fs/cifs/smb2pdu.c at v6.3-rc4

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / fs / cifs / smb2pdu.c
at v6.3-rc4 5673 lines 161 kB view raw
wrap content
   1// SPDX-License-Identifier: LGPL-2.1
   2/*
   3 *
   4 *   Copyright (C) International Business Machines  Corp., 2009, 2013
   5 *                 Etersoft, 2012
   6 *   Author(s): Steve French (sfrench@us.ibm.com)
   7 *              Pavel Shilovsky (pshilovsky@samba.org) 2012
   8 *
   9 *   Contains the routines for constructing the SMB2 PDUs themselves
  10 *
  11 */
  12
  13 /* SMB2 PDU handling routines here - except for leftovers (eg session setup) */
  14 /* Note that there are handle based routines which must be		      */
  15 /* treated slightly differently for reconnection purposes since we never     */
  16 /* want to reuse a stale file handle and only the caller knows the file info */
  17
  18#include <linux/fs.h>
  19#include <linux/kernel.h>
  20#include <linux/vfs.h>
  21#include <linux/task_io_accounting_ops.h>
  22#include <linux/uaccess.h>
  23#include <linux/uuid.h>
  24#include <linux/pagemap.h>
  25#include <linux/xattr.h>
  26#include "cifsglob.h"
  27#include "cifsacl.h"
  28#include "cifsproto.h"
  29#include "smb2proto.h"
  30#include "cifs_unicode.h"
  31#include "cifs_debug.h"
  32#include "ntlmssp.h"
  33#include "smb2status.h"
  34#include "smb2glob.h"
  35#include "cifspdu.h"
  36#include "cifs_spnego.h"
  37#include "smbdirect.h"
  38#include "trace.h"
  39#ifdef CONFIG_CIFS_DFS_UPCALL
  40#include "dfs_cache.h"
  41#endif
  42#include "cached_dir.h"
  43
  44/*
  45 *  The following table defines the expected "StructureSize" of SMB2 requests
  46 *  in order by SMB2 command.  This is similar to "wct" in SMB/CIFS requests.
  47 *
  48 *  Note that commands are defined in smb2pdu.h in le16 but the array below is
  49 *  indexed by command in host byte order.
  50 */
  51static const int smb2_req_struct_sizes[NUMBER_OF_SMB2_COMMANDS] = {
  52	/* SMB2_NEGOTIATE */ 36,
  53	/* SMB2_SESSION_SETUP */ 25,
  54	/* SMB2_LOGOFF */ 4,
  55	/* SMB2_TREE_CONNECT */	9,
  56	/* SMB2_TREE_DISCONNECT */ 4,
  57	/* SMB2_CREATE */ 57,
  58	/* SMB2_CLOSE */ 24,
  59	/* SMB2_FLUSH */ 24,
  60	/* SMB2_READ */	49,
  61	/* SMB2_WRITE */ 49,
  62	/* SMB2_LOCK */	48,
  63	/* SMB2_IOCTL */ 57,
  64	/* SMB2_CANCEL */ 4,
  65	/* SMB2_ECHO */ 4,
  66	/* SMB2_QUERY_DIRECTORY */ 33,
  67	/* SMB2_CHANGE_NOTIFY */ 32,
  68	/* SMB2_QUERY_INFO */ 41,
  69	/* SMB2_SET_INFO */ 33,
  70	/* SMB2_OPLOCK_BREAK */ 24 /* BB this is 36 for LEASE_BREAK variant */
  71};
  72
  73int smb3_encryption_required(const struct cifs_tcon *tcon)
  74{
  75	if (!tcon || !tcon->ses)
  76		return 0;
  77	if ((tcon->ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) ||
  78	    (tcon->share_flags & SHI1005_FLAGS_ENCRYPT_DATA))
  79		return 1;
  80	if (tcon->seal &&
  81	    (tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
  82		return 1;
  83	return 0;
  84}
  85
  86static void
  87smb2_hdr_assemble(struct smb2_hdr *shdr, __le16 smb2_cmd,
  88		  const struct cifs_tcon *tcon,
  89		  struct TCP_Server_Info *server)
  90{
  91	shdr->ProtocolId = SMB2_PROTO_NUMBER;
  92	shdr->StructureSize = cpu_to_le16(64);
  93	shdr->Command = smb2_cmd;
  94	if (server) {
  95		spin_lock(&server->req_lock);
  96		/* Request up to 10 credits but don't go over the limit. */
  97		if (server->credits >= server->max_credits)
  98			shdr->CreditRequest = cpu_to_le16(0);
  99		else
 100			shdr->CreditRequest = cpu_to_le16(
 101				min_t(int, server->max_credits -
 102						server->credits, 10));
 103		spin_unlock(&server->req_lock);
 104	} else {
 105		shdr->CreditRequest = cpu_to_le16(2);
 106	}
 107	shdr->Id.SyncId.ProcessId = cpu_to_le32((__u16)current->tgid);
 108
 109	if (!tcon)
 110		goto out;
 111
 112	/* GLOBAL_CAP_LARGE_MTU will only be set if dialect > SMB2.02 */
 113	/* See sections 2.2.4 and 3.2.4.1.5 of MS-SMB2 */
 114	if (server && (server->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU))
 115		shdr->CreditCharge = cpu_to_le16(1);
 116	/* else CreditCharge MBZ */
 117
 118	shdr->Id.SyncId.TreeId = cpu_to_le32(tcon->tid);
 119	/* Uid is not converted */
 120	if (tcon->ses)
 121		shdr->SessionId = cpu_to_le64(tcon->ses->Suid);
 122
 123	/*
 124	 * If we would set SMB2_FLAGS_DFS_OPERATIONS on open we also would have
 125	 * to pass the path on the Open SMB prefixed by \\server\share.
 126	 * Not sure when we would need to do the augmented path (if ever) and
 127	 * setting this flag breaks the SMB2 open operation since it is
 128	 * illegal to send an empty path name (without \\server\share prefix)
 129	 * when the DFS flag is set in the SMB open header. We could
 130	 * consider setting the flag on all operations other than open
 131	 * but it is safer to net set it for now.
 132	 */
 133/*	if (tcon->share_flags & SHI1005_FLAGS_DFS)
 134		shdr->Flags |= SMB2_FLAGS_DFS_OPERATIONS; */
 135
 136	if (server && server->sign && !smb3_encryption_required(tcon))
 137		shdr->Flags |= SMB2_FLAGS_SIGNED;
 138out:
 139	return;
 140}
 141
 142static int
 143smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon,
 144	       struct TCP_Server_Info *server)
 145{
 146	int rc = 0;
 147	struct nls_table *nls_codepage = NULL;
 148	struct cifs_ses *ses;
 149
 150	/*
 151	 * SMB2s NegProt, SessSetup, Logoff do not have tcon yet so
 152	 * check for tcp and smb session status done differently
 153	 * for those three - in the calling routine.
 154	 */
 155	if (tcon == NULL)
 156		return 0;
 157
 158	/*
 159	 * Need to also skip SMB2_IOCTL because it is used for checking nested dfs links in
 160	 * cifs_tree_connect().
 161	 */
 162	if (smb2_command == SMB2_TREE_CONNECT || smb2_command == SMB2_IOCTL)
 163		return 0;
 164
 165	spin_lock(&tcon->tc_lock);
 166	if (tcon->status == TID_EXITING) {
 167		/*
 168		 * only tree disconnect allowed when disconnecting ...
 169		 */
 170		if (smb2_command != SMB2_TREE_DISCONNECT) {
 171			spin_unlock(&tcon->tc_lock);
 172			cifs_dbg(FYI, "can not send cmd %d while umounting\n",
 173				 smb2_command);
 174			return -ENODEV;
 175		}
 176	}
 177	spin_unlock(&tcon->tc_lock);
 178	if ((!tcon->ses) || (tcon->ses->ses_status == SES_EXITING) ||
 179	    (!tcon->ses->server) || !server)
 180		return -EIO;
 181
 182	spin_lock(&server->srv_lock);
 183	if (server->tcpStatus == CifsNeedReconnect) {
 184		/*
 185		 * Return to caller for TREE_DISCONNECT and LOGOFF and CLOSE
 186		 * here since they are implicitly done when session drops.
 187		 */
 188		switch (smb2_command) {
 189		/*
 190		 * BB Should we keep oplock break and add flush to exceptions?
 191		 */
 192		case SMB2_TREE_DISCONNECT:
 193		case SMB2_CANCEL:
 194		case SMB2_CLOSE:
 195		case SMB2_OPLOCK_BREAK:
 196			spin_unlock(&server->srv_lock);
 197			return -EAGAIN;
 198		}
 199	}
 200	spin_unlock(&server->srv_lock);
 201
 202again:
 203	rc = cifs_wait_for_server_reconnect(server, tcon->retry);
 204	if (rc)
 205		return rc;
 206
 207	ses = tcon->ses;
 208
 209	spin_lock(&ses->chan_lock);
 210	if (!cifs_chan_needs_reconnect(ses, server) && !tcon->need_reconnect) {
 211		spin_unlock(&ses->chan_lock);
 212		return 0;
 213	}
 214	spin_unlock(&ses->chan_lock);
 215	cifs_dbg(FYI, "sess reconnect mask: 0x%lx, tcon reconnect: %d",
 216		 tcon->ses->chans_need_reconnect,
 217		 tcon->need_reconnect);
 218
 219	mutex_lock(&ses->session_mutex);
 220	/*
 221	 * Recheck after acquire mutex. If another thread is negotiating
 222	 * and the server never sends an answer the socket will be closed
 223	 * and tcpStatus set to reconnect.
 224	 */
 225	spin_lock(&server->srv_lock);
 226	if (server->tcpStatus == CifsNeedReconnect) {
 227		spin_unlock(&server->srv_lock);
 228		mutex_unlock(&ses->session_mutex);
 229
 230		if (tcon->retry)
 231			goto again;
 232
 233		rc = -EHOSTDOWN;
 234		goto out;
 235	}
 236	spin_unlock(&server->srv_lock);
 237
 238	nls_codepage = load_nls_default();
 239
 240	/*
 241	 * need to prevent multiple threads trying to simultaneously
 242	 * reconnect the same SMB session
 243	 */
 244	spin_lock(&ses->ses_lock);
 245	spin_lock(&ses->chan_lock);
 246	if (!cifs_chan_needs_reconnect(ses, server) &&
 247	    ses->ses_status == SES_GOOD) {
 248		spin_unlock(&ses->chan_lock);
 249		spin_unlock(&ses->ses_lock);
 250		/* this means that we only need to tree connect */
 251		if (tcon->need_reconnect)
 252			goto skip_sess_setup;
 253
 254		mutex_unlock(&ses->session_mutex);
 255		goto out;
 256	}
 257	spin_unlock(&ses->chan_lock);
 258	spin_unlock(&ses->ses_lock);
 259
 260	rc = cifs_negotiate_protocol(0, ses, server);
 261	if (!rc) {
 262		rc = cifs_setup_session(0, ses, server, nls_codepage);
 263		if ((rc == -EACCES) && !tcon->retry) {
 264			mutex_unlock(&ses->session_mutex);
 265			rc = -EHOSTDOWN;
 266			goto failed;
 267		} else if (rc) {
 268			mutex_unlock(&ses->session_mutex);
 269			goto out;
 270		}
 271	} else {
 272		mutex_unlock(&ses->session_mutex);
 273		goto out;
 274	}
 275
 276skip_sess_setup:
 277	if (!tcon->need_reconnect) {
 278		mutex_unlock(&ses->session_mutex);
 279		goto out;
 280	}
 281	cifs_mark_open_files_invalid(tcon);
 282	if (tcon->use_persistent)
 283		tcon->need_reopen_files = true;
 284
 285	rc = cifs_tree_connect(0, tcon, nls_codepage);
 286	mutex_unlock(&ses->session_mutex);
 287
 288	cifs_dbg(FYI, "reconnect tcon rc = %d\n", rc);
 289	if (rc) {
 290		/* If sess reconnected but tcon didn't, something strange ... */
 291		cifs_dbg(VFS, "reconnect tcon failed rc = %d\n", rc);
 292		goto out;
 293	}
 294
 295	if (smb2_command != SMB2_INTERNAL_CMD)
 296		mod_delayed_work(cifsiod_wq, &server->reconnect, 0);
 297
 298	atomic_inc(&tconInfoReconnectCount);
 299out:
 300	/*
 301	 * Check if handle based operation so we know whether we can continue
 302	 * or not without returning to caller to reset file handle.
 303	 */
 304	/*
 305	 * BB Is flush done by server on drop of tcp session? Should we special
 306	 * case it and skip above?
 307	 */
 308	switch (smb2_command) {
 309	case SMB2_FLUSH:
 310	case SMB2_READ:
 311	case SMB2_WRITE:
 312	case SMB2_LOCK:
 313	case SMB2_IOCTL:
 314	case SMB2_QUERY_DIRECTORY:
 315	case SMB2_CHANGE_NOTIFY:
 316	case SMB2_QUERY_INFO:
 317	case SMB2_SET_INFO:
 318		rc = -EAGAIN;
 319	}
 320failed:
 321	unload_nls(nls_codepage);
 322	return rc;
 323}
 324
 325static void
 326fill_small_buf(__le16 smb2_command, struct cifs_tcon *tcon,
 327	       struct TCP_Server_Info *server,
 328	       void *buf,
 329	       unsigned int *total_len)
 330{
 331	struct smb2_pdu *spdu = buf;
 332	/* lookup word count ie StructureSize from table */
 333	__u16 parmsize = smb2_req_struct_sizes[le16_to_cpu(smb2_command)];
 334
 335	/*
 336	 * smaller than SMALL_BUFFER_SIZE but bigger than fixed area of
 337	 * largest operations (Create)
 338	 */
 339	memset(buf, 0, 256);
 340
 341	smb2_hdr_assemble(&spdu->hdr, smb2_command, tcon, server);
 342	spdu->StructureSize2 = cpu_to_le16(parmsize);
 343
 344	*total_len = parmsize + sizeof(struct smb2_hdr);
 345}
 346
 347/*
 348 * Allocate and return pointer to an SMB request hdr, and set basic
 349 * SMB information in the SMB header. If the return code is zero, this
 350 * function must have filled in request_buf pointer.
 351 */
 352static int __smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon,
 353				 struct TCP_Server_Info *server,
 354				 void **request_buf, unsigned int *total_len)
 355{
 356	/* BB eventually switch this to SMB2 specific small buf size */
 357	if (smb2_command == SMB2_SET_INFO)
 358		*request_buf = cifs_buf_get();
 359	else
 360		*request_buf = cifs_small_buf_get();
 361	if (*request_buf == NULL) {
 362		/* BB should we add a retry in here if not a writepage? */
 363		return -ENOMEM;
 364	}
 365
 366	fill_small_buf(smb2_command, tcon, server,
 367		       (struct smb2_hdr *)(*request_buf),
 368		       total_len);
 369
 370	if (tcon != NULL) {
 371		uint16_t com_code = le16_to_cpu(smb2_command);
 372		cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_sent[com_code]);
 373		cifs_stats_inc(&tcon->num_smbs_sent);
 374	}
 375
 376	return 0;
 377}
 378
 379static int smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon,
 380			       struct TCP_Server_Info *server,
 381			       void **request_buf, unsigned int *total_len)
 382{
 383	int rc;
 384
 385	rc = smb2_reconnect(smb2_command, tcon, server);
 386	if (rc)
 387		return rc;
 388
 389	return __smb2_plain_req_init(smb2_command, tcon, server, request_buf,
 390				     total_len);
 391}
 392
 393static int smb2_ioctl_req_init(u32 opcode, struct cifs_tcon *tcon,
 394			       struct TCP_Server_Info *server,
 395			       void **request_buf, unsigned int *total_len)
 396{
 397	/* Skip reconnect only for FSCTL_VALIDATE_NEGOTIATE_INFO IOCTLs */
 398	if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO) {
 399		return __smb2_plain_req_init(SMB2_IOCTL, tcon, server,
 400					     request_buf, total_len);
 401	}
 402	return smb2_plain_req_init(SMB2_IOCTL, tcon, server,
 403				   request_buf, total_len);
 404}
 405
 406/* For explanation of negotiate contexts see MS-SMB2 section 2.2.3.1 */
 407
 408static void
 409build_preauth_ctxt(struct smb2_preauth_neg_context *pneg_ctxt)
 410{
 411	pneg_ctxt->ContextType = SMB2_PREAUTH_INTEGRITY_CAPABILITIES;
 412	pneg_ctxt->DataLength = cpu_to_le16(38);
 413	pneg_ctxt->HashAlgorithmCount = cpu_to_le16(1);
 414	pneg_ctxt->SaltLength = cpu_to_le16(SMB311_SALT_SIZE);
 415	get_random_bytes(pneg_ctxt->Salt, SMB311_SALT_SIZE);
 416	pneg_ctxt->HashAlgorithms = SMB2_PREAUTH_INTEGRITY_SHA512;
 417}
 418
 419static void
 420build_compression_ctxt(struct smb2_compression_capabilities_context *pneg_ctxt)
 421{
 422	pneg_ctxt->ContextType = SMB2_COMPRESSION_CAPABILITIES;
 423	pneg_ctxt->DataLength =
 424		cpu_to_le16(sizeof(struct smb2_compression_capabilities_context)
 425			  - sizeof(struct smb2_neg_context));
 426	pneg_ctxt->CompressionAlgorithmCount = cpu_to_le16(3);
 427	pneg_ctxt->CompressionAlgorithms[0] = SMB3_COMPRESS_LZ77;
 428	pneg_ctxt->CompressionAlgorithms[1] = SMB3_COMPRESS_LZ77_HUFF;
 429	pneg_ctxt->CompressionAlgorithms[2] = SMB3_COMPRESS_LZNT1;
 430}
 431
 432static unsigned int
 433build_signing_ctxt(struct smb2_signing_capabilities *pneg_ctxt)
 434{
 435	unsigned int ctxt_len = sizeof(struct smb2_signing_capabilities);
 436	unsigned short num_algs = 1; /* number of signing algorithms sent */
 437
 438	pneg_ctxt->ContextType = SMB2_SIGNING_CAPABILITIES;
 439	/*
 440	 * Context Data length must be rounded to multiple of 8 for some servers
 441	 */
 442	pneg_ctxt->DataLength = cpu_to_le16(ALIGN(sizeof(struct smb2_signing_capabilities) -
 443					    sizeof(struct smb2_neg_context) +
 444					    (num_algs * sizeof(u16)), 8));
 445	pneg_ctxt->SigningAlgorithmCount = cpu_to_le16(num_algs);
 446	pneg_ctxt->SigningAlgorithms[0] = cpu_to_le16(SIGNING_ALG_AES_CMAC);
 447
 448	ctxt_len += sizeof(__le16) * num_algs;
 449	ctxt_len = ALIGN(ctxt_len, 8);
 450	return ctxt_len;
 451	/* TBD add SIGNING_ALG_AES_GMAC and/or SIGNING_ALG_HMAC_SHA256 */
 452}
 453
 454static void
 455build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt)
 456{
 457	pneg_ctxt->ContextType = SMB2_ENCRYPTION_CAPABILITIES;
 458	if (require_gcm_256) {
 459		pneg_ctxt->DataLength = cpu_to_le16(4); /* Cipher Count + 1 cipher */
 460		pneg_ctxt->CipherCount = cpu_to_le16(1);
 461		pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES256_GCM;
 462	} else if (enable_gcm_256) {
 463		pneg_ctxt->DataLength = cpu_to_le16(8); /* Cipher Count + 3 ciphers */
 464		pneg_ctxt->CipherCount = cpu_to_le16(3);
 465		pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_GCM;
 466		pneg_ctxt->Ciphers[1] = SMB2_ENCRYPTION_AES256_GCM;
 467		pneg_ctxt->Ciphers[2] = SMB2_ENCRYPTION_AES128_CCM;
 468	} else {
 469		pneg_ctxt->DataLength = cpu_to_le16(6); /* Cipher Count + 2 ciphers */
 470		pneg_ctxt->CipherCount = cpu_to_le16(2);
 471		pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_GCM;
 472		pneg_ctxt->Ciphers[1] = SMB2_ENCRYPTION_AES128_CCM;
 473	}
 474}
 475
 476static unsigned int
 477build_netname_ctxt(struct smb2_netname_neg_context *pneg_ctxt, char *hostname)
 478{
 479	struct nls_table *cp = load_nls_default();
 480
 481	pneg_ctxt->ContextType = SMB2_NETNAME_NEGOTIATE_CONTEXT_ID;
 482
 483	/* copy up to max of first 100 bytes of server name to NetName field */
 484	pneg_ctxt->DataLength = cpu_to_le16(2 * cifs_strtoUTF16(pneg_ctxt->NetName, hostname, 100, cp));
 485	/* context size is DataLength + minimal smb2_neg_context */
 486	return ALIGN(le16_to_cpu(pneg_ctxt->DataLength) + sizeof(struct smb2_neg_context), 8);
 487}
 488
 489static void
 490build_posix_ctxt(struct smb2_posix_neg_context *pneg_ctxt)
 491{
 492	pneg_ctxt->ContextType = SMB2_POSIX_EXTENSIONS_AVAILABLE;
 493	pneg_ctxt->DataLength = cpu_to_le16(POSIX_CTXT_DATA_LEN);
 494	/* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */
 495	pneg_ctxt->Name[0] = 0x93;
 496	pneg_ctxt->Name[1] = 0xAD;
 497	pneg_ctxt->Name[2] = 0x25;
 498	pneg_ctxt->Name[3] = 0x50;
 499	pneg_ctxt->Name[4] = 0x9C;
 500	pneg_ctxt->Name[5] = 0xB4;
 501	pneg_ctxt->Name[6] = 0x11;
 502	pneg_ctxt->Name[7] = 0xE7;
 503	pneg_ctxt->Name[8] = 0xB4;
 504	pneg_ctxt->Name[9] = 0x23;
 505	pneg_ctxt->Name[10] = 0x83;
 506	pneg_ctxt->Name[11] = 0xDE;
 507	pneg_ctxt->Name[12] = 0x96;
 508	pneg_ctxt->Name[13] = 0x8B;
 509	pneg_ctxt->Name[14] = 0xCD;
 510	pneg_ctxt->Name[15] = 0x7C;
 511}
 512
 513static void
 514assemble_neg_contexts(struct smb2_negotiate_req *req,
 515		      struct TCP_Server_Info *server, unsigned int *total_len)
 516{
 517	unsigned int ctxt_len, neg_context_count;
 518	struct TCP_Server_Info *pserver;
 519	char *pneg_ctxt;
 520	char *hostname;
 521
 522	if (*total_len > 200) {
 523		/* In case length corrupted don't want to overrun smb buffer */
 524		cifs_server_dbg(VFS, "Bad frame length assembling neg contexts\n");
 525		return;
 526	}
 527
 528	/*
 529	 * round up total_len of fixed part of SMB3 negotiate request to 8
 530	 * byte boundary before adding negotiate contexts
 531	 */
 532	*total_len = ALIGN(*total_len, 8);
 533
 534	pneg_ctxt = (*total_len) + (char *)req;
 535	req->NegotiateContextOffset = cpu_to_le32(*total_len);
 536
 537	build_preauth_ctxt((struct smb2_preauth_neg_context *)pneg_ctxt);
 538	ctxt_len = ALIGN(sizeof(struct smb2_preauth_neg_context), 8);
 539	*total_len += ctxt_len;
 540	pneg_ctxt += ctxt_len;
 541
 542	build_encrypt_ctxt((struct smb2_encryption_neg_context *)pneg_ctxt);
 543	ctxt_len = ALIGN(sizeof(struct smb2_encryption_neg_context), 8);
 544	*total_len += ctxt_len;
 545	pneg_ctxt += ctxt_len;
 546
 547	/*
 548	 * secondary channels don't have the hostname field populated
 549	 * use the hostname field in the primary channel instead
 550	 */
 551	pserver = CIFS_SERVER_IS_CHAN(server) ? server->primary_server : server;
 552	cifs_server_lock(pserver);
 553	hostname = pserver->hostname;
 554	if (hostname && (hostname[0] != 0)) {
 555		ctxt_len = build_netname_ctxt((struct smb2_netname_neg_context *)pneg_ctxt,
 556					      hostname);
 557		*total_len += ctxt_len;
 558		pneg_ctxt += ctxt_len;
 559		neg_context_count = 3;
 560	} else
 561		neg_context_count = 2;
 562	cifs_server_unlock(pserver);
 563
 564	build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt);
 565	*total_len += sizeof(struct smb2_posix_neg_context);
 566	pneg_ctxt += sizeof(struct smb2_posix_neg_context);
 567	neg_context_count++;
 568
 569	if (server->compress_algorithm) {
 570		build_compression_ctxt((struct smb2_compression_capabilities_context *)
 571				pneg_ctxt);
 572		ctxt_len = ALIGN(sizeof(struct smb2_compression_capabilities_context), 8);
 573		*total_len += ctxt_len;
 574		pneg_ctxt += ctxt_len;
 575		neg_context_count++;
 576	}
 577
 578	if (enable_negotiate_signing) {
 579		ctxt_len = build_signing_ctxt((struct smb2_signing_capabilities *)
 580				pneg_ctxt);
 581		*total_len += ctxt_len;
 582		pneg_ctxt += ctxt_len;
 583		neg_context_count++;
 584	}
 585
 586	/* check for and add transport_capabilities and signing capabilities */
 587	req->NegotiateContextCount = cpu_to_le16(neg_context_count);
 588
 589}
 590
 591static void decode_preauth_context(struct smb2_preauth_neg_context *ctxt)
 592{
 593	unsigned int len = le16_to_cpu(ctxt->DataLength);
 594
 595	/* If invalid preauth context warn but use what we requested, SHA-512 */
 596	if (len < MIN_PREAUTH_CTXT_DATA_LEN) {
 597		pr_warn_once("server sent bad preauth context\n");
 598		return;
 599	} else if (len < MIN_PREAUTH_CTXT_DATA_LEN + le16_to_cpu(ctxt->SaltLength)) {
 600		pr_warn_once("server sent invalid SaltLength\n");
 601		return;
 602	}
 603	if (le16_to_cpu(ctxt->HashAlgorithmCount) != 1)
 604		pr_warn_once("Invalid SMB3 hash algorithm count\n");
 605	if (ctxt->HashAlgorithms != SMB2_PREAUTH_INTEGRITY_SHA512)
 606		pr_warn_once("unknown SMB3 hash algorithm\n");
 607}
 608
 609static void decode_compress_ctx(struct TCP_Server_Info *server,
 610			 struct smb2_compression_capabilities_context *ctxt)
 611{
 612	unsigned int len = le16_to_cpu(ctxt->DataLength);
 613
 614	/* sizeof compress context is a one element compression capbility struct */
 615	if (len < 10) {
 616		pr_warn_once("server sent bad compression cntxt\n");
 617		return;
 618	}
 619	if (le16_to_cpu(ctxt->CompressionAlgorithmCount) != 1) {
 620		pr_warn_once("Invalid SMB3 compress algorithm count\n");
 621		return;
 622	}
 623	if (le16_to_cpu(ctxt->CompressionAlgorithms[0]) > 3) {
 624		pr_warn_once("unknown compression algorithm\n");
 625		return;
 626	}
 627	server->compress_algorithm = ctxt->CompressionAlgorithms[0];
 628}
 629
 630static int decode_encrypt_ctx(struct TCP_Server_Info *server,
 631			      struct smb2_encryption_neg_context *ctxt)
 632{
 633	unsigned int len = le16_to_cpu(ctxt->DataLength);
 634
 635	cifs_dbg(FYI, "decode SMB3.11 encryption neg context of len %d\n", len);
 636	if (len < MIN_ENCRYPT_CTXT_DATA_LEN) {
 637		pr_warn_once("server sent bad crypto ctxt len\n");
 638		return -EINVAL;
 639	}
 640
 641	if (le16_to_cpu(ctxt->CipherCount) != 1) {
 642		pr_warn_once("Invalid SMB3.11 cipher count\n");
 643		return -EINVAL;
 644	}
 645	cifs_dbg(FYI, "SMB311 cipher type:%d\n", le16_to_cpu(ctxt->Ciphers[0]));
 646	if (require_gcm_256) {
 647		if (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES256_GCM) {
 648			cifs_dbg(VFS, "Server does not support requested encryption type (AES256 GCM)\n");
 649			return -EOPNOTSUPP;
 650		}
 651	} else if (ctxt->Ciphers[0] == 0) {
 652		/*
 653		 * e.g. if server only supported AES256_CCM (very unlikely)
 654		 * or server supported no encryption types or had all disabled.
