This source file includes following definitions.
- check_smb2_hdr
- get_neg_ctxt_len
- smb2_check_message
- smb2_get_data_area_len
- smb2_calc_size
- cifs_convert_path_to_utf16
- smb2_get_lease_state
- cifs_ses_oplock_break
- smb2_tcon_has_lease
- smb2_is_valid_lease_break
- smb2_is_valid_oplock_break
- smb2_cancelled_close_fid
- __smb2_handle_cancelled_close
- smb2_handle_cancelled_close
- smb2_handle_cancelled_mid
- smb311_update_preauth_hash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23 #include <linux/ctype.h>
24 #include "smb2pdu.h"
25 #include "cifsglob.h"
26 #include "cifsproto.h"
27 #include "smb2proto.h"
28 #include "cifs_debug.h"
29 #include "cifs_unicode.h"
30 #include "smb2status.h"
31 #include "smb2glob.h"
32
33 static int
34 check_smb2_hdr(struct smb2_sync_hdr *shdr, __u64 mid)
35 {
36 __u64 wire_mid = le64_to_cpu(shdr->MessageId);
37
38
39
40
41
42 if ((shdr->ProtocolId == SMB2_PROTO_NUMBER) &&
43 (mid == wire_mid)) {
44 if (shdr->Flags & SMB2_FLAGS_SERVER_TO_REDIR)
45 return 0;
46 else {
47
48 if (shdr->Command == SMB2_OPLOCK_BREAK)
49 return 0;
50 else
51 cifs_dbg(VFS, "Received Request not response\n");
52 }
53 } else {
54 if (shdr->ProtocolId != SMB2_PROTO_NUMBER)
55 cifs_dbg(VFS, "Bad protocol string signature header %x\n",
56 le32_to_cpu(shdr->ProtocolId));
57 if (mid != wire_mid)
58 cifs_dbg(VFS, "Mids do not match: %llu and %llu\n",
59 mid, wire_mid);
60 }
61 cifs_dbg(VFS, "Bad SMB detected. The Mid=%llu\n", wire_mid);
62 return 1;
63 }
64
65
66
67
68
69
70
71
72 static const __le16 smb2_rsp_struct_sizes[NUMBER_OF_SMB2_COMMANDS] = {
73 cpu_to_le16(65),
74 cpu_to_le16(9),
75 cpu_to_le16(4),
76 cpu_to_le16(16),
77 cpu_to_le16(4),
78 cpu_to_le16(89),
79 cpu_to_le16(60),
80 cpu_to_le16(4),
81 cpu_to_le16(17),
82 cpu_to_le16(17),
83 cpu_to_le16(4),
84 cpu_to_le16(49),
85
86 cpu_to_le16(0),
87 cpu_to_le16(4),
88 cpu_to_le16(9),
89 cpu_to_le16(9),
90 cpu_to_le16(9),
91 cpu_to_le16(2),
92
93 cpu_to_le16(24)
94 };
95
96 static __u32 get_neg_ctxt_len(struct smb2_sync_hdr *hdr, __u32 len,
97 __u32 non_ctxlen)
98 {
99 __u16 neg_count;
100 __u32 nc_offset, size_of_pad_before_neg_ctxts;
101 struct smb2_negotiate_rsp *pneg_rsp = (struct smb2_negotiate_rsp *)hdr;
102
103
104 neg_count = le16_to_cpu(pneg_rsp->NegotiateContextCount);
105 if ((neg_count == 0) ||
106 (pneg_rsp->DialectRevision != cpu_to_le16(SMB311_PROT_ID)))
107 return 0;
108
109
110 nc_offset = le32_to_cpu(pneg_rsp->NegotiateContextOffset);
111 if (nc_offset < non_ctxlen) {
112 printk_once(KERN_WARNING "invalid negotiate context offset\n");
113 return 0;
114 }
115 size_of_pad_before_neg_ctxts = nc_offset - non_ctxlen;
116
117
118 if (len < nc_offset + (neg_count * sizeof(struct smb2_neg_context))) {
119 printk_once(KERN_WARNING "negotiate context goes beyond end\n");
120 return 0;
121 }
122
123 cifs_dbg(FYI, "length of negcontexts %d pad %d\n",
124 len - nc_offset, size_of_pad_before_neg_ctxts);
125
126
127 return (len - nc_offset) + size_of_pad_before_neg_ctxts;
128 }
129
130 int
