMATION, 1785 sizeof(struct smb2_file_internal_info), 1786 sizeof(struct smb2_file_internal_info), uniqueid); 1787} 1788 1789/* 1790 * This is a no-op for now. We're not really interested in the reply, but 1791 * rather in the fact that the server sent one and that server->lstrp 1792 * gets updated. 1793 * 1794 * FIXME: maybe we should consider checking that the reply matches request? 1795 */ 1796static void 1797smb2_echo_callback(struct mid_q_entry *mid) 1798{ 1799 struct TCP_Server_Info *server = mid->callback_data; 1800 struct smb2_echo_rsp *smb2 = (struct smb2_echo_rsp *)mid->resp_buf; 1801 unsigned int credits_received = 1; 1802 1803 if (mid->mid_state == MID_RESPONSE_RECEIVED) 1804 credits_received = le16_to_cpu(smb2->hdr.CreditRequest); 1805 1806 mutex_lock(&server->srv_mutex); 1807 DeleteMidQEntry(mid); 1808 mutex_unlock(&server->srv_mutex); 1809 add_credits(server, credits_received, CIFS_ECHO_OP); 1810} 1811 1812int 1813SMB2_echo(struct TCP_Server_Info *server) 1814{ 1815 struct smb2_echo_req *req; 1816 int rc = 0; 1817 struct kvec iov; 1818 struct smb_rqst rqst = { .rq_iov = &iov, 1819 .rq_nvec = 1 }; 1820 1821 cifs_dbg(FYI, "In echo request\n"); 1822 1823 rc = small_smb2_init(SMB2_ECHO, NULL, (void **)&req); 1824 if (rc) 1825 return rc; 1826 1827 req->hdr.CreditRequest = cpu_to_le16(1); 1828 1829 iov.iov_base = (char *)req; 1830 /* 4 for rfc1002 length field */ 1831 iov.iov_len = get_rfc1002_length(req) + 4; 1832 1833 rc = cifs_call_async(server, &rqst, NULL, smb2_echo_callback, server, 1834 CIFS_ECHO_OP); 1835 if (rc) 1836 cifs_dbg(FYI, "Echo request failed: %d\n", rc); 1837 1838 cifs_small_buf_release(req); 1839 return rc; 1840} 1841 1842int 1843SMB2_flush(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid, 1844 u64 volatile_fid) 1845{ 1846 struct smb2_flush_req *req; 1847 struct TCP_Server_Info *server; 1848 struct cifs_ses *ses = tcon->ses; 1849 struct kvec iov[1]; 1850 int resp_buftype; 1851 int rc = 0; 1852 1853 cifs_dbg(FYI, "Flush\n"); 1854 1855 if (ses && (ses->server)) 1856 server = ses->server; 1857 else 1858 return -EIO; 1859 1860 rc = small_smb2_init(SMB2_FLUSH, tcon, (void **) &req); 1861 if (rc) 1862 return rc; 1863 1864 req->PersistentFileId = persistent_fid; 1865 req->VolatileFileId = volatile_fid; 1866 1867 iov[0].iov_base = (char *)req; 1868 /* 4 for rfc1002 length field */ 1869 iov[0].iov_len = get_rfc1002_length(req) + 4; 1870 1871 rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, 0); 1872 1873 if (rc != 0) 1874 cifs_stats_fail_inc(tcon, SMB2_FLUSH_HE); 1875 1876 free_rsp_buf(resp_buftype, iov[0].iov_base); 1877 return rc; 1878} 1879 1880/* 1881 * To form a chain of read requests, any read requests after the first should 1882 * have the end_of_chain boolean set to true. 1883 */ 1884static int 1885smb2_new_read_req(struct kvec *iov, struct cifs_io_parms *io_parms, 1886 unsigned int remaining_bytes, int request_type) 1887{ 1888 int rc = -EACCES; 1889 struct smb2_read_req *req = NULL; 1890 1891 rc = small_smb2_init(SMB2_READ, io_parms->tcon, (void **) &req); 1892 if (rc) 1893 return rc; 1894 if (io_parms->tcon->ses->server == NULL) 1895 return -ECONNABORTED; 1896 1897 req->hdr.ProcessId = cpu_to_le32(io_parms->pid); 1898 1899 req->PersistentFileId = io_parms->persistent_fid; 1900 req->VolatileFileId = io_parms->volatile_fid; 1901 req->ReadChannelInfoOffset = 0; /* reserved */ 1902 req->ReadChannelInfoLength = 0; /* reserved */ 1903 req->Channel = 0; /* reserved */ 1904 req->MinimumCount = 0; 1905 req->Length = cpu_to_le32(io_parms->length); 1906 req->Offset = cpu_to_le64(io_parms->offset); 1907 1908 if (request_type & CHAINED_REQUEST) { 1909 if (!(request_type & END_OF_CHAIN)) { 1910 /* 4 for rfc1002 length field */ 1911 req->hdr.NextCommand = 1912 cpu_to_le32(get_rfc1002_length(req) + 4); 1913 } else /* END_OF_CHAIN */ 1914 req->hdr.NextCommand = 0; 1915 if (request_type & RELATED_REQUEST) { 1916 req->hdr.Flags |= SMB2_FLAGS_RELATED_OPERATIONS; 1917 /* 1918 * Related requests use info from previous read request 1919 * in chain. 