 655		 * Since GLOBAL_CAP_ENCRYPTION will be not set, in the case
 656		 * in which mount requested encryption ("seal") checks later
 657		 * on during tree connection will return proper rc, but if
 658		 * seal not requested by client, since server is allowed to
 659		 * return 0 to indicate no supported cipher, we can't fail here
 660		 */
 661		server->cipher_type = 0;
 662		server->capabilities &= ~SMB2_GLOBAL_CAP_ENCRYPTION;
 663		pr_warn_once("Server does not support requested encryption types\n");
 664		return 0;
 665	} else if ((ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_CCM) &&
 666		   (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_GCM) &&
 667		   (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES256_GCM)) {
 668		/* server returned a cipher we didn't ask for */
 669		pr_warn_once("Invalid SMB3.11 cipher returned\n");
 670		return -EINVAL;
 671	}
 672	server->cipher_type = ctxt->Ciphers[0];
 673	server->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION;
 674	return 0;
 675}
 676
 677static void decode_signing_ctx(struct TCP_Server_Info *server,
 678			       struct smb2_signing_capabilities *pctxt)
 679{
 680	unsigned int len = le16_to_cpu(pctxt->DataLength);
 681
 682	if ((len < 4) || (len > 16)) {
 683		pr_warn_once("server sent bad signing negcontext\n");
 684		return;
 685	}
 686	if (le16_to_cpu(pctxt->SigningAlgorithmCount) != 1) {
 687		pr_warn_once("Invalid signing algorithm count\n");
 688		return;
 689	}
 690	if (le16_to_cpu(pctxt->SigningAlgorithms[0]) > 2) {
 691		pr_warn_once("unknown signing algorithm\n");
 692		return;
 693	}
 694
 695	server->signing_negotiated = true;
 696	server->signing_algorithm = le16_to_cpu(pctxt->SigningAlgorithms[0]);
 697	cifs_dbg(FYI, "signing algorithm %d chosen\n",
 698		     server->signing_algorithm);
 699}
 700
 701
 702static int smb311_decode_neg_context(struct smb2_negotiate_rsp *rsp,
 703				     struct TCP_Server_Info *server,
 704				     unsigned int len_of_smb)
 705{
 706	struct smb2_neg_context *pctx;
 707	unsigned int offset = le32_to_cpu(rsp->NegotiateContextOffset);
 708	unsigned int ctxt_cnt = le16_to_cpu(rsp->NegotiateContextCount);
 709	unsigned int len_of_ctxts, i;
 710	int rc = 0;
 711
 712	cifs_dbg(FYI, "decoding %d negotiate contexts\n", ctxt_cnt);
 713	if (len_of_smb <= offset) {
 714		cifs_server_dbg(VFS, "Invalid response: negotiate context offset\n");
 715		return -EINVAL;
 716	}
 717
 718	len_of_ctxts = len_of_smb - offset;
 719
 720	for (i = 0; i < ctxt_cnt; i++) {
 721		int clen;
 722		/* check that offset is not beyond end of SMB */
 723		if (len_of_ctxts == 0)
 724			break;
 725
 726		if (len_of_ctxts < sizeof(struct smb2_neg_context))
 727			break;
 728
 729		pctx = (struct smb2_neg_context *)(offset + (char *)rsp);
 730		clen = le16_to_cpu(pctx->DataLength);
 731		if (clen > len_of_ctxts)
 732			break;
 733
 734		if (pctx->ContextType == SMB2_PREAUTH_INTEGRITY_CAPABILITIES)
 735			decode_preauth_context(
 736				(struct smb2_preauth_neg_context *)pctx);
 737		else if (pctx->ContextType == SMB2_ENCRYPTION_CAPABILITIES)
 738			rc = decode_encrypt_ctx(server,
 739				(struct smb2_encryption_neg_context *)pctx);
 740		else if (pctx->ContextType == SMB2_COMPRESSION_CAPABILITIES)
 741			decode_compress_ctx(server,
 742				(struct smb2_compression_capabilities_context *)pctx);
 743		else if (pctx->ContextType == SMB2_POSIX_EXTENSIONS_AVAILABLE)
 744			server->posix_ext_supported = true;
 745		else if (pctx->ContextType == SMB2_SIGNING_CAPABILITIES)
 746			decode_signing_ctx(server,
 747				(struct smb2_signing_capabilities *)pctx);
 748		else
 749			cifs_server_dbg(VFS, "unknown negcontext of type %d ignored\n",
 750				le16_to_cpu(pctx->ContextType));
 751
 752		if (rc)
 753			break;
 754		/* offsets must be 8 byte aligned */
 755		clen = ALIGN(clen, 8);
 756		offset += clen + sizeof(struct smb2_neg_context);
 757		len_of_ctxts -= clen;
 758	}
 759	return rc;
 760}
 761
 762static struct create_posix *
 763create_posix_buf(umode_t mode)
 764{
 765	struct create_posix *buf;
 766
 767	buf = kzalloc(sizeof(struct create_posix),
 768			GFP_KERNEL);
 769	if (!buf)
 770		return NULL;
 771
 772	buf->ccontext.DataOffset =
 773		cpu_to_le16(offsetof(struct create_posix, Mode));
 774	buf->ccontext.DataLength = cpu_to_le32(4);
 775	buf->ccontext.NameOffset =
 776		cpu_to_le16(offsetof(struct create_posix, Name));
 777	buf->ccontext.NameLength = cpu_to_le16(16);
 778
 779	/* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */
 780	buf->Name[0] = 0x93;
 781	buf->Name[1] = 0xAD;
 782	buf->Name[2] = 0x25;
 783	buf->Name[3] = 0x50;
 784	buf->Name[4] = 0x9C;
 785	buf->Name[5] = 0xB4;
 786	buf->Name[6] = 0x11;
 787	buf->Name[7] = 0xE7;
 788	buf->Name[8] = 0xB4;
 789	buf->Name[9] = 0x23;
 790	buf->Name[10] = 0x83;
 791	buf->Name[11] = 0xDE;
 792	buf->Name[12] = 0x96;
 793	buf->Name[13] = 0x8B;
 794	buf->Name[14] = 0xCD;
 795	buf->Name[15] = 0x7C;
 796	buf->Mode = cpu_to_le32(mode);
 797	cifs_dbg(FYI, "mode on posix create 0%o\n", mode);
 798	return buf;
 799}
 800
 801static int
 802add_posix_context(struct kvec *iov, unsigned int *num_iovec, umode_t mode)
 803{
 804	struct smb2_create_req *req = iov[0].iov_base;
 805	unsigned int num = *num_iovec;
 806
 807	iov[num].iov_base = create_posix_buf(mode);
 808	if (mode == ACL_NO_MODE)
 809		cifs_dbg(FYI, "Invalid mode\n");
 810	if (iov[num].iov_base == NULL)
 811		return -ENOMEM;
 812	iov[num].iov_len = sizeof(struct create_posix);
 813	if (!req->CreateContextsOffset)
 814		req->CreateContextsOffset = cpu_to_le32(
 815				sizeof(struct smb2_create_req) +
 816				iov[num - 1].iov_len);
 817	le32_add_cpu(&req->CreateContextsLength, sizeof(struct create_posix));
 818	*num_iovec = num + 1;
 819	return 0;
 820}
 821
 822
 823/*
 824 *
 825 *	SMB2 Worker functions follow:
 826 *
 827 *	The general structure of the worker functions is:
 828 *	1) Call smb2_init (assembles SMB2 header)
 829 *	2) Initialize SMB2 command specific fields in fixed length area of SMB
 830 *	3) Call smb_sendrcv2 (sends request on socket and waits for response)
 831 *	4) Decode SMB2 command specific fields in the fixed length area
 832 *	5) Decode variable length data area (if any for this SMB2 command type)
 833 *	6) Call free smb buffer
 834 *	7) return
 835 *
 836 */
 837
 838int
 839SMB2_negotiate(const unsigned int xid,
 840	       struct cifs_ses *ses,
 841	       struct TCP_Server_Info *server)
 842{
 843	struct smb_rqst rqst;
 844	struct smb2_negotiate_req *req;
 845	struct smb2_negotiate_rsp *rsp;
 846	struct kvec iov[1];
 847	struct kvec rsp_iov;
 848	int rc;
 849	int resp_buftype;
 850	int blob_offset, blob_length;
 851	char *security_blob;
 852	int flags = CIFS_NEG_OP;
 853	unsigned int total_len;
 854
 855	cifs_dbg(FYI, "Negotiate protocol\n");
 856
 857	if (!server) {
 858		WARN(1, "%s: server is NULL!\n", __func__);
 859		return -EIO;
 860	}
 861
 862	rc = smb2_plain_req_init(SMB2_NEGOTIATE, NULL, server,
 863				 (void **) &req, &total_len);
 864	if (rc)
 865		return rc;
 866
 867	req->hdr.SessionId = 0;
 868
 869	memset(server->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE);
 870	memset(ses->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE);
 871
 872	if (strcmp(server->vals->version_string,
 873		   SMB3ANY_VERSION_STRING) == 0) {
 874		req->Dialects[0] = cpu_to_le16(SMB30_PROT_ID);
 875		req->Dialects[1] = cpu_to_le16(SMB302_PROT_ID);
 876		req->Dialects[2] = cpu_to_le16(SMB311_PROT_ID);
 877		req->DialectCount = cpu_to_le16(3);
 878		total_len += 6;
 879	} else if (strcmp(server->vals->version_string,
 880		   SMBDEFAULT_VERSION_STRING) == 0) {
 881		req->Dialects[0] = cpu_to_le16(SMB21_PROT_ID);
 882		req->Dialects[1] = cpu_to_le16(SMB30_PROT_ID);
 883		req->Dialects[2] = cpu_to_le16(SMB302_PROT_ID);
 884		req->Dialects[3] = cpu_to_le16(SMB311_PROT_ID);
 885		req->DialectCount = cpu_to_le16(4);
 886		total_len += 8;
 887	} else {
 888		/* otherwise send specific dialect */
 889		req->Dialects[0] = cpu_to_le16(server->vals->protocol_id);
 890		req->DialectCount = cpu_to_le16(1);
 891		total_len += 2;
 892	}
 893
 894	/* only one of SMB2 signing flags may be set in SMB2 request */
 895	if (ses->sign)
 896		req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED);
 897	else if (global_secflags & CIFSSEC_MAY_SIGN)
 898		req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED);
 899	else
 900		req->SecurityMode = 0;
 901
 902	req->Capabilities = cpu_to_le32(server->vals->req_capabilities);
 903	if (ses->chan_max > 1)
 904		req->Capabilities |= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL);
 905
 906	/* ClientGUID must be zero for SMB2.02 dialect */
 907	if (server->vals->protocol_id == SMB20_PROT_ID)
 908		memset(req->ClientGUID, 0, SMB2_CLIENT_GUID_SIZE);
 909	else {
 910		memcpy(req->ClientGUID, server->client_guid,
 911			SMB2_CLIENT_GUID_SIZE);
 912		if ((server->vals->protocol_id == SMB311_PROT_ID) ||
 913		    (strcmp(server->vals->version_string,
 914		     SMB3ANY_VERSION_STRING) == 0) ||
 915		    (strcmp(server->vals->version_string,
 916		     SMBDEFAULT_VERSION_STRING) == 0))
 917			assemble_neg_contexts(req, server, &total_len);
 918	}
 919	iov[0].iov_base = (char *)req;
 920	iov[0].iov_len = total_len;
 921
 922	memset(&rqst, 0, sizeof(struct smb_rqst));
 923	rqst.rq_iov = iov;
 924	rqst.rq_nvec = 1;
 925
 926	rc = cifs_send_recv(xid, ses, server,
 927			    &rqst, &resp_buftype, flags, &rsp_iov);
 928	cifs_small_buf_release(req);
 929	rsp = (struct smb2_negotiate_rsp *)rsp_iov.iov_base;
 930	/*
 931	 * No tcon so can't do
 932	 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
 933	 */
 934	if (rc == -EOPNOTSUPP) {
 935		cifs_server_dbg(VFS, "Dialect not supported by server. Consider  specifying vers=1.0 or vers=2.0 on mount for accessing older servers\n");
 936		goto neg_exit;
 937	} else if (rc != 0)
 938		goto neg_exit;
 939
 940	rc = -EIO;
 941	if (strcmp(server->vals->version_string,
 942		   SMB3ANY_VERSION_STRING) == 0) {
 943		if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) {
 944			cifs_server_dbg(VFS,
 945				"SMB2 dialect returned but not requested\n");
 946			goto neg_exit;
 947		} else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) {
 948			cifs_server_dbg(VFS,
 949				"SMB2.1 dialect returned but not requested\n");
 950			goto neg_exit;
 951		} else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) {
 952			/* ops set to 3.0 by default for default so update */
 953			server->ops = &smb311_operations;
 954			server->vals = &smb311_values;
 955		}
 956	} else if (strcmp(server->vals->version_string,
 957		   SMBDEFAULT_VERSION_STRING) == 0) {
 958		if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) {
 959			cifs_server_dbg(VFS,
 960				"SMB2 dialect returned but not requested\n");
 961			goto neg_exit;
 962		} else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) {
 963			/* ops set to 3.0 by default for default so update */
 964			server->ops = &smb21_operations;
 965			server->vals = &smb21_values;
 966		} else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) {
 967			server->ops = &smb311_operations;
 968			server->vals = &smb311_values;
 969		}
 970	} else if (le16_to_cpu(rsp->DialectRevision) !=
 971				server->vals->protocol_id) {
 972		/* if requested single dialect ensure returned dialect matched */
 973		cifs_server_dbg(VFS, "Invalid 0x%x dialect returned: not requested\n",
 974				le16_to_cpu(rsp->DialectRevision));
 975		goto neg_exit;
 976	}
 977
 978	cifs_dbg(FYI, "mode 0x%x\n", rsp->SecurityMode);
 979
 980	if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID))
 981		cifs_dbg(FYI, "negotiated smb2.0 dialect\n");
 982	else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID))
 983		cifs_dbg(FYI, "negotiated smb2.1 dialect\n");
 984	else if (rsp->DialectRevision == cpu_to_le16(SMB30_PROT_ID))
 985		cifs_dbg(FYI, "negotiated smb3.0 dialect\n");
 986	else if (rsp->DialectRevision == cpu_to_le16(SMB302_PROT_ID))
 987		cifs_dbg(FYI, "negotiated smb3.02 dialect\n");
 988	else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID))
 989		cifs_dbg(FYI, "negotiated smb3.1.1 dialect\n");
 990	else {
 991		cifs_server_dbg(VFS, "Invalid dialect returned by server 0x%x\n",
 992				le16_to_cpu(rsp->DialectRevision));
 993		goto neg_exit;
 994	}
 995
 996	rc = 0;
 997	server->dialect = le16_to_cpu(rsp->DialectRevision);
 998
 999	/*
1000	 * Keep a copy of the hash after negprot. This hash will be
1001	 * the starting hash value for all sessions made from this
1002	 * server.
1003	 */
1004	memcpy(server->preauth_sha_hash, ses->preauth_sha_hash,
1005	       SMB2_PREAUTH_HASH_SIZE);
1006
1007	/* SMB2 only has an extended negflavor */
1008	server->negflavor = CIFS_NEGFLAVOR_EXTENDED;
1009	/* set it to the maximum buffer size value we can send with 1 credit */
1010	server->maxBuf = min_t(unsigned int, le32_to_cpu(rsp->MaxTransactSize),
1011			       SMB2_MAX_BUFFER_SIZE);
1012	server->max_read = le32_to_cpu(rsp->MaxReadSize);
1013	server->max_write = le32_to_cpu(rsp->MaxWriteSize);
1014	server->sec_mode = le16_to_cpu(rsp->SecurityMode);
1015	if ((server->sec_mode & SMB2_SEC_MODE_FLAGS_ALL) != server->sec_mode)
1016		cifs_dbg(FYI, "Server returned unexpected security mode 0x%x\n",
1017				server->sec_mode);
1018	server->capabilities = le32_to_cpu(rsp->Capabilities);
1019	/* Internal types */
1020	server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES;
1021
1022	/*
1023	 * SMB3.0 supports only 1 cipher and doesn't have a encryption neg context
1024	 * Set the cipher type manually.
1025	 */
1026	if (server->dialect == SMB30_PROT_ID && (server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
1027		server->cipher_type = SMB2_ENCRYPTION_AES128_CCM;
1028
1029	security_blob = smb2_get_data_area_len(&blob_offset, &blob_length,
1030					       (struct smb2_hdr *)rsp);
1031	/*
1032	 * See MS-SMB2 section 2.2.4: if no blob, client picks default which
1033	 * for us will be
1034	 *	ses->sectype = RawNTLMSSP;
1035	 * but for time being this is our only auth choice so doesn't matter.
1036	 * We just found a server which sets blob length to zero expecting raw.
1037	 */
1038	if (blob_length == 0) {
1039		cifs_dbg(FYI, "missing security blob on negprot\n");
1040		server->sec_ntlmssp = true;
1041	}
1042
1043	rc = cifs_enable_signing(server, ses->sign);
1044	if (rc)
1045		goto neg_exit;
1046	if (blob_length) {
1047		rc = decode_negTokenInit(security_blob, blob_length, server);
1048		if (rc == 1)
1049			rc = 0;
1050		else if (rc == 0)
1051			rc = -EIO;
1052	}
1053
1054	if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) {
1055		if (rsp->NegotiateContextCount)
1056			rc = smb311_decode_neg_context(rsp, server,
1057						       rsp_iov.iov_len);
1058		else
1059			cifs_server_dbg(VFS, "Missing expected negotiate contexts\n");
1060	}
1061neg_exit:
1062	free_rsp_buf(resp_buftype, rsp);
1063	return rc;
1064}
1065
1066int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon)
1067{
1068	int rc;
1069	struct validate_negotiate_info_req *pneg_inbuf;
1070	struct validate_negotiate_info_rsp *pneg_rsp = NULL;
1071	u32 rsplen;
1072	u32 inbuflen; /* max of 4 dialects */
1073	struct TCP_Server_Info *server = tcon->ses->server;
1074
1075	cifs_dbg(FYI, "validate negotiate\n");
1076
1077	/* In SMB3.11 preauth integrity supersedes validate negotiate */
1078	if (server->dialect == SMB311_PROT_ID)
1079		return 0;
1080
1081	/*
1082	 * validation ioctl must be signed, so no point sending this if we
1083	 * can not sign it (ie are not known user).  Even if signing is not
1084	 * required (enabled but not negotiated), in those cases we selectively
1085	 * sign just this, the first and only signed request on a connection.
1086	 * Having validation of negotiate info  helps reduce attack vectors.
1087	 */
1088	if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST)
1089		return 0; /* validation requires signing */
1090
1091	if (tcon->ses->user_name == NULL) {
1092		cifs_dbg(FYI, "Can't validate negotiate: null user mount\n");
1093		return 0; /* validation requires signing */
1094	}
1095
1096	if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_NULL)
1097		cifs_tcon_dbg(VFS, "Unexpected null user (anonymous) auth flag sent by server\n");
1098
1099	pneg_inbuf = kmalloc(sizeof(*pneg_inbuf), GFP_NOFS);
1100	if (!pneg_inbuf)
1101		return -ENOMEM;
1102
1103	pneg_inbuf->Capabilities =
1104			cpu_to_le32(server->vals->req_capabilities);
1105	if (tcon->ses->chan_max > 1)
1106		pneg_inbuf->Capabilities |= cpu_to_le32(SMB2_GLOBAL_CAP_MULTI_CHANNEL);
1107
1108	memcpy(pneg_inbuf->Guid, server->client_guid,
1109					SMB2_CLIENT_GUID_SIZE);
1110
1111	if (tcon->ses->sign)
1112		pneg_inbuf->SecurityMode =
1113			cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED);
1114	else if (global_secflags & CIFSSEC_MAY_SIGN)
1115		pneg_inbuf->SecurityMode =
1116			cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED);
1117	else
1118		pneg_inbuf->SecurityMode = 0;
1119
1120
1121	if (strcmp(server->vals->version_string,
1122		SMB3ANY_VERSION_STRING) == 0) {
1123		pneg_inbuf->Dialects[0] = cpu_to_le16(SMB30_PROT_ID);
1124		pneg_inbuf->Dialects[1] = cpu_to_le16(SMB302_PROT_ID);
1125		pneg_inbuf->Dialects[2] = cpu_to_le16(SMB311_PROT_ID);
1126		pneg_inbuf->DialectCount = cpu_to_le16(3);
1127		/* SMB 2.1 not included so subtract one dialect from len */
1128		inbuflen = sizeof(*pneg_inbuf) -
1129				(sizeof(pneg_inbuf->Dialects[0]));
1130	} else if (strcmp(server->vals->version_string,
1131		SMBDEFAULT_VERSION_STRING) == 0) {
1132		pneg_inbuf->Dialects[0] = cpu_to_le16(SMB21_PROT_ID);
1133		pneg_inbuf->Dialects[1] = cpu_to_le16(SMB30_PROT_ID);
1134		pneg_inbuf->Dialects[2] = cpu_to_le16(SMB302_PROT_ID);
1135		pneg_inbuf->Dialects[3] = cpu_to_le16(SMB311_PROT_ID);
1136		pneg_inbuf->DialectCount = cpu_to_le16(4);
1137		/* structure is big enough for 4 dialects */
1138		inbuflen = sizeof(*pneg_inbuf);
1139	} else {
1140		/* otherwise specific dialect was requested */
1141		pneg_inbuf->Dialects[0] =
1142			cpu_to_le16(server->vals->protocol_id);
1143		pneg_inbuf->DialectCount = cpu_to_le16(1);
1144		/* structure is big enough for 4 dialects, sending only 1 */
1145		inbuflen = sizeof(*pneg_inbuf) -
1146				sizeof(pneg_inbuf->Dialects[0]) * 3;
1147	}
1148
1149	rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID,
1150		FSCTL_VALIDATE_NEGOTIATE_INFO,
1151		(char *)pneg_inbuf, inbuflen, CIFSMaxBufSize,
1152		(char **)&pneg_rsp, &rsplen);
1153	if (rc == -EOPNOTSUPP) {
1154		/*
1155		 * Old Windows versions or Netapp SMB server can return
1156		 * not supported error. Client should accept it.
1157		 */
1158		cifs_tcon_dbg(VFS, "Server does not support validate negotiate\n");
1159		rc = 0;
1160		goto out_free_inbuf;
1161	} else if (rc != 0) {
1162		cifs_tcon_dbg(VFS, "validate protocol negotiate failed: %d\n",
1163			      rc);
1164		rc = -EIO;
1165		goto out_free_inbuf;
1166	}
1167
1168	rc = -EIO;
1169	if (rsplen != sizeof(*pneg_rsp)) {
1170		cifs_tcon_dbg(VFS, "Invalid protocol negotiate response size: %d\n",
1171			      rsplen);
1172
1173		/* relax check since Mac returns max bufsize allowed on ioctl */
1174		if (rsplen > CIFSMaxBufSize || rsplen < sizeof(*pneg_rsp))
1175			goto out_free_rsp;
1176	}
1177
1178	/* check validate negotiate info response matches what we got earlier */
1179	if (pneg_rsp->Dialect != cpu_to_le16(server->dialect))
1180		goto vneg_out;
1181
1182	if (pneg_rsp->SecurityMode != cpu_to_le16(server->sec_mode))
1183		goto vneg_out;
1184
1185	/* do not validate server guid because not saved at negprot time yet */
1186
1187	if ((le32_to_cpu(pneg_rsp->Capabilities) | SMB2_NT_FIND |
1188	      SMB2_LARGE_FILES) != server->capabilities)
1189		goto vneg_out;
1190
1191	/* validate negotiate successful */
1192	rc = 0;
1193	cifs_dbg(FYI, "validate negotiate info successful\n");
1194	goto out_free_rsp;
1195
1196vneg_out:
1197	cifs_tcon_dbg(VFS, "protocol revalidation - security settings mismatch\n");
1198out_free_rsp:
1199	kfree(pneg_rsp);
1200out_free_inbuf:
1201	kfree(pneg_inbuf);
1202	return rc;
1203}
1204
1205enum securityEnum
1206smb2_select_sectype(struct TCP_Server_Info *server, enum securityEnum requested)
1207{
1208	switch (requested) {
1209	case Kerberos:
1210	case RawNTLMSSP:
1211		return requested;
1212	case NTLMv2:
1213		return RawNTLMSSP;
1214	case Unspecified:
1215		if (server->sec_ntlmssp &&
1216			(global_secflags & CIFSSEC_MAY_NTLMSSP))
1217			return RawNTLMSSP;
1218		if ((server->sec_kerberos || server->sec_mskerberos) &&
1219			(global_secflags & CIFSSEC_MAY_KRB5))
1220			return Kerberos;
1221		fallthrough;
1222	default:
1223		return Unspecified;
1224	}
1225}
1226
1227struct SMB2_sess_data {
1228	unsigned int xid;
1229	struct cifs_ses *ses;
1230	struct TCP_Server_Info *server;
1231	struct nls_table *nls_cp;
1232	void (*func)(struct SMB2_sess_data *);
1233	int result;
1234	u64 previous_session;
1235
1236	/* we will send the SMB in three pieces:
1237	 * a fixed length beginning part, an optional
1238	 * SPNEGO blob (which can be zero length), and a
1239	 * last part which will include the strings
1240	 * and rest of bcc area. This allows us to avoid
1241	 * a large buffer 17K allocation
1242	 */
1243	int buf0_type;
1244	struct kvec iov[2];
1245};
1246
1247static int
1248SMB2_sess_alloc_buffer(struct SMB2_sess_data *sess_data)
1249{
1250	int rc;
1251	struct cifs_ses *ses = sess_data->ses;
1252	struct TCP_Server_Info *server = sess_data->server;
1253	struct smb2_sess_setup_req *req;
1254	unsigned int total_len;
1255	bool is_binding = false;
1256
1257	rc = smb2_plain_req_init(SMB2_SESSION_SETUP, NULL, server,
1258				 (void **) &req,
1259				 &total_len);
1260	if (rc)
1261		return rc;
1262
1263	spin_lock(&ses->ses_lock);
1264	is_binding = (ses->ses_status == SES_GOOD);
1265	spin_unlock(&ses->ses_lock);
1266
1267	if (is_binding) {
1268		req->hdr.SessionId = cpu_to_le64(ses->Suid);
1269		req->hdr.Flags |= SMB2_FLAGS_SIGNED;
1270		req->PreviousSessionId = 0;
1271		req->Flags = SMB2_SESSION_REQ_FLAG_BINDING;
1272		cifs_dbg(FYI, "Binding to sess id: %llx\n", ses->Suid);
1273	} else {
1274		/* First session, not a reauthenticate */
1275		req->hdr.SessionId = 0;
1276		/*
1277		 * if reconnect, we need to send previous sess id
1278		 * otherwise it is 0
1279		 */
1280		req->PreviousSessionId = cpu_to_le64(sess_data->previous_session);
1281		req->Flags = 0; /* MBZ */
1282		cifs_dbg(FYI, "Fresh session. Previous: %llx\n",
1283			 sess_data->previous_session);
1284	}
1285
1286	/* enough to enable echos and oplocks and one max size write */
1287	req->hdr.CreditRequest = cpu_to_le16(130);
1288
1289	/* only one of SMB2 signing flags may be set in SMB2 request */
1290	if (server->sign)
1291		req->SecurityMode = SMB2_NEGOTIATE_SIGNING_REQUIRED;
1292	else if (global_secflags & CIFSSEC_MAY_SIGN) /* one flag unlike MUST_ */
1293		req->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED;
1294	else
1295		req->SecurityMode = 0;
1296
1297#ifdef CONFIG_CIFS_DFS_UPCALL
1298	req->Capabilities = cpu_to_le32(SMB2_GLOBAL_CAP_DFS);
1299#else
1300	req->Capabilities = 0;
1301#endif /* DFS_UPCALL */
1302
1303	req->Channel = 0; /* MBZ */
1304
1305	sess_data->iov[0].iov_base = (char *)req;
1306	/* 1 for pad */
1307	sess_data->iov[0].iov_len = total_len - 1;
1308	/*
1309	 * This variable will be used to clear the buffer
1310	 * allocated above in case of any error in the calling function.