131 smb2_check_message(char *buf, unsigned int len, struct TCP_Server_Info *srvr)
132 {
133 struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)buf;
134 struct smb2_sync_pdu *pdu = (struct smb2_sync_pdu *)shdr;
135 __u64 mid;
136 __u32 clc_len;
137 int command;
138 int pdu_size = sizeof(struct smb2_sync_pdu);
139 int hdr_size = sizeof(struct smb2_sync_hdr);
140
141
142
143
144
145 if (shdr->ProtocolId == SMB2_TRANSFORM_PROTO_NUM) {
146 struct smb2_transform_hdr *thdr =
147 (struct smb2_transform_hdr *)buf;
148 struct cifs_ses *ses = NULL;
149 struct list_head *tmp;
150
151
152 spin_lock(&cifs_tcp_ses_lock);
153 list_for_each(tmp, &srvr->smb_ses_list) {
154 ses = list_entry(tmp, struct cifs_ses, smb_ses_list);
155 if (ses->Suid == thdr->SessionId)
156 break;
157
158 ses = NULL;
159 }
160 spin_unlock(&cifs_tcp_ses_lock);
161 if (ses == NULL) {
162 cifs_dbg(VFS, "no decryption - session id not found\n");
163 return 1;
164 }
165 }
166
167 mid = le64_to_cpu(shdr->MessageId);
168 if (len < pdu_size) {
169 if ((len >= hdr_size)
170 && (shdr->Status != 0)) {
171 pdu->StructureSize2 = 0;
172
173
174
175
176 return 0;
177 } else {
178 cifs_dbg(VFS, "Length less than SMB header size\n");
179 }
180 return 1;
181 }
182 if (len > CIFSMaxBufSize + MAX_SMB2_HDR_SIZE) {
183 cifs_dbg(VFS, "SMB length greater than maximum, mid=%llu\n",
184 mid);
185 return 1;
186 }
187
188 if (check_smb2_hdr(shdr, mid))
189 return 1;
190
191 if (shdr->StructureSize != SMB2_HEADER_STRUCTURE_SIZE) {
192 cifs_dbg(VFS, "Illegal structure size %u\n",
193 le16_to_cpu(shdr->StructureSize));
194 return 1;
195 }
196
197 command = le16_to_cpu(shdr->Command);
198 if (command >= NUMBER_OF_SMB2_COMMANDS) {
199 cifs_dbg(VFS, "Illegal SMB2 command %d\n", command);
200 return 1;
201 }
202
203 if (smb2_rsp_struct_sizes[command] != pdu->StructureSize2) {
204 if (command != SMB2_OPLOCK_BREAK_HE && (shdr->Status == 0 ||
205 pdu->StructureSize2 != SMB2_ERROR_STRUCTURE_SIZE2)) {
206
207 cifs_dbg(VFS, "Illegal response size %u for command %d\n",
208 le16_to_cpu(pdu->StructureSize2), command);
209 return 1;
210 } else if (command == SMB2_OPLOCK_BREAK_HE
211 && (shdr->Status == 0)
212 && (le16_to_cpu(pdu->StructureSize2) != 44)
213 && (le16_to_cpu(pdu->StructureSize2) != 36)) {
214
215 cifs_dbg(VFS, "Illegal response size %d for oplock break\n",
216 le16_to_cpu(pdu->StructureSize2));
217 return 1;
218 }
219 }
220
221 clc_len = smb2_calc_size(buf, srvr);
222
223 if (shdr->Command == SMB2_NEGOTIATE)
224 clc_len += get_neg_ctxt_len(shdr, len, clc_len);
225
226 if (len != clc_len) {
227 cifs_dbg(FYI, "Calculated size %u length %u mismatch mid %llu\n",
228 clc_len, len, mid);
229
230 if (command == SMB2_CREATE_HE &&
231 shdr->Status == STATUS_STOPPED_ON_SYMLINK)
232 return 0;
233
234 if (clc_len + 24 == len && command == SMB2_OPLOCK_BREAK_HE)
235 return 0;
236
237 if (clc_len == len + 1)
238 return 0;
239
240
241
242
243
244 if (((clc_len + 7) & ~7) == len)
245 return 0;
246
247
248
249
250
251
252
253
254
255
256 if (clc_len < len) {
257 pr_warn_once(