1920 */ 1921 req->hdr.SessionId = 0xFFFFFFFF; 1922 req->hdr.TreeId = 0xFFFFFFFF; 1923 req->PersistentFileId = 0xFFFFFFFF; 1924 req->VolatileFileId = 0xFFFFFFFF; 1925 } 1926 } 1927 if (remaining_bytes > io_parms->length) 1928 req->RemainingBytes = cpu_to_le32(remaining_bytes); 1929 else 1930 req->RemainingBytes = 0; 1931 1932 iov[0].iov_base = (char *)req; 1933 /* 4 for rfc1002 length field */ 1934 iov[0].iov_len = get_rfc1002_length(req) + 4; 1935 return rc; 1936} 1937 1938static void 1939smb2_readv_callback(struct mid_q_entry *mid) 1940{ 1941 struct cifs_readdata *rdata = mid->callback_data; 1942 struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink); 1943 struct TCP_Server_Info *server = tcon->ses->server; 1944 struct smb2_hdr *buf = (struct smb2_hdr *)rdata->iov.iov_base; 1945 unsigned int credits_received = 1; 1946 struct smb_rqst rqst = { .rq_iov = &rdata->iov, 1947 .rq_nvec = 1, 1948 .rq_pages = rdata->pages, 1949 .rq_npages = rdata->nr_pages, 1950 .rq_pagesz = rdata->pagesz, 1951 .rq_tailsz = rdata->tailsz }; 1952 1953 cifs_dbg(FYI, "%s: mid=%llu state=%d result=%d bytes=%u\n", 1954 __func__, mid->mid, mid->mid_state, rdata->result, 1955 rdata->bytes); 1956 1957 switch (mid->mid_state) { 1958 case MID_RESPONSE_RECEIVED: 1959 credits_received = le16_to_cpu(buf->CreditRequest); 1960 /* result already set, check signature */ 1961 if (server->sign) { 1962 int rc; 1963 1964 rc = smb2_verify_signature(&rqst, server); 1965 if (rc) 1966 cifs_dbg(VFS, "SMB signature verification returned error = %d\n", 1967 rc); 1968 } 1969 /* FIXME: should this be counted toward the initiating task? */ 1970 task_io_account_read(rdata->got_bytes); 1971 cifs_stats_bytes_read(tcon, rdata->got_bytes); 1972 break; 1973 case MID_REQUEST_SUBMITTED: 1974 case MID_RETRY_NEEDED: 1975 rdata->result = -EAGAIN; 1976 if (server->sign && rdata->got_bytes) 1977 /* reset bytes number since we can not check a sign */ 1978 rdata->got_bytes = 0; 1979 /* FIXME: should this be counted toward the initiating task? */ 1980 task_io_account_read(rdata->got_bytes); 1981 cifs_stats_bytes_read(tcon, rdata->got_bytes); 1982 break; 1983 default: 1984 if (rdata->result != -ENODATA) 1985 rdata->result = -EIO; 1986 } 1987 1988 if (rdata->result) 1989 cifs_stats_fail_inc(tcon, SMB2_READ_HE); 1990 1991 queue_work(cifsiod_wq, &rdata->work); 1992 mutex_lock(&server->srv_mutex); 1993 DeleteMidQEntry(mid); 1994 mutex_unlock(&server->srv_mutex); 1995 add_credits(server, credits_received, 0); 1996} 1997 1998/* smb2_async_readv - send an async write, and set up mid to handle result */ 1999int 2000smb2_async_readv(struct cifs_readdata *rdata) 2001{ 2002 int rc, flags = 0; 2003 struct smb2_hdr *buf; 2004 struct cifs_io_parms io_parms; 2005 struct smb_rqst rqst = { .rq_iov = &rdata->iov, 2006 .rq_nvec = 1 }; 2007 struct TCP_Server_Info *server; 2008 2009 cifs_dbg(FYI, "%s: offset=%llu bytes=%u\n", 2010 __func__, rdata->offset, rdata->bytes); 2011 2012 io_parms.tcon = tlink_tcon(rdata->cfile->tlink); 2013 io_parms.offset = rdata->offset; 2014 io_parms.length = rdata->bytes; 2015 io_parms.persistent_fid = rdata->cfile->fid.persistent_fid; 2016 io_parms.volatile_fid = rdata->cfile->fid.volatile_fid; 2017 io_parms.pid = rdata->pid; 2018 2019 server = io_parms.tcon->ses->server; 2020 2021 rc = smb2_new_read_req(&rdata->iov, &io_parms, 0, 0); 2022 if (rc) { 2023 if (rc == -EAGAIN && rdata->credits) { 2024 /* credits was reset by reconnect */ 2025 rdata->credits = 0; 2026 /* reduce in_flight value since we won't send the req */ 2027 spin_lock(&server->req_lock); 2028 server->in_flight--; 2029 spin_unlock(&server->req_lock); 2030 } 2031 return rc; 2032 } 2033 2034 buf = (struct smb2_hdr *)rdata->iov.iov_base; 2035 /* 4 for rfc1002 length field */ 2036 rdata->iov.iov_len = get_rfc1002_length(rdata->iov.iov_base) + 4; 2037 2038 if (rdata->credits) { 2039 buf->CreditCharge = cpu_to_le16(DIV_ROUND_UP(rdata->bytes, 2040 SMB2_MAX_BUFFER_SIZE)); 2041 spin_lock(&server->req_lock); 2042 server->credits += rdata->credits - 2043 le16_to_cpu(buf->CreditCharge); 2044 spin_unlock(&server->req_lock); 2045 wake_up(&server->request_q); 2046 flags = CIFS_HAS_CREDITS; 2047 } 2048 2049 kref_get(&rdata->refcount); 2050 rc = cifs_call_async(io_parms.tcon->ses->server, &rqst, 2051 cifs_readv_receive, smb2_readv_callback, 2052 rdata, flags); 2053 if (rc) { 2054 kref_put(&rdata->refcount, cifs_readdata_release); 2055 cifs_stats_fail_inc(io_parms.tcon, SMB2_READ_HE); 2056 } 2057 2058 cifs_small_buf_release(buf); 2059 return rc; 2060} 2061 2062int 2063SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms, 2064 unsigned int *nbytes, char **buf, int *buf_type) 2065{ 2066 int resp_buftype, rc = -EACCES; 2067 struct smb2_read_rsp *rsp = NULL; 2068 struct