1311	 */
1312	sess_data->buf0_type = CIFS_SMALL_BUFFER;
1313
1314	return 0;
1315}
1316
1317static void
1318SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
1319{
1320	struct kvec *iov = sess_data->iov;
1321
1322	/* iov[1] is already freed by caller */
1323	if (sess_data->buf0_type != CIFS_NO_BUFFER && iov[0].iov_base)
1324		memzero_explicit(iov[0].iov_base, iov[0].iov_len);
1325
1326	free_rsp_buf(sess_data->buf0_type, iov[0].iov_base);
1327	sess_data->buf0_type = CIFS_NO_BUFFER;
1328}
1329
1330static int
1331SMB2_sess_sendreceive(struct SMB2_sess_data *sess_data)
1332{
1333	int rc;
1334	struct smb_rqst rqst;
1335	struct smb2_sess_setup_req *req = sess_data->iov[0].iov_base;
1336	struct kvec rsp_iov = { NULL, 0 };
1337
1338	/* Testing shows that buffer offset must be at location of Buffer[0] */
1339	req->SecurityBufferOffset =
1340		cpu_to_le16(sizeof(struct smb2_sess_setup_req));
1341	req->SecurityBufferLength = cpu_to_le16(sess_data->iov[1].iov_len);
1342
1343	memset(&rqst, 0, sizeof(struct smb_rqst));
1344	rqst.rq_iov = sess_data->iov;
1345	rqst.rq_nvec = 2;
1346
1347	/* BB add code to build os and lm fields */
1348	rc = cifs_send_recv(sess_data->xid, sess_data->ses,
1349			    sess_data->server,
1350			    &rqst,
1351			    &sess_data->buf0_type,
1352			    CIFS_LOG_ERROR | CIFS_SESS_OP, &rsp_iov);
1353	cifs_small_buf_release(sess_data->iov[0].iov_base);
1354	memcpy(&sess_data->iov[0], &rsp_iov, sizeof(struct kvec));
1355
1356	return rc;
1357}
1358
1359static int
1360SMB2_sess_establish_session(struct SMB2_sess_data *sess_data)
1361{
1362	int rc = 0;
1363	struct cifs_ses *ses = sess_data->ses;
1364	struct TCP_Server_Info *server = sess_data->server;
1365
1366	cifs_server_lock(server);
1367	if (server->ops->generate_signingkey) {
1368		rc = server->ops->generate_signingkey(ses, server);
1369		if (rc) {
1370			cifs_dbg(FYI,
1371				"SMB3 session key generation failed\n");
1372			cifs_server_unlock(server);
1373			return rc;
1374		}
1375	}
1376	if (!server->session_estab) {
1377		server->sequence_number = 0x2;
1378		server->session_estab = true;
1379	}
1380	cifs_server_unlock(server);
1381
1382	cifs_dbg(FYI, "SMB2/3 session established successfully\n");
1383	return rc;
1384}
1385
1386#ifdef CONFIG_CIFS_UPCALL
1387static void
1388SMB2_auth_kerberos(struct SMB2_sess_data *sess_data)
1389{
1390	int rc;
1391	struct cifs_ses *ses = sess_data->ses;
1392	struct TCP_Server_Info *server = sess_data->server;
1393	struct cifs_spnego_msg *msg;
1394	struct key *spnego_key = NULL;
1395	struct smb2_sess_setup_rsp *rsp = NULL;
1396	bool is_binding = false;
1397
1398	rc = SMB2_sess_alloc_buffer(sess_data);
1399	if (rc)
1400		goto out;
1401
1402	spnego_key = cifs_get_spnego_key(ses, server);
1403	if (IS_ERR(spnego_key)) {
1404		rc = PTR_ERR(spnego_key);
1405		if (rc == -ENOKEY)
1406			cifs_dbg(VFS, "Verify user has a krb5 ticket and keyutils is installed\n");
1407		spnego_key = NULL;
1408		goto out;
1409	}
1410
1411	msg = spnego_key->payload.data[0];
1412	/*
1413	 * check version field to make sure that cifs.upcall is
1414	 * sending us a response in an expected form
1415	 */
1416	if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
1417		cifs_dbg(VFS, "bad cifs.upcall version. Expected %d got %d\n",
1418			 CIFS_SPNEGO_UPCALL_VERSION, msg->version);
1419		rc = -EKEYREJECTED;
1420		goto out_put_spnego_key;
1421	}
1422
1423	spin_lock(&ses->ses_lock);
1424	is_binding = (ses->ses_status == SES_GOOD);
1425	spin_unlock(&ses->ses_lock);
1426
1427	/* keep session key if binding */
1428	if (!is_binding) {
1429		kfree_sensitive(ses->auth_key.response);
1430		ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,
1431						 GFP_KERNEL);
1432		if (!ses->auth_key.response) {
1433			cifs_dbg(VFS, "Kerberos can't allocate (%u bytes) memory\n",
1434				 msg->sesskey_len);
1435			rc = -ENOMEM;
1436			goto out_put_spnego_key;
1437		}
1438		ses->auth_key.len = msg->sesskey_len;
1439	}
1440
1441	sess_data->iov[1].iov_base = msg->data + msg->sesskey_len;
1442	sess_data->iov[1].iov_len = msg->secblob_len;
1443
1444	rc = SMB2_sess_sendreceive(sess_data);
1445	if (rc)
1446		goto out_put_spnego_key;
1447
1448	rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base;
1449	/* keep session id and flags if binding */
1450	if (!is_binding) {
1451		ses->Suid = le64_to_cpu(rsp->hdr.SessionId);
1452		ses->session_flags = le16_to_cpu(rsp->SessionFlags);
1453	}
1454
1455	rc = SMB2_sess_establish_session(sess_data);
1456out_put_spnego_key:
1457	key_invalidate(spnego_key);
1458	key_put(spnego_key);
1459	if (rc) {
1460		kfree_sensitive(ses->auth_key.response);
1461		ses->auth_key.response = NULL;
1462		ses->auth_key.len = 0;
1463	}
1464out:
1465	sess_data->result = rc;
1466	sess_data->func = NULL;
1467	SMB2_sess_free_buffer(sess_data);
1468}
1469#else
1470static void
1471SMB2_auth_kerberos(struct SMB2_sess_data *sess_data)
1472{
1473	cifs_dbg(VFS, "Kerberos negotiated but upcall support disabled!\n");
1474	sess_data->result = -EOPNOTSUPP;
1475	sess_data->func = NULL;
1476}
1477#endif
1478
1479static void
1480SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data);
1481
1482static void
1483SMB2_sess_auth_rawntlmssp_negotiate(struct SMB2_sess_data *sess_data)
1484{
1485	int rc;
1486	struct cifs_ses *ses = sess_data->ses;
1487	struct TCP_Server_Info *server = sess_data->server;
1488	struct smb2_sess_setup_rsp *rsp = NULL;
1489	unsigned char *ntlmssp_blob = NULL;
1490	bool use_spnego = false; /* else use raw ntlmssp */
1491	u16 blob_length = 0;
1492	bool is_binding = false;
1493
1494	/*
1495	 * If memory allocation is successful, caller of this function
1496	 * frees it.
1497	 */
1498	ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
1499	if (!ses->ntlmssp) {
1500		rc = -ENOMEM;
1501		goto out_err;
1502	}
1503	ses->ntlmssp->sesskey_per_smbsess = true;
1504
1505	rc = SMB2_sess_alloc_buffer(sess_data);
1506	if (rc)
1507		goto out_err;
1508
1509	rc = build_ntlmssp_smb3_negotiate_blob(&ntlmssp_blob,
1510					  &blob_length, ses, server,
1511					  sess_data->nls_cp);
1512	if (rc)
1513		goto out;
1514
1515	if (use_spnego) {
1516		/* BB eventually need to add this */
1517		cifs_dbg(VFS, "spnego not supported for SMB2 yet\n");
1518		rc = -EOPNOTSUPP;
1519		goto out;
1520	}
1521	sess_data->iov[1].iov_base = ntlmssp_blob;
1522	sess_data->iov[1].iov_len = blob_length;
1523
1524	rc = SMB2_sess_sendreceive(sess_data);
1525	rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base;
1526
1527	/* If true, rc here is expected and not an error */
1528	if (sess_data->buf0_type != CIFS_NO_BUFFER &&
1529		rsp->hdr.Status == STATUS_MORE_PROCESSING_REQUIRED)
1530		rc = 0;
1531
1532	if (rc)
1533		goto out;
1534
1535	if (offsetof(struct smb2_sess_setup_rsp, Buffer) !=
1536			le16_to_cpu(rsp->SecurityBufferOffset)) {
1537		cifs_dbg(VFS, "Invalid security buffer offset %d\n",
1538			le16_to_cpu(rsp->SecurityBufferOffset));
1539		rc = -EIO;
1540		goto out;
1541	}
1542	rc = decode_ntlmssp_challenge(rsp->Buffer,
1543			le16_to_cpu(rsp->SecurityBufferLength), ses);
1544	if (rc)
1545		goto out;
1546
1547	cifs_dbg(FYI, "rawntlmssp session setup challenge phase\n");
1548
1549	spin_lock(&ses->ses_lock);
1550	is_binding = (ses->ses_status == SES_GOOD);
1551	spin_unlock(&ses->ses_lock);
1552
1553	/* keep existing ses id and flags if binding */
1554	if (!is_binding) {
1555		ses->Suid = le64_to_cpu(rsp->hdr.SessionId);
1556		ses->session_flags = le16_to_cpu(rsp->SessionFlags);
1557	}
1558
1559out:
1560	kfree_sensitive(ntlmssp_blob);
1561	SMB2_sess_free_buffer(sess_data);
1562	if (!rc) {
1563		sess_data->result = 0;
1564		sess_data->func = SMB2_sess_auth_rawntlmssp_authenticate;
1565		return;
1566	}
1567out_err:
1568	kfree_sensitive(ses->ntlmssp);
1569	ses->ntlmssp = NULL;
1570	sess_data->result = rc;
1571	sess_data->func = NULL;
1572}
1573
1574static void
1575SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data)
1576{
1577	int rc;
1578	struct cifs_ses *ses = sess_data->ses;
1579	struct TCP_Server_Info *server = sess_data->server;
1580	struct smb2_sess_setup_req *req;
1581	struct smb2_sess_setup_rsp *rsp = NULL;
1582	unsigned char *ntlmssp_blob = NULL;
1583	bool use_spnego = false; /* else use raw ntlmssp */
1584	u16 blob_length = 0;
1585	bool is_binding = false;
1586
1587	rc = SMB2_sess_alloc_buffer(sess_data);
1588	if (rc)
1589		goto out;
1590
1591	req = (struct smb2_sess_setup_req *) sess_data->iov[0].iov_base;
1592	req->hdr.SessionId = cpu_to_le64(ses->Suid);
1593
1594	rc = build_ntlmssp_auth_blob(&ntlmssp_blob, &blob_length,
1595				     ses, server,
1596				     sess_data->nls_cp);
1597	if (rc) {
1598		cifs_dbg(FYI, "build_ntlmssp_auth_blob failed %d\n", rc);
1599		goto out;
1600	}
1601
1602	if (use_spnego) {
1603		/* BB eventually need to add this */
1604		cifs_dbg(VFS, "spnego not supported for SMB2 yet\n");
1605		rc = -EOPNOTSUPP;
1606		goto out;
1607	}
1608	sess_data->iov[1].iov_base = ntlmssp_blob;
1609	sess_data->iov[1].iov_len = blob_length;
1610
1611	rc = SMB2_sess_sendreceive(sess_data);
1612	if (rc)
1613		goto out;
1614
1615	rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base;
1616
1617	spin_lock(&ses->ses_lock);
1618	is_binding = (ses->ses_status == SES_GOOD);
1619	spin_unlock(&ses->ses_lock);
1620
1621	/* keep existing ses id and flags if binding */
1622	if (!is_binding) {
1623		ses->Suid = le64_to_cpu(rsp->hdr.SessionId);
1624		ses->session_flags = le16_to_cpu(rsp->SessionFlags);
1625	}
1626
1627	rc = SMB2_sess_establish_session(sess_data);
1628#ifdef CONFIG_CIFS_DEBUG_DUMP_KEYS
1629	if (ses->server->dialect < SMB30_PROT_ID) {
1630		cifs_dbg(VFS, "%s: dumping generated SMB2 session keys\n", __func__);
1631		/*
1632		 * The session id is opaque in terms of endianness, so we can't
1633		 * print it as a long long. we dump it as we got it on the wire
1634		 */
1635		cifs_dbg(VFS, "Session Id    %*ph\n", (int)sizeof(ses->Suid),
1636			 &ses->Suid);
1637		cifs_dbg(VFS, "Session Key   %*ph\n",
1638			 SMB2_NTLMV2_SESSKEY_SIZE, ses->auth_key.response);
1639		cifs_dbg(VFS, "Signing Key   %*ph\n",
1640			 SMB3_SIGN_KEY_SIZE, ses->auth_key.response);
1641	}
1642#endif
1643out:
1644	kfree_sensitive(ntlmssp_blob);
1645	SMB2_sess_free_buffer(sess_data);
1646	kfree_sensitive(ses->ntlmssp);
1647	ses->ntlmssp = NULL;
1648	sess_data->result = rc;
1649	sess_data->func = NULL;
1650}
1651
1652static int
1653SMB2_select_sec(struct SMB2_sess_data *sess_data)
1654{
1655	int type;
1656	struct cifs_ses *ses = sess_data->ses;
1657	struct TCP_Server_Info *server = sess_data->server;
1658
1659	type = smb2_select_sectype(server, ses->sectype);
1660	cifs_dbg(FYI, "sess setup type %d\n", type);
1661	if (type == Unspecified) {
1662		cifs_dbg(VFS, "Unable to select appropriate authentication method!\n");
1663		return -EINVAL;
1664	}
1665
1666	switch (type) {
1667	case Kerberos:
1668		sess_data->func = SMB2_auth_kerberos;
1669		break;
1670	case RawNTLMSSP:
1671		sess_data->func = SMB2_sess_auth_rawntlmssp_negotiate;
1672		break;
1673	default:
1674		cifs_dbg(VFS, "secType %d not supported!\n", type);
1675		return -EOPNOTSUPP;
1676	}
1677
1678	return 0;
1679}
1680
1681int
1682SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
1683		struct TCP_Server_Info *server,
1684		const struct nls_table *nls_cp)
1685{
1686	int rc = 0;
1687	struct SMB2_sess_data *sess_data;
1688
1689	cifs_dbg(FYI, "Session Setup\n");
1690
1691	if (!server) {
1692		WARN(1, "%s: server is NULL!\n", __func__);
1693		return -EIO;
1694	}
1695
1696	sess_data = kzalloc(sizeof(struct SMB2_sess_data), GFP_KERNEL);
1697	if (!sess_data)
1698		return -ENOMEM;
1699
1700	sess_data->xid = xid;
1701	sess_data->ses = ses;
1702	sess_data->server = server;
1703	sess_data->buf0_type = CIFS_NO_BUFFER;
1704	sess_data->nls_cp = (struct nls_table *) nls_cp;
1705	sess_data->previous_session = ses->Suid;
1706
1707	rc = SMB2_select_sec(sess_data);
1708	if (rc)
1709		goto out;
1710
1711	/*
1712	 * Initialize the session hash with the server one.
1713	 */
1714	memcpy(ses->preauth_sha_hash, server->preauth_sha_hash,
1715	       SMB2_PREAUTH_HASH_SIZE);
1716
1717	while (sess_data->func)
1718		sess_data->func(sess_data);
1719
1720	if ((ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST) && (ses->sign))
1721		cifs_server_dbg(VFS, "signing requested but authenticated as guest\n");
1722	rc = sess_data->result;
1723out:
1724	kfree_sensitive(sess_data);
1725	return rc;
1726}
1727
1728int
1729SMB2_logoff(const unsigned int xid, struct cifs_ses *ses)
1730{
1731	struct smb_rqst rqst;
1732	struct smb2_logoff_req *req; /* response is also trivial struct */
1733	int rc = 0;
1734	struct TCP_Server_Info *server;
1735	int flags = 0;
1736	unsigned int total_len;
1737	struct kvec iov[1];
1738	struct kvec rsp_iov;
1739	int resp_buf_type;
1740
1741	cifs_dbg(FYI, "disconnect session %p\n", ses);
1742
1743	if (ses && (ses->server))
1744		server = ses->server;
1745	else
1746		return -EIO;
1747
1748	/* no need to send SMB logoff if uid already closed due to reconnect */
1749	spin_lock(&ses->chan_lock);
1750	if (CIFS_ALL_CHANS_NEED_RECONNECT(ses)) {
1751		spin_unlock(&ses->chan_lock);
1752		goto smb2_session_already_dead;
1753	}
1754	spin_unlock(&ses->chan_lock);
1755
1756	rc = smb2_plain_req_init(SMB2_LOGOFF, NULL, ses->server,
1757				 (void **) &req, &total_len);
1758	if (rc)
1759		return rc;
1760
1761	 /* since no tcon, smb2_init can not do this, so do here */
1762	req->hdr.SessionId = cpu_to_le64(ses->Suid);
1763
1764	if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA)
1765		flags |= CIFS_TRANSFORM_REQ;
1766	else if (server->sign)
1767		req->hdr.Flags |= SMB2_FLAGS_SIGNED;
1768
1769	flags |= CIFS_NO_RSP_BUF;
1770
1771	iov[0].iov_base = (char *)req;
1772	iov[0].iov_len = total_len;
1773
1774	memset(&rqst, 0, sizeof(struct smb_rqst));
1775	rqst.rq_iov = iov;
1776	rqst.rq_nvec = 1;
1777
1778	rc = cifs_send_recv(xid, ses, ses->server,
1779			    &rqst, &resp_buf_type, flags, &rsp_iov);
1780	cifs_small_buf_release(req);
1781	/*
1782	 * No tcon so can't do
1783	 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
1784	 */
1785
1786smb2_session_already_dead:
1787	return rc;
1788}
1789
1790static inline void cifs_stats_fail_inc(struct cifs_tcon *tcon, uint16_t code)
1791{
1792	cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_failed[code]);
1793}
1794
1795#define MAX_SHARENAME_LENGTH (255 /* server */ + 80 /* share */ + 1 /* NULL */)
1796
1797/* These are similar values to what Windows uses */
1798static inline void init_copy_chunk_defaults(struct cifs_tcon *tcon)
1799{
1800	tcon->max_chunks = 256;
1801	tcon->max_bytes_chunk = 1048576;
1802	tcon->max_bytes_copy = 16777216;
1803}
1804
1805int
1806SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree,
1807	  struct cifs_tcon *tcon, const struct nls_table *cp)
1808{
1809	struct smb_rqst rqst;
1810	struct smb2_tree_connect_req *req;
1811	struct smb2_tree_connect_rsp *rsp = NULL;
1812	struct kvec iov[2];
1813	struct kvec rsp_iov = { NULL, 0 };
1814	int rc = 0;
1815	int resp_buftype;
1816	int unc_path_len;
1817	__le16 *unc_path = NULL;
1818	int flags = 0;
1819	unsigned int total_len;
1820	struct TCP_Server_Info *server;
1821
1822	/* always use master channel */
1823	server = ses->server;
1824
1825	cifs_dbg(FYI, "TCON\n");
1826
1827	if (!server || !tree)
1828		return -EIO;
1829
1830	unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL);
1831	if (unc_path == NULL)
1832		return -ENOMEM;
1833
1834	unc_path_len = cifs_strtoUTF16(unc_path, tree, strlen(tree), cp);
1835	if (unc_path_len <= 0) {
1836		kfree(unc_path);
1837		return -EINVAL;
1838	}
1839	unc_path_len *= 2;
1840
1841	/* SMB2 TREE_CONNECT request must be called with TreeId == 0 */
1842	tcon->tid = 0;
1843	atomic_set(&tcon->num_remote_opens, 0);
1844	rc = smb2_plain_req_init(SMB2_TREE_CONNECT, tcon, server,
1845				 (void **) &req, &total_len);
1846	if (rc) {
1847		kfree(unc_path);
1848		return rc;
1849	}
1850
1851	if (smb3_encryption_required(tcon))
1852		flags |= CIFS_TRANSFORM_REQ;
1853
1854	iov[0].iov_base = (char *)req;
1855	/* 1 for pad */
1856	iov[0].iov_len = total_len - 1;
1857
1858	/* Testing shows that buffer offset must be at location of Buffer[0] */
1859	req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req));
1860	req->PathLength = cpu_to_le16(unc_path_len);
1861	iov[1].iov_base = unc_path;
1862	iov[1].iov_len = unc_path_len;
1863
1864	/*
1865	 * 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1
1866	 * unless it is guest or anonymous user. See MS-SMB2 3.2.5.3.1
1867	 * (Samba servers don't always set the flag so also check if null user)
1868	 */
1869	if ((server->dialect == SMB311_PROT_ID) &&
1870	    !smb3_encryption_required(tcon) &&
1871	    !(ses->session_flags &
1872		    (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL)) &&
1873	    ((ses->user_name != NULL) || (ses->sectype == Kerberos)))
1874		req->hdr.Flags |= SMB2_FLAGS_SIGNED;
1875
1876	memset(&rqst, 0, sizeof(struct smb_rqst));
1877	rqst.rq_iov = iov;
1878	rqst.rq_nvec = 2;
1879
1880	/* Need 64 for max size write so ask for more in case not there yet */
1881	req->hdr.CreditRequest = cpu_to_le16(64);
1882
1883	rc = cifs_send_recv(xid, ses, server,
1884			    &rqst, &resp_buftype, flags, &rsp_iov);
1885	cifs_small_buf_release(req);
1886	rsp = (struct smb2_tree_connect_rsp *)rsp_iov.iov_base;
1887	trace_smb3_tcon(xid, tcon->tid, ses->Suid, tree, rc);
1888	if ((rc != 0) || (rsp == NULL)) {
1889		cifs_stats_fail_inc(tcon, SMB2_TREE_CONNECT_HE);
1890		tcon->need_reconnect = true;
1891		goto tcon_error_exit;
1892	}
1893
1894	switch (rsp->ShareType) {
1895	case SMB2_SHARE_TYPE_DISK:
1896		cifs_dbg(FYI, "connection to disk share\n");
1897		break;
1898	case SMB2_SHARE_TYPE_PIPE:
1899		tcon->pipe = true;
1900		cifs_dbg(FYI, "connection to pipe share\n");
1901		break;
1902	case SMB2_SHARE_TYPE_PRINT:
1903		tcon->print = true;
1904		cifs_dbg(FYI, "connection to printer\n");
1905		break;
1906	default:
1907		cifs_server_dbg(VFS, "unknown share type %d\n", rsp->ShareType);
1908		rc = -EOPNOTSUPP;
1909		goto tcon_error_exit;
1910	}
1911
1912	tcon->share_flags = le32_to_cpu(rsp->ShareFlags);
1913	tcon->capabilities = rsp->Capabilities; /* we keep caps little endian */
1914	tcon->maximal_access = le32_to_cpu(rsp->MaximalAccess);
1915	tcon->tid = le32_to_cpu(rsp->hdr.Id.SyncId.TreeId);
1916	strscpy(tcon->tree_name, tree, sizeof(tcon->tree_name));
1917
1918	if ((rsp->Capabilities & SMB2_SHARE_CAP_DFS) &&
1919	    ((tcon->share_flags & SHI1005_FLAGS_DFS) == 0))
1920		cifs_tcon_dbg(VFS, "DFS capability contradicts DFS flag\n");
1921
1922	if (tcon->seal &&
1923	    !(server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
1924		cifs_tcon_dbg(VFS, "Encryption is requested but not supported\n");
1925
1926	init_copy_chunk_defaults(tcon);
1927	if (server->ops->validate_negotiate)
1928		rc = server->ops->validate_negotiate(xid, tcon);
1929tcon_exit:
1930
1931	free_rsp_buf(resp_buftype, rsp);
1932	kfree(unc_path);
1933	return rc;
1934
1935tcon_error_exit:
1936	if (rsp && rsp->hdr.Status == STATUS_BAD_NETWORK_NAME)
1937		cifs_tcon_dbg(VFS, "BAD_NETWORK_NAME: %s\n", tree);
1938	goto tcon_exit;
1939}
1940
1941int
1942SMB2_tdis(const unsigned int xid, struct cifs_tcon *tcon)
1943{
1944	struct smb_rqst rqst;
1945	struct smb2_tree_disconnect_req *req; /* response is trivial */
1946	int rc = 0;
1947	struct cifs_ses *ses = tcon->ses;
1948	int flags = 0;
1949	unsigned int total_len;
1950	struct kvec iov[1];
1951	struct kvec rsp_iov;
1952	int resp_buf_type;
1953
1954	cifs_dbg(FYI, "Tree Disconnect\n");
1955
1956	if (!ses || !(ses->server))
1957		return -EIO;
1958
1959	trace_smb3_tdis_enter(xid, tcon->tid, ses->Suid, tcon->tree_name);
1960	spin_lock(&ses->chan_lock);
1961	if ((tcon->need_reconnect) ||
1962	    (CIFS_ALL_CHANS_NEED_RECONNECT(tcon->ses))) {
1963		spin_unlock(&ses->chan_lock);
1964		return 0;
1965	}
1966	spin_unlock(&ses->chan_lock);
1967
1968	invalidate_all_cached_dirs(tcon);
1969
1970	rc = smb2_plain_req_init(SMB2_TREE_DISCONNECT, tcon, ses->server,
1971				 (void **) &req,
1972				 &total_len);
1973	if (rc)
1974		return rc;
1975
1976	if (smb3_encryption_required(tcon))
1977		flags |= CIFS_TRANSFORM_REQ;
1978
1979	flags |= CIFS_NO_RSP_BUF;
1980
1981	iov[0].iov_base = (char *)req;
1982	iov[0].iov_len = total_len;
1983
1984	memset(&rqst, 0, sizeof(struct smb_rqst));
1985	rqst.rq_iov = iov;
1986	rqst.rq_nvec = 1;
1987
1988	rc = cifs_send_recv(xid, ses, ses->server,
1989			    &rqst, &resp_buf_type, flags, &rsp_iov);
1990	cifs_small_buf_release(req);
1991	if (rc) {
1992		cifs_stats_fail_inc(tcon, SMB2_TREE_DISCONNECT_HE);
1993		trace_smb3_tdis_err(xid, tcon->tid, ses->Suid, rc);
1994	}
1995	trace_smb3_tdis_done(xid, tcon->tid, ses->Suid);
1996
1997	return rc;
1998}
1999
2000
2001static struct create_durable *
2002create_durable_buf(void)
2003{
2004	struct create_durable *buf;
2005
2006	buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL);
2007	if (!buf)
2008		return NULL;
2009
2010	buf->ccontext.DataOffset = cpu_to_le16(offsetof
2011					(struct create_durable, Data));
2012	buf->ccontext.DataLength = cpu_to_le32(16);
2013	buf->ccontext.NameOffset = cpu_to_le16(offsetof
2014				(struct create_durable, Name));
2015	buf->ccontext.NameLength = cpu_to_le16(4);
2016	/* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DHnQ" */
2017	buf->Name[0] = 'D';
2018	buf->Name[1] = 'H';
2019	buf->Name[2] = 'n';
2020	buf->Name[3] = 'Q';
2021	return buf;
2022}
2023
2024static struct create_durable *
2025create_reconnect_durable_buf(struct cifs_fid *fid)
2026{
2027	struct create_durable *buf;
2028
2029	buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL);
2030	if (!buf)
2031		return NULL;
2032
2033	buf->ccontext.DataOffset = cpu_to_le16(offsetof
2034					(struct create_durable, Data));
2035	buf->ccontext.DataLength = cpu_to_le32(16);
2036	buf->ccontext.NameOffset = cpu_to_le16(offsetof
2037				(struct create_durable, Name));
2038	buf->ccontext.NameLength = cpu_to_le16(4);
2039	buf->Data.Fid.PersistentFileId = fid->persistent_fid;
2040	buf->Data.Fid.VolatileFileId = fid->volatile_fid;
2041	/* SMB2_CREATE_DURABLE_HANDLE_RECONNECT is "DHnC" */
2042	buf->Name[0] = 'D';
2043	buf->Name[1] = 'H';
2044	buf->Name[2] = 'n';
2045	buf->Name[3] = 'C';
2046	return buf;
2047}
2048
2049static void
2050parse_query_id_ctxt(struct create_context *cc, struct smb2_file_all_info *buf)
2051{
2052	struct create_on_disk_id *pdisk_id = (struct create_on_disk_id *)cc;
2053
2054	cifs_dbg(FYI, "parse query id context 0x%llx 0x%llx\n",
2055		pdisk_id->DiskFileId, pdisk_id->VolumeId);
2056	buf->IndexNumber = pdisk_id->DiskFileId;
2057}
2058
2059static void
2060parse_posix_ctxt(struct create_context *cc, struct smb2_file_all_info *info,
2061		 struct create_posix_rsp *posix)
2062{
2063	int sid_len;
2064	u8 *beg = (u8 *)cc + le16_to_cpu(cc->DataOffset);
2065	u8 *end = beg + le32_to_cpu(cc->DataLength);
2066	u8 *sid;
2067
2068	memset(posix, 0, sizeof(*posix));
2069
2070	posix->nlink = le32_to_cpu(*(__le32 *)(beg + 0));
2071	posix->reparse_tag = le32_to_cpu(*(__le32 *)(beg + 4));
2072	posix->mode = le32_to_cpu(*(__le32 *)(beg + 8));
2073
2074	sid = beg + 12;
2075	sid_len = posix_info_sid_size(sid, end);
2076	if (sid_len < 0) {
2077		cifs_dbg(VFS, "bad owner sid in posix create response\n");
2078		return;
2079	}
2080	memcpy(&posix->owner, sid, sid_len);
2081
2082	sid = sid + sid_len;
2083	sid_len = posix_info_sid_size(sid, end);
2084	if (sid_len < 0) {
2085		cifs_dbg(VFS, "bad group sid in posix create response\n");
2086		return;
2087	}
2088	memcpy(&posix->group, sid, sid_len);
2089
2090	cifs_dbg(FYI, "nlink=%d mode=%o reparse_tag=%x\n",
2091		 posix->nlink, posix->mode, posix->reparse_tag);
2092}
2093
2094void
2095smb2_parse_contexts(struct TCP_Server_Info *server,
2096		    struct smb2_create_rsp *rsp,
2097		    unsigned int *epoch, char *lease_key, __u8 *oplock,
2098		    struct smb2_file_all_info *buf,
2099		    struct create_posix_rsp *posix)
2100{
2101	char *data_offset;
2102	struct create_context *cc;
2103	unsigned int next;
2104	unsigned int remaining;
2105	char *name;
2106	static const char smb3_create_tag_posix[] = {
2107		0x93, 0xAD, 0x25, 0x50, 0x9C,
2108		0xB4, 0x11, 0xE7, 0xB4, 0x23, 0x83,
2109		0xDE, 0x96, 0x8B, 0xCD, 0x7C
2110	};
2111
2112	*oplock = 0;
2113	data_offset = (char *)rsp + le32_to_cpu(rsp->CreateContextsOffset);
2114	remaining = le32_to_cpu(rsp->CreateContextsLength);
2115	cc = (struct create_context *)data_offset;
2116
2117	/* Initialize inode number to 0 in case no valid data in qfid context */
2118	if (buf)
2119		buf->IndexNumber = 0;
2120
2121	while (remaining >= sizeof(struct create_context)) {
2122		name = le16_to_cpu(cc->NameOffset) + (char *)cc;
2123		if (le16_to_cpu(cc->NameLength) == 4 &&
2124		    strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4) == 0)
2125			*oplock = server->ops->parse_lease_buf(cc, epoch,
2126							   lease_key);
2127		else if (buf && (le16_to_cpu(cc->NameLength) == 4) &&
2128		    strncmp(name, SMB2_CREATE_QUERY_ON_DISK_ID, 4) == 0)
2129			parse_query_id_ctxt(cc, buf);
2130		else if ((le16_to_cpu(cc->NameLength) == 16)) {
2131			if (posix &&
2132			    memcmp(name, smb3_create_tag_posix, 16) == 0)
2133				parse_posix_ctxt(cc, buf, posix);
2134		}
2135		/* else {
2136			cifs_dbg(FYI, "Context not matched with len %d\n",
2137				le16_to_cpu(cc->NameLength));
2138			cifs_dump_mem("Cctxt name: ", name, 4);
2139		} */
2140
2141		next = le32_to_cpu(cc->Next);
2142		if (!next)
2143			break;
2144		remaining -= next;
2145		cc = (struct create_context *)((char *)cc + next);
2146	}
2147
2148	if (rsp->OplockLevel != SMB2_OPLOCK_LEVEL_LEASE)
2149		*oplock = rsp->OplockLevel;
2150
2151	return;
2152}
2153
2154static int
2155add_lease_context(struct TCP_Server_Info *server, struct kvec *iov,
2156		  unsigned int *num_iovec, u8 *lease_key, __u8 *oplock)
2157{
2158	struct smb2_create_req *req = iov[0].iov_base;
2159	unsigned int num = *num_iovec;
2160
2161	iov[num].iov_base = server->ops->create_lease_buf(lease_key, *oplock);
2162	if (iov[num].iov_base == NULL)
2163		return -ENOMEM;
2164	iov[num].iov_len = server->vals->create_lease_size;
2165	req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_LEASE;
2166	if (!req->CreateContextsOffset)
2167		req->CreateContextsOffset = cpu_to_le32(
2168				sizeof(struct smb2_create_req) +
2169				iov[num - 1].iov_len);
2170	le32_add_cpu(&req->CreateContextsLength,
2171		     server->vals->create_lease_size);
2172	*num_iovec = num + 1;
2173	return 0;
2174}
2175
2176static struct create_durable_v2 *
2177create_durable_v2_buf(struct cifs_open_parms *oparms)
2178{
2179	struct cifs_fid *pfid = oparms->fid;
2180	struct create_durable_v2 *buf;
2181
2182	buf = kzalloc(sizeof(struct create_durable_v2), GFP_KERNEL);
2183	if (!buf)
2184		return NULL;
2185
2186	buf->ccontext.DataOffset = cpu_to_le16(offsetof
2187					(struct create_durable_v2, dcontext));
2188	buf->ccontext.DataLength = cpu_to_le32(sizeof(struct durable_context_v2));
2189	buf->ccontext.NameOffset = cpu_to_le16(offsetof
2190				(struct create_durable_v2, Name));
2191	buf->ccontext.NameLength = cpu_to_le16(4);
2192
2193	/*
2194	 * NB: Handle timeout defaults to 0, which allows server to choose
2195	 * (most servers default to 120 seconds) and most clients default to 0.