258 "srv rsp padded more than expected. Length %d not %d for cmd:%d mid:%llu\n",
259 len, clc_len, command, mid);
260 return 0;
261 }
262 pr_warn_once(
263 "srv rsp too short, len %d not %d. cmd:%d mid:%llu\n",
264 len, clc_len, command, mid);
265
266 return 1;
267 }
268 return 0;
269 }
270
271
272
273
274
275
276 static const bool has_smb2_data_area[NUMBER_OF_SMB2_COMMANDS] = {
277 true,
278 true,
279 false,
280 false,
281 false,
282 true,
283 false,
284 false,
285 true,
286 false,
287 false,
288 true,
289 false,
290 false,
291 true,
292 true,
293 true,
294 false,
295 false
296 };
297
298
299
300
301
302 char *
303 smb2_get_data_area_len(int *off, int *len, struct smb2_sync_hdr *shdr)
304 {
305 *off = 0;
306 *len = 0;
307
308
309 if (shdr->Status && shdr->Status != STATUS_MORE_PROCESSING_REQUIRED &&
310 (((struct smb2_err_rsp *)shdr)->StructureSize) ==
311 SMB2_ERROR_STRUCTURE_SIZE2)
312 return NULL;
313
314
315
316
317
318
319 switch (shdr->Command) {
320 case SMB2_NEGOTIATE:
321 *off = le16_to_cpu(
322 ((struct smb2_negotiate_rsp *)shdr)->SecurityBufferOffset);
323 *len = le16_to_cpu(
324 ((struct smb2_negotiate_rsp *)shdr)->SecurityBufferLength);
325 break;
326 case SMB2_SESSION_SETUP:
327 *off = le16_to_cpu(
328 ((struct smb2_sess_setup_rsp *)shdr)->SecurityBufferOffset);
329 *len = le16_to_cpu(
330 ((struct smb2_sess_setup_rsp *)shdr)->SecurityBufferLength);
331 break;
332 case SMB2_CREATE:
333 *off = le32_to_cpu(
334 ((struct smb2_create_rsp *)shdr)->CreateContextsOffset);
335 *len = le32_to_cpu(
336 ((struct smb2_create_rsp *)shdr)->CreateContextsLength);
337 break;
338 case SMB2_QUERY_INFO:
339 *off = le16_to_cpu(
340 ((struct smb2_query_info_rsp *)shdr)->OutputBufferOffset);
341 *len = le32_to_cpu(
342 ((struct smb2_query_info_rsp *)shdr)->OutputBufferLength);
343 break;
344 case SMB2_READ:
345
346 *off = ((struct smb2_read_rsp *)shdr)->DataOffset;
347 *len = le32_to_cpu(((struct smb2_read_rsp *)shdr)->DataLength);
348 break;
349 case SMB2_QUERY_DIRECTORY:
350 *off = le16_to_cpu(
351 ((struct smb2_query_directory_rsp *)shdr)->OutputBufferOffset);
352 *len = le32_to_cpu(
353 ((struct smb2_query_directory_rsp *)shdr)->OutputBufferLength);
354 break;
355 case SMB2_IOCTL:
356 *off = le32_to_cpu(
357 ((struct smb2_ioctl_rsp *)shdr)->OutputOffset);
358 *len = le32_to_cpu(
359 ((struct smb2_ioctl_rsp *)shdr)->OutputCount);
360 break;
361 case SMB2_CHANGE_NOTIFY:
362 default:
363
364 cifs_dbg(VFS, "no length check for command\n");
365 break;
366 }
367
368
369
370
371
372 if (*off > 4096) {
373 cifs_dbg(VFS, "offset %d too large, data area ignored\n", *off);
374 *len = 0;
375 *off = 0;
376 } else if (*off < 0) {
377 cifs_dbg(VFS, "negative offset %d to data invalid ignore data area\n",
378 *off);
379 *off = 0;
380 *len = 0;
381 } else if (*len < 0) {
382 cifs_dbg(VFS, "negative data length %d invalid, data area ignored\n",
383 *len);
384 *len = 0;
385 } else if (*len > 128 * 1024) {
386 cifs_dbg(VFS, "data area larger than 128K: %d\n", *len);
387 *len = 0;
388 }
389
390