kvec iov[1]; 2069 2070 *nbytes = 0; 2071 rc = smb2_new_read_req(iov, io_parms, 0, 0); 2072 if (rc) 2073 return rc; 2074 2075 rc = SendReceive2(xid, io_parms->tcon->ses, iov, 1, 2076 &resp_buftype, CIFS_LOG_ERROR); 2077 2078 rsp = (struct smb2_read_rsp *)iov[0].iov_base; 2079 2080 if (rsp->hdr.Status == STATUS_END_OF_FILE) { 2081 free_rsp_buf(resp_buftype, iov[0].iov_base); 2082 return 0; 2083 } 2084 2085 if (rc) { 2086 cifs_stats_fail_inc(io_parms->tcon, SMB2_READ_HE); 2087 cifs_dbg(VFS, "Send error in read = %d\n", rc); 2088 } else { 2089 *nbytes = le32_to_cpu(rsp->DataLength); 2090 if ((*nbytes > CIFS_MAX_MSGSIZE) || 2091 (*nbytes > io_parms->length)) { 2092 cifs_dbg(FYI, "bad length %d for count %d\n", 2093 *nbytes, io_parms->length); 2094 rc = -EIO; 2095 *nbytes = 0; 2096 } 2097 } 2098 2099 if (*buf) { 2100 memcpy(*buf, (char *)rsp->hdr.ProtocolId + rsp->DataOffset, 2101 *nbytes); 2102 free_rsp_buf(resp_buftype, iov[0].iov_base); 2103 } else if (resp_buftype != CIFS_NO_BUFFER) { 2104 *buf = iov[0].iov_base; 2105 if (resp_buftype == CIFS_SMALL_BUFFER) 2106 *buf_type = CIFS_SMALL_BUFFER; 2107 else if (resp_buftype == CIFS_LARGE_BUFFER) 2108 *buf_type = CIFS_LARGE_BUFFER; 2109 } 2110 return rc; 2111} 2112 2113/* 2114 * Check the mid_state and signature on received buffer (if any), and queue the 2115 * workqueue completion task. 2116 */ 2117static void 2118smb2_writev_callback(struct mid_q_entry *mid) 2119{ 2120 struct cifs_writedata *wdata = mid->callback_data; 2121 struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink); 2122 struct TCP_Server_Info *server = tcon->ses->server; 2123 unsigned int written; 2124 struct smb2_write_rsp *rsp = (struct smb2_write_rsp *)mid->resp_buf; 2125 unsigned int credits_received = 1; 2126 2127 switch (mid->mid_state) { 2128 case MID_RESPONSE_RECEIVED: 2129 credits_received = le16_to_cpu(rsp->hdr.CreditRequest); 2130 wdata->result = smb2_check_receive(mid, tcon->ses->server, 0); 2131 if (wdata->result != 0) 2132 break; 2133 2134 written = le32_to_cpu(rsp->DataLength); 2135 /* 2136 * Mask off high 16 bits when bytes written as returned 2137 * by the server is greater than bytes requested by the 2138 * client. OS/2 servers are known to set incorrect 2139 * CountHigh values. 2140 */ 2141 if (written > wdata->bytes) 2142 written &= 0xFFFF; 2143 2144 if (written < wdata->bytes) 2145 wdata->result = -ENOSPC; 2146 else 2147 wdata->bytes = written; 2148 break; 2149 case MID_REQUEST_SUBMITTED: 2150 case MID_RETRY_NEEDED: 2151 wdata->result = -EAGAIN; 2152 break; 2153 default: 2154 wdata->result = -EIO; 2155 break; 2156 } 2157 2158 if (wdata->result) 2159 cifs_stats_fail_inc(tcon, SMB2_WRITE_HE); 2160 2161 queue_work(cifsiod_wq, &wdata->work); 2162 mutex_lock(&server->srv_mutex); 2163 DeleteMidQEntry(mid); 2164 mutex_unlock(&server->srv_mutex); 2165 add_credits(tcon->ses->server, credits_received, 0); 2166} 2167 2168/* smb2_async_writev - send an async write, and set up mid to handle result */ 2169int 2170smb2_async_writev(struct cifs_writedata *wdata, 2171 void (*release)(struct kref *kref)) 2172{ 2173 int rc = -EACCES, flags = 0; 2174 struct smb2_write_req *req = NULL; 2175 struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink); 2176 struct TCP_Server_Info *server = tcon->ses->server; 2177 struct kvec iov; 2178 struct smb_rqst rqst; 2179 2180 rc = small_smb2_init(SMB2_WRITE, tcon, (void **) &req); 2181 if (rc) { 2182 if (rc == -EAGAIN && wdata->credits) { 2183 /* credits was reset by reconnect */ 2184 wdata->credits = 0; 2185 /* reduce in_flight value since we won't send the req */ 2186 spin_lock(&server->req_lock); 2187 server->in_flight--; 2188 spin_unlock(&server->req_lock); 2189 } 2190 goto async_writev_out; 2191 } 2192 2193 req->hdr.ProcessId = cpu_to_le32(wdata->cfile->pid); 2194 2195 req->PersistentFileId = wdata->cfile->fid.persistent_fid; 2196 req->VolatileFileId = wdata->cfile->fid.volatile_fid; 2197 req->WriteChannelInfoOffset = 0; 2198 req->WriteChannelInfoLength = 0; 2199 req->Channel = 0; 2200 req->Offset = cpu_to_le64(wdata->offset); 2201 /* 4 for rfc1002 length field */ 2202 req->DataOffset = cpu_to_le16( 2203 offsetof(struct smb2_write_req, Buffer) - 4); 2204 req->RemainingBytes = 0; 2205 2206 /* 4 for rfc1002 length field and 1 for Buffer */ 2207 iov.iov_len = get_rfc1002_length(req) + 4 - 1; 2208 iov.iov_base = req; 2209 2210 rqst.rq_iov = &iov; 2211 rqst.rq_nvec = 1; 2212 rqst.rq_pages = wdata->pages; 2213 rqst.rq_npages = wdata->nr_pages; 2214 rqst.rq_pagesz = wdata->pagesz; 2215 rqst.rq_tailsz = wdata->tailsz; 2216 2217 cifs_dbg(FYI, "async write at %llu %u bytes\n", 2218 wdata->offset, wdata->bytes); 2219 2220 req->Length = cpu_to_le32(wdata->bytes); 2221 2222 inc_rfc1001_len(&req->hdr, wdata->bytes - 1 /* Buffer */); 2223 2224 if (wdata->credits) { 2225 req->hdr.CreditCharge = cpu_to_le16(DIV_ROUND_UP(wdata->bytes, 2226 SMB2_MAX_BUFFER_SIZE)); 2227 spin_lock(&server->req_lock); 2228 server->credits += wdata->credits - 2229 le16_to_cpu(req->hdr.CreditCharge); 2230 spin_unlock(&server->req_lock); 2231 wake_up(&server->request_q); 2232 flags = CIFS_HAS_CREDITS; 2233 } 2234 2235 kref_get(&wdata->refcount); 2236 rc = cifs_call_async(server, &rqst, NULL, smb2_writev_callback, wdata, 2237 flags); 2238 2239 if (rc) { 2240 kref_put(&wdata->refcount, release); 2241 cifs_stats_fail_inc(tcon, SMB2_WRITE_HE); 2242 } 2243 2244async_writev_out: 2245 cifs_small_buf_release(req); 2246 return rc; 2247} 2248 2249/* 2250 * SMB2_write function gets iov pointer to kvec array with n_vec as a length. 2251 * The length field from io_parms must be at least 1 and indicates a number of 2252 * elements with data to write that begins with position 1 in iov array. All 2253 * data length is specified by count. 2254 */ 2255int 2256SMB2_write(const unsigned int xid, struct cifs_io_parms *io_parms, 2257 unsigned int *nbytes, struct kvec *iov, int n_vec) 2258{ 2259 int rc = 0; 2260 struct smb2_write_req *req = NULL; 2261 struct smb2_write_rsp *rsp = NULL; 2262 int resp_buftype; 2263 *nbytes = 0; 2264 2265 if (n_vec < 1) 2266 return rc; 2267 2268 rc = small_smb2_init(SMB2_WRITE, io_parms->tcon, (void **) &req); 2269 if (rc) 2270 return rc; 2271 2272 if (io_parms->tcon->ses->server == NULL) 2273 return -ECONNABORTED; 2274 2275 req->hdr.ProcessId = cpu_to_le32(io_parms->pid); 2276 2277 req->PersistentFileId = io_parms->persistent_fid; 2278 req->VolatileFileId = io_parms->volatile_fid; 2279 req->WriteChannelInfoOffset = 0; 2280 req->WriteChannelInfoLength = 0; 2281 req->Channel = 0; 2282 req->Length = cpu_to_le32(io_parms->length); 2283 req->Offset = cpu_to_le64(io_parms->offset); 2284 /* 4 for rfc1002 length field */ 2285 req->DataOffset = cpu_to_le16( 2286 offsetof(struct smb2_write_req, Buffer) - 4); 2287 req->RemainingBytes = 0; 2288 2289 iov[0].iov_base = (char *)req; 2290 /* 4 for rfc1002 length field and 1 for Buffer */ 2291 iov[0].iov_len = get_rfc1002_length(req) + 4 - 1; 2292 2293 /* length of entire message including data to be written */ 2294 inc_rfc1001_len(req, io_parms->length - 1 /* Buffer */); 2295 2296 rc = SendReceive2(xid, io_parms->tcon->ses, iov, n_vec + 1, 2297 &resp_buftype, 0); 2298 rsp = (struct smb2_write_rsp *)iov[0].iov_base; 2299 2300 if (rc) { 2301 cifs_stats_fail_inc(io_parms->tcon, SMB2_WRITE_HE); 2302 cifs_dbg(VFS, "Send error in write = %d\n", rc); 2303 } else 2304 *nbytes = le32_to_cpu(rsp->DataLength); 2305 2306 free_rsp_buf(resp_buftype, rsp); 2307 return rc; 2308} 2309 2310static unsigned int 2311num_entries(char *bufstart, char *end_of_buf, char **lastentry, size_t size) 2312{ 2313 int len; 2314 unsigned int entrycount = 0; 2315 unsigned int next_offset = 0; 2316 FILE_DIRECTORY_INFO *entryptr; 2317 2318 if (bufstart == NULL) 2319 return 0; 2320 2321 entryptr = (FILE_DIRECTORY_INFO *)bufstart; 2322 2323 while (1) { 2324 entryptr = (FILE_DIRECTORY_INFO *) 2325 ((char *)entryptr + next_offset); 2326 2327 if ((char *)entryptr + size > end_of_buf) { 2328 cifs_dbg(VFS, "malformed search entry would overflow\n"); 2329 break; 2330 } 2331 2332 len = le32_to_cpu(entryptr->FileNameLength); 2333 if ((char *)entryptr + len + size > end_of_buf) { 2334 cifs_dbg(VFS, "directory entry name would overflow frame end of buf %p\n", 2335 end_of_buf); 2336 break; 2337 } 2338 2339 *lastentry = (char *)entryptr; 2340 entrycount++; 2341 2342 next_offset = le32_to_cpu(entryptr->NextEntryOffset); 2343 if (!next_offset) 2344 break; 2345 } 2346 2347 return entrycount; 2348} 2349 2350/* 2351 * Readdir/FindFirst 2352 */ 2353int 2354SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, 2355 u64 persistent_fid, u64 volatile_fid, int index, 2356 struct cifs_search_info *srch_inf) 2357{ 2358 struct smb2_query_directory_req *req; 2359 struct smb2_query_directory_rsp *rsp = NULL; 2360 struct kvec