2196	 * This can be overridden at mount ("handletimeout=") if the user wants
2197	 * a different persistent (or resilient) handle timeout for all opens
2198	 * opens on a particular SMB3 mount.
2199	 */
2200	buf->dcontext.Timeout = cpu_to_le32(oparms->tcon->handle_timeout);
2201	buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT);
2202	generate_random_uuid(buf->dcontext.CreateGuid);
2203	memcpy(pfid->create_guid, buf->dcontext.CreateGuid, 16);
2204
2205	/* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DH2Q" */
2206	buf->Name[0] = 'D';
2207	buf->Name[1] = 'H';
2208	buf->Name[2] = '2';
2209	buf->Name[3] = 'Q';
2210	return buf;
2211}
2212
2213static struct create_durable_handle_reconnect_v2 *
2214create_reconnect_durable_v2_buf(struct cifs_fid *fid)
2215{
2216	struct create_durable_handle_reconnect_v2 *buf;
2217
2218	buf = kzalloc(sizeof(struct create_durable_handle_reconnect_v2),
2219			GFP_KERNEL);
2220	if (!buf)
2221		return NULL;
2222
2223	buf->ccontext.DataOffset =
2224		cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2,
2225				     dcontext));
2226	buf->ccontext.DataLength =
2227		cpu_to_le32(sizeof(struct durable_reconnect_context_v2));
2228	buf->ccontext.NameOffset =
2229		cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2,
2230			    Name));
2231	buf->ccontext.NameLength = cpu_to_le16(4);
2232
2233	buf->dcontext.Fid.PersistentFileId = fid->persistent_fid;
2234	buf->dcontext.Fid.VolatileFileId = fid->volatile_fid;
2235	buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT);
2236	memcpy(buf->dcontext.CreateGuid, fid->create_guid, 16);
2237
2238	/* SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 is "DH2C" */
2239	buf->Name[0] = 'D';
2240	buf->Name[1] = 'H';
2241	buf->Name[2] = '2';
2242	buf->Name[3] = 'C';
2243	return buf;
2244}
2245
2246static int
2247add_durable_v2_context(struct kvec *iov, unsigned int *num_iovec,
2248		    struct cifs_open_parms *oparms)
2249{
2250	struct smb2_create_req *req = iov[0].iov_base;
2251	unsigned int num = *num_iovec;
2252
2253	iov[num].iov_base = create_durable_v2_buf(oparms);
2254	if (iov[num].iov_base == NULL)
2255		return -ENOMEM;
2256	iov[num].iov_len = sizeof(struct create_durable_v2);
2257	if (!req->CreateContextsOffset)
2258		req->CreateContextsOffset =
2259			cpu_to_le32(sizeof(struct smb2_create_req) +
2260								iov[1].iov_len);
2261	le32_add_cpu(&req->CreateContextsLength, sizeof(struct create_durable_v2));
2262	*num_iovec = num + 1;
2263	return 0;
2264}
2265
2266static int
2267add_durable_reconnect_v2_context(struct kvec *iov, unsigned int *num_iovec,
2268		    struct cifs_open_parms *oparms)
2269{
2270	struct smb2_create_req *req = iov[0].iov_base;
2271	unsigned int num = *num_iovec;
2272
2273	/* indicate that we don't need to relock the file */
2274	oparms->reconnect = false;
2275
2276	iov[num].iov_base = create_reconnect_durable_v2_buf(oparms->fid);
2277	if (iov[num].iov_base == NULL)
2278		return -ENOMEM;
2279	iov[num].iov_len = sizeof(struct create_durable_handle_reconnect_v2);
2280	if (!req->CreateContextsOffset)
2281		req->CreateContextsOffset =
2282			cpu_to_le32(sizeof(struct smb2_create_req) +
2283								iov[1].iov_len);
2284	le32_add_cpu(&req->CreateContextsLength,
2285			sizeof(struct create_durable_handle_reconnect_v2));
2286	*num_iovec = num + 1;
2287	return 0;
2288}
2289
2290static int
2291add_durable_context(struct kvec *iov, unsigned int *num_iovec,
2292		    struct cifs_open_parms *oparms, bool use_persistent)
2293{
2294	struct smb2_create_req *req = iov[0].iov_base;
2295	unsigned int num = *num_iovec;
2296
2297	if (use_persistent) {
2298		if (oparms->reconnect)
2299			return add_durable_reconnect_v2_context(iov, num_iovec,
2300								oparms);
2301		else
2302			return add_durable_v2_context(iov, num_iovec, oparms);
2303	}
2304
2305	if (oparms->reconnect) {
2306		iov[num].iov_base = create_reconnect_durable_buf(oparms->fid);
2307		/* indicate that we don't need to relock the file */
2308		oparms->reconnect = false;
2309	} else
2310		iov[num].iov_base = create_durable_buf();
2311	if (iov[num].iov_base == NULL)
2312		return -ENOMEM;
2313	iov[num].iov_len = sizeof(struct create_durable);
2314	if (!req->CreateContextsOffset)
2315		req->CreateContextsOffset =
2316			cpu_to_le32(sizeof(struct smb2_create_req) +
2317								iov[1].iov_len);
2318	le32_add_cpu(&req->CreateContextsLength, sizeof(struct create_durable));
2319	*num_iovec = num + 1;
2320	return 0;
2321}
2322
2323/* See MS-SMB2 2.2.13.2.7 */
2324static struct crt_twarp_ctxt *
2325create_twarp_buf(__u64 timewarp)
2326{
2327	struct crt_twarp_ctxt *buf;
2328
2329	buf = kzalloc(sizeof(struct crt_twarp_ctxt), GFP_KERNEL);
2330	if (!buf)
2331		return NULL;
2332
2333	buf->ccontext.DataOffset = cpu_to_le16(offsetof
2334					(struct crt_twarp_ctxt, Timestamp));
2335	buf->ccontext.DataLength = cpu_to_le32(8);
2336	buf->ccontext.NameOffset = cpu_to_le16(offsetof
2337				(struct crt_twarp_ctxt, Name));
2338	buf->ccontext.NameLength = cpu_to_le16(4);
2339	/* SMB2_CREATE_TIMEWARP_TOKEN is "TWrp" */
2340	buf->Name[0] = 'T';
2341	buf->Name[1] = 'W';
2342	buf->Name[2] = 'r';
2343	buf->Name[3] = 'p';
2344	buf->Timestamp = cpu_to_le64(timewarp);
2345	return buf;
2346}
2347
2348/* See MS-SMB2 2.2.13.2.7 */
2349static int
2350add_twarp_context(struct kvec *iov, unsigned int *num_iovec, __u64 timewarp)
2351{
2352	struct smb2_create_req *req = iov[0].iov_base;
2353	unsigned int num = *num_iovec;
2354
2355	iov[num].iov_base = create_twarp_buf(timewarp);
2356	if (iov[num].iov_base == NULL)
2357		return -ENOMEM;
2358	iov[num].iov_len = sizeof(struct crt_twarp_ctxt);
2359	if (!req->CreateContextsOffset)
2360		req->CreateContextsOffset = cpu_to_le32(
2361				sizeof(struct smb2_create_req) +
2362				iov[num - 1].iov_len);
2363	le32_add_cpu(&req->CreateContextsLength, sizeof(struct crt_twarp_ctxt));
2364	*num_iovec = num + 1;
2365	return 0;
2366}
2367
2368/* See See http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx */
2369static void setup_owner_group_sids(char *buf)
2370{
2371	struct owner_group_sids *sids = (struct owner_group_sids *)buf;
2372
2373	/* Populate the user ownership fields S-1-5-88-1 */
2374	sids->owner.Revision = 1;
2375	sids->owner.NumAuth = 3;
2376	sids->owner.Authority[5] = 5;
2377	sids->owner.SubAuthorities[0] = cpu_to_le32(88);
2378	sids->owner.SubAuthorities[1] = cpu_to_le32(1);
2379	sids->owner.SubAuthorities[2] = cpu_to_le32(current_fsuid().val);
2380
2381	/* Populate the group ownership fields S-1-5-88-2 */
2382	sids->group.Revision = 1;
2383	sids->group.NumAuth = 3;
2384	sids->group.Authority[5] = 5;
2385	sids->group.SubAuthorities[0] = cpu_to_le32(88);
2386	sids->group.SubAuthorities[1] = cpu_to_le32(2);
2387	sids->group.SubAuthorities[2] = cpu_to_le32(current_fsgid().val);
2388
2389	cifs_dbg(FYI, "owner S-1-5-88-1-%d, group S-1-5-88-2-%d\n", current_fsuid().val, current_fsgid().val);
2390}
2391
2392/* See MS-SMB2 2.2.13.2.2 and MS-DTYP 2.4.6 */
2393static struct crt_sd_ctxt *
2394create_sd_buf(umode_t mode, bool set_owner, unsigned int *len)
2395{
2396	struct crt_sd_ctxt *buf;
2397	__u8 *ptr, *aclptr;
2398	unsigned int acelen, acl_size, ace_count;
2399	unsigned int owner_offset = 0;
2400	unsigned int group_offset = 0;
2401	struct smb3_acl acl = {};
2402
2403	*len = round_up(sizeof(struct crt_sd_ctxt) + (sizeof(struct cifs_ace) * 4), 8);
2404
2405	if (set_owner) {
2406		/* sizeof(struct owner_group_sids) is already multiple of 8 so no need to round */
2407		*len += sizeof(struct owner_group_sids);
2408	}
2409
2410	buf = kzalloc(*len, GFP_KERNEL);
2411	if (buf == NULL)
2412		return buf;
2413
2414	ptr = (__u8 *)&buf[1];
2415	if (set_owner) {
2416		/* offset fields are from beginning of security descriptor not of create context */
2417		owner_offset = ptr - (__u8 *)&buf->sd;
2418		buf->sd.OffsetOwner = cpu_to_le32(owner_offset);
2419		group_offset = owner_offset + offsetof(struct owner_group_sids, group);
2420		buf->sd.OffsetGroup = cpu_to_le32(group_offset);
2421
2422		setup_owner_group_sids(ptr);
2423		ptr += sizeof(struct owner_group_sids);
2424	} else {
2425		buf->sd.OffsetOwner = 0;
2426		buf->sd.OffsetGroup = 0;
2427	}
2428
2429	buf->ccontext.DataOffset = cpu_to_le16(offsetof(struct crt_sd_ctxt, sd));
2430	buf->ccontext.NameOffset = cpu_to_le16(offsetof(struct crt_sd_ctxt, Name));
2431	buf->ccontext.NameLength = cpu_to_le16(4);
2432	/* SMB2_CREATE_SD_BUFFER_TOKEN is "SecD" */
2433	buf->Name[0] = 'S';
2434	buf->Name[1] = 'e';
2435	buf->Name[2] = 'c';
2436	buf->Name[3] = 'D';
2437	buf->sd.Revision = 1;  /* Must be one see MS-DTYP 2.4.6 */
2438
2439	/*
2440	 * ACL is "self relative" ie ACL is stored in contiguous block of memory
2441	 * and "DP" ie the DACL is present
2442	 */
2443	buf->sd.Control = cpu_to_le16(ACL_CONTROL_SR | ACL_CONTROL_DP);
2444
2445	/* offset owner, group and Sbz1 and SACL are all zero */
2446	buf->sd.OffsetDacl = cpu_to_le32(ptr - (__u8 *)&buf->sd);
2447	/* Ship the ACL for now. we will copy it into buf later. */
2448	aclptr = ptr;
2449	ptr += sizeof(struct smb3_acl);
2450
2451	/* create one ACE to hold the mode embedded in reserved special SID */
2452	acelen = setup_special_mode_ACE((struct cifs_ace *)ptr, (__u64)mode);
2453	ptr += acelen;
2454	acl_size = acelen + sizeof(struct smb3_acl);
2455	ace_count = 1;
2456
2457	if (set_owner) {
2458		/* we do not need to reallocate buffer to add the two more ACEs. plenty of space */
2459		acelen = setup_special_user_owner_ACE((struct cifs_ace *)ptr);
2460		ptr += acelen;
2461		acl_size += acelen;
2462		ace_count += 1;
2463	}
2464
2465	/* and one more ACE to allow access for authenticated users */
2466	acelen = setup_authusers_ACE((struct cifs_ace *)ptr);
2467	ptr += acelen;
2468	acl_size += acelen;
2469	ace_count += 1;
2470
2471	acl.AclRevision = ACL_REVISION; /* See 2.4.4.1 of MS-DTYP */
2472	acl.AclSize = cpu_to_le16(acl_size);
2473	acl.AceCount = cpu_to_le16(ace_count);
2474	/* acl.Sbz1 and Sbz2 MBZ so are not set here, but initialized above */
2475	memcpy(aclptr, &acl, sizeof(struct smb3_acl));
2476
2477	buf->ccontext.DataLength = cpu_to_le32(ptr - (__u8 *)&buf->sd);
2478	*len = round_up((unsigned int)(ptr - (__u8 *)buf), 8);
2479
2480	return buf;
2481}
2482
2483static int
2484add_sd_context(struct kvec *iov, unsigned int *num_iovec, umode_t mode, bool set_owner)
2485{
2486	struct smb2_create_req *req = iov[0].iov_base;
2487	unsigned int num = *num_iovec;
2488	unsigned int len = 0;
2489
2490	iov[num].iov_base = create_sd_buf(mode, set_owner, &len);
2491	if (iov[num].iov_base == NULL)
2492		return -ENOMEM;
2493	iov[num].iov_len = len;
2494	if (!req->CreateContextsOffset)
2495		req->CreateContextsOffset = cpu_to_le32(
2496				sizeof(struct smb2_create_req) +
2497				iov[num - 1].iov_len);
2498	le32_add_cpu(&req->CreateContextsLength, len);
2499	*num_iovec = num + 1;
2500	return 0;
2501}
2502
2503static struct crt_query_id_ctxt *
2504create_query_id_buf(void)
2505{
2506	struct crt_query_id_ctxt *buf;
2507
2508	buf = kzalloc(sizeof(struct crt_query_id_ctxt), GFP_KERNEL);
2509	if (!buf)
2510		return NULL;
2511
2512	buf->ccontext.DataOffset = cpu_to_le16(0);
2513	buf->ccontext.DataLength = cpu_to_le32(0);
2514	buf->ccontext.NameOffset = cpu_to_le16(offsetof
2515				(struct crt_query_id_ctxt, Name));
2516	buf->ccontext.NameLength = cpu_to_le16(4);
2517	/* SMB2_CREATE_QUERY_ON_DISK_ID is "QFid" */
2518	buf->Name[0] = 'Q';
2519	buf->Name[1] = 'F';
2520	buf->Name[2] = 'i';
2521	buf->Name[3] = 'd';
2522	return buf;
2523}
2524
2525/* See MS-SMB2 2.2.13.2.9 */
2526static int
2527add_query_id_context(struct kvec *iov, unsigned int *num_iovec)
2528{
2529	struct smb2_create_req *req = iov[0].iov_base;
2530	unsigned int num = *num_iovec;
2531
2532	iov[num].iov_base = create_query_id_buf();
2533	if (iov[num].iov_base == NULL)
2534		return -ENOMEM;
2535	iov[num].iov_len = sizeof(struct crt_query_id_ctxt);
2536	if (!req->CreateContextsOffset)
2537		req->CreateContextsOffset = cpu_to_le32(
2538				sizeof(struct smb2_create_req) +
2539				iov[num - 1].iov_len);
2540	le32_add_cpu(&req->CreateContextsLength, sizeof(struct crt_query_id_ctxt));
2541	*num_iovec = num + 1;
2542	return 0;
2543}
2544
2545static int
2546alloc_path_with_tree_prefix(__le16 **out_path, int *out_size, int *out_len,
2547			    const char *treename, const __le16 *path)
2548{
2549	int treename_len, path_len;
2550	struct nls_table *cp;
2551	const __le16 sep[] = {cpu_to_le16('\\'), cpu_to_le16(0x0000)};
2552
2553	/*
2554	 * skip leading "\\"
2555	 */
2556	treename_len = strlen(treename);
2557	if (treename_len < 2 || !(treename[0] == '\\' && treename[1] == '\\'))
2558		return -EINVAL;
2559
2560	treename += 2;
2561	treename_len -= 2;
2562
2563	path_len = UniStrnlen((wchar_t *)path, PATH_MAX);
2564
2565	/* make room for one path separator only if @path isn't empty */
2566	*out_len = treename_len + (path[0] ? 1 : 0) + path_len;
2567
2568	/*
2569	 * final path needs to be 8-byte aligned as specified in
2570	 * MS-SMB2 2.2.13 SMB2 CREATE Request.
2571	 */
2572	*out_size = round_up(*out_len * sizeof(__le16), 8);
2573	*out_path = kzalloc(*out_size + sizeof(__le16) /* null */, GFP_KERNEL);
2574	if (!*out_path)
2575		return -ENOMEM;
2576
2577	cp = load_nls_default();
2578	cifs_strtoUTF16(*out_path, treename, treename_len, cp);
2579
2580	/* Do not append the separator if the path is empty */
2581	if (path[0] != cpu_to_le16(0x0000)) {
2582		UniStrcat(*out_path, sep);
2583		UniStrcat(*out_path, path);
2584	}
2585
2586	unload_nls(cp);
2587
2588	return 0;
2589}
2590
2591int smb311_posix_mkdir(const unsigned int xid, struct inode *inode,
2592			       umode_t mode, struct cifs_tcon *tcon,
2593			       const char *full_path,
2594			       struct cifs_sb_info *cifs_sb)
2595{
2596	struct smb_rqst rqst;
2597	struct smb2_create_req *req;
2598	struct smb2_create_rsp *rsp = NULL;
2599	struct cifs_ses *ses = tcon->ses;
2600	struct kvec iov[3]; /* make sure at least one for each open context */
2601	struct kvec rsp_iov = {NULL, 0};
2602	int resp_buftype;
2603	int uni_path_len;
2604	__le16 *copy_path = NULL;
2605	int copy_size;
2606	int rc = 0;
2607	unsigned int n_iov = 2;
2608	__u32 file_attributes = 0;
2609	char *pc_buf = NULL;
2610	int flags = 0;
2611	unsigned int total_len;
2612	__le16 *utf16_path = NULL;
2613	struct TCP_Server_Info *server = cifs_pick_channel(ses);
2614
2615	cifs_dbg(FYI, "mkdir\n");
2616
2617	/* resource #1: path allocation */
2618	utf16_path = cifs_convert_path_to_utf16(full_path, cifs_sb);
2619	if (!utf16_path)
2620		return -ENOMEM;
2621
2622	if (!ses || !server) {
2623		rc = -EIO;
2624		goto err_free_path;
2625	}
2626
2627	/* resource #2: request */
2628	rc = smb2_plain_req_init(SMB2_CREATE, tcon, server,
2629				 (void **) &req, &total_len);
2630	if (rc)
2631		goto err_free_path;
2632
2633
2634	if (smb3_encryption_required(tcon))
2635		flags |= CIFS_TRANSFORM_REQ;
2636
2637	req->ImpersonationLevel = IL_IMPERSONATION;
2638	req->DesiredAccess = cpu_to_le32(FILE_WRITE_ATTRIBUTES);
2639	/* File attributes ignored on open (used in create though) */
2640	req->FileAttributes = cpu_to_le32(file_attributes);
2641	req->ShareAccess = FILE_SHARE_ALL_LE;
2642	req->CreateDisposition = cpu_to_le32(FILE_CREATE);
2643	req->CreateOptions = cpu_to_le32(CREATE_NOT_FILE);
2644
2645	iov[0].iov_base = (char *)req;
2646	/* -1 since last byte is buf[0] which is sent below (path) */
2647	iov[0].iov_len = total_len - 1;
2648
2649	req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req));
2650
2651	/* [MS-SMB2] 2.2.13 NameOffset:
2652	 * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of
2653	 * the SMB2 header, the file name includes a prefix that will
2654	 * be processed during DFS name normalization as specified in
2655	 * section 3.3.5.9. Otherwise, the file name is relative to
2656	 * the share that is identified by the TreeId in the SMB2
2657	 * header.
2658	 */
2659	if (tcon->share_flags & SHI1005_FLAGS_DFS) {
2660		int name_len;
2661
2662		req->hdr.Flags |= SMB2_FLAGS_DFS_OPERATIONS;
2663		rc = alloc_path_with_tree_prefix(&copy_path, &copy_size,
2664						 &name_len,
2665						 tcon->tree_name, utf16_path);
2666		if (rc)
2667			goto err_free_req;
2668
2669		req->NameLength = cpu_to_le16(name_len * 2);
2670		uni_path_len = copy_size;
2671		/* free before overwriting resource */
2672		kfree(utf16_path);
2673		utf16_path = copy_path;
2674	} else {
2675		uni_path_len = (2 * UniStrnlen((wchar_t *)utf16_path, PATH_MAX)) + 2;
2676		/* MUST set path len (NameLength) to 0 opening root of share */
2677		req->NameLength = cpu_to_le16(uni_path_len - 2);
2678		if (uni_path_len % 8 != 0) {
2679			copy_size = roundup(uni_path_len, 8);
2680			copy_path = kzalloc(copy_size, GFP_KERNEL);
2681			if (!copy_path) {
2682				rc = -ENOMEM;
2683				goto err_free_req;
2684			}
2685			memcpy((char *)copy_path, (const char *)utf16_path,
2686			       uni_path_len);
2687			uni_path_len = copy_size;
2688			/* free before overwriting resource */
2689			kfree(utf16_path);
2690			utf16_path = copy_path;
2691		}
2692	}
2693
2694	iov[1].iov_len = uni_path_len;
2695	iov[1].iov_base = utf16_path;
2696	req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_NONE;
2697
2698	if (tcon->posix_extensions) {
2699		/* resource #3: posix buf */
2700		rc = add_posix_context(iov, &n_iov, mode);
2701		if (rc)
2702			goto err_free_req;
2703		pc_buf = iov[n_iov-1].iov_base;
2704	}
2705
2706
2707	memset(&rqst, 0, sizeof(struct smb_rqst));
2708	rqst.rq_iov = iov;
2709	rqst.rq_nvec = n_iov;
2710
2711	/* no need to inc num_remote_opens because we close it just below */
2712	trace_smb3_posix_mkdir_enter(xid, tcon->tid, ses->Suid, full_path, CREATE_NOT_FILE,
2713				    FILE_WRITE_ATTRIBUTES);
2714	/* resource #4: response buffer */
2715	rc = cifs_send_recv(xid, ses, server,
2716			    &rqst, &resp_buftype, flags, &rsp_iov);
2717	if (rc) {
2718		cifs_stats_fail_inc(tcon, SMB2_CREATE_HE);
2719		trace_smb3_posix_mkdir_err(xid, tcon->tid, ses->Suid,
2720					   CREATE_NOT_FILE,
2721					   FILE_WRITE_ATTRIBUTES, rc);
2722		goto err_free_rsp_buf;
2723	}
2724
2725	/*
2726	 * Although unlikely to be possible for rsp to be null and rc not set,
2727	 * adding check below is slightly safer long term (and quiets Coverity
2728	 * warning)
2729	 */
2730	rsp = (struct smb2_create_rsp *)rsp_iov.iov_base;
2731	if (rsp == NULL) {
2732		rc = -EIO;
2733		kfree(pc_buf);
2734		goto err_free_req;
2735	}
2736
2737	trace_smb3_posix_mkdir_done(xid, rsp->PersistentFileId, tcon->tid, ses->Suid,
2738				    CREATE_NOT_FILE, FILE_WRITE_ATTRIBUTES);
2739
2740	SMB2_close(xid, tcon, rsp->PersistentFileId, rsp->VolatileFileId);
2741
2742	/* Eventually save off posix specific response info and timestaps */
2743
2744err_free_rsp_buf:
2745	free_rsp_buf(resp_buftype, rsp);
2746	kfree(pc_buf);
2747err_free_req:
2748	cifs_small_buf_release(req);
2749err_free_path:
2750	kfree(utf16_path);
2751	return rc;
2752}
2753
2754int
2755SMB2_open_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
2756	       struct smb_rqst *rqst, __u8 *oplock,
2757	       struct cifs_open_parms *oparms, __le16 *path)
2758{
2759	struct smb2_create_req *req;
2760	unsigned int n_iov = 2;
2761	__u32 file_attributes = 0;
2762	int copy_size;
2763	int uni_path_len;
2764	unsigned int total_len;
2765	struct kvec *iov = rqst->rq_iov;
2766	__le16 *copy_path;
2767	int rc;
2768
2769	rc = smb2_plain_req_init(SMB2_CREATE, tcon, server,
2770				 (void **) &req, &total_len);
2771	if (rc)
2772		return rc;
2773
2774	iov[0].iov_base = (char *)req;
2775	/* -1 since last byte is buf[0] which is sent below (path) */
2776	iov[0].iov_len = total_len - 1;
2777
2778	if (oparms->create_options & CREATE_OPTION_READONLY)
2779		file_attributes |= ATTR_READONLY;
2780	if (oparms->create_options & CREATE_OPTION_SPECIAL)
2781		file_attributes |= ATTR_SYSTEM;
2782
2783	req->ImpersonationLevel = IL_IMPERSONATION;
2784	req->DesiredAccess = cpu_to_le32(oparms->desired_access);
2785	/* File attributes ignored on open (used in create though) */
2786	req->FileAttributes = cpu_to_le32(file_attributes);
2787	req->ShareAccess = FILE_SHARE_ALL_LE;
2788
2789	req->CreateDisposition = cpu_to_le32(oparms->disposition);
2790	req->CreateOptions = cpu_to_le32(oparms->create_options & CREATE_OPTIONS_MASK);
2791	req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req));
2792
2793	/* [MS-SMB2] 2.2.13 NameOffset:
2794	 * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of
2795	 * the SMB2 header, the file name includes a prefix that will
2796	 * be processed during DFS name normalization as specified in
2797	 * section 3.3.5.9. Otherwise, the file name is relative to
2798	 * the share that is identified by the TreeId in the SMB2
2799	 * header.