391 if ((*off != 0) && (*len != 0))
392 return (char *)shdr + *off;
393 else
394 return NULL;
395 }
396
397
398
399
400
401 unsigned int
402 smb2_calc_size(void *buf, struct TCP_Server_Info *srvr)
403 {
404 struct smb2_sync_pdu *pdu = (struct smb2_sync_pdu *)buf;
405 struct smb2_sync_hdr *shdr = &pdu->sync_hdr;
406 int offset;
407 int data_length;
408
409 int len = le16_to_cpu(shdr->StructureSize);
410
411
412
413
414
415 len += le16_to_cpu(pdu->StructureSize2);
416
417 if (has_smb2_data_area[le16_to_cpu(shdr->Command)] == false)
418 goto calc_size_exit;
419
420 smb2_get_data_area_len(&offset, &data_length, shdr);
421 cifs_dbg(FYI, "SMB2 data length %d offset %d\n", data_length, offset);
422
423 if (data_length > 0) {
424
425
426
427
428
429
430 if (offset + 1 < len) {
431 cifs_dbg(VFS, "data area offset %d overlaps SMB2 header %d\n",
432 offset + 1, len);
433 data_length = 0;
434 } else {
435 len = offset + data_length;
436 }
437 }
438 calc_size_exit:
439 cifs_dbg(FYI, "SMB2 len %d\n", len);
440 return len;
441 }
442
443
444 __le16 *
445 cifs_convert_path_to_utf16(const char *from, struct cifs_sb_info *cifs_sb)
446 {
447 int len;
448 const char *start_of_path;
449 __le16 *to;
450 int map_type;
451
452 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SFM_CHR)
453 map_type = SFM_MAP_UNI_RSVD;
454 else if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR)
455 map_type = SFU_MAP_UNI_RSVD;
456 else
457 map_type = NO_MAP_UNI_RSVD;
458
459
460 if (from[0] == '\\')
461 start_of_path = from + 1;
462
463
464 else if (cifs_sb_master_tlink(cifs_sb) &&
465 cifs_sb_master_tcon(cifs_sb)->posix_extensions &&
466 (from[0] == '/')) {
467 start_of_path = from + 1;
468 } else
469 start_of_path = from;
470
471 to = cifs_strndup_to_utf16(start_of_path, PATH_MAX, &len,
472 cifs_sb->local_nls, map_type);
473 return to;
474 }
475
476 __le32
477 smb2_get_lease_state(struct cifsInodeInfo *cinode)
478 {
479 __le32 lease = 0;
480
481 if (CIFS_CACHE_WRITE(cinode))
482 lease |= SMB2_LEASE_WRITE_CACHING;
483 if (CIFS_CACHE_HANDLE(cinode))
484 lease |= SMB2_LEASE_HANDLE_CACHING;
485 if (CIFS_CACHE_READ(cinode))
486 lease |= SMB2_LEASE_READ_CACHING;
487 return lease;
488 }
489
490 struct smb2_lease_break_work {
491 struct work_struct lease_break;
492 struct tcon_link *tlink;
493 __u8 lease_key[16];
494 __le32 lease_state;
495 };
496
497 static void
498 cifs_ses_oplock_break(struct work_struct *work)
499 {
500 struct smb2_lease_break_work *lw = container_of(work,
501 struct smb2_lease_break_work, lease_break);
502 int rc = 0;
503
504 rc = SMB2_lease_break(0, tlink_tcon(lw->tlink), lw->lease_key,
505 lw->lease_state);
506
507 cifs_dbg(FYI, "Lease release rc %d\n", rc);
508 cifs_put_tlink(lw->tlink);
509 kfree(lw);
510 }
511
512 static bool
513 smb2_tcon_has_lease(struct cifs_tcon *tcon, struct smb2_lease_break *rsp,
514 struct smb2_lease_break_work *lw)
515 {
516 bool found;
517 __u8 lease_state;
518 struct list_head *tmp;
519 struct cifsFileInfo *cfile;
520 struct cifs_pending_open *open;
521 struct cifsInodeInfo *cinode;