iov[2]; 2361 int rc = 0; 2362 int len; 2363 int resp_buftype = CIFS_NO_BUFFER; 2364 unsigned char *bufptr; 2365 struct TCP_Server_Info *server; 2366 struct cifs_ses *ses = tcon->ses; 2367 __le16 asteriks = cpu_to_le16('*'); 2368 char *end_of_smb; 2369 unsigned int output_size = CIFSMaxBufSize; 2370 size_t info_buf_size; 2371 2372 if (ses && (ses->server)) 2373 server = ses->server; 2374 else 2375 return -EIO; 2376 2377 rc = small_smb2_init(SMB2_QUERY_DIRECTORY, tcon, (void **) &req); 2378 if (rc) 2379 return rc; 2380 2381 switch (srch_inf->info_level) { 2382 case SMB_FIND_FILE_DIRECTORY_INFO: 2383 req->FileInformationClass = FILE_DIRECTORY_INFORMATION; 2384 info_buf_size = sizeof(FILE_DIRECTORY_INFO) - 1; 2385 break; 2386 case SMB_FIND_FILE_ID_FULL_DIR_INFO: 2387 req->FileInformationClass = FILEID_FULL_DIRECTORY_INFORMATION; 2388 info_buf_size = sizeof(SEARCH_ID_FULL_DIR_INFO) - 1; 2389 break; 2390 default: 2391 cifs_dbg(VFS, "info level %u isn't supported\n", 2392 srch_inf->info_level); 2393 rc = -EINVAL; 2394 goto qdir_exit; 2395 } 2396 2397 req->FileIndex = cpu_to_le32(index); 2398 req->PersistentFileId = persistent_fid; 2399 req->VolatileFileId = volatile_fid; 2400 2401 len = 0x2; 2402 bufptr = req->Buffer; 2403 memcpy(bufptr, &asteriks, len); 2404 2405 req->FileNameOffset = 2406 cpu_to_le16(sizeof(struct smb2_query_directory_req) - 1 - 4); 2407 req->FileNameLength = cpu_to_le16(len); 2408 /* 2409 * BB could be 30 bytes or so longer if we used SMB2 specific 2410 * buffer lengths, but this is safe and close enough. 2411 */ 2412 output_size = min_t(unsigned int, output_size, server->maxBuf); 2413 output_size = min_t(unsigned int, output_size, 2 << 15); 2414 req->OutputBufferLength = cpu_to_le32(output_size); 2415 2416 iov[0].iov_base = (char *)req; 2417 /* 4 for RFC1001 length and 1 for Buffer */ 2418 iov[0].iov_len = get_rfc1002_length(req) + 4 - 1; 2419 2420 iov[1].iov_base = (char *)(req->Buffer); 2421 iov[1].iov_len = len; 2422 2423 inc_rfc1001_len(req, len - 1 /* Buffer */); 2424 2425 rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, 0); 2426 rsp = (struct smb2_query_directory_rsp *)iov[0].iov_base; 2427 2428 if (rc) { 2429 if (rc == -ENODATA && rsp->hdr.Status == STATUS_NO_MORE_FILES) { 2430 srch_inf->endOfSearch = true; 2431 rc = 0; 2432 } 2433 cifs_stats_fail_inc(tcon, SMB2_QUERY_DIRECTORY_HE); 2434 goto qdir_exit; 2435 } 2436 2437 rc = validate_buf(le16_to_cpu(rsp->OutputBufferOffset), 2438 le32_to_cpu(rsp->OutputBufferLength), &rsp->hdr, 2439 info_buf_size); 2440 if (rc) 2441 goto qdir_exit; 2442 2443 srch_inf->unicode = true; 2444 2445 if (srch_inf->ntwrk_buf_start) { 2446 if (srch_inf->smallBuf) 2447 cifs_small_buf_release(srch_inf->ntwrk_buf_start); 2448 else 2449 cifs_buf_release(srch_inf->ntwrk_buf_start); 2450 } 2451 srch_inf->ntwrk_buf_start = (char *)rsp; 2452 srch_inf->srch_entries_start = srch_inf->last_entry = 4 /* rfclen */ + 2453 (char *)&rsp->hdr + le16_to_cpu(rsp->OutputBufferOffset); 2454 /* 4 for rfc1002 length field */ 2455 end_of_smb = get_rfc1002_length(rsp) + 4 + (char *)&rsp->hdr; 2456 srch_inf->entries_in_buffer = 2457 num_entries(srch_inf->srch_entries_start, end_of_smb, 2458 &srch_inf->last_entry, info_buf_size); 2459 srch_inf->index_of_last_entry += srch_inf->entries_in_buffer; 2460 cifs_dbg(FYI, "num entries %d last_index %lld srch start %p srch end %p\n", 2461 srch_inf->entries_in_buffer, srch_inf->index_of_last_entry, 2462 srch_inf->srch_entries_start, srch_inf->last_entry); 2463 if (resp_buftype == CIFS_LARGE_BUFFER) 2464 srch_inf->smallBuf = false; 2465 else if (resp_buftype == CIFS_SMALL_BUFFER) 2466 srch_inf->smallBuf = true; 2467 else 2468 cifs_dbg(VFS, "illegal search buffer type\n"); 2469 2470 return rc; 2471 2472qdir_exit: 2473 free_rsp_buf(resp_buftype, rsp); 2474 return rc; 2475} 2476 2477static int 2478send_set_info(const unsigned int xid, struct cifs_tcon *tcon, 2479 u64 persistent_fid, u64 volatile_fid, u32 pid, int info_class, 2480 unsigned int num, void **data, unsigned int *size) 2481{ 2482 struct smb2_set_info_req *req; 2483 struct smb2_set_info_rsp *rsp = NULL; 2484 struct kvec *iov; 2485 int rc = 0; 2486 int resp_buftype; 2487 unsigned int i; 2488 struct TCP_Server_Info *server; 2489 struct cifs_ses *ses = tcon->ses; 2490 2491 if (ses && (ses->server)) 2492 server = ses->server; 2493 else 2494 return -EIO; 2495 2496 if (!num) 2497 return -EINVAL; 2498 