2800	 */
2801	if (tcon->share_flags & SHI1005_FLAGS_DFS) {
2802		int name_len;
2803
2804		req->hdr.Flags |= SMB2_FLAGS_DFS_OPERATIONS;
2805		rc = alloc_path_with_tree_prefix(&copy_path, &copy_size,
2806						 &name_len,
2807						 tcon->tree_name, path);
2808		if (rc)
2809			return rc;
2810		req->NameLength = cpu_to_le16(name_len * 2);
2811		uni_path_len = copy_size;
2812		path = copy_path;
2813	} else {
2814		uni_path_len = (2 * UniStrnlen((wchar_t *)path, PATH_MAX)) + 2;
2815		/* MUST set path len (NameLength) to 0 opening root of share */
2816		req->NameLength = cpu_to_le16(uni_path_len - 2);
2817		copy_size = round_up(uni_path_len, 8);
2818		copy_path = kzalloc(copy_size, GFP_KERNEL);
2819		if (!copy_path)
2820			return -ENOMEM;
2821		memcpy((char *)copy_path, (const char *)path,
2822		       uni_path_len);
2823		uni_path_len = copy_size;
2824		path = copy_path;
2825	}
2826
2827	iov[1].iov_len = uni_path_len;
2828	iov[1].iov_base = path;
2829
2830	if ((!server->oplocks) || (tcon->no_lease))
2831		*oplock = SMB2_OPLOCK_LEVEL_NONE;
2832
2833	if (!(server->capabilities & SMB2_GLOBAL_CAP_LEASING) ||
2834	    *oplock == SMB2_OPLOCK_LEVEL_NONE)
2835		req->RequestedOplockLevel = *oplock;
2836	else if (!(server->capabilities & SMB2_GLOBAL_CAP_DIRECTORY_LEASING) &&
2837		  (oparms->create_options & CREATE_NOT_FILE))
2838		req->RequestedOplockLevel = *oplock; /* no srv lease support */
2839	else {
2840		rc = add_lease_context(server, iov, &n_iov,
2841				       oparms->fid->lease_key, oplock);
2842		if (rc)
2843			return rc;
2844	}
2845
2846	if (*oplock == SMB2_OPLOCK_LEVEL_BATCH) {
2847		/* need to set Next field of lease context if we request it */
2848		if (server->capabilities & SMB2_GLOBAL_CAP_LEASING) {
2849			struct create_context *ccontext =
2850			    (struct create_context *)iov[n_iov-1].iov_base;
2851			ccontext->Next =
2852				cpu_to_le32(server->vals->create_lease_size);
2853		}
2854
2855		rc = add_durable_context(iov, &n_iov, oparms,
2856					tcon->use_persistent);
2857		if (rc)
2858			return rc;
2859	}
2860
2861	if (tcon->posix_extensions) {
2862		if (n_iov > 2) {
2863			struct create_context *ccontext =
2864			    (struct create_context *)iov[n_iov-1].iov_base;
2865			ccontext->Next =
2866				cpu_to_le32(iov[n_iov-1].iov_len);
2867		}
2868
2869		rc = add_posix_context(iov, &n_iov, oparms->mode);
2870		if (rc)
2871			return rc;
2872	}
2873
2874	if (tcon->snapshot_time) {
2875		cifs_dbg(FYI, "adding snapshot context\n");
2876		if (n_iov > 2) {
2877			struct create_context *ccontext =
2878			    (struct create_context *)iov[n_iov-1].iov_base;
2879			ccontext->Next =
2880				cpu_to_le32(iov[n_iov-1].iov_len);
2881		}
2882
2883		rc = add_twarp_context(iov, &n_iov, tcon->snapshot_time);
2884		if (rc)
2885			return rc;
2886	}
2887
2888	if ((oparms->disposition != FILE_OPEN) && (oparms->cifs_sb)) {
2889		bool set_mode;
2890		bool set_owner;
2891
2892		if ((oparms->cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MODE_FROM_SID) &&
2893		    (oparms->mode != ACL_NO_MODE))
2894			set_mode = true;
2895		else {
2896			set_mode = false;
2897			oparms->mode = ACL_NO_MODE;
2898		}
2899
2900		if (oparms->cifs_sb->mnt_cifs_flags & CIFS_MOUNT_UID_FROM_ACL)
2901			set_owner = true;
2902		else
2903			set_owner = false;
2904
2905		if (set_owner | set_mode) {
2906			if (n_iov > 2) {
2907				struct create_context *ccontext =
2908				    (struct create_context *)iov[n_iov-1].iov_base;
2909				ccontext->Next = cpu_to_le32(iov[n_iov-1].iov_len);
2910			}
2911
2912			cifs_dbg(FYI, "add sd with mode 0x%x\n", oparms->mode);
2913			rc = add_sd_context(iov, &n_iov, oparms->mode, set_owner);
2914			if (rc)
2915				return rc;
2916		}
2917	}
2918
2919	if (n_iov > 2) {
2920		struct create_context *ccontext =
2921			(struct create_context *)iov[n_iov-1].iov_base;
2922		ccontext->Next = cpu_to_le32(iov[n_iov-1].iov_len);
2923	}
2924	add_query_id_context(iov, &n_iov);
2925
2926	rqst->rq_nvec = n_iov;
2927	return 0;
2928}
2929
2930/* rq_iov[0] is the request and is released by cifs_small_buf_release().
2931 * All other vectors are freed by kfree().
2932 */
2933void
2934SMB2_open_free(struct smb_rqst *rqst)
2935{
2936	int i;
2937
2938	if (rqst && rqst->rq_iov) {
2939		cifs_small_buf_release(rqst->rq_iov[0].iov_base);
2940		for (i = 1; i < rqst->rq_nvec; i++)
2941			if (rqst->rq_iov[i].iov_base != smb2_padding)
2942				kfree(rqst->rq_iov[i].iov_base);
2943	}
2944}
2945
2946int
2947SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path,
2948	  __u8 *oplock, struct smb2_file_all_info *buf,
2949	  struct create_posix_rsp *posix,
2950	  struct kvec *err_iov, int *buftype)
2951{
2952	struct smb_rqst rqst;
2953	struct smb2_create_rsp *rsp = NULL;
2954	struct cifs_tcon *tcon = oparms->tcon;
2955	struct cifs_ses *ses = tcon->ses;
2956	struct TCP_Server_Info *server = cifs_pick_channel(ses);
2957	struct kvec iov[SMB2_CREATE_IOV_SIZE];
2958	struct kvec rsp_iov = {NULL, 0};
2959	int resp_buftype = CIFS_NO_BUFFER;
2960	int rc = 0;
2961	int flags = 0;
2962
2963	cifs_dbg(FYI, "create/open\n");
2964	if (!ses || !server)
2965		return -EIO;
2966
2967	if (smb3_encryption_required(tcon))
2968		flags |= CIFS_TRANSFORM_REQ;
2969
2970	memset(&rqst, 0, sizeof(struct smb_rqst));
2971	memset(&iov, 0, sizeof(iov));
2972	rqst.rq_iov = iov;
2973	rqst.rq_nvec = SMB2_CREATE_IOV_SIZE;
2974
2975	rc = SMB2_open_init(tcon, server,
2976			    &rqst, oplock, oparms, path);
2977	if (rc)
2978		goto creat_exit;
2979
2980	trace_smb3_open_enter(xid, tcon->tid, tcon->ses->Suid, oparms->path,
2981		oparms->create_options, oparms->desired_access);
2982
2983	rc = cifs_send_recv(xid, ses, server,
2984			    &rqst, &resp_buftype, flags,
2985			    &rsp_iov);
2986	rsp = (struct smb2_create_rsp *)rsp_iov.iov_base;
2987
2988	if (rc != 0) {
2989		cifs_stats_fail_inc(tcon, SMB2_CREATE_HE);
2990		if (err_iov && rsp) {
2991			*err_iov = rsp_iov;
2992			*buftype = resp_buftype;
2993			resp_buftype = CIFS_NO_BUFFER;
2994			rsp = NULL;
2995		}
2996		trace_smb3_open_err(xid, tcon->tid, ses->Suid,
2997				    oparms->create_options, oparms->desired_access, rc);
2998		if (rc == -EREMCHG) {
2999			pr_warn_once("server share %s deleted\n",
3000				     tcon->tree_name);
3001			tcon->need_reconnect = true;
3002		}
3003		goto creat_exit;
3004	} else if (rsp == NULL) /* unlikely to happen, but safer to check */
3005		goto creat_exit;
3006	else
3007		trace_smb3_open_done(xid, rsp->PersistentFileId, tcon->tid, ses->Suid,
3008				     oparms->create_options, oparms->desired_access);
3009
3010	atomic_inc(&tcon->num_remote_opens);
3011	oparms->fid->persistent_fid = rsp->PersistentFileId;
3012	oparms->fid->volatile_fid = rsp->VolatileFileId;
3013	oparms->fid->access = oparms->desired_access;
3014#ifdef CONFIG_CIFS_DEBUG2
3015	oparms->fid->mid = le64_to_cpu(rsp->hdr.MessageId);
3016#endif /* CIFS_DEBUG2 */
3017
3018	if (buf) {
3019		buf->CreationTime = rsp->CreationTime;
3020		buf->LastAccessTime = rsp->LastAccessTime;
3021		buf->LastWriteTime = rsp->LastWriteTime;
3022		buf->ChangeTime = rsp->ChangeTime;
3023		buf->AllocationSize = rsp->AllocationSize;
3024		buf->EndOfFile = rsp->EndofFile;
3025		buf->Attributes = rsp->FileAttributes;
3026		buf->NumberOfLinks = cpu_to_le32(1);
3027		buf->DeletePending = 0;
3028	}
3029
3030
3031	smb2_parse_contexts(server, rsp, &oparms->fid->epoch,
3032			    oparms->fid->lease_key, oplock, buf, posix);
3033creat_exit:
3034	SMB2_open_free(&rqst);
3035	free_rsp_buf(resp_buftype, rsp);
3036	return rc;
3037}
3038
3039int
3040SMB2_ioctl_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
3041		struct smb_rqst *rqst,
3042		u64 persistent_fid, u64 volatile_fid, u32 opcode,
3043		char *in_data, u32 indatalen,
3044		__u32 max_response_size)
3045{
3046	struct smb2_ioctl_req *req;
3047	struct kvec *iov = rqst->rq_iov;
3048	unsigned int total_len;
3049	int rc;
3050	char *in_data_buf;
3051
3052	rc = smb2_ioctl_req_init(opcode, tcon, server,
3053				 (void **) &req, &total_len);
3054	if (rc)
3055		return rc;
3056
3057	if (indatalen) {
3058		/*
3059		 * indatalen is usually small at a couple of bytes max, so
3060		 * just allocate through generic pool
3061		 */
3062		in_data_buf = kmemdup(in_data, indatalen, GFP_NOFS);
3063		if (!in_data_buf) {
3064			cifs_small_buf_release(req);
3065			return -ENOMEM;
3066		}
3067	}
3068
3069	req->CtlCode = cpu_to_le32(opcode);
3070	req->PersistentFileId = persistent_fid;
3071	req->VolatileFileId = volatile_fid;
3072
3073	iov[0].iov_base = (char *)req;
3074	/*
3075	 * If no input data, the size of ioctl struct in
3076	 * protocol spec still includes a 1 byte data buffer,
3077	 * but if input data passed to ioctl, we do not
3078	 * want to double count this, so we do not send
3079	 * the dummy one byte of data in iovec[0] if sending
3080	 * input data (in iovec[1]).
3081	 */
3082	if (indatalen) {
3083		req->InputCount = cpu_to_le32(indatalen);
3084		/* do not set InputOffset if no input data */
3085		req->InputOffset =
3086		       cpu_to_le32(offsetof(struct smb2_ioctl_req, Buffer));
3087		rqst->rq_nvec = 2;
3088		iov[0].iov_len = total_len - 1;
3089		iov[1].iov_base = in_data_buf;
3090		iov[1].iov_len = indatalen;
3091	} else {
3092		rqst->rq_nvec = 1;
3093		iov[0].iov_len = total_len;
3094	}
3095
3096	req->OutputOffset = 0;
3097	req->OutputCount = 0; /* MBZ */
3098
3099	/*
3100	 * In most cases max_response_size is set to 16K (CIFSMaxBufSize)
3101	 * We Could increase default MaxOutputResponse, but that could require
3102	 * more credits. Windows typically sets this smaller, but for some
3103	 * ioctls it may be useful to allow server to send more. No point
3104	 * limiting what the server can send as long as fits in one credit
3105	 * We can not handle more than CIFS_MAX_BUF_SIZE yet but may want
3106	 * to increase this limit up in the future.
3107	 * Note that for snapshot queries that servers like Azure expect that
3108	 * the first query be minimal size (and just used to get the number/size
3109	 * of previous versions) so response size must be specified as EXACTLY
3110	 * sizeof(struct snapshot_array) which is 16 when rounded up to multiple
3111	 * of eight bytes.  Currently that is the only case where we set max
3112	 * response size smaller.
3113	 */
3114	req->MaxOutputResponse = cpu_to_le32(max_response_size);
3115	req->hdr.CreditCharge =
3116		cpu_to_le16(DIV_ROUND_UP(max(indatalen, max_response_size),
3117					 SMB2_MAX_BUFFER_SIZE));
3118	/* always an FSCTL (for now) */
3119	req->Flags = cpu_to_le32(SMB2_0_IOCTL_IS_FSCTL);
3120
3121	/* validate negotiate request must be signed - see MS-SMB2 3.2.5.5 */
3122	if (opcode == FSCTL_VALIDATE_NEGOTIATE_INFO)
3123		req->hdr.Flags |= SMB2_FLAGS_SIGNED;
3124
3125	return 0;
3126}
3127
3128void
3129SMB2_ioctl_free(struct smb_rqst *rqst)
3130{
3131	int i;
3132	if (rqst && rqst->rq_iov) {
3133		cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
3134		for (i = 1; i < rqst->rq_nvec; i++)
3135			if (rqst->rq_iov[i].iov_base != smb2_padding)
3136				kfree(rqst->rq_iov[i].iov_base);
3137	}
3138}
3139
3140
3141/*
3142 *	SMB2 IOCTL is used for both IOCTLs and FSCTLs
3143 */
3144int
3145SMB2_ioctl(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
3146	   u64 volatile_fid, u32 opcode, char *in_data, u32 indatalen,
3147	   u32 max_out_data_len, char **out_data,
3148	   u32 *plen /* returned data len */)
3149{
3150	struct smb_rqst rqst;
3151	struct smb2_ioctl_rsp *rsp = NULL;
3152	struct cifs_ses *ses;
3153	struct TCP_Server_Info *server;
3154	struct kvec iov[SMB2_IOCTL_IOV_SIZE];
3155	struct kvec rsp_iov = {NULL, 0};
3156	int resp_buftype = CIFS_NO_BUFFER;
3157	int rc = 0;
3158	int flags = 0;
3159
3160	cifs_dbg(FYI, "SMB2 IOCTL\n");
3161
3162	if (out_data != NULL)
3163		*out_data = NULL;
3164
3165	/* zero out returned data len, in case of error */
3166	if (plen)
3167		*plen = 0;
3168
3169	if (!tcon)
3170		return -EIO;
3171
3172	ses = tcon->ses;
3173	if (!ses)
3174		return -EIO;
3175
3176	server = cifs_pick_channel(ses);
3177	if (!server)
3178		return -EIO;
3179
3180	if (smb3_encryption_required(tcon))
3181		flags |= CIFS_TRANSFORM_REQ;
3182
3183	memset(&rqst, 0, sizeof(struct smb_rqst));
3184	memset(&iov, 0, sizeof(iov));
3185	rqst.rq_iov = iov;
3186	rqst.rq_nvec = SMB2_IOCTL_IOV_SIZE;
3187
3188	rc = SMB2_ioctl_init(tcon, server,
3189			     &rqst, persistent_fid, volatile_fid, opcode,
3190			     in_data, indatalen, max_out_data_len);
3191	if (rc)
3192		goto ioctl_exit;
3193
3194	rc = cifs_send_recv(xid, ses, server,
3195			    &rqst, &resp_buftype, flags,
3196			    &rsp_iov);
3197	rsp = (struct smb2_ioctl_rsp *)rsp_iov.iov_base;
3198
3199	if (rc != 0)
3200		trace_smb3_fsctl_err(xid, persistent_fid, tcon->tid,
3201				ses->Suid, 0, opcode, rc);
3202
3203	if ((rc != 0) && (rc != -EINVAL) && (rc != -E2BIG)) {
3204		cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);
3205		goto ioctl_exit;
3206	} else if (rc == -EINVAL) {
3207		if ((opcode != FSCTL_SRV_COPYCHUNK_WRITE) &&
3208		    (opcode != FSCTL_SRV_COPYCHUNK)) {
3209			cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);
3210			goto ioctl_exit;
3211		}
3212	} else if (rc == -E2BIG) {
3213		if (opcode != FSCTL_QUERY_ALLOCATED_RANGES) {
3214			cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);
3215			goto ioctl_exit;
3216		}
3217	}
3218
3219	/* check if caller wants to look at return data or just return rc */
3220	if ((plen == NULL) || (out_data == NULL))
3221		goto ioctl_exit;
3222
3223	/*
3224	 * Although unlikely to be possible for rsp to be null and rc not set,
3225	 * adding check below is slightly safer long term (and quiets Coverity
3226	 * warning)
3227	 */
3228	if (rsp == NULL) {
3229		rc = -EIO;
3230		goto ioctl_exit;
3231	}
3232
3233	*plen = le32_to_cpu(rsp->OutputCount);
3234
3235	/* We check for obvious errors in the output buffer length and offset */
3236	if (*plen == 0)
3237		goto ioctl_exit; /* server returned no data */
3238	else if (*plen > rsp_iov.iov_len || *plen > 0xFF00) {
3239		cifs_tcon_dbg(VFS, "srv returned invalid ioctl length: %d\n", *plen);
3240		*plen = 0;
3241		rc = -EIO;
3242		goto ioctl_exit;
3243	}
3244
3245	if (rsp_iov.iov_len - *plen < le32_to_cpu(rsp->OutputOffset)) {
3246		cifs_tcon_dbg(VFS, "Malformed ioctl resp: len %d offset %d\n", *plen,
3247			le32_to_cpu(rsp->OutputOffset));
3248		*plen = 0;
3249		rc = -EIO;
3250		goto ioctl_exit;
3251	}
3252
3253	*out_data = kmemdup((char *)rsp + le32_to_cpu(rsp->OutputOffset),
3254			    *plen, GFP_KERNEL);
3255	if (*out_data == NULL) {
3256		rc = -ENOMEM;
3257		goto ioctl_exit;
3258	}
3259
3260ioctl_exit:
3261	SMB2_ioctl_free(&rqst);
3262	free_rsp_buf(resp_buftype, rsp);
3263	return rc;
3264}
3265
3266/*
3267 *   Individual callers to ioctl worker function follow
3268 */
3269
3270int
3271SMB2_set_compression(const unsigned int xid, struct cifs_tcon *tcon,
3272		     u64 persistent_fid, u64 volatile_fid)
3273{
3274	int rc;
3275	struct  compress_ioctl fsctl_input;
3276	char *ret_data = NULL;
3277
3278	fsctl_input.CompressionState =
3279			cpu_to_le16(COMPRESSION_FORMAT_DEFAULT);
3280
3281	rc = SMB2_ioctl(xid, tcon, persistent_fid, volatile_fid,
3282			FSCTL_SET_COMPRESSION,
3283			(char *)&fsctl_input /* data input */,
3284			2 /* in data len */, CIFSMaxBufSize /* max out data */,
3285			&ret_data /* out data */, NULL);
3286
3287	cifs_dbg(FYI, "set compression rc %d\n", rc);
3288
3289	return rc;
3290}
3291
3292int
3293SMB2_close_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
3294		struct smb_rqst *rqst,
3295		u64 persistent_fid, u64 volatile_fid, bool query_attrs)
3296{
3297	struct smb2_close_req *req;
3298	struct kvec *iov = rqst->rq_iov;
3299	unsigned int total_len;
3300	int rc;
3301
3302	rc = smb2_plain_req_init(SMB2_CLOSE, tcon, server,
3303				 (void **) &req, &total_len);
3304	if (rc)
3305		return rc;
3306
3307	req->PersistentFileId = persistent_fid;
3308	req->VolatileFileId = volatile_fid;
3309	if (query_attrs)
3310		req->Flags = SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB;
3311	else
3312		req->Flags = 0;
3313	iov[0].iov_base = (char *)req;
3314	iov[0].iov_len = total_len;
3315
3316	return 0;
3317}
3318
3319void
3320SMB2_close_free(struct smb_rqst *rqst)
3321{
3322	if (rqst && rqst->rq_iov)
3323		cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
3324}
3325
3326int
3327__SMB2_close(const unsigned int xid, struct cifs_tcon *tcon,
3328	     u64 persistent_fid, u64 volatile_fid,
3329	     struct smb2_file_network_open_info *pbuf)
3330{
3331	struct smb_rqst rqst;
3332	struct smb2_close_rsp *rsp = NULL;
3333	struct cifs_ses *ses = tcon->ses;
3334	struct TCP_Server_Info *server = cifs_pick_channel(ses);
3335	struct kvec iov[1];
3336	struct kvec rsp_iov;
3337	int resp_buftype = CIFS_NO_BUFFER;
3338	int rc = 0;
3339	int flags = 0;
3340	bool query_attrs = false;
3341
3342	cifs_dbg(FYI, "Close\n");
3343
3344	if (!ses || !server)
3345		return -EIO;
3346
3347	if (smb3_encryption_required(tcon))
3348		flags |= CIFS_TRANSFORM_REQ;
3349
3350	memset(&rqst, 0, sizeof(struct smb_rqst));
3351	memset(&iov, 0, sizeof(iov));
3352	rqst.rq_iov = iov;
3353	rqst.rq_nvec = 1;
3354
3355	/* check if need to ask server to return timestamps in close response */
3356	if (pbuf)
3357		query_attrs = true;
3358
3359	trace_smb3_close_enter(xid, persistent_fid, tcon->tid, ses->Suid);
3360	rc = SMB2_close_init(tcon, server,
3361			     &rqst, persistent_fid, volatile_fid,
3362			     query_attrs);
3363	if (rc)
3364		goto close_exit;
3365
3366	rc = cifs_send_recv(xid, ses, server,
3367			    &rqst, &resp_buftype, flags, &rsp_iov);
3368	rsp = (struct smb2_close_rsp *)rsp_iov.iov_base;
3369
3370	if (rc != 0) {
3371		cifs_stats_fail_inc(tcon, SMB2_CLOSE_HE);
3372		trace_smb3_close_err(xid, persistent_fid, tcon->tid, ses->Suid,
3373				     rc);
3374		goto close_exit;
3375	} else {
3376		trace_smb3_close_done(xid, persistent_fid, tcon->tid,
3377				      ses->Suid);
3378		/*
3379		 * Note that have to subtract 4 since struct network_open_info
3380		 * has a final 4 byte pad that close response does not have
3381		 */
3382		if (pbuf)
3383			memcpy(pbuf, (char *)&rsp->CreationTime, sizeof(*pbuf) - 4);
3384	}
3385
3386	atomic_dec(&tcon->num_remote_opens);
3387close_exit:
3388	SMB2_close_free(&rqst);
3389	free_rsp_buf(resp_buftype, rsp);
3390
3391	/* retry close in a worker thread if this one is interrupted */
3392	if (is_interrupt_error(rc)) {
3393		int tmp_rc;
3394
3395		tmp_rc = smb2_handle_cancelled_close(tcon, persistent_fid,
3396						     volatile_fid);
3397		if (tmp_rc)
3398			cifs_dbg(VFS, "handle cancelled close fid 0x%llx returned error %d\n",
3399				 persistent_fid, tmp_rc);
3400	}
3401	return rc;
3402}
3403
3404int
3405SMB2_close(const unsigned int xid, struct cifs_tcon *tcon,
3406		u64 persistent_fid, u64 volatile_fid)
3407{
3408	return __SMB2_close(xid, tcon, persistent_fid, volatile_fid, NULL);
3409}
3410
3411int
3412smb2_validate_iov(unsigned int offset, unsigned int buffer_length,
3413		  struct kvec *iov, unsigned int min_buf_size)
3414{
3415	unsigned int smb_len = iov->iov_len;
3416	char *end_of_smb = smb_len + (char *)iov->iov_base;
3417	char *begin_of_buf = offset + (char *)iov->iov_base;
3418	char *end_of_buf = begin_of_buf + buffer_length;
3419
3420
3421	if (buffer_length < min_buf_size) {
3422		cifs_dbg(VFS, "buffer length %d smaller than minimum size %d\n",
3423			 buffer_length, min_buf_size);
3424		return -EINVAL;
3425	}
3426
3427	/* check if beyond RFC1001 maximum length */
3428	if ((smb_len > 0x7FFFFF) || (buffer_length > 0x7FFFFF)) {
3429		cifs_dbg(VFS, "buffer length %d or smb length %d too large\n",
3430			 buffer_length, smb_len);
3431		return -EINVAL;
3432	}
3433
3434	if ((begin_of_buf > end_of_smb) || (end_of_buf > end_of_smb)) {
3435		cifs_dbg(VFS, "Invalid server response, bad offset to data\n");
3436		return -EINVAL;
3437	}
3438
3439	return 0;
3440}
3441
3442/*
3443 * If SMB buffer fields are valid, copy into temporary buffer to hold result.
3444 * Caller must free buffer.