522 int ack_req = le32_to_cpu(rsp->Flags &
523 SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED);
524
525 lease_state = le32_to_cpu(rsp->NewLeaseState);
526
527 list_for_each(tmp, &tcon->openFileList) {
528 cfile = list_entry(tmp, struct cifsFileInfo, tlist);
529 cinode = CIFS_I(d_inode(cfile->dentry));
530
531 if (memcmp(cinode->lease_key, rsp->LeaseKey,
532 SMB2_LEASE_KEY_SIZE))
533 continue;
534
535 cifs_dbg(FYI, "found in the open list\n");
536 cifs_dbg(FYI, "lease key match, lease break 0x%x\n",
537 le32_to_cpu(rsp->NewLeaseState));
538
539 if (ack_req)
540 cfile->oplock_break_cancelled = false;
541 else
542 cfile->oplock_break_cancelled = true;
543
544 set_bit(CIFS_INODE_PENDING_OPLOCK_BREAK, &cinode->flags);
545
546
547
548
549
550
551 if (lease_state & SMB2_LEASE_READ_CACHING_HE)
552 set_bit(CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2,
553 &cinode->flags);
554 else
555 clear_bit(CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2,
556 &cinode->flags);
557
558 cifs_queue_oplock_break(cfile);
559 kfree(lw);
560 return true;
561 }
562
563 found = false;
564 list_for_each_entry(open, &tcon->pending_opens, olist) {
565 if (memcmp(open->lease_key, rsp->LeaseKey,
566 SMB2_LEASE_KEY_SIZE))
567 continue;
568
569 if (!found && ack_req) {
570 found = true;
571 memcpy(lw->lease_key, open->lease_key,
572 SMB2_LEASE_KEY_SIZE);
573 lw->tlink = cifs_get_tlink(open->tlink);
574 queue_work(cifsiod_wq, &lw->lease_break);
575 }
576
577 cifs_dbg(FYI, "found in the pending open list\n");
578 cifs_dbg(FYI, "lease key match, lease break 0x%x\n",
579 le32_to_cpu(rsp->NewLeaseState));
580
581 open->oplock = lease_state;
582 }
583
584 return found;
585 }
586
587 static bool
588 smb2_is_valid_lease_break(char *buffer)
589 {
590 struct smb2_lease_break *rsp = (struct smb2_lease_break *)buffer;
591 struct list_head *tmp, *tmp1, *tmp2;
592 struct TCP_Server_Info *server;
593 struct cifs_ses *ses;
594 struct cifs_tcon *tcon;
595 struct smb2_lease_break_work *lw;
596
597 lw = kmalloc(sizeof(struct smb2_lease_break_work), GFP_KERNEL);
598 if (!lw)
599 return false;
600
601 INIT_WORK(&lw->lease_break, cifs_ses_oplock_break);
602 lw->lease_state = rsp->NewLeaseState;
603
604 cifs_dbg(FYI, "Checking for lease break\n");
605
606
607 spin_lock(&cifs_tcp_ses_lock);
608 list_for_each(tmp, &cifs_tcp_ses_list) {
609 server = list_entry(tmp, struct TCP_Server_Info, tcp_ses_list);
610
611 list_for_each(tmp1, &server->smb_ses_list) {
612 ses = list_entry(tmp1, struct cifs_ses, smb_ses_list);
613
614 list_for_each(tmp2, &ses->tcon_list) {
615 tcon = list_entry(tmp2, struct cifs_tcon,
616 tcon_list);
617 spin_lock(&tcon->open_file_lock);
618 cifs_stats_inc(
619 &tcon->stats.cifs_stats.num_oplock_brks);
620 if (smb2_tcon_has_lease(tcon, rsp, lw)) {
621 spin_unlock(&tcon->open_file_lock);
622 spin_unlock(&cifs_tcp_ses_lock);
623 return true;
624 }
625 spin_unlock(&tcon->open_file_lock);
626
627 if (tcon->crfid.is_valid &&
628 !memcmp(rsp->LeaseKey,
629 tcon->crfid.fid->lease_key,
630 SMB2_LEASE_KEY_SIZE)) {