2499 iov = kmalloc(sizeof(struct kvec) * num, GFP_KERNEL); 2500 if (!iov) 2501 return -ENOMEM; 2502 2503 rc = small_smb2_init(SMB2_SET_INFO, tcon, (void **) &req); 2504 if (rc) { 2505 kfree(iov); 2506 return rc; 2507 } 2508 2509 req->hdr.ProcessId = cpu_to_le32(pid); 2510 2511 req->InfoType = SMB2_O_INFO_FILE; 2512 req->FileInfoClass = info_class; 2513 req->PersistentFileId = persistent_fid; 2514 req->VolatileFileId = volatile_fid; 2515 2516 /* 4 for RFC1001 length and 1 for Buffer */ 2517 req->BufferOffset = 2518 cpu_to_le16(sizeof(struct smb2_set_info_req) - 1 - 4); 2519 req->BufferLength = cpu_to_le32(*size); 2520 2521 inc_rfc1001_len(req, *size - 1 /* Buffer */); 2522 2523 memcpy(req->Buffer, *data, *size); 2524 2525 iov[0].iov_base = (char *)req; 2526 /* 4 for RFC1001 length */ 2527 iov[0].iov_len = get_rfc1002_length(req) + 4; 2528 2529 for (i = 1; i < num; i++) { 2530 inc_rfc1001_len(req, size[i]); 2531 le32_add_cpu(&req->BufferLength, size[i]); 2532 iov[i].iov_base = (char *)data[i]; 2533 iov[i].iov_len = size[i]; 2534 } 2535 2536 rc = SendReceive2(xid, ses, iov, num, &resp_buftype, 0); 2537 rsp = (struct smb2_set_info_rsp *)iov[0].iov_base; 2538 2539 if (rc != 0) 2540 cifs_stats_fail_inc(tcon, SMB2_SET_INFO_HE); 2541 2542 free_rsp_buf(resp_buftype, rsp); 2543 kfree(iov); 2544 return rc; 2545} 2546 2547int 2548SMB2_rename(const unsigned int xid, struct cifs_tcon *tcon, 2549 u64 persistent_fid, u64 volatile_fid, __le16 *target_file) 2550{ 2551 struct smb2_file_rename_info info; 2552 void **data; 2553 unsigned int size[2]; 2554 int rc; 2555 int len = (2 * UniStrnlen((wchar_t *)target_file, PATH_MAX)); 2556 2557 data = kmalloc(sizeof(void *) * 2, GFP_KERNEL); 2558 if (!data) 2559 return -ENOMEM; 2560 2561 info.ReplaceIfExists = 1; /* 1 = replace existing target with new */ 2562 /* 0 = fail if target already exists */ 2563 info.RootDirectory = 0; /* MBZ for network ops (why does spec say?) */ 2564 info.FileNameLength = cpu_to_le32(len); 2565 2566 data[0] = &info; 2567 size[0] = sizeof(struct smb2_file_rename_info); 2568 2569 data[1] = target_file; 2570 size[1] = len + 2 /* null */; 2571 2572 rc = send_set_info(xid, tcon, persistent_fid, volatile_fid, 2573 current->tgid, FILE_RENAME_INFORMATION, 2, data, 2574 size); 2575 kfree(data); 2576 return rc; 2577} 2578 2579int 2580SMB2_rmdir(const unsigned int xid, struct cifs_tcon *tcon, 2581 u64 persistent_fid, u64 volatile_fid) 2582{ 2583 __u8 delete_pending = 1; 2584 void *data; 2585 unsigned int size; 2586 2587 data = &delete_pending; 2588 size = 1; /* sizeof __u8 */ 2589 2590 return send_set_info(xid, tcon, persistent_fid, volatile_fid, 2591 current->tgid, FILE_DISPOSITION_INFORMATION, 1, &data, 2592 &size); 2593} 2594 2595int 2596SMB2_set_hardlink(const unsigned int xid, struct cifs_tcon *tcon, 2597 u64 persistent_fid, u64 volatile_fid, __le16 *target_file) 2598{ 2599 struct smb2_file_link_info info; 2600 void **data; 2601 unsigned int size[2]; 2602 int rc; 2603 int len = (2 * UniStrnlen((wchar_t *)target_file, PATH_MAX)); 2604 2605 data = kmalloc(sizeof(void *) * 2, GFP_KERNEL); 2606 if (!data) 2607 return -ENOMEM; 2608 2609 info.ReplaceIfExists = 0; /* 1 = replace existing link with new */ 2610 /* 0 = fail if link already exists */ 2611 info.RootDirectory = 0; /* MBZ for network ops (why does spec say?) */ 2612 info.FileNameLength = cpu_to_le32(len); 2613 2614 data[0] = &info; 2615 size[0] = sizeof(struct smb2_file_link_info); 2616 2617 data[1] = target_file; 2618 size[1] = len + 2 /* null */; 2619 2620 rc = send_set_info(xid, tcon, persistent_fid, volatile_fid, 2621 current->tgid, FILE_LINK_INFORMATION, 2, data, size); 2622 kfree(data); 2623 return rc; 2624} 2625 2626int 2627SMB2_set_eof(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid, 2628 u64 volatile_fid, u32 pid, __le64 *eof, bool is_falloc) 2629{ 2630 struct smb2_file_eof_info info; 2631 void *data; 2632 unsigned int size; 2633 2634 info.EndOfFile = *eof; 2635 2636 data = &info; 2637 size = sizeof(struct smb2_file_eof_info); 2638 2639 if (is_falloc) 2640 return send_set_info(xid, tcon, persistent_fid, volatile_fid, 2641 pid, FILE_ALLOCATION_INFORMATION, 1, &data, &size); 2642 else 2643 return send_set_info(xid, tcon, persistent_fid, volatile_fid, 2644 pid, FILE_END_OF_FILE_INFORMATION, 1, &data, &size); 2645} 2646 2647int 2648SMB2_set_info(const unsigned int xid, struct cifs_tcon *tcon, 2649 u64 