3445 */
3446int
3447smb2_validate_and_copy_iov(unsigned int offset, unsigned int buffer_length,
3448			   struct kvec *iov, unsigned int minbufsize,
3449			   char *data)
3450{
3451	char *begin_of_buf = offset + (char *)iov->iov_base;
3452	int rc;
3453
3454	if (!data)
3455		return -EINVAL;
3456
3457	rc = smb2_validate_iov(offset, buffer_length, iov, minbufsize);
3458	if (rc)
3459		return rc;
3460
3461	memcpy(data, begin_of_buf, minbufsize);
3462
3463	return 0;
3464}
3465
3466int
3467SMB2_query_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
3468		     struct smb_rqst *rqst,
3469		     u64 persistent_fid, u64 volatile_fid,
3470		     u8 info_class, u8 info_type, u32 additional_info,
3471		     size_t output_len, size_t input_len, void *input)
3472{
3473	struct smb2_query_info_req *req;
3474	struct kvec *iov = rqst->rq_iov;
3475	unsigned int total_len;
3476	int rc;
3477
3478	rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, server,
3479				 (void **) &req, &total_len);
3480	if (rc)
3481		return rc;
3482
3483	req->InfoType = info_type;
3484	req->FileInfoClass = info_class;
3485	req->PersistentFileId = persistent_fid;
3486	req->VolatileFileId = volatile_fid;
3487	req->AdditionalInformation = cpu_to_le32(additional_info);
3488
3489	req->OutputBufferLength = cpu_to_le32(output_len);
3490	if (input_len) {
3491		req->InputBufferLength = cpu_to_le32(input_len);
3492		/* total_len for smb query request never close to le16 max */
3493		req->InputBufferOffset = cpu_to_le16(total_len - 1);
3494		memcpy(req->Buffer, input, input_len);
3495	}
3496
3497	iov[0].iov_base = (char *)req;
3498	/* 1 for Buffer */
3499	iov[0].iov_len = total_len - 1 + input_len;
3500	return 0;
3501}
3502
3503void
3504SMB2_query_info_free(struct smb_rqst *rqst)
3505{
3506	if (rqst && rqst->rq_iov)
3507		cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
3508}
3509
3510static int
3511query_info(const unsigned int xid, struct cifs_tcon *tcon,
3512	   u64 persistent_fid, u64 volatile_fid, u8 info_class, u8 info_type,
3513	   u32 additional_info, size_t output_len, size_t min_len, void **data,
3514		u32 *dlen)
3515{
3516	struct smb_rqst rqst;
3517	struct smb2_query_info_rsp *rsp = NULL;
3518	struct kvec iov[1];
3519	struct kvec rsp_iov;
3520	int rc = 0;
3521	int resp_buftype = CIFS_NO_BUFFER;
3522	struct cifs_ses *ses = tcon->ses;
3523	struct TCP_Server_Info *server;
3524	int flags = 0;
3525	bool allocated = false;
3526
3527	cifs_dbg(FYI, "Query Info\n");
3528
3529	if (!ses)
3530		return -EIO;
3531	server = cifs_pick_channel(ses);
3532	if (!server)
3533		return -EIO;
3534
3535	if (smb3_encryption_required(tcon))
3536		flags |= CIFS_TRANSFORM_REQ;
3537
3538	memset(&rqst, 0, sizeof(struct smb_rqst));
3539	memset(&iov, 0, sizeof(iov));
3540	rqst.rq_iov = iov;
3541	rqst.rq_nvec = 1;
3542
3543	rc = SMB2_query_info_init(tcon, server,
3544				  &rqst, persistent_fid, volatile_fid,
3545				  info_class, info_type, additional_info,
3546				  output_len, 0, NULL);
3547	if (rc)
3548		goto qinf_exit;
3549
3550	trace_smb3_query_info_enter(xid, persistent_fid, tcon->tid,
3551				    ses->Suid, info_class, (__u32)info_type);
3552
3553	rc = cifs_send_recv(xid, ses, server,
3554			    &rqst, &resp_buftype, flags, &rsp_iov);
3555	rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
3556
3557	if (rc) {
3558		cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
3559		trace_smb3_query_info_err(xid, persistent_fid, tcon->tid,
3560				ses->Suid, info_class, (__u32)info_type, rc);
3561		goto qinf_exit;
3562	}
3563
3564	trace_smb3_query_info_done(xid, persistent_fid, tcon->tid,
3565				ses->Suid, info_class, (__u32)info_type);
3566
3567	if (dlen) {
3568		*dlen = le32_to_cpu(rsp->OutputBufferLength);
3569		if (!*data) {
3570			*data = kmalloc(*dlen, GFP_KERNEL);
3571			if (!*data) {
3572				cifs_tcon_dbg(VFS,
3573					"Error %d allocating memory for acl\n",
3574					rc);
3575				*dlen = 0;
3576				rc = -ENOMEM;
3577				goto qinf_exit;
3578			}
3579			allocated = true;
3580		}
3581	}
3582
3583	rc = smb2_validate_and_copy_iov(le16_to_cpu(rsp->OutputBufferOffset),
3584					le32_to_cpu(rsp->OutputBufferLength),
3585					&rsp_iov, dlen ? *dlen : min_len, *data);
3586	if (rc && allocated) {
3587		kfree(*data);
3588		*data = NULL;
3589		*dlen = 0;
3590	}
3591
3592qinf_exit:
3593	SMB2_query_info_free(&rqst);
3594	free_rsp_buf(resp_buftype, rsp);
3595	return rc;
3596}
3597
3598int SMB2_query_info(const unsigned int xid, struct cifs_tcon *tcon,
3599	u64 persistent_fid, u64 volatile_fid, struct smb2_file_all_info *data)
3600{
3601	return query_info(xid, tcon, persistent_fid, volatile_fid,
3602			  FILE_ALL_INFORMATION, SMB2_O_INFO_FILE, 0,
3603			  sizeof(struct smb2_file_all_info) + PATH_MAX * 2,
3604			  sizeof(struct smb2_file_all_info), (void **)&data,
3605			  NULL);
3606}
3607
3608#if 0
3609/* currently unused, as now we are doing compounding instead (see smb311_posix_query_path_info) */
3610int
3611SMB311_posix_query_info(const unsigned int xid, struct cifs_tcon *tcon,
3612		u64 persistent_fid, u64 volatile_fid, struct smb311_posix_qinfo *data, u32 *plen)
3613{
3614	size_t output_len = sizeof(struct smb311_posix_qinfo *) +
3615			(sizeof(struct cifs_sid) * 2) + (PATH_MAX * 2);
3616	*plen = 0;
3617
3618	return query_info(xid, tcon, persistent_fid, volatile_fid,
3619			  SMB_FIND_FILE_POSIX_INFO, SMB2_O_INFO_FILE, 0,
3620			  output_len, sizeof(struct smb311_posix_qinfo), (void **)&data, plen);
3621	/* Note caller must free "data" (passed in above). It may be allocated in query_info call */
3622}
3623#endif
3624
3625int
3626SMB2_query_acl(const unsigned int xid, struct cifs_tcon *tcon,
3627	       u64 persistent_fid, u64 volatile_fid,
3628	       void **data, u32 *plen, u32 extra_info)
3629{
3630	__u32 additional_info = OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO |
3631				extra_info;
3632	*plen = 0;
3633
3634	return query_info(xid, tcon, persistent_fid, volatile_fid,
3635			  0, SMB2_O_INFO_SECURITY, additional_info,
3636			  SMB2_MAX_BUFFER_SIZE, MIN_SEC_DESC_LEN, data, plen);
3637}
3638
3639int
3640SMB2_get_srv_num(const unsigned int xid, struct cifs_tcon *tcon,
3641		 u64 persistent_fid, u64 volatile_fid, __le64 *uniqueid)
3642{
3643	return query_info(xid, tcon, persistent_fid, volatile_fid,
3644			  FILE_INTERNAL_INFORMATION, SMB2_O_INFO_FILE, 0,
3645			  sizeof(struct smb2_file_internal_info),
3646			  sizeof(struct smb2_file_internal_info),
3647			  (void **)&uniqueid, NULL);
3648}
3649
3650/*
3651 * CHANGE_NOTIFY Request is sent to get notifications on changes to a directory
3652 * See MS-SMB2 2.2.35 and 2.2.36
3653 */
3654
3655static int
3656SMB2_notify_init(const unsigned int xid, struct smb_rqst *rqst,
3657		 struct cifs_tcon *tcon, struct TCP_Server_Info *server,
3658		 u64 persistent_fid, u64 volatile_fid,
3659		 u32 completion_filter, bool watch_tree)
3660{
3661	struct smb2_change_notify_req *req;
3662	struct kvec *iov = rqst->rq_iov;
3663	unsigned int total_len;
3664	int rc;
3665
3666	rc = smb2_plain_req_init(SMB2_CHANGE_NOTIFY, tcon, server,
3667				 (void **) &req, &total_len);
3668	if (rc)
3669		return rc;
3670
3671	req->PersistentFileId = persistent_fid;
3672	req->VolatileFileId = volatile_fid;
3673	/* See note 354 of MS-SMB2, 64K max */
3674	req->OutputBufferLength =
3675		cpu_to_le32(SMB2_MAX_BUFFER_SIZE - MAX_SMB2_HDR_SIZE);
3676	req->CompletionFilter = cpu_to_le32(completion_filter);
3677	if (watch_tree)
3678		req->Flags = cpu_to_le16(SMB2_WATCH_TREE);
3679	else
3680		req->Flags = 0;
3681
3682	iov[0].iov_base = (char *)req;
3683	iov[0].iov_len = total_len;
3684
3685	return 0;
3686}
3687
3688int
3689SMB2_change_notify(const unsigned int xid, struct cifs_tcon *tcon,
3690		u64 persistent_fid, u64 volatile_fid, bool watch_tree,
3691		u32 completion_filter, u32 max_out_data_len, char **out_data,
3692		u32 *plen /* returned data len */)
3693{
3694	struct cifs_ses *ses = tcon->ses;
3695	struct TCP_Server_Info *server = cifs_pick_channel(ses);
3696	struct smb_rqst rqst;
3697	struct smb2_change_notify_rsp *smb_rsp;
3698	struct kvec iov[1];
3699	struct kvec rsp_iov = {NULL, 0};
3700	int resp_buftype = CIFS_NO_BUFFER;
3701	int flags = 0;
3702	int rc = 0;
3703
3704	cifs_dbg(FYI, "change notify\n");
3705	if (!ses || !server)
3706		return -EIO;
3707
3708	if (smb3_encryption_required(tcon))
3709		flags |= CIFS_TRANSFORM_REQ;
3710
3711	memset(&rqst, 0, sizeof(struct smb_rqst));
3712	memset(&iov, 0, sizeof(iov));
3713	if (plen)
3714		*plen = 0;
3715
3716	rqst.rq_iov = iov;
3717	rqst.rq_nvec = 1;
3718
3719	rc = SMB2_notify_init(xid, &rqst, tcon, server,
3720			      persistent_fid, volatile_fid,
3721			      completion_filter, watch_tree);
3722	if (rc)
3723		goto cnotify_exit;
3724
3725	trace_smb3_notify_enter(xid, persistent_fid, tcon->tid, ses->Suid,
3726				(u8)watch_tree, completion_filter);
3727	rc = cifs_send_recv(xid, ses, server,
3728			    &rqst, &resp_buftype, flags, &rsp_iov);
3729
3730	if (rc != 0) {
3731		cifs_stats_fail_inc(tcon, SMB2_CHANGE_NOTIFY_HE);
3732		trace_smb3_notify_err(xid, persistent_fid, tcon->tid, ses->Suid,
3733				(u8)watch_tree, completion_filter, rc);
3734	} else {
3735		trace_smb3_notify_done(xid, persistent_fid, tcon->tid,
3736			ses->Suid, (u8)watch_tree, completion_filter);
3737		/* validate that notify information is plausible */
3738		if ((rsp_iov.iov_base == NULL) ||
3739		    (rsp_iov.iov_len < sizeof(struct smb2_change_notify_rsp) + 1))
3740			goto cnotify_exit;
3741
3742		smb_rsp = (struct smb2_change_notify_rsp *)rsp_iov.iov_base;
3743
3744		smb2_validate_iov(le16_to_cpu(smb_rsp->OutputBufferOffset),
3745				le32_to_cpu(smb_rsp->OutputBufferLength), &rsp_iov,
3746				sizeof(struct file_notify_information));
3747
3748		*out_data = kmemdup((char *)smb_rsp + le16_to_cpu(smb_rsp->OutputBufferOffset),
3749				le32_to_cpu(smb_rsp->OutputBufferLength), GFP_KERNEL);
3750		if (*out_data == NULL) {
3751			rc = -ENOMEM;
3752			goto cnotify_exit;
3753		} else
3754			*plen = le32_to_cpu(smb_rsp->OutputBufferLength);
3755	}
3756
3757 cnotify_exit:
3758	if (rqst.rq_iov)
3759		cifs_small_buf_release(rqst.rq_iov[0].iov_base); /* request */
3760	free_rsp_buf(resp_buftype, rsp_iov.iov_base);
3761	return rc;
3762}
3763
3764
3765
3766/*
3767 * This is a no-op for now. We're not really interested in the reply, but
3768 * rather in the fact that the server sent one and that server->lstrp
3769 * gets updated.
3770 *
3771 * FIXME: maybe we should consider checking that the reply matches request?
3772 */
3773static void
3774smb2_echo_callback(struct mid_q_entry *mid)
3775{
3776	struct TCP_Server_Info *server = mid->callback_data;
3777	struct smb2_echo_rsp *rsp = (struct smb2_echo_rsp *)mid->resp_buf;
3778	struct cifs_credits credits = { .value = 0, .instance = 0 };
3779
3780	if (mid->mid_state == MID_RESPONSE_RECEIVED
3781	    || mid->mid_state == MID_RESPONSE_MALFORMED) {
3782		credits.value = le16_to_cpu(rsp->hdr.CreditRequest);
3783		credits.instance = server->reconnect_instance;
3784	}
3785
3786	release_mid(mid);
3787	add_credits(server, &credits, CIFS_ECHO_OP);
3788}
3789
3790void smb2_reconnect_server(struct work_struct *work)
3791{
3792	struct TCP_Server_Info *server = container_of(work,
3793					struct TCP_Server_Info, reconnect.work);
3794	struct TCP_Server_Info *pserver;
3795	struct cifs_ses *ses, *ses2;
3796	struct cifs_tcon *tcon, *tcon2;
3797	struct list_head tmp_list, tmp_ses_list;
3798	bool tcon_exist = false, ses_exist = false;
3799	bool tcon_selected = false;
3800	int rc;
3801	bool resched = false;
3802
3803	/* If server is a channel, select the primary channel */
3804	pserver = CIFS_SERVER_IS_CHAN(server) ? server->primary_server : server;
3805
3806	/* Prevent simultaneous reconnects that can corrupt tcon->rlist list */
3807	mutex_lock(&pserver->reconnect_mutex);
3808
3809	INIT_LIST_HEAD(&tmp_list);
3810	INIT_LIST_HEAD(&tmp_ses_list);
3811	cifs_dbg(FYI, "Reconnecting tcons and channels\n");
3812
3813	spin_lock(&cifs_tcp_ses_lock);
3814	list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
3815
3816		tcon_selected = false;
3817
3818		list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
3819			if (tcon->need_reconnect || tcon->need_reopen_files) {
3820				tcon->tc_count++;
3821				list_add_tail(&tcon->rlist, &tmp_list);
3822				tcon_selected = tcon_exist = true;
3823			}
3824		}
3825		/*
3826		 * IPC has the same lifetime as its session and uses its
3827		 * refcount.
3828		 */
3829		if (ses->tcon_ipc && ses->tcon_ipc->need_reconnect) {
3830			list_add_tail(&ses->tcon_ipc->rlist, &tmp_list);
3831			tcon_selected = tcon_exist = true;
3832			ses->ses_count++;
3833		}
3834		/*
3835		 * handle the case where channel needs to reconnect
3836		 * binding session, but tcon is healthy (some other channel
3837		 * is active)
3838		 */
3839		spin_lock(&ses->chan_lock);
3840		if (!tcon_selected && cifs_chan_needs_reconnect(ses, server)) {
3841			list_add_tail(&ses->rlist, &tmp_ses_list);
3842			ses_exist = true;
3843			ses->ses_count++;
3844		}
3845		spin_unlock(&ses->chan_lock);
3846	}
3847	/*
3848	 * Get the reference to server struct to be sure that the last call of
3849	 * cifs_put_tcon() in the loop below won't release the server pointer.
3850	 */
3851	if (tcon_exist || ses_exist)
3852		server->srv_count++;
3853
3854	spin_unlock(&cifs_tcp_ses_lock);
3855
3856	list_for_each_entry_safe(tcon, tcon2, &tmp_list, rlist) {
3857		rc = smb2_reconnect(SMB2_INTERNAL_CMD, tcon, server);
3858		if (!rc)
3859			cifs_reopen_persistent_handles(tcon);
3860		else
3861			resched = true;
3862		list_del_init(&tcon->rlist);
3863		if (tcon->ipc)
3864			cifs_put_smb_ses(tcon->ses);
3865		else
3866			cifs_put_tcon(tcon);
3867	}
3868
3869	if (!ses_exist)
3870		goto done;
3871
3872	/* allocate a dummy tcon struct used for reconnect */
3873	tcon = tconInfoAlloc();
3874	if (!tcon) {
3875		resched = true;
3876		list_for_each_entry_safe(ses, ses2, &tmp_ses_list, rlist) {
3877			list_del_init(&ses->rlist);
3878			cifs_put_smb_ses(ses);
3879		}
3880		goto done;
3881	}
3882
3883	tcon->status = TID_GOOD;
3884	tcon->retry = false;
3885	tcon->need_reconnect = false;
3886
3887	/* now reconnect sessions for necessary channels */
3888	list_for_each_entry_safe(ses, ses2, &tmp_ses_list, rlist) {
3889		tcon->ses = ses;
3890		rc = smb2_reconnect(SMB2_INTERNAL_CMD, tcon, server);
3891		if (rc)
3892			resched = true;
3893		list_del_init(&ses->rlist);
3894		cifs_put_smb_ses(ses);
3895	}
3896	tconInfoFree(tcon);
3897
3898done:
3899	cifs_dbg(FYI, "Reconnecting tcons and channels finished\n");
3900	if (resched)
3901		queue_delayed_work(cifsiod_wq, &server->reconnect, 2 * HZ);
3902	mutex_unlock(&pserver->reconnect_mutex);
3903
3904	/* now we can safely release srv struct */
3905	if (tcon_exist || ses_exist)
3906		cifs_put_tcp_session(server, 1);
3907}
3908
3909int
3910SMB2_echo(struct TCP_Server_Info *server)
3911{
3912	struct smb2_echo_req *req;
3913	int rc = 0;
3914	struct kvec iov[1];
3915	struct smb_rqst rqst = { .rq_iov = iov,
3916				 .rq_nvec = 1 };
3917	unsigned int total_len;
3918
3919	cifs_dbg(FYI, "In echo request for conn_id %lld\n", server->conn_id);
3920
3921	spin_lock(&server->srv_lock);
3922	if (server->ops->need_neg &&
3923	    server->ops->need_neg(server)) {
3924		spin_unlock(&server->srv_lock);
3925		/* No need to send echo on newly established connections */
3926		mod_delayed_work(cifsiod_wq, &server->reconnect, 0);
3927		return rc;
3928	}
3929	spin_unlock(&server->srv_lock);
3930
3931	rc = smb2_plain_req_init(SMB2_ECHO, NULL, server,
3932				 (void **)&req, &total_len);
3933	if (rc)
3934		return rc;
3935
3936	req->hdr.CreditRequest = cpu_to_le16(1);
3937
3938	iov[0].iov_len = total_len;
3939	iov[0].iov_base = (char *)req;
3940
3941	rc = cifs_call_async(server, &rqst, NULL, smb2_echo_callback, NULL,
3942			     server, CIFS_ECHO_OP, NULL);
3943	if (rc)
3944		cifs_dbg(FYI, "Echo request failed: %d\n", rc);
3945
3946	cifs_small_buf_release(req);
3947	return rc;
3948}
3949
3950void
3951SMB2_flush_free(struct smb_rqst *rqst)
3952{
3953	if (rqst && rqst->rq_iov)
3954		cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
3955}
3956
3957int
3958SMB2_flush_init(const unsigned int xid, struct smb_rqst *rqst,
3959		struct cifs_tcon *tcon, struct TCP_Server_Info *server,
3960		u64 persistent_fid, u64 volatile_fid)
3961{
3962	struct smb2_flush_req *req;
3963	struct kvec *iov = rqst->rq_iov;
3964	unsigned int total_len;
3965	int rc;
3966
3967	rc = smb2_plain_req_init(SMB2_FLUSH, tcon, server,
3968				 (void **) &req, &total_len);
3969	if (rc)
3970		return rc;
3971
3972	req->PersistentFileId = persistent_fid;
3973	req->VolatileFileId = volatile_fid;
3974
3975	iov[0].iov_base = (char *)req;
3976	iov[0].iov_len = total_len;
3977
3978	return 0;
3979}
3980
3981int
3982SMB2_flush(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
3983	   u64 volatile_fid)
3984{
3985	struct cifs_ses *ses = tcon->ses;
3986	struct smb_rqst rqst;
3987	struct kvec iov[1];
3988	struct kvec rsp_iov = {NULL, 0};
3989	struct TCP_Server_Info *server = cifs_pick_channel(ses);
3990	int resp_buftype = CIFS_NO_BUFFER;
3991	int flags = 0;
3992	int rc = 0;
3993
3994	cifs_dbg(FYI, "flush\n");
3995	if (!ses || !(ses->server))
3996		return -EIO;
3997
3998	if (smb3_encryption_required(tcon))
3999		flags |= CIFS_TRANSFORM_REQ;
4000
4001	memset(&rqst, 0, sizeof(struct smb_rqst));
4002	memset(&iov, 0, sizeof(iov));
4003	rqst.rq_iov = iov;
4004	rqst.rq_nvec = 1;
4005
4006	rc = SMB2_flush_init(xid, &rqst, tcon, server,
4007			     persistent_fid, volatile_fid);
4008	if (rc)
4009		goto flush_exit;
4010
4011	trace_smb3_flush_enter(xid, persistent_fid, tcon->tid, ses->Suid);
4012	rc = cifs_send_recv(xid, ses, server,
4013			    &rqst, &resp_buftype, flags, &rsp_iov);
4014
4015	if (rc != 0) {
4016		cifs_stats_fail_inc(tcon, SMB2_FLUSH_HE);
4017		trace_smb3_flush_err(xid, persistent_fid, tcon->tid, ses->Suid,
4018				     rc);
4019	} else
4020		trace_smb3_flush_done(xid, persistent_fid, tcon->tid,
4021				      ses->Suid);
4022
4023 flush_exit:
4024	SMB2_flush_free(&rqst);
4025	free_rsp_buf(resp_buftype, rsp_iov.iov_base);
4026	return rc;
4027}
4028
4029#ifdef CONFIG_CIFS_SMB_DIRECT
4030static inline bool smb3_use_rdma_offload(struct cifs_io_parms *io_parms)
4031{
4032	struct TCP_Server_Info *server = io_parms->server;
4033	struct cifs_tcon *tcon = io_parms->tcon;
4034
4035	/* we can only offload if we're connected */
4036	if (!server || !tcon)
4037		return false;
4038
4039	/* we can only offload on an rdma connection */
4040	if (!server->rdma || !server->smbd_conn)
4041		return false;
4042
4043	/* we don't support signed offload yet */
4044	if (server->sign)
4045		return false;
4046
4047	/* we don't support encrypted offload yet */
4048	if (smb3_encryption_required(tcon))
4049		return false;
4050
4051	/* offload also has its overhead, so only do it if desired */
4052	if (io_parms->length < server->smbd_conn->rdma_readwrite_threshold)
4053		return false;
4054
4055	return true;
4056}
4057#endif /* CONFIG_CIFS_SMB_DIRECT */
4058
4059/*
4060 * To form a chain of read requests, any read requests after the first should
4061 * have the end_of_chain boolean set to true.
4062 */
4063static int
4064smb2_new_read_req(void **buf, unsigned int *total_len,
4065	struct cifs_io_parms *io_parms, struct cifs_readdata *rdata,
4066	unsigned int remaining_bytes, int request_type)
4067{
4068	int rc = -EACCES;
4069	struct smb2_read_req *req = NULL;
4070	struct smb2_hdr *shdr;
4071	struct TCP_Server_Info *server = io_parms->server;
4072
4073	rc = smb2_plain_req_init(SMB2_READ, io_parms->tcon, server,
4074				 (void **) &req, total_len);
4075	if (rc)
4076		return rc;
4077
4078	if (server == NULL)
4079		return -ECONNABORTED;
4080
4081	shdr = &req->hdr;
4082	shdr->Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid);
4083
4084	req->PersistentFileId = io_parms->persistent_fid;
4085	req->VolatileFileId = io_parms->volatile_fid;
4086	req->ReadChannelInfoOffset = 0; /* reserved */
4087	req->ReadChannelInfoLength = 0; /* reserved */
4088	req->Channel = 0; /* reserved */
4089	req->MinimumCount = 0;
4090	req->Length = cpu_to_le32(io_parms->length);
4091	req->Offset = cpu_to_le64(io_parms->offset);
4092
4093	trace_smb3_read_enter(0 /* xid */,
4094			io_parms->persistent_fid,
4095			io_parms->tcon->tid, io_parms->tcon->ses->Suid,
4096			io_parms->offset, io_parms->length);
4097#ifdef CONFIG_CIFS_SMB_DIRECT
4098	/*
4099	 * If we want to do a RDMA write, fill in and append
4100	 * smbd_buffer_descriptor_v1 to the end of read request
4101	 */
4102	if (smb3_use_rdma_offload(io_parms)) {
4103		struct smbd_buffer_descriptor_v1 *v1;
4104		bool need_invalidate = server->dialect == SMB30_PROT_ID;
4105
4106		rdata->mr = smbd_register_mr(server->smbd_conn, &rdata->iter,
4107					     true, need_invalidate);
4108		if (!rdata->mr)
4109			return -EAGAIN;
4110
4111		req->Channel = SMB2_CHANNEL_RDMA_V1_INVALIDATE;
4112		if (need_invalidate)
4113			req->Channel = SMB2_CHANNEL_RDMA_V1;
4114		req->ReadChannelInfoOffset =
4115			cpu_to_le16(offsetof(struct smb2_read_req, Buffer));
4116		req->ReadChannelInfoLength =
4117			cpu_to_le16(sizeof(struct smbd_buffer_descriptor_v1));
4118		v1 = (struct smbd_buffer_descriptor_v1 *) &req->Buffer[0];
4119		v1->offset = cpu_to_le64(rdata->mr->mr->iova);
4120		v1->token = cpu_to_le32(rdata->mr->mr->rkey);
4121		v1->length = cpu_to_le32(rdata->mr->mr->length);
4122
4123		*total_len += sizeof(*v1) - 1;
4124	}
4125#endif
4126	if (request_type & CHAINED_REQUEST) {
4127		if (!(request_type & END_OF_CHAIN)) {
4128			/* next 8-byte aligned request */
4129			*total_len = ALIGN(*total_len, 8);
4130			shdr->NextCommand = cpu_to_le32(*total_len);
4131		} else /* END_OF_CHAIN */
4132			shdr->NextCommand = 0;
4133		if (request_type & RELATED_REQUEST) {
4134			shdr->Flags |= SMB2_FLAGS_RELATED_OPERATIONS;
4135			/*
4136			 * Related requests use info from previous read request
4137			 * in chain.