631 INIT_WORK(&tcon->crfid.lease_break,
632 smb2_cached_lease_break);
633 queue_work(cifsiod_wq,
634 &tcon->crfid.lease_break);
635 spin_unlock(&cifs_tcp_ses_lock);
636 return true;
637 }
638 }
639 }
640 }
641 spin_unlock(&cifs_tcp_ses_lock);
642 kfree(lw);
643 cifs_dbg(FYI, "Can not process lease break - no lease matched\n");
644 return false;
645 }
646
647 bool
648 smb2_is_valid_oplock_break(char *buffer, struct TCP_Server_Info *server)
649 {
650 struct smb2_oplock_break *rsp = (struct smb2_oplock_break *)buffer;
651 struct list_head *tmp, *tmp1, *tmp2;
652 struct cifs_ses *ses;
653 struct cifs_tcon *tcon;
654 struct cifsInodeInfo *cinode;
655 struct cifsFileInfo *cfile;
656
657 cifs_dbg(FYI, "Checking for oplock break\n");
658
659 if (rsp->sync_hdr.Command != SMB2_OPLOCK_BREAK)
660 return false;
661
662 if (rsp->StructureSize !=
663 smb2_rsp_struct_sizes[SMB2_OPLOCK_BREAK_HE]) {
664 if (le16_to_cpu(rsp->StructureSize) == 44)
665 return smb2_is_valid_lease_break(buffer);
666 else
667 return false;
668 }
669
670 cifs_dbg(FYI, "oplock level 0x%x\n", rsp->OplockLevel);
671
672
673 spin_lock(&cifs_tcp_ses_lock);
674 list_for_each(tmp, &server->smb_ses_list) {
675 ses = list_entry(tmp, struct cifs_ses, smb_ses_list);
676
677 list_for_each(tmp1, &ses->tcon_list) {
678 tcon = list_entry(tmp1, struct cifs_tcon, tcon_list);
679
680 spin_lock(&tcon->open_file_lock);
681 list_for_each(tmp2, &tcon->openFileList) {
682 cfile = list_entry(tmp2, struct cifsFileInfo,
683 tlist);
684 if (rsp->PersistentFid !=
685 cfile->fid.persistent_fid ||
686 rsp->VolatileFid !=
687 cfile->fid.volatile_fid)
688 continue;
689
690 cifs_dbg(FYI, "file id match, oplock break\n");
691 cifs_stats_inc(
692 &tcon->stats.cifs_stats.num_oplock_brks);
693 cinode = CIFS_I(d_inode(cfile->dentry));
694 spin_lock(&cfile->file_info_lock);
695 if (!CIFS_CACHE_WRITE(cinode) &&
696 rsp->OplockLevel == SMB2_OPLOCK_LEVEL_NONE)
697 cfile->oplock_break_cancelled = true;
698 else
699 cfile->oplock_break_cancelled = false;
700
701 set_bit(CIFS_INODE_PENDING_OPLOCK_BREAK,
702 &cinode->flags);
703
704
705
706
707
708 if (rsp->OplockLevel)
709 set_bit(
710 CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2,
711 &cinode->flags);
712 else
713 clear_bit(
714 CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2,
715 &cinode->flags);
716 spin_unlock(&cfile->file_info_lock);
717
718 cifs_queue_oplock_break(cfile);
719
720 spin_unlock(&tcon->open_file_lock);
721 spin_unlock(&cifs_tcp_ses_lock);
722 return true;
723 }
724 spin_unlock(&tcon->open_file_lock);
725 }
726 }
727 spin_unlock(&cifs_tcp_ses_lock);
728 cifs_dbg(FYI, "Can not process oplock break for non-existent connection\n");
729 return false;
730 }
731
732 void
733 smb2_cancelled_close_fid(struct work_struct *work)
734 {
735 struct close_cancelled_open *cancelled = container_of(work,
736 struct close_cancelled_open, work);
737
738 cifs_dbg(VFS, "Close unmatched open\n");
739
740 SMB2_close(0, cancelled->tcon, cancelled->fid.persistent_fid,
741 cancelled->fid.volatile_fid);