persistent_fid, u64 volatile_fid, FILE_BASIC_INFO *buf) 2650{ 2651 unsigned int size; 2652 size = sizeof(FILE_BASIC_INFO); 2653 return send_set_info(xid, tcon, persistent_fid, volatile_fid, 2654 current->tgid, FILE_BASIC_INFORMATION, 1, 2655 (void **)&buf, &size); 2656} 2657 2658int 2659SMB2_oplock_break(const unsigned int xid, struct cifs_tcon *tcon, 2660 const u64 persistent_fid, const u64 volatile_fid, 2661 __u8 oplock_level) 2662{ 2663 int rc; 2664 struct smb2_oplock_break *req = NULL; 2665 2666 cifs_dbg(FYI, "SMB2_oplock_break\n"); 2667 rc = small_smb2_init(SMB2_OPLOCK_BREAK, tcon, (void **) &req); 2668 2669 if (rc) 2670 return rc; 2671 2672 req->VolatileFid = volatile_fid; 2673 req->PersistentFid = persistent_fid; 2674 req->OplockLevel = oplock_level; 2675 req->hdr.CreditRequest = cpu_to_le16(1); 2676 2677 rc = SendReceiveNoRsp(xid, tcon->ses, (char *) req, CIFS_OBREAK_OP); 2678 /* SMB2 buffer freed by function above */ 2679 2680 if (rc) { 2681 cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE); 2682 cifs_dbg(FYI, "Send error in Oplock Break = %d\n", rc); 2683 } 2684 2685 return rc; 2686} 2687 2688static void 2689copy_fs_info_to_kstatfs(struct smb2_fs_full_size_info *pfs_inf, 2690 struct kstatfs *kst) 2691{ 2692 kst->f_bsize = le32_to_cpu(pfs_inf->BytesPerSector) * 2693 le32_to_cpu(pfs_inf->SectorsPerAllocationUnit); 2694 kst->f_blocks = le64_to_cpu(pfs_inf->TotalAllocationUnits); 2695 kst->f_bfree = le64_to_cpu(pfs_inf->ActualAvailableAllocationUnits); 2696 kst->f_bavail = le64_to_cpu(pfs_inf->CallerAvailableAllocationUnits); 2697 return; 2698} 2699 2700static int 2701build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon, int level, 2702 int outbuf_len, u64 persistent_fid, u64 volatile_fid) 2703{ 2704 int rc; 2705 struct smb2_query_info_req *req; 2706 2707 cifs_dbg(FYI, "Query FSInfo level %d\n", level); 2708 2709 if ((tcon->ses == NULL) || (tcon->ses->server == NULL)) 2710 return -EIO; 2711 2712 rc = small_smb2_init(SMB2_QUERY_INFO, tcon, (void **) &req); 2713 if (rc) 2714 return rc; 2715 2716 req->InfoType = SMB2_O_INFO_FILESYSTEM; 2717 req->FileInfoClass = level; 2718 req->PersistentFileId = persistent_fid; 2719 req->VolatileFileId = volatile_fid; 2720 /* 4 for rfc1002 length field and 1 for pad */ 2721 req->InputBufferOffset = 2722 cpu_to_le16(sizeof(struct smb2_query_info_req) - 1 - 4); 2723 req->OutputBufferLength = cpu_to_le32( 2724 outbuf_len + sizeof(struct smb2_query_info_rsp) - 1 - 4); 2725 2726 iov->iov_base = (char *)req; 2727 /* 4 for rfc1002 length field */ 2728 iov->iov_len = get_rfc1002_length(req) + 4; 2729 return 0; 2730} 2731 2732int 2733SMB2_QFS_info(const unsigned int xid, struct cifs_tcon *tcon, 2734 u64 persistent_fid, u64 volatile_fid, struct kstatfs *fsdata) 2735{ 2736 struct smb2_query_info_rsp *rsp = NULL; 2737 struct kvec iov; 2738 int rc = 0; 2739 int resp_buftype; 2740 struct cifs_ses *ses = tcon->ses; 2741 struct smb2_fs_full_size_info *info = NULL; 2742 2743 rc = build_qfs_info_req(&iov, tcon, FS_FULL_SIZE_INFORMATION, 2744 sizeof(struct smb2_fs_full_size_info), 2745 persistent_fid, volatile_fid); 2746 if (rc) 2747 return rc; 2748 2749 rc = SendReceive2(xid, ses, &iov, 1, &resp_buftype, 0); 2750 if (rc) { 2751 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); 2752 goto qfsinf_exit; 2753 } 2754 rsp = (struct smb2_query_info_rsp *)iov.iov_base; 2755 2756 info = (struct smb2_fs_full_size_info *)(4 /* RFC1001 len */ + 2757 le16_to_cpu(rsp->OutputBufferOffset) + (char *)&rsp->hdr); 2758 rc = validate_buf(le16_to_cpu(rsp->OutputBufferOffset), 2759 le32_to_cpu(rsp->OutputBufferLength), &rsp->hdr, 2760 sizeof(struct smb2_fs_full_size_info)); 2761 if (!rc) 2762 copy_fs_info_to_kstatfs(info, fsdata); 2763 2764qfsinf_exit: 2765 free_rsp_buf(resp_buftype, iov.iov_base); 2766 return rc; 2767} 2768 2769int 2770SMB2_QFS_attr(const unsigned int xid, struct cifs_tcon *tcon, 2771 u64 persistent_fid, u64 volatile_fid, int level) 2772{ 2773 struct smb2_query_info_rsp *rsp = NULL; 2774 struct kvec iov; 2775 int rc = 0; 2776 int resp_buftype, max_len, min_len; 2777 struct cifs_ses *ses = tcon->ses; 2778 unsigned int rsp_len, offset; 2779 2780 if (level == FS_DEVICE_INFORMATION) { 2781 max_len = sizeof(FILE_SYSTEM_DEVICE_INFO); 2782 min_len = sizeof(FILE_SYSTEM_DEVICE_INFO); 2783 } else if (level == FS_ATTRIBUTE_INFORMATION) { 2784 max_len = sizeof(FILE_SYSTEM_ATTRIBUTE_INFO); 2785 