4138			 */
4139			shdr->SessionId = cpu_to_le64(0xFFFFFFFFFFFFFFFF);
4140			shdr->Id.SyncId.TreeId = cpu_to_le32(0xFFFFFFFF);
4141			req->PersistentFileId = (u64)-1;
4142			req->VolatileFileId = (u64)-1;
4143		}
4144	}
4145	if (remaining_bytes > io_parms->length)
4146		req->RemainingBytes = cpu_to_le32(remaining_bytes);
4147	else
4148		req->RemainingBytes = 0;
4149
4150	*buf = req;
4151	return rc;
4152}
4153
4154static void
4155smb2_readv_callback(struct mid_q_entry *mid)
4156{
4157	struct cifs_readdata *rdata = mid->callback_data;
4158	struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink);
4159	struct TCP_Server_Info *server = rdata->server;
4160	struct smb2_hdr *shdr =
4161				(struct smb2_hdr *)rdata->iov[0].iov_base;
4162	struct cifs_credits credits = { .value = 0, .instance = 0 };
4163	struct smb_rqst rqst = { .rq_iov = &rdata->iov[1],
4164				 .rq_nvec = 1,
4165				 .rq_iter = rdata->iter,
4166				 .rq_iter_size = iov_iter_count(&rdata->iter), };
4167
4168	WARN_ONCE(rdata->server != mid->server,
4169		  "rdata server %p != mid server %p",
4170		  rdata->server, mid->server);
4171
4172	cifs_dbg(FYI, "%s: mid=%llu state=%d result=%d bytes=%u\n",
4173		 __func__, mid->mid, mid->mid_state, rdata->result,
4174		 rdata->bytes);
4175
4176	switch (mid->mid_state) {
4177	case MID_RESPONSE_RECEIVED:
4178		credits.value = le16_to_cpu(shdr->CreditRequest);
4179		credits.instance = server->reconnect_instance;
4180		/* result already set, check signature */
4181		if (server->sign && !mid->decrypted) {
4182			int rc;
4183
4184			iov_iter_revert(&rqst.rq_iter, rdata->got_bytes);
4185			iov_iter_truncate(&rqst.rq_iter, rdata->got_bytes);
4186			rc = smb2_verify_signature(&rqst, server);
4187			if (rc)
4188				cifs_tcon_dbg(VFS, "SMB signature verification returned error = %d\n",
4189					 rc);
4190		}
4191		/* FIXME: should this be counted toward the initiating task? */
4192		task_io_account_read(rdata->got_bytes);
4193		cifs_stats_bytes_read(tcon, rdata->got_bytes);
4194		break;
4195	case MID_REQUEST_SUBMITTED:
4196	case MID_RETRY_NEEDED:
4197		rdata->result = -EAGAIN;
4198		if (server->sign && rdata->got_bytes)
4199			/* reset bytes number since we can not check a sign */
4200			rdata->got_bytes = 0;
4201		/* FIXME: should this be counted toward the initiating task? */
4202		task_io_account_read(rdata->got_bytes);
4203		cifs_stats_bytes_read(tcon, rdata->got_bytes);
4204		break;
4205	case MID_RESPONSE_MALFORMED:
4206		credits.value = le16_to_cpu(shdr->CreditRequest);
4207		credits.instance = server->reconnect_instance;
4208		fallthrough;
4209	default:
4210		rdata->result = -EIO;
4211	}
4212#ifdef CONFIG_CIFS_SMB_DIRECT
4213	/*
4214	 * If this rdata has a memmory registered, the MR can be freed
4215	 * MR needs to be freed as soon as I/O finishes to prevent deadlock
4216	 * because they have limited number and are used for future I/Os
4217	 */
4218	if (rdata->mr) {
4219		smbd_deregister_mr(rdata->mr);
4220		rdata->mr = NULL;
4221	}
4222#endif
4223	if (rdata->result && rdata->result != -ENODATA) {
4224		cifs_stats_fail_inc(tcon, SMB2_READ_HE);
4225		trace_smb3_read_err(0 /* xid */,
4226				    rdata->cfile->fid.persistent_fid,
4227				    tcon->tid, tcon->ses->Suid, rdata->offset,
4228				    rdata->bytes, rdata->result);
4229	} else
4230		trace_smb3_read_done(0 /* xid */,
4231				     rdata->cfile->fid.persistent_fid,
4232				     tcon->tid, tcon->ses->Suid,
4233				     rdata->offset, rdata->got_bytes);
4234
4235	queue_work(cifsiod_wq, &rdata->work);
4236	release_mid(mid);
4237	add_credits(server, &credits, 0);
4238}
4239
4240/* smb2_async_readv - send an async read, and set up mid to handle result */
4241int
4242smb2_async_readv(struct cifs_readdata *rdata)
4243{
4244	int rc, flags = 0;
4245	char *buf;
4246	struct smb2_hdr *shdr;
4247	struct cifs_io_parms io_parms;
4248	struct smb_rqst rqst = { .rq_iov = rdata->iov,
4249				 .rq_nvec = 1 };
4250	struct TCP_Server_Info *server;
4251	struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink);
4252	unsigned int total_len;
4253
4254	cifs_dbg(FYI, "%s: offset=%llu bytes=%u\n",
4255		 __func__, rdata->offset, rdata->bytes);
4256
4257	if (!rdata->server)
4258		rdata->server = cifs_pick_channel(tcon->ses);
4259
4260	io_parms.tcon = tlink_tcon(rdata->cfile->tlink);
4261	io_parms.server = server = rdata->server;
4262	io_parms.offset = rdata->offset;
4263	io_parms.length = rdata->bytes;
4264	io_parms.persistent_fid = rdata->cfile->fid.persistent_fid;
4265	io_parms.volatile_fid = rdata->cfile->fid.volatile_fid;
4266	io_parms.pid = rdata->pid;
4267
4268	rc = smb2_new_read_req(
4269		(void **) &buf, &total_len, &io_parms, rdata, 0, 0);
4270	if (rc)
4271		return rc;
4272
4273	if (smb3_encryption_required(io_parms.tcon))
4274		flags |= CIFS_TRANSFORM_REQ;
4275
4276	rdata->iov[0].iov_base = buf;
4277	rdata->iov[0].iov_len = total_len;
4278
4279	shdr = (struct smb2_hdr *)buf;
4280
4281	if (rdata->credits.value > 0) {
4282		shdr->CreditCharge = cpu_to_le16(DIV_ROUND_UP(rdata->bytes,
4283						SMB2_MAX_BUFFER_SIZE));
4284		shdr->CreditRequest = cpu_to_le16(le16_to_cpu(shdr->CreditCharge) + 8);
4285
4286		rc = adjust_credits(server, &rdata->credits, rdata->bytes);
4287		if (rc)
4288			goto async_readv_out;
4289
4290		flags |= CIFS_HAS_CREDITS;
4291	}
4292
4293	kref_get(&rdata->refcount);
4294	rc = cifs_call_async(server, &rqst,
4295			     cifs_readv_receive, smb2_readv_callback,
4296			     smb3_handle_read_data, rdata, flags,
4297			     &rdata->credits);
4298	if (rc) {
4299		kref_put(&rdata->refcount, cifs_readdata_release);
4300		cifs_stats_fail_inc(io_parms.tcon, SMB2_READ_HE);
4301		trace_smb3_read_err(0 /* xid */, io_parms.persistent_fid,
4302				    io_parms.tcon->tid,
4303				    io_parms.tcon->ses->Suid,
4304				    io_parms.offset, io_parms.length, rc);
4305	}
4306
4307async_readv_out:
4308	cifs_small_buf_release(buf);
4309	return rc;
4310}
4311
4312int
4313SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms,
4314	  unsigned int *nbytes, char **buf, int *buf_type)
4315{
4316	struct smb_rqst rqst;
4317	int resp_buftype, rc;
4318	struct smb2_read_req *req = NULL;
4319	struct smb2_read_rsp *rsp = NULL;
4320	struct kvec iov[1];
4321	struct kvec rsp_iov;
4322	unsigned int total_len;
4323	int flags = CIFS_LOG_ERROR;
4324	struct cifs_ses *ses = io_parms->tcon->ses;
4325
4326	if (!io_parms->server)
4327		io_parms->server = cifs_pick_channel(io_parms->tcon->ses);
4328
4329	*nbytes = 0;
4330	rc = smb2_new_read_req((void **)&req, &total_len, io_parms, NULL, 0, 0);
4331	if (rc)
4332		return rc;
4333
4334	if (smb3_encryption_required(io_parms->tcon))
4335		flags |= CIFS_TRANSFORM_REQ;
4336
4337	iov[0].iov_base = (char *)req;
4338	iov[0].iov_len = total_len;
4339
4340	memset(&rqst, 0, sizeof(struct smb_rqst));
4341	rqst.rq_iov = iov;
4342	rqst.rq_nvec = 1;
4343
4344	rc = cifs_send_recv(xid, ses, io_parms->server,
4345			    &rqst, &resp_buftype, flags, &rsp_iov);
4346	rsp = (struct smb2_read_rsp *)rsp_iov.iov_base;
4347
4348	if (rc) {
4349		if (rc != -ENODATA) {
4350			cifs_stats_fail_inc(io_parms->tcon, SMB2_READ_HE);
4351			cifs_dbg(VFS, "Send error in read = %d\n", rc);
4352			trace_smb3_read_err(xid,
4353					    req->PersistentFileId,
4354					    io_parms->tcon->tid, ses->Suid,
4355					    io_parms->offset, io_parms->length,
4356					    rc);
4357		} else
4358			trace_smb3_read_done(xid, req->PersistentFileId, io_parms->tcon->tid,
4359					     ses->Suid, io_parms->offset, 0);
4360		free_rsp_buf(resp_buftype, rsp_iov.iov_base);
4361		cifs_small_buf_release(req);
4362		return rc == -ENODATA ? 0 : rc;
4363	} else
4364		trace_smb3_read_done(xid,
4365				    req->PersistentFileId,
4366				    io_parms->tcon->tid, ses->Suid,
4367				    io_parms->offset, io_parms->length);
4368
4369	cifs_small_buf_release(req);
4370
4371	*nbytes = le32_to_cpu(rsp->DataLength);
4372	if ((*nbytes > CIFS_MAX_MSGSIZE) ||
4373	    (*nbytes > io_parms->length)) {
4374		cifs_dbg(FYI, "bad length %d for count %d\n",
4375			 *nbytes, io_parms->length);
4376		rc = -EIO;
4377		*nbytes = 0;
4378	}
4379
4380	if (*buf) {
4381		memcpy(*buf, (char *)rsp + rsp->DataOffset, *nbytes);
4382		free_rsp_buf(resp_buftype, rsp_iov.iov_base);
4383	} else if (resp_buftype != CIFS_NO_BUFFER) {
4384		*buf = rsp_iov.iov_base;
4385		if (resp_buftype == CIFS_SMALL_BUFFER)
4386			*buf_type = CIFS_SMALL_BUFFER;
4387		else if (resp_buftype == CIFS_LARGE_BUFFER)
4388			*buf_type = CIFS_LARGE_BUFFER;
4389	}
4390	return rc;
4391}
4392
4393/*
4394 * Check the mid_state and signature on received buffer (if any), and queue the
4395 * workqueue completion task.
4396 */
4397static void
4398smb2_writev_callback(struct mid_q_entry *mid)
4399{
4400	struct cifs_writedata *wdata = mid->callback_data;
4401	struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink);
4402	struct TCP_Server_Info *server = wdata->server;
4403	unsigned int written;
4404	struct smb2_write_rsp *rsp = (struct smb2_write_rsp *)mid->resp_buf;
4405	struct cifs_credits credits = { .value = 0, .instance = 0 };
4406
4407	WARN_ONCE(wdata->server != mid->server,
4408		  "wdata server %p != mid server %p",
4409		  wdata->server, mid->server);
4410
4411	switch (mid->mid_state) {
4412	case MID_RESPONSE_RECEIVED:
4413		credits.value = le16_to_cpu(rsp->hdr.CreditRequest);
4414		credits.instance = server->reconnect_instance;
4415		wdata->result = smb2_check_receive(mid, server, 0);
4416		if (wdata->result != 0)
4417			break;
4418
4419		written = le32_to_cpu(rsp->DataLength);
4420		/*
4421		 * Mask off high 16 bits when bytes written as returned
4422		 * by the server is greater than bytes requested by the
4423		 * client. OS/2 servers are known to set incorrect
4424		 * CountHigh values.
4425		 */
4426		if (written > wdata->bytes)
4427			written &= 0xFFFF;
4428
4429		if (written < wdata->bytes)
4430			wdata->result = -ENOSPC;
4431		else
4432			wdata->bytes = written;
4433		break;
4434	case MID_REQUEST_SUBMITTED:
4435	case MID_RETRY_NEEDED:
4436		wdata->result = -EAGAIN;
4437		break;
4438	case MID_RESPONSE_MALFORMED:
4439		credits.value = le16_to_cpu(rsp->hdr.CreditRequest);
4440		credits.instance = server->reconnect_instance;
4441		fallthrough;
4442	default:
4443		wdata->result = -EIO;
4444		break;
4445	}
4446#ifdef CONFIG_CIFS_SMB_DIRECT
4447	/*
4448	 * If this wdata has a memory registered, the MR can be freed
4449	 * The number of MRs available is limited, it's important to recover
4450	 * used MR as soon as I/O is finished. Hold MR longer in the later
4451	 * I/O process can possibly result in I/O deadlock due to lack of MR
4452	 * to send request on I/O retry
4453	 */
4454	if (wdata->mr) {
4455		smbd_deregister_mr(wdata->mr);
4456		wdata->mr = NULL;
4457	}
4458#endif
4459	if (wdata->result) {
4460		cifs_stats_fail_inc(tcon, SMB2_WRITE_HE);
4461		trace_smb3_write_err(0 /* no xid */,
4462				     wdata->cfile->fid.persistent_fid,
4463				     tcon->tid, tcon->ses->Suid, wdata->offset,
4464				     wdata->bytes, wdata->result);
4465		if (wdata->result == -ENOSPC)
4466			pr_warn_once("Out of space writing to %s\n",
4467				     tcon->tree_name);
4468	} else
4469		trace_smb3_write_done(0 /* no xid */,
4470				      wdata->cfile->fid.persistent_fid,
4471				      tcon->tid, tcon->ses->Suid,
4472				      wdata->offset, wdata->bytes);
4473
4474	queue_work(cifsiod_wq, &wdata->work);
4475	release_mid(mid);
4476	add_credits(server, &credits, 0);
4477}
4478
4479/* smb2_async_writev - send an async write, and set up mid to handle result */
4480int
4481smb2_async_writev(struct cifs_writedata *wdata,
4482		  void (*release)(struct kref *kref))
4483{
4484	int rc = -EACCES, flags = 0;
4485	struct smb2_write_req *req = NULL;
4486	struct smb2_hdr *shdr;
4487	struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink);
4488	struct TCP_Server_Info *server = wdata->server;
4489	struct kvec iov[1];
4490	struct smb_rqst rqst = { };
4491	unsigned int total_len;
4492	struct cifs_io_parms _io_parms;
4493	struct cifs_io_parms *io_parms = NULL;
4494
4495	if (!wdata->server)
4496		server = wdata->server = cifs_pick_channel(tcon->ses);
4497
4498	/*
4499	 * in future we may get cifs_io_parms passed in from the caller,
4500	 * but for now we construct it here...
4501	 */
4502	_io_parms = (struct cifs_io_parms) {
4503		.tcon = tcon,
4504		.server = server,
4505		.offset = wdata->offset,
4506		.length = wdata->bytes,
4507		.persistent_fid = wdata->cfile->fid.persistent_fid,
4508		.volatile_fid = wdata->cfile->fid.volatile_fid,
4509		.pid = wdata->pid,
4510	};
4511	io_parms = &_io_parms;
4512
4513	rc = smb2_plain_req_init(SMB2_WRITE, tcon, server,
4514				 (void **) &req, &total_len);
4515	if (rc)
4516		return rc;
4517
4518	if (smb3_encryption_required(tcon))
4519		flags |= CIFS_TRANSFORM_REQ;
4520
4521	shdr = (struct smb2_hdr *)req;
4522	shdr->Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid);
4523
4524	req->PersistentFileId = io_parms->persistent_fid;
4525	req->VolatileFileId = io_parms->volatile_fid;
4526	req->WriteChannelInfoOffset = 0;
4527	req->WriteChannelInfoLength = 0;
4528	req->Channel = SMB2_CHANNEL_NONE;
4529	req->Offset = cpu_to_le64(io_parms->offset);
4530	req->DataOffset = cpu_to_le16(
4531				offsetof(struct smb2_write_req, Buffer));
4532	req->RemainingBytes = 0;
4533
4534	trace_smb3_write_enter(0 /* xid */,
4535			       io_parms->persistent_fid,
4536			       io_parms->tcon->tid,
4537			       io_parms->tcon->ses->Suid,
4538			       io_parms->offset,
4539			       io_parms->length);
4540
4541#ifdef CONFIG_CIFS_SMB_DIRECT
4542	/*
4543	 * If we want to do a server RDMA read, fill in and append
4544	 * smbd_buffer_descriptor_v1 to the end of write request
4545	 */
4546	if (smb3_use_rdma_offload(io_parms)) {
4547		struct smbd_buffer_descriptor_v1 *v1;
4548		size_t data_size = iov_iter_count(&wdata->iter);
4549		bool need_invalidate = server->dialect == SMB30_PROT_ID;
4550
4551		wdata->mr = smbd_register_mr(server->smbd_conn, &wdata->iter,
4552					     false, need_invalidate);
4553		if (!wdata->mr) {
4554			rc = -EAGAIN;
4555			goto async_writev_out;
4556		}
4557		req->Length = 0;
4558		req->DataOffset = 0;
4559		req->RemainingBytes = cpu_to_le32(data_size);
4560		req->Channel = SMB2_CHANNEL_RDMA_V1_INVALIDATE;
4561		if (need_invalidate)
4562			req->Channel = SMB2_CHANNEL_RDMA_V1;
4563		req->WriteChannelInfoOffset =
4564			cpu_to_le16(offsetof(struct smb2_write_req, Buffer));
4565		req->WriteChannelInfoLength =
4566			cpu_to_le16(sizeof(struct smbd_buffer_descriptor_v1));
4567		v1 = (struct smbd_buffer_descriptor_v1 *) &req->Buffer[0];
4568		v1->offset = cpu_to_le64(wdata->mr->mr->iova);
4569		v1->token = cpu_to_le32(wdata->mr->mr->rkey);
4570		v1->length = cpu_to_le32(wdata->mr->mr->length);
4571	}
4572#endif
4573	iov[0].iov_len = total_len - 1;
4574	iov[0].iov_base = (char *)req;
4575
4576	rqst.rq_iov = iov;
4577	rqst.rq_nvec = 1;
4578	rqst.rq_iter = wdata->iter;
4579	rqst.rq_iter_size = iov_iter_count(&rqst.rq_iter);
4580#ifdef CONFIG_CIFS_SMB_DIRECT
4581	if (wdata->mr)
4582		iov[0].iov_len += sizeof(struct smbd_buffer_descriptor_v1);
4583#endif
4584	cifs_dbg(FYI, "async write at %llu %u bytes iter=%zx\n",
4585		 io_parms->offset, io_parms->length, iov_iter_count(&rqst.rq_iter));
4586
4587#ifdef CONFIG_CIFS_SMB_DIRECT
4588	/* For RDMA read, I/O size is in RemainingBytes not in Length */
4589	if (!wdata->mr)
4590		req->Length = cpu_to_le32(io_parms->length);
4591#else
4592	req->Length = cpu_to_le32(io_parms->length);
4593#endif
4594
4595	if (wdata->credits.value > 0) {
4596		shdr->CreditCharge = cpu_to_le16(DIV_ROUND_UP(wdata->bytes,
4597						    SMB2_MAX_BUFFER_SIZE));
4598		shdr->CreditRequest = cpu_to_le16(le16_to_cpu(shdr->CreditCharge) + 8);
4599
4600		rc = adjust_credits(server, &wdata->credits, io_parms->length);
4601		if (rc)
4602			goto async_writev_out;
4603
4604		flags |= CIFS_HAS_CREDITS;
4605	}
4606
4607	kref_get(&wdata->refcount);
4608	rc = cifs_call_async(server, &rqst, NULL, smb2_writev_callback, NULL,
4609			     wdata, flags, &wdata->credits);
4610
4611	if (rc) {
4612		trace_smb3_write_err(0 /* no xid */,
4613				     io_parms->persistent_fid,
4614				     io_parms->tcon->tid,
4615				     io_parms->tcon->ses->Suid,
4616				     io_parms->offset,
4617				     io_parms->length,
4618				     rc);
4619		kref_put(&wdata->refcount, release);
4620		cifs_stats_fail_inc(tcon, SMB2_WRITE_HE);
4621	}
4622
4623async_writev_out:
4624	cifs_small_buf_release(req);
4625	return rc;
4626}
4627
4628/*
4629 * SMB2_write function gets iov pointer to kvec array with n_vec as a length.
4630 * The length field from io_parms must be at least 1 and indicates a number of
4631 * elements with data to write that begins with position 1 in iov array. All
4632 * data length is specified by count.
4633 */
4634int
4635SMB2_write(const unsigned int xid, struct cifs_io_parms *io_parms,
4636	   unsigned int *nbytes, struct kvec *iov, int n_vec)
4637{
4638	struct smb_rqst rqst;
4639	int rc = 0;
4640	struct smb2_write_req *req = NULL;
4641	struct smb2_write_rsp *rsp = NULL;
4642	int resp_buftype;
4643	struct kvec rsp_iov;
4644	int flags = 0;
4645	unsigned int total_len;
4646	struct TCP_Server_Info *server;
4647
4648	*nbytes = 0;
4649
4650	if (n_vec < 1)
4651		return rc;
4652
4653	if (!io_parms->server)
4654		io_parms->server = cifs_pick_channel(io_parms->tcon->ses);
4655	server = io_parms->server;
4656	if (server == NULL)
4657		return -ECONNABORTED;
4658
4659	rc = smb2_plain_req_init(SMB2_WRITE, io_parms->tcon, server,
4660				 (void **) &req, &total_len);
4661	if (rc)
4662		return rc;
4663
4664	if (smb3_encryption_required(io_parms->tcon))
4665		flags |= CIFS_TRANSFORM_REQ;
4666
4667	req->hdr.Id.SyncId.ProcessId = cpu_to_le32(io_parms->pid);
4668
4669	req->PersistentFileId = io_parms->persistent_fid;
4670	req->VolatileFileId = io_parms->volatile_fid;
4671	req->WriteChannelInfoOffset = 0;
4672	req->WriteChannelInfoLength = 0;
4673	req->Channel = 0;
4674	req->Length = cpu_to_le32(io_parms->length);
4675	req->Offset = cpu_to_le64(io_parms->offset);
4676	req->DataOffset = cpu_to_le16(
4677				offsetof(struct smb2_write_req, Buffer));
4678	req->RemainingBytes = 0;
4679
4680	trace_smb3_write_enter(xid, io_parms->persistent_fid,
4681		io_parms->tcon->tid, io_parms->tcon->ses->Suid,
4682		io_parms->offset, io_parms->length);
4683
4684	iov[0].iov_base = (char *)req;
4685	/* 1 for Buffer */
4686	iov[0].iov_len = total_len - 1;
4687
4688	memset(&rqst, 0, sizeof(struct smb_rqst));
4689	rqst.rq_iov = iov;
4690	rqst.rq_nvec = n_vec + 1;
4691
4692	rc = cifs_send_recv(xid, io_parms->tcon->ses, server,
4693			    &rqst,
4694			    &resp_buftype, flags, &rsp_iov);
4695	rsp = (struct smb2_write_rsp *)rsp_iov.iov_base;
4696
4697	if (rc) {
4698		trace_smb3_write_err(xid,
4699				     req->PersistentFileId,
4700				     io_parms->tcon->tid,
4701				     io_parms->tcon->ses->Suid,
4702				     io_parms->offset, io_parms->length, rc);
4703		cifs_stats_fail_inc(io_parms->tcon, SMB2_WRITE_HE);
4704		cifs_dbg(VFS, "Send error in write = %d\n", rc);
4705	} else {
4706		*nbytes = le32_to_cpu(rsp->DataLength);
4707		trace_smb3_write_done(xid,
4708				      req->PersistentFileId,
4709				      io_parms->tcon->tid,
4710				      io_parms->tcon->ses->Suid,
4711				      io_parms->offset, *nbytes);
4712	}
4713
4714	cifs_small_buf_release(req);
4715	free_rsp_buf(resp_buftype, rsp);
4716	return rc;
4717}
4718
4719int posix_info_sid_size(const void *beg, const void *end)
4720{
4721	size_t subauth;
4722	int total;
4723
4724	if (beg + 1 > end)
4725		return -1;
4726
4727	subauth = *(u8 *)(beg+1);
4728	if (subauth < 1 || subauth > 15)
4729		return -1;
4730
4731	total = 1 + 1 + 6 + 4*subauth;
4732	if (beg + total > end)
4733		return -1;
4734
4735	return total;
4736}
4737
4738int posix_info_parse(const void *beg, const void *end,
4739		     struct smb2_posix_info_parsed *out)
4740
4741{
4742	int total_len = 0;
4743	int owner_len, group_len;
4744	int name_len;
4745	const void *owner_sid;
4746	const void *group_sid;
4747	const void *name;
4748
4749	/* if no end bound given, assume payload to be correct */
4750	if (!end) {
4751		const struct smb2_posix_info *p = beg;
4752
4753		end = beg + le32_to_cpu(p->NextEntryOffset);
4754		/* last element will have a 0 offset, pick a sensible bound */
4755		if (end == beg)
4756			end += 0xFFFF;
4757	}
4758
4759	/* check base buf */
4760	if (beg + sizeof(struct smb2_posix_info) > end)
4761		return -1;
4762	total_len = sizeof(struct smb2_posix_info);
4763
4764	/* check owner sid */
4765	owner_sid = beg + total_len;
4766	owner_len = posix_info_sid_size(owner_sid, end);
4767	if (owner_len < 0)
4768		return -1;
4769	total_len += owner_len;
4770
4771	/* check group sid */
4772	group_sid = beg + total_len;
4773	group_len = posix_info_sid_size(group_sid, end);
4774	if (group_len < 0)
4775		return -1;
4776	total_len += group_len;
4777
4778	/* check name len */
4779	if (beg + total_len + 4 > end)
4780		return -1;
4781	name_len = le32_to_cpu(*(__le32 *)(beg + total_len));
4782	if (name_len < 1 || name_len > 0xFFFF)
4783		return -1;
4784	total_len += 4;
4785
4786	/* check name */
4787	name = beg + total_len;
4788	if (name + name_len > end)
4789		return -1;
4790	total_len += name_len;
4791
4792	if (out) {
4793		out->base = beg;
4794		out->size = total_len;
4795		out->name_len = name_len;
4796		out->name = name;
4797		memcpy(&out->owner, owner_sid, owner_len);
4798		memcpy(&out->group, group_sid, group_len);
4799	}
4800	return total_len;
4801}
4802
4803static int posix_info_extra_size(const void *beg, const void *end)
4804{
4805	int len = posix_info_parse(beg, end, NULL);
4806
4807	if (len < 0)
4808		return -1;
4809	return len - sizeof(struct smb2_posix_info);
4810}
4811
4812static unsigned int
4813num_entries(int infotype, char *bufstart, char *end_of_buf, char **lastentry,
4814	    size_t size)
4815{
4816	int len;
4817	unsigned int entrycount = 0;
4818	unsigned int next_offset = 0;
4819	char *entryptr;
4820	FILE_DIRECTORY_INFO *dir_info;
4821
4822	if (bufstart == NULL)
4823		return 0;
4824
4825	entryptr = bufstart;
4826
4827	while (1) {
4828		if (entryptr + next_offset < entryptr ||
4829		    entryptr + next_offset > end_of_buf ||
4830		    entryptr + next_offset + size > end_of_buf) {
4831			cifs_dbg(VFS, "malformed search entry would overflow\n");
4832			break;
4833		}
4834
4835		entryptr = entryptr + next_offset;
4836		dir_info = (FILE_DIRECTORY_INFO *)entryptr;
4837
4838		if (infotype == SMB_FIND_FILE_POSIX_INFO)
4839			len = posix_info_extra_size(entryptr, end_of_buf);
4840		else
4841			len = le32_to_cpu(dir_info->FileNameLength);
4842
4843		if (len < 0 ||
4844		    entryptr + len < entryptr ||
4845		    entryptr + len > end_of_buf ||
4846		    entryptr + len + size > end_of_buf) {
4847			cifs_dbg(VFS, "directory entry name would overflow frame end of buf %p\n",
4848				 end_of_buf);
4849			break;
4850		}
4851
4852		*lastentry = entryptr;
4853		entrycount++;
4854
4855		next_offset = le32_to_cpu(dir_info->NextEntryOffset);
4856		if (!next_offset)
4857			break;
4858	}
4859
4860	return entrycount;
4861}
4862
4863/*
4864 * Readdir/FindFirst
4865 */
4866int SMB2_query_directory_init(const unsigned int xid,
4867			      struct cifs_tcon *tcon,
4868			      struct TCP_Server_Info *server,
4869			      struct smb_rqst *rqst,
4870			      u64 persistent_fid, u64 volatile_fid,
4871			      int index, int info_level)
4872{
4873	struct smb2_query_directory_req *req;
4874	unsigned char *bufptr;
4875	__le16 asteriks = cpu_to_le16('*');
4876	unsigned int output_size = CIFSMaxBufSize -
4877		MAX_SMB2_CREATE_RESPONSE_SIZE -
4878		MAX_SMB2_CLOSE_RESPONSE_SIZE;
4879	unsigned int total_len;
4880	struct kvec *iov = rqst->rq_iov;
4881	int len, rc;
4882
4883	rc = smb2_plain_req_init(SMB2_QUERY_DIRECTORY, tcon, server,
4884				 (void **) &req, &total_len);
4885	if (rc)
4886		return rc;
4887
4888	switch (info_level) {
4889	case SMB_FIND_FILE_DIRECTORY_INFO:
4890		req->FileInformationClass = FILE_DIRECTORY_INFORMATION;
4891		break;
4892	case SMB_FIND_FILE_ID_FULL_DIR_INFO:
4893		req->FileInformationClass = FILEID_FULL_DIRECTORY_INFORMATION;
4894		break;
4895	case SMB_FIND_FILE_POSIX_INFO:
4896		req->FileInformationClass = SMB_FIND_FILE_POSIX_INFO;
4897		break;
4898	default:
4899		cifs_tcon_dbg(VFS, "info level %u isn't supported\n",
4900			info_level);
4901		return -EINVAL;
4902	}
4903
4904	req->FileIndex = cpu_to_le32(index);
4905	req->PersistentFileId = persistent_fid;
4906	req->VolatileFileId = volatile_fid;
4907
4908	len = 0x2;
4909	bufptr = req->Buffer;
4910	memcpy(bufptr, &asteriks, len);
4911
4912	req->FileNameOffset =
4913		cpu_to_le16(sizeof(struct smb2_query_directory_req));
4914	req->FileNameLength = cpu_to_le16(len);
4915	/*
4916	 * BB could be 30 bytes or so longer if we used SMB2 specific
4917	 * buffer lengths, but this is safe and close enough.