742 cifs_put_tcon(cancelled->tcon);
743 kfree(cancelled);
744 }
745
746
747 static int
748 __smb2_handle_cancelled_close(struct cifs_tcon *tcon, __u64 persistent_fid,
749 __u64 volatile_fid)
750 {
751 struct close_cancelled_open *cancelled;
752
753 cancelled = kzalloc(sizeof(*cancelled), GFP_ATOMIC);
754 if (!cancelled)
755 return -ENOMEM;
756
757 cancelled->fid.persistent_fid = persistent_fid;
758 cancelled->fid.volatile_fid = volatile_fid;
759 cancelled->tcon = tcon;
760 INIT_WORK(&cancelled->work, smb2_cancelled_close_fid);
761 WARN_ON(queue_work(cifsiod_wq, &cancelled->work) == false);
762
763 return 0;
764 }
765
766 int
767 smb2_handle_cancelled_close(struct cifs_tcon *tcon, __u64 persistent_fid,
768 __u64 volatile_fid)
769 {
770 int rc;
771
772 cifs_dbg(FYI, "%s: tc_count=%d\n", __func__, tcon->tc_count);
773 spin_lock(&cifs_tcp_ses_lock);
774 tcon->tc_count++;
775 spin_unlock(&cifs_tcp_ses_lock);
776
777 rc = __smb2_handle_cancelled_close(tcon, persistent_fid, volatile_fid);
778 if (rc)
779 cifs_put_tcon(tcon);
780
781 return rc;
782 }
783
784 int
785 smb2_handle_cancelled_mid(char *buffer, struct TCP_Server_Info *server)
786 {
787 struct smb2_sync_hdr *sync_hdr = (struct smb2_sync_hdr *)buffer;
788 struct smb2_create_rsp *rsp = (struct smb2_create_rsp *)buffer;
789 struct cifs_tcon *tcon;
790 int rc;
791
792 if (sync_hdr->Command != SMB2_CREATE ||
793 sync_hdr->Status != STATUS_SUCCESS)
794 return 0;
795
796 tcon = smb2_find_smb_tcon(server, sync_hdr->SessionId,
797 sync_hdr->TreeId);
798 if (!tcon)
799 return -ENOENT;
800
801 rc = __smb2_handle_cancelled_close(tcon, rsp->PersistentFileId,
802 rsp->VolatileFileId);
803 if (rc)
804 cifs_put_tcon(tcon);
805
806 return rc;
807 }
808
809
810
811
812
813
814
815 int
816 smb311_update_preauth_hash(struct cifs_ses *ses, struct kvec *iov, int nvec)
817 {
818 int i, rc;
819 struct sdesc *d;
820 struct smb2_sync_hdr *hdr;
821
822 if (ses->server->tcpStatus == CifsGood) {
823
824 if (ses->server->dialect != SMB311_PROT_ID)
825 return 0;
826
827
828 hdr = (struct smb2_sync_hdr *)iov[0].iov_base;
829 if (hdr->Flags & SMB2_FLAGS_SIGNED)
830 return 0;
831 }
832
833 rc = smb311_crypto_shash_allocate(ses->server);
834 if (rc)
835 return rc;
836
837 d = ses->server->secmech.sdescsha512;
838 rc = crypto_shash_init(&d->shash);
839 if (rc) {
840 cifs_dbg(VFS, "%s: could not init sha512 shash\n", __func__);
841 return rc;
842 }
843
844 rc = crypto_shash_update(&d->shash, ses->preauth_sha_hash,
845 SMB2_PREAUTH_HASH_SIZE);
846 if (rc) {
847 cifs_dbg(VFS, "%s: could not update sha512 shash\n", __func__);
848 return rc;
849 }
850
851 for (i = 0; i < nvec; i++) {
852 rc = crypto_shash_update(&d->shash,
853 iov[i].iov_base, iov[i].iov_len);
854 if (rc) {
855 cifs_dbg(VFS, "%s: could not update sha512 shash\n",
856 __func__);
857 return rc;
858 }
859 }
860
861 rc = crypto_shash_final(&d->shash, ses->preauth_sha_hash);
862 if (rc) {
863 cifs_dbg(VFS, "%s: could not finalize sha512 shash\n",
864 __func__);
865 return rc;
866 }
867
868 return 0;
869 }