min_len = MIN_FS_ATTR_INFO_SIZE; 2786 } else if (level == FS_SECTOR_SIZE_INFORMATION) { 2787 max_len = sizeof(struct smb3_fs_ss_info); 2788 min_len = sizeof(struct smb3_fs_ss_info); 2789 } else { 2790 cifs_dbg(FYI, "Invalid qfsinfo level %d\n", level); 2791 return -EINVAL; 2792 } 2793 2794 rc = build_qfs_info_req(&iov, tcon, level, max_len, 2795 persistent_fid, volatile_fid); 2796 if (rc) 2797 return rc; 2798 2799 rc = SendReceive2(xid, ses, &iov, 1, &resp_buftype, 0); 2800 if (rc) { 2801 cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); 2802 goto qfsattr_exit; 2803 } 2804 rsp = (struct smb2_query_info_rsp *)iov.iov_base; 2805 2806 rsp_len = le32_to_cpu(rsp->OutputBufferLength); 2807 offset = le16_to_cpu(rsp->OutputBufferOffset); 2808 rc = validate_buf(offset, rsp_len, &rsp->hdr, min_len); 2809 if (rc) 2810 goto qfsattr_exit; 2811 2812 if (level == FS_ATTRIBUTE_INFORMATION) 2813 memcpy(&tcon->fsAttrInfo, 4 /* RFC1001 len */ + offset 2814 + (char *)&rsp->hdr, min_t(unsigned int, 2815 rsp_len, max_len)); 2816 else if (level == FS_DEVICE_INFORMATION) 2817 memcpy(&tcon->fsDevInfo, 4 /* RFC1001 len */ + offset 2818 + (char *)&rsp->hdr, sizeof(FILE_SYSTEM_DEVICE_INFO)); 2819 else if (level == FS_SECTOR_SIZE_INFORMATION) { 2820 struct smb3_fs_ss_info *ss_info = (struct smb3_fs_ss_info *) 2821 (4 /* RFC1001 len */ + offset + (char *)&rsp->hdr); 2822 tcon->ss_flags = le32_to_cpu(ss_info->Flags); 2823 tcon->perf_sector_size = 2824 le32_to_cpu(ss_info->PhysicalBytesPerSectorForPerf); 2825 } 2826 2827qfsattr_exit: 2828 free_rsp_buf(resp_buftype, iov.iov_base); 2829 return rc; 2830} 2831 2832int 2833smb2_lockv(const unsigned int xid, struct cifs_tcon *tcon, 2834 const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid, 2835 const __u32 num_lock, struct smb2_lock_element *buf) 2836{ 2837 int rc = 0; 2838 struct smb2_lock_req *req = NULL; 2839 struct kvec iov[2]; 2840 int resp_buf_type; 2841 unsigned int count; 2842 2843 cifs_dbg(FYI, "smb2_lockv num lock %d\n", num_lock); 2844 2845 rc = small_smb2_init(SMB2_LOCK, tcon, (void **) &req); 2846 if (rc) 2847 return rc; 2848 2849 req->hdr.ProcessId = cpu_to_le32(pid); 2850 req->LockCount = cpu_to_le16(num_lock); 2851 2852 req->PersistentFileId = persist_fid; 2853 req->VolatileFileId = volatile_fid; 2854 2855 count = num_lock * sizeof(struct smb2_lock_element); 2856 inc_rfc1001_len(req, count - sizeof(struct smb2_lock_element)); 2857 2858 iov[0].iov_base = (char *)req; 2859 /* 4 for rfc1002 length field and count for all locks */ 2860 iov[0].iov_len = get_rfc1002_length(req) + 4 - count; 2861 iov[1].iov_base = (char *)buf; 2862 iov[1].iov_len = count; 2863 2864 cifs_stats_inc(&tcon->stats.cifs_stats.num_locks); 2865 rc = SendReceive2(xid, tcon->ses, iov, 2, &resp_buf_type, CIFS_NO_RESP); 2866 if (rc) { 2867 cifs_dbg(FYI, "Send error in smb2_lockv = %d\n", rc); 2868 cifs_stats_fail_inc(tcon, SMB2_LOCK_HE); 2869 } 2870 2871 return rc; 2872} 2873 2874int 2875SMB2_lock(const unsigned int xid, struct cifs_tcon *tcon, 2876 const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid, 2877 const __u64 length, const __u64 offset, const __u32 lock_flags, 2878 const bool wait) 2879{ 2880 struct smb2_lock_element lock; 2881 2882 lock.Offset = cpu_to_le64(offset); 2883 lock.Length = cpu_to_le64(length); 2884 lock.Flags = cpu_to_le32(lock_flags); 2885 if (!wait && lock_flags != SMB2_LOCKFLAG_UNLOCK) 2886 lock.Flags |= cpu_to_le32(SMB2_LOCKFLAG_FAIL_IMMEDIATELY); 2887 2888 return smb2_lockv(xid, tcon, persist_fid, volatile_fid, pid, 1, &lock); 2889} 2890 2891int 2892SMB2_lease_break(const unsigned int xid, struct cifs_tcon *tcon, 2893 __u8 *lease_key, const __le32 lease_state) 2894{ 2895 int rc; 2896 struct smb2_lease_ack *req = NULL; 2897 2898 cifs_dbg(FYI, "SMB2_lease_break\n"); 2899 rc = small_smb2_init(SMB2_OPLOCK_BREAK, tcon, (void **) &req); 2900 2901 if (rc) 2902 return rc; 2903 2904 req->hdr.CreditRequest = cpu_to_le16(1); 2905 req->StructureSize = cpu_to_le16(36); 2906 inc_rfc1001_len(req, 12); 2907 2908 memcpy(req->LeaseKey, lease_key, 16); 2909 req->LeaseState = lease_state; 2910 2911 rc = SendReceiveNoRsp(xid, tcon->ses, (char *) req, CIFS_OBREAK_OP); 2912 /* SMB2 buffer freed by function above */ 2913 2914 if (rc) { 2915 cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE); 2916 cifs_dbg(FYI, "Send error in Lease Break = %d\n", rc); 2917 } 2918 2919 return rc; 2920} 2921