4918	 */
4919	output_size = min_t(unsigned int, output_size, server->maxBuf);
4920	output_size = min_t(unsigned int, output_size, 2 << 15);
4921	req->OutputBufferLength = cpu_to_le32(output_size);
4922
4923	iov[0].iov_base = (char *)req;
4924	/* 1 for Buffer */
4925	iov[0].iov_len = total_len - 1;
4926
4927	iov[1].iov_base = (char *)(req->Buffer);
4928	iov[1].iov_len = len;
4929
4930	trace_smb3_query_dir_enter(xid, persistent_fid, tcon->tid,
4931			tcon->ses->Suid, index, output_size);
4932
4933	return 0;
4934}
4935
4936void SMB2_query_directory_free(struct smb_rqst *rqst)
4937{
4938	if (rqst && rqst->rq_iov) {
4939		cifs_small_buf_release(rqst->rq_iov[0].iov_base); /* request */
4940	}
4941}
4942
4943int
4944smb2_parse_query_directory(struct cifs_tcon *tcon,
4945			   struct kvec *rsp_iov,
4946			   int resp_buftype,
4947			   struct cifs_search_info *srch_inf)
4948{
4949	struct smb2_query_directory_rsp *rsp;
4950	size_t info_buf_size;
4951	char *end_of_smb;
4952	int rc;
4953
4954	rsp = (struct smb2_query_directory_rsp *)rsp_iov->iov_base;
4955
4956	switch (srch_inf->info_level) {
4957	case SMB_FIND_FILE_DIRECTORY_INFO:
4958		info_buf_size = sizeof(FILE_DIRECTORY_INFO);
4959		break;
4960	case SMB_FIND_FILE_ID_FULL_DIR_INFO:
4961		info_buf_size = sizeof(SEARCH_ID_FULL_DIR_INFO);
4962		break;
4963	case SMB_FIND_FILE_POSIX_INFO:
4964		/* note that posix payload are variable size */
4965		info_buf_size = sizeof(struct smb2_posix_info);
4966		break;
4967	default:
4968		cifs_tcon_dbg(VFS, "info level %u isn't supported\n",
4969			 srch_inf->info_level);
4970		return -EINVAL;
4971	}
4972
4973	rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset),
4974			       le32_to_cpu(rsp->OutputBufferLength), rsp_iov,
4975			       info_buf_size);
4976	if (rc) {
4977		cifs_tcon_dbg(VFS, "bad info payload");
4978		return rc;
4979	}
4980
4981	srch_inf->unicode = true;
4982
4983	if (srch_inf->ntwrk_buf_start) {
4984		if (srch_inf->smallBuf)
4985			cifs_small_buf_release(srch_inf->ntwrk_buf_start);
4986		else
4987			cifs_buf_release(srch_inf->ntwrk_buf_start);
4988	}
4989	srch_inf->ntwrk_buf_start = (char *)rsp;
4990	srch_inf->srch_entries_start = srch_inf->last_entry =
4991		(char *)rsp + le16_to_cpu(rsp->OutputBufferOffset);
4992	end_of_smb = rsp_iov->iov_len + (char *)rsp;
4993
4994	srch_inf->entries_in_buffer = num_entries(
4995		srch_inf->info_level,
4996		srch_inf->srch_entries_start,
4997		end_of_smb,
4998		&srch_inf->last_entry,
4999		info_buf_size);
5000
5001	srch_inf->index_of_last_entry += srch_inf->entries_in_buffer;
5002	cifs_dbg(FYI, "num entries %d last_index %lld srch start %p srch end %p\n",
5003		 srch_inf->entries_in_buffer, srch_inf->index_of_last_entry,
5004		 srch_inf->srch_entries_start, srch_inf->last_entry);
5005	if (resp_buftype == CIFS_LARGE_BUFFER)
5006		srch_inf->smallBuf = false;
5007	else if (resp_buftype == CIFS_SMALL_BUFFER)
5008		srch_inf->smallBuf = true;
5009	else
5010		cifs_tcon_dbg(VFS, "Invalid search buffer type\n");
5011
5012	return 0;
5013}
5014
5015int
5016SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
5017		     u64 persistent_fid, u64 volatile_fid, int index,
5018		     struct cifs_search_info *srch_inf)
5019{
5020	struct smb_rqst rqst;
5021	struct kvec iov[SMB2_QUERY_DIRECTORY_IOV_SIZE];
5022	struct smb2_query_directory_rsp *rsp = NULL;
5023	int resp_buftype = CIFS_NO_BUFFER;
5024	struct kvec rsp_iov;
5025	int rc = 0;
5026	struct cifs_ses *ses = tcon->ses;
5027	struct TCP_Server_Info *server = cifs_pick_channel(ses);
5028	int flags = 0;
5029
5030	if (!ses || !(ses->server))
5031		return -EIO;
5032
5033	if (smb3_encryption_required(tcon))
5034		flags |= CIFS_TRANSFORM_REQ;
5035
5036	memset(&rqst, 0, sizeof(struct smb_rqst));
5037	memset(&iov, 0, sizeof(iov));
5038	rqst.rq_iov = iov;
5039	rqst.rq_nvec = SMB2_QUERY_DIRECTORY_IOV_SIZE;
5040
5041	rc = SMB2_query_directory_init(xid, tcon, server,
5042				       &rqst, persistent_fid,
5043				       volatile_fid, index,
5044				       srch_inf->info_level);
5045	if (rc)
5046		goto qdir_exit;
5047
5048	rc = cifs_send_recv(xid, ses, server,
5049			    &rqst, &resp_buftype, flags, &rsp_iov);
5050	rsp = (struct smb2_query_directory_rsp *)rsp_iov.iov_base;
5051
5052	if (rc) {
5053		if (rc == -ENODATA &&
5054		    rsp->hdr.Status == STATUS_NO_MORE_FILES) {
5055			trace_smb3_query_dir_done(xid, persistent_fid,
5056				tcon->tid, tcon->ses->Suid, index, 0);
5057			srch_inf->endOfSearch = true;
5058			rc = 0;
5059		} else {
5060			trace_smb3_query_dir_err(xid, persistent_fid, tcon->tid,
5061				tcon->ses->Suid, index, 0, rc);
5062			cifs_stats_fail_inc(tcon, SMB2_QUERY_DIRECTORY_HE);
5063		}
5064		goto qdir_exit;
5065	}
5066
5067	rc = smb2_parse_query_directory(tcon, &rsp_iov,	resp_buftype,
5068					srch_inf);
5069	if (rc) {
5070		trace_smb3_query_dir_err(xid, persistent_fid, tcon->tid,
5071			tcon->ses->Suid, index, 0, rc);
5072		goto qdir_exit;
5073	}
5074	resp_buftype = CIFS_NO_BUFFER;
5075
5076	trace_smb3_query_dir_done(xid, persistent_fid, tcon->tid,
5077			tcon->ses->Suid, index, srch_inf->entries_in_buffer);
5078
5079qdir_exit:
5080	SMB2_query_directory_free(&rqst);
5081	free_rsp_buf(resp_buftype, rsp);
5082	return rc;
5083}
5084
5085int
5086SMB2_set_info_init(struct cifs_tcon *tcon, struct TCP_Server_Info *server,
5087		   struct smb_rqst *rqst,
5088		   u64 persistent_fid, u64 volatile_fid, u32 pid,
5089		   u8 info_class, u8 info_type, u32 additional_info,
5090		   void **data, unsigned int *size)
5091{
5092	struct smb2_set_info_req *req;
5093	struct kvec *iov = rqst->rq_iov;
5094	unsigned int i, total_len;
5095	int rc;
5096
5097	rc = smb2_plain_req_init(SMB2_SET_INFO, tcon, server,
5098				 (void **) &req, &total_len);
5099	if (rc)
5100		return rc;
5101
5102	req->hdr.Id.SyncId.ProcessId = cpu_to_le32(pid);
5103	req->InfoType = info_type;
5104	req->FileInfoClass = info_class;
5105	req->PersistentFileId = persistent_fid;
5106	req->VolatileFileId = volatile_fid;
5107	req->AdditionalInformation = cpu_to_le32(additional_info);
5108
5109	req->BufferOffset = cpu_to_le16(sizeof(struct smb2_set_info_req));
5110	req->BufferLength = cpu_to_le32(*size);
5111
5112	memcpy(req->Buffer, *data, *size);
5113	total_len += *size;
5114
5115	iov[0].iov_base = (char *)req;
5116	/* 1 for Buffer */
5117	iov[0].iov_len = total_len - 1;
5118
5119	for (i = 1; i < rqst->rq_nvec; i++) {
5120		le32_add_cpu(&req->BufferLength, size[i]);
5121		iov[i].iov_base = (char *)data[i];
5122		iov[i].iov_len = size[i];
5123	}
5124
5125	return 0;
5126}
5127
5128void
5129SMB2_set_info_free(struct smb_rqst *rqst)
5130{
5131	if (rqst && rqst->rq_iov)
5132		cifs_buf_release(rqst->rq_iov[0].iov_base); /* request */
5133}
5134
5135static int
5136send_set_info(const unsigned int xid, struct cifs_tcon *tcon,
5137	       u64 persistent_fid, u64 volatile_fid, u32 pid, u8 info_class,
5138	       u8 info_type, u32 additional_info, unsigned int num,
5139		void **data, unsigned int *size)
5140{
5141	struct smb_rqst rqst;
5142	struct smb2_set_info_rsp *rsp = NULL;
5143	struct kvec *iov;
5144	struct kvec rsp_iov;
5145	int rc = 0;
5146	int resp_buftype;
5147	struct cifs_ses *ses = tcon->ses;
5148	struct TCP_Server_Info *server = cifs_pick_channel(ses);
5149	int flags = 0;
5150
5151	if (!ses || !server)
5152		return -EIO;
5153
5154	if (!num)
5155		return -EINVAL;
5156
5157	if (smb3_encryption_required(tcon))
5158		flags |= CIFS_TRANSFORM_REQ;
5159
5160	iov = kmalloc_array(num, sizeof(struct kvec), GFP_KERNEL);
5161	if (!iov)
5162		return -ENOMEM;
5163
5164	memset(&rqst, 0, sizeof(struct smb_rqst));
5165	rqst.rq_iov = iov;
5166	rqst.rq_nvec = num;
5167
5168	rc = SMB2_set_info_init(tcon, server,
5169				&rqst, persistent_fid, volatile_fid, pid,
5170				info_class, info_type, additional_info,
5171				data, size);
5172	if (rc) {
5173		kfree(iov);
5174		return rc;
5175	}
5176
5177
5178	rc = cifs_send_recv(xid, ses, server,
5179			    &rqst, &resp_buftype, flags,
5180			    &rsp_iov);
5181	SMB2_set_info_free(&rqst);
5182	rsp = (struct smb2_set_info_rsp *)rsp_iov.iov_base;
5183
5184	if (rc != 0) {
5185		cifs_stats_fail_inc(tcon, SMB2_SET_INFO_HE);
5186		trace_smb3_set_info_err(xid, persistent_fid, tcon->tid,
5187				ses->Suid, info_class, (__u32)info_type, rc);
5188	}
5189
5190	free_rsp_buf(resp_buftype, rsp);
5191	kfree(iov);
5192	return rc;
5193}
5194
5195int
5196SMB2_set_eof(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
5197	     u64 volatile_fid, u32 pid, __le64 *eof)
5198{
5199	struct smb2_file_eof_info info;
5200	void *data;
5201	unsigned int size;
5202
5203	info.EndOfFile = *eof;
5204
5205	data = &info;
5206	size = sizeof(struct smb2_file_eof_info);
5207
5208	trace_smb3_set_eof(xid, persistent_fid, tcon->tid, tcon->ses->Suid, le64_to_cpu(*eof));
5209
5210	return send_set_info(xid, tcon, persistent_fid, volatile_fid,
5211			pid, FILE_END_OF_FILE_INFORMATION, SMB2_O_INFO_FILE,
5212			0, 1, &data, &size);
5213}
5214
5215int
5216SMB2_set_acl(const unsigned int xid, struct cifs_tcon *tcon,
5217		u64 persistent_fid, u64 volatile_fid,
5218		struct cifs_ntsd *pnntsd, int pacllen, int aclflag)
5219{
5220	return send_set_info(xid, tcon, persistent_fid, volatile_fid,
5221			current->tgid, 0, SMB2_O_INFO_SECURITY, aclflag,
5222			1, (void **)&pnntsd, &pacllen);
5223}
5224
5225int
5226SMB2_set_ea(const unsigned int xid, struct cifs_tcon *tcon,
5227	    u64 persistent_fid, u64 volatile_fid,
5228	    struct smb2_file_full_ea_info *buf, int len)
5229{
5230	return send_set_info(xid, tcon, persistent_fid, volatile_fid,
5231		current->tgid, FILE_FULL_EA_INFORMATION, SMB2_O_INFO_FILE,
5232		0, 1, (void **)&buf, &len);
5233}
5234
5235int
5236SMB2_oplock_break(const unsigned int xid, struct cifs_tcon *tcon,
5237		  const u64 persistent_fid, const u64 volatile_fid,
5238		  __u8 oplock_level)
5239{
5240	struct smb_rqst rqst;
5241	int rc;
5242	struct smb2_oplock_break *req = NULL;
5243	struct cifs_ses *ses = tcon->ses;
5244	struct TCP_Server_Info *server = cifs_pick_channel(ses);
5245	int flags = CIFS_OBREAK_OP;
5246	unsigned int total_len;
5247	struct kvec iov[1];
5248	struct kvec rsp_iov;
5249	int resp_buf_type;
5250
5251	cifs_dbg(FYI, "SMB2_oplock_break\n");
5252	rc = smb2_plain_req_init(SMB2_OPLOCK_BREAK, tcon, server,
5253				 (void **) &req, &total_len);
5254	if (rc)
5255		return rc;
5256
5257	if (smb3_encryption_required(tcon))
5258		flags |= CIFS_TRANSFORM_REQ;
5259
5260	req->VolatileFid = volatile_fid;
5261	req->PersistentFid = persistent_fid;
5262	req->OplockLevel = oplock_level;
5263	req->hdr.CreditRequest = cpu_to_le16(1);
5264
5265	flags |= CIFS_NO_RSP_BUF;
5266
5267	iov[0].iov_base = (char *)req;
5268	iov[0].iov_len = total_len;
5269
5270	memset(&rqst, 0, sizeof(struct smb_rqst));
5271	rqst.rq_iov = iov;
5272	rqst.rq_nvec = 1;
5273
5274	rc = cifs_send_recv(xid, ses, server,
5275			    &rqst, &resp_buf_type, flags, &rsp_iov);
5276	cifs_small_buf_release(req);
5277
5278	if (rc) {
5279		cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE);
5280		cifs_dbg(FYI, "Send error in Oplock Break = %d\n", rc);
5281	}
5282
5283	return rc;
5284}
5285
5286void
5287smb2_copy_fs_info_to_kstatfs(struct smb2_fs_full_size_info *pfs_inf,
5288			     struct kstatfs *kst)
5289{
5290	kst->f_bsize = le32_to_cpu(pfs_inf->BytesPerSector) *
5291			  le32_to_cpu(pfs_inf->SectorsPerAllocationUnit);
5292	kst->f_blocks = le64_to_cpu(pfs_inf->TotalAllocationUnits);
5293	kst->f_bfree  = kst->f_bavail =
5294			le64_to_cpu(pfs_inf->CallerAvailableAllocationUnits);
5295	return;
5296}
5297
5298static void
5299copy_posix_fs_info_to_kstatfs(FILE_SYSTEM_POSIX_INFO *response_data,
5300			struct kstatfs *kst)
5301{
5302	kst->f_bsize = le32_to_cpu(response_data->BlockSize);
5303	kst->f_blocks = le64_to_cpu(response_data->TotalBlocks);
5304	kst->f_bfree =  le64_to_cpu(response_data->BlocksAvail);
5305	if (response_data->UserBlocksAvail == cpu_to_le64(-1))
5306		kst->f_bavail = kst->f_bfree;
5307	else
5308		kst->f_bavail = le64_to_cpu(response_data->UserBlocksAvail);
5309	if (response_data->TotalFileNodes != cpu_to_le64(-1))
5310		kst->f_files = le64_to_cpu(response_data->TotalFileNodes);
5311	if (response_data->FreeFileNodes != cpu_to_le64(-1))
5312		kst->f_ffree = le64_to_cpu(response_data->FreeFileNodes);
5313
5314	return;
5315}
5316
5317static int
5318build_qfs_info_req(struct kvec *iov, struct cifs_tcon *tcon,
5319		   struct TCP_Server_Info *server,
5320		   int level, int outbuf_len, u64 persistent_fid,
5321		   u64 volatile_fid)
5322{
5323	int rc;
5324	struct smb2_query_info_req *req;
5325	unsigned int total_len;
5326
5327	cifs_dbg(FYI, "Query FSInfo level %d\n", level);
5328
5329	if ((tcon->ses == NULL) || server == NULL)
5330		return -EIO;
5331
5332	rc = smb2_plain_req_init(SMB2_QUERY_INFO, tcon, server,
5333				 (void **) &req, &total_len);
5334	if (rc)
5335		return rc;
5336
5337	req->InfoType = SMB2_O_INFO_FILESYSTEM;
5338	req->FileInfoClass = level;
5339	req->PersistentFileId = persistent_fid;
5340	req->VolatileFileId = volatile_fid;
5341	/* 1 for pad */
5342	req->InputBufferOffset =
5343			cpu_to_le16(sizeof(struct smb2_query_info_req));
5344	req->OutputBufferLength = cpu_to_le32(
5345		outbuf_len + sizeof(struct smb2_query_info_rsp));
5346
5347	iov->iov_base = (char *)req;
5348	iov->iov_len = total_len;
5349	return 0;
5350}
5351
5352int
5353SMB311_posix_qfs_info(const unsigned int xid, struct cifs_tcon *tcon,
5354	      u64 persistent_fid, u64 volatile_fid, struct kstatfs *fsdata)
5355{
5356	struct smb_rqst rqst;
5357	struct smb2_query_info_rsp *rsp = NULL;
5358	struct kvec iov;
5359	struct kvec rsp_iov;
5360	int rc = 0;
5361	int resp_buftype;
5362	struct cifs_ses *ses = tcon->ses;
5363	struct TCP_Server_Info *server = cifs_pick_channel(ses);
5364	FILE_SYSTEM_POSIX_INFO *info = NULL;
5365	int flags = 0;
5366
5367	rc = build_qfs_info_req(&iov, tcon, server,
5368				FS_POSIX_INFORMATION,
5369				sizeof(FILE_SYSTEM_POSIX_INFO),
5370				persistent_fid, volatile_fid);
5371	if (rc)
5372		return rc;
5373
5374	if (smb3_encryption_required(tcon))
5375		flags |= CIFS_TRANSFORM_REQ;
5376
5377	memset(&rqst, 0, sizeof(struct smb_rqst));
5378	rqst.rq_iov = &iov;
5379	rqst.rq_nvec = 1;
5380
5381	rc = cifs_send_recv(xid, ses, server,
5382			    &rqst, &resp_buftype, flags, &rsp_iov);
5383	cifs_small_buf_release(iov.iov_base);
5384	if (rc) {
5385		cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
5386		goto posix_qfsinf_exit;
5387	}
5388	rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
5389
5390	info = (FILE_SYSTEM_POSIX_INFO *)(
5391		le16_to_cpu(rsp->OutputBufferOffset) + (char *)rsp);
5392	rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset),
5393			       le32_to_cpu(rsp->OutputBufferLength), &rsp_iov,
5394			       sizeof(FILE_SYSTEM_POSIX_INFO));
5395	if (!rc)
5396		copy_posix_fs_info_to_kstatfs(info, fsdata);
5397
5398posix_qfsinf_exit:
5399	free_rsp_buf(resp_buftype, rsp_iov.iov_base);
5400	return rc;
5401}
5402
5403int
5404SMB2_QFS_info(const unsigned int xid, struct cifs_tcon *tcon,
5405	      u64 persistent_fid, u64 volatile_fid, struct kstatfs *fsdata)
5406{
5407	struct smb_rqst rqst;
5408	struct smb2_query_info_rsp *rsp = NULL;
5409	struct kvec iov;
5410	struct kvec rsp_iov;
5411	int rc = 0;
5412	int resp_buftype;
5413	struct cifs_ses *ses = tcon->ses;
5414	struct TCP_Server_Info *server = cifs_pick_channel(ses);
5415	struct smb2_fs_full_size_info *info = NULL;
5416	int flags = 0;
5417
5418	rc = build_qfs_info_req(&iov, tcon, server,
5419				FS_FULL_SIZE_INFORMATION,
5420				sizeof(struct smb2_fs_full_size_info),
5421				persistent_fid, volatile_fid);
5422	if (rc)
5423		return rc;
5424
5425	if (smb3_encryption_required(tcon))
5426		flags |= CIFS_TRANSFORM_REQ;
5427
5428	memset(&rqst, 0, sizeof(struct smb_rqst));
5429	rqst.rq_iov = &iov;
5430	rqst.rq_nvec = 1;
5431
5432	rc = cifs_send_recv(xid, ses, server,
5433			    &rqst, &resp_buftype, flags, &rsp_iov);
5434	cifs_small_buf_release(iov.iov_base);
5435	if (rc) {
5436		cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
5437		goto qfsinf_exit;
5438	}
5439	rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
5440
5441	info = (struct smb2_fs_full_size_info *)(
5442		le16_to_cpu(rsp->OutputBufferOffset) + (char *)rsp);
5443	rc = smb2_validate_iov(le16_to_cpu(rsp->OutputBufferOffset),
5444			       le32_to_cpu(rsp->OutputBufferLength), &rsp_iov,
5445			       sizeof(struct smb2_fs_full_size_info));
5446	if (!rc)
5447		smb2_copy_fs_info_to_kstatfs(info, fsdata);
5448
5449qfsinf_exit:
5450	free_rsp_buf(resp_buftype, rsp_iov.iov_base);
5451	return rc;
5452}
5453
5454int
5455SMB2_QFS_attr(const unsigned int xid, struct cifs_tcon *tcon,
5456	      u64 persistent_fid, u64 volatile_fid, int level)
5457{
5458	struct smb_rqst rqst;
5459	struct smb2_query_info_rsp *rsp = NULL;
5460	struct kvec iov;
5461	struct kvec rsp_iov;
5462	int rc = 0;
5463	int resp_buftype, max_len, min_len;
5464	struct cifs_ses *ses = tcon->ses;
5465	struct TCP_Server_Info *server = cifs_pick_channel(ses);
5466	unsigned int rsp_len, offset;
5467	int flags = 0;
5468
5469	if (level == FS_DEVICE_INFORMATION) {
5470		max_len = sizeof(FILE_SYSTEM_DEVICE_INFO);
5471		min_len = sizeof(FILE_SYSTEM_DEVICE_INFO);
5472	} else if (level == FS_ATTRIBUTE_INFORMATION) {
5473		max_len = sizeof(FILE_SYSTEM_ATTRIBUTE_INFO);
5474		min_len = MIN_FS_ATTR_INFO_SIZE;
5475	} else if (level == FS_SECTOR_SIZE_INFORMATION) {
5476		max_len = sizeof(struct smb3_fs_ss_info);
5477		min_len = sizeof(struct smb3_fs_ss_info);
5478	} else if (level == FS_VOLUME_INFORMATION) {
5479		max_len = sizeof(struct smb3_fs_vol_info) + MAX_VOL_LABEL_LEN;
5480		min_len = sizeof(struct smb3_fs_vol_info);
5481	} else {
5482		cifs_dbg(FYI, "Invalid qfsinfo level %d\n", level);
5483		return -EINVAL;
5484	}
5485
5486	rc = build_qfs_info_req(&iov, tcon, server,
5487				level, max_len,
5488				persistent_fid, volatile_fid);
5489	if (rc)
5490		return rc;
5491
5492	if (smb3_encryption_required(tcon))
5493		flags |= CIFS_TRANSFORM_REQ;
5494
5495	memset(&rqst, 0, sizeof(struct smb_rqst));
5496	rqst.rq_iov = &iov;
5497	rqst.rq_nvec = 1;
5498
5499	rc = cifs_send_recv(xid, ses, server,
5500			    &rqst, &resp_buftype, flags, &rsp_iov);
5501	cifs_small_buf_release(iov.iov_base);
5502	if (rc) {
5503		cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
5504		goto qfsattr_exit;
5505	}
5506	rsp = (struct smb2_query_info_rsp *)rsp_iov.iov_base;
5507
5508	rsp_len = le32_to_cpu(rsp->OutputBufferLength);
5509	offset = le16_to_cpu(rsp->OutputBufferOffset);
5510	rc = smb2_validate_iov(offset, rsp_len, &rsp_iov, min_len);
5511	if (rc)
5512		goto qfsattr_exit;
5513
5514	if (level == FS_ATTRIBUTE_INFORMATION)
5515		memcpy(&tcon->fsAttrInfo, offset
5516			+ (char *)rsp, min_t(unsigned int,
5517			rsp_len, max_len));
5518	else if (level == FS_DEVICE_INFORMATION)
5519		memcpy(&tcon->fsDevInfo, offset
5520			+ (char *)rsp, sizeof(FILE_SYSTEM_DEVICE_INFO));
5521	else if (level == FS_SECTOR_SIZE_INFORMATION) {
5522		struct smb3_fs_ss_info *ss_info = (struct smb3_fs_ss_info *)
5523			(offset + (char *)rsp);
5524		tcon->ss_flags = le32_to_cpu(ss_info->Flags);
5525		tcon->perf_sector_size =
5526			le32_to_cpu(ss_info->PhysicalBytesPerSectorForPerf);
5527	} else if (level == FS_VOLUME_INFORMATION) {
5528		struct smb3_fs_vol_info *vol_info = (struct smb3_fs_vol_info *)
5529			(offset + (char *)rsp);
5530		tcon->vol_serial_number = vol_info->VolumeSerialNumber;
5531		tcon->vol_create_time = vol_info->VolumeCreationTime;
5532	}
5533
5534qfsattr_exit:
5535	free_rsp_buf(resp_buftype, rsp_iov.iov_base);
5536	return rc;
5537}
5538
5539int
5540smb2_lockv(const unsigned int xid, struct cifs_tcon *tcon,
5541	   const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid,
5542	   const __u32 num_lock, struct smb2_lock_element *buf)
5543{
5544	struct smb_rqst rqst;
5545	int rc = 0;
5546	struct smb2_lock_req *req = NULL;
5547	struct kvec iov[2];
5548	struct kvec rsp_iov;
5549	int resp_buf_type;
5550	unsigned int count;
5551	int flags = CIFS_NO_RSP_BUF;
5552	unsigned int total_len;
5553	struct TCP_Server_Info *server = cifs_pick_channel(tcon->ses);
5554
5555	cifs_dbg(FYI, "smb2_lockv num lock %d\n", num_lock);
5556
5557	rc = smb2_plain_req_init(SMB2_LOCK, tcon, server,
5558				 (void **) &req, &total_len);
5559	if (rc)
5560		return rc;
5561
5562	if (smb3_encryption_required(tcon))
5563		flags |= CIFS_TRANSFORM_REQ;
5564
5565	req->hdr.Id.SyncId.ProcessId = cpu_to_le32(pid);
5566	req->LockCount = cpu_to_le16(num_lock);
5567
5568	req->PersistentFileId = persist_fid;
5569	req->VolatileFileId = volatile_fid;
5570
5571	count = num_lock * sizeof(struct smb2_lock_element);
5572
5573	iov[0].iov_base = (char *)req;
5574	iov[0].iov_len = total_len - sizeof(struct smb2_lock_element);
5575	iov[1].iov_base = (char *)buf;
5576	iov[1].iov_len = count;
5577
5578	cifs_stats_inc(&tcon->stats.cifs_stats.num_locks);
5579
5580	memset(&rqst, 0, sizeof(struct smb_rqst));
5581	rqst.rq_iov = iov;
5582	rqst.rq_nvec = 2;
5583
5584	rc = cifs_send_recv(xid, tcon->ses, server,
5585			    &rqst, &resp_buf_type, flags,
5586			    &rsp_iov);
5587	cifs_small_buf_release(req);
5588	if (rc) {
5589		cifs_dbg(FYI, "Send error in smb2_lockv = %d\n", rc);
5590		cifs_stats_fail_inc(tcon, SMB2_LOCK_HE);
5591		trace_smb3_lock_err(xid, persist_fid, tcon->tid,
5592				    tcon->ses->Suid, rc);
5593	}
5594
5595	return rc;
5596}
5597
5598int
5599SMB2_lock(const unsigned int xid, struct cifs_tcon *tcon,
5600	  const __u64 persist_fid, const __u64 volatile_fid, const __u32 pid,
5601	  const __u64 length, const __u64 offset, const __u32 lock_flags,
5602	  const bool wait)
5603{
5604	struct smb2_lock_element lock;
5605
5606	lock.Offset = cpu_to_le64(offset);
5607	lock.Length = cpu_to_le64(length);
5608	lock.Flags = cpu_to_le32(lock_flags);
5609	if (!wait && lock_flags != SMB2_LOCKFLAG_UNLOCK)
5610		lock.Flags |= cpu_to_le32(SMB2_LOCKFLAG_FAIL_IMMEDIATELY);
5611
5612	return smb2_lockv(xid, tcon, persist_fid, volatile_fid, pid, 1, &lock);
5613}
5614
5615int
5616SMB2_lease_break(const unsigned int xid, struct cifs_tcon *tcon,
5617		 __u8 *lease_key, const __le32 lease_state)
5618{
5619	struct smb_rqst rqst;
5620	int rc;
5621	struct smb2_lease_ack *req = NULL;
5622	struct cifs_ses *ses = tcon->ses;
5623	int flags = CIFS_OBREAK_OP;
5624	unsigned int total_len;
5625	struct kvec iov[1];
5626	struct kvec rsp_iov;
5627	int resp_buf_type;
5628	__u64 *please_key_high;
5629	__u64 *please_key_low;
5630	struct TCP_Server_Info *server = cifs_pick_channel(tcon->ses);
5631
5632	cifs_dbg(FYI, "SMB2_lease_break\n");
5633	rc = smb2_plain_req_init(SMB2_OPLOCK_BREAK, tcon, server,
5634				 (void **) &req, &total_len);
5635	if (rc)
5636		return rc;
5637
5638	if (smb3_encryption_required(tcon))
5639		flags |= CIFS_TRANSFORM_REQ;
5640
5641	req->hdr.CreditRequest = cpu_to_le16(1);
5642	req->StructureSize = cpu_to_le16(36);
5643	total_len += 12;
5644
5645	memcpy(req->LeaseKey, lease_key, 16);
5646	req->LeaseState = lease_state;
5647
5648	flags |= CIFS_NO_RSP_BUF;
5649
5650	iov[0].iov_base = (char *)req;
5651	iov[0].iov_len = total_len;
5652
5653	memset(&rqst, 0, sizeof(struct smb_rqst));
5654	rqst.rq_iov = iov;
5655	rqst.rq_nvec = 1;
5656
5657	rc = cifs_send_recv(xid, ses, server,
5658			    &rqst, &resp_buf_type, flags, &rsp_iov);
5659	cifs_small_buf_release(req);
5660
5661	please_key_low = (__u64 *)lease_key;
5662	please_key_high = (__u64 *)(lease_key+8);
5663	if (rc) {
5664		cifs_stats_fail_inc(tcon, SMB2_OPLOCK_BREAK_HE);
5665		trace_smb3_lease_err(le32_to_cpu(lease_state), tcon->tid,
5666			ses->Suid, *please_key_low, *please_key_high, rc);
5667		cifs_dbg(FYI, "Send error in Lease Break = %d\n", rc);
5668	} else
5669		trace_smb3_lease_done(le32_to_cpu(lease_state), tcon->tid,
5670			ses->Suid, *please_key_low, *please_key_high);
5671
5672	return rc;
5673}
Configure Feed

Configure Feed
